cobaltstrike | 8dab6c5adcf114dbef6fad2dddc064b5f20ba1bd47f40f1d71d9020047856424

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/01/2025, 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

637e38691b8169408f79cd42d60d7c20
SHA1

bb05b8aa27970a28d5b2f182d79b9ff6e2d81598
SHA256

8dab6c5adcf114dbef6fad2dddc064b5f20ba1bd47f40f1d71d9020047856424
SHA512

771b338893538c38a8f7afb6fe8db6cc6193cd6f70c9cbeb03f3b542923d2ec5ead27e787574a6c91f3063630dd0c731674077353dae89605ca67d215587966c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU0:T+q56utgpPF8u/70

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016edb-8.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001707c-10.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173f3-21.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001746a-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017403-26.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019485-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947d-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019479-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-50.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174c3-45.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174a6-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017488-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 36 IoCs

miner

resource	yara_rule
behavioral1/memory/2100-0-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-6.dat	xmrig
behavioral1/files/0x0008000000016edb-8.dat	xmrig
behavioral1/files/0x000800000001707c-10.dat	xmrig
behavioral1/files/0x00080000000173f3-21.dat	xmrig
behavioral1/files/0x000700000001746a-30.dat	xmrig
behavioral1/files/0x0007000000017403-26.dat	xmrig
behavioral1/files/0x000500000001926c-55.dat	xmrig
behavioral1/files/0x0005000000019278-65.dat	xmrig
behavioral1/files/0x0005000000019319-75.dat	xmrig
behavioral1/files/0x0005000000019377-85.dat	xmrig
behavioral1/files/0x00050000000193c1-105.dat	xmrig
behavioral1/files/0x0005000000019450-120.dat	xmrig
behavioral1/files/0x000500000001946a-134.dat	xmrig
behavioral1/files/0x00050000000194df-161.dat	xmrig
behavioral1/files/0x0005000000019485-151.dat	xmrig
behavioral1/files/0x00050000000194d7-155.dat	xmrig
behavioral1/files/0x000500000001947d-145.dat	xmrig
behavioral1/files/0x0005000000019479-138.dat	xmrig
behavioral1/files/0x0005000000019465-137.dat	xmrig
behavioral1/files/0x000500000001945b-125.dat	xmrig
behavioral1/files/0x0005000000019446-115.dat	xmrig
behavioral1/files/0x0005000000019433-110.dat	xmrig
behavioral1/files/0x00050000000193b3-100.dat	xmrig
behavioral1/files/0x00050000000193a4-95.dat	xmrig
behavioral1/files/0x0005000000019387-90.dat	xmrig
behavioral1/files/0x0005000000019365-80.dat	xmrig
behavioral1/files/0x000500000001929a-70.dat	xmrig
behavioral1/files/0x0005000000019275-60.dat	xmrig
behavioral1/files/0x0005000000019268-50.dat	xmrig
behavioral1/files/0x00080000000174c3-45.dat	xmrig
behavioral1/files/0x00080000000174a6-41.dat	xmrig
behavioral1/files/0x0007000000017488-36.dat	xmrig
behavioral1/memory/3044-2595-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2100-3141-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/3044-3969-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3044	oODChfr.exe
2064	oopcPtM.exe
2368	LKVfnUb.exe
2524	nDIzIEn.exe
2848	MlYkwbH.exe
2336	tLaTUST.exe
2752	UXZTjUG.exe
2868	epJvphz.exe
2448	XeLFQCF.exe
2492	XJUdCdd.exe
2188	hSIOTRU.exe
2792	AyzMrFE.exe
2740	nSxhivd.exe
2808	YzdGaqv.exe
2632	ETxQKIn.exe
2772	axnzSEI.exe
2880	uMMsoOq.exe
2604	oLNlngX.exe
1496	imEXyrL.exe
1644	MMtcdjm.exe
1716	CPVEaBv.exe
1728	ATCZMQk.exe
2028	wkuaWpU.exe
272	HdrhDYd.exe
2140	BWdLRnw.exe
2904	NPrgTfm.exe
2784	VaUTCuO.exe
1564	uPgvJGQ.exe
2700	syZIZUK.exe
2956	StddvcC.exe
236	ZFbzvak.exe
2580	LmlEczs.exe
632	ymuKSzO.exe
1980	jkOHRLH.exe
288	rmWQmwu.exe
1108	pxPoazd.exe
1688	cRLnYhg.exe
1464	fCUbaWt.exe
1632	OjIWkCh.exe
1640	tYVDxsL.exe
1212	eTBkyzj.exe
1468	TmJWNwN.exe
572	bNbeoUF.exe
2344	RvXSWCE.exe
3020	gcwQzbS.exe
2248	ITAzZkT.exe
2332	cUMMhle.exe
1400	NNyapih.exe
1896	fHTElwK.exe
1456	Liugiyq.exe
2512	ChRZrAD.exe
1200	roDMDeR.exe
876	WdZMVCu.exe
2144	OQgDNGS.exe
1488	diePJGp.exe
2148	ASXDDjB.exe
2128	pHyWiKG.exe
2516	UUUfLLD.exe
2152	LXjjjtf.exe
2804	jhJTMBW.exe
2760	dabGicE.exe
2720	BAVmrzD.exe
2704	yeicBcv.exe
280	NiedHSk.exe

Loads dropped DLL 64 IoCs

pid	Process
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 36 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2100-0-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x0007000000012118-6.dat	upx
behavioral1/files/0x0008000000016edb-8.dat	upx
behavioral1/files/0x000800000001707c-10.dat	upx
behavioral1/files/0x00080000000173f3-21.dat	upx
behavioral1/files/0x000700000001746a-30.dat	upx
behavioral1/files/0x0007000000017403-26.dat	upx
behavioral1/files/0x000500000001926c-55.dat	upx
behavioral1/files/0x0005000000019278-65.dat	upx
behavioral1/files/0x0005000000019319-75.dat	upx
behavioral1/files/0x0005000000019377-85.dat	upx
behavioral1/files/0x00050000000193c1-105.dat	upx
behavioral1/files/0x0005000000019450-120.dat	upx
behavioral1/files/0x000500000001946a-134.dat	upx
behavioral1/files/0x00050000000194df-161.dat	upx
behavioral1/files/0x0005000000019485-151.dat	upx
behavioral1/files/0x00050000000194d7-155.dat	upx
behavioral1/files/0x000500000001947d-145.dat	upx
behavioral1/files/0x0005000000019479-138.dat	upx
behavioral1/files/0x0005000000019465-137.dat	upx
behavioral1/files/0x000500000001945b-125.dat	upx
behavioral1/files/0x0005000000019446-115.dat	upx
behavioral1/files/0x0005000000019433-110.dat	upx
behavioral1/files/0x00050000000193b3-100.dat	upx
behavioral1/files/0x00050000000193a4-95.dat	upx
behavioral1/files/0x0005000000019387-90.dat	upx
behavioral1/files/0x0005000000019365-80.dat	upx
behavioral1/files/0x000500000001929a-70.dat	upx
behavioral1/files/0x0005000000019275-60.dat	upx
behavioral1/files/0x0005000000019268-50.dat	upx
behavioral1/files/0x00080000000174c3-45.dat	upx
behavioral1/files/0x00080000000174a6-41.dat	upx
behavioral1/files/0x0007000000017488-36.dat	upx
behavioral1/memory/3044-2595-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2100-3141-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/3044-3969-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QjNlxKl.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\drHOrlI.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzyNYHg.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwVcwwy.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iIpaVsJ.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFUODxr.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpEraWI.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KAVvMcm.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPQOKkW.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDZFGIq.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gunzejd.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hSRkgyW.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XvgkQCq.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\twymELj.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXfIfub.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWXnfjF.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XvnZWNY.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XivAosj.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkWIcWd.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eSQpjQu.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWZHPKb.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zxHmzLb.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\knVEsbg.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OPkozeB.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UUUfLLD.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UMZaNtO.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSyxsDg.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jknnBsn.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OtmaNFv.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhPXCMs.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXnnkyF.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrrLWLY.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fBRVlZv.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUXQqYF.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\janSGEM.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWPXVmd.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FabPwro.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmXFHhM.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvgNBVk.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfUmDKP.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPszngC.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLGfxqN.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\McxKJVA.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDUUsyT.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPTJjYi.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qSDciKL.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kebfpfI.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydehTPu.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\swVZeIs.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfjOcGE.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\epavwxu.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohYKOUw.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVRmHls.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWdJmQG.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FdVDSiS.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lErxxku.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfxNhuM.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gcwQzbS.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybyCFnX.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IlcUNKX.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCLNThO.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TASAEUJ.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnOvOgh.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyXrNLX.exe	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 3044	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2100 wrote to memory of 3044	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2100 wrote to memory of 3044	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2100 wrote to memory of 2064	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2064	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2064	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2368	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 2368	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 2368	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 2524	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 2524	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 2524	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 2848	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2848	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2848	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2336	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2336	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2336	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2752	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2752	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2752	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2868	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2868	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2868	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2448	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2448	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2448	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2492	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2492	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2492	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2188	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 2188	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 2188	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 2792	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 2792	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 2792	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 2740	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 2740	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 2740	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 2808	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 2808	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 2808	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 2632	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 2632	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 2632	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 2772	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 2772	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 2772	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 2880	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 2880	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 2880	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 2604	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 2604	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 2604	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 1496	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 1496	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 1496	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 1644	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 1644	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 1644	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 1716	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 1716	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 1716	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 1728	2100	2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_637e38691b8169408f79cd42d60d7c20_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\System\oODChfr.exe
  C:\Windows\System\oODChfr.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\oopcPtM.exe
  C:\Windows\System\oopcPtM.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\LKVfnUb.exe
  C:\Windows\System\LKVfnUb.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\nDIzIEn.exe
  C:\Windows\System\nDIzIEn.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\MlYkwbH.exe
  C:\Windows\System\MlYkwbH.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\tLaTUST.exe
  C:\Windows\System\tLaTUST.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\UXZTjUG.exe
  C:\Windows\System\UXZTjUG.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\epJvphz.exe
  C:\Windows\System\epJvphz.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\XeLFQCF.exe
  C:\Windows\System\XeLFQCF.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\XJUdCdd.exe
  C:\Windows\System\XJUdCdd.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\hSIOTRU.exe
  C:\Windows\System\hSIOTRU.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\AyzMrFE.exe
  C:\Windows\System\AyzMrFE.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\nSxhivd.exe
  C:\Windows\System\nSxhivd.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\YzdGaqv.exe
  C:\Windows\System\YzdGaqv.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\ETxQKIn.exe
  C:\Windows\System\ETxQKIn.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\axnzSEI.exe
  C:\Windows\System\axnzSEI.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\uMMsoOq.exe
  C:\Windows\System\uMMsoOq.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\oLNlngX.exe
  C:\Windows\System\oLNlngX.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\imEXyrL.exe
  C:\Windows\System\imEXyrL.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\MMtcdjm.exe
  C:\Windows\System\MMtcdjm.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\CPVEaBv.exe
  C:\Windows\System\CPVEaBv.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\ATCZMQk.exe
  C:\Windows\System\ATCZMQk.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\wkuaWpU.exe
  C:\Windows\System\wkuaWpU.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\HdrhDYd.exe
  C:\Windows\System\HdrhDYd.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\BWdLRnw.exe
  C:\Windows\System\BWdLRnw.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\VaUTCuO.exe
  C:\Windows\System\VaUTCuO.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\NPrgTfm.exe
  C:\Windows\System\NPrgTfm.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\uPgvJGQ.exe
  C:\Windows\System\uPgvJGQ.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\syZIZUK.exe
  C:\Windows\System\syZIZUK.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\StddvcC.exe
  C:\Windows\System\StddvcC.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\ZFbzvak.exe
  C:\Windows\System\ZFbzvak.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\LmlEczs.exe
  C:\Windows\System\LmlEczs.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\ymuKSzO.exe
  C:\Windows\System\ymuKSzO.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\jkOHRLH.exe
  C:\Windows\System\jkOHRLH.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\rmWQmwu.exe
  C:\Windows\System\rmWQmwu.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\pxPoazd.exe
  C:\Windows\System\pxPoazd.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\cRLnYhg.exe
  C:\Windows\System\cRLnYhg.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\fCUbaWt.exe
  C:\Windows\System\fCUbaWt.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\OjIWkCh.exe
  C:\Windows\System\OjIWkCh.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\tYVDxsL.exe
  C:\Windows\System\tYVDxsL.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\eTBkyzj.exe
  C:\Windows\System\eTBkyzj.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\TmJWNwN.exe
  C:\Windows\System\TmJWNwN.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\bNbeoUF.exe
  C:\Windows\System\bNbeoUF.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\gcwQzbS.exe
  C:\Windows\System\gcwQzbS.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\RvXSWCE.exe
  C:\Windows\System\RvXSWCE.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\cUMMhle.exe
  C:\Windows\System\cUMMhle.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\ITAzZkT.exe
  C:\Windows\System\ITAzZkT.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\fHTElwK.exe
  C:\Windows\System\fHTElwK.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\NNyapih.exe
  C:\Windows\System\NNyapih.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\Liugiyq.exe
  C:\Windows\System\Liugiyq.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\ChRZrAD.exe
  C:\Windows\System\ChRZrAD.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\roDMDeR.exe
  C:\Windows\System\roDMDeR.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\WdZMVCu.exe
  C:\Windows\System\WdZMVCu.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\OQgDNGS.exe
  C:\Windows\System\OQgDNGS.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\diePJGp.exe
  C:\Windows\System\diePJGp.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\ASXDDjB.exe
  C:\Windows\System\ASXDDjB.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\pHyWiKG.exe
  C:\Windows\System\pHyWiKG.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\UUUfLLD.exe
  C:\Windows\System\UUUfLLD.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\LXjjjtf.exe
  C:\Windows\System\LXjjjtf.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\jhJTMBW.exe
  C:\Windows\System\jhJTMBW.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\dabGicE.exe
  C:\Windows\System\dabGicE.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\BAVmrzD.exe
  C:\Windows\System\BAVmrzD.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\yeicBcv.exe
  C:\Windows\System\yeicBcv.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\NiedHSk.exe
  C:\Windows\System\NiedHSk.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\rZlfnLa.exe
  C:\Windows\System\rZlfnLa.exe
  2⤵
  PID:2672
- C:\Windows\System\vufBmKf.exe
  C:\Windows\System\vufBmKf.exe
  2⤵
  PID:2228
- C:\Windows\System\usXXwBS.exe
  C:\Windows\System\usXXwBS.exe
  2⤵
  PID:1996
- C:\Windows\System\NGFtgEM.exe
  C:\Windows\System\NGFtgEM.exe
  2⤵
  PID:1908
- C:\Windows\System\ZyppjqB.exe
  C:\Windows\System\ZyppjqB.exe
  2⤵
  PID:1764
- C:\Windows\System\zCKAGYE.exe
  C:\Windows\System\zCKAGYE.exe
  2⤵
  PID:992
- C:\Windows\System\VLNoTVP.exe
  C:\Windows\System\VLNoTVP.exe
  2⤵
  PID:1924
- C:\Windows\System\pLrdqDi.exe
  C:\Windows\System\pLrdqDi.exe
  2⤵
  PID:2968
- C:\Windows\System\tqDhQQX.exe
  C:\Windows\System\tqDhQQX.exe
  2⤵
  PID:2216
- C:\Windows\System\fhSLdpb.exe
  C:\Windows\System\fhSLdpb.exe
  2⤵
  PID:2584
- C:\Windows\System\rJWLsQV.exe
  C:\Windows\System\rJWLsQV.exe
  2⤵
  PID:3016
- C:\Windows\System\edEDWGG.exe
  C:\Windows\System\edEDWGG.exe
  2⤵
  PID:1868
- C:\Windows\System\ybyCFnX.exe
  C:\Windows\System\ybyCFnX.exe
  2⤵
  PID:1180
- C:\Windows\System\XivAosj.exe
  C:\Windows\System\XivAosj.exe
  2⤵
  PID:1696
- C:\Windows\System\JFKxRcF.exe
  C:\Windows\System\JFKxRcF.exe
  2⤵
  PID:1592
- C:\Windows\System\IlcUNKX.exe
  C:\Windows\System\IlcUNKX.exe
  2⤵
  PID:1472
- C:\Windows\System\tIOefuu.exe
  C:\Windows\System\tIOefuu.exe
  2⤵
  PID:852
- C:\Windows\System\AxlJTrc.exe
  C:\Windows\System\AxlJTrc.exe
  2⤵
  PID:2104
- C:\Windows\System\AZcpOAu.exe
  C:\Windows\System\AZcpOAu.exe
  2⤵
  PID:700
- C:\Windows\System\XuoxvZG.exe
  C:\Windows\System\XuoxvZG.exe
  2⤵
  PID:1408
- C:\Windows\System\OmzQRdK.exe
  C:\Windows\System\OmzQRdK.exe
  2⤵
  PID:1076
- C:\Windows\System\pvPjbpm.exe
  C:\Windows\System\pvPjbpm.exe
  2⤵
  PID:1732
- C:\Windows\System\VSIBvzj.exe
  C:\Windows\System\VSIBvzj.exe
  2⤵
  PID:1420
- C:\Windows\System\tOvHQEa.exe
  C:\Windows\System\tOvHQEa.exe
  2⤵
  PID:2484
- C:\Windows\System\XvnZWNY.exe
  C:\Windows\System\XvnZWNY.exe
  2⤵
  PID:1520
- C:\Windows\System\OnEyKJX.exe
  C:\Windows\System\OnEyKJX.exe
  2⤵
  PID:3060
- C:\Windows\System\cOcivFx.exe
  C:\Windows\System\cOcivFx.exe
  2⤵
  PID:2732
- C:\Windows\System\oILxsHx.exe
  C:\Windows\System\oILxsHx.exe
  2⤵
  PID:2864
- C:\Windows\System\nWolYKG.exe
  C:\Windows\System\nWolYKG.exe
  2⤵
  PID:2608
- C:\Windows\System\iZlaGfE.exe
  C:\Windows\System\iZlaGfE.exe
  2⤵
  PID:2628
- C:\Windows\System\lcBiWRL.exe
  C:\Windows\System\lcBiWRL.exe
  2⤵
  PID:2208
- C:\Windows\System\FMLvjCT.exe
  C:\Windows\System\FMLvjCT.exe
  2⤵
  PID:2160
- C:\Windows\System\WJPwMAm.exe
  C:\Windows\System\WJPwMAm.exe
  2⤵
  PID:1844
- C:\Windows\System\pjJRLCH.exe
  C:\Windows\System\pjJRLCH.exe
  2⤵
  PID:2132
- C:\Windows\System\hRsiWwD.exe
  C:\Windows\System\hRsiWwD.exe
  2⤵
  PID:2008
- C:\Windows\System\EYjXIsr.exe
  C:\Windows\System\EYjXIsr.exe
  2⤵
  PID:2232
- C:\Windows\System\ZEDkgMq.exe
  C:\Windows\System\ZEDkgMq.exe
  2⤵
  PID:768
- C:\Windows\System\SCjVqUH.exe
  C:\Windows\System\SCjVqUH.exe
  2⤵
  PID:1136
- C:\Windows\System\BVyBQNh.exe
  C:\Windows\System\BVyBQNh.exe
  2⤵
  PID:1892
- C:\Windows\System\xqAzhkB.exe
  C:\Windows\System\xqAzhkB.exe
  2⤵
  PID:2500
- C:\Windows\System\DhPXCMs.exe
  C:\Windows\System\DhPXCMs.exe
  2⤵
  PID:1988
- C:\Windows\System\bFJEVjL.exe
  C:\Windows\System\bFJEVjL.exe
  2⤵
  PID:300
- C:\Windows\System\NSQrvgx.exe
  C:\Windows\System\NSQrvgx.exe
  2⤵
  PID:544
- C:\Windows\System\NVDKCvS.exe
  C:\Windows\System\NVDKCvS.exe
  2⤵
  PID:2020
- C:\Windows\System\aZhVMBg.exe
  C:\Windows\System\aZhVMBg.exe
  2⤵
  PID:1516
- C:\Windows\System\uRrBnuA.exe
  C:\Windows\System\uRrBnuA.exe
  2⤵
  PID:3084
- C:\Windows\System\WttpGde.exe
  C:\Windows\System\WttpGde.exe
  2⤵
  PID:3104
- C:\Windows\System\OqSsVGZ.exe
  C:\Windows\System\OqSsVGZ.exe
  2⤵
  PID:3124
- C:\Windows\System\ZJvFjWi.exe
  C:\Windows\System\ZJvFjWi.exe
  2⤵
  PID:3144
- C:\Windows\System\ppOeKHE.exe
  C:\Windows\System\ppOeKHE.exe
  2⤵
  PID:3164
- C:\Windows\System\PaexKTo.exe
  C:\Windows\System\PaexKTo.exe
  2⤵
  PID:3184
- C:\Windows\System\sCLNThO.exe
  C:\Windows\System\sCLNThO.exe
  2⤵
  PID:3204
- C:\Windows\System\LXiUqaY.exe
  C:\Windows\System\LXiUqaY.exe
  2⤵
  PID:3224
- C:\Windows\System\FsAiRsp.exe
  C:\Windows\System\FsAiRsp.exe
  2⤵
  PID:3244
- C:\Windows\System\tmOVemj.exe
  C:\Windows\System\tmOVemj.exe
  2⤵
  PID:3264
- C:\Windows\System\tALGgNE.exe
  C:\Windows\System\tALGgNE.exe
  2⤵
  PID:3284
- C:\Windows\System\DvivXLp.exe
  C:\Windows\System\DvivXLp.exe
  2⤵
  PID:3304
- C:\Windows\System\RfjOcGE.exe
  C:\Windows\System\RfjOcGE.exe
  2⤵
  PID:3324
- C:\Windows\System\ydehTPu.exe
  C:\Windows\System\ydehTPu.exe
  2⤵
  PID:3344
- C:\Windows\System\FkWIcWd.exe
  C:\Windows\System\FkWIcWd.exe
  2⤵
  PID:3364
- C:\Windows\System\WHuJJEK.exe
  C:\Windows\System\WHuJJEK.exe
  2⤵
  PID:3384
- C:\Windows\System\gmXFHhM.exe
  C:\Windows\System\gmXFHhM.exe
  2⤵
  PID:3404
- C:\Windows\System\MRgTvdE.exe
  C:\Windows\System\MRgTvdE.exe
  2⤵
  PID:3424
- C:\Windows\System\rUaYHhv.exe
  C:\Windows\System\rUaYHhv.exe
  2⤵
  PID:3444
- C:\Windows\System\JJxNDxK.exe
  C:\Windows\System\JJxNDxK.exe
  2⤵
  PID:3464
- C:\Windows\System\urLNsDh.exe
  C:\Windows\System\urLNsDh.exe
  2⤵
  PID:3484
- C:\Windows\System\WAuTAvR.exe
  C:\Windows\System\WAuTAvR.exe
  2⤵
  PID:3504
- C:\Windows\System\pxRMQOC.exe
  C:\Windows\System\pxRMQOC.exe
  2⤵
  PID:3524
- C:\Windows\System\LUwRBxK.exe
  C:\Windows\System\LUwRBxK.exe
  2⤵
  PID:3544
- C:\Windows\System\nFBaFLq.exe
  C:\Windows\System\nFBaFLq.exe
  2⤵
  PID:3564
- C:\Windows\System\QaBKUPe.exe
  C:\Windows\System\QaBKUPe.exe
  2⤵
  PID:3584
- C:\Windows\System\rCrxZtC.exe
  C:\Windows\System\rCrxZtC.exe
  2⤵
  PID:3604
- C:\Windows\System\ZZrWgvz.exe
  C:\Windows\System\ZZrWgvz.exe
  2⤵
  PID:3624
- C:\Windows\System\jbxJGcF.exe
  C:\Windows\System\jbxJGcF.exe
  2⤵
  PID:3644
- C:\Windows\System\pGuQhUJ.exe
  C:\Windows\System\pGuQhUJ.exe
  2⤵
  PID:3664
- C:\Windows\System\CIhssuK.exe
  C:\Windows\System\CIhssuK.exe
  2⤵
  PID:3684
- C:\Windows\System\dicHSzF.exe
  C:\Windows\System\dicHSzF.exe
  2⤵
  PID:3704
- C:\Windows\System\ZJAACsP.exe
  C:\Windows\System\ZJAACsP.exe
  2⤵
  PID:3724
- C:\Windows\System\dXnnkyF.exe
  C:\Windows\System\dXnnkyF.exe
  2⤵
  PID:3744
- C:\Windows\System\XvesbZt.exe
  C:\Windows\System\XvesbZt.exe
  2⤵
  PID:3764
- C:\Windows\System\vcfKXvg.exe
  C:\Windows\System\vcfKXvg.exe
  2⤵
  PID:3784
- C:\Windows\System\HhmFOHU.exe
  C:\Windows\System\HhmFOHU.exe
  2⤵
  PID:3804
- C:\Windows\System\unHCwhY.exe
  C:\Windows\System\unHCwhY.exe
  2⤵
  PID:3824
- C:\Windows\System\FAvglVA.exe
  C:\Windows\System\FAvglVA.exe
  2⤵
  PID:3844
- C:\Windows\System\DbejvBM.exe
  C:\Windows\System\DbejvBM.exe
  2⤵
  PID:3864
- C:\Windows\System\NovzlkK.exe
  C:\Windows\System\NovzlkK.exe
  2⤵
  PID:3884
- C:\Windows\System\VfxNhuM.exe
  C:\Windows\System\VfxNhuM.exe
  2⤵
  PID:3904
- C:\Windows\System\cVEfrcL.exe
  C:\Windows\System\cVEfrcL.exe
  2⤵
  PID:3924
- C:\Windows\System\EtdsLJq.exe
  C:\Windows\System\EtdsLJq.exe
  2⤵
  PID:3944
- C:\Windows\System\jBGghXk.exe
  C:\Windows\System\jBGghXk.exe
  2⤵
  PID:3964
- C:\Windows\System\IEOERgc.exe
  C:\Windows\System\IEOERgc.exe
  2⤵
  PID:3984
- C:\Windows\System\NliwATP.exe
  C:\Windows\System\NliwATP.exe
  2⤵
  PID:4004
- C:\Windows\System\LMMJaBR.exe
  C:\Windows\System\LMMJaBR.exe
  2⤵
  PID:4024
- C:\Windows\System\wOEIhUj.exe
  C:\Windows\System\wOEIhUj.exe
  2⤵
  PID:4044
- C:\Windows\System\VXCxaXR.exe
  C:\Windows\System\VXCxaXR.exe
  2⤵
  PID:4064
- C:\Windows\System\rlqCplz.exe
  C:\Windows\System\rlqCplz.exe
  2⤵
  PID:4084
- C:\Windows\System\WYDHxff.exe
  C:\Windows\System\WYDHxff.exe
  2⤵
  PID:2520
- C:\Windows\System\LdmXtxX.exe
  C:\Windows\System\LdmXtxX.exe
  2⤵
  PID:2236
- C:\Windows\System\TqoTRnw.exe
  C:\Windows\System\TqoTRnw.exe
  2⤵
  PID:2836
- C:\Windows\System\NPbCzva.exe
  C:\Windows\System\NPbCzva.exe
  2⤵
  PID:1692
- C:\Windows\System\ECoIgnX.exe
  C:\Windows\System\ECoIgnX.exe
  2⤵
  PID:2688
- C:\Windows\System\zhWIPNy.exe
  C:\Windows\System\zhWIPNy.exe
  2⤵
  PID:1536
- C:\Windows\System\UPzZBzG.exe
  C:\Windows\System\UPzZBzG.exe
  2⤵
  PID:444
- C:\Windows\System\eSQpjQu.exe
  C:\Windows\System\eSQpjQu.exe
  2⤵
  PID:1792
- C:\Windows\System\byFmPCf.exe
  C:\Windows\System\byFmPCf.exe
  2⤵
  PID:3008
- C:\Windows\System\sOPxgDk.exe
  C:\Windows\System\sOPxgDk.exe
  2⤵
  PID:880
- C:\Windows\System\sOfLhfB.exe
  C:\Windows\System\sOfLhfB.exe
  2⤵
  PID:1668
- C:\Windows\System\sWmmBuN.exe
  C:\Windows\System\sWmmBuN.exe
  2⤵
  PID:1984
- C:\Windows\System\zJULlDn.exe
  C:\Windows\System\zJULlDn.exe
  2⤵
  PID:3112
- C:\Windows\System\TSmAlac.exe
  C:\Windows\System\TSmAlac.exe
  2⤵
  PID:3132
- C:\Windows\System\fPOscoX.exe
  C:\Windows\System\fPOscoX.exe
  2⤵
  PID:3156
- C:\Windows\System\RckkcRP.exe
  C:\Windows\System\RckkcRP.exe
  2⤵
  PID:3200
- C:\Windows\System\kxFdpts.exe
  C:\Windows\System\kxFdpts.exe
  2⤵
  PID:3232
- C:\Windows\System\zeAgMxe.exe
  C:\Windows\System\zeAgMxe.exe
  2⤵
  PID:3256
- C:\Windows\System\rsOkkfw.exe
  C:\Windows\System\rsOkkfw.exe
  2⤵
  PID:3312
- C:\Windows\System\jlmggyR.exe
  C:\Windows\System\jlmggyR.exe
  2⤵
  PID:3332
- C:\Windows\System\kjQSsuC.exe
  C:\Windows\System\kjQSsuC.exe
  2⤵
  PID:3356
- C:\Windows\System\WRQqStK.exe
  C:\Windows\System\WRQqStK.exe
  2⤵
  PID:3400
- C:\Windows\System\sCFvcVj.exe
  C:\Windows\System\sCFvcVj.exe
  2⤵
  PID:3420
- C:\Windows\System\mYtUbgn.exe
  C:\Windows\System\mYtUbgn.exe
  2⤵
  PID:3480
- C:\Windows\System\HSCQhGa.exe
  C:\Windows\System\HSCQhGa.exe
  2⤵
  PID:3500
- C:\Windows\System\PxQwZBU.exe
  C:\Windows\System\PxQwZBU.exe
  2⤵
  PID:3532
- C:\Windows\System\aWLqnKA.exe
  C:\Windows\System\aWLqnKA.exe
  2⤵
  PID:3556
- C:\Windows\System\tDuFwNq.exe
  C:\Windows\System\tDuFwNq.exe
  2⤵
  PID:3576
- C:\Windows\System\IibHiJL.exe
  C:\Windows\System\IibHiJL.exe
  2⤵
  PID:3640
- C:\Windows\System\uBYiORK.exe
  C:\Windows\System\uBYiORK.exe
  2⤵
  PID:3672
- C:\Windows\System\AwVcwwy.exe
  C:\Windows\System\AwVcwwy.exe
  2⤵
  PID:3692
- C:\Windows\System\tAkidZq.exe
  C:\Windows\System\tAkidZq.exe
  2⤵
  PID:3732
- C:\Windows\System\xgSdrhU.exe
  C:\Windows\System\xgSdrhU.exe
  2⤵
  PID:3756
- C:\Windows\System\expEVlC.exe
  C:\Windows\System\expEVlC.exe
  2⤵
  PID:3776
- C:\Windows\System\Diaaukj.exe
  C:\Windows\System\Diaaukj.exe
  2⤵
  PID:3832
- C:\Windows\System\QtZxJfL.exe
  C:\Windows\System\QtZxJfL.exe
  2⤵
  PID:3860
- C:\Windows\System\GBQgRgL.exe
  C:\Windows\System\GBQgRgL.exe
  2⤵
  PID:3912
- C:\Windows\System\ChTNQpO.exe
  C:\Windows\System\ChTNQpO.exe
  2⤵
  PID:3932
- C:\Windows\System\FWMNdsu.exe
  C:\Windows\System\FWMNdsu.exe
  2⤵
  PID:3936
- C:\Windows\System\rzUtnbc.exe
  C:\Windows\System\rzUtnbc.exe
  2⤵
  PID:4000
- C:\Windows\System\MhvcVRs.exe
  C:\Windows\System\MhvcVRs.exe
  2⤵
  PID:4040
- C:\Windows\System\kPqVGgC.exe
  C:\Windows\System\kPqVGgC.exe
  2⤵
  PID:4056
- C:\Windows\System\QtYEQvJ.exe
  C:\Windows\System\QtYEQvJ.exe
  2⤵
  PID:3064
- C:\Windows\System\dfdisHH.exe
  C:\Windows\System\dfdisHH.exe
  2⤵
  PID:3012
- C:\Windows\System\JmNOXMy.exe
  C:\Windows\System\JmNOXMy.exe
  2⤵
  PID:2596
- C:\Windows\System\dgBxlbK.exe
  C:\Windows\System\dgBxlbK.exe
  2⤵
  PID:2984
- C:\Windows\System\vlnDEzP.exe
  C:\Windows\System\vlnDEzP.exe
  2⤵
  PID:1312
- C:\Windows\System\TIGPzLz.exe
  C:\Windows\System\TIGPzLz.exe
  2⤵
  PID:376
- C:\Windows\System\nRYbnTj.exe
  C:\Windows\System\nRYbnTj.exe
  2⤵
  PID:2072
- C:\Windows\System\oTdXPyr.exe
  C:\Windows\System\oTdXPyr.exe
  2⤵
  PID:3080
- C:\Windows\System\BaPvtnf.exe
  C:\Windows\System\BaPvtnf.exe
  2⤵
  PID:3120
- C:\Windows\System\dnGTgPc.exe
  C:\Windows\System\dnGTgPc.exe
  2⤵
  PID:3160
- C:\Windows\System\BCTtDty.exe
  C:\Windows\System\BCTtDty.exe
  2⤵
  PID:3236
- C:\Windows\System\vUyYNar.exe
  C:\Windows\System\vUyYNar.exe
  2⤵
  PID:3292
- C:\Windows\System\vpmPXXT.exe
  C:\Windows\System\vpmPXXT.exe
  2⤵
  PID:3336
- C:\Windows\System\DOOfeoQ.exe
  C:\Windows\System\DOOfeoQ.exe
  2⤵
  PID:3412
- C:\Windows\System\AXCkRcK.exe
  C:\Windows\System\AXCkRcK.exe
  2⤵
  PID:3472
- C:\Windows\System\KyhVznA.exe
  C:\Windows\System\KyhVznA.exe
  2⤵
  PID:3476
- C:\Windows\System\ALSQpeD.exe
  C:\Windows\System\ALSQpeD.exe
  2⤵
  PID:3560
- C:\Windows\System\pyUwhFi.exe
  C:\Windows\System\pyUwhFi.exe
  2⤵
  PID:3620
- C:\Windows\System\rghJzDE.exe
  C:\Windows\System\rghJzDE.exe
  2⤵
  PID:3676
- C:\Windows\System\hrrLWLY.exe
  C:\Windows\System\hrrLWLY.exe
  2⤵
  PID:3792
- C:\Windows\System\CuYKGbo.exe
  C:\Windows\System\CuYKGbo.exe
  2⤵
  PID:3800
- C:\Windows\System\mIGgBVW.exe
  C:\Windows\System\mIGgBVW.exe
  2⤵
  PID:3852
- C:\Windows\System\HcEDcJl.exe
  C:\Windows\System\HcEDcJl.exe
  2⤵
  PID:3892
- C:\Windows\System\NtQTFVD.exe
  C:\Windows\System\NtQTFVD.exe
  2⤵
  PID:3956
- C:\Windows\System\eRBPHSA.exe
  C:\Windows\System\eRBPHSA.exe
  2⤵
  PID:4036
- C:\Windows\System\ZSDvLZz.exe
  C:\Windows\System\ZSDvLZz.exe
  2⤵
  PID:2324
- C:\Windows\System\CuQHhiQ.exe
  C:\Windows\System\CuQHhiQ.exe
  2⤵
  PID:4080
- C:\Windows\System\bBBYBkH.exe
  C:\Windows\System\bBBYBkH.exe
  2⤵
  PID:2908
- C:\Windows\System\UFYHPPR.exe
  C:\Windows\System\UFYHPPR.exe
  2⤵
  PID:2136
- C:\Windows\System\ENGCEty.exe
  C:\Windows\System\ENGCEty.exe
  2⤵
  PID:1412
- C:\Windows\System\twymELj.exe
  C:\Windows\System\twymELj.exe
  2⤵
  PID:3136
- C:\Windows\System\NFvxNUC.exe
  C:\Windows\System\NFvxNUC.exe
  2⤵
  PID:3360
- C:\Windows\System\HgXSlvs.exe
  C:\Windows\System\HgXSlvs.exe
  2⤵
  PID:3220
- C:\Windows\System\fjMiliZ.exe
  C:\Windows\System\fjMiliZ.exe
  2⤵
  PID:3516
- C:\Windows\System\ySSYYiy.exe
  C:\Windows\System\ySSYYiy.exe
  2⤵
  PID:3536
- C:\Windows\System\bLtDlHN.exe
  C:\Windows\System\bLtDlHN.exe
  2⤵
  PID:3592
- C:\Windows\System\zJSoCWl.exe
  C:\Windows\System\zJSoCWl.exe
  2⤵
  PID:3720
- C:\Windows\System\dnfmavN.exe
  C:\Windows\System\dnfmavN.exe
  2⤵
  PID:4112
- C:\Windows\System\KyaPDSQ.exe
  C:\Windows\System\KyaPDSQ.exe
  2⤵
  PID:4132
- C:\Windows\System\apsUUun.exe
  C:\Windows\System\apsUUun.exe
  2⤵
  PID:4156
- C:\Windows\System\dBiWsOM.exe
  C:\Windows\System\dBiWsOM.exe
  2⤵
  PID:4176
- C:\Windows\System\xjoAWxa.exe
  C:\Windows\System\xjoAWxa.exe
  2⤵
  PID:4200
- C:\Windows\System\epvgGWg.exe
  C:\Windows\System\epvgGWg.exe
  2⤵
  PID:4224
- C:\Windows\System\hqffYHU.exe
  C:\Windows\System\hqffYHU.exe
  2⤵
  PID:4244
- C:\Windows\System\tuQjDpw.exe
  C:\Windows\System\tuQjDpw.exe
  2⤵
  PID:4264
- C:\Windows\System\cyEBpqy.exe
  C:\Windows\System\cyEBpqy.exe
  2⤵
  PID:4284
- C:\Windows\System\OKtzgbF.exe
  C:\Windows\System\OKtzgbF.exe
  2⤵
  PID:4304
- C:\Windows\System\KFmNXEM.exe
  C:\Windows\System\KFmNXEM.exe
  2⤵
  PID:4332
- C:\Windows\System\rMSmgxf.exe
  C:\Windows\System\rMSmgxf.exe
  2⤵
  PID:4352
- C:\Windows\System\wGfkhGc.exe
  C:\Windows\System\wGfkhGc.exe
  2⤵
  PID:4372
- C:\Windows\System\aDOvmtU.exe
  C:\Windows\System\aDOvmtU.exe
  2⤵
  PID:4392
- C:\Windows\System\yAkHbWl.exe
  C:\Windows\System\yAkHbWl.exe
  2⤵
  PID:4412
- C:\Windows\System\XLCBjkO.exe
  C:\Windows\System\XLCBjkO.exe
  2⤵
  PID:4432
- C:\Windows\System\gaMrnBF.exe
  C:\Windows\System\gaMrnBF.exe
  2⤵
  PID:4452
- C:\Windows\System\IwqeUvv.exe
  C:\Windows\System\IwqeUvv.exe
  2⤵
  PID:4472
- C:\Windows\System\XiUWAWs.exe
  C:\Windows\System\XiUWAWs.exe
  2⤵
  PID:4492
- C:\Windows\System\JqUrTVV.exe
  C:\Windows\System\JqUrTVV.exe
  2⤵
  PID:4512
- C:\Windows\System\hMMeDVg.exe
  C:\Windows\System\hMMeDVg.exe
  2⤵
  PID:4532
- C:\Windows\System\BMCfcDU.exe
  C:\Windows\System\BMCfcDU.exe
  2⤵
  PID:4552
- C:\Windows\System\zliyAlA.exe
  C:\Windows\System\zliyAlA.exe
  2⤵
  PID:4572
- C:\Windows\System\xeTBzfQ.exe
  C:\Windows\System\xeTBzfQ.exe
  2⤵
  PID:4596
- C:\Windows\System\nHrQLZj.exe
  C:\Windows\System\nHrQLZj.exe
  2⤵
  PID:4616
- C:\Windows\System\mZaKfFf.exe
  C:\Windows\System\mZaKfFf.exe
  2⤵
  PID:4636
- C:\Windows\System\auRxYhf.exe
  C:\Windows\System\auRxYhf.exe
  2⤵
  PID:4656
- C:\Windows\System\kebfpfI.exe
  C:\Windows\System\kebfpfI.exe
  2⤵
  PID:4676
- C:\Windows\System\eSKKcfK.exe
  C:\Windows\System\eSKKcfK.exe
  2⤵
  PID:4696
- C:\Windows\System\qpDhdgH.exe
  C:\Windows\System\qpDhdgH.exe
  2⤵
  PID:4716
- C:\Windows\System\onObxnW.exe
  C:\Windows\System\onObxnW.exe
  2⤵
  PID:4736
- C:\Windows\System\zvzfJBi.exe
  C:\Windows\System\zvzfJBi.exe
  2⤵
  PID:4756
- C:\Windows\System\HOcFCWR.exe
  C:\Windows\System\HOcFCWR.exe
  2⤵
  PID:4776
- C:\Windows\System\pRhFwJI.exe
  C:\Windows\System\pRhFwJI.exe
  2⤵
  PID:4800
- C:\Windows\System\VMZhHVO.exe
  C:\Windows\System\VMZhHVO.exe
  2⤵
  PID:4820
- C:\Windows\System\FssudIF.exe
  C:\Windows\System\FssudIF.exe
  2⤵
  PID:4840
- C:\Windows\System\URkwsDN.exe
  C:\Windows\System\URkwsDN.exe
  2⤵
  PID:4860
- C:\Windows\System\oMhCtNw.exe
  C:\Windows\System\oMhCtNw.exe
  2⤵
  PID:4880
- C:\Windows\System\gZVSpBG.exe
  C:\Windows\System\gZVSpBG.exe
  2⤵
  PID:4900
- C:\Windows\System\cvzBiXb.exe
  C:\Windows\System\cvzBiXb.exe
  2⤵
  PID:4920
- C:\Windows\System\URWejtI.exe
  C:\Windows\System\URWejtI.exe
  2⤵
  PID:4940
- C:\Windows\System\CsTpUcn.exe
  C:\Windows\System\CsTpUcn.exe
  2⤵
  PID:4960
- C:\Windows\System\gZuqbiI.exe
  C:\Windows\System\gZuqbiI.exe
  2⤵
  PID:4980
- C:\Windows\System\VJHUglh.exe
  C:\Windows\System\VJHUglh.exe
  2⤵
  PID:5000
- C:\Windows\System\njySutM.exe
  C:\Windows\System\njySutM.exe
  2⤵
  PID:5020
- C:\Windows\System\DjxPGqn.exe
  C:\Windows\System\DjxPGqn.exe
  2⤵
  PID:5040
- C:\Windows\System\tIxTewC.exe
  C:\Windows\System\tIxTewC.exe
  2⤵
  PID:5060
- C:\Windows\System\HpEUbhI.exe
  C:\Windows\System\HpEUbhI.exe
  2⤵
  PID:5080
- C:\Windows\System\VNUNLAQ.exe
  C:\Windows\System\VNUNLAQ.exe
  2⤵
  PID:5100
- C:\Windows\System\sfPovsy.exe
  C:\Windows\System\sfPovsy.exe
  2⤵
  PID:3836
- C:\Windows\System\pWcTgYe.exe
  C:\Windows\System\pWcTgYe.exe
  2⤵
  PID:3872
- C:\Windows\System\KCUGbaw.exe
  C:\Windows\System\KCUGbaw.exe
  2⤵
  PID:3920
- C:\Windows\System\camBigK.exe
  C:\Windows\System\camBigK.exe
  2⤵
  PID:4052
- C:\Windows\System\mHtxaFo.exe
  C:\Windows\System\mHtxaFo.exe
  2⤵
  PID:2660
- C:\Windows\System\tBrRfxN.exe
  C:\Windows\System\tBrRfxN.exe
  2⤵
  PID:2180
- C:\Windows\System\oPYqJpm.exe
  C:\Windows\System\oPYqJpm.exe
  2⤵
  PID:940
- C:\Windows\System\epavwxu.exe
  C:\Windows\System\epavwxu.exe
  2⤵
  PID:3280
- C:\Windows\System\KGbQmud.exe
  C:\Windows\System\KGbQmud.exe
  2⤵
  PID:3512
- C:\Windows\System\TWkUNky.exe
  C:\Windows\System\TWkUNky.exe
  2⤵
  PID:3600
- C:\Windows\System\TxJhELv.exe
  C:\Windows\System\TxJhELv.exe
  2⤵
  PID:3660
- C:\Windows\System\TIukhFm.exe
  C:\Windows\System\TIukhFm.exe
  2⤵
  PID:4128
- C:\Windows\System\FqkESUZ.exe
  C:\Windows\System\FqkESUZ.exe
  2⤵
  PID:4172
- C:\Windows\System\FcHARTM.exe
  C:\Windows\System\FcHARTM.exe
  2⤵
  PID:4208
- C:\Windows\System\xzuhdpB.exe
  C:\Windows\System\xzuhdpB.exe
  2⤵
  PID:4240
- C:\Windows\System\yhnEaaW.exe
  C:\Windows\System\yhnEaaW.exe
  2⤵
  PID:4272
- C:\Windows\System\lTrNeRG.exe
  C:\Windows\System\lTrNeRG.exe
  2⤵
  PID:4296
- C:\Windows\System\tHJzYQI.exe
  C:\Windows\System\tHJzYQI.exe
  2⤵
  PID:4348
- C:\Windows\System\GTlnTqc.exe
  C:\Windows\System\GTlnTqc.exe
  2⤵
  PID:4364
- C:\Windows\System\NBmxAmk.exe
  C:\Windows\System\NBmxAmk.exe
  2⤵
  PID:4404
- C:\Windows\System\peNBiaG.exe
  C:\Windows\System\peNBiaG.exe
  2⤵
  PID:4448
- C:\Windows\System\bmieiUo.exe
  C:\Windows\System\bmieiUo.exe
  2⤵
  PID:4480
- C:\Windows\System\qqPYCYv.exe
  C:\Windows\System\qqPYCYv.exe
  2⤵
  PID:4504
- C:\Windows\System\eCRpBoE.exe
  C:\Windows\System\eCRpBoE.exe
  2⤵
  PID:4548
- C:\Windows\System\QCIfbzp.exe
  C:\Windows\System\QCIfbzp.exe
  2⤵
  PID:4588
- C:\Windows\System\RLyRxLo.exe
  C:\Windows\System\RLyRxLo.exe
  2⤵
  PID:4624
- C:\Windows\System\INquhwh.exe
  C:\Windows\System\INquhwh.exe
  2⤵
  PID:4652
- C:\Windows\System\RBWEntc.exe
  C:\Windows\System\RBWEntc.exe
  2⤵
  PID:4684
- C:\Windows\System\RLGfxqN.exe
  C:\Windows\System\RLGfxqN.exe
  2⤵
  PID:4708
- C:\Windows\System\RjpygXH.exe
  C:\Windows\System\RjpygXH.exe
  2⤵
  PID:4752
- C:\Windows\System\JvTfmzj.exe
  C:\Windows\System\JvTfmzj.exe
  2⤵
  PID:4796
- C:\Windows\System\IGJIuEn.exe
  C:\Windows\System\IGJIuEn.exe
  2⤵
  PID:4816
- C:\Windows\System\mnhTRYk.exe
  C:\Windows\System\mnhTRYk.exe
  2⤵
  PID:4856
- C:\Windows\System\ZNknWMN.exe
  C:\Windows\System\ZNknWMN.exe
  2⤵
  PID:4888
- C:\Windows\System\rEsYnTf.exe
  C:\Windows\System\rEsYnTf.exe
  2⤵
  PID:4912
- C:\Windows\System\ZczARao.exe
  C:\Windows\System\ZczARao.exe
  2⤵
  PID:4932
- C:\Windows\System\VlSNGTQ.exe
  C:\Windows\System\VlSNGTQ.exe
  2⤵
  PID:4996
- C:\Windows\System\rRUgVfr.exe
  C:\Windows\System\rRUgVfr.exe
  2⤵
  PID:5028
- C:\Windows\System\UyVCtYH.exe
  C:\Windows\System\UyVCtYH.exe
  2⤵
  PID:5056
- C:\Windows\System\XtXnmEJ.exe
  C:\Windows\System\XtXnmEJ.exe
  2⤵
  PID:5096
- C:\Windows\System\icpLdbI.exe
  C:\Windows\System\icpLdbI.exe
  2⤵
  PID:3736
- C:\Windows\System\RapUyxc.exe
  C:\Windows\System\RapUyxc.exe
  2⤵
  PID:3976
- C:\Windows\System\tlsRlPP.exe
  C:\Windows\System\tlsRlPP.exe
  2⤵
  PID:4020
- C:\Windows\System\uxtSUci.exe
  C:\Windows\System\uxtSUci.exe
  2⤵
  PID:2828
- C:\Windows\System\jyGfKpb.exe
  C:\Windows\System\jyGfKpb.exe
  2⤵
  PID:3316
- C:\Windows\System\NmOCFCf.exe
  C:\Windows\System\NmOCFCf.exe
  2⤵
  PID:3436
- C:\Windows\System\TVfheeX.exe
  C:\Windows\System\TVfheeX.exe
  2⤵
  PID:4120
- C:\Windows\System\UXsfPMS.exe
  C:\Windows\System\UXsfPMS.exe
  2⤵
  PID:4148
- C:\Windows\System\CCeYCRb.exe
  C:\Windows\System\CCeYCRb.exe
  2⤵
  PID:4184
- C:\Windows\System\XCQeKlV.exe
  C:\Windows\System\XCQeKlV.exe
  2⤵
  PID:4276
- C:\Windows\System\pkIBXam.exe
  C:\Windows\System\pkIBXam.exe
  2⤵
  PID:4320
- C:\Windows\System\mYGhZVo.exe
  C:\Windows\System\mYGhZVo.exe
  2⤵
  PID:4428
- C:\Windows\System\jHpHPZh.exe
  C:\Windows\System\jHpHPZh.exe
  2⤵
  PID:4444
- C:\Windows\System\gOAQlLj.exe
  C:\Windows\System\gOAQlLj.exe
  2⤵
  PID:4484
- C:\Windows\System\rRbBikt.exe
  C:\Windows\System\rRbBikt.exe
  2⤵
  PID:4524
- C:\Windows\System\QWMUHlQ.exe
  C:\Windows\System\QWMUHlQ.exe
  2⤵
  PID:4612
- C:\Windows\System\DWcMDbS.exe
  C:\Windows\System\DWcMDbS.exe
  2⤵
  PID:4712
- C:\Windows\System\Uylhtpk.exe
  C:\Windows\System\Uylhtpk.exe
  2⤵
  PID:4744
- C:\Windows\System\rUzTyMT.exe
  C:\Windows\System\rUzTyMT.exe
  2⤵
  PID:4788
- C:\Windows\System\bUIMLkS.exe
  C:\Windows\System\bUIMLkS.exe
  2⤵
  PID:4832
- C:\Windows\System\ZHaVUJR.exe
  C:\Windows\System\ZHaVUJR.exe
  2⤵
  PID:4892
- C:\Windows\System\LhHNMne.exe
  C:\Windows\System\LhHNMne.exe
  2⤵
  PID:4988
- C:\Windows\System\uApfMVH.exe
  C:\Windows\System\uApfMVH.exe
  2⤵
  PID:5036
- C:\Windows\System\xNsZQYC.exe
  C:\Windows\System\xNsZQYC.exe
  2⤵
  PID:5088
- C:\Windows\System\qHbLimo.exe
  C:\Windows\System\qHbLimo.exe
  2⤵
  PID:2780
- C:\Windows\System\oWRWpkk.exe
  C:\Windows\System\oWRWpkk.exe
  2⤵
  PID:4012
- C:\Windows\System\XBlZuBv.exe
  C:\Windows\System\XBlZuBv.exe
  2⤵
  PID:2052
- C:\Windows\System\ZRdULCG.exe
  C:\Windows\System\ZRdULCG.exe
  2⤵
  PID:3276
- C:\Windows\System\SUjqtNk.exe
  C:\Windows\System\SUjqtNk.exe
  2⤵
  PID:4196
- C:\Windows\System\fFwnyYp.exe
  C:\Windows\System\fFwnyYp.exe
  2⤵
  PID:4360
- C:\Windows\System\eVVWAJE.exe
  C:\Windows\System\eVVWAJE.exe
  2⤵
  PID:4316
- C:\Windows\System\RIXfiCK.exe
  C:\Windows\System\RIXfiCK.exe
  2⤵
  PID:4424
- C:\Windows\System\Jowfcro.exe
  C:\Windows\System\Jowfcro.exe
  2⤵
  PID:4580
- C:\Windows\System\iuYrTcT.exe
  C:\Windows\System\iuYrTcT.exe
  2⤵
  PID:5140
- C:\Windows\System\EvdXBje.exe
  C:\Windows\System\EvdXBje.exe
  2⤵
  PID:5160
- C:\Windows\System\rhnXSOO.exe
  C:\Windows\System\rhnXSOO.exe
  2⤵
  PID:5180
- C:\Windows\System\gQtYfHb.exe
  C:\Windows\System\gQtYfHb.exe
  2⤵
  PID:5200
- C:\Windows\System\ZlhZVMM.exe
  C:\Windows\System\ZlhZVMM.exe
  2⤵
  PID:5220
- C:\Windows\System\KVtTVDH.exe
  C:\Windows\System\KVtTVDH.exe
  2⤵
  PID:5240
- C:\Windows\System\fBRVlZv.exe
  C:\Windows\System\fBRVlZv.exe
  2⤵
  PID:5260
- C:\Windows\System\wDrlCCO.exe
  C:\Windows\System\wDrlCCO.exe
  2⤵
  PID:5280
- C:\Windows\System\ZOouepx.exe
  C:\Windows\System\ZOouepx.exe
  2⤵
  PID:5300
- C:\Windows\System\FAVAhtL.exe
  C:\Windows\System\FAVAhtL.exe
  2⤵
  PID:5320
- C:\Windows\System\scksCVb.exe
  C:\Windows\System\scksCVb.exe
  2⤵
  PID:5340
- C:\Windows\System\YELJgvz.exe
  C:\Windows\System\YELJgvz.exe
  2⤵
  PID:5360
- C:\Windows\System\QjNlxKl.exe
  C:\Windows\System\QjNlxKl.exe
  2⤵
  PID:5380
- C:\Windows\System\kuxfSsY.exe
  C:\Windows\System\kuxfSsY.exe
  2⤵
  PID:5400
- C:\Windows\System\NgUdAHy.exe
  C:\Windows\System\NgUdAHy.exe
  2⤵
  PID:5420
- C:\Windows\System\cWGQyMv.exe
  C:\Windows\System\cWGQyMv.exe
  2⤵
  PID:5440
- C:\Windows\System\RnzwVDD.exe
  C:\Windows\System\RnzwVDD.exe
  2⤵
  PID:5460
- C:\Windows\System\KIEUgrW.exe
  C:\Windows\System\KIEUgrW.exe
  2⤵
  PID:5480
- C:\Windows\System\xASGNOi.exe
  C:\Windows\System\xASGNOi.exe
  2⤵
  PID:5500
- C:\Windows\System\JEAqSeF.exe
  C:\Windows\System\JEAqSeF.exe
  2⤵
  PID:5524
- C:\Windows\System\qqpSyBm.exe
  C:\Windows\System\qqpSyBm.exe
  2⤵
  PID:5544
- C:\Windows\System\JWDvKpW.exe
  C:\Windows\System\JWDvKpW.exe
  2⤵
  PID:5564
- C:\Windows\System\RlTcpsF.exe
  C:\Windows\System\RlTcpsF.exe
  2⤵
  PID:5584
- C:\Windows\System\mDkCDuT.exe
  C:\Windows\System\mDkCDuT.exe
  2⤵
  PID:5604
- C:\Windows\System\LKTDzlV.exe
  C:\Windows\System\LKTDzlV.exe
  2⤵
  PID:5624
- C:\Windows\System\GkWAZJo.exe
  C:\Windows\System\GkWAZJo.exe
  2⤵
  PID:5644
- C:\Windows\System\IbiEYxh.exe
  C:\Windows\System\IbiEYxh.exe
  2⤵
  PID:5664
- C:\Windows\System\lsDRWeE.exe
  C:\Windows\System\lsDRWeE.exe
  2⤵
  PID:5684
- C:\Windows\System\lRZqews.exe
  C:\Windows\System\lRZqews.exe
  2⤵
  PID:5704
- C:\Windows\System\mqjJsLQ.exe
  C:\Windows\System\mqjJsLQ.exe
  2⤵
  PID:5724
- C:\Windows\System\cEJAcnm.exe
  C:\Windows\System\cEJAcnm.exe
  2⤵
  PID:5744
- C:\Windows\System\VwnQkzG.exe
  C:\Windows\System\VwnQkzG.exe
  2⤵
  PID:5764
- C:\Windows\System\AdXahxw.exe
  C:\Windows\System\AdXahxw.exe
  2⤵
  PID:5784
- C:\Windows\System\qKiGkXJ.exe
  C:\Windows\System\qKiGkXJ.exe
  2⤵
  PID:5804
- C:\Windows\System\lclLJkk.exe
  C:\Windows\System\lclLJkk.exe
  2⤵
  PID:5824
- C:\Windows\System\dpEraWI.exe
  C:\Windows\System\dpEraWI.exe
  2⤵
  PID:5844
- C:\Windows\System\ppCOSvj.exe
  C:\Windows\System\ppCOSvj.exe
  2⤵
  PID:5864
- C:\Windows\System\ZcecsAR.exe
  C:\Windows\System\ZcecsAR.exe
  2⤵
  PID:5884
- C:\Windows\System\WiBPoDL.exe
  C:\Windows\System\WiBPoDL.exe
  2⤵
  PID:5904
- C:\Windows\System\azaAEXn.exe
  C:\Windows\System\azaAEXn.exe
  2⤵
  PID:5924
- C:\Windows\System\drHOrlI.exe
  C:\Windows\System\drHOrlI.exe
  2⤵
  PID:5944
- C:\Windows\System\allXIUE.exe
  C:\Windows\System\allXIUE.exe
  2⤵
  PID:5964
- C:\Windows\System\uSgMipd.exe
  C:\Windows\System\uSgMipd.exe
  2⤵
  PID:5984
- C:\Windows\System\GlvWPOO.exe
  C:\Windows\System\GlvWPOO.exe
  2⤵
  PID:6004
- C:\Windows\System\eDTVfyh.exe
  C:\Windows\System\eDTVfyh.exe
  2⤵
  PID:6024
- C:\Windows\System\NbjOmYU.exe
  C:\Windows\System\NbjOmYU.exe
  2⤵
  PID:6044
- C:\Windows\System\GlcttiY.exe
  C:\Windows\System\GlcttiY.exe
  2⤵
  PID:6064
- C:\Windows\System\KoQnvDL.exe
  C:\Windows\System\KoQnvDL.exe
  2⤵
  PID:6084
- C:\Windows\System\IFJILcD.exe
  C:\Windows\System\IFJILcD.exe
  2⤵
  PID:6104
- C:\Windows\System\tqDJrPU.exe
  C:\Windows\System\tqDJrPU.exe
  2⤵
  PID:6124
- C:\Windows\System\jtVsmoj.exe
  C:\Windows\System\jtVsmoj.exe
  2⤵
  PID:4540
- C:\Windows\System\XyAdZnr.exe
  C:\Windows\System\XyAdZnr.exe
  2⤵
  PID:4632
- C:\Windows\System\PvNXCYU.exe
  C:\Windows\System\PvNXCYU.exe
  2⤵
  PID:4784
- C:\Windows\System\gMFnLTy.exe
  C:\Windows\System\gMFnLTy.exe
  2⤵
  PID:4808
- C:\Windows\System\eqaMgcA.exe
  C:\Windows\System\eqaMgcA.exe
  2⤵
  PID:4956
- C:\Windows\System\wTKWbhX.exe
  C:\Windows\System\wTKWbhX.exe
  2⤵
  PID:5108
- C:\Windows\System\FgJDJEv.exe
  C:\Windows\System\FgJDJEv.exe
  2⤵
  PID:5112
- C:\Windows\System\MCXrgpO.exe
  C:\Windows\System\MCXrgpO.exe
  2⤵
  PID:696
- C:\Windows\System\BVLsQyY.exe
  C:\Windows\System\BVLsQyY.exe
  2⤵
  PID:4108
- C:\Windows\System\zGDKOwM.exe
  C:\Windows\System\zGDKOwM.exe
  2⤵
  PID:4252
- C:\Windows\System\OtmaNFv.exe
  C:\Windows\System\OtmaNFv.exe
  2⤵
  PID:4508
- C:\Windows\System\LbAnTTs.exe
  C:\Windows\System\LbAnTTs.exe
  2⤵
  PID:5128
- C:\Windows\System\xRiGPqG.exe
  C:\Windows\System\xRiGPqG.exe
  2⤵
  PID:5152
- C:\Windows\System\jCUyPWV.exe
  C:\Windows\System\jCUyPWV.exe
  2⤵
  PID:5196
- C:\Windows\System\lDsgcZH.exe
  C:\Windows\System\lDsgcZH.exe
  2⤵
  PID:5212
- C:\Windows\System\hTeLSDA.exe
  C:\Windows\System\hTeLSDA.exe
  2⤵
  PID:5276
- C:\Windows\System\pzZfzAj.exe
  C:\Windows\System\pzZfzAj.exe
  2⤵
  PID:5308
- C:\Windows\System\shjKqCN.exe
  C:\Windows\System\shjKqCN.exe
  2⤵
  PID:5328
- C:\Windows\System\tyzUPEu.exe
  C:\Windows\System\tyzUPEu.exe
  2⤵
  PID:5352
- C:\Windows\System\pAQzZGC.exe
  C:\Windows\System\pAQzZGC.exe
  2⤵
  PID:5372
- C:\Windows\System\NnhpzIk.exe
  C:\Windows\System\NnhpzIk.exe
  2⤵
  PID:5436
- C:\Windows\System\ZEjBPhf.exe
  C:\Windows\System\ZEjBPhf.exe
  2⤵
  PID:5476
- C:\Windows\System\WUtLaHZ.exe
  C:\Windows\System\WUtLaHZ.exe
  2⤵
  PID:5496
- C:\Windows\System\snjjJJz.exe
  C:\Windows\System\snjjJJz.exe
  2⤵
  PID:5552
- C:\Windows\System\ePZDeOt.exe
  C:\Windows\System\ePZDeOt.exe
  2⤵
  PID:5592
- C:\Windows\System\oNkYCrX.exe
  C:\Windows\System\oNkYCrX.exe
  2⤵
  PID:5596
- C:\Windows\System\QsrStvg.exe
  C:\Windows\System\QsrStvg.exe
  2⤵
  PID:5616
- C:\Windows\System\meKOnzm.exe
  C:\Windows\System\meKOnzm.exe
  2⤵
  PID:5656
- C:\Windows\System\xZQUWiX.exe
  C:\Windows\System\xZQUWiX.exe
  2⤵
  PID:5712
- C:\Windows\System\PydaucW.exe
  C:\Windows\System\PydaucW.exe
  2⤵
  PID:5752
- C:\Windows\System\phiuzGO.exe
  C:\Windows\System\phiuzGO.exe
  2⤵
  PID:5772
- C:\Windows\System\AVAKeyc.exe
  C:\Windows\System\AVAKeyc.exe
  2⤵
  PID:5796
- C:\Windows\System\gEJEPtV.exe
  C:\Windows\System\gEJEPtV.exe
  2⤵
  PID:5816
- C:\Windows\System\hEbZmrN.exe
  C:\Windows\System\hEbZmrN.exe
  2⤵
  PID:5872
- C:\Windows\System\CCQXcta.exe
  C:\Windows\System\CCQXcta.exe
  2⤵
  PID:5896
- C:\Windows\System\EOrYKoL.exe
  C:\Windows\System\EOrYKoL.exe
  2⤵
  PID:5952
- C:\Windows\System\yJjyWkL.exe
  C:\Windows\System\yJjyWkL.exe
  2⤵
  PID:5992
- C:\Windows\System\VTnKGPo.exe
  C:\Windows\System\VTnKGPo.exe
  2⤵
  PID:5996
- C:\Windows\System\iFLXGzN.exe
  C:\Windows\System\iFLXGzN.exe
  2⤵
  PID:6040
- C:\Windows\System\xfhIKLB.exe
  C:\Windows\System\xfhIKLB.exe
  2⤵
  PID:6056
- C:\Windows\System\dbwoESY.exe
  C:\Windows\System\dbwoESY.exe
  2⤵
  PID:6100
- C:\Windows\System\bBSVlao.exe
  C:\Windows\System\bBSVlao.exe
  2⤵
  PID:4644
- C:\Windows\System\uZSSfCW.exe
  C:\Windows\System\uZSSfCW.exe
  2⤵
  PID:4672
- C:\Windows\System\mvtUYdH.exe
  C:\Windows\System\mvtUYdH.exe
  2⤵
  PID:4732
- C:\Windows\System\quNUMJo.exe
  C:\Windows\System\quNUMJo.exe
  2⤵
  PID:4876
- C:\Windows\System\eJJOzRm.exe
  C:\Windows\System\eJJOzRm.exe
  2⤵
  PID:4032
- C:\Windows\System\fRXrIiE.exe
  C:\Windows\System\fRXrIiE.exe
  2⤵
  PID:4140
- C:\Windows\System\HGGDKzj.exe
  C:\Windows\System\HGGDKzj.exe
  2⤵
  PID:4528
- C:\Windows\System\mcIuXCU.exe
  C:\Windows\System\mcIuXCU.exe
  2⤵
  PID:5132
- C:\Windows\System\nGGXdzj.exe
  C:\Windows\System\nGGXdzj.exe
  2⤵
  PID:5148
- C:\Windows\System\EkFzXdU.exe
  C:\Windows\System\EkFzXdU.exe
  2⤵
  PID:5216
- C:\Windows\System\mWNIPNl.exe
  C:\Windows\System\mWNIPNl.exe
  2⤵
  PID:5312
- C:\Windows\System\IfrSqCH.exe
  C:\Windows\System\IfrSqCH.exe
  2⤵
  PID:5336
- C:\Windows\System\pYSNCDx.exe
  C:\Windows\System\pYSNCDx.exe
  2⤵
  PID:5468
- C:\Windows\System\ctpdfcu.exe
  C:\Windows\System\ctpdfcu.exe
  2⤵
  PID:5452
- C:\Windows\System\oprUAKU.exe
  C:\Windows\System\oprUAKU.exe
  2⤵
  PID:5472
- C:\Windows\System\pNVobEH.exe
  C:\Windows\System\pNVobEH.exe
  2⤵
  PID:5600
- C:\Windows\System\Glqdxfy.exe
  C:\Windows\System\Glqdxfy.exe
  2⤵
  PID:5652
- C:\Windows\System\OkFKIsh.exe
  C:\Windows\System\OkFKIsh.exe
  2⤵
  PID:5732
- C:\Windows\System\KaPDzaF.exe
  C:\Windows\System\KaPDzaF.exe
  2⤵
  PID:5776
- C:\Windows\System\UThVSfL.exe
  C:\Windows\System\UThVSfL.exe
  2⤵
  PID:5820
- C:\Windows\System\UvQswKp.exe
  C:\Windows\System\UvQswKp.exe
  2⤵
  PID:5860
- C:\Windows\System\BuHGjIy.exe
  C:\Windows\System\BuHGjIy.exe
  2⤵
  PID:5932
- C:\Windows\System\cyOiKKZ.exe
  C:\Windows\System\cyOiKKZ.exe
  2⤵
  PID:5980
- C:\Windows\System\hTWhhGR.exe
  C:\Windows\System\hTWhhGR.exe
  2⤵
  PID:6020
- C:\Windows\System\NfhBoCt.exe
  C:\Windows\System\NfhBoCt.exe
  2⤵
  PID:6120
- C:\Windows\System\XMGLZof.exe
  C:\Windows\System\XMGLZof.exe
  2⤵
  PID:4628
- C:\Windows\System\EDlMpLI.exe
  C:\Windows\System\EDlMpLI.exe
  2⤵
  PID:4772
- C:\Windows\System\HBReHAZ.exe
  C:\Windows\System\HBReHAZ.exe
  2⤵
  PID:5116
- C:\Windows\System\EPBCAbs.exe
  C:\Windows\System\EPBCAbs.exe
  2⤵
  PID:3612
- C:\Windows\System\OpxMrfl.exe
  C:\Windows\System\OpxMrfl.exe
  2⤵
  PID:4500
- C:\Windows\System\RyPboFN.exe
  C:\Windows\System\RyPboFN.exe
  2⤵
  PID:5268
- C:\Windows\System\kBBVmoA.exe
  C:\Windows\System\kBBVmoA.exe
  2⤵
  PID:5296
- C:\Windows\System\oOBCTAs.exe
  C:\Windows\System\oOBCTAs.exe
  2⤵
  PID:5388
- C:\Windows\System\ZtzrVNC.exe
  C:\Windows\System\ZtzrVNC.exe
  2⤵
  PID:5512
- C:\Windows\System\WpUZXQZ.exe
  C:\Windows\System\WpUZXQZ.exe
  2⤵
  PID:5536
- C:\Windows\System\dAfUTnh.exe
  C:\Windows\System\dAfUTnh.exe
  2⤵
  PID:5716
- C:\Windows\System\IAsXDfo.exe
  C:\Windows\System\IAsXDfo.exe
  2⤵
  PID:6160
- C:\Windows\System\dDSFMpj.exe
  C:\Windows\System\dDSFMpj.exe
  2⤵
  PID:6180
- C:\Windows\System\PGlrQHO.exe
  C:\Windows\System\PGlrQHO.exe
  2⤵
  PID:6200
- C:\Windows\System\hwJAtxF.exe
  C:\Windows\System\hwJAtxF.exe
  2⤵
  PID:6220
- C:\Windows\System\ZbecINj.exe
  C:\Windows\System\ZbecINj.exe
  2⤵
  PID:6240
- C:\Windows\System\XvgkQCq.exe
  C:\Windows\System\XvgkQCq.exe
  2⤵
  PID:6260
- C:\Windows\System\XTTXaoL.exe
  C:\Windows\System\XTTXaoL.exe
  2⤵
  PID:6280
- C:\Windows\System\LjXYbXg.exe
  C:\Windows\System\LjXYbXg.exe
  2⤵
  PID:6300
- C:\Windows\System\FJCXoKl.exe
  C:\Windows\System\FJCXoKl.exe
  2⤵
  PID:6320
- C:\Windows\System\DMnwGtx.exe
  C:\Windows\System\DMnwGtx.exe
  2⤵
  PID:6340
- C:\Windows\System\ggCmwZt.exe
  C:\Windows\System\ggCmwZt.exe
  2⤵
  PID:6360
- C:\Windows\System\yWGzCGw.exe
  C:\Windows\System\yWGzCGw.exe
  2⤵
  PID:6380
- C:\Windows\System\ZcKKaoU.exe
  C:\Windows\System\ZcKKaoU.exe
  2⤵
  PID:6400
- C:\Windows\System\uutoNKt.exe
  C:\Windows\System\uutoNKt.exe
  2⤵
  PID:6420
- C:\Windows\System\SOIKYMe.exe
  C:\Windows\System\SOIKYMe.exe
  2⤵
  PID:6440
- C:\Windows\System\praZSpQ.exe
  C:\Windows\System\praZSpQ.exe
  2⤵
  PID:6460
- C:\Windows\System\YmmtTCX.exe
  C:\Windows\System\YmmtTCX.exe
  2⤵
  PID:6480
- C:\Windows\System\eFrYtGB.exe
  C:\Windows\System\eFrYtGB.exe
  2⤵
  PID:6500
- C:\Windows\System\kItaSpN.exe
  C:\Windows\System\kItaSpN.exe
  2⤵
  PID:6520
- C:\Windows\System\pzYTTrm.exe
  C:\Windows\System\pzYTTrm.exe
  2⤵
  PID:6540
- C:\Windows\System\uKEmgsQ.exe
  C:\Windows\System\uKEmgsQ.exe
  2⤵
  PID:6560
- C:\Windows\System\FBzVnQo.exe
  C:\Windows\System\FBzVnQo.exe
  2⤵
  PID:6580
- C:\Windows\System\GZvqrlx.exe
  C:\Windows\System\GZvqrlx.exe
  2⤵
  PID:6600
- C:\Windows\System\zDdUKYs.exe
  C:\Windows\System\zDdUKYs.exe
  2⤵
  PID:6620
- C:\Windows\System\uPOnRGW.exe
  C:\Windows\System\uPOnRGW.exe
  2⤵
  PID:6640
- C:\Windows\System\RLlhsdh.exe
  C:\Windows\System\RLlhsdh.exe
  2⤵
  PID:6660
- C:\Windows\System\xgmWmlW.exe
  C:\Windows\System\xgmWmlW.exe
  2⤵
  PID:6680
- C:\Windows\System\ZHiiwZc.exe
  C:\Windows\System\ZHiiwZc.exe
  2⤵
  PID:6700
- C:\Windows\System\cYbEXuL.exe
  C:\Windows\System\cYbEXuL.exe
  2⤵
  PID:6720
- C:\Windows\System\uVfPyCq.exe
  C:\Windows\System\uVfPyCq.exe
  2⤵
  PID:6740
- C:\Windows\System\kLqhscv.exe
  C:\Windows\System\kLqhscv.exe
  2⤵
  PID:6760
- C:\Windows\System\puCIzkd.exe
  C:\Windows\System\puCIzkd.exe
  2⤵
  PID:6780
- C:\Windows\System\Klrevpb.exe
  C:\Windows\System\Klrevpb.exe
  2⤵
  PID:6800
- C:\Windows\System\bAknxbD.exe
  C:\Windows\System\bAknxbD.exe
  2⤵
  PID:6820
- C:\Windows\System\mPguSrN.exe
  C:\Windows\System\mPguSrN.exe
  2⤵
  PID:6840
- C:\Windows\System\yEmqeiZ.exe
  C:\Windows\System\yEmqeiZ.exe
  2⤵
  PID:6860
- C:\Windows\System\aSjPOsn.exe
  C:\Windows\System\aSjPOsn.exe
  2⤵
  PID:6880
- C:\Windows\System\tgImWiu.exe
  C:\Windows\System\tgImWiu.exe
  2⤵
  PID:6900
- C:\Windows\System\NZXpOYb.exe
  C:\Windows\System\NZXpOYb.exe
  2⤵
  PID:6920
- C:\Windows\System\rGMlceD.exe
  C:\Windows\System\rGMlceD.exe
  2⤵
  PID:6940
- C:\Windows\System\qtdzWiA.exe
  C:\Windows\System\qtdzWiA.exe
  2⤵
  PID:6960
- C:\Windows\System\nywMekT.exe
  C:\Windows\System\nywMekT.exe
  2⤵
  PID:6980
- C:\Windows\System\iUXQqYF.exe
  C:\Windows\System\iUXQqYF.exe
  2⤵
  PID:7000
- C:\Windows\System\TEqZWMH.exe
  C:\Windows\System\TEqZWMH.exe
  2⤵
  PID:7020
- C:\Windows\System\rmbTLIz.exe
  C:\Windows\System\rmbTLIz.exe
  2⤵
  PID:7040
- C:\Windows\System\WNTQHUb.exe
  C:\Windows\System\WNTQHUb.exe
  2⤵
  PID:7060
- C:\Windows\System\pwCKNys.exe
  C:\Windows\System\pwCKNys.exe
  2⤵
  PID:7080
- C:\Windows\System\WmHAdsC.exe
  C:\Windows\System\WmHAdsC.exe
  2⤵
  PID:7100
- C:\Windows\System\ldUOVjF.exe
  C:\Windows\System\ldUOVjF.exe
  2⤵
  PID:7124
- C:\Windows\System\KpLLdoM.exe
  C:\Windows\System\KpLLdoM.exe
  2⤵
  PID:7144
- C:\Windows\System\zVSSgta.exe
  C:\Windows\System\zVSSgta.exe
  2⤵
  PID:7164
- C:\Windows\System\tRWrxbt.exe
  C:\Windows\System\tRWrxbt.exe
  2⤵
  PID:5800
- C:\Windows\System\ohycWRa.exe
  C:\Windows\System\ohycWRa.exe
  2⤵
  PID:5892
- C:\Windows\System\VCzvcBM.exe
  C:\Windows\System\VCzvcBM.exe
  2⤵
  PID:6072
- C:\Windows\System\fzsDpOj.exe
  C:\Windows\System\fzsDpOj.exe
  2⤵
  PID:6112
- C:\Windows\System\hHFsoQi.exe
  C:\Windows\System\hHFsoQi.exe
  2⤵
  PID:6136
- C:\Windows\System\DrLkNvf.exe
  C:\Windows\System\DrLkNvf.exe
  2⤵
  PID:4948
- C:\Windows\System\AXcNBvG.exe
  C:\Windows\System\AXcNBvG.exe
  2⤵
  PID:5188
- C:\Windows\System\kYVbnls.exe
  C:\Windows\System\kYVbnls.exe
  2⤵
  PID:5252
- C:\Windows\System\xlXQlMJ.exe
  C:\Windows\System\xlXQlMJ.exe
  2⤵
  PID:5448
- C:\Windows\System\WMYQOIX.exe
  C:\Windows\System\WMYQOIX.exe
  2⤵
  PID:5620
- C:\Windows\System\SRfwOaL.exe
  C:\Windows\System\SRfwOaL.exe
  2⤵
  PID:6152
- C:\Windows\System\gMHAkaQ.exe
  C:\Windows\System\gMHAkaQ.exe
  2⤵
  PID:6196
- C:\Windows\System\WJtFRcD.exe
  C:\Windows\System\WJtFRcD.exe
  2⤵
  PID:6228
- C:\Windows\System\EjPFbfk.exe
  C:\Windows\System\EjPFbfk.exe
  2⤵
  PID:6252
- C:\Windows\System\alSNuye.exe
  C:\Windows\System\alSNuye.exe
  2⤵
  PID:6296
- C:\Windows\System\GfqiyXc.exe
  C:\Windows\System\GfqiyXc.exe
  2⤵
  PID:6332
- C:\Windows\System\tuOaEph.exe
  C:\Windows\System\tuOaEph.exe
  2⤵
  PID:6352
- C:\Windows\System\mHogAQM.exe
  C:\Windows\System\mHogAQM.exe
  2⤵
  PID:6376
- C:\Windows\System\cFJBzuY.exe
  C:\Windows\System\cFJBzuY.exe
  2⤵
  PID:6412
- C:\Windows\System\vhlNDsh.exe
  C:\Windows\System\vhlNDsh.exe
  2⤵
  PID:6456
- C:\Windows\System\mJyKiqQ.exe
  C:\Windows\System\mJyKiqQ.exe
  2⤵
  PID:6508
- C:\Windows\System\gKmKFeN.exe
  C:\Windows\System\gKmKFeN.exe
  2⤵
  PID:6528
- C:\Windows\System\JdbwrTN.exe
  C:\Windows\System\JdbwrTN.exe
  2⤵
  PID:6552
- C:\Windows\System\gLPXFVf.exe
  C:\Windows\System\gLPXFVf.exe
  2⤵
  PID:6572
- C:\Windows\System\pALVuoY.exe
  C:\Windows\System\pALVuoY.exe
  2⤵
  PID:6616
- C:\Windows\System\ClSXwhn.exe
  C:\Windows\System\ClSXwhn.exe
  2⤵
  PID:6668
- C:\Windows\System\vfqLazD.exe
  C:\Windows\System\vfqLazD.exe
  2⤵
  PID:6708
- C:\Windows\System\VLVwOTj.exe
  C:\Windows\System\VLVwOTj.exe
  2⤵
  PID:6728
- C:\Windows\System\iIpaVsJ.exe
  C:\Windows\System\iIpaVsJ.exe
  2⤵
  PID:6736
- C:\Windows\System\YDEFFye.exe
  C:\Windows\System\YDEFFye.exe
  2⤵
  PID:6796
- C:\Windows\System\IruUlCz.exe
  C:\Windows\System\IruUlCz.exe
  2⤵
  PID:6812
- C:\Windows\System\fZwChMx.exe
  C:\Windows\System\fZwChMx.exe
  2⤵
  PID:6852
- C:\Windows\System\FXyIbjZ.exe
  C:\Windows\System\FXyIbjZ.exe
  2⤵
  PID:6908
- C:\Windows\System\gabSVFj.exe
  C:\Windows\System\gabSVFj.exe
  2⤵
  PID:6928
- C:\Windows\System\WBGBPYU.exe
  C:\Windows\System\WBGBPYU.exe
  2⤵
  PID:6952
- C:\Windows\System\uZioFFB.exe
  C:\Windows\System\uZioFFB.exe
  2⤵
  PID:6996
- C:\Windows\System\WQphAkt.exe
  C:\Windows\System\WQphAkt.exe
  2⤵
  PID:7028
- C:\Windows\System\KLUBBXp.exe
  C:\Windows\System\KLUBBXp.exe
  2⤵
  PID:7056
- C:\Windows\System\pCwbZHJ.exe
  C:\Windows\System\pCwbZHJ.exe
  2⤵
  PID:7096
- C:\Windows\System\uucHEju.exe
  C:\Windows\System\uucHEju.exe
  2⤵
  PID:7152
- C:\Windows\System\XDQNViK.exe
  C:\Windows\System\XDQNViK.exe
  2⤵
  PID:7136
- C:\Windows\System\PyhuPae.exe
  C:\Windows\System\PyhuPae.exe
  2⤵
  PID:5792
- C:\Windows\System\gZAiBFw.exe
  C:\Windows\System\gZAiBFw.exe
  2⤵
  PID:5960
- C:\Windows\System\OILbFGx.exe
  C:\Windows\System\OILbFGx.exe
  2⤵
  PID:4992
- C:\Windows\System\ctdeAzd.exe
  C:\Windows\System\ctdeAzd.exe
  2⤵
  PID:5172
- C:\Windows\System\ZxUqEEi.exe
  C:\Windows\System\ZxUqEEi.exe
  2⤵
  PID:5580
- C:\Windows\System\sJuWYze.exe
  C:\Windows\System\sJuWYze.exe
  2⤵
  PID:5376
- C:\Windows\System\lnHZQjH.exe
  C:\Windows\System\lnHZQjH.exe
  2⤵
  PID:6232
- C:\Windows\System\dvsudks.exe
  C:\Windows\System\dvsudks.exe
  2⤵
  PID:6256
- C:\Windows\System\mrNpiJy.exe
  C:\Windows\System\mrNpiJy.exe
  2⤵
  PID:6216
- C:\Windows\System\dLfJstq.exe
  C:\Windows\System\dLfJstq.exe
  2⤵
  PID:6336
- C:\Windows\System\PYtDqZy.exe
  C:\Windows\System\PYtDqZy.exe
  2⤵
  PID:6356
- C:\Windows\System\OXdboJr.exe
  C:\Windows\System\OXdboJr.exe
  2⤵
  PID:6428
- C:\Windows\System\yScfOeh.exe
  C:\Windows\System\yScfOeh.exe
  2⤵
  PID:6488
- C:\Windows\System\ARJljEB.exe
  C:\Windows\System\ARJljEB.exe
  2⤵
  PID:6536
- C:\Windows\System\UwlbnCJ.exe
  C:\Windows\System\UwlbnCJ.exe
  2⤵
  PID:6648
- C:\Windows\System\HDCPMjI.exe
  C:\Windows\System\HDCPMjI.exe
  2⤵
  PID:6716
- C:\Windows\System\JOSYKYC.exe
  C:\Windows\System\JOSYKYC.exe
  2⤵
  PID:6768
- C:\Windows\System\QbgAiSO.exe
  C:\Windows\System\QbgAiSO.exe
  2⤵
  PID:6752
- C:\Windows\System\zXZXXEI.exe
  C:\Windows\System\zXZXXEI.exe
  2⤵
  PID:6808
- C:\Windows\System\asIfflI.exe
  C:\Windows\System\asIfflI.exe
  2⤵
  PID:6976
- C:\Windows\System\lXfIfub.exe
  C:\Windows\System\lXfIfub.exe
  2⤵
  PID:6988
- C:\Windows\System\ofwHXcO.exe
  C:\Windows\System\ofwHXcO.exe
  2⤵
  PID:7008
- C:\Windows\System\DVICoNC.exe
  C:\Windows\System\DVICoNC.exe
  2⤵
  PID:7120
- C:\Windows\System\RqfmRaK.exe
  C:\Windows\System\RqfmRaK.exe
  2⤵
  PID:7092
- C:\Windows\System\EOqKmpH.exe
  C:\Windows\System\EOqKmpH.exe
  2⤵
  PID:1776
- C:\Windows\System\lDMVMJz.exe
  C:\Windows\System\lDMVMJz.exe
  2⤵
  PID:5920
- C:\Windows\System\oLvSNac.exe
  C:\Windows\System\oLvSNac.exe
  2⤵
  PID:4232
- C:\Windows\System\sDoNIxH.exe
  C:\Windows\System\sDoNIxH.exe
  2⤵
  PID:6172
- C:\Windows\System\czFHnVI.exe
  C:\Windows\System\czFHnVI.exe
  2⤵
  PID:6148
- C:\Windows\System\iPsggvU.exe
  C:\Windows\System\iPsggvU.exe
  2⤵
  PID:6212
- C:\Windows\System\fzAWYVi.exe
  C:\Windows\System\fzAWYVi.exe
  2⤵
  PID:6492
- C:\Windows\System\VZkTYeU.exe
  C:\Windows\System\VZkTYeU.exe
  2⤵
  PID:6468
- C:\Windows\System\tpRqbEN.exe
  C:\Windows\System\tpRqbEN.exe
  2⤵
  PID:6632
- C:\Windows\System\GOUbPmN.exe
  C:\Windows\System\GOUbPmN.exe
  2⤵
  PID:6676
- C:\Windows\System\xuCxpbR.exe
  C:\Windows\System\xuCxpbR.exe
  2⤵
  PID:6628
- C:\Windows\System\XcsBSBC.exe
  C:\Windows\System\XcsBSBC.exe
  2⤵
  PID:6856
- C:\Windows\System\ipehccO.exe
  C:\Windows\System\ipehccO.exe
  2⤵
  PID:6892
- C:\Windows\System\jlQrHnN.exe
  C:\Windows\System\jlQrHnN.exe
  2⤵
  PID:7012
- C:\Windows\System\tBIJekd.exe
  C:\Windows\System\tBIJekd.exe
  2⤵
  PID:7180
- C:\Windows\System\vYiiUiv.exe
  C:\Windows\System\vYiiUiv.exe
  2⤵
  PID:7200
- C:\Windows\System\UGfkzvJ.exe
  C:\Windows\System\UGfkzvJ.exe
  2⤵
  PID:7220
- C:\Windows\System\fDxXScz.exe
  C:\Windows\System\fDxXScz.exe
  2⤵
  PID:7236
- C:\Windows\System\fwTABmh.exe
  C:\Windows\System\fwTABmh.exe
  2⤵
  PID:7260
- C:\Windows\System\mFnULdc.exe
  C:\Windows\System\mFnULdc.exe
  2⤵
  PID:7280
- C:\Windows\System\pfICUTf.exe
  C:\Windows\System\pfICUTf.exe
  2⤵
  PID:7300
- C:\Windows\System\zxRvUxE.exe
  C:\Windows\System\zxRvUxE.exe
  2⤵
  PID:7320
- C:\Windows\System\yJZciBh.exe
  C:\Windows\System\yJZciBh.exe
  2⤵
  PID:7340
- C:\Windows\System\SwTcUrK.exe
  C:\Windows\System\SwTcUrK.exe
  2⤵
  PID:7364
- C:\Windows\System\YEfclmn.exe
  C:\Windows\System\YEfclmn.exe
  2⤵
  PID:7384
- C:\Windows\System\GMkvHef.exe
  C:\Windows\System\GMkvHef.exe
  2⤵
  PID:7404
- C:\Windows\System\KAVvMcm.exe
  C:\Windows\System\KAVvMcm.exe
  2⤵
  PID:7424
- C:\Windows\System\YDbyWPV.exe
  C:\Windows\System\YDbyWPV.exe
  2⤵
  PID:7440
- C:\Windows\System\zrhHDYy.exe
  C:\Windows\System\zrhHDYy.exe
  2⤵
  PID:7460
- C:\Windows\System\Tshcjax.exe
  C:\Windows\System\Tshcjax.exe
  2⤵
  PID:7484
- C:\Windows\System\UoZZrkZ.exe
  C:\Windows\System\UoZZrkZ.exe
  2⤵
  PID:7504
- C:\Windows\System\oTkhrUZ.exe
  C:\Windows\System\oTkhrUZ.exe
  2⤵
  PID:7524
- C:\Windows\System\eUratfm.exe
  C:\Windows\System\eUratfm.exe
  2⤵
  PID:7544
- C:\Windows\System\OhIRTnB.exe
  C:\Windows\System\OhIRTnB.exe
  2⤵
  PID:7564
- C:\Windows\System\hFRJfWL.exe
  C:\Windows\System\hFRJfWL.exe
  2⤵
  PID:7584
- C:\Windows\System\MzWCJZF.exe
  C:\Windows\System\MzWCJZF.exe
  2⤵
  PID:7600
- C:\Windows\System\pXuhxOu.exe
  C:\Windows\System\pXuhxOu.exe
  2⤵
  PID:7624
- C:\Windows\System\OgRYklU.exe
  C:\Windows\System\OgRYklU.exe
  2⤵
  PID:7644
- C:\Windows\System\LvUgcNa.exe
  C:\Windows\System\LvUgcNa.exe
  2⤵
  PID:7664
- C:\Windows\System\RLRNShi.exe
  C:\Windows\System\RLRNShi.exe
  2⤵
  PID:7684
- C:\Windows\System\OdxrSqI.exe
  C:\Windows\System\OdxrSqI.exe
  2⤵
  PID:7704
- C:\Windows\System\pOYxoKj.exe
  C:\Windows\System\pOYxoKj.exe
  2⤵
  PID:7724
- C:\Windows\System\WoneTFU.exe
  C:\Windows\System\WoneTFU.exe
  2⤵
  PID:7744
- C:\Windows\System\cVGwEuV.exe
  C:\Windows\System\cVGwEuV.exe
  2⤵
  PID:7764
- C:\Windows\System\aCNIlwz.exe
  C:\Windows\System\aCNIlwz.exe
  2⤵
  PID:7784
- C:\Windows\System\aMzBKIl.exe
  C:\Windows\System\aMzBKIl.exe
  2⤵
  PID:7804
- C:\Windows\System\ohYKOUw.exe
  C:\Windows\System\ohYKOUw.exe
  2⤵
  PID:7824
- C:\Windows\System\ODqoBxB.exe
  C:\Windows\System\ODqoBxB.exe
  2⤵
  PID:7844
- C:\Windows\System\uzRaESc.exe
  C:\Windows\System\uzRaESc.exe
  2⤵
  PID:7864
- C:\Windows\System\YPhiQXY.exe
  C:\Windows\System\YPhiQXY.exe
  2⤵
  PID:7884
- C:\Windows\System\bTLCqEz.exe
  C:\Windows\System\bTLCqEz.exe
  2⤵
  PID:7904
- C:\Windows\System\KWdUTwW.exe
  C:\Windows\System\KWdUTwW.exe
  2⤵
  PID:7924
- C:\Windows\System\ojjjiJM.exe
  C:\Windows\System\ojjjiJM.exe
  2⤵
  PID:7944
- C:\Windows\System\ASvezoy.exe
  C:\Windows\System\ASvezoy.exe
  2⤵
  PID:7964
- C:\Windows\System\oaUyqMt.exe
  C:\Windows\System\oaUyqMt.exe
  2⤵
  PID:7984
- C:\Windows\System\GiiHccv.exe
  C:\Windows\System\GiiHccv.exe
  2⤵
  PID:8004
- C:\Windows\System\nwaUZWu.exe
  C:\Windows\System\nwaUZWu.exe
  2⤵
  PID:8024
- C:\Windows\System\RYBwWXn.exe
  C:\Windows\System\RYBwWXn.exe
  2⤵
  PID:8044
- C:\Windows\System\EJXYWoe.exe
  C:\Windows\System\EJXYWoe.exe
  2⤵
  PID:8064
- C:\Windows\System\iwuAMSq.exe
  C:\Windows\System\iwuAMSq.exe
  2⤵
  PID:8080
- C:\Windows\System\uueANXa.exe
  C:\Windows\System\uueANXa.exe
  2⤵
  PID:8104
- C:\Windows\System\janSGEM.exe
  C:\Windows\System\janSGEM.exe
  2⤵
  PID:8124
- C:\Windows\System\wHPkLsi.exe
  C:\Windows\System\wHPkLsi.exe
  2⤵
  PID:8144
- C:\Windows\System\TICymzR.exe
  C:\Windows\System\TICymzR.exe
  2⤵
  PID:8164
- C:\Windows\System\FybfxcY.exe
  C:\Windows\System\FybfxcY.exe
  2⤵
  PID:8184
- C:\Windows\System\JxUAFCj.exe
  C:\Windows\System\JxUAFCj.exe
  2⤵
  PID:5840
- C:\Windows\System\QzqnZZu.exe
  C:\Windows\System\QzqnZZu.exe
  2⤵
  PID:6032
- C:\Windows\System\LlcwOBP.exe
  C:\Windows\System\LlcwOBP.exe
  2⤵
  PID:5176
- C:\Windows\System\wLiTWdS.exe
  C:\Windows\System\wLiTWdS.exe
  2⤵
  PID:6396
- C:\Windows\System\hSWWnAY.exe
  C:\Windows\System\hSWWnAY.exe
  2⤵
  PID:6316
- C:\Windows\System\itUgkmj.exe
  C:\Windows\System\itUgkmj.exe
  2⤵
  PID:6348
- C:\Windows\System\zVBkHPs.exe
  C:\Windows\System\zVBkHPs.exe
  2⤵
  PID:6848
- C:\Windows\System\czITnIH.exe
  C:\Windows\System\czITnIH.exe
  2⤵
  PID:6756
- C:\Windows\System\wywvJYJ.exe
  C:\Windows\System\wywvJYJ.exe
  2⤵
  PID:7176
- C:\Windows\System\gFUODxr.exe
  C:\Windows\System\gFUODxr.exe
  2⤵
  PID:7188
- C:\Windows\System\hSyUpuY.exe
  C:\Windows\System\hSyUpuY.exe
  2⤵
  PID:7196
- C:\Windows\System\OERNOsx.exe
  C:\Windows\System\OERNOsx.exe
  2⤵
  PID:7232
- C:\Windows\System\hLHxGcz.exe
  C:\Windows\System\hLHxGcz.exe
  2⤵
  PID:7296
- C:\Windows\System\hOISAkK.exe
  C:\Windows\System\hOISAkK.exe
  2⤵
  PID:7328
- C:\Windows\System\beSqoxS.exe
  C:\Windows\System\beSqoxS.exe
  2⤵
  PID:7372
- C:\Windows\System\HWPXVmd.exe
  C:\Windows\System\HWPXVmd.exe
  2⤵
  PID:7392
- C:\Windows\System\pFFKWlr.exe
  C:\Windows\System\pFFKWlr.exe
  2⤵
  PID:7416
- C:\Windows\System\wXlMcDn.exe
  C:\Windows\System\wXlMcDn.exe
  2⤵
  PID:7436
- C:\Windows\System\abpInBT.exe
  C:\Windows\System\abpInBT.exe
  2⤵
  PID:7480
- C:\Windows\System\UhLvHfH.exe
  C:\Windows\System\UhLvHfH.exe
  2⤵
  PID:7520
- C:\Windows\System\ywodnDL.exe
  C:\Windows\System\ywodnDL.exe
  2⤵
  PID:7572
- C:\Windows\System\bAOwQub.exe
  C:\Windows\System\bAOwQub.exe
  2⤵
  PID:7576
- C:\Windows\System\CnHIKBq.exe
  C:\Windows\System\CnHIKBq.exe
  2⤵
  PID:7592
- C:\Windows\System\yFCLVrO.exe
  C:\Windows\System\yFCLVrO.exe
  2⤵
  PID:7636
- C:\Windows\System\kWwkFsx.exe
  C:\Windows\System\kWwkFsx.exe
  2⤵
  PID:7680
- C:\Windows\System\WQqejHP.exe
  C:\Windows\System\WQqejHP.exe
  2⤵
  PID:7732
- C:\Windows\System\GANtqyl.exe
  C:\Windows\System\GANtqyl.exe
  2⤵
  PID:7716
- C:\Windows\System\swVZeIs.exe
  C:\Windows\System\swVZeIs.exe
  2⤵
  PID:7760
- C:\Windows\System\BWDnYWG.exe
  C:\Windows\System\BWDnYWG.exe
  2⤵
  PID:7820
- C:\Windows\System\pWXnfjF.exe
  C:\Windows\System\pWXnfjF.exe
  2⤵
  PID:7840
- C:\Windows\System\RrKcAEb.exe
  C:\Windows\System\RrKcAEb.exe
  2⤵
  PID:7872
- C:\Windows\System\FEZZjQY.exe
  C:\Windows\System\FEZZjQY.exe
  2⤵
  PID:7896
- C:\Windows\System\ZsOfUwU.exe
  C:\Windows\System\ZsOfUwU.exe
  2⤵
  PID:7940
- C:\Windows\System\TRHeCqW.exe
  C:\Windows\System\TRHeCqW.exe
  2⤵
  PID:7972
- C:\Windows\System\UsBNNRl.exe
  C:\Windows\System\UsBNNRl.exe
  2⤵
  PID:7992
- C:\Windows\System\vwjtubF.exe
  C:\Windows\System\vwjtubF.exe
  2⤵
  PID:8036
- C:\Windows\System\zLzLZDu.exe
  C:\Windows\System\zLzLZDu.exe
  2⤵
  PID:8072
- C:\Windows\System\VOFMcDV.exe
  C:\Windows\System\VOFMcDV.exe
  2⤵
  PID:8096
- C:\Windows\System\MjGegHb.exe
  C:\Windows\System\MjGegHb.exe
  2⤵
  PID:8116
- C:\Windows\System\lDyQLGC.exe
  C:\Windows\System\lDyQLGC.exe
  2⤵
  PID:8160
- C:\Windows\System\tmXhIEs.exe
  C:\Windows\System\tmXhIEs.exe
  2⤵
  PID:6060
- C:\Windows\System\YxjaVnx.exe
  C:\Windows\System\YxjaVnx.exe
  2⤵
  PID:4400
- C:\Windows\System\ozQBTqh.exe
  C:\Windows\System\ozQBTqh.exe
  2⤵
  PID:6408
- C:\Windows\System\ySuvDvl.exe
  C:\Windows\System\ySuvDvl.exe
  2⤵
  PID:6392
- C:\Windows\System\MVRmHls.exe
  C:\Windows\System\MVRmHls.exe
  2⤵
  PID:6956
- C:\Windows\System\wlPbCNk.exe
  C:\Windows\System\wlPbCNk.exe
  2⤵
  PID:7032
- C:\Windows\System\aHQfVLn.exe
  C:\Windows\System\aHQfVLn.exe
  2⤵
  PID:7248
- C:\Windows\System\TtKvhwv.exe
  C:\Windows\System\TtKvhwv.exe
  2⤵
  PID:7316
- C:\Windows\System\pHTYUOk.exe
  C:\Windows\System\pHTYUOk.exe
  2⤵
  PID:7288
- C:\Windows\System\CeAzPua.exe
  C:\Windows\System\CeAzPua.exe
  2⤵
  PID:7412
- C:\Windows\System\TASAEUJ.exe
  C:\Windows\System\TASAEUJ.exe
  2⤵
  PID:7496
- C:\Windows\System\NtFRQSs.exe
  C:\Windows\System\NtFRQSs.exe
  2⤵
  PID:7500
- C:\Windows\System\mBPtFZe.exe
  C:\Windows\System\mBPtFZe.exe
  2⤵
  PID:7640
- C:\Windows\System\AjRjcqs.exe
  C:\Windows\System\AjRjcqs.exe
  2⤵
  PID:7608
- C:\Windows\System\XFivAnQ.exe
  C:\Windows\System\XFivAnQ.exe
  2⤵
  PID:7712
- C:\Windows\System\WlofyvZ.exe
  C:\Windows\System\WlofyvZ.exe
  2⤵
  PID:7772
- C:\Windows\System\gKeyORx.exe
  C:\Windows\System\gKeyORx.exe
  2⤵
  PID:7852
- C:\Windows\System\bkBypSh.exe
  C:\Windows\System\bkBypSh.exe
  2⤵
  PID:7812
- C:\Windows\System\uiZBQvA.exe
  C:\Windows\System\uiZBQvA.exe
  2⤵
  PID:7900
- C:\Windows\System\vNQyMeK.exe
  C:\Windows\System\vNQyMeK.exe
  2⤵
  PID:8032
- C:\Windows\System\qMvJZgl.exe
  C:\Windows\System\qMvJZgl.exe
  2⤵
  PID:7916
- C:\Windows\System\FcQKJki.exe
  C:\Windows\System\FcQKJki.exe
  2⤵
  PID:8100
- C:\Windows\System\jqmzfKG.exe
  C:\Windows\System\jqmzfKG.exe
  2⤵
  PID:8056
- C:\Windows\System\SraTbfg.exe
  C:\Windows\System\SraTbfg.exe
  2⤵
  PID:8176
- C:\Windows\System\HvMQOSt.exe
  C:\Windows\System\HvMQOSt.exe
  2⤵
  PID:6176
- C:\Windows\System\rfoJeiW.exe
  C:\Windows\System\rfoJeiW.exe
  2⤵
  PID:6272
- C:\Windows\System\XBNbLCb.exe
  C:\Windows\System\XBNbLCb.exe
  2⤵
  PID:6516
- C:\Windows\System\jUPsabN.exe
  C:\Windows\System\jUPsabN.exe
  2⤵
  PID:6896
- C:\Windows\System\tTlQAAJ.exe
  C:\Windows\System\tTlQAAJ.exe
  2⤵
  PID:2536
- C:\Windows\System\SRLaLac.exe
  C:\Windows\System\SRLaLac.exe
  2⤵
  PID:7244
- C:\Windows\System\EZWhEdu.exe
  C:\Windows\System\EZWhEdu.exe
  2⤵
  PID:7532
- C:\Windows\System\IQgXegx.exe
  C:\Windows\System\IQgXegx.exe
  2⤵
  PID:7540
- C:\Windows\System\lLjcLYb.exe
  C:\Windows\System\lLjcLYb.exe
  2⤵
  PID:7656
- C:\Windows\System\qAaVCqT.exe
  C:\Windows\System\qAaVCqT.exe
  2⤵
  PID:7620
- C:\Windows\System\sxtzfkt.exe
  C:\Windows\System\sxtzfkt.exe
  2⤵
  PID:7792
- C:\Windows\System\qGzmgam.exe
  C:\Windows\System\qGzmgam.exe
  2⤵
  PID:7996
- C:\Windows\System\bPsPsBe.exe
  C:\Windows\System\bPsPsBe.exe
  2⤵
  PID:7956
- C:\Windows\System\mBpmONu.exe
  C:\Windows\System\mBpmONu.exe
  2⤵
  PID:7912
- C:\Windows\System\GkBcwzL.exe
  C:\Windows\System\GkBcwzL.exe
  2⤵
  PID:8136
- C:\Windows\System\SVVFpKF.exe
  C:\Windows\System\SVVFpKF.exe
  2⤵
  PID:6576
- C:\Windows\System\lSxzynt.exe
  C:\Windows\System\lSxzynt.exe
  2⤵
  PID:6588
- C:\Windows\System\JCGJzxy.exe
  C:\Windows\System\JCGJzxy.exe
  2⤵
  PID:7336
- C:\Windows\System\fsNgeYS.exe
  C:\Windows\System\fsNgeYS.exe
  2⤵
  PID:8200
- C:\Windows\System\juheCdA.exe
  C:\Windows\System\juheCdA.exe
  2⤵
  PID:8220
- C:\Windows\System\mosahKR.exe
  C:\Windows\System\mosahKR.exe
  2⤵
  PID:8240
- C:\Windows\System\GGrLuqk.exe
  C:\Windows\System\GGrLuqk.exe
  2⤵
  PID:8260
- C:\Windows\System\FSftsZw.exe
  C:\Windows\System\FSftsZw.exe
  2⤵
  PID:8280
- C:\Windows\System\BwvSQoN.exe
  C:\Windows\System\BwvSQoN.exe
  2⤵
  PID:8300
- C:\Windows\System\xIFmwjA.exe
  C:\Windows\System\xIFmwjA.exe
  2⤵
  PID:8316
- C:\Windows\System\wdlLTNd.exe
  C:\Windows\System\wdlLTNd.exe
  2⤵
  PID:8340
- C:\Windows\System\JXqYBBE.exe
  C:\Windows\System\JXqYBBE.exe
  2⤵
  PID:8360
- C:\Windows\System\kUGNduA.exe
  C:\Windows\System\kUGNduA.exe
  2⤵
  PID:8380
- C:\Windows\System\BTiRYmA.exe
  C:\Windows\System\BTiRYmA.exe
  2⤵
  PID:8400
- C:\Windows\System\mlrsCbQ.exe
  C:\Windows\System\mlrsCbQ.exe
  2⤵
  PID:8420
- C:\Windows\System\hfbwKmC.exe
  C:\Windows\System\hfbwKmC.exe
  2⤵
  PID:8436
- C:\Windows\System\siNzUWK.exe
  C:\Windows\System\siNzUWK.exe
  2⤵
  PID:8460
- C:\Windows\System\yogpGPB.exe
  C:\Windows\System\yogpGPB.exe
  2⤵
  PID:8480
- C:\Windows\System\HxlMCkP.exe
  C:\Windows\System\HxlMCkP.exe
  2⤵
  PID:8500
- C:\Windows\System\ITVfHKh.exe
  C:\Windows\System\ITVfHKh.exe
  2⤵
  PID:8520
- C:\Windows\System\mwYvcmS.exe
  C:\Windows\System\mwYvcmS.exe
  2⤵
  PID:8540
- C:\Windows\System\JZfreqp.exe
  C:\Windows\System\JZfreqp.exe
  2⤵
  PID:8560
- C:\Windows\System\fTtfuKk.exe
  C:\Windows\System\fTtfuKk.exe
  2⤵
  PID:8580
- C:\Windows\System\jDmpzuy.exe
  C:\Windows\System\jDmpzuy.exe
  2⤵
  PID:8600
- C:\Windows\System\FLdPvuI.exe
  C:\Windows\System\FLdPvuI.exe
  2⤵
  PID:8620
- C:\Windows\System\DLXjBNL.exe
  C:\Windows\System\DLXjBNL.exe
  2⤵
  PID:8640
- C:\Windows\System\FabPwro.exe
  C:\Windows\System\FabPwro.exe
  2⤵
  PID:8660
- C:\Windows\System\RwUZVVY.exe
  C:\Windows\System\RwUZVVY.exe
  2⤵
  PID:8680
- C:\Windows\System\lnOvOgh.exe
  C:\Windows\System\lnOvOgh.exe
  2⤵
  PID:8700
- C:\Windows\System\rdUTXKm.exe
  C:\Windows\System\rdUTXKm.exe
  2⤵
  PID:8720
- C:\Windows\System\dTbvQtZ.exe
  C:\Windows\System\dTbvQtZ.exe
  2⤵
  PID:8740
- C:\Windows\System\QjBkGID.exe
  C:\Windows\System\QjBkGID.exe
  2⤵
  PID:8760
- C:\Windows\System\McxKJVA.exe
  C:\Windows\System\McxKJVA.exe
  2⤵
  PID:8780
- C:\Windows\System\tXAbREp.exe
  C:\Windows\System\tXAbREp.exe
  2⤵
  PID:8800
- C:\Windows\System\URplBdG.exe
  C:\Windows\System\URplBdG.exe
  2⤵
  PID:8820
- C:\Windows\System\MbVHUXs.exe
  C:\Windows\System\MbVHUXs.exe
  2⤵
  PID:8840
- C:\Windows\System\tijAKEK.exe
  C:\Windows\System\tijAKEK.exe
  2⤵
  PID:8860
- C:\Windows\System\gjsEyRe.exe
  C:\Windows\System\gjsEyRe.exe
  2⤵
  PID:8884
- C:\Windows\System\UFIspBL.exe
  C:\Windows\System\UFIspBL.exe
  2⤵
  PID:8904
- C:\Windows\System\DNBFRIq.exe
  C:\Windows\System\DNBFRIq.exe
  2⤵
  PID:8920
- C:\Windows\System\dnHJiQH.exe
  C:\Windows\System\dnHJiQH.exe
  2⤵
  PID:8936
- C:\Windows\System\eYOVXiF.exe
  C:\Windows\System\eYOVXiF.exe
  2⤵
  PID:8960
- C:\Windows\System\RvnGpLn.exe
  C:\Windows\System\RvnGpLn.exe
  2⤵
  PID:8980
- C:\Windows\System\nGjtKMl.exe
  C:\Windows\System\nGjtKMl.exe
  2⤵
  PID:9004
- C:\Windows\System\urCsMYB.exe
  C:\Windows\System\urCsMYB.exe
  2⤵
  PID:9024
- C:\Windows\System\qYdyuce.exe
  C:\Windows\System\qYdyuce.exe
  2⤵
  PID:9044
- C:\Windows\System\HybOJwd.exe
  C:\Windows\System\HybOJwd.exe
  2⤵
  PID:9060
- C:\Windows\System\OFVyRfY.exe
  C:\Windows\System\OFVyRfY.exe
  2⤵
  PID:9084
- C:\Windows\System\Umuznjw.exe
  C:\Windows\System\Umuznjw.exe
  2⤵
  PID:9104
- C:\Windows\System\vJHFksE.exe
  C:\Windows\System\vJHFksE.exe
  2⤵
  PID:9124
- C:\Windows\System\dfeAURk.exe
  C:\Windows\System\dfeAURk.exe
  2⤵
  PID:9144
- C:\Windows\System\nXoBvqb.exe
  C:\Windows\System\nXoBvqb.exe
  2⤵
  PID:9160
- C:\Windows\System\MoQmaUL.exe
  C:\Windows\System\MoQmaUL.exe
  2⤵
  PID:9176
- C:\Windows\System\VyOozoZ.exe
  C:\Windows\System\VyOozoZ.exe
  2⤵
  PID:9192
- C:\Windows\System\bofKgvh.exe
  C:\Windows\System\bofKgvh.exe
  2⤵
  PID:9208
- C:\Windows\System\MSWYlWa.exe
  C:\Windows\System\MSWYlWa.exe
  2⤵
  PID:7268
- C:\Windows\System\xjumLsz.exe
  C:\Windows\System\xjumLsz.exe
  2⤵
  PID:7396
- C:\Windows\System\QoGSqmz.exe
  C:\Windows\System\QoGSqmz.exe
  2⤵
  PID:7556
- C:\Windows\System\OjrNlZw.exe
  C:\Windows\System\OjrNlZw.exe
  2⤵
  PID:7692
- C:\Windows\System\jvBkwhH.exe
  C:\Windows\System\jvBkwhH.exe
  2⤵
  PID:7800
- C:\Windows\System\TRFZTOt.exe
  C:\Windows\System\TRFZTOt.exe
  2⤵
  PID:7920
- C:\Windows\System\meSLRuP.exe
  C:\Windows\System\meSLRuP.exe
  2⤵
  PID:7796
- C:\Windows\System\DeYGuyL.exe
  C:\Windows\System\DeYGuyL.exe
  2⤵
  PID:7088
- C:\Windows\System\UmYDKqO.exe
  C:\Windows\System\UmYDKqO.exe
  2⤵
  PID:8112
- C:\Windows\System\iuVuohx.exe
  C:\Windows\System\iuVuohx.exe
  2⤵
  PID:8216
- C:\Windows\System\wFQwzYN.exe
  C:\Windows\System\wFQwzYN.exe
  2⤵
  PID:8228
- C:\Windows\System\gdPzjqr.exe
  C:\Windows\System\gdPzjqr.exe
  2⤵
  PID:8256
- C:\Windows\System\pGmurgo.exe
  C:\Windows\System\pGmurgo.exe
  2⤵
  PID:8268
- C:\Windows\System\QQLhWhC.exe
  C:\Windows\System\QQLhWhC.exe
  2⤵
  PID:8324
- C:\Windows\System\Divnlsv.exe
  C:\Windows\System\Divnlsv.exe
  2⤵
  PID:8332
- C:\Windows\System\YhDNyHN.exe
  C:\Windows\System\YhDNyHN.exe
  2⤵
  PID:8372
- C:\Windows\System\aCaXrfj.exe
  C:\Windows\System\aCaXrfj.exe
  2⤵
  PID:8416
- C:\Windows\System\heJcdKT.exe
  C:\Windows\System\heJcdKT.exe
  2⤵
  PID:8444
- C:\Windows\System\kpJaLtF.exe
  C:\Windows\System\kpJaLtF.exe
  2⤵
  PID:8432
- C:\Windows\System\NChtfAp.exe
  C:\Windows\System\NChtfAp.exe
  2⤵
  PID:8468
- C:\Windows\System\sccdaZj.exe
  C:\Windows\System\sccdaZj.exe
  2⤵
  PID:8528
- C:\Windows\System\GhyKFXd.exe
  C:\Windows\System\GhyKFXd.exe
  2⤵
  PID:8516
- C:\Windows\System\tuTuTOo.exe
  C:\Windows\System\tuTuTOo.exe
  2⤵
  PID:8616
- C:\Windows\System\drMhcTv.exe
  C:\Windows\System\drMhcTv.exe
  2⤵
  PID:8592
- C:\Windows\System\rfkJlyf.exe
  C:\Windows\System\rfkJlyf.exe
  2⤵
  PID:8632
- C:\Windows\System\gDKYgPc.exe
  C:\Windows\System\gDKYgPc.exe
  2⤵
  PID:8692
- C:\Windows\System\eItxEEX.exe
  C:\Windows\System\eItxEEX.exe
  2⤵
  PID:8672
- C:\Windows\System\pVHUqod.exe
  C:\Windows\System\pVHUqod.exe
  2⤵
  PID:8776
- C:\Windows\System\lgvRIHg.exe
  C:\Windows\System\lgvRIHg.exe
  2⤵
  PID:8748
- C:\Windows\System\BNguekg.exe
  C:\Windows\System\BNguekg.exe
  2⤵
  PID:8788
- C:\Windows\System\oZVpZYS.exe
  C:\Windows\System\oZVpZYS.exe
  2⤵
  PID:8968
- C:\Windows\System\GmKAOsT.exe
  C:\Windows\System\GmKAOsT.exe
  2⤵
  PID:8916
- C:\Windows\System\cgSgCYa.exe
  C:\Windows\System\cgSgCYa.exe
  2⤵
  PID:8956
- C:\Windows\System\GZSeazJ.exe
  C:\Windows\System\GZSeazJ.exe
  2⤵
  PID:8996
- C:\Windows\System\sgeqPtD.exe
  C:\Windows\System\sgeqPtD.exe
  2⤵
  PID:9000
- C:\Windows\System\ZLLVsRM.exe
  C:\Windows\System\ZLLVsRM.exe
  2⤵
  PID:9052
- C:\Windows\System\rTdQFwM.exe
  C:\Windows\System\rTdQFwM.exe
  2⤵
  PID:9092
- C:\Windows\System\SAqQJPX.exe
  C:\Windows\System\SAqQJPX.exe
  2⤵
  PID:9140
- C:\Windows\System\uGefxEn.exe
  C:\Windows\System\uGefxEn.exe
  2⤵
  PID:9120
- C:\Windows\System\TrUWySI.exe
  C:\Windows\System\TrUWySI.exe
  2⤵
  PID:9172
- C:\Windows\System\lQGZcGg.exe
  C:\Windows\System\lQGZcGg.exe
  2⤵
  PID:7536
- C:\Windows\System\ryydbvC.exe
  C:\Windows\System\ryydbvC.exe
  2⤵
  PID:2476
- C:\Windows\System\fHRLOLf.exe
  C:\Windows\System\fHRLOLf.exe
  2⤵
  PID:7832
- C:\Windows\System\RYqTjLQ.exe
  C:\Windows\System\RYqTjLQ.exe
  2⤵
  PID:8152
- C:\Windows\System\KFZBjDa.exe
  C:\Windows\System\KFZBjDa.exe
  2⤵
  PID:8120
- C:\Windows\System\bgYIwRF.exe
  C:\Windows\System\bgYIwRF.exe
  2⤵
  PID:2016
- C:\Windows\System\HuQCuSK.exe
  C:\Windows\System\HuQCuSK.exe
  2⤵
  PID:7348
- C:\Windows\System\uyMjEDK.exe
  C:\Windows\System\uyMjEDK.exe
  2⤵
  PID:324
- C:\Windows\System\eIAPOTO.exe
  C:\Windows\System\eIAPOTO.exe
  2⤵
  PID:2912
- C:\Windows\System\pMIOUlR.exe
  C:\Windows\System\pMIOUlR.exe
  2⤵
  PID:1112
- C:\Windows\System\uditpkD.exe
  C:\Windows\System\uditpkD.exe
  2⤵
  PID:8348
- C:\Windows\System\pGcaCVp.exe
  C:\Windows\System\pGcaCVp.exe
  2⤵
  PID:8368
- C:\Windows\System\RcKQiKe.exe
  C:\Windows\System\RcKQiKe.exe
  2⤵
  PID:8392
- C:\Windows\System\MekjkHt.exe
  C:\Windows\System\MekjkHt.exe
  2⤵
  PID:8412
- C:\Windows\System\HqpjmUW.exe
  C:\Windows\System\HqpjmUW.exe
  2⤵
  PID:8456
- C:\Windows\System\erzGIAM.exe
  C:\Windows\System\erzGIAM.exe
  2⤵
  PID:8508
- C:\Windows\System\gPvBgOc.exe
  C:\Windows\System\gPvBgOc.exe
  2⤵
  PID:8428
- C:\Windows\System\ycItunP.exe
  C:\Windows\System\ycItunP.exe
  2⤵
  PID:1476
- C:\Windows\System\mDeEade.exe
  C:\Windows\System\mDeEade.exe
  2⤵
  PID:8548
- C:\Windows\System\FLzwzCT.exe
  C:\Windows\System\FLzwzCT.exe
  2⤵
  PID:8608
- C:\Windows\System\YflCBTe.exe
  C:\Windows\System\YflCBTe.exe
  2⤵
  PID:8636
- C:\Windows\System\UhBtWWC.exe
  C:\Windows\System\UhBtWWC.exe
  2⤵
  PID:8716
- C:\Windows\System\abVMapt.exe
  C:\Windows\System\abVMapt.exe
  2⤵
  PID:8596
- C:\Windows\System\YkJucbW.exe
  C:\Windows\System\YkJucbW.exe
  2⤵
  PID:2748
- C:\Windows\System\uqOwGpX.exe
  C:\Windows\System\uqOwGpX.exe
  2⤵
  PID:3000
- C:\Windows\System\KMdMnhQ.exe
  C:\Windows\System\KMdMnhQ.exe
  2⤵
  PID:8832
- C:\Windows\System\TYVdOyE.exe
  C:\Windows\System\TYVdOyE.exe
  2⤵
  PID:8928
- C:\Windows\System\mmdhRmM.exe
  C:\Windows\System\mmdhRmM.exe
  2⤵
  PID:8972
- C:\Windows\System\fHEBPPD.exe
  C:\Windows\System\fHEBPPD.exe
  2⤵
  PID:9032
- C:\Windows\System\YADEvIy.exe
  C:\Windows\System\YADEvIy.exe
  2⤵
  PID:9040
- C:\Windows\System\Gmaadvp.exe
  C:\Windows\System\Gmaadvp.exe
  2⤵
  PID:9076
- C:\Windows\System\weBYcLW.exe
  C:\Windows\System\weBYcLW.exe
  2⤵
  PID:9152
- C:\Windows\System\QcGOQQq.exe
  C:\Windows\System\QcGOQQq.exe
  2⤵
  PID:2264
- C:\Windows\System\KlWnyJk.exe
  C:\Windows\System\KlWnyJk.exe
  2⤵
  PID:9200
- C:\Windows\System\uDDbFij.exe
  C:\Windows\System\uDDbFij.exe
  2⤵
  PID:1396
- C:\Windows\System\KhHqUcm.exe
  C:\Windows\System\KhHqUcm.exe
  2⤵
  PID:7452
- C:\Windows\System\jPaonga.exe
  C:\Windows\System\jPaonga.exe
  2⤵
  PID:8076
- C:\Windows\System\zCoenHj.exe
  C:\Windows\System\zCoenHj.exe
  2⤵
  PID:6936
- C:\Windows\System\EbnyUXJ.exe
  C:\Windows\System\EbnyUXJ.exe
  2⤵
  PID:7960
- C:\Windows\System\EnsyAfR.exe
  C:\Windows\System\EnsyAfR.exe
  2⤵
  PID:8232
- C:\Windows\System\WZMCfkX.exe
  C:\Windows\System\WZMCfkX.exe
  2⤵
  PID:796
- C:\Windows\System\RBBZUnR.exe
  C:\Windows\System\RBBZUnR.exe
  2⤵
  PID:8448
- C:\Windows\System\GPAmLwr.exe
  C:\Windows\System\GPAmLwr.exe
  2⤵
  PID:3068
- C:\Windows\System\FDUUsyT.exe
  C:\Windows\System\FDUUsyT.exe
  2⤵
  PID:1944
- C:\Windows\System\FPQOKkW.exe
  C:\Windows\System\FPQOKkW.exe
  2⤵
  PID:1000
- C:\Windows\System\MOFEeBw.exe
  C:\Windows\System\MOFEeBw.exe
  2⤵
  PID:8532
- C:\Windows\System\GTWiUuZ.exe
  C:\Windows\System\GTWiUuZ.exe
  2⤵
  PID:1484
- C:\Windows\System\krjsAPe.exe
  C:\Windows\System\krjsAPe.exe
  2⤵
  PID:8676
- C:\Windows\System\kIcTYZG.exe
  C:\Windows\System\kIcTYZG.exe
  2⤵
  PID:2644
- C:\Windows\System\JJJIixd.exe
  C:\Windows\System\JJJIixd.exe
  2⤵
  PID:9096
- C:\Windows\System\wJCifbn.exe
  C:\Windows\System\wJCifbn.exe
  2⤵
  PID:8912
- C:\Windows\System\HeAQrWl.exe
  C:\Windows\System\HeAQrWl.exe
  2⤵
  PID:9068
- C:\Windows\System\yfPVIvL.exe
  C:\Windows\System\yfPVIvL.exe
  2⤵
  PID:9036
- C:\Windows\System\mmpZRvg.exe
  C:\Windows\System\mmpZRvg.exe
  2⤵
  PID:2612
- C:\Windows\System\jfxumfc.exe
  C:\Windows\System\jfxumfc.exe
  2⤵
  PID:8308
- C:\Windows\System\yMMCynR.exe
  C:\Windows\System\yMMCynR.exe
  2⤵
  PID:1828
- C:\Windows\System\LRqRuAw.exe
  C:\Windows\System\LRqRuAw.exe
  2⤵
  PID:8336
- C:\Windows\System\ARwAvjG.exe
  C:\Windows\System\ARwAvjG.exe
  2⤵
  PID:2948
- C:\Windows\System\QlItJqt.exe
  C:\Windows\System\QlItJqt.exe
  2⤵
  PID:2424
- C:\Windows\System\IcyhUFS.exe
  C:\Windows\System\IcyhUFS.exe
  2⤵
  PID:2840
- C:\Windows\System\VPszngC.exe
  C:\Windows\System\VPszngC.exe
  2⤵
  PID:8732
- C:\Windows\System\aFNilEa.exe
  C:\Windows\System\aFNilEa.exe
  2⤵
  PID:8836
- C:\Windows\System\ueIGZhE.exe
  C:\Windows\System\ueIGZhE.exe
  2⤵
  PID:8952
- C:\Windows\System\dGcIRvg.exe
  C:\Windows\System\dGcIRvg.exe
  2⤵
  PID:2856
- C:\Windows\System\BUujSXU.exe
  C:\Windows\System\BUujSXU.exe
  2⤵
  PID:9204
- C:\Windows\System\puYDgZn.exe
  C:\Windows\System\puYDgZn.exe
  2⤵
  PID:8492
- C:\Windows\System\ljGEYpk.exe
  C:\Windows\System\ljGEYpk.exe
  2⤵
  PID:1920
- C:\Windows\System\MsGXWWj.exe
  C:\Windows\System\MsGXWWj.exe
  2⤵
  PID:1832
- C:\Windows\System\hRrzQHs.exe
  C:\Windows\System\hRrzQHs.exe
  2⤵
  PID:2796
- C:\Windows\System\QKFdzhL.exe
  C:\Windows\System\QKFdzhL.exe
  2⤵
  PID:8872
- C:\Windows\System\egkHYey.exe
  C:\Windows\System\egkHYey.exe
  2⤵
  PID:2684
- C:\Windows\System\wtCOiqk.exe
  C:\Windows\System\wtCOiqk.exe
  2⤵
  PID:8896
- C:\Windows\System\jsvrZNv.exe
  C:\Windows\System\jsvrZNv.exe
  2⤵
  PID:7976
- C:\Windows\System\OyXrNLX.exe
  C:\Windows\System\OyXrNLX.exe
  2⤵
  PID:8828
- C:\Windows\System\ZnVeTBu.exe
  C:\Windows\System\ZnVeTBu.exe
  2⤵
  PID:8388
- C:\Windows\System\ZuhEfGK.exe
  C:\Windows\System\ZuhEfGK.exe
  2⤵
  PID:8556
- C:\Windows\System\vByWmYj.exe
  C:\Windows\System\vByWmYj.exe
  2⤵
  PID:8572
- C:\Windows\System\BhFQVhm.exe
  C:\Windows\System\BhFQVhm.exe
  2⤵
  PID:8772
- C:\Windows\System\UmeeUhr.exe
  C:\Windows\System\UmeeUhr.exe
  2⤵
  PID:2312
- C:\Windows\System\hOJdJIm.exe
  C:\Windows\System\hOJdJIm.exe
  2⤵
  PID:9232
- C:\Windows\System\YFiKPTZ.exe
  C:\Windows\System\YFiKPTZ.exe
  2⤵
  PID:9248
- C:\Windows\System\FDEDACy.exe
  C:\Windows\System\FDEDACy.exe
  2⤵
  PID:9264
- C:\Windows\System\oNhfRPk.exe
  C:\Windows\System\oNhfRPk.exe
  2⤵
  PID:9280
- C:\Windows\System\TwhFCdk.exe
  C:\Windows\System\TwhFCdk.exe
  2⤵
  PID:9296
- C:\Windows\System\epjOOUZ.exe
  C:\Windows\System\epjOOUZ.exe
  2⤵
  PID:9312
- C:\Windows\System\bWZOgfG.exe
  C:\Windows\System\bWZOgfG.exe
  2⤵
  PID:9328
- C:\Windows\System\feJzbGs.exe
  C:\Windows\System\feJzbGs.exe
  2⤵
  PID:9344
- C:\Windows\System\KeYgHIy.exe
  C:\Windows\System\KeYgHIy.exe
  2⤵
  PID:9360
- C:\Windows\System\TLNFlhi.exe
  C:\Windows\System\TLNFlhi.exe
  2⤵
  PID:9420
- C:\Windows\System\EfeZiRl.exe
  C:\Windows\System\EfeZiRl.exe
  2⤵
  PID:9444
- C:\Windows\System\TlbuLwC.exe
  C:\Windows\System\TlbuLwC.exe
  2⤵
  PID:9472
- C:\Windows\System\DRRXlmY.exe
  C:\Windows\System\DRRXlmY.exe
  2⤵
  PID:9488
- C:\Windows\System\Qdolhcg.exe
  C:\Windows\System\Qdolhcg.exe
  2⤵
  PID:9512
- C:\Windows\System\HTsZLgA.exe
  C:\Windows\System\HTsZLgA.exe
  2⤵
  PID:9528
- C:\Windows\System\eZwJLlC.exe
  C:\Windows\System\eZwJLlC.exe
  2⤵
  PID:9548
- C:\Windows\System\jTTShUy.exe
  C:\Windows\System\jTTShUy.exe
  2⤵
  PID:9576
- C:\Windows\System\TvdPSMU.exe
  C:\Windows\System\TvdPSMU.exe
  2⤵
  PID:9592
- C:\Windows\System\UeVCutr.exe
  C:\Windows\System\UeVCutr.exe
  2⤵
  PID:9608
- C:\Windows\System\jVuabDi.exe
  C:\Windows\System\jVuabDi.exe
  2⤵
  PID:9636
- C:\Windows\System\mkvfVZS.exe
  C:\Windows\System\mkvfVZS.exe
  2⤵
  PID:9656
- C:\Windows\System\qOmFNIg.exe
  C:\Windows\System\qOmFNIg.exe
  2⤵
  PID:9676
- C:\Windows\System\SHNjxHJ.exe
  C:\Windows\System\SHNjxHJ.exe
  2⤵
  PID:9696
- C:\Windows\System\NlcFBpW.exe
  C:\Windows\System\NlcFBpW.exe
  2⤵
  PID:9716
- C:\Windows\System\MTLHJAt.exe
  C:\Windows\System\MTLHJAt.exe
  2⤵
  PID:9732
- C:\Windows\System\RlbWTiS.exe
  C:\Windows\System\RlbWTiS.exe
  2⤵
  PID:9756
- C:\Windows\System\ePmhXhf.exe
  C:\Windows\System\ePmhXhf.exe
  2⤵
  PID:9772
- C:\Windows\System\miAAUWT.exe
  C:\Windows\System\miAAUWT.exe
  2⤵
  PID:9792
- C:\Windows\System\clHxyKu.exe
  C:\Windows\System\clHxyKu.exe
  2⤵
  PID:9812
- C:\Windows\System\ltFFRkV.exe
  C:\Windows\System\ltFFRkV.exe
  2⤵
  PID:9828
- C:\Windows\System\rjUzrWs.exe
  C:\Windows\System\rjUzrWs.exe
  2⤵
  PID:9848
- C:\Windows\System\IiOlnDB.exe
  C:\Windows\System\IiOlnDB.exe
  2⤵
  PID:9864
- C:\Windows\System\XZYHbLo.exe
  C:\Windows\System\XZYHbLo.exe
  2⤵
  PID:9884
- C:\Windows\System\IIAOTlK.exe
  C:\Windows\System\IIAOTlK.exe
  2⤵
  PID:9900
- C:\Windows\System\CStLvni.exe
  C:\Windows\System\CStLvni.exe
  2⤵
  PID:9916
- C:\Windows\System\dJqAugJ.exe
  C:\Windows\System\dJqAugJ.exe
  2⤵
  PID:9932
- C:\Windows\System\rSpKIHD.exe
  C:\Windows\System\rSpKIHD.exe
  2⤵
  PID:9948
- C:\Windows\System\UpIpCYO.exe
  C:\Windows\System\UpIpCYO.exe
  2⤵
  PID:9964
- C:\Windows\System\SqEuFdN.exe
  C:\Windows\System\SqEuFdN.exe
  2⤵
  PID:9980
- C:\Windows\System\briefKZ.exe
  C:\Windows\System\briefKZ.exe
  2⤵
  PID:9996
- C:\Windows\System\qPoWICz.exe
  C:\Windows\System\qPoWICz.exe
  2⤵
  PID:10012
- C:\Windows\System\WNBSSuc.exe
  C:\Windows\System\WNBSSuc.exe
  2⤵
  PID:10028
- C:\Windows\System\SvUQzcH.exe
  C:\Windows\System\SvUQzcH.exe
  2⤵
  PID:10048
- C:\Windows\System\OSKOYdw.exe
  C:\Windows\System\OSKOYdw.exe
  2⤵
  PID:10068
- C:\Windows\System\xtkRAfK.exe
  C:\Windows\System\xtkRAfK.exe
  2⤵
  PID:10088
- C:\Windows\System\ImNAocc.exe
  C:\Windows\System\ImNAocc.exe
  2⤵
  PID:10104
- C:\Windows\System\MagqhTf.exe
  C:\Windows\System\MagqhTf.exe
  2⤵
  PID:10120
- C:\Windows\System\GrFcxzF.exe
  C:\Windows\System\GrFcxzF.exe
  2⤵
  PID:10136
- C:\Windows\System\bSBOscX.exe
  C:\Windows\System\bSBOscX.exe
  2⤵
  PID:10152
- C:\Windows\System\jpefJiQ.exe
  C:\Windows\System\jpefJiQ.exe
  2⤵
  PID:10168
- C:\Windows\System\dxwUoKw.exe
  C:\Windows\System\dxwUoKw.exe
  2⤵
  PID:10184
- C:\Windows\System\EwHGmZt.exe
  C:\Windows\System\EwHGmZt.exe
  2⤵
  PID:10200
- C:\Windows\System\VLqsywU.exe
  C:\Windows\System\VLqsywU.exe
  2⤵
  PID:10216
- C:\Windows\System\cXPTYPm.exe
  C:\Windows\System\cXPTYPm.exe
  2⤵
  PID:10236
- C:\Windows\System\onWLfmx.exe
  C:\Windows\System\onWLfmx.exe
  2⤵
  PID:9240
- C:\Windows\System\OTDblzh.exe
  C:\Windows\System\OTDblzh.exe
  2⤵
  PID:9304
- C:\Windows\System\ieygvVG.exe
  C:\Windows\System\ieygvVG.exe
  2⤵
  PID:9336
- C:\Windows\System\vglIHwT.exe
  C:\Windows\System\vglIHwT.exe
  2⤵
  PID:2676
- C:\Windows\System\LrfyVll.exe
  C:\Windows\System\LrfyVll.exe
  2⤵
  PID:9260
- C:\Windows\System\LqMwecz.exe
  C:\Windows\System\LqMwecz.exe
  2⤵
  PID:9372
- C:\Windows\System\qNpDhJc.exe
  C:\Windows\System\qNpDhJc.exe
  2⤵
  PID:9396
- C:\Windows\System\CPMTwlL.exe
  C:\Windows\System\CPMTwlL.exe
  2⤵
  PID:9416
- C:\Windows\System\ExqNHsK.exe
  C:\Windows\System\ExqNHsK.exe
  2⤵
  PID:9436
- C:\Windows\System\lQdFxlK.exe
  C:\Windows\System\lQdFxlK.exe
  2⤵
  PID:9456
- C:\Windows\System\tXkjBgE.exe
  C:\Windows\System\tXkjBgE.exe
  2⤵
  PID:9500
- C:\Windows\System\DIMQjzE.exe
  C:\Windows\System\DIMQjzE.exe
  2⤵
  PID:9520
- C:\Windows\System\QBdAwWh.exe
  C:\Windows\System\QBdAwWh.exe
  2⤵
  PID:9540
- C:\Windows\System\wAvIBzd.exe
  C:\Windows\System\wAvIBzd.exe
  2⤵
  PID:9564
- C:\Windows\System\dVFzuDK.exe
  C:\Windows\System\dVFzuDK.exe
  2⤵
  PID:9616
- C:\Windows\System\RaMmFlz.exe
  C:\Windows\System\RaMmFlz.exe
  2⤵
  PID:9632
- C:\Windows\System\IDonxWw.exe
  C:\Windows\System\IDonxWw.exe
  2⤵
  PID:9648
- C:\Windows\System\ZzfBirf.exe
  C:\Windows\System\ZzfBirf.exe
  2⤵
  PID:9684
- C:\Windows\System\VvFukBm.exe
  C:\Windows\System\VvFukBm.exe
  2⤵
  PID:9712
- C:\Windows\System\fMMfPYr.exe
  C:\Windows\System\fMMfPYr.exe
  2⤵
  PID:9740
- C:\Windows\System\ipJZfWB.exe
  C:\Windows\System\ipJZfWB.exe
  2⤵
  PID:9764
- C:\Windows\System\rzhPwxH.exe
  C:\Windows\System\rzhPwxH.exe
  2⤵
  PID:9800
- C:\Windows\System\slSHizb.exe
  C:\Windows\System\slSHizb.exe
  2⤵
  PID:9824
- C:\Windows\System\lNpoWaM.exe
  C:\Windows\System\lNpoWaM.exe
  2⤵
  PID:9896
- C:\Windows\System\hWZHPKb.exe
  C:\Windows\System\hWZHPKb.exe
  2⤵
  PID:9908
- C:\Windows\System\zxHmzLb.exe
  C:\Windows\System\zxHmzLb.exe
  2⤵
  PID:9956
- C:\Windows\System\WDvjlhp.exe
  C:\Windows\System\WDvjlhp.exe
  2⤵
  PID:9836
- C:\Windows\System\JhqBlOw.exe
  C:\Windows\System\JhqBlOw.exe
  2⤵
  PID:9992
- C:\Windows\System\xCexZhm.exe
  C:\Windows\System\xCexZhm.exe
  2⤵
  PID:10008
- C:\Windows\System\mbYzCOD.exe
  C:\Windows\System\mbYzCOD.exe
  2⤵
  PID:10040
- C:\Windows\System\JQbELsg.exe
  C:\Windows\System\JQbELsg.exe
  2⤵
  PID:10076
- C:\Windows\System\OrRRawB.exe
  C:\Windows\System\OrRRawB.exe
  2⤵
  PID:10096
- C:\Windows\System\GJdGbpk.exe
  C:\Windows\System\GJdGbpk.exe
  2⤵
  PID:10144
- C:\Windows\System\fikHuUf.exe
  C:\Windows\System\fikHuUf.exe
  2⤵
  PID:10112
- C:\Windows\System\VVvextl.exe
  C:\Windows\System\VVvextl.exe
  2⤵
  PID:10116
- C:\Windows\System\OphYMSS.exe
  C:\Windows\System\OphYMSS.exe
  2⤵
  PID:10228
- C:\Windows\System\knVEsbg.exe
  C:\Windows\System\knVEsbg.exe
  2⤵
  PID:8696
- C:\Windows\System\VUjahiB.exe
  C:\Windows\System\VUjahiB.exe
  2⤵
  PID:9368
- C:\Windows\System\NmlyUzf.exe
  C:\Windows\System\NmlyUzf.exe
  2⤵
  PID:9324
- C:\Windows\System\zEcsmsz.exe
  C:\Windows\System\zEcsmsz.exe
  2⤵
  PID:9320
- C:\Windows\System\iRvDJdy.exe
  C:\Windows\System\iRvDJdy.exe
  2⤵
  PID:9388
- C:\Windows\System\CMHLebM.exe
  C:\Windows\System\CMHLebM.exe
  2⤵
  PID:9480
- C:\Windows\System\zhGskre.exe
  C:\Windows\System\zhGskre.exe
  2⤵
  PID:9536
- C:\Windows\System\mhcrIMk.exe
  C:\Windows\System\mhcrIMk.exe
  2⤵
  PID:9628
- C:\Windows\System\YhnlPNb.exe
  C:\Windows\System\YhnlPNb.exe
  2⤵
  PID:9728
- C:\Windows\System\xxnDGEo.exe
  C:\Windows\System\xxnDGEo.exe
  2⤵
  PID:9600
- C:\Windows\System\BbNZqlm.exe
  C:\Windows\System\BbNZqlm.exe
  2⤵
  PID:9744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ATCZMQk.exe

Filesize
6.0MB

MD5
0505ec23ab1e57c0e18509677b0ecc0b

SHA1
6ff56e62dd7390d4541574297ce3599c7af58187

SHA256
671f63d041ae8f5bd04da7ed553f5f9b8fe97980765664b92c839e61e45fa285

SHA512
9bdda41952a73fce2df4bf62ca1544ed6f9856b52fb5fd579a8dbce9b9ff12ac8fd8cf1832c0a716c5b0378e697ba81940a669ea158b6e8e4370d0562e54add1

Download Submit
C:\Windows\system\AyzMrFE.exe

Filesize
6.0MB

MD5
0b1cb3d66da61cab276f20688137cdfd

SHA1
3a481ed9c7c3655d856dde193bd695f8cbc47f96

SHA256
b516ff8d3d9785eaa022c45d5d02c077261e9920ea5ec60ce1e00ca4838aec6d

SHA512
757263e5325a64af2d9fd56345791786782aec1a08a93bfb26e21fa922c43eac0fda8cf66a27d67bce0f5c536ed4c4018e0abf017b57604ac29319288ffd619d

Download Submit
C:\Windows\system\BWdLRnw.exe

Filesize
6.0MB

MD5
927a53d1ccb92e4e7b996e451ef92718

SHA1
0bad54b0614be4ba038969e517180c606a84974c

SHA256
e0395cfec507c09b1d1cb636d64ddbc79fb903ba67bb2c0cb3e4c363d5adf14a

SHA512
f44af96bbd859a2852e54bbb03ea12a823bf23159d5124bb250add7443804613a654873513399908b0d4592623d3cf2ad68106bfaea48cbae0585cb797838008

Download Submit
C:\Windows\system\CPVEaBv.exe

Filesize
6.0MB

MD5
541e6addbddccaf201509f9614c6a1ef

SHA1
8c9c9785824ae0296e32cefc2efab307b37b99ec

SHA256
2abbc1e5ec0cc100fcf2093f38c94d3987ce9a826b0296f112c677185fee1cfc

SHA512
7a615748d58348c10c80bd70352f667a49a86b26921816deab1ea153968c42c1df29c27f8b0b0d48500c4333432478bef20f16b2a6f4e2bc75c51dabda2fbc22

Download Submit
C:\Windows\system\ETxQKIn.exe

Filesize
6.0MB

MD5
932c235f525b8d29d9cf4ce58b801cd2

SHA1
0a8d178cb08bc354ffc7a4419b65400e754e350b

SHA256
eed487e4f9b92b42d14616feb49772adf34e70ef013e17925a50a06494974410

SHA512
ee235df85969092480a7539e236477372ce6c8958e58a4637dbde7e6c35a2acc2a0f37affba7d82ae207ccb6e1cabee8e5a3b475920d3db68ae3de4c06b9203b

Download Submit
C:\Windows\system\HdrhDYd.exe

Filesize
6.0MB

MD5
68a361f1cd5422c42e270769974e25db

SHA1
7f2e0dae3eeee5cf4f1a6d7dbbe56dfa2925f527

SHA256
c45c55ba7a971332fa871458219b04d42438e3d5917acea8c285dfe56ba77138

SHA512
af60d8259a5fc4c6078ebb6f518ce0562af1b7f2f93510fe9b840bcea5a091ca4ed27984cff3499a5a8dd65f2f7b9fd2fb4cb1533ff64ae763d2a0e5851f1b39

Download Submit
C:\Windows\system\LKVfnUb.exe

Filesize
6.0MB

MD5
f96a81b3c4172d6b8be631806382ed8a

SHA1
99fa9c4710e2988465a11b5d8337e8d8e9ef4cd3

SHA256
db01725eb3aaa161b64f192ce2218834688410e2ef3552d8174d535b8595da62

SHA512
7a62f4b3785c026d5b04e3540635e43c1caba4700a78a97eec1dc57fa9d37037d6731423f338edfc38974a4b8b941e5f634224a434a58d9c7b59fcb6b82a8297

Download Submit
C:\Windows\system\LmlEczs.exe

Filesize
6.0MB

MD5
c929b4d0a755bb638d2f5bce7400c2fb

SHA1
5398c3ce046651ceb3a27e742283e7158cdce206

SHA256
d00711ca91a9c871f49a8329ed1fe94ad57ddda8ad818806a3d308f640dfc595

SHA512
4e39c0da70eb28990bfca2d3617499f682ed601d68a2a66d85bb43be79ea5648b3963fb9d430d48f3f6afbc748bc70685351c135d6e940319edd866823c8ef69

Download Submit
C:\Windows\system\MMtcdjm.exe

Filesize
6.0MB

MD5
d63db31564185de225525899f6bf5166

SHA1
cedefa4fbe968af06c09f4df49e5dd4e0f6cb316

SHA256
33ac7101419aa673c5435b7988a088434fc692c5628949764c59c8c9e409d967

SHA512
654820c4e631e4bca7cf67724615fd90289fb5cb8b77cff9d41125b246c10c4ac5202a12fd11a002920ee2fe30d2ef8ebd4e80c2b61a8367b688ba0b282c1bc7

Download Submit
C:\Windows\system\MlYkwbH.exe

Filesize
6.0MB

MD5
17278f2347ce9414686709849265381c

SHA1
0acdbd5cbcee43160c3fcc0af15b79791f953e64

SHA256
eff5fc2b7698805ec4cda879ffb6172ca16498953141d52e9a85ed59cb566c7c

SHA512
88e76d53c12ef6e89cd2c87376fd135af2e89a47181215e2dea5894538156d4bdd67b2941c7edf74549ff9469e43bea6a1b399e811a43fbf2e7a8140063b051b

Download Submit
C:\Windows\system\NPrgTfm.exe

Filesize
6.0MB

MD5
bea62f13c113b00f93aafbad4e81b210

SHA1
8d4be89e6853a4eb32da5e700710d0f7509c6228

SHA256
6716cf522757e66969c981b295db0bdc79c6a21172c74d8c5c25120d2591857a

SHA512
f5104616df5b50caf26ce64b65886f8da8f25b94669f5a55bc673d66968f2fff23d0830c301a73770eac59b5b3bbec1de3d99d166a7ac932b08f697711cbad95

Download Submit
C:\Windows\system\StddvcC.exe

Filesize
6.0MB

MD5
caa6308f9944ea83a9855f8e59f81353

SHA1
8ecc050c28ce32e442692c78883d407210f9f2b4

SHA256
19fc9221fd095c12057d56c5020be262044db272aed279f8cb94fd20233b96d0

SHA512
f8025ed6f764c4f86d9fe309030ec16bc574da16f0ffab512ab65b2d84eb3abff7c6e67ac5f6212bc55542c79c8b983a845eb05efa7b2228994dd6c372aed7c3

Download Submit
C:\Windows\system\UXZTjUG.exe

Filesize
6.0MB

MD5
6207ed572db41e23bcb97c5bb2f238f4

SHA1
3c789c28f440ad742e3264da400768cbb57e0109

SHA256
7260a6309235dc5d8b5ab8842504dd40eefc5741dd0aaefdc37a7ae9e30d024e

SHA512
4e64c2c15975d96f85af1f66481903e2083a09f36cd6d550cab5b3e85e80fa3c0a441415b1555cf07a131292fff075f39b38888532c3336dc46c4cbe8be210bc

Download Submit
C:\Windows\system\VaUTCuO.exe

Filesize
6.0MB

MD5
306632dc673197ba03c89e3e20fe1cc4

SHA1
16fe598c0203f3ea05e17223de85d4a0ba2ca71e

SHA256
6c71d6a2352d62b5d474ef1a148474d4681db4dc34e82b65b74253ccbb8fdb8a

SHA512
569f4b59c2ef2da3c0775febbd44820d4e174052106f164792f4aabb56fd32e5882e80f3c37f03d97be1993ee98642b319285bf3628bc947c7f577b52efee4d6

Download Submit
C:\Windows\system\XJUdCdd.exe

Filesize
6.0MB

MD5
b0719c79a607d3bde576b646451360f6

SHA1
6358934ba497b359bc211cd869179ab23d1541b4

SHA256
caddeb98dc49a0cc918a6c8f0e10c2fbb1fe6820d01b56bb95883c3b69ea58a8

SHA512
39e54ee643e0b8ffda3aa722a1d3e0c74c5f7898ff98385fe852fc4ebe84786c8b408c4a5221c41e218b9397b155e799415bcac1c1dfbbc50c8697c2853e9bc0

Download Submit
C:\Windows\system\XeLFQCF.exe

Filesize
6.0MB

MD5
c342a5dfb3f978f69bcc7d290262d366

SHA1
aaa008568f6a9e114e2173c2b79553ddd33d7c2d

SHA256
7d7d4f6c00bae39b4a4cdd34fcd3baca3e555d94ea73b384aa26d1333f6999c0

SHA512
cf2216fd18a9adda99a781efb76fcec155baf616ccc671a0b6b976d9321bc799d2449f36faf21270cd53cb4188c225e5314721b7f96754dee85aed3ffce1f6ab

Download Submit
C:\Windows\system\YzdGaqv.exe

Filesize
6.0MB

MD5
0d4f5291ae504851b8afe9ce279991c2

SHA1
0b216cd0c385599fe32798e64fbb1fb55b0593a2

SHA256
3d150fa8e450c340488f03cfd12b434f7bbd04a0976bb20bee79ecad1ed1dd78

SHA512
edd2cde07c46d4702563519cbb0112184b56c5c030d4b80270ccc50e22331493a0863a041b68a855fed016939c46361756b91fc625f890fad92c1deb4384b075

Download Submit
C:\Windows\system\ZFbzvak.exe

Filesize
6.0MB

MD5
02dd7a810b852c970ae419fcff2d5e82

SHA1
681b66e49cf01d68848b3c3dd370bfce2d4a70b3

SHA256
8d0b4a0f27ab87901efecab220c0741dd564a39ccdb8631f1112acf1ee5b972a

SHA512
8cf0d687c616b090e26780e524d51b52115ae7f05ca2585df29a3e9343b3c9ef1472ebf9b885e9678d4675048553dcbe074160375ed73f21b0ffbef950df6453

Download Submit
C:\Windows\system\axnzSEI.exe

Filesize
6.0MB

MD5
4eaa50bacde20bd6a29e1347c868563a

SHA1
7d9a4517fed4585b4e261ee8653bf818b7f689e4

SHA256
261fc9ba665ddd02851039d46cec7eec0be1307ee7467c757b03b973ad664f5b

SHA512
d3f66bb7934e7b8a1ac9a0e6807c74c81725833bec57d8c5e297ef307c94458db802a3a62aae54bf253fa5123c71db2027fed8b2c5b5ed7cb57ed5f8cec3b301

Download Submit
C:\Windows\system\epJvphz.exe

Filesize
6.0MB

MD5
61240c2e7e1598926ff5030c4834e242

SHA1
d10c71569873e59d62c0feb434a437c80a8a6276

SHA256
7deccfea3821ab413b060403f1d9f4ba72f0e8431d0c3b85c565f87946c2fb1d

SHA512
ea23031b7b40c7dcd32c1e3455c525e4a2faeb90ab76c1c46ac751023e39b51cb06ad1b797384620cae8da50a6ea08472994408ad452405e381f49e2a08b31a7

Download Submit
C:\Windows\system\hSIOTRU.exe

Filesize
6.0MB

MD5
cb36af6cf63298e23747f8f7ecc67c13

SHA1
7fdad9624ec3ab63902dc99a6eb18d202614cc5c

SHA256
7e756f168b2e56c29cc6ea351e9422333aa8d44f61ef793712f68341c28a6c5b

SHA512
51f2542bcb5a2bf2b4dfaec4f750ce9037de28a3eeffe5d6ece46d34da4b2a129c8f6a8058b96e1a40293eb9c4067ddd3a328c3111d273ec9fedafa1390f40f2

Download Submit
C:\Windows\system\imEXyrL.exe

Filesize
6.0MB

MD5
e018c9b0b573f5dec231c0a2c23ec0e5

SHA1
e82b1e51cea81010a5b7ae7a942507323476dcae

SHA256
03feadbe3ac29664ca225f26d73dea8a2ed2f1be4f8bbf737cb2fd2b762876db

SHA512
830256d62ca60481e6842e496c7817e440f9a0c2318f643e3d402dc2c703dc5559fecde3883da787ff166f388f421d7eedf2cf8606f402578df16a84e2291a74

Download Submit
C:\Windows\system\nDIzIEn.exe

Filesize
6.0MB

MD5
ec19d06835bf423d222dce756dcb0e8d

SHA1
d155ebd28727f6372d22399d0ccd39cbf8a8b1df

SHA256
4785a0b7f2ffe6676adda8078c216724c4e2d3d8265dc220f606f07623858ee4

SHA512
86ebea92779efc24ea1779e8108732be6532601cccc8cf71d53711e1a7c7495a1b4173ef3a5dd92ca245f0e2347246c78aee6b61217745c4a192507470d2ce58

Download Submit
C:\Windows\system\nSxhivd.exe

Filesize
6.0MB

MD5
572823698502696b44db1a64cde2b518

SHA1
442bf9a86d7eac2dd30e09ff3e8c6ce0737e35a3

SHA256
4cdffd59553db6328dd4626591f01e530e7d2e632138a4df48fa083cca907bb8

SHA512
6f08c3dccdf0129a9ddc45fb136f1be591de9a55709b28f0a2a8bf8fc953a602e32be40996ac57da868fe818fb64777ecc7a87c2fc8b0863e42cc7c0afd28bf5

Download Submit
C:\Windows\system\oLNlngX.exe

Filesize
6.0MB

MD5
cb73904e4249146fddcade9b04f7380a

SHA1
9121b0002f2bda63b1547dfefee53235efee831c

SHA256
46c62ead9b0efb6aab52ce10f40240ce91fb56ec850ef16287c7400b700dc5ba

SHA512
0fc68cdafbb812be5458a0311b30738332a8edc47aba2b97e21ffcbb0e23d3e29d1f0eac689c7d0de8ca4ca04961ac7f5bfa85e02001a12bb59c6dd4fc1b818e

Download Submit
C:\Windows\system\oODChfr.exe

Filesize
6.0MB

MD5
9532c0de603cf90ebf549d8fffe7c983

SHA1
d44e8401ff73900b76e528aea196bcfb2e42b6ca

SHA256
583f09c9355aff8db5734ce089deb4ed9d7b385d286c67c01a55b25eabbad3f6

SHA512
a0f1364be138dd0d544d71e102746626d760965fe2a5bc0173b3a256ab8b4879253dfac0dd1efbee8d006d86cb9a347d21a8b13105320255f77f7743a2bcc9c3

Download Submit
C:\Windows\system\syZIZUK.exe

Filesize
6.0MB

MD5
06385a7bb2835f7053f8b8af45849ad3

SHA1
6a65be7a6b30a44e51c1774a76a20ab68812ef37

SHA256
1a0b1e8b59bd40a17942214351dbeb85f2b033d02bed2fda4cb0f04ae4666aa3

SHA512
54f73f134f2d612f3e6532074c8e6893cd986d293755bce166aa756c5d73ed97bb7dac2866e1a55e558007d67d1fd46fc3da3a15efcecd668d555f20883ec300

Download Submit
C:\Windows\system\tLaTUST.exe

Filesize
6.0MB

MD5
7249c037bd168fa83be23bca352435c0

SHA1
377f23054dfa8e8afcc56ec9712634096d466985

SHA256
ed11c3b35bea8efc09ec834c8df738d51734d14a376d3195a32657675aa7aabe

SHA512
00fa7aafe5097be96022b2435d2e7dbff3165649c480981ddea6aea23dda03db9a6315733fb3c8704af2023d2425c5f6d6e27a695a3c7e8025acd0b0ed35a91e

Download Submit
C:\Windows\system\uMMsoOq.exe

Filesize
6.0MB

MD5
a3548396eb235b4578bbc2d2fe612856

SHA1
d1c0e59948b32080980cf2eb634878262e054567

SHA256
7b694baa9ff423927a2d82d3dfd74e0ec821bb62fd003cfeaba0e7435fb54aa5

SHA512
e0fd875de135a4886068a1099451163f37b95a8f5ed8c7849c7fd08f80f25700f1bea2c186bbfeb43f1810c2072668f72aaeef3eaf437dfd8e8d2c1821c61931

Download Submit
C:\Windows\system\uPgvJGQ.exe

Filesize
6.0MB

MD5
760514a5c4e1f688634cbabf16c6c47f

SHA1
e0e3521d93c916a37bb34b031d6f1fcd2e0ee4b9

SHA256
2a861e2eb9927c1b8c7accdb61a8c80eef7392e5e19d9b1d11e959ed1d1e495a

SHA512
33caa8d691093bdb3b318e40d7ad402e310e7809c495595d49908c650dff8187139f533ac0125c9f0fad0584fa59a6096ad635439a9d85f8b0ad174ee2d409a4

Download Submit
C:\Windows\system\wkuaWpU.exe

Filesize
6.0MB

MD5
cccc38e046b2e7d793b6ba3d7d474f68

SHA1
4bd38f0caf2592b74f6856e9daea9562d219e342

SHA256
8ee8418e5ed611bd2208ec8ff79ba11d48cd71c4e47d9b17dd30038d7505947c

SHA512
47be00e64fd62f5fd3dca579e72c7e25e914fef582618edf14b82a7179086788a8ca0cec566d81cc51715309c3431b463ede39f16f5a55c13a06896eea9873d9

Download Submit
\Windows\system\oopcPtM.exe

Filesize
6.0MB

MD5
1c215f16ca6c9e45a6a4b76016eb0568

SHA1
39c3b4051030478a61dbe272063807b0d5a43765

SHA256
36d43baaa3ff4b2504f1a895c0e0a40360b9b6d8178e286df14fc9bbd075a72a

SHA512
ed31c43ab05fbd99ff48a07f0163ee1efcbb4f9c199f833dbe6cf464ccc1cc40e5b9ba72248a8b377809cdbef33cd3d45d105d456681a6a07ec995e97c357372

Download Submit
memory/2100-0-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2100-3144-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-3141-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-2595-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/3044-3969-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download