cobaltstrike | d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242dd

Analysis

max time kernel
78s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-09-2024 10:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
Size

6.0MB
MD5

9e68910fefa27640ea370ffac639e1e0
SHA1

b2557645db6e596ee8ddbe065dffffb54245e3a7
SHA256

d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242dd
SHA512

9d4666f4222cbafc05a6354accb52d199d409ee252749a686941f5efaac11411b03a2672f3c641ddf7883a373528d6cfe5c5268ac52148534c4c18dc67c26208
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUi:T+q56utgpPF8u/7i

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e00000001537c-6.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191fd-11.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-64.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-56.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019220-38.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-46.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001925d-44.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194bd-34.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46a-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cc-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c8-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c4-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48c-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a434-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49c-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48e-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-59.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ce-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ca-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c6-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c0-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42f-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-95.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019240-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019238-30.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019217-10.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1916-0-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x000e00000001537c-6.dat	xmrig
behavioral1/files/0x00060000000191fd-11.dat	xmrig
behavioral1/files/0x000500000001a301-64.dat	xmrig
behavioral1/files/0x000500000001a07b-56.dat	xmrig
behavioral1/files/0x0006000000019220-38.dat	xmrig
behavioral1/memory/2636-37-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2788-52-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2744-50-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x0005000000019fb9-46.dat	xmrig
behavioral1/files/0x000700000001925d-44.dat	xmrig
behavioral1/files/0x00070000000194bd-34.dat	xmrig
behavioral1/memory/2576-63-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46a-182.dat	xmrig
behavioral1/memory/1916-1050-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2228-1167-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x000500000001a431-180.dat	xmrig
behavioral1/files/0x000500000001a4cc-176.dat	xmrig
behavioral1/files/0x000500000001a345-168.dat	xmrig
behavioral1/files/0x000500000001a4c8-164.dat	xmrig
behavioral1/files/0x000500000001a4c4-151.dat	xmrig
behavioral1/files/0x000500000001a4bb-138.dat	xmrig
behavioral1/memory/2008-133-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b5-130.dat	xmrig
behavioral1/files/0x000500000001a48c-123.dat	xmrig
behavioral1/files/0x000500000001a434-122.dat	xmrig
behavioral1/files/0x000500000001a49c-119.dat	xmrig
behavioral1/files/0x000500000001a48e-112.dat	xmrig
behavioral1/memory/1824-108-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x000500000001a42d-88.dat	xmrig
behavioral1/memory/2696-83-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0a1-59.dat	xmrig
behavioral1/files/0x000500000001a4ce-185.dat	xmrig
behavioral1/files/0x000500000001a4ca-171.dat	xmrig
behavioral1/files/0x000500000001a4c6-160.dat	xmrig
behavioral1/files/0x000500000001a4c0-149.dat	xmrig
behavioral1/files/0x000500000001a4b7-147.dat	xmrig
behavioral1/files/0x000500000001a067-145.dat	xmrig
behavioral1/files/0x000500000001a4aa-144.dat	xmrig
behavioral1/files/0x000500000001a49a-126.dat	xmrig
behavioral1/files/0x000500000001a42f-96.dat	xmrig
behavioral1/files/0x000500000001a42b-95.dat	xmrig
behavioral1/memory/1916-87-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2652-79-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2124-75-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2584-74-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2228-73-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/1916-69-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000019240-41.dat	xmrig
behavioral1/files/0x0006000000019238-30.dat	xmrig
behavioral1/memory/2824-28-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019217-10.dat	xmrig
behavioral1/memory/2636-4009-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2124-4008-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2744-4011-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2696-4013-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2584-4012-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2228-4017-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2652-4016-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/1824-4015-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2576-4014-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2788-4018-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2008-4019-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2824-4010-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2124	YqvMyNE.exe
2824	nEqeSOP.exe
2636	ipzSrvg.exe
2744	DsYOINu.exe
2652	gFxvQtf.exe
2788	sxpvYIr.exe
2696	pCbzezy.exe
2576	vYGMzMZ.exe
2228	jqHHyCR.exe
1824	rWdYXyv.exe
2584	yzBPdmW.exe
2008	vsUVemO.exe
1676	kkhGAHE.exe
2368	NHBJmvZ.exe
1624	zcOTpsL.exe
1204	hsuaJxW.exe
2456	uJEyLGe.exe
2316	TSLVnrk.exe
380	FnOgzQH.exe
2212	yMzfLzr.exe
2420	tMTmiDk.exe
2540	SzLtvjE.exe
2940	ELxQgSs.exe
2512	phqeJUK.exe
2432	LfOlcJc.exe
1256	NeVPceE.exe
1696	PYhhLkA.exe
1904	eAkSpeu.exe
1484	gsFkAuY.exe
2280	DzchgBe.exe
3032	dDosRVz.exe
476	WRvESlE.exe
2400	fKswdlR.exe
2236	LHioAOE.exe
1756	cjnnhoV.exe
1220	eHvVfjQ.exe
1360	CgbzWfj.exe
1036	gJnrcdY.exe
2296	rExEeDw.exe
1388	TJwARNE.exe
2908	aokrqQC.exe
2488	hmMAiKe.exe
1020	eIBVgIQ.exe
2988	CXrTyPp.exe
1980	gACbtfC.exe
2440	TlXPtWO.exe
1760	BPSbUxJ.exe
2832	OmNwzei.exe
1472	fLiSXXd.exe
2344	iqCrCcw.exe
296	cUpIaev.exe
1884	bOfQMhu.exe
2952	CMwnNLC.exe
300	DbFsczO.exe
1572	hkrjaZN.exe
2516	hgQWDsM.exe
2768	chuExzj.exe
1416	tXbgkcL.exe
1956	kkdEPnm.exe
2648	aFDOTmt.exe
2028	ZbUFQFd.exe
1752	XklEgEE.exe
760	qEAXSOh.exe
1500	HrnALHc.exe

Loads dropped DLL 64 IoCs

pid	Process
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1916-0-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x000e00000001537c-6.dat	upx
behavioral1/files/0x00060000000191fd-11.dat	upx
behavioral1/files/0x000500000001a301-64.dat	upx
behavioral1/files/0x000500000001a07b-56.dat	upx
behavioral1/files/0x0006000000019220-38.dat	upx
behavioral1/memory/2636-37-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2788-52-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2744-50-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x0005000000019fb9-46.dat	upx
behavioral1/files/0x000700000001925d-44.dat	upx
behavioral1/files/0x00070000000194bd-34.dat	upx
behavioral1/memory/2576-63-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x000500000001a46a-182.dat	upx
behavioral1/memory/1916-1050-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2228-1167-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x000500000001a431-180.dat	upx
behavioral1/files/0x000500000001a4cc-176.dat	upx
behavioral1/files/0x000500000001a345-168.dat	upx
behavioral1/files/0x000500000001a4c8-164.dat	upx
behavioral1/files/0x000500000001a4c4-151.dat	upx
behavioral1/files/0x000500000001a4bb-138.dat	upx
behavioral1/memory/2008-133-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x000500000001a4b5-130.dat	upx
behavioral1/files/0x000500000001a48c-123.dat	upx
behavioral1/files/0x000500000001a434-122.dat	upx
behavioral1/files/0x000500000001a49c-119.dat	upx
behavioral1/files/0x000500000001a48e-112.dat	upx
behavioral1/memory/1824-108-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x000500000001a42d-88.dat	upx
behavioral1/memory/2696-83-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x000500000001a0a1-59.dat	upx
behavioral1/files/0x000500000001a4ce-185.dat	upx
behavioral1/files/0x000500000001a4ca-171.dat	upx
behavioral1/files/0x000500000001a4c6-160.dat	upx
behavioral1/files/0x000500000001a4c0-149.dat	upx
behavioral1/files/0x000500000001a4b7-147.dat	upx
behavioral1/files/0x000500000001a067-145.dat	upx
behavioral1/files/0x000500000001a4aa-144.dat	upx
behavioral1/files/0x000500000001a49a-126.dat	upx
behavioral1/files/0x000500000001a42f-96.dat	upx
behavioral1/files/0x000500000001a42b-95.dat	upx
behavioral1/memory/2652-79-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2124-75-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2584-74-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2228-73-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x0008000000019240-41.dat	upx
behavioral1/files/0x0006000000019238-30.dat	upx
behavioral1/memory/2824-28-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x0006000000019217-10.dat	upx
behavioral1/memory/2636-4009-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2124-4008-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2744-4011-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2696-4013-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2584-4012-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2228-4017-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2652-4016-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/1824-4015-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2576-4014-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2788-4018-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2008-4019-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2824-4010-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NwOnxXt.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\AtniMem.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\JSYRWEV.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\oNcEGqk.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\kAViWnU.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\CQQfVdm.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\rUQPyKS.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\ptGMbjm.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\HtBCvXl.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\BplZqMI.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\iUKlfqQ.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\VebREAS.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\XmSHGfX.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\cabmtbc.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\sUFfggQ.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\AelHffh.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\SNIdYmm.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\AcTBPRr.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\ufmpnks.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\SGKmFQS.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\hSejtrK.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\hgCcdaD.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\QYPZQel.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\TLQQrXG.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\OjCaPks.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\UPeyerB.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\rSwYYEI.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\aUpKXMw.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\wUCkxbM.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\nPlZWQt.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\sEGARNx.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\qBBiRoQ.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\KVFScyi.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\wbACQIx.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\ChfArzr.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\zOsMDoy.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\WVkgJkb.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\WiRMyHi.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\TlXPtWO.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\wyNsZTz.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\dfejiDj.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\drQnrKE.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\BkFgyCO.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\wYUbtZg.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\ParXfNT.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\ROmFulJ.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\URyOVct.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\PYRgrst.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\fsdZjId.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\WNcPlMm.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\peBlFHF.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\PRjykzg.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\WokURlu.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\bKCAHUP.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\eJbJUjZ.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\BuDiCeu.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\fAUknMY.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\EQehhLj.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\YhclDDw.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\rZRoZUP.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\dksWUPt.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\fAREyCM.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\XnNiCky.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
File created	C:\Windows\System\GTXaXPQ.exe	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 2124	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	32
PID 1916 wrote to memory of 2124	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	32
PID 1916 wrote to memory of 2124	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	32
PID 1916 wrote to memory of 2824	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	33
PID 1916 wrote to memory of 2824	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	33
PID 1916 wrote to memory of 2824	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	33
PID 1916 wrote to memory of 2636	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	34
PID 1916 wrote to memory of 2636	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	34
PID 1916 wrote to memory of 2636	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	34
PID 1916 wrote to memory of 2652	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	35
PID 1916 wrote to memory of 2652	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	35
PID 1916 wrote to memory of 2652	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	35
PID 1916 wrote to memory of 2744	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	36
PID 1916 wrote to memory of 2744	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	36
PID 1916 wrote to memory of 2744	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	36
PID 1916 wrote to memory of 2788	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	37
PID 1916 wrote to memory of 2788	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	37
PID 1916 wrote to memory of 2788	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	37
PID 1916 wrote to memory of 2696	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	38
PID 1916 wrote to memory of 2696	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	38
PID 1916 wrote to memory of 2696	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	38
PID 1916 wrote to memory of 2228	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	39
PID 1916 wrote to memory of 2228	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	39
PID 1916 wrote to memory of 2228	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	39
PID 1916 wrote to memory of 2576	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	40
PID 1916 wrote to memory of 2576	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	40
PID 1916 wrote to memory of 2576	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	40
PID 1916 wrote to memory of 2316	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	41
PID 1916 wrote to memory of 2316	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	41
PID 1916 wrote to memory of 2316	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	41
PID 1916 wrote to memory of 1824	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	42
PID 1916 wrote to memory of 1824	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	42
PID 1916 wrote to memory of 1824	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	42
PID 1916 wrote to memory of 2540	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	43
PID 1916 wrote to memory of 2540	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	43
PID 1916 wrote to memory of 2540	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	43
PID 1916 wrote to memory of 2584	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	44
PID 1916 wrote to memory of 2584	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	44
PID 1916 wrote to memory of 2584	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	44
PID 1916 wrote to memory of 2940	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	45
PID 1916 wrote to memory of 2940	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	45
PID 1916 wrote to memory of 2940	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	45
PID 1916 wrote to memory of 2008	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	46
PID 1916 wrote to memory of 2008	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	46
PID 1916 wrote to memory of 2008	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	46
PID 1916 wrote to memory of 2432	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	47
PID 1916 wrote to memory of 2432	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	47
PID 1916 wrote to memory of 2432	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	47
PID 1916 wrote to memory of 1676	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	48
PID 1916 wrote to memory of 1676	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	48
PID 1916 wrote to memory of 1676	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	48
PID 1916 wrote to memory of 1256	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	49
PID 1916 wrote to memory of 1256	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	49
PID 1916 wrote to memory of 1256	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	49
PID 1916 wrote to memory of 2368	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	50
PID 1916 wrote to memory of 2368	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	50
PID 1916 wrote to memory of 2368	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	50
PID 1916 wrote to memory of 1696	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	51
PID 1916 wrote to memory of 1696	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	51
PID 1916 wrote to memory of 1696	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	51
PID 1916 wrote to memory of 1624	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	52
PID 1916 wrote to memory of 1624	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	52
PID 1916 wrote to memory of 1624	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	52
PID 1916 wrote to memory of 1484	1916	d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe	53

C:\Users\Admin\AppData\Local\Temp\d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe
"C:\Users\Admin\AppData\Local\Temp\d446b3e86d42a90b22f4bc9f9a995d2bada8b81bb8f943df9540ea28d68242ddN.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\System\YqvMyNE.exe
  C:\Windows\System\YqvMyNE.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\nEqeSOP.exe
  C:\Windows\System\nEqeSOP.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\ipzSrvg.exe
  C:\Windows\System\ipzSrvg.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\gFxvQtf.exe
  C:\Windows\System\gFxvQtf.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\DsYOINu.exe
  C:\Windows\System\DsYOINu.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\sxpvYIr.exe
  C:\Windows\System\sxpvYIr.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\pCbzezy.exe
  C:\Windows\System\pCbzezy.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\jqHHyCR.exe
  C:\Windows\System\jqHHyCR.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\vYGMzMZ.exe
  C:\Windows\System\vYGMzMZ.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\TSLVnrk.exe
  C:\Windows\System\TSLVnrk.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\rWdYXyv.exe
  C:\Windows\System\rWdYXyv.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\SzLtvjE.exe
  C:\Windows\System\SzLtvjE.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\yzBPdmW.exe
  C:\Windows\System\yzBPdmW.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\ELxQgSs.exe
  C:\Windows\System\ELxQgSs.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\vsUVemO.exe
  C:\Windows\System\vsUVemO.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\LfOlcJc.exe
  C:\Windows\System\LfOlcJc.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\kkhGAHE.exe
  C:\Windows\System\kkhGAHE.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\NeVPceE.exe
  C:\Windows\System\NeVPceE.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\NHBJmvZ.exe
  C:\Windows\System\NHBJmvZ.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\PYhhLkA.exe
  C:\Windows\System\PYhhLkA.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\zcOTpsL.exe
  C:\Windows\System\zcOTpsL.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\gsFkAuY.exe
  C:\Windows\System\gsFkAuY.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\hsuaJxW.exe
  C:\Windows\System\hsuaJxW.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\DzchgBe.exe
  C:\Windows\System\DzchgBe.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\uJEyLGe.exe
  C:\Windows\System\uJEyLGe.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\WRvESlE.exe
  C:\Windows\System\WRvESlE.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\FnOgzQH.exe
  C:\Windows\System\FnOgzQH.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\fKswdlR.exe
  C:\Windows\System\fKswdlR.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\yMzfLzr.exe
  C:\Windows\System\yMzfLzr.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\LHioAOE.exe
  C:\Windows\System\LHioAOE.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\tMTmiDk.exe
  C:\Windows\System\tMTmiDk.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\eHvVfjQ.exe
  C:\Windows\System\eHvVfjQ.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\phqeJUK.exe
  C:\Windows\System\phqeJUK.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\CgbzWfj.exe
  C:\Windows\System\CgbzWfj.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\eAkSpeu.exe
  C:\Windows\System\eAkSpeu.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\gJnrcdY.exe
  C:\Windows\System\gJnrcdY.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\dDosRVz.exe
  C:\Windows\System\dDosRVz.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\TJwARNE.exe
  C:\Windows\System\TJwARNE.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\cjnnhoV.exe
  C:\Windows\System\cjnnhoV.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\fLiSXXd.exe
  C:\Windows\System\fLiSXXd.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\rExEeDw.exe
  C:\Windows\System\rExEeDw.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\iqCrCcw.exe
  C:\Windows\System\iqCrCcw.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\aokrqQC.exe
  C:\Windows\System\aokrqQC.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\cUpIaev.exe
  C:\Windows\System\cUpIaev.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\hmMAiKe.exe
  C:\Windows\System\hmMAiKe.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\bOfQMhu.exe
  C:\Windows\System\bOfQMhu.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\eIBVgIQ.exe
  C:\Windows\System\eIBVgIQ.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\CMwnNLC.exe
  C:\Windows\System\CMwnNLC.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\CXrTyPp.exe
  C:\Windows\System\CXrTyPp.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\DbFsczO.exe
  C:\Windows\System\DbFsczO.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\gACbtfC.exe
  C:\Windows\System\gACbtfC.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\hkrjaZN.exe
  C:\Windows\System\hkrjaZN.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\TlXPtWO.exe
  C:\Windows\System\TlXPtWO.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\hgQWDsM.exe
  C:\Windows\System\hgQWDsM.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\BPSbUxJ.exe
  C:\Windows\System\BPSbUxJ.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\chuExzj.exe
  C:\Windows\System\chuExzj.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\OmNwzei.exe
  C:\Windows\System\OmNwzei.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\aFDOTmt.exe
  C:\Windows\System\aFDOTmt.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\tXbgkcL.exe
  C:\Windows\System\tXbgkcL.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\ZbUFQFd.exe
  C:\Windows\System\ZbUFQFd.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\kkdEPnm.exe
  C:\Windows\System\kkdEPnm.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\XklEgEE.exe
  C:\Windows\System\XklEgEE.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\qEAXSOh.exe
  C:\Windows\System\qEAXSOh.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\HrnALHc.exe
  C:\Windows\System\HrnALHc.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\hBlZeVT.exe
  C:\Windows\System\hBlZeVT.exe
  2⤵
  PID:2220
- C:\Windows\System\HyoVPKz.exe
  C:\Windows\System\HyoVPKz.exe
  2⤵
  PID:1232
- C:\Windows\System\YhclDDw.exe
  C:\Windows\System\YhclDDw.exe
  2⤵
  PID:752
- C:\Windows\System\YtgbWyn.exe
  C:\Windows\System\YtgbWyn.exe
  2⤵
  PID:2712
- C:\Windows\System\gLEWtKn.exe
  C:\Windows\System\gLEWtKn.exe
  2⤵
  PID:784
- C:\Windows\System\KqnuUtD.exe
  C:\Windows\System\KqnuUtD.exe
  2⤵
  PID:2624
- C:\Windows\System\cgOHuaG.exe
  C:\Windows\System\cgOHuaG.exe
  2⤵
  PID:2784
- C:\Windows\System\aYmgIBz.exe
  C:\Windows\System\aYmgIBz.exe
  2⤵
  PID:2064
- C:\Windows\System\AToFZRD.exe
  C:\Windows\System\AToFZRD.exe
  2⤵
  PID:2528
- C:\Windows\System\kRUfWnL.exe
  C:\Windows\System\kRUfWnL.exe
  2⤵
  PID:2004
- C:\Windows\System\WYpSooi.exe
  C:\Windows\System\WYpSooi.exe
  2⤵
  PID:2092
- C:\Windows\System\dNeShSP.exe
  C:\Windows\System\dNeShSP.exe
  2⤵
  PID:1636
- C:\Windows\System\frehHwo.exe
  C:\Windows\System\frehHwo.exe
  2⤵
  PID:1688
- C:\Windows\System\tGCZYXu.exe
  C:\Windows\System\tGCZYXu.exe
  2⤵
  PID:2656
- C:\Windows\System\AoVXlrr.exe
  C:\Windows\System\AoVXlrr.exe
  2⤵
  PID:1580
- C:\Windows\System\oBSrmgm.exe
  C:\Windows\System\oBSrmgm.exe
  2⤵
  PID:2300
- C:\Windows\System\uWclTOW.exe
  C:\Windows\System\uWclTOW.exe
  2⤵
  PID:2828
- C:\Windows\System\MPGNKhv.exe
  C:\Windows\System\MPGNKhv.exe
  2⤵
  PID:2548
- C:\Windows\System\ocfshEt.exe
  C:\Windows\System\ocfshEt.exe
  2⤵
  PID:984
- C:\Windows\System\EQHcpaS.exe
  C:\Windows\System\EQHcpaS.exe
  2⤵
  PID:2080
- C:\Windows\System\ytAECIq.exe
  C:\Windows\System\ytAECIq.exe
  2⤵
  PID:2928
- C:\Windows\System\mbosDyH.exe
  C:\Windows\System\mbosDyH.exe
  2⤵
  PID:1816
- C:\Windows\System\mRbBVkq.exe
  C:\Windows\System\mRbBVkq.exe
  2⤵
  PID:872
- C:\Windows\System\spnQQPe.exe
  C:\Windows\System\spnQQPe.exe
  2⤵
  PID:1556
- C:\Windows\System\VfYyRaQ.exe
  C:\Windows\System\VfYyRaQ.exe
  2⤵
  PID:340
- C:\Windows\System\bPlQgRG.exe
  C:\Windows\System\bPlQgRG.exe
  2⤵
  PID:1304
- C:\Windows\System\clWqXKB.exe
  C:\Windows\System\clWqXKB.exe
  2⤵
  PID:2388
- C:\Windows\System\nTBTrUV.exe
  C:\Windows\System\nTBTrUV.exe
  2⤵
  PID:1740
- C:\Windows\System\OLHwakb.exe
  C:\Windows\System\OLHwakb.exe
  2⤵
  PID:2736
- C:\Windows\System\JqWTsue.exe
  C:\Windows\System\JqWTsue.exe
  2⤵
  PID:1992
- C:\Windows\System\GKFNsTk.exe
  C:\Windows\System\GKFNsTk.exe
  2⤵
  PID:1312
- C:\Windows\System\JHdQSwv.exe
  C:\Windows\System\JHdQSwv.exe
  2⤵
  PID:1728
- C:\Windows\System\VbUNWsW.exe
  C:\Windows\System\VbUNWsW.exe
  2⤵
  PID:2996
- C:\Windows\System\KaShYvN.exe
  C:\Windows\System\KaShYvN.exe
  2⤵
  PID:1672
- C:\Windows\System\AHekJPg.exe
  C:\Windows\System\AHekJPg.exe
  2⤵
  PID:2960
- C:\Windows\System\iDaXJuR.exe
  C:\Windows\System\iDaXJuR.exe
  2⤵
  PID:2308
- C:\Windows\System\IUahMxc.exe
  C:\Windows\System\IUahMxc.exe
  2⤵
  PID:2312
- C:\Windows\System\wUCkxbM.exe
  C:\Windows\System\wUCkxbM.exe
  2⤵
  PID:2692
- C:\Windows\System\cZkvXdP.exe
  C:\Windows\System\cZkvXdP.exe
  2⤵
  PID:2192
- C:\Windows\System\JOStrPZ.exe
  C:\Windows\System\JOStrPZ.exe
  2⤵
  PID:3076
- C:\Windows\System\RFQgKBh.exe
  C:\Windows\System\RFQgKBh.exe
  2⤵
  PID:3092
- C:\Windows\System\xGGlQqr.exe
  C:\Windows\System\xGGlQqr.exe
  2⤵
  PID:3116
- C:\Windows\System\rgXhuFB.exe
  C:\Windows\System\rgXhuFB.exe
  2⤵
  PID:3132
- C:\Windows\System\suyvKrB.exe
  C:\Windows\System\suyvKrB.exe
  2⤵
  PID:3148
- C:\Windows\System\GBSwMNr.exe
  C:\Windows\System\GBSwMNr.exe
  2⤵
  PID:3172
- C:\Windows\System\ISiIDXS.exe
  C:\Windows\System\ISiIDXS.exe
  2⤵
  PID:3192
- C:\Windows\System\qjHwDFW.exe
  C:\Windows\System\qjHwDFW.exe
  2⤵
  PID:3212
- C:\Windows\System\hRqRuxk.exe
  C:\Windows\System\hRqRuxk.exe
  2⤵
  PID:3232
- C:\Windows\System\HYRntKM.exe
  C:\Windows\System\HYRntKM.exe
  2⤵
  PID:3252
- C:\Windows\System\OHPsfXG.exe
  C:\Windows\System\OHPsfXG.exe
  2⤵
  PID:3272
- C:\Windows\System\gUBZpZT.exe
  C:\Windows\System\gUBZpZT.exe
  2⤵
  PID:3292
- C:\Windows\System\BwkDRHv.exe
  C:\Windows\System\BwkDRHv.exe
  2⤵
  PID:3316
- C:\Windows\System\ZgksdRT.exe
  C:\Windows\System\ZgksdRT.exe
  2⤵
  PID:3336
- C:\Windows\System\CBDMOEv.exe
  C:\Windows\System\CBDMOEv.exe
  2⤵
  PID:3356
- C:\Windows\System\fpEVKmT.exe
  C:\Windows\System\fpEVKmT.exe
  2⤵
  PID:3372
- C:\Windows\System\KXBlqqZ.exe
  C:\Windows\System\KXBlqqZ.exe
  2⤵
  PID:3396
- C:\Windows\System\qqKTfYb.exe
  C:\Windows\System\qqKTfYb.exe
  2⤵
  PID:3412
- C:\Windows\System\eBDLwCr.exe
  C:\Windows\System\eBDLwCr.exe
  2⤵
  PID:3432
- C:\Windows\System\OetOPxQ.exe
  C:\Windows\System\OetOPxQ.exe
  2⤵
  PID:3448
- C:\Windows\System\mRqXtlL.exe
  C:\Windows\System\mRqXtlL.exe
  2⤵
  PID:3468
- C:\Windows\System\cGSHLaE.exe
  C:\Windows\System\cGSHLaE.exe
  2⤵
  PID:3488
- C:\Windows\System\iwtzSaB.exe
  C:\Windows\System\iwtzSaB.exe
  2⤵
  PID:3512
- C:\Windows\System\eNqEEuW.exe
  C:\Windows\System\eNqEEuW.exe
  2⤵
  PID:3528
- C:\Windows\System\UpMrUrb.exe
  C:\Windows\System\UpMrUrb.exe
  2⤵
  PID:3552
- C:\Windows\System\wzGdLlH.exe
  C:\Windows\System\wzGdLlH.exe
  2⤵
  PID:3568
- C:\Windows\System\jbfGNXL.exe
  C:\Windows\System\jbfGNXL.exe
  2⤵
  PID:3592
- C:\Windows\System\aEmIYdU.exe
  C:\Windows\System\aEmIYdU.exe
  2⤵
  PID:3612
- C:\Windows\System\VfjhrHo.exe
  C:\Windows\System\VfjhrHo.exe
  2⤵
  PID:3628
- C:\Windows\System\KlpLTxE.exe
  C:\Windows\System\KlpLTxE.exe
  2⤵
  PID:3648
- C:\Windows\System\ikFDEav.exe
  C:\Windows\System\ikFDEav.exe
  2⤵
  PID:3668
- C:\Windows\System\VXlKCBO.exe
  C:\Windows\System\VXlKCBO.exe
  2⤵
  PID:3696
- C:\Windows\System\ETChYmB.exe
  C:\Windows\System\ETChYmB.exe
  2⤵
  PID:3712
- C:\Windows\System\jJhMrtb.exe
  C:\Windows\System\jJhMrtb.exe
  2⤵
  PID:3732
- C:\Windows\System\RKKRkFF.exe
  C:\Windows\System\RKKRkFF.exe
  2⤵
  PID:3752
- C:\Windows\System\dtOVojP.exe
  C:\Windows\System\dtOVojP.exe
  2⤵
  PID:3768
- C:\Windows\System\CEktgxo.exe
  C:\Windows\System\CEktgxo.exe
  2⤵
  PID:3788
- C:\Windows\System\AehguwK.exe
  C:\Windows\System\AehguwK.exe
  2⤵
  PID:3804
- C:\Windows\System\ETHRlvB.exe
  C:\Windows\System\ETHRlvB.exe
  2⤵
  PID:3832
- C:\Windows\System\bhikgAZ.exe
  C:\Windows\System\bhikgAZ.exe
  2⤵
  PID:3852
- C:\Windows\System\xvnmnZk.exe
  C:\Windows\System\xvnmnZk.exe
  2⤵
  PID:3872
- C:\Windows\System\hNVzzVp.exe
  C:\Windows\System\hNVzzVp.exe
  2⤵
  PID:3892
- C:\Windows\System\vAdTraU.exe
  C:\Windows\System\vAdTraU.exe
  2⤵
  PID:3908
- C:\Windows\System\XEToLjY.exe
  C:\Windows\System\XEToLjY.exe
  2⤵
  PID:3928
- C:\Windows\System\UCkhskE.exe
  C:\Windows\System\UCkhskE.exe
  2⤵
  PID:3944
- C:\Windows\System\etTaVtX.exe
  C:\Windows\System\etTaVtX.exe
  2⤵
  PID:3964
- C:\Windows\System\rHPKWuf.exe
  C:\Windows\System\rHPKWuf.exe
  2⤵
  PID:3988
- C:\Windows\System\QjfCpOb.exe
  C:\Windows\System\QjfCpOb.exe
  2⤵
  PID:4008
- C:\Windows\System\BqWTpnd.exe
  C:\Windows\System\BqWTpnd.exe
  2⤵
  PID:4028
- C:\Windows\System\JcDQHLg.exe
  C:\Windows\System\JcDQHLg.exe
  2⤵
  PID:4056
- C:\Windows\System\FwrGsjf.exe
  C:\Windows\System\FwrGsjf.exe
  2⤵
  PID:4076
- C:\Windows\System\bCQglap.exe
  C:\Windows\System\bCQglap.exe
  2⤵
  PID:4092
- C:\Windows\System\WBINqOx.exe
  C:\Windows\System\WBINqOx.exe
  2⤵
  PID:2716
- C:\Windows\System\uNJlXbL.exe
  C:\Windows\System\uNJlXbL.exe
  2⤵
  PID:1028
- C:\Windows\System\BOASNqO.exe
  C:\Windows\System\BOASNqO.exe
  2⤵
  PID:816
- C:\Windows\System\iuDLeTd.exe
  C:\Windows\System\iuDLeTd.exe
  2⤵
  PID:2864
- C:\Windows\System\kXYzTbi.exe
  C:\Windows\System\kXYzTbi.exe
  2⤵
  PID:2620
- C:\Windows\System\HDAOCEn.exe
  C:\Windows\System\HDAOCEn.exe
  2⤵
  PID:304
- C:\Windows\System\ubGYcai.exe
  C:\Windows\System\ubGYcai.exe
  2⤵
  PID:1908
- C:\Windows\System\DLxaMlR.exe
  C:\Windows\System\DLxaMlR.exe
  2⤵
  PID:3100
- C:\Windows\System\jEgrrGy.exe
  C:\Windows\System\jEgrrGy.exe
  2⤵
  PID:1652
- C:\Windows\System\IEtuaGs.exe
  C:\Windows\System\IEtuaGs.exe
  2⤵
  PID:532
- C:\Windows\System\LRbKWDd.exe
  C:\Windows\System\LRbKWDd.exe
  2⤵
  PID:3180
- C:\Windows\System\qpUJlui.exe
  C:\Windows\System\qpUJlui.exe
  2⤵
  PID:3184
- C:\Windows\System\HgbQQtM.exe
  C:\Windows\System\HgbQQtM.exe
  2⤵
  PID:3164
- C:\Windows\System\pvTDbLQ.exe
  C:\Windows\System\pvTDbLQ.exe
  2⤵
  PID:3268
- C:\Windows\System\sJLfIvJ.exe
  C:\Windows\System\sJLfIvJ.exe
  2⤵
  PID:3244
- C:\Windows\System\AjjVhfq.exe
  C:\Windows\System\AjjVhfq.exe
  2⤵
  PID:3304
- C:\Windows\System\OuiWaHk.exe
  C:\Windows\System\OuiWaHk.exe
  2⤵
  PID:3348
- C:\Windows\System\zliZlly.exe
  C:\Windows\System\zliZlly.exe
  2⤵
  PID:3384
- C:\Windows\System\wYUbtZg.exe
  C:\Windows\System\wYUbtZg.exe
  2⤵
  PID:3328
- C:\Windows\System\snTyyaM.exe
  C:\Windows\System\snTyyaM.exe
  2⤵
  PID:3424
- C:\Windows\System\BpaIBQq.exe
  C:\Windows\System\BpaIBQq.exe
  2⤵
  PID:3496
- C:\Windows\System\OKvmJNz.exe
  C:\Windows\System\OKvmJNz.exe
  2⤵
  PID:3408
- C:\Windows\System\NoqZthp.exe
  C:\Windows\System\NoqZthp.exe
  2⤵
  PID:3536
- C:\Windows\System\HEZjTNo.exe
  C:\Windows\System\HEZjTNo.exe
  2⤵
  PID:3588
- C:\Windows\System\QdxCfoO.exe
  C:\Windows\System\QdxCfoO.exe
  2⤵
  PID:3580
- C:\Windows\System\CedurUw.exe
  C:\Windows\System\CedurUw.exe
  2⤵
  PID:3560
- C:\Windows\System\lRQwmrA.exe
  C:\Windows\System\lRQwmrA.exe
  2⤵
  PID:3608
- C:\Windows\System\DEGuAai.exe
  C:\Windows\System\DEGuAai.exe
  2⤵
  PID:3748
- C:\Windows\System\TcRChPe.exe
  C:\Windows\System\TcRChPe.exe
  2⤵
  PID:3784
- C:\Windows\System\oTqkfai.exe
  C:\Windows\System\oTqkfai.exe
  2⤵
  PID:3820
- C:\Windows\System\RsJonWw.exe
  C:\Windows\System\RsJonWw.exe
  2⤵
  PID:3728
- C:\Windows\System\XhdMIbY.exe
  C:\Windows\System\XhdMIbY.exe
  2⤵
  PID:3760
- C:\Windows\System\OwUkZOy.exe
  C:\Windows\System\OwUkZOy.exe
  2⤵
  PID:3800
- C:\Windows\System\AMEGShV.exe
  C:\Windows\System\AMEGShV.exe
  2⤵
  PID:3980
- C:\Windows\System\rZRoZUP.exe
  C:\Windows\System\rZRoZUP.exe
  2⤵
  PID:3884
- C:\Windows\System\BIzrCuT.exe
  C:\Windows\System\BIzrCuT.exe
  2⤵
  PID:4024
- C:\Windows\System\JnejwVl.exe
  C:\Windows\System\JnejwVl.exe
  2⤵
  PID:2560
- C:\Windows\System\BdWkktk.exe
  C:\Windows\System\BdWkktk.exe
  2⤵
  PID:800
- C:\Windows\System\jEXDaiu.exe
  C:\Windows\System\jEXDaiu.exe
  2⤵
  PID:2404
- C:\Windows\System\NHukwUb.exe
  C:\Windows\System\NHukwUb.exe
  2⤵
  PID:4004
- C:\Windows\System\kigNJTv.exe
  C:\Windows\System\kigNJTv.exe
  2⤵
  PID:4040
- C:\Windows\System\jQOUwpz.exe
  C:\Windows\System\jQOUwpz.exe
  2⤵
  PID:3104
- C:\Windows\System\ULRnJXV.exe
  C:\Windows\System\ULRnJXV.exe
  2⤵
  PID:4052
- C:\Windows\System\twTcOvk.exe
  C:\Windows\System\twTcOvk.exe
  2⤵
  PID:3160
- C:\Windows\System\mdDyaEp.exe
  C:\Windows\System\mdDyaEp.exe
  2⤵
  PID:3388
- C:\Windows\System\wrtPhxn.exe
  C:\Windows\System\wrtPhxn.exe
  2⤵
  PID:1512
- C:\Windows\System\DLaoDsb.exe
  C:\Windows\System\DLaoDsb.exe
  2⤵
  PID:1548
- C:\Windows\System\MVYgKFU.exe
  C:\Windows\System\MVYgKFU.exe
  2⤵
  PID:3484
- C:\Windows\System\FViGejJ.exe
  C:\Windows\System\FViGejJ.exe
  2⤵
  PID:2912
- C:\Windows\System\dRcAgRW.exe
  C:\Windows\System\dRcAgRW.exe
  2⤵
  PID:3224
- C:\Windows\System\hSejtrK.exe
  C:\Windows\System\hSejtrK.exe
  2⤵
  PID:3280
- C:\Windows\System\oAmLUsw.exe
  C:\Windows\System\oAmLUsw.exe
  2⤵
  PID:3704
- C:\Windows\System\HxRZJjl.exe
  C:\Windows\System\HxRZJjl.exe
  2⤵
  PID:3584
- C:\Windows\System\TXCTXUy.exe
  C:\Windows\System\TXCTXUy.exe
  2⤵
  PID:3548
- C:\Windows\System\uIgOZIh.exe
  C:\Windows\System\uIgOZIh.exe
  2⤵
  PID:3428
- C:\Windows\System\rcXMuIL.exe
  C:\Windows\System\rcXMuIL.exe
  2⤵
  PID:3600
- C:\Windows\System\OWkhjBI.exe
  C:\Windows\System\OWkhjBI.exe
  2⤵
  PID:3688
- C:\Windows\System\tKXZTYb.exe
  C:\Windows\System\tKXZTYb.exe
  2⤵
  PID:3720
- C:\Windows\System\pZQoZtc.exe
  C:\Windows\System\pZQoZtc.exe
  2⤵
  PID:3976
- C:\Windows\System\doqXhdx.exe
  C:\Windows\System\doqXhdx.exe
  2⤵
  PID:3848
- C:\Windows\System\nbrbFdr.exe
  C:\Windows\System\nbrbFdr.exe
  2⤵
  PID:2980
- C:\Windows\System\AiocdqN.exe
  C:\Windows\System\AiocdqN.exe
  2⤵
  PID:4016
- C:\Windows\System\qZjvNPY.exe
  C:\Windows\System\qZjvNPY.exe
  2⤵
  PID:3112
- C:\Windows\System\iiujlAx.exe
  C:\Windows\System\iiujlAx.exe
  2⤵
  PID:3344
- C:\Windows\System\SVktkIj.exe
  C:\Windows\System\SVktkIj.exe
  2⤵
  PID:2052
- C:\Windows\System\KzcnfAd.exe
  C:\Windows\System\KzcnfAd.exe
  2⤵
  PID:3996
- C:\Windows\System\MkdrVyC.exe
  C:\Windows\System\MkdrVyC.exe
  2⤵
  PID:4088
- C:\Windows\System\HzLckCk.exe
  C:\Windows\System\HzLckCk.exe
  2⤵
  PID:3460
- C:\Windows\System\bnBXyUL.exe
  C:\Windows\System\bnBXyUL.exe
  2⤵
  PID:3524
- C:\Windows\System\DlnWbsI.exe
  C:\Windows\System\DlnWbsI.exe
  2⤵
  PID:3708
- C:\Windows\System\ioOrKRb.exe
  C:\Windows\System\ioOrKRb.exe
  2⤵
  PID:3228
- C:\Windows\System\dhtEFuN.exe
  C:\Windows\System\dhtEFuN.exe
  2⤵
  PID:3288
- C:\Windows\System\xmNsduF.exe
  C:\Windows\System\xmNsduF.exe
  2⤵
  PID:4104
- C:\Windows\System\TAJHKBf.exe
  C:\Windows\System\TAJHKBf.exe
  2⤵
  PID:4120
- C:\Windows\System\oTXIWAw.exe
  C:\Windows\System\oTXIWAw.exe
  2⤵
  PID:4136
- C:\Windows\System\GzcGvCy.exe
  C:\Windows\System\GzcGvCy.exe
  2⤵
  PID:4152
- C:\Windows\System\qCMQvQq.exe
  C:\Windows\System\qCMQvQq.exe
  2⤵
  PID:4172
- C:\Windows\System\kykoPFD.exe
  C:\Windows\System\kykoPFD.exe
  2⤵
  PID:4192
- C:\Windows\System\YhJODNW.exe
  C:\Windows\System\YhJODNW.exe
  2⤵
  PID:4208
- C:\Windows\System\JFjhSjK.exe
  C:\Windows\System\JFjhSjK.exe
  2⤵
  PID:4232
- C:\Windows\System\uwRrfvD.exe
  C:\Windows\System\uwRrfvD.exe
  2⤵
  PID:4248
- C:\Windows\System\xzujQzE.exe
  C:\Windows\System\xzujQzE.exe
  2⤵
  PID:4268
- C:\Windows\System\SHBNgnr.exe
  C:\Windows\System\SHBNgnr.exe
  2⤵
  PID:4292
- C:\Windows\System\tIWKZiU.exe
  C:\Windows\System\tIWKZiU.exe
  2⤵
  PID:4308
- C:\Windows\System\YUrnvOK.exe
  C:\Windows\System\YUrnvOK.exe
  2⤵
  PID:4332
- C:\Windows\System\eejHxDl.exe
  C:\Windows\System\eejHxDl.exe
  2⤵
  PID:4352
- C:\Windows\System\sXibkwv.exe
  C:\Windows\System\sXibkwv.exe
  2⤵
  PID:4368
- C:\Windows\System\PYCljXs.exe
  C:\Windows\System\PYCljXs.exe
  2⤵
  PID:4388
- C:\Windows\System\hLBsyNW.exe
  C:\Windows\System\hLBsyNW.exe
  2⤵
  PID:4404
- C:\Windows\System\MwwlfiI.exe
  C:\Windows\System\MwwlfiI.exe
  2⤵
  PID:4428
- C:\Windows\System\nZBOtvJ.exe
  C:\Windows\System\nZBOtvJ.exe
  2⤵
  PID:4452
- C:\Windows\System\ISXRamr.exe
  C:\Windows\System\ISXRamr.exe
  2⤵
  PID:4468
- C:\Windows\System\hkORiJu.exe
  C:\Windows\System\hkORiJu.exe
  2⤵
  PID:4512
- C:\Windows\System\buuoYsB.exe
  C:\Windows\System\buuoYsB.exe
  2⤵
  PID:4528
- C:\Windows\System\YbHvYVr.exe
  C:\Windows\System\YbHvYVr.exe
  2⤵
  PID:4548
- C:\Windows\System\BvHfosw.exe
  C:\Windows\System\BvHfosw.exe
  2⤵
  PID:4572
- C:\Windows\System\XJQYSBO.exe
  C:\Windows\System\XJQYSBO.exe
  2⤵
  PID:4588
- C:\Windows\System\IqIaGzN.exe
  C:\Windows\System\IqIaGzN.exe
  2⤵
  PID:4608
- C:\Windows\System\TUERPlK.exe
  C:\Windows\System\TUERPlK.exe
  2⤵
  PID:4624
- C:\Windows\System\qkTFtxK.exe
  C:\Windows\System\qkTFtxK.exe
  2⤵
  PID:4644
- C:\Windows\System\iQpIWYu.exe
  C:\Windows\System\iQpIWYu.exe
  2⤵
  PID:4660
- C:\Windows\System\lSpVFVv.exe
  C:\Windows\System\lSpVFVv.exe
  2⤵
  PID:4676
- C:\Windows\System\MRswlDk.exe
  C:\Windows\System\MRswlDk.exe
  2⤵
  PID:4692
- C:\Windows\System\neKRuhE.exe
  C:\Windows\System\neKRuhE.exe
  2⤵
  PID:4708
- C:\Windows\System\uHVMrLa.exe
  C:\Windows\System\uHVMrLa.exe
  2⤵
  PID:4728
- C:\Windows\System\RCBmXbK.exe
  C:\Windows\System\RCBmXbK.exe
  2⤵
  PID:4744
- C:\Windows\System\QBxJxvU.exe
  C:\Windows\System\QBxJxvU.exe
  2⤵
  PID:4760
- C:\Windows\System\OXvEWdK.exe
  C:\Windows\System\OXvEWdK.exe
  2⤵
  PID:4776
- C:\Windows\System\hzGxTAp.exe
  C:\Windows\System\hzGxTAp.exe
  2⤵
  PID:4800
- C:\Windows\System\kYwnLsd.exe
  C:\Windows\System\kYwnLsd.exe
  2⤵
  PID:4824
- C:\Windows\System\EsbvEpz.exe
  C:\Windows\System\EsbvEpz.exe
  2⤵
  PID:4848
- C:\Windows\System\QKUhOPI.exe
  C:\Windows\System\QKUhOPI.exe
  2⤵
  PID:4864
- C:\Windows\System\qjuPFgD.exe
  C:\Windows\System\qjuPFgD.exe
  2⤵
  PID:4920
- C:\Windows\System\GIRQYwK.exe
  C:\Windows\System\GIRQYwK.exe
  2⤵
  PID:4936
- C:\Windows\System\cmxgSyn.exe
  C:\Windows\System\cmxgSyn.exe
  2⤵
  PID:4956
- C:\Windows\System\Lkxkfso.exe
  C:\Windows\System\Lkxkfso.exe
  2⤵
  PID:4972
- C:\Windows\System\IjkUOLt.exe
  C:\Windows\System\IjkUOLt.exe
  2⤵
  PID:4988
- C:\Windows\System\fGqyXOM.exe
  C:\Windows\System\fGqyXOM.exe
  2⤵
  PID:5012
- C:\Windows\System\GzhSGop.exe
  C:\Windows\System\GzhSGop.exe
  2⤵
  PID:5032
- C:\Windows\System\LgpdneF.exe
  C:\Windows\System\LgpdneF.exe
  2⤵
  PID:5048
- C:\Windows\System\mvMsSGR.exe
  C:\Windows\System\mvMsSGR.exe
  2⤵
  PID:5064
- C:\Windows\System\xRsESEz.exe
  C:\Windows\System\xRsESEz.exe
  2⤵
  PID:5088
- C:\Windows\System\GBQgZUL.exe
  C:\Windows\System\GBQgZUL.exe
  2⤵
  PID:5104
- C:\Windows\System\smpNRmo.exe
  C:\Windows\System\smpNRmo.exe
  2⤵
  PID:3844
- C:\Windows\System\ccQDLkR.exe
  C:\Windows\System\ccQDLkR.exe
  2⤵
  PID:4072
- C:\Windows\System\VuxUvuP.exe
  C:\Windows\System\VuxUvuP.exe
  2⤵
  PID:3924
- C:\Windows\System\UWsWegH.exe
  C:\Windows\System\UWsWegH.exe
  2⤵
  PID:316
- C:\Windows\System\uHWGkzY.exe
  C:\Windows\System\uHWGkzY.exe
  2⤵
  PID:4084
- C:\Windows\System\dbakTSx.exe
  C:\Windows\System\dbakTSx.exe
  2⤵
  PID:2292
- C:\Windows\System\GBYRQqD.exe
  C:\Windows\System\GBYRQqD.exe
  2⤵
  PID:3776
- C:\Windows\System\woyCaFY.exe
  C:\Windows\System\woyCaFY.exe
  2⤵
  PID:4164
- C:\Windows\System\ParXfNT.exe
  C:\Windows\System\ParXfNT.exe
  2⤵
  PID:4288
- C:\Windows\System\CCaoXWo.exe
  C:\Windows\System\CCaoXWo.exe
  2⤵
  PID:3676
- C:\Windows\System\asuhFzr.exe
  C:\Windows\System\asuhFzr.exe
  2⤵
  PID:4328
- C:\Windows\System\rUQPyKS.exe
  C:\Windows\System\rUQPyKS.exe
  2⤵
  PID:3880
- C:\Windows\System\kkCrEDt.exe
  C:\Windows\System\kkCrEDt.exe
  2⤵
  PID:3916
- C:\Windows\System\WStpDqp.exe
  C:\Windows\System\WStpDqp.exe
  2⤵
  PID:4400
- C:\Windows\System\jgbZTOB.exe
  C:\Windows\System\jgbZTOB.exe
  2⤵
  PID:4476
- C:\Windows\System\TTKTukX.exe
  C:\Windows\System\TTKTukX.exe
  2⤵
  PID:4492
- C:\Windows\System\geOVKZA.exe
  C:\Windows\System\geOVKZA.exe
  2⤵
  PID:4508
- C:\Windows\System\QDLBhxP.exe
  C:\Windows\System\QDLBhxP.exe
  2⤵
  PID:3036
- C:\Windows\System\cIJQXjf.exe
  C:\Windows\System\cIJQXjf.exe
  2⤵
  PID:4620
- C:\Windows\System\IPwOExC.exe
  C:\Windows\System\IPwOExC.exe
  2⤵
  PID:4000
- C:\Windows\System\jjJNJFu.exe
  C:\Windows\System\jjJNJFu.exe
  2⤵
  PID:3692
- C:\Windows\System\ELfGzPo.exe
  C:\Windows\System\ELfGzPo.exe
  2⤵
  PID:4116
- C:\Windows\System\iOfKdLS.exe
  C:\Windows\System\iOfKdLS.exe
  2⤵
  PID:4220
- C:\Windows\System\aomhToX.exe
  C:\Windows\System\aomhToX.exe
  2⤵
  PID:2836
- C:\Windows\System\jcBZdSB.exe
  C:\Windows\System\jcBZdSB.exe
  2⤵
  PID:4784
- C:\Windows\System\PMJTywZ.exe
  C:\Windows\System\PMJTywZ.exe
  2⤵
  PID:4376
- C:\Windows\System\hQqrRRz.exe
  C:\Windows\System\hQqrRRz.exe
  2⤵
  PID:4416
- C:\Windows\System\nnntKBR.exe
  C:\Windows\System\nnntKBR.exe
  2⤵
  PID:4148
- C:\Windows\System\Obdpaqo.exe
  C:\Windows\System\Obdpaqo.exe
  2⤵
  PID:4300
- C:\Windows\System\cfEsFas.exe
  C:\Windows\System\cfEsFas.exe
  2⤵
  PID:4184
- C:\Windows\System\dyUYKBv.exe
  C:\Windows\System\dyUYKBv.exe
  2⤵
  PID:4788
- C:\Windows\System\OolkdCQ.exe
  C:\Windows\System\OolkdCQ.exe
  2⤵
  PID:4844
- C:\Windows\System\wEADwuo.exe
  C:\Windows\System\wEADwuo.exe
  2⤵
  PID:2680
- C:\Windows\System\GtxjZJx.exe
  C:\Windows\System\GtxjZJx.exe
  2⤵
  PID:4884
- C:\Windows\System\FLsvsdS.exe
  C:\Windows\System\FLsvsdS.exe
  2⤵
  PID:4900
- C:\Windows\System\ICfhzli.exe
  C:\Windows\System\ICfhzli.exe
  2⤵
  PID:4908
- C:\Windows\System\KRhnVaO.exe
  C:\Windows\System\KRhnVaO.exe
  2⤵
  PID:4952
- C:\Windows\System\fscaHtY.exe
  C:\Windows\System\fscaHtY.exe
  2⤵
  PID:4632
- C:\Windows\System\oDhHses.exe
  C:\Windows\System\oDhHses.exe
  2⤵
  PID:4772
- C:\Windows\System\tYfcOKL.exe
  C:\Windows\System\tYfcOKL.exe
  2⤵
  PID:4820
- C:\Windows\System\IhjmjMu.exe
  C:\Windows\System\IhjmjMu.exe
  2⤵
  PID:4700
- C:\Windows\System\QdRNmlC.exe
  C:\Windows\System\QdRNmlC.exe
  2⤵
  PID:4668
- C:\Windows\System\SADBOou.exe
  C:\Windows\System\SADBOou.exe
  2⤵
  PID:4556
- C:\Windows\System\MlnGexB.exe
  C:\Windows\System\MlnGexB.exe
  2⤵
  PID:3008
- C:\Windows\System\eMQfyQV.exe
  C:\Windows\System\eMQfyQV.exe
  2⤵
  PID:5072
- C:\Windows\System\VKVaVfr.exe
  C:\Windows\System\VKVaVfr.exe
  2⤵
  PID:3660
- C:\Windows\System\ePVZsas.exe
  C:\Windows\System\ePVZsas.exe
  2⤵
  PID:2936
- C:\Windows\System\ujUaGOY.exe
  C:\Windows\System\ujUaGOY.exe
  2⤵
  PID:3840
- C:\Windows\System\lbjDKjy.exe
  C:\Windows\System\lbjDKjy.exe
  2⤵
  PID:3656
- C:\Windows\System\MIlUyKU.exe
  C:\Windows\System\MIlUyKU.exe
  2⤵
  PID:4160
- C:\Windows\System\pqbTCQA.exe
  C:\Windows\System\pqbTCQA.exe
  2⤵
  PID:4704
- C:\Windows\System\GtJvwgX.exe
  C:\Windows\System\GtJvwgX.exe
  2⤵
  PID:624
- C:\Windows\System\baUWsUL.exe
  C:\Windows\System\baUWsUL.exe
  2⤵
  PID:5004
- C:\Windows\System\RnCqvqb.exe
  C:\Windows\System\RnCqvqb.exe
  2⤵
  PID:5020
- C:\Windows\System\wCnxmox.exe
  C:\Windows\System\wCnxmox.exe
  2⤵
  PID:5056
- C:\Windows\System\hoLrHNW.exe
  C:\Windows\System\hoLrHNW.exe
  2⤵
  PID:5084
- C:\Windows\System\xejFHgp.exe
  C:\Windows\System\xejFHgp.exe
  2⤵
  PID:5116
- C:\Windows\System\pcEYQhY.exe
  C:\Windows\System\pcEYQhY.exe
  2⤵
  PID:4132
- C:\Windows\System\NGhjPcK.exe
  C:\Windows\System\NGhjPcK.exe
  2⤵
  PID:2248
- C:\Windows\System\xbWCMCk.exe
  C:\Windows\System\xbWCMCk.exe
  2⤵
  PID:4244
- C:\Windows\System\CnILvGx.exe
  C:\Windows\System\CnILvGx.exe
  2⤵
  PID:4444
- C:\Windows\System\UCbuBaD.exe
  C:\Windows\System\UCbuBaD.exe
  2⤵
  PID:3248
- C:\Windows\System\NlivriC.exe
  C:\Windows\System\NlivriC.exe
  2⤵
  PID:4792
- C:\Windows\System\pCwWkTC.exe
  C:\Windows\System\pCwWkTC.exe
  2⤵
  PID:4896
- C:\Windows\System\pxPDqEQ.exe
  C:\Windows\System\pxPDqEQ.exe
  2⤵
  PID:4524
- C:\Windows\System\GMzRsFS.exe
  C:\Windows\System\GMzRsFS.exe
  2⤵
  PID:4320
- C:\Windows\System\IAieORi.exe
  C:\Windows\System\IAieORi.exe
  2⤵
  PID:4340
- C:\Windows\System\xPSpUDK.exe
  C:\Windows\System\xPSpUDK.exe
  2⤵
  PID:4752
- C:\Windows\System\FfjyYMC.exe
  C:\Windows\System\FfjyYMC.exe
  2⤵
  PID:3420
- C:\Windows\System\xDjydTB.exe
  C:\Windows\System\xDjydTB.exe
  2⤵
  PID:4448
- C:\Windows\System\XCxsrWw.exe
  C:\Windows\System\XCxsrWw.exe
  2⤵
  PID:3860
- C:\Windows\System\TZGJTID.exe
  C:\Windows\System\TZGJTID.exe
  2⤵
  PID:3576
- C:\Windows\System\lqyllQg.exe
  C:\Windows\System\lqyllQg.exe
  2⤵
  PID:4344
- C:\Windows\System\iZJmyas.exe
  C:\Windows\System\iZJmyas.exe
  2⤵
  PID:4420
- C:\Windows\System\SlAGCun.exe
  C:\Windows\System\SlAGCun.exe
  2⤵
  PID:4256
- C:\Windows\System\bBvDQhN.exe
  C:\Windows\System\bBvDQhN.exe
  2⤵
  PID:4564
- C:\Windows\System\LqAvFjH.exe
  C:\Windows\System\LqAvFjH.exe
  2⤵
  PID:4968
- C:\Windows\System\ELRgVOP.exe
  C:\Windows\System\ELRgVOP.exe
  2⤵
  PID:4980
- C:\Windows\System\vbdMAcb.exe
  C:\Windows\System\vbdMAcb.exe
  2⤵
  PID:5100
- C:\Windows\System\IVZRrLE.exe
  C:\Windows\System\IVZRrLE.exe
  2⤵
  PID:3444
- C:\Windows\System\JjvzgVO.exe
  C:\Windows\System\JjvzgVO.exe
  2⤵
  PID:4636
- C:\Windows\System\zMkiBbU.exe
  C:\Windows\System\zMkiBbU.exe
  2⤵
  PID:4812
- C:\Windows\System\bypTYgo.exe
  C:\Windows\System\bypTYgo.exe
  2⤵
  PID:4464
- C:\Windows\System\nigCOOW.exe
  C:\Windows\System\nigCOOW.exe
  2⤵
  PID:5160
- C:\Windows\System\MxwSCMF.exe
  C:\Windows\System\MxwSCMF.exe
  2⤵
  PID:5176
- C:\Windows\System\QUwMUey.exe
  C:\Windows\System\QUwMUey.exe
  2⤵
  PID:5268
- C:\Windows\System\MUxxkki.exe
  C:\Windows\System\MUxxkki.exe
  2⤵
  PID:5284
- C:\Windows\System\VnhwGlM.exe
  C:\Windows\System\VnhwGlM.exe
  2⤵
  PID:5300
- C:\Windows\System\UZWbxuK.exe
  C:\Windows\System\UZWbxuK.exe
  2⤵
  PID:5316
- C:\Windows\System\ziwQAIM.exe
  C:\Windows\System\ziwQAIM.exe
  2⤵
  PID:5332
- C:\Windows\System\evJOOXy.exe
  C:\Windows\System\evJOOXy.exe
  2⤵
  PID:5352
- C:\Windows\System\vGWXJHd.exe
  C:\Windows\System\vGWXJHd.exe
  2⤵
  PID:5380
- C:\Windows\System\qKUJaDe.exe
  C:\Windows\System\qKUJaDe.exe
  2⤵
  PID:5396
- C:\Windows\System\KVPvgHO.exe
  C:\Windows\System\KVPvgHO.exe
  2⤵
  PID:5420
- C:\Windows\System\vXgMCWO.exe
  C:\Windows\System\vXgMCWO.exe
  2⤵
  PID:5440
- C:\Windows\System\kcVYkkc.exe
  C:\Windows\System\kcVYkkc.exe
  2⤵
  PID:5456
- C:\Windows\System\uJTQnFn.exe
  C:\Windows\System\uJTQnFn.exe
  2⤵
  PID:5472
- C:\Windows\System\wFgrCzT.exe
  C:\Windows\System\wFgrCzT.exe
  2⤵
  PID:5488
- C:\Windows\System\VdScMmQ.exe
  C:\Windows\System\VdScMmQ.exe
  2⤵
  PID:5504
- C:\Windows\System\kALxkTB.exe
  C:\Windows\System\kALxkTB.exe
  2⤵
  PID:5520
- C:\Windows\System\MfMnBWr.exe
  C:\Windows\System\MfMnBWr.exe
  2⤵
  PID:5536
- C:\Windows\System\NUzDzAq.exe
  C:\Windows\System\NUzDzAq.exe
  2⤵
  PID:5556
- C:\Windows\System\xMmclze.exe
  C:\Windows\System\xMmclze.exe
  2⤵
  PID:5572
- C:\Windows\System\YWwZZbM.exe
  C:\Windows\System\YWwZZbM.exe
  2⤵
  PID:5588
- C:\Windows\System\dZhhmeD.exe
  C:\Windows\System\dZhhmeD.exe
  2⤵
  PID:5604
- C:\Windows\System\NKmTJsi.exe
  C:\Windows\System\NKmTJsi.exe
  2⤵
  PID:5620
- C:\Windows\System\eAFrbGL.exe
  C:\Windows\System\eAFrbGL.exe
  2⤵
  PID:5636
- C:\Windows\System\UJOleNh.exe
  C:\Windows\System\UJOleNh.exe
  2⤵
  PID:5652
- C:\Windows\System\VebREAS.exe
  C:\Windows\System\VebREAS.exe
  2⤵
  PID:5672
- C:\Windows\System\rikjrGp.exe
  C:\Windows\System\rikjrGp.exe
  2⤵
  PID:5692
- C:\Windows\System\UMCAvPJ.exe
  C:\Windows\System\UMCAvPJ.exe
  2⤵
  PID:5712
- C:\Windows\System\GMuqmae.exe
  C:\Windows\System\GMuqmae.exe
  2⤵
  PID:5732
- C:\Windows\System\TNyEjAP.exe
  C:\Windows\System\TNyEjAP.exe
  2⤵
  PID:5748
- C:\Windows\System\LFKTmhu.exe
  C:\Windows\System\LFKTmhu.exe
  2⤵
  PID:5764
- C:\Windows\System\tBwNoak.exe
  C:\Windows\System\tBwNoak.exe
  2⤵
  PID:5784
- C:\Windows\System\IlQYKwu.exe
  C:\Windows\System\IlQYKwu.exe
  2⤵
  PID:5804
- C:\Windows\System\zlGrgae.exe
  C:\Windows\System\zlGrgae.exe
  2⤵
  PID:5820
- C:\Windows\System\eBUfWLn.exe
  C:\Windows\System\eBUfWLn.exe
  2⤵
  PID:5836
- C:\Windows\System\RsqaeOM.exe
  C:\Windows\System\RsqaeOM.exe
  2⤵
  PID:5936
- C:\Windows\System\dksWUPt.exe
  C:\Windows\System\dksWUPt.exe
  2⤵
  PID:5952
- C:\Windows\System\ICQoCIw.exe
  C:\Windows\System\ICQoCIw.exe
  2⤵
  PID:5968
- C:\Windows\System\fIqhFkG.exe
  C:\Windows\System\fIqhFkG.exe
  2⤵
  PID:5988
- C:\Windows\System\BMHDcKC.exe
  C:\Windows\System\BMHDcKC.exe
  2⤵
  PID:6008
- C:\Windows\System\ppFXtFO.exe
  C:\Windows\System\ppFXtFO.exe
  2⤵
  PID:6024
- C:\Windows\System\GCUJBsd.exe
  C:\Windows\System\GCUJBsd.exe
  2⤵
  PID:6048
- C:\Windows\System\xngqgfG.exe
  C:\Windows\System\xngqgfG.exe
  2⤵
  PID:6064
- C:\Windows\System\sYmzHVP.exe
  C:\Windows\System\sYmzHVP.exe
  2⤵
  PID:6088
- C:\Windows\System\BJTIIFL.exe
  C:\Windows\System\BJTIIFL.exe
  2⤵
  PID:6108
- C:\Windows\System\kXUXSpB.exe
  C:\Windows\System\kXUXSpB.exe
  2⤵
  PID:6128
- C:\Windows\System\AsDqikp.exe
  C:\Windows\System\AsDqikp.exe
  2⤵
  PID:3936
- C:\Windows\System\RbteIwi.exe
  C:\Windows\System\RbteIwi.exe
  2⤵
  PID:3508
- C:\Windows\System\HLetsEr.exe
  C:\Windows\System\HLetsEr.exe
  2⤵
  PID:4112
- C:\Windows\System\BmRTDXP.exe
  C:\Windows\System\BmRTDXP.exe
  2⤵
  PID:4880
- C:\Windows\System\wMzCIIq.exe
  C:\Windows\System\wMzCIIq.exe
  2⤵
  PID:4928
- C:\Windows\System\LOMMVQA.exe
  C:\Windows\System\LOMMVQA.exe
  2⤵
  PID:4384
- C:\Windows\System\gUxxEfz.exe
  C:\Windows\System\gUxxEfz.exe
  2⤵
  PID:5132
- C:\Windows\System\lZAWceR.exe
  C:\Windows\System\lZAWceR.exe
  2⤵
  PID:5148
- C:\Windows\System\OAtQbXP.exe
  C:\Windows\System\OAtQbXP.exe
  2⤵
  PID:4216
- C:\Windows\System\ZoJNXQR.exe
  C:\Windows\System\ZoJNXQR.exe
  2⤵
  PID:5080
- C:\Windows\System\cQjUUGT.exe
  C:\Windows\System\cQjUUGT.exe
  2⤵
  PID:3640
- C:\Windows\System\BocccrZ.exe
  C:\Windows\System\BocccrZ.exe
  2⤵
  PID:5168
- C:\Windows\System\BOnSPRR.exe
  C:\Windows\System\BOnSPRR.exe
  2⤵
  PID:2628
- C:\Windows\System\mqFMakr.exe
  C:\Windows\System\mqFMakr.exe
  2⤵
  PID:5200
- C:\Windows\System\AseeMie.exe
  C:\Windows\System\AseeMie.exe
  2⤵
  PID:5220
- C:\Windows\System\bSwsrEC.exe
  C:\Windows\System\bSwsrEC.exe
  2⤵
  PID:5236
- C:\Windows\System\atJQmHj.exe
  C:\Windows\System\atJQmHj.exe
  2⤵
  PID:5252
- C:\Windows\System\bDkUUUP.exe
  C:\Windows\System\bDkUUUP.exe
  2⤵
  PID:2672
- C:\Windows\System\fEObbJo.exe
  C:\Windows\System\fEObbJo.exe
  2⤵
  PID:5260
- C:\Windows\System\GblAJle.exe
  C:\Windows\System\GblAJle.exe
  2⤵
  PID:5312
- C:\Windows\System\PGYNltq.exe
  C:\Windows\System\PGYNltq.exe
  2⤵
  PID:5360
- C:\Windows\System\BpZNhLu.exe
  C:\Windows\System\BpZNhLu.exe
  2⤵
  PID:2204
- C:\Windows\System\tzMNNpW.exe
  C:\Windows\System\tzMNNpW.exe
  2⤵
  PID:5392
- C:\Windows\System\mXfrQVZ.exe
  C:\Windows\System\mXfrQVZ.exe
  2⤵
  PID:5368
- C:\Windows\System\SNIdYmm.exe
  C:\Windows\System\SNIdYmm.exe
  2⤵
  PID:5404
- C:\Windows\System\aAXDekH.exe
  C:\Windows\System\aAXDekH.exe
  2⤵
  PID:5516
- C:\Windows\System\CFZurrV.exe
  C:\Windows\System\CFZurrV.exe
  2⤵
  PID:5616
- C:\Windows\System\CJJtdhv.exe
  C:\Windows\System\CJJtdhv.exe
  2⤵
  PID:5720
- C:\Windows\System\hwQQvyK.exe
  C:\Windows\System\hwQQvyK.exe
  2⤵
  PID:5760
- C:\Windows\System\xgGhBMv.exe
  C:\Windows\System\xgGhBMv.exe
  2⤵
  PID:5800
- C:\Windows\System\wKLqwSh.exe
  C:\Windows\System\wKLqwSh.exe
  2⤵
  PID:1216
- C:\Windows\System\qHNvFUn.exe
  C:\Windows\System\qHNvFUn.exe
  2⤵
  PID:5628
- C:\Windows\System\uNwPqmV.exe
  C:\Windows\System\uNwPqmV.exe
  2⤵
  PID:5668
- C:\Windows\System\QVjYlSn.exe
  C:\Windows\System\QVjYlSn.exe
  2⤵
  PID:5740
- C:\Windows\System\kOxVXqW.exe
  C:\Windows\System\kOxVXqW.exe
  2⤵
  PID:5776
- C:\Windows\System\popMyLI.exe
  C:\Windows\System\popMyLI.exe
  2⤵
  PID:5848
- C:\Windows\System\EadrALJ.exe
  C:\Windows\System\EadrALJ.exe
  2⤵
  PID:5856
- C:\Windows\System\GZNCAtE.exe
  C:\Windows\System\GZNCAtE.exe
  2⤵
  PID:5944
- C:\Windows\System\eyAxAba.exe
  C:\Windows\System\eyAxAba.exe
  2⤵
  PID:5872
- C:\Windows\System\tinbpcp.exe
  C:\Windows\System\tinbpcp.exe
  2⤵
  PID:5888
- C:\Windows\System\bvgpdsc.exe
  C:\Windows\System\bvgpdsc.exe
  2⤵
  PID:5948
- C:\Windows\System\gZlolAt.exe
  C:\Windows\System\gZlolAt.exe
  2⤵
  PID:640
- C:\Windows\System\tJPoPGl.exe
  C:\Windows\System\tJPoPGl.exe
  2⤵
  PID:6104
- C:\Windows\System\UXTEweh.exe
  C:\Windows\System\UXTEweh.exe
  2⤵
  PID:4200
- C:\Windows\System\XYCONBY.exe
  C:\Windows\System\XYCONBY.exe
  2⤵
  PID:1960
- C:\Windows\System\SBlYUCB.exe
  C:\Windows\System\SBlYUCB.exe
  2⤵
  PID:1576
- C:\Windows\System\NGborhg.exe
  C:\Windows\System\NGborhg.exe
  2⤵
  PID:4688
- C:\Windows\System\nUtEzpx.exe
  C:\Windows\System\nUtEzpx.exe
  2⤵
  PID:6044
- C:\Windows\System\eFgTZaL.exe
  C:\Windows\System\eFgTZaL.exe
  2⤵
  PID:1620
- C:\Windows\System\eLBBDpF.exe
  C:\Windows\System\eLBBDpF.exe
  2⤵
  PID:5156
- C:\Windows\System\ilYViGQ.exe
  C:\Windows\System\ilYViGQ.exe
  2⤵
  PID:3064
- C:\Windows\System\vVVBKWf.exe
  C:\Windows\System\vVVBKWf.exe
  2⤵
  PID:4840
- C:\Windows\System\NwOnxXt.exe
  C:\Windows\System\NwOnxXt.exe
  2⤵
  PID:1788
- C:\Windows\System\fByIImB.exe
  C:\Windows\System\fByIImB.exe
  2⤵
  PID:4860
- C:\Windows\System\mVpmBeu.exe
  C:\Windows\System\mVpmBeu.exe
  2⤵
  PID:6124
- C:\Windows\System\mYsRyvr.exe
  C:\Windows\System\mYsRyvr.exe
  2⤵
  PID:4584
- C:\Windows\System\RJxbEsz.exe
  C:\Windows\System\RJxbEsz.exe
  2⤵
  PID:5184
- C:\Windows\System\TEMOQXD.exe
  C:\Windows\System\TEMOQXD.exe
  2⤵
  PID:5280
- C:\Windows\System\EkFlIJH.exe
  C:\Windows\System\EkFlIJH.exe
  2⤵
  PID:3016
- C:\Windows\System\yEtQMnc.exe
  C:\Windows\System\yEtQMnc.exe
  2⤵
  PID:1900
- C:\Windows\System\zRRBrqi.exe
  C:\Windows\System\zRRBrqi.exe
  2⤵
  PID:3056
- C:\Windows\System\wmGUNvs.exe
  C:\Windows\System\wmGUNvs.exe
  2⤵
  PID:888
- C:\Windows\System\QWJQEDg.exe
  C:\Windows\System\QWJQEDg.exe
  2⤵
  PID:5428
- C:\Windows\System\xVYpjqA.exe
  C:\Windows\System\xVYpjqA.exe
  2⤵
  PID:5468
- C:\Windows\System\WLABKsU.exe
  C:\Windows\System\WLABKsU.exe
  2⤵
  PID:1032
- C:\Windows\System\MrDabKw.exe
  C:\Windows\System\MrDabKw.exe
  2⤵
  PID:5532
- C:\Windows\System\JGOJCuc.exe
  C:\Windows\System\JGOJCuc.exe
  2⤵
  PID:5412
- C:\Windows\System\hdMAwLT.exe
  C:\Windows\System\hdMAwLT.exe
  2⤵
  PID:5416
- C:\Windows\System\NaLpXIc.exe
  C:\Windows\System\NaLpXIc.exe
  2⤵
  PID:3900
- C:\Windows\System\wLzExbb.exe
  C:\Windows\System\wLzExbb.exe
  2⤵
  PID:5680
- C:\Windows\System\jIzdFBs.exe
  C:\Windows\System\jIzdFBs.exe
  2⤵
  PID:2608
- C:\Windows\System\ssFtHog.exe
  C:\Windows\System\ssFtHog.exe
  2⤵
  PID:5816
- C:\Windows\System\pSaezXZ.exe
  C:\Windows\System\pSaezXZ.exe
  2⤵
  PID:5632
- C:\Windows\System\qctcJWb.exe
  C:\Windows\System\qctcJWb.exe
  2⤵
  PID:5780
- C:\Windows\System\EwFSHQs.exe
  C:\Windows\System\EwFSHQs.exe
  2⤵
  PID:5912
- C:\Windows\System\dlwNFii.exe
  C:\Windows\System\dlwNFii.exe
  2⤵
  PID:5916
- C:\Windows\System\wfBWBPA.exe
  C:\Windows\System\wfBWBPA.exe
  2⤵
  PID:6060
- C:\Windows\System\etqcqmT.exe
  C:\Windows\System\etqcqmT.exe
  2⤵
  PID:5852
- C:\Windows\System\ZxzWtpZ.exe
  C:\Windows\System\ZxzWtpZ.exe
  2⤵
  PID:5000
- C:\Windows\System\IasXpam.exe
  C:\Windows\System\IasXpam.exe
  2⤵
  PID:852
- C:\Windows\System\BGPqSJm.exe
  C:\Windows\System\BGPqSJm.exe
  2⤵
  PID:6004
- C:\Windows\System\eVWIFZb.exe
  C:\Windows\System\eVWIFZb.exe
  2⤵
  PID:5124
- C:\Windows\System\HBxZiiO.exe
  C:\Windows\System\HBxZiiO.exe
  2⤵
  PID:1616
- C:\Windows\System\kwmqywT.exe
  C:\Windows\System\kwmqywT.exe
  2⤵
  PID:1656
- C:\Windows\System\rirNyvG.exe
  C:\Windows\System\rirNyvG.exe
  2⤵
  PID:5208
- C:\Windows\System\HrChgsp.exe
  C:\Windows\System\HrChgsp.exe
  2⤵
  PID:5228
- C:\Windows\System\clWtkdd.exe
  C:\Windows\System\clWtkdd.exe
  2⤵
  PID:5464
- C:\Windows\System\XvHiEEN.exe
  C:\Windows\System\XvHiEEN.exe
  2⤵
  PID:5580
- C:\Windows\System\WPNTaeL.exe
  C:\Windows\System\WPNTaeL.exe
  2⤵
  PID:5796
- C:\Windows\System\TvIPvVQ.exe
  C:\Windows\System\TvIPvVQ.exe
  2⤵
  PID:2360
- C:\Windows\System\OjCaPks.exe
  C:\Windows\System\OjCaPks.exe
  2⤵
  PID:4240
- C:\Windows\System\WLunqhE.exe
  C:\Windows\System\WLunqhE.exe
  2⤵
  PID:5724
- C:\Windows\System\uRIcHOu.exe
  C:\Windows\System\uRIcHOu.exe
  2⤵
  PID:2240
- C:\Windows\System\DANieIf.exe
  C:\Windows\System\DANieIf.exe
  2⤵
  PID:1800
- C:\Windows\System\WpEfMYc.exe
  C:\Windows\System\WpEfMYc.exe
  2⤵
  PID:5552
- C:\Windows\System\tSDpUeg.exe
  C:\Windows\System\tSDpUeg.exe
  2⤵
  PID:2572
- C:\Windows\System\EQCMLTR.exe
  C:\Windows\System\EQCMLTR.exe
  2⤵
  PID:5984
- C:\Windows\System\UmHDezv.exe
  C:\Windows\System\UmHDezv.exe
  2⤵
  PID:5932
- C:\Windows\System\kIUiVDO.exe
  C:\Windows\System\kIUiVDO.exe
  2⤵
  PID:6056
- C:\Windows\System\LVKOqik.exe
  C:\Windows\System\LVKOqik.exe
  2⤵
  PID:976
- C:\Windows\System\SVuxRZm.exe
  C:\Windows\System\SVuxRZm.exe
  2⤵
  PID:4604
- C:\Windows\System\KpNpNVl.exe
  C:\Windows\System\KpNpNVl.exe
  2⤵
  PID:5264
- C:\Windows\System\GXcAzPu.exe
  C:\Windows\System\GXcAzPu.exe
  2⤵
  PID:4568
- C:\Windows\System\OQDAziJ.exe
  C:\Windows\System\OQDAziJ.exe
  2⤵
  PID:1996
- C:\Windows\System\xzMAoSK.exe
  C:\Windows\System\xzMAoSK.exe
  2⤵
  PID:5248
- C:\Windows\System\fAREyCM.exe
  C:\Windows\System\fAREyCM.exe
  2⤵
  PID:4504
- C:\Windows\System\iYVUrRX.exe
  C:\Windows\System\iYVUrRX.exe
  2⤵
  PID:5480
- C:\Windows\System\ztYDLZn.exe
  C:\Windows\System\ztYDLZn.exe
  2⤵
  PID:5500
- C:\Windows\System\ZvTsnkg.exe
  C:\Windows\System\ZvTsnkg.exe
  2⤵
  PID:2724
- C:\Windows\System\wNkAnvY.exe
  C:\Windows\System\wNkAnvY.exe
  2⤵
  PID:6084
- C:\Windows\System\BaPZcIg.exe
  C:\Windows\System\BaPZcIg.exe
  2⤵
  PID:1520
- C:\Windows\System\EJmasxR.exe
  C:\Windows\System\EJmasxR.exe
  2⤵
  PID:2800
- C:\Windows\System\RiHMicT.exe
  C:\Windows\System\RiHMicT.exe
  2⤵
  PID:5920
- C:\Windows\System\GOJRGHk.exe
  C:\Windows\System\GOJRGHk.exe
  2⤵
  PID:3476
- C:\Windows\System\MAVPUhh.exe
  C:\Windows\System\MAVPUhh.exe
  2⤵
  PID:6032
- C:\Windows\System\ynpkKzn.exe
  C:\Windows\System\ynpkKzn.exe
  2⤵
  PID:2664
- C:\Windows\System\PRjykzg.exe
  C:\Windows\System\PRjykzg.exe
  2⤵
  PID:6080
- C:\Windows\System\hawzRHd.exe
  C:\Windows\System\hawzRHd.exe
  2⤵
  PID:5928
- C:\Windows\System\CzEOacw.exe
  C:\Windows\System\CzEOacw.exe
  2⤵
  PID:6160
- C:\Windows\System\aDQBClU.exe
  C:\Windows\System\aDQBClU.exe
  2⤵
  PID:6204
- C:\Windows\System\vEoxNTc.exe
  C:\Windows\System\vEoxNTc.exe
  2⤵
  PID:6232
- C:\Windows\System\kZNPlEN.exe
  C:\Windows\System\kZNPlEN.exe
  2⤵
  PID:6248
- C:\Windows\System\AqOflYr.exe
  C:\Windows\System\AqOflYr.exe
  2⤵
  PID:6264
- C:\Windows\System\qqMouQW.exe
  C:\Windows\System\qqMouQW.exe
  2⤵
  PID:6280
- C:\Windows\System\EpVSeCH.exe
  C:\Windows\System\EpVSeCH.exe
  2⤵
  PID:6296
- C:\Windows\System\EZcuRFA.exe
  C:\Windows\System\EZcuRFA.exe
  2⤵
  PID:6316
- C:\Windows\System\iouKolb.exe
  C:\Windows\System\iouKolb.exe
  2⤵
  PID:6336
- C:\Windows\System\RWjfkKP.exe
  C:\Windows\System\RWjfkKP.exe
  2⤵
  PID:6356
- C:\Windows\System\oqCUlOm.exe
  C:\Windows\System\oqCUlOm.exe
  2⤵
  PID:6372
- C:\Windows\System\GeVsucC.exe
  C:\Windows\System\GeVsucC.exe
  2⤵
  PID:6424
- C:\Windows\System\HKfObSQ.exe
  C:\Windows\System\HKfObSQ.exe
  2⤵
  PID:6444
- C:\Windows\System\FQkmywy.exe
  C:\Windows\System\FQkmywy.exe
  2⤵
  PID:6460
- C:\Windows\System\IXyaywH.exe
  C:\Windows\System\IXyaywH.exe
  2⤵
  PID:6476
- C:\Windows\System\BrIxLXJ.exe
  C:\Windows\System\BrIxLXJ.exe
  2⤵
  PID:6496
- C:\Windows\System\ECoXWnW.exe
  C:\Windows\System\ECoXWnW.exe
  2⤵
  PID:6520
- C:\Windows\System\AKdHmes.exe
  C:\Windows\System\AKdHmes.exe
  2⤵
  PID:6536
- C:\Windows\System\RwoiITG.exe
  C:\Windows\System\RwoiITG.exe
  2⤵
  PID:6560
- C:\Windows\System\dOkxGom.exe
  C:\Windows\System\dOkxGom.exe
  2⤵
  PID:6576
- C:\Windows\System\lLrkvMg.exe
  C:\Windows\System\lLrkvMg.exe
  2⤵
  PID:6600
- C:\Windows\System\YOmeYOh.exe
  C:\Windows\System\YOmeYOh.exe
  2⤵
  PID:6632
- C:\Windows\System\VBihACF.exe
  C:\Windows\System\VBihACF.exe
  2⤵
  PID:6652
- C:\Windows\System\zrAoMNW.exe
  C:\Windows\System\zrAoMNW.exe
  2⤵
  PID:6668
- C:\Windows\System\FgnwaMh.exe
  C:\Windows\System\FgnwaMh.exe
  2⤵
  PID:6684
- C:\Windows\System\fMnZEVU.exe
  C:\Windows\System\fMnZEVU.exe
  2⤵
  PID:6700
- C:\Windows\System\ECfBVoA.exe
  C:\Windows\System\ECfBVoA.exe
  2⤵
  PID:6720
- C:\Windows\System\nVknaEk.exe
  C:\Windows\System\nVknaEk.exe
  2⤵
  PID:6736
- C:\Windows\System\PewTPIf.exe
  C:\Windows\System\PewTPIf.exe
  2⤵
  PID:6752
- C:\Windows\System\yQdtesr.exe
  C:\Windows\System\yQdtesr.exe
  2⤵
  PID:6780
- C:\Windows\System\SwmTflv.exe
  C:\Windows\System\SwmTflv.exe
  2⤵
  PID:6796
- C:\Windows\System\hjkSGyv.exe
  C:\Windows\System\hjkSGyv.exe
  2⤵
  PID:6812
- C:\Windows\System\Icvgfdi.exe
  C:\Windows\System\Icvgfdi.exe
  2⤵
  PID:6828
- C:\Windows\System\mlubAmr.exe
  C:\Windows\System\mlubAmr.exe
  2⤵
  PID:6848
- C:\Windows\System\CVjJmvz.exe
  C:\Windows\System\CVjJmvz.exe
  2⤵
  PID:6872
- C:\Windows\System\yrAinib.exe
  C:\Windows\System\yrAinib.exe
  2⤵
  PID:6888
- C:\Windows\System\OVrvhQd.exe
  C:\Windows\System\OVrvhQd.exe
  2⤵
  PID:6904
- C:\Windows\System\nlpotTY.exe
  C:\Windows\System\nlpotTY.exe
  2⤵
  PID:6920
- C:\Windows\System\uQUjaZc.exe
  C:\Windows\System\uQUjaZc.exe
  2⤵
  PID:6936
- C:\Windows\System\hgCcdaD.exe
  C:\Windows\System\hgCcdaD.exe
  2⤵
  PID:6952
- C:\Windows\System\mOhnkJf.exe
  C:\Windows\System\mOhnkJf.exe
  2⤵
  PID:6972
- C:\Windows\System\lEvyKty.exe
  C:\Windows\System\lEvyKty.exe
  2⤵
  PID:6996
- C:\Windows\System\mnVhfaN.exe
  C:\Windows\System\mnVhfaN.exe
  2⤵
  PID:7016
- C:\Windows\System\ShmsvaI.exe
  C:\Windows\System\ShmsvaI.exe
  2⤵
  PID:7036
- C:\Windows\System\wJMPtOC.exe
  C:\Windows\System\wJMPtOC.exe
  2⤵
  PID:7056
- C:\Windows\System\hyFIcmD.exe
  C:\Windows\System\hyFIcmD.exe
  2⤵
  PID:7112
- C:\Windows\System\nWWdfLI.exe
  C:\Windows\System\nWWdfLI.exe
  2⤵
  PID:7128
- C:\Windows\System\TpCQgSw.exe
  C:\Windows\System\TpCQgSw.exe
  2⤵
  PID:7144
- C:\Windows\System\VOTprLL.exe
  C:\Windows\System\VOTprLL.exe
  2⤵
  PID:7160
- C:\Windows\System\VpXfvfB.exe
  C:\Windows\System\VpXfvfB.exe
  2⤵
  PID:5900
- C:\Windows\System\bulMgOq.exe
  C:\Windows\System\bulMgOq.exe
  2⤵
  PID:6168
- C:\Windows\System\pZfGsck.exe
  C:\Windows\System\pZfGsck.exe
  2⤵
  PID:6180
- C:\Windows\System\rLUZcdF.exe
  C:\Windows\System\rLUZcdF.exe
  2⤵
  PID:288
- C:\Windows\System\OROjLGd.exe
  C:\Windows\System\OROjLGd.exe
  2⤵
  PID:5348
- C:\Windows\System\xAIUSet.exe
  C:\Windows\System\xAIUSet.exe
  2⤵
  PID:5884
- C:\Windows\System\GBwdZhT.exe
  C:\Windows\System\GBwdZhT.exe
  2⤵
  PID:5756
- C:\Windows\System\IDKIhGE.exe
  C:\Windows\System\IDKIhGE.exe
  2⤵
  PID:492
- C:\Windows\System\sEGARNx.exe
  C:\Windows\System\sEGARNx.exe
  2⤵
  PID:6304
- C:\Windows\System\sybCVsH.exe
  C:\Windows\System\sybCVsH.exe
  2⤵
  PID:1368
- C:\Windows\System\ASMaVhn.exe
  C:\Windows\System\ASMaVhn.exe
  2⤵
  PID:6380
- C:\Windows\System\GDPZMWK.exe
  C:\Windows\System\GDPZMWK.exe
  2⤵
  PID:6224
- C:\Windows\System\SSKTlqL.exe
  C:\Windows\System\SSKTlqL.exe
  2⤵
  PID:6292
- C:\Windows\System\DfnDrbE.exe
  C:\Windows\System\DfnDrbE.exe
  2⤵
  PID:6364
- C:\Windows\System\bbymnOB.exe
  C:\Windows\System\bbymnOB.exe
  2⤵
  PID:6404
- C:\Windows\System\LMOczZT.exe
  C:\Windows\System\LMOczZT.exe
  2⤵
  PID:6420
- C:\Windows\System\MvOAafm.exe
  C:\Windows\System\MvOAafm.exe
  2⤵
  PID:6432
- C:\Windows\System\NoFQEfX.exe
  C:\Windows\System\NoFQEfX.exe
  2⤵
  PID:6436
- C:\Windows\System\GcwDuwR.exe
  C:\Windows\System\GcwDuwR.exe
  2⤵
  PID:6456
- C:\Windows\System\QstOosv.exe
  C:\Windows\System\QstOosv.exe
  2⤵
  PID:1724
- C:\Windows\System\zEnwmKg.exe
  C:\Windows\System\zEnwmKg.exe
  2⤵
  PID:1164
- C:\Windows\System\KCZqOhm.exe
  C:\Windows\System\KCZqOhm.exe
  2⤵
  PID:6568
- C:\Windows\System\pnngLSb.exe
  C:\Windows\System\pnngLSb.exe
  2⤵
  PID:2756
- C:\Windows\System\VUGTcuX.exe
  C:\Windows\System\VUGTcuX.exe
  2⤵
  PID:6620
- C:\Windows\System\WcJvAeo.exe
  C:\Windows\System\WcJvAeo.exe
  2⤵
  PID:6552
- C:\Windows\System\PFaXmNU.exe
  C:\Windows\System\PFaXmNU.exe
  2⤵
  PID:6512
- C:\Windows\System\FmCYteC.exe
  C:\Windows\System\FmCYteC.exe
  2⤵
  PID:6588
- C:\Windows\System\tBysiUL.exe
  C:\Windows\System\tBysiUL.exe
  2⤵
  PID:6660
- C:\Windows\System\JqCwQMl.exe
  C:\Windows\System\JqCwQMl.exe
  2⤵
  PID:6744
- C:\Windows\System\xUkaKcM.exe
  C:\Windows\System\xUkaKcM.exe
  2⤵
  PID:6708
- C:\Windows\System\GKFuHqm.exe
  C:\Windows\System\GKFuHqm.exe
  2⤵
  PID:6804
- C:\Windows\System\nOYIQEx.exe
  C:\Windows\System\nOYIQEx.exe
  2⤵
  PID:6768
- C:\Windows\System\adBDBLt.exe
  C:\Windows\System\adBDBLt.exe
  2⤵
  PID:5512
- C:\Windows\System\hlXagSy.exe
  C:\Windows\System\hlXagSy.exe
  2⤵
  PID:6916
- C:\Windows\System\idyUAFL.exe
  C:\Windows\System\idyUAFL.exe
  2⤵
  PID:6992
- C:\Windows\System\GZHTONP.exe
  C:\Windows\System\GZHTONP.exe
  2⤵
  PID:7068
- C:\Windows\System\nPlZWQt.exe
  C:\Windows\System\nPlZWQt.exe
  2⤵
  PID:7076
- C:\Windows\System\BFaTqgD.exe
  C:\Windows\System\BFaTqgD.exe
  2⤵
  PID:7080
- C:\Windows\System\HdTiFSU.exe
  C:\Windows\System\HdTiFSU.exe
  2⤵
  PID:6820
- C:\Windows\System\boGNbuC.exe
  C:\Windows\System\boGNbuC.exe
  2⤵
  PID:6928
- C:\Windows\System\MspOHeD.exe
  C:\Windows\System\MspOHeD.exe
  2⤵
  PID:6824
- C:\Windows\System\Ulbdpxd.exe
  C:\Windows\System\Ulbdpxd.exe
  2⤵
  PID:6900
- C:\Windows\System\eGAUHYS.exe
  C:\Windows\System\eGAUHYS.exe
  2⤵
  PID:2416
- C:\Windows\System\XnNiCky.exe
  C:\Windows\System\XnNiCky.exe
  2⤵
  PID:2852
- C:\Windows\System\MxQRPmf.exe
  C:\Windows\System\MxQRPmf.exe
  2⤵
  PID:7048
- C:\Windows\System\inHYJju.exe
  C:\Windows\System\inHYJju.exe
  2⤵
  PID:7152
- C:\Windows\System\XoPcJdk.exe
  C:\Windows\System\XoPcJdk.exe
  2⤵
  PID:5980
- C:\Windows\System\XVDFjsA.exe
  C:\Windows\System\XVDFjsA.exe
  2⤵
  PID:6256
- C:\Windows\System\LJMMEcR.exe
  C:\Windows\System\LJMMEcR.exe
  2⤵
  PID:7120
- C:\Windows\System\uKzAAOy.exe
  C:\Windows\System\uKzAAOy.exe
  2⤵
  PID:6468
- C:\Windows\System\ABLjgKn.exe
  C:\Windows\System\ABLjgKn.exe
  2⤵
  PID:6532
- C:\Windows\System\CHeMyFS.exe
  C:\Windows\System\CHeMyFS.exe
  2⤵
  PID:6544
- C:\Windows\System\DPxbiCj.exe
  C:\Windows\System\DPxbiCj.exe
  2⤵
  PID:6196
- C:\Windows\System\YYjoCoP.exe
  C:\Windows\System\YYjoCoP.exe
  2⤵
  PID:6192
- C:\Windows\System\vgjCide.exe
  C:\Windows\System\vgjCide.exe
  2⤵
  PID:6764
- C:\Windows\System\FdlGEic.exe
  C:\Windows\System\FdlGEic.exe
  2⤵
  PID:6840
- C:\Windows\System\IjXldul.exe
  C:\Windows\System\IjXldul.exe
  2⤵
  PID:6788
- C:\Windows\System\xZtnNiH.exe
  C:\Windows\System\xZtnNiH.exe
  2⤵
  PID:7008
- C:\Windows\System\jCYIUGm.exe
  C:\Windows\System\jCYIUGm.exe
  2⤵
  PID:6968
- C:\Windows\System\Uathuqc.exe
  C:\Windows\System\Uathuqc.exe
  2⤵
  PID:6396
- C:\Windows\System\PqJrgNp.exe
  C:\Windows\System\PqJrgNp.exe
  2⤵
  PID:6584
- C:\Windows\System\BdiZgIP.exe
  C:\Windows\System\BdiZgIP.exe
  2⤵
  PID:6732
- C:\Windows\System\EcsEZaj.exe
  C:\Windows\System\EcsEZaj.exe
  2⤵
  PID:6664
- C:\Windows\System\pjxdWqx.exe
  C:\Windows\System\pjxdWqx.exe
  2⤵
  PID:5904
- C:\Windows\System\PDWpegL.exe
  C:\Windows\System\PDWpegL.exe
  2⤵
  PID:5436
- C:\Windows\System\ptGMbjm.exe
  C:\Windows\System\ptGMbjm.exe
  2⤵
  PID:2536
- C:\Windows\System\mvxDKBp.exe
  C:\Windows\System\mvxDKBp.exe
  2⤵
  PID:6216
- C:\Windows\System\ImoiIYi.exe
  C:\Windows\System\ImoiIYi.exe
  2⤵
  PID:6864
- C:\Windows\System\amRAWxN.exe
  C:\Windows\System\amRAWxN.exe
  2⤵
  PID:6352
- C:\Windows\System\wrzTQUr.exe
  C:\Windows\System\wrzTQUr.exe
  2⤵
  PID:2684
- C:\Windows\System\clOvtYI.exe
  C:\Windows\System\clOvtYI.exe
  2⤵
  PID:6960
- C:\Windows\System\Rqlenki.exe
  C:\Windows\System\Rqlenki.exe
  2⤵
  PID:6412
- C:\Windows\System\eACkuRj.exe
  C:\Windows\System\eACkuRj.exe
  2⤵
  PID:6492
- C:\Windows\System\rNokDqR.exe
  C:\Windows\System\rNokDqR.exe
  2⤵
  PID:6548
- C:\Windows\System\MAePsKX.exe
  C:\Windows\System\MAePsKX.exe
  2⤵
  PID:6640
- C:\Windows\System\sWjcCxh.exe
  C:\Windows\System\sWjcCxh.exe
  2⤵
  PID:5376
- C:\Windows\System\TogXOXi.exe
  C:\Windows\System\TogXOXi.exe
  2⤵
  PID:6332
- C:\Windows\System\BbScPXd.exe
  C:\Windows\System\BbScPXd.exe
  2⤵
  PID:2820
- C:\Windows\System\BXZmQDH.exe
  C:\Windows\System\BXZmQDH.exe
  2⤵
  PID:7032
- C:\Windows\System\vmUkdeX.exe
  C:\Windows\System\vmUkdeX.exe
  2⤵
  PID:6716
- C:\Windows\System\UOsiHNY.exe
  C:\Windows\System\UOsiHNY.exe
  2⤵
  PID:7064
- C:\Windows\System\rvfLeUC.exe
  C:\Windows\System\rvfLeUC.exe
  2⤵
  PID:7072
- C:\Windows\System\DBPaecV.exe
  C:\Windows\System\DBPaecV.exe
  2⤵
  PID:2556
- C:\Windows\System\UFQBlCh.exe
  C:\Windows\System\UFQBlCh.exe
  2⤵
  PID:7140
- C:\Windows\System\nxkpIKM.exe
  C:\Windows\System\nxkpIKM.exe
  2⤵
  PID:6344
- C:\Windows\System\vmztaDV.exe
  C:\Windows\System\vmztaDV.exe
  2⤵
  PID:2596
- C:\Windows\System\twPrnUW.exe
  C:\Windows\System\twPrnUW.exe
  2⤵
  PID:6508
- C:\Windows\System\apBzQnM.exe
  C:\Windows\System\apBzQnM.exe
  2⤵
  PID:7088
- C:\Windows\System\aAelJmN.exe
  C:\Windows\System\aAelJmN.exe
  2⤵
  PID:6152
- C:\Windows\System\lIGzQGw.exe
  C:\Windows\System\lIGzQGw.exe
  2⤵
  PID:6288
- C:\Windows\System\rjhjczD.exe
  C:\Windows\System\rjhjczD.exe
  2⤵
  PID:6988
- C:\Windows\System\UPeyerB.exe
  C:\Windows\System\UPeyerB.exe
  2⤵
  PID:6220
- C:\Windows\System\xswPfJK.exe
  C:\Windows\System\xswPfJK.exe
  2⤵
  PID:6676
- C:\Windows\System\tkktBXV.exe
  C:\Windows\System\tkktBXV.exe
  2⤵
  PID:7180
- C:\Windows\System\TWoURmD.exe
  C:\Windows\System\TWoURmD.exe
  2⤵
  PID:7196
- C:\Windows\System\BLsXJJy.exe
  C:\Windows\System\BLsXJJy.exe
  2⤵
  PID:7212
- C:\Windows\System\vCTWIEz.exe
  C:\Windows\System\vCTWIEz.exe
  2⤵
  PID:7228
- C:\Windows\System\BuDiCeu.exe
  C:\Windows\System\BuDiCeu.exe
  2⤵
  PID:7244
- C:\Windows\System\JOIyWmZ.exe
  C:\Windows\System\JOIyWmZ.exe
  2⤵
  PID:7260
- C:\Windows\System\vAHzLEt.exe
  C:\Windows\System\vAHzLEt.exe
  2⤵
  PID:7276
- C:\Windows\System\CLQQWfL.exe
  C:\Windows\System\CLQQWfL.exe
  2⤵
  PID:7292
- C:\Windows\System\CupPVZR.exe
  C:\Windows\System\CupPVZR.exe
  2⤵
  PID:7308
- C:\Windows\System\zqDcsEN.exe
  C:\Windows\System\zqDcsEN.exe
  2⤵
  PID:7324
- C:\Windows\System\rSwYYEI.exe
  C:\Windows\System\rSwYYEI.exe
  2⤵
  PID:7340
- C:\Windows\System\LVGJWgr.exe
  C:\Windows\System\LVGJWgr.exe
  2⤵
  PID:7356
- C:\Windows\System\HtBCvXl.exe
  C:\Windows\System\HtBCvXl.exe
  2⤵
  PID:7372
- C:\Windows\System\jlwwonV.exe
  C:\Windows\System\jlwwonV.exe
  2⤵
  PID:7388
- C:\Windows\System\QYPZQel.exe
  C:\Windows\System\QYPZQel.exe
  2⤵
  PID:7404
- C:\Windows\System\GwBpfVx.exe
  C:\Windows\System\GwBpfVx.exe
  2⤵
  PID:7420
- C:\Windows\System\tcEPGkW.exe
  C:\Windows\System\tcEPGkW.exe
  2⤵
  PID:7436
- C:\Windows\System\JwfSPjU.exe
  C:\Windows\System\JwfSPjU.exe
  2⤵
  PID:7452
- C:\Windows\System\QESRibK.exe
  C:\Windows\System\QESRibK.exe
  2⤵
  PID:7468
- C:\Windows\System\KOhOdus.exe
  C:\Windows\System\KOhOdus.exe
  2⤵
  PID:7484
- C:\Windows\System\aLHERqs.exe
  C:\Windows\System\aLHERqs.exe
  2⤵
  PID:7500
- C:\Windows\System\EQJzlSk.exe
  C:\Windows\System\EQJzlSk.exe
  2⤵
  PID:7520
- C:\Windows\System\CgihwHT.exe
  C:\Windows\System\CgihwHT.exe
  2⤵
  PID:7536
- C:\Windows\System\LILSlTA.exe
  C:\Windows\System\LILSlTA.exe
  2⤵
  PID:7552
- C:\Windows\System\wyNsZTz.exe
  C:\Windows\System\wyNsZTz.exe
  2⤵
  PID:7568
- C:\Windows\System\GnJSdWU.exe
  C:\Windows\System\GnJSdWU.exe
  2⤵
  PID:7584
- C:\Windows\System\hNjXUnZ.exe
  C:\Windows\System\hNjXUnZ.exe
  2⤵
  PID:7600
- C:\Windows\System\YDOfIwx.exe
  C:\Windows\System\YDOfIwx.exe
  2⤵
  PID:7616
- C:\Windows\System\fYeJRUx.exe
  C:\Windows\System\fYeJRUx.exe
  2⤵
  PID:7632
- C:\Windows\System\WpRGFZl.exe
  C:\Windows\System\WpRGFZl.exe
  2⤵
  PID:7648
- C:\Windows\System\USgzeIK.exe
  C:\Windows\System\USgzeIK.exe
  2⤵
  PID:7664
- C:\Windows\System\OOiersi.exe
  C:\Windows\System\OOiersi.exe
  2⤵
  PID:7680
- C:\Windows\System\tBsvBZb.exe
  C:\Windows\System\tBsvBZb.exe
  2⤵
  PID:7696
- C:\Windows\System\ZPUckLF.exe
  C:\Windows\System\ZPUckLF.exe
  2⤵
  PID:7712
- C:\Windows\System\TltsWlA.exe
  C:\Windows\System\TltsWlA.exe
  2⤵
  PID:7728
- C:\Windows\System\PGQhtpK.exe
  C:\Windows\System\PGQhtpK.exe
  2⤵
  PID:7744
- C:\Windows\System\PAZRsWt.exe
  C:\Windows\System\PAZRsWt.exe
  2⤵
  PID:7760
- C:\Windows\System\gzODMWf.exe
  C:\Windows\System\gzODMWf.exe
  2⤵
  PID:7776
- C:\Windows\System\JAhkGci.exe
  C:\Windows\System\JAhkGci.exe
  2⤵
  PID:7792
- C:\Windows\System\ROmFulJ.exe
  C:\Windows\System\ROmFulJ.exe
  2⤵
  PID:7808
- C:\Windows\System\MjKkjJy.exe
  C:\Windows\System\MjKkjJy.exe
  2⤵
  PID:7824
- C:\Windows\System\DARlKqd.exe
  C:\Windows\System\DARlKqd.exe
  2⤵
  PID:7840
- C:\Windows\System\QPmHkhF.exe
  C:\Windows\System\QPmHkhF.exe
  2⤵
  PID:7856
- C:\Windows\System\jOECTwx.exe
  C:\Windows\System\jOECTwx.exe
  2⤵
  PID:7872
- C:\Windows\System\jcaCmNX.exe
  C:\Windows\System\jcaCmNX.exe
  2⤵
  PID:7888
- C:\Windows\System\vAXafbx.exe
  C:\Windows\System\vAXafbx.exe
  2⤵
  PID:7904
- C:\Windows\System\GMfcHxU.exe
  C:\Windows\System\GMfcHxU.exe
  2⤵
  PID:7976
- C:\Windows\System\DengsJc.exe
  C:\Windows\System\DengsJc.exe
  2⤵
  PID:7992
- C:\Windows\System\UFQGuuz.exe
  C:\Windows\System\UFQGuuz.exe
  2⤵
  PID:8008
- C:\Windows\System\vPiTLBp.exe
  C:\Windows\System\vPiTLBp.exe
  2⤵
  PID:8024
- C:\Windows\System\xFdsqzR.exe
  C:\Windows\System\xFdsqzR.exe
  2⤵
  PID:8040
- C:\Windows\System\ilVaDbs.exe
  C:\Windows\System\ilVaDbs.exe
  2⤵
  PID:8056
- C:\Windows\System\NODjdEk.exe
  C:\Windows\System\NODjdEk.exe
  2⤵
  PID:8072
- C:\Windows\System\afprbkv.exe
  C:\Windows\System\afprbkv.exe
  2⤵
  PID:8088
- C:\Windows\System\gGwBFpD.exe
  C:\Windows\System\gGwBFpD.exe
  2⤵
  PID:8104
- C:\Windows\System\wyFWdUY.exe
  C:\Windows\System\wyFWdUY.exe
  2⤵
  PID:8120
- C:\Windows\System\uqUmZiu.exe
  C:\Windows\System\uqUmZiu.exe
  2⤵
  PID:8136
- C:\Windows\System\ZBQOZIX.exe
  C:\Windows\System\ZBQOZIX.exe
  2⤵
  PID:8152
- C:\Windows\System\qkzFJPK.exe
  C:\Windows\System\qkzFJPK.exe
  2⤵
  PID:8168
- C:\Windows\System\ntzGfxU.exe
  C:\Windows\System\ntzGfxU.exe
  2⤵
  PID:8184
- C:\Windows\System\HSwgdFf.exe
  C:\Windows\System\HSwgdFf.exe
  2⤵
  PID:7188
- C:\Windows\System\zuUpTQV.exe
  C:\Windows\System\zuUpTQV.exe
  2⤵
  PID:5528
- C:\Windows\System\OyXtpXf.exe
  C:\Windows\System\OyXtpXf.exe
  2⤵
  PID:7108
- C:\Windows\System\pOADkvz.exe
  C:\Windows\System\pOADkvz.exe
  2⤵
  PID:7028
- C:\Windows\System\uhQypiQ.exe
  C:\Windows\System\uhQypiQ.exe
  2⤵
  PID:6912
- C:\Windows\System\oBMXFsO.exe
  C:\Windows\System\oBMXFsO.exe
  2⤵
  PID:7176
- C:\Windows\System\MqaVLCX.exe
  C:\Windows\System\MqaVLCX.exe
  2⤵
  PID:7252
- C:\Windows\System\OMRwgEq.exe
  C:\Windows\System\OMRwgEq.exe
  2⤵
  PID:7316
- C:\Windows\System\OvpviDI.exe
  C:\Windows\System\OvpviDI.exe
  2⤵
  PID:7352
- C:\Windows\System\WpUTwLP.exe
  C:\Windows\System\WpUTwLP.exe
  2⤵
  PID:7240
- C:\Windows\System\dutHCFX.exe
  C:\Windows\System\dutHCFX.exe
  2⤵
  PID:7304
- C:\Windows\System\GfFjkpA.exe
  C:\Windows\System\GfFjkpA.exe
  2⤵
  PID:7368
- C:\Windows\System\tNvGvid.exe
  C:\Windows\System\tNvGvid.exe
  2⤵
  PID:7416
- C:\Windows\System\wbACQIx.exe
  C:\Windows\System\wbACQIx.exe
  2⤵
  PID:7508
- C:\Windows\System\ZhtGiFE.exe
  C:\Windows\System\ZhtGiFE.exe
  2⤵
  PID:7548
- C:\Windows\System\kwKTJJE.exe
  C:\Windows\System\kwKTJJE.exe
  2⤵
  PID:7612
- C:\Windows\System\DXcrkDU.exe
  C:\Windows\System\DXcrkDU.exe
  2⤵
  PID:7672
- C:\Windows\System\neaihix.exe
  C:\Windows\System\neaihix.exe
  2⤵
  PID:7736
- C:\Windows\System\AcTBPRr.exe
  C:\Windows\System\AcTBPRr.exe
  2⤵
  PID:7800
- C:\Windows\System\kwvelqO.exe
  C:\Windows\System\kwvelqO.exe
  2⤵
  PID:7396
- C:\Windows\System\SLMhkxT.exe
  C:\Windows\System\SLMhkxT.exe
  2⤵
  PID:7784
- C:\Windows\System\XAItnCH.exe
  C:\Windows\System\XAItnCH.exe
  2⤵
  PID:7464
- C:\Windows\System\TlwgCia.exe
  C:\Windows\System\TlwgCia.exe
  2⤵
  PID:7560
- C:\Windows\System\nlWIZfh.exe
  C:\Windows\System\nlWIZfh.exe
  2⤵
  PID:7624
- C:\Windows\System\fsdZjId.exe
  C:\Windows\System\fsdZjId.exe
  2⤵
  PID:7692
- C:\Windows\System\llyuSSu.exe
  C:\Windows\System\llyuSSu.exe
  2⤵
  PID:7756
- C:\Windows\System\utjQcnW.exe
  C:\Windows\System\utjQcnW.exe
  2⤵
  PID:7848
- C:\Windows\System\wRVyfNC.exe
  C:\Windows\System\wRVyfNC.exe
  2⤵
  PID:7900
- C:\Windows\System\qSqvlth.exe
  C:\Windows\System\qSqvlth.exe
  2⤵
  PID:7912
- C:\Windows\System\AGRpHRp.exe
  C:\Windows\System\AGRpHRp.exe
  2⤵
  PID:7928
- C:\Windows\System\MHBPBPw.exe
  C:\Windows\System\MHBPBPw.exe
  2⤵
  PID:7944
- C:\Windows\System\bJoLgpb.exe
  C:\Windows\System\bJoLgpb.exe
  2⤵
  PID:7960
- C:\Windows\System\iZwEjAS.exe
  C:\Windows\System\iZwEjAS.exe
  2⤵
  PID:7988
- C:\Windows\System\CdubekC.exe
  C:\Windows\System\CdubekC.exe
  2⤵
  PID:8004
- C:\Windows\System\dmnboMn.exe
  C:\Windows\System\dmnboMn.exe
  2⤵
  PID:8052
- C:\Windows\System\MdIeLCO.exe
  C:\Windows\System\MdIeLCO.exe
  2⤵
  PID:8084
- C:\Windows\System\gXKMbmc.exe
  C:\Windows\System\gXKMbmc.exe
  2⤵
  PID:8148
- C:\Windows\System\vucFZJO.exe
  C:\Windows\System\vucFZJO.exe
  2⤵
  PID:6176
- C:\Windows\System\YROlJHY.exe
  C:\Windows\System\YROlJHY.exe
  2⤵
  PID:6184
- C:\Windows\System\AbtQwJt.exe
  C:\Windows\System\AbtQwJt.exe
  2⤵
  PID:7816
- C:\Windows\System\dPdCPaT.exe
  C:\Windows\System\dPdCPaT.exe
  2⤵
  PID:6452
- C:\Windows\System\sgyBqCK.exe
  C:\Windows\System\sgyBqCK.exe
  2⤵
  PID:7288
- C:\Windows\System\mRnvuxR.exe
  C:\Windows\System\mRnvuxR.exe
  2⤵
  PID:7236
- C:\Windows\System\ppfnlnQ.exe
  C:\Windows\System\ppfnlnQ.exe
  2⤵
  PID:7704
- C:\Windows\System\SlMhmmX.exe
  C:\Windows\System\SlMhmmX.exe
  2⤵
  PID:7724
- C:\Windows\System\hLZcKZl.exe
  C:\Windows\System\hLZcKZl.exe
  2⤵
  PID:7868
- C:\Windows\System\xZjytOJ.exe
  C:\Windows\System\xZjytOJ.exe
  2⤵
  PID:7952
- C:\Windows\System\dauvsTV.exe
  C:\Windows\System\dauvsTV.exe
  2⤵
  PID:7512
- C:\Windows\System\ejFSISs.exe
  C:\Windows\System\ejFSISs.exe
  2⤵
  PID:7220
- C:\Windows\System\zqLoWAw.exe
  C:\Windows\System\zqLoWAw.exe
  2⤵
  PID:7984
- C:\Windows\System\VCFUVHt.exe
  C:\Windows\System\VCFUVHt.exe
  2⤵
  PID:7384
- C:\Windows\System\bLUphVR.exe
  C:\Windows\System\bLUphVR.exe
  2⤵
  PID:7768
- C:\Windows\System\iBCvOtb.exe
  C:\Windows\System\iBCvOtb.exe
  2⤵
  PID:7836
- C:\Windows\System\ZbccHtW.exe
  C:\Windows\System\ZbccHtW.exe
  2⤵
  PID:8032
- C:\Windows\System\NydyETH.exe
  C:\Windows\System\NydyETH.exe
  2⤵
  PID:8036
- C:\Windows\System\yLhoroy.exe
  C:\Windows\System\yLhoroy.exe
  2⤵
  PID:7576
- C:\Windows\System\rgzEvNk.exe
  C:\Windows\System\rgzEvNk.exe
  2⤵
  PID:7644
- C:\Windows\System\LjWLQbR.exe
  C:\Windows\System\LjWLQbR.exe
  2⤵
  PID:7532
- C:\Windows\System\IDiyKik.exe
  C:\Windows\System\IDiyKik.exe
  2⤵
  PID:7592
- C:\Windows\System\cvAcnDS.exe
  C:\Windows\System\cvAcnDS.exe
  2⤵
  PID:7708
- C:\Windows\System\DNBKVYQ.exe
  C:\Windows\System\DNBKVYQ.exe
  2⤵
  PID:6608
- C:\Windows\System\iKSOqRI.exe
  C:\Windows\System\iKSOqRI.exe
  2⤵
  PID:7596
- C:\Windows\System\rpFmxDG.exe
  C:\Windows\System\rpFmxDG.exe
  2⤵
  PID:8000
- C:\Windows\System\boeycsw.exe
  C:\Windows\System\boeycsw.exe
  2⤵
  PID:7920
- C:\Windows\System\KTquMNe.exe
  C:\Windows\System\KTquMNe.exe
  2⤵
  PID:6896
- C:\Windows\System\ZriBWQo.exe
  C:\Windows\System\ZriBWQo.exe
  2⤵
  PID:7968
- C:\Windows\System\RDNgKqP.exe
  C:\Windows\System\RDNgKqP.exe
  2⤵
  PID:8068
- C:\Windows\System\WjkfDUz.exe
  C:\Windows\System\WjkfDUz.exe
  2⤵
  PID:7656
- C:\Windows\System\yIkSENT.exe
  C:\Windows\System\yIkSENT.exe
  2⤵
  PID:8132
- C:\Windows\System\hrpyEDp.exe
  C:\Windows\System\hrpyEDp.exe
  2⤵
  PID:7940
- C:\Windows\System\qzsJpSu.exe
  C:\Windows\System\qzsJpSu.exe
  2⤵
  PID:7348
- C:\Windows\System\LEdQzYP.exe
  C:\Windows\System\LEdQzYP.exe
  2⤵
  PID:7336
- C:\Windows\System\abrdszS.exe
  C:\Windows\System\abrdszS.exe
  2⤵
  PID:2096
- C:\Windows\System\adcPifD.exe
  C:\Windows\System\adcPifD.exe
  2⤵
  PID:8176
- C:\Windows\System\yvcIjjn.exe
  C:\Windows\System\yvcIjjn.exe
  2⤵
  PID:6156
- C:\Windows\System\KmPjnLg.exe
  C:\Windows\System\KmPjnLg.exe
  2⤵
  PID:7936
- C:\Windows\System\bCEYGTm.exe
  C:\Windows\System\bCEYGTm.exe
  2⤵
  PID:8196
- C:\Windows\System\cwTBjuQ.exe
  C:\Windows\System\cwTBjuQ.exe
  2⤵
  PID:8212
- C:\Windows\System\ZelHDOI.exe
  C:\Windows\System\ZelHDOI.exe
  2⤵
  PID:8228
- C:\Windows\System\gANnQSj.exe
  C:\Windows\System\gANnQSj.exe
  2⤵
  PID:8244
- C:\Windows\System\KisAuZe.exe
  C:\Windows\System\KisAuZe.exe
  2⤵
  PID:8260
- C:\Windows\System\ooALDMm.exe
  C:\Windows\System\ooALDMm.exe
  2⤵
  PID:8276
- C:\Windows\System\lofWJFV.exe
  C:\Windows\System\lofWJFV.exe
  2⤵
  PID:8292
- C:\Windows\System\LDesthb.exe
  C:\Windows\System\LDesthb.exe
  2⤵
  PID:8308
- C:\Windows\System\BfrmJpo.exe
  C:\Windows\System\BfrmJpo.exe
  2⤵
  PID:8324
- C:\Windows\System\lfeVJnS.exe
  C:\Windows\System\lfeVJnS.exe
  2⤵
  PID:8340
- C:\Windows\System\YDmZhAP.exe
  C:\Windows\System\YDmZhAP.exe
  2⤵
  PID:8356
- C:\Windows\System\jJhwCEv.exe
  C:\Windows\System\jJhwCEv.exe
  2⤵
  PID:8372
- C:\Windows\System\LMotgoq.exe
  C:\Windows\System\LMotgoq.exe
  2⤵
  PID:8388
- C:\Windows\System\NsbXfxt.exe
  C:\Windows\System\NsbXfxt.exe
  2⤵
  PID:8404
- C:\Windows\System\jZhvHlQ.exe
  C:\Windows\System\jZhvHlQ.exe
  2⤵
  PID:8420
- C:\Windows\System\htIeeVi.exe
  C:\Windows\System\htIeeVi.exe
  2⤵
  PID:8436
- C:\Windows\System\ejGMRen.exe
  C:\Windows\System\ejGMRen.exe
  2⤵
  PID:8452
- C:\Windows\System\jFyaexl.exe
  C:\Windows\System\jFyaexl.exe
  2⤵
  PID:8468
- C:\Windows\System\MiCpdHo.exe
  C:\Windows\System\MiCpdHo.exe
  2⤵
  PID:8484
- C:\Windows\System\MxRqTdF.exe
  C:\Windows\System\MxRqTdF.exe
  2⤵
  PID:8500
- C:\Windows\System\cPTkHpq.exe
  C:\Windows\System\cPTkHpq.exe
  2⤵
  PID:8516
- C:\Windows\System\hqxfQCX.exe
  C:\Windows\System\hqxfQCX.exe
  2⤵
  PID:8536
- C:\Windows\System\GWMCYBD.exe
  C:\Windows\System\GWMCYBD.exe
  2⤵
  PID:8552
- C:\Windows\System\CcczZZJ.exe
  C:\Windows\System\CcczZZJ.exe
  2⤵
  PID:8568
- C:\Windows\System\YjqfFbO.exe
  C:\Windows\System\YjqfFbO.exe
  2⤵
  PID:8584
- C:\Windows\System\AYCjNdn.exe
  C:\Windows\System\AYCjNdn.exe
  2⤵
  PID:8600
- C:\Windows\System\vWhdxlt.exe
  C:\Windows\System\vWhdxlt.exe
  2⤵
  PID:8616
- C:\Windows\System\oOKuUtK.exe
  C:\Windows\System\oOKuUtK.exe
  2⤵
  PID:8632
- C:\Windows\System\kdKQoMB.exe
  C:\Windows\System\kdKQoMB.exe
  2⤵
  PID:8648
- C:\Windows\System\DPylkmb.exe
  C:\Windows\System\DPylkmb.exe
  2⤵
  PID:8664
- C:\Windows\System\IPreMEj.exe
  C:\Windows\System\IPreMEj.exe
  2⤵
  PID:8680
- C:\Windows\System\RFytmyC.exe
  C:\Windows\System\RFytmyC.exe
  2⤵
  PID:8696
- C:\Windows\System\zQNUtvk.exe
  C:\Windows\System\zQNUtvk.exe
  2⤵
  PID:8712
- C:\Windows\System\QiazApQ.exe
  C:\Windows\System\QiazApQ.exe
  2⤵
  PID:8728
- C:\Windows\System\ERvQfXm.exe
  C:\Windows\System\ERvQfXm.exe
  2⤵
  PID:8744
- C:\Windows\System\FrrnFyG.exe
  C:\Windows\System\FrrnFyG.exe
  2⤵
  PID:8764
- C:\Windows\System\qVSSHkI.exe
  C:\Windows\System\qVSSHkI.exe
  2⤵
  PID:8780
- C:\Windows\System\GpycKUc.exe
  C:\Windows\System\GpycKUc.exe
  2⤵
  PID:8796
- C:\Windows\System\IkIZiXq.exe
  C:\Windows\System\IkIZiXq.exe
  2⤵
  PID:8812
- C:\Windows\System\QopTEOV.exe
  C:\Windows\System\QopTEOV.exe
  2⤵
  PID:8828
- C:\Windows\System\XmSHGfX.exe
  C:\Windows\System\XmSHGfX.exe
  2⤵
  PID:8844
- C:\Windows\System\UezWSnm.exe
  C:\Windows\System\UezWSnm.exe
  2⤵
  PID:8860
- C:\Windows\System\oZYyefi.exe
  C:\Windows\System\oZYyefi.exe
  2⤵
  PID:8876
- C:\Windows\System\xSUuEdo.exe
  C:\Windows\System\xSUuEdo.exe
  2⤵
  PID:8892
- C:\Windows\System\CukJGzB.exe
  C:\Windows\System\CukJGzB.exe
  2⤵
  PID:8908
- C:\Windows\System\CtuhaWV.exe
  C:\Windows\System\CtuhaWV.exe
  2⤵
  PID:8924
- C:\Windows\System\BrdraEr.exe
  C:\Windows\System\BrdraEr.exe
  2⤵
  PID:8940
- C:\Windows\System\RzELEYc.exe
  C:\Windows\System\RzELEYc.exe
  2⤵
  PID:8956
- C:\Windows\System\WokURlu.exe
  C:\Windows\System\WokURlu.exe
  2⤵
  PID:8972
- C:\Windows\System\DKVTUgH.exe
  C:\Windows\System\DKVTUgH.exe
  2⤵
  PID:8988
- C:\Windows\System\bfKqKDC.exe
  C:\Windows\System\bfKqKDC.exe
  2⤵
  PID:9004
- C:\Windows\System\hhVsJmG.exe
  C:\Windows\System\hhVsJmG.exe
  2⤵
  PID:9020
- C:\Windows\System\ZUKsNHv.exe
  C:\Windows\System\ZUKsNHv.exe
  2⤵
  PID:9036
- C:\Windows\System\luHoess.exe
  C:\Windows\System\luHoess.exe
  2⤵
  PID:9052
- C:\Windows\System\nFEIuCv.exe
  C:\Windows\System\nFEIuCv.exe
  2⤵
  PID:9068
- C:\Windows\System\OQWkZWq.exe
  C:\Windows\System\OQWkZWq.exe
  2⤵
  PID:9084
- C:\Windows\System\oIiJErg.exe
  C:\Windows\System\oIiJErg.exe
  2⤵
  PID:9100
- C:\Windows\System\rRbmMQD.exe
  C:\Windows\System\rRbmMQD.exe
  2⤵
  PID:9116
- C:\Windows\System\ChVJbOC.exe
  C:\Windows\System\ChVJbOC.exe
  2⤵
  PID:9132
- C:\Windows\System\OJNjzAg.exe
  C:\Windows\System\OJNjzAg.exe
  2⤵
  PID:9148
- C:\Windows\System\LPjIcwf.exe
  C:\Windows\System\LPjIcwf.exe
  2⤵
  PID:9164
- C:\Windows\System\bnfJsTU.exe
  C:\Windows\System\bnfJsTU.exe
  2⤵
  PID:9180
- C:\Windows\System\rwgZufz.exe
  C:\Windows\System\rwgZufz.exe
  2⤵
  PID:9196
- C:\Windows\System\xlToiUI.exe
  C:\Windows\System\xlToiUI.exe
  2⤵
  PID:9212
- C:\Windows\System\DIVwtEB.exe
  C:\Windows\System\DIVwtEB.exe
  2⤵
  PID:8236
- C:\Windows\System\hACJgVH.exe
  C:\Windows\System\hACJgVH.exe
  2⤵
  PID:8268
- C:\Windows\System\fJFCxuq.exe
  C:\Windows\System\fJFCxuq.exe
  2⤵
  PID:7640
- C:\Windows\System\lqcSQiK.exe
  C:\Windows\System\lqcSQiK.exe
  2⤵
  PID:8284
- C:\Windows\System\aUpKXMw.exe
  C:\Windows\System\aUpKXMw.exe
  2⤵
  PID:8316
- C:\Windows\System\IgZTUql.exe
  C:\Windows\System\IgZTUql.exe
  2⤵
  PID:8364
- C:\Windows\System\ZTUbEAt.exe
  C:\Windows\System\ZTUbEAt.exe
  2⤵
  PID:8380
- C:\Windows\System\ZqCeLRH.exe
  C:\Windows\System\ZqCeLRH.exe
  2⤵
  PID:8432
- C:\Windows\System\XdlVTRE.exe
  C:\Windows\System\XdlVTRE.exe
  2⤵
  PID:8412
- C:\Windows\System\gqGNdtj.exe
  C:\Windows\System\gqGNdtj.exe
  2⤵
  PID:8492
- C:\Windows\System\zGGNVSN.exe
  C:\Windows\System\zGGNVSN.exe
  2⤵
  PID:8512
- C:\Windows\System\UTcuWdp.exe
  C:\Windows\System\UTcuWdp.exe
  2⤵
  PID:8560
- C:\Windows\System\gsArytt.exe
  C:\Windows\System\gsArytt.exe
  2⤵
  PID:8624
- C:\Windows\System\nYmDIft.exe
  C:\Windows\System\nYmDIft.exe
  2⤵
  PID:8688
- C:\Windows\System\DtFGIIi.exe
  C:\Windows\System\DtFGIIi.exe
  2⤵
  PID:8752
- C:\Windows\System\xxxPsPR.exe
  C:\Windows\System\xxxPsPR.exe
  2⤵
  PID:8820
- C:\Windows\System\YOVotwC.exe
  C:\Windows\System\YOVotwC.exe
  2⤵
  PID:8544
- C:\Windows\System\ebcXIOQ.exe
  C:\Windows\System\ebcXIOQ.exe
  2⤵
  PID:8736
- C:\Windows\System\zzraSjV.exe
  C:\Windows\System\zzraSjV.exe
  2⤵
  PID:8640
- C:\Windows\System\DrFMqiR.exe
  C:\Windows\System\DrFMqiR.exe
  2⤵
  PID:8772
- C:\Windows\System\LQjxdkB.exe
  C:\Windows\System\LQjxdkB.exe
  2⤵
  PID:8852
- C:\Windows\System\vBwBpUu.exe
  C:\Windows\System\vBwBpUu.exe
  2⤵
  PID:8884
- C:\Windows\System\GVFfqYi.exe
  C:\Windows\System\GVFfqYi.exe
  2⤵
  PID:8916
- C:\Windows\System\JPQwaKg.exe
  C:\Windows\System\JPQwaKg.exe
  2⤵
  PID:8900
- C:\Windows\System\DEWtOfV.exe
  C:\Windows\System\DEWtOfV.exe
  2⤵
  PID:8932
- C:\Windows\System\qKZVKbO.exe
  C:\Windows\System\qKZVKbO.exe
  2⤵
  PID:9016
- C:\Windows\System\fprQBTL.exe
  C:\Windows\System\fprQBTL.exe
  2⤵
  PID:9044
- C:\Windows\System\qeRCkot.exe
  C:\Windows\System\qeRCkot.exe
  2⤵
  PID:9076
- C:\Windows\System\CXlXTMh.exe
  C:\Windows\System\CXlXTMh.exe
  2⤵
  PID:9112
- C:\Windows\System\nksBeOQ.exe
  C:\Windows\System\nksBeOQ.exe
  2⤵
  PID:9172
- C:\Windows\System\BsDJcxk.exe
  C:\Windows\System\BsDJcxk.exe
  2⤵
  PID:9156
- C:\Windows\System\ckmEFDr.exe
  C:\Windows\System\ckmEFDr.exe
  2⤵
  PID:9160
- C:\Windows\System\eqFFMDX.exe
  C:\Windows\System\eqFFMDX.exe
  2⤵
  PID:8208
- C:\Windows\System\XUYLYbC.exe
  C:\Windows\System\XUYLYbC.exe
  2⤵
  PID:7528
- C:\Windows\System\SbeBJYQ.exe
  C:\Windows\System\SbeBJYQ.exe
  2⤵
  PID:8288
- C:\Windows\System\cWHhrAg.exe
  C:\Windows\System\cWHhrAg.exe
  2⤵
  PID:8368
- C:\Windows\System\WbISdFP.exe
  C:\Windows\System\WbISdFP.exe
  2⤵
  PID:8384
- C:\Windows\System\GJhDZsJ.exe
  C:\Windows\System\GJhDZsJ.exe
  2⤵
  PID:8508
- C:\Windows\System\WNcPlMm.exe
  C:\Windows\System\WNcPlMm.exe
  2⤵
  PID:8464
- C:\Windows\System\UVkNVds.exe
  C:\Windows\System\UVkNVds.exe
  2⤵
  PID:8792
- C:\Windows\System\BkSytlF.exe
  C:\Windows\System\BkSytlF.exe
  2⤵
  PID:8580
- C:\Windows\System\utvcoWB.exe
  C:\Windows\System\utvcoWB.exe
  2⤵
  PID:8808
- C:\Windows\System\AqaVwbj.exe
  C:\Windows\System\AqaVwbj.exe
  2⤵
  PID:8804
- C:\Windows\System\VfWmNFH.exe
  C:\Windows\System\VfWmNFH.exe
  2⤵
  PID:8532
- C:\Windows\System\lEfHETY.exe
  C:\Windows\System\lEfHETY.exe
  2⤵
  PID:8980
- C:\Windows\System\XYRmbZC.exe
  C:\Windows\System\XYRmbZC.exe
  2⤵
  PID:8968
- C:\Windows\System\xnhRwQz.exe
  C:\Windows\System\xnhRwQz.exe
  2⤵
  PID:9060
- C:\Windows\System\qjFaWeJ.exe
  C:\Windows\System\qjFaWeJ.exe
  2⤵
  PID:9064
- C:\Windows\System\gWfCNGb.exe
  C:\Windows\System\gWfCNGb.exe
  2⤵
  PID:9128
- C:\Windows\System\bqdQJIq.exe
  C:\Windows\System\bqdQJIq.exe
  2⤵
  PID:8320
- C:\Windows\System\JDFAjSU.exe
  C:\Windows\System\JDFAjSU.exe
  2⤵
  PID:8204
- C:\Windows\System\BDXZXgQ.exe
  C:\Windows\System\BDXZXgQ.exe
  2⤵
  PID:8400
- C:\Windows\System\olrzNvQ.exe
  C:\Windows\System\olrzNvQ.exe
  2⤵
  PID:8480
- C:\Windows\System\zqEWlYZ.exe
  C:\Windows\System\zqEWlYZ.exe
  2⤵
  PID:8724
- C:\Windows\System\OOMNTrd.exe
  C:\Windows\System\OOMNTrd.exe
  2⤵
  PID:8868
- C:\Windows\System\jhVetxI.exe
  C:\Windows\System\jhVetxI.exe
  2⤵
  PID:9140
- C:\Windows\System\vaLuMVS.exe
  C:\Windows\System\vaLuMVS.exe
  2⤵
  PID:8444
- C:\Windows\System\AzmnveI.exe
  C:\Windows\System\AzmnveI.exe
  2⤵
  PID:9048
- C:\Windows\System\gFQDlBr.exe
  C:\Windows\System\gFQDlBr.exe
  2⤵
  PID:7972
- C:\Windows\System\rAAhbXr.exe
  C:\Windows\System\rAAhbXr.exe
  2⤵
  PID:8720
- C:\Windows\System\TnEnyiP.exe
  C:\Windows\System\TnEnyiP.exe
  2⤵
  PID:9144
- C:\Windows\System\PmdSiKL.exe
  C:\Windows\System\PmdSiKL.exe
  2⤵
  PID:9028
- C:\Windows\System\dlxHbVS.exe
  C:\Windows\System\dlxHbVS.exe
  2⤵
  PID:8660
- C:\Windows\System\VkruSRD.exe
  C:\Windows\System\VkruSRD.exe
  2⤵
  PID:8428
- C:\Windows\System\RwwnxEc.exe
  C:\Windows\System\RwwnxEc.exe
  2⤵
  PID:8576
- C:\Windows\System\yYnyIaw.exe
  C:\Windows\System\yYnyIaw.exe
  2⤵
  PID:9228
- C:\Windows\System\oBTICbJ.exe
  C:\Windows\System\oBTICbJ.exe
  2⤵
  PID:9244
- C:\Windows\System\BatEbCz.exe
  C:\Windows\System\BatEbCz.exe
  2⤵
  PID:9260
- C:\Windows\System\KePFyZM.exe
  C:\Windows\System\KePFyZM.exe
  2⤵
  PID:9280
- C:\Windows\System\BplZqMI.exe
  C:\Windows\System\BplZqMI.exe
  2⤵
  PID:9296
- C:\Windows\System\eGTBqId.exe
  C:\Windows\System\eGTBqId.exe
  2⤵
  PID:9320
- C:\Windows\System\ksbxffR.exe
  C:\Windows\System\ksbxffR.exe
  2⤵
  PID:9340
- C:\Windows\System\mkGjNlQ.exe
  C:\Windows\System\mkGjNlQ.exe
  2⤵
  PID:9356
- C:\Windows\System\HduZLVw.exe
  C:\Windows\System\HduZLVw.exe
  2⤵
  PID:9372
- C:\Windows\System\NEiIpPs.exe
  C:\Windows\System\NEiIpPs.exe
  2⤵
  PID:9392
- C:\Windows\System\IaqAvdp.exe
  C:\Windows\System\IaqAvdp.exe
  2⤵
  PID:9412
- C:\Windows\System\sPxVzIQ.exe
  C:\Windows\System\sPxVzIQ.exe
  2⤵
  PID:9432
- C:\Windows\System\UGddGuP.exe
  C:\Windows\System\UGddGuP.exe
  2⤵
  PID:9448
- C:\Windows\System\ohpzydy.exe
  C:\Windows\System\ohpzydy.exe
  2⤵
  PID:9464
- C:\Windows\System\GBORXWY.exe
  C:\Windows\System\GBORXWY.exe
  2⤵
  PID:9480
- C:\Windows\System\gqfuppD.exe
  C:\Windows\System\gqfuppD.exe
  2⤵
  PID:9496
- C:\Windows\System\gVfITiK.exe
  C:\Windows\System\gVfITiK.exe
  2⤵
  PID:9512
- C:\Windows\System\YmedveL.exe
  C:\Windows\System\YmedveL.exe
  2⤵
  PID:9528
- C:\Windows\System\AeNkCFq.exe
  C:\Windows\System\AeNkCFq.exe
  2⤵
  PID:9544
- C:\Windows\System\qBBiRoQ.exe
  C:\Windows\System\qBBiRoQ.exe
  2⤵
  PID:9560
- C:\Windows\System\mWKSTpq.exe
  C:\Windows\System\mWKSTpq.exe
  2⤵
  PID:9576
- C:\Windows\System\fAUknMY.exe
  C:\Windows\System\fAUknMY.exe
  2⤵
  PID:9592
- C:\Windows\System\URyOVct.exe
  C:\Windows\System\URyOVct.exe
  2⤵
  PID:9608
- C:\Windows\System\AfBxEKe.exe
  C:\Windows\System\AfBxEKe.exe
  2⤵
  PID:9624
- C:\Windows\System\zQNAOOc.exe
  C:\Windows\System\zQNAOOc.exe
  2⤵
  PID:9640
- C:\Windows\System\CuttVcj.exe
  C:\Windows\System\CuttVcj.exe
  2⤵
  PID:9656
- C:\Windows\System\LIHlrLk.exe
  C:\Windows\System\LIHlrLk.exe
  2⤵
  PID:9672
- C:\Windows\System\lsgyJtk.exe
  C:\Windows\System\lsgyJtk.exe
  2⤵
  PID:9688
- C:\Windows\System\GmlPxNT.exe
  C:\Windows\System\GmlPxNT.exe
  2⤵
  PID:9704
- C:\Windows\System\HUNmbfQ.exe
  C:\Windows\System\HUNmbfQ.exe
  2⤵
  PID:9720
- C:\Windows\System\sCbsHir.exe
  C:\Windows\System\sCbsHir.exe
  2⤵
  PID:9736
- C:\Windows\System\bYgxDrr.exe
  C:\Windows\System\bYgxDrr.exe
  2⤵
  PID:9752
- C:\Windows\System\mhjYGPP.exe
  C:\Windows\System\mhjYGPP.exe
  2⤵
  PID:9768
- C:\Windows\System\JOsIiIM.exe
  C:\Windows\System\JOsIiIM.exe
  2⤵
  PID:9784
- C:\Windows\System\gOGKcSn.exe
  C:\Windows\System\gOGKcSn.exe
  2⤵
  PID:9800
- C:\Windows\System\CVqfxCd.exe
  C:\Windows\System\CVqfxCd.exe
  2⤵
  PID:9820
- C:\Windows\System\RIqtlvT.exe
  C:\Windows\System\RIqtlvT.exe
  2⤵
  PID:9836
- C:\Windows\System\peBlFHF.exe
  C:\Windows\System\peBlFHF.exe
  2⤵
  PID:9852
- C:\Windows\System\NBIMtWz.exe
  C:\Windows\System\NBIMtWz.exe
  2⤵
  PID:9868
- C:\Windows\System\BQdbxKQ.exe
  C:\Windows\System\BQdbxKQ.exe
  2⤵
  PID:9884
- C:\Windows\System\RXsInac.exe
  C:\Windows\System\RXsInac.exe
  2⤵
  PID:9900
- C:\Windows\System\iEjLeSd.exe
  C:\Windows\System\iEjLeSd.exe
  2⤵
  PID:9920
- C:\Windows\System\YVbctZs.exe
  C:\Windows\System\YVbctZs.exe
  2⤵
  PID:9964
- C:\Windows\System\HtqaANG.exe
  C:\Windows\System\HtqaANG.exe
  2⤵
  PID:10024
- C:\Windows\System\OkPOYrg.exe
  C:\Windows\System\OkPOYrg.exe
  2⤵
  PID:9368
- C:\Windows\System\KOGzkiJ.exe
  C:\Windows\System\KOGzkiJ.exe
  2⤵
  PID:9380
- C:\Windows\System\fSkifTZ.exe
  C:\Windows\System\fSkifTZ.exe
  2⤵
  PID:9388
- C:\Windows\System\HlddFbc.exe
  C:\Windows\System\HlddFbc.exe
  2⤵
  PID:9492
- C:\Windows\System\YWrejnI.exe
  C:\Windows\System\YWrejnI.exe
  2⤵
  PID:9552
- C:\Windows\System\Jlgpbhq.exe
  C:\Windows\System\Jlgpbhq.exe
  2⤵
  PID:9776
- C:\Windows\System\YbQJUab.exe
  C:\Windows\System\YbQJUab.exe
  2⤵
  PID:9616
- C:\Windows\System\DWpyiAs.exe
  C:\Windows\System\DWpyiAs.exe
  2⤵
  PID:10020
- C:\Windows\System\jvHWdEE.exe
  C:\Windows\System\jvHWdEE.exe
  2⤵
  PID:10048
- C:\Windows\System\dfejiDj.exe
  C:\Windows\System\dfejiDj.exe
  2⤵
  PID:10064
- C:\Windows\System\ktxImSF.exe
  C:\Windows\System\ktxImSF.exe
  2⤵
  PID:10076
- C:\Windows\System\xuwOMDd.exe
  C:\Windows\System\xuwOMDd.exe
  2⤵
  PID:10096
- C:\Windows\System\uADEweo.exe
  C:\Windows\System\uADEweo.exe
  2⤵
  PID:10108
- C:\Windows\System\oPDnnQx.exe
  C:\Windows\System\oPDnnQx.exe
  2⤵
  PID:10132
- C:\Windows\System\StmNKWn.exe
  C:\Windows\System\StmNKWn.exe
  2⤵
  PID:10128
- C:\Windows\System\sCuqDmO.exe
  C:\Windows\System\sCuqDmO.exe
  2⤵
  PID:10164
- C:\Windows\System\RPqJBBy.exe
  C:\Windows\System\RPqJBBy.exe
  2⤵
  PID:10044
- C:\Windows\System\fhDOHco.exe
  C:\Windows\System\fhDOHco.exe
  2⤵
  PID:9252
- C:\Windows\System\leFIgNs.exe
  C:\Windows\System\leFIgNs.exe
  2⤵
  PID:9268
- C:\Windows\System\FCXIsXI.exe
  C:\Windows\System\FCXIsXI.exe
  2⤵
  PID:9328
- C:\Windows\System\rEFrhlR.exe
  C:\Windows\System\rEFrhlR.exe
  2⤵
  PID:9336
- C:\Windows\System\yzxtUXl.exe
  C:\Windows\System\yzxtUXl.exe
  2⤵
  PID:9352
- C:\Windows\System\vvGQDWE.exe
  C:\Windows\System\vvGQDWE.exe
  2⤵
  PID:9472
- C:\Windows\System\ufmpnks.exe
  C:\Windows\System\ufmpnks.exe
  2⤵
  PID:9476
- C:\Windows\System\RUYOvlt.exe
  C:\Windows\System\RUYOvlt.exe
  2⤵
  PID:9540
- C:\Windows\System\TFqnORb.exe
  C:\Windows\System\TFqnORb.exe
  2⤵
  PID:9572
- C:\Windows\System\faqgqeb.exe
  C:\Windows\System\faqgqeb.exe
  2⤵
  PID:9632
- C:\Windows\System\HZyrfxV.exe
  C:\Windows\System\HZyrfxV.exe
  2⤵
  PID:9696
- C:\Windows\System\drQnrKE.exe
  C:\Windows\System\drQnrKE.exe
  2⤵
  PID:9760
- C:\Windows\System\cvRBqQd.exe
  C:\Windows\System\cvRBqQd.exe
  2⤵
  PID:9712
- C:\Windows\System\uIPLoBK.exe
  C:\Windows\System\uIPLoBK.exe
  2⤵
  PID:9912
- C:\Windows\System\JivgKZO.exe
  C:\Windows\System\JivgKZO.exe
  2⤵
  PID:9976
- C:\Windows\System\KuXqzkB.exe
  C:\Windows\System\KuXqzkB.exe
  2⤵
  PID:9948
- C:\Windows\System\Esvjzoi.exe
  C:\Windows\System\Esvjzoi.exe
  2⤵
  PID:9972
- C:\Windows\System\TwNXpPN.exe
  C:\Windows\System\TwNXpPN.exe
  2⤵
  PID:9996
- C:\Windows\System\rMhrKJB.exe
  C:\Windows\System\rMhrKJB.exe
  2⤵
  PID:10152
- C:\Windows\System\ziXuBrE.exe
  C:\Windows\System\ziXuBrE.exe
  2⤵
  PID:10220
- C:\Windows\System\DmsoAwK.exe
  C:\Windows\System\DmsoAwK.exe
  2⤵
  PID:10208
- C:\Windows\System\zajLSlg.exe
  C:\Windows\System\zajLSlg.exe
  2⤵
  PID:10188
- C:\Windows\System\hpHjImt.exe
  C:\Windows\System\hpHjImt.exe
  2⤵
  PID:9220
- C:\Windows\System\rNrKxvj.exe
  C:\Windows\System\rNrKxvj.exe
  2⤵
  PID:9348
- C:\Windows\System\kCYRRya.exe
  C:\Windows\System\kCYRRya.exe
  2⤵
  PID:9408
- C:\Windows\System\nXglyUy.exe
  C:\Windows\System\nXglyUy.exe
  2⤵
  PID:9604
- C:\Windows\System\fLHgeWz.exe
  C:\Windows\System\fLHgeWz.exe
  2⤵
  PID:9456
- C:\Windows\System\Nlpkcfm.exe
  C:\Windows\System\Nlpkcfm.exe
  2⤵
  PID:9288
- C:\Windows\System\LQZtBdA.exe
  C:\Windows\System\LQZtBdA.exe
  2⤵
  PID:9460
- C:\Windows\System\FExenGA.exe
  C:\Windows\System\FExenGA.exe
  2⤵
  PID:9652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DsYOINu.exe

Filesize
6.0MB

MD5
4ec6c9f3d0f9def3cc8674ed6577a824

SHA1
87a30554c046256302db41fa1fdc1f85a04ef1ef

SHA256
e987e207816556cbe1729714a7895df91964e70194bc60628edde4bfb51fd47a

SHA512
f80cd3e949e4b1a75b827acbab5fe195fa648c3440b7ffa02f2eb224bc7ec1043a07d32ce9fb8b654c9309080be4822f2f589634b4dd956c2d073102e9a8f2f7

Download Submit
C:\Windows\system\ELxQgSs.exe

Filesize
6.0MB

MD5
3df3f2f3a30be4d2e499ccc76b743757

SHA1
376045b6e548f36beae4de893808fcdb66e51b28

SHA256
c9ef2ac8a3500a7ba56553c98742d4cedabbf311810b0857d41ffe2d088bb15e

SHA512
60bd3062a0c835d5f9cff6bd38168203eb85fcad971dcd2759fb17fd4d82286c807ceefc6abd90dc9282cba36f2c8759cf995ca009cf6016597cdfbaac502e02

Download Submit
C:\Windows\system\FnOgzQH.exe

Filesize
6.0MB

MD5
1107f7eec6585e92fd1328c4c4b5f970

SHA1
bc97f572faa312a943494012c72d38d18c691ef4

SHA256
9926c222a976b4ba05c391f1bcf8cb48ffa24a684bfe59ae9886e9cf5715c462

SHA512
a3e8f9988fa95ae1fad10b177f045f173c45c461a5f6b327d7ddccefa9b50cfac8aa8257fd1cbaf4bb80e439ff8824e658c4241f4c63364be1b21fce06369c03

Download Submit
C:\Windows\system\NHBJmvZ.exe

Filesize
6.0MB

MD5
e84d5a6efe59a6655fe10ba69abea536

SHA1
6cb1bc543cf53fb17e8e3b944b22867dfbbd4a47

SHA256
ee05b8f31b9bfd7db5d4907de08818792f22c6f419b603256bc7ce33dc1798b2

SHA512
d5e894b2671c7821b486ce2747d6eae3fbfcb72b83c48612c5e8f7f206f5b083b9869b96623b5faa2f4bb36cb0c90bfb75592a96c33c572fe816e3625004e11c

Download Submit
C:\Windows\system\NeVPceE.exe

Filesize
6.0MB

MD5
bb3932213faba74ea2d17b469dcaedaf

SHA1
d6ab68459ace10dd11886ba69eaa8aa96247cd07

SHA256
3e2b03a8499601eb571b2a4d30038ab6d29b6136a11a570fa3ccf76c58e221a4

SHA512
a0d1f60acd8adfad2aac35f6e203b7a4429343c7c9b3e7054afc6d4a4c06241a787c66476517df9e79b4d89881fe6531fce8e58f058e780cceb4dd6e9ebe1fa8

Download Submit
C:\Windows\system\PYhhLkA.exe

Filesize
6.0MB

MD5
69d85d3cdff658668e2c21228aeac314

SHA1
7f7895fadfa8e164804d7a7d9f0432ad8741f2b3

SHA256
ee39d47edb1f256494a6560aa42099e6bc1b9ac3bb7615831fb825d6b8e2aa53

SHA512
a59d5a6a195f942614532b8e81c0ea0dde71a5ef10ce818fefc28ed7a8ec1f631f6ae0926c560b5add525834967e5bb840409bbc738aaef94105465265f836dc

Download Submit
C:\Windows\system\TSLVnrk.exe

Filesize
6.0MB

MD5
b80aed02615de1dd2dbd7727b33fc2d2

SHA1
809a1c7d84c80418be390a97701844034be741fc

SHA256
505e77bf0d5b5deb2c72e6e9bcf63429d8d47a472d36382b7192a1a2f1813ca6

SHA512
1b6d196dbda9222e59b4280b2b716ccabb7da2465a74dbec996c9e10b96f57642b1abfe4a94c06969442d47795c9fad1f601d1dc7d4bbbde9a25a0b819656920

Download Submit
C:\Windows\system\YqvMyNE.exe

Filesize
6.0MB

MD5
c9b505a7ddd196809db672629149c52a

SHA1
6c6a35998e924bc31998d473144518837a368c61

SHA256
1ba1acbe8081db22ae933c656296dbc8483769b45ab92eefd79b2f3437340dc6

SHA512
19ead9d6e65e58a389c3c6e63cb100fefdffc81859a73446df26724b6d47b82fb74b374d22ca7f0015e8a47f67174edc73f8efe96f48a1db3a5e53851c3d2de9

Download Submit
C:\Windows\system\eAkSpeu.exe

Filesize
6.0MB

MD5
a9ca34775ae056da2a855b0867e83ba3

SHA1
c49df37f04ff25f98ede2e10560d69b859c86f33

SHA256
2a693e4d0a9534fce157786960f25376ac144e1513e279b8a5f00431f816786a

SHA512
13504c88f5db1bcfbf1f6617c8823a46b6979ad176965efd4cf6f89443d2b600bbd1db0b4579eec7d5ee2a831291aacc967390a5d133142b7ca4d85e5d07de31

Download Submit
C:\Windows\system\gFxvQtf.exe

Filesize
6.0MB

MD5
fd1c7c79512748be0b7e42b970bf1387

SHA1
884d0f5095e1f10f9cc1ea91aa8ea6c7f57e32de

SHA256
7d6c838ecdabf3cb4132fb0f54dffec4fdd1131e81ec40a0c1d45dc3eec2c00a

SHA512
866a1f4d5d127e2c55ced7b04859a5276b32ad238e501312ca4995a5e80c8e9c99da1fcf1c7f6b29bc1bc71fa349d739980f77278cf13f35cec7c7521e7e0d01

Download Submit
C:\Windows\system\hsuaJxW.exe

Filesize
6.0MB

MD5
32efb20e9aa507a95019e13e71930939

SHA1
647bb703b2f050435bad77dce72e201c9c4b917b

SHA256
e94b98c9bc0fd2b3f09cef11b7ac61120131dd141cb278e93267b9fbfacc84c1

SHA512
a987ae1ed2841d3ce340a33afa35e32e6f7cea85e22ac0bad0b8b0651b78ef7c4f7d59651836741c61f8067d087ca71d3386fca45528ad61fd2e499141dd99e8

Download Submit
C:\Windows\system\ipzSrvg.exe

Filesize
6.0MB

MD5
646565b0506927814fa2c6b7152a61a2

SHA1
823669e964f55be733caa558656baf2daea94f24

SHA256
b39eaafe8d4df8dd0cac88a1502f230f3fedc579c08504f03fa5e5e75b1498b6

SHA512
859861ac78b499acdcbf9c2084ec4920cc28f4ee011604e823cccc01710aa313753229f8e15238034d5826b5426aff095aa5749262ff09332c9e46cd78b009be

Download Submit
C:\Windows\system\kkhGAHE.exe

Filesize
6.0MB

MD5
c3f3f565a4248f71f07aae60edd58b43

SHA1
ad2a72f92d6e41c79874c85d2f041cd671e78581

SHA256
a79a9d696084d078788221e51c82c81471152588b471636dc375c4d59b99547b

SHA512
8cc89e63a7ab4555585901369820beaeb16c145fb2a5cad8e4a8fe7863f49711f80ca9ce3a639d20f9b6fa9900c66ff1d7e3f060b3155fc0c914e84553076626

Download Submit
C:\Windows\system\nEqeSOP.exe

Filesize
6.0MB

MD5
bb359f9097327b93ef6639f63c6af6d4

SHA1
31f75bbcb362078e0e7ca022cf3ad513039c14dc

SHA256
1cd9c7b6ec73256d4984413d542476dcda3c17a01b2a7b2029e71dd7618ed02e

SHA512
d3900699d39a60ae38a4224aaf71d1b1596ee619f7ca9163237f04fda9bcecf2bdbb1ce50abe4f72e9ce4f534843de05a8ee1c342d2ecf04dff4a91d0170a5a9

Download Submit
C:\Windows\system\pCbzezy.exe

Filesize
6.0MB

MD5
2995b01d91bef808de8f2f2730881293

SHA1
99faac7f1b69222350d1f2513a1c6b01e1d89360

SHA256
b9ecb4e1cd745e4282f9d7f6de11d3b7b716cf7018f8a7ff67ef3725daee11be

SHA512
f64447e6f1253d6e7e2ff874f6e28836586f45e807dd5f206ec362bc52ac5df6114fce7e102e2b61c7a70f3dc4fc9916206423f5940b5109d100146d1e4d7ea1

Download Submit
C:\Windows\system\phqeJUK.exe

Filesize
6.0MB

MD5
f328b843e2f11858a69ba2c397e741cd

SHA1
1563699e5515c517b048d299639d5eb71471f1f5

SHA256
527bb9a95d78910a570973d3ba4b886d320fca3536c587edf2f5c3ba225d6e08

SHA512
9f00da637bd8275c73b8722af44df9703afb08a0ed51ba8ab9ec3f170939ced62da98f9bcb4ae9be459e5424aea7c5f87e7d79c6f5108a208ea037a60ddfc110

Download Submit
C:\Windows\system\sxpvYIr.exe

Filesize
6.0MB

MD5
2cccd2c2d12975be1d14bd560f3222fd

SHA1
9f6c972de3615567564ef3dc6aee8f6a27a29e39

SHA256
a8158496c26372833addeb9dc51de5713078aa2d411b0f5e51570118901dc791

SHA512
8dc95c986a245f39628677ec17caa00bf0955bddf8dc92831e707a6265ff692ab981dab652dc5ba5f6c742af37d960f4874ab92abf36264251812470e1ac754d

Download Submit
C:\Windows\system\tMTmiDk.exe

Filesize
6.0MB

MD5
2f9468bf53fcab133c233d6be320c7b7

SHA1
17d55ed99c43689d643b4fd9402d97d1739d7128

SHA256
8bdbae5203d964a0ec14335456477f3d13dbdf503003d7b2ea5703a7b6e3e48a

SHA512
155449acdc6619b19a3a8d493b65b85b511dea1713eae382648afc75f357daa2cf2b94f3f13e399cda35a84c1b8a587601aacd983ef182b58608aad6674702d7

Download Submit
C:\Windows\system\uJEyLGe.exe

Filesize
6.0MB

MD5
d523d4fe25ab43aab701091250a06e59

SHA1
79f1d4be23e663dbb622c7b5b47119c6ff482707

SHA256
f9afdd1680ae8e9e66a5dbbb9c1ec9384f0f136ac72aa5b3f30aa78266146e8e

SHA512
174ebe904f470fe8d16296a4304c69121abfb76a7304da2445492265c798efc714231cbab2ced63308fd8bb7a246055d911af713899f09b1149e031f99dfbce9

Download Submit
C:\Windows\system\vYGMzMZ.exe

Filesize
6.0MB

MD5
cb0ddb31eeb7f9f520a18b66c9aa1c64

SHA1
25fe496e1756577d22eef85ec4273dac4e88c643

SHA256
2a26ca20dc37fc45968fba35e129eb86e8050a2d76f5b609165d24e2990053be

SHA512
b55e63db66eed1e521155c44d1d64182739a2264685aa0132ec2abb30813f0ef01bf3330e82d1e019bb393fe3e165ffa719863e66830ce72440ee149ddae2fc4

Download Submit
C:\Windows\system\vsUVemO.exe

Filesize
6.0MB

MD5
198ce531f2f02caf73bdd8ba0e60206f

SHA1
601c21e63a711dfd502fd8b3a86c6332f16e67e4

SHA256
8f50d13107c12db545314b50b36924c994f2f8097f562fa471506389a9803f3c

SHA512
bccb74da028f4e031c3dc5da6fda900ebf25cdf6095de67d0105595cb628556835c37900e3ccbc9a57a2229a0c449f2ecbed84ccfb49dd0be983b0bcd6bb6fc0

Download Submit
C:\Windows\system\yMzfLzr.exe

Filesize
6.0MB

MD5
ee2a6bc9b7434e19f8c06805d8696560

SHA1
214c026902596ec9338c23dde6e60e66a9eb2030

SHA256
37ba462edc4773ff9cb9d5729515222e6382b38b919da7a4f82630f2d74a12f3

SHA512
1af1e2d83a5485fdbf19ce247467cb692fd19c2afa2ffcf38e4d58c532063ee42ec646026a44f67e6acb7a0692828d0dc1783174023e3ab41a59b8903879febb

Download Submit
C:\Windows\system\zcOTpsL.exe

Filesize
6.0MB

MD5
9ef1df8d778a9777380075c020016bba

SHA1
8fcaccc8bc3a3f315f773d249b8d8727f1b51761

SHA256
9e55c19e6c4d48ff511b89ee7de65a95fc7a4f60fa8ec91270b9152395c89da9

SHA512
43869bdb2d7b75197d05a1c03637838f2f80221ef79b97545e2f3594f67389be851009c5a7e2f8bd5d321129c79c60c931205fd4a868606803b0de1538917853

Download Submit
\Windows\system\CgbzWfj.exe

Filesize
6.0MB

MD5
372450f46836ae36f2fa3766fb5b3473

SHA1
417351dd3d2e58aeb878f62fb1eeaf9a62ed8526

SHA256
248147ae7d2998292233051797db969f873b569b90bb56f22d212b17251a088e

SHA512
beb1d98e2a30a8c2532182c5970fb146685a5eb385c7b3089d59cba3b11fb209f9e39a95d239f8649056be0fccf10e4c6d7af4fd6add277c29266638f3596ddd

Download Submit
\Windows\system\DzchgBe.exe

Filesize
6.0MB

MD5
07686584a91c09bc424c9dbfe41e25b6

SHA1
05549242b81a42f3ee16188d84beb356b36e3f00

SHA256
39c75c3bd00cfa16031280cf3e632b859c9ba715baf1598ccf021febbe09eeec

SHA512
68fc730d334fb05ef21c141ba76328f7871d4c2aa9ff272064b762fcb9f7ca4dee79c3503019bc57a8f6f3c90963a4f5220fc2bafef4a60c9bdab59d8c595cd5

Download Submit
\Windows\system\LHioAOE.exe

Filesize
6.0MB

MD5
1e50cfdd7e0f17f901a08f9265c7f024

SHA1
d8cb6a9655212454af4e4a8aa5ef7655682a8ec1

SHA256
5ed2f7606600152b8d691d697056f8ba848fbbea03e574b040005c61f339e596

SHA512
96f5af66ed8cc08e256ca4f2ef344aec517a67604e13c3c5eefa070fccf1e7ea4227957cf3b5904b015d0fe7b34aed5a100674d82617f6b2ef80099d972bea54

Download Submit
\Windows\system\LfOlcJc.exe

Filesize
6.0MB

MD5
75e32a4602ec05bddf5d920eb03ed5cf

SHA1
f4e90642ea245e7bc4f4332242cb379c28407d37

SHA256
2b9d03f0f46c092436337a3aa170c30dea131a219e8f891187fe455605a55fb6

SHA512
339883a9837094ae0b196417d37139b81cd13b6cb1758045283f384af2632dc70eb86ab4bd29d338022570fa4a1618faa5b9934ddab6ff8db5ab56d1dca3bf5c

Download Submit
\Windows\system\SzLtvjE.exe

Filesize
6.0MB

MD5
60ccfb438e7e9d14fa68de105466262c

SHA1
6c95ef85a15f2a892f59b93d822b25cf4ed4b9e2

SHA256
c0fc7cc830f1a6c9e1b3cd6fc4dff593229e483db1c8b7d123b1635d502bb0a8

SHA512
c1c58dc0e7383711b7773f209e2070f2d11219958a8ea6ebb1ab7d413324f2c00d0d959a6a4f9fb99906adf09f0c454733ecdf03fdfd44226eeee96d3e635a69

Download Submit
\Windows\system\WRvESlE.exe

Filesize
6.0MB

MD5
69c5f05010678a7ea9516764b50b765b

SHA1
840d5c7b3c79b4b81346c97853fdacea2fbfa336

SHA256
c7bf94879a6c988ef3f15efff64a33e8f9f82921422d3d7021d0993652a77ece

SHA512
e8ae48995aaa84c39b5161ab0d31e0d37c0d59e8b5fbee999207350af756d28a6106270f5684c41066a914c79b1ae019e2bd8fa97b2fcac856436676e05dcce3

Download Submit
\Windows\system\eHvVfjQ.exe

Filesize
6.0MB

MD5
2f388ecb0fb8e24be651ba1cefdc9abf

SHA1
fa1043cde432ed394d72b7e411a33901ac1a3c26

SHA256
0be0007fff42e180d88065a78a3b33766ed11c2b087cfa6e7a32d6fb4820ed4f

SHA512
4395f675cc53d8e89ae777c58b35a503cfbf6dab39ce66edba51815dd8c6c101517a0123ef081f33459e572803218768cff5b697037853ea37d1ff662d159b82

Download Submit
\Windows\system\fKswdlR.exe

Filesize
6.0MB

MD5
b2f89d6b181a32419e74df37428b137f

SHA1
043311473a04886571717445f8d3824140ebae92

SHA256
cdf8d8aef0247b53c222857bec51c66df5d479b08e2f0ef795a4bf08e1cfe062

SHA512
3cf9e702498e21178761a298231db4198ed6d65ee8056ec30556458cd952210d39217cd8aaabbb31fe724f27565b791e9648cead6c98d21534911ea7a94ffeb1

Download Submit
\Windows\system\gsFkAuY.exe

Filesize
6.0MB

MD5
ea1b10eeb21d0fe5ef6305e243611038

SHA1
479e494256d20ca24a25d186fc8cbe9283b7df5c

SHA256
7ab1ffd205d8dc0d8e3ee5cf648e4c30c16a7ee9e6f106c1e4912e641e577fb6

SHA512
fd652f0a3b0209f73a3f710579c2102d717b1ee6c55caf53c9a6269a9b3b6a5fa2d1360771f4a44b8b1776506d9539b8a63e54fbe07d45b31ea9764518563ef8

Download Submit
\Windows\system\jqHHyCR.exe

Filesize
6.0MB

MD5
f4ab4db0b7cc7354c1977a38b457cb30

SHA1
a88818d25a6fdda8a1bcbe6b1855f4b4551285fe

SHA256
9c6d0fcf9f260494dba45cccd29d6e09d260a1ec270415cff9698df7fc3729f7

SHA512
dc0256f8b89f10a30faf3033df4089653a561fd9c2312c7083fd099ecc0ed884c320aebd6a436816ded47b8cdbeff83cbe14af1f9c338c52eede0f7de42d9452

Download Submit
\Windows\system\rWdYXyv.exe

Filesize
6.0MB

MD5
8719de396a092663dcee5cc42bbfdd9d

SHA1
928b232dc94db764d872318e0db81ac8c4bcd989

SHA256
518dd37b9d303432013a50c0e6e44622e94173bfa40691b88b8755a08ac183f1

SHA512
ad34214d3330c4e0d234f446472e919984a2fd085877fc2aaadc0545ad9646f530c2af69e31d5bd8352c46113202bd2a07a56af3cd5182eed24bb02d8bd13976

Download Submit
\Windows\system\yzBPdmW.exe

Filesize
6.0MB

MD5
dcca91d9cd9e20fb2e9433d41739210d

SHA1
1054542a610a6c46f3c01063770c98baa9aaa1ac

SHA256
a8ffb7e992a8740230cf1f64d90a31c363706f8bafafcfc3ced00a464c6cc127

SHA512
3667bb73dfef4b41366ea619bd2b9b4572c739b550bc9d810e469f7eceb0246df0ac8b511f3d96ceae3909f700d0abb2b8c4c5cf8560ebb6e6f207f28dd30a86

Download Submit
memory/1824-108-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1824-4015-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1916-89-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1916-76-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-0-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1916-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1916-17-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-141-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-1393-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1916-1394-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-1200-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-51-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-1166-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-1051-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-1050-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1916-137-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1916-43-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-148-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1916-69-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-87-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-101-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-78-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-77-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2008-4019-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-133-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-4008-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2124-75-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2228-73-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2228-1167-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2228-4017-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4014-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2576-63-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2584-4012-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2584-74-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2636-4009-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-37-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4016-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-79-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-4013-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-83-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-50-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2744-4011-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2788-52-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-4018-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-28-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-4010-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download