cobaltstrike | 470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
Size

6.0MB
MD5

78340e29d05fa72e11989e36a1065ea5
SHA1

9de006f58f0e770fa9521ff165723a860560e954
SHA256

470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5
SHA512

2c7610b30516e15569480f4d904cde014e193daf617591754bc5754c4b726610288f46fbc3d5e5c9ebccd0eb3269c9bf494bb91efbe11c32a9c546c929d9ac3a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU2:T+q56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012263-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015ed2-13.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f96-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016009-24.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015db6-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016210-35.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000164db-46.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-65.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016645-59.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016334-57.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edb-78.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f3-87.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-97.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017400-105.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-128.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-184.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-189.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-179.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-174.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-169.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-154.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-159.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-135.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-138.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-124.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-119.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707c-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb8-77.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2376-0-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012263-6.dat	xmrig
behavioral1/files/0x0008000000015ed2-13.dat	xmrig
behavioral1/memory/576-14-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2968-16-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0008000000015f96-10.dat	xmrig
behavioral1/memory/2424-21-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x0008000000016009-24.dat	xmrig
behavioral1/files/0x0009000000015db6-28.dat	xmrig
behavioral1/files/0x0007000000016210-35.dat	xmrig
behavioral1/memory/2984-41-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2376-47-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x00070000000164db-46.dat	xmrig
behavioral1/memory/2840-45-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2712-38-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x0006000000016de8-65.dat	xmrig
behavioral1/memory/2424-66-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2724-61-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2616-70-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2968-60-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0009000000016645-59.dat	xmrig
behavioral1/memory/2888-58-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016334-57.dat	xmrig
behavioral1/memory/2376-56-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/memory/2788-55-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2376-54-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016edb-78.dat	xmrig
behavioral1/files/0x00060000000173f3-87.dat	xmrig
behavioral1/files/0x0006000000017403-97.dat	xmrig
behavioral1/files/0x0006000000017400-105.dat	xmrig
behavioral1/memory/2376-109-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/files/0x00060000000174c3-128.dat	xmrig
behavioral1/files/0x000600000001746a-116.dat	xmrig
behavioral1/files/0x0005000000018697-146.dat	xmrig
behavioral1/files/0x0005000000018696-145.dat	xmrig
behavioral1/memory/2616-515-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/3052-599-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2724-321-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2888-320-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2376-267-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/memory/2788-201-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2376-200-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191d2-184.dat	xmrig
behavioral1/files/0x00050000000191f6-189.dat	xmrig
behavioral1/files/0x00060000000190e1-179.dat	xmrig
behavioral1/files/0x000600000001904c-174.dat	xmrig
behavioral1/files/0x0006000000018f65-169.dat	xmrig
behavioral1/files/0x0006000000018c44-164.dat	xmrig
behavioral1/files/0x00050000000187a2-154.dat	xmrig
behavioral1/files/0x0006000000018c34-159.dat	xmrig
behavioral1/files/0x000600000001757f-135.dat	xmrig
behavioral1/files/0x0015000000018676-138.dat	xmrig
behavioral1/files/0x00060000000174a6-124.dat	xmrig
behavioral1/files/0x0006000000017488-119.dat	xmrig
behavioral1/memory/2572-104-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x000600000001707c-100.dat	xmrig
behavioral1/memory/3064-91-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/3052-89-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x0006000000016eb8-77.dat	xmrig
behavioral1/memory/2712-73-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2968-2832-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/576-2839-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2424-2853-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2840-2874-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
576	sQWYEZu.exe
2968	vfVxoiA.exe
2424	qgmKAeI.exe
2840	oBQfXXG.exe
2712	ollnozy.exe
2984	DRfTqcI.exe
2788	PBiKmuZ.exe
2888	YRBfDpj.exe
2724	fwIAhcG.exe
2616	wyRqWPL.exe
3052	nSPrrnl.exe
3064	cUBPUvw.exe
2572	LdcBtsO.exe
1832	LcCirCd.exe
2392	DEDksRV.exe
1808	oepMORA.exe
1284	qVcnlbR.exe
1716	XFNKTUQ.exe
1088	iJmuBdd.exe
1368	EpYqDtD.exe
2780	qyIwDXr.exe
2800	sPpjrEW.exe
2192	yDyPpRR.exe
3036	toIXiFx.exe
2140	kZaSVwT.exe
616	jqgHeYc.exe
1696	nITfWJU.exe
448	WBlSjJM.exe
2564	iSwZfGS.exe
2912	PkrLZvk.exe
1960	zHZzMJI.exe
676	lPxcmkn.exe
1836	MQsBnXq.exe
1372	YKmPkCp.exe
1316	zUaJCTT.exe
344	wIlrDRM.exe
2272	nxJJiir.exe
2220	KfiCfjn.exe
1820	wtLGphv.exe
3004	WIJTBLI.exe
1200	NkkvSsc.exe
1736	bPlYuHd.exe
2080	LCVmhWI.exe
2056	rRHxigL.exe
2420	QIEZWjP.exe
580	PZyNRXl.exe
1148	NQfXAtF.exe
2172	aIIpkKJ.exe
1648	LNQwsEA.exe
2052	IEFqDJZ.exe
768	RRqQzQl.exe
2104	vygQkzd.exe
1600	mapmCvv.exe
2368	WWHACPj.exe
2164	EySeAHB.exe
2844	wmTZkvh.exe
2876	uDrytrr.exe
2364	BbpjbGh.exe
2708	rTrnSSK.exe
2756	WUDKpRl.exe
3048	gBtReNB.exe
1892	QwnqKbX.exe
1828	pxJfekQ.exe
776	PbagZLn.exe

Loads dropped DLL 64 IoCs

pid	Process
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2376-0-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x000b000000012263-6.dat	upx
behavioral1/files/0x0008000000015ed2-13.dat	upx
behavioral1/memory/576-14-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2968-16-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2376-12-0x0000000002300000-0x0000000002654000-memory.dmp	upx
behavioral1/files/0x0008000000015f96-10.dat	upx
behavioral1/memory/2424-21-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x0008000000016009-24.dat	upx
behavioral1/files/0x0009000000015db6-28.dat	upx
behavioral1/files/0x0007000000016210-35.dat	upx
behavioral1/memory/2984-41-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2376-47-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x00070000000164db-46.dat	upx
behavioral1/memory/2840-45-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2712-38-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x0006000000016de8-65.dat	upx
behavioral1/memory/2424-66-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2724-61-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2616-70-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2968-60-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0009000000016645-59.dat	upx
behavioral1/memory/2888-58-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x0007000000016334-57.dat	upx
behavioral1/memory/2788-55-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x0006000000016edb-78.dat	upx
behavioral1/files/0x00060000000173f3-87.dat	upx
behavioral1/files/0x0006000000017403-97.dat	upx
behavioral1/files/0x0006000000017400-105.dat	upx
behavioral1/files/0x00060000000174c3-128.dat	upx
behavioral1/files/0x000600000001746a-116.dat	upx
behavioral1/files/0x0005000000018697-146.dat	upx
behavioral1/files/0x0005000000018696-145.dat	upx
behavioral1/memory/2616-515-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/3052-599-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2724-321-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2888-320-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2788-201-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x00050000000191d2-184.dat	upx
behavioral1/files/0x00050000000191f6-189.dat	upx
behavioral1/files/0x00060000000190e1-179.dat	upx
behavioral1/files/0x000600000001904c-174.dat	upx
behavioral1/files/0x0006000000018f65-169.dat	upx
behavioral1/files/0x0006000000018c44-164.dat	upx
behavioral1/files/0x00050000000187a2-154.dat	upx
behavioral1/files/0x0006000000018c34-159.dat	upx
behavioral1/files/0x000600000001757f-135.dat	upx
behavioral1/files/0x0015000000018676-138.dat	upx
behavioral1/files/0x00060000000174a6-124.dat	upx
behavioral1/files/0x0006000000017488-119.dat	upx
behavioral1/memory/2572-104-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x000600000001707c-100.dat	upx
behavioral1/memory/3064-91-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/3052-89-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x0006000000016eb8-77.dat	upx
behavioral1/memory/2712-73-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2968-2832-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/576-2839-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2424-2853-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2840-2874-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2984-2875-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2712-2871-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2788-2882-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2724-2885-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VXmqcCA.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\kXGkaPG.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\FzmwRnJ.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\dUhjsTR.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\QHnhcwA.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\oADMXHD.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\FgLeBXg.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\JQiuVuv.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\SPKuzXL.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\AvrAaup.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\UIEmneZ.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\HfrsKXS.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\ILQWSYd.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\qdegktl.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\RVnemVn.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\chXBLDb.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\TEwIlJj.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\MBGKSfh.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\XFbBjms.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\KpCfUFp.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\OVXjMWi.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\KjwFcWz.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\VYBIeHZ.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\idlgMtI.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\KlVRebH.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\LlPIney.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\GpyiNqN.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\onTSDxw.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\wGWyntO.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\QTaRCQI.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\Tgnbfff.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\hxBTELO.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\strXrBw.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\UtzxofR.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\VbZbwtw.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\tbpkoen.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\JAnnoxm.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\iIwuRvS.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\UlfdwAV.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\zsDmaIk.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\ATlqdCl.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\LeNsahm.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\uzgiiLM.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\geVPsbK.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\zpuWkXZ.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\osvIJNP.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\YanQMjg.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\CObhPXr.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\kNJlyKr.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\NCSuoff.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\xVeXHGt.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\TNzbGil.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\rPARgDp.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\bzSHxUz.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\xrLseyK.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\QuQEmXS.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\oBbPMwu.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\geFBWpU.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\oLAvPzv.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\AdXHEQV.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\qQjTzQV.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\WuIezfM.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\apkIKUB.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
File created	C:\Windows\System\zKtbfEf.exe	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 576	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	32
PID 2376 wrote to memory of 576	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	32
PID 2376 wrote to memory of 576	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	32
PID 2376 wrote to memory of 2968	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	33
PID 2376 wrote to memory of 2968	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	33
PID 2376 wrote to memory of 2968	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	33
PID 2376 wrote to memory of 2424	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	34
PID 2376 wrote to memory of 2424	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	34
PID 2376 wrote to memory of 2424	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	34
PID 2376 wrote to memory of 2840	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	35
PID 2376 wrote to memory of 2840	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	35
PID 2376 wrote to memory of 2840	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	35
PID 2376 wrote to memory of 2984	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	36
PID 2376 wrote to memory of 2984	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	36
PID 2376 wrote to memory of 2984	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	36
PID 2376 wrote to memory of 2712	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	37
PID 2376 wrote to memory of 2712	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	37
PID 2376 wrote to memory of 2712	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	37
PID 2376 wrote to memory of 2888	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	38
PID 2376 wrote to memory of 2888	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	38
PID 2376 wrote to memory of 2888	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	38
PID 2376 wrote to memory of 2788	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	39
PID 2376 wrote to memory of 2788	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	39
PID 2376 wrote to memory of 2788	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	39
PID 2376 wrote to memory of 2724	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	40
PID 2376 wrote to memory of 2724	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	40
PID 2376 wrote to memory of 2724	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	40
PID 2376 wrote to memory of 2616	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	41
PID 2376 wrote to memory of 2616	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	41
PID 2376 wrote to memory of 2616	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	41
PID 2376 wrote to memory of 3052	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	42
PID 2376 wrote to memory of 3052	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	42
PID 2376 wrote to memory of 3052	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	42
PID 2376 wrote to memory of 3064	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	43
PID 2376 wrote to memory of 3064	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	43
PID 2376 wrote to memory of 3064	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	43
PID 2376 wrote to memory of 1832	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	44
PID 2376 wrote to memory of 1832	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	44
PID 2376 wrote to memory of 1832	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	44
PID 2376 wrote to memory of 2572	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	45
PID 2376 wrote to memory of 2572	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	45
PID 2376 wrote to memory of 2572	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	45
PID 2376 wrote to memory of 1808	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	46
PID 2376 wrote to memory of 1808	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	46
PID 2376 wrote to memory of 1808	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	46
PID 2376 wrote to memory of 2392	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	47
PID 2376 wrote to memory of 2392	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	47
PID 2376 wrote to memory of 2392	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	47
PID 2376 wrote to memory of 1284	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	48
PID 2376 wrote to memory of 1284	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	48
PID 2376 wrote to memory of 1284	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	48
PID 2376 wrote to memory of 1716	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	49
PID 2376 wrote to memory of 1716	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	49
PID 2376 wrote to memory of 1716	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	49
PID 2376 wrote to memory of 1088	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	50
PID 2376 wrote to memory of 1088	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	50
PID 2376 wrote to memory of 1088	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	50
PID 2376 wrote to memory of 1368	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	51
PID 2376 wrote to memory of 1368	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	51
PID 2376 wrote to memory of 1368	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	51
PID 2376 wrote to memory of 2780	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	52
PID 2376 wrote to memory of 2780	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	52
PID 2376 wrote to memory of 2780	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	52
PID 2376 wrote to memory of 2800	2376	470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe	53

C:\Users\Admin\AppData\Local\Temp\470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe
"C:\Users\Admin\AppData\Local\Temp\470cba7bb284daaa92c0f76774e1b68b651a5bea29a795819a1918f09cd92fd5.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\System\sQWYEZu.exe
  C:\Windows\System\sQWYEZu.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\vfVxoiA.exe
  C:\Windows\System\vfVxoiA.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\qgmKAeI.exe
  C:\Windows\System\qgmKAeI.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\oBQfXXG.exe
  C:\Windows\System\oBQfXXG.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\DRfTqcI.exe
  C:\Windows\System\DRfTqcI.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\ollnozy.exe
  C:\Windows\System\ollnozy.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\YRBfDpj.exe
  C:\Windows\System\YRBfDpj.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\PBiKmuZ.exe
  C:\Windows\System\PBiKmuZ.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\fwIAhcG.exe
  C:\Windows\System\fwIAhcG.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\wyRqWPL.exe
  C:\Windows\System\wyRqWPL.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\nSPrrnl.exe
  C:\Windows\System\nSPrrnl.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\cUBPUvw.exe
  C:\Windows\System\cUBPUvw.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\LcCirCd.exe
  C:\Windows\System\LcCirCd.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\LdcBtsO.exe
  C:\Windows\System\LdcBtsO.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\oepMORA.exe
  C:\Windows\System\oepMORA.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\DEDksRV.exe
  C:\Windows\System\DEDksRV.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\qVcnlbR.exe
  C:\Windows\System\qVcnlbR.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\XFNKTUQ.exe
  C:\Windows\System\XFNKTUQ.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\iJmuBdd.exe
  C:\Windows\System\iJmuBdd.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\EpYqDtD.exe
  C:\Windows\System\EpYqDtD.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\qyIwDXr.exe
  C:\Windows\System\qyIwDXr.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\sPpjrEW.exe
  C:\Windows\System\sPpjrEW.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\yDyPpRR.exe
  C:\Windows\System\yDyPpRR.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\toIXiFx.exe
  C:\Windows\System\toIXiFx.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\kZaSVwT.exe
  C:\Windows\System\kZaSVwT.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\jqgHeYc.exe
  C:\Windows\System\jqgHeYc.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\nITfWJU.exe
  C:\Windows\System\nITfWJU.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\WBlSjJM.exe
  C:\Windows\System\WBlSjJM.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\iSwZfGS.exe
  C:\Windows\System\iSwZfGS.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\PkrLZvk.exe
  C:\Windows\System\PkrLZvk.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\zHZzMJI.exe
  C:\Windows\System\zHZzMJI.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\lPxcmkn.exe
  C:\Windows\System\lPxcmkn.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\MQsBnXq.exe
  C:\Windows\System\MQsBnXq.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\YKmPkCp.exe
  C:\Windows\System\YKmPkCp.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\zUaJCTT.exe
  C:\Windows\System\zUaJCTT.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\wIlrDRM.exe
  C:\Windows\System\wIlrDRM.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\nxJJiir.exe
  C:\Windows\System\nxJJiir.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\KfiCfjn.exe
  C:\Windows\System\KfiCfjn.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\wtLGphv.exe
  C:\Windows\System\wtLGphv.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\WIJTBLI.exe
  C:\Windows\System\WIJTBLI.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\NkkvSsc.exe
  C:\Windows\System\NkkvSsc.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\bPlYuHd.exe
  C:\Windows\System\bPlYuHd.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\LCVmhWI.exe
  C:\Windows\System\LCVmhWI.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\rRHxigL.exe
  C:\Windows\System\rRHxigL.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\QIEZWjP.exe
  C:\Windows\System\QIEZWjP.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\PZyNRXl.exe
  C:\Windows\System\PZyNRXl.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\NQfXAtF.exe
  C:\Windows\System\NQfXAtF.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\aIIpkKJ.exe
  C:\Windows\System\aIIpkKJ.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\LNQwsEA.exe
  C:\Windows\System\LNQwsEA.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\IEFqDJZ.exe
  C:\Windows\System\IEFqDJZ.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\RRqQzQl.exe
  C:\Windows\System\RRqQzQl.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\vygQkzd.exe
  C:\Windows\System\vygQkzd.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\mapmCvv.exe
  C:\Windows\System\mapmCvv.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\WWHACPj.exe
  C:\Windows\System\WWHACPj.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\EySeAHB.exe
  C:\Windows\System\EySeAHB.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\wmTZkvh.exe
  C:\Windows\System\wmTZkvh.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\uDrytrr.exe
  C:\Windows\System\uDrytrr.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\BbpjbGh.exe
  C:\Windows\System\BbpjbGh.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\rTrnSSK.exe
  C:\Windows\System\rTrnSSK.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\WUDKpRl.exe
  C:\Windows\System\WUDKpRl.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\gBtReNB.exe
  C:\Windows\System\gBtReNB.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\QwnqKbX.exe
  C:\Windows\System\QwnqKbX.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\pxJfekQ.exe
  C:\Windows\System\pxJfekQ.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\PbagZLn.exe
  C:\Windows\System\PbagZLn.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\fvjIUQJ.exe
  C:\Windows\System\fvjIUQJ.exe
  2⤵
  PID:320
- C:\Windows\System\TpvNUZN.exe
  C:\Windows\System\TpvNUZN.exe
  2⤵
  PID:2704
- C:\Windows\System\TiGAoiM.exe
  C:\Windows\System\TiGAoiM.exe
  2⤵
  PID:1840
- C:\Windows\System\ghPHRxt.exe
  C:\Windows\System\ghPHRxt.exe
  2⤵
  PID:2672
- C:\Windows\System\oTLTaOJ.exe
  C:\Windows\System\oTLTaOJ.exe
  2⤵
  PID:2208
- C:\Windows\System\zwvqLpg.exe
  C:\Windows\System\zwvqLpg.exe
  2⤵
  PID:2168
- C:\Windows\System\HlNXHLC.exe
  C:\Windows\System\HlNXHLC.exe
  2⤵
  PID:1108
- C:\Windows\System\JcylaNM.exe
  C:\Windows\System\JcylaNM.exe
  2⤵
  PID:2948
- C:\Windows\System\zQWSawz.exe
  C:\Windows\System\zQWSawz.exe
  2⤵
  PID:1664
- C:\Windows\System\FgNTSYW.exe
  C:\Windows\System\FgNTSYW.exe
  2⤵
  PID:1500
- C:\Windows\System\RLJUCzQ.exe
  C:\Windows\System\RLJUCzQ.exe
  2⤵
  PID:2796
- C:\Windows\System\pLVNqXB.exe
  C:\Windows\System\pLVNqXB.exe
  2⤵
  PID:1348
- C:\Windows\System\fSuoSoU.exe
  C:\Windows\System\fSuoSoU.exe
  2⤵
  PID:3008
- C:\Windows\System\qdegktl.exe
  C:\Windows\System\qdegktl.exe
  2⤵
  PID:1784
- C:\Windows\System\omQvJuj.exe
  C:\Windows\System\omQvJuj.exe
  2⤵
  PID:1544
- C:\Windows\System\XkrsFGZ.exe
  C:\Windows\System\XkrsFGZ.exe
  2⤵
  PID:1540
- C:\Windows\System\JGTzTmF.exe
  C:\Windows\System\JGTzTmF.exe
  2⤵
  PID:1144
- C:\Windows\System\GvArkzD.exe
  C:\Windows\System\GvArkzD.exe
  2⤵
  PID:1484
- C:\Windows\System\gWZfrsO.exe
  C:\Windows\System\gWZfrsO.exe
  2⤵
  PID:2528
- C:\Windows\System\TWwQhRx.exe
  C:\Windows\System\TWwQhRx.exe
  2⤵
  PID:2176
- C:\Windows\System\QGANjIv.exe
  C:\Windows\System\QGANjIv.exe
  2⤵
  PID:1880
- C:\Windows\System\eVpbQup.exe
  C:\Windows\System\eVpbQup.exe
  2⤵
  PID:940
- C:\Windows\System\KTthNwq.exe
  C:\Windows\System\KTthNwq.exe
  2⤵
  PID:2112
- C:\Windows\System\lnebPkf.exe
  C:\Windows\System\lnebPkf.exe
  2⤵
  PID:2348
- C:\Windows\System\aGAQZYL.exe
  C:\Windows\System\aGAQZYL.exe
  2⤵
  PID:2836
- C:\Windows\System\PhaWIHc.exe
  C:\Windows\System\PhaWIHc.exe
  2⤵
  PID:2592
- C:\Windows\System\xBrhbjL.exe
  C:\Windows\System\xBrhbjL.exe
  2⤵
  PID:2624
- C:\Windows\System\mVAdFFv.exe
  C:\Windows\System\mVAdFFv.exe
  2⤵
  PID:2068
- C:\Windows\System\FpJQAwR.exe
  C:\Windows\System\FpJQAwR.exe
  2⤵
  PID:2408
- C:\Windows\System\AFgnnVZ.exe
  C:\Windows\System\AFgnnVZ.exe
  2⤵
  PID:628
- C:\Windows\System\rSaHiFA.exe
  C:\Windows\System\rSaHiFA.exe
  2⤵
  PID:2000
- C:\Windows\System\HVSvsYx.exe
  C:\Windows\System\HVSvsYx.exe
  2⤵
  PID:1056
- C:\Windows\System\tbQgSfN.exe
  C:\Windows\System\tbQgSfN.exe
  2⤵
  PID:2784
- C:\Windows\System\IpkDMXW.exe
  C:\Windows\System\IpkDMXW.exe
  2⤵
  PID:2188
- C:\Windows\System\IcqPmdM.exe
  C:\Windows\System\IcqPmdM.exe
  2⤵
  PID:1044
- C:\Windows\System\DMPZgjv.exe
  C:\Windows\System\DMPZgjv.exe
  2⤵
  PID:2264
- C:\Windows\System\JunDRlo.exe
  C:\Windows\System\JunDRlo.exe
  2⤵
  PID:2640
- C:\Windows\System\HrTMZGZ.exe
  C:\Windows\System\HrTMZGZ.exe
  2⤵
  PID:2560
- C:\Windows\System\YrTHvSo.exe
  C:\Windows\System\YrTHvSo.exe
  2⤵
  PID:1328
- C:\Windows\System\DdmNNMU.exe
  C:\Windows\System\DdmNNMU.exe
  2⤵
  PID:636
- C:\Windows\System\ucDNUvj.exe
  C:\Windows\System\ucDNUvj.exe
  2⤵
  PID:2088
- C:\Windows\System\JlzXYxc.exe
  C:\Windows\System\JlzXYxc.exe
  2⤵
  PID:2680
- C:\Windows\System\TCBwmXe.exe
  C:\Windows\System\TCBwmXe.exe
  2⤵
  PID:2496
- C:\Windows\System\ifYQiPK.exe
  C:\Windows\System\ifYQiPK.exe
  2⤵
  PID:2544
- C:\Windows\System\wMkyarL.exe
  C:\Windows\System\wMkyarL.exe
  2⤵
  PID:884
- C:\Windows\System\yMJQazS.exe
  C:\Windows\System\yMJQazS.exe
  2⤵
  PID:1596
- C:\Windows\System\DFklCrg.exe
  C:\Windows\System\DFklCrg.exe
  2⤵
  PID:2296
- C:\Windows\System\MrTfjHU.exe
  C:\Windows\System\MrTfjHU.exe
  2⤵
  PID:1404
- C:\Windows\System\sbiYKMQ.exe
  C:\Windows\System\sbiYKMQ.exe
  2⤵
  PID:2824
- C:\Windows\System\jLUWUaK.exe
  C:\Windows\System\jLUWUaK.exe
  2⤵
  PID:1296
- C:\Windows\System\vfKgiBA.exe
  C:\Windows\System\vfKgiBA.exe
  2⤵
  PID:1852
- C:\Windows\System\hbflqjr.exe
  C:\Windows\System\hbflqjr.exe
  2⤵
  PID:1132
- C:\Windows\System\VKTQNxS.exe
  C:\Windows\System\VKTQNxS.exe
  2⤵
  PID:1620
- C:\Windows\System\LJPOzey.exe
  C:\Windows\System\LJPOzey.exe
  2⤵
  PID:2956
- C:\Windows\System\dsugNFk.exe
  C:\Windows\System\dsugNFk.exe
  2⤵
  PID:2584
- C:\Windows\System\UaNcuZM.exe
  C:\Windows\System\UaNcuZM.exe
  2⤵
  PID:1888
- C:\Windows\System\oTxpHrJ.exe
  C:\Windows\System\oTxpHrJ.exe
  2⤵
  PID:2596
- C:\Windows\System\XFdAUxx.exe
  C:\Windows\System\XFdAUxx.exe
  2⤵
  PID:2508
- C:\Windows\System\ubtrmEM.exe
  C:\Windows\System\ubtrmEM.exe
  2⤵
  PID:1592
- C:\Windows\System\KiEWMBK.exe
  C:\Windows\System\KiEWMBK.exe
  2⤵
  PID:1776
- C:\Windows\System\qZvMDNd.exe
  C:\Windows\System\qZvMDNd.exe
  2⤵
  PID:1712
- C:\Windows\System\djqnyIe.exe
  C:\Windows\System\djqnyIe.exe
  2⤵
  PID:1772
- C:\Windows\System\TmZuwmc.exe
  C:\Windows\System\TmZuwmc.exe
  2⤵
  PID:1224
- C:\Windows\System\nFNJOsk.exe
  C:\Windows\System\nFNJOsk.exe
  2⤵
  PID:2148
- C:\Windows\System\aeCObGM.exe
  C:\Windows\System\aeCObGM.exe
  2⤵
  PID:1512
- C:\Windows\System\ydlsRQf.exe
  C:\Windows\System\ydlsRQf.exe
  2⤵
  PID:1488
- C:\Windows\System\bonlwTW.exe
  C:\Windows\System\bonlwTW.exe
  2⤵
  PID:1988
- C:\Windows\System\CuBMxZB.exe
  C:\Windows\System\CuBMxZB.exe
  2⤵
  PID:2472
- C:\Windows\System\XfiDLNE.exe
  C:\Windows\System\XfiDLNE.exe
  2⤵
  PID:2604
- C:\Windows\System\qIEKQNW.exe
  C:\Windows\System\qIEKQNW.exe
  2⤵
  PID:2432
- C:\Windows\System\nuedfPR.exe
  C:\Windows\System\nuedfPR.exe
  2⤵
  PID:2580
- C:\Windows\System\mHwXHlw.exe
  C:\Windows\System\mHwXHlw.exe
  2⤵
  PID:556
- C:\Windows\System\ZWeQWWY.exe
  C:\Windows\System\ZWeQWWY.exe
  2⤵
  PID:2660
- C:\Windows\System\VBmooOU.exe
  C:\Windows\System\VBmooOU.exe
  2⤵
  PID:1976
- C:\Windows\System\yTbEaEV.exe
  C:\Windows\System\yTbEaEV.exe
  2⤵
  PID:1408
- C:\Windows\System\kETNHVm.exe
  C:\Windows\System\kETNHVm.exe
  2⤵
  PID:2960
- C:\Windows\System\SQPBKCt.exe
  C:\Windows\System\SQPBKCt.exe
  2⤵
  PID:1728
- C:\Windows\System\bqmBqZs.exe
  C:\Windows\System\bqmBqZs.exe
  2⤵
  PID:3076
- C:\Windows\System\UAYAstO.exe
  C:\Windows\System\UAYAstO.exe
  2⤵
  PID:3096
- C:\Windows\System\HaMXzEm.exe
  C:\Windows\System\HaMXzEm.exe
  2⤵
  PID:3116
- C:\Windows\System\tVsGdnZ.exe
  C:\Windows\System\tVsGdnZ.exe
  2⤵
  PID:3136
- C:\Windows\System\bPDHaGt.exe
  C:\Windows\System\bPDHaGt.exe
  2⤵
  PID:3156
- C:\Windows\System\hNhjzvW.exe
  C:\Windows\System\hNhjzvW.exe
  2⤵
  PID:3176
- C:\Windows\System\nUqnOCf.exe
  C:\Windows\System\nUqnOCf.exe
  2⤵
  PID:3196
- C:\Windows\System\NFLIVWJ.exe
  C:\Windows\System\NFLIVWJ.exe
  2⤵
  PID:3216
- C:\Windows\System\tgMQRmQ.exe
  C:\Windows\System\tgMQRmQ.exe
  2⤵
  PID:3236
- C:\Windows\System\YVmoElP.exe
  C:\Windows\System\YVmoElP.exe
  2⤵
  PID:3256
- C:\Windows\System\VFoaBsD.exe
  C:\Windows\System\VFoaBsD.exe
  2⤵
  PID:3276
- C:\Windows\System\NYfBJvm.exe
  C:\Windows\System\NYfBJvm.exe
  2⤵
  PID:3296
- C:\Windows\System\jTklLmD.exe
  C:\Windows\System\jTklLmD.exe
  2⤵
  PID:3316
- C:\Windows\System\KRkLWlF.exe
  C:\Windows\System\KRkLWlF.exe
  2⤵
  PID:3332
- C:\Windows\System\yeKCKMj.exe
  C:\Windows\System\yeKCKMj.exe
  2⤵
  PID:3352
- C:\Windows\System\HKSaxva.exe
  C:\Windows\System\HKSaxva.exe
  2⤵
  PID:3372
- C:\Windows\System\ZiYtNCX.exe
  C:\Windows\System\ZiYtNCX.exe
  2⤵
  PID:3392
- C:\Windows\System\zDZIvUs.exe
  C:\Windows\System\zDZIvUs.exe
  2⤵
  PID:3408
- C:\Windows\System\FibGnVd.exe
  C:\Windows\System\FibGnVd.exe
  2⤵
  PID:3432
- C:\Windows\System\fHWwBjY.exe
  C:\Windows\System\fHWwBjY.exe
  2⤵
  PID:3452
- C:\Windows\System\KrqamYm.exe
  C:\Windows\System\KrqamYm.exe
  2⤵
  PID:3472
- C:\Windows\System\ESnArYX.exe
  C:\Windows\System\ESnArYX.exe
  2⤵
  PID:3492
- C:\Windows\System\gJoZsxS.exe
  C:\Windows\System\gJoZsxS.exe
  2⤵
  PID:3508
- C:\Windows\System\KWpRYsO.exe
  C:\Windows\System\KWpRYsO.exe
  2⤵
  PID:3532
- C:\Windows\System\InmEiAv.exe
  C:\Windows\System\InmEiAv.exe
  2⤵
  PID:3552
- C:\Windows\System\xbqtEiV.exe
  C:\Windows\System\xbqtEiV.exe
  2⤵
  PID:3568
- C:\Windows\System\sRzTWWN.exe
  C:\Windows\System\sRzTWWN.exe
  2⤵
  PID:3608
- C:\Windows\System\EMgwepe.exe
  C:\Windows\System\EMgwepe.exe
  2⤵
  PID:3628
- C:\Windows\System\LhNdobs.exe
  C:\Windows\System\LhNdobs.exe
  2⤵
  PID:3664
- C:\Windows\System\ydhmlgy.exe
  C:\Windows\System\ydhmlgy.exe
  2⤵
  PID:3680
- C:\Windows\System\hKbIhUd.exe
  C:\Windows\System\hKbIhUd.exe
  2⤵
  PID:3704
- C:\Windows\System\SbNEeEK.exe
  C:\Windows\System\SbNEeEK.exe
  2⤵
  PID:3728
- C:\Windows\System\boGuZbk.exe
  C:\Windows\System\boGuZbk.exe
  2⤵
  PID:3744
- C:\Windows\System\qrAhonj.exe
  C:\Windows\System\qrAhonj.exe
  2⤵
  PID:3764
- C:\Windows\System\dAuTpiU.exe
  C:\Windows\System\dAuTpiU.exe
  2⤵
  PID:3784
- C:\Windows\System\rWWxXXo.exe
  C:\Windows\System\rWWxXXo.exe
  2⤵
  PID:3800
- C:\Windows\System\MMXffwp.exe
  C:\Windows\System\MMXffwp.exe
  2⤵
  PID:3820
- C:\Windows\System\czNEDed.exe
  C:\Windows\System\czNEDed.exe
  2⤵
  PID:3844
- C:\Windows\System\DRgzeuK.exe
  C:\Windows\System\DRgzeuK.exe
  2⤵
  PID:3860
- C:\Windows\System\gUZdVUH.exe
  C:\Windows\System\gUZdVUH.exe
  2⤵
  PID:3876
- C:\Windows\System\hcpyjjt.exe
  C:\Windows\System\hcpyjjt.exe
  2⤵
  PID:3892
- C:\Windows\System\EEAUuFb.exe
  C:\Windows\System\EEAUuFb.exe
  2⤵
  PID:3916
- C:\Windows\System\cSHvkTF.exe
  C:\Windows\System\cSHvkTF.exe
  2⤵
  PID:3932
- C:\Windows\System\wjZqkFy.exe
  C:\Windows\System\wjZqkFy.exe
  2⤵
  PID:3952
- C:\Windows\System\IGqoqEK.exe
  C:\Windows\System\IGqoqEK.exe
  2⤵
  PID:3968
- C:\Windows\System\szbrACB.exe
  C:\Windows\System\szbrACB.exe
  2⤵
  PID:3988
- C:\Windows\System\Wtyzufs.exe
  C:\Windows\System\Wtyzufs.exe
  2⤵
  PID:4016
- C:\Windows\System\fPcSFaf.exe
  C:\Windows\System\fPcSFaf.exe
  2⤵
  PID:4052
- C:\Windows\System\DrjehUC.exe
  C:\Windows\System\DrjehUC.exe
  2⤵
  PID:4068
- C:\Windows\System\TaDmpOg.exe
  C:\Windows\System\TaDmpOg.exe
  2⤵
  PID:4092
- C:\Windows\System\TNAablH.exe
  C:\Windows\System\TNAablH.exe
  2⤵
  PID:2292
- C:\Windows\System\zWHaRWz.exe
  C:\Windows\System\zWHaRWz.exe
  2⤵
  PID:1812
- C:\Windows\System\oADMXHD.exe
  C:\Windows\System\oADMXHD.exe
  2⤵
  PID:540
- C:\Windows\System\jcvqqNG.exe
  C:\Windows\System\jcvqqNG.exe
  2⤵
  PID:2340
- C:\Windows\System\BDRKtXU.exe
  C:\Windows\System\BDRKtXU.exe
  2⤵
  PID:3128
- C:\Windows\System\qyiOtlW.exe
  C:\Windows\System\qyiOtlW.exe
  2⤵
  PID:1688
- C:\Windows\System\SoagBto.exe
  C:\Windows\System\SoagBto.exe
  2⤵
  PID:3168
- C:\Windows\System\BoqQRiM.exe
  C:\Windows\System\BoqQRiM.exe
  2⤵
  PID:3208
- C:\Windows\System\yTVRsdP.exe
  C:\Windows\System\yTVRsdP.exe
  2⤵
  PID:3244
- C:\Windows\System\EMYxRbi.exe
  C:\Windows\System\EMYxRbi.exe
  2⤵
  PID:3288
- C:\Windows\System\slqAmUI.exe
  C:\Windows\System\slqAmUI.exe
  2⤵
  PID:2656
- C:\Windows\System\WRanoGN.exe
  C:\Windows\System\WRanoGN.exe
  2⤵
  PID:3268
- C:\Windows\System\hBTuTFz.exe
  C:\Windows\System\hBTuTFz.exe
  2⤵
  PID:852
- C:\Windows\System\swzafdJ.exe
  C:\Windows\System\swzafdJ.exe
  2⤵
  PID:3312
- C:\Windows\System\IkRXfYw.exe
  C:\Windows\System\IkRXfYw.exe
  2⤵
  PID:3448
- C:\Windows\System\aqveJSW.exe
  C:\Windows\System\aqveJSW.exe
  2⤵
  PID:3380
- C:\Windows\System\GLJxjPi.exe
  C:\Windows\System\GLJxjPi.exe
  2⤵
  PID:3516
- C:\Windows\System\GIsOaTt.exe
  C:\Windows\System\GIsOaTt.exe
  2⤵
  PID:3416
- C:\Windows\System\sKyseCN.exe
  C:\Windows\System\sKyseCN.exe
  2⤵
  PID:3500
- C:\Windows\System\OKMbYmU.exe
  C:\Windows\System\OKMbYmU.exe
  2⤵
  PID:3540
- C:\Windows\System\kXGkaPG.exe
  C:\Windows\System\kXGkaPG.exe
  2⤵
  PID:860
- C:\Windows\System\SKbMrNt.exe
  C:\Windows\System\SKbMrNt.exe
  2⤵
  PID:2856
- C:\Windows\System\OYhWUZs.exe
  C:\Windows\System\OYhWUZs.exe
  2⤵
  PID:2700
- C:\Windows\System\jqBdHNc.exe
  C:\Windows\System\jqBdHNc.exe
  2⤵
  PID:3624
- C:\Windows\System\otKtgkF.exe
  C:\Windows\System\otKtgkF.exe
  2⤵
  PID:1984
- C:\Windows\System\BeEmARB.exe
  C:\Windows\System\BeEmARB.exe
  2⤵
  PID:3596
- C:\Windows\System\SHWropP.exe
  C:\Windows\System\SHWropP.exe
  2⤵
  PID:2820
- C:\Windows\System\WocwuMF.exe
  C:\Windows\System\WocwuMF.exe
  2⤵
  PID:1624
- C:\Windows\System\DbZNORe.exe
  C:\Windows\System\DbZNORe.exe
  2⤵
  PID:3648
- C:\Windows\System\sRgsTCx.exe
  C:\Windows\System\sRgsTCx.exe
  2⤵
  PID:3672
- C:\Windows\System\UUSVWJs.exe
  C:\Windows\System\UUSVWJs.exe
  2⤵
  PID:3688
- C:\Windows\System\psqHEyN.exe
  C:\Windows\System\psqHEyN.exe
  2⤵
  PID:3716
- C:\Windows\System\lhspWDX.exe
  C:\Windows\System\lhspWDX.exe
  2⤵
  PID:1980
- C:\Windows\System\jjCjzcb.exe
  C:\Windows\System\jjCjzcb.exe
  2⤵
  PID:3828
- C:\Windows\System\EIcdMqj.exe
  C:\Windows\System\EIcdMqj.exe
  2⤵
  PID:3868
- C:\Windows\System\jcLEFwM.exe
  C:\Windows\System\jcLEFwM.exe
  2⤵
  PID:3812
- C:\Windows\System\dzTbTte.exe
  C:\Windows\System\dzTbTte.exe
  2⤵
  PID:3904
- C:\Windows\System\uYmmRov.exe
  C:\Windows\System\uYmmRov.exe
  2⤵
  PID:3940
- C:\Windows\System\TQoleoC.exe
  C:\Windows\System\TQoleoC.exe
  2⤵
  PID:3856
- C:\Windows\System\HXLessu.exe
  C:\Windows\System\HXLessu.exe
  2⤵
  PID:1236
- C:\Windows\System\EDkhZpN.exe
  C:\Windows\System\EDkhZpN.exe
  2⤵
  PID:3964
- C:\Windows\System\YArKqFW.exe
  C:\Windows\System\YArKqFW.exe
  2⤵
  PID:4012
- C:\Windows\System\kgYoNSP.exe
  C:\Windows\System\kgYoNSP.exe
  2⤵
  PID:4076
- C:\Windows\System\LGNsGqR.exe
  C:\Windows\System\LGNsGqR.exe
  2⤵
  PID:2872
- C:\Windows\System\ONEKWcY.exe
  C:\Windows\System\ONEKWcY.exe
  2⤵
  PID:3088
- C:\Windows\System\oQhtgJy.exe
  C:\Windows\System\oQhtgJy.exe
  2⤵
  PID:2668
- C:\Windows\System\dgWRPph.exe
  C:\Windows\System\dgWRPph.exe
  2⤵
  PID:3172
- C:\Windows\System\aRSSqCi.exe
  C:\Windows\System\aRSSqCi.exe
  2⤵
  PID:3148
- C:\Windows\System\mFBkfdz.exe
  C:\Windows\System\mFBkfdz.exe
  2⤵
  PID:3192
- C:\Windows\System\Kdtcgkd.exe
  C:\Windows\System\Kdtcgkd.exe
  2⤵
  PID:1724
- C:\Windows\System\ssCWjGy.exe
  C:\Windows\System\ssCWjGy.exe
  2⤵
  PID:3364
- C:\Windows\System\zGtMgAw.exe
  C:\Windows\System\zGtMgAw.exe
  2⤵
  PID:3272
- C:\Windows\System\rILDaco.exe
  C:\Windows\System\rILDaco.exe
  2⤵
  PID:3340
- C:\Windows\System\eFWXObK.exe
  C:\Windows\System\eFWXObK.exe
  2⤵
  PID:3528
- C:\Windows\System\cIVkCDs.exe
  C:\Windows\System\cIVkCDs.exe
  2⤵
  PID:1528
- C:\Windows\System\vEouegi.exe
  C:\Windows\System\vEouegi.exe
  2⤵
  PID:1804
- C:\Windows\System\aTZuIVE.exe
  C:\Windows\System\aTZuIVE.exe
  2⤵
  PID:2036
- C:\Windows\System\APkpNKk.exe
  C:\Windows\System\APkpNKk.exe
  2⤵
  PID:1876
- C:\Windows\System\xumkpJl.exe
  C:\Windows\System\xumkpJl.exe
  2⤵
  PID:788
- C:\Windows\System\GVmmmOs.exe
  C:\Windows\System\GVmmmOs.exe
  2⤵
  PID:3640
- C:\Windows\System\AdXHEQV.exe
  C:\Windows\System\AdXHEQV.exe
  2⤵
  PID:2976
- C:\Windows\System\cUGQIbr.exe
  C:\Windows\System\cUGQIbr.exe
  2⤵
  PID:2092
- C:\Windows\System\qzOOjjx.exe
  C:\Windows\System\qzOOjjx.exe
  2⤵
  PID:3424
- C:\Windows\System\TgPHZEd.exe
  C:\Windows\System\TgPHZEd.exe
  2⤵
  PID:1760
- C:\Windows\System\FgLeBXg.exe
  C:\Windows\System\FgLeBXg.exe
  2⤵
  PID:3700
- C:\Windows\System\lqaTGVX.exe
  C:\Windows\System\lqaTGVX.exe
  2⤵
  PID:3912
- C:\Windows\System\yuhyWky.exe
  C:\Windows\System\yuhyWky.exe
  2⤵
  PID:2360
- C:\Windows\System\xeQrprl.exe
  C:\Windows\System\xeQrprl.exe
  2⤵
  PID:2804
- C:\Windows\System\MhyWPlg.exe
  C:\Windows\System\MhyWPlg.exe
  2⤵
  PID:1604
- C:\Windows\System\foOtZhV.exe
  C:\Windows\System\foOtZhV.exe
  2⤵
  PID:3900
- C:\Windows\System\AxfYBaH.exe
  C:\Windows\System\AxfYBaH.exe
  2⤵
  PID:3960
- C:\Windows\System\oaMdnQT.exe
  C:\Windows\System\oaMdnQT.exe
  2⤵
  PID:2908
- C:\Windows\System\pjSfrCA.exe
  C:\Windows\System\pjSfrCA.exe
  2⤵
  PID:4048
- C:\Windows\System\oLAvPzv.exe
  C:\Windows\System\oLAvPzv.exe
  2⤵
  PID:4060
- C:\Windows\System\yLOcVMW.exe
  C:\Windows\System\yLOcVMW.exe
  2⤵
  PID:3248
- C:\Windows\System\BRMjnsC.exe
  C:\Windows\System\BRMjnsC.exe
  2⤵
  PID:2016
- C:\Windows\System\OniISJo.exe
  C:\Windows\System\OniISJo.exe
  2⤵
  PID:3328
- C:\Windows\System\dHEPBpq.exe
  C:\Windows\System\dHEPBpq.exe
  2⤵
  PID:3124
- C:\Windows\System\eKlXLxE.exe
  C:\Windows\System\eKlXLxE.exe
  2⤵
  PID:3368
- C:\Windows\System\McQWeLF.exe
  C:\Windows\System\McQWeLF.exe
  2⤵
  PID:3616
- C:\Windows\System\YmCXMSk.exe
  C:\Windows\System\YmCXMSk.exe
  2⤵
  PID:3304
- C:\Windows\System\kXWPGqu.exe
  C:\Windows\System\kXWPGqu.exe
  2⤵
  PID:3504
- C:\Windows\System\MDdjCPT.exe
  C:\Windows\System\MDdjCPT.exe
  2⤵
  PID:1744
- C:\Windows\System\xycXSSY.exe
  C:\Windows\System\xycXSSY.exe
  2⤵
  PID:1632
- C:\Windows\System\iiwDuKw.exe
  C:\Windows\System\iiwDuKw.exe
  2⤵
  PID:2664
- C:\Windows\System\ZHzujdn.exe
  C:\Windows\System\ZHzujdn.exe
  2⤵
  PID:3840
- C:\Windows\System\YMgPvKD.exe
  C:\Windows\System\YMgPvKD.exe
  2⤵
  PID:1440
- C:\Windows\System\vduzUDt.exe
  C:\Windows\System\vduzUDt.exe
  2⤵
  PID:4036
- C:\Windows\System\GcQjQOJ.exe
  C:\Windows\System\GcQjQOJ.exe
  2⤵
  PID:4024
- C:\Windows\System\WBIuSFN.exe
  C:\Windows\System\WBIuSFN.exe
  2⤵
  PID:1072
- C:\Windows\System\lGVdamx.exe
  C:\Windows\System\lGVdamx.exe
  2⤵
  PID:3144
- C:\Windows\System\ptYtjPn.exe
  C:\Windows\System\ptYtjPn.exe
  2⤵
  PID:2568
- C:\Windows\System\KJDRZpx.exe
  C:\Windows\System\KJDRZpx.exe
  2⤵
  PID:3480
- C:\Windows\System\MomyzOO.exe
  C:\Windows\System\MomyzOO.exe
  2⤵
  PID:3776
- C:\Windows\System\nDqCtrW.exe
  C:\Windows\System\nDqCtrW.exe
  2⤵
  PID:3796
- C:\Windows\System\AemrraV.exe
  C:\Windows\System\AemrraV.exe
  2⤵
  PID:3232
- C:\Windows\System\VAFzsNX.exe
  C:\Windows\System\VAFzsNX.exe
  2⤵
  PID:1884
- C:\Windows\System\fkUDjZC.exe
  C:\Windows\System\fkUDjZC.exe
  2⤵
  PID:3484
- C:\Windows\System\xfqIgRD.exe
  C:\Windows\System\xfqIgRD.exe
  2⤵
  PID:3852
- C:\Windows\System\xYgttIQ.exe
  C:\Windows\System\xYgttIQ.exe
  2⤵
  PID:4004
- C:\Windows\System\ndMyZLq.exe
  C:\Windows\System\ndMyZLq.exe
  2⤵
  PID:3948
- C:\Windows\System\VdgTbNu.exe
  C:\Windows\System\VdgTbNu.exe
  2⤵
  PID:3132
- C:\Windows\System\PBTnCzw.exe
  C:\Windows\System\PBTnCzw.exe
  2⤵
  PID:3092
- C:\Windows\System\PvRvnRz.exe
  C:\Windows\System\PvRvnRz.exe
  2⤵
  PID:2380
- C:\Windows\System\zTqfwcH.exe
  C:\Windows\System\zTqfwcH.exe
  2⤵
  PID:2500
- C:\Windows\System\wVwBKoe.exe
  C:\Windows\System\wVwBKoe.exe
  2⤵
  PID:3724
- C:\Windows\System\YSyRnlI.exe
  C:\Windows\System\YSyRnlI.exe
  2⤵
  PID:4000
- C:\Windows\System\MialrtN.exe
  C:\Windows\System\MialrtN.exe
  2⤵
  PID:3656
- C:\Windows\System\slsBnjP.exe
  C:\Windows\System\slsBnjP.exe
  2⤵
  PID:3212
- C:\Windows\System\pYqlfvJ.exe
  C:\Windows\System\pYqlfvJ.exe
  2⤵
  PID:1304
- C:\Windows\System\IkbBFtL.exe
  C:\Windows\System\IkbBFtL.exe
  2⤵
  PID:3720
- C:\Windows\System\gcGUWIK.exe
  C:\Windows\System\gcGUWIK.exe
  2⤵
  PID:3428
- C:\Windows\System\ZrYsqEQ.exe
  C:\Windows\System\ZrYsqEQ.exe
  2⤵
  PID:2884
- C:\Windows\System\DRGgbIV.exe
  C:\Windows\System\DRGgbIV.exe
  2⤵
  PID:4044
- C:\Windows\System\ofyuDBt.exe
  C:\Windows\System\ofyuDBt.exe
  2⤵
  PID:3576
- C:\Windows\System\ugprTGd.exe
  C:\Windows\System\ugprTGd.exe
  2⤵
  PID:4116
- C:\Windows\System\LMAslcD.exe
  C:\Windows\System\LMAslcD.exe
  2⤵
  PID:4144
- C:\Windows\System\fccHZTX.exe
  C:\Windows\System\fccHZTX.exe
  2⤵
  PID:4160
- C:\Windows\System\FIDXcGE.exe
  C:\Windows\System\FIDXcGE.exe
  2⤵
  PID:4176
- C:\Windows\System\ExHFhKW.exe
  C:\Windows\System\ExHFhKW.exe
  2⤵
  PID:4200
- C:\Windows\System\wcosBZd.exe
  C:\Windows\System\wcosBZd.exe
  2⤵
  PID:4220
- C:\Windows\System\CtVtQSl.exe
  C:\Windows\System\CtVtQSl.exe
  2⤵
  PID:4236
- C:\Windows\System\ZUjgNZX.exe
  C:\Windows\System\ZUjgNZX.exe
  2⤵
  PID:4252
- C:\Windows\System\eZUtGVR.exe
  C:\Windows\System\eZUtGVR.exe
  2⤵
  PID:4268
- C:\Windows\System\IdyYFjO.exe
  C:\Windows\System\IdyYFjO.exe
  2⤵
  PID:4284
- C:\Windows\System\vUvBIxG.exe
  C:\Windows\System\vUvBIxG.exe
  2⤵
  PID:4324
- C:\Windows\System\HUfcAkl.exe
  C:\Windows\System\HUfcAkl.exe
  2⤵
  PID:4344
- C:\Windows\System\YqyygqJ.exe
  C:\Windows\System\YqyygqJ.exe
  2⤵
  PID:4360
- C:\Windows\System\mJeetSY.exe
  C:\Windows\System\mJeetSY.exe
  2⤵
  PID:4376
- C:\Windows\System\FfXiWbu.exe
  C:\Windows\System\FfXiWbu.exe
  2⤵
  PID:4396
- C:\Windows\System\iygpCpK.exe
  C:\Windows\System\iygpCpK.exe
  2⤵
  PID:4416
- C:\Windows\System\TctLpZB.exe
  C:\Windows\System\TctLpZB.exe
  2⤵
  PID:4432
- C:\Windows\System\VDiApND.exe
  C:\Windows\System\VDiApND.exe
  2⤵
  PID:4452
- C:\Windows\System\EUmQpWX.exe
  C:\Windows\System\EUmQpWX.exe
  2⤵
  PID:4480
- C:\Windows\System\yfNGYTh.exe
  C:\Windows\System\yfNGYTh.exe
  2⤵
  PID:4496
- C:\Windows\System\glMkjkC.exe
  C:\Windows\System\glMkjkC.exe
  2⤵
  PID:4516
- C:\Windows\System\oNcEHDO.exe
  C:\Windows\System\oNcEHDO.exe
  2⤵
  PID:4532
- C:\Windows\System\xyvXctJ.exe
  C:\Windows\System\xyvXctJ.exe
  2⤵
  PID:4552
- C:\Windows\System\cEzwSHK.exe
  C:\Windows\System\cEzwSHK.exe
  2⤵
  PID:4580
- C:\Windows\System\YZbZKva.exe
  C:\Windows\System\YZbZKva.exe
  2⤵
  PID:4596
- C:\Windows\System\kFahhzW.exe
  C:\Windows\System\kFahhzW.exe
  2⤵
  PID:4616
- C:\Windows\System\ekQvtBi.exe
  C:\Windows\System\ekQvtBi.exe
  2⤵
  PID:4644
- C:\Windows\System\GVAEGdP.exe
  C:\Windows\System\GVAEGdP.exe
  2⤵
  PID:4664
- C:\Windows\System\ETXYuat.exe
  C:\Windows\System\ETXYuat.exe
  2⤵
  PID:4684
- C:\Windows\System\BcPJyOI.exe
  C:\Windows\System\BcPJyOI.exe
  2⤵
  PID:4704
- C:\Windows\System\kcxOBnu.exe
  C:\Windows\System\kcxOBnu.exe
  2⤵
  PID:4720
- C:\Windows\System\XrsvXwj.exe
  C:\Windows\System\XrsvXwj.exe
  2⤵
  PID:4740
- C:\Windows\System\PFwSefy.exe
  C:\Windows\System\PFwSefy.exe
  2⤵
  PID:4756
- C:\Windows\System\iGMzRvP.exe
  C:\Windows\System\iGMzRvP.exe
  2⤵
  PID:4772
- C:\Windows\System\UhrRcpn.exe
  C:\Windows\System\UhrRcpn.exe
  2⤵
  PID:4788
- C:\Windows\System\DJhUJOf.exe
  C:\Windows\System\DJhUJOf.exe
  2⤵
  PID:4804
- C:\Windows\System\UseDIEr.exe
  C:\Windows\System\UseDIEr.exe
  2⤵
  PID:4828
- C:\Windows\System\AGXtVXg.exe
  C:\Windows\System\AGXtVXg.exe
  2⤵
  PID:4848
- C:\Windows\System\MpyLvwB.exe
  C:\Windows\System\MpyLvwB.exe
  2⤵
  PID:4888
- C:\Windows\System\iIwuRvS.exe
  C:\Windows\System\iIwuRvS.exe
  2⤵
  PID:4904
- C:\Windows\System\bRlCJUn.exe
  C:\Windows\System\bRlCJUn.exe
  2⤵
  PID:4924
- C:\Windows\System\qQjTzQV.exe
  C:\Windows\System\qQjTzQV.exe
  2⤵
  PID:4944
- C:\Windows\System\TBjDMKG.exe
  C:\Windows\System\TBjDMKG.exe
  2⤵
  PID:4960
- C:\Windows\System\ISgZkDM.exe
  C:\Windows\System\ISgZkDM.exe
  2⤵
  PID:4976
- C:\Windows\System\skjBega.exe
  C:\Windows\System\skjBega.exe
  2⤵
  PID:4996
- C:\Windows\System\QMKNaYe.exe
  C:\Windows\System\QMKNaYe.exe
  2⤵
  PID:5016
- C:\Windows\System\xJQUTQi.exe
  C:\Windows\System\xJQUTQi.exe
  2⤵
  PID:5032
- C:\Windows\System\RUtmckg.exe
  C:\Windows\System\RUtmckg.exe
  2⤵
  PID:5048
- C:\Windows\System\XqpFRlZ.exe
  C:\Windows\System\XqpFRlZ.exe
  2⤵
  PID:5092
- C:\Windows\System\nkeWTdt.exe
  C:\Windows\System\nkeWTdt.exe
  2⤵
  PID:5108
- C:\Windows\System\UVmDOee.exe
  C:\Windows\System\UVmDOee.exe
  2⤵
  PID:3548
- C:\Windows\System\pTRcEVb.exe
  C:\Windows\System\pTRcEVb.exe
  2⤵
  PID:3592
- C:\Windows\System\DISHhxU.exe
  C:\Windows\System\DISHhxU.exe
  2⤵
  PID:4136
- C:\Windows\System\tHvENsv.exe
  C:\Windows\System\tHvENsv.exe
  2⤵
  PID:4188
- C:\Windows\System\OfvVhCJ.exe
  C:\Windows\System\OfvVhCJ.exe
  2⤵
  PID:4132
- C:\Windows\System\LCZviGz.exe
  C:\Windows\System\LCZviGz.exe
  2⤵
  PID:4232
- C:\Windows\System\YNOddgc.exe
  C:\Windows\System\YNOddgc.exe
  2⤵
  PID:4124
- C:\Windows\System\riljzIL.exe
  C:\Windows\System\riljzIL.exe
  2⤵
  PID:4244
- C:\Windows\System\FubZzqe.exe
  C:\Windows\System\FubZzqe.exe
  2⤵
  PID:4320
- C:\Windows\System\ANroiEx.exe
  C:\Windows\System\ANroiEx.exe
  2⤵
  PID:4332
- C:\Windows\System\mHEpVQm.exe
  C:\Windows\System\mHEpVQm.exe
  2⤵
  PID:4392
- C:\Windows\System\oVLQvsj.exe
  C:\Windows\System\oVLQvsj.exe
  2⤵
  PID:4428
- C:\Windows\System\BWNqCfK.exe
  C:\Windows\System\BWNqCfK.exe
  2⤵
  PID:4476
- C:\Windows\System\LIdpVAO.exe
  C:\Windows\System\LIdpVAO.exe
  2⤵
  PID:4412
- C:\Windows\System\EwgOrpw.exe
  C:\Windows\System\EwgOrpw.exe
  2⤵
  PID:4508
- C:\Windows\System\FwMLkXl.exe
  C:\Windows\System\FwMLkXl.exe
  2⤵
  PID:4492
- C:\Windows\System\nSiUgjT.exe
  C:\Windows\System\nSiUgjT.exe
  2⤵
  PID:4628
- C:\Windows\System\WBfrtrM.exe
  C:\Windows\System\WBfrtrM.exe
  2⤵
  PID:4636
- C:\Windows\System\RiDmbyd.exe
  C:\Windows\System\RiDmbyd.exe
  2⤵
  PID:4672
- C:\Windows\System\xfyCyBx.exe
  C:\Windows\System\xfyCyBx.exe
  2⤵
  PID:4660
- C:\Windows\System\dWcnzkT.exe
  C:\Windows\System\dWcnzkT.exe
  2⤵
  PID:4712
- C:\Windows\System\YRXDHan.exe
  C:\Windows\System\YRXDHan.exe
  2⤵
  PID:4812
- C:\Windows\System\OZLEaKc.exe
  C:\Windows\System\OZLEaKc.exe
  2⤵
  PID:4736
- C:\Windows\System\ECvGpdE.exe
  C:\Windows\System\ECvGpdE.exe
  2⤵
  PID:4768
- C:\Windows\System\OOVDNEy.exe
  C:\Windows\System\OOVDNEy.exe
  2⤵
  PID:4844
- C:\Windows\System\QBCwtoF.exe
  C:\Windows\System\QBCwtoF.exe
  2⤵
  PID:4880
- C:\Windows\System\vUuvWBW.exe
  C:\Windows\System\vUuvWBW.exe
  2⤵
  PID:4920
- C:\Windows\System\bJxGSht.exe
  C:\Windows\System\bJxGSht.exe
  2⤵
  PID:4940
- C:\Windows\System\RNjKOjC.exe
  C:\Windows\System\RNjKOjC.exe
  2⤵
  PID:5012
- C:\Windows\System\xVeXHGt.exe
  C:\Windows\System\xVeXHGt.exe
  2⤵
  PID:5024
- C:\Windows\System\IsRLyZE.exe
  C:\Windows\System\IsRLyZE.exe
  2⤵
  PID:5064
- C:\Windows\System\cuAwOzL.exe
  C:\Windows\System\cuAwOzL.exe
  2⤵
  PID:5008
- C:\Windows\System\sDOSbQn.exe
  C:\Windows\System\sDOSbQn.exe
  2⤵
  PID:5088
- C:\Windows\System\mlihaKc.exe
  C:\Windows\System\mlihaKc.exe
  2⤵
  PID:4196
- C:\Windows\System\JNugXTq.exe
  C:\Windows\System\JNugXTq.exe
  2⤵
  PID:824
- C:\Windows\System\KdlZoyb.exe
  C:\Windows\System\KdlZoyb.exe
  2⤵
  PID:4228
- C:\Windows\System\fmXktmz.exe
  C:\Windows\System\fmXktmz.exe
  2⤵
  PID:4300
- C:\Windows\System\tsYfYMo.exe
  C:\Windows\System\tsYfYMo.exe
  2⤵
  PID:4216
- C:\Windows\System\ZjVIbLn.exe
  C:\Windows\System\ZjVIbLn.exe
  2⤵
  PID:4388
- C:\Windows\System\YUsLfnv.exe
  C:\Windows\System\YUsLfnv.exe
  2⤵
  PID:4448
- C:\Windows\System\BARTFiE.exe
  C:\Windows\System\BARTFiE.exe
  2⤵
  PID:4352
- C:\Windows\System\aJZfErb.exe
  C:\Windows\System\aJZfErb.exe
  2⤵
  PID:4488
- C:\Windows\System\FrEHxnh.exe
  C:\Windows\System\FrEHxnh.exe
  2⤵
  PID:4604
- C:\Windows\System\dJJrZHK.exe
  C:\Windows\System\dJJrZHK.exe
  2⤵
  PID:4748
- C:\Windows\System\kMvbHvD.exe
  C:\Windows\System\kMvbHvD.exe
  2⤵
  PID:4632
- C:\Windows\System\GqYGuJh.exe
  C:\Windows\System\GqYGuJh.exe
  2⤵
  PID:4820
- C:\Windows\System\djjMORq.exe
  C:\Windows\System\djjMORq.exe
  2⤵
  PID:4836
- C:\Windows\System\qqjJSLS.exe
  C:\Windows\System\qqjJSLS.exe
  2⤵
  PID:4912
- C:\Windows\System\hDHnhhK.exe
  C:\Windows\System\hDHnhhK.exe
  2⤵
  PID:4936
- C:\Windows\System\LeNsahm.exe
  C:\Windows\System\LeNsahm.exe
  2⤵
  PID:4992
- C:\Windows\System\PHrZMIQ.exe
  C:\Windows\System\PHrZMIQ.exe
  2⤵
  PID:5040
- C:\Windows\System\cqdPIKs.exe
  C:\Windows\System\cqdPIKs.exe
  2⤵
  PID:1388
- C:\Windows\System\EtuCwqJ.exe
  C:\Windows\System\EtuCwqJ.exe
  2⤵
  PID:3816
- C:\Windows\System\uMGAVUp.exe
  C:\Windows\System\uMGAVUp.exe
  2⤵
  PID:4312
- C:\Windows\System\kcqTwEN.exe
  C:\Windows\System\kcqTwEN.exe
  2⤵
  PID:4444
- C:\Windows\System\CfByptw.exe
  C:\Windows\System\CfByptw.exe
  2⤵
  PID:4384
- C:\Windows\System\xcpcabD.exe
  C:\Windows\System\xcpcabD.exe
  2⤵
  PID:4296
- C:\Windows\System\OBpWGXu.exe
  C:\Windows\System\OBpWGXu.exe
  2⤵
  PID:4568
- C:\Windows\System\BfbQolL.exe
  C:\Windows\System\BfbQolL.exe
  2⤵
  PID:4784
- C:\Windows\System\SgvGJkK.exe
  C:\Windows\System\SgvGJkK.exe
  2⤵
  PID:4732
- C:\Windows\System\gnXTatq.exe
  C:\Windows\System\gnXTatq.exe
  2⤵
  PID:4840
- C:\Windows\System\IVbEaYE.exe
  C:\Windows\System\IVbEaYE.exe
  2⤵
  PID:4900
- C:\Windows\System\LjeIvjV.exe
  C:\Windows\System\LjeIvjV.exe
  2⤵
  PID:5056
- C:\Windows\System\UfghzVd.exe
  C:\Windows\System\UfghzVd.exe
  2⤵
  PID:3636
- C:\Windows\System\pPEcXYx.exe
  C:\Windows\System\pPEcXYx.exe
  2⤵
  PID:5076
- C:\Windows\System\zlZtexh.exe
  C:\Windows\System\zlZtexh.exe
  2⤵
  PID:5104
- C:\Windows\System\RSqgGXa.exe
  C:\Windows\System\RSqgGXa.exe
  2⤵
  PID:4308
- C:\Windows\System\SNxUqAJ.exe
  C:\Windows\System\SNxUqAJ.exe
  2⤵
  PID:4208
- C:\Windows\System\ollHDmt.exe
  C:\Windows\System\ollHDmt.exe
  2⤵
  PID:4932
- C:\Windows\System\lNAYOiR.exe
  C:\Windows\System\lNAYOiR.exe
  2⤵
  PID:5136
- C:\Windows\System\XqreJQk.exe
  C:\Windows\System\XqreJQk.exe
  2⤵
  PID:5156
- C:\Windows\System\TnxprcG.exe
  C:\Windows\System\TnxprcG.exe
  2⤵
  PID:5204
- C:\Windows\System\IMUBoFh.exe
  C:\Windows\System\IMUBoFh.exe
  2⤵
  PID:5228
- C:\Windows\System\xnVveSf.exe
  C:\Windows\System\xnVveSf.exe
  2⤵
  PID:5244
- C:\Windows\System\NvcnYbi.exe
  C:\Windows\System\NvcnYbi.exe
  2⤵
  PID:5260
- C:\Windows\System\KtrzEtM.exe
  C:\Windows\System\KtrzEtM.exe
  2⤵
  PID:5280
- C:\Windows\System\sjOOkMq.exe
  C:\Windows\System\sjOOkMq.exe
  2⤵
  PID:5308
- C:\Windows\System\BolEVsx.exe
  C:\Windows\System\BolEVsx.exe
  2⤵
  PID:5324
- C:\Windows\System\yDgJolF.exe
  C:\Windows\System\yDgJolF.exe
  2⤵
  PID:5340
- C:\Windows\System\wMJMFwc.exe
  C:\Windows\System\wMJMFwc.exe
  2⤵
  PID:5356
- C:\Windows\System\KjFQcEs.exe
  C:\Windows\System\KjFQcEs.exe
  2⤵
  PID:5376
- C:\Windows\System\hXGmWPD.exe
  C:\Windows\System\hXGmWPD.exe
  2⤵
  PID:5412
- C:\Windows\System\gsygQBB.exe
  C:\Windows\System\gsygQBB.exe
  2⤵
  PID:5432
- C:\Windows\System\BUNQhhO.exe
  C:\Windows\System\BUNQhhO.exe
  2⤵
  PID:5448
- C:\Windows\System\NdhLpNB.exe
  C:\Windows\System\NdhLpNB.exe
  2⤵
  PID:5464
- C:\Windows\System\SlImFEJ.exe
  C:\Windows\System\SlImFEJ.exe
  2⤵
  PID:5484
- C:\Windows\System\lDuSkHB.exe
  C:\Windows\System\lDuSkHB.exe
  2⤵
  PID:5500
- C:\Windows\System\BnOKQOu.exe
  C:\Windows\System\BnOKQOu.exe
  2⤵
  PID:5520
- C:\Windows\System\wHXvEPp.exe
  C:\Windows\System\wHXvEPp.exe
  2⤵
  PID:5536
- C:\Windows\System\ePcxhHN.exe
  C:\Windows\System\ePcxhHN.exe
  2⤵
  PID:5552
- C:\Windows\System\TAxRzon.exe
  C:\Windows\System\TAxRzon.exe
  2⤵
  PID:5572
- C:\Windows\System\ukBNcFt.exe
  C:\Windows\System\ukBNcFt.exe
  2⤵
  PID:5592
- C:\Windows\System\aLskAyR.exe
  C:\Windows\System\aLskAyR.exe
  2⤵
  PID:5608
- C:\Windows\System\IrJZOxi.exe
  C:\Windows\System\IrJZOxi.exe
  2⤵
  PID:5624
- C:\Windows\System\oazyAth.exe
  C:\Windows\System\oazyAth.exe
  2⤵
  PID:5644
- C:\Windows\System\jKUJqVH.exe
  C:\Windows\System\jKUJqVH.exe
  2⤵
  PID:5660
- C:\Windows\System\zEqEOeN.exe
  C:\Windows\System\zEqEOeN.exe
  2⤵
  PID:5676
- C:\Windows\System\XwZOwrf.exe
  C:\Windows\System\XwZOwrf.exe
  2⤵
  PID:5696
- C:\Windows\System\blKuahd.exe
  C:\Windows\System\blKuahd.exe
  2⤵
  PID:5716
- C:\Windows\System\uZLVLUz.exe
  C:\Windows\System\uZLVLUz.exe
  2⤵
  PID:5732
- C:\Windows\System\GLRTldZ.exe
  C:\Windows\System\GLRTldZ.exe
  2⤵
  PID:5748
- C:\Windows\System\YeRautp.exe
  C:\Windows\System\YeRautp.exe
  2⤵
  PID:5812
- C:\Windows\System\ujQCNLX.exe
  C:\Windows\System\ujQCNLX.exe
  2⤵
  PID:5828
- C:\Windows\System\YMlCnTd.exe
  C:\Windows\System\YMlCnTd.exe
  2⤵
  PID:5844
- C:\Windows\System\kWuzHnY.exe
  C:\Windows\System\kWuzHnY.exe
  2⤵
  PID:5864
- C:\Windows\System\kVkoSVT.exe
  C:\Windows\System\kVkoSVT.exe
  2⤵
  PID:5892
- C:\Windows\System\bgDMTok.exe
  C:\Windows\System\bgDMTok.exe
  2⤵
  PID:5908
- C:\Windows\System\pAyUpsq.exe
  C:\Windows\System\pAyUpsq.exe
  2⤵
  PID:5924
- C:\Windows\System\KuzBweg.exe
  C:\Windows\System\KuzBweg.exe
  2⤵
  PID:5940
- C:\Windows\System\LPYMisq.exe
  C:\Windows\System\LPYMisq.exe
  2⤵
  PID:5956
- C:\Windows\System\qLILjDw.exe
  C:\Windows\System\qLILjDw.exe
  2⤵
  PID:5972
- C:\Windows\System\PnMdnut.exe
  C:\Windows\System\PnMdnut.exe
  2⤵
  PID:5996
- C:\Windows\System\aLrFZTq.exe
  C:\Windows\System\aLrFZTq.exe
  2⤵
  PID:6040
- C:\Windows\System\QUKdyaC.exe
  C:\Windows\System\QUKdyaC.exe
  2⤵
  PID:6056
- C:\Windows\System\mArwrea.exe
  C:\Windows\System\mArwrea.exe
  2⤵
  PID:6072
- C:\Windows\System\sVkoTRD.exe
  C:\Windows\System\sVkoTRD.exe
  2⤵
  PID:6092
- C:\Windows\System\UKEufaR.exe
  C:\Windows\System\UKEufaR.exe
  2⤵
  PID:6108
- C:\Windows\System\ODNkWWu.exe
  C:\Windows\System\ODNkWWu.exe
  2⤵
  PID:6124
- C:\Windows\System\ZturFuJ.exe
  C:\Windows\System\ZturFuJ.exe
  2⤵
  PID:5084
- C:\Windows\System\EftXlFQ.exe
  C:\Windows\System\EftXlFQ.exe
  2⤵
  PID:4864
- C:\Windows\System\fSDcEhX.exe
  C:\Windows\System\fSDcEhX.exe
  2⤵
  PID:4408
- C:\Windows\System\NirEAAM.exe
  C:\Windows\System\NirEAAM.exe
  2⤵
  PID:5148
- C:\Windows\System\EeJCAFn.exe
  C:\Windows\System\EeJCAFn.exe
  2⤵
  PID:5080
- C:\Windows\System\TeBvdot.exe
  C:\Windows\System\TeBvdot.exe
  2⤵
  PID:4112
- C:\Windows\System\kCPUcap.exe
  C:\Windows\System\kCPUcap.exe
  2⤵
  PID:5164
- C:\Windows\System\ekiZxAy.exe
  C:\Windows\System\ekiZxAy.exe
  2⤵
  PID:5184
- C:\Windows\System\XXfAVFj.exe
  C:\Windows\System\XXfAVFj.exe
  2⤵
  PID:5256
- C:\Windows\System\lHvNTDd.exe
  C:\Windows\System\lHvNTDd.exe
  2⤵
  PID:5288
- C:\Windows\System\WUjLUiC.exe
  C:\Windows\System\WUjLUiC.exe
  2⤵
  PID:5300
- C:\Windows\System\iNDNLEs.exe
  C:\Windows\System\iNDNLEs.exe
  2⤵
  PID:5272
- C:\Windows\System\bcnGjAo.exe
  C:\Windows\System\bcnGjAo.exe
  2⤵
  PID:5236
- C:\Windows\System\ORvAFxx.exe
  C:\Windows\System\ORvAFxx.exe
  2⤵
  PID:5352
- C:\Windows\System\MkRzxlh.exe
  C:\Windows\System\MkRzxlh.exe
  2⤵
  PID:5404
- C:\Windows\System\WDzpoMk.exe
  C:\Windows\System\WDzpoMk.exe
  2⤵
  PID:5456
- C:\Windows\System\NOAqNoX.exe
  C:\Windows\System\NOAqNoX.exe
  2⤵
  PID:5632
- C:\Windows\System\QdySRrC.exe
  C:\Windows\System\QdySRrC.exe
  2⤵
  PID:5704
- C:\Windows\System\SHtEGdi.exe
  C:\Windows\System\SHtEGdi.exe
  2⤵
  PID:5740
- C:\Windows\System\HOtFljZ.exe
  C:\Windows\System\HOtFljZ.exe
  2⤵
  PID:5584
- C:\Windows\System\OUuGqJt.exe
  C:\Windows\System\OUuGqJt.exe
  2⤵
  PID:5476
- C:\Windows\System\bXGyrTj.exe
  C:\Windows\System\bXGyrTj.exe
  2⤵
  PID:5684
- C:\Windows\System\BlFjAYb.exe
  C:\Windows\System\BlFjAYb.exe
  2⤵
  PID:5512
- C:\Windows\System\tzUWppX.exe
  C:\Windows\System\tzUWppX.exe
  2⤵
  PID:5792
- C:\Windows\System\qQRfSVQ.exe
  C:\Windows\System\qQRfSVQ.exe
  2⤵
  PID:5800
- C:\Windows\System\MixrNZf.exe
  C:\Windows\System\MixrNZf.exe
  2⤵
  PID:5820
- C:\Windows\System\dfbLKeE.exe
  C:\Windows\System\dfbLKeE.exe
  2⤵
  PID:5808
- C:\Windows\System\hlaWKZv.exe
  C:\Windows\System\hlaWKZv.exe
  2⤵
  PID:5840
- C:\Windows\System\YanQMjg.exe
  C:\Windows\System\YanQMjg.exe
  2⤵
  PID:5888
- C:\Windows\System\kZgxVny.exe
  C:\Windows\System\kZgxVny.exe
  2⤵
  PID:5920
- C:\Windows\System\KwQcqoT.exe
  C:\Windows\System\KwQcqoT.exe
  2⤵
  PID:6008
- C:\Windows\System\PDddlTk.exe
  C:\Windows\System\PDddlTk.exe
  2⤵
  PID:6036
- C:\Windows\System\zPsUzpJ.exe
  C:\Windows\System\zPsUzpJ.exe
  2⤵
  PID:6068
- C:\Windows\System\wZPgSNr.exe
  C:\Windows\System\wZPgSNr.exe
  2⤵
  PID:6136
- C:\Windows\System\puJoPbx.exe
  C:\Windows\System\puJoPbx.exe
  2⤵
  PID:6052
- C:\Windows\System\KuTAXEt.exe
  C:\Windows\System\KuTAXEt.exe
  2⤵
  PID:6084
- C:\Windows\System\AQmpQpk.exe
  C:\Windows\System\AQmpQpk.exe
  2⤵
  PID:4560
- C:\Windows\System\NlQMOKa.exe
  C:\Windows\System\NlQMOKa.exe
  2⤵
  PID:5072
- C:\Windows\System\dWUwSwB.exe
  C:\Windows\System\dWUwSwB.exe
  2⤵
  PID:4652
- C:\Windows\System\WbfChvV.exe
  C:\Windows\System\WbfChvV.exe
  2⤵
  PID:5132
- C:\Windows\System\LjYVrtg.exe
  C:\Windows\System\LjYVrtg.exe
  2⤵
  PID:5372
- C:\Windows\System\THPcSIH.exe
  C:\Windows\System\THPcSIH.exe
  2⤵
  PID:5332
- C:\Windows\System\ZAyKVpB.exe
  C:\Windows\System\ZAyKVpB.exe
  2⤵
  PID:5420
- C:\Windows\System\tLywEvq.exe
  C:\Windows\System\tLywEvq.exe
  2⤵
  PID:5200
- C:\Windows\System\SZIVgth.exe
  C:\Windows\System\SZIVgth.exe
  2⤵
  PID:5496
- C:\Windows\System\mChheIk.exe
  C:\Windows\System\mChheIk.exe
  2⤵
  PID:5568
- C:\Windows\System\nEmzzMv.exe
  C:\Windows\System\nEmzzMv.exe
  2⤵
  PID:5440
- C:\Windows\System\PbCEirX.exe
  C:\Windows\System\PbCEirX.exe
  2⤵
  PID:5760
- C:\Windows\System\KWLodEZ.exe
  C:\Windows\System\KWLodEZ.exe
  2⤵
  PID:5580
- C:\Windows\System\qsAbTNf.exe
  C:\Windows\System\qsAbTNf.exe
  2⤵
  PID:5776
- C:\Windows\System\mPHSaJK.exe
  C:\Windows\System\mPHSaJK.exe
  2⤵
  PID:5880
- C:\Windows\System\LataOYr.exe
  C:\Windows\System\LataOYr.exe
  2⤵
  PID:5948
- C:\Windows\System\CpRuwmY.exe
  C:\Windows\System\CpRuwmY.exe
  2⤵
  PID:5988
- C:\Windows\System\zaIhSGA.exe
  C:\Windows\System\zaIhSGA.exe
  2⤵
  PID:5796
- C:\Windows\System\xEKltbU.exe
  C:\Windows\System\xEKltbU.exe
  2⤵
  PID:6104
- C:\Windows\System\snveWrM.exe
  C:\Windows\System\snveWrM.exe
  2⤵
  PID:6028
- C:\Windows\System\KawhuRB.exe
  C:\Windows\System\KawhuRB.exe
  2⤵
  PID:5220
- C:\Windows\System\iUCePYs.exe
  C:\Windows\System\iUCePYs.exe
  2⤵
  PID:5368
- C:\Windows\System\eCcCFdx.exe
  C:\Windows\System\eCcCFdx.exe
  2⤵
  PID:4696
- C:\Windows\System\eXGghae.exe
  C:\Windows\System\eXGghae.exe
  2⤵
  PID:5492
- C:\Windows\System\TUFxRLE.exe
  C:\Windows\System\TUFxRLE.exe
  2⤵
  PID:5424
- C:\Windows\System\mvrpAEE.exe
  C:\Windows\System\mvrpAEE.exe
  2⤵
  PID:5196
- C:\Windows\System\aTYsuZB.exe
  C:\Windows\System\aTYsuZB.exe
  2⤵
  PID:5668
- C:\Windows\System\EJEJYpJ.exe
  C:\Windows\System\EJEJYpJ.exe
  2⤵
  PID:5852
- C:\Windows\System\cdXCiUI.exe
  C:\Windows\System\cdXCiUI.exe
  2⤵
  PID:5656
- C:\Windows\System\vfwKZYo.exe
  C:\Windows\System\vfwKZYo.exe
  2⤵
  PID:5860
- C:\Windows\System\rrZNFzc.exe
  C:\Windows\System\rrZNFzc.exe
  2⤵
  PID:5984
- C:\Windows\System\lLszYJa.exe
  C:\Windows\System\lLszYJa.exe
  2⤵
  PID:6140
- C:\Windows\System\fnUpEsQ.exe
  C:\Windows\System\fnUpEsQ.exe
  2⤵
  PID:6116
- C:\Windows\System\zqjMjZO.exe
  C:\Windows\System\zqjMjZO.exe
  2⤵
  PID:4564
- C:\Windows\System\VNifFEp.exe
  C:\Windows\System\VNifFEp.exe
  2⤵
  PID:5128
- C:\Windows\System\PhdWVmW.exe
  C:\Windows\System\PhdWVmW.exe
  2⤵
  PID:5348
- C:\Windows\System\puortET.exe
  C:\Windows\System\puortET.exe
  2⤵
  PID:5392
- C:\Windows\System\YQQuaAR.exe
  C:\Windows\System\YQQuaAR.exe
  2⤵
  PID:5548
- C:\Windows\System\ZLBvipq.exe
  C:\Windows\System\ZLBvipq.exe
  2⤵
  PID:6020
- C:\Windows\System\fAHKPtv.exe
  C:\Windows\System\fAHKPtv.exe
  2⤵
  PID:5968
- C:\Windows\System\PniDbwJ.exe
  C:\Windows\System\PniDbwJ.exe
  2⤵
  PID:5212
- C:\Windows\System\eMdstnD.exe
  C:\Windows\System\eMdstnD.exe
  2⤵
  PID:6080
- C:\Windows\System\hYaYtmO.exe
  C:\Windows\System\hYaYtmO.exe
  2⤵
  PID:5516
- C:\Windows\System\njSFiyu.exe
  C:\Windows\System\njSFiyu.exe
  2⤵
  PID:5004
- C:\Windows\System\bEZNHyg.exe
  C:\Windows\System\bEZNHyg.exe
  2⤵
  PID:6024
- C:\Windows\System\qcuYCYe.exe
  C:\Windows\System\qcuYCYe.exe
  2⤵
  PID:5600
- C:\Windows\System\zuOYeth.exe
  C:\Windows\System\zuOYeth.exe
  2⤵
  PID:6064
- C:\Windows\System\LxfMPyz.exe
  C:\Windows\System\LxfMPyz.exe
  2⤵
  PID:6148
- C:\Windows\System\EdDAmxl.exe
  C:\Windows\System\EdDAmxl.exe
  2⤵
  PID:6164
- C:\Windows\System\nBSEvFQ.exe
  C:\Windows\System\nBSEvFQ.exe
  2⤵
  PID:6188
- C:\Windows\System\GHOiUHw.exe
  C:\Windows\System\GHOiUHw.exe
  2⤵
  PID:6208
- C:\Windows\System\msMICOW.exe
  C:\Windows\System\msMICOW.exe
  2⤵
  PID:6228
- C:\Windows\System\xklAxGW.exe
  C:\Windows\System\xklAxGW.exe
  2⤵
  PID:6248
- C:\Windows\System\tfbytTL.exe
  C:\Windows\System\tfbytTL.exe
  2⤵
  PID:6272
- C:\Windows\System\iJhDFEa.exe
  C:\Windows\System\iJhDFEa.exe
  2⤵
  PID:6288
- C:\Windows\System\NUpXoLX.exe
  C:\Windows\System\NUpXoLX.exe
  2⤵
  PID:6312
- C:\Windows\System\lGeCITo.exe
  C:\Windows\System\lGeCITo.exe
  2⤵
  PID:6336
- C:\Windows\System\eXnWfdo.exe
  C:\Windows\System\eXnWfdo.exe
  2⤵
  PID:6356
- C:\Windows\System\okxfqTh.exe
  C:\Windows\System\okxfqTh.exe
  2⤵
  PID:6372
- C:\Windows\System\zwKbWSj.exe
  C:\Windows\System\zwKbWSj.exe
  2⤵
  PID:6392
- C:\Windows\System\MOXCDTe.exe
  C:\Windows\System\MOXCDTe.exe
  2⤵
  PID:6408
- C:\Windows\System\jozTXnt.exe
  C:\Windows\System\jozTXnt.exe
  2⤵
  PID:6424
- C:\Windows\System\tcPDkEk.exe
  C:\Windows\System\tcPDkEk.exe
  2⤵
  PID:6444
- C:\Windows\System\zlxJZUm.exe
  C:\Windows\System\zlxJZUm.exe
  2⤵
  PID:6460
- C:\Windows\System\OElbLhp.exe
  C:\Windows\System\OElbLhp.exe
  2⤵
  PID:6512
- C:\Windows\System\npUmTHa.exe
  C:\Windows\System\npUmTHa.exe
  2⤵
  PID:6528
- C:\Windows\System\kOGBTkF.exe
  C:\Windows\System\kOGBTkF.exe
  2⤵
  PID:6544
- C:\Windows\System\riWbGze.exe
  C:\Windows\System\riWbGze.exe
  2⤵
  PID:6560
- C:\Windows\System\tTpUwON.exe
  C:\Windows\System\tTpUwON.exe
  2⤵
  PID:6580
- C:\Windows\System\BAnggjz.exe
  C:\Windows\System\BAnggjz.exe
  2⤵
  PID:6596
- C:\Windows\System\WDjTWAk.exe
  C:\Windows\System\WDjTWAk.exe
  2⤵
  PID:6612
- C:\Windows\System\UvNUMyt.exe
  C:\Windows\System\UvNUMyt.exe
  2⤵
  PID:6632
- C:\Windows\System\SvlGSod.exe
  C:\Windows\System\SvlGSod.exe
  2⤵
  PID:6668
- C:\Windows\System\FvHNCcf.exe
  C:\Windows\System\FvHNCcf.exe
  2⤵
  PID:6688
- C:\Windows\System\sqletol.exe
  C:\Windows\System\sqletol.exe
  2⤵
  PID:6704
- C:\Windows\System\pebGbtQ.exe
  C:\Windows\System\pebGbtQ.exe
  2⤵
  PID:6720
- C:\Windows\System\YUOllNp.exe
  C:\Windows\System\YUOllNp.exe
  2⤵
  PID:6740
- C:\Windows\System\FhFualZ.exe
  C:\Windows\System\FhFualZ.exe
  2⤵
  PID:6756
- C:\Windows\System\fnklOob.exe
  C:\Windows\System\fnklOob.exe
  2⤵
  PID:6772
- C:\Windows\System\DLQWuTA.exe
  C:\Windows\System\DLQWuTA.exe
  2⤵
  PID:6788
- C:\Windows\System\qSgWAAB.exe
  C:\Windows\System\qSgWAAB.exe
  2⤵
  PID:6808
- C:\Windows\System\lTZBsYg.exe
  C:\Windows\System\lTZBsYg.exe
  2⤵
  PID:6844
- C:\Windows\System\FnmTMrR.exe
  C:\Windows\System\FnmTMrR.exe
  2⤵
  PID:6860
- C:\Windows\System\nCjwYuN.exe
  C:\Windows\System\nCjwYuN.exe
  2⤵
  PID:6880
- C:\Windows\System\lnMOuVv.exe
  C:\Windows\System\lnMOuVv.exe
  2⤵
  PID:6896
- C:\Windows\System\mjrFuon.exe
  C:\Windows\System\mjrFuon.exe
  2⤵
  PID:6916
- C:\Windows\System\pzIoavu.exe
  C:\Windows\System\pzIoavu.exe
  2⤵
  PID:6932
- C:\Windows\System\majoEca.exe
  C:\Windows\System\majoEca.exe
  2⤵
  PID:6948
- C:\Windows\System\EOdfmvF.exe
  C:\Windows\System\EOdfmvF.exe
  2⤵
  PID:6964
- C:\Windows\System\YjqGuED.exe
  C:\Windows\System\YjqGuED.exe
  2⤵
  PID:6984
- C:\Windows\System\lFuUjGV.exe
  C:\Windows\System\lFuUjGV.exe
  2⤵
  PID:7000
- C:\Windows\System\yxfZjVu.exe
  C:\Windows\System\yxfZjVu.exe
  2⤵
  PID:7016
- C:\Windows\System\jbMmtWk.exe
  C:\Windows\System\jbMmtWk.exe
  2⤵
  PID:7036
- C:\Windows\System\DMIigZE.exe
  C:\Windows\System\DMIigZE.exe
  2⤵
  PID:7056
- C:\Windows\System\HmgMaWU.exe
  C:\Windows\System\HmgMaWU.exe
  2⤵
  PID:7072
- C:\Windows\System\fUHxIcQ.exe
  C:\Windows\System\fUHxIcQ.exe
  2⤵
  PID:7092
- C:\Windows\System\EECdUNC.exe
  C:\Windows\System\EECdUNC.exe
  2⤵
  PID:7108
- C:\Windows\System\vmYsCrQ.exe
  C:\Windows\System\vmYsCrQ.exe
  2⤵
  PID:7132
- C:\Windows\System\LFnPSmF.exe
  C:\Windows\System\LFnPSmF.exe
  2⤵
  PID:7148
- C:\Windows\System\ECInjjw.exe
  C:\Windows\System\ECInjjw.exe
  2⤵
  PID:7164
- C:\Windows\System\TDSxSUJ.exe
  C:\Windows\System\TDSxSUJ.exe
  2⤵
  PID:6132
- C:\Windows\System\UlfdwAV.exe
  C:\Windows\System\UlfdwAV.exe
  2⤵
  PID:6200
- C:\Windows\System\YVAaKdz.exe
  C:\Windows\System\YVAaKdz.exe
  2⤵
  PID:6284
- C:\Windows\System\JJVdmCy.exe
  C:\Windows\System\JJVdmCy.exe
  2⤵
  PID:6364
- C:\Windows\System\cXEtJCP.exe
  C:\Windows\System\cXEtJCP.exe
  2⤵
  PID:5836
- C:\Windows\System\oSvQOGc.exe
  C:\Windows\System\oSvQOGc.exe
  2⤵
  PID:6476
- C:\Windows\System\XUiHAOG.exe
  C:\Windows\System\XUiHAOG.exe
  2⤵
  PID:6488
- C:\Windows\System\ulJBWUJ.exe
  C:\Windows\System\ulJBWUJ.exe
  2⤵
  PID:6500
- C:\Windows\System\nCucSLr.exe
  C:\Windows\System\nCucSLr.exe
  2⤵
  PID:6352
- C:\Windows\System\ePIznMe.exe
  C:\Windows\System\ePIznMe.exe
  2⤵
  PID:6452
- C:\Windows\System\IDDSGOD.exe
  C:\Windows\System\IDDSGOD.exe
  2⤵
  PID:6416
- C:\Windows\System\UtzxofR.exe
  C:\Windows\System\UtzxofR.exe
  2⤵
  PID:6472
- C:\Windows\System\iHRWWYu.exe
  C:\Windows\System\iHRWWYu.exe
  2⤵
  PID:6620
- C:\Windows\System\iNuTgDc.exe
  C:\Windows\System\iNuTgDc.exe
  2⤵
  PID:6540
- C:\Windows\System\ICViEcN.exe
  C:\Windows\System\ICViEcN.exe
  2⤵
  PID:6572
- C:\Windows\System\tYIyJMo.exe
  C:\Windows\System\tYIyJMo.exe
  2⤵
  PID:6640
- C:\Windows\System\oLFCZcd.exe
  C:\Windows\System\oLFCZcd.exe
  2⤵
  PID:6676
- C:\Windows\System\cKrMYlm.exe
  C:\Windows\System\cKrMYlm.exe
  2⤵
  PID:6828
- C:\Windows\System\PNAtdbO.exe
  C:\Windows\System\PNAtdbO.exe
  2⤵
  PID:6840
- C:\Windows\System\LgKjyyX.exe
  C:\Windows\System\LgKjyyX.exe
  2⤵
  PID:6824
- C:\Windows\System\cJzRuOE.exe
  C:\Windows\System\cJzRuOE.exe
  2⤵
  PID:6796
- C:\Windows\System\oRaadLY.exe
  C:\Windows\System\oRaadLY.exe
  2⤵
  PID:6892
- C:\Windows\System\MgAHtLM.exe
  C:\Windows\System\MgAHtLM.exe
  2⤵
  PID:6992
- C:\Windows\System\KjwFcWz.exe
  C:\Windows\System\KjwFcWz.exe
  2⤵
  PID:7032
- C:\Windows\System\IMvTcqW.exe
  C:\Windows\System\IMvTcqW.exe
  2⤵
  PID:7100
- C:\Windows\System\wzEBPrr.exe
  C:\Windows\System\wzEBPrr.exe
  2⤵
  PID:4356
- C:\Windows\System\EZinihx.exe
  C:\Windows\System\EZinihx.exe
  2⤵
  PID:6904
- C:\Windows\System\xZRjiKG.exe
  C:\Windows\System\xZRjiKG.exe
  2⤵
  PID:6260
- C:\Windows\System\xlOmavK.exe
  C:\Windows\System\xlOmavK.exe
  2⤵
  PID:7012
- C:\Windows\System\YsQEoJo.exe
  C:\Windows\System\YsQEoJo.exe
  2⤵
  PID:7128
- C:\Windows\System\NeqkePp.exe
  C:\Windows\System\NeqkePp.exe
  2⤵
  PID:6160
- C:\Windows\System\PEpDcTZ.exe
  C:\Windows\System\PEpDcTZ.exe
  2⤵
  PID:6240
- C:\Windows\System\bdeqxsM.exe
  C:\Windows\System\bdeqxsM.exe
  2⤵
  PID:6404
- C:\Windows\System\bVxGNMc.exe
  C:\Windows\System\bVxGNMc.exe
  2⤵
  PID:6300
- C:\Windows\System\jkbDNsA.exe
  C:\Windows\System\jkbDNsA.exe
  2⤵
  PID:6296
- C:\Windows\System\MULVSYc.exe
  C:\Windows\System\MULVSYc.exe
  2⤵
  PID:6468
- C:\Windows\System\IJzhKml.exe
  C:\Windows\System\IJzhKml.exe
  2⤵
  PID:6384
- C:\Windows\System\zCBoQcZ.exe
  C:\Windows\System\zCBoQcZ.exe
  2⤵
  PID:6536
- C:\Windows\System\TtWVqAj.exe
  C:\Windows\System\TtWVqAj.exe
  2⤵
  PID:6308
- C:\Windows\System\acQgywD.exe
  C:\Windows\System\acQgywD.exe
  2⤵
  PID:6588
- C:\Windows\System\KBFKjoL.exe
  C:\Windows\System\KBFKjoL.exe
  2⤵
  PID:6652
- C:\Windows\System\VWoXMsz.exe
  C:\Windows\System\VWoXMsz.exe
  2⤵
  PID:6520
- C:\Windows\System\zBWXrfJ.exe
  C:\Windows\System\zBWXrfJ.exe
  2⤵
  PID:6684
- C:\Windows\System\ExtIhQo.exe
  C:\Windows\System\ExtIhQo.exe
  2⤵
  PID:6712
- C:\Windows\System\IhyAAEp.exe
  C:\Windows\System\IhyAAEp.exe
  2⤵
  PID:6872
- C:\Windows\System\GyzxgrL.exe
  C:\Windows\System\GyzxgrL.exe
  2⤵
  PID:6956
- C:\Windows\System\qGgqTlP.exe
  C:\Windows\System\qGgqTlP.exe
  2⤵
  PID:6960
- C:\Windows\System\yPfOLbA.exe
  C:\Windows\System\yPfOLbA.exe
  2⤵
  PID:7144
- C:\Windows\System\HfgbbZE.exe
  C:\Windows\System\HfgbbZE.exe
  2⤵
  PID:6220
- C:\Windows\System\LpmBJrW.exe
  C:\Windows\System\LpmBJrW.exe
  2⤵
  PID:7120
- C:\Windows\System\XvJUoyp.exe
  C:\Windows\System\XvJUoyp.exe
  2⤵
  PID:6332
- C:\Windows\System\uOzqVxa.exe
  C:\Windows\System\uOzqVxa.exe
  2⤵
  PID:6224
- C:\Windows\System\PoTYKJD.exe
  C:\Windows\System\PoTYKJD.exe
  2⤵
  PID:6608
- C:\Windows\System\Vatqhhc.exe
  C:\Windows\System\Vatqhhc.exe
  2⤵
  PID:6176
- C:\Windows\System\BEHtoGt.exe
  C:\Windows\System\BEHtoGt.exe
  2⤵
  PID:6700
- C:\Windows\System\PnjwMtR.exe
  C:\Windows\System\PnjwMtR.exe
  2⤵
  PID:5472
- C:\Windows\System\RtaBZST.exe
  C:\Windows\System\RtaBZST.exe
  2⤵
  PID:6768
- C:\Windows\System\dGHYqdQ.exe
  C:\Windows\System\dGHYqdQ.exe
  2⤵
  PID:6244
- C:\Windows\System\uMOgEZy.exe
  C:\Windows\System\uMOgEZy.exe
  2⤵
  PID:7080
- C:\Windows\System\FDDQiKj.exe
  C:\Windows\System\FDDQiKj.exe
  2⤵
  PID:6764
- C:\Windows\System\dpbjexz.exe
  C:\Windows\System\dpbjexz.exe
  2⤵
  PID:7084
- C:\Windows\System\dfeIhhO.exe
  C:\Windows\System\dfeIhhO.exe
  2⤵
  PID:7008
- C:\Windows\System\CNmUVqV.exe
  C:\Windows\System\CNmUVqV.exe
  2⤵
  PID:6784
- C:\Windows\System\TMjEJyU.exe
  C:\Windows\System\TMjEJyU.exe
  2⤵
  PID:6504
- C:\Windows\System\QujnAop.exe
  C:\Windows\System\QujnAop.exe
  2⤵
  PID:6436
- C:\Windows\System\uzJqJWG.exe
  C:\Windows\System\uzJqJWG.exe
  2⤵
  PID:6976
- C:\Windows\System\uOykbCu.exe
  C:\Windows\System\uOykbCu.exe
  2⤵
  PID:6256
- C:\Windows\System\DSWJQgW.exe
  C:\Windows\System\DSWJQgW.exe
  2⤵
  PID:6344
- C:\Windows\System\yXLYTbl.exe
  C:\Windows\System\yXLYTbl.exe
  2⤵
  PID:7116
- C:\Windows\System\KHFDElK.exe
  C:\Windows\System\KHFDElK.exe
  2⤵
  PID:6696
- C:\Windows\System\SZUIzly.exe
  C:\Windows\System\SZUIzly.exe
  2⤵
  PID:6236
- C:\Windows\System\RHAwTTj.exe
  C:\Windows\System\RHAwTTj.exe
  2⤵
  PID:6732
- C:\Windows\System\TNzbGil.exe
  C:\Windows\System\TNzbGil.exe
  2⤵
  PID:6440
- C:\Windows\System\OvcdbKa.exe
  C:\Windows\System\OvcdbKa.exe
  2⤵
  PID:6752
- C:\Windows\System\zjEZIse.exe
  C:\Windows\System\zjEZIse.exe
  2⤵
  PID:7192
- C:\Windows\System\tdSbZUs.exe
  C:\Windows\System\tdSbZUs.exe
  2⤵
  PID:7208
- C:\Windows\System\iyOrxlW.exe
  C:\Windows\System\iyOrxlW.exe
  2⤵
  PID:7224
- C:\Windows\System\EDGEerK.exe
  C:\Windows\System\EDGEerK.exe
  2⤵
  PID:7240
- C:\Windows\System\YGDMGPi.exe
  C:\Windows\System\YGDMGPi.exe
  2⤵
  PID:7256
- C:\Windows\System\HeMrErE.exe
  C:\Windows\System\HeMrErE.exe
  2⤵
  PID:7292
- C:\Windows\System\mUOzWeD.exe
  C:\Windows\System\mUOzWeD.exe
  2⤵
  PID:7308
- C:\Windows\System\nxVLdtt.exe
  C:\Windows\System\nxVLdtt.exe
  2⤵
  PID:7328
- C:\Windows\System\qdOMGeT.exe
  C:\Windows\System\qdOMGeT.exe
  2⤵
  PID:7344
- C:\Windows\System\yQgfjdc.exe
  C:\Windows\System\yQgfjdc.exe
  2⤵
  PID:7364
- C:\Windows\System\TCmGEjk.exe
  C:\Windows\System\TCmGEjk.exe
  2⤵
  PID:7384
- C:\Windows\System\UpNuQmy.exe
  C:\Windows\System\UpNuQmy.exe
  2⤵
  PID:7408
- C:\Windows\System\gRmhgbK.exe
  C:\Windows\System\gRmhgbK.exe
  2⤵
  PID:7424
- C:\Windows\System\xldrXel.exe
  C:\Windows\System\xldrXel.exe
  2⤵
  PID:7440
- C:\Windows\System\kpeTuSo.exe
  C:\Windows\System\kpeTuSo.exe
  2⤵
  PID:7460
- C:\Windows\System\enQXPih.exe
  C:\Windows\System\enQXPih.exe
  2⤵
  PID:7476
- C:\Windows\System\HgguRHg.exe
  C:\Windows\System\HgguRHg.exe
  2⤵
  PID:7492
- C:\Windows\System\kZrPnzv.exe
  C:\Windows\System\kZrPnzv.exe
  2⤵
  PID:7512
- C:\Windows\System\VbZbwtw.exe
  C:\Windows\System\VbZbwtw.exe
  2⤵
  PID:7528
- C:\Windows\System\MBQWiPc.exe
  C:\Windows\System\MBQWiPc.exe
  2⤵
  PID:7544
- C:\Windows\System\HbIspop.exe
  C:\Windows\System\HbIspop.exe
  2⤵
  PID:7568
- C:\Windows\System\ioAorAa.exe
  C:\Windows\System\ioAorAa.exe
  2⤵
  PID:7592
- C:\Windows\System\HyYMAKt.exe
  C:\Windows\System\HyYMAKt.exe
  2⤵
  PID:7616
- C:\Windows\System\rIqGuIk.exe
  C:\Windows\System\rIqGuIk.exe
  2⤵
  PID:7640
- C:\Windows\System\yokwAte.exe
  C:\Windows\System\yokwAte.exe
  2⤵
  PID:7656
- C:\Windows\System\eGmhgQz.exe
  C:\Windows\System\eGmhgQz.exe
  2⤵
  PID:7692
- C:\Windows\System\vPImJeN.exe
  C:\Windows\System\vPImJeN.exe
  2⤵
  PID:7708
- C:\Windows\System\JkPDbyw.exe
  C:\Windows\System\JkPDbyw.exe
  2⤵
  PID:7724
- C:\Windows\System\bQhfHOi.exe
  C:\Windows\System\bQhfHOi.exe
  2⤵
  PID:7756
- C:\Windows\System\jZFKpXH.exe
  C:\Windows\System\jZFKpXH.exe
  2⤵
  PID:7772
- C:\Windows\System\cgZHRef.exe
  C:\Windows\System\cgZHRef.exe
  2⤵
  PID:7800
- C:\Windows\System\KVdlSuV.exe
  C:\Windows\System\KVdlSuV.exe
  2⤵
  PID:7816
- C:\Windows\System\KefOFzO.exe
  C:\Windows\System\KefOFzO.exe
  2⤵
  PID:7832
- C:\Windows\System\DkpHrHB.exe
  C:\Windows\System\DkpHrHB.exe
  2⤵
  PID:7852
- C:\Windows\System\yXdfCrZ.exe
  C:\Windows\System\yXdfCrZ.exe
  2⤵
  PID:7872
- C:\Windows\System\WwppBCQ.exe
  C:\Windows\System\WwppBCQ.exe
  2⤵
  PID:7888
- C:\Windows\System\UCpXFKk.exe
  C:\Windows\System\UCpXFKk.exe
  2⤵
  PID:7932
- C:\Windows\System\kTXTUAx.exe
  C:\Windows\System\kTXTUAx.exe
  2⤵
  PID:7948
- C:\Windows\System\wqxsVxz.exe
  C:\Windows\System\wqxsVxz.exe
  2⤵
  PID:7968
- C:\Windows\System\RRrzWMK.exe
  C:\Windows\System\RRrzWMK.exe
  2⤵
  PID:7984
- C:\Windows\System\QCtlYKi.exe
  C:\Windows\System\QCtlYKi.exe
  2⤵
  PID:8004
- C:\Windows\System\cCZCihr.exe
  C:\Windows\System\cCZCihr.exe
  2⤵
  PID:8024
- C:\Windows\System\rbDVZCa.exe
  C:\Windows\System\rbDVZCa.exe
  2⤵
  PID:8040
- C:\Windows\System\ZbsWpHT.exe
  C:\Windows\System\ZbsWpHT.exe
  2⤵
  PID:8060
- C:\Windows\System\WPtkERW.exe
  C:\Windows\System\WPtkERW.exe
  2⤵
  PID:8088
- C:\Windows\System\rBeQBib.exe
  C:\Windows\System\rBeQBib.exe
  2⤵
  PID:8104
- C:\Windows\System\SIffaGY.exe
  C:\Windows\System\SIffaGY.exe
  2⤵
  PID:8120
- C:\Windows\System\nozzHjo.exe
  C:\Windows\System\nozzHjo.exe
  2⤵
  PID:8136
- C:\Windows\System\MlsnAqO.exe
  C:\Windows\System\MlsnAqO.exe
  2⤵
  PID:8152
- C:\Windows\System\xNuscWx.exe
  C:\Windows\System\xNuscWx.exe
  2⤵
  PID:8168
- C:\Windows\System\gPVzjDg.exe
  C:\Windows\System\gPVzjDg.exe
  2⤵
  PID:8184
- C:\Windows\System\ToIresR.exe
  C:\Windows\System\ToIresR.exe
  2⤵
  PID:6380
- C:\Windows\System\TCrsQZm.exe
  C:\Windows\System\TCrsQZm.exe
  2⤵
  PID:7176
- C:\Windows\System\umSgghD.exe
  C:\Windows\System\umSgghD.exe
  2⤵
  PID:7216
- C:\Windows\System\gtFFscc.exe
  C:\Windows\System\gtFFscc.exe
  2⤵
  PID:6816
- C:\Windows\System\kaRVxja.exe
  C:\Windows\System\kaRVxja.exe
  2⤵
  PID:7276
- C:\Windows\System\fJRCMqQ.exe
  C:\Windows\System\fJRCMqQ.exe
  2⤵
  PID:7340
- C:\Windows\System\fbEPmKZ.exe
  C:\Windows\System\fbEPmKZ.exe
  2⤵
  PID:7284
- C:\Windows\System\NMVRcug.exe
  C:\Windows\System\NMVRcug.exe
  2⤵
  PID:7352
- C:\Windows\System\TmzWHAf.exe
  C:\Windows\System\TmzWHAf.exe
  2⤵
  PID:7420
- C:\Windows\System\jCwqpWn.exe
  C:\Windows\System\jCwqpWn.exe
  2⤵
  PID:7392
- C:\Windows\System\frsskPv.exe
  C:\Windows\System\frsskPv.exe
  2⤵
  PID:7456
- C:\Windows\System\xEtiXJg.exe
  C:\Windows\System\xEtiXJg.exe
  2⤵
  PID:7524
- C:\Windows\System\YfmwFLm.exe
  C:\Windows\System\YfmwFLm.exe
  2⤵
  PID:7600
- C:\Windows\System\OxiqjGM.exe
  C:\Windows\System\OxiqjGM.exe
  2⤵
  PID:7432
- C:\Windows\System\UGinQjv.exe
  C:\Windows\System\UGinQjv.exe
  2⤵
  PID:7668
- C:\Windows\System\QNFxTBq.exe
  C:\Windows\System\QNFxTBq.exe
  2⤵
  PID:7624
- C:\Windows\System\ioqChPZ.exe
  C:\Windows\System\ioqChPZ.exe
  2⤵
  PID:7672
- C:\Windows\System\BCaQnSL.exe
  C:\Windows\System\BCaQnSL.exe
  2⤵
  PID:7780
- C:\Windows\System\RIJIdqO.exe
  C:\Windows\System\RIJIdqO.exe
  2⤵
  PID:6456
- C:\Windows\System\HEGQJRr.exe
  C:\Windows\System\HEGQJRr.exe
  2⤵
  PID:7828
- C:\Windows\System\ElBMucl.exe
  C:\Windows\System\ElBMucl.exe
  2⤵
  PID:7768
- C:\Windows\System\lytGwiA.exe
  C:\Windows\System\lytGwiA.exe
  2⤵
  PID:7900
- C:\Windows\System\HZVygCU.exe
  C:\Windows\System\HZVygCU.exe
  2⤵
  PID:7920
- C:\Windows\System\PvXpZPI.exe
  C:\Windows\System\PvXpZPI.exe
  2⤵
  PID:7944
- C:\Windows\System\sgcyhCm.exe
  C:\Windows\System\sgcyhCm.exe
  2⤵
  PID:8012
- C:\Windows\System\mTxFpxx.exe
  C:\Windows\System\mTxFpxx.exe
  2⤵
  PID:7996
- C:\Windows\System\KGCIvDW.exe
  C:\Windows\System\KGCIvDW.exe
  2⤵
  PID:8068
- C:\Windows\System\eABsyCr.exe
  C:\Windows\System\eABsyCr.exe
  2⤵
  PID:8076
- C:\Windows\System\xENApwk.exe
  C:\Windows\System\xENApwk.exe
  2⤵
  PID:8052
- C:\Windows\System\gyDRFBh.exe
  C:\Windows\System\gyDRFBh.exe
  2⤵
  PID:8128
- C:\Windows\System\sfPMWmH.exe
  C:\Windows\System\sfPMWmH.exe
  2⤵
  PID:8148
- C:\Windows\System\CdiiloR.exe
  C:\Windows\System\CdiiloR.exe
  2⤵
  PID:7200
- C:\Windows\System\rJgzmSf.exe
  C:\Windows\System\rJgzmSf.exe
  2⤵
  PID:7316
- C:\Windows\System\qMoqMwK.exe
  C:\Windows\System\qMoqMwK.exe
  2⤵
  PID:7232
- C:\Windows\System\YWkHXxu.exe
  C:\Windows\System\YWkHXxu.exe
  2⤵
  PID:7504
- C:\Windows\System\PyhykxR.exe
  C:\Windows\System\PyhykxR.exe
  2⤵
  PID:7396
- C:\Windows\System\IvBLyCB.exe
  C:\Windows\System\IvBLyCB.exe
  2⤵
  PID:7360
- C:\Windows\System\tbpkoen.exe
  C:\Windows\System\tbpkoen.exe
  2⤵
  PID:7436
- C:\Windows\System\cAoapyv.exe
  C:\Windows\System\cAoapyv.exe
  2⤵
  PID:7488
- C:\Windows\System\GKHrooJ.exe
  C:\Windows\System\GKHrooJ.exe
  2⤵
  PID:7584
- C:\Windows\System\Zghevcu.exe
  C:\Windows\System\Zghevcu.exe
  2⤵
  PID:7636
- C:\Windows\System\DkamiWd.exe
  C:\Windows\System\DkamiWd.exe
  2⤵
  PID:7748
- C:\Windows\System\ekvTVvm.exe
  C:\Windows\System\ekvTVvm.exe
  2⤵
  PID:6432
- C:\Windows\System\kZwblme.exe
  C:\Windows\System\kZwblme.exe
  2⤵
  PID:7848
- C:\Windows\System\ozYpuqT.exe
  C:\Windows\System\ozYpuqT.exe
  2⤵
  PID:7864
- C:\Windows\System\geFXIYc.exe
  C:\Windows\System\geFXIYc.exe
  2⤵
  PID:7916
- C:\Windows\System\CziksiF.exe
  C:\Windows\System\CziksiF.exe
  2⤵
  PID:7880
- C:\Windows\System\SPLMQQK.exe
  C:\Windows\System\SPLMQQK.exe
  2⤵
  PID:7964
- C:\Windows\System\hEvsKze.exe
  C:\Windows\System\hEvsKze.exe
  2⤵
  PID:7980
- C:\Windows\System\jTDuWWF.exe
  C:\Windows\System\jTDuWWF.exe
  2⤵
  PID:8048
- C:\Windows\System\tpkgRFQ.exe
  C:\Windows\System\tpkgRFQ.exe
  2⤵
  PID:8144
- C:\Windows\System\xzaZIWk.exe
  C:\Windows\System\xzaZIWk.exe
  2⤵
  PID:6748
- C:\Windows\System\oVXjPwO.exe
  C:\Windows\System\oVXjPwO.exe
  2⤵
  PID:7280
- C:\Windows\System\FzmwRnJ.exe
  C:\Windows\System\FzmwRnJ.exe
  2⤵
  PID:7448
- C:\Windows\System\ncBDtXv.exe
  C:\Windows\System\ncBDtXv.exe
  2⤵
  PID:7356
- C:\Windows\System\cSudjVw.exe
  C:\Windows\System\cSudjVw.exe
  2⤵
  PID:7556
- C:\Windows\System\oPAhiJw.exe
  C:\Windows\System\oPAhiJw.exe
  2⤵
  PID:7652
- C:\Windows\System\gTeQvCH.exe
  C:\Windows\System\gTeQvCH.exe
  2⤵
  PID:7732
- C:\Windows\System\KhyXcbS.exe
  C:\Windows\System\KhyXcbS.exe
  2⤵
  PID:7688
- C:\Windows\System\iTkZIWP.exe
  C:\Windows\System\iTkZIWP.exe
  2⤵
  PID:7992
- C:\Windows\System\DnqAHIU.exe
  C:\Windows\System\DnqAHIU.exe
  2⤵
  PID:8080
- C:\Windows\System\FwvZcaA.exe
  C:\Windows\System\FwvZcaA.exe
  2⤵
  PID:8100
- C:\Windows\System\FtwaRZo.exe
  C:\Windows\System\FtwaRZo.exe
  2⤵
  PID:7272
- C:\Windows\System\oSlQQwG.exe
  C:\Windows\System\oSlQQwG.exe
  2⤵
  PID:7184
- C:\Windows\System\QXCnkvG.exe
  C:\Windows\System\QXCnkvG.exe
  2⤵
  PID:7564
- C:\Windows\System\oUuhBue.exe
  C:\Windows\System\oUuhBue.exe
  2⤵
  PID:7536
- C:\Windows\System\sORzFIf.exe
  C:\Windows\System\sORzFIf.exe
  2⤵
  PID:7684
- C:\Windows\System\TmmuEaI.exe
  C:\Windows\System\TmmuEaI.exe
  2⤵
  PID:7908
- C:\Windows\System\npfhYvf.exe
  C:\Windows\System\npfhYvf.exe
  2⤵
  PID:8176
- C:\Windows\System\rDYAngc.exe
  C:\Windows\System\rDYAngc.exe
  2⤵
  PID:7140
- C:\Windows\System\wCdfiaQ.exe
  C:\Windows\System\wCdfiaQ.exe
  2⤵
  PID:7400
- C:\Windows\System\mCZEIIi.exe
  C:\Windows\System\mCZEIIi.exe
  2⤵
  PID:7752
- C:\Windows\System\PUdcEYO.exe
  C:\Windows\System\PUdcEYO.exe
  2⤵
  PID:7720
- C:\Windows\System\wUmSeen.exe
  C:\Windows\System\wUmSeen.exe
  2⤵
  PID:7824
- C:\Windows\System\wyHrjkl.exe
  C:\Windows\System\wyHrjkl.exe
  2⤵
  PID:7664
- C:\Windows\System\TpCQSlx.exe
  C:\Windows\System\TpCQSlx.exe
  2⤵
  PID:7608
- C:\Windows\System\TEzoHrf.exe
  C:\Windows\System\TEzoHrf.exe
  2⤵
  PID:6716
- C:\Windows\System\sqQkOxb.exe
  C:\Windows\System\sqQkOxb.exe
  2⤵
  PID:8204
- C:\Windows\System\MoJZjoB.exe
  C:\Windows\System\MoJZjoB.exe
  2⤵
  PID:8228
- C:\Windows\System\idqlFon.exe
  C:\Windows\System\idqlFon.exe
  2⤵
  PID:8244
- C:\Windows\System\WECPVfH.exe
  C:\Windows\System\WECPVfH.exe
  2⤵
  PID:8264
- C:\Windows\System\rPARgDp.exe
  C:\Windows\System\rPARgDp.exe
  2⤵
  PID:8284
- C:\Windows\System\JnppPKW.exe
  C:\Windows\System\JnppPKW.exe
  2⤵
  PID:8300
- C:\Windows\System\TbLsFlF.exe
  C:\Windows\System\TbLsFlF.exe
  2⤵
  PID:8324
- C:\Windows\System\dREzalw.exe
  C:\Windows\System\dREzalw.exe
  2⤵
  PID:8348
- C:\Windows\System\Dbssvjy.exe
  C:\Windows\System\Dbssvjy.exe
  2⤵
  PID:8364
- C:\Windows\System\ouxGfCN.exe
  C:\Windows\System\ouxGfCN.exe
  2⤵
  PID:8384
- C:\Windows\System\VxrxReN.exe
  C:\Windows\System\VxrxReN.exe
  2⤵
  PID:8400
- C:\Windows\System\ixfljmU.exe
  C:\Windows\System\ixfljmU.exe
  2⤵
  PID:8420
- C:\Windows\System\RVnemVn.exe
  C:\Windows\System\RVnemVn.exe
  2⤵
  PID:8440
- C:\Windows\System\nxIJMVo.exe
  C:\Windows\System\nxIJMVo.exe
  2⤵
  PID:8456
- C:\Windows\System\MJdIiTR.exe
  C:\Windows\System\MJdIiTR.exe
  2⤵
  PID:8476
- C:\Windows\System\ZtZBncm.exe
  C:\Windows\System\ZtZBncm.exe
  2⤵
  PID:8500
- C:\Windows\System\FDtoyAg.exe
  C:\Windows\System\FDtoyAg.exe
  2⤵
  PID:8528
- C:\Windows\System\xghrcpA.exe
  C:\Windows\System\xghrcpA.exe
  2⤵
  PID:8556
- C:\Windows\System\JQiuVuv.exe
  C:\Windows\System\JQiuVuv.exe
  2⤵
  PID:8572
- C:\Windows\System\pLskOez.exe
  C:\Windows\System\pLskOez.exe
  2⤵
  PID:8596
- C:\Windows\System\myuWZXK.exe
  C:\Windows\System\myuWZXK.exe
  2⤵
  PID:8612
- C:\Windows\System\RwnPEjf.exe
  C:\Windows\System\RwnPEjf.exe
  2⤵
  PID:8632
- C:\Windows\System\eMbjlVa.exe
  C:\Windows\System\eMbjlVa.exe
  2⤵
  PID:8648
- C:\Windows\System\qSSOZXx.exe
  C:\Windows\System\qSSOZXx.exe
  2⤵
  PID:8680
- C:\Windows\System\jcyEOIq.exe
  C:\Windows\System\jcyEOIq.exe
  2⤵
  PID:8696
- C:\Windows\System\oSzIhUK.exe
  C:\Windows\System\oSzIhUK.exe
  2⤵
  PID:8716
- C:\Windows\System\nucXuCe.exe
  C:\Windows\System\nucXuCe.exe
  2⤵
  PID:8732
- C:\Windows\System\czMwYGS.exe
  C:\Windows\System\czMwYGS.exe
  2⤵
  PID:8748
- C:\Windows\System\pkJzcSv.exe
  C:\Windows\System\pkJzcSv.exe
  2⤵
  PID:8764
- C:\Windows\System\NqZvzoT.exe
  C:\Windows\System\NqZvzoT.exe
  2⤵
  PID:8784
- C:\Windows\System\zqHPCum.exe
  C:\Windows\System\zqHPCum.exe
  2⤵
  PID:8804
- C:\Windows\System\oPuOBZe.exe
  C:\Windows\System\oPuOBZe.exe
  2⤵
  PID:8840
- C:\Windows\System\eUnZZVh.exe
  C:\Windows\System\eUnZZVh.exe
  2⤵
  PID:8856
- C:\Windows\System\GbSywry.exe
  C:\Windows\System\GbSywry.exe
  2⤵
  PID:8880
- C:\Windows\System\zLvXlMa.exe
  C:\Windows\System\zLvXlMa.exe
  2⤵
  PID:8896
- C:\Windows\System\bzSHxUz.exe
  C:\Windows\System\bzSHxUz.exe
  2⤵
  PID:8916
- C:\Windows\System\jsEOSsz.exe
  C:\Windows\System\jsEOSsz.exe
  2⤵
  PID:8932
- C:\Windows\System\ZWkgbbR.exe
  C:\Windows\System\ZWkgbbR.exe
  2⤵
  PID:8952
- C:\Windows\System\cfuVQIn.exe
  C:\Windows\System\cfuVQIn.exe
  2⤵
  PID:8968
- C:\Windows\System\QKQgmyF.exe
  C:\Windows\System\QKQgmyF.exe
  2⤵
  PID:8988
- C:\Windows\System\kXngnAa.exe
  C:\Windows\System\kXngnAa.exe
  2⤵
  PID:9016
- C:\Windows\System\flzKAIY.exe
  C:\Windows\System\flzKAIY.exe
  2⤵
  PID:9040
- C:\Windows\System\KeGqtza.exe
  C:\Windows\System\KeGqtza.exe
  2⤵
  PID:9060
- C:\Windows\System\CujwgLv.exe
  C:\Windows\System\CujwgLv.exe
  2⤵
  PID:9088
- C:\Windows\System\XEpetCj.exe
  C:\Windows\System\XEpetCj.exe
  2⤵
  PID:9108
- C:\Windows\System\pjJNoZo.exe
  C:\Windows\System\pjJNoZo.exe
  2⤵
  PID:9124
- C:\Windows\System\twGnLHg.exe
  C:\Windows\System\twGnLHg.exe
  2⤵
  PID:9140
- C:\Windows\System\HKPzmoR.exe
  C:\Windows\System\HKPzmoR.exe
  2⤵
  PID:9160
- C:\Windows\System\ZaiAOsl.exe
  C:\Windows\System\ZaiAOsl.exe
  2⤵
  PID:9184
- C:\Windows\System\DZzeBKX.exe
  C:\Windows\System\DZzeBKX.exe
  2⤵
  PID:9200
- C:\Windows\System\ZZsbDUj.exe
  C:\Windows\System\ZZsbDUj.exe
  2⤵
  PID:8196
- C:\Windows\System\oFMZfTV.exe
  C:\Windows\System\oFMZfTV.exe
  2⤵
  PID:8236
- C:\Windows\System\PvzzWar.exe
  C:\Windows\System\PvzzWar.exe
  2⤵
  PID:8260
- C:\Windows\System\dhxGDhm.exe
  C:\Windows\System\dhxGDhm.exe
  2⤵
  PID:8312
- C:\Windows\System\KhMHCof.exe
  C:\Windows\System\KhMHCof.exe
  2⤵
  PID:8320
- C:\Windows\System\clqKzVY.exe
  C:\Windows\System\clqKzVY.exe
  2⤵
  PID:8340
- C:\Windows\System\XTPCMyu.exe
  C:\Windows\System\XTPCMyu.exe
  2⤵
  PID:8376
- C:\Windows\System\HdTIGgY.exe
  C:\Windows\System\HdTIGgY.exe
  2⤵
  PID:8428
- C:\Windows\System\zYrAQVY.exe
  C:\Windows\System\zYrAQVY.exe
  2⤵
  PID:8452
- C:\Windows\System\CscSNhf.exe
  C:\Windows\System\CscSNhf.exe
  2⤵
  PID:8488
- C:\Windows\System\rnnUuZM.exe
  C:\Windows\System\rnnUuZM.exe
  2⤵
  PID:8520
- C:\Windows\System\oPTtQpx.exe
  C:\Windows\System\oPTtQpx.exe
  2⤵
  PID:8540
- C:\Windows\System\AUUxtdt.exe
  C:\Windows\System\AUUxtdt.exe
  2⤵
  PID:8580
- C:\Windows\System\jiRKUZH.exe
  C:\Windows\System\jiRKUZH.exe
  2⤵
  PID:8604
- C:\Windows\System\JFBBrxJ.exe
  C:\Windows\System\JFBBrxJ.exe
  2⤵
  PID:8656
- C:\Windows\System\tGaAoxU.exe
  C:\Windows\System\tGaAoxU.exe
  2⤵
  PID:8620
- C:\Windows\System\lqdmFNY.exe
  C:\Windows\System\lqdmFNY.exe
  2⤵
  PID:8796
- C:\Windows\System\CDmcHQD.exe
  C:\Windows\System\CDmcHQD.exe
  2⤵
  PID:8772
- C:\Windows\System\eRcAfHW.exe
  C:\Windows\System\eRcAfHW.exe
  2⤵
  PID:8780
- C:\Windows\System\VClpqGE.exe
  C:\Windows\System\VClpqGE.exe
  2⤵
  PID:8828
- C:\Windows\System\acUEJZd.exe
  C:\Windows\System\acUEJZd.exe
  2⤵
  PID:8872
- C:\Windows\System\QmsDitQ.exe
  C:\Windows\System\QmsDitQ.exe
  2⤵
  PID:8904
- C:\Windows\System\AKPBTgi.exe
  C:\Windows\System\AKPBTgi.exe
  2⤵
  PID:8964
- C:\Windows\System\WVyAxgd.exe
  C:\Windows\System\WVyAxgd.exe
  2⤵
  PID:9004
- C:\Windows\System\cDgjQgN.exe
  C:\Windows\System\cDgjQgN.exe
  2⤵
  PID:9008
- C:\Windows\System\oZroujF.exe
  C:\Windows\System\oZroujF.exe
  2⤵
  PID:9048
- C:\Windows\System\IYzducC.exe
  C:\Windows\System\IYzducC.exe
  2⤵
  PID:9076
- C:\Windows\System\vHyJzrN.exe
  C:\Windows\System\vHyJzrN.exe
  2⤵
  PID:9100
- C:\Windows\System\JygDYEO.exe
  C:\Windows\System\JygDYEO.exe
  2⤵
  PID:9136
- C:\Windows\System\ajHZUzB.exe
  C:\Windows\System\ajHZUzB.exe
  2⤵
  PID:9176
- C:\Windows\System\tygiAQK.exe
  C:\Windows\System\tygiAQK.exe
  2⤵
  PID:9212
- C:\Windows\System\LHZAGih.exe
  C:\Windows\System\LHZAGih.exe
  2⤵
  PID:8316
- C:\Windows\System\oUbAQDw.exe
  C:\Windows\System\oUbAQDw.exe
  2⤵
  PID:8432
- C:\Windows\System\vYEVUyR.exe
  C:\Windows\System\vYEVUyR.exe
  2⤵
  PID:8552
- C:\Windows\System\vhyfhsn.exe
  C:\Windows\System\vhyfhsn.exe
  2⤵
  PID:8644
- C:\Windows\System\eYCmyyj.exe
  C:\Windows\System\eYCmyyj.exe
  2⤵
  PID:8472
- C:\Windows\System\YJNUftq.exe
  C:\Windows\System\YJNUftq.exe
  2⤵
  PID:8396
- C:\Windows\System\liZiveu.exe
  C:\Windows\System\liZiveu.exe
  2⤵
  PID:8408
- C:\Windows\System\wsDnFvD.exe
  C:\Windows\System\wsDnFvD.exe
  2⤵
  PID:9196
- C:\Windows\System\ZpZEkMS.exe
  C:\Windows\System\ZpZEkMS.exe
  2⤵
  PID:8272
- C:\Windows\System\xrLseyK.exe
  C:\Windows\System\xrLseyK.exe
  2⤵
  PID:8756
- C:\Windows\System\vBOuGpw.exe
  C:\Windows\System\vBOuGpw.exe
  2⤵
  PID:8708
- C:\Windows\System\JRjdiwK.exe
  C:\Windows\System\JRjdiwK.exe
  2⤵
  PID:8820
- C:\Windows\System\mHWwqCz.exe
  C:\Windows\System\mHWwqCz.exe
  2⤵
  PID:8892
- C:\Windows\System\mVHPUeB.exe
  C:\Windows\System\mVHPUeB.exe
  2⤵
  PID:8980
- C:\Windows\System\Ibptkbg.exe
  C:\Windows\System\Ibptkbg.exe
  2⤵
  PID:9052
- C:\Windows\System\GpEeGPI.exe
  C:\Windows\System\GpEeGPI.exe
  2⤵
  PID:9068
- C:\Windows\System\QUEGDGn.exe
  C:\Windows\System\QUEGDGn.exe
  2⤵
  PID:9148
- C:\Windows\System\lUJDJTz.exe
  C:\Windows\System\lUJDJTz.exe
  2⤵
  PID:9096
- C:\Windows\System\wNoVdVC.exe
  C:\Windows\System\wNoVdVC.exe
  2⤵
  PID:8492
- C:\Windows\System\pGLsVNc.exe
  C:\Windows\System\pGLsVNc.exe
  2⤵
  PID:8628
- C:\Windows\System\MqtozmA.exe
  C:\Windows\System\MqtozmA.exe
  2⤵
  PID:8212
- C:\Windows\System\vqDdFXk.exe
  C:\Windows\System\vqDdFXk.exe
  2⤵
  PID:8688
- C:\Windows\System\SfIPFMZ.exe
  C:\Windows\System\SfIPFMZ.exe
  2⤵
  PID:8740
- C:\Windows\System\jFEXZlu.exe
  C:\Windows\System\jFEXZlu.exe
  2⤵
  PID:8760
- C:\Windows\System\gskXeQd.exe
  C:\Windows\System\gskXeQd.exe
  2⤵
  PID:8672
- C:\Windows\System\dnZoJkd.exe
  C:\Windows\System\dnZoJkd.exe
  2⤵
  PID:8928
- C:\Windows\System\UXznrrN.exe
  C:\Windows\System\UXznrrN.exe
  2⤵
  PID:8776
- C:\Windows\System\gpaeHdA.exe
  C:\Windows\System\gpaeHdA.exe
  2⤵
  PID:9120
- C:\Windows\System\qxZzxjH.exe
  C:\Windows\System\qxZzxjH.exe
  2⤵
  PID:8224
- C:\Windows\System\jPQVzpr.exe
  C:\Windows\System\jPQVzpr.exe
  2⤵
  PID:8344
- C:\Windows\System\pXSXsOJ.exe
  C:\Windows\System\pXSXsOJ.exe
  2⤵
  PID:8588
- C:\Windows\System\IjRuhCv.exe
  C:\Windows\System\IjRuhCv.exe
  2⤵
  PID:8548
- C:\Windows\System\eyQAwTa.exe
  C:\Windows\System\eyQAwTa.exe
  2⤵
  PID:9000
- C:\Windows\System\vJkAKmF.exe
  C:\Windows\System\vJkAKmF.exe
  2⤵
  PID:8496
- C:\Windows\System\nJXsIgH.exe
  C:\Windows\System\nJXsIgH.exe
  2⤵
  PID:8724
- C:\Windows\System\bWjjClj.exe
  C:\Windows\System\bWjjClj.exe
  2⤵
  PID:8516
- C:\Windows\System\ByYJKKD.exe
  C:\Windows\System\ByYJKKD.exe
  2⤵
  PID:9208
- C:\Windows\System\vDygAiL.exe
  C:\Windows\System\vDygAiL.exe
  2⤵
  PID:9028
- C:\Windows\System\peNuUyh.exe
  C:\Windows\System\peNuUyh.exe
  2⤵
  PID:8864
- C:\Windows\System\JiCDlJK.exe
  C:\Windows\System\JiCDlJK.exe
  2⤵
  PID:8296
- C:\Windows\System\OUgDBSQ.exe
  C:\Windows\System\OUgDBSQ.exe
  2⤵
  PID:9072
- C:\Windows\System\qPDHSYT.exe
  C:\Windows\System\qPDHSYT.exe
  2⤵
  PID:8292
- C:\Windows\System\ofeMIHi.exe
  C:\Windows\System\ofeMIHi.exe
  2⤵
  PID:8848
- C:\Windows\System\DKpvteB.exe
  C:\Windows\System\DKpvteB.exe
  2⤵
  PID:8940
- C:\Windows\System\PHnfNjc.exe
  C:\Windows\System\PHnfNjc.exe
  2⤵
  PID:9224
- C:\Windows\System\YnSjSqT.exe
  C:\Windows\System\YnSjSqT.exe
  2⤵
  PID:9244
- C:\Windows\System\IomiRqU.exe
  C:\Windows\System\IomiRqU.exe
  2⤵
  PID:9264
- C:\Windows\System\xUTmpNt.exe
  C:\Windows\System\xUTmpNt.exe
  2⤵
  PID:9284
- C:\Windows\System\DdhZxzz.exe
  C:\Windows\System\DdhZxzz.exe
  2⤵
  PID:9304
- C:\Windows\System\ajWZllU.exe
  C:\Windows\System\ajWZllU.exe
  2⤵
  PID:9320
- C:\Windows\System\lAjYVaZ.exe
  C:\Windows\System\lAjYVaZ.exe
  2⤵
  PID:9360
- C:\Windows\System\qLKdSlc.exe
  C:\Windows\System\qLKdSlc.exe
  2⤵
  PID:9380
- C:\Windows\System\EXWlWnU.exe
  C:\Windows\System\EXWlWnU.exe
  2⤵
  PID:9396
- C:\Windows\System\cEpbXWD.exe
  C:\Windows\System\cEpbXWD.exe
  2⤵
  PID:9412
- C:\Windows\System\cknEcvE.exe
  C:\Windows\System\cknEcvE.exe
  2⤵
  PID:9428
- C:\Windows\System\pgOupCx.exe
  C:\Windows\System\pgOupCx.exe
  2⤵
  PID:9452
- C:\Windows\System\iXFzXhC.exe
  C:\Windows\System\iXFzXhC.exe
  2⤵
  PID:9484
- C:\Windows\System\kGYWGbm.exe
  C:\Windows\System\kGYWGbm.exe
  2⤵
  PID:9500
- C:\Windows\System\BIzCxNI.exe
  C:\Windows\System\BIzCxNI.exe
  2⤵
  PID:9520
- C:\Windows\System\dzNKUux.exe
  C:\Windows\System\dzNKUux.exe
  2⤵
  PID:9536
- C:\Windows\System\iQYNCWY.exe
  C:\Windows\System\iQYNCWY.exe
  2⤵
  PID:9552
- C:\Windows\System\cgIzLqE.exe
  C:\Windows\System\cgIzLqE.exe
  2⤵
  PID:9568
- C:\Windows\System\AlfGYpj.exe
  C:\Windows\System\AlfGYpj.exe
  2⤵
  PID:9588
- C:\Windows\System\HADvvdp.exe
  C:\Windows\System\HADvvdp.exe
  2⤵
  PID:9604
- C:\Windows\System\HycuvZy.exe
  C:\Windows\System\HycuvZy.exe
  2⤵
  PID:9628
- C:\Windows\System\hgnfWLS.exe
  C:\Windows\System\hgnfWLS.exe
  2⤵
  PID:9660
- C:\Windows\System\cwxxLjG.exe
  C:\Windows\System\cwxxLjG.exe
  2⤵
  PID:9680
- C:\Windows\System\iENqBgw.exe
  C:\Windows\System\iENqBgw.exe
  2⤵
  PID:9696
- C:\Windows\System\mfGxWNt.exe
  C:\Windows\System\mfGxWNt.exe
  2⤵
  PID:9720
- C:\Windows\System\ZAzYiaY.exe
  C:\Windows\System\ZAzYiaY.exe
  2⤵
  PID:9736
- C:\Windows\System\JPuBwZr.exe
  C:\Windows\System\JPuBwZr.exe
  2⤵
  PID:9756
- C:\Windows\System\oiUuwCK.exe
  C:\Windows\System\oiUuwCK.exe
  2⤵
  PID:9776
- C:\Windows\System\nZJGreC.exe
  C:\Windows\System\nZJGreC.exe
  2⤵
  PID:9796
- C:\Windows\System\cscDepf.exe
  C:\Windows\System\cscDepf.exe
  2⤵
  PID:9812
- C:\Windows\System\tphHlJg.exe
  C:\Windows\System\tphHlJg.exe
  2⤵
  PID:9832
- C:\Windows\System\pTyViox.exe
  C:\Windows\System\pTyViox.exe
  2⤵
  PID:9848
- C:\Windows\System\jGQjxAU.exe
  C:\Windows\System\jGQjxAU.exe
  2⤵
  PID:9872
- C:\Windows\System\HGTynUO.exe
  C:\Windows\System\HGTynUO.exe
  2⤵
  PID:9900
- C:\Windows\System\OTHxCrL.exe
  C:\Windows\System\OTHxCrL.exe
  2⤵
  PID:9916
- C:\Windows\System\GpyiNqN.exe
  C:\Windows\System\GpyiNqN.exe
  2⤵
  PID:9932
- C:\Windows\System\PNgAGEk.exe
  C:\Windows\System\PNgAGEk.exe
  2⤵
  PID:9956
- C:\Windows\System\sJqZUUI.exe
  C:\Windows\System\sJqZUUI.exe
  2⤵
  PID:9976
- C:\Windows\System\YKunivb.exe
  C:\Windows\System\YKunivb.exe
  2⤵
  PID:10004
- C:\Windows\System\AMwbHRi.exe
  C:\Windows\System\AMwbHRi.exe
  2⤵
  PID:10020
- C:\Windows\System\nARDMdJ.exe
  C:\Windows\System\nARDMdJ.exe
  2⤵
  PID:10044
- C:\Windows\System\RDcwASz.exe
  C:\Windows\System\RDcwASz.exe
  2⤵
  PID:10068
- C:\Windows\System\odtrTbd.exe
  C:\Windows\System\odtrTbd.exe
  2⤵
  PID:10084
- C:\Windows\System\ROmmaEH.exe
  C:\Windows\System\ROmmaEH.exe
  2⤵
  PID:10100
- C:\Windows\System\yvWFXSF.exe
  C:\Windows\System\yvWFXSF.exe
  2⤵
  PID:10116
- C:\Windows\System\uICNZvz.exe
  C:\Windows\System\uICNZvz.exe
  2⤵
  PID:10152
- C:\Windows\System\obiJEnJ.exe
  C:\Windows\System\obiJEnJ.exe
  2⤵
  PID:10168
- C:\Windows\System\RDxDrqZ.exe
  C:\Windows\System\RDxDrqZ.exe
  2⤵
  PID:10184
- C:\Windows\System\fAtVrXZ.exe
  C:\Windows\System\fAtVrXZ.exe
  2⤵
  PID:10204
- C:\Windows\System\ZpaSkvg.exe
  C:\Windows\System\ZpaSkvg.exe
  2⤵
  PID:10220
- C:\Windows\System\ULbhWbi.exe
  C:\Windows\System\ULbhWbi.exe
  2⤵
  PID:8252
- C:\Windows\System\rasvBwI.exe
  C:\Windows\System\rasvBwI.exe
  2⤵
  PID:8812
- C:\Windows\System\unMDypl.exe
  C:\Windows\System\unMDypl.exe
  2⤵
  PID:9276
- C:\Windows\System\OaXWUTL.exe
  C:\Windows\System\OaXWUTL.exe
  2⤵
  PID:9328
- C:\Windows\System\lwRupxf.exe
  C:\Windows\System\lwRupxf.exe
  2⤵
  PID:9292
- C:\Windows\System\IZkJdWk.exe
  C:\Windows\System\IZkJdWk.exe
  2⤵
  PID:9368
- C:\Windows\System\QuQEmXS.exe
  C:\Windows\System\QuQEmXS.exe
  2⤵
  PID:9436
- C:\Windows\System\gIIcwJm.exe
  C:\Windows\System\gIIcwJm.exe
  2⤵
  PID:9392
- C:\Windows\System\APdHxiC.exe
  C:\Windows\System\APdHxiC.exe
  2⤵
  PID:9476
- C:\Windows\System\nAZYLdg.exe
  C:\Windows\System\nAZYLdg.exe
  2⤵
  PID:9512
- C:\Windows\System\CgXczVs.exe
  C:\Windows\System\CgXczVs.exe
  2⤵
  PID:9564
- C:\Windows\System\diumsOB.exe
  C:\Windows\System\diumsOB.exe
  2⤵
  PID:9636
- C:\Windows\System\Nkxdsdj.exe
  C:\Windows\System\Nkxdsdj.exe
  2⤵
  PID:9656
- C:\Windows\System\zmGgvGu.exe
  C:\Windows\System\zmGgvGu.exe
  2⤵
  PID:9616
- C:\Windows\System\VZjBfVM.exe
  C:\Windows\System\VZjBfVM.exe
  2⤵
  PID:9688
- C:\Windows\System\vkbYnXT.exe
  C:\Windows\System\vkbYnXT.exe
  2⤵
  PID:9728
- C:\Windows\System\CLMHEuV.exe
  C:\Windows\System\CLMHEuV.exe
  2⤵
  PID:9772
- C:\Windows\System\gVtaBWb.exe
  C:\Windows\System\gVtaBWb.exe
  2⤵
  PID:9892
- C:\Windows\System\TMyXZJC.exe
  C:\Windows\System\TMyXZJC.exe
  2⤵
  PID:9888
- C:\Windows\System\XYlmbHl.exe
  C:\Windows\System\XYlmbHl.exe
  2⤵
  PID:9824
- C:\Windows\System\PvHURRZ.exe
  C:\Windows\System\PvHURRZ.exe
  2⤵
  PID:9788
- C:\Windows\System\TaiPQGu.exe
  C:\Windows\System\TaiPQGu.exe
  2⤵
  PID:9944
- C:\Windows\System\qyPYYpb.exe
  C:\Windows\System\qyPYYpb.exe
  2⤵
  PID:9952
- C:\Windows\System\JSuKGzE.exe
  C:\Windows\System\JSuKGzE.exe
  2⤵
  PID:10000
- C:\Windows\System\JWngpws.exe
  C:\Windows\System\JWngpws.exe
  2⤵
  PID:10016
- C:\Windows\System\wUebHdJ.exe
  C:\Windows\System\wUebHdJ.exe
  2⤵
  PID:10096
- C:\Windows\System\vXvArIL.exe
  C:\Windows\System\vXvArIL.exe
  2⤵
  PID:10040
- C:\Windows\System\RtKzTWe.exe
  C:\Windows\System\RtKzTWe.exe
  2⤵
  PID:10140
- C:\Windows\System\lVORLvc.exe
  C:\Windows\System\lVORLvc.exe
  2⤵
  PID:10180
- C:\Windows\System\IoNUerc.exe
  C:\Windows\System\IoNUerc.exe
  2⤵
  PID:8640
- C:\Windows\System\wLZwvFR.exe
  C:\Windows\System\wLZwvFR.exe
  2⤵
  PID:9232
- C:\Windows\System\biMBHtU.exe
  C:\Windows\System\biMBHtU.exe
  2⤵
  PID:9272
- C:\Windows\System\AJCRDZy.exe
  C:\Windows\System\AJCRDZy.exe
  2⤵
  PID:9256
- C:\Windows\System\FlWRYVf.exe
  C:\Windows\System\FlWRYVf.exe
  2⤵
  PID:9356
- C:\Windows\System\bJIOiTn.exe
  C:\Windows\System\bJIOiTn.exe
  2⤵
  PID:9460
- C:\Windows\System\zxJAsBU.exe
  C:\Windows\System\zxJAsBU.exe
  2⤵
  PID:9376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EpYqDtD.exe

Filesize
6.0MB

MD5
64ebeed673d0a03b22d80a8dddb31c09

SHA1
b916db6009146a05714ee272ef3671b1f60620c2

SHA256
c77e2235354df6a1d4dad512198bd91250dfaa4ffe5cf8c3e9ba7d5b47c5bdb2

SHA512
0c175ab7a05be1fc17621b3e258af1f93bbf487dc28f87d5f0e9fff223ce003e2fe1092341f869e2fc235d219bee4a627fd42807653fa0150f20c9ab58bd0bc5

Download Submit
C:\Windows\system\LcCirCd.exe

Filesize
6.0MB

MD5
a5d8928a6f6884fd78dadbeb6bd7a998

SHA1
2147c26fff8325cbca285b4bf03442a8bfa49ff9

SHA256
8a1adcff0d34fc45a8fecbc0d2ac840e418342b815899cf3e7776b34516695c5

SHA512
e67204cbd19875e4140b0f9344ac6e3f4fa4ba2ee6a19453f40126f5ad700fe7fe27ee65c7b0bb98500a12b4ea73cbfa8a5bba6d0f7e7923e0a2523d851af275

Download Submit
C:\Windows\system\PkrLZvk.exe

Filesize
6.0MB

MD5
67d27d71ce470e916856a877503ee552

SHA1
d7f9453586f5e74ec18ae67d6f38c84ad971e01e

SHA256
7e57ed24853f2d38cfce545141920da657aee59e59ffe5587bca8f06e2c116a9

SHA512
00c49b78b0b0486379752f0928e60bd4000580f3b3979e819b7f98ff0937e60f28fe8fa9caa34842ac1450232e82dff4381670d32fb6370339bcb1e34f7d16b1

Download Submit
C:\Windows\system\WBlSjJM.exe

Filesize
6.0MB

MD5
222ae7a5afb72c43429ebd8272dcbcaf

SHA1
ac0aa4ad45550ae1932a6081147e2e76b913439f

SHA256
d45643db326615d7ede9125ceab28b2bfb7e1b2a00112e2314c16908b440012f

SHA512
1e93eb48cf006557e973a3e4cdfc37030e7c20e9a17b35e703ae2f05f76f93e2aae4d777efe547a16399a4004b51f4434d023a5746febbb7bd3568210edc197d

Download Submit
C:\Windows\system\XFNKTUQ.exe

Filesize
6.0MB

MD5
3561460a212b2db458e5c180863bf23d

SHA1
2a6e69c86e5d835d2b2653f9cdd36ce3777ac079

SHA256
00498c7325f8f0d39ad20905b39faafc211f8133fc2a1afaf34ab9cdf4631600

SHA512
faf2917acd78ab605d2ca73805af1e767231e7751db840ec5a5ff5726b3d719ae675f3ea86ff5c4438cdd7bfbaf8e843611452c2794d6d078119fc029fedd4dd

Download Submit
C:\Windows\system\YRBfDpj.exe

Filesize
6.0MB

MD5
9bc9df5c914909665a7ff6c199b9fcc1

SHA1
15b0f81de031486835134bf85eb04afad7914215

SHA256
f1da1c7b7f41d7fd19d6f7c0f8aeca3b4dba6b1633efd731b818f0a69dbd2f24

SHA512
ea463802f92ccf17705276c96b5b612126351edae570905c545e454abc324b52fb55a419953d37b10403f3ce31d68bb0f647b8c0f8529a36c2258bb9cde21fc5

Download Submit
C:\Windows\system\fwIAhcG.exe

Filesize
6.0MB

MD5
872062cb9e7b05af29ec3e152838e3d0

SHA1
6284ba3926c3ea4827738bc9a36369b9ed883e7a

SHA256
5c06765064aea97e885830fa3327459787f3c2fe118d8110ee12f8e552782aaa

SHA512
b21b54f4e5b95ca344652d9b7460993a46f9290fe5e2125586c89e326fb1bdae38f0d856cef68ff1dfd1b51d8399ee9996fca6d302bdde3168cc605caeee4123

Download Submit
C:\Windows\system\iJmuBdd.exe

Filesize
6.0MB

MD5
d79c4c4d587aaf6783bad78995be6fa4

SHA1
3b6eba658273a4876b7eefb6d77496bbd3c6f0bb

SHA256
ac016adc87387870cf79a393488448927ab935f6d469f5419df92708c61a7048

SHA512
7e0ab43d6cfaeb4609e6e1415aece60290108018cbe2be051f5f4584fb17eaa19001a06a0eaaf27fd7420cc379e8d8febd9137af954863be2484ba352ad5aad3

Download Submit
C:\Windows\system\iSwZfGS.exe

Filesize
6.0MB

MD5
4282721d6e61fbf24690e0f3e2546509

SHA1
e7cf1419dbae29eaef0c745542e113db1acfd20e

SHA256
d37d3796c4e9aa6db47007e823e1b0664cdf6eba58e82c4965493792183aec94

SHA512
7f18959df15451a1af06e7e22032dc16e6c856838a3523a3545a3032152922dde68a6c00c5403c15d16efd1f88ee5e0ecff5a80bf198aebe8309fb096ba79c1b

Download Submit
C:\Windows\system\jqgHeYc.exe

Filesize
6.0MB

MD5
810f55083a60e2a652f3b648e85bad9e

SHA1
bedfe024ee46f39f7070ec8f8f80491d33e9e424

SHA256
c0c67fa38d132c3c17270aba52cadf77921a5940a1ed4d939ba9933a8b4493cc

SHA512
6bcd7929664dd6b61e5672a9627ead084a14a6af395dd565ecfba9442d28a2656e77cc8e1df67dd63380e3296d616de50b991abcac6df8f55a720231f6695e4b

Download Submit
C:\Windows\system\kZaSVwT.exe

Filesize
6.0MB

MD5
f589914a34c02df8ad2cf91fcac55bae

SHA1
addbd1314bddc93dc9d133a53c4e41661fc6111e

SHA256
2dcd69e6f9f4e07dada82ffe3fa7455ca24e5e6634301a9ddb6e5f746200d7f2

SHA512
8ca9b93d3e5d7435afcdebbeb7dc518c698271b1e89c287e21ea3ea32a163dc39ed264c716959c35d74a997ee904efddd65a084f2341c7c47cad6d48489fde51

Download Submit
C:\Windows\system\lPxcmkn.exe

Filesize
6.0MB

MD5
c3f11aeb50b992a4416d64b70f36d1d1

SHA1
aa18b18ca13752ddbce18e476857749d8a005976

SHA256
45c84a84763197e94f372a31d36ddfabd93d673ddc3270683b78e120c7fd6122

SHA512
03251567cb4219e858aca75c2d2005c81e5c8ce539148476bf614e1bebd21e1b753a2800f394791c5fe05645e5d010e70d1f4c00de096d616ef80c6c2c668872

Download Submit
C:\Windows\system\nITfWJU.exe

Filesize
6.0MB

MD5
0da498062cb8faa21c4fddb8d9fa89f2

SHA1
27d92c561310b9265b87053e57a1f19a91538262

SHA256
679b5233e24cbb61661e069d853fd4a60239f89875ced2e6a27cdadb6dfe698d

SHA512
514338bacfc1a4732c1a0d5989acad9ab50bd7a0f321d71f0456f8a3ce636aba0ee5cdf2a1f46c2faf0822f4faf50464cb6a700538d1abad1d1318f9c34465e2

Download Submit
C:\Windows\system\nSPrrnl.exe

Filesize
6.0MB

MD5
3b812f8dc40e08f4f5325bc010ad377d

SHA1
5b444ebbe881cb0c8ceb1ce79d50af6d4179f6a0

SHA256
b71a0e2ec22ae6ff9d81dabddbc6be88fa91b72822adc44ae84bb365ac3873f3

SHA512
cb2d683a8e83472ef8a107632abf9863359aa1623f03b893dd829711e61cf19d65fecf8eace74421c49710c7519d4b5fb4b6e5d071a06d4cb173e2b7ffeb1b43

Download Submit
C:\Windows\system\oepMORA.exe

Filesize
6.0MB

MD5
e24199ae2ff75b5281194ef96a378ef1

SHA1
95f060369e1c658350793ef5b3858cf3aac352b4

SHA256
de6289fb6ce7b69397621184d45177c66bbccf553b16b1a872395da9d0411190

SHA512
acfaea9a517eebe125de2faa8704f27a7a4b4913d949dafd9bf7ac0da2d269293733657f835ad6e81acb305e8649e79fcefcf0a4b7c6389fcfc0ec87932b720b

Download Submit
C:\Windows\system\ollnozy.exe

Filesize
6.0MB

MD5
b175b94bb2e99aa524b9205a11553156

SHA1
852996cd345d8eaa8aaa94c2ba1f0bcc0ddd3a64

SHA256
af62efbe0e80b9943b51c020292d3e12710d24e0990a94e601da1d90029d9c88

SHA512
6d17c84d72b517b78e17f1c8027fc835a20e48a5aa0b547f3f71e3e6bb3cde5c065d1a845ca81a7e6ecdbc56e7774409dc49b88b68153dfb91383046ae6cb667

Download Submit
C:\Windows\system\qVcnlbR.exe

Filesize
6.0MB

MD5
36e08ee78c0e91399f5e3bc472931337

SHA1
d640ec8cd5bcea7bfbc830922f51cf6f710e9619

SHA256
540e9c91ecbdff0e759c28280288dc1681baa329272142071a3960b060c8b4f1

SHA512
b06f2c0fdc977565a8d9315e70cec107dd2053a8c5666b86adb0ce5d1438b42399d0de8bfcc8092e2279918776cccfd532ba2773e8022340f96f4eeabb5b467c

Download Submit
C:\Windows\system\qgmKAeI.exe

Filesize
6.0MB

MD5
d9bd6966f7f65ad55bca7b62209acd17

SHA1
5b805c4431d1e63c60f16c630cd3f97a80707858

SHA256
2be668d67c052838c5bd48a8c7bd1e41accb4ac0415658116edbc7000987f6d8

SHA512
d0d01f46b3487962af17babe6820d986f33d6936d50a4354962cd9df87e7d0c77a30724b88f1e79ff8deaded7ceca1cb10221a9f39f3cd1362284d79c337c4a5

Download Submit
C:\Windows\system\qyIwDXr.exe

Filesize
6.0MB

MD5
a82803936f92902f67f8874fd455b382

SHA1
ca45fc895b87ec8b4394dd1291a4f1d5a69c1abd

SHA256
78a3b79228d57e8931b299dc8f180b39faa9cbc57530431aba5accb6e4bb1d10

SHA512
88f859ad4012805e5e4ada89bd6fc1fea6ecbe493eac30439663836da238a0adcf6374f60cf60ea624eb6dc00cb6ca997aeab1b5b95e8200d8e3ea93235cd9f4

Download Submit
C:\Windows\system\sPpjrEW.exe

Filesize
6.0MB

MD5
ba66ecaaf1b79b31608f96c468ad27ae

SHA1
638d84cbfcad7735f8dcd03bf71a22f858eb04a9

SHA256
2359acc952420ea8bb5127fbdce7a82c937a4e891bef73f59ba0d8b1ab60bb81

SHA512
a7d094e31a5b962ff2eebd457e309a9d0bc46f2649babaae68291ccbd09f45756840564e898ddaa548890668cf9450d83eef725419962127044296fae58cbda3

Download Submit
C:\Windows\system\sQWYEZu.exe

Filesize
6.0MB

MD5
fae50f7af5c154550e97acfe567a5016

SHA1
e0013e17a8dc168208713d5d3eeca9b0c20ab13d

SHA256
b60cedc6a82b2920e1c07b54518674b6a47b46f2a3e94ae72a7d81580f744c7f

SHA512
afeb3067e40f4fcdd7ea6839dac437c49afebd68e0b99c4d9075a51ba38bfbcc4b3243fc4a51dfbded7d2b65d669b7637564afe81daf0641a67bf383830a4800

Download Submit
C:\Windows\system\vfVxoiA.exe

Filesize
6.0MB

MD5
65d4c7353e1e5c7b7dda9255038369df

SHA1
21d1a0799b03e872a0ddbe2f9e5410bc91a262a6

SHA256
eab1882be58cbe36117a566c24de6f60e24d680502ea506e71ec7e4fa5229b92

SHA512
134d1a415861cc8cfc21b9a67fa1e5dd9d796ba5dc1b3fae12a7a034a129132fa0a8a7ca82c472784d88b683d471bab63fe5839ac2459769a5f505cedb187256

Download Submit
C:\Windows\system\yDyPpRR.exe

Filesize
6.0MB

MD5
ce29b1063a89a671d7da36c62ac77f7e

SHA1
cf503864da16dc472fe3496b9cf3fc22dc833486

SHA256
249771644fc8bd1f7680b9796beef3acac7c0e39a4f73ed3846e8498cf7a306a

SHA512
6a9ce5529beb6e0df9d8c61b150d187d9e931201f764d87455bde89c96157875893f8b92fcd5ade6d556978a594ce9a9d681ad298ddcfc3c9902a440220b77e4

Download Submit
C:\Windows\system\zHZzMJI.exe

Filesize
6.0MB

MD5
9850c48133354014603fb3fdf67dc91f

SHA1
5a4f708a22eb98ace6196767b3854cd08ba9b0e1

SHA256
3fa8e859a3f53bfbbeca025d69987ee33a8ca535e539a124288e21a5e520d9a4

SHA512
82aa6ea9f1abce822161a5bcc3e40e5b36a278a5bf47c2aacc5cece674a68cdce9694617fae74ea808f5532003e03f90d57f9f369e02ca81576bbf1ffd1d6979

Download Submit
\Windows\system\DEDksRV.exe

Filesize
6.0MB

MD5
f86a8d87bbfeea265f7fbcb917a9ae8b

SHA1
bc5e01b74d66452f34663cbc90f3b6fb2f0ff4e1

SHA256
9eab9a20bb08fc4720233973412e03662c9f244bafe1587ddbdd87427ed7f0d4

SHA512
991c6e7a2b3737a6feebdebd798ed07ea98a41b0b60f410393c1a55d8bb2b903340b7779bafda87c73a1796ab871dc24090f07dcc72f29fbd8ae6c98d617ab9f

Download Submit
\Windows\system\DRfTqcI.exe

Filesize
6.0MB

MD5
cfe72f6cbab4b8e0290618bca33a6ef3

SHA1
cd62df30303e0aa0b6850a43923b1fbaa6f031df

SHA256
48b19605f4e635c36b0f6922b0cd2f12d6944888fa312f4c57581edd48781bc4

SHA512
3b6011bd649f103b8b880c0eb62bbcee20aa1fe7dd6d4262b53f52e9bd6ff9847142e27c866adae634f367788da6f7b7f08653148ffc7aeedd4430ab4605365a

Download Submit
\Windows\system\LdcBtsO.exe

Filesize
6.0MB

MD5
8948a5445d34fc7d8d20c7aa6af89589

SHA1
e373675c08e29cbadb385db0f5143b29e5011abc

SHA256
be040e069132c73d1e91e08940f65565a4b3bc46ef30ec53f92c92085423d5b2

SHA512
06d745c0497dcbfe6630d17b3d8a1d6a15310c992af85552e25174e0f24188d0fb531498f0841b4a3a3ed7a6cb7c1395787b453e83eb3f53e0d9d583710ef531

Download Submit
\Windows\system\PBiKmuZ.exe

Filesize
6.0MB

MD5
2e98bfb19e6ce20ee640ed3a281a4fdf

SHA1
8197967625daf0e9a5e72bdc0c4a4e723ba73072

SHA256
c52e7ecf7634d990cb5ea2827d11e4e7eab30b2bc939520023e45f60f24cb975

SHA512
d988d19c943466660693b7228df9530b5d4a79397d31a7551effb97706d804127984327b0e0e0dd51e74947e3fa68771207d423c1850bbd6c67019224fbcd0da

Download Submit
\Windows\system\cUBPUvw.exe

Filesize
6.0MB

MD5
345e66e20f2732c56dc457e71b895631

SHA1
210e32fb831a84aa7989586de7205537fa0ba099

SHA256
8b585b53445e1d7bbc7baad5bf4d71393870604a54c920bdabf0a167ebeaf746

SHA512
792279a93cc48a69c70922eb8e6106665092470a7c7b258282b386e903129c520aa12f120f83ef6f180bb63b591ada8b2fb60f64944a56ee4288f8461a8cf330

Download Submit
\Windows\system\oBQfXXG.exe

Filesize
6.0MB

MD5
36c1d4d6780885fa3e6e10d6e2d3fb1c

SHA1
e242550a6e2ce94ae51a03f67d6c4a1ce06c2635

SHA256
63709ad2ad84029ec6141bd970ead9a2061a8c8b241250937ab6d08e9b8acf99

SHA512
03e79c15b23f3a0eaa6dd672d512acc4bff5da495aa97e538eaca91143891220fbb3408b4cb8948089d0fe39ef12958d48915b9fffd06f96355423f095450274

Download Submit
\Windows\system\toIXiFx.exe

Filesize
6.0MB

MD5
f44b02e44d88ecd46e7a1441f39034c7

SHA1
5cb469a272c579127ca5a06395d2bbff83c9f9ac

SHA256
dbe696c8160dfa200eaa16f62e5180cffa474035a1762d0b6775680bb1d80167

SHA512
bfa8841311ded50cb99b511f2007bf809a03c7677438b5ac69a3e4acbce3470a53a3de33573f257b95947cc418399b36b350f5ec90f6a7c70c39aa61dcb61597

Download Submit
\Windows\system\wyRqWPL.exe

Filesize
6.0MB

MD5
a462c9334a32e71155004a53e5fb6d09

SHA1
f65889445fa693931308bbfca4658047943e621b

SHA256
3301eabb7f4b8eb6ece81cf787440b6654a00d20f2c760355454fd711797cdfa

SHA512
19758da9927995aa581235274f8c62b45fb6f0663051928f457310d4db97116cf91ad3999bdde2107e5fa35125343c6754463cab5cf1d1976987947599fb5d9c

Download Submit
memory/576-14-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/576-2839-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2376-68-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2376-600-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2376-109-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2376-112-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2376-54-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-108-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2376-56-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2376-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2376-110-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-111-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-445-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2376-12-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2376-101-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2376-601-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2376-0-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-267-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2376-7-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2376-200-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-47-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-27-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2376-18-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2424-2853-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2424-21-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2424-66-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3108-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-104-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-70-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-515-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3092-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-2871-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2712-73-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2712-38-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2724-61-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2724-321-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2724-2885-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2788-201-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2788-2882-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2788-55-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2840-2874-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2840-45-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2888-320-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2886-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-58-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-60-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2968-16-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2968-2832-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2875-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2984-41-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/3052-599-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/3052-3109-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/3052-89-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/3064-91-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-3107-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download