cobaltstrike | afce390a0b8236a47d49716e1dba14f2441106ba7f3f2a280abfc8ec97febf78

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

57d4025add3c5beba0e27e7936f8e065
SHA1

25649c9faaac4fa573e79aec2fef6a6bfe8d2552
SHA256

afce390a0b8236a47d49716e1dba14f2441106ba7f3f2a280abfc8ec97febf78
SHA512

024d14eb6e5ae4dd882a28fe3ed24735bd2d8d97974628919a0a89b755060adaa00ec6daf9b295e61b0c8e207194e84befc3c5d58928489e406317b55ea53307
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cfe-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0b-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d13-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d24-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d2e-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d36-30.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174ac-41.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-58.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-48.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-90.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-71.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001752f-45.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d47-37.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3f-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 36 IoCs

miner

resource	yara_rule
behavioral1/memory/3028-0-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0009000000016cfe-7.dat	xmrig
behavioral1/files/0x0007000000016d0b-14.dat	xmrig
behavioral1/files/0x0007000000016d13-18.dat	xmrig
behavioral1/files/0x0007000000016d24-22.dat	xmrig
behavioral1/files/0x0007000000016d2e-25.dat	xmrig
behavioral1/files/0x0007000000016d36-30.dat	xmrig
behavioral1/files/0x00060000000174ac-41.dat	xmrig
behavioral1/files/0x0009000000018678-58.dat	xmrig
behavioral1/files/0x001500000001866d-48.dat	xmrig
behavioral1/files/0x00060000000190cd-80.dat	xmrig
behavioral1/files/0x00050000000193c4-148.dat	xmrig
behavioral1/files/0x00050000000193be-158.dat	xmrig
behavioral1/files/0x0005000000019382-156.dat	xmrig
behavioral1/files/0x00050000000193cc-162.dat	xmrig
behavioral1/files/0x0005000000019277-137.dat	xmrig
behavioral1/files/0x0005000000019273-131.dat	xmrig
behavioral1/files/0x000500000001926b-120.dat	xmrig
behavioral1/files/0x0005000000019389-143.dat	xmrig
behavioral1/files/0x0005000000019271-126.dat	xmrig
behavioral1/files/0x000500000001924c-115.dat	xmrig
behavioral1/files/0x0005000000019234-110.dat	xmrig
behavioral1/files/0x0005000000019229-105.dat	xmrig
behavioral1/files/0x0005000000019218-100.dat	xmrig
behavioral1/files/0x00050000000191f7-95.dat	xmrig
behavioral1/files/0x00050000000191f3-90.dat	xmrig
behavioral1/files/0x00060000000190d6-85.dat	xmrig
behavioral1/files/0x000500000001879b-75.dat	xmrig
behavioral1/files/0x0005000000018690-71.dat	xmrig
behavioral1/files/0x000600000001752f-45.dat	xmrig
behavioral1/files/0x0008000000016d47-37.dat	xmrig
behavioral1/files/0x0009000000016d3f-34.dat	xmrig
behavioral1/memory/2564-2499-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/3028-3098-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2564-4037-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2220	ZUYJNxx.exe
2564	JpZWPBD.exe
2540	tShWBjd.exe
2920	ycMNykD.exe
2728	NwvbFrX.exe
2240	FftIXZt.exe
2864	NXfUgbk.exe
2848	rlvNEWi.exe
2744	XsEjyOQ.exe
2624	drWAXbN.exe
2912	LxSYOzU.exe
2792	icryOyl.exe
2936	xgpNqDu.exe
2616	voJljUg.exe
1984	gwQvCIL.exe
2152	uSGmgkB.exe
2516	NmGdrdF.exe
1796	AREnAEs.exe
1536	ccgYONM.exe
2064	WXxtyuq.exe
1868	xGtnbKq.exe
2432	NdgbxCo.exe
1592	AzLjuNL.exe
600	QewROAr.exe
1512	WfPGZTP.exe
1176	iilgoNd.exe
560	EInHyjC.exe
1940	vHpCPEi.exe
1420	KUGjmzj.exe
2308	fYnLdSW.exe
844	PGAmYre.exe
2996	dUcaskE.exe
2008	HBOkAsy.exe
1992	nYdhprP.exe
1808	eRnrOdg.exe
648	WTYDyOF.exe
1328	IpZGNmS.exe
1232	ZkXUBZG.exe
2304	IRGxInM.exe
1428	FZKbXzk.exe
916	IsdsEKJ.exe
1544	rBHiCmO.exe
2448	SxzCskI.exe
2796	fgCEJmO.exe
2224	QLcxcJe.exe
2392	uhreNkf.exe
372	khHAzmS.exe
2440	zbEKcAx.exe
2404	abqWwAC.exe
2360	lfFZVVn.exe
2592	EIIhDHe.exe
1888	dUAiXRu.exe
2016	HepQYAN.exe
2096	qKHwVCZ.exe
1496	suKeUqm.exe
2372	vzrzJUZ.exe
3016	gSTRfcD.exe
2060	GTDjzOx.exe
2852	LLUODBl.exe
2752	gPjSbDX.exe
2652	PKKkfGB.exe
2736	TPLJzro.exe
1688	gNEFGlP.exe
2692	UrxoaZE.exe

Loads dropped DLL 64 IoCs

pid	Process
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 36 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3028-0-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0009000000016cfe-7.dat	upx
behavioral1/files/0x0007000000016d0b-14.dat	upx
behavioral1/files/0x0007000000016d13-18.dat	upx
behavioral1/files/0x0007000000016d24-22.dat	upx
behavioral1/files/0x0007000000016d2e-25.dat	upx
behavioral1/files/0x0007000000016d36-30.dat	upx
behavioral1/files/0x00060000000174ac-41.dat	upx
behavioral1/files/0x0009000000018678-58.dat	upx
behavioral1/files/0x001500000001866d-48.dat	upx
behavioral1/files/0x00060000000190cd-80.dat	upx
behavioral1/files/0x00050000000193c4-148.dat	upx
behavioral1/files/0x00050000000193be-158.dat	upx
behavioral1/files/0x0005000000019382-156.dat	upx
behavioral1/files/0x00050000000193cc-162.dat	upx
behavioral1/files/0x0005000000019277-137.dat	upx
behavioral1/files/0x0005000000019273-131.dat	upx
behavioral1/files/0x000500000001926b-120.dat	upx
behavioral1/files/0x0005000000019389-143.dat	upx
behavioral1/files/0x0005000000019271-126.dat	upx
behavioral1/files/0x000500000001924c-115.dat	upx
behavioral1/files/0x0005000000019234-110.dat	upx
behavioral1/files/0x0005000000019229-105.dat	upx
behavioral1/files/0x0005000000019218-100.dat	upx
behavioral1/files/0x00050000000191f7-95.dat	upx
behavioral1/files/0x00050000000191f3-90.dat	upx
behavioral1/files/0x00060000000190d6-85.dat	upx
behavioral1/files/0x000500000001879b-75.dat	upx
behavioral1/files/0x0005000000018690-71.dat	upx
behavioral1/files/0x000600000001752f-45.dat	upx
behavioral1/files/0x0008000000016d47-37.dat	upx
behavioral1/files/0x0009000000016d3f-34.dat	upx
behavioral1/memory/2564-2499-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/3028-3098-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2564-4037-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\yqjEOxT.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpHrJmn.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LMJSqVw.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cXuVppT.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfFZVVn.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuOtjdf.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BResngv.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\axOodNT.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjUQSWW.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdPPkDe.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwYeKsE.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khHAzmS.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LnNxSTT.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtWAShB.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pOmIbFQ.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IlBTkrL.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\feEvbgK.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fZilpQq.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UnRDzxj.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UlyKwrN.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWzYuGZ.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZMknTQ.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TveHgAa.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QGhRyBL.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJzzfxM.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAvcWbe.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmEvzgU.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rlvNEWi.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwFIxXS.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bAPKsjl.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UsRcVSr.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmeEjJQ.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OpSDMPd.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gIxTEeR.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbzOTDQ.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dggddPU.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\llKNzTQ.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybeiMPg.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDyyanb.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VGQPTXv.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BgcypPj.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wBMkRKv.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxkTwfA.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VpAdfkv.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TRIuqWr.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADpISBK.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KiNsykQ.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LToklLZ.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bnVDQbN.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bLndiFH.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\asJPKZZ.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CoEGyFd.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWKtTwI.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HCwZgQn.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NuUKQXV.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgcqfKR.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkZFCsI.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uBoJCOA.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqARern.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWyvdlH.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fQXZSVB.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZfSyDVH.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CImaqes.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHkfGDB.exe	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2220	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3028 wrote to memory of 2220	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3028 wrote to memory of 2220	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3028 wrote to memory of 2564	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3028 wrote to memory of 2564	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3028 wrote to memory of 2564	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3028 wrote to memory of 2540	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3028 wrote to memory of 2540	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3028 wrote to memory of 2540	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3028 wrote to memory of 2920	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3028 wrote to memory of 2920	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3028 wrote to memory of 2920	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3028 wrote to memory of 2728	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3028 wrote to memory of 2728	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3028 wrote to memory of 2728	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3028 wrote to memory of 2240	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3028 wrote to memory of 2240	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3028 wrote to memory of 2240	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3028 wrote to memory of 2864	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3028 wrote to memory of 2864	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3028 wrote to memory of 2864	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3028 wrote to memory of 2848	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3028 wrote to memory of 2848	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3028 wrote to memory of 2848	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3028 wrote to memory of 2744	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3028 wrote to memory of 2744	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3028 wrote to memory of 2744	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3028 wrote to memory of 2624	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3028 wrote to memory of 2624	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3028 wrote to memory of 2624	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3028 wrote to memory of 2912	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3028 wrote to memory of 2912	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3028 wrote to memory of 2912	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3028 wrote to memory of 2936	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3028 wrote to memory of 2936	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3028 wrote to memory of 2936	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3028 wrote to memory of 2792	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3028 wrote to memory of 2792	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3028 wrote to memory of 2792	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3028 wrote to memory of 2616	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3028 wrote to memory of 2616	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3028 wrote to memory of 2616	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3028 wrote to memory of 1984	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3028 wrote to memory of 1984	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3028 wrote to memory of 1984	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3028 wrote to memory of 2152	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3028 wrote to memory of 2152	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3028 wrote to memory of 2152	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3028 wrote to memory of 2516	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3028 wrote to memory of 2516	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3028 wrote to memory of 2516	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3028 wrote to memory of 1796	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3028 wrote to memory of 1796	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3028 wrote to memory of 1796	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3028 wrote to memory of 1536	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3028 wrote to memory of 1536	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3028 wrote to memory of 1536	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3028 wrote to memory of 2064	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3028 wrote to memory of 2064	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3028 wrote to memory of 2064	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3028 wrote to memory of 1868	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3028 wrote to memory of 1868	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3028 wrote to memory of 1868	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3028 wrote to memory of 2432	3028	2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_57d4025add3c5beba0e27e7936f8e065_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\System\ZUYJNxx.exe
  C:\Windows\System\ZUYJNxx.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\JpZWPBD.exe
  C:\Windows\System\JpZWPBD.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\tShWBjd.exe
  C:\Windows\System\tShWBjd.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\ycMNykD.exe
  C:\Windows\System\ycMNykD.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\NwvbFrX.exe
  C:\Windows\System\NwvbFrX.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\FftIXZt.exe
  C:\Windows\System\FftIXZt.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\NXfUgbk.exe
  C:\Windows\System\NXfUgbk.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\rlvNEWi.exe
  C:\Windows\System\rlvNEWi.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\XsEjyOQ.exe
  C:\Windows\System\XsEjyOQ.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\drWAXbN.exe
  C:\Windows\System\drWAXbN.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\LxSYOzU.exe
  C:\Windows\System\LxSYOzU.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\xgpNqDu.exe
  C:\Windows\System\xgpNqDu.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\icryOyl.exe
  C:\Windows\System\icryOyl.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\voJljUg.exe
  C:\Windows\System\voJljUg.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\gwQvCIL.exe
  C:\Windows\System\gwQvCIL.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\uSGmgkB.exe
  C:\Windows\System\uSGmgkB.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\NmGdrdF.exe
  C:\Windows\System\NmGdrdF.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\AREnAEs.exe
  C:\Windows\System\AREnAEs.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\ccgYONM.exe
  C:\Windows\System\ccgYONM.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\WXxtyuq.exe
  C:\Windows\System\WXxtyuq.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\xGtnbKq.exe
  C:\Windows\System\xGtnbKq.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\NdgbxCo.exe
  C:\Windows\System\NdgbxCo.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\AzLjuNL.exe
  C:\Windows\System\AzLjuNL.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\QewROAr.exe
  C:\Windows\System\QewROAr.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\WfPGZTP.exe
  C:\Windows\System\WfPGZTP.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\iilgoNd.exe
  C:\Windows\System\iilgoNd.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\EInHyjC.exe
  C:\Windows\System\EInHyjC.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\fYnLdSW.exe
  C:\Windows\System\fYnLdSW.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\vHpCPEi.exe
  C:\Windows\System\vHpCPEi.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\PGAmYre.exe
  C:\Windows\System\PGAmYre.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\KUGjmzj.exe
  C:\Windows\System\KUGjmzj.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\dUcaskE.exe
  C:\Windows\System\dUcaskE.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\HBOkAsy.exe
  C:\Windows\System\HBOkAsy.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\nYdhprP.exe
  C:\Windows\System\nYdhprP.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\eRnrOdg.exe
  C:\Windows\System\eRnrOdg.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\WTYDyOF.exe
  C:\Windows\System\WTYDyOF.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\IpZGNmS.exe
  C:\Windows\System\IpZGNmS.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\ZkXUBZG.exe
  C:\Windows\System\ZkXUBZG.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\IRGxInM.exe
  C:\Windows\System\IRGxInM.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\FZKbXzk.exe
  C:\Windows\System\FZKbXzk.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\IsdsEKJ.exe
  C:\Windows\System\IsdsEKJ.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\rBHiCmO.exe
  C:\Windows\System\rBHiCmO.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\SxzCskI.exe
  C:\Windows\System\SxzCskI.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\fgCEJmO.exe
  C:\Windows\System\fgCEJmO.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\QLcxcJe.exe
  C:\Windows\System\QLcxcJe.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\uhreNkf.exe
  C:\Windows\System\uhreNkf.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\khHAzmS.exe
  C:\Windows\System\khHAzmS.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\zbEKcAx.exe
  C:\Windows\System\zbEKcAx.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\abqWwAC.exe
  C:\Windows\System\abqWwAC.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\lfFZVVn.exe
  C:\Windows\System\lfFZVVn.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\EIIhDHe.exe
  C:\Windows\System\EIIhDHe.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\dUAiXRu.exe
  C:\Windows\System\dUAiXRu.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\HepQYAN.exe
  C:\Windows\System\HepQYAN.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\qKHwVCZ.exe
  C:\Windows\System\qKHwVCZ.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\suKeUqm.exe
  C:\Windows\System\suKeUqm.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\gSTRfcD.exe
  C:\Windows\System\gSTRfcD.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\vzrzJUZ.exe
  C:\Windows\System\vzrzJUZ.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\GTDjzOx.exe
  C:\Windows\System\GTDjzOx.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\LLUODBl.exe
  C:\Windows\System\LLUODBl.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\gPjSbDX.exe
  C:\Windows\System\gPjSbDX.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\PKKkfGB.exe
  C:\Windows\System\PKKkfGB.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\TPLJzro.exe
  C:\Windows\System\TPLJzro.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\gNEFGlP.exe
  C:\Windows\System\gNEFGlP.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\aYwwFTY.exe
  C:\Windows\System\aYwwFTY.exe
  2⤵
  PID:2632
- C:\Windows\System\UrxoaZE.exe
  C:\Windows\System\UrxoaZE.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\QTfTLIa.exe
  C:\Windows\System\QTfTLIa.exe
  2⤵
  PID:2228
- C:\Windows\System\VlfLiCg.exe
  C:\Windows\System\VlfLiCg.exe
  2⤵
  PID:2072
- C:\Windows\System\sBFVtmx.exe
  C:\Windows\System\sBFVtmx.exe
  2⤵
  PID:2716
- C:\Windows\System\cRYrsrK.exe
  C:\Windows\System\cRYrsrK.exe
  2⤵
  PID:536
- C:\Windows\System\uHBcxLN.exe
  C:\Windows\System\uHBcxLN.exe
  2⤵
  PID:2024
- C:\Windows\System\fAUSqnR.exe
  C:\Windows\System\fAUSqnR.exe
  2⤵
  PID:1052
- C:\Windows\System\fjclOJe.exe
  C:\Windows\System\fjclOJe.exe
  2⤵
  PID:2032
- C:\Windows\System\gkFHVPN.exe
  C:\Windows\System\gkFHVPN.exe
  2⤵
  PID:444
- C:\Windows\System\bBSEGet.exe
  C:\Windows\System\bBSEGet.exe
  2⤵
  PID:2444
- C:\Windows\System\zhFSTHt.exe
  C:\Windows\System\zhFSTHt.exe
  2⤵
  PID:2928
- C:\Windows\System\vVDylhn.exe
  C:\Windows\System\vVDylhn.exe
  2⤵
  PID:2992
- C:\Windows\System\QDTiZIp.exe
  C:\Windows\System\QDTiZIp.exe
  2⤵
  PID:1456
- C:\Windows\System\IcgNDGJ.exe
  C:\Windows\System\IcgNDGJ.exe
  2⤵
  PID:400
- C:\Windows\System\LVbXpLJ.exe
  C:\Windows\System\LVbXpLJ.exe
  2⤵
  PID:1640
- C:\Windows\System\PCAGrJV.exe
  C:\Windows\System\PCAGrJV.exe
  2⤵
  PID:856
- C:\Windows\System\PsCGeaf.exe
  C:\Windows\System\PsCGeaf.exe
  2⤵
  PID:1064
- C:\Windows\System\XUdFgUH.exe
  C:\Windows\System\XUdFgUH.exe
  2⤵
  PID:1800
- C:\Windows\System\pYjPtnk.exe
  C:\Windows\System\pYjPtnk.exe
  2⤵
  PID:1576
- C:\Windows\System\llKNzTQ.exe
  C:\Windows\System\llKNzTQ.exe
  2⤵
  PID:2284
- C:\Windows\System\CXAOxZE.exe
  C:\Windows\System\CXAOxZE.exe
  2⤵
  PID:2004
- C:\Windows\System\kIuomVS.exe
  C:\Windows\System\kIuomVS.exe
  2⤵
  PID:1004
- C:\Windows\System\yBXuSQU.exe
  C:\Windows\System\yBXuSQU.exe
  2⤵
  PID:1012
- C:\Windows\System\HyABvQW.exe
  C:\Windows\System\HyABvQW.exe
  2⤵
  PID:904
- C:\Windows\System\AEjYIiU.exe
  C:\Windows\System\AEjYIiU.exe
  2⤵
  PID:2248
- C:\Windows\System\wDdMYim.exe
  C:\Windows\System\wDdMYim.exe
  2⤵
  PID:2396
- C:\Windows\System\BzRdpsj.exe
  C:\Windows\System\BzRdpsj.exe
  2⤵
  PID:2580
- C:\Windows\System\diMTMiX.exe
  C:\Windows\System\diMTMiX.exe
  2⤵
  PID:1504
- C:\Windows\System\scwqpud.exe
  C:\Windows\System\scwqpud.exe
  2⤵
  PID:1672
- C:\Windows\System\cqGkATD.exe
  C:\Windows\System\cqGkATD.exe
  2⤵
  PID:2504
- C:\Windows\System\LIbwtQv.exe
  C:\Windows\System\LIbwtQv.exe
  2⤵
  PID:2884
- C:\Windows\System\RFscHYC.exe
  C:\Windows\System\RFscHYC.exe
  2⤵
  PID:2872
- C:\Windows\System\mcSFlac.exe
  C:\Windows\System\mcSFlac.exe
  2⤵
  PID:1216
- C:\Windows\System\TuOtjdf.exe
  C:\Windows\System\TuOtjdf.exe
  2⤵
  PID:1524
- C:\Windows\System\TvhpxHb.exe
  C:\Windows\System\TvhpxHb.exe
  2⤵
  PID:1708
- C:\Windows\System\EkvsSNG.exe
  C:\Windows\System\EkvsSNG.exe
  2⤵
  PID:1652
- C:\Windows\System\FggSEWL.exe
  C:\Windows\System\FggSEWL.exe
  2⤵
  PID:2808
- C:\Windows\System\oMJEQZd.exe
  C:\Windows\System\oMJEQZd.exe
  2⤵
  PID:348
- C:\Windows\System\MdnmSXX.exe
  C:\Windows\System\MdnmSXX.exe
  2⤵
  PID:352
- C:\Windows\System\tcypuNp.exe
  C:\Windows\System\tcypuNp.exe
  2⤵
  PID:1072
- C:\Windows\System\fDbrdWT.exe
  C:\Windows\System\fDbrdWT.exe
  2⤵
  PID:1892
- C:\Windows\System\nagNZKg.exe
  C:\Windows\System\nagNZKg.exe
  2⤵
  PID:1108
- C:\Windows\System\ZBzwFEX.exe
  C:\Windows\System\ZBzwFEX.exe
  2⤵
  PID:1308
- C:\Windows\System\fkkEDfo.exe
  C:\Windows\System\fkkEDfo.exe
  2⤵
  PID:1000
- C:\Windows\System\ygwvUCy.exe
  C:\Windows\System\ygwvUCy.exe
  2⤵
  PID:2352
- C:\Windows\System\djGtztu.exe
  C:\Windows\System\djGtztu.exe
  2⤵
  PID:2256
- C:\Windows\System\iCdtvKf.exe
  C:\Windows\System\iCdtvKf.exe
  2⤵
  PID:1848
- C:\Windows\System\nCEpfKj.exe
  C:\Windows\System\nCEpfKj.exe
  2⤵
  PID:2076
- C:\Windows\System\AxJMVLH.exe
  C:\Windows\System\AxJMVLH.exe
  2⤵
  PID:3080
- C:\Windows\System\NDJRvLn.exe
  C:\Windows\System\NDJRvLn.exe
  2⤵
  PID:3096
- C:\Windows\System\bqeOgwe.exe
  C:\Windows\System\bqeOgwe.exe
  2⤵
  PID:3116
- C:\Windows\System\IuEXIwv.exe
  C:\Windows\System\IuEXIwv.exe
  2⤵
  PID:3132
- C:\Windows\System\LLyXWjV.exe
  C:\Windows\System\LLyXWjV.exe
  2⤵
  PID:3152
- C:\Windows\System\NdLzHrb.exe
  C:\Windows\System\NdLzHrb.exe
  2⤵
  PID:3168
- C:\Windows\System\DLPVysd.exe
  C:\Windows\System\DLPVysd.exe
  2⤵
  PID:3188
- C:\Windows\System\syqTmme.exe
  C:\Windows\System\syqTmme.exe
  2⤵
  PID:3204
- C:\Windows\System\ayYpTTT.exe
  C:\Windows\System\ayYpTTT.exe
  2⤵
  PID:3220
- C:\Windows\System\bHfsLPn.exe
  C:\Windows\System\bHfsLPn.exe
  2⤵
  PID:3244
- C:\Windows\System\uBoJCOA.exe
  C:\Windows\System\uBoJCOA.exe
  2⤵
  PID:3260
- C:\Windows\System\UHsUFXB.exe
  C:\Windows\System\UHsUFXB.exe
  2⤵
  PID:3280
- C:\Windows\System\dZcKXTo.exe
  C:\Windows\System\dZcKXTo.exe
  2⤵
  PID:3332
- C:\Windows\System\KWVqGXi.exe
  C:\Windows\System\KWVqGXi.exe
  2⤵
  PID:3352
- C:\Windows\System\hiTXtHu.exe
  C:\Windows\System\hiTXtHu.exe
  2⤵
  PID:3368
- C:\Windows\System\pMGGnnY.exe
  C:\Windows\System\pMGGnnY.exe
  2⤵
  PID:3384
- C:\Windows\System\fTcCfQm.exe
  C:\Windows\System\fTcCfQm.exe
  2⤵
  PID:3404
- C:\Windows\System\xjPNWBL.exe
  C:\Windows\System\xjPNWBL.exe
  2⤵
  PID:3420
- C:\Windows\System\jcZfrnM.exe
  C:\Windows\System\jcZfrnM.exe
  2⤵
  PID:3440
- C:\Windows\System\aSuICSF.exe
  C:\Windows\System\aSuICSF.exe
  2⤵
  PID:3460
- C:\Windows\System\UAlnKUF.exe
  C:\Windows\System\UAlnKUF.exe
  2⤵
  PID:3480
- C:\Windows\System\tfqGxwn.exe
  C:\Windows\System\tfqGxwn.exe
  2⤵
  PID:3500
- C:\Windows\System\tXuFrGl.exe
  C:\Windows\System\tXuFrGl.exe
  2⤵
  PID:3524
- C:\Windows\System\brYtjOP.exe
  C:\Windows\System\brYtjOP.exe
  2⤵
  PID:3544
- C:\Windows\System\VhbBxaV.exe
  C:\Windows\System\VhbBxaV.exe
  2⤵
  PID:3572
- C:\Windows\System\fGZzIee.exe
  C:\Windows\System\fGZzIee.exe
  2⤵
  PID:3588
- C:\Windows\System\pwFIxXS.exe
  C:\Windows\System\pwFIxXS.exe
  2⤵
  PID:3608
- C:\Windows\System\pTytKhi.exe
  C:\Windows\System\pTytKhi.exe
  2⤵
  PID:3628
- C:\Windows\System\PWeGSQB.exe
  C:\Windows\System\PWeGSQB.exe
  2⤵
  PID:3644
- C:\Windows\System\FtHagih.exe
  C:\Windows\System\FtHagih.exe
  2⤵
  PID:3660
- C:\Windows\System\lsylWNl.exe
  C:\Windows\System\lsylWNl.exe
  2⤵
  PID:3680
- C:\Windows\System\OJelfXd.exe
  C:\Windows\System\OJelfXd.exe
  2⤵
  PID:3704
- C:\Windows\System\JTWRYXH.exe
  C:\Windows\System\JTWRYXH.exe
  2⤵
  PID:3720
- C:\Windows\System\feEvbgK.exe
  C:\Windows\System\feEvbgK.exe
  2⤵
  PID:3736
- C:\Windows\System\AOVFsCR.exe
  C:\Windows\System\AOVFsCR.exe
  2⤵
  PID:3760
- C:\Windows\System\AHkfGDB.exe
  C:\Windows\System\AHkfGDB.exe
  2⤵
  PID:3776
- C:\Windows\System\kgKNGtl.exe
  C:\Windows\System\kgKNGtl.exe
  2⤵
  PID:3800
- C:\Windows\System\SnUohIz.exe
  C:\Windows\System\SnUohIz.exe
  2⤵
  PID:3816
- C:\Windows\System\QcwIaOQ.exe
  C:\Windows\System\QcwIaOQ.exe
  2⤵
  PID:3836
- C:\Windows\System\vwjhoYx.exe
  C:\Windows\System\vwjhoYx.exe
  2⤵
  PID:3852
- C:\Windows\System\JOlNgoD.exe
  C:\Windows\System\JOlNgoD.exe
  2⤵
  PID:3876
- C:\Windows\System\sXDRPvC.exe
  C:\Windows\System\sXDRPvC.exe
  2⤵
  PID:3896
- C:\Windows\System\vdxAHVc.exe
  C:\Windows\System\vdxAHVc.exe
  2⤵
  PID:3920
- C:\Windows\System\WASAuVO.exe
  C:\Windows\System\WASAuVO.exe
  2⤵
  PID:3944
- C:\Windows\System\iFBzeqs.exe
  C:\Windows\System\iFBzeqs.exe
  2⤵
  PID:3964
- C:\Windows\System\hbwEtqG.exe
  C:\Windows\System\hbwEtqG.exe
  2⤵
  PID:3980
- C:\Windows\System\cmpPZoW.exe
  C:\Windows\System\cmpPZoW.exe
  2⤵
  PID:4004
- C:\Windows\System\qsXPlRA.exe
  C:\Windows\System\qsXPlRA.exe
  2⤵
  PID:4024
- C:\Windows\System\txfnUOZ.exe
  C:\Windows\System\txfnUOZ.exe
  2⤵
  PID:4040
- C:\Windows\System\tUGRFwo.exe
  C:\Windows\System\tUGRFwo.exe
  2⤵
  PID:4072
- C:\Windows\System\FnGYgrP.exe
  C:\Windows\System\FnGYgrP.exe
  2⤵
  PID:4092
- C:\Windows\System\WqHUwje.exe
  C:\Windows\System\WqHUwje.exe
  2⤵
  PID:3068
- C:\Windows\System\treWmvt.exe
  C:\Windows\System\treWmvt.exe
  2⤵
  PID:1744
- C:\Windows\System\glYUcLX.exe
  C:\Windows\System\glYUcLX.exe
  2⤵
  PID:1332
- C:\Windows\System\nPlEdOk.exe
  C:\Windows\System\nPlEdOk.exe
  2⤵
  PID:2588
- C:\Windows\System\jmtPJcN.exe
  C:\Windows\System\jmtPJcN.exe
  2⤵
  PID:1896
- C:\Windows\System\ajeFsdg.exe
  C:\Windows\System\ajeFsdg.exe
  2⤵
  PID:2480
- C:\Windows\System\mDMtfnb.exe
  C:\Windows\System\mDMtfnb.exe
  2⤵
  PID:3164
- C:\Windows\System\msJhatz.exe
  C:\Windows\System\msJhatz.exe
  2⤵
  PID:1540
- C:\Windows\System\HkIVjnB.exe
  C:\Windows\System\HkIVjnB.exe
  2⤵
  PID:2472
- C:\Windows\System\fUuFkED.exe
  C:\Windows\System\fUuFkED.exe
  2⤵
  PID:2732
- C:\Windows\System\giedbpm.exe
  C:\Windows\System\giedbpm.exe
  2⤵
  PID:3240
- C:\Windows\System\klLclOS.exe
  C:\Windows\System\klLclOS.exe
  2⤵
  PID:2132
- C:\Windows\System\NVOxmMK.exe
  C:\Windows\System\NVOxmMK.exe
  2⤵
  PID:2264
- C:\Windows\System\VxbIHun.exe
  C:\Windows\System\VxbIHun.exe
  2⤵
  PID:3112
- C:\Windows\System\CjDRtPG.exe
  C:\Windows\System\CjDRtPG.exe
  2⤵
  PID:3376
- C:\Windows\System\nSEqdWv.exe
  C:\Windows\System\nSEqdWv.exe
  2⤵
  PID:3448
- C:\Windows\System\vdUOrOX.exe
  C:\Windows\System\vdUOrOX.exe
  2⤵
  PID:3288
- C:\Windows\System\VqhWTcB.exe
  C:\Windows\System\VqhWTcB.exe
  2⤵
  PID:3180
- C:\Windows\System\jJorbkr.exe
  C:\Windows\System\jJorbkr.exe
  2⤵
  PID:3108
- C:\Windows\System\rVkGOOy.exe
  C:\Windows\System\rVkGOOy.exe
  2⤵
  PID:2188
- C:\Windows\System\ROIplir.exe
  C:\Windows\System\ROIplir.exe
  2⤵
  PID:3292
- C:\Windows\System\MetJrxk.exe
  C:\Windows\System\MetJrxk.exe
  2⤵
  PID:3312
- C:\Windows\System\yqjEOxT.exe
  C:\Windows\System\yqjEOxT.exe
  2⤵
  PID:3456
- C:\Windows\System\nbuPgpo.exe
  C:\Windows\System\nbuPgpo.exe
  2⤵
  PID:3540
- C:\Windows\System\vkflCSW.exe
  C:\Windows\System\vkflCSW.exe
  2⤵
  PID:3428
- C:\Windows\System\QPxgqdQ.exe
  C:\Windows\System\QPxgqdQ.exe
  2⤵
  PID:3392
- C:\Windows\System\JVsReSv.exe
  C:\Windows\System\JVsReSv.exe
  2⤵
  PID:3696
- C:\Windows\System\OUbUSNQ.exe
  C:\Windows\System\OUbUSNQ.exe
  2⤵
  PID:3476
- C:\Windows\System\pTuZNJF.exe
  C:\Windows\System\pTuZNJF.exe
  2⤵
  PID:3560
- C:\Windows\System\tZPpfOC.exe
  C:\Windows\System\tZPpfOC.exe
  2⤵
  PID:3640
- C:\Windows\System\oSGXmSk.exe
  C:\Windows\System\oSGXmSk.exe
  2⤵
  PID:3600
- C:\Windows\System\eTNsouk.exe
  C:\Windows\System\eTNsouk.exe
  2⤵
  PID:3848
- C:\Windows\System\coMFROg.exe
  C:\Windows\System\coMFROg.exe
  2⤵
  PID:3752
- C:\Windows\System\erbXISu.exe
  C:\Windows\System\erbXISu.exe
  2⤵
  PID:3828
- C:\Windows\System\pEzayoI.exe
  C:\Windows\System\pEzayoI.exe
  2⤵
  PID:3748
- C:\Windows\System\XfgfpFI.exe
  C:\Windows\System\XfgfpFI.exe
  2⤵
  PID:3784
- C:\Windows\System\ybeiMPg.exe
  C:\Windows\System\ybeiMPg.exe
  2⤵
  PID:3972
- C:\Windows\System\qoKBjBH.exe
  C:\Windows\System\qoKBjBH.exe
  2⤵
  PID:3912
- C:\Windows\System\Ieezisf.exe
  C:\Windows\System\Ieezisf.exe
  2⤵
  PID:3956
- C:\Windows\System\ojplaJA.exe
  C:\Windows\System\ojplaJA.exe
  2⤵
  PID:4032
- C:\Windows\System\mnZaRtF.exe
  C:\Windows\System\mnZaRtF.exe
  2⤵
  PID:4036
- C:\Windows\System\MofbIgK.exe
  C:\Windows\System\MofbIgK.exe
  2⤵
  PID:4064
- C:\Windows\System\pLXeqOH.exe
  C:\Windows\System\pLXeqOH.exe
  2⤵
  PID:1976
- C:\Windows\System\GrahYCn.exe
  C:\Windows\System\GrahYCn.exe
  2⤵
  PID:1944
- C:\Windows\System\LyuxVhm.exe
  C:\Windows\System\LyuxVhm.exe
  2⤵
  PID:2124
- C:\Windows\System\GwbajjS.exe
  C:\Windows\System\GwbajjS.exe
  2⤵
  PID:704
- C:\Windows\System\VPONXeC.exe
  C:\Windows\System\VPONXeC.exe
  2⤵
  PID:3236
- C:\Windows\System\doGYXOa.exe
  C:\Windows\System\doGYXOa.exe
  2⤵
  PID:3344
- C:\Windows\System\GDewivh.exe
  C:\Windows\System\GDewivh.exe
  2⤵
  PID:3296
- C:\Windows\System\VTawHrA.exe
  C:\Windows\System\VTawHrA.exe
  2⤵
  PID:2056
- C:\Windows\System\YsIVVaT.exe
  C:\Windows\System\YsIVVaT.exe
  2⤵
  PID:2820
- C:\Windows\System\dAKYZAG.exe
  C:\Windows\System\dAKYZAG.exe
  2⤵
  PID:3584
- C:\Windows\System\ZdklBOq.exe
  C:\Windows\System\ZdklBOq.exe
  2⤵
  PID:3520
- C:\Windows\System\ZdKAfaF.exe
  C:\Windows\System\ZdKAfaF.exe
  2⤵
  PID:3688
- C:\Windows\System\SKMOCSY.exe
  C:\Windows\System\SKMOCSY.exe
  2⤵
  PID:3772
- C:\Windows\System\fKFzpwO.exe
  C:\Windows\System\fKFzpwO.exe
  2⤵
  PID:3672
- C:\Windows\System\owNbhgw.exe
  C:\Windows\System\owNbhgw.exe
  2⤵
  PID:3888
- C:\Windows\System\TkpXQCV.exe
  C:\Windows\System\TkpXQCV.exe
  2⤵
  PID:3496
- C:\Windows\System\yVkKwFI.exe
  C:\Windows\System\yVkKwFI.exe
  2⤵
  PID:708
- C:\Windows\System\lljtTLv.exe
  C:\Windows\System\lljtTLv.exe
  2⤵
  PID:3416
- C:\Windows\System\ZzlZLLT.exe
  C:\Windows\System\ZzlZLLT.exe
  2⤵
  PID:3872
- C:\Windows\System\TbgMsqB.exe
  C:\Windows\System\TbgMsqB.exe
  2⤵
  PID:3916
- C:\Windows\System\RdcFmAh.exe
  C:\Windows\System\RdcFmAh.exe
  2⤵
  PID:4084
- C:\Windows\System\xrVuPwn.exe
  C:\Windows\System\xrVuPwn.exe
  2⤵
  PID:3552
- C:\Windows\System\YxXScso.exe
  C:\Windows\System\YxXScso.exe
  2⤵
  PID:3812
- C:\Windows\System\ZaSfYyo.exe
  C:\Windows\System\ZaSfYyo.exe
  2⤵
  PID:1244
- C:\Windows\System\bLndiFH.exe
  C:\Windows\System\bLndiFH.exe
  2⤵
  PID:592
- C:\Windows\System\DlIdaIA.exe
  C:\Windows\System\DlIdaIA.exe
  2⤵
  PID:3140
- C:\Windows\System\KzXpLkb.exe
  C:\Windows\System\KzXpLkb.exe
  2⤵
  PID:4000
- C:\Windows\System\tspohjQ.exe
  C:\Windows\System\tspohjQ.exe
  2⤵
  PID:4068
- C:\Windows\System\emvBBNf.exe
  C:\Windows\System\emvBBNf.exe
  2⤵
  PID:1600
- C:\Windows\System\ktajXHr.exe
  C:\Windows\System\ktajXHr.exe
  2⤵
  PID:2648
- C:\Windows\System\KqfFIiZ.exe
  C:\Windows\System\KqfFIiZ.exe
  2⤵
  PID:3716
- C:\Windows\System\skvkfnI.exe
  C:\Windows\System\skvkfnI.exe
  2⤵
  PID:3128
- C:\Windows\System\SHaMJBC.exe
  C:\Windows\System\SHaMJBC.exe
  2⤵
  PID:1036
- C:\Windows\System\xlhZIpQ.exe
  C:\Windows\System\xlhZIpQ.exe
  2⤵
  PID:3400
- C:\Windows\System\UmQcVnZ.exe
  C:\Windows\System\UmQcVnZ.exe
  2⤵
  PID:3516
- C:\Windows\System\PWXnLnV.exe
  C:\Windows\System\PWXnLnV.exe
  2⤵
  PID:4088
- C:\Windows\System\dqARern.exe
  C:\Windows\System\dqARern.exe
  2⤵
  PID:3636
- C:\Windows\System\UGkDWlx.exe
  C:\Windows\System\UGkDWlx.exe
  2⤵
  PID:3252
- C:\Windows\System\WBMcYKG.exe
  C:\Windows\System\WBMcYKG.exe
  2⤵
  PID:3732
- C:\Windows\System\YdmGYqG.exe
  C:\Windows\System\YdmGYqG.exe
  2⤵
  PID:3904
- C:\Windows\System\JrSOcLm.exe
  C:\Windows\System\JrSOcLm.exe
  2⤵
  PID:3996
- C:\Windows\System\GAetjLt.exe
  C:\Windows\System\GAetjLt.exe
  2⤵
  PID:3320
- C:\Windows\System\kZxsTub.exe
  C:\Windows\System\kZxsTub.exe
  2⤵
  PID:3160
- C:\Windows\System\TIYqQSb.exe
  C:\Windows\System\TIYqQSb.exe
  2⤵
  PID:4112
- C:\Windows\System\qdthlVO.exe
  C:\Windows\System\qdthlVO.exe
  2⤵
  PID:4132
- C:\Windows\System\OEaaGwc.exe
  C:\Windows\System\OEaaGwc.exe
  2⤵
  PID:4152
- C:\Windows\System\nyGjLgp.exe
  C:\Windows\System\nyGjLgp.exe
  2⤵
  PID:4172
- C:\Windows\System\asJPKZZ.exe
  C:\Windows\System\asJPKZZ.exe
  2⤵
  PID:4192
- C:\Windows\System\niTiwge.exe
  C:\Windows\System\niTiwge.exe
  2⤵
  PID:4212
- C:\Windows\System\STArFWZ.exe
  C:\Windows\System\STArFWZ.exe
  2⤵
  PID:4232
- C:\Windows\System\feBsHrL.exe
  C:\Windows\System\feBsHrL.exe
  2⤵
  PID:4256
- C:\Windows\System\HXqzsTh.exe
  C:\Windows\System\HXqzsTh.exe
  2⤵
  PID:4272
- C:\Windows\System\UlYOVRR.exe
  C:\Windows\System\UlYOVRR.exe
  2⤵
  PID:4296
- C:\Windows\System\zYDoFJt.exe
  C:\Windows\System\zYDoFJt.exe
  2⤵
  PID:4316
- C:\Windows\System\NUnoFIl.exe
  C:\Windows\System\NUnoFIl.exe
  2⤵
  PID:4332
- C:\Windows\System\SMpwKxf.exe
  C:\Windows\System\SMpwKxf.exe
  2⤵
  PID:4352
- C:\Windows\System\AzlkJTY.exe
  C:\Windows\System\AzlkJTY.exe
  2⤵
  PID:4376
- C:\Windows\System\cFTyUPJ.exe
  C:\Windows\System\cFTyUPJ.exe
  2⤵
  PID:4392
- C:\Windows\System\yGLqYGq.exe
  C:\Windows\System\yGLqYGq.exe
  2⤵
  PID:4412
- C:\Windows\System\SQegebY.exe
  C:\Windows\System\SQegebY.exe
  2⤵
  PID:4432
- C:\Windows\System\LNeLEmx.exe
  C:\Windows\System\LNeLEmx.exe
  2⤵
  PID:4448
- C:\Windows\System\JYbrSLT.exe
  C:\Windows\System\JYbrSLT.exe
  2⤵
  PID:4472
- C:\Windows\System\XfGRlYi.exe
  C:\Windows\System\XfGRlYi.exe
  2⤵
  PID:4492
- C:\Windows\System\LsbbtyQ.exe
  C:\Windows\System\LsbbtyQ.exe
  2⤵
  PID:4512
- C:\Windows\System\SmrUiRE.exe
  C:\Windows\System\SmrUiRE.exe
  2⤵
  PID:4532
- C:\Windows\System\EgvLgqp.exe
  C:\Windows\System\EgvLgqp.exe
  2⤵
  PID:4552
- C:\Windows\System\BHogsBk.exe
  C:\Windows\System\BHogsBk.exe
  2⤵
  PID:4576
- C:\Windows\System\XVtmzmk.exe
  C:\Windows\System\XVtmzmk.exe
  2⤵
  PID:4596
- C:\Windows\System\dzWvFFb.exe
  C:\Windows\System\dzWvFFb.exe
  2⤵
  PID:4616
- C:\Windows\System\QypDhQg.exe
  C:\Windows\System\QypDhQg.exe
  2⤵
  PID:4636
- C:\Windows\System\JwJyXJn.exe
  C:\Windows\System\JwJyXJn.exe
  2⤵
  PID:4656
- C:\Windows\System\nlxnMRH.exe
  C:\Windows\System\nlxnMRH.exe
  2⤵
  PID:4676
- C:\Windows\System\GSUZjXN.exe
  C:\Windows\System\GSUZjXN.exe
  2⤵
  PID:4696
- C:\Windows\System\qucfpwH.exe
  C:\Windows\System\qucfpwH.exe
  2⤵
  PID:4716
- C:\Windows\System\lmbiZdP.exe
  C:\Windows\System\lmbiZdP.exe
  2⤵
  PID:4736
- C:\Windows\System\BBxlHuu.exe
  C:\Windows\System\BBxlHuu.exe
  2⤵
  PID:4756
- C:\Windows\System\NwTPpiO.exe
  C:\Windows\System\NwTPpiO.exe
  2⤵
  PID:4776
- C:\Windows\System\svaqWgx.exe
  C:\Windows\System\svaqWgx.exe
  2⤵
  PID:4796
- C:\Windows\System\oYUxlOl.exe
  C:\Windows\System\oYUxlOl.exe
  2⤵
  PID:4816
- C:\Windows\System\pDYUMMl.exe
  C:\Windows\System\pDYUMMl.exe
  2⤵
  PID:4836
- C:\Windows\System\eEjWlfg.exe
  C:\Windows\System\eEjWlfg.exe
  2⤵
  PID:4856
- C:\Windows\System\tcSxGFf.exe
  C:\Windows\System\tcSxGFf.exe
  2⤵
  PID:4876
- C:\Windows\System\WcFYMGn.exe
  C:\Windows\System\WcFYMGn.exe
  2⤵
  PID:4896
- C:\Windows\System\heybuBH.exe
  C:\Windows\System\heybuBH.exe
  2⤵
  PID:4916
- C:\Windows\System\CNlFnBP.exe
  C:\Windows\System\CNlFnBP.exe
  2⤵
  PID:4936
- C:\Windows\System\POfltRo.exe
  C:\Windows\System\POfltRo.exe
  2⤵
  PID:4956
- C:\Windows\System\pRMyNdt.exe
  C:\Windows\System\pRMyNdt.exe
  2⤵
  PID:4976
- C:\Windows\System\UvEXiqX.exe
  C:\Windows\System\UvEXiqX.exe
  2⤵
  PID:4996
- C:\Windows\System\KevYWyG.exe
  C:\Windows\System\KevYWyG.exe
  2⤵
  PID:5016
- C:\Windows\System\ylPvstz.exe
  C:\Windows\System\ylPvstz.exe
  2⤵
  PID:5036
- C:\Windows\System\nzvEtxR.exe
  C:\Windows\System\nzvEtxR.exe
  2⤵
  PID:5056
- C:\Windows\System\LvBhrZW.exe
  C:\Windows\System\LvBhrZW.exe
  2⤵
  PID:5076
- C:\Windows\System\vtEBWwH.exe
  C:\Windows\System\vtEBWwH.exe
  2⤵
  PID:5096
- C:\Windows\System\oaRZgKg.exe
  C:\Windows\System\oaRZgKg.exe
  2⤵
  PID:5116
- C:\Windows\System\BRoMfxD.exe
  C:\Windows\System\BRoMfxD.exe
  2⤵
  PID:4060
- C:\Windows\System\ESGiNnq.exe
  C:\Windows\System\ESGiNnq.exe
  2⤵
  PID:3396
- C:\Windows\System\wYjVwLM.exe
  C:\Windows\System\wYjVwLM.exe
  2⤵
  PID:3652
- C:\Windows\System\mycUtbp.exe
  C:\Windows\System\mycUtbp.exe
  2⤵
  PID:3488
- C:\Windows\System\BeAoTIp.exe
  C:\Windows\System\BeAoTIp.exe
  2⤵
  PID:3604
- C:\Windows\System\jQXPMgy.exe
  C:\Windows\System\jQXPMgy.exe
  2⤵
  PID:3788
- C:\Windows\System\BQMpOoQ.exe
  C:\Windows\System\BQMpOoQ.exe
  2⤵
  PID:3892
- C:\Windows\System\kwaEGpT.exe
  C:\Windows\System\kwaEGpT.exe
  2⤵
  PID:3324
- C:\Windows\System\cnGUXHn.exe
  C:\Windows\System\cnGUXHn.exe
  2⤵
  PID:4160
- C:\Windows\System\JzzJQpT.exe
  C:\Windows\System\JzzJQpT.exe
  2⤵
  PID:4200
- C:\Windows\System\bVkXfiI.exe
  C:\Windows\System\bVkXfiI.exe
  2⤵
  PID:4240
- C:\Windows\System\FccaGHg.exe
  C:\Windows\System\FccaGHg.exe
  2⤵
  PID:4288
- C:\Windows\System\QDwmBjA.exe
  C:\Windows\System\QDwmBjA.exe
  2⤵
  PID:4224
- C:\Windows\System\RaniLKl.exe
  C:\Windows\System\RaniLKl.exe
  2⤵
  PID:4284
- C:\Windows\System\MWuSntL.exe
  C:\Windows\System\MWuSntL.exe
  2⤵
  PID:4372
- C:\Windows\System\SzFNPQZ.exe
  C:\Windows\System\SzFNPQZ.exe
  2⤵
  PID:4304
- C:\Windows\System\JGFETFX.exe
  C:\Windows\System\JGFETFX.exe
  2⤵
  PID:4348
- C:\Windows\System\gQnpQhS.exe
  C:\Windows\System\gQnpQhS.exe
  2⤵
  PID:4420
- C:\Windows\System\pAXqjpb.exe
  C:\Windows\System\pAXqjpb.exe
  2⤵
  PID:4484
- C:\Windows\System\mMJvhJI.exe
  C:\Windows\System\mMJvhJI.exe
  2⤵
  PID:4468
- C:\Windows\System\OXqOMDB.exe
  C:\Windows\System\OXqOMDB.exe
  2⤵
  PID:4540
- C:\Windows\System\NWqfHHf.exe
  C:\Windows\System\NWqfHHf.exe
  2⤵
  PID:4548
- C:\Windows\System\KXUsvgT.exe
  C:\Windows\System\KXUsvgT.exe
  2⤵
  PID:4608
- C:\Windows\System\aIolBpe.exe
  C:\Windows\System\aIolBpe.exe
  2⤵
  PID:4644
- C:\Windows\System\ixrZfex.exe
  C:\Windows\System\ixrZfex.exe
  2⤵
  PID:4664
- C:\Windows\System\vxtkotU.exe
  C:\Windows\System\vxtkotU.exe
  2⤵
  PID:4688
- C:\Windows\System\CrvMxpm.exe
  C:\Windows\System\CrvMxpm.exe
  2⤵
  PID:4732
- C:\Windows\System\EjbYJMx.exe
  C:\Windows\System\EjbYJMx.exe
  2⤵
  PID:4748
- C:\Windows\System\oYTPUBI.exe
  C:\Windows\System\oYTPUBI.exe
  2⤵
  PID:4788
- C:\Windows\System\OZmgMMU.exe
  C:\Windows\System\OZmgMMU.exe
  2⤵
  PID:4832
- C:\Windows\System\rDwrRCk.exe
  C:\Windows\System\rDwrRCk.exe
  2⤵
  PID:4864
- C:\Windows\System\sFwVDfW.exe
  C:\Windows\System\sFwVDfW.exe
  2⤵
  PID:4888
- C:\Windows\System\sBmuDCO.exe
  C:\Windows\System\sBmuDCO.exe
  2⤵
  PID:4932
- C:\Windows\System\fkGYFMm.exe
  C:\Windows\System\fkGYFMm.exe
  2⤵
  PID:4948
- C:\Windows\System\FiBvQHP.exe
  C:\Windows\System\FiBvQHP.exe
  2⤵
  PID:4988
- C:\Windows\System\VlUIWOl.exe
  C:\Windows\System\VlUIWOl.exe
  2⤵
  PID:5044
- C:\Windows\System\lfFkCWW.exe
  C:\Windows\System\lfFkCWW.exe
  2⤵
  PID:5064
- C:\Windows\System\sYXrlQU.exe
  C:\Windows\System\sYXrlQU.exe
  2⤵
  PID:5068
- C:\Windows\System\ybllwtZ.exe
  C:\Windows\System\ybllwtZ.exe
  2⤵
  PID:1956
- C:\Windows\System\IKHhjnL.exe
  C:\Windows\System\IKHhjnL.exe
  2⤵
  PID:2052
- C:\Windows\System\mSVHfTk.exe
  C:\Windows\System\mSVHfTk.exe
  2⤵
  PID:2524
- C:\Windows\System\yXrrUlG.exe
  C:\Windows\System\yXrrUlG.exe
  2⤵
  PID:3144
- C:\Windows\System\MpUTTrC.exe
  C:\Windows\System\MpUTTrC.exe
  2⤵
  PID:3700
- C:\Windows\System\zwLjCAD.exe
  C:\Windows\System\zwLjCAD.exe
  2⤵
  PID:4104
- C:\Windows\System\KKeiZFU.exe
  C:\Windows\System\KKeiZFU.exe
  2⤵
  PID:4168
- C:\Windows\System\FmkwUed.exe
  C:\Windows\System\FmkwUed.exe
  2⤵
  PID:4220
- C:\Windows\System\RRZcHTp.exe
  C:\Windows\System\RRZcHTp.exe
  2⤵
  PID:4264
- C:\Windows\System\LmjxkhI.exe
  C:\Windows\System\LmjxkhI.exe
  2⤵
  PID:4404
- C:\Windows\System\heIZEuM.exe
  C:\Windows\System\heIZEuM.exe
  2⤵
  PID:4440
- C:\Windows\System\kZhMhzf.exe
  C:\Windows\System\kZhMhzf.exe
  2⤵
  PID:4488
- C:\Windows\System\VpAdfkv.exe
  C:\Windows\System\VpAdfkv.exe
  2⤵
  PID:4508
- C:\Windows\System\dZNbDSu.exe
  C:\Windows\System\dZNbDSu.exe
  2⤵
  PID:4568
- C:\Windows\System\stYTtTs.exe
  C:\Windows\System\stYTtTs.exe
  2⤵
  PID:4648
- C:\Windows\System\OOsIObA.exe
  C:\Windows\System\OOsIObA.exe
  2⤵
  PID:4724
- C:\Windows\System\htxKbzy.exe
  C:\Windows\System\htxKbzy.exe
  2⤵
  PID:4744
- C:\Windows\System\PEIgDIS.exe
  C:\Windows\System\PEIgDIS.exe
  2⤵
  PID:4784
- C:\Windows\System\CeepbEw.exe
  C:\Windows\System\CeepbEw.exe
  2⤵
  PID:4808
- C:\Windows\System\ErenPvH.exe
  C:\Windows\System\ErenPvH.exe
  2⤵
  PID:4908
- C:\Windows\System\kSoJXGg.exe
  C:\Windows\System\kSoJXGg.exe
  2⤵
  PID:4992
- C:\Windows\System\oyrIIyg.exe
  C:\Windows\System\oyrIIyg.exe
  2⤵
  PID:5032
- C:\Windows\System\aLmuHHA.exe
  C:\Windows\System\aLmuHHA.exe
  2⤵
  PID:5084
- C:\Windows\System\AqFtfJf.exe
  C:\Windows\System\AqFtfJf.exe
  2⤵
  PID:3124
- C:\Windows\System\qXcRHUo.exe
  C:\Windows\System\qXcRHUo.exe
  2⤵
  PID:3304
- C:\Windows\System\NzfQgux.exe
  C:\Windows\System\NzfQgux.exe
  2⤵
  PID:3940
- C:\Windows\System\TOxYgWs.exe
  C:\Windows\System\TOxYgWs.exe
  2⤵
  PID:4108
- C:\Windows\System\tDwlANd.exe
  C:\Windows\System\tDwlANd.exe
  2⤵
  PID:4252
- C:\Windows\System\KrxkwtB.exe
  C:\Windows\System\KrxkwtB.exe
  2⤵
  PID:4368
- C:\Windows\System\LZIisEg.exe
  C:\Windows\System\LZIisEg.exe
  2⤵
  PID:4344
- C:\Windows\System\AOWoBBK.exe
  C:\Windows\System\AOWoBBK.exe
  2⤵
  PID:5136
- C:\Windows\System\MwzanDu.exe
  C:\Windows\System\MwzanDu.exe
  2⤵
  PID:5156
- C:\Windows\System\YBqajri.exe
  C:\Windows\System\YBqajri.exe
  2⤵
  PID:5176
- C:\Windows\System\MePUmSG.exe
  C:\Windows\System\MePUmSG.exe
  2⤵
  PID:5196
- C:\Windows\System\RJMlrWM.exe
  C:\Windows\System\RJMlrWM.exe
  2⤵
  PID:5216
- C:\Windows\System\vMKgsVl.exe
  C:\Windows\System\vMKgsVl.exe
  2⤵
  PID:5236
- C:\Windows\System\opTmcMM.exe
  C:\Windows\System\opTmcMM.exe
  2⤵
  PID:5256
- C:\Windows\System\wRPpqXE.exe
  C:\Windows\System\wRPpqXE.exe
  2⤵
  PID:5280
- C:\Windows\System\mNVdzKq.exe
  C:\Windows\System\mNVdzKq.exe
  2⤵
  PID:5300
- C:\Windows\System\GyKUnGy.exe
  C:\Windows\System\GyKUnGy.exe
  2⤵
  PID:5320
- C:\Windows\System\YLmTpfM.exe
  C:\Windows\System\YLmTpfM.exe
  2⤵
  PID:5340
- C:\Windows\System\YyHJYOr.exe
  C:\Windows\System\YyHJYOr.exe
  2⤵
  PID:5360
- C:\Windows\System\cGufIhI.exe
  C:\Windows\System\cGufIhI.exe
  2⤵
  PID:5380
- C:\Windows\System\VYLQXrU.exe
  C:\Windows\System\VYLQXrU.exe
  2⤵
  PID:5400
- C:\Windows\System\XXgPMWU.exe
  C:\Windows\System\XXgPMWU.exe
  2⤵
  PID:5420
- C:\Windows\System\iZvCTMy.exe
  C:\Windows\System\iZvCTMy.exe
  2⤵
  PID:5440
- C:\Windows\System\LbrBBMI.exe
  C:\Windows\System\LbrBBMI.exe
  2⤵
  PID:5460
- C:\Windows\System\eXHxnHP.exe
  C:\Windows\System\eXHxnHP.exe
  2⤵
  PID:5480
- C:\Windows\System\aQAyFBK.exe
  C:\Windows\System\aQAyFBK.exe
  2⤵
  PID:5500
- C:\Windows\System\qkMOAzc.exe
  C:\Windows\System\qkMOAzc.exe
  2⤵
  PID:5520
- C:\Windows\System\bSrZifQ.exe
  C:\Windows\System\bSrZifQ.exe
  2⤵
  PID:5540
- C:\Windows\System\WVbZNDG.exe
  C:\Windows\System\WVbZNDG.exe
  2⤵
  PID:5560
- C:\Windows\System\IwyvzfT.exe
  C:\Windows\System\IwyvzfT.exe
  2⤵
  PID:5580
- C:\Windows\System\JebIcQk.exe
  C:\Windows\System\JebIcQk.exe
  2⤵
  PID:5600
- C:\Windows\System\EZxTrWr.exe
  C:\Windows\System\EZxTrWr.exe
  2⤵
  PID:5620
- C:\Windows\System\mLmDqMi.exe
  C:\Windows\System\mLmDqMi.exe
  2⤵
  PID:5640
- C:\Windows\System\dpGnOLL.exe
  C:\Windows\System\dpGnOLL.exe
  2⤵
  PID:5660
- C:\Windows\System\MoLcekW.exe
  C:\Windows\System\MoLcekW.exe
  2⤵
  PID:5680
- C:\Windows\System\UEgJufQ.exe
  C:\Windows\System\UEgJufQ.exe
  2⤵
  PID:5700
- C:\Windows\System\FfbthQV.exe
  C:\Windows\System\FfbthQV.exe
  2⤵
  PID:5720
- C:\Windows\System\dvjNQkt.exe
  C:\Windows\System\dvjNQkt.exe
  2⤵
  PID:5740
- C:\Windows\System\dseCFdL.exe
  C:\Windows\System\dseCFdL.exe
  2⤵
  PID:5760
- C:\Windows\System\GvpcIhZ.exe
  C:\Windows\System\GvpcIhZ.exe
  2⤵
  PID:5780
- C:\Windows\System\kcuvFxz.exe
  C:\Windows\System\kcuvFxz.exe
  2⤵
  PID:5800
- C:\Windows\System\BVPMSiX.exe
  C:\Windows\System\BVPMSiX.exe
  2⤵
  PID:5820
- C:\Windows\System\xFQcNuS.exe
  C:\Windows\System\xFQcNuS.exe
  2⤵
  PID:5840
- C:\Windows\System\khRKAnz.exe
  C:\Windows\System\khRKAnz.exe
  2⤵
  PID:5860
- C:\Windows\System\QMnmgqb.exe
  C:\Windows\System\QMnmgqb.exe
  2⤵
  PID:5880
- C:\Windows\System\VdFXhfS.exe
  C:\Windows\System\VdFXhfS.exe
  2⤵
  PID:5900
- C:\Windows\System\zkadaXJ.exe
  C:\Windows\System\zkadaXJ.exe
  2⤵
  PID:5920
- C:\Windows\System\lpnbEWT.exe
  C:\Windows\System\lpnbEWT.exe
  2⤵
  PID:5940
- C:\Windows\System\UgARbJr.exe
  C:\Windows\System\UgARbJr.exe
  2⤵
  PID:5960
- C:\Windows\System\AFeJtxQ.exe
  C:\Windows\System\AFeJtxQ.exe
  2⤵
  PID:5980
- C:\Windows\System\QIuIgHM.exe
  C:\Windows\System\QIuIgHM.exe
  2⤵
  PID:6000
- C:\Windows\System\BJZHkaO.exe
  C:\Windows\System\BJZHkaO.exe
  2⤵
  PID:6020
- C:\Windows\System\CZJJlfB.exe
  C:\Windows\System\CZJJlfB.exe
  2⤵
  PID:6040
- C:\Windows\System\deZtzLt.exe
  C:\Windows\System\deZtzLt.exe
  2⤵
  PID:6060
- C:\Windows\System\BDyyanb.exe
  C:\Windows\System\BDyyanb.exe
  2⤵
  PID:6080
- C:\Windows\System\gVKiiwJ.exe
  C:\Windows\System\gVKiiwJ.exe
  2⤵
  PID:6100
- C:\Windows\System\AffrjgM.exe
  C:\Windows\System\AffrjgM.exe
  2⤵
  PID:6120
- C:\Windows\System\NrEKLnt.exe
  C:\Windows\System\NrEKLnt.exe
  2⤵
  PID:6140
- C:\Windows\System\kRHPZMs.exe
  C:\Windows\System\kRHPZMs.exe
  2⤵
  PID:4460
- C:\Windows\System\uZZlcvu.exe
  C:\Windows\System\uZZlcvu.exe
  2⤵
  PID:4564
- C:\Windows\System\lPWAkRH.exe
  C:\Windows\System\lPWAkRH.exe
  2⤵
  PID:4692
- C:\Windows\System\ezdJCRo.exe
  C:\Windows\System\ezdJCRo.exe
  2⤵
  PID:4824
- C:\Windows\System\CErziNU.exe
  C:\Windows\System\CErziNU.exe
  2⤵
  PID:4912
- C:\Windows\System\iCYtQDL.exe
  C:\Windows\System\iCYtQDL.exe
  2⤵
  PID:4964
- C:\Windows\System\OGiKhdP.exe
  C:\Windows\System\OGiKhdP.exe
  2⤵
  PID:5048
- C:\Windows\System\vUOtkRR.exe
  C:\Windows\System\vUOtkRR.exe
  2⤵
  PID:3952
- C:\Windows\System\UmwaHYQ.exe
  C:\Windows\System\UmwaHYQ.exe
  2⤵
  PID:4164
- C:\Windows\System\NPPeKnc.exe
  C:\Windows\System\NPPeKnc.exe
  2⤵
  PID:4188
- C:\Windows\System\HMEcCPc.exe
  C:\Windows\System\HMEcCPc.exe
  2⤵
  PID:4360
- C:\Windows\System\zqnFmGc.exe
  C:\Windows\System\zqnFmGc.exe
  2⤵
  PID:5164
- C:\Windows\System\LMAdkky.exe
  C:\Windows\System\LMAdkky.exe
  2⤵
  PID:5184
- C:\Windows\System\YtTAfYb.exe
  C:\Windows\System\YtTAfYb.exe
  2⤵
  PID:5208
- C:\Windows\System\gAdazWo.exe
  C:\Windows\System\gAdazWo.exe
  2⤵
  PID:5252
- C:\Windows\System\DtrKjrY.exe
  C:\Windows\System\DtrKjrY.exe
  2⤵
  PID:5264
- C:\Windows\System\HbrBtQe.exe
  C:\Windows\System\HbrBtQe.exe
  2⤵
  PID:5328
- C:\Windows\System\fZilpQq.exe
  C:\Windows\System\fZilpQq.exe
  2⤵
  PID:5348
- C:\Windows\System\DNzkoiQ.exe
  C:\Windows\System\DNzkoiQ.exe
  2⤵
  PID:5372
- C:\Windows\System\VZjDmYv.exe
  C:\Windows\System\VZjDmYv.exe
  2⤵
  PID:5412
- C:\Windows\System\OjXTcJA.exe
  C:\Windows\System\OjXTcJA.exe
  2⤵
  PID:5436
- C:\Windows\System\iBNcgKt.exe
  C:\Windows\System\iBNcgKt.exe
  2⤵
  PID:5468
- C:\Windows\System\YLyQVsl.exe
  C:\Windows\System\YLyQVsl.exe
  2⤵
  PID:5516
- C:\Windows\System\RvcBfle.exe
  C:\Windows\System\RvcBfle.exe
  2⤵
  PID:5568
- C:\Windows\System\DcDQNRF.exe
  C:\Windows\System\DcDQNRF.exe
  2⤵
  PID:5572
- C:\Windows\System\KsCULpP.exe
  C:\Windows\System\KsCULpP.exe
  2⤵
  PID:5592
- C:\Windows\System\jyCHENW.exe
  C:\Windows\System\jyCHENW.exe
  2⤵
  PID:5636
- C:\Windows\System\UnRDzxj.exe
  C:\Windows\System\UnRDzxj.exe
  2⤵
  PID:5676
- C:\Windows\System\xcdXTKi.exe
  C:\Windows\System\xcdXTKi.exe
  2⤵
  PID:5716
- C:\Windows\System\WzxYxCX.exe
  C:\Windows\System\WzxYxCX.exe
  2⤵
  PID:5756
- C:\Windows\System\fhhdxle.exe
  C:\Windows\System\fhhdxle.exe
  2⤵
  PID:5772
- C:\Windows\System\bfZBfzm.exe
  C:\Windows\System\bfZBfzm.exe
  2⤵
  PID:5792
- C:\Windows\System\ErHLkhP.exe
  C:\Windows\System\ErHLkhP.exe
  2⤵
  PID:5836
- C:\Windows\System\XFnuAnF.exe
  C:\Windows\System\XFnuAnF.exe
  2⤵
  PID:5872
- C:\Windows\System\ukNptJB.exe
  C:\Windows\System\ukNptJB.exe
  2⤵
  PID:5928
- C:\Windows\System\eeyIbgz.exe
  C:\Windows\System\eeyIbgz.exe
  2⤵
  PID:5948
- C:\Windows\System\dLoKtbd.exe
  C:\Windows\System\dLoKtbd.exe
  2⤵
  PID:5972
- C:\Windows\System\BResngv.exe
  C:\Windows\System\BResngv.exe
  2⤵
  PID:5992
- C:\Windows\System\VGQPTXv.exe
  C:\Windows\System\VGQPTXv.exe
  2⤵
  PID:6056
- C:\Windows\System\RFVwqon.exe
  C:\Windows\System\RFVwqon.exe
  2⤵
  PID:6072
- C:\Windows\System\SDKCKeC.exe
  C:\Windows\System\SDKCKeC.exe
  2⤵
  PID:6116
- C:\Windows\System\gLWfjPp.exe
  C:\Windows\System\gLWfjPp.exe
  2⤵
  PID:4428
- C:\Windows\System\IGHONpR.exe
  C:\Windows\System\IGHONpR.exe
  2⤵
  PID:4632
- C:\Windows\System\oZRSpFa.exe
  C:\Windows\System\oZRSpFa.exe
  2⤵
  PID:4852
- C:\Windows\System\FYdTuqU.exe
  C:\Windows\System\FYdTuqU.exe
  2⤵
  PID:4848
- C:\Windows\System\BpsUFgo.exe
  C:\Windows\System\BpsUFgo.exe
  2⤵
  PID:4984
- C:\Windows\System\INiQKCI.exe
  C:\Windows\System\INiQKCI.exe
  2⤵
  PID:3792
- C:\Windows\System\SHrmgRx.exe
  C:\Windows\System\SHrmgRx.exe
  2⤵
  PID:4204
- C:\Windows\System\JAjIWXy.exe
  C:\Windows\System\JAjIWXy.exe
  2⤵
  PID:5128
- C:\Windows\System\VpiLKjl.exe
  C:\Windows\System\VpiLKjl.exe
  2⤵
  PID:5172
- C:\Windows\System\nUaicgU.exe
  C:\Windows\System\nUaicgU.exe
  2⤵
  PID:5224
- C:\Windows\System\eyDJERU.exe
  C:\Windows\System\eyDJERU.exe
  2⤵
  PID:5308
- C:\Windows\System\nlKSuhm.exe
  C:\Windows\System\nlKSuhm.exe
  2⤵
  PID:5376
- C:\Windows\System\KziYTAp.exe
  C:\Windows\System\KziYTAp.exe
  2⤵
  PID:5448
- C:\Windows\System\APUQgPX.exe
  C:\Windows\System\APUQgPX.exe
  2⤵
  PID:5488
- C:\Windows\System\cAKqOMA.exe
  C:\Windows\System\cAKqOMA.exe
  2⤵
  PID:5532
- C:\Windows\System\SKgstDp.exe
  C:\Windows\System\SKgstDp.exe
  2⤵
  PID:5552
- C:\Windows\System\JJKjFRb.exe
  C:\Windows\System\JJKjFRb.exe
  2⤵
  PID:5628
- C:\Windows\System\kFXaBdk.exe
  C:\Windows\System\kFXaBdk.exe
  2⤵
  PID:5708
- C:\Windows\System\YRuwErt.exe
  C:\Windows\System\YRuwErt.exe
  2⤵
  PID:5776
- C:\Windows\System\EzKheGD.exe
  C:\Windows\System\EzKheGD.exe
  2⤵
  PID:5828
- C:\Windows\System\dQmJWzS.exe
  C:\Windows\System\dQmJWzS.exe
  2⤵
  PID:5868
- C:\Windows\System\gNboSom.exe
  C:\Windows\System\gNboSom.exe
  2⤵
  PID:5892
- C:\Windows\System\DREPfLx.exe
  C:\Windows\System\DREPfLx.exe
  2⤵
  PID:6016
- C:\Windows\System\TRIuqWr.exe
  C:\Windows\System\TRIuqWr.exe
  2⤵
  PID:6028
- C:\Windows\System\eowQSsX.exe
  C:\Windows\System\eowQSsX.exe
  2⤵
  PID:2428
- C:\Windows\System\ZtYxQMQ.exe
  C:\Windows\System\ZtYxQMQ.exe
  2⤵
  PID:6092
- C:\Windows\System\gGfXiLj.exe
  C:\Windows\System\gGfXiLj.exe
  2⤵
  PID:4560
- C:\Windows\System\wjBQtwi.exe
  C:\Windows\System\wjBQtwi.exe
  2⤵
  PID:4868
- C:\Windows\System\QngIRbn.exe
  C:\Windows\System\QngIRbn.exe
  2⤵
  PID:4148
- C:\Windows\System\bAPKsjl.exe
  C:\Windows\System\bAPKsjl.exe
  2⤵
  PID:4228
- C:\Windows\System\GgnuVQI.exe
  C:\Windows\System\GgnuVQI.exe
  2⤵
  PID:5212
- C:\Windows\System\JIMwrSG.exe
  C:\Windows\System\JIMwrSG.exe
  2⤵
  PID:5232
- C:\Windows\System\DFtzefy.exe
  C:\Windows\System\DFtzefy.exe
  2⤵
  PID:5356
- C:\Windows\System\QkgjgDg.exe
  C:\Windows\System\QkgjgDg.exe
  2⤵
  PID:5528
- C:\Windows\System\ADpISBK.exe
  C:\Windows\System\ADpISBK.exe
  2⤵
  PID:5556
- C:\Windows\System\fdtXVDC.exe
  C:\Windows\System\fdtXVDC.exe
  2⤵
  PID:5648
- C:\Windows\System\KLzQUoR.exe
  C:\Windows\System\KLzQUoR.exe
  2⤵
  PID:5692
- C:\Windows\System\DeLVmIk.exe
  C:\Windows\System\DeLVmIk.exe
  2⤵
  PID:5876
- C:\Windows\System\dQDfGUr.exe
  C:\Windows\System\dQDfGUr.exe
  2⤵
  PID:6156
- C:\Windows\System\TveHgAa.exe
  C:\Windows\System\TveHgAa.exe
  2⤵
  PID:6176
- C:\Windows\System\HqVHABA.exe
  C:\Windows\System\HqVHABA.exe
  2⤵
  PID:6196
- C:\Windows\System\xAcwPJr.exe
  C:\Windows\System\xAcwPJr.exe
  2⤵
  PID:6216
- C:\Windows\System\KrreOkd.exe
  C:\Windows\System\KrreOkd.exe
  2⤵
  PID:6236
- C:\Windows\System\raTmEKy.exe
  C:\Windows\System\raTmEKy.exe
  2⤵
  PID:6256
- C:\Windows\System\rhUXJyY.exe
  C:\Windows\System\rhUXJyY.exe
  2⤵
  PID:6276
- C:\Windows\System\gpHrJmn.exe
  C:\Windows\System\gpHrJmn.exe
  2⤵
  PID:6296
- C:\Windows\System\wCkScpQ.exe
  C:\Windows\System\wCkScpQ.exe
  2⤵
  PID:6316
- C:\Windows\System\QJvLRNs.exe
  C:\Windows\System\QJvLRNs.exe
  2⤵
  PID:6336
- C:\Windows\System\fyMrjDN.exe
  C:\Windows\System\fyMrjDN.exe
  2⤵
  PID:6356
- C:\Windows\System\CoEGyFd.exe
  C:\Windows\System\CoEGyFd.exe
  2⤵
  PID:6376
- C:\Windows\System\YkjNzcA.exe
  C:\Windows\System\YkjNzcA.exe
  2⤵
  PID:6396
- C:\Windows\System\kctOsjW.exe
  C:\Windows\System\kctOsjW.exe
  2⤵
  PID:6416
- C:\Windows\System\CKjTNVf.exe
  C:\Windows\System\CKjTNVf.exe
  2⤵
  PID:6436
- C:\Windows\System\YjLwxHP.exe
  C:\Windows\System\YjLwxHP.exe
  2⤵
  PID:6456
- C:\Windows\System\WTRUpKu.exe
  C:\Windows\System\WTRUpKu.exe
  2⤵
  PID:6476
- C:\Windows\System\ksAMTFS.exe
  C:\Windows\System\ksAMTFS.exe
  2⤵
  PID:6496
- C:\Windows\System\HFFyiqF.exe
  C:\Windows\System\HFFyiqF.exe
  2⤵
  PID:6516
- C:\Windows\System\EGNuiVc.exe
  C:\Windows\System\EGNuiVc.exe
  2⤵
  PID:6536
- C:\Windows\System\UlyKwrN.exe
  C:\Windows\System\UlyKwrN.exe
  2⤵
  PID:6556
- C:\Windows\System\stFGTZQ.exe
  C:\Windows\System\stFGTZQ.exe
  2⤵
  PID:6576
- C:\Windows\System\DYGttjP.exe
  C:\Windows\System\DYGttjP.exe
  2⤵
  PID:6596
- C:\Windows\System\jyNalyi.exe
  C:\Windows\System\jyNalyi.exe
  2⤵
  PID:6616
- C:\Windows\System\iVssbcL.exe
  C:\Windows\System\iVssbcL.exe
  2⤵
  PID:6636
- C:\Windows\System\axOodNT.exe
  C:\Windows\System\axOodNT.exe
  2⤵
  PID:6656
- C:\Windows\System\vcIyeyk.exe
  C:\Windows\System\vcIyeyk.exe
  2⤵
  PID:6676
- C:\Windows\System\FzuLxvR.exe
  C:\Windows\System\FzuLxvR.exe
  2⤵
  PID:6696
- C:\Windows\System\TNkIHMx.exe
  C:\Windows\System\TNkIHMx.exe
  2⤵
  PID:6716
- C:\Windows\System\JBghlzg.exe
  C:\Windows\System\JBghlzg.exe
  2⤵
  PID:6740
- C:\Windows\System\KiNsykQ.exe
  C:\Windows\System\KiNsykQ.exe
  2⤵
  PID:6760
- C:\Windows\System\bnGARhU.exe
  C:\Windows\System\bnGARhU.exe
  2⤵
  PID:6780
- C:\Windows\System\AAKBBkd.exe
  C:\Windows\System\AAKBBkd.exe
  2⤵
  PID:6800
- C:\Windows\System\SNojnRG.exe
  C:\Windows\System\SNojnRG.exe
  2⤵
  PID:6820
- C:\Windows\System\arEamGu.exe
  C:\Windows\System\arEamGu.exe
  2⤵
  PID:6840
- C:\Windows\System\XPEKLaJ.exe
  C:\Windows\System\XPEKLaJ.exe
  2⤵
  PID:6860
- C:\Windows\System\uRJmsXJ.exe
  C:\Windows\System\uRJmsXJ.exe
  2⤵
  PID:6880
- C:\Windows\System\nzHYtmB.exe
  C:\Windows\System\nzHYtmB.exe
  2⤵
  PID:6900
- C:\Windows\System\QQAMuMl.exe
  C:\Windows\System\QQAMuMl.exe
  2⤵
  PID:6920
- C:\Windows\System\SctVzMT.exe
  C:\Windows\System\SctVzMT.exe
  2⤵
  PID:6940
- C:\Windows\System\ivIkHgt.exe
  C:\Windows\System\ivIkHgt.exe
  2⤵
  PID:6960
- C:\Windows\System\iDsbRHG.exe
  C:\Windows\System\iDsbRHG.exe
  2⤵
  PID:6980
- C:\Windows\System\UvYpwDi.exe
  C:\Windows\System\UvYpwDi.exe
  2⤵
  PID:7000
- C:\Windows\System\llFvArT.exe
  C:\Windows\System\llFvArT.exe
  2⤵
  PID:7020
- C:\Windows\System\CIwhzFg.exe
  C:\Windows\System\CIwhzFg.exe
  2⤵
  PID:7040
- C:\Windows\System\ibEpYJy.exe
  C:\Windows\System\ibEpYJy.exe
  2⤵
  PID:7060
- C:\Windows\System\ILNwSuN.exe
  C:\Windows\System\ILNwSuN.exe
  2⤵
  PID:7080
- C:\Windows\System\ZMMjmHm.exe
  C:\Windows\System\ZMMjmHm.exe
  2⤵
  PID:7100
- C:\Windows\System\DlkbqlF.exe
  C:\Windows\System\DlkbqlF.exe
  2⤵
  PID:7120
- C:\Windows\System\LwdtKIz.exe
  C:\Windows\System\LwdtKIz.exe
  2⤵
  PID:7140
- C:\Windows\System\WpbAdFe.exe
  C:\Windows\System\WpbAdFe.exe
  2⤵
  PID:7160
- C:\Windows\System\eHydUcm.exe
  C:\Windows\System\eHydUcm.exe
  2⤵
  PID:5996
- C:\Windows\System\JqaTYgB.exe
  C:\Windows\System\JqaTYgB.exe
  2⤵
  PID:6036
- C:\Windows\System\hziXmWD.exe
  C:\Windows\System\hziXmWD.exe
  2⤵
  PID:6096
- C:\Windows\System\zQjLOBE.exe
  C:\Windows\System\zQjLOBE.exe
  2⤵
  PID:4708
- C:\Windows\System\brWYtZe.exe
  C:\Windows\System\brWYtZe.exe
  2⤵
  PID:5028
- C:\Windows\System\WAzuAvK.exe
  C:\Windows\System\WAzuAvK.exe
  2⤵
  PID:5124
- C:\Windows\System\rqGvuem.exe
  C:\Windows\System\rqGvuem.exe
  2⤵
  PID:5228
- C:\Windows\System\cdgNTyn.exe
  C:\Windows\System\cdgNTyn.exe
  2⤵
  PID:5496
- C:\Windows\System\tTRiVXI.exe
  C:\Windows\System\tTRiVXI.exe
  2⤵
  PID:5712
- C:\Windows\System\ExVZIAz.exe
  C:\Windows\System\ExVZIAz.exe
  2⤵
  PID:5788
- C:\Windows\System\LSXKtKC.exe
  C:\Windows\System\LSXKtKC.exe
  2⤵
  PID:6148
- C:\Windows\System\NURcdtj.exe
  C:\Windows\System\NURcdtj.exe
  2⤵
  PID:6168
- C:\Windows\System\LMJSqVw.exe
  C:\Windows\System\LMJSqVw.exe
  2⤵
  PID:6208
- C:\Windows\System\kDNMZyW.exe
  C:\Windows\System\kDNMZyW.exe
  2⤵
  PID:6264
- C:\Windows\System\BaHQHEq.exe
  C:\Windows\System\BaHQHEq.exe
  2⤵
  PID:6292
- C:\Windows\System\UsRcVSr.exe
  C:\Windows\System\UsRcVSr.exe
  2⤵
  PID:6308
- C:\Windows\System\tXTkCob.exe
  C:\Windows\System\tXTkCob.exe
  2⤵
  PID:6348
- C:\Windows\System\eezAbUF.exe
  C:\Windows\System\eezAbUF.exe
  2⤵
  PID:6392
- C:\Windows\System\JLMItjz.exe
  C:\Windows\System\JLMItjz.exe
  2⤵
  PID:6408
- C:\Windows\System\mnOuSAQ.exe
  C:\Windows\System\mnOuSAQ.exe
  2⤵
  PID:6452
- C:\Windows\System\NcwTGuz.exe
  C:\Windows\System\NcwTGuz.exe
  2⤵
  PID:6504
- C:\Windows\System\hUEQxCT.exe
  C:\Windows\System\hUEQxCT.exe
  2⤵
  PID:6524
- C:\Windows\System\ruoXZKA.exe
  C:\Windows\System\ruoXZKA.exe
  2⤵
  PID:6548
- C:\Windows\System\MuyEVlJ.exe
  C:\Windows\System\MuyEVlJ.exe
  2⤵
  PID:6592
- C:\Windows\System\QUBNjmd.exe
  C:\Windows\System\QUBNjmd.exe
  2⤵
  PID:6608
- C:\Windows\System\xiqsRVZ.exe
  C:\Windows\System\xiqsRVZ.exe
  2⤵
  PID:6664
- C:\Windows\System\HxcMnfr.exe
  C:\Windows\System\HxcMnfr.exe
  2⤵
  PID:6692
- C:\Windows\System\kPbjRKD.exe
  C:\Windows\System\kPbjRKD.exe
  2⤵
  PID:6748
- C:\Windows\System\kHZMmoT.exe
  C:\Windows\System\kHZMmoT.exe
  2⤵
  PID:1752
- C:\Windows\System\GZQuynX.exe
  C:\Windows\System\GZQuynX.exe
  2⤵
  PID:6796
- C:\Windows\System\pJUuhmy.exe
  C:\Windows\System\pJUuhmy.exe
  2⤵
  PID:2804
- C:\Windows\System\qbXLrAc.exe
  C:\Windows\System\qbXLrAc.exe
  2⤵
  PID:6856
- C:\Windows\System\EgXXdWc.exe
  C:\Windows\System\EgXXdWc.exe
  2⤵
  PID:6888
- C:\Windows\System\ZdXHXuK.exe
  C:\Windows\System\ZdXHXuK.exe
  2⤵
  PID:6912
- C:\Windows\System\sjnAGar.exe
  C:\Windows\System\sjnAGar.exe
  2⤵
  PID:6956
- C:\Windows\System\sXomgfk.exe
  C:\Windows\System\sXomgfk.exe
  2⤵
  PID:6972
- C:\Windows\System\mTwXxbg.exe
  C:\Windows\System\mTwXxbg.exe
  2⤵
  PID:7016
- C:\Windows\System\BQlNyEU.exe
  C:\Windows\System\BQlNyEU.exe
  2⤵
  PID:7056
- C:\Windows\System\LeNTgdx.exe
  C:\Windows\System\LeNTgdx.exe
  2⤵
  PID:7088
- C:\Windows\System\eKIEqhi.exe
  C:\Windows\System\eKIEqhi.exe
  2⤵
  PID:7112
- C:\Windows\System\szvMEGC.exe
  C:\Windows\System\szvMEGC.exe
  2⤵
  PID:7136
- C:\Windows\System\xZkcwjn.exe
  C:\Windows\System\xZkcwjn.exe
  2⤵
  PID:1856
- C:\Windows\System\BgcypPj.exe
  C:\Windows\System\BgcypPj.exe
  2⤵
  PID:6048
- C:\Windows\System\krFIPep.exe
  C:\Windows\System\krFIPep.exe
  2⤵
  PID:4768
- C:\Windows\System\mKjKmIz.exe
  C:\Windows\System\mKjKmIz.exe
  2⤵
  PID:5244
- C:\Windows\System\QMEAadQ.exe
  C:\Windows\System\QMEAadQ.exe
  2⤵
  PID:5276
- C:\Windows\System\EiBybIf.exe
  C:\Windows\System\EiBybIf.exe
  2⤵
  PID:5652
- C:\Windows\System\qlCPUwh.exe
  C:\Windows\System\qlCPUwh.exe
  2⤵
  PID:6152
- C:\Windows\System\tVUimjX.exe
  C:\Windows\System\tVUimjX.exe
  2⤵
  PID:6252
- C:\Windows\System\GcsAHXw.exe
  C:\Windows\System\GcsAHXw.exe
  2⤵
  PID:6268
- C:\Windows\System\eGEhBCr.exe
  C:\Windows\System\eGEhBCr.exe
  2⤵
  PID:6384
- C:\Windows\System\volSYEh.exe
  C:\Windows\System\volSYEh.exe
  2⤵
  PID:6352
- C:\Windows\System\IpDNvIo.exe
  C:\Windows\System\IpDNvIo.exe
  2⤵
  PID:6424
- C:\Windows\System\JQACIum.exe
  C:\Windows\System\JQACIum.exe
  2⤵
  PID:6468
- C:\Windows\System\QbfLINU.exe
  C:\Windows\System\QbfLINU.exe
  2⤵
  PID:6584
- C:\Windows\System\bNmNpoc.exe
  C:\Windows\System\bNmNpoc.exe
  2⤵
  PID:6604
- C:\Windows\System\vzEUzDT.exe
  C:\Windows\System\vzEUzDT.exe
  2⤵
  PID:6624
- C:\Windows\System\gVLYoyu.exe
  C:\Windows\System\gVLYoyu.exe
  2⤵
  PID:6684
- C:\Windows\System\BJmbsLH.exe
  C:\Windows\System\BJmbsLH.exe
  2⤵
  PID:6756
- C:\Windows\System\ZYGnCzc.exe
  C:\Windows\System\ZYGnCzc.exe
  2⤵
  PID:6812
- C:\Windows\System\BFpBItO.exe
  C:\Windows\System\BFpBItO.exe
  2⤵
  PID:6876
- C:\Windows\System\UxekZwy.exe
  C:\Windows\System\UxekZwy.exe
  2⤵
  PID:6852
- C:\Windows\System\hboRDDL.exe
  C:\Windows\System\hboRDDL.exe
  2⤵
  PID:6936
- C:\Windows\System\NzLvbhQ.exe
  C:\Windows\System\NzLvbhQ.exe
  2⤵
  PID:7036
- C:\Windows\System\wcRSIGQ.exe
  C:\Windows\System\wcRSIGQ.exe
  2⤵
  PID:7068
- C:\Windows\System\mONMgxl.exe
  C:\Windows\System\mONMgxl.exe
  2⤵
  PID:5908
- C:\Windows\System\ClZpYrj.exe
  C:\Windows\System\ClZpYrj.exe
  2⤵
  PID:5952
- C:\Windows\System\tIRKivt.exe
  C:\Windows\System\tIRKivt.exe
  2⤵
  PID:5144
- C:\Windows\System\XHMUMeV.exe
  C:\Windows\System\XHMUMeV.exe
  2⤵
  PID:5416
- C:\Windows\System\vmNvsIK.exe
  C:\Windows\System\vmNvsIK.exe
  2⤵
  PID:5672
- C:\Windows\System\vyutgTy.exe
  C:\Windows\System\vyutgTy.exe
  2⤵
  PID:6228
- C:\Windows\System\BtLavUT.exe
  C:\Windows\System\BtLavUT.exe
  2⤵
  PID:6372
- C:\Windows\System\RpuleJy.exe
  C:\Windows\System\RpuleJy.exe
  2⤵
  PID:6428
- C:\Windows\System\YBxdbeG.exe
  C:\Windows\System\YBxdbeG.exe
  2⤵
  PID:6484
- C:\Windows\System\etBwSLj.exe
  C:\Windows\System\etBwSLj.exe
  2⤵
  PID:6528
- C:\Windows\System\uELllnu.exe
  C:\Windows\System\uELllnu.exe
  2⤵
  PID:6612
- C:\Windows\System\CkAFPJe.exe
  C:\Windows\System\CkAFPJe.exe
  2⤵
  PID:6752
- C:\Windows\System\IQKdQxT.exe
  C:\Windows\System\IQKdQxT.exe
  2⤵
  PID:6832
- C:\Windows\System\gEqZZqQ.exe
  C:\Windows\System\gEqZZqQ.exe
  2⤵
  PID:6892
- C:\Windows\System\EnJSQSu.exe
  C:\Windows\System\EnJSQSu.exe
  2⤵
  PID:6968
- C:\Windows\System\dMkwJpb.exe
  C:\Windows\System\dMkwJpb.exe
  2⤵
  PID:7076
- C:\Windows\System\uiFLWGo.exe
  C:\Windows\System\uiFLWGo.exe
  2⤵
  PID:6076
- C:\Windows\System\qJWEcLC.exe
  C:\Windows\System\qJWEcLC.exe
  2⤵
  PID:7184
- C:\Windows\System\XJmhOzg.exe
  C:\Windows\System\XJmhOzg.exe
  2⤵
  PID:7204
- C:\Windows\System\dsuutqG.exe
  C:\Windows\System\dsuutqG.exe
  2⤵
  PID:7224
- C:\Windows\System\TFClBgi.exe
  C:\Windows\System\TFClBgi.exe
  2⤵
  PID:7308
- C:\Windows\System\AtcXwAw.exe
  C:\Windows\System\AtcXwAw.exe
  2⤵
  PID:7328
- C:\Windows\System\ZPpDAGF.exe
  C:\Windows\System\ZPpDAGF.exe
  2⤵
  PID:7348
- C:\Windows\System\jAQMsAV.exe
  C:\Windows\System\jAQMsAV.exe
  2⤵
  PID:7368
- C:\Windows\System\ZSpaxak.exe
  C:\Windows\System\ZSpaxak.exe
  2⤵
  PID:7388
- C:\Windows\System\RTZLzjo.exe
  C:\Windows\System\RTZLzjo.exe
  2⤵
  PID:7408
- C:\Windows\System\fEmGszB.exe
  C:\Windows\System\fEmGszB.exe
  2⤵
  PID:7428
- C:\Windows\System\EsBbJcW.exe
  C:\Windows\System\EsBbJcW.exe
  2⤵
  PID:7448
- C:\Windows\System\gWKtTwI.exe
  C:\Windows\System\gWKtTwI.exe
  2⤵
  PID:7468
- C:\Windows\System\YlKPTYT.exe
  C:\Windows\System\YlKPTYT.exe
  2⤵
  PID:7488
- C:\Windows\System\xptnZyp.exe
  C:\Windows\System\xptnZyp.exe
  2⤵
  PID:7508
- C:\Windows\System\yIQEVUN.exe
  C:\Windows\System\yIQEVUN.exe
  2⤵
  PID:7528
- C:\Windows\System\iaoWrkJ.exe
  C:\Windows\System\iaoWrkJ.exe
  2⤵
  PID:7548
- C:\Windows\System\iPeJMHk.exe
  C:\Windows\System\iPeJMHk.exe
  2⤵
  PID:7568
- C:\Windows\System\esJXqRy.exe
  C:\Windows\System\esJXqRy.exe
  2⤵
  PID:7588
- C:\Windows\System\ciDOaop.exe
  C:\Windows\System\ciDOaop.exe
  2⤵
  PID:7608
- C:\Windows\System\pysVeFa.exe
  C:\Windows\System\pysVeFa.exe
  2⤵
  PID:7628
- C:\Windows\System\iuPOuPU.exe
  C:\Windows\System\iuPOuPU.exe
  2⤵
  PID:7648
- C:\Windows\System\ZqHwIqX.exe
  C:\Windows\System\ZqHwIqX.exe
  2⤵
  PID:7668
- C:\Windows\System\gfnVPrv.exe
  C:\Windows\System\gfnVPrv.exe
  2⤵
  PID:7688
- C:\Windows\System\jzszaML.exe
  C:\Windows\System\jzszaML.exe
  2⤵
  PID:7708
- C:\Windows\System\YfRpfGw.exe
  C:\Windows\System\YfRpfGw.exe
  2⤵
  PID:7728
- C:\Windows\System\MbbhvVO.exe
  C:\Windows\System\MbbhvVO.exe
  2⤵
  PID:7748
- C:\Windows\System\leJKwRI.exe
  C:\Windows\System\leJKwRI.exe
  2⤵
  PID:7768
- C:\Windows\System\RfIvvKR.exe
  C:\Windows\System\RfIvvKR.exe
  2⤵
  PID:7788
- C:\Windows\System\RioSXhJ.exe
  C:\Windows\System\RioSXhJ.exe
  2⤵
  PID:7808
- C:\Windows\System\CRAXzyf.exe
  C:\Windows\System\CRAXzyf.exe
  2⤵
  PID:7828
- C:\Windows\System\NaTuwsO.exe
  C:\Windows\System\NaTuwsO.exe
  2⤵
  PID:7848
- C:\Windows\System\Olkxnjb.exe
  C:\Windows\System\Olkxnjb.exe
  2⤵
  PID:7868
- C:\Windows\System\kmeEjJQ.exe
  C:\Windows\System\kmeEjJQ.exe
  2⤵
  PID:7888
- C:\Windows\System\RnNjWyC.exe
  C:\Windows\System\RnNjWyC.exe
  2⤵
  PID:7908
- C:\Windows\System\qcdiRMN.exe
  C:\Windows\System\qcdiRMN.exe
  2⤵
  PID:7928
- C:\Windows\System\KRzrEIQ.exe
  C:\Windows\System\KRzrEIQ.exe
  2⤵
  PID:7948
- C:\Windows\System\XdlKInX.exe
  C:\Windows\System\XdlKInX.exe
  2⤵
  PID:7968
- C:\Windows\System\qUpPDlw.exe
  C:\Windows\System\qUpPDlw.exe
  2⤵
  PID:7988
- C:\Windows\System\fAzZeXU.exe
  C:\Windows\System\fAzZeXU.exe
  2⤵
  PID:8008
- C:\Windows\System\qHHFDyS.exe
  C:\Windows\System\qHHFDyS.exe
  2⤵
  PID:8028
- C:\Windows\System\DzdflsC.exe
  C:\Windows\System\DzdflsC.exe
  2⤵
  PID:8048
- C:\Windows\System\XcyDdBz.exe
  C:\Windows\System\XcyDdBz.exe
  2⤵
  PID:8068
- C:\Windows\System\YKmpkHA.exe
  C:\Windows\System\YKmpkHA.exe
  2⤵
  PID:8088
- C:\Windows\System\PAPRPMQ.exe
  C:\Windows\System\PAPRPMQ.exe
  2⤵
  PID:8108
- C:\Windows\System\NVyYbcw.exe
  C:\Windows\System\NVyYbcw.exe
  2⤵
  PID:8128
- C:\Windows\System\gaEYVAk.exe
  C:\Windows\System\gaEYVAk.exe
  2⤵
  PID:8148
- C:\Windows\System\EgoHgUf.exe
  C:\Windows\System\EgoHgUf.exe
  2⤵
  PID:8168
- C:\Windows\System\TcRVxYQ.exe
  C:\Windows\System\TcRVxYQ.exe
  2⤵
  PID:8188
- C:\Windows\System\LToklLZ.exe
  C:\Windows\System\LToklLZ.exe
  2⤵
  PID:5112
- C:\Windows\System\LnNxSTT.exe
  C:\Windows\System\LnNxSTT.exe
  2⤵
  PID:6192
- C:\Windows\System\rIoWInj.exe
  C:\Windows\System\rIoWInj.exe
  2⤵
  PID:6248
- C:\Windows\System\HgycjWG.exe
  C:\Windows\System\HgycjWG.exe
  2⤵
  PID:2764
- C:\Windows\System\RaJwyRO.exe
  C:\Windows\System\RaJwyRO.exe
  2⤵
  PID:6644
- C:\Windows\System\CfkJbtt.exe
  C:\Windows\System\CfkJbtt.exe
  2⤵
  PID:6652
- C:\Windows\System\qedEOAj.exe
  C:\Windows\System\qedEOAj.exe
  2⤵
  PID:6932
- C:\Windows\System\cFVmAwI.exe
  C:\Windows\System\cFVmAwI.exe
  2⤵
  PID:7092
- C:\Windows\System\NhAYMEI.exe
  C:\Windows\System\NhAYMEI.exe
  2⤵
  PID:2888
- C:\Windows\System\NvuBFKa.exe
  C:\Windows\System\NvuBFKa.exe
  2⤵
  PID:7176
- C:\Windows\System\wNAaOQa.exe
  C:\Windows\System\wNAaOQa.exe
  2⤵
  PID:7220
- C:\Windows\System\fVCumVj.exe
  C:\Windows\System\fVCumVj.exe
  2⤵
  PID:7344
- C:\Windows\System\NahTTZe.exe
  C:\Windows\System\NahTTZe.exe
  2⤵
  PID:7376
- C:\Windows\System\MDeOkor.exe
  C:\Windows\System\MDeOkor.exe
  2⤵
  PID:7396
- C:\Windows\System\Ilcsfvk.exe
  C:\Windows\System\Ilcsfvk.exe
  2⤵
  PID:2892
- C:\Windows\System\FXPdDXJ.exe
  C:\Windows\System\FXPdDXJ.exe
  2⤵
  PID:7436
- C:\Windows\System\Gboadek.exe
  C:\Windows\System\Gboadek.exe
  2⤵
  PID:7480
- C:\Windows\System\ZelQOTd.exe
  C:\Windows\System\ZelQOTd.exe
  2⤵
  PID:7500
- C:\Windows\System\RxBaWZs.exe
  C:\Windows\System\RxBaWZs.exe
  2⤵
  PID:7540
- C:\Windows\System\adqfpbq.exe
  C:\Windows\System\adqfpbq.exe
  2⤵
  PID:7560
- C:\Windows\System\OEDaHfV.exe
  C:\Windows\System\OEDaHfV.exe
  2⤵
  PID:7616
- C:\Windows\System\GVkxyKu.exe
  C:\Windows\System\GVkxyKu.exe
  2⤵
  PID:2672
- C:\Windows\System\jHNoMrK.exe
  C:\Windows\System\jHNoMrK.exe
  2⤵
  PID:7656
- C:\Windows\System\ZeZyeiN.exe
  C:\Windows\System\ZeZyeiN.exe
  2⤵
  PID:7704
- C:\Windows\System\TKqsJVj.exe
  C:\Windows\System\TKqsJVj.exe
  2⤵
  PID:7744
- C:\Windows\System\BcnJzKH.exe
  C:\Windows\System\BcnJzKH.exe
  2⤵
  PID:7756
- C:\Windows\System\nLRrRLj.exe
  C:\Windows\System\nLRrRLj.exe
  2⤵
  PID:7780
- C:\Windows\System\ULGwzna.exe
  C:\Windows\System\ULGwzna.exe
  2⤵
  PID:7820
- C:\Windows\System\kpHptno.exe
  C:\Windows\System\kpHptno.exe
  2⤵
  PID:3056
- C:\Windows\System\kEwxcel.exe
  C:\Windows\System\kEwxcel.exe
  2⤵
  PID:1740
- C:\Windows\System\dccJETO.exe
  C:\Windows\System\dccJETO.exe
  2⤵
  PID:7884
- C:\Windows\System\atqXRhM.exe
  C:\Windows\System\atqXRhM.exe
  2⤵
  PID:7944
- C:\Windows\System\hwSHPff.exe
  C:\Windows\System\hwSHPff.exe
  2⤵
  PID:1608
- C:\Windows\System\pxYIYTc.exe
  C:\Windows\System\pxYIYTc.exe
  2⤵
  PID:7940
- C:\Windows\System\ZFvXNHY.exe
  C:\Windows\System\ZFvXNHY.exe
  2⤵
  PID:7976
- C:\Windows\System\zXGqpjk.exe
  C:\Windows\System\zXGqpjk.exe
  2⤵
  PID:8016
- C:\Windows\System\CiABIlD.exe
  C:\Windows\System\CiABIlD.exe
  2⤵
  PID:8000
- C:\Windows\System\AiUywDX.exe
  C:\Windows\System\AiUywDX.exe
  2⤵
  PID:8096
- C:\Windows\System\OuZyJAZ.exe
  C:\Windows\System\OuZyJAZ.exe
  2⤵
  PID:8084
- C:\Windows\System\IyFvNFv.exe
  C:\Windows\System\IyFvNFv.exe
  2⤵
  PID:8120
- C:\Windows\System\urmqKZT.exe
  C:\Windows\System\urmqKZT.exe
  2⤵
  PID:8184
- C:\Windows\System\ymcBHcx.exe
  C:\Windows\System\ymcBHcx.exe
  2⤵
  PID:8160
- C:\Windows\System\PwDUoOI.exe
  C:\Windows\System\PwDUoOI.exe
  2⤵
  PID:5456
- C:\Windows\System\EljmHJq.exe
  C:\Windows\System\EljmHJq.exe
  2⤵
  PID:6328
- C:\Windows\System\KpxNjiH.exe
  C:\Windows\System\KpxNjiH.exe
  2⤵
  PID:6688
- C:\Windows\System\qBUkxuj.exe
  C:\Windows\System\qBUkxuj.exe
  2⤵
  PID:6836
- C:\Windows\System\iCsCqCW.exe
  C:\Windows\System\iCsCqCW.exe
  2⤵
  PID:7108
- C:\Windows\System\ZSEbsGj.exe
  C:\Windows\System\ZSEbsGj.exe
  2⤵
  PID:1872
- C:\Windows\System\PEUVOMv.exe
  C:\Windows\System\PEUVOMv.exe
  2⤵
  PID:7300
- C:\Windows\System\QOfUkkT.exe
  C:\Windows\System\QOfUkkT.exe
  2⤵
  PID:7324
- C:\Windows\System\oEgyAew.exe
  C:\Windows\System\oEgyAew.exe
  2⤵
  PID:7320
- C:\Windows\System\kxhxQkW.exe
  C:\Windows\System\kxhxQkW.exe
  2⤵
  PID:7504
- C:\Windows\System\cgtWHPW.exe
  C:\Windows\System\cgtWHPW.exe
  2⤵
  PID:7536
- C:\Windows\System\sZBMrwn.exe
  C:\Windows\System\sZBMrwn.exe
  2⤵
  PID:7596
- C:\Windows\System\cZcDYRZ.exe
  C:\Windows\System\cZcDYRZ.exe
  2⤵
  PID:7600
- C:\Windows\System\gWzYuGZ.exe
  C:\Windows\System\gWzYuGZ.exe
  2⤵
  PID:7660
- C:\Windows\System\sbMSoIZ.exe
  C:\Windows\System\sbMSoIZ.exe
  2⤵
  PID:7680
- C:\Windows\System\nkNqQQf.exe
  C:\Windows\System\nkNqQQf.exe
  2⤵
  PID:7720
- C:\Windows\System\wFEyFXc.exe
  C:\Windows\System\wFEyFXc.exe
  2⤵
  PID:2776
- C:\Windows\System\DWDWdFW.exe
  C:\Windows\System\DWDWdFW.exe
  2⤵
  PID:7844
- C:\Windows\System\WtWAShB.exe
  C:\Windows\System\WtWAShB.exe
  2⤵
  PID:7856
- C:\Windows\System\qiynuKb.exe
  C:\Windows\System\qiynuKb.exe
  2⤵
  PID:7904
- C:\Windows\System\CbZxeMH.exe
  C:\Windows\System\CbZxeMH.exe
  2⤵
  PID:7916
- C:\Windows\System\bnVDQbN.exe
  C:\Windows\System\bnVDQbN.exe
  2⤵
  PID:7924
- C:\Windows\System\bXfaaWm.exe
  C:\Windows\System\bXfaaWm.exe
  2⤵
  PID:7964
- C:\Windows\System\kGDgiwt.exe
  C:\Windows\System\kGDgiwt.exe
  2⤵
  PID:8060
- C:\Windows\System\fWQaNOs.exe
  C:\Windows\System\fWQaNOs.exe
  2⤵
  PID:8064
- C:\Windows\System\soNNKhK.exe
  C:\Windows\System\soNNKhK.exe
  2⤵
  PID:8044
- C:\Windows\System\YprPMYM.exe
  C:\Windows\System\YprPMYM.exe
  2⤵
  PID:8144
- C:\Windows\System\SqQKCpx.exe
  C:\Windows\System\SqQKCpx.exe
  2⤵
  PID:8164
- C:\Windows\System\VODkegm.exe
  C:\Windows\System\VODkegm.exe
  2⤵
  PID:1924
- C:\Windows\System\bivGaQA.exe
  C:\Windows\System\bivGaQA.exe
  2⤵
  PID:684
- C:\Windows\System\gabaNsv.exe
  C:\Windows\System\gabaNsv.exe
  2⤵
  PID:1968
- C:\Windows\System\BWoSxnW.exe
  C:\Windows\System\BWoSxnW.exe
  2⤵
  PID:1220
- C:\Windows\System\afgJXzS.exe
  C:\Windows\System\afgJXzS.exe
  2⤵
  PID:276
- C:\Windows\System\DRMPRiR.exe
  C:\Windows\System\DRMPRiR.exe
  2⤵
  PID:2656
- C:\Windows\System\IOuRcxM.exe
  C:\Windows\System\IOuRcxM.exe
  2⤵
  PID:7356
- C:\Windows\System\TYwRSyj.exe
  C:\Windows\System\TYwRSyj.exe
  2⤵
  PID:2596
- C:\Windows\System\IdnUlGO.exe
  C:\Windows\System\IdnUlGO.exe
  2⤵
  PID:7456
- C:\Windows\System\kqBsJoN.exe
  C:\Windows\System\kqBsJoN.exe
  2⤵
  PID:7524
- C:\Windows\System\KXTaDzx.exe
  C:\Windows\System\KXTaDzx.exe
  2⤵
  PID:7460
- C:\Windows\System\lWyvdlH.exe
  C:\Windows\System\lWyvdlH.exe
  2⤵
  PID:7740
- C:\Windows\System\IEoBIfY.exe
  C:\Windows\System\IEoBIfY.exe
  2⤵
  PID:1124
- C:\Windows\System\UBhFRjP.exe
  C:\Windows\System\UBhFRjP.exe
  2⤵
  PID:8124
- C:\Windows\System\BZJmSXS.exe
  C:\Windows\System\BZJmSXS.exe
  2⤵
  PID:7836
- C:\Windows\System\mYIQpBj.exe
  C:\Windows\System\mYIQpBj.exe
  2⤵
  PID:8076
- C:\Windows\System\JpOTdws.exe
  C:\Windows\System\JpOTdws.exe
  2⤵
  PID:7824
- C:\Windows\System\AAhpttZ.exe
  C:\Windows\System\AAhpttZ.exe
  2⤵
  PID:7956
- C:\Windows\System\syTkxHw.exe
  C:\Windows\System\syTkxHw.exe
  2⤵
  PID:6212
- C:\Windows\System\fQXZSVB.exe
  C:\Windows\System\fQXZSVB.exe
  2⤵
  PID:6312
- C:\Windows\System\OOVCTtz.exe
  C:\Windows\System\OOVCTtz.exe
  2⤵
  PID:2336
- C:\Windows\System\FmtIfGp.exe
  C:\Windows\System\FmtIfGp.exe
  2⤵
  PID:6572
- C:\Windows\System\yDrWqHx.exe
  C:\Windows\System\yDrWqHx.exe
  2⤵
  PID:7316
- C:\Windows\System\OVQVaSX.exe
  C:\Windows\System\OVQVaSX.exe
  2⤵
  PID:2980
- C:\Windows\System\JWvazTo.exe
  C:\Windows\System\JWvazTo.exe
  2⤵
  PID:1684
- C:\Windows\System\qgpfVWU.exe
  C:\Windows\System\qgpfVWU.exe
  2⤵
  PID:7724
- C:\Windows\System\LrdQLtm.exe
  C:\Windows\System\LrdQLtm.exe
  2⤵
  PID:596
- C:\Windows\System\jtuetbn.exe
  C:\Windows\System\jtuetbn.exe
  2⤵
  PID:484
- C:\Windows\System\vCjjNym.exe
  C:\Windows\System\vCjjNym.exe
  2⤵
  PID:7192
- C:\Windows\System\rrDTbPn.exe
  C:\Windows\System\rrDTbPn.exe
  2⤵
  PID:8208
- C:\Windows\System\UsDsqtW.exe
  C:\Windows\System\UsDsqtW.exe
  2⤵
  PID:8224
- C:\Windows\System\enNeZDR.exe
  C:\Windows\System\enNeZDR.exe
  2⤵
  PID:8240
- C:\Windows\System\qUOsbfA.exe
  C:\Windows\System\qUOsbfA.exe
  2⤵
  PID:8256
- C:\Windows\System\NyjuGBg.exe
  C:\Windows\System\NyjuGBg.exe
  2⤵
  PID:8272
- C:\Windows\System\dRQFviW.exe
  C:\Windows\System\dRQFviW.exe
  2⤵
  PID:8288
- C:\Windows\System\tUMyXBf.exe
  C:\Windows\System\tUMyXBf.exe
  2⤵
  PID:8384
- C:\Windows\System\JCppWmr.exe
  C:\Windows\System\JCppWmr.exe
  2⤵
  PID:8400
- C:\Windows\System\JjARntk.exe
  C:\Windows\System\JjARntk.exe
  2⤵
  PID:8416
- C:\Windows\System\yryhWJy.exe
  C:\Windows\System\yryhWJy.exe
  2⤵
  PID:8432
- C:\Windows\System\VjUEXVO.exe
  C:\Windows\System\VjUEXVO.exe
  2⤵
  PID:8448
- C:\Windows\System\FaMysuW.exe
  C:\Windows\System\FaMysuW.exe
  2⤵
  PID:8464
- C:\Windows\System\EZBIrsH.exe
  C:\Windows\System\EZBIrsH.exe
  2⤵
  PID:8480
- C:\Windows\System\ZiXYztZ.exe
  C:\Windows\System\ZiXYztZ.exe
  2⤵
  PID:8496
- C:\Windows\System\gTzpBEt.exe
  C:\Windows\System\gTzpBEt.exe
  2⤵
  PID:8512
- C:\Windows\System\JVwUNwN.exe
  C:\Windows\System\JVwUNwN.exe
  2⤵
  PID:8528
- C:\Windows\System\ZAuPQVJ.exe
  C:\Windows\System\ZAuPQVJ.exe
  2⤵
  PID:8544
- C:\Windows\System\mdwqlAt.exe
  C:\Windows\System\mdwqlAt.exe
  2⤵
  PID:8560
- C:\Windows\System\arpeNbF.exe
  C:\Windows\System\arpeNbF.exe
  2⤵
  PID:8580
- C:\Windows\System\zAvYuEz.exe
  C:\Windows\System\zAvYuEz.exe
  2⤵
  PID:8596
- C:\Windows\System\RrAJgNq.exe
  C:\Windows\System\RrAJgNq.exe
  2⤵
  PID:8612
- C:\Windows\System\BIsHMTW.exe
  C:\Windows\System\BIsHMTW.exe
  2⤵
  PID:8628
- C:\Windows\System\VLSGqZM.exe
  C:\Windows\System\VLSGqZM.exe
  2⤵
  PID:8644
- C:\Windows\System\aJrGcjk.exe
  C:\Windows\System\aJrGcjk.exe
  2⤵
  PID:8660
- C:\Windows\System\hHNAzLp.exe
  C:\Windows\System\hHNAzLp.exe
  2⤵
  PID:8676
- C:\Windows\System\JttwmsQ.exe
  C:\Windows\System\JttwmsQ.exe
  2⤵
  PID:8692
- C:\Windows\System\AXkgUXJ.exe
  C:\Windows\System\AXkgUXJ.exe
  2⤵
  PID:8708
- C:\Windows\System\GJVmtwj.exe
  C:\Windows\System\GJVmtwj.exe
  2⤵
  PID:8724
- C:\Windows\System\jLqHUJF.exe
  C:\Windows\System\jLqHUJF.exe
  2⤵
  PID:8740
- C:\Windows\System\DcItSYy.exe
  C:\Windows\System\DcItSYy.exe
  2⤵
  PID:8756
- C:\Windows\System\ijhwJOV.exe
  C:\Windows\System\ijhwJOV.exe
  2⤵
  PID:8772
- C:\Windows\System\CthhNQH.exe
  C:\Windows\System\CthhNQH.exe
  2⤵
  PID:8788
- C:\Windows\System\WgkWBxI.exe
  C:\Windows\System\WgkWBxI.exe
  2⤵
  PID:8808
- C:\Windows\System\pPQqBYa.exe
  C:\Windows\System\pPQqBYa.exe
  2⤵
  PID:8824
- C:\Windows\System\WmeVeUZ.exe
  C:\Windows\System\WmeVeUZ.exe
  2⤵
  PID:8840
- C:\Windows\System\BKPneBB.exe
  C:\Windows\System\BKPneBB.exe
  2⤵
  PID:8864
- C:\Windows\System\aRVsObT.exe
  C:\Windows\System\aRVsObT.exe
  2⤵
  PID:8884
- C:\Windows\System\ewbaCnY.exe
  C:\Windows\System\ewbaCnY.exe
  2⤵
  PID:8900
- C:\Windows\System\HvpCUIP.exe
  C:\Windows\System\HvpCUIP.exe
  2⤵
  PID:8916
- C:\Windows\System\oeijZcA.exe
  C:\Windows\System\oeijZcA.exe
  2⤵
  PID:8932
- C:\Windows\System\sYMAudL.exe
  C:\Windows\System\sYMAudL.exe
  2⤵
  PID:8948
- C:\Windows\System\wmVqdeQ.exe
  C:\Windows\System\wmVqdeQ.exe
  2⤵
  PID:8964
- C:\Windows\System\WTmlJjJ.exe
  C:\Windows\System\WTmlJjJ.exe
  2⤵
  PID:8980
- C:\Windows\System\ewMQDqk.exe
  C:\Windows\System\ewMQDqk.exe
  2⤵
  PID:8996
- C:\Windows\System\TdJKVvQ.exe
  C:\Windows\System\TdJKVvQ.exe
  2⤵
  PID:9012
- C:\Windows\System\WACkLRI.exe
  C:\Windows\System\WACkLRI.exe
  2⤵
  PID:9032
- C:\Windows\System\OpSDMPd.exe
  C:\Windows\System\OpSDMPd.exe
  2⤵
  PID:9060
- C:\Windows\System\XPwGrIX.exe
  C:\Windows\System\XPwGrIX.exe
  2⤵
  PID:9176
- C:\Windows\System\TfnzYsl.exe
  C:\Windows\System\TfnzYsl.exe
  2⤵
  PID:7152
- C:\Windows\System\WaNSUFc.exe
  C:\Windows\System\WaNSUFc.exe
  2⤵
  PID:7620
- C:\Windows\System\eVFmdbi.exe
  C:\Windows\System\eVFmdbi.exe
  2⤵
  PID:2348
- C:\Windows\System\hKFfQBK.exe
  C:\Windows\System\hKFfQBK.exe
  2⤵
  PID:3000
- C:\Windows\System\zTqJVYI.exe
  C:\Windows\System\zTqJVYI.exe
  2⤵
  PID:388
- C:\Windows\System\lMKOuYt.exe
  C:\Windows\System\lMKOuYt.exe
  2⤵
  PID:1980
- C:\Windows\System\cCuRseI.exe
  C:\Windows\System\cCuRseI.exe
  2⤵
  PID:6244
- C:\Windows\System\denvHyK.exe
  C:\Windows\System\denvHyK.exe
  2⤵
  PID:8252
- C:\Windows\System\UxGvSzY.exe
  C:\Windows\System\UxGvSzY.exe
  2⤵
  PID:8316
- C:\Windows\System\OYRYcls.exe
  C:\Windows\System\OYRYcls.exe
  2⤵
  PID:8364
- C:\Windows\System\QnRbJlp.exe
  C:\Windows\System\QnRbJlp.exe
  2⤵
  PID:8304
- C:\Windows\System\HIsshQz.exe
  C:\Windows\System\HIsshQz.exe
  2⤵
  PID:8336
- C:\Windows\System\ltVQqJM.exe
  C:\Windows\System\ltVQqJM.exe
  2⤵
  PID:8368
- C:\Windows\System\NGurSHe.exe
  C:\Windows\System\NGurSHe.exe
  2⤵
  PID:8440
- C:\Windows\System\RsTTGHy.exe
  C:\Windows\System\RsTTGHy.exe
  2⤵
  PID:8504
- C:\Windows\System\EYUUQkj.exe
  C:\Windows\System\EYUUQkj.exe
  2⤵
  PID:8428
- C:\Windows\System\JHbgyvH.exe
  C:\Windows\System\JHbgyvH.exe
  2⤵
  PID:8492
- C:\Windows\System\YmxnzaW.exe
  C:\Windows\System\YmxnzaW.exe
  2⤵
  PID:8552
- C:\Windows\System\LWfUouF.exe
  C:\Windows\System\LWfUouF.exe
  2⤵
  PID:8536
- C:\Windows\System\TJyysfw.exe
  C:\Windows\System\TJyysfw.exe
  2⤵
  PID:8604
- C:\Windows\System\OrBzRop.exe
  C:\Windows\System\OrBzRop.exe
  2⤵
  PID:8668
- C:\Windows\System\jciOSPD.exe
  C:\Windows\System\jciOSPD.exe
  2⤵
  PID:8684
- C:\Windows\System\CRKXCwK.exe
  C:\Windows\System\CRKXCwK.exe
  2⤵
  PID:8716
- C:\Windows\System\jaZPpJI.exe
  C:\Windows\System\jaZPpJI.exe
  2⤵
  PID:8704
- C:\Windows\System\YjUQSWW.exe
  C:\Windows\System\YjUQSWW.exe
  2⤵
  PID:8768
- C:\Windows\System\XcNBlkG.exe
  C:\Windows\System\XcNBlkG.exe
  2⤵
  PID:8784
- C:\Windows\System\MSsCMoE.exe
  C:\Windows\System\MSsCMoE.exe
  2⤵
  PID:8832
- C:\Windows\System\OsPShCa.exe
  C:\Windows\System\OsPShCa.exe
  2⤵
  PID:8896
- C:\Windows\System\eNffcFR.exe
  C:\Windows\System\eNffcFR.exe
  2⤵
  PID:8880
- C:\Windows\System\WaTiiiZ.exe
  C:\Windows\System\WaTiiiZ.exe
  2⤵
  PID:8944
- C:\Windows\System\rgDTGpg.exe
  C:\Windows\System\rgDTGpg.exe
  2⤵
  PID:8960
- C:\Windows\System\yjYMHwu.exe
  C:\Windows\System\yjYMHwu.exe
  2⤵
  PID:9168
- C:\Windows\System\KOpRXfV.exe
  C:\Windows\System\KOpRXfV.exe
  2⤵
  PID:9192
- C:\Windows\System\aNNCXWi.exe
  C:\Windows\System\aNNCXWi.exe
  2⤵
  PID:9212
- C:\Windows\System\IWODQxh.exe
  C:\Windows\System\IWODQxh.exe
  2⤵
  PID:7700
- C:\Windows\System\Yziyzke.exe
  C:\Windows\System\Yziyzke.exe
  2⤵
  PID:3052
- C:\Windows\System\qgJFrOS.exe
  C:\Windows\System\qgJFrOS.exe
  2⤵
  PID:8232
- C:\Windows\System\KCwmyJh.exe
  C:\Windows\System\KCwmyJh.exe
  2⤵
  PID:6492
- C:\Windows\System\kBCSUKZ.exe
  C:\Windows\System\kBCSUKZ.exe
  2⤵
  PID:7424
- C:\Windows\System\xKnUVSp.exe
  C:\Windows\System\xKnUVSp.exe
  2⤵
  PID:8332
- C:\Windows\System\BXxhVql.exe
  C:\Windows\System\BXxhVql.exe
  2⤵
  PID:8380
- C:\Windows\System\tYWcMki.exe
  C:\Windows\System\tYWcMki.exe
  2⤵
  PID:8320
- C:\Windows\System\mVnrQIi.exe
  C:\Windows\System\mVnrQIi.exe
  2⤵
  PID:8396
- C:\Windows\System\vnTvLuE.exe
  C:\Windows\System\vnTvLuE.exe
  2⤵
  PID:8576
- C:\Windows\System\GBwZDiA.exe
  C:\Windows\System\GBwZDiA.exe
  2⤵
  PID:8592
- C:\Windows\System\nlRvrqM.exe
  C:\Windows\System\nlRvrqM.exe
  2⤵
  PID:8488
- C:\Windows\System\SPhUAiA.exe
  C:\Windows\System\SPhUAiA.exe
  2⤵
  PID:8640
- C:\Windows\System\sWaBaap.exe
  C:\Windows\System\sWaBaap.exe
  2⤵
  PID:8800
- C:\Windows\System\aDgPbuJ.exe
  C:\Windows\System\aDgPbuJ.exe
  2⤵
  PID:8928
- C:\Windows\System\sQPZDxw.exe
  C:\Windows\System\sQPZDxw.exe
  2⤵
  PID:9020
- C:\Windows\System\pPsvzvX.exe
  C:\Windows\System\pPsvzvX.exe
  2⤵
  PID:9040
- C:\Windows\System\jUunyvc.exe
  C:\Windows\System\jUunyvc.exe
  2⤵
  PID:9088
- C:\Windows\System\lIbgMyd.exe
  C:\Windows\System\lIbgMyd.exe
  2⤵
  PID:9104
- C:\Windows\System\jTIFuxh.exe
  C:\Windows\System\jTIFuxh.exe
  2⤵
  PID:9128
- C:\Windows\System\ToFLPjh.exe
  C:\Windows\System\ToFLPjh.exe
  2⤵
  PID:9144
- C:\Windows\System\WeHWBls.exe
  C:\Windows\System\WeHWBls.exe
  2⤵
  PID:9164
- C:\Windows\System\TGwubsq.exe
  C:\Windows\System\TGwubsq.exe
  2⤵
  PID:8264
- C:\Windows\System\qJwICkM.exe
  C:\Windows\System\qJwICkM.exe
  2⤵
  PID:2944
- C:\Windows\System\VGJomLy.exe
  C:\Windows\System\VGJomLy.exe
  2⤵
  PID:1376
- C:\Windows\System\dCgVYrz.exe
  C:\Windows\System\dCgVYrz.exe
  2⤵
  PID:1468
- C:\Windows\System\xaACLiV.exe
  C:\Windows\System\xaACLiV.exe
  2⤵
  PID:8268
- C:\Windows\System\WyGVsVK.exe
  C:\Windows\System\WyGVsVK.exe
  2⤵
  PID:8352
- C:\Windows\System\pQNmrDQ.exe
  C:\Windows\System\pQNmrDQ.exe
  2⤵
  PID:8356
- C:\Windows\System\WsUlZst.exe
  C:\Windows\System\WsUlZst.exe
  2⤵
  PID:8568
- C:\Windows\System\PBEZrnL.exe
  C:\Windows\System\PBEZrnL.exe
  2⤵
  PID:8476
- C:\Windows\System\dKsKivf.exe
  C:\Windows\System\dKsKivf.exe
  2⤵
  PID:8852
- C:\Windows\System\BWWqvQz.exe
  C:\Windows\System\BWWqvQz.exe
  2⤵
  PID:8876
- C:\Windows\System\qDKaAkF.exe
  C:\Windows\System\qDKaAkF.exe
  2⤵
  PID:8220
- C:\Windows\System\hnYgjRx.exe
  C:\Windows\System\hnYgjRx.exe
  2⤵
  PID:9084
- C:\Windows\System\OmQuRQs.exe
  C:\Windows\System\OmQuRQs.exe
  2⤵
  PID:9156
- C:\Windows\System\WDjBmIE.exe
  C:\Windows\System\WDjBmIE.exe
  2⤵
  PID:9136
- C:\Windows\System\DEMGAzn.exe
  C:\Windows\System\DEMGAzn.exe
  2⤵
  PID:8588
- C:\Windows\System\RjSCmBk.exe
  C:\Windows\System\RjSCmBk.exe
  2⤵
  PID:8308
- C:\Windows\System\DZeOEvL.exe
  C:\Windows\System\DZeOEvL.exe
  2⤵
  PID:8992
- C:\Windows\System\ypWgpzo.exe
  C:\Windows\System\ypWgpzo.exe
  2⤵
  PID:7816
- C:\Windows\System\LVTpLvi.exe
  C:\Windows\System\LVTpLvi.exe
  2⤵
  PID:8892
- C:\Windows\System\lTNIBEq.exe
  C:\Windows\System\lTNIBEq.exe
  2⤵
  PID:1056
- C:\Windows\System\mqjrdAS.exe
  C:\Windows\System\mqjrdAS.exe
  2⤵
  PID:9148
- C:\Windows\System\WmuNGlW.exe
  C:\Windows\System\WmuNGlW.exe
  2⤵
  PID:8624
- C:\Windows\System\ETKALZi.exe
  C:\Windows\System\ETKALZi.exe
  2⤵
  PID:8248
- C:\Windows\System\wtdxAhz.exe
  C:\Windows\System\wtdxAhz.exe
  2⤵
  PID:8956
- C:\Windows\System\FmZuwTb.exe
  C:\Windows\System\FmZuwTb.exe
  2⤵
  PID:7520
- C:\Windows\System\QSlZEoF.exe
  C:\Windows\System\QSlZEoF.exe
  2⤵
  PID:9096
- C:\Windows\System\KhgvCfo.exe
  C:\Windows\System\KhgvCfo.exe
  2⤵
  PID:8204
- C:\Windows\System\vlMaauE.exe
  C:\Windows\System\vlMaauE.exe
  2⤵
  PID:2860
- C:\Windows\System\ITtKiOK.exe
  C:\Windows\System\ITtKiOK.exe
  2⤵
  PID:8348
- C:\Windows\System\UJXwRnS.exe
  C:\Windows\System\UJXwRnS.exe
  2⤵
  PID:9068
- C:\Windows\System\UrZoaMo.exe
  C:\Windows\System\UrZoaMo.exe
  2⤵
  PID:8820
- C:\Windows\System\TvngJcx.exe
  C:\Windows\System\TvngJcx.exe
  2⤵
  PID:8216
- C:\Windows\System\GQuxQpm.exe
  C:\Windows\System\GQuxQpm.exe
  2⤵
  PID:9228
- C:\Windows\System\KexxFSE.exe
  C:\Windows\System\KexxFSE.exe
  2⤵
  PID:9248
- C:\Windows\System\weQnesg.exe
  C:\Windows\System\weQnesg.exe
  2⤵
  PID:9276
- C:\Windows\System\AmxASFp.exe
  C:\Windows\System\AmxASFp.exe
  2⤵
  PID:9296
- C:\Windows\System\AuDlemQ.exe
  C:\Windows\System\AuDlemQ.exe
  2⤵
  PID:9312
- C:\Windows\System\nwhxaXf.exe
  C:\Windows\System\nwhxaXf.exe
  2⤵
  PID:9332
- C:\Windows\System\KmNegQJ.exe
  C:\Windows\System\KmNegQJ.exe
  2⤵
  PID:9352
- C:\Windows\System\aTPnmqB.exe
  C:\Windows\System\aTPnmqB.exe
  2⤵
  PID:9376
- C:\Windows\System\MdNjhBH.exe
  C:\Windows\System\MdNjhBH.exe
  2⤵
  PID:9392
- C:\Windows\System\dGouFxM.exe
  C:\Windows\System\dGouFxM.exe
  2⤵
  PID:9412
- C:\Windows\System\itrwxFZ.exe
  C:\Windows\System\itrwxFZ.exe
  2⤵
  PID:9436
- C:\Windows\System\CrXWszh.exe
  C:\Windows\System\CrXWszh.exe
  2⤵
  PID:9452
- C:\Windows\System\HpyWuDc.exe
  C:\Windows\System\HpyWuDc.exe
  2⤵
  PID:9468
- C:\Windows\System\NGomSwz.exe
  C:\Windows\System\NGomSwz.exe
  2⤵
  PID:9488
- C:\Windows\System\HUnsfIO.exe
  C:\Windows\System\HUnsfIO.exe
  2⤵
  PID:9512
- C:\Windows\System\yLVXSrB.exe
  C:\Windows\System\yLVXSrB.exe
  2⤵
  PID:9528
- C:\Windows\System\LijofVm.exe
  C:\Windows\System\LijofVm.exe
  2⤵
  PID:9544
- C:\Windows\System\YkuNdrF.exe
  C:\Windows\System\YkuNdrF.exe
  2⤵
  PID:9560
- C:\Windows\System\ZzwZtFt.exe
  C:\Windows\System\ZzwZtFt.exe
  2⤵
  PID:9580
- C:\Windows\System\RTuySaJ.exe
  C:\Windows\System\RTuySaJ.exe
  2⤵
  PID:9596
- C:\Windows\System\iUyTVKx.exe
  C:\Windows\System\iUyTVKx.exe
  2⤵
  PID:9628
- C:\Windows\System\nzrjieZ.exe
  C:\Windows\System\nzrjieZ.exe
  2⤵
  PID:9648
- C:\Windows\System\zHgEYia.exe
  C:\Windows\System\zHgEYia.exe
  2⤵
  PID:9672
- C:\Windows\System\IFYAQNk.exe
  C:\Windows\System\IFYAQNk.exe
  2⤵
  PID:9692
- C:\Windows\System\gwpoLwD.exe
  C:\Windows\System\gwpoLwD.exe
  2⤵
  PID:9708
- C:\Windows\System\kVTCvtX.exe
  C:\Windows\System\kVTCvtX.exe
  2⤵
  PID:9728
- C:\Windows\System\DCbfdPt.exe
  C:\Windows\System\DCbfdPt.exe
  2⤵
  PID:9744
- C:\Windows\System\flGiPAx.exe
  C:\Windows\System\flGiPAx.exe
  2⤵
  PID:9764
- C:\Windows\System\dMBZzeX.exe
  C:\Windows\System\dMBZzeX.exe
  2⤵
  PID:9780
- C:\Windows\System\wsTMeXr.exe
  C:\Windows\System\wsTMeXr.exe
  2⤵
  PID:9796
- C:\Windows\System\LQpcTtf.exe
  C:\Windows\System\LQpcTtf.exe
  2⤵
  PID:9812
- C:\Windows\System\YfWfwZB.exe
  C:\Windows\System\YfWfwZB.exe
  2⤵
  PID:9832
- C:\Windows\System\GzcODfI.exe
  C:\Windows\System\GzcODfI.exe
  2⤵
  PID:9852
- C:\Windows\System\HrNFVve.exe
  C:\Windows\System\HrNFVve.exe
  2⤵
  PID:9872
- C:\Windows\System\nEnxcFT.exe
  C:\Windows\System\nEnxcFT.exe
  2⤵
  PID:9892
- C:\Windows\System\PLFMKQF.exe
  C:\Windows\System\PLFMKQF.exe
  2⤵
  PID:9908
- C:\Windows\System\FCXbzci.exe
  C:\Windows\System\FCXbzci.exe
  2⤵
  PID:9928
- C:\Windows\System\StGyRPc.exe
  C:\Windows\System\StGyRPc.exe
  2⤵
  PID:9944
- C:\Windows\System\MKuCgMx.exe
  C:\Windows\System\MKuCgMx.exe
  2⤵
  PID:9968
- C:\Windows\System\OSTAynF.exe
  C:\Windows\System\OSTAynF.exe
  2⤵
  PID:9984
- C:\Windows\System\WdRPcTq.exe
  C:\Windows\System\WdRPcTq.exe
  2⤵
  PID:10004
- C:\Windows\System\MBsETBc.exe
  C:\Windows\System\MBsETBc.exe
  2⤵
  PID:10024
- C:\Windows\System\ZWHSuDA.exe
  C:\Windows\System\ZWHSuDA.exe
  2⤵
  PID:10040
- C:\Windows\System\fsyMrWR.exe
  C:\Windows\System\fsyMrWR.exe
  2⤵
  PID:10060
- C:\Windows\System\GqEUVDl.exe
  C:\Windows\System\GqEUVDl.exe
  2⤵
  PID:10076
- C:\Windows\System\BEzlkvk.exe
  C:\Windows\System\BEzlkvk.exe
  2⤵
  PID:10096
- C:\Windows\System\RbrzPaX.exe
  C:\Windows\System\RbrzPaX.exe
  2⤵
  PID:10112
- C:\Windows\System\TQVeMgg.exe
  C:\Windows\System\TQVeMgg.exe
  2⤵
  PID:10128
- C:\Windows\System\exBAYXS.exe
  C:\Windows\System\exBAYXS.exe
  2⤵
  PID:10148
- C:\Windows\System\fNjmzYb.exe
  C:\Windows\System\fNjmzYb.exe
  2⤵
  PID:10168
- C:\Windows\System\xRerJmG.exe
  C:\Windows\System\xRerJmG.exe
  2⤵
  PID:10188
- C:\Windows\System\wiJZaBK.exe
  C:\Windows\System\wiJZaBK.exe
  2⤵
  PID:10212
- C:\Windows\System\bcFWnUo.exe
  C:\Windows\System\bcFWnUo.exe
  2⤵
  PID:10228
- C:\Windows\System\AXAfvYH.exe
  C:\Windows\System\AXAfvYH.exe
  2⤵
  PID:8764
- C:\Windows\System\sPkhNJs.exe
  C:\Windows\System\sPkhNJs.exe
  2⤵
  PID:9244
- C:\Windows\System\ozmrZMg.exe
  C:\Windows\System\ozmrZMg.exe
  2⤵
  PID:9268
- C:\Windows\System\ESMJoSJ.exe
  C:\Windows\System\ESMJoSJ.exe
  2⤵
  PID:9292
- C:\Windows\System\pSUzHxL.exe
  C:\Windows\System\pSUzHxL.exe
  2⤵
  PID:9324
- C:\Windows\System\CclZvRw.exe
  C:\Windows\System\CclZvRw.exe
  2⤵
  PID:8736
- C:\Windows\System\HdPPkDe.exe
  C:\Windows\System\HdPPkDe.exe
  2⤵
  PID:9384
- C:\Windows\System\xEdLIRc.exe
  C:\Windows\System\xEdLIRc.exe
  2⤵
  PID:9404
- C:\Windows\System\QgKNznv.exe
  C:\Windows\System\QgKNznv.exe
  2⤵
  PID:9444
- C:\Windows\System\dVhzMJO.exe
  C:\Windows\System\dVhzMJO.exe
  2⤵
  PID:9520
- C:\Windows\System\ZKAXknd.exe
  C:\Windows\System\ZKAXknd.exe
  2⤵
  PID:9536
- C:\Windows\System\ycSVSDq.exe
  C:\Windows\System\ycSVSDq.exe
  2⤵
  PID:9568
- C:\Windows\System\gYHPBSn.exe
  C:\Windows\System\gYHPBSn.exe
  2⤵
  PID:9464
- C:\Windows\System\sTcsLrO.exe
  C:\Windows\System\sTcsLrO.exe
  2⤵
  PID:9612
- C:\Windows\System\udkDqtl.exe
  C:\Windows\System\udkDqtl.exe
  2⤵
  PID:9684
- C:\Windows\System\tQUjQAO.exe
  C:\Windows\System\tQUjQAO.exe
  2⤵
  PID:9724
- C:\Windows\System\UbFaafr.exe
  C:\Windows\System\UbFaafr.exe
  2⤵
  PID:9756
- C:\Windows\System\mPCOyfS.exe
  C:\Windows\System\mPCOyfS.exe
  2⤵
  PID:9824
- C:\Windows\System\fkPGEGW.exe
  C:\Windows\System\fkPGEGW.exe
  2⤵
  PID:9900
- C:\Windows\System\TTAPjVs.exe
  C:\Windows\System\TTAPjVs.exe
  2⤵
  PID:9664
- C:\Windows\System\mnunwJi.exe
  C:\Windows\System\mnunwJi.exe
  2⤵
  PID:10016
- C:\Windows\System\CmWOhPQ.exe
  C:\Windows\System\CmWOhPQ.exe
  2⤵
  PID:10052
- C:\Windows\System\maiizfS.exe
  C:\Windows\System\maiizfS.exe
  2⤵
  PID:10120
- C:\Windows\System\rRnyTHs.exe
  C:\Windows\System\rRnyTHs.exe
  2⤵
  PID:10164
- C:\Windows\System\HGFSfUG.exe
  C:\Windows\System\HGFSfUG.exe
  2⤵
  PID:10204
- C:\Windows\System\VjMTPJN.exe
  C:\Windows\System\VjMTPJN.exe
  2⤵
  PID:9304
- C:\Windows\System\BJLgaEC.exe
  C:\Windows\System\BJLgaEC.exe
  2⤵
  PID:9320
- C:\Windows\System\HsNsFXG.exe
  C:\Windows\System\HsNsFXG.exe
  2⤵
  PID:9424
- C:\Windows\System\ZlSQYWy.exe
  C:\Windows\System\ZlSQYWy.exe
  2⤵
  PID:9592
- C:\Windows\System\OXIajqr.exe
  C:\Windows\System\OXIajqr.exe
  2⤵
  PID:9880
- C:\Windows\System\QzhJslZ.exe
  C:\Windows\System\QzhJslZ.exe
  2⤵
  PID:9668
- C:\Windows\System\VNkFOuc.exe
  C:\Windows\System\VNkFOuc.exe
  2⤵
  PID:9804
- C:\Windows\System\KONTcsi.exe
  C:\Windows\System\KONTcsi.exe
  2⤵
  PID:10032
- C:\Windows\System\BibtZid.exe
  C:\Windows\System\BibtZid.exe
  2⤵
  PID:9772
- C:\Windows\System\ceelagf.exe
  C:\Windows\System\ceelagf.exe
  2⤵
  PID:9848
- C:\Windows\System\REZYoLH.exe
  C:\Windows\System\REZYoLH.exe
  2⤵
  PID:9920
- C:\Windows\System\PdyYwlm.exe
  C:\Windows\System\PdyYwlm.exe
  2⤵
  PID:9960
- C:\Windows\System\gLQvrLu.exe
  C:\Windows\System\gLQvrLu.exe
  2⤵
  PID:10000
- C:\Windows\System\FjSGwhs.exe
  C:\Windows\System\FjSGwhs.exe
  2⤵
  PID:10104
- C:\Windows\System\WdrweHF.exe
  C:\Windows\System\WdrweHF.exe
  2⤵
  PID:10180
- C:\Windows\System\bactsAS.exe
  C:\Windows\System\bactsAS.exe
  2⤵
  PID:9868
- C:\Windows\System\PygYKcF.exe
  C:\Windows\System\PygYKcF.exe
  2⤵
  PID:9284
- C:\Windows\System\uHWxBzB.exe
  C:\Windows\System\uHWxBzB.exe
  2⤵
  PID:9348
- C:\Windows\System\nwUcLUF.exe
  C:\Windows\System\nwUcLUF.exe
  2⤵
  PID:9556
- C:\Windows\System\VlBcxlU.exe
  C:\Windows\System\VlBcxlU.exe
  2⤵
  PID:9992
- C:\Windows\System\RokWxZf.exe
  C:\Windows\System\RokWxZf.exe
  2⤵
  PID:10144
- C:\Windows\System\pOmIbFQ.exe
  C:\Windows\System\pOmIbFQ.exe
  2⤵
  PID:10012
- C:\Windows\System\LuYQYrV.exe
  C:\Windows\System\LuYQYrV.exe
  2⤵
  PID:10220
- C:\Windows\System\AiGWThQ.exe
  C:\Windows\System\AiGWThQ.exe
  2⤵
  PID:9604
- C:\Windows\System\mFLeJic.exe
  C:\Windows\System\mFLeJic.exe
  2⤵
  PID:9788
- C:\Windows\System\NuUKQXV.exe
  C:\Windows\System\NuUKQXV.exe
  2⤵
  PID:9940
- C:\Windows\System\YXhvxIi.exe
  C:\Windows\System\YXhvxIi.exe
  2⤵
  PID:10048
- C:\Windows\System\DEKkQMC.exe
  C:\Windows\System\DEKkQMC.exe
  2⤵
  PID:9432
- C:\Windows\System\SlpKxkV.exe
  C:\Windows\System\SlpKxkV.exe
  2⤵
  PID:10056
- C:\Windows\System\pahzAVs.exe
  C:\Windows\System\pahzAVs.exe
  2⤵
  PID:8460
- C:\Windows\System\ejEQPFd.exe
  C:\Windows\System\ejEQPFd.exe
  2⤵
  PID:9656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AREnAEs.exe

Filesize
6.0MB

MD5
54c44845830e30bd1b15692f4f981571

SHA1
e92e47ca561a6cc5153b150ca103cd5b677d1600

SHA256
81d4b605e74a9dc99fbfc1de0ad94188a07d34b7ec15dd51d25ea0e3c33752a3

SHA512
16a980d7ffcb42d3cbfd0b71e7f3528afce434cf05d085d07c7da08a16430de2546dab975a3ccc5beda3a603e558928bb20ff49c5ff7d61f9dd745816f62ef07

Download Submit
C:\Windows\system\AzLjuNL.exe

Filesize
6.0MB

MD5
61a32b4734c79f68a4aeee17efafc68f

SHA1
386ffd415d56650f796530370f6eb564e215347a

SHA256
da85bab57505409cc3570b57b1a638a303da353a8676f90c24424df8a60dc954

SHA512
4c334dac9e2dcdb1da75e13fdbfc449d38b3f15527c0b148350737c4ab49dbfd0f10e25869488d7b25a168d49d3fedd6b0761fef740daeb4948cf0e8a1fcca22

Download Submit
C:\Windows\system\EInHyjC.exe

Filesize
6.0MB

MD5
e99544957a93e281075a34bacc23eb05

SHA1
e50b66b77047de69fb56b0b6d9421d0569045377

SHA256
63725663b7e0d8bc620f824f71ae78841deb3c8fd377b4cc2df30de68b37de7d

SHA512
7300ad7f5f195dcc46efde778c2e26da8f28c6ab0365b864ded4d44df5aee5d33349d101531d2b77041cb9cbde05a0a17ac8b1d1445d34ecf3f9a22e17cbbefe

Download Submit
C:\Windows\system\FftIXZt.exe

Filesize
6.0MB

MD5
3e1cfceee76a25f518310773d32e73d7

SHA1
dc4e05cf8aae0001b9b166297cc4af6624963578

SHA256
d4ee44e7104755fa88404270174fb8f5b0902b244d412a08172349974d3094e8

SHA512
6569968ed4b9e5e8c8383ec87c3b8c02aae2fa5be3e2efafe4476d9ce6fa4d2c362e7eab3a2449a2ee5c675d29f7af74cba33bff542aba9358a591422a0dcc63

Download Submit
C:\Windows\system\LxSYOzU.exe

Filesize
6.0MB

MD5
176ac4d5098b81f8670e5584e24bc4e1

SHA1
81917906bd73ed34e11834c61c718cca23b10a0e

SHA256
0fd57c3435aa5c9844e0b08c607dbb777c82a8cca1294743c85dfc011e35d508

SHA512
8276160a87f9482f939f0fc48b8198535fbfd98d8c81f28708d6fa469bea36be34a40dd695e1892f9f06db1d2d6f5aad37cd098a1e5b26bbbf74bb1155a56d1c

Download Submit
C:\Windows\system\NXfUgbk.exe

Filesize
6.0MB

MD5
6f30ddd17043cc8af06efab39f81bd20

SHA1
7454af9659369d039dfdcc319543bf71f2319376

SHA256
3a27a5614a36ce27005915deb73508766cf38f5d73482f881e681692d7e4afd4

SHA512
1fadff8bf0fadf4eaac403b206210e101273b421549db147698cbb37f224f42fa1e27e8fb7ff18dcc97e053863c4eda0ce3e17b8f19fc72521a60333e98eafd5

Download Submit
C:\Windows\system\NdgbxCo.exe

Filesize
6.0MB

MD5
d82c4a15be1a6c96a1b71bc45e5603ae

SHA1
28186be0a6b9851b143c95dfbf7f66f5cca4be18

SHA256
edc9624fad9976264dde5aa4fe7a390342b989b40e9aae2f4be8c7bfbbb06162

SHA512
4aec431039f74e780e46746bfc029a3501b837706ab15922e2514912f642e3256331072c18f2e68de11f7f5c1316f68c3266fd191d66d7c5948d0c349df6ede9

Download Submit
C:\Windows\system\NmGdrdF.exe

Filesize
6.0MB

MD5
8ac9d08d59e4598a4c1eab000026d33e

SHA1
d40d5b0e437bac80597fc0f9a1404977733e075e

SHA256
44da17aab0b8ee9387b062ca7003b28a5244ea662cad81140318b49c1611e849

SHA512
9acbcf167d21d8480f892fcc723966da3ee66d1ea20c1d71e8af4235f13921da9b4f0b845d60f0e0f50ca292b02855331ec4210154dda97596db776fb40acbad

Download Submit
C:\Windows\system\NwvbFrX.exe

Filesize
6.0MB

MD5
1b3caa5009cd250de46286ec7cd689db

SHA1
6beb6e807a4a57d1acb67b861f700468f19d2e41

SHA256
172c04bcede6f73a03827454d988cb39f74ddb3db5fcd7a31b2fec1112bcb4ad

SHA512
4aa7dbcd9d761b3fff0eacdd5e759260624171e60775afd25ec15ab6209c2769c66a72e6d078e6f01c3991dc51ffe294321b75953304523bb0a0ff891ddc3f27

Download Submit
C:\Windows\system\PGAmYre.exe

Filesize
6.0MB

MD5
398dc7cf7d60e4c91e9b79c2b5b0bd6a

SHA1
3272b5100801331a4156194d0548c73aa6f4cafb

SHA256
671b58d58f3c9b98e217657aab1a71ab9688814c330fd38f6545f4794c6b7049

SHA512
baab664d1b22708eca05b52b85879cd21e644333fc8a61b7e03f51b97bfb30a289eba3e8994c7a3065e7346a7a1f58dc5f14d39d3aceb91a160c9a18251ebe47

Download Submit
C:\Windows\system\QewROAr.exe

Filesize
6.0MB

MD5
43c3397cfe3074615b5f894e82964966

SHA1
d0df77667bbe91c78f71a815a552e4a6532629be

SHA256
4fea3dbee4df0a93ee02e228c4b7278d4d7d9f9434b8f864cd183fc98565a720

SHA512
82213c9685b83b2221b0e243db331e9031434d040fa1dca1f63de80c61aca64118bd2a93ce585b9fe2835b6d25abe47be05d89de0496889e2e00ab0d791615b8

Download Submit
C:\Windows\system\WXxtyuq.exe

Filesize
6.0MB

MD5
42ece17f0305adc6a4912bb9204b9dd1

SHA1
608790c21a3b2fd1f9cb9b2ab2f4ac7637998162

SHA256
ba736d94ce413d680213affd51c4f500c01c35c78891ffa2d20e79bb82350a4d

SHA512
56d8f17b260fbcbe518e568217c360a7cb707e413e54382d2e5a8e067c48112ef264a87956d42f65b2bbc1c9ba1e3131a0f2b0ea665054cd3da2c0ed9ed77fdd

Download Submit
C:\Windows\system\WfPGZTP.exe

Filesize
6.0MB

MD5
9380daea1fd5a6c1b13e734f634867bb

SHA1
ff9bc957fad9ea7ca6286764df690d365e9944cb

SHA256
1716dd9f99e02d9eb9d3c239240b323f20b40343854a9696e0f2d810d5c99cc7

SHA512
111718824dcbf962ecd66e6aee10e4d7d6b759378768cdd32ad2751cf06d1293c6ae0bb305438f82479200d504768c082631001c4de960ada76cdd036a5c6cf3

Download Submit
C:\Windows\system\XsEjyOQ.exe

Filesize
6.0MB

MD5
dc53d2cc17929c34e5e9df4d48486bad

SHA1
66ae43339fbe385933ec44baf92139681bb1516b

SHA256
b557297c303ffa7a4f0e2d29c7714589d9cd0ef7400edad73a6c8b8a868b5d51

SHA512
f1966bddcd3930b35a85dff7bb143ca52f9adce589c4f45b6428553ad203059b533ad0ac694c4fe241370fe41a248aa23b09ba587c627e4ffb8ae84938f7a403

Download Submit
C:\Windows\system\ZUYJNxx.exe

Filesize
6.0MB

MD5
c117d10268f2030c07807b30b4650570

SHA1
6263ea2980764df6608fdf0654cafddc81f86db5

SHA256
ed00b54eb9bb664ba741b95b590f17d99ed3677740cf68e8113e35891427a695

SHA512
1bf5ce80a2cea02ab6a68debe4edcaa018ff4ab8420ad34e76f5464d1c327f8355da8c90604daace20e9447d2192e4ebf9b783b60702daf0d8dfb2f76950a614

Download Submit
C:\Windows\system\ccgYONM.exe

Filesize
6.0MB

MD5
fe704dc4c4936c6ad4963d539f2bf972

SHA1
16da8b53a4d23b73c17cdbb2f1082b616906fdbd

SHA256
8b87ce6d6df88ccd9275b0cc04061e2c6304d68e0279cf3879d1e454476bc7dc

SHA512
99738d2645f18ea24b50b057b3bf4e8de4f1a924585dd715b9be5bf26f4fde7949bcec59680f964673ed34e0ae5f08732c83737d9e5c954e7e25ba91ac9d47a9

Download Submit
C:\Windows\system\dUcaskE.exe

Filesize
6.0MB

MD5
0d5b5a8010d48d38848310c670acef42

SHA1
c93de9a4e95076822ef4f0ac50f397ff4e2d5002

SHA256
5f7c4475a68a83618f7d61416d9d32e9444cbcfa0a364230c605c9edca19d9e5

SHA512
7d5af8760f858fbc02051417158ab61121863c02a61f505bc7aa5b92339a003a6082c1025c755ca7aef7b71a069973876c0a57ca139265f4d5c0600dcb7559c2

Download Submit
C:\Windows\system\drWAXbN.exe

Filesize
6.0MB

MD5
5755af74785a5fe867eab5c13e4a03fb

SHA1
844e63d0ebcac2d60fbe6ad6696682bc625734df

SHA256
7d9911f7f71602a1051960b2cc49ffdc7c108dceadf10fe6a71286287c5db50d

SHA512
d1a0c64a0a8ed894525943355d90ec7d52c523c63c537198da088705011d05f8cc0b308c035c401ec5cf40db67f4f391106b11184a144346eb037789cee319e5

Download Submit
C:\Windows\system\fYnLdSW.exe

Filesize
6.0MB

MD5
2475a8036c9ab59f38d8c04f50e1d331

SHA1
c7c6b92b025e39ff6f235aa1cd82cb9f546a6db2

SHA256
d0caffcf628ad19a282c155ac2a2e192ff9f700f23f9d0015f8ccc4011e0ced5

SHA512
49c53a67e3288704285f6c8e80e0a8e523e80ac87a696e15b799d3686200db1b43a6e4fb18506548bc88a7620432adb13efb8f654948d55a76082c1c196a2f41

Download Submit
C:\Windows\system\gwQvCIL.exe

Filesize
6.0MB

MD5
7da6d6b3ba4b499bee0ee77218315b22

SHA1
2baf3fa117f5f3eba1b8bc0c711ab2956e119384

SHA256
5ce7d381dea1870e89ec627a829948893a8cda42eede4e60fb7eb484974fd778

SHA512
084339ee55d352ab6965c4ca0a4a72125583b57585f5960d131d83dc1d4444dafdebe7e3fbb53bdc1da1bd710bdbb1256d0badb7cc0dab0749af0ac3561cbbc1

Download Submit
C:\Windows\system\icryOyl.exe

Filesize
6.0MB

MD5
42707b156f14502c8c6d64e3e3f7f14e

SHA1
b9aed1832d9380d3893912e13236295dff852644

SHA256
a995ffc9c1cfda47cccd19625bc7d25be0ff12b6adb4827cfd608d9c579f086a

SHA512
b61275064d3c068eb76187072fb94614da0fa4d47a5308eede0f44772a4615f68c591daec66765c64315e120b71472027d3bf78cbbe8532a579e868ebed0f682

Download Submit
C:\Windows\system\iilgoNd.exe

Filesize
6.0MB

MD5
3109b0536b060d6d7086f77c226df7bc

SHA1
7244979cea1405443d69a7e661f5ecb3f1f3bf50

SHA256
6537de662e6202c4e9df24f9ac173aaddc8546e824c555ce12162d074b2b34d1

SHA512
3697a01f377842b9659f93e33233d6a97236ef3ba62cfc51e028a09e356836f19f00474e41b3d70b4c399fa58c331f0526acb19bed8835f5c0586bc4faa43c94

Download Submit
C:\Windows\system\rlvNEWi.exe

Filesize
6.0MB

MD5
5d0acbbe5f608151be7eb09dc7b3df40

SHA1
c1cb144f8a6c996fc7c3c558d86be5398b9e0941

SHA256
a571d3acc19a07633ea8c3850e703a8f03f931c41a8ca00840f68b922d8ee320

SHA512
a4993ace18baf17f53592a4425aee7f1ce17376c2452f5d10091cd1f78333f451708f1be6d18429bcf2e38b19b4e912bdb2b2a712ae86a37ccdf2f6a4a6c64ca

Download Submit
C:\Windows\system\tShWBjd.exe

Filesize
6.0MB

MD5
f317256465be1b3b4550b87a523ee8e4

SHA1
65c36756d734bf16564656e1d9e32d5a01638af8

SHA256
588078abb1243ddee370b863543edeaf99df28d17638a9802689e35a8730eed4

SHA512
d67b213965e219a01649ec4a7a8e2f3cc4142c63a0e53e7fbeda96cb14cdb4250ed2bca7f51b68c98153034c2aa736ca5e57c86e5761dd666445587760d416ed

Download Submit
C:\Windows\system\uSGmgkB.exe

Filesize
6.0MB

MD5
1865a684305e164b59dc56fa3f069f62

SHA1
fb0ccabb7bee17294174ae8bd0d630c6ed776b02

SHA256
1fec645547e5a4c50f80627c188d088803bae8d724804dc7cb6764ee4416e66b

SHA512
5d9f7c88836cd400f49a300c71f2691361cdb8c2d02e9a0a537d6f7ae0d591ef490a461eb1a017c3bc8c5e8830c04850a509c4cef46403a091bf3042b69e467e

Download Submit
C:\Windows\system\vHpCPEi.exe

Filesize
6.0MB

MD5
d33219395ad0a5d6819008ecbb2ec55c

SHA1
1a45bd6f81e13a4f4c91587f09b8e2b6004645d9

SHA256
3cf45d3a87dc190c0f45a8668ff2ab1ca1c6cf7293448dc758b87caeb057eef1

SHA512
abbc6b5d63ade54e499ed724fd388036704c15d4602ab06bc32b2cd13cceac7bc091aae8b14ff790898632c405babaf87761dd32560190e41eba02f4ab2c203b

Download Submit
C:\Windows\system\voJljUg.exe

Filesize
6.0MB

MD5
23f8229f6371a989513ef14cf6e1dd1e

SHA1
9920d1d37b24353818fe4292f4a7f69cc55c1f25

SHA256
70a9e434dac9e4478499e7b6e4319bf1d09a1956c5b896d491040dd02f4ebaf0

SHA512
d953cba0f0fe4479ff8dfe0a4abef3e27dcb993b9294a1f9bb4145513a8f83efa22afbac395b1c6bc79808ad0e2f7bc719395ab9fb4137e6386aaf6707a29e5c

Download Submit
C:\Windows\system\xGtnbKq.exe

Filesize
6.0MB

MD5
53c30beeddd8e0c7f79baef7ebd40962

SHA1
fb9b4554eaaab4949b0207e87e9433c9225b11ab

SHA256
63c12dbf5a2a3bd02b9aa607b22cd1ae482ccbbe63fb9d560fb6494f4b1e4123

SHA512
04c7729db863c7a2860ffd445f4bb00809b662cbb1fbeb642e554738345a5c4cffd58b1aa85a104728ec1c52bd1be3656ba0a98babf4c1555732bb3121be9e9c

Download Submit
C:\Windows\system\ycMNykD.exe

Filesize
6.0MB

MD5
5409591b85a1e03656990941396d2808

SHA1
54321d45c2798abb599febedd547eef87d2ade6a

SHA256
8c4fcd0fa7edd7f3b27124b9760fd9ba49548cdf1780bfb07218111df18f6100

SHA512
6eabd06bf87315b12a9c3aa8ffe4d4cf6ef9e9a695ac2c03097d155494ebbf309517c9b37c8189e4633236d47775a650d9155404c420b42d2a71f6cb90bfa51c

Download Submit
\Windows\system\JpZWPBD.exe

Filesize
6.0MB

MD5
d30d7a7bfd4baa29cbc6d39ae8938ddf

SHA1
33b24f39d825ab9ed18db0404d1fe15355bdd2c9

SHA256
c3f32aabfb55e05af915c15e3ca73b19ab82ce962e4607d571ed6efbdda7406a

SHA512
def00769ef5413c032264a4deac84e24727f74019b2b110fdf2c36c05d2aaecb062fab8f50115ae17d7a3bda25fced8dda7d06ac98b20064cf95ddce02242525

Download Submit
\Windows\system\KUGjmzj.exe

Filesize
6.0MB

MD5
b8d7dbc58b1e0bc453ed10e52994c8f8

SHA1
ba5de4786932f12f288c324aeb7eee1077a50b91

SHA256
f77d3b34bd03c6135a5af73316c35ac8e8dfd76abfead1a8092889c6a70e71f1

SHA512
83943ea7273129cebdacd1fd42531a33d385b849630f2d283422dd1db7539eb111d075eb97574af778d0ac5fdb2873a8f7aba4b6985fdeb85a47adb2381d4c67

Download Submit
\Windows\system\xgpNqDu.exe

Filesize
6.0MB

MD5
a675337ec28b8d0265189d2b23fe8ae8

SHA1
d4593b8013dde958093202a460286c99e0660412

SHA256
ac8692137f122419b8b70e63eddbc69247c3982e7cf48b4dc63d82f78196d044

SHA512
65f760d920dd007c0c4c91e21f1aedff79eeaceea09a3ac8bd29d398054071f130fa2bcf39ac21142beddfe5a06a2a4a97fda0713556781614b47ce91bf3bd58

Download Submit
memory/2564-2499-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2564-4037-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3028-0-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-154-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/3028-3098-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-3101-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/3028-3197-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download