cobaltstrike | 080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
Size

6.0MB
MD5

0f3a64912e7600c6fb107fb9daf8fe64
SHA1

08a918d4cef4dfda83a9a30c1d40815601150db1
SHA256

080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b
SHA512

5381182bb720e4f3264fb8370c173b5e9634bfe9f6ba0b5ad510c93825f0833138f82a2c1056231eaa826d427655876ac497b03cf0d4cd65596034ad2fd5f4af
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUF:T+q56utgpPF8u/7F

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000016cfe-10.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000012263-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0b-9.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c58-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d24-41.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d13-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d2e-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d36-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-112.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-198.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-137.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-117.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-103.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-94.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001752f-86.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174ac-79.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d47-72.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3f-65.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2516-0-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cfe-10.dat	xmrig
behavioral1/memory/2940-15-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x000c000000012263-12.dat	xmrig
behavioral1/memory/2992-16-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d0b-9.dat	xmrig
behavioral1/memory/3032-22-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x0009000000016c58-23.dat	xmrig
behavioral1/memory/3060-29-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2516-38-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2908-36-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2896-44-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d24-41.dat	xmrig
behavioral1/files/0x0008000000016d13-35.dat	xmrig
behavioral1/files/0x0007000000016d2e-45.dat	xmrig
behavioral1/memory/3032-52-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d36-56.dat	xmrig
behavioral1/memory/2760-58-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2516-53-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2744-66-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2596-73-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2980-87-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0005000000018690-112.dat	xmrig
behavioral1/files/0x00060000000190cd-122.dat	xmrig
behavioral1/files/0x00050000000191f3-132.dat	xmrig
behavioral1/files/0x0005000000019218-142.dat	xmrig
behavioral1/memory/2596-154-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2516-607-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/1868-855-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/1852-675-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2980-511-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/3012-340-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c4-198.dat	xmrig
behavioral1/files/0x00050000000193be-193.dat	xmrig
behavioral1/files/0x0005000000019389-188.dat	xmrig
behavioral1/files/0x0005000000019382-183.dat	xmrig
behavioral1/files/0x0005000000019277-178.dat	xmrig
behavioral1/files/0x0005000000019273-173.dat	xmrig
behavioral1/files/0x0005000000019271-169.dat	xmrig
behavioral1/files/0x000500000001926b-163.dat	xmrig
behavioral1/files/0x000500000001924c-158.dat	xmrig
behavioral1/files/0x0005000000019234-152.dat	xmrig
behavioral1/files/0x0005000000019229-147.dat	xmrig
behavioral1/files/0x00050000000191f7-137.dat	xmrig
behavioral1/files/0x00060000000190d6-127.dat	xmrig
behavioral1/files/0x000500000001879b-117.dat	xmrig
behavioral1/memory/2516-110-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2516-109-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/1868-105-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2744-104-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x0009000000018678-103.dat	xmrig
behavioral1/memory/1852-96-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2760-95-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x001500000001866d-94.dat	xmrig
behavioral1/memory/2516-91-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x000600000001752f-86.dat	xmrig
behavioral1/memory/3012-80-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x00060000000174ac-79.dat	xmrig
behavioral1/memory/2896-77-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d47-72.dat	xmrig
behavioral1/files/0x0008000000016d3f-65.dat	xmrig
behavioral1/memory/2516-61-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/3060-60-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2908-69-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2992	JHJzmEj.exe
2940	dQxWFXJ.exe
3032	cbxLiUB.exe
3060	JEWipzF.exe
2908	pZjaQaI.exe
2896	wOnlmrJ.exe
2892	tbSBNBt.exe
2760	ResEpyr.exe
2744	kuoTFdH.exe
2596	txGGPDv.exe
3012	ZCHSVOK.exe
2980	jmNhPhp.exe
1852	vXtRVic.exe
1868	gOVuigl.exe
1924	FSilTmN.exe
1720	DrbLsIm.exe
1892	AagrRje.exe
1560	xXbWysu.exe
1544	VIJSZHA.exe
856	VCvJtDu.exe
804	LruoouH.exe
840	vKqUaSh.exe
2268	KhjDugT.exe
1612	bFPnmXN.exe
2220	bkQkzer.exe
2216	KijfwkQ.exe
2124	oygsLjT.exe
584	nTSQiBm.exe
2444	SdTnfyT.exe
448	wBwKwvH.exe
3052	ZYAjlxq.exe
2548	cPDNFSG.exe
1304	XulReyc.exe
2468	CGppjSl.exe
2560	iqkfMmb.exe
836	NBhmmBO.exe
1468	gjlDrna.exe
2272	ZWJDajY.exe
1596	YvdKNtA.exe
860	aVSiHGX.exe
936	uqLCqmM.exe
1400	cihAwIm.exe
2464	UxhuldV.exe
2336	FSquhXQ.exe
732	PYfmvvD.exe
344	EYgAjmt.exe
2332	mAqkFOd.exe
2564	PolXmRc.exe
112	VovzQpz.exe
1416	DUlADRX.exe
3048	OtEONZu.exe
1996	eBxXSkr.exe
2656	xXYxRey.exe
1508	QpnncBC.exe
2956	PegYLDI.exe
2508	ySgFItx.exe
1488	NwijiDU.exe
2852	JThcWaD.exe
2720	KhBCNHF.exe
2052	FFyMDoF.exe
2872	oAXnZpt.exe
2188	OMzKOTX.exe
2824	ViDDAOJ.exe
2964	nEdIEqB.exe

Loads dropped DLL 64 IoCs

pid	Process
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2516-0-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x0008000000016cfe-10.dat	upx
behavioral1/memory/2940-15-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x000c000000012263-12.dat	upx
behavioral1/memory/2516-7-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2992-16-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0007000000016d0b-9.dat	upx
behavioral1/memory/3032-22-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x0009000000016c58-23.dat	upx
behavioral1/memory/3060-29-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2516-38-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2908-36-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2896-44-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0007000000016d24-41.dat	upx
behavioral1/files/0x0008000000016d13-35.dat	upx
behavioral1/files/0x0007000000016d2e-45.dat	upx
behavioral1/memory/3032-52-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x0007000000016d36-56.dat	upx
behavioral1/memory/2760-58-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2744-66-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2596-73-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2980-87-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0005000000018690-112.dat	upx
behavioral1/files/0x00060000000190cd-122.dat	upx
behavioral1/files/0x00050000000191f3-132.dat	upx
behavioral1/files/0x0005000000019218-142.dat	upx
behavioral1/memory/2596-154-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/1868-855-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/1852-675-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2980-511-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/3012-340-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x00050000000193c4-198.dat	upx
behavioral1/files/0x00050000000193be-193.dat	upx
behavioral1/files/0x0005000000019389-188.dat	upx
behavioral1/files/0x0005000000019382-183.dat	upx
behavioral1/files/0x0005000000019277-178.dat	upx
behavioral1/files/0x0005000000019273-173.dat	upx
behavioral1/files/0x0005000000019271-169.dat	upx
behavioral1/files/0x000500000001926b-163.dat	upx
behavioral1/files/0x000500000001924c-158.dat	upx
behavioral1/files/0x0005000000019234-152.dat	upx
behavioral1/files/0x0005000000019229-147.dat	upx
behavioral1/files/0x00050000000191f7-137.dat	upx
behavioral1/files/0x00060000000190d6-127.dat	upx
behavioral1/files/0x000500000001879b-117.dat	upx
behavioral1/memory/1868-105-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2744-104-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x0009000000018678-103.dat	upx
behavioral1/memory/1852-96-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2760-95-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x001500000001866d-94.dat	upx
behavioral1/files/0x000600000001752f-86.dat	upx
behavioral1/memory/3012-80-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x00060000000174ac-79.dat	upx
behavioral1/memory/2896-77-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0008000000016d47-72.dat	upx
behavioral1/files/0x0008000000016d3f-65.dat	upx
behavioral1/memory/3060-60-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2908-69-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2892-50-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2940-3519-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2992-3522-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/3032-3548-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/3060-3547-0x000000013FE20000-0x0000000140174000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FxuPMba.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\bjGQBed.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\WLQLoap.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\PzrPqRE.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\vLlVMcy.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\YcyMfif.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\nGhiTtI.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\BWaFszb.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\ncCLnNZ.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\FsqaAcL.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\hIRsnPo.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\eWkPltJ.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\oiVPvAo.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\ZQWhAVB.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\dBqUrAJ.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\WccHIYd.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\QnOpQgZ.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\cuvntwN.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\xDPbPDR.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\PYfmvvD.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\YCTmjja.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\fRqASph.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\UsezaEe.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\yBrevZQ.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\rpvGPnm.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\buKZSvM.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\YFvyOZe.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\GosoZft.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\TadcCgn.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\gBltjdK.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\yIofjCu.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\ZocLhHF.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\PMWwPkB.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\sPULraV.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\gEOScQG.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\lrVRpVK.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\RoCIRnc.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\JuhDBJw.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\ayOZcek.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\ViDDAOJ.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\JBTyvAA.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\kjJrRWh.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\zfvkvsl.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\SdTnfyT.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\UvagOyP.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\Vgodaiy.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\DvZaFfZ.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\WSGhWrd.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\RHKHHsA.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\kQfwLyw.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\KkBSRrF.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\JkITBID.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\fuyxLLW.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\PMeJWBv.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\vJaTtBA.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\IOZDxHq.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\nSkSeJj.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\bpJEVJd.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\EtGhdmZ.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\FCbVnuK.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\IRDnOtA.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\TfyXNfw.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\vAanWNB.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
File created	C:\Windows\System\UddEZCU.exe	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2940	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	31
PID 2516 wrote to memory of 2940	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	31
PID 2516 wrote to memory of 2940	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	31
PID 2516 wrote to memory of 2992	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	32
PID 2516 wrote to memory of 2992	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	32
PID 2516 wrote to memory of 2992	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	32
PID 2516 wrote to memory of 3032	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	33
PID 2516 wrote to memory of 3032	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	33
PID 2516 wrote to memory of 3032	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	33
PID 2516 wrote to memory of 3060	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	34
PID 2516 wrote to memory of 3060	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	34
PID 2516 wrote to memory of 3060	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	34
PID 2516 wrote to memory of 2908	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	35
PID 2516 wrote to memory of 2908	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	35
PID 2516 wrote to memory of 2908	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	35
PID 2516 wrote to memory of 2896	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	36
PID 2516 wrote to memory of 2896	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	36
PID 2516 wrote to memory of 2896	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	36
PID 2516 wrote to memory of 2892	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	37
PID 2516 wrote to memory of 2892	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	37
PID 2516 wrote to memory of 2892	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	37
PID 2516 wrote to memory of 2760	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	38
PID 2516 wrote to memory of 2760	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	38
PID 2516 wrote to memory of 2760	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	38
PID 2516 wrote to memory of 2744	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	39
PID 2516 wrote to memory of 2744	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	39
PID 2516 wrote to memory of 2744	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	39
PID 2516 wrote to memory of 2596	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	40
PID 2516 wrote to memory of 2596	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	40
PID 2516 wrote to memory of 2596	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	40
PID 2516 wrote to memory of 3012	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	41
PID 2516 wrote to memory of 3012	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	41
PID 2516 wrote to memory of 3012	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	41
PID 2516 wrote to memory of 2980	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	42
PID 2516 wrote to memory of 2980	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	42
PID 2516 wrote to memory of 2980	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	42
PID 2516 wrote to memory of 1852	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	43
PID 2516 wrote to memory of 1852	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	43
PID 2516 wrote to memory of 1852	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	43
PID 2516 wrote to memory of 1868	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	44
PID 2516 wrote to memory of 1868	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	44
PID 2516 wrote to memory of 1868	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	44
PID 2516 wrote to memory of 1924	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	45
PID 2516 wrote to memory of 1924	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	45
PID 2516 wrote to memory of 1924	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	45
PID 2516 wrote to memory of 1720	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	46
PID 2516 wrote to memory of 1720	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	46
PID 2516 wrote to memory of 1720	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	46
PID 2516 wrote to memory of 1892	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	47
PID 2516 wrote to memory of 1892	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	47
PID 2516 wrote to memory of 1892	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	47
PID 2516 wrote to memory of 1560	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	48
PID 2516 wrote to memory of 1560	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	48
PID 2516 wrote to memory of 1560	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	48
PID 2516 wrote to memory of 1544	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	49
PID 2516 wrote to memory of 1544	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	49
PID 2516 wrote to memory of 1544	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	49
PID 2516 wrote to memory of 856	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	50
PID 2516 wrote to memory of 856	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	50
PID 2516 wrote to memory of 856	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	50
PID 2516 wrote to memory of 804	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	51
PID 2516 wrote to memory of 804	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	51
PID 2516 wrote to memory of 804	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	51
PID 2516 wrote to memory of 840	2516	080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe	52

C:\Users\Admin\AppData\Local\Temp\080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe
"C:\Users\Admin\AppData\Local\Temp\080f948f804372d2cbf9f699e42aa73811355010f8c1403243ac0b745ecb473b.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Windows\System\dQxWFXJ.exe
  C:\Windows\System\dQxWFXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\JHJzmEj.exe
  C:\Windows\System\JHJzmEj.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\cbxLiUB.exe
  C:\Windows\System\cbxLiUB.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\JEWipzF.exe
  C:\Windows\System\JEWipzF.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\pZjaQaI.exe
  C:\Windows\System\pZjaQaI.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\wOnlmrJ.exe
  C:\Windows\System\wOnlmrJ.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\tbSBNBt.exe
  C:\Windows\System\tbSBNBt.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\ResEpyr.exe
  C:\Windows\System\ResEpyr.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\kuoTFdH.exe
  C:\Windows\System\kuoTFdH.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\txGGPDv.exe
  C:\Windows\System\txGGPDv.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\ZCHSVOK.exe
  C:\Windows\System\ZCHSVOK.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\jmNhPhp.exe
  C:\Windows\System\jmNhPhp.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\vXtRVic.exe
  C:\Windows\System\vXtRVic.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\gOVuigl.exe
  C:\Windows\System\gOVuigl.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\FSilTmN.exe
  C:\Windows\System\FSilTmN.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\DrbLsIm.exe
  C:\Windows\System\DrbLsIm.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\AagrRje.exe
  C:\Windows\System\AagrRje.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\xXbWysu.exe
  C:\Windows\System\xXbWysu.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\VIJSZHA.exe
  C:\Windows\System\VIJSZHA.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\VCvJtDu.exe
  C:\Windows\System\VCvJtDu.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\LruoouH.exe
  C:\Windows\System\LruoouH.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\vKqUaSh.exe
  C:\Windows\System\vKqUaSh.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\KhjDugT.exe
  C:\Windows\System\KhjDugT.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\bFPnmXN.exe
  C:\Windows\System\bFPnmXN.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\bkQkzer.exe
  C:\Windows\System\bkQkzer.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\KijfwkQ.exe
  C:\Windows\System\KijfwkQ.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\oygsLjT.exe
  C:\Windows\System\oygsLjT.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\nTSQiBm.exe
  C:\Windows\System\nTSQiBm.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\SdTnfyT.exe
  C:\Windows\System\SdTnfyT.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\wBwKwvH.exe
  C:\Windows\System\wBwKwvH.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\ZYAjlxq.exe
  C:\Windows\System\ZYAjlxq.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\cPDNFSG.exe
  C:\Windows\System\cPDNFSG.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\XulReyc.exe
  C:\Windows\System\XulReyc.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\CGppjSl.exe
  C:\Windows\System\CGppjSl.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\iqkfMmb.exe
  C:\Windows\System\iqkfMmb.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\NBhmmBO.exe
  C:\Windows\System\NBhmmBO.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\gjlDrna.exe
  C:\Windows\System\gjlDrna.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\ZWJDajY.exe
  C:\Windows\System\ZWJDajY.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\YvdKNtA.exe
  C:\Windows\System\YvdKNtA.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\aVSiHGX.exe
  C:\Windows\System\aVSiHGX.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\uqLCqmM.exe
  C:\Windows\System\uqLCqmM.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\cihAwIm.exe
  C:\Windows\System\cihAwIm.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\UxhuldV.exe
  C:\Windows\System\UxhuldV.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\FSquhXQ.exe
  C:\Windows\System\FSquhXQ.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\PYfmvvD.exe
  C:\Windows\System\PYfmvvD.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\EYgAjmt.exe
  C:\Windows\System\EYgAjmt.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\mAqkFOd.exe
  C:\Windows\System\mAqkFOd.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\PolXmRc.exe
  C:\Windows\System\PolXmRc.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\VovzQpz.exe
  C:\Windows\System\VovzQpz.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\DUlADRX.exe
  C:\Windows\System\DUlADRX.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\OtEONZu.exe
  C:\Windows\System\OtEONZu.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\eBxXSkr.exe
  C:\Windows\System\eBxXSkr.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\xXYxRey.exe
  C:\Windows\System\xXYxRey.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\QpnncBC.exe
  C:\Windows\System\QpnncBC.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\PegYLDI.exe
  C:\Windows\System\PegYLDI.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\ySgFItx.exe
  C:\Windows\System\ySgFItx.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\NwijiDU.exe
  C:\Windows\System\NwijiDU.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\JThcWaD.exe
  C:\Windows\System\JThcWaD.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\KhBCNHF.exe
  C:\Windows\System\KhBCNHF.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\FFyMDoF.exe
  C:\Windows\System\FFyMDoF.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\oAXnZpt.exe
  C:\Windows\System\oAXnZpt.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\OMzKOTX.exe
  C:\Windows\System\OMzKOTX.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\ViDDAOJ.exe
  C:\Windows\System\ViDDAOJ.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\nEdIEqB.exe
  C:\Windows\System\nEdIEqB.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\ptbfkiA.exe
  C:\Windows\System\ptbfkiA.exe
  2⤵
  PID:2208
- C:\Windows\System\TxboBra.exe
  C:\Windows\System\TxboBra.exe
  2⤵
  PID:1636
- C:\Windows\System\tVyXMLU.exe
  C:\Windows\System\tVyXMLU.exe
  2⤵
  PID:2128
- C:\Windows\System\uERgFjF.exe
  C:\Windows\System\uERgFjF.exe
  2⤵
  PID:1216
- C:\Windows\System\bRdYjqC.exe
  C:\Windows\System\bRdYjqC.exe
  2⤵
  PID:844
- C:\Windows\System\znaobsJ.exe
  C:\Windows\System\znaobsJ.exe
  2⤵
  PID:1188
- C:\Windows\System\fIeLKsR.exe
  C:\Windows\System\fIeLKsR.exe
  2⤵
  PID:1564
- C:\Windows\System\qqgHNGR.exe
  C:\Windows\System\qqgHNGR.exe
  2⤵
  PID:2196
- C:\Windows\System\pCAJYJx.exe
  C:\Windows\System\pCAJYJx.exe
  2⤵
  PID:484
- C:\Windows\System\iEnLsEB.exe
  C:\Windows\System\iEnLsEB.exe
  2⤵
  PID:320
- C:\Windows\System\DLJOjCl.exe
  C:\Windows\System\DLJOjCl.exe
  2⤵
  PID:1768
- C:\Windows\System\jSwMIhR.exe
  C:\Windows\System\jSwMIhR.exe
  2⤵
  PID:2392
- C:\Windows\System\xeujOPR.exe
  C:\Windows\System\xeujOPR.exe
  2⤵
  PID:1336
- C:\Windows\System\IdZBmtf.exe
  C:\Windows\System\IdZBmtf.exe
  2⤵
  PID:952
- C:\Windows\System\KNGaugl.exe
  C:\Windows\System\KNGaugl.exe
  2⤵
  PID:2704
- C:\Windows\System\UyGpiDW.exe
  C:\Windows\System\UyGpiDW.exe
  2⤵
  PID:1404
- C:\Windows\System\ZupbCkJ.exe
  C:\Windows\System\ZupbCkJ.exe
  2⤵
  PID:1896
- C:\Windows\System\MngpPkc.exe
  C:\Windows\System\MngpPkc.exe
  2⤵
  PID:736
- C:\Windows\System\SlgyMwZ.exe
  C:\Windows\System\SlgyMwZ.exe
  2⤵
  PID:2256
- C:\Windows\System\mUjZdPI.exe
  C:\Windows\System\mUjZdPI.exe
  2⤵
  PID:2348
- C:\Windows\System\GcOUBlc.exe
  C:\Windows\System\GcOUBlc.exe
  2⤵
  PID:2280
- C:\Windows\System\otDGxtt.exe
  C:\Windows\System\otDGxtt.exe
  2⤵
  PID:1976
- C:\Windows\System\aiHhpmQ.exe
  C:\Windows\System\aiHhpmQ.exe
  2⤵
  PID:2428
- C:\Windows\System\CPnscHL.exe
  C:\Windows\System\CPnscHL.exe
  2⤵
  PID:1412
- C:\Windows\System\bRdLdMq.exe
  C:\Windows\System\bRdLdMq.exe
  2⤵
  PID:3016
- C:\Windows\System\LLYIZvL.exe
  C:\Windows\System\LLYIZvL.exe
  2⤵
  PID:1484
- C:\Windows\System\yaWrFEX.exe
  C:\Windows\System\yaWrFEX.exe
  2⤵
  PID:1516
- C:\Windows\System\VTVnOwf.exe
  C:\Windows\System\VTVnOwf.exe
  2⤵
  PID:2880
- C:\Windows\System\CqsrfGI.exe
  C:\Windows\System\CqsrfGI.exe
  2⤵
  PID:2204
- C:\Windows\System\vgIeznh.exe
  C:\Windows\System\vgIeznh.exe
  2⤵
  PID:2684
- C:\Windows\System\bSXEVEy.exe
  C:\Windows\System\bSXEVEy.exe
  2⤵
  PID:3008
- C:\Windows\System\VOTLwIF.exe
  C:\Windows\System\VOTLwIF.exe
  2⤵
  PID:2736
- C:\Windows\System\MfDbrnM.exe
  C:\Windows\System\MfDbrnM.exe
  2⤵
  PID:1020
- C:\Windows\System\iywEtfp.exe
  C:\Windows\System\iywEtfp.exe
  2⤵
  PID:3004
- C:\Windows\System\lIXVlfD.exe
  C:\Windows\System\lIXVlfD.exe
  2⤵
  PID:2416
- C:\Windows\System\sywwMKz.exe
  C:\Windows\System\sywwMKz.exe
  2⤵
  PID:1352
- C:\Windows\System\WamxjLA.exe
  C:\Windows\System\WamxjLA.exe
  2⤵
  PID:1580
- C:\Windows\System\yXkXFCx.exe
  C:\Windows\System\yXkXFCx.exe
  2⤵
  PID:2380
- C:\Windows\System\lCTaSPz.exe
  C:\Windows\System\lCTaSPz.exe
  2⤵
  PID:1036
- C:\Windows\System\dCHbqYT.exe
  C:\Windows\System\dCHbqYT.exe
  2⤵
  PID:988
- C:\Windows\System\qZZPdaV.exe
  C:\Windows\System\qZZPdaV.exe
  2⤵
  PID:336
- C:\Windows\System\SocJuZz.exe
  C:\Windows\System\SocJuZz.exe
  2⤵
  PID:2636
- C:\Windows\System\bxlycJs.exe
  C:\Windows\System\bxlycJs.exe
  2⤵
  PID:1548
- C:\Windows\System\JfrcbPT.exe
  C:\Windows\System\JfrcbPT.exe
  2⤵
  PID:872
- C:\Windows\System\DEAVklW.exe
  C:\Windows\System\DEAVklW.exe
  2⤵
  PID:2776
- C:\Windows\System\vlCiCaO.exe
  C:\Windows\System\vlCiCaO.exe
  2⤵
  PID:2404
- C:\Windows\System\QitKFBC.exe
  C:\Windows\System\QitKFBC.exe
  2⤵
  PID:892
- C:\Windows\System\HtGgZMg.exe
  C:\Windows\System\HtGgZMg.exe
  2⤵
  PID:1988
- C:\Windows\System\cJAgrvD.exe
  C:\Windows\System\cJAgrvD.exe
  2⤵
  PID:2724
- C:\Windows\System\ttoEvjr.exe
  C:\Windows\System\ttoEvjr.exe
  2⤵
  PID:2796
- C:\Windows\System\ZHgICHN.exe
  C:\Windows\System\ZHgICHN.exe
  2⤵
  PID:2580
- C:\Windows\System\ozNjQxp.exe
  C:\Windows\System\ozNjQxp.exe
  2⤵
  PID:2648
- C:\Windows\System\sWMcLtL.exe
  C:\Windows\System\sWMcLtL.exe
  2⤵
  PID:1900
- C:\Windows\System\nVQytxr.exe
  C:\Windows\System\nVQytxr.exe
  2⤵
  PID:1952
- C:\Windows\System\aBRhaQP.exe
  C:\Windows\System\aBRhaQP.exe
  2⤵
  PID:1944
- C:\Windows\System\DtwrSvt.exe
  C:\Windows\System\DtwrSvt.exe
  2⤵
  PID:1012
- C:\Windows\System\ZHQkIZh.exe
  C:\Windows\System\ZHQkIZh.exe
  2⤵
  PID:1756
- C:\Windows\System\ibRIgBR.exe
  C:\Windows\System\ibRIgBR.exe
  2⤵
  PID:1224
- C:\Windows\System\IJGljsh.exe
  C:\Windows\System\IJGljsh.exe
  2⤵
  PID:2524
- C:\Windows\System\jjzavOU.exe
  C:\Windows\System\jjzavOU.exe
  2⤵
  PID:1704
- C:\Windows\System\GmYYdAE.exe
  C:\Windows\System\GmYYdAE.exe
  2⤵
  PID:1604
- C:\Windows\System\ACdcpul.exe
  C:\Windows\System\ACdcpul.exe
  2⤵
  PID:2544
- C:\Windows\System\tfhQvXl.exe
  C:\Windows\System\tfhQvXl.exe
  2⤵
  PID:2864
- C:\Windows\System\gHgdgMA.exe
  C:\Windows\System\gHgdgMA.exe
  2⤵
  PID:3084
- C:\Windows\System\zfJWIoW.exe
  C:\Windows\System\zfJWIoW.exe
  2⤵
  PID:3104
- C:\Windows\System\xOvMOjI.exe
  C:\Windows\System\xOvMOjI.exe
  2⤵
  PID:3124
- C:\Windows\System\bZdLohq.exe
  C:\Windows\System\bZdLohq.exe
  2⤵
  PID:3144
- C:\Windows\System\yFgzxav.exe
  C:\Windows\System\yFgzxav.exe
  2⤵
  PID:3164
- C:\Windows\System\ZPwOMWQ.exe
  C:\Windows\System\ZPwOMWQ.exe
  2⤵
  PID:3184
- C:\Windows\System\SIgIMsn.exe
  C:\Windows\System\SIgIMsn.exe
  2⤵
  PID:3204
- C:\Windows\System\mxlfmmi.exe
  C:\Windows\System\mxlfmmi.exe
  2⤵
  PID:3224
- C:\Windows\System\jZuCzyT.exe
  C:\Windows\System\jZuCzyT.exe
  2⤵
  PID:3248
- C:\Windows\System\hbZFvrc.exe
  C:\Windows\System\hbZFvrc.exe
  2⤵
  PID:3268
- C:\Windows\System\kJJYvKu.exe
  C:\Windows\System\kJJYvKu.exe
  2⤵
  PID:3288
- C:\Windows\System\eTAavWY.exe
  C:\Windows\System\eTAavWY.exe
  2⤵
  PID:3308
- C:\Windows\System\aGSIeoD.exe
  C:\Windows\System\aGSIeoD.exe
  2⤵
  PID:3328
- C:\Windows\System\DvVUiXi.exe
  C:\Windows\System\DvVUiXi.exe
  2⤵
  PID:3348
- C:\Windows\System\LQhyqkH.exe
  C:\Windows\System\LQhyqkH.exe
  2⤵
  PID:3368
- C:\Windows\System\lXxlUcf.exe
  C:\Windows\System\lXxlUcf.exe
  2⤵
  PID:3388
- C:\Windows\System\dnhdGGC.exe
  C:\Windows\System\dnhdGGC.exe
  2⤵
  PID:3408
- C:\Windows\System\FLSlngK.exe
  C:\Windows\System\FLSlngK.exe
  2⤵
  PID:3428
- C:\Windows\System\BNvvzrr.exe
  C:\Windows\System\BNvvzrr.exe
  2⤵
  PID:3448
- C:\Windows\System\PMElVAN.exe
  C:\Windows\System\PMElVAN.exe
  2⤵
  PID:3468
- C:\Windows\System\tyXhqRX.exe
  C:\Windows\System\tyXhqRX.exe
  2⤵
  PID:3484
- C:\Windows\System\xfIqUhJ.exe
  C:\Windows\System\xfIqUhJ.exe
  2⤵
  PID:3504
- C:\Windows\System\wxltQrG.exe
  C:\Windows\System\wxltQrG.exe
  2⤵
  PID:3524
- C:\Windows\System\EXOkKbm.exe
  C:\Windows\System\EXOkKbm.exe
  2⤵
  PID:3544
- C:\Windows\System\KcwUFzZ.exe
  C:\Windows\System\KcwUFzZ.exe
  2⤵
  PID:3560
- C:\Windows\System\yepXwhu.exe
  C:\Windows\System\yepXwhu.exe
  2⤵
  PID:3588
- C:\Windows\System\QLLvQpd.exe
  C:\Windows\System\QLLvQpd.exe
  2⤵
  PID:3608
- C:\Windows\System\QoZNgZv.exe
  C:\Windows\System\QoZNgZv.exe
  2⤵
  PID:3628
- C:\Windows\System\Sqfrjdd.exe
  C:\Windows\System\Sqfrjdd.exe
  2⤵
  PID:3648
- C:\Windows\System\ONaJyDN.exe
  C:\Windows\System\ONaJyDN.exe
  2⤵
  PID:3668
- C:\Windows\System\tUfjKop.exe
  C:\Windows\System\tUfjKop.exe
  2⤵
  PID:3684
- C:\Windows\System\wLpOmmX.exe
  C:\Windows\System\wLpOmmX.exe
  2⤵
  PID:3708
- C:\Windows\System\sHaMJGo.exe
  C:\Windows\System\sHaMJGo.exe
  2⤵
  PID:3728
- C:\Windows\System\vJNiVuO.exe
  C:\Windows\System\vJNiVuO.exe
  2⤵
  PID:3748
- C:\Windows\System\uDIlFpq.exe
  C:\Windows\System\uDIlFpq.exe
  2⤵
  PID:3768
- C:\Windows\System\VVGtZvo.exe
  C:\Windows\System\VVGtZvo.exe
  2⤵
  PID:3788
- C:\Windows\System\orWUvqC.exe
  C:\Windows\System\orWUvqC.exe
  2⤵
  PID:3808
- C:\Windows\System\IUIHGDa.exe
  C:\Windows\System\IUIHGDa.exe
  2⤵
  PID:3828
- C:\Windows\System\mcOcFPI.exe
  C:\Windows\System\mcOcFPI.exe
  2⤵
  PID:3848
- C:\Windows\System\IhEMPIL.exe
  C:\Windows\System\IhEMPIL.exe
  2⤵
  PID:3868
- C:\Windows\System\FWCfwSn.exe
  C:\Windows\System\FWCfwSn.exe
  2⤵
  PID:3892
- C:\Windows\System\dQbigjf.exe
  C:\Windows\System\dQbigjf.exe
  2⤵
  PID:3912
- C:\Windows\System\JMlJjnk.exe
  C:\Windows\System\JMlJjnk.exe
  2⤵
  PID:3932
- C:\Windows\System\KcXpWpq.exe
  C:\Windows\System\KcXpWpq.exe
  2⤵
  PID:3952
- C:\Windows\System\nBrKtsk.exe
  C:\Windows\System\nBrKtsk.exe
  2⤵
  PID:3972
- C:\Windows\System\UWoLPEN.exe
  C:\Windows\System\UWoLPEN.exe
  2⤵
  PID:3992
- C:\Windows\System\JCvBvog.exe
  C:\Windows\System\JCvBvog.exe
  2⤵
  PID:4012
- C:\Windows\System\xcxleKN.exe
  C:\Windows\System\xcxleKN.exe
  2⤵
  PID:4032
- C:\Windows\System\YdokeTQ.exe
  C:\Windows\System\YdokeTQ.exe
  2⤵
  PID:4052
- C:\Windows\System\FdwmfnM.exe
  C:\Windows\System\FdwmfnM.exe
  2⤵
  PID:4072
- C:\Windows\System\ssEozdb.exe
  C:\Windows\System\ssEozdb.exe
  2⤵
  PID:4092
- C:\Windows\System\xoRgzaL.exe
  C:\Windows\System\xoRgzaL.exe
  2⤵
  PID:2680
- C:\Windows\System\ddYcHcx.exe
  C:\Windows\System\ddYcHcx.exe
  2⤵
  PID:1220
- C:\Windows\System\AgcqTAX.exe
  C:\Windows\System\AgcqTAX.exe
  2⤵
  PID:968
- C:\Windows\System\QeVpDnm.exe
  C:\Windows\System\QeVpDnm.exe
  2⤵
  PID:3056
- C:\Windows\System\ggKrzTA.exe
  C:\Windows\System\ggKrzTA.exe
  2⤵
  PID:1664
- C:\Windows\System\hWedKtk.exe
  C:\Windows\System\hWedKtk.exe
  2⤵
  PID:1660
- C:\Windows\System\PaCuXZI.exe
  C:\Windows\System\PaCuXZI.exe
  2⤵
  PID:1628
- C:\Windows\System\PGvXoLz.exe
  C:\Windows\System\PGvXoLz.exe
  2⤵
  PID:3100
- C:\Windows\System\iiATENU.exe
  C:\Windows\System\iiATENU.exe
  2⤵
  PID:3140
- C:\Windows\System\ANPUwWZ.exe
  C:\Windows\System\ANPUwWZ.exe
  2⤵
  PID:3152
- C:\Windows\System\FCbVnuK.exe
  C:\Windows\System\FCbVnuK.exe
  2⤵
  PID:3176
- C:\Windows\System\RrSHcXI.exe
  C:\Windows\System\RrSHcXI.exe
  2⤵
  PID:3200
- C:\Windows\System\sBLSCSP.exe
  C:\Windows\System\sBLSCSP.exe
  2⤵
  PID:3304
- C:\Windows\System\vLdqLmi.exe
  C:\Windows\System\vLdqLmi.exe
  2⤵
  PID:3276
- C:\Windows\System\kVndgAY.exe
  C:\Windows\System\kVndgAY.exe
  2⤵
  PID:3340
- C:\Windows\System\gdEvyDq.exe
  C:\Windows\System\gdEvyDq.exe
  2⤵
  PID:3380
- C:\Windows\System\tSWZkAo.exe
  C:\Windows\System\tSWZkAo.exe
  2⤵
  PID:3420
- C:\Windows\System\EKOLSqe.exe
  C:\Windows\System\EKOLSqe.exe
  2⤵
  PID:3400
- C:\Windows\System\QwRjceB.exe
  C:\Windows\System\QwRjceB.exe
  2⤵
  PID:3444
- C:\Windows\System\SVmtmij.exe
  C:\Windows\System\SVmtmij.exe
  2⤵
  PID:3540
- C:\Windows\System\pKvDcRq.exe
  C:\Windows\System\pKvDcRq.exe
  2⤵
  PID:3568
- C:\Windows\System\qqJHAKw.exe
  C:\Windows\System\qqJHAKw.exe
  2⤵
  PID:3512
- C:\Windows\System\YwNWTYq.exe
  C:\Windows\System\YwNWTYq.exe
  2⤵
  PID:3616
- C:\Windows\System\ntdUJHr.exe
  C:\Windows\System\ntdUJHr.exe
  2⤵
  PID:3620
- C:\Windows\System\KJAgOSC.exe
  C:\Windows\System\KJAgOSC.exe
  2⤵
  PID:3644
- C:\Windows\System\bdoBYxO.exe
  C:\Windows\System\bdoBYxO.exe
  2⤵
  PID:3680
- C:\Windows\System\GCFcZwO.exe
  C:\Windows\System\GCFcZwO.exe
  2⤵
  PID:3720
- C:\Windows\System\BcQwKOs.exe
  C:\Windows\System\BcQwKOs.exe
  2⤵
  PID:3764
- C:\Windows\System\TCMtkCT.exe
  C:\Windows\System\TCMtkCT.exe
  2⤵
  PID:3796
- C:\Windows\System\WhrdhxW.exe
  C:\Windows\System\WhrdhxW.exe
  2⤵
  PID:3820
- C:\Windows\System\YXXjihw.exe
  C:\Windows\System\YXXjihw.exe
  2⤵
  PID:3864
- C:\Windows\System\iOMMOXh.exe
  C:\Windows\System\iOMMOXh.exe
  2⤵
  PID:3884
- C:\Windows\System\eiuPFtZ.exe
  C:\Windows\System\eiuPFtZ.exe
  2⤵
  PID:3940
- C:\Windows\System\bcySTpI.exe
  C:\Windows\System\bcySTpI.exe
  2⤵
  PID:3960
- C:\Windows\System\hEQUuYJ.exe
  C:\Windows\System\hEQUuYJ.exe
  2⤵
  PID:3984
- C:\Windows\System\uOuCQKF.exe
  C:\Windows\System\uOuCQKF.exe
  2⤵
  PID:4028
- C:\Windows\System\tkUBiNN.exe
  C:\Windows\System\tkUBiNN.exe
  2⤵
  PID:4048
- C:\Windows\System\WSnbdPS.exe
  C:\Windows\System\WSnbdPS.exe
  2⤵
  PID:4088
- C:\Windows\System\jDhcXcr.exe
  C:\Windows\System\jDhcXcr.exe
  2⤵
  PID:2504
- C:\Windows\System\yFvCpkD.exe
  C:\Windows\System\yFvCpkD.exe
  2⤵
  PID:1208
- C:\Windows\System\rpOabSu.exe
  C:\Windows\System\rpOabSu.exe
  2⤵
  PID:352
- C:\Windows\System\uedJwUk.exe
  C:\Windows\System\uedJwUk.exe
  2⤵
  PID:2756
- C:\Windows\System\TWpznXJ.exe
  C:\Windows\System\TWpznXJ.exe
  2⤵
  PID:3092
- C:\Windows\System\RjmBCwT.exe
  C:\Windows\System\RjmBCwT.exe
  2⤵
  PID:3112
- C:\Windows\System\EpzRjCq.exe
  C:\Windows\System\EpzRjCq.exe
  2⤵
  PID:3264
- C:\Windows\System\WKNkuZb.exe
  C:\Windows\System\WKNkuZb.exe
  2⤵
  PID:3280
- C:\Windows\System\eeDOQbF.exe
  C:\Windows\System\eeDOQbF.exe
  2⤵
  PID:3324
- C:\Windows\System\nvjegnC.exe
  C:\Windows\System\nvjegnC.exe
  2⤵
  PID:3416
- C:\Windows\System\OQItAUc.exe
  C:\Windows\System\OQItAUc.exe
  2⤵
  PID:3436
- C:\Windows\System\kYhxGwK.exe
  C:\Windows\System\kYhxGwK.exe
  2⤵
  PID:3476
- C:\Windows\System\fTcvTAX.exe
  C:\Windows\System\fTcvTAX.exe
  2⤵
  PID:3580
- C:\Windows\System\wlsZBGx.exe
  C:\Windows\System\wlsZBGx.exe
  2⤵
  PID:1772
- C:\Windows\System\pAojJfZ.exe
  C:\Windows\System\pAojJfZ.exe
  2⤵
  PID:3664
- C:\Windows\System\SMiuMou.exe
  C:\Windows\System\SMiuMou.exe
  2⤵
  PID:3736
- C:\Windows\System\jHVJJSX.exe
  C:\Windows\System\jHVJJSX.exe
  2⤵
  PID:3740
- C:\Windows\System\MuoBGkB.exe
  C:\Windows\System\MuoBGkB.exe
  2⤵
  PID:3780
- C:\Windows\System\qRDnSpY.exe
  C:\Windows\System\qRDnSpY.exe
  2⤵
  PID:3856
- C:\Windows\System\TTfqjUC.exe
  C:\Windows\System\TTfqjUC.exe
  2⤵
  PID:3908
- C:\Windows\System\hLFlNnH.exe
  C:\Windows\System\hLFlNnH.exe
  2⤵
  PID:3964
- C:\Windows\System\SAgFYRI.exe
  C:\Windows\System\SAgFYRI.exe
  2⤵
  PID:4060
- C:\Windows\System\wDLdsJB.exe
  C:\Windows\System\wDLdsJB.exe
  2⤵
  PID:4068
- C:\Windows\System\mPsLmPI.exe
  C:\Windows\System\mPsLmPI.exe
  2⤵
  PID:4080
- C:\Windows\System\hORZoqr.exe
  C:\Windows\System\hORZoqr.exe
  2⤵
  PID:2076
- C:\Windows\System\LJBmcvv.exe
  C:\Windows\System\LJBmcvv.exe
  2⤵
  PID:3080
- C:\Windows\System\yGwwSVd.exe
  C:\Windows\System\yGwwSVd.exe
  2⤵
  PID:3116
- C:\Windows\System\MzsmCpb.exe
  C:\Windows\System\MzsmCpb.exe
  2⤵
  PID:3220
- C:\Windows\System\MMbHSwv.exe
  C:\Windows\System\MMbHSwv.exe
  2⤵
  PID:3300
- C:\Windows\System\bKuGBQa.exe
  C:\Windows\System\bKuGBQa.exe
  2⤵
  PID:3320
- C:\Windows\System\gEOScQG.exe
  C:\Windows\System\gEOScQG.exe
  2⤵
  PID:3584
- C:\Windows\System\UqOeJDT.exe
  C:\Windows\System\UqOeJDT.exe
  2⤵
  PID:3624
- C:\Windows\System\blsKrrI.exe
  C:\Windows\System\blsKrrI.exe
  2⤵
  PID:3696
- C:\Windows\System\RriBHmw.exe
  C:\Windows\System\RriBHmw.exe
  2⤵
  PID:3784
- C:\Windows\System\ZlwQAOX.exe
  C:\Windows\System\ZlwQAOX.exe
  2⤵
  PID:3724
- C:\Windows\System\bDbQWQT.exe
  C:\Windows\System\bDbQWQT.exe
  2⤵
  PID:3840
- C:\Windows\System\lkgknBp.exe
  C:\Windows\System\lkgknBp.exe
  2⤵
  PID:3980
- C:\Windows\System\AcXQQeM.exe
  C:\Windows\System\AcXQQeM.exe
  2⤵
  PID:1844
- C:\Windows\System\IideqjL.exe
  C:\Windows\System\IideqjL.exe
  2⤵
  PID:3132
- C:\Windows\System\iZvqlhR.exe
  C:\Windows\System\iZvqlhR.exe
  2⤵
  PID:1592
- C:\Windows\System\EeEOpCR.exe
  C:\Windows\System\EeEOpCR.exe
  2⤵
  PID:3192
- C:\Windows\System\MWvKUvM.exe
  C:\Windows\System\MWvKUvM.exe
  2⤵
  PID:3424
- C:\Windows\System\wzgPuTi.exe
  C:\Windows\System\wzgPuTi.exe
  2⤵
  PID:3656
- C:\Windows\System\FkVJkVo.exe
  C:\Windows\System\FkVJkVo.exe
  2⤵
  PID:3480
- C:\Windows\System\TWMTrLW.exe
  C:\Windows\System\TWMTrLW.exe
  2⤵
  PID:4120
- C:\Windows\System\azgwFKB.exe
  C:\Windows\System\azgwFKB.exe
  2⤵
  PID:4140
- C:\Windows\System\GEiIOnL.exe
  C:\Windows\System\GEiIOnL.exe
  2⤵
  PID:4160
- C:\Windows\System\Nxagcqh.exe
  C:\Windows\System\Nxagcqh.exe
  2⤵
  PID:4180
- C:\Windows\System\pJoQUmw.exe
  C:\Windows\System\pJoQUmw.exe
  2⤵
  PID:4200
- C:\Windows\System\GuHnSlD.exe
  C:\Windows\System\GuHnSlD.exe
  2⤵
  PID:4220
- C:\Windows\System\mhLSnis.exe
  C:\Windows\System\mhLSnis.exe
  2⤵
  PID:4240
- C:\Windows\System\XJqcjLj.exe
  C:\Windows\System\XJqcjLj.exe
  2⤵
  PID:4260
- C:\Windows\System\CgzrCxz.exe
  C:\Windows\System\CgzrCxz.exe
  2⤵
  PID:4280
- C:\Windows\System\tPjOgNr.exe
  C:\Windows\System\tPjOgNr.exe
  2⤵
  PID:4296
- C:\Windows\System\oAaWQbw.exe
  C:\Windows\System\oAaWQbw.exe
  2⤵
  PID:4320
- C:\Windows\System\FWFrmsh.exe
  C:\Windows\System\FWFrmsh.exe
  2⤵
  PID:4340
- C:\Windows\System\xcXrhxT.exe
  C:\Windows\System\xcXrhxT.exe
  2⤵
  PID:4360
- C:\Windows\System\UEbIjLS.exe
  C:\Windows\System\UEbIjLS.exe
  2⤵
  PID:4380
- C:\Windows\System\RhqoLeN.exe
  C:\Windows\System\RhqoLeN.exe
  2⤵
  PID:4400
- C:\Windows\System\bWdJokC.exe
  C:\Windows\System\bWdJokC.exe
  2⤵
  PID:4420
- C:\Windows\System\pfttCMl.exe
  C:\Windows\System\pfttCMl.exe
  2⤵
  PID:4440
- C:\Windows\System\rKenxUi.exe
  C:\Windows\System\rKenxUi.exe
  2⤵
  PID:4460
- C:\Windows\System\NqbPYNu.exe
  C:\Windows\System\NqbPYNu.exe
  2⤵
  PID:4480
- C:\Windows\System\rmrJsjL.exe
  C:\Windows\System\rmrJsjL.exe
  2⤵
  PID:4500
- C:\Windows\System\HIEabBi.exe
  C:\Windows\System\HIEabBi.exe
  2⤵
  PID:4520
- C:\Windows\System\ZEREJCs.exe
  C:\Windows\System\ZEREJCs.exe
  2⤵
  PID:4540
- C:\Windows\System\aMpjQLl.exe
  C:\Windows\System\aMpjQLl.exe
  2⤵
  PID:4560
- C:\Windows\System\ROHfCSS.exe
  C:\Windows\System\ROHfCSS.exe
  2⤵
  PID:4580
- C:\Windows\System\dBqUrAJ.exe
  C:\Windows\System\dBqUrAJ.exe
  2⤵
  PID:4600
- C:\Windows\System\vzVAXiz.exe
  C:\Windows\System\vzVAXiz.exe
  2⤵
  PID:4620
- C:\Windows\System\WyoxKUn.exe
  C:\Windows\System\WyoxKUn.exe
  2⤵
  PID:4640
- C:\Windows\System\KYjolvJ.exe
  C:\Windows\System\KYjolvJ.exe
  2⤵
  PID:4660
- C:\Windows\System\yIofjCu.exe
  C:\Windows\System\yIofjCu.exe
  2⤵
  PID:4680
- C:\Windows\System\pdSOipl.exe
  C:\Windows\System\pdSOipl.exe
  2⤵
  PID:4700
- C:\Windows\System\zVzoxBT.exe
  C:\Windows\System\zVzoxBT.exe
  2⤵
  PID:4720
- C:\Windows\System\yZaDuTo.exe
  C:\Windows\System\yZaDuTo.exe
  2⤵
  PID:4740
- C:\Windows\System\LBaTbAI.exe
  C:\Windows\System\LBaTbAI.exe
  2⤵
  PID:4760
- C:\Windows\System\QCuoazz.exe
  C:\Windows\System\QCuoazz.exe
  2⤵
  PID:4780
- C:\Windows\System\WccHIYd.exe
  C:\Windows\System\WccHIYd.exe
  2⤵
  PID:4800
- C:\Windows\System\LQvIDOd.exe
  C:\Windows\System\LQvIDOd.exe
  2⤵
  PID:4820
- C:\Windows\System\keGOqsh.exe
  C:\Windows\System\keGOqsh.exe
  2⤵
  PID:4840
- C:\Windows\System\DvULoeF.exe
  C:\Windows\System\DvULoeF.exe
  2⤵
  PID:4860
- C:\Windows\System\GkIZpBm.exe
  C:\Windows\System\GkIZpBm.exe
  2⤵
  PID:4880
- C:\Windows\System\Kpenmum.exe
  C:\Windows\System\Kpenmum.exe
  2⤵
  PID:4900
- C:\Windows\System\nGDJhyR.exe
  C:\Windows\System\nGDJhyR.exe
  2⤵
  PID:4920
- C:\Windows\System\ViNzWny.exe
  C:\Windows\System\ViNzWny.exe
  2⤵
  PID:4940
- C:\Windows\System\SGyejDv.exe
  C:\Windows\System\SGyejDv.exe
  2⤵
  PID:4960
- C:\Windows\System\FTqZdKj.exe
  C:\Windows\System\FTqZdKj.exe
  2⤵
  PID:4980
- C:\Windows\System\XTRWNmM.exe
  C:\Windows\System\XTRWNmM.exe
  2⤵
  PID:5000
- C:\Windows\System\LppcFFz.exe
  C:\Windows\System\LppcFFz.exe
  2⤵
  PID:5020
- C:\Windows\System\LLtjsAy.exe
  C:\Windows\System\LLtjsAy.exe
  2⤵
  PID:5040
- C:\Windows\System\aBGhmpy.exe
  C:\Windows\System\aBGhmpy.exe
  2⤵
  PID:5060
- C:\Windows\System\ZePsULH.exe
  C:\Windows\System\ZePsULH.exe
  2⤵
  PID:5080
- C:\Windows\System\KyvxYiD.exe
  C:\Windows\System\KyvxYiD.exe
  2⤵
  PID:5100
- C:\Windows\System\nPiGuwG.exe
  C:\Windows\System\nPiGuwG.exe
  2⤵
  PID:2600
- C:\Windows\System\bnXWPpG.exe
  C:\Windows\System\bnXWPpG.exe
  2⤵
  PID:3816
- C:\Windows\System\asdrDTm.exe
  C:\Windows\System\asdrDTm.exe
  2⤵
  PID:4040
- C:\Windows\System\IGySxBJ.exe
  C:\Windows\System\IGySxBJ.exe
  2⤵
  PID:1388
- C:\Windows\System\lvRwPQq.exe
  C:\Windows\System\lvRwPQq.exe
  2⤵
  PID:548
- C:\Windows\System\tNCJIZA.exe
  C:\Windows\System\tNCJIZA.exe
  2⤵
  PID:2844
- C:\Windows\System\tYCeKwb.exe
  C:\Windows\System\tYCeKwb.exe
  2⤵
  PID:3492
- C:\Windows\System\CSEphje.exe
  C:\Windows\System\CSEphje.exe
  2⤵
  PID:3404
- C:\Windows\System\gwOHaaN.exe
  C:\Windows\System\gwOHaaN.exe
  2⤵
  PID:4128
- C:\Windows\System\ayzxJjD.exe
  C:\Windows\System\ayzxJjD.exe
  2⤵
  PID:4188
- C:\Windows\System\WUxfOqH.exe
  C:\Windows\System\WUxfOqH.exe
  2⤵
  PID:4172
- C:\Windows\System\QVcjmvF.exe
  C:\Windows\System\QVcjmvF.exe
  2⤵
  PID:4232
- C:\Windows\System\vBcTWiv.exe
  C:\Windows\System\vBcTWiv.exe
  2⤵
  PID:4252
- C:\Windows\System\IpmrOSy.exe
  C:\Windows\System\IpmrOSy.exe
  2⤵
  PID:4312
- C:\Windows\System\nDpqcoL.exe
  C:\Windows\System\nDpqcoL.exe
  2⤵
  PID:2632
- C:\Windows\System\QAdTIEE.exe
  C:\Windows\System\QAdTIEE.exe
  2⤵
  PID:4348
- C:\Windows\System\lxgfVXp.exe
  C:\Windows\System\lxgfVXp.exe
  2⤵
  PID:4388
- C:\Windows\System\QyJjiTO.exe
  C:\Windows\System\QyJjiTO.exe
  2⤵
  PID:4392
- C:\Windows\System\xOTnprV.exe
  C:\Windows\System\xOTnprV.exe
  2⤵
  PID:4436
- C:\Windows\System\qhedFPn.exe
  C:\Windows\System\qhedFPn.exe
  2⤵
  PID:4468
- C:\Windows\System\LDKTjCC.exe
  C:\Windows\System\LDKTjCC.exe
  2⤵
  PID:2828
- C:\Windows\System\lRYHmMu.exe
  C:\Windows\System\lRYHmMu.exe
  2⤵
  PID:4528
- C:\Windows\System\eMaBCOO.exe
  C:\Windows\System\eMaBCOO.exe
  2⤵
  PID:4552
- C:\Windows\System\rTeCKnA.exe
  C:\Windows\System\rTeCKnA.exe
  2⤵
  PID:4596
- C:\Windows\System\PDtjsVP.exe
  C:\Windows\System\PDtjsVP.exe
  2⤵
  PID:4616
- C:\Windows\System\zNONuYY.exe
  C:\Windows\System\zNONuYY.exe
  2⤵
  PID:4656
- C:\Windows\System\hJzIQPh.exe
  C:\Windows\System\hJzIQPh.exe
  2⤵
  PID:4708
- C:\Windows\System\GQXfHvo.exe
  C:\Windows\System\GQXfHvo.exe
  2⤵
  PID:4728
- C:\Windows\System\UbjRkTk.exe
  C:\Windows\System\UbjRkTk.exe
  2⤵
  PID:4752
- C:\Windows\System\bEgRvYO.exe
  C:\Windows\System\bEgRvYO.exe
  2⤵
  PID:4796
- C:\Windows\System\GosoZft.exe
  C:\Windows\System\GosoZft.exe
  2⤵
  PID:4828
- C:\Windows\System\rSjKWPZ.exe
  C:\Windows\System\rSjKWPZ.exe
  2⤵
  PID:4868
- C:\Windows\System\rTpZugx.exe
  C:\Windows\System\rTpZugx.exe
  2⤵
  PID:4888
- C:\Windows\System\ZFtDtHY.exe
  C:\Windows\System\ZFtDtHY.exe
  2⤵
  PID:4912
- C:\Windows\System\ptbpPdf.exe
  C:\Windows\System\ptbpPdf.exe
  2⤵
  PID:4932
- C:\Windows\System\AeJwUxR.exe
  C:\Windows\System\AeJwUxR.exe
  2⤵
  PID:4968
- C:\Windows\System\KsZecIL.exe
  C:\Windows\System\KsZecIL.exe
  2⤵
  PID:5008
- C:\Windows\System\eWkPltJ.exe
  C:\Windows\System\eWkPltJ.exe
  2⤵
  PID:5032
- C:\Windows\System\gmVMBhV.exe
  C:\Windows\System\gmVMBhV.exe
  2⤵
  PID:5076
- C:\Windows\System\Beoocyv.exe
  C:\Windows\System\Beoocyv.exe
  2⤵
  PID:5096
- C:\Windows\System\Dcpeokh.exe
  C:\Windows\System\Dcpeokh.exe
  2⤵
  PID:3844
- C:\Windows\System\anmSPif.exe
  C:\Windows\System\anmSPif.exe
  2⤵
  PID:3928
- C:\Windows\System\yeElGfB.exe
  C:\Windows\System\yeElGfB.exe
  2⤵
  PID:2696
- C:\Windows\System\cVUFfTY.exe
  C:\Windows\System\cVUFfTY.exe
  2⤵
  PID:3180
- C:\Windows\System\wFUbROC.exe
  C:\Windows\System\wFUbROC.exe
  2⤵
  PID:3572
- C:\Windows\System\zOgGrOH.exe
  C:\Windows\System\zOgGrOH.exe
  2⤵
  PID:3552
- C:\Windows\System\bEpROpU.exe
  C:\Windows\System\bEpROpU.exe
  2⤵
  PID:4136
- C:\Windows\System\oIbQnCz.exe
  C:\Windows\System\oIbQnCz.exe
  2⤵
  PID:1152
- C:\Windows\System\lXgAHrm.exe
  C:\Windows\System\lXgAHrm.exe
  2⤵
  PID:4272
- C:\Windows\System\tujphkj.exe
  C:\Windows\System\tujphkj.exe
  2⤵
  PID:4288
- C:\Windows\System\LtTbnwk.exe
  C:\Windows\System\LtTbnwk.exe
  2⤵
  PID:4368
- C:\Windows\System\YlmVJgh.exe
  C:\Windows\System\YlmVJgh.exe
  2⤵
  PID:4372
- C:\Windows\System\vKzFWSz.exe
  C:\Windows\System\vKzFWSz.exe
  2⤵
  PID:4456
- C:\Windows\System\UvagOyP.exe
  C:\Windows\System\UvagOyP.exe
  2⤵
  PID:4512
- C:\Windows\System\mSDtxZT.exe
  C:\Windows\System\mSDtxZT.exe
  2⤵
  PID:4576
- C:\Windows\System\jzmVkYF.exe
  C:\Windows\System\jzmVkYF.exe
  2⤵
  PID:4608
- C:\Windows\System\vJUtSiP.exe
  C:\Windows\System\vJUtSiP.exe
  2⤵
  PID:4648
- C:\Windows\System\YVlvaiS.exe
  C:\Windows\System\YVlvaiS.exe
  2⤵
  PID:4696
- C:\Windows\System\RYRDXlK.exe
  C:\Windows\System\RYRDXlK.exe
  2⤵
  PID:4788
- C:\Windows\System\wWmZgjq.exe
  C:\Windows\System\wWmZgjq.exe
  2⤵
  PID:4812
- C:\Windows\System\tKTJQnv.exe
  C:\Windows\System\tKTJQnv.exe
  2⤵
  PID:4872
- C:\Windows\System\efxhLaP.exe
  C:\Windows\System\efxhLaP.exe
  2⤵
  PID:4956
- C:\Windows\System\SfJHwjG.exe
  C:\Windows\System\SfJHwjG.exe
  2⤵
  PID:4988
- C:\Windows\System\rPPAjXn.exe
  C:\Windows\System\rPPAjXn.exe
  2⤵
  PID:5012
- C:\Windows\System\lXWMwBs.exe
  C:\Windows\System\lXWMwBs.exe
  2⤵
  PID:5088
- C:\Windows\System\TfeVoMY.exe
  C:\Windows\System\TfeVoMY.exe
  2⤵
  PID:3716
- C:\Windows\System\IPylMlm.exe
  C:\Windows\System\IPylMlm.exe
  2⤵
  PID:4008
- C:\Windows\System\kflHNQS.exe
  C:\Windows\System\kflHNQS.exe
  2⤵
  PID:1692
- C:\Windows\System\FvAzABc.exe
  C:\Windows\System\FvAzABc.exe
  2⤵
  PID:4148
- C:\Windows\System\xvFvbTh.exe
  C:\Windows\System\xvFvbTh.exe
  2⤵
  PID:4212
- C:\Windows\System\SbNocbk.exe
  C:\Windows\System\SbNocbk.exe
  2⤵
  PID:4292
- C:\Windows\System\TMAAGSi.exe
  C:\Windows\System\TMAAGSi.exe
  2⤵
  PID:4412
- C:\Windows\System\mSzATXc.exe
  C:\Windows\System\mSzATXc.exe
  2⤵
  PID:4448
- C:\Windows\System\mINjUmE.exe
  C:\Windows\System\mINjUmE.exe
  2⤵
  PID:4488
- C:\Windows\System\LSiqsti.exe
  C:\Windows\System\LSiqsti.exe
  2⤵
  PID:4628
- C:\Windows\System\VuSMFfa.exe
  C:\Windows\System\VuSMFfa.exe
  2⤵
  PID:4692
- C:\Windows\System\TJqTplg.exe
  C:\Windows\System\TJqTplg.exe
  2⤵
  PID:4808
- C:\Windows\System\KKQDtNe.exe
  C:\Windows\System\KKQDtNe.exe
  2⤵
  PID:4892
- C:\Windows\System\XmvUMIj.exe
  C:\Windows\System\XmvUMIj.exe
  2⤵
  PID:5136
- C:\Windows\System\ENuIkAZ.exe
  C:\Windows\System\ENuIkAZ.exe
  2⤵
  PID:5156
- C:\Windows\System\IPFqZWl.exe
  C:\Windows\System\IPFqZWl.exe
  2⤵
  PID:5176
- C:\Windows\System\ItpCLju.exe
  C:\Windows\System\ItpCLju.exe
  2⤵
  PID:5196
- C:\Windows\System\DPyvvWL.exe
  C:\Windows\System\DPyvvWL.exe
  2⤵
  PID:5216
- C:\Windows\System\zHzarVj.exe
  C:\Windows\System\zHzarVj.exe
  2⤵
  PID:5236
- C:\Windows\System\QMIHujr.exe
  C:\Windows\System\QMIHujr.exe
  2⤵
  PID:5256
- C:\Windows\System\yBFbGLS.exe
  C:\Windows\System\yBFbGLS.exe
  2⤵
  PID:5276
- C:\Windows\System\PSXqlju.exe
  C:\Windows\System\PSXqlju.exe
  2⤵
  PID:5296
- C:\Windows\System\EnALIvW.exe
  C:\Windows\System\EnALIvW.exe
  2⤵
  PID:5316
- C:\Windows\System\NGSXWeD.exe
  C:\Windows\System\NGSXWeD.exe
  2⤵
  PID:5336
- C:\Windows\System\HmUOpwP.exe
  C:\Windows\System\HmUOpwP.exe
  2⤵
  PID:5356
- C:\Windows\System\byauViI.exe
  C:\Windows\System\byauViI.exe
  2⤵
  PID:5376
- C:\Windows\System\FTZtlPM.exe
  C:\Windows\System\FTZtlPM.exe
  2⤵
  PID:5396
- C:\Windows\System\pXWoYMf.exe
  C:\Windows\System\pXWoYMf.exe
  2⤵
  PID:5416
- C:\Windows\System\EbKSurc.exe
  C:\Windows\System\EbKSurc.exe
  2⤵
  PID:5436
- C:\Windows\System\kLVDSPk.exe
  C:\Windows\System\kLVDSPk.exe
  2⤵
  PID:5456
- C:\Windows\System\BvzyYFx.exe
  C:\Windows\System\BvzyYFx.exe
  2⤵
  PID:5476
- C:\Windows\System\kVCxAFG.exe
  C:\Windows\System\kVCxAFG.exe
  2⤵
  PID:5496
- C:\Windows\System\ThdvQjo.exe
  C:\Windows\System\ThdvQjo.exe
  2⤵
  PID:5516
- C:\Windows\System\WWWqwCm.exe
  C:\Windows\System\WWWqwCm.exe
  2⤵
  PID:5536
- C:\Windows\System\kWCMaQh.exe
  C:\Windows\System\kWCMaQh.exe
  2⤵
  PID:5556
- C:\Windows\System\mPvFWSd.exe
  C:\Windows\System\mPvFWSd.exe
  2⤵
  PID:5576
- C:\Windows\System\miBDMnV.exe
  C:\Windows\System\miBDMnV.exe
  2⤵
  PID:5596
- C:\Windows\System\ziGjHuQ.exe
  C:\Windows\System\ziGjHuQ.exe
  2⤵
  PID:5616
- C:\Windows\System\geqZNFq.exe
  C:\Windows\System\geqZNFq.exe
  2⤵
  PID:5636
- C:\Windows\System\yCaVEGl.exe
  C:\Windows\System\yCaVEGl.exe
  2⤵
  PID:5656
- C:\Windows\System\GpaYLwc.exe
  C:\Windows\System\GpaYLwc.exe
  2⤵
  PID:5680
- C:\Windows\System\EIxdnXW.exe
  C:\Windows\System\EIxdnXW.exe
  2⤵
  PID:5700
- C:\Windows\System\bHTvKVD.exe
  C:\Windows\System\bHTvKVD.exe
  2⤵
  PID:5720
- C:\Windows\System\bSiwrwF.exe
  C:\Windows\System\bSiwrwF.exe
  2⤵
  PID:5740
- C:\Windows\System\WYdOcyU.exe
  C:\Windows\System\WYdOcyU.exe
  2⤵
  PID:5760
- C:\Windows\System\gqCvXmk.exe
  C:\Windows\System\gqCvXmk.exe
  2⤵
  PID:5780
- C:\Windows\System\KlMZpzR.exe
  C:\Windows\System\KlMZpzR.exe
  2⤵
  PID:5800
- C:\Windows\System\ODnSzQh.exe
  C:\Windows\System\ODnSzQh.exe
  2⤵
  PID:5820
- C:\Windows\System\rigGtXi.exe
  C:\Windows\System\rigGtXi.exe
  2⤵
  PID:5840
- C:\Windows\System\VgUCNWx.exe
  C:\Windows\System\VgUCNWx.exe
  2⤵
  PID:5860
- C:\Windows\System\pWKCkqF.exe
  C:\Windows\System\pWKCkqF.exe
  2⤵
  PID:5880
- C:\Windows\System\xZrlOSI.exe
  C:\Windows\System\xZrlOSI.exe
  2⤵
  PID:5900
- C:\Windows\System\BVMjTgi.exe
  C:\Windows\System\BVMjTgi.exe
  2⤵
  PID:5920
- C:\Windows\System\VZVoqoM.exe
  C:\Windows\System\VZVoqoM.exe
  2⤵
  PID:5940
- C:\Windows\System\jBqwzrK.exe
  C:\Windows\System\jBqwzrK.exe
  2⤵
  PID:5960
- C:\Windows\System\SnVQRsM.exe
  C:\Windows\System\SnVQRsM.exe
  2⤵
  PID:5980
- C:\Windows\System\YdqPGmg.exe
  C:\Windows\System\YdqPGmg.exe
  2⤵
  PID:6000
- C:\Windows\System\AJMGdWu.exe
  C:\Windows\System\AJMGdWu.exe
  2⤵
  PID:6020
- C:\Windows\System\xSctypE.exe
  C:\Windows\System\xSctypE.exe
  2⤵
  PID:6040
- C:\Windows\System\fafqYno.exe
  C:\Windows\System\fafqYno.exe
  2⤵
  PID:6060
- C:\Windows\System\hKbGgCd.exe
  C:\Windows\System\hKbGgCd.exe
  2⤵
  PID:6080
- C:\Windows\System\cVgCrDR.exe
  C:\Windows\System\cVgCrDR.exe
  2⤵
  PID:6100
- C:\Windows\System\mLmoESA.exe
  C:\Windows\System\mLmoESA.exe
  2⤵
  PID:6120
- C:\Windows\System\VaZuvBH.exe
  C:\Windows\System\VaZuvBH.exe
  2⤵
  PID:6140
- C:\Windows\System\EgePTKW.exe
  C:\Windows\System\EgePTKW.exe
  2⤵
  PID:4996
- C:\Windows\System\cijoleb.exe
  C:\Windows\System\cijoleb.exe
  2⤵
  PID:5052
- C:\Windows\System\QKFWcHr.exe
  C:\Windows\System\QKFWcHr.exe
  2⤵
  PID:5112
- C:\Windows\System\Wdxprfa.exe
  C:\Windows\System\Wdxprfa.exe
  2⤵
  PID:3244
- C:\Windows\System\QlAXnUJ.exe
  C:\Windows\System\QlAXnUJ.exe
  2⤵
  PID:1632
- C:\Windows\System\rXjBRSh.exe
  C:\Windows\System\rXjBRSh.exe
  2⤵
  PID:4336
- C:\Windows\System\SyIIsHg.exe
  C:\Windows\System\SyIIsHg.exe
  2⤵
  PID:4556
- C:\Windows\System\zEHHVaV.exe
  C:\Windows\System\zEHHVaV.exe
  2⤵
  PID:1716
- C:\Windows\System\XNZdCFO.exe
  C:\Windows\System\XNZdCFO.exe
  2⤵
  PID:4652
- C:\Windows\System\iUCyfhj.exe
  C:\Windows\System\iUCyfhj.exe
  2⤵
  PID:4876
- C:\Windows\System\uliLUHj.exe
  C:\Windows\System\uliLUHj.exe
  2⤵
  PID:5152
- C:\Windows\System\cXpqDdx.exe
  C:\Windows\System\cXpqDdx.exe
  2⤵
  PID:5204
- C:\Windows\System\HIojMvE.exe
  C:\Windows\System\HIojMvE.exe
  2⤵
  PID:5224
- C:\Windows\System\ZaHWHtz.exe
  C:\Windows\System\ZaHWHtz.exe
  2⤵
  PID:5248
- C:\Windows\System\orfpMTr.exe
  C:\Windows\System\orfpMTr.exe
  2⤵
  PID:5304
- C:\Windows\System\xNjHhmP.exe
  C:\Windows\System\xNjHhmP.exe
  2⤵
  PID:5328
- C:\Windows\System\lOXovHS.exe
  C:\Windows\System\lOXovHS.exe
  2⤵
  PID:5348
- C:\Windows\System\wogQCjf.exe
  C:\Windows\System\wogQCjf.exe
  2⤵
  PID:5384
- C:\Windows\System\oDtTnba.exe
  C:\Windows\System\oDtTnba.exe
  2⤵
  PID:5444
- C:\Windows\System\mKbivXU.exe
  C:\Windows\System\mKbivXU.exe
  2⤵
  PID:5464
- C:\Windows\System\yiRdPJY.exe
  C:\Windows\System\yiRdPJY.exe
  2⤵
  PID:5524
- C:\Windows\System\lFCraox.exe
  C:\Windows\System\lFCraox.exe
  2⤵
  PID:5552
- C:\Windows\System\Mzqlrde.exe
  C:\Windows\System\Mzqlrde.exe
  2⤵
  PID:5584
- C:\Windows\System\BhwLgNO.exe
  C:\Windows\System\BhwLgNO.exe
  2⤵
  PID:5624
- C:\Windows\System\vtAmyDx.exe
  C:\Windows\System\vtAmyDx.exe
  2⤵
  PID:5648
- C:\Windows\System\gXNmdkg.exe
  C:\Windows\System\gXNmdkg.exe
  2⤵
  PID:5736
- C:\Windows\System\xYIraYp.exe
  C:\Windows\System\xYIraYp.exe
  2⤵
  PID:5768
- C:\Windows\System\JJnTrmx.exe
  C:\Windows\System\JJnTrmx.exe
  2⤵
  PID:5808
- C:\Windows\System\ZBYIRnn.exe
  C:\Windows\System\ZBYIRnn.exe
  2⤵
  PID:5828
- C:\Windows\System\GNnFLbf.exe
  C:\Windows\System\GNnFLbf.exe
  2⤵
  PID:5832
- C:\Windows\System\uUKXHRX.exe
  C:\Windows\System\uUKXHRX.exe
  2⤵
  PID:5872
- C:\Windows\System\QXHHjjM.exe
  C:\Windows\System\QXHHjjM.exe
  2⤵
  PID:5912
- C:\Windows\System\SwCPfQQ.exe
  C:\Windows\System\SwCPfQQ.exe
  2⤵
  PID:5956
- C:\Windows\System\mjEjKRu.exe
  C:\Windows\System\mjEjKRu.exe
  2⤵
  PID:6008
- C:\Windows\System\cpJUGHu.exe
  C:\Windows\System\cpJUGHu.exe
  2⤵
  PID:6048
- C:\Windows\System\cwTzbwz.exe
  C:\Windows\System\cwTzbwz.exe
  2⤵
  PID:6068
- C:\Windows\System\YDGpUqU.exe
  C:\Windows\System\YDGpUqU.exe
  2⤵
  PID:6092
- C:\Windows\System\KHUFejT.exe
  C:\Windows\System\KHUFejT.exe
  2⤵
  PID:6136
- C:\Windows\System\ruDwgRi.exe
  C:\Windows\System\ruDwgRi.exe
  2⤵
  PID:324
- C:\Windows\System\NkSQgKL.exe
  C:\Windows\System\NkSQgKL.exe
  2⤵
  PID:3888
- C:\Windows\System\EMolujh.exe
  C:\Windows\System\EMolujh.exe
  2⤵
  PID:4256
- C:\Windows\System\xypJoMU.exe
  C:\Windows\System\xypJoMU.exe
  2⤵
  PID:4328
- C:\Windows\System\zvIgTQh.exe
  C:\Windows\System\zvIgTQh.exe
  2⤵
  PID:1700
- C:\Windows\System\qiOdAJH.exe
  C:\Windows\System\qiOdAJH.exe
  2⤵
  PID:4748
- C:\Windows\System\oOSnNUj.exe
  C:\Windows\System\oOSnNUj.exe
  2⤵
  PID:5172
- C:\Windows\System\hyFYbbg.exe
  C:\Windows\System\hyFYbbg.exe
  2⤵
  PID:5208
- C:\Windows\System\qPAskfM.exe
  C:\Windows\System\qPAskfM.exe
  2⤵
  PID:5292
- C:\Windows\System\bDfSXve.exe
  C:\Windows\System\bDfSXve.exe
  2⤵
  PID:5332
- C:\Windows\System\CcDRwBP.exe
  C:\Windows\System\CcDRwBP.exe
  2⤵
  PID:5424
- C:\Windows\System\RoYeIyb.exe
  C:\Windows\System\RoYeIyb.exe
  2⤵
  PID:5432
- C:\Windows\System\qNvZeYc.exe
  C:\Windows\System\qNvZeYc.exe
  2⤵
  PID:5512
- C:\Windows\System\rLhTtzh.exe
  C:\Windows\System\rLhTtzh.exe
  2⤵
  PID:5548
- C:\Windows\System\AvXUIBP.exe
  C:\Windows\System\AvXUIBP.exe
  2⤵
  PID:5612
- C:\Windows\System\VmVqbfV.exe
  C:\Windows\System\VmVqbfV.exe
  2⤵
  PID:5676
- C:\Windows\System\nrVVWAt.exe
  C:\Windows\System\nrVVWAt.exe
  2⤵
  PID:5788
- C:\Windows\System\czyZhcH.exe
  C:\Windows\System\czyZhcH.exe
  2⤵
  PID:5888
- C:\Windows\System\MrhDZRW.exe
  C:\Windows\System\MrhDZRW.exe
  2⤵
  PID:5908
- C:\Windows\System\viLqxdr.exe
  C:\Windows\System\viLqxdr.exe
  2⤵
  PID:5968
- C:\Windows\System\TcQwGwf.exe
  C:\Windows\System\TcQwGwf.exe
  2⤵
  PID:5972
- C:\Windows\System\PVgKFuc.exe
  C:\Windows\System\PVgKFuc.exe
  2⤵
  PID:6096
- C:\Windows\System\zUwtuEd.exe
  C:\Windows\System\zUwtuEd.exe
  2⤵
  PID:348
- C:\Windows\System\XalXBTU.exe
  C:\Windows\System\XalXBTU.exe
  2⤵
  PID:4132
- C:\Windows\System\ZgiqFnO.exe
  C:\Windows\System\ZgiqFnO.exe
  2⤵
  PID:4572
- C:\Windows\System\UWQOWrk.exe
  C:\Windows\System\UWQOWrk.exe
  2⤵
  PID:4476
- C:\Windows\System\lIsUwlY.exe
  C:\Windows\System\lIsUwlY.exe
  2⤵
  PID:4792
- C:\Windows\System\TSTgjwS.exe
  C:\Windows\System\TSTgjwS.exe
  2⤵
  PID:5228
- C:\Windows\System\ZPqltKT.exe
  C:\Windows\System\ZPqltKT.exe
  2⤵
  PID:5372
- C:\Windows\System\zRDulIP.exe
  C:\Windows\System\zRDulIP.exe
  2⤵
  PID:5404
- C:\Windows\System\afWTzzq.exe
  C:\Windows\System\afWTzzq.exe
  2⤵
  PID:5428
- C:\Windows\System\dGhIYJW.exe
  C:\Windows\System\dGhIYJW.exe
  2⤵
  PID:5652
- C:\Windows\System\gAQdXnn.exe
  C:\Windows\System\gAQdXnn.exe
  2⤵
  PID:5816
- C:\Windows\System\vGDXUvr.exe
  C:\Windows\System\vGDXUvr.exe
  2⤵
  PID:5896
- C:\Windows\System\sQCdqoW.exe
  C:\Windows\System\sQCdqoW.exe
  2⤵
  PID:6152
- C:\Windows\System\QKCbCcK.exe
  C:\Windows\System\QKCbCcK.exe
  2⤵
  PID:6172
- C:\Windows\System\sKcWdIL.exe
  C:\Windows\System\sKcWdIL.exe
  2⤵
  PID:6192
- C:\Windows\System\ZoyETQp.exe
  C:\Windows\System\ZoyETQp.exe
  2⤵
  PID:6212
- C:\Windows\System\SJpxwWo.exe
  C:\Windows\System\SJpxwWo.exe
  2⤵
  PID:6232
- C:\Windows\System\uCkGsSL.exe
  C:\Windows\System\uCkGsSL.exe
  2⤵
  PID:6252
- C:\Windows\System\SVHINfH.exe
  C:\Windows\System\SVHINfH.exe
  2⤵
  PID:6272
- C:\Windows\System\QKHpxIG.exe
  C:\Windows\System\QKHpxIG.exe
  2⤵
  PID:6292
- C:\Windows\System\mJbdZAa.exe
  C:\Windows\System\mJbdZAa.exe
  2⤵
  PID:6312
- C:\Windows\System\gSSrViY.exe
  C:\Windows\System\gSSrViY.exe
  2⤵
  PID:6332
- C:\Windows\System\CQteHhJ.exe
  C:\Windows\System\CQteHhJ.exe
  2⤵
  PID:6352
- C:\Windows\System\tjkgnQg.exe
  C:\Windows\System\tjkgnQg.exe
  2⤵
  PID:6372
- C:\Windows\System\FCZoYIf.exe
  C:\Windows\System\FCZoYIf.exe
  2⤵
  PID:6392
- C:\Windows\System\PkiOyJw.exe
  C:\Windows\System\PkiOyJw.exe
  2⤵
  PID:6412
- C:\Windows\System\PjbgzxT.exe
  C:\Windows\System\PjbgzxT.exe
  2⤵
  PID:6432
- C:\Windows\System\ZYRUSKJ.exe
  C:\Windows\System\ZYRUSKJ.exe
  2⤵
  PID:6452
- C:\Windows\System\gjppKDX.exe
  C:\Windows\System\gjppKDX.exe
  2⤵
  PID:6472
- C:\Windows\System\kxIuzEX.exe
  C:\Windows\System\kxIuzEX.exe
  2⤵
  PID:6492
- C:\Windows\System\NupcOUx.exe
  C:\Windows\System\NupcOUx.exe
  2⤵
  PID:6512
- C:\Windows\System\PFpVknL.exe
  C:\Windows\System\PFpVknL.exe
  2⤵
  PID:6532
- C:\Windows\System\DQxrCiM.exe
  C:\Windows\System\DQxrCiM.exe
  2⤵
  PID:6552
- C:\Windows\System\NQqLpzl.exe
  C:\Windows\System\NQqLpzl.exe
  2⤵
  PID:6572
- C:\Windows\System\ecdlynK.exe
  C:\Windows\System\ecdlynK.exe
  2⤵
  PID:6592
- C:\Windows\System\eNgVzwA.exe
  C:\Windows\System\eNgVzwA.exe
  2⤵
  PID:6612
- C:\Windows\System\JBpagtj.exe
  C:\Windows\System\JBpagtj.exe
  2⤵
  PID:6632
- C:\Windows\System\MlmyAbw.exe
  C:\Windows\System\MlmyAbw.exe
  2⤵
  PID:6652
- C:\Windows\System\FNBmBPl.exe
  C:\Windows\System\FNBmBPl.exe
  2⤵
  PID:6672
- C:\Windows\System\NPMUnZo.exe
  C:\Windows\System\NPMUnZo.exe
  2⤵
  PID:6692
- C:\Windows\System\ZDSAVsE.exe
  C:\Windows\System\ZDSAVsE.exe
  2⤵
  PID:6712
- C:\Windows\System\DPkSpEy.exe
  C:\Windows\System\DPkSpEy.exe
  2⤵
  PID:6732
- C:\Windows\System\oiVPvAo.exe
  C:\Windows\System\oiVPvAo.exe
  2⤵
  PID:6752
- C:\Windows\System\dOiVtJC.exe
  C:\Windows\System\dOiVtJC.exe
  2⤵
  PID:6772
- C:\Windows\System\BqMFTyO.exe
  C:\Windows\System\BqMFTyO.exe
  2⤵
  PID:6792
- C:\Windows\System\AJILBEP.exe
  C:\Windows\System\AJILBEP.exe
  2⤵
  PID:6812
- C:\Windows\System\zKudEuH.exe
  C:\Windows\System\zKudEuH.exe
  2⤵
  PID:6832
- C:\Windows\System\tvUIcXV.exe
  C:\Windows\System\tvUIcXV.exe
  2⤵
  PID:6852
- C:\Windows\System\hzqVUgj.exe
  C:\Windows\System\hzqVUgj.exe
  2⤵
  PID:6872
- C:\Windows\System\YQZwFUP.exe
  C:\Windows\System\YQZwFUP.exe
  2⤵
  PID:6892
- C:\Windows\System\WZsTXAN.exe
  C:\Windows\System\WZsTXAN.exe
  2⤵
  PID:6912
- C:\Windows\System\djliwlU.exe
  C:\Windows\System\djliwlU.exe
  2⤵
  PID:6932
- C:\Windows\System\ipfwSsp.exe
  C:\Windows\System\ipfwSsp.exe
  2⤵
  PID:6952
- C:\Windows\System\UXYfgws.exe
  C:\Windows\System\UXYfgws.exe
  2⤵
  PID:6972
- C:\Windows\System\QmysCKy.exe
  C:\Windows\System\QmysCKy.exe
  2⤵
  PID:6992
- C:\Windows\System\uycFuIl.exe
  C:\Windows\System\uycFuIl.exe
  2⤵
  PID:7012
- C:\Windows\System\BihRprl.exe
  C:\Windows\System\BihRprl.exe
  2⤵
  PID:7036
- C:\Windows\System\JBazaOR.exe
  C:\Windows\System\JBazaOR.exe
  2⤵
  PID:7056
- C:\Windows\System\wtAHurB.exe
  C:\Windows\System\wtAHurB.exe
  2⤵
  PID:7076
- C:\Windows\System\wOjveCo.exe
  C:\Windows\System\wOjveCo.exe
  2⤵
  PID:7096
- C:\Windows\System\tURmmVH.exe
  C:\Windows\System\tURmmVH.exe
  2⤵
  PID:7116
- C:\Windows\System\ArFTsay.exe
  C:\Windows\System\ArFTsay.exe
  2⤵
  PID:7136
- C:\Windows\System\qkmepqA.exe
  C:\Windows\System\qkmepqA.exe
  2⤵
  PID:7156
- C:\Windows\System\OzXiaKY.exe
  C:\Windows\System\OzXiaKY.exe
  2⤵
  PID:5996
- C:\Windows\System\LbixELH.exe
  C:\Windows\System\LbixELH.exe
  2⤵
  PID:6052
- C:\Windows\System\aAzMVTa.exe
  C:\Windows\System\aAzMVTa.exe
  2⤵
  PID:6116
- C:\Windows\System\uJlhiGf.exe
  C:\Windows\System\uJlhiGf.exe
  2⤵
  PID:5116
- C:\Windows\System\GqjTnXT.exe
  C:\Windows\System\GqjTnXT.exe
  2⤵
  PID:4268
- C:\Windows\System\DSEZAYJ.exe
  C:\Windows\System\DSEZAYJ.exe
  2⤵
  PID:5252
- C:\Windows\System\RpGtGRD.exe
  C:\Windows\System\RpGtGRD.exe
  2⤵
  PID:5468
- C:\Windows\System\GfqjlhC.exe
  C:\Windows\System\GfqjlhC.exe
  2⤵
  PID:5568
- C:\Windows\System\NzvTmig.exe
  C:\Windows\System\NzvTmig.exe
  2⤵
  PID:5812
- C:\Windows\System\yygZMEJ.exe
  C:\Windows\System\yygZMEJ.exe
  2⤵
  PID:5916
- C:\Windows\System\YqujNFP.exe
  C:\Windows\System\YqujNFP.exe
  2⤵
  PID:6180
- C:\Windows\System\cSnDqYD.exe
  C:\Windows\System\cSnDqYD.exe
  2⤵
  PID:2604
- C:\Windows\System\ZsvJHPz.exe
  C:\Windows\System\ZsvJHPz.exe
  2⤵
  PID:6240
- C:\Windows\System\rJYxBXD.exe
  C:\Windows\System\rJYxBXD.exe
  2⤵
  PID:6264
- C:\Windows\System\lNFVSsH.exe
  C:\Windows\System\lNFVSsH.exe
  2⤵
  PID:6308
- C:\Windows\System\bOzAIcT.exe
  C:\Windows\System\bOzAIcT.exe
  2⤵
  PID:6348
- C:\Windows\System\PvMZaot.exe
  C:\Windows\System\PvMZaot.exe
  2⤵
  PID:6368
- C:\Windows\System\cvZURvl.exe
  C:\Windows\System\cvZURvl.exe
  2⤵
  PID:6400
- C:\Windows\System\tDnaMfe.exe
  C:\Windows\System\tDnaMfe.exe
  2⤵
  PID:6424
- C:\Windows\System\uTDMPel.exe
  C:\Windows\System\uTDMPel.exe
  2⤵
  PID:6448
- C:\Windows\System\iMEsfVv.exe
  C:\Windows\System\iMEsfVv.exe
  2⤵
  PID:6500
- C:\Windows\System\MnstOhh.exe
  C:\Windows\System\MnstOhh.exe
  2⤵
  PID:6524
- C:\Windows\System\ikkqNLr.exe
  C:\Windows\System\ikkqNLr.exe
  2⤵
  PID:6568
- C:\Windows\System\JUbdIAM.exe
  C:\Windows\System\JUbdIAM.exe
  2⤵
  PID:6620
- C:\Windows\System\MJOpihM.exe
  C:\Windows\System\MJOpihM.exe
  2⤵
  PID:6624
- C:\Windows\System\KzxzuJw.exe
  C:\Windows\System\KzxzuJw.exe
  2⤵
  PID:6668
- C:\Windows\System\BMYZgCu.exe
  C:\Windows\System\BMYZgCu.exe
  2⤵
  PID:6688
- C:\Windows\System\cHsBYbH.exe
  C:\Windows\System\cHsBYbH.exe
  2⤵
  PID:6740
- C:\Windows\System\qTKyhVj.exe
  C:\Windows\System\qTKyhVj.exe
  2⤵
  PID:6780
- C:\Windows\System\lGMAQnc.exe
  C:\Windows\System\lGMAQnc.exe
  2⤵
  PID:6800
- C:\Windows\System\aqiPFPT.exe
  C:\Windows\System\aqiPFPT.exe
  2⤵
  PID:6824
- C:\Windows\System\ybPPgpd.exe
  C:\Windows\System\ybPPgpd.exe
  2⤵
  PID:6844
- C:\Windows\System\RnNuLxF.exe
  C:\Windows\System\RnNuLxF.exe
  2⤵
  PID:6884
- C:\Windows\System\tbuPKrj.exe
  C:\Windows\System\tbuPKrj.exe
  2⤵
  PID:6948
- C:\Windows\System\hGYfXfT.exe
  C:\Windows\System\hGYfXfT.exe
  2⤵
  PID:6980
- C:\Windows\System\UVoodrX.exe
  C:\Windows\System\UVoodrX.exe
  2⤵
  PID:7000
- C:\Windows\System\brIsgfx.exe
  C:\Windows\System\brIsgfx.exe
  2⤵
  PID:7024
- C:\Windows\System\CAtETBy.exe
  C:\Windows\System\CAtETBy.exe
  2⤵
  PID:7068
- C:\Windows\System\FLYCDzn.exe
  C:\Windows\System\FLYCDzn.exe
  2⤵
  PID:7108
- C:\Windows\System\LojniKF.exe
  C:\Windows\System\LojniKF.exe
  2⤵
  PID:7132
- C:\Windows\System\IMbIJHt.exe
  C:\Windows\System\IMbIJHt.exe
  2⤵
  PID:7164
- C:\Windows\System\VYqMaUl.exe
  C:\Windows\System\VYqMaUl.exe
  2⤵
  PID:6032
- C:\Windows\System\AIFjyuQ.exe
  C:\Windows\System\AIFjyuQ.exe
  2⤵
  PID:668
- C:\Windows\System\MGCAyIA.exe
  C:\Windows\System\MGCAyIA.exe
  2⤵
  PID:5144
- C:\Windows\System\dhejmRH.exe
  C:\Windows\System\dhejmRH.exe
  2⤵
  PID:5364
- C:\Windows\System\geWoHVq.exe
  C:\Windows\System\geWoHVq.exe
  2⤵
  PID:5712
- C:\Windows\System\SjYOcSV.exe
  C:\Windows\System\SjYOcSV.exe
  2⤵
  PID:5848
- C:\Windows\System\ouWsnJN.exe
  C:\Windows\System\ouWsnJN.exe
  2⤵
  PID:2700
- C:\Windows\System\yDPDakL.exe
  C:\Windows\System\yDPDakL.exe
  2⤵
  PID:6244
- C:\Windows\System\oVeRvPR.exe
  C:\Windows\System\oVeRvPR.exe
  2⤵
  PID:6300
- C:\Windows\System\WZjjfVu.exe
  C:\Windows\System\WZjjfVu.exe
  2⤵
  PID:6388
- C:\Windows\System\DPocrEH.exe
  C:\Windows\System\DPocrEH.exe
  2⤵
  PID:6384
- C:\Windows\System\jLvECYU.exe
  C:\Windows\System\jLvECYU.exe
  2⤵
  PID:6444
- C:\Windows\System\iXBiKre.exe
  C:\Windows\System\iXBiKre.exe
  2⤵
  PID:6488
- C:\Windows\System\OnXtEwh.exe
  C:\Windows\System\OnXtEwh.exe
  2⤵
  PID:6548
- C:\Windows\System\vBCXBxh.exe
  C:\Windows\System\vBCXBxh.exe
  2⤵
  PID:6544
- C:\Windows\System\ekSWukp.exe
  C:\Windows\System\ekSWukp.exe
  2⤵
  PID:6644
- C:\Windows\System\ywLPgTJ.exe
  C:\Windows\System\ywLPgTJ.exe
  2⤵
  PID:6708
- C:\Windows\System\XXFwgOG.exe
  C:\Windows\System\XXFwgOG.exe
  2⤵
  PID:6784
- C:\Windows\System\VrLWTkr.exe
  C:\Windows\System\VrLWTkr.exe
  2⤵
  PID:6760
- C:\Windows\System\nRICkuK.exe
  C:\Windows\System\nRICkuK.exe
  2⤵
  PID:6864
- C:\Windows\System\PCLMmtR.exe
  C:\Windows\System\PCLMmtR.exe
  2⤵
  PID:6880
- C:\Windows\System\AFbthyn.exe
  C:\Windows\System\AFbthyn.exe
  2⤵
  PID:6968
- C:\Windows\System\dmNjjdq.exe
  C:\Windows\System\dmNjjdq.exe
  2⤵
  PID:6964
- C:\Windows\System\HKAktRb.exe
  C:\Windows\System\HKAktRb.exe
  2⤵
  PID:7048
- C:\Windows\System\WuTVgKq.exe
  C:\Windows\System\WuTVgKq.exe
  2⤵
  PID:7092
- C:\Windows\System\uFIAknE.exe
  C:\Windows\System\uFIAknE.exe
  2⤵
  PID:5928
- C:\Windows\System\JqHMwfM.exe
  C:\Windows\System\JqHMwfM.exe
  2⤵
  PID:5948
- C:\Windows\System\GStxrVT.exe
  C:\Windows\System\GStxrVT.exe
  2⤵
  PID:2748
- C:\Windows\System\xCVMbOy.exe
  C:\Windows\System\xCVMbOy.exe
  2⤵
  PID:5492
- C:\Windows\System\lFWApwh.exe
  C:\Windows\System\lFWApwh.exe
  2⤵
  PID:2024
- C:\Windows\System\sUWUcVK.exe
  C:\Windows\System\sUWUcVK.exe
  2⤵
  PID:2620
- C:\Windows\System\kfFbyYp.exe
  C:\Windows\System\kfFbyYp.exe
  2⤵
  PID:6288
- C:\Windows\System\lcCverx.exe
  C:\Windows\System\lcCverx.exe
  2⤵
  PID:6320
- C:\Windows\System\LVkxmkv.exe
  C:\Windows\System\LVkxmkv.exe
  2⤵
  PID:6464
- C:\Windows\System\fEOmygW.exe
  C:\Windows\System\fEOmygW.exe
  2⤵
  PID:6584
- C:\Windows\System\FvzXWol.exe
  C:\Windows\System\FvzXWol.exe
  2⤵
  PID:6520
- C:\Windows\System\BEojGGv.exe
  C:\Windows\System\BEojGGv.exe
  2⤵
  PID:1888
- C:\Windows\System\YvwFbjd.exe
  C:\Windows\System\YvwFbjd.exe
  2⤵
  PID:6724
- C:\Windows\System\qjoRvVO.exe
  C:\Windows\System\qjoRvVO.exe
  2⤵
  PID:6768
- C:\Windows\System\uMoBgIw.exe
  C:\Windows\System\uMoBgIw.exe
  2⤵
  PID:3240
- C:\Windows\System\IldUmvc.exe
  C:\Windows\System\IldUmvc.exe
  2⤵
  PID:6904
- C:\Windows\System\UKoQixR.exe
  C:\Windows\System\UKoQixR.exe
  2⤵
  PID:7008
- C:\Windows\System\xZbxRrU.exe
  C:\Windows\System\xZbxRrU.exe
  2⤵
  PID:7104
- C:\Windows\System\nLsIRzq.exe
  C:\Windows\System\nLsIRzq.exe
  2⤵
  PID:6076
- C:\Windows\System\fyeNyyc.exe
  C:\Windows\System\fyeNyyc.exe
  2⤵
  PID:1708
- C:\Windows\System\DFVzVOv.exe
  C:\Windows\System\DFVzVOv.exe
  2⤵
  PID:2652
- C:\Windows\System\IiySZSq.exe
  C:\Windows\System\IiySZSq.exe
  2⤵
  PID:5668
- C:\Windows\System\wKSKPOA.exe
  C:\Windows\System\wKSKPOA.exe
  2⤵
  PID:6224
- C:\Windows\System\NHZQNlP.exe
  C:\Windows\System\NHZQNlP.exe
  2⤵
  PID:6420
- C:\Windows\System\ReYjxso.exe
  C:\Windows\System\ReYjxso.exe
  2⤵
  PID:6484
- C:\Windows\System\knJuBzP.exe
  C:\Windows\System\knJuBzP.exe
  2⤵
  PID:3692
- C:\Windows\System\fPGWNGW.exe
  C:\Windows\System\fPGWNGW.exe
  2⤵
  PID:1684
- C:\Windows\System\PEhZtkt.exe
  C:\Windows\System\PEhZtkt.exe
  2⤵
  PID:1176
- C:\Windows\System\PvYSsbM.exe
  C:\Windows\System\PvYSsbM.exe
  2⤵
  PID:1392
- C:\Windows\System\LHIyBGU.exe
  C:\Windows\System\LHIyBGU.exe
  2⤵
  PID:2612
- C:\Windows\System\srXCdbu.exe
  C:\Windows\System\srXCdbu.exe
  2⤵
  PID:7112
- C:\Windows\System\JunYsuH.exe
  C:\Windows\System\JunYsuH.exe
  2⤵
  PID:5352
- C:\Windows\System\dGTWzfJ.exe
  C:\Windows\System\dGTWzfJ.exe
  2⤵
  PID:712
- C:\Windows\System\BqCpaNy.exe
  C:\Windows\System\BqCpaNy.exe
  2⤵
  PID:2644
- C:\Windows\System\utAhBsg.exe
  C:\Windows\System\utAhBsg.exe
  2⤵
  PID:6304
- C:\Windows\System\ChUtVSN.exe
  C:\Windows\System\ChUtVSN.exe
  2⤵
  PID:2328
- C:\Windows\System\hYNXvYU.exe
  C:\Windows\System\hYNXvYU.exe
  2⤵
  PID:2472
- C:\Windows\System\dkHQahc.exe
  C:\Windows\System\dkHQahc.exe
  2⤵
  PID:6680
- C:\Windows\System\PMHTmFF.exe
  C:\Windows\System\PMHTmFF.exe
  2⤵
  PID:6700
- C:\Windows\System\rMZusuo.exe
  C:\Windows\System\rMZusuo.exe
  2⤵
  PID:6840
- C:\Windows\System\lkIvdjW.exe
  C:\Windows\System\lkIvdjW.exe
  2⤵
  PID:1540
- C:\Windows\System\mbiBPnJ.exe
  C:\Windows\System\mbiBPnJ.exe
  2⤵
  PID:2692
- C:\Windows\System\DzxhUMV.exe
  C:\Windows\System\DzxhUMV.exe
  2⤵
  PID:1676
- C:\Windows\System\XFpWCoe.exe
  C:\Windows\System\XFpWCoe.exe
  2⤵
  PID:6188
- C:\Windows\System\LaHyvpk.exe
  C:\Windows\System\LaHyvpk.exe
  2⤵
  PID:2924
- C:\Windows\System\GFgHAYe.exe
  C:\Windows\System\GFgHAYe.exe
  2⤵
  PID:6220
- C:\Windows\System\jhUxXOg.exe
  C:\Windows\System\jhUxXOg.exe
  2⤵
  PID:1672
- C:\Windows\System\mbytyXN.exe
  C:\Windows\System\mbytyXN.exe
  2⤵
  PID:2904
- C:\Windows\System\mnytuqJ.exe
  C:\Windows\System\mnytuqJ.exe
  2⤵
  PID:2624
- C:\Windows\System\MFPNcuz.exe
  C:\Windows\System\MFPNcuz.exe
  2⤵
  PID:772
- C:\Windows\System\zrRaIKV.exe
  C:\Windows\System\zrRaIKV.exe
  2⤵
  PID:6148
- C:\Windows\System\jQAThCe.exe
  C:\Windows\System\jQAThCe.exe
  2⤵
  PID:1832
- C:\Windows\System\yTKUgSN.exe
  C:\Windows\System\yTKUgSN.exe
  2⤵
  PID:6404
- C:\Windows\System\LWFEPLT.exe
  C:\Windows\System\LWFEPLT.exe
  2⤵
  PID:7176
- C:\Windows\System\uwkOEhs.exe
  C:\Windows\System\uwkOEhs.exe
  2⤵
  PID:7192
- C:\Windows\System\EzgPrmy.exe
  C:\Windows\System\EzgPrmy.exe
  2⤵
  PID:7216
- C:\Windows\System\MuVHMdN.exe
  C:\Windows\System\MuVHMdN.exe
  2⤵
  PID:7244
- C:\Windows\System\MGKaEvf.exe
  C:\Windows\System\MGKaEvf.exe
  2⤵
  PID:7272
- C:\Windows\System\hdsSGYC.exe
  C:\Windows\System\hdsSGYC.exe
  2⤵
  PID:7292
- C:\Windows\System\ZbLFkCV.exe
  C:\Windows\System\ZbLFkCV.exe
  2⤵
  PID:7308
- C:\Windows\System\qKxUqjm.exe
  C:\Windows\System\qKxUqjm.exe
  2⤵
  PID:7328
- C:\Windows\System\FGmwzrD.exe
  C:\Windows\System\FGmwzrD.exe
  2⤵
  PID:7344
- C:\Windows\System\EDiOexa.exe
  C:\Windows\System\EDiOexa.exe
  2⤵
  PID:7360
- C:\Windows\System\HZzfXOT.exe
  C:\Windows\System\HZzfXOT.exe
  2⤵
  PID:7384
- C:\Windows\System\qgJXNsx.exe
  C:\Windows\System\qgJXNsx.exe
  2⤵
  PID:7404
- C:\Windows\System\TbJxjWo.exe
  C:\Windows\System\TbJxjWo.exe
  2⤵
  PID:7420
- C:\Windows\System\dPTEFZN.exe
  C:\Windows\System\dPTEFZN.exe
  2⤵
  PID:7440
- C:\Windows\System\pEQPZND.exe
  C:\Windows\System\pEQPZND.exe
  2⤵
  PID:7460
- C:\Windows\System\YNVPhhk.exe
  C:\Windows\System\YNVPhhk.exe
  2⤵
  PID:7480
- C:\Windows\System\PARghMs.exe
  C:\Windows\System\PARghMs.exe
  2⤵
  PID:7508
- C:\Windows\System\QuABIqK.exe
  C:\Windows\System\QuABIqK.exe
  2⤵
  PID:7524
- C:\Windows\System\HfbPgIj.exe
  C:\Windows\System\HfbPgIj.exe
  2⤵
  PID:7556
- C:\Windows\System\bmcXpoO.exe
  C:\Windows\System\bmcXpoO.exe
  2⤵
  PID:7572
- C:\Windows\System\lqASrOZ.exe
  C:\Windows\System\lqASrOZ.exe
  2⤵
  PID:7588
- C:\Windows\System\hFyGioc.exe
  C:\Windows\System\hFyGioc.exe
  2⤵
  PID:7612
- C:\Windows\System\VFWVSJL.exe
  C:\Windows\System\VFWVSJL.exe
  2⤵
  PID:7628
- C:\Windows\System\mivJQsJ.exe
  C:\Windows\System\mivJQsJ.exe
  2⤵
  PID:7644
- C:\Windows\System\ireJAeJ.exe
  C:\Windows\System\ireJAeJ.exe
  2⤵
  PID:7660
- C:\Windows\System\BWaFszb.exe
  C:\Windows\System\BWaFszb.exe
  2⤵
  PID:7680
- C:\Windows\System\kLwBgBk.exe
  C:\Windows\System\kLwBgBk.exe
  2⤵
  PID:7704
- C:\Windows\System\kfSenan.exe
  C:\Windows\System\kfSenan.exe
  2⤵
  PID:7724
- C:\Windows\System\XvmEYqJ.exe
  C:\Windows\System\XvmEYqJ.exe
  2⤵
  PID:7748
- C:\Windows\System\Hxkmzca.exe
  C:\Windows\System\Hxkmzca.exe
  2⤵
  PID:7764
- C:\Windows\System\OcTrYLO.exe
  C:\Windows\System\OcTrYLO.exe
  2⤵
  PID:7780
- C:\Windows\System\qriVucq.exe
  C:\Windows\System\qriVucq.exe
  2⤵
  PID:7808
- C:\Windows\System\EjffIdY.exe
  C:\Windows\System\EjffIdY.exe
  2⤵
  PID:7832
- C:\Windows\System\JRMhmLP.exe
  C:\Windows\System\JRMhmLP.exe
  2⤵
  PID:7848
- C:\Windows\System\vQcOkfn.exe
  C:\Windows\System\vQcOkfn.exe
  2⤵
  PID:7864
- C:\Windows\System\xeVspdW.exe
  C:\Windows\System\xeVspdW.exe
  2⤵
  PID:7880
- C:\Windows\System\KXdNKlK.exe
  C:\Windows\System\KXdNKlK.exe
  2⤵
  PID:7896
- C:\Windows\System\ueWjKNW.exe
  C:\Windows\System\ueWjKNW.exe
  2⤵
  PID:7916
- C:\Windows\System\OETKZcq.exe
  C:\Windows\System\OETKZcq.exe
  2⤵
  PID:7932
- C:\Windows\System\nZSqXxX.exe
  C:\Windows\System\nZSqXxX.exe
  2⤵
  PID:7948
- C:\Windows\System\RwygFyf.exe
  C:\Windows\System\RwygFyf.exe
  2⤵
  PID:7984
- C:\Windows\System\LqGRKIr.exe
  C:\Windows\System\LqGRKIr.exe
  2⤵
  PID:8004
- C:\Windows\System\gdDrqAx.exe
  C:\Windows\System\gdDrqAx.exe
  2⤵
  PID:8036
- C:\Windows\System\SAzxKEC.exe
  C:\Windows\System\SAzxKEC.exe
  2⤵
  PID:8052
- C:\Windows\System\gjYKnqy.exe
  C:\Windows\System\gjYKnqy.exe
  2⤵
  PID:8068
- C:\Windows\System\UHcenMN.exe
  C:\Windows\System\UHcenMN.exe
  2⤵
  PID:8092
- C:\Windows\System\sszNSTT.exe
  C:\Windows\System\sszNSTT.exe
  2⤵
  PID:8108
- C:\Windows\System\nSqVrci.exe
  C:\Windows\System\nSqVrci.exe
  2⤵
  PID:8124
- C:\Windows\System\UfYflBj.exe
  C:\Windows\System\UfYflBj.exe
  2⤵
  PID:8144
- C:\Windows\System\DBFRtLW.exe
  C:\Windows\System\DBFRtLW.exe
  2⤵
  PID:8160
- C:\Windows\System\kREIOnd.exe
  C:\Windows\System\kREIOnd.exe
  2⤵
  PID:8176
- C:\Windows\System\XaUZYVY.exe
  C:\Windows\System\XaUZYVY.exe
  2⤵
  PID:2400
- C:\Windows\System\DrKUvgA.exe
  C:\Windows\System\DrKUvgA.exe
  2⤵
  PID:1172
- C:\Windows\System\DNgxCNh.exe
  C:\Windows\System\DNgxCNh.exe
  2⤵
  PID:7212
- C:\Windows\System\nNpMIke.exe
  C:\Windows\System\nNpMIke.exe
  2⤵
  PID:1000
- C:\Windows\System\eEtnurQ.exe
  C:\Windows\System\eEtnurQ.exe
  2⤵
  PID:7240
- C:\Windows\System\whzZJjj.exe
  C:\Windows\System\whzZJjj.exe
  2⤵
  PID:1420
- C:\Windows\System\ghOePwp.exe
  C:\Windows\System\ghOePwp.exe
  2⤵
  PID:7300
- C:\Windows\System\KNZPbOG.exe
  C:\Windows\System\KNZPbOG.exe
  2⤵
  PID:7284
- C:\Windows\System\anPDZcb.exe
  C:\Windows\System\anPDZcb.exe
  2⤵
  PID:7316
- C:\Windows\System\bjGQBed.exe
  C:\Windows\System\bjGQBed.exe
  2⤵
  PID:7376
- C:\Windows\System\OfPKPWI.exe
  C:\Windows\System\OfPKPWI.exe
  2⤵
  PID:7416
- C:\Windows\System\ZPFzbdD.exe
  C:\Windows\System\ZPFzbdD.exe
  2⤵
  PID:7392
- C:\Windows\System\pvVhSDu.exe
  C:\Windows\System\pvVhSDu.exe
  2⤵
  PID:7504
- C:\Windows\System\btYcfmg.exe
  C:\Windows\System\btYcfmg.exe
  2⤵
  PID:7400
- C:\Windows\System\zSFhtHr.exe
  C:\Windows\System\zSFhtHr.exe
  2⤵
  PID:7468
- C:\Windows\System\Cqtfivy.exe
  C:\Windows\System\Cqtfivy.exe
  2⤵
  PID:7536
- C:\Windows\System\vzfyzZh.exe
  C:\Windows\System\vzfyzZh.exe
  2⤵
  PID:7548
- C:\Windows\System\qIMfCho.exe
  C:\Windows\System\qIMfCho.exe
  2⤵
  PID:7568
- C:\Windows\System\RMMwUxD.exe
  C:\Windows\System\RMMwUxD.exe
  2⤵
  PID:7604
- C:\Windows\System\AScxFiW.exe
  C:\Windows\System\AScxFiW.exe
  2⤵
  PID:7816
- C:\Windows\System\vUDcfSF.exe
  C:\Windows\System\vUDcfSF.exe
  2⤵
  PID:7756
- C:\Windows\System\lMRDWaU.exe
  C:\Windows\System\lMRDWaU.exe
  2⤵
  PID:7804
- C:\Windows\System\JDKjmhN.exe
  C:\Windows\System\JDKjmhN.exe
  2⤵
  PID:7860
- C:\Windows\System\LozWoki.exe
  C:\Windows\System\LozWoki.exe
  2⤵
  PID:7956
- C:\Windows\System\wdtBtgW.exe
  C:\Windows\System\wdtBtgW.exe
  2⤵
  PID:7976
- C:\Windows\System\EIvjeMR.exe
  C:\Windows\System\EIvjeMR.exe
  2⤵
  PID:7996
- C:\Windows\System\iTYsLIE.exe
  C:\Windows\System\iTYsLIE.exe
  2⤵
  PID:7940
- C:\Windows\System\YRVBVNP.exe
  C:\Windows\System\YRVBVNP.exe
  2⤵
  PID:8024
- C:\Windows\System\KBzwBIm.exe
  C:\Windows\System\KBzwBIm.exe
  2⤵
  PID:8044
- C:\Windows\System\ealTRcD.exe
  C:\Windows\System\ealTRcD.exe
  2⤵
  PID:8084
- C:\Windows\System\EixHxsF.exe
  C:\Windows\System\EixHxsF.exe
  2⤵
  PID:8168
- C:\Windows\System\HWggCny.exe
  C:\Windows\System\HWggCny.exe
  2⤵
  PID:8116
- C:\Windows\System\rRZDunu.exe
  C:\Windows\System\rRZDunu.exe
  2⤵
  PID:8184
- C:\Windows\System\tVGYEiP.exe
  C:\Windows\System\tVGYEiP.exe
  2⤵
  PID:7204
- C:\Windows\System\zIkrPCJ.exe
  C:\Windows\System\zIkrPCJ.exe
  2⤵
  PID:7236
- C:\Windows\System\FYSGhQa.exe
  C:\Windows\System\FYSGhQa.exe
  2⤵
  PID:7280
- C:\Windows\System\nVZiyXa.exe
  C:\Windows\System\nVZiyXa.exe
  2⤵
  PID:7260
- C:\Windows\System\rtCBHDo.exe
  C:\Windows\System\rtCBHDo.exe
  2⤵
  PID:7500
- C:\Windows\System\ZUFHTrO.exe
  C:\Windows\System\ZUFHTrO.exe
  2⤵
  PID:7456
- C:\Windows\System\tRwcfwO.exe
  C:\Windows\System\tRwcfwO.exe
  2⤵
  PID:7580
- C:\Windows\System\UvenjrJ.exe
  C:\Windows\System\UvenjrJ.exe
  2⤵
  PID:7692
- C:\Windows\System\gJkzrrD.exe
  C:\Windows\System\gJkzrrD.exe
  2⤵
  PID:7668
- C:\Windows\System\FLrICLA.exe
  C:\Windows\System\FLrICLA.exe
  2⤵
  PID:7712
- C:\Windows\System\mQFBFsM.exe
  C:\Windows\System\mQFBFsM.exe
  2⤵
  PID:7596
- C:\Windows\System\tBPQAnh.exe
  C:\Windows\System\tBPQAnh.exe
  2⤵
  PID:7776
- C:\Windows\System\gdVrhfJ.exe
  C:\Windows\System\gdVrhfJ.exe
  2⤵
  PID:7800
- C:\Windows\System\CarwNEm.exe
  C:\Windows\System\CarwNEm.exe
  2⤵
  PID:7872
- C:\Windows\System\otbysPp.exe
  C:\Windows\System\otbysPp.exe
  2⤵
  PID:7796
- C:\Windows\System\thUojLr.exe
  C:\Windows\System\thUojLr.exe
  2⤵
  PID:8100
- C:\Windows\System\zkdlZap.exe
  C:\Windows\System\zkdlZap.exe
  2⤵
  PID:7968
- C:\Windows\System\vqdZvrx.exe
  C:\Windows\System\vqdZvrx.exe
  2⤵
  PID:8104
- C:\Windows\System\hpTGosC.exe
  C:\Windows\System\hpTGosC.exe
  2⤵
  PID:1936
- C:\Windows\System\JTnPfqg.exe
  C:\Windows\System\JTnPfqg.exe
  2⤵
  PID:8156
- C:\Windows\System\oHlJrnS.exe
  C:\Windows\System\oHlJrnS.exe
  2⤵
  PID:7324
- C:\Windows\System\LOevyeM.exe
  C:\Windows\System\LOevyeM.exe
  2⤵
  PID:1204
- C:\Windows\System\GQLqVnw.exe
  C:\Windows\System\GQLqVnw.exe
  2⤵
  PID:7476
- C:\Windows\System\LgGjTob.exe
  C:\Windows\System\LgGjTob.exe
  2⤵
  PID:7720
- C:\Windows\System\WJyNtMo.exe
  C:\Windows\System\WJyNtMo.exe
  2⤵
  PID:7520
- C:\Windows\System\hGrRNpD.exe
  C:\Windows\System\hGrRNpD.exe
  2⤵
  PID:7676
- C:\Windows\System\COlxiJJ.exe
  C:\Windows\System\COlxiJJ.exe
  2⤵
  PID:8012
- C:\Windows\System\sACIYLj.exe
  C:\Windows\System\sACIYLj.exe
  2⤵
  PID:7608
- C:\Windows\System\wgTGeVl.exe
  C:\Windows\System\wgTGeVl.exe
  2⤵
  PID:7844
- C:\Windows\System\LdJnjaZ.exe
  C:\Windows\System\LdJnjaZ.exe
  2⤵
  PID:8140
- C:\Windows\System\cOTIlFH.exe
  C:\Windows\System\cOTIlFH.exe
  2⤵
  PID:7564
- C:\Windows\System\SKzXlLB.exe
  C:\Windows\System\SKzXlLB.exe
  2⤵
  PID:7432
- C:\Windows\System\noKsBfQ.exe
  C:\Windows\System\noKsBfQ.exe
  2⤵
  PID:7688
- C:\Windows\System\PQfCOkz.exe
  C:\Windows\System\PQfCOkz.exe
  2⤵
  PID:7200
- C:\Windows\System\nPUMwXt.exe
  C:\Windows\System\nPUMwXt.exe
  2⤵
  PID:6344
- C:\Windows\System\QHDhefu.exe
  C:\Windows\System\QHDhefu.exe
  2⤵
  PID:7824
- C:\Windows\System\rUMVjKk.exe
  C:\Windows\System\rUMVjKk.exe
  2⤵
  PID:7972
- C:\Windows\System\eLLOFeh.exe
  C:\Windows\System\eLLOFeh.exe
  2⤵
  PID:7924
- C:\Windows\System\JzUSIbJ.exe
  C:\Windows\System\JzUSIbJ.exe
  2⤵
  PID:7904
- C:\Windows\System\iiCvCZR.exe
  C:\Windows\System\iiCvCZR.exe
  2⤵
  PID:7228
- C:\Windows\System\VZhkrAg.exe
  C:\Windows\System\VZhkrAg.exe
  2⤵
  PID:7788
- C:\Windows\System\TIojaoR.exe
  C:\Windows\System\TIojaoR.exe
  2⤵
  PID:8132
- C:\Windows\System\fsgCnAq.exe
  C:\Windows\System\fsgCnAq.exe
  2⤵
  PID:7656
- C:\Windows\System\qLPmwOY.exe
  C:\Windows\System\qLPmwOY.exe
  2⤵
  PID:8196
- C:\Windows\System\HWGgmZW.exe
  C:\Windows\System\HWGgmZW.exe
  2⤵
  PID:8220
- C:\Windows\System\AODbJwm.exe
  C:\Windows\System\AODbJwm.exe
  2⤵
  PID:8236
- C:\Windows\System\uRKdiGS.exe
  C:\Windows\System\uRKdiGS.exe
  2⤵
  PID:8268
- C:\Windows\System\OTbDslU.exe
  C:\Windows\System\OTbDslU.exe
  2⤵
  PID:8284
- C:\Windows\System\KzaVJEL.exe
  C:\Windows\System\KzaVJEL.exe
  2⤵
  PID:8308
- C:\Windows\System\AUPqMXn.exe
  C:\Windows\System\AUPqMXn.exe
  2⤵
  PID:8324
- C:\Windows\System\gDeAhKW.exe
  C:\Windows\System\gDeAhKW.exe
  2⤵
  PID:8340
- C:\Windows\System\iGENugD.exe
  C:\Windows\System\iGENugD.exe
  2⤵
  PID:8356
- C:\Windows\System\ehNeDtc.exe
  C:\Windows\System\ehNeDtc.exe
  2⤵
  PID:8376
- C:\Windows\System\kwzfNhU.exe
  C:\Windows\System\kwzfNhU.exe
  2⤵
  PID:8392
- C:\Windows\System\qrbLJoa.exe
  C:\Windows\System\qrbLJoa.exe
  2⤵
  PID:8420
- C:\Windows\System\ZYyychP.exe
  C:\Windows\System\ZYyychP.exe
  2⤵
  PID:8436
- C:\Windows\System\rhVTeXY.exe
  C:\Windows\System\rhVTeXY.exe
  2⤵
  PID:8460
- C:\Windows\System\OPBFFwN.exe
  C:\Windows\System\OPBFFwN.exe
  2⤵
  PID:8488
- C:\Windows\System\BPLBMIH.exe
  C:\Windows\System\BPLBMIH.exe
  2⤵
  PID:8504
- C:\Windows\System\edGKqdd.exe
  C:\Windows\System\edGKqdd.exe
  2⤵
  PID:8528
- C:\Windows\System\CFvdgAV.exe
  C:\Windows\System\CFvdgAV.exe
  2⤵
  PID:8544
- C:\Windows\System\AFIIwnZ.exe
  C:\Windows\System\AFIIwnZ.exe
  2⤵
  PID:8560
- C:\Windows\System\eFguWVs.exe
  C:\Windows\System\eFguWVs.exe
  2⤵
  PID:8580
- C:\Windows\System\gCoGDHZ.exe
  C:\Windows\System\gCoGDHZ.exe
  2⤵
  PID:8608
- C:\Windows\System\IMomKYC.exe
  C:\Windows\System\IMomKYC.exe
  2⤵
  PID:8640
- C:\Windows\System\rbvgdmP.exe
  C:\Windows\System\rbvgdmP.exe
  2⤵
  PID:8660
- C:\Windows\System\GGPWHgh.exe
  C:\Windows\System\GGPWHgh.exe
  2⤵
  PID:8676
- C:\Windows\System\uHjJcAR.exe
  C:\Windows\System\uHjJcAR.exe
  2⤵
  PID:8696
- C:\Windows\System\ohkLNIy.exe
  C:\Windows\System\ohkLNIy.exe
  2⤵
  PID:8712
- C:\Windows\System\VrSRAPM.exe
  C:\Windows\System\VrSRAPM.exe
  2⤵
  PID:8736
- C:\Windows\System\OTCjKqa.exe
  C:\Windows\System\OTCjKqa.exe
  2⤵
  PID:8756
- C:\Windows\System\RFzbZFD.exe
  C:\Windows\System\RFzbZFD.exe
  2⤵
  PID:8776
- C:\Windows\System\vwjTTGP.exe
  C:\Windows\System\vwjTTGP.exe
  2⤵
  PID:8796
- C:\Windows\System\tSaEKcb.exe
  C:\Windows\System\tSaEKcb.exe
  2⤵
  PID:8812
- C:\Windows\System\LiIxsxW.exe
  C:\Windows\System\LiIxsxW.exe
  2⤵
  PID:8836
- C:\Windows\System\xfDoqJz.exe
  C:\Windows\System\xfDoqJz.exe
  2⤵
  PID:8852
- C:\Windows\System\lZRWliC.exe
  C:\Windows\System\lZRWliC.exe
  2⤵
  PID:8868
- C:\Windows\System\PFISuqc.exe
  C:\Windows\System\PFISuqc.exe
  2⤵
  PID:8896
- C:\Windows\System\MGZWhBd.exe
  C:\Windows\System\MGZWhBd.exe
  2⤵
  PID:8912
- C:\Windows\System\jeoHMhQ.exe
  C:\Windows\System\jeoHMhQ.exe
  2⤵
  PID:8928
- C:\Windows\System\btpBMAH.exe
  C:\Windows\System\btpBMAH.exe
  2⤵
  PID:8960
- C:\Windows\System\QelcwiZ.exe
  C:\Windows\System\QelcwiZ.exe
  2⤵
  PID:8976
- C:\Windows\System\NhhIptW.exe
  C:\Windows\System\NhhIptW.exe
  2⤵
  PID:9000
- C:\Windows\System\eBklQxK.exe
  C:\Windows\System\eBklQxK.exe
  2⤵
  PID:9016
- C:\Windows\System\TZCJkkg.exe
  C:\Windows\System\TZCJkkg.exe
  2⤵
  PID:9032
- C:\Windows\System\EJhJkNA.exe
  C:\Windows\System\EJhJkNA.exe
  2⤵
  PID:9060
- C:\Windows\System\KPbDkkZ.exe
  C:\Windows\System\KPbDkkZ.exe
  2⤵
  PID:9080
- C:\Windows\System\GaiUbRf.exe
  C:\Windows\System\GaiUbRf.exe
  2⤵
  PID:9096
- C:\Windows\System\nGntrNQ.exe
  C:\Windows\System\nGntrNQ.exe
  2⤵
  PID:9116
- C:\Windows\System\IQqxglz.exe
  C:\Windows\System\IQqxglz.exe
  2⤵
  PID:9140
- C:\Windows\System\hRIrsGX.exe
  C:\Windows\System\hRIrsGX.exe
  2⤵
  PID:9156
- C:\Windows\System\HiOhdrs.exe
  C:\Windows\System\HiOhdrs.exe
  2⤵
  PID:9172
- C:\Windows\System\kTYAyFH.exe
  C:\Windows\System\kTYAyFH.exe
  2⤵
  PID:9200
- C:\Windows\System\kTmAQcZ.exe
  C:\Windows\System\kTmAQcZ.exe
  2⤵
  PID:8204
- C:\Windows\System\KrxEFCP.exe
  C:\Windows\System\KrxEFCP.exe
  2⤵
  PID:7640
- C:\Windows\System\eUawodC.exe
  C:\Windows\System\eUawodC.exe
  2⤵
  PID:8248
- C:\Windows\System\pMORzIK.exe
  C:\Windows\System\pMORzIK.exe
  2⤵
  PID:8264
- C:\Windows\System\lrVRpVK.exe
  C:\Windows\System\lrVRpVK.exe
  2⤵
  PID:8296
- C:\Windows\System\gAwgSbL.exe
  C:\Windows\System\gAwgSbL.exe
  2⤵
  PID:8336
- C:\Windows\System\JGRorSK.exe
  C:\Windows\System\JGRorSK.exe
  2⤵
  PID:8404
- C:\Windows\System\OheSVNQ.exe
  C:\Windows\System\OheSVNQ.exe
  2⤵
  PID:8316
- C:\Windows\System\BzAtiYd.exe
  C:\Windows\System\BzAtiYd.exe
  2⤵
  PID:8456
- C:\Windows\System\XiyGlKl.exe
  C:\Windows\System\XiyGlKl.exe
  2⤵
  PID:8472
- C:\Windows\System\QXurpHW.exe
  C:\Windows\System\QXurpHW.exe
  2⤵
  PID:8496
- C:\Windows\System\RgTxFMp.exe
  C:\Windows\System\RgTxFMp.exe
  2⤵
  PID:8536
- C:\Windows\System\DgxFycX.exe
  C:\Windows\System\DgxFycX.exe
  2⤵
  PID:8556
- C:\Windows\System\WflIxze.exe
  C:\Windows\System\WflIxze.exe
  2⤵
  PID:8592
- C:\Windows\System\GXpdaqZ.exe
  C:\Windows\System\GXpdaqZ.exe
  2⤵
  PID:1004
- C:\Windows\System\ViFzIEu.exe
  C:\Windows\System\ViFzIEu.exe
  2⤵
  PID:8688
- C:\Windows\System\TQDlDFQ.exe
  C:\Windows\System\TQDlDFQ.exe
  2⤵
  PID:8708
- C:\Windows\System\BMKAznx.exe
  C:\Windows\System\BMKAznx.exe
  2⤵
  PID:8724
- C:\Windows\System\dZEYVFH.exe
  C:\Windows\System\dZEYVFH.exe
  2⤵
  PID:8784
- C:\Windows\System\pxrxQun.exe
  C:\Windows\System\pxrxQun.exe
  2⤵
  PID:8824
- C:\Windows\System\mUatkwT.exe
  C:\Windows\System\mUatkwT.exe
  2⤵
  PID:8860
- C:\Windows\System\YCTmjja.exe
  C:\Windows\System\YCTmjja.exe
  2⤵
  PID:8936
- C:\Windows\System\pgYIpkm.exe
  C:\Windows\System\pgYIpkm.exe
  2⤵
  PID:8892
- C:\Windows\System\kPbsrdc.exe
  C:\Windows\System\kPbsrdc.exe
  2⤵
  PID:8848
- C:\Windows\System\TEbyvRG.exe
  C:\Windows\System\TEbyvRG.exe
  2⤵
  PID:8968
- C:\Windows\System\cPaMmfc.exe
  C:\Windows\System\cPaMmfc.exe
  2⤵
  PID:8988
- C:\Windows\System\wtdPhtI.exe
  C:\Windows\System\wtdPhtI.exe
  2⤵
  PID:9008
- C:\Windows\System\dfOjvJk.exe
  C:\Windows\System\dfOjvJk.exe
  2⤵
  PID:9068
- C:\Windows\System\RoCIRnc.exe
  C:\Windows\System\RoCIRnc.exe
  2⤵
  PID:9092
- C:\Windows\System\yUHVNDK.exe
  C:\Windows\System\yUHVNDK.exe
  2⤵
  PID:9132
- C:\Windows\System\RJnpAMO.exe
  C:\Windows\System\RJnpAMO.exe
  2⤵
  PID:9128
- C:\Windows\System\yMGPRov.exe
  C:\Windows\System\yMGPRov.exe
  2⤵
  PID:9188
- C:\Windows\System\xygxeVQ.exe
  C:\Windows\System\xygxeVQ.exe
  2⤵
  PID:9212
- C:\Windows\System\HYtNKYi.exe
  C:\Windows\System\HYtNKYi.exe
  2⤵
  PID:8256
- C:\Windows\System\GxxNRLH.exe
  C:\Windows\System\GxxNRLH.exe
  2⤵
  PID:8332
- C:\Windows\System\OupaAcP.exe
  C:\Windows\System\OupaAcP.exe
  2⤵
  PID:8368
- C:\Windows\System\qZVXfcr.exe
  C:\Windows\System\qZVXfcr.exe
  2⤵
  PID:8400
- C:\Windows\System\TpGVSgE.exe
  C:\Windows\System\TpGVSgE.exe
  2⤵
  PID:8432
- C:\Windows\System\cytVLQq.exe
  C:\Windows\System\cytVLQq.exe
  2⤵
  PID:8516
- C:\Windows\System\GvrtWhY.exe
  C:\Windows\System\GvrtWhY.exe
  2⤵
  PID:8648
- C:\Windows\System\WcpuYce.exe
  C:\Windows\System\WcpuYce.exe
  2⤵
  PID:8600
- C:\Windows\System\NGdUiCL.exe
  C:\Windows\System\NGdUiCL.exe
  2⤵
  PID:8668
- C:\Windows\System\nQeCOjo.exe
  C:\Windows\System\nQeCOjo.exe
  2⤵
  PID:8792
- C:\Windows\System\ketNYnd.exe
  C:\Windows\System\ketNYnd.exe
  2⤵
  PID:8908
- C:\Windows\System\hIRsnPo.exe
  C:\Windows\System\hIRsnPo.exe
  2⤵
  PID:8876
- C:\Windows\System\gyGVirr.exe
  C:\Windows\System\gyGVirr.exe
  2⤵
  PID:8832
- C:\Windows\System\ZeXlVVu.exe
  C:\Windows\System\ZeXlVVu.exe
  2⤵
  PID:5752
- C:\Windows\System\nMLdkRL.exe
  C:\Windows\System\nMLdkRL.exe
  2⤵
  PID:9012
- C:\Windows\System\errnWfu.exe
  C:\Windows\System\errnWfu.exe
  2⤵
  PID:9056
- C:\Windows\System\iHvXyNG.exe
  C:\Windows\System\iHvXyNG.exe
  2⤵
  PID:9112
- C:\Windows\System\NhWtXrg.exe
  C:\Windows\System\NhWtXrg.exe
  2⤵
  PID:8212
- C:\Windows\System\dBYfXpK.exe
  C:\Windows\System\dBYfXpK.exe
  2⤵
  PID:8320
- C:\Windows\System\WmjsfMe.exe
  C:\Windows\System\WmjsfMe.exe
  2⤵
  PID:8244
- C:\Windows\System\dsICohV.exe
  C:\Windows\System\dsICohV.exe
  2⤵
  PID:8416
- C:\Windows\System\CXFUtOW.exe
  C:\Windows\System\CXFUtOW.exe
  2⤵
  PID:8520
- C:\Windows\System\HMhJjqe.exe
  C:\Windows\System\HMhJjqe.exe
  2⤵
  PID:8620
- C:\Windows\System\lKFlFnI.exe
  C:\Windows\System\lKFlFnI.exe
  2⤵
  PID:8568
- C:\Windows\System\cqGtgYw.exe
  C:\Windows\System\cqGtgYw.exe
  2⤵
  PID:8704
- C:\Windows\System\AKPEliI.exe
  C:\Windows\System\AKPEliI.exe
  2⤵
  PID:8764
- C:\Windows\System\SYItWwt.exe
  C:\Windows\System\SYItWwt.exe
  2⤵
  PID:8924
- C:\Windows\System\GjliAiE.exe
  C:\Windows\System\GjliAiE.exe
  2⤵
  PID:8996
- C:\Windows\System\cboZAPg.exe
  C:\Windows\System\cboZAPg.exe
  2⤵
  PID:9088
- C:\Windows\System\FRKejdw.exe
  C:\Windows\System\FRKejdw.exe
  2⤵
  PID:9136
- C:\Windows\System\ZQWhAVB.exe
  C:\Windows\System\ZQWhAVB.exe
  2⤵
  PID:9208
- C:\Windows\System\FWVbTGE.exe
  C:\Windows\System\FWVbTGE.exe
  2⤵
  PID:8524
- C:\Windows\System\iMLmZcJ.exe
  C:\Windows\System\iMLmZcJ.exe
  2⤵
  PID:8572
- C:\Windows\System\CNwgifC.exe
  C:\Windows\System\CNwgifC.exe
  2⤵
  PID:8728
- C:\Windows\System\mlZMSgR.exe
  C:\Windows\System\mlZMSgR.exe
  2⤵
  PID:8948
- C:\Windows\System\VWWISgP.exe
  C:\Windows\System\VWWISgP.exe
  2⤵
  PID:8984
- C:\Windows\System\SGFPbua.exe
  C:\Windows\System\SGFPbua.exe
  2⤵
  PID:9124
- C:\Windows\System\EViQgSD.exe
  C:\Windows\System\EViQgSD.exe
  2⤵
  PID:8260
- C:\Windows\System\mQeBhIM.exe
  C:\Windows\System\mQeBhIM.exe
  2⤵
  PID:8588
- C:\Windows\System\EtoXtmZ.exe
  C:\Windows\System\EtoXtmZ.exe
  2⤵
  PID:9236
- C:\Windows\System\fYpDfvv.exe
  C:\Windows\System\fYpDfvv.exe
  2⤵
  PID:9256
- C:\Windows\System\GOsSwNP.exe
  C:\Windows\System\GOsSwNP.exe
  2⤵
  PID:9276
- C:\Windows\System\IWdbwuU.exe
  C:\Windows\System\IWdbwuU.exe
  2⤵
  PID:9300
- C:\Windows\System\mNZpPGv.exe
  C:\Windows\System\mNZpPGv.exe
  2⤵
  PID:9324
- C:\Windows\System\NsfdrPF.exe
  C:\Windows\System\NsfdrPF.exe
  2⤵
  PID:9360
- C:\Windows\System\FznFWhW.exe
  C:\Windows\System\FznFWhW.exe
  2⤵
  PID:9376
- C:\Windows\System\HUtkIXX.exe
  C:\Windows\System\HUtkIXX.exe
  2⤵
  PID:9400
- C:\Windows\System\JNIpQDy.exe
  C:\Windows\System\JNIpQDy.exe
  2⤵
  PID:9420
- C:\Windows\System\GPCgNuN.exe
  C:\Windows\System\GPCgNuN.exe
  2⤵
  PID:9436
- C:\Windows\System\VZLEDZh.exe
  C:\Windows\System\VZLEDZh.exe
  2⤵
  PID:9452
- C:\Windows\System\CsMpwKd.exe
  C:\Windows\System\CsMpwKd.exe
  2⤵
  PID:9472
- C:\Windows\System\KsdGgyW.exe
  C:\Windows\System\KsdGgyW.exe
  2⤵
  PID:9492
- C:\Windows\System\NbBEsUR.exe
  C:\Windows\System\NbBEsUR.exe
  2⤵
  PID:9524
- C:\Windows\System\NupkwCD.exe
  C:\Windows\System\NupkwCD.exe
  2⤵
  PID:9540
- C:\Windows\System\ucbxGoY.exe
  C:\Windows\System\ucbxGoY.exe
  2⤵
  PID:9564
- C:\Windows\System\GCjcXlv.exe
  C:\Windows\System\GCjcXlv.exe
  2⤵
  PID:9580
- C:\Windows\System\QKlqlsM.exe
  C:\Windows\System\QKlqlsM.exe
  2⤵
  PID:9600
- C:\Windows\System\HZhSFek.exe
  C:\Windows\System\HZhSFek.exe
  2⤵
  PID:9620
- C:\Windows\System\SVOQAZW.exe
  C:\Windows\System\SVOQAZW.exe
  2⤵
  PID:9636
- C:\Windows\System\qFiPREs.exe
  C:\Windows\System\qFiPREs.exe
  2⤵
  PID:9652
- C:\Windows\System\LyIRJTN.exe
  C:\Windows\System\LyIRJTN.exe
  2⤵
  PID:9680
- C:\Windows\System\edBlCyI.exe
  C:\Windows\System\edBlCyI.exe
  2⤵
  PID:9704
- C:\Windows\System\LILThQs.exe
  C:\Windows\System\LILThQs.exe
  2⤵
  PID:9724
- C:\Windows\System\XRGsLgb.exe
  C:\Windows\System\XRGsLgb.exe
  2⤵
  PID:9740
- C:\Windows\System\fgUWaWL.exe
  C:\Windows\System\fgUWaWL.exe
  2⤵
  PID:9760
- C:\Windows\System\UnXXbHV.exe
  C:\Windows\System\UnXXbHV.exe
  2⤵
  PID:9784
- C:\Windows\System\qVCLbjN.exe
  C:\Windows\System\qVCLbjN.exe
  2⤵
  PID:9804
- C:\Windows\System\YgOPaMZ.exe
  C:\Windows\System\YgOPaMZ.exe
  2⤵
  PID:9824
- C:\Windows\System\JPSsdDO.exe
  C:\Windows\System\JPSsdDO.exe
  2⤵
  PID:9840
- C:\Windows\System\AWSarlY.exe
  C:\Windows\System\AWSarlY.exe
  2⤵
  PID:9864
- C:\Windows\System\AXkNlmu.exe
  C:\Windows\System\AXkNlmu.exe
  2⤵
  PID:9880
- C:\Windows\System\sXdufwj.exe
  C:\Windows\System\sXdufwj.exe
  2⤵
  PID:9896
- C:\Windows\System\HkmNOxO.exe
  C:\Windows\System\HkmNOxO.exe
  2⤵
  PID:9916
- C:\Windows\System\VOTtKFd.exe
  C:\Windows\System\VOTtKFd.exe
  2⤵
  PID:9932
- C:\Windows\System\BlaUtmU.exe
  C:\Windows\System\BlaUtmU.exe
  2⤵
  PID:9952
- C:\Windows\System\GfTuEgz.exe
  C:\Windows\System\GfTuEgz.exe
  2⤵
  PID:9980
- C:\Windows\System\OwwMPME.exe
  C:\Windows\System\OwwMPME.exe
  2⤵
  PID:10000
- C:\Windows\System\PcOvYbS.exe
  C:\Windows\System\PcOvYbS.exe
  2⤵
  PID:10016
- C:\Windows\System\ZtqaCsH.exe
  C:\Windows\System\ZtqaCsH.exe
  2⤵
  PID:10040
- C:\Windows\System\pybvoJA.exe
  C:\Windows\System\pybvoJA.exe
  2⤵
  PID:10060
- C:\Windows\System\TMRysvF.exe
  C:\Windows\System\TMRysvF.exe
  2⤵
  PID:10076
- C:\Windows\System\vJaTtBA.exe
  C:\Windows\System\vJaTtBA.exe
  2⤵
  PID:10092
- C:\Windows\System\yqTGbor.exe
  C:\Windows\System\yqTGbor.exe
  2⤵
  PID:10112
- C:\Windows\System\YqaVNAJ.exe
  C:\Windows\System\YqaVNAJ.exe
  2⤵
  PID:10128
- C:\Windows\System\KgVLueo.exe
  C:\Windows\System\KgVLueo.exe
  2⤵
  PID:10144
- C:\Windows\System\oxdwDgM.exe
  C:\Windows\System\oxdwDgM.exe
  2⤵
  PID:10180
- C:\Windows\System\EmhvZLX.exe
  C:\Windows\System\EmhvZLX.exe
  2⤵
  PID:10200
- C:\Windows\System\ftWtIRP.exe
  C:\Windows\System\ftWtIRP.exe
  2⤵
  PID:10216
- C:\Windows\System\SmFEtOU.exe
  C:\Windows\System\SmFEtOU.exe
  2⤵
  PID:10232
- C:\Windows\System\gFenPvn.exe
  C:\Windows\System\gFenPvn.exe
  2⤵
  PID:8656
- C:\Windows\System\MxNXhlw.exe
  C:\Windows\System\MxNXhlw.exe
  2⤵
  PID:9244
- C:\Windows\System\nyzIQuH.exe
  C:\Windows\System\nyzIQuH.exe
  2⤵
  PID:8480
- C:\Windows\System\cGzhQhF.exe
  C:\Windows\System\cGzhQhF.exe
  2⤵
  PID:9164
- C:\Windows\System\eLBFKKx.exe
  C:\Windows\System\eLBFKKx.exe
  2⤵
  PID:9264
- C:\Windows\System\SzepOhK.exe
  C:\Windows\System\SzepOhK.exe
  2⤵
  PID:9184
- C:\Windows\System\LglKthe.exe
  C:\Windows\System\LglKthe.exe
  2⤵
  PID:9344
- C:\Windows\System\mqdludQ.exe
  C:\Windows\System\mqdludQ.exe
  2⤵
  PID:9368
- C:\Windows\System\aTPUvZW.exe
  C:\Windows\System\aTPUvZW.exe
  2⤵
  PID:9432
- C:\Windows\System\eCgTJhr.exe
  C:\Windows\System\eCgTJhr.exe
  2⤵
  PID:9416
- C:\Windows\System\UVMVTFm.exe
  C:\Windows\System\UVMVTFm.exe
  2⤵
  PID:9488
- C:\Windows\System\APxxTeE.exe
  C:\Windows\System\APxxTeE.exe
  2⤵
  PID:9512
- C:\Windows\System\yIPOGNe.exe
  C:\Windows\System\yIPOGNe.exe
  2⤵
  PID:9536
- C:\Windows\System\bSAXEDj.exe
  C:\Windows\System\bSAXEDj.exe
  2⤵
  PID:9560
- C:\Windows\System\EeRZDVx.exe
  C:\Windows\System\EeRZDVx.exe
  2⤵
  PID:9596
- C:\Windows\System\ufKFyLr.exe
  C:\Windows\System\ufKFyLr.exe
  2⤵
  PID:9632
- C:\Windows\System\YjbLcHU.exe
  C:\Windows\System\YjbLcHU.exe
  2⤵
  PID:9664
- C:\Windows\System\SpOCgzs.exe
  C:\Windows\System\SpOCgzs.exe
  2⤵
  PID:9692
- C:\Windows\System\rqVZJWw.exe
  C:\Windows\System\rqVZJWw.exe
  2⤵
  PID:9720
- C:\Windows\System\NnSmnCs.exe
  C:\Windows\System\NnSmnCs.exe
  2⤵
  PID:9768
- C:\Windows\System\CIktVOO.exe
  C:\Windows\System\CIktVOO.exe
  2⤵
  PID:9792
- C:\Windows\System\JLTluqb.exe
  C:\Windows\System\JLTluqb.exe
  2⤵
  PID:9820
- C:\Windows\System\lPTJcwY.exe
  C:\Windows\System\lPTJcwY.exe
  2⤵
  PID:9856
- C:\Windows\System\iDFVvvG.exe
  C:\Windows\System\iDFVvvG.exe
  2⤵
  PID:9876
- C:\Windows\System\azzDJNX.exe
  C:\Windows\System\azzDJNX.exe
  2⤵
  PID:9908
- C:\Windows\System\LjVflUB.exe
  C:\Windows\System\LjVflUB.exe
  2⤵
  PID:9928
- C:\Windows\System\twXAifm.exe
  C:\Windows\System\twXAifm.exe
  2⤵
  PID:9964
- C:\Windows\System\ueQBHRw.exe
  C:\Windows\System\ueQBHRw.exe
  2⤵
  PID:10032
- C:\Windows\System\NklAUeh.exe
  C:\Windows\System\NklAUeh.exe
  2⤵
  PID:10072
- C:\Windows\System\BzoRUnr.exe
  C:\Windows\System\BzoRUnr.exe
  2⤵
  PID:10124
- C:\Windows\System\eqqtZGI.exe
  C:\Windows\System\eqqtZGI.exe
  2⤵
  PID:10140
- C:\Windows\System\SWAywWF.exe
  C:\Windows\System\SWAywWF.exe
  2⤵
  PID:10156
- C:\Windows\System\GSDBLPf.exe
  C:\Windows\System\GSDBLPf.exe
  2⤵
  PID:10192
- C:\Windows\System\hWLnOjK.exe
  C:\Windows\System\hWLnOjK.exe
  2⤵
  PID:9252
- C:\Windows\System\CmGQpey.exe
  C:\Windows\System\CmGQpey.exe
  2⤵
  PID:10228
- C:\Windows\System\FPfrEis.exe
  C:\Windows\System\FPfrEis.exe
  2⤵
  PID:8788
- C:\Windows\System\qCyiBpM.exe
  C:\Windows\System\qCyiBpM.exe
  2⤵
  PID:9316
- C:\Windows\System\hCGLDUx.exe
  C:\Windows\System\hCGLDUx.exe
  2⤵
  PID:9336
- C:\Windows\System\CepayCi.exe
  C:\Windows\System\CepayCi.exe
  2⤵
  PID:9388
- C:\Windows\System\WLQLoap.exe
  C:\Windows\System\WLQLoap.exe
  2⤵
  PID:9464
- C:\Windows\System\nSXXfoX.exe
  C:\Windows\System\nSXXfoX.exe
  2⤵
  PID:9508
- C:\Windows\System\RQSpPHJ.exe
  C:\Windows\System\RQSpPHJ.exe
  2⤵
  PID:9556
- C:\Windows\System\FkvIFHB.exe
  C:\Windows\System\FkvIFHB.exe
  2⤵
  PID:9616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AagrRje.exe

Filesize
6.0MB

MD5
ea80263fe8b07f3fe4641ccb3d221692

SHA1
19857e373eedb84c354ed68ad4ca4d25c569490b

SHA256
a39c2b17ff2fc566773c666066753b864f785427cf08200477a943b1f6bd894d

SHA512
338c402e83a0eb1c8313a70940af4e3a3dadb079db0ed4ee47dc799b93341a1e1f458aa989abe92a13cfd128872cc16f3c613a60ebcf3bd0ab14f05de3c8b294

Download Submit
C:\Windows\system\DrbLsIm.exe

Filesize
6.0MB

MD5
49cb76e2ad827d0cb138b721359c8c4c

SHA1
eddf97c45a56c98a23a1dcfdb824bfc0f41fb10c

SHA256
6004677a931ce613f7915b33284e752a602f8a2c95f001a3fdb870e6eea82331

SHA512
627b28d44a1b3d28909cdfec2922f4d2ef35eed9f4cc0dedee17217477d0e6dd8fb714d449195dcfbf8bb5c79ae70908ffac38dcaac1d9de697e006a56820f09

Download Submit
C:\Windows\system\FSilTmN.exe

Filesize
6.0MB

MD5
0036475e081e4b5d57903f25053b988f

SHA1
1a7b0999fcd5861d3d62181142ff250d1924052b

SHA256
ae66ab9deb8773f4e5f40904db397ffbf6de6aacba8156b8c7f118fb4db6eb04

SHA512
68a4ad331f0e95de769f6c3cd155bc828e46a2b7844e0d574d163899839c4f78d2640bfe58f5e6d6375027529a952d79d818f616dfea1f515ff6843c65981300

Download Submit
C:\Windows\system\FqvEtHr.exe

Filesize
8B

MD5
a3df0b79d7412fb846d7895cd77bee8f

SHA1
fe474a175cf6c3d43f890cb39111785008039f87

SHA256
862e2d4c2a74c4a529362a4112a3a791ce92f64801e68f0ea7053dc74934e954

SHA512
ff344a27f1f486f85c792059b984ac93f04b9c32f7950dd539bb259b5ea90660d68d558c72d0d16e4fbb74cccc432ac99a3bc2a9be4dc64cc1feb4c7315fad35

Download Submit
C:\Windows\system\JHJzmEj.exe

Filesize
6.0MB

MD5
c549eb2df81e25f0e298930a627bc917

SHA1
15f9de8baf4d97c16965bff5384edffb6fe7e579

SHA256
588f747f545249e91a3feb19cd1b1dc8fb4e5967068b0eb06eff2e2358469d40

SHA512
76efa458783f04c682bff5d66550a197b4809226010be3af89cfc6c6a9862af5d399a7d027c2345497fadbc6ea637bfca7e0c6f06ffec037be0eeddf4cfe88cf

Download Submit
C:\Windows\system\KhjDugT.exe

Filesize
6.0MB

MD5
293f143fc3f24679d09a0c58d28d1506

SHA1
c1830f2e6bc7ba9d9de2c24444fb0b5673157ce7

SHA256
ebf2016a2f0b4f49434872bd46f3ed27aab15960dbaec069232b92a606db5a5f

SHA512
0436900cba32ecd3475b4f43004fb378987b5274e2cda2b5c74aee96d3e930ea7f8c9f1fd0378203faba4610f0122d51ef1a7ba49fa4ce6e21df740a9ee9e0cc

Download Submit
C:\Windows\system\KijfwkQ.exe

Filesize
6.0MB

MD5
f27eae4ecff3459ec079df174f61d8c5

SHA1
3ca17a57a4e12618268e23ff0cd5887ca980c05a

SHA256
6d41f5c6a422a21ebff3fc482d7f08c31899fa74395c218cb35b8c496c4dd172

SHA512
029d77c3b4a83b7a9a24867ddf77b74e131350b7438135b9cb021fc79b2e04a5e4b063bfd3945aa8d07c638d0633dedc5bc7b04955e063c139479b17d9c11fb8

Download Submit
C:\Windows\system\LruoouH.exe

Filesize
6.0MB

MD5
8baaa11bae2eda95f8dfc9f30cf5ce90

SHA1
1fe6d05f8988fbab09a2028754b3add9576ddd30

SHA256
28a71ba3593eeba194d3021682da68ad734f89ff0920ec21d83c9d64cf41a59f

SHA512
72b795dfbf4945fb87e6369d628dea582d4476624cfcee287d1ab3656f30ea49ee8bf1878c4d7cd452a9fba61b5ebf95c7b13828789887ac90cdaec98975d2c2

Download Submit
C:\Windows\system\ResEpyr.exe

Filesize
6.0MB

MD5
940ae1c5016bdbf0a1890d1ec439544f

SHA1
4c32a5c64d37475492ec612eab88eb8b4cba087c

SHA256
713c75379f439d169e1925251b1306f2737fd4f46bcd6fd721f4fac7a72b1626

SHA512
7183541ef9c9b431cb27fff69ee4754973efecd2a4ffb500637b4cf1873821ac1349e85822be4089041cd82968429ee73117db0378142c785aa2dbff6670fdbc

Download Submit
C:\Windows\system\SdTnfyT.exe

Filesize
6.0MB

MD5
35cf53d0576b285f5049eaaef53c944c

SHA1
3b20b5c75a0bd59a8fe63ce9a187a58353182c96

SHA256
43ac4d4d1425e3d03f2168a900183371c05994fccbe0176e238ed60cfe120be2

SHA512
8fb134a9f2a47cb58b4ea9afd7c6c214a2ccbae0f5c581d5d4adc183eca3b017696f8ca8eb2c340e74262b0c6c2a76d24a0ecd962357c34f80f55c5c2df48cde

Download Submit
C:\Windows\system\VCvJtDu.exe

Filesize
6.0MB

MD5
1cda7fb073a59c789610358ad21d4fdf

SHA1
319cd1916d400ba00b376beea09a76d7d5715b32

SHA256
f57f72245663f74dcac23f1dca675a209a6171af1e10b6125d0d1c8dedbc00b9

SHA512
68ff391dfae3d30a9700a29c449187796c3f10a27c7607bbd11ed61e5132319e93b5b4eb5ebad61435102e1153081a4ead2dabc9ed68801cd49c7b2138c65cb9

Download Submit
C:\Windows\system\VIJSZHA.exe

Filesize
6.0MB

MD5
ca5999cf34f0987112d1015782d37d28

SHA1
a7964ee55168bf79f8a2a8a7add2c6afde5d986c

SHA256
373c9437b4d7ea1d1eb761f82ada9a8ebb3aeb7eae6523a929dee9678c03de6b

SHA512
2d44ce54d9fad2c6f8f9837133b2da07ace843e25062248db8038e68a6a73c926d231c690f09a168efc5728121037586fae7b12da95ebfb42c47965bc5b57d19

Download Submit
C:\Windows\system\ZCHSVOK.exe

Filesize
6.0MB

MD5
37289204d1deeff194aa7443afb4bbfe

SHA1
b254d79842bb89f1ef7575dad6d15b075b71a33a

SHA256
e8fa8105a1453f8550251adaf9030e19fde5a3d551cd04778285fc296c611c4d

SHA512
ab9eea963f123d70528ad01e6d8f06bebae7f4dd94babf16a624bc2311e8203f730fc06accad2cc82e4161ea9106413b2836f483a21fbebdbc5ff1026ac76ff2

Download Submit
C:\Windows\system\ZYAjlxq.exe

Filesize
6.0MB

MD5
f8583122b11a1b1af7f274ced1911cb3

SHA1
42fc3f19c56008b000c76ab96486f2bde8196a26

SHA256
68d98fa01df840acc1fea41a6aaa6b276cf3e4459424abc0b5da488faa46414c

SHA512
27c95609e3e2c8a8fa5511cc40193d68eb974e16330568e74a0f50891921766e8ea46ce64d86f6b3ab876c96bb9fc7616fa2a4122158ba459e3f2c867800ef14

Download Submit
C:\Windows\system\bFPnmXN.exe

Filesize
6.0MB

MD5
3d38c585c28c323173de180bfe332a75

SHA1
7c83d2ccf7bfe17098af137cf56746646b39f139

SHA256
08f825b0b537fbee95bb26fa7987661f84d11edf99cd457e89dcef97b07279ec

SHA512
fa500d5cb06a392cbd511717272a2517498d7c35160080ec191ea62b2bf8f82a7cb0a808d956f04c315f27f79ba2157a285a45753f2156fa91ee8a9d7a5f510e

Download Submit
C:\Windows\system\bkQkzer.exe

Filesize
6.0MB

MD5
8b501c1c9c55e1e3d9d316402aad19d6

SHA1
eb9e57d486b89e72da9e5245fcd81cb31df42928

SHA256
b85dedd8c74d5532eac5bd05c2ad89a6b317d979f15ff1aebe66dfdd8982da80

SHA512
bf5fc6fe7fdff7a5131860bd3aaa506de79b6cac2f6639849095bbe56148ea4489a4cab7e4c6efecd005347c0490aa40b208da2cd60ac6db918fcd0842c85014

Download Submit
C:\Windows\system\cPDNFSG.exe

Filesize
6.0MB

MD5
503c89f8c38c47d30d0c73644f1141ef

SHA1
73b97fe7f81508f3f0a7b05891ed3afd6df12df2

SHA256
0dedde05a5ef743819ef5598aa1bb2a29129c316198c0eb1c522140ef6cc07df

SHA512
31506aa9138d983e43838326172c2c2707118257cf54773990556a9185b8c05419a0c13ae1f859e7ea1a66b6780dae9ff3519c0d8d1ca244bfb72e82ce24a310

Download Submit
C:\Windows\system\cbxLiUB.exe

Filesize
6.0MB

MD5
599b54b7a90d9fbe183d99611a9e6110

SHA1
2031f5d8f3de2fe54f1e0d90f61826289dd3708e

SHA256
c0fbdf3896401c83cd330a93ca8bc955177d25ff7ad2b61781ef81bf1dc4daeb

SHA512
65b429d232c868e4f22f2a59dee51a9e4391586622e909a5eb780e3eb82035d8ecc73734e6f22122adb938a7c6d20d2de2c3831b7eb02eca4ca55d4410c61a2c

Download Submit
C:\Windows\system\dQxWFXJ.exe

Filesize
6.0MB

MD5
a6657844b4ca2223180c06cd3e9c8cb2

SHA1
66374cd686415974c15dd714b36f28150d5542c7

SHA256
ac9f14a230cc5b0b22c57b8f4567139753b5ff81180e1729ff7045ef0a276295

SHA512
d7e0b9c1e94496ef772f0f3011b9b157b3ae23a8fa6b9545b1f83c356509b3e5c68213111db4ff24db5336732962f7cb352ca16a77cf5d4ad0d87569add82ccd

Download Submit
C:\Windows\system\gOVuigl.exe

Filesize
6.0MB

MD5
421b7a40a41b112d00fd73e3f2550c42

SHA1
05cbec9c6568c2c5cc2b5a8868fb2fa130531959

SHA256
02d769b76178c9e798e87aa07ba949178a58c8e00edb09669e093172576ef96c

SHA512
76b5caa103a4dd8c689d7d9958d4827362b67a1742fb165c7b389b86b1623531634e874fdbc11d94675d72804bae9302b3a65e915d5d3c1f28bd0afbb987e75a

Download Submit
C:\Windows\system\jmNhPhp.exe

Filesize
6.0MB

MD5
4321e2cb1ff8ad4d967f459e8ac36ae8

SHA1
488c27596b819623360d9e2984b23c1cc3e3dbba

SHA256
ea624693933b2c009903eed016e012e145e6da53e4cf7b60beed477ec8f75e45

SHA512
afeb0bb076747b375838dc239b09a78cf846a06dd88697c61ef327ad1a225003ab0d2d04bd2e706f9e949faaccf8e1683d1e6a1937c03b2eaebf975790e73daf

Download Submit
C:\Windows\system\kuoTFdH.exe

Filesize
6.0MB

MD5
fe9226e37e2a9bd7db8c6bcb215717c4

SHA1
12d0e9e810702c0810ec2ff44e44ca2723cda23d

SHA256
1dc573133404593752884ebe80566269270d8e262f8d4ecd42f467686d55a202

SHA512
7b932ea8e02676c77283667ecfb097408dd538b4bc61754efc82c172957254e206d69f6fe056c2b27a8683983e8b7ec6cdc2d3337bf653e3f6715de847e891e7

Download Submit
C:\Windows\system\nTSQiBm.exe

Filesize
6.0MB

MD5
afa60b57b16405efc8e6eb6d777eb20b

SHA1
93fd4a32526d81da6391f091d7f08072585473cb

SHA256
56ad2013e983e4644e49b557c712a565b6670efd6f0b6aed3664f0bc25b813b2

SHA512
032835caa3d82f496cacb123ed3a7302019d216b2a405522f5b019a9d3f50a9a5c78dee226916b546a54c2fa199c507c4014f9a51bcee3ea3e9aab7032fbc874

Download Submit
C:\Windows\system\oygsLjT.exe

Filesize
6.0MB

MD5
9ff3599eb60839a703db2f9bb792ab8a

SHA1
5c51fdd8b93676ede578f609336d4b879b12609a

SHA256
97e681be55e52732fd2d34c5eda4e33c402e8f423835102b20beef0fca3c98ba

SHA512
ce02313d906ad7b8570c38e816f616cb26502f6d48c0f05660260c2d661c5d1b8b4f0952548d52e562ebb4307955a382014ec9f89aa5f2f66439b5a5eb2db8ed

Download Submit
C:\Windows\system\pZjaQaI.exe

Filesize
6.0MB

MD5
9dc8179595a88638d68ce66eb7965757

SHA1
763b5b9e488113d3b9c670fd41ebe7ad76bd3786

SHA256
72d8c7ee52a57432dd7ac1d032b9986f66c50afb6597efb8a4672541abb6423d

SHA512
be8c1844db735621d35fdb21d651b4e2ee3192971848fd989e21e8f6c65260630616b200a130a1a3927c470181be8d0cc2cc0bcb31806c6065055ce18f560a1f

Download Submit
C:\Windows\system\txGGPDv.exe

Filesize
6.0MB

MD5
93aca319664899e6d42adad36e28940a

SHA1
a6e17f3af1129d2da7e52f795fc1c1a97d52f0df

SHA256
5b966f4bc9aa58a3d7e95b36a5ac721e8f23806148061f5eafca857279c747f6

SHA512
56db8038b97d0739a26027a0c57cd26dba58e167e39b147dd476165548486a3999fabc73fb89918d7121a5e49d1ae8b6ba978fc1ae861875283d0bc15da1c945

Download Submit
C:\Windows\system\vKqUaSh.exe

Filesize
6.0MB

MD5
cd0091ac51c64752f071db192a61a25b

SHA1
71e21f62a21dd5a08b7e0853a349cdb2ebe7d5ef

SHA256
bafb15d58c26349b6134e5674adcd1afa1127d30eaf7fb5fd81b2422a9a87d3a

SHA512
115533b62a2cc5d99ba68e6ffed0a03d0638c3b44df941e7932e291c1acedf3f5708694e634b81500d9b7cccbb7bb58634af47385decc9af0c1934f6c55671d3

Download Submit
C:\Windows\system\vXtRVic.exe

Filesize
6.0MB

MD5
0b725ac8c9a097cf78d016082c866fe8

SHA1
1165f5537d431e5f36e6188074278e491fc4436d

SHA256
cedbc5899b4bd95891c2468e906db6295938d132ad08f36d5c439839358cf602

SHA512
c870f3726ed4e8e5e889fb3163660e566ebccaaed77c2ae6934052a63ab9f1755d39607a0ec8cddce220e983fe909155ccf15d158c3b066e5dfef55d95e3e53b

Download Submit
C:\Windows\system\wBwKwvH.exe

Filesize
6.0MB

MD5
a071c5b073113e33835fb747918fc802

SHA1
1cbaa281119aeab8fc5467b68fae0c6c550efa02

SHA256
4c32799a387113640d64868e3834cda1366f9915c07e9bd7accaab6eb82a12df

SHA512
acdf77fcba6f4e017622b36e2514415dc4f1c99315f6743be3ee4edc09526bf1d9154f4a45f40c7023954c53c2575cee43df5006352415c6aecc49ff9c1f7e23

Download Submit
C:\Windows\system\wOnlmrJ.exe

Filesize
6.0MB

MD5
d3d9dafc805b2f76a2178ab289515388

SHA1
4c60cf2bb15e9ac1ebf7e6d310e002a66bc38ea3

SHA256
54cfb3d1c8a819adb47e5c850b4cfb3faf274fcb7b5f8db03b5d2677e28597c1

SHA512
83ab3c4ff34c7628b8655bd984b8e5cbb831bf208be396f31423649d949047bd350e64afe3390ac148250251d01b32b58b493d4cf4bcc3fcf9b70e1edf9a3d97

Download Submit
C:\Windows\system\xXbWysu.exe

Filesize
6.0MB

MD5
18e34e7ec57d3ff3ed23632de440bb96

SHA1
3ba88176fa77e2c888d2d1f9ac2e89db22f3f392

SHA256
7ffd6b5523685abc2aef2da31c80032eec06214bfd129ec52ba5285870b1b02d

SHA512
0c52377ed4c8f2e853af353844ab63e8cb8b1d074d6c59f1ba5f15e1b2b2cad8f2cc33a131ed83ad2668899f4bf57710ff0d1f4fed89443f403c9cd8f55bfd95

Download Submit
\Windows\system\JEWipzF.exe

Filesize
6.0MB

MD5
9a1ae5d1c7f012d38603ddcfb0e26e23

SHA1
9a566f1c9ddae0b6005784b26e9eef09bfe31b33

SHA256
c98b36cb1bb82d1eec26de424aa041d02e2b65623a8dd57b572aa81c93a19e57

SHA512
e739cfa5ec87642ad9503d19b3707e10137fed7a6b17b68ea18b52bdc1d131c9762e6c2d208b298bb3cf0036d4deab22acfecfa69ac3512a22513e047967512b

Download Submit
\Windows\system\tbSBNBt.exe

Filesize
6.0MB

MD5
68afab3e1568f2fa0e1ddc3f9e2a19ed

SHA1
50e747d12fc4a6b85bd801e69bc5b5e3a683ae3b

SHA256
6ff3c6e5d6363a2b2b78c733ba9c5bdea71571b07a487fe1d35318ce52c123fc

SHA512
d9750b73c337d8335930bdd8b48669f2a07d6ae39704d4a30aa5e50504be5e7801166a9c8d6497f1afe97a4a3cf0a31535f8905b549d86fcf918edd89b6e7dbb

Download Submit
memory/1852-96-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-3718-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-675-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-3721-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1868-855-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1868-105-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2516-53-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-101-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2516-430-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2516-0-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-760-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2516-607-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-2084-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-100-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-48-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-84-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-61-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-7-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2516-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2516-70-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-57-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2516-11-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-18-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2516-91-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-110-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-109-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-92-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-25-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2516-38-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-32-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2596-154-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3707-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-73-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-104-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3706-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-66-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-58-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-95-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3687-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-5184-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-50-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-77-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2896-3555-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2896-44-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2908-69-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2908-36-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3580-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2940-15-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2940-3519-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2980-3709-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2980-87-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2980-511-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2992-3522-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-16-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-3711-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/3012-80-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/3012-340-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/3032-3548-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/3032-22-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/3032-52-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3547-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/3060-60-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/3060-29-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download