cobaltstrike | d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-12-2024 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
Size

6.0MB
MD5

d044958df8dbf078b40ed293ddcb230e
SHA1

f5fdd437fa6a7b172120fb0d8129a7ddbf412591
SHA256

d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7
SHA512

7eafb9f95507fec4a179ec8ac92f7a134ff8c7c338bfcbab4b1ed1f33667dc8c1ca0d4b55f766d904d0dae022f5e50d0d20f0ec04748278c0c4fa65c310757b5
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUo:eOl56utgpPF8u/7o

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017409-13.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001748f-20.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001752f-24.dat	cobalt_reflective_dll
behavioral1/files/0x001600000001866d-33.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000018678-41.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001879b-53.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018690-49.dat	cobalt_reflective_dll
behavioral1/files/0x00300000000173e4-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019639-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967d-194.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-81.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-90.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193be-63.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2648-0-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/memory/2700-9-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x0008000000017409-13.dat	xmrig
behavioral1/memory/2812-16-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x000800000001748f-20.dat	xmrig
behavioral1/memory/2784-23-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x000700000001752f-24.dat	xmrig
behavioral1/files/0x001600000001866d-33.dat	xmrig
behavioral1/memory/2648-38-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x000a000000018678-41.dat	xmrig
behavioral1/memory/2600-44-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x000800000001879b-53.dat	xmrig
behavioral1/memory/2784-54-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2564-52-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0008000000018690-49.dat	xmrig
behavioral1/memory/2964-73-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/1976-60-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/1124-84-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x00300000000173e4-95.dat	xmrig
behavioral1/files/0x00050000000194d8-121.dat	xmrig
behavioral1/files/0x0005000000019623-182.dat	xmrig
behavioral1/memory/1484-980-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2852-1179-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/1124-615-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2592-614-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/776-489-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019639-188.dat	xmrig
behavioral1/files/0x0005000000019627-180.dat	xmrig
behavioral1/files/0x000500000001967d-194.dat	xmrig
behavioral1/files/0x0005000000019629-186.dat	xmrig
behavioral1/files/0x0005000000019625-178.dat	xmrig
behavioral1/files/0x0005000000019620-148.dat	xmrig
behavioral1/files/0x0005000000019621-170.dat	xmrig
behavioral1/files/0x000500000001961d-140.dat	xmrig
behavioral1/files/0x00050000000195e4-131.dat	xmrig
behavioral1/files/0x000500000001961f-143.dat	xmrig
behavioral1/files/0x000500000001961b-135.dat	xmrig
behavioral1/files/0x0005000000019539-127.dat	xmrig
behavioral1/files/0x000500000001947e-119.dat	xmrig
behavioral1/files/0x0005000000019441-115.dat	xmrig
behavioral1/files/0x000500000001942f-111.dat	xmrig
behavioral1/files/0x0005000000019403-107.dat	xmrig
behavioral1/files/0x0005000000019401-102.dat	xmrig
behavioral1/memory/2852-97-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/1484-91-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2600-86-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2592-83-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x00050000000193d9-82.dat	xmrig
behavioral1/files/0x00050000000193c4-81.dat	xmrig
behavioral1/memory/776-80-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x00050000000193cc-78.dat	xmrig
behavioral1/memory/2648-77-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/files/0x00050000000193df-90.dat	xmrig
behavioral1/memory/2672-68-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2648-71-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x00070000000193be-63.dat	xmrig
behavioral1/memory/2576-37-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2672-29-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2576-3712-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2672-3713-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2784-3716-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2564-3718-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2812-3717-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2700	BxyocIz.exe
2812	TnQHIYZ.exe
2784	BsQQeWB.exe
2672	ERgKEDZ.exe
2576	bSCzGHs.exe
2600	hctlQIK.exe
2564	TewAWrs.exe
1976	ONdlWVb.exe
2964	TdTaUHa.exe
776	rbmuIbW.exe
2592	IYFPJQf.exe
1124	AEKpurM.exe
1484	lRkzEkY.exe
2852	zbBHnCJ.exe
688	ewqBiKm.exe
1276	VtlZsPg.exe
2744	NhADgUG.exe
2948	UKlqbjA.exe
2052	RwzYmVN.exe
1684	ameMxuy.exe
332	VkTzKeR.exe
2932	JgXVwwx.exe
2992	bhvaSOC.exe
604	SFECJcH.exe
2412	YnubMlv.exe
2352	YxYsEdG.exe
1156	txXJbak.exe
2428	ucHcQmv.exe
2232	Xujzmgv.exe
2976	nUhbflw.exe
928	JwoFFBH.exe
1380	FLvrAEF.exe
1552	YPEnyrs.exe
900	arFtfqW.exe
592	xRhGEBl.exe
964	TnxjWMp.exe
1704	QQpsdzl.exe
1732	lPhCCzJ.exe
2468	vEKRHuU.exe
2636	nIvAUNN.exe
2340	QDwTDuk.exe
792	RCKtuYm.exe
2268	gtPqDox.exe
572	ZGJxbHI.exe
288	kYGbDhU.exe
2476	gkSaXJB.exe
2452	yBqctpH.exe
1000	aEghjJF.exe
3056	KvZoaxT.exe
2456	xZnNddR.exe
2168	GvXlcRL.exe
2020	zUrabaH.exe
2184	giMFAzZ.exe
2804	sDqxsrc.exe
1604	yGbSWqm.exe
2840	TrCOmpY.exe
2092	oTlsNct.exe
2220	msHYcyJ.exe
2768	piahjZm.exe
2864	KUcdkfl.exe
2624	sSKDYoq.exe
784	kberjWT.exe
1744	DyoXswH.exe
2904	mfWjIdz.exe

Loads dropped DLL 64 IoCs

pid	Process
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2648-0-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/memory/2700-9-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x0008000000017409-13.dat	upx
behavioral1/memory/2812-16-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x000800000001748f-20.dat	upx
behavioral1/memory/2784-23-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x000700000001752f-24.dat	upx
behavioral1/files/0x001600000001866d-33.dat	upx
behavioral1/memory/2648-38-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x000a000000018678-41.dat	upx
behavioral1/memory/2600-44-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x000800000001879b-53.dat	upx
behavioral1/memory/2784-54-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2564-52-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0008000000018690-49.dat	upx
behavioral1/memory/2964-73-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/1976-60-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/1124-84-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x00300000000173e4-95.dat	upx
behavioral1/files/0x00050000000194d8-121.dat	upx
behavioral1/files/0x0005000000019623-182.dat	upx
behavioral1/memory/1484-980-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2852-1179-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/1124-615-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2592-614-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/776-489-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x0005000000019639-188.dat	upx
behavioral1/files/0x0005000000019627-180.dat	upx
behavioral1/files/0x000500000001967d-194.dat	upx
behavioral1/files/0x0005000000019629-186.dat	upx
behavioral1/files/0x0005000000019625-178.dat	upx
behavioral1/files/0x0005000000019620-148.dat	upx
behavioral1/files/0x0005000000019621-170.dat	upx
behavioral1/files/0x000500000001961d-140.dat	upx
behavioral1/files/0x00050000000195e4-131.dat	upx
behavioral1/files/0x000500000001961f-143.dat	upx
behavioral1/files/0x000500000001961b-135.dat	upx
behavioral1/files/0x0005000000019539-127.dat	upx
behavioral1/files/0x000500000001947e-119.dat	upx
behavioral1/files/0x0005000000019441-115.dat	upx
behavioral1/files/0x000500000001942f-111.dat	upx
behavioral1/files/0x0005000000019403-107.dat	upx
behavioral1/files/0x0005000000019401-102.dat	upx
behavioral1/memory/2852-97-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/1484-91-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2600-86-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2592-83-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x00050000000193d9-82.dat	upx
behavioral1/files/0x00050000000193c4-81.dat	upx
behavioral1/memory/776-80-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x00050000000193cc-78.dat	upx
behavioral1/files/0x00050000000193df-90.dat	upx
behavioral1/memory/2672-68-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x00070000000193be-63.dat	upx
behavioral1/memory/2576-37-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2672-29-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2576-3712-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2672-3713-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2784-3716-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2564-3718-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2812-3717-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2700-3719-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2600-3721-0x000000013FE40000-0x0000000140194000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IkCCoHD.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\pQxvhOx.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\GwcIAWt.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\hueQGKl.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\WSiWeVs.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\brAtuZt.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\brJSDFv.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\YsaJKPs.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\rMBUvmy.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\oTlsNct.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\DyoXswH.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\yYZHWvP.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\YfzEExc.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\AKyhiJJ.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\bRNRCbw.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\UgMFDxU.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\IeCCXHb.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\RGhgfdV.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\CesEQrC.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\PdodyCb.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\tlpMoKT.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\ameMxuy.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\VkTzKeR.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\DRWuXEr.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\sqPATaa.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\fBuVaNY.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\JgXVwwx.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\VbYZPjj.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\NZXKtKz.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\saRPlLO.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\CWqWMEC.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\XCKiCWw.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\hhFyeSv.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\qtjEXcy.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\THtXedv.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\EUqHGUa.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\UYpkNgH.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\njPQfTT.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\mMtKJMr.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\aytuTNO.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\VhNSbMe.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\SkzYhDB.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\MMExwMP.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\CdvHJGN.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\ChCkUdP.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\ZLMQWLm.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\LneaNRZ.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\nOvaCCD.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\KIXqHXR.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\SMgusFp.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\aOstWtF.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\dCDyskx.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\XfcFTTt.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\grjMIqG.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\VRCSsAZ.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\pvKnqAB.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\bhvaSOC.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\iHezxbK.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\IWVogbx.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\HYOlKHj.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\JTMkVbT.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\gTnizVS.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\quGUPBG.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
File created	C:\Windows\System\VDugrAf.exe	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2700	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	31
PID 2648 wrote to memory of 2700	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	31
PID 2648 wrote to memory of 2700	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	31
PID 2648 wrote to memory of 2812	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	32
PID 2648 wrote to memory of 2812	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	32
PID 2648 wrote to memory of 2812	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	32
PID 2648 wrote to memory of 2784	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	33
PID 2648 wrote to memory of 2784	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	33
PID 2648 wrote to memory of 2784	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	33
PID 2648 wrote to memory of 2672	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	34
PID 2648 wrote to memory of 2672	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	34
PID 2648 wrote to memory of 2672	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	34
PID 2648 wrote to memory of 2576	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	35
PID 2648 wrote to memory of 2576	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	35
PID 2648 wrote to memory of 2576	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	35
PID 2648 wrote to memory of 2600	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	36
PID 2648 wrote to memory of 2600	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	36
PID 2648 wrote to memory of 2600	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	36
PID 2648 wrote to memory of 2564	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	37
PID 2648 wrote to memory of 2564	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	37
PID 2648 wrote to memory of 2564	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	37
PID 2648 wrote to memory of 1976	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	38
PID 2648 wrote to memory of 1976	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	38
PID 2648 wrote to memory of 1976	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	38
PID 2648 wrote to memory of 2964	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	39
PID 2648 wrote to memory of 2964	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	39
PID 2648 wrote to memory of 2964	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	39
PID 2648 wrote to memory of 2592	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	40
PID 2648 wrote to memory of 2592	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	40
PID 2648 wrote to memory of 2592	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	40
PID 2648 wrote to memory of 776	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	41
PID 2648 wrote to memory of 776	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	41
PID 2648 wrote to memory of 776	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	41
PID 2648 wrote to memory of 1124	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	42
PID 2648 wrote to memory of 1124	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	42
PID 2648 wrote to memory of 1124	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	42
PID 2648 wrote to memory of 1484	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	43
PID 2648 wrote to memory of 1484	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	43
PID 2648 wrote to memory of 1484	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	43
PID 2648 wrote to memory of 2852	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	44
PID 2648 wrote to memory of 2852	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	44
PID 2648 wrote to memory of 2852	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	44
PID 2648 wrote to memory of 688	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	45
PID 2648 wrote to memory of 688	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	45
PID 2648 wrote to memory of 688	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	45
PID 2648 wrote to memory of 1276	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	46
PID 2648 wrote to memory of 1276	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	46
PID 2648 wrote to memory of 1276	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	46
PID 2648 wrote to memory of 2744	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	47
PID 2648 wrote to memory of 2744	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	47
PID 2648 wrote to memory of 2744	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	47
PID 2648 wrote to memory of 2948	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	48
PID 2648 wrote to memory of 2948	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	48
PID 2648 wrote to memory of 2948	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	48
PID 2648 wrote to memory of 2052	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	49
PID 2648 wrote to memory of 2052	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	49
PID 2648 wrote to memory of 2052	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	49
PID 2648 wrote to memory of 1684	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	50
PID 2648 wrote to memory of 1684	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	50
PID 2648 wrote to memory of 1684	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	50
PID 2648 wrote to memory of 332	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	51
PID 2648 wrote to memory of 332	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	51
PID 2648 wrote to memory of 332	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	51
PID 2648 wrote to memory of 2932	2648	d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe	52

C:\Users\Admin\AppData\Local\Temp\d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe
"C:\Users\Admin\AppData\Local\Temp\d472ecfaee160cb386c9b84cd947309d098e6ee2c78a0addb0843d20c3d22ed7.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Windows\System\BxyocIz.exe
  C:\Windows\System\BxyocIz.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\TnQHIYZ.exe
  C:\Windows\System\TnQHIYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\BsQQeWB.exe
  C:\Windows\System\BsQQeWB.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\ERgKEDZ.exe
  C:\Windows\System\ERgKEDZ.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\bSCzGHs.exe
  C:\Windows\System\bSCzGHs.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\hctlQIK.exe
  C:\Windows\System\hctlQIK.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\TewAWrs.exe
  C:\Windows\System\TewAWrs.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\ONdlWVb.exe
  C:\Windows\System\ONdlWVb.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\TdTaUHa.exe
  C:\Windows\System\TdTaUHa.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\IYFPJQf.exe
  C:\Windows\System\IYFPJQf.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\rbmuIbW.exe
  C:\Windows\System\rbmuIbW.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\AEKpurM.exe
  C:\Windows\System\AEKpurM.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\lRkzEkY.exe
  C:\Windows\System\lRkzEkY.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\zbBHnCJ.exe
  C:\Windows\System\zbBHnCJ.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\ewqBiKm.exe
  C:\Windows\System\ewqBiKm.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\VtlZsPg.exe
  C:\Windows\System\VtlZsPg.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\NhADgUG.exe
  C:\Windows\System\NhADgUG.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\UKlqbjA.exe
  C:\Windows\System\UKlqbjA.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\RwzYmVN.exe
  C:\Windows\System\RwzYmVN.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\ameMxuy.exe
  C:\Windows\System\ameMxuy.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\VkTzKeR.exe
  C:\Windows\System\VkTzKeR.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\JgXVwwx.exe
  C:\Windows\System\JgXVwwx.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\bhvaSOC.exe
  C:\Windows\System\bhvaSOC.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\SFECJcH.exe
  C:\Windows\System\SFECJcH.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\YnubMlv.exe
  C:\Windows\System\YnubMlv.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\YxYsEdG.exe
  C:\Windows\System\YxYsEdG.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\txXJbak.exe
  C:\Windows\System\txXJbak.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\Xujzmgv.exe
  C:\Windows\System\Xujzmgv.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\ucHcQmv.exe
  C:\Windows\System\ucHcQmv.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\FLvrAEF.exe
  C:\Windows\System\FLvrAEF.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\nUhbflw.exe
  C:\Windows\System\nUhbflw.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\arFtfqW.exe
  C:\Windows\System\arFtfqW.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\JwoFFBH.exe
  C:\Windows\System\JwoFFBH.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\xRhGEBl.exe
  C:\Windows\System\xRhGEBl.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\YPEnyrs.exe
  C:\Windows\System\YPEnyrs.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\TnxjWMp.exe
  C:\Windows\System\TnxjWMp.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\QQpsdzl.exe
  C:\Windows\System\QQpsdzl.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\lPhCCzJ.exe
  C:\Windows\System\lPhCCzJ.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\vEKRHuU.exe
  C:\Windows\System\vEKRHuU.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\nIvAUNN.exe
  C:\Windows\System\nIvAUNN.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\QDwTDuk.exe
  C:\Windows\System\QDwTDuk.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\gtPqDox.exe
  C:\Windows\System\gtPqDox.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\RCKtuYm.exe
  C:\Windows\System\RCKtuYm.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\ZGJxbHI.exe
  C:\Windows\System\ZGJxbHI.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\kYGbDhU.exe
  C:\Windows\System\kYGbDhU.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\aEghjJF.exe
  C:\Windows\System\aEghjJF.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\gkSaXJB.exe
  C:\Windows\System\gkSaXJB.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\xZnNddR.exe
  C:\Windows\System\xZnNddR.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\yBqctpH.exe
  C:\Windows\System\yBqctpH.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\zUrabaH.exe
  C:\Windows\System\zUrabaH.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\KvZoaxT.exe
  C:\Windows\System\KvZoaxT.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\giMFAzZ.exe
  C:\Windows\System\giMFAzZ.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\GvXlcRL.exe
  C:\Windows\System\GvXlcRL.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\yGbSWqm.exe
  C:\Windows\System\yGbSWqm.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\sDqxsrc.exe
  C:\Windows\System\sDqxsrc.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\TrCOmpY.exe
  C:\Windows\System\TrCOmpY.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\oTlsNct.exe
  C:\Windows\System\oTlsNct.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\sSKDYoq.exe
  C:\Windows\System\sSKDYoq.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\msHYcyJ.exe
  C:\Windows\System\msHYcyJ.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\DyoXswH.exe
  C:\Windows\System\DyoXswH.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\piahjZm.exe
  C:\Windows\System\piahjZm.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\mfWjIdz.exe
  C:\Windows\System\mfWjIdz.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\KUcdkfl.exe
  C:\Windows\System\KUcdkfl.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\yIQfbbh.exe
  C:\Windows\System\yIQfbbh.exe
  2⤵
  PID:2880
- C:\Windows\System\kberjWT.exe
  C:\Windows\System\kberjWT.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\tgdDdDL.exe
  C:\Windows\System\tgdDdDL.exe
  2⤵
  PID:3000
- C:\Windows\System\VCTICAl.exe
  C:\Windows\System\VCTICAl.exe
  2⤵
  PID:1592
- C:\Windows\System\SkLhkRd.exe
  C:\Windows\System\SkLhkRd.exe
  2⤵
  PID:2388
- C:\Windows\System\ySegqlG.exe
  C:\Windows\System\ySegqlG.exe
  2⤵
  PID:1292
- C:\Windows\System\vPCkOuM.exe
  C:\Windows\System\vPCkOuM.exe
  2⤵
  PID:2424
- C:\Windows\System\UhEJIAn.exe
  C:\Windows\System\UhEJIAn.exe
  2⤵
  PID:1232
- C:\Windows\System\rNNrPTE.exe
  C:\Windows\System\rNNrPTE.exe
  2⤵
  PID:448
- C:\Windows\System\UueBcmm.exe
  C:\Windows\System\UueBcmm.exe
  2⤵
  PID:2632
- C:\Windows\System\fzJTOqu.exe
  C:\Windows\System\fzJTOqu.exe
  2⤵
  PID:2440
- C:\Windows\System\HYZUkVT.exe
  C:\Windows\System\HYZUkVT.exe
  2⤵
  PID:1544
- C:\Windows\System\fzHYbjr.exe
  C:\Windows\System\fzHYbjr.exe
  2⤵
  PID:1728
- C:\Windows\System\UzHReui.exe
  C:\Windows\System\UzHReui.exe
  2⤵
  PID:1532
- C:\Windows\System\ShUtywe.exe
  C:\Windows\System\ShUtywe.exe
  2⤵
  PID:2004
- C:\Windows\System\esQLzKW.exe
  C:\Windows\System\esQLzKW.exe
  2⤵
  PID:1736
- C:\Windows\System\USKTOAE.exe
  C:\Windows\System\USKTOAE.exe
  2⤵
  PID:2300
- C:\Windows\System\UjOoerG.exe
  C:\Windows\System\UjOoerG.exe
  2⤵
  PID:2336
- C:\Windows\System\tAKwhIK.exe
  C:\Windows\System\tAKwhIK.exe
  2⤵
  PID:2076
- C:\Windows\System\KEdolmm.exe
  C:\Windows\System\KEdolmm.exe
  2⤵
  PID:2084
- C:\Windows\System\OIheayd.exe
  C:\Windows\System\OIheayd.exe
  2⤵
  PID:1720
- C:\Windows\System\mADaWtx.exe
  C:\Windows\System\mADaWtx.exe
  2⤵
  PID:1508
- C:\Windows\System\fJeygXI.exe
  C:\Windows\System\fJeygXI.exe
  2⤵
  PID:852
- C:\Windows\System\hGDtMlC.exe
  C:\Windows\System\hGDtMlC.exe
  2⤵
  PID:2272
- C:\Windows\System\JyATTrn.exe
  C:\Windows\System\JyATTrn.exe
  2⤵
  PID:2952
- C:\Windows\System\xVclzWV.exe
  C:\Windows\System\xVclzWV.exe
  2⤵
  PID:2248
- C:\Windows\System\juavHii.exe
  C:\Windows\System\juavHii.exe
  2⤵
  PID:2580
- C:\Windows\System\lQPtdvJ.exe
  C:\Windows\System\lQPtdvJ.exe
  2⤵
  PID:2036
- C:\Windows\System\TXClduo.exe
  C:\Windows\System\TXClduo.exe
  2⤵
  PID:2416
- C:\Windows\System\HbLAsuQ.exe
  C:\Windows\System\HbLAsuQ.exe
  2⤵
  PID:1372
- C:\Windows\System\EuFHlAE.exe
  C:\Windows\System\EuFHlAE.exe
  2⤵
  PID:408
- C:\Windows\System\nQNgCeO.exe
  C:\Windows\System\nQNgCeO.exe
  2⤵
  PID:1860
- C:\Windows\System\XsuYdAF.exe
  C:\Windows\System\XsuYdAF.exe
  2⤵
  PID:1780
- C:\Windows\System\aFKiWTK.exe
  C:\Windows\System\aFKiWTK.exe
  2⤵
  PID:1488
- C:\Windows\System\HuIFRmP.exe
  C:\Windows\System\HuIFRmP.exe
  2⤵
  PID:2444
- C:\Windows\System\vNOqKWB.exe
  C:\Windows\System\vNOqKWB.exe
  2⤵
  PID:632
- C:\Windows\System\nBFHQdN.exe
  C:\Windows\System\nBFHQdN.exe
  2⤵
  PID:3084
- C:\Windows\System\svKWeQt.exe
  C:\Windows\System\svKWeQt.exe
  2⤵
  PID:3100
- C:\Windows\System\waAHHZy.exe
  C:\Windows\System\waAHHZy.exe
  2⤵
  PID:3128
- C:\Windows\System\PMCdNNk.exe
  C:\Windows\System\PMCdNNk.exe
  2⤵
  PID:3148
- C:\Windows\System\aQtVsUL.exe
  C:\Windows\System\aQtVsUL.exe
  2⤵
  PID:3164
- C:\Windows\System\YRqVnLF.exe
  C:\Windows\System\YRqVnLF.exe
  2⤵
  PID:3184
- C:\Windows\System\BWNGKKq.exe
  C:\Windows\System\BWNGKKq.exe
  2⤵
  PID:3208
- C:\Windows\System\ixynYCF.exe
  C:\Windows\System\ixynYCF.exe
  2⤵
  PID:3224
- C:\Windows\System\YLpYIGh.exe
  C:\Windows\System\YLpYIGh.exe
  2⤵
  PID:3248
- C:\Windows\System\qmIMBom.exe
  C:\Windows\System\qmIMBom.exe
  2⤵
  PID:3268
- C:\Windows\System\FLOfeZD.exe
  C:\Windows\System\FLOfeZD.exe
  2⤵
  PID:3288
- C:\Windows\System\ibpDORV.exe
  C:\Windows\System\ibpDORV.exe
  2⤵
  PID:3304
- C:\Windows\System\xYlDNxj.exe
  C:\Windows\System\xYlDNxj.exe
  2⤵
  PID:3344
- C:\Windows\System\WLObBUn.exe
  C:\Windows\System\WLObBUn.exe
  2⤵
  PID:3364
- C:\Windows\System\PuHaAMA.exe
  C:\Windows\System\PuHaAMA.exe
  2⤵
  PID:3388
- C:\Windows\System\ZcOjxrB.exe
  C:\Windows\System\ZcOjxrB.exe
  2⤵
  PID:3404
- C:\Windows\System\NMAyLUf.exe
  C:\Windows\System\NMAyLUf.exe
  2⤵
  PID:3420
- C:\Windows\System\sWwlBXF.exe
  C:\Windows\System\sWwlBXF.exe
  2⤵
  PID:3436
- C:\Windows\System\NRnoCRD.exe
  C:\Windows\System\NRnoCRD.exe
  2⤵
  PID:3456
- C:\Windows\System\pFBMKoV.exe
  C:\Windows\System\pFBMKoV.exe
  2⤵
  PID:3476
- C:\Windows\System\EcuJsqo.exe
  C:\Windows\System\EcuJsqo.exe
  2⤵
  PID:3496
- C:\Windows\System\VDSxJwf.exe
  C:\Windows\System\VDSxJwf.exe
  2⤵
  PID:3524
- C:\Windows\System\rxRzURf.exe
  C:\Windows\System\rxRzURf.exe
  2⤵
  PID:3548
- C:\Windows\System\qJYFbyo.exe
  C:\Windows\System\qJYFbyo.exe
  2⤵
  PID:3564
- C:\Windows\System\vxfOlUO.exe
  C:\Windows\System\vxfOlUO.exe
  2⤵
  PID:3580
- C:\Windows\System\xuNEmev.exe
  C:\Windows\System\xuNEmev.exe
  2⤵
  PID:3600
- C:\Windows\System\pffALnj.exe
  C:\Windows\System\pffALnj.exe
  2⤵
  PID:3628
- C:\Windows\System\IYqUFci.exe
  C:\Windows\System\IYqUFci.exe
  2⤵
  PID:3648
- C:\Windows\System\DbyOrQR.exe
  C:\Windows\System\DbyOrQR.exe
  2⤵
  PID:3672
- C:\Windows\System\iXSxzEd.exe
  C:\Windows\System\iXSxzEd.exe
  2⤵
  PID:3692
- C:\Windows\System\RVzgNxZ.exe
  C:\Windows\System\RVzgNxZ.exe
  2⤵
  PID:3708
- C:\Windows\System\WgZqJAO.exe
  C:\Windows\System\WgZqJAO.exe
  2⤵
  PID:3728
- C:\Windows\System\XaVjaSs.exe
  C:\Windows\System\XaVjaSs.exe
  2⤵
  PID:3744
- C:\Windows\System\zuVMpKh.exe
  C:\Windows\System\zuVMpKh.exe
  2⤵
  PID:3768
- C:\Windows\System\sJPTykY.exe
  C:\Windows\System\sJPTykY.exe
  2⤵
  PID:3784
- C:\Windows\System\JyRmzNY.exe
  C:\Windows\System\JyRmzNY.exe
  2⤵
  PID:3800
- C:\Windows\System\UazXXwC.exe
  C:\Windows\System\UazXXwC.exe
  2⤵
  PID:3816
- C:\Windows\System\whJTNyE.exe
  C:\Windows\System\whJTNyE.exe
  2⤵
  PID:3832
- C:\Windows\System\UewMCQt.exe
  C:\Windows\System\UewMCQt.exe
  2⤵
  PID:3852
- C:\Windows\System\VluzTSE.exe
  C:\Windows\System\VluzTSE.exe
  2⤵
  PID:3876
- C:\Windows\System\mOoMJTN.exe
  C:\Windows\System\mOoMJTN.exe
  2⤵
  PID:3900
- C:\Windows\System\oiYkYrs.exe
  C:\Windows\System\oiYkYrs.exe
  2⤵
  PID:3916
- C:\Windows\System\zZHyBzd.exe
  C:\Windows\System\zZHyBzd.exe
  2⤵
  PID:3956
- C:\Windows\System\vnBFpDp.exe
  C:\Windows\System\vnBFpDp.exe
  2⤵
  PID:3972
- C:\Windows\System\ojxiwgt.exe
  C:\Windows\System\ojxiwgt.exe
  2⤵
  PID:3996
- C:\Windows\System\GwcIAWt.exe
  C:\Windows\System\GwcIAWt.exe
  2⤵
  PID:4012
- C:\Windows\System\jyekyrv.exe
  C:\Windows\System\jyekyrv.exe
  2⤵
  PID:4032
- C:\Windows\System\zyBarur.exe
  C:\Windows\System\zyBarur.exe
  2⤵
  PID:4052
- C:\Windows\System\dBDcbbO.exe
  C:\Windows\System\dBDcbbO.exe
  2⤵
  PID:4076
- C:\Windows\System\EJpSpSJ.exe
  C:\Windows\System\EJpSpSJ.exe
  2⤵
  PID:1040
- C:\Windows\System\Izsaaas.exe
  C:\Windows\System\Izsaaas.exe
  2⤵
  PID:1940
- C:\Windows\System\KJCJWUl.exe
  C:\Windows\System\KJCJWUl.exe
  2⤵
  PID:988
- C:\Windows\System\lnHBMCA.exe
  C:\Windows\System\lnHBMCA.exe
  2⤵
  PID:2924
- C:\Windows\System\SqZCPYw.exe
  C:\Windows\System\SqZCPYw.exe
  2⤵
  PID:2588
- C:\Windows\System\YbGTAOV.exe
  C:\Windows\System\YbGTAOV.exe
  2⤵
  PID:1656
- C:\Windows\System\KfesWLi.exe
  C:\Windows\System\KfesWLi.exe
  2⤵
  PID:3076
- C:\Windows\System\fHWkqIQ.exe
  C:\Windows\System\fHWkqIQ.exe
  2⤵
  PID:2104
- C:\Windows\System\uPoKacF.exe
  C:\Windows\System\uPoKacF.exe
  2⤵
  PID:1524
- C:\Windows\System\XYakYVY.exe
  C:\Windows\System\XYakYVY.exe
  2⤵
  PID:2488
- C:\Windows\System\TvoEuTZ.exe
  C:\Windows\System\TvoEuTZ.exe
  2⤵
  PID:2484
- C:\Windows\System\UxdBbMn.exe
  C:\Windows\System\UxdBbMn.exe
  2⤵
  PID:3116
- C:\Windows\System\VZgWBhT.exe
  C:\Windows\System\VZgWBhT.exe
  2⤵
  PID:3160
- C:\Windows\System\tweNQVV.exe
  C:\Windows\System\tweNQVV.exe
  2⤵
  PID:3232
- C:\Windows\System\brvrtLF.exe
  C:\Windows\System\brvrtLF.exe
  2⤵
  PID:2820
- C:\Windows\System\uCKDMjG.exe
  C:\Windows\System\uCKDMjG.exe
  2⤵
  PID:2692
- C:\Windows\System\lSCKvQt.exe
  C:\Windows\System\lSCKvQt.exe
  2⤵
  PID:1868
- C:\Windows\System\HsLzyQx.exe
  C:\Windows\System\HsLzyQx.exe
  2⤵
  PID:2404
- C:\Windows\System\frHCVAW.exe
  C:\Windows\System\frHCVAW.exe
  2⤵
  PID:1596
- C:\Windows\System\qRugsCw.exe
  C:\Windows\System\qRugsCw.exe
  2⤵
  PID:3260
- C:\Windows\System\PGhsNBQ.exe
  C:\Windows\System\PGhsNBQ.exe
  2⤵
  PID:3220
- C:\Windows\System\yrcgTHH.exe
  C:\Windows\System\yrcgTHH.exe
  2⤵
  PID:3096
- C:\Windows\System\JAEnxKU.exe
  C:\Windows\System\JAEnxKU.exe
  2⤵
  PID:3324
- C:\Windows\System\lnqLigg.exe
  C:\Windows\System\lnqLigg.exe
  2⤵
  PID:3384
- C:\Windows\System\ohQSzeE.exe
  C:\Windows\System\ohQSzeE.exe
  2⤵
  PID:3360
- C:\Windows\System\yAZsyKb.exe
  C:\Windows\System\yAZsyKb.exe
  2⤵
  PID:3428
- C:\Windows\System\IwoLXCf.exe
  C:\Windows\System\IwoLXCf.exe
  2⤵
  PID:3508
- C:\Windows\System\xMCHtEx.exe
  C:\Windows\System\xMCHtEx.exe
  2⤵
  PID:3516
- C:\Windows\System\arytmvM.exe
  C:\Windows\System\arytmvM.exe
  2⤵
  PID:3544
- C:\Windows\System\stuhRFh.exe
  C:\Windows\System\stuhRFh.exe
  2⤵
  PID:3592
- C:\Windows\System\lSGUDIa.exe
  C:\Windows\System\lSGUDIa.exe
  2⤵
  PID:3624
- C:\Windows\System\yfdhPJn.exe
  C:\Windows\System\yfdhPJn.exe
  2⤵
  PID:3656
- C:\Windows\System\OZPmKos.exe
  C:\Windows\System\OZPmKos.exe
  2⤵
  PID:3704
- C:\Windows\System\rrVviNv.exe
  C:\Windows\System\rrVviNv.exe
  2⤵
  PID:3740
- C:\Windows\System\CRNbBCp.exe
  C:\Windows\System\CRNbBCp.exe
  2⤵
  PID:3812
- C:\Windows\System\WmbSAuZ.exe
  C:\Windows\System\WmbSAuZ.exe
  2⤵
  PID:3896
- C:\Windows\System\xxIDqUs.exe
  C:\Windows\System\xxIDqUs.exe
  2⤵
  PID:3824
- C:\Windows\System\YMygnYA.exe
  C:\Windows\System\YMygnYA.exe
  2⤵
  PID:3868
- C:\Windows\System\QSsNKGP.exe
  C:\Windows\System\QSsNKGP.exe
  2⤵
  PID:3756
- C:\Windows\System\iSrguZa.exe
  C:\Windows\System\iSrguZa.exe
  2⤵
  PID:3936
- C:\Windows\System\OmRwICA.exe
  C:\Windows\System\OmRwICA.exe
  2⤵
  PID:3952
- C:\Windows\System\XnlUyvU.exe
  C:\Windows\System\XnlUyvU.exe
  2⤵
  PID:3984
- C:\Windows\System\BaPdgeo.exe
  C:\Windows\System\BaPdgeo.exe
  2⤵
  PID:4004
- C:\Windows\System\dfWUaUO.exe
  C:\Windows\System\dfWUaUO.exe
  2⤵
  PID:4064
- C:\Windows\System\zuGcgLt.exe
  C:\Windows\System\zuGcgLt.exe
  2⤵
  PID:4048
- C:\Windows\System\DTQXERj.exe
  C:\Windows\System\DTQXERj.exe
  2⤵
  PID:4092
- C:\Windows\System\NvJNgDi.exe
  C:\Windows\System\NvJNgDi.exe
  2⤵
  PID:2316
- C:\Windows\System\cyIwARY.exe
  C:\Windows\System\cyIwARY.exe
  2⤵
  PID:2228
- C:\Windows\System\YomAAOD.exe
  C:\Windows\System\YomAAOD.exe
  2⤵
  PID:1740
- C:\Windows\System\kaUdjfK.exe
  C:\Windows\System\kaUdjfK.exe
  2⤵
  PID:1048
- C:\Windows\System\IeCCXHb.exe
  C:\Windows\System\IeCCXHb.exe
  2⤵
  PID:3112
- C:\Windows\System\njPQfTT.exe
  C:\Windows\System\njPQfTT.exe
  2⤵
  PID:3204
- C:\Windows\System\HPLCLKA.exe
  C:\Windows\System\HPLCLKA.exe
  2⤵
  PID:2792
- C:\Windows\System\qdpzZkx.exe
  C:\Windows\System\qdpzZkx.exe
  2⤵
  PID:2480
- C:\Windows\System\ATtLdiF.exe
  C:\Windows\System\ATtLdiF.exe
  2⤵
  PID:3256
- C:\Windows\System\rGFbzpB.exe
  C:\Windows\System\rGFbzpB.exe
  2⤵
  PID:3140
- C:\Windows\System\hFnSNmK.exe
  C:\Windows\System\hFnSNmK.exe
  2⤵
  PID:2384
- C:\Windows\System\IUOvirS.exe
  C:\Windows\System\IUOvirS.exe
  2⤵
  PID:2760
- C:\Windows\System\qoffsoy.exe
  C:\Windows\System\qoffsoy.exe
  2⤵
  PID:3296
- C:\Windows\System\NdPLtuJ.exe
  C:\Windows\System\NdPLtuJ.exe
  2⤵
  PID:908
- C:\Windows\System\zkCNYyl.exe
  C:\Windows\System\zkCNYyl.exe
  2⤵
  PID:3416
- C:\Windows\System\zqHRtRE.exe
  C:\Windows\System\zqHRtRE.exe
  2⤵
  PID:3400
- C:\Windows\System\SMgusFp.exe
  C:\Windows\System\SMgusFp.exe
  2⤵
  PID:3356
- C:\Windows\System\PXWuCYl.exe
  C:\Windows\System\PXWuCYl.exe
  2⤵
  PID:3644
- C:\Windows\System\zqNMTjd.exe
  C:\Windows\System\zqNMTjd.exe
  2⤵
  PID:3532
- C:\Windows\System\AJoiJPn.exe
  C:\Windows\System\AJoiJPn.exe
  2⤵
  PID:3616
- C:\Windows\System\iKuAdoF.exe
  C:\Windows\System\iKuAdoF.exe
  2⤵
  PID:3844
- C:\Windows\System\CGPhIjM.exe
  C:\Windows\System\CGPhIjM.exe
  2⤵
  PID:3776
- C:\Windows\System\lqLnpye.exe
  C:\Windows\System\lqLnpye.exe
  2⤵
  PID:3932
- C:\Windows\System\BctyNhN.exe
  C:\Windows\System\BctyNhN.exe
  2⤵
  PID:4008
- C:\Windows\System\czPcKKr.exe
  C:\Windows\System\czPcKKr.exe
  2⤵
  PID:1832
- C:\Windows\System\hueFccx.exe
  C:\Windows\System\hueFccx.exe
  2⤵
  PID:3200
- C:\Windows\System\RXwKkly.exe
  C:\Windows\System\RXwKkly.exe
  2⤵
  PID:3136
- C:\Windows\System\xEojQrb.exe
  C:\Windows\System\xEojQrb.exe
  2⤵
  PID:3092
- C:\Windows\System\qxUYjWH.exe
  C:\Windows\System\qxUYjWH.exe
  2⤵
  PID:4104
- C:\Windows\System\SzejkzJ.exe
  C:\Windows\System\SzejkzJ.exe
  2⤵
  PID:4120
- C:\Windows\System\MHCOJMS.exe
  C:\Windows\System\MHCOJMS.exe
  2⤵
  PID:4136
- C:\Windows\System\prueXSE.exe
  C:\Windows\System\prueXSE.exe
  2⤵
  PID:4152
- C:\Windows\System\gLyBHXZ.exe
  C:\Windows\System\gLyBHXZ.exe
  2⤵
  PID:4168
- C:\Windows\System\AFnjVeG.exe
  C:\Windows\System\AFnjVeG.exe
  2⤵
  PID:4184
- C:\Windows\System\YRUDzTS.exe
  C:\Windows\System\YRUDzTS.exe
  2⤵
  PID:4204
- C:\Windows\System\hMaPpjr.exe
  C:\Windows\System\hMaPpjr.exe
  2⤵
  PID:4224
- C:\Windows\System\mcsSKlm.exe
  C:\Windows\System\mcsSKlm.exe
  2⤵
  PID:4240
- C:\Windows\System\rytwjne.exe
  C:\Windows\System\rytwjne.exe
  2⤵
  PID:4256
- C:\Windows\System\iBIekoN.exe
  C:\Windows\System\iBIekoN.exe
  2⤵
  PID:4272
- C:\Windows\System\ZpCkwaJ.exe
  C:\Windows\System\ZpCkwaJ.exe
  2⤵
  PID:4288
- C:\Windows\System\gUcAsVP.exe
  C:\Windows\System\gUcAsVP.exe
  2⤵
  PID:4304
- C:\Windows\System\PFPqxwN.exe
  C:\Windows\System\PFPqxwN.exe
  2⤵
  PID:4320
- C:\Windows\System\whWSvvm.exe
  C:\Windows\System\whWSvvm.exe
  2⤵
  PID:4336
- C:\Windows\System\aQgZgUZ.exe
  C:\Windows\System\aQgZgUZ.exe
  2⤵
  PID:4352
- C:\Windows\System\gFwCkcP.exe
  C:\Windows\System\gFwCkcP.exe
  2⤵
  PID:4368
- C:\Windows\System\HsARruY.exe
  C:\Windows\System\HsARruY.exe
  2⤵
  PID:4384
- C:\Windows\System\YeOjAfk.exe
  C:\Windows\System\YeOjAfk.exe
  2⤵
  PID:4400
- C:\Windows\System\VRitUML.exe
  C:\Windows\System\VRitUML.exe
  2⤵
  PID:4416
- C:\Windows\System\XkvDYEP.exe
  C:\Windows\System\XkvDYEP.exe
  2⤵
  PID:4432
- C:\Windows\System\RBuVMGx.exe
  C:\Windows\System\RBuVMGx.exe
  2⤵
  PID:4448
- C:\Windows\System\ehwZqXe.exe
  C:\Windows\System\ehwZqXe.exe
  2⤵
  PID:4464
- C:\Windows\System\VAaJMyI.exe
  C:\Windows\System\VAaJMyI.exe
  2⤵
  PID:4480
- C:\Windows\System\mMtKJMr.exe
  C:\Windows\System\mMtKJMr.exe
  2⤵
  PID:4496
- C:\Windows\System\Sdnxcsy.exe
  C:\Windows\System\Sdnxcsy.exe
  2⤵
  PID:4512
- C:\Windows\System\wuyfcYG.exe
  C:\Windows\System\wuyfcYG.exe
  2⤵
  PID:4528
- C:\Windows\System\asuruWK.exe
  C:\Windows\System\asuruWK.exe
  2⤵
  PID:4544
- C:\Windows\System\zJaaTPm.exe
  C:\Windows\System\zJaaTPm.exe
  2⤵
  PID:4560
- C:\Windows\System\IWDxNjN.exe
  C:\Windows\System\IWDxNjN.exe
  2⤵
  PID:4576
- C:\Windows\System\cKYzaYV.exe
  C:\Windows\System\cKYzaYV.exe
  2⤵
  PID:4592
- C:\Windows\System\gNDrXjk.exe
  C:\Windows\System\gNDrXjk.exe
  2⤵
  PID:4608
- C:\Windows\System\OnFLoVR.exe
  C:\Windows\System\OnFLoVR.exe
  2⤵
  PID:4624
- C:\Windows\System\wzATtuW.exe
  C:\Windows\System\wzATtuW.exe
  2⤵
  PID:4640
- C:\Windows\System\wHKKvSb.exe
  C:\Windows\System\wHKKvSb.exe
  2⤵
  PID:4656
- C:\Windows\System\dubTyAm.exe
  C:\Windows\System\dubTyAm.exe
  2⤵
  PID:4672
- C:\Windows\System\xCryCgT.exe
  C:\Windows\System\xCryCgT.exe
  2⤵
  PID:4688
- C:\Windows\System\DRWuXEr.exe
  C:\Windows\System\DRWuXEr.exe
  2⤵
  PID:4704
- C:\Windows\System\PmQLxkp.exe
  C:\Windows\System\PmQLxkp.exe
  2⤵
  PID:4720
- C:\Windows\System\saRPlLO.exe
  C:\Windows\System\saRPlLO.exe
  2⤵
  PID:4736
- C:\Windows\System\PdHhEhA.exe
  C:\Windows\System\PdHhEhA.exe
  2⤵
  PID:4752
- C:\Windows\System\nUJTRBp.exe
  C:\Windows\System\nUJTRBp.exe
  2⤵
  PID:4768
- C:\Windows\System\lfmPqrK.exe
  C:\Windows\System\lfmPqrK.exe
  2⤵
  PID:4784
- C:\Windows\System\lVMPUmw.exe
  C:\Windows\System\lVMPUmw.exe
  2⤵
  PID:4800
- C:\Windows\System\MZiWuZy.exe
  C:\Windows\System\MZiWuZy.exe
  2⤵
  PID:4824
- C:\Windows\System\oWehjaE.exe
  C:\Windows\System\oWehjaE.exe
  2⤵
  PID:5080
- C:\Windows\System\AwYUVNs.exe
  C:\Windows\System\AwYUVNs.exe
  2⤵
  PID:5096
- C:\Windows\System\UJJMsPd.exe
  C:\Windows\System\UJJMsPd.exe
  2⤵
  PID:5112
- C:\Windows\System\YjMpwxa.exe
  C:\Windows\System\YjMpwxa.exe
  2⤵
  PID:3620
- C:\Windows\System\rcDBqXi.exe
  C:\Windows\System\rcDBqXi.exe
  2⤵
  PID:3884
- C:\Windows\System\neEVYrA.exe
  C:\Windows\System\neEVYrA.exe
  2⤵
  PID:1608
- C:\Windows\System\zajcUmV.exe
  C:\Windows\System\zajcUmV.exe
  2⤵
  PID:3280
- C:\Windows\System\eXUnFKy.exe
  C:\Windows\System\eXUnFKy.exe
  2⤵
  PID:4176
- C:\Windows\System\sxhfePO.exe
  C:\Windows\System\sxhfePO.exe
  2⤵
  PID:4248
- C:\Windows\System\DMjsBFa.exe
  C:\Windows\System\DMjsBFa.exe
  2⤵
  PID:4312
- C:\Windows\System\vlXWujX.exe
  C:\Windows\System\vlXWujX.exe
  2⤵
  PID:4376
- C:\Windows\System\iqqiuZQ.exe
  C:\Windows\System\iqqiuZQ.exe
  2⤵
  PID:4444
- C:\Windows\System\AJCWgSl.exe
  C:\Windows\System\AJCWgSl.exe
  2⤵
  PID:4472
- C:\Windows\System\gkpIntZ.exe
  C:\Windows\System\gkpIntZ.exe
  2⤵
  PID:4536
- C:\Windows\System\LDWppqg.exe
  C:\Windows\System\LDWppqg.exe
  2⤵
  PID:4632
- C:\Windows\System\UQeuRPQ.exe
  C:\Windows\System\UQeuRPQ.exe
  2⤵
  PID:4696
- C:\Windows\System\CDSPccN.exe
  C:\Windows\System\CDSPccN.exe
  2⤵
  PID:4728
- C:\Windows\System\icOPlpf.exe
  C:\Windows\System\icOPlpf.exe
  2⤵
  PID:3796
- C:\Windows\System\ZbOvRtk.exe
  C:\Windows\System\ZbOvRtk.exe
  2⤵
  PID:4764
- C:\Windows\System\gxXHGZz.exe
  C:\Windows\System\gxXHGZz.exe
  2⤵
  PID:2984
- C:\Windows\System\OuVvEpg.exe
  C:\Windows\System\OuVvEpg.exe
  2⤵
  PID:892
- C:\Windows\System\yEUeusn.exe
  C:\Windows\System\yEUeusn.exe
  2⤵
  PID:1708
- C:\Windows\System\KyUSYPu.exe
  C:\Windows\System\KyUSYPu.exe
  2⤵
  PID:2200
- C:\Windows\System\SaPUkiK.exe
  C:\Windows\System\SaPUkiK.exe
  2⤵
  PID:2024
- C:\Windows\System\JcDKDtr.exe
  C:\Windows\System\JcDKDtr.exe
  2⤵
  PID:4836
- C:\Windows\System\TpjmuwW.exe
  C:\Windows\System\TpjmuwW.exe
  2⤵
  PID:2392
- C:\Windows\System\CTpDWvy.exe
  C:\Windows\System\CTpDWvy.exe
  2⤵
  PID:3172
- C:\Windows\System\hkhpjNo.exe
  C:\Windows\System\hkhpjNo.exe
  2⤵
  PID:4524
- C:\Windows\System\GBHaFGc.exe
  C:\Windows\System\GBHaFGc.exe
  2⤵
  PID:4588
- C:\Windows\System\LzfHzDo.exe
  C:\Windows\System\LzfHzDo.exe
  2⤵
  PID:4744
- C:\Windows\System\UTeZkoL.exe
  C:\Windows\System\UTeZkoL.exe
  2⤵
  PID:4424
- C:\Windows\System\JpjQvja.exe
  C:\Windows\System\JpjQvja.exe
  2⤵
  PID:4360
- C:\Windows\System\PeUwikg.exe
  C:\Windows\System\PeUwikg.exe
  2⤵
  PID:4296
- C:\Windows\System\ZBKgvPl.exe
  C:\Windows\System\ZBKgvPl.exe
  2⤵
  PID:4164
- C:\Windows\System\WTLVmba.exe
  C:\Windows\System\WTLVmba.exe
  2⤵
  PID:3560
- C:\Windows\System\gLkiXOC.exe
  C:\Windows\System\gLkiXOC.exe
  2⤵
  PID:2040
- C:\Windows\System\qBRENSu.exe
  C:\Windows\System\qBRENSu.exe
  2⤵
  PID:3472
- C:\Windows\System\SHyxDsy.exe
  C:\Windows\System\SHyxDsy.exe
  2⤵
  PID:3316
- C:\Windows\System\BpduLSQ.exe
  C:\Windows\System\BpduLSQ.exe
  2⤵
  PID:4856
- C:\Windows\System\lXSTkKR.exe
  C:\Windows\System\lXSTkKR.exe
  2⤵
  PID:4888
- C:\Windows\System\ECCAfBF.exe
  C:\Windows\System\ECCAfBF.exe
  2⤵
  PID:4908
- C:\Windows\System\ihDWwhp.exe
  C:\Windows\System\ihDWwhp.exe
  2⤵
  PID:2800
- C:\Windows\System\aXjubvo.exe
  C:\Windows\System\aXjubvo.exe
  2⤵
  PID:4952
- C:\Windows\System\ppppavC.exe
  C:\Windows\System\ppppavC.exe
  2⤵
  PID:4968
- C:\Windows\System\vABFvlP.exe
  C:\Windows\System\vABFvlP.exe
  2⤵
  PID:4984
- C:\Windows\System\OhEEnBL.exe
  C:\Windows\System\OhEEnBL.exe
  2⤵
  PID:5008
- C:\Windows\System\hxIUIWg.exe
  C:\Windows\System\hxIUIWg.exe
  2⤵
  PID:5028
- C:\Windows\System\PcqcQsd.exe
  C:\Windows\System\PcqcQsd.exe
  2⤵
  PID:5052
- C:\Windows\System\hsbWRlu.exe
  C:\Windows\System\hsbWRlu.exe
  2⤵
  PID:5068
- C:\Windows\System\HrRPiJi.exe
  C:\Windows\System\HrRPiJi.exe
  2⤵
  PID:3464
- C:\Windows\System\kdtLEzq.exe
  C:\Windows\System\kdtLEzq.exe
  2⤵
  PID:4212
- C:\Windows\System\SuDIdYo.exe
  C:\Windows\System\SuDIdYo.exe
  2⤵
  PID:3608
- C:\Windows\System\kUAAmLT.exe
  C:\Windows\System\kUAAmLT.exe
  2⤵
  PID:4600
- C:\Windows\System\jYzwqqT.exe
  C:\Windows\System\jYzwqqT.exe
  2⤵
  PID:1800
- C:\Windows\System\gCNtbug.exe
  C:\Windows\System\gCNtbug.exe
  2⤵
  PID:3024
- C:\Windows\System\VDugrAf.exe
  C:\Windows\System\VDugrAf.exe
  2⤵
  PID:5088
- C:\Windows\System\CWtDwjg.exe
  C:\Windows\System\CWtDwjg.exe
  2⤵
  PID:3928
- C:\Windows\System\LQpjWgE.exe
  C:\Windows\System\LQpjWgE.exe
  2⤵
  PID:1432
- C:\Windows\System\OgiEsUZ.exe
  C:\Windows\System\OgiEsUZ.exe
  2⤵
  PID:4144
- C:\Windows\System\EuwhbQT.exe
  C:\Windows\System\EuwhbQT.exe
  2⤵
  PID:2680
- C:\Windows\System\sruQTWz.exe
  C:\Windows\System\sruQTWz.exe
  2⤵
  PID:4652
- C:\Windows\System\SSZlXsj.exe
  C:\Windows\System\SSZlXsj.exe
  2⤵
  PID:1680
- C:\Windows\System\aehRREs.exe
  C:\Windows\System\aehRREs.exe
  2⤵
  PID:4796
- C:\Windows\System\hsiGbqA.exe
  C:\Windows\System\hsiGbqA.exe
  2⤵
  PID:4504
- C:\Windows\System\cYnjwRo.exe
  C:\Windows\System\cYnjwRo.exe
  2⤵
  PID:4280
- C:\Windows\System\fBUtRRj.exe
  C:\Windows\System\fBUtRRj.exe
  2⤵
  PID:4776
- C:\Windows\System\TKgMLAb.exe
  C:\Windows\System\TKgMLAb.exe
  2⤵
  PID:4820
- C:\Windows\System\pBSWtYP.exe
  C:\Windows\System\pBSWtYP.exe
  2⤵
  PID:4428
- C:\Windows\System\nDEdZrK.exe
  C:\Windows\System\nDEdZrK.exe
  2⤵
  PID:4132
- C:\Windows\System\qbfkmcF.exe
  C:\Windows\System\qbfkmcF.exe
  2⤵
  PID:3700
- C:\Windows\System\pWMEapX.exe
  C:\Windows\System\pWMEapX.exe
  2⤵
  PID:2584
- C:\Windows\System\DGKuwFs.exe
  C:\Windows\System\DGKuwFs.exe
  2⤵
  PID:4232
- C:\Windows\System\RNDErRG.exe
  C:\Windows\System\RNDErRG.exe
  2⤵
  PID:3120
- C:\Windows\System\sPIqZDa.exe
  C:\Windows\System\sPIqZDa.exe
  2⤵
  PID:4868
- C:\Windows\System\pkqNjle.exe
  C:\Windows\System\pkqNjle.exe
  2⤵
  PID:4880
- C:\Windows\System\wpOZQih.exe
  C:\Windows\System\wpOZQih.exe
  2⤵
  PID:4980
- C:\Windows\System\TYnFikq.exe
  C:\Windows\System\TYnFikq.exe
  2⤵
  PID:4960
- C:\Windows\System\yFTMrpv.exe
  C:\Windows\System\yFTMrpv.exe
  2⤵
  PID:5004
- C:\Windows\System\neUHxCI.exe
  C:\Windows\System\neUHxCI.exe
  2⤵
  PID:5048
- C:\Windows\System\sVDRsOd.exe
  C:\Windows\System\sVDRsOd.exe
  2⤵
  PID:1528
- C:\Windows\System\TaiocIb.exe
  C:\Windows\System\TaiocIb.exe
  2⤵
  PID:2848
- C:\Windows\System\XhWaZkF.exe
  C:\Windows\System\XhWaZkF.exe
  2⤵
  PID:3284
- C:\Windows\System\hRMGDor.exe
  C:\Windows\System\hRMGDor.exe
  2⤵
  PID:324
- C:\Windows\System\iMDiCcR.exe
  C:\Windows\System\iMDiCcR.exe
  2⤵
  PID:3716
- C:\Windows\System\HdaxfBS.exe
  C:\Windows\System\HdaxfBS.exe
  2⤵
  PID:3840
- C:\Windows\System\XHSqAoH.exe
  C:\Windows\System\XHSqAoH.exe
  2⤵
  PID:3980
- C:\Windows\System\oWsaVCh.exe
  C:\Windows\System\oWsaVCh.exe
  2⤵
  PID:4520
- C:\Windows\System\OXCKZDv.exe
  C:\Windows\System\OXCKZDv.exe
  2⤵
  PID:2652
- C:\Windows\System\ZVcgWJr.exe
  C:\Windows\System\ZVcgWJr.exe
  2⤵
  PID:3240
- C:\Windows\System\calTYsf.exe
  C:\Windows\System\calTYsf.exe
  2⤵
  PID:5044
- C:\Windows\System\msFifwH.exe
  C:\Windows\System\msFifwH.exe
  2⤵
  PID:2696
- C:\Windows\System\GiaUOLJ.exe
  C:\Windows\System\GiaUOLJ.exe
  2⤵
  PID:4412
- C:\Windows\System\JHOxWQi.exe
  C:\Windows\System\JHOxWQi.exe
  2⤵
  PID:3068
- C:\Windows\System\ULOwIGq.exe
  C:\Windows\System\ULOwIGq.exe
  2⤵
  PID:1136
- C:\Windows\System\RGhgfdV.exe
  C:\Windows\System\RGhgfdV.exe
  2⤵
  PID:1316
- C:\Windows\System\CCLgdkS.exe
  C:\Windows\System\CCLgdkS.exe
  2⤵
  PID:4664
- C:\Windows\System\eZJijhC.exe
  C:\Windows\System\eZJijhC.exe
  2⤵
  PID:2908
- C:\Windows\System\nRJLSJj.exe
  C:\Windows\System\nRJLSJj.exe
  2⤵
  PID:4456
- C:\Windows\System\ttGdJas.exe
  C:\Windows\System\ttGdJas.exe
  2⤵
  PID:5072
- C:\Windows\System\rhwZLAW.exe
  C:\Windows\System\rhwZLAW.exe
  2⤵
  PID:3320
- C:\Windows\System\aOstWtF.exe
  C:\Windows\System\aOstWtF.exe
  2⤵
  PID:4812
- C:\Windows\System\rbWCgKi.exe
  C:\Windows\System\rbWCgKi.exe
  2⤵
  PID:2756
- C:\Windows\System\JyZeIHC.exe
  C:\Windows\System\JyZeIHC.exe
  2⤵
  PID:3572
- C:\Windows\System\VbYZPjj.exe
  C:\Windows\System\VbYZPjj.exe
  2⤵
  PID:4996
- C:\Windows\System\iiDumUo.exe
  C:\Windows\System\iiDumUo.exe
  2⤵
  PID:3156
- C:\Windows\System\cyxACWv.exe
  C:\Windows\System\cyxACWv.exe
  2⤵
  PID:5024
- C:\Windows\System\mVoLbZm.exe
  C:\Windows\System\mVoLbZm.exe
  2⤵
  PID:4348
- C:\Windows\System\XZZDwKc.exe
  C:\Windows\System\XZZDwKc.exe
  2⤵
  PID:5136
- C:\Windows\System\VAxvFMU.exe
  C:\Windows\System\VAxvFMU.exe
  2⤵
  PID:5160
- C:\Windows\System\MrSsrDa.exe
  C:\Windows\System\MrSsrDa.exe
  2⤵
  PID:5176
- C:\Windows\System\NyzGoeK.exe
  C:\Windows\System\NyzGoeK.exe
  2⤵
  PID:5200
- C:\Windows\System\wTglQTl.exe
  C:\Windows\System\wTglQTl.exe
  2⤵
  PID:5220
- C:\Windows\System\hZLfGcZ.exe
  C:\Windows\System\hZLfGcZ.exe
  2⤵
  PID:5240
- C:\Windows\System\bdYculI.exe
  C:\Windows\System\bdYculI.exe
  2⤵
  PID:5260
- C:\Windows\System\EgoRbsi.exe
  C:\Windows\System\EgoRbsi.exe
  2⤵
  PID:5280
- C:\Windows\System\YtBRHAN.exe
  C:\Windows\System\YtBRHAN.exe
  2⤵
  PID:5300
- C:\Windows\System\tSnaPHD.exe
  C:\Windows\System\tSnaPHD.exe
  2⤵
  PID:5320
- C:\Windows\System\umXFDfa.exe
  C:\Windows\System\umXFDfa.exe
  2⤵
  PID:5340
- C:\Windows\System\lKMJHWL.exe
  C:\Windows\System\lKMJHWL.exe
  2⤵
  PID:5356
- C:\Windows\System\bftlPjQ.exe
  C:\Windows\System\bftlPjQ.exe
  2⤵
  PID:5376
- C:\Windows\System\QPQbavL.exe
  C:\Windows\System\QPQbavL.exe
  2⤵
  PID:5400
- C:\Windows\System\wfwkqoO.exe
  C:\Windows\System\wfwkqoO.exe
  2⤵
  PID:5416
- C:\Windows\System\QwApIdV.exe
  C:\Windows\System\QwApIdV.exe
  2⤵
  PID:5432
- C:\Windows\System\VSxMKAR.exe
  C:\Windows\System\VSxMKAR.exe
  2⤵
  PID:5448
- C:\Windows\System\eioyABZ.exe
  C:\Windows\System\eioyABZ.exe
  2⤵
  PID:5472
- C:\Windows\System\WMJKQeh.exe
  C:\Windows\System\WMJKQeh.exe
  2⤵
  PID:5492
- C:\Windows\System\fvdpKQI.exe
  C:\Windows\System\fvdpKQI.exe
  2⤵
  PID:5508
- C:\Windows\System\QMsXbRR.exe
  C:\Windows\System\QMsXbRR.exe
  2⤵
  PID:5524
- C:\Windows\System\zdEleYe.exe
  C:\Windows\System\zdEleYe.exe
  2⤵
  PID:5548
- C:\Windows\System\zWxTzVh.exe
  C:\Windows\System\zWxTzVh.exe
  2⤵
  PID:5572
- C:\Windows\System\WgXQThW.exe
  C:\Windows\System\WgXQThW.exe
  2⤵
  PID:5592
- C:\Windows\System\COMWMvq.exe
  C:\Windows\System\COMWMvq.exe
  2⤵
  PID:5616
- C:\Windows\System\rXMfnNX.exe
  C:\Windows\System\rXMfnNX.exe
  2⤵
  PID:5632
- C:\Windows\System\oudQhyI.exe
  C:\Windows\System\oudQhyI.exe
  2⤵
  PID:5648
- C:\Windows\System\UQMbIzZ.exe
  C:\Windows\System\UQMbIzZ.exe
  2⤵
  PID:5668
- C:\Windows\System\lSLzfTW.exe
  C:\Windows\System\lSLzfTW.exe
  2⤵
  PID:5684
- C:\Windows\System\YgKMJRf.exe
  C:\Windows\System\YgKMJRf.exe
  2⤵
  PID:5700
- C:\Windows\System\jeuBhmT.exe
  C:\Windows\System\jeuBhmT.exe
  2⤵
  PID:5720
- C:\Windows\System\DhqQdHz.exe
  C:\Windows\System\DhqQdHz.exe
  2⤵
  PID:5736
- C:\Windows\System\CPOPzMg.exe
  C:\Windows\System\CPOPzMg.exe
  2⤵
  PID:5756
- C:\Windows\System\IoyagNH.exe
  C:\Windows\System\IoyagNH.exe
  2⤵
  PID:5772
- C:\Windows\System\zMdMAVT.exe
  C:\Windows\System\zMdMAVT.exe
  2⤵
  PID:5792
- C:\Windows\System\jJxWbVo.exe
  C:\Windows\System\jJxWbVo.exe
  2⤵
  PID:5808
- C:\Windows\System\SqyapBj.exe
  C:\Windows\System\SqyapBj.exe
  2⤵
  PID:5824
- C:\Windows\System\jNCFJVj.exe
  C:\Windows\System\jNCFJVj.exe
  2⤵
  PID:5852
- C:\Windows\System\ubkuAly.exe
  C:\Windows\System\ubkuAly.exe
  2⤵
  PID:5872
- C:\Windows\System\MyzNTAY.exe
  C:\Windows\System\MyzNTAY.exe
  2⤵
  PID:5892
- C:\Windows\System\CBTxCcA.exe
  C:\Windows\System\CBTxCcA.exe
  2⤵
  PID:5912
- C:\Windows\System\VduANsZ.exe
  C:\Windows\System\VduANsZ.exe
  2⤵
  PID:5960
- C:\Windows\System\rxdNbZo.exe
  C:\Windows\System\rxdNbZo.exe
  2⤵
  PID:5980
- C:\Windows\System\fGDBxrb.exe
  C:\Windows\System\fGDBxrb.exe
  2⤵
  PID:5996
- C:\Windows\System\qkHFgDT.exe
  C:\Windows\System\qkHFgDT.exe
  2⤵
  PID:6016
- C:\Windows\System\tEBrHud.exe
  C:\Windows\System\tEBrHud.exe
  2⤵
  PID:6040
- C:\Windows\System\FsFOyjr.exe
  C:\Windows\System\FsFOyjr.exe
  2⤵
  PID:6056
- C:\Windows\System\FUoFmtT.exe
  C:\Windows\System\FUoFmtT.exe
  2⤵
  PID:6076
- C:\Windows\System\vojXHJr.exe
  C:\Windows\System\vojXHJr.exe
  2⤵
  PID:6092
- C:\Windows\System\WfgaXlI.exe
  C:\Windows\System\WfgaXlI.exe
  2⤵
  PID:6108
- C:\Windows\System\AWNVSTd.exe
  C:\Windows\System\AWNVSTd.exe
  2⤵
  PID:6124
- C:\Windows\System\vyhMVQT.exe
  C:\Windows\System\vyhMVQT.exe
  2⤵
  PID:1092
- C:\Windows\System\BkWXzXl.exe
  C:\Windows\System\BkWXzXl.exe
  2⤵
  PID:4328
- C:\Windows\System\BPLQaSx.exe
  C:\Windows\System\BPLQaSx.exe
  2⤵
  PID:4300
- C:\Windows\System\iLlIQtZ.exe
  C:\Windows\System\iLlIQtZ.exe
  2⤵
  PID:4948
- C:\Windows\System\ydiNqZJ.exe
  C:\Windows\System\ydiNqZJ.exe
  2⤵
  PID:4408
- C:\Windows\System\BFkXsEQ.exe
  C:\Windows\System\BFkXsEQ.exe
  2⤵
  PID:3596
- C:\Windows\System\zVVfeDQ.exe
  C:\Windows\System\zVVfeDQ.exe
  2⤵
  PID:2772
- C:\Windows\System\DiPElwY.exe
  C:\Windows\System\DiPElwY.exe
  2⤵
  PID:4872
- C:\Windows\System\iLQPBGn.exe
  C:\Windows\System\iLQPBGn.exe
  2⤵
  PID:5148
- C:\Windows\System\RXUgdjB.exe
  C:\Windows\System\RXUgdjB.exe
  2⤵
  PID:5192
- C:\Windows\System\XQkRTMk.exe
  C:\Windows\System\XQkRTMk.exe
  2⤵
  PID:5132
- C:\Windows\System\rIgIMli.exe
  C:\Windows\System\rIgIMli.exe
  2⤵
  PID:5168
- C:\Windows\System\VSSAEsW.exe
  C:\Windows\System\VSSAEsW.exe
  2⤵
  PID:5312
- C:\Windows\System\FkaMEag.exe
  C:\Windows\System\FkaMEag.exe
  2⤵
  PID:5384
- C:\Windows\System\MZbOOnZ.exe
  C:\Windows\System\MZbOOnZ.exe
  2⤵
  PID:5212
- C:\Windows\System\ksoAtSP.exe
  C:\Windows\System\ksoAtSP.exe
  2⤵
  PID:5460
- C:\Windows\System\qgdKEgQ.exe
  C:\Windows\System\qgdKEgQ.exe
  2⤵
  PID:5504
- C:\Windows\System\GzEabsU.exe
  C:\Windows\System\GzEabsU.exe
  2⤵
  PID:5544
- C:\Windows\System\UpcUAke.exe
  C:\Windows\System\UpcUAke.exe
  2⤵
  PID:5588
- C:\Windows\System\wUFYYrx.exe
  C:\Windows\System\wUFYYrx.exe
  2⤵
  PID:5656
- C:\Windows\System\DWCwruw.exe
  C:\Windows\System\DWCwruw.exe
  2⤵
  PID:5728
- C:\Windows\System\KJvxzZQ.exe
  C:\Windows\System\KJvxzZQ.exe
  2⤵
  PID:5768
- C:\Windows\System\sQbWuho.exe
  C:\Windows\System\sQbWuho.exe
  2⤵
  PID:5832
- C:\Windows\System\XsISYgm.exe
  C:\Windows\System\XsISYgm.exe
  2⤵
  PID:5336
- C:\Windows\System\aytuTNO.exe
  C:\Windows\System\aytuTNO.exe
  2⤵
  PID:5372
- C:\Windows\System\qdZWmYZ.exe
  C:\Windows\System\qdZWmYZ.exe
  2⤵
  PID:5488
- C:\Windows\System\kRTfxII.exe
  C:\Windows\System\kRTfxII.exe
  2⤵
  PID:5880
- C:\Windows\System\vLBnVCZ.exe
  C:\Windows\System\vLBnVCZ.exe
  2⤵
  PID:5600
- C:\Windows\System\cIiyROg.exe
  C:\Windows\System\cIiyROg.exe
  2⤵
  PID:5920
- C:\Windows\System\xgGSLoE.exe
  C:\Windows\System\xgGSLoE.exe
  2⤵
  PID:5936
- C:\Windows\System\NiNSYXr.exe
  C:\Windows\System\NiNSYXr.exe
  2⤵
  PID:5956
- C:\Windows\System\ZxMCrZO.exe
  C:\Windows\System\ZxMCrZO.exe
  2⤵
  PID:5864
- C:\Windows\System\BdqyJeo.exe
  C:\Windows\System\BdqyJeo.exe
  2⤵
  PID:5904
- C:\Windows\System\zwbbxwv.exe
  C:\Windows\System\zwbbxwv.exe
  2⤵
  PID:5860
- C:\Windows\System\xgxuuPv.exe
  C:\Windows\System\xgxuuPv.exe
  2⤵
  PID:5752
- C:\Windows\System\hnZygTI.exe
  C:\Windows\System\hnZygTI.exe
  2⤵
  PID:5680
- C:\Windows\System\zqSPkTE.exe
  C:\Windows\System\zqSPkTE.exe
  2⤵
  PID:6024
- C:\Windows\System\WGmPIbg.exe
  C:\Windows\System\WGmPIbg.exe
  2⤵
  PID:6064
- C:\Windows\System\BDKKxSs.exe
  C:\Windows\System\BDKKxSs.exe
  2⤵
  PID:6100
- C:\Windows\System\WcoeFUF.exe
  C:\Windows\System\WcoeFUF.exe
  2⤵
  PID:6004
- C:\Windows\System\IZieEoG.exe
  C:\Windows\System\IZieEoG.exe
  2⤵
  PID:6140
- C:\Windows\System\tbuhFEg.exe
  C:\Windows\System\tbuhFEg.exe
  2⤵
  PID:3760
- C:\Windows\System\LeGUANf.exe
  C:\Windows\System\LeGUANf.exe
  2⤵
  PID:6048
- C:\Windows\System\mmrNvJY.exe
  C:\Windows\System\mmrNvJY.exe
  2⤵
  PID:2244
- C:\Windows\System\bZNPViW.exe
  C:\Windows\System\bZNPViW.exe
  2⤵
  PID:584
- C:\Windows\System\bDLMveR.exe
  C:\Windows\System\bDLMveR.exe
  2⤵
  PID:1632
- C:\Windows\System\hVnwUFw.exe
  C:\Windows\System\hVnwUFw.exe
  2⤵
  PID:2616
- C:\Windows\System\PKUnWOy.exe
  C:\Windows\System\PKUnWOy.exe
  2⤵
  PID:5000
- C:\Windows\System\RpgHQaQ.exe
  C:\Windows\System\RpgHQaQ.exe
  2⤵
  PID:1100
- C:\Windows\System\oFbNhyJ.exe
  C:\Windows\System\oFbNhyJ.exe
  2⤵
  PID:5092
- C:\Windows\System\RmzVoLt.exe
  C:\Windows\System\RmzVoLt.exe
  2⤵
  PID:5144
- C:\Windows\System\eCUMuUQ.exe
  C:\Windows\System\eCUMuUQ.exe
  2⤵
  PID:5064
- C:\Windows\System\WpZnbgv.exe
  C:\Windows\System\WpZnbgv.exe
  2⤵
  PID:4604
- C:\Windows\System\dZDTotH.exe
  C:\Windows\System\dZDTotH.exe
  2⤵
  PID:5388
- C:\Windows\System\oejwiOA.exe
  C:\Windows\System\oejwiOA.exe
  2⤵
  PID:5580
- C:\Windows\System\iOjQHvw.exe
  C:\Windows\System\iOjQHvw.exe
  2⤵
  PID:5196
- C:\Windows\System\rrjNsUe.exe
  C:\Windows\System\rrjNsUe.exe
  2⤵
  PID:5696
- C:\Windows\System\QOaJjdU.exe
  C:\Windows\System\QOaJjdU.exe
  2⤵
  PID:5288
- C:\Windows\System\LGWtEbN.exe
  C:\Windows\System\LGWtEbN.exe
  2⤵
  PID:5352
- C:\Windows\System\ASPCmkI.exe
  C:\Windows\System\ASPCmkI.exe
  2⤵
  PID:1264
- C:\Windows\System\rPwYabI.exe
  C:\Windows\System\rPwYabI.exe
  2⤵
  PID:5456
- C:\Windows\System\OvphEbI.exe
  C:\Windows\System\OvphEbI.exe
  2⤵
  PID:5532
- C:\Windows\System\UzPVice.exe
  C:\Windows\System\UzPVice.exe
  2⤵
  PID:5612
- C:\Windows\System\HYkmuYz.exe
  C:\Windows\System\HYkmuYz.exe
  2⤵
  PID:348
- C:\Windows\System\aqsqqaR.exe
  C:\Windows\System\aqsqqaR.exe
  2⤵
  PID:5944
- C:\Windows\System\VXbPbYN.exe
  C:\Windows\System\VXbPbYN.exe
  2⤵
  PID:5712
- C:\Windows\System\yMcBWgT.exe
  C:\Windows\System\yMcBWgT.exe
  2⤵
  PID:5900
- C:\Windows\System\KFEeBps.exe
  C:\Windows\System\KFEeBps.exe
  2⤵
  PID:5644
- C:\Windows\System\jHVUwGj.exe
  C:\Windows\System\jHVUwGj.exe
  2⤵
  PID:5328
- C:\Windows\System\bYQBGMF.exe
  C:\Windows\System\bYQBGMF.exe
  2⤵
  PID:5248
- C:\Windows\System\JTMkVbT.exe
  C:\Windows\System\JTMkVbT.exe
  2⤵
  PID:2712
- C:\Windows\System\mzfQgbs.exe
  C:\Windows\System\mzfQgbs.exe
  2⤵
  PID:5444
- C:\Windows\System\oyBlFkJ.exe
  C:\Windows\System\oyBlFkJ.exe
  2⤵
  PID:6136
- C:\Windows\System\PQmZrRL.exe
  C:\Windows\System\PQmZrRL.exe
  2⤵
  PID:6120
- C:\Windows\System\gxqTVcX.exe
  C:\Windows\System\gxqTVcX.exe
  2⤵
  PID:4944
- C:\Windows\System\bWmNQLZ.exe
  C:\Windows\System\bWmNQLZ.exe
  2⤵
  PID:2764
- C:\Windows\System\fJsVKLg.exe
  C:\Windows\System\fJsVKLg.exe
  2⤵
  PID:5888
- C:\Windows\System\dumGYzi.exe
  C:\Windows\System\dumGYzi.exe
  2⤵
  PID:5972
- C:\Windows\System\EGvnGLK.exe
  C:\Windows\System\EGvnGLK.exe
  2⤵
  PID:3332
- C:\Windows\System\QLvrvhq.exe
  C:\Windows\System\QLvrvhq.exe
  2⤵
  PID:6028
- C:\Windows\System\YClYvQS.exe
  C:\Windows\System\YClYvQS.exe
  2⤵
  PID:5640
- C:\Windows\System\ZAzGBZQ.exe
  C:\Windows\System\ZAzGBZQ.exe
  2⤵
  PID:1476
- C:\Windows\System\zDIoLIZ.exe
  C:\Windows\System\zDIoLIZ.exe
  2⤵
  PID:5316
- C:\Windows\System\bzgRqAP.exe
  C:\Windows\System\bzgRqAP.exe
  2⤵
  PID:4584
- C:\Windows\System\wuMKkhA.exe
  C:\Windows\System\wuMKkhA.exe
  2⤵
  PID:5396
- C:\Windows\System\DhtxHiN.exe
  C:\Windows\System\DhtxHiN.exe
  2⤵
  PID:4460
- C:\Windows\System\XHKnteJ.exe
  C:\Windows\System\XHKnteJ.exe
  2⤵
  PID:5188
- C:\Windows\System\IogGnyd.exe
  C:\Windows\System\IogGnyd.exe
  2⤵
  PID:5364
- C:\Windows\System\FIlpijV.exe
  C:\Windows\System\FIlpijV.exe
  2⤵
  PID:5556
- C:\Windows\System\LPHWEcy.exe
  C:\Windows\System\LPHWEcy.exe
  2⤵
  PID:948
- C:\Windows\System\EjHzBWT.exe
  C:\Windows\System\EjHzBWT.exe
  2⤵
  PID:5868
- C:\Windows\System\aIcoXmY.exe
  C:\Windows\System\aIcoXmY.exe
  2⤵
  PID:5788
- C:\Windows\System\MJHiEdY.exe
  C:\Windows\System\MJHiEdY.exe
  2⤵
  PID:5624
- C:\Windows\System\hBwwxZO.exe
  C:\Windows\System\hBwwxZO.exe
  2⤵
  PID:5480
- C:\Windows\System\WGTbvvx.exe
  C:\Windows\System\WGTbvvx.exe
  2⤵
  PID:3864
- C:\Windows\System\ooTzfgR.exe
  C:\Windows\System\ooTzfgR.exe
  2⤵
  PID:5564
- C:\Windows\System\RcmhoLE.exe
  C:\Windows\System\RcmhoLE.exe
  2⤵
  PID:2872
- C:\Windows\System\MdRAjwF.exe
  C:\Windows\System\MdRAjwF.exe
  2⤵
  PID:5988
- C:\Windows\System\iCLnSAu.exe
  C:\Windows\System\iCLnSAu.exe
  2⤵
  PID:5152
- C:\Windows\System\wuPENLu.exe
  C:\Windows\System\wuPENLu.exe
  2⤵
  PID:5540
- C:\Windows\System\QiGWmlv.exe
  C:\Windows\System\QiGWmlv.exe
  2⤵
  PID:5804
- C:\Windows\System\EcwXUnw.exe
  C:\Windows\System\EcwXUnw.exe
  2⤵
  PID:5428
- C:\Windows\System\IlLvWiB.exe
  C:\Windows\System\IlLvWiB.exe
  2⤵
  PID:2512
- C:\Windows\System\aZupSfw.exe
  C:\Windows\System\aZupSfw.exe
  2⤵
  PID:5368
- C:\Windows\System\RMicznA.exe
  C:\Windows\System\RMicznA.exe
  2⤵
  PID:5412
- C:\Windows\System\BcHNGsa.exe
  C:\Windows\System\BcHNGsa.exe
  2⤵
  PID:5968
- C:\Windows\System\ROFEUNI.exe
  C:\Windows\System\ROFEUNI.exe
  2⤵
  PID:4344
- C:\Windows\System\LPmTtSV.exe
  C:\Windows\System\LPmTtSV.exe
  2⤵
  PID:6036
- C:\Windows\System\bXdJydk.exe
  C:\Windows\System\bXdJydk.exe
  2⤵
  PID:1964
- C:\Windows\System\TFjJUZE.exe
  C:\Windows\System\TFjJUZE.exe
  2⤵
  PID:5780
- C:\Windows\System\UCKQkbh.exe
  C:\Windows\System\UCKQkbh.exe
  2⤵
  PID:5256
- C:\Windows\System\iHezxbK.exe
  C:\Windows\System\iHezxbK.exe
  2⤵
  PID:5844
- C:\Windows\System\MKRdxOY.exe
  C:\Windows\System\MKRdxOY.exe
  2⤵
  PID:2608
- C:\Windows\System\IoWJlNm.exe
  C:\Windows\System\IoWJlNm.exe
  2⤵
  PID:6148
- C:\Windows\System\PCrtoaB.exe
  C:\Windows\System\PCrtoaB.exe
  2⤵
  PID:6164
- C:\Windows\System\DOiEAqK.exe
  C:\Windows\System\DOiEAqK.exe
  2⤵
  PID:6180
- C:\Windows\System\kWkFRRY.exe
  C:\Windows\System\kWkFRRY.exe
  2⤵
  PID:6196
- C:\Windows\System\QcElPOr.exe
  C:\Windows\System\QcElPOr.exe
  2⤵
  PID:6212
- C:\Windows\System\cDvvbaj.exe
  C:\Windows\System\cDvvbaj.exe
  2⤵
  PID:6228
- C:\Windows\System\ZJCmNNe.exe
  C:\Windows\System\ZJCmNNe.exe
  2⤵
  PID:6244
- C:\Windows\System\YZeHHDR.exe
  C:\Windows\System\YZeHHDR.exe
  2⤵
  PID:6268
- C:\Windows\System\GUcsBTJ.exe
  C:\Windows\System\GUcsBTJ.exe
  2⤵
  PID:6288
- C:\Windows\System\tjEKLxE.exe
  C:\Windows\System\tjEKLxE.exe
  2⤵
  PID:6332
- C:\Windows\System\EhgnuMl.exe
  C:\Windows\System\EhgnuMl.exe
  2⤵
  PID:6384
- C:\Windows\System\cokGLeQ.exe
  C:\Windows\System\cokGLeQ.exe
  2⤵
  PID:6404
- C:\Windows\System\BOGzmXj.exe
  C:\Windows\System\BOGzmXj.exe
  2⤵
  PID:6420
- C:\Windows\System\jPRhtpI.exe
  C:\Windows\System\jPRhtpI.exe
  2⤵
  PID:6436
- C:\Windows\System\BoMOWtz.exe
  C:\Windows\System\BoMOWtz.exe
  2⤵
  PID:6452
- C:\Windows\System\SfwCTGb.exe
  C:\Windows\System\SfwCTGb.exe
  2⤵
  PID:6468
- C:\Windows\System\mSihOQh.exe
  C:\Windows\System\mSihOQh.exe
  2⤵
  PID:6484
- C:\Windows\System\HrWuvbn.exe
  C:\Windows\System\HrWuvbn.exe
  2⤵
  PID:6500
- C:\Windows\System\HbZqxiP.exe
  C:\Windows\System\HbZqxiP.exe
  2⤵
  PID:6516
- C:\Windows\System\DFYPfLQ.exe
  C:\Windows\System\DFYPfLQ.exe
  2⤵
  PID:6532
- C:\Windows\System\jZwjSAs.exe
  C:\Windows\System\jZwjSAs.exe
  2⤵
  PID:6552
- C:\Windows\System\VDBxzaK.exe
  C:\Windows\System\VDBxzaK.exe
  2⤵
  PID:6568
- C:\Windows\System\ELcQUCC.exe
  C:\Windows\System\ELcQUCC.exe
  2⤵
  PID:6584
- C:\Windows\System\MMExwMP.exe
  C:\Windows\System\MMExwMP.exe
  2⤵
  PID:6600
- C:\Windows\System\uClIXSd.exe
  C:\Windows\System\uClIXSd.exe
  2⤵
  PID:6616
- C:\Windows\System\bYjITpI.exe
  C:\Windows\System\bYjITpI.exe
  2⤵
  PID:6632
- C:\Windows\System\oxKATXo.exe
  C:\Windows\System\oxKATXo.exe
  2⤵
  PID:6648
- C:\Windows\System\cvWxxOh.exe
  C:\Windows\System\cvWxxOh.exe
  2⤵
  PID:6664
- C:\Windows\System\QOqfiVL.exe
  C:\Windows\System\QOqfiVL.exe
  2⤵
  PID:6684
- C:\Windows\System\BPVayXX.exe
  C:\Windows\System\BPVayXX.exe
  2⤵
  PID:6724
- C:\Windows\System\zplCnRw.exe
  C:\Windows\System\zplCnRw.exe
  2⤵
  PID:6740
- C:\Windows\System\oxLvBXo.exe
  C:\Windows\System\oxLvBXo.exe
  2⤵
  PID:6764
- C:\Windows\System\ltvfmbQ.exe
  C:\Windows\System\ltvfmbQ.exe
  2⤵
  PID:6780
- C:\Windows\System\QsBQHwe.exe
  C:\Windows\System\QsBQHwe.exe
  2⤵
  PID:6800
- C:\Windows\System\SPFnDwE.exe
  C:\Windows\System\SPFnDwE.exe
  2⤵
  PID:6816
- C:\Windows\System\RdHsyci.exe
  C:\Windows\System\RdHsyci.exe
  2⤵
  PID:6844
- C:\Windows\System\bfnVtjc.exe
  C:\Windows\System\bfnVtjc.exe
  2⤵
  PID:6864
- C:\Windows\System\gTnizVS.exe
  C:\Windows\System\gTnizVS.exe
  2⤵
  PID:6880
- C:\Windows\System\QypbPJq.exe
  C:\Windows\System\QypbPJq.exe
  2⤵
  PID:6896
- C:\Windows\System\pamKjHs.exe
  C:\Windows\System\pamKjHs.exe
  2⤵
  PID:6920
- C:\Windows\System\cacPVmL.exe
  C:\Windows\System\cacPVmL.exe
  2⤵
  PID:6936
- C:\Windows\System\ATKvScM.exe
  C:\Windows\System\ATKvScM.exe
  2⤵
  PID:6952
- C:\Windows\System\uRqHEdz.exe
  C:\Windows\System\uRqHEdz.exe
  2⤵
  PID:6968
- C:\Windows\System\nmNOznP.exe
  C:\Windows\System\nmNOznP.exe
  2⤵
  PID:6984
- C:\Windows\System\DNReMfe.exe
  C:\Windows\System\DNReMfe.exe
  2⤵
  PID:7000
- C:\Windows\System\nvEGVaT.exe
  C:\Windows\System\nvEGVaT.exe
  2⤵
  PID:7016
- C:\Windows\System\ZBfuckp.exe
  C:\Windows\System\ZBfuckp.exe
  2⤵
  PID:7032
- C:\Windows\System\GjvNybh.exe
  C:\Windows\System\GjvNybh.exe
  2⤵
  PID:7048
- C:\Windows\System\dWZGcMW.exe
  C:\Windows\System\dWZGcMW.exe
  2⤵
  PID:7064
- C:\Windows\System\qbMEElW.exe
  C:\Windows\System\qbMEElW.exe
  2⤵
  PID:7080
- C:\Windows\System\IJTLZaV.exe
  C:\Windows\System\IJTLZaV.exe
  2⤵
  PID:7096
- C:\Windows\System\fIBNSdJ.exe
  C:\Windows\System\fIBNSdJ.exe
  2⤵
  PID:7112
- C:\Windows\System\SpPSukK.exe
  C:\Windows\System\SpPSukK.exe
  2⤵
  PID:7128
- C:\Windows\System\cipuhkq.exe
  C:\Windows\System\cipuhkq.exe
  2⤵
  PID:7144
- C:\Windows\System\SIdDgrW.exe
  C:\Windows\System\SIdDgrW.exe
  2⤵
  PID:7160
- C:\Windows\System\vnkbOpq.exe
  C:\Windows\System\vnkbOpq.exe
  2⤵
  PID:4668
- C:\Windows\System\XSuOCuo.exe
  C:\Windows\System\XSuOCuo.exe
  2⤵
  PID:3724
- C:\Windows\System\GkETmWI.exe
  C:\Windows\System\GkETmWI.exe
  2⤵
  PID:6224
- C:\Windows\System\AYKDiCO.exe
  C:\Windows\System\AYKDiCO.exe
  2⤵
  PID:6252
- C:\Windows\System\SRhjzNX.exe
  C:\Windows\System\SRhjzNX.exe
  2⤵
  PID:6296
- C:\Windows\System\SvAiaJe.exe
  C:\Windows\System\SvAiaJe.exe
  2⤵
  PID:6308
- C:\Windows\System\kpTdfbD.exe
  C:\Windows\System\kpTdfbD.exe
  2⤵
  PID:6324
- C:\Windows\System\tmVNdpU.exe
  C:\Windows\System\tmVNdpU.exe
  2⤵
  PID:6396
- C:\Windows\System\gQEJFIV.exe
  C:\Windows\System\gQEJFIV.exe
  2⤵
  PID:4236
- C:\Windows\System\JwIzMfc.exe
  C:\Windows\System\JwIzMfc.exe
  2⤵
  PID:6432
- C:\Windows\System\YMokQhr.exe
  C:\Windows\System\YMokQhr.exe
  2⤵
  PID:6464
- C:\Windows\System\pGiGoPb.exe
  C:\Windows\System\pGiGoPb.exe
  2⤵
  PID:2516
- C:\Windows\System\MjaXkSb.exe
  C:\Windows\System\MjaXkSb.exe
  2⤵
  PID:6176
- C:\Windows\System\SJsmXBN.exe
  C:\Windows\System\SJsmXBN.exe
  2⤵
  PID:6344
- C:\Windows\System\NBVTGAa.exe
  C:\Windows\System\NBVTGAa.exe
  2⤵
  PID:6360
- C:\Windows\System\yTtkTUG.exe
  C:\Windows\System\yTtkTUG.exe
  2⤵
  PID:6416
- C:\Windows\System\fbeCgwc.exe
  C:\Windows\System\fbeCgwc.exe
  2⤵
  PID:6508
- C:\Windows\System\KfLriaP.exe
  C:\Windows\System\KfLriaP.exe
  2⤵
  PID:6412
- C:\Windows\System\dCFcifw.exe
  C:\Windows\System\dCFcifw.exe
  2⤵
  PID:6280
- C:\Windows\System\xMCPYiu.exe
  C:\Windows\System\xMCPYiu.exe
  2⤵
  PID:6544
- C:\Windows\System\dsYQBpG.exe
  C:\Windows\System\dsYQBpG.exe
  2⤵
  PID:6624
- C:\Windows\System\DnwBSyA.exe
  C:\Windows\System\DnwBSyA.exe
  2⤵
  PID:6692
- C:\Windows\System\HwlLOCz.exe
  C:\Windows\System\HwlLOCz.exe
  2⤵
  PID:6708
- C:\Windows\System\uHsZrDJ.exe
  C:\Windows\System\uHsZrDJ.exe
  2⤵
  PID:6748
- C:\Windows\System\oFXTSJF.exe
  C:\Windows\System\oFXTSJF.exe
  2⤵
  PID:6788
- C:\Windows\System\pyzkFTd.exe
  C:\Windows\System\pyzkFTd.exe
  2⤵
  PID:1752
- C:\Windows\System\vpfaxep.exe
  C:\Windows\System\vpfaxep.exe
  2⤵
  PID:6836
- C:\Windows\System\CesEQrC.exe
  C:\Windows\System\CesEQrC.exe
  2⤵
  PID:6580
- C:\Windows\System\zhUFfUL.exe
  C:\Windows\System\zhUFfUL.exe
  2⤵
  PID:6912
- C:\Windows\System\vlgcuRN.exe
  C:\Windows\System\vlgcuRN.exe
  2⤵
  PID:2884
- C:\Windows\System\lDBVkvZ.exe
  C:\Windows\System\lDBVkvZ.exe
  2⤵
  PID:6576
- C:\Windows\System\xuBIwWT.exe
  C:\Windows\System\xuBIwWT.exe
  2⤵
  PID:772
- C:\Windows\System\pQGLWst.exe
  C:\Windows\System\pQGLWst.exe
  2⤵
  PID:6852
- C:\Windows\System\acgYvlr.exe
  C:\Windows\System\acgYvlr.exe
  2⤵
  PID:7012
- C:\Windows\System\mWAdDCC.exe
  C:\Windows\System\mWAdDCC.exe
  2⤵
  PID:7104
- C:\Windows\System\PdodyCb.exe
  C:\Windows\System\PdodyCb.exe
  2⤵
  PID:1396
- C:\Windows\System\EQfZNzr.exe
  C:\Windows\System\EQfZNzr.exe
  2⤵
  PID:6160
- C:\Windows\System\zcXPhnN.exe
  C:\Windows\System\zcXPhnN.exe
  2⤵
  PID:7136
- C:\Windows\System\vqtSsBd.exe
  C:\Windows\System\vqtSsBd.exe
  2⤵
  PID:6676
- C:\Windows\System\BCAlPFr.exe
  C:\Windows\System\BCAlPFr.exe
  2⤵
  PID:6772
- C:\Windows\System\RJAnLZe.exe
  C:\Windows\System\RJAnLZe.exe
  2⤵
  PID:6992
- C:\Windows\System\DfeGSdA.exe
  C:\Windows\System\DfeGSdA.exe
  2⤵
  PID:1044
- C:\Windows\System\RMpLAiB.exe
  C:\Windows\System\RMpLAiB.exe
  2⤵
  PID:7060
- C:\Windows\System\HnZrziO.exe
  C:\Windows\System\HnZrziO.exe
  2⤵
  PID:7124
- C:\Windows\System\ZDuphrv.exe
  C:\Windows\System\ZDuphrv.exe
  2⤵
  PID:2776
- C:\Windows\System\DMiEzaW.exe
  C:\Windows\System\DMiEzaW.exe
  2⤵
  PID:2996
- C:\Windows\System\CnuDMvj.exe
  C:\Windows\System\CnuDMvj.exe
  2⤵
  PID:6320
- C:\Windows\System\bDimgwh.exe
  C:\Windows\System\bDimgwh.exe
  2⤵
  PID:5440
- C:\Windows\System\egOsAaH.exe
  C:\Windows\System\egOsAaH.exe
  2⤵
  PID:6460
- C:\Windows\System\iNSSmfA.exe
  C:\Windows\System\iNSSmfA.exe
  2⤵
  PID:6352
- C:\Windows\System\yxhqUGL.exe
  C:\Windows\System\yxhqUGL.exe
  2⤵
  PID:6392
- C:\Windows\System\QipTMvG.exe
  C:\Windows\System\QipTMvG.exe
  2⤵
  PID:6364
- C:\Windows\System\pVXCUvw.exe
  C:\Windows\System\pVXCUvw.exe
  2⤵
  PID:6704
- C:\Windows\System\YfzEExc.exe
  C:\Windows\System\YfzEExc.exe
  2⤵
  PID:6840
- C:\Windows\System\aoXbicu.exe
  C:\Windows\System\aoXbicu.exe
  2⤵
  PID:1912
- C:\Windows\System\WyWWeEI.exe
  C:\Windows\System\WyWWeEI.exe
  2⤵
  PID:7044
- C:\Windows\System\cTXYHJN.exe
  C:\Windows\System\cTXYHJN.exe
  2⤵
  PID:6260
- C:\Windows\System\QtTWAuo.exe
  C:\Windows\System\QtTWAuo.exe
  2⤵
  PID:7028
- C:\Windows\System\hueQGKl.exe
  C:\Windows\System\hueQGKl.exe
  2⤵
  PID:2144
- C:\Windows\System\VMcbQIw.exe
  C:\Windows\System\VMcbQIw.exe
  2⤵
  PID:5040
- C:\Windows\System\mGZryFx.exe
  C:\Windows\System\mGZryFx.exe
  2⤵
  PID:6700
- C:\Windows\System\rAFBlZF.exe
  C:\Windows\System\rAFBlZF.exe
  2⤵
  PID:6496
- C:\Windows\System\thJGUwr.exe
  C:\Windows\System\thJGUwr.exe
  2⤵
  PID:1088
- C:\Windows\System\dSINUHF.exe
  C:\Windows\System\dSINUHF.exe
  2⤵
  PID:2900
- C:\Windows\System\mrlfURE.exe
  C:\Windows\System\mrlfURE.exe
  2⤵
  PID:6284
- C:\Windows\System\VsHhtjG.exe
  C:\Windows\System\VsHhtjG.exe
  2⤵
  PID:6828
- C:\Windows\System\SyEOoUu.exe
  C:\Windows\System\SyEOoUu.exe
  2⤵
  PID:3036
- C:\Windows\System\zmBpiAj.exe
  C:\Windows\System\zmBpiAj.exe
  2⤵
  PID:1712
- C:\Windows\System\vBZReKE.exe
  C:\Windows\System\vBZReKE.exe
  2⤵
  PID:6888
- C:\Windows\System\EycaSFB.exe
  C:\Windows\System\EycaSFB.exe
  2⤵
  PID:1764
- C:\Windows\System\xvDFRDg.exe
  C:\Windows\System\xvDFRDg.exe
  2⤵
  PID:6796
- C:\Windows\System\SwXMysF.exe
  C:\Windows\System\SwXMysF.exe
  2⤵
  PID:6656
- C:\Windows\System\xmuizhl.exe
  C:\Windows\System\xmuizhl.exe
  2⤵
  PID:6540
- C:\Windows\System\vwAHqAS.exe
  C:\Windows\System\vwAHqAS.exe
  2⤵
  PID:6640
- C:\Windows\System\hBJUWYE.exe
  C:\Windows\System\hBJUWYE.exe
  2⤵
  PID:836
- C:\Windows\System\IWVogbx.exe
  C:\Windows\System\IWVogbx.exe
  2⤵
  PID:6808
- C:\Windows\System\QiZMzMl.exe
  C:\Windows\System\QiZMzMl.exe
  2⤵
  PID:2940
- C:\Windows\System\iCMTxTK.exe
  C:\Windows\System\iCMTxTK.exe
  2⤵
  PID:696
- C:\Windows\System\vAtMByq.exe
  C:\Windows\System\vAtMByq.exe
  2⤵
  PID:6960
- C:\Windows\System\LrYuvQw.exe
  C:\Windows\System\LrYuvQw.exe
  2⤵
  PID:6736
- C:\Windows\System\iehHMMr.exe
  C:\Windows\System\iehHMMr.exe
  2⤵
  PID:6172
- C:\Windows\System\rHlNehs.exe
  C:\Windows\System\rHlNehs.exe
  2⤵
  PID:6660
- C:\Windows\System\pIjFDOi.exe
  C:\Windows\System\pIjFDOi.exe
  2⤵
  PID:6276
- C:\Windows\System\HsnzWfk.exe
  C:\Windows\System\HsnzWfk.exe
  2⤵
  PID:6872
- C:\Windows\System\xegxAVy.exe
  C:\Windows\System\xegxAVy.exe
  2⤵
  PID:6072
- C:\Windows\System\EuyOrXz.exe
  C:\Windows\System\EuyOrXz.exe
  2⤵
  PID:6480
- C:\Windows\System\waPvThp.exe
  C:\Windows\System\waPvThp.exe
  2⤵
  PID:1056
- C:\Windows\System\ahHtyGR.exe
  C:\Windows\System\ahHtyGR.exe
  2⤵
  PID:7156
- C:\Windows\System\mnkCFrw.exe
  C:\Windows\System\mnkCFrw.exe
  2⤵
  PID:6716
- C:\Windows\System\AKyhiJJ.exe
  C:\Windows\System\AKyhiJJ.exe
  2⤵
  PID:6380
- C:\Windows\System\aeJCcip.exe
  C:\Windows\System\aeJCcip.exe
  2⤵
  PID:7172
- C:\Windows\System\pWNYPqR.exe
  C:\Windows\System\pWNYPqR.exe
  2⤵
  PID:7188
- C:\Windows\System\xLUzgCM.exe
  C:\Windows\System\xLUzgCM.exe
  2⤵
  PID:7204
- C:\Windows\System\BotxQfI.exe
  C:\Windows\System\BotxQfI.exe
  2⤵
  PID:7220
- C:\Windows\System\rsOSRTs.exe
  C:\Windows\System\rsOSRTs.exe
  2⤵
  PID:7236
- C:\Windows\System\OruIubl.exe
  C:\Windows\System\OruIubl.exe
  2⤵
  PID:7252
- C:\Windows\System\vERfvdc.exe
  C:\Windows\System\vERfvdc.exe
  2⤵
  PID:7268
- C:\Windows\System\cXMuarx.exe
  C:\Windows\System\cXMuarx.exe
  2⤵
  PID:7284
- C:\Windows\System\fjySVlX.exe
  C:\Windows\System\fjySVlX.exe
  2⤵
  PID:7300
- C:\Windows\System\ChoLzQW.exe
  C:\Windows\System\ChoLzQW.exe
  2⤵
  PID:7316
- C:\Windows\System\MLJUbIH.exe
  C:\Windows\System\MLJUbIH.exe
  2⤵
  PID:7332
- C:\Windows\System\RFsrBpy.exe
  C:\Windows\System\RFsrBpy.exe
  2⤵
  PID:7348
- C:\Windows\System\LhsUyxy.exe
  C:\Windows\System\LhsUyxy.exe
  2⤵
  PID:7364
- C:\Windows\System\CdvHJGN.exe
  C:\Windows\System\CdvHJGN.exe
  2⤵
  PID:7380
- C:\Windows\System\GGOKPlt.exe
  C:\Windows\System\GGOKPlt.exe
  2⤵
  PID:7396
- C:\Windows\System\WSiWeVs.exe
  C:\Windows\System\WSiWeVs.exe
  2⤵
  PID:7412
- C:\Windows\System\gKyanUD.exe
  C:\Windows\System\gKyanUD.exe
  2⤵
  PID:7428
- C:\Windows\System\pErxfbY.exe
  C:\Windows\System\pErxfbY.exe
  2⤵
  PID:7444
- C:\Windows\System\wvIWakN.exe
  C:\Windows\System\wvIWakN.exe
  2⤵
  PID:7460
- C:\Windows\System\VvAXjhx.exe
  C:\Windows\System\VvAXjhx.exe
  2⤵
  PID:7476
- C:\Windows\System\ZQPCVQF.exe
  C:\Windows\System\ZQPCVQF.exe
  2⤵
  PID:7492
- C:\Windows\System\yHTqrke.exe
  C:\Windows\System\yHTqrke.exe
  2⤵
  PID:7508
- C:\Windows\System\krMgMvW.exe
  C:\Windows\System\krMgMvW.exe
  2⤵
  PID:7524
- C:\Windows\System\SxTKVHe.exe
  C:\Windows\System\SxTKVHe.exe
  2⤵
  PID:7540
- C:\Windows\System\LXZcgGl.exe
  C:\Windows\System\LXZcgGl.exe
  2⤵
  PID:7556
- C:\Windows\System\nBbgnvC.exe
  C:\Windows\System\nBbgnvC.exe
  2⤵
  PID:7572
- C:\Windows\System\jfNlSvv.exe
  C:\Windows\System\jfNlSvv.exe
  2⤵
  PID:7588
- C:\Windows\System\dAptFsg.exe
  C:\Windows\System\dAptFsg.exe
  2⤵
  PID:7604
- C:\Windows\System\aSwlesd.exe
  C:\Windows\System\aSwlesd.exe
  2⤵
  PID:7620
- C:\Windows\System\ihmFRNx.exe
  C:\Windows\System\ihmFRNx.exe
  2⤵
  PID:7636
- C:\Windows\System\zQtDvSl.exe
  C:\Windows\System\zQtDvSl.exe
  2⤵
  PID:7652
- C:\Windows\System\gbccjHX.exe
  C:\Windows\System\gbccjHX.exe
  2⤵
  PID:7668
- C:\Windows\System\coQAmcS.exe
  C:\Windows\System\coQAmcS.exe
  2⤵
  PID:7684
- C:\Windows\System\bEthCZb.exe
  C:\Windows\System\bEthCZb.exe
  2⤵
  PID:7700
- C:\Windows\System\cRlVMBb.exe
  C:\Windows\System\cRlVMBb.exe
  2⤵
  PID:7720
- C:\Windows\System\YqQwlDE.exe
  C:\Windows\System\YqQwlDE.exe
  2⤵
  PID:7736
- C:\Windows\System\XUYUyco.exe
  C:\Windows\System\XUYUyco.exe
  2⤵
  PID:7752
- C:\Windows\System\PerWckf.exe
  C:\Windows\System\PerWckf.exe
  2⤵
  PID:7768
- C:\Windows\System\mjLFYMj.exe
  C:\Windows\System\mjLFYMj.exe
  2⤵
  PID:7784
- C:\Windows\System\pjeqoqs.exe
  C:\Windows\System\pjeqoqs.exe
  2⤵
  PID:7800
- C:\Windows\System\BqbpQHS.exe
  C:\Windows\System\BqbpQHS.exe
  2⤵
  PID:7816
- C:\Windows\System\nojAlqE.exe
  C:\Windows\System\nojAlqE.exe
  2⤵
  PID:7832
- C:\Windows\System\YzhanPE.exe
  C:\Windows\System\YzhanPE.exe
  2⤵
  PID:7848
- C:\Windows\System\hhFyeSv.exe
  C:\Windows\System\hhFyeSv.exe
  2⤵
  PID:7864
- C:\Windows\System\zzBtilq.exe
  C:\Windows\System\zzBtilq.exe
  2⤵
  PID:7880
- C:\Windows\System\PZyClDf.exe
  C:\Windows\System\PZyClDf.exe
  2⤵
  PID:7896
- C:\Windows\System\EwRaNJa.exe
  C:\Windows\System\EwRaNJa.exe
  2⤵
  PID:7912
- C:\Windows\System\altkfAp.exe
  C:\Windows\System\altkfAp.exe
  2⤵
  PID:7928
- C:\Windows\System\ccmKFJO.exe
  C:\Windows\System\ccmKFJO.exe
  2⤵
  PID:7944
- C:\Windows\System\RgeVzdL.exe
  C:\Windows\System\RgeVzdL.exe
  2⤵
  PID:7960
- C:\Windows\System\WHIRMfQ.exe
  C:\Windows\System\WHIRMfQ.exe
  2⤵
  PID:7976
- C:\Windows\System\OoRwDec.exe
  C:\Windows\System\OoRwDec.exe
  2⤵
  PID:7996
- C:\Windows\System\fvrnLWN.exe
  C:\Windows\System\fvrnLWN.exe
  2⤵
  PID:8016
- C:\Windows\System\nvfDwQE.exe
  C:\Windows\System\nvfDwQE.exe
  2⤵
  PID:8032
- C:\Windows\System\bpSyQfP.exe
  C:\Windows\System\bpSyQfP.exe
  2⤵
  PID:8052
- C:\Windows\System\dDhkBCB.exe
  C:\Windows\System\dDhkBCB.exe
  2⤵
  PID:8072
- C:\Windows\System\cFohtmD.exe
  C:\Windows\System\cFohtmD.exe
  2⤵
  PID:8088
- C:\Windows\System\HFlabTR.exe
  C:\Windows\System\HFlabTR.exe
  2⤵
  PID:8104
- C:\Windows\System\DzIOMto.exe
  C:\Windows\System\DzIOMto.exe
  2⤵
  PID:8120
- C:\Windows\System\gQkXQYs.exe
  C:\Windows\System\gQkXQYs.exe
  2⤵
  PID:8136
- C:\Windows\System\XJnQTek.exe
  C:\Windows\System\XJnQTek.exe
  2⤵
  PID:8152
- C:\Windows\System\qpTgCGf.exe
  C:\Windows\System\qpTgCGf.exe
  2⤵
  PID:8180
- C:\Windows\System\KCPTqfm.exe
  C:\Windows\System\KCPTqfm.exe
  2⤵
  PID:7180
- C:\Windows\System\EPrTDZx.exe
  C:\Windows\System\EPrTDZx.exe
  2⤵
  PID:7244
- C:\Windows\System\Ahfesur.exe
  C:\Windows\System\Ahfesur.exe
  2⤵
  PID:7308
- C:\Windows\System\SDQhocU.exe
  C:\Windows\System\SDQhocU.exe
  2⤵
  PID:8068
- C:\Windows\System\eoUNiZH.exe
  C:\Windows\System\eoUNiZH.exe
  2⤵
  PID:7488
- C:\Windows\System\LlyuOGZ.exe
  C:\Windows\System\LlyuOGZ.exe
  2⤵
  PID:7552
- C:\Windows\System\ppCAMGc.exe
  C:\Windows\System\ppCAMGc.exe
  2⤵
  PID:7648
- C:\Windows\System\drDPJQW.exe
  C:\Windows\System\drDPJQW.exe
  2⤵
  PID:7780
- C:\Windows\System\OJWILSi.exe
  C:\Windows\System\OJWILSi.exe
  2⤵
  PID:7872
- C:\Windows\System\GSuFgUg.exe
  C:\Windows\System\GSuFgUg.exe
  2⤵
  PID:7936
- C:\Windows\System\UiwHHHH.exe
  C:\Windows\System\UiwHHHH.exe
  2⤵
  PID:8164
- C:\Windows\System\XRivkpm.exe
  C:\Windows\System\XRivkpm.exe
  2⤵
  PID:8040
- C:\Windows\System\eNYDdFC.exe
  C:\Windows\System\eNYDdFC.exe
  2⤵
  PID:8084
- C:\Windows\System\uhRTWxM.exe
  C:\Windows\System\uhRTWxM.exe
  2⤵
  PID:8148
- C:\Windows\System\YIJMDJI.exe
  C:\Windows\System\YIJMDJI.exe
  2⤵
  PID:7216
- C:\Windows\System\SnuZsbw.exe
  C:\Windows\System\SnuZsbw.exe
  2⤵
  PID:7340
- C:\Windows\System\BPuybgk.exe
  C:\Windows\System\BPuybgk.exe
  2⤵
  PID:2536
- C:\Windows\System\ZFBMIoE.exe
  C:\Windows\System\ZFBMIoE.exe
  2⤵
  PID:6612
- C:\Windows\System\zvvJGai.exe
  C:\Windows\System\zvvJGai.exe
  2⤵
  PID:7232
- C:\Windows\System\sKeohKP.exe
  C:\Windows\System\sKeohKP.exe
  2⤵
  PID:7296
- C:\Windows\System\ieDrXRi.exe
  C:\Windows\System\ieDrXRi.exe
  2⤵
  PID:7372
- C:\Windows\System\HhjFMcP.exe
  C:\Windows\System\HhjFMcP.exe
  2⤵
  PID:7436
- C:\Windows\System\RlSqIra.exe
  C:\Windows\System\RlSqIra.exe
  2⤵
  PID:7500
- C:\Windows\System\vugVOwh.exe
  C:\Windows\System\vugVOwh.exe
  2⤵
  PID:7564
- C:\Windows\System\XfcFTTt.exe
  C:\Windows\System\XfcFTTt.exe
  2⤵
  PID:7568
- C:\Windows\System\ChCkUdP.exe
  C:\Windows\System\ChCkUdP.exe
  2⤵
  PID:7692
- C:\Windows\System\sXhbIut.exe
  C:\Windows\System\sXhbIut.exe
  2⤵
  PID:7760
- C:\Windows\System\zorMWWZ.exe
  C:\Windows\System\zorMWWZ.exe
  2⤵
  PID:7824
- C:\Windows\System\rfnUcgl.exe
  C:\Windows\System\rfnUcgl.exe
  2⤵
  PID:7860
- C:\Windows\System\QfeOMjq.exe
  C:\Windows\System\QfeOMjq.exe
  2⤵
  PID:7892
- C:\Windows\System\TRXluLH.exe
  C:\Windows\System\TRXluLH.exe
  2⤵
  PID:7388
- C:\Windows\System\xuWQFbh.exe
  C:\Windows\System\xuWQFbh.exe
  2⤵
  PID:7392
- C:\Windows\System\TtldemS.exe
  C:\Windows\System\TtldemS.exe
  2⤵
  PID:7612
- C:\Windows\System\tnejGCR.exe
  C:\Windows\System\tnejGCR.exe
  2⤵
  PID:7808
- C:\Windows\System\OwyUbPJ.exe
  C:\Windows\System\OwyUbPJ.exe
  2⤵
  PID:8028
- C:\Windows\System\eVzJLAe.exe
  C:\Windows\System\eVzJLAe.exe
  2⤵
  PID:8128
- C:\Windows\System\pItvTWo.exe
  C:\Windows\System\pItvTWo.exe
  2⤵
  PID:8172
- C:\Windows\System\fSieDGU.exe
  C:\Windows\System\fSieDGU.exe
  2⤵
  PID:7616
- C:\Windows\System\SLdvzmi.exe
  C:\Windows\System\SLdvzmi.exe
  2⤵
  PID:7716
- C:\Windows\System\cNyvmiG.exe
  C:\Windows\System\cNyvmiG.exe
  2⤵
  PID:8048
- C:\Windows\System\UgvhwSR.exe
  C:\Windows\System\UgvhwSR.exe
  2⤵
  PID:8012
- C:\Windows\System\aPkMhof.exe
  C:\Windows\System\aPkMhof.exe
  2⤵
  PID:7280
- C:\Windows\System\XoXHNKc.exe
  C:\Windows\System\XoXHNKc.exe
  2⤵
  PID:7292
- C:\Windows\System\AIGpvhy.exe
  C:\Windows\System\AIGpvhy.exe
  2⤵
  PID:7660
- C:\Windows\System\tIBnAlW.exe
  C:\Windows\System\tIBnAlW.exe
  2⤵
  PID:7984
- C:\Windows\System\CWqWMEC.exe
  C:\Windows\System\CWqWMEC.exe
  2⤵
  PID:7744
- C:\Windows\System\uasErZo.exe
  C:\Windows\System\uasErZo.exe
  2⤵
  PID:6428
- C:\Windows\System\HoNLIrA.exe
  C:\Windows\System\HoNLIrA.exe
  2⤵
  PID:7844
- C:\Windows\System\LMTCmny.exe
  C:\Windows\System\LMTCmny.exe
  2⤵
  PID:7408
- C:\Windows\System\jKBHHOb.exe
  C:\Windows\System\jKBHHOb.exe
  2⤵
  PID:7520
- C:\Windows\System\iqbNKSf.exe
  C:\Windows\System\iqbNKSf.exe
  2⤵
  PID:8200
- C:\Windows\System\KWALpKq.exe
  C:\Windows\System\KWALpKq.exe
  2⤵
  PID:8216
- C:\Windows\System\oHHleGm.exe
  C:\Windows\System\oHHleGm.exe
  2⤵
  PID:8232
- C:\Windows\System\ptesfaB.exe
  C:\Windows\System\ptesfaB.exe
  2⤵
  PID:8248
- C:\Windows\System\XfjgERA.exe
  C:\Windows\System\XfjgERA.exe
  2⤵
  PID:8268
- C:\Windows\System\SAOcaJG.exe
  C:\Windows\System\SAOcaJG.exe
  2⤵
  PID:8284
- C:\Windows\System\VhNSbMe.exe
  C:\Windows\System\VhNSbMe.exe
  2⤵
  PID:8300
- C:\Windows\System\RYnNPRn.exe
  C:\Windows\System\RYnNPRn.exe
  2⤵
  PID:8316
- C:\Windows\System\GUGtEqy.exe
  C:\Windows\System\GUGtEqy.exe
  2⤵
  PID:8332
- C:\Windows\System\PyaOLRS.exe
  C:\Windows\System\PyaOLRS.exe
  2⤵
  PID:8348
- C:\Windows\System\prEnWeI.exe
  C:\Windows\System\prEnWeI.exe
  2⤵
  PID:8364
- C:\Windows\System\rdZYbub.exe
  C:\Windows\System\rdZYbub.exe
  2⤵
  PID:8380
- C:\Windows\System\yYZHWvP.exe
  C:\Windows\System\yYZHWvP.exe
  2⤵
  PID:8396
- C:\Windows\System\cYPiuCv.exe
  C:\Windows\System\cYPiuCv.exe
  2⤵
  PID:8412
- C:\Windows\System\uVQVPaR.exe
  C:\Windows\System\uVQVPaR.exe
  2⤵
  PID:8428
- C:\Windows\System\qtjEXcy.exe
  C:\Windows\System\qtjEXcy.exe
  2⤵
  PID:8444
- C:\Windows\System\ZnxBeDL.exe
  C:\Windows\System\ZnxBeDL.exe
  2⤵
  PID:8460
- C:\Windows\System\YUhnxYH.exe
  C:\Windows\System\YUhnxYH.exe
  2⤵
  PID:8476
- C:\Windows\System\TYUftwU.exe
  C:\Windows\System\TYUftwU.exe
  2⤵
  PID:8492
- C:\Windows\System\MBGKONM.exe
  C:\Windows\System\MBGKONM.exe
  2⤵
  PID:8508
- C:\Windows\System\JPERnbP.exe
  C:\Windows\System\JPERnbP.exe
  2⤵
  PID:8524
- C:\Windows\System\oZwaGOx.exe
  C:\Windows\System\oZwaGOx.exe
  2⤵
  PID:8540
- C:\Windows\System\yiySHxg.exe
  C:\Windows\System\yiySHxg.exe
  2⤵
  PID:8556
- C:\Windows\System\VCDPJfa.exe
  C:\Windows\System\VCDPJfa.exe
  2⤵
  PID:8572
- C:\Windows\System\IAlfujE.exe
  C:\Windows\System\IAlfujE.exe
  2⤵
  PID:8588
- C:\Windows\System\YzmBcEp.exe
  C:\Windows\System\YzmBcEp.exe
  2⤵
  PID:8604
- C:\Windows\System\opqtdUv.exe
  C:\Windows\System\opqtdUv.exe
  2⤵
  PID:8620
- C:\Windows\System\ioCTMwt.exe
  C:\Windows\System\ioCTMwt.exe
  2⤵
  PID:8636
- C:\Windows\System\FZLlGfG.exe
  C:\Windows\System\FZLlGfG.exe
  2⤵
  PID:8652
- C:\Windows\System\FkpigWO.exe
  C:\Windows\System\FkpigWO.exe
  2⤵
  PID:8668
- C:\Windows\System\hEtDRSe.exe
  C:\Windows\System\hEtDRSe.exe
  2⤵
  PID:8684
- C:\Windows\System\qlGAGBN.exe
  C:\Windows\System\qlGAGBN.exe
  2⤵
  PID:8700
- C:\Windows\System\lrEHDeY.exe
  C:\Windows\System\lrEHDeY.exe
  2⤵
  PID:8716
- C:\Windows\System\wccRiMB.exe
  C:\Windows\System\wccRiMB.exe
  2⤵
  PID:8732
- C:\Windows\System\kzCfuWN.exe
  C:\Windows\System\kzCfuWN.exe
  2⤵
  PID:8748
- C:\Windows\System\vKmUeFz.exe
  C:\Windows\System\vKmUeFz.exe
  2⤵
  PID:8764
- C:\Windows\System\CffTHxk.exe
  C:\Windows\System\CffTHxk.exe
  2⤵
  PID:8780
- C:\Windows\System\THtXedv.exe
  C:\Windows\System\THtXedv.exe
  2⤵
  PID:8796
- C:\Windows\System\romsqeN.exe
  C:\Windows\System\romsqeN.exe
  2⤵
  PID:8812
- C:\Windows\System\QPfXiGR.exe
  C:\Windows\System\QPfXiGR.exe
  2⤵
  PID:8828
- C:\Windows\System\LVxBKym.exe
  C:\Windows\System\LVxBKym.exe
  2⤵
  PID:8844
- C:\Windows\System\sjUFnAh.exe
  C:\Windows\System\sjUFnAh.exe
  2⤵
  PID:8860
- C:\Windows\System\TrejUZQ.exe
  C:\Windows\System\TrejUZQ.exe
  2⤵
  PID:8876
- C:\Windows\System\DSRebfi.exe
  C:\Windows\System\DSRebfi.exe
  2⤵
  PID:8892
- C:\Windows\System\pxJrJVO.exe
  C:\Windows\System\pxJrJVO.exe
  2⤵
  PID:8908
- C:\Windows\System\vmaaSpe.exe
  C:\Windows\System\vmaaSpe.exe
  2⤵
  PID:8924
- C:\Windows\System\APXoVkj.exe
  C:\Windows\System\APXoVkj.exe
  2⤵
  PID:8940
- C:\Windows\System\bLigLkT.exe
  C:\Windows\System\bLigLkT.exe
  2⤵
  PID:8956
- C:\Windows\System\uYAfNzj.exe
  C:\Windows\System\uYAfNzj.exe
  2⤵
  PID:8972
- C:\Windows\System\GifjHqe.exe
  C:\Windows\System\GifjHqe.exe
  2⤵
  PID:8988
- C:\Windows\System\FFhMWkW.exe
  C:\Windows\System\FFhMWkW.exe
  2⤵
  PID:9004
- C:\Windows\System\NyZQBWS.exe
  C:\Windows\System\NyZQBWS.exe
  2⤵
  PID:9020
- C:\Windows\System\vzToYOQ.exe
  C:\Windows\System\vzToYOQ.exe
  2⤵
  PID:9036
- C:\Windows\System\gLerVYQ.exe
  C:\Windows\System\gLerVYQ.exe
  2⤵
  PID:9052
- C:\Windows\System\bmqDTSk.exe
  C:\Windows\System\bmqDTSk.exe
  2⤵
  PID:9068
- C:\Windows\System\QHLMOBO.exe
  C:\Windows\System\QHLMOBO.exe
  2⤵
  PID:9084
- C:\Windows\System\htPZvuJ.exe
  C:\Windows\System\htPZvuJ.exe
  2⤵
  PID:9100
- C:\Windows\System\LHzbxQX.exe
  C:\Windows\System\LHzbxQX.exe
  2⤵
  PID:9116
- C:\Windows\System\EUqHGUa.exe
  C:\Windows\System\EUqHGUa.exe
  2⤵
  PID:9156
- C:\Windows\System\pCbNeuk.exe
  C:\Windows\System\pCbNeuk.exe
  2⤵
  PID:9176
- C:\Windows\System\SrCQypi.exe
  C:\Windows\System\SrCQypi.exe
  2⤵
  PID:9192
- C:\Windows\System\CKEtlQP.exe
  C:\Windows\System\CKEtlQP.exe
  2⤵
  PID:9208
- C:\Windows\System\jwCZjkr.exe
  C:\Windows\System\jwCZjkr.exe
  2⤵
  PID:8212
- C:\Windows\System\gIPLKKx.exe
  C:\Windows\System\gIPLKKx.exe
  2⤵
  PID:8312
- C:\Windows\System\YvEXLfe.exe
  C:\Windows\System\YvEXLfe.exe
  2⤵
  PID:8408
- C:\Windows\System\FIFPSxQ.exe
  C:\Windows\System\FIFPSxQ.exe
  2⤵
  PID:6892
- C:\Windows\System\xOeNSyu.exe
  C:\Windows\System\xOeNSyu.exe
  2⤵
  PID:7468
- C:\Windows\System\AlzoPTA.exe
  C:\Windows\System\AlzoPTA.exe
  2⤵
  PID:7840
- C:\Windows\System\xvyjQqg.exe
  C:\Windows\System\xvyjQqg.exe
  2⤵
  PID:7120
- C:\Windows\System\MdWIlOa.exe
  C:\Windows\System\MdWIlOa.exe
  2⤵
  PID:7600
- C:\Windows\System\DGvMxge.exe
  C:\Windows\System\DGvMxge.exe
  2⤵
  PID:7856
- C:\Windows\System\dNXvVAo.exe
  C:\Windows\System\dNXvVAo.exe
  2⤵
  PID:8356
- C:\Windows\System\jCkJlDj.exe
  C:\Windows\System\jCkJlDj.exe
  2⤵
  PID:8484
- C:\Windows\System\osFUemA.exe
  C:\Windows\System\osFUemA.exe
  2⤵
  PID:8568
- C:\Windows\System\GaQHUMj.exe
  C:\Windows\System\GaQHUMj.exe
  2⤵
  PID:8632
- C:\Windows\System\ZFQsLQI.exe
  C:\Windows\System\ZFQsLQI.exe
  2⤵
  PID:8692
- C:\Windows\System\PQJnRaS.exe
  C:\Windows\System\PQJnRaS.exe
  2⤵
  PID:6548
- C:\Windows\System\KxrIYui.exe
  C:\Windows\System\KxrIYui.exe
  2⤵
  PID:7420
- C:\Windows\System\kBzJrwM.exe
  C:\Windows\System\kBzJrwM.exe
  2⤵
  PID:8256
- C:\Windows\System\prgBiNO.exe
  C:\Windows\System\prgBiNO.exe
  2⤵
  PID:8328
- C:\Windows\System\mfvUUFt.exe
  C:\Windows\System\mfvUUFt.exe
  2⤵
  PID:8420
- C:\Windows\System\vBtHVHa.exe
  C:\Windows\System\vBtHVHa.exe
  2⤵
  PID:8488
- C:\Windows\System\TDgkmUs.exe
  C:\Windows\System\TDgkmUs.exe
  2⤵
  PID:8792
- C:\Windows\System\sgzunAO.exe
  C:\Windows\System\sgzunAO.exe
  2⤵
  PID:8676
- C:\Windows\System\WZIGxDv.exe
  C:\Windows\System\WZIGxDv.exe
  2⤵
  PID:8552
- C:\Windows\System\quGUPBG.exe
  C:\Windows\System\quGUPBG.exe
  2⤵
  PID:8644
- C:\Windows\System\XkUPWGn.exe
  C:\Windows\System\XkUPWGn.exe
  2⤵
  PID:8744
- C:\Windows\System\abZhZBp.exe
  C:\Windows\System\abZhZBp.exe
  2⤵
  PID:8808
- C:\Windows\System\HgXyXXv.exe
  C:\Windows\System\HgXyXXv.exe
  2⤵
  PID:8856
- C:\Windows\System\vhBonhJ.exe
  C:\Windows\System\vhBonhJ.exe
  2⤵
  PID:8920
- C:\Windows\System\RIIwOWG.exe
  C:\Windows\System\RIIwOWG.exe
  2⤵
  PID:8984
- C:\Windows\System\RJLyjBk.exe
  C:\Windows\System\RJLyjBk.exe
  2⤵
  PID:8932
- C:\Windows\System\UWkMZDI.exe
  C:\Windows\System\UWkMZDI.exe
  2⤵
  PID:9080
- C:\Windows\System\QTwPytu.exe
  C:\Windows\System\QTwPytu.exe
  2⤵
  PID:8872
- C:\Windows\System\WWazvuV.exe
  C:\Windows\System\WWazvuV.exe
  2⤵
  PID:8936
- C:\Windows\System\AtJdPlJ.exe
  C:\Windows\System\AtJdPlJ.exe
  2⤵
  PID:8968
- C:\Windows\System\OJdtBuY.exe
  C:\Windows\System\OJdtBuY.exe
  2⤵
  PID:9060
- C:\Windows\System\VHQcPxX.exe
  C:\Windows\System\VHQcPxX.exe
  2⤵
  PID:9128
- C:\Windows\System\oPajawW.exe
  C:\Windows\System\oPajawW.exe
  2⤵
  PID:9144
- C:\Windows\System\fdxdyNF.exe
  C:\Windows\System\fdxdyNF.exe
  2⤵
  PID:9168
- C:\Windows\System\kOPvkKV.exe
  C:\Windows\System\kOPvkKV.exe
  2⤵
  PID:8244
- C:\Windows\System\DCDeIHS.exe
  C:\Windows\System\DCDeIHS.exe
  2⤵
  PID:8440
- C:\Windows\System\VpiRPDg.exe
  C:\Windows\System\VpiRPDg.exe
  2⤵
  PID:9184
- C:\Windows\System\LgmsDSq.exe
  C:\Windows\System\LgmsDSq.exe
  2⤵
  PID:8536
- C:\Windows\System\GWBalLS.exe
  C:\Windows\System\GWBalLS.exe
  2⤵
  PID:8344
- C:\Windows\System\yDwXMwo.exe
  C:\Windows\System\yDwXMwo.exe
  2⤵
  PID:7200
- C:\Windows\System\RwMJSDF.exe
  C:\Windows\System\RwMJSDF.exe
  2⤵
  PID:8500
- C:\Windows\System\dCDyskx.exe
  C:\Windows\System\dCDyskx.exe
  2⤵
  PID:7956
- C:\Windows\System\UhsGaxV.exe
  C:\Windows\System\UhsGaxV.exe
  2⤵
  PID:8564
- C:\Windows\System\IhWkVYq.exe
  C:\Windows\System\IhWkVYq.exe
  2⤵
  PID:7828
- C:\Windows\System\epLsGFw.exe
  C:\Windows\System\epLsGFw.exe
  2⤵
  PID:8728
- C:\Windows\System\CfBHYBG.exe
  C:\Windows\System\CfBHYBG.exe
  2⤵
  PID:7276
- C:\Windows\System\SlyqcvK.exe
  C:\Windows\System\SlyqcvK.exe
  2⤵
  PID:8296
- C:\Windows\System\oQySLSl.exe
  C:\Windows\System\oQySLSl.exe
  2⤵
  PID:8388
- C:\Windows\System\sZFBoey.exe
  C:\Windows\System\sZFBoey.exe
  2⤵
  PID:8520
- C:\Windows\System\XQkaciv.exe
  C:\Windows\System\XQkaciv.exe
  2⤵
  PID:8616
- C:\Windows\System\AwkzzSF.exe
  C:\Windows\System\AwkzzSF.exe
  2⤵
  PID:8804
- C:\Windows\System\ELdIlDw.exe
  C:\Windows\System\ELdIlDw.exe
  2⤵
  PID:8868
- C:\Windows\System\KQTyyFq.exe
  C:\Windows\System\KQTyyFq.exe
  2⤵
  PID:8952
- C:\Windows\System\DcNGacc.exe
  C:\Windows\System\DcNGacc.exe
  2⤵
  PID:9048
- C:\Windows\System\lFHjCyD.exe
  C:\Windows\System\lFHjCyD.exe
  2⤵
  PID:9112
- C:\Windows\System\eoHLlYB.exe
  C:\Windows\System\eoHLlYB.exe
  2⤵
  PID:9124
- C:\Windows\System\WeivlrM.exe
  C:\Windows\System\WeivlrM.exe
  2⤵
  PID:9164
- C:\Windows\System\UsBMexo.exe
  C:\Windows\System\UsBMexo.exe
  2⤵
  PID:9204
- C:\Windows\System\QomhZuY.exe
  C:\Windows\System\QomhZuY.exe
  2⤵
  PID:8168
- C:\Windows\System\kCfyfxU.exe
  C:\Windows\System\kCfyfxU.exe
  2⤵
  PID:8404
- C:\Windows\System\pIMByzU.exe
  C:\Windows\System\pIMByzU.exe
  2⤵
  PID:8024
- C:\Windows\System\bLcxNKE.exe
  C:\Windows\System\bLcxNKE.exe
  2⤵
  PID:7328
- C:\Windows\System\FvRxBhT.exe
  C:\Windows\System\FvRxBhT.exe
  2⤵
  PID:7732
- C:\Windows\System\ZLMQWLm.exe
  C:\Windows\System\ZLMQWLm.exe
  2⤵
  PID:8456
- C:\Windows\System\dvtpeSM.exe
  C:\Windows\System\dvtpeSM.exe
  2⤵
  PID:8916
- C:\Windows\System\NYgctcN.exe
  C:\Windows\System\NYgctcN.exe
  2⤵
  PID:9032
- C:\Windows\System\EomTrGw.exe
  C:\Windows\System\EomTrGw.exe
  2⤵
  PID:9140
- C:\Windows\System\BwdsRAZ.exe
  C:\Windows\System\BwdsRAZ.exe
  2⤵
  PID:8776
- C:\Windows\System\UMWoKTd.exe
  C:\Windows\System\UMWoKTd.exe
  2⤵
  PID:9152
- C:\Windows\System\GDdXdty.exe
  C:\Windows\System\GDdXdty.exe
  2⤵
  PID:8132
- C:\Windows\System\wSuQuol.exe
  C:\Windows\System\wSuQuol.exe
  2⤵
  PID:9028
- C:\Windows\System\jimDReS.exe
  C:\Windows\System\jimDReS.exe
  2⤵
  PID:8628
- C:\Windows\System\jnZDgKL.exe
  C:\Windows\System\jnZDgKL.exe
  2⤵
  PID:7472
- C:\Windows\System\TrWUsPA.exe
  C:\Windows\System\TrWUsPA.exe
  2⤵
  PID:8208
- C:\Windows\System\ckERuHB.exe
  C:\Windows\System\ckERuHB.exe
  2⤵
  PID:8516
- C:\Windows\System\LlXyHIu.exe
  C:\Windows\System\LlXyHIu.exe
  2⤵
  PID:8836
- C:\Windows\System\ruAOqMH.exe
  C:\Windows\System\ruAOqMH.exe
  2⤵
  PID:8292
- C:\Windows\System\tqcVgVf.exe
  C:\Windows\System\tqcVgVf.exe
  2⤵
  PID:9220
- C:\Windows\System\pmdLkTi.exe
  C:\Windows\System\pmdLkTi.exe
  2⤵
  PID:9236
- C:\Windows\System\zsedkhO.exe
  C:\Windows\System\zsedkhO.exe
  2⤵
  PID:9256
- C:\Windows\System\xMsUXFV.exe
  C:\Windows\System\xMsUXFV.exe
  2⤵
  PID:9272
- C:\Windows\System\XhkRpRZ.exe
  C:\Windows\System\XhkRpRZ.exe
  2⤵
  PID:9288
- C:\Windows\System\wMCGGOr.exe
  C:\Windows\System\wMCGGOr.exe
  2⤵
  PID:9304
- C:\Windows\System\Xmzytgd.exe
  C:\Windows\System\Xmzytgd.exe
  2⤵
  PID:9320
- C:\Windows\System\lCYNfTS.exe
  C:\Windows\System\lCYNfTS.exe
  2⤵
  PID:9336
- C:\Windows\System\sMeiMdE.exe
  C:\Windows\System\sMeiMdE.exe
  2⤵
  PID:9352
- C:\Windows\System\xopuwbR.exe
  C:\Windows\System\xopuwbR.exe
  2⤵
  PID:9368
- C:\Windows\System\nvhRZJh.exe
  C:\Windows\System\nvhRZJh.exe
  2⤵
  PID:9384
- C:\Windows\System\ZmHNQSz.exe
  C:\Windows\System\ZmHNQSz.exe
  2⤵
  PID:9400
- C:\Windows\System\rJQAwSx.exe
  C:\Windows\System\rJQAwSx.exe
  2⤵
  PID:9416
- C:\Windows\System\grjMIqG.exe
  C:\Windows\System\grjMIqG.exe
  2⤵
  PID:9432
- C:\Windows\System\pFjcAUI.exe
  C:\Windows\System\pFjcAUI.exe
  2⤵
  PID:9448
- C:\Windows\System\wltTgxY.exe
  C:\Windows\System\wltTgxY.exe
  2⤵
  PID:9464
- C:\Windows\System\TOyEHwK.exe
  C:\Windows\System\TOyEHwK.exe
  2⤵
  PID:9480
- C:\Windows\System\ztbKgey.exe
  C:\Windows\System\ztbKgey.exe
  2⤵
  PID:9496
- C:\Windows\System\gCCsfIO.exe
  C:\Windows\System\gCCsfIO.exe
  2⤵
  PID:9512
- C:\Windows\System\AexbXbV.exe
  C:\Windows\System\AexbXbV.exe
  2⤵
  PID:9528
- C:\Windows\System\yTIruXF.exe
  C:\Windows\System\yTIruXF.exe
  2⤵
  PID:9544
- C:\Windows\System\gdgsBxH.exe
  C:\Windows\System\gdgsBxH.exe
  2⤵
  PID:9560
- C:\Windows\System\yVQQPRo.exe
  C:\Windows\System\yVQQPRo.exe
  2⤵
  PID:9576
- C:\Windows\System\nLZfATU.exe
  C:\Windows\System\nLZfATU.exe
  2⤵
  PID:9592
- C:\Windows\System\TXzTbIU.exe
  C:\Windows\System\TXzTbIU.exe
  2⤵
  PID:9608
- C:\Windows\System\YSNEkNY.exe
  C:\Windows\System\YSNEkNY.exe
  2⤵
  PID:9624
- C:\Windows\System\lIykMLw.exe
  C:\Windows\System\lIykMLw.exe
  2⤵
  PID:9640
- C:\Windows\System\nQzSkGt.exe
  C:\Windows\System\nQzSkGt.exe
  2⤵
  PID:9656
- C:\Windows\System\uSZVJxp.exe
  C:\Windows\System\uSZVJxp.exe
  2⤵
  PID:9672
- C:\Windows\System\MVZrLUA.exe
  C:\Windows\System\MVZrLUA.exe
  2⤵
  PID:9688
- C:\Windows\System\tSDGMMT.exe
  C:\Windows\System\tSDGMMT.exe
  2⤵
  PID:9704
- C:\Windows\System\uYOLTAF.exe
  C:\Windows\System\uYOLTAF.exe
  2⤵
  PID:9720
- C:\Windows\System\jZubcYM.exe
  C:\Windows\System\jZubcYM.exe
  2⤵
  PID:9736
- C:\Windows\System\NuBwAjE.exe
  C:\Windows\System\NuBwAjE.exe
  2⤵
  PID:9752
- C:\Windows\System\LneaNRZ.exe
  C:\Windows\System\LneaNRZ.exe
  2⤵
  PID:9768
- C:\Windows\System\fTCtKJd.exe
  C:\Windows\System\fTCtKJd.exe
  2⤵
  PID:9784
- C:\Windows\System\okbzlyF.exe
  C:\Windows\System\okbzlyF.exe
  2⤵
  PID:9800
- C:\Windows\System\TCHjqQv.exe
  C:\Windows\System\TCHjqQv.exe
  2⤵
  PID:9816
- C:\Windows\System\uehYOzO.exe
  C:\Windows\System\uehYOzO.exe
  2⤵
  PID:9832
- C:\Windows\System\DrSnTjd.exe
  C:\Windows\System\DrSnTjd.exe
  2⤵
  PID:9848
- C:\Windows\System\sqIddar.exe
  C:\Windows\System\sqIddar.exe
  2⤵
  PID:9864
- C:\Windows\System\FEfMqLQ.exe
  C:\Windows\System\FEfMqLQ.exe
  2⤵
  PID:9880
- C:\Windows\System\fdcdZkT.exe
  C:\Windows\System\fdcdZkT.exe
  2⤵
  PID:9896
- C:\Windows\System\kPrrmrQ.exe
  C:\Windows\System\kPrrmrQ.exe
  2⤵
  PID:9912
- C:\Windows\System\emmnzkq.exe
  C:\Windows\System\emmnzkq.exe
  2⤵
  PID:9928
- C:\Windows\System\GecBCPK.exe
  C:\Windows\System\GecBCPK.exe
  2⤵
  PID:9944
- C:\Windows\System\NZXKtKz.exe
  C:\Windows\System\NZXKtKz.exe
  2⤵
  PID:9960
- C:\Windows\System\opobYKx.exe
  C:\Windows\System\opobYKx.exe
  2⤵
  PID:9976
- C:\Windows\System\azCNaQi.exe
  C:\Windows\System\azCNaQi.exe
  2⤵
  PID:9992
- C:\Windows\System\BJbOBsm.exe
  C:\Windows\System\BJbOBsm.exe
  2⤵
  PID:10008
- C:\Windows\System\SbxYtgV.exe
  C:\Windows\System\SbxYtgV.exe
  2⤵
  PID:10028
- C:\Windows\System\sbhcjXQ.exe
  C:\Windows\System\sbhcjXQ.exe
  2⤵
  PID:10044
- C:\Windows\System\xRVXAyY.exe
  C:\Windows\System\xRVXAyY.exe
  2⤵
  PID:10060
- C:\Windows\System\QSxhaIA.exe
  C:\Windows\System\QSxhaIA.exe
  2⤵
  PID:10076
- C:\Windows\System\ppBMyKa.exe
  C:\Windows\System\ppBMyKa.exe
  2⤵
  PID:10092
- C:\Windows\System\tqPVGwB.exe
  C:\Windows\System\tqPVGwB.exe
  2⤵
  PID:10108
- C:\Windows\System\xixtdEA.exe
  C:\Windows\System\xixtdEA.exe
  2⤵
  PID:10124
- C:\Windows\System\jqUHIeH.exe
  C:\Windows\System\jqUHIeH.exe
  2⤵
  PID:10140
- C:\Windows\System\rlFAScY.exe
  C:\Windows\System\rlFAScY.exe
  2⤵
  PID:10156
- C:\Windows\System\KqOzlJW.exe
  C:\Windows\System\KqOzlJW.exe
  2⤵
  PID:10172
- C:\Windows\System\rLkPHHx.exe
  C:\Windows\System\rLkPHHx.exe
  2⤵
  PID:10188
- C:\Windows\System\bRNRCbw.exe
  C:\Windows\System\bRNRCbw.exe
  2⤵
  PID:10204
- C:\Windows\System\Dsossml.exe
  C:\Windows\System\Dsossml.exe
  2⤵
  PID:10220
- C:\Windows\System\DHkdJru.exe
  C:\Windows\System\DHkdJru.exe
  2⤵
  PID:10236
- C:\Windows\System\GGuSqnv.exe
  C:\Windows\System\GGuSqnv.exe
  2⤵
  PID:9244
- C:\Windows\System\AQYVBmQ.exe
  C:\Windows\System\AQYVBmQ.exe
  2⤵
  PID:8888
- C:\Windows\System\YviNWdB.exe
  C:\Windows\System\YviNWdB.exe
  2⤵
  PID:9264
- C:\Windows\System\HnVMWet.exe
  C:\Windows\System\HnVMWet.exe
  2⤵
  PID:9296
- C:\Windows\System\tlpMoKT.exe
  C:\Windows\System\tlpMoKT.exe
  2⤵
  PID:9344
- C:\Windows\System\IgSvKbb.exe
  C:\Windows\System\IgSvKbb.exe
  2⤵
  PID:9376
- C:\Windows\System\XktYtni.exe
  C:\Windows\System\XktYtni.exe
  2⤵
  PID:9424
- C:\Windows\System\tBysExt.exe
  C:\Windows\System\tBysExt.exe
  2⤵
  PID:7264
- C:\Windows\System\fCJwDRP.exe
  C:\Windows\System\fCJwDRP.exe
  2⤵
  PID:9540
- C:\Windows\System\SdktjBo.exe
  C:\Windows\System\SdktjBo.exe
  2⤵
  PID:9604
- C:\Windows\System\QzYHqYM.exe
  C:\Windows\System\QzYHqYM.exe
  2⤵
  PID:9668
- C:\Windows\System\UaGrDGK.exe
  C:\Windows\System\UaGrDGK.exe
  2⤵
  PID:9732
- C:\Windows\System\oHijNIc.exe
  C:\Windows\System\oHijNIc.exe
  2⤵
  PID:9616
- C:\Windows\System\dhUuNok.exe
  C:\Windows\System\dhUuNok.exe
  2⤵
  PID:9492
- C:\Windows\System\eRKYfIF.exe
  C:\Windows\System\eRKYfIF.exe
  2⤵
  PID:9796
- C:\Windows\System\MlueEaT.exe
  C:\Windows\System\MlueEaT.exe
  2⤵
  PID:9552
- C:\Windows\System\YQSoWtm.exe
  C:\Windows\System\YQSoWtm.exe
  2⤵
  PID:9828
- C:\Windows\System\ixsTQva.exe
  C:\Windows\System\ixsTQva.exe
  2⤵
  PID:9776
- C:\Windows\System\XCKiCWw.exe
  C:\Windows\System\XCKiCWw.exe
  2⤵
  PID:9840
- C:\Windows\System\ebcuJra.exe
  C:\Windows\System\ebcuJra.exe
  2⤵
  PID:9876
- C:\Windows\System\YHfATpb.exe
  C:\Windows\System\YHfATpb.exe
  2⤵
  PID:9924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AEKpurM.exe

Filesize
6.0MB

MD5
0184c6478178fe2d2bab5635ead3a012

SHA1
cea564b3a2266110f15cb640f94df160a84b4188

SHA256
4b0ecc63bddafe0be1fec5e577ca2f94b9fb0b084fb15ea66a80e1de4b26c24d

SHA512
f10b2224bd740b8ac24e395a17fa078539cbb414fad1663a942ae8bf6ba762717eb51716b63c28a3958794e409a7490e48e96264e7f539f221802adfe3f95b38

Download Submit
C:\Windows\system\BsQQeWB.exe

Filesize
6.0MB

MD5
76760b0955d6f6de799b810fbbdef37d

SHA1
8fb7ee419b93297b6d4a41505b359160fecf5d84

SHA256
adb0459620018cd9bc82207045ffc3de2b73c4a2ccb4f1a0621d56f1078427a7

SHA512
5b6851af5bd646ca8056ffefe754e7e8477b049601958b41581ebbcf00860429becf374f5f09abd9c8aac529d344a6d389e099c34709b1eaad8c44f018f119d9

Download Submit
C:\Windows\system\IYFPJQf.exe

Filesize
6.0MB

MD5
0a721e2b9344a4d9428627850820a459

SHA1
640b628af989ceb1a8bb166b0d4506f6a065817c

SHA256
43b72c8533db0d735145fdfc9a3cb566dc36c8269eb3024c92684095aee9b599

SHA512
ac95a049dff9eb6113db4d139cf1b7c77b0a8cf7a045cd1fe0c934833ddbdfa21910660df9a799ba784cf8fadd9a0998431c70b010f5165cbdf2cd6bc6630c93

Download Submit
C:\Windows\system\JgXVwwx.exe

Filesize
6.0MB

MD5
ab5f9420ddabc0f5bd5314ab8c8f872b

SHA1
ce04bedd29a812245825a3b6d42181f7b7cd99d7

SHA256
3779d1929a341ea249ef889eea62b71ffac55ca4e0c169c5d9bdb818a9c12944

SHA512
806820a89f6eace6561b5c65354643db5b4b9a94bc8bddbe8c162485808576005d186ff8374fc23a5b1e8ba9c9cdf5cf546a0fe47090a242ce5e447b641e62df

Download Submit
C:\Windows\system\JwoFFBH.exe

Filesize
6.0MB

MD5
6569ad62b4e45de4453e3baf30ccd376

SHA1
67f4d570950f856419848f807c86b35cb58cf488

SHA256
0d8ef339ea4a7b909432a31bf1804c0e1e3112a5ed01af1972f2a6c1a06b4d2f

SHA512
9be854608fc5cebf0fc84872a881727f4f8b94c46cc508fbf023622df7a72c78f33c0ac5f5dc68d1a223feca5b370bea6cfe2163c02bf55300ccbfc930c7e18c

Download Submit
C:\Windows\system\NhADgUG.exe

Filesize
6.0MB

MD5
b9924366e64351752047716b15f1d8dc

SHA1
98634def6f1f97bb72c3eca0bedcd87aa647ba4f

SHA256
260f4e533bbcaa04320d8a445e298741c529ba11eaf0f65f17af65b5843ba548

SHA512
f49769c25eff5924fec059c0031fad42f37371875690bbf773c33163fe4f12048d34168a001be94f0bc5bea94ae4468eda0e8db8761e6eab176f85b4e1643f03

Download Submit
C:\Windows\system\RwzYmVN.exe

Filesize
6.0MB

MD5
fa8e8acff8bdabf297ffeae18dc88598

SHA1
d49ee47a46c744081f4de43641a8ef2c95fc7138

SHA256
666e09e1d277e5507eba7a64ce26b1582b45d4752165eed39c80e192c2bd0914

SHA512
1d5817b69b504cb4b4e7c5501328c60ce118a672ce2cf1630a7a554313952fb9d87165cf03ebc10fab27fd66e8e28adb8b74e01d4eb193a7a12a0563140a0571

Download Submit
C:\Windows\system\SFECJcH.exe

Filesize
6.0MB

MD5
4c857106bcd762b2ee2debfa74f1210c

SHA1
413bbc282897e11585946b4b089aaa9eb37d0c1b

SHA256
e7984aefec8c5b01682fd432e10bda9951519e4e44666e0cfc59122ebfe4fe36

SHA512
91d93ef30ce29110efbefa8a4afe324018d9fd9efdf8093d3f124f302192cf75b2cf46f431115351ef0acee332bfee1f46a783a1df7364247368ee780566bdb9

Download Submit
C:\Windows\system\TdTaUHa.exe

Filesize
6.0MB

MD5
475a5a40b40622dba346605b06c6bcf7

SHA1
c2f656538c71f88acc1b088486c1729cec06c001

SHA256
0cfbbc2ab9e7796493b65e44c9a472723fc1864766293609c1be1899e2c95dbd

SHA512
3c3c87da1ef588dfbd2525e6b5e83c20dc4d00fa703785a11cd0313e788a600ce74f52f56f7fd3ea945cb0032839111f985736457fc9fda71f04e3a74f1f25e8

Download Submit
C:\Windows\system\TewAWrs.exe

Filesize
6.0MB

MD5
4ca9fde75bc9f92cd4fbde851305bd71

SHA1
95c292110feaa896df30bcd9878d060324be3e7c

SHA256
fb76ae5cb4371f1022ea2b8855eeed5d7f0455f44fa0cbc84d2484dae0c60070

SHA512
7f0138a17f1bb5089085a2cd6168721fe71a13986e3c5f53efdc18ffa134644fd062bb68745293b29f28debdc6b99e5de28a917049987aba318bc5be984faa55

Download Submit
C:\Windows\system\TnQHIYZ.exe

Filesize
6.0MB

MD5
7f6d203df0bab4dca8b658bafcaf7355

SHA1
7ed6820ed1008fabb52ba4e6c5b64a51beb9900a

SHA256
2746ad37dbc1e55977e98d5e9a639816f3aed62e2cc1f2565c15db48153f725b

SHA512
19d1a854acde847c001195209b9d47893a46b3a1b48a706f674a2d6a507e28f972536b3f968a192606ce96e572a62429421c7f5749f83d4e3d6e2e970d7cc209

Download Submit
C:\Windows\system\UKlqbjA.exe

Filesize
6.0MB

MD5
15699293997ea49845abb8a1b3807f32

SHA1
eefb5126b7a11e5e869818b8859a2e887d714e82

SHA256
08e4c38e2154b03eff82d6e67ac825352f38820cfac2d3c2112fdfb3b675c291

SHA512
13b80e77410aa51ffd9626b46e5b8f4945412d0efac146b66af6274a71c662d67b740559c238e5956c182365eecb191e53c26eea9408089056f07d4e77f44022

Download Submit
C:\Windows\system\VkTzKeR.exe

Filesize
6.0MB

MD5
8e05e04360f96ea29ad7fd475d17d666

SHA1
9cc5126b7c1b82ee63793818a25efc25946f6243

SHA256
e3832d2742b86544e811695da8e4cc229d3bd5f4dc24d8ba0724b37e2c8fcdfc

SHA512
8402aa31326313bb10095148200b76aa45e262e9a7b9e4be9a7fe432e398146a5a51598e1190af9cad33ec927bf714f82b50006243f5be7b7ad2d94735cbf877

Download Submit
C:\Windows\system\VtlZsPg.exe

Filesize
6.0MB

MD5
c2b42cfabfd5a3129b582388c24d0a4f

SHA1
d46021c93e44a38e2493ff5ec2614d5e5f3e112b

SHA256
ddbb93225f93fabbfc1234d57b5e13702b7f9752134f2dce62824125e6593539

SHA512
3b5a857cb740d090d5c2caaaea29b8e294377b1a257b44cb0943ec543acec4fce777c03ed8aff2ce8f2d08f0cf3d26b3d3a5a85d51eb8e61d7bd6c692fcb1c79

Download Submit
C:\Windows\system\Xujzmgv.exe

Filesize
6.0MB

MD5
7038d158b2bc0178ffd8e7dd734c6b61

SHA1
db7a3314a0ab2cc1a46057d0df41dff0a665ec5a

SHA256
e8f91046d8ccbec3eb8f295497c9d9684f30dbf9a73a0a8c36a5b4ae65f64acf

SHA512
3b0c030b3af8f814fbb56def84006c12fb3d830572c616f1c3a1e3a570a301a2f4c4ffe6c5d58985898bebdb5a98091fe7ab9b458d84e6b422ce71cab19eb202

Download Submit
C:\Windows\system\YnubMlv.exe

Filesize
6.0MB

MD5
b5cd6ef0796eeebc9920c8152af75e58

SHA1
36f53a7349cf4cb49ef459c2ae3f38f6028e868d

SHA256
7aedd9e81e150fc9d461de8589d29cb43a394c78cf6832cceabd6afa93c3a86c

SHA512
543c3b16e3e1e234a3fac877d133a946cc3079f061c2668437c897201494b6fd8709e10b9682e200961c6128f2139a2ba372c0c2fa1b5cf48dcc59d740bb1055

Download Submit
C:\Windows\system\YxYsEdG.exe

Filesize
6.0MB

MD5
750d46ee86326cf70a27a2db47e81f00

SHA1
f8da543492d93a480954a22f75d14d2b4eefe9a2

SHA256
ca86eb4ee2f95a969178db2705515bd74ec6a43850130f16e7fb94ef7a912934

SHA512
9b387b060f1feb8cf818d9471e84f9b4038dba1870d5712eae62a628f1fa1dfd9e7ca8682a2816ac24c6224647735705162799e196c3178df3303f4db0cb3292

Download Submit
C:\Windows\system\bSCzGHs.exe

Filesize
6.0MB

MD5
2c3ebb1592752516d3ec81812bec0cc4

SHA1
31443ae90d762f610a4c09ed6549f0977c7bbf79

SHA256
833d02fa9d75d61a38f732055ae1bdff68db46b30210f95230860a0daf14fc30

SHA512
96ea811c942cd212ae30582eabcefab6c2ad4a5fccf6ac388778b82f01ee1d39fb85724c12cbf289a0b9cdd07159000e13b4add40368ea10106f3a1a32086041

Download Submit
C:\Windows\system\bhvaSOC.exe

Filesize
6.0MB

MD5
9b35226982a3202d4f5b1c03a512a992

SHA1
7b53a7a3c595a46939bb391d17e9cc0513085fc6

SHA256
fd59bcda7f863387955b152c6d28724945dcf3046546cbab3c93cb11288115d4

SHA512
89298dc16517609cd1bc228d0623c14adf71a6c238cb4ad86dda4c1aef6437dc005fea28ea024acc917985d4cf8036e8b0af64dd12a59cc07de276d8af665e5d

Download Submit
C:\Windows\system\ewqBiKm.exe

Filesize
6.0MB

MD5
ccfc799c80c5337eec035920d9d167f4

SHA1
a9a6bb786c86b3f4a38b8f0a62bec33d715d870e

SHA256
e2e4bd5072f214ef48c92892ff44ae094af243712f0e839613fca2cae1721b2a

SHA512
ac779a68d341d2912e85601a676fdb7b5e3e92be93928bc20c889ab1cf1822e3fa6db5c46b0426c0f0ac63e27901b4dbafed4c0c3889ef6271d0486bb20d200e

Download Submit
C:\Windows\system\hctlQIK.exe

Filesize
6.0MB

MD5
f72d56bcb2830dc115cbbf9d297f9c5f

SHA1
387a3be116c1a376ddab8cb82b11e75e012bae4e

SHA256
f2013e9e021bb62422ace09f4bc45121db5f96ed5a62a51fb70a0e50e0755f27

SHA512
86faefd11eac40cd5f1483909a5722f5e1f23c4894f610e9f4e257bf1f020b23904b23374afc601c8618ebdb03b1a3ff7ed9b6f9f48c329a8c65ff696878ae88

Download Submit
C:\Windows\system\lRkzEkY.exe

Filesize
6.0MB

MD5
c6caea8eadd6dc8f9e3878351b4d2709

SHA1
4674efd0762db000c632ba4c2f4940da5337e752

SHA256
19b23113d3255361f133a82c639e37f5fa8327c2587314fe53928fc24c192168

SHA512
cb86ef8713c6f3b6836bec4fed4ba3b3faf29d23817b3e432a31dbfff5554365453519e3f69126dc9dafbafd1485accdd95ddbcecdf3897ee31ca5651acc821c

Download Submit
C:\Windows\system\nUhbflw.exe

Filesize
6.0MB

MD5
c07bd0ebeaa7bbe14057d23a4116b8b4

SHA1
03b3d71361e2e618c92192634985c257d53a38ad

SHA256
b9c6839ae24332d2afc04a3f1baba0949b3e7e0aaf6ea445ea8e784948c62e43

SHA512
b1f8f346b52e518b56de3e88b177b2328796abc0ef0ee7a2c6e1f18500fedfcd80de919a4cc2ec0688dca1885f4653dcbb37b567ad76f25068d79dd129594160

Download Submit
C:\Windows\system\rbmuIbW.exe

Filesize
6.0MB

MD5
d3b8838dc00df6e4bf3e319099ad65e7

SHA1
263f066698bfe2cc06aa7536993d3c4a6953fad7

SHA256
0fa110fa7ab09c3231221225a5f1988f90f960f1fcd5af86b9df7435a035479b

SHA512
749834d8e917d85c4eae51bb666bbf0191fbbf2e0fb1c3570bf062ffac67b1d3be47edf4ee4bb4d8257564bee98406a2f6370f8918b9848dae30d93bc45376d6

Download Submit
C:\Windows\system\txXJbak.exe

Filesize
6.0MB

MD5
822904113859eee574ec1cc48acd182c

SHA1
dd33aa8b92dd89539a32ba5911f9785ea1a2e7f7

SHA256
6bd03677751602a29aafd669864d55689b6d2ed738e2cc41466bf1854e72ce2b

SHA512
0aba30ff92ea16fba1a5310380fb7531184c2eb3ca06cddd053dffb86d2d1f130927e75c66c8d0b74ca1a1a7a5aa98d9bc595ab1e8e85d7016afbb5718e0895a

Download Submit
C:\Windows\system\ucHcQmv.exe

Filesize
6.0MB

MD5
e5c891a0fd92aaddd7cfbad71ca0cbe2

SHA1
fc3461ec1d45ac7bfbd227028385f4520c3e0f6e

SHA256
a7d969b13bcbb4388a2753b4da9c3f7359472553182d93df50c04aa30d42444a

SHA512
a452851ec21d50c4f78e1ca138cd9190ce17fcde423f860b16d3536d72b49f5643f8b048bf07aa063e5613850184e61d0a0375fb567e7ab3fddde5f317ac5e05

Download Submit
C:\Windows\system\zbBHnCJ.exe

Filesize
6.0MB

MD5
c3532f00261bb5b719dfcb8f930862a8

SHA1
367f165ddd86ed24eaaae41528b7323c8cdd7c32

SHA256
4387ab700c594ea8c7d1574abf2c5bdd692c8a8232172c91ea27dfe90091d0c6

SHA512
69315ad7ededf5ea88d8b0d338aef44126925d90c76152a8780fb450d54179b65ba7903b3cfad2d22bd92b51def25b8f0127d17f854bda9b00168a06d5c76a07

Download Submit
\Windows\system\BxyocIz.exe

Filesize
6.0MB

MD5
ab5faa17d84f5a7da07ee0d9ab6a1eae

SHA1
5450b81aa1ffa251fc2082b2f3e1bd6c078a7a58

SHA256
f49a6ab87466b933e6587caf588feeef82826374d4332370c69bf7e094763284

SHA512
569c5fc91f372920eab085f8729045a7247ebd1d900134ba7233829dde0ff5381804d86f164b3286ad6c5339fd6370d33d147adf0d4ce99344897c360ba524ee

Download Submit
\Windows\system\ERgKEDZ.exe

Filesize
6.0MB

MD5
85e395c5fab753b51da3b0b8e77f49a8

SHA1
0a3a77f8c1b94b85b314acc2222b5730c683cde4

SHA256
df21cc57c274f3891e245ea0ed4e1760fa426cd58d9975d1a94c1d70a8eefd24

SHA512
a1a1e62ebc7350e7d4a2defa353108dd31c9f81401819b2dd7f3a9b3ddaf4b255e155ebe869aae4c8fcaa3a8e60638b34deec0d224c367779702c35a9d0ca61e

Download Submit
\Windows\system\FLvrAEF.exe

Filesize
6.0MB

MD5
afaed3dec3f1a42714a0eb58fe681b97

SHA1
107f8f335335835fe30172f828024a65052840a0

SHA256
1668a8a40e0ebcc72f99c04a220d21792a26dc0b63acc3a13ff58e3f24b18d71

SHA512
a39644c17d2fab38c612c05b64384ebb181ff95fae1519e8da2d7f9f55959f8a80685490689d5b0743b016dc24b5e0bee5e10f4b56a8cab57a2677d386f96777

Download Submit
\Windows\system\ONdlWVb.exe

Filesize
6.0MB

MD5
d0801c1c67272f4757996602b5cd246b

SHA1
446c22f412b480028d02d9703f293d734563507a

SHA256
080572b233de20a5efe1f9eeaa1dc8205e9643dab50778f3b0b8da4f7e260125

SHA512
28139b51e01245ccd5d19909a61bdbbcf41f9beac73f99d7c0d5896ab7cfe54e525d13e68f2c0ff18045a6af6907422329e9624522134868abd97849c47ed77f

Download Submit
\Windows\system\ameMxuy.exe

Filesize
6.0MB

MD5
e68642ce9a853e63dc0d7d447185f6bc

SHA1
fca2b339b2e18a7d69a3830d9eff2bc4518fd3b0

SHA256
1bd4c8b9a23039f25a8c22c483da587e8b81cdd44b3472fac8585a27faf3ddfa

SHA512
a1b49293e3a2ede44bbe4d5f5424dee0afa6a653a2231aac4744c45030edafa3bd388b031a067a7bf0077edd7d3970fbe0f889f0508b57de5ea9013851ee0ecd

Download Submit
\Windows\system\arFtfqW.exe

Filesize
6.0MB

MD5
8a87bdf0ee27270a31a7d631e5435d56

SHA1
d4a7042146e048afc4684c8368a21a72ae21ce71

SHA256
3fa4e23c73487ffd82767b4106427e442f4a2ef9b34677b4d4d9cc93b01c9571

SHA512
36bfa999322368ae8e68923c8be010f3f90a39044c177bcef96b0e7e68dc62dfcf31000e6982fc883d39a813adc560586fabc9dca1c0bb9ec66a61c1b006f8ee

Download Submit
memory/776-80-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/776-3722-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/776-489-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1124-615-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1124-3735-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1124-84-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1484-91-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/1484-980-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/1484-3730-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/1976-3734-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1976-60-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3718-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2564-52-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3712-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-37-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-83-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2592-614-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3738-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2600-44-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3721-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2600-86-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2648-43-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2648-77-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2648-98-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3822-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2648-1178-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2648-1453-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2648-85-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2648-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2648-104-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2648-92-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2648-103-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2648-79-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2648-0-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2648-21-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2648-51-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2648-8-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2648-71-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2648-15-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2648-55-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2648-36-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-38-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2648-28-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-29-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3713-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-68-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3719-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2700-9-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2784-23-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3716-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2784-54-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3717-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2812-16-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3736-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1179-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2852-97-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2964-3733-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2964-73-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download