cobaltstrike | 064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
Size

6.1MB
MD5

3889e6106794238f957d4bb45da5d146
SHA1

5a8337382445f94152ae4861a952f09e833ac1bb
SHA256

064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2
SHA512

9b5182ab29b8a0ae903c8656910a3dc3e012ce788027533c2f3a08eb3f2fa6f4a3f66045a3e8dd37887c479aff84258884a4ecbe2c095e357dff3940e6c10205
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUe:T+q56utgpPF8u/7e

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000120d6-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd5-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dd9-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de9-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016df8-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016df5-33.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016f02-51.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-197.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-182.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-121.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-107.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-89.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018be7-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-99.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000016d68-49.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-67.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3028-0-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x000a0000000120d6-3.dat	xmrig
behavioral1/files/0x0008000000016dd5-7.dat	xmrig
behavioral1/memory/2776-12-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2900-14-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x0007000000016dd9-9.dat	xmrig
behavioral1/memory/2820-20-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0007000000016de9-23.dat	xmrig
behavioral1/memory/2988-28-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x0007000000016df8-35.dat	xmrig
behavioral1/memory/3028-36-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2776-43-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2604-34-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x0007000000016df5-33.dat	xmrig
behavioral1/memory/2568-44-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/3028-38-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016f02-51.dat	xmrig
behavioral1/memory/2820-56-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/1896-57-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2988-64-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/1836-68-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2448-82-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/1756-77-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x0005000000019237-112.dat	xmrig
behavioral1/files/0x000500000001924f-116.dat	xmrig
behavioral1/files/0x0005000000019274-126.dat	xmrig
behavioral1/files/0x00050000000192a1-141.dat	xmrig
behavioral1/files/0x000500000001939f-161.dat	xmrig
behavioral1/files/0x0005000000019426-187.dat	xmrig
behavioral1/files/0x0005000000019428-192.dat	xmrig
behavioral1/memory/1596-917-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/3028-824-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/1644-733-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/3028-679-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2156-580-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/3028-477-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2448-366-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/1756-214-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ad-197.dat	xmrig
behavioral1/files/0x00050000000193f9-182.dat	xmrig
behavioral1/files/0x00050000000193dc-177.dat	xmrig
behavioral1/files/0x00050000000193d0-172.dat	xmrig
behavioral1/files/0x00050000000193cc-166.dat	xmrig
behavioral1/files/0x000500000001938e-156.dat	xmrig
behavioral1/files/0x0005000000019358-151.dat	xmrig
behavioral1/files/0x0005000000019354-146.dat	xmrig
behavioral1/files/0x0005000000019299-136.dat	xmrig
behavioral1/files/0x000500000001927a-131.dat	xmrig
behavioral1/files/0x0005000000019261-121.dat	xmrig
behavioral1/memory/1596-109-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/1836-108-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019056-107.dat	xmrig
behavioral1/memory/3028-105-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/3028-104-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2156-91-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x0006000000018d83-89.dat	xmrig
behavioral1/memory/3028-87-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2968-86-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018be7-76.dat	xmrig
behavioral1/memory/2604-72-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x0005000000019203-99.dat	xmrig
behavioral1/memory/3028-97-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/1896-96-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2968-50-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2776	GiEwSGJ.exe
2900	LgybVIp.exe
2820	VCthRSU.exe
2988	UyuiGwJ.exe
2604	zUGjfMD.exe
2568	ygzwaex.exe
2968	qmDZoHL.exe
1896	BfdkHpp.exe
1836	oRFRjgM.exe
1756	DAjGzTZ.exe
2448	lGeSKWf.exe
2156	KWhzwaQ.exe
1644	RnZtOtK.exe
1596	xENwjNZ.exe
2100	KxqsHJi.exe
1380	tQxiqSH.exe
2952	wxakzKG.exe
2412	CHlOfXt.exe
2136	nViBEvA.exe
2372	AEEVFmv.exe
1432	qKgvlrx.exe
1740	MyfCdNY.exe
264	WIdufdS.exe
1676	kYXWHCE.exe
2144	HJqquSx.exe
2516	AUgBkDg.exe
2652	HUUvVMo.exe
864	FGeAYwh.exe
2536	MPSuCwk.exe
948	fofdlSy.exe
3056	ekuXWna.exe
1236	LVNsMtK.exe
1328	icQwgBC.exe
1720	wigMpwY.exe
1848	izelVZh.exe
352	HNqLmYC.exe
1344	YHwlAwi.exe
2364	ceKZmeT.exe
540	EcAbLtF.exe
912	gdDcQtv.exe
960	nZIeWpR.exe
684	ZvuNCMO.exe
2212	eDtsFpV.exe
1636	xyQIgSw.exe
2292	fyxLPyS.exe
2996	KZhXRfW.exe
2836	BfbUkum.exe
976	IDjYVgF.exe
1496	FGIbImF.exe
1220	JeFlHxy.exe
2520	bdFrRxk.exe
1576	AuwCAhU.exe
2704	lPMwEDV.exe
2780	nuFfHXY.exe
2564	taVtUsL.exe
2720	dEyYDtI.exe
2600	yUIuVPa.exe
1952	qEBsttq.exe
1480	HvVWsmF.exe
1844	BRpmLKe.exe
1608	MDQnuHr.exe
1792	RTSZLNd.exe
2624	SDymVtb.exe
1728	nrJZKjJ.exe

Loads dropped DLL 64 IoCs

pid	Process
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3028-0-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x000a0000000120d6-3.dat	upx
behavioral1/files/0x0008000000016dd5-7.dat	upx
behavioral1/memory/2776-12-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2900-14-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x0007000000016dd9-9.dat	upx
behavioral1/memory/2820-20-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x0007000000016de9-23.dat	upx
behavioral1/memory/2988-28-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x0007000000016df8-35.dat	upx
behavioral1/memory/3028-36-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2776-43-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2604-34-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x0007000000016df5-33.dat	upx
behavioral1/memory/2568-44-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x0009000000016f02-51.dat	upx
behavioral1/memory/2820-56-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/1896-57-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2988-64-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/1836-68-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2448-82-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/1756-77-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x0005000000019237-112.dat	upx
behavioral1/files/0x000500000001924f-116.dat	upx
behavioral1/files/0x0005000000019274-126.dat	upx
behavioral1/files/0x00050000000192a1-141.dat	upx
behavioral1/files/0x000500000001939f-161.dat	upx
behavioral1/files/0x0005000000019426-187.dat	upx
behavioral1/files/0x0005000000019428-192.dat	upx
behavioral1/memory/1596-917-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/1644-733-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2156-580-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2448-366-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/1756-214-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x00050000000194ad-197.dat	upx
behavioral1/files/0x00050000000193f9-182.dat	upx
behavioral1/files/0x00050000000193dc-177.dat	upx
behavioral1/files/0x00050000000193d0-172.dat	upx
behavioral1/files/0x00050000000193cc-166.dat	upx
behavioral1/files/0x000500000001938e-156.dat	upx
behavioral1/files/0x0005000000019358-151.dat	upx
behavioral1/files/0x0005000000019354-146.dat	upx
behavioral1/files/0x0005000000019299-136.dat	upx
behavioral1/files/0x000500000001927a-131.dat	upx
behavioral1/files/0x0005000000019261-121.dat	upx
behavioral1/memory/1596-109-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/1836-108-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x0006000000019056-107.dat	upx
behavioral1/memory/2156-91-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x0006000000018d83-89.dat	upx
behavioral1/memory/2968-86-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x0007000000018be7-76.dat	upx
behavioral1/memory/2604-72-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x0005000000019203-99.dat	upx
behavioral1/memory/1896-96-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2968-50-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x0032000000016d68-49.dat	upx
behavioral1/files/0x0006000000018fdf-80.dat	upx
behavioral1/files/0x0006000000018d7b-67.dat	upx
behavioral1/memory/2900-3465-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2776-3469-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2820-3542-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2988-3549-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2568-3546-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BZRXAiH.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\vfGWulF.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\tXXeCxJ.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\fzpJhEU.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\jvSYFHa.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\IhSwdBg.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\NaztLOB.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\oZgXktQ.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\aFvGTpn.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\KTdQVlV.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\nGnXNrm.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\viLxOGQ.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\geQJXvw.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\NNYCTkB.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\dDXZTQu.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\tXtbfwl.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\TFCJldX.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\GFNZCvL.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\hhpubNL.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\nOPnbxP.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\txikUwW.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\ZhrlVqx.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\msbvqHw.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\lipeUdw.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\JeFlHxy.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\lIvSdLU.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\sqTDMIp.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\ZQhLjPa.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\LcdxDjR.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\LVNsMtK.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\DinlCUd.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\dMZKAvw.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\FcZEIee.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\wJJHwAC.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\jLLiUou.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\XNreAHv.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\OjqqXnD.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\bwJwnGm.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\WpMUiyY.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\ZbvXZSG.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\XGlrITL.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\BXUSGwa.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\LRvkpIb.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\DlGielf.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\joBXhNK.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\ztkhzuW.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\CEbjHWz.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\GWdAeMX.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\xIOoncF.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\FtfDyXA.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\CHLRTff.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\lcxoaYp.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\QUmKHEy.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\VVTBIAc.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\gVLcmeL.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\EJYhOVY.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\lmTjFHB.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\NYNRBVD.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\nQsFFMC.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\JyedTAP.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\kWAYejM.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\AhUxrYK.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\dDNzsjR.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
File created	C:\Windows\System\vmAMIAQ.exe	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2776	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	31
PID 3028 wrote to memory of 2776	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	31
PID 3028 wrote to memory of 2776	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	31
PID 3028 wrote to memory of 2900	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	32
PID 3028 wrote to memory of 2900	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	32
PID 3028 wrote to memory of 2900	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	32
PID 3028 wrote to memory of 2820	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	33
PID 3028 wrote to memory of 2820	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	33
PID 3028 wrote to memory of 2820	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	33
PID 3028 wrote to memory of 2988	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	34
PID 3028 wrote to memory of 2988	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	34
PID 3028 wrote to memory of 2988	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	34
PID 3028 wrote to memory of 2604	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	35
PID 3028 wrote to memory of 2604	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	35
PID 3028 wrote to memory of 2604	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	35
PID 3028 wrote to memory of 2568	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	36
PID 3028 wrote to memory of 2568	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	36
PID 3028 wrote to memory of 2568	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	36
PID 3028 wrote to memory of 2968	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	37
PID 3028 wrote to memory of 2968	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	37
PID 3028 wrote to memory of 2968	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	37
PID 3028 wrote to memory of 1896	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	38
PID 3028 wrote to memory of 1896	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	38
PID 3028 wrote to memory of 1896	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	38
PID 3028 wrote to memory of 1756	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	39
PID 3028 wrote to memory of 1756	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	39
PID 3028 wrote to memory of 1756	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	39
PID 3028 wrote to memory of 1836	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	40
PID 3028 wrote to memory of 1836	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	40
PID 3028 wrote to memory of 1836	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	40
PID 3028 wrote to memory of 2156	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	41
PID 3028 wrote to memory of 2156	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	41
PID 3028 wrote to memory of 2156	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	41
PID 3028 wrote to memory of 2448	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	42
PID 3028 wrote to memory of 2448	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	42
PID 3028 wrote to memory of 2448	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	42
PID 3028 wrote to memory of 1596	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	43
PID 3028 wrote to memory of 1596	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	43
PID 3028 wrote to memory of 1596	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	43
PID 3028 wrote to memory of 1644	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	44
PID 3028 wrote to memory of 1644	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	44
PID 3028 wrote to memory of 1644	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	44
PID 3028 wrote to memory of 2100	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	45
PID 3028 wrote to memory of 2100	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	45
PID 3028 wrote to memory of 2100	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	45
PID 3028 wrote to memory of 1380	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	46
PID 3028 wrote to memory of 1380	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	46
PID 3028 wrote to memory of 1380	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	46
PID 3028 wrote to memory of 2952	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	47
PID 3028 wrote to memory of 2952	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	47
PID 3028 wrote to memory of 2952	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	47
PID 3028 wrote to memory of 2412	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	48
PID 3028 wrote to memory of 2412	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	48
PID 3028 wrote to memory of 2412	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	48
PID 3028 wrote to memory of 2136	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	49
PID 3028 wrote to memory of 2136	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	49
PID 3028 wrote to memory of 2136	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	49
PID 3028 wrote to memory of 2372	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	50
PID 3028 wrote to memory of 2372	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	50
PID 3028 wrote to memory of 2372	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	50
PID 3028 wrote to memory of 1432	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	51
PID 3028 wrote to memory of 1432	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	51
PID 3028 wrote to memory of 1432	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	51
PID 3028 wrote to memory of 1740	3028	064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe	52

C:\Users\Admin\AppData\Local\Temp\064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe
"C:\Users\Admin\AppData\Local\Temp\064e18b996304d950b839d63dc5b550544632ee6ba97a0df6ece9ad37f6265c2.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\System\GiEwSGJ.exe
  C:\Windows\System\GiEwSGJ.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\LgybVIp.exe
  C:\Windows\System\LgybVIp.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\VCthRSU.exe
  C:\Windows\System\VCthRSU.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\UyuiGwJ.exe
  C:\Windows\System\UyuiGwJ.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\zUGjfMD.exe
  C:\Windows\System\zUGjfMD.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\ygzwaex.exe
  C:\Windows\System\ygzwaex.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\qmDZoHL.exe
  C:\Windows\System\qmDZoHL.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\BfdkHpp.exe
  C:\Windows\System\BfdkHpp.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\DAjGzTZ.exe
  C:\Windows\System\DAjGzTZ.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\oRFRjgM.exe
  C:\Windows\System\oRFRjgM.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\KWhzwaQ.exe
  C:\Windows\System\KWhzwaQ.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\lGeSKWf.exe
  C:\Windows\System\lGeSKWf.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\xENwjNZ.exe
  C:\Windows\System\xENwjNZ.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\RnZtOtK.exe
  C:\Windows\System\RnZtOtK.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\KxqsHJi.exe
  C:\Windows\System\KxqsHJi.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\tQxiqSH.exe
  C:\Windows\System\tQxiqSH.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\wxakzKG.exe
  C:\Windows\System\wxakzKG.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\CHlOfXt.exe
  C:\Windows\System\CHlOfXt.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\nViBEvA.exe
  C:\Windows\System\nViBEvA.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\AEEVFmv.exe
  C:\Windows\System\AEEVFmv.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\qKgvlrx.exe
  C:\Windows\System\qKgvlrx.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\MyfCdNY.exe
  C:\Windows\System\MyfCdNY.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\WIdufdS.exe
  C:\Windows\System\WIdufdS.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\kYXWHCE.exe
  C:\Windows\System\kYXWHCE.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\HJqquSx.exe
  C:\Windows\System\HJqquSx.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\AUgBkDg.exe
  C:\Windows\System\AUgBkDg.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\HUUvVMo.exe
  C:\Windows\System\HUUvVMo.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\FGeAYwh.exe
  C:\Windows\System\FGeAYwh.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\MPSuCwk.exe
  C:\Windows\System\MPSuCwk.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\fofdlSy.exe
  C:\Windows\System\fofdlSy.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\ekuXWna.exe
  C:\Windows\System\ekuXWna.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\LVNsMtK.exe
  C:\Windows\System\LVNsMtK.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\icQwgBC.exe
  C:\Windows\System\icQwgBC.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\wigMpwY.exe
  C:\Windows\System\wigMpwY.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\izelVZh.exe
  C:\Windows\System\izelVZh.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\HNqLmYC.exe
  C:\Windows\System\HNqLmYC.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\YHwlAwi.exe
  C:\Windows\System\YHwlAwi.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\ceKZmeT.exe
  C:\Windows\System\ceKZmeT.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\EcAbLtF.exe
  C:\Windows\System\EcAbLtF.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\gdDcQtv.exe
  C:\Windows\System\gdDcQtv.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\nZIeWpR.exe
  C:\Windows\System\nZIeWpR.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\ZvuNCMO.exe
  C:\Windows\System\ZvuNCMO.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\eDtsFpV.exe
  C:\Windows\System\eDtsFpV.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\xyQIgSw.exe
  C:\Windows\System\xyQIgSw.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\fyxLPyS.exe
  C:\Windows\System\fyxLPyS.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\KZhXRfW.exe
  C:\Windows\System\KZhXRfW.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\BfbUkum.exe
  C:\Windows\System\BfbUkum.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\IDjYVgF.exe
  C:\Windows\System\IDjYVgF.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\FGIbImF.exe
  C:\Windows\System\FGIbImF.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\JeFlHxy.exe
  C:\Windows\System\JeFlHxy.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\bdFrRxk.exe
  C:\Windows\System\bdFrRxk.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\AuwCAhU.exe
  C:\Windows\System\AuwCAhU.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\lPMwEDV.exe
  C:\Windows\System\lPMwEDV.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\nuFfHXY.exe
  C:\Windows\System\nuFfHXY.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\taVtUsL.exe
  C:\Windows\System\taVtUsL.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\dEyYDtI.exe
  C:\Windows\System\dEyYDtI.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\yUIuVPa.exe
  C:\Windows\System\yUIuVPa.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\qEBsttq.exe
  C:\Windows\System\qEBsttq.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\HvVWsmF.exe
  C:\Windows\System\HvVWsmF.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\BRpmLKe.exe
  C:\Windows\System\BRpmLKe.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\MDQnuHr.exe
  C:\Windows\System\MDQnuHr.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\RTSZLNd.exe
  C:\Windows\System\RTSZLNd.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\SDymVtb.exe
  C:\Windows\System\SDymVtb.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\nrJZKjJ.exe
  C:\Windows\System\nrJZKjJ.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\msnwLkR.exe
  C:\Windows\System\msnwLkR.exe
  2⤵
  PID:2244
- C:\Windows\System\ycvtNZr.exe
  C:\Windows\System\ycvtNZr.exe
  2⤵
  PID:2092
- C:\Windows\System\QAPJBtD.exe
  C:\Windows\System\QAPJBtD.exe
  2⤵
  PID:2344
- C:\Windows\System\AQNXbUh.exe
  C:\Windows\System\AQNXbUh.exe
  2⤵
  PID:1932
- C:\Windows\System\ttyDXRg.exe
  C:\Windows\System\ttyDXRg.exe
  2⤵
  PID:2916
- C:\Windows\System\dRgGfDG.exe
  C:\Windows\System\dRgGfDG.exe
  2⤵
  PID:1812
- C:\Windows\System\XVnPRQV.exe
  C:\Windows\System\XVnPRQV.exe
  2⤵
  PID:2096
- C:\Windows\System\qecjWZr.exe
  C:\Windows\System\qecjWZr.exe
  2⤵
  PID:3044
- C:\Windows\System\HINvSaQ.exe
  C:\Windows\System\HINvSaQ.exe
  2⤵
  PID:1768
- C:\Windows\System\YrprBKV.exe
  C:\Windows\System\YrprBKV.exe
  2⤵
  PID:444
- C:\Windows\System\BbqEBpR.exe
  C:\Windows\System\BbqEBpR.exe
  2⤵
  PID:2436
- C:\Windows\System\suEyfSe.exe
  C:\Windows\System\suEyfSe.exe
  2⤵
  PID:1660
- C:\Windows\System\eiSTqUD.exe
  C:\Windows\System\eiSTqUD.exe
  2⤵
  PID:1540
- C:\Windows\System\XFFzzTE.exe
  C:\Windows\System\XFFzzTE.exe
  2⤵
  PID:1680
- C:\Windows\System\NkYeQBV.exe
  C:\Windows\System\NkYeQBV.exe
  2⤵
  PID:1600
- C:\Windows\System\IkDzcUQ.exe
  C:\Windows\System\IkDzcUQ.exe
  2⤵
  PID:1672
- C:\Windows\System\QJIITpL.exe
  C:\Windows\System\QJIITpL.exe
  2⤵
  PID:2332
- C:\Windows\System\UhwGgGc.exe
  C:\Windows\System\UhwGgGc.exe
  2⤵
  PID:1736
- C:\Windows\System\dfskGzK.exe
  C:\Windows\System\dfskGzK.exe
  2⤵
  PID:2532
- C:\Windows\System\dxhpCik.exe
  C:\Windows\System\dxhpCik.exe
  2⤵
  PID:2904
- C:\Windows\System\JntuXNS.exe
  C:\Windows\System\JntuXNS.exe
  2⤵
  PID:2316
- C:\Windows\System\uwwRkMP.exe
  C:\Windows\System\uwwRkMP.exe
  2⤵
  PID:1264
- C:\Windows\System\IBuxsRn.exe
  C:\Windows\System\IBuxsRn.exe
  2⤵
  PID:1588
- C:\Windows\System\rJHKulP.exe
  C:\Windows\System\rJHKulP.exe
  2⤵
  PID:2896
- C:\Windows\System\nrIdAAL.exe
  C:\Windows\System\nrIdAAL.exe
  2⤵
  PID:3048
- C:\Windows\System\jkHJUoi.exe
  C:\Windows\System\jkHJUoi.exe
  2⤵
  PID:932
- C:\Windows\System\RAwWQWT.exe
  C:\Windows\System\RAwWQWT.exe
  2⤵
  PID:1628
- C:\Windows\System\pNUlYiC.exe
  C:\Windows\System\pNUlYiC.exe
  2⤵
  PID:2460
- C:\Windows\System\njlCbmT.exe
  C:\Windows\System\njlCbmT.exe
  2⤵
  PID:1640
- C:\Windows\System\BkrgarM.exe
  C:\Windows\System\BkrgarM.exe
  2⤵
  PID:1972
- C:\Windows\System\ovMBthj.exe
  C:\Windows\System\ovMBthj.exe
  2⤵
  PID:532
- C:\Windows\System\jWtmyxn.exe
  C:\Windows\System\jWtmyxn.exe
  2⤵
  PID:1976
- C:\Windows\System\IPMToUg.exe
  C:\Windows\System\IPMToUg.exe
  2⤵
  PID:2088
- C:\Windows\System\RTcWkje.exe
  C:\Windows\System\RTcWkje.exe
  2⤵
  PID:548
- C:\Windows\System\nrWeQLQ.exe
  C:\Windows\System\nrWeQLQ.exe
  2⤵
  PID:3068
- C:\Windows\System\sXnvdpw.exe
  C:\Windows\System\sXnvdpw.exe
  2⤵
  PID:836
- C:\Windows\System\qfUXoeV.exe
  C:\Windows\System\qfUXoeV.exe
  2⤵
  PID:1956
- C:\Windows\System\gwxCZBS.exe
  C:\Windows\System\gwxCZBS.exe
  2⤵
  PID:1716
- C:\Windows\System\EKILsSU.exe
  C:\Windows\System\EKILsSU.exe
  2⤵
  PID:904
- C:\Windows\System\yiMEOYF.exe
  C:\Windows\System\yiMEOYF.exe
  2⤵
  PID:2416
- C:\Windows\System\GkeUgFY.exe
  C:\Windows\System\GkeUgFY.exe
  2⤵
  PID:2380
- C:\Windows\System\lIvSdLU.exe
  C:\Windows\System\lIvSdLU.exe
  2⤵
  PID:2240
- C:\Windows\System\pgWXgBL.exe
  C:\Windows\System\pgWXgBL.exe
  2⤵
  PID:3092
- C:\Windows\System\bWGFRpv.exe
  C:\Windows\System\bWGFRpv.exe
  2⤵
  PID:3112
- C:\Windows\System\KHcXxEQ.exe
  C:\Windows\System\KHcXxEQ.exe
  2⤵
  PID:3132
- C:\Windows\System\LhcLDxR.exe
  C:\Windows\System\LhcLDxR.exe
  2⤵
  PID:3152
- C:\Windows\System\JyedTAP.exe
  C:\Windows\System\JyedTAP.exe
  2⤵
  PID:3172
- C:\Windows\System\rreMgPA.exe
  C:\Windows\System\rreMgPA.exe
  2⤵
  PID:3192
- C:\Windows\System\yqUzloZ.exe
  C:\Windows\System\yqUzloZ.exe
  2⤵
  PID:3212
- C:\Windows\System\pGnNTXw.exe
  C:\Windows\System\pGnNTXw.exe
  2⤵
  PID:3232
- C:\Windows\System\nQOHSzp.exe
  C:\Windows\System\nQOHSzp.exe
  2⤵
  PID:3252
- C:\Windows\System\vzitvTP.exe
  C:\Windows\System\vzitvTP.exe
  2⤵
  PID:3272
- C:\Windows\System\gwZxPWM.exe
  C:\Windows\System\gwZxPWM.exe
  2⤵
  PID:3292
- C:\Windows\System\WNLdxzZ.exe
  C:\Windows\System\WNLdxzZ.exe
  2⤵
  PID:3312
- C:\Windows\System\aeyatLt.exe
  C:\Windows\System\aeyatLt.exe
  2⤵
  PID:3332
- C:\Windows\System\SXqgxHS.exe
  C:\Windows\System\SXqgxHS.exe
  2⤵
  PID:3352
- C:\Windows\System\NtSindc.exe
  C:\Windows\System\NtSindc.exe
  2⤵
  PID:3372
- C:\Windows\System\ZsZuiIF.exe
  C:\Windows\System\ZsZuiIF.exe
  2⤵
  PID:3392
- C:\Windows\System\dTZwwRx.exe
  C:\Windows\System\dTZwwRx.exe
  2⤵
  PID:3412
- C:\Windows\System\QLHEvEI.exe
  C:\Windows\System\QLHEvEI.exe
  2⤵
  PID:3428
- C:\Windows\System\xleIVId.exe
  C:\Windows\System\xleIVId.exe
  2⤵
  PID:3456
- C:\Windows\System\ihGOMlj.exe
  C:\Windows\System\ihGOMlj.exe
  2⤵
  PID:3472
- C:\Windows\System\BYlwOur.exe
  C:\Windows\System\BYlwOur.exe
  2⤵
  PID:3492
- C:\Windows\System\gApdJbE.exe
  C:\Windows\System\gApdJbE.exe
  2⤵
  PID:3512
- C:\Windows\System\MLciZKp.exe
  C:\Windows\System\MLciZKp.exe
  2⤵
  PID:3536
- C:\Windows\System\KPNUvbk.exe
  C:\Windows\System\KPNUvbk.exe
  2⤵
  PID:3556
- C:\Windows\System\DiXOzuV.exe
  C:\Windows\System\DiXOzuV.exe
  2⤵
  PID:3576
- C:\Windows\System\OjnbMfl.exe
  C:\Windows\System\OjnbMfl.exe
  2⤵
  PID:3596
- C:\Windows\System\XYrKgjZ.exe
  C:\Windows\System\XYrKgjZ.exe
  2⤵
  PID:3616
- C:\Windows\System\GrpGpIH.exe
  C:\Windows\System\GrpGpIH.exe
  2⤵
  PID:3632
- C:\Windows\System\rKKgTgz.exe
  C:\Windows\System\rKKgTgz.exe
  2⤵
  PID:3656
- C:\Windows\System\iobSPTI.exe
  C:\Windows\System\iobSPTI.exe
  2⤵
  PID:3676
- C:\Windows\System\ZJmqMxP.exe
  C:\Windows\System\ZJmqMxP.exe
  2⤵
  PID:3696
- C:\Windows\System\EniFWCM.exe
  C:\Windows\System\EniFWCM.exe
  2⤵
  PID:3716
- C:\Windows\System\oUjulhY.exe
  C:\Windows\System\oUjulhY.exe
  2⤵
  PID:3736
- C:\Windows\System\ZpBoQsF.exe
  C:\Windows\System\ZpBoQsF.exe
  2⤵
  PID:3756
- C:\Windows\System\zEMSAls.exe
  C:\Windows\System\zEMSAls.exe
  2⤵
  PID:3776
- C:\Windows\System\mjDzEEQ.exe
  C:\Windows\System\mjDzEEQ.exe
  2⤵
  PID:3792
- C:\Windows\System\WoBWpOA.exe
  C:\Windows\System\WoBWpOA.exe
  2⤵
  PID:3812
- C:\Windows\System\TYjmlMN.exe
  C:\Windows\System\TYjmlMN.exe
  2⤵
  PID:3836
- C:\Windows\System\Zydfblu.exe
  C:\Windows\System\Zydfblu.exe
  2⤵
  PID:3856
- C:\Windows\System\FuAynjG.exe
  C:\Windows\System\FuAynjG.exe
  2⤵
  PID:3876
- C:\Windows\System\IBncfUX.exe
  C:\Windows\System\IBncfUX.exe
  2⤵
  PID:3896
- C:\Windows\System\ZAoHHSN.exe
  C:\Windows\System\ZAoHHSN.exe
  2⤵
  PID:3916
- C:\Windows\System\lYbKgFf.exe
  C:\Windows\System\lYbKgFf.exe
  2⤵
  PID:3936
- C:\Windows\System\bIIigCP.exe
  C:\Windows\System\bIIigCP.exe
  2⤵
  PID:3956
- C:\Windows\System\IASMhgl.exe
  C:\Windows\System\IASMhgl.exe
  2⤵
  PID:3976
- C:\Windows\System\aKVesyh.exe
  C:\Windows\System\aKVesyh.exe
  2⤵
  PID:3996
- C:\Windows\System\RyCapCV.exe
  C:\Windows\System\RyCapCV.exe
  2⤵
  PID:4016
- C:\Windows\System\PUjuSoT.exe
  C:\Windows\System\PUjuSoT.exe
  2⤵
  PID:4036
- C:\Windows\System\LUhWViE.exe
  C:\Windows\System\LUhWViE.exe
  2⤵
  PID:4056
- C:\Windows\System\aRmpcAx.exe
  C:\Windows\System\aRmpcAx.exe
  2⤵
  PID:4076
- C:\Windows\System\jzOPpVt.exe
  C:\Windows\System\jzOPpVt.exe
  2⤵
  PID:1584
- C:\Windows\System\dFbjaTj.exe
  C:\Windows\System\dFbjaTj.exe
  2⤵
  PID:2408
- C:\Windows\System\hBkSkPx.exe
  C:\Windows\System\hBkSkPx.exe
  2⤵
  PID:2688
- C:\Windows\System\ILiAGOk.exe
  C:\Windows\System\ILiAGOk.exe
  2⤵
  PID:1224
- C:\Windows\System\rkzwXYz.exe
  C:\Windows\System\rkzwXYz.exe
  2⤵
  PID:552
- C:\Windows\System\PgkaWYS.exe
  C:\Windows\System\PgkaWYS.exe
  2⤵
  PID:1924
- C:\Windows\System\YqsLdqC.exe
  C:\Windows\System\YqsLdqC.exe
  2⤵
  PID:2708
- C:\Windows\System\bbSKkro.exe
  C:\Windows\System\bbSKkro.exe
  2⤵
  PID:2748
- C:\Windows\System\MumpmtL.exe
  C:\Windows\System\MumpmtL.exe
  2⤵
  PID:2336
- C:\Windows\System\uzXypny.exe
  C:\Windows\System\uzXypny.exe
  2⤵
  PID:1180
- C:\Windows\System\LlKFaeH.exe
  C:\Windows\System\LlKFaeH.exe
  2⤵
  PID:2016
- C:\Windows\System\leFXaJx.exe
  C:\Windows\System\leFXaJx.exe
  2⤵
  PID:1696
- C:\Windows\System\fgCRPjI.exe
  C:\Windows\System\fgCRPjI.exe
  2⤵
  PID:3080
- C:\Windows\System\NNYCTkB.exe
  C:\Windows\System\NNYCTkB.exe
  2⤵
  PID:3100
- C:\Windows\System\sFQjsGJ.exe
  C:\Windows\System\sFQjsGJ.exe
  2⤵
  PID:3128
- C:\Windows\System\kTqlSfj.exe
  C:\Windows\System\kTqlSfj.exe
  2⤵
  PID:3168
- C:\Windows\System\aOxOqYF.exe
  C:\Windows\System\aOxOqYF.exe
  2⤵
  PID:3204
- C:\Windows\System\FfbNEaB.exe
  C:\Windows\System\FfbNEaB.exe
  2⤵
  PID:3220
- C:\Windows\System\XHpohOp.exe
  C:\Windows\System\XHpohOp.exe
  2⤵
  PID:2620
- C:\Windows\System\GjqVSPO.exe
  C:\Windows\System\GjqVSPO.exe
  2⤵
  PID:3284
- C:\Windows\System\VsnhPlK.exe
  C:\Windows\System\VsnhPlK.exe
  2⤵
  PID:3328
- C:\Windows\System\sxeFtCx.exe
  C:\Windows\System\sxeFtCx.exe
  2⤵
  PID:3304
- C:\Windows\System\IwELZTq.exe
  C:\Windows\System\IwELZTq.exe
  2⤵
  PID:3400
- C:\Windows\System\grfuuAG.exe
  C:\Windows\System\grfuuAG.exe
  2⤵
  PID:3436
- C:\Windows\System\rRgcZDa.exe
  C:\Windows\System\rRgcZDa.exe
  2⤵
  PID:3424
- C:\Windows\System\MFZxGUI.exe
  C:\Windows\System\MFZxGUI.exe
  2⤵
  PID:3520
- C:\Windows\System\hIJSirE.exe
  C:\Windows\System\hIJSirE.exe
  2⤵
  PID:3468
- C:\Windows\System\bRWReqj.exe
  C:\Windows\System\bRWReqj.exe
  2⤵
  PID:3572
- C:\Windows\System\vLsAAnz.exe
  C:\Windows\System\vLsAAnz.exe
  2⤵
  PID:3584
- C:\Windows\System\kcaVBcI.exe
  C:\Windows\System\kcaVBcI.exe
  2⤵
  PID:3592
- C:\Windows\System\zfameRQ.exe
  C:\Windows\System\zfameRQ.exe
  2⤵
  PID:3648
- C:\Windows\System\EWZaztc.exe
  C:\Windows\System\EWZaztc.exe
  2⤵
  PID:3664
- C:\Windows\System\rjVpKWm.exe
  C:\Windows\System\rjVpKWm.exe
  2⤵
  PID:3724
- C:\Windows\System\hdlmwZT.exe
  C:\Windows\System\hdlmwZT.exe
  2⤵
  PID:3764
- C:\Windows\System\ParYHus.exe
  C:\Windows\System\ParYHus.exe
  2⤵
  PID:3748
- C:\Windows\System\wlDmapq.exe
  C:\Windows\System\wlDmapq.exe
  2⤵
  PID:3784
- C:\Windows\System\ANZrXbT.exe
  C:\Windows\System\ANZrXbT.exe
  2⤵
  PID:3832
- C:\Windows\System\ZWFYsvk.exe
  C:\Windows\System\ZWFYsvk.exe
  2⤵
  PID:3888
- C:\Windows\System\yvbUbkH.exe
  C:\Windows\System\yvbUbkH.exe
  2⤵
  PID:3932
- C:\Windows\System\mgENEbU.exe
  C:\Windows\System\mgENEbU.exe
  2⤵
  PID:3968
- C:\Windows\System\VIhzfQF.exe
  C:\Windows\System\VIhzfQF.exe
  2⤵
  PID:3984
- C:\Windows\System\xvMBagm.exe
  C:\Windows\System\xvMBagm.exe
  2⤵
  PID:3988
- C:\Windows\System\Mgscesz.exe
  C:\Windows\System\Mgscesz.exe
  2⤵
  PID:4084
- C:\Windows\System\vXniCHw.exe
  C:\Windows\System\vXniCHw.exe
  2⤵
  PID:4064
- C:\Windows\System\xAmATQv.exe
  C:\Windows\System\xAmATQv.exe
  2⤵
  PID:1592
- C:\Windows\System\AEZQEga.exe
  C:\Windows\System\AEZQEga.exe
  2⤵
  PID:2224
- C:\Windows\System\YBWoGnU.exe
  C:\Windows\System\YBWoGnU.exe
  2⤵
  PID:2472
- C:\Windows\System\AIxxFLe.exe
  C:\Windows\System\AIxxFLe.exe
  2⤵
  PID:2196
- C:\Windows\System\xmbfIcN.exe
  C:\Windows\System\xmbfIcN.exe
  2⤵
  PID:2872
- C:\Windows\System\MAKXOhN.exe
  C:\Windows\System\MAKXOhN.exe
  2⤵
  PID:292
- C:\Windows\System\ppZgRRV.exe
  C:\Windows\System\ppZgRRV.exe
  2⤵
  PID:3008
- C:\Windows\System\TgoxYpA.exe
  C:\Windows\System\TgoxYpA.exe
  2⤵
  PID:2768
- C:\Windows\System\dYtAfgW.exe
  C:\Windows\System\dYtAfgW.exe
  2⤵
  PID:3160
- C:\Windows\System\DKKTMtX.exe
  C:\Windows\System\DKKTMtX.exe
  2⤵
  PID:3200
- C:\Windows\System\zOUdiSX.exe
  C:\Windows\System\zOUdiSX.exe
  2⤵
  PID:3228
- C:\Windows\System\LwzYglr.exe
  C:\Windows\System\LwzYglr.exe
  2⤵
  PID:3264
- C:\Windows\System\IQzSXjm.exe
  C:\Windows\System\IQzSXjm.exe
  2⤵
  PID:3380
- C:\Windows\System\JpzuQgo.exe
  C:\Windows\System\JpzuQgo.exe
  2⤵
  PID:2964
- C:\Windows\System\KhNRqXA.exe
  C:\Windows\System\KhNRqXA.exe
  2⤵
  PID:3532
- C:\Windows\System\hKQYkwx.exe
  C:\Windows\System\hKQYkwx.exe
  2⤵
  PID:3480
- C:\Windows\System\eknRLMx.exe
  C:\Windows\System\eknRLMx.exe
  2⤵
  PID:3564
- C:\Windows\System\KvNTuVE.exe
  C:\Windows\System\KvNTuVE.exe
  2⤵
  PID:3652
- C:\Windows\System\RgXLozN.exe
  C:\Windows\System\RgXLozN.exe
  2⤵
  PID:3692
- C:\Windows\System\akTXsRR.exe
  C:\Windows\System\akTXsRR.exe
  2⤵
  PID:3728
- C:\Windows\System\SqntZWG.exe
  C:\Windows\System\SqntZWG.exe
  2⤵
  PID:3808
- C:\Windows\System\bIWgfjv.exe
  C:\Windows\System\bIWgfjv.exe
  2⤵
  PID:3848
- C:\Windows\System\jscxbJA.exe
  C:\Windows\System\jscxbJA.exe
  2⤵
  PID:3884
- C:\Windows\System\EPwDQUj.exe
  C:\Windows\System\EPwDQUj.exe
  2⤵
  PID:3972
- C:\Windows\System\QuhBPun.exe
  C:\Windows\System\QuhBPun.exe
  2⤵
  PID:4052
- C:\Windows\System\hdyatfq.exe
  C:\Windows\System\hdyatfq.exe
  2⤵
  PID:4068
- C:\Windows\System\ZJzxEcL.exe
  C:\Windows\System\ZJzxEcL.exe
  2⤵
  PID:2724
- C:\Windows\System\MlVceEZ.exe
  C:\Windows\System\MlVceEZ.exe
  2⤵
  PID:1624
- C:\Windows\System\CCAETyN.exe
  C:\Windows\System\CCAETyN.exe
  2⤵
  PID:2644
- C:\Windows\System\LEUhBxM.exe
  C:\Windows\System\LEUhBxM.exe
  2⤵
  PID:2068
- C:\Windows\System\TiMxNGY.exe
  C:\Windows\System\TiMxNGY.exe
  2⤵
  PID:1632
- C:\Windows\System\tWZsgcx.exe
  C:\Windows\System\tWZsgcx.exe
  2⤵
  PID:1492
- C:\Windows\System\aRScxmF.exe
  C:\Windows\System\aRScxmF.exe
  2⤵
  PID:3180
- C:\Windows\System\aJbfCeN.exe
  C:\Windows\System\aJbfCeN.exe
  2⤵
  PID:3324
- C:\Windows\System\vlksLEZ.exe
  C:\Windows\System\vlksLEZ.exe
  2⤵
  PID:3420
- C:\Windows\System\eNizPOs.exe
  C:\Windows\System\eNizPOs.exe
  2⤵
  PID:3568
- C:\Windows\System\FWXzVJV.exe
  C:\Windows\System\FWXzVJV.exe
  2⤵
  PID:3608
- C:\Windows\System\aygRqyz.exe
  C:\Windows\System\aygRqyz.exe
  2⤵
  PID:3752
- C:\Windows\System\vpaegsR.exe
  C:\Windows\System\vpaegsR.exe
  2⤵
  PID:3684
- C:\Windows\System\xqciCVs.exe
  C:\Windows\System\xqciCVs.exe
  2⤵
  PID:3824
- C:\Windows\System\CvImpJk.exe
  C:\Windows\System\CvImpJk.exe
  2⤵
  PID:4012
- C:\Windows\System\YrGrtfG.exe
  C:\Windows\System\YrGrtfG.exe
  2⤵
  PID:2204
- C:\Windows\System\WXHwvJe.exe
  C:\Windows\System\WXHwvJe.exe
  2⤵
  PID:1784
- C:\Windows\System\GgAbYdr.exe
  C:\Windows\System\GgAbYdr.exe
  2⤵
  PID:2488
- C:\Windows\System\vBoyBub.exe
  C:\Windows\System\vBoyBub.exe
  2⤵
  PID:2272
- C:\Windows\System\QkyFEsM.exe
  C:\Windows\System\QkyFEsM.exe
  2⤵
  PID:3224
- C:\Windows\System\yPsVvVz.exe
  C:\Windows\System\yPsVvVz.exe
  2⤵
  PID:3280
- C:\Windows\System\AnXWBzz.exe
  C:\Windows\System\AnXWBzz.exe
  2⤵
  PID:3032
- C:\Windows\System\mHYpaRH.exe
  C:\Windows\System\mHYpaRH.exe
  2⤵
  PID:3488
- C:\Windows\System\sbQUaue.exe
  C:\Windows\System\sbQUaue.exe
  2⤵
  PID:3640
- C:\Windows\System\NaRFqrP.exe
  C:\Windows\System\NaRFqrP.exe
  2⤵
  PID:4100
- C:\Windows\System\DDVBHio.exe
  C:\Windows\System\DDVBHio.exe
  2⤵
  PID:4120
- C:\Windows\System\xNNeGaD.exe
  C:\Windows\System\xNNeGaD.exe
  2⤵
  PID:4140
- C:\Windows\System\brokBAX.exe
  C:\Windows\System\brokBAX.exe
  2⤵
  PID:4160
- C:\Windows\System\CiEqMhV.exe
  C:\Windows\System\CiEqMhV.exe
  2⤵
  PID:4180
- C:\Windows\System\kltUhYP.exe
  C:\Windows\System\kltUhYP.exe
  2⤵
  PID:4200
- C:\Windows\System\vMUmZHx.exe
  C:\Windows\System\vMUmZHx.exe
  2⤵
  PID:4220
- C:\Windows\System\NcdArIk.exe
  C:\Windows\System\NcdArIk.exe
  2⤵
  PID:4240
- C:\Windows\System\pgIiBwH.exe
  C:\Windows\System\pgIiBwH.exe
  2⤵
  PID:4260
- C:\Windows\System\BugSplv.exe
  C:\Windows\System\BugSplv.exe
  2⤵
  PID:4280
- C:\Windows\System\YPogZJz.exe
  C:\Windows\System\YPogZJz.exe
  2⤵
  PID:4300
- C:\Windows\System\XhLrYEv.exe
  C:\Windows\System\XhLrYEv.exe
  2⤵
  PID:4320
- C:\Windows\System\wTWiAgN.exe
  C:\Windows\System\wTWiAgN.exe
  2⤵
  PID:4340
- C:\Windows\System\thNPccn.exe
  C:\Windows\System\thNPccn.exe
  2⤵
  PID:4360
- C:\Windows\System\PAmoaeh.exe
  C:\Windows\System\PAmoaeh.exe
  2⤵
  PID:4380
- C:\Windows\System\doIodfE.exe
  C:\Windows\System\doIodfE.exe
  2⤵
  PID:4400
- C:\Windows\System\TBuHeem.exe
  C:\Windows\System\TBuHeem.exe
  2⤵
  PID:4420
- C:\Windows\System\BGNAGlD.exe
  C:\Windows\System\BGNAGlD.exe
  2⤵
  PID:4440
- C:\Windows\System\DDwPWYc.exe
  C:\Windows\System\DDwPWYc.exe
  2⤵
  PID:4460
- C:\Windows\System\sSbZPqn.exe
  C:\Windows\System\sSbZPqn.exe
  2⤵
  PID:4480
- C:\Windows\System\yMoBiVz.exe
  C:\Windows\System\yMoBiVz.exe
  2⤵
  PID:4504
- C:\Windows\System\yfaUEIn.exe
  C:\Windows\System\yfaUEIn.exe
  2⤵
  PID:4524
- C:\Windows\System\rxptTuf.exe
  C:\Windows\System\rxptTuf.exe
  2⤵
  PID:4544
- C:\Windows\System\UrRAXVf.exe
  C:\Windows\System\UrRAXVf.exe
  2⤵
  PID:4564
- C:\Windows\System\zvGeuLu.exe
  C:\Windows\System\zvGeuLu.exe
  2⤵
  PID:4584
- C:\Windows\System\XGlrITL.exe
  C:\Windows\System\XGlrITL.exe
  2⤵
  PID:4604
- C:\Windows\System\AwjYIeJ.exe
  C:\Windows\System\AwjYIeJ.exe
  2⤵
  PID:4624
- C:\Windows\System\WcJxgST.exe
  C:\Windows\System\WcJxgST.exe
  2⤵
  PID:4644
- C:\Windows\System\urjpDKt.exe
  C:\Windows\System\urjpDKt.exe
  2⤵
  PID:4664
- C:\Windows\System\sSIJeEt.exe
  C:\Windows\System\sSIJeEt.exe
  2⤵
  PID:4684
- C:\Windows\System\wmHMNtu.exe
  C:\Windows\System\wmHMNtu.exe
  2⤵
  PID:4704
- C:\Windows\System\pSPlgcP.exe
  C:\Windows\System\pSPlgcP.exe
  2⤵
  PID:4724
- C:\Windows\System\AjKoxSV.exe
  C:\Windows\System\AjKoxSV.exe
  2⤵
  PID:4744
- C:\Windows\System\wzLMgOR.exe
  C:\Windows\System\wzLMgOR.exe
  2⤵
  PID:4764
- C:\Windows\System\uiKDwVy.exe
  C:\Windows\System\uiKDwVy.exe
  2⤵
  PID:4784
- C:\Windows\System\TVIzPWc.exe
  C:\Windows\System\TVIzPWc.exe
  2⤵
  PID:4804
- C:\Windows\System\kofvCKU.exe
  C:\Windows\System\kofvCKU.exe
  2⤵
  PID:4824
- C:\Windows\System\lLnDZJu.exe
  C:\Windows\System\lLnDZJu.exe
  2⤵
  PID:4844
- C:\Windows\System\IeyrHpJ.exe
  C:\Windows\System\IeyrHpJ.exe
  2⤵
  PID:4864
- C:\Windows\System\qxxazjZ.exe
  C:\Windows\System\qxxazjZ.exe
  2⤵
  PID:4884
- C:\Windows\System\iEnLyyf.exe
  C:\Windows\System\iEnLyyf.exe
  2⤵
  PID:4904
- C:\Windows\System\sYvsFwK.exe
  C:\Windows\System\sYvsFwK.exe
  2⤵
  PID:4924
- C:\Windows\System\lwUPdJN.exe
  C:\Windows\System\lwUPdJN.exe
  2⤵
  PID:4944
- C:\Windows\System\FukihbX.exe
  C:\Windows\System\FukihbX.exe
  2⤵
  PID:4964
- C:\Windows\System\ekppPqm.exe
  C:\Windows\System\ekppPqm.exe
  2⤵
  PID:4984
- C:\Windows\System\smlxdof.exe
  C:\Windows\System\smlxdof.exe
  2⤵
  PID:5004
- C:\Windows\System\vQpyQoL.exe
  C:\Windows\System\vQpyQoL.exe
  2⤵
  PID:5024
- C:\Windows\System\CRbFMuU.exe
  C:\Windows\System\CRbFMuU.exe
  2⤵
  PID:5044
- C:\Windows\System\fpoFLJx.exe
  C:\Windows\System\fpoFLJx.exe
  2⤵
  PID:5064
- C:\Windows\System\iSBwMDG.exe
  C:\Windows\System\iSBwMDG.exe
  2⤵
  PID:5084
- C:\Windows\System\hligWMI.exe
  C:\Windows\System\hligWMI.exe
  2⤵
  PID:5104
- C:\Windows\System\dvVRrLV.exe
  C:\Windows\System\dvVRrLV.exe
  2⤵
  PID:3964
- C:\Windows\System\dRnmvJN.exe
  C:\Windows\System\dRnmvJN.exe
  2⤵
  PID:3952
- C:\Windows\System\FFaUcRw.exe
  C:\Windows\System\FFaUcRw.exe
  2⤵
  PID:2812
- C:\Windows\System\dxVhHCI.exe
  C:\Windows\System\dxVhHCI.exe
  2⤵
  PID:2276
- C:\Windows\System\shXwvSi.exe
  C:\Windows\System\shXwvSi.exe
  2⤵
  PID:3108
- C:\Windows\System\bCYybwB.exe
  C:\Windows\System\bCYybwB.exe
  2⤵
  PID:3384
- C:\Windows\System\bWTtzxZ.exe
  C:\Windows\System\bWTtzxZ.exe
  2⤵
  PID:3712
- C:\Windows\System\KddiriT.exe
  C:\Windows\System\KddiriT.exe
  2⤵
  PID:4128
- C:\Windows\System\ZXKLiPZ.exe
  C:\Windows\System\ZXKLiPZ.exe
  2⤵
  PID:4136
- C:\Windows\System\dwKmdYE.exe
  C:\Windows\System\dwKmdYE.exe
  2⤵
  PID:4176
- C:\Windows\System\NlmtCaj.exe
  C:\Windows\System\NlmtCaj.exe
  2⤵
  PID:4196
- C:\Windows\System\cZUJgOJ.exe
  C:\Windows\System\cZUJgOJ.exe
  2⤵
  PID:4256
- C:\Windows\System\nObIxqz.exe
  C:\Windows\System\nObIxqz.exe
  2⤵
  PID:4236
- C:\Windows\System\cJxMkbI.exe
  C:\Windows\System\cJxMkbI.exe
  2⤵
  PID:4308
- C:\Windows\System\sdBsrfx.exe
  C:\Windows\System\sdBsrfx.exe
  2⤵
  PID:4332
- C:\Windows\System\TabdETr.exe
  C:\Windows\System\TabdETr.exe
  2⤵
  PID:4348
- C:\Windows\System\SOZduEp.exe
  C:\Windows\System\SOZduEp.exe
  2⤵
  PID:4416
- C:\Windows\System\MTVDloc.exe
  C:\Windows\System\MTVDloc.exe
  2⤵
  PID:4448
- C:\Windows\System\hhpubNL.exe
  C:\Windows\System\hhpubNL.exe
  2⤵
  PID:4468
- C:\Windows\System\rMzIXnZ.exe
  C:\Windows\System\rMzIXnZ.exe
  2⤵
  PID:4472
- C:\Windows\System\tCbFDPm.exe
  C:\Windows\System\tCbFDPm.exe
  2⤵
  PID:4540
- C:\Windows\System\gVLcmeL.exe
  C:\Windows\System\gVLcmeL.exe
  2⤵
  PID:4560
- C:\Windows\System\BqgZCEn.exe
  C:\Windows\System\BqgZCEn.exe
  2⤵
  PID:4620
- C:\Windows\System\imsVMFZ.exe
  C:\Windows\System\imsVMFZ.exe
  2⤵
  PID:4652
- C:\Windows\System\ygkgKHU.exe
  C:\Windows\System\ygkgKHU.exe
  2⤵
  PID:2184
- C:\Windows\System\xtGDOTj.exe
  C:\Windows\System\xtGDOTj.exe
  2⤵
  PID:4696
- C:\Windows\System\aSwxPEq.exe
  C:\Windows\System\aSwxPEq.exe
  2⤵
  PID:4732
- C:\Windows\System\vmAMIAQ.exe
  C:\Windows\System\vmAMIAQ.exe
  2⤵
  PID:4772
- C:\Windows\System\BIcYsAs.exe
  C:\Windows\System\BIcYsAs.exe
  2⤵
  PID:4792
- C:\Windows\System\XNreAHv.exe
  C:\Windows\System\XNreAHv.exe
  2⤵
  PID:4796
- C:\Windows\System\ZhHuzmS.exe
  C:\Windows\System\ZhHuzmS.exe
  2⤵
  PID:4840
- C:\Windows\System\xUuFWWr.exe
  C:\Windows\System\xUuFWWr.exe
  2⤵
  PID:4896
- C:\Windows\System\ienRFKG.exe
  C:\Windows\System\ienRFKG.exe
  2⤵
  PID:4936
- C:\Windows\System\xNilIgX.exe
  C:\Windows\System\xNilIgX.exe
  2⤵
  PID:4972
- C:\Windows\System\uSdwvJd.exe
  C:\Windows\System\uSdwvJd.exe
  2⤵
  PID:4992
- C:\Windows\System\bPHfrAF.exe
  C:\Windows\System\bPHfrAF.exe
  2⤵
  PID:5000
- C:\Windows\System\eCEOFmC.exe
  C:\Windows\System\eCEOFmC.exe
  2⤵
  PID:5040
- C:\Windows\System\KTdQVlV.exe
  C:\Windows\System\KTdQVlV.exe
  2⤵
  PID:5072
- C:\Windows\System\ptOBmmX.exe
  C:\Windows\System\ptOBmmX.exe
  2⤵
  PID:5112
- C:\Windows\System\bMlpbLq.exe
  C:\Windows\System\bMlpbLq.exe
  2⤵
  PID:5116
- C:\Windows\System\FVTaYzO.exe
  C:\Windows\System\FVTaYzO.exe
  2⤵
  PID:4032
- C:\Windows\System\YasDBUy.exe
  C:\Windows\System\YasDBUy.exe
  2⤵
  PID:3084
- C:\Windows\System\fZJkKRw.exe
  C:\Windows\System\fZJkKRw.exe
  2⤵
  PID:3484
- C:\Windows\System\hzKZrig.exe
  C:\Windows\System\hzKZrig.exe
  2⤵
  PID:1476
- C:\Windows\System\VNXHhMF.exe
  C:\Windows\System\VNXHhMF.exe
  2⤵
  PID:4168
- C:\Windows\System\KayOoTo.exe
  C:\Windows\System\KayOoTo.exe
  2⤵
  PID:4212
- C:\Windows\System\cZnQkqz.exe
  C:\Windows\System\cZnQkqz.exe
  2⤵
  PID:1040
- C:\Windows\System\KtCBdVJ.exe
  C:\Windows\System\KtCBdVJ.exe
  2⤵
  PID:4292
- C:\Windows\System\SbNxcRz.exe
  C:\Windows\System\SbNxcRz.exe
  2⤵
  PID:4368
- C:\Windows\System\HCJnZrm.exe
  C:\Windows\System\HCJnZrm.exe
  2⤵
  PID:2856
- C:\Windows\System\ZjYrvuc.exe
  C:\Windows\System\ZjYrvuc.exe
  2⤵
  PID:4408
- C:\Windows\System\SrnNPfb.exe
  C:\Windows\System\SrnNPfb.exe
  2⤵
  PID:2728
- C:\Windows\System\gwVYHVz.exe
  C:\Windows\System\gwVYHVz.exe
  2⤵
  PID:4452
- C:\Windows\System\HvEuBTS.exe
  C:\Windows\System\HvEuBTS.exe
  2⤵
  PID:4500
- C:\Windows\System\FhXTksV.exe
  C:\Windows\System\FhXTksV.exe
  2⤵
  PID:4532
- C:\Windows\System\kTpbSNM.exe
  C:\Windows\System\kTpbSNM.exe
  2⤵
  PID:4612
- C:\Windows\System\JyzVJwK.exe
  C:\Windows\System\JyzVJwK.exe
  2⤵
  PID:2188
- C:\Windows\System\bMVvZBg.exe
  C:\Windows\System\bMVvZBg.exe
  2⤵
  PID:4740
- C:\Windows\System\TZyGvKp.exe
  C:\Windows\System\TZyGvKp.exe
  2⤵
  PID:4776
- C:\Windows\System\ydrSfCm.exe
  C:\Windows\System\ydrSfCm.exe
  2⤵
  PID:4760
- C:\Windows\System\bsAoswm.exe
  C:\Windows\System\bsAoswm.exe
  2⤵
  PID:4900
- C:\Windows\System\qVCXCSU.exe
  C:\Windows\System\qVCXCSU.exe
  2⤵
  PID:4920
- C:\Windows\System\xzzXixa.exe
  C:\Windows\System\xzzXixa.exe
  2⤵
  PID:4956
- C:\Windows\System\dEDKqpe.exe
  C:\Windows\System\dEDKqpe.exe
  2⤵
  PID:5056
- C:\Windows\System\KWVqRnl.exe
  C:\Windows\System\KWVqRnl.exe
  2⤵
  PID:5092
- C:\Windows\System\GzbJbyX.exe
  C:\Windows\System\GzbJbyX.exe
  2⤵
  PID:3868
- C:\Windows\System\JUmSImP.exe
  C:\Windows\System\JUmSImP.exe
  2⤵
  PID:3140
- C:\Windows\System\eTGbxil.exe
  C:\Windows\System\eTGbxil.exe
  2⤵
  PID:2972
- C:\Windows\System\ArdrIOV.exe
  C:\Windows\System\ArdrIOV.exe
  2⤵
  PID:4156
- C:\Windows\System\wYdAdFv.exe
  C:\Windows\System\wYdAdFv.exe
  2⤵
  PID:4248
- C:\Windows\System\iXqPjZk.exe
  C:\Windows\System\iXqPjZk.exe
  2⤵
  PID:4272
- C:\Windows\System\OMrqknK.exe
  C:\Windows\System\OMrqknK.exe
  2⤵
  PID:4316
- C:\Windows\System\BZRXAiH.exe
  C:\Windows\System\BZRXAiH.exe
  2⤵
  PID:1796
- C:\Windows\System\WyPBCWz.exe
  C:\Windows\System\WyPBCWz.exe
  2⤵
  PID:1544
- C:\Windows\System\vidDNSW.exe
  C:\Windows\System\vidDNSW.exe
  2⤵
  PID:4552
- C:\Windows\System\QcHniqv.exe
  C:\Windows\System\QcHniqv.exe
  2⤵
  PID:4600
- C:\Windows\System\nQPdbbD.exe
  C:\Windows\System\nQPdbbD.exe
  2⤵
  PID:4640
- C:\Windows\System\HMxoBQx.exe
  C:\Windows\System\HMxoBQx.exe
  2⤵
  PID:4712
- C:\Windows\System\bqgFPTs.exe
  C:\Windows\System\bqgFPTs.exe
  2⤵
  PID:5136
- C:\Windows\System\AqJcfLO.exe
  C:\Windows\System\AqJcfLO.exe
  2⤵
  PID:5156
- C:\Windows\System\HHytrPI.exe
  C:\Windows\System\HHytrPI.exe
  2⤵
  PID:5176
- C:\Windows\System\ciALmnA.exe
  C:\Windows\System\ciALmnA.exe
  2⤵
  PID:5196
- C:\Windows\System\NlGkWwb.exe
  C:\Windows\System\NlGkWwb.exe
  2⤵
  PID:5216
- C:\Windows\System\aSNBVXO.exe
  C:\Windows\System\aSNBVXO.exe
  2⤵
  PID:5236
- C:\Windows\System\RUBSOcg.exe
  C:\Windows\System\RUBSOcg.exe
  2⤵
  PID:5256
- C:\Windows\System\sxvwINu.exe
  C:\Windows\System\sxvwINu.exe
  2⤵
  PID:5276
- C:\Windows\System\EwWQoyF.exe
  C:\Windows\System\EwWQoyF.exe
  2⤵
  PID:5296
- C:\Windows\System\dwGUaqq.exe
  C:\Windows\System\dwGUaqq.exe
  2⤵
  PID:5316
- C:\Windows\System\zhVDtyy.exe
  C:\Windows\System\zhVDtyy.exe
  2⤵
  PID:5336
- C:\Windows\System\RYGmFWu.exe
  C:\Windows\System\RYGmFWu.exe
  2⤵
  PID:5356
- C:\Windows\System\rQYSJwT.exe
  C:\Windows\System\rQYSJwT.exe
  2⤵
  PID:5376
- C:\Windows\System\laCNzSv.exe
  C:\Windows\System\laCNzSv.exe
  2⤵
  PID:5396
- C:\Windows\System\SLKNFDg.exe
  C:\Windows\System\SLKNFDg.exe
  2⤵
  PID:5416
- C:\Windows\System\eAlbQeb.exe
  C:\Windows\System\eAlbQeb.exe
  2⤵
  PID:5436
- C:\Windows\System\qVdvNba.exe
  C:\Windows\System\qVdvNba.exe
  2⤵
  PID:5456
- C:\Windows\System\vhxjQqw.exe
  C:\Windows\System\vhxjQqw.exe
  2⤵
  PID:5476
- C:\Windows\System\SzCIDVy.exe
  C:\Windows\System\SzCIDVy.exe
  2⤵
  PID:5496
- C:\Windows\System\jPsTVrv.exe
  C:\Windows\System\jPsTVrv.exe
  2⤵
  PID:5516
- C:\Windows\System\pEpxhzO.exe
  C:\Windows\System\pEpxhzO.exe
  2⤵
  PID:5536
- C:\Windows\System\SihpXyc.exe
  C:\Windows\System\SihpXyc.exe
  2⤵
  PID:5556
- C:\Windows\System\AyNNgFp.exe
  C:\Windows\System\AyNNgFp.exe
  2⤵
  PID:5576
- C:\Windows\System\JwJPWBO.exe
  C:\Windows\System\JwJPWBO.exe
  2⤵
  PID:5596
- C:\Windows\System\RSrmrIB.exe
  C:\Windows\System\RSrmrIB.exe
  2⤵
  PID:5616
- C:\Windows\System\DXUERyn.exe
  C:\Windows\System\DXUERyn.exe
  2⤵
  PID:5636
- C:\Windows\System\qnfuIYv.exe
  C:\Windows\System\qnfuIYv.exe
  2⤵
  PID:5656
- C:\Windows\System\YYJUyOR.exe
  C:\Windows\System\YYJUyOR.exe
  2⤵
  PID:5676
- C:\Windows\System\TkDzwoP.exe
  C:\Windows\System\TkDzwoP.exe
  2⤵
  PID:5696
- C:\Windows\System\sFZARan.exe
  C:\Windows\System\sFZARan.exe
  2⤵
  PID:5716
- C:\Windows\System\RjUGHSz.exe
  C:\Windows\System\RjUGHSz.exe
  2⤵
  PID:5736
- C:\Windows\System\torcmFr.exe
  C:\Windows\System\torcmFr.exe
  2⤵
  PID:5756
- C:\Windows\System\KYlyJSH.exe
  C:\Windows\System\KYlyJSH.exe
  2⤵
  PID:5776
- C:\Windows\System\KrzAbzg.exe
  C:\Windows\System\KrzAbzg.exe
  2⤵
  PID:5800
- C:\Windows\System\bvxuRgC.exe
  C:\Windows\System\bvxuRgC.exe
  2⤵
  PID:5820
- C:\Windows\System\cmeqAUg.exe
  C:\Windows\System\cmeqAUg.exe
  2⤵
  PID:5840
- C:\Windows\System\CWpoMSo.exe
  C:\Windows\System\CWpoMSo.exe
  2⤵
  PID:5860
- C:\Windows\System\NWedQBm.exe
  C:\Windows\System\NWedQBm.exe
  2⤵
  PID:5880
- C:\Windows\System\yIuFJUo.exe
  C:\Windows\System\yIuFJUo.exe
  2⤵
  PID:5900
- C:\Windows\System\tRiOylB.exe
  C:\Windows\System\tRiOylB.exe
  2⤵
  PID:5920
- C:\Windows\System\VnDYYsN.exe
  C:\Windows\System\VnDYYsN.exe
  2⤵
  PID:5940
- C:\Windows\System\ytvTRPj.exe
  C:\Windows\System\ytvTRPj.exe
  2⤵
  PID:5960
- C:\Windows\System\oQiEJJf.exe
  C:\Windows\System\oQiEJJf.exe
  2⤵
  PID:5980
- C:\Windows\System\GilAcAI.exe
  C:\Windows\System\GilAcAI.exe
  2⤵
  PID:6000
- C:\Windows\System\nsYdQqm.exe
  C:\Windows\System\nsYdQqm.exe
  2⤵
  PID:6020
- C:\Windows\System\YIgNqbX.exe
  C:\Windows\System\YIgNqbX.exe
  2⤵
  PID:6040
- C:\Windows\System\kcCDekL.exe
  C:\Windows\System\kcCDekL.exe
  2⤵
  PID:6060
- C:\Windows\System\GcotrmC.exe
  C:\Windows\System\GcotrmC.exe
  2⤵
  PID:6080
- C:\Windows\System\eLYJXyq.exe
  C:\Windows\System\eLYJXyq.exe
  2⤵
  PID:6100
- C:\Windows\System\RWwcvQP.exe
  C:\Windows\System\RWwcvQP.exe
  2⤵
  PID:6120
- C:\Windows\System\ZSETzqW.exe
  C:\Windows\System\ZSETzqW.exe
  2⤵
  PID:6140
- C:\Windows\System\giebqbS.exe
  C:\Windows\System\giebqbS.exe
  2⤵
  PID:4832
- C:\Windows\System\YWjVmFu.exe
  C:\Windows\System\YWjVmFu.exe
  2⤵
  PID:1948
- C:\Windows\System\SEtUAha.exe
  C:\Windows\System\SEtUAha.exe
  2⤵
  PID:5032
- C:\Windows\System\EEJWuAC.exe
  C:\Windows\System\EEJWuAC.exe
  2⤵
  PID:2552
- C:\Windows\System\WWMXVDw.exe
  C:\Windows\System\WWMXVDw.exe
  2⤵
  PID:3300
- C:\Windows\System\gRkDaBF.exe
  C:\Windows\System\gRkDaBF.exe
  2⤵
  PID:4188
- C:\Windows\System\CTunSvh.exe
  C:\Windows\System\CTunSvh.exe
  2⤵
  PID:4276
- C:\Windows\System\MwTmvlC.exe
  C:\Windows\System\MwTmvlC.exe
  2⤵
  PID:4392
- C:\Windows\System\mKzwkYC.exe
  C:\Windows\System\mKzwkYC.exe
  2⤵
  PID:1664
- C:\Windows\System\MbaDGAI.exe
  C:\Windows\System\MbaDGAI.exe
  2⤵
  PID:4656
- C:\Windows\System\hhdgcub.exe
  C:\Windows\System\hhdgcub.exe
  2⤵
  PID:4820
- C:\Windows\System\XitOqaC.exe
  C:\Windows\System\XitOqaC.exe
  2⤵
  PID:5152
- C:\Windows\System\VuHxPnd.exe
  C:\Windows\System\VuHxPnd.exe
  2⤵
  PID:5168
- C:\Windows\System\ksqEQLM.exe
  C:\Windows\System\ksqEQLM.exe
  2⤵
  PID:5212
- C:\Windows\System\jfRXpfc.exe
  C:\Windows\System\jfRXpfc.exe
  2⤵
  PID:5252
- C:\Windows\System\PyCLcpI.exe
  C:\Windows\System\PyCLcpI.exe
  2⤵
  PID:5284
- C:\Windows\System\SrfJLuO.exe
  C:\Windows\System\SrfJLuO.exe
  2⤵
  PID:5308
- C:\Windows\System\yYcbAEN.exe
  C:\Windows\System\yYcbAEN.exe
  2⤵
  PID:2628
- C:\Windows\System\bWekLjE.exe
  C:\Windows\System\bWekLjE.exe
  2⤵
  PID:5372
- C:\Windows\System\phddXCA.exe
  C:\Windows\System\phddXCA.exe
  2⤵
  PID:5404
- C:\Windows\System\XdAowqT.exe
  C:\Windows\System\XdAowqT.exe
  2⤵
  PID:5444
- C:\Windows\System\EHIcxjD.exe
  C:\Windows\System\EHIcxjD.exe
  2⤵
  PID:5468
- C:\Windows\System\MCAuWlz.exe
  C:\Windows\System\MCAuWlz.exe
  2⤵
  PID:5488
- C:\Windows\System\LIFFXBC.exe
  C:\Windows\System\LIFFXBC.exe
  2⤵
  PID:5532
- C:\Windows\System\nUtYzNH.exe
  C:\Windows\System\nUtYzNH.exe
  2⤵
  PID:5592
- C:\Windows\System\lUQdljA.exe
  C:\Windows\System\lUQdljA.exe
  2⤵
  PID:5612
- C:\Windows\System\iXqeDXg.exe
  C:\Windows\System\iXqeDXg.exe
  2⤵
  PID:5644
- C:\Windows\System\fydyEnL.exe
  C:\Windows\System\fydyEnL.exe
  2⤵
  PID:5668
- C:\Windows\System\azUbaWf.exe
  C:\Windows\System\azUbaWf.exe
  2⤵
  PID:5688
- C:\Windows\System\ikdeqUP.exe
  C:\Windows\System\ikdeqUP.exe
  2⤵
  PID:5728
- C:\Windows\System\FJEeFXh.exe
  C:\Windows\System\FJEeFXh.exe
  2⤵
  PID:5784
- C:\Windows\System\QOVmlZE.exe
  C:\Windows\System\QOVmlZE.exe
  2⤵
  PID:5836
- C:\Windows\System\CTspeJc.exe
  C:\Windows\System\CTspeJc.exe
  2⤵
  PID:5868
- C:\Windows\System\FifCMmr.exe
  C:\Windows\System\FifCMmr.exe
  2⤵
  PID:5888
- C:\Windows\System\SQiZnHY.exe
  C:\Windows\System\SQiZnHY.exe
  2⤵
  PID:5912
- C:\Windows\System\eNPIaqu.exe
  C:\Windows\System\eNPIaqu.exe
  2⤵
  PID:5956
- C:\Windows\System\xjSmpCv.exe
  C:\Windows\System\xjSmpCv.exe
  2⤵
  PID:5996
- C:\Windows\System\bhaiwpk.exe
  C:\Windows\System\bhaiwpk.exe
  2⤵
  PID:6028
- C:\Windows\System\fWfbYqX.exe
  C:\Windows\System\fWfbYqX.exe
  2⤵
  PID:6056
- C:\Windows\System\lHXgcdN.exe
  C:\Windows\System\lHXgcdN.exe
  2⤵
  PID:6072
- C:\Windows\System\DXhogLN.exe
  C:\Windows\System\DXhogLN.exe
  2⤵
  PID:6116
- C:\Windows\System\enmfYxY.exe
  C:\Windows\System\enmfYxY.exe
  2⤵
  PID:4856
- C:\Windows\System\hsqmbCT.exe
  C:\Windows\System\hsqmbCT.exe
  2⤵
  PID:5020
- C:\Windows\System\JBKmAin.exe
  C:\Windows\System\JBKmAin.exe
  2⤵
  PID:3892
- C:\Windows\System\EOaXNcU.exe
  C:\Windows\System\EOaXNcU.exe
  2⤵
  PID:3508
- C:\Windows\System\qxWzdqP.exe
  C:\Windows\System\qxWzdqP.exe
  2⤵
  PID:1852
- C:\Windows\System\aNiYsrm.exe
  C:\Windows\System\aNiYsrm.exe
  2⤵
  PID:4376
- C:\Windows\System\twMySin.exe
  C:\Windows\System\twMySin.exe
  2⤵
  PID:4492
- C:\Windows\System\jwfYwYA.exe
  C:\Windows\System\jwfYwYA.exe
  2⤵
  PID:5172
- C:\Windows\System\rxgKvPk.exe
  C:\Windows\System\rxgKvPk.exe
  2⤵
  PID:5232
- C:\Windows\System\DnxUQOH.exe
  C:\Windows\System\DnxUQOH.exe
  2⤵
  PID:5264
- C:\Windows\System\VHZoNRU.exe
  C:\Windows\System\VHZoNRU.exe
  2⤵
  PID:5304
- C:\Windows\System\neKCGMa.exe
  C:\Windows\System\neKCGMa.exe
  2⤵
  PID:5364
- C:\Windows\System\TIvIrIm.exe
  C:\Windows\System\TIvIrIm.exe
  2⤵
  PID:5424
- C:\Windows\System\tPatijF.exe
  C:\Windows\System\tPatijF.exe
  2⤵
  PID:5472
- C:\Windows\System\FADtGdR.exe
  C:\Windows\System\FADtGdR.exe
  2⤵
  PID:5552
- C:\Windows\System\bmrTbqy.exe
  C:\Windows\System\bmrTbqy.exe
  2⤵
  PID:5568
- C:\Windows\System\SXcMTLf.exe
  C:\Windows\System\SXcMTLf.exe
  2⤵
  PID:5628
- C:\Windows\System\LAILdUE.exe
  C:\Windows\System\LAILdUE.exe
  2⤵
  PID:5652
- C:\Windows\System\MaFvORn.exe
  C:\Windows\System\MaFvORn.exe
  2⤵
  PID:5772
- C:\Windows\System\CPMpSrb.exe
  C:\Windows\System\CPMpSrb.exe
  2⤵
  PID:5812
- C:\Windows\System\UkUqhzo.exe
  C:\Windows\System\UkUqhzo.exe
  2⤵
  PID:5852
- C:\Windows\System\pIOXikT.exe
  C:\Windows\System\pIOXikT.exe
  2⤵
  PID:5892
- C:\Windows\System\GkuOdpA.exe
  C:\Windows\System\GkuOdpA.exe
  2⤵
  PID:5988
- C:\Windows\System\FnscVLW.exe
  C:\Windows\System\FnscVLW.exe
  2⤵
  PID:6012
- C:\Windows\System\oktxGmQ.exe
  C:\Windows\System\oktxGmQ.exe
  2⤵
  PID:6052
- C:\Windows\System\HOPHetV.exe
  C:\Windows\System\HOPHetV.exe
  2⤵
  PID:4872
- C:\Windows\System\cVRFvLc.exe
  C:\Windows\System\cVRFvLc.exe
  2⤵
  PID:5016
- C:\Windows\System\vUniDIQ.exe
  C:\Windows\System\vUniDIQ.exe
  2⤵
  PID:5060
- C:\Windows\System\nApWVgW.exe
  C:\Windows\System\nApWVgW.exe
  2⤵
  PID:2848
- C:\Windows\System\euPQmMi.exe
  C:\Windows\System\euPQmMi.exe
  2⤵
  PID:4816
- C:\Windows\System\wVUwpDK.exe
  C:\Windows\System\wVUwpDK.exe
  2⤵
  PID:5188
- C:\Windows\System\UMWNWli.exe
  C:\Windows\System\UMWNWli.exe
  2⤵
  PID:5312
- C:\Windows\System\ecknODU.exe
  C:\Windows\System\ecknODU.exe
  2⤵
  PID:5408
- C:\Windows\System\pHSrWac.exe
  C:\Windows\System\pHSrWac.exe
  2⤵
  PID:5448
- C:\Windows\System\ncHIgqM.exe
  C:\Windows\System\ncHIgqM.exe
  2⤵
  PID:5544
- C:\Windows\System\QALScQg.exe
  C:\Windows\System\QALScQg.exe
  2⤵
  PID:5684
- C:\Windows\System\QPvDhXs.exe
  C:\Windows\System\QPvDhXs.exe
  2⤵
  PID:5732
- C:\Windows\System\xzyXdqd.exe
  C:\Windows\System\xzyXdqd.exe
  2⤵
  PID:5832
- C:\Windows\System\tOBXlDJ.exe
  C:\Windows\System\tOBXlDJ.exe
  2⤵
  PID:5932
- C:\Windows\System\OlJyFgs.exe
  C:\Windows\System\OlJyFgs.exe
  2⤵
  PID:6148
- C:\Windows\System\XvLnUyT.exe
  C:\Windows\System\XvLnUyT.exe
  2⤵
  PID:6168
- C:\Windows\System\OIKuaWT.exe
  C:\Windows\System\OIKuaWT.exe
  2⤵
  PID:6188
- C:\Windows\System\BqiHveI.exe
  C:\Windows\System\BqiHveI.exe
  2⤵
  PID:6208
- C:\Windows\System\fZhEDcZ.exe
  C:\Windows\System\fZhEDcZ.exe
  2⤵
  PID:6228
- C:\Windows\System\DwcAKdr.exe
  C:\Windows\System\DwcAKdr.exe
  2⤵
  PID:6248
- C:\Windows\System\XYgOQRC.exe
  C:\Windows\System\XYgOQRC.exe
  2⤵
  PID:6268
- C:\Windows\System\tgMFZHG.exe
  C:\Windows\System\tgMFZHG.exe
  2⤵
  PID:6288
- C:\Windows\System\HmzUOjN.exe
  C:\Windows\System\HmzUOjN.exe
  2⤵
  PID:6308
- C:\Windows\System\zFTMyyP.exe
  C:\Windows\System\zFTMyyP.exe
  2⤵
  PID:6328
- C:\Windows\System\IqaBasq.exe
  C:\Windows\System\IqaBasq.exe
  2⤵
  PID:6348
- C:\Windows\System\YEwQttJ.exe
  C:\Windows\System\YEwQttJ.exe
  2⤵
  PID:6368
- C:\Windows\System\KagNGka.exe
  C:\Windows\System\KagNGka.exe
  2⤵
  PID:6388
- C:\Windows\System\IgxIgRB.exe
  C:\Windows\System\IgxIgRB.exe
  2⤵
  PID:6408
- C:\Windows\System\jVWdnKx.exe
  C:\Windows\System\jVWdnKx.exe
  2⤵
  PID:6428
- C:\Windows\System\YPvDbAq.exe
  C:\Windows\System\YPvDbAq.exe
  2⤵
  PID:6448
- C:\Windows\System\ERsQEDf.exe
  C:\Windows\System\ERsQEDf.exe
  2⤵
  PID:6468
- C:\Windows\System\JohddMe.exe
  C:\Windows\System\JohddMe.exe
  2⤵
  PID:6488
- C:\Windows\System\FOekUIC.exe
  C:\Windows\System\FOekUIC.exe
  2⤵
  PID:6508
- C:\Windows\System\ZsnwhEH.exe
  C:\Windows\System\ZsnwhEH.exe
  2⤵
  PID:6528
- C:\Windows\System\xnsJiJb.exe
  C:\Windows\System\xnsJiJb.exe
  2⤵
  PID:6548
- C:\Windows\System\XhAEVqw.exe
  C:\Windows\System\XhAEVqw.exe
  2⤵
  PID:6568
- C:\Windows\System\HIEWOwG.exe
  C:\Windows\System\HIEWOwG.exe
  2⤵
  PID:6588
- C:\Windows\System\TFCJldX.exe
  C:\Windows\System\TFCJldX.exe
  2⤵
  PID:6608
- C:\Windows\System\EvbOtJS.exe
  C:\Windows\System\EvbOtJS.exe
  2⤵
  PID:6628
- C:\Windows\System\WSCPvzR.exe
  C:\Windows\System\WSCPvzR.exe
  2⤵
  PID:6648
- C:\Windows\System\IOXThqF.exe
  C:\Windows\System\IOXThqF.exe
  2⤵
  PID:6668
- C:\Windows\System\ZDJeSjj.exe
  C:\Windows\System\ZDJeSjj.exe
  2⤵
  PID:6688
- C:\Windows\System\TcpaXis.exe
  C:\Windows\System\TcpaXis.exe
  2⤵
  PID:6708
- C:\Windows\System\pHLXiCI.exe
  C:\Windows\System\pHLXiCI.exe
  2⤵
  PID:6728
- C:\Windows\System\mXFlcMu.exe
  C:\Windows\System\mXFlcMu.exe
  2⤵
  PID:6748
- C:\Windows\System\yrfMTsM.exe
  C:\Windows\System\yrfMTsM.exe
  2⤵
  PID:6768
- C:\Windows\System\IjmIPMN.exe
  C:\Windows\System\IjmIPMN.exe
  2⤵
  PID:6788
- C:\Windows\System\sYcMoOs.exe
  C:\Windows\System\sYcMoOs.exe
  2⤵
  PID:6808
- C:\Windows\System\TRyZdHt.exe
  C:\Windows\System\TRyZdHt.exe
  2⤵
  PID:6828
- C:\Windows\System\vioLAMg.exe
  C:\Windows\System\vioLAMg.exe
  2⤵
  PID:6848
- C:\Windows\System\AMGDUqz.exe
  C:\Windows\System\AMGDUqz.exe
  2⤵
  PID:6868
- C:\Windows\System\TxhfDjt.exe
  C:\Windows\System\TxhfDjt.exe
  2⤵
  PID:6888
- C:\Windows\System\MoGCJUy.exe
  C:\Windows\System\MoGCJUy.exe
  2⤵
  PID:6908
- C:\Windows\System\UccxyOE.exe
  C:\Windows\System\UccxyOE.exe
  2⤵
  PID:6928
- C:\Windows\System\OrtNdkg.exe
  C:\Windows\System\OrtNdkg.exe
  2⤵
  PID:6948
- C:\Windows\System\KRpTEqq.exe
  C:\Windows\System\KRpTEqq.exe
  2⤵
  PID:6968
- C:\Windows\System\tpgccVX.exe
  C:\Windows\System\tpgccVX.exe
  2⤵
  PID:6988
- C:\Windows\System\eVCnELD.exe
  C:\Windows\System\eVCnELD.exe
  2⤵
  PID:7008
- C:\Windows\System\eBJIsOP.exe
  C:\Windows\System\eBJIsOP.exe
  2⤵
  PID:7028
- C:\Windows\System\drclzru.exe
  C:\Windows\System\drclzru.exe
  2⤵
  PID:7048
- C:\Windows\System\OOebAJH.exe
  C:\Windows\System\OOebAJH.exe
  2⤵
  PID:7068
- C:\Windows\System\xHfoTwf.exe
  C:\Windows\System\xHfoTwf.exe
  2⤵
  PID:7088
- C:\Windows\System\btlThCn.exe
  C:\Windows\System\btlThCn.exe
  2⤵
  PID:7112
- C:\Windows\System\EewBBsR.exe
  C:\Windows\System\EewBBsR.exe
  2⤵
  PID:7132
- C:\Windows\System\LWVlRzN.exe
  C:\Windows\System\LWVlRzN.exe
  2⤵
  PID:7152
- C:\Windows\System\YSDiOkQ.exe
  C:\Windows\System\YSDiOkQ.exe
  2⤵
  PID:6108
- C:\Windows\System\FJkvjNj.exe
  C:\Windows\System\FJkvjNj.exe
  2⤵
  PID:6092
- C:\Windows\System\kxBnVvt.exe
  C:\Windows\System\kxBnVvt.exe
  2⤵
  PID:4916
- C:\Windows\System\qAQmBCn.exe
  C:\Windows\System\qAQmBCn.exe
  2⤵
  PID:4736
- C:\Windows\System\aLQgjJw.exe
  C:\Windows\System\aLQgjJw.exe
  2⤵
  PID:5204
- C:\Windows\System\zcMQrSs.exe
  C:\Windows\System\zcMQrSs.exe
  2⤵
  PID:5392
- C:\Windows\System\EUTwrpx.exe
  C:\Windows\System\EUTwrpx.exe
  2⤵
  PID:5524
- C:\Windows\System\cAeVMCq.exe
  C:\Windows\System\cAeVMCq.exe
  2⤵
  PID:5512
- C:\Windows\System\DpHnYYh.exe
  C:\Windows\System\DpHnYYh.exe
  2⤵
  PID:5724
- C:\Windows\System\jhDYvSO.exe
  C:\Windows\System\jhDYvSO.exe
  2⤵
  PID:5916
- C:\Windows\System\ZADMduK.exe
  C:\Windows\System\ZADMduK.exe
  2⤵
  PID:6180
- C:\Windows\System\XWbMrmJ.exe
  C:\Windows\System\XWbMrmJ.exe
  2⤵
  PID:6216
- C:\Windows\System\JsLviFo.exe
  C:\Windows\System\JsLviFo.exe
  2⤵
  PID:6236
- C:\Windows\System\YJSKDGH.exe
  C:\Windows\System\YJSKDGH.exe
  2⤵
  PID:6264
- C:\Windows\System\gBMAmGn.exe
  C:\Windows\System\gBMAmGn.exe
  2⤵
  PID:6296
- C:\Windows\System\TfhvEpA.exe
  C:\Windows\System\TfhvEpA.exe
  2⤵
  PID:6316
- C:\Windows\System\pysnUzz.exe
  C:\Windows\System\pysnUzz.exe
  2⤵
  PID:6340
- C:\Windows\System\vINeotJ.exe
  C:\Windows\System\vINeotJ.exe
  2⤵
  PID:6360
- C:\Windows\System\gzkawqE.exe
  C:\Windows\System\gzkawqE.exe
  2⤵
  PID:6400
- C:\Windows\System\WNpqszs.exe
  C:\Windows\System\WNpqszs.exe
  2⤵
  PID:6456
- C:\Windows\System\VSSUYhM.exe
  C:\Windows\System\VSSUYhM.exe
  2⤵
  PID:6484
- C:\Windows\System\yecAFBD.exe
  C:\Windows\System\yecAFBD.exe
  2⤵
  PID:6516
- C:\Windows\System\AxeIaQS.exe
  C:\Windows\System\AxeIaQS.exe
  2⤵
  PID:6540
- C:\Windows\System\RKpDlQK.exe
  C:\Windows\System\RKpDlQK.exe
  2⤵
  PID:6560
- C:\Windows\System\pXtjkUG.exe
  C:\Windows\System\pXtjkUG.exe
  2⤵
  PID:6616
- C:\Windows\System\iZKPggz.exe
  C:\Windows\System\iZKPggz.exe
  2⤵
  PID:6640
- C:\Windows\System\EJYhOVY.exe
  C:\Windows\System\EJYhOVY.exe
  2⤵
  PID:6676
- C:\Windows\System\pYERQiA.exe
  C:\Windows\System\pYERQiA.exe
  2⤵
  PID:6736
- C:\Windows\System\ilgeiqC.exe
  C:\Windows\System\ilgeiqC.exe
  2⤵
  PID:6740
- C:\Windows\System\AAfOhRr.exe
  C:\Windows\System\AAfOhRr.exe
  2⤵
  PID:6784
- C:\Windows\System\xBJrBzA.exe
  C:\Windows\System\xBJrBzA.exe
  2⤵
  PID:6804
- C:\Windows\System\RvplcRo.exe
  C:\Windows\System\RvplcRo.exe
  2⤵
  PID:6856
- C:\Windows\System\TWjhXwa.exe
  C:\Windows\System\TWjhXwa.exe
  2⤵
  PID:6896
- C:\Windows\System\hqHmKJG.exe
  C:\Windows\System\hqHmKJG.exe
  2⤵
  PID:6880
- C:\Windows\System\GTSYnPB.exe
  C:\Windows\System\GTSYnPB.exe
  2⤵
  PID:6924
- C:\Windows\System\byejRvo.exe
  C:\Windows\System\byejRvo.exe
  2⤵
  PID:6960
- C:\Windows\System\icUZVNP.exe
  C:\Windows\System\icUZVNP.exe
  2⤵
  PID:7016
- C:\Windows\System\uRhvvRs.exe
  C:\Windows\System\uRhvvRs.exe
  2⤵
  PID:7020
- C:\Windows\System\mIQcnDE.exe
  C:\Windows\System\mIQcnDE.exe
  2⤵
  PID:7044
- C:\Windows\System\BtueHCb.exe
  C:\Windows\System\BtueHCb.exe
  2⤵
  PID:7080
- C:\Windows\System\ZARzjCC.exe
  C:\Windows\System\ZARzjCC.exe
  2⤵
  PID:7128
- C:\Windows\System\etKfrVc.exe
  C:\Windows\System\etKfrVc.exe
  2⤵
  PID:2712
- C:\Windows\System\lbTtrtP.exe
  C:\Windows\System\lbTtrtP.exe
  2⤵
  PID:3704
- C:\Windows\System\TAZqNjW.exe
  C:\Windows\System\TAZqNjW.exe
  2⤵
  PID:4576
- C:\Windows\System\BkoVtyf.exe
  C:\Windows\System\BkoVtyf.exe
  2⤵
  PID:5132
- C:\Windows\System\bfUzvcT.exe
  C:\Windows\System\bfUzvcT.exe
  2⤵
  PID:5584
- C:\Windows\System\lSMzPyO.exe
  C:\Windows\System\lSMzPyO.exe
  2⤵
  PID:5876
- C:\Windows\System\SpPNJHU.exe
  C:\Windows\System\SpPNJHU.exe
  2⤵
  PID:6196
- C:\Windows\System\RgpnQYK.exe
  C:\Windows\System\RgpnQYK.exe
  2⤵
  PID:6256
- C:\Windows\System\qtgtkBG.exe
  C:\Windows\System\qtgtkBG.exe
  2⤵
  PID:6284
- C:\Windows\System\NlGkqFQ.exe
  C:\Windows\System\NlGkqFQ.exe
  2⤵
  PID:6276
- C:\Windows\System\nhUBuni.exe
  C:\Windows\System\nhUBuni.exe
  2⤵
  PID:6324
- C:\Windows\System\hDTvHNB.exe
  C:\Windows\System\hDTvHNB.exe
  2⤵
  PID:6404
- C:\Windows\System\nlBhMWb.exe
  C:\Windows\System\nlBhMWb.exe
  2⤵
  PID:6460
- C:\Windows\System\iDCXvqU.exe
  C:\Windows\System\iDCXvqU.exe
  2⤵
  PID:6564
- C:\Windows\System\ENabEBH.exe
  C:\Windows\System\ENabEBH.exe
  2⤵
  PID:6596
- C:\Windows\System\HnvMhsq.exe
  C:\Windows\System\HnvMhsq.exe
  2⤵
  PID:6604
- C:\Windows\System\ScvVrmX.exe
  C:\Windows\System\ScvVrmX.exe
  2⤵
  PID:6660
- C:\Windows\System\QniLZzW.exe
  C:\Windows\System\QniLZzW.exe
  2⤵
  PID:6760
- C:\Windows\System\enDPkhR.exe
  C:\Windows\System\enDPkhR.exe
  2⤵
  PID:2452
- C:\Windows\System\XEoAGPX.exe
  C:\Windows\System\XEoAGPX.exe
  2⤵
  PID:6820
- C:\Windows\System\AplotOl.exe
  C:\Windows\System\AplotOl.exe
  2⤵
  PID:6904
- C:\Windows\System\cnwSpkx.exe
  C:\Windows\System\cnwSpkx.exe
  2⤵
  PID:6944
- C:\Windows\System\lbhaLim.exe
  C:\Windows\System\lbhaLim.exe
  2⤵
  PID:6980
- C:\Windows\System\xuayjrv.exe
  C:\Windows\System\xuayjrv.exe
  2⤵
  PID:7056
- C:\Windows\System\rqyLKlK.exe
  C:\Windows\System\rqyLKlK.exe
  2⤵
  PID:7100
- C:\Windows\System\sAInEus.exe
  C:\Windows\System\sAInEus.exe
  2⤵
  PID:5076
- C:\Windows\System\ievZqPX.exe
  C:\Windows\System\ievZqPX.exe
  2⤵
  PID:5244
- C:\Windows\System\XbcjijO.exe
  C:\Windows\System\XbcjijO.exe
  2⤵
  PID:5896
- C:\Windows\System\NdSaNLu.exe
  C:\Windows\System\NdSaNLu.exe
  2⤵
  PID:6156
- C:\Windows\System\dwbVzjA.exe
  C:\Windows\System\dwbVzjA.exe
  2⤵
  PID:3448
- C:\Windows\System\oZpSbNt.exe
  C:\Windows\System\oZpSbNt.exe
  2⤵
  PID:6320
- C:\Windows\System\DKcOmcS.exe
  C:\Windows\System\DKcOmcS.exe
  2⤵
  PID:6416
- C:\Windows\System\aiQnsCX.exe
  C:\Windows\System\aiQnsCX.exe
  2⤵
  PID:6500
- C:\Windows\System\JTeHupd.exe
  C:\Windows\System\JTeHupd.exe
  2⤵
  PID:6536
- C:\Windows\System\alCKMkJ.exe
  C:\Windows\System\alCKMkJ.exe
  2⤵
  PID:6600
- C:\Windows\System\vvkxTuD.exe
  C:\Windows\System\vvkxTuD.exe
  2⤵
  PID:6724
- C:\Windows\System\ICuMQLI.exe
  C:\Windows\System\ICuMQLI.exe
  2⤵
  PID:3804
- C:\Windows\System\lvdNCjf.exe
  C:\Windows\System\lvdNCjf.exe
  2⤵
  PID:6816
- C:\Windows\System\DnsKHjd.exe
  C:\Windows\System\DnsKHjd.exe
  2⤵
  PID:6940
- C:\Windows\System\qqfTzvR.exe
  C:\Windows\System\qqfTzvR.exe
  2⤵
  PID:6956
- C:\Windows\System\PTVgPuc.exe
  C:\Windows\System\PTVgPuc.exe
  2⤵
  PID:7076
- C:\Windows\System\fTTmlKa.exe
  C:\Windows\System\fTTmlKa.exe
  2⤵
  PID:7096
- C:\Windows\System\pOXnDrC.exe
  C:\Windows\System\pOXnDrC.exe
  2⤵
  PID:828
- C:\Windows\System\zRjiSKz.exe
  C:\Windows\System\zRjiSKz.exe
  2⤵
  PID:872
- C:\Windows\System\ucEpsrD.exe
  C:\Windows\System\ucEpsrD.exe
  2⤵
  PID:784
- C:\Windows\System\SJSpUPQ.exe
  C:\Windows\System\SJSpUPQ.exe
  2⤵
  PID:2000
- C:\Windows\System\AxbHVAW.exe
  C:\Windows\System\AxbHVAW.exe
  2⤵
  PID:2148
- C:\Windows\System\uFHfWxC.exe
  C:\Windows\System\uFHfWxC.exe
  2⤵
  PID:1572
- C:\Windows\System\iCpGhBM.exe
  C:\Windows\System\iCpGhBM.exe
  2⤵
  PID:668
- C:\Windows\System\qQeYsFw.exe
  C:\Windows\System\qQeYsFw.exe
  2⤵
  PID:2108
- C:\Windows\System\ArzdHoi.exe
  C:\Windows\System\ArzdHoi.exe
  2⤵
  PID:4720
- C:\Windows\System\nxnzAxf.exe
  C:\Windows\System\nxnzAxf.exe
  2⤵
  PID:5228
- C:\Windows\System\lNsLXSD.exe
  C:\Windows\System\lNsLXSD.exe
  2⤵
  PID:6436
- C:\Windows\System\xKeaOEq.exe
  C:\Windows\System\xKeaOEq.exe
  2⤵
  PID:6700
- C:\Windows\System\QlTBdtc.exe
  C:\Windows\System\QlTBdtc.exe
  2⤵
  PID:6836
- C:\Windows\System\BYUCfFV.exe
  C:\Windows\System\BYUCfFV.exe
  2⤵
  PID:2152
- C:\Windows\System\MFwXfXc.exe
  C:\Windows\System\MFwXfXc.exe
  2⤵
  PID:3064
- C:\Windows\System\PDLvtsH.exe
  C:\Windows\System\PDLvtsH.exe
  2⤵
  PID:492
- C:\Windows\System\foigHAS.exe
  C:\Windows\System\foigHAS.exe
  2⤵
  PID:6864
- C:\Windows\System\wtVbKol.exe
  C:\Windows\System\wtVbKol.exe
  2⤵
  PID:7120
- C:\Windows\System\rBCWlKP.exe
  C:\Windows\System\rBCWlKP.exe
  2⤵
  PID:7000
- C:\Windows\System\iRLuyxP.exe
  C:\Windows\System\iRLuyxP.exe
  2⤵
  PID:2248
- C:\Windows\System\wlVAyJH.exe
  C:\Windows\System\wlVAyJH.exe
  2⤵
  PID:772
- C:\Windows\System\JInUuqA.exe
  C:\Windows\System\JInUuqA.exe
  2⤵
  PID:2732
- C:\Windows\System\taAgxNf.exe
  C:\Windows\System\taAgxNf.exe
  2⤵
  PID:1764
- C:\Windows\System\sMeGcvm.exe
  C:\Windows\System\sMeGcvm.exe
  2⤵
  PID:6984
- C:\Windows\System\jBLrsEd.exe
  C:\Windows\System\jBLrsEd.exe
  2⤵
  PID:1300
- C:\Windows\System\KWdcaLD.exe
  C:\Windows\System\KWdcaLD.exe
  2⤵
  PID:1536
- C:\Windows\System\IaepfbS.exe
  C:\Windows\System\IaepfbS.exe
  2⤵
  PID:2832
- C:\Windows\System\GgKKIcT.exe
  C:\Windows\System\GgKKIcT.exe
  2⤵
  PID:2876
- C:\Windows\System\OqfTqsc.exe
  C:\Windows\System\OqfTqsc.exe
  2⤵
  PID:2940
- C:\Windows\System\YqXbWKc.exe
  C:\Windows\System\YqXbWKc.exe
  2⤵
  PID:6764
- C:\Windows\System\ABTHWtJ.exe
  C:\Windows\System\ABTHWtJ.exe
  2⤵
  PID:1552
- C:\Windows\System\dCDUCIx.exe
  C:\Windows\System\dCDUCIx.exe
  2⤵
  PID:6300
- C:\Windows\System\PqSYiLB.exe
  C:\Windows\System\PqSYiLB.exe
  2⤵
  PID:6680
- C:\Windows\System\cfKYTFu.exe
  C:\Windows\System\cfKYTFu.exe
  2⤵
  PID:3052
- C:\Windows\System\GJJgvDE.exe
  C:\Windows\System\GJJgvDE.exe
  2⤵
  PID:1944
- C:\Windows\System\GRFosEy.exe
  C:\Windows\System\GRFosEy.exe
  2⤵
  PID:6744
- C:\Windows\System\KqsMrVX.exe
  C:\Windows\System\KqsMrVX.exe
  2⤵
  PID:3120
- C:\Windows\System\UISizpf.exe
  C:\Windows\System\UISizpf.exe
  2⤵
  PID:1684
- C:\Windows\System\OJymBkt.exe
  C:\Windows\System\OJymBkt.exe
  2⤵
  PID:7172
- C:\Windows\System\aZEfPuv.exe
  C:\Windows\System\aZEfPuv.exe
  2⤵
  PID:7200
- C:\Windows\System\fMRsauH.exe
  C:\Windows\System\fMRsauH.exe
  2⤵
  PID:7216
- C:\Windows\System\vDnvsZg.exe
  C:\Windows\System\vDnvsZg.exe
  2⤵
  PID:7232
- C:\Windows\System\rPJYBdB.exe
  C:\Windows\System\rPJYBdB.exe
  2⤵
  PID:7248
- C:\Windows\System\RvJoAxw.exe
  C:\Windows\System\RvJoAxw.exe
  2⤵
  PID:7264
- C:\Windows\System\EyBZmAN.exe
  C:\Windows\System\EyBZmAN.exe
  2⤵
  PID:7280
- C:\Windows\System\pyWkynV.exe
  C:\Windows\System\pyWkynV.exe
  2⤵
  PID:7296
- C:\Windows\System\ViBlaOM.exe
  C:\Windows\System\ViBlaOM.exe
  2⤵
  PID:7320
- C:\Windows\System\iEqeAoV.exe
  C:\Windows\System\iEqeAoV.exe
  2⤵
  PID:7336
- C:\Windows\System\mITcNJK.exe
  C:\Windows\System\mITcNJK.exe
  2⤵
  PID:7356
- C:\Windows\System\lRCVRkK.exe
  C:\Windows\System\lRCVRkK.exe
  2⤵
  PID:7372
- C:\Windows\System\dPqrDHW.exe
  C:\Windows\System\dPqrDHW.exe
  2⤵
  PID:7424
- C:\Windows\System\Efwfkou.exe
  C:\Windows\System\Efwfkou.exe
  2⤵
  PID:7444
- C:\Windows\System\qJLFtYp.exe
  C:\Windows\System\qJLFtYp.exe
  2⤵
  PID:7460
- C:\Windows\System\vfGWulF.exe
  C:\Windows\System\vfGWulF.exe
  2⤵
  PID:7476
- C:\Windows\System\OjqqXnD.exe
  C:\Windows\System\OjqqXnD.exe
  2⤵
  PID:7500
- C:\Windows\System\DHZFXvO.exe
  C:\Windows\System\DHZFXvO.exe
  2⤵
  PID:7524
- C:\Windows\System\UwjYiTL.exe
  C:\Windows\System\UwjYiTL.exe
  2⤵
  PID:7540
- C:\Windows\System\rUcmVPE.exe
  C:\Windows\System\rUcmVPE.exe
  2⤵
  PID:7556
- C:\Windows\System\XttlyoR.exe
  C:\Windows\System\XttlyoR.exe
  2⤵
  PID:7572
- C:\Windows\System\rJAvQiO.exe
  C:\Windows\System\rJAvQiO.exe
  2⤵
  PID:7588
- C:\Windows\System\ISBcCpo.exe
  C:\Windows\System\ISBcCpo.exe
  2⤵
  PID:7608
- C:\Windows\System\nGnXNrm.exe
  C:\Windows\System\nGnXNrm.exe
  2⤵
  PID:7624
- C:\Windows\System\PVemAmS.exe
  C:\Windows\System\PVemAmS.exe
  2⤵
  PID:7664
- C:\Windows\System\RVtCjmp.exe
  C:\Windows\System\RVtCjmp.exe
  2⤵
  PID:7680
- C:\Windows\System\QSWAXwP.exe
  C:\Windows\System\QSWAXwP.exe
  2⤵
  PID:7696
- C:\Windows\System\reUmlcz.exe
  C:\Windows\System\reUmlcz.exe
  2⤵
  PID:7712
- C:\Windows\System\ATYGPEI.exe
  C:\Windows\System\ATYGPEI.exe
  2⤵
  PID:7728
- C:\Windows\System\cEkqdkV.exe
  C:\Windows\System\cEkqdkV.exe
  2⤵
  PID:7744
- C:\Windows\System\FMcaYgn.exe
  C:\Windows\System\FMcaYgn.exe
  2⤵
  PID:7760
- C:\Windows\System\kKvOJoi.exe
  C:\Windows\System\kKvOJoi.exe
  2⤵
  PID:7776
- C:\Windows\System\XQgJTso.exe
  C:\Windows\System\XQgJTso.exe
  2⤵
  PID:7792
- C:\Windows\System\yhoGKUW.exe
  C:\Windows\System\yhoGKUW.exe
  2⤵
  PID:7808
- C:\Windows\System\WGbvMgw.exe
  C:\Windows\System\WGbvMgw.exe
  2⤵
  PID:7824
- C:\Windows\System\SSbgrTE.exe
  C:\Windows\System\SSbgrTE.exe
  2⤵
  PID:7840
- C:\Windows\System\NYtHJTJ.exe
  C:\Windows\System\NYtHJTJ.exe
  2⤵
  PID:7856
- C:\Windows\System\qLfCeqr.exe
  C:\Windows\System\qLfCeqr.exe
  2⤵
  PID:7872
- C:\Windows\System\hhMjKld.exe
  C:\Windows\System\hhMjKld.exe
  2⤵
  PID:7892
- C:\Windows\System\UKvgNRX.exe
  C:\Windows\System\UKvgNRX.exe
  2⤵
  PID:7920
- C:\Windows\System\JryMrXt.exe
  C:\Windows\System\JryMrXt.exe
  2⤵
  PID:7952
- C:\Windows\System\hwHhvQP.exe
  C:\Windows\System\hwHhvQP.exe
  2⤵
  PID:7968
- C:\Windows\System\wiuljXi.exe
  C:\Windows\System\wiuljXi.exe
  2⤵
  PID:7984
- C:\Windows\System\rzlcXfv.exe
  C:\Windows\System\rzlcXfv.exe
  2⤵
  PID:8000
- C:\Windows\System\CHOMMib.exe
  C:\Windows\System\CHOMMib.exe
  2⤵
  PID:8016
- C:\Windows\System\CSCUesB.exe
  C:\Windows\System\CSCUesB.exe
  2⤵
  PID:8032
- C:\Windows\System\aHLFVDL.exe
  C:\Windows\System\aHLFVDL.exe
  2⤵
  PID:8048
- C:\Windows\System\uhJGLgp.exe
  C:\Windows\System\uhJGLgp.exe
  2⤵
  PID:8064
- C:\Windows\System\AevNFoc.exe
  C:\Windows\System\AevNFoc.exe
  2⤵
  PID:8080
- C:\Windows\System\ZjAZthv.exe
  C:\Windows\System\ZjAZthv.exe
  2⤵
  PID:8148
- C:\Windows\System\AmGiuyH.exe
  C:\Windows\System\AmGiuyH.exe
  2⤵
  PID:8176
- C:\Windows\System\RyhCMMt.exe
  C:\Windows\System\RyhCMMt.exe
  2⤵
  PID:7196
- C:\Windows\System\MxvZnCi.exe
  C:\Windows\System\MxvZnCi.exe
  2⤵
  PID:6544
- C:\Windows\System\LNaCTYg.exe
  C:\Windows\System\LNaCTYg.exe
  2⤵
  PID:7188
- C:\Windows\System\AFKBXzZ.exe
  C:\Windows\System\AFKBXzZ.exe
  2⤵
  PID:7260
- C:\Windows\System\SzhcDSl.exe
  C:\Windows\System\SzhcDSl.exe
  2⤵
  PID:7332
- C:\Windows\System\SJHOWjP.exe
  C:\Windows\System\SJHOWjP.exe
  2⤵
  PID:7244
- C:\Windows\System\rMyLeeG.exe
  C:\Windows\System\rMyLeeG.exe
  2⤵
  PID:7308
- C:\Windows\System\aqSEHlX.exe
  C:\Windows\System\aqSEHlX.exe
  2⤵
  PID:7348
- C:\Windows\System\RVEjsYh.exe
  C:\Windows\System\RVEjsYh.exe
  2⤵
  PID:7392
- C:\Windows\System\UrICvEV.exe
  C:\Windows\System\UrICvEV.exe
  2⤵
  PID:7384
- C:\Windows\System\yGRNnnm.exe
  C:\Windows\System\yGRNnnm.exe
  2⤵
  PID:7488
- C:\Windows\System\eoJxrgt.exe
  C:\Windows\System\eoJxrgt.exe
  2⤵
  PID:7512
- C:\Windows\System\FuKIMVg.exe
  C:\Windows\System\FuKIMVg.exe
  2⤵
  PID:7552
- C:\Windows\System\PfHjsEn.exe
  C:\Windows\System\PfHjsEn.exe
  2⤵
  PID:7620
- C:\Windows\System\JEVyNFV.exe
  C:\Windows\System\JEVyNFV.exe
  2⤵
  PID:7600
- C:\Windows\System\zoQymUI.exe
  C:\Windows\System\zoQymUI.exe
  2⤵
  PID:7648
- C:\Windows\System\AXuZnmr.exe
  C:\Windows\System\AXuZnmr.exe
  2⤵
  PID:7636
- C:\Windows\System\sqTDMIp.exe
  C:\Windows\System\sqTDMIp.exe
  2⤵
  PID:7708
- C:\Windows\System\NcgKtpG.exe
  C:\Windows\System\NcgKtpG.exe
  2⤵
  PID:7772
- C:\Windows\System\iKUbNeQ.exe
  C:\Windows\System\iKUbNeQ.exe
  2⤵
  PID:7864
- C:\Windows\System\CVXWPtP.exe
  C:\Windows\System\CVXWPtP.exe
  2⤵
  PID:7724
- C:\Windows\System\XmdPBgM.exe
  C:\Windows\System\XmdPBgM.exe
  2⤵
  PID:7904
- C:\Windows\System\BqYrYCb.exe
  C:\Windows\System\BqYrYCb.exe
  2⤵
  PID:7756
- C:\Windows\System\TZYAaUE.exe
  C:\Windows\System\TZYAaUE.exe
  2⤵
  PID:7848
- C:\Windows\System\ugIJkVb.exe
  C:\Windows\System\ugIJkVb.exe
  2⤵
  PID:8088
- C:\Windows\System\bMSambj.exe
  C:\Windows\System\bMSambj.exe
  2⤵
  PID:8116
- C:\Windows\System\WCeNACr.exe
  C:\Windows\System\WCeNACr.exe
  2⤵
  PID:8132
- C:\Windows\System\fqhfkKO.exe
  C:\Windows\System\fqhfkKO.exe
  2⤵
  PID:8144
- C:\Windows\System\wfByEgw.exe
  C:\Windows\System\wfByEgw.exe
  2⤵
  PID:7880
- C:\Windows\System\lTyZECz.exe
  C:\Windows\System\lTyZECz.exe
  2⤵
  PID:8012
- C:\Windows\System\uJOWAxX.exe
  C:\Windows\System\uJOWAxX.exe
  2⤵
  PID:8092
- C:\Windows\System\XmECPUh.exe
  C:\Windows\System\XmECPUh.exe
  2⤵
  PID:8160
- C:\Windows\System\dDXZTQu.exe
  C:\Windows\System\dDXZTQu.exe
  2⤵
  PID:8156
- C:\Windows\System\ICrtsgQ.exe
  C:\Windows\System\ICrtsgQ.exe
  2⤵
  PID:2140
- C:\Windows\System\kicdEHQ.exe
  C:\Windows\System\kicdEHQ.exe
  2⤵
  PID:7276
- C:\Windows\System\oWGJFjX.exe
  C:\Windows\System\oWGJFjX.exe
  2⤵
  PID:7240
- C:\Windows\System\fWltBOr.exe
  C:\Windows\System\fWltBOr.exe
  2⤵
  PID:7256
- C:\Windows\System\XnJJLbw.exe
  C:\Windows\System\XnJJLbw.exe
  2⤵
  PID:7380
- C:\Windows\System\IMirFOh.exe
  C:\Windows\System\IMirFOh.exe
  2⤵
  PID:7484
- C:\Windows\System\IOSWCLC.exe
  C:\Windows\System\IOSWCLC.exe
  2⤵
  PID:7520
- C:\Windows\System\lFnBIQQ.exe
  C:\Windows\System\lFnBIQQ.exe
  2⤵
  PID:7616
- C:\Windows\System\prqZeJG.exe
  C:\Windows\System\prqZeJG.exe
  2⤵
  PID:7660
- C:\Windows\System\brqzvCJ.exe
  C:\Windows\System\brqzvCJ.exe
  2⤵
  PID:7720
- C:\Windows\System\YKNcYvW.exe
  C:\Windows\System\YKNcYvW.exe
  2⤵
  PID:8024
- C:\Windows\System\pTzzngU.exe
  C:\Windows\System\pTzzngU.exe
  2⤵
  PID:7816
- C:\Windows\System\DpZZEoU.exe
  C:\Windows\System\DpZZEoU.exe
  2⤵
  PID:7704
- C:\Windows\System\xzQicbM.exe
  C:\Windows\System\xzQicbM.exe
  2⤵
  PID:7784
- C:\Windows\System\ZchojuQ.exe
  C:\Windows\System\ZchojuQ.exe
  2⤵
  PID:7936
- C:\Windows\System\mJtrpgH.exe
  C:\Windows\System\mJtrpgH.exe
  2⤵
  PID:7944
- C:\Windows\System\QASFfvY.exe
  C:\Windows\System\QASFfvY.exe
  2⤵
  PID:8168
- C:\Windows\System\WnazISf.exe
  C:\Windows\System\WnazISf.exe
  2⤵
  PID:7228
- C:\Windows\System\EyRMXBL.exe
  C:\Windows\System\EyRMXBL.exe
  2⤵
  PID:7472
- C:\Windows\System\bLHquRw.exe
  C:\Windows\System\bLHquRw.exe
  2⤵
  PID:7768
- C:\Windows\System\NhsvkEV.exe
  C:\Windows\System\NhsvkEV.exe
  2⤵
  PID:7900
- C:\Windows\System\qrSShLn.exe
  C:\Windows\System\qrSShLn.exe
  2⤵
  PID:8008
- C:\Windows\System\APbzxDa.exe
  C:\Windows\System\APbzxDa.exe
  2⤵
  PID:6696
- C:\Windows\System\ZjIvwWu.exe
  C:\Windows\System\ZjIvwWu.exe
  2⤵
  PID:7388
- C:\Windows\System\fyCxCKl.exe
  C:\Windows\System\fyCxCKl.exe
  2⤵
  PID:8124
- C:\Windows\System\WPvTNJi.exe
  C:\Windows\System\WPvTNJi.exe
  2⤵
  PID:7992
- C:\Windows\System\NbwwLFx.exe
  C:\Windows\System\NbwwLFx.exe
  2⤵
  PID:8112
- C:\Windows\System\SdZJTUJ.exe
  C:\Windows\System\SdZJTUJ.exe
  2⤵
  PID:7292
- C:\Windows\System\EKjXnbl.exe
  C:\Windows\System\EKjXnbl.exe
  2⤵
  PID:7596
- C:\Windows\System\cYZoOft.exe
  C:\Windows\System\cYZoOft.exe
  2⤵
  PID:7584
- C:\Windows\System\RqpFdlU.exe
  C:\Windows\System\RqpFdlU.exe
  2⤵
  PID:7692
- C:\Windows\System\TDsjhoH.exe
  C:\Windows\System\TDsjhoH.exe
  2⤵
  PID:7416
- C:\Windows\System\uHzwPgL.exe
  C:\Windows\System\uHzwPgL.exe
  2⤵
  PID:2868
- C:\Windows\System\tCenYpT.exe
  C:\Windows\System\tCenYpT.exe
  2⤵
  PID:7960
- C:\Windows\System\tygZcfv.exe
  C:\Windows\System\tygZcfv.exe
  2⤵
  PID:7980
- C:\Windows\System\NJNFKfZ.exe
  C:\Windows\System\NJNFKfZ.exe
  2⤵
  PID:7928
- C:\Windows\System\gVwRArQ.exe
  C:\Windows\System\gVwRArQ.exe
  2⤵
  PID:7396
- C:\Windows\System\HkNkubV.exe
  C:\Windows\System\HkNkubV.exe
  2⤵
  PID:8056
- C:\Windows\System\iCOYvxg.exe
  C:\Windows\System\iCOYvxg.exe
  2⤵
  PID:7468
- C:\Windows\System\IxlipKQ.exe
  C:\Windows\System\IxlipKQ.exe
  2⤵
  PID:8060
- C:\Windows\System\QPWbCxs.exe
  C:\Windows\System\QPWbCxs.exe
  2⤵
  PID:7304
- C:\Windows\System\GDSzRZC.exe
  C:\Windows\System\GDSzRZC.exe
  2⤵
  PID:8208
- C:\Windows\System\MtkHPQV.exe
  C:\Windows\System\MtkHPQV.exe
  2⤵
  PID:8236
- C:\Windows\System\bCqvTWc.exe
  C:\Windows\System\bCqvTWc.exe
  2⤵
  PID:8252
- C:\Windows\System\LksKiRv.exe
  C:\Windows\System\LksKiRv.exe
  2⤵
  PID:8272
- C:\Windows\System\KShUbks.exe
  C:\Windows\System\KShUbks.exe
  2⤵
  PID:8288
- C:\Windows\System\QhIIAEw.exe
  C:\Windows\System\QhIIAEw.exe
  2⤵
  PID:8304
- C:\Windows\System\URXRyMC.exe
  C:\Windows\System\URXRyMC.exe
  2⤵
  PID:8324
- C:\Windows\System\PjVxNGb.exe
  C:\Windows\System\PjVxNGb.exe
  2⤵
  PID:8340
- C:\Windows\System\JMDhgpI.exe
  C:\Windows\System\JMDhgpI.exe
  2⤵
  PID:8368
- C:\Windows\System\fcmUMXB.exe
  C:\Windows\System\fcmUMXB.exe
  2⤵
  PID:8384
- C:\Windows\System\HsVpWBU.exe
  C:\Windows\System\HsVpWBU.exe
  2⤵
  PID:8400
- C:\Windows\System\tybddUc.exe
  C:\Windows\System\tybddUc.exe
  2⤵
  PID:8420
- C:\Windows\System\HCcPAzK.exe
  C:\Windows\System\HCcPAzK.exe
  2⤵
  PID:8448
- C:\Windows\System\PKColhV.exe
  C:\Windows\System\PKColhV.exe
  2⤵
  PID:8468
- C:\Windows\System\VNBQzix.exe
  C:\Windows\System\VNBQzix.exe
  2⤵
  PID:8484
- C:\Windows\System\PBFdkKl.exe
  C:\Windows\System\PBFdkKl.exe
  2⤵
  PID:8500
- C:\Windows\System\AhyNeVA.exe
  C:\Windows\System\AhyNeVA.exe
  2⤵
  PID:8516
- C:\Windows\System\xIOoncF.exe
  C:\Windows\System\xIOoncF.exe
  2⤵
  PID:8540
- C:\Windows\System\IXNPUpC.exe
  C:\Windows\System\IXNPUpC.exe
  2⤵
  PID:8576
- C:\Windows\System\NLTOPPl.exe
  C:\Windows\System\NLTOPPl.exe
  2⤵
  PID:8592
- C:\Windows\System\wtzuGPF.exe
  C:\Windows\System\wtzuGPF.exe
  2⤵
  PID:8608
- C:\Windows\System\SAOKlqq.exe
  C:\Windows\System\SAOKlqq.exe
  2⤵
  PID:8636
- C:\Windows\System\qbevUQc.exe
  C:\Windows\System\qbevUQc.exe
  2⤵
  PID:8656
- C:\Windows\System\GExzSZQ.exe
  C:\Windows\System\GExzSZQ.exe
  2⤵
  PID:8672
- C:\Windows\System\yngULth.exe
  C:\Windows\System\yngULth.exe
  2⤵
  PID:8688
- C:\Windows\System\BfuwUwg.exe
  C:\Windows\System\BfuwUwg.exe
  2⤵
  PID:8704
- C:\Windows\System\IJLmfWu.exe
  C:\Windows\System\IJLmfWu.exe
  2⤵
  PID:8724
- C:\Windows\System\vFEZEtZ.exe
  C:\Windows\System\vFEZEtZ.exe
  2⤵
  PID:8740
- C:\Windows\System\dxTUvVG.exe
  C:\Windows\System\dxTUvVG.exe
  2⤵
  PID:8760
- C:\Windows\System\DinlCUd.exe
  C:\Windows\System\DinlCUd.exe
  2⤵
  PID:8780
- C:\Windows\System\ilWCHxi.exe
  C:\Windows\System\ilWCHxi.exe
  2⤵
  PID:8804
- C:\Windows\System\EGEvGpq.exe
  C:\Windows\System\EGEvGpq.exe
  2⤵
  PID:8820
- C:\Windows\System\ZCWyECl.exe
  C:\Windows\System\ZCWyECl.exe
  2⤵
  PID:8840
- C:\Windows\System\VhsEICa.exe
  C:\Windows\System\VhsEICa.exe
  2⤵
  PID:8856
- C:\Windows\System\DIIYnWm.exe
  C:\Windows\System\DIIYnWm.exe
  2⤵
  PID:8872
- C:\Windows\System\TWDJnOS.exe
  C:\Windows\System\TWDJnOS.exe
  2⤵
  PID:8916
- C:\Windows\System\BnbhONU.exe
  C:\Windows\System\BnbhONU.exe
  2⤵
  PID:8932
- C:\Windows\System\kakfAUk.exe
  C:\Windows\System\kakfAUk.exe
  2⤵
  PID:8960
- C:\Windows\System\hiWwYdP.exe
  C:\Windows\System\hiWwYdP.exe
  2⤵
  PID:8976
- C:\Windows\System\gVNyBnl.exe
  C:\Windows\System\gVNyBnl.exe
  2⤵
  PID:8996
- C:\Windows\System\fjDMEHq.exe
  C:\Windows\System\fjDMEHq.exe
  2⤵
  PID:9020
- C:\Windows\System\NlcEMYm.exe
  C:\Windows\System\NlcEMYm.exe
  2⤵
  PID:9040
- C:\Windows\System\yYsVEkN.exe
  C:\Windows\System\yYsVEkN.exe
  2⤵
  PID:9056
- C:\Windows\System\hKQKMcJ.exe
  C:\Windows\System\hKQKMcJ.exe
  2⤵
  PID:9072
- C:\Windows\System\ZPcJnLx.exe
  C:\Windows\System\ZPcJnLx.exe
  2⤵
  PID:9088
- C:\Windows\System\FbuyFtM.exe
  C:\Windows\System\FbuyFtM.exe
  2⤵
  PID:9104
- C:\Windows\System\RtPeZUb.exe
  C:\Windows\System\RtPeZUb.exe
  2⤵
  PID:9120
- C:\Windows\System\XDgFsdf.exe
  C:\Windows\System\XDgFsdf.exe
  2⤵
  PID:9136
- C:\Windows\System\Tcxiufi.exe
  C:\Windows\System\Tcxiufi.exe
  2⤵
  PID:9152
- C:\Windows\System\TNpmOvY.exe
  C:\Windows\System\TNpmOvY.exe
  2⤵
  PID:9168
- C:\Windows\System\TkBlIGJ.exe
  C:\Windows\System\TkBlIGJ.exe
  2⤵
  PID:9188
- C:\Windows\System\zSxWspd.exe
  C:\Windows\System\zSxWspd.exe
  2⤵
  PID:8200
- C:\Windows\System\BndcTlc.exe
  C:\Windows\System\BndcTlc.exe
  2⤵
  PID:8216
- C:\Windows\System\ieGoXjt.exe
  C:\Windows\System\ieGoXjt.exe
  2⤵
  PID:8284
- C:\Windows\System\uSKaXYC.exe
  C:\Windows\System\uSKaXYC.exe
  2⤵
  PID:8352
- C:\Windows\System\BaudTqe.exe
  C:\Windows\System\BaudTqe.exe
  2⤵
  PID:8360
- C:\Windows\System\WvTUQgy.exe
  C:\Windows\System\WvTUQgy.exe
  2⤵
  PID:8396
- C:\Windows\System\MtujpuS.exe
  C:\Windows\System\MtujpuS.exe
  2⤵
  PID:8444
- C:\Windows\System\sVroXuc.exe
  C:\Windows\System\sVroXuc.exe
  2⤵
  PID:8508
- C:\Windows\System\DtmlohR.exe
  C:\Windows\System\DtmlohR.exe
  2⤵
  PID:8464
- C:\Windows\System\CSHQacJ.exe
  C:\Windows\System\CSHQacJ.exe
  2⤵
  PID:8496
- C:\Windows\System\FiIFIPZ.exe
  C:\Windows\System\FiIFIPZ.exe
  2⤵
  PID:8556
- C:\Windows\System\mOyqWcF.exe
  C:\Windows\System\mOyqWcF.exe
  2⤵
  PID:8564
- C:\Windows\System\psvuVVA.exe
  C:\Windows\System\psvuVVA.exe
  2⤵
  PID:8588
- C:\Windows\System\rLdycAV.exe
  C:\Windows\System\rLdycAV.exe
  2⤵
  PID:8628
- C:\Windows\System\NaztLOB.exe
  C:\Windows\System\NaztLOB.exe
  2⤵
  PID:8680
- C:\Windows\System\RDsvUdA.exe
  C:\Windows\System\RDsvUdA.exe
  2⤵
  PID:8712
- C:\Windows\System\wojIqMz.exe
  C:\Windows\System\wojIqMz.exe
  2⤵
  PID:8752
- C:\Windows\System\SwEdRzQ.exe
  C:\Windows\System\SwEdRzQ.exe
  2⤵
  PID:8800
- C:\Windows\System\xYpyYCL.exe
  C:\Windows\System\xYpyYCL.exe
  2⤵
  PID:8776
- C:\Windows\System\ixMAMBn.exe
  C:\Windows\System\ixMAMBn.exe
  2⤵
  PID:8832
- C:\Windows\System\pKKlpcG.exe
  C:\Windows\System\pKKlpcG.exe
  2⤵
  PID:8848
- C:\Windows\System\aDYEZgE.exe
  C:\Windows\System\aDYEZgE.exe
  2⤵
  PID:8888
- C:\Windows\System\lMfzDYu.exe
  C:\Windows\System\lMfzDYu.exe
  2⤵
  PID:8908
- C:\Windows\System\sHdoXOw.exe
  C:\Windows\System\sHdoXOw.exe
  2⤵
  PID:1004
- C:\Windows\System\MZZAIGb.exe
  C:\Windows\System\MZZAIGb.exe
  2⤵
  PID:8984
- C:\Windows\System\vzMRotO.exe
  C:\Windows\System\vzMRotO.exe
  2⤵
  PID:9032
- C:\Windows\System\kKlleUx.exe
  C:\Windows\System\kKlleUx.exe
  2⤵
  PID:9112
- C:\Windows\System\enJlyeo.exe
  C:\Windows\System\enJlyeo.exe
  2⤵
  PID:9176
- C:\Windows\System\ylTdaVk.exe
  C:\Windows\System\ylTdaVk.exe
  2⤵
  PID:9068
- C:\Windows\System\afmMOrI.exe
  C:\Windows\System\afmMOrI.exe
  2⤵
  PID:9204
- C:\Windows\System\qhtfqiY.exe
  C:\Windows\System\qhtfqiY.exe
  2⤵
  PID:8316
- C:\Windows\System\leeJnrT.exe
  C:\Windows\System\leeJnrT.exe
  2⤵
  PID:9200
- C:\Windows\System\EXBrNlL.exe
  C:\Windows\System\EXBrNlL.exe
  2⤵
  PID:8260
- C:\Windows\System\wOHkDkF.exe
  C:\Windows\System\wOHkDkF.exe
  2⤵
  PID:8320
- C:\Windows\System\VuiRGfC.exe
  C:\Windows\System\VuiRGfC.exe
  2⤵
  PID:8476
- C:\Windows\System\oVMDuAQ.exe
  C:\Windows\System\oVMDuAQ.exe
  2⤵
  PID:8432
- C:\Windows\System\HERsUsd.exe
  C:\Windows\System\HERsUsd.exe
  2⤵
  PID:8408
- C:\Windows\System\bvyEMUy.exe
  C:\Windows\System\bvyEMUy.exe
  2⤵
  PID:8536
- C:\Windows\System\NOpqvtq.exe
  C:\Windows\System\NOpqvtq.exe
  2⤵
  PID:8572
- C:\Windows\System\BfHhXPR.exe
  C:\Windows\System\BfHhXPR.exe
  2⤵
  PID:8668
- C:\Windows\System\HSpVchw.exe
  C:\Windows\System\HSpVchw.exe
  2⤵
  PID:8792
- C:\Windows\System\ZAGvNYZ.exe
  C:\Windows\System\ZAGvNYZ.exe
  2⤵
  PID:8620
- C:\Windows\System\LuqolOP.exe
  C:\Windows\System\LuqolOP.exe
  2⤵
  PID:8928
- C:\Windows\System\IzYCCxB.exe
  C:\Windows\System\IzYCCxB.exe
  2⤵
  PID:8992
- C:\Windows\System\xqsXpRu.exe
  C:\Windows\System\xqsXpRu.exe
  2⤵
  PID:9008
- C:\Windows\System\bEPdysb.exe
  C:\Windows\System\bEPdysb.exe
  2⤵
  PID:8748
- C:\Windows\System\oVvPwBK.exe
  C:\Windows\System\oVvPwBK.exe
  2⤵
  PID:8904
- C:\Windows\System\IYvydaK.exe
  C:\Windows\System\IYvydaK.exe
  2⤵
  PID:8204
- C:\Windows\System\kfCHMuT.exe
  C:\Windows\System\kfCHMuT.exe
  2⤵
  PID:9132
- C:\Windows\System\IVWfQol.exe
  C:\Windows\System\IVWfQol.exe
  2⤵
  PID:8348
- C:\Windows\System\XsIGXpy.exe
  C:\Windows\System\XsIGXpy.exe
  2⤵
  PID:8220
- C:\Windows\System\ykWkvOx.exe
  C:\Windows\System\ykWkvOx.exe
  2⤵
  PID:8524
- C:\Windows\System\axDZPHq.exe
  C:\Windows\System\axDZPHq.exe
  2⤵
  PID:8072
- C:\Windows\System\nOAOeec.exe
  C:\Windows\System\nOAOeec.exe
  2⤵
  PID:8828
- C:\Windows\System\pyLTNzS.exe
  C:\Windows\System\pyLTNzS.exe
  2⤵
  PID:8416
- C:\Windows\System\BFtNUcQ.exe
  C:\Windows\System\BFtNUcQ.exe
  2⤵
  PID:8884
- C:\Windows\System\xbVVesD.exe
  C:\Windows\System\xbVVesD.exe
  2⤵
  PID:9036
- C:\Windows\System\ieZfJVz.exe
  C:\Windows\System\ieZfJVz.exe
  2⤵
  PID:8648
- C:\Windows\System\dkCFsZa.exe
  C:\Windows\System\dkCFsZa.exe
  2⤵
  PID:8896
- C:\Windows\System\vAMCaac.exe
  C:\Windows\System\vAMCaac.exe
  2⤵
  PID:9080
- C:\Windows\System\UVZrDor.exe
  C:\Windows\System\UVZrDor.exe
  2⤵
  PID:9160
- C:\Windows\System\bgMLFXd.exe
  C:\Windows\System\bgMLFXd.exe
  2⤵
  PID:8268
- C:\Windows\System\DgUbJZo.exe
  C:\Windows\System\DgUbJZo.exe
  2⤵
  PID:8732
- C:\Windows\System\fwXVMdz.exe
  C:\Windows\System\fwXVMdz.exe
  2⤵
  PID:8604
- C:\Windows\System\DZDxecR.exe
  C:\Windows\System\DZDxecR.exe
  2⤵
  PID:8624
- C:\Windows\System\AvpcJmc.exe
  C:\Windows\System\AvpcJmc.exe
  2⤵
  PID:8968
- C:\Windows\System\zJlBnGY.exe
  C:\Windows\System\zJlBnGY.exe
  2⤵
  PID:9096
- C:\Windows\System\oHXItgb.exe
  C:\Windows\System\oHXItgb.exe
  2⤵
  PID:8248
- C:\Windows\System\fLIFTQG.exe
  C:\Windows\System\fLIFTQG.exe
  2⤵
  PID:8412
- C:\Windows\System\gDuyyZQ.exe
  C:\Windows\System\gDuyyZQ.exe
  2⤵
  PID:8772
- C:\Windows\System\NBaASwj.exe
  C:\Windows\System\NBaASwj.exe
  2⤵
  PID:8988
- C:\Windows\System\HWxaeey.exe
  C:\Windows\System\HWxaeey.exe
  2⤵
  PID:8280
- C:\Windows\System\hoZKbQE.exe
  C:\Windows\System\hoZKbQE.exe
  2⤵
  PID:8300
- C:\Windows\System\HisSula.exe
  C:\Windows\System\HisSula.exe
  2⤵
  PID:8380
- C:\Windows\System\FFvSYJU.exe
  C:\Windows\System\FFvSYJU.exe
  2⤵
  PID:8972
- C:\Windows\System\Vkxmfmj.exe
  C:\Windows\System\Vkxmfmj.exe
  2⤵
  PID:8948
- C:\Windows\System\lzjPhZx.exe
  C:\Windows\System\lzjPhZx.exe
  2⤵
  PID:9224
- C:\Windows\System\zjodqsb.exe
  C:\Windows\System\zjodqsb.exe
  2⤵
  PID:9240
- C:\Windows\System\fSOVbFu.exe
  C:\Windows\System\fSOVbFu.exe
  2⤵
  PID:9260
- C:\Windows\System\afYrfFW.exe
  C:\Windows\System\afYrfFW.exe
  2⤵
  PID:9284
- C:\Windows\System\txikUwW.exe
  C:\Windows\System\txikUwW.exe
  2⤵
  PID:9304
- C:\Windows\System\sdeQshe.exe
  C:\Windows\System\sdeQshe.exe
  2⤵
  PID:9320
- C:\Windows\System\WQvmWiO.exe
  C:\Windows\System\WQvmWiO.exe
  2⤵
  PID:9344
- C:\Windows\System\SCQNbFd.exe
  C:\Windows\System\SCQNbFd.exe
  2⤵
  PID:9364
- C:\Windows\System\IadQhRp.exe
  C:\Windows\System\IadQhRp.exe
  2⤵
  PID:9384
- C:\Windows\System\vnaJEfk.exe
  C:\Windows\System\vnaJEfk.exe
  2⤵
  PID:9404
- C:\Windows\System\RSbcfol.exe
  C:\Windows\System\RSbcfol.exe
  2⤵
  PID:9424
- C:\Windows\System\VdZkfRS.exe
  C:\Windows\System\VdZkfRS.exe
  2⤵
  PID:9444
- C:\Windows\System\CgRUdGN.exe
  C:\Windows\System\CgRUdGN.exe
  2⤵
  PID:9464
- C:\Windows\System\KOjisdQ.exe
  C:\Windows\System\KOjisdQ.exe
  2⤵
  PID:9480
- C:\Windows\System\lTBTxUs.exe
  C:\Windows\System\lTBTxUs.exe
  2⤵
  PID:9496
- C:\Windows\System\pscdhuo.exe
  C:\Windows\System\pscdhuo.exe
  2⤵
  PID:9520
- C:\Windows\System\WyoVxcg.exe
  C:\Windows\System\WyoVxcg.exe
  2⤵
  PID:9536
- C:\Windows\System\RxEtQiG.exe
  C:\Windows\System\RxEtQiG.exe
  2⤵
  PID:9560
- C:\Windows\System\lWwhJLR.exe
  C:\Windows\System\lWwhJLR.exe
  2⤵
  PID:9584
- C:\Windows\System\GNQbrzn.exe
  C:\Windows\System\GNQbrzn.exe
  2⤵
  PID:9600
- C:\Windows\System\UKIJUNP.exe
  C:\Windows\System\UKIJUNP.exe
  2⤵
  PID:9624
- C:\Windows\System\zVGcNRO.exe
  C:\Windows\System\zVGcNRO.exe
  2⤵
  PID:9644
- C:\Windows\System\APDahkd.exe
  C:\Windows\System\APDahkd.exe
  2⤵
  PID:9664
- C:\Windows\System\xBAbEfJ.exe
  C:\Windows\System\xBAbEfJ.exe
  2⤵
  PID:9680
- C:\Windows\System\aOhnPAD.exe
  C:\Windows\System\aOhnPAD.exe
  2⤵
  PID:9700
- C:\Windows\System\dfdMSel.exe
  C:\Windows\System\dfdMSel.exe
  2⤵
  PID:9720
- C:\Windows\System\PrfGXtV.exe
  C:\Windows\System\PrfGXtV.exe
  2⤵
  PID:9740
- C:\Windows\System\mBIMhPL.exe
  C:\Windows\System\mBIMhPL.exe
  2⤵
  PID:9760
- C:\Windows\System\EfjChff.exe
  C:\Windows\System\EfjChff.exe
  2⤵
  PID:9776
- C:\Windows\System\vkpxozE.exe
  C:\Windows\System\vkpxozE.exe
  2⤵
  PID:9800
- C:\Windows\System\fQtgeSA.exe
  C:\Windows\System\fQtgeSA.exe
  2⤵
  PID:9820
- C:\Windows\System\tWVVqVW.exe
  C:\Windows\System\tWVVqVW.exe
  2⤵
  PID:9844
- C:\Windows\System\IDkypts.exe
  C:\Windows\System\IDkypts.exe
  2⤵
  PID:9864
- C:\Windows\System\OKxknvF.exe
  C:\Windows\System\OKxknvF.exe
  2⤵
  PID:9880
- C:\Windows\System\dYQownA.exe
  C:\Windows\System\dYQownA.exe
  2⤵
  PID:9900
- C:\Windows\System\WUvFtvu.exe
  C:\Windows\System\WUvFtvu.exe
  2⤵
  PID:9916
- C:\Windows\System\ZnuIXDU.exe
  C:\Windows\System\ZnuIXDU.exe
  2⤵
  PID:9932
- C:\Windows\System\ZEszLFn.exe
  C:\Windows\System\ZEszLFn.exe
  2⤵
  PID:9952
- C:\Windows\System\yBEyFbA.exe
  C:\Windows\System\yBEyFbA.exe
  2⤵
  PID:9968
- C:\Windows\System\KUyPGev.exe
  C:\Windows\System\KUyPGev.exe
  2⤵
  PID:9984
- C:\Windows\System\bSlTKrQ.exe
  C:\Windows\System\bSlTKrQ.exe
  2⤵
  PID:10000
- C:\Windows\System\cBqgOnR.exe
  C:\Windows\System\cBqgOnR.exe
  2⤵
  PID:10016
- C:\Windows\System\aAFszBr.exe
  C:\Windows\System\aAFszBr.exe
  2⤵
  PID:10032
- C:\Windows\System\ktZhDWP.exe
  C:\Windows\System\ktZhDWP.exe
  2⤵
  PID:10080
- C:\Windows\System\GkvJamt.exe
  C:\Windows\System\GkvJamt.exe
  2⤵
  PID:10100
- C:\Windows\System\updTHUH.exe
  C:\Windows\System\updTHUH.exe
  2⤵
  PID:10116
- C:\Windows\System\STqdAqT.exe
  C:\Windows\System\STqdAqT.exe
  2⤵
  PID:10136
- C:\Windows\System\fdhivIn.exe
  C:\Windows\System\fdhivIn.exe
  2⤵
  PID:10152
- C:\Windows\System\IteLFGM.exe
  C:\Windows\System\IteLFGM.exe
  2⤵
  PID:10168
- C:\Windows\System\AcRnLRc.exe
  C:\Windows\System\AcRnLRc.exe
  2⤵
  PID:10188
- C:\Windows\System\ZYSWYKd.exe
  C:\Windows\System\ZYSWYKd.exe
  2⤵
  PID:10204
- C:\Windows\System\gquFJVl.exe
  C:\Windows\System\gquFJVl.exe
  2⤵
  PID:10220
- C:\Windows\System\zYGpjBD.exe
  C:\Windows\System\zYGpjBD.exe
  2⤵
  PID:10236
- C:\Windows\System\tAjWevx.exe
  C:\Windows\System\tAjWevx.exe
  2⤵
  PID:9232
- C:\Windows\System\kkEhNzX.exe
  C:\Windows\System\kkEhNzX.exe
  2⤵
  PID:9276
- C:\Windows\System\DCUUTbQ.exe
  C:\Windows\System\DCUUTbQ.exe
  2⤵
  PID:9300
- C:\Windows\System\XNhkMJy.exe
  C:\Windows\System\XNhkMJy.exe
  2⤵
  PID:9316
- C:\Windows\System\ybtBFjd.exe
  C:\Windows\System\ybtBFjd.exe
  2⤵
  PID:9352
- C:\Windows\System\samkwvM.exe
  C:\Windows\System\samkwvM.exe
  2⤵
  PID:9392
- C:\Windows\System\miombYj.exe
  C:\Windows\System\miombYj.exe
  2⤵
  PID:9420
- C:\Windows\System\ErSrfsO.exe
  C:\Windows\System\ErSrfsO.exe
  2⤵
  PID:9472
- C:\Windows\System\xHQvGSQ.exe
  C:\Windows\System\xHQvGSQ.exe
  2⤵
  PID:9488
- C:\Windows\System\dsLIuqH.exe
  C:\Windows\System\dsLIuqH.exe
  2⤵
  PID:9516
- C:\Windows\System\jlPEJAq.exe
  C:\Windows\System\jlPEJAq.exe
  2⤵
  PID:9576
- C:\Windows\System\HjPXlZL.exe
  C:\Windows\System\HjPXlZL.exe
  2⤵
  PID:9632
- C:\Windows\System\UHNtieg.exe
  C:\Windows\System\UHNtieg.exe
  2⤵
  PID:9660
- C:\Windows\System\DvXkDbl.exe
  C:\Windows\System\DvXkDbl.exe
  2⤵
  PID:9692
- C:\Windows\System\UnAcMvb.exe
  C:\Windows\System\UnAcMvb.exe
  2⤵
  PID:9728
- C:\Windows\System\ZlHcEDo.exe
  C:\Windows\System\ZlHcEDo.exe
  2⤵
  PID:9756
- C:\Windows\System\XbPxqmM.exe
  C:\Windows\System\XbPxqmM.exe
  2⤵
  PID:9788
- C:\Windows\System\bnPenDT.exe
  C:\Windows\System\bnPenDT.exe
  2⤵
  PID:9812
- C:\Windows\System\ldbKTpk.exe
  C:\Windows\System\ldbKTpk.exe
  2⤵
  PID:9852
- C:\Windows\System\ygNtKPO.exe
  C:\Windows\System\ygNtKPO.exe
  2⤵
  PID:9892
- C:\Windows\System\oqZhRRn.exe
  C:\Windows\System\oqZhRRn.exe
  2⤵
  PID:2420
- C:\Windows\System\klDpCJV.exe
  C:\Windows\System\klDpCJV.exe
  2⤵
  PID:9964
- C:\Windows\System\STDtlFl.exe
  C:\Windows\System\STDtlFl.exe
  2⤵
  PID:10024
- C:\Windows\System\hLFBdnv.exe
  C:\Windows\System\hLFBdnv.exe
  2⤵
  PID:10040
- C:\Windows\System\eDlyFGq.exe
  C:\Windows\System\eDlyFGq.exe
  2⤵
  PID:9976
- C:\Windows\System\aKORTmf.exe
  C:\Windows\System\aKORTmf.exe
  2⤵
  PID:10072
- C:\Windows\System\qlzgUNJ.exe
  C:\Windows\System\qlzgUNJ.exe
  2⤵
  PID:10112
- C:\Windows\System\lZkiQby.exe
  C:\Windows\System\lZkiQby.exe
  2⤵
  PID:10180
- C:\Windows\System\brbWVec.exe
  C:\Windows\System\brbWVec.exe
  2⤵
  PID:8788
- C:\Windows\System\GKChoYW.exe
  C:\Windows\System\GKChoYW.exe
  2⤵
  PID:9436
- C:\Windows\System\bYYyaMC.exe
  C:\Windows\System\bYYyaMC.exe
  2⤵
  PID:9372
- C:\Windows\System\QtkzqPr.exe
  C:\Windows\System\QtkzqPr.exe
  2⤵
  PID:9336
- C:\Windows\System\LpQIqWH.exe
  C:\Windows\System\LpQIqWH.exe
  2⤵
  PID:10228
- C:\Windows\System\HAcvOsD.exe
  C:\Windows\System\HAcvOsD.exe
  2⤵
  PID:9476
- C:\Windows\System\QqQAqSY.exe
  C:\Windows\System\QqQAqSY.exe
  2⤵
  PID:9552
- C:\Windows\System\vdMJVPH.exe
  C:\Windows\System\vdMJVPH.exe
  2⤵
  PID:9652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AEEVFmv.exe

Filesize
6.1MB

MD5
656c88c95aee8d7d9403f09c7832a1f9

SHA1
8ff4a9d3fbdec9560762a3c1ca789da7606f9c27

SHA256
dd98e43e197bf38b36d6f8f8a1afe233c56b0491928305e8b61d037531a9c082

SHA512
0f3493c294788bc40e87264466058a446a0b4ab428f3fa68b0595492c9612901d31eea98b915cf8ad4872a1f846b4e31d0bad896d45fab288de8628cc10afdea

Download Submit
C:\Windows\system\AUgBkDg.exe

Filesize
6.1MB

MD5
c6c40cb76eeb14a5754b4b56253ced88

SHA1
3e32c585327b4c91d7d29f21f588c1da2f198b49

SHA256
edd06f0da4d8fb7eb549e905c223bba6513f31712a7f3aab46f6f158d422a21c

SHA512
a91226bc4a531d1dee4ecfc6d7c8d4f130e632981b35f72d273aaa02402ecfc901b677b9413222de0742cc1c7ffd4c232c22f9b0085b58e5c42f0ee01296ab1f

Download Submit
C:\Windows\system\CHlOfXt.exe

Filesize
6.1MB

MD5
9c64d2eb267eb28d0a74e12c26a2f55f

SHA1
3815992e49583fa7d52b5f38d0b989274185c949

SHA256
872c36ae6b4af0256ea537dc43391d370d2fd29d012c247b64fa708fe02a9061

SHA512
8ecc8dbeebd241b4f690ba88a8fc7ee0d7c693b2f16eb80724d772936a973c87b73e0495ef6e65207b05d01598a287db94207b29f022519d934f27bbb116115f

Download Submit
C:\Windows\system\DAjGzTZ.exe

Filesize
6.1MB

MD5
0ec5ae07f1c0d54b73d8ce6dc987f6d9

SHA1
2447373e1bed48716aca55d4a0c04e9757ba7487

SHA256
c7412de874929be8ce092a71a8076be4837100dbfa62ca27bc54934a68e2a09e

SHA512
c13db3be9d13fb7f9a29b555736699ad2c3e9e84bc7e0386ee2dddb5c178c6f3bb3d6290a11a34495257716b8c65c365e55f1ed221028fa854d31f1b6af358a5

Download Submit
C:\Windows\system\DpGdhso.exe

Filesize
8B

MD5
7fb9fd182d5ab63900fb9ee526c88fa1

SHA1
aab9836809e0369b84ac1f3755c5ded623b07881

SHA256
21acd531927251665bb9d8d63ad0f3451fb4c667c2c87ef197b044468c3f6d63

SHA512
e4dbf30c5a70eb85fb9630c6c0884e0426c8c972990dede5cb6a66d9e54106309a50cd8b3c99f4edf71e589b9d607448e3ddd7fabe0a65932d98fc475aacea21

Download Submit
C:\Windows\system\FGeAYwh.exe

Filesize
6.1MB

MD5
06d1a2638a3c625cc769c7b3f7eedeb8

SHA1
9796c4056819511f927aade9d1fdf810b251f1d1

SHA256
408b94c9ba30726b2d33590135c37112226bbfc5a748d3e92e2e151ec5a2800d

SHA512
d07edaf4f6d345b308747362d8b95db7b14646ac65ae01d3f96a0046872d966059fe6e7fc13c58e10789aa4d4882004f37735600e7c13d2a92e1c785ac8b2624

Download Submit
C:\Windows\system\HJqquSx.exe

Filesize
6.1MB

MD5
6a4bec1216a2266803af1bc6c9ac3563

SHA1
c0b57a0c0237dc1a1c5d51b2257b8b59828ac892

SHA256
512ecf44bcca0abd29dac721351f870d47bce9369f050f886c8aacfda851797d

SHA512
4ecbfcf6609437908d014eb29b9f419e05e266ff266b24f8fc165dc4dfd15273abcb834f3a79adac7aae3f983ec402baa074d36b6dbe7f2018a130b5166b6fb9

Download Submit
C:\Windows\system\HUUvVMo.exe

Filesize
6.1MB

MD5
162d0395e0ee5f08f0a984ecc812a589

SHA1
344495b179e1bf23614696172103036795ff1933

SHA256
c95b191215a1b819bb03bface79678a0719674d80338c601ae11760a2f1e3b61

SHA512
1a693a3a74d9090f1b39b54fcc3f523e9492e4d40fa60c7f75274ef44d5a6bc4265899b797f91d82bcb6d57ac0651d50e7840dad8cefe4a5a054cd515492d734

Download Submit
C:\Windows\system\KWhzwaQ.exe

Filesize
6.1MB

MD5
df25710260586050d0bdfb413ec1680b

SHA1
977900bbd57f1fbc7e48b17c016698a087a9cfad

SHA256
6d036ba8f7e1628f1f64f6462613884bde9a7414d715e867f23df37523e28364

SHA512
82ac5bba9a2aeaf28b576c630dacc5d60effc059277f858b19a8441b0c8fc43dbdb30520f2f6fc55f353f9c59436a58c691f1714372f877ebedda0966077de15

Download Submit
C:\Windows\system\KxqsHJi.exe

Filesize
6.1MB

MD5
c66660bf96f04887841a558bed9f5ac4

SHA1
dea5bca04a381a164cd00822c46c01c04c9c85c2

SHA256
5fdada9f9f17416c7b3bf64411c3616cf08834a3d78382d6c7d2fc7a56ecc262

SHA512
1fc6d18c47383c8364bc68f8f8425061e32bd1a0edc0d6506e5b24ee58fb83a62f66b02a8591cd37419e04746b6527bc9c243b598028f2215d907c140f12d845

Download Submit
C:\Windows\system\LVNsMtK.exe

Filesize
6.1MB

MD5
c0e8a3deefaafba8c2f0b9e588102598

SHA1
0725c1d175dfe09182ffd28355a241d0da5825b9

SHA256
5c01c33d053dc72f774205b2bbcfc21a7e438f153920a3c0bac99391104e5b0f

SHA512
988a3532fee44e97dbfad830501b42e5c3bf01f0af1217835e461fab606210c3eaa37ec236cfcaf84197340855c96839524f356a3d6a31dda9f0123adae49104

Download Submit
C:\Windows\system\MPSuCwk.exe

Filesize
6.1MB

MD5
976bdf4683a36aa8d82ae99264431602

SHA1
197192550b18c58b5b672599319f430868bd7691

SHA256
63a7b796c6a1b693da9c48149c6fe83baf9f7d33ed85f44f4877728190e17287

SHA512
69c5b5815ec9f3983a236bd5105178199162af792c8053f759909a50abb0d7f98e2d5d7240683bb6fe97fa324581bf4a7051db1e2f85bb09281c265cce3df852

Download Submit
C:\Windows\system\MyfCdNY.exe

Filesize
6.1MB

MD5
cb90d84307574eaf3691b5a1f4b35e5c

SHA1
e45dc0559d21daa1c269fa31be4a3ec811c979e6

SHA256
142fd583052289a2f6b7492a2ae4d5a7b26b016ab2e033a0f32aa15a29d92537

SHA512
23ece7d5aeb72de0e8bfee2afc5ce64b73ffe49d407872bd8aa4bf17bd703f729e47372d72d14f6225b960e7c63057bcfc8df033de8100491ee9e528b8113f72

Download Submit
C:\Windows\system\RnZtOtK.exe

Filesize
6.1MB

MD5
6515dfabb582efa27c292e3421acf426

SHA1
94402effdada976bc7d2143400c02496d28c0499

SHA256
183d5948a480b88225993666ee10bc7f6666dc4c9476fe8800ed7c8bc4389bf4

SHA512
5ea28f5ec68cc7cd58257a885a4aa9fe9b9c043fd536cd7516d30683ededa25f00bf6c1e996b17ff82e7652ff75852166d7c74f9891e9a629e7e6fdf0a05a220

Download Submit
C:\Windows\system\VCthRSU.exe

Filesize
6.1MB

MD5
40d7411204a78592fc6eb2c1c844eca8

SHA1
3c3f4e8d41be243d31a8c638fbe8e981f3e59d19

SHA256
1c73eba09713073f061846e4c723ca419fd30c950e1cbdd8732c4dd4f7ac1f5f

SHA512
6ed8a6f4794c0729ebb5f19f83c7e52e43d69ed74877efdec3e2b605cc8b8e383de5340d0ca8811081df9c7c1e54555e794552f382c20be49e383fcea55a17c2

Download Submit
C:\Windows\system\WIdufdS.exe

Filesize
6.1MB

MD5
58a81b57f62d64527343cf72d1339824

SHA1
8199983c9e3f6065df00712e5fb3a3a9960ed5a9

SHA256
1afc11aaaed280fddd1c141e53a57bd23b0cc7640046e53eb5f7d5a22413144e

SHA512
189edb95f1e4ea1ea9f56576e8bbfb80877b4a9929d185fc65842ab931629fd9ca9ef5a6712e5319f6774c2a843fd5d2b7eb163448d502bca97e83c75ff9586f

Download Submit
C:\Windows\system\ekuXWna.exe

Filesize
6.1MB

MD5
ae394129a230139bd0d0dc66c6cf1712

SHA1
861742609c6fc491bf9d4d043575a931930c56cf

SHA256
c754af1b318df0d80e3c3fb8a0768ad14842027078ccbefbe448a4669c769a85

SHA512
49e95545ff46d3a6b68144cd74d3fdf465f447c73c3bdf5efea01a6f8214fbf47457e85f9e1f687e7aab4dadc119c1dc4edb57e717ec9fd9e8b70ef60be78fba

Download Submit
C:\Windows\system\fofdlSy.exe

Filesize
6.1MB

MD5
6f8266167090367a7f5fbda15355f723

SHA1
681c9850470a65e845f908e9eefa8f165ab3c2ed

SHA256
eadc1012e62548c02655430f15fac616bc873ee25ac98dda6c7a70debd01f341

SHA512
00f2c58807f3dcfe430f952030c9184cc193089c18cc5aa4d4d00e4598e3aefcde24c8c00a34cc09e0d55f963835ea6e2abbd0be07b7049c0f2f654a0a141497

Download Submit
C:\Windows\system\kYXWHCE.exe

Filesize
6.1MB

MD5
d963507d94aea39003b5c91273efeaff

SHA1
ce59e54e8d45d79282d0bc85d682f4799b3050cc

SHA256
f7b666f47a4b0b3c0d0c21d1701fd26defc440f5b2133cd2284cad589230447e

SHA512
bc55da7d7443ab797c3bd9d064e64afb9f0067cd7d249faca8cd8b06304d7dfbe8f3526521e76d6f8c0ebfe92cfd89f25191d841859d5685ab41c25f8a7abbe6

Download Submit
C:\Windows\system\lGeSKWf.exe

Filesize
6.1MB

MD5
f081b0f69a3d80328a3bca768a447b55

SHA1
dc5e0561af7511a97aaa6d76993e5da414fedeb0

SHA256
8d7f53e69011d9766c560da1e71e965ec8336402de72f494ad46cb78f2d23bfa

SHA512
efcddffed97b0016193c269f535e8766a530377634e1a7a43e303b1c00c2327a5752e7cfaeda859a70a6427a25a13a0cd6437d5e4f9ce73120261b6c8f56a548

Download Submit
C:\Windows\system\nViBEvA.exe

Filesize
6.1MB

MD5
cd772ae9e1131d59b5782ba370a588c1

SHA1
b0f00a7b87ef3476aca933b08f85c2f824d0c268

SHA256
5671917622d6d3c87d72a6cdfa3de63151346cd68de064db982820378a33b67f

SHA512
79021f89887ee36502425078c926ddbfdc671d516c8793c6b55482dfe578de307b0246eee7bf689a35f83bfa2ebbe521ce7ec28568e9cabea835008b3fd244dc

Download Submit
C:\Windows\system\oRFRjgM.exe

Filesize
6.1MB

MD5
8ce94876a10d6abbe9fb9b3843fe46ed

SHA1
846105f6e5d8d3cd557af1af52aeb2f395566fea

SHA256
8c5b2020290ed41279b09ffabe93913d8e061d9a9f4b40383d2ff756b8ea25b3

SHA512
b775706a999b21905d6d877bda34e3c46efc24c466cd46f8a2ee7cc6a28b7b37bdf8e6077d727b527ac942412bee59065a3695661aa0860a3e501fae98f603b1

Download Submit
C:\Windows\system\qKgvlrx.exe

Filesize
6.1MB

MD5
3bdf99ad2a89dcc547499714721fe6e7

SHA1
f84fb32622e73e06429fcd4d10de42d1ae23d7b5

SHA256
72cfb30feddf39a6e883bbe9ea7efc76c81bb2f03804e4c8e0202029aa26012f

SHA512
8f0647d30469a519182c526b51350ce5e306fa40f803c4a3f39ea668c90c1e06bb0b01456a0cde890a468c3f10505d7b23eec48db66b8e33dd83298d04486396

Download Submit
C:\Windows\system\qmDZoHL.exe

Filesize
6.1MB

MD5
3c6cb9a04eb29e7dc4a3dceda1dfd910

SHA1
f9d918c39d15cecb9bf6c0b32363c5d9b29d6f2a

SHA256
5c3ba9d6f0148bd9336395d812fdf9fba81b70f12d4077e86f231becf8870cc0

SHA512
0d41172632c82cebb523ec640bf45a301d50d248ef4ea5b00f501a31aa933a8ec63be46060232cde46e77aa15d7b4771928e0a3ed025ef390c61ff2fdadecd18

Download Submit
C:\Windows\system\tQxiqSH.exe

Filesize
6.1MB

MD5
993277811fdbaa5e2db7f8ed4b4dc05a

SHA1
4a9c3b4f4b1df88d2ebbd7ae01db077009493f04

SHA256
046150ff2ed9692641ebd2f06ee9ea14812240fcf8d0e9fe4e8cf5d12cebd127

SHA512
be6b9b40d0e4bed4e992de34f70e0b7c7ecefc5a141a4a4be6b6ef4c1dcfc1e83fe609b146c82bee95a35f70b5bd6301409e74be12a46e4660ccc8dc6bc83660

Download Submit
C:\Windows\system\wxakzKG.exe

Filesize
6.1MB

MD5
24d69cb4b0c06baf3c198c151e8a95f9

SHA1
13f39ddef045f951558feb73725cb70968eb5311

SHA256
6882dfc1736369c5ac5dacbbacffbeee55ac9d9dfc4612e68efcf11fb2cf7af4

SHA512
6517edd652e1a15a0c0891fadaedcaa30d44bbd5ae83660cf93202290495d256fad40d2d46e8bf4202226293d4c7a2b64d71ac7d6c6030cd712b3fe461a3f6cc

Download Submit
C:\Windows\system\xENwjNZ.exe

Filesize
6.1MB

MD5
a60204f9383c7c50abf33b7d56ec9083

SHA1
0b30e96fda3337f2269421ed4664b1a6aa1c814e

SHA256
f880f12aeeea46529e5dd58f99b0f3104bbb03890775e82f1c6bd8feb854affe

SHA512
f48b6d8a7ffad53651f8f549cc4fe311100175b140da3c2ffb9ab3d6192b0e23d571529c9aa5330e78dc201357a142c8ba0d55ed38e0f241df36c187d0bfe69c

Download Submit
C:\Windows\system\zUGjfMD.exe

Filesize
6.1MB

MD5
1ee19731e5eb504ef19d7ee50a86051f

SHA1
7b6abeba17cd69fbb978d55c2ba926e54b1c803b

SHA256
77a10209a955043444ab601165d58d3fe1bd9ab000207ebe0d88f1a28ac66ab3

SHA512
774dded294d3b57ba65c15b312f676f967eb14face27127f88e212277c4397ef75b0c4df04c74ed44ad925fedf8066216053ac97163e15bfeade4365d41ad3df

Download Submit
\Windows\system\BfdkHpp.exe

Filesize
6.1MB

MD5
ae8956f66a37456b442c53ad3606fcdd

SHA1
de3dfd010539e76b14ce1fe3c4115cae722ab1bf

SHA256
5d5a223e362aa22946da686c88f84cf3101f1309b1e352f349d56ee833496b0a

SHA512
d90b998fa7426b2f2a385dbb35d658c2bd89e0f86c73086f7a0e45845e77e2212e02c532a45cc9e7a6fdf2013fc25cb62c7521695d33e41c6105ee1d90f423f2

Download Submit
\Windows\system\GiEwSGJ.exe

Filesize
6.1MB

MD5
a35cefe04c12dc4655c6b1fcbd7b09e1

SHA1
af8ba5c08dd7a61215f541391b89877bba19021a

SHA256
a0b599409232986bc3b817341ed95d060979685814e6dddfcd79ac467161320b

SHA512
90046e4400854d4576553839cd8986614e974055fc5bd6f09b995711b9f43e657ecc6064382bf4672cddd954c73bde4f1b69f64493f7abea24a95161e6a49ab6

Download Submit
\Windows\system\LgybVIp.exe

Filesize
6.1MB

MD5
abac645d743ee26724c33fc9e28781bb

SHA1
d8cd44b59668c0f1d77d50840065342d7c8195e4

SHA256
9719d6b2e31a0b75425ae207abcaa53ea016ceb98c83344d5055c05b2017dbcd

SHA512
826b4c92acd28b8b761b0fc275beba7b9ae823d2e453ff5192b070422a7b94161c4a22fe590bc9ad4d3420af494ab4715894704256ebf8fdc47b5e88ca32153d

Download Submit
\Windows\system\UyuiGwJ.exe

Filesize
6.1MB

MD5
99008ef87502f23d9b8064388af5516e

SHA1
6a945a6a06e5aa9207e6fd591ea94f6381eab418

SHA256
1f1a487f7917258b780ce83ebf966211357987628f0d221e1aa912bfa1351b15

SHA512
e91e4bbe2f99dfae3e766e10173f0ed49ccdfa9368269e07b7e30d2873b2604e66f857f51698239135bc4d327e159236898b9e075bfe768341312973ccc20dd4

Download Submit
\Windows\system\ygzwaex.exe

Filesize
6.1MB

MD5
44fe9b5a39019d2053d4af963f978452

SHA1
dbbbeacaf560c8cdff19649cf75cf7418a82e635

SHA256
8bfc4dd14bdb0bcb42415e5815bd53575f32aa24251c820a7454ddab7aba3a6e

SHA512
79cc022285a548ee1d1b8c8160a9d2aba595d66415720f6d95b8cccc0b88c1970bcb1057845f302428d80205999a7704467e11d299c47e19d8b2bf4aa71688a6

Download Submit
memory/1596-917-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1596-109-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1596-3673-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-3666-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1644-733-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1756-3659-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1756-77-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1756-214-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1836-68-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1836-108-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1836-3634-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1896-3624-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1896-57-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1896-96-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2156-91-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2156-580-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2156-3667-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2448-82-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2448-366-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2448-3656-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2568-44-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3546-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2604-72-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2604-34-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3582-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2776-12-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2776-43-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3469-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3542-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2820-20-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2820-56-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3465-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2900-14-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2968-86-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-50-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3653-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3549-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2988-64-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2988-28-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/3028-30-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-36-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-169-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/3028-97-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/3028-60-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-65-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-52-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/3028-0-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-87-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-81-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-90-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/3028-38-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-100-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-18-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-24-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/3028-104-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-105-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-824-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-15-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-679-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/3028-477-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download