cobaltstrike | 2b080b4229d83568f96e244fa4372bff87d0db59e0b4c5a7adce5284334612cf

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-12-2024 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

090dc627a38fa7b008f678bf2890a89c
SHA1

096961fa180cfc6e2628dbdf9373c8112e969536
SHA256

2b080b4229d83568f96e244fa4372bff87d0db59e0b4c5a7adce5284334612cf
SHA512

799a8d84d468f7f38dfdfaec7267dfc44e54dc2e1c62186974a8de8837605a550bed5b546c27c88c4b8a4c77c90dd03ac680d72fe9ecaccd200c31b583488084
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUd:T+q56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016edb-8.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001707c-15.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173f3-21.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001746a-30.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174c3-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019485-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019479-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947d-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-55.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174a6-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017488-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017403-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 38 IoCs

miner

resource	yara_rule
behavioral1/memory/1620-0-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-3.dat	xmrig
behavioral1/files/0x0008000000016edb-8.dat	xmrig
behavioral1/files/0x000800000001707c-15.dat	xmrig
behavioral1/files/0x00080000000173f3-21.dat	xmrig
behavioral1/files/0x000700000001746a-30.dat	xmrig
behavioral1/files/0x00080000000174c3-45.dat	xmrig
behavioral1/files/0x0005000000019268-50.dat	xmrig
behavioral1/files/0x000500000001929a-70.dat	xmrig
behavioral1/files/0x0005000000019377-85.dat	xmrig
behavioral1/files/0x00050000000193c1-105.dat	xmrig
behavioral1/files/0x0005000000019450-120.dat	xmrig
behavioral1/files/0x0005000000019485-158.dat	xmrig
behavioral1/files/0x00050000000194df-156.dat	xmrig
behavioral1/files/0x0005000000019479-149.dat	xmrig
behavioral1/files/0x0005000000019465-128.dat	xmrig
behavioral1/files/0x000500000001950e-160.dat	xmrig
behavioral1/files/0x00050000000194d7-153.dat	xmrig
behavioral1/files/0x000500000001947d-140.dat	xmrig
behavioral1/files/0x000500000001946a-133.dat	xmrig
behavioral1/files/0x0005000000019433-110.dat	xmrig
behavioral1/files/0x000500000001945b-125.dat	xmrig
behavioral1/files/0x0005000000019446-115.dat	xmrig
behavioral1/files/0x00050000000193b3-100.dat	xmrig
behavioral1/files/0x00050000000193a4-95.dat	xmrig
behavioral1/files/0x0005000000019387-90.dat	xmrig
behavioral1/files/0x0005000000019365-80.dat	xmrig
behavioral1/files/0x0005000000019319-75.dat	xmrig
behavioral1/files/0x0005000000019278-65.dat	xmrig
behavioral1/files/0x0005000000019275-60.dat	xmrig
behavioral1/files/0x000500000001926c-55.dat	xmrig
behavioral1/files/0x00080000000174a6-41.dat	xmrig
behavioral1/files/0x0007000000017488-36.dat	xmrig
behavioral1/files/0x0007000000017403-26.dat	xmrig
behavioral1/memory/1620-2583-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2308-2582-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/1620-3051-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2308-3872-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2844	dhdasrq.exe
2308	lRNrVSs.exe
2988	xiGVDzU.exe
2520	iSdYwZY.exe
2076	JUypdiM.exe
2476	baXSCug.exe
2744	pPNXbJW.exe
2832	oMiumXm.exe
2756	mqAFQxj.exe
2736	udGIRLG.exe
2908	gkVRYRN.exe
2704	MiwQUej.exe
2624	nobpSig.exe
2716	iyQaXvb.exe
2616	irIbHPZ.exe
1880	FSiwkPk.exe
2328	GUzbQkG.exe
2164	vDNnUcc.exe
1132	lNyxbNa.exe
1908	oMgtuFJ.exe
992	PfjHVHx.exe
964	JTZUhpV.exe
2364	HaFINAz.exe
1652	nRRQMwO.exe
2168	doCQasN.exe
1196	MrLBvNu.exe
2924	heyuOxh.exe
1308	OmpAwjl.exe
2936	bMLDKbK.exe
2284	BxVLdAC.exe
560	lMDcnqA.exe
1252	tbPRQEP.exe
2216	sYeHtbz.exe
236	BysoPXq.exe
1868	EBrIWtz.exe
952	tAYFxJy.exe
408	ilPgkzh.exe
832	GBKMOOY.exe
2580	vHkYAMk.exe
956	rzQYIHg.exe
584	ZEXnCOr.exe
1696	wFtHYQT.exe
2696	QbIYbAg.exe
1592	ptqssgw.exe
1288	kFUFopL.exe
1468	nSbZtFf.exe
1548	FIsPshY.exe
696	rkJWXXj.exe
332	NDPlVeL.exe
2248	BIIAFlp.exe
2332	zveZGfm.exe
1896	TbifMOL.exe
792	SnloYkd.exe
1200	pBLQwzK.exe
1420	HOfPYHY.exe
1240	VmLWClj.exe
876	PNEyPTC.exe
2056	QDvQDtA.exe
1512	LRWZObE.exe
1608	nAaexHW.exe
3048	XIonShg.exe
2516	CLzYjwq.exe
2152	TmHBzqN.exe
320	TYCTjCu.exe

Loads dropped DLL 64 IoCs

pid	Process
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 37 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1620-0-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x0007000000012118-3.dat	upx
behavioral1/files/0x0008000000016edb-8.dat	upx
behavioral1/files/0x000800000001707c-15.dat	upx
behavioral1/files/0x00080000000173f3-21.dat	upx
behavioral1/files/0x000700000001746a-30.dat	upx
behavioral1/files/0x00080000000174c3-45.dat	upx
behavioral1/files/0x0005000000019268-50.dat	upx
behavioral1/files/0x000500000001929a-70.dat	upx
behavioral1/files/0x0005000000019377-85.dat	upx
behavioral1/files/0x00050000000193c1-105.dat	upx
behavioral1/files/0x0005000000019450-120.dat	upx
behavioral1/files/0x0005000000019485-158.dat	upx
behavioral1/files/0x00050000000194df-156.dat	upx
behavioral1/files/0x0005000000019479-149.dat	upx
behavioral1/files/0x0005000000019465-128.dat	upx
behavioral1/files/0x000500000001950e-160.dat	upx
behavioral1/files/0x00050000000194d7-153.dat	upx
behavioral1/files/0x000500000001947d-140.dat	upx
behavioral1/files/0x000500000001946a-133.dat	upx
behavioral1/files/0x0005000000019433-110.dat	upx
behavioral1/files/0x000500000001945b-125.dat	upx
behavioral1/files/0x0005000000019446-115.dat	upx
behavioral1/files/0x00050000000193b3-100.dat	upx
behavioral1/files/0x00050000000193a4-95.dat	upx
behavioral1/files/0x0005000000019387-90.dat	upx
behavioral1/files/0x0005000000019365-80.dat	upx
behavioral1/files/0x0005000000019319-75.dat	upx
behavioral1/files/0x0005000000019278-65.dat	upx
behavioral1/files/0x0005000000019275-60.dat	upx
behavioral1/files/0x000500000001926c-55.dat	upx
behavioral1/files/0x00080000000174a6-41.dat	upx
behavioral1/files/0x0007000000017488-36.dat	upx
behavioral1/files/0x0007000000017403-26.dat	upx
behavioral1/memory/2308-2582-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/1620-3051-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2308-3872-0x000000013FE00000-0x0000000140154000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MOtwwob.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HaFINAz.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MeSLhMX.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bAAtVbP.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XyCRQwt.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYeLALc.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Lkomqio.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRjOtWx.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSJKKui.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fRWRxTJ.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQDNXXf.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wanjoAU.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrYwitt.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbeaJAe.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLKWGxP.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VjxfYBl.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fZDtZVQ.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZgsekSL.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UBAGFGG.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbLfbdi.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LyuidIs.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgqqNuZ.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\olnELTf.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPRNiSk.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbPRQEP.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StPYZpZ.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxbOywW.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXupJfN.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ckMkcoC.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGtBiMz.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iyQaXvb.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OmpAwjl.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\szWsAkw.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sBbrkAP.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fuvzoSd.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DzAFMTn.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKfLAuA.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\srHZXYs.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOKTrXU.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwhnOYe.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBdsxjp.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQzuIDC.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjOHCgw.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IlbUhKW.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lADyoIE.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LGGWYmZ.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnHFXqT.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDNnUcc.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNfXnjP.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtNrnqx.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFWcpcS.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCqPmxR.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CcAGGog.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yoOklFf.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRwOmWF.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eqEaDEM.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmJOBew.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oAxwBpk.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HqlKYTD.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UABUQHx.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUrUZut.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMYfXSk.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYbDFWr.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfRsHLE.exe	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 2844	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1620 wrote to memory of 2844	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1620 wrote to memory of 2844	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1620 wrote to memory of 2308	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1620 wrote to memory of 2308	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1620 wrote to memory of 2308	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1620 wrote to memory of 2988	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1620 wrote to memory of 2988	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1620 wrote to memory of 2988	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1620 wrote to memory of 2520	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1620 wrote to memory of 2520	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1620 wrote to memory of 2520	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1620 wrote to memory of 2076	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1620 wrote to memory of 2076	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1620 wrote to memory of 2076	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1620 wrote to memory of 2476	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1620 wrote to memory of 2476	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1620 wrote to memory of 2476	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1620 wrote to memory of 2744	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1620 wrote to memory of 2744	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1620 wrote to memory of 2744	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1620 wrote to memory of 2832	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1620 wrote to memory of 2832	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1620 wrote to memory of 2832	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1620 wrote to memory of 2756	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1620 wrote to memory of 2756	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1620 wrote to memory of 2756	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1620 wrote to memory of 2736	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1620 wrote to memory of 2736	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1620 wrote to memory of 2736	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1620 wrote to memory of 2908	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1620 wrote to memory of 2908	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1620 wrote to memory of 2908	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1620 wrote to memory of 2704	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1620 wrote to memory of 2704	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1620 wrote to memory of 2704	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1620 wrote to memory of 2624	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1620 wrote to memory of 2624	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1620 wrote to memory of 2624	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1620 wrote to memory of 2716	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1620 wrote to memory of 2716	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1620 wrote to memory of 2716	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1620 wrote to memory of 2616	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1620 wrote to memory of 2616	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1620 wrote to memory of 2616	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1620 wrote to memory of 1880	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1620 wrote to memory of 1880	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1620 wrote to memory of 1880	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1620 wrote to memory of 2328	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1620 wrote to memory of 2328	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1620 wrote to memory of 2328	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1620 wrote to memory of 2164	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1620 wrote to memory of 2164	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1620 wrote to memory of 2164	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1620 wrote to memory of 1132	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1620 wrote to memory of 1132	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1620 wrote to memory of 1132	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1620 wrote to memory of 1908	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1620 wrote to memory of 1908	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1620 wrote to memory of 1908	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1620 wrote to memory of 992	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1620 wrote to memory of 992	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1620 wrote to memory of 992	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1620 wrote to memory of 964	1620	2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-17_090dc627a38fa7b008f678bf2890a89c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\System\dhdasrq.exe
  C:\Windows\System\dhdasrq.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\lRNrVSs.exe
  C:\Windows\System\lRNrVSs.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\xiGVDzU.exe
  C:\Windows\System\xiGVDzU.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\iSdYwZY.exe
  C:\Windows\System\iSdYwZY.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\JUypdiM.exe
  C:\Windows\System\JUypdiM.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\baXSCug.exe
  C:\Windows\System\baXSCug.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\pPNXbJW.exe
  C:\Windows\System\pPNXbJW.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\oMiumXm.exe
  C:\Windows\System\oMiumXm.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\mqAFQxj.exe
  C:\Windows\System\mqAFQxj.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\udGIRLG.exe
  C:\Windows\System\udGIRLG.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\gkVRYRN.exe
  C:\Windows\System\gkVRYRN.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\MiwQUej.exe
  C:\Windows\System\MiwQUej.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\nobpSig.exe
  C:\Windows\System\nobpSig.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\iyQaXvb.exe
  C:\Windows\System\iyQaXvb.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\irIbHPZ.exe
  C:\Windows\System\irIbHPZ.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\FSiwkPk.exe
  C:\Windows\System\FSiwkPk.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\GUzbQkG.exe
  C:\Windows\System\GUzbQkG.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\vDNnUcc.exe
  C:\Windows\System\vDNnUcc.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\lNyxbNa.exe
  C:\Windows\System\lNyxbNa.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\oMgtuFJ.exe
  C:\Windows\System\oMgtuFJ.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\PfjHVHx.exe
  C:\Windows\System\PfjHVHx.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\JTZUhpV.exe
  C:\Windows\System\JTZUhpV.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\HaFINAz.exe
  C:\Windows\System\HaFINAz.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\nRRQMwO.exe
  C:\Windows\System\nRRQMwO.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\doCQasN.exe
  C:\Windows\System\doCQasN.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\OmpAwjl.exe
  C:\Windows\System\OmpAwjl.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\MrLBvNu.exe
  C:\Windows\System\MrLBvNu.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\bMLDKbK.exe
  C:\Windows\System\bMLDKbK.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\heyuOxh.exe
  C:\Windows\System\heyuOxh.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\lMDcnqA.exe
  C:\Windows\System\lMDcnqA.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\BxVLdAC.exe
  C:\Windows\System\BxVLdAC.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\sYeHtbz.exe
  C:\Windows\System\sYeHtbz.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\tbPRQEP.exe
  C:\Windows\System\tbPRQEP.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\ilPgkzh.exe
  C:\Windows\System\ilPgkzh.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\BysoPXq.exe
  C:\Windows\System\BysoPXq.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\vHkYAMk.exe
  C:\Windows\System\vHkYAMk.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\EBrIWtz.exe
  C:\Windows\System\EBrIWtz.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\rzQYIHg.exe
  C:\Windows\System\rzQYIHg.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\tAYFxJy.exe
  C:\Windows\System\tAYFxJy.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\ZEXnCOr.exe
  C:\Windows\System\ZEXnCOr.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\GBKMOOY.exe
  C:\Windows\System\GBKMOOY.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\wFtHYQT.exe
  C:\Windows\System\wFtHYQT.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\QbIYbAg.exe
  C:\Windows\System\QbIYbAg.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\ptqssgw.exe
  C:\Windows\System\ptqssgw.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\kFUFopL.exe
  C:\Windows\System\kFUFopL.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\nSbZtFf.exe
  C:\Windows\System\nSbZtFf.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\FIsPshY.exe
  C:\Windows\System\FIsPshY.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\rkJWXXj.exe
  C:\Windows\System\rkJWXXj.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\NDPlVeL.exe
  C:\Windows\System\NDPlVeL.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\BIIAFlp.exe
  C:\Windows\System\BIIAFlp.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\zveZGfm.exe
  C:\Windows\System\zveZGfm.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\TbifMOL.exe
  C:\Windows\System\TbifMOL.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\SnloYkd.exe
  C:\Windows\System\SnloYkd.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\pBLQwzK.exe
  C:\Windows\System\pBLQwzK.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\HOfPYHY.exe
  C:\Windows\System\HOfPYHY.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\VmLWClj.exe
  C:\Windows\System\VmLWClj.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\PNEyPTC.exe
  C:\Windows\System\PNEyPTC.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\QDvQDtA.exe
  C:\Windows\System\QDvQDtA.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\LRWZObE.exe
  C:\Windows\System\LRWZObE.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\nAaexHW.exe
  C:\Windows\System\nAaexHW.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\XIonShg.exe
  C:\Windows\System\XIonShg.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\CLzYjwq.exe
  C:\Windows\System\CLzYjwq.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\TmHBzqN.exe
  C:\Windows\System\TmHBzqN.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\TYCTjCu.exe
  C:\Windows\System\TYCTjCu.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\BTTikkH.exe
  C:\Windows\System\BTTikkH.exe
  2⤵
  PID:2852
- C:\Windows\System\xkVOkiL.exe
  C:\Windows\System\xkVOkiL.exe
  2⤵
  PID:2728
- C:\Windows\System\rFllcXW.exe
  C:\Windows\System\rFllcXW.exe
  2⤵
  PID:2816
- C:\Windows\System\ezkhDBb.exe
  C:\Windows\System\ezkhDBb.exe
  2⤵
  PID:2768
- C:\Windows\System\wcbszGE.exe
  C:\Windows\System\wcbszGE.exe
  2⤵
  PID:2648
- C:\Windows\System\IGhMECX.exe
  C:\Windows\System\IGhMECX.exe
  2⤵
  PID:1660
- C:\Windows\System\kSscUSE.exe
  C:\Windows\System\kSscUSE.exe
  2⤵
  PID:672
- C:\Windows\System\KOicpno.exe
  C:\Windows\System\KOicpno.exe
  2⤵
  PID:1692
- C:\Windows\System\UIZqnfO.exe
  C:\Windows\System\UIZqnfO.exe
  2⤵
  PID:1920
- C:\Windows\System\itwVmEa.exe
  C:\Windows\System\itwVmEa.exe
  2⤵
  PID:1884
- C:\Windows\System\etiFiuQ.exe
  C:\Windows\System\etiFiuQ.exe
  2⤵
  PID:1372
- C:\Windows\System\iJVaGgv.exe
  C:\Windows\System\iJVaGgv.exe
  2⤵
  PID:3068
- C:\Windows\System\BVdDHgg.exe
  C:\Windows\System\BVdDHgg.exe
  2⤵
  PID:2240
- C:\Windows\System\kNfXnjP.exe
  C:\Windows\System\kNfXnjP.exe
  2⤵
  PID:904
- C:\Windows\System\NdMrFDI.exe
  C:\Windows\System\NdMrFDI.exe
  2⤵
  PID:380
- C:\Windows\System\ZpBYpsN.exe
  C:\Windows\System\ZpBYpsN.exe
  2⤵
  PID:1428
- C:\Windows\System\nCSKrZq.exe
  C:\Windows\System\nCSKrZq.exe
  2⤵
  PID:632
- C:\Windows\System\XWVtakm.exe
  C:\Windows\System\XWVtakm.exe
  2⤵
  PID:376
- C:\Windows\System\uaYWVXR.exe
  C:\Windows\System\uaYWVXR.exe
  2⤵
  PID:1108
- C:\Windows\System\IiXxXfm.exe
  C:\Windows\System\IiXxXfm.exe
  2⤵
  PID:2980
- C:\Windows\System\JCfBZun.exe
  C:\Windows\System\JCfBZun.exe
  2⤵
  PID:1632
- C:\Windows\System\DSMwPRN.exe
  C:\Windows\System\DSMwPRN.exe
  2⤵
  PID:1636
- C:\Windows\System\YGvdHKG.exe
  C:\Windows\System\YGvdHKG.exe
  2⤵
  PID:1684
- C:\Windows\System\CnNtKlq.exe
  C:\Windows\System\CnNtKlq.exe
  2⤵
  PID:772
- C:\Windows\System\GDVoeLN.exe
  C:\Windows\System\GDVoeLN.exe
  2⤵
  PID:2456
- C:\Windows\System\zWEdXVp.exe
  C:\Windows\System\zWEdXVp.exe
  2⤵
  PID:1400
- C:\Windows\System\jaZZIhh.exe
  C:\Windows\System\jaZZIhh.exe
  2⤵
  PID:1700
- C:\Windows\System\MDbwFSL.exe
  C:\Windows\System\MDbwFSL.exe
  2⤵
  PID:2352
- C:\Windows\System\TbcniDv.exe
  C:\Windows\System\TbcniDv.exe
  2⤵
  PID:884
- C:\Windows\System\SXAhtbi.exe
  C:\Windows\System\SXAhtbi.exe
  2⤵
  PID:2372
- C:\Windows\System\dWftwrc.exe
  C:\Windows\System\dWftwrc.exe
  2⤵
  PID:2052
- C:\Windows\System\rmUQcMx.exe
  C:\Windows\System\rmUQcMx.exe
  2⤵
  PID:3036
- C:\Windows\System\aiDBmfO.exe
  C:\Windows\System\aiDBmfO.exe
  2⤵
  PID:2360
- C:\Windows\System\XVpTWeD.exe
  C:\Windows\System\XVpTWeD.exe
  2⤵
  PID:484
- C:\Windows\System\ZXqwPSk.exe
  C:\Windows\System\ZXqwPSk.exe
  2⤵
  PID:2828
- C:\Windows\System\suVHFSJ.exe
  C:\Windows\System\suVHFSJ.exe
  2⤵
  PID:2636
- C:\Windows\System\rBVudet.exe
  C:\Windows\System\rBVudet.exe
  2⤵
  PID:2676
- C:\Windows\System\ZfWSvpC.exe
  C:\Windows\System\ZfWSvpC.exe
  2⤵
  PID:2672
- C:\Windows\System\StPYZpZ.exe
  C:\Windows\System\StPYZpZ.exe
  2⤵
  PID:1392
- C:\Windows\System\RlqFQGd.exe
  C:\Windows\System\RlqFQGd.exe
  2⤵
  PID:2140
- C:\Windows\System\ojuaQEn.exe
  C:\Windows\System\ojuaQEn.exe
  2⤵
  PID:1596
- C:\Windows\System\nIzqFaY.exe
  C:\Windows\System\nIzqFaY.exe
  2⤵
  PID:2136
- C:\Windows\System\qAqSBnR.exe
  C:\Windows\System\qAqSBnR.exe
  2⤵
  PID:2584
- C:\Windows\System\GTPvqmh.exe
  C:\Windows\System\GTPvqmh.exe
  2⤵
  PID:2948
- C:\Windows\System\wYcwAGO.exe
  C:\Windows\System\wYcwAGO.exe
  2⤵
  PID:844
- C:\Windows\System\grtnKts.exe
  C:\Windows\System\grtnKts.exe
  2⤵
  PID:1424
- C:\Windows\System\hOGusKF.exe
  C:\Windows\System\hOGusKF.exe
  2⤵
  PID:3008
- C:\Windows\System\PWpoOpB.exe
  C:\Windows\System\PWpoOpB.exe
  2⤵
  PID:896
- C:\Windows\System\wtcDnpX.exe
  C:\Windows\System\wtcDnpX.exe
  2⤵
  PID:2500
- C:\Windows\System\SpruqBL.exe
  C:\Windows\System\SpruqBL.exe
  2⤵
  PID:940
- C:\Windows\System\uSrOHAM.exe
  C:\Windows\System\uSrOHAM.exe
  2⤵
  PID:1412
- C:\Windows\System\LGqzHqz.exe
  C:\Windows\System\LGqzHqz.exe
  2⤵
  PID:1076
- C:\Windows\System\JNeUFRY.exe
  C:\Windows\System\JNeUFRY.exe
  2⤵
  PID:2480
- C:\Windows\System\MMHkPts.exe
  C:\Windows\System\MMHkPts.exe
  2⤵
  PID:3088
- C:\Windows\System\rhtBhMp.exe
  C:\Windows\System\rhtBhMp.exe
  2⤵
  PID:3108
- C:\Windows\System\mzCDXJM.exe
  C:\Windows\System\mzCDXJM.exe
  2⤵
  PID:3128
- C:\Windows\System\QbLfbdi.exe
  C:\Windows\System\QbLfbdi.exe
  2⤵
  PID:3148
- C:\Windows\System\InDzwoW.exe
  C:\Windows\System\InDzwoW.exe
  2⤵
  PID:3168
- C:\Windows\System\WqYHpjo.exe
  C:\Windows\System\WqYHpjo.exe
  2⤵
  PID:3188
- C:\Windows\System\fypBZmo.exe
  C:\Windows\System\fypBZmo.exe
  2⤵
  PID:3208
- C:\Windows\System\zHoopeu.exe
  C:\Windows\System\zHoopeu.exe
  2⤵
  PID:3228
- C:\Windows\System\dNNCNwo.exe
  C:\Windows\System\dNNCNwo.exe
  2⤵
  PID:3248
- C:\Windows\System\UQzuIDC.exe
  C:\Windows\System\UQzuIDC.exe
  2⤵
  PID:3268
- C:\Windows\System\ViZvrQW.exe
  C:\Windows\System\ViZvrQW.exe
  2⤵
  PID:3288
- C:\Windows\System\rjsprhJ.exe
  C:\Windows\System\rjsprhJ.exe
  2⤵
  PID:3308
- C:\Windows\System\BCVmtUd.exe
  C:\Windows\System\BCVmtUd.exe
  2⤵
  PID:3328
- C:\Windows\System\yAKCwks.exe
  C:\Windows\System\yAKCwks.exe
  2⤵
  PID:3348
- C:\Windows\System\QGiLiVe.exe
  C:\Windows\System\QGiLiVe.exe
  2⤵
  PID:3368
- C:\Windows\System\cIRozQr.exe
  C:\Windows\System\cIRozQr.exe
  2⤵
  PID:3388
- C:\Windows\System\rPVBqmr.exe
  C:\Windows\System\rPVBqmr.exe
  2⤵
  PID:3408
- C:\Windows\System\ELqYpCQ.exe
  C:\Windows\System\ELqYpCQ.exe
  2⤵
  PID:3428
- C:\Windows\System\lQnWmdZ.exe
  C:\Windows\System\lQnWmdZ.exe
  2⤵
  PID:3448
- C:\Windows\System\xBRFqJx.exe
  C:\Windows\System\xBRFqJx.exe
  2⤵
  PID:3468
- C:\Windows\System\FwvPoHt.exe
  C:\Windows\System\FwvPoHt.exe
  2⤵
  PID:3488
- C:\Windows\System\cSoldeS.exe
  C:\Windows\System\cSoldeS.exe
  2⤵
  PID:3508
- C:\Windows\System\uCZChSd.exe
  C:\Windows\System\uCZChSd.exe
  2⤵
  PID:3528
- C:\Windows\System\SqzSLfT.exe
  C:\Windows\System\SqzSLfT.exe
  2⤵
  PID:3548
- C:\Windows\System\NZZuUSY.exe
  C:\Windows\System\NZZuUSY.exe
  2⤵
  PID:3568
- C:\Windows\System\yMjtIuX.exe
  C:\Windows\System\yMjtIuX.exe
  2⤵
  PID:3588
- C:\Windows\System\dXxktvF.exe
  C:\Windows\System\dXxktvF.exe
  2⤵
  PID:3608
- C:\Windows\System\nxtgfao.exe
  C:\Windows\System\nxtgfao.exe
  2⤵
  PID:3628
- C:\Windows\System\fQucyaf.exe
  C:\Windows\System\fQucyaf.exe
  2⤵
  PID:3648
- C:\Windows\System\iezPZTv.exe
  C:\Windows\System\iezPZTv.exe
  2⤵
  PID:3668
- C:\Windows\System\pvJxMpw.exe
  C:\Windows\System\pvJxMpw.exe
  2⤵
  PID:3688
- C:\Windows\System\kslbPnY.exe
  C:\Windows\System\kslbPnY.exe
  2⤵
  PID:3708
- C:\Windows\System\oXSAFlF.exe
  C:\Windows\System\oXSAFlF.exe
  2⤵
  PID:3728
- C:\Windows\System\PDkUIDX.exe
  C:\Windows\System\PDkUIDX.exe
  2⤵
  PID:3748
- C:\Windows\System\UxbOywW.exe
  C:\Windows\System\UxbOywW.exe
  2⤵
  PID:3768
- C:\Windows\System\loAniZR.exe
  C:\Windows\System\loAniZR.exe
  2⤵
  PID:3788
- C:\Windows\System\LqIfRho.exe
  C:\Windows\System\LqIfRho.exe
  2⤵
  PID:3808
- C:\Windows\System\iTAFLiS.exe
  C:\Windows\System\iTAFLiS.exe
  2⤵
  PID:3828
- C:\Windows\System\vtiklBy.exe
  C:\Windows\System\vtiklBy.exe
  2⤵
  PID:3848
- C:\Windows\System\pAbVEWp.exe
  C:\Windows\System\pAbVEWp.exe
  2⤵
  PID:3868
- C:\Windows\System\tIxoDfQ.exe
  C:\Windows\System\tIxoDfQ.exe
  2⤵
  PID:3888
- C:\Windows\System\ctvduys.exe
  C:\Windows\System\ctvduys.exe
  2⤵
  PID:3908
- C:\Windows\System\uLUKSWD.exe
  C:\Windows\System\uLUKSWD.exe
  2⤵
  PID:3928
- C:\Windows\System\deCXPyC.exe
  C:\Windows\System\deCXPyC.exe
  2⤵
  PID:3948
- C:\Windows\System\RZRPOal.exe
  C:\Windows\System\RZRPOal.exe
  2⤵
  PID:3968
- C:\Windows\System\qztJRKx.exe
  C:\Windows\System\qztJRKx.exe
  2⤵
  PID:3988
- C:\Windows\System\sCpBqTT.exe
  C:\Windows\System\sCpBqTT.exe
  2⤵
  PID:4008
- C:\Windows\System\vQogeoa.exe
  C:\Windows\System\vQogeoa.exe
  2⤵
  PID:4028
- C:\Windows\System\hZEVHes.exe
  C:\Windows\System\hZEVHes.exe
  2⤵
  PID:4048
- C:\Windows\System\GFdhOxZ.exe
  C:\Windows\System\GFdhOxZ.exe
  2⤵
  PID:4068
- C:\Windows\System\qFebkvt.exe
  C:\Windows\System\qFebkvt.exe
  2⤵
  PID:4088
- C:\Windows\System\sudDbyf.exe
  C:\Windows\System\sudDbyf.exe
  2⤵
  PID:3040
- C:\Windows\System\HLmCRRd.exe
  C:\Windows\System\HLmCRRd.exe
  2⤵
  PID:3000
- C:\Windows\System\cVoRyPw.exe
  C:\Windows\System\cVoRyPw.exe
  2⤵
  PID:2916
- C:\Windows\System\BfftBwz.exe
  C:\Windows\System\BfftBwz.exe
  2⤵
  PID:2260
- C:\Windows\System\saNvXox.exe
  C:\Windows\System\saNvXox.exe
  2⤵
  PID:2688
- C:\Windows\System\TfrAaES.exe
  C:\Windows\System\TfrAaES.exe
  2⤵
  PID:2952
- C:\Windows\System\zuKXtnm.exe
  C:\Windows\System\zuKXtnm.exe
  2⤵
  PID:2268
- C:\Windows\System\yImGKkn.exe
  C:\Windows\System\yImGKkn.exe
  2⤵
  PID:2192
- C:\Windows\System\tdpdwoL.exe
  C:\Windows\System\tdpdwoL.exe
  2⤵
  PID:1688
- C:\Windows\System\YVaJBen.exe
  C:\Windows\System\YVaJBen.exe
  2⤵
  PID:852
- C:\Windows\System\sggsCmu.exe
  C:\Windows\System\sggsCmu.exe
  2⤵
  PID:3020
- C:\Windows\System\GMuSXlj.exe
  C:\Windows\System\GMuSXlj.exe
  2⤵
  PID:1236
- C:\Windows\System\DzAFMTn.exe
  C:\Windows\System\DzAFMTn.exe
  2⤵
  PID:3076
- C:\Windows\System\iKfLAuA.exe
  C:\Windows\System\iKfLAuA.exe
  2⤵
  PID:3100
- C:\Windows\System\VpRyXlC.exe
  C:\Windows\System\VpRyXlC.exe
  2⤵
  PID:3144
- C:\Windows\System\ymWUeKX.exe
  C:\Windows\System\ymWUeKX.exe
  2⤵
  PID:3176
- C:\Windows\System\KuFnjYj.exe
  C:\Windows\System\KuFnjYj.exe
  2⤵
  PID:3200
- C:\Windows\System\tmTwDRe.exe
  C:\Windows\System\tmTwDRe.exe
  2⤵
  PID:3244
- C:\Windows\System\tcsSpJr.exe
  C:\Windows\System\tcsSpJr.exe
  2⤵
  PID:3284
- C:\Windows\System\ILMCEtL.exe
  C:\Windows\System\ILMCEtL.exe
  2⤵
  PID:3324
- C:\Windows\System\fFODXoA.exe
  C:\Windows\System\fFODXoA.exe
  2⤵
  PID:3344
- C:\Windows\System\XBpDSsX.exe
  C:\Windows\System\XBpDSsX.exe
  2⤵
  PID:3376
- C:\Windows\System\MQZyEoY.exe
  C:\Windows\System\MQZyEoY.exe
  2⤵
  PID:3400
- C:\Windows\System\wjBDdGp.exe
  C:\Windows\System\wjBDdGp.exe
  2⤵
  PID:3444
- C:\Windows\System\LIcLWev.exe
  C:\Windows\System\LIcLWev.exe
  2⤵
  PID:3484
- C:\Windows\System\BgzKVcG.exe
  C:\Windows\System\BgzKVcG.exe
  2⤵
  PID:3504
- C:\Windows\System\JmULhDM.exe
  C:\Windows\System\JmULhDM.exe
  2⤵
  PID:3556
- C:\Windows\System\EXgtJtD.exe
  C:\Windows\System\EXgtJtD.exe
  2⤵
  PID:3576
- C:\Windows\System\IXkhybx.exe
  C:\Windows\System\IXkhybx.exe
  2⤵
  PID:3600
- C:\Windows\System\YdwQItJ.exe
  C:\Windows\System\YdwQItJ.exe
  2⤵
  PID:3644
- C:\Windows\System\nhHfdGY.exe
  C:\Windows\System\nhHfdGY.exe
  2⤵
  PID:3676
- C:\Windows\System\DudJtpV.exe
  C:\Windows\System\DudJtpV.exe
  2⤵
  PID:3704
- C:\Windows\System\YngblCC.exe
  C:\Windows\System\YngblCC.exe
  2⤵
  PID:3744
- C:\Windows\System\tyOpoQA.exe
  C:\Windows\System\tyOpoQA.exe
  2⤵
  PID:3776
- C:\Windows\System\OKvuXPj.exe
  C:\Windows\System\OKvuXPj.exe
  2⤵
  PID:3800
- C:\Windows\System\MRlFnEb.exe
  C:\Windows\System\MRlFnEb.exe
  2⤵
  PID:3844
- C:\Windows\System\VCLidkt.exe
  C:\Windows\System\VCLidkt.exe
  2⤵
  PID:3884
- C:\Windows\System\jTSUVpb.exe
  C:\Windows\System\jTSUVpb.exe
  2⤵
  PID:3900
- C:\Windows\System\OZMZWUD.exe
  C:\Windows\System\OZMZWUD.exe
  2⤵
  PID:3944
- C:\Windows\System\kJPofvM.exe
  C:\Windows\System\kJPofvM.exe
  2⤵
  PID:3976
- C:\Windows\System\ZyfVuOT.exe
  C:\Windows\System\ZyfVuOT.exe
  2⤵
  PID:4000
- C:\Windows\System\LekLzGv.exe
  C:\Windows\System\LekLzGv.exe
  2⤵
  PID:4020
- C:\Windows\System\TffyCsA.exe
  C:\Windows\System\TffyCsA.exe
  2⤵
  PID:4060
- C:\Windows\System\hFSjaDX.exe
  C:\Windows\System\hFSjaDX.exe
  2⤵
  PID:1968
- C:\Windows\System\LKLGjSU.exe
  C:\Windows\System\LKLGjSU.exe
  2⤵
  PID:2720
- C:\Windows\System\KFbRjQr.exe
  C:\Windows\System\KFbRjQr.exe
  2⤵
  PID:1996
- C:\Windows\System\tKIOyEN.exe
  C:\Windows\System\tKIOyEN.exe
  2⤵
  PID:3016
- C:\Windows\System\fjJMHgS.exe
  C:\Windows\System\fjJMHgS.exe
  2⤵
  PID:1648
- C:\Windows\System\WmqImEn.exe
  C:\Windows\System\WmqImEn.exe
  2⤵
  PID:1656
- C:\Windows\System\oZVRFDi.exe
  C:\Windows\System\oZVRFDi.exe
  2⤵
  PID:1876
- C:\Windows\System\xFNqNAT.exe
  C:\Windows\System\xFNqNAT.exe
  2⤵
  PID:3096
- C:\Windows\System\UQUfoAd.exe
  C:\Windows\System\UQUfoAd.exe
  2⤵
  PID:3140
- C:\Windows\System\bMuMdPy.exe
  C:\Windows\System\bMuMdPy.exe
  2⤵
  PID:3236
- C:\Windows\System\eHpeIro.exe
  C:\Windows\System\eHpeIro.exe
  2⤵
  PID:3280
- C:\Windows\System\lhDNBso.exe
  C:\Windows\System\lhDNBso.exe
  2⤵
  PID:3340
- C:\Windows\System\hkRxVhI.exe
  C:\Windows\System\hkRxVhI.exe
  2⤵
  PID:3404
- C:\Windows\System\yYLYEcg.exe
  C:\Windows\System\yYLYEcg.exe
  2⤵
  PID:3516
- C:\Windows\System\PppvBgq.exe
  C:\Windows\System\PppvBgq.exe
  2⤵
  PID:3536
- C:\Windows\System\bPqCKHl.exe
  C:\Windows\System\bPqCKHl.exe
  2⤵
  PID:3580
- C:\Windows\System\pHMOgZz.exe
  C:\Windows\System\pHMOgZz.exe
  2⤵
  PID:3656
- C:\Windows\System\TTjLmYW.exe
  C:\Windows\System\TTjLmYW.exe
  2⤵
  PID:3716
- C:\Windows\System\DgpYjzZ.exe
  C:\Windows\System\DgpYjzZ.exe
  2⤵
  PID:3760
- C:\Windows\System\MGeFrVO.exe
  C:\Windows\System\MGeFrVO.exe
  2⤵
  PID:3820
- C:\Windows\System\SMvKmxx.exe
  C:\Windows\System\SMvKmxx.exe
  2⤵
  PID:3876
- C:\Windows\System\ebkujzM.exe
  C:\Windows\System\ebkujzM.exe
  2⤵
  PID:3956
- C:\Windows\System\rJbfiKd.exe
  C:\Windows\System\rJbfiKd.exe
  2⤵
  PID:3984
- C:\Windows\System\mhEshZb.exe
  C:\Windows\System\mhEshZb.exe
  2⤵
  PID:3980
- C:\Windows\System\GNGtrux.exe
  C:\Windows\System\GNGtrux.exe
  2⤵
  PID:2324
- C:\Windows\System\EYgXILi.exe
  C:\Windows\System\EYgXILi.exe
  2⤵
  PID:2612
- C:\Windows\System\ZzTAnrh.exe
  C:\Windows\System\ZzTAnrh.exe
  2⤵
  PID:2932
- C:\Windows\System\XcGnZXp.exe
  C:\Windows\System\XcGnZXp.exe
  2⤵
  PID:1892
- C:\Windows\System\CyQVZVv.exe
  C:\Windows\System\CyQVZVv.exe
  2⤵
  PID:3080
- C:\Windows\System\kbBAVqp.exe
  C:\Windows\System\kbBAVqp.exe
  2⤵
  PID:3160
- C:\Windows\System\WYrJOUD.exe
  C:\Windows\System\WYrJOUD.exe
  2⤵
  PID:3264
- C:\Windows\System\XyTHHuO.exe
  C:\Windows\System\XyTHHuO.exe
  2⤵
  PID:4112
- C:\Windows\System\DjRfStZ.exe
  C:\Windows\System\DjRfStZ.exe
  2⤵
  PID:4132
- C:\Windows\System\KRjOtWx.exe
  C:\Windows\System\KRjOtWx.exe
  2⤵
  PID:4152
- C:\Windows\System\poakcPo.exe
  C:\Windows\System\poakcPo.exe
  2⤵
  PID:4172
- C:\Windows\System\tmJOBew.exe
  C:\Windows\System\tmJOBew.exe
  2⤵
  PID:4192
- C:\Windows\System\TibyHFm.exe
  C:\Windows\System\TibyHFm.exe
  2⤵
  PID:4212
- C:\Windows\System\KzmqzOe.exe
  C:\Windows\System\KzmqzOe.exe
  2⤵
  PID:4232
- C:\Windows\System\BuNMMAe.exe
  C:\Windows\System\BuNMMAe.exe
  2⤵
  PID:4252
- C:\Windows\System\YRtZjQS.exe
  C:\Windows\System\YRtZjQS.exe
  2⤵
  PID:4272
- C:\Windows\System\EBmSczr.exe
  C:\Windows\System\EBmSczr.exe
  2⤵
  PID:4292
- C:\Windows\System\vnQaikE.exe
  C:\Windows\System\vnQaikE.exe
  2⤵
  PID:4312
- C:\Windows\System\fmAqckz.exe
  C:\Windows\System\fmAqckz.exe
  2⤵
  PID:4332
- C:\Windows\System\SBehFks.exe
  C:\Windows\System\SBehFks.exe
  2⤵
  PID:4352
- C:\Windows\System\frfQJTD.exe
  C:\Windows\System\frfQJTD.exe
  2⤵
  PID:4372
- C:\Windows\System\KDDzBKb.exe
  C:\Windows\System\KDDzBKb.exe
  2⤵
  PID:4392
- C:\Windows\System\BVySKBH.exe
  C:\Windows\System\BVySKBH.exe
  2⤵
  PID:4412
- C:\Windows\System\MYjEgDg.exe
  C:\Windows\System\MYjEgDg.exe
  2⤵
  PID:4432
- C:\Windows\System\SRAZdgh.exe
  C:\Windows\System\SRAZdgh.exe
  2⤵
  PID:4452
- C:\Windows\System\wFBeGEL.exe
  C:\Windows\System\wFBeGEL.exe
  2⤵
  PID:4472
- C:\Windows\System\TmfCmMH.exe
  C:\Windows\System\TmfCmMH.exe
  2⤵
  PID:4492
- C:\Windows\System\MFgEeyy.exe
  C:\Windows\System\MFgEeyy.exe
  2⤵
  PID:4512
- C:\Windows\System\mXRoTbd.exe
  C:\Windows\System\mXRoTbd.exe
  2⤵
  PID:4532
- C:\Windows\System\pqibIbs.exe
  C:\Windows\System\pqibIbs.exe
  2⤵
  PID:4552
- C:\Windows\System\Jpjobmt.exe
  C:\Windows\System\Jpjobmt.exe
  2⤵
  PID:4572
- C:\Windows\System\AmYHTSz.exe
  C:\Windows\System\AmYHTSz.exe
  2⤵
  PID:4592
- C:\Windows\System\MRHzGZm.exe
  C:\Windows\System\MRHzGZm.exe
  2⤵
  PID:4612
- C:\Windows\System\HSUCZuu.exe
  C:\Windows\System\HSUCZuu.exe
  2⤵
  PID:4632
- C:\Windows\System\EHKNmkm.exe
  C:\Windows\System\EHKNmkm.exe
  2⤵
  PID:4652
- C:\Windows\System\HXupJfN.exe
  C:\Windows\System\HXupJfN.exe
  2⤵
  PID:4672
- C:\Windows\System\AfqxiFq.exe
  C:\Windows\System\AfqxiFq.exe
  2⤵
  PID:4692
- C:\Windows\System\NIYYpez.exe
  C:\Windows\System\NIYYpez.exe
  2⤵
  PID:4712
- C:\Windows\System\nPDDXwq.exe
  C:\Windows\System\nPDDXwq.exe
  2⤵
  PID:4732
- C:\Windows\System\wSYYeaw.exe
  C:\Windows\System\wSYYeaw.exe
  2⤵
  PID:4752
- C:\Windows\System\DxSIvIY.exe
  C:\Windows\System\DxSIvIY.exe
  2⤵
  PID:4772
- C:\Windows\System\qkrxJXw.exe
  C:\Windows\System\qkrxJXw.exe
  2⤵
  PID:4792
- C:\Windows\System\PBDGhTC.exe
  C:\Windows\System\PBDGhTC.exe
  2⤵
  PID:4816
- C:\Windows\System\oifXMkQ.exe
  C:\Windows\System\oifXMkQ.exe
  2⤵
  PID:4836
- C:\Windows\System\KUhzvBc.exe
  C:\Windows\System\KUhzvBc.exe
  2⤵
  PID:4856
- C:\Windows\System\aKGsKtu.exe
  C:\Windows\System\aKGsKtu.exe
  2⤵
  PID:4876
- C:\Windows\System\NQDNXXf.exe
  C:\Windows\System\NQDNXXf.exe
  2⤵
  PID:4896
- C:\Windows\System\QCuEkYL.exe
  C:\Windows\System\QCuEkYL.exe
  2⤵
  PID:4916
- C:\Windows\System\mZawgWC.exe
  C:\Windows\System\mZawgWC.exe
  2⤵
  PID:4936
- C:\Windows\System\ZEsrLiC.exe
  C:\Windows\System\ZEsrLiC.exe
  2⤵
  PID:4956
- C:\Windows\System\JXEuOzt.exe
  C:\Windows\System\JXEuOzt.exe
  2⤵
  PID:4976
- C:\Windows\System\EzKPkHq.exe
  C:\Windows\System\EzKPkHq.exe
  2⤵
  PID:4996
- C:\Windows\System\Etngmes.exe
  C:\Windows\System\Etngmes.exe
  2⤵
  PID:5016
- C:\Windows\System\OcoEqyy.exe
  C:\Windows\System\OcoEqyy.exe
  2⤵
  PID:5036
- C:\Windows\System\xgDEdMy.exe
  C:\Windows\System\xgDEdMy.exe
  2⤵
  PID:5056
- C:\Windows\System\IzfUEys.exe
  C:\Windows\System\IzfUEys.exe
  2⤵
  PID:5076
- C:\Windows\System\UGytJCD.exe
  C:\Windows\System\UGytJCD.exe
  2⤵
  PID:5096
- C:\Windows\System\PiAfvGN.exe
  C:\Windows\System\PiAfvGN.exe
  2⤵
  PID:5116
- C:\Windows\System\ftulYEm.exe
  C:\Windows\System\ftulYEm.exe
  2⤵
  PID:3364
- C:\Windows\System\PVGbchg.exe
  C:\Windows\System\PVGbchg.exe
  2⤵
  PID:3544
- C:\Windows\System\ffUyjdM.exe
  C:\Windows\System\ffUyjdM.exe
  2⤵
  PID:3584
- C:\Windows\System\OhJIqPL.exe
  C:\Windows\System\OhJIqPL.exe
  2⤵
  PID:3660
- C:\Windows\System\SLgMqdM.exe
  C:\Windows\System\SLgMqdM.exe
  2⤵
  PID:3736
- C:\Windows\System\oFxUaxc.exe
  C:\Windows\System\oFxUaxc.exe
  2⤵
  PID:3856
- C:\Windows\System\GEwkePd.exe
  C:\Windows\System\GEwkePd.exe
  2⤵
  PID:4036
- C:\Windows\System\ouPnDVr.exe
  C:\Windows\System\ouPnDVr.exe
  2⤵
  PID:4080
- C:\Windows\System\YeLmUtN.exe
  C:\Windows\System\YeLmUtN.exe
  2⤵
  PID:340
- C:\Windows\System\dHImmPF.exe
  C:\Windows\System\dHImmPF.exe
  2⤵
  PID:1980
- C:\Windows\System\qUEZysj.exe
  C:\Windows\System\qUEZysj.exe
  2⤵
  PID:1664
- C:\Windows\System\VKDfnIj.exe
  C:\Windows\System\VKDfnIj.exe
  2⤵
  PID:4100
- C:\Windows\System\wDxlFxp.exe
  C:\Windows\System\wDxlFxp.exe
  2⤵
  PID:4148
- C:\Windows\System\aIHSKYW.exe
  C:\Windows\System\aIHSKYW.exe
  2⤵
  PID:4168
- C:\Windows\System\qjOHCgw.exe
  C:\Windows\System\qjOHCgw.exe
  2⤵
  PID:4200
- C:\Windows\System\dHvscnx.exe
  C:\Windows\System\dHvscnx.exe
  2⤵
  PID:4224
- C:\Windows\System\HpwQAIp.exe
  C:\Windows\System\HpwQAIp.exe
  2⤵
  PID:4268
- C:\Windows\System\gRcknuA.exe
  C:\Windows\System\gRcknuA.exe
  2⤵
  PID:4300
- C:\Windows\System\ApOtuRs.exe
  C:\Windows\System\ApOtuRs.exe
  2⤵
  PID:4324
- C:\Windows\System\RqXgLXZ.exe
  C:\Windows\System\RqXgLXZ.exe
  2⤵
  PID:4368
- C:\Windows\System\mdHSDst.exe
  C:\Windows\System\mdHSDst.exe
  2⤵
  PID:4400
- C:\Windows\System\IGMFARX.exe
  C:\Windows\System\IGMFARX.exe
  2⤵
  PID:4424
- C:\Windows\System\eEnxMpN.exe
  C:\Windows\System\eEnxMpN.exe
  2⤵
  PID:4468
- C:\Windows\System\sNoNEOE.exe
  C:\Windows\System\sNoNEOE.exe
  2⤵
  PID:4488
- C:\Windows\System\iBfUWQJ.exe
  C:\Windows\System\iBfUWQJ.exe
  2⤵
  PID:4524
- C:\Windows\System\mfiCCQY.exe
  C:\Windows\System\mfiCCQY.exe
  2⤵
  PID:4568
- C:\Windows\System\CoJqctV.exe
  C:\Windows\System\CoJqctV.exe
  2⤵
  PID:4600
- C:\Windows\System\zgiSpCk.exe
  C:\Windows\System\zgiSpCk.exe
  2⤵
  PID:4624
- C:\Windows\System\ljqYqre.exe
  C:\Windows\System\ljqYqre.exe
  2⤵
  PID:4668
- C:\Windows\System\LNHDOlS.exe
  C:\Windows\System\LNHDOlS.exe
  2⤵
  PID:4708
- C:\Windows\System\LFIXgjM.exe
  C:\Windows\System\LFIXgjM.exe
  2⤵
  PID:4724
- C:\Windows\System\AkGIdPg.exe
  C:\Windows\System\AkGIdPg.exe
  2⤵
  PID:4768
- C:\Windows\System\EsZSMPL.exe
  C:\Windows\System\EsZSMPL.exe
  2⤵
  PID:4800
- C:\Windows\System\DvPAQpY.exe
  C:\Windows\System\DvPAQpY.exe
  2⤵
  PID:4828
- C:\Windows\System\JYRIadI.exe
  C:\Windows\System\JYRIadI.exe
  2⤵
  PID:4872
- C:\Windows\System\cnLHngy.exe
  C:\Windows\System\cnLHngy.exe
  2⤵
  PID:4912
- C:\Windows\System\cWdovJm.exe
  C:\Windows\System\cWdovJm.exe
  2⤵
  PID:4944
- C:\Windows\System\eCZuJib.exe
  C:\Windows\System\eCZuJib.exe
  2⤵
  PID:4968
- C:\Windows\System\fXtnliP.exe
  C:\Windows\System\fXtnliP.exe
  2⤵
  PID:5012
- C:\Windows\System\tVlXrKO.exe
  C:\Windows\System\tVlXrKO.exe
  2⤵
  PID:5044
- C:\Windows\System\fAKtTCv.exe
  C:\Windows\System\fAKtTCv.exe
  2⤵
  PID:5068
- C:\Windows\System\iPyXIRX.exe
  C:\Windows\System\iPyXIRX.exe
  2⤵
  PID:5112
- C:\Windows\System\kQSHZIb.exe
  C:\Windows\System\kQSHZIb.exe
  2⤵
  PID:3496
- C:\Windows\System\HkdBBeJ.exe
  C:\Windows\System\HkdBBeJ.exe
  2⤵
  PID:3696
- C:\Windows\System\rIYLKDA.exe
  C:\Windows\System\rIYLKDA.exe
  2⤵
  PID:3720
- C:\Windows\System\VqPEAfc.exe
  C:\Windows\System\VqPEAfc.exe
  2⤵
  PID:3896
- C:\Windows\System\TKFjxEZ.exe
  C:\Windows\System\TKFjxEZ.exe
  2⤵
  PID:4024
- C:\Windows\System\NdgVZVK.exe
  C:\Windows\System\NdgVZVK.exe
  2⤵
  PID:2180
- C:\Windows\System\JSHFUFS.exe
  C:\Windows\System\JSHFUFS.exe
  2⤵
  PID:3136
- C:\Windows\System\JIiLSUM.exe
  C:\Windows\System\JIiLSUM.exe
  2⤵
  PID:4140
- C:\Windows\System\oZSOVBx.exe
  C:\Windows\System\oZSOVBx.exe
  2⤵
  PID:4164
- C:\Windows\System\cvyznLz.exe
  C:\Windows\System\cvyznLz.exe
  2⤵
  PID:4248
- C:\Windows\System\mfeEbYb.exe
  C:\Windows\System\mfeEbYb.exe
  2⤵
  PID:4288
- C:\Windows\System\zSJKKui.exe
  C:\Windows\System\zSJKKui.exe
  2⤵
  PID:4360
- C:\Windows\System\szWsAkw.exe
  C:\Windows\System\szWsAkw.exe
  2⤵
  PID:4404
- C:\Windows\System\zzuTEjN.exe
  C:\Windows\System\zzuTEjN.exe
  2⤵
  PID:4444
- C:\Windows\System\mlaukyP.exe
  C:\Windows\System\mlaukyP.exe
  2⤵
  PID:4528
- C:\Windows\System\ZOwPDNd.exe
  C:\Windows\System\ZOwPDNd.exe
  2⤵
  PID:4588
- C:\Windows\System\LdGAaVz.exe
  C:\Windows\System\LdGAaVz.exe
  2⤵
  PID:4628
- C:\Windows\System\oeUmDMq.exe
  C:\Windows\System\oeUmDMq.exe
  2⤵
  PID:4700
- C:\Windows\System\DzxBouB.exe
  C:\Windows\System\DzxBouB.exe
  2⤵
  PID:4748
- C:\Windows\System\BeynFDG.exe
  C:\Windows\System\BeynFDG.exe
  2⤵
  PID:4788
- C:\Windows\System\OHLPjGl.exe
  C:\Windows\System\OHLPjGl.exe
  2⤵
  PID:4848
- C:\Windows\System\ncCDbaL.exe
  C:\Windows\System\ncCDbaL.exe
  2⤵
  PID:4924
- C:\Windows\System\hMpFEIM.exe
  C:\Windows\System\hMpFEIM.exe
  2⤵
  PID:4964
- C:\Windows\System\JGNdtgX.exe
  C:\Windows\System\JGNdtgX.exe
  2⤵
  PID:4988
- C:\Windows\System\sqwmNjW.exe
  C:\Windows\System\sqwmNjW.exe
  2⤵
  PID:5104
- C:\Windows\System\IdKgFQe.exe
  C:\Windows\System\IdKgFQe.exe
  2⤵
  PID:3380
- C:\Windows\System\epuODym.exe
  C:\Windows\System\epuODym.exe
  2⤵
  PID:3824
- C:\Windows\System\aUrUZut.exe
  C:\Windows\System\aUrUZut.exe
  2⤵
  PID:3936
- C:\Windows\System\XcGGJoa.exe
  C:\Windows\System\XcGGJoa.exe
  2⤵
  PID:1704
- C:\Windows\System\xXfAwjX.exe
  C:\Windows\System\xXfAwjX.exe
  2⤵
  PID:4124
- C:\Windows\System\GWGzGjC.exe
  C:\Windows\System\GWGzGjC.exe
  2⤵
  PID:4184
- C:\Windows\System\WEizHHH.exe
  C:\Windows\System\WEizHHH.exe
  2⤵
  PID:4328
- C:\Windows\System\zVsJtIi.exe
  C:\Windows\System\zVsJtIi.exe
  2⤵
  PID:4388
- C:\Windows\System\YnxwUBH.exe
  C:\Windows\System\YnxwUBH.exe
  2⤵
  PID:4508
- C:\Windows\System\iiExqCb.exe
  C:\Windows\System\iiExqCb.exe
  2⤵
  PID:4560
- C:\Windows\System\RxEezTt.exe
  C:\Windows\System\RxEezTt.exe
  2⤵
  PID:5136
- C:\Windows\System\LBvSdmk.exe
  C:\Windows\System\LBvSdmk.exe
  2⤵
  PID:5156
- C:\Windows\System\Ikxqheh.exe
  C:\Windows\System\Ikxqheh.exe
  2⤵
  PID:5176
- C:\Windows\System\TXVOccA.exe
  C:\Windows\System\TXVOccA.exe
  2⤵
  PID:5196
- C:\Windows\System\MWaolCc.exe
  C:\Windows\System\MWaolCc.exe
  2⤵
  PID:5216
- C:\Windows\System\YUZVLkl.exe
  C:\Windows\System\YUZVLkl.exe
  2⤵
  PID:5236
- C:\Windows\System\SmCQYBm.exe
  C:\Windows\System\SmCQYBm.exe
  2⤵
  PID:5256
- C:\Windows\System\LfboMuX.exe
  C:\Windows\System\LfboMuX.exe
  2⤵
  PID:5276
- C:\Windows\System\PWbemcs.exe
  C:\Windows\System\PWbemcs.exe
  2⤵
  PID:5300
- C:\Windows\System\GhvmQTT.exe
  C:\Windows\System\GhvmQTT.exe
  2⤵
  PID:5320
- C:\Windows\System\cuVKvBy.exe
  C:\Windows\System\cuVKvBy.exe
  2⤵
  PID:5340
- C:\Windows\System\OiVgJvL.exe
  C:\Windows\System\OiVgJvL.exe
  2⤵
  PID:5360
- C:\Windows\System\gUOqPoW.exe
  C:\Windows\System\gUOqPoW.exe
  2⤵
  PID:5380
- C:\Windows\System\hctwgoB.exe
  C:\Windows\System\hctwgoB.exe
  2⤵
  PID:5400
- C:\Windows\System\VOEshtW.exe
  C:\Windows\System\VOEshtW.exe
  2⤵
  PID:5420
- C:\Windows\System\NLzSowR.exe
  C:\Windows\System\NLzSowR.exe
  2⤵
  PID:5440
- C:\Windows\System\SGoqFNE.exe
  C:\Windows\System\SGoqFNE.exe
  2⤵
  PID:5460
- C:\Windows\System\iDDZIlN.exe
  C:\Windows\System\iDDZIlN.exe
  2⤵
  PID:5480
- C:\Windows\System\EyFfSbL.exe
  C:\Windows\System\EyFfSbL.exe
  2⤵
  PID:5500
- C:\Windows\System\zjORvhc.exe
  C:\Windows\System\zjORvhc.exe
  2⤵
  PID:5520
- C:\Windows\System\kSOKRso.exe
  C:\Windows\System\kSOKRso.exe
  2⤵
  PID:5540
- C:\Windows\System\ABrVQiJ.exe
  C:\Windows\System\ABrVQiJ.exe
  2⤵
  PID:5560
- C:\Windows\System\NGnULkG.exe
  C:\Windows\System\NGnULkG.exe
  2⤵
  PID:5580
- C:\Windows\System\IEQQSiS.exe
  C:\Windows\System\IEQQSiS.exe
  2⤵
  PID:5600
- C:\Windows\System\lxAYtEl.exe
  C:\Windows\System\lxAYtEl.exe
  2⤵
  PID:5620
- C:\Windows\System\kvqKkLo.exe
  C:\Windows\System\kvqKkLo.exe
  2⤵
  PID:5640
- C:\Windows\System\gMEkXEh.exe
  C:\Windows\System\gMEkXEh.exe
  2⤵
  PID:5660
- C:\Windows\System\nLoTsUF.exe
  C:\Windows\System\nLoTsUF.exe
  2⤵
  PID:5680
- C:\Windows\System\gRZLLez.exe
  C:\Windows\System\gRZLLez.exe
  2⤵
  PID:5700
- C:\Windows\System\lVbidpb.exe
  C:\Windows\System\lVbidpb.exe
  2⤵
  PID:5720
- C:\Windows\System\gOQxZGH.exe
  C:\Windows\System\gOQxZGH.exe
  2⤵
  PID:5740
- C:\Windows\System\jpJMSYe.exe
  C:\Windows\System\jpJMSYe.exe
  2⤵
  PID:5760
- C:\Windows\System\CZyUUde.exe
  C:\Windows\System\CZyUUde.exe
  2⤵
  PID:5780
- C:\Windows\System\hJsRPVM.exe
  C:\Windows\System\hJsRPVM.exe
  2⤵
  PID:5800
- C:\Windows\System\oKOWHwQ.exe
  C:\Windows\System\oKOWHwQ.exe
  2⤵
  PID:5820
- C:\Windows\System\yZarGQr.exe
  C:\Windows\System\yZarGQr.exe
  2⤵
  PID:5840
- C:\Windows\System\ZUDpxIl.exe
  C:\Windows\System\ZUDpxIl.exe
  2⤵
  PID:5860
- C:\Windows\System\HZbGaeG.exe
  C:\Windows\System\HZbGaeG.exe
  2⤵
  PID:5880
- C:\Windows\System\nuBtHgE.exe
  C:\Windows\System\nuBtHgE.exe
  2⤵
  PID:5900
- C:\Windows\System\vlqRqWD.exe
  C:\Windows\System\vlqRqWD.exe
  2⤵
  PID:5920
- C:\Windows\System\bGtZxmY.exe
  C:\Windows\System\bGtZxmY.exe
  2⤵
  PID:5940
- C:\Windows\System\PjaOgWK.exe
  C:\Windows\System\PjaOgWK.exe
  2⤵
  PID:5960
- C:\Windows\System\qWtMrpD.exe
  C:\Windows\System\qWtMrpD.exe
  2⤵
  PID:5980
- C:\Windows\System\tcbTXFa.exe
  C:\Windows\System\tcbTXFa.exe
  2⤵
  PID:6000
- C:\Windows\System\sPtiWiF.exe
  C:\Windows\System\sPtiWiF.exe
  2⤵
  PID:6020
- C:\Windows\System\CEqNMet.exe
  C:\Windows\System\CEqNMet.exe
  2⤵
  PID:6040
- C:\Windows\System\rdoTVtq.exe
  C:\Windows\System\rdoTVtq.exe
  2⤵
  PID:6060
- C:\Windows\System\umFQRVb.exe
  C:\Windows\System\umFQRVb.exe
  2⤵
  PID:6080
- C:\Windows\System\edaaTRI.exe
  C:\Windows\System\edaaTRI.exe
  2⤵
  PID:6100
- C:\Windows\System\iBDoYLQ.exe
  C:\Windows\System\iBDoYLQ.exe
  2⤵
  PID:6120
- C:\Windows\System\TeSIRHw.exe
  C:\Windows\System\TeSIRHw.exe
  2⤵
  PID:6140
- C:\Windows\System\GNPzdcX.exe
  C:\Windows\System\GNPzdcX.exe
  2⤵
  PID:4660
- C:\Windows\System\OUrMiyQ.exe
  C:\Windows\System\OUrMiyQ.exe
  2⤵
  PID:4784
- C:\Windows\System\VNEjmSA.exe
  C:\Windows\System\VNEjmSA.exe
  2⤵
  PID:4804
- C:\Windows\System\MeSLhMX.exe
  C:\Windows\System\MeSLhMX.exe
  2⤵
  PID:5004
- C:\Windows\System\TeWZvMQ.exe
  C:\Windows\System\TeWZvMQ.exe
  2⤵
  PID:5092
- C:\Windows\System\xweJqhl.exe
  C:\Windows\System\xweJqhl.exe
  2⤵
  PID:3540
- C:\Windows\System\rTWqoQR.exe
  C:\Windows\System\rTWqoQR.exe
  2⤵
  PID:3904
- C:\Windows\System\dQFCAge.exe
  C:\Windows\System\dQFCAge.exe
  2⤵
  PID:3296
- C:\Windows\System\uYkOPBY.exe
  C:\Windows\System\uYkOPBY.exe
  2⤵
  PID:4188
- C:\Windows\System\JPjPIqJ.exe
  C:\Windows\System\JPjPIqJ.exe
  2⤵
  PID:4448
- C:\Windows\System\jRCGfKc.exe
  C:\Windows\System\jRCGfKc.exe
  2⤵
  PID:4500
- C:\Windows\System\ddKnWXU.exe
  C:\Windows\System\ddKnWXU.exe
  2⤵
  PID:5164
- C:\Windows\System\NJAfBuk.exe
  C:\Windows\System\NJAfBuk.exe
  2⤵
  PID:5184
- C:\Windows\System\cqCeKQD.exe
  C:\Windows\System\cqCeKQD.exe
  2⤵
  PID:5208
- C:\Windows\System\uVLTxkR.exe
  C:\Windows\System\uVLTxkR.exe
  2⤵
  PID:5252
- C:\Windows\System\sYvlkvB.exe
  C:\Windows\System\sYvlkvB.exe
  2⤵
  PID:5272
- C:\Windows\System\lDNnBUg.exe
  C:\Windows\System\lDNnBUg.exe
  2⤵
  PID:5316
- C:\Windows\System\LVzYEOC.exe
  C:\Windows\System\LVzYEOC.exe
  2⤵
  PID:5368
- C:\Windows\System\uWFNmjh.exe
  C:\Windows\System\uWFNmjh.exe
  2⤵
  PID:5388
- C:\Windows\System\FUNiIZI.exe
  C:\Windows\System\FUNiIZI.exe
  2⤵
  PID:5412
- C:\Windows\System\QpoLIBU.exe
  C:\Windows\System\QpoLIBU.exe
  2⤵
  PID:5432
- C:\Windows\System\uCLHLcf.exe
  C:\Windows\System\uCLHLcf.exe
  2⤵
  PID:5488
- C:\Windows\System\xQSSQIy.exe
  C:\Windows\System\xQSSQIy.exe
  2⤵
  PID:5512
- C:\Windows\System\pXDKhiM.exe
  C:\Windows\System\pXDKhiM.exe
  2⤵
  PID:5548
- C:\Windows\System\cEtXPRb.exe
  C:\Windows\System\cEtXPRb.exe
  2⤵
  PID:5588
- C:\Windows\System\oKlEQjg.exe
  C:\Windows\System\oKlEQjg.exe
  2⤵
  PID:5612
- C:\Windows\System\BjSPPCp.exe
  C:\Windows\System\BjSPPCp.exe
  2⤵
  PID:5632
- C:\Windows\System\yuoglkG.exe
  C:\Windows\System\yuoglkG.exe
  2⤵
  PID:5696
- C:\Windows\System\xAuEUhX.exe
  C:\Windows\System\xAuEUhX.exe
  2⤵
  PID:5712
- C:\Windows\System\RrGdHix.exe
  C:\Windows\System\RrGdHix.exe
  2⤵
  PID:5756
- C:\Windows\System\WOklsjW.exe
  C:\Windows\System\WOklsjW.exe
  2⤵
  PID:5788
- C:\Windows\System\ITFCEJW.exe
  C:\Windows\System\ITFCEJW.exe
  2⤵
  PID:5812
- C:\Windows\System\NcGjJnK.exe
  C:\Windows\System\NcGjJnK.exe
  2⤵
  PID:5856
- C:\Windows\System\zPcPCbB.exe
  C:\Windows\System\zPcPCbB.exe
  2⤵
  PID:5872
- C:\Windows\System\LRaSYcm.exe
  C:\Windows\System\LRaSYcm.exe
  2⤵
  PID:5916
- C:\Windows\System\dKOVyUg.exe
  C:\Windows\System\dKOVyUg.exe
  2⤵
  PID:5968
- C:\Windows\System\JxcFrZk.exe
  C:\Windows\System\JxcFrZk.exe
  2⤵
  PID:5988
- C:\Windows\System\zUbAoMW.exe
  C:\Windows\System\zUbAoMW.exe
  2⤵
  PID:6012
- C:\Windows\System\CAuznbj.exe
  C:\Windows\System\CAuznbj.exe
  2⤵
  PID:6056
- C:\Windows\System\KHdaCXM.exe
  C:\Windows\System\KHdaCXM.exe
  2⤵
  PID:6088
- C:\Windows\System\ikKsxGQ.exe
  C:\Windows\System\ikKsxGQ.exe
  2⤵
  PID:6116
- C:\Windows\System\AEQaCwg.exe
  C:\Windows\System\AEQaCwg.exe
  2⤵
  PID:4680
- C:\Windows\System\pdtBzgv.exe
  C:\Windows\System\pdtBzgv.exe
  2⤵
  PID:4832
- C:\Windows\System\ONjUtpr.exe
  C:\Windows\System\ONjUtpr.exe
  2⤵
  PID:4932
- C:\Windows\System\stgGsyi.exe
  C:\Windows\System\stgGsyi.exe
  2⤵
  PID:3320
- C:\Windows\System\srHZXYs.exe
  C:\Windows\System\srHZXYs.exe
  2⤵
  PID:3620
- C:\Windows\System\SmaJEtD.exe
  C:\Windows\System\SmaJEtD.exe
  2⤵
  PID:4228
- C:\Windows\System\jPNPMCM.exe
  C:\Windows\System\jPNPMCM.exe
  2⤵
  PID:5124
- C:\Windows\System\lVTvtlJ.exe
  C:\Windows\System\lVTvtlJ.exe
  2⤵
  PID:5148
- C:\Windows\System\flMCrIP.exe
  C:\Windows\System\flMCrIP.exe
  2⤵
  PID:5188
- C:\Windows\System\LOiuAIp.exe
  C:\Windows\System\LOiuAIp.exe
  2⤵
  PID:5292
- C:\Windows\System\RjIFERG.exe
  C:\Windows\System\RjIFERG.exe
  2⤵
  PID:5328
- C:\Windows\System\gHAWKDS.exe
  C:\Windows\System\gHAWKDS.exe
  2⤵
  PID:5416
- C:\Windows\System\CiiNbLC.exe
  C:\Windows\System\CiiNbLC.exe
  2⤵
  PID:5436
- C:\Windows\System\wgJQEvO.exe
  C:\Windows\System\wgJQEvO.exe
  2⤵
  PID:5492
- C:\Windows\System\MJRBHFd.exe
  C:\Windows\System\MJRBHFd.exe
  2⤵
  PID:5508
- C:\Windows\System\PVgMdrG.exe
  C:\Windows\System\PVgMdrG.exe
  2⤵
  PID:5616
- C:\Windows\System\ZGVklLi.exe
  C:\Windows\System\ZGVklLi.exe
  2⤵
  PID:5688
- C:\Windows\System\Vwsensm.exe
  C:\Windows\System\Vwsensm.exe
  2⤵
  PID:5708
- C:\Windows\System\hCmDHak.exe
  C:\Windows\System\hCmDHak.exe
  2⤵
  PID:5816
- C:\Windows\System\ocqzkKE.exe
  C:\Windows\System\ocqzkKE.exe
  2⤵
  PID:5868
- C:\Windows\System\vIimEtY.exe
  C:\Windows\System\vIimEtY.exe
  2⤵
  PID:5892
- C:\Windows\System\IlPLeag.exe
  C:\Windows\System\IlPLeag.exe
  2⤵
  PID:5932
- C:\Windows\System\wXKGFVR.exe
  C:\Windows\System\wXKGFVR.exe
  2⤵
  PID:6016
- C:\Windows\System\AfpMxso.exe
  C:\Windows\System\AfpMxso.exe
  2⤵
  PID:6048
- C:\Windows\System\ATcLQVB.exe
  C:\Windows\System\ATcLQVB.exe
  2⤵
  PID:6108
- C:\Windows\System\WHxhtHI.exe
  C:\Windows\System\WHxhtHI.exe
  2⤵
  PID:4720
- C:\Windows\System\XahRETl.exe
  C:\Windows\System\XahRETl.exe
  2⤵
  PID:5048
- C:\Windows\System\XLrIdnk.exe
  C:\Windows\System\XLrIdnk.exe
  2⤵
  PID:4044
- C:\Windows\System\zyfnuNc.exe
  C:\Windows\System\zyfnuNc.exe
  2⤵
  PID:4160
- C:\Windows\System\NfqBzgs.exe
  C:\Windows\System\NfqBzgs.exe
  2⤵
  PID:5144
- C:\Windows\System\SFEwVSE.exe
  C:\Windows\System\SFEwVSE.exe
  2⤵
  PID:5228
- C:\Windows\System\QoBMEKY.exe
  C:\Windows\System\QoBMEKY.exe
  2⤵
  PID:5376
- C:\Windows\System\pbnpFJQ.exe
  C:\Windows\System\pbnpFJQ.exe
  2⤵
  PID:5472
- C:\Windows\System\fyInKeF.exe
  C:\Windows\System\fyInKeF.exe
  2⤵
  PID:5568
- C:\Windows\System\BdahILa.exe
  C:\Windows\System\BdahILa.exe
  2⤵
  PID:5668
- C:\Windows\System\PftRTzg.exe
  C:\Windows\System\PftRTzg.exe
  2⤵
  PID:5732
- C:\Windows\System\MaxHTCQ.exe
  C:\Windows\System\MaxHTCQ.exe
  2⤵
  PID:5776
- C:\Windows\System\UbLjxeT.exe
  C:\Windows\System\UbLjxeT.exe
  2⤵
  PID:6152
- C:\Windows\System\HdDhyBv.exe
  C:\Windows\System\HdDhyBv.exe
  2⤵
  PID:6172
- C:\Windows\System\hMYbaYJ.exe
  C:\Windows\System\hMYbaYJ.exe
  2⤵
  PID:6192
- C:\Windows\System\oxjqaZd.exe
  C:\Windows\System\oxjqaZd.exe
  2⤵
  PID:6212
- C:\Windows\System\bobSTts.exe
  C:\Windows\System\bobSTts.exe
  2⤵
  PID:6232
- C:\Windows\System\KEuXNKv.exe
  C:\Windows\System\KEuXNKv.exe
  2⤵
  PID:6252
- C:\Windows\System\uzqmFGQ.exe
  C:\Windows\System\uzqmFGQ.exe
  2⤵
  PID:6272
- C:\Windows\System\GSttKaC.exe
  C:\Windows\System\GSttKaC.exe
  2⤵
  PID:6292
- C:\Windows\System\lwVIwBL.exe
  C:\Windows\System\lwVIwBL.exe
  2⤵
  PID:6312
- C:\Windows\System\dIuEJJl.exe
  C:\Windows\System\dIuEJJl.exe
  2⤵
  PID:6332
- C:\Windows\System\Fgpdlzv.exe
  C:\Windows\System\Fgpdlzv.exe
  2⤵
  PID:6352
- C:\Windows\System\KBGJxCo.exe
  C:\Windows\System\KBGJxCo.exe
  2⤵
  PID:6372
- C:\Windows\System\EmEDEkQ.exe
  C:\Windows\System\EmEDEkQ.exe
  2⤵
  PID:6392
- C:\Windows\System\ZLUzwLO.exe
  C:\Windows\System\ZLUzwLO.exe
  2⤵
  PID:6412
- C:\Windows\System\WclnyhD.exe
  C:\Windows\System\WclnyhD.exe
  2⤵
  PID:6432
- C:\Windows\System\ZDOVjlR.exe
  C:\Windows\System\ZDOVjlR.exe
  2⤵
  PID:6452
- C:\Windows\System\VjxfYBl.exe
  C:\Windows\System\VjxfYBl.exe
  2⤵
  PID:6472
- C:\Windows\System\hIWSlwI.exe
  C:\Windows\System\hIWSlwI.exe
  2⤵
  PID:6492
- C:\Windows\System\sTZHwgd.exe
  C:\Windows\System\sTZHwgd.exe
  2⤵
  PID:6512
- C:\Windows\System\YtFPkdX.exe
  C:\Windows\System\YtFPkdX.exe
  2⤵
  PID:6532
- C:\Windows\System\yFWcpcS.exe
  C:\Windows\System\yFWcpcS.exe
  2⤵
  PID:6552
- C:\Windows\System\qAFrOjy.exe
  C:\Windows\System\qAFrOjy.exe
  2⤵
  PID:6572
- C:\Windows\System\RmuuSab.exe
  C:\Windows\System\RmuuSab.exe
  2⤵
  PID:6592
- C:\Windows\System\SvQswhD.exe
  C:\Windows\System\SvQswhD.exe
  2⤵
  PID:6612
- C:\Windows\System\fftHuHn.exe
  C:\Windows\System\fftHuHn.exe
  2⤵
  PID:6632
- C:\Windows\System\RuiROUi.exe
  C:\Windows\System\RuiROUi.exe
  2⤵
  PID:6652
- C:\Windows\System\fSiHrfE.exe
  C:\Windows\System\fSiHrfE.exe
  2⤵
  PID:6672
- C:\Windows\System\KtJgFIe.exe
  C:\Windows\System\KtJgFIe.exe
  2⤵
  PID:6696
- C:\Windows\System\uiUIzwa.exe
  C:\Windows\System\uiUIzwa.exe
  2⤵
  PID:6716
- C:\Windows\System\yGwqpDP.exe
  C:\Windows\System\yGwqpDP.exe
  2⤵
  PID:6736
- C:\Windows\System\IlbUhKW.exe
  C:\Windows\System\IlbUhKW.exe
  2⤵
  PID:6756
- C:\Windows\System\xeYqHat.exe
  C:\Windows\System\xeYqHat.exe
  2⤵
  PID:6776
- C:\Windows\System\MoqwCoU.exe
  C:\Windows\System\MoqwCoU.exe
  2⤵
  PID:6796
- C:\Windows\System\vzFdGBo.exe
  C:\Windows\System\vzFdGBo.exe
  2⤵
  PID:6816
- C:\Windows\System\WUQmnPF.exe
  C:\Windows\System\WUQmnPF.exe
  2⤵
  PID:6836
- C:\Windows\System\bAAtVbP.exe
  C:\Windows\System\bAAtVbP.exe
  2⤵
  PID:6856
- C:\Windows\System\WFbTgdc.exe
  C:\Windows\System\WFbTgdc.exe
  2⤵
  PID:6876
- C:\Windows\System\ZuBDIhC.exe
  C:\Windows\System\ZuBDIhC.exe
  2⤵
  PID:6896
- C:\Windows\System\JxmbxIP.exe
  C:\Windows\System\JxmbxIP.exe
  2⤵
  PID:6916
- C:\Windows\System\meEZvxm.exe
  C:\Windows\System\meEZvxm.exe
  2⤵
  PID:6936
- C:\Windows\System\DgXPwks.exe
  C:\Windows\System\DgXPwks.exe
  2⤵
  PID:6956
- C:\Windows\System\PvrDfqt.exe
  C:\Windows\System\PvrDfqt.exe
  2⤵
  PID:6976
- C:\Windows\System\KgbzchL.exe
  C:\Windows\System\KgbzchL.exe
  2⤵
  PID:6996
- C:\Windows\System\MTNQsUN.exe
  C:\Windows\System\MTNQsUN.exe
  2⤵
  PID:7016
- C:\Windows\System\BzWwpoD.exe
  C:\Windows\System\BzWwpoD.exe
  2⤵
  PID:7036
- C:\Windows\System\NwTZpfz.exe
  C:\Windows\System\NwTZpfz.exe
  2⤵
  PID:7056
- C:\Windows\System\DOoGZMl.exe
  C:\Windows\System\DOoGZMl.exe
  2⤵
  PID:7076
- C:\Windows\System\FSArbHY.exe
  C:\Windows\System\FSArbHY.exe
  2⤵
  PID:7096
- C:\Windows\System\kbhhEeV.exe
  C:\Windows\System\kbhhEeV.exe
  2⤵
  PID:7116
- C:\Windows\System\AorUXaU.exe
  C:\Windows\System\AorUXaU.exe
  2⤵
  PID:7136
- C:\Windows\System\tqpUmLO.exe
  C:\Windows\System\tqpUmLO.exe
  2⤵
  PID:7156
- C:\Windows\System\cplElDo.exe
  C:\Windows\System\cplElDo.exe
  2⤵
  PID:5948
- C:\Windows\System\DgHrOCM.exe
  C:\Windows\System\DgHrOCM.exe
  2⤵
  PID:6036
- C:\Windows\System\XSLhUfH.exe
  C:\Windows\System\XSLhUfH.exe
  2⤵
  PID:6132
- C:\Windows\System\foFYNdE.exe
  C:\Windows\System\foFYNdE.exe
  2⤵
  PID:5028
- C:\Windows\System\eRYGzwT.exe
  C:\Windows\System\eRYGzwT.exe
  2⤵
  PID:4144
- C:\Windows\System\FckSrQQ.exe
  C:\Windows\System\FckSrQQ.exe
  2⤵
  PID:4544
- C:\Windows\System\zlfHFKl.exe
  C:\Windows\System\zlfHFKl.exe
  2⤵
  PID:5352
- C:\Windows\System\YNqFqbw.exe
  C:\Windows\System\YNqFqbw.exe
  2⤵
  PID:5648
- C:\Windows\System\wsWWSYF.exe
  C:\Windows\System\wsWWSYF.exe
  2⤵
  PID:5656
- C:\Windows\System\YJQpvDd.exe
  C:\Windows\System\YJQpvDd.exe
  2⤵
  PID:5772
- C:\Windows\System\DvFySQW.exe
  C:\Windows\System\DvFySQW.exe
  2⤵
  PID:6168
- C:\Windows\System\etDkKSk.exe
  C:\Windows\System\etDkKSk.exe
  2⤵
  PID:6200
- C:\Windows\System\fCdtrqJ.exe
  C:\Windows\System\fCdtrqJ.exe
  2⤵
  PID:6228
- C:\Windows\System\PyVCVnu.exe
  C:\Windows\System\PyVCVnu.exe
  2⤵
  PID:6280
- C:\Windows\System\fZDtZVQ.exe
  C:\Windows\System\fZDtZVQ.exe
  2⤵
  PID:6300
- C:\Windows\System\rfrlWTG.exe
  C:\Windows\System\rfrlWTG.exe
  2⤵
  PID:6324
- C:\Windows\System\rPOPFgR.exe
  C:\Windows\System\rPOPFgR.exe
  2⤵
  PID:6368
- C:\Windows\System\IKiPvEu.exe
  C:\Windows\System\IKiPvEu.exe
  2⤵
  PID:6400
- C:\Windows\System\BBbDueb.exe
  C:\Windows\System\BBbDueb.exe
  2⤵
  PID:6428
- C:\Windows\System\rhpeNxM.exe
  C:\Windows\System\rhpeNxM.exe
  2⤵
  PID:6460
- C:\Windows\System\WpTkfBI.exe
  C:\Windows\System\WpTkfBI.exe
  2⤵
  PID:6500
- C:\Windows\System\jCKBMCt.exe
  C:\Windows\System\jCKBMCt.exe
  2⤵
  PID:6524
- C:\Windows\System\KceSrRl.exe
  C:\Windows\System\KceSrRl.exe
  2⤵
  PID:6544
- C:\Windows\System\nlUdgpl.exe
  C:\Windows\System\nlUdgpl.exe
  2⤵
  PID:6608
- C:\Windows\System\POfFelt.exe
  C:\Windows\System\POfFelt.exe
  2⤵
  PID:6628
- C:\Windows\System\QBnvTBO.exe
  C:\Windows\System\QBnvTBO.exe
  2⤵
  PID:6680
- C:\Windows\System\WLTckBY.exe
  C:\Windows\System\WLTckBY.exe
  2⤵
  PID:6724
- C:\Windows\System\CXafWWT.exe
  C:\Windows\System\CXafWWT.exe
  2⤵
  PID:6744
- C:\Windows\System\EPSehNQ.exe
  C:\Windows\System\EPSehNQ.exe
  2⤵
  PID:6768
- C:\Windows\System\SOaEEes.exe
  C:\Windows\System\SOaEEes.exe
  2⤵
  PID:6812
- C:\Windows\System\JlEntGh.exe
  C:\Windows\System\JlEntGh.exe
  2⤵
  PID:6828
- C:\Windows\System\uYzOjdC.exe
  C:\Windows\System\uYzOjdC.exe
  2⤵
  PID:6868
- C:\Windows\System\oxVhVuX.exe
  C:\Windows\System\oxVhVuX.exe
  2⤵
  PID:6912
- C:\Windows\System\FhPeBKp.exe
  C:\Windows\System\FhPeBKp.exe
  2⤵
  PID:6964
- C:\Windows\System\KELVOGR.exe
  C:\Windows\System\KELVOGR.exe
  2⤵
  PID:6968
- C:\Windows\System\dScVTsM.exe
  C:\Windows\System\dScVTsM.exe
  2⤵
  PID:6988
- C:\Windows\System\dFigXwD.exe
  C:\Windows\System\dFigXwD.exe
  2⤵
  PID:7028
- C:\Windows\System\CnDqZTI.exe
  C:\Windows\System\CnDqZTI.exe
  2⤵
  PID:7092
- C:\Windows\System\kcAgdfi.exe
  C:\Windows\System\kcAgdfi.exe
  2⤵
  PID:7124
- C:\Windows\System\XyCRQwt.exe
  C:\Windows\System\XyCRQwt.exe
  2⤵
  PID:7144
- C:\Windows\System\qEuEBlN.exe
  C:\Windows\System\qEuEBlN.exe
  2⤵
  PID:5936
- C:\Windows\System\GppVaGb.exe
  C:\Windows\System\GppVaGb.exe
  2⤵
  PID:6076
- C:\Windows\System\hdlyhpR.exe
  C:\Windows\System\hdlyhpR.exe
  2⤵
  PID:5024
- C:\Windows\System\hdwfTHh.exe
  C:\Windows\System\hdwfTHh.exe
  2⤵
  PID:5332
- C:\Windows\System\zkDIqdt.exe
  C:\Windows\System\zkDIqdt.exe
  2⤵
  PID:5336
- C:\Windows\System\JweOtrO.exe
  C:\Windows\System\JweOtrO.exe
  2⤵
  PID:5768
- C:\Windows\System\uCOQnhf.exe
  C:\Windows\System\uCOQnhf.exe
  2⤵
  PID:5828
- C:\Windows\System\qnQnuYl.exe
  C:\Windows\System\qnQnuYl.exe
  2⤵
  PID:6188
- C:\Windows\System\FJKzYxz.exe
  C:\Windows\System\FJKzYxz.exe
  2⤵
  PID:6260
- C:\Windows\System\NpUdLHi.exe
  C:\Windows\System\NpUdLHi.exe
  2⤵
  PID:6328
- C:\Windows\System\EitIhFX.exe
  C:\Windows\System\EitIhFX.exe
  2⤵
  PID:6420
- C:\Windows\System\LyuidIs.exe
  C:\Windows\System\LyuidIs.exe
  2⤵
  PID:6448
- C:\Windows\System\atnuFCm.exe
  C:\Windows\System\atnuFCm.exe
  2⤵
  PID:6488
- C:\Windows\System\xYgOZcq.exe
  C:\Windows\System\xYgOZcq.exe
  2⤵
  PID:6568
- C:\Windows\System\OJWlkpp.exe
  C:\Windows\System\OJWlkpp.exe
  2⤵
  PID:6600
- C:\Windows\System\MQqQSrK.exe
  C:\Windows\System\MQqQSrK.exe
  2⤵
  PID:6664
- C:\Windows\System\KxLbjAs.exe
  C:\Windows\System\KxLbjAs.exe
  2⤵
  PID:6752
- C:\Windows\System\NpWeltu.exe
  C:\Windows\System\NpWeltu.exe
  2⤵
  PID:6804
- C:\Windows\System\kMcaLbf.exe
  C:\Windows\System\kMcaLbf.exe
  2⤵
  PID:6844
- C:\Windows\System\lADyoIE.exe
  C:\Windows\System\lADyoIE.exe
  2⤵
  PID:6904
- C:\Windows\System\yUgcEKe.exe
  C:\Windows\System\yUgcEKe.exe
  2⤵
  PID:6948
- C:\Windows\System\WWvlilP.exe
  C:\Windows\System\WWvlilP.exe
  2⤵
  PID:7004
- C:\Windows\System\FtOiHcL.exe
  C:\Windows\System\FtOiHcL.exe
  2⤵
  PID:7084
- C:\Windows\System\YzROLaF.exe
  C:\Windows\System\YzROLaF.exe
  2⤵
  PID:7152
- C:\Windows\System\XgFPfgI.exe
  C:\Windows\System\XgFPfgI.exe
  2⤵
  PID:7108
- C:\Windows\System\JufedSG.exe
  C:\Windows\System\JufedSG.exe
  2⤵
  PID:6068
- C:\Windows\System\KBEYMhT.exe
  C:\Windows\System\KBEYMhT.exe
  2⤵
  PID:5168
- C:\Windows\System\DkYUjEG.exe
  C:\Windows\System\DkYUjEG.exe
  2⤵
  PID:5836
- C:\Windows\System\pPSMXTU.exe
  C:\Windows\System\pPSMXTU.exe
  2⤵
  PID:6248
- C:\Windows\System\bMeqWry.exe
  C:\Windows\System\bMeqWry.exe
  2⤵
  PID:6304
- C:\Windows\System\IdAbKvK.exe
  C:\Windows\System\IdAbKvK.exe
  2⤵
  PID:6308
- C:\Windows\System\yTtITIe.exe
  C:\Windows\System\yTtITIe.exe
  2⤵
  PID:6380
- C:\Windows\System\ZgsekSL.exe
  C:\Windows\System\ZgsekSL.exe
  2⤵
  PID:6520
- C:\Windows\System\olBAjtM.exe
  C:\Windows\System\olBAjtM.exe
  2⤵
  PID:6708
- C:\Windows\System\yzkCAIm.exe
  C:\Windows\System\yzkCAIm.exe
  2⤵
  PID:6824
- C:\Windows\System\piTTUCa.exe
  C:\Windows\System\piTTUCa.exe
  2⤵
  PID:6848
- C:\Windows\System\bufDIUU.exe
  C:\Windows\System\bufDIUU.exe
  2⤵
  PID:6944
- C:\Windows\System\luaThEP.exe
  C:\Windows\System\luaThEP.exe
  2⤵
  PID:7188
- C:\Windows\System\motqTyZ.exe
  C:\Windows\System\motqTyZ.exe
  2⤵
  PID:7208
- C:\Windows\System\rIcybei.exe
  C:\Windows\System\rIcybei.exe
  2⤵
  PID:7228
- C:\Windows\System\cqFGPWu.exe
  C:\Windows\System\cqFGPWu.exe
  2⤵
  PID:7248
- C:\Windows\System\xPdxgxA.exe
  C:\Windows\System\xPdxgxA.exe
  2⤵
  PID:7268
- C:\Windows\System\KQTajuk.exe
  C:\Windows\System\KQTajuk.exe
  2⤵
  PID:7288
- C:\Windows\System\YGdziti.exe
  C:\Windows\System\YGdziti.exe
  2⤵
  PID:7308
- C:\Windows\System\mQTbGqB.exe
  C:\Windows\System\mQTbGqB.exe
  2⤵
  PID:7328
- C:\Windows\System\UynxFyv.exe
  C:\Windows\System\UynxFyv.exe
  2⤵
  PID:7348
- C:\Windows\System\jgPVwmo.exe
  C:\Windows\System\jgPVwmo.exe
  2⤵
  PID:7368
- C:\Windows\System\wcDsaPc.exe
  C:\Windows\System\wcDsaPc.exe
  2⤵
  PID:7388
- C:\Windows\System\pxDrIjT.exe
  C:\Windows\System\pxDrIjT.exe
  2⤵
  PID:7408
- C:\Windows\System\HAbXszX.exe
  C:\Windows\System\HAbXszX.exe
  2⤵
  PID:7424
- C:\Windows\System\JjBspfu.exe
  C:\Windows\System\JjBspfu.exe
  2⤵
  PID:7448
- C:\Windows\System\THvTIJP.exe
  C:\Windows\System\THvTIJP.exe
  2⤵
  PID:7464
- C:\Windows\System\EDEAFnm.exe
  C:\Windows\System\EDEAFnm.exe
  2⤵
  PID:7488
- C:\Windows\System\ZetUIPZ.exe
  C:\Windows\System\ZetUIPZ.exe
  2⤵
  PID:7504
- C:\Windows\System\KuTcyIS.exe
  C:\Windows\System\KuTcyIS.exe
  2⤵
  PID:7528
- C:\Windows\System\GysTuWv.exe
  C:\Windows\System\GysTuWv.exe
  2⤵
  PID:7548
- C:\Windows\System\BLMeDYr.exe
  C:\Windows\System\BLMeDYr.exe
  2⤵
  PID:7568
- C:\Windows\System\hElhkdf.exe
  C:\Windows\System\hElhkdf.exe
  2⤵
  PID:7588
- C:\Windows\System\otfdCRy.exe
  C:\Windows\System\otfdCRy.exe
  2⤵
  PID:7608
- C:\Windows\System\WawLyoY.exe
  C:\Windows\System\WawLyoY.exe
  2⤵
  PID:7628
- C:\Windows\System\XTNOjRe.exe
  C:\Windows\System\XTNOjRe.exe
  2⤵
  PID:7648
- C:\Windows\System\rxNfdKK.exe
  C:\Windows\System\rxNfdKK.exe
  2⤵
  PID:7668
- C:\Windows\System\rhIoODu.exe
  C:\Windows\System\rhIoODu.exe
  2⤵
  PID:7688
- C:\Windows\System\MIRqCYX.exe
  C:\Windows\System\MIRqCYX.exe
  2⤵
  PID:7708
- C:\Windows\System\QMqDsxy.exe
  C:\Windows\System\QMqDsxy.exe
  2⤵
  PID:7728
- C:\Windows\System\XhmWPNc.exe
  C:\Windows\System\XhmWPNc.exe
  2⤵
  PID:7744
- C:\Windows\System\ixBFlvs.exe
  C:\Windows\System\ixBFlvs.exe
  2⤵
  PID:7764
- C:\Windows\System\JkaPgzD.exe
  C:\Windows\System\JkaPgzD.exe
  2⤵
  PID:7788
- C:\Windows\System\kVTrKZg.exe
  C:\Windows\System\kVTrKZg.exe
  2⤵
  PID:7808
- C:\Windows\System\vtNrnqx.exe
  C:\Windows\System\vtNrnqx.exe
  2⤵
  PID:7828
- C:\Windows\System\qOlbSHR.exe
  C:\Windows\System\qOlbSHR.exe
  2⤵
  PID:7848
- C:\Windows\System\fxTwdkz.exe
  C:\Windows\System\fxTwdkz.exe
  2⤵
  PID:7868
- C:\Windows\System\xXgPzIJ.exe
  C:\Windows\System\xXgPzIJ.exe
  2⤵
  PID:7888
- C:\Windows\System\BUmzAOL.exe
  C:\Windows\System\BUmzAOL.exe
  2⤵
  PID:7908
- C:\Windows\System\AjVUyEE.exe
  C:\Windows\System\AjVUyEE.exe
  2⤵
  PID:7928
- C:\Windows\System\oPrFUtA.exe
  C:\Windows\System\oPrFUtA.exe
  2⤵
  PID:7948
- C:\Windows\System\WzkftYI.exe
  C:\Windows\System\WzkftYI.exe
  2⤵
  PID:7968
- C:\Windows\System\tnUTxgl.exe
  C:\Windows\System\tnUTxgl.exe
  2⤵
  PID:7988
- C:\Windows\System\BPqwjtH.exe
  C:\Windows\System\BPqwjtH.exe
  2⤵
  PID:8008
- C:\Windows\System\UqHRVEl.exe
  C:\Windows\System\UqHRVEl.exe
  2⤵
  PID:8028
- C:\Windows\System\hQxVfgx.exe
  C:\Windows\System\hQxVfgx.exe
  2⤵
  PID:8048
- C:\Windows\System\gEnqoIx.exe
  C:\Windows\System\gEnqoIx.exe
  2⤵
  PID:8068
- C:\Windows\System\chAdhTM.exe
  C:\Windows\System\chAdhTM.exe
  2⤵
  PID:8088
- C:\Windows\System\klrPxpr.exe
  C:\Windows\System\klrPxpr.exe
  2⤵
  PID:8108
- C:\Windows\System\cpgGkLc.exe
  C:\Windows\System\cpgGkLc.exe
  2⤵
  PID:8128
- C:\Windows\System\WbcMNYC.exe
  C:\Windows\System\WbcMNYC.exe
  2⤵
  PID:8148
- C:\Windows\System\ZpWKZXZ.exe
  C:\Windows\System\ZpWKZXZ.exe
  2⤵
  PID:8164
- C:\Windows\System\VasrYdV.exe
  C:\Windows\System\VasrYdV.exe
  2⤵
  PID:8184
- C:\Windows\System\HUnaZpN.exe
  C:\Windows\System\HUnaZpN.exe
  2⤵
  PID:7024
- C:\Windows\System\WbglCkA.exe
  C:\Windows\System\WbglCkA.exe
  2⤵
  PID:7128
- C:\Windows\System\vlExwQJ.exe
  C:\Windows\System\vlExwQJ.exe
  2⤵
  PID:5212
- C:\Windows\System\cwcFAQg.exe
  C:\Windows\System\cwcFAQg.exe
  2⤵
  PID:5692
- C:\Windows\System\YoassZc.exe
  C:\Windows\System\YoassZc.exe
  2⤵
  PID:6240
- C:\Windows\System\HsDhpeB.exe
  C:\Windows\System\HsDhpeB.exe
  2⤵
  PID:6484
- C:\Windows\System\NRvXCux.exe
  C:\Windows\System\NRvXCux.exe
  2⤵
  PID:6644
- C:\Windows\System\bwjSlEF.exe
  C:\Windows\System\bwjSlEF.exe
  2⤵
  PID:6620
- C:\Windows\System\AVSAdwi.exe
  C:\Windows\System\AVSAdwi.exe
  2⤵
  PID:6832
- C:\Windows\System\pEnzFeT.exe
  C:\Windows\System\pEnzFeT.exe
  2⤵
  PID:7176
- C:\Windows\System\cABAvgM.exe
  C:\Windows\System\cABAvgM.exe
  2⤵
  PID:7224
- C:\Windows\System\fXLXoMb.exe
  C:\Windows\System\fXLXoMb.exe
  2⤵
  PID:7284
- C:\Windows\System\HtFSIjP.exe
  C:\Windows\System\HtFSIjP.exe
  2⤵
  PID:7316
- C:\Windows\System\wtDaRdQ.exe
  C:\Windows\System\wtDaRdQ.exe
  2⤵
  PID:7300
- C:\Windows\System\qfAkTxM.exe
  C:\Windows\System\qfAkTxM.exe
  2⤵
  PID:7344
- C:\Windows\System\pSBpAka.exe
  C:\Windows\System\pSBpAka.exe
  2⤵
  PID:7380
- C:\Windows\System\vXuQqdU.exe
  C:\Windows\System\vXuQqdU.exe
  2⤵
  PID:7440
- C:\Windows\System\TYeLALc.exe
  C:\Windows\System\TYeLALc.exe
  2⤵
  PID:7472
- C:\Windows\System\xEyXgBz.exe
  C:\Windows\System\xEyXgBz.exe
  2⤵
  PID:7460
- C:\Windows\System\auLcWTM.exe
  C:\Windows\System\auLcWTM.exe
  2⤵
  PID:7556
- C:\Windows\System\WDUyPRy.exe
  C:\Windows\System\WDUyPRy.exe
  2⤵
  PID:7540
- C:\Windows\System\fruLNij.exe
  C:\Windows\System\fruLNij.exe
  2⤵
  PID:7576
- C:\Windows\System\sTFkuyu.exe
  C:\Windows\System\sTFkuyu.exe
  2⤵
  PID:7636
- C:\Windows\System\LxomhMQ.exe
  C:\Windows\System\LxomhMQ.exe
  2⤵
  PID:7640
- C:\Windows\System\COTEZpm.exe
  C:\Windows\System\COTEZpm.exe
  2⤵
  PID:7684
- C:\Windows\System\DmxBfvD.exe
  C:\Windows\System\DmxBfvD.exe
  2⤵
  PID:7720
- C:\Windows\System\vmbzlZa.exe
  C:\Windows\System\vmbzlZa.exe
  2⤵
  PID:7760
- C:\Windows\System\wJSAcFN.exe
  C:\Windows\System\wJSAcFN.exe
  2⤵
  PID:7796
- C:\Windows\System\bibWffY.exe
  C:\Windows\System\bibWffY.exe
  2⤵
  PID:7816
- C:\Windows\System\XTXCwvL.exe
  C:\Windows\System\XTXCwvL.exe
  2⤵
  PID:7840
- C:\Windows\System\nqjlJBZ.exe
  C:\Windows\System\nqjlJBZ.exe
  2⤵
  PID:7884
- C:\Windows\System\MBpAlCZ.exe
  C:\Windows\System\MBpAlCZ.exe
  2⤵
  PID:7904
- C:\Windows\System\hDGeldZ.exe
  C:\Windows\System\hDGeldZ.exe
  2⤵
  PID:7944
- C:\Windows\System\NSMdApF.exe
  C:\Windows\System\NSMdApF.exe
  2⤵
  PID:7976
- C:\Windows\System\ccrEmfj.exe
  C:\Windows\System\ccrEmfj.exe
  2⤵
  PID:8016
- C:\Windows\System\miAXMlX.exe
  C:\Windows\System\miAXMlX.exe
  2⤵
  PID:8040
- C:\Windows\System\mABUiHA.exe
  C:\Windows\System\mABUiHA.exe
  2⤵
  PID:8084
- C:\Windows\System\DRVnsBt.exe
  C:\Windows\System\DRVnsBt.exe
  2⤵
  PID:8104
- C:\Windows\System\yLVshxp.exe
  C:\Windows\System\yLVshxp.exe
  2⤵
  PID:8144
- C:\Windows\System\fTzJgIv.exe
  C:\Windows\System\fTzJgIv.exe
  2⤵
  PID:7012
- C:\Windows\System\wCZRsxj.exe
  C:\Windows\System\wCZRsxj.exe
  2⤵
  PID:4684
- C:\Windows\System\sURfNTI.exe
  C:\Windows\System\sURfNTI.exe
  2⤵
  PID:3860
- C:\Windows\System\hvACFBQ.exe
  C:\Windows\System\hvACFBQ.exe
  2⤵
  PID:6404
- C:\Windows\System\mDJTrLU.exe
  C:\Windows\System\mDJTrLU.exe
  2⤵
  PID:6548
- C:\Windows\System\aucGVvq.exe
  C:\Windows\System\aucGVvq.exe
  2⤵
  PID:6704
- C:\Windows\System\AkQKVBR.exe
  C:\Windows\System\AkQKVBR.exe
  2⤵
  PID:7200
- C:\Windows\System\GBsTTDK.exe
  C:\Windows\System\GBsTTDK.exe
  2⤵
  PID:7276
- C:\Windows\System\OAVKoRi.exe
  C:\Windows\System\OAVKoRi.exe
  2⤵
  PID:7264
- C:\Windows\System\bDuDahU.exe
  C:\Windows\System\bDuDahU.exe
  2⤵
  PID:7360
- C:\Windows\System\kOemSHb.exe
  C:\Windows\System\kOemSHb.exe
  2⤵
  PID:7484
- C:\Windows\System\qvkDTEH.exe
  C:\Windows\System\qvkDTEH.exe
  2⤵
  PID:7456
- C:\Windows\System\OoJcVMI.exe
  C:\Windows\System\OoJcVMI.exe
  2⤵
  PID:7520
- C:\Windows\System\CaNtYHG.exe
  C:\Windows\System\CaNtYHG.exe
  2⤵
  PID:3060
- C:\Windows\System\CvXSiwa.exe
  C:\Windows\System\CvXSiwa.exe
  2⤵
  PID:7676
- C:\Windows\System\UUWIokl.exe
  C:\Windows\System\UUWIokl.exe
  2⤵
  PID:7624
- C:\Windows\System\uGckQlG.exe
  C:\Windows\System\uGckQlG.exe
  2⤵
  PID:7716
- C:\Windows\System\nqthSMm.exe
  C:\Windows\System\nqthSMm.exe
  2⤵
  PID:7736
- C:\Windows\System\UpxpIwP.exe
  C:\Windows\System\UpxpIwP.exe
  2⤵
  PID:1004
- C:\Windows\System\aNGHoOb.exe
  C:\Windows\System\aNGHoOb.exe
  2⤵
  PID:7920
- C:\Windows\System\vtFkthV.exe
  C:\Windows\System\vtFkthV.exe
  2⤵
  PID:7996
- C:\Windows\System\GitAJyB.exe
  C:\Windows\System\GitAJyB.exe
  2⤵
  PID:7960
- C:\Windows\System\UOsqTSz.exe
  C:\Windows\System\UOsqTSz.exe
  2⤵
  PID:8024
- C:\Windows\System\SFOeiQi.exe
  C:\Windows\System\SFOeiQi.exe
  2⤵
  PID:8136
- C:\Windows\System\EXymVbi.exe
  C:\Windows\System\EXymVbi.exe
  2⤵
  PID:8120
- C:\Windows\System\GixSXOH.exe
  C:\Windows\System\GixSXOH.exe
  2⤵
  PID:8160
- C:\Windows\System\cnyhJIh.exe
  C:\Windows\System\cnyhJIh.exe
  2⤵
  PID:4380
- C:\Windows\System\KTwRsOj.exe
  C:\Windows\System\KTwRsOj.exe
  2⤵
  PID:6288
- C:\Windows\System\BfZPiml.exe
  C:\Windows\System\BfZPiml.exe
  2⤵
  PID:6872
- C:\Windows\System\nKrYQAk.exe
  C:\Windows\System\nKrYQAk.exe
  2⤵
  PID:7184
- C:\Windows\System\ynPmppc.exe
  C:\Windows\System\ynPmppc.exe
  2⤵
  PID:7364
- C:\Windows\System\aAGcwTU.exe
  C:\Windows\System\aAGcwTU.exe
  2⤵
  PID:7400
- C:\Windows\System\RSlyrIx.exe
  C:\Windows\System\RSlyrIx.exe
  2⤵
  PID:7516
- C:\Windows\System\ukGNbWC.exe
  C:\Windows\System\ukGNbWC.exe
  2⤵
  PID:7664
- C:\Windows\System\ufCfwQE.exe
  C:\Windows\System\ufCfwQE.exe
  2⤵
  PID:7700
- C:\Windows\System\wGawdfS.exe
  C:\Windows\System\wGawdfS.exe
  2⤵
  PID:7696
- C:\Windows\System\SwBPiUQ.exe
  C:\Windows\System\SwBPiUQ.exe
  2⤵
  PID:7780
- C:\Windows\System\CQtuKsV.exe
  C:\Windows\System\CQtuKsV.exe
  2⤵
  PID:7964
- C:\Windows\System\uhXBixv.exe
  C:\Windows\System\uhXBixv.exe
  2⤵
  PID:7940
- C:\Windows\System\CWwqdRb.exe
  C:\Windows\System\CWwqdRb.exe
  2⤵
  PID:8124
- C:\Windows\System\KKFjZmD.exe
  C:\Windows\System\KKFjZmD.exe
  2⤵
  PID:8180
- C:\Windows\System\cWfwleQ.exe
  C:\Windows\System\cWfwleQ.exe
  2⤵
  PID:7104
- C:\Windows\System\VMxDSzI.exe
  C:\Windows\System\VMxDSzI.exe
  2⤵
  PID:7236
- C:\Windows\System\PCVbBIm.exe
  C:\Windows\System\PCVbBIm.exe
  2⤵
  PID:8196
- C:\Windows\System\QLlSMjw.exe
  C:\Windows\System\QLlSMjw.exe
  2⤵
  PID:8216
- C:\Windows\System\KFirnqN.exe
  C:\Windows\System\KFirnqN.exe
  2⤵
  PID:8232
- C:\Windows\System\sSRwyZB.exe
  C:\Windows\System\sSRwyZB.exe
  2⤵
  PID:8256
- C:\Windows\System\dmJMmLY.exe
  C:\Windows\System\dmJMmLY.exe
  2⤵
  PID:8276
- C:\Windows\System\YDkeIdO.exe
  C:\Windows\System\YDkeIdO.exe
  2⤵
  PID:8296
- C:\Windows\System\doJkzeS.exe
  C:\Windows\System\doJkzeS.exe
  2⤵
  PID:8320
- C:\Windows\System\TXrPlwX.exe
  C:\Windows\System\TXrPlwX.exe
  2⤵
  PID:8340
- C:\Windows\System\iGjNheb.exe
  C:\Windows\System\iGjNheb.exe
  2⤵
  PID:8360
- C:\Windows\System\ZUyGnLW.exe
  C:\Windows\System\ZUyGnLW.exe
  2⤵
  PID:8380
- C:\Windows\System\PRPgAUU.exe
  C:\Windows\System\PRPgAUU.exe
  2⤵
  PID:8400
- C:\Windows\System\WrxLNAK.exe
  C:\Windows\System\WrxLNAK.exe
  2⤵
  PID:8420
- C:\Windows\System\MOQcHvE.exe
  C:\Windows\System\MOQcHvE.exe
  2⤵
  PID:8440
- C:\Windows\System\oroGUWd.exe
  C:\Windows\System\oroGUWd.exe
  2⤵
  PID:8460
- C:\Windows\System\jQYkHpP.exe
  C:\Windows\System\jQYkHpP.exe
  2⤵
  PID:8480
- C:\Windows\System\gtIyKMZ.exe
  C:\Windows\System\gtIyKMZ.exe
  2⤵
  PID:8500
- C:\Windows\System\OYmtyRW.exe
  C:\Windows\System\OYmtyRW.exe
  2⤵
  PID:8520
- C:\Windows\System\jRqrHQW.exe
  C:\Windows\System\jRqrHQW.exe
  2⤵
  PID:8536
- C:\Windows\System\uNfmrPx.exe
  C:\Windows\System\uNfmrPx.exe
  2⤵
  PID:8556
- C:\Windows\System\QqBiMXK.exe
  C:\Windows\System\QqBiMXK.exe
  2⤵
  PID:8580
- C:\Windows\System\RUGCmQc.exe
  C:\Windows\System\RUGCmQc.exe
  2⤵
  PID:8600
- C:\Windows\System\FEpzmgf.exe
  C:\Windows\System\FEpzmgf.exe
  2⤵
  PID:8620
- C:\Windows\System\mmLtHwJ.exe
  C:\Windows\System\mmLtHwJ.exe
  2⤵
  PID:8640
- C:\Windows\System\hGdFudv.exe
  C:\Windows\System\hGdFudv.exe
  2⤵
  PID:8660
- C:\Windows\System\yOqayyJ.exe
  C:\Windows\System\yOqayyJ.exe
  2⤵
  PID:8680
- C:\Windows\System\bZNUYKs.exe
  C:\Windows\System\bZNUYKs.exe
  2⤵
  PID:8700
- C:\Windows\System\MDjKqTr.exe
  C:\Windows\System\MDjKqTr.exe
  2⤵
  PID:8720
- C:\Windows\System\DJBPwXK.exe
  C:\Windows\System\DJBPwXK.exe
  2⤵
  PID:8740
- C:\Windows\System\qzZguEj.exe
  C:\Windows\System\qzZguEj.exe
  2⤵
  PID:8760
- C:\Windows\System\UlTsvgO.exe
  C:\Windows\System\UlTsvgO.exe
  2⤵
  PID:8780
- C:\Windows\System\boKlpzA.exe
  C:\Windows\System\boKlpzA.exe
  2⤵
  PID:8800
- C:\Windows\System\oJLybub.exe
  C:\Windows\System\oJLybub.exe
  2⤵
  PID:8820
- C:\Windows\System\zXpgduL.exe
  C:\Windows\System\zXpgduL.exe
  2⤵
  PID:8840
- C:\Windows\System\ckMkcoC.exe
  C:\Windows\System\ckMkcoC.exe
  2⤵
  PID:8860
- C:\Windows\System\KsccEoL.exe
  C:\Windows\System\KsccEoL.exe
  2⤵
  PID:8880
- C:\Windows\System\KVpJaLM.exe
  C:\Windows\System\KVpJaLM.exe
  2⤵
  PID:8900
- C:\Windows\System\DVloEsu.exe
  C:\Windows\System\DVloEsu.exe
  2⤵
  PID:8916
- C:\Windows\System\inYJLOA.exe
  C:\Windows\System\inYJLOA.exe
  2⤵
  PID:8932
- C:\Windows\System\fkVsOTJ.exe
  C:\Windows\System\fkVsOTJ.exe
  2⤵
  PID:8948
- C:\Windows\System\wfouGzo.exe
  C:\Windows\System\wfouGzo.exe
  2⤵
  PID:8968
- C:\Windows\System\TSkgaFi.exe
  C:\Windows\System\TSkgaFi.exe
  2⤵
  PID:8984
- C:\Windows\System\uSnqiSK.exe
  C:\Windows\System\uSnqiSK.exe
  2⤵
  PID:9000
- C:\Windows\System\oTgrkOR.exe
  C:\Windows\System\oTgrkOR.exe
  2⤵
  PID:9044
- C:\Windows\System\FiPiasU.exe
  C:\Windows\System\FiPiasU.exe
  2⤵
  PID:9064
- C:\Windows\System\rYQrwje.exe
  C:\Windows\System\rYQrwje.exe
  2⤵
  PID:9080
- C:\Windows\System\VtvgCxw.exe
  C:\Windows\System\VtvgCxw.exe
  2⤵
  PID:9116
- C:\Windows\System\vqiaRPi.exe
  C:\Windows\System\vqiaRPi.exe
  2⤵
  PID:9136
- C:\Windows\System\CjYqHNl.exe
  C:\Windows\System\CjYqHNl.exe
  2⤵
  PID:9156
- C:\Windows\System\HOykYwS.exe
  C:\Windows\System\HOykYwS.exe
  2⤵
  PID:9172
- C:\Windows\System\qakpXuN.exe
  C:\Windows\System\qakpXuN.exe
  2⤵
  PID:9188
- C:\Windows\System\GWZpiIT.exe
  C:\Windows\System\GWZpiIT.exe
  2⤵
  PID:9204
- C:\Windows\System\eLWyxnZ.exe
  C:\Windows\System\eLWyxnZ.exe
  2⤵
  PID:7336
- C:\Windows\System\HCWZkZp.exe
  C:\Windows\System\HCWZkZp.exe
  2⤵
  PID:7260
- C:\Windows\System\mhCqxTm.exe
  C:\Windows\System\mhCqxTm.exe
  2⤵
  PID:7476
- C:\Windows\System\VgyhZvP.exe
  C:\Windows\System\VgyhZvP.exe
  2⤵
  PID:7772
- C:\Windows\System\HtLnqTR.exe
  C:\Windows\System\HtLnqTR.exe
  2⤵
  PID:7756
- C:\Windows\System\mCuofum.exe
  C:\Windows\System\mCuofum.exe
  2⤵
  PID:7936
- C:\Windows\System\ZUrsyZg.exe
  C:\Windows\System\ZUrsyZg.exe
  2⤵
  PID:7924
- C:\Windows\System\ufmqqzh.exe
  C:\Windows\System\ufmqqzh.exe
  2⤵
  PID:8156
- C:\Windows\System\eamaqlH.exe
  C:\Windows\System\eamaqlH.exe
  2⤵
  PID:6388
- C:\Windows\System\SJSJNAR.exe
  C:\Windows\System\SJSJNAR.exe
  2⤵
  PID:6684
- C:\Windows\System\FUEAHAu.exe
  C:\Windows\System\FUEAHAu.exe
  2⤵
  PID:8224
- C:\Windows\System\wanjoAU.exe
  C:\Windows\System\wanjoAU.exe
  2⤵
  PID:8264
- C:\Windows\System\CggPyoL.exe
  C:\Windows\System\CggPyoL.exe
  2⤵
  PID:8248
- C:\Windows\System\GymhejT.exe
  C:\Windows\System\GymhejT.exe
  2⤵
  PID:8316
- C:\Windows\System\mDNAoEY.exe
  C:\Windows\System\mDNAoEY.exe
  2⤵
  PID:8292
- C:\Windows\System\uPhUgkA.exe
  C:\Windows\System\uPhUgkA.exe
  2⤵
  PID:8332
- C:\Windows\System\XzfAzEv.exe
  C:\Windows\System\XzfAzEv.exe
  2⤵
  PID:8388
- C:\Windows\System\ahFdRyQ.exe
  C:\Windows\System\ahFdRyQ.exe
  2⤵
  PID:8544
- C:\Windows\System\TfgNvJU.exe
  C:\Windows\System\TfgNvJU.exe
  2⤵
  PID:8564
- C:\Windows\System\GTyulnX.exe
  C:\Windows\System\GTyulnX.exe
  2⤵
  PID:8636
- C:\Windows\System\DlXKUXh.exe
  C:\Windows\System\DlXKUXh.exe
  2⤵
  PID:2812
- C:\Windows\System\gsiZyTl.exe
  C:\Windows\System\gsiZyTl.exe
  2⤵
  PID:8648
- C:\Windows\System\SCfIDXD.exe
  C:\Windows\System\SCfIDXD.exe
  2⤵
  PID:2712
- C:\Windows\System\DEwMWLs.exe
  C:\Windows\System\DEwMWLs.exe
  2⤵
  PID:8716
- C:\Windows\System\YgFvJDm.exe
  C:\Windows\System\YgFvJDm.exe
  2⤵
  PID:8728
- C:\Windows\System\VtTfiiJ.exe
  C:\Windows\System\VtTfiiJ.exe
  2⤵
  PID:8756
- C:\Windows\System\aKrAzqK.exe
  C:\Windows\System\aKrAzqK.exe
  2⤵
  PID:8776
- C:\Windows\System\zuMFliv.exe
  C:\Windows\System\zuMFliv.exe
  2⤵
  PID:8828
- C:\Windows\System\AHmHbIx.exe
  C:\Windows\System\AHmHbIx.exe
  2⤵
  PID:8896
- C:\Windows\System\qnsSXmu.exe
  C:\Windows\System\qnsSXmu.exe
  2⤵
  PID:8912
- C:\Windows\System\kkVzVlb.exe
  C:\Windows\System\kkVzVlb.exe
  2⤵
  PID:2572
- C:\Windows\System\ZGxhqol.exe
  C:\Windows\System\ZGxhqol.exe
  2⤵
  PID:8976
- C:\Windows\System\cJwrQZH.exe
  C:\Windows\System\cJwrQZH.exe
  2⤵
  PID:8996
- C:\Windows\System\QoRHZxl.exe
  C:\Windows\System\QoRHZxl.exe
  2⤵
  PID:9012
- C:\Windows\System\VWNTQnV.exe
  C:\Windows\System\VWNTQnV.exe
  2⤵
  PID:9028
- C:\Windows\System\DTAYfzd.exe
  C:\Windows\System\DTAYfzd.exe
  2⤵
  PID:3012
- C:\Windows\System\qsBopSO.exe
  C:\Windows\System\qsBopSO.exe
  2⤵
  PID:112
- C:\Windows\System\ZfQxKro.exe
  C:\Windows\System\ZfQxKro.exe
  2⤵
  PID:2600
- C:\Windows\System\VnHFXqT.exe
  C:\Windows\System\VnHFXqT.exe
  2⤵
  PID:1644
- C:\Windows\System\uXSCVYQ.exe
  C:\Windows\System\uXSCVYQ.exe
  2⤵
  PID:1564
- C:\Windows\System\QIdsiAZ.exe
  C:\Windows\System\QIdsiAZ.exe
  2⤵
  PID:1844
- C:\Windows\System\mCPBLry.exe
  C:\Windows\System\mCPBLry.exe
  2⤵
  PID:2224
- C:\Windows\System\sPfMXgT.exe
  C:\Windows\System\sPfMXgT.exe
  2⤵
  PID:9088
- C:\Windows\System\KbNZIcJ.exe
  C:\Windows\System\KbNZIcJ.exe
  2⤵
  PID:9112
- C:\Windows\System\obQKeWJ.exe
  C:\Windows\System\obQKeWJ.exe
  2⤵
  PID:9184
- C:\Windows\System\RCqPmxR.exe
  C:\Windows\System\RCqPmxR.exe
  2⤵
  PID:7580
- C:\Windows\System\eoMNtWH.exe
  C:\Windows\System\eoMNtWH.exe
  2⤵
  PID:9200
- C:\Windows\System\CFjrXPX.exe
  C:\Windows\System\CFjrXPX.exe
  2⤵
  PID:2848
- C:\Windows\System\MgjCLya.exe
  C:\Windows\System\MgjCLya.exe
  2⤵
  PID:7876
- C:\Windows\System\nlMtatO.exe
  C:\Windows\System\nlMtatO.exe
  2⤵
  PID:8096
- C:\Windows\System\cmjJSez.exe
  C:\Windows\System\cmjJSez.exe
  2⤵
  PID:8284
- C:\Windows\System\pRwOmWF.exe
  C:\Windows\System\pRwOmWF.exe
  2⤵
  PID:8304
- C:\Windows\System\AMYfXSk.exe
  C:\Windows\System\AMYfXSk.exe
  2⤵
  PID:8336
- C:\Windows\System\aYpLdgX.exe
  C:\Windows\System\aYpLdgX.exe
  2⤵
  PID:8376
- C:\Windows\System\hefNyMW.exe
  C:\Windows\System\hefNyMW.exe
  2⤵
  PID:8428
- C:\Windows\System\ObPTeoY.exe
  C:\Windows\System\ObPTeoY.exe
  2⤵
  PID:8416
- C:\Windows\System\DwtRAyX.exe
  C:\Windows\System\DwtRAyX.exe
  2⤵
  PID:8492
- C:\Windows\System\oLEARMV.exe
  C:\Windows\System\oLEARMV.exe
  2⤵
  PID:8592
- C:\Windows\System\AVDJwKf.exe
  C:\Windows\System\AVDJwKf.exe
  2⤵
  PID:8628
- C:\Windows\System\GEuYrLy.exe
  C:\Windows\System\GEuYrLy.exe
  2⤵
  PID:8672
- C:\Windows\System\QPpTukk.exe
  C:\Windows\System\QPpTukk.exe
  2⤵
  PID:8652
- C:\Windows\System\KjEeltb.exe
  C:\Windows\System\KjEeltb.exe
  2⤵
  PID:2644
- C:\Windows\System\jZvIlEI.exe
  C:\Windows\System\jZvIlEI.exe
  2⤵
  PID:2664
- C:\Windows\System\SvADOWQ.exe
  C:\Windows\System\SvADOWQ.exe
  2⤵
  PID:8836
- C:\Windows\System\lRZBFBf.exe
  C:\Windows\System\lRZBFBf.exe
  2⤵
  PID:8568
- C:\Windows\System\MVUHTVO.exe
  C:\Windows\System\MVUHTVO.exe
  2⤵
  PID:2880
- C:\Windows\System\BOKTrXU.exe
  C:\Windows\System\BOKTrXU.exe
  2⤵
  PID:8992
- C:\Windows\System\valTvQZ.exe
  C:\Windows\System\valTvQZ.exe
  2⤵
  PID:9020
- C:\Windows\System\grIEDVp.exe
  C:\Windows\System\grIEDVp.exe
  2⤵
  PID:2996
- C:\Windows\System\qkEKOQb.exe
  C:\Windows\System\qkEKOQb.exe
  2⤵
  PID:1112
- C:\Windows\System\xwzKoAn.exe
  C:\Windows\System\xwzKoAn.exe
  2⤵
  PID:1912
- C:\Windows\System\LBDzIDh.exe
  C:\Windows\System\LBDzIDh.exe
  2⤵
  PID:1672
- C:\Windows\System\oJQVHtQ.exe
  C:\Windows\System\oJQVHtQ.exe
  2⤵
  PID:9040
- C:\Windows\System\qvMkDcy.exe
  C:\Windows\System\qvMkDcy.exe
  2⤵
  PID:1708
- C:\Windows\System\NDODsZh.exe
  C:\Windows\System\NDODsZh.exe
  2⤵
  PID:9072
- C:\Windows\System\BYtRjpu.exe
  C:\Windows\System\BYtRjpu.exe
  2⤵
  PID:9168
- C:\Windows\System\IEcHcgB.exe
  C:\Windows\System\IEcHcgB.exe
  2⤵
  PID:8020
- C:\Windows\System\gPuugxp.exe
  C:\Windows\System\gPuugxp.exe
  2⤵
  PID:7068
- C:\Windows\System\USuHibX.exe
  C:\Windows\System\USuHibX.exe
  2⤵
  PID:7620
- C:\Windows\System\GMSFIvp.exe
  C:\Windows\System\GMSFIvp.exe
  2⤵
  PID:8244
- C:\Windows\System\oBMyUfC.exe
  C:\Windows\System\oBMyUfC.exe
  2⤵
  PID:2804
- C:\Windows\System\EfDyqKM.exe
  C:\Windows\System\EfDyqKM.exe
  2⤵
  PID:8392
- C:\Windows\System\VNXyyVb.exe
  C:\Windows\System\VNXyyVb.exe
  2⤵
  PID:2524
- C:\Windows\System\JhTbrUC.exe
  C:\Windows\System\JhTbrUC.exe
  2⤵
  PID:8512
- C:\Windows\System\zhgBOcr.exe
  C:\Windows\System\zhgBOcr.exe
  2⤵
  PID:8788
- C:\Windows\System\cXJfbjs.exe
  C:\Windows\System\cXJfbjs.exe
  2⤵
  PID:8944
- C:\Windows\System\fwhnOYe.exe
  C:\Windows\System\fwhnOYe.exe
  2⤵
  PID:8940
- C:\Windows\System\XqikjEa.exe
  C:\Windows\System\XqikjEa.exe
  2⤵
  PID:9024
- C:\Windows\System\niRJefz.exe
  C:\Windows\System\niRJefz.exe
  2⤵
  PID:9076
- C:\Windows\System\aQquoPa.exe
  C:\Windows\System\aQquoPa.exe
  2⤵
  PID:9144
- C:\Windows\System\GqtYjBw.exe
  C:\Windows\System\GqtYjBw.exe
  2⤵
  PID:8272
- C:\Windows\System\VTwcHOk.exe
  C:\Windows\System\VTwcHOk.exe
  2⤵
  PID:9180
- C:\Windows\System\oAxwBpk.exe
  C:\Windows\System\oAxwBpk.exe
  2⤵
  PID:2792
- C:\Windows\System\oKOYnsr.exe
  C:\Windows\System\oKOYnsr.exe
  2⤵
  PID:2132
- C:\Windows\System\BGFdhjg.exe
  C:\Windows\System\BGFdhjg.exe
  2⤵
  PID:8408
- C:\Windows\System\QaJNjbt.exe
  C:\Windows\System\QaJNjbt.exe
  2⤵
  PID:8488
- C:\Windows\System\teGnojW.exe
  C:\Windows\System\teGnojW.exe
  2⤵
  PID:8772
- C:\Windows\System\cYxGqct.exe
  C:\Windows\System\cYxGqct.exe
  2⤵
  PID:8532
- C:\Windows\System\qmoeyCX.exe
  C:\Windows\System\qmoeyCX.exe
  2⤵
  PID:8856
- C:\Windows\System\NBwyHlS.exe
  C:\Windows\System\NBwyHlS.exe
  2⤵
  PID:8708
- C:\Windows\System\bmXAGoP.exe
  C:\Windows\System\bmXAGoP.exe
  2⤵
  PID:8812
- C:\Windows\System\miIybLT.exe
  C:\Windows\System\miIybLT.exe
  2⤵
  PID:8980
- C:\Windows\System\alJXIMi.exe
  C:\Windows\System\alJXIMi.exe
  2⤵
  PID:2604
- C:\Windows\System\wrmjaXT.exe
  C:\Windows\System\wrmjaXT.exe
  2⤵
  PID:9056
- C:\Windows\System\DAFjNKY.exe
  C:\Windows\System\DAFjNKY.exe
  2⤵
  PID:8228
- C:\Windows\System\CvSHqgE.exe
  C:\Windows\System\CvSHqgE.exe
  2⤵
  PID:8432
- C:\Windows\System\WLzXSPN.exe
  C:\Windows\System\WLzXSPN.exe
  2⤵
  PID:2956
- C:\Windows\System\iEokHdD.exe
  C:\Windows\System\iEokHdD.exe
  2⤵
  PID:9228
- C:\Windows\System\sgLafky.exe
  C:\Windows\System\sgLafky.exe
  2⤵
  PID:9244
- C:\Windows\System\uuaSnjn.exe
  C:\Windows\System\uuaSnjn.exe
  2⤵
  PID:9268
- C:\Windows\System\IXOfEek.exe
  C:\Windows\System\IXOfEek.exe
  2⤵
  PID:9284
- C:\Windows\System\LnwHjEC.exe
  C:\Windows\System\LnwHjEC.exe
  2⤵
  PID:9304
- C:\Windows\System\BJoFcAO.exe
  C:\Windows\System\BJoFcAO.exe
  2⤵
  PID:9320
- C:\Windows\System\ytwvhAx.exe
  C:\Windows\System\ytwvhAx.exe
  2⤵
  PID:9392
- C:\Windows\System\NeeIpKn.exe
  C:\Windows\System\NeeIpKn.exe
  2⤵
  PID:9408
- C:\Windows\System\RbOiaoi.exe
  C:\Windows\System\RbOiaoi.exe
  2⤵
  PID:9428
- C:\Windows\System\lpRsCof.exe
  C:\Windows\System\lpRsCof.exe
  2⤵
  PID:9444
- C:\Windows\System\usupUeY.exe
  C:\Windows\System\usupUeY.exe
  2⤵
  PID:9460
- C:\Windows\System\BxHQkUF.exe
  C:\Windows\System\BxHQkUF.exe
  2⤵
  PID:9476
- C:\Windows\System\YjgvmzH.exe
  C:\Windows\System\YjgvmzH.exe
  2⤵
  PID:9492
- C:\Windows\System\ojmrDnP.exe
  C:\Windows\System\ojmrDnP.exe
  2⤵
  PID:9508
- C:\Windows\System\KaICsOk.exe
  C:\Windows\System\KaICsOk.exe
  2⤵
  PID:9528
- C:\Windows\System\dqfcprM.exe
  C:\Windows\System\dqfcprM.exe
  2⤵
  PID:9548
- C:\Windows\System\LjWlBOU.exe
  C:\Windows\System\LjWlBOU.exe
  2⤵
  PID:9564
- C:\Windows\System\unWVYgP.exe
  C:\Windows\System\unWVYgP.exe
  2⤵
  PID:9580
- C:\Windows\System\HZJOlqA.exe
  C:\Windows\System\HZJOlqA.exe
  2⤵
  PID:9596
- C:\Windows\System\szQouTv.exe
  C:\Windows\System\szQouTv.exe
  2⤵
  PID:9616
- C:\Windows\System\hvQZoKt.exe
  C:\Windows\System\hvQZoKt.exe
  2⤵
  PID:9632
- C:\Windows\System\hAOaZyj.exe
  C:\Windows\System\hAOaZyj.exe
  2⤵
  PID:9648
- C:\Windows\System\mzWqfvq.exe
  C:\Windows\System\mzWqfvq.exe
  2⤵
  PID:9664
- C:\Windows\System\WVlgxdP.exe
  C:\Windows\System\WVlgxdP.exe
  2⤵
  PID:9680
- C:\Windows\System\WJTQRUY.exe
  C:\Windows\System\WJTQRUY.exe
  2⤵
  PID:9696
- C:\Windows\System\OlLWxfM.exe
  C:\Windows\System\OlLWxfM.exe
  2⤵
  PID:9712
- C:\Windows\System\RsmKtyt.exe
  C:\Windows\System\RsmKtyt.exe
  2⤵
  PID:9728
- C:\Windows\System\wbQEgRk.exe
  C:\Windows\System\wbQEgRk.exe
  2⤵
  PID:9744
- C:\Windows\System\TjiMklw.exe
  C:\Windows\System\TjiMklw.exe
  2⤵
  PID:9764
- C:\Windows\System\JexkEQC.exe
  C:\Windows\System\JexkEQC.exe
  2⤵
  PID:9788
- C:\Windows\System\CgrIYly.exe
  C:\Windows\System\CgrIYly.exe
  2⤵
  PID:9804
- C:\Windows\System\sgDxmCy.exe
  C:\Windows\System\sgDxmCy.exe
  2⤵
  PID:9820
- C:\Windows\System\hnPerVQ.exe
  C:\Windows\System\hnPerVQ.exe
  2⤵
  PID:9836
- C:\Windows\System\eTWMUgy.exe
  C:\Windows\System\eTWMUgy.exe
  2⤵
  PID:9856
- C:\Windows\System\MuiGRzL.exe
  C:\Windows\System\MuiGRzL.exe
  2⤵
  PID:9872
- C:\Windows\System\uxwDTzZ.exe
  C:\Windows\System\uxwDTzZ.exe
  2⤵
  PID:9888
- C:\Windows\System\rZzImhq.exe
  C:\Windows\System\rZzImhq.exe
  2⤵
  PID:9904
- C:\Windows\System\rBpHZeP.exe
  C:\Windows\System\rBpHZeP.exe
  2⤵
  PID:9924
- C:\Windows\System\pJawtAD.exe
  C:\Windows\System\pJawtAD.exe
  2⤵
  PID:9940
- C:\Windows\System\AUUOyBY.exe
  C:\Windows\System\AUUOyBY.exe
  2⤵
  PID:9956
- C:\Windows\System\OIfjtsO.exe
  C:\Windows\System\OIfjtsO.exe
  2⤵
  PID:9972
- C:\Windows\System\QmxpWCw.exe
  C:\Windows\System\QmxpWCw.exe
  2⤵
  PID:9992
- C:\Windows\System\OcvcbXk.exe
  C:\Windows\System\OcvcbXk.exe
  2⤵
  PID:10008
- C:\Windows\System\hBVDXvJ.exe
  C:\Windows\System\hBVDXvJ.exe
  2⤵
  PID:10024
- C:\Windows\System\MbNIqCY.exe
  C:\Windows\System\MbNIqCY.exe
  2⤵
  PID:10040
- C:\Windows\System\BWcGveF.exe
  C:\Windows\System\BWcGveF.exe
  2⤵
  PID:10056
- C:\Windows\System\rGfyQOq.exe
  C:\Windows\System\rGfyQOq.exe
  2⤵
  PID:10072
- C:\Windows\System\ZUyOiQv.exe
  C:\Windows\System\ZUyOiQv.exe
  2⤵
  PID:10100
- C:\Windows\System\toHCtpK.exe
  C:\Windows\System\toHCtpK.exe
  2⤵
  PID:10116
- C:\Windows\System\QqAOacW.exe
  C:\Windows\System\QqAOacW.exe
  2⤵
  PID:10132
- C:\Windows\System\ckiWQYZ.exe
  C:\Windows\System\ckiWQYZ.exe
  2⤵
  PID:10152
- C:\Windows\System\mQCqefg.exe
  C:\Windows\System\mQCqefg.exe
  2⤵
  PID:10212
- C:\Windows\System\MGtBiMz.exe
  C:\Windows\System\MGtBiMz.exe
  2⤵
  PID:10228
- C:\Windows\System\FMflogW.exe
  C:\Windows\System\FMflogW.exe
  2⤵
  PID:8616
- C:\Windows\System\LsqNRwR.exe
  C:\Windows\System\LsqNRwR.exe
  2⤵
  PID:8596
- C:\Windows\System\SkToVFT.exe
  C:\Windows\System\SkToVFT.exe
  2⤵
  PID:8868
- C:\Windows\System\eqEaDEM.exe
  C:\Windows\System\eqEaDEM.exe
  2⤵
  PID:7376
- C:\Windows\System\YEHMSvP.exe
  C:\Windows\System\YEHMSvP.exe
  2⤵
  PID:9296
- C:\Windows\System\OWEykPI.exe
  C:\Windows\System\OWEykPI.exe
  2⤵
  PID:9344
- C:\Windows\System\HqlKYTD.exe
  C:\Windows\System\HqlKYTD.exe
  2⤵
  PID:9360
- C:\Windows\System\GvMxWQW.exe
  C:\Windows\System\GvMxWQW.exe
  2⤵
  PID:8448
- C:\Windows\System\VJPgErp.exe
  C:\Windows\System\VJPgErp.exe
  2⤵
  PID:9220
- C:\Windows\System\HFuZPiy.exe
  C:\Windows\System\HFuZPiy.exe
  2⤵
  PID:9332
- C:\Windows\System\iFikSaU.exe
  C:\Windows\System\iFikSaU.exe
  2⤵
  PID:9376
- C:\Windows\System\pmRGqxe.exe
  C:\Windows\System\pmRGqxe.exe
  2⤵
  PID:9404
- C:\Windows\System\UVzMTUf.exe
  C:\Windows\System\UVzMTUf.exe
  2⤵
  PID:9472
- C:\Windows\System\tIinxNK.exe
  C:\Windows\System\tIinxNK.exe
  2⤵
  PID:9544
- C:\Windows\System\KqQVuTg.exe
  C:\Windows\System\KqQVuTg.exe
  2⤵
  PID:9608
- C:\Windows\System\njikeew.exe
  C:\Windows\System\njikeew.exe
  2⤵
  PID:9420
- C:\Windows\System\HbHDRPr.exe
  C:\Windows\System\HbHDRPr.exe
  2⤵
  PID:9704
- C:\Windows\System\qtFlfNM.exe
  C:\Windows\System\qtFlfNM.exe
  2⤵
  PID:9456
- C:\Windows\System\TkbRcZk.exe
  C:\Windows\System\TkbRcZk.exe
  2⤵
  PID:9520
- C:\Windows\System\fPwxCaA.exe
  C:\Windows\System\fPwxCaA.exe
  2⤵
  PID:9588
- C:\Windows\System\pNoWaDx.exe
  C:\Windows\System\pNoWaDx.exe
  2⤵
  PID:9736
- C:\Windows\System\FythSkT.exe
  C:\Windows\System\FythSkT.exe
  2⤵
  PID:9772
- C:\Windows\System\wgxIwyL.exe
  C:\Windows\System\wgxIwyL.exe
  2⤵
  PID:9724
- C:\Windows\System\CjyoLcw.exe
  C:\Windows\System\CjyoLcw.exe
  2⤵
  PID:9780
- C:\Windows\System\XEnPmIo.exe
  C:\Windows\System\XEnPmIo.exe
  2⤵
  PID:9816
- C:\Windows\System\fdpERVV.exe
  C:\Windows\System\fdpERVV.exe
  2⤵
  PID:9880
- C:\Windows\System\JdRGzMF.exe
  C:\Windows\System\JdRGzMF.exe
  2⤵
  PID:9832
- C:\Windows\System\uksQDWq.exe
  C:\Windows\System\uksQDWq.exe
  2⤵
  PID:9896
- C:\Windows\System\caAskiY.exe
  C:\Windows\System\caAskiY.exe
  2⤵
  PID:9948
- C:\Windows\System\zBpoOXj.exe
  C:\Windows\System\zBpoOXj.exe
  2⤵
  PID:9932
- C:\Windows\System\tVeAFvI.exe
  C:\Windows\System\tVeAFvI.exe
  2⤵
  PID:9988
- C:\Windows\System\djdPhgd.exe
  C:\Windows\System\djdPhgd.exe
  2⤵
  PID:10048
- C:\Windows\System\oFbupvz.exe
  C:\Windows\System\oFbupvz.exe
  2⤵
  PID:10092
- C:\Windows\System\UgqqNuZ.exe
  C:\Windows\System\UgqqNuZ.exe
  2⤵
  PID:10004
- C:\Windows\System\VmLncQI.exe
  C:\Windows\System\VmLncQI.exe
  2⤵
  PID:10108
- C:\Windows\System\oaMjHwF.exe
  C:\Windows\System\oaMjHwF.exe
  2⤵
  PID:10160
- C:\Windows\System\jSHJhUS.exe
  C:\Windows\System\jSHJhUS.exe
  2⤵
  PID:10164
- C:\Windows\System\xtXpQoo.exe
  C:\Windows\System\xtXpQoo.exe
  2⤵
  PID:10168
- C:\Windows\System\PWnITnO.exe
  C:\Windows\System\PWnITnO.exe
  2⤵
  PID:10200
- C:\Windows\System\bUbeDYn.exe
  C:\Windows\System\bUbeDYn.exe
  2⤵
  PID:10220
- C:\Windows\System\DBdsxjp.exe
  C:\Windows\System\DBdsxjp.exe
  2⤵
  PID:9364
- C:\Windows\System\ruQNeop.exe
  C:\Windows\System\ruQNeop.exe
  2⤵
  PID:8368
- C:\Windows\System\NuTafaQ.exe
  C:\Windows\System\NuTafaQ.exe
  2⤵
  PID:8908
- C:\Windows\System\bARdqdU.exe
  C:\Windows\System\bARdqdU.exe
  2⤵
  PID:9240
- C:\Windows\System\BWsuDXu.exe
  C:\Windows\System\BWsuDXu.exe
  2⤵
  PID:9336
- C:\Windows\System\qjhAngf.exe
  C:\Windows\System\qjhAngf.exe
  2⤵
  PID:9236
- C:\Windows\System\QYbDFWr.exe
  C:\Windows\System\QYbDFWr.exe
  2⤵
  PID:9264
- C:\Windows\System\wiCbtXW.exe
  C:\Windows\System\wiCbtXW.exe
  2⤵
  PID:8808
- C:\Windows\System\suASKgk.exe
  C:\Windows\System\suASKgk.exe
  2⤵
  PID:9468
- C:\Windows\System\vqqaCPU.exe
  C:\Windows\System\vqqaCPU.exe
  2⤵
  PID:9676
- C:\Windows\System\edhFlIi.exe
  C:\Windows\System\edhFlIi.exe
  2⤵
  PID:9640
- C:\Windows\System\ZstdfUe.exe
  C:\Windows\System\ZstdfUe.exe
  2⤵
  PID:9624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BxVLdAC.exe

Filesize
6.0MB

MD5
8991fe5b02ad3a8df2047a45c6d1776c

SHA1
c92e8492b83c86dea1b256d7077b485d83bf2255

SHA256
7b11a63523f32c5ffa304677eb6bc1d646679779e0ccac5d813855ef96bf6c78

SHA512
d86b47d45c59fcace8fa4c1d1a4e9c2058789773983c35eb022a8ed514b4c1f8e43ccd6837b76b94faaa655665aeb0d94c2be5d3f0760d27dfe2f3c5386962e8

Download Submit
C:\Windows\system\FSiwkPk.exe

Filesize
6.0MB

MD5
df9868580f54b3db697e4caae2feda5f

SHA1
6e9f7d48159b4c68a4762fd899d8507e3cb54f03

SHA256
68f5e1ae93be5a41f954de7a4e66bb7aaa0733b64c3fe564ebe80385e1cd5fc5

SHA512
0a41ce5ee65f200d69a1db3678160399f95e96e68c7446616491ad060fe4238e6aa48eb883056e34899d1339b8ce2b573f322a61f24e5f2606b53e7e69702544

Download Submit
C:\Windows\system\GUzbQkG.exe

Filesize
6.0MB

MD5
dc9847712770049fc06d1e2487bd7148

SHA1
022f4ea020e26405a3b59950951ffa39f4923d22

SHA256
bfbf013ee44efc4c9cad4f0a8c3d2af47d7459c81e9209e9aba8ba84c6cf7f41

SHA512
abae9c4a1e6d92183e72952f2c9014bee8d60b91c5b006a84dd9f8252a18ed773b2e1a732f1a1cb1709c3b6fa5dadd19e74a98b89a5cbea3bec68b763c1fd6c3

Download Submit
C:\Windows\system\HaFINAz.exe

Filesize
6.0MB

MD5
b037b4a49588759ba5af697d59f96b28

SHA1
595b40da6787110db71b405a43c19be30029ca49

SHA256
798c1fd97e4e99c4a532b59c5dc6975a4f9bbedc8ec5c6c152b3b28ddd54f853

SHA512
a8f1b80fd92e2f529995a399ffe211ded7ca7f6ee5b45d389f9135613170675b5b18b6998cbdb17853f78c34f2f0399fb11456f08aa041bd7b6b595aa3d9e30b

Download Submit
C:\Windows\system\JTZUhpV.exe

Filesize
6.0MB

MD5
ca5c9ed6fd9436df5bd3fdd4ff028360

SHA1
93f0dbda1495cde20e7c8101746731bae5b0463c

SHA256
402a95370ed4fb315bdf5851218879bb6784eefeac1efbffe5a7ecaeab446df7

SHA512
4ad019b77a8b713fca3ad5856e7ff7372dc4165a4023c6a2420620da049a3f688a07dee3a7bb811e3531941a813845b4f90c509eabe541942b8939d23e695253

Download Submit
C:\Windows\system\JUypdiM.exe

Filesize
6.0MB

MD5
0d4cc2c7e68a992ab1d3235c89a67d6b

SHA1
4388ceebd135e715d25ae0ef9092976df217ecf7

SHA256
fe4e14174eccf2416b00bf8b79177066e4022751b8092cfff2040e9bf6cf1c17

SHA512
63fa940ecba3db866824fd36a04d83f7ceb41f2294c6e4bd3c36bed4a60c444968dffbe3e190a3fe73f5ecd295529b2c89f914d0a55099078208f5938dc2c526

Download Submit
C:\Windows\system\MiwQUej.exe

Filesize
6.0MB

MD5
42e6abc8369aadad8908d5128616b355

SHA1
f028159a01242d8ad88dbf32a6487dcf9b2c5898

SHA256
e532eb54de7d450e071bca1a448f5a47fae9a0c185b700fd7aafc07f4a8af530

SHA512
44add4f78950493c316ce3398135b55be9d17139e20a28aac8387c72abfa4df19c03dccf17ff9e2a78655607e6478e5c74f033e74ae04028af50b88e56e243cb

Download Submit
C:\Windows\system\MrLBvNu.exe

Filesize
6.0MB

MD5
1341f07e2e55c6b57f859b9b0f031f0b

SHA1
4978801786a902ddc004a8d648c3db8d8cda49e1

SHA256
424363364b11d534e97141f3951397fed492c6b66f3f8221ee4f546e7b5f1024

SHA512
ced0c7a954d61dce5b5825f46f5676b752dd1ae5334b7375c801818b6c7787d7d243e08ddcccb95f317d878b6134730e0bd4fa22a83bb8888dbd16ca7262a653

Download Submit
C:\Windows\system\PfjHVHx.exe

Filesize
6.0MB

MD5
4fa921f78e3243acdc3ef9cc091435de

SHA1
37a2abc60e58dc44ebf258609aef247219d317cb

SHA256
b2881ca89c28b93f42aaf992a35d0b339c0fc93f26b88f5b82f4a50744c6e467

SHA512
718da29cf10311e38fb6f4f41e2a269f09d9f7283347f9971376ebf76f8ea443c712692af405795d4d00ea61d01e40d1c2afc159ac54707adafe57e85da54b2c

Download Submit
C:\Windows\system\bMLDKbK.exe

Filesize
6.0MB

MD5
8c92227ac8400d6f497534bf90f0a7d8

SHA1
3cb8f8f24f283f6cbe208132e455bbeb83cc9d07

SHA256
50f977fd66095692d817d0218b09f4e6e788fd354a3da592dd156473fe0e1205

SHA512
fb03311746b9210b25512079aca58f800687d1001ba39c21356291d324746bf427ebce998412390fd5e49d0518b1826094e20581557c8ab46e88792d1ded4d54

Download Submit
C:\Windows\system\baXSCug.exe

Filesize
6.0MB

MD5
2819945c006b73136b335e82c87ba55a

SHA1
eda3cc2ec27610a0ada3c3caa42ad51a8abe2290

SHA256
2405efb502cd1deccdcb73cd7cb9b18907d03a26eab825e58e01403845a9fa58

SHA512
c6f5b8e96715a8440befe60426339412ba8adae230eb86e79130cda53827fb43622676f503a660378c5c26e248848fb0867f39058fd5ece409c2fad6b0e378c6

Download Submit
C:\Windows\system\doCQasN.exe

Filesize
6.0MB

MD5
4ab47211afb8f25c5de42d2496fae82a

SHA1
b4aa5d307d5bc136f6e015cfba2e9bfe0b380b7b

SHA256
c64f464b41daba847b4833558e1551d4c399a73fe7a9955017963d86abee3d0e

SHA512
25b48b1d670ce5b660da9647e0ad223ec91c8b425c9d76c1b693cf7e710d09ee864bc25b971e416f3f30fede1416f6340b6e2aeaebf65bae210dd8a0b9726ec5

Download Submit
C:\Windows\system\gkVRYRN.exe

Filesize
6.0MB

MD5
0c3ac53755032d38f0db3e88b5d05f9b

SHA1
09748d4294a0a373535b3bb69b02e12d5010cb36

SHA256
a41cde00ad0fd714cdc43fae81b59e21e74b2890fca682f03ef5298685e9dada

SHA512
d6c39263629dd3ced5917d69fe341c8e787abb3ed88ff2f605d688e79952fcc82f0426908c9a01758184fb0a2f0bebe84fa8af2a704919deef58ab429393a133

Download Submit
C:\Windows\system\heyuOxh.exe

Filesize
6.0MB

MD5
a995425add6e56640e1ae6c59d6c9d1b

SHA1
5f410f48a5b9420be94bd624978d7cb625ed8fdf

SHA256
4c8d2757aaaf8e9993d2ec4f6b608a3de228c1b18bdcdf99a81dfd8c8e24ca77

SHA512
4e94eeff96779bed25627f1bcfbd4e5fed7fc464eea9b7418677cebd0f677b7397c51e79fcb7eff1d6f33e75bc813d4aca717235af2e1219941e5a3e6b88720f

Download Submit
C:\Windows\system\iSdYwZY.exe

Filesize
6.0MB

MD5
8c98408de014675d3faaa94fdb0fe96a

SHA1
b3efc7fd665cb9c778561c432db1eecc2209ac9b

SHA256
93b131a964f4c5ee86f1d17889e3e0f40f9f1c0aa09360cfa3f2f387c5dc0da0

SHA512
3b7da4cc56b5f6ca032b85ba0114532f2cf38b4a62e9c8fec014cc2e52dcd55c249bb33bf9a5e5980acb3a8765c34812d84ab9fe15074bb9a91e45435fef9726

Download Submit
C:\Windows\system\irIbHPZ.exe

Filesize
6.0MB

MD5
96e1ee7c6839f27982fce8920b544716

SHA1
c95920281ae385ef3767e913227937f8f0cf18cf

SHA256
ab169cda6bd31cf5633cb8d22ba91b1cda44e58c18f73a837ff2cd9ed8ac4a26

SHA512
c5f66791c948e5f984929c014b84b58c52064a1d21b144dd20a24fa736ab4593119ec461d0e3c96d0827729e08fa9187afe9cf7b01b7691edafc547ca75f213b

Download Submit
C:\Windows\system\iyQaXvb.exe

Filesize
6.0MB

MD5
1595cfae4defa685c048073e1dd19220

SHA1
97dd962eb06a1fa39f419e375f5c0817fb02761d

SHA256
a0daba53b1d5afcd5332a83074ff15460cd3e18cb3404cd6892fdaa4638afd09

SHA512
259c1e079afed9348ddae8b963f2c3a84d7cc48da4ba61c0d4e615a67a6d534e0c1d3693dbc7e3dbeb7d98379bbcb52d4f19aa462a53abd3b99736a3ddabffe4

Download Submit
C:\Windows\system\lMDcnqA.exe

Filesize
6.0MB

MD5
a57c7dc292fb6dd8f8d57aaab1a71dba

SHA1
148e8a34e80098e230baa944e40650b00915a91f

SHA256
d1c323c6577eb5ac59a03585b4207163ddb406294667e86a790199e90205572e

SHA512
31367747633b1848fa8221507b05cca68f75b8e2be98f9459fba8c1c9e0999ccd23cdf70325cf7f25efe71a776babcd76558565d7f9f5d2b77dc7cd30a44e645

Download Submit
C:\Windows\system\lNyxbNa.exe

Filesize
6.0MB

MD5
b00fa1c6a8aac842fbcee8de02939627

SHA1
4085d88452d70ffc80ebbf0b456f958ef560b1dc

SHA256
0c364f1af9267557f282e96905777aba1124f81ecb0614bba089ba7420ff10fc

SHA512
4924c61daf511e83d34b59c2d6a60c6a4fc662bc0424a718b2d411fa0243ad19cf3f3dc1beddcf93d20992c73ebb66c294d39703e534f8916daf0b3092a3ccb2

Download Submit
C:\Windows\system\mqAFQxj.exe

Filesize
6.0MB

MD5
1e4510b4a0f321c600ab2e5d19c0791d

SHA1
88134527830f67e3c471636d1af73ae37c010794

SHA256
42733a079c91812a91011435bbf21219a403cf3dda2a3be44cf26605df3aa71a

SHA512
e2b9e0a064729212dd2c49bc4704238206638c711b225e5ed55e46cc2433e25679f0d8b9c9e2c9cc046a15534c63aa27efd7ea415f8b214d882c2b0c919865e0

Download Submit
C:\Windows\system\nRRQMwO.exe

Filesize
6.0MB

MD5
b645151e14c1aeafaaa691d3b5a4dc39

SHA1
84095d838538a1ae80f00ff20a02b2b562fadd57

SHA256
13a7d4af1bc1cd37bc6bd216c168bf3c3bcfefe526744c3d1e6973414aa99276

SHA512
198fba477c6566cc995c6a407dc20eb8206e714530f65089f7cc6fff498b3ab7a9e5af4ad70068abc9a91c51d92725b29e162c0514f99a5c82ed8cd6d6a222dd

Download Submit
C:\Windows\system\nobpSig.exe

Filesize
6.0MB

MD5
c5372f26e5d8fded0b45dd1799f124c9

SHA1
84abc09c73c7dcd3fcbd80fc98cb46e5eb90e35a

SHA256
83248fe8823ef37fa6d1e03c383dff2baf7bda60cf9c43c2751c7a3b7bb046a8

SHA512
47327e9d69142a8c9f65f5a771e7c7c390cbb5d89c7a8ff94dd091a5dafcb99de0d609d201d635beede42f9fd8ce6d1d7929ade9e5c527eaee0c088566d3d5b5

Download Submit
C:\Windows\system\oMgtuFJ.exe

Filesize
6.0MB

MD5
056fa8d8cb447c7b678b148d81ca1616

SHA1
490a0d4f360de06708f80d8be85b35b07a50261c

SHA256
cc15f2288a281e430d600748344258f92c3804c098e3ea301be2f7b5e668d214

SHA512
f5d1d3d38ab37164c2906403de5e5d847b65515bc806670803545de99b6ded3b8118ec204cc6417a7ec854af35559f7bd3b8cb06d64e3adcd16daa33659db892

Download Submit
C:\Windows\system\oMiumXm.exe

Filesize
6.0MB

MD5
c1211b1dc45efffc0ecfebaf45a99c41

SHA1
5c3be8e5530c02c4153bed5c008966847521e2d3

SHA256
fc88cffe1ccf92fab96ae36a4a260a8df40f28ac0f2206e55a3d57162d53cc2a

SHA512
ab2aec2dd95fdb0b1d5e4356bf1dd249429a712e7086c5e7b4d7d6f0f583b6c6cda86e4347bdf144a1aeb155260137c7c393e3ab97d0bde1def6b0acff1ea3d5

Download Submit
C:\Windows\system\pPNXbJW.exe

Filesize
6.0MB

MD5
bce4b9ac1bc4503a446d0b37e4792bfc

SHA1
f7dc0659388649228cd259c9167da2050f259571

SHA256
b0bbf5501b0da76e4e1b2388c0c802c66f25dd008235d97e3b60f698fc5b23af

SHA512
9accd8b214a8407871fcbb44e6c50ed6081f9140f1d20f7c5cd3ea055c8aaa0816480c7a8071677aea45ef21ec7119da37e7da94dd582acbaf46c111011218d2

Download Submit
C:\Windows\system\udGIRLG.exe

Filesize
6.0MB

MD5
07c1474bd30110ea295cbe693a966b96

SHA1
2860703930a1f997ea8b86e50f9fed7947fa0c01

SHA256
bd4d49d39cb76f3a41521b1327109ab9d35def9089d343debe7b2a6e3a7c7321

SHA512
7b7d176b37e237bc11e3d84b920bdcbfe6d4ce979544bb150892fa03d185b277f76a79a3ef21a28e82dce2f504e11881dc20e95dc002b249825856430de6c1cf

Download Submit
C:\Windows\system\vDNnUcc.exe

Filesize
6.0MB

MD5
759d4fde37902652f0f4c2da64d60d06

SHA1
e8536e2ef7f5ef09aa0ce35dfe41c7582d8370c3

SHA256
ca9838554ffc05b2fc2c35abd7dae65312a3b97c253ea7c8276a992219cd07c5

SHA512
d34b7664b8364bc210e397646ee594b82790eec23b467bb845919502ce7079b4ea0b5a1584e6e440e9c4a195f1f49efec3d415e44f60034c528184856b6b9f5c

Download Submit
C:\Windows\system\xiGVDzU.exe

Filesize
6.0MB

MD5
f02b1dd6ca7d028562d10cd73dda7d45

SHA1
60d09af2a6459d038aac5c2ec86471b2ae382542

SHA256
54b21a9e636910471d958d47aa918da8d042a3b26b2a3631cdcd3febffa8f172

SHA512
3789daa515a05c40d6191a51d4a25155c84998b1f7e4cc7de428b3437bc27c786229031cd8ee3ae6461601d536d041697dab21c5b31c6a950980b94372910491

Download Submit
\Windows\system\OmpAwjl.exe

Filesize
6.0MB

MD5
1665021c15467a6b8e474d8df4e26ace

SHA1
37f1173a22faeffdbd68c9fb5e01582bc79daff0

SHA256
d5de2fde9ffc612e5fd3a140bfd1146a7c79dec1f7632e8b1b0f62cd8c989130

SHA512
8f37f8e66e445b6b0fa9a26d3b99052a3c76755550fbd699e1b7b6378ab49ecd5a1276be615bd3ec76fb95ffb119b1dbf09c322fb0d31602d7aa43602f336aaf

Download Submit
\Windows\system\dhdasrq.exe

Filesize
6.0MB

MD5
e592c444df2e988f902501fb8ce0de6d

SHA1
4ccf90fa0cbad6dae4ee94f742cdae9b4a36fa40

SHA256
629633f82d8504bda056beb58f43950695ad2a403eac10a995463266ad766114

SHA512
510c1e2efff8c49ce7c48866565e7392006138342e3b79228de601c586c102f8844bf0fd7cb48376cdf9ea5b9b18eae828e23d3c23aa8242c8f29dd1b3f9fcf6

Download Submit
\Windows\system\lRNrVSs.exe

Filesize
6.0MB

MD5
d3773f64674996b8d99263cd801604cf

SHA1
dda1344358f666c4433d03d08c72807c3f5199f7

SHA256
ecf0ae4008197808da63e8f6fe395ba80d1968d95563d9c4660558b9399e8cdf

SHA512
a8937524b4e35a26ca86083ff70aa9bacc0335955b2007bacb3167202b58c47c8dbbb39b3f3d0ffbfadc7e06bd537e6719d0f2095862d15ef1a7d00cb915629e

Download Submit
\Windows\system\sYeHtbz.exe

Filesize
6.0MB

MD5
006bd845a994721cdd8b1558c040382b

SHA1
d1739f16b254f0ccb95e3cd93ae75119db714ee5

SHA256
ae06010537f801c1c6a00d99b4bcdbec1b30f7945d3791857dc396bcbab230cb

SHA512
9b2ab5806238684a800b164f419b5c8a7d8626c6c3e2feb52a8ddfc7e92b07fd6012fe3dc9f81d783ac97d1468a91bdfd6ce5164b3586dab7f75b5d09d85a98e

Download Submit
\Windows\system\tbPRQEP.exe

Filesize
6.0MB

MD5
d5ee8d6b8210fd306bb48152245a90fc

SHA1
747aafef54785e12fe5e0f8687a124261929f332

SHA256
47b7cc90128911b7e2326dbfeb5a3fca9d775c584d61b353c68b8903950b5bbb

SHA512
4495423fe64c87120d765a6c73692b27157fda9bcafda6f1698c05dc64c6c1a1fc23576b48b16cfb3147da24db394e6c005596ef98932ad39afabd46fbac639b

Download Submit
memory/1620-0-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1620-2583-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1620-3051-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1620-3076-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2582-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2308-3872-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download