cobaltstrike | a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b

Analysis

max time kernel
56s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/12/2024, 19:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
Size

6.0MB
MD5

77952dbaeff7ad56d6afd7ab506c9b79
SHA1

32a8e400ad662701770048f17fc606d2dd334803
SHA256

a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b
SHA512

9b79c8894c1dec82ea9de0416eac1b9eb36d960d46516231981d5f8283b8d3467c8ffc3b8cf5cfdb37d7a61402d3ff4c68caf750edde777511cc2d733aee2e9d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUz:T+q56utgpPF8u/7z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b0000000120dc-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019214-13.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001921d-21.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019329-38.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195c2-52.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ea-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a472-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a485-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a487-199.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a481-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a483-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47c-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47f-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a478-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a470-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a454-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a452-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a447-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a445-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a423-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ed-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e6-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e8-107.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000191d1-89.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e4-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2fc-72.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2b9-64.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019369-49.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019232-34.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019219-19.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2316-0-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x000b0000000120dc-3.dat	xmrig
behavioral1/files/0x0007000000019214-13.dat	xmrig
behavioral1/memory/2364-14-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/1056-20-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x000600000001921d-21.dat	xmrig
behavioral1/memory/1976-27-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019329-38.dat	xmrig
behavioral1/memory/2360-36-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x00060000000195c2-52.dat	xmrig
behavioral1/memory/1056-56-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2244-57-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2200-91-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2756-90-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2560-108-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3ea-115.dat	xmrig
behavioral1/files/0x000500000001a472-165.dat	xmrig
behavioral1/memory/3036-382-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2016-858-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/1096-690-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2200-511-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2588-236-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x000500000001a485-196.dat	xmrig
behavioral1/files/0x000500000001a487-199.dat	xmrig
behavioral1/files/0x000500000001a481-186.dat	xmrig
behavioral1/files/0x000500000001a483-190.dat	xmrig
behavioral1/files/0x000500000001a47c-176.dat	xmrig
behavioral1/files/0x000500000001a47f-180.dat	xmrig
behavioral1/files/0x000500000001a478-170.dat	xmrig
behavioral1/files/0x000500000001a470-161.dat	xmrig
behavioral1/files/0x000500000001a46d-155.dat	xmrig
behavioral1/files/0x000500000001a463-150.dat	xmrig
behavioral1/files/0x000500000001a454-145.dat	xmrig
behavioral1/files/0x000500000001a452-140.dat	xmrig
behavioral1/files/0x000500000001a447-135.dat	xmrig
behavioral1/files/0x000500000001a445-131.dat	xmrig
behavioral1/files/0x000500000001a423-125.dat	xmrig
behavioral1/files/0x000500000001a3ed-119.dat	xmrig
behavioral1/memory/1096-99-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2244-98-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3e6-97.dat	xmrig
behavioral1/memory/2016-109-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3e8-107.dat	xmrig
behavioral1/files/0x00080000000191d1-89.dat	xmrig
behavioral1/memory/3036-82-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2280-81-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3e4-80.dat	xmrig
behavioral1/memory/2588-74-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2360-73-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x000500000001a2fc-72.dat	xmrig
behavioral1/memory/2560-66-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/1976-65-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a2b9-64.dat	xmrig
behavioral1/memory/2756-51-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2364-50-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/files/0x0007000000019369-49.dat	xmrig
behavioral1/memory/2280-42-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2316-35-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0006000000019232-34.dat	xmrig
behavioral1/memory/2316-31-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2516-39-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x0006000000019219-19.dat	xmrig
behavioral1/memory/2516-10-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/1976-3313-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2516	BcgkZsI.exe
2364	grJthPO.exe
1056	dYCMqAZ.exe
1976	ekzHrpn.exe
2360	RHidyeA.exe
2280	ODxvdwQ.exe
2756	qmUvSft.exe
2244	xngwohB.exe
2560	pWnYpnb.exe
2588	wKtqTjB.exe
3036	lsQjdwF.exe
2200	hJuQUpI.exe
1096	PmIlUsN.exe
2016	NwXeJFj.exe
2248	sBSslhi.exe
2308	mghikyp.exe
1988	AGRvUFN.exe
1704	gwWamaf.exe
1488	ngASBbb.exe
852	sStCFUZ.exe
848	qelTfgK.exe
2860	zvHllGC.exe
2872	ngNxckx.exe
2440	IDuROVH.exe
2196	HJwlCjt.exe
2448	dxTOpte.exe
2420	cZKoLOG.exe
1864	TYejvxa.exe
2064	fniXapc.exe
2152	edGmtbN.exe
296	zHdvYRb.exe
1376	umWucJO.exe
2648	HvaGSFM.exe
2020	KrRMwtH.exe
2376	zxlYAYU.exe
744	oalwKkn.exe
1792	SpHgJfO.exe
1548	tIzfvSP.exe
2288	lgiFLKi.exe
680	ynzpEJU.exe
1840	IxQQGYd.exe
2188	miEEBdm.exe
1776	fKbeOKR.exe
2384	VHJGbJE.exe
1244	UUJiujV.exe
2496	jIHMNuK.exe
2400	zIddkDX.exe
2216	PDJPkkv.exe
1612	HfZXWYh.exe
3040	fcTOSgv.exe
2916	XPMyVpp.exe
2356	QEdZCFH.exe
2060	FVcYEAd.exe
2644	CSrPpdl.exe
2656	tkAZQIx.exe
2828	CRFFPVh.exe
2552	YzQpAEQ.exe
1688	ldjsCSL.exe
1176	HjSEibZ.exe
1740	EDIMDwY.exe
1648	ZqwmepT.exe
1148	jnqdtyD.exe
1392	agXlQDC.exe
2796	ipVVfTA.exe

Loads dropped DLL 64 IoCs

pid	Process
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2316-0-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x000b0000000120dc-3.dat	upx
behavioral1/files/0x0007000000019214-13.dat	upx
behavioral1/memory/2364-14-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/1056-20-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x000600000001921d-21.dat	upx
behavioral1/memory/1976-27-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0006000000019329-38.dat	upx
behavioral1/memory/2360-36-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x00060000000195c2-52.dat	upx
behavioral1/memory/1056-56-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2244-57-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2200-91-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2756-90-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2560-108-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x000500000001a3ea-115.dat	upx
behavioral1/files/0x000500000001a472-165.dat	upx
behavioral1/memory/3036-382-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2016-858-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/1096-690-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2200-511-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2588-236-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x000500000001a485-196.dat	upx
behavioral1/files/0x000500000001a487-199.dat	upx
behavioral1/files/0x000500000001a481-186.dat	upx
behavioral1/files/0x000500000001a483-190.dat	upx
behavioral1/files/0x000500000001a47c-176.dat	upx
behavioral1/files/0x000500000001a47f-180.dat	upx
behavioral1/files/0x000500000001a478-170.dat	upx
behavioral1/files/0x000500000001a470-161.dat	upx
behavioral1/files/0x000500000001a46d-155.dat	upx
behavioral1/files/0x000500000001a463-150.dat	upx
behavioral1/files/0x000500000001a454-145.dat	upx
behavioral1/files/0x000500000001a452-140.dat	upx
behavioral1/files/0x000500000001a447-135.dat	upx
behavioral1/files/0x000500000001a445-131.dat	upx
behavioral1/files/0x000500000001a423-125.dat	upx
behavioral1/files/0x000500000001a3ed-119.dat	upx
behavioral1/memory/1096-99-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2244-98-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x000500000001a3e6-97.dat	upx
behavioral1/memory/2016-109-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x000500000001a3e8-107.dat	upx
behavioral1/files/0x00080000000191d1-89.dat	upx
behavioral1/memory/3036-82-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2280-81-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x000500000001a3e4-80.dat	upx
behavioral1/memory/2588-74-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2360-73-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x000500000001a2fc-72.dat	upx
behavioral1/memory/2560-66-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/1976-65-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x000500000001a2b9-64.dat	upx
behavioral1/memory/2756-51-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2364-50-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/files/0x0007000000019369-49.dat	upx
behavioral1/memory/2280-42-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2316-35-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0006000000019232-34.dat	upx
behavioral1/memory/2516-39-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x0006000000019219-19.dat	upx
behavioral1/memory/2516-10-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/1976-3313-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2360-3312-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\SblpdUh.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\EiLBTuB.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\MEWMAMT.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\FZRdrYs.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\OPVpRei.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\eaCcnqK.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\cfxkoCT.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\VOLOvPk.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\AFjImgA.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\GtbiJdQ.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\mClQjAG.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\wUgpMgP.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\jYhzydu.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\XZIsevZ.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\yBttdRB.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\nWTfBcO.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\iKmrmWL.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\sLuYpKc.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\jDBJSTT.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\hRTMvnH.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\eKniTsq.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\dUBPmCb.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\UUXemqE.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\xLNLfpT.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\mIafnrZ.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\GfMXiIb.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\kiKHYwf.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\HOegTLY.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\IjmjCjm.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\YLnvjJs.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\BMgzcCW.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\AsNikmS.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\NxcHIqP.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\QqSDDlq.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\yqLVtZw.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\liMAVqA.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\VgiOLpX.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\biLtwXo.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\JuIXCrJ.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\fPyrFVn.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\DdESxIx.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\yRtKDlk.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\pEHjJTy.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\WuqJyLE.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\AwrkSNt.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\rQABdzC.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\OSYbINw.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\huzDAwE.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\efrwywK.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\kVRlloh.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\ZWnzNqv.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\bdYczsg.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\BiWasQi.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\RlUVdMH.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\cOvbzzz.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\LfYfYYu.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\qjEsJrx.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\IDuROVH.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\NdxwVnw.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\qfhyQoj.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\BztZawI.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\djCkPLk.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\mZkalyU.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
File created	C:\Windows\System\LKDXyVA.exe	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 2516	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	31
PID 2316 wrote to memory of 2516	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	31
PID 2316 wrote to memory of 2516	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	31
PID 2316 wrote to memory of 2364	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	32
PID 2316 wrote to memory of 2364	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	32
PID 2316 wrote to memory of 2364	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	32
PID 2316 wrote to memory of 1056	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	33
PID 2316 wrote to memory of 1056	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	33
PID 2316 wrote to memory of 1056	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	33
PID 2316 wrote to memory of 1976	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	34
PID 2316 wrote to memory of 1976	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	34
PID 2316 wrote to memory of 1976	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	34
PID 2316 wrote to memory of 2360	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	35
PID 2316 wrote to memory of 2360	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	35
PID 2316 wrote to memory of 2360	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	35
PID 2316 wrote to memory of 2280	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	36
PID 2316 wrote to memory of 2280	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	36
PID 2316 wrote to memory of 2280	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	36
PID 2316 wrote to memory of 2756	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	37
PID 2316 wrote to memory of 2756	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	37
PID 2316 wrote to memory of 2756	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	37
PID 2316 wrote to memory of 2244	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	38
PID 2316 wrote to memory of 2244	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	38
PID 2316 wrote to memory of 2244	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	38
PID 2316 wrote to memory of 2560	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	39
PID 2316 wrote to memory of 2560	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	39
PID 2316 wrote to memory of 2560	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	39
PID 2316 wrote to memory of 2588	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	40
PID 2316 wrote to memory of 2588	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	40
PID 2316 wrote to memory of 2588	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	40
PID 2316 wrote to memory of 3036	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	41
PID 2316 wrote to memory of 3036	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	41
PID 2316 wrote to memory of 3036	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	41
PID 2316 wrote to memory of 2200	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	42
PID 2316 wrote to memory of 2200	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	42
PID 2316 wrote to memory of 2200	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	42
PID 2316 wrote to memory of 1096	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	43
PID 2316 wrote to memory of 1096	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	43
PID 2316 wrote to memory of 1096	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	43
PID 2316 wrote to memory of 2016	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	44
PID 2316 wrote to memory of 2016	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	44
PID 2316 wrote to memory of 2016	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	44
PID 2316 wrote to memory of 2248	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	45
PID 2316 wrote to memory of 2248	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	45
PID 2316 wrote to memory of 2248	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	45
PID 2316 wrote to memory of 2308	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	46
PID 2316 wrote to memory of 2308	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	46
PID 2316 wrote to memory of 2308	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	46
PID 2316 wrote to memory of 1988	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	47
PID 2316 wrote to memory of 1988	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	47
PID 2316 wrote to memory of 1988	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	47
PID 2316 wrote to memory of 1704	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	48
PID 2316 wrote to memory of 1704	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	48
PID 2316 wrote to memory of 1704	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	48
PID 2316 wrote to memory of 1488	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	49
PID 2316 wrote to memory of 1488	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	49
PID 2316 wrote to memory of 1488	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	49
PID 2316 wrote to memory of 852	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	50
PID 2316 wrote to memory of 852	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	50
PID 2316 wrote to memory of 852	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	50
PID 2316 wrote to memory of 848	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	51
PID 2316 wrote to memory of 848	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	51
PID 2316 wrote to memory of 848	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	51
PID 2316 wrote to memory of 2860	2316	a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe	52

C:\Users\Admin\AppData\Local\Temp\a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe
"C:\Users\Admin\AppData\Local\Temp\a48099a3b53b19fe355624fbc7d412bdd46b9db197db374aba40b3b1fa2f461b.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Windows\System\BcgkZsI.exe
  C:\Windows\System\BcgkZsI.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\grJthPO.exe
  C:\Windows\System\grJthPO.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\dYCMqAZ.exe
  C:\Windows\System\dYCMqAZ.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\ekzHrpn.exe
  C:\Windows\System\ekzHrpn.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\RHidyeA.exe
  C:\Windows\System\RHidyeA.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\ODxvdwQ.exe
  C:\Windows\System\ODxvdwQ.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\qmUvSft.exe
  C:\Windows\System\qmUvSft.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\xngwohB.exe
  C:\Windows\System\xngwohB.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\pWnYpnb.exe
  C:\Windows\System\pWnYpnb.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\wKtqTjB.exe
  C:\Windows\System\wKtqTjB.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\lsQjdwF.exe
  C:\Windows\System\lsQjdwF.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\hJuQUpI.exe
  C:\Windows\System\hJuQUpI.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\PmIlUsN.exe
  C:\Windows\System\PmIlUsN.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\NwXeJFj.exe
  C:\Windows\System\NwXeJFj.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\sBSslhi.exe
  C:\Windows\System\sBSslhi.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\mghikyp.exe
  C:\Windows\System\mghikyp.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\AGRvUFN.exe
  C:\Windows\System\AGRvUFN.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\gwWamaf.exe
  C:\Windows\System\gwWamaf.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\ngASBbb.exe
  C:\Windows\System\ngASBbb.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\sStCFUZ.exe
  C:\Windows\System\sStCFUZ.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\qelTfgK.exe
  C:\Windows\System\qelTfgK.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\zvHllGC.exe
  C:\Windows\System\zvHllGC.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\ngNxckx.exe
  C:\Windows\System\ngNxckx.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\IDuROVH.exe
  C:\Windows\System\IDuROVH.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\HJwlCjt.exe
  C:\Windows\System\HJwlCjt.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\dxTOpte.exe
  C:\Windows\System\dxTOpte.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\cZKoLOG.exe
  C:\Windows\System\cZKoLOG.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\TYejvxa.exe
  C:\Windows\System\TYejvxa.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\fniXapc.exe
  C:\Windows\System\fniXapc.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\edGmtbN.exe
  C:\Windows\System\edGmtbN.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\zHdvYRb.exe
  C:\Windows\System\zHdvYRb.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\umWucJO.exe
  C:\Windows\System\umWucJO.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\HvaGSFM.exe
  C:\Windows\System\HvaGSFM.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\KrRMwtH.exe
  C:\Windows\System\KrRMwtH.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\zxlYAYU.exe
  C:\Windows\System\zxlYAYU.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\oalwKkn.exe
  C:\Windows\System\oalwKkn.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\SpHgJfO.exe
  C:\Windows\System\SpHgJfO.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\tIzfvSP.exe
  C:\Windows\System\tIzfvSP.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\lgiFLKi.exe
  C:\Windows\System\lgiFLKi.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\ynzpEJU.exe
  C:\Windows\System\ynzpEJU.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\IxQQGYd.exe
  C:\Windows\System\IxQQGYd.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\miEEBdm.exe
  C:\Windows\System\miEEBdm.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\fKbeOKR.exe
  C:\Windows\System\fKbeOKR.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\VHJGbJE.exe
  C:\Windows\System\VHJGbJE.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\UUJiujV.exe
  C:\Windows\System\UUJiujV.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\jIHMNuK.exe
  C:\Windows\System\jIHMNuK.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\zIddkDX.exe
  C:\Windows\System\zIddkDX.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\PDJPkkv.exe
  C:\Windows\System\PDJPkkv.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\HfZXWYh.exe
  C:\Windows\System\HfZXWYh.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\fcTOSgv.exe
  C:\Windows\System\fcTOSgv.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\XPMyVpp.exe
  C:\Windows\System\XPMyVpp.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\QEdZCFH.exe
  C:\Windows\System\QEdZCFH.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\FVcYEAd.exe
  C:\Windows\System\FVcYEAd.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\CSrPpdl.exe
  C:\Windows\System\CSrPpdl.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\tkAZQIx.exe
  C:\Windows\System\tkAZQIx.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\CRFFPVh.exe
  C:\Windows\System\CRFFPVh.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\YzQpAEQ.exe
  C:\Windows\System\YzQpAEQ.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\ldjsCSL.exe
  C:\Windows\System\ldjsCSL.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\HjSEibZ.exe
  C:\Windows\System\HjSEibZ.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\EDIMDwY.exe
  C:\Windows\System\EDIMDwY.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\ZqwmepT.exe
  C:\Windows\System\ZqwmepT.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\jnqdtyD.exe
  C:\Windows\System\jnqdtyD.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\agXlQDC.exe
  C:\Windows\System\agXlQDC.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\ipVVfTA.exe
  C:\Windows\System\ipVVfTA.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\jLAkmOd.exe
  C:\Windows\System\jLAkmOd.exe
  2⤵
  PID:3016
- C:\Windows\System\XRkrqVv.exe
  C:\Windows\System\XRkrqVv.exe
  2⤵
  PID:2136
- C:\Windows\System\sdSaZzd.exe
  C:\Windows\System\sdSaZzd.exe
  2⤵
  PID:1124
- C:\Windows\System\sSYZIOh.exe
  C:\Windows\System\sSYZIOh.exe
  2⤵
  PID:1076
- C:\Windows\System\VRdoiQK.exe
  C:\Windows\System\VRdoiQK.exe
  2⤵
  PID:828
- C:\Windows\System\CmPndah.exe
  C:\Windows\System\CmPndah.exe
  2⤵
  PID:1332
- C:\Windows\System\VKNRuLw.exe
  C:\Windows\System\VKNRuLw.exe
  2⤵
  PID:836
- C:\Windows\System\UtKpxqF.exe
  C:\Windows\System\UtKpxqF.exe
  2⤵
  PID:896
- C:\Windows\System\HRzUvqG.exe
  C:\Windows\System\HRzUvqG.exe
  2⤵
  PID:768
- C:\Windows\System\UCXoweX.exe
  C:\Windows\System\UCXoweX.exe
  2⤵
  PID:760
- C:\Windows\System\iebaGtn.exe
  C:\Windows\System\iebaGtn.exe
  2⤵
  PID:2380
- C:\Windows\System\ZdthfLu.exe
  C:\Windows\System\ZdthfLu.exe
  2⤵
  PID:552
- C:\Windows\System\PZpwFRj.exe
  C:\Windows\System\PZpwFRj.exe
  2⤵
  PID:2896
- C:\Windows\System\kVRlloh.exe
  C:\Windows\System\kVRlloh.exe
  2⤵
  PID:1516
- C:\Windows\System\pOxkMVB.exe
  C:\Windows\System\pOxkMVB.exe
  2⤵
  PID:884
- C:\Windows\System\hSpeJBR.exe
  C:\Windows\System\hSpeJBR.exe
  2⤵
  PID:2432
- C:\Windows\System\FvMElfZ.exe
  C:\Windows\System\FvMElfZ.exe
  2⤵
  PID:1800
- C:\Windows\System\TmNyDSj.exe
  C:\Windows\System\TmNyDSj.exe
  2⤵
  PID:2336
- C:\Windows\System\YnkpyTQ.exe
  C:\Windows\System\YnkpyTQ.exe
  2⤵
  PID:2056
- C:\Windows\System\rwOKwoY.exe
  C:\Windows\System\rwOKwoY.exe
  2⤵
  PID:2668
- C:\Windows\System\kMKUOvz.exe
  C:\Windows\System\kMKUOvz.exe
  2⤵
  PID:2688
- C:\Windows\System\OAYOlcZ.exe
  C:\Windows\System\OAYOlcZ.exe
  2⤵
  PID:2112
- C:\Windows\System\WHdEBtM.exe
  C:\Windows\System\WHdEBtM.exe
  2⤵
  PID:1960
- C:\Windows\System\jOnhrcG.exe
  C:\Windows\System\jOnhrcG.exe
  2⤵
  PID:1400
- C:\Windows\System\qGwzxMw.exe
  C:\Windows\System\qGwzxMw.exe
  2⤵
  PID:1936
- C:\Windows\System\KaJQYLx.exe
  C:\Windows\System\KaJQYLx.exe
  2⤵
  PID:2236
- C:\Windows\System\GhNDtik.exe
  C:\Windows\System\GhNDtik.exe
  2⤵
  PID:584
- C:\Windows\System\PHoJLUw.exe
  C:\Windows\System\PHoJLUw.exe
  2⤵
  PID:2876
- C:\Windows\System\ozzcHFv.exe
  C:\Windows\System\ozzcHFv.exe
  2⤵
  PID:1748
- C:\Windows\System\CRzyHvv.exe
  C:\Windows\System\CRzyHvv.exe
  2⤵
  PID:1684
- C:\Windows\System\smynPJm.exe
  C:\Windows\System\smynPJm.exe
  2⤵
  PID:656
- C:\Windows\System\YLIoBiY.exe
  C:\Windows\System\YLIoBiY.exe
  2⤵
  PID:2116
- C:\Windows\System\VIJNlqY.exe
  C:\Windows\System\VIJNlqY.exe
  2⤵
  PID:304
- C:\Windows\System\jzpwzeO.exe
  C:\Windows\System\jzpwzeO.exe
  2⤵
  PID:1608
- C:\Windows\System\TJxCKgJ.exe
  C:\Windows\System\TJxCKgJ.exe
  2⤵
  PID:3092
- C:\Windows\System\rqpkJkK.exe
  C:\Windows\System\rqpkJkK.exe
  2⤵
  PID:3112
- C:\Windows\System\FQYxNmj.exe
  C:\Windows\System\FQYxNmj.exe
  2⤵
  PID:3132
- C:\Windows\System\mppWWaM.exe
  C:\Windows\System\mppWWaM.exe
  2⤵
  PID:3152
- C:\Windows\System\KERfTeQ.exe
  C:\Windows\System\KERfTeQ.exe
  2⤵
  PID:3168
- C:\Windows\System\HYeyMKR.exe
  C:\Windows\System\HYeyMKR.exe
  2⤵
  PID:3192
- C:\Windows\System\hiNpgBe.exe
  C:\Windows\System\hiNpgBe.exe
  2⤵
  PID:3212
- C:\Windows\System\uOUrYuX.exe
  C:\Windows\System\uOUrYuX.exe
  2⤵
  PID:3232
- C:\Windows\System\LJJidkS.exe
  C:\Windows\System\LJJidkS.exe
  2⤵
  PID:3252
- C:\Windows\System\bbhrREl.exe
  C:\Windows\System\bbhrREl.exe
  2⤵
  PID:3272
- C:\Windows\System\KKYMKUR.exe
  C:\Windows\System\KKYMKUR.exe
  2⤵
  PID:3292
- C:\Windows\System\BAhPtpq.exe
  C:\Windows\System\BAhPtpq.exe
  2⤵
  PID:3312
- C:\Windows\System\JnsHUNb.exe
  C:\Windows\System\JnsHUNb.exe
  2⤵
  PID:3332
- C:\Windows\System\mZPgSNy.exe
  C:\Windows\System\mZPgSNy.exe
  2⤵
  PID:3352
- C:\Windows\System\wqyZwJV.exe
  C:\Windows\System\wqyZwJV.exe
  2⤵
  PID:3376
- C:\Windows\System\kVuKdgx.exe
  C:\Windows\System\kVuKdgx.exe
  2⤵
  PID:3396
- C:\Windows\System\xJJMhFo.exe
  C:\Windows\System\xJJMhFo.exe
  2⤵
  PID:3416
- C:\Windows\System\AjSTrTe.exe
  C:\Windows\System\AjSTrTe.exe
  2⤵
  PID:3436
- C:\Windows\System\PfoeIFE.exe
  C:\Windows\System\PfoeIFE.exe
  2⤵
  PID:3456
- C:\Windows\System\mxcxTNZ.exe
  C:\Windows\System\mxcxTNZ.exe
  2⤵
  PID:3476
- C:\Windows\System\yHqAhyW.exe
  C:\Windows\System\yHqAhyW.exe
  2⤵
  PID:3496
- C:\Windows\System\XiHovsC.exe
  C:\Windows\System\XiHovsC.exe
  2⤵
  PID:3520
- C:\Windows\System\FUFiHGF.exe
  C:\Windows\System\FUFiHGF.exe
  2⤵
  PID:3540
- C:\Windows\System\liMAVqA.exe
  C:\Windows\System\liMAVqA.exe
  2⤵
  PID:3560
- C:\Windows\System\oDvIhdX.exe
  C:\Windows\System\oDvIhdX.exe
  2⤵
  PID:3580
- C:\Windows\System\zBLyDRA.exe
  C:\Windows\System\zBLyDRA.exe
  2⤵
  PID:3600
- C:\Windows\System\rctyqVT.exe
  C:\Windows\System\rctyqVT.exe
  2⤵
  PID:3620
- C:\Windows\System\CflZmeL.exe
  C:\Windows\System\CflZmeL.exe
  2⤵
  PID:3640
- C:\Windows\System\DlEfcKN.exe
  C:\Windows\System\DlEfcKN.exe
  2⤵
  PID:3660
- C:\Windows\System\ITNAxxa.exe
  C:\Windows\System\ITNAxxa.exe
  2⤵
  PID:3680
- C:\Windows\System\qGTtexq.exe
  C:\Windows\System\qGTtexq.exe
  2⤵
  PID:3700
- C:\Windows\System\axovMtX.exe
  C:\Windows\System\axovMtX.exe
  2⤵
  PID:3720
- C:\Windows\System\GnSvqCn.exe
  C:\Windows\System\GnSvqCn.exe
  2⤵
  PID:3740
- C:\Windows\System\UKLmsRI.exe
  C:\Windows\System\UKLmsRI.exe
  2⤵
  PID:3760
- C:\Windows\System\MtpiHZy.exe
  C:\Windows\System\MtpiHZy.exe
  2⤵
  PID:3780
- C:\Windows\System\kRgLdxF.exe
  C:\Windows\System\kRgLdxF.exe
  2⤵
  PID:3800
- C:\Windows\System\ZqdHOgo.exe
  C:\Windows\System\ZqdHOgo.exe
  2⤵
  PID:3824
- C:\Windows\System\aNJNMhT.exe
  C:\Windows\System\aNJNMhT.exe
  2⤵
  PID:3844
- C:\Windows\System\POudsja.exe
  C:\Windows\System\POudsja.exe
  2⤵
  PID:3864
- C:\Windows\System\EndxEQn.exe
  C:\Windows\System\EndxEQn.exe
  2⤵
  PID:3884
- C:\Windows\System\KevXVID.exe
  C:\Windows\System\KevXVID.exe
  2⤵
  PID:3904
- C:\Windows\System\boFeqHZ.exe
  C:\Windows\System\boFeqHZ.exe
  2⤵
  PID:3924
- C:\Windows\System\kFEenJx.exe
  C:\Windows\System\kFEenJx.exe
  2⤵
  PID:3944
- C:\Windows\System\VupQpjj.exe
  C:\Windows\System\VupQpjj.exe
  2⤵
  PID:3964
- C:\Windows\System\wmecyGC.exe
  C:\Windows\System\wmecyGC.exe
  2⤵
  PID:3984
- C:\Windows\System\gNZwYQj.exe
  C:\Windows\System\gNZwYQj.exe
  2⤵
  PID:4004
- C:\Windows\System\scRMNDN.exe
  C:\Windows\System\scRMNDN.exe
  2⤵
  PID:4024
- C:\Windows\System\huooSuX.exe
  C:\Windows\System\huooSuX.exe
  2⤵
  PID:4044
- C:\Windows\System\wAtKZuk.exe
  C:\Windows\System\wAtKZuk.exe
  2⤵
  PID:4064
- C:\Windows\System\wYOdSkc.exe
  C:\Windows\System\wYOdSkc.exe
  2⤵
  PID:4084
- C:\Windows\System\mnEjfqp.exe
  C:\Windows\System\mnEjfqp.exe
  2⤵
  PID:3048
- C:\Windows\System\Hdjahvt.exe
  C:\Windows\System\Hdjahvt.exe
  2⤵
  PID:2780
- C:\Windows\System\SFZnCzo.exe
  C:\Windows\System\SFZnCzo.exe
  2⤵
  PID:2764
- C:\Windows\System\hiAPGWA.exe
  C:\Windows\System\hiAPGWA.exe
  2⤵
  PID:2556
- C:\Windows\System\aOyQrCD.exe
  C:\Windows\System\aOyQrCD.exe
  2⤵
  PID:2512
- C:\Windows\System\vlHsRZi.exe
  C:\Windows\System\vlHsRZi.exe
  2⤵
  PID:2620
- C:\Windows\System\viZvaqh.exe
  C:\Windows\System\viZvaqh.exe
  2⤵
  PID:2728
- C:\Windows\System\NEtXDRr.exe
  C:\Windows\System\NEtXDRr.exe
  2⤵
  PID:1720
- C:\Windows\System\UjQYmEj.exe
  C:\Windows\System\UjQYmEj.exe
  2⤵
  PID:1560
- C:\Windows\System\fEXSsYB.exe
  C:\Windows\System\fEXSsYB.exe
  2⤵
  PID:2524
- C:\Windows\System\WkXThSN.exe
  C:\Windows\System\WkXThSN.exe
  2⤵
  PID:1172
- C:\Windows\System\aJroHml.exe
  C:\Windows\System\aJroHml.exe
  2⤵
  PID:3104
- C:\Windows\System\RobwbfS.exe
  C:\Windows\System\RobwbfS.exe
  2⤵
  PID:3128
- C:\Windows\System\AhtDgyH.exe
  C:\Windows\System\AhtDgyH.exe
  2⤵
  PID:3176
- C:\Windows\System\HFtGlec.exe
  C:\Windows\System\HFtGlec.exe
  2⤵
  PID:3200
- C:\Windows\System\HwPIbtB.exe
  C:\Windows\System\HwPIbtB.exe
  2⤵
  PID:3228
- C:\Windows\System\UoSAswP.exe
  C:\Windows\System\UoSAswP.exe
  2⤵
  PID:3264
- C:\Windows\System\YKZsYXV.exe
  C:\Windows\System\YKZsYXV.exe
  2⤵
  PID:3288
- C:\Windows\System\qrZxfoO.exe
  C:\Windows\System\qrZxfoO.exe
  2⤵
  PID:3340
- C:\Windows\System\HjJIBBV.exe
  C:\Windows\System\HjJIBBV.exe
  2⤵
  PID:3372
- C:\Windows\System\wzpFBes.exe
  C:\Windows\System\wzpFBes.exe
  2⤵
  PID:3424
- C:\Windows\System\tgFpkxH.exe
  C:\Windows\System\tgFpkxH.exe
  2⤵
  PID:3444
- C:\Windows\System\zxPQgVy.exe
  C:\Windows\System\zxPQgVy.exe
  2⤵
  PID:3468
- C:\Windows\System\slrkQgS.exe
  C:\Windows\System\slrkQgS.exe
  2⤵
  PID:3512
- C:\Windows\System\MEWMAMT.exe
  C:\Windows\System\MEWMAMT.exe
  2⤵
  PID:3548
- C:\Windows\System\BUHmpmH.exe
  C:\Windows\System\BUHmpmH.exe
  2⤵
  PID:3576
- C:\Windows\System\QEgVJUc.exe
  C:\Windows\System\QEgVJUc.exe
  2⤵
  PID:3628
- C:\Windows\System\pFKHyJE.exe
  C:\Windows\System\pFKHyJE.exe
  2⤵
  PID:3516
- C:\Windows\System\wwzwHCq.exe
  C:\Windows\System\wwzwHCq.exe
  2⤵
  PID:3672
- C:\Windows\System\cbmTvjN.exe
  C:\Windows\System\cbmTvjN.exe
  2⤵
  PID:3708
- C:\Windows\System\XQmMzcd.exe
  C:\Windows\System\XQmMzcd.exe
  2⤵
  PID:3732
- C:\Windows\System\VJdNref.exe
  C:\Windows\System\VJdNref.exe
  2⤵
  PID:3776
- C:\Windows\System\VzwrGRW.exe
  C:\Windows\System\VzwrGRW.exe
  2⤵
  PID:3808
- C:\Windows\System\MvrkFHh.exe
  C:\Windows\System\MvrkFHh.exe
  2⤵
  PID:3836
- C:\Windows\System\CZKPWcd.exe
  C:\Windows\System\CZKPWcd.exe
  2⤵
  PID:3880
- C:\Windows\System\rtRhJWp.exe
  C:\Windows\System\rtRhJWp.exe
  2⤵
  PID:3920
- C:\Windows\System\cfAAMpf.exe
  C:\Windows\System\cfAAMpf.exe
  2⤵
  PID:3936
- C:\Windows\System\SJYhbNB.exe
  C:\Windows\System\SJYhbNB.exe
  2⤵
  PID:3980
- C:\Windows\System\VgiOLpX.exe
  C:\Windows\System\VgiOLpX.exe
  2⤵
  PID:4012
- C:\Windows\System\HyxUiaZ.exe
  C:\Windows\System\HyxUiaZ.exe
  2⤵
  PID:4052
- C:\Windows\System\RvDVgAN.exe
  C:\Windows\System\RvDVgAN.exe
  2⤵
  PID:4076
- C:\Windows\System\qpqyzAg.exe
  C:\Windows\System\qpqyzAg.exe
  2⤵
  PID:2992
- C:\Windows\System\CoPZdew.exe
  C:\Windows\System\CoPZdew.exe
  2⤵
  PID:3004
- C:\Windows\System\pGKEwfO.exe
  C:\Windows\System\pGKEwfO.exe
  2⤵
  PID:2156
- C:\Windows\System\vQAqitY.exe
  C:\Windows\System\vQAqitY.exe
  2⤵
  PID:2852
- C:\Windows\System\RpcdMVx.exe
  C:\Windows\System\RpcdMVx.exe
  2⤵
  PID:1736
- C:\Windows\System\oTuCkoM.exe
  C:\Windows\System\oTuCkoM.exe
  2⤵
  PID:984
- C:\Windows\System\JWBoIQs.exe
  C:\Windows\System\JWBoIQs.exe
  2⤵
  PID:3108
- C:\Windows\System\uSFeWEd.exe
  C:\Windows\System\uSFeWEd.exe
  2⤵
  PID:3144
- C:\Windows\System\zPMkZxf.exe
  C:\Windows\System\zPMkZxf.exe
  2⤵
  PID:3204
- C:\Windows\System\rJrSKKB.exe
  C:\Windows\System\rJrSKKB.exe
  2⤵
  PID:3268
- C:\Windows\System\RKsnUkA.exe
  C:\Windows\System\RKsnUkA.exe
  2⤵
  PID:3320
- C:\Windows\System\QKPtlqO.exe
  C:\Windows\System\QKPtlqO.exe
  2⤵
  PID:3360
- C:\Windows\System\jdMglhG.exe
  C:\Windows\System\jdMglhG.exe
  2⤵
  PID:3428
- C:\Windows\System\OrAOqyy.exe
  C:\Windows\System\OrAOqyy.exe
  2⤵
  PID:3448
- C:\Windows\System\aKRzIns.exe
  C:\Windows\System\aKRzIns.exe
  2⤵
  PID:3536
- C:\Windows\System\byrxwVR.exe
  C:\Windows\System\byrxwVR.exe
  2⤵
  PID:3608
- C:\Windows\System\gJUEVIK.exe
  C:\Windows\System\gJUEVIK.exe
  2⤵
  PID:3652
- C:\Windows\System\AKOMUsa.exe
  C:\Windows\System\AKOMUsa.exe
  2⤵
  PID:3696
- C:\Windows\System\aJmdJpw.exe
  C:\Windows\System\aJmdJpw.exe
  2⤵
  PID:3768
- C:\Windows\System\MLxVdHy.exe
  C:\Windows\System\MLxVdHy.exe
  2⤵
  PID:3812
- C:\Windows\System\YKYBSAV.exe
  C:\Windows\System\YKYBSAV.exe
  2⤵
  PID:3892
- C:\Windows\System\TNvCyJn.exe
  C:\Windows\System\TNvCyJn.exe
  2⤵
  PID:3940
- C:\Windows\System\PMMxECt.exe
  C:\Windows\System\PMMxECt.exe
  2⤵
  PID:3992
- C:\Windows\System\ELjxBEr.exe
  C:\Windows\System\ELjxBEr.exe
  2⤵
  PID:4040
- C:\Windows\System\uwuTtMC.exe
  C:\Windows\System\uwuTtMC.exe
  2⤵
  PID:2352
- C:\Windows\System\lbWfmKp.exe
  C:\Windows\System\lbWfmKp.exe
  2⤵
  PID:1728
- C:\Windows\System\TbbYvQN.exe
  C:\Windows\System\TbbYvQN.exe
  2⤵
  PID:2080
- C:\Windows\System\MpXecar.exe
  C:\Windows\System\MpXecar.exe
  2⤵
  PID:1764
- C:\Windows\System\HcuOLNZ.exe
  C:\Windows\System\HcuOLNZ.exe
  2⤵
  PID:3100
- C:\Windows\System\EIaCwIR.exe
  C:\Windows\System\EIaCwIR.exe
  2⤵
  PID:3220
- C:\Windows\System\xVctCnD.exe
  C:\Windows\System\xVctCnD.exe
  2⤵
  PID:4116
- C:\Windows\System\rkuSTfH.exe
  C:\Windows\System\rkuSTfH.exe
  2⤵
  PID:4136
- C:\Windows\System\KCVXEGE.exe
  C:\Windows\System\KCVXEGE.exe
  2⤵
  PID:4156
- C:\Windows\System\WtdHPkV.exe
  C:\Windows\System\WtdHPkV.exe
  2⤵
  PID:4176
- C:\Windows\System\vNetIxR.exe
  C:\Windows\System\vNetIxR.exe
  2⤵
  PID:4196
- C:\Windows\System\DEbntqk.exe
  C:\Windows\System\DEbntqk.exe
  2⤵
  PID:4220
- C:\Windows\System\AkOUbWC.exe
  C:\Windows\System\AkOUbWC.exe
  2⤵
  PID:4244
- C:\Windows\System\PTCPWjW.exe
  C:\Windows\System\PTCPWjW.exe
  2⤵
  PID:4264
- C:\Windows\System\NdxwVnw.exe
  C:\Windows\System\NdxwVnw.exe
  2⤵
  PID:4284
- C:\Windows\System\iFZJfuR.exe
  C:\Windows\System\iFZJfuR.exe
  2⤵
  PID:4304
- C:\Windows\System\UJInpeL.exe
  C:\Windows\System\UJInpeL.exe
  2⤵
  PID:4324
- C:\Windows\System\iahIKmx.exe
  C:\Windows\System\iahIKmx.exe
  2⤵
  PID:4344
- C:\Windows\System\jSUhgbv.exe
  C:\Windows\System\jSUhgbv.exe
  2⤵
  PID:4364
- C:\Windows\System\cboeFtC.exe
  C:\Windows\System\cboeFtC.exe
  2⤵
  PID:4384
- C:\Windows\System\gfqJWzF.exe
  C:\Windows\System\gfqJWzF.exe
  2⤵
  PID:4404
- C:\Windows\System\rKJlCdw.exe
  C:\Windows\System\rKJlCdw.exe
  2⤵
  PID:4424
- C:\Windows\System\KPoFWFr.exe
  C:\Windows\System\KPoFWFr.exe
  2⤵
  PID:4444
- C:\Windows\System\mIafnrZ.exe
  C:\Windows\System\mIafnrZ.exe
  2⤵
  PID:4464
- C:\Windows\System\mkrZoDY.exe
  C:\Windows\System\mkrZoDY.exe
  2⤵
  PID:4484
- C:\Windows\System\ZJUzBtR.exe
  C:\Windows\System\ZJUzBtR.exe
  2⤵
  PID:4504
- C:\Windows\System\jKpsoUA.exe
  C:\Windows\System\jKpsoUA.exe
  2⤵
  PID:4524
- C:\Windows\System\RpSTYyT.exe
  C:\Windows\System\RpSTYyT.exe
  2⤵
  PID:4544
- C:\Windows\System\oLaKCVs.exe
  C:\Windows\System\oLaKCVs.exe
  2⤵
  PID:4564
- C:\Windows\System\AUIHKmR.exe
  C:\Windows\System\AUIHKmR.exe
  2⤵
  PID:4584
- C:\Windows\System\dmHTDmf.exe
  C:\Windows\System\dmHTDmf.exe
  2⤵
  PID:4604
- C:\Windows\System\qTUtVdn.exe
  C:\Windows\System\qTUtVdn.exe
  2⤵
  PID:4624
- C:\Windows\System\wAcDKqu.exe
  C:\Windows\System\wAcDKqu.exe
  2⤵
  PID:4644
- C:\Windows\System\vmBrKYA.exe
  C:\Windows\System\vmBrKYA.exe
  2⤵
  PID:4664
- C:\Windows\System\zEbEckP.exe
  C:\Windows\System\zEbEckP.exe
  2⤵
  PID:4684
- C:\Windows\System\VqfiWVV.exe
  C:\Windows\System\VqfiWVV.exe
  2⤵
  PID:4700
- C:\Windows\System\VRGESDz.exe
  C:\Windows\System\VRGESDz.exe
  2⤵
  PID:4728
- C:\Windows\System\ujNxqJm.exe
  C:\Windows\System\ujNxqJm.exe
  2⤵
  PID:4752
- C:\Windows\System\CaKGtdT.exe
  C:\Windows\System\CaKGtdT.exe
  2⤵
  PID:4772
- C:\Windows\System\TrWywde.exe
  C:\Windows\System\TrWywde.exe
  2⤵
  PID:4792
- C:\Windows\System\MvNSHit.exe
  C:\Windows\System\MvNSHit.exe
  2⤵
  PID:4812
- C:\Windows\System\XvlbVSx.exe
  C:\Windows\System\XvlbVSx.exe
  2⤵
  PID:4832
- C:\Windows\System\mGbHxcR.exe
  C:\Windows\System\mGbHxcR.exe
  2⤵
  PID:4852
- C:\Windows\System\ZAAvOCq.exe
  C:\Windows\System\ZAAvOCq.exe
  2⤵
  PID:4872
- C:\Windows\System\DOWtmoy.exe
  C:\Windows\System\DOWtmoy.exe
  2⤵
  PID:4892
- C:\Windows\System\pXcrEBH.exe
  C:\Windows\System\pXcrEBH.exe
  2⤵
  PID:4912
- C:\Windows\System\IZqyIhs.exe
  C:\Windows\System\IZqyIhs.exe
  2⤵
  PID:4932
- C:\Windows\System\EkqojMm.exe
  C:\Windows\System\EkqojMm.exe
  2⤵
  PID:4952
- C:\Windows\System\IcaZFKl.exe
  C:\Windows\System\IcaZFKl.exe
  2⤵
  PID:4972
- C:\Windows\System\nfDgBJK.exe
  C:\Windows\System\nfDgBJK.exe
  2⤵
  PID:4992
- C:\Windows\System\GEcXqGn.exe
  C:\Windows\System\GEcXqGn.exe
  2⤵
  PID:5012
- C:\Windows\System\jmLKxZS.exe
  C:\Windows\System\jmLKxZS.exe
  2⤵
  PID:5032
- C:\Windows\System\pVzdrlr.exe
  C:\Windows\System\pVzdrlr.exe
  2⤵
  PID:5052
- C:\Windows\System\akhMYIE.exe
  C:\Windows\System\akhMYIE.exe
  2⤵
  PID:5072
- C:\Windows\System\nDPgitw.exe
  C:\Windows\System\nDPgitw.exe
  2⤵
  PID:5092
- C:\Windows\System\vVPCOwD.exe
  C:\Windows\System\vVPCOwD.exe
  2⤵
  PID:5112
- C:\Windows\System\sslPUaN.exe
  C:\Windows\System\sslPUaN.exe
  2⤵
  PID:3224
- C:\Windows\System\KcFAaPM.exe
  C:\Windows\System\KcFAaPM.exe
  2⤵
  PID:3328
- C:\Windows\System\gSEzTik.exe
  C:\Windows\System\gSEzTik.exe
  2⤵
  PID:3452
- C:\Windows\System\uCXqVVA.exe
  C:\Windows\System\uCXqVVA.exe
  2⤵
  PID:3528
- C:\Windows\System\mEQLAmh.exe
  C:\Windows\System\mEQLAmh.exe
  2⤵
  PID:3612
- C:\Windows\System\aktXQTU.exe
  C:\Windows\System\aktXQTU.exe
  2⤵
  PID:3756
- C:\Windows\System\nXaBWgC.exe
  C:\Windows\System\nXaBWgC.exe
  2⤵
  PID:3796
- C:\Windows\System\RoWARhb.exe
  C:\Windows\System\RoWARhb.exe
  2⤵
  PID:3932
- C:\Windows\System\SXuHZxD.exe
  C:\Windows\System\SXuHZxD.exe
  2⤵
  PID:4036
- C:\Windows\System\ZUzWCOO.exe
  C:\Windows\System\ZUzWCOO.exe
  2⤵
  PID:2044
- C:\Windows\System\plaedBA.exe
  C:\Windows\System\plaedBA.exe
  2⤵
  PID:2404
- C:\Windows\System\vznAmqM.exe
  C:\Windows\System\vznAmqM.exe
  2⤵
  PID:3080
- C:\Windows\System\exKPLNv.exe
  C:\Windows\System\exKPLNv.exe
  2⤵
  PID:4104
- C:\Windows\System\QrnLoFr.exe
  C:\Windows\System\QrnLoFr.exe
  2⤵
  PID:4144
- C:\Windows\System\eViPRiv.exe
  C:\Windows\System\eViPRiv.exe
  2⤵
  PID:4184
- C:\Windows\System\rLRKKwV.exe
  C:\Windows\System\rLRKKwV.exe
  2⤵
  PID:4204
- C:\Windows\System\fYWXYlQ.exe
  C:\Windows\System\fYWXYlQ.exe
  2⤵
  PID:4236
- C:\Windows\System\nWTfBcO.exe
  C:\Windows\System\nWTfBcO.exe
  2⤵
  PID:4280
- C:\Windows\System\UxqddUH.exe
  C:\Windows\System\UxqddUH.exe
  2⤵
  PID:4312
- C:\Windows\System\yuDmaGi.exe
  C:\Windows\System\yuDmaGi.exe
  2⤵
  PID:4352
- C:\Windows\System\QIjrzcI.exe
  C:\Windows\System\QIjrzcI.exe
  2⤵
  PID:4376
- C:\Windows\System\WGPjxoD.exe
  C:\Windows\System\WGPjxoD.exe
  2⤵
  PID:4420
- C:\Windows\System\FykcSmF.exe
  C:\Windows\System\FykcSmF.exe
  2⤵
  PID:4436
- C:\Windows\System\cAgkRCy.exe
  C:\Windows\System\cAgkRCy.exe
  2⤵
  PID:4480
- C:\Windows\System\SoKJLCR.exe
  C:\Windows\System\SoKJLCR.exe
  2⤵
  PID:4512
- C:\Windows\System\drXWpes.exe
  C:\Windows\System\drXWpes.exe
  2⤵
  PID:4536
- C:\Windows\System\bOYwhZA.exe
  C:\Windows\System\bOYwhZA.exe
  2⤵
  PID:4580
- C:\Windows\System\umZWRNZ.exe
  C:\Windows\System\umZWRNZ.exe
  2⤵
  PID:4612
- C:\Windows\System\zbQHFZK.exe
  C:\Windows\System\zbQHFZK.exe
  2⤵
  PID:4636
- C:\Windows\System\OJhXlQt.exe
  C:\Windows\System\OJhXlQt.exe
  2⤵
  PID:4680
- C:\Windows\System\ZPDSMUZ.exe
  C:\Windows\System\ZPDSMUZ.exe
  2⤵
  PID:4708
- C:\Windows\System\LxujUWw.exe
  C:\Windows\System\LxujUWw.exe
  2⤵
  PID:4744
- C:\Windows\System\dKWBvSm.exe
  C:\Windows\System\dKWBvSm.exe
  2⤵
  PID:4800
- C:\Windows\System\UCSCwiD.exe
  C:\Windows\System\UCSCwiD.exe
  2⤵
  PID:4840
- C:\Windows\System\FrNIruv.exe
  C:\Windows\System\FrNIruv.exe
  2⤵
  PID:4824
- C:\Windows\System\EVUaKGp.exe
  C:\Windows\System\EVUaKGp.exe
  2⤵
  PID:4884
- C:\Windows\System\gfmcfzK.exe
  C:\Windows\System\gfmcfzK.exe
  2⤵
  PID:4908
- C:\Windows\System\NZjjfzD.exe
  C:\Windows\System\NZjjfzD.exe
  2⤵
  PID:4964
- C:\Windows\System\iqQtukV.exe
  C:\Windows\System\iqQtukV.exe
  2⤵
  PID:4948
- C:\Windows\System\bFGeOTu.exe
  C:\Windows\System\bFGeOTu.exe
  2⤵
  PID:4984
- C:\Windows\System\dhkpweU.exe
  C:\Windows\System\dhkpweU.exe
  2⤵
  PID:5028
- C:\Windows\System\mLDGKNb.exe
  C:\Windows\System\mLDGKNb.exe
  2⤵
  PID:5080
- C:\Windows\System\qdjCRUX.exe
  C:\Windows\System\qdjCRUX.exe
  2⤵
  PID:3248
- C:\Windows\System\bAcDPeo.exe
  C:\Windows\System\bAcDPeo.exe
  2⤵
  PID:3188
- C:\Windows\System\JDIWXUN.exe
  C:\Windows\System\JDIWXUN.exe
  2⤵
  PID:3304
- C:\Windows\System\GfMXiIb.exe
  C:\Windows\System\GfMXiIb.exe
  2⤵
  PID:3632
- C:\Windows\System\SGxUcMZ.exe
  C:\Windows\System\SGxUcMZ.exe
  2⤵
  PID:3688
- C:\Windows\System\UINlhKV.exe
  C:\Windows\System\UINlhKV.exe
  2⤵
  PID:3872
- C:\Windows\System\fQIPLKz.exe
  C:\Windows\System\fQIPLKz.exe
  2⤵
  PID:3972
- C:\Windows\System\tJymMst.exe
  C:\Windows\System\tJymMst.exe
  2⤵
  PID:2928
- C:\Windows\System\nbWAIwT.exe
  C:\Windows\System\nbWAIwT.exe
  2⤵
  PID:1716
- C:\Windows\System\asXIZRt.exe
  C:\Windows\System\asXIZRt.exe
  2⤵
  PID:4164
- C:\Windows\System\YRvLtOl.exe
  C:\Windows\System\YRvLtOl.exe
  2⤵
  PID:4208
- C:\Windows\System\eNxSVRS.exe
  C:\Windows\System\eNxSVRS.exe
  2⤵
  PID:4260
- C:\Windows\System\MjpsziI.exe
  C:\Windows\System\MjpsziI.exe
  2⤵
  PID:4300
- C:\Windows\System\iTfIpCa.exe
  C:\Windows\System\iTfIpCa.exe
  2⤵
  PID:4340
- C:\Windows\System\GQHVIkA.exe
  C:\Windows\System\GQHVIkA.exe
  2⤵
  PID:4432
- C:\Windows\System\kQTfIlX.exe
  C:\Windows\System\kQTfIlX.exe
  2⤵
  PID:4460
- C:\Windows\System\ULJhKHd.exe
  C:\Windows\System\ULJhKHd.exe
  2⤵
  PID:4540
- C:\Windows\System\MIFzltA.exe
  C:\Windows\System\MIFzltA.exe
  2⤵
  PID:4616
- C:\Windows\System\UNskjYn.exe
  C:\Windows\System\UNskjYn.exe
  2⤵
  PID:4632
- C:\Windows\System\hHCHIxs.exe
  C:\Windows\System\hHCHIxs.exe
  2⤵
  PID:4712
- C:\Windows\System\xHgSLUM.exe
  C:\Windows\System\xHgSLUM.exe
  2⤵
  PID:4720
- C:\Windows\System\aQTupNU.exe
  C:\Windows\System\aQTupNU.exe
  2⤵
  PID:4804
- C:\Windows\System\aSBXXhF.exe
  C:\Windows\System\aSBXXhF.exe
  2⤵
  PID:4868
- C:\Windows\System\iSmgIfS.exe
  C:\Windows\System\iSmgIfS.exe
  2⤵
  PID:5004
- C:\Windows\System\uBGnvWq.exe
  C:\Windows\System\uBGnvWq.exe
  2⤵
  PID:4960
- C:\Windows\System\WowPwEa.exe
  C:\Windows\System\WowPwEa.exe
  2⤵
  PID:4980
- C:\Windows\System\HHRcfDM.exe
  C:\Windows\System\HHRcfDM.exe
  2⤵
  PID:5064
- C:\Windows\System\VIkboQr.exe
  C:\Windows\System\VIkboQr.exe
  2⤵
  PID:5104
- C:\Windows\System\FZRdrYs.exe
  C:\Windows\System\FZRdrYs.exe
  2⤵
  PID:3488
- C:\Windows\System\mLlWvoO.exe
  C:\Windows\System\mLlWvoO.exe
  2⤵
  PID:3912
- C:\Windows\System\cVSUksZ.exe
  C:\Windows\System\cVSUksZ.exe
  2⤵
  PID:4000
- C:\Windows\System\SYWayIY.exe
  C:\Windows\System\SYWayIY.exe
  2⤵
  PID:4316
- C:\Windows\System\HkWjxhi.exe
  C:\Windows\System\HkWjxhi.exe
  2⤵
  PID:4124
- C:\Windows\System\gkJNbUm.exe
  C:\Windows\System\gkJNbUm.exe
  2⤵
  PID:4188
- C:\Windows\System\BbqCdcU.exe
  C:\Windows\System\BbqCdcU.exe
  2⤵
  PID:4272
- C:\Windows\System\gDtuBmU.exe
  C:\Windows\System\gDtuBmU.exe
  2⤵
  PID:4332
- C:\Windows\System\hAiqzDr.exe
  C:\Windows\System\hAiqzDr.exe
  2⤵
  PID:4496
- C:\Windows\System\ynhsKhK.exe
  C:\Windows\System\ynhsKhK.exe
  2⤵
  PID:4600
- C:\Windows\System\lJGswqI.exe
  C:\Windows\System\lJGswqI.exe
  2⤵
  PID:4692
- C:\Windows\System\yprLygr.exe
  C:\Windows\System\yprLygr.exe
  2⤵
  PID:4828
- C:\Windows\System\YvyTtVU.exe
  C:\Windows\System\YvyTtVU.exe
  2⤵
  PID:4844
- C:\Windows\System\bMcZnbu.exe
  C:\Windows\System\bMcZnbu.exe
  2⤵
  PID:4940
- C:\Windows\System\XdhEdSp.exe
  C:\Windows\System\XdhEdSp.exe
  2⤵
  PID:5048
- C:\Windows\System\xeChFgL.exe
  C:\Windows\System\xeChFgL.exe
  2⤵
  PID:3308
- C:\Windows\System\yKbYPmy.exe
  C:\Windows\System\yKbYPmy.exe
  2⤵
  PID:3568
- C:\Windows\System\GoEhvyJ.exe
  C:\Windows\System\GoEhvyJ.exe
  2⤵
  PID:3692
- C:\Windows\System\ReCYIGA.exe
  C:\Windows\System\ReCYIGA.exe
  2⤵
  PID:2348
- C:\Windows\System\RwbFkLw.exe
  C:\Windows\System\RwbFkLw.exe
  2⤵
  PID:4148
- C:\Windows\System\OIhhbOo.exe
  C:\Windows\System\OIhhbOo.exe
  2⤵
  PID:4212
- C:\Windows\System\NUdzFih.exe
  C:\Windows\System\NUdzFih.exe
  2⤵
  PID:4560
- C:\Windows\System\lUSbGel.exe
  C:\Windows\System\lUSbGel.exe
  2⤵
  PID:4556
- C:\Windows\System\pQpImqc.exe
  C:\Windows\System\pQpImqc.exe
  2⤵
  PID:4768
- C:\Windows\System\DjpLJPE.exe
  C:\Windows\System\DjpLJPE.exe
  2⤵
  PID:5136
- C:\Windows\System\MvmGGzP.exe
  C:\Windows\System\MvmGGzP.exe
  2⤵
  PID:5156
- C:\Windows\System\uDbJilE.exe
  C:\Windows\System\uDbJilE.exe
  2⤵
  PID:5176
- C:\Windows\System\oVHgEpx.exe
  C:\Windows\System\oVHgEpx.exe
  2⤵
  PID:5196
- C:\Windows\System\nayesgI.exe
  C:\Windows\System\nayesgI.exe
  2⤵
  PID:5216
- C:\Windows\System\IhdRLnL.exe
  C:\Windows\System\IhdRLnL.exe
  2⤵
  PID:5236
- C:\Windows\System\TEokNXH.exe
  C:\Windows\System\TEokNXH.exe
  2⤵
  PID:5256
- C:\Windows\System\WoCqycg.exe
  C:\Windows\System\WoCqycg.exe
  2⤵
  PID:5276
- C:\Windows\System\ZWnzNqv.exe
  C:\Windows\System\ZWnzNqv.exe
  2⤵
  PID:5296
- C:\Windows\System\kMwQMZF.exe
  C:\Windows\System\kMwQMZF.exe
  2⤵
  PID:5316
- C:\Windows\System\vQrcAbK.exe
  C:\Windows\System\vQrcAbK.exe
  2⤵
  PID:5336
- C:\Windows\System\uiPqxLb.exe
  C:\Windows\System\uiPqxLb.exe
  2⤵
  PID:5356
- C:\Windows\System\eHntYXH.exe
  C:\Windows\System\eHntYXH.exe
  2⤵
  PID:5376
- C:\Windows\System\XRHZsAM.exe
  C:\Windows\System\XRHZsAM.exe
  2⤵
  PID:5400
- C:\Windows\System\gJiuZNV.exe
  C:\Windows\System\gJiuZNV.exe
  2⤵
  PID:5420
- C:\Windows\System\iXswwOo.exe
  C:\Windows\System\iXswwOo.exe
  2⤵
  PID:5440
- C:\Windows\System\XUGjmRM.exe
  C:\Windows\System\XUGjmRM.exe
  2⤵
  PID:5460
- C:\Windows\System\UiMfAnL.exe
  C:\Windows\System\UiMfAnL.exe
  2⤵
  PID:5480
- C:\Windows\System\IJhDmje.exe
  C:\Windows\System\IJhDmje.exe
  2⤵
  PID:5500
- C:\Windows\System\JeZQjzP.exe
  C:\Windows\System\JeZQjzP.exe
  2⤵
  PID:5520
- C:\Windows\System\oFEjsrP.exe
  C:\Windows\System\oFEjsrP.exe
  2⤵
  PID:5540
- C:\Windows\System\boAxEVc.exe
  C:\Windows\System\boAxEVc.exe
  2⤵
  PID:5560
- C:\Windows\System\uFmPFnA.exe
  C:\Windows\System\uFmPFnA.exe
  2⤵
  PID:5580
- C:\Windows\System\jfkXoIy.exe
  C:\Windows\System\jfkXoIy.exe
  2⤵
  PID:5600
- C:\Windows\System\GtriSZW.exe
  C:\Windows\System\GtriSZW.exe
  2⤵
  PID:5620
- C:\Windows\System\EHVqlHd.exe
  C:\Windows\System\EHVqlHd.exe
  2⤵
  PID:5640
- C:\Windows\System\iYTeqEv.exe
  C:\Windows\System\iYTeqEv.exe
  2⤵
  PID:5660
- C:\Windows\System\jcllyzC.exe
  C:\Windows\System\jcllyzC.exe
  2⤵
  PID:5680
- C:\Windows\System\JjiBLoO.exe
  C:\Windows\System\JjiBLoO.exe
  2⤵
  PID:5700
- C:\Windows\System\KOnEFPB.exe
  C:\Windows\System\KOnEFPB.exe
  2⤵
  PID:5720
- C:\Windows\System\ujsVhqu.exe
  C:\Windows\System\ujsVhqu.exe
  2⤵
  PID:5740
- C:\Windows\System\cYotmhD.exe
  C:\Windows\System\cYotmhD.exe
  2⤵
  PID:5760
- C:\Windows\System\BrTXAMZ.exe
  C:\Windows\System\BrTXAMZ.exe
  2⤵
  PID:5780
- C:\Windows\System\ItwQGKQ.exe
  C:\Windows\System\ItwQGKQ.exe
  2⤵
  PID:5800
- C:\Windows\System\ZHPmNaK.exe
  C:\Windows\System\ZHPmNaK.exe
  2⤵
  PID:5820
- C:\Windows\System\bPyFRMY.exe
  C:\Windows\System\bPyFRMY.exe
  2⤵
  PID:5840
- C:\Windows\System\TEROZNT.exe
  C:\Windows\System\TEROZNT.exe
  2⤵
  PID:5860
- C:\Windows\System\TJMgzUo.exe
  C:\Windows\System\TJMgzUo.exe
  2⤵
  PID:5880
- C:\Windows\System\QTaHFfO.exe
  C:\Windows\System\QTaHFfO.exe
  2⤵
  PID:5900
- C:\Windows\System\YdoYiwm.exe
  C:\Windows\System\YdoYiwm.exe
  2⤵
  PID:5920
- C:\Windows\System\ZWkycpi.exe
  C:\Windows\System\ZWkycpi.exe
  2⤵
  PID:5940
- C:\Windows\System\aCZeWnr.exe
  C:\Windows\System\aCZeWnr.exe
  2⤵
  PID:5960
- C:\Windows\System\HWMJOrE.exe
  C:\Windows\System\HWMJOrE.exe
  2⤵
  PID:5980
- C:\Windows\System\JbjOxLC.exe
  C:\Windows\System\JbjOxLC.exe
  2⤵
  PID:6000
- C:\Windows\System\oledCcG.exe
  C:\Windows\System\oledCcG.exe
  2⤵
  PID:6020
- C:\Windows\System\LpCfvHo.exe
  C:\Windows\System\LpCfvHo.exe
  2⤵
  PID:6040
- C:\Windows\System\cGDGsCT.exe
  C:\Windows\System\cGDGsCT.exe
  2⤵
  PID:6060
- C:\Windows\System\UIHXASf.exe
  C:\Windows\System\UIHXASf.exe
  2⤵
  PID:6080
- C:\Windows\System\xSJwFQh.exe
  C:\Windows\System\xSJwFQh.exe
  2⤵
  PID:6100
- C:\Windows\System\cPRIHst.exe
  C:\Windows\System\cPRIHst.exe
  2⤵
  PID:6120
- C:\Windows\System\tYkJnrl.exe
  C:\Windows\System\tYkJnrl.exe
  2⤵
  PID:6140
- C:\Windows\System\jwhknuJ.exe
  C:\Windows\System\jwhknuJ.exe
  2⤵
  PID:1712
- C:\Windows\System\hSMYRab.exe
  C:\Windows\System\hSMYRab.exe
  2⤵
  PID:3408
- C:\Windows\System\CopUklG.exe
  C:\Windows\System\CopUklG.exe
  2⤵
  PID:4060
- C:\Windows\System\frMHNup.exe
  C:\Windows\System\frMHNup.exe
  2⤵
  PID:4240
- C:\Windows\System\PAoCTih.exe
  C:\Windows\System\PAoCTih.exe
  2⤵
  PID:4192
- C:\Windows\System\dIIgcHX.exe
  C:\Windows\System\dIIgcHX.exe
  2⤵
  PID:4592
- C:\Windows\System\LMcgQhv.exe
  C:\Windows\System\LMcgQhv.exe
  2⤵
  PID:4764
- C:\Windows\System\mTNnwYE.exe
  C:\Windows\System\mTNnwYE.exe
  2⤵
  PID:5152
- C:\Windows\System\WYyQuBt.exe
  C:\Windows\System\WYyQuBt.exe
  2⤵
  PID:5184
- C:\Windows\System\JXKAjhy.exe
  C:\Windows\System\JXKAjhy.exe
  2⤵
  PID:2120
- C:\Windows\System\qivAZQF.exe
  C:\Windows\System\qivAZQF.exe
  2⤵
  PID:5228
- C:\Windows\System\aONWYZD.exe
  C:\Windows\System\aONWYZD.exe
  2⤵
  PID:5284
- C:\Windows\System\opxTUIz.exe
  C:\Windows\System\opxTUIz.exe
  2⤵
  PID:2676
- C:\Windows\System\VSSJmUc.exe
  C:\Windows\System\VSSJmUc.exe
  2⤵
  PID:5328
- C:\Windows\System\EWDjqng.exe
  C:\Windows\System\EWDjqng.exe
  2⤵
  PID:5352
- C:\Windows\System\gMHAgaH.exe
  C:\Windows\System\gMHAgaH.exe
  2⤵
  PID:5408
- C:\Windows\System\uDSbzJQ.exe
  C:\Windows\System\uDSbzJQ.exe
  2⤵
  PID:5412
- C:\Windows\System\MGrRGEA.exe
  C:\Windows\System\MGrRGEA.exe
  2⤵
  PID:5432
- C:\Windows\System\qHoVzOG.exe
  C:\Windows\System\qHoVzOG.exe
  2⤵
  PID:5476
- C:\Windows\System\OPVpRei.exe
  C:\Windows\System\OPVpRei.exe
  2⤵
  PID:5512
- C:\Windows\System\SDaKyAk.exe
  C:\Windows\System\SDaKyAk.exe
  2⤵
  PID:5548
- C:\Windows\System\lcYdQya.exe
  C:\Windows\System\lcYdQya.exe
  2⤵
  PID:5572
- C:\Windows\System\wMqZAZh.exe
  C:\Windows\System\wMqZAZh.exe
  2⤵
  PID:5596
- C:\Windows\System\ovpjllh.exe
  C:\Windows\System\ovpjllh.exe
  2⤵
  PID:5632
- C:\Windows\System\UZuaVyY.exe
  C:\Windows\System\UZuaVyY.exe
  2⤵
  PID:5676
- C:\Windows\System\NWvLQKA.exe
  C:\Windows\System\NWvLQKA.exe
  2⤵
  PID:2904
- C:\Windows\System\oRJLYAg.exe
  C:\Windows\System\oRJLYAg.exe
  2⤵
  PID:5732
- C:\Windows\System\bcZYlsX.exe
  C:\Windows\System\bcZYlsX.exe
  2⤵
  PID:5748
- C:\Windows\System\GFRikgK.exe
  C:\Windows\System\GFRikgK.exe
  2⤵
  PID:5808
- C:\Windows\System\biLtwXo.exe
  C:\Windows\System\biLtwXo.exe
  2⤵
  PID:5792
- C:\Windows\System\ZuhKsys.exe
  C:\Windows\System\ZuhKsys.exe
  2⤵
  PID:5828
- C:\Windows\System\vwIMOpJ.exe
  C:\Windows\System\vwIMOpJ.exe
  2⤵
  PID:5392
- C:\Windows\System\ayXnuzR.exe
  C:\Windows\System\ayXnuzR.exe
  2⤵
  PID:5876
- C:\Windows\System\YkYtiNG.exe
  C:\Windows\System\YkYtiNG.exe
  2⤵
  PID:5936
- C:\Windows\System\HajyTFF.exe
  C:\Windows\System\HajyTFF.exe
  2⤵
  PID:2924
- C:\Windows\System\CFpFQzk.exe
  C:\Windows\System\CFpFQzk.exe
  2⤵
  PID:5976
- C:\Windows\System\PLryBjW.exe
  C:\Windows\System\PLryBjW.exe
  2⤵
  PID:2724
- C:\Windows\System\KJvhRtz.exe
  C:\Windows\System\KJvhRtz.exe
  2⤵
  PID:6012
- C:\Windows\System\xskryTa.exe
  C:\Windows\System\xskryTa.exe
  2⤵
  PID:2568
- C:\Windows\System\MyBXlUj.exe
  C:\Windows\System\MyBXlUj.exe
  2⤵
  PID:6072
- C:\Windows\System\HHlcUlF.exe
  C:\Windows\System\HHlcUlF.exe
  2⤵
  PID:6128
- C:\Windows\System\mQznhvG.exe
  C:\Windows\System\mQznhvG.exe
  2⤵
  PID:5084
- C:\Windows\System\KvSxsmI.exe
  C:\Windows\System\KvSxsmI.exe
  2⤵
  PID:3184
- C:\Windows\System\LdulYwv.exe
  C:\Windows\System\LdulYwv.exe
  2⤵
  PID:5100
- C:\Windows\System\OBnBFUs.exe
  C:\Windows\System\OBnBFUs.exe
  2⤵
  PID:2708
- C:\Windows\System\PdNRJmz.exe
  C:\Windows\System\PdNRJmz.exe
  2⤵
  PID:4780
- C:\Windows\System\jqRAtyi.exe
  C:\Windows\System\jqRAtyi.exe
  2⤵
  PID:5168
- C:\Windows\System\uPxyLDv.exe
  C:\Windows\System\uPxyLDv.exe
  2⤵
  PID:3032
- C:\Windows\System\qTBpdrA.exe
  C:\Windows\System\qTBpdrA.exe
  2⤵
  PID:1256
- C:\Windows\System\gFNnULO.exe
  C:\Windows\System\gFNnULO.exe
  2⤵
  PID:1984
- C:\Windows\System\GtbiJdQ.exe
  C:\Windows\System\GtbiJdQ.exe
  2⤵
  PID:5264
- C:\Windows\System\xQlwXGa.exe
  C:\Windows\System\xQlwXGa.exe
  2⤵
  PID:5324
- C:\Windows\System\WLUsRbr.exe
  C:\Windows\System\WLUsRbr.exe
  2⤵
  PID:5372
- C:\Windows\System\uChiZIu.exe
  C:\Windows\System\uChiZIu.exe
  2⤵
  PID:2472
- C:\Windows\System\iKmrmWL.exe
  C:\Windows\System\iKmrmWL.exe
  2⤵
  PID:5436
- C:\Windows\System\kvtqQgL.exe
  C:\Windows\System\kvtqQgL.exe
  2⤵
  PID:5496
- C:\Windows\System\SxvtsGF.exe
  C:\Windows\System\SxvtsGF.exe
  2⤵
  PID:5552
- C:\Windows\System\kCDOKiV.exe
  C:\Windows\System\kCDOKiV.exe
  2⤵
  PID:5616
- C:\Windows\System\DxFNjHu.exe
  C:\Windows\System\DxFNjHu.exe
  2⤵
  PID:5628
- C:\Windows\System\XidJZPB.exe
  C:\Windows\System\XidJZPB.exe
  2⤵
  PID:5668
- C:\Windows\System\PPWXEgl.exe
  C:\Windows\System\PPWXEgl.exe
  2⤵
  PID:5712
- C:\Windows\System\nwfPbPi.exe
  C:\Windows\System\nwfPbPi.exe
  2⤵
  PID:5788
- C:\Windows\System\iNJzqzf.exe
  C:\Windows\System\iNJzqzf.exe
  2⤵
  PID:5852
- C:\Windows\System\rzZyeeq.exe
  C:\Windows\System\rzZyeeq.exe
  2⤵
  PID:5896
- C:\Windows\System\FuHUMkz.exe
  C:\Windows\System\FuHUMkz.exe
  2⤵
  PID:2660
- C:\Windows\System\RWFawCt.exe
  C:\Windows\System\RWFawCt.exe
  2⤵
  PID:5968
- C:\Windows\System\CEQDVFu.exe
  C:\Windows\System\CEQDVFu.exe
  2⤵
  PID:5988
- C:\Windows\System\NHAROOj.exe
  C:\Windows\System\NHAROOj.exe
  2⤵
  PID:6036
- C:\Windows\System\lSgAHoN.exe
  C:\Windows\System\lSgAHoN.exe
  2⤵
  PID:6096
- C:\Windows\System\qysYoma.exe
  C:\Windows\System\qysYoma.exe
  2⤵
  PID:3124
- C:\Windows\System\UWFmSXw.exe
  C:\Windows\System\UWFmSXw.exe
  2⤵
  PID:4456
- C:\Windows\System\VTGGIHQ.exe
  C:\Windows\System\VTGGIHQ.exe
  2⤵
  PID:4500
- C:\Windows\System\tOUPksG.exe
  C:\Windows\System\tOUPksG.exe
  2⤵
  PID:5128
- C:\Windows\System\gitqhkW.exe
  C:\Windows\System\gitqhkW.exe
  2⤵
  PID:5232
- C:\Windows\System\ZiwiwzO.exe
  C:\Windows\System\ZiwiwzO.exe
  2⤵
  PID:1644
- C:\Windows\System\kpZWVQM.exe
  C:\Windows\System\kpZWVQM.exe
  2⤵
  PID:5272
- C:\Windows\System\SjPXwon.exe
  C:\Windows\System\SjPXwon.exe
  2⤵
  PID:2320
- C:\Windows\System\yENbGKE.exe
  C:\Windows\System\yENbGKE.exe
  2⤵
  PID:5388
- C:\Windows\System\UyhGQXw.exe
  C:\Windows\System\UyhGQXw.exe
  2⤵
  PID:5772
- C:\Windows\System\svVIGQn.exe
  C:\Windows\System\svVIGQn.exe
  2⤵
  PID:5536
- C:\Windows\System\adIBZmw.exe
  C:\Windows\System\adIBZmw.exe
  2⤵
  PID:5672
- C:\Windows\System\AkJbGEf.exe
  C:\Windows\System\AkJbGEf.exe
  2⤵
  PID:5768
- C:\Windows\System\yZVkEdW.exe
  C:\Windows\System\yZVkEdW.exe
  2⤵
  PID:5708
- C:\Windows\System\BSEFLVg.exe
  C:\Windows\System\BSEFLVg.exe
  2⤵
  PID:5856
- C:\Windows\System\OQTVUiG.exe
  C:\Windows\System\OQTVUiG.exe
  2⤵
  PID:5928
- C:\Windows\System\DCpUWTJ.exe
  C:\Windows\System\DCpUWTJ.exe
  2⤵
  PID:6008
- C:\Windows\System\QBNQthk.exe
  C:\Windows\System\QBNQthk.exe
  2⤵
  PID:2484
- C:\Windows\System\dBheZIZ.exe
  C:\Windows\System\dBheZIZ.exe
  2⤵
  PID:4256
- C:\Windows\System\QubdfXO.exe
  C:\Windows\System\QubdfXO.exe
  2⤵
  PID:4788
- C:\Windows\System\zOozWkt.exe
  C:\Windows\System\zOozWkt.exe
  2⤵
  PID:5164
- C:\Windows\System\jAOKocV.exe
  C:\Windows\System\jAOKocV.exe
  2⤵
  PID:1512
- C:\Windows\System\dptsjzt.exe
  C:\Windows\System\dptsjzt.exe
  2⤵
  PID:5396
- C:\Windows\System\JcuWhYo.exe
  C:\Windows\System\JcuWhYo.exe
  2⤵
  PID:5308
- C:\Windows\System\sLuYpKc.exe
  C:\Windows\System\sLuYpKc.exe
  2⤵
  PID:5648
- C:\Windows\System\lemPSMb.exe
  C:\Windows\System\lemPSMb.exe
  2⤵
  PID:5612
- C:\Windows\System\nCmVINN.exe
  C:\Windows\System\nCmVINN.exe
  2⤵
  PID:5812
- C:\Windows\System\eqQJIUM.exe
  C:\Windows\System\eqQJIUM.exe
  2⤵
  PID:5752
- C:\Windows\System\TpkMpzr.exe
  C:\Windows\System\TpkMpzr.exe
  2⤵
  PID:6112
- C:\Windows\System\kbyQlrm.exe
  C:\Windows\System\kbyQlrm.exe
  2⤵
  PID:6056
- C:\Windows\System\TPgWwfg.exe
  C:\Windows\System\TPgWwfg.exe
  2⤵
  PID:5144
- C:\Windows\System\rAvTLUU.exe
  C:\Windows\System\rAvTLUU.exe
  2⤵
  PID:1240
- C:\Windows\System\TYqjDCq.exe
  C:\Windows\System\TYqjDCq.exe
  2⤵
  PID:5532
- C:\Windows\System\SWzZFbq.exe
  C:\Windows\System\SWzZFbq.exe
  2⤵
  PID:5364
- C:\Windows\System\fQdJzmY.exe
  C:\Windows\System\fQdJzmY.exe
  2⤵
  PID:6132
- C:\Windows\System\hGMHalc.exe
  C:\Windows\System\hGMHalc.exe
  2⤵
  PID:1856
- C:\Windows\System\uSecyNA.exe
  C:\Windows\System\uSecyNA.exe
  2⤵
  PID:6068
- C:\Windows\System\EbZizlz.exe
  C:\Windows\System\EbZizlz.exe
  2⤵
  PID:1580
- C:\Windows\System\UxAetIL.exe
  C:\Windows\System\UxAetIL.exe
  2⤵
  PID:6164
- C:\Windows\System\UDDLaOU.exe
  C:\Windows\System\UDDLaOU.exe
  2⤵
  PID:6184
- C:\Windows\System\mHGeqgR.exe
  C:\Windows\System\mHGeqgR.exe
  2⤵
  PID:6204
- C:\Windows\System\RBbiWBL.exe
  C:\Windows\System\RBbiWBL.exe
  2⤵
  PID:6224
- C:\Windows\System\pKZeluV.exe
  C:\Windows\System\pKZeluV.exe
  2⤵
  PID:6244
- C:\Windows\System\TSiiuuU.exe
  C:\Windows\System\TSiiuuU.exe
  2⤵
  PID:6264
- C:\Windows\System\ZDhOVgM.exe
  C:\Windows\System\ZDhOVgM.exe
  2⤵
  PID:6284
- C:\Windows\System\GYErHTY.exe
  C:\Windows\System\GYErHTY.exe
  2⤵
  PID:6304
- C:\Windows\System\SeHrIAl.exe
  C:\Windows\System\SeHrIAl.exe
  2⤵
  PID:6324
- C:\Windows\System\cGZiZNn.exe
  C:\Windows\System\cGZiZNn.exe
  2⤵
  PID:6344
- C:\Windows\System\EFtupDh.exe
  C:\Windows\System\EFtupDh.exe
  2⤵
  PID:6364
- C:\Windows\System\SoQXZTO.exe
  C:\Windows\System\SoQXZTO.exe
  2⤵
  PID:6388
- C:\Windows\System\fSgIWua.exe
  C:\Windows\System\fSgIWua.exe
  2⤵
  PID:6408
- C:\Windows\System\NeudqDJ.exe
  C:\Windows\System\NeudqDJ.exe
  2⤵
  PID:6428
- C:\Windows\System\VhoZWLv.exe
  C:\Windows\System\VhoZWLv.exe
  2⤵
  PID:6448
- C:\Windows\System\FAXAPIS.exe
  C:\Windows\System\FAXAPIS.exe
  2⤵
  PID:6468
- C:\Windows\System\xDPmnsa.exe
  C:\Windows\System\xDPmnsa.exe
  2⤵
  PID:6488
- C:\Windows\System\eaCcnqK.exe
  C:\Windows\System\eaCcnqK.exe
  2⤵
  PID:6508
- C:\Windows\System\jkHVEKp.exe
  C:\Windows\System\jkHVEKp.exe
  2⤵
  PID:6528
- C:\Windows\System\cQLrXBU.exe
  C:\Windows\System\cQLrXBU.exe
  2⤵
  PID:6544
- C:\Windows\System\mZkalyU.exe
  C:\Windows\System\mZkalyU.exe
  2⤵
  PID:6568
- C:\Windows\System\BaDFsEn.exe
  C:\Windows\System\BaDFsEn.exe
  2⤵
  PID:6588
- C:\Windows\System\oLMmAQa.exe
  C:\Windows\System\oLMmAQa.exe
  2⤵
  PID:6608
- C:\Windows\System\IjRftJf.exe
  C:\Windows\System\IjRftJf.exe
  2⤵
  PID:6628
- C:\Windows\System\QHsEhRf.exe
  C:\Windows\System\QHsEhRf.exe
  2⤵
  PID:6648
- C:\Windows\System\TZoQkJV.exe
  C:\Windows\System\TZoQkJV.exe
  2⤵
  PID:6668
- C:\Windows\System\ITOhMNw.exe
  C:\Windows\System\ITOhMNw.exe
  2⤵
  PID:6688
- C:\Windows\System\NdTdCMD.exe
  C:\Windows\System\NdTdCMD.exe
  2⤵
  PID:6708
- C:\Windows\System\tWeSkkF.exe
  C:\Windows\System\tWeSkkF.exe
  2⤵
  PID:6728
- C:\Windows\System\SldipIw.exe
  C:\Windows\System\SldipIw.exe
  2⤵
  PID:6748
- C:\Windows\System\eHjhUmm.exe
  C:\Windows\System\eHjhUmm.exe
  2⤵
  PID:6768
- C:\Windows\System\BeYTygj.exe
  C:\Windows\System\BeYTygj.exe
  2⤵
  PID:6788
- C:\Windows\System\hqBxuuf.exe
  C:\Windows\System\hqBxuuf.exe
  2⤵
  PID:6808
- C:\Windows\System\oeoWSsD.exe
  C:\Windows\System\oeoWSsD.exe
  2⤵
  PID:6828
- C:\Windows\System\shrUPNc.exe
  C:\Windows\System\shrUPNc.exe
  2⤵
  PID:6848
- C:\Windows\System\EfUDDyK.exe
  C:\Windows\System\EfUDDyK.exe
  2⤵
  PID:6868
- C:\Windows\System\KimYYbb.exe
  C:\Windows\System\KimYYbb.exe
  2⤵
  PID:6888
- C:\Windows\System\bdYczsg.exe
  C:\Windows\System\bdYczsg.exe
  2⤵
  PID:6908
- C:\Windows\System\JqcTgqh.exe
  C:\Windows\System\JqcTgqh.exe
  2⤵
  PID:6928
- C:\Windows\System\nKuPceS.exe
  C:\Windows\System\nKuPceS.exe
  2⤵
  PID:6948
- C:\Windows\System\bjfkCfc.exe
  C:\Windows\System\bjfkCfc.exe
  2⤵
  PID:6968
- C:\Windows\System\COcegwX.exe
  C:\Windows\System\COcegwX.exe
  2⤵
  PID:6988
- C:\Windows\System\GngOkMx.exe
  C:\Windows\System\GngOkMx.exe
  2⤵
  PID:7008
- C:\Windows\System\DXlBRMS.exe
  C:\Windows\System\DXlBRMS.exe
  2⤵
  PID:7028
- C:\Windows\System\xyMWNll.exe
  C:\Windows\System\xyMWNll.exe
  2⤵
  PID:7048
- C:\Windows\System\RvkOSsU.exe
  C:\Windows\System\RvkOSsU.exe
  2⤵
  PID:7068
- C:\Windows\System\xzOpqps.exe
  C:\Windows\System\xzOpqps.exe
  2⤵
  PID:7088
- C:\Windows\System\cfxkoCT.exe
  C:\Windows\System\cfxkoCT.exe
  2⤵
  PID:7108
- C:\Windows\System\TbuiGRh.exe
  C:\Windows\System\TbuiGRh.exe
  2⤵
  PID:7128
- C:\Windows\System\AlQRcrw.exe
  C:\Windows\System\AlQRcrw.exe
  2⤵
  PID:7148
- C:\Windows\System\iDjDvvZ.exe
  C:\Windows\System\iDjDvvZ.exe
  2⤵
  PID:5044
- C:\Windows\System\gATTySl.exe
  C:\Windows\System\gATTySl.exe
  2⤵
  PID:2884
- C:\Windows\System\dEzCrJJ.exe
  C:\Windows\System\dEzCrJJ.exe
  2⤵
  PID:2936
- C:\Windows\System\KsfsLLH.exe
  C:\Windows\System\KsfsLLH.exe
  2⤵
  PID:5996
- C:\Windows\System\jDBJSTT.exe
  C:\Windows\System\jDBJSTT.exe
  2⤵
  PID:5224
- C:\Windows\System\iQfRvyP.exe
  C:\Windows\System\iQfRvyP.exe
  2⤵
  PID:6156
- C:\Windows\System\nGJsaNa.exe
  C:\Windows\System\nGJsaNa.exe
  2⤵
  PID:6200
- C:\Windows\System\CWrfnNc.exe
  C:\Windows\System\CWrfnNc.exe
  2⤵
  PID:6212
- C:\Windows\System\iPIuVYB.exe
  C:\Windows\System\iPIuVYB.exe
  2⤵
  PID:6256
- C:\Windows\System\qWrmdit.exe
  C:\Windows\System\qWrmdit.exe
  2⤵
  PID:6296
- C:\Windows\System\EMlygpJ.exe
  C:\Windows\System\EMlygpJ.exe
  2⤵
  PID:6332
- C:\Windows\System\RvuqTaF.exe
  C:\Windows\System\RvuqTaF.exe
  2⤵
  PID:6396
- C:\Windows\System\iKBuMfg.exe
  C:\Windows\System\iKBuMfg.exe
  2⤵
  PID:4216
- C:\Windows\System\LyGbCWH.exe
  C:\Windows\System\LyGbCWH.exe
  2⤵
  PID:6416
- C:\Windows\System\BiWasQi.exe
  C:\Windows\System\BiWasQi.exe
  2⤵
  PID:6480
- C:\Windows\System\Smvrkvz.exe
  C:\Windows\System\Smvrkvz.exe
  2⤵
  PID:6524
- C:\Windows\System\XQNsSwQ.exe
  C:\Windows\System\XQNsSwQ.exe
  2⤵
  PID:6500
- C:\Windows\System\axqiYgf.exe
  C:\Windows\System\axqiYgf.exe
  2⤵
  PID:6556
- C:\Windows\System\aUzGqdg.exe
  C:\Windows\System\aUzGqdg.exe
  2⤵
  PID:6624
- C:\Windows\System\dIqrSjA.exe
  C:\Windows\System\dIqrSjA.exe
  2⤵
  PID:6684
- C:\Windows\System\FaGnXwp.exe
  C:\Windows\System\FaGnXwp.exe
  2⤵
  PID:6680
- C:\Windows\System\EOrdVuY.exe
  C:\Windows\System\EOrdVuY.exe
  2⤵
  PID:6700
- C:\Windows\System\marMKpj.exe
  C:\Windows\System\marMKpj.exe
  2⤵
  PID:6740
- C:\Windows\System\FKbKcDp.exe
  C:\Windows\System\FKbKcDp.exe
  2⤵
  PID:6800
- C:\Windows\System\lbLrIXO.exe
  C:\Windows\System\lbLrIXO.exe
  2⤵
  PID:6816
- C:\Windows\System\tTySNXv.exe
  C:\Windows\System\tTySNXv.exe
  2⤵
  PID:6824
- C:\Windows\System\bYyVEFD.exe
  C:\Windows\System\bYyVEFD.exe
  2⤵
  PID:6884
- C:\Windows\System\VWYGdhm.exe
  C:\Windows\System\VWYGdhm.exe
  2⤵
  PID:6864
- C:\Windows\System\QhCmtsz.exe
  C:\Windows\System\QhCmtsz.exe
  2⤵
  PID:6896
- C:\Windows\System\QJoCXyG.exe
  C:\Windows\System\QJoCXyG.exe
  2⤵
  PID:6964
- C:\Windows\System\LJWSfPZ.exe
  C:\Windows\System\LJWSfPZ.exe
  2⤵
  PID:1924
- C:\Windows\System\xvqMKTZ.exe
  C:\Windows\System\xvqMKTZ.exe
  2⤵
  PID:6996
- C:\Windows\System\ksygVXk.exe
  C:\Windows\System\ksygVXk.exe
  2⤵
  PID:7040
- C:\Windows\System\CVxyCmf.exe
  C:\Windows\System\CVxyCmf.exe
  2⤵
  PID:7024
- C:\Windows\System\nSTsPbP.exe
  C:\Windows\System\nSTsPbP.exe
  2⤵
  PID:7064
- C:\Windows\System\CqliItO.exe
  C:\Windows\System\CqliItO.exe
  2⤵
  PID:7096
- C:\Windows\System\DlvBGXK.exe
  C:\Windows\System\DlvBGXK.exe
  2⤵
  PID:7156
- C:\Windows\System\jpCHgTd.exe
  C:\Windows\System\jpCHgTd.exe
  2⤵
  PID:7140
- C:\Windows\System\yxsiGfr.exe
  C:\Windows\System\yxsiGfr.exe
  2⤵
  PID:5312
- C:\Windows\System\ICQnPKj.exe
  C:\Windows\System\ICQnPKj.exe
  2⤵
  PID:5288
- C:\Windows\System\PsXNEag.exe
  C:\Windows\System\PsXNEag.exe
  2⤵
  PID:1440
- C:\Windows\System\FhBfjMd.exe
  C:\Windows\System\FhBfjMd.exe
  2⤵
  PID:2772
- C:\Windows\System\KMpFrxL.exe
  C:\Windows\System\KMpFrxL.exe
  2⤵
  PID:6196
- C:\Windows\System\taYlCFm.exe
  C:\Windows\System\taYlCFm.exe
  2⤵
  PID:1288
- C:\Windows\System\UpPHFsY.exe
  C:\Windows\System\UpPHFsY.exe
  2⤵
  PID:1964
- C:\Windows\System\fNaAtxS.exe
  C:\Windows\System\fNaAtxS.exe
  2⤵
  PID:2880
- C:\Windows\System\qjKpmwl.exe
  C:\Windows\System\qjKpmwl.exe
  2⤵
  PID:2276
- C:\Windows\System\CqPnVfl.exe
  C:\Windows\System\CqPnVfl.exe
  2⤵
  PID:6376
- C:\Windows\System\EKTGSpO.exe
  C:\Windows\System\EKTGSpO.exe
  2⤵
  PID:6300
- C:\Windows\System\bajqAsT.exe
  C:\Windows\System\bajqAsT.exe
  2⤵
  PID:6476
- C:\Windows\System\VIeAxks.exe
  C:\Windows\System\VIeAxks.exe
  2⤵
  PID:6564
- C:\Windows\System\WFAzBLZ.exe
  C:\Windows\System\WFAzBLZ.exe
  2⤵
  PID:6540
- C:\Windows\System\VJHhrgJ.exe
  C:\Windows\System\VJHhrgJ.exe
  2⤵
  PID:6660
- C:\Windows\System\uRhDrEn.exe
  C:\Windows\System\uRhDrEn.exe
  2⤵
  PID:1596
- C:\Windows\System\hRTMvnH.exe
  C:\Windows\System\hRTMvnH.exe
  2⤵
  PID:6704
- C:\Windows\System\FQSRxln.exe
  C:\Windows\System\FQSRxln.exe
  2⤵
  PID:6780
- C:\Windows\System\ELBlOrO.exe
  C:\Windows\System\ELBlOrO.exe
  2⤵
  PID:6876
- C:\Windows\System\CPukWSL.exe
  C:\Windows\System\CPukWSL.exe
  2⤵
  PID:6936
- C:\Windows\System\uGRRQrp.exe
  C:\Windows\System\uGRRQrp.exe
  2⤵
  PID:7044
- C:\Windows\System\krGCkne.exe
  C:\Windows\System\krGCkne.exe
  2⤵
  PID:2856
- C:\Windows\System\TGpFDUZ.exe
  C:\Windows\System\TGpFDUZ.exe
  2⤵
  PID:7080
- C:\Windows\System\WgDSzYN.exe
  C:\Windows\System\WgDSzYN.exe
  2⤵
  PID:5508
- C:\Windows\System\YFfifeP.exe
  C:\Windows\System\YFfifeP.exe
  2⤵
  PID:5992
- C:\Windows\System\iCblFiP.exe
  C:\Windows\System\iCblFiP.exe
  2⤵
  PID:1484
- C:\Windows\System\eKniTsq.exe
  C:\Windows\System\eKniTsq.exe
  2⤵
  PID:2132
- C:\Windows\System\EXilfaO.exe
  C:\Windows\System\EXilfaO.exe
  2⤵
  PID:6796
- C:\Windows\System\pEHjJTy.exe
  C:\Windows\System\pEHjJTy.exe
  2⤵
  PID:6664
- C:\Windows\System\xaFTIuz.exe
  C:\Windows\System\xaFTIuz.exe
  2⤵
  PID:6844
- C:\Windows\System\GhiNhTu.exe
  C:\Windows\System\GhiNhTu.exe
  2⤵
  PID:6956
- C:\Windows\System\vzazUuN.exe
  C:\Windows\System\vzazUuN.exe
  2⤵
  PID:6976
- C:\Windows\System\PHKhBLq.exe
  C:\Windows\System\PHKhBLq.exe
  2⤵
  PID:7120
- C:\Windows\System\RlUVdMH.exe
  C:\Windows\System\RlUVdMH.exe
  2⤵
  PID:2692
- C:\Windows\System\XZIsevZ.exe
  C:\Windows\System\XZIsevZ.exe
  2⤵
  PID:7000
- C:\Windows\System\KPUBsTm.exe
  C:\Windows\System\KPUBsTm.exe
  2⤵
  PID:6192
- C:\Windows\System\rsvPxdz.exe
  C:\Windows\System\rsvPxdz.exe
  2⤵
  PID:6360
- C:\Windows\System\uYmOYnh.exe
  C:\Windows\System\uYmOYnh.exe
  2⤵
  PID:7116
- C:\Windows\System\SeoTPIs.exe
  C:\Windows\System\SeoTPIs.exe
  2⤵
  PID:1780
- C:\Windows\System\LNehgMz.exe
  C:\Windows\System\LNehgMz.exe
  2⤵
  PID:6232
- C:\Windows\System\GYycEif.exe
  C:\Windows\System\GYycEif.exe
  2⤵
  PID:6272
- C:\Windows\System\jvoVwYY.exe
  C:\Windows\System\jvoVwYY.exe
  2⤵
  PID:2024
- C:\Windows\System\uMPepEY.exe
  C:\Windows\System\uMPepEY.exe
  2⤵
  PID:7136
- C:\Windows\System\nGWUjlZ.exe
  C:\Windows\System\nGWUjlZ.exe
  2⤵
  PID:1592
- C:\Windows\System\EKITvmT.exe
  C:\Windows\System\EKITvmT.exe
  2⤵
  PID:1876
- C:\Windows\System\UtxsZRJ.exe
  C:\Windows\System\UtxsZRJ.exe
  2⤵
  PID:6916
- C:\Windows\System\VOLOvPk.exe
  C:\Windows\System\VOLOvPk.exe
  2⤵
  PID:6756
- C:\Windows\System\UfKGKnS.exe
  C:\Windows\System\UfKGKnS.exe
  2⤵
  PID:2592
- C:\Windows\System\NerHmib.exe
  C:\Windows\System\NerHmib.exe
  2⤵
  PID:6736
- C:\Windows\System\aExMAbe.exe
  C:\Windows\System\aExMAbe.exe
  2⤵
  PID:2144
- C:\Windows\System\fhQckla.exe
  C:\Windows\System\fhQckla.exe
  2⤵
  PID:7056
- C:\Windows\System\YLJeHPP.exe
  C:\Windows\System\YLJeHPP.exe
  2⤵
  PID:6172
- C:\Windows\System\dmzutlA.exe
  C:\Windows\System\dmzutlA.exe
  2⤵
  PID:6920
- C:\Windows\System\uqMiuRH.exe
  C:\Windows\System\uqMiuRH.exe
  2⤵
  PID:6560
- C:\Windows\System\kixdJfa.exe
  C:\Windows\System\kixdJfa.exe
  2⤵
  PID:6552
- C:\Windows\System\VKntKBS.exe
  C:\Windows\System\VKntKBS.exe
  2⤵
  PID:6636
- C:\Windows\System\sEFrBiP.exe
  C:\Windows\System\sEFrBiP.exe
  2⤵
  PID:7124
- C:\Windows\System\rJXxQzL.exe
  C:\Windows\System\rJXxQzL.exe
  2⤵
  PID:6372
- C:\Windows\System\LKDXyVA.exe
  C:\Windows\System\LKDXyVA.exe
  2⤵
  PID:6496
- C:\Windows\System\PKXnWGl.exe
  C:\Windows\System\PKXnWGl.exe
  2⤵
  PID:5956
- C:\Windows\System\JXTJRpy.exe
  C:\Windows\System\JXTJRpy.exe
  2⤵
  PID:6460
- C:\Windows\System\hyuXPjn.exe
  C:\Windows\System\hyuXPjn.exe
  2⤵
  PID:6840
- C:\Windows\System\CkaeOMw.exe
  C:\Windows\System\CkaeOMw.exe
  2⤵
  PID:6400
- C:\Windows\System\Jqduwtv.exe
  C:\Windows\System\Jqduwtv.exe
  2⤵
  PID:6456
- C:\Windows\System\vspecAB.exe
  C:\Windows\System\vspecAB.exe
  2⤵
  PID:1732
- C:\Windows\System\FoCkvpL.exe
  C:\Windows\System\FoCkvpL.exe
  2⤵
  PID:7084
- C:\Windows\System\hHzyPws.exe
  C:\Windows\System\hHzyPws.exe
  2⤵
  PID:1568
- C:\Windows\System\JuIXCrJ.exe
  C:\Windows\System\JuIXCrJ.exe
  2⤵
  PID:2372
- C:\Windows\System\iVixWLl.exe
  C:\Windows\System\iVixWLl.exe
  2⤵
  PID:7180
- C:\Windows\System\xWKkPEi.exe
  C:\Windows\System\xWKkPEi.exe
  2⤵
  PID:7200
- C:\Windows\System\hFSmTAw.exe
  C:\Windows\System\hFSmTAw.exe
  2⤵
  PID:7216
- C:\Windows\System\XijuvQc.exe
  C:\Windows\System\XijuvQc.exe
  2⤵
  PID:7232
- C:\Windows\System\yCsAfQp.exe
  C:\Windows\System\yCsAfQp.exe
  2⤵
  PID:7248
- C:\Windows\System\nXaLyZl.exe
  C:\Windows\System\nXaLyZl.exe
  2⤵
  PID:7264
- C:\Windows\System\tZrMKCU.exe
  C:\Windows\System\tZrMKCU.exe
  2⤵
  PID:7280
- C:\Windows\System\OVLcCdC.exe
  C:\Windows\System\OVLcCdC.exe
  2⤵
  PID:7296
- C:\Windows\System\yBttdRB.exe
  C:\Windows\System\yBttdRB.exe
  2⤵
  PID:7344
- C:\Windows\System\joJaqzu.exe
  C:\Windows\System\joJaqzu.exe
  2⤵
  PID:7364
- C:\Windows\System\MWPFYlj.exe
  C:\Windows\System\MWPFYlj.exe
  2⤵
  PID:7380
- C:\Windows\System\PYifajR.exe
  C:\Windows\System\PYifajR.exe
  2⤵
  PID:7396
- C:\Windows\System\rQnmqDp.exe
  C:\Windows\System\rQnmqDp.exe
  2⤵
  PID:7416
- C:\Windows\System\QJMnwJd.exe
  C:\Windows\System\QJMnwJd.exe
  2⤵
  PID:7432
- C:\Windows\System\WyeMrDT.exe
  C:\Windows\System\WyeMrDT.exe
  2⤵
  PID:7448
- C:\Windows\System\NLrGUzO.exe
  C:\Windows\System\NLrGUzO.exe
  2⤵
  PID:7464
- C:\Windows\System\ttZNHVX.exe
  C:\Windows\System\ttZNHVX.exe
  2⤵
  PID:7484
- C:\Windows\System\QOQWFXm.exe
  C:\Windows\System\QOQWFXm.exe
  2⤵
  PID:7504
- C:\Windows\System\IpkTiEB.exe
  C:\Windows\System\IpkTiEB.exe
  2⤵
  PID:7520
- C:\Windows\System\SRYtSMg.exe
  C:\Windows\System\SRYtSMg.exe
  2⤵
  PID:7540
- C:\Windows\System\uZxEdKI.exe
  C:\Windows\System\uZxEdKI.exe
  2⤵
  PID:7564
- C:\Windows\System\YEOYnkQ.exe
  C:\Windows\System\YEOYnkQ.exe
  2⤵
  PID:7580
- C:\Windows\System\YYWlcKE.exe
  C:\Windows\System\YYWlcKE.exe
  2⤵
  PID:7600
- C:\Windows\System\TzZhaul.exe
  C:\Windows\System\TzZhaul.exe
  2⤵
  PID:7620
- C:\Windows\System\OUhUOlk.exe
  C:\Windows\System\OUhUOlk.exe
  2⤵
  PID:7640
- C:\Windows\System\IGlumDg.exe
  C:\Windows\System\IGlumDg.exe
  2⤵
  PID:7672
- C:\Windows\System\QFYjZBb.exe
  C:\Windows\System\QFYjZBb.exe
  2⤵
  PID:7696
- C:\Windows\System\pudZmUE.exe
  C:\Windows\System\pudZmUE.exe
  2⤵
  PID:7724
- C:\Windows\System\ecfgCwu.exe
  C:\Windows\System\ecfgCwu.exe
  2⤵
  PID:7740
- C:\Windows\System\sWhgADV.exe
  C:\Windows\System\sWhgADV.exe
  2⤵
  PID:7756
- C:\Windows\System\hObbvjx.exe
  C:\Windows\System\hObbvjx.exe
  2⤵
  PID:7784
- C:\Windows\System\Zchikwu.exe
  C:\Windows\System\Zchikwu.exe
  2⤵
  PID:7800
- C:\Windows\System\HrcZaah.exe
  C:\Windows\System\HrcZaah.exe
  2⤵
  PID:7820
- C:\Windows\System\lAWlUqf.exe
  C:\Windows\System\lAWlUqf.exe
  2⤵
  PID:7844
- C:\Windows\System\BENRckF.exe
  C:\Windows\System\BENRckF.exe
  2⤵
  PID:7860
- C:\Windows\System\OCYyCbE.exe
  C:\Windows\System\OCYyCbE.exe
  2⤵
  PID:7884
- C:\Windows\System\qHpvWoz.exe
  C:\Windows\System\qHpvWoz.exe
  2⤵
  PID:7900
- C:\Windows\System\khdpSPk.exe
  C:\Windows\System\khdpSPk.exe
  2⤵
  PID:7916
- C:\Windows\System\ubHcUOI.exe
  C:\Windows\System\ubHcUOI.exe
  2⤵
  PID:7936
- C:\Windows\System\wsexlOG.exe
  C:\Windows\System\wsexlOG.exe
  2⤵
  PID:7972
- C:\Windows\System\ruQvoQX.exe
  C:\Windows\System\ruQvoQX.exe
  2⤵
  PID:7992
- C:\Windows\System\GSqZcHj.exe
  C:\Windows\System\GSqZcHj.exe
  2⤵
  PID:8008
- C:\Windows\System\IXJPpCy.exe
  C:\Windows\System\IXJPpCy.exe
  2⤵
  PID:8028
- C:\Windows\System\ZYaorcE.exe
  C:\Windows\System\ZYaorcE.exe
  2⤵
  PID:8048
- C:\Windows\System\JgclPdu.exe
  C:\Windows\System\JgclPdu.exe
  2⤵
  PID:8072
- C:\Windows\System\XeLsZjF.exe
  C:\Windows\System\XeLsZjF.exe
  2⤵
  PID:8092
- C:\Windows\System\qCXlTfY.exe
  C:\Windows\System\qCXlTfY.exe
  2⤵
  PID:8108
- C:\Windows\System\SIgEyON.exe
  C:\Windows\System\SIgEyON.exe
  2⤵
  PID:8128
- C:\Windows\System\pnigGrO.exe
  C:\Windows\System\pnigGrO.exe
  2⤵
  PID:8148
- C:\Windows\System\qomeMpA.exe
  C:\Windows\System\qomeMpA.exe
  2⤵
  PID:8168
- C:\Windows\System\nctLKiY.exe
  C:\Windows\System\nctLKiY.exe
  2⤵
  PID:8184
- C:\Windows\System\QrtbQyj.exe
  C:\Windows\System\QrtbQyj.exe
  2⤵
  PID:6380
- C:\Windows\System\lBJqEXI.exe
  C:\Windows\System\lBJqEXI.exe
  2⤵
  PID:7244
- C:\Windows\System\xAhxzDk.exe
  C:\Windows\System\xAhxzDk.exe
  2⤵
  PID:7196
- C:\Windows\System\sgLeOsY.exe
  C:\Windows\System\sgLeOsY.exe
  2⤵
  PID:7224
- C:\Windows\System\fImeDim.exe
  C:\Windows\System\fImeDim.exe
  2⤵
  PID:7312
- C:\Windows\System\BmXWyMG.exe
  C:\Windows\System\BmXWyMG.exe
  2⤵
  PID:7328
- C:\Windows\System\OsOMzeb.exe
  C:\Windows\System\OsOMzeb.exe
  2⤵
  PID:7372
- C:\Windows\System\ksOYnoM.exe
  C:\Windows\System\ksOYnoM.exe
  2⤵
  PID:7444
- C:\Windows\System\jriemhe.exe
  C:\Windows\System\jriemhe.exe
  2⤵
  PID:7512
- C:\Windows\System\EcfULlV.exe
  C:\Windows\System\EcfULlV.exe
  2⤵
  PID:7596
- C:\Windows\System\qLsqRTK.exe
  C:\Windows\System\qLsqRTK.exe
  2⤵
  PID:7532
- C:\Windows\System\YdZXGzV.exe
  C:\Windows\System\YdZXGzV.exe
  2⤵
  PID:7612
- C:\Windows\System\stcFDyo.exe
  C:\Windows\System\stcFDyo.exe
  2⤵
  PID:7492
- C:\Windows\System\XemYJzw.exe
  C:\Windows\System\XemYJzw.exe
  2⤵
  PID:7424
- C:\Windows\System\GJOUvzZ.exe
  C:\Windows\System\GJOUvzZ.exe
  2⤵
  PID:7680
- C:\Windows\System\OhHofzb.exe
  C:\Windows\System\OhHofzb.exe
  2⤵
  PID:7732
- C:\Windows\System\QbnbMPw.exe
  C:\Windows\System\QbnbMPw.exe
  2⤵
  PID:7768
- C:\Windows\System\WuqJyLE.exe
  C:\Windows\System\WuqJyLE.exe
  2⤵
  PID:7716
- C:\Windows\System\DdOsoyp.exe
  C:\Windows\System\DdOsoyp.exe
  2⤵
  PID:7776
- C:\Windows\System\kcUKdoy.exe
  C:\Windows\System\kcUKdoy.exe
  2⤵
  PID:7816
- C:\Windows\System\ZCPbDhx.exe
  C:\Windows\System\ZCPbDhx.exe
  2⤵
  PID:7836
- C:\Windows\System\glelKDP.exe
  C:\Windows\System\glelKDP.exe
  2⤵
  PID:7908
- C:\Windows\System\lSWhfhQ.exe
  C:\Windows\System\lSWhfhQ.exe
  2⤵
  PID:7892
- C:\Windows\System\AwrkSNt.exe
  C:\Windows\System\AwrkSNt.exe
  2⤵
  PID:7932
- C:\Windows\System\FSKfxzj.exe
  C:\Windows\System\FSKfxzj.exe
  2⤵
  PID:7964
- C:\Windows\System\gQsjaLl.exe
  C:\Windows\System\gQsjaLl.exe
  2⤵
  PID:7988
- C:\Windows\System\yGbmUAy.exe
  C:\Windows\System\yGbmUAy.exe
  2⤵
  PID:8000
- C:\Windows\System\zUxGXBR.exe
  C:\Windows\System\zUxGXBR.exe
  2⤵
  PID:8056
- C:\Windows\System\PtsBEDw.exe
  C:\Windows\System\PtsBEDw.exe
  2⤵
  PID:8080
- C:\Windows\System\lLIoBdN.exe
  C:\Windows\System\lLIoBdN.exe
  2⤵
  PID:8124
- C:\Windows\System\OIAiKLe.exe
  C:\Windows\System\OIAiKLe.exe
  2⤵
  PID:8136
- C:\Windows\System\JOgEyWo.exe
  C:\Windows\System\JOgEyWo.exe
  2⤵
  PID:8180
- C:\Windows\System\sEfzAlY.exe
  C:\Windows\System\sEfzAlY.exe
  2⤵
  PID:7288
- C:\Windows\System\GWrZNZY.exe
  C:\Windows\System\GWrZNZY.exe
  2⤵
  PID:7332
- C:\Windows\System\KEClvhA.exe
  C:\Windows\System\KEClvhA.exe
  2⤵
  PID:7412
- C:\Windows\System\HmYEgqP.exe
  C:\Windows\System\HmYEgqP.exe
  2⤵
  PID:7256
- C:\Windows\System\FgkHSlb.exe
  C:\Windows\System\FgkHSlb.exe
  2⤵
  PID:7188
- C:\Windows\System\BzlSwhS.exe
  C:\Windows\System\BzlSwhS.exe
  2⤵
  PID:7556
- C:\Windows\System\euppWpx.exe
  C:\Windows\System\euppWpx.exe
  2⤵
  PID:7352
- C:\Windows\System\qWOjbrL.exe
  C:\Windows\System\qWOjbrL.exe
  2⤵
  PID:7576
- C:\Windows\System\osVHqqr.exe
  C:\Windows\System\osVHqqr.exe
  2⤵
  PID:7692
- C:\Windows\System\laBhMTH.exe
  C:\Windows\System\laBhMTH.exe
  2⤵
  PID:7648
- C:\Windows\System\qjMyNhe.exe
  C:\Windows\System\qjMyNhe.exe
  2⤵
  PID:7808
- C:\Windows\System\VCMCcVK.exe
  C:\Windows\System\VCMCcVK.exe
  2⤵
  PID:7924
- C:\Windows\System\hLrphQk.exe
  C:\Windows\System\hLrphQk.exe
  2⤵
  PID:7560
- C:\Windows\System\BJfvHcc.exe
  C:\Windows\System\BJfvHcc.exe
  2⤵
  PID:7912
- C:\Windows\System\RLrgozd.exe
  C:\Windows\System\RLrgozd.exe
  2⤵
  PID:8164
- C:\Windows\System\wrSKfPu.exe
  C:\Windows\System\wrSKfPu.exe
  2⤵
  PID:7856
- C:\Windows\System\mClQjAG.exe
  C:\Windows\System\mClQjAG.exe
  2⤵
  PID:7548
- C:\Windows\System\qwmJylJ.exe
  C:\Windows\System\qwmJylJ.exe
  2⤵
  PID:8040
- C:\Windows\System\ZUvHJCT.exe
  C:\Windows\System\ZUvHJCT.exe
  2⤵
  PID:8116
- C:\Windows\System\kJafnRl.exe
  C:\Windows\System\kJafnRl.exe
  2⤵
  PID:7876
- C:\Windows\System\JbWbQFy.exe
  C:\Windows\System\JbWbQFy.exe
  2⤵
  PID:7652
- C:\Windows\System\FeGHQzj.exe
  C:\Windows\System\FeGHQzj.exe
  2⤵
  PID:7408
- C:\Windows\System\xdWKXfa.exe
  C:\Windows\System\xdWKXfa.exe
  2⤵
  PID:7616
- C:\Windows\System\nBQnErH.exe
  C:\Windows\System\nBQnErH.exe
  2⤵
  PID:7428
- C:\Windows\System\cAGaYnW.exe
  C:\Windows\System\cAGaYnW.exe
  2⤵
  PID:7712
- C:\Windows\System\ICBcKow.exe
  C:\Windows\System\ICBcKow.exe
  2⤵
  PID:7872
- C:\Windows\System\zGLftmT.exe
  C:\Windows\System\zGLftmT.exe
  2⤵
  PID:8060
- C:\Windows\System\ABBNJDa.exe
  C:\Windows\System\ABBNJDa.exe
  2⤵
  PID:8104
- C:\Windows\System\EWcRPjm.exe
  C:\Windows\System\EWcRPjm.exe
  2⤵
  PID:6616
- C:\Windows\System\Gfwqyhs.exe
  C:\Windows\System\Gfwqyhs.exe
  2⤵
  PID:7212
- C:\Windows\System\vOYjNWG.exe
  C:\Windows\System\vOYjNWG.exe
  2⤵
  PID:7704
- C:\Windows\System\avhCWwg.exe
  C:\Windows\System\avhCWwg.exe
  2⤵
  PID:8024
- C:\Windows\System\JemKbDJ.exe
  C:\Windows\System\JemKbDJ.exe
  2⤵
  PID:7796
- C:\Windows\System\eaSERQD.exe
  C:\Windows\System\eaSERQD.exe
  2⤵
  PID:7324
- C:\Windows\System\eIDfMJD.exe
  C:\Windows\System\eIDfMJD.exe
  2⤵
  PID:8020
- C:\Windows\System\mpSOVAJ.exe
  C:\Windows\System\mpSOVAJ.exe
  2⤵
  PID:7388
- C:\Windows\System\wAqLnAJ.exe
  C:\Windows\System\wAqLnAJ.exe
  2⤵
  PID:7572
- C:\Windows\System\zcRgnQv.exe
  C:\Windows\System\zcRgnQv.exe
  2⤵
  PID:7764
- C:\Windows\System\MdhRVrp.exe
  C:\Windows\System\MdhRVrp.exe
  2⤵
  PID:7404
- C:\Windows\System\iiLxZXD.exe
  C:\Windows\System\iiLxZXD.exe
  2⤵
  PID:7500
- C:\Windows\System\ceWyxeq.exe
  C:\Windows\System\ceWyxeq.exe
  2⤵
  PID:8144
- C:\Windows\System\tFeUtUE.exe
  C:\Windows\System\tFeUtUE.exe
  2⤵
  PID:7952
- C:\Windows\System\GfKHdVo.exe
  C:\Windows\System\GfKHdVo.exe
  2⤵
  PID:7476
- C:\Windows\System\oPKABHS.exe
  C:\Windows\System\oPKABHS.exe
  2⤵
  PID:7664
- C:\Windows\System\rQABdzC.exe
  C:\Windows\System\rQABdzC.exe
  2⤵
  PID:7852
- C:\Windows\System\ZqpAvID.exe
  C:\Windows\System\ZqpAvID.exe
  2⤵
  PID:8204
- C:\Windows\System\yYZLfAa.exe
  C:\Windows\System\yYZLfAa.exe
  2⤵
  PID:8224
- C:\Windows\System\zOUUBSJ.exe
  C:\Windows\System\zOUUBSJ.exe
  2⤵
  PID:8248
- C:\Windows\System\TbxNqMs.exe
  C:\Windows\System\TbxNqMs.exe
  2⤵
  PID:8276
- C:\Windows\System\pmpEaSi.exe
  C:\Windows\System\pmpEaSi.exe
  2⤵
  PID:8292
- C:\Windows\System\IIqDMOn.exe
  C:\Windows\System\IIqDMOn.exe
  2⤵
  PID:8312
- C:\Windows\System\dihFwUN.exe
  C:\Windows\System\dihFwUN.exe
  2⤵
  PID:8332
- C:\Windows\System\fYwpcMN.exe
  C:\Windows\System\fYwpcMN.exe
  2⤵
  PID:8348
- C:\Windows\System\URpGaTq.exe
  C:\Windows\System\URpGaTq.exe
  2⤵
  PID:8372
- C:\Windows\System\BvZYQDH.exe
  C:\Windows\System\BvZYQDH.exe
  2⤵
  PID:8388
- C:\Windows\System\PrkkyIF.exe
  C:\Windows\System\PrkkyIF.exe
  2⤵
  PID:8408
- C:\Windows\System\AMBbYQW.exe
  C:\Windows\System\AMBbYQW.exe
  2⤵
  PID:8424
- C:\Windows\System\QOmpbxI.exe
  C:\Windows\System\QOmpbxI.exe
  2⤵
  PID:8460
- C:\Windows\System\ZIDPWPB.exe
  C:\Windows\System\ZIDPWPB.exe
  2⤵
  PID:8476
- C:\Windows\System\BdmaYXs.exe
  C:\Windows\System\BdmaYXs.exe
  2⤵
  PID:8496
- C:\Windows\System\xYzDaPE.exe
  C:\Windows\System\xYzDaPE.exe
  2⤵
  PID:8524
- C:\Windows\System\fBlEHyH.exe
  C:\Windows\System\fBlEHyH.exe
  2⤵
  PID:8544
- C:\Windows\System\aBKbPtq.exe
  C:\Windows\System\aBKbPtq.exe
  2⤵
  PID:8560
- C:\Windows\System\WbcKUzO.exe
  C:\Windows\System\WbcKUzO.exe
  2⤵
  PID:8576
- C:\Windows\System\PrdyTHo.exe
  C:\Windows\System\PrdyTHo.exe
  2⤵
  PID:8600
- C:\Windows\System\LRuzrsv.exe
  C:\Windows\System\LRuzrsv.exe
  2⤵
  PID:8624
- C:\Windows\System\rYfMdBq.exe
  C:\Windows\System\rYfMdBq.exe
  2⤵
  PID:8648
- C:\Windows\System\EaMvDrn.exe
  C:\Windows\System\EaMvDrn.exe
  2⤵
  PID:8664
- C:\Windows\System\bOUbBzk.exe
  C:\Windows\System\bOUbBzk.exe
  2⤵
  PID:8684
- C:\Windows\System\mhVjIqt.exe
  C:\Windows\System\mhVjIqt.exe
  2⤵
  PID:8700
- C:\Windows\System\xpSJrgL.exe
  C:\Windows\System\xpSJrgL.exe
  2⤵
  PID:8724
- C:\Windows\System\QcJBysW.exe
  C:\Windows\System\QcJBysW.exe
  2⤵
  PID:8748
- C:\Windows\System\BBNZzyn.exe
  C:\Windows\System\BBNZzyn.exe
  2⤵
  PID:8764
- C:\Windows\System\kKEAdiY.exe
  C:\Windows\System\kKEAdiY.exe
  2⤵
  PID:8788
- C:\Windows\System\cavmkWV.exe
  C:\Windows\System\cavmkWV.exe
  2⤵
  PID:8804
- C:\Windows\System\WBgJUEY.exe
  C:\Windows\System\WBgJUEY.exe
  2⤵
  PID:8824
- C:\Windows\System\TbdeMXl.exe
  C:\Windows\System\TbdeMXl.exe
  2⤵
  PID:8848
- C:\Windows\System\IDRIjfY.exe
  C:\Windows\System\IDRIjfY.exe
  2⤵
  PID:8864
- C:\Windows\System\QpQsEQg.exe
  C:\Windows\System\QpQsEQg.exe
  2⤵
  PID:8880
- C:\Windows\System\WLTtExl.exe
  C:\Windows\System\WLTtExl.exe
  2⤵
  PID:8908
- C:\Windows\System\byISgdU.exe
  C:\Windows\System\byISgdU.exe
  2⤵
  PID:8924
- C:\Windows\System\NRDijZz.exe
  C:\Windows\System\NRDijZz.exe
  2⤵
  PID:8944
- C:\Windows\System\JIycGsI.exe
  C:\Windows\System\JIycGsI.exe
  2⤵
  PID:8960
- C:\Windows\System\LawJKNX.exe
  C:\Windows\System\LawJKNX.exe
  2⤵
  PID:8980
- C:\Windows\System\FIkEMAk.exe
  C:\Windows\System\FIkEMAk.exe
  2⤵
  PID:9020
- C:\Windows\System\PRnYIfU.exe
  C:\Windows\System\PRnYIfU.exe
  2⤵
  PID:9036
- C:\Windows\System\NskkWxl.exe
  C:\Windows\System\NskkWxl.exe
  2⤵
  PID:9052
- C:\Windows\System\KYXoVAG.exe
  C:\Windows\System\KYXoVAG.exe
  2⤵
  PID:9068
- C:\Windows\System\xuAMsjJ.exe
  C:\Windows\System\xuAMsjJ.exe
  2⤵
  PID:9084
- C:\Windows\System\GWTWSCo.exe
  C:\Windows\System\GWTWSCo.exe
  2⤵
  PID:9100
- C:\Windows\System\rPDPWYc.exe
  C:\Windows\System\rPDPWYc.exe
  2⤵
  PID:9116
- C:\Windows\System\HgOnLkh.exe
  C:\Windows\System\HgOnLkh.exe
  2⤵
  PID:9132
- C:\Windows\System\ilFDdoK.exe
  C:\Windows\System\ilFDdoK.exe
  2⤵
  PID:9148
- C:\Windows\System\hahDeJb.exe
  C:\Windows\System\hahDeJb.exe
  2⤵
  PID:9164
- C:\Windows\System\NHQLRFp.exe
  C:\Windows\System\NHQLRFp.exe
  2⤵
  PID:9180
- C:\Windows\System\wzFIWUX.exe
  C:\Windows\System\wzFIWUX.exe
  2⤵
  PID:9196
- C:\Windows\System\rMNZJaM.exe
  C:\Windows\System\rMNZJaM.exe
  2⤵
  PID:9212
- C:\Windows\System\iVHTTcM.exe
  C:\Windows\System\iVHTTcM.exe
  2⤵
  PID:8236
- C:\Windows\System\HhyXaLR.exe
  C:\Windows\System\HhyXaLR.exe
  2⤵
  PID:8284
- C:\Windows\System\eNsZlRr.exe
  C:\Windows\System\eNsZlRr.exe
  2⤵
  PID:8356
- C:\Windows\System\gtPusib.exe
  C:\Windows\System\gtPusib.exe
  2⤵
  PID:8360
- C:\Windows\System\mqVxkyc.exe
  C:\Windows\System\mqVxkyc.exe
  2⤵
  PID:8340
- C:\Windows\System\kiKHYwf.exe
  C:\Windows\System\kiKHYwf.exe
  2⤵
  PID:8400
- C:\Windows\System\kpRoWKd.exe
  C:\Windows\System\kpRoWKd.exe
  2⤵
  PID:8416
- C:\Windows\System\WJVmXoG.exe
  C:\Windows\System\WJVmXoG.exe
  2⤵
  PID:8452
- C:\Windows\System\CPZCozO.exe
  C:\Windows\System\CPZCozO.exe
  2⤵
  PID:8472
- C:\Windows\System\KUlOKCw.exe
  C:\Windows\System\KUlOKCw.exe
  2⤵
  PID:8512
- C:\Windows\System\zgpBrUE.exe
  C:\Windows\System\zgpBrUE.exe
  2⤵
  PID:8540
- C:\Windows\System\OpwDFUe.exe
  C:\Windows\System\OpwDFUe.exe
  2⤵
  PID:8572
- C:\Windows\System\moaoJFz.exe
  C:\Windows\System\moaoJFz.exe
  2⤵
  PID:8592
- C:\Windows\System\bVDXPqD.exe
  C:\Windows\System\bVDXPqD.exe
  2⤵
  PID:8632
- C:\Windows\System\HhqeQAC.exe
  C:\Windows\System\HhqeQAC.exe
  2⤵
  PID:8656
- C:\Windows\System\HnGzaGc.exe
  C:\Windows\System\HnGzaGc.exe
  2⤵
  PID:8696
- C:\Windows\System\wUgpMgP.exe
  C:\Windows\System\wUgpMgP.exe
  2⤵
  PID:8756
- C:\Windows\System\sxrBiKH.exe
  C:\Windows\System\sxrBiKH.exe
  2⤵
  PID:8776
- C:\Windows\System\ricDqIx.exe
  C:\Windows\System\ricDqIx.exe
  2⤵
  PID:8800
- C:\Windows\System\dvqIIep.exe
  C:\Windows\System\dvqIIep.exe
  2⤵
  PID:8856
- C:\Windows\System\mTwqRQR.exe
  C:\Windows\System\mTwqRQR.exe
  2⤵
  PID:8892
- C:\Windows\System\WPHYAbi.exe
  C:\Windows\System\WPHYAbi.exe
  2⤵
  PID:8872
- C:\Windows\System\tbinwHj.exe
  C:\Windows\System\tbinwHj.exe
  2⤵
  PID:8936
- C:\Windows\System\OcrnKHx.exe
  C:\Windows\System\OcrnKHx.exe
  2⤵
  PID:9004
- C:\Windows\System\BYYSjuB.exe
  C:\Windows\System\BYYSjuB.exe
  2⤵
  PID:9028
- C:\Windows\System\GjHXuIc.exe
  C:\Windows\System\GjHXuIc.exe
  2⤵
  PID:9064
- C:\Windows\System\NuOZsqv.exe
  C:\Windows\System\NuOZsqv.exe
  2⤵
  PID:9096
- C:\Windows\System\fPyrFVn.exe
  C:\Windows\System\fPyrFVn.exe
  2⤵
  PID:9156
- C:\Windows\System\LJZMZQe.exe
  C:\Windows\System\LJZMZQe.exe
  2⤵
  PID:8200
- C:\Windows\System\oeMckhn.exe
  C:\Windows\System\oeMckhn.exe
  2⤵
  PID:9176
- C:\Windows\System\Kadfwwm.exe
  C:\Windows\System\Kadfwwm.exe
  2⤵
  PID:8288
- C:\Windows\System\kZWVgnJ.exe
  C:\Windows\System\kZWVgnJ.exe
  2⤵
  PID:8256
- C:\Windows\System\vcdYaJA.exe
  C:\Windows\System\vcdYaJA.exe
  2⤵
  PID:2300
- C:\Windows\System\AWwxEYX.exe
  C:\Windows\System\AWwxEYX.exe
  2⤵
  PID:1492
- C:\Windows\System\fKOnSpD.exe
  C:\Windows\System\fKOnSpD.exe
  2⤵
  PID:8304
- C:\Windows\System\BphREYv.exe
  C:\Windows\System\BphREYv.exe
  2⤵
  PID:8468
- C:\Windows\System\MOfBRUg.exe
  C:\Windows\System\MOfBRUg.exe
  2⤵
  PID:8636
- C:\Windows\System\qnPsXMC.exe
  C:\Windows\System\qnPsXMC.exe
  2⤵
  PID:8380
- C:\Windows\System\hPRxnMP.exe
  C:\Windows\System\hPRxnMP.exe
  2⤵
  PID:8612
- C:\Windows\System\ExzLKWc.exe
  C:\Windows\System\ExzLKWc.exe
  2⤵
  PID:8556
- C:\Windows\System\ebEhylz.exe
  C:\Windows\System\ebEhylz.exe
  2⤵
  PID:8732
- C:\Windows\System\qxqcYzr.exe
  C:\Windows\System\qxqcYzr.exe
  2⤵
  PID:8740
- C:\Windows\System\aXXwUHW.exe
  C:\Windows\System\aXXwUHW.exe
  2⤵
  PID:8796
- C:\Windows\System\yYBBhKx.exe
  C:\Windows\System\yYBBhKx.exe
  2⤵
  PID:8920
- C:\Windows\System\lLdeLLo.exe
  C:\Windows\System\lLdeLLo.exe
  2⤵
  PID:8832
- C:\Windows\System\baegPuL.exe
  C:\Windows\System\baegPuL.exe
  2⤵
  PID:8976
- C:\Windows\System\dUBPmCb.exe
  C:\Windows\System\dUBPmCb.exe
  2⤵
  PID:9000
- C:\Windows\System\ztLkJgj.exe
  C:\Windows\System\ztLkJgj.exe
  2⤵
  PID:9188
- C:\Windows\System\UklYJNe.exe
  C:\Windows\System\UklYJNe.exe
  2⤵
  PID:9092
- C:\Windows\System\ltRnFMg.exe
  C:\Windows\System\ltRnFMg.exe
  2⤵
  PID:9112
- C:\Windows\System\ICkrweN.exe
  C:\Windows\System\ICkrweN.exe
  2⤵
  PID:9144
- C:\Windows\System\whOaLaB.exe
  C:\Windows\System\whOaLaB.exe
  2⤵
  PID:8320
- C:\Windows\System\QrXRDAG.exe
  C:\Windows\System\QrXRDAG.exe
  2⤵
  PID:8384
- C:\Windows\System\zyBtMjk.exe
  C:\Windows\System\zyBtMjk.exe
  2⤵
  PID:8588
- C:\Windows\System\QZrAjoM.exe
  C:\Windows\System\QZrAjoM.exe
  2⤵
  PID:8444
- C:\Windows\System\XIxrwgt.exe
  C:\Windows\System\XIxrwgt.exe
  2⤵
  PID:8712
- C:\Windows\System\gjaBFKP.exe
  C:\Windows\System\gjaBFKP.exe
  2⤵
  PID:8620
- C:\Windows\System\mFvGUlQ.exe
  C:\Windows\System\mFvGUlQ.exe
  2⤵
  PID:8932
- C:\Windows\System\PyKopOJ.exe
  C:\Windows\System\PyKopOJ.exe
  2⤵
  PID:8896
- C:\Windows\System\rqWgVUg.exe
  C:\Windows\System\rqWgVUg.exe
  2⤵
  PID:8844
- C:\Windows\System\pYUdyVq.exe
  C:\Windows\System\pYUdyVq.exe
  2⤵
  PID:9060
- C:\Windows\System\JLuwWcp.exe
  C:\Windows\System\JLuwWcp.exe
  2⤵
  PID:8260
- C:\Windows\System\qVLPRsw.exe
  C:\Windows\System\qVLPRsw.exe
  2⤵
  PID:8212
- C:\Windows\System\KmzcmOT.exe
  C:\Windows\System\KmzcmOT.exe
  2⤵
  PID:8432
- C:\Windows\System\mRNlorF.exe
  C:\Windows\System\mRNlorF.exe
  2⤵
  PID:8492
- C:\Windows\System\gYdxabh.exe
  C:\Windows\System\gYdxabh.exe
  2⤵
  PID:8772
- C:\Windows\System\rMckAwF.exe
  C:\Windows\System\rMckAwF.exe
  2⤵
  PID:8816
- C:\Windows\System\vywDmiv.exe
  C:\Windows\System\vywDmiv.exe
  2⤵
  PID:8988
- C:\Windows\System\HvBTIMS.exe
  C:\Windows\System\HvBTIMS.exe
  2⤵
  PID:9076
- C:\Windows\System\qxdcKui.exe
  C:\Windows\System\qxdcKui.exe
  2⤵
  PID:8264
- C:\Windows\System\JUTCMMO.exe
  C:\Windows\System\JUTCMMO.exe
  2⤵
  PID:8584
- C:\Windows\System\VSXbtbT.exe
  C:\Windows\System\VSXbtbT.exe
  2⤵
  PID:8680
- C:\Windows\System\qqhWAov.exe
  C:\Windows\System\qqhWAov.exe
  2⤵
  PID:9044
- C:\Windows\System\lOtshhM.exe
  C:\Windows\System\lOtshhM.exe
  2⤵
  PID:8888
- C:\Windows\System\bbzqEmX.exe
  C:\Windows\System\bbzqEmX.exe
  2⤵
  PID:8488
- C:\Windows\System\oeqDHcV.exe
  C:\Windows\System\oeqDHcV.exe
  2⤵
  PID:9016
- C:\Windows\System\gKusTkY.exe
  C:\Windows\System\gKusTkY.exe
  2⤵
  PID:9140
- C:\Windows\System\tqfPStE.exe
  C:\Windows\System\tqfPStE.exe
  2⤵
  PID:8364
- C:\Windows\System\DdESxIx.exe
  C:\Windows\System\DdESxIx.exe
  2⤵
  PID:8736
- C:\Windows\System\ltyBDNB.exe
  C:\Windows\System\ltyBDNB.exe
  2⤵
  PID:9220
- C:\Windows\System\PIUJjhC.exe
  C:\Windows\System\PIUJjhC.exe
  2⤵
  PID:9240
- C:\Windows\System\PjNddIC.exe
  C:\Windows\System\PjNddIC.exe
  2⤵
  PID:9260
- C:\Windows\System\PeeuoKC.exe
  C:\Windows\System\PeeuoKC.exe
  2⤵
  PID:9284
- C:\Windows\System\OjMaRkL.exe
  C:\Windows\System\OjMaRkL.exe
  2⤵
  PID:9300
- C:\Windows\System\ZdtrNNB.exe
  C:\Windows\System\ZdtrNNB.exe
  2⤵
  PID:9316
- C:\Windows\System\xTbPQcy.exe
  C:\Windows\System\xTbPQcy.exe
  2⤵
  PID:9340
- C:\Windows\System\PsczXwg.exe
  C:\Windows\System\PsczXwg.exe
  2⤵
  PID:9356
- C:\Windows\System\JUffTeZ.exe
  C:\Windows\System\JUffTeZ.exe
  2⤵
  PID:9380
- C:\Windows\System\JordQXd.exe
  C:\Windows\System\JordQXd.exe
  2⤵
  PID:9404
- C:\Windows\System\AQQRjZU.exe
  C:\Windows\System\AQQRjZU.exe
  2⤵
  PID:9420
- C:\Windows\System\WGpIbnG.exe
  C:\Windows\System\WGpIbnG.exe
  2⤵
  PID:9436
- C:\Windows\System\golgijZ.exe
  C:\Windows\System\golgijZ.exe
  2⤵
  PID:9452
- C:\Windows\System\EhTAvLi.exe
  C:\Windows\System\EhTAvLi.exe
  2⤵
  PID:9468
- C:\Windows\System\jFEMcBx.exe
  C:\Windows\System\jFEMcBx.exe
  2⤵
  PID:9488
- C:\Windows\System\GuedtPp.exe
  C:\Windows\System\GuedtPp.exe
  2⤵
  PID:9508
- C:\Windows\System\uqlUyXW.exe
  C:\Windows\System\uqlUyXW.exe
  2⤵
  PID:9544
- C:\Windows\System\LcaHzij.exe
  C:\Windows\System\LcaHzij.exe
  2⤵
  PID:9564
- C:\Windows\System\MtZEZqv.exe
  C:\Windows\System\MtZEZqv.exe
  2⤵
  PID:9580
- C:\Windows\System\LIYelLf.exe
  C:\Windows\System\LIYelLf.exe
  2⤵
  PID:9600
- C:\Windows\System\GpOVKAw.exe
  C:\Windows\System\GpOVKAw.exe
  2⤵
  PID:9616
- C:\Windows\System\vPXPJjV.exe
  C:\Windows\System\vPXPJjV.exe
  2⤵
  PID:9636
- C:\Windows\System\okikTxp.exe
  C:\Windows\System\okikTxp.exe
  2⤵
  PID:9656
- C:\Windows\System\Poevmwv.exe
  C:\Windows\System\Poevmwv.exe
  2⤵
  PID:9684
- C:\Windows\System\VYcVWAZ.exe
  C:\Windows\System\VYcVWAZ.exe
  2⤵
  PID:9708
- C:\Windows\System\ENYZyad.exe
  C:\Windows\System\ENYZyad.exe
  2⤵
  PID:9728
- C:\Windows\System\PaORZan.exe
  C:\Windows\System\PaORZan.exe
  2⤵
  PID:9744
- C:\Windows\System\SEpwUQx.exe
  C:\Windows\System\SEpwUQx.exe
  2⤵
  PID:9764
- C:\Windows\System\MzMyHPj.exe
  C:\Windows\System\MzMyHPj.exe
  2⤵
  PID:9780
- C:\Windows\System\wmMcWVp.exe
  C:\Windows\System\wmMcWVp.exe
  2⤵
  PID:9800
- C:\Windows\System\NqUjmeP.exe
  C:\Windows\System\NqUjmeP.exe
  2⤵
  PID:9816
- C:\Windows\System\mOMixGX.exe
  C:\Windows\System\mOMixGX.exe
  2⤵
  PID:9832
- C:\Windows\System\PHPmtvD.exe
  C:\Windows\System\PHPmtvD.exe
  2⤵
  PID:9852
- C:\Windows\System\TkzcSnZ.exe
  C:\Windows\System\TkzcSnZ.exe
  2⤵
  PID:9880
- C:\Windows\System\oPBHxIq.exe
  C:\Windows\System\oPBHxIq.exe
  2⤵
  PID:9900
- C:\Windows\System\LyPKmAT.exe
  C:\Windows\System\LyPKmAT.exe
  2⤵
  PID:9916
- C:\Windows\System\oAwXKDM.exe
  C:\Windows\System\oAwXKDM.exe
  2⤵
  PID:9940
- C:\Windows\System\WwJVaHA.exe
  C:\Windows\System\WwJVaHA.exe
  2⤵
  PID:9956
- C:\Windows\System\LPJLZaF.exe
  C:\Windows\System\LPJLZaF.exe
  2⤵
  PID:9976
- C:\Windows\System\mjMWAPs.exe
  C:\Windows\System\mjMWAPs.exe
  2⤵
  PID:9996
- C:\Windows\System\DRQBceB.exe
  C:\Windows\System\DRQBceB.exe
  2⤵
  PID:10032
- C:\Windows\System\OdBnAqY.exe
  C:\Windows\System\OdBnAqY.exe
  2⤵
  PID:10052
- C:\Windows\System\OwRjwJa.exe
  C:\Windows\System\OwRjwJa.exe
  2⤵
  PID:10068
- C:\Windows\System\dEwdvxV.exe
  C:\Windows\System\dEwdvxV.exe
  2⤵
  PID:10084
- C:\Windows\System\ELoXvoF.exe
  C:\Windows\System\ELoXvoF.exe
  2⤵
  PID:10100
- C:\Windows\System\cRmchjS.exe
  C:\Windows\System\cRmchjS.exe
  2⤵
  PID:10116
- C:\Windows\System\nysdmFx.exe
  C:\Windows\System\nysdmFx.exe
  2⤵
  PID:10136
- C:\Windows\System\wLUdhkA.exe
  C:\Windows\System\wLUdhkA.exe
  2⤵
  PID:10156
- C:\Windows\System\ozfrbbC.exe
  C:\Windows\System\ozfrbbC.exe
  2⤵
  PID:10176
- C:\Windows\System\lmnZpps.exe
  C:\Windows\System\lmnZpps.exe
  2⤵
  PID:10192
- C:\Windows\System\EDNWkvd.exe
  C:\Windows\System\EDNWkvd.exe
  2⤵
  PID:10220
- C:\Windows\System\HOegTLY.exe
  C:\Windows\System\HOegTLY.exe
  2⤵
  PID:7456
- C:\Windows\System\GRFrfaC.exe
  C:\Windows\System\GRFrfaC.exe
  2⤵
  PID:9236
- C:\Windows\System\NDiJcIM.exe
  C:\Windows\System\NDiJcIM.exe
  2⤵
  PID:9296
- C:\Windows\System\NgsmrSu.exe
  C:\Windows\System\NgsmrSu.exe
  2⤵
  PID:9336
- C:\Windows\System\adqJvAN.exe
  C:\Windows\System\adqJvAN.exe
  2⤵
  PID:9368
- C:\Windows\System\yXbbuot.exe
  C:\Windows\System\yXbbuot.exe
  2⤵
  PID:9392
- C:\Windows\System\RuBxvZu.exe
  C:\Windows\System\RuBxvZu.exe
  2⤵
  PID:9432
- C:\Windows\System\khpLRsZ.exe
  C:\Windows\System\khpLRsZ.exe
  2⤵
  PID:9416
- C:\Windows\System\cuEgWSm.exe
  C:\Windows\System\cuEgWSm.exe
  2⤵
  PID:9484
- C:\Windows\System\GVEKGPT.exe
  C:\Windows\System\GVEKGPT.exe
  2⤵
  PID:9560
- C:\Windows\System\vTYccwZ.exe
  C:\Windows\System\vTYccwZ.exe
  2⤵
  PID:9596
- C:\Windows\System\VOKutVz.exe
  C:\Windows\System\VOKutVz.exe
  2⤵
  PID:9524
- C:\Windows\System\TJkdLIq.exe
  C:\Windows\System\TJkdLIq.exe
  2⤵
  PID:9576
- C:\Windows\System\xyErrSP.exe
  C:\Windows\System\xyErrSP.exe
  2⤵
  PID:9668
- C:\Windows\System\eMpClEb.exe
  C:\Windows\System\eMpClEb.exe
  2⤵
  PID:9680
- C:\Windows\System\vhXfqWI.exe
  C:\Windows\System\vhXfqWI.exe
  2⤵
  PID:9724
- C:\Windows\System\oNKkphj.exe
  C:\Windows\System\oNKkphj.exe
  2⤵
  PID:9756
- C:\Windows\System\YYbSHQw.exe
  C:\Windows\System\YYbSHQw.exe
  2⤵
  PID:9828
- C:\Windows\System\iBAAXES.exe
  C:\Windows\System\iBAAXES.exe
  2⤵
  PID:9776
- C:\Windows\System\mVuvAOD.exe
  C:\Windows\System\mVuvAOD.exe
  2⤵
  PID:9948
- C:\Windows\System\NufewNY.exe
  C:\Windows\System\NufewNY.exe
  2⤵
  PID:9896
- C:\Windows\System\duhIhbC.exe
  C:\Windows\System\duhIhbC.exe
  2⤵
  PID:10008
- C:\Windows\System\UUXemqE.exe
  C:\Windows\System\UUXemqE.exe
  2⤵
  PID:9928
- C:\Windows\System\FSeBKZE.exe
  C:\Windows\System\FSeBKZE.exe
  2⤵
  PID:9528
- C:\Windows\System\RIiDHlH.exe
  C:\Windows\System\RIiDHlH.exe
  2⤵
  PID:10040
- C:\Windows\System\JfxgdjB.exe
  C:\Windows\System\JfxgdjB.exe
  2⤵
  PID:10080
- C:\Windows\System\vgUkMAL.exe
  C:\Windows\System\vgUkMAL.exe
  2⤵
  PID:10148
- C:\Windows\System\boCNzuc.exe
  C:\Windows\System\boCNzuc.exe
  2⤵
  PID:10124
- C:\Windows\System\VPhakWy.exe
  C:\Windows\System\VPhakWy.exe
  2⤵
  PID:10212
- C:\Windows\System\yfXDDQM.exe
  C:\Windows\System\yfXDDQM.exe
  2⤵
  PID:10092
- C:\Windows\System\mSqgKxa.exe
  C:\Windows\System\mSqgKxa.exe
  2⤵
  PID:10204
- C:\Windows\System\IlQSbfu.exe
  C:\Windows\System\IlQSbfu.exe
  2⤵
  PID:9276
- C:\Windows\System\liEaEAg.exe
  C:\Windows\System\liEaEAg.exe
  2⤵
  PID:9292
- C:\Windows\System\PjsYVEh.exe
  C:\Windows\System\PjsYVEh.exe
  2⤵
  PID:9332
- C:\Windows\System\RSOJlvd.exe
  C:\Windows\System\RSOJlvd.exe
  2⤵
  PID:9504
- C:\Windows\System\xJrfqbp.exe
  C:\Windows\System\xJrfqbp.exe
  2⤵
  PID:9444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AGRvUFN.exe

Filesize
6.0MB

MD5
a87112f892e632d8bded6a2c1debfcdf

SHA1
dbabfdffe2b445e95280150119accb080e1f40fb

SHA256
a6665bbb4744087ba948b77625d124636510b257abfe4b49e8e04cfeae501c80

SHA512
91864ae1f13ee08558e5b3589f86bb23643cdfa5b78fa9397a713937884815b8f14292a800ee36a1a4a59df2292252972af70428a2d3fdb88010cba59e417595

Download Submit
C:\Windows\system\HJwlCjt.exe

Filesize
6.0MB

MD5
6d8ddb6f71e4716d01af9b249742c953

SHA1
e6e773b1426ffa3a3d4e40f25f9b2f6b5904bcbe

SHA256
3707dd197118cebced7df0c21bc3b76252c51ba1fa8c3c19cbb36acea7bfd791

SHA512
9368757df49098b50ab951eab5ce8f69059559d1d39c4c61802fc7fc209920918a25bf7b985fe5ac8f88f23070261b9930a3980d2acf0515cb4a71d4aee6a3c6

Download Submit
C:\Windows\system\IDuROVH.exe

Filesize
6.0MB

MD5
4b2e9df7bec4d5020b01b312d8a0420b

SHA1
d7270b28401580ee2adb13816b8a5423d18152e2

SHA256
e41d71bd601d8b47a8164e665ced928bc6ed51f9fe404fb8cc75bf3aa2490076

SHA512
e4c6dcdfd6bbfe048a1236afac9bdc304acde00dc6a93c52aae8d9a72beb8c8f8c9b33192ebe6e36552f72141fb0949a8f785f8bf36dac1010d299240204d3c4

Download Submit
C:\Windows\system\NwXeJFj.exe

Filesize
6.0MB

MD5
7fc1e067619d8a6ea6d0cbad61e180bc

SHA1
e6e3e4b1ee12a01035a2dd7fe80c47374c1f8441

SHA256
74f111034af4b731e2623f669b48aa3371de02a2d4f0b8bba6dfa18e296c17cd

SHA512
a075b98e21cd2734517b7c37308aae2d33a37fe3de65bf4f3f09863a022d875b3823c9662ee4f73a815bba7925f36da4fb70580b813a14c4c0f8a3bf765a2fea

Download Submit
C:\Windows\system\PmIlUsN.exe

Filesize
6.0MB

MD5
5a6417a1372ede2e0f9e9f670ebf5307

SHA1
06e4c1d8a11f12b979392ec42add5a38bdb9bcf1

SHA256
54eed0d61ab39138061f4dddfd580ca2549e0998727f72ebebca2cae443a848a

SHA512
9225f84f87cef0097507646efa21e401433b5f70d30bac0ead5ee05dd833c79dc746ea971c975336223c038e4309b94f5775e483c3c7406ed0331baca9d51e9b

Download Submit
C:\Windows\system\RHidyeA.exe

Filesize
6.0MB

MD5
876c984c389419c8e79c2d7cac8753a6

SHA1
40a3c9e4a5e1ce62ccac7ff0428752c44d99ebc5

SHA256
6430c28e3541033ddbde75143ce26fd6b15f15cd2226d038840da17a541fe3d3

SHA512
9543f35d3eeb4743f6ba4cf6b3b70ac36b314380f137ba99b43bb4d49a34bef7287b6d6d2ed4fcf463fdd6f040ba4ee860408536fe3a5c550b827490261d15c3

Download Submit
C:\Windows\system\TYejvxa.exe

Filesize
6.0MB

MD5
7490c3ba70e0d820b2588c92c9b4948a

SHA1
986c769a6737866a54a412c50e1e53bcb729022b

SHA256
9258b0343a353d2bebb636871e3b99617fa4374ab1a5e45c9c3937166673dafc

SHA512
2c89f30b2aa81704c4cf4abbc0249744f59d4dfbe7fa63ad1176e04a765f687141f5e3634a57ff93011bbefbb2e57730c3962cf511405fa36b7b561dd702366b

Download Submit
C:\Windows\system\cZKoLOG.exe

Filesize
6.0MB

MD5
d18af610f15c8a2b78f6ee6a22758135

SHA1
9d1c391d003a036bc80609438582772c4a48f100

SHA256
de0b1e31050659db834ca9be16283d00275424501aaecbc7500b5d0c2e136d12

SHA512
539407ae49d6a0e433ff6ff13eb2ef78b2f7ac46b19b8b4f378a446063095848867d8d31c35375fd4f29fdbd67ff9fdbc013f462c06e9492915f41221810bb9d

Download Submit
C:\Windows\system\dYCMqAZ.exe

Filesize
6.0MB

MD5
261c43e63adc416c69922b68d39343dd

SHA1
fa62925262173e02937bc1c08cdbf6bff23e901a

SHA256
264dedd5d7422321a81b6a21e654f0cc977a97191372653bab37fe91f2fcab35

SHA512
f000bfec8e5fdf6a228ff39c07afbddf8b6c3a3b87b9c2d31322d88e77c3817c0d98210f88ec79047404f2f5ba9c974ea3cc30047fe233eed6b2f0e994df915f

Download Submit
C:\Windows\system\dxTOpte.exe

Filesize
6.0MB

MD5
f3c9880946f4262ec1a30f2d4ac8455a

SHA1
862cdc30cffc3bb47f1cc2228e3118d24514f721

SHA256
ad44c66f1f0bf5685b558e24b8fa43de6c3fe326c425e6794e37804d73773afb

SHA512
94c9d89dd8eabc0beadbdf3d02000a403c9c6b38c331fa5fb7f6f267eee9da0379d87e0a99e25e1cfcdadc9eb5dea7324c0679aeb66642e0e410cf522b48d3ce

Download Submit
C:\Windows\system\edGmtbN.exe

Filesize
6.0MB

MD5
d17fed11b0e351b21a4543d763106c30

SHA1
3197d89f07a817730fdd1172c16b7d0242cc7b3e

SHA256
cf09973e009a03ed2c2971821ec6338c18fee7989887a69193a7babe50b0ab69

SHA512
bb152651935ae7e7aa7db892293e9d97a82ea72f55864392e4b3201d6296c0bc6d84c33d9dade72dbc544f937af42761d4dd3936f187ca5d48c8175b33e3ee24

Download Submit
C:\Windows\system\fniXapc.exe

Filesize
6.0MB

MD5
af3530672b6ec14174d4f21c4d631fc9

SHA1
e42c7ed011b71d4bccb32ae644f2b537dfe5a7b6

SHA256
cccc98c06dfbbef4113ae35cd7380e77d88a418bd98339b0d863823dff719571

SHA512
96c22650d00b84865ca48da6148e20880ea9f04cfd4887767dafd847859ce0f6b9e173d717e384cc96f7c1ef7fb2bcbe75451a46a18293fd382c995db16ba13b

Download Submit
C:\Windows\system\grJthPO.exe

Filesize
6.0MB

MD5
24b3fb1a7598251824da9cf09a03d080

SHA1
104c956e8cd73b0696063844b82ddccfa15ac489

SHA256
88717a79b9f00694f5aaf5ddfb28a1dfc251e69e824c0b11c0d6098fe106c2ba

SHA512
6a22db2e50a2908e4cf46f3f4f65f682eae455008737b1667276baf72e4b7379de33e4beb08be2a1d0bb97f3db34f0795800b4d5a4e826b7338be1e3c1113510

Download Submit
C:\Windows\system\gwWamaf.exe

Filesize
6.0MB

MD5
0faab743060dc34514727abd61e351d0

SHA1
e1469457ae8b0accff1ecada43b4a0d837bf6c09

SHA256
5b954cd11be5d978ed71915c35189cf4344e554027bb59e045ca8e8df961502d

SHA512
a37b75da7b877e1ce274c57f8a229776733b8bb9bd86e6f97ddbfff05623fb371067cd84df7cbd97c5d09814f1f8124278b59288cca48229d59a00bef2f11135

Download Submit
C:\Windows\system\hJuQUpI.exe

Filesize
6.0MB

MD5
afcff0754b8b610373d785362d96a64d

SHA1
b709b9076cf48fd510f322f7fcdc7e126b27cf74

SHA256
c8a260c05a070605c94a58b630e8b1ccc574aeb0d15bd7327cdeb7b686fd6e30

SHA512
a9dbce06064a5d300a14e652806e54f10aa0bf9ab880bc10849f8ad66c6825a537a7cbe722a3cadabd24bd81de5bff8236cc8221ec08176d36282fce9e9bbb0a

Download Submit
C:\Windows\system\lsQjdwF.exe

Filesize
6.0MB

MD5
f7ba7e1aa82e16c388b0f7f46832e2be

SHA1
0efce9a847a0581ac9d6a828a6d6b853b202fc7c

SHA256
e9f4c862880abe7df552c9faf92224e72e4b9c0fada8a17fde3fd0acbb4d9427

SHA512
07db1dd1092213279045266847a9e14116f44c725144823c04260245db3537c7250b41c26b176d701a6ddcc3ca68634e396a9663524253f277bbcaf8ad42d818

Download Submit
C:\Windows\system\mghikyp.exe

Filesize
6.0MB

MD5
d24a9d7cd22e59463cc17f3c120180b3

SHA1
174c897a8dbaee45e1cb197e83566d5d2f904e98

SHA256
54a3fffd1a402f406c5f705945f9deaaa991b205812631d016a4c5e023fa347d

SHA512
a22bb752d5c8bad5fe4a5d70b0bac6d9956abee67eca4855c5a605750e4044987a8514c76d39e217ff7e5e1b4c5296f72e5fd39bde0b65151e1225d119fdc6fa

Download Submit
C:\Windows\system\ngASBbb.exe

Filesize
6.0MB

MD5
538b1c369b5cd68296aa03582c299f29

SHA1
36ba0c2a687a84a5e14bd0ae6c1b83a85258e242

SHA256
6b8fa11b527ccf2a800f6674a2be64e8945fda862a58d10d3dd74815d65e9301

SHA512
c47ad6cfa736d05f298daa4130304f1656fddb59e009b220641cb601d784d5fe25d4393e6afd9fc40673fb79c24198a760d488c237219c55d2eea98c0350a328

Download Submit
C:\Windows\system\ngNxckx.exe

Filesize
6.0MB

MD5
0a6a317717a235b99348dd3872299154

SHA1
fdb60859d9e96dd3b11f9963a0bafa117b503117

SHA256
0de595a675972841082d5379543d45eaa125918424823705ff6aaa62d9cfaee2

SHA512
67a7bcb17a526bc454925235f7bb5b1e6b41c7a4f89e352ac94ca7321365e63ba9282ac135f7788e0ced41ef3625c37387894244364f7da2595afb4792a1baf3

Download Submit
C:\Windows\system\pWnYpnb.exe

Filesize
6.0MB

MD5
079399b23d860524c7f68e346d1d8c61

SHA1
b2c23737e2002e95af65da9850d66454fcc37c19

SHA256
aaaa8b9cf7fc5bb318e362e6c59f42399dfdf5811d75ccbae541d5dcc3581624

SHA512
4585a20504d070ec518db3cd06ebebd5a88f8cecf63c67f8169b3f1b245b68351e493c7c164b9e23156d4f2fc3b6181116e66c479b5938423e432e3b378c08f7

Download Submit
C:\Windows\system\qelTfgK.exe

Filesize
6.0MB

MD5
b478532fe2c431fc674a78050219b0f4

SHA1
7c246a1d8b18116a0a28b9835e12324d0792a06e

SHA256
f596ec928c9d75c79c243fd6c499349eb7b03709e13489242d027d128e6f8277

SHA512
2937d5f965375cc00942f0103777ed30de44c46877c8a36298c7332a5d2d96ab4a199659c5afcbc50aedf0b27100f06967e3d40260ef7ad898ae8312cdd37ce7

Download Submit
C:\Windows\system\qmUvSft.exe

Filesize
6.0MB

MD5
4a50e8bf743a0143a6ff793a857d206e

SHA1
b2ac4c3a36ae728bb3e1c05ebfe46eee7560378e

SHA256
1fe9dfd5651a3f5c9439fe8910158ca16ff23b777893310391f69d4e0ba34b6d

SHA512
af2db77bc6d0b39f794f2a1a58a7348e69579ec65f9084aecff8ddbe1987373d70119cb6cd09e3ea73e1919ab255eec297fec44aee64c8f9a3b87601dea2fae8

Download Submit
C:\Windows\system\sBSslhi.exe

Filesize
6.0MB

MD5
bcc8e047377100648c120a4e268f07e4

SHA1
cb9a451eeb0b8e909e44ec5e2a0448b88c07e797

SHA256
2d2e601b971ee4e21e453b10429218dbe229814cf6089088bc86b0f6f6445338

SHA512
e0619395c0a45f50bf7acfdc3353651767dc3dcd8d6b23218db93183be271635f89402683dfd5d567eb3ba1444c2a2f5d45da001a011b5f64983b3c32b19813f

Download Submit
C:\Windows\system\sStCFUZ.exe

Filesize
6.0MB

MD5
7c7e5f223ac1d580ecd1cc59dd92e455

SHA1
a9d30076a2b108400c9346fca13e6797050c52a4

SHA256
9019144e7a78ee28e28d86d4fbd9506f11656972f7eb435614b0b91d5042eb7f

SHA512
8d5cd08c745a7b2c06ce744a0d6771214b2f99de0cbaf45d4a96ee17705654a2f86587d2f0ddb9a00de19564dbfd340db74eafb06ca61b783e7650f009f9664f

Download Submit
C:\Windows\system\umWucJO.exe

Filesize
6.0MB

MD5
3900f3e6ee2339fdf64ef264f20d14a9

SHA1
dea6c7361d19d7ae3b5dd9b40e240e7a2727a81b

SHA256
2bdaeb649a1101d41bdedcbb4e81a0a158886bec5347224559cac2f18c87c36f

SHA512
75069c2013e11043eeb18ef535e1474aed28b0761b06175533e8a102e7b3c805f0cf3325e32caa1bb8bd45bf0b19d0ff448b6a0ccbd5efb50b4b8104acbc07c7

Download Submit
C:\Windows\system\wKtqTjB.exe

Filesize
6.0MB

MD5
f122a4d0a39b14c11d883d176acbb0fd

SHA1
8eedb5f9faf1520e1daf531e521074c6812629fb

SHA256
0d8ab2bc044e53dd6aa5de840fbe53527ac7241a1ec115e87bb440ebd65cff75

SHA512
c1ade04b026796cba97d2c05bc837256baba1cc8cd7dae5a9d117ac30e9be739c0c9556a45be38607ba9275ea1cec26db2aedd0c22403a136d6c7595dca6b854

Download Submit
C:\Windows\system\zHdvYRb.exe

Filesize
6.0MB

MD5
93d44812d3c66b5ffd2fe1bf0a257cc9

SHA1
f7a6edffa625f82aed3d17bef027489438bc0fa5

SHA256
0a0607fab931b0bc16a635e656c790054978241c412941c360253e121161a99e

SHA512
67bfdb578b117d80beb992a729a822b902315d2f4bb26e39903df30bf83729eaa44f67ac25131b6b131157c85e53060fd4bb6756a6de6f4bb7c42ad2fb093e88

Download Submit
C:\Windows\system\zvHllGC.exe

Filesize
6.0MB

MD5
289899a1608e0a939daa6ffde826d25e

SHA1
92dca1087b44d9565b022c80c90f6a6293d8104a

SHA256
b1db1d7594168e74568c1c1f11bf4a07f0e63ba81cb36abac557183a104ca688

SHA512
ac170425f711a5c080b14a8119e194ecdeb38135e504415c652533b3484b65b7431744625453110c1200b51b39847c8041d8106b7f07a5fec293e8e7c7ea8a6d

Download Submit
\Windows\system\BcgkZsI.exe

Filesize
6.0MB

MD5
149d4bd37d24e5e4e0a139fd5d4f6d18

SHA1
cc4d35f1dfd5d324b8b84c5752adc4aa59465385

SHA256
7da2e0e6176e6b16f800e2702cd4947941943cea9d9f49559f34b99bced89779

SHA512
e717793ec4ef622e7a696ca55ceae6c648bad7867ef1a5f40b673108ef592782ff0770b4bb5cb8d9852dbb547056dcea941730ef07b11245b7c5434980861d57

Download Submit
\Windows\system\ODxvdwQ.exe

Filesize
6.0MB

MD5
8de9ccd34a40dcfaf7a6dc93510816ee

SHA1
985d95eaa0bd36ff4da621b3fa394a2c4b213dd9

SHA256
b7496c75b9922624c881bb3a9ce18e1ca9db893e3a67b6869e03a48e3ab0c270

SHA512
e61b68b745ec1fdb330dd73d3d5a6107a7962cde25a75b901dc98d2d514c202072761fedcb48bc7abd6e008d2b2b03d6bb3fe75bf602046d8f9fa340c227ea00

Download Submit
\Windows\system\ekzHrpn.exe

Filesize
6.0MB

MD5
c0431f504207aa90bd1237e4aed56d8e

SHA1
b25bdf6e28c2087ff5c55824d044ff099307762a

SHA256
7e37626ee791031c321d5fa99737de97b20929e274112678115df886906392b3

SHA512
eb0fdfe0174e1ce0d05a28b7a1ac51fbd492f7b2452b07cc9e69830d281c3126c55e74e0e70361975aa933087ca9f7392340568a00d50b8efc7e72bba718f2d8

Download Submit
\Windows\system\xngwohB.exe

Filesize
6.0MB

MD5
383b45ad3ad124442058f5a7367847cd

SHA1
d22e4da61d9e9493d795562f61815e1d9645d4f9

SHA256
e9fa6d8a71fad14314378147fa3b9dda7f82359886454e54e75efc0c806d68ef

SHA512
9e13513e154cb0a125d0dd22cf6c01464ebeed74d04371e8707cc9458c4e0dbc8458a5dc2fc3a33e1bbbe4db20e878bc016c98a1a9337dca54781fc30bbc17c7

Download Submit
memory/1056-56-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-3323-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-20-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-690-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1096-99-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1096-3346-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1976-27-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-3313-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-65-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-109-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-3341-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-858-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-511-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2200-3342-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2200-91-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2244-98-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2244-57-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2244-3334-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2280-42-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2280-3319-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2280-81-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2316-95-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2316-70-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-599-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2316-86-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-85-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-94-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-104-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-783-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-0-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2316-443-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-933-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-103-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-22-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-112-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-12-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2316-62-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-18-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2316-31-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2316-46-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2316-53-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-113-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-35-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2360-3312-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2360-36-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2360-73-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2364-14-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2364-50-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2364-3316-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3321-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2516-10-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2516-39-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3338-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-66-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-108-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-74-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2588-3336-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2588-236-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2756-90-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-51-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3337-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-82-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/3036-382-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/3036-3340-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download