cobaltstrike | 2e188ef5aabadad0b3039747782eeb75c19ff35f400a033ab3c4477b5434a84f

Analysis

max time kernel
123s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 13:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e065074755f5772d8cd5e340b83cf684
SHA1

f0731d79cfcf5b81e5db7579d46f0ec8aef906a4
SHA256

2e188ef5aabadad0b3039747782eeb75c19ff35f400a033ab3c4477b5434a84f
SHA512

125b3ee76063275566f495e7783e6a9d70e812bb823f27b02310768e23b39c62ff644a6ef7f921f2181de7ef4ae044bd5fd4ecaa09618f21be59f377e21ba2f8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUD:T+q56utgpPF8u/7D

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral2/files/0x0008000000023c9a-6.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9f-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9e-13.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca0-24.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca1-31.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca2-38.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca3-42.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-43.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca5-51.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caa-95.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cab-93.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c9b-89.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca9-86.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca7-74.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca8-73.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca6-62.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cac-102.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-108.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb4-141.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb5-147.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb6-151.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb7-158.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb9-169.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cba-177.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbc-204.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbb-192.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb8-186.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-154.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb2-145.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-139.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-137.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-119.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4272-0-0x00007FF797FE0000-0x00007FF798334000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c9a-6.dat	xmrig
behavioral2/files/0x0007000000023c9f-10.dat	xmrig
behavioral2/files/0x0007000000023c9e-13.dat	xmrig
behavioral2/memory/1828-12-0x00007FF7BB770000-0x00007FF7BBAC4000-memory.dmp	xmrig
behavioral2/memory/2920-7-0x00007FF6C3170000-0x00007FF6C34C4000-memory.dmp	xmrig
behavioral2/memory/1968-20-0x00007FF62FA50000-0x00007FF62FDA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca0-24.dat	xmrig
behavioral2/memory/3608-25-0x00007FF68BDE0000-0x00007FF68C134000-memory.dmp	xmrig
behavioral2/memory/3900-30-0x00007FF6967C0000-0x00007FF696B14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca1-31.dat	xmrig
behavioral2/files/0x0007000000023ca2-38.dat	xmrig
behavioral2/files/0x0007000000023ca3-42.dat	xmrig
behavioral2/files/0x0007000000023ca4-43.dat	xmrig
behavioral2/files/0x0007000000023ca5-51.dat	xmrig
behavioral2/memory/1076-61-0x00007FF613A80000-0x00007FF613DD4000-memory.dmp	xmrig
behavioral2/memory/3488-67-0x00007FF79FCD0000-0x00007FF7A0024000-memory.dmp	xmrig
behavioral2/memory/544-72-0x00007FF66BA80000-0x00007FF66BDD4000-memory.dmp	xmrig
behavioral2/memory/2828-77-0x00007FF7B4EB0000-0x00007FF7B5204000-memory.dmp	xmrig
behavioral2/memory/4552-88-0x00007FF713140000-0x00007FF713494000-memory.dmp	xmrig
behavioral2/files/0x0007000000023caa-95.dat	xmrig
behavioral2/memory/220-97-0x00007FF75FAD0000-0x00007FF75FE24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cab-93.dat	xmrig
behavioral2/memory/3016-92-0x00007FF6378E0000-0x00007FF637C34000-memory.dmp	xmrig
behavioral2/memory/4444-91-0x00007FF7FB280000-0x00007FF7FB5D4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c9b-89.dat	xmrig
behavioral2/files/0x0007000000023ca9-86.dat	xmrig
behavioral2/memory/5048-82-0x00007FF743D20000-0x00007FF744074000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca7-74.dat	xmrig
behavioral2/files/0x0007000000023ca8-73.dat	xmrig
behavioral2/files/0x0007000000023ca6-62.dat	xmrig
behavioral2/memory/4796-59-0x00007FF69F0F0000-0x00007FF69F444000-memory.dmp	xmrig
behavioral2/memory/4060-44-0x00007FF743A80000-0x00007FF743DD4000-memory.dmp	xmrig
behavioral2/memory/4272-99-0x00007FF797FE0000-0x00007FF798334000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cac-102.dat	xmrig
behavioral2/files/0x0007000000023cae-108.dat	xmrig
behavioral2/memory/1828-113-0x00007FF7BB770000-0x00007FF7BBAC4000-memory.dmp	xmrig
behavioral2/memory/1156-127-0x00007FF739B80000-0x00007FF739ED4000-memory.dmp	xmrig
behavioral2/memory/3608-131-0x00007FF68BDE0000-0x00007FF68C134000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb4-141.dat	xmrig
behavioral2/files/0x0007000000023cb5-147.dat	xmrig
behavioral2/files/0x0007000000023cb6-151.dat	xmrig
behavioral2/files/0x0007000000023cb7-158.dat	xmrig
behavioral2/files/0x0007000000023cb9-169.dat	xmrig
behavioral2/files/0x0007000000023cba-177.dat	xmrig
behavioral2/memory/4812-188-0x00007FF675810000-0x00007FF675B64000-memory.dmp	xmrig
behavioral2/memory/1076-195-0x00007FF613A80000-0x00007FF613DD4000-memory.dmp	xmrig
behavioral2/memory/5048-214-0x00007FF743D20000-0x00007FF744074000-memory.dmp	xmrig
behavioral2/memory/3016-398-0x00007FF6378E0000-0x00007FF637C34000-memory.dmp	xmrig
behavioral2/memory/2596-213-0x00007FF7F4E00000-0x00007FF7F5154000-memory.dmp	xmrig
behavioral2/memory/2828-210-0x00007FF7B4EB0000-0x00007FF7B5204000-memory.dmp	xmrig
behavioral2/memory/4404-206-0x00007FF6B3F90000-0x00007FF6B42E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbc-204.dat	xmrig
behavioral2/memory/3076-194-0x00007FF771990000-0x00007FF771CE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbb-192.dat	xmrig
behavioral2/files/0x0007000000023cb8-186.dat	xmrig
behavioral2/memory/1656-182-0x00007FF68C850000-0x00007FF68CBA4000-memory.dmp	xmrig
behavioral2/memory/1728-176-0x00007FF6D77D0000-0x00007FF6D7B24000-memory.dmp	xmrig
behavioral2/memory/2392-168-0x00007FF610BD0000-0x00007FF610F24000-memory.dmp	xmrig
behavioral2/memory/4796-167-0x00007FF69F0F0000-0x00007FF69F444000-memory.dmp	xmrig
behavioral2/memory/4060-162-0x00007FF743A80000-0x00007FF743DD4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb3-154.dat	xmrig
behavioral2/memory/3900-150-0x00007FF6967C0000-0x00007FF696B14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb2-145.dat	xmrig

Executes dropped EXE 64 IoCs

Processes:

cPMGbwx.exedxYINES.exeEjJLBDt.exeMoVfzNd.exepgyRvkc.exejwgDNTL.exeqMopHiT.exeOoLsoUI.exeAUTijSu.exeEoiVhkO.exeXkXNNHa.exeWIsVQGq.exehUBRBcc.exedodQKoT.exepTDmBKv.exefrDEOpQ.exeISilPZN.exesPZIkzW.exeCovHOOv.exeIHvSEYX.exeHfYioxg.exeyKnUznd.exefyrAmzn.exelJCUURM.exetcxLWDc.exeqhEYNWv.exezoAtcDo.exeqdYdFoT.exevndaJHD.exeulmnjrQ.exepzSoAlw.exeRbJASTo.exeRyiZldz.exeFapViMJ.exeIWbZFXC.exeYdHtKCg.execpXVBVt.exeKLcsePa.exeWFovcuF.exehBYgCLU.exehlpMlRz.exeYJXgdOo.exekuiaEng.exetCEPajJ.exeOHyTufH.exeqgueoFq.exerAElQBy.exeNPFLcZq.exeUnxqLuW.exeXCuZNAc.exernjItgJ.exeGXGrHQn.exeWCnCJGr.exeqmDGvyQ.exeexpVlWv.exefwHBMlU.exejxXaivd.exelUJLAPu.exeBXLreSO.exeKjZiZBa.exesYhNTLC.exeGzRQrry.exestCdbeb.exeThrIfnL.exe

pid	Process
2920	cPMGbwx.exe
1828	dxYINES.exe
1968	EjJLBDt.exe
3608	MoVfzNd.exe
3900	pgyRvkc.exe
4060	jwgDNTL.exe
3488	qMopHiT.exe
4796	OoLsoUI.exe
544	AUTijSu.exe
1076	EoiVhkO.exe
4552	XkXNNHa.exe
2828	WIsVQGq.exe
4444	hUBRBcc.exe
5048	dodQKoT.exe
220	pTDmBKv.exe
3016	frDEOpQ.exe
3936	ISilPZN.exe
5076	sPZIkzW.exe
3556	CovHOOv.exe
2476	IHvSEYX.exe
1156	HfYioxg.exe
8	yKnUznd.exe
1728	fyrAmzn.exe
2392	lJCUURM.exe
1656	tcxLWDc.exe
4812	qhEYNWv.exe
3076	zoAtcDo.exe
4404	qdYdFoT.exe
2596	vndaJHD.exe
1964	ulmnjrQ.exe
4944	pzSoAlw.exe
4508	RbJASTo.exe
3524	RyiZldz.exe
4608	FapViMJ.exe
876	IWbZFXC.exe
2640	YdHtKCg.exe
2868	cpXVBVt.exe
4228	KLcsePa.exe
2460	WFovcuF.exe
2964	hBYgCLU.exe
3472	hlpMlRz.exe
2848	YJXgdOo.exe
1908	kuiaEng.exe
2172	tCEPajJ.exe
3108	OHyTufH.exe
2536	qgueoFq.exe
2324	rAElQBy.exe
1944	NPFLcZq.exe
948	UnxqLuW.exe
3116	XCuZNAc.exe
2904	rnjItgJ.exe
4340	GXGrHQn.exe
4312	WCnCJGr.exe
1956	qmDGvyQ.exe
3460	expVlWv.exe
1632	fwHBMlU.exe
2180	jxXaivd.exe
4148	lUJLAPu.exe
1056	BXLreSO.exe
4948	KjZiZBa.exe
4292	sYhNTLC.exe
3516	GzRQrry.exe
4668	stCdbeb.exe
3504	ThrIfnL.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4272-0-0x00007FF797FE0000-0x00007FF798334000-memory.dmp	upx
behavioral2/files/0x0008000000023c9a-6.dat	upx
behavioral2/files/0x0007000000023c9f-10.dat	upx
behavioral2/files/0x0007000000023c9e-13.dat	upx
behavioral2/memory/1828-12-0x00007FF7BB770000-0x00007FF7BBAC4000-memory.dmp	upx
behavioral2/memory/2920-7-0x00007FF6C3170000-0x00007FF6C34C4000-memory.dmp	upx
behavioral2/memory/1968-20-0x00007FF62FA50000-0x00007FF62FDA4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca0-24.dat	upx
behavioral2/memory/3608-25-0x00007FF68BDE0000-0x00007FF68C134000-memory.dmp	upx
behavioral2/memory/3900-30-0x00007FF6967C0000-0x00007FF696B14000-memory.dmp	upx
behavioral2/files/0x0007000000023ca1-31.dat	upx
behavioral2/files/0x0007000000023ca2-38.dat	upx
behavioral2/files/0x0007000000023ca3-42.dat	upx
behavioral2/files/0x0007000000023ca4-43.dat	upx
behavioral2/files/0x0007000000023ca5-51.dat	upx
behavioral2/memory/1076-61-0x00007FF613A80000-0x00007FF613DD4000-memory.dmp	upx
behavioral2/memory/3488-67-0x00007FF79FCD0000-0x00007FF7A0024000-memory.dmp	upx
behavioral2/memory/544-72-0x00007FF66BA80000-0x00007FF66BDD4000-memory.dmp	upx
behavioral2/memory/2828-77-0x00007FF7B4EB0000-0x00007FF7B5204000-memory.dmp	upx
behavioral2/memory/4552-88-0x00007FF713140000-0x00007FF713494000-memory.dmp	upx
behavioral2/files/0x0007000000023caa-95.dat	upx
behavioral2/memory/220-97-0x00007FF75FAD0000-0x00007FF75FE24000-memory.dmp	upx
behavioral2/files/0x0007000000023cab-93.dat	upx
behavioral2/memory/3016-92-0x00007FF6378E0000-0x00007FF637C34000-memory.dmp	upx
behavioral2/memory/4444-91-0x00007FF7FB280000-0x00007FF7FB5D4000-memory.dmp	upx
behavioral2/files/0x0008000000023c9b-89.dat	upx
behavioral2/files/0x0007000000023ca9-86.dat	upx
behavioral2/memory/5048-82-0x00007FF743D20000-0x00007FF744074000-memory.dmp	upx
behavioral2/files/0x0007000000023ca7-74.dat	upx
behavioral2/files/0x0007000000023ca8-73.dat	upx
behavioral2/files/0x0007000000023ca6-62.dat	upx
behavioral2/memory/4796-59-0x00007FF69F0F0000-0x00007FF69F444000-memory.dmp	upx
behavioral2/memory/4060-44-0x00007FF743A80000-0x00007FF743DD4000-memory.dmp	upx
behavioral2/memory/4272-99-0x00007FF797FE0000-0x00007FF798334000-memory.dmp	upx
behavioral2/files/0x0007000000023cac-102.dat	upx
behavioral2/files/0x0007000000023cae-108.dat	upx
behavioral2/memory/1828-113-0x00007FF7BB770000-0x00007FF7BBAC4000-memory.dmp	upx
behavioral2/memory/1156-127-0x00007FF739B80000-0x00007FF739ED4000-memory.dmp	upx
behavioral2/memory/3608-131-0x00007FF68BDE0000-0x00007FF68C134000-memory.dmp	upx
behavioral2/files/0x0007000000023cb4-141.dat	upx
behavioral2/files/0x0007000000023cb5-147.dat	upx
behavioral2/files/0x0007000000023cb6-151.dat	upx
behavioral2/files/0x0007000000023cb7-158.dat	upx
behavioral2/files/0x0007000000023cb9-169.dat	upx
behavioral2/files/0x0007000000023cba-177.dat	upx
behavioral2/memory/4812-188-0x00007FF675810000-0x00007FF675B64000-memory.dmp	upx
behavioral2/memory/1076-195-0x00007FF613A80000-0x00007FF613DD4000-memory.dmp	upx
behavioral2/memory/5048-214-0x00007FF743D20000-0x00007FF744074000-memory.dmp	upx
behavioral2/memory/3016-398-0x00007FF6378E0000-0x00007FF637C34000-memory.dmp	upx
behavioral2/memory/2596-213-0x00007FF7F4E00000-0x00007FF7F5154000-memory.dmp	upx
behavioral2/memory/2828-210-0x00007FF7B4EB0000-0x00007FF7B5204000-memory.dmp	upx
behavioral2/memory/4404-206-0x00007FF6B3F90000-0x00007FF6B42E4000-memory.dmp	upx
behavioral2/files/0x0007000000023cbc-204.dat	upx
behavioral2/memory/3076-194-0x00007FF771990000-0x00007FF771CE4000-memory.dmp	upx
behavioral2/files/0x0007000000023cbb-192.dat	upx
behavioral2/files/0x0007000000023cb8-186.dat	upx
behavioral2/memory/1656-182-0x00007FF68C850000-0x00007FF68CBA4000-memory.dmp	upx
behavioral2/memory/1728-176-0x00007FF6D77D0000-0x00007FF6D7B24000-memory.dmp	upx
behavioral2/memory/2392-168-0x00007FF610BD0000-0x00007FF610F24000-memory.dmp	upx
behavioral2/memory/4796-167-0x00007FF69F0F0000-0x00007FF69F444000-memory.dmp	upx
behavioral2/memory/4060-162-0x00007FF743A80000-0x00007FF743DD4000-memory.dmp	upx
behavioral2/files/0x0007000000023cb3-154.dat	upx
behavioral2/memory/3900-150-0x00007FF6967C0000-0x00007FF696B14000-memory.dmp	upx
behavioral2/files/0x0007000000023cb2-145.dat	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\rNWrzoq.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOuFicj.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ThoFUOk.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awculsM.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vUkxGTQ.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sHfeSID.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTIVrZJ.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjZiZBa.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tfmhePX.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXLreSO.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxIIByU.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qevGjvS.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIebMeG.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TivKBck.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bLiZiVI.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qgueoFq.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pkadNtd.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcHrYlH.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vANOxMA.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylZgNEZ.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TiLcJhl.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCoUvFU.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DoLJLgT.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ECMSayP.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDdMrfC.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDnGpkL.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTeUkzi.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MmKtVQJ.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NJkUzqf.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CcaxiPq.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yREXnKr.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EAfKGmm.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbeACtG.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vhpDuPY.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqYTduF.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zuORfEw.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCmAeUm.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MnjFEzO.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LiFzzZn.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZWxRsop.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTDmBKv.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HJIgcLu.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCKByuN.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QacJCih.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGJdvsj.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUxcCLF.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjJLBDt.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LaTnlLE.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNeylaT.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\giWQPTN.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNuTBKF.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OecPjII.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VcVZgbT.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQRXZfe.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDTAICf.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQCMfjp.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DinybEE.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPVpnlV.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zoAtcDo.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYPBYbC.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZiCIHkK.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JlfGXEJ.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rehyXsP.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzgYELi.exe	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 4272 wrote to memory of 2920	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 4272 wrote to memory of 2920	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 4272 wrote to memory of 1828	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4272 wrote to memory of 1828	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4272 wrote to memory of 1968	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4272 wrote to memory of 1968	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4272 wrote to memory of 3608	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4272 wrote to memory of 3608	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4272 wrote to memory of 3900	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4272 wrote to memory of 3900	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4272 wrote to memory of 4060	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4272 wrote to memory of 4060	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4272 wrote to memory of 3488	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4272 wrote to memory of 3488	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4272 wrote to memory of 4796	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4272 wrote to memory of 4796	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4272 wrote to memory of 544	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4272 wrote to memory of 544	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4272 wrote to memory of 1076	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4272 wrote to memory of 1076	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4272 wrote to memory of 2828	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4272 wrote to memory of 2828	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4272 wrote to memory of 4552	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4272 wrote to memory of 4552	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4272 wrote to memory of 4444	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4272 wrote to memory of 4444	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4272 wrote to memory of 5048	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4272 wrote to memory of 5048	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4272 wrote to memory of 220	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4272 wrote to memory of 220	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4272 wrote to memory of 3016	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4272 wrote to memory of 3016	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4272 wrote to memory of 3936	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4272 wrote to memory of 3936	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4272 wrote to memory of 5076	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4272 wrote to memory of 5076	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4272 wrote to memory of 3556	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4272 wrote to memory of 3556	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4272 wrote to memory of 2476	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4272 wrote to memory of 2476	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4272 wrote to memory of 1156	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4272 wrote to memory of 1156	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4272 wrote to memory of 8	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4272 wrote to memory of 8	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4272 wrote to memory of 1728	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4272 wrote to memory of 1728	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4272 wrote to memory of 2392	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4272 wrote to memory of 2392	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4272 wrote to memory of 1656	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4272 wrote to memory of 1656	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4272 wrote to memory of 4812	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4272 wrote to memory of 4812	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4272 wrote to memory of 3076	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4272 wrote to memory of 3076	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4272 wrote to memory of 4404	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4272 wrote to memory of 4404	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4272 wrote to memory of 2596	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4272 wrote to memory of 2596	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4272 wrote to memory of 1964	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4272 wrote to memory of 1964	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4272 wrote to memory of 4944	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4272 wrote to memory of 4944	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4272 wrote to memory of 4508	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4272 wrote to memory of 4508	4272	2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_e065074755f5772d8cd5e340b83cf684_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Windows\System\cPMGbwx.exe
  C:\Windows\System\cPMGbwx.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\dxYINES.exe
  C:\Windows\System\dxYINES.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\EjJLBDt.exe
  C:\Windows\System\EjJLBDt.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\MoVfzNd.exe
  C:\Windows\System\MoVfzNd.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\pgyRvkc.exe
  C:\Windows\System\pgyRvkc.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\jwgDNTL.exe
  C:\Windows\System\jwgDNTL.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\qMopHiT.exe
  C:\Windows\System\qMopHiT.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\OoLsoUI.exe
  C:\Windows\System\OoLsoUI.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\AUTijSu.exe
  C:\Windows\System\AUTijSu.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\EoiVhkO.exe
  C:\Windows\System\EoiVhkO.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\WIsVQGq.exe
  C:\Windows\System\WIsVQGq.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\XkXNNHa.exe
  C:\Windows\System\XkXNNHa.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\hUBRBcc.exe
  C:\Windows\System\hUBRBcc.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\dodQKoT.exe
  C:\Windows\System\dodQKoT.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\pTDmBKv.exe
  C:\Windows\System\pTDmBKv.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\frDEOpQ.exe
  C:\Windows\System\frDEOpQ.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\ISilPZN.exe
  C:\Windows\System\ISilPZN.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\sPZIkzW.exe
  C:\Windows\System\sPZIkzW.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\CovHOOv.exe
  C:\Windows\System\CovHOOv.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\IHvSEYX.exe
  C:\Windows\System\IHvSEYX.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\HfYioxg.exe
  C:\Windows\System\HfYioxg.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\yKnUznd.exe
  C:\Windows\System\yKnUznd.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\fyrAmzn.exe
  C:\Windows\System\fyrAmzn.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\lJCUURM.exe
  C:\Windows\System\lJCUURM.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\tcxLWDc.exe
  C:\Windows\System\tcxLWDc.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\qhEYNWv.exe
  C:\Windows\System\qhEYNWv.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\zoAtcDo.exe
  C:\Windows\System\zoAtcDo.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\qdYdFoT.exe
  C:\Windows\System\qdYdFoT.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\vndaJHD.exe
  C:\Windows\System\vndaJHD.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\ulmnjrQ.exe
  C:\Windows\System\ulmnjrQ.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\pzSoAlw.exe
  C:\Windows\System\pzSoAlw.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\RbJASTo.exe
  C:\Windows\System\RbJASTo.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\IWbZFXC.exe
  C:\Windows\System\IWbZFXC.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\RyiZldz.exe
  C:\Windows\System\RyiZldz.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\FapViMJ.exe
  C:\Windows\System\FapViMJ.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\YdHtKCg.exe
  C:\Windows\System\YdHtKCg.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\cpXVBVt.exe
  C:\Windows\System\cpXVBVt.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\KLcsePa.exe
  C:\Windows\System\KLcsePa.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\WFovcuF.exe
  C:\Windows\System\WFovcuF.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\hBYgCLU.exe
  C:\Windows\System\hBYgCLU.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\hlpMlRz.exe
  C:\Windows\System\hlpMlRz.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\YJXgdOo.exe
  C:\Windows\System\YJXgdOo.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\kuiaEng.exe
  C:\Windows\System\kuiaEng.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\tCEPajJ.exe
  C:\Windows\System\tCEPajJ.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\OHyTufH.exe
  C:\Windows\System\OHyTufH.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\qgueoFq.exe
  C:\Windows\System\qgueoFq.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\rAElQBy.exe
  C:\Windows\System\rAElQBy.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\NPFLcZq.exe
  C:\Windows\System\NPFLcZq.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\UnxqLuW.exe
  C:\Windows\System\UnxqLuW.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\XCuZNAc.exe
  C:\Windows\System\XCuZNAc.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\rnjItgJ.exe
  C:\Windows\System\rnjItgJ.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\GXGrHQn.exe
  C:\Windows\System\GXGrHQn.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\WCnCJGr.exe
  C:\Windows\System\WCnCJGr.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\qmDGvyQ.exe
  C:\Windows\System\qmDGvyQ.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\expVlWv.exe
  C:\Windows\System\expVlWv.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\fwHBMlU.exe
  C:\Windows\System\fwHBMlU.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\jxXaivd.exe
  C:\Windows\System\jxXaivd.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\lUJLAPu.exe
  C:\Windows\System\lUJLAPu.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\BXLreSO.exe
  C:\Windows\System\BXLreSO.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\KjZiZBa.exe
  C:\Windows\System\KjZiZBa.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\sYhNTLC.exe
  C:\Windows\System\sYhNTLC.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\GzRQrry.exe
  C:\Windows\System\GzRQrry.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\stCdbeb.exe
  C:\Windows\System\stCdbeb.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\ThrIfnL.exe
  C:\Windows\System\ThrIfnL.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\eKuZhQk.exe
  C:\Windows\System\eKuZhQk.exe
  2⤵
  PID:3104
- C:\Windows\System\UZIdUrG.exe
  C:\Windows\System\UZIdUrG.exe
  2⤵
  PID:2700
- C:\Windows\System\RbZLHyf.exe
  C:\Windows\System\RbZLHyf.exe
  2⤵
  PID:1840
- C:\Windows\System\LPdzUGF.exe
  C:\Windows\System\LPdzUGF.exe
  2⤵
  PID:2968
- C:\Windows\System\VUEIZCu.exe
  C:\Windows\System\VUEIZCu.exe
  2⤵
  PID:4000
- C:\Windows\System\MaVYWqt.exe
  C:\Windows\System\MaVYWqt.exe
  2⤵
  PID:3124
- C:\Windows\System\HqrVQcT.exe
  C:\Windows\System\HqrVQcT.exe
  2⤵
  PID:2924
- C:\Windows\System\eKYUtuT.exe
  C:\Windows\System\eKYUtuT.exe
  2⤵
  PID:1460
- C:\Windows\System\RHYwGMd.exe
  C:\Windows\System\RHYwGMd.exe
  2⤵
  PID:1648
- C:\Windows\System\LmtPTSZ.exe
  C:\Windows\System\LmtPTSZ.exe
  2⤵
  PID:1208
- C:\Windows\System\htFaqLV.exe
  C:\Windows\System\htFaqLV.exe
  2⤵
  PID:4616
- C:\Windows\System\yrAbYsb.exe
  C:\Windows\System\yrAbYsb.exe
  2⤵
  PID:4936
- C:\Windows\System\GgzwTcf.exe
  C:\Windows\System\GgzwTcf.exe
  2⤵
  PID:1380
- C:\Windows\System\TNMevxj.exe
  C:\Windows\System\TNMevxj.exe
  2⤵
  PID:2464
- C:\Windows\System\KyXzwYk.exe
  C:\Windows\System\KyXzwYk.exe
  2⤵
  PID:3928
- C:\Windows\System\bfMnPnO.exe
  C:\Windows\System\bfMnPnO.exe
  2⤵
  PID:4816
- C:\Windows\System\dGRpRUC.exe
  C:\Windows\System\dGRpRUC.exe
  2⤵
  PID:4324
- C:\Windows\System\WPCMAIU.exe
  C:\Windows\System\WPCMAIU.exe
  2⤵
  PID:1732
- C:\Windows\System\NhuZmFt.exe
  C:\Windows\System\NhuZmFt.exe
  2⤵
  PID:4884
- C:\Windows\System\cFWWDGS.exe
  C:\Windows\System\cFWWDGS.exe
  2⤵
  PID:4620
- C:\Windows\System\utXPOpY.exe
  C:\Windows\System\utXPOpY.exe
  2⤵
  PID:4624
- C:\Windows\System\jktqMSY.exe
  C:\Windows\System\jktqMSY.exe
  2⤵
  PID:2184
- C:\Windows\System\phMHYxJ.exe
  C:\Windows\System\phMHYxJ.exe
  2⤵
  PID:3940
- C:\Windows\System\IWggbxA.exe
  C:\Windows\System\IWggbxA.exe
  2⤵
  PID:2584
- C:\Windows\System\epMflMl.exe
  C:\Windows\System\epMflMl.exe
  2⤵
  PID:1020
- C:\Windows\System\aEmLxHd.exe
  C:\Windows\System\aEmLxHd.exe
  2⤵
  PID:5024
- C:\Windows\System\HJIgcLu.exe
  C:\Windows\System\HJIgcLu.exe
  2⤵
  PID:4504
- C:\Windows\System\CmOBJyb.exe
  C:\Windows\System\CmOBJyb.exe
  2⤵
  PID:4236
- C:\Windows\System\xSAJLlo.exe
  C:\Windows\System\xSAJLlo.exe
  2⤵
  PID:1084
- C:\Windows\System\gEbkZoj.exe
  C:\Windows\System\gEbkZoj.exe
  2⤵
  PID:3844
- C:\Windows\System\awTaMOO.exe
  C:\Windows\System\awTaMOO.exe
  2⤵
  PID:2040
- C:\Windows\System\YGNyynj.exe
  C:\Windows\System\YGNyynj.exe
  2⤵
  PID:1316
- C:\Windows\System\bpxRpPi.exe
  C:\Windows\System\bpxRpPi.exe
  2⤵
  PID:3948
- C:\Windows\System\dTmgXGx.exe
  C:\Windows\System\dTmgXGx.exe
  2⤵
  PID:2380
- C:\Windows\System\UapPgJF.exe
  C:\Windows\System\UapPgJF.exe
  2⤵
  PID:4432
- C:\Windows\System\gJDOpwR.exe
  C:\Windows\System\gJDOpwR.exe
  2⤵
  PID:3756
- C:\Windows\System\spAIQsD.exe
  C:\Windows\System\spAIQsD.exe
  2⤵
  PID:940
- C:\Windows\System\AwpOuYZ.exe
  C:\Windows\System\AwpOuYZ.exe
  2⤵
  PID:3316
- C:\Windows\System\SBIGCsE.exe
  C:\Windows\System\SBIGCsE.exe
  2⤵
  PID:2140
- C:\Windows\System\rbyJDIc.exe
  C:\Windows\System\rbyJDIc.exe
  2⤵
  PID:1748
- C:\Windows\System\dKMgPac.exe
  C:\Windows\System\dKMgPac.exe
  2⤵
  PID:2456
- C:\Windows\System\rTpWQIk.exe
  C:\Windows\System\rTpWQIk.exe
  2⤵
  PID:4364
- C:\Windows\System\LNyjIkb.exe
  C:\Windows\System\LNyjIkb.exe
  2⤵
  PID:5172
- C:\Windows\System\bTSbFPt.exe
  C:\Windows\System\bTSbFPt.exe
  2⤵
  PID:5200
- C:\Windows\System\dERvrBo.exe
  C:\Windows\System\dERvrBo.exe
  2⤵
  PID:5236
- C:\Windows\System\LDvsVct.exe
  C:\Windows\System\LDvsVct.exe
  2⤵
  PID:5292
- C:\Windows\System\GzwXKDU.exe
  C:\Windows\System\GzwXKDU.exe
  2⤵
  PID:5316
- C:\Windows\System\VPkKmvQ.exe
  C:\Windows\System\VPkKmvQ.exe
  2⤵
  PID:5336
- C:\Windows\System\TzzvjOs.exe
  C:\Windows\System\TzzvjOs.exe
  2⤵
  PID:5376
- C:\Windows\System\bkAMAbr.exe
  C:\Windows\System\bkAMAbr.exe
  2⤵
  PID:5404
- C:\Windows\System\IdskBFM.exe
  C:\Windows\System\IdskBFM.exe
  2⤵
  PID:5432
- C:\Windows\System\AVcvcgA.exe
  C:\Windows\System\AVcvcgA.exe
  2⤵
  PID:5460
- C:\Windows\System\uAQYkae.exe
  C:\Windows\System\uAQYkae.exe
  2⤵
  PID:5480
- C:\Windows\System\YNNRbLQ.exe
  C:\Windows\System\YNNRbLQ.exe
  2⤵
  PID:5496
- C:\Windows\System\DinybEE.exe
  C:\Windows\System\DinybEE.exe
  2⤵
  PID:5536
- C:\Windows\System\xSeShjy.exe
  C:\Windows\System\xSeShjy.exe
  2⤵
  PID:5556
- C:\Windows\System\TIsMawZ.exe
  C:\Windows\System\TIsMawZ.exe
  2⤵
  PID:5584
- C:\Windows\System\RWuBIYg.exe
  C:\Windows\System\RWuBIYg.exe
  2⤵
  PID:5616
- C:\Windows\System\hLmILeE.exe
  C:\Windows\System\hLmILeE.exe
  2⤵
  PID:5656
- C:\Windows\System\diFlSyI.exe
  C:\Windows\System\diFlSyI.exe
  2⤵
  PID:5672
- C:\Windows\System\wRdWMns.exe
  C:\Windows\System\wRdWMns.exe
  2⤵
  PID:5704
- C:\Windows\System\goEIBHb.exe
  C:\Windows\System\goEIBHb.exe
  2⤵
  PID:5748
- C:\Windows\System\PCPXdNK.exe
  C:\Windows\System\PCPXdNK.exe
  2⤵
  PID:5776
- C:\Windows\System\OTLRQCW.exe
  C:\Windows\System\OTLRQCW.exe
  2⤵
  PID:5804
- C:\Windows\System\zhUlrFt.exe
  C:\Windows\System\zhUlrFt.exe
  2⤵
  PID:5824
- C:\Windows\System\SABtVnB.exe
  C:\Windows\System\SABtVnB.exe
  2⤵
  PID:5852
- C:\Windows\System\CIWeMto.exe
  C:\Windows\System\CIWeMto.exe
  2⤵
  PID:5884
- C:\Windows\System\QSMBqQT.exe
  C:\Windows\System\QSMBqQT.exe
  2⤵
  PID:5916
- C:\Windows\System\iHHGdRg.exe
  C:\Windows\System\iHHGdRg.exe
  2⤵
  PID:5936
- C:\Windows\System\HjBjEkN.exe
  C:\Windows\System\HjBjEkN.exe
  2⤵
  PID:5956
- C:\Windows\System\fPBnNFg.exe
  C:\Windows\System\fPBnNFg.exe
  2⤵
  PID:5992
- C:\Windows\System\dpTHycp.exe
  C:\Windows\System\dpTHycp.exe
  2⤵
  PID:6020
- C:\Windows\System\IvlWVLh.exe
  C:\Windows\System\IvlWVLh.exe
  2⤵
  PID:6036
- C:\Windows\System\zuORfEw.exe
  C:\Windows\System\zuORfEw.exe
  2⤵
  PID:6084
- C:\Windows\System\wPjOUII.exe
  C:\Windows\System\wPjOUII.exe
  2⤵
  PID:6112
- C:\Windows\System\PaAOsoe.exe
  C:\Windows\System\PaAOsoe.exe
  2⤵
  PID:6136
- C:\Windows\System\AbHCPoN.exe
  C:\Windows\System\AbHCPoN.exe
  2⤵
  PID:1564
- C:\Windows\System\IKzSUnR.exe
  C:\Windows\System\IKzSUnR.exe
  2⤵
  PID:5232
- C:\Windows\System\HKTFsQb.exe
  C:\Windows\System\HKTFsQb.exe
  2⤵
  PID:5332
- C:\Windows\System\TKpFFeY.exe
  C:\Windows\System\TKpFFeY.exe
  2⤵
  PID:5364
- C:\Windows\System\JegTLJw.exe
  C:\Windows\System\JegTLJw.exe
  2⤵
  PID:5440
- C:\Windows\System\ZtgMuJZ.exe
  C:\Windows\System\ZtgMuJZ.exe
  2⤵
  PID:3332
- C:\Windows\System\Ecjvdsi.exe
  C:\Windows\System\Ecjvdsi.exe
  2⤵
  PID:5576
- C:\Windows\System\LHYKvuE.exe
  C:\Windows\System\LHYKvuE.exe
  2⤵
  PID:5632
- C:\Windows\System\iSeImsf.exe
  C:\Windows\System\iSeImsf.exe
  2⤵
  PID:5688
- C:\Windows\System\CXSaiUp.exe
  C:\Windows\System\CXSaiUp.exe
  2⤵
  PID:5756
- C:\Windows\System\NwIfnCk.exe
  C:\Windows\System\NwIfnCk.exe
  2⤵
  PID:5816
- C:\Windows\System\wRYLwyh.exe
  C:\Windows\System\wRYLwyh.exe
  2⤵
  PID:5848
- C:\Windows\System\uCncagY.exe
  C:\Windows\System\uCncagY.exe
  2⤵
  PID:5932
- C:\Windows\System\bpBKXVH.exe
  C:\Windows\System\bpBKXVH.exe
  2⤵
  PID:6016
- C:\Windows\System\jdxxHrU.exe
  C:\Windows\System\jdxxHrU.exe
  2⤵
  PID:6096
- C:\Windows\System\kjAryiA.exe
  C:\Windows\System\kjAryiA.exe
  2⤵
  PID:5300
- C:\Windows\System\rclHEjw.exe
  C:\Windows\System\rclHEjw.exe
  2⤵
  PID:5476
- C:\Windows\System\ePAacTL.exe
  C:\Windows\System\ePAacTL.exe
  2⤵
  PID:5608
- C:\Windows\System\mEHhgOW.exe
  C:\Windows\System\mEHhgOW.exe
  2⤵
  PID:5952
- C:\Windows\System\PHzXBCd.exe
  C:\Windows\System\PHzXBCd.exe
  2⤵
  PID:5196
- C:\Windows\System\xkOdNaM.exe
  C:\Windows\System\xkOdNaM.exe
  2⤵
  PID:5612
- C:\Windows\System\TXANXcG.exe
  C:\Windows\System\TXANXcG.exe
  2⤵
  PID:3508
- C:\Windows\System\nNwMUyU.exe
  C:\Windows\System\nNwMUyU.exe
  2⤵
  PID:5396
- C:\Windows\System\rcugdjM.exe
  C:\Windows\System\rcugdjM.exe
  2⤵
  PID:6048
- C:\Windows\System\dCKByuN.exe
  C:\Windows\System\dCKByuN.exe
  2⤵
  PID:6168
- C:\Windows\System\tWhFmfR.exe
  C:\Windows\System\tWhFmfR.exe
  2⤵
  PID:6192
- C:\Windows\System\BsQnffM.exe
  C:\Windows\System\BsQnffM.exe
  2⤵
  PID:6224
- C:\Windows\System\xECiWIl.exe
  C:\Windows\System\xECiWIl.exe
  2⤵
  PID:6248
- C:\Windows\System\DoLJLgT.exe
  C:\Windows\System\DoLJLgT.exe
  2⤵
  PID:6280
- C:\Windows\System\jeMoKKC.exe
  C:\Windows\System\jeMoKKC.exe
  2⤵
  PID:6316
- C:\Windows\System\ffYTWlF.exe
  C:\Windows\System\ffYTWlF.exe
  2⤵
  PID:6352
- C:\Windows\System\ggcpSaz.exe
  C:\Windows\System\ggcpSaz.exe
  2⤵
  PID:6376
- C:\Windows\System\qYRTjzI.exe
  C:\Windows\System\qYRTjzI.exe
  2⤵
  PID:6400
- C:\Windows\System\YizyXuy.exe
  C:\Windows\System\YizyXuy.exe
  2⤵
  PID:6432
- C:\Windows\System\EnLqQcc.exe
  C:\Windows\System\EnLqQcc.exe
  2⤵
  PID:6468
- C:\Windows\System\qMswamq.exe
  C:\Windows\System\qMswamq.exe
  2⤵
  PID:6500
- C:\Windows\System\EvSxkFL.exe
  C:\Windows\System\EvSxkFL.exe
  2⤵
  PID:6528
- C:\Windows\System\lvbxBnS.exe
  C:\Windows\System\lvbxBnS.exe
  2⤵
  PID:6560
- C:\Windows\System\dVySjGT.exe
  C:\Windows\System\dVySjGT.exe
  2⤵
  PID:6592
- C:\Windows\System\wMuISVC.exe
  C:\Windows\System\wMuISVC.exe
  2⤵
  PID:6624
- C:\Windows\System\OoHElVR.exe
  C:\Windows\System\OoHElVR.exe
  2⤵
  PID:6648
- C:\Windows\System\onqtnJC.exe
  C:\Windows\System\onqtnJC.exe
  2⤵
  PID:6680
- C:\Windows\System\TIFFeke.exe
  C:\Windows\System\TIFFeke.exe
  2⤵
  PID:6700
- C:\Windows\System\bSfaOZw.exe
  C:\Windows\System\bSfaOZw.exe
  2⤵
  PID:6724
- C:\Windows\System\eLIjzSi.exe
  C:\Windows\System\eLIjzSi.exe
  2⤵
  PID:6760
- C:\Windows\System\SyrXgZq.exe
  C:\Windows\System\SyrXgZq.exe
  2⤵
  PID:6788
- C:\Windows\System\plFpfuG.exe
  C:\Windows\System\plFpfuG.exe
  2⤵
  PID:6820
- C:\Windows\System\aVVJLCV.exe
  C:\Windows\System\aVVJLCV.exe
  2⤵
  PID:6860
- C:\Windows\System\oYPBYbC.exe
  C:\Windows\System\oYPBYbC.exe
  2⤵
  PID:6884
- C:\Windows\System\pNuwYJO.exe
  C:\Windows\System\pNuwYJO.exe
  2⤵
  PID:6908
- C:\Windows\System\kbzjvhb.exe
  C:\Windows\System\kbzjvhb.exe
  2⤵
  PID:6936
- C:\Windows\System\CkEeouY.exe
  C:\Windows\System\CkEeouY.exe
  2⤵
  PID:6968
- C:\Windows\System\qsJqmFc.exe
  C:\Windows\System\qsJqmFc.exe
  2⤵
  PID:6996
- C:\Windows\System\uxIIByU.exe
  C:\Windows\System\uxIIByU.exe
  2⤵
  PID:7020
- C:\Windows\System\TcmdXMd.exe
  C:\Windows\System\TcmdXMd.exe
  2⤵
  PID:7048
- C:\Windows\System\UirDwtG.exe
  C:\Windows\System\UirDwtG.exe
  2⤵
  PID:7076
- C:\Windows\System\nXcfhAa.exe
  C:\Windows\System\nXcfhAa.exe
  2⤵
  PID:7104
- C:\Windows\System\tppzGEG.exe
  C:\Windows\System\tppzGEG.exe
  2⤵
  PID:7148
- C:\Windows\System\ZlvaDjz.exe
  C:\Windows\System\ZlvaDjz.exe
  2⤵
  PID:6184
- C:\Windows\System\OvbpBvj.exe
  C:\Windows\System\OvbpBvj.exe
  2⤵
  PID:6292
- C:\Windows\System\CmlaxAb.exe
  C:\Windows\System\CmlaxAb.exe
  2⤵
  PID:6448
- C:\Windows\System\fpMmKGz.exe
  C:\Windows\System\fpMmKGz.exe
  2⤵
  PID:6544
- C:\Windows\System\IMISzmH.exe
  C:\Windows\System\IMISzmH.exe
  2⤵
  PID:6568
- C:\Windows\System\jBXPRBv.exe
  C:\Windows\System\jBXPRBv.exe
  2⤵
  PID:6660
- C:\Windows\System\rHMzeMD.exe
  C:\Windows\System\rHMzeMD.exe
  2⤵
  PID:6732
- C:\Windows\System\HfBDrIZ.exe
  C:\Windows\System\HfBDrIZ.exe
  2⤵
  PID:6780
- C:\Windows\System\SuaQhKH.exe
  C:\Windows\System\SuaQhKH.exe
  2⤵
  PID:6832
- C:\Windows\System\wGZaHYB.exe
  C:\Windows\System\wGZaHYB.exe
  2⤵
  PID:6896
- C:\Windows\System\smyRipc.exe
  C:\Windows\System\smyRipc.exe
  2⤵
  PID:6960
- C:\Windows\System\xucLOfy.exe
  C:\Windows\System\xucLOfy.exe
  2⤵
  PID:7004
- C:\Windows\System\fSGHPPz.exe
  C:\Windows\System\fSGHPPz.exe
  2⤵
  PID:6572
- C:\Windows\System\ZiCIHkK.exe
  C:\Windows\System\ZiCIHkK.exe
  2⤵
  PID:7132
- C:\Windows\System\eRQkFcB.exe
  C:\Windows\System\eRQkFcB.exe
  2⤵
  PID:6264
- C:\Windows\System\LaTnlLE.exe
  C:\Windows\System\LaTnlLE.exe
  2⤵
  PID:6540
- C:\Windows\System\oMsMKFu.exe
  C:\Windows\System\oMsMKFu.exe
  2⤵
  PID:6712
- C:\Windows\System\ROehXSF.exe
  C:\Windows\System\ROehXSF.exe
  2⤵
  PID:6696
- C:\Windows\System\wsZCWmY.exe
  C:\Windows\System\wsZCWmY.exe
  2⤵
  PID:7040
- C:\Windows\System\oQZTQOM.exe
  C:\Windows\System\oQZTQOM.exe
  2⤵
  PID:4496
- C:\Windows\System\YyEdcvl.exe
  C:\Windows\System\YyEdcvl.exe
  2⤵
  PID:6928
- C:\Windows\System\AQmdUVj.exe
  C:\Windows\System\AQmdUVj.exe
  2⤵
  PID:6692
- C:\Windows\System\GIMIbJk.exe
  C:\Windows\System\GIMIbJk.exe
  2⤵
  PID:7188
- C:\Windows\System\WKUyrIZ.exe
  C:\Windows\System\WKUyrIZ.exe
  2⤵
  PID:7220
- C:\Windows\System\xxXyNXE.exe
  C:\Windows\System\xxXyNXE.exe
  2⤵
  PID:7244
- C:\Windows\System\TKLTmur.exe
  C:\Windows\System\TKLTmur.exe
  2⤵
  PID:7272
- C:\Windows\System\drnTuTI.exe
  C:\Windows\System\drnTuTI.exe
  2⤵
  PID:7300
- C:\Windows\System\oZEurpP.exe
  C:\Windows\System\oZEurpP.exe
  2⤵
  PID:7332
- C:\Windows\System\biMQeXr.exe
  C:\Windows\System\biMQeXr.exe
  2⤵
  PID:7364
- C:\Windows\System\ocNHylg.exe
  C:\Windows\System\ocNHylg.exe
  2⤵
  PID:7392
- C:\Windows\System\rReKOhP.exe
  C:\Windows\System\rReKOhP.exe
  2⤵
  PID:7416
- C:\Windows\System\kgVxmof.exe
  C:\Windows\System\kgVxmof.exe
  2⤵
  PID:7444
- C:\Windows\System\vgUchBe.exe
  C:\Windows\System\vgUchBe.exe
  2⤵
  PID:7472
- C:\Windows\System\MujixZM.exe
  C:\Windows\System\MujixZM.exe
  2⤵
  PID:7500
- C:\Windows\System\ABBzLcY.exe
  C:\Windows\System\ABBzLcY.exe
  2⤵
  PID:7528
- C:\Windows\System\svxgDEN.exe
  C:\Windows\System\svxgDEN.exe
  2⤵
  PID:7556
- C:\Windows\System\XfHifXI.exe
  C:\Windows\System\XfHifXI.exe
  2⤵
  PID:7584
- C:\Windows\System\MqKgafC.exe
  C:\Windows\System\MqKgafC.exe
  2⤵
  PID:7616
- C:\Windows\System\DVrqxSA.exe
  C:\Windows\System\DVrqxSA.exe
  2⤵
  PID:7644
- C:\Windows\System\yFHiahF.exe
  C:\Windows\System\yFHiahF.exe
  2⤵
  PID:7672
- C:\Windows\System\MfKRfYx.exe
  C:\Windows\System\MfKRfYx.exe
  2⤵
  PID:7700
- C:\Windows\System\zcDxZxz.exe
  C:\Windows\System\zcDxZxz.exe
  2⤵
  PID:7728
- C:\Windows\System\EjvkNxA.exe
  C:\Windows\System\EjvkNxA.exe
  2⤵
  PID:7768
- C:\Windows\System\XdseJeh.exe
  C:\Windows\System\XdseJeh.exe
  2⤵
  PID:7816
- C:\Windows\System\zjNYZTC.exe
  C:\Windows\System\zjNYZTC.exe
  2⤵
  PID:7844
- C:\Windows\System\XOEutQS.exe
  C:\Windows\System\XOEutQS.exe
  2⤵
  PID:7876
- C:\Windows\System\LinflRI.exe
  C:\Windows\System\LinflRI.exe
  2⤵
  PID:7908
- C:\Windows\System\TWmvIyp.exe
  C:\Windows\System\TWmvIyp.exe
  2⤵
  PID:7928
- C:\Windows\System\phPcyCq.exe
  C:\Windows\System\phPcyCq.exe
  2⤵
  PID:7952
- C:\Windows\System\CNyudQG.exe
  C:\Windows\System\CNyudQG.exe
  2⤵
  PID:7972
- C:\Windows\System\wvoEkwu.exe
  C:\Windows\System\wvoEkwu.exe
  2⤵
  PID:8012
- C:\Windows\System\gEDFSnf.exe
  C:\Windows\System\gEDFSnf.exe
  2⤵
  PID:8040
- C:\Windows\System\XyTtGHL.exe
  C:\Windows\System\XyTtGHL.exe
  2⤵
  PID:8076
- C:\Windows\System\edsOpLS.exe
  C:\Windows\System\edsOpLS.exe
  2⤵
  PID:8104
- C:\Windows\System\pFWwfjE.exe
  C:\Windows\System\pFWwfjE.exe
  2⤵
  PID:8144
- C:\Windows\System\dywioNX.exe
  C:\Windows\System\dywioNX.exe
  2⤵
  PID:8172
- C:\Windows\System\IMTICcp.exe
  C:\Windows\System\IMTICcp.exe
  2⤵
  PID:8188
- C:\Windows\System\GKORnSG.exe
  C:\Windows\System\GKORnSG.exe
  2⤵
  PID:5876
- C:\Windows\System\IjFMKAo.exe
  C:\Windows\System\IjFMKAo.exe
  2⤵
  PID:5520
- C:\Windows\System\CoUPwmf.exe
  C:\Windows\System\CoUPwmf.exe
  2⤵
  PID:7284
- C:\Windows\System\qmjCJHK.exe
  C:\Windows\System\qmjCJHK.exe
  2⤵
  PID:7356
- C:\Windows\System\TZOTbMb.exe
  C:\Windows\System\TZOTbMb.exe
  2⤵
  PID:7424
- C:\Windows\System\JGXPiTg.exe
  C:\Windows\System\JGXPiTg.exe
  2⤵
  PID:7512
- C:\Windows\System\prRPWfF.exe
  C:\Windows\System\prRPWfF.exe
  2⤵
  PID:6640
- C:\Windows\System\iucyOMY.exe
  C:\Windows\System\iucyOMY.exe
  2⤵
  PID:7628
- C:\Windows\System\njtfeat.exe
  C:\Windows\System\njtfeat.exe
  2⤵
  PID:7692
- C:\Windows\System\yhZGlEb.exe
  C:\Windows\System\yhZGlEb.exe
  2⤵
  PID:7764
- C:\Windows\System\UVEGYZN.exe
  C:\Windows\System\UVEGYZN.exe
  2⤵
  PID:7856
- C:\Windows\System\BfetaDZ.exe
  C:\Windows\System\BfetaDZ.exe
  2⤵
  PID:7916
- C:\Windows\System\SVfkyxJ.exe
  C:\Windows\System\SVfkyxJ.exe
  2⤵
  PID:7992
- C:\Windows\System\qmvAjAl.exe
  C:\Windows\System\qmvAjAl.exe
  2⤵
  PID:8032
- C:\Windows\System\ZQXamGO.exe
  C:\Windows\System\ZQXamGO.exe
  2⤵
  PID:8068
- C:\Windows\System\baFhviJ.exe
  C:\Windows\System\baFhviJ.exe
  2⤵
  PID:8140
- C:\Windows\System\iRCnTju.exe
  C:\Windows\System\iRCnTju.exe
  2⤵
  PID:8184
- C:\Windows\System\BDDJaaK.exe
  C:\Windows\System\BDDJaaK.exe
  2⤵
  PID:1936
- C:\Windows\System\Vguhpdy.exe
  C:\Windows\System\Vguhpdy.exe
  2⤵
  PID:1660
- C:\Windows\System\QVzKwSw.exe
  C:\Windows\System\QVzKwSw.exe
  2⤵
  PID:7236
- C:\Windows\System\xhILwUj.exe
  C:\Windows\System\xhILwUj.exe
  2⤵
  PID:1452
- C:\Windows\System\vqzzaww.exe
  C:\Windows\System\vqzzaww.exe
  2⤵
  PID:7492
- C:\Windows\System\PxYVYpI.exe
  C:\Windows\System\PxYVYpI.exe
  2⤵
  PID:7668
- C:\Windows\System\CgjKKzp.exe
  C:\Windows\System\CgjKKzp.exe
  2⤵
  PID:7836
- C:\Windows\System\DSyWqHU.exe
  C:\Windows\System\DSyWqHU.exe
  2⤵
  PID:7920
- C:\Windows\System\ZRjVcme.exe
  C:\Windows\System\ZRjVcme.exe
  2⤵
  PID:8072
- C:\Windows\System\mhQQDHt.exe
  C:\Windows\System\mhQQDHt.exe
  2⤵
  PID:6076
- C:\Windows\System\KRAVIgy.exe
  C:\Windows\System\KRAVIgy.exe
  2⤵
  PID:7268
- C:\Windows\System\QSvFjRP.exe
  C:\Windows\System\QSvFjRP.exe
  2⤵
  PID:7552
- C:\Windows\System\aakkVoL.exe
  C:\Windows\System\aakkVoL.exe
  2⤵
  PID:7884
- C:\Windows\System\JlfGXEJ.exe
  C:\Windows\System\JlfGXEJ.exe
  2⤵
  PID:8164
- C:\Windows\System\auLrHHD.exe
  C:\Windows\System\auLrHHD.exe
  2⤵
  PID:7612
- C:\Windows\System\wnpeCyR.exe
  C:\Windows\System\wnpeCyR.exe
  2⤵
  PID:1012
- C:\Windows\System\sTsCEGd.exe
  C:\Windows\System\sTsCEGd.exe
  2⤵
  PID:8132
- C:\Windows\System\nlRCtnP.exe
  C:\Windows\System\nlRCtnP.exe
  2⤵
  PID:8216
- C:\Windows\System\rNWrzoq.exe
  C:\Windows\System\rNWrzoq.exe
  2⤵
  PID:8244
- C:\Windows\System\IDTnfJa.exe
  C:\Windows\System\IDTnfJa.exe
  2⤵
  PID:8272
- C:\Windows\System\dXgahRo.exe
  C:\Windows\System\dXgahRo.exe
  2⤵
  PID:8300
- C:\Windows\System\KGcessH.exe
  C:\Windows\System\KGcessH.exe
  2⤵
  PID:8328
- C:\Windows\System\XUjDQop.exe
  C:\Windows\System\XUjDQop.exe
  2⤵
  PID:8356
- C:\Windows\System\wbuUmpk.exe
  C:\Windows\System\wbuUmpk.exe
  2⤵
  PID:8384
- C:\Windows\System\kjLHvLT.exe
  C:\Windows\System\kjLHvLT.exe
  2⤵
  PID:8412
- C:\Windows\System\tHsTCbr.exe
  C:\Windows\System\tHsTCbr.exe
  2⤵
  PID:8440
- C:\Windows\System\MdMZbgJ.exe
  C:\Windows\System\MdMZbgJ.exe
  2⤵
  PID:8468
- C:\Windows\System\KHbMgZr.exe
  C:\Windows\System\KHbMgZr.exe
  2⤵
  PID:8496
- C:\Windows\System\ExzoVIP.exe
  C:\Windows\System\ExzoVIP.exe
  2⤵
  PID:8524
- C:\Windows\System\gELvdPN.exe
  C:\Windows\System\gELvdPN.exe
  2⤵
  PID:8552
- C:\Windows\System\XDVmbJg.exe
  C:\Windows\System\XDVmbJg.exe
  2⤵
  PID:8580
- C:\Windows\System\tOuFicj.exe
  C:\Windows\System\tOuFicj.exe
  2⤵
  PID:8608
- C:\Windows\System\fUJgTMD.exe
  C:\Windows\System\fUJgTMD.exe
  2⤵
  PID:8636
- C:\Windows\System\JMvFAOH.exe
  C:\Windows\System\JMvFAOH.exe
  2⤵
  PID:8664
- C:\Windows\System\CUmlsRR.exe
  C:\Windows\System\CUmlsRR.exe
  2⤵
  PID:8692
- C:\Windows\System\UBlCxlT.exe
  C:\Windows\System\UBlCxlT.exe
  2⤵
  PID:8740
- C:\Windows\System\kitakOW.exe
  C:\Windows\System\kitakOW.exe
  2⤵
  PID:8760
- C:\Windows\System\ohvuJBK.exe
  C:\Windows\System\ohvuJBK.exe
  2⤵
  PID:8784
- C:\Windows\System\WDYBiXA.exe
  C:\Windows\System\WDYBiXA.exe
  2⤵
  PID:8812
- C:\Windows\System\uJKIirH.exe
  C:\Windows\System\uJKIirH.exe
  2⤵
  PID:8840
- C:\Windows\System\ADwZCTH.exe
  C:\Windows\System\ADwZCTH.exe
  2⤵
  PID:8868
- C:\Windows\System\jsAVnoU.exe
  C:\Windows\System\jsAVnoU.exe
  2⤵
  PID:8896
- C:\Windows\System\tMOMrfA.exe
  C:\Windows\System\tMOMrfA.exe
  2⤵
  PID:8924
- C:\Windows\System\VIDFkGt.exe
  C:\Windows\System\VIDFkGt.exe
  2⤵
  PID:8952
- C:\Windows\System\TATVVvV.exe
  C:\Windows\System\TATVVvV.exe
  2⤵
  PID:8980
- C:\Windows\System\XcuRIom.exe
  C:\Windows\System\XcuRIom.exe
  2⤵
  PID:9008
- C:\Windows\System\ihufaZy.exe
  C:\Windows\System\ihufaZy.exe
  2⤵
  PID:9036
- C:\Windows\System\LqGssaI.exe
  C:\Windows\System\LqGssaI.exe
  2⤵
  PID:9064
- C:\Windows\System\sCmAeUm.exe
  C:\Windows\System\sCmAeUm.exe
  2⤵
  PID:9092
- C:\Windows\System\nlaghOp.exe
  C:\Windows\System\nlaghOp.exe
  2⤵
  PID:9120
- C:\Windows\System\YOZDFrT.exe
  C:\Windows\System\YOZDFrT.exe
  2⤵
  PID:9148
- C:\Windows\System\sxAzKxq.exe
  C:\Windows\System\sxAzKxq.exe
  2⤵
  PID:9176
- C:\Windows\System\gmzWDep.exe
  C:\Windows\System\gmzWDep.exe
  2⤵
  PID:9204
- C:\Windows\System\MBwdtvq.exe
  C:\Windows\System\MBwdtvq.exe
  2⤵
  PID:8236
- C:\Windows\System\GQRXZfe.exe
  C:\Windows\System\GQRXZfe.exe
  2⤵
  PID:8296
- C:\Windows\System\pdxDnUC.exe
  C:\Windows\System\pdxDnUC.exe
  2⤵
  PID:8368
- C:\Windows\System\VdVImiw.exe
  C:\Windows\System\VdVImiw.exe
  2⤵
  PID:8432
- C:\Windows\System\GwahUHP.exe
  C:\Windows\System\GwahUHP.exe
  2⤵
  PID:8492
- C:\Windows\System\mMBLXdy.exe
  C:\Windows\System\mMBLXdy.exe
  2⤵
  PID:8564
- C:\Windows\System\HoubILM.exe
  C:\Windows\System\HoubILM.exe
  2⤵
  PID:8620
- C:\Windows\System\OvrTrRi.exe
  C:\Windows\System\OvrTrRi.exe
  2⤵
  PID:8684
- C:\Windows\System\GOABNnd.exe
  C:\Windows\System\GOABNnd.exe
  2⤵
  PID:8748
- C:\Windows\System\PiTCREV.exe
  C:\Windows\System\PiTCREV.exe
  2⤵
  PID:8808
- C:\Windows\System\ECMSayP.exe
  C:\Windows\System\ECMSayP.exe
  2⤵
  PID:8880
- C:\Windows\System\hbIiSyN.exe
  C:\Windows\System\hbIiSyN.exe
  2⤵
  PID:8944
- C:\Windows\System\ClqSDCH.exe
  C:\Windows\System\ClqSDCH.exe
  2⤵
  PID:9004
- C:\Windows\System\FLhhjeB.exe
  C:\Windows\System\FLhhjeB.exe
  2⤵
  PID:9076
- C:\Windows\System\czBjeft.exe
  C:\Windows\System\czBjeft.exe
  2⤵
  PID:9140
- C:\Windows\System\FGwRiNu.exe
  C:\Windows\System\FGwRiNu.exe
  2⤵
  PID:9200
- C:\Windows\System\WYocgNW.exe
  C:\Windows\System\WYocgNW.exe
  2⤵
  PID:8736
- C:\Windows\System\qEuFSWh.exe
  C:\Windows\System\qEuFSWh.exe
  2⤵
  PID:8460
- C:\Windows\System\tDLKWIX.exe
  C:\Windows\System\tDLKWIX.exe
  2⤵
  PID:8600
- C:\Windows\System\JfERGdO.exe
  C:\Windows\System\JfERGdO.exe
  2⤵
  PID:8716
- C:\Windows\System\JoUwxli.exe
  C:\Windows\System\JoUwxli.exe
  2⤵
  PID:8908
- C:\Windows\System\MbifvdP.exe
  C:\Windows\System\MbifvdP.exe
  2⤵
  PID:9056
- C:\Windows\System\CjkmKrR.exe
  C:\Windows\System\CjkmKrR.exe
  2⤵
  PID:9196
- C:\Windows\System\WXVLOOm.exe
  C:\Windows\System\WXVLOOm.exe
  2⤵
  PID:8520
- C:\Windows\System\SJnMcFi.exe
  C:\Windows\System\SJnMcFi.exe
  2⤵
  PID:8860
- C:\Windows\System\mXKGtdo.exe
  C:\Windows\System\mXKGtdo.exe
  2⤵
  PID:9188
- C:\Windows\System\dnIkgWL.exe
  C:\Windows\System\dnIkgWL.exe
  2⤵
  PID:8656
- C:\Windows\System\mqseGoY.exe
  C:\Windows\System\mqseGoY.exe
  2⤵
  PID:9168
- C:\Windows\System\KEMFRtf.exe
  C:\Windows\System\KEMFRtf.exe
  2⤵
  PID:9236
- C:\Windows\System\BeNxDWg.exe
  C:\Windows\System\BeNxDWg.exe
  2⤵
  PID:9268
- C:\Windows\System\rjRkVjq.exe
  C:\Windows\System\rjRkVjq.exe
  2⤵
  PID:9296
- C:\Windows\System\UbnFPIJ.exe
  C:\Windows\System\UbnFPIJ.exe
  2⤵
  PID:9324
- C:\Windows\System\GoLdiZQ.exe
  C:\Windows\System\GoLdiZQ.exe
  2⤵
  PID:9356
- C:\Windows\System\qDSasSW.exe
  C:\Windows\System\qDSasSW.exe
  2⤵
  PID:9388
- C:\Windows\System\AufuRCb.exe
  C:\Windows\System\AufuRCb.exe
  2⤵
  PID:9404
- C:\Windows\System\mkATJYT.exe
  C:\Windows\System\mkATJYT.exe
  2⤵
  PID:9448
- C:\Windows\System\PpYirOB.exe
  C:\Windows\System\PpYirOB.exe
  2⤵
  PID:9504
- C:\Windows\System\eNeylaT.exe
  C:\Windows\System\eNeylaT.exe
  2⤵
  PID:9560
- C:\Windows\System\SJclmSZ.exe
  C:\Windows\System\SJclmSZ.exe
  2⤵
  PID:9592
- C:\Windows\System\vvMtVaq.exe
  C:\Windows\System\vvMtVaq.exe
  2⤵
  PID:9612
- C:\Windows\System\cwKJFrO.exe
  C:\Windows\System\cwKJFrO.exe
  2⤵
  PID:9640
- C:\Windows\System\ovvYrgo.exe
  C:\Windows\System\ovvYrgo.exe
  2⤵
  PID:9668
- C:\Windows\System\vSYQXTM.exe
  C:\Windows\System\vSYQXTM.exe
  2⤵
  PID:9696
- C:\Windows\System\oQyZiVf.exe
  C:\Windows\System\oQyZiVf.exe
  2⤵
  PID:9736
- C:\Windows\System\luLwBKF.exe
  C:\Windows\System\luLwBKF.exe
  2⤵
  PID:9776
- C:\Windows\System\RGRRfWb.exe
  C:\Windows\System\RGRRfWb.exe
  2⤵
  PID:9804
- C:\Windows\System\xIauJZa.exe
  C:\Windows\System\xIauJZa.exe
  2⤵
  PID:9832
- C:\Windows\System\yxogBSQ.exe
  C:\Windows\System\yxogBSQ.exe
  2⤵
  PID:9860
- C:\Windows\System\ZRzlUSt.exe
  C:\Windows\System\ZRzlUSt.exe
  2⤵
  PID:9888
- C:\Windows\System\NFhvOVL.exe
  C:\Windows\System\NFhvOVL.exe
  2⤵
  PID:9916
- C:\Windows\System\aYsOGuY.exe
  C:\Windows\System\aYsOGuY.exe
  2⤵
  PID:9944
- C:\Windows\System\DGvkMwx.exe
  C:\Windows\System\DGvkMwx.exe
  2⤵
  PID:9972
- C:\Windows\System\KaDgueJ.exe
  C:\Windows\System\KaDgueJ.exe
  2⤵
  PID:10000
- C:\Windows\System\jZbarUA.exe
  C:\Windows\System\jZbarUA.exe
  2⤵
  PID:10028
- C:\Windows\System\WUeAjYC.exe
  C:\Windows\System\WUeAjYC.exe
  2⤵
  PID:10056
- C:\Windows\System\hxiuloG.exe
  C:\Windows\System\hxiuloG.exe
  2⤵
  PID:10084
- C:\Windows\System\bFveFgK.exe
  C:\Windows\System\bFveFgK.exe
  2⤵
  PID:10112
- C:\Windows\System\rehyXsP.exe
  C:\Windows\System\rehyXsP.exe
  2⤵
  PID:10140
- C:\Windows\System\dtMOgyN.exe
  C:\Windows\System\dtMOgyN.exe
  2⤵
  PID:10168
- C:\Windows\System\vqaoSqh.exe
  C:\Windows\System\vqaoSqh.exe
  2⤵
  PID:10196
- C:\Windows\System\EIaMlFC.exe
  C:\Windows\System\EIaMlFC.exe
  2⤵
  PID:10224
- C:\Windows\System\MQaHgyz.exe
  C:\Windows\System\MQaHgyz.exe
  2⤵
  PID:9248
- C:\Windows\System\MJmtKYK.exe
  C:\Windows\System\MJmtKYK.exe
  2⤵
  PID:9316
- C:\Windows\System\XhFdOhl.exe
  C:\Windows\System\XhFdOhl.exe
  2⤵
  PID:9372
- C:\Windows\System\OAfQuVc.exe
  C:\Windows\System\OAfQuVc.exe
  2⤵
  PID:4556
- C:\Windows\System\MmKtVQJ.exe
  C:\Windows\System\MmKtVQJ.exe
  2⤵
  PID:3272
- C:\Windows\System\UVmjaHr.exe
  C:\Windows\System\UVmjaHr.exe
  2⤵
  PID:1376
- C:\Windows\System\yREXnKr.exe
  C:\Windows\System\yREXnKr.exe
  2⤵
  PID:3680
- C:\Windows\System\UpRbbmM.exe
  C:\Windows\System\UpRbbmM.exe
  2⤵
  PID:2576
- C:\Windows\System\zjOYafX.exe
  C:\Windows\System\zjOYafX.exe
  2⤵
  PID:9528
- C:\Windows\System\bkQCuzm.exe
  C:\Windows\System\bkQCuzm.exe
  2⤵
  PID:9552
- C:\Windows\System\mdVuOVT.exe
  C:\Windows\System\mdVuOVT.exe
  2⤵
  PID:9412
- C:\Windows\System\BDhJZyB.exe
  C:\Windows\System\BDhJZyB.exe
  2⤵
  PID:3056
- C:\Windows\System\CelBbxG.exe
  C:\Windows\System\CelBbxG.exe
  2⤵
  PID:4420
- C:\Windows\System\PJJRoNX.exe
  C:\Windows\System\PJJRoNX.exe
  2⤵
  PID:3760
- C:\Windows\System\oQtDjsi.exe
  C:\Windows\System\oQtDjsi.exe
  2⤵
  PID:2432
- C:\Windows\System\YMLXUIO.exe
  C:\Windows\System\YMLXUIO.exe
  2⤵
  PID:3376
- C:\Windows\System\OKcSEhl.exe
  C:\Windows\System\OKcSEhl.exe
  2⤵
  PID:2200
- C:\Windows\System\yWyIIzR.exe
  C:\Windows\System\yWyIIzR.exe
  2⤵
  PID:1824
- C:\Windows\System\XnGiZVP.exe
  C:\Windows\System\XnGiZVP.exe
  2⤵
  PID:3812
- C:\Windows\System\MnjFEzO.exe
  C:\Windows\System\MnjFEzO.exe
  2⤵
  PID:9688
- C:\Windows\System\JgNCnvj.exe
  C:\Windows\System\JgNCnvj.exe
  2⤵
  PID:9716
- C:\Windows\System\DLGtiEu.exe
  C:\Windows\System\DLGtiEu.exe
  2⤵
  PID:1844
- C:\Windows\System\jhlihRk.exe
  C:\Windows\System\jhlihRk.exe
  2⤵
  PID:9828
- C:\Windows\System\VqlbZHz.exe
  C:\Windows\System\VqlbZHz.exe
  2⤵
  PID:9880
- C:\Windows\System\zKRBAhv.exe
  C:\Windows\System\zKRBAhv.exe
  2⤵
  PID:9940
- C:\Windows\System\ylZgNEZ.exe
  C:\Windows\System\ylZgNEZ.exe
  2⤵
  PID:10012
- C:\Windows\System\KZBmtNR.exe
  C:\Windows\System\KZBmtNR.exe
  2⤵
  PID:10076
- C:\Windows\System\qMOHdEt.exe
  C:\Windows\System\qMOHdEt.exe
  2⤵
  PID:10132
- C:\Windows\System\AhBqYhf.exe
  C:\Windows\System\AhBqYhf.exe
  2⤵
  PID:3628
- C:\Windows\System\HIUOCyE.exe
  C:\Windows\System\HIUOCyE.exe
  2⤵
  PID:2780
- C:\Windows\System\WSsjBTE.exe
  C:\Windows\System\WSsjBTE.exe
  2⤵
  PID:2288
- C:\Windows\System\KUkjcDv.exe
  C:\Windows\System\KUkjcDv.exe
  2⤵
  PID:4768
- C:\Windows\System\mFOfFPi.exe
  C:\Windows\System\mFOfFPi.exe
  2⤵
  PID:9496
- C:\Windows\System\cHnuvLP.exe
  C:\Windows\System\cHnuvLP.exe
  2⤵
  PID:988
- C:\Windows\System\ABwLbDC.exe
  C:\Windows\System\ABwLbDC.exe
  2⤵
  PID:9416
- C:\Windows\System\BHmUpZT.exe
  C:\Windows\System\BHmUpZT.exe
  2⤵
  PID:1724
- C:\Windows\System\fTVTwKQ.exe
  C:\Windows\System\fTVTwKQ.exe
  2⤵
  PID:2112
- C:\Windows\System\ZDdMrfC.exe
  C:\Windows\System\ZDdMrfC.exe
  2⤵
  PID:4076
- C:\Windows\System\vatRaDZ.exe
  C:\Windows\System\vatRaDZ.exe
  2⤵
  PID:9576
- C:\Windows\System\ZdeggoS.exe
  C:\Windows\System\ZdeggoS.exe
  2⤵
  PID:9816
- C:\Windows\System\onGbmgE.exe
  C:\Windows\System\onGbmgE.exe
  2⤵
  PID:9908
- C:\Windows\System\SGEzZql.exe
  C:\Windows\System\SGEzZql.exe
  2⤵
  PID:10052
- C:\Windows\System\JrSZXpt.exe
  C:\Windows\System\JrSZXpt.exe
  2⤵
  PID:3868
- C:\Windows\System\ODpcqFu.exe
  C:\Windows\System\ODpcqFu.exe
  2⤵
  PID:9396
- C:\Windows\System\MXFHsyq.exe
  C:\Windows\System\MXFHsyq.exe
  2⤵
  PID:928
- C:\Windows\System\iszOVWU.exe
  C:\Windows\System\iszOVWU.exe
  2⤵
  PID:3496
- C:\Windows\System\ENjQJcE.exe
  C:\Windows\System\ENjQJcE.exe
  2⤵
  PID:9540
- C:\Windows\System\sexGZay.exe
  C:\Windows\System\sexGZay.exe
  2⤵
  PID:2552
- C:\Windows\System\JTCwkwV.exe
  C:\Windows\System\JTCwkwV.exe
  2⤵
  PID:4308
- C:\Windows\System\bbzoxyi.exe
  C:\Windows\System\bbzoxyi.exe
  2⤵
  PID:10180
- C:\Windows\System\xtiURep.exe
  C:\Windows\System\xtiURep.exe
  2⤵
  PID:9484
- C:\Windows\System\jQSauBx.exe
  C:\Windows\System\jQSauBx.exe
  2⤵
  PID:9788
- C:\Windows\System\DzqicBc.exe
  C:\Windows\System\DzqicBc.exe
  2⤵
  PID:10160
- C:\Windows\System\DwMDlIZ.exe
  C:\Windows\System\DwMDlIZ.exe
  2⤵
  PID:1792
- C:\Windows\System\giWQPTN.exe
  C:\Windows\System\giWQPTN.exe
  2⤵
  PID:1636
- C:\Windows\System\VTbzQXB.exe
  C:\Windows\System\VTbzQXB.exe
  2⤵
  PID:10264
- C:\Windows\System\vglYCVs.exe
  C:\Windows\System\vglYCVs.exe
  2⤵
  PID:10292
- C:\Windows\System\mHQgzsJ.exe
  C:\Windows\System\mHQgzsJ.exe
  2⤵
  PID:10320
- C:\Windows\System\QlOSTxf.exe
  C:\Windows\System\QlOSTxf.exe
  2⤵
  PID:10348
- C:\Windows\System\DvTPzPM.exe
  C:\Windows\System\DvTPzPM.exe
  2⤵
  PID:10376
- C:\Windows\System\TzwOExP.exe
  C:\Windows\System\TzwOExP.exe
  2⤵
  PID:10404
- C:\Windows\System\nZcTGiG.exe
  C:\Windows\System\nZcTGiG.exe
  2⤵
  PID:10432
- C:\Windows\System\peluAfn.exe
  C:\Windows\System\peluAfn.exe
  2⤵
  PID:10460
- C:\Windows\System\ayrQTNE.exe
  C:\Windows\System\ayrQTNE.exe
  2⤵
  PID:10492
- C:\Windows\System\EAfKGmm.exe
  C:\Windows\System\EAfKGmm.exe
  2⤵
  PID:10520
- C:\Windows\System\KNUoTBc.exe
  C:\Windows\System\KNUoTBc.exe
  2⤵
  PID:10548
- C:\Windows\System\zOteYNC.exe
  C:\Windows\System\zOteYNC.exe
  2⤵
  PID:10576
- C:\Windows\System\DeZVvWf.exe
  C:\Windows\System\DeZVvWf.exe
  2⤵
  PID:10604
- C:\Windows\System\JkDYRPT.exe
  C:\Windows\System\JkDYRPT.exe
  2⤵
  PID:10632
- C:\Windows\System\fTFxjib.exe
  C:\Windows\System\fTFxjib.exe
  2⤵
  PID:10660
- C:\Windows\System\nVbjmYA.exe
  C:\Windows\System\nVbjmYA.exe
  2⤵
  PID:10688
- C:\Windows\System\LMxctRR.exe
  C:\Windows\System\LMxctRR.exe
  2⤵
  PID:10716
- C:\Windows\System\uMVYwlc.exe
  C:\Windows\System\uMVYwlc.exe
  2⤵
  PID:10744
- C:\Windows\System\yIXzapF.exe
  C:\Windows\System\yIXzapF.exe
  2⤵
  PID:10772
- C:\Windows\System\gagTHSE.exe
  C:\Windows\System\gagTHSE.exe
  2⤵
  PID:10800
- C:\Windows\System\rFyzWvU.exe
  C:\Windows\System\rFyzWvU.exe
  2⤵
  PID:10828
- C:\Windows\System\LaCYfDh.exe
  C:\Windows\System\LaCYfDh.exe
  2⤵
  PID:10856
- C:\Windows\System\mSjDYJa.exe
  C:\Windows\System\mSjDYJa.exe
  2⤵
  PID:10884
- C:\Windows\System\FwuuAod.exe
  C:\Windows\System\FwuuAod.exe
  2⤵
  PID:10912
- C:\Windows\System\ilxaDyS.exe
  C:\Windows\System\ilxaDyS.exe
  2⤵
  PID:10940
- C:\Windows\System\JIpjVBc.exe
  C:\Windows\System\JIpjVBc.exe
  2⤵
  PID:10968
- C:\Windows\System\etGqXKa.exe
  C:\Windows\System\etGqXKa.exe
  2⤵
  PID:11000
- C:\Windows\System\KuSjWJM.exe
  C:\Windows\System\KuSjWJM.exe
  2⤵
  PID:11028
- C:\Windows\System\knvOmDD.exe
  C:\Windows\System\knvOmDD.exe
  2⤵
  PID:11056
- C:\Windows\System\mIzwVzj.exe
  C:\Windows\System\mIzwVzj.exe
  2⤵
  PID:11084
- C:\Windows\System\bkCEkRx.exe
  C:\Windows\System\bkCEkRx.exe
  2⤵
  PID:11112
- C:\Windows\System\cLGEYsj.exe
  C:\Windows\System\cLGEYsj.exe
  2⤵
  PID:11140
- C:\Windows\System\lhEZhAP.exe
  C:\Windows\System\lhEZhAP.exe
  2⤵
  PID:11168
- C:\Windows\System\jAzeUOb.exe
  C:\Windows\System\jAzeUOb.exe
  2⤵
  PID:11196
- C:\Windows\System\Kvlftrq.exe
  C:\Windows\System\Kvlftrq.exe
  2⤵
  PID:11224
- C:\Windows\System\EZmjTLk.exe
  C:\Windows\System\EZmjTLk.exe
  2⤵
  PID:11252
- C:\Windows\System\hIwqbyC.exe
  C:\Windows\System\hIwqbyC.exe
  2⤵
  PID:10304
- C:\Windows\System\JeHTbjD.exe
  C:\Windows\System\JeHTbjD.exe
  2⤵
  PID:10340
- C:\Windows\System\mYfeBPI.exe
  C:\Windows\System\mYfeBPI.exe
  2⤵
  PID:10400
- C:\Windows\System\ZtfJtZu.exe
  C:\Windows\System\ZtfJtZu.exe
  2⤵
  PID:10456
- C:\Windows\System\KSuYqda.exe
  C:\Windows\System\KSuYqda.exe
  2⤵
  PID:10532
- C:\Windows\System\tyFTWxE.exe
  C:\Windows\System\tyFTWxE.exe
  2⤵
  PID:10596
- C:\Windows\System\EbAqqdi.exe
  C:\Windows\System\EbAqqdi.exe
  2⤵
  PID:10656
- C:\Windows\System\wVSAmre.exe
  C:\Windows\System\wVSAmre.exe
  2⤵
  PID:10728
- C:\Windows\System\ThoFUOk.exe
  C:\Windows\System\ThoFUOk.exe
  2⤵
  PID:10792
- C:\Windows\System\Lrjphkd.exe
  C:\Windows\System\Lrjphkd.exe
  2⤵
  PID:10848
- C:\Windows\System\GrRMccI.exe
  C:\Windows\System\GrRMccI.exe
  2⤵
  PID:10904
- C:\Windows\System\eESvFUU.exe
  C:\Windows\System\eESvFUU.exe
  2⤵
  PID:10980
- C:\Windows\System\tfmhePX.exe
  C:\Windows\System\tfmhePX.exe
  2⤵
  PID:11048
- C:\Windows\System\qXkKpGR.exe
  C:\Windows\System\qXkKpGR.exe
  2⤵
  PID:11108
- C:\Windows\System\nUMqcbX.exe
  C:\Windows\System\nUMqcbX.exe
  2⤵
  PID:11180
- C:\Windows\System\VVfEvoH.exe
  C:\Windows\System\VVfEvoH.exe
  2⤵
  PID:11248
- C:\Windows\System\snjwrVf.exe
  C:\Windows\System\snjwrVf.exe
  2⤵
  PID:10368
- C:\Windows\System\fbeACtG.exe
  C:\Windows\System\fbeACtG.exe
  2⤵
  PID:10484
- C:\Windows\System\SMgfDFL.exe
  C:\Windows\System\SMgfDFL.exe
  2⤵
  PID:10644
- C:\Windows\System\HunjRZc.exe
  C:\Windows\System\HunjRZc.exe
  2⤵
  PID:10988
- C:\Windows\System\xsYrfSk.exe
  C:\Windows\System\xsYrfSk.exe
  2⤵
  PID:10908
- C:\Windows\System\uKQafBq.exe
  C:\Windows\System\uKQafBq.exe
  2⤵
  PID:11072
- C:\Windows\System\diPzKuB.exe
  C:\Windows\System\diPzKuB.exe
  2⤵
  PID:11236
- C:\Windows\System\ggtogba.exe
  C:\Windows\System\ggtogba.exe
  2⤵
  PID:10452
- C:\Windows\System\lPtwyqn.exe
  C:\Windows\System\lPtwyqn.exe
  2⤵
  PID:9664
- C:\Windows\System\spqeKgn.exe
  C:\Windows\System\spqeKgn.exe
  2⤵
  PID:11164
- C:\Windows\System\xXZzPEd.exe
  C:\Windows\System\xXZzPEd.exe
  2⤵
  PID:10768
- C:\Windows\System\dilFTZT.exe
  C:\Windows\System\dilFTZT.exe
  2⤵
  PID:11136
- C:\Windows\System\eNxgoRZ.exe
  C:\Windows\System\eNxgoRZ.exe
  2⤵
  PID:11284
- C:\Windows\System\rYFYTao.exe
  C:\Windows\System\rYFYTao.exe
  2⤵
  PID:11312
- C:\Windows\System\lPuushN.exe
  C:\Windows\System\lPuushN.exe
  2⤵
  PID:11340
- C:\Windows\System\oCUtApr.exe
  C:\Windows\System\oCUtApr.exe
  2⤵
  PID:11368
- C:\Windows\System\RsAtpHf.exe
  C:\Windows\System\RsAtpHf.exe
  2⤵
  PID:11396
- C:\Windows\System\mRSYWwE.exe
  C:\Windows\System\mRSYWwE.exe
  2⤵
  PID:11424
- C:\Windows\System\iIdHzLu.exe
  C:\Windows\System\iIdHzLu.exe
  2⤵
  PID:11452
- C:\Windows\System\VtgdWFB.exe
  C:\Windows\System\VtgdWFB.exe
  2⤵
  PID:11480
- C:\Windows\System\xNuTBKF.exe
  C:\Windows\System\xNuTBKF.exe
  2⤵
  PID:11508
- C:\Windows\System\tyjkalO.exe
  C:\Windows\System\tyjkalO.exe
  2⤵
  PID:11536
- C:\Windows\System\ntdQNoc.exe
  C:\Windows\System\ntdQNoc.exe
  2⤵
  PID:11564
- C:\Windows\System\TZqfAUK.exe
  C:\Windows\System\TZqfAUK.exe
  2⤵
  PID:11596
- C:\Windows\System\KIfyYxJ.exe
  C:\Windows\System\KIfyYxJ.exe
  2⤵
  PID:11624
- C:\Windows\System\kGrhTkq.exe
  C:\Windows\System\kGrhTkq.exe
  2⤵
  PID:11652
- C:\Windows\System\azqLDBk.exe
  C:\Windows\System\azqLDBk.exe
  2⤵
  PID:11680
- C:\Windows\System\dZddsgW.exe
  C:\Windows\System\dZddsgW.exe
  2⤵
  PID:11708
- C:\Windows\System\KRwtpAe.exe
  C:\Windows\System\KRwtpAe.exe
  2⤵
  PID:11736
- C:\Windows\System\ZkdvNLF.exe
  C:\Windows\System\ZkdvNLF.exe
  2⤵
  PID:11764
- C:\Windows\System\TUsJNat.exe
  C:\Windows\System\TUsJNat.exe
  2⤵
  PID:11792
- C:\Windows\System\JBGwPnA.exe
  C:\Windows\System\JBGwPnA.exe
  2⤵
  PID:11820
- C:\Windows\System\MuWCsHH.exe
  C:\Windows\System\MuWCsHH.exe
  2⤵
  PID:11848
- C:\Windows\System\wnQpHkN.exe
  C:\Windows\System\wnQpHkN.exe
  2⤵
  PID:11876
- C:\Windows\System\yaekWQi.exe
  C:\Windows\System\yaekWQi.exe
  2⤵
  PID:11904
- C:\Windows\System\RlezWOh.exe
  C:\Windows\System\RlezWOh.exe
  2⤵
  PID:11932
- C:\Windows\System\pkadNtd.exe
  C:\Windows\System\pkadNtd.exe
  2⤵
  PID:11960
- C:\Windows\System\EgkzkJj.exe
  C:\Windows\System\EgkzkJj.exe
  2⤵
  PID:11992
- C:\Windows\System\lsexXPN.exe
  C:\Windows\System\lsexXPN.exe
  2⤵
  PID:12012
- C:\Windows\System\OosWSal.exe
  C:\Windows\System\OosWSal.exe
  2⤵
  PID:12040
- C:\Windows\System\GOiNrhe.exe
  C:\Windows\System\GOiNrhe.exe
  2⤵
  PID:12080
- C:\Windows\System\eAdmTtc.exe
  C:\Windows\System\eAdmTtc.exe
  2⤵
  PID:12108
- C:\Windows\System\OYkdhXf.exe
  C:\Windows\System\OYkdhXf.exe
  2⤵
  PID:12140
- C:\Windows\System\vJKAsgz.exe
  C:\Windows\System\vJKAsgz.exe
  2⤵
  PID:12184
- C:\Windows\System\NjJufOy.exe
  C:\Windows\System\NjJufOy.exe
  2⤵
  PID:12224
- C:\Windows\System\LUdmaXC.exe
  C:\Windows\System\LUdmaXC.exe
  2⤵
  PID:12264
- C:\Windows\System\ThcLqvx.exe
  C:\Windows\System\ThcLqvx.exe
  2⤵
  PID:11308
- C:\Windows\System\ysMgYWa.exe
  C:\Windows\System\ysMgYWa.exe
  2⤵
  PID:11380
- C:\Windows\System\icKnmCM.exe
  C:\Windows\System\icKnmCM.exe
  2⤵
  PID:11436
- C:\Windows\System\RTJdHDF.exe
  C:\Windows\System\RTJdHDF.exe
  2⤵
  PID:11476
- C:\Windows\System\FiHKovd.exe
  C:\Windows\System\FiHKovd.exe
  2⤵
  PID:11520
- C:\Windows\System\LlepVAt.exe
  C:\Windows\System\LlepVAt.exe
  2⤵
  PID:11616
- C:\Windows\System\jnelPvZ.exe
  C:\Windows\System\jnelPvZ.exe
  2⤵
  PID:11676
- C:\Windows\System\MFxXCnp.exe
  C:\Windows\System\MFxXCnp.exe
  2⤵
  PID:11760
- C:\Windows\System\iXhSOOW.exe
  C:\Windows\System\iXhSOOW.exe
  2⤵
  PID:11832
- C:\Windows\System\ZbuUYCx.exe
  C:\Windows\System\ZbuUYCx.exe
  2⤵
  PID:11896
- C:\Windows\System\bQazMOK.exe
  C:\Windows\System\bQazMOK.exe
  2⤵
  PID:11956
- C:\Windows\System\GMtcahi.exe
  C:\Windows\System\GMtcahi.exe
  2⤵
  PID:12028
- C:\Windows\System\UEWzIpO.exe
  C:\Windows\System\UEWzIpO.exe
  2⤵
  PID:5052
- C:\Windows\System\YSqfkvd.exe
  C:\Windows\System\YSqfkvd.exe
  2⤵
  PID:12132
- C:\Windows\System\gbLZYar.exe
  C:\Windows\System\gbLZYar.exe
  2⤵
  PID:11584
- C:\Windows\System\CJXBIIR.exe
  C:\Windows\System\CJXBIIR.exe
  2⤵
  PID:12176
- C:\Windows\System\kWIHoOz.exe
  C:\Windows\System\kWIHoOz.exe
  2⤵
  PID:12244
- C:\Windows\System\tJhfqLt.exe
  C:\Windows\System\tJhfqLt.exe
  2⤵
  PID:4348
- C:\Windows\System\YDNtlUp.exe
  C:\Windows\System\YDNtlUp.exe
  2⤵
  PID:3660
- C:\Windows\System\dMXNUPn.exe
  C:\Windows\System\dMXNUPn.exe
  2⤵
  PID:5180
- C:\Windows\System\WPKsXFG.exe
  C:\Windows\System\WPKsXFG.exe
  2⤵
  PID:5208
- C:\Windows\System\sGDQZQR.exe
  C:\Windows\System\sGDQZQR.exe
  2⤵
  PID:3984
- C:\Windows\System\ykxnoSM.exe
  C:\Windows\System\ykxnoSM.exe
  2⤵
  PID:2936
- C:\Windows\System\nPrIRfj.exe
  C:\Windows\System\nPrIRfj.exe
  2⤵
  PID:3520
- C:\Windows\System\xNnaoAM.exe
  C:\Windows\System\xNnaoAM.exe
  2⤵
  PID:5352
- C:\Windows\System\UcRTdzb.exe
  C:\Windows\System\UcRTdzb.exe
  2⤵
  PID:11192
- C:\Windows\System\RLYHWdH.exe
  C:\Windows\System\RLYHWdH.exe
  2⤵
  PID:11464
- C:\Windows\System\ETZYQBn.exe
  C:\Windows\System\ETZYQBn.exe
  2⤵
  PID:5416
- C:\Windows\System\vsjmrHd.exe
  C:\Windows\System\vsjmrHd.exe
  2⤵
  PID:5444
- C:\Windows\System\HaLTLtj.exe
  C:\Windows\System\HaLTLtj.exe
  2⤵
  PID:11732
- C:\Windows\System\vGINbHY.exe
  C:\Windows\System\vGINbHY.exe
  2⤵
  PID:4244
- C:\Windows\System\ffHwPTv.exe
  C:\Windows\System\ffHwPTv.exe
  2⤵
  PID:11872
- C:\Windows\System\unsddBD.exe
  C:\Windows\System\unsddBD.exe
  2⤵
  PID:12008
- C:\Windows\System\YynXwer.exe
  C:\Windows\System\YynXwer.exe
  2⤵
  PID:1916
- C:\Windows\System\tGQlgWc.exe
  C:\Windows\System\tGQlgWc.exe
  2⤵
  PID:12048
- C:\Windows\System\GuMXUBq.exe
  C:\Windows\System\GuMXUBq.exe
  2⤵
  PID:12168
- C:\Windows\System\itALnvD.exe
  C:\Windows\System\itALnvD.exe
  2⤵
  PID:12232
- C:\Windows\System\sBzhsSS.exe
  C:\Windows\System\sBzhsSS.exe
  2⤵
  PID:2352
- C:\Windows\System\cbyZUia.exe
  C:\Windows\System\cbyZUia.exe
  2⤵
  PID:3060
- C:\Windows\System\yfYBBdx.exe
  C:\Windows\System\yfYBBdx.exe
  2⤵
  PID:5216
- C:\Windows\System\bxqFfqN.exe
  C:\Windows\System\bxqFfqN.exe
  2⤵
  PID:924
- C:\Windows\System\AmhbjoN.exe
  C:\Windows\System\AmhbjoN.exe
  2⤵
  PID:2884
- C:\Windows\System\jjhomaE.exe
  C:\Windows\System\jjhomaE.exe
  2⤵
  PID:4168
- C:\Windows\System\ygGSwDe.exe
  C:\Windows\System\ygGSwDe.exe
  2⤵
  PID:11420
- C:\Windows\System\zOgsOsb.exe
  C:\Windows\System\zOgsOsb.exe
  2⤵
  PID:5392
- C:\Windows\System\rlrHIei.exe
  C:\Windows\System\rlrHIei.exe
  2⤵
  PID:4024
- C:\Windows\System\LwYIknv.exe
  C:\Windows\System\LwYIknv.exe
  2⤵
  PID:6008
- C:\Windows\System\BxstNdF.exe
  C:\Windows\System\BxstNdF.exe
  2⤵
  PID:4196
- C:\Windows\System\HcmYeQP.exe
  C:\Windows\System\HcmYeQP.exe
  2⤵
  PID:3668
- C:\Windows\System\QfYwqks.exe
  C:\Windows\System\QfYwqks.exe
  2⤵
  PID:6064
- C:\Windows\System\joiqWUd.exe
  C:\Windows\System\joiqWUd.exe
  2⤵
  PID:6072
- C:\Windows\System\OHMTDfz.exe
  C:\Windows\System\OHMTDfz.exe
  2⤵
  PID:6108
- C:\Windows\System\bvTAwIZ.exe
  C:\Windows\System\bvTAwIZ.exe
  2⤵
  PID:1272
- C:\Windows\System\wWmYNaz.exe
  C:\Windows\System\wWmYNaz.exe
  2⤵
  PID:5228
- C:\Windows\System\ARkqNjT.exe
  C:\Windows\System\ARkqNjT.exe
  2⤵
  PID:5056
- C:\Windows\System\HGJaBtS.exe
  C:\Windows\System\HGJaBtS.exe
  2⤵
  PID:2092
- C:\Windows\System\ykyOjmy.exe
  C:\Windows\System\ykyOjmy.exe
  2⤵
  PID:5472
- C:\Windows\System\iMrRJzu.exe
  C:\Windows\System\iMrRJzu.exe
  2⤵
  PID:5528
- C:\Windows\System\MKQAGeC.exe
  C:\Windows\System\MKQAGeC.exe
  2⤵
  PID:636
- C:\Windows\System\tAnSitv.exe
  C:\Windows\System\tAnSitv.exe
  2⤵
  PID:11644
- C:\Windows\System\jyESgwk.exe
  C:\Windows\System\jyESgwk.exe
  2⤵
  PID:1168
- C:\Windows\System\NHyxhXp.exe
  C:\Windows\System\NHyxhXp.exe
  2⤵
  PID:224
- C:\Windows\System\SufCHIu.exe
  C:\Windows\System\SufCHIu.exe
  2⤵
  PID:3708
- C:\Windows\System\smeJPst.exe
  C:\Windows\System\smeJPst.exe
  2⤵
  PID:2888
- C:\Windows\System\cDcQYGe.exe
  C:\Windows\System\cDcQYGe.exe
  2⤵
  PID:5680
- C:\Windows\System\IpFsvNT.exe
  C:\Windows\System\IpFsvNT.exe
  2⤵
  PID:5160
- C:\Windows\System\awculsM.exe
  C:\Windows\System\awculsM.exe
  2⤵
  PID:1016
- C:\Windows\System\zZHxEKo.exe
  C:\Windows\System\zZHxEKo.exe
  2⤵
  PID:4612
- C:\Windows\System\NCQFpLw.exe
  C:\Windows\System\NCQFpLw.exe
  2⤵
  PID:4520
- C:\Windows\System\fZttSaf.exe
  C:\Windows\System\fZttSaf.exe
  2⤵
  PID:3632
- C:\Windows\System\FunQqGH.exe
  C:\Windows\System\FunQqGH.exe
  2⤵
  PID:2300
- C:\Windows\System\TDzCwtq.exe
  C:\Windows\System\TDzCwtq.exe
  2⤵
  PID:11944
- C:\Windows\System\zsqsmow.exe
  C:\Windows\System\zsqsmow.exe
  2⤵
  PID:12064
- C:\Windows\System\qTUTAaJ.exe
  C:\Windows\System\qTUTAaJ.exe
  2⤵
  PID:12116
- C:\Windows\System\iqfysky.exe
  C:\Windows\System\iqfysky.exe
  2⤵
  PID:12280
- C:\Windows\System\ccikIfe.exe
  C:\Windows\System\ccikIfe.exe
  2⤵
  PID:6204
- C:\Windows\System\HYJmerw.exe
  C:\Windows\System\HYJmerw.exe
  2⤵
  PID:3156
- C:\Windows\System\dJmUosQ.exe
  C:\Windows\System\dJmUosQ.exe
  2⤵
  PID:3312
- C:\Windows\System\dNWgYxs.exe
  C:\Windows\System\dNWgYxs.exe
  2⤵
  PID:5980
- C:\Windows\System\OGMrASh.exe
  C:\Windows\System\OGMrASh.exe
  2⤵
  PID:4876
- C:\Windows\System\zozVRQs.exe
  C:\Windows\System\zozVRQs.exe
  2⤵
  PID:6344
- C:\Windows\System\ObYYIuD.exe
  C:\Windows\System\ObYYIuD.exe
  2⤵
  PID:6368
- C:\Windows\System\qrnbXMC.exe
  C:\Windows\System\qrnbXMC.exe
  2⤵
  PID:6296
- C:\Windows\System\UlYwDTq.exe
  C:\Windows\System\UlYwDTq.exe
  2⤵
  PID:6428
- C:\Windows\System\ffaXpox.exe
  C:\Windows\System\ffaXpox.exe
  2⤵
  PID:6456
- C:\Windows\System\ETGaydv.exe
  C:\Windows\System\ETGaydv.exe
  2⤵
  PID:6444
- C:\Windows\System\oeIygnd.exe
  C:\Windows\System\oeIygnd.exe
  2⤵
  PID:6484
- C:\Windows\System\pSxompc.exe
  C:\Windows\System\pSxompc.exe
  2⤵
  PID:6512
- C:\Windows\System\UcfbzIO.exe
  C:\Windows\System\UcfbzIO.exe
  2⤵
  PID:6588
- C:\Windows\System\BDnGpkL.exe
  C:\Windows\System\BDnGpkL.exe
  2⤵
  PID:12296
- C:\Windows\System\bDjYLjM.exe
  C:\Windows\System\bDjYLjM.exe
  2⤵
  PID:12324
- C:\Windows\System\OONiUQt.exe
  C:\Windows\System\OONiUQt.exe
  2⤵
  PID:12352
- C:\Windows\System\ybEYyWh.exe
  C:\Windows\System\ybEYyWh.exe
  2⤵
  PID:12380
- C:\Windows\System\JLwWoPM.exe
  C:\Windows\System\JLwWoPM.exe
  2⤵
  PID:12408
- C:\Windows\System\QsOpZNb.exe
  C:\Windows\System\QsOpZNb.exe
  2⤵
  PID:12436
- C:\Windows\System\wYuydQa.exe
  C:\Windows\System\wYuydQa.exe
  2⤵
  PID:12464
- C:\Windows\System\mDNNHTa.exe
  C:\Windows\System\mDNNHTa.exe
  2⤵
  PID:12496
- C:\Windows\System\NEYtrbD.exe
  C:\Windows\System\NEYtrbD.exe
  2⤵
  PID:12524
- C:\Windows\System\kMbNIXb.exe
  C:\Windows\System\kMbNIXb.exe
  2⤵
  PID:12552
- C:\Windows\System\Kgenjsb.exe
  C:\Windows\System\Kgenjsb.exe
  2⤵
  PID:12580
- C:\Windows\System\aYANxUi.exe
  C:\Windows\System\aYANxUi.exe
  2⤵
  PID:12608
- C:\Windows\System\pVOaANo.exe
  C:\Windows\System\pVOaANo.exe
  2⤵
  PID:12636
- C:\Windows\System\ojhqnuu.exe
  C:\Windows\System\ojhqnuu.exe
  2⤵
  PID:12664
- C:\Windows\System\MxzNmpD.exe
  C:\Windows\System\MxzNmpD.exe
  2⤵
  PID:12692
- C:\Windows\System\GCiflpA.exe
  C:\Windows\System\GCiflpA.exe
  2⤵
  PID:12720
- C:\Windows\System\SeiOpgw.exe
  C:\Windows\System\SeiOpgw.exe
  2⤵
  PID:12748
- C:\Windows\System\zyOYhdY.exe
  C:\Windows\System\zyOYhdY.exe
  2⤵
  PID:12788
- C:\Windows\System\fvdNrYh.exe
  C:\Windows\System\fvdNrYh.exe
  2⤵
  PID:12804
- C:\Windows\System\cWEkzEn.exe
  C:\Windows\System\cWEkzEn.exe
  2⤵
  PID:12832
- C:\Windows\System\HZhGYuf.exe
  C:\Windows\System\HZhGYuf.exe
  2⤵
  PID:12860
- C:\Windows\System\DRFLxOH.exe
  C:\Windows\System\DRFLxOH.exe
  2⤵
  PID:12888
- C:\Windows\System\FVvbPrN.exe
  C:\Windows\System\FVvbPrN.exe
  2⤵
  PID:12924
- C:\Windows\System\FEXMjpT.exe
  C:\Windows\System\FEXMjpT.exe
  2⤵
  PID:12952
- C:\Windows\System\LiFzzZn.exe
  C:\Windows\System\LiFzzZn.exe
  2⤵
  PID:12984
- C:\Windows\System\duhiozA.exe
  C:\Windows\System\duhiozA.exe
  2⤵
  PID:13012
- C:\Windows\System\TYhSUgr.exe
  C:\Windows\System\TYhSUgr.exe
  2⤵
  PID:13044
- C:\Windows\System\cLarUHD.exe
  C:\Windows\System\cLarUHD.exe
  2⤵
  PID:13072
- C:\Windows\System\ZbJSRtm.exe
  C:\Windows\System\ZbJSRtm.exe
  2⤵
  PID:13100
- C:\Windows\System\sMrDglJ.exe
  C:\Windows\System\sMrDglJ.exe
  2⤵
  PID:13128
- C:\Windows\System\TiLcJhl.exe
  C:\Windows\System\TiLcJhl.exe
  2⤵
  PID:13160
- C:\Windows\System\GvdvgXM.exe
  C:\Windows\System\GvdvgXM.exe
  2⤵
  PID:13188
- C:\Windows\System\DaYyinK.exe
  C:\Windows\System\DaYyinK.exe
  2⤵
  PID:13216
- C:\Windows\System\HWzJlwU.exe
  C:\Windows\System\HWzJlwU.exe
  2⤵
  PID:13244
- C:\Windows\System\SNILljU.exe
  C:\Windows\System\SNILljU.exe
  2⤵
  PID:13272
- C:\Windows\System\kqZKKdu.exe
  C:\Windows\System\kqZKKdu.exe
  2⤵
  PID:13300
- C:\Windows\System\SZyyycx.exe
  C:\Windows\System\SZyyycx.exe
  2⤵
  PID:12308
- C:\Windows\System\kIfyKTV.exe
  C:\Windows\System\kIfyKTV.exe
  2⤵
  PID:6736
- C:\Windows\System\JOAPvOo.exe
  C:\Windows\System\JOAPvOo.exe
  2⤵
  PID:12392
- C:\Windows\System\rFXPCIE.exe
  C:\Windows\System\rFXPCIE.exe
  2⤵
  PID:12456
- C:\Windows\System\LsvnJox.exe
  C:\Windows\System\LsvnJox.exe
  2⤵
  PID:12520
- C:\Windows\System\ssGdpgp.exe
  C:\Windows\System\ssGdpgp.exe
  2⤵
  PID:12592
- C:\Windows\System\MLIlWCB.exe
  C:\Windows\System\MLIlWCB.exe
  2⤵
  PID:12628
- C:\Windows\System\VIHLAgo.exe
  C:\Windows\System\VIHLAgo.exe
  2⤵
  PID:12676
- C:\Windows\System\mtbzcGZ.exe
  C:\Windows\System\mtbzcGZ.exe
  2⤵
  PID:6872
- C:\Windows\System\vPuHTYV.exe
  C:\Windows\System\vPuHTYV.exe
  2⤵
  PID:12744
- C:\Windows\System\sLXwFfm.exe
  C:\Windows\System\sLXwFfm.exe
  2⤵
  PID:6956
- C:\Windows\System\vsafHJY.exe
  C:\Windows\System\vsafHJY.exe
  2⤵
  PID:7032
- C:\Windows\System\YyXOLas.exe
  C:\Windows\System\YyXOLas.exe
  2⤵
  PID:12856
- C:\Windows\System\shhGtsn.exe
  C:\Windows\System\shhGtsn.exe
  2⤵
  PID:12908
- C:\Windows\System\oRXxzrb.exe
  C:\Windows\System\oRXxzrb.exe
  2⤵
  PID:5904
- C:\Windows\System\eNCDWkN.exe
  C:\Windows\System\eNCDWkN.exe
  2⤵
  PID:13004
- C:\Windows\System\ZHxuAcI.exe
  C:\Windows\System\ZHxuAcI.exe
  2⤵
  PID:13032
- C:\Windows\System\mtaWHEj.exe
  C:\Windows\System\mtaWHEj.exe
  2⤵
  PID:13084
- C:\Windows\System\KlScIEJ.exe
  C:\Windows\System\KlScIEJ.exe
  2⤵
  PID:6616
- C:\Windows\System\RmiLivW.exe
  C:\Windows\System\RmiLivW.exe
  2⤵
  PID:4160
- C:\Windows\System\TcOZBNI.exe
  C:\Windows\System\TcOZBNI.exe
  2⤵
  PID:13212
- C:\Windows\System\zDkLGLL.exe
  C:\Windows\System\zDkLGLL.exe
  2⤵
  PID:6812
- C:\Windows\System\rxwHvxC.exe
  C:\Windows\System\rxwHvxC.exe
  2⤵
  PID:6876
- C:\Windows\System\NKQazMr.exe
  C:\Windows\System\NKQazMr.exe
  2⤵
  PID:12348
- C:\Windows\System\bFepMJg.exe
  C:\Windows\System\bFepMJg.exe
  2⤵
  PID:12432
- C:\Windows\System\KzNhKvJ.exe
  C:\Windows\System\KzNhKvJ.exe
  2⤵
  PID:12548
- C:\Windows\System\rjIUqvk.exe
  C:\Windows\System\rjIUqvk.exe
  2⤵
  PID:12620
- C:\Windows\System\RweeGqd.exe
  C:\Windows\System\RweeGqd.exe
  2⤵
  PID:12712
- C:\Windows\System\GcHrYlH.exe
  C:\Windows\System\GcHrYlH.exe
  2⤵
  PID:6808
- C:\Windows\System\MrVZIuf.exe
  C:\Windows\System\MrVZIuf.exe
  2⤵
  PID:7044
- C:\Windows\System\uUgmfxs.exe
  C:\Windows\System\uUgmfxs.exe
  2⤵
  PID:12940
- C:\Windows\System\pACezKc.exe
  C:\Windows\System\pACezKc.exe
  2⤵
  PID:6328
- C:\Windows\System\dbyeWea.exe
  C:\Windows\System\dbyeWea.exe
  2⤵
  PID:13112
- C:\Windows\System\nlFsysG.exe
  C:\Windows\System\nlFsysG.exe
  2⤵
  PID:13240
- C:\Windows\System\qsjoiNM.exe
  C:\Windows\System\qsjoiNM.exe
  2⤵
  PID:7036
- C:\Windows\System\UjCORTX.exe
  C:\Windows\System\UjCORTX.exe
  2⤵
  PID:12344
- C:\Windows\System\bcDxgcW.exe
  C:\Windows\System\bcDxgcW.exe
  2⤵
  PID:7012
- C:\Windows\System\uOvbQCX.exe
  C:\Windows\System\uOvbQCX.exe
  2⤵
  PID:7288
- C:\Windows\System\kGjwLWt.exe
  C:\Windows\System\kGjwLWt.exe
  2⤵
  PID:12784
- C:\Windows\System\DxKmCoq.exe
  C:\Windows\System\DxKmCoq.exe
  2⤵
  PID:12884
- C:\Windows\System\NJkUzqf.exe
  C:\Windows\System\NJkUzqf.exe
  2⤵
  PID:13024
- C:\Windows\System\xNcKsPq.exe
  C:\Windows\System\xNcKsPq.exe
  2⤵
  PID:7412
- C:\Windows\System\nKLtGht.exe
  C:\Windows\System\nKLtGht.exe
  2⤵
  PID:13268
- C:\Windows\System\nWWztjZ.exe
  C:\Windows\System\nWWztjZ.exe
  2⤵
  PID:7184
- C:\Windows\System\dzgIdYv.exe
  C:\Windows\System\dzgIdYv.exe
  2⤵
  PID:7572
- C:\Windows\System\ilLlZWC.exe
  C:\Windows\System\ilLlZWC.exe
  2⤵
  PID:7592
- C:\Windows\System\yJYhuUQ.exe
  C:\Windows\System\yJYhuUQ.exe
  2⤵
  PID:7140
- C:\Windows\System\FRlrHPq.exe
  C:\Windows\System\FRlrHPq.exe
  2⤵
  PID:13120
- C:\Windows\System\yyaXNRO.exe
  C:\Windows\System\yyaXNRO.exe
  2⤵
  PID:7480
- C:\Windows\System\xlZRpRC.exe
  C:\Windows\System\xlZRpRC.exe
  2⤵
  PID:7544
- C:\Windows\System\imsbHxU.exe
  C:\Windows\System\imsbHxU.exe
  2⤵
  PID:7600
- C:\Windows\System\GswuMzN.exe
  C:\Windows\System\GswuMzN.exe
  2⤵
  PID:12996
- C:\Windows\System\rMLarmS.exe
  C:\Windows\System\rMLarmS.exe
  2⤵
  PID:13208
- C:\Windows\System\BItBQZV.exe
  C:\Windows\System\BItBQZV.exe
  2⤵
  PID:7900
- C:\Windows\System\vhpDuPY.exe
  C:\Windows\System\vhpDuPY.exe
  2⤵
  PID:13228
- C:\Windows\System\CcaxiPq.exe
  C:\Windows\System\CcaxiPq.exe
  2⤵
  PID:8004
- C:\Windows\System\xYYSlZn.exe
  C:\Windows\System\xYYSlZn.exe
  2⤵
  PID:8020
- C:\Windows\System\BSQXSgz.exe
  C:\Windows\System\BSQXSgz.exe
  2⤵
  PID:8028
- C:\Windows\System\YkPhMJT.exe
  C:\Windows\System\YkPhMJT.exe
  2⤵
  PID:8112
- C:\Windows\System\dbgmteM.exe
  C:\Windows\System\dbgmteM.exe
  2⤵
  PID:13328
- C:\Windows\System\VqnnSgm.exe
  C:\Windows\System\VqnnSgm.exe
  2⤵
  PID:13356
- C:\Windows\System\OFsjstE.exe
  C:\Windows\System\OFsjstE.exe
  2⤵
  PID:13384
- C:\Windows\System\CRFNNrO.exe
  C:\Windows\System\CRFNNrO.exe
  2⤵
  PID:13412
- C:\Windows\System\OhspXvf.exe
  C:\Windows\System\OhspXvf.exe
  2⤵
  PID:13440
- C:\Windows\System\VcVZgbT.exe
  C:\Windows\System\VcVZgbT.exe
  2⤵
  PID:13468
- C:\Windows\System\HUhcMtD.exe
  C:\Windows\System\HUhcMtD.exe
  2⤵
  PID:13496
- C:\Windows\System\HssVGfG.exe
  C:\Windows\System\HssVGfG.exe
  2⤵
  PID:13524
- C:\Windows\System\tndiVPw.exe
  C:\Windows\System\tndiVPw.exe
  2⤵
  PID:13552
- C:\Windows\System\vxyJhnW.exe
  C:\Windows\System\vxyJhnW.exe
  2⤵
  PID:13580
- C:\Windows\System\CoDBByU.exe
  C:\Windows\System\CoDBByU.exe
  2⤵
  PID:13608
- C:\Windows\System\PYVCAZo.exe
  C:\Windows\System\PYVCAZo.exe
  2⤵
  PID:13636
- C:\Windows\System\SAUcnJD.exe
  C:\Windows\System\SAUcnJD.exe
  2⤵
  PID:13664
- C:\Windows\System\jZtSGUm.exe
  C:\Windows\System\jZtSGUm.exe
  2⤵
  PID:13696
- C:\Windows\System\OCjksfP.exe
  C:\Windows\System\OCjksfP.exe
  2⤵
  PID:13724
- C:\Windows\System\lkQFMtG.exe
  C:\Windows\System\lkQFMtG.exe
  2⤵
  PID:13752
- C:\Windows\System\tNGDlDV.exe
  C:\Windows\System\tNGDlDV.exe
  2⤵
  PID:13780
- C:\Windows\System\vykEJSS.exe
  C:\Windows\System\vykEJSS.exe
  2⤵
  PID:13808
- C:\Windows\System\wMxHrWK.exe
  C:\Windows\System\wMxHrWK.exe
  2⤵
  PID:13836
- C:\Windows\System\uZoIWuN.exe
  C:\Windows\System\uZoIWuN.exe
  2⤵
  PID:13864
- C:\Windows\System\CFokeee.exe
  C:\Windows\System\CFokeee.exe
  2⤵
  PID:13892
- C:\Windows\System\rFAFxtu.exe
  C:\Windows\System\rFAFxtu.exe
  2⤵
  PID:13920
- C:\Windows\System\wUMzMcj.exe
  C:\Windows\System\wUMzMcj.exe
  2⤵
  PID:13948
- C:\Windows\System\sCmgifY.exe
  C:\Windows\System\sCmgifY.exe
  2⤵
  PID:13976
- C:\Windows\System\tVonsRD.exe
  C:\Windows\System\tVonsRD.exe
  2⤵
  PID:14004
- C:\Windows\System\ZWxRsop.exe
  C:\Windows\System\ZWxRsop.exe
  2⤵
  PID:14032
- C:\Windows\System\TTtbVPf.exe
  C:\Windows\System\TTtbVPf.exe
  2⤵
  PID:14060
- C:\Windows\System\sCoUvFU.exe
  C:\Windows\System\sCoUvFU.exe
  2⤵
  PID:14088
- C:\Windows\System\rjrIysW.exe
  C:\Windows\System\rjrIysW.exe
  2⤵
  PID:14116
- C:\Windows\System\QacJCih.exe
  C:\Windows\System\QacJCih.exe
  2⤵
  PID:14144
- C:\Windows\System\xNqeHck.exe
  C:\Windows\System\xNqeHck.exe
  2⤵
  PID:14172
- C:\Windows\System\uuYTEBk.exe
  C:\Windows\System\uuYTEBk.exe
  2⤵
  PID:14200
- C:\Windows\System\pHdhGTq.exe
  C:\Windows\System\pHdhGTq.exe
  2⤵
  PID:14228
- C:\Windows\System\wLEXVem.exe
  C:\Windows\System\wLEXVem.exe
  2⤵
  PID:14256
- C:\Windows\System\IOmYuML.exe
  C:\Windows\System\IOmYuML.exe
  2⤵
  PID:14296
- C:\Windows\System\KvyiAoC.exe
  C:\Windows\System\KvyiAoC.exe
  2⤵
  PID:14312
- C:\Windows\System\JjmCfRS.exe
  C:\Windows\System\JjmCfRS.exe
  2⤵
  PID:8152
- C:\Windows\System\cXvssdD.exe
  C:\Windows\System\cXvssdD.exe
  2⤵
  PID:13376
- C:\Windows\System\xkNOBmY.exe
  C:\Windows\System\xkNOBmY.exe
  2⤵
  PID:13408
- C:\Windows\System\ohyVmzS.exe
  C:\Windows\System\ohyVmzS.exe
  2⤵
  PID:7240
- C:\Windows\System\xsewMOG.exe
  C:\Windows\System\xsewMOG.exe
  2⤵
  PID:7400
- C:\Windows\System\dSLtgeY.exe
  C:\Windows\System\dSLtgeY.exe
  2⤵
  PID:7468
- C:\Windows\System\PUReZHp.exe
  C:\Windows\System\PUReZHp.exe
  2⤵
  PID:13576
- C:\Windows\System\pjUODOk.exe
  C:\Windows\System\pjUODOk.exe
  2⤵
  PID:13624
- C:\Windows\System\ktKDuFY.exe
  C:\Windows\System\ktKDuFY.exe
  2⤵
  PID:13656
- C:\Windows\System\MOacIhd.exe
  C:\Windows\System\MOacIhd.exe
  2⤵
  PID:13708
- C:\Windows\System\ChytPjd.exe
  C:\Windows\System\ChytPjd.exe
  2⤵
  PID:7944
- C:\Windows\System\CRBjFVT.exe
  C:\Windows\System\CRBjFVT.exe
  2⤵
  PID:13776
- C:\Windows\System\qjGjlrn.exe
  C:\Windows\System\qjGjlrn.exe
  2⤵
  PID:5096
- C:\Windows\System\HjQFMka.exe
  C:\Windows\System\HjQFMka.exe
  2⤵
  PID:13856
- C:\Windows\System\IjkCtRS.exe
  C:\Windows\System\IjkCtRS.exe
  2⤵
  PID:1488
- C:\Windows\System\AEHuJKG.exe
  C:\Windows\System\AEHuJKG.exe
  2⤵
  PID:13932
- C:\Windows\System\sudFizQ.exe
  C:\Windows\System\sudFizQ.exe
  2⤵
  PID:13972
- C:\Windows\System\TCbRWNT.exe
  C:\Windows\System\TCbRWNT.exe
  2⤵
  PID:14000
- C:\Windows\System\TyxCIku.exe
  C:\Windows\System\TyxCIku.exe
  2⤵
  PID:4296
- C:\Windows\System\PGDHfwn.exe
  C:\Windows\System\PGDHfwn.exe
  2⤵
  PID:14080
- C:\Windows\System\qYYgeYs.exe
  C:\Windows\System\qYYgeYs.exe
  2⤵
  PID:14128
- C:\Windows\System\jPzndvd.exe
  C:\Windows\System\jPzndvd.exe
  2⤵
  PID:7384
- C:\Windows\System\QbzkfxH.exe
  C:\Windows\System\QbzkfxH.exe
  2⤵
  PID:14196
- C:\Windows\System\aKRUdUn.exe
  C:\Windows\System\aKRUdUn.exe
  2⤵
  PID:13672
- C:\Windows\System\dMYnPnT.exe
  C:\Windows\System\dMYnPnT.exe
  2⤵
  PID:14276
- C:\Windows\System\rNTOBAO.exe
  C:\Windows\System\rNTOBAO.exe
  2⤵
  PID:8232
- C:\Windows\System\SlPKyPB.exe
  C:\Windows\System\SlPKyPB.exe
  2⤵
  PID:8120
- C:\Windows\System\VBMKZZR.exe
  C:\Windows\System\VBMKZZR.exe
  2⤵
  PID:13396
- C:\Windows\System\qevGjvS.exe
  C:\Windows\System\qevGjvS.exe
  2⤵
  PID:7096
- C:\Windows\System\rUHrpdl.exe
  C:\Windows\System\rUHrpdl.exe
  2⤵
  PID:13508
- C:\Windows\System\nOemlUB.exe
  C:\Windows\System\nOemlUB.exe
  2⤵
  PID:8420
- C:\Windows\System\lOtduhu.exe
  C:\Windows\System\lOtduhu.exe
  2⤵
  PID:5512
- C:\Windows\System\QVEnaUT.exe
  C:\Windows\System\QVEnaUT.exe
  2⤵
  PID:7724
- C:\Windows\System\HiQVKIi.exe
  C:\Windows\System\HiQVKIi.exe
  2⤵
  PID:7892
- C:\Windows\System\SSoGAPx.exe
  C:\Windows\System\SSoGAPx.exe
  2⤵
  PID:7924
- C:\Windows\System\KpxZvxE.exe
  C:\Windows\System\KpxZvxE.exe
  2⤵
  PID:13792
- C:\Windows\System\ByYbswN.exe
  C:\Windows\System\ByYbswN.exe
  2⤵
  PID:13824
- C:\Windows\System\kITSsPC.exe
  C:\Windows\System\kITSsPC.exe
  2⤵
  PID:8680
- C:\Windows\System\dkbfeeh.exe
  C:\Windows\System\dkbfeeh.exe
  2⤵
  PID:13912
- C:\Windows\System\qKmNClZ.exe
  C:\Windows\System\qKmNClZ.exe
  2⤵
  PID:13940
- C:\Windows\System\UHPATyC.exe
  C:\Windows\System\UHPATyC.exe
  2⤵
  PID:13988
- C:\Windows\System\ruOutYA.exe
  C:\Windows\System\ruOutYA.exe
  2⤵
  PID:7604
- C:\Windows\System\BPVpnlV.exe
  C:\Windows\System\BPVpnlV.exe
  2⤵
  PID:7968
- C:\Windows\System\SsTxuvm.exe
  C:\Windows\System\SsTxuvm.exe
  2⤵
  PID:8856
- C:\Windows\System\aJFMPMc.exe
  C:\Windows\System\aJFMPMc.exe
  2⤵
  PID:5840
- C:\Windows\System\epbEpSp.exe
  C:\Windows\System\epbEpSp.exe
  2⤵
  PID:14224
- C:\Windows\System\rzGeuiD.exe
  C:\Windows\System\rzGeuiD.exe
  2⤵
  PID:8024
- C:\Windows\System\oStXWnW.exe
  C:\Windows\System\oStXWnW.exe
  2⤵
  PID:8252
- C:\Windows\System\jzgYELi.exe
  C:\Windows\System\jzgYELi.exe
  2⤵
  PID:13352
- C:\Windows\System\rELCflq.exe
  C:\Windows\System\rELCflq.exe
  2⤵
  PID:9080
- C:\Windows\System\mgoYALW.exe
  C:\Windows\System\mgoYALW.exe
  2⤵
  PID:9100
- C:\Windows\System\VQkfylH.exe
  C:\Windows\System\VQkfylH.exe
  2⤵
  PID:8456
- C:\Windows\System\cnTYzdc.exe
  C:\Windows\System\cnTYzdc.exe
  2⤵
  PID:6060
- C:\Windows\System\QzdwivB.exe
  C:\Windows\System\QzdwivB.exe
  2⤵
  PID:9212
- C:\Windows\System\lTSdWaE.exe
  C:\Windows\System\lTSdWaE.exe
  2⤵
  PID:8340
- C:\Windows\System\snzeXPQ.exe
  C:\Windows\System\snzeXPQ.exe
  2⤵
  PID:8404
- C:\Windows\System\Stwhlcn.exe
  C:\Windows\System\Stwhlcn.exe
  2⤵
  PID:8652
- C:\Windows\System\DvfChKx.exe
  C:\Windows\System\DvfChKx.exe
  2⤵
  PID:13884
- C:\Windows\System\VieDLws.exe
  C:\Windows\System\VieDLws.exe
  2⤵
  PID:8632
- C:\Windows\System\SwyRNMk.exe
  C:\Windows\System\SwyRNMk.exe
  2⤵
  PID:8772
- C:\Windows\System\AnTFKFM.exe
  C:\Windows\System\AnTFKFM.exe
  2⤵
  PID:14052
- C:\Windows\System\aILbNTJ.exe
  C:\Windows\System\aILbNTJ.exe
  2⤵
  PID:14112
- C:\Windows\System\fDQvoUR.exe
  C:\Windows\System\fDQvoUR.exe
  2⤵
  PID:7456
- C:\Windows\System\ISVwRRc.exe
  C:\Windows\System\ISVwRRc.exe
  2⤵
  PID:8964
- C:\Windows\System\WpPGBpJ.exe
  C:\Windows\System\WpPGBpJ.exe
  2⤵
  PID:9028
- C:\Windows\System\NYESKtF.exe
  C:\Windows\System\NYESKtF.exe
  2⤵
  PID:5892
- C:\Windows\System\VpfAitu.exe
  C:\Windows\System\VpfAitu.exe
  2⤵
  PID:8212
- C:\Windows\System\LEuhEAM.exe
  C:\Windows\System\LEuhEAM.exe
  2⤵
  PID:8348
- C:\Windows\System\pIebMeG.exe
  C:\Windows\System\pIebMeG.exe
  2⤵
  PID:9156
- C:\Windows\System\saNQaTf.exe
  C:\Windows\System\saNQaTf.exe
  2⤵
  PID:5524
- C:\Windows\System\iPwaWjs.exe
  C:\Windows\System\iPwaWjs.exe
  2⤵
  PID:8936
- C:\Windows\System\NVUNAPl.exe
  C:\Windows\System\NVUNAPl.exe
  2⤵
  PID:8464
- C:\Windows\System\auTLAaT.exe
  C:\Windows\System\auTLAaT.exe
  2⤵
  PID:8732
- C:\Windows\System\pijINWs.exe
  C:\Windows\System\pijINWs.exe
  2⤵
  PID:13968
- C:\Windows\System\EzdIlcF.exe
  C:\Windows\System\EzdIlcF.exe
  2⤵
  PID:8768
- C:\Windows\System\KqdhzOh.exe
  C:\Windows\System\KqdhzOh.exe
  2⤵
  PID:8128
- C:\Windows\System\hwFdhJO.exe
  C:\Windows\System\hwFdhJO.exe
  2⤵
  PID:9256
- C:\Windows\System\vANOxMA.exe
  C:\Windows\System\vANOxMA.exe
  2⤵
  PID:9276
- C:\Windows\System\kLEhaKE.exe
  C:\Windows\System\kLEhaKE.exe
  2⤵
  PID:9340
- C:\Windows\System\hfBMxNp.exe
  C:\Windows\System\hfBMxNp.exe
  2⤵
  PID:8396
- C:\Windows\System\XZJzDPD.exe
  C:\Windows\System\XZJzDPD.exe
  2⤵
  PID:8488
- C:\Windows\System\fnscMAp.exe
  C:\Windows\System\fnscMAp.exe
  2⤵
  PID:13772
- C:\Windows\System\BaAeNYU.exe
  C:\Windows\System\BaAeNYU.exe
  2⤵
  PID:9032
- C:\Windows\System\SAQqVmK.exe
  C:\Windows\System\SAQqVmK.exe
  2⤵
  PID:9444
- C:\Windows\System\wZgsBjo.exe
  C:\Windows\System\wZgsBjo.exe
  2⤵
  PID:5712
- C:\Windows\System\YtcraIX.exe
  C:\Windows\System\YtcraIX.exe
  2⤵
  PID:4880
- C:\Windows\System\WpSIYrr.exe
  C:\Windows\System\WpSIYrr.exe
  2⤵
  PID:7804
- C:\Windows\System\zbcGkvM.exe
  C:\Windows\System\zbcGkvM.exe
  2⤵
  PID:8256
- C:\Windows\System\UOUrnbx.exe
  C:\Windows\System\UOUrnbx.exe
  2⤵
  PID:8408
- C:\Windows\System\ITtUycm.exe
  C:\Windows\System\ITtUycm.exe
  2⤵
  PID:8264
- C:\Windows\System\ETkMRFy.exe
  C:\Windows\System\ETkMRFy.exe
  2⤵
  PID:8352
- C:\Windows\System\frjhltK.exe
  C:\Windows\System\frjhltK.exe
  2⤵
  PID:9016
- C:\Windows\System\uGlnGHR.exe
  C:\Windows\System\uGlnGHR.exe
  2⤵
  PID:14344
- C:\Windows\System\CItWWnk.exe
  C:\Windows\System\CItWWnk.exe
  2⤵
  PID:14372
- C:\Windows\System\TivKBck.exe
  C:\Windows\System\TivKBck.exe
  2⤵
  PID:14400
- C:\Windows\System\mPhhsFc.exe
  C:\Windows\System\mPhhsFc.exe
  2⤵
  PID:14432
- C:\Windows\System\TPCQUOf.exe
  C:\Windows\System\TPCQUOf.exe
  2⤵
  PID:14460
- C:\Windows\System\ctiaNDT.exe
  C:\Windows\System\ctiaNDT.exe
  2⤵
  PID:14488
- C:\Windows\System\uWJzjGX.exe
  C:\Windows\System\uWJzjGX.exe
  2⤵
  PID:14520
- C:\Windows\System\pbIpeym.exe
  C:\Windows\System\pbIpeym.exe
  2⤵
  PID:14548
- C:\Windows\System\cMuNAUR.exe
  C:\Windows\System\cMuNAUR.exe
  2⤵
  PID:14576
- C:\Windows\System\VVqyqqq.exe
  C:\Windows\System\VVqyqqq.exe
  2⤵
  PID:14604
- C:\Windows\System\YJMdcdr.exe
  C:\Windows\System\YJMdcdr.exe
  2⤵
  PID:14632
- C:\Windows\System\ycqFVMm.exe
  C:\Windows\System\ycqFVMm.exe
  2⤵
  PID:14660
- C:\Windows\System\mDDzPDo.exe
  C:\Windows\System\mDDzPDo.exe
  2⤵
  PID:14688
- C:\Windows\System\KKzrcWo.exe
  C:\Windows\System\KKzrcWo.exe
  2⤵
  PID:14716
- C:\Windows\System\JKRdYMO.exe
  C:\Windows\System\JKRdYMO.exe
  2⤵
  PID:14744
- C:\Windows\System\sWPcfGp.exe
  C:\Windows\System\sWPcfGp.exe
  2⤵
  PID:14772
- C:\Windows\System\CyYGejt.exe
  C:\Windows\System\CyYGejt.exe
  2⤵
  PID:14800
- C:\Windows\System\eOPcoay.exe
  C:\Windows\System\eOPcoay.exe
  2⤵
  PID:14828
- C:\Windows\System\MqSJFBh.exe
  C:\Windows\System\MqSJFBh.exe
  2⤵
  PID:14856
- C:\Windows\System\zXggXWE.exe
  C:\Windows\System\zXggXWE.exe
  2⤵
  PID:14884
- C:\Windows\System\kLNncpe.exe
  C:\Windows\System\kLNncpe.exe
  2⤵
  PID:14912
- C:\Windows\System\CnBbNzf.exe
  C:\Windows\System\CnBbNzf.exe
  2⤵
  PID:14940
- C:\Windows\System\pDljDjF.exe
  C:\Windows\System\pDljDjF.exe
  2⤵
  PID:14968
- C:\Windows\System\YNHuCoV.exe
  C:\Windows\System\YNHuCoV.exe
  2⤵
  PID:14996
- C:\Windows\System\WmgKCjI.exe
  C:\Windows\System\WmgKCjI.exe
  2⤵
  PID:15024
- C:\Windows\System\vFbiqjN.exe
  C:\Windows\System\vFbiqjN.exe
  2⤵
  PID:15052
- C:\Windows\System\XoCkjfX.exe
  C:\Windows\System\XoCkjfX.exe
  2⤵
  PID:15084
- C:\Windows\System\jgvNdUV.exe
  C:\Windows\System\jgvNdUV.exe
  2⤵
  PID:15112
- C:\Windows\System\KqeZSEx.exe
  C:\Windows\System\KqeZSEx.exe
  2⤵
  PID:15140
- C:\Windows\System\uVREdIi.exe
  C:\Windows\System\uVREdIi.exe
  2⤵
  PID:15168
- C:\Windows\System\xIzbtdn.exe
  C:\Windows\System\xIzbtdn.exe
  2⤵
  PID:15196
- C:\Windows\System\uHiusSf.exe
  C:\Windows\System\uHiusSf.exe
  2⤵
  PID:15224
- C:\Windows\System\tLpbvNQ.exe
  C:\Windows\System\tLpbvNQ.exe
  2⤵
  PID:15252
- C:\Windows\System\RPgiXIc.exe
  C:\Windows\System\RPgiXIc.exe
  2⤵
  PID:15280
- C:\Windows\System\EbAcQGh.exe
  C:\Windows\System\EbAcQGh.exe
  2⤵
  PID:15308
- C:\Windows\System\AhHHfpd.exe
  C:\Windows\System\AhHHfpd.exe
  2⤵
  PID:15336
- C:\Windows\System\DUiRXRz.exe
  C:\Windows\System\DUiRXRz.exe
  2⤵
  PID:9172
- C:\Windows\System\dNciGzE.exe
  C:\Windows\System\dNciGzE.exe
  2⤵
  PID:14396
- C:\Windows\System\lhXwjzQ.exe
  C:\Windows\System\lhXwjzQ.exe
  2⤵
  PID:14452
- C:\Windows\System\rKEIlKZ.exe
  C:\Windows\System\rKEIlKZ.exe
  2⤵
  PID:14532
- C:\Windows\System\PVaMAFg.exe
  C:\Windows\System\PVaMAFg.exe
  2⤵
  PID:14600
- C:\Windows\System\XlZdjlx.exe
  C:\Windows\System\XlZdjlx.exe
  2⤵
  PID:14652
- C:\Windows\System\jBWrUQy.exe
  C:\Windows\System\jBWrUQy.exe
  2⤵
  PID:14708
- C:\Windows\System\vUkxGTQ.exe
  C:\Windows\System\vUkxGTQ.exe
  2⤵
  PID:14764
- C:\Windows\System\ZWeeBjF.exe
  C:\Windows\System\ZWeeBjF.exe
  2⤵
  PID:14840
- C:\Windows\System\lGMujhE.exe
  C:\Windows\System\lGMujhE.exe
  2⤵
  PID:14908
- C:\Windows\System\GtuabyS.exe
  C:\Windows\System\GtuabyS.exe
  2⤵
  PID:14964
- C:\Windows\System\BUAgOpE.exe
  C:\Windows\System\BUAgOpE.exe
  2⤵
  PID:15020
- C:\Windows\System\rcIFNQh.exe
  C:\Windows\System\rcIFNQh.exe
  2⤵
  PID:15108
- C:\Windows\System\jMfGHdO.exe
  C:\Windows\System\jMfGHdO.exe
  2⤵
  PID:15292
- C:\Windows\System\caVfSXy.exe
  C:\Windows\System\caVfSXy.exe
  2⤵
  PID:15348
- C:\Windows\System\gYjTEnA.exe
  C:\Windows\System\gYjTEnA.exe
  2⤵
  PID:14444
- C:\Windows\System\fzimbwu.exe
  C:\Windows\System\fzimbwu.exe
  2⤵
  PID:14680
- C:\Windows\System\ecksEWb.exe
  C:\Windows\System\ecksEWb.exe
  2⤵
  PID:14868
- C:\Windows\System\NCXBRsi.exe
  C:\Windows\System\NCXBRsi.exe
  2⤵
  PID:14992
- C:\Windows\System\FKIVNIy.exe
  C:\Windows\System\FKIVNIy.exe
  2⤵
  PID:9744
- C:\Windows\System\xuoErzM.exe
  C:\Windows\System\xuoErzM.exe
  2⤵
  PID:7228
- C:\Windows\System\esVSOgL.exe
  C:\Windows\System\esVSOgL.exe
  2⤵
  PID:9840
- C:\Windows\System\HgOEJsH.exe
  C:\Windows\System\HgOEJsH.exe
  2⤵
  PID:15276
- C:\Windows\System\fEUlRlt.exe
  C:\Windows\System\fEUlRlt.exe
  2⤵
  PID:2256
- C:\Windows\System\ORgDdlI.exe
  C:\Windows\System\ORgDdlI.exe
  2⤵
  PID:9952
- C:\Windows\System\VQtMAkL.exe
  C:\Windows\System\VQtMAkL.exe
  2⤵
  PID:10016
- C:\Windows\System\OLPYhdt.exe
  C:\Windows\System\OLPYhdt.exe
  2⤵
  PID:6716
- C:\Windows\System\yQapSOC.exe
  C:\Windows\System\yQapSOC.exe
  2⤵
  PID:9748
- C:\Windows\System\xhAdOpP.exe
  C:\Windows\System\xhAdOpP.exe
  2⤵
  PID:15192
- C:\Windows\System\ynSillK.exe
  C:\Windows\System\ynSillK.exe
  2⤵
  PID:15216
- C:\Windows\System\ZSkOpEy.exe
  C:\Windows\System\ZSkOpEy.exe
  2⤵
  PID:6524
- C:\Windows\System\vrQxcHZ.exe
  C:\Windows\System\vrQxcHZ.exe
  2⤵
  PID:9264
- C:\Windows\System\eTeUkzi.exe
  C:\Windows\System\eTeUkzi.exe
  2⤵
  PID:14756
- C:\Windows\System\HatvmYY.exe
  C:\Windows\System\HatvmYY.exe
  2⤵
  PID:9456
- C:\Windows\System\sHfeSID.exe
  C:\Windows\System\sHfeSID.exe
  2⤵
  PID:9492
- C:\Windows\System\PgBvZqM.exe
  C:\Windows\System\PgBvZqM.exe
  2⤵
  PID:15180
- C:\Windows\System\oBlGgZV.exe
  C:\Windows\System\oBlGgZV.exe
  2⤵
  PID:10232
- C:\Windows\System\esIeMrT.exe
  C:\Windows\System\esIeMrT.exe
  2⤵
  PID:9960
- C:\Windows\System\tpsdrPC.exe
  C:\Windows\System\tpsdrPC.exe
  2⤵
  PID:2672
- C:\Windows\System\YObOsTJ.exe
  C:\Windows\System\YObOsTJ.exe
  2⤵
  PID:9500
- C:\Windows\System\MQomYXP.exe
  C:\Windows\System\MQomYXP.exe
  2⤵
  PID:15096
- C:\Windows\System\TtwvATf.exe
  C:\Windows\System\TtwvATf.exe
  2⤵
  PID:10036
- C:\Windows\System\eISFuTR.exe
  C:\Windows\System\eISFuTR.exe
  2⤵
  PID:9784
- C:\Windows\System\nejHhKR.exe
  C:\Windows\System\nejHhKR.exe
  2⤵
  PID:4032
- C:\Windows\System\qQmwgKP.exe
  C:\Windows\System\qQmwgKP.exe
  2⤵
  PID:1072
- C:\Windows\System\MShpzWA.exe
  C:\Windows\System\MShpzWA.exe
  2⤵
  PID:4356
- C:\Windows\System\GaGomUp.exe
  C:\Windows\System\GaGomUp.exe
  2⤵
  PID:15272
- C:\Windows\System\HqLcpkZ.exe
  C:\Windows\System\HqLcpkZ.exe
  2⤵
  PID:7960
- C:\Windows\System\ypWqOSh.exe
  C:\Windows\System\ypWqOSh.exe
  2⤵
  PID:9800
- C:\Windows\System\vNQOyVm.exe
  C:\Windows\System\vNQOyVm.exe
  2⤵
  PID:9680
- C:\Windows\System\FnrNVku.exe
  C:\Windows\System\FnrNVku.exe
  2⤵
  PID:9692
- C:\Windows\System\FdyckuD.exe
  C:\Windows\System\FdyckuD.exe
  2⤵
  PID:15152
- C:\Windows\System\wLRqjWS.exe
  C:\Windows\System\wLRqjWS.exe
  2⤵
  PID:10164
- C:\Windows\System\XMETVeL.exe
  C:\Windows\System\XMETVeL.exe
  2⤵
  PID:9280
- C:\Windows\System\RemXjdo.exe
  C:\Windows\System\RemXjdo.exe
  2⤵
  PID:9348
- C:\Windows\System\DOUnKYt.exe
  C:\Windows\System\DOUnKYt.exe
  2⤵
  PID:1136
- C:\Windows\System\KqQguat.exe
  C:\Windows\System\KqQguat.exe
  2⤵
  PID:4376
- C:\Windows\System\jyDbhsi.exe
  C:\Windows\System\jyDbhsi.exe
  2⤵
  PID:1696
- C:\Windows\System\YmJllRA.exe
  C:\Windows\System\YmJllRA.exe
  2⤵
  PID:2652
- C:\Windows\System\PpGmPuq.exe
  C:\Windows\System\PpGmPuq.exe
  2⤵
  PID:15380
- C:\Windows\System\sMgebQU.exe
  C:\Windows\System\sMgebQU.exe
  2⤵
  PID:15408
- C:\Windows\System\UWkXkRk.exe
  C:\Windows\System\UWkXkRk.exe
  2⤵
  PID:15436
- C:\Windows\System\QrasEZX.exe
  C:\Windows\System\QrasEZX.exe
  2⤵
  PID:15464
- C:\Windows\System\kLFohry.exe
  C:\Windows\System\kLFohry.exe
  2⤵
  PID:15492
- C:\Windows\System\huIWKWW.exe
  C:\Windows\System\huIWKWW.exe
  2⤵
  PID:15520
- C:\Windows\System\fmJGlnH.exe
  C:\Windows\System\fmJGlnH.exe
  2⤵
  PID:15548
- C:\Windows\System\FxykwzL.exe
  C:\Windows\System\FxykwzL.exe
  2⤵
  PID:15576
- C:\Windows\System\oiBYUcj.exe
  C:\Windows\System\oiBYUcj.exe
  2⤵
  PID:15604
- C:\Windows\System\INLvBHs.exe
  C:\Windows\System\INLvBHs.exe
  2⤵
  PID:15632
- C:\Windows\System\yhkMgHM.exe
  C:\Windows\System\yhkMgHM.exe
  2⤵
  PID:15660
- C:\Windows\System\OpDjSHK.exe
  C:\Windows\System\OpDjSHK.exe
  2⤵
  PID:15688
- C:\Windows\System\TcYJZEP.exe
  C:\Windows\System\TcYJZEP.exe
  2⤵
  PID:15716
- C:\Windows\System\YkCfsnt.exe
  C:\Windows\System\YkCfsnt.exe
  2⤵
  PID:15744
- C:\Windows\System\oHmZhQe.exe
  C:\Windows\System\oHmZhQe.exe
  2⤵
  PID:15772
- C:\Windows\System\BqHWJXX.exe
  C:\Windows\System\BqHWJXX.exe
  2⤵
  PID:15800
- C:\Windows\System\sPIOIUS.exe
  C:\Windows\System\sPIOIUS.exe
  2⤵
  PID:15828
- C:\Windows\System\FaBwzlH.exe
  C:\Windows\System\FaBwzlH.exe
  2⤵
  PID:15856
- C:\Windows\System\xJSLwwO.exe
  C:\Windows\System\xJSLwwO.exe
  2⤵
  PID:15884
- C:\Windows\System\soQCPDT.exe
  C:\Windows\System\soQCPDT.exe
  2⤵
  PID:15916
- C:\Windows\System\OecPjII.exe
  C:\Windows\System\OecPjII.exe
  2⤵
  PID:15944
- C:\Windows\System\yBpKvvD.exe
  C:\Windows\System\yBpKvvD.exe
  2⤵
  PID:15972
- C:\Windows\System\lOmtBKo.exe
  C:\Windows\System\lOmtBKo.exe
  2⤵
  PID:16000
- C:\Windows\System\ausQRgc.exe
  C:\Windows\System\ausQRgc.exe
  2⤵
  PID:16028
- C:\Windows\System\RzliAhl.exe
  C:\Windows\System\RzliAhl.exe
  2⤵
  PID:16056
- C:\Windows\System\eqYildy.exe
  C:\Windows\System\eqYildy.exe
  2⤵
  PID:16084
- C:\Windows\System\gNAJUow.exe
  C:\Windows\System\gNAJUow.exe
  2⤵
  PID:16112
- C:\Windows\System\LDTAICf.exe
  C:\Windows\System\LDTAICf.exe
  2⤵
  PID:16140
- C:\Windows\System\dPyodEh.exe
  C:\Windows\System\dPyodEh.exe
  2⤵
  PID:16168
- C:\Windows\System\nBwyxXZ.exe
  C:\Windows\System\nBwyxXZ.exe
  2⤵
  PID:16196
- C:\Windows\System\CDvaBWY.exe
  C:\Windows\System\CDvaBWY.exe
  2⤵
  PID:16224
- C:\Windows\System\SWcUWhE.exe
  C:\Windows\System\SWcUWhE.exe
  2⤵
  PID:16252
- C:\Windows\System\tiEctqJ.exe
  C:\Windows\System\tiEctqJ.exe
  2⤵
  PID:16280
- C:\Windows\System\AebqtAB.exe
  C:\Windows\System\AebqtAB.exe
  2⤵
  PID:16308
- C:\Windows\System\AtuQacr.exe
  C:\Windows\System\AtuQacr.exe
  2⤵
  PID:16336
- C:\Windows\System\pCMMWpY.exe
  C:\Windows\System\pCMMWpY.exe
  2⤵
  PID:16364
- C:\Windows\System\nnFAlRs.exe
  C:\Windows\System\nnFAlRs.exe
  2⤵
  PID:2548
- C:\Windows\System\vvVTbGq.exe
  C:\Windows\System\vvVTbGq.exe
  2⤵
  PID:15428
- C:\Windows\System\ypRkUHG.exe
  C:\Windows\System\ypRkUHG.exe
  2⤵
  PID:9992
- C:\Windows\System\xYWWukv.exe
  C:\Windows\System\xYWWukv.exe
  2⤵
  PID:10068
- C:\Windows\System\cxAGtzt.exe
  C:\Windows\System\cxAGtzt.exe
  2⤵
  PID:15540
- C:\Windows\System\jJJwVIb.exe
  C:\Windows\System\jJJwVIb.exe
  2⤵
  PID:9436
- C:\Windows\System\rtbtamw.exe
  C:\Windows\System\rtbtamw.exe
  2⤵
  PID:15624
- C:\Windows\System\wdVqZtt.exe
  C:\Windows\System\wdVqZtt.exe
  2⤵
  PID:15656
- C:\Windows\System\VchxXJC.exe
  C:\Windows\System\VchxXJC.exe
  2⤵
  PID:15684
- C:\Windows\System\lndEkql.exe
  C:\Windows\System\lndEkql.exe
  2⤵
  PID:3664
- C:\Windows\System\LmjUQVp.exe
  C:\Windows\System\LmjUQVp.exe
  2⤵
  PID:15764
- C:\Windows\System\BbTCGVE.exe
  C:\Windows\System\BbTCGVE.exe
  2⤵
  PID:15796
- C:\Windows\System\bBRfWSU.exe
  C:\Windows\System\bBRfWSU.exe
  2⤵
  PID:10244
- C:\Windows\System\wxuNqzV.exe
  C:\Windows\System\wxuNqzV.exe
  2⤵
  PID:15876
- C:\Windows\System\bTMblLV.exe
  C:\Windows\System\bTMblLV.exe
  2⤵
  PID:10336
- C:\Windows\System\ynQvEES.exe
  C:\Windows\System\ynQvEES.exe
  2⤵
  PID:15956
- C:\Windows\System\awYgamB.exe
  C:\Windows\System\awYgamB.exe
  2⤵
  PID:15992
- C:\Windows\System\bQDIljb.exe
  C:\Windows\System\bQDIljb.exe
  2⤵
  PID:10448
- C:\Windows\System\pVnVzjc.exe
  C:\Windows\System\pVnVzjc.exe
  2⤵
  PID:10500
- C:\Windows\System\bTIVrZJ.exe
  C:\Windows\System\bTIVrZJ.exe
  2⤵
  PID:16104
- C:\Windows\System\lUyAEPN.exe
  C:\Windows\System\lUyAEPN.exe
  2⤵
  PID:16160
- C:\Windows\System\KYlJMQd.exe
  C:\Windows\System\KYlJMQd.exe
  2⤵
  PID:16192
- C:\Windows\System\VzJIIqC.exe
  C:\Windows\System\VzJIIqC.exe
  2⤵
  PID:16220
- C:\Windows\System\UyFQFxC.exe
  C:\Windows\System\UyFQFxC.exe
  2⤵
  PID:10704
- C:\Windows\System\kfXtzOk.exe
  C:\Windows\System\kfXtzOk.exe
  2⤵
  PID:16300
- C:\Windows\System\PuDefNS.exe
  C:\Windows\System\PuDefNS.exe
  2⤵
  PID:10788
- C:\Windows\System\AHIYbGD.exe
  C:\Windows\System\AHIYbGD.exe
  2⤵
  PID:16376
- C:\Windows\System\oCQAzgJ.exe
  C:\Windows\System\oCQAzgJ.exe
  2⤵
  PID:15404
- C:\Windows\System\cIVqZkH.exe
  C:\Windows\System\cIVqZkH.exe
  2⤵
  PID:15476
- C:\Windows\System\bXFtKNJ.exe
  C:\Windows\System\bXFtKNJ.exe
  2⤵
  PID:11008
- C:\Windows\System\DMnVjyX.exe
  C:\Windows\System\DMnVjyX.exe
  2⤵
  PID:15484
- C:\Windows\System\oLgNWWZ.exe
  C:\Windows\System\oLgNWWZ.exe
  2⤵
  PID:1448
- C:\Windows\System\VcdgQyC.exe
  C:\Windows\System\VcdgQyC.exe
  2⤵
  PID:11148
- C:\Windows\System\VOQGkns.exe
  C:\Windows\System\VOQGkns.exe
  2⤵
  PID:15652
- C:\Windows\System\lGJdvsj.exe
  C:\Windows\System\lGJdvsj.exe
  2⤵
  PID:4124
- C:\Windows\System\fTNRizP.exe
  C:\Windows\System\fTNRizP.exe
  2⤵
  PID:10040
- C:\Windows\System\iOfhptv.exe
  C:\Windows\System\iOfhptv.exe
  2⤵
  PID:15812
- C:\Windows\System\ARyVnja.exe
  C:\Windows\System\ARyVnja.exe
  2⤵
  PID:10360
- C:\Windows\System\mERpCKo.exe
  C:\Windows\System\mERpCKo.exe
  2⤵
  PID:10504
- C:\Windows\System\jKxCrjP.exe
  C:\Windows\System\jKxCrjP.exe
  2⤵
  PID:10624
- C:\Windows\System\TxHrFRG.exe
  C:\Windows\System\TxHrFRG.exe
  2⤵
  PID:10700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AUTijSu.exe

Filesize
6.0MB

MD5
e04a9b6f311f4aa55953a7bff7a3afeb

SHA1
c9d19991207b13691974540339a711f912fc6aec

SHA256
58cf6f626fabcd8095b660d63ccdb272a47d4d0b1be74615cc9c777d024f9f29

SHA512
2108e109a91f26146c7b42d8bdccbc39d70f1126fee4105d2a308a091520d425e4c5a3c9d5d0d63b37657183df7df7cd64d89e721f3dc2d904581c8e7b535897

Download Submit
C:\Windows\System\CovHOOv.exe

Filesize
6.0MB

MD5
2c7581bb99670f400a19dda1f905f825

SHA1
0e1651f078a7f0627b94e80fd15080f0f9cbd7fd

SHA256
f23a36ede7a0097767bce9a9774508b2d7510aae2d54259605f964643a58f697

SHA512
b5873290eed0e00cbdf96376de5293713be1281d7875e6ff738a6cf9459c2e4a11394b2acef5d079d336c3b52e080b3e57512ea6489dfa177fc0cec3e36c9599

Download Submit
C:\Windows\System\EjJLBDt.exe

Filesize
6.0MB

MD5
4999434b0637a5dff4e3e3ad6da22aa7

SHA1
8dccb0738dc59feeb60a8be9110f9cb57858e2b7

SHA256
bd5948e98aa765cd1c21ee0b1422d494fbce6c2d3acdcac92c027a3d47b17bd8

SHA512
b37bd33e8fc9381ce3e16a664da329f54325a7034b5101df990208b9deae82fd7f982a5e1b8e6b4d137b3e48d91592a9f835d5588f30e0d9fa296c322a99b380

Download Submit
C:\Windows\System\EoiVhkO.exe

Filesize
6.0MB

MD5
2c25c3648c40e30ea13572e8ad5256ee

SHA1
aac8a7590d46eafe3ad2808e62dd0d0395ea048b

SHA256
93d978a5401583f5f11e4145a49b3557e3dedf8b1cb7a48fb0d8aa8d93c1663a

SHA512
0da8a8e5e4baad2e79ee4e7101cf5a0b1d6ecc5ecfafeb333e743cbfca6cad945341d518a89e1ad30baeba051568419dd22d6526cdbbbd62da554a08c818e751

Download Submit
C:\Windows\System\HfYioxg.exe

Filesize
6.0MB

MD5
28e58e3f0d68c291a357c171e7fcec1b

SHA1
08cf2521f8cce056b8397b9a277d3c546f09dfef

SHA256
13f42568888c24a6ab5e8a1e29c5d05baf245aaf3cdc540ec94efbbf2d02339c

SHA512
17ca2304c0e9f9ced64f807eec9d11dc9f7250423facf320b5f7ee92d2d74fc6d859fc796e60e33c46872a20119046c3a372661556e0bcb187c2782d35807b90

Download Submit
C:\Windows\System\IHvSEYX.exe

Filesize
6.0MB

MD5
a33879d70184a70bf6370a1265846e63

SHA1
44b1642cf6eb386c7d3e5e98d6865a19b4b91bd5

SHA256
ca525a72eaaba25bf217bd4425dbdeaf192ea5840d81b85e04037b1bd385d47f

SHA512
17169dca06f8725a944215c25834692af4889f0e9267b576747c3f4521210f65553bccd96bd6782b27b16d98b02cd05d29a59c8ff8dbe15c8e3ea6f7d7dd6f4f

Download Submit
C:\Windows\System\ISilPZN.exe

Filesize
6.0MB

MD5
daf8999b0cd749c09834b55e549121de

SHA1
dca1f3449ff0a1f1343730050b5b20fbdc50ecb9

SHA256
c728641ab5d0ee2c13c5a28e1c2f392cdff3ff5490186c39d3c4067fd2d4e7a3

SHA512
d2b5af7e684df8616bcab9f89ee5209fbbc92c8e09ea0145e790a4ea45dc99fe2bc18d1fac833c985bf31b03a6ff8f89d9335f5abe30a5581d12e5b67a8a02f7

Download Submit
C:\Windows\System\MoVfzNd.exe

Filesize
6.0MB

MD5
28cb4250505cd05e483a90a2befc5a6a

SHA1
e2a4aa97ce3f31f2922e1ef37d9498717141085f

SHA256
d3d8b3205f46bcd929d46c01611847a0abc5434ef244f201e48932d3379c69be

SHA512
4491211bb044594e759b44f06f792c0b1bd2446c40b6cbda1687376691b795ec50b66888026f24390587a9dec319421498879da09cb5cb607dd2d741a6274af2

Download Submit
C:\Windows\System\OoLsoUI.exe

Filesize
6.0MB

MD5
6795bec39a5672a22289f1509095143a

SHA1
dab4593c35393754b292e5c404deb24479d4d228

SHA256
d890635af90fd4767996a81a2dd171f94ba772c5a3ba2bda98357c26847fa9ff

SHA512
181a801cd54bf9f7f616d6faf534dedd0e4942740a0a084f825a043eb340b05d087967d842df0a18d40bc901d426745bf6d27ba6e52f2c467f2d2f6abee24372

Download Submit
C:\Windows\System\RbJASTo.exe

Filesize
6.0MB

MD5
6950af6a31bc0e05f98900fe2d8c2d82

SHA1
57be283d5ae0acc7b8ae20ea3c65b9c09c2dd5c0

SHA256
87823043a1bb60eebac831aa6098b134c18e09eb7ab53936fbd8d2485017908b

SHA512
4d46e108a9813350dbb58608a158ddb9b908402d2efc1a175a4e85568fd7585168a73462b9b2a8bebbb5f696107c1dbfcb1e143bf516ff3306e429794e8c31c5

Download Submit
C:\Windows\System\WIsVQGq.exe

Filesize
6.0MB

MD5
2b35d2d4974674549cb7da46ace25e74

SHA1
0218779c60a2d65f29dc1e2ca9e190078826a4b1

SHA256
5f689ddca7940b28e9309411d6431021eb89495ba76a5d8828935087ea179a03

SHA512
85e91c3469ff18e24cc5a5c0950f46b1bf42c609a04e5d1084cf618911c6dbd1b5d5904dd7b00965a3ca5c9233f7d2cdf97ba52beb1a10c68b9425648e87fc1a

Download Submit
C:\Windows\System\XkXNNHa.exe

Filesize
6.0MB

MD5
f8cff0f755ecada98ee2ddd998a52c31

SHA1
6ec540ab3fe9e4c24427e4d935181fe9811fcf64

SHA256
bdebe37d45e453a16e2244f73db1e0ed96301aad5ec614bd0d958f8f63325daa

SHA512
b25c0c736866e011203013ad067b0e638a731bc7d5f4b43f5573c00600090e40275b18785229905456af7c2508b969470cd499afa049bf09365bf77c321055fa

Download Submit
C:\Windows\System\cPMGbwx.exe

Filesize
6.0MB

MD5
73c02b2085a93c7c025ffa0ef5128378

SHA1
cfad97f6761282d9b7c8638efaea26d99b0f01c2

SHA256
705a2cb5e06bc5efa71a7ff8c0dc2bd5f6d97494c359da941cd6aa0ca99b6041

SHA512
82e96ec4eb19618fd85c2a6fa7291926994975c735aca64f10e9f5dbd504d36be345d66d5e5fbf50e191552756669113de748c524ea778016a8631cb8aa5665a

Download Submit
C:\Windows\System\dodQKoT.exe

Filesize
6.0MB

MD5
fdbf74629546ceb7e4a4f4897e9385fb

SHA1
36bba4d22f4b38149eac1db010333ff5b13373f7

SHA256
70bfeb8f6ff30f495df350a38d054820c6a2dae33da4540487c52a4dc7c8265f

SHA512
cdcf2a77673a07e084c6ea8f685742a051bc2a32d42319bf7a46e841c495259846fe6a2eb69f30e653e59672272bedbbdbfbd45045305a119878d4b9140caced

Download Submit
C:\Windows\System\dxYINES.exe

Filesize
6.0MB

MD5
7a930505dbaee2ee71beff9b23f037e1

SHA1
bea1cbb5d13d34d4dacac111fe85b88c1d902016

SHA256
a687b91a65ed67d713a1498cf1ce4f59c57eed257af2229345585818e10e4ea1

SHA512
5986d479e38db12273b0c19f892d33e1d1ab4345baf83e978126050ab1895b8d7ebc25df23bde4dbcd539ff476a2a3b69367758a489b990b42359ad882df758c

Download Submit
C:\Windows\System\frDEOpQ.exe

Filesize
6.0MB

MD5
459ca8c720f39c75b6a795e907001f2a

SHA1
89040c54f71b290e820ccd0192f26561f0856695

SHA256
019db7199aeba1e07240f18641dd66a4b63f78a45d41cc7c5edf765bf87ffd80

SHA512
9ba0d4f82a6f6c3561525be0fd39ce7f24f4789dbfd5157ab26e25bbbf5607f23971092588e3e4f3f11cdd3d5f77bd1c0ffc2896a6cb836677e8c018e903dff5

Download Submit
C:\Windows\System\fyrAmzn.exe

Filesize
6.0MB

MD5
018d05d12ae74ab307758a8e88c88228

SHA1
fa9fc4e3782ce45a647c1b24c0bc37e3bf44d202

SHA256
54df7d9b3a913973ead082a31ee056a648e5428ae955177906f0b58cb039a2a3

SHA512
c0716de57c0741c4f968b6f0772079c1c4aa60522de78051183293d5e7a0aa6769629499ee34fd3fdb4f28766e8823b0df13f76762cdbc5206ec21b70c0b7f4a

Download Submit
C:\Windows\System\hUBRBcc.exe

Filesize
6.0MB

MD5
9d346c29930d9a4d31521cc831f9a9d6

SHA1
924b3e1dec1a6b8e1674632e0a3d597039f39cc7

SHA256
d2c2b0c5f3068c1f831d1cfe4efcf03889448f67ceb55688ad456449b95529b2

SHA512
08fcfc50a76d5ad47c0b4af310fd4f8076c143002e529208c05b6dc5d1182553113d846bd40fe8568ac9f42c1e34e61c58710b20def77be5ede5092b932c1d38

Download Submit
C:\Windows\System\jwgDNTL.exe

Filesize
6.0MB

MD5
ea1c79ca552c849dff84591b8672accf

SHA1
5943312bb9f923dbd9835cf60e69b3e746743868

SHA256
dc7fc7627a01781d020142c0d1d97c2a2e55cd04e0821f19ec04d3e0a086f906

SHA512
6258589b0fce07937c24bf8503f9bcfad3897f7f3b2885942df0a4fe72ef9f9feb78314b4ee73fccc016e4da644cfc1d5bc01bb276e667491c8040fe6819db36

Download Submit
C:\Windows\System\lJCUURM.exe

Filesize
6.0MB

MD5
c66ffe49c362c6123b9d32a72d566c12

SHA1
fc19425b2e2ed1153d81c47290a4f9fa1b8820c0

SHA256
587fbb7d87275944a19e3c22c9a025f1aeecbeb57fe2e0bd5e5d5a6bfa46a4db

SHA512
27b1876bac7673158641fc15f55936aef3c9d6ccbd0dc5f074b20474511bcf0bcf20a0161daaf5bb60510004eaee01bd8e3cf0350c7c3637d53b2169977f181a

Download Submit
C:\Windows\System\pTDmBKv.exe

Filesize
6.0MB

MD5
b176a3244867c5d807ba6c8765a35559

SHA1
b5ecbfea53158b83d9908a45210044dc48a9f1fc

SHA256
71ba770bce259f1c04b180996037c0511a8b2e4a1701c3bd902b5bd73ea68111

SHA512
b60f4a5e8b2dca4b3d0731d924214f1413594a8dc972d40894eea84d577a5e5e81bf3c2fd01e4657d6b9bca12ab86e4229d89706de4eaf95244b05f726cb1c00

Download Submit
C:\Windows\System\pgyRvkc.exe

Filesize
6.0MB

MD5
909cd2834760457e5658b398a2d53d95

SHA1
f74fdedcdffa85568ee5262cd56c8c614d214b64

SHA256
5b94201af72b3e45c05097441b98ba7c4d83ce6b15673cb81912ab4efff1acec

SHA512
02c0addbc2b80d7e377e89aa5f58c275abc7b65f1b10757c05a4a4e13648ca5c73e1f3e7d68183d3f5fcd1f8593ef0675109bb6f48728bd6f64d79d0c50b0f5a

Download Submit
C:\Windows\System\pzSoAlw.exe

Filesize
6.0MB

MD5
4737a29737ce2162c734a4c7024fb3a1

SHA1
a50cc3b07038fbece63910e601e0067845fcfdbf

SHA256
c4133987e25f9d2df18855afc72e7dba993c96211f507b259c884d40270c53fd

SHA512
7394c4b4a085fbb9917b3fba0849c12cae19ceb73ca832821fb46a6be6c9d9b5505497fc43c88b15ae516207f9e58be9d15ca43281f4fa5ce2e2794a569688c1

Download Submit
C:\Windows\System\qMopHiT.exe

Filesize
6.0MB

MD5
cbf3f423dd9e13d51c90a319c75e6851

SHA1
0bce17ef805366d5a3757179167e8407346a02ea

SHA256
a6c981640e7250e33954d8afc62644f365ccaf68ffe2ed6f5f4f9cfd3ac3cd95

SHA512
f04752296cccb0291a0fe8c0c0810bc35c94e0d933ccd3aa88b023c2ed4d5e520a12570e1a21f3a2ac3db0202e6e3645de45ed64514ad184d46dbdc0c47483a0

Download Submit
C:\Windows\System\qdYdFoT.exe

Filesize
6.0MB

MD5
ad88dd56442537c74a5afcf00ab32c4a

SHA1
159f20b8d13563d666c7656a66d577a4efc16b00

SHA256
799e636574b8e256a2cfd1ff725fa422dc4bc272f4b9753929e30093aad2ec8e

SHA512
b7ae673af901bc442fee190d998fa52f9c2ce9eb8f67045dc83970db2f5492bd80d56228fac0a8da7c1e7287c7d70f96e8b2f4887e3aa403c210a1e79dbdbd74

Download Submit
C:\Windows\System\qhEYNWv.exe

Filesize
6.0MB

MD5
7cfa6b96d721e74395b366ba6fb1c334

SHA1
c08e2cc4d0fafc2894241144669ed10ceebc3dde

SHA256
b3c625b81ced02744dc9d4b3331a85d973d6a165f4ba086182e192cd5a920c2d

SHA512
0f293c25a4d9c84ff1d8d0542155641805f61ba18c4805f9c1ac5bb9ced38c9018263135e5cdce3fd3a9c90a99b80f685852245c9a3ac0aa1eb65ccf80d3be0e

Download Submit
C:\Windows\System\sPZIkzW.exe

Filesize
6.0MB

MD5
268fbbe0867bd48e49b4174b993ccd47

SHA1
6b8e758c26d67d89811be97f313c563ebd32c03f

SHA256
3581ffcc63d2f320bbc5e5a1f5a28af5effd6c0d433633e5e16c14ebd18df48d

SHA512
f26c9d98177e409ede85283325894a3c045f01d72d466fbab2e94c1c0aeabbd85442d68a616122dcaf1a40f9e5a52d73267c67ca56e7f05b6a6ceffa29994038

Download Submit
C:\Windows\System\tcxLWDc.exe

Filesize
6.0MB

MD5
922ab9d2d1fcbdeb4b52c37c98710455

SHA1
eb1cc31102b0444798f1199c73a3933910967c67

SHA256
9fa7adec73924286b61c3782192639cdc0e10262a8d62fa69f5bd2f3f3a4a579

SHA512
1614d229fb3d720be91c03a5d1f9eaeee8692e1aeee5dab2a87ec56799357bd0cc356892904e968509fb49ec32c69e936ad1507c06d9e147814b838c54036e0b

Download Submit
C:\Windows\System\ulmnjrQ.exe

Filesize
6.0MB

MD5
40883a3f368629f63accf1876bb4e3fe

SHA1
34a9e55758ddf51c7ce1c66e8756b6ad1f629aa8

SHA256
06d5eab3d3d0626bbd305ca34a20be326110340d60f61d56f82e4cac26e251a8

SHA512
f778959c5951fb8c3ac0fb94449ef5f36624a9869d1534dfc3ab4e269df64bc8aaedfd9aad83084a8a9c7517fbc922fdf1fd179d4c5a47174e04b83a01b01253

Download Submit
C:\Windows\System\vndaJHD.exe

Filesize
6.0MB

MD5
929d91dba9578376b83fb96f3118ff48

SHA1
f69b9287b04391dc3c0f24a2f516fd8732be83b1

SHA256
00a8726d5abcb7167bbbf3f36cfe87f4ae33bde75b2fc3bd16fa6eb82db90b55

SHA512
a50a6d97b61982bca449b00d1ca545739f1572f5c327c759151dfec04b425ac3c50c48572dca0d42ccca0e44c3f0648c2a276f586fd85fcaa9501f8e7fa6a367

Download Submit
C:\Windows\System\yKnUznd.exe

Filesize
6.0MB

MD5
b381eb728a7f56a00edd37455b717d05

SHA1
53ec1be947ffe29a0fa11fb1a7dee8eb30ff8137

SHA256
2cc2a68610b18058b572a91b837ad1e036d3e2d40e9788d889c74b24efc7c06d

SHA512
8e2eec944051933589a4845addbd1b66415fb6cb2740f9a5d171e6a2baedd13db198fd3dcaa8bbd7f210b0e5eea6c884a5e7d91eb47e14000b8704cb1f3d7e0f

Download Submit
C:\Windows\System\zoAtcDo.exe

Filesize
6.0MB

MD5
10e6b3f1b6086418337d11de670d27a9

SHA1
e5e90f674d7db9c66008bbf997adc0f3d193694d

SHA256
64934977e603bddd5a3598c373275fcddbc7bcad7956b8a2fa60447b424bf0ac

SHA512
40e8f17f5bcaae2b27ceb0e2eda970ec5287338455897d8aa750455537a2b4851e67c8f54914c3f28565c82a61559843e4d426dbc15d590ffd1c9360bed531f3

Download Submit
memory/8-144-0x00007FF7B82E0000-0x00007FF7B8634000-memory.dmp

Filesize
3.3MB

Download
memory/8-1736-0x00007FF7B82E0000-0x00007FF7B8634000-memory.dmp

Filesize
3.3MB

Download
memory/8-656-0x00007FF7B82E0000-0x00007FF7B8634000-memory.dmp

Filesize
3.3MB

Download
memory/220-97-0x00007FF75FAD0000-0x00007FF75FE24000-memory.dmp

Filesize
3.3MB

Download
memory/220-1214-0x00007FF75FAD0000-0x00007FF75FE24000-memory.dmp

Filesize
3.3MB

Download
memory/544-72-0x00007FF66BA80000-0x00007FF66BDD4000-memory.dmp

Filesize
3.3MB

Download
memory/544-1204-0x00007FF66BA80000-0x00007FF66BDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1076-61-0x00007FF613A80000-0x00007FF613DD4000-memory.dmp

Filesize
3.3MB

Download
memory/1076-195-0x00007FF613A80000-0x00007FF613DD4000-memory.dmp

Filesize
3.3MB

Download
memory/1076-1207-0x00007FF613A80000-0x00007FF613DD4000-memory.dmp

Filesize
3.3MB

Download
memory/1156-1734-0x00007FF739B80000-0x00007FF739ED4000-memory.dmp

Filesize
3.3MB

Download
memory/1156-606-0x00007FF739B80000-0x00007FF739ED4000-memory.dmp

Filesize
3.3MB

Download
memory/1156-127-0x00007FF739B80000-0x00007FF739ED4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-1740-0x00007FF68C850000-0x00007FF68CBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-182-0x00007FF68C850000-0x00007FF68CBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1728-1749-0x00007FF6D77D0000-0x00007FF6D7B24000-memory.dmp

Filesize
3.3MB

Download
memory/1728-176-0x00007FF6D77D0000-0x00007FF6D7B24000-memory.dmp

Filesize
3.3MB

Download
memory/1828-1185-0x00007FF7BB770000-0x00007FF7BBAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1828-12-0x00007FF7BB770000-0x00007FF7BBAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1828-113-0x00007FF7BB770000-0x00007FF7BBAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-20-0x00007FF62FA50000-0x00007FF62FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-121-0x00007FF62FA50000-0x00007FF62FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1192-0x00007FF62FA50000-0x00007FF62FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-168-0x00007FF610BD0000-0x00007FF610F24000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1745-0x00007FF610BD0000-0x00007FF610F24000-memory.dmp

Filesize
3.3MB

Download
memory/2476-134-0x00007FF785DA0000-0x00007FF7860F4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-655-0x00007FF785DA0000-0x00007FF7860F4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-1735-0x00007FF785DA0000-0x00007FF7860F4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-213-0x00007FF7F4E00000-0x00007FF7F5154000-memory.dmp

Filesize
3.3MB

Download
memory/2596-1746-0x00007FF7F4E00000-0x00007FF7F5154000-memory.dmp

Filesize
3.3MB

Download
memory/2828-77-0x00007FF7B4EB0000-0x00007FF7B5204000-memory.dmp

Filesize
3.3MB

Download
memory/2828-210-0x00007FF7B4EB0000-0x00007FF7B5204000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1210-0x00007FF7B4EB0000-0x00007FF7B5204000-memory.dmp

Filesize
3.3MB

Download
memory/2920-1182-0x00007FF6C3170000-0x00007FF6C34C4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-106-0x00007FF6C3170000-0x00007FF6C34C4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-7-0x00007FF6C3170000-0x00007FF6C34C4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-1212-0x00007FF6378E0000-0x00007FF637C34000-memory.dmp

Filesize
3.3MB

Download
memory/3016-398-0x00007FF6378E0000-0x00007FF637C34000-memory.dmp

Filesize
3.3MB

Download
memory/3016-92-0x00007FF6378E0000-0x00007FF637C34000-memory.dmp

Filesize
3.3MB

Download
memory/3076-1741-0x00007FF771990000-0x00007FF771CE4000-memory.dmp

Filesize
3.3MB

Download
memory/3076-194-0x00007FF771990000-0x00007FF771CE4000-memory.dmp

Filesize
3.3MB

Download
memory/3076-746-0x00007FF771990000-0x00007FF771CE4000-memory.dmp

Filesize
3.3MB

Download
memory/3488-67-0x00007FF79FCD0000-0x00007FF7A0024000-memory.dmp

Filesize
3.3MB

Download
memory/3488-1200-0x00007FF79FCD0000-0x00007FF7A0024000-memory.dmp

Filesize
3.3MB

Download
memory/3556-1726-0x00007FF64AB40000-0x00007FF64AE94000-memory.dmp

Filesize
3.3MB

Download
memory/3556-126-0x00007FF64AB40000-0x00007FF64AE94000-memory.dmp

Filesize
3.3MB

Download
memory/3608-25-0x00007FF68BDE0000-0x00007FF68C134000-memory.dmp

Filesize
3.3MB

Download
memory/3608-131-0x00007FF68BDE0000-0x00007FF68C134000-memory.dmp

Filesize
3.3MB

Download
memory/3608-1191-0x00007FF68BDE0000-0x00007FF68C134000-memory.dmp

Filesize
3.3MB

Download
memory/3900-30-0x00007FF6967C0000-0x00007FF696B14000-memory.dmp

Filesize
3.3MB

Download
memory/3900-150-0x00007FF6967C0000-0x00007FF696B14000-memory.dmp

Filesize
3.3MB

Download
memory/3900-1196-0x00007FF6967C0000-0x00007FF696B14000-memory.dmp

Filesize
3.3MB

Download
memory/3936-1718-0x00007FF72AC20000-0x00007FF72AF74000-memory.dmp

Filesize
3.3MB

Download
memory/3936-458-0x00007FF72AC20000-0x00007FF72AF74000-memory.dmp

Filesize
3.3MB

Download
memory/3936-110-0x00007FF72AC20000-0x00007FF72AF74000-memory.dmp

Filesize
3.3MB

Download
memory/4060-162-0x00007FF743A80000-0x00007FF743DD4000-memory.dmp

Filesize
3.3MB

Download
memory/4060-44-0x00007FF743A80000-0x00007FF743DD4000-memory.dmp

Filesize
3.3MB

Download
memory/4060-1199-0x00007FF743A80000-0x00007FF743DD4000-memory.dmp

Filesize
3.3MB

Download
memory/4272-1-0x000002814E740000-0x000002814E750000-memory.dmp

Filesize
64KB

Download
memory/4272-99-0x00007FF797FE0000-0x00007FF798334000-memory.dmp

Filesize
3.3MB

Download
memory/4272-0-0x00007FF797FE0000-0x00007FF798334000-memory.dmp

Filesize
3.3MB

Download
memory/4404-747-0x00007FF6B3F90000-0x00007FF6B42E4000-memory.dmp

Filesize
3.3MB

Download
memory/4404-1748-0x00007FF6B3F90000-0x00007FF6B42E4000-memory.dmp

Filesize
3.3MB

Download
memory/4404-206-0x00007FF6B3F90000-0x00007FF6B42E4000-memory.dmp

Filesize
3.3MB

Download
memory/4444-91-0x00007FF7FB280000-0x00007FF7FB5D4000-memory.dmp

Filesize
3.3MB

Download
memory/4444-1205-0x00007FF7FB280000-0x00007FF7FB5D4000-memory.dmp

Filesize
3.3MB

Download
memory/4552-1208-0x00007FF713140000-0x00007FF713494000-memory.dmp

Filesize
3.3MB

Download
memory/4552-88-0x00007FF713140000-0x00007FF713494000-memory.dmp

Filesize
3.3MB

Download
memory/4796-167-0x00007FF69F0F0000-0x00007FF69F444000-memory.dmp

Filesize
3.3MB

Download
memory/4796-1203-0x00007FF69F0F0000-0x00007FF69F444000-memory.dmp

Filesize
3.3MB

Download
memory/4796-59-0x00007FF69F0F0000-0x00007FF69F444000-memory.dmp

Filesize
3.3MB

Download
memory/4812-188-0x00007FF675810000-0x00007FF675B64000-memory.dmp

Filesize
3.3MB

Download
memory/4812-1739-0x00007FF675810000-0x00007FF675B64000-memory.dmp

Filesize
3.3MB

Download
memory/5048-1209-0x00007FF743D20000-0x00007FF744074000-memory.dmp

Filesize
3.3MB

Download
memory/5048-214-0x00007FF743D20000-0x00007FF744074000-memory.dmp

Filesize
3.3MB

Download
memory/5048-82-0x00007FF743D20000-0x00007FF744074000-memory.dmp

Filesize
3.3MB

Download
memory/5076-115-0x00007FF794DA0000-0x00007FF7950F4000-memory.dmp

Filesize
3.3MB

Download
memory/5076-1720-0x00007FF794DA0000-0x00007FF7950F4000-memory.dmp

Filesize
3.3MB

Download