cobaltstrike | 1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 20:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
Size

6.0MB
MD5

14686d4becb68745cf99d90d70a73765
SHA1

122e12817aeadf86306313d6a08f03e9b85a4a5a
SHA256

1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8
SHA512

680cb4e735da2a73dbf00eea9fd3054063a8feaffb160199edbfe4e9234c817a2f4467c54ef9d8f228066d4b376f4cd2a4ccf25a1d991e70a589dbbe4cca0511
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUs:T+q56utgpPF8u/7s

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000e000000012261-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019273-8.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000192f0-15.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001933e-23.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019346-32.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019384-37.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193af-41.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41a-53.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-57.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a455-77.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a2-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ac-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a8-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a0-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a497-107.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019234-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48a-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a486-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a478-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-72.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-68.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41c-63.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a325-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2580-0-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x000e000000012261-6.dat	xmrig
behavioral1/files/0x0007000000019273-8.dat	xmrig
behavioral1/files/0x00070000000192f0-15.dat	xmrig
behavioral1/files/0x000600000001933e-23.dat	xmrig
behavioral1/files/0x0006000000019346-32.dat	xmrig
behavioral1/files/0x0006000000019384-37.dat	xmrig
behavioral1/files/0x00070000000193af-41.dat	xmrig
behavioral1/files/0x000500000001a41a-53.dat	xmrig
behavioral1/files/0x000500000001a41b-57.dat	xmrig
behavioral1/files/0x000500000001a455-77.dat	xmrig
behavioral1/files/0x000500000001a4a2-117.dat	xmrig
behavioral1/files/0x000500000001a4b3-143.dat	xmrig
behavioral1/memory/2580-778-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2784-1263-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2056-253-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b7-153.dat	xmrig
behavioral1/files/0x000500000001a4b1-144.dat	xmrig
behavioral1/memory/2680-229-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2640-227-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2808-225-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2440-214-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4af-138.dat	xmrig
behavioral1/files/0x000500000001a4bf-167.dat	xmrig
behavioral1/files/0x000500000001a4b9-162.dat	xmrig
behavioral1/files/0x000500000001a4bb-160.dat	xmrig
behavioral1/memory/2660-223-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2672-221-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2864-219-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2852-217-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c1-170.dat	xmrig
behavioral1/files/0x000500000001a4bd-164.dat	xmrig
behavioral1/files/0x000500000001a4b5-157.dat	xmrig
behavioral1/files/0x000500000001a4aa-127.dat	xmrig
behavioral1/memory/2900-151-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4ac-133.dat	xmrig
behavioral1/files/0x000500000001a4a8-123.dat	xmrig
behavioral1/files/0x000500000001a4a0-113.dat	xmrig
behavioral1/files/0x000500000001a497-107.dat	xmrig
behavioral1/files/0x0008000000019234-97.dat	xmrig
behavioral1/files/0x000500000001a48a-102.dat	xmrig
behavioral1/files/0x000500000001a486-93.dat	xmrig
behavioral1/files/0x000500000001a478-87.dat	xmrig
behavioral1/files/0x000500000001a477-82.dat	xmrig
behavioral1/files/0x000500000001a41e-72.dat	xmrig
behavioral1/files/0x000500000001a41d-68.dat	xmrig
behavioral1/files/0x000500000001a41c-63.dat	xmrig
behavioral1/files/0x000500000001a325-47.dat	xmrig
behavioral1/memory/2784-28-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/1120-22-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/340-21-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/3024-20-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/340-4050-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/1120-4064-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/3024-4065-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2900-4066-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2784-4067-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2852-4068-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2440-4069-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2864-4070-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2672-4071-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2660-4072-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2808-4073-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2640-4074-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

PiFxNYO.exeMZknNUY.exesiAWdBa.exeakyydcP.exedIatHSA.exeslCWldb.exedtdBsKE.exevQbLOKU.exewxCikic.exeHwbzqQi.exeQLOvLIC.exeLPmhKxt.exedTdPdJq.exeTcjXrai.exelVnkYmz.execBkzQgx.exekPWedNf.exehSilEzU.exeiriJbOu.exekuNJAhn.exePPtfpBe.exeNqQYHqZ.exelzSQpnQ.exeVOVKcZP.exebZnkdFw.exeNORYqTM.exeiBAfgwP.exeGvqDzXF.exenGyLKus.exeqAVmKPM.exeVArVZqe.exeyotaOXD.exeedqguBU.exersMSjgq.exePdoatRI.exeJUTTKwW.exeQQKKFGA.exewZpNEnY.exekMEsGpC.exewDxxvCh.exeeDGwgeC.exeDTMXGCg.exeGgMRDBV.exePLzMVzh.exetNqVssM.execjcltfe.exeHggGqxp.exeDCzvyLG.exeAqCSFOu.exeFsHHGXg.exehUHvSWY.exeToGuibR.exeJVlprgL.exerkooiXr.exeuHPvcAE.exeGeJyFSv.exeuDhwFiD.exeIvzOXyD.exeUvtpoWL.exetqRUqtI.exeQxhRiql.exeWEeesIq.exeVBMvbST.exeParSBLX.exe

pid	Process
340	PiFxNYO.exe
1120	MZknNUY.exe
3024	siAWdBa.exe
2784	akyydcP.exe
2900	dIatHSA.exe
2440	slCWldb.exe
2852	dtdBsKE.exe
2864	vQbLOKU.exe
2672	wxCikic.exe
2660	HwbzqQi.exe
2808	QLOvLIC.exe
2640	LPmhKxt.exe
2680	dTdPdJq.exe
2056	TcjXrai.exe
2456	lVnkYmz.exe
1316	cBkzQgx.exe
576	kPWedNf.exe
1092	hSilEzU.exe
3008	iriJbOu.exe
696	kuNJAhn.exe
1328	PPtfpBe.exe
332	NqQYHqZ.exe
2712	lzSQpnQ.exe
2964	VOVKcZP.exe
1880	bZnkdFw.exe
2052	NORYqTM.exe
1160	iBAfgwP.exe
2420	GvqDzXF.exe
2348	nGyLKus.exe
2740	qAVmKPM.exe
1944	VArVZqe.exe
1876	yotaOXD.exe
1724	edqguBU.exe
952	rsMSjgq.exe
900	PdoatRI.exe
2304	JUTTKwW.exe
1864	QQKKFGA.exe
2620	wZpNEnY.exe
2564	kMEsGpC.exe
2552	wDxxvCh.exe
448	eDGwgeC.exe
3060	DTMXGCg.exe
1632	GgMRDBV.exe
2264	PLzMVzh.exe
1828	tNqVssM.exe
1032	cjcltfe.exe
1556	HggGqxp.exe
1824	DCzvyLG.exe
2328	AqCSFOu.exe
2168	FsHHGXg.exe
1252	hUHvSWY.exe
2612	ToGuibR.exe
1732	JVlprgL.exe
2868	rkooiXr.exe
3012	uHPvcAE.exe
2652	GeJyFSv.exe
1712	uDhwFiD.exe
1492	IvzOXyD.exe
2976	UvtpoWL.exe
2824	tqRUqtI.exe
2136	QxhRiql.exe
2088	WEeesIq.exe
1364	VBMvbST.exe
1636	ParSBLX.exe

Loads dropped DLL 64 IoCs

Processes:

1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe

pid	Process
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2580-0-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x000e000000012261-6.dat	upx
behavioral1/files/0x0007000000019273-8.dat	upx
behavioral1/files/0x00070000000192f0-15.dat	upx
behavioral1/files/0x000600000001933e-23.dat	upx
behavioral1/files/0x0006000000019346-32.dat	upx
behavioral1/files/0x0006000000019384-37.dat	upx
behavioral1/files/0x00070000000193af-41.dat	upx
behavioral1/files/0x000500000001a41a-53.dat	upx
behavioral1/files/0x000500000001a41b-57.dat	upx
behavioral1/files/0x000500000001a455-77.dat	upx
behavioral1/files/0x000500000001a4a2-117.dat	upx
behavioral1/files/0x000500000001a4b3-143.dat	upx
behavioral1/memory/2580-778-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2784-1263-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2056-253-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x000500000001a4b7-153.dat	upx
behavioral1/files/0x000500000001a4b1-144.dat	upx
behavioral1/memory/2680-229-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2640-227-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2808-225-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2440-214-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x000500000001a4af-138.dat	upx
behavioral1/files/0x000500000001a4bf-167.dat	upx
behavioral1/files/0x000500000001a4b9-162.dat	upx
behavioral1/files/0x000500000001a4bb-160.dat	upx
behavioral1/memory/2660-223-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2672-221-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2864-219-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2852-217-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x000500000001a4c1-170.dat	upx
behavioral1/files/0x000500000001a4bd-164.dat	upx
behavioral1/files/0x000500000001a4b5-157.dat	upx
behavioral1/files/0x000500000001a4aa-127.dat	upx
behavioral1/memory/2900-151-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x000500000001a4ac-133.dat	upx
behavioral1/files/0x000500000001a4a8-123.dat	upx
behavioral1/files/0x000500000001a4a0-113.dat	upx
behavioral1/files/0x000500000001a497-107.dat	upx
behavioral1/files/0x0008000000019234-97.dat	upx
behavioral1/files/0x000500000001a48a-102.dat	upx
behavioral1/files/0x000500000001a486-93.dat	upx
behavioral1/files/0x000500000001a478-87.dat	upx
behavioral1/files/0x000500000001a477-82.dat	upx
behavioral1/files/0x000500000001a41e-72.dat	upx
behavioral1/files/0x000500000001a41d-68.dat	upx
behavioral1/files/0x000500000001a41c-63.dat	upx
behavioral1/files/0x000500000001a325-47.dat	upx
behavioral1/memory/2784-28-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/1120-22-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/340-21-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/3024-20-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/340-4050-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/1120-4064-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/3024-4065-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2900-4066-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2784-4067-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2852-4068-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2440-4069-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2864-4070-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2672-4071-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2660-4072-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2808-4073-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2640-4074-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe

description	ioc	Process
File created	C:\Windows\System\kxiUCYX.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\hcbvvdw.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\OkFcXko.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\HWxgHeP.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\cBHECxe.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\HUtKxfG.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\JasuAON.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\MPQHXlk.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\jzehbfD.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\FaiGSxt.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\XzpBPrK.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\WzUFbMU.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\dKyotYu.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\pnnQeTi.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\EcVOZQG.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\wMHFggv.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\nBltVeI.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\cSiQCXs.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\tpYWfgW.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\XUjifDj.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\inqXfkq.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\QAFmuJG.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\rcqXNwZ.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\lJYldbf.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\xmuZCMQ.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\ParSBLX.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\mZEufLX.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\AFGfxbI.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\zJmYSSV.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\IkPisYz.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\jYiRyzL.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\DbMoEbJ.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\rwDaTqE.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\TGQDmOa.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\SqQcpdm.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\wqvjvab.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\rPbUeaL.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\gcLWjdm.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\TiQfhip.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\BzGgfiL.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\quSYWrM.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\tCkBxhf.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\myUoKjU.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\vKPyuLL.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\rNcAwKW.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\etiPwvO.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\ewopjsw.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\BDxwYEN.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\QfMAJYt.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\wptkQWn.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\MnxjXeS.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\uNBVuza.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\yKtteUU.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\qtUBpmE.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\UMagRtp.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\JSkiOli.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\pptgdSJ.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\BYJdSzR.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\FddwDOE.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\FmKuSEi.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\csfkdEX.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\bjIRmid.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\beYfqCD.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
File created	C:\Windows\System\kgpChba.exe	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe

description	pid	Process	procid_target
PID 2580 wrote to memory of 340	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	31
PID 2580 wrote to memory of 340	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	31
PID 2580 wrote to memory of 340	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	31
PID 2580 wrote to memory of 3024	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	32
PID 2580 wrote to memory of 3024	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	32
PID 2580 wrote to memory of 3024	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	32
PID 2580 wrote to memory of 1120	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	33
PID 2580 wrote to memory of 1120	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	33
PID 2580 wrote to memory of 1120	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	33
PID 2580 wrote to memory of 2784	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	34
PID 2580 wrote to memory of 2784	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	34
PID 2580 wrote to memory of 2784	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	34
PID 2580 wrote to memory of 2900	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	35
PID 2580 wrote to memory of 2900	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	35
PID 2580 wrote to memory of 2900	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	35
PID 2580 wrote to memory of 2440	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	36
PID 2580 wrote to memory of 2440	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	36
PID 2580 wrote to memory of 2440	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	36
PID 2580 wrote to memory of 2852	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	37
PID 2580 wrote to memory of 2852	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	37
PID 2580 wrote to memory of 2852	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	37
PID 2580 wrote to memory of 2864	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	38
PID 2580 wrote to memory of 2864	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	38
PID 2580 wrote to memory of 2864	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	38
PID 2580 wrote to memory of 2672	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	39
PID 2580 wrote to memory of 2672	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	39
PID 2580 wrote to memory of 2672	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	39
PID 2580 wrote to memory of 2660	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	40
PID 2580 wrote to memory of 2660	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	40
PID 2580 wrote to memory of 2660	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	40
PID 2580 wrote to memory of 2808	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	41
PID 2580 wrote to memory of 2808	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	41
PID 2580 wrote to memory of 2808	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	41
PID 2580 wrote to memory of 2640	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	42
PID 2580 wrote to memory of 2640	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	42
PID 2580 wrote to memory of 2640	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	42
PID 2580 wrote to memory of 2680	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	43
PID 2580 wrote to memory of 2680	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	43
PID 2580 wrote to memory of 2680	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	43
PID 2580 wrote to memory of 2056	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	44
PID 2580 wrote to memory of 2056	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	44
PID 2580 wrote to memory of 2056	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	44
PID 2580 wrote to memory of 2456	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	45
PID 2580 wrote to memory of 2456	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	45
PID 2580 wrote to memory of 2456	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	45
PID 2580 wrote to memory of 1316	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	46
PID 2580 wrote to memory of 1316	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	46
PID 2580 wrote to memory of 1316	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	46
PID 2580 wrote to memory of 576	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	47
PID 2580 wrote to memory of 576	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	47
PID 2580 wrote to memory of 576	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	47
PID 2580 wrote to memory of 1092	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	48
PID 2580 wrote to memory of 1092	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	48
PID 2580 wrote to memory of 1092	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	48
PID 2580 wrote to memory of 3008	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	49
PID 2580 wrote to memory of 3008	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	49
PID 2580 wrote to memory of 3008	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	49
PID 2580 wrote to memory of 696	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	50
PID 2580 wrote to memory of 696	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	50
PID 2580 wrote to memory of 696	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	50
PID 2580 wrote to memory of 1328	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	51
PID 2580 wrote to memory of 1328	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	51
PID 2580 wrote to memory of 1328	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	51
PID 2580 wrote to memory of 332	2580	1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe	52

C:\Users\Admin\AppData\Local\Temp\1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe
"C:\Users\Admin\AppData\Local\Temp\1f89a01cb1578eaf5abd7250c1637083467e2a228ddf188c13bd71335d9653c8.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Windows\System\PiFxNYO.exe
  C:\Windows\System\PiFxNYO.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\siAWdBa.exe
  C:\Windows\System\siAWdBa.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\MZknNUY.exe
  C:\Windows\System\MZknNUY.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\akyydcP.exe
  C:\Windows\System\akyydcP.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\dIatHSA.exe
  C:\Windows\System\dIatHSA.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\slCWldb.exe
  C:\Windows\System\slCWldb.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\dtdBsKE.exe
  C:\Windows\System\dtdBsKE.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\vQbLOKU.exe
  C:\Windows\System\vQbLOKU.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\wxCikic.exe
  C:\Windows\System\wxCikic.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\HwbzqQi.exe
  C:\Windows\System\HwbzqQi.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\QLOvLIC.exe
  C:\Windows\System\QLOvLIC.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\LPmhKxt.exe
  C:\Windows\System\LPmhKxt.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\dTdPdJq.exe
  C:\Windows\System\dTdPdJq.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\TcjXrai.exe
  C:\Windows\System\TcjXrai.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\lVnkYmz.exe
  C:\Windows\System\lVnkYmz.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\cBkzQgx.exe
  C:\Windows\System\cBkzQgx.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\kPWedNf.exe
  C:\Windows\System\kPWedNf.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\hSilEzU.exe
  C:\Windows\System\hSilEzU.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\iriJbOu.exe
  C:\Windows\System\iriJbOu.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\kuNJAhn.exe
  C:\Windows\System\kuNJAhn.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\PPtfpBe.exe
  C:\Windows\System\PPtfpBe.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\NqQYHqZ.exe
  C:\Windows\System\NqQYHqZ.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\lzSQpnQ.exe
  C:\Windows\System\lzSQpnQ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\VOVKcZP.exe
  C:\Windows\System\VOVKcZP.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\bZnkdFw.exe
  C:\Windows\System\bZnkdFw.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\NORYqTM.exe
  C:\Windows\System\NORYqTM.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\iBAfgwP.exe
  C:\Windows\System\iBAfgwP.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\QQKKFGA.exe
  C:\Windows\System\QQKKFGA.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\GvqDzXF.exe
  C:\Windows\System\GvqDzXF.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\wZpNEnY.exe
  C:\Windows\System\wZpNEnY.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\nGyLKus.exe
  C:\Windows\System\nGyLKus.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\eDGwgeC.exe
  C:\Windows\System\eDGwgeC.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\qAVmKPM.exe
  C:\Windows\System\qAVmKPM.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\DTMXGCg.exe
  C:\Windows\System\DTMXGCg.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\VArVZqe.exe
  C:\Windows\System\VArVZqe.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\GgMRDBV.exe
  C:\Windows\System\GgMRDBV.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\yotaOXD.exe
  C:\Windows\System\yotaOXD.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\PLzMVzh.exe
  C:\Windows\System\PLzMVzh.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\edqguBU.exe
  C:\Windows\System\edqguBU.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\tNqVssM.exe
  C:\Windows\System\tNqVssM.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\rsMSjgq.exe
  C:\Windows\System\rsMSjgq.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\cjcltfe.exe
  C:\Windows\System\cjcltfe.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\PdoatRI.exe
  C:\Windows\System\PdoatRI.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\HggGqxp.exe
  C:\Windows\System\HggGqxp.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\JUTTKwW.exe
  C:\Windows\System\JUTTKwW.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\DCzvyLG.exe
  C:\Windows\System\DCzvyLG.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\kMEsGpC.exe
  C:\Windows\System\kMEsGpC.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\AqCSFOu.exe
  C:\Windows\System\AqCSFOu.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\wDxxvCh.exe
  C:\Windows\System\wDxxvCh.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\FsHHGXg.exe
  C:\Windows\System\FsHHGXg.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\hUHvSWY.exe
  C:\Windows\System\hUHvSWY.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\WEeesIq.exe
  C:\Windows\System\WEeesIq.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\ToGuibR.exe
  C:\Windows\System\ToGuibR.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\xyDnseQ.exe
  C:\Windows\System\xyDnseQ.exe
  2⤵
  PID:1612
- C:\Windows\System\JVlprgL.exe
  C:\Windows\System\JVlprgL.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\VbopTjr.exe
  C:\Windows\System\VbopTjr.exe
  2⤵
  PID:2016
- C:\Windows\System\rkooiXr.exe
  C:\Windows\System\rkooiXr.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\rJuTKYO.exe
  C:\Windows\System\rJuTKYO.exe
  2⤵
  PID:2776
- C:\Windows\System\uHPvcAE.exe
  C:\Windows\System\uHPvcAE.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\NFLjmKO.exe
  C:\Windows\System\NFLjmKO.exe
  2⤵
  PID:2692
- C:\Windows\System\GeJyFSv.exe
  C:\Windows\System\GeJyFSv.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\PZpbehn.exe
  C:\Windows\System\PZpbehn.exe
  2⤵
  PID:1728
- C:\Windows\System\uDhwFiD.exe
  C:\Windows\System\uDhwFiD.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\iIyZHnb.exe
  C:\Windows\System\iIyZHnb.exe
  2⤵
  PID:1164
- C:\Windows\System\IvzOXyD.exe
  C:\Windows\System\IvzOXyD.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\NPykaoc.exe
  C:\Windows\System\NPykaoc.exe
  2⤵
  PID:980
- C:\Windows\System\UvtpoWL.exe
  C:\Windows\System\UvtpoWL.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\EsQzYhB.exe
  C:\Windows\System\EsQzYhB.exe
  2⤵
  PID:2940
- C:\Windows\System\tqRUqtI.exe
  C:\Windows\System\tqRUqtI.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\QJBEsdu.exe
  C:\Windows\System\QJBEsdu.exe
  2⤵
  PID:264
- C:\Windows\System\QxhRiql.exe
  C:\Windows\System\QxhRiql.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\UjVakhx.exe
  C:\Windows\System\UjVakhx.exe
  2⤵
  PID:2072
- C:\Windows\System\VBMvbST.exe
  C:\Windows\System\VBMvbST.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\lDjKcMR.exe
  C:\Windows\System\lDjKcMR.exe
  2⤵
  PID:588
- C:\Windows\System\ParSBLX.exe
  C:\Windows\System\ParSBLX.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\gIOZYMf.exe
  C:\Windows\System\gIOZYMf.exe
  2⤵
  PID:880
- C:\Windows\System\vdYZaBM.exe
  C:\Windows\System\vdYZaBM.exe
  2⤵
  PID:2980
- C:\Windows\System\KiJApMy.exe
  C:\Windows\System\KiJApMy.exe
  2⤵
  PID:2252
- C:\Windows\System\nBltVeI.exe
  C:\Windows\System\nBltVeI.exe
  2⤵
  PID:3056
- C:\Windows\System\NjwMeKC.exe
  C:\Windows\System\NjwMeKC.exe
  2⤵
  PID:344
- C:\Windows\System\kKTwDgn.exe
  C:\Windows\System\kKTwDgn.exe
  2⤵
  PID:1744
- C:\Windows\System\WkzBtAd.exe
  C:\Windows\System\WkzBtAd.exe
  2⤵
  PID:760
- C:\Windows\System\ZLgcJGD.exe
  C:\Windows\System\ZLgcJGD.exe
  2⤵
  PID:1704
- C:\Windows\System\smEAJQi.exe
  C:\Windows\System\smEAJQi.exe
  2⤵
  PID:2608
- C:\Windows\System\CZiLrXQ.exe
  C:\Windows\System\CZiLrXQ.exe
  2⤵
  PID:2156
- C:\Windows\System\oouPhPn.exe
  C:\Windows\System\oouPhPn.exe
  2⤵
  PID:1168
- C:\Windows\System\BhaFElJ.exe
  C:\Windows\System\BhaFElJ.exe
  2⤵
  PID:2124
- C:\Windows\System\LdifePk.exe
  C:\Windows\System\LdifePk.exe
  2⤵
  PID:2176
- C:\Windows\System\tvNeRyH.exe
  C:\Windows\System\tvNeRyH.exe
  2⤵
  PID:304
- C:\Windows\System\zaJOguH.exe
  C:\Windows\System\zaJOguH.exe
  2⤵
  PID:1788
- C:\Windows\System\GqRKvLg.exe
  C:\Windows\System\GqRKvLg.exe
  2⤵
  PID:2216
- C:\Windows\System\xdufoGq.exe
  C:\Windows\System\xdufoGq.exe
  2⤵
  PID:2240
- C:\Windows\System\IOgUoNN.exe
  C:\Windows\System\IOgUoNN.exe
  2⤵
  PID:2992
- C:\Windows\System\AGCbbCk.exe
  C:\Windows\System\AGCbbCk.exe
  2⤵
  PID:800
- C:\Windows\System\QAvBjvw.exe
  C:\Windows\System\QAvBjvw.exe
  2⤵
  PID:2520
- C:\Windows\System\LEbeNRy.exe
  C:\Windows\System\LEbeNRy.exe
  2⤵
  PID:2412
- C:\Windows\System\QvjKKcl.exe
  C:\Windows\System\QvjKKcl.exe
  2⤵
  PID:2164
- C:\Windows\System\CrabxgT.exe
  C:\Windows\System\CrabxgT.exe
  2⤵
  PID:2912
- C:\Windows\System\nEUfroa.exe
  C:\Windows\System\nEUfroa.exe
  2⤵
  PID:1680
- C:\Windows\System\ZBKMIZf.exe
  C:\Windows\System\ZBKMIZf.exe
  2⤵
  PID:2284
- C:\Windows\System\LzSKCcS.exe
  C:\Windows\System\LzSKCcS.exe
  2⤵
  PID:1100
- C:\Windows\System\XFJIZXQ.exe
  C:\Windows\System\XFJIZXQ.exe
  2⤵
  PID:1628
- C:\Windows\System\MgcsUuX.exe
  C:\Windows\System\MgcsUuX.exe
  2⤵
  PID:1792
- C:\Windows\System\AyIStST.exe
  C:\Windows\System\AyIStST.exe
  2⤵
  PID:784
- C:\Windows\System\PoUzeIb.exe
  C:\Windows\System\PoUzeIb.exe
  2⤵
  PID:3004
- C:\Windows\System\tTqhfcT.exe
  C:\Windows\System\tTqhfcT.exe
  2⤵
  PID:1984
- C:\Windows\System\ZNjGcuM.exe
  C:\Windows\System\ZNjGcuM.exe
  2⤵
  PID:2836
- C:\Windows\System\CxBGHoF.exe
  C:\Windows\System\CxBGHoF.exe
  2⤵
  PID:2044
- C:\Windows\System\AayERDE.exe
  C:\Windows\System\AayERDE.exe
  2⤵
  PID:1956
- C:\Windows\System\dgOQohZ.exe
  C:\Windows\System\dgOQohZ.exe
  2⤵
  PID:2448
- C:\Windows\System\SNusVRf.exe
  C:\Windows\System\SNusVRf.exe
  2⤵
  PID:1800
- C:\Windows\System\GtktolO.exe
  C:\Windows\System\GtktolO.exe
  2⤵
  PID:1140
- C:\Windows\System\RUtEDfe.exe
  C:\Windows\System\RUtEDfe.exe
  2⤵
  PID:3084
- C:\Windows\System\woozhYP.exe
  C:\Windows\System\woozhYP.exe
  2⤵
  PID:3100
- C:\Windows\System\pXRtixu.exe
  C:\Windows\System\pXRtixu.exe
  2⤵
  PID:3368
- C:\Windows\System\aadPrGy.exe
  C:\Windows\System\aadPrGy.exe
  2⤵
  PID:3388
- C:\Windows\System\eaWDxlD.exe
  C:\Windows\System\eaWDxlD.exe
  2⤵
  PID:3408
- C:\Windows\System\kyYLUmK.exe
  C:\Windows\System\kyYLUmK.exe
  2⤵
  PID:3424
- C:\Windows\System\MXuOGbC.exe
  C:\Windows\System\MXuOGbC.exe
  2⤵
  PID:3444
- C:\Windows\System\IRaOQcx.exe
  C:\Windows\System\IRaOQcx.exe
  2⤵
  PID:3460
- C:\Windows\System\IbvSlQF.exe
  C:\Windows\System\IbvSlQF.exe
  2⤵
  PID:3484
- C:\Windows\System\xmdiRhV.exe
  C:\Windows\System\xmdiRhV.exe
  2⤵
  PID:3500
- C:\Windows\System\eIufkpB.exe
  C:\Windows\System\eIufkpB.exe
  2⤵
  PID:3524
- C:\Windows\System\FSckZSS.exe
  C:\Windows\System\FSckZSS.exe
  2⤵
  PID:3548
- C:\Windows\System\ezjVVIc.exe
  C:\Windows\System\ezjVVIc.exe
  2⤵
  PID:3564
- C:\Windows\System\NaMFJxy.exe
  C:\Windows\System\NaMFJxy.exe
  2⤵
  PID:3580
- C:\Windows\System\YmWYkSM.exe
  C:\Windows\System\YmWYkSM.exe
  2⤵
  PID:3596
- C:\Windows\System\quWQdzD.exe
  C:\Windows\System\quWQdzD.exe
  2⤵
  PID:3612
- C:\Windows\System\GIksFZx.exe
  C:\Windows\System\GIksFZx.exe
  2⤵
  PID:3628
- C:\Windows\System\aBwIISY.exe
  C:\Windows\System\aBwIISY.exe
  2⤵
  PID:3648
- C:\Windows\System\VSyOhMQ.exe
  C:\Windows\System\VSyOhMQ.exe
  2⤵
  PID:3668
- C:\Windows\System\ZndgLHr.exe
  C:\Windows\System\ZndgLHr.exe
  2⤵
  PID:3692
- C:\Windows\System\aCFUnge.exe
  C:\Windows\System\aCFUnge.exe
  2⤵
  PID:3712
- C:\Windows\System\FVrbyfx.exe
  C:\Windows\System\FVrbyfx.exe
  2⤵
  PID:3728
- C:\Windows\System\NXYNIYu.exe
  C:\Windows\System\NXYNIYu.exe
  2⤵
  PID:3744
- C:\Windows\System\NHbiXjt.exe
  C:\Windows\System\NHbiXjt.exe
  2⤵
  PID:3760
- C:\Windows\System\oUuEVrT.exe
  C:\Windows\System\oUuEVrT.exe
  2⤵
  PID:3776
- C:\Windows\System\CToeizJ.exe
  C:\Windows\System\CToeizJ.exe
  2⤵
  PID:3792
- C:\Windows\System\OHIfJNT.exe
  C:\Windows\System\OHIfJNT.exe
  2⤵
  PID:3812
- C:\Windows\System\OtEZNMF.exe
  C:\Windows\System\OtEZNMF.exe
  2⤵
  PID:3836
- C:\Windows\System\BJKtoTb.exe
  C:\Windows\System\BJKtoTb.exe
  2⤵
  PID:3852
- C:\Windows\System\jYiRyzL.exe
  C:\Windows\System\jYiRyzL.exe
  2⤵
  PID:3868
- C:\Windows\System\iUmbiwK.exe
  C:\Windows\System\iUmbiwK.exe
  2⤵
  PID:3884
- C:\Windows\System\TGQDmOa.exe
  C:\Windows\System\TGQDmOa.exe
  2⤵
  PID:3900
- C:\Windows\System\awrJRDg.exe
  C:\Windows\System\awrJRDg.exe
  2⤵
  PID:3916
- C:\Windows\System\COxwvdR.exe
  C:\Windows\System\COxwvdR.exe
  2⤵
  PID:3932
- C:\Windows\System\DcjBMEW.exe
  C:\Windows\System\DcjBMEW.exe
  2⤵
  PID:3948
- C:\Windows\System\xIRXCJZ.exe
  C:\Windows\System\xIRXCJZ.exe
  2⤵
  PID:3964
- C:\Windows\System\aQUdInl.exe
  C:\Windows\System\aQUdInl.exe
  2⤵
  PID:3980
- C:\Windows\System\xmeVDWd.exe
  C:\Windows\System\xmeVDWd.exe
  2⤵
  PID:3996
- C:\Windows\System\uGNWDUm.exe
  C:\Windows\System\uGNWDUm.exe
  2⤵
  PID:4012
- C:\Windows\System\YNzGKAc.exe
  C:\Windows\System\YNzGKAc.exe
  2⤵
  PID:4028
- C:\Windows\System\opOtEUT.exe
  C:\Windows\System\opOtEUT.exe
  2⤵
  PID:4044
- C:\Windows\System\ZsyjVRU.exe
  C:\Windows\System\ZsyjVRU.exe
  2⤵
  PID:4060
- C:\Windows\System\ebuqsBR.exe
  C:\Windows\System\ebuqsBR.exe
  2⤵
  PID:4076
- C:\Windows\System\cwMMujY.exe
  C:\Windows\System\cwMMujY.exe
  2⤵
  PID:4092
- C:\Windows\System\FeaybiE.exe
  C:\Windows\System\FeaybiE.exe
  2⤵
  PID:2064
- C:\Windows\System\ZKXiZuN.exe
  C:\Windows\System\ZKXiZuN.exe
  2⤵
  PID:1284
- C:\Windows\System\GFiHQMh.exe
  C:\Windows\System\GFiHQMh.exe
  2⤵
  PID:2508
- C:\Windows\System\nTdnYzV.exe
  C:\Windows\System\nTdnYzV.exe
  2⤵
  PID:3140
- C:\Windows\System\HdjNexP.exe
  C:\Windows\System\HdjNexP.exe
  2⤵
  PID:3156
- C:\Windows\System\AwxWCpU.exe
  C:\Windows\System\AwxWCpU.exe
  2⤵
  PID:3180
- C:\Windows\System\FaiGSxt.exe
  C:\Windows\System\FaiGSxt.exe
  2⤵
  PID:3196
- C:\Windows\System\OFyLJxO.exe
  C:\Windows\System\OFyLJxO.exe
  2⤵
  PID:3216
- C:\Windows\System\znRkvlk.exe
  C:\Windows\System\znRkvlk.exe
  2⤵
  PID:3236
- C:\Windows\System\dHexNDw.exe
  C:\Windows\System\dHexNDw.exe
  2⤵
  PID:3252
- C:\Windows\System\vmgMKMW.exe
  C:\Windows\System\vmgMKMW.exe
  2⤵
  PID:3276
- C:\Windows\System\vwSefMI.exe
  C:\Windows\System\vwSefMI.exe
  2⤵
  PID:3292
- C:\Windows\System\dayRAKx.exe
  C:\Windows\System\dayRAKx.exe
  2⤵
  PID:3312
- C:\Windows\System\SExvaMr.exe
  C:\Windows\System\SExvaMr.exe
  2⤵
  PID:3328
- C:\Windows\System\QSGsEFL.exe
  C:\Windows\System\QSGsEFL.exe
  2⤵
  PID:3352
- C:\Windows\System\XqFaNRy.exe
  C:\Windows\System\XqFaNRy.exe
  2⤵
  PID:3420
- C:\Windows\System\owZTSJV.exe
  C:\Windows\System\owZTSJV.exe
  2⤵
  PID:3456
- C:\Windows\System\EZMSlNk.exe
  C:\Windows\System\EZMSlNk.exe
  2⤵
  PID:3540
- C:\Windows\System\SKuoEpR.exe
  C:\Windows\System\SKuoEpR.exe
  2⤵
  PID:3400
- C:\Windows\System\zIWpYPO.exe
  C:\Windows\System\zIWpYPO.exe
  2⤵
  PID:3676
- C:\Windows\System\QfAsbpT.exe
  C:\Windows\System\QfAsbpT.exe
  2⤵
  PID:3720
- C:\Windows\System\CCCgadU.exe
  C:\Windows\System\CCCgadU.exe
  2⤵
  PID:3756
- C:\Windows\System\WPkNUnT.exe
  C:\Windows\System\WPkNUnT.exe
  2⤵
  PID:3476
- C:\Windows\System\pytUmhF.exe
  C:\Windows\System\pytUmhF.exe
  2⤵
  PID:3828
- C:\Windows\System\leiCmXj.exe
  C:\Windows\System\leiCmXj.exe
  2⤵
  PID:3824
- C:\Windows\System\aNrgTPV.exe
  C:\Windows\System\aNrgTPV.exe
  2⤵
  PID:3740
- C:\Windows\System\LUaPJOi.exe
  C:\Windows\System\LUaPJOi.exe
  2⤵
  PID:3808
- C:\Windows\System\nQDYuZy.exe
  C:\Windows\System\nQDYuZy.exe
  2⤵
  PID:3736
- C:\Windows\System\CktZBXL.exe
  C:\Windows\System\CktZBXL.exe
  2⤵
  PID:3656
- C:\Windows\System\nIEsKxp.exe
  C:\Windows\System\nIEsKxp.exe
  2⤵
  PID:3848
- C:\Windows\System\FPiwBNE.exe
  C:\Windows\System\FPiwBNE.exe
  2⤵
  PID:3924
- C:\Windows\System\upnVbwu.exe
  C:\Windows\System\upnVbwu.exe
  2⤵
  PID:3960
- C:\Windows\System\xWhnCEh.exe
  C:\Windows\System\xWhnCEh.exe
  2⤵
  PID:4024
- C:\Windows\System\leeAvqV.exe
  C:\Windows\System\leeAvqV.exe
  2⤵
  PID:4088
- C:\Windows\System\btEQruJ.exe
  C:\Windows\System\btEQruJ.exe
  2⤵
  PID:556
- C:\Windows\System\WhKOdjJ.exe
  C:\Windows\System\WhKOdjJ.exe
  2⤵
  PID:2888
- C:\Windows\System\rvsWGpD.exe
  C:\Windows\System\rvsWGpD.exe
  2⤵
  PID:1692
- C:\Windows\System\mZEufLX.exe
  C:\Windows\System\mZEufLX.exe
  2⤵
  PID:2524
- C:\Windows\System\taMAjhQ.exe
  C:\Windows\System\taMAjhQ.exe
  2⤵
  PID:3116
- C:\Windows\System\uNBVuza.exe
  C:\Windows\System\uNBVuza.exe
  2⤵
  PID:2480
- C:\Windows\System\GeKnNCI.exe
  C:\Windows\System\GeKnNCI.exe
  2⤵
  PID:4004
- C:\Windows\System\wYbWXzB.exe
  C:\Windows\System\wYbWXzB.exe
  2⤵
  PID:4040
- C:\Windows\System\DpxhOng.exe
  C:\Windows\System\DpxhOng.exe
  2⤵
  PID:3136
- C:\Windows\System\esClkwU.exe
  C:\Windows\System\esClkwU.exe
  2⤵
  PID:3092
- C:\Windows\System\VHVWvRf.exe
  C:\Windows\System\VHVWvRf.exe
  2⤵
  PID:3168
- C:\Windows\System\zcGxDhB.exe
  C:\Windows\System\zcGxDhB.exe
  2⤵
  PID:3244
- C:\Windows\System\QYiyOGx.exe
  C:\Windows\System\QYiyOGx.exe
  2⤵
  PID:3320
- C:\Windows\System\yKtteUU.exe
  C:\Windows\System\yKtteUU.exe
  2⤵
  PID:3384
- C:\Windows\System\eSqbMIR.exe
  C:\Windows\System\eSqbMIR.exe
  2⤵
  PID:3532
- C:\Windows\System\hENOAbU.exe
  C:\Windows\System\hENOAbU.exe
  2⤵
  PID:3636
- C:\Windows\System\WjRtnTo.exe
  C:\Windows\System\WjRtnTo.exe
  2⤵
  PID:3228
- C:\Windows\System\cfUBLqF.exe
  C:\Windows\System\cfUBLqF.exe
  2⤵
  PID:3268
- C:\Windows\System\OJBzCfd.exe
  C:\Windows\System\OJBzCfd.exe
  2⤵
  PID:3560
- C:\Windows\System\qmXEzkc.exe
  C:\Windows\System\qmXEzkc.exe
  2⤵
  PID:3660
- C:\Windows\System\RHeYpiY.exe
  C:\Windows\System\RHeYpiY.exe
  2⤵
  PID:3620
- C:\Windows\System\lyVGjCq.exe
  C:\Windows\System\lyVGjCq.exe
  2⤵
  PID:4056
- C:\Windows\System\dQfyZTB.exe
  C:\Windows\System\dQfyZTB.exe
  2⤵
  PID:3028
- C:\Windows\System\DrhUMxV.exe
  C:\Windows\System\DrhUMxV.exe
  2⤵
  PID:3300
- C:\Windows\System\AjmQCAg.exe
  C:\Windows\System\AjmQCAg.exe
  2⤵
  PID:3344
- C:\Windows\System\RipXzDG.exe
  C:\Windows\System\RipXzDG.exe
  2⤵
  PID:3688
- C:\Windows\System\lmZfrUo.exe
  C:\Windows\System\lmZfrUo.exe
  2⤵
  PID:3440
- C:\Windows\System\zeEZfnM.exe
  C:\Windows\System\zeEZfnM.exe
  2⤵
  PID:3572
- C:\Windows\System\BKkRrvY.exe
  C:\Windows\System\BKkRrvY.exe
  2⤵
  PID:3208
- C:\Windows\System\AvtloJv.exe
  C:\Windows\System\AvtloJv.exe
  2⤵
  PID:3192
- C:\Windows\System\GrQfbyG.exe
  C:\Windows\System\GrQfbyG.exe
  2⤵
  PID:3576
- C:\Windows\System\LqCoDjC.exe
  C:\Windows\System\LqCoDjC.exe
  2⤵
  PID:3264
- C:\Windows\System\HhcxkIi.exe
  C:\Windows\System\HhcxkIi.exe
  2⤵
  PID:3876
- C:\Windows\System\bKgeJEK.exe
  C:\Windows\System\bKgeJEK.exe
  2⤵
  PID:3520
- C:\Windows\System\wOmBtQV.exe
  C:\Windows\System\wOmBtQV.exe
  2⤵
  PID:3908
- C:\Windows\System\yusLkOh.exe
  C:\Windows\System\yusLkOh.exe
  2⤵
  PID:3772
- C:\Windows\System\rNcAwKW.exe
  C:\Windows\System\rNcAwKW.exe
  2⤵
  PID:2184
- C:\Windows\System\lZxmZLp.exe
  C:\Windows\System\lZxmZLp.exe
  2⤵
  PID:3912
- C:\Windows\System\uAwHKEx.exe
  C:\Windows\System\uAwHKEx.exe
  2⤵
  PID:4072
- C:\Windows\System\FXmuElY.exe
  C:\Windows\System\FXmuElY.exe
  2⤵
  PID:3176
- C:\Windows\System\gnLAYwr.exe
  C:\Windows\System\gnLAYwr.exe
  2⤵
  PID:3148
- C:\Windows\System\OkFcXko.exe
  C:\Windows\System\OkFcXko.exe
  2⤵
  PID:3404
- C:\Windows\System\FInGKAk.exe
  C:\Windows\System\FInGKAk.exe
  2⤵
  PID:856
- C:\Windows\System\jRRbgUe.exe
  C:\Windows\System\jRRbgUe.exe
  2⤵
  PID:2656
- C:\Windows\System\CcfUmgl.exe
  C:\Windows\System\CcfUmgl.exe
  2⤵
  PID:3896
- C:\Windows\System\WVLKRyn.exe
  C:\Windows\System\WVLKRyn.exe
  2⤵
  PID:3380
- C:\Windows\System\HoxhRCh.exe
  C:\Windows\System\HoxhRCh.exe
  2⤵
  PID:4132
- C:\Windows\System\phNbadc.exe
  C:\Windows\System\phNbadc.exe
  2⤵
  PID:4292
- C:\Windows\System\HWxgHeP.exe
  C:\Windows\System\HWxgHeP.exe
  2⤵
  PID:4312
- C:\Windows\System\cdlLigk.exe
  C:\Windows\System\cdlLigk.exe
  2⤵
  PID:4332
- C:\Windows\System\cSiQCXs.exe
  C:\Windows\System\cSiQCXs.exe
  2⤵
  PID:4348
- C:\Windows\System\skdEBoc.exe
  C:\Windows\System\skdEBoc.exe
  2⤵
  PID:4364
- C:\Windows\System\lQkvYQu.exe
  C:\Windows\System\lQkvYQu.exe
  2⤵
  PID:4384
- C:\Windows\System\xZthMFO.exe
  C:\Windows\System\xZthMFO.exe
  2⤵
  PID:4404
- C:\Windows\System\oyzHNRz.exe
  C:\Windows\System\oyzHNRz.exe
  2⤵
  PID:4424
- C:\Windows\System\tMaxaJx.exe
  C:\Windows\System\tMaxaJx.exe
  2⤵
  PID:4440
- C:\Windows\System\VowcvHm.exe
  C:\Windows\System\VowcvHm.exe
  2⤵
  PID:4456
- C:\Windows\System\izeAjUp.exe
  C:\Windows\System\izeAjUp.exe
  2⤵
  PID:4472
- C:\Windows\System\etiPwvO.exe
  C:\Windows\System\etiPwvO.exe
  2⤵
  PID:4488
- C:\Windows\System\lPwjNNB.exe
  C:\Windows\System\lPwjNNB.exe
  2⤵
  PID:4504
- C:\Windows\System\dCacVjn.exe
  C:\Windows\System\dCacVjn.exe
  2⤵
  PID:4524
- C:\Windows\System\JDFqUbc.exe
  C:\Windows\System\JDFqUbc.exe
  2⤵
  PID:4560
- C:\Windows\System\UWobFoI.exe
  C:\Windows\System\UWobFoI.exe
  2⤵
  PID:4592
- C:\Windows\System\nNWadsZ.exe
  C:\Windows\System\nNWadsZ.exe
  2⤵
  PID:4608
- C:\Windows\System\wvGYhsq.exe
  C:\Windows\System\wvGYhsq.exe
  2⤵
  PID:4628
- C:\Windows\System\udzuDWN.exe
  C:\Windows\System\udzuDWN.exe
  2⤵
  PID:4648
- C:\Windows\System\VuGjPKB.exe
  C:\Windows\System\VuGjPKB.exe
  2⤵
  PID:4668
- C:\Windows\System\dhrWwXR.exe
  C:\Windows\System\dhrWwXR.exe
  2⤵
  PID:4684
- C:\Windows\System\ZHChAJL.exe
  C:\Windows\System\ZHChAJL.exe
  2⤵
  PID:4708
- C:\Windows\System\GaHyoDm.exe
  C:\Windows\System\GaHyoDm.exe
  2⤵
  PID:4724
- C:\Windows\System\BYTQVrD.exe
  C:\Windows\System\BYTQVrD.exe
  2⤵
  PID:4744
- C:\Windows\System\QviccbK.exe
  C:\Windows\System\QviccbK.exe
  2⤵
  PID:4760
- C:\Windows\System\nWhVwnq.exe
  C:\Windows\System\nWhVwnq.exe
  2⤵
  PID:4776
- C:\Windows\System\DWJKSMF.exe
  C:\Windows\System\DWJKSMF.exe
  2⤵
  PID:4792
- C:\Windows\System\cYPLNYg.exe
  C:\Windows\System\cYPLNYg.exe
  2⤵
  PID:4808
- C:\Windows\System\XrIbBqf.exe
  C:\Windows\System\XrIbBqf.exe
  2⤵
  PID:4824
- C:\Windows\System\inMbsLa.exe
  C:\Windows\System\inMbsLa.exe
  2⤵
  PID:4840
- C:\Windows\System\DlRxaKL.exe
  C:\Windows\System\DlRxaKL.exe
  2⤵
  PID:4860
- C:\Windows\System\GdOotRq.exe
  C:\Windows\System\GdOotRq.exe
  2⤵
  PID:4876
- C:\Windows\System\NkfoAgu.exe
  C:\Windows\System\NkfoAgu.exe
  2⤵
  PID:4904
- C:\Windows\System\xIsrLzD.exe
  C:\Windows\System\xIsrLzD.exe
  2⤵
  PID:4920
- C:\Windows\System\ZcGAiFi.exe
  C:\Windows\System\ZcGAiFi.exe
  2⤵
  PID:4936
- C:\Windows\System\bKKtXVv.exe
  C:\Windows\System\bKKtXVv.exe
  2⤵
  PID:4952
- C:\Windows\System\efyjwTB.exe
  C:\Windows\System\efyjwTB.exe
  2⤵
  PID:4968
- C:\Windows\System\TqOlsiw.exe
  C:\Windows\System\TqOlsiw.exe
  2⤵
  PID:4988
- C:\Windows\System\KvkNLte.exe
  C:\Windows\System\KvkNLte.exe
  2⤵
  PID:5004
- C:\Windows\System\PFfkUhk.exe
  C:\Windows\System\PFfkUhk.exe
  2⤵
  PID:5020
- C:\Windows\System\njijBah.exe
  C:\Windows\System\njijBah.exe
  2⤵
  PID:5036
- C:\Windows\System\hGtxBCr.exe
  C:\Windows\System\hGtxBCr.exe
  2⤵
  PID:5052
- C:\Windows\System\FckHeKH.exe
  C:\Windows\System\FckHeKH.exe
  2⤵
  PID:5068
- C:\Windows\System\UbLCygh.exe
  C:\Windows\System\UbLCygh.exe
  2⤵
  PID:5088
- C:\Windows\System\gOmCOYn.exe
  C:\Windows\System\gOmCOYn.exe
  2⤵
  PID:2588
- C:\Windows\System\UCLOHLZ.exe
  C:\Windows\System\UCLOHLZ.exe
  2⤵
  PID:3224
- C:\Windows\System\OhonpJz.exe
  C:\Windows\System\OhonpJz.exe
  2⤵
  PID:2392
- C:\Windows\System\TyHexGH.exe
  C:\Windows\System\TyHexGH.exe
  2⤵
  PID:4148
- C:\Windows\System\YMPXxeN.exe
  C:\Windows\System\YMPXxeN.exe
  2⤵
  PID:4160
- C:\Windows\System\wJZLdgo.exe
  C:\Windows\System\wJZLdgo.exe
  2⤵
  PID:3108
- C:\Windows\System\fbYHnhm.exe
  C:\Windows\System\fbYHnhm.exe
  2⤵
  PID:4172
- C:\Windows\System\bbQpgEk.exe
  C:\Windows\System\bbQpgEk.exe
  2⤵
  PID:3436
- C:\Windows\System\HZFmkFb.exe
  C:\Windows\System\HZFmkFb.exe
  2⤵
  PID:2916
- C:\Windows\System\xJfIjVj.exe
  C:\Windows\System\xJfIjVj.exe
  2⤵
  PID:3496
- C:\Windows\System\xEqVSLV.exe
  C:\Windows\System\xEqVSLV.exe
  2⤵
  PID:3992
- C:\Windows\System\SDbpHms.exe
  C:\Windows\System\SDbpHms.exe
  2⤵
  PID:4104
- C:\Windows\System\qjQaDIF.exe
  C:\Windows\System\qjQaDIF.exe
  2⤵
  PID:4124
- C:\Windows\System\LQUFBNH.exe
  C:\Windows\System\LQUFBNH.exe
  2⤵
  PID:4192
- C:\Windows\System\wUhQUwW.exe
  C:\Windows\System\wUhQUwW.exe
  2⤵
  PID:4208
- C:\Windows\System\eFLEwID.exe
  C:\Windows\System\eFLEwID.exe
  2⤵
  PID:4224
- C:\Windows\System\HEKpHTM.exe
  C:\Windows\System\HEKpHTM.exe
  2⤵
  PID:4240
- C:\Windows\System\oInvhel.exe
  C:\Windows\System\oInvhel.exe
  2⤵
  PID:4256
- C:\Windows\System\WwsmaNJ.exe
  C:\Windows\System\WwsmaNJ.exe
  2⤵
  PID:4272
- C:\Windows\System\FJtkpST.exe
  C:\Windows\System\FJtkpST.exe
  2⤵
  PID:4284
- C:\Windows\System\cdopTvU.exe
  C:\Windows\System\cdopTvU.exe
  2⤵
  PID:4324
- C:\Windows\System\qhqwpxb.exe
  C:\Windows\System\qhqwpxb.exe
  2⤵
  PID:4396
- C:\Windows\System\tHFMOMk.exe
  C:\Windows\System\tHFMOMk.exe
  2⤵
  PID:4308
- C:\Windows\System\PwWXZwa.exe
  C:\Windows\System\PwWXZwa.exe
  2⤵
  PID:4468
- C:\Windows\System\lTEhVeb.exe
  C:\Windows\System\lTEhVeb.exe
  2⤵
  PID:2920
- C:\Windows\System\ViMzGss.exe
  C:\Windows\System\ViMzGss.exe
  2⤵
  PID:4544
- C:\Windows\System\noPuOvX.exe
  C:\Windows\System\noPuOvX.exe
  2⤵
  PID:4344
- C:\Windows\System\CgZbJdM.exe
  C:\Windows\System\CgZbJdM.exe
  2⤵
  PID:4380
- C:\Windows\System\SVDmhIl.exe
  C:\Windows\System\SVDmhIl.exe
  2⤵
  PID:4452
- C:\Windows\System\YfRyGJz.exe
  C:\Windows\System\YfRyGJz.exe
  2⤵
  PID:4512
- C:\Windows\System\IsRjgWn.exe
  C:\Windows\System\IsRjgWn.exe
  2⤵
  PID:1928
- C:\Windows\System\cgduqIx.exe
  C:\Windows\System\cgduqIx.exe
  2⤵
  PID:4572
- C:\Windows\System\ibFtJXj.exe
  C:\Windows\System\ibFtJXj.exe
  2⤵
  PID:1672
- C:\Windows\System\bTbqlFf.exe
  C:\Windows\System\bTbqlFf.exe
  2⤵
  PID:4692
- C:\Windows\System\aBezaXu.exe
  C:\Windows\System\aBezaXu.exe
  2⤵
  PID:4584
- C:\Windows\System\SXrNOfa.exe
  C:\Windows\System\SXrNOfa.exe
  2⤵
  PID:4616
- C:\Windows\System\CjZVHXi.exe
  C:\Windows\System\CjZVHXi.exe
  2⤵
  PID:4680
- C:\Windows\System\LnKQrTR.exe
  C:\Windows\System\LnKQrTR.exe
  2⤵
  PID:4752
- C:\Windows\System\ijhkmwc.exe
  C:\Windows\System\ijhkmwc.exe
  2⤵
  PID:4788
- C:\Windows\System\cQDlYJh.exe
  C:\Windows\System\cQDlYJh.exe
  2⤵
  PID:4852
- C:\Windows\System\VfEonyZ.exe
  C:\Windows\System\VfEonyZ.exe
  2⤵
  PID:4896
- C:\Windows\System\AmSoGgN.exe
  C:\Windows\System\AmSoGgN.exe
  2⤵
  PID:4420
- C:\Windows\System\HusjuRC.exe
  C:\Windows\System\HusjuRC.exe
  2⤵
  PID:4964
- C:\Windows\System\UzpPHXq.exe
  C:\Windows\System\UzpPHXq.exe
  2⤵
  PID:4740
- C:\Windows\System\aUrTRIf.exe
  C:\Windows\System\aUrTRIf.exe
  2⤵
  PID:5060
- C:\Windows\System\YiAuBka.exe
  C:\Windows\System\YiAuBka.exe
  2⤵
  PID:5100
- C:\Windows\System\zttxTTR.exe
  C:\Windows\System\zttxTTR.exe
  2⤵
  PID:4944
- C:\Windows\System\IQQtfQy.exe
  C:\Windows\System\IQQtfQy.exe
  2⤵
  PID:5012
- C:\Windows\System\XynyFSM.exe
  C:\Windows\System\XynyFSM.exe
  2⤵
  PID:4772
- C:\Windows\System\UzrLdzK.exe
  C:\Windows\System\UzrLdzK.exe
  2⤵
  PID:2496
- C:\Windows\System\GLvybGb.exe
  C:\Windows\System\GLvybGb.exe
  2⤵
  PID:3956
- C:\Windows\System\rgiKgQK.exe
  C:\Windows\System\rgiKgQK.exe
  2⤵
  PID:4804
- C:\Windows\System\KDsmZid.exe
  C:\Windows\System\KDsmZid.exe
  2⤵
  PID:3944
- C:\Windows\System\tpYWfgW.exe
  C:\Windows\System\tpYWfgW.exe
  2⤵
  PID:4168
- C:\Windows\System\hLgGynu.exe
  C:\Windows\System\hLgGynu.exe
  2⤵
  PID:3972
- C:\Windows\System\KiKHgIG.exe
  C:\Windows\System\KiKHgIG.exe
  2⤵
  PID:4112
- C:\Windows\System\JNGAcdZ.exe
  C:\Windows\System\JNGAcdZ.exe
  2⤵
  PID:4184
- C:\Windows\System\gjCFYSQ.exe
  C:\Windows\System\gjCFYSQ.exe
  2⤵
  PID:4200
- C:\Windows\System\svSsDBI.exe
  C:\Windows\System\svSsDBI.exe
  2⤵
  PID:4288
- C:\Windows\System\VvTgdTl.exe
  C:\Windows\System\VvTgdTl.exe
  2⤵
  PID:4436
- C:\Windows\System\YCvmyXd.exe
  C:\Windows\System\YCvmyXd.exe
  2⤵
  PID:4264
- C:\Windows\System\HZMzboq.exe
  C:\Windows\System\HZMzboq.exe
  2⤵
  PID:1684
- C:\Windows\System\NLHJKcK.exe
  C:\Windows\System\NLHJKcK.exe
  2⤵
  PID:4252
- C:\Windows\System\AWooUqL.exe
  C:\Windows\System\AWooUqL.exe
  2⤵
  PID:4700
- C:\Windows\System\ZzJwfAk.exe
  C:\Windows\System\ZzJwfAk.exe
  2⤵
  PID:4820
- C:\Windows\System\ajqNAOJ.exe
  C:\Windows\System\ajqNAOJ.exe
  2⤵
  PID:5104
- C:\Windows\System\BGaQutr.exe
  C:\Windows\System\BGaQutr.exe
  2⤵
  PID:5096
- C:\Windows\System\fpfjUEe.exe
  C:\Windows\System\fpfjUEe.exe
  2⤵
  PID:4328
- C:\Windows\System\OqAlCtY.exe
  C:\Windows\System\OqAlCtY.exe
  2⤵
  PID:4532
- C:\Windows\System\YrZhAZT.exe
  C:\Windows\System\YrZhAZT.exe
  2⤵
  PID:4872
- C:\Windows\System\SZUOfBo.exe
  C:\Windows\System\SZUOfBo.exe
  2⤵
  PID:2884
- C:\Windows\System\zmQxHdE.exe
  C:\Windows\System\zmQxHdE.exe
  2⤵
  PID:636
- C:\Windows\System\dlxAuEB.exe
  C:\Windows\System\dlxAuEB.exe
  2⤵
  PID:2080
- C:\Windows\System\SKmSkcB.exe
  C:\Windows\System\SKmSkcB.exe
  2⤵
  PID:4248
- C:\Windows\System\rZWcJbO.exe
  C:\Windows\System\rZWcJbO.exe
  2⤵
  PID:4888
- C:\Windows\System\BGDZpcm.exe
  C:\Windows\System\BGDZpcm.exe
  2⤵
  PID:4552
- C:\Windows\System\lulDNAj.exe
  C:\Windows\System\lulDNAj.exe
  2⤵
  PID:4340
- C:\Windows\System\bjIRmid.exe
  C:\Windows\System\bjIRmid.exe
  2⤵
  PID:4516
- C:\Windows\System\uWWCfHE.exe
  C:\Windows\System\uWWCfHE.exe
  2⤵
  PID:5124
- C:\Windows\System\pFdyJZH.exe
  C:\Windows\System\pFdyJZH.exe
  2⤵
  PID:5140
- C:\Windows\System\zhXZXQE.exe
  C:\Windows\System\zhXZXQE.exe
  2⤵
  PID:5156
- C:\Windows\System\RQpbmEM.exe
  C:\Windows\System\RQpbmEM.exe
  2⤵
  PID:5172
- C:\Windows\System\QGIvlcT.exe
  C:\Windows\System\QGIvlcT.exe
  2⤵
  PID:5188
- C:\Windows\System\rKKyOtw.exe
  C:\Windows\System\rKKyOtw.exe
  2⤵
  PID:5232
- C:\Windows\System\kXCfLut.exe
  C:\Windows\System\kXCfLut.exe
  2⤵
  PID:5248
- C:\Windows\System\zzaYeUe.exe
  C:\Windows\System\zzaYeUe.exe
  2⤵
  PID:5264
- C:\Windows\System\JGhvbQv.exe
  C:\Windows\System\JGhvbQv.exe
  2⤵
  PID:5280
- C:\Windows\System\GqdDblh.exe
  C:\Windows\System\GqdDblh.exe
  2⤵
  PID:5296
- C:\Windows\System\ewopjsw.exe
  C:\Windows\System\ewopjsw.exe
  2⤵
  PID:5316
- C:\Windows\System\MRgyxYY.exe
  C:\Windows\System\MRgyxYY.exe
  2⤵
  PID:5340
- C:\Windows\System\ChUXIxV.exe
  C:\Windows\System\ChUXIxV.exe
  2⤵
  PID:5356
- C:\Windows\System\ITnJSIJ.exe
  C:\Windows\System\ITnJSIJ.exe
  2⤵
  PID:5372
- C:\Windows\System\IySnAoO.exe
  C:\Windows\System\IySnAoO.exe
  2⤵
  PID:5388
- C:\Windows\System\htFHsEh.exe
  C:\Windows\System\htFHsEh.exe
  2⤵
  PID:5404
- C:\Windows\System\KeQwMMU.exe
  C:\Windows\System\KeQwMMU.exe
  2⤵
  PID:5420
- C:\Windows\System\PHTxsyl.exe
  C:\Windows\System\PHTxsyl.exe
  2⤵
  PID:5436
- C:\Windows\System\eZmxntA.exe
  C:\Windows\System\eZmxntA.exe
  2⤵
  PID:5452
- C:\Windows\System\NsgqUWP.exe
  C:\Windows\System\NsgqUWP.exe
  2⤵
  PID:5468
- C:\Windows\System\QiBpOIQ.exe
  C:\Windows\System\QiBpOIQ.exe
  2⤵
  PID:5484
- C:\Windows\System\xlrREJv.exe
  C:\Windows\System\xlrREJv.exe
  2⤵
  PID:5500
- C:\Windows\System\bhDgwHz.exe
  C:\Windows\System\bhDgwHz.exe
  2⤵
  PID:5516
- C:\Windows\System\LbpZkfw.exe
  C:\Windows\System\LbpZkfw.exe
  2⤵
  PID:5532
- C:\Windows\System\JxwNHia.exe
  C:\Windows\System\JxwNHia.exe
  2⤵
  PID:5548
- C:\Windows\System\tdrnksF.exe
  C:\Windows\System\tdrnksF.exe
  2⤵
  PID:5564
- C:\Windows\System\rGhxPoY.exe
  C:\Windows\System\rGhxPoY.exe
  2⤵
  PID:5580
- C:\Windows\System\jxJZpWp.exe
  C:\Windows\System\jxJZpWp.exe
  2⤵
  PID:5596
- C:\Windows\System\aNTsIEn.exe
  C:\Windows\System\aNTsIEn.exe
  2⤵
  PID:5612
- C:\Windows\System\HjzkGOb.exe
  C:\Windows\System\HjzkGOb.exe
  2⤵
  PID:5628
- C:\Windows\System\uMgWBrB.exe
  C:\Windows\System\uMgWBrB.exe
  2⤵
  PID:6128
- C:\Windows\System\fVlDSeN.exe
  C:\Windows\System\fVlDSeN.exe
  2⤵
  PID:4732
- C:\Windows\System\jhOTUuH.exe
  C:\Windows\System\jhOTUuH.exe
  2⤵
  PID:4884
- C:\Windows\System\NwATwSo.exe
  C:\Windows\System\NwATwSo.exe
  2⤵
  PID:5048
- C:\Windows\System\XrKrWJT.exe
  C:\Windows\System\XrKrWJT.exe
  2⤵
  PID:4836
- C:\Windows\System\VQTkfds.exe
  C:\Windows\System\VQTkfds.exe
  2⤵
  PID:2276
- C:\Windows\System\PtEumOc.exe
  C:\Windows\System\PtEumOc.exe
  2⤵
  PID:4360
- C:\Windows\System\HsoHMvU.exe
  C:\Windows\System\HsoHMvU.exe
  2⤵
  PID:4644
- C:\Windows\System\tVXAVKQ.exe
  C:\Windows\System\tVXAVKQ.exe
  2⤵
  PID:4976
- C:\Windows\System\eFcQWyK.exe
  C:\Windows\System\eFcQWyK.exe
  2⤵
  PID:4720
- C:\Windows\System\ZeuOlgE.exe
  C:\Windows\System\ZeuOlgE.exe
  2⤵
  PID:5168
- C:\Windows\System\XoYRUbx.exe
  C:\Windows\System\XoYRUbx.exe
  2⤵
  PID:5212
- C:\Windows\System\AISyAyH.exe
  C:\Windows\System\AISyAyH.exe
  2⤵
  PID:4576
- C:\Windows\System\JJTSaJt.exe
  C:\Windows\System\JJTSaJt.exe
  2⤵
  PID:5148
- C:\Windows\System\cGazWfO.exe
  C:\Windows\System\cGazWfO.exe
  2⤵
  PID:5292
- C:\Windows\System\vCXnIMQ.exe
  C:\Windows\System\vCXnIMQ.exe
  2⤵
  PID:5272
- C:\Windows\System\UIhFWaO.exe
  C:\Windows\System\UIhFWaO.exe
  2⤵
  PID:5332
- C:\Windows\System\mTdskIq.exe
  C:\Windows\System\mTdskIq.exe
  2⤵
  PID:5368
- C:\Windows\System\BQTgcZw.exe
  C:\Windows\System\BQTgcZw.exe
  2⤵
  PID:5428
- C:\Windows\System\KELDygN.exe
  C:\Windows\System\KELDygN.exe
  2⤵
  PID:5380
- C:\Windows\System\OtJFafI.exe
  C:\Windows\System\OtJFafI.exe
  2⤵
  PID:2820
- C:\Windows\System\AWimYxs.exe
  C:\Windows\System\AWimYxs.exe
  2⤵
  PID:5384
- C:\Windows\System\qLbGLjg.exe
  C:\Windows\System\qLbGLjg.exe
  2⤵
  PID:5524
- C:\Windows\System\vGUCFis.exe
  C:\Windows\System\vGUCFis.exe
  2⤵
  PID:5556
- C:\Windows\System\BzGgfiL.exe
  C:\Windows\System\BzGgfiL.exe
  2⤵
  PID:2936
- C:\Windows\System\Jwfvobu.exe
  C:\Windows\System\Jwfvobu.exe
  2⤵
  PID:2840
- C:\Windows\System\ZkpMtvK.exe
  C:\Windows\System\ZkpMtvK.exe
  2⤵
  PID:5728
- C:\Windows\System\FNPRVnM.exe
  C:\Windows\System\FNPRVnM.exe
  2⤵
  PID:5744
- C:\Windows\System\FyHXBeV.exe
  C:\Windows\System\FyHXBeV.exe
  2⤵
  PID:5760
- C:\Windows\System\DgnqyFr.exe
  C:\Windows\System\DgnqyFr.exe
  2⤵
  PID:5828
- C:\Windows\System\fSVXloj.exe
  C:\Windows\System\fSVXloj.exe
  2⤵
  PID:5768
- C:\Windows\System\wvcYRFO.exe
  C:\Windows\System\wvcYRFO.exe
  2⤵
  PID:5792
- C:\Windows\System\FIglohR.exe
  C:\Windows\System\FIglohR.exe
  2⤵
  PID:5808
- C:\Windows\System\NOPOHNP.exe
  C:\Windows\System\NOPOHNP.exe
  2⤵
  PID:5856
- C:\Windows\System\MhzbzJr.exe
  C:\Windows\System\MhzbzJr.exe
  2⤵
  PID:5872
- C:\Windows\System\JFSQibI.exe
  C:\Windows\System\JFSQibI.exe
  2⤵
  PID:5888
- C:\Windows\System\SqQcpdm.exe
  C:\Windows\System\SqQcpdm.exe
  2⤵
  PID:5904
- C:\Windows\System\qeLKdsO.exe
  C:\Windows\System\qeLKdsO.exe
  2⤵
  PID:5944
- C:\Windows\System\HHSEtpq.exe
  C:\Windows\System\HHSEtpq.exe
  2⤵
  PID:5960
- C:\Windows\System\NlMZGHb.exe
  C:\Windows\System\NlMZGHb.exe
  2⤵
  PID:5968
- C:\Windows\System\GVKRXyL.exe
  C:\Windows\System\GVKRXyL.exe
  2⤵
  PID:5988
- C:\Windows\System\GpZlvVD.exe
  C:\Windows\System\GpZlvVD.exe
  2⤵
  PID:5996
- C:\Windows\System\ZWiryCx.exe
  C:\Windows\System\ZWiryCx.exe
  2⤵
  PID:6012
- C:\Windows\System\wGWApbZ.exe
  C:\Windows\System\wGWApbZ.exe
  2⤵
  PID:6032
- C:\Windows\System\GVNnnoD.exe
  C:\Windows\System\GVNnnoD.exe
  2⤵
  PID:872
- C:\Windows\System\neSuBGH.exe
  C:\Windows\System\neSuBGH.exe
  2⤵
  PID:6060
- C:\Windows\System\bSbsVZn.exe
  C:\Windows\System\bSbsVZn.exe
  2⤵
  PID:6076
- C:\Windows\System\aqGEODc.exe
  C:\Windows\System\aqGEODc.exe
  2⤵
  PID:6092
- C:\Windows\System\USsIGlL.exe
  C:\Windows\System\USsIGlL.exe
  2⤵
  PID:6108
- C:\Windows\System\jbThdAT.exe
  C:\Windows\System\jbThdAT.exe
  2⤵
  PID:6120
- C:\Windows\System\rJoLEhn.exe
  C:\Windows\System\rJoLEhn.exe
  2⤵
  PID:6140
- C:\Windows\System\cBHECxe.exe
  C:\Windows\System\cBHECxe.exe
  2⤵
  PID:4960
- C:\Windows\System\THkTTaf.exe
  C:\Windows\System\THkTTaf.exe
  2⤵
  PID:3188
- C:\Windows\System\fvXkAWN.exe
  C:\Windows\System\fvXkAWN.exe
  2⤵
  PID:1356
- C:\Windows\System\wqvjvab.exe
  C:\Windows\System\wqvjvab.exe
  2⤵
  PID:3336
- C:\Windows\System\KMgHIWa.exe
  C:\Windows\System\KMgHIWa.exe
  2⤵
  PID:4180
- C:\Windows\System\VlbHowg.exe
  C:\Windows\System\VlbHowg.exe
  2⤵
  PID:5208
- C:\Windows\System\RuGNiYH.exe
  C:\Windows\System\RuGNiYH.exe
  2⤵
  PID:5260
- C:\Windows\System\LozflGj.exe
  C:\Windows\System\LozflGj.exe
  2⤵
  PID:5328
- C:\Windows\System\sBBWgdx.exe
  C:\Windows\System\sBBWgdx.exe
  2⤵
  PID:5464
- C:\Windows\System\GSbbmdx.exe
  C:\Windows\System\GSbbmdx.exe
  2⤵
  PID:5352
- C:\Windows\System\quSYWrM.exe
  C:\Windows\System\quSYWrM.exe
  2⤵
  PID:5240
- C:\Windows\System\ysNmJER.exe
  C:\Windows\System\ysNmJER.exe
  2⤵
  PID:4604
- C:\Windows\System\aAuYLYX.exe
  C:\Windows\System\aAuYLYX.exe
  2⤵
  PID:2444
- C:\Windows\System\jwGyFCY.exe
  C:\Windows\System\jwGyFCY.exe
  2⤵
  PID:5624
- C:\Windows\System\AvpriWi.exe
  C:\Windows\System\AvpriWi.exe
  2⤵
  PID:5572
- C:\Windows\System\COniQDo.exe
  C:\Windows\System\COniQDo.exe
  2⤵
  PID:2008
- C:\Windows\System\ofCZYsr.exe
  C:\Windows\System\ofCZYsr.exe
  2⤵
  PID:5576
- C:\Windows\System\GpSnFMJ.exe
  C:\Windows\System\GpSnFMJ.exe
  2⤵
  PID:5752
- C:\Windows\System\SaXAGTR.exe
  C:\Windows\System\SaXAGTR.exe
  2⤵
  PID:2880
- C:\Windows\System\lNEbOrx.exe
  C:\Windows\System\lNEbOrx.exe
  2⤵
  PID:5820
- C:\Windows\System\HqOuPVV.exe
  C:\Windows\System\HqOuPVV.exe
  2⤵
  PID:5784
- C:\Windows\System\GGxqpaA.exe
  C:\Windows\System\GGxqpaA.exe
  2⤵
  PID:5880
- C:\Windows\System\pXyWpZX.exe
  C:\Windows\System\pXyWpZX.exe
  2⤵
  PID:5800
- C:\Windows\System\wnBwkYl.exe
  C:\Windows\System\wnBwkYl.exe
  2⤵
  PID:5804
- C:\Windows\System\paYXYUY.exe
  C:\Windows\System\paYXYUY.exe
  2⤵
  PID:5900
- C:\Windows\System\uQjszKc.exe
  C:\Windows\System\uQjszKc.exe
  2⤵
  PID:5932
- C:\Windows\System\JYlWWzq.exe
  C:\Windows\System\JYlWWzq.exe
  2⤵
  PID:6016
- C:\Windows\System\SQwbhZJ.exe
  C:\Windows\System\SQwbhZJ.exe
  2⤵
  PID:6116
- C:\Windows\System\oXYEokX.exe
  C:\Windows\System\oXYEokX.exe
  2⤵
  PID:6008
- C:\Windows\System\YujUqag.exe
  C:\Windows\System\YujUqag.exe
  2⤵
  PID:5640
- C:\Windows\System\bUciqUP.exe
  C:\Windows\System\bUciqUP.exe
  2⤵
  PID:6100
- C:\Windows\System\waQCgCl.exe
  C:\Windows\System\waQCgCl.exe
  2⤵
  PID:1656
- C:\Windows\System\qSpCUgo.exe
  C:\Windows\System\qSpCUgo.exe
  2⤵
  PID:4588
- C:\Windows\System\CopEydv.exe
  C:\Windows\System\CopEydv.exe
  2⤵
  PID:4784
- C:\Windows\System\OZOhVWq.exe
  C:\Windows\System\OZOhVWq.exe
  2⤵
  PID:3112
- C:\Windows\System\VmOsfZO.exe
  C:\Windows\System\VmOsfZO.exe
  2⤵
  PID:4376
- C:\Windows\System\rYBjQTs.exe
  C:\Windows\System\rYBjQTs.exe
  2⤵
  PID:1084
- C:\Windows\System\SHYHcsH.exe
  C:\Windows\System\SHYHcsH.exe
  2⤵
  PID:5348
- C:\Windows\System\LVbijjm.exe
  C:\Windows\System\LVbijjm.exe
  2⤵
  PID:5608
- C:\Windows\System\IAmDANp.exe
  C:\Windows\System\IAmDANp.exe
  2⤵
  PID:5816
- C:\Windows\System\luotqGl.exe
  C:\Windows\System\luotqGl.exe
  2⤵
  PID:5364
- C:\Windows\System\StRtqHs.exe
  C:\Windows\System\StRtqHs.exe
  2⤵
  PID:5448
- C:\Windows\System\rPbUeaL.exe
  C:\Windows\System\rPbUeaL.exe
  2⤵
  PID:5512
- C:\Windows\System\kqarQPV.exe
  C:\Windows\System\kqarQPV.exe
  2⤵
  PID:2684
- C:\Windows\System\aYZEXVd.exe
  C:\Windows\System\aYZEXVd.exe
  2⤵
  PID:2756
- C:\Windows\System\HhqOBfQ.exe
  C:\Windows\System\HhqOBfQ.exe
  2⤵
  PID:5936
- C:\Windows\System\pQorDFJ.exe
  C:\Windows\System\pQorDFJ.exe
  2⤵
  PID:572
- C:\Windows\System\dFABhyy.exe
  C:\Windows\System\dFABhyy.exe
  2⤵
  PID:5864
- C:\Windows\System\fbNezaF.exe
  C:\Windows\System\fbNezaF.exe
  2⤵
  PID:6104
- C:\Windows\System\JcXgNBD.exe
  C:\Windows\System\JcXgNBD.exe
  2⤵
  PID:1868
- C:\Windows\System\nktrtDa.exe
  C:\Windows\System\nktrtDa.exe
  2⤵
  PID:4156
- C:\Windows\System\cfTckTW.exe
  C:\Windows\System\cfTckTW.exe
  2⤵
  PID:6088
- C:\Windows\System\PhSbnRF.exe
  C:\Windows\System\PhSbnRF.exe
  2⤵
  PID:1720
- C:\Windows\System\KGKLirl.exe
  C:\Windows\System\KGKLirl.exe
  2⤵
  PID:6024
- C:\Windows\System\aFGtkXc.exe
  C:\Windows\System\aFGtkXc.exe
  2⤵
  PID:4980
- C:\Windows\System\wQAifYi.exe
  C:\Windows\System\wQAifYi.exe
  2⤵
  PID:6112
- C:\Windows\System\vtmsXvV.exe
  C:\Windows\System\vtmsXvV.exe
  2⤵
  PID:5288
- C:\Windows\System\bganYsG.exe
  C:\Windows\System\bganYsG.exe
  2⤵
  PID:4448
- C:\Windows\System\drcBUkF.exe
  C:\Windows\System\drcBUkF.exe
  2⤵
  PID:5720
- C:\Windows\System\xOlWOOC.exe
  C:\Windows\System\xOlWOOC.exe
  2⤵
  PID:5756
- C:\Windows\System\XbiyTUx.exe
  C:\Windows\System\XbiyTUx.exe
  2⤵
  PID:5620
- C:\Windows\System\FgFhTYF.exe
  C:\Windows\System\FgFhTYF.exe
  2⤵
  PID:4540
- C:\Windows\System\zXormNG.exe
  C:\Windows\System\zXormNG.exe
  2⤵
  PID:5508
- C:\Windows\System\EBJsfwJ.exe
  C:\Windows\System\EBJsfwJ.exe
  2⤵
  PID:5868
- C:\Windows\System\eOHPnWY.exe
  C:\Windows\System\eOHPnWY.exe
  2⤵
  PID:4660
- C:\Windows\System\rvrfIFN.exe
  C:\Windows\System\rvrfIFN.exe
  2⤵
  PID:5976
- C:\Windows\System\hvdYyxa.exe
  C:\Windows\System\hvdYyxa.exe
  2⤵
  PID:5180
- C:\Windows\System\lRARfpL.exe
  C:\Windows\System\lRARfpL.exe
  2⤵
  PID:2376
- C:\Windows\System\AFGfxbI.exe
  C:\Windows\System\AFGfxbI.exe
  2⤵
  PID:5396
- C:\Windows\System\RRSKdGT.exe
  C:\Windows\System\RRSKdGT.exe
  2⤵
  PID:6048
- C:\Windows\System\wtamaun.exe
  C:\Windows\System\wtamaun.exe
  2⤵
  PID:5740
- C:\Windows\System\SRaAphW.exe
  C:\Windows\System\SRaAphW.exe
  2⤵
  PID:6156
- C:\Windows\System\IQdEUHS.exe
  C:\Windows\System\IQdEUHS.exe
  2⤵
  PID:6172
- C:\Windows\System\UrNoFOt.exe
  C:\Windows\System\UrNoFOt.exe
  2⤵
  PID:6192
- C:\Windows\System\osfVJLZ.exe
  C:\Windows\System\osfVJLZ.exe
  2⤵
  PID:6208
- C:\Windows\System\AKaHihj.exe
  C:\Windows\System\AKaHihj.exe
  2⤵
  PID:6224
- C:\Windows\System\ITixtGR.exe
  C:\Windows\System\ITixtGR.exe
  2⤵
  PID:6240
- C:\Windows\System\qTgFhTT.exe
  C:\Windows\System\qTgFhTT.exe
  2⤵
  PID:6260
- C:\Windows\System\vkYkGiH.exe
  C:\Windows\System\vkYkGiH.exe
  2⤵
  PID:6276
- C:\Windows\System\JFdUFIE.exe
  C:\Windows\System\JFdUFIE.exe
  2⤵
  PID:6292
- C:\Windows\System\JVPDdYu.exe
  C:\Windows\System\JVPDdYu.exe
  2⤵
  PID:6308
- C:\Windows\System\xgvQWKy.exe
  C:\Windows\System\xgvQWKy.exe
  2⤵
  PID:6328
- C:\Windows\System\WJkOTIY.exe
  C:\Windows\System\WJkOTIY.exe
  2⤵
  PID:6344
- C:\Windows\System\ZVOstiv.exe
  C:\Windows\System\ZVOstiv.exe
  2⤵
  PID:6368
- C:\Windows\System\mYcWGew.exe
  C:\Windows\System\mYcWGew.exe
  2⤵
  PID:6384
- C:\Windows\System\BDxwYEN.exe
  C:\Windows\System\BDxwYEN.exe
  2⤵
  PID:6404
- C:\Windows\System\mJexoqs.exe
  C:\Windows\System\mJexoqs.exe
  2⤵
  PID:6420
- C:\Windows\System\kdJAyjJ.exe
  C:\Windows\System\kdJAyjJ.exe
  2⤵
  PID:6436
- C:\Windows\System\ZvQmPyV.exe
  C:\Windows\System\ZvQmPyV.exe
  2⤵
  PID:6452
- C:\Windows\System\EqcHTto.exe
  C:\Windows\System\EqcHTto.exe
  2⤵
  PID:6468
- C:\Windows\System\WYDIvIF.exe
  C:\Windows\System\WYDIvIF.exe
  2⤵
  PID:6484
- C:\Windows\System\tiuSUgE.exe
  C:\Windows\System\tiuSUgE.exe
  2⤵
  PID:6500
- C:\Windows\System\pMeHCrw.exe
  C:\Windows\System\pMeHCrw.exe
  2⤵
  PID:6516
- C:\Windows\System\vKzvSnq.exe
  C:\Windows\System\vKzvSnq.exe
  2⤵
  PID:6532
- C:\Windows\System\OoKgSCQ.exe
  C:\Windows\System\OoKgSCQ.exe
  2⤵
  PID:6548
- C:\Windows\System\jcNidVo.exe
  C:\Windows\System\jcNidVo.exe
  2⤵
  PID:6564
- C:\Windows\System\DrJhdto.exe
  C:\Windows\System\DrJhdto.exe
  2⤵
  PID:6580
- C:\Windows\System\JopmgnM.exe
  C:\Windows\System\JopmgnM.exe
  2⤵
  PID:6596
- C:\Windows\System\vpLibTK.exe
  C:\Windows\System\vpLibTK.exe
  2⤵
  PID:6612
- C:\Windows\System\pVklzVs.exe
  C:\Windows\System\pVklzVs.exe
  2⤵
  PID:6628
- C:\Windows\System\KPGDAyT.exe
  C:\Windows\System\KPGDAyT.exe
  2⤵
  PID:6644
- C:\Windows\System\RScKYzY.exe
  C:\Windows\System\RScKYzY.exe
  2⤵
  PID:6660
- C:\Windows\System\MBvBFAv.exe
  C:\Windows\System\MBvBFAv.exe
  2⤵
  PID:6676
- C:\Windows\System\qtUBpmE.exe
  C:\Windows\System\qtUBpmE.exe
  2⤵
  PID:6692
- C:\Windows\System\KzwWAKq.exe
  C:\Windows\System\KzwWAKq.exe
  2⤵
  PID:6708
- C:\Windows\System\KkLYcTp.exe
  C:\Windows\System\KkLYcTp.exe
  2⤵
  PID:6724
- C:\Windows\System\LPlETSS.exe
  C:\Windows\System\LPlETSS.exe
  2⤵
  PID:6740
- C:\Windows\System\HaqXWbT.exe
  C:\Windows\System\HaqXWbT.exe
  2⤵
  PID:6756
- C:\Windows\System\ULHeugv.exe
  C:\Windows\System\ULHeugv.exe
  2⤵
  PID:6772
- C:\Windows\System\rJzrHmo.exe
  C:\Windows\System\rJzrHmo.exe
  2⤵
  PID:6788
- C:\Windows\System\igwsfKR.exe
  C:\Windows\System\igwsfKR.exe
  2⤵
  PID:6804
- C:\Windows\System\eSjehCj.exe
  C:\Windows\System\eSjehCj.exe
  2⤵
  PID:6820
- C:\Windows\System\PQnkfyr.exe
  C:\Windows\System\PQnkfyr.exe
  2⤵
  PID:6836
- C:\Windows\System\QQeXfZT.exe
  C:\Windows\System\QQeXfZT.exe
  2⤵
  PID:6852
- C:\Windows\System\DkAFLGg.exe
  C:\Windows\System\DkAFLGg.exe
  2⤵
  PID:6868
- C:\Windows\System\jTmdjme.exe
  C:\Windows\System\jTmdjme.exe
  2⤵
  PID:6884
- C:\Windows\System\QjhHNxy.exe
  C:\Windows\System\QjhHNxy.exe
  2⤵
  PID:6900
- C:\Windows\System\HejdpBQ.exe
  C:\Windows\System\HejdpBQ.exe
  2⤵
  PID:6920
- C:\Windows\System\XAmSRGV.exe
  C:\Windows\System\XAmSRGV.exe
  2⤵
  PID:6936
- C:\Windows\System\zuuIthN.exe
  C:\Windows\System\zuuIthN.exe
  2⤵
  PID:6952
- C:\Windows\System\zwhAALN.exe
  C:\Windows\System\zwhAALN.exe
  2⤵
  PID:6968
- C:\Windows\System\XUjifDj.exe
  C:\Windows\System\XUjifDj.exe
  2⤵
  PID:6984
- C:\Windows\System\vGSCTEN.exe
  C:\Windows\System\vGSCTEN.exe
  2⤵
  PID:7000
- C:\Windows\System\qpOcuMq.exe
  C:\Windows\System\qpOcuMq.exe
  2⤵
  PID:7016
- C:\Windows\System\spWSBpG.exe
  C:\Windows\System\spWSBpG.exe
  2⤵
  PID:7032
- C:\Windows\System\UnczlYM.exe
  C:\Windows\System\UnczlYM.exe
  2⤵
  PID:7048
- C:\Windows\System\RDQJrfN.exe
  C:\Windows\System\RDQJrfN.exe
  2⤵
  PID:7064
- C:\Windows\System\ZrTzHrK.exe
  C:\Windows\System\ZrTzHrK.exe
  2⤵
  PID:7080
- C:\Windows\System\evgeIbe.exe
  C:\Windows\System\evgeIbe.exe
  2⤵
  PID:7096
- C:\Windows\System\CcylLQN.exe
  C:\Windows\System\CcylLQN.exe
  2⤵
  PID:7112
- C:\Windows\System\SQZvVMZ.exe
  C:\Windows\System\SQZvVMZ.exe
  2⤵
  PID:7128
- C:\Windows\System\RnbKzlA.exe
  C:\Windows\System\RnbKzlA.exe
  2⤵
  PID:7144
- C:\Windows\System\JOYqUig.exe
  C:\Windows\System\JOYqUig.exe
  2⤵
  PID:7160
- C:\Windows\System\THPdNaC.exe
  C:\Windows\System\THPdNaC.exe
  2⤵
  PID:1220
- C:\Windows\System\NWtGrNY.exe
  C:\Windows\System\NWtGrNY.exe
  2⤵
  PID:2232
- C:\Windows\System\wbfSfIL.exe
  C:\Windows\System\wbfSfIL.exe
  2⤵
  PID:2896
- C:\Windows\System\mjlmTdg.exe
  C:\Windows\System\mjlmTdg.exe
  2⤵
  PID:6248
- C:\Windows\System\uJcnOKY.exe
  C:\Windows\System\uJcnOKY.exe
  2⤵
  PID:6284
- C:\Windows\System\WaVpdXh.exe
  C:\Windows\System\WaVpdXh.exe
  2⤵
  PID:5336
- C:\Windows\System\sadRGvu.exe
  C:\Windows\System\sadRGvu.exe
  2⤵
  PID:3260
- C:\Windows\System\xeqUdKS.exe
  C:\Windows\System\xeqUdKS.exe
  2⤵
  PID:2024
- C:\Windows\System\LxUsENX.exe
  C:\Windows\System\LxUsENX.exe
  2⤵
  PID:6204
- C:\Windows\System\jplpaME.exe
  C:\Windows\System\jplpaME.exe
  2⤵
  PID:6272
- C:\Windows\System\oYcfjQu.exe
  C:\Windows\System\oYcfjQu.exe
  2⤵
  PID:6256
- C:\Windows\System\QaSBRRD.exe
  C:\Windows\System\QaSBRRD.exe
  2⤵
  PID:6400
- C:\Windows\System\zYcQsWd.exe
  C:\Windows\System\zYcQsWd.exe
  2⤵
  PID:6464
- C:\Windows\System\aJWOKwq.exe
  C:\Windows\System\aJWOKwq.exe
  2⤵
  PID:6492
- C:\Windows\System\TgTZblm.exe
  C:\Windows\System\TgTZblm.exe
  2⤵
  PID:6524
- C:\Windows\System\xELiMqe.exe
  C:\Windows\System\xELiMqe.exe
  2⤵
  PID:6380
- C:\Windows\System\FakiHbe.exe
  C:\Windows\System\FakiHbe.exe
  2⤵
  PID:6448
- C:\Windows\System\ZOSkPza.exe
  C:\Windows\System\ZOSkPza.exe
  2⤵
  PID:6560
- C:\Windows\System\OoaiFdM.exe
  C:\Windows\System\OoaiFdM.exe
  2⤵
  PID:6576
- C:\Windows\System\iwKsaim.exe
  C:\Windows\System\iwKsaim.exe
  2⤵
  PID:6588
- C:\Windows\System\yUrshMC.exe
  C:\Windows\System\yUrshMC.exe
  2⤵
  PID:6652
- C:\Windows\System\lFeMWhu.exe
  C:\Windows\System\lFeMWhu.exe
  2⤵
  PID:2012
- C:\Windows\System\yWVumpA.exe
  C:\Windows\System\yWVumpA.exe
  2⤵
  PID:1804
- C:\Windows\System\SDJghGP.exe
  C:\Windows\System\SDJghGP.exe
  2⤵
  PID:6608
- C:\Windows\System\bOZbFJV.exe
  C:\Windows\System\bOZbFJV.exe
  2⤵
  PID:6752
- C:\Windows\System\vLDevNC.exe
  C:\Windows\System\vLDevNC.exe
  2⤵
  PID:6784
- C:\Windows\System\OkvdQIW.exe
  C:\Windows\System\OkvdQIW.exe
  2⤵
  PID:6812
- C:\Windows\System\uCUtinM.exe
  C:\Windows\System\uCUtinM.exe
  2⤵
  PID:1708
- C:\Windows\System\ZRjlATw.exe
  C:\Windows\System\ZRjlATw.exe
  2⤵
  PID:6636
- C:\Windows\System\AjBaonR.exe
  C:\Windows\System\AjBaonR.exe
  2⤵
  PID:6800
- C:\Windows\System\beYfqCD.exe
  C:\Windows\System\beYfqCD.exe
  2⤵
  PID:6796
- C:\Windows\System\Jrdkalp.exe
  C:\Windows\System\Jrdkalp.exe
  2⤵
  PID:1412
- C:\Windows\System\lozOYLZ.exe
  C:\Windows\System\lozOYLZ.exe
  2⤵
  PID:6948
- C:\Windows\System\RgwbnRY.exe
  C:\Windows\System\RgwbnRY.exe
  2⤵
  PID:7040
- C:\Windows\System\LjfsHGZ.exe
  C:\Windows\System\LjfsHGZ.exe
  2⤵
  PID:7072
- C:\Windows\System\RDDWFII.exe
  C:\Windows\System\RDDWFII.exe
  2⤵
  PID:7136
- C:\Windows\System\ttSigGF.exe
  C:\Windows\System\ttSigGF.exe
  2⤵
  PID:4912
- C:\Windows\System\jxfbixD.exe
  C:\Windows\System\jxfbixD.exe
  2⤵
  PID:6832
- C:\Windows\System\HUtKxfG.exe
  C:\Windows\System\HUtKxfG.exe
  2⤵
  PID:6960
- C:\Windows\System\xDivXWH.exe
  C:\Windows\System\xDivXWH.exe
  2⤵
  PID:6892
- C:\Windows\System\tVetUbo.exe
  C:\Windows\System\tVetUbo.exe
  2⤵
  PID:6964
- C:\Windows\System\xUWRWcN.exe
  C:\Windows\System\xUWRWcN.exe
  2⤵
  PID:7088
- C:\Windows\System\yYWQHJG.exe
  C:\Windows\System\yYWQHJG.exe
  2⤵
  PID:6000
- C:\Windows\System\cpQGCzp.exe
  C:\Windows\System\cpQGCzp.exe
  2⤵
  PID:6928
- C:\Windows\System\ioRYCDa.exe
  C:\Windows\System\ioRYCDa.exe
  2⤵
  PID:6168
- C:\Windows\System\rNQmDoK.exe
  C:\Windows\System\rNQmDoK.exe
  2⤵
  PID:6336
- C:\Windows\System\gdoWhHj.exe
  C:\Windows\System\gdoWhHj.exe
  2⤵
  PID:6316
- C:\Windows\System\RNkNmtZ.exe
  C:\Windows\System\RNkNmtZ.exe
  2⤵
  PID:2768
- C:\Windows\System\KVoDgVH.exe
  C:\Windows\System\KVoDgVH.exe
  2⤵
  PID:6416
- C:\Windows\System\HDlPVyz.exe
  C:\Windows\System\HDlPVyz.exe
  2⤵
  PID:6620
- C:\Windows\System\umhfVVK.exe
  C:\Windows\System\umhfVVK.exe
  2⤵
  PID:6392
- C:\Windows\System\KOmFNtv.exe
  C:\Windows\System\KOmFNtv.exe
  2⤵
  PID:1536
- C:\Windows\System\uNqWcpO.exe
  C:\Windows\System\uNqWcpO.exe
  2⤵
  PID:6528
- C:\Windows\System\FyppdgU.exe
  C:\Windows\System\FyppdgU.exe
  2⤵
  PID:6720
- C:\Windows\System\XzpBPrK.exe
  C:\Windows\System\XzpBPrK.exe
  2⤵
  PID:6736
- C:\Windows\System\sBPwhxN.exe
  C:\Windows\System\sBPwhxN.exe
  2⤵
  PID:548
- C:\Windows\System\tMOoSYj.exe
  C:\Windows\System\tMOoSYj.exe
  2⤵
  PID:6668
- C:\Windows\System\QCmTHXV.exe
  C:\Windows\System\QCmTHXV.exe
  2⤵
  PID:2384
- C:\Windows\System\pptgdSJ.exe
  C:\Windows\System\pptgdSJ.exe
  2⤵
  PID:6880
- C:\Windows\System\oCRhdmg.exe
  C:\Windows\System\oCRhdmg.exe
  2⤵
  PID:7104
- C:\Windows\System\RKZpsHN.exe
  C:\Windows\System\RKZpsHN.exe
  2⤵
  PID:6932
- C:\Windows\System\LGZnetv.exe
  C:\Windows\System\LGZnetv.exe
  2⤵
  PID:7012
- C:\Windows\System\BYJdSzR.exe
  C:\Windows\System\BYJdSzR.exe
  2⤵
  PID:7124
- C:\Windows\System\RdajBUT.exe
  C:\Windows\System\RdajBUT.exe
  2⤵
  PID:7056
- C:\Windows\System\GBTcMOW.exe
  C:\Windows\System\GBTcMOW.exe
  2⤵
  PID:6216
- C:\Windows\System\MaKPrld.exe
  C:\Windows\System\MaKPrld.exe
  2⤵
  PID:2748
- C:\Windows\System\NSUnKqo.exe
  C:\Windows\System\NSUnKqo.exe
  2⤵
  PID:1668
- C:\Windows\System\KkrpCdT.exe
  C:\Windows\System\KkrpCdT.exe
  2⤵
  PID:6656
- C:\Windows\System\PkXXBsp.exe
  C:\Windows\System\PkXXBsp.exe
  2⤵
  PID:6572
- C:\Windows\System\rXTCfhY.exe
  C:\Windows\System\rXTCfhY.exe
  2⤵
  PID:6816
- C:\Windows\System\leDruvx.exe
  C:\Windows\System\leDruvx.exe
  2⤵
  PID:1996
- C:\Windows\System\Lunebat.exe
  C:\Windows\System\Lunebat.exe
  2⤵
  PID:868
- C:\Windows\System\ZRCQDsr.exe
  C:\Windows\System\ZRCQDsr.exe
  2⤵
  PID:560
- C:\Windows\System\kgpChba.exe
  C:\Windows\System\kgpChba.exe
  2⤵
  PID:5764
- C:\Windows\System\iNrFrWz.exe
  C:\Windows\System\iNrFrWz.exe
  2⤵
  PID:6896
- C:\Windows\System\UaAvsfP.exe
  C:\Windows\System\UaAvsfP.exe
  2⤵
  PID:6236
- C:\Windows\System\dlqWcmr.exe
  C:\Windows\System\dlqWcmr.exe
  2⤵
  PID:6460
- C:\Windows\System\anMwaMn.exe
  C:\Windows\System\anMwaMn.exe
  2⤵
  PID:6544
- C:\Windows\System\SebqimR.exe
  C:\Windows\System\SebqimR.exe
  2⤵
  PID:2120
- C:\Windows\System\fhfbvCz.exe
  C:\Windows\System\fhfbvCz.exe
  2⤵
  PID:7008
- C:\Windows\System\OFKMRLQ.exe
  C:\Windows\System\OFKMRLQ.exe
  2⤵
  PID:1840
- C:\Windows\System\VzofUex.exe
  C:\Windows\System\VzofUex.exe
  2⤵
  PID:7180
- C:\Windows\System\toDiBbJ.exe
  C:\Windows\System\toDiBbJ.exe
  2⤵
  PID:7196
- C:\Windows\System\RPznRqn.exe
  C:\Windows\System\RPznRqn.exe
  2⤵
  PID:7212
- C:\Windows\System\XMZPkhX.exe
  C:\Windows\System\XMZPkhX.exe
  2⤵
  PID:7228
- C:\Windows\System\lTFiSED.exe
  C:\Windows\System\lTFiSED.exe
  2⤵
  PID:7244
- C:\Windows\System\JasuAON.exe
  C:\Windows\System\JasuAON.exe
  2⤵
  PID:7260
- C:\Windows\System\SvIvyXS.exe
  C:\Windows\System\SvIvyXS.exe
  2⤵
  PID:7276
- C:\Windows\System\sInyztB.exe
  C:\Windows\System\sInyztB.exe
  2⤵
  PID:7292
- C:\Windows\System\JePMTRM.exe
  C:\Windows\System\JePMTRM.exe
  2⤵
  PID:7308
- C:\Windows\System\gVJhpBb.exe
  C:\Windows\System\gVJhpBb.exe
  2⤵
  PID:7324
- C:\Windows\System\zJmYSSV.exe
  C:\Windows\System\zJmYSSV.exe
  2⤵
  PID:7340
- C:\Windows\System\AQBylvH.exe
  C:\Windows\System\AQBylvH.exe
  2⤵
  PID:7356
- C:\Windows\System\lSfHZGm.exe
  C:\Windows\System\lSfHZGm.exe
  2⤵
  PID:7372
- C:\Windows\System\TzIOqQm.exe
  C:\Windows\System\TzIOqQm.exe
  2⤵
  PID:7388
- C:\Windows\System\bUsgxDJ.exe
  C:\Windows\System\bUsgxDJ.exe
  2⤵
  PID:7404
- C:\Windows\System\IeQJjcP.exe
  C:\Windows\System\IeQJjcP.exe
  2⤵
  PID:7420
- C:\Windows\System\VmVGtcV.exe
  C:\Windows\System\VmVGtcV.exe
  2⤵
  PID:7436
- C:\Windows\System\hvOifiU.exe
  C:\Windows\System\hvOifiU.exe
  2⤵
  PID:7452
- C:\Windows\System\GyEfSSb.exe
  C:\Windows\System\GyEfSSb.exe
  2⤵
  PID:7468
- C:\Windows\System\APqeKgw.exe
  C:\Windows\System\APqeKgw.exe
  2⤵
  PID:7484
- C:\Windows\System\mUpHPLD.exe
  C:\Windows\System\mUpHPLD.exe
  2⤵
  PID:7500
- C:\Windows\System\RRqmSVa.exe
  C:\Windows\System\RRqmSVa.exe
  2⤵
  PID:7516
- C:\Windows\System\WEdyZHS.exe
  C:\Windows\System\WEdyZHS.exe
  2⤵
  PID:7532
- C:\Windows\System\ELICMct.exe
  C:\Windows\System\ELICMct.exe
  2⤵
  PID:7548
- C:\Windows\System\JEguRYt.exe
  C:\Windows\System\JEguRYt.exe
  2⤵
  PID:7564
- C:\Windows\System\ujJFOok.exe
  C:\Windows\System\ujJFOok.exe
  2⤵
  PID:7580
- C:\Windows\System\LNHgOiw.exe
  C:\Windows\System\LNHgOiw.exe
  2⤵
  PID:7596
- C:\Windows\System\YKJzuAP.exe
  C:\Windows\System\YKJzuAP.exe
  2⤵
  PID:7612
- C:\Windows\System\qHlJYQe.exe
  C:\Windows\System\qHlJYQe.exe
  2⤵
  PID:7628
- C:\Windows\System\GDZncAl.exe
  C:\Windows\System\GDZncAl.exe
  2⤵
  PID:7644
- C:\Windows\System\RowiAYn.exe
  C:\Windows\System\RowiAYn.exe
  2⤵
  PID:7660
- C:\Windows\System\WLrFWds.exe
  C:\Windows\System\WLrFWds.exe
  2⤵
  PID:7676
- C:\Windows\System\cNCctbK.exe
  C:\Windows\System\cNCctbK.exe
  2⤵
  PID:7692
- C:\Windows\System\cTUQOMS.exe
  C:\Windows\System\cTUQOMS.exe
  2⤵
  PID:7708
- C:\Windows\System\lfqBqwE.exe
  C:\Windows\System\lfqBqwE.exe
  2⤵
  PID:7724
- C:\Windows\System\FjdsuaN.exe
  C:\Windows\System\FjdsuaN.exe
  2⤵
  PID:7740
- C:\Windows\System\KidCsHe.exe
  C:\Windows\System\KidCsHe.exe
  2⤵
  PID:7756
- C:\Windows\System\zoTzSrj.exe
  C:\Windows\System\zoTzSrj.exe
  2⤵
  PID:7772
- C:\Windows\System\MREwvIa.exe
  C:\Windows\System\MREwvIa.exe
  2⤵
  PID:7788
- C:\Windows\System\YUXWCuX.exe
  C:\Windows\System\YUXWCuX.exe
  2⤵
  PID:7804
- C:\Windows\System\lkeFzIq.exe
  C:\Windows\System\lkeFzIq.exe
  2⤵
  PID:7820
- C:\Windows\System\ZZPfQzX.exe
  C:\Windows\System\ZZPfQzX.exe
  2⤵
  PID:7836
- C:\Windows\System\vUQhJlP.exe
  C:\Windows\System\vUQhJlP.exe
  2⤵
  PID:7852
- C:\Windows\System\IVykyoa.exe
  C:\Windows\System\IVykyoa.exe
  2⤵
  PID:7868
- C:\Windows\System\vWteRCo.exe
  C:\Windows\System\vWteRCo.exe
  2⤵
  PID:7896
- C:\Windows\System\UApbxVf.exe
  C:\Windows\System\UApbxVf.exe
  2⤵
  PID:7912
- C:\Windows\System\GZZxbqc.exe
  C:\Windows\System\GZZxbqc.exe
  2⤵
  PID:7928
- C:\Windows\System\vWaUMkC.exe
  C:\Windows\System\vWaUMkC.exe
  2⤵
  PID:7944
- C:\Windows\System\EKOEvPf.exe
  C:\Windows\System\EKOEvPf.exe
  2⤵
  PID:7960
- C:\Windows\System\aWtqXjf.exe
  C:\Windows\System\aWtqXjf.exe
  2⤵
  PID:7976
- C:\Windows\System\vJTwsjq.exe
  C:\Windows\System\vJTwsjq.exe
  2⤵
  PID:7992
- C:\Windows\System\cpjuCSp.exe
  C:\Windows\System\cpjuCSp.exe
  2⤵
  PID:8008
- C:\Windows\System\swiODnt.exe
  C:\Windows\System\swiODnt.exe
  2⤵
  PID:8024
- C:\Windows\System\wpDNOvd.exe
  C:\Windows\System\wpDNOvd.exe
  2⤵
  PID:8040
- C:\Windows\System\kAReGts.exe
  C:\Windows\System\kAReGts.exe
  2⤵
  PID:8056
- C:\Windows\System\degwlUM.exe
  C:\Windows\System\degwlUM.exe
  2⤵
  PID:8072
- C:\Windows\System\vrDLADh.exe
  C:\Windows\System\vrDLADh.exe
  2⤵
  PID:8092
- C:\Windows\System\YjDFFkq.exe
  C:\Windows\System\YjDFFkq.exe
  2⤵
  PID:8108
- C:\Windows\System\ClZuDGZ.exe
  C:\Windows\System\ClZuDGZ.exe
  2⤵
  PID:8168
- C:\Windows\System\fQMaxNf.exe
  C:\Windows\System\fQMaxNf.exe
  2⤵
  PID:7024
- C:\Windows\System\NRzosGi.exe
  C:\Windows\System\NRzosGi.exe
  2⤵
  PID:7192
- C:\Windows\System\rHRPHMp.exe
  C:\Windows\System\rHRPHMp.exe
  2⤵
  PID:7252
- C:\Windows\System\tvomwgi.exe
  C:\Windows\System\tvomwgi.exe
  2⤵
  PID:7224
- C:\Windows\System\inqXfkq.exe
  C:\Windows\System\inqXfkq.exe
  2⤵
  PID:7316
- C:\Windows\System\HKYGeNg.exe
  C:\Windows\System\HKYGeNg.exe
  2⤵
  PID:7320
- C:\Windows\System\vJYBAck.exe
  C:\Windows\System\vJYBAck.exe
  2⤵
  PID:7352
- C:\Windows\System\WpiFzTG.exe
  C:\Windows\System\WpiFzTG.exe
  2⤵
  PID:7176
- C:\Windows\System\EcFNVGf.exe
  C:\Windows\System\EcFNVGf.exe
  2⤵
  PID:7384
- C:\Windows\System\wbZSkCG.exe
  C:\Windows\System\wbZSkCG.exe
  2⤵
  PID:7444
- C:\Windows\System\xBBWStO.exe
  C:\Windows\System\xBBWStO.exe
  2⤵
  PID:7508
- C:\Windows\System\yMsMBkK.exe
  C:\Windows\System\yMsMBkK.exe
  2⤵
  PID:7572
- C:\Windows\System\vqTuyRJ.exe
  C:\Windows\System\vqTuyRJ.exe
  2⤵
  PID:7272
- C:\Windows\System\cPhqHun.exe
  C:\Windows\System\cPhqHun.exe
  2⤵
  PID:7336
- C:\Windows\System\SwUrbuO.exe
  C:\Windows\System\SwUrbuO.exe
  2⤵
  PID:7428
- C:\Windows\System\BvGPefD.exe
  C:\Windows\System\BvGPefD.exe
  2⤵
  PID:7528
- C:\Windows\System\KoIOISA.exe
  C:\Windows\System\KoIOISA.exe
  2⤵
  PID:7672
- C:\Windows\System\NCaLJom.exe
  C:\Windows\System\NCaLJom.exe
  2⤵
  PID:7700
- C:\Windows\System\gjBMAbC.exe
  C:\Windows\System\gjBMAbC.exe
  2⤵
  PID:7736
- C:\Windows\System\BCfamFQ.exe
  C:\Windows\System\BCfamFQ.exe
  2⤵
  PID:7716
- C:\Windows\System\nKcAuuC.exe
  C:\Windows\System\nKcAuuC.exe
  2⤵
  PID:7796
- C:\Windows\System\WzUFbMU.exe
  C:\Windows\System\WzUFbMU.exe
  2⤵
  PID:7828
- C:\Windows\System\ufuuRoD.exe
  C:\Windows\System\ufuuRoD.exe
  2⤵
  PID:7816
- C:\Windows\System\wMUTqiH.exe
  C:\Windows\System\wMUTqiH.exe
  2⤵
  PID:6360
- C:\Windows\System\jOHUZyx.exe
  C:\Windows\System\jOHUZyx.exe
  2⤵
  PID:6252
- C:\Windows\System\djZaWNJ.exe
  C:\Windows\System\djZaWNJ.exe
  2⤵
  PID:7940
- C:\Windows\System\laiyIMi.exe
  C:\Windows\System\laiyIMi.exe
  2⤵
  PID:7968
- C:\Windows\System\rmNiVjP.exe
  C:\Windows\System\rmNiVjP.exe
  2⤵
  PID:8064
- C:\Windows\System\sldwBLG.exe
  C:\Windows\System\sldwBLG.exe
  2⤵
  PID:7956
- C:\Windows\System\zubzksW.exe
  C:\Windows\System\zubzksW.exe
  2⤵
  PID:8048
- C:\Windows\System\qYtwSFp.exe
  C:\Windows\System\qYtwSFp.exe
  2⤵
  PID:8088
- C:\Windows\System\srRLduY.exe
  C:\Windows\System\srRLduY.exe
  2⤵
  PID:8104
- C:\Windows\System\aReExFP.exe
  C:\Windows\System\aReExFP.exe
  2⤵
  PID:8136
- C:\Windows\System\yqennQI.exe
  C:\Windows\System\yqennQI.exe
  2⤵
  PID:8144
- C:\Windows\System\ZbpVxqP.exe
  C:\Windows\System\ZbpVxqP.exe
  2⤵
  PID:8156
- C:\Windows\System\FddwDOE.exe
  C:\Windows\System\FddwDOE.exe
  2⤵
  PID:8184
- C:\Windows\System\wMYAkHM.exe
  C:\Windows\System\wMYAkHM.exe
  2⤵
  PID:7188
- C:\Windows\System\iCiJQhC.exe
  C:\Windows\System\iCiJQhC.exe
  2⤵
  PID:7208
- C:\Windows\System\GIMgCyN.exe
  C:\Windows\System\GIMgCyN.exe
  2⤵
  PID:7172
- C:\Windows\System\bXVGCYf.exe
  C:\Windows\System\bXVGCYf.exe
  2⤵
  PID:7288
- C:\Windows\System\wrotmiF.exe
  C:\Windows\System\wrotmiF.exe
  2⤵
  PID:7476
- C:\Windows\System\DkiNplG.exe
  C:\Windows\System\DkiNplG.exe
  2⤵
  PID:6188
- C:\Windows\System\sEDFuUt.exe
  C:\Windows\System\sEDFuUt.exe
  2⤵
  PID:7608
- C:\Windows\System\wjenHyK.exe
  C:\Windows\System\wjenHyK.exe
  2⤵
  PID:7592
- C:\Windows\System\YTGIedo.exe
  C:\Windows\System\YTGIedo.exe
  2⤵
  PID:7396
- C:\Windows\System\rZSjDlv.exe
  C:\Windows\System\rZSjDlv.exe
  2⤵
  PID:7656
- C:\Windows\System\xajptXr.exe
  C:\Windows\System\xajptXr.exe
  2⤵
  PID:7832
- C:\Windows\System\QaJYZaD.exe
  C:\Windows\System\QaJYZaD.exe
  2⤵
  PID:7464
- C:\Windows\System\LFfUFcD.exe
  C:\Windows\System\LFfUFcD.exe
  2⤵
  PID:7800
- C:\Windows\System\nqjvdOn.exe
  C:\Windows\System\nqjvdOn.exe
  2⤵
  PID:8100
- C:\Windows\System\QYcRkVB.exe
  C:\Windows\System\QYcRkVB.exe
  2⤵
  PID:7684
- C:\Windows\System\tZdGDHx.exe
  C:\Windows\System\tZdGDHx.exe
  2⤵
  PID:7844
- C:\Windows\System\RGTHXvL.exe
  C:\Windows\System\RGTHXvL.exe
  2⤵
  PID:7876
- C:\Windows\System\etoVOdm.exe
  C:\Windows\System\etoVOdm.exe
  2⤵
  PID:8016
- C:\Windows\System\nXzHRPQ.exe
  C:\Windows\System\nXzHRPQ.exe
  2⤵
  PID:8140
- C:\Windows\System\WdTKKda.exe
  C:\Windows\System\WdTKKda.exe
  2⤵
  PID:8176
- C:\Windows\System\RiIbwHD.exe
  C:\Windows\System\RiIbwHD.exe
  2⤵
  PID:8180
- C:\Windows\System\FyesEER.exe
  C:\Windows\System\FyesEER.exe
  2⤵
  PID:7076
- C:\Windows\System\IfOPRhK.exe
  C:\Windows\System\IfOPRhK.exe
  2⤵
  PID:1016
- C:\Windows\System\YrrsLuU.exe
  C:\Windows\System\YrrsLuU.exe
  2⤵
  PID:7748
- C:\Windows\System\uFkrbFa.exe
  C:\Windows\System\uFkrbFa.exe
  2⤵
  PID:7492
- C:\Windows\System\MhYROAZ.exe
  C:\Windows\System\MhYROAZ.exe
  2⤵
  PID:7460
- C:\Windows\System\ZeAvJmx.exe
  C:\Windows\System\ZeAvJmx.exe
  2⤵
  PID:7972
- C:\Windows\System\xIIYquD.exe
  C:\Windows\System\xIIYquD.exe
  2⤵
  PID:8080
- C:\Windows\System\MTvUhTe.exe
  C:\Windows\System\MTvUhTe.exe
  2⤵
  PID:7908
- C:\Windows\System\cNqqAgw.exe
  C:\Windows\System\cNqqAgw.exe
  2⤵
  PID:7952
- C:\Windows\System\dHlQJnq.exe
  C:\Windows\System\dHlQJnq.exe
  2⤵
  PID:7480
- C:\Windows\System\zmpzimU.exe
  C:\Windows\System\zmpzimU.exe
  2⤵
  PID:7332
- C:\Windows\System\yjFlRyF.exe
  C:\Windows\System\yjFlRyF.exe
  2⤵
  PID:2708
- C:\Windows\System\eYjFfSM.exe
  C:\Windows\System\eYjFfSM.exe
  2⤵
  PID:7540
- C:\Windows\System\ZUflkjm.exe
  C:\Windows\System\ZUflkjm.exe
  2⤵
  PID:8000
- C:\Windows\System\UfsUpWB.exe
  C:\Windows\System\UfsUpWB.exe
  2⤵
  PID:7236
- C:\Windows\System\JOZoUqV.exe
  C:\Windows\System\JOZoUqV.exe
  2⤵
  PID:6148
- C:\Windows\System\yXWMkYf.exe
  C:\Windows\System\yXWMkYf.exe
  2⤵
  PID:8152
- C:\Windows\System\fjdGrlI.exe
  C:\Windows\System\fjdGrlI.exe
  2⤵
  PID:7556
- C:\Windows\System\RWgANne.exe
  C:\Windows\System\RWgANne.exe
  2⤵
  PID:6912
- C:\Windows\System\ovlygWK.exe
  C:\Windows\System\ovlygWK.exe
  2⤵
  PID:8084
- C:\Windows\System\SAORqJT.exe
  C:\Windows\System\SAORqJT.exe
  2⤵
  PID:1584
- C:\Windows\System\rTcobKA.exe
  C:\Windows\System\rTcobKA.exe
  2⤵
  PID:8204
- C:\Windows\System\hhhbyMl.exe
  C:\Windows\System\hhhbyMl.exe
  2⤵
  PID:8220
- C:\Windows\System\JYLrhvr.exe
  C:\Windows\System\JYLrhvr.exe
  2⤵
  PID:8236
- C:\Windows\System\JDiZKKd.exe
  C:\Windows\System\JDiZKKd.exe
  2⤵
  PID:8252
- C:\Windows\System\zuOyDXn.exe
  C:\Windows\System\zuOyDXn.exe
  2⤵
  PID:8268
- C:\Windows\System\DiPuppC.exe
  C:\Windows\System\DiPuppC.exe
  2⤵
  PID:8288
- C:\Windows\System\RevUNCR.exe
  C:\Windows\System\RevUNCR.exe
  2⤵
  PID:8304
- C:\Windows\System\NruAoKv.exe
  C:\Windows\System\NruAoKv.exe
  2⤵
  PID:8320
- C:\Windows\System\ipOQQuX.exe
  C:\Windows\System\ipOQQuX.exe
  2⤵
  PID:8336
- C:\Windows\System\reLkaPr.exe
  C:\Windows\System\reLkaPr.exe
  2⤵
  PID:8352
- C:\Windows\System\CSUsayt.exe
  C:\Windows\System\CSUsayt.exe
  2⤵
  PID:8368
- C:\Windows\System\MgxzeJz.exe
  C:\Windows\System\MgxzeJz.exe
  2⤵
  PID:8384
- C:\Windows\System\qeQmZhL.exe
  C:\Windows\System\qeQmZhL.exe
  2⤵
  PID:8400
- C:\Windows\System\fOuhLDj.exe
  C:\Windows\System\fOuhLDj.exe
  2⤵
  PID:8428
- C:\Windows\System\umQyBfw.exe
  C:\Windows\System\umQyBfw.exe
  2⤵
  PID:8444
- C:\Windows\System\XnaIOyU.exe
  C:\Windows\System\XnaIOyU.exe
  2⤵
  PID:8460
- C:\Windows\System\pJaZgWd.exe
  C:\Windows\System\pJaZgWd.exe
  2⤵
  PID:8476
- C:\Windows\System\utuinWE.exe
  C:\Windows\System\utuinWE.exe
  2⤵
  PID:8492
- C:\Windows\System\HlcPZhJ.exe
  C:\Windows\System\HlcPZhJ.exe
  2⤵
  PID:8508
- C:\Windows\System\UqsqscC.exe
  C:\Windows\System\UqsqscC.exe
  2⤵
  PID:8532
- C:\Windows\System\qjnWfCC.exe
  C:\Windows\System\qjnWfCC.exe
  2⤵
  PID:8548
- C:\Windows\System\UrCkELP.exe
  C:\Windows\System\UrCkELP.exe
  2⤵
  PID:8564
- C:\Windows\System\QAFmuJG.exe
  C:\Windows\System\QAFmuJG.exe
  2⤵
  PID:8580
- C:\Windows\System\CCUaLxe.exe
  C:\Windows\System\CCUaLxe.exe
  2⤵
  PID:8596
- C:\Windows\System\PbxJanT.exe
  C:\Windows\System\PbxJanT.exe
  2⤵
  PID:8612
- C:\Windows\System\uKKPCVq.exe
  C:\Windows\System\uKKPCVq.exe
  2⤵
  PID:8628
- C:\Windows\System\GTBUbRl.exe
  C:\Windows\System\GTBUbRl.exe
  2⤵
  PID:8644
- C:\Windows\System\fYfjzjp.exe
  C:\Windows\System\fYfjzjp.exe
  2⤵
  PID:8664
- C:\Windows\System\nkCQlrz.exe
  C:\Windows\System\nkCQlrz.exe
  2⤵
  PID:8680
- C:\Windows\System\PJNXobV.exe
  C:\Windows\System\PJNXobV.exe
  2⤵
  PID:8696
- C:\Windows\System\ZqAdeRR.exe
  C:\Windows\System\ZqAdeRR.exe
  2⤵
  PID:8712
- C:\Windows\System\PJMWaQh.exe
  C:\Windows\System\PJMWaQh.exe
  2⤵
  PID:8728
- C:\Windows\System\UbbsQzn.exe
  C:\Windows\System\UbbsQzn.exe
  2⤵
  PID:8744
- C:\Windows\System\DLaQxEc.exe
  C:\Windows\System\DLaQxEc.exe
  2⤵
  PID:8760
- C:\Windows\System\NWgTDou.exe
  C:\Windows\System\NWgTDou.exe
  2⤵
  PID:8776
- C:\Windows\System\PfAtzBd.exe
  C:\Windows\System\PfAtzBd.exe
  2⤵
  PID:8792
- C:\Windows\System\xCSrmaY.exe
  C:\Windows\System\xCSrmaY.exe
  2⤵
  PID:8808
- C:\Windows\System\BHmpEHI.exe
  C:\Windows\System\BHmpEHI.exe
  2⤵
  PID:8824
- C:\Windows\System\lRfzNnY.exe
  C:\Windows\System\lRfzNnY.exe
  2⤵
  PID:8840
- C:\Windows\System\SSJWdht.exe
  C:\Windows\System\SSJWdht.exe
  2⤵
  PID:8856
- C:\Windows\System\vBKaRWo.exe
  C:\Windows\System\vBKaRWo.exe
  2⤵
  PID:8872
- C:\Windows\System\DPsJsgy.exe
  C:\Windows\System\DPsJsgy.exe
  2⤵
  PID:8888
- C:\Windows\System\NZyPwvU.exe
  C:\Windows\System\NZyPwvU.exe
  2⤵
  PID:8904
- C:\Windows\System\FxOfPgX.exe
  C:\Windows\System\FxOfPgX.exe
  2⤵
  PID:8920
- C:\Windows\System\aFMVAwn.exe
  C:\Windows\System\aFMVAwn.exe
  2⤵
  PID:8936
- C:\Windows\System\xnuQpsM.exe
  C:\Windows\System\xnuQpsM.exe
  2⤵
  PID:8952
- C:\Windows\System\hjqHRcl.exe
  C:\Windows\System\hjqHRcl.exe
  2⤵
  PID:8968
- C:\Windows\System\nWUmgap.exe
  C:\Windows\System\nWUmgap.exe
  2⤵
  PID:8988
- C:\Windows\System\OWJfKKV.exe
  C:\Windows\System\OWJfKKV.exe
  2⤵
  PID:9008
- C:\Windows\System\ixKrYfp.exe
  C:\Windows\System\ixKrYfp.exe
  2⤵
  PID:9024
- C:\Windows\System\FovsttA.exe
  C:\Windows\System\FovsttA.exe
  2⤵
  PID:9044
- C:\Windows\System\mWuuRcR.exe
  C:\Windows\System\mWuuRcR.exe
  2⤵
  PID:9060
- C:\Windows\System\dHpuGjL.exe
  C:\Windows\System\dHpuGjL.exe
  2⤵
  PID:9076
- C:\Windows\System\dnibiew.exe
  C:\Windows\System\dnibiew.exe
  2⤵
  PID:9092
- C:\Windows\System\RvHgnJV.exe
  C:\Windows\System\RvHgnJV.exe
  2⤵
  PID:9108
- C:\Windows\System\bqtgwIw.exe
  C:\Windows\System\bqtgwIw.exe
  2⤵
  PID:9124
- C:\Windows\System\qbyENqn.exe
  C:\Windows\System\qbyENqn.exe
  2⤵
  PID:9140
- C:\Windows\System\MPQHXlk.exe
  C:\Windows\System\MPQHXlk.exe
  2⤵
  PID:9156
- C:\Windows\System\xdJGQZS.exe
  C:\Windows\System\xdJGQZS.exe
  2⤵
  PID:9176
- C:\Windows\System\pRPdJRL.exe
  C:\Windows\System\pRPdJRL.exe
  2⤵
  PID:9192
- C:\Windows\System\SIjuEGG.exe
  C:\Windows\System\SIjuEGG.exe
  2⤵
  PID:9208
- C:\Windows\System\pxdFXaU.exe
  C:\Windows\System\pxdFXaU.exe
  2⤵
  PID:8036
- C:\Windows\System\HPyOVRY.exe
  C:\Windows\System\HPyOVRY.exe
  2⤵
  PID:8228
- C:\Windows\System\JnpnhcX.exe
  C:\Windows\System\JnpnhcX.exe
  2⤵
  PID:7752
- C:\Windows\System\wTcDhBs.exe
  C:\Windows\System\wTcDhBs.exe
  2⤵
  PID:8244
- C:\Windows\System\GJrzBDc.exe
  C:\Windows\System\GJrzBDc.exe
  2⤵
  PID:8332
- C:\Windows\System\DGjTvUa.exe
  C:\Windows\System\DGjTvUa.exe
  2⤵
  PID:8392
- C:\Windows\System\dFqZdmC.exe
  C:\Windows\System\dFqZdmC.exe
  2⤵
  PID:8380
- C:\Windows\System\LkFBpFw.exe
  C:\Windows\System\LkFBpFw.exe
  2⤵
  PID:8440
- C:\Windows\System\QGAQNEO.exe
  C:\Windows\System\QGAQNEO.exe
  2⤵
  PID:8312
- C:\Windows\System\rFcQviJ.exe
  C:\Windows\System\rFcQviJ.exe
  2⤵
  PID:8412
- C:\Windows\System\dKyotYu.exe
  C:\Windows\System\dKyotYu.exe
  2⤵
  PID:8488
- C:\Windows\System\XkjURqf.exe
  C:\Windows\System\XkjURqf.exe
  2⤵
  PID:8516
- C:\Windows\System\tCkBxhf.exe
  C:\Windows\System\tCkBxhf.exe
  2⤵
  PID:8576
- C:\Windows\System\IfSvtKT.exe
  C:\Windows\System\IfSvtKT.exe
  2⤵
  PID:8640
- C:\Windows\System\uCBmvdi.exe
  C:\Windows\System\uCBmvdi.exe
  2⤵
  PID:8672
- C:\Windows\System\NMeHuON.exe
  C:\Windows\System\NMeHuON.exe
  2⤵
  PID:8704
- C:\Windows\System\EiXSaZu.exe
  C:\Windows\System\EiXSaZu.exe
  2⤵
  PID:8692
- C:\Windows\System\WxWAEkn.exe
  C:\Windows\System\WxWAEkn.exe
  2⤵
  PID:8556
- C:\Windows\System\IkPisYz.exe
  C:\Windows\System\IkPisYz.exe
  2⤵
  PID:8720
- C:\Windows\System\oIoIIur.exe
  C:\Windows\System\oIoIIur.exe
  2⤵
  PID:8724
- C:\Windows\System\SDhYFwZ.exe
  C:\Windows\System\SDhYFwZ.exe
  2⤵
  PID:8772
- C:\Windows\System\UuSAGzS.exe
  C:\Windows\System\UuSAGzS.exe
  2⤵
  PID:8932
- C:\Windows\System\LUOPeeG.exe
  C:\Windows\System\LUOPeeG.exe
  2⤵
  PID:8960
- C:\Windows\System\JCnEzHB.exe
  C:\Windows\System\JCnEzHB.exe
  2⤵
  PID:8784
- C:\Windows\System\geUHPzR.exe
  C:\Windows\System\geUHPzR.exe
  2⤵
  PID:8852
- C:\Windows\System\RUklzVc.exe
  C:\Windows\System\RUklzVc.exe
  2⤵
  PID:8912
- C:\Windows\System\UZBjKtT.exe
  C:\Windows\System\UZBjKtT.exe
  2⤵
  PID:9000
- C:\Windows\System\lTSRBIr.exe
  C:\Windows\System\lTSRBIr.exe
  2⤵
  PID:8984
- C:\Windows\System\TMucNbO.exe
  C:\Windows\System\TMucNbO.exe
  2⤵
  PID:9068
- C:\Windows\System\kxiUCYX.exe
  C:\Windows\System\kxiUCYX.exe
  2⤵
  PID:9164
- C:\Windows\System\bcgyrHu.exe
  C:\Windows\System\bcgyrHu.exe
  2⤵
  PID:9052
- C:\Windows\System\vKIyDWl.exe
  C:\Windows\System\vKIyDWl.exe
  2⤵
  PID:9148
- C:\Windows\System\uRQGDEf.exe
  C:\Windows\System\uRQGDEf.exe
  2⤵
  PID:8216
- C:\Windows\System\dwtLqif.exe
  C:\Windows\System\dwtLqif.exe
  2⤵
  PID:9084
- C:\Windows\System\FAdctkA.exe
  C:\Windows\System\FAdctkA.exe
  2⤵
  PID:8472
- C:\Windows\System\rCfSAFg.exe
  C:\Windows\System\rCfSAFg.exe
  2⤵
  PID:8376
- C:\Windows\System\TfpEojp.exe
  C:\Windows\System\TfpEojp.exe
  2⤵
  PID:9184
- C:\Windows\System\qFycaqz.exe
  C:\Windows\System\qFycaqz.exe
  2⤵
  PID:8636
- C:\Windows\System\iuXyKfm.exe
  C:\Windows\System\iuXyKfm.exe
  2⤵
  PID:2248
- C:\Windows\System\RcOiooT.exe
  C:\Windows\System\RcOiooT.exe
  2⤵
  PID:8452
- C:\Windows\System\UnLWUCR.exe
  C:\Windows\System\UnLWUCR.exe
  2⤵
  PID:8528
- C:\Windows\System\DYeXfQi.exe
  C:\Windows\System\DYeXfQi.exe
  2⤵
  PID:8768
- C:\Windows\System\HrJAHmJ.exe
  C:\Windows\System\HrJAHmJ.exe
  2⤵
  PID:8928
- C:\Windows\System\kMhDTgj.exe
  C:\Windows\System\kMhDTgj.exe
  2⤵
  PID:8944
- C:\Windows\System\hepYNxr.exe
  C:\Windows\System\hepYNxr.exe
  2⤵
  PID:9200
- C:\Windows\System\lxIURDM.exe
  C:\Windows\System\lxIURDM.exe
  2⤵
  PID:8520
- C:\Windows\System\RaXVDfU.exe
  C:\Windows\System\RaXVDfU.exe
  2⤵
  PID:8864
- C:\Windows\System\eddrWHJ.exe
  C:\Windows\System\eddrWHJ.exe
  2⤵
  PID:8848
- C:\Windows\System\EcVOZQG.exe
  C:\Windows\System\EcVOZQG.exe
  2⤵
  PID:8836
- C:\Windows\System\WdffWjs.exe
  C:\Windows\System\WdffWjs.exe
  2⤵
  PID:8820
- C:\Windows\System\vCOMeZF.exe
  C:\Windows\System\vCOMeZF.exe
  2⤵
  PID:8980
- C:\Windows\System\vLrZYVt.exe
  C:\Windows\System\vLrZYVt.exe
  2⤵
  PID:9172
- C:\Windows\System\xqnKGxp.exe
  C:\Windows\System\xqnKGxp.exe
  2⤵
  PID:8360
- C:\Windows\System\uNfrEBc.exe
  C:\Windows\System\uNfrEBc.exe
  2⤵
  PID:8260
- C:\Windows\System\ZwnhIsM.exe
  C:\Windows\System\ZwnhIsM.exe
  2⤵
  PID:8484
- C:\Windows\System\bZbDLEZ.exe
  C:\Windows\System\bZbDLEZ.exe
  2⤵
  PID:8196
- C:\Windows\System\eQFsvas.exe
  C:\Windows\System\eQFsvas.exe
  2⤵
  PID:8588
- C:\Windows\System\BWXDoGV.exe
  C:\Windows\System\BWXDoGV.exe
  2⤵
  PID:9104
- C:\Windows\System\eTFPtwp.exe
  C:\Windows\System\eTFPtwp.exe
  2⤵
  PID:8608
- C:\Windows\System\PkJhAkP.exe
  C:\Windows\System\PkJhAkP.exe
  2⤵
  PID:8436
- C:\Windows\System\CLHiAuA.exe
  C:\Windows\System\CLHiAuA.exe
  2⤵
  PID:8128
- C:\Windows\System\dpWWqvJ.exe
  C:\Windows\System\dpWWqvJ.exe
  2⤵
  PID:9040
- C:\Windows\System\qkpzwZK.exe
  C:\Windows\System\qkpzwZK.exe
  2⤵
  PID:8756
- C:\Windows\System\IAYmwEJ.exe
  C:\Windows\System\IAYmwEJ.exe
  2⤵
  PID:8200
- C:\Windows\System\bBzhjEx.exe
  C:\Windows\System\bBzhjEx.exe
  2⤵
  PID:9228
- C:\Windows\System\DPaOHhG.exe
  C:\Windows\System\DPaOHhG.exe
  2⤵
  PID:9248
- C:\Windows\System\tynuwBY.exe
  C:\Windows\System\tynuwBY.exe
  2⤵
  PID:9264
- C:\Windows\System\ZFBHgrD.exe
  C:\Windows\System\ZFBHgrD.exe
  2⤵
  PID:9288
- C:\Windows\System\tgjjAqT.exe
  C:\Windows\System\tgjjAqT.exe
  2⤵
  PID:9308
- C:\Windows\System\YVDlPpr.exe
  C:\Windows\System\YVDlPpr.exe
  2⤵
  PID:9328
- C:\Windows\System\wEvnRKW.exe
  C:\Windows\System\wEvnRKW.exe
  2⤵
  PID:9344
- C:\Windows\System\xCebWvy.exe
  C:\Windows\System\xCebWvy.exe
  2⤵
  PID:9364
- C:\Windows\System\FIysjrx.exe
  C:\Windows\System\FIysjrx.exe
  2⤵
  PID:9380
- C:\Windows\System\QfMAJYt.exe
  C:\Windows\System\QfMAJYt.exe
  2⤵
  PID:9396
- C:\Windows\System\nhZHNfW.exe
  C:\Windows\System\nhZHNfW.exe
  2⤵
  PID:9416
- C:\Windows\System\qjdPQid.exe
  C:\Windows\System\qjdPQid.exe
  2⤵
  PID:9432
- C:\Windows\System\sCIWMEx.exe
  C:\Windows\System\sCIWMEx.exe
  2⤵
  PID:9448
- C:\Windows\System\lSEDVVs.exe
  C:\Windows\System\lSEDVVs.exe
  2⤵
  PID:9464
- C:\Windows\System\QRmnKHp.exe
  C:\Windows\System\QRmnKHp.exe
  2⤵
  PID:9480
- C:\Windows\System\RuNrysr.exe
  C:\Windows\System\RuNrysr.exe
  2⤵
  PID:9496
- C:\Windows\System\fsBOnbb.exe
  C:\Windows\System\fsBOnbb.exe
  2⤵
  PID:9512
- C:\Windows\System\kAamTqG.exe
  C:\Windows\System\kAamTqG.exe
  2⤵
  PID:9528
- C:\Windows\System\DTuwSEa.exe
  C:\Windows\System\DTuwSEa.exe
  2⤵
  PID:9544
- C:\Windows\System\nAOSqMj.exe
  C:\Windows\System\nAOSqMj.exe
  2⤵
  PID:9560
- C:\Windows\System\fTTPnHH.exe
  C:\Windows\System\fTTPnHH.exe
  2⤵
  PID:9576
- C:\Windows\System\ghsclFK.exe
  C:\Windows\System\ghsclFK.exe
  2⤵
  PID:9604
- C:\Windows\System\VipTtzg.exe
  C:\Windows\System\VipTtzg.exe
  2⤵
  PID:9620
- C:\Windows\System\usrFYEp.exe
  C:\Windows\System\usrFYEp.exe
  2⤵
  PID:9640
- C:\Windows\System\XmrsXvh.exe
  C:\Windows\System\XmrsXvh.exe
  2⤵
  PID:9668
- C:\Windows\System\YrhUIiG.exe
  C:\Windows\System\YrhUIiG.exe
  2⤵
  PID:9692
- C:\Windows\System\TfFgczI.exe
  C:\Windows\System\TfFgczI.exe
  2⤵
  PID:9716
- C:\Windows\System\FFIftHC.exe
  C:\Windows\System\FFIftHC.exe
  2⤵
  PID:9744
- C:\Windows\System\lpMRUXy.exe
  C:\Windows\System\lpMRUXy.exe
  2⤵
  PID:9780
- C:\Windows\System\yzDnfRA.exe
  C:\Windows\System\yzDnfRA.exe
  2⤵
  PID:9800
- C:\Windows\System\fVXARSe.exe
  C:\Windows\System\fVXARSe.exe
  2⤵
  PID:9820
- C:\Windows\System\hEIceDp.exe
  C:\Windows\System\hEIceDp.exe
  2⤵
  PID:9848
- C:\Windows\System\JyQbDXD.exe
  C:\Windows\System\JyQbDXD.exe
  2⤵
  PID:9864
- C:\Windows\System\NEMSNZd.exe
  C:\Windows\System\NEMSNZd.exe
  2⤵
  PID:9884
- C:\Windows\System\dyMrHxn.exe
  C:\Windows\System\dyMrHxn.exe
  2⤵
  PID:9900
- C:\Windows\System\VyFiqfZ.exe
  C:\Windows\System\VyFiqfZ.exe
  2⤵
  PID:9916
- C:\Windows\System\NKSQuIL.exe
  C:\Windows\System\NKSQuIL.exe
  2⤵
  PID:9940
- C:\Windows\System\wItzmIM.exe
  C:\Windows\System\wItzmIM.exe
  2⤵
  PID:9972
- C:\Windows\System\pWyGokh.exe
  C:\Windows\System\pWyGokh.exe
  2⤵
  PID:9996
- C:\Windows\System\JBdpdPM.exe
  C:\Windows\System\JBdpdPM.exe
  2⤵
  PID:10020
- C:\Windows\System\PDZBYIl.exe
  C:\Windows\System\PDZBYIl.exe
  2⤵
  PID:10048
- C:\Windows\System\aZnnlKB.exe
  C:\Windows\System\aZnnlKB.exe
  2⤵
  PID:10076
- C:\Windows\System\WnvJRcO.exe
  C:\Windows\System\WnvJRcO.exe
  2⤵
  PID:10100
- C:\Windows\System\vlOHTRZ.exe
  C:\Windows\System\vlOHTRZ.exe
  2⤵
  PID:10124
- C:\Windows\System\lrkXqmU.exe
  C:\Windows\System\lrkXqmU.exe
  2⤵
  PID:10140
- C:\Windows\System\BOSUctv.exe
  C:\Windows\System\BOSUctv.exe
  2⤵
  PID:9476
- C:\Windows\System\BYMKJhg.exe
  C:\Windows\System\BYMKJhg.exe
  2⤵
  PID:9752
- C:\Windows\System\vYcmJII.exe
  C:\Windows\System\vYcmJII.exe
  2⤵
  PID:9932
- C:\Windows\System\wWFCTTj.exe
  C:\Windows\System\wWFCTTj.exe
  2⤵
  PID:10212
- C:\Windows\System\ENHUbIj.exe
  C:\Windows\System\ENHUbIj.exe
  2⤵
  PID:10188
- C:\Windows\System\RpbpsJL.exe
  C:\Windows\System\RpbpsJL.exe
  2⤵
  PID:10168
- C:\Windows\System\UOdmFEH.exe
  C:\Windows\System\UOdmFEH.exe
  2⤵
  PID:10176
- C:\Windows\System\pmeFgRl.exe
  C:\Windows\System\pmeFgRl.exe
  2⤵
  PID:8280
- C:\Windows\System\KQgTUdP.exe
  C:\Windows\System\KQgTUdP.exe
  2⤵
  PID:8544
- C:\Windows\System\qnMGdrG.exe
  C:\Windows\System\qnMGdrG.exe
  2⤵
  PID:9280
- C:\Windows\System\SXftXTD.exe
  C:\Windows\System\SXftXTD.exe
  2⤵
  PID:9240
- C:\Windows\System\emrEnNJ.exe
  C:\Windows\System\emrEnNJ.exe
  2⤵
  PID:9284
- C:\Windows\System\jdqKgrC.exe
  C:\Windows\System\jdqKgrC.exe
  2⤵
  PID:9352
- C:\Windows\System\CvUHlsH.exe
  C:\Windows\System\CvUHlsH.exe
  2⤵
  PID:9300
- C:\Windows\System\MuVTlBl.exe
  C:\Windows\System\MuVTlBl.exe
  2⤵
  PID:9772
- C:\Windows\System\lSRBpsV.exe
  C:\Windows\System\lSRBpsV.exe
  2⤵
  PID:9828
- C:\Windows\System\ECYkFwv.exe
  C:\Windows\System\ECYkFwv.exe
  2⤵
  PID:9912
- C:\Windows\System\AQAsocf.exe
  C:\Windows\System\AQAsocf.exe
  2⤵
  PID:9968
- C:\Windows\System\GfgfwnR.exe
  C:\Windows\System\GfgfwnR.exe
  2⤵
  PID:9984
- C:\Windows\System\ijlTgRw.exe
  C:\Windows\System\ijlTgRw.exe
  2⤵
  PID:9924
- C:\Windows\System\hZRGweF.exe
  C:\Windows\System\hZRGweF.exe
  2⤵
  PID:9256
- C:\Windows\System\ngvgemp.exe
  C:\Windows\System\ngvgemp.exe
  2⤵
  PID:9776
- C:\Windows\System\FHqickN.exe
  C:\Windows\System\FHqickN.exe
  2⤵
  PID:9956
- C:\Windows\System\GbKrbjH.exe
  C:\Windows\System\GbKrbjH.exe
  2⤵
  PID:9816
- C:\Windows\System\VhkRUYi.exe
  C:\Windows\System\VhkRUYi.exe
  2⤵
  PID:9988
- C:\Windows\System\mgUPbsM.exe
  C:\Windows\System\mgUPbsM.exe
  2⤵
  PID:10088
- C:\Windows\System\tiXeovd.exe
  C:\Windows\System\tiXeovd.exe
  2⤵
  PID:10172
- C:\Windows\System\mLYmzpu.exe
  C:\Windows\System\mLYmzpu.exe
  2⤵
  PID:10192
- C:\Windows\System\CwrMnfO.exe
  C:\Windows\System\CwrMnfO.exe
  2⤵
  PID:10180
- C:\Windows\System\LiTatYz.exe
  C:\Windows\System\LiTatYz.exe
  2⤵
  PID:9016
- C:\Windows\System\KtvPgFi.exe
  C:\Windows\System\KtvPgFi.exe
  2⤵
  PID:8624
- C:\Windows\System\UgKYjUW.exe
  C:\Windows\System\UgKYjUW.exe
  2⤵
  PID:9404
- C:\Windows\System\jVLKvvk.exe
  C:\Windows\System\jVLKvvk.exe
  2⤵
  PID:9508
- C:\Windows\System\JNgyfNW.exe
  C:\Windows\System\JNgyfNW.exe
  2⤵
  PID:9536
- C:\Windows\System\gDoPCoq.exe
  C:\Windows\System\gDoPCoq.exe
  2⤵
  PID:9556
- C:\Windows\System\OiTjJwf.exe
  C:\Windows\System\OiTjJwf.exe
  2⤵
  PID:9596
- C:\Windows\System\fjVYWdK.exe
  C:\Windows\System\fjVYWdK.exe
  2⤵
  PID:9572
- C:\Windows\System\geEhDNt.exe
  C:\Windows\System\geEhDNt.exe
  2⤵
  PID:9568
- C:\Windows\System\lJYldbf.exe
  C:\Windows\System\lJYldbf.exe
  2⤵
  PID:9736
- C:\Windows\System\easalTx.exe
  C:\Windows\System\easalTx.exe
  2⤵
  PID:9540
- C:\Windows\System\cooZmPw.exe
  C:\Windows\System\cooZmPw.exe
  2⤵
  PID:9616
- C:\Windows\System\WisBXsB.exe
  C:\Windows\System\WisBXsB.exe
  2⤵
  PID:9708
- C:\Windows\System\IhxXIvS.exe
  C:\Windows\System\IhxXIvS.exe
  2⤵
  PID:9836
- C:\Windows\System\tHqqVhE.exe
  C:\Windows\System\tHqqVhE.exe
  2⤵
  PID:9840
- C:\Windows\System\ZoxvMEy.exe
  C:\Windows\System\ZoxvMEy.exe
  2⤵
  PID:10060
- C:\Windows\System\MVDOOSa.exe
  C:\Windows\System\MVDOOSa.exe
  2⤵
  PID:10084
- C:\Windows\System\mPqrWGv.exe
  C:\Windows\System\mPqrWGv.exe
  2⤵
  PID:9928
- C:\Windows\System\NitbjnT.exe
  C:\Windows\System\NitbjnT.exe
  2⤵
  PID:9980
- C:\Windows\System\fnRohSP.exe
  C:\Windows\System\fnRohSP.exe
  2⤵
  PID:10116
- C:\Windows\System\CgOwshR.exe
  C:\Windows\System\CgOwshR.exe
  2⤵
  PID:9388
- C:\Windows\System\whrXUlh.exe
  C:\Windows\System\whrXUlh.exe
  2⤵
  PID:10036
- C:\Windows\System\XcNVhmB.exe
  C:\Windows\System\XcNVhmB.exe
  2⤵
  PID:10224
- C:\Windows\System\QQlkbAM.exe
  C:\Windows\System\QQlkbAM.exe
  2⤵
  PID:8424
- C:\Windows\System\agOWdXv.exe
  C:\Windows\System\agOWdXv.exe
  2⤵
  PID:9272
- C:\Windows\System\voqAuIk.exe
  C:\Windows\System\voqAuIk.exe
  2⤵
  PID:9316
- C:\Windows\System\UMagRtp.exe
  C:\Windows\System\UMagRtp.exe
  2⤵
  PID:2212
- C:\Windows\System\xFpMAFH.exe
  C:\Windows\System\xFpMAFH.exe
  2⤵
  PID:9552
- C:\Windows\System\sbGTGET.exe
  C:\Windows\System\sbGTGET.exe
  2⤵
  PID:9584
- C:\Windows\System\AFDbePp.exe
  C:\Windows\System\AFDbePp.exe
  2⤵
  PID:9676
- C:\Windows\System\hcbvvdw.exe
  C:\Windows\System\hcbvvdw.exe
  2⤵
  PID:9612
- C:\Windows\System\DeLDaqd.exe
  C:\Windows\System\DeLDaqd.exe
  2⤵
  PID:9948
- C:\Windows\System\SKYPLTH.exe
  C:\Windows\System\SKYPLTH.exe
  2⤵
  PID:10072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\GvqDzXF.exe

Filesize
6.0MB

MD5
c173ac700cf621461bfb29123147b26f

SHA1
4c933da2adb9815fe47894289b30cd237468addc

SHA256
c3df9fa14c4088bbfce90e9ca2d3148832c30e8b0692ed81580bc9b838174709

SHA512
22473d5d0dc122d79478c339487c038d6a44fec894dc974d8cde25258f4d9f2b5a9dd37573855439a1204249f301abfb682bc3f5f86c55e139faf86b7aba3778

Download Submit
C:\Windows\system\HwbzqQi.exe

Filesize
6.0MB

MD5
8b7022a96f306b7644a874ce394e6ddf

SHA1
127fa6630d7ea1a907055a5cfb0ee825934bd020

SHA256
d9367fa5af4dbb86b85c9bfba86898c4eddfe62f1e27424d4d613108b683b75e

SHA512
56236fea2f6dc61fb583f2bffc21e4f583bf1e565744d81831a895ee7880610802d7d70c76e49d6f82bfdd223b573b5977e3510d5cc1a433b50a440fe489bbf6

Download Submit
C:\Windows\system\LPmhKxt.exe

Filesize
6.0MB

MD5
85679c3c8724011b55b20fb3cbf61f62

SHA1
8d8b30ec31530b2b42b16830adebcd4bc4332560

SHA256
b7bf515a03c6ab11410f52ab9ed83a8140e6a7d798d7de1e4d2ee4de41bde52c

SHA512
68362383e6b721adb8eda2584bb788723dff51b79a383ea077fe31a193fd923d81648dda15ef823aba8a225bb49021069dff73f1aedef5c4fd75cc7444f8c169

Download Submit
C:\Windows\system\MZknNUY.exe

Filesize
6.0MB

MD5
894c23eaad5914282ea8f77365abff2c

SHA1
4e5bff6b936f6589d2be5fcbf8d0a032c522a13a

SHA256
7f187cb006ac55faf2567ce8bda782320eda190517fc0ae0ba4a1cc595f1eff4

SHA512
54419ab760155ed40538a761756d53e83471615c39f0a2a4f110d2ac4de44bf4799937efb6afa90935977bfd2dec2af8732a45a0033ddadee576e04478b96a61

Download Submit
C:\Windows\system\NORYqTM.exe

Filesize
6.0MB

MD5
e31d32b00b6e620ccc8791e50e520973

SHA1
e0abee6f09648ea2154d4505bf53ecc363a0ae2e

SHA256
25aa7786d884dd235dfa4776f04d345112f8839bf151512eb05a24fcd185840f

SHA512
0ea632d49f60be14ae4c9a75cd7cfaacefe6c61fdfe4a8b44a401daf321a36d8849ce4e1d18fe8b83e3786c9b3e7fcbf3ed0a256359c94ea44ec89c70fdfd502

Download Submit
C:\Windows\system\NqQYHqZ.exe

Filesize
6.0MB

MD5
b9d62fb62ac6db770987dde9f9984a3a

SHA1
0357f1e8c33044e0fea0dc66f0f1ca6b4df15394

SHA256
abd028c145dc57a3175c36e96056cb14754e1b4affc665227733e6a16878a2df

SHA512
ce9102f25e3414f028c9454c2442a0d20ce66128a7bdf563978e0ab9809856bd840872c624acae10d5f68ff6eaf949d1f2e5d09d37a2e43176cfa73da219db97

Download Submit
C:\Windows\system\PPtfpBe.exe

Filesize
6.0MB

MD5
f2cf22ad0d6090b3ab2c6775aa3cebd4

SHA1
59e5520721df68d460a34c82911681b1942275be

SHA256
8ba79de0bc73f132fee85e530c45c604794bca4bc58fd487e5db03c219274e9e

SHA512
966f502ef35c477e57515912c07a34134c2b97d7ad794946b4d0315d2e50ce0995fcf75e6e2c799d0ec86dbcbf085276c39a46b96bc859346b5a56f8490f09ee

Download Submit
C:\Windows\system\PiFxNYO.exe

Filesize
6.0MB

MD5
8750b83279fe102498d05c6556dfd599

SHA1
b1269b9bcadc6c0cc7f1bb8a0be4847392d663eb

SHA256
9dacac3beb2813c079ca9472b10f5b07faf24e85d3b0c88f7da9b528f995a5f2

SHA512
571a8353de383e9ae55465198a4a448a70111055267ae53387264499da04fad19011f611d590cd6f307e45e21692dcbc801ea906f7a239cbbeade7ec7e14e459

Download Submit
C:\Windows\system\QLOvLIC.exe

Filesize
6.0MB

MD5
4e52d2845dcab0bc70504b05d7c1a861

SHA1
d96305f865024411c7b824c68412debb0618b522

SHA256
686b71418d1c08843c93569959d8437980cc3f7504cc18e32c7f6943e3f7220c

SHA512
29310c25fe64ce1dee86268dd31a797b8bbc8600a7cb2677355e8c1aa0028a19e06b77744b0ef3c3e0ad8029e6cfcc93783ec33975706deaf0b3d74386371809

Download Submit
C:\Windows\system\TcjXrai.exe

Filesize
6.0MB

MD5
7803f1cad38c29e5905ca233420b6f41

SHA1
04709e04b17f8d1af4e1c0809ccb46c11dc40cad

SHA256
2e97c4aec3acfb67ca9b373e94f50ba5a320724043e9d49fa0fc1bd574f3890b

SHA512
7fb83d7f057ac85c1dcd73e4dad661d7253b21a557e32346dbbf8722d0f4e0e27c7231eaaafe177ff72d418c09dc2a808a9ebe4a01149761123c83d4883b27cf

Download Submit
C:\Windows\system\VOVKcZP.exe

Filesize
6.0MB

MD5
af63c9ad22e375a613598bb3c29fbb7a

SHA1
fc18152e44d6785336bf7c28cd2d7b00556fc562

SHA256
11b5513a5adcc43ec9523fadfbf083e4e783843323c753ff80080efd6b6d2664

SHA512
da22e74e57654e491cc406a9bbbf98c88a8da4430433946b1bf680a5e4bccfb497f10a35b29f9c4ca9b420c69458f186acb1744c8a60b5f173b04e0a71528665

Download Submit
C:\Windows\system\bZnkdFw.exe

Filesize
6.0MB

MD5
61c4866f0279a373b9f95bc61facf05b

SHA1
f40ca9e6d5164c9ff7bec2d46bbec72c5d6c3821

SHA256
0caee82baf2e5dad20e2717d9685c2ab476f444cfb602d5464715361da70978c

SHA512
3dae2637871d0675db643b53ae7967b18e3755acf90dd0c60884eae32e3def3b5e1a841f564dc8eccf182092603deb85d5f39783516878bc0583d1bb7d509f24

Download Submit
C:\Windows\system\cBkzQgx.exe

Filesize
6.0MB

MD5
89857315b7def2d7f38c9fdf376fb870

SHA1
31a6fce003e91e3daef3f0f11f68129bd75d8ab8

SHA256
22fc8895ca0a9bb0c0edae334f1ff0bddd332a788917fa9d6c9e1f4f30011577

SHA512
2e81739dd83c4d76b0b91572da5f01d5864024ea946ff4b27a974b7cc6198a846c4f74068812e9ff9a01cd5f84a5237634182c33362e57eab64ac59e3787f535

Download Submit
C:\Windows\system\dIatHSA.exe

Filesize
6.0MB

MD5
3fdb9d4779e2b2f4d4d8224a72f0be2e

SHA1
2fcc2c6a097b3bb5df4b0d85b127b2aec8d1d029

SHA256
15a65ac1d5a91a7046c3b7b4558f8ba787bfb55938dfc8f41bd8bd98700e84e9

SHA512
259a227b76fa1276341ced4e5212f9d4fc4df2bdf14c4fe5a2dacaa657986e572742bfd19a9836f0444bfcb416cfe0d6f3611c1312e2f188d93d2f7a30583a0c

Download Submit
C:\Windows\system\dTdPdJq.exe

Filesize
6.0MB

MD5
79d74bc3194f057622a7e32afe807197

SHA1
f98b4451999d466f2f72efc07d595003c7f632c4

SHA256
1dee7a231f64edc6b7d53bc226ad2acebbb09e8397d9cc1afd1b8da01a05686d

SHA512
103e2986c5156f7f5a1a56fca742584d571a5d736a4bb0468ce3a9be370045f93427abc33c13d092939bcc60bcfa33b22db776f658ceb1e79029ad6cfcee8fda

Download Submit
C:\Windows\system\dtdBsKE.exe

Filesize
6.0MB

MD5
6088c6cf53c283213bee7263b3944811

SHA1
a9ab8a101c6c2dc2ef5e4dd71351a79917e6016b

SHA256
eb05c44c5c5526b82710c0321c5859b78548f5ae551bd9d1a95d40b52ebfcc96

SHA512
837370eb4fae1537ddcb9d2aefad6fea9a064a3b6ffe7cdb9a716a08c45a0dd21231f950a0ddabcb8e21ad0ec8275929dfd590b6634c1d779c6b95b77e032787

Download Submit
C:\Windows\system\hSilEzU.exe

Filesize
6.0MB

MD5
1284154a16978ae507f0324dec093b99

SHA1
4a46bf1fd886c758f485e675c1114b7c5b845a7e

SHA256
929c3bc414faa86cd46686d9f9924d899f14a7fdca6daa26ce38e384618d58c1

SHA512
86483ceb2ed0a9f81fbeb255d0898f7f19d86471eafe5334e0c59349e389fc099b4ad860b840b9755689fdc178b31e3b1420ef2c7e3eb19424c922c2f08a2cb1

Download Submit
C:\Windows\system\iBAfgwP.exe

Filesize
6.0MB

MD5
99e2f8dfb3bb5c6e137eec4a428709bd

SHA1
ee8f6b796d5c19becc5b4141225c554260436e54

SHA256
1b72cdeb7064b569afb484a5d8f22427df850c48c5f96af8a57dbeb80b61dd57

SHA512
f685d7ca12024e307aa201fab55734c6d883f77d1b57b66095e9ddb6c44a36ac5c84c3d21d8d584ca3f6d81e900e7e8e92d5d9a1f1b228fa2bf8352e19c04862

Download Submit
C:\Windows\system\iriJbOu.exe

Filesize
6.0MB

MD5
97e9217f51c30e5137d08e3707572b2b

SHA1
08780a97385a2d96ea3b8ff46962f3ea4a2f1dc0

SHA256
7a12a88a4f4e3fcc48c92c77c1d980183fb1d8b7d1d2a31c17023ec871d3148f

SHA512
df64995902fe47c53ca54c289961775e5ffee51f62cf210b8e7c53a966bec85b4f41fad35146f4bf4ab5e829d97a511c58d602c723f606cd64e28f346e605bbf

Download Submit
C:\Windows\system\kPWedNf.exe

Filesize
6.0MB

MD5
ff2e648020391ec6e475156e2fff8df6

SHA1
3fac28962399a09b7b318e397bb52b90c77e4a21

SHA256
746e81a3a69bc5805c02c1143abe3dca1d442ccff6da5de153dffd79a999655b

SHA512
928978d58579f6a020ad53faa9f04ce594c765dcad3614a1e5f59ba81fad3bcc270d487751edfbf5f5a0e51dda2d96018db74389cdd564b02a43f770f9b53bc1

Download Submit
C:\Windows\system\kuNJAhn.exe

Filesize
6.0MB

MD5
d09e080555071ef2b7bcc95844f95c3d

SHA1
e050749083328d3b272ca5a7aa0aa79c686369ff

SHA256
8383d761e9e393869f676a18c4c4713932efdda3331adaf33658e641014ead22

SHA512
be12f1750bb8e1b236c472ae7eaf60e2cb4fe033e22f62b011c09ba97808447bfa3fc3f8ac80ad9fa3fe50195f0346b75dd0d86085acb3c09b3416e858fac258

Download Submit
C:\Windows\system\lVnkYmz.exe

Filesize
6.0MB

MD5
1b9bd75659f8247bab171edb9d1148bd

SHA1
5fc7a408552ab4d361fa94ad4373eec5d5d5ac74

SHA256
49e15dfe7f33f05dd32f7030f3e41a9469f0b9457f578ed30bbfc8c0abc8d040

SHA512
586b871c2cd1b2b03e5b0e6a4f567ac17976c8121d55c97abd292f8b643bca06ccf8aec36b86ca5c275b6f2f05ec72d73f3ca1a7f4ac57a8c5eb4fa6b14aab0e

Download Submit
C:\Windows\system\lzSQpnQ.exe

Filesize
6.0MB

MD5
b8d3ba3e137e4a1ab07e5f0c21586fe2

SHA1
87b08f0dcc3d70dc5099bd38c2d6f11f7b617066

SHA256
60d510717336d79376c92a33082cc8e346e9cf2dcc5e83f9bc3ec21c8d1fd33f

SHA512
78188968d2afc412213d68efd2b6b7046027e2b3dd968349dc71285f4f53131ccf72af47d063e184763837e85f84b5e89b80c83d07692f544e3dcbbda8090ca9

Download Submit
C:\Windows\system\nGyLKus.exe

Filesize
6.0MB

MD5
747e34b9db9f0745446406bb3c19e096

SHA1
eb02382ee463e0608f1292885e3d42fcd1b20f1c

SHA256
f10fcdc972cf17bb20abc4d47aba1687af4ce7ac2b617273c01be70cf481e0cb

SHA512
3fbe2fec9521aadd7fd2bb7746cada11ca01c8c7ee8f5d4a1986d4f30589dd1212efd0ffe9cfd02ed5e581de6d621fe6f3d4e788313bfc5fa6aa43ec2643cefa

Download Submit
C:\Windows\system\slCWldb.exe

Filesize
6.0MB

MD5
a81948a13d1874e95ab7e4cd0f504af0

SHA1
3b6f23da0de6c38e224a4a124c211e1769918e2e

SHA256
51391534eba6a6611782918667bdc1c8ab40f239b2c52f472fc546f70f60843e

SHA512
392cdfc5a714e04b62cc41437b1ca895339b1086a8d925525f2673f3e8725e97612eeaafe3cc0b7f268480bc885910fd7983fd057aaf4300f2f171a8a2cd0c30

Download Submit
C:\Windows\system\vQbLOKU.exe

Filesize
6.0MB

MD5
d505dd12476d527a3d8855897ff92940

SHA1
00671faabd84bd3fb6b578913ae06bf5e83d6ff8

SHA256
1e096869557859cee9deec95fc506d251590994e72677900c3d6f8d8fc847337

SHA512
0fb5e7dc3066df4245d5933caf1c6f6a7b2123fd91b2fa221454e597a590210badc47f849b6589bf9d8a281b9dc9ec954eec0281718c74e16871f6494305d7fc

Download Submit
C:\Windows\system\wxCikic.exe

Filesize
6.0MB

MD5
4060fbcd1249ee947e714c394f880823

SHA1
d6270720d488d499dd0e69143dd74ea63bb30fe6

SHA256
d4088bb58543b4eccf7e554b4ccd74dcb5d04d02f7a8992b1d6bfbdcb3241f8e

SHA512
da77e78c04fcc3803d0f6cc32bfbd9a05002568efd9a23011d9d3d0d83fdcdc0e8c86662d5b86235956a578d84f1c9fd9df4f98bf91a617c00d731ad9fe7fb9c

Download Submit
\Windows\system\DTMXGCg.exe

Filesize
6.0MB

MD5
1ac6775ab2155e10a588b51b0c7188cf

SHA1
dddf0898d7fe1a677aadd699cad06282078533b1

SHA256
731c20303449dccc50071c1bdb7efe8cac4a177d5317079f4646aa1defb7dc95

SHA512
d7b2e2226e711672c4fe0af3d81475820bf55eb650aa0c9b165b6b0dae11e8f2747fb81112335c5f826e4001dcfc7daa81139ebbd04f267431cb4ad6754c0324

Download Submit
\Windows\system\QQKKFGA.exe

Filesize
6.0MB

MD5
8ab8cf82a81df429c371458ed1edd0c7

SHA1
9d2676cd9668bc2f3ab737888bc5b669d9db1a47

SHA256
8d2b3c768407eae34cd73d2d3b377656f8d3229d3df702a099b7b977138f89b2

SHA512
b45ece5d351b786a85ca1f0427efd62d907e202d431f3ba3de70c4f4a2f8868f07e65b24a41aebcd9ae69d2ad96f640795cf082072970bace4448a35f821a62a

Download Submit
\Windows\system\VArVZqe.exe

Filesize
6.0MB

MD5
d4c6494268a67c249b934deb547354a2

SHA1
448ea3afb834636c3c43db99cdb859014f64dc62

SHA256
7fa5167cca7e565f678f995fa23d4888f87d18d2a45b38981b663084dce06a0b

SHA512
281e0a833c5309ae3ad0b4cd043ad05321cd9b433c840c895a4dfccfebdd59616700d936dc3a41441dc175736229d557bf8d9a571cecc09c2ce1378e7de89b1a

Download Submit
\Windows\system\akyydcP.exe

Filesize
6.0MB

MD5
8f8dfc0bd7f0c7600dc918ae20054ff9

SHA1
09b9a91f3fb2bd31612eabb8ed0d3d6e1a6cbe99

SHA256
cc77332a4705cfd1993296d080e433497ca9b091f0090524bfd38c433786f918

SHA512
dc8cb7cede7d72546825f70a4654438959f1f0aa5572f4be119f580f1f0f3185fcd7ecdce98c4a23611b9c35222e0abf530bfa2e1ab25e0301439a1182fca860

Download Submit
\Windows\system\eDGwgeC.exe

Filesize
6.0MB

MD5
d86f73260678a683023cb2c68ccda6f2

SHA1
c9e74ae4dae26e2e23f49ca16b832334fd6f1b7b

SHA256
29cbe670966c498057bb5ef0e966b492dda0913fc9d97ddb0ca8bdc428df9837

SHA512
721f69e0d9c1c8f8b78c3fa60236b0d64c844ac2068b153bab159d1d45ead74ef61aea45feb1bdfd3661196fbb356634c53244630f44da728aedbe8981ed698e

Download Submit
\Windows\system\qAVmKPM.exe

Filesize
6.0MB

MD5
da918c10d7a7352c5e95fc3a7da39096

SHA1
d7544e5c4b8a2c7c7ed907e8e666aafa2ec77f8e

SHA256
916c6f84b96be167c4fbcbff64c4ce56b713dd174bd1ec2a552102b70178af93

SHA512
56758aee787d16de75a1358d15c9d0e1147ad004310b8d7f34c11f721b4ddfe832495a031328523e981b7bbecb3056cad071d55cf29f696b65ec9fb6aa5b9343

Download Submit
\Windows\system\siAWdBa.exe

Filesize
6.0MB

MD5
04b4765e0fb26779c78dca0f7011b698

SHA1
88f54303d1de0a74f63cc8f809103dd7ec118064

SHA256
04a97b0944cacdbc33a2745ab1982683118960ca13df3f7fe8dba18b4f0d8112

SHA512
4206d641984276423e916eb482dd6681590376b169b6a1e40cf74acabe4b28369d9f5d5b10c2ca7ab4e27ca489d4e8424cdf42e8ac00258e8e6435a5d9d10c74

Download Submit
\Windows\system\wZpNEnY.exe

Filesize
6.0MB

MD5
dc7302698a63987544bf1af916d08322

SHA1
41bb868868bc777b9e6966e57a7129f71cbbe5d5

SHA256
59759ae8d3a85e20e956afbb73115aa098f34168a97470d31e1425af00f4f85f

SHA512
29923b68ae8f241c471cc20f93f33def0ab70766269fff0deb5165c2c9303719f2e69dddc0dc7e4740f14fc94a1c89866322cffc35fb2c835fe25c166d9ab50e

Download Submit
memory/340-4050-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/340-21-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1120-22-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/1120-4064-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-253-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2056-4076-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2440-4069-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2440-214-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1756-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1625-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-224-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2580-0-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1619-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2580-222-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-254-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-220-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-230-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2580-218-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-916-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1591-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2580-27-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1615-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1620-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2580-1262-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2580-148-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1605-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1597-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1592-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-778-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2580-258-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2580-226-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2580-228-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2580-19-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2580-10-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2640-227-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4074-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-4072-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-223-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-4071-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-221-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-229-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2680-4075-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2784-1263-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-4067-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-28-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-4073-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2808-225-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2852-4068-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-217-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-4070-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-219-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-4066-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2900-151-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/3024-4065-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/3024-20-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download