cobaltstrike | 52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2024 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
Size

6.0MB
MD5

1c7d75526c62db4249f9c870bc12ad06
SHA1

849108a04cef9a5f1da63369991f73fe5354f1ee
SHA256

52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4
SHA512

4f881b5d8cd9e662ce822d6e5c65c7eabe3d4d85a6a7cdd8d27ff1c8669df3a7f3c2b6771489df17128aace14d61c6a26c6b5104eb0cdf49088ade97150a5d73
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUU:T+q56utgpPF8u/7U

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0007000000023c96-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c95-12.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c91-9.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c97-23.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c92-31.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9a-46.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9c-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9e-77.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c9f-81.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-113.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca5-123.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cac-165.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-212.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb2-207.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-202.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-195.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-191.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-187.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cad-176.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cab-163.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caa-156.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca9-152.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca8-139.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca7-133.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca6-129.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca3-108.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca2-103.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca0-96.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9d-70.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9b-57.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c99-44.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c98-38.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/760-0-0x00007FF76FD70000-0x00007FF7700C4000-memory.dmp	xmrig
behavioral2/memory/3256-6-0x00007FF6AFD60000-0x00007FF6B00B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c96-10.dat	xmrig
behavioral2/files/0x0007000000023c95-12.dat	xmrig
behavioral2/memory/3912-18-0x00007FF6DE1E0000-0x00007FF6DE534000-memory.dmp	xmrig
behavioral2/memory/224-16-0x00007FF675C50000-0x00007FF675FA4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c91-9.dat	xmrig
behavioral2/memory/3404-24-0x00007FF7FCA80000-0x00007FF7FCDD4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c97-23.dat	xmrig
behavioral2/files/0x0008000000023c92-31.dat	xmrig
behavioral2/memory/5112-36-0x00007FF7302C0000-0x00007FF730614000-memory.dmp	xmrig
behavioral2/memory/2308-42-0x00007FF7D30E0000-0x00007FF7D3434000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9a-46.dat	xmrig
behavioral2/memory/4508-55-0x00007FF72FC70000-0x00007FF72FFC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9c-64.dat	xmrig
behavioral2/files/0x0007000000023c9e-77.dat	xmrig
behavioral2/files/0x0008000000023c9f-81.dat	xmrig
behavioral2/files/0x0007000000023ca4-113.dat	xmrig
behavioral2/files/0x0007000000023ca5-123.dat	xmrig
behavioral2/memory/4196-137-0x00007FF76C820000-0x00007FF76CB74000-memory.dmp	xmrig
behavioral2/memory/2112-150-0x00007FF6151F0000-0x00007FF615544000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cac-165.dat	xmrig
behavioral2/memory/4836-1012-0x00007FF6BDF20000-0x00007FF6BE274000-memory.dmp	xmrig
behavioral2/memory/1736-1047-0x00007FF66FFE0000-0x00007FF670334000-memory.dmp	xmrig
behavioral2/memory/2380-1048-0x00007FF712FC0000-0x00007FF713314000-memory.dmp	xmrig
behavioral2/memory/4592-1150-0x00007FF6C58D0000-0x00007FF6C5C24000-memory.dmp	xmrig
behavioral2/memory/2844-1200-0x00007FF7EADE0000-0x00007FF7EB134000-memory.dmp	xmrig
behavioral2/memory/332-1254-0x00007FF602C10000-0x00007FF602F64000-memory.dmp	xmrig
behavioral2/memory/892-1316-0x00007FF6C72D0000-0x00007FF6C7624000-memory.dmp	xmrig
behavioral2/memory/928-1313-0x00007FF7D3830000-0x00007FF7D3B84000-memory.dmp	xmrig
behavioral2/memory/1228-1419-0x00007FF72E1C0000-0x00007FF72E514000-memory.dmp	xmrig
behavioral2/memory/4008-1478-0x00007FF680B40000-0x00007FF680E94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb3-212.dat	xmrig
behavioral2/files/0x0007000000023cb2-207.dat	xmrig
behavioral2/files/0x0007000000023cb1-202.dat	xmrig
behavioral2/files/0x0007000000023cb0-195.dat	xmrig
behavioral2/memory/4008-194-0x00007FF680B40000-0x00007FF680E94000-memory.dmp	xmrig
behavioral2/memory/4588-193-0x00007FF6C2550000-0x00007FF6C28A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023caf-191.dat	xmrig
behavioral2/files/0x0007000000023cae-187.dat	xmrig
behavioral2/memory/1228-186-0x00007FF72E1C0000-0x00007FF72E514000-memory.dmp	xmrig
behavioral2/memory/892-185-0x00007FF6C72D0000-0x00007FF6C7624000-memory.dmp	xmrig
behavioral2/memory/2404-182-0x00007FF7A3890000-0x00007FF7A3BE4000-memory.dmp	xmrig
behavioral2/memory/3760-181-0x00007FF6855E0000-0x00007FF685934000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cad-176.dat	xmrig
behavioral2/memory/928-173-0x00007FF7D3830000-0x00007FF7D3B84000-memory.dmp	xmrig
behavioral2/memory/332-169-0x00007FF602C10000-0x00007FF602F64000-memory.dmp	xmrig
behavioral2/memory/2800-166-0x00007FF7F9580000-0x00007FF7F98D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cab-163.dat	xmrig
behavioral2/memory/2844-162-0x00007FF7EADE0000-0x00007FF7EB134000-memory.dmp	xmrig
behavioral2/memory/4616-159-0x00007FF6221D0000-0x00007FF622524000-memory.dmp	xmrig
behavioral2/files/0x0007000000023caa-156.dat	xmrig
behavioral2/files/0x0007000000023ca9-152.dat	xmrig
behavioral2/memory/4592-151-0x00007FF6C58D0000-0x00007FF6C5C24000-memory.dmp	xmrig
behavioral2/memory/2380-149-0x00007FF712FC0000-0x00007FF713314000-memory.dmp	xmrig
behavioral2/memory/2920-147-0x00007FF6A2110000-0x00007FF6A2464000-memory.dmp	xmrig
behavioral2/memory/4228-146-0x00007FF730030000-0x00007FF730384000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca8-139.dat	xmrig
behavioral2/memory/1736-138-0x00007FF66FFE0000-0x00007FF670334000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca7-133.dat	xmrig
behavioral2/memory/4836-132-0x00007FF6BDF20000-0x00007FF6BE274000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca6-129.dat	xmrig
behavioral2/memory/4384-128-0x00007FF7BF4B0000-0x00007FF7BF804000-memory.dmp	xmrig
behavioral2/memory/4588-127-0x00007FF6C2550000-0x00007FF6C28A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3256	ECZjlXf.exe
224	TlbVQEA.exe
3912	LmNEXAa.exe
3404	XuhTmQt.exe
432	xFpvEXI.exe
5112	pCSSxLU.exe
2308	XffHcnj.exe
2100	RpZySCY.exe
4508	TMaeQZa.exe
4384	iEInoEC.exe
4196	kqyVSwV.exe
4228	nNOZwmT.exe
2112	jyJzefd.exe
2920	wnjJFMa.exe
4616	WbGqAAd.exe
2800	imaIuws.exe
3760	fCxgfLS.exe
2404	hWiWSrS.exe
4588	zhVXkzs.exe
4836	JmjFTlw.exe
1736	tLyxMGL.exe
2380	Qpprude.exe
4592	VBzQgeK.exe
2844	vCPmAbL.exe
332	NIKroLV.exe
928	fujZsHa.exe
892	wesRYUF.exe
1228	QDnUYLh.exe
4008	vGJdrpw.exe
2748	ShaVnNx.exe
2224	vxKhtNB.exe
1944	kcfhJtp.exe
64	vcLWtFm.exe
4568	QeKFWDW.exe
4560	yGLPhaL.exe
3620	XElvTfT.exe
4220	UfMAYhx.exe
4048	RmwYmIc.exe
4336	cJlLvCe.exe
3628	flvDovC.exe
4960	KzeHyKL.exe
4540	dIuQCPH.exe
4272	EJQSLFh.exe
1240	fQczZsJ.exe
3428	JueujpJ.exe
5056	QilVsJQ.exe
3136	aDrynlp.exe
536	tzpIIhq.exe
4364	lDigoYb.exe
1608	snriDrh.exe
5004	ddpLdCL.exe
4948	ChCzXYd.exe
1528	ghinSRx.exe
3260	JchSBxo.exe
1404	bkcsZIT.exe
1164	aibKRTO.exe
1424	TjjUVbq.exe
1572	uuZqbay.exe
4852	spNGiBN.exe
1992	vymcKBD.exe
2716	SncLXro.exe
4536	USTZoYy.exe
624	TBBRlNq.exe
4412	cpTRZrM.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/760-0-0x00007FF76FD70000-0x00007FF7700C4000-memory.dmp	upx
behavioral2/memory/3256-6-0x00007FF6AFD60000-0x00007FF6B00B4000-memory.dmp	upx
behavioral2/files/0x0007000000023c96-10.dat	upx
behavioral2/files/0x0007000000023c95-12.dat	upx
behavioral2/memory/3912-18-0x00007FF6DE1E0000-0x00007FF6DE534000-memory.dmp	upx
behavioral2/memory/224-16-0x00007FF675C50000-0x00007FF675FA4000-memory.dmp	upx
behavioral2/files/0x0008000000023c91-9.dat	upx
behavioral2/memory/3404-24-0x00007FF7FCA80000-0x00007FF7FCDD4000-memory.dmp	upx
behavioral2/files/0x0007000000023c97-23.dat	upx
behavioral2/files/0x0008000000023c92-31.dat	upx
behavioral2/memory/5112-36-0x00007FF7302C0000-0x00007FF730614000-memory.dmp	upx
behavioral2/memory/2308-42-0x00007FF7D30E0000-0x00007FF7D3434000-memory.dmp	upx
behavioral2/files/0x0007000000023c9a-46.dat	upx
behavioral2/memory/4508-55-0x00007FF72FC70000-0x00007FF72FFC4000-memory.dmp	upx
behavioral2/files/0x0007000000023c9c-64.dat	upx
behavioral2/files/0x0007000000023c9e-77.dat	upx
behavioral2/files/0x0008000000023c9f-81.dat	upx
behavioral2/files/0x0007000000023ca4-113.dat	upx
behavioral2/files/0x0007000000023ca5-123.dat	upx
behavioral2/memory/4196-137-0x00007FF76C820000-0x00007FF76CB74000-memory.dmp	upx
behavioral2/memory/2112-150-0x00007FF6151F0000-0x00007FF615544000-memory.dmp	upx
behavioral2/files/0x0007000000023cac-165.dat	upx
behavioral2/memory/4836-1012-0x00007FF6BDF20000-0x00007FF6BE274000-memory.dmp	upx
behavioral2/memory/1736-1047-0x00007FF66FFE0000-0x00007FF670334000-memory.dmp	upx
behavioral2/memory/2380-1048-0x00007FF712FC0000-0x00007FF713314000-memory.dmp	upx
behavioral2/memory/4592-1150-0x00007FF6C58D0000-0x00007FF6C5C24000-memory.dmp	upx
behavioral2/memory/2844-1200-0x00007FF7EADE0000-0x00007FF7EB134000-memory.dmp	upx
behavioral2/memory/332-1254-0x00007FF602C10000-0x00007FF602F64000-memory.dmp	upx
behavioral2/memory/892-1316-0x00007FF6C72D0000-0x00007FF6C7624000-memory.dmp	upx
behavioral2/memory/928-1313-0x00007FF7D3830000-0x00007FF7D3B84000-memory.dmp	upx
behavioral2/memory/1228-1419-0x00007FF72E1C0000-0x00007FF72E514000-memory.dmp	upx
behavioral2/memory/4008-1478-0x00007FF680B40000-0x00007FF680E94000-memory.dmp	upx
behavioral2/files/0x0007000000023cb3-212.dat	upx
behavioral2/files/0x0007000000023cb2-207.dat	upx
behavioral2/files/0x0007000000023cb1-202.dat	upx
behavioral2/files/0x0007000000023cb0-195.dat	upx
behavioral2/memory/4008-194-0x00007FF680B40000-0x00007FF680E94000-memory.dmp	upx
behavioral2/memory/4588-193-0x00007FF6C2550000-0x00007FF6C28A4000-memory.dmp	upx
behavioral2/files/0x0007000000023caf-191.dat	upx
behavioral2/files/0x0007000000023cae-187.dat	upx
behavioral2/memory/1228-186-0x00007FF72E1C0000-0x00007FF72E514000-memory.dmp	upx
behavioral2/memory/892-185-0x00007FF6C72D0000-0x00007FF6C7624000-memory.dmp	upx
behavioral2/memory/2404-182-0x00007FF7A3890000-0x00007FF7A3BE4000-memory.dmp	upx
behavioral2/memory/3760-181-0x00007FF6855E0000-0x00007FF685934000-memory.dmp	upx
behavioral2/files/0x0007000000023cad-176.dat	upx
behavioral2/memory/928-173-0x00007FF7D3830000-0x00007FF7D3B84000-memory.dmp	upx
behavioral2/memory/332-169-0x00007FF602C10000-0x00007FF602F64000-memory.dmp	upx
behavioral2/memory/2800-166-0x00007FF7F9580000-0x00007FF7F98D4000-memory.dmp	upx
behavioral2/files/0x0007000000023cab-163.dat	upx
behavioral2/memory/2844-162-0x00007FF7EADE0000-0x00007FF7EB134000-memory.dmp	upx
behavioral2/memory/4616-159-0x00007FF6221D0000-0x00007FF622524000-memory.dmp	upx
behavioral2/files/0x0007000000023caa-156.dat	upx
behavioral2/files/0x0007000000023ca9-152.dat	upx
behavioral2/memory/4592-151-0x00007FF6C58D0000-0x00007FF6C5C24000-memory.dmp	upx
behavioral2/memory/2380-149-0x00007FF712FC0000-0x00007FF713314000-memory.dmp	upx
behavioral2/memory/2920-147-0x00007FF6A2110000-0x00007FF6A2464000-memory.dmp	upx
behavioral2/memory/4228-146-0x00007FF730030000-0x00007FF730384000-memory.dmp	upx
behavioral2/files/0x0007000000023ca8-139.dat	upx
behavioral2/memory/1736-138-0x00007FF66FFE0000-0x00007FF670334000-memory.dmp	upx
behavioral2/files/0x0007000000023ca7-133.dat	upx
behavioral2/memory/4836-132-0x00007FF6BDF20000-0x00007FF6BE274000-memory.dmp	upx
behavioral2/files/0x0007000000023ca6-129.dat	upx
behavioral2/memory/4384-128-0x00007FF7BF4B0000-0x00007FF7BF804000-memory.dmp	upx
behavioral2/memory/4588-127-0x00007FF6C2550000-0x00007FF6C28A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jcZTceS.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\LYvvrRt.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\hgXtvsr.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\rauLytG.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\HzLUtGP.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\LbyXtxe.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\qJueHMM.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\GPIQVGw.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\oOcDaxx.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\iJnaOmx.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\ExmOWzL.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\mjRRiCz.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\dVeYpxy.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\FQaoXfG.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\UkFfWYX.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\WqtRlKI.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\EhvWdqB.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\CKwescu.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\oUPAuBa.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\IUZXNAA.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\paSPJmM.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\oDzxosu.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\tbDFYPI.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\pgpsYJp.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\nmXteCB.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\tejJfmo.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\yxShDuk.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\iYWUWjD.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\HPgxUun.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\QVctYxz.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\KKbCXRW.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\oHhCJJj.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\lEdsxbG.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\XxDSUjS.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\riYltmX.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\jXwdhRp.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\klnXgBc.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\spNGiBN.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\pHmWvxz.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\eeADqSH.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\MclqVMQ.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\lTYjhDO.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\uQEjGHA.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\JffHWAO.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\gDuceOX.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\tYrMksx.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\IbzDQid.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\qbzlizt.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\YgzpIoO.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\nVzZQoI.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\iAaYieJ.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\qycDVOT.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\alGCscG.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\OJxNhZX.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\OOyRTAr.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\maSiVPf.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\AxrVums.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\lgfMome.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\IsemFsk.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\SJvcCMt.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\ROVOOTS.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\IqaFMVF.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\iEHDFeP.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
File created	C:\Windows\System\AvQiBMo.exe	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 3256	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	84
PID 760 wrote to memory of 3256	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	84
PID 760 wrote to memory of 224	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	85
PID 760 wrote to memory of 224	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	85
PID 760 wrote to memory of 3912	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	86
PID 760 wrote to memory of 3912	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	86
PID 760 wrote to memory of 3404	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	87
PID 760 wrote to memory of 3404	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	87
PID 760 wrote to memory of 432	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	88
PID 760 wrote to memory of 432	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	88
PID 760 wrote to memory of 5112	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	89
PID 760 wrote to memory of 5112	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	89
PID 760 wrote to memory of 2308	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	91
PID 760 wrote to memory of 2308	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	91
PID 760 wrote to memory of 2100	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	92
PID 760 wrote to memory of 2100	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	92
PID 760 wrote to memory of 4508	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	93
PID 760 wrote to memory of 4508	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	93
PID 760 wrote to memory of 4384	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	94
PID 760 wrote to memory of 4384	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	94
PID 760 wrote to memory of 4196	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	95
PID 760 wrote to memory of 4196	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	95
PID 760 wrote to memory of 4228	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	96
PID 760 wrote to memory of 4228	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	96
PID 760 wrote to memory of 2112	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	97
PID 760 wrote to memory of 2112	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	97
PID 760 wrote to memory of 2920	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	98
PID 760 wrote to memory of 2920	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	98
PID 760 wrote to memory of 4616	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	99
PID 760 wrote to memory of 4616	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	99
PID 760 wrote to memory of 2800	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	100
PID 760 wrote to memory of 2800	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	100
PID 760 wrote to memory of 3760	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	101
PID 760 wrote to memory of 3760	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	101
PID 760 wrote to memory of 2404	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	102
PID 760 wrote to memory of 2404	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	102
PID 760 wrote to memory of 4588	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	103
PID 760 wrote to memory of 4588	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	103
PID 760 wrote to memory of 4836	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	104
PID 760 wrote to memory of 4836	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	104
PID 760 wrote to memory of 1736	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	105
PID 760 wrote to memory of 1736	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	105
PID 760 wrote to memory of 2380	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	106
PID 760 wrote to memory of 2380	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	106
PID 760 wrote to memory of 4592	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	107
PID 760 wrote to memory of 4592	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	107
PID 760 wrote to memory of 2844	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	108
PID 760 wrote to memory of 2844	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	108
PID 760 wrote to memory of 332	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	109
PID 760 wrote to memory of 332	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	109
PID 760 wrote to memory of 928	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	110
PID 760 wrote to memory of 928	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	110
PID 760 wrote to memory of 892	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	111
PID 760 wrote to memory of 892	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	111
PID 760 wrote to memory of 1228	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	112
PID 760 wrote to memory of 1228	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	112
PID 760 wrote to memory of 4008	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	113
PID 760 wrote to memory of 4008	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	113
PID 760 wrote to memory of 2748	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	114
PID 760 wrote to memory of 2748	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	114
PID 760 wrote to memory of 2224	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	115
PID 760 wrote to memory of 2224	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	115
PID 760 wrote to memory of 1944	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	116
PID 760 wrote to memory of 1944	760	52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe	116

C:\Users\Admin\AppData\Local\Temp\52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe
"C:\Users\Admin\AppData\Local\Temp\52603e917e5e4cd7fbacc19c9d4967794457c67f72a64ff043a0c0c3a54c22a4.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:760
- C:\Windows\System\ECZjlXf.exe
  C:\Windows\System\ECZjlXf.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\TlbVQEA.exe
  C:\Windows\System\TlbVQEA.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\LmNEXAa.exe
  C:\Windows\System\LmNEXAa.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\XuhTmQt.exe
  C:\Windows\System\XuhTmQt.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\xFpvEXI.exe
  C:\Windows\System\xFpvEXI.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\pCSSxLU.exe
  C:\Windows\System\pCSSxLU.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\XffHcnj.exe
  C:\Windows\System\XffHcnj.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\RpZySCY.exe
  C:\Windows\System\RpZySCY.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\TMaeQZa.exe
  C:\Windows\System\TMaeQZa.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\iEInoEC.exe
  C:\Windows\System\iEInoEC.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\kqyVSwV.exe
  C:\Windows\System\kqyVSwV.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\nNOZwmT.exe
  C:\Windows\System\nNOZwmT.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\jyJzefd.exe
  C:\Windows\System\jyJzefd.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\wnjJFMa.exe
  C:\Windows\System\wnjJFMa.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\WbGqAAd.exe
  C:\Windows\System\WbGqAAd.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\imaIuws.exe
  C:\Windows\System\imaIuws.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\fCxgfLS.exe
  C:\Windows\System\fCxgfLS.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\hWiWSrS.exe
  C:\Windows\System\hWiWSrS.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\zhVXkzs.exe
  C:\Windows\System\zhVXkzs.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\JmjFTlw.exe
  C:\Windows\System\JmjFTlw.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\tLyxMGL.exe
  C:\Windows\System\tLyxMGL.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\Qpprude.exe
  C:\Windows\System\Qpprude.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\VBzQgeK.exe
  C:\Windows\System\VBzQgeK.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\vCPmAbL.exe
  C:\Windows\System\vCPmAbL.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\NIKroLV.exe
  C:\Windows\System\NIKroLV.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\fujZsHa.exe
  C:\Windows\System\fujZsHa.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\wesRYUF.exe
  C:\Windows\System\wesRYUF.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\QDnUYLh.exe
  C:\Windows\System\QDnUYLh.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\vGJdrpw.exe
  C:\Windows\System\vGJdrpw.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\ShaVnNx.exe
  C:\Windows\System\ShaVnNx.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\vxKhtNB.exe
  C:\Windows\System\vxKhtNB.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\kcfhJtp.exe
  C:\Windows\System\kcfhJtp.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\vcLWtFm.exe
  C:\Windows\System\vcLWtFm.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\QeKFWDW.exe
  C:\Windows\System\QeKFWDW.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\yGLPhaL.exe
  C:\Windows\System\yGLPhaL.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\XElvTfT.exe
  C:\Windows\System\XElvTfT.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\UfMAYhx.exe
  C:\Windows\System\UfMAYhx.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\RmwYmIc.exe
  C:\Windows\System\RmwYmIc.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\cJlLvCe.exe
  C:\Windows\System\cJlLvCe.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\flvDovC.exe
  C:\Windows\System\flvDovC.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\KzeHyKL.exe
  C:\Windows\System\KzeHyKL.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\dIuQCPH.exe
  C:\Windows\System\dIuQCPH.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\EJQSLFh.exe
  C:\Windows\System\EJQSLFh.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\fQczZsJ.exe
  C:\Windows\System\fQczZsJ.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\JueujpJ.exe
  C:\Windows\System\JueujpJ.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\QilVsJQ.exe
  C:\Windows\System\QilVsJQ.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\aDrynlp.exe
  C:\Windows\System\aDrynlp.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\tzpIIhq.exe
  C:\Windows\System\tzpIIhq.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\lDigoYb.exe
  C:\Windows\System\lDigoYb.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\snriDrh.exe
  C:\Windows\System\snriDrh.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\ddpLdCL.exe
  C:\Windows\System\ddpLdCL.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\ChCzXYd.exe
  C:\Windows\System\ChCzXYd.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\ghinSRx.exe
  C:\Windows\System\ghinSRx.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\JchSBxo.exe
  C:\Windows\System\JchSBxo.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\bkcsZIT.exe
  C:\Windows\System\bkcsZIT.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\aibKRTO.exe
  C:\Windows\System\aibKRTO.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\TjjUVbq.exe
  C:\Windows\System\TjjUVbq.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\uuZqbay.exe
  C:\Windows\System\uuZqbay.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\spNGiBN.exe
  C:\Windows\System\spNGiBN.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\vymcKBD.exe
  C:\Windows\System\vymcKBD.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\SncLXro.exe
  C:\Windows\System\SncLXro.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\USTZoYy.exe
  C:\Windows\System\USTZoYy.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\TBBRlNq.exe
  C:\Windows\System\TBBRlNq.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\cpTRZrM.exe
  C:\Windows\System\cpTRZrM.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\DVEQFfl.exe
  C:\Windows\System\DVEQFfl.exe
  2⤵
  PID:2660
- C:\Windows\System\hPWhCrk.exe
  C:\Windows\System\hPWhCrk.exe
  2⤵
  PID:2932
- C:\Windows\System\aSeGFMb.exe
  C:\Windows\System\aSeGFMb.exe
  2⤵
  PID:2876
- C:\Windows\System\ZqfqlCW.exe
  C:\Windows\System\ZqfqlCW.exe
  2⤵
  PID:820
- C:\Windows\System\pjfblGh.exe
  C:\Windows\System\pjfblGh.exe
  2⤵
  PID:1416
- C:\Windows\System\nVzZQoI.exe
  C:\Windows\System\nVzZQoI.exe
  2⤵
  PID:4360
- C:\Windows\System\xwfqglQ.exe
  C:\Windows\System\xwfqglQ.exe
  2⤵
  PID:840
- C:\Windows\System\bwQKbiB.exe
  C:\Windows\System\bwQKbiB.exe
  2⤵
  PID:2948
- C:\Windows\System\IqUfosK.exe
  C:\Windows\System\IqUfosK.exe
  2⤵
  PID:2536
- C:\Windows\System\RgJRkTA.exe
  C:\Windows\System\RgJRkTA.exe
  2⤵
  PID:5124
- C:\Windows\System\rTAplVn.exe
  C:\Windows\System\rTAplVn.exe
  2⤵
  PID:5152
- C:\Windows\System\MFusisH.exe
  C:\Windows\System\MFusisH.exe
  2⤵
  PID:5180
- C:\Windows\System\mPABPDT.exe
  C:\Windows\System\mPABPDT.exe
  2⤵
  PID:5208
- C:\Windows\System\MpKtXfs.exe
  C:\Windows\System\MpKtXfs.exe
  2⤵
  PID:5236
- C:\Windows\System\RNTmjAr.exe
  C:\Windows\System\RNTmjAr.exe
  2⤵
  PID:5252
- C:\Windows\System\aMOspmk.exe
  C:\Windows\System\aMOspmk.exe
  2⤵
  PID:5280
- C:\Windows\System\AJTZbrV.exe
  C:\Windows\System\AJTZbrV.exe
  2⤵
  PID:5308
- C:\Windows\System\hReLgQG.exe
  C:\Windows\System\hReLgQG.exe
  2⤵
  PID:5336
- C:\Windows\System\hIMjHmz.exe
  C:\Windows\System\hIMjHmz.exe
  2⤵
  PID:5376
- C:\Windows\System\fhaZNiZ.exe
  C:\Windows\System\fhaZNiZ.exe
  2⤵
  PID:5416
- C:\Windows\System\ZJEosSv.exe
  C:\Windows\System\ZJEosSv.exe
  2⤵
  PID:5432
- C:\Windows\System\RxZCuHU.exe
  C:\Windows\System\RxZCuHU.exe
  2⤵
  PID:5472
- C:\Windows\System\HEHXeie.exe
  C:\Windows\System\HEHXeie.exe
  2⤵
  PID:5488
- C:\Windows\System\qGIOono.exe
  C:\Windows\System\qGIOono.exe
  2⤵
  PID:5516
- C:\Windows\System\KAoAaTX.exe
  C:\Windows\System\KAoAaTX.exe
  2⤵
  PID:5532
- C:\Windows\System\QRTMwhJ.exe
  C:\Windows\System\QRTMwhJ.exe
  2⤵
  PID:5572
- C:\Windows\System\hkkqAXw.exe
  C:\Windows\System\hkkqAXw.exe
  2⤵
  PID:5600
- C:\Windows\System\ABkwFAH.exe
  C:\Windows\System\ABkwFAH.exe
  2⤵
  PID:5628
- C:\Windows\System\LdtHIyJ.exe
  C:\Windows\System\LdtHIyJ.exe
  2⤵
  PID:5656
- C:\Windows\System\GgIjUON.exe
  C:\Windows\System\GgIjUON.exe
  2⤵
  PID:5684
- C:\Windows\System\xAeIRlI.exe
  C:\Windows\System\xAeIRlI.exe
  2⤵
  PID:5712
- C:\Windows\System\wtCczYs.exe
  C:\Windows\System\wtCczYs.exe
  2⤵
  PID:5728
- C:\Windows\System\USGJlYo.exe
  C:\Windows\System\USGJlYo.exe
  2⤵
  PID:5756
- C:\Windows\System\zXxQBUw.exe
  C:\Windows\System\zXxQBUw.exe
  2⤵
  PID:5784
- C:\Windows\System\OeIAgzS.exe
  C:\Windows\System\OeIAgzS.exe
  2⤵
  PID:5820
- C:\Windows\System\YgnLWpB.exe
  C:\Windows\System\YgnLWpB.exe
  2⤵
  PID:5864
- C:\Windows\System\OmJcMPn.exe
  C:\Windows\System\OmJcMPn.exe
  2⤵
  PID:5892
- C:\Windows\System\qQoUxUh.exe
  C:\Windows\System\qQoUxUh.exe
  2⤵
  PID:5908
- C:\Windows\System\OTqxRTO.exe
  C:\Windows\System\OTqxRTO.exe
  2⤵
  PID:5936
- C:\Windows\System\lgjdCHp.exe
  C:\Windows\System\lgjdCHp.exe
  2⤵
  PID:5964
- C:\Windows\System\dWeiDHK.exe
  C:\Windows\System\dWeiDHK.exe
  2⤵
  PID:5992
- C:\Windows\System\aWmqNhZ.exe
  C:\Windows\System\aWmqNhZ.exe
  2⤵
  PID:6020
- C:\Windows\System\GLkrFAL.exe
  C:\Windows\System\GLkrFAL.exe
  2⤵
  PID:6048
- C:\Windows\System\AduqGEn.exe
  C:\Windows\System\AduqGEn.exe
  2⤵
  PID:6076
- C:\Windows\System\wciWBNw.exe
  C:\Windows\System\wciWBNw.exe
  2⤵
  PID:6116
- C:\Windows\System\lgxpMOp.exe
  C:\Windows\System\lgxpMOp.exe
  2⤵
  PID:6132
- C:\Windows\System\IlXuhxL.exe
  C:\Windows\System\IlXuhxL.exe
  2⤵
  PID:4000
- C:\Windows\System\TmfoDqG.exe
  C:\Windows\System\TmfoDqG.exe
  2⤵
  PID:4460
- C:\Windows\System\BVwvhMu.exe
  C:\Windows\System\BVwvhMu.exe
  2⤵
  PID:3896
- C:\Windows\System\kRIddZb.exe
  C:\Windows\System\kRIddZb.exe
  2⤵
  PID:4504
- C:\Windows\System\wExFiiD.exe
  C:\Windows\System\wExFiiD.exe
  2⤵
  PID:1828
- C:\Windows\System\zDZYstT.exe
  C:\Windows\System\zDZYstT.exe
  2⤵
  PID:5172
- C:\Windows\System\itHChYx.exe
  C:\Windows\System\itHChYx.exe
  2⤵
  PID:5264
- C:\Windows\System\ZrQmpei.exe
  C:\Windows\System\ZrQmpei.exe
  2⤵
  PID:5328
- C:\Windows\System\RctPRyW.exe
  C:\Windows\System\RctPRyW.exe
  2⤵
  PID:5368
- C:\Windows\System\qVYUOIt.exe
  C:\Windows\System\qVYUOIt.exe
  2⤵
  PID:5444
- C:\Windows\System\ZjihlOr.exe
  C:\Windows\System\ZjihlOr.exe
  2⤵
  PID:5528
- C:\Windows\System\BiPISbh.exe
  C:\Windows\System\BiPISbh.exe
  2⤵
  PID:5564
- C:\Windows\System\kxQrdfL.exe
  C:\Windows\System\kxQrdfL.exe
  2⤵
  PID:5620
- C:\Windows\System\MZELgvL.exe
  C:\Windows\System\MZELgvL.exe
  2⤵
  PID:5700
- C:\Windows\System\OtFzNgf.exe
  C:\Windows\System\OtFzNgf.exe
  2⤵
  PID:5768
- C:\Windows\System\BpDKeTc.exe
  C:\Windows\System\BpDKeTc.exe
  2⤵
  PID:5800
- C:\Windows\System\LDwtJya.exe
  C:\Windows\System\LDwtJya.exe
  2⤵
  PID:5872
- C:\Windows\System\uZJByQj.exe
  C:\Windows\System\uZJByQj.exe
  2⤵
  PID:5932
- C:\Windows\System\DSOBwqk.exe
  C:\Windows\System\DSOBwqk.exe
  2⤵
  PID:6032
- C:\Windows\System\QAaOylb.exe
  C:\Windows\System\QAaOylb.exe
  2⤵
  PID:6100
- C:\Windows\System\yxrdZJr.exe
  C:\Windows\System\yxrdZJr.exe
  2⤵
  PID:4280
- C:\Windows\System\dIQvPcN.exe
  C:\Windows\System\dIQvPcN.exe
  2⤵
  PID:4164
- C:\Windows\System\JdeXQEK.exe
  C:\Windows\System\JdeXQEK.exe
  2⤵
  PID:5148
- C:\Windows\System\vqrGjti.exe
  C:\Windows\System\vqrGjti.exe
  2⤵
  PID:5300
- C:\Windows\System\MImXYXz.exe
  C:\Windows\System\MImXYXz.exe
  2⤵
  PID:5504
- C:\Windows\System\hGtiuPq.exe
  C:\Windows\System\hGtiuPq.exe
  2⤵
  PID:5612
- C:\Windows\System\MOWVQPr.exe
  C:\Windows\System\MOWVQPr.exe
  2⤵
  PID:5744
- C:\Windows\System\ExQLJQF.exe
  C:\Windows\System\ExQLJQF.exe
  2⤵
  PID:5904
- C:\Windows\System\HTPirjd.exe
  C:\Windows\System\HTPirjd.exe
  2⤵
  PID:6072
- C:\Windows\System\eUWKgLr.exe
  C:\Windows\System\eUWKgLr.exe
  2⤵
  PID:3264
- C:\Windows\System\ZhIuGQA.exe
  C:\Windows\System\ZhIuGQA.exe
  2⤵
  PID:5364
- C:\Windows\System\KEEpVuP.exe
  C:\Windows\System\KEEpVuP.exe
  2⤵
  PID:6164
- C:\Windows\System\mlDMRrV.exe
  C:\Windows\System\mlDMRrV.exe
  2⤵
  PID:6180
- C:\Windows\System\yxShDuk.exe
  C:\Windows\System\yxShDuk.exe
  2⤵
  PID:6208
- C:\Windows\System\DCYVIXp.exe
  C:\Windows\System\DCYVIXp.exe
  2⤵
  PID:6236
- C:\Windows\System\BLIsnDx.exe
  C:\Windows\System\BLIsnDx.exe
  2⤵
  PID:6276
- C:\Windows\System\cfVQhTl.exe
  C:\Windows\System\cfVQhTl.exe
  2⤵
  PID:6304
- C:\Windows\System\LeUcCmj.exe
  C:\Windows\System\LeUcCmj.exe
  2⤵
  PID:6332
- C:\Windows\System\JmoUhfn.exe
  C:\Windows\System\JmoUhfn.exe
  2⤵
  PID:6360
- C:\Windows\System\seAXqIb.exe
  C:\Windows\System\seAXqIb.exe
  2⤵
  PID:6376
- C:\Windows\System\mFqikSP.exe
  C:\Windows\System\mFqikSP.exe
  2⤵
  PID:6404
- C:\Windows\System\JhtOLWU.exe
  C:\Windows\System\JhtOLWU.exe
  2⤵
  PID:6432
- C:\Windows\System\BFlLkAj.exe
  C:\Windows\System\BFlLkAj.exe
  2⤵
  PID:6460
- C:\Windows\System\JffHWAO.exe
  C:\Windows\System\JffHWAO.exe
  2⤵
  PID:6488
- C:\Windows\System\znmxOYu.exe
  C:\Windows\System\znmxOYu.exe
  2⤵
  PID:6516
- C:\Windows\System\ipIWFsl.exe
  C:\Windows\System\ipIWFsl.exe
  2⤵
  PID:6552
- C:\Windows\System\LTjFiFS.exe
  C:\Windows\System\LTjFiFS.exe
  2⤵
  PID:6584
- C:\Windows\System\EFquIDb.exe
  C:\Windows\System\EFquIDb.exe
  2⤵
  PID:6600
- C:\Windows\System\IlBlwuI.exe
  C:\Windows\System\IlBlwuI.exe
  2⤵
  PID:6628
- C:\Windows\System\EOrwXkn.exe
  C:\Windows\System\EOrwXkn.exe
  2⤵
  PID:6656
- C:\Windows\System\EJbHYXs.exe
  C:\Windows\System\EJbHYXs.exe
  2⤵
  PID:6684
- C:\Windows\System\iAaYieJ.exe
  C:\Windows\System\iAaYieJ.exe
  2⤵
  PID:6712
- C:\Windows\System\KdKNhJj.exe
  C:\Windows\System\KdKNhJj.exe
  2⤵
  PID:6752
- C:\Windows\System\DlDGtqI.exe
  C:\Windows\System\DlDGtqI.exe
  2⤵
  PID:6768
- C:\Windows\System\UKfheTn.exe
  C:\Windows\System\UKfheTn.exe
  2⤵
  PID:6796
- C:\Windows\System\xsorgVb.exe
  C:\Windows\System\xsorgVb.exe
  2⤵
  PID:6824
- C:\Windows\System\rTzODWv.exe
  C:\Windows\System\rTzODWv.exe
  2⤵
  PID:6852
- C:\Windows\System\jmQoKlP.exe
  C:\Windows\System\jmQoKlP.exe
  2⤵
  PID:6880
- C:\Windows\System\urMkqHS.exe
  C:\Windows\System\urMkqHS.exe
  2⤵
  PID:6896
- C:\Windows\System\TcTwRZp.exe
  C:\Windows\System\TcTwRZp.exe
  2⤵
  PID:6924
- C:\Windows\System\zOiECyQ.exe
  C:\Windows\System\zOiECyQ.exe
  2⤵
  PID:6952
- C:\Windows\System\wxYXmUK.exe
  C:\Windows\System\wxYXmUK.exe
  2⤵
  PID:6980
- C:\Windows\System\LJPqBXb.exe
  C:\Windows\System\LJPqBXb.exe
  2⤵
  PID:7024
- C:\Windows\System\NEZsMfC.exe
  C:\Windows\System\NEZsMfC.exe
  2⤵
  PID:7048
- C:\Windows\System\PsfyvYy.exe
  C:\Windows\System\PsfyvYy.exe
  2⤵
  PID:7076
- C:\Windows\System\NhaJHRh.exe
  C:\Windows\System\NhaJHRh.exe
  2⤵
  PID:7092
- C:\Windows\System\EdgUiAT.exe
  C:\Windows\System\EdgUiAT.exe
  2⤵
  PID:7132
- C:\Windows\System\svaEOEA.exe
  C:\Windows\System\svaEOEA.exe
  2⤵
  PID:7160
- C:\Windows\System\CzGUtbz.exe
  C:\Windows\System\CzGUtbz.exe
  2⤵
  PID:5852
- C:\Windows\System\HGnFCRh.exe
  C:\Windows\System\HGnFCRh.exe
  2⤵
  PID:5140
- C:\Windows\System\lUSSJAU.exe
  C:\Windows\System\lUSSJAU.exe
  2⤵
  PID:6172
- C:\Windows\System\WbTglAe.exe
  C:\Windows\System\WbTglAe.exe
  2⤵
  PID:6228
- C:\Windows\System\ZmJABDN.exe
  C:\Windows\System\ZmJABDN.exe
  2⤵
  PID:6296
- C:\Windows\System\pAnDSEj.exe
  C:\Windows\System\pAnDSEj.exe
  2⤵
  PID:6344
- C:\Windows\System\KZhXhgx.exe
  C:\Windows\System\KZhXhgx.exe
  2⤵
  PID:6428
- C:\Windows\System\kzjUvZm.exe
  C:\Windows\System\kzjUvZm.exe
  2⤵
  PID:6500
- C:\Windows\System\rJsmSuN.exe
  C:\Windows\System\rJsmSuN.exe
  2⤵
  PID:6528
- C:\Windows\System\HxKdzJx.exe
  C:\Windows\System\HxKdzJx.exe
  2⤵
  PID:6612
- C:\Windows\System\unzjccN.exe
  C:\Windows\System\unzjccN.exe
  2⤵
  PID:6676
- C:\Windows\System\fnThJuY.exe
  C:\Windows\System\fnThJuY.exe
  2⤵
  PID:6780
- C:\Windows\System\aqXgEtS.exe
  C:\Windows\System\aqXgEtS.exe
  2⤵
  PID:6812
- C:\Windows\System\QjAByjI.exe
  C:\Windows\System\QjAByjI.exe
  2⤵
  PID:6908
- C:\Windows\System\yszoUZE.exe
  C:\Windows\System\yszoUZE.exe
  2⤵
  PID:6940
- C:\Windows\System\zJHQAsu.exe
  C:\Windows\System\zJHQAsu.exe
  2⤵
  PID:7032
- C:\Windows\System\BtpgYRm.exe
  C:\Windows\System\BtpgYRm.exe
  2⤵
  PID:7064
- C:\Windows\System\OYNvqFQ.exe
  C:\Windows\System\OYNvqFQ.exe
  2⤵
  PID:7152
- C:\Windows\System\iKjcOnq.exe
  C:\Windows\System\iKjcOnq.exe
  2⤵
  PID:5836
- C:\Windows\System\dJWjWtF.exe
  C:\Windows\System\dJWjWtF.exe
  2⤵
  PID:6196
- C:\Windows\System\acwnBVO.exe
  C:\Windows\System\acwnBVO.exe
  2⤵
  PID:6324
- C:\Windows\System\YwmzHSB.exe
  C:\Windows\System\YwmzHSB.exe
  2⤵
  PID:6476
- C:\Windows\System\iEmjwRK.exe
  C:\Windows\System\iEmjwRK.exe
  2⤵
  PID:6644
- C:\Windows\System\wJjVVbh.exe
  C:\Windows\System\wJjVVbh.exe
  2⤵
  PID:6788
- C:\Windows\System\CbIwKTR.exe
  C:\Windows\System\CbIwKTR.exe
  2⤵
  PID:6912
- C:\Windows\System\KARabdl.exe
  C:\Windows\System\KARabdl.exe
  2⤵
  PID:7196
- C:\Windows\System\QqaVDvs.exe
  C:\Windows\System\QqaVDvs.exe
  2⤵
  PID:7224
- C:\Windows\System\OVZSwMv.exe
  C:\Windows\System\OVZSwMv.exe
  2⤵
  PID:7252
- C:\Windows\System\RDysYOx.exe
  C:\Windows\System\RDysYOx.exe
  2⤵
  PID:7268
- C:\Windows\System\yeLKHYW.exe
  C:\Windows\System\yeLKHYW.exe
  2⤵
  PID:7308
- C:\Windows\System\cpcYlfD.exe
  C:\Windows\System\cpcYlfD.exe
  2⤵
  PID:7336
- C:\Windows\System\NFKKdYz.exe
  C:\Windows\System\NFKKdYz.exe
  2⤵
  PID:7364
- C:\Windows\System\LJiSZSC.exe
  C:\Windows\System\LJiSZSC.exe
  2⤵
  PID:7392
- C:\Windows\System\aoZioaK.exe
  C:\Windows\System\aoZioaK.exe
  2⤵
  PID:7420
- C:\Windows\System\hINkJvW.exe
  C:\Windows\System\hINkJvW.exe
  2⤵
  PID:7448
- C:\Windows\System\kSuHyVD.exe
  C:\Windows\System\kSuHyVD.exe
  2⤵
  PID:7476
- C:\Windows\System\TzwuXOF.exe
  C:\Windows\System\TzwuXOF.exe
  2⤵
  PID:7492
- C:\Windows\System\ZkorfOo.exe
  C:\Windows\System\ZkorfOo.exe
  2⤵
  PID:7520
- C:\Windows\System\egFtakX.exe
  C:\Windows\System\egFtakX.exe
  2⤵
  PID:7560
- C:\Windows\System\SBFLGNv.exe
  C:\Windows\System\SBFLGNv.exe
  2⤵
  PID:7592
- C:\Windows\System\YlYXGun.exe
  C:\Windows\System\YlYXGun.exe
  2⤵
  PID:7616
- C:\Windows\System\WyajaEF.exe
  C:\Windows\System\WyajaEF.exe
  2⤵
  PID:7644
- C:\Windows\System\rdabfxW.exe
  C:\Windows\System\rdabfxW.exe
  2⤵
  PID:7672
- C:\Windows\System\TznNsnF.exe
  C:\Windows\System\TznNsnF.exe
  2⤵
  PID:7704
- C:\Windows\System\FXPCEtd.exe
  C:\Windows\System\FXPCEtd.exe
  2⤵
  PID:7728
- C:\Windows\System\wzZcGKY.exe
  C:\Windows\System\wzZcGKY.exe
  2⤵
  PID:7760
- C:\Windows\System\KDQTgSg.exe
  C:\Windows\System\KDQTgSg.exe
  2⤵
  PID:7784
- C:\Windows\System\ttcstKl.exe
  C:\Windows\System\ttcstKl.exe
  2⤵
  PID:7812
- C:\Windows\System\VItOBxk.exe
  C:\Windows\System\VItOBxk.exe
  2⤵
  PID:7840
- C:\Windows\System\MTnnPnU.exe
  C:\Windows\System\MTnnPnU.exe
  2⤵
  PID:7872
- C:\Windows\System\CpSuSpa.exe
  C:\Windows\System\CpSuSpa.exe
  2⤵
  PID:7896
- C:\Windows\System\LCbxDdn.exe
  C:\Windows\System\LCbxDdn.exe
  2⤵
  PID:7924
- C:\Windows\System\OQGGtaZ.exe
  C:\Windows\System\OQGGtaZ.exe
  2⤵
  PID:7952
- C:\Windows\System\OwyzUco.exe
  C:\Windows\System\OwyzUco.exe
  2⤵
  PID:7980
- C:\Windows\System\AFKJAHj.exe
  C:\Windows\System\AFKJAHj.exe
  2⤵
  PID:7996
- C:\Windows\System\ZKZXsmJ.exe
  C:\Windows\System\ZKZXsmJ.exe
  2⤵
  PID:8036
- C:\Windows\System\hcRiEAc.exe
  C:\Windows\System\hcRiEAc.exe
  2⤵
  PID:8064
- C:\Windows\System\BqkLfUq.exe
  C:\Windows\System\BqkLfUq.exe
  2⤵
  PID:8092
- C:\Windows\System\OyVLXPw.exe
  C:\Windows\System\OyVLXPw.exe
  2⤵
  PID:8120
- C:\Windows\System\yygxhTt.exe
  C:\Windows\System\yygxhTt.exe
  2⤵
  PID:8148
- C:\Windows\System\pMGYymz.exe
  C:\Windows\System\pMGYymz.exe
  2⤵
  PID:8176
- C:\Windows\System\MXqHmlL.exe
  C:\Windows\System\MXqHmlL.exe
  2⤵
  PID:7008
- C:\Windows\System\YrIcTEh.exe
  C:\Windows\System\YrIcTEh.exe
  2⤵
  PID:7120
- C:\Windows\System\QghFNVD.exe
  C:\Windows\System\QghFNVD.exe
  2⤵
  PID:6152
- C:\Windows\System\lxlwyrZ.exe
  C:\Windows\System\lxlwyrZ.exe
  2⤵
  PID:6456
- C:\Windows\System\YvvQwRE.exe
  C:\Windows\System\YvvQwRE.exe
  2⤵
  PID:6744
- C:\Windows\System\jcZTceS.exe
  C:\Windows\System\jcZTceS.exe
  2⤵
  PID:7216
- C:\Windows\System\GhUlBFX.exe
  C:\Windows\System\GhUlBFX.exe
  2⤵
  PID:7324
- C:\Windows\System\oRtwClJ.exe
  C:\Windows\System\oRtwClJ.exe
  2⤵
  PID:7352
- C:\Windows\System\pHmWvxz.exe
  C:\Windows\System\pHmWvxz.exe
  2⤵
  PID:7412
- C:\Windows\System\wtSdCmJ.exe
  C:\Windows\System\wtSdCmJ.exe
  2⤵
  PID:7484
- C:\Windows\System\zSbMnkq.exe
  C:\Windows\System\zSbMnkq.exe
  2⤵
  PID:7544
- C:\Windows\System\rtNpxkC.exe
  C:\Windows\System\rtNpxkC.exe
  2⤵
  PID:7608
- C:\Windows\System\oQGhajz.exe
  C:\Windows\System\oQGhajz.exe
  2⤵
  PID:7660
- C:\Windows\System\rNaEaNT.exe
  C:\Windows\System\rNaEaNT.exe
  2⤵
  PID:7696
- C:\Windows\System\UGBijES.exe
  C:\Windows\System\UGBijES.exe
  2⤵
  PID:2704
- C:\Windows\System\evdmwJU.exe
  C:\Windows\System\evdmwJU.exe
  2⤵
  PID:7836
- C:\Windows\System\bmIlPkx.exe
  C:\Windows\System\bmIlPkx.exe
  2⤵
  PID:2832
- C:\Windows\System\bgntcbx.exe
  C:\Windows\System\bgntcbx.exe
  2⤵
  PID:7972
- C:\Windows\System\eBpLJJH.exe
  C:\Windows\System\eBpLJJH.exe
  2⤵
  PID:8020
- C:\Windows\System\pgpsYJp.exe
  C:\Windows\System\pgpsYJp.exe
  2⤵
  PID:8084
- C:\Windows\System\bVUKxux.exe
  C:\Windows\System\bVUKxux.exe
  2⤵
  PID:8140
- C:\Windows\System\CHYSVTd.exe
  C:\Windows\System\CHYSVTd.exe
  2⤵
  PID:7060
- C:\Windows\System\VGZlhRR.exe
  C:\Windows\System\VGZlhRR.exe
  2⤵
  PID:6320
- C:\Windows\System\unxKBmX.exe
  C:\Windows\System\unxKBmX.exe
  2⤵
  PID:6572
- C:\Windows\System\mSNQKyM.exe
  C:\Windows\System\mSNQKyM.exe
  2⤵
  PID:7296
- C:\Windows\System\WvFPsuh.exe
  C:\Windows\System\WvFPsuh.exe
  2⤵
  PID:7464
- C:\Windows\System\PEchfbI.exe
  C:\Windows\System\PEchfbI.exe
  2⤵
  PID:7584
- C:\Windows\System\yfdCAJY.exe
  C:\Windows\System\yfdCAJY.exe
  2⤵
  PID:7640
- C:\Windows\System\FaMFqCP.exe
  C:\Windows\System\FaMFqCP.exe
  2⤵
  PID:7776
- C:\Windows\System\YWocWrL.exe
  C:\Windows\System\YWocWrL.exe
  2⤵
  PID:7948
- C:\Windows\System\QDmjmyl.exe
  C:\Windows\System\QDmjmyl.exe
  2⤵
  PID:8112
- C:\Windows\System\ybBUupD.exe
  C:\Windows\System\ybBUupD.exe
  2⤵
  PID:5680
- C:\Windows\System\GaiERzY.exe
  C:\Windows\System\GaiERzY.exe
  2⤵
  PID:6888
- C:\Windows\System\nmXteCB.exe
  C:\Windows\System\nmXteCB.exe
  2⤵
  PID:8224
- C:\Windows\System\dueYViY.exe
  C:\Windows\System\dueYViY.exe
  2⤵
  PID:8252
- C:\Windows\System\xvJYfam.exe
  C:\Windows\System\xvJYfam.exe
  2⤵
  PID:8284
- C:\Windows\System\esxTium.exe
  C:\Windows\System\esxTium.exe
  2⤵
  PID:8308
- C:\Windows\System\WYStTIn.exe
  C:\Windows\System\WYStTIn.exe
  2⤵
  PID:8336
- C:\Windows\System\rzPNuyV.exe
  C:\Windows\System\rzPNuyV.exe
  2⤵
  PID:8364
- C:\Windows\System\vbhahlM.exe
  C:\Windows\System\vbhahlM.exe
  2⤵
  PID:8392
- C:\Windows\System\tywdOUa.exe
  C:\Windows\System\tywdOUa.exe
  2⤵
  PID:8408
- C:\Windows\System\iUcaYLd.exe
  C:\Windows\System\iUcaYLd.exe
  2⤵
  PID:8436
- C:\Windows\System\EaQronb.exe
  C:\Windows\System\EaQronb.exe
  2⤵
  PID:8464
- C:\Windows\System\iiIzcGM.exe
  C:\Windows\System\iiIzcGM.exe
  2⤵
  PID:8496
- C:\Windows\System\EyUfmTa.exe
  C:\Windows\System\EyUfmTa.exe
  2⤵
  PID:8528
- C:\Windows\System\kjJeuXY.exe
  C:\Windows\System\kjJeuXY.exe
  2⤵
  PID:8568
- C:\Windows\System\tbwWRbt.exe
  C:\Windows\System\tbwWRbt.exe
  2⤵
  PID:8596
- C:\Windows\System\lLgVcdz.exe
  C:\Windows\System\lLgVcdz.exe
  2⤵
  PID:8624
- C:\Windows\System\UzwlyCg.exe
  C:\Windows\System\UzwlyCg.exe
  2⤵
  PID:8652
- C:\Windows\System\CKwescu.exe
  C:\Windows\System\CKwescu.exe
  2⤵
  PID:8668
- C:\Windows\System\otnRjbY.exe
  C:\Windows\System\otnRjbY.exe
  2⤵
  PID:8704
- C:\Windows\System\FnNhuKg.exe
  C:\Windows\System\FnNhuKg.exe
  2⤵
  PID:8736
- C:\Windows\System\LTDEmUm.exe
  C:\Windows\System\LTDEmUm.exe
  2⤵
  PID:8764
- C:\Windows\System\JICYNhh.exe
  C:\Windows\System\JICYNhh.exe
  2⤵
  PID:8792
- C:\Windows\System\qVUZjUQ.exe
  C:\Windows\System\qVUZjUQ.exe
  2⤵
  PID:8808
- C:\Windows\System\LUZQExY.exe
  C:\Windows\System\LUZQExY.exe
  2⤵
  PID:8940
- C:\Windows\System\FZCLEuc.exe
  C:\Windows\System\FZCLEuc.exe
  2⤵
  PID:8956
- C:\Windows\System\VJfAqLR.exe
  C:\Windows\System\VJfAqLR.exe
  2⤵
  PID:8992
- C:\Windows\System\WjIyxFn.exe
  C:\Windows\System\WjIyxFn.exe
  2⤵
  PID:9028
- C:\Windows\System\OJxNhZX.exe
  C:\Windows\System\OJxNhZX.exe
  2⤵
  PID:9056
- C:\Windows\System\pYEtrDo.exe
  C:\Windows\System\pYEtrDo.exe
  2⤵
  PID:9072
- C:\Windows\System\JTQYUkp.exe
  C:\Windows\System\JTQYUkp.exe
  2⤵
  PID:9108
- C:\Windows\System\hdiABbJ.exe
  C:\Windows\System\hdiABbJ.exe
  2⤵
  PID:9132
- C:\Windows\System\eaQgNFI.exe
  C:\Windows\System\eaQgNFI.exe
  2⤵
  PID:9148
- C:\Windows\System\ypnRkLw.exe
  C:\Windows\System\ypnRkLw.exe
  2⤵
  PID:9188
- C:\Windows\System\WuWigjU.exe
  C:\Windows\System\WuWigjU.exe
  2⤵
  PID:724
- C:\Windows\System\EtdxCQa.exe
  C:\Windows\System\EtdxCQa.exe
  2⤵
  PID:7388
- C:\Windows\System\QXgNlgT.exe
  C:\Windows\System\QXgNlgT.exe
  2⤵
  PID:7752
- C:\Windows\System\ceTmeNd.exe
  C:\Windows\System\ceTmeNd.exe
  2⤵
  PID:6964
- C:\Windows\System\CmtAhqU.exe
  C:\Windows\System\CmtAhqU.exe
  2⤵
  PID:8272
- C:\Windows\System\YtxhJxp.exe
  C:\Windows\System\YtxhJxp.exe
  2⤵
  PID:8348
- C:\Windows\System\wpMbeGL.exe
  C:\Windows\System\wpMbeGL.exe
  2⤵
  PID:8376
- C:\Windows\System\oZLaDDf.exe
  C:\Windows\System\oZLaDDf.exe
  2⤵
  PID:8644
- C:\Windows\System\wWfZiDh.exe
  C:\Windows\System\wWfZiDh.exe
  2⤵
  PID:8692
- C:\Windows\System\rmZRAKG.exe
  C:\Windows\System\rmZRAKG.exe
  2⤵
  PID:2268
- C:\Windows\System\SpgNmit.exe
  C:\Windows\System\SpgNmit.exe
  2⤵
  PID:640
- C:\Windows\System\TAikgYL.exe
  C:\Windows\System\TAikgYL.exe
  2⤵
  PID:5064
- C:\Windows\System\riDCGDz.exe
  C:\Windows\System\riDCGDz.exe
  2⤵
  PID:2680
- C:\Windows\System\TGrDqBc.exe
  C:\Windows\System\TGrDqBc.exe
  2⤵
  PID:8788
- C:\Windows\System\xylyfUD.exe
  C:\Windows\System\xylyfUD.exe
  2⤵
  PID:8904
- C:\Windows\System\RAWnLvJ.exe
  C:\Windows\System\RAWnLvJ.exe
  2⤵
  PID:8984
- C:\Windows\System\eebxFdb.exe
  C:\Windows\System\eebxFdb.exe
  2⤵
  PID:9160
- C:\Windows\System\RdhaXjY.exe
  C:\Windows\System\RdhaXjY.exe
  2⤵
  PID:9116
- C:\Windows\System\JCRJjEa.exe
  C:\Windows\System\JCRJjEa.exe
  2⤵
  PID:9040
- C:\Windows\System\VQnwcGP.exe
  C:\Windows\System\VQnwcGP.exe
  2⤵
  PID:1548
- C:\Windows\System\fEvYWBX.exe
  C:\Windows\System\fEvYWBX.exe
  2⤵
  PID:3472
- C:\Windows\System\kcebQYS.exe
  C:\Windows\System\kcebQYS.exe
  2⤵
  PID:4940
- C:\Windows\System\gfqHKnB.exe
  C:\Windows\System\gfqHKnB.exe
  2⤵
  PID:8328
- C:\Windows\System\xrtafoJ.exe
  C:\Windows\System\xrtafoJ.exe
  2⤵
  PID:8400
- C:\Windows\System\YPUipYG.exe
  C:\Windows\System\YPUipYG.exe
  2⤵
  PID:3060
- C:\Windows\System\qbqUjQn.exe
  C:\Windows\System\qbqUjQn.exe
  2⤵
  PID:2408
- C:\Windows\System\OOYZrkH.exe
  C:\Windows\System\OOYZrkH.exe
  2⤵
  PID:8924
- C:\Windows\System\KFdKAUb.exe
  C:\Windows\System\KFdKAUb.exe
  2⤵
  PID:8936
- C:\Windows\System\HPUUEVJ.exe
  C:\Windows\System\HPUUEVJ.exe
  2⤵
  PID:8220
- C:\Windows\System\NzNetgH.exe
  C:\Windows\System\NzNetgH.exe
  2⤵
  PID:8680
- C:\Windows\System\NouSlTp.exe
  C:\Windows\System\NouSlTp.exe
  2⤵
  PID:2432
- C:\Windows\System\DuKuhQF.exe
  C:\Windows\System\DuKuhQF.exe
  2⤵
  PID:3492
- C:\Windows\System\ZwZprFw.exe
  C:\Windows\System\ZwZprFw.exe
  2⤵
  PID:8888
- C:\Windows\System\RznUrdR.exe
  C:\Windows\System\RznUrdR.exe
  2⤵
  PID:4892
- C:\Windows\System\wcJSEQd.exe
  C:\Windows\System\wcJSEQd.exe
  2⤵
  PID:9204
- C:\Windows\System\xxpicmz.exe
  C:\Windows\System\xxpicmz.exe
  2⤵
  PID:2344
- C:\Windows\System\DdtnPyQ.exe
  C:\Windows\System\DdtnPyQ.exe
  2⤵
  PID:1088
- C:\Windows\System\kFbejeD.exe
  C:\Windows\System\kFbejeD.exe
  2⤵
  PID:2848
- C:\Windows\System\VYpYksU.exe
  C:\Windows\System\VYpYksU.exe
  2⤵
  PID:8660
- C:\Windows\System\QZRfSXr.exe
  C:\Windows\System\QZRfSXr.exe
  2⤵
  PID:4428
- C:\Windows\System\nSzxXyw.exe
  C:\Windows\System\nSzxXyw.exe
  2⤵
  PID:8780
- C:\Windows\System\lEdsxbG.exe
  C:\Windows\System\lEdsxbG.exe
  2⤵
  PID:9208
- C:\Windows\System\kYNzQYr.exe
  C:\Windows\System\kYNzQYr.exe
  2⤵
  PID:8636
- C:\Windows\System\AqCtrSs.exe
  C:\Windows\System\AqCtrSs.exe
  2⤵
  PID:8720
- C:\Windows\System\UgiyXqK.exe
  C:\Windows\System\UgiyXqK.exe
  2⤵
  PID:3064
- C:\Windows\System\RYbNFLW.exe
  C:\Windows\System\RYbNFLW.exe
  2⤵
  PID:1660
- C:\Windows\System\zMcKHoD.exe
  C:\Windows\System\zMcKHoD.exe
  2⤵
  PID:9020
- C:\Windows\System\pXTaVnw.exe
  C:\Windows\System\pXTaVnw.exe
  2⤵
  PID:9248
- C:\Windows\System\kSTfRWl.exe
  C:\Windows\System\kSTfRWl.exe
  2⤵
  PID:9280
- C:\Windows\System\HRXuKrO.exe
  C:\Windows\System\HRXuKrO.exe
  2⤵
  PID:9332
- C:\Windows\System\lGaEChL.exe
  C:\Windows\System\lGaEChL.exe
  2⤵
  PID:9404
- C:\Windows\System\sBlzhcI.exe
  C:\Windows\System\sBlzhcI.exe
  2⤵
  PID:9500
- C:\Windows\System\wKTDZdK.exe
  C:\Windows\System\wKTDZdK.exe
  2⤵
  PID:9572
- C:\Windows\System\kaZHaAJ.exe
  C:\Windows\System\kaZHaAJ.exe
  2⤵
  PID:9612
- C:\Windows\System\itvoasJ.exe
  C:\Windows\System\itvoasJ.exe
  2⤵
  PID:9648
- C:\Windows\System\YuyrGUz.exe
  C:\Windows\System\YuyrGUz.exe
  2⤵
  PID:9680
- C:\Windows\System\ImgChuA.exe
  C:\Windows\System\ImgChuA.exe
  2⤵
  PID:9716
- C:\Windows\System\AwtHEhd.exe
  C:\Windows\System\AwtHEhd.exe
  2⤵
  PID:9772
- C:\Windows\System\oGeEEHF.exe
  C:\Windows\System\oGeEEHF.exe
  2⤵
  PID:9792
- C:\Windows\System\XxDSUjS.exe
  C:\Windows\System\XxDSUjS.exe
  2⤵
  PID:9820
- C:\Windows\System\tfwamLh.exe
  C:\Windows\System\tfwamLh.exe
  2⤵
  PID:9852
- C:\Windows\System\zSrOGya.exe
  C:\Windows\System\zSrOGya.exe
  2⤵
  PID:9892
- C:\Windows\System\MyxXgrf.exe
  C:\Windows\System\MyxXgrf.exe
  2⤵
  PID:9908
- C:\Windows\System\JDxPPHp.exe
  C:\Windows\System\JDxPPHp.exe
  2⤵
  PID:9944
- C:\Windows\System\fjcAhCs.exe
  C:\Windows\System\fjcAhCs.exe
  2⤵
  PID:9972
- C:\Windows\System\wqqDRFE.exe
  C:\Windows\System\wqqDRFE.exe
  2⤵
  PID:10000
- C:\Windows\System\LcsKauo.exe
  C:\Windows\System\LcsKauo.exe
  2⤵
  PID:10028
- C:\Windows\System\SGmvosP.exe
  C:\Windows\System\SGmvosP.exe
  2⤵
  PID:10056
- C:\Windows\System\FFDeUww.exe
  C:\Windows\System\FFDeUww.exe
  2⤵
  PID:10088
- C:\Windows\System\oONneJg.exe
  C:\Windows\System\oONneJg.exe
  2⤵
  PID:10116
- C:\Windows\System\jvNcDaW.exe
  C:\Windows\System\jvNcDaW.exe
  2⤵
  PID:10144
- C:\Windows\System\oDcztLi.exe
  C:\Windows\System\oDcztLi.exe
  2⤵
  PID:10172
- C:\Windows\System\DBzUDkC.exe
  C:\Windows\System\DBzUDkC.exe
  2⤵
  PID:10204
- C:\Windows\System\uAMOHNU.exe
  C:\Windows\System\uAMOHNU.exe
  2⤵
  PID:10232
- C:\Windows\System\CsnZdnw.exe
  C:\Windows\System\CsnZdnw.exe
  2⤵
  PID:9276
- C:\Windows\System\EdkOXhn.exe
  C:\Windows\System\EdkOXhn.exe
  2⤵
  PID:9388
- C:\Windows\System\TXgwwYn.exe
  C:\Windows\System\TXgwwYn.exe
  2⤵
  PID:9468
- C:\Windows\System\kUgagbX.exe
  C:\Windows\System\kUgagbX.exe
  2⤵
  PID:9608
- C:\Windows\System\OOdJTbf.exe
  C:\Windows\System\OOdJTbf.exe
  2⤵
  PID:9676
- C:\Windows\System\IVwddrw.exe
  C:\Windows\System\IVwddrw.exe
  2⤵
  PID:9760
- C:\Windows\System\nJREFzm.exe
  C:\Windows\System\nJREFzm.exe
  2⤵
  PID:9812
- C:\Windows\System\FdBZIjA.exe
  C:\Windows\System\FdBZIjA.exe
  2⤵
  PID:9844
- C:\Windows\System\RNjqYED.exe
  C:\Windows\System\RNjqYED.exe
  2⤵
  PID:9940
- C:\Windows\System\ZZRErWC.exe
  C:\Windows\System\ZZRErWC.exe
  2⤵
  PID:9968
- C:\Windows\System\skjTelE.exe
  C:\Windows\System\skjTelE.exe
  2⤵
  PID:10044
- C:\Windows\System\BfvDAbp.exe
  C:\Windows\System\BfvDAbp.exe
  2⤵
  PID:10132
- C:\Windows\System\RNJvCfc.exe
  C:\Windows\System\RNJvCfc.exe
  2⤵
  PID:10164
- C:\Windows\System\UQeROLe.exe
  C:\Windows\System\UQeROLe.exe
  2⤵
  PID:10228
- C:\Windows\System\YmuXZdM.exe
  C:\Windows\System\YmuXZdM.exe
  2⤵
  PID:5008
- C:\Windows\System\eyhNJYs.exe
  C:\Windows\System\eyhNJYs.exe
  2⤵
  PID:9660
- C:\Windows\System\htftRJZ.exe
  C:\Windows\System\htftRJZ.exe
  2⤵
  PID:9804
- C:\Windows\System\IWZnfYg.exe
  C:\Windows\System\IWZnfYg.exe
  2⤵
  PID:9932
- C:\Windows\System\zfhAjFn.exe
  C:\Windows\System\zfhAjFn.exe
  2⤵
  PID:10072
- C:\Windows\System\zBQzsJr.exe
  C:\Windows\System\zBQzsJr.exe
  2⤵
  PID:4620
- C:\Windows\System\aSHSsYk.exe
  C:\Windows\System\aSHSsYk.exe
  2⤵
  PID:10080
- C:\Windows\System\cJuZonB.exe
  C:\Windows\System\cJuZonB.exe
  2⤵
  PID:10220
- C:\Windows\System\kIjDdAZ.exe
  C:\Windows\System\kIjDdAZ.exe
  2⤵
  PID:9756
- C:\Windows\System\VPIPrTs.exe
  C:\Windows\System\VPIPrTs.exe
  2⤵
  PID:2980
- C:\Windows\System\ExmOWzL.exe
  C:\Windows\System\ExmOWzL.exe
  2⤵
  PID:1508
- C:\Windows\System\OQjAStR.exe
  C:\Windows\System\OQjAStR.exe
  2⤵
  PID:10196
- C:\Windows\System\ndSNtmg.exe
  C:\Windows\System\ndSNtmg.exe
  2⤵
  PID:9920
- C:\Windows\System\XBCOvuL.exe
  C:\Windows\System\XBCOvuL.exe
  2⤵
  PID:10156
- C:\Windows\System\QzAwTaN.exe
  C:\Windows\System\QzAwTaN.exe
  2⤵
  PID:2504
- C:\Windows\System\kiwCtQU.exe
  C:\Windows\System\kiwCtQU.exe
  2⤵
  PID:10112
- C:\Windows\System\bOkjZBY.exe
  C:\Windows\System\bOkjZBY.exe
  2⤵
  PID:10268
- C:\Windows\System\rgaaQZo.exe
  C:\Windows\System\rgaaQZo.exe
  2⤵
  PID:10304
- C:\Windows\System\mcfoSrt.exe
  C:\Windows\System\mcfoSrt.exe
  2⤵
  PID:10348
- C:\Windows\System\zJuCEpU.exe
  C:\Windows\System\zJuCEpU.exe
  2⤵
  PID:10408
- C:\Windows\System\FtYvuEc.exe
  C:\Windows\System\FtYvuEc.exe
  2⤵
  PID:10452
- C:\Windows\System\LfVIqSc.exe
  C:\Windows\System\LfVIqSc.exe
  2⤵
  PID:10488
- C:\Windows\System\WDwefuA.exe
  C:\Windows\System\WDwefuA.exe
  2⤵
  PID:10516
- C:\Windows\System\mjRRiCz.exe
  C:\Windows\System\mjRRiCz.exe
  2⤵
  PID:10552
- C:\Windows\System\IUZXNAA.exe
  C:\Windows\System\IUZXNAA.exe
  2⤵
  PID:10568
- C:\Windows\System\egwMETA.exe
  C:\Windows\System\egwMETA.exe
  2⤵
  PID:10596
- C:\Windows\System\tYYjsuF.exe
  C:\Windows\System\tYYjsuF.exe
  2⤵
  PID:10624
- C:\Windows\System\fIqAlwk.exe
  C:\Windows\System\fIqAlwk.exe
  2⤵
  PID:10672
- C:\Windows\System\fASWgQj.exe
  C:\Windows\System\fASWgQj.exe
  2⤵
  PID:10728
- C:\Windows\System\zshdmXY.exe
  C:\Windows\System\zshdmXY.exe
  2⤵
  PID:10756
- C:\Windows\System\sXcLpGq.exe
  C:\Windows\System\sXcLpGq.exe
  2⤵
  PID:10784
- C:\Windows\System\qLjQrFq.exe
  C:\Windows\System\qLjQrFq.exe
  2⤵
  PID:10812
- C:\Windows\System\tJTzvAU.exe
  C:\Windows\System\tJTzvAU.exe
  2⤵
  PID:10844
- C:\Windows\System\lFWLBfa.exe
  C:\Windows\System\lFWLBfa.exe
  2⤵
  PID:10872
- C:\Windows\System\ybUklrW.exe
  C:\Windows\System\ybUklrW.exe
  2⤵
  PID:10900
- C:\Windows\System\PWpBxpV.exe
  C:\Windows\System\PWpBxpV.exe
  2⤵
  PID:10928
- C:\Windows\System\UCFxPkw.exe
  C:\Windows\System\UCFxPkw.exe
  2⤵
  PID:10956
- C:\Windows\System\LYvvrRt.exe
  C:\Windows\System\LYvvrRt.exe
  2⤵
  PID:10984
- C:\Windows\System\gEplfEP.exe
  C:\Windows\System\gEplfEP.exe
  2⤵
  PID:11012
- C:\Windows\System\MoJrUoU.exe
  C:\Windows\System\MoJrUoU.exe
  2⤵
  PID:11040
- C:\Windows\System\BiVfWAV.exe
  C:\Windows\System\BiVfWAV.exe
  2⤵
  PID:11068
- C:\Windows\System\waZpWPh.exe
  C:\Windows\System\waZpWPh.exe
  2⤵
  PID:11100
- C:\Windows\System\WVyrKWU.exe
  C:\Windows\System\WVyrKWU.exe
  2⤵
  PID:11128
- C:\Windows\System\yQwCWPi.exe
  C:\Windows\System\yQwCWPi.exe
  2⤵
  PID:11164
- C:\Windows\System\zimwtPk.exe
  C:\Windows\System\zimwtPk.exe
  2⤵
  PID:11184
- C:\Windows\System\WdHUmVE.exe
  C:\Windows\System\WdHUmVE.exe
  2⤵
  PID:11212
- C:\Windows\System\ErmIXrt.exe
  C:\Windows\System\ErmIXrt.exe
  2⤵
  PID:11244
- C:\Windows\System\ghDoUhg.exe
  C:\Windows\System\ghDoUhg.exe
  2⤵
  PID:10260
- C:\Windows\System\ceqtblF.exe
  C:\Windows\System\ceqtblF.exe
  2⤵
  PID:10332
- C:\Windows\System\urHMNNS.exe
  C:\Windows\System\urHMNNS.exe
  2⤵
  PID:10424
- C:\Windows\System\KKbCXRW.exe
  C:\Windows\System\KKbCXRW.exe
  2⤵
  PID:10508
- C:\Windows\System\sNmSyuh.exe
  C:\Windows\System\sNmSyuh.exe
  2⤵
  PID:10440
- C:\Windows\System\gcXjwSt.exe
  C:\Windows\System\gcXjwSt.exe
  2⤵
  PID:10384
- C:\Windows\System\HsoffIE.exe
  C:\Windows\System\HsoffIE.exe
  2⤵
  PID:10608
- C:\Windows\System\xAIqvxw.exe
  C:\Windows\System\xAIqvxw.exe
  2⤵
  PID:4072
- C:\Windows\System\jzYbdRT.exe
  C:\Windows\System\jzYbdRT.exe
  2⤵
  PID:9376
- C:\Windows\System\GqzhxsL.exe
  C:\Windows\System\GqzhxsL.exe
  2⤵
  PID:10344
- C:\Windows\System\AkneCIq.exe
  C:\Windows\System\AkneCIq.exe
  2⤵
  PID:10780
- C:\Windows\System\qLqUnJf.exe
  C:\Windows\System\qLqUnJf.exe
  2⤵
  PID:10856
- C:\Windows\System\vHpfyyK.exe
  C:\Windows\System\vHpfyyK.exe
  2⤵
  PID:10920
- C:\Windows\System\loAXMWQ.exe
  C:\Windows\System\loAXMWQ.exe
  2⤵
  PID:10980
- C:\Windows\System\vhqVEeM.exe
  C:\Windows\System\vhqVEeM.exe
  2⤵
  PID:11052
- C:\Windows\System\HcUWLzY.exe
  C:\Windows\System\HcUWLzY.exe
  2⤵
  PID:11120
- C:\Windows\System\bkkMQlm.exe
  C:\Windows\System\bkkMQlm.exe
  2⤵
  PID:11180
- C:\Windows\System\KJXzidm.exe
  C:\Windows\System\KJXzidm.exe
  2⤵
  PID:11240
- C:\Windows\System\OxlWVxB.exe
  C:\Windows\System\OxlWVxB.exe
  2⤵
  PID:10288
- C:\Windows\System\dwsJBEN.exe
  C:\Windows\System\dwsJBEN.exe
  2⤵
  PID:10504
- C:\Windows\System\xhJVapa.exe
  C:\Windows\System\xhJVapa.exe
  2⤵
  PID:10580
- C:\Windows\System\CmKVpGr.exe
  C:\Windows\System\CmKVpGr.exe
  2⤵
  PID:10748
- C:\Windows\System\MgNfPKc.exe
  C:\Windows\System\MgNfPKc.exe
  2⤵
  PID:10896
- C:\Windows\System\OKThzGp.exe
  C:\Windows\System\OKThzGp.exe
  2⤵
  PID:10496
- C:\Windows\System\kJAVknE.exe
  C:\Windows\System\kJAVknE.exe
  2⤵
  PID:10840
- C:\Windows\System\mVjYKqv.exe
  C:\Windows\System\mVjYKqv.exe
  2⤵
  PID:11300
- C:\Windows\System\qDTQBiX.exe
  C:\Windows\System\qDTQBiX.exe
  2⤵
  PID:11332
- C:\Windows\System\PesuiAF.exe
  C:\Windows\System\PesuiAF.exe
  2⤵
  PID:11364
- C:\Windows\System\tthQovt.exe
  C:\Windows\System\tthQovt.exe
  2⤵
  PID:11396
- C:\Windows\System\gxTAtYv.exe
  C:\Windows\System\gxTAtYv.exe
  2⤵
  PID:11428
- C:\Windows\System\BLMwYSP.exe
  C:\Windows\System\BLMwYSP.exe
  2⤵
  PID:11456
- C:\Windows\System\ikTPRkH.exe
  C:\Windows\System\ikTPRkH.exe
  2⤵
  PID:11488
- C:\Windows\System\kIThyPw.exe
  C:\Windows\System\kIThyPw.exe
  2⤵
  PID:11520
- C:\Windows\System\RzJYYAp.exe
  C:\Windows\System\RzJYYAp.exe
  2⤵
  PID:11548
- C:\Windows\System\klgAkRG.exe
  C:\Windows\System\klgAkRG.exe
  2⤵
  PID:11576
- C:\Windows\System\ApmhDcj.exe
  C:\Windows\System\ApmhDcj.exe
  2⤵
  PID:11604
- C:\Windows\System\LddVJws.exe
  C:\Windows\System\LddVJws.exe
  2⤵
  PID:11632
- C:\Windows\System\NZLszSA.exe
  C:\Windows\System\NZLszSA.exe
  2⤵
  PID:11660
- C:\Windows\System\ccXwnpz.exe
  C:\Windows\System\ccXwnpz.exe
  2⤵
  PID:11692
- C:\Windows\System\IoChboB.exe
  C:\Windows\System\IoChboB.exe
  2⤵
  PID:11720
- C:\Windows\System\bmHANLI.exe
  C:\Windows\System\bmHANLI.exe
  2⤵
  PID:11748
- C:\Windows\System\asGKpFl.exe
  C:\Windows\System\asGKpFl.exe
  2⤵
  PID:11776
- C:\Windows\System\anWKLOU.exe
  C:\Windows\System\anWKLOU.exe
  2⤵
  PID:11804
- C:\Windows\System\GVELcRT.exe
  C:\Windows\System\GVELcRT.exe
  2⤵
  PID:11832
- C:\Windows\System\ZtzAMsl.exe
  C:\Windows\System\ZtzAMsl.exe
  2⤵
  PID:11864
- C:\Windows\System\KOZmtQH.exe
  C:\Windows\System\KOZmtQH.exe
  2⤵
  PID:11892
- C:\Windows\System\NcRFJxo.exe
  C:\Windows\System\NcRFJxo.exe
  2⤵
  PID:11920
- C:\Windows\System\jHkFcsp.exe
  C:\Windows\System\jHkFcsp.exe
  2⤵
  PID:11948
- C:\Windows\System\arSqBHv.exe
  C:\Windows\System\arSqBHv.exe
  2⤵
  PID:11976
- C:\Windows\System\ROVOOTS.exe
  C:\Windows\System\ROVOOTS.exe
  2⤵
  PID:12004
- C:\Windows\System\HNNdsvK.exe
  C:\Windows\System\HNNdsvK.exe
  2⤵
  PID:12032
- C:\Windows\System\QHDIAQr.exe
  C:\Windows\System\QHDIAQr.exe
  2⤵
  PID:12060
- C:\Windows\System\VmGvGXy.exe
  C:\Windows\System\VmGvGXy.exe
  2⤵
  PID:12088
- C:\Windows\System\UOgYSWu.exe
  C:\Windows\System\UOgYSWu.exe
  2⤵
  PID:12116
- C:\Windows\System\EMmXoME.exe
  C:\Windows\System\EMmXoME.exe
  2⤵
  PID:12144
- C:\Windows\System\HzcOilw.exe
  C:\Windows\System\HzcOilw.exe
  2⤵
  PID:12172
- C:\Windows\System\SNVncDX.exe
  C:\Windows\System\SNVncDX.exe
  2⤵
  PID:12200
- C:\Windows\System\uSpigWf.exe
  C:\Windows\System\uSpigWf.exe
  2⤵
  PID:12228
- C:\Windows\System\JqsExvW.exe
  C:\Windows\System\JqsExvW.exe
  2⤵
  PID:12256
- C:\Windows\System\OWlmnwz.exe
  C:\Windows\System\OWlmnwz.exe
  2⤵
  PID:12284
- C:\Windows\System\MnmXAWu.exe
  C:\Windows\System\MnmXAWu.exe
  2⤵
  PID:11328
- C:\Windows\System\uYNHVvr.exe
  C:\Windows\System\uYNHVvr.exe
  2⤵
  PID:11408
- C:\Windows\System\TyNgHwh.exe
  C:\Windows\System\TyNgHwh.exe
  2⤵
  PID:11484
- C:\Windows\System\vBujoiq.exe
  C:\Windows\System\vBujoiq.exe
  2⤵
  PID:11176
- C:\Windows\System\sGzaXcK.exe
  C:\Windows\System\sGzaXcK.exe
  2⤵
  PID:11028
- C:\Windows\System\CkslYpZ.exe
  C:\Windows\System\CkslYpZ.exe
  2⤵
  PID:11656
- C:\Windows\System\OFcbVTb.exe
  C:\Windows\System\OFcbVTb.exe
  2⤵
  PID:11704
- C:\Windows\System\uFlszBI.exe
  C:\Windows\System\uFlszBI.exe
  2⤵
  PID:11736
- C:\Windows\System\ZRbVxek.exe
  C:\Windows\System\ZRbVxek.exe
  2⤵
  PID:11824
- C:\Windows\System\BgaWbND.exe
  C:\Windows\System\BgaWbND.exe
  2⤵
  PID:11884
- C:\Windows\System\JyvfeUm.exe
  C:\Windows\System\JyvfeUm.exe
  2⤵
  PID:11944
- C:\Windows\System\WfSXELv.exe
  C:\Windows\System\WfSXELv.exe
  2⤵
  PID:11996
- C:\Windows\System\pkleHAE.exe
  C:\Windows\System\pkleHAE.exe
  2⤵
  PID:12056
- C:\Windows\System\PBMpGps.exe
  C:\Windows\System\PBMpGps.exe
  2⤵
  PID:12132
- C:\Windows\System\MviWbfd.exe
  C:\Windows\System\MviWbfd.exe
  2⤵
  PID:12192
- C:\Windows\System\ScmqcQR.exe
  C:\Windows\System\ScmqcQR.exe
  2⤵
  PID:10952
- C:\Windows\System\gDuceOX.exe
  C:\Windows\System\gDuceOX.exe
  2⤵
  PID:11324
- C:\Windows\System\WvOnfpg.exe
  C:\Windows\System\WvOnfpg.exe
  2⤵
  PID:5360
- C:\Windows\System\EvdXTUF.exe
  C:\Windows\System\EvdXTUF.exe
  2⤵
  PID:11508
- C:\Windows\System\IRCrsnN.exe
  C:\Windows\System\IRCrsnN.exe
  2⤵
  PID:11600
- C:\Windows\System\ScnwPvJ.exe
  C:\Windows\System\ScnwPvJ.exe
  2⤵
  PID:11848
- C:\Windows\System\KLvdnpO.exe
  C:\Windows\System\KLvdnpO.exe
  2⤵
  PID:11940
- C:\Windows\System\lniIbjg.exe
  C:\Windows\System\lniIbjg.exe
  2⤵
  PID:12100
- C:\Windows\System\ReWmPQV.exe
  C:\Windows\System\ReWmPQV.exe
  2⤵
  PID:2092
- C:\Windows\System\xpgLBBp.exe
  C:\Windows\System\xpgLBBp.exe
  2⤵
  PID:2904
- C:\Windows\System\qtpyNtH.exe
  C:\Windows\System\qtpyNtH.exe
  2⤵
  PID:11712
- C:\Windows\System\ThqKSTq.exe
  C:\Windows\System\ThqKSTq.exe
  2⤵
  PID:3012
- C:\Windows\System\XsubaHC.exe
  C:\Windows\System\XsubaHC.exe
  2⤵
  PID:744
- C:\Windows\System\BLzVHNS.exe
  C:\Windows\System\BLzVHNS.exe
  2⤵
  PID:11444
- C:\Windows\System\GMTgIsO.exe
  C:\Windows\System\GMTgIsO.exe
  2⤵
  PID:5812
- C:\Windows\System\GvYhtOJ.exe
  C:\Windows\System\GvYhtOJ.exe
  2⤵
  PID:5860
- C:\Windows\System\GrLGxPi.exe
  C:\Windows\System\GrLGxPi.exe
  2⤵
  PID:5452
- C:\Windows\System\yXCbXap.exe
  C:\Windows\System\yXCbXap.exe
  2⤵
  PID:11880
- C:\Windows\System\toZbEsu.exe
  C:\Windows\System\toZbEsu.exe
  2⤵
  PID:12184
- C:\Windows\System\IqaFMVF.exe
  C:\Windows\System\IqaFMVF.exe
  2⤵
  PID:11596
- C:\Windows\System\amwtQOr.exe
  C:\Windows\System\amwtQOr.exe
  2⤵
  PID:5888
- C:\Windows\System\sBXdBru.exe
  C:\Windows\System\sBXdBru.exe
  2⤵
  PID:6096
- C:\Windows\System\RWtLHeT.exe
  C:\Windows\System\RWtLHeT.exe
  2⤵
  PID:12308
- C:\Windows\System\axcvnqO.exe
  C:\Windows\System\axcvnqO.exe
  2⤵
  PID:12336
- C:\Windows\System\OZyXGDg.exe
  C:\Windows\System\OZyXGDg.exe
  2⤵
  PID:12364
- C:\Windows\System\KLkYOGB.exe
  C:\Windows\System\KLkYOGB.exe
  2⤵
  PID:12392
- C:\Windows\System\uRIZDzD.exe
  C:\Windows\System\uRIZDzD.exe
  2⤵
  PID:12420
- C:\Windows\System\KCEcIvf.exe
  C:\Windows\System\KCEcIvf.exe
  2⤵
  PID:12448
- C:\Windows\System\QWsLUaI.exe
  C:\Windows\System\QWsLUaI.exe
  2⤵
  PID:12476
- C:\Windows\System\fAqLGlh.exe
  C:\Windows\System\fAqLGlh.exe
  2⤵
  PID:12504
- C:\Windows\System\GRzXCyI.exe
  C:\Windows\System\GRzXCyI.exe
  2⤵
  PID:12540
- C:\Windows\System\dqCKBKg.exe
  C:\Windows\System\dqCKBKg.exe
  2⤵
  PID:12560
- C:\Windows\System\yvoYGVT.exe
  C:\Windows\System\yvoYGVT.exe
  2⤵
  PID:12588
- C:\Windows\System\xYiPfnK.exe
  C:\Windows\System\xYiPfnK.exe
  2⤵
  PID:12616
- C:\Windows\System\BrqrIKO.exe
  C:\Windows\System\BrqrIKO.exe
  2⤵
  PID:12644
- C:\Windows\System\dqrDpPp.exe
  C:\Windows\System\dqrDpPp.exe
  2⤵
  PID:12672
- C:\Windows\System\BhYyfZx.exe
  C:\Windows\System\BhYyfZx.exe
  2⤵
  PID:12704
- C:\Windows\System\RPekOWQ.exe
  C:\Windows\System\RPekOWQ.exe
  2⤵
  PID:12732
- C:\Windows\System\iIvkJpM.exe
  C:\Windows\System\iIvkJpM.exe
  2⤵
  PID:12760
- C:\Windows\System\NxxPFpK.exe
  C:\Windows\System\NxxPFpK.exe
  2⤵
  PID:12788
- C:\Windows\System\ebcVdHq.exe
  C:\Windows\System\ebcVdHq.exe
  2⤵
  PID:12816
- C:\Windows\System\xjSsXRU.exe
  C:\Windows\System\xjSsXRU.exe
  2⤵
  PID:12844
- C:\Windows\System\YdzIjuz.exe
  C:\Windows\System\YdzIjuz.exe
  2⤵
  PID:12872
- C:\Windows\System\YaZlhOF.exe
  C:\Windows\System\YaZlhOF.exe
  2⤵
  PID:12900
- C:\Windows\System\TjvtpmO.exe
  C:\Windows\System\TjvtpmO.exe
  2⤵
  PID:12932
- C:\Windows\System\xanfVEV.exe
  C:\Windows\System\xanfVEV.exe
  2⤵
  PID:12952
- C:\Windows\System\xHQrBML.exe
  C:\Windows\System\xHQrBML.exe
  2⤵
  PID:12996
- C:\Windows\System\iiRHqQt.exe
  C:\Windows\System\iiRHqQt.exe
  2⤵
  PID:13024
- C:\Windows\System\ZGlxjst.exe
  C:\Windows\System\ZGlxjst.exe
  2⤵
  PID:13052
- C:\Windows\System\gIWIPAD.exe
  C:\Windows\System\gIWIPAD.exe
  2⤵
  PID:13080
- C:\Windows\System\qJKbmFU.exe
  C:\Windows\System\qJKbmFU.exe
  2⤵
  PID:13108
- C:\Windows\System\tcueYTj.exe
  C:\Windows\System\tcueYTj.exe
  2⤵
  PID:13140
- C:\Windows\System\soFMxGM.exe
  C:\Windows\System\soFMxGM.exe
  2⤵
  PID:13168
- C:\Windows\System\RfYkvqy.exe
  C:\Windows\System\RfYkvqy.exe
  2⤵
  PID:13196
- C:\Windows\System\LbyXtxe.exe
  C:\Windows\System\LbyXtxe.exe
  2⤵
  PID:13224
- C:\Windows\System\qzeWPrT.exe
  C:\Windows\System\qzeWPrT.exe
  2⤵
  PID:13240
- C:\Windows\System\aSoGMmM.exe
  C:\Windows\System\aSoGMmM.exe
  2⤵
  PID:13280
- C:\Windows\System\hATKEiY.exe
  C:\Windows\System\hATKEiY.exe
  2⤵
  PID:13308
- C:\Windows\System\WEfeDec.exe
  C:\Windows\System\WEfeDec.exe
  2⤵
  PID:12348
- C:\Windows\System\oJZqhBs.exe
  C:\Windows\System\oJZqhBs.exe
  2⤵
  PID:12412
- C:\Windows\System\twkZgla.exe
  C:\Windows\System\twkZgla.exe
  2⤵
  PID:12472
- C:\Windows\System\wAPCjZF.exe
  C:\Windows\System\wAPCjZF.exe
  2⤵
  PID:12528
- C:\Windows\System\TpkUOaH.exe
  C:\Windows\System\TpkUOaH.exe
  2⤵
  PID:12580
- C:\Windows\System\rNmgywK.exe
  C:\Windows\System\rNmgywK.exe
  2⤵
  PID:12640
- C:\Windows\System\mxTljRv.exe
  C:\Windows\System\mxTljRv.exe
  2⤵
  PID:12716
- C:\Windows\System\fcNIZxK.exe
  C:\Windows\System\fcNIZxK.exe
  2⤵
  PID:12780
- C:\Windows\System\DKFgZWS.exe
  C:\Windows\System\DKFgZWS.exe
  2⤵
  PID:12856
- C:\Windows\System\rgruDCu.exe
  C:\Windows\System\rgruDCu.exe
  2⤵
  PID:12896
- C:\Windows\System\eHTnJnr.exe
  C:\Windows\System\eHTnJnr.exe
  2⤵
  PID:12920
- C:\Windows\System\BsvhBcv.exe
  C:\Windows\System\BsvhBcv.exe
  2⤵
  PID:12992
- C:\Windows\System\pWyHINI.exe
  C:\Windows\System\pWyHINI.exe
  2⤵
  PID:5408
- C:\Windows\System\FoFiHUH.exe
  C:\Windows\System\FoFiHUH.exe
  2⤵
  PID:13048
- C:\Windows\System\CExbICp.exe
  C:\Windows\System\CExbICp.exe
  2⤵
  PID:13124
- C:\Windows\System\ebpPxVO.exe
  C:\Windows\System\ebpPxVO.exe
  2⤵
  PID:13152
- C:\Windows\System\CIqoHCW.exe
  C:\Windows\System\CIqoHCW.exe
  2⤵
  PID:5596
- C:\Windows\System\ATOAlvR.exe
  C:\Windows\System\ATOAlvR.exe
  2⤵
  PID:12328
- C:\Windows\System\bwgvaLV.exe
  C:\Windows\System\bwgvaLV.exe
  2⤵
  PID:12468
- C:\Windows\System\SmEifoz.exe
  C:\Windows\System\SmEifoz.exe
  2⤵
  PID:6340
- C:\Windows\System\gUGKVia.exe
  C:\Windows\System\gUGKVia.exe
  2⤵
  PID:12744
- C:\Windows\System\XndvocS.exe
  C:\Windows\System\XndvocS.exe
  2⤵
  PID:12772
- C:\Windows\System\mPwMCzB.exe
  C:\Windows\System\mPwMCzB.exe
  2⤵
  PID:6536
- C:\Windows\System\tneJlAL.exe
  C:\Windows\System\tneJlAL.exe
  2⤵
  PID:4552
- C:\Windows\System\HrlDghz.exe
  C:\Windows\System\HrlDghz.exe
  2⤵
  PID:12908
- C:\Windows\System\mrbMJMs.exe
  C:\Windows\System\mrbMJMs.exe
  2⤵
  PID:13184
- C:\Windows\System\pWVeDnT.exe
  C:\Windows\System\pWVeDnT.exe
  2⤵
  PID:12384
- C:\Windows\System\BxlKDJw.exe
  C:\Windows\System\BxlKDJw.exe
  2⤵
  PID:6732
- C:\Windows\System\nbnZuzb.exe
  C:\Windows\System\nbnZuzb.exe
  2⤵
  PID:3892
- C:\Windows\System\YAozMYi.exe
  C:\Windows\System\YAozMYi.exe
  2⤵
  PID:3820
- C:\Windows\System\UJXaabY.exe
  C:\Windows\System\UJXaabY.exe
  2⤵
  PID:7020
- C:\Windows\System\rudUYrk.exe
  C:\Windows\System\rudUYrk.exe
  2⤵
  PID:1684
- C:\Windows\System\PNdMktG.exe
  C:\Windows\System\PNdMktG.exe
  2⤵
  PID:2816
- C:\Windows\System\rWvSNNF.exe
  C:\Windows\System\rWvSNNF.exe
  2⤵
  PID:12692
- C:\Windows\System\fOFTcYc.exe
  C:\Windows\System\fOFTcYc.exe
  2⤵
  PID:516
- C:\Windows\System\svPDRhq.exe
  C:\Windows\System\svPDRhq.exe
  2⤵
  PID:3988
- C:\Windows\System\pQWnbCD.exe
  C:\Windows\System\pQWnbCD.exe
  2⤵
  PID:3776
- C:\Windows\System\pwumRvi.exe
  C:\Windows\System\pwumRvi.exe
  2⤵
  PID:6668
- C:\Windows\System\PEWCnSG.exe
  C:\Windows\System\PEWCnSG.exe
  2⤵
  PID:6844
- C:\Windows\System\CwhYzCV.exe
  C:\Windows\System\CwhYzCV.exe
  2⤵
  PID:6972
- C:\Windows\System\oAMglJQ.exe
  C:\Windows\System\oAMglJQ.exe
  2⤵
  PID:2480
- C:\Windows\System\DlEkBFD.exe
  C:\Windows\System\DlEkBFD.exe
  2⤵
  PID:4656
- C:\Windows\System\cYupuzG.exe
  C:\Windows\System\cYupuzG.exe
  2⤵
  PID:4040
- C:\Windows\System\YvTvNMX.exe
  C:\Windows\System\YvTvNMX.exe
  2⤵
  PID:6564
- C:\Windows\System\iETBwGY.exe
  C:\Windows\System\iETBwGY.exe
  2⤵
  PID:4140
- C:\Windows\System\rxSWpUs.exe
  C:\Windows\System\rxSWpUs.exe
  2⤵
  PID:6268
- C:\Windows\System\AHFjowB.exe
  C:\Windows\System\AHFjowB.exe
  2⤵
  PID:12552
- C:\Windows\System\jqBgNvj.exe
  C:\Windows\System\jqBgNvj.exe
  2⤵
  PID:6840
- C:\Windows\System\ETsgWHH.exe
  C:\Windows\System\ETsgWHH.exe
  2⤵
  PID:7284
- C:\Windows\System\mNHiqga.exe
  C:\Windows\System\mNHiqga.exe
  2⤵
  PID:7344
- C:\Windows\System\SKsvcqG.exe
  C:\Windows\System\SKsvcqG.exe
  2⤵
  PID:228
- C:\Windows\System\weeRVSh.exe
  C:\Windows\System\weeRVSh.exe
  2⤵
  PID:4396
- C:\Windows\System\KbXmPdP.exe
  C:\Windows\System\KbXmPdP.exe
  2⤵
  PID:3900
- C:\Windows\System\SVPnWTQ.exe
  C:\Windows\System\SVPnWTQ.exe
  2⤵
  PID:404
- C:\Windows\System\AWSctlu.exe
  C:\Windows\System\AWSctlu.exe
  2⤵
  PID:1144
- C:\Windows\System\yvpDOZN.exe
  C:\Windows\System\yvpDOZN.exe
  2⤵
  PID:12696
- C:\Windows\System\dWQLaRl.exe
  C:\Windows\System\dWQLaRl.exe
  2⤵
  PID:6568
- C:\Windows\System\iEHDFeP.exe
  C:\Windows\System\iEHDFeP.exe
  2⤵
  PID:456
- C:\Windows\System\XxEAWZY.exe
  C:\Windows\System\XxEAWZY.exe
  2⤵
  PID:13044
- C:\Windows\System\FEOfFkC.exe
  C:\Windows\System\FEOfFkC.exe
  2⤵
  PID:656
- C:\Windows\System\eBWYyhf.exe
  C:\Windows\System\eBWYyhf.exe
  2⤵
  PID:2632
- C:\Windows\System\OMaivhC.exe
  C:\Windows\System\OMaivhC.exe
  2⤵
  PID:1084
- C:\Windows\System\vgMhIFD.exe
  C:\Windows\System\vgMhIFD.exe
  2⤵
  PID:13100
- C:\Windows\System\HYeiQFp.exe
  C:\Windows\System\HYeiQFp.exe
  2⤵
  PID:4632
- C:\Windows\System\zEVDGhA.exe
  C:\Windows\System\zEVDGhA.exe
  2⤵
  PID:6316
- C:\Windows\System\KxOQUIs.exe
  C:\Windows\System\KxOQUIs.exe
  2⤵
  PID:7220
- C:\Windows\System\aHgLASL.exe
  C:\Windows\System\aHgLASL.exe
  2⤵
  PID:7360
- C:\Windows\System\IsemFsk.exe
  C:\Windows\System\IsemFsk.exe
  2⤵
  PID:12728
- C:\Windows\System\QXrJfCb.exe
  C:\Windows\System\QXrJfCb.exe
  2⤵
  PID:1648
- C:\Windows\System\vbXaTvy.exe
  C:\Windows\System\vbXaTvy.exe
  2⤵
  PID:4700
- C:\Windows\System\vuZlosI.exe
  C:\Windows\System\vuZlosI.exe
  2⤵
  PID:4496
- C:\Windows\System\wHzPRPx.exe
  C:\Windows\System\wHzPRPx.exe
  2⤵
  PID:756
- C:\Windows\System\MRBeFkk.exe
  C:\Windows\System\MRBeFkk.exe
  2⤵
  PID:5188
- C:\Windows\System\QmoRDAZ.exe
  C:\Windows\System\QmoRDAZ.exe
  2⤵
  PID:5216
- C:\Windows\System\PjnJOaf.exe
  C:\Windows\System\PjnJOaf.exe
  2⤵
  PID:208
- C:\Windows\System\VvdaxuI.exe
  C:\Windows\System\VvdaxuI.exe
  2⤵
  PID:7700
- C:\Windows\System\RzQvBti.exe
  C:\Windows\System\RzQvBti.exe
  2⤵
  PID:1672
- C:\Windows\System\JCclixV.exe
  C:\Windows\System\JCclixV.exe
  2⤵
  PID:5412
- C:\Windows\System\KNlNKJf.exe
  C:\Windows\System\KNlNKJf.exe
  2⤵
  PID:5448
- C:\Windows\System\FPOeUET.exe
  C:\Windows\System\FPOeUET.exe
  2⤵
  PID:2644
- C:\Windows\System\CbDrzwM.exe
  C:\Windows\System\CbDrzwM.exe
  2⤵
  PID:2940
- C:\Windows\System\PTFoATV.exe
  C:\Windows\System\PTFoATV.exe
  2⤵
  PID:1160
- C:\Windows\System\tZNyhLh.exe
  C:\Windows\System\tZNyhLh.exe
  2⤵
  PID:5232
- C:\Windows\System\zsdkaBo.exe
  C:\Windows\System\zsdkaBo.exe
  2⤵
  PID:5608
- C:\Windows\System\ILXfDPr.exe
  C:\Windows\System\ILXfDPr.exe
  2⤵
  PID:5332
- C:\Windows\System\AmbRMQa.exe
  C:\Windows\System\AmbRMQa.exe
  2⤵
  PID:2188
- C:\Windows\System\xKFOBBg.exe
  C:\Windows\System\xKFOBBg.exe
  2⤵
  PID:2356
- C:\Windows\System\icZNoZC.exe
  C:\Windows\System\icZNoZC.exe
  2⤵
  PID:5512
- C:\Windows\System\gGVMHfv.exe
  C:\Windows\System\gGVMHfv.exe
  2⤵
  PID:5764
- C:\Windows\System\NGmnyOE.exe
  C:\Windows\System\NGmnyOE.exe
  2⤵
  PID:5624
- C:\Windows\System\JYpdfsJ.exe
  C:\Windows\System\JYpdfsJ.exe
  2⤵
  PID:5636
- C:\Windows\System\NiYQOkB.exe
  C:\Windows\System\NiYQOkB.exe
  2⤵
  PID:5752
- C:\Windows\System\fFBFZtj.exe
  C:\Windows\System\fFBFZtj.exe
  2⤵
  PID:5780
- C:\Windows\System\inWHTol.exe
  C:\Windows\System\inWHTol.exe
  2⤵
  PID:5832
- C:\Windows\System\KkVZlNT.exe
  C:\Windows\System\KkVZlNT.exe
  2⤵
  PID:5924
- C:\Windows\System\NPSIBpI.exe
  C:\Windows\System\NPSIBpI.exe
  2⤵
  PID:5828
- C:\Windows\System\IUjTEMP.exe
  C:\Windows\System\IUjTEMP.exe
  2⤵
  PID:6056
- C:\Windows\System\NrSXvvf.exe
  C:\Windows\System\NrSXvvf.exe
  2⤵
  PID:6092
- C:\Windows\System\DnZREtx.exe
  C:\Windows\System\DnZREtx.exe
  2⤵
  PID:3840
- C:\Windows\System\WlkAqKh.exe
  C:\Windows\System\WlkAqKh.exe
  2⤵
  PID:368
- C:\Windows\System\BBByzKn.exe
  C:\Windows\System\BBByzKn.exe
  2⤵
  PID:3604
- C:\Windows\System\ZmUCHOQ.exe
  C:\Windows\System\ZmUCHOQ.exe
  2⤵
  PID:5168
- C:\Windows\System\bsNMJKh.exe
  C:\Windows\System\bsNMJKh.exe
  2⤵
  PID:5200
- C:\Windows\System\WavYPhu.exe
  C:\Windows\System\WavYPhu.exe
  2⤵
  PID:8280
- C:\Windows\System\PduOQTi.exe
  C:\Windows\System\PduOQTi.exe
  2⤵
  PID:13328
- C:\Windows\System\fCZAdyv.exe
  C:\Windows\System\fCZAdyv.exe
  2⤵
  PID:13356
- C:\Windows\System\CJsHtXE.exe
  C:\Windows\System\CJsHtXE.exe
  2⤵
  PID:13384
- C:\Windows\System\oqBXinC.exe
  C:\Windows\System\oqBXinC.exe
  2⤵
  PID:13412
- C:\Windows\System\HyLwjIN.exe
  C:\Windows\System\HyLwjIN.exe
  2⤵
  PID:13440
- C:\Windows\System\RosxDwq.exe
  C:\Windows\System\RosxDwq.exe
  2⤵
  PID:13468
- C:\Windows\System\riYltmX.exe
  C:\Windows\System\riYltmX.exe
  2⤵
  PID:13496
- C:\Windows\System\XmAGCgL.exe
  C:\Windows\System\XmAGCgL.exe
  2⤵
  PID:13524
- C:\Windows\System\kaWBnWT.exe
  C:\Windows\System\kaWBnWT.exe
  2⤵
  PID:13552
- C:\Windows\System\jKfFveB.exe
  C:\Windows\System\jKfFveB.exe
  2⤵
  PID:13580
- C:\Windows\System\PKJzsSa.exe
  C:\Windows\System\PKJzsSa.exe
  2⤵
  PID:13608
- C:\Windows\System\UWpDLuZ.exe
  C:\Windows\System\UWpDLuZ.exe
  2⤵
  PID:13636
- C:\Windows\System\NIYYZWh.exe
  C:\Windows\System\NIYYZWh.exe
  2⤵
  PID:13664
- C:\Windows\System\vkusQAx.exe
  C:\Windows\System\vkusQAx.exe
  2⤵
  PID:13696
- C:\Windows\System\ctkYdzr.exe
  C:\Windows\System\ctkYdzr.exe
  2⤵
  PID:13724
- C:\Windows\System\mPAEcXE.exe
  C:\Windows\System\mPAEcXE.exe
  2⤵
  PID:13752
- C:\Windows\System\syPIjrV.exe
  C:\Windows\System\syPIjrV.exe
  2⤵
  PID:13780
- C:\Windows\System\opiDisQ.exe
  C:\Windows\System\opiDisQ.exe
  2⤵
  PID:13808
- C:\Windows\System\RbFSEME.exe
  C:\Windows\System\RbFSEME.exe
  2⤵
  PID:13836
- C:\Windows\System\lUVjhsA.exe
  C:\Windows\System\lUVjhsA.exe
  2⤵
  PID:13872
- C:\Windows\System\oMOEfYH.exe
  C:\Windows\System\oMOEfYH.exe
  2⤵
  PID:13912
- C:\Windows\System\KtKSlUp.exe
  C:\Windows\System\KtKSlUp.exe
  2⤵
  PID:13932
- C:\Windows\System\vdRJeue.exe
  C:\Windows\System\vdRJeue.exe
  2⤵
  PID:13960
- C:\Windows\System\HCQZjgv.exe
  C:\Windows\System\HCQZjgv.exe
  2⤵
  PID:13988
- C:\Windows\System\ULcQemD.exe
  C:\Windows\System\ULcQemD.exe
  2⤵
  PID:14016
- C:\Windows\System\tYrMksx.exe
  C:\Windows\System\tYrMksx.exe
  2⤵
  PID:14044
- C:\Windows\System\NfffZTg.exe
  C:\Windows\System\NfffZTg.exe
  2⤵
  PID:14068
- C:\Windows\System\TYuXJoX.exe
  C:\Windows\System\TYuXJoX.exe
  2⤵
  PID:14100
- C:\Windows\System\MmxxISQ.exe
  C:\Windows\System\MmxxISQ.exe
  2⤵
  PID:14128
- C:\Windows\System\HhNRCHp.exe
  C:\Windows\System\HhNRCHp.exe
  2⤵
  PID:14156
- C:\Windows\System\kupFgUp.exe
  C:\Windows\System\kupFgUp.exe
  2⤵
  PID:14184
- C:\Windows\System\yggMYuG.exe
  C:\Windows\System\yggMYuG.exe
  2⤵
  PID:14212
- C:\Windows\System\lzLsEIB.exe
  C:\Windows\System\lzLsEIB.exe
  2⤵
  PID:14240
- C:\Windows\System\wqsartZ.exe
  C:\Windows\System\wqsartZ.exe
  2⤵
  PID:14268
- C:\Windows\System\qJueHMM.exe
  C:\Windows\System\qJueHMM.exe
  2⤵
  PID:14296
- C:\Windows\System\ISbsjmp.exe
  C:\Windows\System\ISbsjmp.exe
  2⤵
  PID:14328
- C:\Windows\System\AdRdmcF.exe
  C:\Windows\System\AdRdmcF.exe
  2⤵
  PID:13340
- C:\Windows\System\mXNVPpq.exe
  C:\Windows\System\mXNVPpq.exe
  2⤵
  PID:5460
- C:\Windows\System\Luqoueg.exe
  C:\Windows\System\Luqoueg.exe
  2⤵
  PID:13452
- C:\Windows\System\qQuHrTl.exe
  C:\Windows\System\qQuHrTl.exe
  2⤵
  PID:13492
- C:\Windows\System\GlRztAs.exe
  C:\Windows\System\GlRztAs.exe
  2⤵
  PID:5720
- C:\Windows\System\hRUOriS.exe
  C:\Windows\System\hRUOriS.exe
  2⤵
  PID:5816
- C:\Windows\System\BQJYhjG.exe
  C:\Windows\System\BQJYhjG.exe
  2⤵
  PID:13600
- C:\Windows\System\pebWDAL.exe
  C:\Windows\System\pebWDAL.exe
  2⤵
  PID:13648
- C:\Windows\System\uugypMt.exe
  C:\Windows\System\uugypMt.exe
  2⤵
  PID:6064
- C:\Windows\System\REXUzWB.exe
  C:\Windows\System\REXUzWB.exe
  2⤵
  PID:8688
- C:\Windows\System\tOYIGwC.exe
  C:\Windows\System\tOYIGwC.exe
  2⤵
  PID:13772
- C:\Windows\System\CPHwzWC.exe
  C:\Windows\System\CPHwzWC.exe
  2⤵
  PID:13824
- C:\Windows\System\hgXtvsr.exe
  C:\Windows\System\hgXtvsr.exe
  2⤵
  PID:5556
- C:\Windows\System\TahvAEh.exe
  C:\Windows\System\TahvAEh.exe
  2⤵
  PID:5668
- C:\Windows\System\LrUPeoE.exe
  C:\Windows\System\LrUPeoE.exe
  2⤵
  PID:13952
- C:\Windows\System\qdvCTxq.exe
  C:\Windows\System\qdvCTxq.exe
  2⤵
  PID:14008
- C:\Windows\System\pdjNIKt.exe
  C:\Windows\System\pdjNIKt.exe
  2⤵
  PID:14060
- C:\Windows\System\YupXcqm.exe
  C:\Windows\System\YupXcqm.exe
  2⤵
  PID:14096
- C:\Windows\System\BXxFiol.exe
  C:\Windows\System\BXxFiol.exe
  2⤵
  PID:14148
- C:\Windows\System\WpKmmRs.exe
  C:\Windows\System\WpKmmRs.exe
  2⤵
  PID:6204
- C:\Windows\System\RTTKSys.exe
  C:\Windows\System\RTTKSys.exe
  2⤵
  PID:14236
- C:\Windows\System\ufguwEv.exe
  C:\Windows\System\ufguwEv.exe
  2⤵
  PID:6244
- C:\Windows\System\JykLJiI.exe
  C:\Windows\System\JykLJiI.exe
  2⤵
  PID:5400
- C:\Windows\System\HubdSNn.exe
  C:\Windows\System\HubdSNn.exe
  2⤵
  PID:13436
- C:\Windows\System\IbzDQid.exe
  C:\Windows\System\IbzDQid.exe
  2⤵
  PID:5748
- C:\Windows\System\dEfLDnB.exe
  C:\Windows\System\dEfLDnB.exe
  2⤵
  PID:6420
- C:\Windows\System\YElaZrr.exe
  C:\Windows\System\YElaZrr.exe
  2⤵
  PID:13628
- C:\Windows\System\Iqojijj.exe
  C:\Windows\System\Iqojijj.exe
  2⤵
  PID:13688
- C:\Windows\System\HlOwdtC.exe
  C:\Windows\System\HlOwdtC.exe
  2⤵
  PID:4376
- C:\Windows\System\NltDpjv.exe
  C:\Windows\System\NltDpjv.exe
  2⤵
  PID:6560
- C:\Windows\System\qAAjlcn.exe
  C:\Windows\System\qAAjlcn.exe
  2⤵
  PID:13944
- C:\Windows\System\vFUrlzM.exe
  C:\Windows\System\vFUrlzM.exe
  2⤵
  PID:6124
- C:\Windows\System\fFyOeIj.exe
  C:\Windows\System\fFyOeIj.exe
  2⤵
  PID:14312
- C:\Windows\System\HDTdqfu.exe
  C:\Windows\System\HDTdqfu.exe
  2⤵
  PID:14168
- C:\Windows\System\RNsAJuX.exe
  C:\Windows\System\RNsAJuX.exe
  2⤵
  PID:14232
- C:\Windows\System\mgyWslE.exe
  C:\Windows\System\mgyWslE.exe
  2⤵
  PID:14320
- C:\Windows\System\gYBPyfV.exe
  C:\Windows\System\gYBPyfV.exe
  2⤵
  PID:13520
- C:\Windows\System\VtzjhHB.exe
  C:\Windows\System\VtzjhHB.exe
  2⤵
  PID:5952
- C:\Windows\System\OjZCbKA.exe
  C:\Windows\System\OjZCbKA.exe
  2⤵
  PID:6508
- C:\Windows\System\LeiZfrt.exe
  C:\Windows\System\LeiZfrt.exe
  2⤵
  PID:6616
- C:\Windows\System\rXtxLfI.exe
  C:\Windows\System\rXtxLfI.exe
  2⤵
  PID:14000
- C:\Windows\System\wCytnuW.exe
  C:\Windows\System\wCytnuW.exe
  2⤵
  PID:6664
- C:\Windows\System\oMLhXgW.exe
  C:\Windows\System\oMLhXgW.exe
  2⤵
  PID:6728
- C:\Windows\System\RZCpzEZ.exe
  C:\Windows\System\RZCpzEZ.exe
  2⤵
  PID:8988
- C:\Windows\System\cDYynyh.exe
  C:\Windows\System\cDYynyh.exe
  2⤵
  PID:8816
- C:\Windows\System\dIstHKl.exe
  C:\Windows\System\dIstHKl.exe
  2⤵
  PID:6932
- C:\Windows\System\YbpvNqB.exe
  C:\Windows\System\YbpvNqB.exe
  2⤵
  PID:6960
- C:\Windows\System\WHavsKi.exe
  C:\Windows\System\WHavsKi.exe
  2⤵
  PID:5652
- C:\Windows\System\HsQXcqv.exe
  C:\Windows\System\HsQXcqv.exe
  2⤵
  PID:13820
- C:\Windows\System\OKcDJEq.exe
  C:\Windows\System\OKcDJEq.exe
  2⤵
  PID:7124
- C:\Windows\System\QqbZiEw.exe
  C:\Windows\System\QqbZiEw.exe
  2⤵
  PID:1140
- C:\Windows\System\JteazzD.exe
  C:\Windows\System\JteazzD.exe
  2⤵
  PID:6192
- C:\Windows\System\ZOUmlgO.exe
  C:\Windows\System\ZOUmlgO.exe
  2⤵
  PID:3248
- C:\Windows\System\rkiaDbr.exe
  C:\Windows\System\rkiaDbr.exe
  2⤵
  PID:6976
- C:\Windows\System\zRmtVsH.exe
  C:\Windows\System\zRmtVsH.exe
  2⤵
  PID:14360
- C:\Windows\System\KbXxkGp.exe
  C:\Windows\System\KbXxkGp.exe
  2⤵
  PID:14380
- C:\Windows\System\qfSMxxq.exe
  C:\Windows\System\qfSMxxq.exe
  2⤵
  PID:14416
- C:\Windows\System\bvlAfwk.exe
  C:\Windows\System\bvlAfwk.exe
  2⤵
  PID:14444
- C:\Windows\System\oqhKWWc.exe
  C:\Windows\System\oqhKWWc.exe
  2⤵
  PID:14472
- C:\Windows\System\UOFYUgo.exe
  C:\Windows\System\UOFYUgo.exe
  2⤵
  PID:14488
- C:\Windows\System\zZtmIyJ.exe
  C:\Windows\System\zZtmIyJ.exe
  2⤵
  PID:14524
- C:\Windows\System\VrziLyS.exe
  C:\Windows\System\VrziLyS.exe
  2⤵
  PID:14556
- C:\Windows\System\LBwSRat.exe
  C:\Windows\System\LBwSRat.exe
  2⤵
  PID:14584
- C:\Windows\System\QFDXbPc.exe
  C:\Windows\System\QFDXbPc.exe
  2⤵
  PID:14616
- C:\Windows\System\tpWGHGa.exe
  C:\Windows\System\tpWGHGa.exe
  2⤵
  PID:14644
- C:\Windows\System\WzLJBaq.exe
  C:\Windows\System\WzLJBaq.exe
  2⤵
  PID:14672
- C:\Windows\System\TzRnhdt.exe
  C:\Windows\System\TzRnhdt.exe
  2⤵
  PID:14700
- C:\Windows\System\iTCbzCR.exe
  C:\Windows\System\iTCbzCR.exe
  2⤵
  PID:14728
- C:\Windows\System\WWRzmKV.exe
  C:\Windows\System\WWRzmKV.exe
  2⤵
  PID:14756
- C:\Windows\System\wxBAntN.exe
  C:\Windows\System\wxBAntN.exe
  2⤵
  PID:14784
- C:\Windows\System\HAlwMrs.exe
  C:\Windows\System\HAlwMrs.exe
  2⤵
  PID:14812
- C:\Windows\System\WrjBaQy.exe
  C:\Windows\System\WrjBaQy.exe
  2⤵
  PID:14840
- C:\Windows\System\DktpbIU.exe
  C:\Windows\System\DktpbIU.exe
  2⤵
  PID:14868
- C:\Windows\System\mTnjQVw.exe
  C:\Windows\System\mTnjQVw.exe
  2⤵
  PID:14896
- C:\Windows\System\FtMTRaX.exe
  C:\Windows\System\FtMTRaX.exe
  2⤵
  PID:14928
- C:\Windows\System\DUgyajj.exe
  C:\Windows\System\DUgyajj.exe
  2⤵
  PID:14948
- C:\Windows\System\rauLytG.exe
  C:\Windows\System\rauLytG.exe
  2⤵
  PID:14980
- C:\Windows\System\LsHjBys.exe
  C:\Windows\System\LsHjBys.exe
  2⤵
  PID:15012
- C:\Windows\System\cUGvpxM.exe
  C:\Windows\System\cUGvpxM.exe
  2⤵
  PID:15040
- C:\Windows\System\CBUMfUp.exe
  C:\Windows\System\CBUMfUp.exe
  2⤵
  PID:15068
- C:\Windows\System\taLiDKM.exe
  C:\Windows\System\taLiDKM.exe
  2⤵
  PID:15096
- C:\Windows\System\LFlVECP.exe
  C:\Windows\System\LFlVECP.exe
  2⤵
  PID:15120
- C:\Windows\System\XOutddm.exe
  C:\Windows\System\XOutddm.exe
  2⤵
  PID:15152
- C:\Windows\System\KJNGgqG.exe
  C:\Windows\System\KJNGgqG.exe
  2⤵
  PID:15180
- C:\Windows\System\bWkqRsg.exe
  C:\Windows\System\bWkqRsg.exe
  2⤵
  PID:15212
- C:\Windows\System\RrtIWln.exe
  C:\Windows\System\RrtIWln.exe
  2⤵
  PID:15240
- C:\Windows\System\iTuDimb.exe
  C:\Windows\System\iTuDimb.exe
  2⤵
  PID:15268
- C:\Windows\System\kwXzciR.exe
  C:\Windows\System\kwXzciR.exe
  2⤵
  PID:15284
- C:\Windows\System\dzcjiBP.exe
  C:\Windows\System\dzcjiBP.exe
  2⤵
  PID:15320
- C:\Windows\System\FNrZumh.exe
  C:\Windows\System\FNrZumh.exe
  2⤵
  PID:15352
- C:\Windows\System\BciJoNQ.exe
  C:\Windows\System\BciJoNQ.exe
  2⤵
  PID:14356
- C:\Windows\System\wbcwmAJ.exe
  C:\Windows\System\wbcwmAJ.exe
  2⤵
  PID:14412
- C:\Windows\System\ylETMmu.exe
  C:\Windows\System\ylETMmu.exe
  2⤵
  PID:14440
- C:\Windows\System\SJvcCMt.exe
  C:\Windows\System\SJvcCMt.exe
  2⤵
  PID:9036
- C:\Windows\System\MQsiQcL.exe
  C:\Windows\System\MQsiQcL.exe
  2⤵
  PID:14508
- C:\Windows\System\XzgIiNV.exe
  C:\Windows\System\XzgIiNV.exe
  2⤵
  PID:1296
- C:\Windows\System\dusuRti.exe
  C:\Windows\System\dusuRti.exe
  2⤵
  PID:5104
- C:\Windows\System\qtnxszi.exe
  C:\Windows\System\qtnxszi.exe
  2⤵
  PID:6472
- C:\Windows\System\cIlQrXk.exe
  C:\Windows\System\cIlQrXk.exe
  2⤵
  PID:14636
- C:\Windows\System\DIyNlVq.exe
  C:\Windows\System\DIyNlVq.exe
  2⤵
  PID:9008
- C:\Windows\System\khlSvpz.exe
  C:\Windows\System\khlSvpz.exe
  2⤵
  PID:14720
- C:\Windows\System\ZxiwaYq.exe
  C:\Windows\System\ZxiwaYq.exe
  2⤵
  PID:9176
- C:\Windows\System\PCYTXVe.exe
  C:\Windows\System\PCYTXVe.exe
  2⤵
  PID:14808
- C:\Windows\System\mBhUFqD.exe
  C:\Windows\System\mBhUFqD.exe
  2⤵
  PID:4100
- C:\Windows\System\SzgtdrY.exe
  C:\Windows\System\SzgtdrY.exe
  2⤵
  PID:8360
- C:\Windows\System\xpnPFiK.exe
  C:\Windows\System\xpnPFiK.exe
  2⤵
  PID:32
- C:\Windows\System\knfTLmN.exe
  C:\Windows\System\knfTLmN.exe
  2⤵
  PID:14956
- C:\Windows\System\ucLzCAv.exe
  C:\Windows\System\ucLzCAv.exe
  2⤵
  PID:14976
- C:\Windows\System\jKRwlXz.exe
  C:\Windows\System\jKRwlXz.exe
  2⤵
  PID:3800
- C:\Windows\System\AxKREYQ.exe
  C:\Windows\System\AxKREYQ.exe
  2⤵
  PID:15052
- C:\Windows\System\WRNXXck.exe
  C:\Windows\System\WRNXXck.exe
  2⤵
  PID:15060
- C:\Windows\System\HzLUtGP.exe
  C:\Windows\System\HzLUtGP.exe
  2⤵
  PID:15088
- C:\Windows\System\cXOQapA.exe
  C:\Windows\System\cXOQapA.exe
  2⤵
  PID:9064
- C:\Windows\System\zuChsTr.exe
  C:\Windows\System\zuChsTr.exe
  2⤵
  PID:1156
- C:\Windows\System\smSCcYo.exe
  C:\Windows\System\smSCcYo.exe
  2⤵
  PID:8320
- C:\Windows\System\VSSCHan.exe
  C:\Windows\System\VSSCHan.exe
  2⤵
  PID:15208
- C:\Windows\System\iYWUWjD.exe
  C:\Windows\System\iYWUWjD.exe
  2⤵
  PID:15236
- C:\Windows\System\Xpxszmz.exe
  C:\Windows\System\Xpxszmz.exe
  2⤵
  PID:15280
- C:\Windows\System\TtUeyUH.exe
  C:\Windows\System\TtUeyUH.exe
  2⤵
  PID:15304
- C:\Windows\System\emOnxBy.exe
  C:\Windows\System\emOnxBy.exe
  2⤵
  PID:7652
- C:\Windows\System\iuDluVt.exe
  C:\Windows\System\iuDluVt.exe
  2⤵
  PID:9168
- C:\Windows\System\LMloHwK.exe
  C:\Windows\System\LMloHwK.exe
  2⤵
  PID:14404
- C:\Windows\System\ZKTAdJO.exe
  C:\Windows\System\ZKTAdJO.exe
  2⤵
  PID:7716
- C:\Windows\System\jqhuQpz.exe
  C:\Windows\System\jqhuQpz.exe
  2⤵
  PID:7744
- C:\Windows\System\onROqNE.exe
  C:\Windows\System\onROqNE.exe
  2⤵
  PID:8008
- C:\Windows\System\wSewguY.exe
  C:\Windows\System\wSewguY.exe
  2⤵
  PID:14576
- C:\Windows\System\iOZEuMs.exe
  C:\Windows\System\iOZEuMs.exe
  2⤵
  PID:4708
- C:\Windows\System\wjcKhiP.exe
  C:\Windows\System\wjcKhiP.exe
  2⤵
  PID:8948
- C:\Windows\System\oHhCJJj.exe
  C:\Windows\System\oHhCJJj.exe
  2⤵
  PID:14664
- C:\Windows\System\qQmquRd.exe
  C:\Windows\System\qQmquRd.exe
  2⤵
  PID:14712
- C:\Windows\System\AzMnixA.exe
  C:\Windows\System\AzMnixA.exe
  2⤵
  PID:14740
- C:\Windows\System\ofEOHAi.exe
  C:\Windows\System\ofEOHAi.exe
  2⤵
  PID:7940
- C:\Windows\System\PUZPYlQ.exe
  C:\Windows\System\PUZPYlQ.exe
  2⤵
  PID:14836
- C:\Windows\System\ReCsiEQ.exe
  C:\Windows\System\ReCsiEQ.exe
  2⤵
  PID:7960
- C:\Windows\System\DCHPwKj.exe
  C:\Windows\System\DCHPwKj.exe
  2⤵
  PID:14864
- C:\Windows\System\YkwIwmU.exe
  C:\Windows\System\YkwIwmU.exe
  2⤵
  PID:2300
- C:\Windows\System\ZnUhpQl.exe
  C:\Windows\System\ZnUhpQl.exe
  2⤵
  PID:3932
- C:\Windows\System\TRRkHNR.exe
  C:\Windows\System\TRRkHNR.exe
  2⤵
  PID:9764
- C:\Windows\System\RjtjiMT.exe
  C:\Windows\System\RjtjiMT.exe
  2⤵
  PID:9828
- C:\Windows\System\HClOFQl.exe
  C:\Windows\System\HClOFQl.exe
  2⤵
  PID:9860
- C:\Windows\System\hbWJXBE.exe
  C:\Windows\System\hbWJXBE.exe
  2⤵
  PID:7456
- C:\Windows\System\JThJKff.exe
  C:\Windows\System\JThJKff.exe
  2⤵
  PID:15112
- C:\Windows\System\XaLedUx.exe
  C:\Windows\System\XaLedUx.exe
  2⤵
  PID:9952
- C:\Windows\System\nMibtYP.exe
  C:\Windows\System\nMibtYP.exe
  2⤵
  PID:15164
- C:\Windows\System\oNiPXiY.exe
  C:\Windows\System\oNiPXiY.exe
  2⤵
  PID:2336
- C:\Windows\System\JfWfxTH.exe
  C:\Windows\System\JfWfxTH.exe
  2⤵
  PID:7188
- C:\Windows\System\eEwazke.exe
  C:\Windows\System\eEwazke.exe
  2⤵
  PID:10068
- C:\Windows\System\zPDiySF.exe
  C:\Windows\System\zPDiySF.exe
  2⤵
  PID:10104
- C:\Windows\System\EwSzDNj.exe
  C:\Windows\System\EwSzDNj.exe
  2⤵
  PID:7460
- C:\Windows\System\eGORbut.exe
  C:\Windows\System\eGORbut.exe
  2⤵
  PID:10152
- C:\Windows\System\tejJfmo.exe
  C:\Windows\System\tejJfmo.exe
  2⤵
  PID:7580
- C:\Windows\System\iIEmzsp.exe
  C:\Windows\System\iIEmzsp.exe
  2⤵
  PID:7656
- C:\Windows\System\EEodbYX.exe
  C:\Windows\System\EEodbYX.exe
  2⤵
  PID:9360
- C:\Windows\System\ZygnqaN.exe
  C:\Windows\System\ZygnqaN.exe
  2⤵
  PID:9092
- C:\Windows\System\ugYxJFg.exe
  C:\Windows\System\ugYxJFg.exe
  2⤵
  PID:9632
- C:\Windows\System\HRvEKOJ.exe
  C:\Windows\System\HRvEKOJ.exe
  2⤵
  PID:7104
- C:\Windows\System\ucuTqcg.exe
  C:\Windows\System\ucuTqcg.exe
  2⤵
  PID:14580
- C:\Windows\System\sLVLWEA.exe
  C:\Windows\System\sLVLWEA.exe
  2⤵
  PID:7820
- C:\Windows\System\VCHggQI.exe
  C:\Windows\System\VCHggQI.exe
  2⤵
  PID:3424
- C:\Windows\System\vBxddBe.exe
  C:\Windows\System\vBxddBe.exe
  2⤵
  PID:9256
- C:\Windows\System\RUxlNZO.exe
  C:\Windows\System\RUxlNZO.exe
  2⤵
  PID:9140
- C:\Windows\System\QTlicEd.exe
  C:\Windows\System\QTlicEd.exe
  2⤵
  PID:14796
- C:\Windows\System\LSnwWWX.exe
  C:\Windows\System\LSnwWWX.exe
  2⤵
  PID:3236
- C:\Windows\System\lxevTBZ.exe
  C:\Windows\System\lxevTBZ.exe
  2⤵
  PID:8032
- C:\Windows\System\NKSIfRk.exe
  C:\Windows\System\NKSIfRk.exe
  2⤵
  PID:6708
- C:\Windows\System\kjoXQUk.exe
  C:\Windows\System\kjoXQUk.exe
  2⤵
  PID:7356
- C:\Windows\System\mjSMTMe.exe
  C:\Windows\System\mjSMTMe.exe
  2⤵
  PID:1576
- C:\Windows\System\CooMZDs.exe
  C:\Windows\System\CooMZDs.exe
  2⤵
  PID:1560
- C:\Windows\System\EpnLjrl.exe
  C:\Windows\System\EpnLjrl.exe
  2⤵
  PID:4368
- C:\Windows\System\TqmlNrR.exe
  C:\Windows\System\TqmlNrR.exe
  2⤵
  PID:3624
- C:\Windows\System\MlFdZNj.exe
  C:\Windows\System\MlFdZNj.exe
  2⤵
  PID:9312
- C:\Windows\System\YWTBxpx.exe
  C:\Windows\System\YWTBxpx.exe
  2⤵
  PID:15116
- C:\Windows\System\zOwzVVs.exe
  C:\Windows\System\zOwzVVs.exe
  2⤵
  PID:6548
- C:\Windows\System\JfHxyBk.exe
  C:\Windows\System\JfHxyBk.exe
  2⤵
  PID:3180
- C:\Windows\System\yYUxgOo.exe
  C:\Windows\System\yYUxgOo.exe
  2⤵
  PID:7212
- C:\Windows\System\wGuuzPT.exe
  C:\Windows\System\wGuuzPT.exe
  2⤵
  PID:15260
- C:\Windows\System\UujDvzL.exe
  C:\Windows\System\UujDvzL.exe
  2⤵
  PID:7384
- C:\Windows\System\XOiPwXq.exe
  C:\Windows\System\XOiPwXq.exe
  2⤵
  PID:10256
- C:\Windows\System\paSPJmM.exe
  C:\Windows\System\paSPJmM.exe
  2⤵
  PID:14388
- C:\Windows\System\vNSdWjp.exe
  C:\Windows\System\vNSdWjp.exe
  2⤵
  PID:8316
- C:\Windows\System\oScvZRs.exe
  C:\Windows\System\oScvZRs.exe
  2⤵
  PID:4976
- C:\Windows\System\RhPsXgb.exe
  C:\Windows\System\RhPsXgb.exe
  2⤵
  PID:8372
- C:\Windows\System\IWNqHoY.exe
  C:\Windows\System\IWNqHoY.exe
  2⤵
  PID:10468
- C:\Windows\System\plNGrGy.exe
  C:\Windows\System\plNGrGy.exe
  2⤵
  PID:8416
- C:\Windows\System\QyKMzPa.exe
  C:\Windows\System\QyKMzPa.exe
  2⤵
  PID:10480
- C:\Windows\System\HgvVIwu.exe
  C:\Windows\System\HgvVIwu.exe
  2⤵
  PID:10512
- C:\Windows\System\etOiLqs.exe
  C:\Windows\System\etOiLqs.exe
  2⤵
  PID:10544
- C:\Windows\System\IQHnMGj.exe
  C:\Windows\System\IQHnMGj.exe
  2⤵
  PID:8188
- C:\Windows\System\GUKSbye.exe
  C:\Windows\System\GUKSbye.exe
  2⤵
  PID:8564
- C:\Windows\System\ufzdYav.exe
  C:\Windows\System\ufzdYav.exe
  2⤵
  PID:10612
- C:\Windows\System\zAitAqE.exe
  C:\Windows\System\zAitAqE.exe
  2⤵
  PID:10640
- C:\Windows\System\kptxBqh.exe
  C:\Windows\System\kptxBqh.exe
  2⤵
  PID:10700
- C:\Windows\System\ZGMoaya.exe
  C:\Windows\System\ZGMoaya.exe
  2⤵
  PID:10736
- C:\Windows\System\LvefpdY.exe
  C:\Windows\System\LvefpdY.exe
  2⤵
  PID:10772
- C:\Windows\System\JPFAxDb.exe
  C:\Windows\System\JPFAxDb.exe
  2⤵
  PID:1292
- C:\Windows\System\otVzrOc.exe
  C:\Windows\System\otVzrOc.exe
  2⤵
  PID:7944
- C:\Windows\System\TlLpBNa.exe
  C:\Windows\System\TlLpBNa.exe
  2⤵
  PID:6284
- C:\Windows\System\NYVaCux.exe
  C:\Windows\System\NYVaCux.exe
  2⤵
  PID:15168
- C:\Windows\System\BuVhElT.exe
  C:\Windows\System\BuVhElT.exe
  2⤵
  PID:10972
- C:\Windows\System\dcxwTZE.exe
  C:\Windows\System\dcxwTZE.exe
  2⤵
  PID:2312
- C:\Windows\System\qoyxLIP.exe
  C:\Windows\System\qoyxLIP.exe
  2⤵
  PID:11048
- C:\Windows\System\QickEoa.exe
  C:\Windows\System\QickEoa.exe
  2⤵
  PID:14344
- C:\Windows\System\FZDbtRf.exe
  C:\Windows\System\FZDbtRf.exe
  2⤵
  PID:11112
- C:\Windows\System\BWgNgwY.exe
  C:\Windows\System\BWgNgwY.exe
  2⤵
  PID:11136
- C:\Windows\System\SxjYKOR.exe
  C:\Windows\System\SxjYKOR.exe
  2⤵
  PID:9628
- C:\Windows\System\RwxJock.exe
  C:\Windows\System\RwxJock.exe
  2⤵
  PID:7828
- C:\Windows\System\XCvIlEf.exe
  C:\Windows\System\XCvIlEf.exe
  2⤵
  PID:11260
- C:\Windows\System\AXubcyl.exe
  C:\Windows\System\AXubcyl.exe
  2⤵
  PID:116
- C:\Windows\System\kKVKGWd.exe
  C:\Windows\System\kKVKGWd.exe
  2⤵
  PID:10448
- C:\Windows\System\sFFZxif.exe
  C:\Windows\System\sFFZxif.exe
  2⤵
  PID:8004
- C:\Windows\System\xWqMuYq.exe
  C:\Windows\System\xWqMuYq.exe
  2⤵
  PID:4932
- C:\Windows\System\SjYDoSq.exe
  C:\Windows\System\SjYDoSq.exe
  2⤵
  PID:10620
- C:\Windows\System\eexlUvd.exe
  C:\Windows\System\eexlUvd.exe
  2⤵
  PID:8156
- C:\Windows\System\BeNsNCg.exe
  C:\Windows\System\BeNsNCg.exe
  2⤵
  PID:10824
- C:\Windows\System\GeAyYWJ.exe
  C:\Windows\System\GeAyYWJ.exe
  2⤵
  PID:8044
- C:\Windows\System\cRqhBwl.exe
  C:\Windows\System\cRqhBwl.exe
  2⤵
  PID:10804
- C:\Windows\System\xEXGECU.exe
  C:\Windows\System\xEXGECU.exe
  2⤵
  PID:10936
- C:\Windows\System\maSiVPf.exe
  C:\Windows\System\maSiVPf.exe
  2⤵
  PID:11008
- C:\Windows\System\nvEOcDP.exe
  C:\Windows\System\nvEOcDP.exe
  2⤵
  PID:10192
- C:\Windows\System\HuluaLd.exe
  C:\Windows\System\HuluaLd.exe
  2⤵
  PID:11204
- C:\Windows\System\WLFneLa.exe
  C:\Windows\System\WLFneLa.exe
  2⤵
  PID:11156
- C:\Windows\System\tzGiDMI.exe
  C:\Windows\System\tzGiDMI.exe
  2⤵
  PID:10528
- C:\Windows\System\nNFYPzn.exe
  C:\Windows\System\nNFYPzn.exe
  2⤵
  PID:10280
- C:\Windows\System\jDcvaSF.exe
  C:\Windows\System\jDcvaSF.exe
  2⤵
  PID:10392
- C:\Windows\System\HwSbcBz.exe
  C:\Windows\System\HwSbcBz.exe
  2⤵
  PID:8108
- C:\Windows\System\rhzwCTv.exe
  C:\Windows\System\rhzwCTv.exe
  2⤵
  PID:9928
- C:\Windows\System\OoaRMfF.exe
  C:\Windows\System\OoaRMfF.exe
  2⤵
  PID:10820
- C:\Windows\System\GgBUtxu.exe
  C:\Windows\System\GgBUtxu.exe
  2⤵
  PID:10940
- C:\Windows\System\GPIQVGw.exe
  C:\Windows\System\GPIQVGw.exe
  2⤵
  PID:11308
- C:\Windows\System\RWJRCgf.exe
  C:\Windows\System\RWJRCgf.exe
  2⤵
  PID:9004
- C:\Windows\System\jxXGfDn.exe
  C:\Windows\System\jxXGfDn.exe
  2⤵
  PID:10404
- C:\Windows\System\GuUskxp.exe
  C:\Windows\System\GuUskxp.exe
  2⤵
  PID:11440
- C:\Windows\System\HMNXSqb.exe
  C:\Windows\System\HMNXSqb.exe
  2⤵
  PID:9080
- C:\Windows\System\IQtJPuL.exe
  C:\Windows\System\IQtJPuL.exe
  2⤵
  PID:11536
- C:\Windows\System\ITHbCKA.exe
  C:\Windows\System\ITHbCKA.exe
  2⤵
  PID:11564
- C:\Windows\System\FESJApp.exe
  C:\Windows\System\FESJApp.exe
  2⤵
  PID:11592
- C:\Windows\System\bcfKrRl.exe
  C:\Windows\System\bcfKrRl.exe
  2⤵
  PID:11612
- C:\Windows\System\cXXfLuN.exe
  C:\Windows\System\cXXfLuN.exe
  2⤵
  PID:7572
- C:\Windows\System\MhSiKHM.exe
  C:\Windows\System\MhSiKHM.exe
  2⤵
  PID:11708
- C:\Windows\System\VMCUEeC.exe
  C:\Windows\System\VMCUEeC.exe
  2⤵
  PID:11140
- C:\Windows\System\RMLyRpO.exe
  C:\Windows\System\RMLyRpO.exe
  2⤵
  PID:7636
- C:\Windows\System\wmTeXwV.exe
  C:\Windows\System\wmTeXwV.exe
  2⤵
  PID:11376
- C:\Windows\System\qSAVfRP.exe
  C:\Windows\System\qSAVfRP.exe
  2⤵
  PID:9088
- C:\Windows\System\kdVGyhM.exe
  C:\Windows\System\kdVGyhM.exe
  2⤵
  PID:11872
- C:\Windows\System\lwMjako.exe
  C:\Windows\System\lwMjako.exe
  2⤵
  PID:11908
- C:\Windows\System\qlIKOet.exe
  C:\Windows\System\qlIKOet.exe
  2⤵
  PID:9832
- C:\Windows\System\kNhxsfe.exe
  C:\Windows\System\kNhxsfe.exe
  2⤵
  PID:11988
- C:\Windows\System\ZDOiMZl.exe
  C:\Windows\System\ZDOiMZl.exe
  2⤵
  PID:12040
- C:\Windows\System\UYRXdij.exe
  C:\Windows\System\UYRXdij.exe
  2⤵
  PID:10252
- C:\Windows\System\MkxiMfO.exe
  C:\Windows\System\MkxiMfO.exe
  2⤵
  PID:12104
- C:\Windows\System\IoeBjUB.exe
  C:\Windows\System\IoeBjUB.exe
  2⤵
  PID:9296
- C:\Windows\System\DDFnFro.exe
  C:\Windows\System\DDFnFro.exe
  2⤵
  PID:9196
- C:\Windows\System\YFQueIY.exe
  C:\Windows\System\YFQueIY.exe
  2⤵
  PID:11668
- C:\Windows\System\SNUdpys.exe
  C:\Windows\System\SNUdpys.exe
  2⤵
  PID:12236
- C:\Windows\System\zBSlazp.exe
  C:\Windows\System\zBSlazp.exe
  2⤵
  PID:11312
- C:\Windows\System\sepGcxy.exe
  C:\Windows\System\sepGcxy.exe
  2⤵
  PID:12128
- C:\Windows\System\krylwIi.exe
  C:\Windows\System\krylwIi.exe
  2⤵
  PID:12188
- C:\Windows\System\vfbJbHN.exe
  C:\Windows\System\vfbJbHN.exe
  2⤵
  PID:12020
- C:\Windows\System\qbzlizt.exe
  C:\Windows\System\qbzlizt.exe
  2⤵
  PID:11384
- C:\Windows\System\SxyzLDz.exe
  C:\Windows\System\SxyzLDz.exe
  2⤵
  PID:10888
- C:\Windows\System\cJyTrsk.exe
  C:\Windows\System\cJyTrsk.exe
  2⤵
  PID:8756
- C:\Windows\System\nAYwewf.exe
  C:\Windows\System\nAYwewf.exe
  2⤵
  PID:12160
- C:\Windows\System\prmlgfd.exe
  C:\Windows\System\prmlgfd.exe
  2⤵
  PID:11800
- C:\Windows\System\HNEhQHt.exe
  C:\Windows\System\HNEhQHt.exe
  2⤵
  PID:7880
- C:\Windows\System\syUDubd.exe
  C:\Windows\System\syUDubd.exe
  2⤵
  PID:12016
- C:\Windows\System\arkCrol.exe
  C:\Windows\System\arkCrol.exe
  2⤵
  PID:12024
- C:\Windows\System\ljKUfPV.exe
  C:\Windows\System\ljKUfPV.exe
  2⤵
  PID:15388
- C:\Windows\System\xUrmzLN.exe
  C:\Windows\System\xUrmzLN.exe
  2⤵
  PID:15416
- C:\Windows\System\QFRowVt.exe
  C:\Windows\System\QFRowVt.exe
  2⤵
  PID:15444
- C:\Windows\System\jXwdhRp.exe
  C:\Windows\System\jXwdhRp.exe
  2⤵
  PID:15472
- C:\Windows\System\KwLgALH.exe
  C:\Windows\System\KwLgALH.exe
  2⤵
  PID:15500
- C:\Windows\System\VZigOGS.exe
  C:\Windows\System\VZigOGS.exe
  2⤵
  PID:15528
- C:\Windows\System\PEqTCSD.exe
  C:\Windows\System\PEqTCSD.exe
  2⤵
  PID:15560
- C:\Windows\System\XKANGqJ.exe
  C:\Windows\System\XKANGqJ.exe
  2⤵
  PID:15584
- C:\Windows\System\MvnGYiZ.exe
  C:\Windows\System\MvnGYiZ.exe
  2⤵
  PID:15612
- C:\Windows\System\wEIwCNv.exe
  C:\Windows\System\wEIwCNv.exe
  2⤵
  PID:15640
- C:\Windows\System\LbBjiDv.exe
  C:\Windows\System\LbBjiDv.exe
  2⤵
  PID:15668
- C:\Windows\System\XfEKbGQ.exe
  C:\Windows\System\XfEKbGQ.exe
  2⤵
  PID:15696
- C:\Windows\System\dzDOxNw.exe
  C:\Windows\System\dzDOxNw.exe
  2⤵
  PID:15724
- C:\Windows\System\txhFpqc.exe
  C:\Windows\System\txhFpqc.exe
  2⤵
  PID:15752
- C:\Windows\System\swRCNlO.exe
  C:\Windows\System\swRCNlO.exe
  2⤵
  PID:15780
- C:\Windows\System\OqJyyrM.exe
  C:\Windows\System\OqJyyrM.exe
  2⤵
  PID:15808
- C:\Windows\System\EZIbZWp.exe
  C:\Windows\System\EZIbZWp.exe
  2⤵
  PID:15836
- C:\Windows\System\dIzzTTH.exe
  C:\Windows\System\dIzzTTH.exe
  2⤵
  PID:15864
- C:\Windows\System\iimgjAT.exe
  C:\Windows\System\iimgjAT.exe
  2⤵
  PID:15892
- C:\Windows\System\AwHHjsJ.exe
  C:\Windows\System\AwHHjsJ.exe
  2⤵
  PID:15920
- C:\Windows\System\rmzXDWH.exe
  C:\Windows\System\rmzXDWH.exe
  2⤵
  PID:15948
- C:\Windows\System\rcPyWhb.exe
  C:\Windows\System\rcPyWhb.exe
  2⤵
  PID:15976
- C:\Windows\System\HKFjEgm.exe
  C:\Windows\System\HKFjEgm.exe
  2⤵
  PID:16008
- C:\Windows\System\FinXDUw.exe
  C:\Windows\System\FinXDUw.exe
  2⤵
  PID:16036
- C:\Windows\System\NNPbYim.exe
  C:\Windows\System\NNPbYim.exe
  2⤵
  PID:16064
- C:\Windows\System\VcTvfUD.exe
  C:\Windows\System\VcTvfUD.exe
  2⤵
  PID:16092
- C:\Windows\System\qzcUIVH.exe
  C:\Windows\System\qzcUIVH.exe
  2⤵
  PID:16120
- C:\Windows\System\vHquDcg.exe
  C:\Windows\System\vHquDcg.exe
  2⤵
  PID:16148
- C:\Windows\System\POMIzZB.exe
  C:\Windows\System\POMIzZB.exe
  2⤵
  PID:16176
- C:\Windows\System\mAOBQJo.exe
  C:\Windows\System\mAOBQJo.exe
  2⤵
  PID:16204
- C:\Windows\System\xxiLUNK.exe
  C:\Windows\System\xxiLUNK.exe
  2⤵
  PID:16232
- C:\Windows\System\qJWwwvk.exe
  C:\Windows\System\qJWwwvk.exe
  2⤵
  PID:16260
- C:\Windows\System\klnXgBc.exe
  C:\Windows\System\klnXgBc.exe
  2⤵
  PID:16288
- C:\Windows\System\kxkkgge.exe
  C:\Windows\System\kxkkgge.exe
  2⤵
  PID:16328
- C:\Windows\System\bzwWcOx.exe
  C:\Windows\System\bzwWcOx.exe
  2⤵
  PID:16344
- C:\Windows\System\yoinFOU.exe
  C:\Windows\System\yoinFOU.exe
  2⤵
  PID:16372
- C:\Windows\System\oDzxosu.exe
  C:\Windows\System\oDzxosu.exe
  2⤵
  PID:15372
- C:\Windows\System\aCjPzug.exe
  C:\Windows\System\aCjPzug.exe
  2⤵
  PID:15412
- C:\Windows\System\ZHGHuer.exe
  C:\Windows\System\ZHGHuer.exe
  2⤵
  PID:11388
- C:\Windows\System\YNBmcvv.exe
  C:\Windows\System\YNBmcvv.exe
  2⤵
  PID:15492
- C:\Windows\System\nNGkUxG.exe
  C:\Windows\System\nNGkUxG.exe
  2⤵
  PID:11684
- C:\Windows\System\arvGOqs.exe
  C:\Windows\System\arvGOqs.exe
  2⤵
  PID:11276
- C:\Windows\System\DhEMGwm.exe
  C:\Windows\System\DhEMGwm.exe
  2⤵
  PID:15608
- C:\Windows\System\EwEDqYv.exe
  C:\Windows\System\EwEDqYv.exe
  2⤵
  PID:9288
- C:\Windows\System\StsWlSG.exe
  C:\Windows\System\StsWlSG.exe
  2⤵
  PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ECZjlXf.exe

Filesize
6.0MB

MD5
01934c5ee530bc6ec8afd163d80580cf

SHA1
903fc3796db76dbe2318c17d6a5cf8316ac74c95

SHA256
578eb3b41d07f18e1e34eafd8475e6dca2dd0fa759c3f8d27dda03090f286252

SHA512
7d8bc77533a3967018cd71ff08d0a931504ea4587ee008dba371b0437e16eb10c6c547df5c6f5793aa9cca33d5b636b6880c991d068f0eb084df18d9d19416b6

Download Submit
C:\Windows\System\JmjFTlw.exe

Filesize
6.0MB

MD5
4c86a198206dc1e7c97d2c19d6a0d1d7

SHA1
8545c4fe57d58283dc0797b907e3a1d8b606d094

SHA256
ae873de27c46e7d506f8e5baaa98f2649b4a0ae6ec252012b9c8f3c46d650c06

SHA512
18a1e30734751dc6017ee75f73db7d1440cd805e5a1104b2b4784666e5a04653d7ba4884d358d4bc1b8e17522d3caabfc08dd86f4735c340f5a99eab4a7c1178

Download Submit
C:\Windows\System\LmNEXAa.exe

Filesize
6.0MB

MD5
0de2c9af573a7918b5b728c0dccde765

SHA1
d329ff0dd52ac812214003739508576b1d827e64

SHA256
9c09a3afd015c7ece6d64f84a195ed9bad057fbe26ed99d8a1334da676fbb6a2

SHA512
f7f2863d6ce57d1c386a16e9b0fe82793c65c04afabba2fc4c97684d5dcbb6b60280fc6c23fd36a30f5fc47795d70d95cac0c02fd8534b61931ac1d31d008103

Download Submit
C:\Windows\System\NIKroLV.exe

Filesize
6.0MB

MD5
f276d418b549197dd3a453572360a427

SHA1
8a8e44c94fca7f8217da2891e8021db93aa2cf07

SHA256
b65db18184f01fec2a7b80db843fffb1f664e2760ee3e4203c246eb0dba9240b

SHA512
23e4583ff7422167fab7bbf68f45b3178d72a463dcb7ee169c9478632193a040d09d39d48ab96bfbbc8bfb1ba97cb2e93edee2c07ace9bc437c29b8a47f53819

Download Submit
C:\Windows\System\QDnUYLh.exe

Filesize
6.0MB

MD5
43c82848ef5c4e841df19f9b1404ddda

SHA1
c5e8d1b4bcb667f76bcee5f82eee64c1abfda03b

SHA256
b29ceb3e5aeae5527808a00a371d2b6b805ccf0addc61aa62165beb57f01ffc2

SHA512
1744c8c467ab3df16c47bb896237acadd6fecdf687f768288591c329b59556eba331324e55f909da6b8600a50980de5d17d46f6f76c0fbaaa96e228207f0547c

Download Submit
C:\Windows\System\Qpprude.exe

Filesize
6.0MB

MD5
0a3d432bbd4d0a931bde46a7dc51565e

SHA1
03b5ddf4ca7aa7f72c3988f4dc1431af1bbd1bb5

SHA256
e6d9be3182cbbd6ce33e5b320d8c1fa3a82b3c5cb1296db57a591c7d1471af4a

SHA512
0ad0038aa7786b49e1745c19e659e71e12b0eaa45695378f3fd141b91158f97f0a98de745b4b1b5e1f8115110f52337e5e4d071f1ce1e1292fc4fe9f2ea1db83

Download Submit
C:\Windows\System\RpZySCY.exe

Filesize
6.0MB

MD5
6bed34451d81c1224c0615eaeab41df0

SHA1
69c1d7c1f689f69bce568d7401afbc427eb3679c

SHA256
21487bbe757dcfde41e1cf8ed0ee5f2836aa5d5651e26cbbf50ed7cc31fe1fc9

SHA512
1f2ab7e1aaed4a907cf7e1d6173b047b3235cb9fe631672f5e695ddf73960652b056c42ccccc09b45f0927abcf47e35a5459bd23a90a3fca04e304ae7dcf78eb

Download Submit
C:\Windows\System\ShaVnNx.exe

Filesize
6.0MB

MD5
a480bb8eff1e38c6fd0f1f190cd8f772

SHA1
1b8ad184242394cd7ae8b9a77c5308b4770e8148

SHA256
fa7a0d46b3de05e00e92b0beb0f9fa398ac8bb20229b8f49a1ef789d4d601145

SHA512
a48ea6ff68cfff51ae19253bd4094cb8a3921496620df136e0ae1fe37cd94505e84b11118fd0037220ecd704169fd4eedbdacd5963423e1f4e56462003ec8279

Download Submit
C:\Windows\System\TMaeQZa.exe

Filesize
6.0MB

MD5
04a6a6d6846052cb3ef071366aec2d83

SHA1
af98e724a9855dddd9cee3fa1c77a257bf0877b0

SHA256
912d303750205808fdad496fcf64a99d8570bd0e2e6f372b426a60714adc6c9c

SHA512
55ee5da11f5456602cd44c3eeda8173b2e2b5b32c7cf5dfb38b94fde2afc3dd99bd956016ffcbfe3b1d025034a608055eaa3849f1909fd63f2e18cfe66c5cd59

Download Submit
C:\Windows\System\TlbVQEA.exe

Filesize
6.0MB

MD5
476f3c84c69972a2d27c585cf25bedfa

SHA1
c27a009ee1ce10385cf9e73f64800e600fe57cc7

SHA256
9bffd20693d979af67db9518fcbfa1ae8b06d83abdcd140d9e17e4de26679d53

SHA512
cf92a0d1262da0e8549a5bbb9fad8d61133bacc5d46e7be40a6c432a15cd9eedf63a46e795c614012141a8fd98ee37ad164838b186e205123182f762ba9f2205

Download Submit
C:\Windows\System\VBzQgeK.exe

Filesize
6.0MB

MD5
53f1b7c70298d3827ebd5e1be1323c54

SHA1
7d09ab7ff4db2f5f55efa53277bc22fb3c2d7bee

SHA256
c1011c3537933c72aaa6d81c60b18f9ac959efe570a2798ff5cc66fdd6786ac7

SHA512
cbac27e4a0e1f0f799ae8268b1ba58a9bf996fb7638568be1bcdba0a23eb6ab31aac92640434e7eb5d161acf112ff7c43c6aea5a2eca3882a94103eaf4946cc6

Download Submit
C:\Windows\System\WbGqAAd.exe

Filesize
6.0MB

MD5
14f0142534e4b64a8050a5c263902ebe

SHA1
d9536c0d81a45ba086d8e7c01e38b19254ebfdd8

SHA256
ff526ba9b9c9d19fb57ae135b2e22c623e822bd4114f9fa2632eeb88bada052e

SHA512
0709691e6d252d041c798f7420828033a2695672310254e21eb2efce29b6b125b257f50f37acf71f0f1a116f77e6a829ecc5c3417416656fb75721ad73bfaa4c

Download Submit
C:\Windows\System\XffHcnj.exe

Filesize
6.0MB

MD5
d5ee8fdfd6e9a62db0b69c44663ddaaf

SHA1
72cc9ae3cd05908213b7ee587af2e8673977965b

SHA256
eb9653477492293bf314d59e9e588f6f8e90c9329b08fb0343e9726f7d9867cf

SHA512
c94c0743e475c0457d0789e54dd6715424f946b24b996d892c29d4e0e8cbdad69b8732ed18321cd795948caac6793b9901114e44f5e7b5ec74e805bc22c3879d

Download Submit
C:\Windows\System\XuhTmQt.exe

Filesize
6.0MB

MD5
48652f0c1d624474a8ecd59932c1e9c3

SHA1
ab856112815b82010f0d3f91df502ec667d2aa91

SHA256
564df43474be7f039260fb855a531bbd7d9739e6f7d80e928142c5d961e5a74c

SHA512
08bfe07800ce3566188419147b94aa628c2df5c947ff3e4a7a4bdb9912a7bd231a33f853ca41462698f7e3dbeae8e0a3a13b73c109083d3bd35472cec1fcf42e

Download Submit
C:\Windows\System\fCxgfLS.exe

Filesize
6.0MB

MD5
2428867b7815a02ddbe12834a4f0d3fa

SHA1
717a30e919bbd72d3713ea50014a96102c29e576

SHA256
3db750fcc9e86173c143557a411ea63491a46587cbf525903e4ba2b318f7c9b9

SHA512
3fd2df496ae6c0490b22e595c70fe982fd0137574861d609ebe72191e558d0319ba6992956d4e1af1815201dc3fd2910b615e2894b6e4e5a7687ffd35b5a6c24

Download Submit
C:\Windows\System\fujZsHa.exe

Filesize
6.0MB

MD5
93f192193699abef7cd04036b8adb222

SHA1
3195bc1bec5075384efc6850d6341fde2c0b13e8

SHA256
7a01eff89e8aba02f3bd859ff579d6d1cc26c307ffa88ebf2a2ce6f984e6ecd8

SHA512
0f3f9e319096fb3c872e47636281289adba89653a0833db5927cb2da4ae40ef5fa66aef28c12ebb089414f541c6591f67ee7a8f6646aea4a6288e8f41326f2cd

Download Submit
C:\Windows\System\hWiWSrS.exe

Filesize
6.0MB

MD5
a5372f2492a28c4d18127a085e76c175

SHA1
92d7cc0f7785d99d5cefd8e575929b5405afacc9

SHA256
0737037214582f16ccbd8af78cd17ca54556f614c97d1c8626048810b2ca1ff3

SHA512
d6ba53e2456bf955da080728a31458baa2da093999a224d4f7c3139bb51c4a29c3dccf6255200ecf09ed38806e119e9a1a543d653c217ce587ba38c50c86e3fa

Download Submit
C:\Windows\System\iEInoEC.exe

Filesize
6.0MB

MD5
596e3067e277859fed49ef31b954d067

SHA1
43445676c1f9ece1b467d05addd69f912daf275b

SHA256
0457bf8859d1f5f8712a8cda9dde6bf8e74766003f3f8971a2d16dfb5596c7ef

SHA512
685309cf95edb98bff8e854130f257dac3fff0e3497da6a11b9008224d20e01e5fc7d40dc0301f287fac7d18ade3e4aa1d9a766a5eb0164a29dce6235c9e8321

Download Submit
C:\Windows\System\imaIuws.exe

Filesize
6.0MB

MD5
14213d733a0245bf60ae7181451b2149

SHA1
b0dd7597d137b5e8009754f14d8d7a0cb11a9f55

SHA256
dcfa0966673be47b15980672f4eff0da9593423e15eb2e08b0403d0ade94abd5

SHA512
68cdf7c55352b727a6aa6092a068582e1c0b5f968afafb2e55cf6695dcddbd9681bd8d189e70474a8aa0af65b1ae93d14845635156c0c096eb4c9bc585d02589

Download Submit
C:\Windows\System\jyJzefd.exe

Filesize
6.0MB

MD5
0396f0fa3bf382d636326392d3d03807

SHA1
f51adedb601fbf6b3d2c15606bbe0c1ab1502257

SHA256
f011970b1fbab81e6b18b7679f0db1116f0f555930edc31d6ae9535a435dc87e

SHA512
4e90f6d81bc97c151b970738ecf782c1894bd4f3fd4189ce3d6f6e1c18382025191c61249edc9516b7633be8da2f2680e299e3d84a14a56f73f4e733d7447b51

Download Submit
C:\Windows\System\kcfhJtp.exe

Filesize
6.0MB

MD5
34e25fe71419eeaba8b290c9588bb6a4

SHA1
d34a15646f3f8466dbe876d6cef24a6c2ced54d9

SHA256
8008d58b38aae1a28f5d65bd9a7d2461c1106498a6234a1e1f8ae006ddcfaeb6

SHA512
6b6ebbadec5e4022f7e75b04503ecc48f01c5c25cc9f6ff70f5c15b02cd3132b191e7d11138bab26cbfbedd27b712256befdaf2715e547fd42249202b3e85c61

Download Submit
C:\Windows\System\kqyVSwV.exe

Filesize
6.0MB

MD5
94003354baa2971d926ac626a67e6a2d

SHA1
ed43b70fd15d3c2e619010a0bca5f66dbc187dbb

SHA256
b99ee11fb7562398abc623f8c27fa33cc9a831efac2aab1aad8bf7c603d242de

SHA512
e15fbf9af809cf6098c1d60f4acc0c9b43f509be1749e08198bd89d27a415e347ac710b0443828d5c055d89e5390d80b65e6572bfee0b0726a02b7af401132d1

Download Submit
C:\Windows\System\nNOZwmT.exe

Filesize
6.0MB

MD5
916a8519e4c474b6682cd83b4f0b2a69

SHA1
c4fd74812c12540267f9e374716d1416a6dbea81

SHA256
a95cf277c7f99d3da959f74e8f75d1513484fa1b9f2cc75ec7107f4345db2d7d

SHA512
1137dc400b1c84edddc0fe271045e0ccc193fa0062a008110297d6c632528ab82311a14ea38c5bb0ca7493fcb0797eefb104655e9143a6c95a1ec83bd6941e0e

Download Submit
C:\Windows\System\pCSSxLU.exe

Filesize
6.0MB

MD5
16a9104bb456acdbe4560e80a2e88f7c

SHA1
ef1e9366ca4241c9824858566652ab9371b823fe

SHA256
159178ad94f53bec4d1b432577cfaf9ea8e86a2707ef4147755585da6aede79b

SHA512
7f0385bfa78c5d348c42cd757966554511e5de072accb58310a411e6facdf62eb2231e10d269751d7b396f6d41f24c9cf467ea640cdc810c16d3d2a1d4598e1e

Download Submit
C:\Windows\System\tLyxMGL.exe

Filesize
6.0MB

MD5
a45244d8dc9d6c9ca18148d52ba6a7f8

SHA1
abb7bfc5e583fb328be73997af3dd01fb4ebafe1

SHA256
354300d8d43db79725c294459893fc0bd6b958a47d2a8f1bd653c57ed8bc365c

SHA512
749858b4c3beb432bc412c40c11e2c16d3873418bdebde304f9b556f40a9a0e19b34a67ae7c40a5593e34f479a391d5aae64c07e944c84874d3c96a9a76fd828

Download Submit
C:\Windows\System\vCPmAbL.exe

Filesize
6.0MB

MD5
e26f72c61c780cb61401dcfbf1a9ac94

SHA1
d3141da62f9a6e01822447f2bad37f34d2a6809d

SHA256
0ae69e2c9a2ea578ef3f23020bfdea576a087c7e9bd542bbd5bd42ee1b899e14

SHA512
bed0f91ff4587a39190ca7ff4bb08124af702fb74cf5aca2c0f719ed2127aad7ba9c5eeff480fcbd904c1d6d78c6ff18928a059602174792deb5b5b55dfee05c

Download Submit
C:\Windows\System\vGJdrpw.exe

Filesize
6.0MB

MD5
dda7060c434a960f81a0e889b4ce7ea7

SHA1
a2cd96c24634148d38463d5310fbe5036d557ca0

SHA256
1b3acbb0024cfbb038298ed35fa5d86d3d66b6a6c99bfa7382e42386d6d87a87

SHA512
04e215639a1cc033be507ab8dfce924beca33dd6261f71c32cc38cda7cbd485ce296ca0a108547b1c09d9b7a1f43b2f93edc57482d1cb35935a14a8650ef8d6c

Download Submit
C:\Windows\System\vxKhtNB.exe

Filesize
6.0MB

MD5
912bb990057376baba93d87be7832c45

SHA1
799769d6d275c0333cf2d12f528d1c1d48eb6365

SHA256
06460793c85bd879ef33f75d2498a953c2ceb6fac7ac4019d3acf7cf6de76a3f

SHA512
ec89ba647a87e67a64e2cb030cc8f5fd8ebc3411476e714abefa890d973b5835c4574e6fea17715dba879a70f6d992b11fb3471317359fbad0140dc1018a25c4

Download Submit
C:\Windows\System\wesRYUF.exe

Filesize
6.0MB

MD5
ad9c5108945b2703c82134daf0530f1c

SHA1
0fd90e742f22f7d737efd3b08f48dfd5c7be9e06

SHA256
8430e5d3fb05b1ce7ac48ef0c81e16e11798e2561a20ea89f7078860296f777a

SHA512
23b3b7221d1a903faf2ed5d337822bf61edc68f54d70b06121541eb53534def699b0e91f588705252a23faca4e517c41365e473ce01861554520303d3685fb69

Download Submit
C:\Windows\System\wnjJFMa.exe

Filesize
6.0MB

MD5
527e9f29e48e93d22cc3dd1d4d324e0e

SHA1
573f2af97ceeb987f768404e65cffd43463a4311

SHA256
4e09a13d342f17163aab15e36a4195b0ec6edf3233cc8f1527a4ae37474b88b2

SHA512
d734de1c7213a72fe4873da144ecf6e61c26896b34b1548e5e91113000cc51bdb1e8f5dcc0522230d9a33e3c5c93569f5e2d14989198c9d77a74ebbc183ad60d

Download Submit
C:\Windows\System\xFpvEXI.exe

Filesize
6.0MB

MD5
a5901c87f8f615440f76fd38b29f858c

SHA1
2e9468ef828ac1c21277e380e8309d4d1a4e4dee

SHA256
1f1c39056fe069e65271943dd35890eb5397e508872df6ac879eb75f9674d565

SHA512
5f3e09e7ed730e7e65cbb22bdfc800e55ab4d0f6b0b2e6a56199bc11a55e35799154080a21e694dd215d5b6184c0b886fc2f014a31b9fe28332e715a450343fb

Download Submit
C:\Windows\System\zhVXkzs.exe

Filesize
6.0MB

MD5
bc44f6614a837975a37f11e3ae72ff9c

SHA1
2547ebd6a35a7475336ce4614759797d0efcac1a

SHA256
1b91b64e88852f6523baf98b4cd3a8d43e5c37cc31cb4bc1d8a6e37f00451365

SHA512
a801da00f988dfce4ce6c297b128abb0596e86b411e703e5d1c7a5c3bbb01adc82cf97439b263c0fc552a6f9ff749d2b6f71687a3cc7fc58b50682d451b75a24

Download Submit
memory/224-16-0x00007FF675C50000-0x00007FF675FA4000-memory.dmp

Filesize
3.3MB

Download
memory/224-1803-0x00007FF675C50000-0x00007FF675FA4000-memory.dmp

Filesize
3.3MB

Download
memory/224-62-0x00007FF675C50000-0x00007FF675FA4000-memory.dmp

Filesize
3.3MB

Download
memory/332-1952-0x00007FF602C10000-0x00007FF602F64000-memory.dmp

Filesize
3.3MB

Download
memory/332-169-0x00007FF602C10000-0x00007FF602F64000-memory.dmp

Filesize
3.3MB

Download
memory/332-1254-0x00007FF602C10000-0x00007FF602F64000-memory.dmp

Filesize
3.3MB

Download
memory/432-95-0x00007FF724EB0000-0x00007FF725204000-memory.dmp

Filesize
3.3MB

Download
memory/432-30-0x00007FF724EB0000-0x00007FF725204000-memory.dmp

Filesize
3.3MB

Download
memory/432-1863-0x00007FF724EB0000-0x00007FF725204000-memory.dmp

Filesize
3.3MB

Download
memory/760-54-0x00007FF76FD70000-0x00007FF7700C4000-memory.dmp

Filesize
3.3MB

Download
memory/760-1-0x0000018299E50000-0x0000018299E60000-memory.dmp

Filesize
64KB

Download
memory/760-0-0x00007FF76FD70000-0x00007FF7700C4000-memory.dmp

Filesize
3.3MB

Download
memory/892-185-0x00007FF6C72D0000-0x00007FF6C7624000-memory.dmp

Filesize
3.3MB

Download
memory/892-1953-0x00007FF6C72D0000-0x00007FF6C7624000-memory.dmp

Filesize
3.3MB

Download
memory/892-1316-0x00007FF6C72D0000-0x00007FF6C7624000-memory.dmp

Filesize
3.3MB

Download
memory/928-1313-0x00007FF7D3830000-0x00007FF7D3B84000-memory.dmp

Filesize
3.3MB

Download
memory/928-173-0x00007FF7D3830000-0x00007FF7D3B84000-memory.dmp

Filesize
3.3MB

Download
memory/928-1955-0x00007FF7D3830000-0x00007FF7D3B84000-memory.dmp

Filesize
3.3MB

Download
memory/1228-1419-0x00007FF72E1C0000-0x00007FF72E514000-memory.dmp

Filesize
3.3MB

Download
memory/1228-1954-0x00007FF72E1C0000-0x00007FF72E514000-memory.dmp

Filesize
3.3MB

Download
memory/1228-186-0x00007FF72E1C0000-0x00007FF72E514000-memory.dmp

Filesize
3.3MB

Download
memory/1736-138-0x00007FF66FFE0000-0x00007FF670334000-memory.dmp

Filesize
3.3MB

Download
memory/1736-1933-0x00007FF66FFE0000-0x00007FF670334000-memory.dmp

Filesize
3.3MB

Download
memory/1736-1047-0x00007FF66FFE0000-0x00007FF670334000-memory.dmp

Filesize
3.3MB

Download
memory/2100-48-0x00007FF7438D0000-0x00007FF743C24000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1880-0x00007FF7438D0000-0x00007FF743C24000-memory.dmp

Filesize
3.3MB

Download
memory/2100-118-0x00007FF7438D0000-0x00007FF743C24000-memory.dmp

Filesize
3.3MB

Download
memory/2112-150-0x00007FF6151F0000-0x00007FF615544000-memory.dmp

Filesize
3.3MB

Download
memory/2112-84-0x00007FF6151F0000-0x00007FF615544000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1911-0x00007FF6151F0000-0x00007FF615544000-memory.dmp

Filesize
3.3MB

Download
memory/2308-107-0x00007FF7D30E0000-0x00007FF7D3434000-memory.dmp

Filesize
3.3MB

Download
memory/2308-42-0x00007FF7D30E0000-0x00007FF7D3434000-memory.dmp

Filesize
3.3MB

Download
memory/2308-1877-0x00007FF7D30E0000-0x00007FF7D3434000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1941-0x00007FF712FC0000-0x00007FF713314000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1048-0x00007FF712FC0000-0x00007FF713314000-memory.dmp

Filesize
3.3MB

Download
memory/2380-149-0x00007FF712FC0000-0x00007FF713314000-memory.dmp

Filesize
3.3MB

Download
memory/2404-121-0x00007FF7A3890000-0x00007FF7A3BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-182-0x00007FF7A3890000-0x00007FF7A3BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1925-0x00007FF7A3890000-0x00007FF7A3BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-106-0x00007FF7F9580000-0x00007FF7F98D4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1912-0x00007FF7F9580000-0x00007FF7F98D4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-166-0x00007FF7F9580000-0x00007FF7F98D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-162-0x00007FF7EADE0000-0x00007FF7EB134000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1200-0x00007FF7EADE0000-0x00007FF7EB134000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1947-0x00007FF7EADE0000-0x00007FF7EB134000-memory.dmp

Filesize
3.3MB

Download
memory/2920-94-0x00007FF6A2110000-0x00007FF6A2464000-memory.dmp

Filesize
3.3MB

Download
memory/2920-147-0x00007FF6A2110000-0x00007FF6A2464000-memory.dmp

Filesize
3.3MB

Download
memory/2920-1908-0x00007FF6A2110000-0x00007FF6A2464000-memory.dmp

Filesize
3.3MB

Download
memory/3256-1796-0x00007FF6AFD60000-0x00007FF6B00B4000-memory.dmp

Filesize
3.3MB

Download
memory/3256-61-0x00007FF6AFD60000-0x00007FF6B00B4000-memory.dmp

Filesize
3.3MB

Download
memory/3256-6-0x00007FF6AFD60000-0x00007FF6B00B4000-memory.dmp

Filesize
3.3MB

Download
memory/3404-90-0x00007FF7FCA80000-0x00007FF7FCDD4000-memory.dmp

Filesize
3.3MB

Download
memory/3404-24-0x00007FF7FCA80000-0x00007FF7FCDD4000-memory.dmp

Filesize
3.3MB

Download
memory/3404-1859-0x00007FF7FCA80000-0x00007FF7FCDD4000-memory.dmp

Filesize
3.3MB

Download
memory/3760-112-0x00007FF6855E0000-0x00007FF685934000-memory.dmp

Filesize
3.3MB

Download
memory/3760-181-0x00007FF6855E0000-0x00007FF685934000-memory.dmp

Filesize
3.3MB

Download
memory/3760-1917-0x00007FF6855E0000-0x00007FF685934000-memory.dmp

Filesize
3.3MB

Download
memory/3912-75-0x00007FF6DE1E0000-0x00007FF6DE534000-memory.dmp

Filesize
3.3MB

Download
memory/3912-18-0x00007FF6DE1E0000-0x00007FF6DE534000-memory.dmp

Filesize
3.3MB

Download
memory/3912-1800-0x00007FF6DE1E0000-0x00007FF6DE534000-memory.dmp

Filesize
3.3MB

Download
memory/4008-1956-0x00007FF680B40000-0x00007FF680E94000-memory.dmp

Filesize
3.3MB

Download
memory/4008-194-0x00007FF680B40000-0x00007FF680E94000-memory.dmp

Filesize
3.3MB

Download
memory/4008-1478-0x00007FF680B40000-0x00007FF680E94000-memory.dmp

Filesize
3.3MB

Download
memory/4196-69-0x00007FF76C820000-0x00007FF76CB74000-memory.dmp

Filesize
3.3MB

Download
memory/4196-137-0x00007FF76C820000-0x00007FF76CB74000-memory.dmp

Filesize
3.3MB

Download
memory/4196-1902-0x00007FF76C820000-0x00007FF76CB74000-memory.dmp

Filesize
3.3MB

Download
memory/4228-146-0x00007FF730030000-0x00007FF730384000-memory.dmp

Filesize
3.3MB

Download
memory/4228-1907-0x00007FF730030000-0x00007FF730384000-memory.dmp

Filesize
3.3MB

Download
memory/4228-76-0x00007FF730030000-0x00007FF730384000-memory.dmp

Filesize
3.3MB

Download
memory/4384-128-0x00007FF7BF4B0000-0x00007FF7BF804000-memory.dmp

Filesize
3.3MB

Download
memory/4384-1893-0x00007FF7BF4B0000-0x00007FF7BF804000-memory.dmp

Filesize
3.3MB

Download
memory/4384-63-0x00007FF7BF4B0000-0x00007FF7BF804000-memory.dmp

Filesize
3.3MB

Download
memory/4508-122-0x00007FF72FC70000-0x00007FF72FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/4508-55-0x00007FF72FC70000-0x00007FF72FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/4508-1886-0x00007FF72FC70000-0x00007FF72FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/4588-127-0x00007FF6C2550000-0x00007FF6C28A4000-memory.dmp

Filesize
3.3MB

Download
memory/4588-1926-0x00007FF6C2550000-0x00007FF6C28A4000-memory.dmp

Filesize
3.3MB

Download
memory/4588-193-0x00007FF6C2550000-0x00007FF6C28A4000-memory.dmp

Filesize
3.3MB

Download
memory/4592-151-0x00007FF6C58D0000-0x00007FF6C5C24000-memory.dmp

Filesize
3.3MB

Download
memory/4592-1150-0x00007FF6C58D0000-0x00007FF6C5C24000-memory.dmp

Filesize
3.3MB

Download
memory/4592-1942-0x00007FF6C58D0000-0x00007FF6C5C24000-memory.dmp

Filesize
3.3MB

Download
memory/4616-101-0x00007FF6221D0000-0x00007FF622524000-memory.dmp

Filesize
3.3MB

Download
memory/4616-159-0x00007FF6221D0000-0x00007FF622524000-memory.dmp

Filesize
3.3MB

Download
memory/4616-1913-0x00007FF6221D0000-0x00007FF622524000-memory.dmp

Filesize
3.3MB

Download
memory/4836-132-0x00007FF6BDF20000-0x00007FF6BE274000-memory.dmp

Filesize
3.3MB

Download
memory/4836-1012-0x00007FF6BDF20000-0x00007FF6BE274000-memory.dmp

Filesize
3.3MB

Download
memory/4836-1924-0x00007FF6BDF20000-0x00007FF6BE274000-memory.dmp

Filesize
3.3MB

Download
memory/5112-36-0x00007FF7302C0000-0x00007FF730614000-memory.dmp

Filesize
3.3MB

Download
memory/5112-1868-0x00007FF7302C0000-0x00007FF730614000-memory.dmp

Filesize
3.3MB

Download
memory/5112-102-0x00007FF7302C0000-0x00007FF730614000-memory.dmp

Filesize
3.3MB

Download