cobaltstrike | 8fe691056f6a4ff6539f9262e660a3747e9e798c036021e86e9cc83c35cd111e

Analysis

max time kernel
124s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

85dcfdbe7291946a228800355dab1f73
SHA1

7d608db1c89f89a222cf94830ed7a3cb64e96715
SHA256

8fe691056f6a4ff6539f9262e660a3747e9e798c036021e86e9cc83c35cd111e
SHA512

e58d549b93e5d6ebd28f6e9c35c128a82de99ae923f423687bd824f0bf40c2cd3772c753263f3be7ae11cfdf3828016b7c61398a26ef5d97606ffa2c37f28c50
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU+:T+q56utgpPF8u/7+

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral2/files/0x0008000000023ca7-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cac-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cab-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cad-24.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-34.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-39.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023ca8-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-61.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb4-65.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb5-85.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb7-90.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb9-98.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbb-110.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbc-116.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbd-121.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbf-136.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbe-134.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cba-108.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb8-100.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb6-87.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb2-83.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-57.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc1-150.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc2-159.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc3-169.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc4-171.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc5-179.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc7-189.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cca-200.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc9-196.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc8-195.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc6-194.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc0-151.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/1076-0-0x00007FF7D0740000-0x00007FF7D0A94000-memory.dmp	xmrig
behavioral2/files/0x0008000000023ca7-4.dat	xmrig
behavioral2/memory/828-7-0x00007FF6A6F80000-0x00007FF6A72D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cac-10.dat	xmrig
behavioral2/files/0x0007000000023cab-11.dat	xmrig
behavioral2/memory/3644-12-0x00007FF6896E0000-0x00007FF689A34000-memory.dmp	xmrig
behavioral2/memory/3596-18-0x00007FF7EE310000-0x00007FF7EE664000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cad-24.dat	xmrig
behavioral2/memory/3936-26-0x00007FF6A7770000-0x00007FF6A7AC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cae-28.dat	xmrig
behavioral2/files/0x0007000000023caf-34.dat	xmrig
behavioral2/memory/2664-36-0x00007FF679870000-0x00007FF679BC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb0-39.dat	xmrig
behavioral2/memory/1000-45-0x00007FF724680000-0x00007FF7249D4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023ca8-47.dat	xmrig
behavioral2/files/0x0007000000023cb3-61.dat	xmrig
behavioral2/memory/1076-66-0x00007FF7D0740000-0x00007FF7D0A94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb4-65.dat	xmrig
behavioral2/files/0x0007000000023cb5-85.dat	xmrig
behavioral2/files/0x0007000000023cb7-90.dat	xmrig
behavioral2/files/0x0007000000023cb9-98.dat	xmrig
behavioral2/files/0x0007000000023cbb-110.dat	xmrig
behavioral2/files/0x0007000000023cbc-116.dat	xmrig
behavioral2/files/0x0007000000023cbd-121.dat	xmrig
behavioral2/memory/3280-139-0x00007FF683BD0000-0x00007FF683F24000-memory.dmp	xmrig
behavioral2/memory/1788-143-0x00007FF77A3C0000-0x00007FF77A714000-memory.dmp	xmrig
behavioral2/memory/3644-142-0x00007FF6896E0000-0x00007FF689A34000-memory.dmp	xmrig
behavioral2/memory/4716-141-0x00007FF739AC0000-0x00007FF739E14000-memory.dmp	xmrig
behavioral2/memory/2840-140-0x00007FF644DF0000-0x00007FF645144000-memory.dmp	xmrig
behavioral2/memory/2084-138-0x00007FF7C77D0000-0x00007FF7C7B24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbf-136.dat	xmrig
behavioral2/files/0x0007000000023cbe-134.dat	xmrig
behavioral2/memory/4600-133-0x00007FF6F18B0000-0x00007FF6F1C04000-memory.dmp	xmrig
behavioral2/memory/1928-130-0x00007FF6B6110000-0x00007FF6B6464000-memory.dmp	xmrig
behavioral2/memory/1372-129-0x00007FF722640000-0x00007FF722994000-memory.dmp	xmrig
behavioral2/memory/2972-124-0x00007FF6A6950000-0x00007FF6A6CA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cba-108.dat	xmrig
behavioral2/files/0x0007000000023cb8-100.dat	xmrig
behavioral2/memory/4436-94-0x00007FF7D9B80000-0x00007FF7D9ED4000-memory.dmp	xmrig
behavioral2/memory/828-92-0x00007FF6A6F80000-0x00007FF6A72D4000-memory.dmp	xmrig
behavioral2/memory/1316-89-0x00007FF6FC850000-0x00007FF6FCBA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb6-87.dat	xmrig
behavioral2/files/0x0007000000023cb2-83.dat	xmrig
behavioral2/memory/3340-82-0x00007FF6C6F00000-0x00007FF6C7254000-memory.dmp	xmrig
behavioral2/memory/1428-80-0x00007FF6DD090000-0x00007FF6DD3E4000-memory.dmp	xmrig
behavioral2/memory/3188-71-0x00007FF63C770000-0x00007FF63CAC4000-memory.dmp	xmrig
behavioral2/memory/3516-58-0x00007FF7AF5A0000-0x00007FF7AF8F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb1-57.dat	xmrig
behavioral2/memory/2888-49-0x00007FF6C5510000-0x00007FF6C5864000-memory.dmp	xmrig
behavioral2/memory/1648-31-0x00007FF787FC0000-0x00007FF788314000-memory.dmp	xmrig
behavioral2/memory/3596-147-0x00007FF7EE310000-0x00007FF7EE664000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc1-150.dat	xmrig
behavioral2/files/0x0007000000023cc2-159.dat	xmrig
behavioral2/files/0x0007000000023cc3-169.dat	xmrig
behavioral2/files/0x0007000000023cc4-171.dat	xmrig
behavioral2/memory/2664-178-0x00007FF679870000-0x00007FF679BC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc5-179.dat	xmrig
behavioral2/memory/2348-180-0x00007FF7543C0000-0x00007FF754714000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc7-189.dat	xmrig
behavioral2/files/0x0007000000023cca-200.dat	xmrig
behavioral2/memory/2888-255-0x00007FF6C5510000-0x00007FF6C5864000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc9-196.dat	xmrig
behavioral2/files/0x0007000000023cc8-195.dat	xmrig
behavioral2/files/0x0007000000023cc6-194.dat	xmrig

Executes dropped EXE 64 IoCs

Processes:

Okmdwmk.exeNoIggKY.exeQZKIcsO.exevICUqOo.exelxchZdj.exesDEINTM.exelNAYjVZ.exeWbrMnlw.exefQguRhp.exeRRgonbA.exeWaOmtVm.exexxlCWdK.exefHDRXLa.exetnMysrC.exeyIFogQy.exePKhIhfB.exejgrTNkU.exeGCkaqXB.exemZYAXoN.exeiMKmZBS.execZHlDOB.exeCTpJujn.exeuGcHtVg.exegKZlfOS.exeJQJtWfn.exePvFnsJA.exeSqRVpwT.exeSgrJvtk.exetimBXVG.exedMQgrqg.exeJjcciiZ.exePxfUVHE.exeGXfyjut.exeGwERirI.exehPZWnkG.execcIrdze.exelrYERIp.exeJFgtjFl.exeEDFKLOg.exeIojCfDx.exeJFOiIMN.exeBjjYDDE.exepBroyMV.exehcTLnju.exeWlubSLp.exeXwcfBEJ.exeIXtTmUm.exexTsqBGN.exejfDPYLF.exevREHStD.exedEkTgBQ.exeQRtppYR.exeDDKMtDA.exejxQhEoM.exetrZWAXP.exewZxLldQ.exeRWgBXtx.exelbyjyGV.exevQMOToy.exeUMaxJKr.exeXyCKXiS.exeEbjOnJB.exeXnfpgYo.exeICGnXoZ.exe

pid	Process
828	Okmdwmk.exe
3644	NoIggKY.exe
3596	QZKIcsO.exe
3936	vICUqOo.exe
1648	lxchZdj.exe
2664	sDEINTM.exe
1000	lNAYjVZ.exe
2888	WbrMnlw.exe
3516	fQguRhp.exe
3188	RRgonbA.exe
1428	WaOmtVm.exe
1316	xxlCWdK.exe
4436	fHDRXLa.exe
3340	tnMysrC.exe
2972	yIFogQy.exe
1788	PKhIhfB.exe
1372	jgrTNkU.exe
1928	GCkaqXB.exe
4600	mZYAXoN.exe
2084	iMKmZBS.exe
3280	cZHlDOB.exe
2840	CTpJujn.exe
4716	uGcHtVg.exe
4976	gKZlfOS.exe
1500	JQJtWfn.exe
3308	PvFnsJA.exe
1492	SqRVpwT.exe
2348	SgrJvtk.exe
1512	timBXVG.exe
2224	dMQgrqg.exe
228	JjcciiZ.exe
4840	PxfUVHE.exe
4820	GXfyjut.exe
3456	GwERirI.exe
3412	hPZWnkG.exe
3160	ccIrdze.exe
900	lrYERIp.exe
2720	JFgtjFl.exe
4944	EDFKLOg.exe
3572	IojCfDx.exe
4416	JFOiIMN.exe
2624	BjjYDDE.exe
3660	pBroyMV.exe
1136	hcTLnju.exe
544	WlubSLp.exe
1976	XwcfBEJ.exe
3872	IXtTmUm.exe
2248	xTsqBGN.exe
1804	jfDPYLF.exe
3208	vREHStD.exe
3136	dEkTgBQ.exe
1912	QRtppYR.exe
224	DDKMtDA.exe
4896	jxQhEoM.exe
488	trZWAXP.exe
1128	wZxLldQ.exe
1368	RWgBXtx.exe
1528	lbyjyGV.exe
3628	vQMOToy.exe
3312	UMaxJKr.exe
3584	XyCKXiS.exe
1552	EbjOnJB.exe
1860	XnfpgYo.exe
2460	ICGnXoZ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1076-0-0x00007FF7D0740000-0x00007FF7D0A94000-memory.dmp	upx
behavioral2/files/0x0008000000023ca7-4.dat	upx
behavioral2/memory/828-7-0x00007FF6A6F80000-0x00007FF6A72D4000-memory.dmp	upx
behavioral2/files/0x0007000000023cac-10.dat	upx
behavioral2/files/0x0007000000023cab-11.dat	upx
behavioral2/memory/3644-12-0x00007FF6896E0000-0x00007FF689A34000-memory.dmp	upx
behavioral2/memory/3596-18-0x00007FF7EE310000-0x00007FF7EE664000-memory.dmp	upx
behavioral2/files/0x0007000000023cad-24.dat	upx
behavioral2/memory/3936-26-0x00007FF6A7770000-0x00007FF6A7AC4000-memory.dmp	upx
behavioral2/files/0x0007000000023cae-28.dat	upx
behavioral2/files/0x0007000000023caf-34.dat	upx
behavioral2/memory/2664-36-0x00007FF679870000-0x00007FF679BC4000-memory.dmp	upx
behavioral2/files/0x0007000000023cb0-39.dat	upx
behavioral2/memory/1000-45-0x00007FF724680000-0x00007FF7249D4000-memory.dmp	upx
behavioral2/files/0x0008000000023ca8-47.dat	upx
behavioral2/files/0x0007000000023cb3-61.dat	upx
behavioral2/memory/1076-66-0x00007FF7D0740000-0x00007FF7D0A94000-memory.dmp	upx
behavioral2/files/0x0007000000023cb4-65.dat	upx
behavioral2/files/0x0007000000023cb5-85.dat	upx
behavioral2/files/0x0007000000023cb7-90.dat	upx
behavioral2/files/0x0007000000023cb9-98.dat	upx
behavioral2/files/0x0007000000023cbb-110.dat	upx
behavioral2/files/0x0007000000023cbc-116.dat	upx
behavioral2/files/0x0007000000023cbd-121.dat	upx
behavioral2/memory/3280-139-0x00007FF683BD0000-0x00007FF683F24000-memory.dmp	upx
behavioral2/memory/1788-143-0x00007FF77A3C0000-0x00007FF77A714000-memory.dmp	upx
behavioral2/memory/3644-142-0x00007FF6896E0000-0x00007FF689A34000-memory.dmp	upx
behavioral2/memory/4716-141-0x00007FF739AC0000-0x00007FF739E14000-memory.dmp	upx
behavioral2/memory/2840-140-0x00007FF644DF0000-0x00007FF645144000-memory.dmp	upx
behavioral2/memory/2084-138-0x00007FF7C77D0000-0x00007FF7C7B24000-memory.dmp	upx
behavioral2/files/0x0007000000023cbf-136.dat	upx
behavioral2/files/0x0007000000023cbe-134.dat	upx
behavioral2/memory/4600-133-0x00007FF6F18B0000-0x00007FF6F1C04000-memory.dmp	upx
behavioral2/memory/1928-130-0x00007FF6B6110000-0x00007FF6B6464000-memory.dmp	upx
behavioral2/memory/1372-129-0x00007FF722640000-0x00007FF722994000-memory.dmp	upx
behavioral2/memory/2972-124-0x00007FF6A6950000-0x00007FF6A6CA4000-memory.dmp	upx
behavioral2/files/0x0007000000023cba-108.dat	upx
behavioral2/files/0x0007000000023cb8-100.dat	upx
behavioral2/memory/4436-94-0x00007FF7D9B80000-0x00007FF7D9ED4000-memory.dmp	upx
behavioral2/memory/828-92-0x00007FF6A6F80000-0x00007FF6A72D4000-memory.dmp	upx
behavioral2/memory/1316-89-0x00007FF6FC850000-0x00007FF6FCBA4000-memory.dmp	upx
behavioral2/files/0x0007000000023cb6-87.dat	upx
behavioral2/files/0x0007000000023cb2-83.dat	upx
behavioral2/memory/3340-82-0x00007FF6C6F00000-0x00007FF6C7254000-memory.dmp	upx
behavioral2/memory/1428-80-0x00007FF6DD090000-0x00007FF6DD3E4000-memory.dmp	upx
behavioral2/memory/3188-71-0x00007FF63C770000-0x00007FF63CAC4000-memory.dmp	upx
behavioral2/memory/3516-58-0x00007FF7AF5A0000-0x00007FF7AF8F4000-memory.dmp	upx
behavioral2/files/0x0007000000023cb1-57.dat	upx
behavioral2/memory/2888-49-0x00007FF6C5510000-0x00007FF6C5864000-memory.dmp	upx
behavioral2/memory/1648-31-0x00007FF787FC0000-0x00007FF788314000-memory.dmp	upx
behavioral2/memory/3596-147-0x00007FF7EE310000-0x00007FF7EE664000-memory.dmp	upx
behavioral2/files/0x0007000000023cc1-150.dat	upx
behavioral2/files/0x0007000000023cc2-159.dat	upx
behavioral2/files/0x0007000000023cc3-169.dat	upx
behavioral2/files/0x0007000000023cc4-171.dat	upx
behavioral2/memory/2664-178-0x00007FF679870000-0x00007FF679BC4000-memory.dmp	upx
behavioral2/files/0x0007000000023cc5-179.dat	upx
behavioral2/memory/2348-180-0x00007FF7543C0000-0x00007FF754714000-memory.dmp	upx
behavioral2/files/0x0007000000023cc7-189.dat	upx
behavioral2/files/0x0007000000023cca-200.dat	upx
behavioral2/memory/2888-255-0x00007FF6C5510000-0x00007FF6C5864000-memory.dmp	upx
behavioral2/files/0x0007000000023cc9-196.dat	upx
behavioral2/files/0x0007000000023cc8-195.dat	upx
behavioral2/files/0x0007000000023cc6-194.dat	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\ukkhTdT.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UOuGYiX.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZRvnbKO.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFERWia.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vUuXGht.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QRtppYR.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHuOfBe.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PyEqmtn.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xxlCWdK.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjlBzrA.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZoKiVhe.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgoVjmN.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omGbQjU.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fOnHmAR.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGVhxPU.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQhqFvD.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\icGlEep.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPukhmx.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImOoEdX.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qIYpawP.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SaChoYK.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WRAmBot.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cySukSe.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cFFAIag.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpgcEMI.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xoJjRpn.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KIVuxhB.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JqsTLMv.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PwUXnQh.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZzHorjg.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WlubSLp.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDJWxNR.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kLOjFjA.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\clShPVX.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emjisLq.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UWWAjZy.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cWauiRK.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtLiOni.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tVcWzzA.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYArUMx.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JkiZdlt.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZAXOVQp.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PPXtJDq.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GyRVPvN.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nnWvPnb.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlunQCZ.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFugySa.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QPvaATo.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpFsDEM.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cyVQHnZ.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vICUqOo.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vwUGyyn.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HDFXami.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ptlviba.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tjtWoPk.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SeoaiGL.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UrBkvCk.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qEUJXjC.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdapSPD.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctutEsm.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PvFnsJA.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHxXsOj.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtfpUKB.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UsUIJiR.exe	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 1076 wrote to memory of 828	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1076 wrote to memory of 828	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1076 wrote to memory of 3644	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1076 wrote to memory of 3644	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1076 wrote to memory of 3596	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1076 wrote to memory of 3596	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1076 wrote to memory of 3936	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1076 wrote to memory of 3936	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1076 wrote to memory of 1648	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1076 wrote to memory of 1648	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1076 wrote to memory of 2664	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1076 wrote to memory of 2664	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1076 wrote to memory of 1000	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1076 wrote to memory of 1000	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1076 wrote to memory of 2888	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1076 wrote to memory of 2888	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1076 wrote to memory of 3516	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1076 wrote to memory of 3516	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1076 wrote to memory of 3188	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1076 wrote to memory of 3188	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1076 wrote to memory of 1428	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1076 wrote to memory of 1428	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1076 wrote to memory of 1316	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1076 wrote to memory of 1316	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1076 wrote to memory of 4436	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1076 wrote to memory of 4436	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1076 wrote to memory of 3340	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1076 wrote to memory of 3340	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1076 wrote to memory of 2972	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1076 wrote to memory of 2972	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1076 wrote to memory of 1788	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1076 wrote to memory of 1788	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1076 wrote to memory of 1372	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1076 wrote to memory of 1372	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1076 wrote to memory of 1928	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1076 wrote to memory of 1928	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1076 wrote to memory of 4600	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1076 wrote to memory of 4600	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1076 wrote to memory of 2084	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1076 wrote to memory of 2084	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1076 wrote to memory of 3280	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1076 wrote to memory of 3280	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1076 wrote to memory of 2840	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1076 wrote to memory of 2840	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1076 wrote to memory of 4716	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1076 wrote to memory of 4716	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1076 wrote to memory of 4976	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1076 wrote to memory of 4976	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1076 wrote to memory of 1500	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1076 wrote to memory of 1500	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1076 wrote to memory of 3308	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1076 wrote to memory of 3308	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1076 wrote to memory of 1492	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1076 wrote to memory of 1492	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1076 wrote to memory of 2348	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1076 wrote to memory of 2348	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1076 wrote to memory of 1512	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1076 wrote to memory of 1512	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1076 wrote to memory of 228	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1076 wrote to memory of 228	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1076 wrote to memory of 2224	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 1076 wrote to memory of 2224	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 1076 wrote to memory of 4840	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 1076 wrote to memory of 4840	1076	2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_85dcfdbe7291946a228800355dab1f73_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Windows\System\Okmdwmk.exe
  C:\Windows\System\Okmdwmk.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\NoIggKY.exe
  C:\Windows\System\NoIggKY.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\QZKIcsO.exe
  C:\Windows\System\QZKIcsO.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\vICUqOo.exe
  C:\Windows\System\vICUqOo.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\lxchZdj.exe
  C:\Windows\System\lxchZdj.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\sDEINTM.exe
  C:\Windows\System\sDEINTM.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\lNAYjVZ.exe
  C:\Windows\System\lNAYjVZ.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\WbrMnlw.exe
  C:\Windows\System\WbrMnlw.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\fQguRhp.exe
  C:\Windows\System\fQguRhp.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\RRgonbA.exe
  C:\Windows\System\RRgonbA.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\WaOmtVm.exe
  C:\Windows\System\WaOmtVm.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\xxlCWdK.exe
  C:\Windows\System\xxlCWdK.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\fHDRXLa.exe
  C:\Windows\System\fHDRXLa.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\tnMysrC.exe
  C:\Windows\System\tnMysrC.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\yIFogQy.exe
  C:\Windows\System\yIFogQy.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\PKhIhfB.exe
  C:\Windows\System\PKhIhfB.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\jgrTNkU.exe
  C:\Windows\System\jgrTNkU.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\GCkaqXB.exe
  C:\Windows\System\GCkaqXB.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\mZYAXoN.exe
  C:\Windows\System\mZYAXoN.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\iMKmZBS.exe
  C:\Windows\System\iMKmZBS.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\cZHlDOB.exe
  C:\Windows\System\cZHlDOB.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\CTpJujn.exe
  C:\Windows\System\CTpJujn.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\uGcHtVg.exe
  C:\Windows\System\uGcHtVg.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\gKZlfOS.exe
  C:\Windows\System\gKZlfOS.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\JQJtWfn.exe
  C:\Windows\System\JQJtWfn.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\PvFnsJA.exe
  C:\Windows\System\PvFnsJA.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\SqRVpwT.exe
  C:\Windows\System\SqRVpwT.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\SgrJvtk.exe
  C:\Windows\System\SgrJvtk.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\timBXVG.exe
  C:\Windows\System\timBXVG.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\JjcciiZ.exe
  C:\Windows\System\JjcciiZ.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\dMQgrqg.exe
  C:\Windows\System\dMQgrqg.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\PxfUVHE.exe
  C:\Windows\System\PxfUVHE.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\GXfyjut.exe
  C:\Windows\System\GXfyjut.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\GwERirI.exe
  C:\Windows\System\GwERirI.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\ccIrdze.exe
  C:\Windows\System\ccIrdze.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\hPZWnkG.exe
  C:\Windows\System\hPZWnkG.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\lrYERIp.exe
  C:\Windows\System\lrYERIp.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\JFgtjFl.exe
  C:\Windows\System\JFgtjFl.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\EDFKLOg.exe
  C:\Windows\System\EDFKLOg.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\IojCfDx.exe
  C:\Windows\System\IojCfDx.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\JFOiIMN.exe
  C:\Windows\System\JFOiIMN.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\BjjYDDE.exe
  C:\Windows\System\BjjYDDE.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\pBroyMV.exe
  C:\Windows\System\pBroyMV.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\hcTLnju.exe
  C:\Windows\System\hcTLnju.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\WlubSLp.exe
  C:\Windows\System\WlubSLp.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\XwcfBEJ.exe
  C:\Windows\System\XwcfBEJ.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\IXtTmUm.exe
  C:\Windows\System\IXtTmUm.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\xTsqBGN.exe
  C:\Windows\System\xTsqBGN.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\jfDPYLF.exe
  C:\Windows\System\jfDPYLF.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\vREHStD.exe
  C:\Windows\System\vREHStD.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\dEkTgBQ.exe
  C:\Windows\System\dEkTgBQ.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\QRtppYR.exe
  C:\Windows\System\QRtppYR.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\DDKMtDA.exe
  C:\Windows\System\DDKMtDA.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\jxQhEoM.exe
  C:\Windows\System\jxQhEoM.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\trZWAXP.exe
  C:\Windows\System\trZWAXP.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\wZxLldQ.exe
  C:\Windows\System\wZxLldQ.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\RWgBXtx.exe
  C:\Windows\System\RWgBXtx.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\lbyjyGV.exe
  C:\Windows\System\lbyjyGV.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\vQMOToy.exe
  C:\Windows\System\vQMOToy.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\UMaxJKr.exe
  C:\Windows\System\UMaxJKr.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\XyCKXiS.exe
  C:\Windows\System\XyCKXiS.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\EbjOnJB.exe
  C:\Windows\System\EbjOnJB.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\XnfpgYo.exe
  C:\Windows\System\XnfpgYo.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\ICGnXoZ.exe
  C:\Windows\System\ICGnXoZ.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\DjjrGFj.exe
  C:\Windows\System\DjjrGFj.exe
  2⤵
  PID:4388
- C:\Windows\System\mqSKOPZ.exe
  C:\Windows\System\mqSKOPZ.exe
  2⤵
  PID:2572
- C:\Windows\System\SypmbwT.exe
  C:\Windows\System\SypmbwT.exe
  2⤵
  PID:3252
- C:\Windows\System\rEnILJF.exe
  C:\Windows\System\rEnILJF.exe
  2⤵
  PID:2188
- C:\Windows\System\QTgpCkx.exe
  C:\Windows\System\QTgpCkx.exe
  2⤵
  PID:4352
- C:\Windows\System\awLVhqO.exe
  C:\Windows\System\awLVhqO.exe
  2⤵
  PID:1176
- C:\Windows\System\uSROOUr.exe
  C:\Windows\System\uSROOUr.exe
  2⤵
  PID:1012
- C:\Windows\System\igHqCxr.exe
  C:\Windows\System\igHqCxr.exe
  2⤵
  PID:2892
- C:\Windows\System\suoqfBX.exe
  C:\Windows\System\suoqfBX.exe
  2⤵
  PID:4168
- C:\Windows\System\mrgtzTa.exe
  C:\Windows\System\mrgtzTa.exe
  2⤵
  PID:1948
- C:\Windows\System\TpcwslX.exe
  C:\Windows\System\TpcwslX.exe
  2⤵
  PID:1460
- C:\Windows\System\CtLiOni.exe
  C:\Windows\System\CtLiOni.exe
  2⤵
  PID:3056
- C:\Windows\System\QGIgGSc.exe
  C:\Windows\System\QGIgGSc.exe
  2⤵
  PID:4612
- C:\Windows\System\ukkhTdT.exe
  C:\Windows\System\ukkhTdT.exe
  2⤵
  PID:440
- C:\Windows\System\VSWjthd.exe
  C:\Windows\System\VSWjthd.exe
  2⤵
  PID:4732
- C:\Windows\System\cjRdQRu.exe
  C:\Windows\System\cjRdQRu.exe
  2⤵
  PID:3684
- C:\Windows\System\ayQsImq.exe
  C:\Windows\System\ayQsImq.exe
  2⤵
  PID:4500
- C:\Windows\System\AnoFajr.exe
  C:\Windows\System\AnoFajr.exe
  2⤵
  PID:1064
- C:\Windows\System\uXDQACB.exe
  C:\Windows\System\uXDQACB.exe
  2⤵
  PID:2272
- C:\Windows\System\CqJYICn.exe
  C:\Windows\System\CqJYICn.exe
  2⤵
  PID:2924
- C:\Windows\System\uBYAyAI.exe
  C:\Windows\System\uBYAyAI.exe
  2⤵
  PID:908
- C:\Windows\System\COoOPxc.exe
  C:\Windows\System\COoOPxc.exe
  2⤵
  PID:904
- C:\Windows\System\ZvXRBAV.exe
  C:\Windows\System\ZvXRBAV.exe
  2⤵
  PID:2804
- C:\Windows\System\cKvQMuX.exe
  C:\Windows\System\cKvQMuX.exe
  2⤵
  PID:648
- C:\Windows\System\xNBWCLk.exe
  C:\Windows\System\xNBWCLk.exe
  2⤵
  PID:632
- C:\Windows\System\hRgKUlU.exe
  C:\Windows\System\hRgKUlU.exe
  2⤵
  PID:1228
- C:\Windows\System\dhCMPVS.exe
  C:\Windows\System\dhCMPVS.exe
  2⤵
  PID:4424
- C:\Windows\System\VsSaQeX.exe
  C:\Windows\System\VsSaQeX.exe
  2⤵
  PID:5128
- C:\Windows\System\vDqxwfU.exe
  C:\Windows\System\vDqxwfU.exe
  2⤵
  PID:5164
- C:\Windows\System\CEFTDVl.exe
  C:\Windows\System\CEFTDVl.exe
  2⤵
  PID:5184
- C:\Windows\System\CfdCEVN.exe
  C:\Windows\System\CfdCEVN.exe
  2⤵
  PID:5200
- C:\Windows\System\DkxZSPZ.exe
  C:\Windows\System\DkxZSPZ.exe
  2⤵
  PID:5240
- C:\Windows\System\UOuGYiX.exe
  C:\Windows\System\UOuGYiX.exe
  2⤵
  PID:5268
- C:\Windows\System\dLQinhd.exe
  C:\Windows\System\dLQinhd.exe
  2⤵
  PID:5304
- C:\Windows\System\MNSMcMb.exe
  C:\Windows\System\MNSMcMb.exe
  2⤵
  PID:5336
- C:\Windows\System\PfXAKka.exe
  C:\Windows\System\PfXAKka.exe
  2⤵
  PID:5372
- C:\Windows\System\pXwtcGx.exe
  C:\Windows\System\pXwtcGx.exe
  2⤵
  PID:5416
- C:\Windows\System\kghXTBO.exe
  C:\Windows\System\kghXTBO.exe
  2⤵
  PID:5456
- C:\Windows\System\INTMaKe.exe
  C:\Windows\System\INTMaKe.exe
  2⤵
  PID:5500
- C:\Windows\System\mlColgM.exe
  C:\Windows\System\mlColgM.exe
  2⤵
  PID:5524
- C:\Windows\System\SgBDjtk.exe
  C:\Windows\System\SgBDjtk.exe
  2⤵
  PID:5556
- C:\Windows\System\bPgeCCs.exe
  C:\Windows\System\bPgeCCs.exe
  2⤵
  PID:5584
- C:\Windows\System\ntxbmkM.exe
  C:\Windows\System\ntxbmkM.exe
  2⤵
  PID:5612
- C:\Windows\System\lydjTzr.exe
  C:\Windows\System\lydjTzr.exe
  2⤵
  PID:5640
- C:\Windows\System\ygulYPC.exe
  C:\Windows\System\ygulYPC.exe
  2⤵
  PID:5668
- C:\Windows\System\kDgCKxv.exe
  C:\Windows\System\kDgCKxv.exe
  2⤵
  PID:5692
- C:\Windows\System\xoJjRpn.exe
  C:\Windows\System\xoJjRpn.exe
  2⤵
  PID:5724
- C:\Windows\System\zjlBzrA.exe
  C:\Windows\System\zjlBzrA.exe
  2⤵
  PID:5752
- C:\Windows\System\rNyzhSa.exe
  C:\Windows\System\rNyzhSa.exe
  2⤵
  PID:5776
- C:\Windows\System\fKjAyTp.exe
  C:\Windows\System\fKjAyTp.exe
  2⤵
  PID:5808
- C:\Windows\System\oaKyLLY.exe
  C:\Windows\System\oaKyLLY.exe
  2⤵
  PID:5836
- C:\Windows\System\SWqEzVG.exe
  C:\Windows\System\SWqEzVG.exe
  2⤵
  PID:5864
- C:\Windows\System\GiYseAJ.exe
  C:\Windows\System\GiYseAJ.exe
  2⤵
  PID:5892
- C:\Windows\System\UrBkvCk.exe
  C:\Windows\System\UrBkvCk.exe
  2⤵
  PID:5952
- C:\Windows\System\jZEtFcx.exe
  C:\Windows\System\jZEtFcx.exe
  2⤵
  PID:6004
- C:\Windows\System\LhuBimp.exe
  C:\Windows\System\LhuBimp.exe
  2⤵
  PID:6064
- C:\Windows\System\tVcWzzA.exe
  C:\Windows\System\tVcWzzA.exe
  2⤵
  PID:6136
- C:\Windows\System\zgrnIFy.exe
  C:\Windows\System\zgrnIFy.exe
  2⤵
  PID:5192
- C:\Windows\System\ipeDTMj.exe
  C:\Windows\System\ipeDTMj.exe
  2⤵
  PID:5264
- C:\Windows\System\jKRyHqL.exe
  C:\Windows\System\jKRyHqL.exe
  2⤵
  PID:5328
- C:\Windows\System\IQNBZVF.exe
  C:\Windows\System\IQNBZVF.exe
  2⤵
  PID:5364
- C:\Windows\System\rNQalGu.exe
  C:\Windows\System\rNQalGu.exe
  2⤵
  PID:5468
- C:\Windows\System\NeeCnZA.exe
  C:\Windows\System\NeeCnZA.exe
  2⤵
  PID:1564
- C:\Windows\System\pbMZacR.exe
  C:\Windows\System\pbMZacR.exe
  2⤵
  PID:5572
- C:\Windows\System\baZBmZE.exe
  C:\Windows\System\baZBmZE.exe
  2⤵
  PID:5620
- C:\Windows\System\QFFNXuO.exe
  C:\Windows\System\QFFNXuO.exe
  2⤵
  PID:3520
- C:\Windows\System\uDqVyew.exe
  C:\Windows\System\uDqVyew.exe
  2⤵
  PID:5732
- C:\Windows\System\jcHzBVF.exe
  C:\Windows\System\jcHzBVF.exe
  2⤵
  PID:5804
- C:\Windows\System\IBavKGE.exe
  C:\Windows\System\IBavKGE.exe
  2⤵
  PID:5852
- C:\Windows\System\reSJrWn.exe
  C:\Windows\System\reSJrWn.exe
  2⤵
  PID:5964
- C:\Windows\System\lNHYOLW.exe
  C:\Windows\System\lNHYOLW.exe
  2⤵
  PID:6120
- C:\Windows\System\cupHofX.exe
  C:\Windows\System\cupHofX.exe
  2⤵
  PID:5236
- C:\Windows\System\VKrPbtX.exe
  C:\Windows\System\VKrPbtX.exe
  2⤵
  PID:5412
- C:\Windows\System\gamzfdj.exe
  C:\Windows\System\gamzfdj.exe
  2⤵
  PID:5532
- C:\Windows\System\CIvIZUY.exe
  C:\Windows\System\CIvIZUY.exe
  2⤵
  PID:5664
- C:\Windows\System\NEZlXho.exe
  C:\Windows\System\NEZlXho.exe
  2⤵
  PID:5788
- C:\Windows\System\jhXNMet.exe
  C:\Windows\System\jhXNMet.exe
  2⤵
  PID:5880
- C:\Windows\System\rYArUMx.exe
  C:\Windows\System\rYArUMx.exe
  2⤵
  PID:5324
- C:\Windows\System\UBoJzqx.exe
  C:\Windows\System\UBoJzqx.exe
  2⤵
  PID:832
- C:\Windows\System\zxjgrFw.exe
  C:\Windows\System\zxjgrFw.exe
  2⤵
  PID:6048
- C:\Windows\System\cHuOfBe.exe
  C:\Windows\System\cHuOfBe.exe
  2⤵
  PID:4440
- C:\Windows\System\KdOByPl.exe
  C:\Windows\System\KdOByPl.exe
  2⤵
  PID:5824
- C:\Windows\System\YBdOvKB.exe
  C:\Windows\System\YBdOvKB.exe
  2⤵
  PID:6168
- C:\Windows\System\FKsZIvb.exe
  C:\Windows\System\FKsZIvb.exe
  2⤵
  PID:6196
- C:\Windows\System\OtLlMNb.exe
  C:\Windows\System\OtLlMNb.exe
  2⤵
  PID:6224
- C:\Windows\System\oDjHBMD.exe
  C:\Windows\System\oDjHBMD.exe
  2⤵
  PID:6248
- C:\Windows\System\vupMOLg.exe
  C:\Windows\System\vupMOLg.exe
  2⤵
  PID:6280
- C:\Windows\System\KnPRaoI.exe
  C:\Windows\System\KnPRaoI.exe
  2⤵
  PID:6312
- C:\Windows\System\lmikDDs.exe
  C:\Windows\System\lmikDDs.exe
  2⤵
  PID:6340
- C:\Windows\System\IkaCwXn.exe
  C:\Windows\System\IkaCwXn.exe
  2⤵
  PID:6368
- C:\Windows\System\EMdNRkB.exe
  C:\Windows\System\EMdNRkB.exe
  2⤵
  PID:6396
- C:\Windows\System\bvxyXZd.exe
  C:\Windows\System\bvxyXZd.exe
  2⤵
  PID:6424
- C:\Windows\System\CtXGxMv.exe
  C:\Windows\System\CtXGxMv.exe
  2⤵
  PID:6448
- C:\Windows\System\JwJmRAb.exe
  C:\Windows\System\JwJmRAb.exe
  2⤵
  PID:6468
- C:\Windows\System\iafomqk.exe
  C:\Windows\System\iafomqk.exe
  2⤵
  PID:6500
- C:\Windows\System\xEYnDjb.exe
  C:\Windows\System\xEYnDjb.exe
  2⤵
  PID:6556
- C:\Windows\System\ebeWuab.exe
  C:\Windows\System\ebeWuab.exe
  2⤵
  PID:6588
- C:\Windows\System\eyfAoey.exe
  C:\Windows\System\eyfAoey.exe
  2⤵
  PID:6628
- C:\Windows\System\qiveyXg.exe
  C:\Windows\System\qiveyXg.exe
  2⤵
  PID:6680
- C:\Windows\System\jqKFnsJ.exe
  C:\Windows\System\jqKFnsJ.exe
  2⤵
  PID:6708
- C:\Windows\System\GgDPyMK.exe
  C:\Windows\System\GgDPyMK.exe
  2⤵
  PID:6744
- C:\Windows\System\nGOqHNt.exe
  C:\Windows\System\nGOqHNt.exe
  2⤵
  PID:6768
- C:\Windows\System\PuJZfcz.exe
  C:\Windows\System\PuJZfcz.exe
  2⤵
  PID:6808
- C:\Windows\System\uXbrrUI.exe
  C:\Windows\System\uXbrrUI.exe
  2⤵
  PID:6840
- C:\Windows\System\SSVrLIF.exe
  C:\Windows\System\SSVrLIF.exe
  2⤵
  PID:6872
- C:\Windows\System\ZhnlPPL.exe
  C:\Windows\System\ZhnlPPL.exe
  2⤵
  PID:6892
- C:\Windows\System\yHugBtn.exe
  C:\Windows\System\yHugBtn.exe
  2⤵
  PID:6920
- C:\Windows\System\EfHOZnN.exe
  C:\Windows\System\EfHOZnN.exe
  2⤵
  PID:6956
- C:\Windows\System\zHZtWxA.exe
  C:\Windows\System\zHZtWxA.exe
  2⤵
  PID:6984
- C:\Windows\System\cskADiC.exe
  C:\Windows\System\cskADiC.exe
  2⤵
  PID:7004
- C:\Windows\System\FrMHOfD.exe
  C:\Windows\System\FrMHOfD.exe
  2⤵
  PID:7044
- C:\Windows\System\KDMADfs.exe
  C:\Windows\System\KDMADfs.exe
  2⤵
  PID:7072
- C:\Windows\System\ThaWbld.exe
  C:\Windows\System\ThaWbld.exe
  2⤵
  PID:7104
- C:\Windows\System\YUwnxHX.exe
  C:\Windows\System\YUwnxHX.exe
  2⤵
  PID:7128
- C:\Windows\System\gEnDONZ.exe
  C:\Windows\System\gEnDONZ.exe
  2⤵
  PID:7148
- C:\Windows\System\uuDXqKQ.exe
  C:\Windows\System\uuDXqKQ.exe
  2⤵
  PID:6184
- C:\Windows\System\CQgGdga.exe
  C:\Windows\System\CQgGdga.exe
  2⤵
  PID:880
- C:\Windows\System\gcKuAJW.exe
  C:\Windows\System\gcKuAJW.exe
  2⤵
  PID:2904
- C:\Windows\System\JJrzTRp.exe
  C:\Windows\System\JJrzTRp.exe
  2⤵
  PID:6292
- C:\Windows\System\fPxNzpG.exe
  C:\Windows\System\fPxNzpG.exe
  2⤵
  PID:6360
- C:\Windows\System\QjJroRt.exe
  C:\Windows\System\QjJroRt.exe
  2⤵
  PID:6420
- C:\Windows\System\DKybdrA.exe
  C:\Windows\System\DKybdrA.exe
  2⤵
  PID:6492
- C:\Windows\System\faOZRjA.exe
  C:\Windows\System\faOZRjA.exe
  2⤵
  PID:6576
- C:\Windows\System\VKoWqKZ.exe
  C:\Windows\System\VKoWqKZ.exe
  2⤵
  PID:1876
- C:\Windows\System\dPxNpvn.exe
  C:\Windows\System\dPxNpvn.exe
  2⤵
  PID:6664
- C:\Windows\System\KSNForp.exe
  C:\Windows\System\KSNForp.exe
  2⤵
  PID:6736
- C:\Windows\System\PnGqMZe.exe
  C:\Windows\System\PnGqMZe.exe
  2⤵
  PID:6820
- C:\Windows\System\cGhMNjM.exe
  C:\Windows\System\cGhMNjM.exe
  2⤵
  PID:6868
- C:\Windows\System\CbmySZf.exe
  C:\Windows\System\CbmySZf.exe
  2⤵
  PID:6932
- C:\Windows\System\HcaDywr.exe
  C:\Windows\System\HcaDywr.exe
  2⤵
  PID:6992
- C:\Windows\System\uUdmQXt.exe
  C:\Windows\System\uUdmQXt.exe
  2⤵
  PID:3360
- C:\Windows\System\lCUuQyy.exe
  C:\Windows\System\lCUuQyy.exe
  2⤵
  PID:4852
- C:\Windows\System\pIpWibX.exe
  C:\Windows\System\pIpWibX.exe
  2⤵
  PID:6440
- C:\Windows\System\zAxVuai.exe
  C:\Windows\System\zAxVuai.exe
  2⤵
  PID:6608
- C:\Windows\System\QDRFqCU.exe
  C:\Windows\System\QDRFqCU.exe
  2⤵
  PID:6696
- C:\Windows\System\GZsFGNz.exe
  C:\Windows\System\GZsFGNz.exe
  2⤵
  PID:6232
- C:\Windows\System\ZRvnbKO.exe
  C:\Windows\System\ZRvnbKO.exe
  2⤵
  PID:7084
- C:\Windows\System\jefXipN.exe
  C:\Windows\System\jefXipN.exe
  2⤵
  PID:464
- C:\Windows\System\VDJWxNR.exe
  C:\Windows\System\VDJWxNR.exe
  2⤵
  PID:3304
- C:\Windows\System\ciTIlDM.exe
  C:\Windows\System\ciTIlDM.exe
  2⤵
  PID:7016
- C:\Windows\System\GcIwtOX.exe
  C:\Windows\System\GcIwtOX.exe
  2⤵
  PID:3372
- C:\Windows\System\HDQtysi.exe
  C:\Windows\System\HDQtysi.exe
  2⤵
  PID:6376
- C:\Windows\System\FwVHyso.exe
  C:\Windows\System\FwVHyso.exe
  2⤵
  PID:7176
- C:\Windows\System\KssFqtR.exe
  C:\Windows\System\KssFqtR.exe
  2⤵
  PID:7208
- C:\Windows\System\RrADQJX.exe
  C:\Windows\System\RrADQJX.exe
  2⤵
  PID:7236
- C:\Windows\System\msmGMAb.exe
  C:\Windows\System\msmGMAb.exe
  2⤵
  PID:7264
- C:\Windows\System\CMgJqUO.exe
  C:\Windows\System\CMgJqUO.exe
  2⤵
  PID:7288
- C:\Windows\System\vtjiBdl.exe
  C:\Windows\System\vtjiBdl.exe
  2⤵
  PID:7320
- C:\Windows\System\qqQflMa.exe
  C:\Windows\System\qqQflMa.exe
  2⤵
  PID:7344
- C:\Windows\System\CASPJrc.exe
  C:\Windows\System\CASPJrc.exe
  2⤵
  PID:7376
- C:\Windows\System\pUsGMzJ.exe
  C:\Windows\System\pUsGMzJ.exe
  2⤵
  PID:7404
- C:\Windows\System\oVNUKdw.exe
  C:\Windows\System\oVNUKdw.exe
  2⤵
  PID:7436
- C:\Windows\System\EISMQoe.exe
  C:\Windows\System\EISMQoe.exe
  2⤵
  PID:7456
- C:\Windows\System\tQWjLVP.exe
  C:\Windows\System\tQWjLVP.exe
  2⤵
  PID:7496
- C:\Windows\System\pzWMBxM.exe
  C:\Windows\System\pzWMBxM.exe
  2⤵
  PID:7520
- C:\Windows\System\IMUyqHg.exe
  C:\Windows\System\IMUyqHg.exe
  2⤵
  PID:7540
- C:\Windows\System\CgLNMTq.exe
  C:\Windows\System\CgLNMTq.exe
  2⤵
  PID:7556
- C:\Windows\System\DWetwUf.exe
  C:\Windows\System\DWetwUf.exe
  2⤵
  PID:7588
- C:\Windows\System\JDsWFzx.exe
  C:\Windows\System\JDsWFzx.exe
  2⤵
  PID:7628
- C:\Windows\System\QQGPzNV.exe
  C:\Windows\System\QQGPzNV.exe
  2⤵
  PID:7656
- C:\Windows\System\PrWhWjt.exe
  C:\Windows\System\PrWhWjt.exe
  2⤵
  PID:7684
- C:\Windows\System\EdzgTZY.exe
  C:\Windows\System\EdzgTZY.exe
  2⤵
  PID:7712
- C:\Windows\System\lldhbyC.exe
  C:\Windows\System\lldhbyC.exe
  2⤵
  PID:7756
- C:\Windows\System\vkBhYpt.exe
  C:\Windows\System\vkBhYpt.exe
  2⤵
  PID:7800
- C:\Windows\System\rRgbLjz.exe
  C:\Windows\System\rRgbLjz.exe
  2⤵
  PID:7832
- C:\Windows\System\MjPYNRD.exe
  C:\Windows\System\MjPYNRD.exe
  2⤵
  PID:7864
- C:\Windows\System\leGWcup.exe
  C:\Windows\System\leGWcup.exe
  2⤵
  PID:7896
- C:\Windows\System\nGOEUaE.exe
  C:\Windows\System\nGOEUaE.exe
  2⤵
  PID:7932
- C:\Windows\System\VaIzgHV.exe
  C:\Windows\System\VaIzgHV.exe
  2⤵
  PID:7960
- C:\Windows\System\JjhiMLn.exe
  C:\Windows\System\JjhiMLn.exe
  2⤵
  PID:7980
- C:\Windows\System\zZZafaD.exe
  C:\Windows\System\zZZafaD.exe
  2⤵
  PID:8008
- C:\Windows\System\SaChoYK.exe
  C:\Windows\System\SaChoYK.exe
  2⤵
  PID:8036
- C:\Windows\System\hHxmuOe.exe
  C:\Windows\System\hHxmuOe.exe
  2⤵
  PID:8064
- C:\Windows\System\vMEWFkM.exe
  C:\Windows\System\vMEWFkM.exe
  2⤵
  PID:8092
- C:\Windows\System\MwoXrJg.exe
  C:\Windows\System\MwoXrJg.exe
  2⤵
  PID:8132
- C:\Windows\System\zHutPCE.exe
  C:\Windows\System\zHutPCE.exe
  2⤵
  PID:8152
- C:\Windows\System\dAmRPhy.exe
  C:\Windows\System\dAmRPhy.exe
  2⤵
  PID:8180
- C:\Windows\System\OXTXDuF.exe
  C:\Windows\System\OXTXDuF.exe
  2⤵
  PID:7204
- C:\Windows\System\JkiZdlt.exe
  C:\Windows\System\JkiZdlt.exe
  2⤵
  PID:7272
- C:\Windows\System\GUkaFgB.exe
  C:\Windows\System\GUkaFgB.exe
  2⤵
  PID:7352
- C:\Windows\System\vYnxMjz.exe
  C:\Windows\System\vYnxMjz.exe
  2⤵
  PID:7412
- C:\Windows\System\DvDouda.exe
  C:\Windows\System\DvDouda.exe
  2⤵
  PID:7476
- C:\Windows\System\GppBhjT.exe
  C:\Windows\System\GppBhjT.exe
  2⤵
  PID:7536
- C:\Windows\System\sZHmzAv.exe
  C:\Windows\System\sZHmzAv.exe
  2⤵
  PID:7580
- C:\Windows\System\zqKsHwT.exe
  C:\Windows\System\zqKsHwT.exe
  2⤵
  PID:7676
- C:\Windows\System\ZAXOVQp.exe
  C:\Windows\System\ZAXOVQp.exe
  2⤵
  PID:7784
- C:\Windows\System\koEQvEx.exe
  C:\Windows\System\koEQvEx.exe
  2⤵
  PID:6660
- C:\Windows\System\ClIWGDe.exe
  C:\Windows\System\ClIWGDe.exe
  2⤵
  PID:7052
- C:\Windows\System\zGgbwHS.exe
  C:\Windows\System\zGgbwHS.exe
  2⤵
  PID:1396
- C:\Windows\System\YyWLoea.exe
  C:\Windows\System\YyWLoea.exe
  2⤵
  PID:7944
- C:\Windows\System\UUydxnK.exe
  C:\Windows\System\UUydxnK.exe
  2⤵
  PID:8004
- C:\Windows\System\LMEUiAM.exe
  C:\Windows\System\LMEUiAM.exe
  2⤵
  PID:8076
- C:\Windows\System\kKQvASd.exe
  C:\Windows\System\kKQvASd.exe
  2⤵
  PID:8116
- C:\Windows\System\EMiCxlZ.exe
  C:\Windows\System\EMiCxlZ.exe
  2⤵
  PID:7232
- C:\Windows\System\PPasVfn.exe
  C:\Windows\System\PPasVfn.exe
  2⤵
  PID:7336
- C:\Windows\System\rPNkQnl.exe
  C:\Windows\System\rPNkQnl.exe
  2⤵
  PID:7528
- C:\Windows\System\cvPacqq.exe
  C:\Windows\System\cvPacqq.exe
  2⤵
  PID:7648
- C:\Windows\System\qEUJXjC.exe
  C:\Windows\System\qEUJXjC.exe
  2⤵
  PID:5476
- C:\Windows\System\egCtFyz.exe
  C:\Windows\System\egCtFyz.exe
  2⤵
  PID:5916
- C:\Windows\System\lMWZyxb.exe
  C:\Windows\System\lMWZyxb.exe
  2⤵
  PID:7828
- C:\Windows\System\AjOmVrO.exe
  C:\Windows\System\AjOmVrO.exe
  2⤵
  PID:7940
- C:\Windows\System\zOphIZC.exe
  C:\Windows\System\zOphIZC.exe
  2⤵
  PID:8032
- C:\Windows\System\erVhhdP.exe
  C:\Windows\System\erVhhdP.exe
  2⤵
  PID:6964
- C:\Windows\System\xaCfleh.exe
  C:\Windows\System\xaCfleh.exe
  2⤵
  PID:7452
- C:\Windows\System\TdkgBEB.exe
  C:\Windows\System\TdkgBEB.exe
  2⤵
  PID:5452
- C:\Windows\System\BMouFQk.exe
  C:\Windows\System\BMouFQk.exe
  2⤵
  PID:3740
- C:\Windows\System\dhjkeTs.exe
  C:\Windows\System\dhjkeTs.exe
  2⤵
  PID:8164
- C:\Windows\System\nnWvPnb.exe
  C:\Windows\System\nnWvPnb.exe
  2⤵
  PID:5912
- C:\Windows\System\NZBUGxr.exe
  C:\Windows\System\NZBUGxr.exe
  2⤵
  PID:7328
- C:\Windows\System\HHImyBK.exe
  C:\Windows\System\HHImyBK.exe
  2⤵
  PID:7472
- C:\Windows\System\iEeebKS.exe
  C:\Windows\System\iEeebKS.exe
  2⤵
  PID:8220
- C:\Windows\System\knSafEx.exe
  C:\Windows\System\knSafEx.exe
  2⤵
  PID:8248
- C:\Windows\System\wYsfmxB.exe
  C:\Windows\System\wYsfmxB.exe
  2⤵
  PID:8276
- C:\Windows\System\LKZWdjf.exe
  C:\Windows\System\LKZWdjf.exe
  2⤵
  PID:8308
- C:\Windows\System\KoTQXHU.exe
  C:\Windows\System\KoTQXHU.exe
  2⤵
  PID:8332
- C:\Windows\System\oLKcNxe.exe
  C:\Windows\System\oLKcNxe.exe
  2⤵
  PID:8360
- C:\Windows\System\ZZbVTmS.exe
  C:\Windows\System\ZZbVTmS.exe
  2⤵
  PID:8400
- C:\Windows\System\zBUzNVX.exe
  C:\Windows\System\zBUzNVX.exe
  2⤵
  PID:8416
- C:\Windows\System\TIploCH.exe
  C:\Windows\System\TIploCH.exe
  2⤵
  PID:8472
- C:\Windows\System\FYjOXTe.exe
  C:\Windows\System\FYjOXTe.exe
  2⤵
  PID:8500
- C:\Windows\System\nEJSrhd.exe
  C:\Windows\System\nEJSrhd.exe
  2⤵
  PID:8540
- C:\Windows\System\JPfrZEJ.exe
  C:\Windows\System\JPfrZEJ.exe
  2⤵
  PID:8556
- C:\Windows\System\bySINlV.exe
  C:\Windows\System\bySINlV.exe
  2⤵
  PID:8584
- C:\Windows\System\YqqQylS.exe
  C:\Windows\System\YqqQylS.exe
  2⤵
  PID:8600
- C:\Windows\System\jeeXCkS.exe
  C:\Windows\System\jeeXCkS.exe
  2⤵
  PID:8648
- C:\Windows\System\biCuCXt.exe
  C:\Windows\System\biCuCXt.exe
  2⤵
  PID:8688
- C:\Windows\System\hTpzEPb.exe
  C:\Windows\System\hTpzEPb.exe
  2⤵
  PID:8704
- C:\Windows\System\LIAqXPH.exe
  C:\Windows\System\LIAqXPH.exe
  2⤵
  PID:8740
- C:\Windows\System\ubfgPWB.exe
  C:\Windows\System\ubfgPWB.exe
  2⤵
  PID:8768
- C:\Windows\System\VPRtgnf.exe
  C:\Windows\System\VPRtgnf.exe
  2⤵
  PID:8804
- C:\Windows\System\rkEvfwy.exe
  C:\Windows\System\rkEvfwy.exe
  2⤵
  PID:8828
- C:\Windows\System\RyHqgjM.exe
  C:\Windows\System\RyHqgjM.exe
  2⤵
  PID:8864
- C:\Windows\System\IhkCODm.exe
  C:\Windows\System\IhkCODm.exe
  2⤵
  PID:8884
- C:\Windows\System\SNUFvKX.exe
  C:\Windows\System\SNUFvKX.exe
  2⤵
  PID:8912
- C:\Windows\System\srCWwhy.exe
  C:\Windows\System\srCWwhy.exe
  2⤵
  PID:8940
- C:\Windows\System\wEMnwKd.exe
  C:\Windows\System\wEMnwKd.exe
  2⤵
  PID:8968
- C:\Windows\System\ssgdalU.exe
  C:\Windows\System\ssgdalU.exe
  2⤵
  PID:8996
- C:\Windows\System\taQbVPY.exe
  C:\Windows\System\taQbVPY.exe
  2⤵
  PID:9024
- C:\Windows\System\OAbmpkY.exe
  C:\Windows\System\OAbmpkY.exe
  2⤵
  PID:9052
- C:\Windows\System\IhFkNHr.exe
  C:\Windows\System\IhFkNHr.exe
  2⤵
  PID:9080
- C:\Windows\System\flKQPZp.exe
  C:\Windows\System\flKQPZp.exe
  2⤵
  PID:9108
- C:\Windows\System\RfQFhAg.exe
  C:\Windows\System\RfQFhAg.exe
  2⤵
  PID:9136
- C:\Windows\System\UYKAWjK.exe
  C:\Windows\System\UYKAWjK.exe
  2⤵
  PID:9164
- C:\Windows\System\BhtkGTo.exe
  C:\Windows\System\BhtkGTo.exe
  2⤵
  PID:9200
- C:\Windows\System\FYXmWAw.exe
  C:\Windows\System\FYXmWAw.exe
  2⤵
  PID:8204
- C:\Windows\System\aVYmVFM.exe
  C:\Windows\System\aVYmVFM.exe
  2⤵
  PID:8268
- C:\Windows\System\feIKtmn.exe
  C:\Windows\System\feIKtmn.exe
  2⤵
  PID:8328
- C:\Windows\System\jIGhBgo.exe
  C:\Windows\System\jIGhBgo.exe
  2⤵
  PID:8384
- C:\Windows\System\QxSQyMJ.exe
  C:\Windows\System\QxSQyMJ.exe
  2⤵
  PID:8484
- C:\Windows\System\PPKepDP.exe
  C:\Windows\System\PPKepDP.exe
  2⤵
  PID:8552
- C:\Windows\System\LvVlMIq.exe
  C:\Windows\System\LvVlMIq.exe
  2⤵
  PID:8624
- C:\Windows\System\uqbNkNI.exe
  C:\Windows\System\uqbNkNI.exe
  2⤵
  PID:8696
- C:\Windows\System\TedSmLR.exe
  C:\Windows\System\TedSmLR.exe
  2⤵
  PID:8764
- C:\Windows\System\lgjtcIl.exe
  C:\Windows\System\lgjtcIl.exe
  2⤵
  PID:8824
- C:\Windows\System\TPBhQto.exe
  C:\Windows\System\TPBhQto.exe
  2⤵
  PID:8880
- C:\Windows\System\oYRjrog.exe
  C:\Windows\System\oYRjrog.exe
  2⤵
  PID:8936
- C:\Windows\System\usafrwA.exe
  C:\Windows\System\usafrwA.exe
  2⤵
  PID:9008
- C:\Windows\System\KhEGrcO.exe
  C:\Windows\System\KhEGrcO.exe
  2⤵
  PID:9072
- C:\Windows\System\uKmVJhM.exe
  C:\Windows\System\uKmVJhM.exe
  2⤵
  PID:9132
- C:\Windows\System\PPOSNdP.exe
  C:\Windows\System\PPOSNdP.exe
  2⤵
  PID:9184
- C:\Windows\System\DXzVOIO.exe
  C:\Windows\System\DXzVOIO.exe
  2⤵
  PID:8260
- C:\Windows\System\EfEMIol.exe
  C:\Windows\System\EfEMIol.exe
  2⤵
  PID:8468
- C:\Windows\System\jsIesXF.exe
  C:\Windows\System\jsIesXF.exe
  2⤵
  PID:8596
- C:\Windows\System\GEPqKzH.exe
  C:\Windows\System\GEPqKzH.exe
  2⤵
  PID:8760
- C:\Windows\System\WnmqYlN.exe
  C:\Windows\System\WnmqYlN.exe
  2⤵
  PID:8904
- C:\Windows\System\lLuVhjM.exe
  C:\Windows\System\lLuVhjM.exe
  2⤵
  PID:9048
- C:\Windows\System\QYzJYjY.exe
  C:\Windows\System\QYzJYjY.exe
  2⤵
  PID:4676
- C:\Windows\System\WRIlBaO.exe
  C:\Windows\System\WRIlBaO.exe
  2⤵
  PID:8524
- C:\Windows\System\tmVZwVn.exe
  C:\Windows\System\tmVZwVn.exe
  2⤵
  PID:8852
- C:\Windows\System\vMofhZl.exe
  C:\Windows\System\vMofhZl.exe
  2⤵
  PID:8244
- C:\Windows\System\xsxNPmn.exe
  C:\Windows\System\xsxNPmn.exe
  2⤵
  PID:8792
- C:\Windows\System\FyXOXXd.exe
  C:\Windows\System\FyXOXXd.exe
  2⤵
  PID:9160
- C:\Windows\System\MWzoWmR.exe
  C:\Windows\System\MWzoWmR.exe
  2⤵
  PID:9236
- C:\Windows\System\ZjUTHwY.exe
  C:\Windows\System\ZjUTHwY.exe
  2⤵
  PID:9268
- C:\Windows\System\jUCYgeL.exe
  C:\Windows\System\jUCYgeL.exe
  2⤵
  PID:9304
- C:\Windows\System\VvRyPHH.exe
  C:\Windows\System\VvRyPHH.exe
  2⤵
  PID:9324
- C:\Windows\System\fKVVxWA.exe
  C:\Windows\System\fKVVxWA.exe
  2⤵
  PID:9352
- C:\Windows\System\zgtqvwN.exe
  C:\Windows\System\zgtqvwN.exe
  2⤵
  PID:9388
- C:\Windows\System\RvKxYYx.exe
  C:\Windows\System\RvKxYYx.exe
  2⤵
  PID:9408
- C:\Windows\System\VakRwzj.exe
  C:\Windows\System\VakRwzj.exe
  2⤵
  PID:9444
- C:\Windows\System\yxQlgYw.exe
  C:\Windows\System\yxQlgYw.exe
  2⤵
  PID:9464
- C:\Windows\System\VilreHy.exe
  C:\Windows\System\VilreHy.exe
  2⤵
  PID:9492
- C:\Windows\System\nxXHLpS.exe
  C:\Windows\System\nxXHLpS.exe
  2⤵
  PID:9520
- C:\Windows\System\IrHtlbl.exe
  C:\Windows\System\IrHtlbl.exe
  2⤵
  PID:9548
- C:\Windows\System\pklsJBs.exe
  C:\Windows\System\pklsJBs.exe
  2⤵
  PID:9576
- C:\Windows\System\CWFdSde.exe
  C:\Windows\System\CWFdSde.exe
  2⤵
  PID:9604
- C:\Windows\System\pNQNmHi.exe
  C:\Windows\System\pNQNmHi.exe
  2⤵
  PID:9632
- C:\Windows\System\arQzAIY.exe
  C:\Windows\System\arQzAIY.exe
  2⤵
  PID:9660
- C:\Windows\System\mgqOwyU.exe
  C:\Windows\System\mgqOwyU.exe
  2⤵
  PID:9696
- C:\Windows\System\fyXdTID.exe
  C:\Windows\System\fyXdTID.exe
  2⤵
  PID:9716
- C:\Windows\System\GPAKEGt.exe
  C:\Windows\System\GPAKEGt.exe
  2⤵
  PID:9744
- C:\Windows\System\ZPXOXVQ.exe
  C:\Windows\System\ZPXOXVQ.exe
  2⤵
  PID:9776
- C:\Windows\System\yxoTqPW.exe
  C:\Windows\System\yxoTqPW.exe
  2⤵
  PID:9800
- C:\Windows\System\NluGwkF.exe
  C:\Windows\System\NluGwkF.exe
  2⤵
  PID:9832
- C:\Windows\System\fNOTvIx.exe
  C:\Windows\System\fNOTvIx.exe
  2⤵
  PID:9856
- C:\Windows\System\omGbQjU.exe
  C:\Windows\System\omGbQjU.exe
  2⤵
  PID:9884
- C:\Windows\System\SfQxmnu.exe
  C:\Windows\System\SfQxmnu.exe
  2⤵
  PID:9912
- C:\Windows\System\AdapSPD.exe
  C:\Windows\System\AdapSPD.exe
  2⤵
  PID:9940
- C:\Windows\System\meBjMrp.exe
  C:\Windows\System\meBjMrp.exe
  2⤵
  PID:9968
- C:\Windows\System\EsiRZIS.exe
  C:\Windows\System\EsiRZIS.exe
  2⤵
  PID:10000
- C:\Windows\System\ZlglQHm.exe
  C:\Windows\System\ZlglQHm.exe
  2⤵
  PID:10032
- C:\Windows\System\XoYECmO.exe
  C:\Windows\System\XoYECmO.exe
  2⤵
  PID:10060
- C:\Windows\System\nLLVxwS.exe
  C:\Windows\System\nLLVxwS.exe
  2⤵
  PID:10088
- C:\Windows\System\rDvljHH.exe
  C:\Windows\System\rDvljHH.exe
  2⤵
  PID:10116
- C:\Windows\System\gZiiFSu.exe
  C:\Windows\System\gZiiFSu.exe
  2⤵
  PID:10148
- C:\Windows\System\KvwZJAH.exe
  C:\Windows\System\KvwZJAH.exe
  2⤵
  PID:10184
- C:\Windows\System\TwCSOZe.exe
  C:\Windows\System\TwCSOZe.exe
  2⤵
  PID:10212
- C:\Windows\System\PUCOUzJ.exe
  C:\Windows\System\PUCOUzJ.exe
  2⤵
  PID:9220
- C:\Windows\System\MgqQvAB.exe
  C:\Windows\System\MgqQvAB.exe
  2⤵
  PID:9264
- C:\Windows\System\jmGzlKJ.exe
  C:\Windows\System\jmGzlKJ.exe
  2⤵
  PID:9364
- C:\Windows\System\GXgYidO.exe
  C:\Windows\System\GXgYidO.exe
  2⤵
  PID:9452
- C:\Windows\System\qPwBrcR.exe
  C:\Windows\System\qPwBrcR.exe
  2⤵
  PID:9488
- C:\Windows\System\QWLYPJw.exe
  C:\Windows\System\QWLYPJw.exe
  2⤵
  PID:9572
- C:\Windows\System\qivrbxF.exe
  C:\Windows\System\qivrbxF.exe
  2⤵
  PID:9656
- C:\Windows\System\nuLYcmM.exe
  C:\Windows\System\nuLYcmM.exe
  2⤵
  PID:9736
- C:\Windows\System\FeLwqbt.exe
  C:\Windows\System\FeLwqbt.exe
  2⤵
  PID:9256
- C:\Windows\System\AShHoAM.exe
  C:\Windows\System\AShHoAM.exe
  2⤵
  PID:9908
- C:\Windows\System\CZMDfcr.exe
  C:\Windows\System\CZMDfcr.exe
  2⤵
  PID:9992
- C:\Windows\System\CEJzkwp.exe
  C:\Windows\System\CEJzkwp.exe
  2⤵
  PID:10084
- C:\Windows\System\mAQDOmU.exe
  C:\Windows\System\mAQDOmU.exe
  2⤵
  PID:10028
- C:\Windows\System\adkvzCy.exe
  C:\Windows\System\adkvzCy.exe
  2⤵
  PID:10176
- C:\Windows\System\oqDYpCQ.exe
  C:\Windows\System\oqDYpCQ.exe
  2⤵
  PID:9292
- C:\Windows\System\ZNXaMSi.exe
  C:\Windows\System\ZNXaMSi.exe
  2⤵
  PID:10168
- C:\Windows\System\jpMIfoj.exe
  C:\Windows\System\jpMIfoj.exe
  2⤵
  PID:1120
- C:\Windows\System\MsKQicl.exe
  C:\Windows\System\MsKQicl.exe
  2⤵
  PID:9652
- C:\Windows\System\mYHbufi.exe
  C:\Windows\System\mYHbufi.exe
  2⤵
  PID:9532
- C:\Windows\System\fWfOAFx.exe
  C:\Windows\System\fWfOAFx.exe
  2⤵
  PID:5072
- C:\Windows\System\IYRplEn.exe
  C:\Windows\System\IYRplEn.exe
  2⤵
  PID:9792
- C:\Windows\System\rmOMYYO.exe
  C:\Windows\System\rmOMYYO.exe
  2⤵
  PID:9824
- C:\Windows\System\sRVGKne.exe
  C:\Windows\System\sRVGKne.exe
  2⤵
  PID:9960
- C:\Windows\System\fOnHmAR.exe
  C:\Windows\System\fOnHmAR.exe
  2⤵
  PID:5180
- C:\Windows\System\OrDfPPk.exe
  C:\Windows\System\OrDfPPk.exe
  2⤵
  PID:9728
- C:\Windows\System\ULFhHdd.exe
  C:\Windows\System\ULFhHdd.exe
  2⤵
  PID:732
- C:\Windows\System\gqEADiI.exe
  C:\Windows\System\gqEADiI.exe
  2⤵
  PID:416
- C:\Windows\System\cCzihmw.exe
  C:\Windows\System\cCzihmw.exe
  2⤵
  PID:10020
- C:\Windows\System\oiKoSCb.exe
  C:\Windows\System\oiKoSCb.exe
  2⤵
  PID:4132
- C:\Windows\System\StyIuDC.exe
  C:\Windows\System\StyIuDC.exe
  2⤵
  PID:10232
- C:\Windows\System\wbSJjlf.exe
  C:\Windows\System\wbSJjlf.exe
  2⤵
  PID:3108
- C:\Windows\System\AlwxAow.exe
  C:\Windows\System\AlwxAow.exe
  2⤵
  PID:2068
- C:\Windows\System\gJcKXfX.exe
  C:\Windows\System\gJcKXfX.exe
  2⤵
  PID:4496
- C:\Windows\System\uVxkbVU.exe
  C:\Windows\System\uVxkbVU.exe
  2⤵
  PID:4396
- C:\Windows\System\KcoZxZk.exe
  C:\Windows\System\KcoZxZk.exe
  2⤵
  PID:9628
- C:\Windows\System\Edlmdqh.exe
  C:\Windows\System\Edlmdqh.exe
  2⤵
  PID:216
- C:\Windows\System\jGVhxPU.exe
  C:\Windows\System\jGVhxPU.exe
  2⤵
  PID:2376
- C:\Windows\System\iMhxdro.exe
  C:\Windows\System\iMhxdro.exe
  2⤵
  PID:9988
- C:\Windows\System\tEHGqQO.exe
  C:\Windows\System\tEHGqQO.exe
  2⤵
  PID:5020
- C:\Windows\System\LWyegDi.exe
  C:\Windows\System\LWyegDi.exe
  2⤵
  PID:9840
- C:\Windows\System\rkegIHz.exe
  C:\Windows\System\rkegIHz.exe
  2⤵
  PID:9484
- C:\Windows\System\Utnkrwj.exe
  C:\Windows\System\Utnkrwj.exe
  2⤵
  PID:3884
- C:\Windows\System\dUyrFLE.exe
  C:\Windows\System\dUyrFLE.exe
  2⤵
  PID:10112
- C:\Windows\System\hNKlVel.exe
  C:\Windows\System\hNKlVel.exe
  2⤵
  PID:10268
- C:\Windows\System\kOxYRuq.exe
  C:\Windows\System\kOxYRuq.exe
  2⤵
  PID:10296
- C:\Windows\System\YwGkuEl.exe
  C:\Windows\System\YwGkuEl.exe
  2⤵
  PID:10324
- C:\Windows\System\VQSCwbZ.exe
  C:\Windows\System\VQSCwbZ.exe
  2⤵
  PID:10352
- C:\Windows\System\YPkKiBf.exe
  C:\Windows\System\YPkKiBf.exe
  2⤵
  PID:10380
- C:\Windows\System\KwXFbAn.exe
  C:\Windows\System\KwXFbAn.exe
  2⤵
  PID:10408
- C:\Windows\System\rQzgIrv.exe
  C:\Windows\System\rQzgIrv.exe
  2⤵
  PID:10436
- C:\Windows\System\oRLrJDF.exe
  C:\Windows\System\oRLrJDF.exe
  2⤵
  PID:10464
- C:\Windows\System\TYhTYvm.exe
  C:\Windows\System\TYhTYvm.exe
  2⤵
  PID:10492
- C:\Windows\System\gPnESGZ.exe
  C:\Windows\System\gPnESGZ.exe
  2⤵
  PID:10520
- C:\Windows\System\ebckSMc.exe
  C:\Windows\System\ebckSMc.exe
  2⤵
  PID:10548
- C:\Windows\System\jwmHUfD.exe
  C:\Windows\System\jwmHUfD.exe
  2⤵
  PID:10576
- C:\Windows\System\SiSKgHB.exe
  C:\Windows\System\SiSKgHB.exe
  2⤵
  PID:10604
- C:\Windows\System\oztHjTS.exe
  C:\Windows\System\oztHjTS.exe
  2⤵
  PID:10632
- C:\Windows\System\yvHMqoM.exe
  C:\Windows\System\yvHMqoM.exe
  2⤵
  PID:10660
- C:\Windows\System\XjAAkGO.exe
  C:\Windows\System\XjAAkGO.exe
  2⤵
  PID:10688
- C:\Windows\System\DRrIyAe.exe
  C:\Windows\System\DRrIyAe.exe
  2⤵
  PID:10716
- C:\Windows\System\ilPDsZI.exe
  C:\Windows\System\ilPDsZI.exe
  2⤵
  PID:10744
- C:\Windows\System\YYioMEB.exe
  C:\Windows\System\YYioMEB.exe
  2⤵
  PID:10772
- C:\Windows\System\vnFOgjF.exe
  C:\Windows\System\vnFOgjF.exe
  2⤵
  PID:10808
- C:\Windows\System\Tpbpetb.exe
  C:\Windows\System\Tpbpetb.exe
  2⤵
  PID:10832
- C:\Windows\System\wOLPPvp.exe
  C:\Windows\System\wOLPPvp.exe
  2⤵
  PID:10860
- C:\Windows\System\liPdbWH.exe
  C:\Windows\System\liPdbWH.exe
  2⤵
  PID:10888
- C:\Windows\System\sBEnPsb.exe
  C:\Windows\System\sBEnPsb.exe
  2⤵
  PID:10928
- C:\Windows\System\kKDkdhe.exe
  C:\Windows\System\kKDkdhe.exe
  2⤵
  PID:10944
- C:\Windows\System\jXMbhyf.exe
  C:\Windows\System\jXMbhyf.exe
  2⤵
  PID:10972
- C:\Windows\System\IOMgliF.exe
  C:\Windows\System\IOMgliF.exe
  2⤵
  PID:11000
- C:\Windows\System\vmfvBZv.exe
  C:\Windows\System\vmfvBZv.exe
  2⤵
  PID:11028
- C:\Windows\System\PmMVvbd.exe
  C:\Windows\System\PmMVvbd.exe
  2⤵
  PID:11056
- C:\Windows\System\ztGbGaM.exe
  C:\Windows\System\ztGbGaM.exe
  2⤵
  PID:11084
- C:\Windows\System\ZzGulVM.exe
  C:\Windows\System\ZzGulVM.exe
  2⤵
  PID:11112
- C:\Windows\System\NYKRikG.exe
  C:\Windows\System\NYKRikG.exe
  2⤵
  PID:11140
- C:\Windows\System\tQhqFvD.exe
  C:\Windows\System\tQhqFvD.exe
  2⤵
  PID:11168
- C:\Windows\System\dRJAxoc.exe
  C:\Windows\System\dRJAxoc.exe
  2⤵
  PID:11196
- C:\Windows\System\iUDTIBS.exe
  C:\Windows\System\iUDTIBS.exe
  2⤵
  PID:11224
- C:\Windows\System\sEpslvG.exe
  C:\Windows\System\sEpslvG.exe
  2⤵
  PID:11252
- C:\Windows\System\airyGKQ.exe
  C:\Windows\System\airyGKQ.exe
  2⤵
  PID:10280
- C:\Windows\System\qVRxPTQ.exe
  C:\Windows\System\qVRxPTQ.exe
  2⤵
  PID:1080
- C:\Windows\System\duCyqDp.exe
  C:\Windows\System\duCyqDp.exe
  2⤵
  PID:10372
- C:\Windows\System\ysXaahF.exe
  C:\Windows\System\ysXaahF.exe
  2⤵
  PID:10432
- C:\Windows\System\qjhuynr.exe
  C:\Windows\System\qjhuynr.exe
  2⤵
  PID:10504
- C:\Windows\System\uFJdDII.exe
  C:\Windows\System\uFJdDII.exe
  2⤵
  PID:10568
- C:\Windows\System\TDSDNXY.exe
  C:\Windows\System\TDSDNXY.exe
  2⤵
  PID:10628
- C:\Windows\System\PLaYNas.exe
  C:\Windows\System\PLaYNas.exe
  2⤵
  PID:10700
- C:\Windows\System\jEtXGYT.exe
  C:\Windows\System\jEtXGYT.exe
  2⤵
  PID:10764
- C:\Windows\System\dfhBqAk.exe
  C:\Windows\System\dfhBqAk.exe
  2⤵
  PID:10828
- C:\Windows\System\cdrqcbX.exe
  C:\Windows\System\cdrqcbX.exe
  2⤵
  PID:10900
- C:\Windows\System\gDcoNtx.exe
  C:\Windows\System\gDcoNtx.exe
  2⤵
  PID:10964
- C:\Windows\System\WHxXsOj.exe
  C:\Windows\System\WHxXsOj.exe
  2⤵
  PID:11024
- C:\Windows\System\pLiblkJ.exe
  C:\Windows\System\pLiblkJ.exe
  2⤵
  PID:11096
- C:\Windows\System\cvEcwhE.exe
  C:\Windows\System\cvEcwhE.exe
  2⤵
  PID:11160
- C:\Windows\System\IorNStW.exe
  C:\Windows\System\IorNStW.exe
  2⤵
  PID:5048
- C:\Windows\System\jmhGriY.exe
  C:\Windows\System\jmhGriY.exe
  2⤵
  PID:2000
- C:\Windows\System\PPXtJDq.exe
  C:\Windows\System\PPXtJDq.exe
  2⤵
  PID:10780
- C:\Windows\System\bVnFljn.exe
  C:\Windows\System\bVnFljn.exe
  2⤵
  PID:10336
- C:\Windows\System\ROwjJDm.exe
  C:\Windows\System\ROwjJDm.exe
  2⤵
  PID:10488
- C:\Windows\System\WmkrUYu.exe
  C:\Windows\System\WmkrUYu.exe
  2⤵
  PID:10624
- C:\Windows\System\aGMdevB.exe
  C:\Windows\System\aGMdevB.exe
  2⤵
  PID:10796
- C:\Windows\System\lRiUHeS.exe
  C:\Windows\System\lRiUHeS.exe
  2⤵
  PID:10940
- C:\Windows\System\KyvGNQm.exe
  C:\Windows\System\KyvGNQm.exe
  2⤵
  PID:11080
- C:\Windows\System\YVoTNDe.exe
  C:\Windows\System\YVoTNDe.exe
  2⤵
  PID:4548
- C:\Windows\System\FECGAcb.exe
  C:\Windows\System\FECGAcb.exe
  2⤵
  PID:4276
- C:\Windows\System\AqUxbGu.exe
  C:\Windows\System\AqUxbGu.exe
  2⤵
  PID:10616
- C:\Windows\System\wxjUVRh.exe
  C:\Windows\System\wxjUVRh.exe
  2⤵
  PID:11012
- C:\Windows\System\FlQeFez.exe
  C:\Windows\System\FlQeFez.exe
  2⤵
  PID:10600
- C:\Windows\System\sJXTOXB.exe
  C:\Windows\System\sJXTOXB.exe
  2⤵
  PID:10884
- C:\Windows\System\lzGtGUY.exe
  C:\Windows\System\lzGtGUY.exe
  2⤵
  PID:11192
- C:\Windows\System\jqThYpu.exe
  C:\Windows\System\jqThYpu.exe
  2⤵
  PID:11276
- C:\Windows\System\zbvZcSN.exe
  C:\Windows\System\zbvZcSN.exe
  2⤵
  PID:11304
- C:\Windows\System\PEaoRwY.exe
  C:\Windows\System\PEaoRwY.exe
  2⤵
  PID:11332
- C:\Windows\System\KIVuxhB.exe
  C:\Windows\System\KIVuxhB.exe
  2⤵
  PID:11360
- C:\Windows\System\WxhYbCj.exe
  C:\Windows\System\WxhYbCj.exe
  2⤵
  PID:11388
- C:\Windows\System\uSHCCcd.exe
  C:\Windows\System\uSHCCcd.exe
  2⤵
  PID:11416
- C:\Windows\System\mYeonrF.exe
  C:\Windows\System\mYeonrF.exe
  2⤵
  PID:11444
- C:\Windows\System\SCMGExQ.exe
  C:\Windows\System\SCMGExQ.exe
  2⤵
  PID:11472
- C:\Windows\System\ANYWFJr.exe
  C:\Windows\System\ANYWFJr.exe
  2⤵
  PID:11500
- C:\Windows\System\nzlzaqU.exe
  C:\Windows\System\nzlzaqU.exe
  2⤵
  PID:11528
- C:\Windows\System\OFgRLiv.exe
  C:\Windows\System\OFgRLiv.exe
  2⤵
  PID:11556
- C:\Windows\System\JqsTLMv.exe
  C:\Windows\System\JqsTLMv.exe
  2⤵
  PID:11592
- C:\Windows\System\LKhwbOY.exe
  C:\Windows\System\LKhwbOY.exe
  2⤵
  PID:11612
- C:\Windows\System\btrSMdQ.exe
  C:\Windows\System\btrSMdQ.exe
  2⤵
  PID:11640
- C:\Windows\System\XxVnBjc.exe
  C:\Windows\System\XxVnBjc.exe
  2⤵
  PID:11668
- C:\Windows\System\zWLdEze.exe
  C:\Windows\System\zWLdEze.exe
  2⤵
  PID:11696
- C:\Windows\System\qxwxXMY.exe
  C:\Windows\System\qxwxXMY.exe
  2⤵
  PID:11724
- C:\Windows\System\RXCBAPo.exe
  C:\Windows\System\RXCBAPo.exe
  2⤵
  PID:11760
- C:\Windows\System\ZbtwwPC.exe
  C:\Windows\System\ZbtwwPC.exe
  2⤵
  PID:11780
- C:\Windows\System\qvauCfg.exe
  C:\Windows\System\qvauCfg.exe
  2⤵
  PID:11808
- C:\Windows\System\cbZAJeo.exe
  C:\Windows\System\cbZAJeo.exe
  2⤵
  PID:11836
- C:\Windows\System\icGlEep.exe
  C:\Windows\System\icGlEep.exe
  2⤵
  PID:11864
- C:\Windows\System\kLOjFjA.exe
  C:\Windows\System\kLOjFjA.exe
  2⤵
  PID:11892
- C:\Windows\System\bZxDETw.exe
  C:\Windows\System\bZxDETw.exe
  2⤵
  PID:11920
- C:\Windows\System\oXcAaFV.exe
  C:\Windows\System\oXcAaFV.exe
  2⤵
  PID:11948
- C:\Windows\System\VPDHRCL.exe
  C:\Windows\System\VPDHRCL.exe
  2⤵
  PID:11976
- C:\Windows\System\ViqpmWU.exe
  C:\Windows\System\ViqpmWU.exe
  2⤵
  PID:12008
- C:\Windows\System\sNtKZwz.exe
  C:\Windows\System\sNtKZwz.exe
  2⤵
  PID:12036
- C:\Windows\System\LubaiMw.exe
  C:\Windows\System\LubaiMw.exe
  2⤵
  PID:12064
- C:\Windows\System\SXRwHvU.exe
  C:\Windows\System\SXRwHvU.exe
  2⤵
  PID:12092
- C:\Windows\System\pOdXLTw.exe
  C:\Windows\System\pOdXLTw.exe
  2⤵
  PID:12124
- C:\Windows\System\pCpWTgA.exe
  C:\Windows\System\pCpWTgA.exe
  2⤵
  PID:12148
- C:\Windows\System\RuBNkWj.exe
  C:\Windows\System\RuBNkWj.exe
  2⤵
  PID:12176
- C:\Windows\System\UDlzUQO.exe
  C:\Windows\System\UDlzUQO.exe
  2⤵
  PID:12204
- C:\Windows\System\MVuqvTE.exe
  C:\Windows\System\MVuqvTE.exe
  2⤵
  PID:12240
- C:\Windows\System\ockRlJE.exe
  C:\Windows\System\ockRlJE.exe
  2⤵
  PID:12260
- C:\Windows\System\ajTofNG.exe
  C:\Windows\System\ajTofNG.exe
  2⤵
  PID:11268
- C:\Windows\System\FGzJUSn.exe
  C:\Windows\System\FGzJUSn.exe
  2⤵
  PID:11328
- C:\Windows\System\eLHfkqE.exe
  C:\Windows\System\eLHfkqE.exe
  2⤵
  PID:11384
- C:\Windows\System\jbqZzTx.exe
  C:\Windows\System\jbqZzTx.exe
  2⤵
  PID:11440
- C:\Windows\System\kaZFUsm.exe
  C:\Windows\System\kaZFUsm.exe
  2⤵
  PID:2064
- C:\Windows\System\Qmxtfyp.exe
  C:\Windows\System\Qmxtfyp.exe
  2⤵
  PID:11568
- C:\Windows\System\PyEqmtn.exe
  C:\Windows\System\PyEqmtn.exe
  2⤵
  PID:11624
- C:\Windows\System\xIjkdbm.exe
  C:\Windows\System\xIjkdbm.exe
  2⤵
  PID:2616
- C:\Windows\System\MPtoZDR.exe
  C:\Windows\System\MPtoZDR.exe
  2⤵
  PID:11716
- C:\Windows\System\rfTjFsM.exe
  C:\Windows\System\rfTjFsM.exe
  2⤵
  PID:11768
- C:\Windows\System\SFdHfVX.exe
  C:\Windows\System\SFdHfVX.exe
  2⤵
  PID:11820
- C:\Windows\System\ckqfWEk.exe
  C:\Windows\System\ckqfWEk.exe
  2⤵
  PID:11876
- C:\Windows\System\NSKnQEx.exe
  C:\Windows\System\NSKnQEx.exe
  2⤵
  PID:11940
- C:\Windows\System\MkjiZNV.exe
  C:\Windows\System\MkjiZNV.exe
  2⤵
  PID:12000
- C:\Windows\System\ljzocIu.exe
  C:\Windows\System\ljzocIu.exe
  2⤵
  PID:260
- C:\Windows\System\OBfEanX.exe
  C:\Windows\System\OBfEanX.exe
  2⤵
  PID:2028
- C:\Windows\System\OsUZiOi.exe
  C:\Windows\System\OsUZiOi.exe
  2⤵
  PID:12144
- C:\Windows\System\ktAnUzm.exe
  C:\Windows\System\ktAnUzm.exe
  2⤵
  PID:12196
- C:\Windows\System\mzRgGtv.exe
  C:\Windows\System\mzRgGtv.exe
  2⤵
  PID:12248
- C:\Windows\System\slrnfKj.exe
  C:\Windows\System\slrnfKj.exe
  2⤵
  PID:12272
- C:\Windows\System\AlWcXbb.exe
  C:\Windows\System\AlWcXbb.exe
  2⤵
  PID:11356
- C:\Windows\System\nokeBah.exe
  C:\Windows\System\nokeBah.exe
  2⤵
  PID:11492
- C:\Windows\System\qPukhmx.exe
  C:\Windows\System\qPukhmx.exe
  2⤵
  PID:11652
- C:\Windows\System\uASICeK.exe
  C:\Windows\System\uASICeK.exe
  2⤵
  PID:11708
- C:\Windows\System\OIFlmAA.exe
  C:\Windows\System\OIFlmAA.exe
  2⤵
  PID:1880
- C:\Windows\System\gjmhlmT.exe
  C:\Windows\System\gjmhlmT.exe
  2⤵
  PID:11988
- C:\Windows\System\oQzvlCH.exe
  C:\Windows\System\oQzvlCH.exe
  2⤵
  PID:12084
- C:\Windows\System\RcLTrnB.exe
  C:\Windows\System\RcLTrnB.exe
  2⤵
  PID:12168
- C:\Windows\System\zNWlXmc.exe
  C:\Windows\System\zNWlXmc.exe
  2⤵
  PID:12224
- C:\Windows\System\oAoohhH.exe
  C:\Windows\System\oAoohhH.exe
  2⤵
  PID:1524
- C:\Windows\System\KLePQQT.exe
  C:\Windows\System\KLePQQT.exe
  2⤵
  PID:11436
- C:\Windows\System\RMsiOCP.exe
  C:\Windows\System\RMsiOCP.exe
  2⤵
  PID:8
- C:\Windows\System\HmPgCSP.exe
  C:\Windows\System\HmPgCSP.exe
  2⤵
  PID:11904
- C:\Windows\System\ErBpVFm.exe
  C:\Windows\System\ErBpVFm.exe
  2⤵
  PID:3860
- C:\Windows\System\YCAdomC.exe
  C:\Windows\System\YCAdomC.exe
  2⤵
  PID:4244
- C:\Windows\System\xTgAPjm.exe
  C:\Windows\System\xTgAPjm.exe
  2⤵
  PID:12252
- C:\Windows\System\FuMnhiv.exe
  C:\Windows\System\FuMnhiv.exe
  2⤵
  PID:5356
- C:\Windows\System\UIiZYQY.exe
  C:\Windows\System\UIiZYQY.exe
  2⤵
  PID:5160
- C:\Windows\System\EpPmrqr.exe
  C:\Windows\System\EpPmrqr.exe
  2⤵
  PID:5472
- C:\Windows\System\NtfpUKB.exe
  C:\Windows\System\NtfpUKB.exe
  2⤵
  PID:5484
- C:\Windows\System\qjdYjHk.exe
  C:\Windows\System\qjdYjHk.exe
  2⤵
  PID:5368
- C:\Windows\System\dokMDGQ.exe
  C:\Windows\System\dokMDGQ.exe
  2⤵
  PID:5576
- C:\Windows\System\dwpUYuA.exe
  C:\Windows\System\dwpUYuA.exe
  2⤵
  PID:5316
- C:\Windows\System\tGzSdRS.exe
  C:\Windows\System\tGzSdRS.exe
  2⤵
  PID:5540
- C:\Windows\System\WLyCBpX.exe
  C:\Windows\System\WLyCBpX.exe
  2⤵
  PID:5680
- C:\Windows\System\cVfEyoV.exe
  C:\Windows\System\cVfEyoV.exe
  2⤵
  PID:2036
- C:\Windows\System\QaSBJdC.exe
  C:\Windows\System\QaSBJdC.exe
  2⤵
  PID:5520
- C:\Windows\System\penOkmC.exe
  C:\Windows\System\penOkmC.exe
  2⤵
  PID:5800
- C:\Windows\System\nUDghVX.exe
  C:\Windows\System\nUDghVX.exe
  2⤵
  PID:5820
- C:\Windows\System\XIaFMbJ.exe
  C:\Windows\System\XIaFMbJ.exe
  2⤵
  PID:12320
- C:\Windows\System\HwuQkaW.exe
  C:\Windows\System\HwuQkaW.exe
  2⤵
  PID:12336
- C:\Windows\System\cySukSe.exe
  C:\Windows\System\cySukSe.exe
  2⤵
  PID:12364
- C:\Windows\System\vwUGyyn.exe
  C:\Windows\System\vwUGyyn.exe
  2⤵
  PID:12392
- C:\Windows\System\lMYKTdB.exe
  C:\Windows\System\lMYKTdB.exe
  2⤵
  PID:12420
- C:\Windows\System\JWKXsGg.exe
  C:\Windows\System\JWKXsGg.exe
  2⤵
  PID:12448
- C:\Windows\System\czXcoau.exe
  C:\Windows\System\czXcoau.exe
  2⤵
  PID:12476
- C:\Windows\System\NLZyHlQ.exe
  C:\Windows\System\NLZyHlQ.exe
  2⤵
  PID:12508
- C:\Windows\System\msGCHgb.exe
  C:\Windows\System\msGCHgb.exe
  2⤵
  PID:12536
- C:\Windows\System\WMeYUKN.exe
  C:\Windows\System\WMeYUKN.exe
  2⤵
  PID:12564
- C:\Windows\System\zbgdyxk.exe
  C:\Windows\System\zbgdyxk.exe
  2⤵
  PID:12592
- C:\Windows\System\HezQXYa.exe
  C:\Windows\System\HezQXYa.exe
  2⤵
  PID:12620
- C:\Windows\System\XgdRYJo.exe
  C:\Windows\System\XgdRYJo.exe
  2⤵
  PID:12648
- C:\Windows\System\ZfITFLG.exe
  C:\Windows\System\ZfITFLG.exe
  2⤵
  PID:12676
- C:\Windows\System\oKluzdE.exe
  C:\Windows\System\oKluzdE.exe
  2⤵
  PID:12704
- C:\Windows\System\ZoKiVhe.exe
  C:\Windows\System\ZoKiVhe.exe
  2⤵
  PID:12732
- C:\Windows\System\qMCogFx.exe
  C:\Windows\System\qMCogFx.exe
  2⤵
  PID:12768
- C:\Windows\System\rVsjInt.exe
  C:\Windows\System\rVsjInt.exe
  2⤵
  PID:12796
- C:\Windows\System\tKqHzLc.exe
  C:\Windows\System\tKqHzLc.exe
  2⤵
  PID:12824
- C:\Windows\System\uZOrhcp.exe
  C:\Windows\System\uZOrhcp.exe
  2⤵
  PID:12852
- C:\Windows\System\bywQefz.exe
  C:\Windows\System\bywQefz.exe
  2⤵
  PID:12880
- C:\Windows\System\FIHLLof.exe
  C:\Windows\System\FIHLLof.exe
  2⤵
  PID:12908
- C:\Windows\System\oQFJoLU.exe
  C:\Windows\System\oQFJoLU.exe
  2⤵
  PID:12936
- C:\Windows\System\idqEFrG.exe
  C:\Windows\System\idqEFrG.exe
  2⤵
  PID:12964
- C:\Windows\System\XZRmaRc.exe
  C:\Windows\System\XZRmaRc.exe
  2⤵
  PID:13004
- C:\Windows\System\QfeyMEq.exe
  C:\Windows\System\QfeyMEq.exe
  2⤵
  PID:13020
- C:\Windows\System\AvJOyrf.exe
  C:\Windows\System\AvJOyrf.exe
  2⤵
  PID:13048
- C:\Windows\System\ksGOpKY.exe
  C:\Windows\System\ksGOpKY.exe
  2⤵
  PID:13076
- C:\Windows\System\lHbLDAb.exe
  C:\Windows\System\lHbLDAb.exe
  2⤵
  PID:13104
- C:\Windows\System\ixrTgGZ.exe
  C:\Windows\System\ixrTgGZ.exe
  2⤵
  PID:13136
- C:\Windows\System\hiZcyCL.exe
  C:\Windows\System\hiZcyCL.exe
  2⤵
  PID:13164
- C:\Windows\System\zbQTMZj.exe
  C:\Windows\System\zbQTMZj.exe
  2⤵
  PID:13192
- C:\Windows\System\waXDFrw.exe
  C:\Windows\System\waXDFrw.exe
  2⤵
  PID:13220
- C:\Windows\System\PkQApFl.exe
  C:\Windows\System\PkQApFl.exe
  2⤵
  PID:13252
- C:\Windows\System\tHAyznK.exe
  C:\Windows\System\tHAyznK.exe
  2⤵
  PID:13288
- C:\Windows\System\gkjrRIv.exe
  C:\Windows\System\gkjrRIv.exe
  2⤵
  PID:5848
- C:\Windows\System\TzWLMnt.exe
  C:\Windows\System\TzWLMnt.exe
  2⤵
  PID:12332
- C:\Windows\System\qgWCrxx.exe
  C:\Windows\System\qgWCrxx.exe
  2⤵
  PID:12376
- C:\Windows\System\IzPRBtF.exe
  C:\Windows\System\IzPRBtF.exe
  2⤵
  PID:12384
- C:\Windows\System\MSWOkER.exe
  C:\Windows\System\MSWOkER.exe
  2⤵
  PID:12472
- C:\Windows\System\pkcZnHA.exe
  C:\Windows\System\pkcZnHA.exe
  2⤵
  PID:12520
- C:\Windows\System\OVuIUzh.exe
  C:\Windows\System\OVuIUzh.exe
  2⤵
  PID:696
- C:\Windows\System\tAjfBoc.exe
  C:\Windows\System\tAjfBoc.exe
  2⤵
  PID:12632
- C:\Windows\System\rYnPdVz.exe
  C:\Windows\System\rYnPdVz.exe
  2⤵
  PID:12688
- C:\Windows\System\dWLOxrV.exe
  C:\Windows\System\dWLOxrV.exe
  2⤵
  PID:12728
- C:\Windows\System\VEJexFg.exe
  C:\Windows\System\VEJexFg.exe
  2⤵
  PID:12780
- C:\Windows\System\aVKUWdE.exe
  C:\Windows\System\aVKUWdE.exe
  2⤵
  PID:12820
- C:\Windows\System\HDFXami.exe
  C:\Windows\System\HDFXami.exe
  2⤵
  PID:12872
- C:\Windows\System\ZWUYpfd.exe
  C:\Windows\System\ZWUYpfd.exe
  2⤵
  PID:12900
- C:\Windows\System\cBkHERm.exe
  C:\Windows\System\cBkHERm.exe
  2⤵
  PID:12948
- C:\Windows\System\bfUpfyy.exe
  C:\Windows\System\bfUpfyy.exe
  2⤵
  PID:12988
- C:\Windows\System\sECOAyP.exe
  C:\Windows\System\sECOAyP.exe
  2⤵
  PID:13032
- C:\Windows\System\zxKldsg.exe
  C:\Windows\System\zxKldsg.exe
  2⤵
  PID:13068
- C:\Windows\System\hYBGpXQ.exe
  C:\Windows\System\hYBGpXQ.exe
  2⤵
  PID:1348
- C:\Windows\System\edEULSY.exe
  C:\Windows\System\edEULSY.exe
  2⤵
  PID:13160
- C:\Windows\System\ImOoEdX.exe
  C:\Windows\System\ImOoEdX.exe
  2⤵
  PID:13212
- C:\Windows\System\HNwBDQL.exe
  C:\Windows\System\HNwBDQL.exe
  2⤵
  PID:13236
- C:\Windows\System\YZPLOxF.exe
  C:\Windows\System\YZPLOxF.exe
  2⤵
  PID:5760
- C:\Windows\System\qosroNU.exe
  C:\Windows\System\qosroNU.exe
  2⤵
  PID:5508
- C:\Windows\System\HZKsmvW.exe
  C:\Windows\System\HZKsmvW.exe
  2⤵
  PID:6152
- C:\Windows\System\bobIvYO.exe
  C:\Windows\System\bobIvYO.exe
  2⤵
  PID:13280
- C:\Windows\System\yEIRIfn.exe
  C:\Windows\System\yEIRIfn.exe
  2⤵
  PID:6216
- C:\Windows\System\hxKDyxw.exe
  C:\Windows\System\hxKDyxw.exe
  2⤵
  PID:4924
- C:\Windows\System\pjBTRFw.exe
  C:\Windows\System\pjBTRFw.exe
  2⤵
  PID:4400
- C:\Windows\System\HHNYiFg.exe
  C:\Windows\System\HHNYiFg.exe
  2⤵
  PID:5888
- C:\Windows\System\POAXXsz.exe
  C:\Windows\System\POAXXsz.exe
  2⤵
  PID:1056
- C:\Windows\System\pRksNtG.exe
  C:\Windows\System\pRksNtG.exe
  2⤵
  PID:3904
- C:\Windows\System\HaKuFTe.exe
  C:\Windows\System\HaKuFTe.exe
  2⤵
  PID:6352
- C:\Windows\System\ROzovWH.exe
  C:\Windows\System\ROzovWH.exe
  2⤵
  PID:12496
- C:\Windows\System\BwiBPPJ.exe
  C:\Windows\System\BwiBPPJ.exe
  2⤵
  PID:4960
- C:\Windows\System\OmbPSGi.exe
  C:\Windows\System\OmbPSGi.exe
  2⤵
  PID:4456
- C:\Windows\System\WWOHGfC.exe
  C:\Windows\System\WWOHGfC.exe
  2⤵
  PID:5036
- C:\Windows\System\KlijXFQ.exe
  C:\Windows\System\KlijXFQ.exe
  2⤵
  PID:2684
- C:\Windows\System\kjWnAjl.exe
  C:\Windows\System\kjWnAjl.exe
  2⤵
  PID:6528
- C:\Windows\System\UWWAjZy.exe
  C:\Windows\System\UWWAjZy.exe
  2⤵
  PID:12668
- C:\Windows\System\zNwVZkA.exe
  C:\Windows\System\zNwVZkA.exe
  2⤵
  PID:12716
- C:\Windows\System\DuXOUoa.exe
  C:\Windows\System\DuXOUoa.exe
  2⤵
  PID:12808
- C:\Windows\System\qjyPAsr.exe
  C:\Windows\System\qjyPAsr.exe
  2⤵
  PID:5608
- C:\Windows\System\daEUBYw.exe
  C:\Windows\System\daEUBYw.exe
  2⤵
  PID:13132
- C:\Windows\System\LoqQjFH.exe
  C:\Windows\System\LoqQjFH.exe
  2⤵
  PID:12932
- C:\Windows\System\bxwyFpS.exe
  C:\Windows\System\bxwyFpS.exe
  2⤵
  PID:5920
- C:\Windows\System\KcPJfTG.exe
  C:\Windows\System\KcPJfTG.exe
  2⤵
  PID:6044
- C:\Windows\System\HfvQnQK.exe
  C:\Windows\System\HfvQnQK.exe
  2⤵
  PID:6824
- C:\Windows\System\FZpOaLP.exe
  C:\Windows\System\FZpOaLP.exe
  2⤵
  PID:1020
- C:\Windows\System\yOIEoyx.exe
  C:\Windows\System\yOIEoyx.exe
  2⤵
  PID:5684
- C:\Windows\System\xcqzFTG.exe
  C:\Windows\System\xcqzFTG.exe
  2⤵
  PID:32
- C:\Windows\System\XklLXlX.exe
  C:\Windows\System\XklLXlX.exe
  2⤵
  PID:2672
- C:\Windows\System\IeaLPHK.exe
  C:\Windows\System\IeaLPHK.exe
  2⤵
  PID:6948
- C:\Windows\System\WRAmBot.exe
  C:\Windows\System\WRAmBot.exe
  2⤵
  PID:3476
- C:\Windows\System\oOehURs.exe
  C:\Windows\System\oOehURs.exe
  2⤵
  PID:2260
- C:\Windows\System\TJfBzPk.exe
  C:\Windows\System\TJfBzPk.exe
  2⤵
  PID:6272
- C:\Windows\System\zDhreKn.exe
  C:\Windows\System\zDhreKn.exe
  2⤵
  PID:2960
- C:\Windows\System\HyaerhU.exe
  C:\Windows\System\HyaerhU.exe
  2⤵
  PID:7068
- C:\Windows\System\yLCZRIF.exe
  C:\Windows\System\yLCZRIF.exe
  2⤵
  PID:7096
- C:\Windows\System\NntCpzL.exe
  C:\Windows\System\NntCpzL.exe
  2⤵
  PID:4740
- C:\Windows\System\OCkVXZv.exe
  C:\Windows\System\OCkVXZv.exe
  2⤵
  PID:6444
- C:\Windows\System\LHbWDnM.exe
  C:\Windows\System\LHbWDnM.exe
  2⤵
  PID:6496
- C:\Windows\System\WaJqPZe.exe
  C:\Windows\System\WaJqPZe.exe
  2⤵
  PID:13296
- C:\Windows\System\ZkqgxEe.exe
  C:\Windows\System\ZkqgxEe.exe
  2⤵
  PID:3608
- C:\Windows\System\cJqwJPj.exe
  C:\Windows\System\cJqwJPj.exe
  2⤵
  PID:6288
- C:\Windows\System\HrWtWnt.exe
  C:\Windows\System\HrWtWnt.exe
  2⤵
  PID:4308
- C:\Windows\System\pYODzwz.exe
  C:\Windows\System\pYODzwz.exe
  2⤵
  PID:6404
- C:\Windows\System\gyinSnl.exe
  C:\Windows\System\gyinSnl.exe
  2⤵
  PID:6480
- C:\Windows\System\cvAabgs.exe
  C:\Windows\System\cvAabgs.exe
  2⤵
  PID:13116
- C:\Windows\System\vjfouFQ.exe
  C:\Windows\System\vjfouFQ.exe
  2⤵
  PID:412
- C:\Windows\System\lqzzJQA.exe
  C:\Windows\System\lqzzJQA.exe
  2⤵
  PID:6616
- C:\Windows\System\kfEMohp.exe
  C:\Windows\System\kfEMohp.exe
  2⤵
  PID:6688
- C:\Windows\System\loCOCWt.exe
  C:\Windows\System\loCOCWt.exe
  2⤵
  PID:7020
- C:\Windows\System\sRIdRIP.exe
  C:\Windows\System\sRIdRIP.exe
  2⤵
  PID:12360
- C:\Windows\System\DoxMaSr.exe
  C:\Windows\System\DoxMaSr.exe
  2⤵
  PID:5224
- C:\Windows\System\HLGPYAq.exe
  C:\Windows\System\HLGPYAq.exe
  2⤵
  PID:12612
- C:\Windows\System\HyrPYnO.exe
  C:\Windows\System\HyrPYnO.exe
  2⤵
  PID:640
- C:\Windows\System\pwLPKxH.exe
  C:\Windows\System\pwLPKxH.exe
  2⤵
  PID:12756
- C:\Windows\System\lMVzPlT.exe
  C:\Windows\System\lMVzPlT.exe
  2⤵
  PID:5564
- C:\Windows\System\VeZTECc.exe
  C:\Windows\System\VeZTECc.exe
  2⤵
  PID:1972
- C:\Windows\System\zKDCHcI.exe
  C:\Windows\System\zKDCHcI.exe
  2⤵
  PID:5632
- C:\Windows\System\nrEqMvA.exe
  C:\Windows\System\nrEqMvA.exe
  2⤵
  PID:6764
- C:\Windows\System\ppVyAEc.exe
  C:\Windows\System\ppVyAEc.exe
  2⤵
  PID:2944
- C:\Windows\System\QNjtdKS.exe
  C:\Windows\System\QNjtdKS.exe
  2⤵
  PID:3200
- C:\Windows\System\xwnPrrH.exe
  C:\Windows\System\xwnPrrH.exe
  2⤵
  PID:6240
- C:\Windows\System\IhgrATz.exe
  C:\Windows\System\IhgrATz.exe
  2⤵
  PID:6852
- C:\Windows\System\cuXQYGZ.exe
  C:\Windows\System\cuXQYGZ.exe
  2⤵
  PID:6880
- C:\Windows\System\COkDnhH.exe
  C:\Windows\System\COkDnhH.exe
  2⤵
  PID:4828
- C:\Windows\System\NFgguNm.exe
  C:\Windows\System\NFgguNm.exe
  2⤵
  PID:4036
- C:\Windows\System\EoVFHiD.exe
  C:\Windows\System\EoVFHiD.exe
  2⤵
  PID:6336
- C:\Windows\System\clShPVX.exe
  C:\Windows\System\clShPVX.exe
  2⤵
  PID:6856
- C:\Windows\System\GFHZKRS.exe
  C:\Windows\System\GFHZKRS.exe
  2⤵
  PID:6864
- C:\Windows\System\WFrvPhb.exe
  C:\Windows\System\WFrvPhb.exe
  2⤵
  PID:7276
- C:\Windows\System\GRBQwsR.exe
  C:\Windows\System\GRBQwsR.exe
  2⤵
  PID:7304
- C:\Windows\System\wBskQQN.exe
  C:\Windows\System\wBskQQN.exe
  2⤵
  PID:4404
- C:\Windows\System\pIxGfcj.exe
  C:\Windows\System\pIxGfcj.exe
  2⤵
  PID:7400
- C:\Windows\System\kRaIrKo.exe
  C:\Windows\System\kRaIrKo.exe
  2⤵
  PID:7420
- C:\Windows\System\iokLPlR.exe
  C:\Windows\System\iokLPlR.exe
  2⤵
  PID:6784
- C:\Windows\System\geqyLUs.exe
  C:\Windows\System\geqyLUs.exe
  2⤵
  PID:3084
- C:\Windows\System\IWosXRa.exe
  C:\Windows\System\IWosXRa.exe
  2⤵
  PID:5104
- C:\Windows\System\aAELmGO.exe
  C:\Windows\System\aAELmGO.exe
  2⤵
  PID:7624
- C:\Windows\System\AvekZXr.exe
  C:\Windows\System\AvekZXr.exe
  2⤵
  PID:2232
- C:\Windows\System\oeMzECK.exe
  C:\Windows\System\oeMzECK.exe
  2⤵
  PID:7480
- C:\Windows\System\oMFqkHG.exe
  C:\Windows\System\oMFqkHG.exe
  2⤵
  PID:7820
- C:\Windows\System\Dyyzlre.exe
  C:\Windows\System\Dyyzlre.exe
  2⤵
  PID:7364
- C:\Windows\System\sdXETGg.exe
  C:\Windows\System\sdXETGg.exe
  2⤵
  PID:2336
- C:\Windows\System\dOczEih.exe
  C:\Windows\System\dOczEih.exe
  2⤵
  PID:7952
- C:\Windows\System\XlQFdhE.exe
  C:\Windows\System\XlQFdhE.exe
  2⤵
  PID:6456
- C:\Windows\System\gSvtgnf.exe
  C:\Windows\System\gSvtgnf.exe
  2⤵
  PID:7924
- C:\Windows\System\DMrVnig.exe
  C:\Windows\System\DMrVnig.exe
  2⤵
  PID:8072
- C:\Windows\System\hsogOFH.exe
  C:\Windows\System\hsogOFH.exe
  2⤵
  PID:64
- C:\Windows\System\gDDNJeV.exe
  C:\Windows\System\gDDNJeV.exe
  2⤵
  PID:3460
- C:\Windows\System\yqvbyRe.exe
  C:\Windows\System\yqvbyRe.exe
  2⤵
  PID:8168
- C:\Windows\System\XCDzOcj.exe
  C:\Windows\System\XCDzOcj.exe
  2⤵
  PID:1892
- C:\Windows\System\JrlHcen.exe
  C:\Windows\System\JrlHcen.exe
  2⤵
  PID:7184
- C:\Windows\System\sdHetNm.exe
  C:\Windows\System\sdHetNm.exe
  2⤵
  PID:1324
- C:\Windows\System\cWjWKDP.exe
  C:\Windows\System\cWjWKDP.exe
  2⤵
  PID:7308
- C:\Windows\System\xVukVvp.exe
  C:\Windows\System\xVukVvp.exe
  2⤵
  PID:4580
- C:\Windows\System\FdDXXuD.exe
  C:\Windows\System\FdDXXuD.exe
  2⤵
  PID:7548
- C:\Windows\System\FeSblcb.exe
  C:\Windows\System\FeSblcb.exe
  2⤵
  PID:13320
- C:\Windows\System\cWauiRK.exe
  C:\Windows\System\cWauiRK.exe
  2⤵
  PID:13348
- C:\Windows\System\TWTqbdF.exe
  C:\Windows\System\TWTqbdF.exe
  2⤵
  PID:13376
- C:\Windows\System\NzCDHPE.exe
  C:\Windows\System\NzCDHPE.exe
  2⤵
  PID:13404
- C:\Windows\System\TRoNfXf.exe
  C:\Windows\System\TRoNfXf.exe
  2⤵
  PID:13432
- C:\Windows\System\tTYugBS.exe
  C:\Windows\System\tTYugBS.exe
  2⤵
  PID:13460
- C:\Windows\System\OpjxGES.exe
  C:\Windows\System\OpjxGES.exe
  2⤵
  PID:13488
- C:\Windows\System\tBFBkbE.exe
  C:\Windows\System\tBFBkbE.exe
  2⤵
  PID:13516
- C:\Windows\System\xEXGUeB.exe
  C:\Windows\System\xEXGUeB.exe
  2⤵
  PID:13544
- C:\Windows\System\mSXHlmo.exe
  C:\Windows\System\mSXHlmo.exe
  2⤵
  PID:13572
- C:\Windows\System\JgoVjmN.exe
  C:\Windows\System\JgoVjmN.exe
  2⤵
  PID:13600
- C:\Windows\System\IumUTbX.exe
  C:\Windows\System\IumUTbX.exe
  2⤵
  PID:13628
- C:\Windows\System\FeLDnrl.exe
  C:\Windows\System\FeLDnrl.exe
  2⤵
  PID:13656
- C:\Windows\System\niydPRR.exe
  C:\Windows\System\niydPRR.exe
  2⤵
  PID:13684
- C:\Windows\System\Ptlviba.exe
  C:\Windows\System\Ptlviba.exe
  2⤵
  PID:13712
- C:\Windows\System\lXecaLb.exe
  C:\Windows\System\lXecaLb.exe
  2⤵
  PID:13740
- C:\Windows\System\JgdYgrx.exe
  C:\Windows\System\JgdYgrx.exe
  2⤵
  PID:13768
- C:\Windows\System\gJYbLPb.exe
  C:\Windows\System\gJYbLPb.exe
  2⤵
  PID:13796
- C:\Windows\System\kMzSrTu.exe
  C:\Windows\System\kMzSrTu.exe
  2⤵
  PID:13824
- C:\Windows\System\QzFVJQc.exe
  C:\Windows\System\QzFVJQc.exe
  2⤵
  PID:13852
- C:\Windows\System\CVIYGgc.exe
  C:\Windows\System\CVIYGgc.exe
  2⤵
  PID:13880
- C:\Windows\System\xgRyuJZ.exe
  C:\Windows\System\xgRyuJZ.exe
  2⤵
  PID:13908
- C:\Windows\System\IlKhhAS.exe
  C:\Windows\System\IlKhhAS.exe
  2⤵
  PID:13936
- C:\Windows\System\zgVJFBU.exe
  C:\Windows\System\zgVJFBU.exe
  2⤵
  PID:13968
- C:\Windows\System\FfVfKuQ.exe
  C:\Windows\System\FfVfKuQ.exe
  2⤵
  PID:13996
- C:\Windows\System\kJJoolU.exe
  C:\Windows\System\kJJoolU.exe
  2⤵
  PID:14032
- C:\Windows\System\JGvibww.exe
  C:\Windows\System\JGvibww.exe
  2⤵
  PID:14052
- C:\Windows\System\cZUyMGu.exe
  C:\Windows\System\cZUyMGu.exe
  2⤵
  PID:14080
- C:\Windows\System\bmFnvzF.exe
  C:\Windows\System\bmFnvzF.exe
  2⤵
  PID:14108
- C:\Windows\System\BFERWia.exe
  C:\Windows\System\BFERWia.exe
  2⤵
  PID:14136
- C:\Windows\System\gQxTHmu.exe
  C:\Windows\System\gQxTHmu.exe
  2⤵
  PID:14164
- C:\Windows\System\pchagpO.exe
  C:\Windows\System\pchagpO.exe
  2⤵
  PID:14192
- C:\Windows\System\ydlTQaV.exe
  C:\Windows\System\ydlTQaV.exe
  2⤵
  PID:14220
- C:\Windows\System\ggIJRVZ.exe
  C:\Windows\System\ggIJRVZ.exe
  2⤵
  PID:14248
- C:\Windows\System\yQQAmEV.exe
  C:\Windows\System\yQQAmEV.exe
  2⤵
  PID:14276
- C:\Windows\System\FAERkkx.exe
  C:\Windows\System\FAERkkx.exe
  2⤵
  PID:14304
- C:\Windows\System\MhfuWhc.exe
  C:\Windows\System\MhfuWhc.exe
  2⤵
  PID:14332
- C:\Windows\System\fVJqGqU.exe
  C:\Windows\System\fVJqGqU.exe
  2⤵
  PID:13344
- C:\Windows\System\MZpfQLw.exe
  C:\Windows\System\MZpfQLw.exe
  2⤵
  PID:6656
- C:\Windows\System\KYbytLL.exe
  C:\Windows\System\KYbytLL.exe
  2⤵
  PID:13416
- C:\Windows\System\wFvEXQn.exe
  C:\Windows\System\wFvEXQn.exe
  2⤵
  PID:7968
- C:\Windows\System\SkATYTX.exe
  C:\Windows\System\SkATYTX.exe
  2⤵
  PID:8028
- C:\Windows\System\xHvjKTb.exe
  C:\Windows\System\xHvjKTb.exe
  2⤵
  PID:13512
- C:\Windows\System\ZlunQCZ.exe
  C:\Windows\System\ZlunQCZ.exe
  2⤵
  PID:7188
- C:\Windows\System\fCQDjCi.exe
  C:\Windows\System\fCQDjCi.exe
  2⤵
  PID:13592
- C:\Windows\System\RQWWeVU.exe
  C:\Windows\System\RQWWeVU.exe
  2⤵
  PID:13640
- C:\Windows\System\qYDJDds.exe
  C:\Windows\System\qYDJDds.exe
  2⤵
  PID:13676
- C:\Windows\System\MakoaNm.exe
  C:\Windows\System\MakoaNm.exe
  2⤵
  PID:13724
- C:\Windows\System\zJMAXBd.exe
  C:\Windows\System\zJMAXBd.exe
  2⤵
  PID:7856
- C:\Windows\System\ZjHPBNY.exe
  C:\Windows\System\ZjHPBNY.exe
  2⤵
  PID:7360
- C:\Windows\System\PAVrJLP.exe
  C:\Windows\System\PAVrJLP.exe
  2⤵
  PID:7568
- C:\Windows\System\kseCJJR.exe
  C:\Windows\System\kseCJJR.exe
  2⤵
  PID:13848
- C:\Windows\System\zOrSsFU.exe
  C:\Windows\System\zOrSsFU.exe
  2⤵
  PID:13900
- C:\Windows\System\oznatVN.exe
  C:\Windows\System\oznatVN.exe
  2⤵
  PID:7732
- C:\Windows\System\KSqKqrZ.exe
  C:\Windows\System\KSqKqrZ.exe
  2⤵
  PID:13980
- C:\Windows\System\VEPAHqo.exe
  C:\Windows\System\VEPAHqo.exe
  2⤵
  PID:8228
- C:\Windows\System\AWcmnEq.exe
  C:\Windows\System\AWcmnEq.exe
  2⤵
  PID:14048
- C:\Windows\System\PHOKxRk.exe
  C:\Windows\System\PHOKxRk.exe
  2⤵
  PID:8320
- C:\Windows\System\Fkwrixp.exe
  C:\Windows\System\Fkwrixp.exe
  2⤵
  PID:8340
- C:\Windows\System\XQEvxmS.exe
  C:\Windows\System\XQEvxmS.exe
  2⤵
  PID:8392
- C:\Windows\System\FacLyop.exe
  C:\Windows\System\FacLyop.exe
  2⤵
  PID:14216
- C:\Windows\System\kgMxeZv.exe
  C:\Windows\System\kgMxeZv.exe
  2⤵
  PID:8516
- C:\Windows\System\mvVPSWC.exe
  C:\Windows\System\mvVPSWC.exe
  2⤵
  PID:14300
- C:\Windows\System\KFyKdMe.exe
  C:\Windows\System\KFyKdMe.exe
  2⤵
  PID:8572
- C:\Windows\System\SBttolc.exe
  C:\Windows\System\SBttolc.exe
  2⤵
  PID:13372
- C:\Windows\System\yXJGsWS.exe
  C:\Windows\System\yXJGsWS.exe
  2⤵
  PID:7860
- C:\Windows\System\PWScCLL.exe
  C:\Windows\System\PWScCLL.exe
  2⤵
  PID:8672
- C:\Windows\System\TFWcqip.exe
  C:\Windows\System\TFWcqip.exe
  2⤵
  PID:13500
- C:\Windows\System\NoAaMGb.exe
  C:\Windows\System\NoAaMGb.exe
  2⤵
  PID:8148
- C:\Windows\System\vnUeZeq.exe
  C:\Windows\System\vnUeZeq.exe
  2⤵
  PID:7388
- C:\Windows\System\nrfsvli.exe
  C:\Windows\System\nrfsvli.exe
  2⤵
  PID:13648
- C:\Windows\System\mMCacrC.exe
  C:\Windows\System\mMCacrC.exe
  2⤵
  PID:8900
- C:\Windows\System\oyVrgsC.exe
  C:\Windows\System\oyVrgsC.exe
  2⤵
  PID:8920
- C:\Windows\System\YHaTsjt.exe
  C:\Windows\System\YHaTsjt.exe
  2⤵
  PID:13808
- C:\Windows\System\MZNOPgW.exe
  C:\Windows\System\MZNOPgW.exe
  2⤵
  PID:9004
- C:\Windows\System\dvGdFYi.exe
  C:\Windows\System\dvGdFYi.exe
  2⤵
  PID:8128
- C:\Windows\System\TiyYPKJ.exe
  C:\Windows\System\TiyYPKJ.exe
  2⤵
  PID:7696
- C:\Windows\System\WckZIqE.exe
  C:\Windows\System\WckZIqE.exe
  2⤵
  PID:8236
- C:\Windows\System\ymcNwNf.exe
  C:\Windows\System\ymcNwNf.exe
  2⤵
  PID:9180
- C:\Windows\System\aBLXyIh.exe
  C:\Windows\System\aBLXyIh.exe
  2⤵
  PID:9196
- C:\Windows\System\mMuciZW.exe
  C:\Windows\System\mMuciZW.exe
  2⤵
  PID:5844
- C:\Windows\System\EaXqCem.exe
  C:\Windows\System\EaXqCem.exe
  2⤵
  PID:8480
- C:\Windows\System\JjlMoNk.exe
  C:\Windows\System\JjlMoNk.exe
  2⤵
  PID:8412
- C:\Windows\System\QkpLEHU.exe
  C:\Windows\System\QkpLEHU.exe
  2⤵
  PID:7704
- C:\Windows\System\KQsnPQT.exe
  C:\Windows\System\KQsnPQT.exe
  2⤵
  PID:8628
- C:\Windows\System\DgPYqvO.exe
  C:\Windows\System\DgPYqvO.exe
  2⤵
  PID:8716
- C:\Windows\System\LMNeVMM.exe
  C:\Windows\System\LMNeVMM.exe
  2⤵
  PID:8048
- C:\Windows\System\aYfpyrh.exe
  C:\Windows\System\aYfpyrh.exe
  2⤵
  PID:8820
- C:\Windows\System\xriAdGb.exe
  C:\Windows\System\xriAdGb.exe
  2⤵
  PID:13624
- C:\Windows\System\qNiMhpx.exe
  C:\Windows\System\qNiMhpx.exe
  2⤵
  PID:13708
- C:\Windows\System\LGFCScR.exe
  C:\Windows\System\LGFCScR.exe
  2⤵
  PID:9092
- C:\Windows\System\CAnKFkK.exe
  C:\Windows\System\CAnKFkK.exe
  2⤵
  PID:7992
- C:\Windows\System\LQULwAc.exe
  C:\Windows\System\LQULwAc.exe
  2⤵
  PID:13960
- C:\Windows\System\lhJgnKX.exe
  C:\Windows\System\lhJgnKX.exe
  2⤵
  PID:14008
- C:\Windows\System\DFugySa.exe
  C:\Windows\System\DFugySa.exe
  2⤵
  PID:8848
- C:\Windows\System\QaGqgDr.exe
  C:\Windows\System\QaGqgDr.exe
  2⤵
  PID:14176
- C:\Windows\System\pASXtsR.exe
  C:\Windows\System\pASXtsR.exe
  2⤵
  PID:8232
- C:\Windows\System\gVeoHAh.exe
  C:\Windows\System\gVeoHAh.exe
  2⤵
  PID:8520
- C:\Windows\System\WJilhbe.exe
  C:\Windows\System\WJilhbe.exe
  2⤵
  PID:14316
- C:\Windows\System\tmOoaMl.exe
  C:\Windows\System\tmOoaMl.exe
  2⤵
  PID:9244
- C:\Windows\System\XmcMlnO.exe
  C:\Windows\System\XmcMlnO.exe
  2⤵
  PID:8800
- C:\Windows\System\GIIUWrv.exe
  C:\Windows\System\GIIUWrv.exe
  2⤵
  PID:9332
- C:\Windows\System\hAhpRmW.exe
  C:\Windows\System\hAhpRmW.exe
  2⤵
  PID:8876
- C:\Windows\System\dfDaFxN.exe
  C:\Windows\System\dfDaFxN.exe
  2⤵
  PID:9424
- C:\Windows\System\fQNZHtR.exe
  C:\Windows\System\fQNZHtR.exe
  2⤵
  PID:9480
- C:\Windows\System\FPAxBre.exe
  C:\Windows\System\FPAxBre.exe
  2⤵
  PID:9500
- C:\Windows\System\AfxxcQN.exe
  C:\Windows\System\AfxxcQN.exe
  2⤵
  PID:8656
- C:\Windows\System\vUuXGht.exe
  C:\Windows\System\vUuXGht.exe
  2⤵
  PID:9592
- C:\Windows\System\oXiTHmK.exe
  C:\Windows\System\oXiTHmK.exe
  2⤵
  PID:8324
- C:\Windows\System\fsUlgdR.exe
  C:\Windows\System\fsUlgdR.exe
  2⤵
  PID:9676
- C:\Windows\System\jIwZbcL.exe
  C:\Windows\System\jIwZbcL.exe
  2⤵
  PID:7740
- C:\Windows\System\GuioXlf.exe
  C:\Windows\System\GuioXlf.exe
  2⤵
  PID:9760
- C:\Windows\System\ioDervV.exe
  C:\Windows\System\ioDervV.exe
  2⤵
  PID:5208
- C:\Windows\System\vMJgMhb.exe
  C:\Windows\System\vMJgMhb.exe
  2⤵
  PID:9384
- C:\Windows\System\mYKcyWV.exe
  C:\Windows\System\mYKcyWV.exe
  2⤵
  PID:9864
- C:\Windows\System\Fpcafcw.exe
  C:\Windows\System\Fpcafcw.exe
  2⤵
  PID:9068
- C:\Windows\System\nDAaDEs.exe
  C:\Windows\System\nDAaDEs.exe
  2⤵
  PID:8284
- C:\Windows\System\TnTmvjp.exe
  C:\Windows\System\TnTmvjp.exe
  2⤵
  PID:10008
- C:\Windows\System\MqhUqNc.exe
  C:\Windows\System\MqhUqNc.exe
  2⤵
  PID:8464
- C:\Windows\System\TNkqIBZ.exe
  C:\Windows\System\TNkqIBZ.exe
  2⤵
  PID:9692
- C:\Windows\System\HfJuLTq.exe
  C:\Windows\System\HfJuLTq.exe
  2⤵
  PID:10104
- C:\Windows\System\ihMDTcn.exe
  C:\Windows\System\ihMDTcn.exe
  2⤵
  PID:9360
- C:\Windows\System\gVLUqZT.exe
  C:\Windows\System\gVLUqZT.exe
  2⤵
  PID:10164
- C:\Windows\System\pQkaGbL.exe
  C:\Windows\System\pQkaGbL.exe
  2⤵
  PID:8348
- C:\Windows\System\wUSinOQ.exe
  C:\Windows\System\wUSinOQ.exe
  2⤵
  PID:6936
- C:\Windows\System\TpZbkOV.exe
  C:\Windows\System\TpZbkOV.exe
  2⤵
  PID:10224
- C:\Windows\System\TfkdcyO.exe
  C:\Windows\System\TfkdcyO.exe
  2⤵
  PID:9948
- C:\Windows\System\ZGAbqml.exe
  C:\Windows\System\ZGAbqml.exe
  2⤵
  PID:9284
- C:\Windows\System\WTUSorP.exe
  C:\Windows\System\WTUSorP.exe
  2⤵
  PID:9920
- C:\Windows\System\xLCkqmB.exe
  C:\Windows\System\xLCkqmB.exe
  2⤵
  PID:6488
- C:\Windows\System\doPrzUk.exe
  C:\Windows\System\doPrzUk.exe
  2⤵
  PID:14356
- C:\Windows\System\RmfprCU.exe
  C:\Windows\System\RmfprCU.exe
  2⤵
  PID:14396
- C:\Windows\System\tjfFsIj.exe
  C:\Windows\System\tjfFsIj.exe
  2⤵
  PID:14412
- C:\Windows\System\QRAbsEE.exe
  C:\Windows\System\QRAbsEE.exe
  2⤵
  PID:14440
- C:\Windows\System\QPvaATo.exe
  C:\Windows\System\QPvaATo.exe
  2⤵
  PID:14468
- C:\Windows\System\Ycutous.exe
  C:\Windows\System\Ycutous.exe
  2⤵
  PID:14496
- C:\Windows\System\SjfNVTh.exe
  C:\Windows\System\SjfNVTh.exe
  2⤵
  PID:14528
- C:\Windows\System\oRjhKei.exe
  C:\Windows\System\oRjhKei.exe
  2⤵
  PID:14556
- C:\Windows\System\IvjtrIm.exe
  C:\Windows\System\IvjtrIm.exe
  2⤵
  PID:14584
- C:\Windows\System\ybXpgJr.exe
  C:\Windows\System\ybXpgJr.exe
  2⤵
  PID:14612
- C:\Windows\System\yYTUaUt.exe
  C:\Windows\System\yYTUaUt.exe
  2⤵
  PID:14640
- C:\Windows\System\kMiEzYa.exe
  C:\Windows\System\kMiEzYa.exe
  2⤵
  PID:14668
- C:\Windows\System\EhTDONN.exe
  C:\Windows\System\EhTDONN.exe
  2⤵
  PID:14696
- C:\Windows\System\MEmfpQM.exe
  C:\Windows\System\MEmfpQM.exe
  2⤵
  PID:14724
- C:\Windows\System\GCDXEcG.exe
  C:\Windows\System\GCDXEcG.exe
  2⤵
  PID:14752
- C:\Windows\System\lQhihYc.exe
  C:\Windows\System\lQhihYc.exe
  2⤵
  PID:14780
- C:\Windows\System\foQgBmn.exe
  C:\Windows\System\foQgBmn.exe
  2⤵
  PID:14808
- C:\Windows\System\nvNMNim.exe
  C:\Windows\System\nvNMNim.exe
  2⤵
  PID:14836
- C:\Windows\System\bPGPbyt.exe
  C:\Windows\System\bPGPbyt.exe
  2⤵
  PID:14864
- C:\Windows\System\MzCrzWB.exe
  C:\Windows\System\MzCrzWB.exe
  2⤵
  PID:14892
- C:\Windows\System\kecTdQI.exe
  C:\Windows\System\kecTdQI.exe
  2⤵
  PID:14920
- C:\Windows\System\yhnKOIO.exe
  C:\Windows\System\yhnKOIO.exe
  2⤵
  PID:14948
- C:\Windows\System\PafkaMk.exe
  C:\Windows\System\PafkaMk.exe
  2⤵
  PID:14976
- C:\Windows\System\VtdpNLK.exe
  C:\Windows\System\VtdpNLK.exe
  2⤵
  PID:15004
- C:\Windows\System\GyRVPvN.exe
  C:\Windows\System\GyRVPvN.exe
  2⤵
  PID:15032
- C:\Windows\System\sFbNLHM.exe
  C:\Windows\System\sFbNLHM.exe
  2⤵
  PID:15060
- C:\Windows\System\AiqADHL.exe
  C:\Windows\System\AiqADHL.exe
  2⤵
  PID:15088
- C:\Windows\System\nbuWFiO.exe
  C:\Windows\System\nbuWFiO.exe
  2⤵
  PID:15116
- C:\Windows\System\NNTIjTt.exe
  C:\Windows\System\NNTIjTt.exe
  2⤵
  PID:15144
- C:\Windows\System\vpFsDEM.exe
  C:\Windows\System\vpFsDEM.exe
  2⤵
  PID:15172
- C:\Windows\System\eRXaEqk.exe
  C:\Windows\System\eRXaEqk.exe
  2⤵
  PID:15204
- C:\Windows\System\eWexFBE.exe
  C:\Windows\System\eWexFBE.exe
  2⤵
  PID:15232
- C:\Windows\System\qGObqdA.exe
  C:\Windows\System\qGObqdA.exe
  2⤵
  PID:15260
- C:\Windows\System\gegfZZn.exe
  C:\Windows\System\gegfZZn.exe
  2⤵
  PID:15288
- C:\Windows\System\PwUXnQh.exe
  C:\Windows\System\PwUXnQh.exe
  2⤵
  PID:15316
- C:\Windows\System\VyiGfZV.exe
  C:\Windows\System\VyiGfZV.exe
  2⤵
  PID:15344
- C:\Windows\System\hRZnzXt.exe
  C:\Windows\System\hRZnzXt.exe
  2⤵
  PID:14348
- C:\Windows\System\uEyAMOw.exe
  C:\Windows\System\uEyAMOw.exe
  2⤵
  PID:14404
- C:\Windows\System\sHmiNDu.exe
  C:\Windows\System\sHmiNDu.exe
  2⤵
  PID:14464
- C:\Windows\System\SIyHUCt.exe
  C:\Windows\System\SIyHUCt.exe
  2⤵
  PID:14520
- C:\Windows\System\tDUJxXw.exe
  C:\Windows\System\tDUJxXw.exe
  2⤵
  PID:14580
- C:\Windows\System\vlLHKMb.exe
  C:\Windows\System\vlLHKMb.exe
  2⤵
  PID:14652
- C:\Windows\System\mcnFxFK.exe
  C:\Windows\System\mcnFxFK.exe
  2⤵
  PID:14716
- C:\Windows\System\opPALdL.exe
  C:\Windows\System\opPALdL.exe
  2⤵
  PID:14776
- C:\Windows\System\zrFlQcQ.exe
  C:\Windows\System\zrFlQcQ.exe
  2⤵
  PID:14848
- C:\Windows\System\tLytkBk.exe
  C:\Windows\System\tLytkBk.exe
  2⤵
  PID:14904
- C:\Windows\System\XuCHMno.exe
  C:\Windows\System\XuCHMno.exe
  2⤵
  PID:6276
- C:\Windows\System\vLCvPwC.exe
  C:\Windows\System\vLCvPwC.exe
  2⤵
  PID:15024
- C:\Windows\System\HRMrGoU.exe
  C:\Windows\System\HRMrGoU.exe
  2⤵
  PID:15072
- C:\Windows\System\uYOkCvR.exe
  C:\Windows\System\uYOkCvR.exe
  2⤵
  PID:15136
- C:\Windows\System\lVMSNJZ.exe
  C:\Windows\System\lVMSNJZ.exe
  2⤵
  PID:15200
- C:\Windows\System\FFgmaWH.exe
  C:\Windows\System\FFgmaWH.exe
  2⤵
  PID:15272
- C:\Windows\System\VNQFvMx.exe
  C:\Windows\System\VNQFvMx.exe
  2⤵
  PID:15336
- C:\Windows\System\emjisLq.exe
  C:\Windows\System\emjisLq.exe
  2⤵
  PID:14432
- C:\Windows\System\tjtWoPk.exe
  C:\Windows\System\tjtWoPk.exe
  2⤵
  PID:14568
- C:\Windows\System\pAUVxqW.exe
  C:\Windows\System\pAUVxqW.exe
  2⤵
  PID:14708
- C:\Windows\System\wIcMxXq.exe
  C:\Windows\System\wIcMxXq.exe
  2⤵
  PID:14876
- C:\Windows\System\mDfhZBe.exe
  C:\Windows\System\mDfhZBe.exe
  2⤵
  PID:14960
- C:\Windows\System\YfPOGXj.exe
  C:\Windows\System\YfPOGXj.exe
  2⤵
  PID:14516
- C:\Windows\System\JQPwmtJ.exe
  C:\Windows\System\JQPwmtJ.exe
  2⤵
  PID:15196
- C:\Windows\System\vufrHvs.exe
  C:\Windows\System\vufrHvs.exe
  2⤵
  PID:15256
- C:\Windows\System\FzEtTaQ.exe
  C:\Windows\System\FzEtTaQ.exe
  2⤵
  PID:9616
- C:\Windows\System\BXvzJhw.exe
  C:\Windows\System\BXvzJhw.exe
  2⤵
  PID:14680
- C:\Windows\System\lFiArQV.exe
  C:\Windows\System\lFiArQV.exe
  2⤵
  PID:14944
- C:\Windows\System\ctutEsm.exe
  C:\Windows\System\ctutEsm.exe
  2⤵
  PID:15184
- C:\Windows\System\pajKQTy.exe
  C:\Windows\System\pajKQTy.exe
  2⤵
  PID:14480
- C:\Windows\System\SLDxsID.exe
  C:\Windows\System\SLDxsID.exe
  2⤵
  PID:7596
- C:\Windows\System\ACBHMah.exe
  C:\Windows\System\ACBHMah.exe
  2⤵
  PID:7564
- C:\Windows\System\UuLcbqd.exe
  C:\Windows\System\UuLcbqd.exe
  2⤵
  PID:15376
- C:\Windows\System\rlYlewv.exe
  C:\Windows\System\rlYlewv.exe
  2⤵
  PID:15404
- C:\Windows\System\XzQRvLm.exe
  C:\Windows\System\XzQRvLm.exe
  2⤵
  PID:15432
- C:\Windows\System\NsaUPEX.exe
  C:\Windows\System\NsaUPEX.exe
  2⤵
  PID:15464
- C:\Windows\System\SeoaiGL.exe
  C:\Windows\System\SeoaiGL.exe
  2⤵
  PID:15488
- C:\Windows\System\tJrlUGx.exe
  C:\Windows\System\tJrlUGx.exe
  2⤵
  PID:15524
- C:\Windows\System\SdGgAMB.exe
  C:\Windows\System\SdGgAMB.exe
  2⤵
  PID:15548
- C:\Windows\System\sbJSanh.exe
  C:\Windows\System\sbJSanh.exe
  2⤵
  PID:15576
- C:\Windows\System\WXuNZtt.exe
  C:\Windows\System\WXuNZtt.exe
  2⤵
  PID:15604
- C:\Windows\System\HcjxYnX.exe
  C:\Windows\System\HcjxYnX.exe
  2⤵
  PID:15632
- C:\Windows\System\lPsCkEQ.exe
  C:\Windows\System\lPsCkEQ.exe
  2⤵
  PID:15660
- C:\Windows\System\kfNceML.exe
  C:\Windows\System\kfNceML.exe
  2⤵
  PID:15688
- C:\Windows\System\StehhFZ.exe
  C:\Windows\System\StehhFZ.exe
  2⤵
  PID:15716
- C:\Windows\System\imawLqt.exe
  C:\Windows\System\imawLqt.exe
  2⤵
  PID:15744
- C:\Windows\System\dfadXvH.exe
  C:\Windows\System\dfadXvH.exe
  2⤵
  PID:15772
- C:\Windows\System\cRsUJxS.exe
  C:\Windows\System\cRsUJxS.exe
  2⤵
  PID:15808
- C:\Windows\System\RCDoDdK.exe
  C:\Windows\System\RCDoDdK.exe
  2⤵
  PID:15828
- C:\Windows\System\bDiUBbI.exe
  C:\Windows\System\bDiUBbI.exe
  2⤵
  PID:15856
- C:\Windows\System\tjkffOm.exe
  C:\Windows\System\tjkffOm.exe
  2⤵
  PID:15884
- C:\Windows\System\qGCMwkz.exe
  C:\Windows\System\qGCMwkz.exe
  2⤵
  PID:15912
- C:\Windows\System\jjPdbIO.exe
  C:\Windows\System\jjPdbIO.exe
  2⤵
  PID:15940
- C:\Windows\System\otWsuDs.exe
  C:\Windows\System\otWsuDs.exe
  2⤵
  PID:15968
- C:\Windows\System\fdOwOlS.exe
  C:\Windows\System\fdOwOlS.exe
  2⤵
  PID:15996
- C:\Windows\System\FcnHDTr.exe
  C:\Windows\System\FcnHDTr.exe
  2⤵
  PID:16024
- C:\Windows\System\jXsXlcS.exe
  C:\Windows\System\jXsXlcS.exe
  2⤵
  PID:16052
- C:\Windows\System\kUhbJkN.exe
  C:\Windows\System\kUhbJkN.exe
  2⤵
  PID:16080
- C:\Windows\System\XxYRUJI.exe
  C:\Windows\System\XxYRUJI.exe
  2⤵
  PID:16108
- C:\Windows\System\pIlXtpc.exe
  C:\Windows\System\pIlXtpc.exe
  2⤵
  PID:16144
- C:\Windows\System\gFJHrmC.exe
  C:\Windows\System\gFJHrmC.exe
  2⤵
  PID:16168
- C:\Windows\System\GNDZZyD.exe
  C:\Windows\System\GNDZZyD.exe
  2⤵
  PID:16196
- C:\Windows\System\NiGggjL.exe
  C:\Windows\System\NiGggjL.exe
  2⤵
  PID:16236
- C:\Windows\System\CKVsBsI.exe
  C:\Windows\System\CKVsBsI.exe
  2⤵
  PID:16256
- C:\Windows\System\ZBBRWcL.exe
  C:\Windows\System\ZBBRWcL.exe
  2⤵
  PID:16280
- C:\Windows\System\ngHfGhO.exe
  C:\Windows\System\ngHfGhO.exe
  2⤵
  PID:16308
- C:\Windows\System\pXgHslo.exe
  C:\Windows\System\pXgHslo.exe
  2⤵
  PID:16336
- C:\Windows\System\jprLDgw.exe
  C:\Windows\System\jprLDgw.exe
  2⤵
  PID:16364
- C:\Windows\System\PoarFFy.exe
  C:\Windows\System\PoarFFy.exe
  2⤵
  PID:15372
- C:\Windows\System\CgcruAu.exe
  C:\Windows\System\CgcruAu.exe
  2⤵
  PID:15428
- C:\Windows\System\QahZLvW.exe
  C:\Windows\System\QahZLvW.exe
  2⤵
  PID:8448
- C:\Windows\System\IKpvEKo.exe
  C:\Windows\System\IKpvEKo.exe
  2⤵
  PID:10136
- C:\Windows\System\mwmwawE.exe
  C:\Windows\System\mwmwawE.exe
  2⤵
  PID:15560
- C:\Windows\System\JlkngDF.exe
  C:\Windows\System\JlkngDF.exe
  2⤵
  PID:9476
- C:\Windows\System\cyVQHnZ.exe
  C:\Windows\System\cyVQHnZ.exe
  2⤵
  PID:15628
- C:\Windows\System\cFFAIag.exe
  C:\Windows\System\cFFAIag.exe
  2⤵
  PID:3408
- C:\Windows\System\oaJjdhP.exe
  C:\Windows\System\oaJjdhP.exe
  2⤵
  PID:15708
- C:\Windows\System\amxPLLL.exe
  C:\Windows\System\amxPLLL.exe
  2⤵
  PID:15756
- C:\Windows\System\PrNBdlp.exe
  C:\Windows\System\PrNBdlp.exe
  2⤵
  PID:3648
- C:\Windows\System\fGomDOn.exe
  C:\Windows\System\fGomDOn.exe
  2⤵
  PID:15824
- C:\Windows\System\VbEKeLM.exe
  C:\Windows\System\VbEKeLM.exe
  2⤵
  PID:2872
- C:\Windows\System\dYwgHkn.exe
  C:\Windows\System\dYwgHkn.exe
  2⤵
  PID:10080
- C:\Windows\System\XCKFiPc.exe
  C:\Windows\System\XCKFiPc.exe
  2⤵
  PID:15936
- C:\Windows\System\mvysBWl.exe
  C:\Windows\System\mvysBWl.exe
  2⤵
  PID:4564
- C:\Windows\System\ZzHorjg.exe
  C:\Windows\System\ZzHorjg.exe
  2⤵
  PID:16008
- C:\Windows\System\ygHQVbv.exe
  C:\Windows\System\ygHQVbv.exe
  2⤵
  PID:16048
- C:\Windows\System\peqUgCG.exe
  C:\Windows\System\peqUgCG.exe
  2⤵
  PID:10144
- C:\Windows\System\iacOlAb.exe
  C:\Windows\System\iacOlAb.exe
  2⤵
  PID:16128
- C:\Windows\System\hwacnVI.exe
  C:\Windows\System\hwacnVI.exe
  2⤵
  PID:10160
- C:\Windows\System\XlGJyxL.exe
  C:\Windows\System\XlGJyxL.exe
  2⤵
  PID:9764
- C:\Windows\System\QeTAQoj.exe
  C:\Windows\System\QeTAQoj.exe
  2⤵
  PID:16220
- C:\Windows\System\KnHBfWV.exe
  C:\Windows\System\KnHBfWV.exe
  2⤵
  PID:16264
- C:\Windows\System\okfTVuw.exe
  C:\Windows\System\okfTVuw.exe
  2⤵
  PID:10276
- C:\Windows\System\ZQDKnBR.exe
  C:\Windows\System\ZQDKnBR.exe
  2⤵
  PID:16332
- C:\Windows\System\YEGXaKM.exe
  C:\Windows\System\YEGXaKM.exe
  2⤵
  PID:10368
- C:\Windows\System\TWmOYRH.exe
  C:\Windows\System\TWmOYRH.exe
  2⤵
  PID:15416
- C:\Windows\System\TTLuyVj.exe
  C:\Windows\System\TTLuyVj.exe
  2⤵
  PID:15500
- C:\Windows\System\zuHfYAV.exe
  C:\Windows\System\zuHfYAV.exe
  2⤵
  PID:1828
- C:\Windows\System\PxSKPnS.exe
  C:\Windows\System\PxSKPnS.exe
  2⤵
  PID:10528
- C:\Windows\System\rHIZjhk.exe
  C:\Windows\System\rHIZjhk.exe
  2⤵
  PID:15624
- C:\Windows\System\MhrUDAH.exe
  C:\Windows\System\MhrUDAH.exe
  2⤵
  PID:15684
- C:\Windows\System\EqAAlVq.exe
  C:\Windows\System\EqAAlVq.exe
  2⤵
  PID:15740
- C:\Windows\System\wAbLBuF.exe
  C:\Windows\System\wAbLBuF.exe
  2⤵
  PID:15792
- C:\Windows\System\AxXBbub.exe
  C:\Windows\System\AxXBbub.exe
  2⤵
  PID:10732
- C:\Windows\System\nLRuiCY.exe
  C:\Windows\System\nLRuiCY.exe
  2⤵
  PID:4936
- C:\Windows\System\EceYlVy.exe
  C:\Windows\System\EceYlVy.exe
  2⤵
  PID:10816
- C:\Windows\System\AbxUVoc.exe
  C:\Windows\System\AbxUVoc.exe
  2⤵
  PID:9712
- C:\Windows\System\bWzsDDe.exe
  C:\Windows\System\bWzsDDe.exe
  2⤵
  PID:3524
- C:\Windows\System\imWlErc.exe
  C:\Windows\System\imWlErc.exe
  2⤵
  PID:10916
- C:\Windows\System\bnOUqTv.exe
  C:\Windows\System\bnOUqTv.exe
  2⤵
  PID:16208
- C:\Windows\System\wMwYdGi.exe
  C:\Windows\System\wMwYdGi.exe
  2⤵
  PID:9868
- C:\Windows\System\bBPCwJV.exe
  C:\Windows\System\bBPCwJV.exe
  2⤵
  PID:11008
- C:\Windows\System\RNeleCS.exe
  C:\Windows\System\RNeleCS.exe
  2⤵
  PID:11064
- C:\Windows\System\VKutYlp.exe
  C:\Windows\System\VKutYlp.exe
  2⤵
  PID:16376
- C:\Windows\System\CvtTuwL.exe
  C:\Windows\System\CvtTuwL.exe
  2⤵
  PID:15480
- C:\Windows\System\rPNhqcg.exe
  C:\Windows\System\rPNhqcg.exe
  2⤵
  PID:10480
- C:\Windows\System\tEofPQK.exe
  C:\Windows\System\tEofPQK.exe
  2⤵
  PID:11232
- C:\Windows\System\EsCSerj.exe
  C:\Windows\System\EsCSerj.exe
  2⤵
  PID:11260
- C:\Windows\System\nhsJAFS.exe
  C:\Windows\System\nhsJAFS.exe
  2⤵
  PID:9880
- C:\Windows\System\FTVonEC.exe
  C:\Windows\System\FTVonEC.exe
  2⤵
  PID:10668
- C:\Windows\System\TZRGbet.exe
  C:\Windows\System\TZRGbet.exe
  2⤵
  PID:10540
- C:\Windows\System\uxkoWyq.exe
  C:\Windows\System\uxkoWyq.exe
  2⤵
  PID:1816
- C:\Windows\System\rDaYFQa.exe
  C:\Windows\System\rDaYFQa.exe
  2⤵
  PID:10712
- C:\Windows\System\QOFzJPc.exe
  C:\Windows\System\QOFzJPc.exe
  2⤵
  PID:16044
- C:\Windows\System\aDFtWWU.exe
  C:\Windows\System\aDFtWWU.exe
  2⤵
  PID:10920
- C:\Windows\System\rnxryvS.exe
  C:\Windows\System\rnxryvS.exe
  2⤵
  PID:10952
- C:\Windows\System\jNGHcNi.exe
  C:\Windows\System\jNGHcNi.exe
  2⤵
  PID:11044
- C:\Windows\System\TtvllTe.exe
  C:\Windows\System\TtvllTe.exe
  2⤵
  PID:11092
- C:\Windows\System\DMyafBO.exe
  C:\Windows\System\DMyafBO.exe
  2⤵
  PID:4128
- C:\Windows\System\OGCPkOs.exe
  C:\Windows\System\OGCPkOs.exe
  2⤵
  PID:15512
- C:\Windows\System\YbTrQnY.exe
  C:\Windows\System\YbTrQnY.exe
  2⤵
  PID:10560
- C:\Windows\System\WnFRtAb.exe
  C:\Windows\System\WnFRtAb.exe
  2⤵
  PID:10584
- C:\Windows\System\eSamECl.exe
  C:\Windows\System\eSamECl.exe
  2⤵
  PID:10404
- C:\Windows\System\wDgSgwc.exe
  C:\Windows\System\wDgSgwc.exe
  2⤵
  PID:3932
- C:\Windows\System\IJFugna.exe
  C:\Windows\System\IJFugna.exe
  2⤵
  PID:15932
- C:\Windows\System\AxPRRzu.exe
  C:\Windows\System\AxPRRzu.exe
  2⤵
  PID:10856
- C:\Windows\System\wsbDJVS.exe
  C:\Windows\System\wsbDJVS.exe
  2⤵
  PID:10924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CTpJujn.exe

Filesize
6.0MB

MD5
1726e68dbf7777b1bdcbaf05b72a7e46

SHA1
d3875631ea75b5a449fdc5608762de91de45a773

SHA256
33a39832a8fa8d801efb340f2e3062aa7cfad0060534594a04595a064e6982a8

SHA512
5cb8c38705a422dfb88be0d041f401b65f2da28196d74c25f5555ba2b325d8d0477943877b4fa76792dc1fce78c2cc72b719f67989f51626955f5ea8f7eab598

Download Submit
C:\Windows\System\GCkaqXB.exe

Filesize
6.0MB

MD5
2f6f5e8694036c142b612945b417d28f

SHA1
4e906e2cb8249f0e4eae5c08a1a8cc7b278e86c8

SHA256
b9ba20f6ae71b61e72f0586286eff26400105c0a2fcd9406c469441613b4e98d

SHA512
10650ec1e55f09020327fa5d486b65c019c4e3d9ae24ca3e1bb713ceb7f54c83e9ca2d379852aa28cac588442714a996aada2ff69aa523acd34c06e1b0df8f32

Download Submit
C:\Windows\System\GXfyjut.exe

Filesize
6.0MB

MD5
e9dff26fe9a51ad8a2b58509d4353b1b

SHA1
b497254183e78bbf1131a28f36ed30f19f2ddde2

SHA256
714ebb312b085e4a118684322c995fd338834d3212ed64ae04067e84bb445074

SHA512
a3e823307433c1006fc91b1949aafbb3cbb4297ae5e4e930667aed3f8e4d9ce15849b516f4bc4820a09d2729d6e78ce6cabfe46b7d61b03768c9902faece0797

Download Submit
C:\Windows\System\GwERirI.exe

Filesize
6.0MB

MD5
6699e08272cbf379bbf94fa67c590f4f

SHA1
0ad25dadb67c02d4b57c732b417f5f842ae0b3ae

SHA256
f454c98d3151fe6faedda2106c3a0951736af92eadaa7b40c46ce411fd2a1375

SHA512
6f527940fd3a1c6dc2236140b0347a58059477024a5ad94f5555a82430afa3a341f904103a0211c956131409777cdab1dfcc530974ad1ca3f97ae968eb97e3d5

Download Submit
C:\Windows\System\JQJtWfn.exe

Filesize
6.0MB

MD5
c905f6a3ca0066dccd3698a743a0fb38

SHA1
3f5aced10d80319452afa91c6410152d536b1c86

SHA256
ea0cb667ce2fe0230e9876f62c414f7d6d7f40fad8a91e4cc94919081d780ab1

SHA512
aeeaded724754f2596ef1069444760eccca1975f066f1ce32e2615f6c3b4205f3330be92c97540a68c836d3e4fecd5d14375b223d322196bdeee748fa0d657c7

Download Submit
C:\Windows\System\JjcciiZ.exe

Filesize
6.0MB

MD5
80bf36c1e1b114781fc904382dedb2cf

SHA1
af5c2b0531488a16bf1b243259b21e6c6e84fa8d

SHA256
5e4da8d437db10268e18b73ac10c8004fda785e757956349809acf7abf5a720c

SHA512
321849622ec113e1bc43e999fd12801efd9a5ad4b3b42af8c09d98a8af76d6abc0438bd77e9b05299241221b6bfc602206ef8a0f3055be0d616fde006ea3df1e

Download Submit
C:\Windows\System\NoIggKY.exe

Filesize
6.0MB

MD5
6c17a78170ba8f9877f1ae22800ec308

SHA1
42a71abe13bfa21328124a4d029f081187b2e7aa

SHA256
1b78c09d29417b6af9721112393b1bf5b3ebf43fca703ad5689afd8e9e471a1f

SHA512
d858da7ac94c3f0d9b4b94f66677ec8a5f808470753b95a9c2eec86b9c1726a94c6838285cb9cd7d863379247d1691b3d3dbd0dbc12d37d185b2547ca9b3d5cd

Download Submit
C:\Windows\System\Okmdwmk.exe

Filesize
6.0MB

MD5
49bd97bb53788f6b62882c64099b0b82

SHA1
d6ef981f0d9430414c895feec44d9c8aeeeb283a

SHA256
2bfc397380d1b94a105849b4a3e9a6f72187af0bbd3d59fd848167a4974832e7

SHA512
c352f08edf05316732b7e9754bfe14f0db86961914ca31bd9737bc8a129b8f781ee6332cfbda520295751dd447a955084cc13613f52d1e74567db523f8f5f188

Download Submit
C:\Windows\System\PKhIhfB.exe

Filesize
6.0MB

MD5
e28ef0c9a9b1d043e05bd738927311b4

SHA1
1e6e77315676f1b72b509fcf22aed61cdd1cc2ed

SHA256
c30c914c0157883f5274ab6e9ecf844d4830e3b593981d879ef9ebf71b277900

SHA512
334e43433c2dfebd9b22b430572ab69b2998b725b6df9cc88323aaa10c74f7f9f31b22b81d55081130dbecf6227ddfa6fd1a25bcedc2e0c35cab7e947c497b71

Download Submit
C:\Windows\System\PvFnsJA.exe

Filesize
6.0MB

MD5
31aadc2b6856e924cdc09154664175ed

SHA1
18faa611d5dbfb8521a29ac093b6e91968fddced

SHA256
07defd8c0ed9c96a0835cea4c9bb7fca8709026a830a58f81ddf4185f1f62597

SHA512
5c80b69d6855259c711dfa256101e53aa119d77f1808efd8287837be4e7a7f51357be4001b87459075fbbdcfd933a5a4b3415b25fa6721e97687497558bbe679

Download Submit
C:\Windows\System\PxfUVHE.exe

Filesize
6.0MB

MD5
dbc77de852a6457a55e53cf7e58a03d0

SHA1
9b3bca24dc522ad7389e2a1b86328d82a6746621

SHA256
90d7f05a21808d1c4b51addf1b2afcb044a959ff9971947b78e557e47fa36e37

SHA512
c60b4366a01acd4e57eef9bdd22d601e9b59094a5d44b67fc486cf767472a480dc390799768c9b984a0bd9b0961abb652afe4ca966618e5c84d7da3ce364fb8e

Download Submit
C:\Windows\System\QZKIcsO.exe

Filesize
6.0MB

MD5
bec255e784e427c98139256a15df67b5

SHA1
bbc18ae6f5381b75a34079ed15e036bce3b0582c

SHA256
f23f6e1ee77a0cc45c4356548a8a23f310ea8ee6840557c51ea4f875d3c31ff9

SHA512
c899a5f49b7022b981faf76990a66dd483a754d16ea3d6cb1517c057a1320a1378bd5aa3dface27b4b605c6e36f876ed0e4f82278c004faaa4ee3e97bb5b7096

Download Submit
C:\Windows\System\RRgonbA.exe

Filesize
6.0MB

MD5
cb08cea865887d49f6749920f74aa391

SHA1
eef9ebecfb14bf362439ac157410c85189099dd1

SHA256
9d9d5151062d921e27d7269aa78dd12bd8f6b5ea771f6706164a766fcdc5d951

SHA512
a39405f4b81c99790a4aa3548ffcdbe2470a7d1c176cb444ef66c268bead171c7fac7ff43c73ea8597faf448a89c783b389232c260ae8f36af3dfbfa2effaf87

Download Submit
C:\Windows\System\SgrJvtk.exe

Filesize
6.0MB

MD5
70079a97cb5ff312eed79200dd4ce266

SHA1
49915f2d21566441b31be22868d9d800e730ce97

SHA256
179390324033180c4b818d58ae99914f3145a49086dc5a7963b6119733b80644

SHA512
c61e370fbc524fccda293649583929696856a40549f3aab6c196dd7f41e14d4658394e057feb6e59bdea297fa80e45414cb4804115ad4ba34da1fc4c05a362dc

Download Submit
C:\Windows\System\SqRVpwT.exe

Filesize
6.0MB

MD5
5ac6750572cb30375bb35e3755637011

SHA1
921212b8f2a5aad224a3b8b8f07f9c62ddc7c7e4

SHA256
a1c23f2a8ebd13bd5acd4815c756730699e3b4f64c50f80b5ee2b6068b0d162b

SHA512
37c89ef81f9cb65f5beb3ea204e67d5b6eb708fac4c3be07cb666befbc211d5f817acd01162922b31e109675f7303290fa7623df4b468705062196ccddc3e065

Download Submit
C:\Windows\System\WaOmtVm.exe

Filesize
6.0MB

MD5
b0e8dcdc8c2f302a43d2897447c0532b

SHA1
b44a30914bde2dff93696d7f68d150e5a2d39af3

SHA256
b47c5eb93d4b9db4cc24e871ad582a93c409d9ad799c8e8032be459e8aeebd3a

SHA512
5947133342088fd2c6c63a8f6d3622e556e44c29e16607a4631491fdb5ca5ac916c0768ae2a65cd7a1801f4c020dadc225448abddf99623bb5f28a2e33d02318

Download Submit
C:\Windows\System\WbrMnlw.exe

Filesize
6.0MB

MD5
6e7865d4af051d8110806ea77c05e053

SHA1
03f11a730f7385a2f9153d422e7eb09778c543f6

SHA256
e3a78d985c7e7dadd64631180db9c7da591e3e8df32ac98c6c8ddf2fa67a8878

SHA512
94fbf32c7ea9cdb69e5560f0c6b0142b7b16662330f3b07f195ec947672c37e433b53a179dd539a0f0b159a83501c1b5b0f7cad465b9b99683350f2a7cd3bfad

Download Submit
C:\Windows\System\cZHlDOB.exe

Filesize
6.0MB

MD5
dde2826ab6ac85a46641bbe1435b9899

SHA1
159e65b87f1fde9143754eb040aaf5c78d3f7b96

SHA256
64f6d76f2e27a0e91394d46133a70817c9d5756f055b21d540284669345cb0eb

SHA512
cc8a5bb0e344819c86cae16aad774a1771f5fd7f9200af080c9ebb6fa1991b7f668d60faa85d5835bc566b9b8111eb71099b8773d618eab3ddb2c87cb7bf9138

Download Submit
C:\Windows\System\dMQgrqg.exe

Filesize
6.0MB

MD5
747896ca416c24022c8039d7eb79d37c

SHA1
05604fdf358fad2817c7d9489deb385786058d00

SHA256
04298aa0377f7d587123fbd71a5ecc931275148b93611a66e428e9216dd56b85

SHA512
b7e26fc184382a403f9a913769a872d7f92bc6f5830c5cfbe6c40bd9b4be02b661d7bb99887dfb6fa1a2ee0494ab2d80d66e568c5756975b7dfea48697766065

Download Submit
C:\Windows\System\fHDRXLa.exe

Filesize
6.0MB

MD5
1f841bfacebd33b581fa8d46f9f53015

SHA1
83bf8b9cd92407951c3fd5e5ba3006f11abde609

SHA256
42fb9e1a25f6b7ec93bddc5d57ff789391fc1e778af2c1d691681a681edad965

SHA512
ef5643ce99c399aa0d97b563c2876c9360692efccb4221e7ee915cec46bbf0c3b2ab0fc5d52ca6747b041dd0fd88ef8c20fdfb00640ea27dcc8e87dba3cf55c0

Download Submit
C:\Windows\System\fQguRhp.exe

Filesize
6.0MB

MD5
ccc648b203206c0df0469c1ddf60f21d

SHA1
6c1d70054ba3eb4e1c6bbd0f87292f4b69cc02ac

SHA256
adc68e8a58f4b7e9bc5f4f1f5b042625d5cb9bce404294b9e8e8eb884742ed8e

SHA512
1013a3e294b11064fcc6a146fc674c1c506b7d6b81749185d293c2979bb06f4031e2914009865d8271f8815d1eeb707249871f9601eb13ebdb2647d71928dff8

Download Submit
C:\Windows\System\gKZlfOS.exe

Filesize
6.0MB

MD5
43dd48e120e4466b516cc6b9fd6acd73

SHA1
b606e06552e06de80da06effdca89f6ed1fbb33d

SHA256
9cdeb095b7a01603cb22a92b0ec8bffcb79378bbb8cf3b8dd0fcdf7f76c20591

SHA512
95615fddc4fdc132c0c3f840a37dbee087cbdf91c0068b9856827fd26ffa8dbc9b41177713e80207ea823e18fbacde8e153fa075f8dff1df970219b14f6f9637

Download Submit
C:\Windows\System\iMKmZBS.exe

Filesize
6.0MB

MD5
9a409da18a7fe89603c8bb0969dd01f4

SHA1
9f76ddb6957ffbd3bee7640359583aa935ef3828

SHA256
d9a449058fc57c1d6605feb339e00917ba10a06d13ce3d6118667bac7bb73e10

SHA512
15ed6a34a3ff121a6b129f73572a093a9d86d40933b85c1350d158bd7da7a0f3271be19dfd559ec2a424bdbfd274a4793b7d6f6465edf4367d5c104a6d0ce890

Download Submit
C:\Windows\System\jgrTNkU.exe

Filesize
6.0MB

MD5
156d47d6f69e5f4b87d72ad52ec923f1

SHA1
2908853d4951941e0628c87c49b7b13a99a5dd52

SHA256
7f988448242c448f8fbb6006ff47a57f93512e622ea235e6b46762fdda4e4052

SHA512
3243a2f6c2f1a729048b0392e82c684f1e3adb795757fd553312d38a5fbc19166eed8fb941eae8f020b456d07db35ef9346b8b97b52e4bc3e3a0a5590ab3fd25

Download Submit
C:\Windows\System\lNAYjVZ.exe

Filesize
6.0MB

MD5
b63c29a8a7a6ac31d46927b6a64198b8

SHA1
f6762c064c32c7bfa2f6fbf152754deee3852753

SHA256
13a89a48ecb12e50a193b5e08f8a383c82ae2076f11f2e52ac1d7c00ee5f9b16

SHA512
4876537dfc3e5c64b74fe26d3cf926ca1218931fed06598f41a4893e01be43028aa7372979ffe07f73bed8d2b409e2d6f9717811d8e189a275f53e0979ca43ba

Download Submit
C:\Windows\System\lxchZdj.exe

Filesize
6.0MB

MD5
37539f25314b62cda14b408eba85d8f9

SHA1
7b64c30bdfd5e35417c99cf5d122f2bf47ed2c08

SHA256
5f4664588dc6d72668e9ab53bfd64bfb696a66d414fda200b042c8b5e5f8715d

SHA512
466f099f79db5b4664cf57db3cf9f9384f7a7b8405cbe003eb11a4f058926ba4bc6e4861020393ba01299a34e8f6064830704433aee36e0a37ab62107970c47e

Download Submit
C:\Windows\System\mZYAXoN.exe

Filesize
6.0MB

MD5
c29155c59a417a78e46602d0b09f88f5

SHA1
d0128cbee071ea67d9f3e692ef92d5ae7fd60100

SHA256
63291e53eb453317d8599ef7e07a0b19153454bab67896c9c3ca91ed771419c5

SHA512
efcab1cfc2fe7188a275fbfc1789c743cdcb2687c2a11b5f3ceddaa369d262bd1c4b7a5601fe53c6aca578dc0ccbb4c6fd50cba5ccdf6f79570bd2cf1874808a

Download Submit
C:\Windows\System\sDEINTM.exe

Filesize
6.0MB

MD5
e4e5b6af64d47a330e809f36b4702957

SHA1
26d2f8d7fac9e3b4347a45a68d7cd1a7aef12c22

SHA256
53bdfa0f263e6173e09b74460207acdb17f51105476472b1e15b597e0f076fd1

SHA512
0e7e799fd6e4495365f266f6161fd4d6372d6b5ad519176f424f22dabd3d43035a153d7b39123c65c0bff5eac7f068ef57dfd603f11d2fe4f1decf5c0237f6f5

Download Submit
C:\Windows\System\timBXVG.exe

Filesize
6.0MB

MD5
1da9e5090739c040e8dc87dcd1bd7bdc

SHA1
300488b8434d975b96d599120d2fd87e2f66c9e0

SHA256
e9b23fa5095574466c629dabeab2917b16cc7c7b2794234f970e1947de1d9f8e

SHA512
09c2e496063870b0b81eca6401ddde2c66b41bc56203e23195be60d382b7c7ab5693cc5c4b71713bbd75902955b5dc04e95b30f60ff600bfe99f1c735a1cc11b

Download Submit
C:\Windows\System\tnMysrC.exe

Filesize
6.0MB

MD5
c87ba2afb64b7dbd90387088fca20bcd

SHA1
58d359760c4e55db5020531bc706987a8bb20938

SHA256
274de491cba0ae87d370828f005ba956773c82bafa6781be1142bb066137a43f

SHA512
7b15906f562de6c95e59d61491c49fd037670a30a0c56381478bccc7c328ec886cd189e34415589b021d850cfda7a5b612066799182ceb95d493965124e5f377

Download Submit
C:\Windows\System\uGcHtVg.exe

Filesize
6.0MB

MD5
f1b307c5778db5225f7f3e1f38ba726a

SHA1
eacf06b22c26f3e8796d5c75173d7ceb679cfcb3

SHA256
62d577ed41200d528c66c361fc1da46911786d3b95ec6d4945747fc3db54f393

SHA512
03fa11a9077d4a291e258d21c36a104328102d2ca5ef812d244153c17dcf8b1966c7f540ccac998bfa2df8c56de24fb7d140c74192523ce54f6afd4b767b46a7

Download Submit
C:\Windows\System\vICUqOo.exe

Filesize
6.0MB

MD5
57f5873ae1ab896af389a764a8ba3b6f

SHA1
993af92b546bbb12f6ddf21fbd6a72df97c31bfa

SHA256
68804aa6c736fe45736cdd7feffeb28b1018cbcfa074fb63a8af6eb603d15fa8

SHA512
b23beba78dd0e151c987206a5038d8fc432283e7bc3e655d2f3f9df6167795c69d94d0f3d1b68e4ac8f9abffd38dfabbf2318b642a7a85abb1bf2fd0b3c2cfbf

Download Submit
C:\Windows\System\xxlCWdK.exe

Filesize
6.0MB

MD5
e80cd8b72582a9a9e321cdd96af70a40

SHA1
e074f510cc8b26191b594103bb5bdf4969e3f9ea

SHA256
279a2c374e3ff556b9004f379b8554e553f541c58c89e209d7a280dc59ee59c7

SHA512
40224925eee7ecd4c0d4a2aa60ba9063308ae81c10552b77bd86b7148391e2d700c99fbd6afd63bbf7d5e5e2253b1770b440cdb67fc75a7e34594b9998a5e15a

Download Submit
C:\Windows\System\yIFogQy.exe

Filesize
6.0MB

MD5
01ace663b8d1900fe4844f4d789f7c39

SHA1
eeb46b3f6c3ba0620f6901dfeff805d807c0fed3

SHA256
e76a80db5b690fdb9b4ec05c3b46b3fa3b3411c2ec0fd90d734d01785d9c3eaa

SHA512
f9e81aec19e82ddb219bab2b71b22adeed2b197d35acf9f54b9ad9e1654308ea079eeb91f521833881208bee609d76e7b316f2cc896e72d9dc59420803f7d783

Download Submit
memory/828-1201-0x00007FF6A6F80000-0x00007FF6A72D4000-memory.dmp

Filesize
3.3MB

Download
memory/828-7-0x00007FF6A6F80000-0x00007FF6A72D4000-memory.dmp

Filesize
3.3MB

Download
memory/828-92-0x00007FF6A6F80000-0x00007FF6A72D4000-memory.dmp

Filesize
3.3MB

Download
memory/1000-1240-0x00007FF724680000-0x00007FF7249D4000-memory.dmp

Filesize
3.3MB

Download
memory/1000-45-0x00007FF724680000-0x00007FF7249D4000-memory.dmp

Filesize
3.3MB

Download
memory/1000-193-0x00007FF724680000-0x00007FF7249D4000-memory.dmp

Filesize
3.3MB

Download
memory/1076-0-0x00007FF7D0740000-0x00007FF7D0A94000-memory.dmp

Filesize
3.3MB

Download
memory/1076-66-0x00007FF7D0740000-0x00007FF7D0A94000-memory.dmp

Filesize
3.3MB

Download
memory/1076-1-0x000001C817030000-0x000001C817040000-memory.dmp

Filesize
64KB

Download
memory/1316-89-0x00007FF6FC850000-0x00007FF6FCBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1316-1253-0x00007FF6FC850000-0x00007FF6FCBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1372-1270-0x00007FF722640000-0x00007FF722994000-memory.dmp

Filesize
3.3MB

Download
memory/1372-129-0x00007FF722640000-0x00007FF722994000-memory.dmp

Filesize
3.3MB

Download
memory/1428-80-0x00007FF6DD090000-0x00007FF6DD3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1428-291-0x00007FF6DD090000-0x00007FF6DD3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1428-1252-0x00007FF6DD090000-0x00007FF6DD3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1492-175-0x00007FF6B6940000-0x00007FF6B6C94000-memory.dmp

Filesize
3.3MB

Download
memory/1492-1937-0x00007FF6B6940000-0x00007FF6B6C94000-memory.dmp

Filesize
3.3MB

Download
memory/1500-1930-0x00007FF76B250000-0x00007FF76B5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1500-164-0x00007FF76B250000-0x00007FF76B5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1512-192-0x00007FF745E50000-0x00007FF7461A4000-memory.dmp

Filesize
3.3MB

Download
memory/1512-1935-0x00007FF745E50000-0x00007FF7461A4000-memory.dmp

Filesize
3.3MB

Download
memory/1512-614-0x00007FF745E50000-0x00007FF7461A4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-167-0x00007FF787FC0000-0x00007FF788314000-memory.dmp

Filesize
3.3MB

Download
memory/1648-31-0x00007FF787FC0000-0x00007FF788314000-memory.dmp

Filesize
3.3MB

Download
memory/1648-1229-0x00007FF787FC0000-0x00007FF788314000-memory.dmp

Filesize
3.3MB

Download
memory/1788-143-0x00007FF77A3C0000-0x00007FF77A714000-memory.dmp

Filesize
3.3MB

Download
memory/1788-1276-0x00007FF77A3C0000-0x00007FF77A714000-memory.dmp

Filesize
3.3MB

Download
memory/1928-130-0x00007FF6B6110000-0x00007FF6B6464000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1268-0x00007FF6B6110000-0x00007FF6B6464000-memory.dmp

Filesize
3.3MB

Download
memory/2084-138-0x00007FF7C77D0000-0x00007FF7C7B24000-memory.dmp

Filesize
3.3MB

Download
memory/2084-1269-0x00007FF7C77D0000-0x00007FF7C7B24000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1936-0x00007FF7543C0000-0x00007FF754714000-memory.dmp

Filesize
3.3MB

Download
memory/2348-180-0x00007FF7543C0000-0x00007FF754714000-memory.dmp

Filesize
3.3MB

Download
memory/2664-36-0x00007FF679870000-0x00007FF679BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-1239-0x00007FF679870000-0x00007FF679BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-178-0x00007FF679870000-0x00007FF679BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-1272-0x00007FF644DF0000-0x00007FF645144000-memory.dmp

Filesize
3.3MB

Download
memory/2840-140-0x00007FF644DF0000-0x00007FF645144000-memory.dmp

Filesize
3.3MB

Download
memory/2888-49-0x00007FF6C5510000-0x00007FF6C5864000-memory.dmp

Filesize
3.3MB

Download
memory/2888-1245-0x00007FF6C5510000-0x00007FF6C5864000-memory.dmp

Filesize
3.3MB

Download
memory/2888-255-0x00007FF6C5510000-0x00007FF6C5864000-memory.dmp

Filesize
3.3MB

Download
memory/2972-124-0x00007FF6A6950000-0x00007FF6A6CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-1261-0x00007FF6A6950000-0x00007FF6A6CA4000-memory.dmp

Filesize
3.3MB

Download
memory/3188-327-0x00007FF63C770000-0x00007FF63CAC4000-memory.dmp

Filesize
3.3MB

Download
memory/3188-1259-0x00007FF63C770000-0x00007FF63CAC4000-memory.dmp

Filesize
3.3MB

Download
memory/3188-71-0x00007FF63C770000-0x00007FF63CAC4000-memory.dmp

Filesize
3.3MB

Download
memory/3280-139-0x00007FF683BD0000-0x00007FF683F24000-memory.dmp

Filesize
3.3MB

Download
memory/3280-1271-0x00007FF683BD0000-0x00007FF683F24000-memory.dmp

Filesize
3.3MB

Download
memory/3308-1931-0x00007FF61CC30000-0x00007FF61CF84000-memory.dmp

Filesize
3.3MB

Download
memory/3308-168-0x00007FF61CC30000-0x00007FF61CF84000-memory.dmp

Filesize
3.3MB

Download
memory/3340-82-0x00007FF6C6F00000-0x00007FF6C7254000-memory.dmp

Filesize
3.3MB

Download
memory/3340-292-0x00007FF6C6F00000-0x00007FF6C7254000-memory.dmp

Filesize
3.3MB

Download
memory/3340-1258-0x00007FF6C6F00000-0x00007FF6C7254000-memory.dmp

Filesize
3.3MB

Download
memory/3516-58-0x00007FF7AF5A0000-0x00007FF7AF8F4000-memory.dmp

Filesize
3.3MB

Download
memory/3516-1254-0x00007FF7AF5A0000-0x00007FF7AF8F4000-memory.dmp

Filesize
3.3MB

Download
memory/3516-290-0x00007FF7AF5A0000-0x00007FF7AF8F4000-memory.dmp

Filesize
3.3MB

Download
memory/3596-1216-0x00007FF7EE310000-0x00007FF7EE664000-memory.dmp

Filesize
3.3MB

Download
memory/3596-147-0x00007FF7EE310000-0x00007FF7EE664000-memory.dmp

Filesize
3.3MB

Download
memory/3596-18-0x00007FF7EE310000-0x00007FF7EE664000-memory.dmp

Filesize
3.3MB

Download
memory/3644-142-0x00007FF6896E0000-0x00007FF689A34000-memory.dmp

Filesize
3.3MB

Download
memory/3644-1212-0x00007FF6896E0000-0x00007FF689A34000-memory.dmp

Filesize
3.3MB

Download
memory/3644-12-0x00007FF6896E0000-0x00007FF689A34000-memory.dmp

Filesize
3.3MB

Download
memory/3936-1219-0x00007FF6A7770000-0x00007FF6A7AC4000-memory.dmp

Filesize
3.3MB

Download
memory/3936-26-0x00007FF6A7770000-0x00007FF6A7AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-94-0x00007FF7D9B80000-0x00007FF7D9ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-1251-0x00007FF7D9B80000-0x00007FF7D9ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4600-1264-0x00007FF6F18B0000-0x00007FF6F1C04000-memory.dmp

Filesize
3.3MB

Download
memory/4600-133-0x00007FF6F18B0000-0x00007FF6F1C04000-memory.dmp

Filesize
3.3MB

Download
memory/4716-1273-0x00007FF739AC0000-0x00007FF739E14000-memory.dmp

Filesize
3.3MB

Download
memory/4716-141-0x00007FF739AC0000-0x00007FF739E14000-memory.dmp

Filesize
3.3MB

Download
memory/4976-1926-0x00007FF7A7BD0000-0x00007FF7A7F24000-memory.dmp

Filesize
3.3MB

Download
memory/4976-154-0x00007FF7A7BD0000-0x00007FF7A7F24000-memory.dmp

Filesize
3.3MB

Download
memory/4976-453-0x00007FF7A7BD0000-0x00007FF7A7F24000-memory.dmp

Filesize
3.3MB

Download