cobaltstrike | f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488

Analysis

max time kernel
149s
max time network
20s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
18-11-2024 07:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
Size

6.0MB
MD5

06d6a3efde8c05166a956b3848df456d
SHA1

a107cdc85fd6efbebb35619b9522247e991812cc
SHA256

f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488
SHA512

671a9192eecd7875a2faa61a163a5da5deb66a8ff1fa5287f52cf7514ac157c201fa2bfcb84db4a6693ea79b1d23dc618321dae3f72f4cbacd12eda34b9e5675
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017530-12.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186ca-33.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195d6-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019608-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019606-91.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018710-64.dat	cobalt_reflective_dll
behavioral1/files/0x0039000000016de6-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019604-71.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186d9-47.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186cc-40.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c6-28.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000175ae-17.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2684-0-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-6.dat	xmrig
behavioral1/files/0x0009000000017530-12.dat	xmrig
behavioral1/memory/2696-24-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2764-29-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x00060000000186ca-33.dat	xmrig
behavioral1/memory/2812-37-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2684-52-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2948-76-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/files/0x00060000000195d6-78.dat	xmrig
behavioral1/files/0x0005000000019605-80.dat	xmrig
behavioral1/memory/1608-88-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2908-96-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-112.dat	xmrig
behavioral1/files/0x0005000000019c34-139.dat	xmrig
behavioral1/memory/2684-276-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x000500000001a075-187.dat	xmrig
behavioral1/files/0x0005000000019d8e-180.dat	xmrig
behavioral1/files/0x0005000000019f8a-177.dat	xmrig
behavioral1/files/0x0005000000019cba-171.dat	xmrig
behavioral1/files/0x000500000001a07e-193.dat	xmrig
behavioral1/files/0x0005000000019c3e-152.dat	xmrig
behavioral1/files/0x0005000000019f94-184.dat	xmrig
behavioral1/files/0x0005000000019dbf-174.dat	xmrig
behavioral1/files/0x00050000000196a1-133.dat	xmrig
behavioral1/files/0x0005000000019cca-164.dat	xmrig
behavioral1/files/0x0005000000019c57-156.dat	xmrig
behavioral1/files/0x0005000000019c3c-146.dat	xmrig
behavioral1/files/0x000500000001961e-122.dat	xmrig
behavioral1/files/0x0005000000019926-136.dat	xmrig
behavioral1/files/0x0005000000019667-126.dat	xmrig
behavioral1/files/0x000500000001961c-118.dat	xmrig
behavioral1/memory/2668-103-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960a-106.dat	xmrig
behavioral1/memory/536-102-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x0005000000019608-100.dat	xmrig
behavioral1/memory/2996-95-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2764-85-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/3060-83-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0005000000019606-91.dat	xmrig
behavioral1/files/0x0008000000018710-64.dat	xmrig
behavioral1/files/0x0039000000016de6-56.dat	xmrig
behavioral1/memory/2684-74-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0005000000019604-71.dat	xmrig
behavioral1/memory/1440-70-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2668-61-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2684-60-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/memory/2908-43-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2884-51-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x00060000000186d9-47.dat	xmrig
behavioral1/files/0x00060000000186cc-40.dat	xmrig
behavioral1/files/0x00060000000186c6-28.dat	xmrig
behavioral1/memory/2684-27-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/memory/2840-26-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2288-25-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x00080000000175ae-17.dat	xmrig
behavioral1/memory/2684-9-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2696-2680-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2884-2686-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2812-2683-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2840-2705-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/1440-2772-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2948-2770-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/536-2810-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2696	USGBTPm.exe
2288	npjPSKa.exe
2840	yOFqKoV.exe
2764	NpeotIl.exe
2812	RtfUtKL.exe
2908	LJLRdns.exe
2884	OzjJOpy.exe
2668	Ezeflly.exe
1440	PZhgHsz.exe
2948	TIYvUbq.exe
3060	irVzjnm.exe
1608	OkOdkso.exe
2996	UORIpXf.exe
536	odJUyCB.exe
3028	eYvVbjT.exe
1248	cIxyRuB.exe
1276	PHdNlvs.exe
2380	VUEDuKn.exe
2416	MKczBvT.exe
2312	dRNyYmz.exe
1200	RAyoqFf.exe
1512	tmIXEXn.exe
592	PppjWhh.exe
2392	KLclrib.exe
1924	eaVYRoW.exe
2212	hhtjvKw.exe
2440	gdCPFUB.exe
1628	wULuCMw.exe
2248	CSFTKyT.exe
1088	HSStVFG.exe
1008	JPwGBlr.exe
1524	kGkgkxZ.exe
1912	enxKypA.exe
564	KugEHDI.exe
1652	OHcCOVF.exe
972	mIaXzUN.exe
3004	OiOEzMB.exe
2360	AnpkTSW.exe
2224	DCUDLle.exe
448	vslIgwM.exe
1696	XVVzfaG.exe
2068	XZdeGrV.exe
2032	wLFeTeq.exe
1920	kgBlmPq.exe
2960	gwkwlcQ.exe
2004	zIRnliv.exe
608	UMMbUoO.exe
1500	ZwzaUKM.exe
1888	EKTBOPM.exe
860	KzOEFNB.exe
288	QvDUbpH.exe
2548	HraLYTH.exe
1580	DXnFoTn.exe
1584	ADnGlQy.exe
1480	XfysrSL.exe
2868	SBakkSI.exe
2788	NuwvFzH.exe
2596	icsIrdZ.exe
2608	BEURZdZ.exe
1900	rPjHMyr.exe
2672	ReZbYeA.exe
1984	yVWbnMi.exe
2644	hiLDzap.exe
672	vNxSiiB.exe

Loads dropped DLL 64 IoCs

pid	Process
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2684-0-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-6.dat	upx
behavioral1/files/0x0009000000017530-12.dat	upx
behavioral1/memory/2696-24-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2764-29-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x00060000000186ca-33.dat	upx
behavioral1/memory/2812-37-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2684-52-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2948-76-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/files/0x00060000000195d6-78.dat	upx
behavioral1/files/0x0005000000019605-80.dat	upx
behavioral1/memory/1608-88-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2908-96-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x000500000001960c-112.dat	upx
behavioral1/files/0x0005000000019c34-139.dat	upx
behavioral1/files/0x000500000001a075-187.dat	upx
behavioral1/files/0x0005000000019d8e-180.dat	upx
behavioral1/files/0x0005000000019f8a-177.dat	upx
behavioral1/files/0x0005000000019cba-171.dat	upx
behavioral1/files/0x000500000001a07e-193.dat	upx
behavioral1/files/0x0005000000019c3e-152.dat	upx
behavioral1/files/0x0005000000019f94-184.dat	upx
behavioral1/files/0x0005000000019dbf-174.dat	upx
behavioral1/files/0x00050000000196a1-133.dat	upx
behavioral1/files/0x0005000000019cca-164.dat	upx
behavioral1/files/0x0005000000019c57-156.dat	upx
behavioral1/files/0x0005000000019c3c-146.dat	upx
behavioral1/files/0x000500000001961e-122.dat	upx
behavioral1/files/0x0005000000019926-136.dat	upx
behavioral1/files/0x0005000000019667-126.dat	upx
behavioral1/files/0x000500000001961c-118.dat	upx
behavioral1/memory/2668-103-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x000500000001960a-106.dat	upx
behavioral1/memory/536-102-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x0005000000019608-100.dat	upx
behavioral1/memory/2996-95-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2764-85-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/3060-83-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0005000000019606-91.dat	upx
behavioral1/files/0x0008000000018710-64.dat	upx
behavioral1/files/0x0039000000016de6-56.dat	upx
behavioral1/files/0x0005000000019604-71.dat	upx
behavioral1/memory/1440-70-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2668-61-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2908-43-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2884-51-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x00060000000186d9-47.dat	upx
behavioral1/files/0x00060000000186cc-40.dat	upx
behavioral1/files/0x00060000000186c6-28.dat	upx
behavioral1/memory/2840-26-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2288-25-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x00080000000175ae-17.dat	upx
behavioral1/memory/2696-2680-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2884-2686-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2812-2683-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2840-2705-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/1440-2772-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2948-2770-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/536-2810-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2668-2809-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/3060-2808-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/1608-2812-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2764-2807-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2908-2802-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qOVBzAv.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\VmKuuil.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\axzgUXk.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\sJZXNtK.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\oIBKsUj.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\dIxAXhD.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\VtdFsgu.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\XqUQCtx.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\SVvPWUH.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\YSfJKLq.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\AcNQZXX.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\LONEfav.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\keCrQOp.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\zIHVoko.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\IPQtltR.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\ZIFoIoc.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\VsMyWOO.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\xFDbBKj.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\YDpvxYW.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\hRIvrDN.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\JtqGPdo.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\rOyrtzS.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\WliHPtH.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\mHFzhgI.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\NvPuHNZ.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\iMfmsoy.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\yqDoWXR.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\bafRguC.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\BXQRtno.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\chbAyev.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\CeAuwLO.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\LpswuRK.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\BanOYds.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\ZiZFElW.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\DWlrmlj.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\VHfckCv.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\MQfiQZN.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\rSHMwID.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\LuniYrL.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\jjTVtiO.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\EyduOyJ.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\CLKXiUH.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\YFXxgwS.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\GWLgNXx.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\BtJvMOP.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\sbBurBN.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\pWgaSkx.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\LahxKVS.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\eaDtxox.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\zoZQtjC.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\AIRXFYc.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\MPqrrty.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\jMGCinQ.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\mgkSZSB.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\qSODRxv.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\ezTnLwR.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\JqYGwmu.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\cIauEHw.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\CXthXpY.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\tBeFmRs.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\JPNHaOF.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\nTxJocm.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\DUAYpxh.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
File created	C:\Windows\System\piSgQqw.exe	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2696	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	31
PID 2684 wrote to memory of 2696	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	31
PID 2684 wrote to memory of 2696	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	31
PID 2684 wrote to memory of 2288	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	32
PID 2684 wrote to memory of 2288	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	32
PID 2684 wrote to memory of 2288	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	32
PID 2684 wrote to memory of 2840	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	33
PID 2684 wrote to memory of 2840	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	33
PID 2684 wrote to memory of 2840	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	33
PID 2684 wrote to memory of 2764	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	34
PID 2684 wrote to memory of 2764	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	34
PID 2684 wrote to memory of 2764	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	34
PID 2684 wrote to memory of 2812	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	35
PID 2684 wrote to memory of 2812	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	35
PID 2684 wrote to memory of 2812	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	35
PID 2684 wrote to memory of 2908	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	36
PID 2684 wrote to memory of 2908	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	36
PID 2684 wrote to memory of 2908	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	36
PID 2684 wrote to memory of 2884	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	37
PID 2684 wrote to memory of 2884	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	37
PID 2684 wrote to memory of 2884	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	37
PID 2684 wrote to memory of 2668	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	38
PID 2684 wrote to memory of 2668	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	38
PID 2684 wrote to memory of 2668	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	38
PID 2684 wrote to memory of 1440	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	39
PID 2684 wrote to memory of 1440	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	39
PID 2684 wrote to memory of 1440	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	39
PID 2684 wrote to memory of 3060	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	40
PID 2684 wrote to memory of 3060	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	40
PID 2684 wrote to memory of 3060	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	40
PID 2684 wrote to memory of 2948	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	41
PID 2684 wrote to memory of 2948	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	41
PID 2684 wrote to memory of 2948	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	41
PID 2684 wrote to memory of 1608	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	42
PID 2684 wrote to memory of 1608	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	42
PID 2684 wrote to memory of 1608	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	42
PID 2684 wrote to memory of 2996	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	43
PID 2684 wrote to memory of 2996	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	43
PID 2684 wrote to memory of 2996	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	43
PID 2684 wrote to memory of 536	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	44
PID 2684 wrote to memory of 536	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	44
PID 2684 wrote to memory of 536	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	44
PID 2684 wrote to memory of 3028	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	45
PID 2684 wrote to memory of 3028	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	45
PID 2684 wrote to memory of 3028	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	45
PID 2684 wrote to memory of 1248	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	46
PID 2684 wrote to memory of 1248	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	46
PID 2684 wrote to memory of 1248	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	46
PID 2684 wrote to memory of 1276	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	47
PID 2684 wrote to memory of 1276	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	47
PID 2684 wrote to memory of 1276	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	47
PID 2684 wrote to memory of 2380	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	48
PID 2684 wrote to memory of 2380	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	48
PID 2684 wrote to memory of 2380	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	48
PID 2684 wrote to memory of 2416	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	49
PID 2684 wrote to memory of 2416	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	49
PID 2684 wrote to memory of 2416	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	49
PID 2684 wrote to memory of 2312	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	50
PID 2684 wrote to memory of 2312	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	50
PID 2684 wrote to memory of 2312	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	50
PID 2684 wrote to memory of 1200	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	51
PID 2684 wrote to memory of 1200	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	51
PID 2684 wrote to memory of 1200	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	51
PID 2684 wrote to memory of 592	2684	f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe	52

C:\Users\Admin\AppData\Local\Temp\f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe
"C:\Users\Admin\AppData\Local\Temp\f4e0387f7054e50b5e6a9c893f2cba955be3008d11055a583aec76f428931488.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Windows\System\USGBTPm.exe
  C:\Windows\System\USGBTPm.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\npjPSKa.exe
  C:\Windows\System\npjPSKa.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\yOFqKoV.exe
  C:\Windows\System\yOFqKoV.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\NpeotIl.exe
  C:\Windows\System\NpeotIl.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\RtfUtKL.exe
  C:\Windows\System\RtfUtKL.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\LJLRdns.exe
  C:\Windows\System\LJLRdns.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\OzjJOpy.exe
  C:\Windows\System\OzjJOpy.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\Ezeflly.exe
  C:\Windows\System\Ezeflly.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\PZhgHsz.exe
  C:\Windows\System\PZhgHsz.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\irVzjnm.exe
  C:\Windows\System\irVzjnm.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\TIYvUbq.exe
  C:\Windows\System\TIYvUbq.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\OkOdkso.exe
  C:\Windows\System\OkOdkso.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\UORIpXf.exe
  C:\Windows\System\UORIpXf.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\odJUyCB.exe
  C:\Windows\System\odJUyCB.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\eYvVbjT.exe
  C:\Windows\System\eYvVbjT.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\cIxyRuB.exe
  C:\Windows\System\cIxyRuB.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\PHdNlvs.exe
  C:\Windows\System\PHdNlvs.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\VUEDuKn.exe
  C:\Windows\System\VUEDuKn.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\MKczBvT.exe
  C:\Windows\System\MKczBvT.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\dRNyYmz.exe
  C:\Windows\System\dRNyYmz.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\RAyoqFf.exe
  C:\Windows\System\RAyoqFf.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\PppjWhh.exe
  C:\Windows\System\PppjWhh.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\tmIXEXn.exe
  C:\Windows\System\tmIXEXn.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\KLclrib.exe
  C:\Windows\System\KLclrib.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\eaVYRoW.exe
  C:\Windows\System\eaVYRoW.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\gdCPFUB.exe
  C:\Windows\System\gdCPFUB.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\hhtjvKw.exe
  C:\Windows\System\hhtjvKw.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\CSFTKyT.exe
  C:\Windows\System\CSFTKyT.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\wULuCMw.exe
  C:\Windows\System\wULuCMw.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\enxKypA.exe
  C:\Windows\System\enxKypA.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\HSStVFG.exe
  C:\Windows\System\HSStVFG.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\KugEHDI.exe
  C:\Windows\System\KugEHDI.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\JPwGBlr.exe
  C:\Windows\System\JPwGBlr.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\mIaXzUN.exe
  C:\Windows\System\mIaXzUN.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\kGkgkxZ.exe
  C:\Windows\System\kGkgkxZ.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\OiOEzMB.exe
  C:\Windows\System\OiOEzMB.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\OHcCOVF.exe
  C:\Windows\System\OHcCOVF.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\AnpkTSW.exe
  C:\Windows\System\AnpkTSW.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\DCUDLle.exe
  C:\Windows\System\DCUDLle.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\vslIgwM.exe
  C:\Windows\System\vslIgwM.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\XVVzfaG.exe
  C:\Windows\System\XVVzfaG.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\XZdeGrV.exe
  C:\Windows\System\XZdeGrV.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\wLFeTeq.exe
  C:\Windows\System\wLFeTeq.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\kgBlmPq.exe
  C:\Windows\System\kgBlmPq.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\gwkwlcQ.exe
  C:\Windows\System\gwkwlcQ.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\zIRnliv.exe
  C:\Windows\System\zIRnliv.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\UMMbUoO.exe
  C:\Windows\System\UMMbUoO.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\EKTBOPM.exe
  C:\Windows\System\EKTBOPM.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\ZwzaUKM.exe
  C:\Windows\System\ZwzaUKM.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\KzOEFNB.exe
  C:\Windows\System\KzOEFNB.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\QvDUbpH.exe
  C:\Windows\System\QvDUbpH.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\HraLYTH.exe
  C:\Windows\System\HraLYTH.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\DXnFoTn.exe
  C:\Windows\System\DXnFoTn.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\ADnGlQy.exe
  C:\Windows\System\ADnGlQy.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\XfysrSL.exe
  C:\Windows\System\XfysrSL.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\SBakkSI.exe
  C:\Windows\System\SBakkSI.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\NuwvFzH.exe
  C:\Windows\System\NuwvFzH.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\BEURZdZ.exe
  C:\Windows\System\BEURZdZ.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\icsIrdZ.exe
  C:\Windows\System\icsIrdZ.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\rPjHMyr.exe
  C:\Windows\System\rPjHMyr.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\ReZbYeA.exe
  C:\Windows\System\ReZbYeA.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\yVWbnMi.exe
  C:\Windows\System\yVWbnMi.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\hiLDzap.exe
  C:\Windows\System\hiLDzap.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\vNxSiiB.exe
  C:\Windows\System\vNxSiiB.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\cxLkbNI.exe
  C:\Windows\System\cxLkbNI.exe
  2⤵
  PID:2244
- C:\Windows\System\lUkfKMj.exe
  C:\Windows\System\lUkfKMj.exe
  2⤵
  PID:2444
- C:\Windows\System\gTqytAH.exe
  C:\Windows\System\gTqytAH.exe
  2⤵
  PID:2664
- C:\Windows\System\DUAYpxh.exe
  C:\Windows\System\DUAYpxh.exe
  2⤵
  PID:2080
- C:\Windows\System\tGxzcaQ.exe
  C:\Windows\System\tGxzcaQ.exe
  2⤵
  PID:2384
- C:\Windows\System\uSZMpuP.exe
  C:\Windows\System\uSZMpuP.exe
  2⤵
  PID:1280
- C:\Windows\System\VFZlfRg.exe
  C:\Windows\System\VFZlfRg.exe
  2⤵
  PID:2480
- C:\Windows\System\MqVbmTK.exe
  C:\Windows\System\MqVbmTK.exe
  2⤵
  PID:2008
- C:\Windows\System\eLzsTWN.exe
  C:\Windows\System\eLzsTWN.exe
  2⤵
  PID:2272
- C:\Windows\System\oZxKAhf.exe
  C:\Windows\System\oZxKAhf.exe
  2⤵
  PID:2492
- C:\Windows\System\EzdArRL.exe
  C:\Windows\System\EzdArRL.exe
  2⤵
  PID:1760
- C:\Windows\System\OExITzG.exe
  C:\Windows\System\OExITzG.exe
  2⤵
  PID:3024
- C:\Windows\System\TzKsjvv.exe
  C:\Windows\System\TzKsjvv.exe
  2⤵
  PID:1464
- C:\Windows\System\hlDPJYL.exe
  C:\Windows\System\hlDPJYL.exe
  2⤵
  PID:1748
- C:\Windows\System\KboIuFX.exe
  C:\Windows\System\KboIuFX.exe
  2⤵
  PID:1604
- C:\Windows\System\lGxKdsP.exe
  C:\Windows\System\lGxKdsP.exe
  2⤵
  PID:2160
- C:\Windows\System\NQUFNIO.exe
  C:\Windows\System\NQUFNIO.exe
  2⤵
  PID:1240
- C:\Windows\System\wJNpwXv.exe
  C:\Windows\System\wJNpwXv.exe
  2⤵
  PID:2468
- C:\Windows\System\xwMwVnH.exe
  C:\Windows\System\xwMwVnH.exe
  2⤵
  PID:1040
- C:\Windows\System\HcXBukd.exe
  C:\Windows\System\HcXBukd.exe
  2⤵
  PID:2544
- C:\Windows\System\tKRguDP.exe
  C:\Windows\System\tKRguDP.exe
  2⤵
  PID:2216
- C:\Windows\System\kBhLaSt.exe
  C:\Windows\System\kBhLaSt.exe
  2⤵
  PID:2552
- C:\Windows\System\LPllLiL.exe
  C:\Windows\System\LPllLiL.exe
  2⤵
  PID:2748
- C:\Windows\System\SdsYPXo.exe
  C:\Windows\System\SdsYPXo.exe
  2⤵
  PID:2124
- C:\Windows\System\cHPWLmO.exe
  C:\Windows\System\cHPWLmO.exe
  2⤵
  PID:1680
- C:\Windows\System\sLpKGSO.exe
  C:\Windows\System\sLpKGSO.exe
  2⤵
  PID:2580
- C:\Windows\System\MPLDavG.exe
  C:\Windows\System\MPLDavG.exe
  2⤵
  PID:1904
- C:\Windows\System\Kqzkrls.exe
  C:\Windows\System\Kqzkrls.exe
  2⤵
  PID:1100
- C:\Windows\System\YLJvTHf.exe
  C:\Windows\System\YLJvTHf.exe
  2⤵
  PID:2428
- C:\Windows\System\amLLOLs.exe
  C:\Windows\System\amLLOLs.exe
  2⤵
  PID:324
- C:\Windows\System\cztqsQr.exe
  C:\Windows\System\cztqsQr.exe
  2⤵
  PID:1640
- C:\Windows\System\uBhYdPI.exe
  C:\Windows\System\uBhYdPI.exe
  2⤵
  PID:1504
- C:\Windows\System\THbpMyM.exe
  C:\Windows\System\THbpMyM.exe
  2⤵
  PID:1808
- C:\Windows\System\gFqQGem.exe
  C:\Windows\System\gFqQGem.exe
  2⤵
  PID:2504
- C:\Windows\System\kmMGnYY.exe
  C:\Windows\System\kmMGnYY.exe
  2⤵
  PID:2196
- C:\Windows\System\SfLYeYc.exe
  C:\Windows\System\SfLYeYc.exe
  2⤵
  PID:3084
- C:\Windows\System\YBYcaHd.exe
  C:\Windows\System\YBYcaHd.exe
  2⤵
  PID:3104
- C:\Windows\System\RrufObk.exe
  C:\Windows\System\RrufObk.exe
  2⤵
  PID:3124
- C:\Windows\System\GUTBlla.exe
  C:\Windows\System\GUTBlla.exe
  2⤵
  PID:3140
- C:\Windows\System\yqrKZaJ.exe
  C:\Windows\System\yqrKZaJ.exe
  2⤵
  PID:3156
- C:\Windows\System\KvzRAZG.exe
  C:\Windows\System\KvzRAZG.exe
  2⤵
  PID:3180
- C:\Windows\System\eErxFvU.exe
  C:\Windows\System\eErxFvU.exe
  2⤵
  PID:3204
- C:\Windows\System\vLvnEQR.exe
  C:\Windows\System\vLvnEQR.exe
  2⤵
  PID:3228
- C:\Windows\System\MYEyLLm.exe
  C:\Windows\System\MYEyLLm.exe
  2⤵
  PID:3248
- C:\Windows\System\SLJxnIQ.exe
  C:\Windows\System\SLJxnIQ.exe
  2⤵
  PID:3264
- C:\Windows\System\EEXIpYH.exe
  C:\Windows\System\EEXIpYH.exe
  2⤵
  PID:3288
- C:\Windows\System\qOoXewK.exe
  C:\Windows\System\qOoXewK.exe
  2⤵
  PID:3308
- C:\Windows\System\vZRsYrp.exe
  C:\Windows\System\vZRsYrp.exe
  2⤵
  PID:3324
- C:\Windows\System\pKJmkdq.exe
  C:\Windows\System\pKJmkdq.exe
  2⤵
  PID:3348
- C:\Windows\System\wiHrEuR.exe
  C:\Windows\System\wiHrEuR.exe
  2⤵
  PID:3368
- C:\Windows\System\jIeuSVf.exe
  C:\Windows\System\jIeuSVf.exe
  2⤵
  PID:3388
- C:\Windows\System\bYfuyAN.exe
  C:\Windows\System\bYfuyAN.exe
  2⤵
  PID:3408
- C:\Windows\System\gWzgHSi.exe
  C:\Windows\System\gWzgHSi.exe
  2⤵
  PID:3424
- C:\Windows\System\flemAPN.exe
  C:\Windows\System\flemAPN.exe
  2⤵
  PID:3444
- C:\Windows\System\dcownVR.exe
  C:\Windows\System\dcownVR.exe
  2⤵
  PID:3460
- C:\Windows\System\pFxYFHN.exe
  C:\Windows\System\pFxYFHN.exe
  2⤵
  PID:3484
- C:\Windows\System\qPWIMZc.exe
  C:\Windows\System\qPWIMZc.exe
  2⤵
  PID:3500
- C:\Windows\System\iWoGlBE.exe
  C:\Windows\System\iWoGlBE.exe
  2⤵
  PID:3524
- C:\Windows\System\yfnAlwl.exe
  C:\Windows\System\yfnAlwl.exe
  2⤵
  PID:3540
- C:\Windows\System\GOJqKNJ.exe
  C:\Windows\System\GOJqKNJ.exe
  2⤵
  PID:3560
- C:\Windows\System\MYnZOBP.exe
  C:\Windows\System\MYnZOBP.exe
  2⤵
  PID:3580
- C:\Windows\System\JgsGQyk.exe
  C:\Windows\System\JgsGQyk.exe
  2⤵
  PID:3596
- C:\Windows\System\NuZwlEu.exe
  C:\Windows\System\NuZwlEu.exe
  2⤵
  PID:3616
- C:\Windows\System\QyfWuwA.exe
  C:\Windows\System\QyfWuwA.exe
  2⤵
  PID:3636
- C:\Windows\System\IfxDNdZ.exe
  C:\Windows\System\IfxDNdZ.exe
  2⤵
  PID:3652
- C:\Windows\System\iIoBJiZ.exe
  C:\Windows\System\iIoBJiZ.exe
  2⤵
  PID:3676
- C:\Windows\System\EyGWjXb.exe
  C:\Windows\System\EyGWjXb.exe
  2⤵
  PID:3696
- C:\Windows\System\SHLUbMH.exe
  C:\Windows\System\SHLUbMH.exe
  2⤵
  PID:3716
- C:\Windows\System\AUrhepr.exe
  C:\Windows\System\AUrhepr.exe
  2⤵
  PID:3732
- C:\Windows\System\IQgLjSt.exe
  C:\Windows\System\IQgLjSt.exe
  2⤵
  PID:3752
- C:\Windows\System\QbZpKeG.exe
  C:\Windows\System\QbZpKeG.exe
  2⤵
  PID:3772
- C:\Windows\System\tWzTYZo.exe
  C:\Windows\System\tWzTYZo.exe
  2⤵
  PID:3792
- C:\Windows\System\hJqMmyj.exe
  C:\Windows\System\hJqMmyj.exe
  2⤵
  PID:3812
- C:\Windows\System\dpNYBfY.exe
  C:\Windows\System\dpNYBfY.exe
  2⤵
  PID:3828
- C:\Windows\System\EjIJKhR.exe
  C:\Windows\System\EjIJKhR.exe
  2⤵
  PID:3848
- C:\Windows\System\rIkvJPk.exe
  C:\Windows\System\rIkvJPk.exe
  2⤵
  PID:3868
- C:\Windows\System\YubmRTn.exe
  C:\Windows\System\YubmRTn.exe
  2⤵
  PID:3888
- C:\Windows\System\ZJiaCrs.exe
  C:\Windows\System\ZJiaCrs.exe
  2⤵
  PID:3916
- C:\Windows\System\xjawXkn.exe
  C:\Windows\System\xjawXkn.exe
  2⤵
  PID:3940
- C:\Windows\System\AupYhRW.exe
  C:\Windows\System\AupYhRW.exe
  2⤵
  PID:3964
- C:\Windows\System\EgBSsmg.exe
  C:\Windows\System\EgBSsmg.exe
  2⤵
  PID:3984
- C:\Windows\System\xLOBjAQ.exe
  C:\Windows\System\xLOBjAQ.exe
  2⤵
  PID:4004
- C:\Windows\System\nHqfILz.exe
  C:\Windows\System\nHqfILz.exe
  2⤵
  PID:4024
- C:\Windows\System\OWuVbvq.exe
  C:\Windows\System\OWuVbvq.exe
  2⤵
  PID:4044
- C:\Windows\System\rJqLTUU.exe
  C:\Windows\System\rJqLTUU.exe
  2⤵
  PID:4064
- C:\Windows\System\lIPzAJQ.exe
  C:\Windows\System\lIPzAJQ.exe
  2⤵
  PID:4084
- C:\Windows\System\RHEAMen.exe
  C:\Windows\System\RHEAMen.exe
  2⤵
  PID:2936
- C:\Windows\System\kkatoot.exe
  C:\Windows\System\kkatoot.exe
  2⤵
  PID:1384
- C:\Windows\System\BURtrhN.exe
  C:\Windows\System\BURtrhN.exe
  2⤵
  PID:2088
- C:\Windows\System\iuOyoUM.exe
  C:\Windows\System\iuOyoUM.exe
  2⤵
  PID:2520
- C:\Windows\System\Abweefw.exe
  C:\Windows\System\Abweefw.exe
  2⤵
  PID:2536
- C:\Windows\System\BpptmZf.exe
  C:\Windows\System\BpptmZf.exe
  2⤵
  PID:2828
- C:\Windows\System\qgWPwGP.exe
  C:\Windows\System\qgWPwGP.exe
  2⤵
  PID:1676
- C:\Windows\System\JNNllpT.exe
  C:\Windows\System\JNNllpT.exe
  2⤵
  PID:1216
- C:\Windows\System\Cteyqqs.exe
  C:\Windows\System\Cteyqqs.exe
  2⤵
  PID:2972
- C:\Windows\System\FTYTXKR.exe
  C:\Windows\System\FTYTXKR.exe
  2⤵
  PID:2372
- C:\Windows\System\NfUNuNt.exe
  C:\Windows\System\NfUNuNt.exe
  2⤵
  PID:2208
- C:\Windows\System\bYBkibZ.exe
  C:\Windows\System\bYBkibZ.exe
  2⤵
  PID:2860
- C:\Windows\System\bYnypvw.exe
  C:\Windows\System\bYnypvw.exe
  2⤵
  PID:3080
- C:\Windows\System\GAEdkuq.exe
  C:\Windows\System\GAEdkuq.exe
  2⤵
  PID:3116
- C:\Windows\System\vUfOPwK.exe
  C:\Windows\System\vUfOPwK.exe
  2⤵
  PID:2028
- C:\Windows\System\VWMDvXK.exe
  C:\Windows\System\VWMDvXK.exe
  2⤵
  PID:3096
- C:\Windows\System\diDIWzt.exe
  C:\Windows\System\diDIWzt.exe
  2⤵
  PID:3196
- C:\Windows\System\GxVyuoQ.exe
  C:\Windows\System\GxVyuoQ.exe
  2⤵
  PID:3284
- C:\Windows\System\pJbxEFk.exe
  C:\Windows\System\pJbxEFk.exe
  2⤵
  PID:3320
- C:\Windows\System\gwgGojg.exe
  C:\Windows\System\gwgGojg.exe
  2⤵
  PID:3400
- C:\Windows\System\zkIGSbO.exe
  C:\Windows\System\zkIGSbO.exe
  2⤵
  PID:3216
- C:\Windows\System\JMkjGYa.exe
  C:\Windows\System\JMkjGYa.exe
  2⤵
  PID:3224
- C:\Windows\System\GhUQNwZ.exe
  C:\Windows\System\GhUQNwZ.exe
  2⤵
  PID:3304
- C:\Windows\System\cgXqroO.exe
  C:\Windows\System\cgXqroO.exe
  2⤵
  PID:3376
- C:\Windows\System\ADYbWKK.exe
  C:\Windows\System\ADYbWKK.exe
  2⤵
  PID:3440
- C:\Windows\System\bCOKeGe.exe
  C:\Windows\System\bCOKeGe.exe
  2⤵
  PID:3480
- C:\Windows\System\VAwjCac.exe
  C:\Windows\System\VAwjCac.exe
  2⤵
  PID:3516
- C:\Windows\System\MHHBTWj.exe
  C:\Windows\System\MHHBTWj.exe
  2⤵
  PID:3588
- C:\Windows\System\YeIKGRg.exe
  C:\Windows\System\YeIKGRg.exe
  2⤵
  PID:3452
- C:\Windows\System\XQxGtih.exe
  C:\Windows\System\XQxGtih.exe
  2⤵
  PID:3608
- C:\Windows\System\jXmWZpt.exe
  C:\Windows\System\jXmWZpt.exe
  2⤵
  PID:3536
- C:\Windows\System\FqfiNRM.exe
  C:\Windows\System\FqfiNRM.exe
  2⤵
  PID:3572
- C:\Windows\System\LRrdRWe.exe
  C:\Windows\System\LRrdRWe.exe
  2⤵
  PID:3740
- C:\Windows\System\SrnTdrz.exe
  C:\Windows\System\SrnTdrz.exe
  2⤵
  PID:3780
- C:\Windows\System\IchJMdV.exe
  C:\Windows\System\IchJMdV.exe
  2⤵
  PID:3856
- C:\Windows\System\BanOYds.exe
  C:\Windows\System\BanOYds.exe
  2⤵
  PID:3844
- C:\Windows\System\cwiyGCL.exe
  C:\Windows\System\cwiyGCL.exe
  2⤵
  PID:3908
- C:\Windows\System\WdAWjyH.exe
  C:\Windows\System\WdAWjyH.exe
  2⤵
  PID:3876
- C:\Windows\System\BInSDsP.exe
  C:\Windows\System\BInSDsP.exe
  2⤵
  PID:3800
- C:\Windows\System\NvPuHNZ.exe
  C:\Windows\System\NvPuHNZ.exe
  2⤵
  PID:3960
- C:\Windows\System\kpwFuUy.exe
  C:\Windows\System\kpwFuUy.exe
  2⤵
  PID:3928
- C:\Windows\System\gwosOdz.exe
  C:\Windows\System\gwosOdz.exe
  2⤵
  PID:3996
- C:\Windows\System\kgdXiad.exe
  C:\Windows\System\kgdXiad.exe
  2⤵
  PID:4016
- C:\Windows\System\QFivJfY.exe
  C:\Windows\System\QFivJfY.exe
  2⤵
  PID:4012
- C:\Windows\System\iHEkuuj.exe
  C:\Windows\System\iHEkuuj.exe
  2⤵
  PID:2120
- C:\Windows\System\UJjZYBN.exe
  C:\Windows\System\UJjZYBN.exe
  2⤵
  PID:2864
- C:\Windows\System\BkLqZcz.exe
  C:\Windows\System\BkLqZcz.exe
  2⤵
  PID:1044
- C:\Windows\System\vVlLOQz.exe
  C:\Windows\System\vVlLOQz.exe
  2⤵
  PID:1704
- C:\Windows\System\PcFubkX.exe
  C:\Windows\System\PcFubkX.exe
  2⤵
  PID:2156
- C:\Windows\System\psEphPs.exe
  C:\Windows\System\psEphPs.exe
  2⤵
  PID:2188
- C:\Windows\System\gSmqCjD.exe
  C:\Windows\System\gSmqCjD.exe
  2⤵
  PID:3032
- C:\Windows\System\TeMJnde.exe
  C:\Windows\System\TeMJnde.exe
  2⤵
  PID:3112
- C:\Windows\System\tBeoqOV.exe
  C:\Windows\System\tBeoqOV.exe
  2⤵
  PID:932
- C:\Windows\System\bwpvlRe.exe
  C:\Windows\System\bwpvlRe.exe
  2⤵
  PID:2076
- C:\Windows\System\keCrQOp.exe
  C:\Windows\System\keCrQOp.exe
  2⤵
  PID:3188
- C:\Windows\System\yBnntEt.exe
  C:\Windows\System\yBnntEt.exe
  2⤵
  PID:3364
- C:\Windows\System\FKioPom.exe
  C:\Windows\System\FKioPom.exe
  2⤵
  PID:3404
- C:\Windows\System\KwQiNSG.exe
  C:\Windows\System\KwQiNSG.exe
  2⤵
  PID:3344
- C:\Windows\System\CHnrFqp.exe
  C:\Windows\System\CHnrFqp.exe
  2⤵
  PID:3296
- C:\Windows\System\cTNwGcX.exe
  C:\Windows\System\cTNwGcX.exe
  2⤵
  PID:3436
- C:\Windows\System\TsYoQbN.exe
  C:\Windows\System\TsYoQbN.exe
  2⤵
  PID:3552
- C:\Windows\System\sdjpmQP.exe
  C:\Windows\System\sdjpmQP.exe
  2⤵
  PID:3624
- C:\Windows\System\cnmUjNi.exe
  C:\Windows\System\cnmUjNi.exe
  2⤵
  PID:3604
- C:\Windows\System\dDmMkNK.exe
  C:\Windows\System\dDmMkNK.exe
  2⤵
  PID:3688
- C:\Windows\System\PkwjvUp.exe
  C:\Windows\System\PkwjvUp.exe
  2⤵
  PID:3664
- C:\Windows\System\koAdkVL.exe
  C:\Windows\System\koAdkVL.exe
  2⤵
  PID:3788
- C:\Windows\System\QUFthWj.exe
  C:\Windows\System\QUFthWj.exe
  2⤵
  PID:3904
- C:\Windows\System\SnrGFWa.exe
  C:\Windows\System\SnrGFWa.exe
  2⤵
  PID:3932
- C:\Windows\System\nUJEdUU.exe
  C:\Windows\System\nUJEdUU.exe
  2⤵
  PID:3804
- C:\Windows\System\lXVoYaS.exe
  C:\Windows\System\lXVoYaS.exe
  2⤵
  PID:1224
- C:\Windows\System\avGNSJI.exe
  C:\Windows\System\avGNSJI.exe
  2⤵
  PID:4072
- C:\Windows\System\doFPtON.exe
  C:\Windows\System\doFPtON.exe
  2⤵
  PID:1220
- C:\Windows\System\cWnoCBM.exe
  C:\Windows\System\cWnoCBM.exe
  2⤵
  PID:1716
- C:\Windows\System\aGPRphT.exe
  C:\Windows\System\aGPRphT.exe
  2⤵
  PID:1784
- C:\Windows\System\YPupVNI.exe
  C:\Windows\System\YPupVNI.exe
  2⤵
  PID:2432
- C:\Windows\System\lYoiitp.exe
  C:\Windows\System\lYoiitp.exe
  2⤵
  PID:1960
- C:\Windows\System\wfCyQSF.exe
  C:\Windows\System\wfCyQSF.exe
  2⤵
  PID:4112
- C:\Windows\System\noTODKv.exe
  C:\Windows\System\noTODKv.exe
  2⤵
  PID:4128
- C:\Windows\System\ZMKSrtV.exe
  C:\Windows\System\ZMKSrtV.exe
  2⤵
  PID:4148
- C:\Windows\System\mRLjSPT.exe
  C:\Windows\System\mRLjSPT.exe
  2⤵
  PID:4172
- C:\Windows\System\sDATkiT.exe
  C:\Windows\System\sDATkiT.exe
  2⤵
  PID:4192
- C:\Windows\System\FChqoFA.exe
  C:\Windows\System\FChqoFA.exe
  2⤵
  PID:4212
- C:\Windows\System\EukQZDm.exe
  C:\Windows\System\EukQZDm.exe
  2⤵
  PID:4232
- C:\Windows\System\XbZigWR.exe
  C:\Windows\System\XbZigWR.exe
  2⤵
  PID:4248
- C:\Windows\System\OnwpnhE.exe
  C:\Windows\System\OnwpnhE.exe
  2⤵
  PID:4272
- C:\Windows\System\qAdSaLA.exe
  C:\Windows\System\qAdSaLA.exe
  2⤵
  PID:4292
- C:\Windows\System\dsPOYXj.exe
  C:\Windows\System\dsPOYXj.exe
  2⤵
  PID:4312
- C:\Windows\System\BoIsDSM.exe
  C:\Windows\System\BoIsDSM.exe
  2⤵
  PID:4336
- C:\Windows\System\iYuEJxU.exe
  C:\Windows\System\iYuEJxU.exe
  2⤵
  PID:4356
- C:\Windows\System\dIeDcNx.exe
  C:\Windows\System\dIeDcNx.exe
  2⤵
  PID:4376
- C:\Windows\System\GRlRWBw.exe
  C:\Windows\System\GRlRWBw.exe
  2⤵
  PID:4396
- C:\Windows\System\aGaVSTq.exe
  C:\Windows\System\aGaVSTq.exe
  2⤵
  PID:4416
- C:\Windows\System\AeRtiwX.exe
  C:\Windows\System\AeRtiwX.exe
  2⤵
  PID:4436
- C:\Windows\System\AsQePyx.exe
  C:\Windows\System\AsQePyx.exe
  2⤵
  PID:4456
- C:\Windows\System\ldMDUci.exe
  C:\Windows\System\ldMDUci.exe
  2⤵
  PID:4476
- C:\Windows\System\AXgkZYa.exe
  C:\Windows\System\AXgkZYa.exe
  2⤵
  PID:4496
- C:\Windows\System\lNDWpdu.exe
  C:\Windows\System\lNDWpdu.exe
  2⤵
  PID:4512
- C:\Windows\System\myBwlkG.exe
  C:\Windows\System\myBwlkG.exe
  2⤵
  PID:4536
- C:\Windows\System\LYJXnbk.exe
  C:\Windows\System\LYJXnbk.exe
  2⤵
  PID:4556
- C:\Windows\System\ywuVzwy.exe
  C:\Windows\System\ywuVzwy.exe
  2⤵
  PID:4576
- C:\Windows\System\cuAfXUx.exe
  C:\Windows\System\cuAfXUx.exe
  2⤵
  PID:4596
- C:\Windows\System\yboaZNT.exe
  C:\Windows\System\yboaZNT.exe
  2⤵
  PID:4616
- C:\Windows\System\QaPqQKV.exe
  C:\Windows\System\QaPqQKV.exe
  2⤵
  PID:4636
- C:\Windows\System\xJbvBSB.exe
  C:\Windows\System\xJbvBSB.exe
  2⤵
  PID:4656
- C:\Windows\System\kcInpaR.exe
  C:\Windows\System\kcInpaR.exe
  2⤵
  PID:4676
- C:\Windows\System\SkQlmqA.exe
  C:\Windows\System\SkQlmqA.exe
  2⤵
  PID:4692
- C:\Windows\System\cWVQIJw.exe
  C:\Windows\System\cWVQIJw.exe
  2⤵
  PID:4712
- C:\Windows\System\hsMuqsk.exe
  C:\Windows\System\hsMuqsk.exe
  2⤵
  PID:4736
- C:\Windows\System\ONyYsUp.exe
  C:\Windows\System\ONyYsUp.exe
  2⤵
  PID:4760
- C:\Windows\System\rncHmjp.exe
  C:\Windows\System\rncHmjp.exe
  2⤵
  PID:4780
- C:\Windows\System\YJnJrCE.exe
  C:\Windows\System\YJnJrCE.exe
  2⤵
  PID:4796
- C:\Windows\System\KNPnUwg.exe
  C:\Windows\System\KNPnUwg.exe
  2⤵
  PID:4816
- C:\Windows\System\axHUncn.exe
  C:\Windows\System\axHUncn.exe
  2⤵
  PID:4836
- C:\Windows\System\fEMJKgo.exe
  C:\Windows\System\fEMJKgo.exe
  2⤵
  PID:4860
- C:\Windows\System\XrMIYaG.exe
  C:\Windows\System\XrMIYaG.exe
  2⤵
  PID:4880
- C:\Windows\System\MamRMKC.exe
  C:\Windows\System\MamRMKC.exe
  2⤵
  PID:4896
- C:\Windows\System\pFctVud.exe
  C:\Windows\System\pFctVud.exe
  2⤵
  PID:4916
- C:\Windows\System\MPqrrty.exe
  C:\Windows\System\MPqrrty.exe
  2⤵
  PID:4936
- C:\Windows\System\tcIqSek.exe
  C:\Windows\System\tcIqSek.exe
  2⤵
  PID:4952
- C:\Windows\System\qIMDSzR.exe
  C:\Windows\System\qIMDSzR.exe
  2⤵
  PID:4972
- C:\Windows\System\dxSNAqw.exe
  C:\Windows\System\dxSNAqw.exe
  2⤵
  PID:4996
- C:\Windows\System\hXmVdLn.exe
  C:\Windows\System\hXmVdLn.exe
  2⤵
  PID:5020
- C:\Windows\System\MailUUF.exe
  C:\Windows\System\MailUUF.exe
  2⤵
  PID:5040
- C:\Windows\System\mlQRusO.exe
  C:\Windows\System\mlQRusO.exe
  2⤵
  PID:5060
- C:\Windows\System\WHFggqo.exe
  C:\Windows\System\WHFggqo.exe
  2⤵
  PID:5080
- C:\Windows\System\fPEmGzq.exe
  C:\Windows\System\fPEmGzq.exe
  2⤵
  PID:5100
- C:\Windows\System\OymUgdF.exe
  C:\Windows\System\OymUgdF.exe
  2⤵
  PID:1972
- C:\Windows\System\ahqiPvj.exe
  C:\Windows\System\ahqiPvj.exe
  2⤵
  PID:3240
- C:\Windows\System\FQFnEsX.exe
  C:\Windows\System\FQFnEsX.exe
  2⤵
  PID:3420
- C:\Windows\System\HqlLVtz.exe
  C:\Windows\System\HqlLVtz.exe
  2⤵
  PID:3316
- C:\Windows\System\icOFdsk.exe
  C:\Windows\System\icOFdsk.exe
  2⤵
  PID:3512
- C:\Windows\System\tSngafO.exe
  C:\Windows\System\tSngafO.exe
  2⤵
  PID:3648
- C:\Windows\System\lTYwJTZ.exe
  C:\Windows\System\lTYwJTZ.exe
  2⤵
  PID:3884
- C:\Windows\System\JtqGPdo.exe
  C:\Windows\System\JtqGPdo.exe
  2⤵
  PID:3860
- C:\Windows\System\UIhWDXq.exe
  C:\Windows\System\UIhWDXq.exe
  2⤵
  PID:3728
- C:\Windows\System\Vyearkv.exe
  C:\Windows\System\Vyearkv.exe
  2⤵
  PID:1424
- C:\Windows\System\qOuCMxK.exe
  C:\Windows\System\qOuCMxK.exe
  2⤵
  PID:1452
- C:\Windows\System\pyIpYMD.exe
  C:\Windows\System\pyIpYMD.exe
  2⤵
  PID:2756
- C:\Windows\System\OiyarLn.exe
  C:\Windows\System\OiyarLn.exe
  2⤵
  PID:1964
- C:\Windows\System\NydrrqJ.exe
  C:\Windows\System\NydrrqJ.exe
  2⤵
  PID:2436
- C:\Windows\System\rMjDnQn.exe
  C:\Windows\System\rMjDnQn.exe
  2⤵
  PID:3272
- C:\Windows\System\nYDQkPf.exe
  C:\Windows\System\nYDQkPf.exe
  2⤵
  PID:4168
- C:\Windows\System\JbTgkFo.exe
  C:\Windows\System\JbTgkFo.exe
  2⤵
  PID:4180
- C:\Windows\System\HXTUvmH.exe
  C:\Windows\System\HXTUvmH.exe
  2⤵
  PID:4240
- C:\Windows\System\UzabQfx.exe
  C:\Windows\System\UzabQfx.exe
  2⤵
  PID:4288
- C:\Windows\System\eRdclKI.exe
  C:\Windows\System\eRdclKI.exe
  2⤵
  PID:4320
- C:\Windows\System\MbCJBvf.exe
  C:\Windows\System\MbCJBvf.exe
  2⤵
  PID:4324
- C:\Windows\System\BnAdjVr.exe
  C:\Windows\System\BnAdjVr.exe
  2⤵
  PID:4352
- C:\Windows\System\GTbGFvL.exe
  C:\Windows\System\GTbGFvL.exe
  2⤵
  PID:4412
- C:\Windows\System\TrsMlzi.exe
  C:\Windows\System\TrsMlzi.exe
  2⤵
  PID:4424
- C:\Windows\System\VttzWqz.exe
  C:\Windows\System\VttzWqz.exe
  2⤵
  PID:4432
- C:\Windows\System\iTmUpGO.exe
  C:\Windows\System\iTmUpGO.exe
  2⤵
  PID:4528
- C:\Windows\System\QghZhWO.exe
  C:\Windows\System\QghZhWO.exe
  2⤵
  PID:4468
- C:\Windows\System\OceCWgV.exe
  C:\Windows\System\OceCWgV.exe
  2⤵
  PID:4568
- C:\Windows\System\eyWHYpk.exe
  C:\Windows\System\eyWHYpk.exe
  2⤵
  PID:4612
- C:\Windows\System\nfowlui.exe
  C:\Windows\System\nfowlui.exe
  2⤵
  PID:4624
- C:\Windows\System\WnuXRrK.exe
  C:\Windows\System\WnuXRrK.exe
  2⤵
  PID:4648
- C:\Windows\System\AEQYDkE.exe
  C:\Windows\System\AEQYDkE.exe
  2⤵
  PID:4672
- C:\Windows\System\AtxODWI.exe
  C:\Windows\System\AtxODWI.exe
  2⤵
  PID:4776
- C:\Windows\System\jHyKapz.exe
  C:\Windows\System\jHyKapz.exe
  2⤵
  PID:4756
- C:\Windows\System\DYdJfVR.exe
  C:\Windows\System\DYdJfVR.exe
  2⤵
  PID:4808
- C:\Windows\System\XDWXmni.exe
  C:\Windows\System\XDWXmni.exe
  2⤵
  PID:4848
- C:\Windows\System\ZASWYGf.exe
  C:\Windows\System\ZASWYGf.exe
  2⤵
  PID:4852
- C:\Windows\System\ibXarTk.exe
  C:\Windows\System\ibXarTk.exe
  2⤵
  PID:4872
- C:\Windows\System\GOFPxaQ.exe
  C:\Windows\System\GOFPxaQ.exe
  2⤵
  PID:4960
- C:\Windows\System\JVWfeYX.exe
  C:\Windows\System\JVWfeYX.exe
  2⤵
  PID:5004
- C:\Windows\System\tpuMqsw.exe
  C:\Windows\System\tpuMqsw.exe
  2⤵
  PID:4992
- C:\Windows\System\sTNIMps.exe
  C:\Windows\System\sTNIMps.exe
  2⤵
  PID:5056
- C:\Windows\System\omxdqyQ.exe
  C:\Windows\System\omxdqyQ.exe
  2⤵
  PID:5052
- C:\Windows\System\CxTRSDe.exe
  C:\Windows\System\CxTRSDe.exe
  2⤵
  PID:5096
- C:\Windows\System\JDHlliO.exe
  C:\Windows\System\JDHlliO.exe
  2⤵
  PID:3192
- C:\Windows\System\IpJliVZ.exe
  C:\Windows\System\IpJliVZ.exe
  2⤵
  PID:3496
- C:\Windows\System\AFwrnWE.exe
  C:\Windows\System\AFwrnWE.exe
  2⤵
  PID:3340
- C:\Windows\System\hRzlWzR.exe
  C:\Windows\System\hRzlWzR.exe
  2⤵
  PID:3784
- C:\Windows\System\ZFGHqku.exe
  C:\Windows\System\ZFGHqku.exe
  2⤵
  PID:3808
- C:\Windows\System\Jitwstn.exe
  C:\Windows\System\Jitwstn.exe
  2⤵
  PID:4036
- C:\Windows\System\teGeMyq.exe
  C:\Windows\System\teGeMyq.exe
  2⤵
  PID:1996
- C:\Windows\System\nlElgYN.exe
  C:\Windows\System\nlElgYN.exe
  2⤵
  PID:4104
- C:\Windows\System\yMvKVXd.exe
  C:\Windows\System\yMvKVXd.exe
  2⤵
  PID:3016
- C:\Windows\System\zuXXVHr.exe
  C:\Windows\System\zuXXVHr.exe
  2⤵
  PID:2760
- C:\Windows\System\XixOFdj.exe
  C:\Windows\System\XixOFdj.exe
  2⤵
  PID:4136
- C:\Windows\System\NulVzap.exe
  C:\Windows\System\NulVzap.exe
  2⤵
  PID:4224
- C:\Windows\System\NYCocIg.exe
  C:\Windows\System\NYCocIg.exe
  2⤵
  PID:4392
- C:\Windows\System\Xbrtdfo.exe
  C:\Windows\System\Xbrtdfo.exe
  2⤵
  PID:4520
- C:\Windows\System\BnwHgil.exe
  C:\Windows\System\BnwHgil.exe
  2⤵
  PID:4572
- C:\Windows\System\zkPMOcB.exe
  C:\Windows\System\zkPMOcB.exe
  2⤵
  PID:4592
- C:\Windows\System\rduXBjI.exe
  C:\Windows\System\rduXBjI.exe
  2⤵
  PID:4552
- C:\Windows\System\RESxVgn.exe
  C:\Windows\System\RESxVgn.exe
  2⤵
  PID:4604
- C:\Windows\System\bjYnHtY.exe
  C:\Windows\System\bjYnHtY.exe
  2⤵
  PID:4632
- C:\Windows\System\hwDbyvM.exe
  C:\Windows\System\hwDbyvM.exe
  2⤵
  PID:4704
- C:\Windows\System\LCoiBVS.exe
  C:\Windows\System\LCoiBVS.exe
  2⤵
  PID:4844
- C:\Windows\System\cXrYPro.exe
  C:\Windows\System\cXrYPro.exe
  2⤵
  PID:4912
- C:\Windows\System\XDDzjxo.exe
  C:\Windows\System\XDDzjxo.exe
  2⤵
  PID:4964
- C:\Windows\System\POqUtcc.exe
  C:\Windows\System\POqUtcc.exe
  2⤵
  PID:4932
- C:\Windows\System\IvvenoR.exe
  C:\Windows\System\IvvenoR.exe
  2⤵
  PID:5016
- C:\Windows\System\dyyYkkL.exe
  C:\Windows\System\dyyYkkL.exe
  2⤵
  PID:3476
- C:\Windows\System\cMfrobP.exe
  C:\Windows\System\cMfrobP.exe
  2⤵
  PID:3520
- C:\Windows\System\oHkmhqO.exe
  C:\Windows\System\oHkmhqO.exe
  2⤵
  PID:3576
- C:\Windows\System\AmsSVBG.exe
  C:\Windows\System\AmsSVBG.exe
  2⤵
  PID:328
- C:\Windows\System\AkYqsfn.exe
  C:\Windows\System\AkYqsfn.exe
  2⤵
  PID:3948
- C:\Windows\System\cnKlong.exe
  C:\Windows\System\cnKlong.exe
  2⤵
  PID:5136
- C:\Windows\System\uwFFWWL.exe
  C:\Windows\System\uwFFWWL.exe
  2⤵
  PID:5152
- C:\Windows\System\RcaQOeF.exe
  C:\Windows\System\RcaQOeF.exe
  2⤵
  PID:5176
- C:\Windows\System\zKiHrqD.exe
  C:\Windows\System\zKiHrqD.exe
  2⤵
  PID:5200
- C:\Windows\System\ZbswSuf.exe
  C:\Windows\System\ZbswSuf.exe
  2⤵
  PID:5220
- C:\Windows\System\QfYTohK.exe
  C:\Windows\System\QfYTohK.exe
  2⤵
  PID:5236
- C:\Windows\System\bzLdFpd.exe
  C:\Windows\System\bzLdFpd.exe
  2⤵
  PID:5260
- C:\Windows\System\cddZGGv.exe
  C:\Windows\System\cddZGGv.exe
  2⤵
  PID:5280
- C:\Windows\System\LklEXKJ.exe
  C:\Windows\System\LklEXKJ.exe
  2⤵
  PID:5300
- C:\Windows\System\phUEbbu.exe
  C:\Windows\System\phUEbbu.exe
  2⤵
  PID:5316
- C:\Windows\System\XjhRilz.exe
  C:\Windows\System\XjhRilz.exe
  2⤵
  PID:5336
- C:\Windows\System\doTKDYy.exe
  C:\Windows\System\doTKDYy.exe
  2⤵
  PID:5356
- C:\Windows\System\VRhdmgw.exe
  C:\Windows\System\VRhdmgw.exe
  2⤵
  PID:5376
- C:\Windows\System\bmvgbCT.exe
  C:\Windows\System\bmvgbCT.exe
  2⤵
  PID:5400
- C:\Windows\System\IImGxVL.exe
  C:\Windows\System\IImGxVL.exe
  2⤵
  PID:5420
- C:\Windows\System\rOyrtzS.exe
  C:\Windows\System\rOyrtzS.exe
  2⤵
  PID:5440
- C:\Windows\System\mUBnslP.exe
  C:\Windows\System\mUBnslP.exe
  2⤵
  PID:5456
- C:\Windows\System\MWYvdSV.exe
  C:\Windows\System\MWYvdSV.exe
  2⤵
  PID:5480
- C:\Windows\System\PjFuAXC.exe
  C:\Windows\System\PjFuAXC.exe
  2⤵
  PID:5500
- C:\Windows\System\NxxJRmn.exe
  C:\Windows\System\NxxJRmn.exe
  2⤵
  PID:5520
- C:\Windows\System\GKNrhWn.exe
  C:\Windows\System\GKNrhWn.exe
  2⤵
  PID:5536
- C:\Windows\System\tvdtxbS.exe
  C:\Windows\System\tvdtxbS.exe
  2⤵
  PID:5560
- C:\Windows\System\WuNcmof.exe
  C:\Windows\System\WuNcmof.exe
  2⤵
  PID:5580
- C:\Windows\System\LzGYWwD.exe
  C:\Windows\System\LzGYWwD.exe
  2⤵
  PID:5604
- C:\Windows\System\SQrjfHQ.exe
  C:\Windows\System\SQrjfHQ.exe
  2⤵
  PID:5624
- C:\Windows\System\vGlxfLv.exe
  C:\Windows\System\vGlxfLv.exe
  2⤵
  PID:5644
- C:\Windows\System\PvhpkXN.exe
  C:\Windows\System\PvhpkXN.exe
  2⤵
  PID:5664
- C:\Windows\System\TEomyKs.exe
  C:\Windows\System\TEomyKs.exe
  2⤵
  PID:5688
- C:\Windows\System\aYZlXzV.exe
  C:\Windows\System\aYZlXzV.exe
  2⤵
  PID:5704
- C:\Windows\System\RjdtYWB.exe
  C:\Windows\System\RjdtYWB.exe
  2⤵
  PID:5724
- C:\Windows\System\ISHxblg.exe
  C:\Windows\System\ISHxblg.exe
  2⤵
  PID:5748
- C:\Windows\System\kNreSqe.exe
  C:\Windows\System\kNreSqe.exe
  2⤵
  PID:5768
- C:\Windows\System\MkUtRap.exe
  C:\Windows\System\MkUtRap.exe
  2⤵
  PID:5784
- C:\Windows\System\wAiUfXd.exe
  C:\Windows\System\wAiUfXd.exe
  2⤵
  PID:5808
- C:\Windows\System\iHyDHMc.exe
  C:\Windows\System\iHyDHMc.exe
  2⤵
  PID:5828
- C:\Windows\System\lcGSitk.exe
  C:\Windows\System\lcGSitk.exe
  2⤵
  PID:5848
- C:\Windows\System\NKQReDA.exe
  C:\Windows\System\NKQReDA.exe
  2⤵
  PID:5868
- C:\Windows\System\YuycVNU.exe
  C:\Windows\System\YuycVNU.exe
  2⤵
  PID:5884
- C:\Windows\System\QJoHlmF.exe
  C:\Windows\System\QJoHlmF.exe
  2⤵
  PID:5904
- C:\Windows\System\tJhyTQu.exe
  C:\Windows\System\tJhyTQu.exe
  2⤵
  PID:5920
- C:\Windows\System\RmdNgis.exe
  C:\Windows\System\RmdNgis.exe
  2⤵
  PID:5944
- C:\Windows\System\lUyLaJE.exe
  C:\Windows\System\lUyLaJE.exe
  2⤵
  PID:5964
- C:\Windows\System\qMeCIJm.exe
  C:\Windows\System\qMeCIJm.exe
  2⤵
  PID:5984
- C:\Windows\System\UNILroh.exe
  C:\Windows\System\UNILroh.exe
  2⤵
  PID:6008
- C:\Windows\System\ehNtNsy.exe
  C:\Windows\System\ehNtNsy.exe
  2⤵
  PID:6028
- C:\Windows\System\GFFmlhI.exe
  C:\Windows\System\GFFmlhI.exe
  2⤵
  PID:6048
- C:\Windows\System\jdCJjnF.exe
  C:\Windows\System\jdCJjnF.exe
  2⤵
  PID:6068
- C:\Windows\System\wmLvqVK.exe
  C:\Windows\System\wmLvqVK.exe
  2⤵
  PID:6088
- C:\Windows\System\BZPFRfO.exe
  C:\Windows\System\BZPFRfO.exe
  2⤵
  PID:6108
- C:\Windows\System\GaDVucl.exe
  C:\Windows\System\GaDVucl.exe
  2⤵
  PID:6132
- C:\Windows\System\eMvGwHO.exe
  C:\Windows\System\eMvGwHO.exe
  2⤵
  PID:4200
- C:\Windows\System\zpjIMPg.exe
  C:\Windows\System\zpjIMPg.exe
  2⤵
  PID:2916
- C:\Windows\System\mNfBHrx.exe
  C:\Windows\System\mNfBHrx.exe
  2⤵
  PID:4260
- C:\Windows\System\sSvxLpq.exe
  C:\Windows\System\sSvxLpq.exe
  2⤵
  PID:4388
- C:\Windows\System\ZtaUaJf.exe
  C:\Windows\System\ZtaUaJf.exe
  2⤵
  PID:4384
- C:\Windows\System\ZVlTSsD.exe
  C:\Windows\System\ZVlTSsD.exe
  2⤵
  PID:4464
- C:\Windows\System\OKWMosY.exe
  C:\Windows\System\OKWMosY.exe
  2⤵
  PID:4448
- C:\Windows\System\aTZcOXl.exe
  C:\Windows\System\aTZcOXl.exe
  2⤵
  PID:4748
- C:\Windows\System\biWnHmc.exe
  C:\Windows\System\biWnHmc.exe
  2⤵
  PID:4724
- C:\Windows\System\skUAaNF.exe
  C:\Windows\System\skUAaNF.exe
  2⤵
  PID:4788
- C:\Windows\System\VGklkqO.exe
  C:\Windows\System\VGklkqO.exe
  2⤵
  PID:2640
- C:\Windows\System\YFXxgwS.exe
  C:\Windows\System\YFXxgwS.exe
  2⤵
  PID:3260
- C:\Windows\System\mRhcqqK.exe
  C:\Windows\System\mRhcqqK.exe
  2⤵
  PID:3360
- C:\Windows\System\ghbODNP.exe
  C:\Windows\System\ghbODNP.exe
  2⤵
  PID:3692
- C:\Windows\System\yqDoWXR.exe
  C:\Windows\System\yqDoWXR.exe
  2⤵
  PID:5144
- C:\Windows\System\ZYBexoB.exe
  C:\Windows\System\ZYBexoB.exe
  2⤵
  PID:5192
- C:\Windows\System\HvXmQUa.exe
  C:\Windows\System\HvXmQUa.exe
  2⤵
  PID:5172
- C:\Windows\System\nzJJzGm.exe
  C:\Windows\System\nzJJzGm.exe
  2⤵
  PID:5216
- C:\Windows\System\cLYbZPr.exe
  C:\Windows\System\cLYbZPr.exe
  2⤵
  PID:5252
- C:\Windows\System\hqOmiOR.exe
  C:\Windows\System\hqOmiOR.exe
  2⤵
  PID:5344
- C:\Windows\System\wBnxOUL.exe
  C:\Windows\System\wBnxOUL.exe
  2⤵
  PID:5396
- C:\Windows\System\ezTnLwR.exe
  C:\Windows\System\ezTnLwR.exe
  2⤵
  PID:5496
- C:\Windows\System\SMelYWZ.exe
  C:\Windows\System\SMelYWZ.exe
  2⤵
  PID:5572
- C:\Windows\System\PriEZbZ.exe
  C:\Windows\System\PriEZbZ.exe
  2⤵
  PID:5632
- C:\Windows\System\CnmfuQW.exe
  C:\Windows\System\CnmfuQW.exe
  2⤵
  PID:5652
- C:\Windows\System\nDFymiO.exe
  C:\Windows\System\nDFymiO.exe
  2⤵
  PID:5684
- C:\Windows\System\yJTUMlN.exe
  C:\Windows\System\yJTUMlN.exe
  2⤵
  PID:5756
- C:\Windows\System\UEPsuZf.exe
  C:\Windows\System\UEPsuZf.exe
  2⤵
  PID:5792
- C:\Windows\System\FYmwgnJ.exe
  C:\Windows\System\FYmwgnJ.exe
  2⤵
  PID:5836
- C:\Windows\System\QImADVa.exe
  C:\Windows\System\QImADVa.exe
  2⤵
  PID:5840
- C:\Windows\System\wIPqddy.exe
  C:\Windows\System\wIPqddy.exe
  2⤵
  PID:5860
- C:\Windows\System\NFGUrgD.exe
  C:\Windows\System\NFGUrgD.exe
  2⤵
  PID:5952
- C:\Windows\System\QXIpaPE.exe
  C:\Windows\System\QXIpaPE.exe
  2⤵
  PID:5940
- C:\Windows\System\aQShYFq.exe
  C:\Windows\System\aQShYFq.exe
  2⤵
  PID:6004
- C:\Windows\System\ADAWCIQ.exe
  C:\Windows\System\ADAWCIQ.exe
  2⤵
  PID:6044
- C:\Windows\System\GzToijM.exe
  C:\Windows\System\GzToijM.exe
  2⤵
  PID:6040
- C:\Windows\System\OpANZRr.exe
  C:\Windows\System\OpANZRr.exe
  2⤵
  PID:6116
- C:\Windows\System\uuHocwe.exe
  C:\Windows\System\uuHocwe.exe
  2⤵
  PID:6104
- C:\Windows\System\gnvfRfZ.exe
  C:\Windows\System\gnvfRfZ.exe
  2⤵
  PID:6140
- C:\Windows\System\RyYyPCW.exe
  C:\Windows\System\RyYyPCW.exe
  2⤵
  PID:2872
- C:\Windows\System\KKAgpRS.exe
  C:\Windows\System\KKAgpRS.exe
  2⤵
  PID:4264
- C:\Windows\System\DHDpeYI.exe
  C:\Windows\System\DHDpeYI.exe
  2⤵
  PID:5308
- C:\Windows\System\hvEyVoK.exe
  C:\Windows\System\hvEyVoK.exe
  2⤵
  PID:5468
- C:\Windows\System\OIgnFlD.exe
  C:\Windows\System\OIgnFlD.exe
  2⤵
  PID:5548
- C:\Windows\System\ZMIFpLp.exe
  C:\Windows\System\ZMIFpLp.exe
  2⤵
  PID:5292
- C:\Windows\System\UWfVOQj.exe
  C:\Windows\System\UWfVOQj.exe
  2⤵
  PID:5408
- C:\Windows\System\FOHsTNC.exe
  C:\Windows\System\FOHsTNC.exe
  2⤵
  PID:5488
- C:\Windows\System\wRHMDHu.exe
  C:\Windows\System\wRHMDHu.exe
  2⤵
  PID:4368
- C:\Windows\System\ODaCcQM.exe
  C:\Windows\System\ODaCcQM.exe
  2⤵
  PID:4728
- C:\Windows\System\gIRCTNb.exe
  C:\Windows\System\gIRCTNb.exe
  2⤵
  PID:4652
- C:\Windows\System\ztLuNQl.exe
  C:\Windows\System\ztLuNQl.exe
  2⤵
  PID:2816
- C:\Windows\System\zzToesS.exe
  C:\Windows\System\zzToesS.exe
  2⤵
  PID:4828
- C:\Windows\System\aQxTcAi.exe
  C:\Windows\System\aQxTcAi.exe
  2⤵
  PID:5184
- C:\Windows\System\QRSQTxw.exe
  C:\Windows\System\QRSQTxw.exe
  2⤵
  PID:4020
- C:\Windows\System\cWalKzx.exe
  C:\Windows\System\cWalKzx.exe
  2⤵
  PID:5232
- C:\Windows\System\ihEvQZv.exe
  C:\Windows\System\ihEvQZv.exe
  2⤵
  PID:5256
- C:\Windows\System\ZUfaZZv.exe
  C:\Windows\System\ZUfaZZv.exe
  2⤵
  PID:5352
- C:\Windows\System\LxHmZkM.exe
  C:\Windows\System\LxHmZkM.exe
  2⤵
  PID:5612
- C:\Windows\System\YJQetvC.exe
  C:\Windows\System\YJQetvC.exe
  2⤵
  PID:5600
- C:\Windows\System\HXOZJiZ.exe
  C:\Windows\System\HXOZJiZ.exe
  2⤵
  PID:5720
- C:\Windows\System\KISkaRP.exe
  C:\Windows\System\KISkaRP.exe
  2⤵
  PID:5744
- C:\Windows\System\BUcOFQv.exe
  C:\Windows\System\BUcOFQv.exe
  2⤵
  PID:5816
- C:\Windows\System\aaigpal.exe
  C:\Windows\System\aaigpal.exe
  2⤵
  PID:5892
- C:\Windows\System\cLWQHXh.exe
  C:\Windows\System\cLWQHXh.exe
  2⤵
  PID:5880
- C:\Windows\System\YWtGOig.exe
  C:\Windows\System\YWtGOig.exe
  2⤵
  PID:5972
- C:\Windows\System\WbbpoGv.exe
  C:\Windows\System\WbbpoGv.exe
  2⤵
  PID:6120
- C:\Windows\System\fUWtYJw.exe
  C:\Windows\System\fUWtYJw.exe
  2⤵
  PID:5976
- C:\Windows\System\DmwwGFv.exe
  C:\Windows\System\DmwwGFv.exe
  2⤵
  PID:6076
- C:\Windows\System\GVXfnsq.exe
  C:\Windows\System\GVXfnsq.exe
  2⤵
  PID:4280
- C:\Windows\System\GXUqnja.exe
  C:\Windows\System\GXUqnja.exe
  2⤵
  PID:4300
- C:\Windows\System\AhWODdb.exe
  C:\Windows\System\AhWODdb.exe
  2⤵
  PID:5464
- C:\Windows\System\LSfqXCQ.exe
  C:\Windows\System\LSfqXCQ.exe
  2⤵
  PID:5324
- C:\Windows\System\pZvNNRL.exe
  C:\Windows\System\pZvNNRL.exe
  2⤵
  PID:4508
- C:\Windows\System\sbBurBN.exe
  C:\Windows\System\sbBurBN.exe
  2⤵
  PID:4804
- C:\Windows\System\ZiZFElW.exe
  C:\Windows\System\ZiZFElW.exe
  2⤵
  PID:4708
- C:\Windows\System\pWgaSkx.exe
  C:\Windows\System\pWgaSkx.exe
  2⤵
  PID:6148
- C:\Windows\System\yzuhQbn.exe
  C:\Windows\System\yzuhQbn.exe
  2⤵
  PID:6164
- C:\Windows\System\BTPDITG.exe
  C:\Windows\System\BTPDITG.exe
  2⤵
  PID:6188
- C:\Windows\System\sqJcCBy.exe
  C:\Windows\System\sqJcCBy.exe
  2⤵
  PID:6208
- C:\Windows\System\KKYKjaI.exe
  C:\Windows\System\KKYKjaI.exe
  2⤵
  PID:6228
- C:\Windows\System\aBWxEqy.exe
  C:\Windows\System\aBWxEqy.exe
  2⤵
  PID:6248
- C:\Windows\System\JqYGwmu.exe
  C:\Windows\System\JqYGwmu.exe
  2⤵
  PID:6268
- C:\Windows\System\KJWBIQV.exe
  C:\Windows\System\KJWBIQV.exe
  2⤵
  PID:6288
- C:\Windows\System\eFZuqUO.exe
  C:\Windows\System\eFZuqUO.exe
  2⤵
  PID:6308
- C:\Windows\System\KQeIHAq.exe
  C:\Windows\System\KQeIHAq.exe
  2⤵
  PID:6328
- C:\Windows\System\vIXKanf.exe
  C:\Windows\System\vIXKanf.exe
  2⤵
  PID:6348
- C:\Windows\System\qUPnPcM.exe
  C:\Windows\System\qUPnPcM.exe
  2⤵
  PID:6368
- C:\Windows\System\yiQRDGK.exe
  C:\Windows\System\yiQRDGK.exe
  2⤵
  PID:6388
- C:\Windows\System\qrTdEdB.exe
  C:\Windows\System\qrTdEdB.exe
  2⤵
  PID:6408
- C:\Windows\System\noOVmkw.exe
  C:\Windows\System\noOVmkw.exe
  2⤵
  PID:6432
- C:\Windows\System\daHseCM.exe
  C:\Windows\System\daHseCM.exe
  2⤵
  PID:6448
- C:\Windows\System\iqdhfLe.exe
  C:\Windows\System\iqdhfLe.exe
  2⤵
  PID:6472
- C:\Windows\System\sBKkSRU.exe
  C:\Windows\System\sBKkSRU.exe
  2⤵
  PID:6492
- C:\Windows\System\FefdQuI.exe
  C:\Windows\System\FefdQuI.exe
  2⤵
  PID:6512
- C:\Windows\System\WfphMDl.exe
  C:\Windows\System\WfphMDl.exe
  2⤵
  PID:6528
- C:\Windows\System\wmvjeBj.exe
  C:\Windows\System\wmvjeBj.exe
  2⤵
  PID:6552
- C:\Windows\System\UTxFjIR.exe
  C:\Windows\System\UTxFjIR.exe
  2⤵
  PID:6572
- C:\Windows\System\kSlwEkx.exe
  C:\Windows\System\kSlwEkx.exe
  2⤵
  PID:6592
- C:\Windows\System\EVBHWyT.exe
  C:\Windows\System\EVBHWyT.exe
  2⤵
  PID:6612
- C:\Windows\System\bFDTYiI.exe
  C:\Windows\System\bFDTYiI.exe
  2⤵
  PID:6632
- C:\Windows\System\MefYcuo.exe
  C:\Windows\System\MefYcuo.exe
  2⤵
  PID:6652
- C:\Windows\System\VyFDkNk.exe
  C:\Windows\System\VyFDkNk.exe
  2⤵
  PID:6672
- C:\Windows\System\XhEzWoS.exe
  C:\Windows\System\XhEzWoS.exe
  2⤵
  PID:6692
- C:\Windows\System\xEyGctZ.exe
  C:\Windows\System\xEyGctZ.exe
  2⤵
  PID:6712
- C:\Windows\System\QERNoRm.exe
  C:\Windows\System\QERNoRm.exe
  2⤵
  PID:6732
- C:\Windows\System\pHGaWSq.exe
  C:\Windows\System\pHGaWSq.exe
  2⤵
  PID:6752
- C:\Windows\System\JrCyXRN.exe
  C:\Windows\System\JrCyXRN.exe
  2⤵
  PID:6768
- C:\Windows\System\CxFKcWo.exe
  C:\Windows\System\CxFKcWo.exe
  2⤵
  PID:6792
- C:\Windows\System\JddnvzD.exe
  C:\Windows\System\JddnvzD.exe
  2⤵
  PID:6812
- C:\Windows\System\lbrkYbU.exe
  C:\Windows\System\lbrkYbU.exe
  2⤵
  PID:6828
- C:\Windows\System\tnUlept.exe
  C:\Windows\System\tnUlept.exe
  2⤵
  PID:6852
- C:\Windows\System\XzUMEKb.exe
  C:\Windows\System\XzUMEKb.exe
  2⤵
  PID:6872
- C:\Windows\System\rLLpPyY.exe
  C:\Windows\System\rLLpPyY.exe
  2⤵
  PID:6892
- C:\Windows\System\ZxDIndI.exe
  C:\Windows\System\ZxDIndI.exe
  2⤵
  PID:6912
- C:\Windows\System\cKydlxX.exe
  C:\Windows\System\cKydlxX.exe
  2⤵
  PID:6928
- C:\Windows\System\SMBQplf.exe
  C:\Windows\System\SMBQplf.exe
  2⤵
  PID:6952
- C:\Windows\System\dIxAXhD.exe
  C:\Windows\System\dIxAXhD.exe
  2⤵
  PID:6968
- C:\Windows\System\HcpUJHF.exe
  C:\Windows\System\HcpUJHF.exe
  2⤵
  PID:6996
- C:\Windows\System\MZNVaZO.exe
  C:\Windows\System\MZNVaZO.exe
  2⤵
  PID:7016
- C:\Windows\System\krpWSgc.exe
  C:\Windows\System\krpWSgc.exe
  2⤵
  PID:7032
- C:\Windows\System\hIxeUjP.exe
  C:\Windows\System\hIxeUjP.exe
  2⤵
  PID:7052
- C:\Windows\System\syicbsw.exe
  C:\Windows\System\syicbsw.exe
  2⤵
  PID:7076
- C:\Windows\System\FTCmxef.exe
  C:\Windows\System\FTCmxef.exe
  2⤵
  PID:7096
- C:\Windows\System\UVkcokm.exe
  C:\Windows\System\UVkcokm.exe
  2⤵
  PID:7116
- C:\Windows\System\EMleZLz.exe
  C:\Windows\System\EMleZLz.exe
  2⤵
  PID:7132
- C:\Windows\System\XyeVbRb.exe
  C:\Windows\System\XyeVbRb.exe
  2⤵
  PID:7156
- C:\Windows\System\ebXoPvs.exe
  C:\Windows\System\ebXoPvs.exe
  2⤵
  PID:3764
- C:\Windows\System\kMcnMPP.exe
  C:\Windows\System\kMcnMPP.exe
  2⤵
  PID:5008
- C:\Windows\System\zzEyFmI.exe
  C:\Windows\System\zzEyFmI.exe
  2⤵
  PID:5228
- C:\Windows\System\wfqFAVz.exe
  C:\Windows\System\wfqFAVz.exe
  2⤵
  PID:5272
- C:\Windows\System\ydzAEnn.exe
  C:\Windows\System\ydzAEnn.exe
  2⤵
  PID:5656
- C:\Windows\System\qnesbev.exe
  C:\Windows\System\qnesbev.exe
  2⤵
  PID:5776
- C:\Windows\System\peLOwfl.exe
  C:\Windows\System\peLOwfl.exe
  2⤵
  PID:5900
- C:\Windows\System\wYVbmrg.exe
  C:\Windows\System\wYVbmrg.exe
  2⤵
  PID:5928
- C:\Windows\System\LHghFDd.exe
  C:\Windows\System\LHghFDd.exe
  2⤵
  PID:5980
- C:\Windows\System\OvFfExQ.exe
  C:\Windows\System\OvFfExQ.exe
  2⤵
  PID:6060
- C:\Windows\System\UQEIues.exe
  C:\Windows\System\UQEIues.exe
  2⤵
  PID:3836
- C:\Windows\System\DMNqJcR.exe
  C:\Windows\System\DMNqJcR.exe
  2⤵
  PID:5512
- C:\Windows\System\qjBEAvA.exe
  C:\Windows\System\qjBEAvA.exe
  2⤵
  PID:5364
- C:\Windows\System\lCdLieY.exe
  C:\Windows\System\lCdLieY.exe
  2⤵
  PID:5528
- C:\Windows\System\pGJYCAy.exe
  C:\Windows\System\pGJYCAy.exe
  2⤵
  PID:4548
- C:\Windows\System\ZTIMLEw.exe
  C:\Windows\System\ZTIMLEw.exe
  2⤵
  PID:6180
- C:\Windows\System\LVktJAF.exe
  C:\Windows\System\LVktJAF.exe
  2⤵
  PID:6216
- C:\Windows\System\OJCxung.exe
  C:\Windows\System\OJCxung.exe
  2⤵
  PID:6204
- C:\Windows\System\ZCuFqbq.exe
  C:\Windows\System\ZCuFqbq.exe
  2⤵
  PID:6240
- C:\Windows\System\BaWWtew.exe
  C:\Windows\System\BaWWtew.exe
  2⤵
  PID:6300
- C:\Windows\System\tIoNbsQ.exe
  C:\Windows\System\tIoNbsQ.exe
  2⤵
  PID:6344
- C:\Windows\System\vAhvQXT.exe
  C:\Windows\System\vAhvQXT.exe
  2⤵
  PID:6324
- C:\Windows\System\HJTFgyS.exe
  C:\Windows\System\HJTFgyS.exe
  2⤵
  PID:6360
- C:\Windows\System\xdkdsUr.exe
  C:\Windows\System\xdkdsUr.exe
  2⤵
  PID:6396
- C:\Windows\System\iDeWEvm.exe
  C:\Windows\System\iDeWEvm.exe
  2⤵
  PID:6468
- C:\Windows\System\DfsWNuj.exe
  C:\Windows\System\DfsWNuj.exe
  2⤵
  PID:6480
- C:\Windows\System\uKigkTq.exe
  C:\Windows\System\uKigkTq.exe
  2⤵
  PID:6536
- C:\Windows\System\KLuWKKT.exe
  C:\Windows\System\KLuWKKT.exe
  2⤵
  PID:1816
- C:\Windows\System\ydroMij.exe
  C:\Windows\System\ydroMij.exe
  2⤵
  PID:2804
- C:\Windows\System\nLwyLWZ.exe
  C:\Windows\System\nLwyLWZ.exe
  2⤵
  PID:6564
- C:\Windows\System\FNgYZWY.exe
  C:\Windows\System\FNgYZWY.exe
  2⤵
  PID:6608
- C:\Windows\System\CoGWOsG.exe
  C:\Windows\System\CoGWOsG.exe
  2⤵
  PID:6648
- C:\Windows\System\BONtdiU.exe
  C:\Windows\System\BONtdiU.exe
  2⤵
  PID:6688
- C:\Windows\System\dFLMFjr.exe
  C:\Windows\System\dFLMFjr.exe
  2⤵
  PID:1688
- C:\Windows\System\JLPqhrd.exe
  C:\Windows\System\JLPqhrd.exe
  2⤵
  PID:6724
- C:\Windows\System\FJkRDGq.exe
  C:\Windows\System\FJkRDGq.exe
  2⤵
  PID:6764
- C:\Windows\System\CxqDSAn.exe
  C:\Windows\System\CxqDSAn.exe
  2⤵
  PID:6824
- C:\Windows\System\gkoKweP.exe
  C:\Windows\System\gkoKweP.exe
  2⤵
  PID:5824
- C:\Windows\System\QQcibPG.exe
  C:\Windows\System\QQcibPG.exe
  2⤵
  PID:6848
- C:\Windows\System\txsYGVu.exe
  C:\Windows\System\txsYGVu.exe
  2⤵
  PID:6904
- C:\Windows\System\irqbsjR.exe
  C:\Windows\System\irqbsjR.exe
  2⤵
  PID:6940
- C:\Windows\System\rjfcJXS.exe
  C:\Windows\System\rjfcJXS.exe
  2⤵
  PID:6924
- C:\Windows\System\vLviCLp.exe
  C:\Windows\System\vLviCLp.exe
  2⤵
  PID:7024
- C:\Windows\System\MREmWgl.exe
  C:\Windows\System\MREmWgl.exe
  2⤵
  PID:7004
- C:\Windows\System\IOUERdh.exe
  C:\Windows\System\IOUERdh.exe
  2⤵
  PID:7044
- C:\Windows\System\aiHOVFU.exe
  C:\Windows\System\aiHOVFU.exe
  2⤵
  PID:7092
- C:\Windows\System\SyEkdEG.exe
  C:\Windows\System\SyEkdEG.exe
  2⤵
  PID:7144
- C:\Windows\System\ZjhcgNL.exe
  C:\Windows\System\ZjhcgNL.exe
  2⤵
  PID:5132
- C:\Windows\System\uAOKcvA.exe
  C:\Windows\System\uAOKcvA.exe
  2⤵
  PID:5428
- C:\Windows\System\DLMaFVG.exe
  C:\Windows\System\DLMaFVG.exe
  2⤵
  PID:5164
- C:\Windows\System\QDBhIZz.exe
  C:\Windows\System\QDBhIZz.exe
  2⤵
  PID:5568
- C:\Windows\System\VtdFsgu.exe
  C:\Windows\System\VtdFsgu.exe
  2⤵
  PID:5712
- C:\Windows\System\TYLGYqy.exe
  C:\Windows\System\TYLGYqy.exe
  2⤵
  PID:5992
- C:\Windows\System\xoPNSPL.exe
  C:\Windows\System\xoPNSPL.exe
  2⤵
  PID:5516
- C:\Windows\System\nSAtyxi.exe
  C:\Windows\System\nSAtyxi.exe
  2⤵
  PID:5288
- C:\Windows\System\LzIHSXx.exe
  C:\Windows\System\LzIHSXx.exe
  2⤵
  PID:6184
- C:\Windows\System\sokKQOh.exe
  C:\Windows\System\sokKQOh.exe
  2⤵
  PID:5028
- C:\Windows\System\tHxgozC.exe
  C:\Windows\System\tHxgozC.exe
  2⤵
  PID:2612
- C:\Windows\System\ZrYfpWG.exe
  C:\Windows\System\ZrYfpWG.exe
  2⤵
  PID:6244
- C:\Windows\System\AODVdbV.exe
  C:\Windows\System\AODVdbV.exe
  2⤵
  PID:6284
- C:\Windows\System\PnDFNkJ.exe
  C:\Windows\System\PnDFNkJ.exe
  2⤵
  PID:6416
- C:\Windows\System\uybHQwK.exe
  C:\Windows\System\uybHQwK.exe
  2⤵
  PID:6460
- C:\Windows\System\lvzOEAX.exe
  C:\Windows\System\lvzOEAX.exe
  2⤵
  PID:6456
- C:\Windows\System\MDFdaEy.exe
  C:\Windows\System\MDFdaEy.exe
  2⤵
  PID:6504
- C:\Windows\System\johsLht.exe
  C:\Windows\System\johsLht.exe
  2⤵
  PID:6588
- C:\Windows\System\CcyHVJC.exe
  C:\Windows\System\CcyHVJC.exe
  2⤵
  PID:6660
- C:\Windows\System\qRNzrrE.exe
  C:\Windows\System\qRNzrrE.exe
  2⤵
  PID:6600
- C:\Windows\System\AVsQDDY.exe
  C:\Windows\System\AVsQDDY.exe
  2⤵
  PID:6744
- C:\Windows\System\zIHVoko.exe
  C:\Windows\System\zIHVoko.exe
  2⤵
  PID:6684
- C:\Windows\System\pTlMLZu.exe
  C:\Windows\System\pTlMLZu.exe
  2⤵
  PID:6800
- C:\Windows\System\KtuLdKq.exe
  C:\Windows\System\KtuLdKq.exe
  2⤵
  PID:6908
- C:\Windows\System\tEmfTmF.exe
  C:\Windows\System\tEmfTmF.exe
  2⤵
  PID:6884
- C:\Windows\System\OhiXYuD.exe
  C:\Windows\System\OhiXYuD.exe
  2⤵
  PID:6936
- C:\Windows\System\rBiqtTR.exe
  C:\Windows\System\rBiqtTR.exe
  2⤵
  PID:7008
- C:\Windows\System\veCHVJJ.exe
  C:\Windows\System\veCHVJJ.exe
  2⤵
  PID:7068
- C:\Windows\System\wbBRvsG.exe
  C:\Windows\System\wbBRvsG.exe
  2⤵
  PID:3712
- C:\Windows\System\KjYNcte.exe
  C:\Windows\System\KjYNcte.exe
  2⤵
  PID:5276
- C:\Windows\System\xPclIFi.exe
  C:\Windows\System\xPclIFi.exe
  2⤵
  PID:5800
- C:\Windows\System\WiMWscu.exe
  C:\Windows\System\WiMWscu.exe
  2⤵
  PID:2648
- C:\Windows\System\VEXjUGx.exe
  C:\Windows\System\VEXjUGx.exe
  2⤵
  PID:2976
- C:\Windows\System\VoVueMI.exe
  C:\Windows\System\VoVueMI.exe
  2⤵
  PID:5452
- C:\Windows\System\XOYbxkp.exe
  C:\Windows\System\XOYbxkp.exe
  2⤵
  PID:4308
- C:\Windows\System\koepShk.exe
  C:\Windows\System\koepShk.exe
  2⤵
  PID:828
- C:\Windows\System\UcjUCZO.exe
  C:\Windows\System\UcjUCZO.exe
  2⤵
  PID:6336
- C:\Windows\System\bleMLVv.exe
  C:\Windows\System\bleMLVv.exe
  2⤵
  PID:6384
- C:\Windows\System\gOPsIZX.exe
  C:\Windows\System\gOPsIZX.exe
  2⤵
  PID:6540
- C:\Windows\System\NvgcSlX.exe
  C:\Windows\System\NvgcSlX.exe
  2⤵
  PID:6400
- C:\Windows\System\OSpVgzz.exe
  C:\Windows\System\OSpVgzz.exe
  2⤵
  PID:6664
- C:\Windows\System\CuGtTpz.exe
  C:\Windows\System\CuGtTpz.exe
  2⤵
  PID:6624
- C:\Windows\System\jCfZbRB.exe
  C:\Windows\System\jCfZbRB.exe
  2⤵
  PID:6844
- C:\Windows\System\ulJIyDD.exe
  C:\Windows\System\ulJIyDD.exe
  2⤵
  PID:6864
- C:\Windows\System\qnhOSzi.exe
  C:\Windows\System\qnhOSzi.exe
  2⤵
  PID:6964
- C:\Windows\System\OqaOGyM.exe
  C:\Windows\System\OqaOGyM.exe
  2⤵
  PID:7108
- C:\Windows\System\ElfYIeu.exe
  C:\Windows\System\ElfYIeu.exe
  2⤵
  PID:5212
- C:\Windows\System\QGKNRAh.exe
  C:\Windows\System\QGKNRAh.exe
  2⤵
  PID:7180
- C:\Windows\System\oNmBLfn.exe
  C:\Windows\System\oNmBLfn.exe
  2⤵
  PID:7200
- C:\Windows\System\INhJwIN.exe
  C:\Windows\System\INhJwIN.exe
  2⤵
  PID:7220
- C:\Windows\System\QNqEcfs.exe
  C:\Windows\System\QNqEcfs.exe
  2⤵
  PID:7240
- C:\Windows\System\zqCLqfk.exe
  C:\Windows\System\zqCLqfk.exe
  2⤵
  PID:7256
- C:\Windows\System\cFWtHEP.exe
  C:\Windows\System\cFWtHEP.exe
  2⤵
  PID:7280
- C:\Windows\System\amuiLBs.exe
  C:\Windows\System\amuiLBs.exe
  2⤵
  PID:7300
- C:\Windows\System\BRZHDci.exe
  C:\Windows\System\BRZHDci.exe
  2⤵
  PID:7320
- C:\Windows\System\uwhiKvS.exe
  C:\Windows\System\uwhiKvS.exe
  2⤵
  PID:7340
- C:\Windows\System\lPcZOqK.exe
  C:\Windows\System\lPcZOqK.exe
  2⤵
  PID:7360
- C:\Windows\System\ktZRBkU.exe
  C:\Windows\System\ktZRBkU.exe
  2⤵
  PID:7384
- C:\Windows\System\ntchfRI.exe
  C:\Windows\System\ntchfRI.exe
  2⤵
  PID:7404
- C:\Windows\System\ikGnWzU.exe
  C:\Windows\System\ikGnWzU.exe
  2⤵
  PID:7424
- C:\Windows\System\OlRkGFx.exe
  C:\Windows\System\OlRkGFx.exe
  2⤵
  PID:7444
- C:\Windows\System\lOlxfRi.exe
  C:\Windows\System\lOlxfRi.exe
  2⤵
  PID:7464
- C:\Windows\System\HWuawds.exe
  C:\Windows\System\HWuawds.exe
  2⤵
  PID:7484
- C:\Windows\System\uaCDfwm.exe
  C:\Windows\System\uaCDfwm.exe
  2⤵
  PID:7500
- C:\Windows\System\pMEUiEu.exe
  C:\Windows\System\pMEUiEu.exe
  2⤵
  PID:7520
- C:\Windows\System\ecdPLLC.exe
  C:\Windows\System\ecdPLLC.exe
  2⤵
  PID:7540
- C:\Windows\System\mlWzOYB.exe
  C:\Windows\System\mlWzOYB.exe
  2⤵
  PID:7564
- C:\Windows\System\JOxhTmt.exe
  C:\Windows\System\JOxhTmt.exe
  2⤵
  PID:7584
- C:\Windows\System\WuxoNPh.exe
  C:\Windows\System\WuxoNPh.exe
  2⤵
  PID:7604
- C:\Windows\System\jYMbDiX.exe
  C:\Windows\System\jYMbDiX.exe
  2⤵
  PID:7624
- C:\Windows\System\wIwGpzP.exe
  C:\Windows\System\wIwGpzP.exe
  2⤵
  PID:7644
- C:\Windows\System\qJrwyBh.exe
  C:\Windows\System\qJrwyBh.exe
  2⤵
  PID:7664
- C:\Windows\System\DpIrZEh.exe
  C:\Windows\System\DpIrZEh.exe
  2⤵
  PID:7684
- C:\Windows\System\sjwrMks.exe
  C:\Windows\System\sjwrMks.exe
  2⤵
  PID:7704
- C:\Windows\System\HsYBWmt.exe
  C:\Windows\System\HsYBWmt.exe
  2⤵
  PID:7724
- C:\Windows\System\JitZMiQ.exe
  C:\Windows\System\JitZMiQ.exe
  2⤵
  PID:7744
- C:\Windows\System\hzUkjav.exe
  C:\Windows\System\hzUkjav.exe
  2⤵
  PID:7764
- C:\Windows\System\bMLrdiU.exe
  C:\Windows\System\bMLrdiU.exe
  2⤵
  PID:7784
- C:\Windows\System\bLEAvVR.exe
  C:\Windows\System\bLEAvVR.exe
  2⤵
  PID:7800
- C:\Windows\System\juwZfxJ.exe
  C:\Windows\System\juwZfxJ.exe
  2⤵
  PID:7820
- C:\Windows\System\JcReMkx.exe
  C:\Windows\System\JcReMkx.exe
  2⤵
  PID:7844
- C:\Windows\System\rhlpSFK.exe
  C:\Windows\System\rhlpSFK.exe
  2⤵
  PID:7864
- C:\Windows\System\mIjDCgC.exe
  C:\Windows\System\mIjDCgC.exe
  2⤵
  PID:7884
- C:\Windows\System\WCTRbHv.exe
  C:\Windows\System\WCTRbHv.exe
  2⤵
  PID:7904
- C:\Windows\System\qwSRnVb.exe
  C:\Windows\System\qwSRnVb.exe
  2⤵
  PID:7924
- C:\Windows\System\PIPpJlN.exe
  C:\Windows\System\PIPpJlN.exe
  2⤵
  PID:7940
- C:\Windows\System\wrRctto.exe
  C:\Windows\System\wrRctto.exe
  2⤵
  PID:7960
- C:\Windows\System\CqpHjUA.exe
  C:\Windows\System\CqpHjUA.exe
  2⤵
  PID:7984
- C:\Windows\System\nxVhitp.exe
  C:\Windows\System\nxVhitp.exe
  2⤵
  PID:8004
- C:\Windows\System\RXuXaoL.exe
  C:\Windows\System\RXuXaoL.exe
  2⤵
  PID:8024
- C:\Windows\System\mZBQCtw.exe
  C:\Windows\System\mZBQCtw.exe
  2⤵
  PID:8040
- C:\Windows\System\uzOvVtd.exe
  C:\Windows\System\uzOvVtd.exe
  2⤵
  PID:8064
- C:\Windows\System\zHIrmPV.exe
  C:\Windows\System\zHIrmPV.exe
  2⤵
  PID:8084
- C:\Windows\System\YzilMrC.exe
  C:\Windows\System\YzilMrC.exe
  2⤵
  PID:8104
- C:\Windows\System\SbXnkae.exe
  C:\Windows\System\SbXnkae.exe
  2⤵
  PID:8124
- C:\Windows\System\ocSHewb.exe
  C:\Windows\System\ocSHewb.exe
  2⤵
  PID:8140
- C:\Windows\System\CUOxjGS.exe
  C:\Windows\System\CUOxjGS.exe
  2⤵
  PID:8160
- C:\Windows\System\MOmAUrZ.exe
  C:\Windows\System\MOmAUrZ.exe
  2⤵
  PID:8184
- C:\Windows\System\TAszwwb.exe
  C:\Windows\System\TAszwwb.exe
  2⤵
  PID:5296
- C:\Windows\System\EEcFgUa.exe
  C:\Windows\System\EEcFgUa.exe
  2⤵
  PID:5960
- C:\Windows\System\wATJODq.exe
  C:\Windows\System\wATJODq.exe
  2⤵
  PID:5556
- C:\Windows\System\DACSGAA.exe
  C:\Windows\System\DACSGAA.exe
  2⤵
  PID:6256
- C:\Windows\System\BLxlGzq.exe
  C:\Windows\System\BLxlGzq.exe
  2⤵
  PID:1916
- C:\Windows\System\afsDLjN.exe
  C:\Windows\System\afsDLjN.exe
  2⤵
  PID:6376
- C:\Windows\System\oaYKNrW.exe
  C:\Windows\System\oaYKNrW.exe
  2⤵
  PID:6776
- C:\Windows\System\GYbAMDD.exe
  C:\Windows\System\GYbAMDD.exe
  2⤵
  PID:6560
- C:\Windows\System\NayzVXx.exe
  C:\Windows\System\NayzVXx.exe
  2⤵
  PID:7064
- C:\Windows\System\SQeQuIi.exe
  C:\Windows\System\SQeQuIi.exe
  2⤵
  PID:6880
- C:\Windows\System\ltoszEf.exe
  C:\Windows\System\ltoszEf.exe
  2⤵
  PID:7188
- C:\Windows\System\PQorJmi.exe
  C:\Windows\System\PQorJmi.exe
  2⤵
  PID:7192
- C:\Windows\System\OikDAlH.exe
  C:\Windows\System\OikDAlH.exe
  2⤵
  PID:7236
- C:\Windows\System\JwGmQMD.exe
  C:\Windows\System\JwGmQMD.exe
  2⤵
  PID:7268
- C:\Windows\System\lGfwmQf.exe
  C:\Windows\System\lGfwmQf.exe
  2⤵
  PID:7288
- C:\Windows\System\KnnKhqF.exe
  C:\Windows\System\KnnKhqF.exe
  2⤵
  PID:7312
- C:\Windows\System\pncXLAD.exe
  C:\Windows\System\pncXLAD.exe
  2⤵
  PID:7352
- C:\Windows\System\UtKFBZb.exe
  C:\Windows\System\UtKFBZb.exe
  2⤵
  PID:7396
- C:\Windows\System\RHPbHdS.exe
  C:\Windows\System\RHPbHdS.exe
  2⤵
  PID:7440
- C:\Windows\System\NChjPBP.exe
  C:\Windows\System\NChjPBP.exe
  2⤵
  PID:7452
- C:\Windows\System\qDMYMXE.exe
  C:\Windows\System\qDMYMXE.exe
  2⤵
  PID:7476
- C:\Windows\System\iqlVKLG.exe
  C:\Windows\System\iqlVKLG.exe
  2⤵
  PID:7496
- C:\Windows\System\ohRDAgm.exe
  C:\Windows\System\ohRDAgm.exe
  2⤵
  PID:7536
- C:\Windows\System\vPRDsam.exe
  C:\Windows\System\vPRDsam.exe
  2⤵
  PID:7600
- C:\Windows\System\hPzYYKi.exe
  C:\Windows\System\hPzYYKi.exe
  2⤵
  PID:7632
- C:\Windows\System\hGyacQd.exe
  C:\Windows\System\hGyacQd.exe
  2⤵
  PID:7672
- C:\Windows\System\LahxKVS.exe
  C:\Windows\System\LahxKVS.exe
  2⤵
  PID:7692
- C:\Windows\System\ojoYxUs.exe
  C:\Windows\System\ojoYxUs.exe
  2⤵
  PID:7720
- C:\Windows\System\nRTKxye.exe
  C:\Windows\System\nRTKxye.exe
  2⤵
  PID:7732
- C:\Windows\System\ofwOCfI.exe
  C:\Windows\System\ofwOCfI.exe
  2⤵
  PID:7772
- C:\Windows\System\WXtZSgc.exe
  C:\Windows\System\WXtZSgc.exe
  2⤵
  PID:7836
- C:\Windows\System\LMRqxsg.exe
  C:\Windows\System\LMRqxsg.exe
  2⤵
  PID:7872
- C:\Windows\System\vYBffCu.exe
  C:\Windows\System\vYBffCu.exe
  2⤵
  PID:7856
- C:\Windows\System\HMNuVgm.exe
  C:\Windows\System\HMNuVgm.exe
  2⤵
  PID:7900
- C:\Windows\System\eoxeuxJ.exe
  C:\Windows\System\eoxeuxJ.exe
  2⤵
  PID:7992
- C:\Windows\System\mKQCzlU.exe
  C:\Windows\System\mKQCzlU.exe
  2⤵
  PID:7936
- C:\Windows\System\THNpeBd.exe
  C:\Windows\System\THNpeBd.exe
  2⤵
  PID:8012
- C:\Windows\System\ICRlxNS.exe
  C:\Windows\System\ICRlxNS.exe
  2⤵
  PID:8080
- C:\Windows\System\zrqIKfP.exe
  C:\Windows\System\zrqIKfP.exe
  2⤵
  PID:8076
- C:\Windows\System\YtSVabq.exe
  C:\Windows\System\YtSVabq.exe
  2⤵
  PID:8100
- C:\Windows\System\EoCEYtV.exe
  C:\Windows\System\EoCEYtV.exe
  2⤵
  PID:8096
- C:\Windows\System\pcqPJlh.exe
  C:\Windows\System\pcqPJlh.exe
  2⤵
  PID:5088
- C:\Windows\System\FlYCNxf.exe
  C:\Windows\System\FlYCNxf.exe
  2⤵
  PID:8176
- C:\Windows\System\ebvDVPF.exe
  C:\Windows\System\ebvDVPF.exe
  2⤵
  PID:4156
- C:\Windows\System\JwBVMhX.exe
  C:\Windows\System\JwBVMhX.exe
  2⤵
  PID:6172
- C:\Windows\System\DwEvSOA.exe
  C:\Windows\System\DwEvSOA.exe
  2⤵
  PID:6176
- C:\Windows\System\PlOboKy.exe
  C:\Windows\System\PlOboKy.exe
  2⤵
  PID:6440
- C:\Windows\System\MtNuyra.exe
  C:\Windows\System\MtNuyra.exe
  2⤵
  PID:2880
- C:\Windows\System\xHeVvij.exe
  C:\Windows\System\xHeVvij.exe
  2⤵
  PID:6984
- C:\Windows\System\BONDVIZ.exe
  C:\Windows\System\BONDVIZ.exe
  2⤵
  PID:7248
- C:\Windows\System\SFKVHua.exe
  C:\Windows\System\SFKVHua.exe
  2⤵
  PID:7252
- C:\Windows\System\wiRchiY.exe
  C:\Windows\System\wiRchiY.exe
  2⤵
  PID:7232
- C:\Windows\System\EuOxFUZ.exe
  C:\Windows\System\EuOxFUZ.exe
  2⤵
  PID:7316
- C:\Windows\System\rwqhYeQ.exe
  C:\Windows\System\rwqhYeQ.exe
  2⤵
  PID:7400
- C:\Windows\System\ZgRXYLQ.exe
  C:\Windows\System\ZgRXYLQ.exe
  2⤵
  PID:7552
- C:\Windows\System\UICXeLf.exe
  C:\Windows\System\UICXeLf.exe
  2⤵
  PID:7516
- C:\Windows\System\bngxYOL.exe
  C:\Windows\System\bngxYOL.exe
  2⤵
  PID:7656
- C:\Windows\System\ZpbnAzM.exe
  C:\Windows\System\ZpbnAzM.exe
  2⤵
  PID:7592
- C:\Windows\System\YRhzYBl.exe
  C:\Windows\System\YRhzYBl.exe
  2⤵
  PID:7752
- C:\Windows\System\YyjEFEC.exe
  C:\Windows\System\YyjEFEC.exe
  2⤵
  PID:7828
- C:\Windows\System\yyMOnxm.exe
  C:\Windows\System\yyMOnxm.exe
  2⤵
  PID:7716
- C:\Windows\System\ZgvDpvx.exe
  C:\Windows\System\ZgvDpvx.exe
  2⤵
  PID:7808
- C:\Windows\System\SbfxQjl.exe
  C:\Windows\System\SbfxQjl.exe
  2⤵
  PID:7816
- C:\Windows\System\joVLRWO.exe
  C:\Windows\System\joVLRWO.exe
  2⤵
  PID:7968
- C:\Windows\System\pkYanke.exe
  C:\Windows\System\pkYanke.exe
  2⤵
  PID:8032
- C:\Windows\System\flLXRmu.exe
  C:\Windows\System\flLXRmu.exe
  2⤵
  PID:8016
- C:\Windows\System\bafRguC.exe
  C:\Windows\System\bafRguC.exe
  2⤵
  PID:8116
- C:\Windows\System\JdBOicm.exe
  C:\Windows\System\JdBOicm.exe
  2⤵
  PID:8180
- C:\Windows\System\rNBcCYI.exe
  C:\Windows\System\rNBcCYI.exe
  2⤵
  PID:2768
- C:\Windows\System\xJUkdJF.exe
  C:\Windows\System\xJUkdJF.exe
  2⤵
  PID:2172
- C:\Windows\System\quAHhNc.exe
  C:\Windows\System\quAHhNc.exe
  2⤵
  PID:6628
- C:\Windows\System\qOVBzAv.exe
  C:\Windows\System\qOVBzAv.exe
  2⤵
  PID:6508
- C:\Windows\System\lsMzLCK.exe
  C:\Windows\System\lsMzLCK.exe
  2⤵
  PID:7228
- C:\Windows\System\uegUlwF.exe
  C:\Windows\System\uegUlwF.exe
  2⤵
  PID:7412
- C:\Windows\System\modxDJR.exe
  C:\Windows\System\modxDJR.exe
  2⤵
  PID:7472
- C:\Windows\System\DEhmvJR.exe
  C:\Windows\System\DEhmvJR.exe
  2⤵
  PID:7492
- C:\Windows\System\UCzyutT.exe
  C:\Windows\System\UCzyutT.exe
  2⤵
  PID:7420
- C:\Windows\System\VRWlXtG.exe
  C:\Windows\System\VRWlXtG.exe
  2⤵
  PID:7620
- C:\Windows\System\XOpbrri.exe
  C:\Windows\System\XOpbrri.exe
  2⤵
  PID:7840
- C:\Windows\System\NBKIkzt.exe
  C:\Windows\System\NBKIkzt.exe
  2⤵
  PID:7948
- C:\Windows\System\dWeNysO.exe
  C:\Windows\System\dWeNysO.exe
  2⤵
  PID:7912
- C:\Windows\System\VzQLSdY.exe
  C:\Windows\System\VzQLSdY.exe
  2⤵
  PID:7932
- C:\Windows\System\pPfZDPW.exe
  C:\Windows\System\pPfZDPW.exe
  2⤵
  PID:2728
- C:\Windows\System\ReTvwiu.exe
  C:\Windows\System\ReTvwiu.exe
  2⤵
  PID:8208
- C:\Windows\System\QMkxHAV.exe
  C:\Windows\System\QMkxHAV.exe
  2⤵
  PID:8232
- C:\Windows\System\txEbyjo.exe
  C:\Windows\System\txEbyjo.exe
  2⤵
  PID:8252
- C:\Windows\System\IPQtltR.exe
  C:\Windows\System\IPQtltR.exe
  2⤵
  PID:8272
- C:\Windows\System\rgCZZiU.exe
  C:\Windows\System\rgCZZiU.exe
  2⤵
  PID:8292
- C:\Windows\System\FIZutvu.exe
  C:\Windows\System\FIZutvu.exe
  2⤵
  PID:8312
- C:\Windows\System\ULbUUOm.exe
  C:\Windows\System\ULbUUOm.exe
  2⤵
  PID:8328
- C:\Windows\System\xlgtrGh.exe
  C:\Windows\System\xlgtrGh.exe
  2⤵
  PID:8344
- C:\Windows\System\VPHGcXY.exe
  C:\Windows\System\VPHGcXY.exe
  2⤵
  PID:8368
- C:\Windows\System\cJcUlOj.exe
  C:\Windows\System\cJcUlOj.exe
  2⤵
  PID:8392
- C:\Windows\System\ktsuMLi.exe
  C:\Windows\System\ktsuMLi.exe
  2⤵
  PID:8412
- C:\Windows\System\LDqjNSp.exe
  C:\Windows\System\LDqjNSp.exe
  2⤵
  PID:8432
- C:\Windows\System\sYywZXo.exe
  C:\Windows\System\sYywZXo.exe
  2⤵
  PID:8452
- C:\Windows\System\SFeRwgE.exe
  C:\Windows\System\SFeRwgE.exe
  2⤵
  PID:8468
- C:\Windows\System\ofPEQgS.exe
  C:\Windows\System\ofPEQgS.exe
  2⤵
  PID:8488
- C:\Windows\System\sMYHPYa.exe
  C:\Windows\System\sMYHPYa.exe
  2⤵
  PID:8508
- C:\Windows\System\LVXXbZn.exe
  C:\Windows\System\LVXXbZn.exe
  2⤵
  PID:8528
- C:\Windows\System\PLbbikz.exe
  C:\Windows\System\PLbbikz.exe
  2⤵
  PID:8548
- C:\Windows\System\cJJSZBA.exe
  C:\Windows\System\cJJSZBA.exe
  2⤵
  PID:8568
- C:\Windows\System\GNcCBot.exe
  C:\Windows\System\GNcCBot.exe
  2⤵
  PID:8588
- C:\Windows\System\gfEcTBf.exe
  C:\Windows\System\gfEcTBf.exe
  2⤵
  PID:8608
- C:\Windows\System\bwXxXHT.exe
  C:\Windows\System\bwXxXHT.exe
  2⤵
  PID:8628
- C:\Windows\System\RaseRVm.exe
  C:\Windows\System\RaseRVm.exe
  2⤵
  PID:8648
- C:\Windows\System\HBbKAXX.exe
  C:\Windows\System\HBbKAXX.exe
  2⤵
  PID:8672
- C:\Windows\System\qodFSUq.exe
  C:\Windows\System\qodFSUq.exe
  2⤵
  PID:8688
- C:\Windows\System\XMcaDdd.exe
  C:\Windows\System\XMcaDdd.exe
  2⤵
  PID:8712
- C:\Windows\System\SjwrKqT.exe
  C:\Windows\System\SjwrKqT.exe
  2⤵
  PID:8732
- C:\Windows\System\hVxxCWL.exe
  C:\Windows\System\hVxxCWL.exe
  2⤵
  PID:8752
- C:\Windows\System\lsLYYuN.exe
  C:\Windows\System\lsLYYuN.exe
  2⤵
  PID:8772
- C:\Windows\System\pPtiEkp.exe
  C:\Windows\System\pPtiEkp.exe
  2⤵
  PID:8792
- C:\Windows\System\oeROxaS.exe
  C:\Windows\System\oeROxaS.exe
  2⤵
  PID:8808
- C:\Windows\System\dwuPnba.exe
  C:\Windows\System\dwuPnba.exe
  2⤵
  PID:8828
- C:\Windows\System\QqfRuus.exe
  C:\Windows\System\QqfRuus.exe
  2⤵
  PID:8848
- C:\Windows\System\zlNbGTq.exe
  C:\Windows\System\zlNbGTq.exe
  2⤵
  PID:8868
- C:\Windows\System\jMGCinQ.exe
  C:\Windows\System\jMGCinQ.exe
  2⤵
  PID:8888
- C:\Windows\System\fQWOjqf.exe
  C:\Windows\System\fQWOjqf.exe
  2⤵
  PID:8904
- C:\Windows\System\bFokYfJ.exe
  C:\Windows\System\bFokYfJ.exe
  2⤵
  PID:8924
- C:\Windows\System\vKmgBno.exe
  C:\Windows\System\vKmgBno.exe
  2⤵
  PID:8940
- C:\Windows\System\wVMRRuW.exe
  C:\Windows\System\wVMRRuW.exe
  2⤵
  PID:8960
- C:\Windows\System\MtGmWzO.exe
  C:\Windows\System\MtGmWzO.exe
  2⤵
  PID:8976
- C:\Windows\System\SqAyNlM.exe
  C:\Windows\System\SqAyNlM.exe
  2⤵
  PID:8992
- C:\Windows\System\jFyGrVB.exe
  C:\Windows\System\jFyGrVB.exe
  2⤵
  PID:9008
- C:\Windows\System\QmvVzKs.exe
  C:\Windows\System\QmvVzKs.exe
  2⤵
  PID:9024
- C:\Windows\System\LehxgGb.exe
  C:\Windows\System\LehxgGb.exe
  2⤵
  PID:9040
- C:\Windows\System\eZxuIQi.exe
  C:\Windows\System\eZxuIQi.exe
  2⤵
  PID:9056
- C:\Windows\System\BOWvSUz.exe
  C:\Windows\System\BOWvSUz.exe
  2⤵
  PID:9072
- C:\Windows\System\SBXpLpW.exe
  C:\Windows\System\SBXpLpW.exe
  2⤵
  PID:9088
- C:\Windows\System\YpVHhbg.exe
  C:\Windows\System\YpVHhbg.exe
  2⤵
  PID:9104
- C:\Windows\System\tTMVinq.exe
  C:\Windows\System\tTMVinq.exe
  2⤵
  PID:9120
- C:\Windows\System\QVWnlCB.exe
  C:\Windows\System\QVWnlCB.exe
  2⤵
  PID:9136
- C:\Windows\System\CZOLqGh.exe
  C:\Windows\System\CZOLqGh.exe
  2⤵
  PID:9164
- C:\Windows\System\QRClPMJ.exe
  C:\Windows\System\QRClPMJ.exe
  2⤵
  PID:9180
- C:\Windows\System\mgkSZSB.exe
  C:\Windows\System\mgkSZSB.exe
  2⤵
  PID:9208
- C:\Windows\System\jUQWScA.exe
  C:\Windows\System\jUQWScA.exe
  2⤵
  PID:8056
- C:\Windows\System\uUfKppP.exe
  C:\Windows\System\uUfKppP.exe
  2⤵
  PID:2832
- C:\Windows\System\cZeJPNV.exe
  C:\Windows\System\cZeJPNV.exe
  2⤵
  PID:1992
- C:\Windows\System\ktRkSoh.exe
  C:\Windows\System\ktRkSoh.exe
  2⤵
  PID:6836
- C:\Windows\System\VmKuuil.exe
  C:\Windows\System\VmKuuil.exe
  2⤵
  PID:7596
- C:\Windows\System\qStnntj.exe
  C:\Windows\System\qStnntj.exe
  2⤵
  PID:7756
- C:\Windows\System\BqcrCHN.exe
  C:\Windows\System\BqcrCHN.exe
  2⤵
  PID:7652
- C:\Windows\System\gjSSSxD.exe
  C:\Windows\System\gjSSSxD.exe
  2⤵
  PID:7952
- C:\Windows\System\uXOJZfr.exe
  C:\Windows\System\uXOJZfr.exe
  2⤵
  PID:8268
- C:\Windows\System\bRCHhGR.exe
  C:\Windows\System\bRCHhGR.exe
  2⤵
  PID:8200
- C:\Windows\System\qMiMsLf.exe
  C:\Windows\System\qMiMsLf.exe
  2⤵
  PID:8244
- C:\Windows\System\YhFRBOb.exe
  C:\Windows\System\YhFRBOb.exe
  2⤵
  PID:8288
- C:\Windows\System\dpVbkCZ.exe
  C:\Windows\System\dpVbkCZ.exe
  2⤵
  PID:8324
- C:\Windows\System\tSOjxKT.exe
  C:\Windows\System\tSOjxKT.exe
  2⤵
  PID:8420
- C:\Windows\System\YkbEHrr.exe
  C:\Windows\System\YkbEHrr.exe
  2⤵
  PID:8360
- C:\Windows\System\SEFkgTI.exe
  C:\Windows\System\SEFkgTI.exe
  2⤵
  PID:8408
- C:\Windows\System\gWHvDwX.exe
  C:\Windows\System\gWHvDwX.exe
  2⤵
  PID:8464
- C:\Windows\System\jIiQOvF.exe
  C:\Windows\System\jIiQOvF.exe
  2⤵
  PID:8504
- C:\Windows\System\NxbbfaM.exe
  C:\Windows\System\NxbbfaM.exe
  2⤵
  PID:8444
- C:\Windows\System\AnJTqyw.exe
  C:\Windows\System\AnJTqyw.exe
  2⤵
  PID:8576
- C:\Windows\System\BEHymvQ.exe
  C:\Windows\System\BEHymvQ.exe
  2⤵
  PID:2292
- C:\Windows\System\SeIWnOq.exe
  C:\Windows\System\SeIWnOq.exe
  2⤵
  PID:8584
- C:\Windows\System\kScBlul.exe
  C:\Windows\System\kScBlul.exe
  2⤵
  PID:8620
- C:\Windows\System\RoZgvzL.exe
  C:\Windows\System\RoZgvzL.exe
  2⤵
  PID:8604
- C:\Windows\System\LTaVOZf.exe
  C:\Windows\System\LTaVOZf.exe
  2⤵
  PID:8696
- C:\Windows\System\SQBKOmu.exe
  C:\Windows\System\SQBKOmu.exe
  2⤵
  PID:8720
- C:\Windows\System\seGLAlA.exe
  C:\Windows\System\seGLAlA.exe
  2⤵
  PID:8748
- C:\Windows\System\XadwfPb.exe
  C:\Windows\System\XadwfPb.exe
  2⤵
  PID:8800
- C:\Windows\System\WliHPtH.exe
  C:\Windows\System\WliHPtH.exe
  2⤵
  PID:8840
- C:\Windows\System\WVJhpYP.exe
  C:\Windows\System\WVJhpYP.exe
  2⤵
  PID:8884
- C:\Windows\System\DeIQuid.exe
  C:\Windows\System\DeIQuid.exe
  2⤵
  PID:8932
- C:\Windows\System\gNIPVfL.exe
  C:\Windows\System\gNIPVfL.exe
  2⤵
  PID:8968
- C:\Windows\System\svEKRgp.exe
  C:\Windows\System\svEKRgp.exe
  2⤵
  PID:8956
- C:\Windows\System\lEESiHR.exe
  C:\Windows\System\lEESiHR.exe
  2⤵
  PID:8988
- C:\Windows\System\Hblxudl.exe
  C:\Windows\System\Hblxudl.exe
  2⤵
  PID:9036
- C:\Windows\System\ZaTrjxZ.exe
  C:\Windows\System\ZaTrjxZ.exe
  2⤵
  PID:2736
- C:\Windows\System\sUAMwgx.exe
  C:\Windows\System\sUAMwgx.exe
  2⤵
  PID:9084
- C:\Windows\System\WgiWFus.exe
  C:\Windows\System\WgiWFus.exe
  2⤵
  PID:9112
- C:\Windows\System\HhhnCTf.exe
  C:\Windows\System\HhhnCTf.exe
  2⤵
  PID:9172
- C:\Windows\System\SMFjFbv.exe
  C:\Windows\System\SMFjFbv.exe
  2⤵
  PID:8172
- C:\Windows\System\sFzZRNY.exe
  C:\Windows\System\sFzZRNY.exe
  2⤵
  PID:3052
- C:\Windows\System\weGhTaC.exe
  C:\Windows\System\weGhTaC.exe
  2⤵
  PID:6484
- C:\Windows\System\ZIFoIoc.exe
  C:\Windows\System\ZIFoIoc.exe
  2⤵
  PID:7676
- C:\Windows\System\xLQVvWt.exe
  C:\Windows\System\xLQVvWt.exe
  2⤵
  PID:7712
- C:\Windows\System\vkxSXNJ.exe
  C:\Windows\System\vkxSXNJ.exe
  2⤵
  PID:8000
- C:\Windows\System\wSalQol.exe
  C:\Windows\System\wSalQol.exe
  2⤵
  PID:8216
- C:\Windows\System\ZHwxhfk.exe
  C:\Windows\System\ZHwxhfk.exe
  2⤵
  PID:8260
- C:\Windows\System\jevugKz.exe
  C:\Windows\System\jevugKz.exe
  2⤵
  PID:8280
- C:\Windows\System\UbgSzwd.exe
  C:\Windows\System\UbgSzwd.exe
  2⤵
  PID:8376
- C:\Windows\System\LuniYrL.exe
  C:\Windows\System\LuniYrL.exe
  2⤵
  PID:8388
- C:\Windows\System\lauIVtc.exe
  C:\Windows\System\lauIVtc.exe
  2⤵
  PID:8460
- C:\Windows\System\njfhimf.exe
  C:\Windows\System\njfhimf.exe
  2⤵
  PID:8448
- C:\Windows\System\MYFyyzg.exe
  C:\Windows\System\MYFyyzg.exe
  2⤵
  PID:8524
- C:\Windows\System\tBeFmRs.exe
  C:\Windows\System\tBeFmRs.exe
  2⤵
  PID:2704
- C:\Windows\System\sJoRenB.exe
  C:\Windows\System\sJoRenB.exe
  2⤵
  PID:8668
- C:\Windows\System\VrSeJTV.exe
  C:\Windows\System\VrSeJTV.exe
  2⤵
  PID:8640
- C:\Windows\System\TZsPabI.exe
  C:\Windows\System\TZsPabI.exe
  2⤵
  PID:8636
- C:\Windows\System\upNzkxZ.exe
  C:\Windows\System\upNzkxZ.exe
  2⤵
  PID:8768
- C:\Windows\System\TtbzWNb.exe
  C:\Windows\System\TtbzWNb.exe
  2⤵
  PID:648
- C:\Windows\System\YiWHGSG.exe
  C:\Windows\System\YiWHGSG.exe
  2⤵
  PID:628
- C:\Windows\System\eCUGROO.exe
  C:\Windows\System\eCUGROO.exe
  2⤵
  PID:2584
- C:\Windows\System\laTaIXD.exe
  C:\Windows\System\laTaIXD.exe
  2⤵
  PID:8856
- C:\Windows\System\GkQrjZp.exe
  C:\Windows\System\GkQrjZp.exe
  2⤵
  PID:8864
- C:\Windows\System\uiEjYlP.exe
  C:\Windows\System\uiEjYlP.exe
  2⤵
  PID:8912
- C:\Windows\System\XtUQRZr.exe
  C:\Windows\System\XtUQRZr.exe
  2⤵
  PID:8920
- C:\Windows\System\axzgUXk.exe
  C:\Windows\System\axzgUXk.exe
  2⤵
  PID:3068
- C:\Windows\System\pDRPAMd.exe
  C:\Windows\System\pDRPAMd.exe
  2⤵
  PID:9004
- C:\Windows\System\Ikoloeu.exe
  C:\Windows\System\Ikoloeu.exe
  2⤵
  PID:9052
- C:\Windows\System\XyGiAVD.exe
  C:\Windows\System\XyGiAVD.exe
  2⤵
  PID:2036
- C:\Windows\System\qWPXCUY.exe
  C:\Windows\System\qWPXCUY.exe
  2⤵
  PID:816
- C:\Windows\System\macErxG.exe
  C:\Windows\System\macErxG.exe
  2⤵
  PID:2200
- C:\Windows\System\HgnlJsN.exe
  C:\Windows\System\HgnlJsN.exe
  2⤵
  PID:9148
- C:\Windows\System\aWyvgKN.exe
  C:\Windows\System\aWyvgKN.exe
  2⤵
  PID:884
- C:\Windows\System\MXaaiJU.exe
  C:\Windows\System\MXaaiJU.exe
  2⤵
  PID:4904
- C:\Windows\System\hsBjMYF.exe
  C:\Windows\System\hsBjMYF.exe
  2⤵
  PID:8760
- C:\Windows\System\ZhBXiZY.exe
  C:\Windows\System\ZhBXiZY.exe
  2⤵
  PID:3644
- C:\Windows\System\XlLmnKk.exe
  C:\Windows\System\XlLmnKk.exe
  2⤵
  PID:3040
- C:\Windows\System\woXWRBL.exe
  C:\Windows\System\woXWRBL.exe
  2⤵
  PID:6036
- C:\Windows\System\ttcEQCk.exe
  C:\Windows\System\ttcEQCk.exe
  2⤵
  PID:7616
- C:\Windows\System\hpoYBuj.exe
  C:\Windows\System\hpoYBuj.exe
  2⤵
  PID:8308
- C:\Windows\System\hRgOFJC.exe
  C:\Windows\System\hRgOFJC.exe
  2⤵
  PID:2844
- C:\Windows\System\DgVMmsQ.exe
  C:\Windows\System\DgVMmsQ.exe
  2⤵
  PID:8536
- C:\Windows\System\kvUsYpp.exe
  C:\Windows\System\kvUsYpp.exe
  2⤵
  PID:8364
- C:\Windows\System\WOKqlQy.exe
  C:\Windows\System\WOKqlQy.exe
  2⤵
  PID:8540
- C:\Windows\System\SeqAGtM.exe
  C:\Windows\System\SeqAGtM.exe
  2⤵
  PID:2412
- C:\Windows\System\GDTMpwP.exe
  C:\Windows\System\GDTMpwP.exe
  2⤵
  PID:1252
- C:\Windows\System\YlcMMEc.exe
  C:\Windows\System\YlcMMEc.exe
  2⤵
  PID:2144
- C:\Windows\System\aLIwnZq.exe
  C:\Windows\System\aLIwnZq.exe
  2⤵
  PID:8836
- C:\Windows\System\qbVxzub.exe
  C:\Windows\System\qbVxzub.exe
  2⤵
  PID:1812
- C:\Windows\System\ryJdCtw.exe
  C:\Windows\System\ryJdCtw.exe
  2⤵
  PID:2148
- C:\Windows\System\SafdKfY.exe
  C:\Windows\System\SafdKfY.exe
  2⤵
  PID:2396
- C:\Windows\System\kweufKc.exe
  C:\Windows\System\kweufKc.exe
  2⤵
  PID:9176
- C:\Windows\System\KwvSXgb.exe
  C:\Windows\System\KwvSXgb.exe
  2⤵
  PID:9144
- C:\Windows\System\nvkOFDA.exe
  C:\Windows\System\nvkOFDA.exe
  2⤵
  PID:8784
- C:\Windows\System\bbtHNCh.exe
  C:\Windows\System\bbtHNCh.exe
  2⤵
  PID:7432
- C:\Windows\System\JmZjCES.exe
  C:\Windows\System\JmZjCES.exe
  2⤵
  PID:9080
- C:\Windows\System\PTTdUec.exe
  C:\Windows\System\PTTdUec.exe
  2⤵
  PID:7528
- C:\Windows\System\RZJeWuw.exe
  C:\Windows\System\RZJeWuw.exe
  2⤵
  PID:2280
- C:\Windows\System\hmLftnk.exe
  C:\Windows\System\hmLftnk.exe
  2⤵
  PID:8380
- C:\Windows\System\mmcDjVF.exe
  C:\Windows\System\mmcDjVF.exe
  2⤵
  PID:2600
- C:\Windows\System\mYVrPcB.exe
  C:\Windows\System\mYVrPcB.exe
  2⤵
  PID:8320
- C:\Windows\System\ZCowxFn.exe
  C:\Windows\System\ZCowxFn.exe
  2⤵
  PID:8600
- C:\Windows\System\wFGKAme.exe
  C:\Windows\System\wFGKAme.exe
  2⤵
  PID:8948
- C:\Windows\System\Pnpispd.exe
  C:\Windows\System\Pnpispd.exe
  2⤵
  PID:320
- C:\Windows\System\EQhzzaN.exe
  C:\Windows\System\EQhzzaN.exe
  2⤵
  PID:9188
- C:\Windows\System\ImAtzkh.exe
  C:\Windows\System\ImAtzkh.exe
  2⤵
  PID:9132
- C:\Windows\System\cSvYgIP.exe
  C:\Windows\System\cSvYgIP.exe
  2⤵
  PID:8788
- C:\Windows\System\Jekrstg.exe
  C:\Windows\System\Jekrstg.exe
  2⤵
  PID:7852
- C:\Windows\System\OmmFFXU.exe
  C:\Windows\System\OmmFFXU.exe
  2⤵
  PID:8072
- C:\Windows\System\clRwqFI.exe
  C:\Windows\System\clRwqFI.exe
  2⤵
  PID:1880
- C:\Windows\System\nWjNBZR.exe
  C:\Windows\System\nWjNBZR.exe
  2⤵
  PID:9000
- C:\Windows\System\aejEeBw.exe
  C:\Windows\System\aejEeBw.exe
  2⤵
  PID:9128
- C:\Windows\System\MVczMsk.exe
  C:\Windows\System\MVczMsk.exe
  2⤵
  PID:2848
- C:\Windows\System\POLJOyc.exe
  C:\Windows\System\POLJOyc.exe
  2⤵
  PID:1684
- C:\Windows\System\VkxYgXT.exe
  C:\Windows\System\VkxYgXT.exe
  2⤵
  PID:8708
- C:\Windows\System\tLWgDur.exe
  C:\Windows\System\tLWgDur.exe
  2⤵
  PID:908
- C:\Windows\System\JPNHaOF.exe
  C:\Windows\System\JPNHaOF.exe
  2⤵
  PID:2680
- C:\Windows\System\hepYNnS.exe
  C:\Windows\System\hepYNnS.exe
  2⤵
  PID:2228
- C:\Windows\System\NEIPdtm.exe
  C:\Windows\System\NEIPdtm.exe
  2⤵
  PID:912
- C:\Windows\System\ozwKEcf.exe
  C:\Windows\System\ozwKEcf.exe
  2⤵
  PID:9220
- C:\Windows\System\HeNGher.exe
  C:\Windows\System\HeNGher.exe
  2⤵
  PID:9240
- C:\Windows\System\GAXrLHP.exe
  C:\Windows\System\GAXrLHP.exe
  2⤵
  PID:9260
- C:\Windows\System\QjofwKP.exe
  C:\Windows\System\QjofwKP.exe
  2⤵
  PID:9284
- C:\Windows\System\czubSEs.exe
  C:\Windows\System\czubSEs.exe
  2⤵
  PID:9312
- C:\Windows\System\wirncvF.exe
  C:\Windows\System\wirncvF.exe
  2⤵
  PID:9340
- C:\Windows\System\Wcwmuzu.exe
  C:\Windows\System\Wcwmuzu.exe
  2⤵
  PID:9360
- C:\Windows\System\wTTaGAB.exe
  C:\Windows\System\wTTaGAB.exe
  2⤵
  PID:9380
- C:\Windows\System\jLOiuns.exe
  C:\Windows\System\jLOiuns.exe
  2⤵
  PID:9396
- C:\Windows\System\RUEQzOn.exe
  C:\Windows\System\RUEQzOn.exe
  2⤵
  PID:9416
- C:\Windows\System\HuhKlPo.exe
  C:\Windows\System\HuhKlPo.exe
  2⤵
  PID:9432
- C:\Windows\System\FEAYxQG.exe
  C:\Windows\System\FEAYxQG.exe
  2⤵
  PID:9448
- C:\Windows\System\aJjorgx.exe
  C:\Windows\System\aJjorgx.exe
  2⤵
  PID:9464
- C:\Windows\System\JBUnIKM.exe
  C:\Windows\System\JBUnIKM.exe
  2⤵
  PID:9480
- C:\Windows\System\wTYyKcL.exe
  C:\Windows\System\wTYyKcL.exe
  2⤵
  PID:9504
- C:\Windows\System\hypGaxT.exe
  C:\Windows\System\hypGaxT.exe
  2⤵
  PID:9524
- C:\Windows\System\vgedLVm.exe
  C:\Windows\System\vgedLVm.exe
  2⤵
  PID:9544
- C:\Windows\System\wWcFwtc.exe
  C:\Windows\System\wWcFwtc.exe
  2⤵
  PID:9560
- C:\Windows\System\uMSjxyr.exe
  C:\Windows\System\uMSjxyr.exe
  2⤵
  PID:9576
- C:\Windows\System\HYOQgkF.exe
  C:\Windows\System\HYOQgkF.exe
  2⤵
  PID:9592
- C:\Windows\System\kahSbVD.exe
  C:\Windows\System\kahSbVD.exe
  2⤵
  PID:9608
- C:\Windows\System\BlLOwoe.exe
  C:\Windows\System\BlLOwoe.exe
  2⤵
  PID:9624
- C:\Windows\System\pIjTNzw.exe
  C:\Windows\System\pIjTNzw.exe
  2⤵
  PID:9640
- C:\Windows\System\VyJIXbs.exe
  C:\Windows\System\VyJIXbs.exe
  2⤵
  PID:9656
- C:\Windows\System\dpJkAze.exe
  C:\Windows\System\dpJkAze.exe
  2⤵
  PID:9672
- C:\Windows\System\XqUQCtx.exe
  C:\Windows\System\XqUQCtx.exe
  2⤵
  PID:9688
- C:\Windows\System\iUupMUe.exe
  C:\Windows\System\iUupMUe.exe
  2⤵
  PID:9704
- C:\Windows\System\MTtwYRi.exe
  C:\Windows\System\MTtwYRi.exe
  2⤵
  PID:9720
- C:\Windows\System\piSgQqw.exe
  C:\Windows\System\piSgQqw.exe
  2⤵
  PID:9736
- C:\Windows\System\XJroENX.exe
  C:\Windows\System\XJroENX.exe
  2⤵
  PID:9752
- C:\Windows\System\dTxMgSJ.exe
  C:\Windows\System\dTxMgSJ.exe
  2⤵
  PID:9768
- C:\Windows\System\uzAExLq.exe
  C:\Windows\System\uzAExLq.exe
  2⤵
  PID:9784
- C:\Windows\System\PJRBlxj.exe
  C:\Windows\System\PJRBlxj.exe
  2⤵
  PID:9800
- C:\Windows\System\XFUnxvA.exe
  C:\Windows\System\XFUnxvA.exe
  2⤵
  PID:9816
- C:\Windows\System\prewfyi.exe
  C:\Windows\System\prewfyi.exe
  2⤵
  PID:9832
- C:\Windows\System\WzAZPcs.exe
  C:\Windows\System\WzAZPcs.exe
  2⤵
  PID:9848
- C:\Windows\System\MMKMLMm.exe
  C:\Windows\System\MMKMLMm.exe
  2⤵
  PID:9864
- C:\Windows\System\aFAfpce.exe
  C:\Windows\System\aFAfpce.exe
  2⤵
  PID:9880
- C:\Windows\System\pOCaRVF.exe
  C:\Windows\System\pOCaRVF.exe
  2⤵
  PID:9896
- C:\Windows\System\jXDKijE.exe
  C:\Windows\System\jXDKijE.exe
  2⤵
  PID:9912
- C:\Windows\System\BPrwhCo.exe
  C:\Windows\System\BPrwhCo.exe
  2⤵
  PID:9928
- C:\Windows\System\UwmCzzN.exe
  C:\Windows\System\UwmCzzN.exe
  2⤵
  PID:9944
- C:\Windows\System\ymnLoHi.exe
  C:\Windows\System\ymnLoHi.exe
  2⤵
  PID:9960
- C:\Windows\System\JjvnUcc.exe
  C:\Windows\System\JjvnUcc.exe
  2⤵
  PID:9976
- C:\Windows\System\lsAZIJK.exe
  C:\Windows\System\lsAZIJK.exe
  2⤵
  PID:9992
- C:\Windows\System\YPrqcJD.exe
  C:\Windows\System\YPrqcJD.exe
  2⤵
  PID:10008
- C:\Windows\System\GKBUdMy.exe
  C:\Windows\System\GKBUdMy.exe
  2⤵
  PID:10024
- C:\Windows\System\XQvuACk.exe
  C:\Windows\System\XQvuACk.exe
  2⤵
  PID:10040
- C:\Windows\System\dBeGkZV.exe
  C:\Windows\System\dBeGkZV.exe
  2⤵
  PID:10056
- C:\Windows\System\vKNownC.exe
  C:\Windows\System\vKNownC.exe
  2⤵
  PID:10072
- C:\Windows\System\TdMelzj.exe
  C:\Windows\System\TdMelzj.exe
  2⤵
  PID:10088
- C:\Windows\System\cGwihsj.exe
  C:\Windows\System\cGwihsj.exe
  2⤵
  PID:10108
- C:\Windows\System\PivspwP.exe
  C:\Windows\System\PivspwP.exe
  2⤵
  PID:10124
- C:\Windows\System\aIzpNse.exe
  C:\Windows\System\aIzpNse.exe
  2⤵
  PID:10140
- C:\Windows\System\eejowxH.exe
  C:\Windows\System\eejowxH.exe
  2⤵
  PID:10156
- C:\Windows\System\WAjduFZ.exe
  C:\Windows\System\WAjduFZ.exe
  2⤵
  PID:10172
- C:\Windows\System\WFdiODw.exe
  C:\Windows\System\WFdiODw.exe
  2⤵
  PID:10188
- C:\Windows\System\qZPmmoA.exe
  C:\Windows\System\qZPmmoA.exe
  2⤵
  PID:10204
- C:\Windows\System\ySoUROz.exe
  C:\Windows\System\ySoUROz.exe
  2⤵
  PID:10220
- C:\Windows\System\SVvPWUH.exe
  C:\Windows\System\SVvPWUH.exe
  2⤵
  PID:10236
- C:\Windows\System\GUUtIts.exe
  C:\Windows\System\GUUtIts.exe
  2⤵
  PID:4060
- C:\Windows\System\GJvVRHZ.exe
  C:\Windows\System\GJvVRHZ.exe
  2⤵
  PID:9228
- C:\Windows\System\mIOCfpw.exe
  C:\Windows\System\mIOCfpw.exe
  2⤵
  PID:9272
- C:\Windows\System\emxIDRi.exe
  C:\Windows\System\emxIDRi.exe
  2⤵
  PID:7480
- C:\Windows\System\MEnXGCY.exe
  C:\Windows\System\MEnXGCY.exe
  2⤵
  PID:9256
- C:\Windows\System\SkdDVBz.exe
  C:\Windows\System\SkdDVBz.exe
  2⤵
  PID:9248
- C:\Windows\System\ODnKkrE.exe
  C:\Windows\System\ODnKkrE.exe
  2⤵
  PID:9296
- C:\Windows\System\rDnRxPk.exe
  C:\Windows\System\rDnRxPk.exe
  2⤵
  PID:9300
- C:\Windows\System\TeSieKq.exe
  C:\Windows\System\TeSieKq.exe
  2⤵
  PID:9352
- C:\Windows\System\NSbYdOE.exe
  C:\Windows\System\NSbYdOE.exe
  2⤵
  PID:9372
- C:\Windows\System\iMfmsoy.exe
  C:\Windows\System\iMfmsoy.exe
  2⤵
  PID:9424
- C:\Windows\System\blwiqQD.exe
  C:\Windows\System\blwiqQD.exe
  2⤵
  PID:9472
- C:\Windows\System\jfUhGtX.exe
  C:\Windows\System\jfUhGtX.exe
  2⤵
  PID:9488
- C:\Windows\System\hQSDWDM.exe
  C:\Windows\System\hQSDWDM.exe
  2⤵
  PID:9408
- C:\Windows\System\XDrpcpc.exe
  C:\Windows\System\XDrpcpc.exe
  2⤵
  PID:9520
- C:\Windows\System\SemHKDp.exe
  C:\Windows\System\SemHKDp.exe
  2⤵
  PID:9540
- C:\Windows\System\ObsWWyI.exe
  C:\Windows\System\ObsWWyI.exe
  2⤵
  PID:9572
- C:\Windows\System\kwOpLxF.exe
  C:\Windows\System\kwOpLxF.exe
  2⤵
  PID:9632
- C:\Windows\System\MSpjmTr.exe
  C:\Windows\System\MSpjmTr.exe
  2⤵
  PID:9664
- C:\Windows\System\fhgAfia.exe
  C:\Windows\System\fhgAfia.exe
  2⤵
  PID:9652
- C:\Windows\System\SBxZrgG.exe
  C:\Windows\System\SBxZrgG.exe
  2⤵
  PID:9760
- C:\Windows\System\rkCJwQw.exe
  C:\Windows\System\rkCJwQw.exe
  2⤵
  PID:9764
- C:\Windows\System\sBUorMp.exe
  C:\Windows\System\sBUorMp.exe
  2⤵
  PID:9744
- C:\Windows\System\zqnbtAN.exe
  C:\Windows\System\zqnbtAN.exe
  2⤵
  PID:9824
- C:\Windows\System\lODFYIz.exe
  C:\Windows\System\lODFYIz.exe
  2⤵
  PID:9860
- C:\Windows\System\jdnWXHT.exe
  C:\Windows\System\jdnWXHT.exe
  2⤵
  PID:9808
- C:\Windows\System\UuzTlFi.exe
  C:\Windows\System\UuzTlFi.exe
  2⤵
  PID:9840
- C:\Windows\System\tqENgiL.exe
  C:\Windows\System\tqENgiL.exe
  2⤵
  PID:9904
- C:\Windows\System\AATmVBL.exe
  C:\Windows\System\AATmVBL.exe
  2⤵
  PID:9988
- C:\Windows\System\MVrtkUe.exe
  C:\Windows\System\MVrtkUe.exe
  2⤵
  PID:9936
- C:\Windows\System\mwHClpT.exe
  C:\Windows\System\mwHClpT.exe
  2⤵
  PID:10036
- C:\Windows\System\nURShAp.exe
  C:\Windows\System\nURShAp.exe
  2⤵
  PID:10096
- C:\Windows\System\vgmoXkI.exe
  C:\Windows\System\vgmoXkI.exe
  2⤵
  PID:10052
- C:\Windows\System\QXBTTjV.exe
  C:\Windows\System\QXBTTjV.exe
  2⤵
  PID:10152
- C:\Windows\System\toynXYY.exe
  C:\Windows\System\toynXYY.exe
  2⤵
  PID:10136
- C:\Windows\System\PdSEEPA.exe
  C:\Windows\System\PdSEEPA.exe
  2⤵
  PID:10212
- C:\Windows\System\tPCGWKY.exe
  C:\Windows\System\tPCGWKY.exe
  2⤵
  PID:10196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CSFTKyT.exe

Filesize
6.0MB

MD5
b6826aabcfcc3788aa15cfc2e0073467

SHA1
b16eb5641fa47b037898a60d38904ca90cedf45a

SHA256
7a32232e2e26882cb07d07427fbab7369a50d4d08cfcd3b7eb3a14ed3d3ff36e

SHA512
8b1babd320edb8cc7abe2130205767c9627ed9bf8da84743ef1c25060319e363c873cf690431f56109ee65713ca468f61bb0619a63411d8b64b970a4d5fd6d98

Download Submit
C:\Windows\system\Ezeflly.exe

Filesize
6.0MB

MD5
7dda780b659e0daa61e2eb90cea3a5aa

SHA1
095f4f2de2d3a5a21cdba7bf3e3d6f0e05fd7040

SHA256
6cde1539880a80e4d819743114a0598a4bbb07c52ed84da7480e9f8c17f33448

SHA512
e9c5c96a5cb72277581526927b6dcd2c2928cc527e01e195f01d75eafe5bf4ab75ae5203426d60def71d69aa60f46c11009a0d3a6f076b36485725892e904460

Download Submit
C:\Windows\system\HSStVFG.exe

Filesize
6.0MB

MD5
fe3b9a07aa7a93624de312d0e3c4785e

SHA1
805c85b06e00bd5e381911e16d2a7e27f342c609

SHA256
0ec4425476cf470fc94a85e51e6a1d9c453a1345bdcd7f4d550e873e35477935

SHA512
6c068eb7e6c26da416a7883041d64d7e22add44714ae2b3e525d76e6b3abc32cd5d0e79220dfa9c22dde3d590cced81cb111d55302da8bf3cdb8b93312d0bf9b

Download Submit
C:\Windows\system\JPwGBlr.exe

Filesize
6.0MB

MD5
2e0b47856ca197c40f6b20b13c825ad3

SHA1
103437ef89cacd4136187b6b953dc9dd90a2a02a

SHA256
86b60e2be0dacefabace6d7b8bd0548a95f30f6da4b37262b8f218064cc45ae7

SHA512
8e121359d7fd0d6326d68c9992e4bab88ff0036535f9dce9cc678227f7486805f93cd6d53274e8fc209907042201dd834b7244ac13c57eb1020ee96cbb20b546

Download Submit
C:\Windows\system\KLclrib.exe

Filesize
6.0MB

MD5
96f4bc32cb7a07f408e06d1b0ede7a9d

SHA1
635dccf8aca40927277cab4ad2bb1474563c35cc

SHA256
5446b298d00771bcfd5172c87698e0ee601ecfbac81632fcf7af50a290b3fb7b

SHA512
f01ac181228f780304f91bb7e10a93dd374174a855047cbf09ffc4bf53fc769fea5881cebafa3bc2cfc88a8bea6eee852e0dc0f543726ed00d1e84b03435bab4

Download Submit
C:\Windows\system\LJLRdns.exe

Filesize
6.0MB

MD5
d5d2a8cc21798acb31ee114b9671c850

SHA1
37ecc834858ebff09d13c6b27fddf3b99a29bb25

SHA256
b08d90813aa58f25393a4465a38e55aceab524e181d2ae5fdc5fb67747efed91

SHA512
560aed7a3237506a1a89ec8cd55754210234ca76673d29ecbb1a89b57ded6a90bfbba45b4a918f30ec02a3f11489a22ccff5f5d681e6ac20e6f886b6e9f448b6

Download Submit
C:\Windows\system\MKczBvT.exe

Filesize
6.0MB

MD5
2b4ac37d3d9a1cdecfaec08940067923

SHA1
af9e58b5fbcaa76575481c99fde996bbf53e23b3

SHA256
db97076a8471edb9764e1cb74d6cb83f2161b8d5187386a708aab041d1e5c897

SHA512
1585b74547f0df46af820862565ad9e40751b8fe9136f5e1a9a68f16fd3242293a786813b25ca147ecf07d53b695ce8a1ca3112220d5fa2389b2401cee859f32

Download Submit
C:\Windows\system\NpeotIl.exe

Filesize
6.0MB

MD5
025fc3171cb51fb787982d054b6441af

SHA1
e9b21f5c8e6e1df5ce98194c8a68a5f0cdc0a4ea

SHA256
cea0145d9a28dbe600fcbb02d33e8daf94b216d5839438cc30e30019015edb47

SHA512
80fdcc97ac2850e4da6adab0ce0aede827b63bff3a0a1b1b2d20624458d7f7b7c33c5ba40803703e43859cf1ba4aefb4a939d3acade447f7c40fc7db46abe915

Download Submit
C:\Windows\system\OzjJOpy.exe

Filesize
6.0MB

MD5
8c3316d1684b001d7fc5ce14eec3df4d

SHA1
967b12744500c3d16d2366851e453d32e3a02279

SHA256
c849748cb711f9b6f6544abf16c984c5a998ab307d89b57034779787d1e1ec25

SHA512
2b69fef75023b65916e669abc4bde557db1eb4d547c8ef064eb4fefb228206383ad38b4fd706271e0d1476c744a3fb54209a30b166e3a637f893d6c75d980964

Download Submit
C:\Windows\system\PHdNlvs.exe

Filesize
6.0MB

MD5
20b0d1f82db85a395e6ac42cffad2d88

SHA1
6674d44ab86b1525734194aac7205b7355e26f05

SHA256
bac9f65f950cdc4ae922b17bc7014ec94fcf5a6bc771474aaa3c616c1f0a856a

SHA512
fbaea12687c0b4a69d876ce19de2d4177d78283ff6ec916c4a2cfeffd5d33a0e13f035bec46efda47267a2f6369112154bd7c06e686d1efcba9ff463fefe31e4

Download Submit
C:\Windows\system\PZhgHsz.exe

Filesize
6.0MB

MD5
20fc116ef961c8418c65c64cfbd11d2e

SHA1
31c8d587d6c0bcdb2fdd33ac08aa7a746ec7887e

SHA256
a72efbbf92f27673fce6d71bb0f1bc8f1c47a06cbb96162b103d90daaab8fc3a

SHA512
6d912d5f73369cdd0ae91602901ea91f96562f9efcb1d849bfb28b6c78f73b9b28d2ccfb5ba7b91d2e6002d027cdd3523fc7598f68a4a5cd839f3cf83a19ff84

Download Submit
C:\Windows\system\RAyoqFf.exe

Filesize
6.0MB

MD5
0ed4c65fc96811fb50f9815c1350fc94

SHA1
5b3b7014389d80a74310017a5e02b4bd71059571

SHA256
46c8d78b143b612e5ac4f70e922185684e8f68a5a6f30ae9993ed40a7139fd56

SHA512
bdeb495a040275be63109e44b0c2a7f7b85bb67744922386f4e9b1ee30319a427c1d3429a083beec48ae3349ea29a70c7548cf1e90d9c86cc24342ae1ea86ab2

Download Submit
C:\Windows\system\RtfUtKL.exe

Filesize
6.0MB

MD5
dd44f42c36724a252b1e225b38030437

SHA1
df52ea1fc26f429a141abe467b1176bb5dddc015

SHA256
a5a1e142e816309cb20286193e14207aaf9303a491843b58ff3f189e7078c1d1

SHA512
d688f991615b6767f18d40bee5da3d65db88319624a80723b913c1558b153ab9d93d8714b6507443901e0ad8d9bfc7ccfe5f59d5f06a1006e136365a35c13e44

Download Submit
C:\Windows\system\TIYvUbq.exe

Filesize
6.0MB

MD5
61ed8376705de408c48f6aea39629666

SHA1
98d43d8256720fd145c630277d555f44dd45e8b8

SHA256
465bcc3979714a259fc2cccd9a915fac27dc24621b7c5abf6b23807d668a0f0c

SHA512
a32e12f5b0e306979d1a4e7d3d2bbddd1e120e588315b3b2928cae1d633f63dd7e3fe29bb7f90155e85d5ec5f4f700f3eb588f4a03c54a19dfba3d0fb97f243e

Download Submit
C:\Windows\system\UORIpXf.exe

Filesize
6.0MB

MD5
d81e2e3598954eb3dd82158963118c38

SHA1
df76c40f712dd90be217fae79dc6588f8b516ccf

SHA256
7587aa159987253f39ba56fbba83177eb3b9bda3d2bee2e3b9fab0b5de437db9

SHA512
c6f7d4f87dbb983ea325b640840613842e5b50aad19d055958c11155d60a5c60eda819f91e6fa1089fa9d563d773423491c78e01395428e51e1a93f8a71cba35

Download Submit
C:\Windows\system\USGBTPm.exe

Filesize
6.0MB

MD5
9b74976f1ad8edab2be82482787a897b

SHA1
2bb50b613bcf594a449bc779580e245f9a320dc5

SHA256
c94c9f52318bb97ebfb6e9bb2c1cfad0eed0cf4ed8c33a4d91973c1ebc5b5da4

SHA512
884deaddb95835e32aada5b3228d22b66a17585360a2d72e4a93bb935a86f59375dc2aeea8b6f95658b4aaf43a2a9850c6924a593e54f5f4f62dea50843529af

Download Submit
C:\Windows\system\VUEDuKn.exe

Filesize
6.0MB

MD5
f33b668fe65f93c26ad77d1560ef5d7e

SHA1
ca76a1b603fd860f2d2e227e0266ab00758071f8

SHA256
0f668c8588f9d7f2be3150c7493914734a406f56822d505b0f762474fb51f3e0

SHA512
3e1b17ba06190b6bbd0511bb00bd974961afa6bc21a15d0763daab863924564c1660dd4ff8d996542d7eaf3b40b8f4c6a25b502724494670ef9038def4df7e74

Download Submit
C:\Windows\system\cIxyRuB.exe

Filesize
6.0MB

MD5
593bf838d46bfbb8fdd457d8d2217817

SHA1
ad50a9f99ca3edb29f2760b94e4ffad9c6bf1fad

SHA256
9af54325e786f8d64dca46240c357bf4e4d8e35ba22056bf298a8c4739d5b944

SHA512
a3fdf8cb406f6532bebfcc18dde72febebc2614037f142f51bd916b9bd5762f62900b668b53f46e36de09d1547f76dad532ab877839f0f51293c5ac4957f5cee

Download Submit
C:\Windows\system\dRNyYmz.exe

Filesize
6.0MB

MD5
30a5d127660d09f263c7c0bc40038943

SHA1
23592a89af8e0d9cd67f464178aa447a948ba762

SHA256
88a91c41369a415f246ab5d448dd3042635b64d92755f8b8282e3ebf276c266e

SHA512
6d841a0cb6337dd8804605309cec40626b1f2cc394ca0e4fab44430fefaa343b3551399b1976c2369fabb4bbff0abc6d1ed1886224e1dbf82a08895db6199a4d

Download Submit
C:\Windows\system\eYvVbjT.exe

Filesize
6.0MB

MD5
e07180a7e2bc8c3470befdfe853930d7

SHA1
7e7305d880f0a74a6277c8e93b4512911d025a43

SHA256
c0d6dfaf149eab6945d58b87d7ac6d76a846bc3bf6e20466f76c850f8f324a2f

SHA512
569dd1d84900e5d1f359ca2224478e6f737a8643badb1481584240031193d76949e102d127c131ad1e60ff0669d5163301cf6bba51bbe16f2fc5dc22e94702e4

Download Submit
C:\Windows\system\eaVYRoW.exe

Filesize
6.0MB

MD5
a0deb14028836ea8de41471839f403a9

SHA1
523a80ffa8acbd4f8bb12fdd7030dc05067a2ccc

SHA256
394dfb2993354b96fb3606d9df3a8e66535aa33b0eef4814f32eab1b045eef2d

SHA512
6b75683c1623656a8431cbbf0f790a6fe96b552694acfd4779e90d435f3d68016154878ecad72099dafc1151a7aea19af9dae97dfcaf7a6f82aadc34edcbcb92

Download Submit
C:\Windows\system\gdCPFUB.exe

Filesize
6.0MB

MD5
e2d5e19a3e1e4de1c7a4d3b002ba18ed

SHA1
a75729ad6004f50b4148d3e1ccbcfa759809063d

SHA256
8a2ca8b5a86f177f18302b43ab2f77c01bf47da16e24ac0fce25e6610cf388e6

SHA512
c3edfce92891d73416cfc6202610455c0cff4b80b39c2909017283d30b8baaca4bc383a4866f65dd16a66d8d3c166b894550a9079fd048cda93ebe3cdc9f1c24

Download Submit
C:\Windows\system\hhtjvKw.exe

Filesize
6.0MB

MD5
44ef5452af1cf892bf1095bb96a11393

SHA1
4b6e9a493050492cbc033030490d475c226f8aa6

SHA256
24d3b46359c1f679bb875f89c5ea2ca00e9c149ec845ea6a2782dac24ad4fc2a

SHA512
b946095c63d0f4c9118d9c1b4dc031196307f926f2931f48f8cd89a35268f05d04b38277471b5c87f7543a962ff9d40adc3d4a16f28ef3e813b08a4b2905bbaf

Download Submit
C:\Windows\system\irVzjnm.exe

Filesize
6.0MB

MD5
575c453ef94b272041a0ddd8d75fd764

SHA1
67cd43af39eef06d59fd2a87673c488710433415

SHA256
b1923cc65251df2eef862851ca84f21e52edfe7f56c76d7cc990ace90d2e5079

SHA512
f39a4feaf32df4023b1da8d86e63096f9d272cc01bf236b4cdb0b87ab819459f7ef7166402b0d63d0fd105e62cb3101df7eda8bdbd1a4e1566b5e8d14784dd31

Download Submit
C:\Windows\system\npjPSKa.exe

Filesize
6.0MB

MD5
4a46668d3992eca627ff2694235204f2

SHA1
94abaee52b380ab782073d84c397f5b5c87e72ca

SHA256
bdecac4e8440fc618756e8f37ccbf784044715e90e200ad3b823704b83e63233

SHA512
9c782eaab3e6b8fd63effe7a8eba0417d822e1379642bbed72446528b6c23ea0b515b5cf18a9813dddd145498c19446034ad981a36cb038d492ba1f27c7b2e03

Download Submit
C:\Windows\system\odJUyCB.exe

Filesize
6.0MB

MD5
d0ceeb28650ce07b41c6a41ad9117bec

SHA1
c600a66db2419b78d9d8d77519a97eabe8e78bcc

SHA256
fe8697adfe730ce172a1540b62d9541e3df33761046261b65e9c6433b48531b3

SHA512
277648edd2b9949768b1b26acafdda5a27b85282003d81ddb9b4619c5ebb96f59e3a826b3e218e729c291f29b4fadbcf5b0c7541a29e16d2045f2f012b71b457

Download Submit
C:\Windows\system\tmIXEXn.exe

Filesize
6.0MB

MD5
e34f5d1dd5d008036a1d1e8d2c0a47a3

SHA1
d7a7aec7537dfa4ebbd06fd5f7e74ab1547e161e

SHA256
f02cebae2e18d623984dbcbd9b4675f26dab1952a741720ac6a6dcd5f9b204ca

SHA512
0c4eb79f17b4adf227ddba2f2aae989b626b4f98e44c70d5aa72ff76b16625b4c4c756d8dcdf3f240bec7dc15884aa4ade8d1bd63a1e663a8f6d8591b2cd3733

Download Submit
C:\Windows\system\wULuCMw.exe

Filesize
6.0MB

MD5
84b1769a65e63ffca75d1159ba63aeff

SHA1
94857f6f23f2e916731473c6b5ab60420ec06188

SHA256
5d9f9cbf9b5d8b90b3192bc9ba2204f712f308a227cc9b43eff67124ddc72215

SHA512
cae5c13bcdcdd9a5951e0039c7a147aa7d9bba2a6ca9880b3158781d17102207ce5708b93c3421b7747718a52059930d27903d8176bc9b14f096b992d55f2b52

Download Submit
C:\Windows\system\yOFqKoV.exe

Filesize
6.0MB

MD5
58884922ed3cbc22fd9d33511b620cdd

SHA1
a7cec7f359455d88fc04d916b9eb193616ee3a0e

SHA256
f9f58ce6d11725e85a2e1577a6c2ee99468e571819c36da68c3d34f5e27e9db4

SHA512
af93315b906be5831b3b6287c97569a6040c3ae7de240f27c79111fedff720f14e85aa94721656aaee8765b316c927f56b69e08c72cf148a51118f4fa7e2115f

Download Submit
\Windows\system\KugEHDI.exe

Filesize
6.0MB

MD5
bf41a2ddcd264e0af3785fd0e5b9f69c

SHA1
4ba4f85e641ad099a25700e82b2bf26914280793

SHA256
1399aa43f3d5a5061ff41f1470e58716e25a68f40ec0c3074407be0749139e2f

SHA512
40f826bd5a22ad25ce4303ac20fa9ac0be8f29b584111de2fda634fae868319581b42fa9e06dab0929f2655d03109513b94bc4f6cfe21a1553300dd82caa3a1b

Download Submit
\Windows\system\OkOdkso.exe

Filesize
6.0MB

MD5
ffb21b34f4d543f59a393bcf38a83172

SHA1
7b98c5456000d6330f78c763931dcdc86a6c0e40

SHA256
40adb7aaf5faf5af39ba46ead38baf6cb4266a46f1fddb1bcad844ca9fa46fa1

SHA512
613f3accd176a93bd0b957427d518ff83128fd7876cc83eba3a04cb043fcdec4d2a8c7ff6e36d92cf73f0bc429f43e2a0a2381ab06116b80bd71adde37fd6aac

Download Submit
\Windows\system\PppjWhh.exe

Filesize
6.0MB

MD5
c82cbb1e79cd8fda7a96c2c08b70f615

SHA1
a14f44073f667d98bb27d2e1ec87f54df71e067e

SHA256
e5a95f266f5fc94a3852b2fc7ad139c5c2fee0234df1611bb21aec0f10eaf9e6

SHA512
320ab3862bc0b215501b68f627d69ef5f3502bb7989d70171bc8dad57887e99687ef0a81def8891ce19004b90991534dc41981613d4fba2023ff7017ab7bd0ca

Download Submit
\Windows\system\enxKypA.exe

Filesize
6.0MB

MD5
113e1968a2b6d460ee4ac16750899abf

SHA1
67d0a4c2d588c1d3db05ff9370ad48f7fc10e58f

SHA256
38aab89e67e32441ffbbd49dd222e6a07821dd5f610d338aba1ed8c7f414c4a2

SHA512
6ec90f4f9ea0b5b58a9c5e225cdb3f667a55779bb7a59494e365b010430a50e4db5ca90f170e6405436ff3d40d4149a3f48683555155145b8410785e008288b0

Download Submit
memory/536-2810-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/536-102-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1440-70-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1440-2772-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1608-2812-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1608-88-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2288-25-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2790-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2668-103-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-2809-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-61-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2684-688-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2684-94-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2684-84-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2684-0-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-52-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-75-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2684-74-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2684-73-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2684-276-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2684-277-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2684-543-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2684-60-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2684-9-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2684-42-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2684-109-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2684-50-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2684-13-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2684-27-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2684-36-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2684-18-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2696-24-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2680-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2764-85-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2764-2807-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2764-29-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2812-2683-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2812-37-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2840-26-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2840-2705-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2884-51-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2884-2686-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2908-43-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2908-96-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2908-2802-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2948-2770-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2948-76-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2996-95-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2791-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2808-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3060-83-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download