cobaltstrike | 370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f

Analysis

max time kernel
118s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-11-2024 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
Size

6.0MB
MD5

288c519362b38b501284358d0a9b7b33
SHA1

b7439d1f1d9e86427ee5514b41a068d4a3c0c0ed
SHA256

370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f
SHA512

97829ec07d97d8dec3691ce3c2261457bf97f0a4a2370dc28b4fd8b29316e103962d1ce005f2ef0e3df3ac606a309f07eacfcae09ae715de014c8f1e65e8fa5a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023ccf-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd0-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd1-17.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd3-25.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd2-27.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd4-40.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023ccd-43.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd7-62.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd8-65.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd9-74.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd6-56.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd5-54.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cda-77.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdc-83.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdd-89.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cde-96.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce0-106.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce1-109.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce2-112.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce3-115.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce5-121.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce7-144.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce6-142.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce4-138.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdf-128.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce8-161.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce9-164.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cea-171.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ceb-179.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ced-188.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cee-193.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cef-195.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cec-184.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1256-0-0x00007FF765E80000-0x00007FF7661D4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023ccf-4.dat	xmrig
behavioral2/memory/4632-8-0x00007FF71E530000-0x00007FF71E884000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd0-11.dat	xmrig
behavioral2/files/0x0007000000023cd1-17.dat	xmrig
behavioral2/files/0x0007000000023cd3-25.dat	xmrig
behavioral2/files/0x0007000000023cd2-27.dat	xmrig
behavioral2/memory/2416-33-0x00007FF7B8020000-0x00007FF7B8374000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd4-40.dat	xmrig
behavioral2/files/0x0008000000023ccd-43.dat	xmrig
behavioral2/memory/4432-53-0x00007FF6C9850000-0x00007FF6C9BA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd7-62.dat	xmrig
behavioral2/files/0x0007000000023cd8-65.dat	xmrig
behavioral2/memory/3592-71-0x00007FF6B4AB0000-0x00007FF6B4E04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd9-74.dat	xmrig
behavioral2/memory/1944-73-0x00007FF619590000-0x00007FF6198E4000-memory.dmp	xmrig
behavioral2/memory/1256-72-0x00007FF765E80000-0x00007FF7661D4000-memory.dmp	xmrig
behavioral2/memory/2692-67-0x00007FF60AFE0000-0x00007FF60B334000-memory.dmp	xmrig
behavioral2/memory/1436-60-0x00007FF62C6D0000-0x00007FF62CA24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd6-56.dat	xmrig
behavioral2/files/0x0007000000023cd5-54.dat	xmrig
behavioral2/memory/3236-42-0x00007FF68DC00000-0x00007FF68DF54000-memory.dmp	xmrig
behavioral2/memory/3256-37-0x00007FF77D3C0000-0x00007FF77D714000-memory.dmp	xmrig
behavioral2/memory/3816-31-0x00007FF68BEB0000-0x00007FF68C204000-memory.dmp	xmrig
behavioral2/memory/2100-24-0x00007FF77B160000-0x00007FF77B4B4000-memory.dmp	xmrig
behavioral2/memory/2384-13-0x00007FF7D8420000-0x00007FF7D8774000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cda-77.dat	xmrig
behavioral2/files/0x0007000000023cdc-83.dat	xmrig
behavioral2/files/0x0007000000023cdd-89.dat	xmrig
behavioral2/files/0x0007000000023cde-96.dat	xmrig
behavioral2/memory/4956-97-0x00007FF773810000-0x00007FF773B64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce0-106.dat	xmrig
behavioral2/files/0x0007000000023ce1-109.dat	xmrig
behavioral2/files/0x0007000000023ce2-112.dat	xmrig
behavioral2/files/0x0007000000023ce3-115.dat	xmrig
behavioral2/files/0x0007000000023ce5-121.dat	xmrig
behavioral2/files/0x0007000000023ce7-144.dat	xmrig
behavioral2/memory/3364-149-0x00007FF709350000-0x00007FF7096A4000-memory.dmp	xmrig
behavioral2/memory/3604-151-0x00007FF654020000-0x00007FF654374000-memory.dmp	xmrig
behavioral2/memory/4088-154-0x00007FF645600000-0x00007FF645954000-memory.dmp	xmrig
behavioral2/memory/3816-157-0x00007FF68BEB0000-0x00007FF68C204000-memory.dmp	xmrig
behavioral2/memory/1936-156-0x00007FF63F700000-0x00007FF63FA54000-memory.dmp	xmrig
behavioral2/memory/4488-155-0x00007FF7A40D0000-0x00007FF7A4424000-memory.dmp	xmrig
behavioral2/memory/3812-153-0x00007FF6BAED0000-0x00007FF6BB224000-memory.dmp	xmrig
behavioral2/memory/316-152-0x00007FF66D360000-0x00007FF66D6B4000-memory.dmp	xmrig
behavioral2/memory/2340-150-0x00007FF65B870000-0x00007FF65BBC4000-memory.dmp	xmrig
behavioral2/memory/4140-148-0x00007FF67F600000-0x00007FF67F954000-memory.dmp	xmrig
behavioral2/memory/1772-147-0x00007FF6D51C0000-0x00007FF6D5514000-memory.dmp	xmrig
behavioral2/memory/2416-146-0x00007FF7B8020000-0x00007FF7B8374000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce6-142.dat	xmrig
behavioral2/files/0x0007000000023ce4-138.dat	xmrig
behavioral2/files/0x0007000000023cdf-128.dat	xmrig
behavioral2/memory/1816-100-0x00007FF769B80000-0x00007FF769ED4000-memory.dmp	xmrig
behavioral2/memory/3304-95-0x00007FF756F50000-0x00007FF7572A4000-memory.dmp	xmrig
behavioral2/memory/2384-94-0x00007FF7D8420000-0x00007FF7D8774000-memory.dmp	xmrig
behavioral2/memory/2100-87-0x00007FF77B160000-0x00007FF77B4B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce8-161.dat	xmrig
behavioral2/files/0x0007000000023ce9-164.dat	xmrig
behavioral2/files/0x0007000000023cea-171.dat	xmrig
behavioral2/files/0x0007000000023ceb-179.dat	xmrig
behavioral2/files/0x0007000000023ced-188.dat	xmrig
behavioral2/files/0x0007000000023cee-193.dat	xmrig
behavioral2/files/0x0007000000023cef-195.dat	xmrig
behavioral2/memory/812-215-0x00007FF671250000-0x00007FF6715A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4632	CazORvc.exe
2384	idykLVq.exe
2100	heHcfng.exe
3816	seTxDPJ.exe
2416	RgiThqn.exe
3256	rbaTOiw.exe
3236	MWTUKMx.exe
4432	CnaTYBT.exe
1436	SrrzCqd.exe
3592	kDMyMPj.exe
2692	IaRJCRI.exe
1944	jKtzKYn.exe
3304	MVwwZRs.exe
4956	gFLFwiF.exe
1816	YYrZxDH.exe
4088	KwRyYij.exe
4488	sMmXWXj.exe
1936	BDxpSGq.exe
1772	aiGCNDk.exe
4140	VBAwNZH.exe
3364	JmoCghg.exe
2340	qDiXZKu.exe
3604	vrtlmAI.exe
316	HYlhzxr.exe
3812	lBiFMdV.exe
4100	nclDhGz.exe
1932	njnGStg.exe
4712	LfoOjmD.exe
812	PNeUlxa.exe
4472	udKociL.exe
628	lvfrqst.exe
4288	xEoyLMP.exe
1904	cYlvavq.exe
4436	ciskLKx.exe
3992	hSoqEHl.exe
2936	aJXThlq.exe
2464	fSLBSVb.exe
1704	KVsZIhe.exe
4324	bIXygkd.exe
3736	elleaXa.exe
2388	VEaDrvG.exe
2604	DcqKJNn.exe
1472	xZKrCpD.exe
320	mahViqR.exe
5104	kvVSBxA.exe
2192	NyebAkf.exe
2996	nydEwrc.exe
880	nVetXSZ.exe
3268	ujoPnee.exe
184	TijSxxq.exe
1224	rczhvLk.exe
3864	rmivkop.exe
1796	ukYVfSp.exe
1060	JVvcxXh.exe
5028	vkLcopJ.exe
860	aEIjAUX.exe
1696	fvvxael.exe
1020	kFRcdEC.exe
3876	CkovulY.exe
2452	UpKDgvn.exe
5008	ueYdkJg.exe
4012	DqggQde.exe
2472	xNQwsaP.exe
3152	tOdekaT.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1256-0-0x00007FF765E80000-0x00007FF7661D4000-memory.dmp	upx
behavioral2/files/0x0008000000023ccf-4.dat	upx
behavioral2/memory/4632-8-0x00007FF71E530000-0x00007FF71E884000-memory.dmp	upx
behavioral2/files/0x0007000000023cd0-11.dat	upx
behavioral2/files/0x0007000000023cd1-17.dat	upx
behavioral2/files/0x0007000000023cd3-25.dat	upx
behavioral2/files/0x0007000000023cd2-27.dat	upx
behavioral2/memory/2416-33-0x00007FF7B8020000-0x00007FF7B8374000-memory.dmp	upx
behavioral2/files/0x0007000000023cd4-40.dat	upx
behavioral2/files/0x0008000000023ccd-43.dat	upx
behavioral2/memory/4432-53-0x00007FF6C9850000-0x00007FF6C9BA4000-memory.dmp	upx
behavioral2/files/0x0007000000023cd7-62.dat	upx
behavioral2/files/0x0007000000023cd8-65.dat	upx
behavioral2/memory/3592-71-0x00007FF6B4AB0000-0x00007FF6B4E04000-memory.dmp	upx
behavioral2/files/0x0007000000023cd9-74.dat	upx
behavioral2/memory/1944-73-0x00007FF619590000-0x00007FF6198E4000-memory.dmp	upx
behavioral2/memory/1256-72-0x00007FF765E80000-0x00007FF7661D4000-memory.dmp	upx
behavioral2/memory/2692-67-0x00007FF60AFE0000-0x00007FF60B334000-memory.dmp	upx
behavioral2/memory/1436-60-0x00007FF62C6D0000-0x00007FF62CA24000-memory.dmp	upx
behavioral2/files/0x0007000000023cd6-56.dat	upx
behavioral2/files/0x0007000000023cd5-54.dat	upx
behavioral2/memory/3236-42-0x00007FF68DC00000-0x00007FF68DF54000-memory.dmp	upx
behavioral2/memory/3256-37-0x00007FF77D3C0000-0x00007FF77D714000-memory.dmp	upx
behavioral2/memory/3816-31-0x00007FF68BEB0000-0x00007FF68C204000-memory.dmp	upx
behavioral2/memory/2100-24-0x00007FF77B160000-0x00007FF77B4B4000-memory.dmp	upx
behavioral2/memory/2384-13-0x00007FF7D8420000-0x00007FF7D8774000-memory.dmp	upx
behavioral2/files/0x0007000000023cda-77.dat	upx
behavioral2/files/0x0007000000023cdc-83.dat	upx
behavioral2/files/0x0007000000023cdd-89.dat	upx
behavioral2/files/0x0007000000023cde-96.dat	upx
behavioral2/memory/4956-97-0x00007FF773810000-0x00007FF773B64000-memory.dmp	upx
behavioral2/files/0x0007000000023ce0-106.dat	upx
behavioral2/files/0x0007000000023ce1-109.dat	upx
behavioral2/files/0x0007000000023ce2-112.dat	upx
behavioral2/files/0x0007000000023ce3-115.dat	upx
behavioral2/files/0x0007000000023ce5-121.dat	upx
behavioral2/files/0x0007000000023ce7-144.dat	upx
behavioral2/memory/3364-149-0x00007FF709350000-0x00007FF7096A4000-memory.dmp	upx
behavioral2/memory/3604-151-0x00007FF654020000-0x00007FF654374000-memory.dmp	upx
behavioral2/memory/4088-154-0x00007FF645600000-0x00007FF645954000-memory.dmp	upx
behavioral2/memory/3816-157-0x00007FF68BEB0000-0x00007FF68C204000-memory.dmp	upx
behavioral2/memory/1936-156-0x00007FF63F700000-0x00007FF63FA54000-memory.dmp	upx
behavioral2/memory/4488-155-0x00007FF7A40D0000-0x00007FF7A4424000-memory.dmp	upx
behavioral2/memory/3812-153-0x00007FF6BAED0000-0x00007FF6BB224000-memory.dmp	upx
behavioral2/memory/316-152-0x00007FF66D360000-0x00007FF66D6B4000-memory.dmp	upx
behavioral2/memory/2340-150-0x00007FF65B870000-0x00007FF65BBC4000-memory.dmp	upx
behavioral2/memory/4140-148-0x00007FF67F600000-0x00007FF67F954000-memory.dmp	upx
behavioral2/memory/1772-147-0x00007FF6D51C0000-0x00007FF6D5514000-memory.dmp	upx
behavioral2/memory/2416-146-0x00007FF7B8020000-0x00007FF7B8374000-memory.dmp	upx
behavioral2/files/0x0007000000023ce6-142.dat	upx
behavioral2/files/0x0007000000023ce4-138.dat	upx
behavioral2/files/0x0007000000023cdf-128.dat	upx
behavioral2/memory/1816-100-0x00007FF769B80000-0x00007FF769ED4000-memory.dmp	upx
behavioral2/memory/3304-95-0x00007FF756F50000-0x00007FF7572A4000-memory.dmp	upx
behavioral2/memory/2384-94-0x00007FF7D8420000-0x00007FF7D8774000-memory.dmp	upx
behavioral2/memory/2100-87-0x00007FF77B160000-0x00007FF77B4B4000-memory.dmp	upx
behavioral2/files/0x0007000000023ce8-161.dat	upx
behavioral2/files/0x0007000000023ce9-164.dat	upx
behavioral2/files/0x0007000000023cea-171.dat	upx
behavioral2/files/0x0007000000023ceb-179.dat	upx
behavioral2/files/0x0007000000023ced-188.dat	upx
behavioral2/files/0x0007000000023cee-193.dat	upx
behavioral2/files/0x0007000000023cef-195.dat	upx
behavioral2/memory/812-215-0x00007FF671250000-0x00007FF6715A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xEoyLMP.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\XhpmSML.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\IKimwBX.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\ZXzUxYV.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\lnCsZqQ.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\YapXepz.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\oYpvzRn.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\GIdTDff.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\fSLBSVb.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\lkNWJHL.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\mJLEDws.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\jnrZxfX.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\ujoPnee.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\PDQEipA.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\NADmLrk.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\ojzPZds.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\lASGmRc.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\DHzOBwQ.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\CRHDGta.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\HRHluNZ.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\SgOAQTk.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\OENVakq.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\waTSuTf.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\JctIJjZ.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\YboJeic.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\fiFYUvH.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\pTLfvam.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\fjaBjol.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\CpQwoZd.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\lRgakFj.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\UQFsVvH.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\rczhvLk.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\OEwuAPh.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\jeBbWTm.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\pxBvjXm.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\dBZjqZw.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\lfimdmo.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\LsVniyJ.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\vkaVmGU.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\EMiRyRV.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\ASXxyme.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\XEMTTuP.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\JUxGrji.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\CsYjlpR.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\xWVlCAB.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\masDTOJ.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\TEbWYvJ.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\uieisBn.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\pbMrWdi.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\cPbcvTI.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\bLcBiDN.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\RYhQNCX.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\DdDfebc.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\RxmqkXd.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\aMEzrXk.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\TephEAD.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\VhhrlqL.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\WaUebuN.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\wQegjNx.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\xrALYyF.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\kfUpzGD.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\oBWrtQK.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\VEUWUyF.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
File created	C:\Windows\System\RhHpMOY.exe	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 4632	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	84
PID 1256 wrote to memory of 4632	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	84
PID 1256 wrote to memory of 2384	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	85
PID 1256 wrote to memory of 2384	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	85
PID 1256 wrote to memory of 2100	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	86
PID 1256 wrote to memory of 2100	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	86
PID 1256 wrote to memory of 3816	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	87
PID 1256 wrote to memory of 3816	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	87
PID 1256 wrote to memory of 2416	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	88
PID 1256 wrote to memory of 2416	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	88
PID 1256 wrote to memory of 3256	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	89
PID 1256 wrote to memory of 3256	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	89
PID 1256 wrote to memory of 3236	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	90
PID 1256 wrote to memory of 3236	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	90
PID 1256 wrote to memory of 4432	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	91
PID 1256 wrote to memory of 4432	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	91
PID 1256 wrote to memory of 1436	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	92
PID 1256 wrote to memory of 1436	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	92
PID 1256 wrote to memory of 2692	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	93
PID 1256 wrote to memory of 2692	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	93
PID 1256 wrote to memory of 3592	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	94
PID 1256 wrote to memory of 3592	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	94
PID 1256 wrote to memory of 1944	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	95
PID 1256 wrote to memory of 1944	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	95
PID 1256 wrote to memory of 3304	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	96
PID 1256 wrote to memory of 3304	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	96
PID 1256 wrote to memory of 4956	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	97
PID 1256 wrote to memory of 4956	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	97
PID 1256 wrote to memory of 1816	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	98
PID 1256 wrote to memory of 1816	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	98
PID 1256 wrote to memory of 4088	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	99
PID 1256 wrote to memory of 4088	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	99
PID 1256 wrote to memory of 4488	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	100
PID 1256 wrote to memory of 4488	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	100
PID 1256 wrote to memory of 1936	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	102
PID 1256 wrote to memory of 1936	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	102
PID 1256 wrote to memory of 1772	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	103
PID 1256 wrote to memory of 1772	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	103
PID 1256 wrote to memory of 4140	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	104
PID 1256 wrote to memory of 4140	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	104
PID 1256 wrote to memory of 3364	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	105
PID 1256 wrote to memory of 3364	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	105
PID 1256 wrote to memory of 2340	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	106
PID 1256 wrote to memory of 2340	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	106
PID 1256 wrote to memory of 3604	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	107
PID 1256 wrote to memory of 3604	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	107
PID 1256 wrote to memory of 316	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	108
PID 1256 wrote to memory of 316	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	108
PID 1256 wrote to memory of 3812	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	109
PID 1256 wrote to memory of 3812	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	109
PID 1256 wrote to memory of 4100	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	111
PID 1256 wrote to memory of 4100	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	111
PID 1256 wrote to memory of 1932	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	112
PID 1256 wrote to memory of 1932	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	112
PID 1256 wrote to memory of 4712	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	113
PID 1256 wrote to memory of 4712	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	113
PID 1256 wrote to memory of 812	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	114
PID 1256 wrote to memory of 812	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	114
PID 1256 wrote to memory of 4472	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	115
PID 1256 wrote to memory of 4472	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	115
PID 1256 wrote to memory of 628	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	116
PID 1256 wrote to memory of 628	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	116
PID 1256 wrote to memory of 4288	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	117
PID 1256 wrote to memory of 4288	1256	370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe	117

C:\Users\Admin\AppData\Local\Temp\370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe
"C:\Users\Admin\AppData\Local\Temp\370a8415a506f9c5000c8fa3c7336db02d4920ace4c362d9ce8cf9dbbf8acc4f.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Windows\System\CazORvc.exe
  C:\Windows\System\CazORvc.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\idykLVq.exe
  C:\Windows\System\idykLVq.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\heHcfng.exe
  C:\Windows\System\heHcfng.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\seTxDPJ.exe
  C:\Windows\System\seTxDPJ.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System\RgiThqn.exe
  C:\Windows\System\RgiThqn.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\rbaTOiw.exe
  C:\Windows\System\rbaTOiw.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\MWTUKMx.exe
  C:\Windows\System\MWTUKMx.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\CnaTYBT.exe
  C:\Windows\System\CnaTYBT.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\SrrzCqd.exe
  C:\Windows\System\SrrzCqd.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\IaRJCRI.exe
  C:\Windows\System\IaRJCRI.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\kDMyMPj.exe
  C:\Windows\System\kDMyMPj.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\jKtzKYn.exe
  C:\Windows\System\jKtzKYn.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\MVwwZRs.exe
  C:\Windows\System\MVwwZRs.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\gFLFwiF.exe
  C:\Windows\System\gFLFwiF.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\YYrZxDH.exe
  C:\Windows\System\YYrZxDH.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\KwRyYij.exe
  C:\Windows\System\KwRyYij.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\sMmXWXj.exe
  C:\Windows\System\sMmXWXj.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\BDxpSGq.exe
  C:\Windows\System\BDxpSGq.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\aiGCNDk.exe
  C:\Windows\System\aiGCNDk.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\VBAwNZH.exe
  C:\Windows\System\VBAwNZH.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\JmoCghg.exe
  C:\Windows\System\JmoCghg.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\qDiXZKu.exe
  C:\Windows\System\qDiXZKu.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\vrtlmAI.exe
  C:\Windows\System\vrtlmAI.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\HYlhzxr.exe
  C:\Windows\System\HYlhzxr.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\lBiFMdV.exe
  C:\Windows\System\lBiFMdV.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\nclDhGz.exe
  C:\Windows\System\nclDhGz.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\njnGStg.exe
  C:\Windows\System\njnGStg.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\LfoOjmD.exe
  C:\Windows\System\LfoOjmD.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\PNeUlxa.exe
  C:\Windows\System\PNeUlxa.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\udKociL.exe
  C:\Windows\System\udKociL.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\lvfrqst.exe
  C:\Windows\System\lvfrqst.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\xEoyLMP.exe
  C:\Windows\System\xEoyLMP.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\cYlvavq.exe
  C:\Windows\System\cYlvavq.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\hSoqEHl.exe
  C:\Windows\System\hSoqEHl.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\aJXThlq.exe
  C:\Windows\System\aJXThlq.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\ciskLKx.exe
  C:\Windows\System\ciskLKx.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\fSLBSVb.exe
  C:\Windows\System\fSLBSVb.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\KVsZIhe.exe
  C:\Windows\System\KVsZIhe.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\bIXygkd.exe
  C:\Windows\System\bIXygkd.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\elleaXa.exe
  C:\Windows\System\elleaXa.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\VEaDrvG.exe
  C:\Windows\System\VEaDrvG.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\DcqKJNn.exe
  C:\Windows\System\DcqKJNn.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\xZKrCpD.exe
  C:\Windows\System\xZKrCpD.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\mahViqR.exe
  C:\Windows\System\mahViqR.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\kvVSBxA.exe
  C:\Windows\System\kvVSBxA.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\NyebAkf.exe
  C:\Windows\System\NyebAkf.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\nydEwrc.exe
  C:\Windows\System\nydEwrc.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\nVetXSZ.exe
  C:\Windows\System\nVetXSZ.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\ujoPnee.exe
  C:\Windows\System\ujoPnee.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\TijSxxq.exe
  C:\Windows\System\TijSxxq.exe
  2⤵
  - Executes dropped EXE
  PID:184
- C:\Windows\System\rczhvLk.exe
  C:\Windows\System\rczhvLk.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\rmivkop.exe
  C:\Windows\System\rmivkop.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\ukYVfSp.exe
  C:\Windows\System\ukYVfSp.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\JVvcxXh.exe
  C:\Windows\System\JVvcxXh.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\vkLcopJ.exe
  C:\Windows\System\vkLcopJ.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\aEIjAUX.exe
  C:\Windows\System\aEIjAUX.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\fvvxael.exe
  C:\Windows\System\fvvxael.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\kFRcdEC.exe
  C:\Windows\System\kFRcdEC.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\CkovulY.exe
  C:\Windows\System\CkovulY.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\UpKDgvn.exe
  C:\Windows\System\UpKDgvn.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\ueYdkJg.exe
  C:\Windows\System\ueYdkJg.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\DqggQde.exe
  C:\Windows\System\DqggQde.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\xNQwsaP.exe
  C:\Windows\System\xNQwsaP.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\tOdekaT.exe
  C:\Windows\System\tOdekaT.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\CRHDGta.exe
  C:\Windows\System\CRHDGta.exe
  2⤵
  PID:3084
- C:\Windows\System\QwAPaTk.exe
  C:\Windows\System\QwAPaTk.exe
  2⤵
  PID:2064
- C:\Windows\System\qNdddeI.exe
  C:\Windows\System\qNdddeI.exe
  2⤵
  PID:1740
- C:\Windows\System\lkNWJHL.exe
  C:\Windows\System\lkNWJHL.exe
  2⤵
  PID:2460
- C:\Windows\System\PJFiBRh.exe
  C:\Windows\System\PJFiBRh.exe
  2⤵
  PID:552
- C:\Windows\System\GoJhwyv.exe
  C:\Windows\System\GoJhwyv.exe
  2⤵
  PID:4064
- C:\Windows\System\LCcBQpy.exe
  C:\Windows\System\LCcBQpy.exe
  2⤵
  PID:3156
- C:\Windows\System\PmXLgqY.exe
  C:\Windows\System\PmXLgqY.exe
  2⤵
  PID:464
- C:\Windows\System\iwNSgkW.exe
  C:\Windows\System\iwNSgkW.exe
  2⤵
  PID:4856
- C:\Windows\System\CJKfUJS.exe
  C:\Windows\System\CJKfUJS.exe
  2⤵
  PID:760
- C:\Windows\System\BcIfhFD.exe
  C:\Windows\System\BcIfhFD.exe
  2⤵
  PID:540
- C:\Windows\System\VEsUDSs.exe
  C:\Windows\System\VEsUDSs.exe
  2⤵
  PID:4912
- C:\Windows\System\crgePLg.exe
  C:\Windows\System\crgePLg.exe
  2⤵
  PID:1032
- C:\Windows\System\fPUodpD.exe
  C:\Windows\System\fPUodpD.exe
  2⤵
  PID:388
- C:\Windows\System\WgofMqA.exe
  C:\Windows\System\WgofMqA.exe
  2⤵
  PID:3524
- C:\Windows\System\lCiMAhp.exe
  C:\Windows\System\lCiMAhp.exe
  2⤵
  PID:3996
- C:\Windows\System\KtbkcEo.exe
  C:\Windows\System\KtbkcEo.exe
  2⤵
  PID:4732
- C:\Windows\System\jGeoLQV.exe
  C:\Windows\System\jGeoLQV.exe
  2⤵
  PID:4368
- C:\Windows\System\NmoFQgj.exe
  C:\Windows\System\NmoFQgj.exe
  2⤵
  PID:4152
- C:\Windows\System\uswSFKa.exe
  C:\Windows\System\uswSFKa.exe
  2⤵
  PID:4580
- C:\Windows\System\udgwWae.exe
  C:\Windows\System\udgwWae.exe
  2⤵
  PID:2428
- C:\Windows\System\zfSdzdD.exe
  C:\Windows\System\zfSdzdD.exe
  2⤵
  PID:5132
- C:\Windows\System\lDaSVFI.exe
  C:\Windows\System\lDaSVFI.exe
  2⤵
  PID:5172
- C:\Windows\System\MCAdemk.exe
  C:\Windows\System\MCAdemk.exe
  2⤵
  PID:5200
- C:\Windows\System\Udtujgy.exe
  C:\Windows\System\Udtujgy.exe
  2⤵
  PID:5232
- C:\Windows\System\fwqnCLQ.exe
  C:\Windows\System\fwqnCLQ.exe
  2⤵
  PID:5276
- C:\Windows\System\pwfETAG.exe
  C:\Windows\System\pwfETAG.exe
  2⤵
  PID:5308
- C:\Windows\System\DJYgNcf.exe
  C:\Windows\System\DJYgNcf.exe
  2⤵
  PID:5340
- C:\Windows\System\PSdPyuc.exe
  C:\Windows\System\PSdPyuc.exe
  2⤵
  PID:5364
- C:\Windows\System\frExOFI.exe
  C:\Windows\System\frExOFI.exe
  2⤵
  PID:5404
- C:\Windows\System\lFvEWXl.exe
  C:\Windows\System\lFvEWXl.exe
  2⤵
  PID:5456
- C:\Windows\System\XxuAeKx.exe
  C:\Windows\System\XxuAeKx.exe
  2⤵
  PID:5496
- C:\Windows\System\JKgKKls.exe
  C:\Windows\System\JKgKKls.exe
  2⤵
  PID:5520
- C:\Windows\System\eVREOGT.exe
  C:\Windows\System\eVREOGT.exe
  2⤵
  PID:5540
- C:\Windows\System\ugsTHqi.exe
  C:\Windows\System\ugsTHqi.exe
  2⤵
  PID:5580
- C:\Windows\System\TPIavbO.exe
  C:\Windows\System\TPIavbO.exe
  2⤵
  PID:5612
- C:\Windows\System\KRTxAiS.exe
  C:\Windows\System\KRTxAiS.exe
  2⤵
  PID:5640
- C:\Windows\System\uJmQoxR.exe
  C:\Windows\System\uJmQoxR.exe
  2⤵
  PID:5696
- C:\Windows\System\ahTzqcG.exe
  C:\Windows\System\ahTzqcG.exe
  2⤵
  PID:5760
- C:\Windows\System\SjcJien.exe
  C:\Windows\System\SjcJien.exe
  2⤵
  PID:5832
- C:\Windows\System\NOwmNwM.exe
  C:\Windows\System\NOwmNwM.exe
  2⤵
  PID:5872
- C:\Windows\System\ySMxRhD.exe
  C:\Windows\System\ySMxRhD.exe
  2⤵
  PID:5892
- C:\Windows\System\alTxZnl.exe
  C:\Windows\System\alTxZnl.exe
  2⤵
  PID:5936
- C:\Windows\System\jZQxbPH.exe
  C:\Windows\System\jZQxbPH.exe
  2⤵
  PID:5964
- C:\Windows\System\LxELzzZ.exe
  C:\Windows\System\LxELzzZ.exe
  2⤵
  PID:5992
- C:\Windows\System\nimqtqV.exe
  C:\Windows\System\nimqtqV.exe
  2⤵
  PID:6028
- C:\Windows\System\DdDfebc.exe
  C:\Windows\System\DdDfebc.exe
  2⤵
  PID:6044
- C:\Windows\System\aCUMBsK.exe
  C:\Windows\System\aCUMBsK.exe
  2⤵
  PID:6088
- C:\Windows\System\hrjavbd.exe
  C:\Windows\System\hrjavbd.exe
  2⤵
  PID:6116
- C:\Windows\System\oFfIiAK.exe
  C:\Windows\System\oFfIiAK.exe
  2⤵
  PID:4132
- C:\Windows\System\dBZjqZw.exe
  C:\Windows\System\dBZjqZw.exe
  2⤵
  PID:5160
- C:\Windows\System\toLjziP.exe
  C:\Windows\System\toLjziP.exe
  2⤵
  PID:5192
- C:\Windows\System\vNmwHyh.exe
  C:\Windows\System\vNmwHyh.exe
  2⤵
  PID:2328
- C:\Windows\System\DUpfmrK.exe
  C:\Windows\System\DUpfmrK.exe
  2⤵
  PID:5264
- C:\Windows\System\dwFNHxi.exe
  C:\Windows\System\dwFNHxi.exe
  2⤵
  PID:1176
- C:\Windows\System\aSKqeyB.exe
  C:\Windows\System\aSKqeyB.exe
  2⤵
  PID:3392
- C:\Windows\System\NFSlOXX.exe
  C:\Windows\System\NFSlOXX.exe
  2⤵
  PID:5476
- C:\Windows\System\kfjwAYl.exe
  C:\Windows\System\kfjwAYl.exe
  2⤵
  PID:5536
- C:\Windows\System\EglOQMM.exe
  C:\Windows\System\EglOQMM.exe
  2⤵
  PID:3216
- C:\Windows\System\ETWxjgd.exe
  C:\Windows\System\ETWxjgd.exe
  2⤵
  PID:5608
- C:\Windows\System\mfVqgTK.exe
  C:\Windows\System\mfVqgTK.exe
  2⤵
  PID:5676
- C:\Windows\System\wJOYabE.exe
  C:\Windows\System\wJOYabE.exe
  2⤵
  PID:5792
- C:\Windows\System\ifabXJx.exe
  C:\Windows\System\ifabXJx.exe
  2⤵
  PID:5884
- C:\Windows\System\UNgwYrb.exe
  C:\Windows\System\UNgwYrb.exe
  2⤵
  PID:5984
- C:\Windows\System\NmcwJAu.exe
  C:\Windows\System\NmcwJAu.exe
  2⤵
  PID:6040
- C:\Windows\System\ncQYQcu.exe
  C:\Windows\System\ncQYQcu.exe
  2⤵
  PID:6124
- C:\Windows\System\ZmxLHEs.exe
  C:\Windows\System\ZmxLHEs.exe
  2⤵
  PID:1924
- C:\Windows\System\JUKqcQX.exe
  C:\Windows\System\JUKqcQX.exe
  2⤵
  PID:624
- C:\Windows\System\uieisBn.exe
  C:\Windows\System\uieisBn.exe
  2⤵
  PID:5740
- C:\Windows\System\woVOjms.exe
  C:\Windows\System\woVOjms.exe
  2⤵
  PID:3940
- C:\Windows\System\ypxObnQ.exe
  C:\Windows\System\ypxObnQ.exe
  2⤵
  PID:5300
- C:\Windows\System\GxREQis.exe
  C:\Windows\System\GxREQis.exe
  2⤵
  PID:5124
- C:\Windows\System\mHXmyrR.exe
  C:\Windows\System\mHXmyrR.exe
  2⤵
  PID:1536
- C:\Windows\System\JpRvtMt.exe
  C:\Windows\System\JpRvtMt.exe
  2⤵
  PID:5352
- C:\Windows\System\mifBNLH.exe
  C:\Windows\System\mifBNLH.exe
  2⤵
  PID:5636
- C:\Windows\System\Zcboqpr.exe
  C:\Windows\System\Zcboqpr.exe
  2⤵
  PID:2796
- C:\Windows\System\RxmqkXd.exe
  C:\Windows\System\RxmqkXd.exe
  2⤵
  PID:6108
- C:\Windows\System\QsFfyZO.exe
  C:\Windows\System\QsFfyZO.exe
  2⤵
  PID:4784
- C:\Windows\System\jyAMRbH.exe
  C:\Windows\System\jyAMRbH.exe
  2⤵
  PID:548
- C:\Windows\System\kdZAIjT.exe
  C:\Windows\System\kdZAIjT.exe
  2⤵
  PID:4768
- C:\Windows\System\bBkpzKr.exe
  C:\Windows\System\bBkpzKr.exe
  2⤵
  PID:4332
- C:\Windows\System\XQMNwQk.exe
  C:\Windows\System\XQMNwQk.exe
  2⤵
  PID:5100
- C:\Windows\System\JUxGrji.exe
  C:\Windows\System\JUxGrji.exe
  2⤵
  PID:3532
- C:\Windows\System\qhssCBj.exe
  C:\Windows\System\qhssCBj.exe
  2⤵
  PID:3588
- C:\Windows\System\xIuwTBU.exe
  C:\Windows\System\xIuwTBU.exe
  2⤵
  PID:1588
- C:\Windows\System\iBGSmJX.exe
  C:\Windows\System\iBGSmJX.exe
  2⤵
  PID:6156
- C:\Windows\System\qtgIRPm.exe
  C:\Windows\System\qtgIRPm.exe
  2⤵
  PID:6172
- C:\Windows\System\vIhzwJu.exe
  C:\Windows\System\vIhzwJu.exe
  2⤵
  PID:6204
- C:\Windows\System\PoxmLXw.exe
  C:\Windows\System\PoxmLXw.exe
  2⤵
  PID:6244
- C:\Windows\System\HEQwPPI.exe
  C:\Windows\System\HEQwPPI.exe
  2⤵
  PID:6272
- C:\Windows\System\YeFEsrY.exe
  C:\Windows\System\YeFEsrY.exe
  2⤵
  PID:6308
- C:\Windows\System\OEwuAPh.exe
  C:\Windows\System\OEwuAPh.exe
  2⤵
  PID:6336
- C:\Windows\System\Zvmfxdm.exe
  C:\Windows\System\Zvmfxdm.exe
  2⤵
  PID:6360
- C:\Windows\System\srGJNxn.exe
  C:\Windows\System\srGJNxn.exe
  2⤵
  PID:6388
- C:\Windows\System\kfUpzGD.exe
  C:\Windows\System\kfUpzGD.exe
  2⤵
  PID:6420
- C:\Windows\System\OyXjTyY.exe
  C:\Windows\System\OyXjTyY.exe
  2⤵
  PID:6448
- C:\Windows\System\mzzobxv.exe
  C:\Windows\System\mzzobxv.exe
  2⤵
  PID:6480
- C:\Windows\System\EFZvbgd.exe
  C:\Windows\System\EFZvbgd.exe
  2⤵
  PID:6504
- C:\Windows\System\zxHsMUS.exe
  C:\Windows\System\zxHsMUS.exe
  2⤵
  PID:6536
- C:\Windows\System\ofgscQV.exe
  C:\Windows\System\ofgscQV.exe
  2⤵
  PID:6564
- C:\Windows\System\dkFyNGq.exe
  C:\Windows\System\dkFyNGq.exe
  2⤵
  PID:6588
- C:\Windows\System\isYMaup.exe
  C:\Windows\System\isYMaup.exe
  2⤵
  PID:6620
- C:\Windows\System\htonJYS.exe
  C:\Windows\System\htonJYS.exe
  2⤵
  PID:6648
- C:\Windows\System\PaGVlDk.exe
  C:\Windows\System\PaGVlDk.exe
  2⤵
  PID:6676
- C:\Windows\System\UDzFIRJ.exe
  C:\Windows\System\UDzFIRJ.exe
  2⤵
  PID:6704
- C:\Windows\System\pQtdLHI.exe
  C:\Windows\System\pQtdLHI.exe
  2⤵
  PID:6732
- C:\Windows\System\sJPIHMX.exe
  C:\Windows\System\sJPIHMX.exe
  2⤵
  PID:6756
- C:\Windows\System\zHIKWoT.exe
  C:\Windows\System\zHIKWoT.exe
  2⤵
  PID:6796
- C:\Windows\System\LfuFvsa.exe
  C:\Windows\System\LfuFvsa.exe
  2⤵
  PID:6832
- C:\Windows\System\IMnxEUq.exe
  C:\Windows\System\IMnxEUq.exe
  2⤵
  PID:6860
- C:\Windows\System\SvqSZzW.exe
  C:\Windows\System\SvqSZzW.exe
  2⤵
  PID:6892
- C:\Windows\System\CbIUiNO.exe
  C:\Windows\System\CbIUiNO.exe
  2⤵
  PID:6908
- C:\Windows\System\TnZsspb.exe
  C:\Windows\System\TnZsspb.exe
  2⤵
  PID:6948
- C:\Windows\System\OwhIGxV.exe
  C:\Windows\System\OwhIGxV.exe
  2⤵
  PID:6972
- C:\Windows\System\jnYaktD.exe
  C:\Windows\System\jnYaktD.exe
  2⤵
  PID:7040
- C:\Windows\System\LBVfqQq.exe
  C:\Windows\System\LBVfqQq.exe
  2⤵
  PID:7068
- C:\Windows\System\WTBolNx.exe
  C:\Windows\System\WTBolNx.exe
  2⤵
  PID:7100
- C:\Windows\System\wKnuAPp.exe
  C:\Windows\System\wKnuAPp.exe
  2⤵
  PID:7128
- C:\Windows\System\KozGslR.exe
  C:\Windows\System\KozGslR.exe
  2⤵
  PID:7160
- C:\Windows\System\XEmfcqP.exe
  C:\Windows\System\XEmfcqP.exe
  2⤵
  PID:6164
- C:\Windows\System\wtGBaED.exe
  C:\Windows\System\wtGBaED.exe
  2⤵
  PID:960
- C:\Windows\System\tGbiSjT.exe
  C:\Windows\System\tGbiSjT.exe
  2⤵
  PID:3108
- C:\Windows\System\vMAjSdE.exe
  C:\Windows\System\vMAjSdE.exe
  2⤵
  PID:2260
- C:\Windows\System\bMOuvdM.exe
  C:\Windows\System\bMOuvdM.exe
  2⤵
  PID:6296
- C:\Windows\System\SQRpLgP.exe
  C:\Windows\System\SQRpLgP.exe
  2⤵
  PID:6324
- C:\Windows\System\PDQEipA.exe
  C:\Windows\System\PDQEipA.exe
  2⤵
  PID:6408
- C:\Windows\System\PcYqati.exe
  C:\Windows\System\PcYqati.exe
  2⤵
  PID:6456
- C:\Windows\System\TsuMnXA.exe
  C:\Windows\System\TsuMnXA.exe
  2⤵
  PID:6524
- C:\Windows\System\MWwcEnh.exe
  C:\Windows\System\MWwcEnh.exe
  2⤵
  PID:6616
- C:\Windows\System\fYrmgLs.exe
  C:\Windows\System\fYrmgLs.exe
  2⤵
  PID:6684
- C:\Windows\System\YWfnwYw.exe
  C:\Windows\System\YWfnwYw.exe
  2⤵
  PID:6768
- C:\Windows\System\VEUWUyF.exe
  C:\Windows\System\VEUWUyF.exe
  2⤵
  PID:6816
- C:\Windows\System\jAdsahJ.exe
  C:\Windows\System\jAdsahJ.exe
  2⤵
  PID:6888
- C:\Windows\System\FGKUHAg.exe
  C:\Windows\System\FGKUHAg.exe
  2⤵
  PID:2028
- C:\Windows\System\TuZqjWw.exe
  C:\Windows\System\TuZqjWw.exe
  2⤵
  PID:3496
- C:\Windows\System\lkWvioF.exe
  C:\Windows\System\lkWvioF.exe
  2⤵
  PID:3056
- C:\Windows\System\RdidCDT.exe
  C:\Windows\System\RdidCDT.exe
  2⤵
  PID:6960
- C:\Windows\System\yWDMVKv.exe
  C:\Windows\System\yWDMVKv.exe
  2⤵
  PID:6928
- C:\Windows\System\VBsWVPP.exe
  C:\Windows\System\VBsWVPP.exe
  2⤵
  PID:7028
- C:\Windows\System\tqWNtQE.exe
  C:\Windows\System\tqWNtQE.exe
  2⤵
  PID:7096
- C:\Windows\System\MfHYoZe.exe
  C:\Windows\System\MfHYoZe.exe
  2⤵
  PID:7140
- C:\Windows\System\lfimdmo.exe
  C:\Windows\System\lfimdmo.exe
  2⤵
  PID:2616
- C:\Windows\System\QctdTIR.exe
  C:\Windows\System\QctdTIR.exe
  2⤵
  PID:944
- C:\Windows\System\xQOBTbi.exe
  C:\Windows\System\xQOBTbi.exe
  2⤵
  PID:2024
- C:\Windows\System\TkkZnVX.exe
  C:\Windows\System\TkkZnVX.exe
  2⤵
  PID:6348
- C:\Windows\System\XUZMrnI.exe
  C:\Windows\System\XUZMrnI.exe
  2⤵
  PID:7020
- C:\Windows\System\LCPUUxq.exe
  C:\Windows\System\LCPUUxq.exe
  2⤵
  PID:6600
- C:\Windows\System\OVUewcC.exe
  C:\Windows\System\OVUewcC.exe
  2⤵
  PID:6844
- C:\Windows\System\oYahzAG.exe
  C:\Windows\System\oYahzAG.exe
  2⤵
  PID:4468
- C:\Windows\System\hWGjzBe.exe
  C:\Windows\System\hWGjzBe.exe
  2⤵
  PID:4924
- C:\Windows\System\bmOdfiq.exe
  C:\Windows\System\bmOdfiq.exe
  2⤵
  PID:4388
- C:\Windows\System\aacqBvA.exe
  C:\Windows\System\aacqBvA.exe
  2⤵
  PID:7108
- C:\Windows\System\sekWMrV.exe
  C:\Windows\System\sekWMrV.exe
  2⤵
  PID:4256
- C:\Windows\System\FtxayhV.exe
  C:\Windows\System\FtxayhV.exe
  2⤵
  PID:4756
- C:\Windows\System\oJFefXq.exe
  C:\Windows\System\oJFefXq.exe
  2⤵
  PID:6560
- C:\Windows\System\JbMzhPh.exe
  C:\Windows\System\JbMzhPh.exe
  2⤵
  PID:6848
- C:\Windows\System\ghYBgET.exe
  C:\Windows\System\ghYBgET.exe
  2⤵
  PID:3112
- C:\Windows\System\vzUdFOs.exe
  C:\Windows\System\vzUdFOs.exe
  2⤵
  PID:6228
- C:\Windows\System\OjYWden.exe
  C:\Windows\System\OjYWden.exe
  2⤵
  PID:1760
- C:\Windows\System\GjKUMJD.exe
  C:\Windows\System\GjKUMJD.exe
  2⤵
  PID:6304
- C:\Windows\System\KuByxYw.exe
  C:\Windows\System\KuByxYw.exe
  2⤵
  PID:6712
- C:\Windows\System\DqWwbYr.exe
  C:\Windows\System\DqWwbYr.exe
  2⤵
  PID:892
- C:\Windows\System\UuxGxSS.exe
  C:\Windows\System\UuxGxSS.exe
  2⤵
  PID:7200
- C:\Windows\System\liUaTuP.exe
  C:\Windows\System\liUaTuP.exe
  2⤵
  PID:7232
- C:\Windows\System\eBJtJlu.exe
  C:\Windows\System\eBJtJlu.exe
  2⤵
  PID:7256
- C:\Windows\System\caGHUsM.exe
  C:\Windows\System\caGHUsM.exe
  2⤵
  PID:7288
- C:\Windows\System\Gfxfqxw.exe
  C:\Windows\System\Gfxfqxw.exe
  2⤵
  PID:7312
- C:\Windows\System\ISWHXSV.exe
  C:\Windows\System\ISWHXSV.exe
  2⤵
  PID:7344
- C:\Windows\System\fiFYUvH.exe
  C:\Windows\System\fiFYUvH.exe
  2⤵
  PID:7372
- C:\Windows\System\ynLjlIs.exe
  C:\Windows\System\ynLjlIs.exe
  2⤵
  PID:7400
- C:\Windows\System\bGxywEJ.exe
  C:\Windows\System\bGxywEJ.exe
  2⤵
  PID:7428
- C:\Windows\System\eTLlmuJ.exe
  C:\Windows\System\eTLlmuJ.exe
  2⤵
  PID:7460
- C:\Windows\System\suNGboq.exe
  C:\Windows\System\suNGboq.exe
  2⤵
  PID:7488
- C:\Windows\System\EFoQnnM.exe
  C:\Windows\System\EFoQnnM.exe
  2⤵
  PID:7508
- C:\Windows\System\MIQByRL.exe
  C:\Windows\System\MIQByRL.exe
  2⤵
  PID:7548
- C:\Windows\System\gQDHDRv.exe
  C:\Windows\System\gQDHDRv.exe
  2⤵
  PID:7576
- C:\Windows\System\VYQWfsf.exe
  C:\Windows\System\VYQWfsf.exe
  2⤵
  PID:7604
- C:\Windows\System\ikhVxJU.exe
  C:\Windows\System\ikhVxJU.exe
  2⤵
  PID:7624
- C:\Windows\System\oBWrtQK.exe
  C:\Windows\System\oBWrtQK.exe
  2⤵
  PID:7660
- C:\Windows\System\rAPWDrQ.exe
  C:\Windows\System\rAPWDrQ.exe
  2⤵
  PID:7684
- C:\Windows\System\CtGDXit.exe
  C:\Windows\System\CtGDXit.exe
  2⤵
  PID:7708
- C:\Windows\System\xadprMK.exe
  C:\Windows\System\xadprMK.exe
  2⤵
  PID:7740
- C:\Windows\System\WmpbKSu.exe
  C:\Windows\System\WmpbKSu.exe
  2⤵
  PID:7764
- C:\Windows\System\FjEBhCt.exe
  C:\Windows\System\FjEBhCt.exe
  2⤵
  PID:7792
- C:\Windows\System\tsJZzjU.exe
  C:\Windows\System\tsJZzjU.exe
  2⤵
  PID:7828
- C:\Windows\System\vlhNANC.exe
  C:\Windows\System\vlhNANC.exe
  2⤵
  PID:7860
- C:\Windows\System\UBdavll.exe
  C:\Windows\System\UBdavll.exe
  2⤵
  PID:7884
- C:\Windows\System\BImjEft.exe
  C:\Windows\System\BImjEft.exe
  2⤵
  PID:7916
- C:\Windows\System\fOzGdwV.exe
  C:\Windows\System\fOzGdwV.exe
  2⤵
  PID:7940
- C:\Windows\System\yvKvzoi.exe
  C:\Windows\System\yvKvzoi.exe
  2⤵
  PID:7972
- C:\Windows\System\qjPxrGy.exe
  C:\Windows\System\qjPxrGy.exe
  2⤵
  PID:7996
- C:\Windows\System\rkWeWJx.exe
  C:\Windows\System\rkWeWJx.exe
  2⤵
  PID:8032
- C:\Windows\System\JctIJjZ.exe
  C:\Windows\System\JctIJjZ.exe
  2⤵
  PID:8056
- C:\Windows\System\dpnWkIn.exe
  C:\Windows\System\dpnWkIn.exe
  2⤵
  PID:8084
- C:\Windows\System\ssHJgSh.exe
  C:\Windows\System\ssHJgSh.exe
  2⤵
  PID:8116
- C:\Windows\System\bNWxFAK.exe
  C:\Windows\System\bNWxFAK.exe
  2⤵
  PID:8136
- C:\Windows\System\MrhUYvH.exe
  C:\Windows\System\MrhUYvH.exe
  2⤵
  PID:8176
- C:\Windows\System\pMaIEam.exe
  C:\Windows\System\pMaIEam.exe
  2⤵
  PID:7196
- C:\Windows\System\IKimwBX.exe
  C:\Windows\System\IKimwBX.exe
  2⤵
  PID:7264
- C:\Windows\System\FkRYwNO.exe
  C:\Windows\System\FkRYwNO.exe
  2⤵
  PID:7340
- C:\Windows\System\jeBbWTm.exe
  C:\Windows\System\jeBbWTm.exe
  2⤵
  PID:3208
- C:\Windows\System\PPWzIWa.exe
  C:\Windows\System\PPWzIWa.exe
  2⤵
  PID:7436
- C:\Windows\System\UoGMfuD.exe
  C:\Windows\System\UoGMfuD.exe
  2⤵
  PID:7500
- C:\Windows\System\fkRERha.exe
  C:\Windows\System\fkRERha.exe
  2⤵
  PID:7556
- C:\Windows\System\wblTrSP.exe
  C:\Windows\System\wblTrSP.exe
  2⤵
  PID:7616
- C:\Windows\System\tKTRBXf.exe
  C:\Windows\System\tKTRBXf.exe
  2⤵
  PID:7700
- C:\Windows\System\XwpWqZd.exe
  C:\Windows\System\XwpWqZd.exe
  2⤵
  PID:7776
- C:\Windows\System\zkawuSB.exe
  C:\Windows\System\zkawuSB.exe
  2⤵
  PID:7840
- C:\Windows\System\yJxhcQS.exe
  C:\Windows\System\yJxhcQS.exe
  2⤵
  PID:7896
- C:\Windows\System\dUAAWwD.exe
  C:\Windows\System\dUAAWwD.exe
  2⤵
  PID:7956
- C:\Windows\System\KUAQJNd.exe
  C:\Windows\System\KUAQJNd.exe
  2⤵
  PID:8040
- C:\Windows\System\YTEEXPv.exe
  C:\Windows\System\YTEEXPv.exe
  2⤵
  PID:8100
- C:\Windows\System\ZFdYKkc.exe
  C:\Windows\System\ZFdYKkc.exe
  2⤵
  PID:8184
- C:\Windows\System\HymwMSm.exe
  C:\Windows\System\HymwMSm.exe
  2⤵
  PID:7296
- C:\Windows\System\vlEudCU.exe
  C:\Windows\System\vlEudCU.exe
  2⤵
  PID:7408
- C:\Windows\System\bSqHafy.exe
  C:\Windows\System\bSqHafy.exe
  2⤵
  PID:7572
- C:\Windows\System\lWsOeAA.exe
  C:\Windows\System\lWsOeAA.exe
  2⤵
  PID:7384
- C:\Windows\System\HekaFqa.exe
  C:\Windows\System\HekaFqa.exe
  2⤵
  PID:7868
- C:\Windows\System\VgoWBvA.exe
  C:\Windows\System\VgoWBvA.exe
  2⤵
  PID:7984
- C:\Windows\System\aMEzrXk.exe
  C:\Windows\System\aMEzrXk.exe
  2⤵
  PID:4496
- C:\Windows\System\UIJlaIR.exe
  C:\Windows\System\UIJlaIR.exe
  2⤵
  PID:7468
- C:\Windows\System\moKQOYU.exe
  C:\Windows\System\moKQOYU.exe
  2⤵
  PID:7640
- C:\Windows\System\LBtGovJ.exe
  C:\Windows\System\LBtGovJ.exe
  2⤵
  PID:3176
- C:\Windows\System\PJDacDF.exe
  C:\Windows\System\PJDacDF.exe
  2⤵
  PID:7300
- C:\Windows\System\BIgwQBY.exe
  C:\Windows\System\BIgwQBY.exe
  2⤵
  PID:7924
- C:\Windows\System\rHWzDvu.exe
  C:\Windows\System\rHWzDvu.exe
  2⤵
  PID:4588
- C:\Windows\System\roIDgiz.exe
  C:\Windows\System\roIDgiz.exe
  2⤵
  PID:8208
- C:\Windows\System\WvAnOJO.exe
  C:\Windows\System\WvAnOJO.exe
  2⤵
  PID:8236
- C:\Windows\System\giDNgbn.exe
  C:\Windows\System\giDNgbn.exe
  2⤵
  PID:8260
- C:\Windows\System\yHtFkGl.exe
  C:\Windows\System\yHtFkGl.exe
  2⤵
  PID:8288
- C:\Windows\System\ixCjMjv.exe
  C:\Windows\System\ixCjMjv.exe
  2⤵
  PID:8320
- C:\Windows\System\jXgjMAy.exe
  C:\Windows\System\jXgjMAy.exe
  2⤵
  PID:8348
- C:\Windows\System\ogAKRKQ.exe
  C:\Windows\System\ogAKRKQ.exe
  2⤵
  PID:8364
- C:\Windows\System\wTgPVMJ.exe
  C:\Windows\System\wTgPVMJ.exe
  2⤵
  PID:8408
- C:\Windows\System\QDZcAaE.exe
  C:\Windows\System\QDZcAaE.exe
  2⤵
  PID:8440
- C:\Windows\System\UmSdflh.exe
  C:\Windows\System\UmSdflh.exe
  2⤵
  PID:8464
- C:\Windows\System\uCTINTL.exe
  C:\Windows\System\uCTINTL.exe
  2⤵
  PID:8488
- C:\Windows\System\DFhiIWt.exe
  C:\Windows\System\DFhiIWt.exe
  2⤵
  PID:8512
- C:\Windows\System\pTLfvam.exe
  C:\Windows\System\pTLfvam.exe
  2⤵
  PID:8552
- C:\Windows\System\CHTbrnc.exe
  C:\Windows\System\CHTbrnc.exe
  2⤵
  PID:8580
- C:\Windows\System\CdrQbol.exe
  C:\Windows\System\CdrQbol.exe
  2⤵
  PID:8600
- C:\Windows\System\SgfoPEI.exe
  C:\Windows\System\SgfoPEI.exe
  2⤵
  PID:8628
- C:\Windows\System\NMaetWC.exe
  C:\Windows\System\NMaetWC.exe
  2⤵
  PID:8656
- C:\Windows\System\nuBCxnY.exe
  C:\Windows\System\nuBCxnY.exe
  2⤵
  PID:8692
- C:\Windows\System\gsyzYSV.exe
  C:\Windows\System\gsyzYSV.exe
  2⤵
  PID:8720
- C:\Windows\System\kpMsTNt.exe
  C:\Windows\System\kpMsTNt.exe
  2⤵
  PID:8740
- C:\Windows\System\ZXzUxYV.exe
  C:\Windows\System\ZXzUxYV.exe
  2⤵
  PID:8772
- C:\Windows\System\YnxNgLT.exe
  C:\Windows\System\YnxNgLT.exe
  2⤵
  PID:8796
- C:\Windows\System\lOJwKiN.exe
  C:\Windows\System\lOJwKiN.exe
  2⤵
  PID:8824
- C:\Windows\System\mJNKkRg.exe
  C:\Windows\System\mJNKkRg.exe
  2⤵
  PID:8864
- C:\Windows\System\mPpmqcd.exe
  C:\Windows\System\mPpmqcd.exe
  2⤵
  PID:8888
- C:\Windows\System\uuKDymJ.exe
  C:\Windows\System\uuKDymJ.exe
  2⤵
  PID:8920
- C:\Windows\System\CpLJzab.exe
  C:\Windows\System\CpLJzab.exe
  2⤵
  PID:8952
- C:\Windows\System\tOEjhIu.exe
  C:\Windows\System\tOEjhIu.exe
  2⤵
  PID:8980
- C:\Windows\System\xtebpLv.exe
  C:\Windows\System\xtebpLv.exe
  2⤵
  PID:9008
- C:\Windows\System\dIAhTOh.exe
  C:\Windows\System\dIAhTOh.exe
  2⤵
  PID:9040
- C:\Windows\System\JmibPQU.exe
  C:\Windows\System\JmibPQU.exe
  2⤵
  PID:9072
- C:\Windows\System\cHiXzlZ.exe
  C:\Windows\System\cHiXzlZ.exe
  2⤵
  PID:9100
- C:\Windows\System\WeacPkp.exe
  C:\Windows\System\WeacPkp.exe
  2⤵
  PID:9132
- C:\Windows\System\lGIQXLo.exe
  C:\Windows\System\lGIQXLo.exe
  2⤵
  PID:9160
- C:\Windows\System\qyBZoQd.exe
  C:\Windows\System\qyBZoQd.exe
  2⤵
  PID:9192
- C:\Windows\System\gjyNDMa.exe
  C:\Windows\System\gjyNDMa.exe
  2⤵
  PID:4644
- C:\Windows\System\kgrNKdc.exe
  C:\Windows\System\kgrNKdc.exe
  2⤵
  PID:8248
- C:\Windows\System\TtWGocX.exe
  C:\Windows\System\TtWGocX.exe
  2⤵
  PID:1600
- C:\Windows\System\ElHBgMw.exe
  C:\Windows\System\ElHBgMw.exe
  2⤵
  PID:1000
- C:\Windows\System\iBkPiJp.exe
  C:\Windows\System\iBkPiJp.exe
  2⤵
  PID:8376
- C:\Windows\System\ZMzXhLP.exe
  C:\Windows\System\ZMzXhLP.exe
  2⤵
  PID:8420
- C:\Windows\System\ZAJIbtM.exe
  C:\Windows\System\ZAJIbtM.exe
  2⤵
  PID:8504
- C:\Windows\System\lnCsZqQ.exe
  C:\Windows\System\lnCsZqQ.exe
  2⤵
  PID:8560
- C:\Windows\System\QGQDTRl.exe
  C:\Windows\System\QGQDTRl.exe
  2⤵
  PID:780
- C:\Windows\System\GiCSWou.exe
  C:\Windows\System\GiCSWou.exe
  2⤵
  PID:1668
- C:\Windows\System\OBXNjAk.exe
  C:\Windows\System\OBXNjAk.exe
  2⤵
  PID:3620
- C:\Windows\System\UpeomYs.exe
  C:\Windows\System\UpeomYs.exe
  2⤵
  PID:4536
- C:\Windows\System\UtOGUQT.exe
  C:\Windows\System\UtOGUQT.exe
  2⤵
  PID:8844
- C:\Windows\System\ZPrCdgt.exe
  C:\Windows\System\ZPrCdgt.exe
  2⤵
  PID:8876
- C:\Windows\System\BgMFAjS.exe
  C:\Windows\System\BgMFAjS.exe
  2⤵
  PID:2652
- C:\Windows\System\TephEAD.exe
  C:\Windows\System\TephEAD.exe
  2⤵
  PID:8964
- C:\Windows\System\skKQjQw.exe
  C:\Windows\System\skKQjQw.exe
  2⤵
  PID:4044
- C:\Windows\System\JsKyxSZ.exe
  C:\Windows\System\JsKyxSZ.exe
  2⤵
  PID:4216
- C:\Windows\System\JiSKBSw.exe
  C:\Windows\System\JiSKBSw.exe
  2⤵
  PID:2904
- C:\Windows\System\ttUpZhh.exe
  C:\Windows\System\ttUpZhh.exe
  2⤵
  PID:4240
- C:\Windows\System\fwmsDqa.exe
  C:\Windows\System\fwmsDqa.exe
  2⤵
  PID:1640
- C:\Windows\System\PYcvvtz.exe
  C:\Windows\System\PYcvvtz.exe
  2⤵
  PID:3780
- C:\Windows\System\PgFnOQw.exe
  C:\Windows\System\PgFnOQw.exe
  2⤵
  PID:9020
- C:\Windows\System\NvpObkn.exe
  C:\Windows\System\NvpObkn.exe
  2⤵
  PID:9180
- C:\Windows\System\DRMTJOx.exe
  C:\Windows\System\DRMTJOx.exe
  2⤵
  PID:8216
- C:\Windows\System\wiGDRpy.exe
  C:\Windows\System\wiGDRpy.exe
  2⤵
  PID:4252
- C:\Windows\System\loiCvjk.exe
  C:\Windows\System\loiCvjk.exe
  2⤵
  PID:8404
- C:\Windows\System\TZjtxGV.exe
  C:\Windows\System\TZjtxGV.exe
  2⤵
  PID:4540
- C:\Windows\System\UtXrORU.exe
  C:\Windows\System\UtXrORU.exe
  2⤵
  PID:4316
- C:\Windows\System\bulxvAY.exe
  C:\Windows\System\bulxvAY.exe
  2⤵
  PID:8648
- C:\Windows\System\hvIYTUk.exe
  C:\Windows\System\hvIYTUk.exe
  2⤵
  PID:8736
- C:\Windows\System\DvvLCTD.exe
  C:\Windows\System\DvvLCTD.exe
  2⤵
  PID:8816
- C:\Windows\System\fKjnpFk.exe
  C:\Windows\System\fKjnpFk.exe
  2⤵
  PID:8944
- C:\Windows\System\GQPyOVx.exe
  C:\Windows\System\GQPyOVx.exe
  2⤵
  PID:8992
- C:\Windows\System\AcUQcFX.exe
  C:\Windows\System\AcUQcFX.exe
  2⤵
  PID:920
- C:\Windows\System\dprMUtO.exe
  C:\Windows\System\dprMUtO.exe
  2⤵
  PID:9060
- C:\Windows\System\rPTshOe.exe
  C:\Windows\System\rPTshOe.exe
  2⤵
  PID:9176
- C:\Windows\System\pqjNnmG.exe
  C:\Windows\System\pqjNnmG.exe
  2⤵
  PID:1940
- C:\Windows\System\KfSUFYX.exe
  C:\Windows\System\KfSUFYX.exe
  2⤵
  PID:748
- C:\Windows\System\KaSvrII.exe
  C:\Windows\System\KaSvrII.exe
  2⤵
  PID:8592
- C:\Windows\System\iXHMSfE.exe
  C:\Windows\System\iXHMSfE.exe
  2⤵
  PID:8780
- C:\Windows\System\VVihyxv.exe
  C:\Windows\System\VVihyxv.exe
  2⤵
  PID:8940
- C:\Windows\System\WSewqEB.exe
  C:\Windows\System\WSewqEB.exe
  2⤵
  PID:9092
- C:\Windows\System\NUaRPEd.exe
  C:\Windows\System\NUaRPEd.exe
  2⤵
  PID:4000
- C:\Windows\System\fFAJBJj.exe
  C:\Windows\System\fFAJBJj.exe
  2⤵
  PID:1596
- C:\Windows\System\XTYWEyu.exe
  C:\Windows\System\XTYWEyu.exe
  2⤵
  PID:2580
- C:\Windows\System\yGMMIwD.exe
  C:\Windows\System\yGMMIwD.exe
  2⤵
  PID:1592
- C:\Windows\System\eYfMkld.exe
  C:\Windows\System\eYfMkld.exe
  2⤵
  PID:8700
- C:\Windows\System\rneOYDT.exe
  C:\Windows\System\rneOYDT.exe
  2⤵
  PID:3520
- C:\Windows\System\vXxwlGD.exe
  C:\Windows\System\vXxwlGD.exe
  2⤵
  PID:9232
- C:\Windows\System\BfAvrEN.exe
  C:\Windows\System\BfAvrEN.exe
  2⤵
  PID:9252
- C:\Windows\System\YapXepz.exe
  C:\Windows\System\YapXepz.exe
  2⤵
  PID:9288
- C:\Windows\System\rdnlfQD.exe
  C:\Windows\System\rdnlfQD.exe
  2⤵
  PID:9316
- C:\Windows\System\cJSAatV.exe
  C:\Windows\System\cJSAatV.exe
  2⤵
  PID:9344
- C:\Windows\System\WrjftVf.exe
  C:\Windows\System\WrjftVf.exe
  2⤵
  PID:9368
- C:\Windows\System\itZZjHh.exe
  C:\Windows\System\itZZjHh.exe
  2⤵
  PID:9404
- C:\Windows\System\uIKZEIF.exe
  C:\Windows\System\uIKZEIF.exe
  2⤵
  PID:9420
- C:\Windows\System\PuRNgVq.exe
  C:\Windows\System\PuRNgVq.exe
  2⤵
  PID:9452
- C:\Windows\System\MhEmYSG.exe
  C:\Windows\System\MhEmYSG.exe
  2⤵
  PID:9488
- C:\Windows\System\ZdramhQ.exe
  C:\Windows\System\ZdramhQ.exe
  2⤵
  PID:9516
- C:\Windows\System\zFbySAQ.exe
  C:\Windows\System\zFbySAQ.exe
  2⤵
  PID:9544
- C:\Windows\System\AYCdFwm.exe
  C:\Windows\System\AYCdFwm.exe
  2⤵
  PID:9576
- C:\Windows\System\aVvrKzl.exe
  C:\Windows\System\aVvrKzl.exe
  2⤵
  PID:9604
- C:\Windows\System\epGUgjM.exe
  C:\Windows\System\epGUgjM.exe
  2⤵
  PID:9632
- C:\Windows\System\TOTdCjM.exe
  C:\Windows\System\TOTdCjM.exe
  2⤵
  PID:9664
- C:\Windows\System\PdEQNyH.exe
  C:\Windows\System\PdEQNyH.exe
  2⤵
  PID:9692
- C:\Windows\System\SrCmAKN.exe
  C:\Windows\System\SrCmAKN.exe
  2⤵
  PID:9724
- C:\Windows\System\gHKTvuP.exe
  C:\Windows\System\gHKTvuP.exe
  2⤵
  PID:9748
- C:\Windows\System\lkcFzjc.exe
  C:\Windows\System\lkcFzjc.exe
  2⤵
  PID:9768
- C:\Windows\System\bUylqTY.exe
  C:\Windows\System\bUylqTY.exe
  2⤵
  PID:9808
- C:\Windows\System\GXkiCrj.exe
  C:\Windows\System\GXkiCrj.exe
  2⤵
  PID:9832
- C:\Windows\System\iPAivhx.exe
  C:\Windows\System\iPAivhx.exe
  2⤵
  PID:9864
- C:\Windows\System\mCNNJPx.exe
  C:\Windows\System\mCNNJPx.exe
  2⤵
  PID:9892
- C:\Windows\System\vELJfnG.exe
  C:\Windows\System\vELJfnG.exe
  2⤵
  PID:9920
- C:\Windows\System\SeHbzUX.exe
  C:\Windows\System\SeHbzUX.exe
  2⤵
  PID:9948
- C:\Windows\System\lvbrKEH.exe
  C:\Windows\System\lvbrKEH.exe
  2⤵
  PID:9968
- C:\Windows\System\MudeFDW.exe
  C:\Windows\System\MudeFDW.exe
  2⤵
  PID:9996
- C:\Windows\System\CXkpYNE.exe
  C:\Windows\System\CXkpYNE.exe
  2⤵
  PID:10032
- C:\Windows\System\CkExxkb.exe
  C:\Windows\System\CkExxkb.exe
  2⤵
  PID:10060
- C:\Windows\System\JIAXGqF.exe
  C:\Windows\System\JIAXGqF.exe
  2⤵
  PID:10080
- C:\Windows\System\whTEeil.exe
  C:\Windows\System\whTEeil.exe
  2⤵
  PID:10108
- C:\Windows\System\TAkqlGr.exe
  C:\Windows\System\TAkqlGr.exe
  2⤵
  PID:10144
- C:\Windows\System\QWnywwa.exe
  C:\Windows\System\QWnywwa.exe
  2⤵
  PID:10164
- C:\Windows\System\YfUnZmZ.exe
  C:\Windows\System\YfUnZmZ.exe
  2⤵
  PID:10200
- C:\Windows\System\wfFMwAT.exe
  C:\Windows\System\wfFMwAT.exe
  2⤵
  PID:10228
- C:\Windows\System\mZbNTKZ.exe
  C:\Windows\System\mZbNTKZ.exe
  2⤵
  PID:9244
- C:\Windows\System\zmhHKOf.exe
  C:\Windows\System\zmhHKOf.exe
  2⤵
  PID:9296
- C:\Windows\System\nXqJDKi.exe
  C:\Windows\System\nXqJDKi.exe
  2⤵
  PID:5488
- C:\Windows\System\gIWiRod.exe
  C:\Windows\System\gIWiRod.exe
  2⤵
  PID:5512
- C:\Windows\System\vqramzE.exe
  C:\Windows\System\vqramzE.exe
  2⤵
  PID:9432
- C:\Windows\System\tgfINav.exe
  C:\Windows\System\tgfINav.exe
  2⤵
  PID:9460
- C:\Windows\System\EALervB.exe
  C:\Windows\System\EALervB.exe
  2⤵
  PID:5624
- C:\Windows\System\afblrpH.exe
  C:\Windows\System\afblrpH.exe
  2⤵
  PID:9552
- C:\Windows\System\UVZINhI.exe
  C:\Windows\System\UVZINhI.exe
  2⤵
  PID:9584
- C:\Windows\System\HJElVEw.exe
  C:\Windows\System\HJElVEw.exe
  2⤵
  PID:5960
- C:\Windows\System\rFBHPhz.exe
  C:\Windows\System\rFBHPhz.exe
  2⤵
  PID:5980
- C:\Windows\System\fjaBjol.exe
  C:\Windows\System\fjaBjol.exe
  2⤵
  PID:6012
- C:\Windows\System\hjYhyMl.exe
  C:\Windows\System\hjYhyMl.exe
  2⤵
  PID:6080
- C:\Windows\System\ZqOGYwo.exe
  C:\Windows\System\ZqOGYwo.exe
  2⤵
  PID:9780
- C:\Windows\System\lQqmLxv.exe
  C:\Windows\System\lQqmLxv.exe
  2⤵
  PID:2800
- C:\Windows\System\EEbfMbj.exe
  C:\Windows\System\EEbfMbj.exe
  2⤵
  PID:4560
- C:\Windows\System\UcXzVCp.exe
  C:\Windows\System\UcXzVCp.exe
  2⤵
  PID:512
- C:\Windows\System\ePJrwrb.exe
  C:\Windows\System\ePJrwrb.exe
  2⤵
  PID:5256
- C:\Windows\System\aXMMEky.exe
  C:\Windows\System\aXMMEky.exe
  2⤵
  PID:9928
- C:\Windows\System\zrsZBXh.exe
  C:\Windows\System\zrsZBXh.exe
  2⤵
  PID:9964
- C:\Windows\System\hKBjiAK.exe
  C:\Windows\System\hKBjiAK.exe
  2⤵
  PID:10016
- C:\Windows\System\WlTTIna.exe
  C:\Windows\System\WlTTIna.exe
  2⤵
  PID:3000
- C:\Windows\System\MetSRRE.exe
  C:\Windows\System\MetSRRE.exe
  2⤵
  PID:10092
- C:\Windows\System\qDOQldX.exe
  C:\Windows\System\qDOQldX.exe
  2⤵
  PID:10152
- C:\Windows\System\nHkkrVB.exe
  C:\Windows\System\nHkkrVB.exe
  2⤵
  PID:10176
- C:\Windows\System\JJezwJP.exe
  C:\Windows\System\JJezwJP.exe
  2⤵
  PID:10212
- C:\Windows\System\ZkTHjSu.exe
  C:\Windows\System\ZkTHjSu.exe
  2⤵
  PID:6008
- C:\Windows\System\djVAuim.exe
  C:\Windows\System\djVAuim.exe
  2⤵
  PID:9264
- C:\Windows\System\VBvwuZa.exe
  C:\Windows\System\VBvwuZa.exe
  2⤵
  PID:9352
- C:\Windows\System\OYEKKrs.exe
  C:\Windows\System\OYEKKrs.exe
  2⤵
  PID:5080
- C:\Windows\System\PVRiWJL.exe
  C:\Windows\System\PVRiWJL.exe
  2⤵
  PID:9444
- C:\Windows\System\ASXxyme.exe
  C:\Windows\System\ASXxyme.exe
  2⤵
  PID:9504
- C:\Windows\System\sUOPsNa.exe
  C:\Windows\System\sUOPsNa.exe
  2⤵
  PID:5356
- C:\Windows\System\pbMrWdi.exe
  C:\Windows\System\pbMrWdi.exe
  2⤵
  PID:5932
- C:\Windows\System\CBaCbyg.exe
  C:\Windows\System\CBaCbyg.exe
  2⤵
  PID:9712
- C:\Windows\System\CpQwoZd.exe
  C:\Windows\System\CpQwoZd.exe
  2⤵
  PID:2988
- C:\Windows\System\gVgeYjU.exe
  C:\Windows\System\gVgeYjU.exe
  2⤵
  PID:4068
- C:\Windows\System\IfXRYcT.exe
  C:\Windows\System\IfXRYcT.exe
  2⤵
  PID:9876
- C:\Windows\System\sgVhKHT.exe
  C:\Windows\System\sgVhKHT.exe
  2⤵
  PID:9956
- C:\Windows\System\oYpvzRn.exe
  C:\Windows\System\oYpvzRn.exe
  2⤵
  PID:10072
- C:\Windows\System\kkhHSin.exe
  C:\Windows\System\kkhHSin.exe
  2⤵
  PID:4348
- C:\Windows\System\mfJRXPg.exe
  C:\Windows\System\mfJRXPg.exe
  2⤵
  PID:10188
- C:\Windows\System\vqFpvxu.exe
  C:\Windows\System\vqFpvxu.exe
  2⤵
  PID:4108
- C:\Windows\System\cPbcvTI.exe
  C:\Windows\System\cPbcvTI.exe
  2⤵
  PID:9324
- C:\Windows\System\WhuraDI.exe
  C:\Windows\System\WhuraDI.exe
  2⤵
  PID:5556
- C:\Windows\System\hFvYPPu.exe
  C:\Windows\System\hFvYPPu.exe
  2⤵
  PID:5412
- C:\Windows\System\fPhdfUB.exe
  C:\Windows\System\fPhdfUB.exe
  2⤵
  PID:9572
- C:\Windows\System\enyVYjj.exe
  C:\Windows\System\enyVYjj.exe
  2⤵
  PID:4716
- C:\Windows\System\mOcLimJ.exe
  C:\Windows\System\mOcLimJ.exe
  2⤵
  PID:6132
- C:\Windows\System\OQkxRFw.exe
  C:\Windows\System\OQkxRFw.exe
  2⤵
  PID:9900
- C:\Windows\System\yJlujai.exe
  C:\Windows\System\yJlujai.exe
  2⤵
  PID:10104
- C:\Windows\System\fATGEfA.exe
  C:\Windows\System\fATGEfA.exe
  2⤵
  PID:5400
- C:\Windows\System\YboJeic.exe
  C:\Windows\System\YboJeic.exe
  2⤵
  PID:9392
- C:\Windows\System\LYVvbjK.exe
  C:\Windows\System\LYVvbjK.exe
  2⤵
  PID:5220
- C:\Windows\System\ugpGyJU.exe
  C:\Windows\System\ugpGyJU.exe
  2⤵
  PID:6112
- C:\Windows\System\xUyfRYy.exe
  C:\Windows\System\xUyfRYy.exe
  2⤵
  PID:5076
- C:\Windows\System\AUAOmmg.exe
  C:\Windows\System\AUAOmmg.exe
  2⤵
  PID:6096
- C:\Windows\System\yexJUhK.exe
  C:\Windows\System\yexJUhK.exe
  2⤵
  PID:5508
- C:\Windows\System\pHpnSeP.exe
  C:\Windows\System\pHpnSeP.exe
  2⤵
  PID:9732
- C:\Windows\System\cdEYfFj.exe
  C:\Windows\System\cdEYfFj.exe
  2⤵
  PID:2784
- C:\Windows\System\IwSWbIw.exe
  C:\Windows\System\IwSWbIw.exe
  2⤵
  PID:640
- C:\Windows\System\Aojolst.exe
  C:\Windows\System\Aojolst.exe
  2⤵
  PID:2316
- C:\Windows\System\ifsaqhO.exe
  C:\Windows\System\ifsaqhO.exe
  2⤵
  PID:3144
- C:\Windows\System\SWuNdpw.exe
  C:\Windows\System\SWuNdpw.exe
  2⤵
  PID:10260
- C:\Windows\System\emwpzNg.exe
  C:\Windows\System\emwpzNg.exe
  2⤵
  PID:10288
- C:\Windows\System\NvKvHgU.exe
  C:\Windows\System\NvKvHgU.exe
  2⤵
  PID:10328
- C:\Windows\System\TzlpfPk.exe
  C:\Windows\System\TzlpfPk.exe
  2⤵
  PID:10356
- C:\Windows\System\EmNYlQO.exe
  C:\Windows\System\EmNYlQO.exe
  2⤵
  PID:10384
- C:\Windows\System\KRsRZtF.exe
  C:\Windows\System\KRsRZtF.exe
  2⤵
  PID:10404
- C:\Windows\System\RYbXnDT.exe
  C:\Windows\System\RYbXnDT.exe
  2⤵
  PID:10432
- C:\Windows\System\AJaDhJn.exe
  C:\Windows\System\AJaDhJn.exe
  2⤵
  PID:10464
- C:\Windows\System\yrNxccm.exe
  C:\Windows\System\yrNxccm.exe
  2⤵
  PID:10488
- C:\Windows\System\HRHluNZ.exe
  C:\Windows\System\HRHluNZ.exe
  2⤵
  PID:10516
- C:\Windows\System\lChhINy.exe
  C:\Windows\System\lChhINy.exe
  2⤵
  PID:10544
- C:\Windows\System\QIVIcHo.exe
  C:\Windows\System\QIVIcHo.exe
  2⤵
  PID:10572
- C:\Windows\System\ewoLqws.exe
  C:\Windows\System\ewoLqws.exe
  2⤵
  PID:10612
- C:\Windows\System\GIdTDff.exe
  C:\Windows\System\GIdTDff.exe
  2⤵
  PID:10640
- C:\Windows\System\XoHbyKW.exe
  C:\Windows\System\XoHbyKW.exe
  2⤵
  PID:10668
- C:\Windows\System\UyVTgui.exe
  C:\Windows\System\UyVTgui.exe
  2⤵
  PID:10688
- C:\Windows\System\dNCHGmA.exe
  C:\Windows\System\dNCHGmA.exe
  2⤵
  PID:10728
- C:\Windows\System\PEBeHQz.exe
  C:\Windows\System\PEBeHQz.exe
  2⤵
  PID:10756
- C:\Windows\System\KNRRRQW.exe
  C:\Windows\System\KNRRRQW.exe
  2⤵
  PID:10792
- C:\Windows\System\UMIfUOn.exe
  C:\Windows\System\UMIfUOn.exe
  2⤵
  PID:10808
- C:\Windows\System\MLZTRdc.exe
  C:\Windows\System\MLZTRdc.exe
  2⤵
  PID:10844
- C:\Windows\System\ndUMjwP.exe
  C:\Windows\System\ndUMjwP.exe
  2⤵
  PID:10872
- C:\Windows\System\kGCANxj.exe
  C:\Windows\System\kGCANxj.exe
  2⤵
  PID:10892
- C:\Windows\System\SWdzsqg.exe
  C:\Windows\System\SWdzsqg.exe
  2⤵
  PID:10920
- C:\Windows\System\ydyftQb.exe
  C:\Windows\System\ydyftQb.exe
  2⤵
  PID:10948
- C:\Windows\System\voewxDV.exe
  C:\Windows\System\voewxDV.exe
  2⤵
  PID:10976
- C:\Windows\System\ufsNJWh.exe
  C:\Windows\System\ufsNJWh.exe
  2⤵
  PID:11004
- C:\Windows\System\ShtABWC.exe
  C:\Windows\System\ShtABWC.exe
  2⤵
  PID:11040
- C:\Windows\System\eiAVeVg.exe
  C:\Windows\System\eiAVeVg.exe
  2⤵
  PID:11068
- C:\Windows\System\eNJPIZs.exe
  C:\Windows\System\eNJPIZs.exe
  2⤵
  PID:11096
- C:\Windows\System\lFnSTNO.exe
  C:\Windows\System\lFnSTNO.exe
  2⤵
  PID:11128
- C:\Windows\System\BOZcgaJ.exe
  C:\Windows\System\BOZcgaJ.exe
  2⤵
  PID:11156
- C:\Windows\System\LISzAGS.exe
  C:\Windows\System\LISzAGS.exe
  2⤵
  PID:11184
- C:\Windows\System\BEIEBMD.exe
  C:\Windows\System\BEIEBMD.exe
  2⤵
  PID:11204
- C:\Windows\System\rNUuoOk.exe
  C:\Windows\System\rNUuoOk.exe
  2⤵
  PID:11232
- C:\Windows\System\MlURWMy.exe
  C:\Windows\System\MlURWMy.exe
  2⤵
  PID:5744
- C:\Windows\System\KAnixvg.exe
  C:\Windows\System\KAnixvg.exe
  2⤵
  PID:10252
- C:\Windows\System\JfbDpGj.exe
  C:\Windows\System\JfbDpGj.exe
  2⤵
  PID:10308
- C:\Windows\System\ttDtfEx.exe
  C:\Windows\System\ttDtfEx.exe
  2⤵
  PID:6328
- C:\Windows\System\BVmTcOU.exe
  C:\Windows\System\BVmTcOU.exe
  2⤵
  PID:6352
- C:\Windows\System\GTzGrdy.exe
  C:\Windows\System\GTzGrdy.exe
  2⤵
  PID:10444
- C:\Windows\System\dUOjzLw.exe
  C:\Windows\System\dUOjzLw.exe
  2⤵
  PID:10480
- C:\Windows\System\xLPDYAt.exe
  C:\Windows\System\xLPDYAt.exe
  2⤵
  PID:2368
- C:\Windows\System\gzijheB.exe
  C:\Windows\System\gzijheB.exe
  2⤵
  PID:10556
- C:\Windows\System\lqMkMwC.exe
  C:\Windows\System\lqMkMwC.exe
  2⤵
  PID:10584
- C:\Windows\System\rTvVvhP.exe
  C:\Windows\System\rTvVvhP.exe
  2⤵
  PID:10624
- C:\Windows\System\GDqfFWj.exe
  C:\Windows\System\GDqfFWj.exe
  2⤵
  PID:10680
- C:\Windows\System\arIGlPB.exe
  C:\Windows\System\arIGlPB.exe
  2⤵
  PID:6632
- C:\Windows\System\ArWqfOm.exe
  C:\Windows\System\ArWqfOm.exe
  2⤵
  PID:6660
- C:\Windows\System\DbzQVDZ.exe
  C:\Windows\System\DbzQVDZ.exe
  2⤵
  PID:5240
- C:\Windows\System\FUYPWUI.exe
  C:\Windows\System\FUYPWUI.exe
  2⤵
  PID:10828
- C:\Windows\System\iGwwLxY.exe
  C:\Windows\System\iGwwLxY.exe
  2⤵
  PID:6764
- C:\Windows\System\bQIjRiY.exe
  C:\Windows\System\bQIjRiY.exe
  2⤵
  PID:10932
- C:\Windows\System\YKFkZaU.exe
  C:\Windows\System\YKFkZaU.exe
  2⤵
  PID:10972
- C:\Windows\System\xWVlCAB.exe
  C:\Windows\System\xWVlCAB.exe
  2⤵
  PID:11048
- C:\Windows\System\SgOAQTk.exe
  C:\Windows\System\SgOAQTk.exe
  2⤵
  PID:11108
- C:\Windows\System\QPuKoUy.exe
  C:\Windows\System\QPuKoUy.exe
  2⤵
  PID:11172
- C:\Windows\System\nZNcTco.exe
  C:\Windows\System\nZNcTco.exe
  2⤵
  PID:5284
- C:\Windows\System\dXllcXU.exe
  C:\Windows\System\dXllcXU.exe
  2⤵
  PID:11256
- C:\Windows\System\zaYZGKW.exe
  C:\Windows\System\zaYZGKW.exe
  2⤵
  PID:10284
- C:\Windows\System\ezUTxVA.exe
  C:\Windows\System\ezUTxVA.exe
  2⤵
  PID:7008
- C:\Windows\System\RSZZGae.exe
  C:\Windows\System\RSZZGae.exe
  2⤵
  PID:6412
- C:\Windows\System\FFlEmrP.exe
  C:\Windows\System\FFlEmrP.exe
  2⤵
  PID:4996
- C:\Windows\System\HCMcVMl.exe
  C:\Windows\System\HCMcVMl.exe
  2⤵
  PID:10596
- C:\Windows\System\piafgsC.exe
  C:\Windows\System\piafgsC.exe
  2⤵
  PID:10700
- C:\Windows\System\gAOXSfb.exe
  C:\Windows\System\gAOXSfb.exe
  2⤵
  PID:11252
- C:\Windows\System\PGzKJbL.exe
  C:\Windows\System\PGzKJbL.exe
  2⤵
  PID:10916
- C:\Windows\System\HkfjZOm.exe
  C:\Windows\System\HkfjZOm.exe
  2⤵
  PID:11024
- C:\Windows\System\nejmbDC.exe
  C:\Windows\System\nejmbDC.exe
  2⤵
  PID:11136
- C:\Windows\System\MOlMtxn.exe
  C:\Windows\System\MOlMtxn.exe
  2⤵
  PID:5292
- C:\Windows\System\zEUsfXq.exe
  C:\Windows\System\zEUsfXq.exe
  2⤵
  PID:5348
- C:\Windows\System\zqVjFkr.exe
  C:\Windows\System\zqVjFkr.exe
  2⤵
  PID:10508
- C:\Windows\System\eyluIZN.exe
  C:\Windows\System\eyluIZN.exe
  2⤵
  PID:10740
- C:\Windows\System\GZPkuEu.exe
  C:\Windows\System\GZPkuEu.exe
  2⤵
  PID:7036
- C:\Windows\System\piVVwCC.exe
  C:\Windows\System\piVVwCC.exe
  2⤵
  PID:5864
- C:\Windows\System\HHwPzHF.exe
  C:\Windows\System\HHwPzHF.exe
  2⤵
  PID:11200
- C:\Windows\System\QGToyll.exe
  C:\Windows\System\QGToyll.exe
  2⤵
  PID:7144
- C:\Windows\System\bczlZXD.exe
  C:\Windows\System\bczlZXD.exe
  2⤵
  PID:4448
- C:\Windows\System\jLJBQHP.exe
  C:\Windows\System\jLJBQHP.exe
  2⤵
  PID:7064
- C:\Windows\System\KaUEqnD.exe
  C:\Windows\System\KaUEqnD.exe
  2⤵
  PID:11244
- C:\Windows\System\XUodfAp.exe
  C:\Windows\System\XUodfAp.exe
  2⤵
  PID:2320
- C:\Windows\System\kQVAogG.exe
  C:\Windows\System\kQVAogG.exe
  2⤵
  PID:5320
- C:\Windows\System\RXJXaBe.exe
  C:\Windows\System\RXJXaBe.exe
  2⤵
  PID:6288
- C:\Windows\System\HTiQfvs.exe
  C:\Windows\System\HTiQfvs.exe
  2⤵
  PID:6372
- C:\Windows\System\YxPHWHS.exe
  C:\Windows\System\YxPHWHS.exe
  2⤵
  PID:6436
- C:\Windows\System\NynVRwO.exe
  C:\Windows\System\NynVRwO.exe
  2⤵
  PID:6516
- C:\Windows\System\nuzWVKU.exe
  C:\Windows\System\nuzWVKU.exe
  2⤵
  PID:4040
- C:\Windows\System\oBYjNAr.exe
  C:\Windows\System\oBYjNAr.exe
  2⤵
  PID:6664
- C:\Windows\System\DMRZQJr.exe
  C:\Windows\System\DMRZQJr.exe
  2⤵
  PID:5800
- C:\Windows\System\NpHNpTF.exe
  C:\Windows\System\NpHNpTF.exe
  2⤵
  PID:6868
- C:\Windows\System\ifPvIZS.exe
  C:\Windows\System\ifPvIZS.exe
  2⤵
  PID:6900
- C:\Windows\System\cudeWhf.exe
  C:\Windows\System\cudeWhf.exe
  2⤵
  PID:4464
- C:\Windows\System\lASGmRc.exe
  C:\Windows\System\lASGmRc.exe
  2⤵
  PID:6804
- C:\Windows\System\lRgakFj.exe
  C:\Windows\System\lRgakFj.exe
  2⤵
  PID:868
- C:\Windows\System\VsUNzJl.exe
  C:\Windows\System\VsUNzJl.exe
  2⤵
  PID:11296
- C:\Windows\System\ZWFSXfK.exe
  C:\Windows\System\ZWFSXfK.exe
  2⤵
  PID:11312
- C:\Windows\System\KWTilkJ.exe
  C:\Windows\System\KWTilkJ.exe
  2⤵
  PID:11340
- C:\Windows\System\zoonVBM.exe
  C:\Windows\System\zoonVBM.exe
  2⤵
  PID:11368
- C:\Windows\System\dSFFCTw.exe
  C:\Windows\System\dSFFCTw.exe
  2⤵
  PID:11412
- C:\Windows\System\jHlGEld.exe
  C:\Windows\System\jHlGEld.exe
  2⤵
  PID:11436
- C:\Windows\System\odmUHpR.exe
  C:\Windows\System\odmUHpR.exe
  2⤵
  PID:11460
- C:\Windows\System\grukLdZ.exe
  C:\Windows\System\grukLdZ.exe
  2⤵
  PID:11484
- C:\Windows\System\bkmvhoq.exe
  C:\Windows\System\bkmvhoq.exe
  2⤵
  PID:11512
- C:\Windows\System\qoUKONr.exe
  C:\Windows\System\qoUKONr.exe
  2⤵
  PID:11540
- C:\Windows\System\ZYeCnkx.exe
  C:\Windows\System\ZYeCnkx.exe
  2⤵
  PID:11580
- C:\Windows\System\PMlpmvZ.exe
  C:\Windows\System\PMlpmvZ.exe
  2⤵
  PID:11600
- C:\Windows\System\jqaRvuM.exe
  C:\Windows\System\jqaRvuM.exe
  2⤵
  PID:11640
- C:\Windows\System\jtqTOVE.exe
  C:\Windows\System\jtqTOVE.exe
  2⤵
  PID:11656
- C:\Windows\System\AMVfzVu.exe
  C:\Windows\System\AMVfzVu.exe
  2⤵
  PID:11684
- C:\Windows\System\oENjaLo.exe
  C:\Windows\System\oENjaLo.exe
  2⤵
  PID:11712
- C:\Windows\System\ELoEyQN.exe
  C:\Windows\System\ELoEyQN.exe
  2⤵
  PID:11740
- C:\Windows\System\XEMTTuP.exe
  C:\Windows\System\XEMTTuP.exe
  2⤵
  PID:11772
- C:\Windows\System\bLcBiDN.exe
  C:\Windows\System\bLcBiDN.exe
  2⤵
  PID:11796
- C:\Windows\System\YuUaTPG.exe
  C:\Windows\System\YuUaTPG.exe
  2⤵
  PID:11824
- C:\Windows\System\MWohYDV.exe
  C:\Windows\System\MWohYDV.exe
  2⤵
  PID:11852
- C:\Windows\System\XpVvNYZ.exe
  C:\Windows\System\XpVvNYZ.exe
  2⤵
  PID:11880
- C:\Windows\System\HEOQnva.exe
  C:\Windows\System\HEOQnva.exe
  2⤵
  PID:11908
- C:\Windows\System\QzPGibf.exe
  C:\Windows\System\QzPGibf.exe
  2⤵
  PID:11936
- C:\Windows\System\lijkLIN.exe
  C:\Windows\System\lijkLIN.exe
  2⤵
  PID:11964
- C:\Windows\System\IKUeXxt.exe
  C:\Windows\System\IKUeXxt.exe
  2⤵
  PID:11992
- C:\Windows\System\DSAOziu.exe
  C:\Windows\System\DSAOziu.exe
  2⤵
  PID:12020
- C:\Windows\System\MyoArik.exe
  C:\Windows\System\MyoArik.exe
  2⤵
  PID:12048
- C:\Windows\System\HTGBRKb.exe
  C:\Windows\System\HTGBRKb.exe
  2⤵
  PID:12084
- C:\Windows\System\VSRkBsx.exe
  C:\Windows\System\VSRkBsx.exe
  2⤵
  PID:12104
- C:\Windows\System\QchWIxL.exe
  C:\Windows\System\QchWIxL.exe
  2⤵
  PID:12136
- C:\Windows\System\YiPUugf.exe
  C:\Windows\System\YiPUugf.exe
  2⤵
  PID:12164
- C:\Windows\System\TYtpmRa.exe
  C:\Windows\System\TYtpmRa.exe
  2⤵
  PID:12204
- C:\Windows\System\gzcFIPf.exe
  C:\Windows\System\gzcFIPf.exe
  2⤵
  PID:12220
- C:\Windows\System\eroQDGH.exe
  C:\Windows\System\eroQDGH.exe
  2⤵
  PID:12248
- C:\Windows\System\fvfLoXl.exe
  C:\Windows\System\fvfLoXl.exe
  2⤵
  PID:12276
- C:\Windows\System\oBIsUug.exe
  C:\Windows\System\oBIsUug.exe
  2⤵
  PID:11276
- C:\Windows\System\xWCruMB.exe
  C:\Windows\System\xWCruMB.exe
  2⤵
  PID:7076
- C:\Windows\System\FlqvSEk.exe
  C:\Windows\System\FlqvSEk.exe
  2⤵
  PID:7124
- C:\Windows\System\hKKDpcM.exe
  C:\Windows\System\hKKDpcM.exe
  2⤵
  PID:6192
- C:\Windows\System\masDTOJ.exe
  C:\Windows\System\masDTOJ.exe
  2⤵
  PID:11448
- C:\Windows\System\WFFLmsN.exe
  C:\Windows\System\WFFLmsN.exe
  2⤵
  PID:6300
- C:\Windows\System\YDAdDeM.exe
  C:\Windows\System\YDAdDeM.exe
  2⤵
  PID:11560
- C:\Windows\System\PmVxdRr.exe
  C:\Windows\System\PmVxdRr.exe
  2⤵
  PID:11596
- C:\Windows\System\loGwRUs.exe
  C:\Windows\System\loGwRUs.exe
  2⤵
  PID:11636
- C:\Windows\System\ivdIyBS.exe
  C:\Windows\System\ivdIyBS.exe
  2⤵
  PID:11696
- C:\Windows\System\CwiIwuB.exe
  C:\Windows\System\CwiIwuB.exe
  2⤵
  PID:11732
- C:\Windows\System\TagbZEG.exe
  C:\Windows\System\TagbZEG.exe
  2⤵
  PID:2940
- C:\Windows\System\XPqgBSd.exe
  C:\Windows\System\XPqgBSd.exe
  2⤵
  PID:6628
- C:\Windows\System\PhfJcRm.exe
  C:\Windows\System\PhfJcRm.exe
  2⤵
  PID:11872
- C:\Windows\System\HqbBjpS.exe
  C:\Windows\System\HqbBjpS.exe
  2⤵
  PID:556
- C:\Windows\System\elYfLnt.exe
  C:\Windows\System\elYfLnt.exe
  2⤵
  PID:11948
- C:\Windows\System\HnJFNuV.exe
  C:\Windows\System\HnJFNuV.exe
  2⤵
  PID:11976
- C:\Windows\System\HNWepHO.exe
  C:\Windows\System\HNWepHO.exe
  2⤵
  PID:12032
- C:\Windows\System\vplYMux.exe
  C:\Windows\System\vplYMux.exe
  2⤵
  PID:12044
- C:\Windows\System\lzrdwhv.exe
  C:\Windows\System\lzrdwhv.exe
  2⤵
  PID:5360
- C:\Windows\System\LAKfdFC.exe
  C:\Windows\System\LAKfdFC.exe
  2⤵
  PID:5772
- C:\Windows\System\kXoyGjD.exe
  C:\Windows\System\kXoyGjD.exe
  2⤵
  PID:12176
- C:\Windows\System\BASUpwL.exe
  C:\Windows\System\BASUpwL.exe
  2⤵
  PID:7192
- C:\Windows\System\QXZwBSi.exe
  C:\Windows\System\QXZwBSi.exe
  2⤵
  PID:12268
- C:\Windows\System\uSSAnUc.exe
  C:\Windows\System\uSSAnUc.exe
  2⤵
  PID:11304
- C:\Windows\System\CRfOLeo.exe
  C:\Windows\System\CRfOLeo.exe
  2⤵
  PID:11392
- C:\Windows\System\ZYNDMRm.exe
  C:\Windows\System\ZYNDMRm.exe
  2⤵
  PID:11468
- C:\Windows\System\wHORoyd.exe
  C:\Windows\System\wHORoyd.exe
  2⤵
  PID:1632
- C:\Windows\System\qSEtnAz.exe
  C:\Windows\System\qSEtnAz.exe
  2⤵
  PID:6380
- C:\Windows\System\NNVroxB.exe
  C:\Windows\System\NNVroxB.exe
  2⤵
  PID:11676
- C:\Windows\System\jhNwpms.exe
  C:\Windows\System\jhNwpms.exe
  2⤵
  PID:6968
- C:\Windows\System\eJKvFBI.exe
  C:\Windows\System\eJKvFBI.exe
  2⤵
  PID:6224
- C:\Windows\System\aemkGdS.exe
  C:\Windows\System\aemkGdS.exe
  2⤵
  PID:7564
- C:\Windows\System\EhHZFsf.exe
  C:\Windows\System\EhHZFsf.exe
  2⤵
  PID:3528
- C:\Windows\System\WZQJLoY.exe
  C:\Windows\System\WZQJLoY.exe
  2⤵
  PID:11988
- C:\Windows\System\iWFBraR.exe
  C:\Windows\System\iWFBraR.exe
  2⤵
  PID:12072
- C:\Windows\System\SkGyauU.exe
  C:\Windows\System\SkGyauU.exe
  2⤵
  PID:6196
- C:\Windows\System\ibdXyhU.exe
  C:\Windows\System\ibdXyhU.exe
  2⤵
  PID:12160
- C:\Windows\System\ucrbGWo.exe
  C:\Windows\System\ucrbGWo.exe
  2⤵
  PID:12244
- C:\Windows\System\exekRly.exe
  C:\Windows\System\exekRly.exe
  2⤵
  PID:6944
- C:\Windows\System\IMhGDkx.exe
  C:\Windows\System\IMhGDkx.exe
  2⤵
  PID:7852
- C:\Windows\System\nDUwira.exe
  C:\Windows\System\nDUwira.exe
  2⤵
  PID:11724
- C:\Windows\System\nhmNbGd.exe
  C:\Windows\System\nhmNbGd.exe
  2⤵
  PID:7364
- C:\Windows\System\vkaVmGU.exe
  C:\Windows\System\vkaVmGU.exe
  2⤵
  PID:6384
- C:\Windows\System\ETEODBD.exe
  C:\Windows\System\ETEODBD.exe
  2⤵
  PID:11704
- C:\Windows\System\whLXWSn.exe
  C:\Windows\System\whLXWSn.exe
  2⤵
  PID:7988
- C:\Windows\System\TMkiEjV.exe
  C:\Windows\System\TMkiEjV.exe
  2⤵
  PID:2504
- C:\Windows\System\TJIaMKf.exe
  C:\Windows\System\TJIaMKf.exe
  2⤵
  PID:8052
- C:\Windows\System\hPYugXN.exe
  C:\Windows\System\hPYugXN.exe
  2⤵
  PID:8112
- C:\Windows\System\OAgkvJv.exe
  C:\Windows\System\OAgkvJv.exe
  2⤵
  PID:7736
- C:\Windows\System\NyHECQr.exe
  C:\Windows\System\NyHECQr.exe
  2⤵
  PID:12216
- C:\Windows\System\ynYdrcP.exe
  C:\Windows\System\ynYdrcP.exe
  2⤵
  PID:7244
- C:\Windows\System\VZvFkfY.exe
  C:\Windows\System\VZvFkfY.exe
  2⤵
  PID:11388
- C:\Windows\System\arBQOQt.exe
  C:\Windows\System\arBQOQt.exe
  2⤵
  PID:7360
- C:\Windows\System\gKYckHa.exe
  C:\Windows\System\gKYckHa.exe
  2⤵
  PID:7496
- C:\Windows\System\tNCWvOJ.exe
  C:\Windows\System\tNCWvOJ.exe
  2⤵
  PID:11788
- C:\Windows\System\IFLojNR.exe
  C:\Windows\System\IFLojNR.exe
  2⤵
  PID:7588
- C:\Windows\System\UOsZDAs.exe
  C:\Windows\System\UOsZDAs.exe
  2⤵
  PID:12092
- C:\Windows\System\EgicEKw.exe
  C:\Windows\System\EgicEKw.exe
  2⤵
  PID:6824
- C:\Windows\System\yKmqTnu.exe
  C:\Windows\System\yKmqTnu.exe
  2⤵
  PID:7880
- C:\Windows\System\TDnQBRZ.exe
  C:\Windows\System\TDnQBRZ.exe
  2⤵
  PID:6856
- C:\Windows\System\vbNTJkP.exe
  C:\Windows\System\vbNTJkP.exe
  2⤵
  PID:7540
- C:\Windows\System\vIAmIrs.exe
  C:\Windows\System\vIAmIrs.exe
  2⤵
  PID:7680
- C:\Windows\System\CubsxKI.exe
  C:\Windows\System\CubsxKI.exe
  2⤵
  PID:7228
- C:\Windows\System\VhhrlqL.exe
  C:\Windows\System\VhhrlqL.exe
  2⤵
  PID:7876
- C:\Windows\System\IUkUnVE.exe
  C:\Windows\System\IUkUnVE.exe
  2⤵
  PID:7932
- C:\Windows\System\DjFBWxg.exe
  C:\Windows\System\DjFBWxg.exe
  2⤵
  PID:6584
- C:\Windows\System\hsQZjlD.exe
  C:\Windows\System\hsQZjlD.exe
  2⤵
  PID:7848
- C:\Windows\System\pndfqTh.exe
  C:\Windows\System\pndfqTh.exe
  2⤵
  PID:7368
- C:\Windows\System\AWxGMQN.exe
  C:\Windows\System\AWxGMQN.exe
  2⤵
  PID:8160
- C:\Windows\System\bcoBSMj.exe
  C:\Windows\System\bcoBSMj.exe
  2⤵
  PID:7648
- C:\Windows\System\gfdbPxx.exe
  C:\Windows\System\gfdbPxx.exe
  2⤵
  PID:8128
- C:\Windows\System\wpLzkKI.exe
  C:\Windows\System\wpLzkKI.exe
  2⤵
  PID:7380
- C:\Windows\System\nsjybum.exe
  C:\Windows\System\nsjybum.exe
  2⤵
  PID:6988
- C:\Windows\System\OENVakq.exe
  C:\Windows\System\OENVakq.exe
  2⤵
  PID:8132
- C:\Windows\System\LjistFG.exe
  C:\Windows\System\LjistFG.exe
  2⤵
  PID:7352
- C:\Windows\System\NjNxAkj.exe
  C:\Windows\System\NjNxAkj.exe
  2⤵
  PID:7600
- C:\Windows\System\jnrZxfX.exe
  C:\Windows\System\jnrZxfX.exe
  2⤵
  PID:12296
- C:\Windows\System\sqoWHkk.exe
  C:\Windows\System\sqoWHkk.exe
  2⤵
  PID:12324
- C:\Windows\System\JmxHyRE.exe
  C:\Windows\System\JmxHyRE.exe
  2⤵
  PID:12360
- C:\Windows\System\wJVmxZJ.exe
  C:\Windows\System\wJVmxZJ.exe
  2⤵
  PID:12380
- C:\Windows\System\UJAxjVk.exe
  C:\Windows\System\UJAxjVk.exe
  2⤵
  PID:12408
- C:\Windows\System\pteYjFb.exe
  C:\Windows\System\pteYjFb.exe
  2⤵
  PID:12436
- C:\Windows\System\dmqpcXv.exe
  C:\Windows\System\dmqpcXv.exe
  2⤵
  PID:12472
- C:\Windows\System\IeDsjzP.exe
  C:\Windows\System\IeDsjzP.exe
  2⤵
  PID:12492
- C:\Windows\System\jjkGsKS.exe
  C:\Windows\System\jjkGsKS.exe
  2⤵
  PID:12520
- C:\Windows\System\QYRVGbj.exe
  C:\Windows\System\QYRVGbj.exe
  2⤵
  PID:12564
- C:\Windows\System\AqWpYHC.exe
  C:\Windows\System\AqWpYHC.exe
  2⤵
  PID:12588
- C:\Windows\System\wsFtgPJ.exe
  C:\Windows\System\wsFtgPJ.exe
  2⤵
  PID:12608
- C:\Windows\System\iHIgemx.exe
  C:\Windows\System\iHIgemx.exe
  2⤵
  PID:12640
- C:\Windows\System\fvIruPq.exe
  C:\Windows\System\fvIruPq.exe
  2⤵
  PID:12664
- C:\Windows\System\mbxvSgt.exe
  C:\Windows\System\mbxvSgt.exe
  2⤵
  PID:12692
- C:\Windows\System\kWJyFRy.exe
  C:\Windows\System\kWJyFRy.exe
  2⤵
  PID:12720
- C:\Windows\System\AiWIVIx.exe
  C:\Windows\System\AiWIVIx.exe
  2⤵
  PID:12748
- C:\Windows\System\BguWIGI.exe
  C:\Windows\System\BguWIGI.exe
  2⤵
  PID:12788
- C:\Windows\System\biOpUXS.exe
  C:\Windows\System\biOpUXS.exe
  2⤵
  PID:12808
- C:\Windows\System\RQnOHPL.exe
  C:\Windows\System\RQnOHPL.exe
  2⤵
  PID:12836
- C:\Windows\System\lPMpBuq.exe
  C:\Windows\System\lPMpBuq.exe
  2⤵
  PID:12864
- C:\Windows\System\TEbWYvJ.exe
  C:\Windows\System\TEbWYvJ.exe
  2⤵
  PID:12900
- C:\Windows\System\gQNVHuf.exe
  C:\Windows\System\gQNVHuf.exe
  2⤵
  PID:12920
- C:\Windows\System\LsVniyJ.exe
  C:\Windows\System\LsVniyJ.exe
  2⤵
  PID:12948
- C:\Windows\System\CEzwGNc.exe
  C:\Windows\System\CEzwGNc.exe
  2⤵
  PID:12976
- C:\Windows\System\ryeerWL.exe
  C:\Windows\System\ryeerWL.exe
  2⤵
  PID:13004
- C:\Windows\System\KLNtPbj.exe
  C:\Windows\System\KLNtPbj.exe
  2⤵
  PID:13032
- C:\Windows\System\pEojUqI.exe
  C:\Windows\System\pEojUqI.exe
  2⤵
  PID:13060
- C:\Windows\System\ZuoXGXZ.exe
  C:\Windows\System\ZuoXGXZ.exe
  2⤵
  PID:13096
- C:\Windows\System\tdfzUJh.exe
  C:\Windows\System\tdfzUJh.exe
  2⤵
  PID:13120
- C:\Windows\System\WaUebuN.exe
  C:\Windows\System\WaUebuN.exe
  2⤵
  PID:13144
- C:\Windows\System\EvJmWQV.exe
  C:\Windows\System\EvJmWQV.exe
  2⤵
  PID:13180
- C:\Windows\System\YQzvXfq.exe
  C:\Windows\System\YQzvXfq.exe
  2⤵
  PID:13200
- C:\Windows\System\YCXwlmw.exe
  C:\Windows\System\YCXwlmw.exe
  2⤵
  PID:13236
- C:\Windows\System\qYibFTU.exe
  C:\Windows\System\qYibFTU.exe
  2⤵
  PID:13260
- C:\Windows\System\aTAEcjX.exe
  C:\Windows\System\aTAEcjX.exe
  2⤵
  PID:13300
- C:\Windows\System\hkKKQQF.exe
  C:\Windows\System\hkKKQQF.exe
  2⤵
  PID:8336
- C:\Windows\System\PCJcaFZ.exe
  C:\Windows\System\PCJcaFZ.exe
  2⤵
  PID:12348
- C:\Windows\System\DdRvqaK.exe
  C:\Windows\System\DdRvqaK.exe
  2⤵
  PID:8400
- C:\Windows\System\XuZgcYI.exe
  C:\Windows\System\XuZgcYI.exe
  2⤵
  PID:8428
- C:\Windows\System\rHXdnsD.exe
  C:\Windows\System\rHXdnsD.exe
  2⤵
  PID:12484
- C:\Windows\System\ZPVgFLD.exe
  C:\Windows\System\ZPVgFLD.exe
  2⤵
  PID:12512
- C:\Windows\System\EMiRyRV.exe
  C:\Windows\System\EMiRyRV.exe
  2⤵
  PID:8540
- C:\Windows\System\gKcDChx.exe
  C:\Windows\System\gKcDChx.exe
  2⤵
  PID:8596
- C:\Windows\System\RXusAjf.exe
  C:\Windows\System\RXusAjf.exe
  2⤵
  PID:12632
- C:\Windows\System\waTSuTf.exe
  C:\Windows\System\waTSuTf.exe
  2⤵
  PID:8684
- C:\Windows\System\UQFsVvH.exe
  C:\Windows\System\UQFsVvH.exe
  2⤵
  PID:8716
- C:\Windows\System\TbMQTUE.exe
  C:\Windows\System\TbMQTUE.exe
  2⤵
  PID:12760
- C:\Windows\System\OKlQvFN.exe
  C:\Windows\System\OKlQvFN.exe
  2⤵
  PID:5852
- C:\Windows\System\KmyBhmO.exe
  C:\Windows\System\KmyBhmO.exe
  2⤵
  PID:12800
- C:\Windows\System\TeYDxgQ.exe
  C:\Windows\System\TeYDxgQ.exe
  2⤵
  PID:12848
- C:\Windows\System\kVWVCrV.exe
  C:\Windows\System\kVWVCrV.exe
  2⤵
  PID:12912
- C:\Windows\System\PvsPDwG.exe
  C:\Windows\System\PvsPDwG.exe
  2⤵
  PID:12988
- C:\Windows\System\HHcZHjm.exe
  C:\Windows\System\HHcZHjm.exe
  2⤵
  PID:13000
- C:\Windows\System\oplfDiI.exe
  C:\Windows\System\oplfDiI.exe
  2⤵
  PID:13056
- C:\Windows\System\yqlhfrh.exe
  C:\Windows\System\yqlhfrh.exe
  2⤵
  PID:13128
- C:\Windows\System\EHEhcwc.exe
  C:\Windows\System\EHEhcwc.exe
  2⤵
  PID:13164
- C:\Windows\System\fGSzfGv.exe
  C:\Windows\System\fGSzfGv.exe
  2⤵
  PID:13224
- C:\Windows\System\jhPiYre.exe
  C:\Windows\System\jhPiYre.exe
  2⤵
  PID:13280
- C:\Windows\System\WMwWHBi.exe
  C:\Windows\System\WMwWHBi.exe
  2⤵
  PID:9184
- C:\Windows\System\ptAqUuc.exe
  C:\Windows\System\ptAqUuc.exe
  2⤵
  PID:3956
- C:\Windows\System\KvApWvC.exe
  C:\Windows\System\KvApWvC.exe
  2⤵
  PID:8276
- C:\Windows\System\RegNjTl.exe
  C:\Windows\System\RegNjTl.exe
  2⤵
  PID:8332
- C:\Windows\System\wQegjNx.exe
  C:\Windows\System\wQegjNx.exe
  2⤵
  PID:8416
- C:\Windows\System\SPuxWWj.exe
  C:\Windows\System\SPuxWWj.exe
  2⤵
  PID:8480
- C:\Windows\System\dWIZtCe.exe
  C:\Windows\System\dWIZtCe.exe
  2⤵
  PID:12576
- C:\Windows\System\qAXtsqL.exe
  C:\Windows\System\qAXtsqL.exe
  2⤵
  PID:8652
- C:\Windows\System\cOBDuzs.exe
  C:\Windows\System\cOBDuzs.exe
  2⤵
  PID:12676
- C:\Windows\System\OJpzruy.exe
  C:\Windows\System\OJpzruy.exe
  2⤵
  PID:8820
- C:\Windows\System\GeQXgZm.exe
  C:\Windows\System\GeQXgZm.exe
  2⤵
  PID:768
- C:\Windows\System\QgmlGhg.exe
  C:\Windows\System\QgmlGhg.exe
  2⤵
  PID:12832
- C:\Windows\System\mByDlUN.exe
  C:\Windows\System\mByDlUN.exe
  2⤵
  PID:12888
- C:\Windows\System\OWvNwOv.exe
  C:\Windows\System\OWvNwOv.exe
  2⤵
  PID:1052
- C:\Windows\System\wpCjrUU.exe
  C:\Windows\System\wpCjrUU.exe
  2⤵
  PID:9096
- C:\Windows\System\pxBvjXm.exe
  C:\Windows\System\pxBvjXm.exe
  2⤵
  PID:4788
- C:\Windows\System\ekkSavM.exe
  C:\Windows\System\ekkSavM.exe
  2⤵
  PID:212
- C:\Windows\System\LHSPdgC.exe
  C:\Windows\System\LHSPdgC.exe
  2⤵
  PID:8756
- C:\Windows\System\AUEvSwo.exe
  C:\Windows\System\AUEvSwo.exe
  2⤵
  PID:3288
- C:\Windows\System\rGIlRiD.exe
  C:\Windows\System\rGIlRiD.exe
  2⤵
  PID:4548
- C:\Windows\System\DaoKHZR.exe
  C:\Windows\System\DaoKHZR.exe
  2⤵
  PID:8548
- C:\Windows\System\HiClnHg.exe
  C:\Windows\System\HiClnHg.exe
  2⤵
  PID:1748
- C:\Windows\System\skhbGoP.exe
  C:\Windows\System\skhbGoP.exe
  2⤵
  PID:4032
- C:\Windows\System\kosNpFz.exe
  C:\Windows\System\kosNpFz.exe
  2⤵
  PID:1952
- C:\Windows\System\gpkApaB.exe
  C:\Windows\System\gpkApaB.exe
  2⤵
  PID:12716
- C:\Windows\System\rGTLIvx.exe
  C:\Windows\System\rGTLIvx.exe
  2⤵
  PID:8908
- C:\Windows\System\PuSTSks.exe
  C:\Windows\System\PuSTSks.exe
  2⤵
  PID:12876
- C:\Windows\System\VYRUtwv.exe
  C:\Windows\System\VYRUtwv.exe
  2⤵
  PID:8452
- C:\Windows\System\IdmuCqP.exe
  C:\Windows\System\IdmuCqP.exe
  2⤵
  PID:7484
- C:\Windows\System\MjxFsOZ.exe
  C:\Windows\System\MjxFsOZ.exe
  2⤵
  PID:13220
- C:\Windows\System\icInwMq.exe
  C:\Windows\System\icInwMq.exe
  2⤵
  PID:9080
- C:\Windows\System\INPDUex.exe
  C:\Windows\System\INPDUex.exe
  2⤵
  PID:13308
- C:\Windows\System\Yrfgmiq.exe
  C:\Windows\System\Yrfgmiq.exe
  2⤵
  PID:8356
- C:\Windows\System\TdhYAyB.exe
  C:\Windows\System\TdhYAyB.exe
  2⤵
  PID:4500
- C:\Windows\System\XPoZeMg.exe
  C:\Windows\System\XPoZeMg.exe
  2⤵
  PID:7720
- C:\Windows\System\QXWrFiZ.exe
  C:\Windows\System\QXWrFiZ.exe
  2⤵
  PID:9228
- C:\Windows\System\RYhQNCX.exe
  C:\Windows\System\RYhQNCX.exe
  2⤵
  PID:9260
- C:\Windows\System\TdCTNkC.exe
  C:\Windows\System\TdCTNkC.exe
  2⤵
  PID:9280
- C:\Windows\System\boXQhTQ.exe
  C:\Windows\System\boXQhTQ.exe
  2⤵
  PID:9308
- C:\Windows\System\zQSOcyp.exe
  C:\Windows\System\zQSOcyp.exe
  2⤵
  PID:3360
- C:\Windows\System\pyMcFtb.exe
  C:\Windows\System\pyMcFtb.exe
  2⤵
  PID:9396
- C:\Windows\System\CgVLsqD.exe
  C:\Windows\System\CgVLsqD.exe
  2⤵
  PID:4420
- C:\Windows\System\UtXnvsS.exe
  C:\Windows\System\UtXnvsS.exe
  2⤵
  PID:9476
- C:\Windows\System\MqzEOxC.exe
  C:\Windows\System\MqzEOxC.exe
  2⤵
  PID:5660
- C:\Windows\System\ezyoMsY.exe
  C:\Windows\System\ezyoMsY.exe
  2⤵
  PID:9536
- C:\Windows\System\XhpmSML.exe
  C:\Windows\System\XhpmSML.exe
  2⤵
  PID:9568
- C:\Windows\System\sMGBkdD.exe
  C:\Windows\System\sMGBkdD.exe
  2⤵
  PID:9592
- C:\Windows\System\DrImLeq.exe
  C:\Windows\System\DrImLeq.exe
  2⤵
  PID:9648
- C:\Windows\System\badRSSD.exe
  C:\Windows\System\badRSSD.exe
  2⤵
  PID:9684
- C:\Windows\System\aFVwMNC.exe
  C:\Windows\System\aFVwMNC.exe
  2⤵
  PID:8636
- C:\Windows\System\HXVIQho.exe
  C:\Windows\System\HXVIQho.exe
  2⤵
  PID:7420
- C:\Windows\System\cIvCgse.exe
  C:\Windows\System\cIvCgse.exe
  2⤵
  PID:9776
- C:\Windows\System\xjOyZOr.exe
  C:\Windows\System\xjOyZOr.exe
  2⤵
  PID:5776
- C:\Windows\System\LrGsGql.exe
  C:\Windows\System\LrGsGql.exe
  2⤵
  PID:9284
- C:\Windows\System\VgeHdww.exe
  C:\Windows\System\VgeHdww.exe
  2⤵
  PID:9916
- C:\Windows\System\JyzPpxT.exe
  C:\Windows\System\JyzPpxT.exe
  2⤵
  PID:9656
- C:\Windows\System\DHzOBwQ.exe
  C:\Windows\System\DHzOBwQ.exe
  2⤵
  PID:9464
- C:\Windows\System\IGyXeSV.exe
  C:\Windows\System\IGyXeSV.exe
  2⤵
  PID:10056
- C:\Windows\System\vCbSKtD.exe
  C:\Windows\System\vCbSKtD.exe
  2⤵
  PID:10088
- C:\Windows\System\mJLEDws.exe
  C:\Windows\System\mJLEDws.exe
  2⤵
  PID:7672
- C:\Windows\System\RhHpMOY.exe
  C:\Windows\System\RhHpMOY.exe
  2⤵
  PID:9620
- C:\Windows\System\gRYsIKA.exe
  C:\Windows\System\gRYsIKA.exe
  2⤵
  PID:5384
- C:\Windows\System\EovLjyS.exe
  C:\Windows\System\EovLjyS.exe
  2⤵
  PID:10024
- C:\Windows\System\TUYINwQ.exe
  C:\Windows\System\TUYINwQ.exe
  2⤵
  PID:5656
- C:\Windows\System\TylYktr.exe
  C:\Windows\System\TylYktr.exe
  2⤵
  PID:12940
- C:\Windows\System\YPvcglh.exe
  C:\Windows\System\YPvcglh.exe
  2⤵
  PID:9524
- C:\Windows\System\EIPsqmU.exe
  C:\Windows\System\EIPsqmU.exe
  2⤵
  PID:10004
- C:\Windows\System\alWyZiB.exe
  C:\Windows\System\alWyZiB.exe
  2⤵
  PID:5988
- C:\Windows\System\EhlBhob.exe
  C:\Windows\System\EhlBhob.exe
  2⤵
  PID:6084
- C:\Windows\System\BeGQoyI.exe
  C:\Windows\System\BeGQoyI.exe
  2⤵
  PID:8224
- C:\Windows\System\IWlGXXL.exe
  C:\Windows\System\IWlGXXL.exe
  2⤵
  PID:7728
- C:\Windows\System\facFFhD.exe
  C:\Windows\System\facFFhD.exe
  2⤵
  PID:6064
- C:\Windows\System\zqxzAnl.exe
  C:\Windows\System\zqxzAnl.exe
  2⤵
  PID:9760
- C:\Windows\System\ROHGrFo.exe
  C:\Windows\System\ROHGrFo.exe
  2⤵
  PID:8380
- C:\Windows\System\TDaPmJk.exe
  C:\Windows\System\TDaPmJk.exe
  2⤵
  PID:10052
- C:\Windows\System\ygWUgIc.exe
  C:\Windows\System\ygWUgIc.exe
  2⤵
  PID:10120
- C:\Windows\System\CUYMJLP.exe
  C:\Windows\System\CUYMJLP.exe
  2⤵
  PID:9240
- C:\Windows\System\LHLLEue.exe
  C:\Windows\System\LHLLEue.exe
  2⤵
  PID:10208
- C:\Windows\System\xeFIGsU.exe
  C:\Windows\System\xeFIGsU.exe
  2⤵
  PID:5856
- C:\Windows\System\LZirMGL.exe
  C:\Windows\System\LZirMGL.exe
  2⤵
  PID:6072
- C:\Windows\System\DPLitkB.exe
  C:\Windows\System\DPLitkB.exe
  2⤵
  PID:13388
- C:\Windows\System\ZPvETRH.exe
  C:\Windows\System\ZPvETRH.exe
  2⤵
  PID:13404
- C:\Windows\System\NADmLrk.exe
  C:\Windows\System\NADmLrk.exe
  2⤵
  PID:13428
- C:\Windows\System\TgXndQA.exe
  C:\Windows\System\TgXndQA.exe
  2⤵
  PID:13476
- C:\Windows\System\byiKQsg.exe
  C:\Windows\System\byiKQsg.exe
  2⤵
  PID:13504
- C:\Windows\System\ANzFjXl.exe
  C:\Windows\System\ANzFjXl.exe
  2⤵
  PID:13540
- C:\Windows\System\RtztkaH.exe
  C:\Windows\System\RtztkaH.exe
  2⤵
  PID:13568
- C:\Windows\System\PXNaWsQ.exe
  C:\Windows\System\PXNaWsQ.exe
  2⤵
  PID:13596
- C:\Windows\System\mQWNZye.exe
  C:\Windows\System\mQWNZye.exe
  2⤵
  PID:13620
- C:\Windows\System\fqgmnSU.exe
  C:\Windows\System\fqgmnSU.exe
  2⤵
  PID:13652
- C:\Windows\System\mKVvosV.exe
  C:\Windows\System\mKVvosV.exe
  2⤵
  PID:13676
- C:\Windows\System\xrALYyF.exe
  C:\Windows\System\xrALYyF.exe
  2⤵
  PID:13700
- C:\Windows\System\vWZqYkx.exe
  C:\Windows\System\vWZqYkx.exe
  2⤵
  PID:13724
- C:\Windows\System\VlzSLQV.exe
  C:\Windows\System\VlzSLQV.exe
  2⤵
  PID:13760
- C:\Windows\System\hyIKEOe.exe
  C:\Windows\System\hyIKEOe.exe
  2⤵
  PID:13792
- C:\Windows\System\GgqYgJS.exe
  C:\Windows\System\GgqYgJS.exe
  2⤵
  PID:13820
- C:\Windows\System\PkuoNaB.exe
  C:\Windows\System\PkuoNaB.exe
  2⤵
  PID:13856
- C:\Windows\System\uJOqaEE.exe
  C:\Windows\System\uJOqaEE.exe
  2⤵
  PID:13896
- C:\Windows\System\HDGueLt.exe
  C:\Windows\System\HDGueLt.exe
  2⤵
  PID:13932
- C:\Windows\System\ZDwzQbH.exe
  C:\Windows\System\ZDwzQbH.exe
  2⤵
  PID:13960
- C:\Windows\System\sKnfWeB.exe
  C:\Windows\System\sKnfWeB.exe
  2⤵
  PID:13992
- C:\Windows\System\JuyOUKt.exe
  C:\Windows\System\JuyOUKt.exe
  2⤵
  PID:14020
- C:\Windows\System\CPKlYLM.exe
  C:\Windows\System\CPKlYLM.exe
  2⤵
  PID:14048
- C:\Windows\System\VpUbXpD.exe
  C:\Windows\System\VpUbXpD.exe
  2⤵
  PID:14068
- C:\Windows\System\MjIFkCF.exe
  C:\Windows\System\MjIFkCF.exe
  2⤵
  PID:14108
- C:\Windows\System\spXELjR.exe
  C:\Windows\System\spXELjR.exe
  2⤵
  PID:14132
- C:\Windows\System\HDVaZmd.exe
  C:\Windows\System\HDVaZmd.exe
  2⤵
  PID:14176
- C:\Windows\System\rFtdvYR.exe
  C:\Windows\System\rFtdvYR.exe
  2⤵
  PID:14204
- C:\Windows\System\SQVJqaj.exe
  C:\Windows\System\SQVJqaj.exe
  2⤵
  PID:14232
- C:\Windows\System\amfOxpd.exe
  C:\Windows\System\amfOxpd.exe
  2⤵
  PID:14280
- C:\Windows\System\AJYMPWU.exe
  C:\Windows\System\AJYMPWU.exe
  2⤵
  PID:14312
- C:\Windows\System\IrEBsya.exe
  C:\Windows\System\IrEBsya.exe
  2⤵
  PID:2104
- C:\Windows\System\KQaPoHb.exe
  C:\Windows\System\KQaPoHb.exe
  2⤵
  PID:4772
- C:\Windows\System\trPJMZR.exe
  C:\Windows\System\trPJMZR.exe
  2⤵
  PID:5924
- C:\Windows\System\JWmNQwU.exe
  C:\Windows\System\JWmNQwU.exe
  2⤵
  PID:9676
- C:\Windows\System\ojzPZds.exe
  C:\Windows\System\ojzPZds.exe
  2⤵
  PID:9496
- C:\Windows\System\MMnmFGO.exe
  C:\Windows\System\MMnmFGO.exe
  2⤵
  PID:1868
- C:\Windows\System\AnrgOQz.exe
  C:\Windows\System\AnrgOQz.exe
  2⤵
  PID:10068
- C:\Windows\System\efEtMJi.exe
  C:\Windows\System\efEtMJi.exe
  2⤵
  PID:13552
- C:\Windows\System\JTJFfwC.exe
  C:\Windows\System\JTJFfwC.exe
  2⤵
  PID:1628
- C:\Windows\System\skRANWS.exe
  C:\Windows\System\skRANWS.exe
  2⤵
  PID:2000
- C:\Windows\System\XOCWImA.exe
  C:\Windows\System\XOCWImA.exe
  2⤵
  PID:13664
- C:\Windows\System\ZTqeloF.exe
  C:\Windows\System\ZTqeloF.exe
  2⤵
  PID:13708
- C:\Windows\System\sbFtAep.exe
  C:\Windows\System\sbFtAep.exe
  2⤵
  PID:13736
- C:\Windows\System\QZbixjI.exe
  C:\Windows\System\QZbixjI.exe
  2⤵
  PID:10040
- C:\Windows\System\zjECuAD.exe
  C:\Windows\System\zjECuAD.exe
  2⤵
  PID:13804
- C:\Windows\System\eDSMrgG.exe
  C:\Windows\System\eDSMrgG.exe
  2⤵
  PID:2600
- C:\Windows\System\kvKbQsF.exe
  C:\Windows\System\kvKbQsF.exe
  2⤵
  PID:428
- C:\Windows\System\fHiCRdB.exe
  C:\Windows\System\fHiCRdB.exe
  2⤵
  PID:13872
- C:\Windows\System\kZoPgOq.exe
  C:\Windows\System\kZoPgOq.exe
  2⤵
  PID:1392
- C:\Windows\System\mcvnQaM.exe
  C:\Windows\System\mcvnQaM.exe
  2⤵
  PID:9936
- C:\Windows\System\TxcupJg.exe
  C:\Windows\System\TxcupJg.exe
  2⤵
  PID:14004
- C:\Windows\System\xLOjHGF.exe
  C:\Windows\System\xLOjHGF.exe
  2⤵
  PID:14036
- C:\Windows\System\jcuHHOo.exe
  C:\Windows\System\jcuHHOo.exe
  2⤵
  PID:1156
- C:\Windows\System\dwBkUut.exe
  C:\Windows\System\dwBkUut.exe
  2⤵
  PID:14120
- C:\Windows\System\hdXDSGq.exe
  C:\Windows\System\hdXDSGq.exe
  2⤵
  PID:14168
- C:\Windows\System\FMCYnDd.exe
  C:\Windows\System\FMCYnDd.exe
  2⤵
  PID:2820
- C:\Windows\System\iPIaGsa.exe
  C:\Windows\System\iPIaGsa.exe
  2⤵
  PID:4992
- C:\Windows\System\GGJyQfc.exe
  C:\Windows\System\GGJyQfc.exe
  2⤵
  PID:2656
- C:\Windows\System\zrFPoQy.exe
  C:\Windows\System\zrFPoQy.exe
  2⤵
  PID:14292
- C:\Windows\System\CsYjlpR.exe
  C:\Windows\System\CsYjlpR.exe
  2⤵
  PID:10532
- C:\Windows\System\EwHOqLX.exe
  C:\Windows\System\EwHOqLX.exe
  2⤵
  PID:10580
- C:\Windows\System\ItSZoKZ.exe
  C:\Windows\System\ItSZoKZ.exe
  2⤵
  PID:180
- C:\Windows\System\iSBIQzj.exe
  C:\Windows\System\iSBIQzj.exe
  2⤵
  PID:13460
- C:\Windows\System\PcKGRek.exe
  C:\Windows\System\PcKGRek.exe
  2⤵
  PID:10696
- C:\Windows\System\tzpPkJB.exe
  C:\Windows\System\tzpPkJB.exe
  2⤵
  PID:14172
- C:\Windows\System\IjmhuOT.exe
  C:\Windows\System\IjmhuOT.exe
  2⤵
  PID:10748
- C:\Windows\System\zZWAmwS.exe
  C:\Windows\System\zZWAmwS.exe
  2⤵
  PID:13660
- C:\Windows\System\wUdNUKM.exe
  C:\Windows\System\wUdNUKM.exe
  2⤵
  PID:5912
- C:\Windows\System\kukxMvt.exe
  C:\Windows\System\kukxMvt.exe
  2⤵
  PID:9052
- C:\Windows\System\ajagouj.exe
  C:\Windows\System\ajagouj.exe
  2⤵
  PID:5788
- C:\Windows\System\ruLNmjB.exe
  C:\Windows\System\ruLNmjB.exe
  2⤵
  PID:13324
- C:\Windows\System\oCzGBKk.exe
  C:\Windows\System\oCzGBKk.exe
  2⤵
  PID:5736
- C:\Windows\System\EPTPwgD.exe
  C:\Windows\System\EPTPwgD.exe
  2⤵
  PID:3580
- C:\Windows\System\INYzRWJ.exe
  C:\Windows\System\INYzRWJ.exe
  2⤵
  PID:10984
- C:\Windows\System\ooMGUZu.exe
  C:\Windows\System\ooMGUZu.exe
  2⤵
  PID:1496
- C:\Windows\System\vpawuIT.exe
  C:\Windows\System\vpawuIT.exe
  2⤵
  PID:13840
- C:\Windows\System\WSdmXWS.exe
  C:\Windows\System\WSdmXWS.exe
  2⤵
  PID:3428
- C:\Windows\System\KxZqEei.exe
  C:\Windows\System\KxZqEei.exe
  2⤵
  PID:5036
- C:\Windows\System\CcIxTNY.exe
  C:\Windows\System\CcIxTNY.exe
  2⤵
  PID:712
- C:\Windows\System\JMBrpan.exe
  C:\Windows\System\JMBrpan.exe
  2⤵
  PID:9628
- C:\Windows\System\HusqqNb.exe
  C:\Windows\System\HusqqNb.exe
  2⤵
  PID:5260
- C:\Windows\System\qTPvGjg.exe
  C:\Windows\System\qTPvGjg.exe
  2⤵
  PID:4532
- C:\Windows\System\BNCDAQD.exe
  C:\Windows\System\BNCDAQD.exe
  2⤵
  PID:4144
- C:\Windows\System\URwMjdX.exe
  C:\Windows\System\URwMjdX.exe
  2⤵
  PID:3732
- C:\Windows\System\mYqtvFt.exe
  C:\Windows\System\mYqtvFt.exe
  2⤵
  PID:3968
- C:\Windows\System\rPXQSFw.exe
  C:\Windows\System\rPXQSFw.exe
  2⤵
  PID:9024
- C:\Windows\System\AHcxJqU.exe
  C:\Windows\System\AHcxJqU.exe
  2⤵
  PID:6404
- C:\Windows\System\aOZsApN.exe
  C:\Windows\System\aOZsApN.exe
  2⤵
  PID:10440
- C:\Windows\System\THXkSfH.exe
  C:\Windows\System\THXkSfH.exe
  2⤵
  PID:10504
- C:\Windows\System\SAYtYCu.exe
  C:\Windows\System\SAYtYCu.exe
  2⤵
  PID:10560
- C:\Windows\System\GsjWCgu.exe
  C:\Windows\System\GsjWCgu.exe
  2⤵
  PID:10316
- C:\Windows\System\DztRXIj.exe
  C:\Windows\System\DztRXIj.exe
  2⤵
  PID:10708
- C:\Windows\System\tddmtyV.exe
  C:\Windows\System\tddmtyV.exe
  2⤵
  PID:6688
- C:\Windows\System\tIIQJCQ.exe
  C:\Windows\System\tIIQJCQ.exe
  2⤵
  PID:8976
- C:\Windows\System\CAORApT.exe
  C:\Windows\System\CAORApT.exe
  2⤵
  PID:5784
- C:\Windows\System\zwzZmFd.exe
  C:\Windows\System\zwzZmFd.exe
  2⤵
  PID:11112
- C:\Windows\System\dyCdSEB.exe
  C:\Windows\System\dyCdSEB.exe
  2⤵
  PID:4492
- C:\Windows\System\OUgGNDt.exe
  C:\Windows\System\OUgGNDt.exe
  2⤵
  PID:1700
- C:\Windows\System\ztCcSiv.exe
  C:\Windows\System\ztCcSiv.exe
  2⤵
  PID:10248
- C:\Windows\System\IiaTZYh.exe
  C:\Windows\System\IiaTZYh.exe
  2⤵
  PID:10336
- C:\Windows\System\kekYbzj.exe
  C:\Windows\System\kekYbzj.exe
  2⤵
  PID:2124
- C:\Windows\System\YXYCaoo.exe
  C:\Windows\System\YXYCaoo.exe
  2⤵
  PID:4680
- C:\Windows\System\BxQpJBK.exe
  C:\Windows\System\BxQpJBK.exe
  2⤵
  PID:13844
- C:\Windows\System\JrmkKpK.exe
  C:\Windows\System\JrmkKpK.exe
  2⤵
  PID:6772
- C:\Windows\System\WrUtxVk.exe
  C:\Windows\System\WrUtxVk.exe
  2⤵
  PID:11000
- C:\Windows\System\LfFtSAx.exe
  C:\Windows\System\LfFtSAx.exe
  2⤵
  PID:6232
- C:\Windows\System\AkDKrJE.exe
  C:\Windows\System\AkDKrJE.exe
  2⤵
  PID:6520
- C:\Windows\System\cVWpAXk.exe
  C:\Windows\System\cVWpAXk.exe
  2⤵
  PID:6808
- C:\Windows\System\FTlwweI.exe
  C:\Windows\System\FTlwweI.exe
  2⤵
  PID:9988
- C:\Windows\System\dqnjimm.exe
  C:\Windows\System\dqnjimm.exe
  2⤵
  PID:14088
- C:\Windows\System\afHnLKX.exe
  C:\Windows\System\afHnLKX.exe
  2⤵
  PID:10412
- C:\Windows\System\rjXAwum.exe
  C:\Windows\System\rjXAwum.exe
  2⤵
  PID:940
- C:\Windows\System\JUkbqRI.exe
  C:\Windows\System\JUkbqRI.exe
  2⤵
  PID:6500
- C:\Windows\System\TjqCzPK.exe
  C:\Windows\System\TjqCzPK.exe
  2⤵
  PID:10652
- C:\Windows\System\PZSyGdN.exe
  C:\Windows\System\PZSyGdN.exe
  2⤵
  PID:8852
- C:\Windows\System\zWJPPyj.exe
  C:\Windows\System\zWJPPyj.exe
  2⤵
  PID:9416
- C:\Windows\System\jUSyAHW.exe
  C:\Windows\System\jUSyAHW.exe
  2⤵
  PID:14140
- C:\Windows\System\ShDkQcb.exe
  C:\Windows\System\ShDkQcb.exe
  2⤵
  PID:10996
- C:\Windows\System\lBZeNXu.exe
  C:\Windows\System\lBZeNXu.exe
  2⤵
  PID:11056
- C:\Windows\System\PhKrncu.exe
  C:\Windows\System\PhKrncu.exe
  2⤵
  PID:6168
- C:\Windows\System\nJvVoMc.exe
  C:\Windows\System\nJvVoMc.exe
  2⤵
  PID:6784
- C:\Windows\System\RkrQssO.exe
  C:\Windows\System\RkrQssO.exe
  2⤵
  PID:10456
- C:\Windows\System\swFKJky.exe
  C:\Windows\System\swFKJky.exe
  2⤵
  PID:10992
- C:\Windows\System\cEBfkqX.exe
  C:\Windows\System\cEBfkqX.exe
  2⤵
  PID:10712
- C:\Windows\System\YiIzlRu.exe
  C:\Windows\System\YiIzlRu.exe
  2⤵
  PID:11404
- C:\Windows\System\TnSZanS.exe
  C:\Windows\System\TnSZanS.exe
  2⤵
  PID:13632
- C:\Windows\System\PHWnYPc.exe
  C:\Windows\System\PHWnYPc.exe
  2⤵
  PID:6356
- C:\Windows\System\ugVlmgO.exe
  C:\Windows\System\ugVlmgO.exe
  2⤵
  PID:6604
- C:\Windows\System\pAWPQre.exe
  C:\Windows\System\pAWPQre.exe
  2⤵
  PID:11216
- C:\Windows\System\vYGgthn.exe
  C:\Windows\System\vYGgthn.exe
  2⤵
  PID:1624
- C:\Windows\System\NwFhQcX.exe
  C:\Windows\System\NwFhQcX.exe
  2⤵
  PID:756
- C:\Windows\System\nuHZTyj.exe
  C:\Windows\System\nuHZTyj.exe
  2⤵
  PID:11720
- C:\Windows\System\QalZxce.exe
  C:\Windows\System\QalZxce.exe
  2⤵
  PID:5820
- C:\Windows\System\gxzuscL.exe
  C:\Windows\System\gxzuscL.exe
  2⤵
  PID:3188
- C:\Windows\System\jKsVWIX.exe
  C:\Windows\System\jKsVWIX.exe
  2⤵
  PID:10224
- C:\Windows\System\wflXjLd.exe
  C:\Windows\System\wflXjLd.exe
  2⤵
  PID:11924
- C:\Windows\System\FsVZhwm.exe
  C:\Windows\System\FsVZhwm.exe
  2⤵
  PID:11980
- C:\Windows\System\KSwKiQb.exe
  C:\Windows\System\KSwKiQb.exe
  2⤵
  PID:10720
- C:\Windows\System\eFQBdEc.exe
  C:\Windows\System\eFQBdEc.exe
  2⤵
  PID:12076
- C:\Windows\System\szSQjXZ.exe
  C:\Windows\System\szSQjXZ.exe
  2⤵
  PID:12116
- C:\Windows\System\WeneIBS.exe
  C:\Windows\System\WeneIBS.exe
  2⤵
  PID:12180
- C:\Windows\System\EBlgScZ.exe
  C:\Windows\System\EBlgScZ.exe
  2⤵
  PID:12236
- C:\Windows\System\KoDFdFS.exe
  C:\Windows\System\KoDFdFS.exe
  2⤵
  PID:10364
- C:\Windows\System\WPgPvgT.exe
  C:\Windows\System\WPgPvgT.exe
  2⤵
  PID:11356
- C:\Windows\System\NUgLqgD.exe
  C:\Windows\System\NUgLqgD.exe
  2⤵
  PID:11400
- C:\Windows\System\xFpEYUR.exe
  C:\Windows\System\xFpEYUR.exe
  2⤵
  PID:13944
- C:\Windows\System\YWIDarN.exe
  C:\Windows\System\YWIDarN.exe
  2⤵
  PID:11556
- C:\Windows\System\ooyOXHF.exe
  C:\Windows\System\ooyOXHF.exe
  2⤵
  PID:1152
- C:\Windows\System\WmOLNks.exe
  C:\Windows\System\WmOLNks.exe
  2⤵
  PID:11652
- C:\Windows\System\lXytcCk.exe
  C:\Windows\System\lXytcCk.exe
  2⤵
  PID:228
- C:\Windows\System\UxKlKJi.exe
  C:\Windows\System\UxKlKJi.exe
  2⤵
  PID:6840
- C:\Windows\System\PJCcUEP.exe
  C:\Windows\System\PJCcUEP.exe
  2⤵
  PID:11784
- C:\Windows\System\blMtvRB.exe
  C:\Windows\System\blMtvRB.exe
  2⤵
  PID:11920
- C:\Windows\System\NzyPlax.exe
  C:\Windows\System\NzyPlax.exe
  2⤵
  PID:11932
- C:\Windows\System\MQhiFUZ.exe
  C:\Windows\System\MQhiFUZ.exe
  2⤵
  PID:12012
- C:\Windows\System\pNgWoXY.exe
  C:\Windows\System\pNgWoXY.exe
  2⤵
  PID:12080
- C:\Windows\System\iXviXAz.exe
  C:\Windows\System\iXviXAz.exe
  2⤵
  PID:12132
- C:\Windows\System\TPDWugp.exe
  C:\Windows\System\TPDWugp.exe
  2⤵
  PID:12200
- C:\Windows\System\FpKOniY.exe
  C:\Windows\System\FpKOniY.exe
  2⤵
  PID:12192
- C:\Windows\System\ogoKeXt.exe
  C:\Windows\System\ogoKeXt.exe
  2⤵
  PID:12284
- C:\Windows\System\SukGouo.exe
  C:\Windows\System\SukGouo.exe
  2⤵
  PID:4928
- C:\Windows\System\jsZfqzx.exe
  C:\Windows\System\jsZfqzx.exe
  2⤵
  PID:7136
- C:\Windows\System\FRZlZdR.exe
  C:\Windows\System\FRZlZdR.exe
  2⤵
  PID:9960
- C:\Windows\System\tUCGEGZ.exe
  C:\Windows\System\tUCGEGZ.exe
  2⤵
  PID:11608
- C:\Windows\System\LbpfKmF.exe
  C:\Windows\System\LbpfKmF.exe
  2⤵
  PID:11692
- C:\Windows\System\rvnQnSm.exe
  C:\Windows\System\rvnQnSm.exe
  2⤵
  PID:3600
- C:\Windows\System\CTWWxCF.exe
  C:\Windows\System\CTWWxCF.exe
  2⤵
  PID:1516
- C:\Windows\System\FRYVIMD.exe
  C:\Windows\System\FRYVIMD.exe
  2⤵
  PID:7772
- C:\Windows\System\SFlHpLT.exe
  C:\Windows\System\SFlHpLT.exe
  2⤵
  PID:5216
- C:\Windows\System\IOMxAoo.exe
  C:\Windows\System\IOMxAoo.exe
  2⤵
  PID:12100
- C:\Windows\System\snByWRC.exe
  C:\Windows\System\snByWRC.exe
  2⤵
  PID:12152
- C:\Windows\System\aWKliJF.exe
  C:\Windows\System\aWKliJF.exe
  2⤵
  PID:7456
- C:\Windows\System\nitewRy.exe
  C:\Windows\System\nitewRy.exe
  2⤵
  PID:7328
- C:\Windows\System\OWqoAFl.exe
  C:\Windows\System\OWqoAFl.exe
  2⤵
  PID:7620
- C:\Windows\System\mEBOFPp.exe
  C:\Windows\System\mEBOFPp.exe
  2⤵
  PID:6580
- C:\Windows\System\lZRtAnl.exe
  C:\Windows\System\lZRtAnl.exe
  2⤵
  PID:6496
- C:\Windows\System\bYlKvQF.exe
  C:\Windows\System\bYlKvQF.exe
  2⤵
  PID:7052
- C:\Windows\System\LEmNDEe.exe
  C:\Windows\System\LEmNDEe.exe
  2⤵
  PID:10268
- C:\Windows\System\xbNGsBM.exe
  C:\Windows\System\xbNGsBM.exe
  2⤵
  PID:2840
- C:\Windows\System\HVCYbxG.exe
  C:\Windows\System\HVCYbxG.exe
  2⤵
  PID:11240
- C:\Windows\System\fruMaNZ.exe
  C:\Windows\System\fruMaNZ.exe
  2⤵
  PID:11180
- C:\Windows\System\EwjiDEJ.exe
  C:\Windows\System\EwjiDEJ.exe
  2⤵
  PID:11452
- C:\Windows\System\ymwmceN.exe
  C:\Windows\System\ymwmceN.exe
  2⤵
  PID:10352
- C:\Windows\System\UdjjAVZ.exe
  C:\Windows\System\UdjjAVZ.exe
  2⤵
  PID:7112
- C:\Windows\System\GLIAFAO.exe
  C:\Windows\System\GLIAFAO.exe
  2⤵
  PID:12212
- C:\Windows\System\igFudfq.exe
  C:\Windows\System\igFudfq.exe
  2⤵
  PID:7820
- C:\Windows\System\vkVMWJY.exe
  C:\Windows\System\vkVMWJY.exe
  2⤵
  PID:7992
- C:\Windows\System\DCNxWJd.exe
  C:\Windows\System\DCNxWJd.exe
  2⤵
  PID:8008
- C:\Windows\System\HEwFpHk.exe
  C:\Windows\System\HEwFpHk.exe
  2⤵
  PID:7520
- C:\Windows\System\sPLqrSj.exe
  C:\Windows\System\sPLqrSj.exe
  2⤵
  PID:7208
- C:\Windows\System\wQRfedh.exe
  C:\Windows\System\wQRfedh.exe
  2⤵
  PID:7656
- C:\Windows\System\hblskSV.exe
  C:\Windows\System\hblskSV.exe
  2⤵
  PID:7816
- C:\Windows\System\biRRvkQ.exe
  C:\Windows\System\biRRvkQ.exe
  2⤵
  PID:10968
- C:\Windows\System\NsWqtOW.exe
  C:\Windows\System\NsWqtOW.exe
  2⤵
  PID:7760
- C:\Windows\System\nGtJnIV.exe
  C:\Windows\System\nGtJnIV.exe
  2⤵
  PID:7928
- C:\Windows\System\TQHTKcu.exe
  C:\Windows\System\TQHTKcu.exe
  2⤵
  PID:12304
- C:\Windows\System\nIaooOB.exe
  C:\Windows\System\nIaooOB.exe
  2⤵
  PID:12340
- C:\Windows\System\UTrpvxb.exe
  C:\Windows\System\UTrpvxb.exe
  2⤵
  PID:8196
- C:\Windows\System\tzbTkft.exe
  C:\Windows\System\tzbTkft.exe
  2⤵
  PID:12424
- C:\Windows\System\HCvDhJc.exe
  C:\Windows\System\HCvDhJc.exe
  2⤵
  PID:12312
- C:\Windows\System\YJoCtfK.exe
  C:\Windows\System\YJoCtfK.exe
  2⤵
  PID:12508
- C:\Windows\System\uyzRoKS.exe
  C:\Windows\System\uyzRoKS.exe
  2⤵
  PID:12556
- C:\Windows\System\bHEjTMd.exe
  C:\Windows\System\bHEjTMd.exe
  2⤵
  PID:12444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BDxpSGq.exe

Filesize
6.0MB

MD5
3abef3a0ed7f5a908a720863c9601108

SHA1
3fe2964e0e06f821a88f54db1e5ef20a7dd39d2a

SHA256
98f7d45f7c60bb73c4741be242048aa965b17a7623b867d66a4995113ff5b442

SHA512
9010905df3318922537e52edd92dff61620e3009dc564c3e9cf81aa68f2a66d68b0f044727a6e0d1db763b89ae5c4e50f1d797a8fb5464139fe94285c5496e84

Download Submit
C:\Windows\System\CazORvc.exe

Filesize
6.0MB

MD5
204f3159ab645dccaef8eb0248a93d70

SHA1
423ce5cbb1cc8c5362ede5636412f077d462bf98

SHA256
b492c32316064f606fb9d08cc2c7f3bd3e43cf75f8fc920cf10a5c01d623934c

SHA512
fd4eeeee65acb325729079262fc932acff655a696a6c76f8ce9ddc828ead69bd75bca1928a768511edfc23567a0d96eb936d9e44e1223e7cb05a620399fd083a

Download Submit
C:\Windows\System\CnaTYBT.exe

Filesize
6.0MB

MD5
e2e5a2819d8eecb1c180fb131c8c994b

SHA1
662e575ca63f4ce6709cf890fc327148e7192596

SHA256
1a73d5fe36adc49e0376885c03ed59dc3f1f04b3c17a7ab29a50bafa50012760

SHA512
769d703f998b39f670050680859a2776065ffb399d9e465df7247617ad1002056e3ded62102c6e924f12e2567af5cc2c8b13877637701c2c701cdf6ba76ba18c

Download Submit
C:\Windows\System\HYlhzxr.exe

Filesize
6.0MB

MD5
79c7a217376d7946ad4dd7a3792f83fc

SHA1
846502e0df4c4988a553dbaed9714d11ceb67715

SHA256
d6e11650406c1da0bc1992ac6871a2095e2c9f400433d3be91f46589c5df0d99

SHA512
a6e2c1ee7feb269aab850e54831cd5d0bf0c6873c56516c2da0848cc8a5818ababedba8104f388aacd57b7c85ce5594f6e267a47ca07407e47698aa15572ad33

Download Submit
C:\Windows\System\IaRJCRI.exe

Filesize
6.0MB

MD5
83e974e96fc75a2067c22851ae317712

SHA1
070bfd62459d64c4993867943f897bf8aa76cfc2

SHA256
ef57d0706def767902d78c9200861c66a7afbb25e6388101d795af4757cc2992

SHA512
cc5c8ff5bceb25f538acefc78d8bf914277cae6eb9ab1561e021e4e008cb2335b85f963771e2691dade827de5a801b40268d5718d91890ac5e2db4a533d6c9b3

Download Submit
C:\Windows\System\JmoCghg.exe

Filesize
6.0MB

MD5
fd7d24f038a1ff9d0f1303f2662eb997

SHA1
9d0e7edb1efd9a5d59ff3583f54eb40354f9cdea

SHA256
18532830c926b18c180983ebea699b42ec43542755c25ae72cb94dfa7adddab1

SHA512
6369cd8e81eb8c226597308b7e5d615e23b3202f07f49ac20b8cb857c24eea7008a1133515ccec0573207da9d707952c2f1463d97e9a16252ed49907becf89cb

Download Submit
C:\Windows\System\KwRyYij.exe

Filesize
6.0MB

MD5
56f9431e59be2b79b904b20897d992c7

SHA1
b84e65106fada6577c87befd27650e27a69b6f94

SHA256
a0170db2a621b2dc403c3140deea1125a88da19934f328e8847b7484c861f013

SHA512
0a528e4945b6adbfaf97adbd93a7f00b4e3a452fc0bf434b8fad1680f599049daefe5d2c7bb7d3f0affcdf140a4726fc6a987ba10de0f4114287539751d4d18e

Download Submit
C:\Windows\System\LfoOjmD.exe

Filesize
6.0MB

MD5
66aa6b7a57d183884c64dc88f963dec4

SHA1
92aea320f931c76c5429dbdc97595a13c93e3809

SHA256
c0074b53fd1c63bf6a8d9ac1df32149dcebf5852122fba7b642ebeceaea91a2f

SHA512
bd954c80fa9f263e715d566490876a4d88c8f5d72c9ea904d4417a705bb85ae3cad30badca8c5e5b9ded411be565cb9bf56837b846fa92e27b6ba0297a58a534

Download Submit
C:\Windows\System\MVwwZRs.exe

Filesize
6.0MB

MD5
ffc5cdf36e4ae1f7edf9825214251161

SHA1
0586b1b077dcc66cc54b14119293979e98686663

SHA256
3c327a28b48f848668eea0094b815ce77b5dec7fabf9fc23a5c6f1fd897d4ba6

SHA512
9f54a4030277937cc28f4b9f4291d551de84d6c24f0a0c2b8b4b9abd433e8f0a5eb4c2b728b11d86089088f00a71a31d9fd985a0f88a6288aa1c00dba0bee472

Download Submit
C:\Windows\System\MWTUKMx.exe

Filesize
6.0MB

MD5
9a8d2817806cfb749a736eb25b975079

SHA1
a90efa7b184e84d9cf5aca19bf76fef782515740

SHA256
6e8d45a9e20c336a0eaa97621fb655e556a568144a6452e06319a34bed81616a

SHA512
c18e88d911265d0ecad3426f69a9cf789f66404f054eb9a7d84cae95a8356349148fffe812b4fdd3b05aa704b515c2918bebafd7cb5cf2bf952ed00f8966be79

Download Submit
C:\Windows\System\PNeUlxa.exe

Filesize
6.0MB

MD5
55ac15388d06019875b992ecb96b9e3a

SHA1
87bf157ab05d290d28957eb3559c309c394ac024

SHA256
4ed7e959cf702ae06b1194408f5ac9ca71bc4aaa7ad1cccb0c522cd06ba90447

SHA512
862bf551a668517ee5bbe831d527570df89680edecea2cf045bf09246d376e48891673cfb6a323ba948ac990dcada51e2a2d2565d8c60edd65952d7050f7f5d8

Download Submit
C:\Windows\System\RgiThqn.exe

Filesize
6.0MB

MD5
ee4ccdb5aa11305a87f0c24c058ae5dd

SHA1
22217b1e0caa16e6e66583dd1363dbac7b722573

SHA256
f23e472d387bff9bb1e380b466230dba214e119d1f9dbbd7ecc601b4aa98c80d

SHA512
19340e447ebb939153b4c6e219d42abc9c2de14a454c1c84792722e6b5ce1ef50111250b6e54d99e70633df8f8627c022502346db712511688a51eb04e8867b6

Download Submit
C:\Windows\System\SrrzCqd.exe

Filesize
6.0MB

MD5
4e0b904e73528cd2017df011133ae339

SHA1
9259f8e0c01b21bc9312b0ed161b2825269fb8e0

SHA256
7b1e155770b4816d12fa23a82390f352bc992ff3c3fbde999109967da625aeee

SHA512
673256b491d8a2f3bbf3b05bf074080e3340c063f6aa123df19cbd9e4137dcd1a363669422b99c7ca633d9d3266284e76991269b9a9dcc6bfb4999d8fd226326

Download Submit
C:\Windows\System\VBAwNZH.exe

Filesize
6.0MB

MD5
3806883297a57f4d4248ebc612488d2f

SHA1
0e3cf241233f2fea57ff3defeecb4890e08c09e5

SHA256
397ae7a3981bb902d393a14732832e75b10a8fa0b91197458f7416a8b7c74e8a

SHA512
6ebb8ec91bd96eff1023937b53b6f7374906b4a4e4481df1d86d8baa3af62238c2e192ebc895e178af66dbcfd9705cc6ae9c8b86d5289caf3b54e2745df64c3d

Download Submit
C:\Windows\System\YYrZxDH.exe

Filesize
6.0MB

MD5
0baafc258dacc9de58f5f6958657a83f

SHA1
bf7296c26a3c29123f0982eeb72a968ae8486810

SHA256
65d3779d725a8d1f4a6010c1d8a909f0ddb27d3ff7ab500763c23e5d7eb20ada

SHA512
e43afc6c45e206c7ee9f9ea70f5da2f9dabac4ad2c433e02838738a4f53397b8964074b0ec3da07631f86e73afdcac6b7371a8c51168165d5af2068bb5ad81fd

Download Submit
C:\Windows\System\aiGCNDk.exe

Filesize
6.0MB

MD5
63a989f0be21ad8db9cc925fe8600c88

SHA1
0a53f53329e44107599a8d51d3567f6e5f65fd71

SHA256
9dc0afbc72034f5f58f7f390b5b43bf08a77b908355fb84a03913b12a5373edb

SHA512
9b2fa194919bc1871e9caac7a65adbff653f7dabf49a3f39617186d27406f9e24b3794c8d77f65119230658a52fb3c90874f205a6b2a79830f043d48e8ea9675

Download Submit
C:\Windows\System\cYlvavq.exe

Filesize
6.0MB

MD5
df267a970f05232d259bf1686068a224

SHA1
bf2f7ae941f64e48479c41348180fa27d7d227fb

SHA256
d6562613797d6d19a8e4c884055c074ff559d05eba8947d5a6b0fda396d7de69

SHA512
eccbf5a75ec7d415110a8f0989e8b451c46cb3fa327c72c1f45aed1044a17825fbd36460b8971cfe77185c56edce03b76b4c1cba598f3673c0a6682600925892

Download Submit
C:\Windows\System\gFLFwiF.exe

Filesize
6.0MB

MD5
0c819879eb19c583ff0efa20e39612ed

SHA1
261a2a400615dbdd77296dd3f4dc0024f9f5f336

SHA256
559a67e66b0c6a1675f28549da9ae05d8200c11aeaa5826000c3b0c30a59f9a4

SHA512
4686010adc0cd90834fec3c28d5d649c900acd88bb704192a726ecdfd24138ea6f18a3a6fbd0452e53bbdf74d9ba5289b54737ae55d45008c3451305ff1e373b

Download Submit
C:\Windows\System\heHcfng.exe

Filesize
6.0MB

MD5
02383d3808a63f713a09712c6ab6c3f3

SHA1
df4792ed1a1455a5bd1840fdb61555e5b1e8e782

SHA256
584a7b6777d8f05b9c0e586cf7899a0ab025644a885141fb3b7c93a9b15eab1e

SHA512
9f8276ccc53a53449f84466f02d6a9f6f77d87966a0c2fba288fe7b4464e38725656033875665391794ef95f46b8fcdfa3e5087b75a3b22ae16e9b990b44a11d

Download Submit
C:\Windows\System\idykLVq.exe

Filesize
6.0MB

MD5
68827774410ad2d15dcc703a6594e539

SHA1
0869118d722198a366a7ec979d7c1929734513a0

SHA256
948c9564955f2b3e52b463a1ff22d77e33e658c17237c75a1eaf5c949d97b0ee

SHA512
31afa623f0348ef03a98b0135f5c466b09ec95ec53d11b483f603586ac84eeda0a8931dc951bbe476dae9e7e3d5ed2657b67359a20b4643016bc03f65a23fca6

Download Submit
C:\Windows\System\jKtzKYn.exe

Filesize
6.0MB

MD5
81841058cda5147d474f9e57223315b3

SHA1
27c653186a1add447ba31d2b146cd35f7c67eec8

SHA256
ab84e1870baf990534fefab83f61c64bbc28f17e31cc52f2dc8218d2eab4b129

SHA512
042f2f7f35f292827365866bea18b404880a1a3083b73aacda9ee2a09cf02e9061ba40b884439234498be32eb2c9fc7f360831aea730bb06d313103d0e30733a

Download Submit
C:\Windows\System\kDMyMPj.exe

Filesize
6.0MB

MD5
6a0cdf4989c5d7a3dbf800f01cfc22e0

SHA1
038fbedd5fadeda4ee9ca423b769170de8300a27

SHA256
0ec08ae63071e481e7dd19f6906624e8fa65df375f936cf8ae7a17fdecbd25ff

SHA512
c0368fc3b6f7dcec03f2eb896654d2b2d30dcd27ba117ae68bea50f973e2b25d68787c86ebab73d73e9e5a8ff924539e3fe5937f4ff81d8ddea6083cfe53530d

Download Submit
C:\Windows\System\lBiFMdV.exe

Filesize
6.0MB

MD5
91a1bdddfd2db8b1357644cf5bcebcc1

SHA1
7559c2fbeba024f369eed0b8bc955da8bfe1a300

SHA256
72c0ef1ef617ff75a748edc7f34f37e5dcf6706f10ee2af2d6c63c33cf5289c9

SHA512
bbe731bc931e04722cdeada9c6045f4dd22c37a406753f0f16237069aa0a3185f1c343aefdd8eef286a7d217a78dcfde6a5efc8222116eff6803023add618153

Download Submit
C:\Windows\System\lvfrqst.exe

Filesize
6.0MB

MD5
530af9eb312d3b658e74f813139a92d3

SHA1
69ce8bf39c5c3895ec72f74b61cbc698e6012b87

SHA256
6451a3771492f28c821f3c526e49c484694618a93f308863577c49f486a7e66d

SHA512
5987a002d9658514f11b15372f1864357afd0ac2279f581eaaa838c55962d77456769ced39508980dd38619ec86bf862688300895efd65ff3416d5165e16b1de

Download Submit
C:\Windows\System\nclDhGz.exe

Filesize
6.0MB

MD5
2686ac4378da5a0953fdb899149570c8

SHA1
e5efa5b384f848ad6dccadf5ee70ede8a729229a

SHA256
cbe087e42fd0145b9893df9583f2dd2472e686c3426835a43b845be34e61927a

SHA512
f961c493dc1d901712690afbaff0f9f369bdd50d3ef32625c1ff30e1a66c3b2e7cc69d7567dfd15aa33111de815fe2ce78ac777ea160abcf209d011e518f9906

Download Submit
C:\Windows\System\njnGStg.exe

Filesize
6.0MB

MD5
37b9bd6049803cdab72b199d250dcf9a

SHA1
8b04302567aaacb39c93db996fd8ae1a15adc862

SHA256
b6b743c85f6ff42b89f1e830363b42f3c08794875a7bbb94cf4cb79cb9dd1c0f

SHA512
42a6ba23fd5a485270aad08a67c5d3cf23d44c0e6b0e91359a4add64b911fc9c61072204e0f05d2d235e53d036ec3260edf1ef12c1faa18a0b3882dca82d6701

Download Submit
C:\Windows\System\qDiXZKu.exe

Filesize
6.0MB

MD5
16117f212500bc5762f7e8a283d8acb7

SHA1
7c270f15b5d1fea5d33fba7294c9d9e04c7f871b

SHA256
c434a2c6a1fef787c8b900fc16b3addb67dfde845cbc56251d11bf56f2039585

SHA512
72e2fb25aa514879462f5a5f3b5e69ec34a8f83c1085381896445a5e8fa5cfdcc6906b601b23fd2939a416468546a2477578572389f89e05a7a853f25bd36dbe

Download Submit
C:\Windows\System\rbaTOiw.exe

Filesize
6.0MB

MD5
f16ba715bec813a4b277b28e4076ceda

SHA1
93e2fea2cef84c0de5a0f516354dc83f91878e93

SHA256
6d607b8f4eb128c3cd122c56dbcb7148a2b3df1bcd30a143afdda8533cb1b19c

SHA512
8031c36b43d5aaa23904e68709641cd4962942acd2773b1b4d3d45283be458ca94077e62557668c1566f088a0f65e551738339a47d9fe3fc67c5d405084f5e7e

Download Submit
C:\Windows\System\sMmXWXj.exe

Filesize
6.0MB

MD5
af12817a41bdac2b6d34fc25ce28df2f

SHA1
b94da5208be9c408d5cd4e7945e7a0b0a74a2468

SHA256
9c738d9b1e39f0dcf700aeeb4a09b21d34f9c1112faaaf59183d8b11900bd1ab

SHA512
59ecf68c55e8691788b3892cf922a46ff83ff238abf272fb2983ced85ace9cf6e5151a08e3bd180040947629fae125f976e94d98f8160225c76368e0bd70b7b7

Download Submit
C:\Windows\System\seTxDPJ.exe

Filesize
6.0MB

MD5
ada47e6709b280a702f493ddaa1e2f6c

SHA1
fc22b24586fae84188bc137af501896d8e271d1f

SHA256
196bdb8de453d1fdcf0315ac4bc02c9f2c191d62dd8158c0b3a8f33e2c773b09

SHA512
a7d5e6660b77f15b46cb8e969c1f93e8cbe2f7fe5606580cae5aef084bdf14824843d76ac1ccedd90fe478893fd925feaf4da23e27c41e8dcb38ec1ef9c6f57c

Download Submit
C:\Windows\System\udKociL.exe

Filesize
6.0MB

MD5
5a6624eab4d89e8ed4633597be776a84

SHA1
1702793863f1f147219ef6cb3b5b793543396c89

SHA256
a8f06e13f40e074d7cfd95d41b7116e0fff2fb3b83a00d52b93acf0ed7351ea2

SHA512
f5f596e2a824fe12803793b2005982a44c581064b073ade6ac56877b7605a36a7fa785e60e9846eaeb874a826b7e86cd8ac2353cab7403d8470bfef1bb1d515e

Download Submit
C:\Windows\System\vrtlmAI.exe

Filesize
6.0MB

MD5
b21b8ba82117c666782f16406dec43a8

SHA1
7579ae00d9b70e876a9ec4f093f7b599dd0d1d5c

SHA256
24357c6217dabb7a120f51d92d40a64dde816e7d6d1d4db2d1e6df98b255bc69

SHA512
7fa83ee1aa920fd0ae57662221e11ca93f58c0184c28c255f8dbba943944f9f451278d41f24f1f389b20ec3809af4717c41c43eddf362378c05ec5234f819f70

Download Submit
C:\Windows\System\xEoyLMP.exe

Filesize
6.0MB

MD5
eccaeb6e394b517f484a678e12833307

SHA1
76711f8ae5d06b27b9bbbf7170271572ae90528b

SHA256
3b356f715c06c8411953fb1fa28d0877ca07c67727a6453d069f6ebd75c6619e

SHA512
8df6855031aa4464a5cc3c087e6544c5eaf4f94efd16bfdfc316660cae6a91c49ff2654bd9a19f3d41791ed8523cf4156d6809680e8802f08832228572dbc87d

Download Submit
memory/316-152-0x00007FF66D360000-0x00007FF66D6B4000-memory.dmp

Filesize
3.3MB

Download
memory/316-660-0x00007FF66D360000-0x00007FF66D6B4000-memory.dmp

Filesize
3.3MB

Download
memory/812-215-0x00007FF671250000-0x00007FF6715A4000-memory.dmp

Filesize
3.3MB

Download
memory/812-1088-0x00007FF671250000-0x00007FF6715A4000-memory.dmp

Filesize
3.3MB

Download
memory/1256-72-0x00007FF765E80000-0x00007FF7661D4000-memory.dmp

Filesize
3.3MB

Download
memory/1256-1-0x000001A3BFD80000-0x000001A3BFD90000-memory.dmp

Filesize
64KB

Download
memory/1256-0-0x00007FF765E80000-0x00007FF7661D4000-memory.dmp

Filesize
3.3MB

Download
memory/1436-60-0x00007FF62C6D0000-0x00007FF62CA24000-memory.dmp

Filesize
3.3MB

Download
memory/1436-233-0x00007FF62C6D0000-0x00007FF62CA24000-memory.dmp

Filesize
3.3MB

Download
memory/1436-361-0x00007FF62C6D0000-0x00007FF62CA24000-memory.dmp

Filesize
3.3MB

Download
memory/1772-147-0x00007FF6D51C0000-0x00007FF6D5514000-memory.dmp

Filesize
3.3MB

Download
memory/1772-652-0x00007FF6D51C0000-0x00007FF6D5514000-memory.dmp

Filesize
3.3MB

Download
memory/1816-100-0x00007FF769B80000-0x00007FF769ED4000-memory.dmp

Filesize
3.3MB

Download
memory/1816-632-0x00007FF769B80000-0x00007FF769ED4000-memory.dmp

Filesize
3.3MB

Download
memory/1932-1075-0x00007FF6374D0000-0x00007FF637824000-memory.dmp

Filesize
3.3MB

Download
memory/1932-178-0x00007FF6374D0000-0x00007FF637824000-memory.dmp

Filesize
3.3MB

Download
memory/1936-648-0x00007FF63F700000-0x00007FF63FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1936-156-0x00007FF63F700000-0x00007FF63FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1944-73-0x00007FF619590000-0x00007FF6198E4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-371-0x00007FF619590000-0x00007FF6198E4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-286-0x00007FF619590000-0x00007FF6198E4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-24-0x00007FF77B160000-0x00007FF77B4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-87-0x00007FF77B160000-0x00007FF77B4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-346-0x00007FF77B160000-0x00007FF77B4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-658-0x00007FF65B870000-0x00007FF65BBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-150-0x00007FF65B870000-0x00007FF65BBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-13-0x00007FF7D8420000-0x00007FF7D8774000-memory.dmp

Filesize
3.3MB

Download
memory/2384-94-0x00007FF7D8420000-0x00007FF7D8774000-memory.dmp

Filesize
3.3MB

Download
memory/2384-338-0x00007FF7D8420000-0x00007FF7D8774000-memory.dmp

Filesize
3.3MB

Download
memory/2416-33-0x00007FF7B8020000-0x00007FF7B8374000-memory.dmp

Filesize
3.3MB

Download
memory/2416-146-0x00007FF7B8020000-0x00007FF7B8374000-memory.dmp

Filesize
3.3MB

Download
memory/2416-356-0x00007FF7B8020000-0x00007FF7B8374000-memory.dmp

Filesize
3.3MB

Download
memory/2692-67-0x00007FF60AFE0000-0x00007FF60B334000-memory.dmp

Filesize
3.3MB

Download
memory/2692-240-0x00007FF60AFE0000-0x00007FF60B334000-memory.dmp

Filesize
3.3MB

Download
memory/2692-368-0x00007FF60AFE0000-0x00007FF60B334000-memory.dmp

Filesize
3.3MB

Download
memory/3236-362-0x00007FF68DC00000-0x00007FF68DF54000-memory.dmp

Filesize
3.3MB

Download
memory/3236-42-0x00007FF68DC00000-0x00007FF68DF54000-memory.dmp

Filesize
3.3MB

Download
memory/3236-211-0x00007FF68DC00000-0x00007FF68DF54000-memory.dmp

Filesize
3.3MB

Download
memory/3256-174-0x00007FF77D3C0000-0x00007FF77D714000-memory.dmp

Filesize
3.3MB

Download
memory/3256-358-0x00007FF77D3C0000-0x00007FF77D714000-memory.dmp

Filesize
3.3MB

Download
memory/3256-37-0x00007FF77D3C0000-0x00007FF77D714000-memory.dmp

Filesize
3.3MB

Download
memory/3304-95-0x00007FF756F50000-0x00007FF7572A4000-memory.dmp

Filesize
3.3MB

Download
memory/3304-626-0x00007FF756F50000-0x00007FF7572A4000-memory.dmp

Filesize
3.3MB

Download
memory/3364-149-0x00007FF709350000-0x00007FF7096A4000-memory.dmp

Filesize
3.3MB

Download
memory/3364-653-0x00007FF709350000-0x00007FF7096A4000-memory.dmp

Filesize
3.3MB

Download
memory/3592-71-0x00007FF6B4AB0000-0x00007FF6B4E04000-memory.dmp

Filesize
3.3MB

Download
memory/3592-366-0x00007FF6B4AB0000-0x00007FF6B4E04000-memory.dmp

Filesize
3.3MB

Download
memory/3604-151-0x00007FF654020000-0x00007FF654374000-memory.dmp

Filesize
3.3MB

Download
memory/3604-657-0x00007FF654020000-0x00007FF654374000-memory.dmp

Filesize
3.3MB

Download
memory/3812-153-0x00007FF6BAED0000-0x00007FF6BB224000-memory.dmp

Filesize
3.3MB

Download
memory/3812-661-0x00007FF6BAED0000-0x00007FF6BB224000-memory.dmp

Filesize
3.3MB

Download
memory/3816-157-0x00007FF68BEB0000-0x00007FF68C204000-memory.dmp

Filesize
3.3MB

Download
memory/3816-352-0x00007FF68BEB0000-0x00007FF68C204000-memory.dmp

Filesize
3.3MB

Download
memory/3816-31-0x00007FF68BEB0000-0x00007FF68C204000-memory.dmp

Filesize
3.3MB

Download
memory/4088-638-0x00007FF645600000-0x00007FF645954000-memory.dmp

Filesize
3.3MB

Download
memory/4088-154-0x00007FF645600000-0x00007FF645954000-memory.dmp

Filesize
3.3MB

Download
memory/4100-170-0x00007FF637E80000-0x00007FF6381D4000-memory.dmp

Filesize
3.3MB

Download
memory/4100-1073-0x00007FF637E80000-0x00007FF6381D4000-memory.dmp

Filesize
3.3MB

Download
memory/4140-656-0x00007FF67F600000-0x00007FF67F954000-memory.dmp

Filesize
3.3MB

Download
memory/4140-148-0x00007FF67F600000-0x00007FF67F954000-memory.dmp

Filesize
3.3MB

Download
memory/4432-228-0x00007FF6C9850000-0x00007FF6C9BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4432-53-0x00007FF6C9850000-0x00007FF6C9BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4432-359-0x00007FF6C9850000-0x00007FF6C9BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4488-155-0x00007FF7A40D0000-0x00007FF7A4424000-memory.dmp

Filesize
3.3MB

Download
memory/4488-649-0x00007FF7A40D0000-0x00007FF7A4424000-memory.dmp

Filesize
3.3MB

Download
memory/4632-8-0x00007FF71E530000-0x00007FF71E884000-memory.dmp

Filesize
3.3MB

Download
memory/4632-332-0x00007FF71E530000-0x00007FF71E884000-memory.dmp

Filesize
3.3MB

Download
memory/4712-209-0x00007FF76C190000-0x00007FF76C4E4000-memory.dmp

Filesize
3.3MB

Download
memory/4712-1081-0x00007FF76C190000-0x00007FF76C4E4000-memory.dmp

Filesize
3.3MB

Download
memory/4956-629-0x00007FF773810000-0x00007FF773B64000-memory.dmp

Filesize
3.3MB

Download
memory/4956-97-0x00007FF773810000-0x00007FF773B64000-memory.dmp

Filesize
3.3MB

Download