cobaltstrike | 091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-09-2024 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
Size

6.0MB
MD5

0b9ec54881fa22e1f264e338fc6a4980
SHA1

a2ec56b46b5e33f0ab951c8c3998eda5794b93ad
SHA256

091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47
SHA512

ec0a1e5c0f9811e3bfa6c645fd047b84e84c41c3a708a56bfecb59faf3a257f3a5a60db612fe5cc7ffff6014e078e7bcb5648698f7470e36a48f7aacdc4ce6ad
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUE:T+q56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012115-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193c4-13.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193d9-12.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019401-27.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019403-30.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001947e-52.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019441-48.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001942f-40.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196be-67.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001967d-61.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000019382-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c43-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c4a-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d2d-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc1-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a078-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b3-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a354-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43f-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a443-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a446-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a441-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43d-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a311-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a08b-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fc9-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019faf-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db5-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d54-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c63-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c48-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196f6-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998a-91.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2644-0-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/files/0x0007000000012115-6.dat	xmrig
behavioral1/memory/2780-9-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x00070000000193c4-13.dat	xmrig
behavioral1/files/0x00070000000193d9-12.dat	xmrig
behavioral1/memory/2660-23-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/3008-22-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x0006000000019401-27.dat	xmrig
behavioral1/memory/2824-29-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x0006000000019403-30.dat	xmrig
behavioral1/memory/2680-37-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2432-50-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x000800000001947e-52.dat	xmrig
behavioral1/memory/2644-53-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x0008000000019441-48.dat	xmrig
behavioral1/memory/2644-44-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2536-42-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x000600000001942f-40.dat	xmrig
behavioral1/memory/2572-66-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x00050000000196be-67.dat	xmrig
behavioral1/memory/2824-64-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2932-58-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x000600000001967d-61.dat	xmrig
behavioral1/files/0x0032000000019382-76.dat	xmrig
behavioral1/memory/2176-73-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/1704-84-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/1960-88-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c43-100.dat	xmrig
behavioral1/files/0x0005000000019c4a-112.dat	xmrig
behavioral1/files/0x0005000000019d2d-122.dat	xmrig
behavioral1/files/0x0005000000019dc1-137.dat	xmrig
behavioral1/files/0x000500000001a078-152.dat	xmrig
behavioral1/files/0x000500000001a0b3-162.dat	xmrig
behavioral1/files/0x000500000001a354-172.dat	xmrig
behavioral1/memory/616-1064-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/1960-734-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2644-509-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a43f-190.dat	xmrig
behavioral1/files/0x000500000001a443-188.dat	xmrig
behavioral1/files/0x000500000001a446-193.dat	xmrig
behavioral1/files/0x000500000001a441-185.dat	xmrig
behavioral1/files/0x000500000001a43d-176.dat	xmrig
behavioral1/files/0x000500000001a311-167.dat	xmrig
behavioral1/files/0x000500000001a08b-157.dat	xmrig
behavioral1/files/0x0005000000019fc9-147.dat	xmrig
behavioral1/files/0x0005000000019faf-142.dat	xmrig
behavioral1/files/0x0005000000019db5-132.dat	xmrig
behavioral1/files/0x0005000000019d54-127.dat	xmrig
behavioral1/files/0x0005000000019c63-117.dat	xmrig
behavioral1/memory/616-101-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/1984-99-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c48-105.dat	xmrig
behavioral1/memory/2432-87-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x00050000000196f6-86.dat	xmrig
behavioral1/files/0x000500000001998a-91.dat	xmrig
behavioral1/memory/2536-82-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2680-3266-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2536-3265-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/3008-3308-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2432-3307-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2780-3305-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2572-3339-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2824-3338-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2932-3379-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2780	VRCzFHz.exe
2660	EjJwCoD.exe
3008	FOSOFIK.exe
2824	xHcvslQ.exe
2680	zzSdOoP.exe
2536	RSUYhJd.exe
2432	nVPUjIG.exe
2932	bStkAck.exe
2572	IgSNjid.exe
2176	GJBdDFU.exe
1704	DqnPvwT.exe
1960	rOIfIrx.exe
1984	aFrFIlr.exe
616	VFGUAdm.exe
1232	SzaFbLZ.exe
2264	CUtlZbl.exe
2312	TaYCasv.exe
1204	ftgxnix.exe
112	oAKbaZf.exe
2512	BmfCWhH.exe
1500	aSQmYJY.exe
2324	aIOFWxK.exe
2940	sSAGqXY.exe
2992	AFeoFtU.exe
2044	afgFDns.exe
816	mPLzxGP.exe
1136	GUYbuRY.exe
1916	KJpqOzB.exe
1588	LIQVIXW.exe
2480	elaFMYz.exe
652	uVWYdpp.exe
1772	sUVxvHI.exe
868	jibbNwh.exe
3052	sqnAnho.exe
1528	GTHWOaX.exe
2136	jqbYPhm.exe
1956	reOWomt.exe
2084	pafTsdW.exe
1440	dzmNGzb.exe
1304	qmhdjvl.exe
2452	IHUXBNl.exe
1928	oHXmkvS.exe
2892	mukMlLf.exe
1800	FWnTEBv.exe
1336	WdnoonD.exe
3068	OOByfES.exe
2092	ZsdjsgJ.exe
900	JyhzYJM.exe
2976	ylkYrdw.exe
2720	nyKBySL.exe
1816	KncIdPW.exe
2232	VOisSXZ.exe
1580	nGiHSVo.exe
1576	rlkKytY.exe
2668	anmpOOz.exe
2816	BjBOTxp.exe
2708	FEQQAkq.exe
2924	AYhXriv.exe
2820	DAxHepb.exe
2724	vMTIxHG.exe
2356	DrBneLz.exe
2000	eFzDPef.exe
2504	yvbsVyx.exe
2036	idUAOhm.exe

Loads dropped DLL 64 IoCs

pid	Process
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2644-0-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/files/0x0007000000012115-6.dat	upx
behavioral1/memory/2780-9-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x00070000000193c4-13.dat	upx
behavioral1/files/0x00070000000193d9-12.dat	upx
behavioral1/memory/2660-23-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/3008-22-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0006000000019401-27.dat	upx
behavioral1/memory/2824-29-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x0006000000019403-30.dat	upx
behavioral1/memory/2680-37-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2432-50-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x000800000001947e-52.dat	upx
behavioral1/files/0x0008000000019441-48.dat	upx
behavioral1/memory/2644-44-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2536-42-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x000600000001942f-40.dat	upx
behavioral1/memory/2572-66-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x00050000000196be-67.dat	upx
behavioral1/memory/2824-64-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2932-58-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x000600000001967d-61.dat	upx
behavioral1/files/0x0032000000019382-76.dat	upx
behavioral1/memory/2176-73-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/1704-84-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/1960-88-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x0005000000019c43-100.dat	upx
behavioral1/files/0x0005000000019c4a-112.dat	upx
behavioral1/files/0x0005000000019d2d-122.dat	upx
behavioral1/files/0x0005000000019dc1-137.dat	upx
behavioral1/files/0x000500000001a078-152.dat	upx
behavioral1/files/0x000500000001a0b3-162.dat	upx
behavioral1/files/0x000500000001a354-172.dat	upx
behavioral1/memory/616-1064-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/1960-734-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x000500000001a43f-190.dat	upx
behavioral1/files/0x000500000001a443-188.dat	upx
behavioral1/files/0x000500000001a446-193.dat	upx
behavioral1/files/0x000500000001a441-185.dat	upx
behavioral1/files/0x000500000001a43d-176.dat	upx
behavioral1/files/0x000500000001a311-167.dat	upx
behavioral1/files/0x000500000001a08b-157.dat	upx
behavioral1/files/0x0005000000019fc9-147.dat	upx
behavioral1/files/0x0005000000019faf-142.dat	upx
behavioral1/files/0x0005000000019db5-132.dat	upx
behavioral1/files/0x0005000000019d54-127.dat	upx
behavioral1/files/0x0005000000019c63-117.dat	upx
behavioral1/memory/616-101-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/1984-99-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x0005000000019c48-105.dat	upx
behavioral1/memory/2432-87-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x00050000000196f6-86.dat	upx
behavioral1/files/0x000500000001998a-91.dat	upx
behavioral1/memory/2536-82-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2680-3266-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2536-3265-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/3008-3308-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2432-3307-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2780-3305-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2572-3339-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2824-3338-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2932-3379-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2660-3333-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/1960-3474-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\WdnoonD.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\cdkvkEo.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\FwARmzC.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\PIvQftm.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\ykmlPTw.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\haRZxLk.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\qgbvwHL.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\hDsXVmJ.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\jPWBPil.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\jrnyKWR.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\SvSofuf.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\nlsASNX.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\PTXGCiE.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\PQHzmBo.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\DDyrNDW.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\YWLgYoW.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\OgclZoI.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\JolxOUV.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\eFzDPef.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\JpnqqBY.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\sABAqJE.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\FKUphfn.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\hDHXHDx.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\idUAOhm.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\WvsmrTU.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\kBOlVOO.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\hzBVKuZ.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\OeENLNh.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\LNhOyUI.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\pLrnloG.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\bfyOBth.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\GGoAAwv.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\XVoHRwD.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\GTHWOaX.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\IMEEEQz.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\TZFxBaZ.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\gMjomGh.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\jAXvcUF.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\lTyNhRN.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\bahYwLw.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\UGqmjws.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\vBfvYMJ.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\csverTy.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\iXXYUdc.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\ELzQSWM.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\JKxoZKC.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\kAPUOgR.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\JKfaRrt.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\XbgLhzM.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\pLFRTFh.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\cFyqyNu.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\sUVxvHI.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\ADSMVYq.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\rUfUWGo.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\dstkwkh.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\EqyCgpG.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\ZVwnMrh.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\KKOkkvA.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\xhmvSwS.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\dNwMIgr.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\gvlBTvn.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\pafTsdW.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\lcuONyW.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
File created	C:\Windows\System\ooiMbVG.exe	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2780	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	31
PID 2644 wrote to memory of 2780	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	31
PID 2644 wrote to memory of 2780	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	31
PID 2644 wrote to memory of 2660	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	32
PID 2644 wrote to memory of 2660	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	32
PID 2644 wrote to memory of 2660	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	32
PID 2644 wrote to memory of 3008	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	33
PID 2644 wrote to memory of 3008	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	33
PID 2644 wrote to memory of 3008	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	33
PID 2644 wrote to memory of 2824	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	34
PID 2644 wrote to memory of 2824	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	34
PID 2644 wrote to memory of 2824	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	34
PID 2644 wrote to memory of 2680	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	35
PID 2644 wrote to memory of 2680	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	35
PID 2644 wrote to memory of 2680	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	35
PID 2644 wrote to memory of 2536	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	36
PID 2644 wrote to memory of 2536	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	36
PID 2644 wrote to memory of 2536	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	36
PID 2644 wrote to memory of 2432	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	37
PID 2644 wrote to memory of 2432	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	37
PID 2644 wrote to memory of 2432	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	37
PID 2644 wrote to memory of 2932	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	38
PID 2644 wrote to memory of 2932	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	38
PID 2644 wrote to memory of 2932	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	38
PID 2644 wrote to memory of 2572	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	39
PID 2644 wrote to memory of 2572	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	39
PID 2644 wrote to memory of 2572	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	39
PID 2644 wrote to memory of 2176	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	40
PID 2644 wrote to memory of 2176	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	40
PID 2644 wrote to memory of 2176	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	40
PID 2644 wrote to memory of 1704	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	41
PID 2644 wrote to memory of 1704	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	41
PID 2644 wrote to memory of 1704	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	41
PID 2644 wrote to memory of 1960	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	42
PID 2644 wrote to memory of 1960	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	42
PID 2644 wrote to memory of 1960	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	42
PID 2644 wrote to memory of 1984	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	43
PID 2644 wrote to memory of 1984	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	43
PID 2644 wrote to memory of 1984	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	43
PID 2644 wrote to memory of 616	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	44
PID 2644 wrote to memory of 616	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	44
PID 2644 wrote to memory of 616	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	44
PID 2644 wrote to memory of 1232	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	45
PID 2644 wrote to memory of 1232	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	45
PID 2644 wrote to memory of 1232	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	45
PID 2644 wrote to memory of 2264	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	46
PID 2644 wrote to memory of 2264	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	46
PID 2644 wrote to memory of 2264	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	46
PID 2644 wrote to memory of 2312	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	47
PID 2644 wrote to memory of 2312	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	47
PID 2644 wrote to memory of 2312	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	47
PID 2644 wrote to memory of 1204	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	48
PID 2644 wrote to memory of 1204	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	48
PID 2644 wrote to memory of 1204	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	48
PID 2644 wrote to memory of 112	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	49
PID 2644 wrote to memory of 112	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	49
PID 2644 wrote to memory of 112	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	49
PID 2644 wrote to memory of 2512	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	50
PID 2644 wrote to memory of 2512	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	50
PID 2644 wrote to memory of 2512	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	50
PID 2644 wrote to memory of 1500	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	51
PID 2644 wrote to memory of 1500	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	51
PID 2644 wrote to memory of 1500	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	51
PID 2644 wrote to memory of 2324	2644	091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe	52

C:\Users\Admin\AppData\Local\Temp\091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe
"C:\Users\Admin\AppData\Local\Temp\091769e4424148fcf51932ef8d3dff6661d51c7eba3c5f05287f8dbbd9e61f47N.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\System\VRCzFHz.exe
  C:\Windows\System\VRCzFHz.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\EjJwCoD.exe
  C:\Windows\System\EjJwCoD.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\FOSOFIK.exe
  C:\Windows\System\FOSOFIK.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\xHcvslQ.exe
  C:\Windows\System\xHcvslQ.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\zzSdOoP.exe
  C:\Windows\System\zzSdOoP.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\RSUYhJd.exe
  C:\Windows\System\RSUYhJd.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\nVPUjIG.exe
  C:\Windows\System\nVPUjIG.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\bStkAck.exe
  C:\Windows\System\bStkAck.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\IgSNjid.exe
  C:\Windows\System\IgSNjid.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\GJBdDFU.exe
  C:\Windows\System\GJBdDFU.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\DqnPvwT.exe
  C:\Windows\System\DqnPvwT.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\rOIfIrx.exe
  C:\Windows\System\rOIfIrx.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\aFrFIlr.exe
  C:\Windows\System\aFrFIlr.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\VFGUAdm.exe
  C:\Windows\System\VFGUAdm.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\SzaFbLZ.exe
  C:\Windows\System\SzaFbLZ.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\CUtlZbl.exe
  C:\Windows\System\CUtlZbl.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\TaYCasv.exe
  C:\Windows\System\TaYCasv.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\ftgxnix.exe
  C:\Windows\System\ftgxnix.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\oAKbaZf.exe
  C:\Windows\System\oAKbaZf.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\BmfCWhH.exe
  C:\Windows\System\BmfCWhH.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\aSQmYJY.exe
  C:\Windows\System\aSQmYJY.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\aIOFWxK.exe
  C:\Windows\System\aIOFWxK.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\sSAGqXY.exe
  C:\Windows\System\sSAGqXY.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\AFeoFtU.exe
  C:\Windows\System\AFeoFtU.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\afgFDns.exe
  C:\Windows\System\afgFDns.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\mPLzxGP.exe
  C:\Windows\System\mPLzxGP.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\GUYbuRY.exe
  C:\Windows\System\GUYbuRY.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\KJpqOzB.exe
  C:\Windows\System\KJpqOzB.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\LIQVIXW.exe
  C:\Windows\System\LIQVIXW.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\uVWYdpp.exe
  C:\Windows\System\uVWYdpp.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\elaFMYz.exe
  C:\Windows\System\elaFMYz.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\jibbNwh.exe
  C:\Windows\System\jibbNwh.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\sUVxvHI.exe
  C:\Windows\System\sUVxvHI.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\sqnAnho.exe
  C:\Windows\System\sqnAnho.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\GTHWOaX.exe
  C:\Windows\System\GTHWOaX.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\jqbYPhm.exe
  C:\Windows\System\jqbYPhm.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\reOWomt.exe
  C:\Windows\System\reOWomt.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\dzmNGzb.exe
  C:\Windows\System\dzmNGzb.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\pafTsdW.exe
  C:\Windows\System\pafTsdW.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\IHUXBNl.exe
  C:\Windows\System\IHUXBNl.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\qmhdjvl.exe
  C:\Windows\System\qmhdjvl.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\FWnTEBv.exe
  C:\Windows\System\FWnTEBv.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\oHXmkvS.exe
  C:\Windows\System\oHXmkvS.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\OOByfES.exe
  C:\Windows\System\OOByfES.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\mukMlLf.exe
  C:\Windows\System\mukMlLf.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\ZsdjsgJ.exe
  C:\Windows\System\ZsdjsgJ.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\WdnoonD.exe
  C:\Windows\System\WdnoonD.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\JyhzYJM.exe
  C:\Windows\System\JyhzYJM.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\ylkYrdw.exe
  C:\Windows\System\ylkYrdw.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\nyKBySL.exe
  C:\Windows\System\nyKBySL.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\KncIdPW.exe
  C:\Windows\System\KncIdPW.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\VOisSXZ.exe
  C:\Windows\System\VOisSXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\nGiHSVo.exe
  C:\Windows\System\nGiHSVo.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\rlkKytY.exe
  C:\Windows\System\rlkKytY.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\anmpOOz.exe
  C:\Windows\System\anmpOOz.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\BjBOTxp.exe
  C:\Windows\System\BjBOTxp.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\FEQQAkq.exe
  C:\Windows\System\FEQQAkq.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\AYhXriv.exe
  C:\Windows\System\AYhXriv.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\DAxHepb.exe
  C:\Windows\System\DAxHepb.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\vMTIxHG.exe
  C:\Windows\System\vMTIxHG.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\DrBneLz.exe
  C:\Windows\System\DrBneLz.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\eFzDPef.exe
  C:\Windows\System\eFzDPef.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\yvbsVyx.exe
  C:\Windows\System\yvbsVyx.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\idUAOhm.exe
  C:\Windows\System\idUAOhm.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\qNKUZyD.exe
  C:\Windows\System\qNKUZyD.exe
  2⤵
  PID:1936
- C:\Windows\System\omCxRoE.exe
  C:\Windows\System\omCxRoE.exe
  2⤵
  PID:864
- C:\Windows\System\kcVOreD.exe
  C:\Windows\System\kcVOreD.exe
  2⤵
  PID:1472
- C:\Windows\System\JJmeKaM.exe
  C:\Windows\System\JJmeKaM.exe
  2⤵
  PID:2836
- C:\Windows\System\yPsXKCU.exe
  C:\Windows\System\yPsXKCU.exe
  2⤵
  PID:3032
- C:\Windows\System\QFIHyde.exe
  C:\Windows\System\QFIHyde.exe
  2⤵
  PID:812
- C:\Windows\System\GrWWsRr.exe
  C:\Windows\System\GrWWsRr.exe
  2⤵
  PID:1860
- C:\Windows\System\YqioDat.exe
  C:\Windows\System\YqioDat.exe
  2⤵
  PID:1320
- C:\Windows\System\kqKnQJc.exe
  C:\Windows\System\kqKnQJc.exe
  2⤵
  PID:1316
- C:\Windows\System\cguWFvt.exe
  C:\Windows\System\cguWFvt.exe
  2⤵
  PID:2496
- C:\Windows\System\cDzLWLi.exe
  C:\Windows\System\cDzLWLi.exe
  2⤵
  PID:1812
- C:\Windows\System\EDvyZvP.exe
  C:\Windows\System\EDvyZvP.exe
  2⤵
  PID:2896
- C:\Windows\System\awiuNKV.exe
  C:\Windows\System\awiuNKV.exe
  2⤵
  PID:1524
- C:\Windows\System\KmBPeIv.exe
  C:\Windows\System\KmBPeIv.exe
  2⤵
  PID:1040
- C:\Windows\System\rmHaLlU.exe
  C:\Windows\System\rmHaLlU.exe
  2⤵
  PID:2236
- C:\Windows\System\cBWygHC.exe
  C:\Windows\System\cBWygHC.exe
  2⤵
  PID:2484
- C:\Windows\System\UDSFHQN.exe
  C:\Windows\System\UDSFHQN.exe
  2⤵
  PID:2308
- C:\Windows\System\hpnnXRV.exe
  C:\Windows\System\hpnnXRV.exe
  2⤵
  PID:2280
- C:\Windows\System\OEuSsUM.exe
  C:\Windows\System\OEuSsUM.exe
  2⤵
  PID:2968
- C:\Windows\System\EsgpvoP.exe
  C:\Windows\System\EsgpvoP.exe
  2⤵
  PID:2912
- C:\Windows\System\VKDsOtn.exe
  C:\Windows\System\VKDsOtn.exe
  2⤵
  PID:316
- C:\Windows\System\BFAmoCN.exe
  C:\Windows\System\BFAmoCN.exe
  2⤵
  PID:2812
- C:\Windows\System\NLCjGxF.exe
  C:\Windows\System\NLCjGxF.exe
  2⤵
  PID:1568
- C:\Windows\System\OpqkiKo.exe
  C:\Windows\System\OpqkiKo.exe
  2⤵
  PID:2928
- C:\Windows\System\Xlzurof.exe
  C:\Windows\System\Xlzurof.exe
  2⤵
  PID:2648
- C:\Windows\System\ScIiFDQ.exe
  C:\Windows\System\ScIiFDQ.exe
  2⤵
  PID:2364
- C:\Windows\System\NOwUYoW.exe
  C:\Windows\System\NOwUYoW.exe
  2⤵
  PID:2704
- C:\Windows\System\IVbcJgR.exe
  C:\Windows\System\IVbcJgR.exe
  2⤵
  PID:1720
- C:\Windows\System\NfpbnPX.exe
  C:\Windows\System\NfpbnPX.exe
  2⤵
  PID:2532
- C:\Windows\System\VBUSNlp.exe
  C:\Windows\System\VBUSNlp.exe
  2⤵
  PID:1732
- C:\Windows\System\TCtsmDc.exe
  C:\Windows\System\TCtsmDc.exe
  2⤵
  PID:2624
- C:\Windows\System\tLiHcKH.exe
  C:\Windows\System\tLiHcKH.exe
  2⤵
  PID:2716
- C:\Windows\System\rGDAsmP.exe
  C:\Windows\System\rGDAsmP.exe
  2⤵
  PID:1108
- C:\Windows\System\YQvlHhJ.exe
  C:\Windows\System\YQvlHhJ.exe
  2⤵
  PID:2792
- C:\Windows\System\JAENRYY.exe
  C:\Windows\System\JAENRYY.exe
  2⤵
  PID:1028
- C:\Windows\System\HiuNSVg.exe
  C:\Windows\System\HiuNSVg.exe
  2⤵
  PID:2276
- C:\Windows\System\EjFqses.exe
  C:\Windows\System\EjFqses.exe
  2⤵
  PID:840
- C:\Windows\System\jkQOLOv.exe
  C:\Windows\System\jkQOLOv.exe
  2⤵
  PID:3048
- C:\Windows\System\ykmlPTw.exe
  C:\Windows\System\ykmlPTw.exe
  2⤵
  PID:276
- C:\Windows\System\CCICZXF.exe
  C:\Windows\System\CCICZXF.exe
  2⤵
  PID:3064
- C:\Windows\System\qAlDrQG.exe
  C:\Windows\System\qAlDrQG.exe
  2⤵
  PID:932
- C:\Windows\System\QGUFpcK.exe
  C:\Windows\System\QGUFpcK.exe
  2⤵
  PID:880
- C:\Windows\System\rBwjLAO.exe
  C:\Windows\System\rBwjLAO.exe
  2⤵
  PID:2684
- C:\Windows\System\wLwpaZk.exe
  C:\Windows\System\wLwpaZk.exe
  2⤵
  PID:2748
- C:\Windows\System\rwZozAJ.exe
  C:\Windows\System\rwZozAJ.exe
  2⤵
  PID:2636
- C:\Windows\System\sJjeYIm.exe
  C:\Windows\System\sJjeYIm.exe
  2⤵
  PID:1148
- C:\Windows\System\uqWflVR.exe
  C:\Windows\System\uqWflVR.exe
  2⤵
  PID:1532
- C:\Windows\System\ppaSuse.exe
  C:\Windows\System\ppaSuse.exe
  2⤵
  PID:592
- C:\Windows\System\rlPRRod.exe
  C:\Windows\System\rlPRRod.exe
  2⤵
  PID:1352
- C:\Windows\System\VxUTXhi.exe
  C:\Windows\System\VxUTXhi.exe
  2⤵
  PID:904
- C:\Windows\System\QSuaFSf.exe
  C:\Windows\System\QSuaFSf.exe
  2⤵
  PID:408
- C:\Windows\System\UWdFLRZ.exe
  C:\Windows\System\UWdFLRZ.exe
  2⤵
  PID:1768
- C:\Windows\System\kKDObfd.exe
  C:\Windows\System\kKDObfd.exe
  2⤵
  PID:2228
- C:\Windows\System\tMwmYge.exe
  C:\Windows\System\tMwmYge.exe
  2⤵
  PID:3080
- C:\Windows\System\MBhaDxY.exe
  C:\Windows\System\MBhaDxY.exe
  2⤵
  PID:3100
- C:\Windows\System\jjUSpJQ.exe
  C:\Windows\System\jjUSpJQ.exe
  2⤵
  PID:3120
- C:\Windows\System\MmypqiK.exe
  C:\Windows\System\MmypqiK.exe
  2⤵
  PID:3140
- C:\Windows\System\qaiwjKy.exe
  C:\Windows\System\qaiwjKy.exe
  2⤵
  PID:3156
- C:\Windows\System\sIpuQWg.exe
  C:\Windows\System\sIpuQWg.exe
  2⤵
  PID:3176
- C:\Windows\System\mUEWmir.exe
  C:\Windows\System\mUEWmir.exe
  2⤵
  PID:3196
- C:\Windows\System\tBFUWoT.exe
  C:\Windows\System\tBFUWoT.exe
  2⤵
  PID:3216
- C:\Windows\System\ClpFdUD.exe
  C:\Windows\System\ClpFdUD.exe
  2⤵
  PID:3232
- C:\Windows\System\reMBnEJ.exe
  C:\Windows\System\reMBnEJ.exe
  2⤵
  PID:3248
- C:\Windows\System\jAvSZdW.exe
  C:\Windows\System\jAvSZdW.exe
  2⤵
  PID:3268
- C:\Windows\System\hgZKGEg.exe
  C:\Windows\System\hgZKGEg.exe
  2⤵
  PID:3284
- C:\Windows\System\xfMdWpc.exe
  C:\Windows\System\xfMdWpc.exe
  2⤵
  PID:3300
- C:\Windows\System\bfNFEsT.exe
  C:\Windows\System\bfNFEsT.exe
  2⤵
  PID:3324
- C:\Windows\System\MIXpJMy.exe
  C:\Windows\System\MIXpJMy.exe
  2⤵
  PID:3348
- C:\Windows\System\KGMQWrd.exe
  C:\Windows\System\KGMQWrd.exe
  2⤵
  PID:3364
- C:\Windows\System\FsAjkbB.exe
  C:\Windows\System\FsAjkbB.exe
  2⤵
  PID:3388
- C:\Windows\System\kFiRiUN.exe
  C:\Windows\System\kFiRiUN.exe
  2⤵
  PID:3416
- C:\Windows\System\mMReBQZ.exe
  C:\Windows\System\mMReBQZ.exe
  2⤵
  PID:3440
- C:\Windows\System\OhpBTTq.exe
  C:\Windows\System\OhpBTTq.exe
  2⤵
  PID:3456
- C:\Windows\System\ixtymJy.exe
  C:\Windows\System\ixtymJy.exe
  2⤵
  PID:3476
- C:\Windows\System\CCxyUuU.exe
  C:\Windows\System\CCxyUuU.exe
  2⤵
  PID:3492
- C:\Windows\System\nQNNLdi.exe
  C:\Windows\System\nQNNLdi.exe
  2⤵
  PID:3516
- C:\Windows\System\gwmllUO.exe
  C:\Windows\System\gwmllUO.exe
  2⤵
  PID:3536
- C:\Windows\System\yngvAZJ.exe
  C:\Windows\System\yngvAZJ.exe
  2⤵
  PID:3560
- C:\Windows\System\GVcHomw.exe
  C:\Windows\System\GVcHomw.exe
  2⤵
  PID:3584
- C:\Windows\System\HxBulYa.exe
  C:\Windows\System\HxBulYa.exe
  2⤵
  PID:3600
- C:\Windows\System\LNvRtOl.exe
  C:\Windows\System\LNvRtOl.exe
  2⤵
  PID:3620
- C:\Windows\System\vSwcqls.exe
  C:\Windows\System\vSwcqls.exe
  2⤵
  PID:3640
- C:\Windows\System\MamIkfW.exe
  C:\Windows\System\MamIkfW.exe
  2⤵
  PID:3660
- C:\Windows\System\lTyNhRN.exe
  C:\Windows\System\lTyNhRN.exe
  2⤵
  PID:3688
- C:\Windows\System\BTxtalx.exe
  C:\Windows\System\BTxtalx.exe
  2⤵
  PID:3704
- C:\Windows\System\jSOwHxH.exe
  C:\Windows\System\jSOwHxH.exe
  2⤵
  PID:3724
- C:\Windows\System\JYdNKhr.exe
  C:\Windows\System\JYdNKhr.exe
  2⤵
  PID:3744
- C:\Windows\System\FUPcVLD.exe
  C:\Windows\System\FUPcVLD.exe
  2⤵
  PID:3760
- C:\Windows\System\bahYwLw.exe
  C:\Windows\System\bahYwLw.exe
  2⤵
  PID:3780
- C:\Windows\System\yCtQZBM.exe
  C:\Windows\System\yCtQZBM.exe
  2⤵
  PID:3804
- C:\Windows\System\haRZxLk.exe
  C:\Windows\System\haRZxLk.exe
  2⤵
  PID:3820
- C:\Windows\System\xFwXVsE.exe
  C:\Windows\System\xFwXVsE.exe
  2⤵
  PID:3836
- C:\Windows\System\fwczwYH.exe
  C:\Windows\System\fwczwYH.exe
  2⤵
  PID:3852
- C:\Windows\System\aVlhlgu.exe
  C:\Windows\System\aVlhlgu.exe
  2⤵
  PID:3872
- C:\Windows\System\LfcksIb.exe
  C:\Windows\System\LfcksIb.exe
  2⤵
  PID:3892
- C:\Windows\System\MHuzhJJ.exe
  C:\Windows\System\MHuzhJJ.exe
  2⤵
  PID:3916
- C:\Windows\System\doIItib.exe
  C:\Windows\System\doIItib.exe
  2⤵
  PID:3936
- C:\Windows\System\twcFhih.exe
  C:\Windows\System\twcFhih.exe
  2⤵
  PID:3952
- C:\Windows\System\EiLMLCc.exe
  C:\Windows\System\EiLMLCc.exe
  2⤵
  PID:3968
- C:\Windows\System\FXtzNfp.exe
  C:\Windows\System\FXtzNfp.exe
  2⤵
  PID:3984
- C:\Windows\System\SvSofuf.exe
  C:\Windows\System\SvSofuf.exe
  2⤵
  PID:4000
- C:\Windows\System\MZShVYI.exe
  C:\Windows\System\MZShVYI.exe
  2⤵
  PID:4016
- C:\Windows\System\BXZUwLf.exe
  C:\Windows\System\BXZUwLf.exe
  2⤵
  PID:4032
- C:\Windows\System\EYaAgMp.exe
  C:\Windows\System\EYaAgMp.exe
  2⤵
  PID:4052
- C:\Windows\System\WvsmrTU.exe
  C:\Windows\System\WvsmrTU.exe
  2⤵
  PID:4084
- C:\Windows\System\pQrTxgg.exe
  C:\Windows\System\pQrTxgg.exe
  2⤵
  PID:2900
- C:\Windows\System\HtzXEtq.exe
  C:\Windows\System\HtzXEtq.exe
  2⤵
  PID:2904
- C:\Windows\System\ZseyKAI.exe
  C:\Windows\System\ZseyKAI.exe
  2⤵
  PID:1552
- C:\Windows\System\MkUXAyG.exe
  C:\Windows\System\MkUXAyG.exe
  2⤵
  PID:2752
- C:\Windows\System\cSmWxzB.exe
  C:\Windows\System\cSmWxzB.exe
  2⤵
  PID:2388
- C:\Windows\System\kbZDmUM.exe
  C:\Windows\System\kbZDmUM.exe
  2⤵
  PID:2548
- C:\Windows\System\WSiXqSM.exe
  C:\Windows\System\WSiXqSM.exe
  2⤵
  PID:2064
- C:\Windows\System\KsDMfVY.exe
  C:\Windows\System\KsDMfVY.exe
  2⤵
  PID:3148
- C:\Windows\System\LtDfPQy.exe
  C:\Windows\System\LtDfPQy.exe
  2⤵
  PID:3192
- C:\Windows\System\WruEWZo.exe
  C:\Windows\System\WruEWZo.exe
  2⤵
  PID:2500
- C:\Windows\System\cnVraOx.exe
  C:\Windows\System\cnVraOx.exe
  2⤵
  PID:3260
- C:\Windows\System\ixBgehd.exe
  C:\Windows\System\ixBgehd.exe
  2⤵
  PID:3164
- C:\Windows\System\bozyPiK.exe
  C:\Windows\System\bozyPiK.exe
  2⤵
  PID:3344
- C:\Windows\System\RKfhyaL.exe
  C:\Windows\System\RKfhyaL.exe
  2⤵
  PID:3384
- C:\Windows\System\rtgNGOv.exe
  C:\Windows\System\rtgNGOv.exe
  2⤵
  PID:3240
- C:\Windows\System\dTMsRyH.exe
  C:\Windows\System\dTMsRyH.exe
  2⤵
  PID:3356
- C:\Windows\System\FKFgOdY.exe
  C:\Windows\System\FKFgOdY.exe
  2⤵
  PID:3276
- C:\Windows\System\TZLEsbk.exe
  C:\Windows\System\TZLEsbk.exe
  2⤵
  PID:3436
- C:\Windows\System\NwCCRmf.exe
  C:\Windows\System\NwCCRmf.exe
  2⤵
  PID:3508
- C:\Windows\System\QVnoRQH.exe
  C:\Windows\System\QVnoRQH.exe
  2⤵
  PID:3408
- C:\Windows\System\pFetEDx.exe
  C:\Windows\System\pFetEDx.exe
  2⤵
  PID:3596
- C:\Windows\System\OihUmkK.exe
  C:\Windows\System\OihUmkK.exe
  2⤵
  PID:3636
- C:\Windows\System\QEcTWye.exe
  C:\Windows\System\QEcTWye.exe
  2⤵
  PID:3668
- C:\Windows\System\GUwxsIr.exe
  C:\Windows\System\GUwxsIr.exe
  2⤵
  PID:3680
- C:\Windows\System\SCxURRo.exe
  C:\Windows\System\SCxURRo.exe
  2⤵
  PID:3756
- C:\Windows\System\yhjXrCv.exe
  C:\Windows\System\yhjXrCv.exe
  2⤵
  PID:3612
- C:\Windows\System\FDMSlBJ.exe
  C:\Windows\System\FDMSlBJ.exe
  2⤵
  PID:3576
- C:\Windows\System\aWZsMyF.exe
  C:\Windows\System\aWZsMyF.exe
  2⤵
  PID:3656
- C:\Windows\System\OQssmPB.exe
  C:\Windows\System\OQssmPB.exe
  2⤵
  PID:3900
- C:\Windows\System\lkcUkEV.exe
  C:\Windows\System\lkcUkEV.exe
  2⤵
  PID:3700
- C:\Windows\System\oVGwedZ.exe
  C:\Windows\System\oVGwedZ.exe
  2⤵
  PID:3768
- C:\Windows\System\qnkVWft.exe
  C:\Windows\System\qnkVWft.exe
  2⤵
  PID:3948
- C:\Windows\System\RkhppCe.exe
  C:\Windows\System\RkhppCe.exe
  2⤵
  PID:4008
- C:\Windows\System\knVksFa.exe
  C:\Windows\System\knVksFa.exe
  2⤵
  PID:4092
- C:\Windows\System\KxDOVue.exe
  C:\Windows\System\KxDOVue.exe
  2⤵
  PID:3960
- C:\Windows\System\xzsMzKn.exe
  C:\Windows\System\xzsMzKn.exe
  2⤵
  PID:4028
- C:\Windows\System\EEyIHtw.exe
  C:\Windows\System\EEyIHtw.exe
  2⤵
  PID:4076
- C:\Windows\System\kUseGhu.exe
  C:\Windows\System\kUseGhu.exe
  2⤵
  PID:3924
- C:\Windows\System\mLVRZQx.exe
  C:\Windows\System\mLVRZQx.exe
  2⤵
  PID:1556
- C:\Windows\System\yTdKsSO.exe
  C:\Windows\System\yTdKsSO.exe
  2⤵
  PID:1360
- C:\Windows\System\BOyAjoP.exe
  C:\Windows\System\BOyAjoP.exe
  2⤵
  PID:2576
- C:\Windows\System\zOhxHWD.exe
  C:\Windows\System\zOhxHWD.exe
  2⤵
  PID:3152
- C:\Windows\System\tKGSIIN.exe
  C:\Windows\System\tKGSIIN.exe
  2⤵
  PID:3292
- C:\Windows\System\BbrxBZM.exe
  C:\Windows\System\BbrxBZM.exe
  2⤵
  PID:2212
- C:\Windows\System\gYoEmVG.exe
  C:\Windows\System\gYoEmVG.exe
  2⤵
  PID:3296
- C:\Windows\System\DKKcHHy.exe
  C:\Windows\System\DKKcHHy.exe
  2⤵
  PID:3136
- C:\Windows\System\QhemkUK.exe
  C:\Windows\System\QhemkUK.exe
  2⤵
  PID:3396
- C:\Windows\System\xMnjtcC.exe
  C:\Windows\System\xMnjtcC.exe
  2⤵
  PID:3464
- C:\Windows\System\DHBWKvY.exe
  C:\Windows\System\DHBWKvY.exe
  2⤵
  PID:2948
- C:\Windows\System\atwxAei.exe
  C:\Windows\System\atwxAei.exe
  2⤵
  PID:3320
- C:\Windows\System\lFJTFKY.exe
  C:\Windows\System\lFJTFKY.exe
  2⤵
  PID:3488
- C:\Windows\System\qQsrYVj.exe
  C:\Windows\System\qQsrYVj.exe
  2⤵
  PID:3752
- C:\Windows\System\GZmJWhh.exe
  C:\Windows\System\GZmJWhh.exe
  2⤵
  PID:3544
- C:\Windows\System\hhzxrUL.exe
  C:\Windows\System\hhzxrUL.exe
  2⤵
  PID:3628
- C:\Windows\System\jEfuyAv.exe
  C:\Windows\System\jEfuyAv.exe
  2⤵
  PID:3684
- C:\Windows\System\aNpyXds.exe
  C:\Windows\System\aNpyXds.exe
  2⤵
  PID:3868
- C:\Windows\System\TnvQKmh.exe
  C:\Windows\System\TnvQKmh.exe
  2⤵
  PID:3652
- C:\Windows\System\EjsmUcE.exe
  C:\Windows\System\EjsmUcE.exe
  2⤵
  PID:2944
- C:\Windows\System\iYEyVHv.exe
  C:\Windows\System\iYEyVHv.exe
  2⤵
  PID:3932
- C:\Windows\System\UwAOtip.exe
  C:\Windows\System\UwAOtip.exe
  2⤵
  PID:3812
- C:\Windows\System\DzvUAHU.exe
  C:\Windows\System\DzvUAHU.exe
  2⤵
  PID:3880
- C:\Windows\System\nBMxwRY.exe
  C:\Windows\System\nBMxwRY.exe
  2⤵
  PID:4024
- C:\Windows\System\XDhtuWR.exe
  C:\Windows\System\XDhtuWR.exe
  2⤵
  PID:3848
- C:\Windows\System\spnPFwc.exe
  C:\Windows\System\spnPFwc.exe
  2⤵
  PID:1652
- C:\Windows\System\GIUMTka.exe
  C:\Windows\System\GIUMTka.exe
  2⤵
  PID:1696
- C:\Windows\System\ofbzkNG.exe
  C:\Windows\System\ofbzkNG.exe
  2⤵
  PID:2764
- C:\Windows\System\lJEzbmJ.exe
  C:\Windows\System\lJEzbmJ.exe
  2⤵
  PID:3172
- C:\Windows\System\jGVRHIL.exe
  C:\Windows\System\jGVRHIL.exe
  2⤵
  PID:3556
- C:\Windows\System\kQkMOPx.exe
  C:\Windows\System\kQkMOPx.exe
  2⤵
  PID:3428
- C:\Windows\System\VlntJSR.exe
  C:\Windows\System\VlntJSR.exe
  2⤵
  PID:3380
- C:\Windows\System\XlOkZhO.exe
  C:\Windows\System\XlOkZhO.exe
  2⤵
  PID:3800
- C:\Windows\System\bwhgSZg.exe
  C:\Windows\System\bwhgSZg.exe
  2⤵
  PID:3532
- C:\Windows\System\qQxfWoU.exe
  C:\Windows\System\qQxfWoU.exe
  2⤵
  PID:3452
- C:\Windows\System\JSTNHMR.exe
  C:\Windows\System\JSTNHMR.exe
  2⤵
  PID:3928
- C:\Windows\System\MgXHlQA.exe
  C:\Windows\System\MgXHlQA.exe
  2⤵
  PID:3980
- C:\Windows\System\xqQWNvJ.exe
  C:\Windows\System\xqQWNvJ.exe
  2⤵
  PID:4072
- C:\Windows\System\TPPovOk.exe
  C:\Windows\System\TPPovOk.exe
  2⤵
  PID:4108
- C:\Windows\System\hwwFpJb.exe
  C:\Windows\System\hwwFpJb.exe
  2⤵
  PID:4124
- C:\Windows\System\yhaLWjq.exe
  C:\Windows\System\yhaLWjq.exe
  2⤵
  PID:4152
- C:\Windows\System\AhynIla.exe
  C:\Windows\System\AhynIla.exe
  2⤵
  PID:4168
- C:\Windows\System\MLBWvJe.exe
  C:\Windows\System\MLBWvJe.exe
  2⤵
  PID:4188
- C:\Windows\System\eZvimQr.exe
  C:\Windows\System\eZvimQr.exe
  2⤵
  PID:4208
- C:\Windows\System\CNDvgVD.exe
  C:\Windows\System\CNDvgVD.exe
  2⤵
  PID:4224
- C:\Windows\System\fwqriZH.exe
  C:\Windows\System\fwqriZH.exe
  2⤵
  PID:4240
- C:\Windows\System\yZzGDdh.exe
  C:\Windows\System\yZzGDdh.exe
  2⤵
  PID:4260
- C:\Windows\System\YZBLhjW.exe
  C:\Windows\System\YZBLhjW.exe
  2⤵
  PID:4280
- C:\Windows\System\qSqoBuN.exe
  C:\Windows\System\qSqoBuN.exe
  2⤵
  PID:4304
- C:\Windows\System\ywTdmCD.exe
  C:\Windows\System\ywTdmCD.exe
  2⤵
  PID:4332
- C:\Windows\System\AHWfwus.exe
  C:\Windows\System\AHWfwus.exe
  2⤵
  PID:4348
- C:\Windows\System\zkLxZlv.exe
  C:\Windows\System\zkLxZlv.exe
  2⤵
  PID:4372
- C:\Windows\System\GqZEBAe.exe
  C:\Windows\System\GqZEBAe.exe
  2⤵
  PID:4392
- C:\Windows\System\OwErhsh.exe
  C:\Windows\System\OwErhsh.exe
  2⤵
  PID:4408
- C:\Windows\System\oTXSpSw.exe
  C:\Windows\System\oTXSpSw.exe
  2⤵
  PID:4428
- C:\Windows\System\IXPmMHP.exe
  C:\Windows\System\IXPmMHP.exe
  2⤵
  PID:4444
- C:\Windows\System\XvgZFTt.exe
  C:\Windows\System\XvgZFTt.exe
  2⤵
  PID:4460
- C:\Windows\System\aWPahBR.exe
  C:\Windows\System\aWPahBR.exe
  2⤵
  PID:4484
- C:\Windows\System\oVyErQW.exe
  C:\Windows\System\oVyErQW.exe
  2⤵
  PID:4500
- C:\Windows\System\TKuNvYj.exe
  C:\Windows\System\TKuNvYj.exe
  2⤵
  PID:4516
- C:\Windows\System\GaNFYUI.exe
  C:\Windows\System\GaNFYUI.exe
  2⤵
  PID:4532
- C:\Windows\System\EoXqokw.exe
  C:\Windows\System\EoXqokw.exe
  2⤵
  PID:4556
- C:\Windows\System\YJkGuOh.exe
  C:\Windows\System\YJkGuOh.exe
  2⤵
  PID:4572
- C:\Windows\System\kYpqFmO.exe
  C:\Windows\System\kYpqFmO.exe
  2⤵
  PID:4596
- C:\Windows\System\qnaEPVl.exe
  C:\Windows\System\qnaEPVl.exe
  2⤵
  PID:4620
- C:\Windows\System\OZNZvpF.exe
  C:\Windows\System\OZNZvpF.exe
  2⤵
  PID:4648
- C:\Windows\System\FEirDQJ.exe
  C:\Windows\System\FEirDQJ.exe
  2⤵
  PID:4664
- C:\Windows\System\GsxyJSg.exe
  C:\Windows\System\GsxyJSg.exe
  2⤵
  PID:4684
- C:\Windows\System\wtLkAWK.exe
  C:\Windows\System\wtLkAWK.exe
  2⤵
  PID:4700
- C:\Windows\System\qxsAKZh.exe
  C:\Windows\System\qxsAKZh.exe
  2⤵
  PID:4716
- C:\Windows\System\DJdIeQK.exe
  C:\Windows\System\DJdIeQK.exe
  2⤵
  PID:4736
- C:\Windows\System\IMEEEQz.exe
  C:\Windows\System\IMEEEQz.exe
  2⤵
  PID:4752
- C:\Windows\System\tIHkolE.exe
  C:\Windows\System\tIHkolE.exe
  2⤵
  PID:4772
- C:\Windows\System\qKsgCkm.exe
  C:\Windows\System\qKsgCkm.exe
  2⤵
  PID:4788
- C:\Windows\System\xmqGfNk.exe
  C:\Windows\System\xmqGfNk.exe
  2⤵
  PID:4804
- C:\Windows\System\nlsASNX.exe
  C:\Windows\System\nlsASNX.exe
  2⤵
  PID:4820
- C:\Windows\System\nSaBvqV.exe
  C:\Windows\System\nSaBvqV.exe
  2⤵
  PID:4836
- C:\Windows\System\SNyVOmT.exe
  C:\Windows\System\SNyVOmT.exe
  2⤵
  PID:4868
- C:\Windows\System\ESPPnQW.exe
  C:\Windows\System\ESPPnQW.exe
  2⤵
  PID:4888
- C:\Windows\System\GepDjdx.exe
  C:\Windows\System\GepDjdx.exe
  2⤵
  PID:4924
- C:\Windows\System\LXKNFag.exe
  C:\Windows\System\LXKNFag.exe
  2⤵
  PID:4952
- C:\Windows\System\OXGBRyE.exe
  C:\Windows\System\OXGBRyE.exe
  2⤵
  PID:4968
- C:\Windows\System\WrHBWPk.exe
  C:\Windows\System\WrHBWPk.exe
  2⤵
  PID:4984
- C:\Windows\System\FNTLXfY.exe
  C:\Windows\System\FNTLXfY.exe
  2⤵
  PID:5004
- C:\Windows\System\ZFTKBlC.exe
  C:\Windows\System\ZFTKBlC.exe
  2⤵
  PID:5020
- C:\Windows\System\DfAnZyH.exe
  C:\Windows\System\DfAnZyH.exe
  2⤵
  PID:5036
- C:\Windows\System\xsgVDoh.exe
  C:\Windows\System\xsgVDoh.exe
  2⤵
  PID:5060
- C:\Windows\System\csSbmZb.exe
  C:\Windows\System\csSbmZb.exe
  2⤵
  PID:5080
- C:\Windows\System\aliSrwk.exe
  C:\Windows\System\aliSrwk.exe
  2⤵
  PID:5100
- C:\Windows\System\MQtwXDF.exe
  C:\Windows\System\MQtwXDF.exe
  2⤵
  PID:3028
- C:\Windows\System\gDzgpsE.exe
  C:\Windows\System\gDzgpsE.exe
  2⤵
  PID:1760
- C:\Windows\System\ifVerrl.exe
  C:\Windows\System\ifVerrl.exe
  2⤵
  PID:3992
- C:\Windows\System\TPSCcpA.exe
  C:\Windows\System\TPSCcpA.exe
  2⤵
  PID:1560
- C:\Windows\System\JyTPdiT.exe
  C:\Windows\System\JyTPdiT.exe
  2⤵
  PID:1716
- C:\Windows\System\OtWyzGf.exe
  C:\Windows\System\OtWyzGf.exe
  2⤵
  PID:2156
- C:\Windows\System\JmNzDur.exe
  C:\Windows\System\JmNzDur.exe
  2⤵
  PID:3736
- C:\Windows\System\FqJUWYD.exe
  C:\Windows\System\FqJUWYD.exe
  2⤵
  PID:3864
- C:\Windows\System\fYQFKme.exe
  C:\Windows\System\fYQFKme.exe
  2⤵
  PID:4044
- C:\Windows\System\GNrOnkD.exe
  C:\Windows\System\GNrOnkD.exe
  2⤵
  PID:4104
- C:\Windows\System\JTaweXK.exe
  C:\Windows\System\JTaweXK.exe
  2⤵
  PID:4148
- C:\Windows\System\uBeQIBw.exe
  C:\Windows\System\uBeQIBw.exe
  2⤵
  PID:4216
- C:\Windows\System\kFSONyd.exe
  C:\Windows\System\kFSONyd.exe
  2⤵
  PID:4160
- C:\Windows\System\qjBHsIA.exe
  C:\Windows\System\qjBHsIA.exe
  2⤵
  PID:2736
- C:\Windows\System\nCxqtPB.exe
  C:\Windows\System\nCxqtPB.exe
  2⤵
  PID:4200
- C:\Windows\System\vrVwIUc.exe
  C:\Windows\System\vrVwIUc.exe
  2⤵
  PID:4424
- C:\Windows\System\WCDsEFr.exe
  C:\Windows\System\WCDsEFr.exe
  2⤵
  PID:4312
- C:\Windows\System\gXzQvNz.exe
  C:\Windows\System\gXzQvNz.exe
  2⤵
  PID:4232
- C:\Windows\System\RPImbBO.exe
  C:\Windows\System\RPImbBO.exe
  2⤵
  PID:4528
- C:\Windows\System\OxThneG.exe
  C:\Windows\System\OxThneG.exe
  2⤵
  PID:4616
- C:\Windows\System\vAWpquO.exe
  C:\Windows\System\vAWpquO.exe
  2⤵
  PID:4328
- C:\Windows\System\GCLMTBa.exe
  C:\Windows\System\GCLMTBa.exe
  2⤵
  PID:4360
- C:\Windows\System\YptgBzv.exe
  C:\Windows\System\YptgBzv.exe
  2⤵
  PID:4724
- C:\Windows\System\ELeIYHA.exe
  C:\Windows\System\ELeIYHA.exe
  2⤵
  PID:4764
- C:\Windows\System\lcuONyW.exe
  C:\Windows\System\lcuONyW.exe
  2⤵
  PID:4472
- C:\Windows\System\DWWctTP.exe
  C:\Windows\System\DWWctTP.exe
  2⤵
  PID:4828
- C:\Windows\System\gmotWjj.exe
  C:\Windows\System\gmotWjj.exe
  2⤵
  PID:4884
- C:\Windows\System\ANpGqVo.exe
  C:\Windows\System\ANpGqVo.exe
  2⤵
  PID:4580
- C:\Windows\System\YZppsiN.exe
  C:\Windows\System\YZppsiN.exe
  2⤵
  PID:4628
- C:\Windows\System\Crmthqb.exe
  C:\Windows\System\Crmthqb.exe
  2⤵
  PID:4940
- C:\Windows\System\GWJUTEe.exe
  C:\Windows\System\GWJUTEe.exe
  2⤵
  PID:4644
- C:\Windows\System\zEAcfBY.exe
  C:\Windows\System\zEAcfBY.exe
  2⤵
  PID:4980
- C:\Windows\System\zJBgNRT.exe
  C:\Windows\System\zJBgNRT.exe
  2⤵
  PID:5044
- C:\Windows\System\MVOSkKF.exe
  C:\Windows\System\MVOSkKF.exe
  2⤵
  PID:5088
- C:\Windows\System\vrUdhTA.exe
  C:\Windows\System\vrUdhTA.exe
  2⤵
  PID:4852
- C:\Windows\System\iXXYUdc.exe
  C:\Windows\System\iXXYUdc.exe
  2⤵
  PID:4896
- C:\Windows\System\XzFnAGt.exe
  C:\Windows\System\XzFnAGt.exe
  2⤵
  PID:4744
- C:\Windows\System\UnBRqSc.exe
  C:\Windows\System\UnBRqSc.exe
  2⤵
  PID:4912
- C:\Windows\System\fPYXQJT.exe
  C:\Windows\System\fPYXQJT.exe
  2⤵
  PID:2188
- C:\Windows\System\uZCFEmc.exe
  C:\Windows\System\uZCFEmc.exe
  2⤵
  PID:4964
- C:\Windows\System\KvKgrCG.exe
  C:\Windows\System\KvKgrCG.exe
  2⤵
  PID:2652
- C:\Windows\System\VoAiZoU.exe
  C:\Windows\System\VoAiZoU.exe
  2⤵
  PID:2220
- C:\Windows\System\OADhVdk.exe
  C:\Windows\System\OADhVdk.exe
  2⤵
  PID:3400
- C:\Windows\System\msznohx.exe
  C:\Windows\System\msznohx.exe
  2⤵
  PID:5108
- C:\Windows\System\zpCmSBz.exe
  C:\Windows\System\zpCmSBz.exe
  2⤵
  PID:3228
- C:\Windows\System\lztiXCE.exe
  C:\Windows\System\lztiXCE.exe
  2⤵
  PID:3720
- C:\Windows\System\fVdiyKC.exe
  C:\Windows\System\fVdiyKC.exe
  2⤵
  PID:4068
- C:\Windows\System\ZdVUgam.exe
  C:\Windows\System\ZdVUgam.exe
  2⤵
  PID:4100
- C:\Windows\System\qHBxZqA.exe
  C:\Windows\System\qHBxZqA.exe
  2⤵
  PID:4120
- C:\Windows\System\vLVRqXz.exe
  C:\Windows\System\vLVRqXz.exe
  2⤵
  PID:4256
- C:\Windows\System\BgTeKos.exe
  C:\Windows\System\BgTeKos.exe
  2⤵
  PID:4236
- C:\Windows\System\sayTcEx.exe
  C:\Windows\System\sayTcEx.exe
  2⤵
  PID:2020
- C:\Windows\System\iRqnovy.exe
  C:\Windows\System\iRqnovy.exe
  2⤵
  PID:4400
- C:\Windows\System\tqDNRlY.exe
  C:\Windows\System\tqDNRlY.exe
  2⤵
  PID:572
- C:\Windows\System\KYyGXxl.exe
  C:\Windows\System\KYyGXxl.exe
  2⤵
  PID:4800
- C:\Windows\System\UZruCVN.exe
  C:\Windows\System\UZruCVN.exe
  2⤵
  PID:4316
- C:\Windows\System\wVqkohF.exe
  C:\Windows\System\wVqkohF.exe
  2⤵
  PID:4696
- C:\Windows\System\BBJjMYH.exe
  C:\Windows\System\BBJjMYH.exe
  2⤵
  PID:4932
- C:\Windows\System\CSfTlNf.exe
  C:\Windows\System\CSfTlNf.exe
  2⤵
  PID:5056
- C:\Windows\System\XixAHpj.exe
  C:\Windows\System\XixAHpj.exe
  2⤵
  PID:4864
- C:\Windows\System\DpyPDDE.exe
  C:\Windows\System\DpyPDDE.exe
  2⤵
  PID:4904
- C:\Windows\System\WuETnMj.exe
  C:\Windows\System\WuETnMj.exe
  2⤵
  PID:3340
- C:\Windows\System\rHwdMrP.exe
  C:\Windows\System\rHwdMrP.exe
  2⤵
  PID:4948
- C:\Windows\System\KYVhiTv.exe
  C:\Windows\System\KYVhiTv.exe
  2⤵
  PID:5016
- C:\Windows\System\nTjvlQs.exe
  C:\Windows\System\nTjvlQs.exe
  2⤵
  PID:4848
- C:\Windows\System\eDnckIZ.exe
  C:\Windows\System\eDnckIZ.exe
  2⤵
  PID:5028
- C:\Windows\System\cdkvkEo.exe
  C:\Windows\System\cdkvkEo.exe
  2⤵
  PID:4812
- C:\Windows\System\zQbaCPB.exe
  C:\Windows\System\zQbaCPB.exe
  2⤵
  PID:3572
- C:\Windows\System\VknLqMI.exe
  C:\Windows\System\VknLqMI.exe
  2⤵
  PID:4144
- C:\Windows\System\LWfeyWf.exe
  C:\Windows\System\LWfeyWf.exe
  2⤵
  PID:3676
- C:\Windows\System\vMjbnNj.exe
  C:\Windows\System\vMjbnNj.exe
  2⤵
  PID:3224
- C:\Windows\System\kdRfrXv.exe
  C:\Windows\System\kdRfrXv.exe
  2⤵
  PID:4604
- C:\Windows\System\iEiHmuF.exe
  C:\Windows\System\iEiHmuF.exe
  2⤵
  PID:4272
- C:\Windows\System\WkYvfwx.exe
  C:\Windows\System\WkYvfwx.exe
  2⤵
  PID:4388
- C:\Windows\System\lzjHsPW.exe
  C:\Windows\System\lzjHsPW.exe
  2⤵
  PID:4368
- C:\Windows\System\nmzFJXl.exe
  C:\Windows\System\nmzFJXl.exe
  2⤵
  PID:4548
- C:\Windows\System\AqhWxkA.exe
  C:\Windows\System\AqhWxkA.exe
  2⤵
  PID:2796
- C:\Windows\System\XagjdMt.exe
  C:\Windows\System\XagjdMt.exe
  2⤵
  PID:1976
- C:\Windows\System\cvqgdrl.exe
  C:\Windows\System\cvqgdrl.exe
  2⤵
  PID:2676
- C:\Windows\System\wbSsZVi.exe
  C:\Windows\System\wbSsZVi.exe
  2⤵
  PID:4468
- C:\Windows\System\TMYmBod.exe
  C:\Windows\System\TMYmBod.exe
  2⤵
  PID:5092
- C:\Windows\System\RhnxFFk.exe
  C:\Windows\System\RhnxFFk.exe
  2⤵
  PID:3792
- C:\Windows\System\KGrufqZ.exe
  C:\Windows\System\KGrufqZ.exe
  2⤵
  PID:2612
- C:\Windows\System\IxPAfyS.exe
  C:\Windows\System\IxPAfyS.exe
  2⤵
  PID:4568
- C:\Windows\System\UPxXUja.exe
  C:\Windows\System\UPxXUja.exe
  2⤵
  PID:4320
- C:\Windows\System\wWwDfIx.exe
  C:\Windows\System\wWwDfIx.exe
  2⤵
  PID:4996
- C:\Windows\System\zkZiKel.exe
  C:\Windows\System\zkZiKel.exe
  2⤵
  PID:4404
- C:\Windows\System\PCAvkYr.exe
  C:\Windows\System\PCAvkYr.exe
  2⤵
  PID:5136
- C:\Windows\System\zQYkMol.exe
  C:\Windows\System\zQYkMol.exe
  2⤵
  PID:5156
- C:\Windows\System\qoKBAbK.exe
  C:\Windows\System\qoKBAbK.exe
  2⤵
  PID:5176
- C:\Windows\System\ZOfxlNW.exe
  C:\Windows\System\ZOfxlNW.exe
  2⤵
  PID:5196
- C:\Windows\System\uARrvEE.exe
  C:\Windows\System\uARrvEE.exe
  2⤵
  PID:5216
- C:\Windows\System\CgjTSkQ.exe
  C:\Windows\System\CgjTSkQ.exe
  2⤵
  PID:5236
- C:\Windows\System\BCIepFd.exe
  C:\Windows\System\BCIepFd.exe
  2⤵
  PID:5256
- C:\Windows\System\GcbLMsz.exe
  C:\Windows\System\GcbLMsz.exe
  2⤵
  PID:5276
- C:\Windows\System\raJjLQf.exe
  C:\Windows\System\raJjLQf.exe
  2⤵
  PID:5296
- C:\Windows\System\ownMSTb.exe
  C:\Windows\System\ownMSTb.exe
  2⤵
  PID:5316
- C:\Windows\System\pGqKnMA.exe
  C:\Windows\System\pGqKnMA.exe
  2⤵
  PID:5336
- C:\Windows\System\AuRwyCl.exe
  C:\Windows\System\AuRwyCl.exe
  2⤵
  PID:5356
- C:\Windows\System\YZIkADW.exe
  C:\Windows\System\YZIkADW.exe
  2⤵
  PID:5376
- C:\Windows\System\bAHPyow.exe
  C:\Windows\System\bAHPyow.exe
  2⤵
  PID:5396
- C:\Windows\System\GAWRTzE.exe
  C:\Windows\System\GAWRTzE.exe
  2⤵
  PID:5416
- C:\Windows\System\xfgOYKC.exe
  C:\Windows\System\xfgOYKC.exe
  2⤵
  PID:5436
- C:\Windows\System\DBburzS.exe
  C:\Windows\System\DBburzS.exe
  2⤵
  PID:5456
- C:\Windows\System\ANexcIw.exe
  C:\Windows\System\ANexcIw.exe
  2⤵
  PID:5476
- C:\Windows\System\lyffrcJ.exe
  C:\Windows\System\lyffrcJ.exe
  2⤵
  PID:5496
- C:\Windows\System\fjusARY.exe
  C:\Windows\System\fjusARY.exe
  2⤵
  PID:5516
- C:\Windows\System\mkrHwrR.exe
  C:\Windows\System\mkrHwrR.exe
  2⤵
  PID:5536
- C:\Windows\System\VMWDhGo.exe
  C:\Windows\System\VMWDhGo.exe
  2⤵
  PID:5556
- C:\Windows\System\SVFQRZw.exe
  C:\Windows\System\SVFQRZw.exe
  2⤵
  PID:5576
- C:\Windows\System\RjdsRfW.exe
  C:\Windows\System\RjdsRfW.exe
  2⤵
  PID:5596
- C:\Windows\System\vsRMyfs.exe
  C:\Windows\System\vsRMyfs.exe
  2⤵
  PID:5616
- C:\Windows\System\EFOgohD.exe
  C:\Windows\System\EFOgohD.exe
  2⤵
  PID:5636
- C:\Windows\System\yyBAkxu.exe
  C:\Windows\System\yyBAkxu.exe
  2⤵
  PID:5656
- C:\Windows\System\LlGHxXt.exe
  C:\Windows\System\LlGHxXt.exe
  2⤵
  PID:5676
- C:\Windows\System\ELejXQm.exe
  C:\Windows\System\ELejXQm.exe
  2⤵
  PID:5696
- C:\Windows\System\PDbofMl.exe
  C:\Windows\System\PDbofMl.exe
  2⤵
  PID:5716
- C:\Windows\System\ROvBMAH.exe
  C:\Windows\System\ROvBMAH.exe
  2⤵
  PID:5736
- C:\Windows\System\ASIjkWi.exe
  C:\Windows\System\ASIjkWi.exe
  2⤵
  PID:5756
- C:\Windows\System\VVxeiUt.exe
  C:\Windows\System\VVxeiUt.exe
  2⤵
  PID:5776
- C:\Windows\System\BUGZQjg.exe
  C:\Windows\System\BUGZQjg.exe
  2⤵
  PID:5796
- C:\Windows\System\AStTFVC.exe
  C:\Windows\System\AStTFVC.exe
  2⤵
  PID:5816
- C:\Windows\System\sFZnKMC.exe
  C:\Windows\System\sFZnKMC.exe
  2⤵
  PID:5836
- C:\Windows\System\sLuKsfi.exe
  C:\Windows\System\sLuKsfi.exe
  2⤵
  PID:5856
- C:\Windows\System\zldWNPx.exe
  C:\Windows\System\zldWNPx.exe
  2⤵
  PID:5872
- C:\Windows\System\xANeIWX.exe
  C:\Windows\System\xANeIWX.exe
  2⤵
  PID:5896
- C:\Windows\System\duBtrfZ.exe
  C:\Windows\System\duBtrfZ.exe
  2⤵
  PID:5916
- C:\Windows\System\rulYAte.exe
  C:\Windows\System\rulYAte.exe
  2⤵
  PID:5940
- C:\Windows\System\tWsnkPF.exe
  C:\Windows\System\tWsnkPF.exe
  2⤵
  PID:5960
- C:\Windows\System\tCQibYS.exe
  C:\Windows\System\tCQibYS.exe
  2⤵
  PID:5980
- C:\Windows\System\uqiEnVL.exe
  C:\Windows\System\uqiEnVL.exe
  2⤵
  PID:6000
- C:\Windows\System\PCsvVDb.exe
  C:\Windows\System\PCsvVDb.exe
  2⤵
  PID:6020
- C:\Windows\System\BgRjOiv.exe
  C:\Windows\System\BgRjOiv.exe
  2⤵
  PID:6040
- C:\Windows\System\KwMrNRc.exe
  C:\Windows\System\KwMrNRc.exe
  2⤵
  PID:6060
- C:\Windows\System\gRAMPpx.exe
  C:\Windows\System\gRAMPpx.exe
  2⤵
  PID:6080
- C:\Windows\System\wWXhhak.exe
  C:\Windows\System\wWXhhak.exe
  2⤵
  PID:6100
- C:\Windows\System\MBUCDki.exe
  C:\Windows\System\MBUCDki.exe
  2⤵
  PID:6120
- C:\Windows\System\adaktoG.exe
  C:\Windows\System\adaktoG.exe
  2⤵
  PID:6140
- C:\Windows\System\GUttYKa.exe
  C:\Windows\System\GUttYKa.exe
  2⤵
  PID:4784
- C:\Windows\System\KwBAasZ.exe
  C:\Windows\System\KwBAasZ.exe
  2⤵
  PID:4512
- C:\Windows\System\gGBBrbH.exe
  C:\Windows\System\gGBBrbH.exe
  2⤵
  PID:4660
- C:\Windows\System\TWqZzHL.exe
  C:\Windows\System\TWqZzHL.exe
  2⤵
  PID:3332
- C:\Windows\System\ABaLKQe.exe
  C:\Windows\System\ABaLKQe.exe
  2⤵
  PID:5068
- C:\Windows\System\WVRkovg.exe
  C:\Windows\System\WVRkovg.exe
  2⤵
  PID:3860
- C:\Windows\System\HesNyFt.exe
  C:\Windows\System\HesNyFt.exe
  2⤵
  PID:1968
- C:\Windows\System\eVstSeF.exe
  C:\Windows\System\eVstSeF.exe
  2⤵
  PID:4544
- C:\Windows\System\qoMAJjk.exe
  C:\Windows\System\qoMAJjk.exe
  2⤵
  PID:5152
- C:\Windows\System\xejYgzE.exe
  C:\Windows\System\xejYgzE.exe
  2⤵
  PID:5204
- C:\Windows\System\xEVzNJA.exe
  C:\Windows\System\xEVzNJA.exe
  2⤵
  PID:5244
- C:\Windows\System\hDjXosm.exe
  C:\Windows\System\hDjXosm.exe
  2⤵
  PID:5284
- C:\Windows\System\YUstTfp.exe
  C:\Windows\System\YUstTfp.exe
  2⤵
  PID:5288
- C:\Windows\System\PmbZAJR.exe
  C:\Windows\System\PmbZAJR.exe
  2⤵
  PID:5308
- C:\Windows\System\DUNoEVz.exe
  C:\Windows\System\DUNoEVz.exe
  2⤵
  PID:5364
- C:\Windows\System\yYJJeEw.exe
  C:\Windows\System\yYJJeEw.exe
  2⤵
  PID:5412
- C:\Windows\System\bQIEfMs.exe
  C:\Windows\System\bQIEfMs.exe
  2⤵
  PID:5444
- C:\Windows\System\OgIkyxu.exe
  C:\Windows\System\OgIkyxu.exe
  2⤵
  PID:5432
- C:\Windows\System\kBXfPzb.exe
  C:\Windows\System\kBXfPzb.exe
  2⤵
  PID:5468
- C:\Windows\System\seKDeGs.exe
  C:\Windows\System\seKDeGs.exe
  2⤵
  PID:5524
- C:\Windows\System\GjAMxVC.exe
  C:\Windows\System\GjAMxVC.exe
  2⤵
  PID:5564
- C:\Windows\System\sbcKuaR.exe
  C:\Windows\System\sbcKuaR.exe
  2⤵
  PID:5568
- C:\Windows\System\vLkIfUs.exe
  C:\Windows\System\vLkIfUs.exe
  2⤵
  PID:5592
- C:\Windows\System\qaJGVHf.exe
  C:\Windows\System\qaJGVHf.exe
  2⤵
  PID:5628
- C:\Windows\System\JYrTZZd.exe
  C:\Windows\System\JYrTZZd.exe
  2⤵
  PID:5684
- C:\Windows\System\cfoeNEB.exe
  C:\Windows\System\cfoeNEB.exe
  2⤵
  PID:5704
- C:\Windows\System\jMofiuQ.exe
  C:\Windows\System\jMofiuQ.exe
  2⤵
  PID:5728
- C:\Windows\System\mGjXEfC.exe
  C:\Windows\System\mGjXEfC.exe
  2⤵
  PID:5752
- C:\Windows\System\JHfRsVP.exe
  C:\Windows\System\JHfRsVP.exe
  2⤵
  PID:5792
- C:\Windows\System\FHFGFcs.exe
  C:\Windows\System\FHFGFcs.exe
  2⤵
  PID:5848
- C:\Windows\System\ZblXNJk.exe
  C:\Windows\System\ZblXNJk.exe
  2⤵
  PID:5888
- C:\Windows\System\SWkEOAz.exe
  C:\Windows\System\SWkEOAz.exe
  2⤵
  PID:5904
- C:\Windows\System\MTzxyYT.exe
  C:\Windows\System\MTzxyYT.exe
  2⤵
  PID:5928
- C:\Windows\System\MbWIVvr.exe
  C:\Windows\System\MbWIVvr.exe
  2⤵
  PID:5956
- C:\Windows\System\YEHUOCB.exe
  C:\Windows\System\YEHUOCB.exe
  2⤵
  PID:5996
- C:\Windows\System\pTtMjSG.exe
  C:\Windows\System\pTtMjSG.exe
  2⤵
  PID:6056
- C:\Windows\System\SSKoEaA.exe
  C:\Windows\System\SSKoEaA.exe
  2⤵
  PID:3036
- C:\Windows\System\ZhODzIu.exe
  C:\Windows\System\ZhODzIu.exe
  2⤵
  PID:6092
- C:\Windows\System\pzWrbDk.exe
  C:\Windows\System\pzWrbDk.exe
  2⤵
  PID:6136
- C:\Windows\System\NHbGMDt.exe
  C:\Windows\System\NHbGMDt.exe
  2⤵
  PID:2352
- C:\Windows\System\bQwDzfF.exe
  C:\Windows\System\bQwDzfF.exe
  2⤵
  PID:4960
- C:\Windows\System\yzmgGOc.exe
  C:\Windows\System\yzmgGOc.exe
  2⤵
  PID:5116
- C:\Windows\System\trqQGdz.exe
  C:\Windows\System\trqQGdz.exe
  2⤵
  PID:4292
- C:\Windows\System\frTFYuN.exe
  C:\Windows\System\frTFYuN.exe
  2⤵
  PID:4612
- C:\Windows\System\hzBVKuZ.exe
  C:\Windows\System\hzBVKuZ.exe
  2⤵
  PID:5192
- C:\Windows\System\PWJKVrt.exe
  C:\Windows\System\PWJKVrt.exe
  2⤵
  PID:5188
- C:\Windows\System\UGSHoaA.exe
  C:\Windows\System\UGSHoaA.exe
  2⤵
  PID:5268
- C:\Windows\System\dNyGgmk.exe
  C:\Windows\System\dNyGgmk.exe
  2⤵
  PID:5344
- C:\Windows\System\HKkxBKE.exe
  C:\Windows\System\HKkxBKE.exe
  2⤵
  PID:5384
- C:\Windows\System\XpwajfL.exe
  C:\Windows\System\XpwajfL.exe
  2⤵
  PID:5388
- C:\Windows\System\ADSMVYq.exe
  C:\Windows\System\ADSMVYq.exe
  2⤵
  PID:5484
- C:\Windows\System\DmMyxqV.exe
  C:\Windows\System\DmMyxqV.exe
  2⤵
  PID:5528
- C:\Windows\System\JpnqqBY.exe
  C:\Windows\System\JpnqqBY.exe
  2⤵
  PID:5644
- C:\Windows\System\wKLdcDo.exe
  C:\Windows\System\wKLdcDo.exe
  2⤵
  PID:5632
- C:\Windows\System\qNSMAdL.exe
  C:\Windows\System\qNSMAdL.exe
  2⤵
  PID:5672
- C:\Windows\System\pykwgwq.exe
  C:\Windows\System\pykwgwq.exe
  2⤵
  PID:5768
- C:\Windows\System\aYAcyHB.exe
  C:\Windows\System\aYAcyHB.exe
  2⤵
  PID:5804
- C:\Windows\System\NHdxYsD.exe
  C:\Windows\System\NHdxYsD.exe
  2⤵
  PID:5824
- C:\Windows\System\ODQOMdH.exe
  C:\Windows\System\ODQOMdH.exe
  2⤵
  PID:5864
- C:\Windows\System\AZcNkWL.exe
  C:\Windows\System\AZcNkWL.exe
  2⤵
  PID:5968
- C:\Windows\System\TfRSMjU.exe
  C:\Windows\System\TfRSMjU.exe
  2⤵
  PID:6016
- C:\Windows\System\IByHrhI.exe
  C:\Windows\System\IByHrhI.exe
  2⤵
  PID:6032
- C:\Windows\System\IdtjtUh.exe
  C:\Windows\System\IdtjtUh.exe
  2⤵
  PID:6088
- C:\Windows\System\UgKduAP.exe
  C:\Windows\System\UgKduAP.exe
  2⤵
  PID:6112
- C:\Windows\System\UIIvDOh.exe
  C:\Windows\System\UIIvDOh.exe
  2⤵
  PID:2672
- C:\Windows\System\otqALzq.exe
  C:\Windows\System\otqALzq.exe
  2⤵
  PID:5132
- C:\Windows\System\drrrzJu.exe
  C:\Windows\System\drrrzJu.exe
  2⤵
  PID:5164
- C:\Windows\System\lyknNTb.exe
  C:\Windows\System\lyknNTb.exe
  2⤵
  PID:5224
- C:\Windows\System\qUDEjMh.exe
  C:\Windows\System\qUDEjMh.exe
  2⤵
  PID:5312
- C:\Windows\System\YNxCikl.exe
  C:\Windows\System\YNxCikl.exe
  2⤵
  PID:5424
- C:\Windows\System\RMgegEH.exe
  C:\Windows\System\RMgegEH.exe
  2⤵
  PID:2332
- C:\Windows\System\zsulimu.exe
  C:\Windows\System\zsulimu.exe
  2⤵
  PID:5552
- C:\Windows\System\oEOOaVC.exe
  C:\Windows\System\oEOOaVC.exe
  2⤵
  PID:5648
- C:\Windows\System\JXmalKz.exe
  C:\Windows\System\JXmalKz.exe
  2⤵
  PID:5708
- C:\Windows\System\TbvnpSa.exe
  C:\Windows\System\TbvnpSa.exe
  2⤵
  PID:5812
- C:\Windows\System\ELzQSWM.exe
  C:\Windows\System\ELzQSWM.exe
  2⤵
  PID:5884
- C:\Windows\System\xMGNtBD.exe
  C:\Windows\System\xMGNtBD.exe
  2⤵
  PID:6008
- C:\Windows\System\rVUiiuz.exe
  C:\Windows\System\rVUiiuz.exe
  2⤵
  PID:6128
- C:\Windows\System\RtDExTq.exe
  C:\Windows\System\RtDExTq.exe
  2⤵
  PID:6160
- C:\Windows\System\TxZbHmO.exe
  C:\Windows\System\TxZbHmO.exe
  2⤵
  PID:6180
- C:\Windows\System\KAieAbL.exe
  C:\Windows\System\KAieAbL.exe
  2⤵
  PID:6200
- C:\Windows\System\tbUmklN.exe
  C:\Windows\System\tbUmklN.exe
  2⤵
  PID:6220
- C:\Windows\System\voFHuaJ.exe
  C:\Windows\System\voFHuaJ.exe
  2⤵
  PID:6240
- C:\Windows\System\BmQyUlE.exe
  C:\Windows\System\BmQyUlE.exe
  2⤵
  PID:6260
- C:\Windows\System\PDhlzQG.exe
  C:\Windows\System\PDhlzQG.exe
  2⤵
  PID:6280
- C:\Windows\System\WyhHUFX.exe
  C:\Windows\System\WyhHUFX.exe
  2⤵
  PID:6300
- C:\Windows\System\RSpeBST.exe
  C:\Windows\System\RSpeBST.exe
  2⤵
  PID:6324
- C:\Windows\System\ovJZBRF.exe
  C:\Windows\System\ovJZBRF.exe
  2⤵
  PID:6340
- C:\Windows\System\qUigqlx.exe
  C:\Windows\System\qUigqlx.exe
  2⤵
  PID:6360
- C:\Windows\System\wAhNvrq.exe
  C:\Windows\System\wAhNvrq.exe
  2⤵
  PID:6376
- C:\Windows\System\AlOVChP.exe
  C:\Windows\System\AlOVChP.exe
  2⤵
  PID:6400
- C:\Windows\System\eDLNGde.exe
  C:\Windows\System\eDLNGde.exe
  2⤵
  PID:6416
- C:\Windows\System\cDxStHp.exe
  C:\Windows\System\cDxStHp.exe
  2⤵
  PID:6432
- C:\Windows\System\TIVpipu.exe
  C:\Windows\System\TIVpipu.exe
  2⤵
  PID:6452
- C:\Windows\System\kSwmrsZ.exe
  C:\Windows\System\kSwmrsZ.exe
  2⤵
  PID:6476
- C:\Windows\System\YUvHdIw.exe
  C:\Windows\System\YUvHdIw.exe
  2⤵
  PID:6492
- C:\Windows\System\SGpmOIP.exe
  C:\Windows\System\SGpmOIP.exe
  2⤵
  PID:6516
- C:\Windows\System\SWxznJD.exe
  C:\Windows\System\SWxznJD.exe
  2⤵
  PID:6532
- C:\Windows\System\vTizubB.exe
  C:\Windows\System\vTizubB.exe
  2⤵
  PID:6552
- C:\Windows\System\TZFxBaZ.exe
  C:\Windows\System\TZFxBaZ.exe
  2⤵
  PID:6572
- C:\Windows\System\OMRxoPo.exe
  C:\Windows\System\OMRxoPo.exe
  2⤵
  PID:6596
- C:\Windows\System\shypumf.exe
  C:\Windows\System\shypumf.exe
  2⤵
  PID:6616
- C:\Windows\System\sSOUrjC.exe
  C:\Windows\System\sSOUrjC.exe
  2⤵
  PID:6636
- C:\Windows\System\ZLyCrmf.exe
  C:\Windows\System\ZLyCrmf.exe
  2⤵
  PID:6656
- C:\Windows\System\iJnWDyN.exe
  C:\Windows\System\iJnWDyN.exe
  2⤵
  PID:6676
- C:\Windows\System\TIZWmHs.exe
  C:\Windows\System\TIZWmHs.exe
  2⤵
  PID:6692
- C:\Windows\System\rdOrXTG.exe
  C:\Windows\System\rdOrXTG.exe
  2⤵
  PID:6708
- C:\Windows\System\wQyDMVs.exe
  C:\Windows\System\wQyDMVs.exe
  2⤵
  PID:6740
- C:\Windows\System\ENlXYku.exe
  C:\Windows\System\ENlXYku.exe
  2⤵
  PID:6756
- C:\Windows\System\uSfRePd.exe
  C:\Windows\System\uSfRePd.exe
  2⤵
  PID:6776
- C:\Windows\System\CBRXhEm.exe
  C:\Windows\System\CBRXhEm.exe
  2⤵
  PID:6800
- C:\Windows\System\BSBBybm.exe
  C:\Windows\System\BSBBybm.exe
  2⤵
  PID:6820
- C:\Windows\System\KVJqDZP.exe
  C:\Windows\System\KVJqDZP.exe
  2⤵
  PID:6836
- C:\Windows\System\BGUniuF.exe
  C:\Windows\System\BGUniuF.exe
  2⤵
  PID:6852
- C:\Windows\System\yvYVngC.exe
  C:\Windows\System\yvYVngC.exe
  2⤵
  PID:6868
- C:\Windows\System\DYUfDMR.exe
  C:\Windows\System\DYUfDMR.exe
  2⤵
  PID:6884
- C:\Windows\System\gMjomGh.exe
  C:\Windows\System\gMjomGh.exe
  2⤵
  PID:6904
- C:\Windows\System\WIjijGe.exe
  C:\Windows\System\WIjijGe.exe
  2⤵
  PID:6920
- C:\Windows\System\xsOOAUH.exe
  C:\Windows\System\xsOOAUH.exe
  2⤵
  PID:6956
- C:\Windows\System\BZBYMtK.exe
  C:\Windows\System\BZBYMtK.exe
  2⤵
  PID:6972
- C:\Windows\System\apJPnUH.exe
  C:\Windows\System\apJPnUH.exe
  2⤵
  PID:6988
- C:\Windows\System\ZNZcMMJ.exe
  C:\Windows\System\ZNZcMMJ.exe
  2⤵
  PID:7004
- C:\Windows\System\vHFMUbO.exe
  C:\Windows\System\vHFMUbO.exe
  2⤵
  PID:7020
- C:\Windows\System\sbEcwNf.exe
  C:\Windows\System\sbEcwNf.exe
  2⤵
  PID:7040
- C:\Windows\System\mpZthop.exe
  C:\Windows\System\mpZthop.exe
  2⤵
  PID:7064
- C:\Windows\System\szjLHYL.exe
  C:\Windows\System\szjLHYL.exe
  2⤵
  PID:7080
- C:\Windows\System\mqmYzWF.exe
  C:\Windows\System\mqmYzWF.exe
  2⤵
  PID:7096
- C:\Windows\System\aWDMqAM.exe
  C:\Windows\System\aWDMqAM.exe
  2⤵
  PID:7116
- C:\Windows\System\adWjkuc.exe
  C:\Windows\System\adWjkuc.exe
  2⤵
  PID:7132
- C:\Windows\System\pffVJEc.exe
  C:\Windows\System\pffVJEc.exe
  2⤵
  PID:7152
- C:\Windows\System\LjrAvow.exe
  C:\Windows\System\LjrAvow.exe
  2⤵
  PID:2556
- C:\Windows\System\OStCYSN.exe
  C:\Windows\System\OStCYSN.exe
  2⤵
  PID:4672
- C:\Windows\System\yiGpJul.exe
  C:\Windows\System\yiGpJul.exe
  2⤵
  PID:5232
- C:\Windows\System\TQzsHKC.exe
  C:\Windows\System\TQzsHKC.exe
  2⤵
  PID:5448
- C:\Windows\System\uPcbGpG.exe
  C:\Windows\System\uPcbGpG.exe
  2⤵
  PID:5544
- C:\Windows\System\qoznUTO.exe
  C:\Windows\System\qoznUTO.exe
  2⤵
  PID:5464
- C:\Windows\System\WDWbauf.exe
  C:\Windows\System\WDWbauf.exe
  2⤵
  PID:916
- C:\Windows\System\zbxEHwA.exe
  C:\Windows\System\zbxEHwA.exe
  2⤵
  PID:2552
- C:\Windows\System\ZEOpfMI.exe
  C:\Windows\System\ZEOpfMI.exe
  2⤵
  PID:5868
- C:\Windows\System\noOHcfw.exe
  C:\Windows\System\noOHcfw.exe
  2⤵
  PID:6168
- C:\Windows\System\TsBPPry.exe
  C:\Windows\System\TsBPPry.exe
  2⤵
  PID:6208
- C:\Windows\System\UGqmjws.exe
  C:\Windows\System\UGqmjws.exe
  2⤵
  PID:6256
- C:\Windows\System\nVoGeYr.exe
  C:\Windows\System\nVoGeYr.exe
  2⤵
  PID:6152
- C:\Windows\System\kRDCCnQ.exe
  C:\Windows\System\kRDCCnQ.exe
  2⤵
  PID:6336
- C:\Windows\System\FyOHziA.exe
  C:\Windows\System\FyOHziA.exe
  2⤵
  PID:6236
- C:\Windows\System\GzyREqK.exe
  C:\Windows\System\GzyREqK.exe
  2⤵
  PID:6484
- C:\Windows\System\XVomoMo.exe
  C:\Windows\System\XVomoMo.exe
  2⤵
  PID:6308
- C:\Windows\System\hapqSWb.exe
  C:\Windows\System\hapqSWb.exe
  2⤵
  PID:6488
- C:\Windows\System\YmOYRiY.exe
  C:\Windows\System\YmOYRiY.exe
  2⤵
  PID:6564
- C:\Windows\System\QHPbkvp.exe
  C:\Windows\System\QHPbkvp.exe
  2⤵
  PID:6604
- C:\Windows\System\dtCQEno.exe
  C:\Windows\System\dtCQEno.exe
  2⤵
  PID:6388
- C:\Windows\System\nDDUcQj.exe
  C:\Windows\System\nDDUcQj.exe
  2⤵
  PID:6424
- C:\Windows\System\YZshPYt.exe
  C:\Windows\System\YZshPYt.exe
  2⤵
  PID:6684
- C:\Windows\System\SmtAJQY.exe
  C:\Windows\System\SmtAJQY.exe
  2⤵
  PID:2828
- C:\Windows\System\qlNmkXa.exe
  C:\Windows\System\qlNmkXa.exe
  2⤵
  PID:6460
- C:\Windows\System\UFTtkZP.exe
  C:\Windows\System\UFTtkZP.exe
  2⤵
  PID:6716
- C:\Windows\System\JvMHjeV.exe
  C:\Windows\System\JvMHjeV.exe
  2⤵
  PID:6728
- C:\Windows\System\WibfxzP.exe
  C:\Windows\System\WibfxzP.exe
  2⤵
  PID:6764
- C:\Windows\System\KUPKNJN.exe
  C:\Windows\System\KUPKNJN.exe
  2⤵
  PID:6748
- C:\Windows\System\SNXyeQM.exe
  C:\Windows\System\SNXyeQM.exe
  2⤵
  PID:6784
- C:\Windows\System\pveKpkZ.exe
  C:\Windows\System\pveKpkZ.exe
  2⤵
  PID:6828
- C:\Windows\System\Oekvaxc.exe
  C:\Windows\System\Oekvaxc.exe
  2⤵
  PID:6932
- C:\Windows\System\vXnehcN.exe
  C:\Windows\System\vXnehcN.exe
  2⤵
  PID:6952
- C:\Windows\System\nPcPljF.exe
  C:\Windows\System\nPcPljF.exe
  2⤵
  PID:7060
- C:\Windows\System\oOZLcmV.exe
  C:\Windows\System\oOZLcmV.exe
  2⤵
  PID:7128
- C:\Windows\System\zGaGoAD.exe
  C:\Windows\System\zGaGoAD.exe
  2⤵
  PID:7048
- C:\Windows\System\aoWaMtb.exe
  C:\Windows\System\aoWaMtb.exe
  2⤵
  PID:5172
- C:\Windows\System\iowmZAN.exe
  C:\Windows\System\iowmZAN.exe
  2⤵
  PID:6848
- C:\Windows\System\rdodOih.exe
  C:\Windows\System\rdodOih.exe
  2⤵
  PID:2772
- C:\Windows\System\fFIReRS.exe
  C:\Windows\System\fFIReRS.exe
  2⤵
  PID:6148
- C:\Windows\System\mRsJyIv.exe
  C:\Windows\System\mRsJyIv.exe
  2⤵
  PID:6288
- C:\Windows\System\odpuUnk.exe
  C:\Windows\System\odpuUnk.exe
  2⤵
  PID:6876
- C:\Windows\System\OsFProk.exe
  C:\Windows\System\OsFProk.exe
  2⤵
  PID:6964
- C:\Windows\System\NFuaviw.exe
  C:\Windows\System\NFuaviw.exe
  2⤵
  PID:7032
- C:\Windows\System\fLHjTbx.exe
  C:\Windows\System\fLHjTbx.exe
  2⤵
  PID:7108
- C:\Windows\System\PAayPII.exe
  C:\Windows\System\PAayPII.exe
  2⤵
  PID:7148
- C:\Windows\System\ZKQDQcg.exe
  C:\Windows\System\ZKQDQcg.exe
  2⤵
  PID:3424
- C:\Windows\System\OEdZJWB.exe
  C:\Windows\System\OEdZJWB.exe
  2⤵
  PID:5880
- C:\Windows\System\YhcOhVS.exe
  C:\Windows\System\YhcOhVS.exe
  2⤵
  PID:6048
- C:\Windows\System\mqrttwa.exe
  C:\Windows\System\mqrttwa.exe
  2⤵
  PID:6248
- C:\Windows\System\eUgoXUM.exe
  C:\Windows\System\eUgoXUM.exe
  2⤵
  PID:6412
- C:\Windows\System\oAIuBII.exe
  C:\Windows\System\oAIuBII.exe
  2⤵
  PID:6232
- C:\Windows\System\qAjpFCY.exe
  C:\Windows\System\qAjpFCY.exe
  2⤵
  PID:6348
- C:\Windows\System\OSHAOBS.exe
  C:\Windows\System\OSHAOBS.exe
  2⤵
  PID:6560
- C:\Windows\System\SkPGWyw.exe
  C:\Windows\System\SkPGWyw.exe
  2⤵
  PID:1672
- C:\Windows\System\gfgNRqA.exe
  C:\Windows\System\gfgNRqA.exe
  2⤵
  PID:2100
- C:\Windows\System\xCjtQmE.exe
  C:\Windows\System\xCjtQmE.exe
  2⤵
  PID:6584
- C:\Windows\System\MxEAhSR.exe
  C:\Windows\System\MxEAhSR.exe
  2⤵
  PID:2620
- C:\Windows\System\OLVpvOY.exe
  C:\Windows\System\OLVpvOY.exe
  2⤵
  PID:6472
- C:\Windows\System\mOaTWIW.exe
  C:\Windows\System\mOaTWIW.exe
  2⤵
  PID:6468
- C:\Windows\System\guHHmuj.exe
  C:\Windows\System\guHHmuj.exe
  2⤵
  PID:6632
- C:\Windows\System\tpuWxsJ.exe
  C:\Windows\System\tpuWxsJ.exe
  2⤵
  PID:2872
- C:\Windows\System\ZpVuJeX.exe
  C:\Windows\System\ZpVuJeX.exe
  2⤵
  PID:1612
- C:\Windows\System\sErTEXE.exe
  C:\Windows\System\sErTEXE.exe
  2⤵
  PID:1656
- C:\Windows\System\ZQNIMvq.exe
  C:\Windows\System\ZQNIMvq.exe
  2⤵
  PID:7012
- C:\Windows\System\KmyjQaB.exe
  C:\Windows\System\KmyjQaB.exe
  2⤵
  PID:2192
- C:\Windows\System\mYWYYST.exe
  C:\Windows\System\mYWYYST.exe
  2⤵
  PID:7164
- C:\Windows\System\rRrduLy.exe
  C:\Windows\System\rRrduLy.exe
  2⤵
  PID:1624
- C:\Windows\System\JdfxdUz.exe
  C:\Windows\System\JdfxdUz.exe
  2⤵
  PID:7028
- C:\Windows\System\RCNVVzx.exe
  C:\Windows\System\RCNVVzx.exe
  2⤵
  PID:5324
- C:\Windows\System\lzfjwkV.exe
  C:\Windows\System\lzfjwkV.exe
  2⤵
  PID:4420
- C:\Windows\System\AYYkWbX.exe
  C:\Windows\System\AYYkWbX.exe
  2⤵
  PID:6944
- C:\Windows\System\sPbHkpe.exe
  C:\Windows\System\sPbHkpe.exe
  2⤵
  PID:7092
- C:\Windows\System\YFkOrWt.exe
  C:\Windows\System\YFkOrWt.exe
  2⤵
  PID:2540
- C:\Windows\System\ZMbdiWH.exe
  C:\Windows\System\ZMbdiWH.exe
  2⤵
  PID:6444
- C:\Windows\System\pRKiOVh.exe
  C:\Windows\System\pRKiOVh.exe
  2⤵
  PID:6648
- C:\Windows\System\fqoRYmV.exe
  C:\Windows\System\fqoRYmV.exe
  2⤵
  PID:4920
- C:\Windows\System\izvzNgZ.exe
  C:\Windows\System\izvzNgZ.exe
  2⤵
  PID:6272
- C:\Windows\System\OOnrBRu.exe
  C:\Windows\System\OOnrBRu.exe
  2⤵
  PID:6580
- C:\Windows\System\iORKnql.exe
  C:\Windows\System\iORKnql.exe
  2⤵
  PID:6612
- C:\Windows\System\bkFcNfB.exe
  C:\Windows\System\bkFcNfB.exe
  2⤵
  PID:6832
- C:\Windows\System\vGiHdZa.exe
  C:\Windows\System\vGiHdZa.exe
  2⤵
  PID:6844
- C:\Windows\System\jdWcYWP.exe
  C:\Windows\System\jdWcYWP.exe
  2⤵
  PID:6916
- C:\Windows\System\TeHPvOK.exe
  C:\Windows\System\TeHPvOK.exe
  2⤵
  PID:5664
- C:\Windows\System\ooiMbVG.exe
  C:\Windows\System\ooiMbVG.exe
  2⤵
  PID:2072
- C:\Windows\System\SpixCOM.exe
  C:\Windows\System\SpixCOM.exe
  2⤵
  PID:6528
- C:\Windows\System\LVzxacc.exe
  C:\Windows\System\LVzxacc.exe
  2⤵
  PID:2876
- C:\Windows\System\uskBvXM.exe
  C:\Windows\System\uskBvXM.exe
  2⤵
  PID:6724
- C:\Windows\System\gHrLgyB.exe
  C:\Windows\System\gHrLgyB.exe
  2⤵
  PID:6508
- C:\Windows\System\AzPSrEK.exe
  C:\Windows\System\AzPSrEK.exe
  2⤵
  PID:6196
- C:\Windows\System\JfiKRsS.exe
  C:\Windows\System\JfiKRsS.exe
  2⤵
  PID:6548
- C:\Windows\System\ujTUTYA.exe
  C:\Windows\System\ujTUTYA.exe
  2⤵
  PID:3016
- C:\Windows\System\jrmHAph.exe
  C:\Windows\System\jrmHAph.exe
  2⤵
  PID:2160
- C:\Windows\System\tPRMWNp.exe
  C:\Windows\System\tPRMWNp.exe
  2⤵
  PID:6176
- C:\Windows\System\UZYlDQU.exe
  C:\Windows\System\UZYlDQU.exe
  2⤵
  PID:7124
- C:\Windows\System\kmuYpTL.exe
  C:\Windows\System\kmuYpTL.exe
  2⤵
  PID:6860
- C:\Windows\System\kKxzChh.exe
  C:\Windows\System\kKxzChh.exe
  2⤵
  PID:6996
- C:\Windows\System\zJrWFDc.exe
  C:\Windows\System\zJrWFDc.exe
  2⤵
  PID:6448
- C:\Windows\System\YFUmxrQ.exe
  C:\Windows\System\YFUmxrQ.exe
  2⤵
  PID:1712
- C:\Windows\System\PqNrYRr.exe
  C:\Windows\System\PqNrYRr.exe
  2⤵
  PID:1932
- C:\Windows\System\HilZdOA.exe
  C:\Windows\System\HilZdOA.exe
  2⤵
  PID:1988
- C:\Windows\System\HwGJVXK.exe
  C:\Windows\System\HwGJVXK.exe
  2⤵
  PID:348
- C:\Windows\System\AqiHcaY.exe
  C:\Windows\System\AqiHcaY.exe
  2⤵
  PID:584
- C:\Windows\System\NqGNfux.exe
  C:\Windows\System\NqGNfux.exe
  2⤵
  PID:1992
- C:\Windows\System\pTYbRyJ.exe
  C:\Windows\System\pTYbRyJ.exe
  2⤵
  PID:1540
- C:\Windows\System\mSMCdvX.exe
  C:\Windows\System\mSMCdvX.exe
  2⤵
  PID:7088
- C:\Windows\System\vStAiPI.exe
  C:\Windows\System\vStAiPI.exe
  2⤵
  PID:2436
- C:\Windows\System\cVvnNSn.exe
  C:\Windows\System\cVvnNSn.exe
  2⤵
  PID:1116
- C:\Windows\System\OyeABhK.exe
  C:\Windows\System\OyeABhK.exe
  2⤵
  PID:4748
- C:\Windows\System\tqgjvSd.exe
  C:\Windows\System\tqgjvSd.exe
  2⤵
  PID:6732
- C:\Windows\System\aGUHHfK.exe
  C:\Windows\System\aGUHHfK.exe
  2⤵
  PID:6072
- C:\Windows\System\BGNEqJS.exe
  C:\Windows\System\BGNEqJS.exe
  2⤵
  PID:2908
- C:\Windows\System\GJKRsem.exe
  C:\Windows\System\GJKRsem.exe
  2⤵
  PID:6228
- C:\Windows\System\cgmhIax.exe
  C:\Windows\System\cgmhIax.exe
  2⤵
  PID:7176
- C:\Windows\System\qDAMAxQ.exe
  C:\Windows\System\qDAMAxQ.exe
  2⤵
  PID:7192
- C:\Windows\System\jaLplDJ.exe
  C:\Windows\System\jaLplDJ.exe
  2⤵
  PID:7208
- C:\Windows\System\nLfdXin.exe
  C:\Windows\System\nLfdXin.exe
  2⤵
  PID:7224
- C:\Windows\System\DpEXjqW.exe
  C:\Windows\System\DpEXjqW.exe
  2⤵
  PID:7240
- C:\Windows\System\vBfvYMJ.exe
  C:\Windows\System\vBfvYMJ.exe
  2⤵
  PID:7256
- C:\Windows\System\Cxgqajd.exe
  C:\Windows\System\Cxgqajd.exe
  2⤵
  PID:7272
- C:\Windows\System\ffbNOoz.exe
  C:\Windows\System\ffbNOoz.exe
  2⤵
  PID:7288
- C:\Windows\System\RLnqGJN.exe
  C:\Windows\System\RLnqGJN.exe
  2⤵
  PID:7304
- C:\Windows\System\WehmZbI.exe
  C:\Windows\System\WehmZbI.exe
  2⤵
  PID:7320
- C:\Windows\System\QMGODrZ.exe
  C:\Windows\System\QMGODrZ.exe
  2⤵
  PID:7336
- C:\Windows\System\zXPadEn.exe
  C:\Windows\System\zXPadEn.exe
  2⤵
  PID:7352
- C:\Windows\System\YnTkOll.exe
  C:\Windows\System\YnTkOll.exe
  2⤵
  PID:7368
- C:\Windows\System\tnqhDSJ.exe
  C:\Windows\System\tnqhDSJ.exe
  2⤵
  PID:7384
- C:\Windows\System\mCrfMIK.exe
  C:\Windows\System\mCrfMIK.exe
  2⤵
  PID:7400
- C:\Windows\System\UQYsFKr.exe
  C:\Windows\System\UQYsFKr.exe
  2⤵
  PID:7416
- C:\Windows\System\xPnpcli.exe
  C:\Windows\System\xPnpcli.exe
  2⤵
  PID:7432
- C:\Windows\System\wrQPUtP.exe
  C:\Windows\System\wrQPUtP.exe
  2⤵
  PID:7448
- C:\Windows\System\vTIMkJu.exe
  C:\Windows\System\vTIMkJu.exe
  2⤵
  PID:7464
- C:\Windows\System\vQSdliW.exe
  C:\Windows\System\vQSdliW.exe
  2⤵
  PID:7480
- C:\Windows\System\YzoVxIU.exe
  C:\Windows\System\YzoVxIU.exe
  2⤵
  PID:7496
- C:\Windows\System\IRbLlKu.exe
  C:\Windows\System\IRbLlKu.exe
  2⤵
  PID:7512
- C:\Windows\System\ryaIdtz.exe
  C:\Windows\System\ryaIdtz.exe
  2⤵
  PID:7532
- C:\Windows\System\wYpkYfT.exe
  C:\Windows\System\wYpkYfT.exe
  2⤵
  PID:7548
- C:\Windows\System\jqfPXaU.exe
  C:\Windows\System\jqfPXaU.exe
  2⤵
  PID:7564
- C:\Windows\System\FwARmzC.exe
  C:\Windows\System\FwARmzC.exe
  2⤵
  PID:7580
- C:\Windows\System\zzIEELC.exe
  C:\Windows\System\zzIEELC.exe
  2⤵
  PID:7596
- C:\Windows\System\dngtHrF.exe
  C:\Windows\System\dngtHrF.exe
  2⤵
  PID:7612
- C:\Windows\System\QfoDxWu.exe
  C:\Windows\System\QfoDxWu.exe
  2⤵
  PID:7632
- C:\Windows\System\ORyGukb.exe
  C:\Windows\System\ORyGukb.exe
  2⤵
  PID:7648
- C:\Windows\System\MKabgsd.exe
  C:\Windows\System\MKabgsd.exe
  2⤵
  PID:7664
- C:\Windows\System\VtPJkOT.exe
  C:\Windows\System\VtPJkOT.exe
  2⤵
  PID:7680
- C:\Windows\System\YLuFknY.exe
  C:\Windows\System\YLuFknY.exe
  2⤵
  PID:7696
- C:\Windows\System\ENahnfd.exe
  C:\Windows\System\ENahnfd.exe
  2⤵
  PID:7712
- C:\Windows\System\yPxNxBr.exe
  C:\Windows\System\yPxNxBr.exe
  2⤵
  PID:7728
- C:\Windows\System\OIedfqm.exe
  C:\Windows\System\OIedfqm.exe
  2⤵
  PID:7744
- C:\Windows\System\CefJWZi.exe
  C:\Windows\System\CefJWZi.exe
  2⤵
  PID:7760
- C:\Windows\System\zvnwXYr.exe
  C:\Windows\System\zvnwXYr.exe
  2⤵
  PID:7776
- C:\Windows\System\xunHHFm.exe
  C:\Windows\System\xunHHFm.exe
  2⤵
  PID:7792
- C:\Windows\System\bvaTwJL.exe
  C:\Windows\System\bvaTwJL.exe
  2⤵
  PID:7808
- C:\Windows\System\vNGkXAW.exe
  C:\Windows\System\vNGkXAW.exe
  2⤵
  PID:7824
- C:\Windows\System\UXzykwB.exe
  C:\Windows\System\UXzykwB.exe
  2⤵
  PID:7840
- C:\Windows\System\WSwMACp.exe
  C:\Windows\System\WSwMACp.exe
  2⤵
  PID:7856
- C:\Windows\System\eKMFAuU.exe
  C:\Windows\System\eKMFAuU.exe
  2⤵
  PID:7872
- C:\Windows\System\JkhtYtY.exe
  C:\Windows\System\JkhtYtY.exe
  2⤵
  PID:7892
- C:\Windows\System\sqbDvwG.exe
  C:\Windows\System\sqbDvwG.exe
  2⤵
  PID:7908
- C:\Windows\System\xmQxFfU.exe
  C:\Windows\System\xmQxFfU.exe
  2⤵
  PID:7924
- C:\Windows\System\RzpQmSk.exe
  C:\Windows\System\RzpQmSk.exe
  2⤵
  PID:7940
- C:\Windows\System\UXVHRRz.exe
  C:\Windows\System\UXVHRRz.exe
  2⤵
  PID:7956
- C:\Windows\System\gTbPHPQ.exe
  C:\Windows\System\gTbPHPQ.exe
  2⤵
  PID:7972
- C:\Windows\System\bcNGkPv.exe
  C:\Windows\System\bcNGkPv.exe
  2⤵
  PID:7988
- C:\Windows\System\mRwFHwk.exe
  C:\Windows\System\mRwFHwk.exe
  2⤵
  PID:8004
- C:\Windows\System\ZRzMASP.exe
  C:\Windows\System\ZRzMASP.exe
  2⤵
  PID:8020
- C:\Windows\System\ZyeLQJT.exe
  C:\Windows\System\ZyeLQJT.exe
  2⤵
  PID:8036
- C:\Windows\System\OLgWsFH.exe
  C:\Windows\System\OLgWsFH.exe
  2⤵
  PID:8052
- C:\Windows\System\JPqLaYG.exe
  C:\Windows\System\JPqLaYG.exe
  2⤵
  PID:8068
- C:\Windows\System\zHSPPFj.exe
  C:\Windows\System\zHSPPFj.exe
  2⤵
  PID:8084
- C:\Windows\System\mwVrGnp.exe
  C:\Windows\System\mwVrGnp.exe
  2⤵
  PID:8100
- C:\Windows\System\xfxnyNy.exe
  C:\Windows\System\xfxnyNy.exe
  2⤵
  PID:8116
- C:\Windows\System\AVQvINx.exe
  C:\Windows\System\AVQvINx.exe
  2⤵
  PID:8132
- C:\Windows\System\sdsbhMi.exe
  C:\Windows\System\sdsbhMi.exe
  2⤵
  PID:8148
- C:\Windows\System\LbqSNmH.exe
  C:\Windows\System\LbqSNmH.exe
  2⤵
  PID:8164
- C:\Windows\System\HwJojiB.exe
  C:\Windows\System\HwJojiB.exe
  2⤵
  PID:8180
- C:\Windows\System\aQxobfh.exe
  C:\Windows\System\aQxobfh.exe
  2⤵
  PID:2184
- C:\Windows\System\EXwJsjN.exe
  C:\Windows\System\EXwJsjN.exe
  2⤵
  PID:7172
- C:\Windows\System\BjXiWEq.exe
  C:\Windows\System\BjXiWEq.exe
  2⤵
  PID:956
- C:\Windows\System\DGzjsqO.exe
  C:\Windows\System\DGzjsqO.exe
  2⤵
  PID:7144
- C:\Windows\System\CHTvRHw.exe
  C:\Windows\System\CHTvRHw.exe
  2⤵
  PID:7236
- C:\Windows\System\xSRNafx.exe
  C:\Windows\System\xSRNafx.exe
  2⤵
  PID:7220
- C:\Windows\System\ZgEcleO.exe
  C:\Windows\System\ZgEcleO.exe
  2⤵
  PID:7264
- C:\Windows\System\XLDRHVL.exe
  C:\Windows\System\XLDRHVL.exe
  2⤵
  PID:7280
- C:\Windows\System\jaxcOTR.exe
  C:\Windows\System\jaxcOTR.exe
  2⤵
  PID:7344
- C:\Windows\System\atCIwva.exe
  C:\Windows\System\atCIwva.exe
  2⤵
  PID:7364
- C:\Windows\System\ggoZFaC.exe
  C:\Windows\System\ggoZFaC.exe
  2⤵
  PID:7360
- C:\Windows\System\CAUTbLc.exe
  C:\Windows\System\CAUTbLc.exe
  2⤵
  PID:7444
- C:\Windows\System\OQHPdpk.exe
  C:\Windows\System\OQHPdpk.exe
  2⤵
  PID:7504
- C:\Windows\System\AvhYhtM.exe
  C:\Windows\System\AvhYhtM.exe
  2⤵
  PID:7392
- C:\Windows\System\ZbwbByD.exe
  C:\Windows\System\ZbwbByD.exe
  2⤵
  PID:7460
- C:\Windows\System\jYrvMEt.exe
  C:\Windows\System\jYrvMEt.exe
  2⤵
  PID:7540
- C:\Windows\System\fCIiwxY.exe
  C:\Windows\System\fCIiwxY.exe
  2⤵
  PID:7528
- C:\Windows\System\KvTYlSp.exe
  C:\Windows\System\KvTYlSp.exe
  2⤵
  PID:7560
- C:\Windows\System\QdbQUNA.exe
  C:\Windows\System\QdbQUNA.exe
  2⤵
  PID:7624
- C:\Windows\System\worfsPG.exe
  C:\Windows\System\worfsPG.exe
  2⤵
  PID:7672
- C:\Windows\System\EudeFFK.exe
  C:\Windows\System\EudeFFK.exe
  2⤵
  PID:7704
- C:\Windows\System\VCmNLZH.exe
  C:\Windows\System\VCmNLZH.exe
  2⤵
  PID:7720
- C:\Windows\System\UaDpZsC.exe
  C:\Windows\System\UaDpZsC.exe
  2⤵
  PID:7736
- C:\Windows\System\lHkSBBB.exe
  C:\Windows\System\lHkSBBB.exe
  2⤵
  PID:400
- C:\Windows\System\sABAqJE.exe
  C:\Windows\System\sABAqJE.exe
  2⤵
  PID:7832
- C:\Windows\System\ZnpQTdF.exe
  C:\Windows\System\ZnpQTdF.exe
  2⤵
  PID:7868
- C:\Windows\System\gtKqvWq.exe
  C:\Windows\System\gtKqvWq.exe
  2⤵
  PID:7816
- C:\Windows\System\eajiNZK.exe
  C:\Windows\System\eajiNZK.exe
  2⤵
  PID:7852
- C:\Windows\System\OcEuyqv.exe
  C:\Windows\System\OcEuyqv.exe
  2⤵
  PID:7936
- C:\Windows\System\LKKKoTT.exe
  C:\Windows\System\LKKKoTT.exe
  2⤵
  PID:8000
- C:\Windows\System\rqrttTE.exe
  C:\Windows\System\rqrttTE.exe
  2⤵
  PID:8064
- C:\Windows\System\VucmxQL.exe
  C:\Windows\System\VucmxQL.exe
  2⤵
  PID:8128
- C:\Windows\System\KlnhCyQ.exe
  C:\Windows\System\KlnhCyQ.exe
  2⤵
  PID:8188
- C:\Windows\System\kDSAsCP.exe
  C:\Windows\System\kDSAsCP.exe
  2⤵
  PID:2400
- C:\Windows\System\xdJfczP.exe
  C:\Windows\System\xdJfczP.exe
  2⤵
  PID:1052
- C:\Windows\System\CzYvpsY.exe
  C:\Windows\System\CzYvpsY.exe
  2⤵
  PID:7332
- C:\Windows\System\aIxHkZY.exe
  C:\Windows\System\aIxHkZY.exe
  2⤵
  PID:7248
- C:\Windows\System\OQmtZga.exe
  C:\Windows\System\OQmtZga.exe
  2⤵
  PID:7984
- C:\Windows\System\rDZKXwy.exe
  C:\Windows\System\rDZKXwy.exe
  2⤵
  PID:8048
- C:\Windows\System\LhKSPsx.exe
  C:\Windows\System\LhKSPsx.exe
  2⤵
  PID:8140
- C:\Windows\System\ygOqREE.exe
  C:\Windows\System\ygOqREE.exe
  2⤵
  PID:2168
- C:\Windows\System\FoBfLes.exe
  C:\Windows\System\FoBfLes.exe
  2⤵
  PID:788
- C:\Windows\System\dIgjjaq.exe
  C:\Windows\System\dIgjjaq.exe
  2⤵
  PID:7252
- C:\Windows\System\frLAHft.exe
  C:\Windows\System\frLAHft.exe
  2⤵
  PID:7440
- C:\Windows\System\UZJoQNM.exe
  C:\Windows\System\UZJoQNM.exe
  2⤵
  PID:7488
- C:\Windows\System\hDKRBmA.exe
  C:\Windows\System\hDKRBmA.exe
  2⤵
  PID:7620
- C:\Windows\System\cOwcmUw.exe
  C:\Windows\System\cOwcmUw.exe
  2⤵
  PID:7752
- C:\Windows\System\JKxoZKC.exe
  C:\Windows\System\JKxoZKC.exe
  2⤵
  PID:7608
- C:\Windows\System\HKGkALz.exe
  C:\Windows\System\HKGkALz.exe
  2⤵
  PID:7692
- C:\Windows\System\ByXQKNN.exe
  C:\Windows\System\ByXQKNN.exe
  2⤵
  PID:2032
- C:\Windows\System\aSJgBsi.exe
  C:\Windows\System\aSJgBsi.exe
  2⤵
  PID:7880
- C:\Windows\System\lkeZSFP.exe
  C:\Windows\System\lkeZSFP.exe
  2⤵
  PID:7932
- C:\Windows\System\YsqiWBV.exe
  C:\Windows\System\YsqiWBV.exe
  2⤵
  PID:8160
- C:\Windows\System\MtpZatg.exe
  C:\Windows\System\MtpZatg.exe
  2⤵
  PID:8012
- C:\Windows\System\APnfTBx.exe
  C:\Windows\System\APnfTBx.exe
  2⤵
  PID:2248
- C:\Windows\System\JYyZnSl.exe
  C:\Windows\System\JYyZnSl.exe
  2⤵
  PID:8108
- C:\Windows\System\umsXRuy.exe
  C:\Windows\System\umsXRuy.exe
  2⤵
  PID:7412
- C:\Windows\System\OQvuShk.exe
  C:\Windows\System\OQvuShk.exe
  2⤵
  PID:7188
- C:\Windows\System\AzMOzFc.exe
  C:\Windows\System\AzMOzFc.exe
  2⤵
  PID:7676
- C:\Windows\System\agZLmJM.exe
  C:\Windows\System\agZLmJM.exe
  2⤵
  PID:7556
- C:\Windows\System\oItTgri.exe
  C:\Windows\System\oItTgri.exe
  2⤵
  PID:2416
- C:\Windows\System\neyOJVe.exe
  C:\Windows\System\neyOJVe.exe
  2⤵
  PID:7524
- C:\Windows\System\gPlMJqD.exe
  C:\Windows\System\gPlMJqD.exe
  2⤵
  PID:7204
- C:\Windows\System\caEqMxC.exe
  C:\Windows\System\caEqMxC.exe
  2⤵
  PID:7916
- C:\Windows\System\iMKyMpA.exe
  C:\Windows\System\iMKyMpA.exe
  2⤵
  PID:1344
- C:\Windows\System\DtWrcFH.exe
  C:\Windows\System\DtWrcFH.exe
  2⤵
  PID:8060
- C:\Windows\System\bbHMQhh.exe
  C:\Windows\System\bbHMQhh.exe
  2⤵
  PID:7592
- C:\Windows\System\jphRZxS.exe
  C:\Windows\System\jphRZxS.exe
  2⤵
  PID:7884
- C:\Windows\System\nzyNUUm.exe
  C:\Windows\System\nzyNUUm.exe
  2⤵
  PID:7804
- C:\Windows\System\QKhOFUD.exe
  C:\Windows\System\QKhOFUD.exe
  2⤵
  PID:8176
- C:\Windows\System\gxjThAS.exe
  C:\Windows\System\gxjThAS.exe
  2⤵
  PID:7396
- C:\Windows\System\ieZUiyf.exe
  C:\Windows\System\ieZUiyf.exe
  2⤵
  PID:8204
- C:\Windows\System\OXRjtiW.exe
  C:\Windows\System\OXRjtiW.exe
  2⤵
  PID:8220
- C:\Windows\System\RABIDmx.exe
  C:\Windows\System\RABIDmx.exe
  2⤵
  PID:8236
- C:\Windows\System\wrDMkfV.exe
  C:\Windows\System\wrDMkfV.exe
  2⤵
  PID:8252
- C:\Windows\System\FOXoFXC.exe
  C:\Windows\System\FOXoFXC.exe
  2⤵
  PID:8268
- C:\Windows\System\HFrtOrr.exe
  C:\Windows\System\HFrtOrr.exe
  2⤵
  PID:8284
- C:\Windows\System\QIVEDig.exe
  C:\Windows\System\QIVEDig.exe
  2⤵
  PID:8300
- C:\Windows\System\eqYLJDw.exe
  C:\Windows\System\eqYLJDw.exe
  2⤵
  PID:8316
- C:\Windows\System\KemBYNS.exe
  C:\Windows\System\KemBYNS.exe
  2⤵
  PID:8332
- C:\Windows\System\DebImop.exe
  C:\Windows\System\DebImop.exe
  2⤵
  PID:8348
- C:\Windows\System\dcPoGJx.exe
  C:\Windows\System\dcPoGJx.exe
  2⤵
  PID:8364
- C:\Windows\System\oYxisMf.exe
  C:\Windows\System\oYxisMf.exe
  2⤵
  PID:8380
- C:\Windows\System\tPXevpF.exe
  C:\Windows\System\tPXevpF.exe
  2⤵
  PID:8396
- C:\Windows\System\XxbjWTg.exe
  C:\Windows\System\XxbjWTg.exe
  2⤵
  PID:8412
- C:\Windows\System\WndQYGq.exe
  C:\Windows\System\WndQYGq.exe
  2⤵
  PID:8428
- C:\Windows\System\RtqqjyC.exe
  C:\Windows\System\RtqqjyC.exe
  2⤵
  PID:8444
- C:\Windows\System\KkSFVrk.exe
  C:\Windows\System\KkSFVrk.exe
  2⤵
  PID:8460
- C:\Windows\System\JtPkDLw.exe
  C:\Windows\System\JtPkDLw.exe
  2⤵
  PID:8476
- C:\Windows\System\KRObcqP.exe
  C:\Windows\System\KRObcqP.exe
  2⤵
  PID:8492
- C:\Windows\System\dJXzwUo.exe
  C:\Windows\System\dJXzwUo.exe
  2⤵
  PID:8508
- C:\Windows\System\VEkCICC.exe
  C:\Windows\System\VEkCICC.exe
  2⤵
  PID:8524
- C:\Windows\System\qdkUGjG.exe
  C:\Windows\System\qdkUGjG.exe
  2⤵
  PID:8540
- C:\Windows\System\faztiRz.exe
  C:\Windows\System\faztiRz.exe
  2⤵
  PID:8556
- C:\Windows\System\NAtPeOw.exe
  C:\Windows\System\NAtPeOw.exe
  2⤵
  PID:8572
- C:\Windows\System\tGNmTSa.exe
  C:\Windows\System\tGNmTSa.exe
  2⤵
  PID:8588
- C:\Windows\System\FyJNWdA.exe
  C:\Windows\System\FyJNWdA.exe
  2⤵
  PID:8604
- C:\Windows\System\ewmgdYw.exe
  C:\Windows\System\ewmgdYw.exe
  2⤵
  PID:8620
- C:\Windows\System\woMeIBA.exe
  C:\Windows\System\woMeIBA.exe
  2⤵
  PID:8636
- C:\Windows\System\vsdwsXA.exe
  C:\Windows\System\vsdwsXA.exe
  2⤵
  PID:8652
- C:\Windows\System\lLISpmT.exe
  C:\Windows\System\lLISpmT.exe
  2⤵
  PID:8668
- C:\Windows\System\Twagizj.exe
  C:\Windows\System\Twagizj.exe
  2⤵
  PID:8684
- C:\Windows\System\kedvSEQ.exe
  C:\Windows\System\kedvSEQ.exe
  2⤵
  PID:8700
- C:\Windows\System\zfUTIWG.exe
  C:\Windows\System\zfUTIWG.exe
  2⤵
  PID:8716
- C:\Windows\System\zxIoubq.exe
  C:\Windows\System\zxIoubq.exe
  2⤵
  PID:8732
- C:\Windows\System\dqbroHY.exe
  C:\Windows\System\dqbroHY.exe
  2⤵
  PID:8748
- C:\Windows\System\VgBlsaw.exe
  C:\Windows\System\VgBlsaw.exe
  2⤵
  PID:8764
- C:\Windows\System\JqTWpxN.exe
  C:\Windows\System\JqTWpxN.exe
  2⤵
  PID:8780
- C:\Windows\System\AwbVZHZ.exe
  C:\Windows\System\AwbVZHZ.exe
  2⤵
  PID:8800
- C:\Windows\System\OgoRRbr.exe
  C:\Windows\System\OgoRRbr.exe
  2⤵
  PID:8816
- C:\Windows\System\JbPdndh.exe
  C:\Windows\System\JbPdndh.exe
  2⤵
  PID:8832
- C:\Windows\System\YaKpCeG.exe
  C:\Windows\System\YaKpCeG.exe
  2⤵
  PID:8848
- C:\Windows\System\ZvdwdZy.exe
  C:\Windows\System\ZvdwdZy.exe
  2⤵
  PID:8864
- C:\Windows\System\gMVTsfc.exe
  C:\Windows\System\gMVTsfc.exe
  2⤵
  PID:8880
- C:\Windows\System\SpbOoke.exe
  C:\Windows\System\SpbOoke.exe
  2⤵
  PID:8896
- C:\Windows\System\aqqGmre.exe
  C:\Windows\System\aqqGmre.exe
  2⤵
  PID:8912
- C:\Windows\System\FKUphfn.exe
  C:\Windows\System\FKUphfn.exe
  2⤵
  PID:8928
- C:\Windows\System\XjpVygB.exe
  C:\Windows\System\XjpVygB.exe
  2⤵
  PID:8944
- C:\Windows\System\TXSiAyb.exe
  C:\Windows\System\TXSiAyb.exe
  2⤵
  PID:8960
- C:\Windows\System\burAVFp.exe
  C:\Windows\System\burAVFp.exe
  2⤵
  PID:8976
- C:\Windows\System\rXxWXwe.exe
  C:\Windows\System\rXxWXwe.exe
  2⤵
  PID:8992
- C:\Windows\System\INBJpjz.exe
  C:\Windows\System\INBJpjz.exe
  2⤵
  PID:9008
- C:\Windows\System\Jduacix.exe
  C:\Windows\System\Jduacix.exe
  2⤵
  PID:9024
- C:\Windows\System\jOfJpty.exe
  C:\Windows\System\jOfJpty.exe
  2⤵
  PID:9040
- C:\Windows\System\gDvLUDk.exe
  C:\Windows\System\gDvLUDk.exe
  2⤵
  PID:9056
- C:\Windows\System\biNEUrC.exe
  C:\Windows\System\biNEUrC.exe
  2⤵
  PID:9072
- C:\Windows\System\fBKlAxb.exe
  C:\Windows\System\fBKlAxb.exe
  2⤵
  PID:9088
- C:\Windows\System\rUfUWGo.exe
  C:\Windows\System\rUfUWGo.exe
  2⤵
  PID:9104
- C:\Windows\System\CHEnAWu.exe
  C:\Windows\System\CHEnAWu.exe
  2⤵
  PID:9120
- C:\Windows\System\VEfyJOe.exe
  C:\Windows\System\VEfyJOe.exe
  2⤵
  PID:9136
- C:\Windows\System\rmScUUW.exe
  C:\Windows\System\rmScUUW.exe
  2⤵
  PID:9152
- C:\Windows\System\MipBZIa.exe
  C:\Windows\System\MipBZIa.exe
  2⤵
  PID:9168
- C:\Windows\System\ACZFjym.exe
  C:\Windows\System\ACZFjym.exe
  2⤵
  PID:9184
- C:\Windows\System\LXKeJZl.exe
  C:\Windows\System\LXKeJZl.exe
  2⤵
  PID:9200
- C:\Windows\System\XoDCnaq.exe
  C:\Windows\System\XoDCnaq.exe
  2⤵
  PID:7904
- C:\Windows\System\rwPxRYd.exe
  C:\Windows\System\rwPxRYd.exe
  2⤵
  PID:7644
- C:\Windows\System\zymIbhf.exe
  C:\Windows\System\zymIbhf.exe
  2⤵
  PID:8248
- C:\Windows\System\HmPhmgN.exe
  C:\Windows\System\HmPhmgN.exe
  2⤵
  PID:8308
- C:\Windows\System\kBOlVOO.exe
  C:\Windows\System\kBOlVOO.exe
  2⤵
  PID:8372
- C:\Windows\System\lCpxLDw.exe
  C:\Windows\System\lCpxLDw.exe
  2⤵
  PID:8196
- C:\Windows\System\nSmoLAH.exe
  C:\Windows\System\nSmoLAH.exe
  2⤵
  PID:8260
- C:\Windows\System\qgbvwHL.exe
  C:\Windows\System\qgbvwHL.exe
  2⤵
  PID:8324
- C:\Windows\System\bWNHIrx.exe
  C:\Windows\System\bWNHIrx.exe
  2⤵
  PID:8392
- C:\Windows\System\fEdQuNt.exe
  C:\Windows\System\fEdQuNt.exe
  2⤵
  PID:8440
- C:\Windows\System\oYXIuAB.exe
  C:\Windows\System\oYXIuAB.exe
  2⤵
  PID:8500
- C:\Windows\System\IkaNQCH.exe
  C:\Windows\System\IkaNQCH.exe
  2⤵
  PID:8504
- C:\Windows\System\mjzxWkQ.exe
  C:\Windows\System\mjzxWkQ.exe
  2⤵
  PID:8564
- C:\Windows\System\zMijpfY.exe
  C:\Windows\System\zMijpfY.exe
  2⤵
  PID:8580
- C:\Windows\System\ZIhGAqT.exe
  C:\Windows\System\ZIhGAqT.exe
  2⤵
  PID:8584
- C:\Windows\System\rKFifHQ.exe
  C:\Windows\System\rKFifHQ.exe
  2⤵
  PID:8660
- C:\Windows\System\uOKnfYe.exe
  C:\Windows\System\uOKnfYe.exe
  2⤵
  PID:8644
- C:\Windows\System\NajFjvJ.exe
  C:\Windows\System\NajFjvJ.exe
  2⤵
  PID:8696
- C:\Windows\System\jJGeWpE.exe
  C:\Windows\System\jJGeWpE.exe
  2⤵
  PID:8756
- C:\Windows\System\BWnrhCH.exe
  C:\Windows\System\BWnrhCH.exe
  2⤵
  PID:8740
- C:\Windows\System\JWrKtIv.exe
  C:\Windows\System\JWrKtIv.exe
  2⤵
  PID:8796
- C:\Windows\System\lPXeeYK.exe
  C:\Windows\System\lPXeeYK.exe
  2⤵
  PID:8860
- C:\Windows\System\NyPMubb.exe
  C:\Windows\System\NyPMubb.exe
  2⤵
  PID:8892
- C:\Windows\System\LRRvTHX.exe
  C:\Windows\System\LRRvTHX.exe
  2⤵
  PID:8812
- C:\Windows\System\EFdzLaM.exe
  C:\Windows\System\EFdzLaM.exe
  2⤵
  PID:8904
- C:\Windows\System\ofefqej.exe
  C:\Windows\System\ofefqej.exe
  2⤵
  PID:8956
- C:\Windows\System\rGkjVgx.exe
  C:\Windows\System\rGkjVgx.exe
  2⤵
  PID:9020
- C:\Windows\System\TdtJWPO.exe
  C:\Windows\System\TdtJWPO.exe
  2⤵
  PID:8936
- C:\Windows\System\xgLLied.exe
  C:\Windows\System\xgLLied.exe
  2⤵
  PID:9036
- C:\Windows\System\oYwgBas.exe
  C:\Windows\System\oYwgBas.exe
  2⤵
  PID:9084
- C:\Windows\System\PTXGCiE.exe
  C:\Windows\System\PTXGCiE.exe
  2⤵
  PID:9176
- C:\Windows\System\RPIVeuX.exe
  C:\Windows\System\RPIVeuX.exe
  2⤵
  PID:9212
- C:\Windows\System\BOOQzEh.exe
  C:\Windows\System\BOOQzEh.exe
  2⤵
  PID:8340
- C:\Windows\System\uFGkxFA.exe
  C:\Windows\System\uFGkxFA.exe
  2⤵
  PID:9100
- C:\Windows\System\PPwNxir.exe
  C:\Windows\System\PPwNxir.exe
  2⤵
  PID:8264
- C:\Windows\System\scZIqCp.exe
  C:\Windows\System\scZIqCp.exe
  2⤵
  PID:8468
- C:\Windows\System\cZOwwEQ.exe
  C:\Windows\System\cZOwwEQ.exe
  2⤵
  PID:8472
- C:\Windows\System\zHZMmrp.exe
  C:\Windows\System\zHZMmrp.exe
  2⤵
  PID:8404
- C:\Windows\System\zTcjbTV.exe
  C:\Windows\System\zTcjbTV.exe
  2⤵
  PID:8280
- C:\Windows\System\PnFvjTi.exe
  C:\Windows\System\PnFvjTi.exe
  2⤵
  PID:8292
- C:\Windows\System\rmPILBK.exe
  C:\Windows\System\rmPILBK.exe
  2⤵
  PID:8724
- C:\Windows\System\tGHKPlD.exe
  C:\Windows\System\tGHKPlD.exe
  2⤵
  PID:8628
- C:\Windows\System\QKuSBKo.exe
  C:\Windows\System\QKuSBKo.exe
  2⤵
  PID:8632
- C:\Windows\System\BfGyvnZ.exe
  C:\Windows\System\BfGyvnZ.exe
  2⤵
  PID:8772
- C:\Windows\System\BklyshH.exe
  C:\Windows\System\BklyshH.exe
  2⤵
  PID:8856
- C:\Windows\System\lWvLVWB.exe
  C:\Windows\System\lWvLVWB.exe
  2⤵
  PID:8876
- C:\Windows\System\kZeYBUb.exe
  C:\Windows\System\kZeYBUb.exe
  2⤵
  PID:9000
- C:\Windows\System\TTOdZzM.exe
  C:\Windows\System\TTOdZzM.exe
  2⤵
  PID:9032
- C:\Windows\System\ORHEcmt.exe
  C:\Windows\System\ORHEcmt.exe
  2⤵
  PID:9148
- C:\Windows\System\gXgxJWH.exe
  C:\Windows\System\gXgxJWH.exe
  2⤵
  PID:9208
- C:\Windows\System\hlrsIqO.exe
  C:\Windows\System\hlrsIqO.exe
  2⤵
  PID:9132
- C:\Windows\System\NPGSxHU.exe
  C:\Windows\System\NPGSxHU.exe
  2⤵
  PID:9160
- C:\Windows\System\gsRAOxf.exe
  C:\Windows\System\gsRAOxf.exe
  2⤵
  PID:8552
- C:\Windows\System\aLriWFn.exe
  C:\Windows\System\aLriWFn.exe
  2⤵
  PID:8612
- C:\Windows\System\puTRwFz.exe
  C:\Windows\System\puTRwFz.exe
  2⤵
  PID:8828
- C:\Windows\System\MjaRqlu.exe
  C:\Windows\System\MjaRqlu.exe
  2⤵
  PID:9016
- C:\Windows\System\xJFxGhX.exe
  C:\Windows\System\xJFxGhX.exe
  2⤵
  PID:8488
- C:\Windows\System\ceGIRpI.exe
  C:\Windows\System\ceGIRpI.exe
  2⤵
  PID:8952
- C:\Windows\System\cwxLurI.exe
  C:\Windows\System\cwxLurI.exe
  2⤵
  PID:8872
- C:\Windows\System\RWIanQQ.exe
  C:\Windows\System\RWIanQQ.exe
  2⤵
  PID:8712
- C:\Windows\System\OeENLNh.exe
  C:\Windows\System\OeENLNh.exe
  2⤵
  PID:9164
- C:\Windows\System\yIiVcAO.exe
  C:\Windows\System\yIiVcAO.exe
  2⤵
  PID:9228
- C:\Windows\System\eejevmQ.exe
  C:\Windows\System\eejevmQ.exe
  2⤵
  PID:9244
- C:\Windows\System\DDtpNin.exe
  C:\Windows\System\DDtpNin.exe
  2⤵
  PID:9260
- C:\Windows\System\KKCcEAi.exe
  C:\Windows\System\KKCcEAi.exe
  2⤵
  PID:9276
- C:\Windows\System\EHpPYdg.exe
  C:\Windows\System\EHpPYdg.exe
  2⤵
  PID:9292
- C:\Windows\System\cXIpcBY.exe
  C:\Windows\System\cXIpcBY.exe
  2⤵
  PID:9308
- C:\Windows\System\LNhOyUI.exe
  C:\Windows\System\LNhOyUI.exe
  2⤵
  PID:9324
- C:\Windows\System\iQsvSjZ.exe
  C:\Windows\System\iQsvSjZ.exe
  2⤵
  PID:9340
- C:\Windows\System\qAfoefd.exe
  C:\Windows\System\qAfoefd.exe
  2⤵
  PID:9356
- C:\Windows\System\lToMlrl.exe
  C:\Windows\System\lToMlrl.exe
  2⤵
  PID:9372
- C:\Windows\System\HGSlEsd.exe
  C:\Windows\System\HGSlEsd.exe
  2⤵
  PID:9388
- C:\Windows\System\tcsupsi.exe
  C:\Windows\System\tcsupsi.exe
  2⤵
  PID:9404
- C:\Windows\System\MvsYoiN.exe
  C:\Windows\System\MvsYoiN.exe
  2⤵
  PID:9420
- C:\Windows\System\mRkElPt.exe
  C:\Windows\System\mRkElPt.exe
  2⤵
  PID:9436
- C:\Windows\System\UFBvXaK.exe
  C:\Windows\System\UFBvXaK.exe
  2⤵
  PID:9452
- C:\Windows\System\mCcxPzK.exe
  C:\Windows\System\mCcxPzK.exe
  2⤵
  PID:9472
- C:\Windows\System\mwZjqyX.exe
  C:\Windows\System\mwZjqyX.exe
  2⤵
  PID:9488
- C:\Windows\System\dryrWEc.exe
  C:\Windows\System\dryrWEc.exe
  2⤵
  PID:9504
- C:\Windows\System\pLrnloG.exe
  C:\Windows\System\pLrnloG.exe
  2⤵
  PID:9520
- C:\Windows\System\UtfXfni.exe
  C:\Windows\System\UtfXfni.exe
  2⤵
  PID:9536
- C:\Windows\System\LfffgxU.exe
  C:\Windows\System\LfffgxU.exe
  2⤵
  PID:9552
- C:\Windows\System\ZfTbIXs.exe
  C:\Windows\System\ZfTbIXs.exe
  2⤵
  PID:9572
- C:\Windows\System\zEwJXvx.exe
  C:\Windows\System\zEwJXvx.exe
  2⤵
  PID:9588
- C:\Windows\System\jbnuDhN.exe
  C:\Windows\System\jbnuDhN.exe
  2⤵
  PID:9604
- C:\Windows\System\GBfZiOJ.exe
  C:\Windows\System\GBfZiOJ.exe
  2⤵
  PID:9624
- C:\Windows\System\OrRUvsB.exe
  C:\Windows\System\OrRUvsB.exe
  2⤵
  PID:9640
- C:\Windows\System\QlUTKdS.exe
  C:\Windows\System\QlUTKdS.exe
  2⤵
  PID:9656
- C:\Windows\System\PQHzmBo.exe
  C:\Windows\System\PQHzmBo.exe
  2⤵
  PID:9672
- C:\Windows\System\VfzVpIK.exe
  C:\Windows\System\VfzVpIK.exe
  2⤵
  PID:9688
- C:\Windows\System\DoFNDwc.exe
  C:\Windows\System\DoFNDwc.exe
  2⤵
  PID:9704
- C:\Windows\System\vNIEkNG.exe
  C:\Windows\System\vNIEkNG.exe
  2⤵
  PID:9720
- C:\Windows\System\dstkwkh.exe
  C:\Windows\System\dstkwkh.exe
  2⤵
  PID:9736
- C:\Windows\System\mKsLRFr.exe
  C:\Windows\System\mKsLRFr.exe
  2⤵
  PID:9752
- C:\Windows\System\DDyrNDW.exe
  C:\Windows\System\DDyrNDW.exe
  2⤵
  PID:9768
- C:\Windows\System\PDIKdNT.exe
  C:\Windows\System\PDIKdNT.exe
  2⤵
  PID:9792
- C:\Windows\System\XYVHEBT.exe
  C:\Windows\System\XYVHEBT.exe
  2⤵
  PID:9808
- C:\Windows\System\cccvLPo.exe
  C:\Windows\System\cccvLPo.exe
  2⤵
  PID:9824
- C:\Windows\System\tzahPtD.exe
  C:\Windows\System\tzahPtD.exe
  2⤵
  PID:9844
- C:\Windows\System\GjfjYvU.exe
  C:\Windows\System\GjfjYvU.exe
  2⤵
  PID:9860
- C:\Windows\System\BWqYKMl.exe
  C:\Windows\System\BWqYKMl.exe
  2⤵
  PID:9876
- C:\Windows\System\lKgtllw.exe
  C:\Windows\System\lKgtllw.exe
  2⤵
  PID:9892
- C:\Windows\System\tegZtJJ.exe
  C:\Windows\System\tegZtJJ.exe
  2⤵
  PID:9908
- C:\Windows\System\WQXlkFg.exe
  C:\Windows\System\WQXlkFg.exe
  2⤵
  PID:9924
- C:\Windows\System\lUdrKWO.exe
  C:\Windows\System\lUdrKWO.exe
  2⤵
  PID:9940
- C:\Windows\System\FWvUOmC.exe
  C:\Windows\System\FWvUOmC.exe
  2⤵
  PID:9956
- C:\Windows\System\MIJvzYS.exe
  C:\Windows\System\MIJvzYS.exe
  2⤵
  PID:9972
- C:\Windows\System\BKnXCqr.exe
  C:\Windows\System\BKnXCqr.exe
  2⤵
  PID:9988
- C:\Windows\System\XHmrEZW.exe
  C:\Windows\System\XHmrEZW.exe
  2⤵
  PID:10004
- C:\Windows\System\gZRjfwr.exe
  C:\Windows\System\gZRjfwr.exe
  2⤵
  PID:10024
- C:\Windows\System\iUPtWXF.exe
  C:\Windows\System\iUPtWXF.exe
  2⤵
  PID:10064
- C:\Windows\System\vJBIiCk.exe
  C:\Windows\System\vJBIiCk.exe
  2⤵
  PID:10080
- C:\Windows\System\OZyCPuS.exe
  C:\Windows\System\OZyCPuS.exe
  2⤵
  PID:10096
- C:\Windows\System\vhhPRJX.exe
  C:\Windows\System\vhhPRJX.exe
  2⤵
  PID:10128
- C:\Windows\System\HmPhHhK.exe
  C:\Windows\System\HmPhHhK.exe
  2⤵
  PID:10144
- C:\Windows\System\oNqcJFK.exe
  C:\Windows\System\oNqcJFK.exe
  2⤵
  PID:10208
- C:\Windows\System\SjfSBKf.exe
  C:\Windows\System\SjfSBKf.exe
  2⤵
  PID:10224
- C:\Windows\System\JGjPSJo.exe
  C:\Windows\System\JGjPSJo.exe
  2⤵
  PID:9396
- C:\Windows\System\WJscaKs.exe
  C:\Windows\System\WJscaKs.exe
  2⤵
  PID:9836
- C:\Windows\System\ZDMxrfR.exe
  C:\Windows\System\ZDMxrfR.exe
  2⤵
  PID:9932
- C:\Windows\System\VzJhOgD.exe
  C:\Windows\System\VzJhOgD.exe
  2⤵
  PID:9984
- C:\Windows\System\FJAIgCR.exe
  C:\Windows\System\FJAIgCR.exe
  2⤵
  PID:10012
- C:\Windows\System\JvSujla.exe
  C:\Windows\System\JvSujla.exe
  2⤵
  PID:10000
- C:\Windows\System\QBhfBpy.exe
  C:\Windows\System\QBhfBpy.exe
  2⤵
  PID:10044
- C:\Windows\System\fiKjEhB.exe
  C:\Windows\System\fiKjEhB.exe
  2⤵
  PID:10060
- C:\Windows\System\YRhIVjp.exe
  C:\Windows\System\YRhIVjp.exe
  2⤵
  PID:10092
- C:\Windows\System\MeecgAD.exe
  C:\Windows\System\MeecgAD.exe
  2⤵
  PID:10120
- C:\Windows\System\YpNgfAF.exe
  C:\Windows\System\YpNgfAF.exe
  2⤵
  PID:10152
- C:\Windows\System\flxdHXp.exe
  C:\Windows\System\flxdHXp.exe
  2⤵
  PID:10164
- C:\Windows\System\PxrukEd.exe
  C:\Windows\System\PxrukEd.exe
  2⤵
  PID:10180
- C:\Windows\System\OHwNHQM.exe
  C:\Windows\System\OHwNHQM.exe
  2⤵
  PID:10196
- C:\Windows\System\eXjtTmH.exe
  C:\Windows\System\eXjtTmH.exe
  2⤵
  PID:10216
- C:\Windows\System\izeOQDB.exe
  C:\Windows\System\izeOQDB.exe
  2⤵
  PID:8456
- C:\Windows\System\jdIONfS.exe
  C:\Windows\System\jdIONfS.exe
  2⤵
  PID:9268
- C:\Windows\System\ycXaLwZ.exe
  C:\Windows\System\ycXaLwZ.exe
  2⤵
  PID:9336
- C:\Windows\System\WjXqmZn.exe
  C:\Windows\System\WjXqmZn.exe
  2⤵
  PID:8356
- C:\Windows\System\UFxRFwC.exe
  C:\Windows\System\UFxRFwC.exe
  2⤵
  PID:9252
- C:\Windows\System\jtiVyKL.exe
  C:\Windows\System\jtiVyKL.exe
  2⤵
  PID:9220
- C:\Windows\System\kLbvTHZ.exe
  C:\Windows\System\kLbvTHZ.exe
  2⤵
  PID:9288
- C:\Windows\System\UKsuWPk.exe
  C:\Windows\System\UKsuWPk.exe
  2⤵
  PID:9432
- C:\Windows\System\xhmvSwS.exe
  C:\Windows\System\xhmvSwS.exe
  2⤵
  PID:9460
- C:\Windows\System\yZrzxgl.exe
  C:\Windows\System\yZrzxgl.exe
  2⤵
  PID:9484
- C:\Windows\System\UukAZwf.exe
  C:\Windows\System\UukAZwf.exe
  2⤵
  PID:9416
- C:\Windows\System\AGPHWmH.exe
  C:\Windows\System\AGPHWmH.exe
  2⤵
  PID:9596
- C:\Windows\System\WOKFpJh.exe
  C:\Windows\System\WOKFpJh.exe
  2⤵
  PID:9664
- C:\Windows\System\sJYNjWM.exe
  C:\Windows\System\sJYNjWM.exe
  2⤵
  PID:9584
- C:\Windows\System\YLSMNyH.exe
  C:\Windows\System\YLSMNyH.exe
  2⤵
  PID:9680
- C:\Windows\System\cyIDiyc.exe
  C:\Windows\System\cyIDiyc.exe
  2⤵
  PID:9776
- C:\Windows\System\JwHAexP.exe
  C:\Windows\System\JwHAexP.exe
  2⤵
  PID:9748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AFeoFtU.exe

Filesize
6.0MB

MD5
d5a779022d054a9d3c13f159590ce261

SHA1
86217cb1f1a5591f21c2cf741181123a37945609

SHA256
8692ce810b3a75e6d68d2678dfad84a1e57482e462094af70f475a4ce61a4df0

SHA512
e32e3685cef76397386962c68729862f8e25cf7b9d8f023b63eb3369266080f3f480e90f63812e64f85b441542546afa5c1a0a64caa7486fcfb89965a063ce49

Download Submit
C:\Windows\system\BmfCWhH.exe

Filesize
6.0MB

MD5
3be9cff35243d9cd306f1e08b7cbb20c

SHA1
a5da15a7ba56533bb707512d17b7dc7e9b95eb99

SHA256
6a110af8c5f2c5b85d1c559c353cb91376ee87cd18694674709054c42fc2402f

SHA512
bc6b3e6841e1c03ad8a8ac298c1d683e5bce23574afd723fe536d4aad34d598d618572746317605fdbcba9cdd6b402b0dfef9da2913221cec619729d6e727f2b

Download Submit
C:\Windows\system\CUtlZbl.exe

Filesize
6.0MB

MD5
b2aab1944155035ff200f5cda2e82269

SHA1
93be2308f59c027039270ce999eacc5b2a5478f0

SHA256
0dc53c4b5e67ad02efe3ec3ffa8e7f461379970ffb399f395636460473fcc60c

SHA512
237315d474f1e7c48c7090473d683d5a92d5b91fae615c1b34c3072369c32fe69c5925a58ea64257a715440d8fc38013deab2aacf2e30cac4804ea5353b62167

Download Submit
C:\Windows\system\DqnPvwT.exe

Filesize
6.0MB

MD5
0e379ca45f8d8da30a41a2a5c6c07e7c

SHA1
6fb458ea500b6289eb5120c691c18889bb673b87

SHA256
6217fc39eff2ef511631d2b38a76ef5e730085fd52790978d2ea417fc8502d89

SHA512
2e67c53bfad78d66b0b311a5eae293bd429eb3dcf5b6b348ec0d1bb311d04378ca3fc8a4c572d887aada11b3fd08f5e8666897cbb524663b02461d1640741c89

Download Submit
C:\Windows\system\EjJwCoD.exe

Filesize
6.0MB

MD5
d08df37017294e4e286dc512a2df0a47

SHA1
f3a1a5fa90c927d587a7ecd637e563c220bfb21d

SHA256
b60671ecc1c64786a66d04bf646d57fe159d88a848feea0a595351ef9765cf59

SHA512
791bd2c2022f76446f00c1a5a2d3791e1826ee93196021fd9f4e3c33c0b4e06b2de47ac1b168ce2e4a86b02f3de6dfbc88f05e7a9426b1a2ab6bbec961630288

Download Submit
C:\Windows\system\FOSOFIK.exe

Filesize
6.0MB

MD5
c6a665977a55de6828cba9c72c87f3b3

SHA1
cd788420d6dd190037c0bb886b5987940cf478ce

SHA256
9233c649ca1477e4d03213988cfa2577502b91b8dae98ed8a6ce49081709772e

SHA512
50822c403b12f2dd53f444cc411b3e5fae1f714ca6bdc24cc1bc268d3ee928e49754321075941bb50e311f634f77ce6d86433eefc7e0afb66523388af290faba

Download Submit
C:\Windows\system\GUYbuRY.exe

Filesize
6.0MB

MD5
ae9b85b3c1fd2a20c9aab532ef925b74

SHA1
fdc5ca6398b7a420edfa4a57d4d4f638b740538b

SHA256
8a09a2c41d8b2e38572fe8c7f644f79dba135855758595306567cd66645416d4

SHA512
a323c8814a97f40d7857c91b0d270c88a5f05fea7762877e077914a8f28ae2c57bceb44c2c05c144aeaab3601ab9b8a671cd28c7c21c3cdc91dde5928a3b991b

Download Submit
C:\Windows\system\IgSNjid.exe

Filesize
6.0MB

MD5
f7bcc9a6e3ec6629a0b1173ea020e678

SHA1
26f28487e960c022f95bb91f9f07f33c7c102c4f

SHA256
06f2c5d5c1a7ec87d61383044e927714bc2826556d733598a0d08e7c7ac64053

SHA512
fb65d521ec69d2ba9232e5eeb7f7af7e60469289423bc22480a34a2b905b5b421425ce8cc4603707afec63530a4006e0eeb40c164129e09cdc433f213fe4f428

Download Submit
C:\Windows\system\KJpqOzB.exe

Filesize
6.0MB

MD5
61725315d456d036cb7200f3617f842d

SHA1
147505f49f485a451fb453b0e207fbcb162d2c8c

SHA256
826dca773d82666eb9b436f6889d46e6975861a502d91eb17899687223b637f3

SHA512
7ce88b6ef5a1dd5cdeef2b23860f5d535654c6c73d4b44e14c047fb2c51aeca07e5762cb7c819984125243e2c08941a657e10b8f39af709be587ed25dabb903c

Download Submit
C:\Windows\system\LIQVIXW.exe

Filesize
6.0MB

MD5
2539b1eadfbd1f123a3afa41740302e4

SHA1
ab05bb5ce82ebd43cd563006fa2e3094ba0ef1b1

SHA256
066654fd79e5088f3c6702fea9dad48f19909dff5d9aafc1b6c4977105a44911

SHA512
4980030251fe9fe0eb95b4c77ee451b79e2aed08430ef494251f35b1c5210198b2e087bcb27fe90286b466a786d7d4ee59e7d1162150dc4e18a77a87fd45d86b

Download Submit
C:\Windows\system\RSUYhJd.exe

Filesize
6.0MB

MD5
e513b6f7be97f92b5073b77a0cb459b0

SHA1
ceabcf5abe38eca077c9aee8215d8da29bbe141a

SHA256
7c6649cfc513c5b16a2236c7e45d231adea97a0a82644a63ce4861a2cc0b72d5

SHA512
d996d3cd94396266e3105de833a5b04f50f92f9468e45de064117350c9092cfec64a960c8d6ad292c961c728bf8e3145420ea683171b01deeb1a903f9887dea3

Download Submit
C:\Windows\system\SzaFbLZ.exe

Filesize
6.0MB

MD5
b7232cbf48d8169aeaf808a32e345ce0

SHA1
e7aece2006747b28bb0f8c763c001665fe99f6d9

SHA256
c7245162f64fc4022624380cd866a67294e9b5c8844bcac62aac5f086055d8a4

SHA512
353e6890d2adba9898032c847b647cee68b97294b6607f814cf6545caed60055fd6a6935dc27e871a3c56e3281254a578e670ecc8a9953187ba863a6d092ef14

Download Submit
C:\Windows\system\TaYCasv.exe

Filesize
6.0MB

MD5
ffbf848ec024d4007a24d1812357e925

SHA1
7d6618b6a175dff64b00375a8d22fb9f0dab7f8a

SHA256
4e7839ac41cd6092e038e1fb6aa104b41531c5e5ca80b356e19cd5503e395898

SHA512
302c2ac86e19a52ae7c4bb9fbbaa54423a12a29593844ff0aee195f5410f4f0b4880e5aba4a86220d77cef5bdc577a781eb68a73e424f803537bd3e900953344

Download Submit
C:\Windows\system\VFGUAdm.exe

Filesize
6.0MB

MD5
65d5badf1685f588a6ed6edba88a6450

SHA1
8ae362094a5940149071c69c7d0488febd9d9829

SHA256
bd4eddae1fbf21299b8bf049289aa63c07dd52d32ca1161af72bcab3520ff7ee

SHA512
579874681d9413bd0bb6a52af932e16892a1bb2ac73d02b7fa61fcda9bb33a5fbc39dc3cf4e271237d27bd5c1d2278c88388bce51c4edc81cdd557a5ba41f9c3

Download Submit
C:\Windows\system\VRCzFHz.exe

Filesize
6.0MB

MD5
5e99321c57304f4d3ac1273782d95982

SHA1
34b01fad732dbf3d431793789401a3ca07fb754d

SHA256
4b615e294887a950762bbf60a758a205b10a7d53079f676b79756f23063181f9

SHA512
c9f54134dae8976ad9bab4257e18ec5e2f8e737092b332c36adfd6e075ef2aca9f1400d9caed1469a772ea8d034e5b6274780fa1dae4b3ece9ab8791fe243a83

Download Submit
C:\Windows\system\aFrFIlr.exe

Filesize
6.0MB

MD5
d51456b37215968f2efd009d429b7ec3

SHA1
21a586cfc895339a84e376ef956e0228a5bf502d

SHA256
0162c7c4a52a6bab9a7de1af98a17158d0c5fc6246a185a4a677983e5db06a8b

SHA512
5d03852cf2a04be0c92f30de5cd8b619db4170b3eeed05835f23dc9983525eaf52ed05bb27ff238ef5bda13aac40eb9f7e0fcaf1f61acd09e695995f682eed64

Download Submit
C:\Windows\system\aIOFWxK.exe

Filesize
6.0MB

MD5
a56a5e81e98309df35976d312a211b10

SHA1
42b50873a88568970271e7a4874e0f6c9c89ae9b

SHA256
eb0e945ef8dfc923fdbc942e0d0f5b758b1b401155348845195b7a0692fdde6e

SHA512
396cac089ca019d1927a2ffd79a0c5600764a417026f5954a85c18b227ce8779df57f925045967b7a22038dda19b16e45f7f9dabf381e27e685ee5bf8aa962cc

Download Submit
C:\Windows\system\aSQmYJY.exe

Filesize
6.0MB

MD5
af54953fe062f7a3c0bc54565c730c8c

SHA1
9d23cc1f39fb2ce7773797718f91f8520c33af15

SHA256
d1e6780339e64154a5cea84e3a1e599c17ba2398a279a2c6e13a588aa69c6265

SHA512
a2bf1ca86a6f37e0acaa67c9844769168d4a8d54aeadeac0a4dc6cb41be3f011a31e988eeddd4e9b2f100dc936160dd7b02ba3ac4b202acf5be06919e0ea2143

Download Submit
C:\Windows\system\afgFDns.exe

Filesize
6.0MB

MD5
555a290fb8d0a8d72aa6e4913f381a23

SHA1
bd07b53d6489f1c8731b5a3243410104ef4e407e

SHA256
5a3201c5b7c6b0cdb8d5363f11a12947499e77bfdf871ee0b0a0a9aa9278c126

SHA512
41bdec3a8605f6fb78c13c7f2969940bd3cd865c2c375258845e12775b18c2fbc8341aa1810928ae42aae000f65b0a1a45b8cf7f5edf73f6163a37f83cf15aa6

Download Submit
C:\Windows\system\elaFMYz.exe

Filesize
6.0MB

MD5
085f0b62936e6287169ecc40dc5cbd2d

SHA1
cb8eb82c38b907c01534e96b66b66f4dccbddaf7

SHA256
7260669ced618b3dcbd63cfd5304a8d2af2168dca8a1827d376550601873e3c2

SHA512
d35e1e25b79e3a372170718012bff4b65198cbb832b67733b21b0aac85900d01d6ebb799fae724bd3d27c193cbc26fa4e47d4c56011a788695cd17a01fc9740a

Download Submit
C:\Windows\system\ftgxnix.exe

Filesize
6.0MB

MD5
ccc44a426667a93b8742d687f0a77374

SHA1
0bdbf01f675a0660499ed7266b85891af07d9f79

SHA256
8d8b8eba869ab1b061fe32f9a90b0d1b9ad9bb0f7be6effb5a8141f847ab96f1

SHA512
84403293ea8e3d1b50946feafb5c6457ab0e37f70412d5b7e91ff49167893aa455134fadde3fdd647411d7229377eb1f8b109f13e29b3ae52a0814cf8815434e

Download Submit
C:\Windows\system\mPLzxGP.exe

Filesize
6.0MB

MD5
71556dd3fc61da3bc47430888dfc8134

SHA1
1e846ad7ccf58ba4b392f1f72e0045689a29d06e

SHA256
775d96d8f059921249976ad9ee15d0d8f9d493124f80677f56c58289d5818933

SHA512
1b968b90d32f6b16c56a5b48a9b875a6b41ca58ecf6aedf6b3a918ce678792785d4b0b299345e6f66166607cf2d8591fb95d5eb0aeca9146295843b64bcee09d

Download Submit
C:\Windows\system\nVPUjIG.exe

Filesize
6.0MB

MD5
96acfd72e998991c80f02e48eff8d8da

SHA1
96bc4633b4e25722ae939b2880540c9daa0866c7

SHA256
6993fb3f01e480ce73117de6e898bc1fc83b3689df770da056c1edab364c154c

SHA512
2f26a190911148b99887206d7e1e83ba8524e5f7e2859006b9147ea5bfd8390b059da59cc7c33db1b08284ba6799d0477fb0e4defb41cd2ca06e6826ac1ae310

Download Submit
C:\Windows\system\oAKbaZf.exe

Filesize
6.0MB

MD5
a3c2ed192bd02ac050e6d8436cf4d43f

SHA1
57d9c7f51e3db0d9033b50543887a665a4877349

SHA256
cb2ceabcb4845350f2bd23d07065337d942dd6b882c019f46d53287cc3dee9fb

SHA512
588d1eb98af71f09cd67ae437c34381e05c372c7d811e0f8150a60c016f32498eeb2f038d4ccf8efd0a8a503b9519f669d35c8dcc68426bb557e43c4b9e77431

Download Submit
C:\Windows\system\rOIfIrx.exe

Filesize
6.0MB

MD5
584951acce3b4d7ba8565376aff5ef42

SHA1
0b2a5e5159bcbc95cbf2f063ac7280be05520299

SHA256
d402a561a7733a48c78f77fa0bbb277ac1ba134936d75002460269a32ebd30c8

SHA512
bd3550bebb9d11e817db9fb9ac09cf49a23a13045b74170fa14e99710bf5b41d1501243e6804e50915edd37f7f188d27eb6d6a1a39a1e5169bcdf051bba086b3

Download Submit
C:\Windows\system\sSAGqXY.exe

Filesize
6.0MB

MD5
15238218980a5faf34cc2661b20084a1

SHA1
db1af62ea35d7835b9bfb6f0ed666ae5ef729f16

SHA256
b43e02c868836396ee1e6b35f4fd85428a90bbe871393366e98cdfdd9321c0c0

SHA512
fe5a87a85b5e63e60d4a53b095530de0860e84446321fd93f328fb683883a4dd13375f601ff0438b61766b57dd01c28cb71e08f3e3fc5750de99a0367d950e18

Download Submit
C:\Windows\system\uVWYdpp.exe

Filesize
6.0MB

MD5
6361edaa2bd8d56bb268f30bf571f319

SHA1
853a4348e03b2b65d87cff93c823c3fd6315305e

SHA256
78e57f1151c5d14f799a290a4e5dce8761355cbd50faa77693b51f9539296304

SHA512
677fbdb86c21b7db66bdcc5dd16bc5af5324e1aea70036b4b6540faa0fcc61ca145b34c2440ae5717b1e6b947a3d798b3af709b80c25c01ba7e0eb47e54bdc01

Download Submit
C:\Windows\system\xHcvslQ.exe

Filesize
6.0MB

MD5
a4a7eb8f22d3a64d6ae8febd4b6510b8

SHA1
ecf459ea49f29e60e9932414926192e4018ad5e4

SHA256
60ad1da81c0aa1afc79471b7f7a65cce034edfc51ada974013374e9a4031bdfe

SHA512
aa5fba38ef947e2977e5ca8b714530f8ed32d88c2b6bdab394bbba544108e1cf474660a5505de649ecf42e6d7af87a9b93b54f9f6811dcb5b520b6c02228013d

Download Submit
\Windows\system\GJBdDFU.exe

Filesize
6.0MB

MD5
66f00673af0c0d6423b6414a3d5f8b20

SHA1
28751231d9c00dc95c9340b39776554eea88466c

SHA256
1d81ced94cffdf03030ddf25662f3d7c12e967f6f73193b9cdc917b7284d1010

SHA512
56ca58684dc32c93c8b1c4b402a15621b7427430536ff8db90c082d0c9107cd52775aa6f6a9d239871b0a301b8272c970f5a928b81009bd65626d6ea6752ded3

Download Submit
\Windows\system\bStkAck.exe

Filesize
6.0MB

MD5
a26c72db4c9b940f3d6cf8d769bf2b99

SHA1
40744c627d60b4f9f96485b1ad576dc91184bf0a

SHA256
22bbb29d464cd46a410e952fa0afbbc633a44408415bd7ea4e749208eb8f052e

SHA512
c29e6c822c96247c3c967befa64bf9b67befe5d3df3cddb22e092b398eaa2b0da77fee850dd86a7300d7e206cac20fee25ec18799fd5b162891b534a555a99b9

Download Submit
\Windows\system\jibbNwh.exe

Filesize
6.0MB

MD5
ee74b8962de06c376c45837d89396ec2

SHA1
a87b364b53fc1098dbbab6fc6523db5823384a9b

SHA256
d5ddf925acc9c43b96d7d62b11d79a135350231254dcbdce54eb0051644dc07e

SHA512
7c7749261a40ae5ae37094fe6609786b9bfb5eab8de33b31dfb4adda99d4780482d5cffaceeaaa16a380243b65b9de6480a6e47947afbf3fd4ce337eee630fda

Download Submit
\Windows\system\sUVxvHI.exe

Filesize
6.0MB

MD5
04978410fbb87fb3ca8487e78a0cba64

SHA1
cabf17feff905e9f9fe26053ac91c605d58b6a32

SHA256
14532b498abf04584b19994f1d3a946b7e8b9a96bb281a3b7dd27f905544a877

SHA512
5899ede07c571b3f5aafe929bee7c47f30a0d828da62283df624fd6b305fb077de2dede643c9b0ed707749e44dd56e7bf05ef203bd09a204e6f32bf7a46a6fa8

Download Submit
\Windows\system\zzSdOoP.exe

Filesize
6.0MB

MD5
53af3eb88db490f1903e92eb8a005321

SHA1
c566fc1e3bc8c062c872ea96f1b88b97065c0281

SHA256
d97d40616c7cf77859c357a1d324d4be7672577b536269f0657d2920867fe50e

SHA512
baaeb874e5febfb806122450593a536b368f1900bd1d81baee55946056c2014e1543d97221bb5323489c1d512a0892ca1c18cef61b6e5021eb4136f65d6338ce

Download Submit
memory/616-101-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/616-1064-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/616-3578-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-3480-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-84-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-734-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-88-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-3474-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-3478-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-99-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-73-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2176-3455-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3307-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2432-50-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2432-87-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2536-3265-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2536-82-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2536-42-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3339-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2572-66-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2644-108-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2644-83-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-109-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-68-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2644-18-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2644-65-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2644-28-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2644-20-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2644-53-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2644-0-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2644-44-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1182-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-32-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2644-8-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2644-85-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-95-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2644-41-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2644-304-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2644-509-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-3333-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2660-23-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2680-37-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3266-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2780-9-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3305-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2824-29-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3338-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2824-64-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3379-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2932-58-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/3008-22-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3308-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download