cobaltstrike | 50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532

Analysis

max time kernel
152s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
Size

6.0MB
MD5

f9c62c04c6196519ffdf3bfcef43aeb8
SHA1

fe0b5be12333683a9f9fced0e98a5002b166f9ac
SHA256

50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532
SHA512

9b9e8c8a2ebfe43ad89ad228b5f1b15cc558420df476a52fe68b67ad87b42fa2724892779355183ff6953796b3c601d197b6078ac3062c4d12b779a151197a7e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU4:T+q56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000012238-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000193b8-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019470-10.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019480-22.dat	cobalt_reflective_dll
behavioral1/files/0x0030000000019326-30.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019489-37.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001948c-48.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019490-53.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194a3-60.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194eb-67.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-79.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2148-0-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x0009000000012238-3.dat	xmrig
behavioral1/files/0x00080000000193b8-12.dat	xmrig
behavioral1/memory/2772-15-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2056-11-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x0007000000019470-10.dat	xmrig
behavioral1/files/0x0006000000019480-22.dat	xmrig
behavioral1/memory/2148-26-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2876-21-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2880-28-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x0030000000019326-30.dat	xmrig
behavioral1/memory/2800-36-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2148-35-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x0006000000019489-37.dat	xmrig
behavioral1/memory/2924-42-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2056-39-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x000600000001948c-48.dat	xmrig
behavioral1/memory/2820-52-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x0006000000019490-53.dat	xmrig
behavioral1/memory/2876-57-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2900-59-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x00080000000194a3-60.dat	xmrig
behavioral1/memory/2880-65-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2744-66-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x00080000000194eb-67.dat	xmrig
behavioral1/memory/2800-73-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2148-74-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2100-75-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2924-83-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f6-92.dat	xmrig
behavioral1/files/0x000500000001a3ab-87.dat	xmrig
behavioral1/files/0x000500000001a3f8-96.dat	xmrig
behavioral1/files/0x000500000001a3fd-100.dat	xmrig
behavioral1/files/0x000500000001a400-105.dat	xmrig
behavioral1/files/0x000500000001a404-107.dat	xmrig
behavioral1/memory/1876-110-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a438-116.dat	xmrig
behavioral1/files/0x000500000001a44d-118.dat	xmrig
behavioral1/files/0x000500000001a44f-124.dat	xmrig
behavioral1/memory/1560-132-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a457-137.dat	xmrig
behavioral1/memory/2444-131-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2072-84-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x000500000001a459-140.dat	xmrig
behavioral1/files/0x000500000001a463-146.dat	xmrig
behavioral1/files/0x000500000001a469-151.dat	xmrig
behavioral1/files/0x000500000001a46b-154.dat	xmrig
behavioral1/files/0x000500000001a46f-162.dat	xmrig
behavioral1/files/0x000500000001a471-171.dat	xmrig
behavioral1/files/0x000500000001a473-174.dat	xmrig
behavioral1/files/0x000500000001a475-183.dat	xmrig
behavioral1/files/0x000500000001a477-186.dat	xmrig
behavioral1/memory/2148-185-0x0000000002400000-0x0000000002754000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46d-159.dat	xmrig
behavioral1/files/0x000500000001a479-191.dat	xmrig
behavioral1/files/0x000500000001a309-79.dat	xmrig
behavioral1/memory/2880-1319-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2056-1316-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2876-1324-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2772-1312-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2800-1351-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2820-1398-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2924-1350-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2900-1424-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2056	amykKvd.exe
2772	lrRwDcE.exe
2876	wUsKvmv.exe
2880	JeoPLlw.exe
2800	WIFSFoM.exe
2924	UJuYuzG.exe
2820	cWaZeZN.exe
2900	hbbEtSw.exe
2744	MYHclik.exe
2100	DVSDMxo.exe
2072	TGqPxnW.exe
1876	MCBDMQG.exe
2444	aWWUcXD.exe
1560	tFjVXfU.exe
2036	MPRLvwd.exe
2000	WPReSrO.exe
1512	UvCbmfH.exe
1292	eGVPTlr.exe
1764	wfjjUZl.exe
2476	lHnWDvd.exe
2116	IOlIAjz.exe
1436	trGdWWq.exe
1232	maaJmoV.exe
1244	QRBaBeo.exe
1064	dcmiBQs.exe
2860	LqEQuvY.exe
3036	gCtqaSC.exe
2364	jmXQJGc.exe
1432	ZUjbPcd.exe
2556	Rorxeqf.exe
1236	sZMrJhv.exe
2636	WfTqPGJ.exe
2268	ysUfdPy.exe
2376	FKGofjo.exe
288	OPFMbhg.exe
1536	EyiFGjt.exe
236	oEKJEYh.exe
1036	uPXWowb.exe
1464	igOCfyB.exe
1672	PnpACLo.exe
2740	PgqjBmE.exe
964	yAmyIIu.exe
1052	gePhfzK.exe
1972	KDtrhCD.exe
1844	VyykPAe.exe
1624	WiIIBij.exe
1880	oREUmhT.exe
524	HbIkPWd.exe
1308	jtYutcS.exe
1928	IjDFXlG.exe
1644	WMjLtzj.exe
3052	fxNtJgl.exe
2144	hmWGvGt.exe
2792	EYVjmxR.exe
2916	mcMhKOL.exe
2112	gVMVKOR.exe
2156	ZcdQmGL.exe
2824	vvLZRXw.exe
536	ynXaqoS.exe
2796	UpBcfzp.exe
2816	ElgiueF.exe
2852	yGZoVPl.exe
2348	FIbjiMq.exe
564	vhjiuTS.exe

Loads dropped DLL 64 IoCs

pid	Process
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2148-0-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x0009000000012238-3.dat	upx
behavioral1/files/0x00080000000193b8-12.dat	upx
behavioral1/memory/2772-15-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2056-11-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x0007000000019470-10.dat	upx
behavioral1/files/0x0006000000019480-22.dat	upx
behavioral1/memory/2876-21-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2880-28-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x0030000000019326-30.dat	upx
behavioral1/memory/2800-36-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2148-35-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x0006000000019489-37.dat	upx
behavioral1/memory/2924-42-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2056-39-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x000600000001948c-48.dat	upx
behavioral1/memory/2820-52-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x0006000000019490-53.dat	upx
behavioral1/memory/2876-57-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2900-59-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x00080000000194a3-60.dat	upx
behavioral1/memory/2880-65-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2744-66-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x00080000000194eb-67.dat	upx
behavioral1/memory/2800-73-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2100-75-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2924-83-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x000500000001a3f6-92.dat	upx
behavioral1/files/0x000500000001a3ab-87.dat	upx
behavioral1/files/0x000500000001a3f8-96.dat	upx
behavioral1/files/0x000500000001a3fd-100.dat	upx
behavioral1/files/0x000500000001a400-105.dat	upx
behavioral1/files/0x000500000001a404-107.dat	upx
behavioral1/memory/1876-110-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x000500000001a438-116.dat	upx
behavioral1/files/0x000500000001a44d-118.dat	upx
behavioral1/files/0x000500000001a44f-124.dat	upx
behavioral1/memory/1560-132-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x000500000001a457-137.dat	upx
behavioral1/memory/2444-131-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2072-84-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x000500000001a459-140.dat	upx
behavioral1/files/0x000500000001a463-146.dat	upx
behavioral1/files/0x000500000001a469-151.dat	upx
behavioral1/files/0x000500000001a46b-154.dat	upx
behavioral1/files/0x000500000001a46f-162.dat	upx
behavioral1/files/0x000500000001a471-171.dat	upx
behavioral1/files/0x000500000001a473-174.dat	upx
behavioral1/files/0x000500000001a475-183.dat	upx
behavioral1/files/0x000500000001a477-186.dat	upx
behavioral1/memory/2148-185-0x0000000002400000-0x0000000002754000-memory.dmp	upx
behavioral1/files/0x000500000001a46d-159.dat	upx
behavioral1/files/0x000500000001a479-191.dat	upx
behavioral1/files/0x000500000001a309-79.dat	upx
behavioral1/memory/2880-1319-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2056-1316-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2876-1324-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2772-1312-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2800-1351-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2820-1398-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2924-1350-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2900-1424-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2744-1436-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2100-1454-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wBbBPKU.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\kABfPpA.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\aZuYdoE.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\skVjFlr.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\MTSdNCO.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\DTUMYsP.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\Axyhyjh.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\QVbxebS.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\NBPXInQ.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\KWXoiMn.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\zOenCOZ.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\fMEVaIR.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\rJzfiho.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\PuQfZrF.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\tDsLkjl.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\NZVenyl.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\YSsgISF.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\zuQyCOv.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\yTkXPzJ.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\fKeFPCz.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\QruuLML.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\DCoJvzx.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\XaRbxBT.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\QlCJDRq.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\DYjMaSW.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\dUYxOTF.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\DnbTNqG.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\thypAMO.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\tQvwhrE.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\eqoeLBv.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\aAdIhTZ.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\MVrstoJ.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\DQVMHAW.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\JoMXNqa.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\QJqoJoe.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\hOplQaj.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\yvzxaKl.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\YBmZUSb.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\IxPWxnn.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\aKRZaTe.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\esmjpMc.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\JWeZMVl.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\zlLjNPB.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\unvTlQz.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\vYAEQIc.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\lmzPUmu.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\ZkOfvVt.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\sWzLmHD.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\FDTgjrN.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\qQznVmT.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\caSDYAH.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\rtwvyAs.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\kRPnpfy.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\ASytznt.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\QpbSxEi.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\tSIporS.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\tsaYWWo.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\xKbZgFW.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\qGzUlAG.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\ooxyUnk.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\GzXRfYT.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\FxAxWRN.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\KkLEbyW.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
File created	C:\Windows\System\yNVuwwv.exe	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2056	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	30
PID 2148 wrote to memory of 2056	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	30
PID 2148 wrote to memory of 2056	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	30
PID 2148 wrote to memory of 2772	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	31
PID 2148 wrote to memory of 2772	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	31
PID 2148 wrote to memory of 2772	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	31
PID 2148 wrote to memory of 2876	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	32
PID 2148 wrote to memory of 2876	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	32
PID 2148 wrote to memory of 2876	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	32
PID 2148 wrote to memory of 2880	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	33
PID 2148 wrote to memory of 2880	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	33
PID 2148 wrote to memory of 2880	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	33
PID 2148 wrote to memory of 2800	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	34
PID 2148 wrote to memory of 2800	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	34
PID 2148 wrote to memory of 2800	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	34
PID 2148 wrote to memory of 2924	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	35
PID 2148 wrote to memory of 2924	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	35
PID 2148 wrote to memory of 2924	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	35
PID 2148 wrote to memory of 2820	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	36
PID 2148 wrote to memory of 2820	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	36
PID 2148 wrote to memory of 2820	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	36
PID 2148 wrote to memory of 2900	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	37
PID 2148 wrote to memory of 2900	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	37
PID 2148 wrote to memory of 2900	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	37
PID 2148 wrote to memory of 2744	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	38
PID 2148 wrote to memory of 2744	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	38
PID 2148 wrote to memory of 2744	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	38
PID 2148 wrote to memory of 2100	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	39
PID 2148 wrote to memory of 2100	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	39
PID 2148 wrote to memory of 2100	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	39
PID 2148 wrote to memory of 2072	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	40
PID 2148 wrote to memory of 2072	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	40
PID 2148 wrote to memory of 2072	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	40
PID 2148 wrote to memory of 1876	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	41
PID 2148 wrote to memory of 1876	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	41
PID 2148 wrote to memory of 1876	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	41
PID 2148 wrote to memory of 2444	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	42
PID 2148 wrote to memory of 2444	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	42
PID 2148 wrote to memory of 2444	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	42
PID 2148 wrote to memory of 1560	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	43
PID 2148 wrote to memory of 1560	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	43
PID 2148 wrote to memory of 1560	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	43
PID 2148 wrote to memory of 2036	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	44
PID 2148 wrote to memory of 2036	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	44
PID 2148 wrote to memory of 2036	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	44
PID 2148 wrote to memory of 2000	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	45
PID 2148 wrote to memory of 2000	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	45
PID 2148 wrote to memory of 2000	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	45
PID 2148 wrote to memory of 1512	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	46
PID 2148 wrote to memory of 1512	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	46
PID 2148 wrote to memory of 1512	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	46
PID 2148 wrote to memory of 1292	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	47
PID 2148 wrote to memory of 1292	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	47
PID 2148 wrote to memory of 1292	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	47
PID 2148 wrote to memory of 1764	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	48
PID 2148 wrote to memory of 1764	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	48
PID 2148 wrote to memory of 1764	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	48
PID 2148 wrote to memory of 2476	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	49
PID 2148 wrote to memory of 2476	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	49
PID 2148 wrote to memory of 2476	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	49
PID 2148 wrote to memory of 2116	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	50
PID 2148 wrote to memory of 2116	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	50
PID 2148 wrote to memory of 2116	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	50
PID 2148 wrote to memory of 1436	2148	50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe	51

C:\Users\Admin\AppData\Local\Temp\50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe
"C:\Users\Admin\AppData\Local\Temp\50345d8b8efe91741addee9b1aeaf4bd453f8d4153526f8b7c3ffa50b6d54532.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\System\amykKvd.exe
  C:\Windows\System\amykKvd.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\lrRwDcE.exe
  C:\Windows\System\lrRwDcE.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\wUsKvmv.exe
  C:\Windows\System\wUsKvmv.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\JeoPLlw.exe
  C:\Windows\System\JeoPLlw.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\WIFSFoM.exe
  C:\Windows\System\WIFSFoM.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\UJuYuzG.exe
  C:\Windows\System\UJuYuzG.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\cWaZeZN.exe
  C:\Windows\System\cWaZeZN.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\hbbEtSw.exe
  C:\Windows\System\hbbEtSw.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\MYHclik.exe
  C:\Windows\System\MYHclik.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\DVSDMxo.exe
  C:\Windows\System\DVSDMxo.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\TGqPxnW.exe
  C:\Windows\System\TGqPxnW.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\MCBDMQG.exe
  C:\Windows\System\MCBDMQG.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\aWWUcXD.exe
  C:\Windows\System\aWWUcXD.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\tFjVXfU.exe
  C:\Windows\System\tFjVXfU.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\MPRLvwd.exe
  C:\Windows\System\MPRLvwd.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\WPReSrO.exe
  C:\Windows\System\WPReSrO.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\UvCbmfH.exe
  C:\Windows\System\UvCbmfH.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\eGVPTlr.exe
  C:\Windows\System\eGVPTlr.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\wfjjUZl.exe
  C:\Windows\System\wfjjUZl.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\lHnWDvd.exe
  C:\Windows\System\lHnWDvd.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\IOlIAjz.exe
  C:\Windows\System\IOlIAjz.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\trGdWWq.exe
  C:\Windows\System\trGdWWq.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\maaJmoV.exe
  C:\Windows\System\maaJmoV.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\QRBaBeo.exe
  C:\Windows\System\QRBaBeo.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\dcmiBQs.exe
  C:\Windows\System\dcmiBQs.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\LqEQuvY.exe
  C:\Windows\System\LqEQuvY.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\gCtqaSC.exe
  C:\Windows\System\gCtqaSC.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\jmXQJGc.exe
  C:\Windows\System\jmXQJGc.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\ZUjbPcd.exe
  C:\Windows\System\ZUjbPcd.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\Rorxeqf.exe
  C:\Windows\System\Rorxeqf.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\sZMrJhv.exe
  C:\Windows\System\sZMrJhv.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\WfTqPGJ.exe
  C:\Windows\System\WfTqPGJ.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\ysUfdPy.exe
  C:\Windows\System\ysUfdPy.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\FKGofjo.exe
  C:\Windows\System\FKGofjo.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\OPFMbhg.exe
  C:\Windows\System\OPFMbhg.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\EyiFGjt.exe
  C:\Windows\System\EyiFGjt.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\oEKJEYh.exe
  C:\Windows\System\oEKJEYh.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\uPXWowb.exe
  C:\Windows\System\uPXWowb.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\igOCfyB.exe
  C:\Windows\System\igOCfyB.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\PnpACLo.exe
  C:\Windows\System\PnpACLo.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\PgqjBmE.exe
  C:\Windows\System\PgqjBmE.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\yAmyIIu.exe
  C:\Windows\System\yAmyIIu.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\gePhfzK.exe
  C:\Windows\System\gePhfzK.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\KDtrhCD.exe
  C:\Windows\System\KDtrhCD.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\VyykPAe.exe
  C:\Windows\System\VyykPAe.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\WiIIBij.exe
  C:\Windows\System\WiIIBij.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\jtYutcS.exe
  C:\Windows\System\jtYutcS.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\oREUmhT.exe
  C:\Windows\System\oREUmhT.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\IjDFXlG.exe
  C:\Windows\System\IjDFXlG.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\HbIkPWd.exe
  C:\Windows\System\HbIkPWd.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\WMjLtzj.exe
  C:\Windows\System\WMjLtzj.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\fxNtJgl.exe
  C:\Windows\System\fxNtJgl.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\gVMVKOR.exe
  C:\Windows\System\gVMVKOR.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\hmWGvGt.exe
  C:\Windows\System\hmWGvGt.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\ZcdQmGL.exe
  C:\Windows\System\ZcdQmGL.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\EYVjmxR.exe
  C:\Windows\System\EYVjmxR.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\vvLZRXw.exe
  C:\Windows\System\vvLZRXw.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\mcMhKOL.exe
  C:\Windows\System\mcMhKOL.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\ynXaqoS.exe
  C:\Windows\System\ynXaqoS.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\UpBcfzp.exe
  C:\Windows\System\UpBcfzp.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\yGZoVPl.exe
  C:\Windows\System\yGZoVPl.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\ElgiueF.exe
  C:\Windows\System\ElgiueF.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\vhjiuTS.exe
  C:\Windows\System\vhjiuTS.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\FIbjiMq.exe
  C:\Windows\System\FIbjiMq.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\YSwpxgw.exe
  C:\Windows\System\YSwpxgw.exe
  2⤵
  PID:2080
- C:\Windows\System\tWkoPcA.exe
  C:\Windows\System\tWkoPcA.exe
  2⤵
  PID:956
- C:\Windows\System\GnMhvxs.exe
  C:\Windows\System\GnMhvxs.exe
  2⤵
  PID:1684
- C:\Windows\System\LtrbeGk.exe
  C:\Windows\System\LtrbeGk.exe
  2⤵
  PID:2928
- C:\Windows\System\eXgGSct.exe
  C:\Windows\System\eXgGSct.exe
  2⤵
  PID:2372
- C:\Windows\System\jdCjQDp.exe
  C:\Windows\System\jdCjQDp.exe
  2⤵
  PID:2812
- C:\Windows\System\tKAqsrN.exe
  C:\Windows\System\tKAqsrN.exe
  2⤵
  PID:2512
- C:\Windows\System\Anuuunu.exe
  C:\Windows\System\Anuuunu.exe
  2⤵
  PID:436
- C:\Windows\System\eOxeqIm.exe
  C:\Windows\System\eOxeqIm.exe
  2⤵
  PID:2272
- C:\Windows\System\MxISTmi.exe
  C:\Windows\System\MxISTmi.exe
  2⤵
  PID:2404
- C:\Windows\System\ZNMzmDx.exe
  C:\Windows\System\ZNMzmDx.exe
  2⤵
  PID:2580
- C:\Windows\System\lnjanAB.exe
  C:\Windows\System\lnjanAB.exe
  2⤵
  PID:1576
- C:\Windows\System\xrjAdKx.exe
  C:\Windows\System\xrjAdKx.exe
  2⤵
  PID:2400
- C:\Windows\System\jFdQxUJ.exe
  C:\Windows\System\jFdQxUJ.exe
  2⤵
  PID:584
- C:\Windows\System\qKtHzOS.exe
  C:\Windows\System\qKtHzOS.exe
  2⤵
  PID:688
- C:\Windows\System\rpMvHCE.exe
  C:\Windows\System\rpMvHCE.exe
  2⤵
  PID:1568
- C:\Windows\System\dNsIwaI.exe
  C:\Windows\System\dNsIwaI.exe
  2⤵
  PID:776
- C:\Windows\System\rDbYgrA.exe
  C:\Windows\System\rDbYgrA.exe
  2⤵
  PID:2124
- C:\Windows\System\fRzlyZU.exe
  C:\Windows\System\fRzlyZU.exe
  2⤵
  PID:924
- C:\Windows\System\dxohmYR.exe
  C:\Windows\System\dxohmYR.exe
  2⤵
  PID:1752
- C:\Windows\System\FidEoIM.exe
  C:\Windows\System\FidEoIM.exe
  2⤵
  PID:1076
- C:\Windows\System\oQCVSYT.exe
  C:\Windows\System\oQCVSYT.exe
  2⤵
  PID:2508
- C:\Windows\System\sgwwHxc.exe
  C:\Windows\System\sgwwHxc.exe
  2⤵
  PID:324
- C:\Windows\System\lIGhPiD.exe
  C:\Windows\System\lIGhPiD.exe
  2⤵
  PID:2396
- C:\Windows\System\PJZhIlN.exe
  C:\Windows\System\PJZhIlN.exe
  2⤵
  PID:2972
- C:\Windows\System\uiVpOoA.exe
  C:\Windows\System\uiVpOoA.exe
  2⤵
  PID:2588
- C:\Windows\System\GPCcRRm.exe
  C:\Windows\System\GPCcRRm.exe
  2⤵
  PID:1716
- C:\Windows\System\BGWMTKR.exe
  C:\Windows\System\BGWMTKR.exe
  2⤵
  PID:2524
- C:\Windows\System\WjDktBj.exe
  C:\Windows\System\WjDktBj.exe
  2⤵
  PID:2752
- C:\Windows\System\vuKObSk.exe
  C:\Windows\System\vuKObSk.exe
  2⤵
  PID:2432
- C:\Windows\System\OeYwjRe.exe
  C:\Windows\System\OeYwjRe.exe
  2⤵
  PID:2748
- C:\Windows\System\YGMjrHa.exe
  C:\Windows\System\YGMjrHa.exe
  2⤵
  PID:1692
- C:\Windows\System\FpXWDdb.exe
  C:\Windows\System\FpXWDdb.exe
  2⤵
  PID:948
- C:\Windows\System\OeggXuQ.exe
  C:\Windows\System\OeggXuQ.exe
  2⤵
  PID:1732
- C:\Windows\System\PkIPiPI.exe
  C:\Windows\System\PkIPiPI.exe
  2⤵
  PID:940
- C:\Windows\System\wBbBPKU.exe
  C:\Windows\System\wBbBPKU.exe
  2⤵
  PID:2244
- C:\Windows\System\AjyXGEk.exe
  C:\Windows\System\AjyXGEk.exe
  2⤵
  PID:2504
- C:\Windows\System\egQQEmk.exe
  C:\Windows\System\egQQEmk.exe
  2⤵
  PID:1596
- C:\Windows\System\KqAwdIt.exe
  C:\Windows\System\KqAwdIt.exe
  2⤵
  PID:1704
- C:\Windows\System\UhKrjjO.exe
  C:\Windows\System\UhKrjjO.exe
  2⤵
  PID:2624
- C:\Windows\System\QpbSxEi.exe
  C:\Windows\System\QpbSxEi.exe
  2⤵
  PID:1720
- C:\Windows\System\rIwzHvm.exe
  C:\Windows\System\rIwzHvm.exe
  2⤵
  PID:1408
- C:\Windows\System\PTWfRHe.exe
  C:\Windows\System\PTWfRHe.exe
  2⤵
  PID:1944
- C:\Windows\System\aPPAgaO.exe
  C:\Windows\System\aPPAgaO.exe
  2⤵
  PID:3064
- C:\Windows\System\SBKgrBj.exe
  C:\Windows\System\SBKgrBj.exe
  2⤵
  PID:1500
- C:\Windows\System\LiNJijt.exe
  C:\Windows\System\LiNJijt.exe
  2⤵
  PID:1472
- C:\Windows\System\GFZdMHV.exe
  C:\Windows\System\GFZdMHV.exe
  2⤵
  PID:2864
- C:\Windows\System\lmzPUmu.exe
  C:\Windows\System\lmzPUmu.exe
  2⤵
  PID:2448
- C:\Windows\System\XyaFPhe.exe
  C:\Windows\System\XyaFPhe.exe
  2⤵
  PID:1884
- C:\Windows\System\DCoJvzx.exe
  C:\Windows\System\DCoJvzx.exe
  2⤵
  PID:2692
- C:\Windows\System\rJGtSKz.exe
  C:\Windows\System\rJGtSKz.exe
  2⤵
  PID:316
- C:\Windows\System\PUPjSbk.exe
  C:\Windows\System\PUPjSbk.exe
  2⤵
  PID:976
- C:\Windows\System\IRdfvsv.exe
  C:\Windows\System\IRdfvsv.exe
  2⤵
  PID:2296
- C:\Windows\System\MMWCtpB.exe
  C:\Windows\System\MMWCtpB.exe
  2⤵
  PID:1532
- C:\Windows\System\qNLQOim.exe
  C:\Windows\System\qNLQOim.exe
  2⤵
  PID:2120
- C:\Windows\System\fEsbvcc.exe
  C:\Windows\System\fEsbvcc.exe
  2⤵
  PID:2620
- C:\Windows\System\gOJxEoa.exe
  C:\Windows\System\gOJxEoa.exe
  2⤵
  PID:2252
- C:\Windows\System\iHClQUA.exe
  C:\Windows\System\iHClQUA.exe
  2⤵
  PID:1504
- C:\Windows\System\wQhPVfE.exe
  C:\Windows\System\wQhPVfE.exe
  2⤵
  PID:2712
- C:\Windows\System\ZIcqlqE.exe
  C:\Windows\System\ZIcqlqE.exe
  2⤵
  PID:2844
- C:\Windows\System\SzTlmKL.exe
  C:\Windows\System\SzTlmKL.exe
  2⤵
  PID:2212
- C:\Windows\System\RfaYnmu.exe
  C:\Windows\System\RfaYnmu.exe
  2⤵
  PID:2776
- C:\Windows\System\yOreyAn.exe
  C:\Windows\System\yOreyAn.exe
  2⤵
  PID:2784
- C:\Windows\System\vTwzLOp.exe
  C:\Windows\System\vTwzLOp.exe
  2⤵
  PID:2964
- C:\Windows\System\UxBoBQg.exe
  C:\Windows\System\UxBoBQg.exe
  2⤵
  PID:336
- C:\Windows\System\VwxQCJA.exe
  C:\Windows\System\VwxQCJA.exe
  2⤵
  PID:308
- C:\Windows\System\xuZBlXk.exe
  C:\Windows\System\xuZBlXk.exe
  2⤵
  PID:2256
- C:\Windows\System\PqBalTd.exe
  C:\Windows\System\PqBalTd.exe
  2⤵
  PID:3056
- C:\Windows\System\myhHtRZ.exe
  C:\Windows\System\myhHtRZ.exe
  2⤵
  PID:2356
- C:\Windows\System\QrIZSWx.exe
  C:\Windows\System\QrIZSWx.exe
  2⤵
  PID:1168
- C:\Windows\System\cbVudUN.exe
  C:\Windows\System\cbVudUN.exe
  2⤵
  PID:2128
- C:\Windows\System\UzlJpbr.exe
  C:\Windows\System\UzlJpbr.exe
  2⤵
  PID:2308
- C:\Windows\System\FyFKmWl.exe
  C:\Windows\System\FyFKmWl.exe
  2⤵
  PID:2392
- C:\Windows\System\gdnxEqT.exe
  C:\Windows\System\gdnxEqT.exe
  2⤵
  PID:2724
- C:\Windows\System\kSrjKce.exe
  C:\Windows\System\kSrjKce.exe
  2⤵
  PID:1900
- C:\Windows\System\JDEcekE.exe
  C:\Windows\System\JDEcekE.exe
  2⤵
  PID:2892
- C:\Windows\System\gcVMtlG.exe
  C:\Windows\System\gcVMtlG.exe
  2⤵
  PID:2220
- C:\Windows\System\THCaSoP.exe
  C:\Windows\System\THCaSoP.exe
  2⤵
  PID:2012
- C:\Windows\System\raLxcbb.exe
  C:\Windows\System\raLxcbb.exe
  2⤵
  PID:1468
- C:\Windows\System\FWIhCTN.exe
  C:\Windows\System\FWIhCTN.exe
  2⤵
  PID:2996
- C:\Windows\System\pBlgFQL.exe
  C:\Windows\System\pBlgFQL.exe
  2⤵
  PID:2664
- C:\Windows\System\dDNFIyE.exe
  C:\Windows\System\dDNFIyE.exe
  2⤵
  PID:3068
- C:\Windows\System\pYAMTTT.exe
  C:\Windows\System\pYAMTTT.exe
  2⤵
  PID:2416
- C:\Windows\System\TZwnZov.exe
  C:\Windows\System\TZwnZov.exe
  2⤵
  PID:2532
- C:\Windows\System\uWrwPzk.exe
  C:\Windows\System\uWrwPzk.exe
  2⤵
  PID:2312
- C:\Windows\System\dnUUSay.exe
  C:\Windows\System\dnUUSay.exe
  2⤵
  PID:760
- C:\Windows\System\PPWxAtX.exe
  C:\Windows\System\PPWxAtX.exe
  2⤵
  PID:2848
- C:\Windows\System\jdklLQx.exe
  C:\Windows\System\jdklLQx.exe
  2⤵
  PID:1616
- C:\Windows\System\vLarvCc.exe
  C:\Windows\System\vLarvCc.exe
  2⤵
  PID:3084
- C:\Windows\System\OlAfgzT.exe
  C:\Windows\System\OlAfgzT.exe
  2⤵
  PID:3104
- C:\Windows\System\YztjOBy.exe
  C:\Windows\System\YztjOBy.exe
  2⤵
  PID:3124
- C:\Windows\System\dspTZlw.exe
  C:\Windows\System\dspTZlw.exe
  2⤵
  PID:3140
- C:\Windows\System\YqbJtzp.exe
  C:\Windows\System\YqbJtzp.exe
  2⤵
  PID:3164
- C:\Windows\System\UnEWXat.exe
  C:\Windows\System\UnEWXat.exe
  2⤵
  PID:3184
- C:\Windows\System\eQqDiAi.exe
  C:\Windows\System\eQqDiAi.exe
  2⤵
  PID:3208
- C:\Windows\System\LQNxNdf.exe
  C:\Windows\System\LQNxNdf.exe
  2⤵
  PID:3224
- C:\Windows\System\OZqZQTa.exe
  C:\Windows\System\OZqZQTa.exe
  2⤵
  PID:3244
- C:\Windows\System\UKHQdib.exe
  C:\Windows\System\UKHQdib.exe
  2⤵
  PID:3260
- C:\Windows\System\MAfDTss.exe
  C:\Windows\System\MAfDTss.exe
  2⤵
  PID:3276
- C:\Windows\System\ZGXTMBc.exe
  C:\Windows\System\ZGXTMBc.exe
  2⤵
  PID:3304
- C:\Windows\System\EpcGDfN.exe
  C:\Windows\System\EpcGDfN.exe
  2⤵
  PID:3324
- C:\Windows\System\hacqwAn.exe
  C:\Windows\System\hacqwAn.exe
  2⤵
  PID:3344
- C:\Windows\System\suQpCta.exe
  C:\Windows\System\suQpCta.exe
  2⤵
  PID:3360
- C:\Windows\System\STQihGq.exe
  C:\Windows\System\STQihGq.exe
  2⤵
  PID:3376
- C:\Windows\System\iAMDdaS.exe
  C:\Windows\System\iAMDdaS.exe
  2⤵
  PID:3408
- C:\Windows\System\noEpVXl.exe
  C:\Windows\System\noEpVXl.exe
  2⤵
  PID:3424
- C:\Windows\System\idJCdRh.exe
  C:\Windows\System\idJCdRh.exe
  2⤵
  PID:3440
- C:\Windows\System\dKIWnGf.exe
  C:\Windows\System\dKIWnGf.exe
  2⤵
  PID:3456
- C:\Windows\System\vYKVOvQ.exe
  C:\Windows\System\vYKVOvQ.exe
  2⤵
  PID:3476
- C:\Windows\System\SyWYgvH.exe
  C:\Windows\System\SyWYgvH.exe
  2⤵
  PID:3492
- C:\Windows\System\ceOfeqZ.exe
  C:\Windows\System\ceOfeqZ.exe
  2⤵
  PID:3512
- C:\Windows\System\njQHEzx.exe
  C:\Windows\System\njQHEzx.exe
  2⤵
  PID:3544
- C:\Windows\System\zvlQqdX.exe
  C:\Windows\System\zvlQqdX.exe
  2⤵
  PID:3568
- C:\Windows\System\HwiLFxV.exe
  C:\Windows\System\HwiLFxV.exe
  2⤵
  PID:3584
- C:\Windows\System\jZWslzF.exe
  C:\Windows\System\jZWslzF.exe
  2⤵
  PID:3604
- C:\Windows\System\yYhQvJI.exe
  C:\Windows\System\yYhQvJI.exe
  2⤵
  PID:3624
- C:\Windows\System\KAEWbcp.exe
  C:\Windows\System\KAEWbcp.exe
  2⤵
  PID:3644
- C:\Windows\System\SUmDfpO.exe
  C:\Windows\System\SUmDfpO.exe
  2⤵
  PID:3660
- C:\Windows\System\MPJzvmn.exe
  C:\Windows\System\MPJzvmn.exe
  2⤵
  PID:3680
- C:\Windows\System\DMcvOxl.exe
  C:\Windows\System\DMcvOxl.exe
  2⤵
  PID:3696
- C:\Windows\System\DvaIzAB.exe
  C:\Windows\System\DvaIzAB.exe
  2⤵
  PID:3712
- C:\Windows\System\SqphPfJ.exe
  C:\Windows\System\SqphPfJ.exe
  2⤵
  PID:3732
- C:\Windows\System\WJQAvpV.exe
  C:\Windows\System\WJQAvpV.exe
  2⤵
  PID:3760
- C:\Windows\System\opdSfxz.exe
  C:\Windows\System\opdSfxz.exe
  2⤵
  PID:3788
- C:\Windows\System\BjSfdXE.exe
  C:\Windows\System\BjSfdXE.exe
  2⤵
  PID:3804
- C:\Windows\System\oqPFkRo.exe
  C:\Windows\System\oqPFkRo.exe
  2⤵
  PID:3824
- C:\Windows\System\UBDsTMm.exe
  C:\Windows\System\UBDsTMm.exe
  2⤵
  PID:3848
- C:\Windows\System\eViXGdb.exe
  C:\Windows\System\eViXGdb.exe
  2⤵
  PID:3864
- C:\Windows\System\mtCdoIh.exe
  C:\Windows\System\mtCdoIh.exe
  2⤵
  PID:3880
- C:\Windows\System\BGetjAu.exe
  C:\Windows\System\BGetjAu.exe
  2⤵
  PID:3900
- C:\Windows\System\EEvlAWT.exe
  C:\Windows\System\EEvlAWT.exe
  2⤵
  PID:3916
- C:\Windows\System\eAzbYnw.exe
  C:\Windows\System\eAzbYnw.exe
  2⤵
  PID:3936
- C:\Windows\System\icHIiEw.exe
  C:\Windows\System\icHIiEw.exe
  2⤵
  PID:3960
- C:\Windows\System\kGqCUGS.exe
  C:\Windows\System\kGqCUGS.exe
  2⤵
  PID:3984
- C:\Windows\System\hJdsrJL.exe
  C:\Windows\System\hJdsrJL.exe
  2⤵
  PID:4000
- C:\Windows\System\XDSgTUz.exe
  C:\Windows\System\XDSgTUz.exe
  2⤵
  PID:4020
- C:\Windows\System\XvJheAR.exe
  C:\Windows\System\XvJheAR.exe
  2⤵
  PID:4040
- C:\Windows\System\BxINbjg.exe
  C:\Windows\System\BxINbjg.exe
  2⤵
  PID:4064
- C:\Windows\System\DMAsTyn.exe
  C:\Windows\System\DMAsTyn.exe
  2⤵
  PID:4088
- C:\Windows\System\CclEBLh.exe
  C:\Windows\System\CclEBLh.exe
  2⤵
  PID:2132
- C:\Windows\System\LhRVOzC.exe
  C:\Windows\System\LhRVOzC.exe
  2⤵
  PID:3080
- C:\Windows\System\tnOfIQm.exe
  C:\Windows\System\tnOfIQm.exe
  2⤵
  PID:3148
- C:\Windows\System\WopbMDy.exe
  C:\Windows\System\WopbMDy.exe
  2⤵
  PID:3136
- C:\Windows\System\OXlDfqx.exe
  C:\Windows\System\OXlDfqx.exe
  2⤵
  PID:3192
- C:\Windows\System\TedaLZq.exe
  C:\Windows\System\TedaLZq.exe
  2⤵
  PID:3216
- C:\Windows\System\jrRPxsT.exe
  C:\Windows\System\jrRPxsT.exe
  2⤵
  PID:3240
- C:\Windows\System\oKbHxOV.exe
  C:\Windows\System\oKbHxOV.exe
  2⤵
  PID:3256
- C:\Windows\System\zSnHIBV.exe
  C:\Windows\System\zSnHIBV.exe
  2⤵
  PID:3284
- C:\Windows\System\DpqSrcD.exe
  C:\Windows\System\DpqSrcD.exe
  2⤵
  PID:3312
- C:\Windows\System\wwNdGTx.exe
  C:\Windows\System\wwNdGTx.exe
  2⤵
  PID:3340
- C:\Windows\System\NtbhNBB.exe
  C:\Windows\System\NtbhNBB.exe
  2⤵
  PID:3404
- C:\Windows\System\kTTpBPS.exe
  C:\Windows\System\kTTpBPS.exe
  2⤵
  PID:3464
- C:\Windows\System\BzLcHPP.exe
  C:\Windows\System\BzLcHPP.exe
  2⤵
  PID:3500
- C:\Windows\System\ZLPBAAO.exe
  C:\Windows\System\ZLPBAAO.exe
  2⤵
  PID:3488
- C:\Windows\System\GYBmRzE.exe
  C:\Windows\System\GYBmRzE.exe
  2⤵
  PID:3536
- C:\Windows\System\fziJEPU.exe
  C:\Windows\System\fziJEPU.exe
  2⤵
  PID:3560
- C:\Windows\System\BYoHrzu.exe
  C:\Windows\System\BYoHrzu.exe
  2⤵
  PID:3600
- C:\Windows\System\eNlEIJr.exe
  C:\Windows\System\eNlEIJr.exe
  2⤵
  PID:3616
- C:\Windows\System\MPYBQKX.exe
  C:\Windows\System\MPYBQKX.exe
  2⤵
  PID:3668
- C:\Windows\System\RRrnOJD.exe
  C:\Windows\System\RRrnOJD.exe
  2⤵
  PID:3748
- C:\Windows\System\lGYmSRu.exe
  C:\Windows\System\lGYmSRu.exe
  2⤵
  PID:3744
- C:\Windows\System\SGPtYwZ.exe
  C:\Windows\System\SGPtYwZ.exe
  2⤵
  PID:3688
- C:\Windows\System\tUMwauy.exe
  C:\Windows\System\tUMwauy.exe
  2⤵
  PID:3784
- C:\Windows\System\hdxsRDR.exe
  C:\Windows\System\hdxsRDR.exe
  2⤵
  PID:3812
- C:\Windows\System\MTSdNCO.exe
  C:\Windows\System\MTSdNCO.exe
  2⤵
  PID:3840
- C:\Windows\System\xKbZgFW.exe
  C:\Windows\System\xKbZgFW.exe
  2⤵
  PID:3908
- C:\Windows\System\gYUhkdp.exe
  C:\Windows\System\gYUhkdp.exe
  2⤵
  PID:3892
- C:\Windows\System\bxrlOaq.exe
  C:\Windows\System\bxrlOaq.exe
  2⤵
  PID:3952
- C:\Windows\System\fUnLtLX.exe
  C:\Windows\System\fUnLtLX.exe
  2⤵
  PID:3976
- C:\Windows\System\kUBbRpj.exe
  C:\Windows\System\kUBbRpj.exe
  2⤵
  PID:4008
- C:\Windows\System\pmKKPgc.exe
  C:\Windows\System\pmKKPgc.exe
  2⤵
  PID:4060
- C:\Windows\System\xxwUPNM.exe
  C:\Windows\System\xxwUPNM.exe
  2⤵
  PID:4084
- C:\Windows\System\pKUaKIv.exe
  C:\Windows\System\pKUaKIv.exe
  2⤵
  PID:2700
- C:\Windows\System\LtquKHD.exe
  C:\Windows\System\LtquKHD.exe
  2⤵
  PID:3100
- C:\Windows\System\EFNYVwO.exe
  C:\Windows\System\EFNYVwO.exe
  2⤵
  PID:3132
- C:\Windows\System\sQpkufK.exe
  C:\Windows\System\sQpkufK.exe
  2⤵
  PID:3172
- C:\Windows\System\iNaCmBp.exe
  C:\Windows\System\iNaCmBp.exe
  2⤵
  PID:3272
- C:\Windows\System\KuUOKeU.exe
  C:\Windows\System\KuUOKeU.exe
  2⤵
  PID:3252
- C:\Windows\System\gRfEaJb.exe
  C:\Windows\System\gRfEaJb.exe
  2⤵
  PID:3372
- C:\Windows\System\ramLIDx.exe
  C:\Windows\System\ramLIDx.exe
  2⤵
  PID:3352
- C:\Windows\System\PfryRdC.exe
  C:\Windows\System\PfryRdC.exe
  2⤵
  PID:2544
- C:\Windows\System\KCJYFUI.exe
  C:\Windows\System\KCJYFUI.exe
  2⤵
  PID:1780
- C:\Windows\System\ljFMMKR.exe
  C:\Windows\System\ljFMMKR.exe
  2⤵
  PID:3448
- C:\Windows\System\GbagTXy.exe
  C:\Windows\System\GbagTXy.exe
  2⤵
  PID:3532
- C:\Windows\System\JuOuXll.exe
  C:\Windows\System\JuOuXll.exe
  2⤵
  PID:3592
- C:\Windows\System\NsyRYUt.exe
  C:\Windows\System\NsyRYUt.exe
  2⤵
  PID:1444
- C:\Windows\System\MtkhTXZ.exe
  C:\Windows\System\MtkhTXZ.exe
  2⤵
  PID:3596
- C:\Windows\System\BjqpCbc.exe
  C:\Windows\System\BjqpCbc.exe
  2⤵
  PID:3640
- C:\Windows\System\IYyODix.exe
  C:\Windows\System\IYyODix.exe
  2⤵
  PID:3768
- C:\Windows\System\mzAhRwb.exe
  C:\Windows\System\mzAhRwb.exe
  2⤵
  PID:3652
- C:\Windows\System\zqemTFt.exe
  C:\Windows\System\zqemTFt.exe
  2⤵
  PID:3944
- C:\Windows\System\BiVzEut.exe
  C:\Windows\System\BiVzEut.exe
  2⤵
  PID:3956
- C:\Windows\System\PLteUTs.exe
  C:\Windows\System\PLteUTs.exe
  2⤵
  PID:2488
- C:\Windows\System\BcROKZI.exe
  C:\Windows\System\BcROKZI.exe
  2⤵
  PID:4032
- C:\Windows\System\nqCOqvB.exe
  C:\Windows\System\nqCOqvB.exe
  2⤵
  PID:4016
- C:\Windows\System\eHrEbjX.exe
  C:\Windows\System\eHrEbjX.exe
  2⤵
  PID:3980
- C:\Windows\System\qydBGtT.exe
  C:\Windows\System\qydBGtT.exe
  2⤵
  PID:2976
- C:\Windows\System\dzfVCZE.exe
  C:\Windows\System\dzfVCZE.exe
  2⤵
  PID:3180
- C:\Windows\System\ZqgNhWC.exe
  C:\Windows\System\ZqgNhWC.exe
  2⤵
  PID:3152
- C:\Windows\System\WOcIinD.exe
  C:\Windows\System\WOcIinD.exe
  2⤵
  PID:3288
- C:\Windows\System\PKsGvpj.exe
  C:\Windows\System\PKsGvpj.exe
  2⤵
  PID:3400
- C:\Windows\System\hARKAhI.exe
  C:\Windows\System\hARKAhI.exe
  2⤵
  PID:2316
- C:\Windows\System\zlRiiCT.exe
  C:\Windows\System\zlRiiCT.exe
  2⤵
  PID:2520
- C:\Windows\System\uCAukzj.exe
  C:\Windows\System\uCAukzj.exe
  2⤵
  PID:3504
- C:\Windows\System\XBBHKih.exe
  C:\Windows\System\XBBHKih.exe
  2⤵
  PID:3540
- C:\Windows\System\ZIOyiAm.exe
  C:\Windows\System\ZIOyiAm.exe
  2⤵
  PID:3780
- C:\Windows\System\HMGCtQG.exe
  C:\Windows\System\HMGCtQG.exe
  2⤵
  PID:3704
- C:\Windows\System\ALQeuqM.exe
  C:\Windows\System\ALQeuqM.exe
  2⤵
  PID:3832
- C:\Windows\System\aGAbUjL.exe
  C:\Windows\System\aGAbUjL.exe
  2⤵
  PID:3972
- C:\Windows\System\NbqKYDS.exe
  C:\Windows\System\NbqKYDS.exe
  2⤵
  PID:4076
- C:\Windows\System\bfGDFgG.exe
  C:\Windows\System\bfGDFgG.exe
  2⤵
  PID:2616
- C:\Windows\System\BtpibVl.exe
  C:\Windows\System\BtpibVl.exe
  2⤵
  PID:4012
- C:\Windows\System\IQfAeax.exe
  C:\Windows\System\IQfAeax.exe
  2⤵
  PID:3196
- C:\Windows\System\FmuZqMC.exe
  C:\Windows\System\FmuZqMC.exe
  2⤵
  PID:2808
- C:\Windows\System\pXDvasj.exe
  C:\Windows\System\pXDvasj.exe
  2⤵
  PID:2656
- C:\Windows\System\xQDKRYy.exe
  C:\Windows\System\xQDKRYy.exe
  2⤵
  PID:2632
- C:\Windows\System\SILzejk.exe
  C:\Windows\System\SILzejk.exe
  2⤵
  PID:2456
- C:\Windows\System\ZCYEPmz.exe
  C:\Windows\System\ZCYEPmz.exe
  2⤵
  PID:2560
- C:\Windows\System\InOaGiC.exe
  C:\Windows\System\InOaGiC.exe
  2⤵
  PID:3384
- C:\Windows\System\LgWNGRp.exe
  C:\Windows\System\LgWNGRp.exe
  2⤵
  PID:2868
- C:\Windows\System\zSvGrUu.exe
  C:\Windows\System\zSvGrUu.exe
  2⤵
  PID:1352
- C:\Windows\System\XtFtVrX.exe
  C:\Windows\System\XtFtVrX.exe
  2⤵
  PID:704
- C:\Windows\System\wIIangB.exe
  C:\Windows\System\wIIangB.exe
  2⤵
  PID:2260
- C:\Windows\System\sjHKtfO.exe
  C:\Windows\System\sjHKtfO.exe
  2⤵
  PID:3820
- C:\Windows\System\CgFhgWL.exe
  C:\Windows\System\CgFhgWL.exe
  2⤵
  PID:3720
- C:\Windows\System\cawXTTS.exe
  C:\Windows\System\cawXTTS.exe
  2⤵
  PID:3844
- C:\Windows\System\GMKFTFM.exe
  C:\Windows\System\GMKFTFM.exe
  2⤵
  PID:2436
- C:\Windows\System\OmfzaRj.exe
  C:\Windows\System\OmfzaRj.exe
  2⤵
  PID:3120
- C:\Windows\System\IVBldsm.exe
  C:\Windows\System\IVBldsm.exe
  2⤵
  PID:1996
- C:\Windows\System\kIZwNuX.exe
  C:\Windows\System\kIZwNuX.exe
  2⤵
  PID:3636
- C:\Windows\System\XPjvSCA.exe
  C:\Windows\System\XPjvSCA.exe
  2⤵
  PID:2140
- C:\Windows\System\JGMqEfd.exe
  C:\Windows\System\JGMqEfd.exe
  2⤵
  PID:3968
- C:\Windows\System\WSaSGAF.exe
  C:\Windows\System\WSaSGAF.exe
  2⤵
  PID:3528
- C:\Windows\System\tzHSXAZ.exe
  C:\Windows\System\tzHSXAZ.exe
  2⤵
  PID:1800
- C:\Windows\System\MzFOYRh.exe
  C:\Windows\System\MzFOYRh.exe
  2⤵
  PID:3856
- C:\Windows\System\sLvoysy.exe
  C:\Windows\System\sLvoysy.exe
  2⤵
  PID:2932
- C:\Windows\System\aQnwNaS.exe
  C:\Windows\System\aQnwNaS.exe
  2⤵
  PID:4108
- C:\Windows\System\mllKMrg.exe
  C:\Windows\System\mllKMrg.exe
  2⤵
  PID:4128
- C:\Windows\System\iqLbMec.exe
  C:\Windows\System\iqLbMec.exe
  2⤵
  PID:4148
- C:\Windows\System\uUYNKkX.exe
  C:\Windows\System\uUYNKkX.exe
  2⤵
  PID:4168
- C:\Windows\System\DJvuawI.exe
  C:\Windows\System\DJvuawI.exe
  2⤵
  PID:4216
- C:\Windows\System\vrcpwAu.exe
  C:\Windows\System\vrcpwAu.exe
  2⤵
  PID:4232
- C:\Windows\System\VhVQWVb.exe
  C:\Windows\System\VhVQWVb.exe
  2⤵
  PID:4252
- C:\Windows\System\DalZaJE.exe
  C:\Windows\System\DalZaJE.exe
  2⤵
  PID:4268
- C:\Windows\System\YKkGJEh.exe
  C:\Windows\System\YKkGJEh.exe
  2⤵
  PID:4284
- C:\Windows\System\UBjbfXj.exe
  C:\Windows\System\UBjbfXj.exe
  2⤵
  PID:4304
- C:\Windows\System\wdBTldj.exe
  C:\Windows\System\wdBTldj.exe
  2⤵
  PID:4336
- C:\Windows\System\aKRZaTe.exe
  C:\Windows\System\aKRZaTe.exe
  2⤵
  PID:4352
- C:\Windows\System\wqdimEy.exe
  C:\Windows\System\wqdimEy.exe
  2⤵
  PID:4372
- C:\Windows\System\JyLDYXY.exe
  C:\Windows\System\JyLDYXY.exe
  2⤵
  PID:4392
- C:\Windows\System\esmjpMc.exe
  C:\Windows\System\esmjpMc.exe
  2⤵
  PID:4408
- C:\Windows\System\oLyvcZl.exe
  C:\Windows\System\oLyvcZl.exe
  2⤵
  PID:4424
- C:\Windows\System\ofLxyms.exe
  C:\Windows\System\ofLxyms.exe
  2⤵
  PID:4452
- C:\Windows\System\tmQDqKL.exe
  C:\Windows\System\tmQDqKL.exe
  2⤵
  PID:4468
- C:\Windows\System\QYdSUxW.exe
  C:\Windows\System\QYdSUxW.exe
  2⤵
  PID:4492
- C:\Windows\System\rHpZoId.exe
  C:\Windows\System\rHpZoId.exe
  2⤵
  PID:4508
- C:\Windows\System\teYZwCL.exe
  C:\Windows\System\teYZwCL.exe
  2⤵
  PID:4528
- C:\Windows\System\lphcfjE.exe
  C:\Windows\System\lphcfjE.exe
  2⤵
  PID:4548
- C:\Windows\System\evroeZD.exe
  C:\Windows\System\evroeZD.exe
  2⤵
  PID:4572
- C:\Windows\System\hpLKODU.exe
  C:\Windows\System\hpLKODU.exe
  2⤵
  PID:4592
- C:\Windows\System\araonLR.exe
  C:\Windows\System\araonLR.exe
  2⤵
  PID:4616
- C:\Windows\System\xdzfoMs.exe
  C:\Windows\System\xdzfoMs.exe
  2⤵
  PID:4632
- C:\Windows\System\KkLEbyW.exe
  C:\Windows\System\KkLEbyW.exe
  2⤵
  PID:4656
- C:\Windows\System\GNXVIXx.exe
  C:\Windows\System\GNXVIXx.exe
  2⤵
  PID:4676
- C:\Windows\System\VrLiXNp.exe
  C:\Windows\System\VrLiXNp.exe
  2⤵
  PID:4692
- C:\Windows\System\ePwAfFP.exe
  C:\Windows\System\ePwAfFP.exe
  2⤵
  PID:4712
- C:\Windows\System\OVswEUm.exe
  C:\Windows\System\OVswEUm.exe
  2⤵
  PID:4732
- C:\Windows\System\krzcodS.exe
  C:\Windows\System\krzcodS.exe
  2⤵
  PID:4748
- C:\Windows\System\qECpAfT.exe
  C:\Windows\System\qECpAfT.exe
  2⤵
  PID:4772
- C:\Windows\System\nXgYMLT.exe
  C:\Windows\System\nXgYMLT.exe
  2⤵
  PID:4792
- C:\Windows\System\CeSduHX.exe
  C:\Windows\System\CeSduHX.exe
  2⤵
  PID:4812
- C:\Windows\System\KfbNzkO.exe
  C:\Windows\System\KfbNzkO.exe
  2⤵
  PID:4832
- C:\Windows\System\UWPLGEh.exe
  C:\Windows\System\UWPLGEh.exe
  2⤵
  PID:4848
- C:\Windows\System\zSQNaIT.exe
  C:\Windows\System\zSQNaIT.exe
  2⤵
  PID:4868
- C:\Windows\System\KhbEASK.exe
  C:\Windows\System\KhbEASK.exe
  2⤵
  PID:4884
- C:\Windows\System\tWPHfci.exe
  C:\Windows\System\tWPHfci.exe
  2⤵
  PID:4900
- C:\Windows\System\eqoeLBv.exe
  C:\Windows\System\eqoeLBv.exe
  2⤵
  PID:4936
- C:\Windows\System\MyODvNU.exe
  C:\Windows\System\MyODvNU.exe
  2⤵
  PID:4952
- C:\Windows\System\joKsfHe.exe
  C:\Windows\System\joKsfHe.exe
  2⤵
  PID:4976
- C:\Windows\System\bhwoLTF.exe
  C:\Windows\System\bhwoLTF.exe
  2⤵
  PID:4992
- C:\Windows\System\ssecWqd.exe
  C:\Windows\System\ssecWqd.exe
  2⤵
  PID:5016
- C:\Windows\System\JLmwQJk.exe
  C:\Windows\System\JLmwQJk.exe
  2⤵
  PID:5032
- C:\Windows\System\qnMSVQr.exe
  C:\Windows\System\qnMSVQr.exe
  2⤵
  PID:5052
- C:\Windows\System\VfOUdnE.exe
  C:\Windows\System\VfOUdnE.exe
  2⤵
  PID:5068
- C:\Windows\System\QYXtmch.exe
  C:\Windows\System\QYXtmch.exe
  2⤵
  PID:5096
- C:\Windows\System\daMAuOz.exe
  C:\Windows\System\daMAuOz.exe
  2⤵
  PID:5112
- C:\Windows\System\DDINqGg.exe
  C:\Windows\System\DDINqGg.exe
  2⤵
  PID:3336
- C:\Windows\System\XcTSVSM.exe
  C:\Windows\System\XcTSVSM.exe
  2⤵
  PID:3508
- C:\Windows\System\aAdIhTZ.exe
  C:\Windows\System\aAdIhTZ.exe
  2⤵
  PID:2032
- C:\Windows\System\qFemTEX.exe
  C:\Windows\System\qFemTEX.exe
  2⤵
  PID:4176
- C:\Windows\System\LbZrWSt.exe
  C:\Windows\System\LbZrWSt.exe
  2⤵
  PID:4192
- C:\Windows\System\GkhNzaW.exe
  C:\Windows\System\GkhNzaW.exe
  2⤵
  PID:3672
- C:\Windows\System\xmumEjW.exe
  C:\Windows\System\xmumEjW.exe
  2⤵
  PID:4212
- C:\Windows\System\tPXVBeJ.exe
  C:\Windows\System\tPXVBeJ.exe
  2⤵
  PID:4124
- C:\Windows\System\vkEQxep.exe
  C:\Windows\System\vkEQxep.exe
  2⤵
  PID:4240
- C:\Windows\System\CiduxKH.exe
  C:\Windows\System\CiduxKH.exe
  2⤵
  PID:4280
- C:\Windows\System\vqrfXlQ.exe
  C:\Windows\System\vqrfXlQ.exe
  2⤵
  PID:4328
- C:\Windows\System\yyLGDhB.exe
  C:\Windows\System\yyLGDhB.exe
  2⤵
  PID:4300
- C:\Windows\System\IXMKrUK.exe
  C:\Windows\System\IXMKrUK.exe
  2⤵
  PID:4364
- C:\Windows\System\dqNOmbC.exe
  C:\Windows\System\dqNOmbC.exe
  2⤵
  PID:4436
- C:\Windows\System\giLmWJM.exe
  C:\Windows\System\giLmWJM.exe
  2⤵
  PID:4476
- C:\Windows\System\LXLFqmV.exe
  C:\Windows\System\LXLFqmV.exe
  2⤵
  PID:4488
- C:\Windows\System\uIVFHAE.exe
  C:\Windows\System\uIVFHAE.exe
  2⤵
  PID:4556
- C:\Windows\System\MAEaoan.exe
  C:\Windows\System\MAEaoan.exe
  2⤵
  PID:4460
- C:\Windows\System\muPhCeg.exe
  C:\Windows\System\muPhCeg.exe
  2⤵
  PID:4544
- C:\Windows\System\zIgMVzz.exe
  C:\Windows\System\zIgMVzz.exe
  2⤵
  PID:4600
- C:\Windows\System\mUQJfLj.exe
  C:\Windows\System\mUQJfLj.exe
  2⤵
  PID:4640
- C:\Windows\System\UkECDKL.exe
  C:\Windows\System\UkECDKL.exe
  2⤵
  PID:4664
- C:\Windows\System\ZkOfvVt.exe
  C:\Windows\System\ZkOfvVt.exe
  2⤵
  PID:4724
- C:\Windows\System\NuJJlxQ.exe
  C:\Windows\System\NuJJlxQ.exe
  2⤵
  PID:4708
- C:\Windows\System\NYTueEz.exe
  C:\Windows\System\NYTueEz.exe
  2⤵
  PID:4760
- C:\Windows\System\dhULwER.exe
  C:\Windows\System\dhULwER.exe
  2⤵
  PID:4788
- C:\Windows\System\ywAtWQd.exe
  C:\Windows\System\ywAtWQd.exe
  2⤵
  PID:4828
- C:\Windows\System\hYalqwe.exe
  C:\Windows\System\hYalqwe.exe
  2⤵
  PID:4864
- C:\Windows\System\tcEqBGj.exe
  C:\Windows\System\tcEqBGj.exe
  2⤵
  PID:4908
- C:\Windows\System\KRtnfvk.exe
  C:\Windows\System\KRtnfvk.exe
  2⤵
  PID:4932
- C:\Windows\System\kzaEHoP.exe
  C:\Windows\System\kzaEHoP.exe
  2⤵
  PID:4968
- C:\Windows\System\farQrdU.exe
  C:\Windows\System\farQrdU.exe
  2⤵
  PID:5000
- C:\Windows\System\gvOoJYo.exe
  C:\Windows\System\gvOoJYo.exe
  2⤵
  PID:5060
- C:\Windows\System\iASemoR.exe
  C:\Windows\System\iASemoR.exe
  2⤵
  PID:5076
- C:\Windows\System\VbdyUBI.exe
  C:\Windows\System\VbdyUBI.exe
  2⤵
  PID:5104
- C:\Windows\System\JyijqnE.exe
  C:\Windows\System\JyijqnE.exe
  2⤵
  PID:1012
- C:\Windows\System\dAUGxBL.exe
  C:\Windows\System\dAUGxBL.exe
  2⤵
  PID:5108
- C:\Windows\System\iMNQVCN.exe
  C:\Windows\System\iMNQVCN.exe
  2⤵
  PID:2492
- C:\Windows\System\DULrzPG.exe
  C:\Windows\System\DULrzPG.exe
  2⤵
  PID:4244
- C:\Windows\System\bOKTzeQ.exe
  C:\Windows\System\bOKTzeQ.exe
  2⤵
  PID:3776
- C:\Windows\System\eQMWOtT.exe
  C:\Windows\System\eQMWOtT.exe
  2⤵
  PID:4320
- C:\Windows\System\mTbCwZL.exe
  C:\Windows\System\mTbCwZL.exe
  2⤵
  PID:4260
- C:\Windows\System\JawVYqp.exe
  C:\Windows\System\JawVYqp.exe
  2⤵
  PID:4348
- C:\Windows\System\zecWkLV.exe
  C:\Windows\System\zecWkLV.exe
  2⤵
  PID:4432
- C:\Windows\System\FBozgUU.exe
  C:\Windows\System\FBozgUU.exe
  2⤵
  PID:4516
- C:\Windows\System\jZxkcsK.exe
  C:\Windows\System\jZxkcsK.exe
  2⤵
  PID:4520
- C:\Windows\System\eAlQwVt.exe
  C:\Windows\System\eAlQwVt.exe
  2⤵
  PID:4584
- C:\Windows\System\ncWYiaS.exe
  C:\Windows\System\ncWYiaS.exe
  2⤵
  PID:4608
- C:\Windows\System\zdparbJ.exe
  C:\Windows\System\zdparbJ.exe
  2⤵
  PID:4688
- C:\Windows\System\QvPdyjs.exe
  C:\Windows\System\QvPdyjs.exe
  2⤵
  PID:4644
- C:\Windows\System\ohcdUwQ.exe
  C:\Windows\System\ohcdUwQ.exe
  2⤵
  PID:4808
- C:\Windows\System\BJjpOWU.exe
  C:\Windows\System\BJjpOWU.exe
  2⤵
  PID:4820
- C:\Windows\System\VuxJxXm.exe
  C:\Windows\System\VuxJxXm.exe
  2⤵
  PID:4916
- C:\Windows\System\rMPLqfE.exe
  C:\Windows\System\rMPLqfE.exe
  2⤵
  PID:4984
- C:\Windows\System\ToOlmfb.exe
  C:\Windows\System\ToOlmfb.exe
  2⤵
  PID:5024
- C:\Windows\System\RMUcXxX.exe
  C:\Windows\System\RMUcXxX.exe
  2⤵
  PID:5080
- C:\Windows\System\DicooKP.exe
  C:\Windows\System\DicooKP.exe
  2⤵
  PID:3396
- C:\Windows\System\FRCfsPA.exe
  C:\Windows\System\FRCfsPA.exe
  2⤵
  PID:4180
- C:\Windows\System\FIEEGlM.exe
  C:\Windows\System\FIEEGlM.exe
  2⤵
  PID:3580
- C:\Windows\System\pZtMaWw.exe
  C:\Windows\System\pZtMaWw.exe
  2⤵
  PID:4276
- C:\Windows\System\FCPDWLz.exe
  C:\Windows\System\FCPDWLz.exe
  2⤵
  PID:4344
- C:\Windows\System\qfMOLQH.exe
  C:\Windows\System\qfMOLQH.exe
  2⤵
  PID:4388
- C:\Windows\System\CNAlOkn.exe
  C:\Windows\System\CNAlOkn.exe
  2⤵
  PID:4720
- C:\Windows\System\ihDqrnF.exe
  C:\Windows\System\ihDqrnF.exe
  2⤵
  PID:4588
- C:\Windows\System\MIrjJvw.exe
  C:\Windows\System\MIrjJvw.exe
  2⤵
  PID:4768
- C:\Windows\System\SIFSYjJ.exe
  C:\Windows\System\SIFSYjJ.exe
  2⤵
  PID:4860
- C:\Windows\System\LicIvXM.exe
  C:\Windows\System\LicIvXM.exe
  2⤵
  PID:4964
- C:\Windows\System\BnCddPi.exe
  C:\Windows\System\BnCddPi.exe
  2⤵
  PID:4988
- C:\Windows\System\salBfJZ.exe
  C:\Windows\System\salBfJZ.exe
  2⤵
  PID:5088
- C:\Windows\System\oYxyNbK.exe
  C:\Windows\System\oYxyNbK.exe
  2⤵
  PID:4104
- C:\Windows\System\FjkHYcI.exe
  C:\Windows\System\FjkHYcI.exe
  2⤵
  PID:4536
- C:\Windows\System\bMbJFep.exe
  C:\Windows\System\bMbJFep.exe
  2⤵
  PID:4568
- C:\Windows\System\urdXLha.exe
  C:\Windows\System\urdXLha.exe
  2⤵
  PID:4604
- C:\Windows\System\UzIcUjt.exe
  C:\Windows\System\UzIcUjt.exe
  2⤵
  PID:4668
- C:\Windows\System\KDsHXlE.exe
  C:\Windows\System\KDsHXlE.exe
  2⤵
  PID:5092
- C:\Windows\System\zADjhIR.exe
  C:\Windows\System\zADjhIR.exe
  2⤵
  PID:4160
- C:\Windows\System\rDsvvgS.exe
  C:\Windows\System\rDsvvgS.exe
  2⤵
  PID:4228
- C:\Windows\System\wPzwepC.exe
  C:\Windows\System\wPzwepC.exe
  2⤵
  PID:4120
- C:\Windows\System\KTYlBeh.exe
  C:\Windows\System\KTYlBeh.exe
  2⤵
  PID:4164
- C:\Windows\System\byEvUJF.exe
  C:\Windows\System\byEvUJF.exe
  2⤵
  PID:4296
- C:\Windows\System\oAilOxF.exe
  C:\Windows\System\oAilOxF.exe
  2⤵
  PID:4896
- C:\Windows\System\WcJVdyl.exe
  C:\Windows\System\WcJVdyl.exe
  2⤵
  PID:4756
- C:\Windows\System\zZajqdW.exe
  C:\Windows\System\zZajqdW.exe
  2⤵
  PID:5048
- C:\Windows\System\jYyokcP.exe
  C:\Windows\System\jYyokcP.exe
  2⤵
  PID:4924
- C:\Windows\System\QDYHjum.exe
  C:\Windows\System\QDYHjum.exe
  2⤵
  PID:4116
- C:\Windows\System\rryBEfE.exe
  C:\Windows\System\rryBEfE.exe
  2⤵
  PID:5136
- C:\Windows\System\LaxxTPb.exe
  C:\Windows\System\LaxxTPb.exe
  2⤵
  PID:5156
- C:\Windows\System\HQldgfR.exe
  C:\Windows\System\HQldgfR.exe
  2⤵
  PID:5180
- C:\Windows\System\odpnwOw.exe
  C:\Windows\System\odpnwOw.exe
  2⤵
  PID:5196
- C:\Windows\System\ljRWPrv.exe
  C:\Windows\System\ljRWPrv.exe
  2⤵
  PID:5212
- C:\Windows\System\xoaTKDU.exe
  C:\Windows\System\xoaTKDU.exe
  2⤵
  PID:5244
- C:\Windows\System\tVFvBaU.exe
  C:\Windows\System\tVFvBaU.exe
  2⤵
  PID:5264
- C:\Windows\System\LLQCjWs.exe
  C:\Windows\System\LLQCjWs.exe
  2⤵
  PID:5292
- C:\Windows\System\pInCWgs.exe
  C:\Windows\System\pInCWgs.exe
  2⤵
  PID:5308
- C:\Windows\System\nihtDgJ.exe
  C:\Windows\System\nihtDgJ.exe
  2⤵
  PID:5328
- C:\Windows\System\DERvAau.exe
  C:\Windows\System\DERvAau.exe
  2⤵
  PID:5348
- C:\Windows\System\uVKtuDn.exe
  C:\Windows\System\uVKtuDn.exe
  2⤵
  PID:5364
- C:\Windows\System\xcUFamf.exe
  C:\Windows\System\xcUFamf.exe
  2⤵
  PID:5384
- C:\Windows\System\QNSqcrK.exe
  C:\Windows\System\QNSqcrK.exe
  2⤵
  PID:5400
- C:\Windows\System\ZSovfwT.exe
  C:\Windows\System\ZSovfwT.exe
  2⤵
  PID:5420
- C:\Windows\System\wZfcFPz.exe
  C:\Windows\System\wZfcFPz.exe
  2⤵
  PID:5448
- C:\Windows\System\xgzMtRs.exe
  C:\Windows\System\xgzMtRs.exe
  2⤵
  PID:5468
- C:\Windows\System\nRFasFZ.exe
  C:\Windows\System\nRFasFZ.exe
  2⤵
  PID:5492
- C:\Windows\System\nngedoy.exe
  C:\Windows\System\nngedoy.exe
  2⤵
  PID:5512
- C:\Windows\System\kpNPIlu.exe
  C:\Windows\System\kpNPIlu.exe
  2⤵
  PID:5540
- C:\Windows\System\BtgIGYQ.exe
  C:\Windows\System\BtgIGYQ.exe
  2⤵
  PID:5556
- C:\Windows\System\vGoqNid.exe
  C:\Windows\System\vGoqNid.exe
  2⤵
  PID:5576
- C:\Windows\System\sEtVjve.exe
  C:\Windows\System\sEtVjve.exe
  2⤵
  PID:5592
- C:\Windows\System\xttLtRO.exe
  C:\Windows\System\xttLtRO.exe
  2⤵
  PID:5612
- C:\Windows\System\lIeikiL.exe
  C:\Windows\System\lIeikiL.exe
  2⤵
  PID:5644
- C:\Windows\System\GnFzulx.exe
  C:\Windows\System\GnFzulx.exe
  2⤵
  PID:5664
- C:\Windows\System\qaDjMVJ.exe
  C:\Windows\System\qaDjMVJ.exe
  2⤵
  PID:5684
- C:\Windows\System\yeLuoSs.exe
  C:\Windows\System\yeLuoSs.exe
  2⤵
  PID:5704
- C:\Windows\System\yupCgQg.exe
  C:\Windows\System\yupCgQg.exe
  2⤵
  PID:5732
- C:\Windows\System\jRdSacA.exe
  C:\Windows\System\jRdSacA.exe
  2⤵
  PID:5748
- C:\Windows\System\UDQGQGk.exe
  C:\Windows\System\UDQGQGk.exe
  2⤵
  PID:5768
- C:\Windows\System\xOjPblY.exe
  C:\Windows\System\xOjPblY.exe
  2⤵
  PID:5788
- C:\Windows\System\QQDauGb.exe
  C:\Windows\System\QQDauGb.exe
  2⤵
  PID:5808
- C:\Windows\System\pqGVsFv.exe
  C:\Windows\System\pqGVsFv.exe
  2⤵
  PID:5832
- C:\Windows\System\ZzmkURH.exe
  C:\Windows\System\ZzmkURH.exe
  2⤵
  PID:5848
- C:\Windows\System\RqKmhAk.exe
  C:\Windows\System\RqKmhAk.exe
  2⤵
  PID:5872
- C:\Windows\System\CFOGGBO.exe
  C:\Windows\System\CFOGGBO.exe
  2⤵
  PID:5888
- C:\Windows\System\nPRfCwU.exe
  C:\Windows\System\nPRfCwU.exe
  2⤵
  PID:5912
- C:\Windows\System\ZOtBjBX.exe
  C:\Windows\System\ZOtBjBX.exe
  2⤵
  PID:5928
- C:\Windows\System\rZbVBPO.exe
  C:\Windows\System\rZbVBPO.exe
  2⤵
  PID:5948
- C:\Windows\System\MVCOCVn.exe
  C:\Windows\System\MVCOCVn.exe
  2⤵
  PID:5968
- C:\Windows\System\kiGSdrg.exe
  C:\Windows\System\kiGSdrg.exe
  2⤵
  PID:5984
- C:\Windows\System\xOJjdpk.exe
  C:\Windows\System\xOJjdpk.exe
  2⤵
  PID:6004
- C:\Windows\System\OeJLgUy.exe
  C:\Windows\System\OeJLgUy.exe
  2⤵
  PID:6024
- C:\Windows\System\VEcnNBx.exe
  C:\Windows\System\VEcnNBx.exe
  2⤵
  PID:6048
- C:\Windows\System\HZPkiXk.exe
  C:\Windows\System\HZPkiXk.exe
  2⤵
  PID:6068
- C:\Windows\System\nyXgBfg.exe
  C:\Windows\System\nyXgBfg.exe
  2⤵
  PID:6088
- C:\Windows\System\tsaYWWo.exe
  C:\Windows\System\tsaYWWo.exe
  2⤵
  PID:6112
- C:\Windows\System\YBoBakb.exe
  C:\Windows\System\YBoBakb.exe
  2⤵
  PID:6132
- C:\Windows\System\eHzBbKG.exe
  C:\Windows\System\eHzBbKG.exe
  2⤵
  PID:5144
- C:\Windows\System\QPTbCyt.exe
  C:\Windows\System\QPTbCyt.exe
  2⤵
  PID:5132
- C:\Windows\System\nzqVBMN.exe
  C:\Windows\System\nzqVBMN.exe
  2⤵
  PID:5232
- C:\Windows\System\iXwahlZ.exe
  C:\Windows\System\iXwahlZ.exe
  2⤵
  PID:5240
- C:\Windows\System\DqgtIpF.exe
  C:\Windows\System\DqgtIpF.exe
  2⤵
  PID:5252
- C:\Windows\System\EKUsqML.exe
  C:\Windows\System\EKUsqML.exe
  2⤵
  PID:5280
- C:\Windows\System\nrOBWyx.exe
  C:\Windows\System\nrOBWyx.exe
  2⤵
  PID:5320
- C:\Windows\System\VFnzlvo.exe
  C:\Windows\System\VFnzlvo.exe
  2⤵
  PID:5356
- C:\Windows\System\ggWlvlB.exe
  C:\Windows\System\ggWlvlB.exe
  2⤵
  PID:5444
- C:\Windows\System\cLBAHXl.exe
  C:\Windows\System\cLBAHXl.exe
  2⤵
  PID:5380
- C:\Windows\System\siZEZKW.exe
  C:\Windows\System\siZEZKW.exe
  2⤵
  PID:5456
- C:\Windows\System\IrbcfoQ.exe
  C:\Windows\System\IrbcfoQ.exe
  2⤵
  PID:5500
- C:\Windows\System\SqobevB.exe
  C:\Windows\System\SqobevB.exe
  2⤵
  PID:5532
- C:\Windows\System\TBtVpPi.exe
  C:\Windows\System\TBtVpPi.exe
  2⤵
  PID:5608
- C:\Windows\System\FZqhdjs.exe
  C:\Windows\System\FZqhdjs.exe
  2⤵
  PID:5652
- C:\Windows\System\lgEzWkB.exe
  C:\Windows\System\lgEzWkB.exe
  2⤵
  PID:5624
- C:\Windows\System\pnRDNjE.exe
  C:\Windows\System\pnRDNjE.exe
  2⤵
  PID:5628
- C:\Windows\System\zsRQyFI.exe
  C:\Windows\System\zsRQyFI.exe
  2⤵
  PID:5696
- C:\Windows\System\SEiPBEW.exe
  C:\Windows\System\SEiPBEW.exe
  2⤵
  PID:5680
- C:\Windows\System\RpDVJQM.exe
  C:\Windows\System\RpDVJQM.exe
  2⤵
  PID:5780
- C:\Windows\System\ThKnOVV.exe
  C:\Windows\System\ThKnOVV.exe
  2⤵
  PID:5816
- C:\Windows\System\ByCmrBU.exe
  C:\Windows\System\ByCmrBU.exe
  2⤵
  PID:4188
- C:\Windows\System\ypJuczZ.exe
  C:\Windows\System\ypJuczZ.exe
  2⤵
  PID:5804
- C:\Windows\System\nEBnRJJ.exe
  C:\Windows\System\nEBnRJJ.exe
  2⤵
  PID:5844
- C:\Windows\System\jVeZVxi.exe
  C:\Windows\System\jVeZVxi.exe
  2⤵
  PID:5884
- C:\Windows\System\dPmZhQu.exe
  C:\Windows\System\dPmZhQu.exe
  2⤵
  PID:4824
- C:\Windows\System\ysmlTyj.exe
  C:\Windows\System\ysmlTyj.exe
  2⤵
  PID:5028
- C:\Windows\System\JsQQAJx.exe
  C:\Windows\System\JsQQAJx.exe
  2⤵
  PID:5980
- C:\Windows\System\JWeZMVl.exe
  C:\Windows\System\JWeZMVl.exe
  2⤵
  PID:5992
- C:\Windows\System\aCvLTDx.exe
  C:\Windows\System\aCvLTDx.exe
  2⤵
  PID:6036
- C:\Windows\System\nhakfae.exe
  C:\Windows\System\nhakfae.exe
  2⤵
  PID:6060
- C:\Windows\System\GKciJAM.exe
  C:\Windows\System\GKciJAM.exe
  2⤵
  PID:6080
- C:\Windows\System\QSIjoUg.exe
  C:\Windows\System\QSIjoUg.exe
  2⤵
  PID:6100
- C:\Windows\System\FPxbstV.exe
  C:\Windows\System\FPxbstV.exe
  2⤵
  PID:5224
- C:\Windows\System\MQwWDUl.exe
  C:\Windows\System\MQwWDUl.exe
  2⤵
  PID:6140
- C:\Windows\System\xnDSKSo.exe
  C:\Windows\System\xnDSKSo.exe
  2⤵
  PID:5148
- C:\Windows\System\rzIyKNn.exe
  C:\Windows\System\rzIyKNn.exe
  2⤵
  PID:5176
- C:\Windows\System\qGzUlAG.exe
  C:\Windows\System\qGzUlAG.exe
  2⤵
  PID:5276
- C:\Windows\System\kRPnpfy.exe
  C:\Windows\System\kRPnpfy.exe
  2⤵
  PID:5676
- C:\Windows\System\CFuvbYy.exe
  C:\Windows\System\CFuvbYy.exe
  2⤵
  PID:5432
- C:\Windows\System\SFhbHfd.exe
  C:\Windows\System\SFhbHfd.exe
  2⤵
  PID:5340
- C:\Windows\System\eyLBbri.exe
  C:\Windows\System\eyLBbri.exe
  2⤵
  PID:5376
- C:\Windows\System\vcAsJdA.exe
  C:\Windows\System\vcAsJdA.exe
  2⤵
  PID:5520
- C:\Windows\System\QREvsHU.exe
  C:\Windows\System\QREvsHU.exe
  2⤵
  PID:5488
- C:\Windows\System\jKoJJYh.exe
  C:\Windows\System\jKoJJYh.exe
  2⤵
  PID:5600
- C:\Windows\System\Glxvobr.exe
  C:\Windows\System\Glxvobr.exe
  2⤵
  PID:5660
- C:\Windows\System\QyvVIoW.exe
  C:\Windows\System\QyvVIoW.exe
  2⤵
  PID:5716
- C:\Windows\System\XaRbxBT.exe
  C:\Windows\System\XaRbxBT.exe
  2⤵
  PID:5760
- C:\Windows\System\nzDJLya.exe
  C:\Windows\System\nzDJLya.exe
  2⤵
  PID:5720
- C:\Windows\System\OkLesgk.exe
  C:\Windows\System\OkLesgk.exe
  2⤵
  PID:5620
- C:\Windows\System\WvKvLmj.exe
  C:\Windows\System\WvKvLmj.exe
  2⤵
  PID:5692
- C:\Windows\System\QlCJDRq.exe
  C:\Windows\System\QlCJDRq.exe
  2⤵
  PID:5964
- C:\Windows\System\EHhlqvl.exe
  C:\Windows\System\EHhlqvl.exe
  2⤵
  PID:6056
- C:\Windows\System\FXHjCeV.exe
  C:\Windows\System\FXHjCeV.exe
  2⤵
  PID:5956
- C:\Windows\System\qTlzLdA.exe
  C:\Windows\System\qTlzLdA.exe
  2⤵
  PID:6096
- C:\Windows\System\ZBDtVWN.exe
  C:\Windows\System\ZBDtVWN.exe
  2⤵
  PID:5128
- C:\Windows\System\ymFrqzB.exe
  C:\Windows\System\ymFrqzB.exe
  2⤵
  PID:5228
- C:\Windows\System\CAFOSSY.exe
  C:\Windows\System\CAFOSSY.exe
  2⤵
  PID:5396
- C:\Windows\System\nCSyYpB.exe
  C:\Windows\System\nCSyYpB.exe
  2⤵
  PID:5344
- C:\Windows\System\coMQJVg.exe
  C:\Windows\System\coMQJVg.exe
  2⤵
  PID:5564
- C:\Windows\System\diIOIXW.exe
  C:\Windows\System\diIOIXW.exe
  2⤵
  PID:5464
- C:\Windows\System\pMIJYVS.exe
  C:\Windows\System\pMIJYVS.exe
  2⤵
  PID:5552
- C:\Windows\System\DTUMYsP.exe
  C:\Windows\System\DTUMYsP.exe
  2⤵
  PID:5868
- C:\Windows\System\qIDzocC.exe
  C:\Windows\System\qIDzocC.exe
  2⤵
  PID:5880
- C:\Windows\System\HMTTgWy.exe
  C:\Windows\System\HMTTgWy.exe
  2⤵
  PID:5744
- C:\Windows\System\vvCMvyC.exe
  C:\Windows\System\vvCMvyC.exe
  2⤵
  PID:6020
- C:\Windows\System\yIhqoTJ.exe
  C:\Windows\System\yIhqoTJ.exe
  2⤵
  PID:6104
- C:\Windows\System\oSBNMJB.exe
  C:\Windows\System\oSBNMJB.exe
  2⤵
  PID:5220
- C:\Windows\System\uyTDBEL.exe
  C:\Windows\System\uyTDBEL.exe
  2⤵
  PID:5204
- C:\Windows\System\RMjJECh.exe
  C:\Windows\System\RMjJECh.exe
  2⤵
  PID:5260
- C:\Windows\System\WKZQTxv.exe
  C:\Windows\System\WKZQTxv.exe
  2⤵
  PID:5508
- C:\Windows\System\EdnWtIj.exe
  C:\Windows\System\EdnWtIj.exe
  2⤵
  PID:6016
- C:\Windows\System\qgSOKuY.exe
  C:\Windows\System\qgSOKuY.exe
  2⤵
  PID:5904
- C:\Windows\System\gqIrxdy.exe
  C:\Windows\System\gqIrxdy.exe
  2⤵
  PID:5924
- C:\Windows\System\fpkWsap.exe
  C:\Windows\System\fpkWsap.exe
  2⤵
  PID:5528
- C:\Windows\System\SJbXUwx.exe
  C:\Windows\System\SJbXUwx.exe
  2⤵
  PID:5548
- C:\Windows\System\klZRKwg.exe
  C:\Windows\System\klZRKwg.exe
  2⤵
  PID:5840
- C:\Windows\System\MMVHsnZ.exe
  C:\Windows\System\MMVHsnZ.exe
  2⤵
  PID:5640
- C:\Windows\System\mzEkZlt.exe
  C:\Windows\System\mzEkZlt.exe
  2⤵
  PID:6124
- C:\Windows\System\teccsAo.exe
  C:\Windows\System\teccsAo.exe
  2⤵
  PID:5636
- C:\Windows\System\DYaxFMc.exe
  C:\Windows\System\DYaxFMc.exe
  2⤵
  PID:6156
- C:\Windows\System\yezWNGH.exe
  C:\Windows\System\yezWNGH.exe
  2⤵
  PID:6176
- C:\Windows\System\ZsKBXeW.exe
  C:\Windows\System\ZsKBXeW.exe
  2⤵
  PID:6192
- C:\Windows\System\ZODlgrk.exe
  C:\Windows\System\ZODlgrk.exe
  2⤵
  PID:6212
- C:\Windows\System\ncCiSsK.exe
  C:\Windows\System\ncCiSsK.exe
  2⤵
  PID:6228
- C:\Windows\System\eDMajfU.exe
  C:\Windows\System\eDMajfU.exe
  2⤵
  PID:6244
- C:\Windows\System\dPjKqyp.exe
  C:\Windows\System\dPjKqyp.exe
  2⤵
  PID:6260
- C:\Windows\System\qLBMMZn.exe
  C:\Windows\System\qLBMMZn.exe
  2⤵
  PID:6276
- C:\Windows\System\zfzfRca.exe
  C:\Windows\System\zfzfRca.exe
  2⤵
  PID:6304
- C:\Windows\System\JgmeXBG.exe
  C:\Windows\System\JgmeXBG.exe
  2⤵
  PID:6320
- C:\Windows\System\oIFjVNA.exe
  C:\Windows\System\oIFjVNA.exe
  2⤵
  PID:6336
- C:\Windows\System\QIFogei.exe
  C:\Windows\System\QIFogei.exe
  2⤵
  PID:6352
- C:\Windows\System\crVSxuF.exe
  C:\Windows\System\crVSxuF.exe
  2⤵
  PID:6372
- C:\Windows\System\KuLjwwb.exe
  C:\Windows\System\KuLjwwb.exe
  2⤵
  PID:6396
- C:\Windows\System\flfQQzM.exe
  C:\Windows\System\flfQQzM.exe
  2⤵
  PID:6412
- C:\Windows\System\BmYbEKR.exe
  C:\Windows\System\BmYbEKR.exe
  2⤵
  PID:6428
- C:\Windows\System\BKZDaVX.exe
  C:\Windows\System\BKZDaVX.exe
  2⤵
  PID:6444
- C:\Windows\System\xMiobHd.exe
  C:\Windows\System\xMiobHd.exe
  2⤵
  PID:6460
- C:\Windows\System\esPUlry.exe
  C:\Windows\System\esPUlry.exe
  2⤵
  PID:6476
- C:\Windows\System\hAKiQIn.exe
  C:\Windows\System\hAKiQIn.exe
  2⤵
  PID:6492
- C:\Windows\System\NrbEPQy.exe
  C:\Windows\System\NrbEPQy.exe
  2⤵
  PID:6508
- C:\Windows\System\vnSIUWt.exe
  C:\Windows\System\vnSIUWt.exe
  2⤵
  PID:6524
- C:\Windows\System\ocesnEC.exe
  C:\Windows\System\ocesnEC.exe
  2⤵
  PID:6540
- C:\Windows\System\AEdLYVx.exe
  C:\Windows\System\AEdLYVx.exe
  2⤵
  PID:6556
- C:\Windows\System\aHzANeM.exe
  C:\Windows\System\aHzANeM.exe
  2⤵
  PID:6576
- C:\Windows\System\RcCJdBU.exe
  C:\Windows\System\RcCJdBU.exe
  2⤵
  PID:6592
- C:\Windows\System\HMVFvXy.exe
  C:\Windows\System\HMVFvXy.exe
  2⤵
  PID:6608
- C:\Windows\System\awsZFfi.exe
  C:\Windows\System\awsZFfi.exe
  2⤵
  PID:6624
- C:\Windows\System\RZLXTDz.exe
  C:\Windows\System\RZLXTDz.exe
  2⤵
  PID:6640
- C:\Windows\System\RnQJqXl.exe
  C:\Windows\System\RnQJqXl.exe
  2⤵
  PID:6656
- C:\Windows\System\MustDSa.exe
  C:\Windows\System\MustDSa.exe
  2⤵
  PID:6672
- C:\Windows\System\zlLjNPB.exe
  C:\Windows\System\zlLjNPB.exe
  2⤵
  PID:6696
- C:\Windows\System\IkxqEsM.exe
  C:\Windows\System\IkxqEsM.exe
  2⤵
  PID:6712
- C:\Windows\System\eaUTNjq.exe
  C:\Windows\System\eaUTNjq.exe
  2⤵
  PID:6732
- C:\Windows\System\ISeLdUb.exe
  C:\Windows\System\ISeLdUb.exe
  2⤵
  PID:6748
- C:\Windows\System\PoMJFWa.exe
  C:\Windows\System\PoMJFWa.exe
  2⤵
  PID:6764
- C:\Windows\System\nZhZqxn.exe
  C:\Windows\System\nZhZqxn.exe
  2⤵
  PID:6780
- C:\Windows\System\WPltrYK.exe
  C:\Windows\System\WPltrYK.exe
  2⤵
  PID:6796
- C:\Windows\System\hVLWOpm.exe
  C:\Windows\System\hVLWOpm.exe
  2⤵
  PID:6816
- C:\Windows\System\oWDbEiM.exe
  C:\Windows\System\oWDbEiM.exe
  2⤵
  PID:6832
- C:\Windows\System\USBZhsA.exe
  C:\Windows\System\USBZhsA.exe
  2⤵
  PID:6848
- C:\Windows\System\GkVkQnF.exe
  C:\Windows\System\GkVkQnF.exe
  2⤵
  PID:6872
- C:\Windows\System\ObGETBI.exe
  C:\Windows\System\ObGETBI.exe
  2⤵
  PID:6892
- C:\Windows\System\Ichiynv.exe
  C:\Windows\System\Ichiynv.exe
  2⤵
  PID:6912
- C:\Windows\System\xtlTKiZ.exe
  C:\Windows\System\xtlTKiZ.exe
  2⤵
  PID:6932
- C:\Windows\System\MJHmctT.exe
  C:\Windows\System\MJHmctT.exe
  2⤵
  PID:6948
- C:\Windows\System\skgojfY.exe
  C:\Windows\System\skgojfY.exe
  2⤵
  PID:6972
- C:\Windows\System\vRcMOYq.exe
  C:\Windows\System\vRcMOYq.exe
  2⤵
  PID:6988
- C:\Windows\System\rfULbQu.exe
  C:\Windows\System\rfULbQu.exe
  2⤵
  PID:7004
- C:\Windows\System\dNwXrRt.exe
  C:\Windows\System\dNwXrRt.exe
  2⤵
  PID:7020
- C:\Windows\System\rETVCKO.exe
  C:\Windows\System\rETVCKO.exe
  2⤵
  PID:7036
- C:\Windows\System\KtLIWrD.exe
  C:\Windows\System\KtLIWrD.exe
  2⤵
  PID:7052
- C:\Windows\System\gAemnrz.exe
  C:\Windows\System\gAemnrz.exe
  2⤵
  PID:7068
- C:\Windows\System\jdTEBhC.exe
  C:\Windows\System\jdTEBhC.exe
  2⤵
  PID:7088
- C:\Windows\System\yJMTSCk.exe
  C:\Windows\System\yJMTSCk.exe
  2⤵
  PID:7104
- C:\Windows\System\NCKzqeD.exe
  C:\Windows\System\NCKzqeD.exe
  2⤵
  PID:7120
- C:\Windows\System\sQyzfkz.exe
  C:\Windows\System\sQyzfkz.exe
  2⤵
  PID:7136
- C:\Windows\System\uSbQwrc.exe
  C:\Windows\System\uSbQwrc.exe
  2⤵
  PID:7152
- C:\Windows\System\zOeWsbp.exe
  C:\Windows\System\zOeWsbp.exe
  2⤵
  PID:6148
- C:\Windows\System\VEPUbtF.exe
  C:\Windows\System\VEPUbtF.exe
  2⤵
  PID:5920
- C:\Windows\System\DxCffql.exe
  C:\Windows\System\DxCffql.exe
  2⤵
  PID:6184
- C:\Windows\System\NwSpJVS.exe
  C:\Windows\System\NwSpJVS.exe
  2⤵
  PID:6220
- C:\Windows\System\AwAnzxl.exe
  C:\Windows\System\AwAnzxl.exe
  2⤵
  PID:6256
- C:\Windows\System\fiDXCYU.exe
  C:\Windows\System\fiDXCYU.exe
  2⤵
  PID:6284
- C:\Windows\System\AVpRIbM.exe
  C:\Windows\System\AVpRIbM.exe
  2⤵
  PID:6300
- C:\Windows\System\flJaonA.exe
  C:\Windows\System\flJaonA.exe
  2⤵
  PID:6312
- C:\Windows\System\HyVWMky.exe
  C:\Windows\System\HyVWMky.exe
  2⤵
  PID:6316
- C:\Windows\System\FTLWuzo.exe
  C:\Windows\System\FTLWuzo.exe
  2⤵
  PID:6384
- C:\Windows\System\FVtHSSF.exe
  C:\Windows\System\FVtHSSF.exe
  2⤵
  PID:6408
- C:\Windows\System\yTXbKSj.exe
  C:\Windows\System\yTXbKSj.exe
  2⤵
  PID:6440
- C:\Windows\System\DZaLDev.exe
  C:\Windows\System\DZaLDev.exe
  2⤵
  PID:6484
- C:\Windows\System\ArtuHdX.exe
  C:\Windows\System\ArtuHdX.exe
  2⤵
  PID:6568
- C:\Windows\System\ENqZbAV.exe
  C:\Windows\System\ENqZbAV.exe
  2⤵
  PID:6572
- C:\Windows\System\bDShYlc.exe
  C:\Windows\System\bDShYlc.exe
  2⤵
  PID:6604
- C:\Windows\System\ozHcOzq.exe
  C:\Windows\System\ozHcOzq.exe
  2⤵
  PID:6588
- C:\Windows\System\rHqcOAq.exe
  C:\Windows\System\rHqcOAq.exe
  2⤵
  PID:6652
- C:\Windows\System\NvzqBzW.exe
  C:\Windows\System\NvzqBzW.exe
  2⤵
  PID:6680
- C:\Windows\System\npEsYDH.exe
  C:\Windows\System\npEsYDH.exe
  2⤵
  PID:6724
- C:\Windows\System\XkVIaNN.exe
  C:\Windows\System\XkVIaNN.exe
  2⤵
  PID:6756
- C:\Windows\System\XLnfkwD.exe
  C:\Windows\System\XLnfkwD.exe
  2⤵
  PID:6788
- C:\Windows\System\OJvRyTg.exe
  C:\Windows\System\OJvRyTg.exe
  2⤵
  PID:6824
- C:\Windows\System\bitnZHy.exe
  C:\Windows\System\bitnZHy.exe
  2⤵
  PID:6856
- C:\Windows\System\aHxxYFr.exe
  C:\Windows\System\aHxxYFr.exe
  2⤵
  PID:6880
- C:\Windows\System\CVbNpZZ.exe
  C:\Windows\System\CVbNpZZ.exe
  2⤵
  PID:6920
- C:\Windows\System\qkEtQvq.exe
  C:\Windows\System\qkEtQvq.exe
  2⤵
  PID:6928
- C:\Windows\System\MQysKng.exe
  C:\Windows\System\MQysKng.exe
  2⤵
  PID:6960
- C:\Windows\System\cWbBQys.exe
  C:\Windows\System\cWbBQys.exe
  2⤵
  PID:7000
- C:\Windows\System\UUIGYSO.exe
  C:\Windows\System\UUIGYSO.exe
  2⤵
  PID:7012
- C:\Windows\System\SFOlBTG.exe
  C:\Windows\System\SFOlBTG.exe
  2⤵
  PID:6688
- C:\Windows\System\irsocDP.exe
  C:\Windows\System\irsocDP.exe
  2⤵
  PID:6812
- C:\Windows\System\ZOdpIhQ.exe
  C:\Windows\System\ZOdpIhQ.exe
  2⤵
  PID:6804
- C:\Windows\System\tKBotBg.exe
  C:\Windows\System\tKBotBg.exe
  2⤵
  PID:7032
- C:\Windows\System\OyJcaaj.exe
  C:\Windows\System\OyJcaaj.exe
  2⤵
  PID:7076
- C:\Windows\System\MsLvCry.exe
  C:\Windows\System\MsLvCry.exe
  2⤵
  PID:7100
- C:\Windows\System\bmHgFlq.exe
  C:\Windows\System\bmHgFlq.exe
  2⤵
  PID:7144
- C:\Windows\System\ymApNgj.exe
  C:\Windows\System\ymApNgj.exe
  2⤵
  PID:6172
- C:\Windows\System\qoDosYx.exe
  C:\Windows\System\qoDosYx.exe
  2⤵
  PID:6200
- C:\Windows\System\oWfGieR.exe
  C:\Windows\System\oWfGieR.exe
  2⤵
  PID:6360
- C:\Windows\System\dTBJmxc.exe
  C:\Windows\System\dTBJmxc.exe
  2⤵
  PID:6388
- C:\Windows\System\dTHmGRV.exe
  C:\Windows\System\dTHmGRV.exe
  2⤵
  PID:6500
- C:\Windows\System\UAPsumD.exe
  C:\Windows\System\UAPsumD.exe
  2⤵
  PID:6620
- C:\Windows\System\CnhkLQC.exe
  C:\Windows\System\CnhkLQC.exe
  2⤵
  PID:6704
- C:\Windows\System\cfnKAiS.exe
  C:\Windows\System\cfnKAiS.exe
  2⤵
  PID:6840
- C:\Windows\System\UVWrHGA.exe
  C:\Windows\System\UVWrHGA.exe
  2⤵
  PID:6692
- C:\Windows\System\KSKHiQv.exe
  C:\Windows\System\KSKHiQv.exe
  2⤵
  PID:6776
- C:\Windows\System\LaUhBjn.exe
  C:\Windows\System\LaUhBjn.exe
  2⤵
  PID:6744
- C:\Windows\System\IeOgXJR.exe
  C:\Windows\System\IeOgXJR.exe
  2⤵
  PID:7148
- C:\Windows\System\PHPJBOE.exe
  C:\Windows\System\PHPJBOE.exe
  2⤵
  PID:7096
- C:\Windows\System\HBkupNw.exe
  C:\Windows\System\HBkupNw.exe
  2⤵
  PID:6296
- C:\Windows\System\vmbbnCH.exe
  C:\Windows\System\vmbbnCH.exe
  2⤵
  PID:6348
- C:\Windows\System\iSoddBR.exe
  C:\Windows\System\iSoddBR.exe
  2⤵
  PID:6472
- C:\Windows\System\lTlvcgO.exe
  C:\Windows\System\lTlvcgO.exe
  2⤵
  PID:6636
- C:\Windows\System\QrKWAbF.exe
  C:\Windows\System\QrKWAbF.exe
  2⤵
  PID:6996
- C:\Windows\System\IQliszd.exe
  C:\Windows\System\IQliszd.exe
  2⤵
  PID:6664
- C:\Windows\System\etpLBUQ.exe
  C:\Windows\System\etpLBUQ.exe
  2⤵
  PID:7060
- C:\Windows\System\MECQFWJ.exe
  C:\Windows\System\MECQFWJ.exe
  2⤵
  PID:6924
- C:\Windows\System\YgHNYOo.exe
  C:\Windows\System\YgHNYOo.exe
  2⤵
  PID:6240
- C:\Windows\System\omsuYbO.exe
  C:\Windows\System\omsuYbO.exe
  2⤵
  PID:6456
- C:\Windows\System\KwZTQhQ.exe
  C:\Windows\System\KwZTQhQ.exe
  2⤵
  PID:6908
- C:\Windows\System\BSwLCSc.exe
  C:\Windows\System\BSwLCSc.exe
  2⤵
  PID:6864
- C:\Windows\System\aMMArTY.exe
  C:\Windows\System\aMMArTY.exe
  2⤵
  PID:7084
- C:\Windows\System\NQtYmEo.exe
  C:\Windows\System\NQtYmEo.exe
  2⤵
  PID:6600
- C:\Windows\System\moktXSC.exe
  C:\Windows\System\moktXSC.exe
  2⤵
  PID:6368
- C:\Windows\System\LWwxQLw.exe
  C:\Windows\System\LWwxQLw.exe
  2⤵
  PID:6900
- C:\Windows\System\hyJDPGn.exe
  C:\Windows\System\hyJDPGn.exe
  2⤵
  PID:6760
- C:\Windows\System\RLsEAZX.exe
  C:\Windows\System\RLsEAZX.exe
  2⤵
  PID:6268
- C:\Windows\System\WiNbUbl.exe
  C:\Windows\System\WiNbUbl.exe
  2⤵
  PID:7176
- C:\Windows\System\GkKpgLF.exe
  C:\Windows\System\GkKpgLF.exe
  2⤵
  PID:7192
- C:\Windows\System\LRExoAa.exe
  C:\Windows\System\LRExoAa.exe
  2⤵
  PID:7208
- C:\Windows\System\GSipDcC.exe
  C:\Windows\System\GSipDcC.exe
  2⤵
  PID:7224
- C:\Windows\System\exgdCJn.exe
  C:\Windows\System\exgdCJn.exe
  2⤵
  PID:7240
- C:\Windows\System\FQcjCUi.exe
  C:\Windows\System\FQcjCUi.exe
  2⤵
  PID:7256
- C:\Windows\System\pHPfirl.exe
  C:\Windows\System\pHPfirl.exe
  2⤵
  PID:7272
- C:\Windows\System\fzLUemo.exe
  C:\Windows\System\fzLUemo.exe
  2⤵
  PID:7296
- C:\Windows\System\KKWZWAd.exe
  C:\Windows\System\KKWZWAd.exe
  2⤵
  PID:7320
- C:\Windows\System\MgPAqFH.exe
  C:\Windows\System\MgPAqFH.exe
  2⤵
  PID:7336
- C:\Windows\System\AaGUTOz.exe
  C:\Windows\System\AaGUTOz.exe
  2⤵
  PID:7352
- C:\Windows\System\oXcXuRT.exe
  C:\Windows\System\oXcXuRT.exe
  2⤵
  PID:7368
- C:\Windows\System\quAckEZ.exe
  C:\Windows\System\quAckEZ.exe
  2⤵
  PID:7388
- C:\Windows\System\fyRxDkN.exe
  C:\Windows\System\fyRxDkN.exe
  2⤵
  PID:7404
- C:\Windows\System\kwQlGog.exe
  C:\Windows\System\kwQlGog.exe
  2⤵
  PID:7428
- C:\Windows\System\MQnqODO.exe
  C:\Windows\System\MQnqODO.exe
  2⤵
  PID:7444
- C:\Windows\System\mcYWjJJ.exe
  C:\Windows\System\mcYWjJJ.exe
  2⤵
  PID:7460
- C:\Windows\System\mTqygNn.exe
  C:\Windows\System\mTqygNn.exe
  2⤵
  PID:7476
- C:\Windows\System\ncJzoPg.exe
  C:\Windows\System\ncJzoPg.exe
  2⤵
  PID:7492
- C:\Windows\System\rjAcUkQ.exe
  C:\Windows\System\rjAcUkQ.exe
  2⤵
  PID:7512
- C:\Windows\System\AqiIHzS.exe
  C:\Windows\System\AqiIHzS.exe
  2⤵
  PID:7528
- C:\Windows\System\Guoqffz.exe
  C:\Windows\System\Guoqffz.exe
  2⤵
  PID:7548
- C:\Windows\System\hCJROqX.exe
  C:\Windows\System\hCJROqX.exe
  2⤵
  PID:7564
- C:\Windows\System\idvyadF.exe
  C:\Windows\System\idvyadF.exe
  2⤵
  PID:7588
- C:\Windows\System\IJMbepm.exe
  C:\Windows\System\IJMbepm.exe
  2⤵
  PID:7608
- C:\Windows\System\fWBHgDX.exe
  C:\Windows\System\fWBHgDX.exe
  2⤵
  PID:7624
- C:\Windows\System\jrzjMNv.exe
  C:\Windows\System\jrzjMNv.exe
  2⤵
  PID:7640
- C:\Windows\System\FPlCXcv.exe
  C:\Windows\System\FPlCXcv.exe
  2⤵
  PID:7656
- C:\Windows\System\INfHOXI.exe
  C:\Windows\System\INfHOXI.exe
  2⤵
  PID:7676
- C:\Windows\System\DIHrfQp.exe
  C:\Windows\System\DIHrfQp.exe
  2⤵
  PID:7692
- C:\Windows\System\khincpH.exe
  C:\Windows\System\khincpH.exe
  2⤵
  PID:7708
- C:\Windows\System\yJASsSG.exe
  C:\Windows\System\yJASsSG.exe
  2⤵
  PID:7724
- C:\Windows\System\zNmlkNJ.exe
  C:\Windows\System\zNmlkNJ.exe
  2⤵
  PID:7740
- C:\Windows\System\zwYalGX.exe
  C:\Windows\System\zwYalGX.exe
  2⤵
  PID:7756
- C:\Windows\System\JUQWmdd.exe
  C:\Windows\System\JUQWmdd.exe
  2⤵
  PID:7772
- C:\Windows\System\QoBkDke.exe
  C:\Windows\System\QoBkDke.exe
  2⤵
  PID:7792
- C:\Windows\System\MJWegqa.exe
  C:\Windows\System\MJWegqa.exe
  2⤵
  PID:7808
- C:\Windows\System\LRHsNtL.exe
  C:\Windows\System\LRHsNtL.exe
  2⤵
  PID:7828
- C:\Windows\System\jxxhOwr.exe
  C:\Windows\System\jxxhOwr.exe
  2⤵
  PID:7848
- C:\Windows\System\bXerIJF.exe
  C:\Windows\System\bXerIJF.exe
  2⤵
  PID:7868
- C:\Windows\System\bIXWghS.exe
  C:\Windows\System\bIXWghS.exe
  2⤵
  PID:7884
- C:\Windows\System\nVERDKt.exe
  C:\Windows\System\nVERDKt.exe
  2⤵
  PID:7900
- C:\Windows\System\ZBNvhgZ.exe
  C:\Windows\System\ZBNvhgZ.exe
  2⤵
  PID:7916
- C:\Windows\System\GNKsrPD.exe
  C:\Windows\System\GNKsrPD.exe
  2⤵
  PID:7932
- C:\Windows\System\fvQfqBD.exe
  C:\Windows\System\fvQfqBD.exe
  2⤵
  PID:7992
- C:\Windows\System\nqbErTt.exe
  C:\Windows\System\nqbErTt.exe
  2⤵
  PID:8012
- C:\Windows\System\fXDgjEt.exe
  C:\Windows\System\fXDgjEt.exe
  2⤵
  PID:8028
- C:\Windows\System\iDIicFq.exe
  C:\Windows\System\iDIicFq.exe
  2⤵
  PID:8044
- C:\Windows\System\siWKJwV.exe
  C:\Windows\System\siWKJwV.exe
  2⤵
  PID:8060
- C:\Windows\System\KTRhirE.exe
  C:\Windows\System\KTRhirE.exe
  2⤵
  PID:8076
- C:\Windows\System\CaBjrMf.exe
  C:\Windows\System\CaBjrMf.exe
  2⤵
  PID:8096
- C:\Windows\System\dNdiuVV.exe
  C:\Windows\System\dNdiuVV.exe
  2⤵
  PID:8112
- C:\Windows\System\HnxQMqE.exe
  C:\Windows\System\HnxQMqE.exe
  2⤵
  PID:8128
- C:\Windows\System\TuyBLvy.exe
  C:\Windows\System\TuyBLvy.exe
  2⤵
  PID:8144
- C:\Windows\System\dtjedUp.exe
  C:\Windows\System\dtjedUp.exe
  2⤵
  PID:8160
- C:\Windows\System\SKKClNN.exe
  C:\Windows\System\SKKClNN.exe
  2⤵
  PID:8176
- C:\Windows\System\eqvfPCj.exe
  C:\Windows\System\eqvfPCj.exe
  2⤵
  PID:6292
- C:\Windows\System\KeJFCPz.exe
  C:\Windows\System\KeJFCPz.exe
  2⤵
  PID:6424
- C:\Windows\System\UTfuNBp.exe
  C:\Windows\System\UTfuNBp.exe
  2⤵
  PID:7188
- C:\Windows\System\bsGDxtV.exe
  C:\Windows\System\bsGDxtV.exe
  2⤵
  PID:7220
- C:\Windows\System\fkEPvap.exe
  C:\Windows\System\fkEPvap.exe
  2⤵
  PID:7252
- C:\Windows\System\mffyTED.exe
  C:\Windows\System\mffyTED.exe
  2⤵
  PID:7312
- C:\Windows\System\tSIporS.exe
  C:\Windows\System\tSIporS.exe
  2⤵
  PID:7280
- C:\Windows\System\euYbWOP.exe
  C:\Windows\System\euYbWOP.exe
  2⤵
  PID:7332
- C:\Windows\System\MDPsyub.exe
  C:\Windows\System\MDPsyub.exe
  2⤵
  PID:7380
- C:\Windows\System\pLYGGHr.exe
  C:\Windows\System\pLYGGHr.exe
  2⤵
  PID:7400
- C:\Windows\System\BxdFDGk.exe
  C:\Windows\System\BxdFDGk.exe
  2⤵
  PID:7452
- C:\Windows\System\bUqmSUd.exe
  C:\Windows\System\bUqmSUd.exe
  2⤵
  PID:7436
- C:\Windows\System\UmVYMhG.exe
  C:\Windows\System\UmVYMhG.exe
  2⤵
  PID:7472
- C:\Windows\System\OwbJsYk.exe
  C:\Windows\System\OwbJsYk.exe
  2⤵
  PID:7524
- C:\Windows\System\jWtCvwS.exe
  C:\Windows\System\jWtCvwS.exe
  2⤵
  PID:7556
- C:\Windows\System\jGMFMop.exe
  C:\Windows\System\jGMFMop.exe
  2⤵
  PID:7600
- C:\Windows\System\aEfEvIj.exe
  C:\Windows\System\aEfEvIj.exe
  2⤵
  PID:7580
- C:\Windows\System\CcVwyAN.exe
  C:\Windows\System\CcVwyAN.exe
  2⤵
  PID:7584
- C:\Windows\System\QjjTlCx.exe
  C:\Windows\System\QjjTlCx.exe
  2⤵
  PID:7672
- C:\Windows\System\OhygcRX.exe
  C:\Windows\System\OhygcRX.exe
  2⤵
  PID:7688
- C:\Windows\System\GcYOmKe.exe
  C:\Windows\System\GcYOmKe.exe
  2⤵
  PID:7748
- C:\Windows\System\OpNjVSM.exe
  C:\Windows\System\OpNjVSM.exe
  2⤵
  PID:7804
- C:\Windows\System\tTVaGcg.exe
  C:\Windows\System\tTVaGcg.exe
  2⤵
  PID:7824
- C:\Windows\System\lLbhOQp.exe
  C:\Windows\System\lLbhOQp.exe
  2⤵
  PID:7784
- C:\Windows\System\GKFbCjM.exe
  C:\Windows\System\GKFbCjM.exe
  2⤵
  PID:7864
- C:\Windows\System\MnPPpaz.exe
  C:\Windows\System\MnPPpaz.exe
  2⤵
  PID:7880
- C:\Windows\System\IjtOsBA.exe
  C:\Windows\System\IjtOsBA.exe
  2⤵
  PID:7928
- C:\Windows\System\mJyIwco.exe
  C:\Windows\System\mJyIwco.exe
  2⤵
  PID:7952
- C:\Windows\System\ooiiGoa.exe
  C:\Windows\System\ooiiGoa.exe
  2⤵
  PID:7968
- C:\Windows\System\SiHPgjz.exe
  C:\Windows\System\SiHPgjz.exe
  2⤵
  PID:7988
- C:\Windows\System\JmVvvsS.exe
  C:\Windows\System\JmVvvsS.exe
  2⤵
  PID:8020
- C:\Windows\System\IRqYkEC.exe
  C:\Windows\System\IRqYkEC.exe
  2⤵
  PID:8040
- C:\Windows\System\MLfmCSb.exe
  C:\Windows\System\MLfmCSb.exe
  2⤵
  PID:8072
- C:\Windows\System\LGeGEje.exe
  C:\Windows\System\LGeGEje.exe
  2⤵
  PID:8120
- C:\Windows\System\DQwqBtf.exe
  C:\Windows\System\DQwqBtf.exe
  2⤵
  PID:8140
- C:\Windows\System\KymOCcE.exe
  C:\Windows\System\KymOCcE.exe
  2⤵
  PID:8168
- C:\Windows\System\aiJALQV.exe
  C:\Windows\System\aiJALQV.exe
  2⤵
  PID:7200
- C:\Windows\System\OlaOftB.exe
  C:\Windows\System\OlaOftB.exe
  2⤵
  PID:7264
- C:\Windows\System\xlaNXHd.exe
  C:\Windows\System\xlaNXHd.exe
  2⤵
  PID:7364
- C:\Windows\System\lNOSZqV.exe
  C:\Windows\System\lNOSZqV.exe
  2⤵
  PID:7424
- C:\Windows\System\DzDiRHz.exe
  C:\Windows\System\DzDiRHz.exe
  2⤵
  PID:7328
- C:\Windows\System\msMOZuL.exe
  C:\Windows\System\msMOZuL.exe
  2⤵
  PID:7488
- C:\Windows\System\jAptxho.exe
  C:\Windows\System\jAptxho.exe
  2⤵
  PID:7636
- C:\Windows\System\aDzBQyf.exe
  C:\Windows\System\aDzBQyf.exe
  2⤵
  PID:7572
- C:\Windows\System\gtPyuqx.exe
  C:\Windows\System\gtPyuqx.exe
  2⤵
  PID:7668
- C:\Windows\System\uUUuTrV.exe
  C:\Windows\System\uUUuTrV.exe
  2⤵
  PID:7716
- C:\Windows\System\FTWtzpZ.exe
  C:\Windows\System\FTWtzpZ.exe
  2⤵
  PID:7856
- C:\Windows\System\cGXvfME.exe
  C:\Windows\System\cGXvfME.exe
  2⤵
  PID:7892
- C:\Windows\System\GNZXiOU.exe
  C:\Windows\System\GNZXiOU.exe
  2⤵
  PID:7764
- C:\Windows\System\BHifuZj.exe
  C:\Windows\System\BHifuZj.exe
  2⤵
  PID:7780
- C:\Windows\System\fIQKvfu.exe
  C:\Windows\System\fIQKvfu.exe
  2⤵
  PID:7500
- C:\Windows\System\AZvmxrn.exe
  C:\Windows\System\AZvmxrn.exe
  2⤵
  PID:7736
- C:\Windows\System\clyZaQS.exe
  C:\Windows\System\clyZaQS.exe
  2⤵
  PID:7292
- C:\Windows\System\WUbsGtl.exe
  C:\Windows\System\WUbsGtl.exe
  2⤵
  PID:7768
- C:\Windows\System\urBEeuv.exe
  C:\Windows\System\urBEeuv.exe
  2⤵
  PID:7976
- C:\Windows\System\xUyAPZw.exe
  C:\Windows\System\xUyAPZw.exe
  2⤵
  PID:8104
- C:\Windows\System\ezNlXQX.exe
  C:\Windows\System\ezNlXQX.exe
  2⤵
  PID:8088
- C:\Windows\System\QwktsSj.exe
  C:\Windows\System\QwktsSj.exe
  2⤵
  PID:6584
- C:\Windows\System\nFCYQeI.exe
  C:\Windows\System\nFCYQeI.exe
  2⤵
  PID:7348
- C:\Windows\System\BoFyTbX.exe
  C:\Windows\System\BoFyTbX.exe
  2⤵
  PID:7720
- C:\Windows\System\bgFTHjo.exe
  C:\Windows\System\bgFTHjo.exe
  2⤵
  PID:8004
- C:\Windows\System\Vskyaxa.exe
  C:\Windows\System\Vskyaxa.exe
  2⤵
  PID:8008
- C:\Windows\System\RUbZLmQ.exe
  C:\Windows\System\RUbZLmQ.exe
  2⤵
  PID:7576
- C:\Windows\System\kCdOkug.exe
  C:\Windows\System\kCdOkug.exe
  2⤵
  PID:8200
- C:\Windows\System\fQCMIge.exe
  C:\Windows\System\fQCMIge.exe
  2⤵
  PID:8224
- C:\Windows\System\mZBqLvi.exe
  C:\Windows\System\mZBqLvi.exe
  2⤵
  PID:8244
- C:\Windows\System\HKzNNfd.exe
  C:\Windows\System\HKzNNfd.exe
  2⤵
  PID:8268
- C:\Windows\System\UVyFQKS.exe
  C:\Windows\System\UVyFQKS.exe
  2⤵
  PID:8284
- C:\Windows\System\mWvHjFU.exe
  C:\Windows\System\mWvHjFU.exe
  2⤵
  PID:8300
- C:\Windows\System\lRTkUyB.exe
  C:\Windows\System\lRTkUyB.exe
  2⤵
  PID:8316
- C:\Windows\System\WHWbNnj.exe
  C:\Windows\System\WHWbNnj.exe
  2⤵
  PID:8336
- C:\Windows\System\Lgwjxla.exe
  C:\Windows\System\Lgwjxla.exe
  2⤵
  PID:8352
- C:\Windows\System\mPOlinV.exe
  C:\Windows\System\mPOlinV.exe
  2⤵
  PID:8376
- C:\Windows\System\ZQMVsxj.exe
  C:\Windows\System\ZQMVsxj.exe
  2⤵
  PID:8392
- C:\Windows\System\Hhbiwql.exe
  C:\Windows\System\Hhbiwql.exe
  2⤵
  PID:8408
- C:\Windows\System\yoBWhcx.exe
  C:\Windows\System\yoBWhcx.exe
  2⤵
  PID:8424
- C:\Windows\System\gNuASlK.exe
  C:\Windows\System\gNuASlK.exe
  2⤵
  PID:8440
- C:\Windows\System\KMzHMAp.exe
  C:\Windows\System\KMzHMAp.exe
  2⤵
  PID:8460
- C:\Windows\System\kABfPpA.exe
  C:\Windows\System\kABfPpA.exe
  2⤵
  PID:8480
- C:\Windows\System\MVrstoJ.exe
  C:\Windows\System\MVrstoJ.exe
  2⤵
  PID:8496
- C:\Windows\System\VQCDeCj.exe
  C:\Windows\System\VQCDeCj.exe
  2⤵
  PID:8516
- C:\Windows\System\DAqiJnb.exe
  C:\Windows\System\DAqiJnb.exe
  2⤵
  PID:8532
- C:\Windows\System\hsdXiPV.exe
  C:\Windows\System\hsdXiPV.exe
  2⤵
  PID:8548
- C:\Windows\System\rJzfiho.exe
  C:\Windows\System\rJzfiho.exe
  2⤵
  PID:8564
- C:\Windows\System\BLHbzDU.exe
  C:\Windows\System\BLHbzDU.exe
  2⤵
  PID:8580
- C:\Windows\System\ujeFOFN.exe
  C:\Windows\System\ujeFOFN.exe
  2⤵
  PID:8596
- C:\Windows\System\VPEaLAA.exe
  C:\Windows\System\VPEaLAA.exe
  2⤵
  PID:8612
- C:\Windows\System\WdnEsIf.exe
  C:\Windows\System\WdnEsIf.exe
  2⤵
  PID:8632
- C:\Windows\System\qJOirnv.exe
  C:\Windows\System\qJOirnv.exe
  2⤵
  PID:8684
- C:\Windows\System\PuQfZrF.exe
  C:\Windows\System\PuQfZrF.exe
  2⤵
  PID:8704
- C:\Windows\System\mmepTYD.exe
  C:\Windows\System\mmepTYD.exe
  2⤵
  PID:8724
- C:\Windows\System\PwnbPAw.exe
  C:\Windows\System\PwnbPAw.exe
  2⤵
  PID:8756
- C:\Windows\System\XLiaVVn.exe
  C:\Windows\System\XLiaVVn.exe
  2⤵
  PID:8772
- C:\Windows\System\nebMSYb.exe
  C:\Windows\System\nebMSYb.exe
  2⤵
  PID:8788
- C:\Windows\System\QsNchFZ.exe
  C:\Windows\System\QsNchFZ.exe
  2⤵
  PID:8804
- C:\Windows\System\KNqiwiq.exe
  C:\Windows\System\KNqiwiq.exe
  2⤵
  PID:8820
- C:\Windows\System\NcKdRRf.exe
  C:\Windows\System\NcKdRRf.exe
  2⤵
  PID:8848
- C:\Windows\System\SnutRDW.exe
  C:\Windows\System\SnutRDW.exe
  2⤵
  PID:8864
- C:\Windows\System\AQetAPW.exe
  C:\Windows\System\AQetAPW.exe
  2⤵
  PID:8880
- C:\Windows\System\VydtxNz.exe
  C:\Windows\System\VydtxNz.exe
  2⤵
  PID:8896
- C:\Windows\System\awSYVxD.exe
  C:\Windows\System\awSYVxD.exe
  2⤵
  PID:8944
- C:\Windows\System\tSiHmMV.exe
  C:\Windows\System\tSiHmMV.exe
  2⤵
  PID:8960
- C:\Windows\System\wHWqCJc.exe
  C:\Windows\System\wHWqCJc.exe
  2⤵
  PID:8980
- C:\Windows\System\xONOnbQ.exe
  C:\Windows\System\xONOnbQ.exe
  2⤵
  PID:9004
- C:\Windows\System\POsXxXI.exe
  C:\Windows\System\POsXxXI.exe
  2⤵
  PID:9048
- C:\Windows\System\kyGRarp.exe
  C:\Windows\System\kyGRarp.exe
  2⤵
  PID:9064
- C:\Windows\System\xkfVHBD.exe
  C:\Windows\System\xkfVHBD.exe
  2⤵
  PID:9088
- C:\Windows\System\eQMhaYS.exe
  C:\Windows\System\eQMhaYS.exe
  2⤵
  PID:9104
- C:\Windows\System\YSsgISF.exe
  C:\Windows\System\YSsgISF.exe
  2⤵
  PID:9124
- C:\Windows\System\Axyhyjh.exe
  C:\Windows\System\Axyhyjh.exe
  2⤵
  PID:9140
- C:\Windows\System\AAmAYJw.exe
  C:\Windows\System\AAmAYJw.exe
  2⤵
  PID:9160
- C:\Windows\System\xheQRVu.exe
  C:\Windows\System\xheQRVu.exe
  2⤵
  PID:9176
- C:\Windows\System\yZEEqkm.exe
  C:\Windows\System\yZEEqkm.exe
  2⤵
  PID:9200
- C:\Windows\System\ojuXirW.exe
  C:\Windows\System\ojuXirW.exe
  2⤵
  PID:7484
- C:\Windows\System\SztLePu.exe
  C:\Windows\System\SztLePu.exe
  2⤵
  PID:7876
- C:\Windows\System\UwgmXON.exe
  C:\Windows\System\UwgmXON.exe
  2⤵
  PID:8212
- C:\Windows\System\QVbxebS.exe
  C:\Windows\System\QVbxebS.exe
  2⤵
  PID:8000
- C:\Windows\System\yeRJkOc.exe
  C:\Windows\System\yeRJkOc.exe
  2⤵
  PID:8252
- C:\Windows\System\GMCQxYq.exe
  C:\Windows\System\GMCQxYq.exe
  2⤵
  PID:8260
- C:\Windows\System\McWcMLV.exe
  C:\Windows\System\McWcMLV.exe
  2⤵
  PID:8296
- C:\Windows\System\sLUTvuZ.exe
  C:\Windows\System\sLUTvuZ.exe
  2⤵
  PID:8232
- C:\Windows\System\dDyImwL.exe
  C:\Windows\System\dDyImwL.exe
  2⤵
  PID:8312
- C:\Windows\System\YbzKMSo.exe
  C:\Windows\System\YbzKMSo.exe
  2⤵
  PID:8432
- C:\Windows\System\flvoQRe.exe
  C:\Windows\System\flvoQRe.exe
  2⤵
  PID:8468
- C:\Windows\System\MqElKce.exe
  C:\Windows\System\MqElKce.exe
  2⤵
  PID:8504
- C:\Windows\System\sySMweN.exe
  C:\Windows\System\sySMweN.exe
  2⤵
  PID:8456
- C:\Windows\System\nJOwQbM.exe
  C:\Windows\System\nJOwQbM.exe
  2⤵
  PID:8452
- C:\Windows\System\WehzRAZ.exe
  C:\Windows\System\WehzRAZ.exe
  2⤵
  PID:8560
- C:\Windows\System\PZLOgvr.exe
  C:\Windows\System\PZLOgvr.exe
  2⤵
  PID:1448
- C:\Windows\System\IxAyjDH.exe
  C:\Windows\System\IxAyjDH.exe
  2⤵
  PID:8652
- C:\Windows\System\CQUlTQH.exe
  C:\Windows\System\CQUlTQH.exe
  2⤵
  PID:8672
- C:\Windows\System\KsFBzWB.exe
  C:\Windows\System\KsFBzWB.exe
  2⤵
  PID:2332
- C:\Windows\System\jRKqnIs.exe
  C:\Windows\System\jRKqnIs.exe
  2⤵
  PID:1364
- C:\Windows\System\ndonrlF.exe
  C:\Windows\System\ndonrlF.exe
  2⤵
  PID:8624
- C:\Windows\System\GpDuKHA.exe
  C:\Windows\System\GpDuKHA.exe
  2⤵
  PID:8692
- C:\Windows\System\FCWovpU.exe
  C:\Windows\System\FCWovpU.exe
  2⤵
  PID:8732
- C:\Windows\System\MHmbNmq.exe
  C:\Windows\System\MHmbNmq.exe
  2⤵
  PID:8740
- C:\Windows\System\LHoquYD.exe
  C:\Windows\System\LHoquYD.exe
  2⤵
  PID:8768
- C:\Windows\System\pkGUfXt.exe
  C:\Windows\System\pkGUfXt.exe
  2⤵
  PID:8816
- C:\Windows\System\LyXRpnH.exe
  C:\Windows\System\LyXRpnH.exe
  2⤵
  PID:8876
- C:\Windows\System\WdVUltv.exe
  C:\Windows\System\WdVUltv.exe
  2⤵
  PID:8920
- C:\Windows\System\bsbuzvx.exe
  C:\Windows\System\bsbuzvx.exe
  2⤵
  PID:8908
- C:\Windows\System\aPJnIij.exe
  C:\Windows\System\aPJnIij.exe
  2⤵
  PID:8888
- C:\Windows\System\VEGPoWZ.exe
  C:\Windows\System\VEGPoWZ.exe
  2⤵
  PID:8956
- C:\Windows\System\MNRbLNW.exe
  C:\Windows\System\MNRbLNW.exe
  2⤵
  PID:9020
- C:\Windows\System\ZvOMtuD.exe
  C:\Windows\System\ZvOMtuD.exe
  2⤵
  PID:8996
- C:\Windows\System\KNEIcCZ.exe
  C:\Windows\System\KNEIcCZ.exe
  2⤵
  PID:9044
- C:\Windows\System\WebdckG.exe
  C:\Windows\System\WebdckG.exe
  2⤵
  PID:9080
- C:\Windows\System\pElfJHK.exe
  C:\Windows\System\pElfJHK.exe
  2⤵
  PID:9120
- C:\Windows\System\qdQUxWO.exe
  C:\Windows\System\qdQUxWO.exe
  2⤵
  PID:9152
- C:\Windows\System\WhnFYUm.exe
  C:\Windows\System\WhnFYUm.exe
  2⤵
  PID:9132
- C:\Windows\System\jHtEUoY.exe
  C:\Windows\System\jHtEUoY.exe
  2⤵
  PID:9196
- C:\Windows\System\LHMFCAA.exe
  C:\Windows\System\LHMFCAA.exe
  2⤵
  PID:7844
- C:\Windows\System\FxMRRPb.exe
  C:\Windows\System\FxMRRPb.exe
  2⤵
  PID:9136
- C:\Windows\System\rclNvNI.exe
  C:\Windows\System\rclNvNI.exe
  2⤵
  PID:7396
- C:\Windows\System\FdLoybm.exe
  C:\Windows\System\FdLoybm.exe
  2⤵
  PID:8328
- C:\Windows\System\PcglQuB.exe
  C:\Windows\System\PcglQuB.exe
  2⤵
  PID:8124
- C:\Windows\System\PhYWjLt.exe
  C:\Windows\System\PhYWjLt.exe
  2⤵
  PID:8092
- C:\Windows\System\ZHzQujC.exe
  C:\Windows\System\ZHzQujC.exe
  2⤵
  PID:8368
- C:\Windows\System\ktHFKYl.exe
  C:\Windows\System\ktHFKYl.exe
  2⤵
  PID:8388
- C:\Windows\System\VijFyKm.exe
  C:\Windows\System\VijFyKm.exe
  2⤵
  PID:8540
- C:\Windows\System\zuQyCOv.exe
  C:\Windows\System\zuQyCOv.exe
  2⤵
  PID:8556
- C:\Windows\System\xZClJeF.exe
  C:\Windows\System\xZClJeF.exe
  2⤵
  PID:8648
- C:\Windows\System\mfEqAdC.exe
  C:\Windows\System\mfEqAdC.exe
  2⤵
  PID:2612
- C:\Windows\System\UwiSfhG.exe
  C:\Windows\System\UwiSfhG.exe
  2⤵
  PID:8696
- C:\Windows\System\kfgoOlv.exe
  C:\Windows\System\kfgoOlv.exe
  2⤵
  PID:8828
- C:\Windows\System\puEZxnw.exe
  C:\Windows\System\puEZxnw.exe
  2⤵
  PID:8832
- C:\Windows\System\sxBDIDh.exe
  C:\Windows\System\sxBDIDh.exe
  2⤵
  PID:8904
- C:\Windows\System\DQPanIB.exe
  C:\Windows\System\DQPanIB.exe
  2⤵
  PID:8916
- C:\Windows\System\DFnuWzE.exe
  C:\Windows\System\DFnuWzE.exe
  2⤵
  PID:8940
- C:\Windows\System\AbDlbPw.exe
  C:\Windows\System\AbDlbPw.exe
  2⤵
  PID:8952
- C:\Windows\System\YDAHnxK.exe
  C:\Windows\System\YDAHnxK.exe
  2⤵
  PID:8256
- C:\Windows\System\hVvxnqP.exe
  C:\Windows\System\hVvxnqP.exe
  2⤵
  PID:8348
- C:\Windows\System\LbuEvoE.exe
  C:\Windows\System\LbuEvoE.exe
  2⤵
  PID:8572
- C:\Windows\System\WRdpkuD.exe
  C:\Windows\System\WRdpkuD.exe
  2⤵
  PID:8528
- C:\Windows\System\KniptbG.exe
  C:\Windows\System\KniptbG.exe
  2⤵
  PID:2552
- C:\Windows\System\huATcQb.exe
  C:\Windows\System\huATcQb.exe
  2⤵
  PID:8972
- C:\Windows\System\JYOZGiG.exe
  C:\Windows\System\JYOZGiG.exe
  2⤵
  PID:9032
- C:\Windows\System\hlfsIFJ.exe
  C:\Windows\System\hlfsIFJ.exe
  2⤵
  PID:1628
- C:\Windows\System\BEzGJtM.exe
  C:\Windows\System\BEzGJtM.exe
  2⤵
  PID:9072
- C:\Windows\System\VLGgaNs.exe
  C:\Windows\System\VLGgaNs.exe
  2⤵
  PID:9188
- C:\Windows\System\yrsOAri.exe
  C:\Windows\System\yrsOAri.exe
  2⤵
  PID:2496
- C:\Windows\System\dPeNQZL.exe
  C:\Windows\System\dPeNQZL.exe
  2⤵
  PID:9148
- C:\Windows\System\fzCsMvW.exe
  C:\Windows\System\fzCsMvW.exe
  2⤵
  PID:8404
- C:\Windows\System\WjJDtiD.exe
  C:\Windows\System\WjJDtiD.exe
  2⤵
  PID:8384
- C:\Windows\System\osYmtGJ.exe
  C:\Windows\System\osYmtGJ.exe
  2⤵
  PID:952
- C:\Windows\System\aZuYdoE.exe
  C:\Windows\System\aZuYdoE.exe
  2⤵
  PID:1136
- C:\Windows\System\HWVcyWu.exe
  C:\Windows\System\HWVcyWu.exe
  2⤵
  PID:8992
- C:\Windows\System\MVKJywB.exe
  C:\Windows\System\MVKJywB.exe
  2⤵
  PID:8784
- C:\Windows\System\KbKfwvH.exe
  C:\Windows\System\KbKfwvH.exe
  2⤵
  PID:8932
- C:\Windows\System\fPoNuwp.exe
  C:\Windows\System\fPoNuwp.exe
  2⤵
  PID:9012
- C:\Windows\System\gdiYIPi.exe
  C:\Windows\System\gdiYIPi.exe
  2⤵
  PID:8856
- C:\Windows\System\nCkcORs.exe
  C:\Windows\System\nCkcORs.exe
  2⤵
  PID:2340
- C:\Windows\System\EPmYcKk.exe
  C:\Windows\System\EPmYcKk.exe
  2⤵
  PID:8280
- C:\Windows\System\kiWhbet.exe
  C:\Windows\System\kiWhbet.exe
  2⤵
  PID:8332
- C:\Windows\System\mIbUbyN.exe
  C:\Windows\System\mIbUbyN.exe
  2⤵
  PID:8400
- C:\Windows\System\aajgjiS.exe
  C:\Windows\System\aajgjiS.exe
  2⤵
  PID:8676
- C:\Windows\System\SyWOdit.exe
  C:\Windows\System\SyWOdit.exe
  2⤵
  PID:8416
- C:\Windows\System\BJTVjeL.exe
  C:\Windows\System\BJTVjeL.exe
  2⤵
  PID:8860
- C:\Windows\System\asgBXQZ.exe
  C:\Windows\System\asgBXQZ.exe
  2⤵
  PID:8752
- C:\Windows\System\aXXymKV.exe
  C:\Windows\System\aXXymKV.exe
  2⤵
  PID:9112
- C:\Windows\System\oTHzNKF.exe
  C:\Windows\System\oTHzNKF.exe
  2⤵
  PID:9056
- C:\Windows\System\EnanUmo.exe
  C:\Windows\System\EnanUmo.exe
  2⤵
  PID:8976
- C:\Windows\System\ulVKsyx.exe
  C:\Windows\System\ulVKsyx.exe
  2⤵
  PID:8912
- C:\Windows\System\zPkuHFR.exe
  C:\Windows\System\zPkuHFR.exe
  2⤵
  PID:8744
- C:\Windows\System\UbVOLXw.exe
  C:\Windows\System\UbVOLXw.exe
  2⤵
  PID:8448
- C:\Windows\System\DfPelyU.exe
  C:\Windows\System\DfPelyU.exe
  2⤵
  PID:8196
- C:\Windows\System\qWbeddn.exe
  C:\Windows\System\qWbeddn.exe
  2⤵
  PID:9232
- C:\Windows\System\wUGTaZJ.exe
  C:\Windows\System\wUGTaZJ.exe
  2⤵
  PID:9256
- C:\Windows\System\hPxEQYY.exe
  C:\Windows\System\hPxEQYY.exe
  2⤵
  PID:9296
- C:\Windows\System\ndBlhDg.exe
  C:\Windows\System\ndBlhDg.exe
  2⤵
  PID:9312
- C:\Windows\System\ndmNSzy.exe
  C:\Windows\System\ndmNSzy.exe
  2⤵
  PID:9332
- C:\Windows\System\UOfdcny.exe
  C:\Windows\System\UOfdcny.exe
  2⤵
  PID:9348
- C:\Windows\System\mOQbuxa.exe
  C:\Windows\System\mOQbuxa.exe
  2⤵
  PID:9364
- C:\Windows\System\GdNSdHF.exe
  C:\Windows\System\GdNSdHF.exe
  2⤵
  PID:9388
- C:\Windows\System\gtIMCDM.exe
  C:\Windows\System\gtIMCDM.exe
  2⤵
  PID:9404
- C:\Windows\System\HUwdUGh.exe
  C:\Windows\System\HUwdUGh.exe
  2⤵
  PID:9436
- C:\Windows\System\VTGySbP.exe
  C:\Windows\System\VTGySbP.exe
  2⤵
  PID:9452
- C:\Windows\System\dmUuavJ.exe
  C:\Windows\System\dmUuavJ.exe
  2⤵
  PID:9468
- C:\Windows\System\mcyMqWM.exe
  C:\Windows\System\mcyMqWM.exe
  2⤵
  PID:9484
- C:\Windows\System\uymLvbk.exe
  C:\Windows\System\uymLvbk.exe
  2⤵
  PID:9500
- C:\Windows\System\kYmBGHv.exe
  C:\Windows\System\kYmBGHv.exe
  2⤵
  PID:9516
- C:\Windows\System\xYguEMb.exe
  C:\Windows\System\xYguEMb.exe
  2⤵
  PID:9532
- C:\Windows\System\mYcpXdn.exe
  C:\Windows\System\mYcpXdn.exe
  2⤵
  PID:9548
- C:\Windows\System\WulyAIh.exe
  C:\Windows\System\WulyAIh.exe
  2⤵
  PID:9564
- C:\Windows\System\SfaZqhx.exe
  C:\Windows\System\SfaZqhx.exe
  2⤵
  PID:9580
- C:\Windows\System\BJvlsni.exe
  C:\Windows\System\BJvlsni.exe
  2⤵
  PID:9596
- C:\Windows\System\mXuuXYb.exe
  C:\Windows\System\mXuuXYb.exe
  2⤵
  PID:9612
- C:\Windows\System\xGpzhFu.exe
  C:\Windows\System\xGpzhFu.exe
  2⤵
  PID:9628
- C:\Windows\System\zzmqoXI.exe
  C:\Windows\System\zzmqoXI.exe
  2⤵
  PID:9644
- C:\Windows\System\ITurkMd.exe
  C:\Windows\System\ITurkMd.exe
  2⤵
  PID:9668
- C:\Windows\System\jZnNrUy.exe
  C:\Windows\System\jZnNrUy.exe
  2⤵
  PID:9684
- C:\Windows\System\UVDRvDo.exe
  C:\Windows\System\UVDRvDo.exe
  2⤵
  PID:9704
- C:\Windows\System\RiAFXrc.exe
  C:\Windows\System\RiAFXrc.exe
  2⤵
  PID:9720
- C:\Windows\System\yZDuWzd.exe
  C:\Windows\System\yZDuWzd.exe
  2⤵
  PID:9736
- C:\Windows\System\JbzvxCH.exe
  C:\Windows\System\JbzvxCH.exe
  2⤵
  PID:9752
- C:\Windows\System\oiJwJNp.exe
  C:\Windows\System\oiJwJNp.exe
  2⤵
  PID:9772
- C:\Windows\System\iYCwfrH.exe
  C:\Windows\System\iYCwfrH.exe
  2⤵
  PID:9788
- C:\Windows\System\VBXRJRA.exe
  C:\Windows\System\VBXRJRA.exe
  2⤵
  PID:9804
- C:\Windows\System\LRoHnTa.exe
  C:\Windows\System\LRoHnTa.exe
  2⤵
  PID:9820
- C:\Windows\System\dBOFhFv.exe
  C:\Windows\System\dBOFhFv.exe
  2⤵
  PID:9836
- C:\Windows\System\tTNTFAQ.exe
  C:\Windows\System\tTNTFAQ.exe
  2⤵
  PID:9868
- C:\Windows\System\DTyBfsE.exe
  C:\Windows\System\DTyBfsE.exe
  2⤵
  PID:9888
- C:\Windows\System\FJmzssk.exe
  C:\Windows\System\FJmzssk.exe
  2⤵
  PID:9908
- C:\Windows\System\xCCtGju.exe
  C:\Windows\System\xCCtGju.exe
  2⤵
  PID:9928
- C:\Windows\System\uxwgCzA.exe
  C:\Windows\System\uxwgCzA.exe
  2⤵
  PID:9944
- C:\Windows\System\RjWejCU.exe
  C:\Windows\System\RjWejCU.exe
  2⤵
  PID:9960
- C:\Windows\System\nfEtVwZ.exe
  C:\Windows\System\nfEtVwZ.exe
  2⤵
  PID:9976
- C:\Windows\System\czAvKcL.exe
  C:\Windows\System\czAvKcL.exe
  2⤵
  PID:9992
- C:\Windows\System\NCIeMgT.exe
  C:\Windows\System\NCIeMgT.exe
  2⤵
  PID:10008
- C:\Windows\System\riSzhTW.exe
  C:\Windows\System\riSzhTW.exe
  2⤵
  PID:10032
- C:\Windows\System\ZaFUnrw.exe
  C:\Windows\System\ZaFUnrw.exe
  2⤵
  PID:10064
- C:\Windows\System\yivwJpB.exe
  C:\Windows\System\yivwJpB.exe
  2⤵
  PID:10088
- C:\Windows\System\ZACeqnJ.exe
  C:\Windows\System\ZACeqnJ.exe
  2⤵
  PID:10128
- C:\Windows\System\tTRIcpg.exe
  C:\Windows\System\tTRIcpg.exe
  2⤵
  PID:10208
- C:\Windows\System\iIpyCFJ.exe
  C:\Windows\System\iIpyCFJ.exe
  2⤵
  PID:9212
- C:\Windows\System\sLnvmLM.exe
  C:\Windows\System\sLnvmLM.exe
  2⤵
  PID:9240
- C:\Windows\System\CSQdpZf.exe
  C:\Windows\System\CSQdpZf.exe
  2⤵
  PID:9276
- C:\Windows\System\zoxyxSX.exe
  C:\Windows\System\zoxyxSX.exe
  2⤵
  PID:9288
- C:\Windows\System\BKAZqJD.exe
  C:\Windows\System\BKAZqJD.exe
  2⤵
  PID:9292
- C:\Windows\System\TtIYvIZ.exe
  C:\Windows\System\TtIYvIZ.exe
  2⤵
  PID:9372
- C:\Windows\System\yGJaMNY.exe
  C:\Windows\System\yGJaMNY.exe
  2⤵
  PID:9324
- C:\Windows\System\dbyqcFO.exe
  C:\Windows\System\dbyqcFO.exe
  2⤵
  PID:9420
- C:\Windows\System\vBgbRDd.exe
  C:\Windows\System\vBgbRDd.exe
  2⤵
  PID:9464
- C:\Windows\System\gaeFhIw.exe
  C:\Windows\System\gaeFhIw.exe
  2⤵
  PID:9400
- C:\Windows\System\ioWqITv.exe
  C:\Windows\System\ioWqITv.exe
  2⤵
  PID:9496
- C:\Windows\System\DVTmTzP.exe
  C:\Windows\System\DVTmTzP.exe
  2⤵
  PID:9524
- C:\Windows\System\ASZmQhV.exe
  C:\Windows\System\ASZmQhV.exe
  2⤵
  PID:9588
- C:\Windows\System\BCuLJsI.exe
  C:\Windows\System\BCuLJsI.exe
  2⤵
  PID:9656
- C:\Windows\System\NiwamdO.exe
  C:\Windows\System\NiwamdO.exe
  2⤵
  PID:9604
- C:\Windows\System\VKhXiJx.exe
  C:\Windows\System\VKhXiJx.exe
  2⤵
  PID:9700
- C:\Windows\System\TcxOzlo.exe
  C:\Windows\System\TcxOzlo.exe
  2⤵
  PID:9716
- C:\Windows\System\rgEEHMS.exe
  C:\Windows\System\rgEEHMS.exe
  2⤵
  PID:9764
- C:\Windows\System\wxYWgGa.exe
  C:\Windows\System\wxYWgGa.exe
  2⤵
  PID:9800
- C:\Windows\System\foSPjNm.exe
  C:\Windows\System\foSPjNm.exe
  2⤵
  PID:9848
- C:\Windows\System\mBgEBZq.exe
  C:\Windows\System\mBgEBZq.exe
  2⤵
  PID:9876
- C:\Windows\System\divpiLn.exe
  C:\Windows\System\divpiLn.exe
  2⤵
  PID:9916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\IOlIAjz.exe

Filesize
6.0MB

MD5
b9df90b485a11a8df778e9b6b91d3524

SHA1
eeb87071114fb82ac7c59ca2ec4498b423ad17b7

SHA256
14c4703b0b17647df2de428fefadbb317ba3874e33069a6b582ab005ac2ebc58

SHA512
9b71d1a0f1a24a227fb83fe1ca8ac92faed31627795a6a22c93da393221006c304d1f836e8596fdc6709338a21bd6325bf978bd067b1846962e8e64148da90f3

Download Submit
C:\Windows\system\LqEQuvY.exe

Filesize
6.0MB

MD5
9c7a6477f78ad1669b9c49e985e22a38

SHA1
13888cc08113aa3805a27530597553152f5d59d2

SHA256
10a14fa64d2c6670af27e983a695bdcd1278edefe9d74b3ddf8487c6675efdcc

SHA512
03212fc1d48ba0d6a46cd9acc437f830c053c5a12c20969658c6824e329599c4e35a25e6efad1fc9e923d623a43abc2c4e27ef9ad6b3f9a31f1a14d3eda917ff

Download Submit
C:\Windows\system\MCBDMQG.exe

Filesize
6.0MB

MD5
d165ed25cba72ea6ef91255ccb673c29

SHA1
b4c3b25cb1281744c6b1c5d72093effd0fc7df24

SHA256
966d0fe254c040f2a73602c47d8b16e2add496edd416bf6319cf6a94f3ad7304

SHA512
fada9966649662d3ca3aea6390289c87ce6ccf175999a95f90244393ea64b776da9628d9e2bf1d4468474c9007a73cf40af64f7ddbad9abe872190edc0bdf79c

Download Submit
C:\Windows\system\MPRLvwd.exe

Filesize
6.0MB

MD5
61a44b0565082f1514a6a44d40edba95

SHA1
7c39d1b45fcea003b71fe301e8df7c410ec86201

SHA256
e12f2556c1b8a899fd4da2b9c5f06491498e7be26fe1baaf81d33ca6970ae5ce

SHA512
77ca80d052f54266712eeb5325c29af2c33a79d5ea093678ec7d9e6934f6b4cc6780f9e3abd7ab6ce08e0e630a55bf244f5662926b6bddc4973d956329492508

Download Submit
C:\Windows\system\QRBaBeo.exe

Filesize
6.0MB

MD5
723de0e138c9793593ff5d74ac84a3a3

SHA1
77577dd7ad541997ddf0cfaee7245b61ba91a1fa

SHA256
f8a092e89e7fcb54b12d774e4215df0a9bd03052b34abd891f82254d5a33d800

SHA512
5eb2e84552b4e392693a536baf62d060a5b68e5ca02aa9e2323b001b563cbb9a865a1ece75e126ec0a27460c7a4db2673c855521176544bd4ae18acd6ed64673

Download Submit
C:\Windows\system\Rorxeqf.exe

Filesize
6.0MB

MD5
dad0acb41719ec804ce7770011803d07

SHA1
bea43725f90e2f6f8eed4cdc9f3c51f874e3a6a3

SHA256
566ef6eafc030e0898c9c0d81b59e3b49dc2e76d2ae3440eb2d67b08946d623a

SHA512
cf109729660a6c2c5ce762b64a948a9307b15e84cf3ebbe2d2f53526769304372766cb7c818b3e8bafcb0d6834c6da6de4a998bbce9dbc61faa62f7fb89031b1

Download Submit
C:\Windows\system\TGqPxnW.exe

Filesize
6.0MB

MD5
0696588861f6c44566a2248ca75b2feb

SHA1
a69d8af43d0d729957189cdee0eeb5856680e027

SHA256
a25391613967ec9b9a3d3568d16f4ebbd33a628202c85e6066080a5293f9d75c

SHA512
2a0f873d64ce8ff48216fb61394a3e10d0282f16151e80aee549e06bb0d4da5dca5506564bfb1b0010fd5cb5b8f399ca2d1ab94eb87ff7ebf76537e086e7ef75

Download Submit
C:\Windows\system\WPReSrO.exe

Filesize
6.0MB

MD5
9a0b2c94e1075ef98fef2de018c27e25

SHA1
299ee113773d6ec1a411d8dd046d26772518a76e

SHA256
5999f2c6c7d7ec35333704cca9daa6c7d65562bd909c55a86453c5421a1a6df6

SHA512
ac7ddab6e85ed1d8eda74f24eac8078d5a7ba98ed800cfff03e9019a214562274f6df45a412c773d015fa84ba937933a8e41d805fb54b9443bd860d7d1a8cc3f

Download Submit
C:\Windows\system\aWWUcXD.exe

Filesize
6.0MB

MD5
f4efe25534a3418b903a7a5b2b52a8ce

SHA1
119502e282faa4b5e9cf6449b5a4e1459d54739f

SHA256
e915cf59e7e8f975dcf2ddce4ed18d7f75578ee2cd4291cf23c76bb7f97e0801

SHA512
9912c377a736ac6ab5701c8b2c003c0d2115d73970fba057602238e020edfbd979580d140110e0268c611513dec5342e3ae4be0d2461bdfb7883ec9e2a2f7865

Download Submit
C:\Windows\system\cWaZeZN.exe

Filesize
6.0MB

MD5
252e5b8b0159cd3239151b02f4ec64dd

SHA1
6a727a6145b57f31b74f8b2af739a55d473db93b

SHA256
ef2e3d22905eefe6824f425bdb31954a15909c36eeb13afa4aeffe3b3e68b492

SHA512
898c74495313af720fe785ad2ac5c5c656bc6ff231fe5400b3d4495fc3b17585fc705113de07bf4fa36163e92ce831fc7231176f268762fd3c243133288535c2

Download Submit
C:\Windows\system\dcmiBQs.exe

Filesize
6.0MB

MD5
0923c6659f6acd4fcc8661b77d8dba84

SHA1
0774a8cd1d294e1c90bb0d16f2a77411e60708bf

SHA256
b591c0b3ebde278fce8eb486ee57b0f6eb4bc91096a44401ad7d9a0e71e55809

SHA512
00b2320f00d0bd8ca0eb6707a352303fad518a87cd1d581c7377cabe23a04acb05d8beeaaf96e6a6880ffb4169b8a0d06d9011c783d914576cf9bebb165aa0ca

Download Submit
C:\Windows\system\eGVPTlr.exe

Filesize
6.0MB

MD5
6663e91d06fff5b579f3524ea14015ea

SHA1
a5076792cc6a602814d05cd5416768b835ad4144

SHA256
26df0b4793d9076032bd1001525b57b3d725c11930ed9b8ddf89c4774f413bd2

SHA512
0c41145376324584a9c861d04bc2d4c0178fdc3284cc1bcebd52cfe2b7c07641e79e65102b578dfa8f3d741fdb6df3985d9fb41e744ab04badb912ee1d059ddb

Download Submit
C:\Windows\system\gCtqaSC.exe

Filesize
6.0MB

MD5
4236e9497cd00f96425900d49d62b61a

SHA1
3bee6daa23272a3b80ed951cfbceaf67e869010d

SHA256
ad8a6e8ea2644b521805d1b1e7d1d76d5415027d5197d2a6de708df1d1863fb8

SHA512
e9c76ecf67fbdfe0850c4f11a9277b39cc0cac766f96cd45d9eabef6d1f61e5212208019df45833db483ef8273fd98d6f7b6717bfde7a38a5bdded80358dfcee

Download Submit
C:\Windows\system\jmXQJGc.exe

Filesize
6.0MB

MD5
ed2329b50b33b53df40c8fe37ebf1e0e

SHA1
6329a9425d6fee59c37d70a2da1e49792c1e7889

SHA256
08fc8b836c119fd152e548626f4c3179ecf99058076c509ec2396427c0d2da3a

SHA512
823fe8b8cac909d0f5dc365e3d8957138d670b71bc13b3da35cfea8ef1803c0d39c49dc1321060cd1be5df5b54b0b6dc7ae58a199e21ddc1234c6c7a99302a68

Download Submit
C:\Windows\system\lHnWDvd.exe

Filesize
6.0MB

MD5
e9f4df8a5525dd060192bc3b51d60015

SHA1
06369125ba0b470a993d11cd48ddd682790b73fd

SHA256
e3d4cabef5f5f26e23acd588c267097132e5bb3dc6f21392231f390f7ea103bf

SHA512
07b5deebb213fbd3fa96cfe04611c39fb6ae1fb79fad6061fef876c49113b4c94b901f1a6d7767b01b728ca3407dce94c8a5b5cd8cff4f649997a71fe5119a26

Download Submit
C:\Windows\system\lrRwDcE.exe

Filesize
6.0MB

MD5
1e16a1342597b1a3f224198c305f2549

SHA1
d113d9193154634870eb9355bdd0660028802985

SHA256
83d95ee57f08737a043ae30e02fa1ce80636ea5df544e5a828bb6a827d92ffc1

SHA512
750003ff8397157b8ad94e77208075a6db55d6973a33ce4d39b402f93038de98d86b14f74e0abeadd7c81ca2f4c5d053b60e88625ab8adce91237263d99be2d3

Download Submit
C:\Windows\system\maaJmoV.exe

Filesize
6.0MB

MD5
2e25c25c0d2b4181f92bf58b957fc0d6

SHA1
77e6f59218b54c9a8f49e426ab59f0c23820fda1

SHA256
cbff631a93e68c1db90deb85a1cde92093d3b532b7d97540aa0658613dad89ba

SHA512
875377976171ea25c7f627650cff1b7f4a499f1711b8a8750018fa6875a3638cfe7d767391c3a6245cd9e797d2bd0b2a31dc169e7da2364de225356f612408b1

Download Submit
C:\Windows\system\tFjVXfU.exe

Filesize
6.0MB

MD5
e4eeff7f1b8d8eb07f264ff234104a71

SHA1
a0cadcbcbd75d1fb843c6f8cda9009a20a293d8b

SHA256
887bb882cff3bdd65261b97079dbffe3233ed13a4184a2b77d88d3f50cc4956c

SHA512
bd4bf5367f7611b09781d548e94322918f5e3853572db3e2aaf72e4cff30530e423734243fd61e1742dadf0f34f319d609787fd5f6d0a77dfc4a15596fe5127b

Download Submit
C:\Windows\system\wUsKvmv.exe

Filesize
6.0MB

MD5
42590650c4fccb00319b93e63677a4b2

SHA1
a0b6b7aa579b92fca92658f0065b5fac80b522e6

SHA256
9f3717963cf85beb3d2f0fbaf31dd7ca711ea2a14d9af467ffe1a14a8357ca95

SHA512
f572bdc01d3424ec9fc9674d06bcb1f361db1d6a80aa01aa0abb53a5cebf22059b15b0bf973487407ebbfd3acbb1b4eba2f0cd7e876e399714808f66eb86e94d

Download Submit
\Windows\system\DVSDMxo.exe

Filesize
6.0MB

MD5
77d527ec8cc5c745f57d0dcec7023f5c

SHA1
37015e7c25d2b6e1b87ddf3c31cd188e3ceecd3b

SHA256
55e3878c0f158a7753e8b8b2dc904ee4bf38402ad07adb3288e01797f9f7cfe6

SHA512
e180a3ae5039c8e476d69f1003f5643de2d4122e170671ccdeb4faa75161175c27642cc696b0e998cb7dfd68d3e182ca0ca9ae342c244f25100fd66235a6ce70

Download Submit
\Windows\system\JeoPLlw.exe

Filesize
6.0MB

MD5
8801e43791ddb9fa0a9befb6b28ff9a6

SHA1
4e5812e750435722aec0541879fd64cb21fa7d0c

SHA256
1616c6d04d4711aa1e57dc49d9696e3cbce4e672d4c6e8687751a5de103c1c34

SHA512
35b017074e390124b6941375c560a70fd2ec7a1f86b3a97bb0e8cfdaa14fc097597e3b89599f62644e076054b94284be0437b573bc4df923550d7587cbb7277f

Download Submit
\Windows\system\MYHclik.exe

Filesize
6.0MB

MD5
d646a598bce67add0ec8fd3787d82b5f

SHA1
a85fae9a9aee6ad33a49b7c2fb66faf3050cd24a

SHA256
86e176b39fa38138e2d613a8856263f535735f8765faffdd69b16d122bc27de2

SHA512
2dc41a54425d3a8945c33883d17f0a8acc1cb8e461748d79c8767df8c7599f4480e70b0f0bad4acfd1489d28456ba2b37e7a59e5b260ea2b229f064d857c3522

Download Submit
\Windows\system\UJuYuzG.exe

Filesize
6.0MB

MD5
2a595334b0dd3872726ec0309521be72

SHA1
2036262dc114b7d2fabdaa07b50133a8b42d7389

SHA256
531c052bac50c8439b46328b400568f5a0e3704d573043072861fe5ab7254448

SHA512
db79d048bf24b2a8de7daeb934b27d37422c8bfeb226f41bd1edd4b891338863bb63235f31a4980580376333dc25694fd7797ba39f74f37bdfa3daec5bc049be

Download Submit
\Windows\system\UvCbmfH.exe

Filesize
6.0MB

MD5
1f076b248efe6c3cc64a9539bcf94a98

SHA1
27826313595789910381b0523f1236b368cbd745

SHA256
5706994cc94ad415fc484a523b5665c0ece605b793a17f83f0b526c04d861834

SHA512
0f9ea0718793f1613ef9ab11ce3f111820419ba03573bba4c95679455dbe06c8298ec026108e573331618551ffc1b77d9477e972d69e07120ba2123d47f0323f

Download Submit
\Windows\system\WIFSFoM.exe

Filesize
6.0MB

MD5
329ee48da953dfcaa56839647ce6c47e

SHA1
891ddbafb9ee95f91661cfec42f9c86c44b4e549

SHA256
f11aeed1a1b2a50f4ed9f5c6eea1c30335a0be252cabace6263d9dd49d097982

SHA512
18ca85d504181e980127570ab5067046bb99a44f8585863dc30120d4f699c52690e059fe067293256f60360cfa3ae08988fb1203b94316eab02f72a3ce7403fb

Download Submit
\Windows\system\WfTqPGJ.exe

Filesize
6.0MB

MD5
023fa7fd8cae8bfdd3e8fed1dc437fd2

SHA1
098b27d0d05e11817caed5a2e81a282b189e705d

SHA256
5452ef4f582dfe9f42505a8ebf58263f09354edbec3e6641eea7e764a5ffa0d7

SHA512
39d191ecde87739be12482f26134b7d76ddd2ecaeeb62499ba595f61a191104ddea08f30d761f97a9468c2d3601db414a5b806214036381d404a24e8776a9d7b

Download Submit
\Windows\system\ZUjbPcd.exe

Filesize
6.0MB

MD5
c7303790b37c18127335ab240fc1cfb7

SHA1
84f1130e4e061630ad7d3b261e3adf2e59a7b3ad

SHA256
8d150447a59c4a7bf04874b3741d638581fa91712c48cdc19cecaf3936131191

SHA512
57bb8c3521a1d54995e5714a174dc265ad47698fa242b50e400e6dc1c8aed21da4cc96d91aceb788473d2b2a667a45e1c0a11231ca0a9e9e3ca43a000588369c

Download Submit
\Windows\system\amykKvd.exe

Filesize
6.0MB

MD5
bbf7e6520d2ac8e4ffabbb5785c2037b

SHA1
e77d98bbf2c7af2f816b119660fe5e8c045fd30e

SHA256
426e9117ab251306fd94b185059749d68c3696b620c0fb380c3bfdc782b58ba2

SHA512
306eecc069e48873edb490d6b39405151a05b852f259fd5bbc8989361c0f439d37821a98861b09b751b1f27750b1d0cc17084168ee86444fe405affba7704cad

Download Submit
\Windows\system\hbbEtSw.exe

Filesize
6.0MB

MD5
3fc09ba453ba01c9c59a19b14c4e93e6

SHA1
11ae362228a5e8ecb7e4dfe9c4da2f3e8edab5f1

SHA256
21da22b31b4e4d813c9fbaeeb8e361ae02efebe1cf64404431a7ff7033784396

SHA512
203330dcadf0e9b2fd77a9e67d27cffac08f5fdf674185db7e1284641faa71daf59db62a2c3bc4cab2b57dd5db64d49476f6070290a830be3ee621284579622c

Download Submit
\Windows\system\sZMrJhv.exe

Filesize
6.0MB

MD5
6d69ad740ad66fd79bf5b0c5a86843d5

SHA1
82ee715018549811860cf893266496145eb87917

SHA256
5b0157b01727157285911851bcef9d4a2c6db24ce3db555a641737580b1b9caa

SHA512
ac9d0215b06e57b67f78607d2356d6e961852907e283b0480c53431e784315a8ad7bc4f43298af4ffdc1559f542c70f339e4570d91cefadf74eccfce79ff37ec

Download Submit
\Windows\system\trGdWWq.exe

Filesize
6.0MB

MD5
487537a5983b3f346a8e4934f7a82774

SHA1
a45db0a4789f4d74f8928d0524db4b8ad26f0ba1

SHA256
a9b14a337cfb65e7f889fbfc23f257fa5c73b87dc504e843eb3c0f42b684eadc

SHA512
0cba5bb5eee2da5f5c833bf9d221a018cdbfa8e24b454f8ba9c35b73b6c3ac6f358b83ae43c2a518afad118eb2d920d668ddded47337f492e4255d9d0cc657b3

Download Submit
\Windows\system\wfjjUZl.exe

Filesize
6.0MB

MD5
43fd7fb4708b46c3de92cf240961e6fb

SHA1
0cf38ae444ea842ff3573b439ffdc867e9a0db2a

SHA256
7ca26a8dcb26dc372152d4cc69dd4b0673974332d6ccfd96c766d713b8c97bc5

SHA512
9767264c691dd9c31e6f9979d6e179ab991de93a6bd45fe9e3b42a970e80127f4dfa4d6f703fde991a551593171c0c58f41e5940009a67eb2118a44e4b2b22f0

Download Submit
memory/1560-1495-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-132-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-110-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-1479-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-1316-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2056-11-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2056-39-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2072-84-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2072-1472-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1454-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2100-75-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2148-339-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-0-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2148-72-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2148-130-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2148-217-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2148-134-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2148-31-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-133-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2148-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2148-50-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2148-80-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2148-74-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2148-35-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2148-13-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2148-41-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2148-17-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2148-185-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2148-26-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2148-309-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2444-131-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1489-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2744-66-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-1436-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-1312-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-15-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1351-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-36-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-73-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-1398-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2820-52-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2876-1324-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2876-21-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2876-57-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2880-28-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2880-65-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2880-1319-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2900-59-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-1424-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1350-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2924-83-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2924-42-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download