cobaltstrike | ba74dbd83cbb0a49c9374c91d7365f1d2e2af533a739066be3d9605f20db9792

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/03/2025, 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

343363ba453c05073209ebe547f97791
SHA1

724d5890c991e0466b3e94573f5414df201f93ef
SHA256

ba74dbd83cbb0a49c9374c91d7365f1d2e2af533a739066be3d9605f20db9792
SHA512

ceeb45055e31ab310ff2c8a996d557e36ef8f1e1c16624918071669c64033a84ca181f54ceca5de2c78dd5b87cbc3c29958ee0cf7153a3cdb829dd76700200d9
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUS:j+R56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001227e-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186fd-14.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ee-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018728-24.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001873d-32.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878f-37.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018784-36.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000187a5-44.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-51.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-56.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-64.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-83.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197f8-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001977d-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196b1-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196af-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-59.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001925e-47.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018683-31.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 62 IoCs

miner

resource	yara_rule
behavioral1/memory/2112-0-0x000000013F270000-0x000000013F5BD000-memory.dmp	xmrig
behavioral1/files/0x000a00000001227e-3.dat	xmrig
behavioral1/files/0x00070000000186fd-14.dat	xmrig
behavioral1/files/0x00070000000186ee-11.dat	xmrig
behavioral1/memory/1956-10-0x000000013F960000-0x000000013FCAD000-memory.dmp	xmrig
behavioral1/memory/2448-19-0x000000013FA00000-0x000000013FD4D000-memory.dmp	xmrig
behavioral1/files/0x0007000000018728-24.dat	xmrig
behavioral1/files/0x000600000001873d-32.dat	xmrig
behavioral1/files/0x000600000001878f-37.dat	xmrig
behavioral1/files/0x0006000000018784-36.dat	xmrig
behavioral1/files/0x00060000000187a5-44.dat	xmrig
behavioral1/files/0x00050000000195c5-51.dat	xmrig
behavioral1/files/0x0005000000019609-56.dat	xmrig
behavioral1/files/0x000500000001960d-64.dat	xmrig
behavioral1/files/0x000500000001960f-67.dat	xmrig
behavioral1/files/0x0005000000019617-83.dat	xmrig
behavioral1/memory/5796-1355-0x000000013F3B0000-0x000000013F6FD000-memory.dmp	xmrig
behavioral1/memory/5764-1356-0x000000013F9E0000-0x000000013FD2D000-memory.dmp	xmrig
behavioral1/memory/2060-1360-0x000000013F3F0000-0x000000013F73D000-memory.dmp	xmrig
behavioral1/memory/2792-1358-0x000000013F3A0000-0x000000013F6ED000-memory.dmp	xmrig
behavioral1/memory/1512-1369-0x000000013FFA0000-0x00000001402ED000-memory.dmp	xmrig
behavioral1/memory/2532-1368-0x000000013F150000-0x000000013F49D000-memory.dmp	xmrig
behavioral1/memory/2476-1359-0x000000013FD90000-0x00000001400DD000-memory.dmp	xmrig
behavioral1/memory/7136-1533-0x000000013FB10000-0x000000013FE5D000-memory.dmp	xmrig
behavioral1/memory/1588-1361-0x000000013FD20000-0x000000014006D000-memory.dmp	xmrig
behavioral1/memory/2084-1366-0x000000013F2B0000-0x000000013F5FD000-memory.dmp	xmrig
behavioral1/memory/2496-1362-0x000000013F870000-0x000000013FBBD000-memory.dmp	xmrig
behavioral1/memory/2604-1364-0x000000013F580000-0x000000013F8CD000-memory.dmp	xmrig
behavioral1/memory/2316-1365-0x000000013F6B0000-0x000000013F9FD000-memory.dmp	xmrig
behavioral1/memory/1436-1367-0x000000013F950000-0x000000013FC9D000-memory.dmp	xmrig
behavioral1/memory/1380-1350-0x000000013F080000-0x000000013F3CD000-memory.dmp	xmrig
behavioral1/memory/684-1357-0x000000013FFB0000-0x00000001402FD000-memory.dmp	xmrig
behavioral1/memory/796-1354-0x000000013F360000-0x000000013F6AD000-memory.dmp	xmrig
behavioral1/memory/1184-1352-0x000000013F990000-0x000000013FCDD000-memory.dmp	xmrig
behavioral1/memory/2896-1351-0x000000013F340000-0x000000013F68D000-memory.dmp	xmrig
behavioral1/memory/5992-1476-0x000000013F220000-0x000000013F56D000-memory.dmp	xmrig
behavioral1/memory/5956-1484-0x000000013FC40000-0x000000013FF8D000-memory.dmp	xmrig
behavioral1/memory/5892-1472-0x000000013F420000-0x000000013F76D000-memory.dmp	xmrig
behavioral1/memory/5860-1473-0x000000013F0C0000-0x000000013F40D000-memory.dmp	xmrig
behavioral1/memory/5504-1504-0x000000013F5B0000-0x000000013F8FD000-memory.dmp	xmrig
behavioral1/memory/5132-1486-0x000000013FF30000-0x000000014027D000-memory.dmp	xmrig
behavioral1/memory/5828-1471-0x000000013FFF0000-0x000000014033D000-memory.dmp	xmrig
behavioral1/files/0x00050000000197f8-135.dat	xmrig
behavioral1/files/0x000500000001977d-131.dat	xmrig
behavioral1/files/0x00050000000196b1-127.dat	xmrig
behavioral1/files/0x00050000000196af-123.dat	xmrig
behavioral1/files/0x0005000000019667-119.dat	xmrig
behavioral1/files/0x0005000000019625-115.dat	xmrig
behavioral1/files/0x0005000000019623-111.dat	xmrig
behavioral1/files/0x0005000000019622-108.dat	xmrig
behavioral1/files/0x0005000000019621-104.dat	xmrig
behavioral1/files/0x000500000001961d-93.dat	xmrig
behavioral1/files/0x000500000001961f-98.dat	xmrig
behavioral1/files/0x0005000000019619-85.dat	xmrig
behavioral1/files/0x000500000001961b-90.dat	xmrig
behavioral1/files/0x0005000000019615-80.dat	xmrig
behavioral1/files/0x0005000000019611-72.dat	xmrig
behavioral1/files/0x0005000000019613-75.dat	xmrig
behavioral1/files/0x000500000001960b-59.dat	xmrig
behavioral1/files/0x000700000001925e-47.dat	xmrig
behavioral1/files/0x0008000000018683-31.dat	xmrig
behavioral1/memory/988-13-0x000000013F440000-0x000000013F78D000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1956	raKpAcu.exe
988	mdKdEfm.exe
2448	EzJPNdd.exe
684	sLppkIR.exe
2688	OmAbdmp.exe
2736	sxDSbfT.exe
2828	FnwkkXU.exe
2748	aUbySgk.exe
2884	HZMGFgW.exe
1148	PuyOxzB.exe
2208	YaYBMoh.exe
3024	QRMDhIG.exe
2768	FekAzoR.exe
2872	kweGXCA.exe
2628	iUIXGLF.exe
1828	uMgnLdW.exe
2640	DVQmnqa.exe
3048	cngOzCr.exe
108	nvamomx.exe
1932	wDXBpFm.exe
1484	oVVBcyM.exe
1568	lhZOicx.exe
1816	EAJKFdO.exe
1728	HBqWVay.exe
1584	ZTJWScc.exe
1332	IuyyUIr.exe
1260	UrNSzkL.exe
300	ZTkZscl.exe
1624	yKvhZbx.exe
1656	KElIIYG.exe
1844	gxBaKmJ.exe
2896	AuABCOq.exe
2844	rgQbLkK.exe
2656	RYjktqa.exe
2260	zKThpwC.exe
3056	uWOWEgO.exe
2492	WSCovna.exe
1084	mbvQtVo.exe
3052	ThQCxUz.exe
3012	ARsCMpw.exe
1976	mxrEkka.exe
640	mFiJAHT.exe
316	qhljhPl.exe
1716	CGEDKCn.exe
2780	QGwASEU.exe
1280	NlLBNqk.exe
1684	VzPugiZ.exe
756	cWSpDnS.exe
992	wNZoooh.exe
1632	igPPbfh.exe
1252	stWyINw.exe
1184	yrrLqfM.exe
1236	TqyKvsI.exe
1696	vgULKQl.exe
1380	AzBRuyU.exe
952	DoaLuqo.exe
1692	YidMqHE.exe
780	EjSHRmK.exe
796	hlTCimL.exe
1032	CzOFWBP.exe
2388	DsZCXhh.exe
2908	BupJcMg.exe
304	bBvcvDY.exe
2276	nzkucIf.exe

Loads dropped DLL 64 IoCs

pid	Process
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rgQbLkK.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pziLXUD.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rVsljVn.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Trbujha.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPSamWW.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XPlAuDH.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZrBkLFw.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KsuvKTn.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EEGLUmO.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSZDJLR.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hhaZefc.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Fpqmhrm.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGJeqEc.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PALcjtL.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eaQSkOf.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTMykxX.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADCrGpd.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTownST.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKEdMTJ.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SJMzZuf.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqMzJtV.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLlFpqG.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcrNCCj.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgkbRYW.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gHvxxWp.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AuazmUc.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uOQVPGp.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fxIogOP.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjsnVkr.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAmTbVb.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVMJtaF.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KJfBRaG.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rlJjpnM.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XIobOmc.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NWMYkia.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbjvGth.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OsEAlEx.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPUafyI.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBCJPoE.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmOtnzu.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\buXHtTq.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emnPTNw.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZzCYsOD.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIhCwUx.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZuoOKi.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKdSngS.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDWyfEL.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CGcQTgy.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uecNFZO.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpTjmKm.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFcDOUi.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ncRvFko.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RQimRrZ.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NrNqeaq.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCbpfxI.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nubaGpI.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stWyINw.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dcNBZTJ.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aSAxOXt.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtxLxks.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lxLeEoH.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AuABCOq.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXNYHWh.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtJWYhU.exe	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 1956	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2112 wrote to memory of 1956	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2112 wrote to memory of 1956	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2112 wrote to memory of 988	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2112 wrote to memory of 988	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2112 wrote to memory of 988	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2112 wrote to memory of 2448	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2112 wrote to memory of 2448	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2112 wrote to memory of 2448	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2112 wrote to memory of 2688	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2112 wrote to memory of 2688	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2112 wrote to memory of 2688	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2112 wrote to memory of 684	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2112 wrote to memory of 684	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2112 wrote to memory of 684	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2112 wrote to memory of 2736	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2112 wrote to memory of 2736	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2112 wrote to memory of 2736	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2112 wrote to memory of 2828	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2112 wrote to memory of 2828	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2112 wrote to memory of 2828	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2112 wrote to memory of 2748	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2112 wrote to memory of 2748	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2112 wrote to memory of 2748	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2112 wrote to memory of 2884	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2112 wrote to memory of 2884	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2112 wrote to memory of 2884	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2112 wrote to memory of 1148	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2112 wrote to memory of 1148	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2112 wrote to memory of 1148	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2112 wrote to memory of 2208	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2112 wrote to memory of 2208	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2112 wrote to memory of 2208	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2112 wrote to memory of 3024	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2112 wrote to memory of 3024	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2112 wrote to memory of 3024	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2112 wrote to memory of 2768	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2112 wrote to memory of 2768	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2112 wrote to memory of 2768	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2112 wrote to memory of 2872	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2112 wrote to memory of 2872	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2112 wrote to memory of 2872	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2112 wrote to memory of 2628	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2112 wrote to memory of 2628	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2112 wrote to memory of 2628	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2112 wrote to memory of 1828	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2112 wrote to memory of 1828	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2112 wrote to memory of 1828	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2112 wrote to memory of 2640	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2112 wrote to memory of 2640	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2112 wrote to memory of 2640	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2112 wrote to memory of 3048	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2112 wrote to memory of 3048	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2112 wrote to memory of 3048	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2112 wrote to memory of 108	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2112 wrote to memory of 108	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2112 wrote to memory of 108	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2112 wrote to memory of 1484	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2112 wrote to memory of 1484	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2112 wrote to memory of 1484	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2112 wrote to memory of 1932	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2112 wrote to memory of 1932	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2112 wrote to memory of 1932	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2112 wrote to memory of 1816	2112	2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-25_343363ba453c05073209ebe547f97791_amadey_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\System\raKpAcu.exe
  C:\Windows\System\raKpAcu.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\mdKdEfm.exe
  C:\Windows\System\mdKdEfm.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\EzJPNdd.exe
  C:\Windows\System\EzJPNdd.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\OmAbdmp.exe
  C:\Windows\System\OmAbdmp.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\sLppkIR.exe
  C:\Windows\System\sLppkIR.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\sxDSbfT.exe
  C:\Windows\System\sxDSbfT.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\FnwkkXU.exe
  C:\Windows\System\FnwkkXU.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\aUbySgk.exe
  C:\Windows\System\aUbySgk.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\HZMGFgW.exe
  C:\Windows\System\HZMGFgW.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\PuyOxzB.exe
  C:\Windows\System\PuyOxzB.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\YaYBMoh.exe
  C:\Windows\System\YaYBMoh.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\QRMDhIG.exe
  C:\Windows\System\QRMDhIG.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\FekAzoR.exe
  C:\Windows\System\FekAzoR.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\kweGXCA.exe
  C:\Windows\System\kweGXCA.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\iUIXGLF.exe
  C:\Windows\System\iUIXGLF.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\uMgnLdW.exe
  C:\Windows\System\uMgnLdW.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\DVQmnqa.exe
  C:\Windows\System\DVQmnqa.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\cngOzCr.exe
  C:\Windows\System\cngOzCr.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\nvamomx.exe
  C:\Windows\System\nvamomx.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\oVVBcyM.exe
  C:\Windows\System\oVVBcyM.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\wDXBpFm.exe
  C:\Windows\System\wDXBpFm.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\EAJKFdO.exe
  C:\Windows\System\EAJKFdO.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\lhZOicx.exe
  C:\Windows\System\lhZOicx.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\HBqWVay.exe
  C:\Windows\System\HBqWVay.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\ZTJWScc.exe
  C:\Windows\System\ZTJWScc.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\IuyyUIr.exe
  C:\Windows\System\IuyyUIr.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\UrNSzkL.exe
  C:\Windows\System\UrNSzkL.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\ZTkZscl.exe
  C:\Windows\System\ZTkZscl.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\yKvhZbx.exe
  C:\Windows\System\yKvhZbx.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\KElIIYG.exe
  C:\Windows\System\KElIIYG.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\gxBaKmJ.exe
  C:\Windows\System\gxBaKmJ.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\AuABCOq.exe
  C:\Windows\System\AuABCOq.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\rgQbLkK.exe
  C:\Windows\System\rgQbLkK.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\RYjktqa.exe
  C:\Windows\System\RYjktqa.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\zKThpwC.exe
  C:\Windows\System\zKThpwC.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\uWOWEgO.exe
  C:\Windows\System\uWOWEgO.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\WSCovna.exe
  C:\Windows\System\WSCovna.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\mbvQtVo.exe
  C:\Windows\System\mbvQtVo.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\ThQCxUz.exe
  C:\Windows\System\ThQCxUz.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\ARsCMpw.exe
  C:\Windows\System\ARsCMpw.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\mxrEkka.exe
  C:\Windows\System\mxrEkka.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\mFiJAHT.exe
  C:\Windows\System\mFiJAHT.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\qhljhPl.exe
  C:\Windows\System\qhljhPl.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\CGEDKCn.exe
  C:\Windows\System\CGEDKCn.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\QGwASEU.exe
  C:\Windows\System\QGwASEU.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\NlLBNqk.exe
  C:\Windows\System\NlLBNqk.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\VzPugiZ.exe
  C:\Windows\System\VzPugiZ.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\cWSpDnS.exe
  C:\Windows\System\cWSpDnS.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\wNZoooh.exe
  C:\Windows\System\wNZoooh.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\igPPbfh.exe
  C:\Windows\System\igPPbfh.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\stWyINw.exe
  C:\Windows\System\stWyINw.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\yrrLqfM.exe
  C:\Windows\System\yrrLqfM.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\TqyKvsI.exe
  C:\Windows\System\TqyKvsI.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\vgULKQl.exe
  C:\Windows\System\vgULKQl.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\AzBRuyU.exe
  C:\Windows\System\AzBRuyU.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\DoaLuqo.exe
  C:\Windows\System\DoaLuqo.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\YidMqHE.exe
  C:\Windows\System\YidMqHE.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\EjSHRmK.exe
  C:\Windows\System\EjSHRmK.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\hlTCimL.exe
  C:\Windows\System\hlTCimL.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\CzOFWBP.exe
  C:\Windows\System\CzOFWBP.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\DsZCXhh.exe
  C:\Windows\System\DsZCXhh.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\BupJcMg.exe
  C:\Windows\System\BupJcMg.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\bBvcvDY.exe
  C:\Windows\System\bBvcvDY.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\nzkucIf.exe
  C:\Windows\System\nzkucIf.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\JiUlQth.exe
  C:\Windows\System\JiUlQth.exe
  2⤵
  PID:2532
- C:\Windows\System\KARcRLm.exe
  C:\Windows\System\KARcRLm.exe
  2⤵
  PID:2992
- C:\Windows\System\vmhuBly.exe
  C:\Windows\System\vmhuBly.exe
  2⤵
  PID:1836
- C:\Windows\System\AtrMInJ.exe
  C:\Windows\System\AtrMInJ.exe
  2⤵
  PID:884
- C:\Windows\System\EqEhlHS.exe
  C:\Windows\System\EqEhlHS.exe
  2⤵
  PID:1436
- C:\Windows\System\TxGeVYm.exe
  C:\Windows\System\TxGeVYm.exe
  2⤵
  PID:1924
- C:\Windows\System\OKmhStj.exe
  C:\Windows\System\OKmhStj.exe
  2⤵
  PID:1832
- C:\Windows\System\NFNoAyS.exe
  C:\Windows\System\NFNoAyS.exe
  2⤵
  PID:380
- C:\Windows\System\oLynVzI.exe
  C:\Windows\System\oLynVzI.exe
  2⤵
  PID:2052
- C:\Windows\System\PaAJcJL.exe
  C:\Windows\System\PaAJcJL.exe
  2⤵
  PID:2452
- C:\Windows\System\LsuxdTg.exe
  C:\Windows\System\LsuxdTg.exe
  2⤵
  PID:2084
- C:\Windows\System\mCiCUQd.exe
  C:\Windows\System\mCiCUQd.exe
  2⤵
  PID:2300
- C:\Windows\System\kntkZST.exe
  C:\Windows\System\kntkZST.exe
  2⤵
  PID:2316
- C:\Windows\System\esslJvB.exe
  C:\Windows\System\esslJvB.exe
  2⤵
  PID:2752
- C:\Windows\System\AbjvGth.exe
  C:\Windows\System\AbjvGth.exe
  2⤵
  PID:2604
- C:\Windows\System\rlHIMEn.exe
  C:\Windows\System\rlHIMEn.exe
  2⤵
  PID:2952
- C:\Windows\System\lXWfMRT.exe
  C:\Windows\System\lXWfMRT.exe
  2⤵
  PID:2732
- C:\Windows\System\mTGLkAM.exe
  C:\Windows\System\mTGLkAM.exe
  2⤵
  PID:2608
- C:\Windows\System\pCScWCc.exe
  C:\Windows\System\pCScWCc.exe
  2⤵
  PID:568
- C:\Windows\System\MjGgTHE.exe
  C:\Windows\System\MjGgTHE.exe
  2⤵
  PID:1988
- C:\Windows\System\pboVVOX.exe
  C:\Windows\System\pboVVOX.exe
  2⤵
  PID:1612
- C:\Windows\System\WWwFFbr.exe
  C:\Windows\System\WWwFFbr.exe
  2⤵
  PID:1392
- C:\Windows\System\zrExPlo.exe
  C:\Windows\System\zrExPlo.exe
  2⤵
  PID:1964
- C:\Windows\System\kzvJPup.exe
  C:\Windows\System\kzvJPup.exe
  2⤵
  PID:1056
- C:\Windows\System\bIsRdmJ.exe
  C:\Windows\System\bIsRdmJ.exe
  2⤵
  PID:1288
- C:\Windows\System\UdDnQlf.exe
  C:\Windows\System\UdDnQlf.exe
  2⤵
  PID:1620
- C:\Windows\System\ZEzsuPH.exe
  C:\Windows\System\ZEzsuPH.exe
  2⤵
  PID:2916
- C:\Windows\System\vzfGGsf.exe
  C:\Windows\System\vzfGGsf.exe
  2⤵
  PID:2812
- C:\Windows\System\jFaazDL.exe
  C:\Windows\System\jFaazDL.exe
  2⤵
  PID:2924
- C:\Windows\System\IbfRBAq.exe
  C:\Windows\System\IbfRBAq.exe
  2⤵
  PID:3068
- C:\Windows\System\CVIKUdE.exe
  C:\Windows\System\CVIKUdE.exe
  2⤵
  PID:1944
- C:\Windows\System\OQkaKCY.exe
  C:\Windows\System\OQkaKCY.exe
  2⤵
  PID:2080
- C:\Windows\System\qlXjpfE.exe
  C:\Windows\System\qlXjpfE.exe
  2⤵
  PID:2496
- C:\Windows\System\LVtoQNO.exe
  C:\Windows\System\LVtoQNO.exe
  2⤵
  PID:2696
- C:\Windows\System\AiVEIzK.exe
  C:\Windows\System\AiVEIzK.exe
  2⤵
  PID:1652
- C:\Windows\System\lFnxJXJ.exe
  C:\Windows\System\lFnxJXJ.exe
  2⤵
  PID:1712
- C:\Windows\System\OxjKJUx.exe
  C:\Windows\System\OxjKJUx.exe
  2⤵
  PID:2436
- C:\Windows\System\WDcTBze.exe
  C:\Windows\System\WDcTBze.exe
  2⤵
  PID:2180
- C:\Windows\System\THJsrZL.exe
  C:\Windows\System\THJsrZL.exe
  2⤵
  PID:1588
- C:\Windows\System\tLlFpqG.exe
  C:\Windows\System\tLlFpqG.exe
  2⤵
  PID:2236
- C:\Windows\System\aiQjMes.exe
  C:\Windows\System\aiQjMes.exe
  2⤵
  PID:1544
- C:\Windows\System\qCALotb.exe
  C:\Windows\System\qCALotb.exe
  2⤵
  PID:2348
- C:\Windows\System\gLwxbjV.exe
  C:\Windows\System\gLwxbjV.exe
  2⤵
  PID:2060
- C:\Windows\System\nqODFiO.exe
  C:\Windows\System\nqODFiO.exe
  2⤵
  PID:2360
- C:\Windows\System\pprErdh.exe
  C:\Windows\System\pprErdh.exe
  2⤵
  PID:892
- C:\Windows\System\mUtCbft.exe
  C:\Windows\System\mUtCbft.exe
  2⤵
  PID:2516
- C:\Windows\System\xuQNXGU.exe
  C:\Windows\System\xuQNXGU.exe
  2⤵
  PID:1564
- C:\Windows\System\VbpsdvN.exe
  C:\Windows\System\VbpsdvN.exe
  2⤵
  PID:2056
- C:\Windows\System\GAEAPAs.exe
  C:\Windows\System\GAEAPAs.exe
  2⤵
  PID:2476
- C:\Windows\System\BiDongF.exe
  C:\Windows\System\BiDongF.exe
  2⤵
  PID:2744
- C:\Windows\System\JlZYJUr.exe
  C:\Windows\System\JlZYJUr.exe
  2⤵
  PID:2792
- C:\Windows\System\nKdeaqL.exe
  C:\Windows\System\nKdeaqL.exe
  2⤵
  PID:2612
- C:\Windows\System\MZUFwuK.exe
  C:\Windows\System\MZUFwuK.exe
  2⤵
  PID:3036
- C:\Windows\System\eiNawYp.exe
  C:\Windows\System\eiNawYp.exe
  2⤵
  PID:1936
- C:\Windows\System\pcrNCCj.exe
  C:\Windows\System\pcrNCCj.exe
  2⤵
  PID:1512
- C:\Windows\System\OUlvHZi.exe
  C:\Windows\System\OUlvHZi.exe
  2⤵
  PID:1220
- C:\Windows\System\xxPhBoq.exe
  C:\Windows\System\xxPhBoq.exe
  2⤵
  PID:1044
- C:\Windows\System\wzsmeQU.exe
  C:\Windows\System\wzsmeQU.exe
  2⤵
  PID:2692
- C:\Windows\System\fpBzqyJ.exe
  C:\Windows\System\fpBzqyJ.exe
  2⤵
  PID:2440
- C:\Windows\System\rJkLBwd.exe
  C:\Windows\System\rJkLBwd.exe
  2⤵
  PID:2784
- C:\Windows\System\mJjnIVP.exe
  C:\Windows\System\mJjnIVP.exe
  2⤵
  PID:792
- C:\Windows\System\OsEAlEx.exe
  C:\Windows\System\OsEAlEx.exe
  2⤵
  PID:860
- C:\Windows\System\CyIMLcB.exe
  C:\Windows\System\CyIMLcB.exe
  2⤵
  PID:2376
- C:\Windows\System\RhACKdv.exe
  C:\Windows\System\RhACKdv.exe
  2⤵
  PID:2900
- C:\Windows\System\VtdIrld.exe
  C:\Windows\System\VtdIrld.exe
  2⤵
  PID:916
- C:\Windows\System\pmKdsky.exe
  C:\Windows\System\pmKdsky.exe
  2⤵
  PID:2520
- C:\Windows\System\VoyuiaW.exe
  C:\Windows\System\VoyuiaW.exe
  2⤵
  PID:2284
- C:\Windows\System\VKhyXIS.exe
  C:\Windows\System\VKhyXIS.exe
  2⤵
  PID:2860
- C:\Windows\System\MstuwlS.exe
  C:\Windows\System\MstuwlS.exe
  2⤵
  PID:2700
- C:\Windows\System\IDtjrPO.exe
  C:\Windows\System\IDtjrPO.exe
  2⤵
  PID:2140
- C:\Windows\System\loOpUus.exe
  C:\Windows\System\loOpUus.exe
  2⤵
  PID:1520
- C:\Windows\System\wshTPBz.exe
  C:\Windows\System\wshTPBz.exe
  2⤵
  PID:3076
- C:\Windows\System\UDugZYz.exe
  C:\Windows\System\UDugZYz.exe
  2⤵
  PID:3092
- C:\Windows\System\YfjBYsM.exe
  C:\Windows\System\YfjBYsM.exe
  2⤵
  PID:3108
- C:\Windows\System\GWZRgke.exe
  C:\Windows\System\GWZRgke.exe
  2⤵
  PID:3124
- C:\Windows\System\terLbkA.exe
  C:\Windows\System\terLbkA.exe
  2⤵
  PID:3140
- C:\Windows\System\XwLIQyk.exe
  C:\Windows\System\XwLIQyk.exe
  2⤵
  PID:3156
- C:\Windows\System\WStDeov.exe
  C:\Windows\System\WStDeov.exe
  2⤵
  PID:3172
- C:\Windows\System\dQuejqX.exe
  C:\Windows\System\dQuejqX.exe
  2⤵
  PID:3188
- C:\Windows\System\VvSOWFI.exe
  C:\Windows\System\VvSOWFI.exe
  2⤵
  PID:3204
- C:\Windows\System\YXPXhzF.exe
  C:\Windows\System\YXPXhzF.exe
  2⤵
  PID:3220
- C:\Windows\System\QgwEPUM.exe
  C:\Windows\System\QgwEPUM.exe
  2⤵
  PID:3236
- C:\Windows\System\IonPqYz.exe
  C:\Windows\System\IonPqYz.exe
  2⤵
  PID:3252
- C:\Windows\System\mnqltXV.exe
  C:\Windows\System\mnqltXV.exe
  2⤵
  PID:3268
- C:\Windows\System\OeCJsJD.exe
  C:\Windows\System\OeCJsJD.exe
  2⤵
  PID:3284
- C:\Windows\System\fBygVlV.exe
  C:\Windows\System\fBygVlV.exe
  2⤵
  PID:3300
- C:\Windows\System\ayeCItU.exe
  C:\Windows\System\ayeCItU.exe
  2⤵
  PID:3316
- C:\Windows\System\dxRRvET.exe
  C:\Windows\System\dxRRvET.exe
  2⤵
  PID:3332
- C:\Windows\System\TuhfBKj.exe
  C:\Windows\System\TuhfBKj.exe
  2⤵
  PID:3348
- C:\Windows\System\DAOJHIT.exe
  C:\Windows\System\DAOJHIT.exe
  2⤵
  PID:3364
- C:\Windows\System\DJRKizn.exe
  C:\Windows\System\DJRKizn.exe
  2⤵
  PID:3380
- C:\Windows\System\XRldNzy.exe
  C:\Windows\System\XRldNzy.exe
  2⤵
  PID:3396
- C:\Windows\System\lTCzjiR.exe
  C:\Windows\System\lTCzjiR.exe
  2⤵
  PID:3412
- C:\Windows\System\xwthZTX.exe
  C:\Windows\System\xwthZTX.exe
  2⤵
  PID:3428
- C:\Windows\System\ODXOHgL.exe
  C:\Windows\System\ODXOHgL.exe
  2⤵
  PID:3444
- C:\Windows\System\BidsAhs.exe
  C:\Windows\System\BidsAhs.exe
  2⤵
  PID:3460
- C:\Windows\System\fxuJCEL.exe
  C:\Windows\System\fxuJCEL.exe
  2⤵
  PID:3476
- C:\Windows\System\pxwJiZV.exe
  C:\Windows\System\pxwJiZV.exe
  2⤵
  PID:3492
- C:\Windows\System\AXkkAfS.exe
  C:\Windows\System\AXkkAfS.exe
  2⤵
  PID:3508
- C:\Windows\System\CKGTaGt.exe
  C:\Windows\System\CKGTaGt.exe
  2⤵
  PID:3524
- C:\Windows\System\eQwRFWf.exe
  C:\Windows\System\eQwRFWf.exe
  2⤵
  PID:3540
- C:\Windows\System\FmcYpNE.exe
  C:\Windows\System\FmcYpNE.exe
  2⤵
  PID:3556
- C:\Windows\System\NDixIKp.exe
  C:\Windows\System\NDixIKp.exe
  2⤵
  PID:3572
- C:\Windows\System\bRHgnQL.exe
  C:\Windows\System\bRHgnQL.exe
  2⤵
  PID:3588
- C:\Windows\System\VpohMwI.exe
  C:\Windows\System\VpohMwI.exe
  2⤵
  PID:3604
- C:\Windows\System\vpQJmxi.exe
  C:\Windows\System\vpQJmxi.exe
  2⤵
  PID:3620
- C:\Windows\System\DkXQkJp.exe
  C:\Windows\System\DkXQkJp.exe
  2⤵
  PID:3636
- C:\Windows\System\xlnqpiu.exe
  C:\Windows\System\xlnqpiu.exe
  2⤵
  PID:3652
- C:\Windows\System\yMcRFQG.exe
  C:\Windows\System\yMcRFQG.exe
  2⤵
  PID:3668
- C:\Windows\System\JpWpsHA.exe
  C:\Windows\System\JpWpsHA.exe
  2⤵
  PID:3684
- C:\Windows\System\aooPRIs.exe
  C:\Windows\System\aooPRIs.exe
  2⤵
  PID:3700
- C:\Windows\System\WcSQBhc.exe
  C:\Windows\System\WcSQBhc.exe
  2⤵
  PID:3716
- C:\Windows\System\bpPvfgS.exe
  C:\Windows\System\bpPvfgS.exe
  2⤵
  PID:3732
- C:\Windows\System\JIFyZXZ.exe
  C:\Windows\System\JIFyZXZ.exe
  2⤵
  PID:3748
- C:\Windows\System\maNnsYV.exe
  C:\Windows\System\maNnsYV.exe
  2⤵
  PID:3764
- C:\Windows\System\WePSLsT.exe
  C:\Windows\System\WePSLsT.exe
  2⤵
  PID:3780
- C:\Windows\System\ZJGDoOM.exe
  C:\Windows\System\ZJGDoOM.exe
  2⤵
  PID:3796
- C:\Windows\System\UmFEKQp.exe
  C:\Windows\System\UmFEKQp.exe
  2⤵
  PID:3812
- C:\Windows\System\niwQDCH.exe
  C:\Windows\System\niwQDCH.exe
  2⤵
  PID:3828
- C:\Windows\System\CnSXaJM.exe
  C:\Windows\System\CnSXaJM.exe
  2⤵
  PID:3844
- C:\Windows\System\MuVMAsZ.exe
  C:\Windows\System\MuVMAsZ.exe
  2⤵
  PID:3860
- C:\Windows\System\XVHSaLo.exe
  C:\Windows\System\XVHSaLo.exe
  2⤵
  PID:3876
- C:\Windows\System\tmAzYvu.exe
  C:\Windows\System\tmAzYvu.exe
  2⤵
  PID:3892
- C:\Windows\System\eCSMXTJ.exe
  C:\Windows\System\eCSMXTJ.exe
  2⤵
  PID:3908
- C:\Windows\System\idplzuJ.exe
  C:\Windows\System\idplzuJ.exe
  2⤵
  PID:3924
- C:\Windows\System\RTNFmfC.exe
  C:\Windows\System\RTNFmfC.exe
  2⤵
  PID:3940
- C:\Windows\System\kNAfotz.exe
  C:\Windows\System\kNAfotz.exe
  2⤵
  PID:3956
- C:\Windows\System\cjaqxpx.exe
  C:\Windows\System\cjaqxpx.exe
  2⤵
  PID:3972
- C:\Windows\System\kFZmzxi.exe
  C:\Windows\System\kFZmzxi.exe
  2⤵
  PID:3988
- C:\Windows\System\VkXCQfg.exe
  C:\Windows\System\VkXCQfg.exe
  2⤵
  PID:4004
- C:\Windows\System\sGIieJl.exe
  C:\Windows\System\sGIieJl.exe
  2⤵
  PID:4020
- C:\Windows\System\DAuEGwA.exe
  C:\Windows\System\DAuEGwA.exe
  2⤵
  PID:4036
- C:\Windows\System\EbzXBgu.exe
  C:\Windows\System\EbzXBgu.exe
  2⤵
  PID:4052
- C:\Windows\System\geHAJjE.exe
  C:\Windows\System\geHAJjE.exe
  2⤵
  PID:4068
- C:\Windows\System\buXHtTq.exe
  C:\Windows\System\buXHtTq.exe
  2⤵
  PID:4084
- C:\Windows\System\EAZeJec.exe
  C:\Windows\System\EAZeJec.exe
  2⤵
  PID:2940
- C:\Windows\System\lkeeNiH.exe
  C:\Windows\System\lkeeNiH.exe
  2⤵
  PID:1080
- C:\Windows\System\UqIlDth.exe
  C:\Windows\System\UqIlDth.exe
  2⤵
  PID:1528
- C:\Windows\System\FHaaSKC.exe
  C:\Windows\System\FHaaSKC.exe
  2⤵
  PID:2092
- C:\Windows\System\ajMLCPp.exe
  C:\Windows\System\ajMLCPp.exe
  2⤵
  PID:2556
- C:\Windows\System\CcmJCrQ.exe
  C:\Windows\System\CcmJCrQ.exe
  2⤵
  PID:1744
- C:\Windows\System\siSoQQO.exe
  C:\Windows\System\siSoQQO.exe
  2⤵
  PID:2716
- C:\Windows\System\oWHXHWZ.exe
  C:\Windows\System\oWHXHWZ.exe
  2⤵
  PID:3084
- C:\Windows\System\qbEUDnE.exe
  C:\Windows\System\qbEUDnE.exe
  2⤵
  PID:3100
- C:\Windows\System\SZzJvdN.exe
  C:\Windows\System\SZzJvdN.exe
  2⤵
  PID:3148
- C:\Windows\System\CswiElX.exe
  C:\Windows\System\CswiElX.exe
  2⤵
  PID:3168
- C:\Windows\System\LiimIYZ.exe
  C:\Windows\System\LiimIYZ.exe
  2⤵
  PID:3196
- C:\Windows\System\qkJVNok.exe
  C:\Windows\System\qkJVNok.exe
  2⤵
  PID:3232
- C:\Windows\System\vpBrEJe.exe
  C:\Windows\System\vpBrEJe.exe
  2⤵
  PID:3280
- C:\Windows\System\WmUZxGN.exe
  C:\Windows\System\WmUZxGN.exe
  2⤵
  PID:3312
- C:\Windows\System\QTiORhZ.exe
  C:\Windows\System\QTiORhZ.exe
  2⤵
  PID:3296
- C:\Windows\System\XjkpBII.exe
  C:\Windows\System\XjkpBII.exe
  2⤵
  PID:3360
- C:\Windows\System\qeqzszb.exe
  C:\Windows\System\qeqzszb.exe
  2⤵
  PID:3408
- C:\Windows\System\jHJjvYR.exe
  C:\Windows\System\jHJjvYR.exe
  2⤵
  PID:3424
- C:\Windows\System\BVlqRZG.exe
  C:\Windows\System\BVlqRZG.exe
  2⤵
  PID:3456
- C:\Windows\System\VZLzfVK.exe
  C:\Windows\System\VZLzfVK.exe
  2⤵
  PID:3488
- C:\Windows\System\uecNFZO.exe
  C:\Windows\System\uecNFZO.exe
  2⤵
  PID:3536
- C:\Windows\System\Lamvyqe.exe
  C:\Windows\System\Lamvyqe.exe
  2⤵
  PID:3564
- C:\Windows\System\gTkfSnw.exe
  C:\Windows\System\gTkfSnw.exe
  2⤵
  PID:3596
- C:\Windows\System\LMsuZhY.exe
  C:\Windows\System\LMsuZhY.exe
  2⤵
  PID:3632
- C:\Windows\System\eaQSkOf.exe
  C:\Windows\System\eaQSkOf.exe
  2⤵
  PID:3648
- C:\Windows\System\HRYuufH.exe
  C:\Windows\System\HRYuufH.exe
  2⤵
  PID:3680
- C:\Windows\System\ZrBkLFw.exe
  C:\Windows\System\ZrBkLFw.exe
  2⤵
  PID:3728
- C:\Windows\System\CBFELMl.exe
  C:\Windows\System\CBFELMl.exe
  2⤵
  PID:3760
- C:\Windows\System\KiGkMis.exe
  C:\Windows\System\KiGkMis.exe
  2⤵
  PID:3820
- C:\Windows\System\pOAEBuE.exe
  C:\Windows\System\pOAEBuE.exe
  2⤵
  PID:3808
- C:\Windows\System\JtlQefz.exe
  C:\Windows\System\JtlQefz.exe
  2⤵
  PID:3840
- C:\Windows\System\QqrbAAX.exe
  C:\Windows\System\QqrbAAX.exe
  2⤵
  PID:3872
- C:\Windows\System\hZwZBFl.exe
  C:\Windows\System\hZwZBFl.exe
  2⤵
  PID:3920
- C:\Windows\System\wxNbFLp.exe
  C:\Windows\System\wxNbFLp.exe
  2⤵
  PID:3952
- C:\Windows\System\KVNjWQj.exe
  C:\Windows\System\KVNjWQj.exe
  2⤵
  PID:3968
- C:\Windows\System\WkPTEdk.exe
  C:\Windows\System\WkPTEdk.exe
  2⤵
  PID:3996
- C:\Windows\System\LKNSyom.exe
  C:\Windows\System\LKNSyom.exe
  2⤵
  PID:4048
- C:\Windows\System\WICzmvf.exe
  C:\Windows\System\WICzmvf.exe
  2⤵
  PID:4080
- C:\Windows\System\ynXYYvK.exe
  C:\Windows\System\ynXYYvK.exe
  2⤵
  PID:2664
- C:\Windows\System\IhEpTwt.exe
  C:\Windows\System\IhEpTwt.exe
  2⤵
  PID:1608
- C:\Windows\System\ybwpCAQ.exe
  C:\Windows\System\ybwpCAQ.exe
  2⤵
  PID:2956
- C:\Windows\System\dWjoJPU.exe
  C:\Windows\System\dWjoJPU.exe
  2⤵
  PID:2424
- C:\Windows\System\HBenubH.exe
  C:\Windows\System\HBenubH.exe
  2⤵
  PID:3132
- C:\Windows\System\TRfmlis.exe
  C:\Windows\System\TRfmlis.exe
  2⤵
  PID:3152
- C:\Windows\System\XYyDlbZ.exe
  C:\Windows\System\XYyDlbZ.exe
  2⤵
  PID:3276
- C:\Windows\System\AsEYAHY.exe
  C:\Windows\System\AsEYAHY.exe
  2⤵
  PID:3292
- C:\Windows\System\UitNsyJ.exe
  C:\Windows\System\UitNsyJ.exe
  2⤵
  PID:3328
- C:\Windows\System\RjvgjLs.exe
  C:\Windows\System\RjvgjLs.exe
  2⤵
  PID:3420
- C:\Windows\System\xdpxgpJ.exe
  C:\Windows\System\xdpxgpJ.exe
  2⤵
  PID:3516
- C:\Windows\System\HwkTTNc.exe
  C:\Windows\System\HwkTTNc.exe
  2⤵
  PID:3552
- C:\Windows\System\UmkdHeu.exe
  C:\Windows\System\UmkdHeu.exe
  2⤵
  PID:3628
- C:\Windows\System\DcLXJRV.exe
  C:\Windows\System\DcLXJRV.exe
  2⤵
  PID:3676
- C:\Windows\System\xdVwcll.exe
  C:\Windows\System\xdVwcll.exe
  2⤵
  PID:3756
- C:\Windows\System\rMKcTiB.exe
  C:\Windows\System\rMKcTiB.exe
  2⤵
  PID:3804
- C:\Windows\System\XFPAkRH.exe
  C:\Windows\System\XFPAkRH.exe
  2⤵
  PID:3916
- C:\Windows\System\WRBqrFO.exe
  C:\Windows\System\WRBqrFO.exe
  2⤵
  PID:3932
- C:\Windows\System\MzFqmEw.exe
  C:\Windows\System\MzFqmEw.exe
  2⤵
  PID:4016
- C:\Windows\System\JGarXki.exe
  C:\Windows\System\JGarXki.exe
  2⤵
  PID:4060
- C:\Windows\System\vUDXomj.exe
  C:\Windows\System\vUDXomj.exe
  2⤵
  PID:2372
- C:\Windows\System\MPLIJgk.exe
  C:\Windows\System\MPLIJgk.exe
  2⤵
  PID:3104
- C:\Windows\System\wMugsoU.exe
  C:\Windows\System\wMugsoU.exe
  2⤵
  PID:3216
- C:\Windows\System\ZLLXDGC.exe
  C:\Windows\System\ZLLXDGC.exe
  2⤵
  PID:3356
- C:\Windows\System\yLSUrrh.exe
  C:\Windows\System\yLSUrrh.exe
  2⤵
  PID:4108
- C:\Windows\System\DjvScBz.exe
  C:\Windows\System\DjvScBz.exe
  2⤵
  PID:4124
- C:\Windows\System\RwlwWfs.exe
  C:\Windows\System\RwlwWfs.exe
  2⤵
  PID:4140
- C:\Windows\System\RGNagTR.exe
  C:\Windows\System\RGNagTR.exe
  2⤵
  PID:4156
- C:\Windows\System\csbgFni.exe
  C:\Windows\System\csbgFni.exe
  2⤵
  PID:4172
- C:\Windows\System\mCzqubD.exe
  C:\Windows\System\mCzqubD.exe
  2⤵
  PID:4188
- C:\Windows\System\KsuvKTn.exe
  C:\Windows\System\KsuvKTn.exe
  2⤵
  PID:4204
- C:\Windows\System\IHdvaMD.exe
  C:\Windows\System\IHdvaMD.exe
  2⤵
  PID:4220
- C:\Windows\System\BOIfYyx.exe
  C:\Windows\System\BOIfYyx.exe
  2⤵
  PID:4236
- C:\Windows\System\kYyLTDX.exe
  C:\Windows\System\kYyLTDX.exe
  2⤵
  PID:4252
- C:\Windows\System\mAOStSK.exe
  C:\Windows\System\mAOStSK.exe
  2⤵
  PID:4268
- C:\Windows\System\ITJVUwK.exe
  C:\Windows\System\ITJVUwK.exe
  2⤵
  PID:4284
- C:\Windows\System\yYRiBNS.exe
  C:\Windows\System\yYRiBNS.exe
  2⤵
  PID:4300
- C:\Windows\System\MbXUUog.exe
  C:\Windows\System\MbXUUog.exe
  2⤵
  PID:4316
- C:\Windows\System\ccxJPzY.exe
  C:\Windows\System\ccxJPzY.exe
  2⤵
  PID:4332
- C:\Windows\System\jgdlhDC.exe
  C:\Windows\System\jgdlhDC.exe
  2⤵
  PID:4348
- C:\Windows\System\gCKVWgT.exe
  C:\Windows\System\gCKVWgT.exe
  2⤵
  PID:4368
- C:\Windows\System\QwwuthA.exe
  C:\Windows\System\QwwuthA.exe
  2⤵
  PID:4384
- C:\Windows\System\KDWWAHr.exe
  C:\Windows\System\KDWWAHr.exe
  2⤵
  PID:4400
- C:\Windows\System\rFiGSKy.exe
  C:\Windows\System\rFiGSKy.exe
  2⤵
  PID:4416
- C:\Windows\System\IlKlixH.exe
  C:\Windows\System\IlKlixH.exe
  2⤵
  PID:4432
- C:\Windows\System\lSfrRjL.exe
  C:\Windows\System\lSfrRjL.exe
  2⤵
  PID:4448
- C:\Windows\System\TMWshHG.exe
  C:\Windows\System\TMWshHG.exe
  2⤵
  PID:4464
- C:\Windows\System\MmTofhR.exe
  C:\Windows\System\MmTofhR.exe
  2⤵
  PID:4480
- C:\Windows\System\xwBoMZW.exe
  C:\Windows\System\xwBoMZW.exe
  2⤵
  PID:4496
- C:\Windows\System\ehrJPyj.exe
  C:\Windows\System\ehrJPyj.exe
  2⤵
  PID:4512
- C:\Windows\System\UQlairw.exe
  C:\Windows\System\UQlairw.exe
  2⤵
  PID:4528
- C:\Windows\System\hUZwkWo.exe
  C:\Windows\System\hUZwkWo.exe
  2⤵
  PID:4544
- C:\Windows\System\aurSwBa.exe
  C:\Windows\System\aurSwBa.exe
  2⤵
  PID:4560
- C:\Windows\System\QyDEgyQ.exe
  C:\Windows\System\QyDEgyQ.exe
  2⤵
  PID:4576
- C:\Windows\System\KjSEMfM.exe
  C:\Windows\System\KjSEMfM.exe
  2⤵
  PID:4592
- C:\Windows\System\AgWmOXF.exe
  C:\Windows\System\AgWmOXF.exe
  2⤵
  PID:4608
- C:\Windows\System\wQsegrH.exe
  C:\Windows\System\wQsegrH.exe
  2⤵
  PID:4624
- C:\Windows\System\RHLwaqW.exe
  C:\Windows\System\RHLwaqW.exe
  2⤵
  PID:4640
- C:\Windows\System\kHGnhei.exe
  C:\Windows\System\kHGnhei.exe
  2⤵
  PID:4656
- C:\Windows\System\wYLWnWe.exe
  C:\Windows\System\wYLWnWe.exe
  2⤵
  PID:4672
- C:\Windows\System\emnPTNw.exe
  C:\Windows\System\emnPTNw.exe
  2⤵
  PID:4688
- C:\Windows\System\ImmrIQe.exe
  C:\Windows\System\ImmrIQe.exe
  2⤵
  PID:4704
- C:\Windows\System\FwAAdms.exe
  C:\Windows\System\FwAAdms.exe
  2⤵
  PID:4720
- C:\Windows\System\FkJUAas.exe
  C:\Windows\System\FkJUAas.exe
  2⤵
  PID:4736
- C:\Windows\System\UYyXTlk.exe
  C:\Windows\System\UYyXTlk.exe
  2⤵
  PID:4752
- C:\Windows\System\eVimzNC.exe
  C:\Windows\System\eVimzNC.exe
  2⤵
  PID:4768
- C:\Windows\System\CvtxGLz.exe
  C:\Windows\System\CvtxGLz.exe
  2⤵
  PID:4784
- C:\Windows\System\JvjTIRi.exe
  C:\Windows\System\JvjTIRi.exe
  2⤵
  PID:4800
- C:\Windows\System\gVULxrX.exe
  C:\Windows\System\gVULxrX.exe
  2⤵
  PID:4816
- C:\Windows\System\OczgCMb.exe
  C:\Windows\System\OczgCMb.exe
  2⤵
  PID:4832
- C:\Windows\System\cqmrZaN.exe
  C:\Windows\System\cqmrZaN.exe
  2⤵
  PID:4848
- C:\Windows\System\uTyruqn.exe
  C:\Windows\System\uTyruqn.exe
  2⤵
  PID:4864
- C:\Windows\System\rMgVdBs.exe
  C:\Windows\System\rMgVdBs.exe
  2⤵
  PID:4880
- C:\Windows\System\sKKVaTk.exe
  C:\Windows\System\sKKVaTk.exe
  2⤵
  PID:4896
- C:\Windows\System\EVUmzoO.exe
  C:\Windows\System\EVUmzoO.exe
  2⤵
  PID:4912
- C:\Windows\System\nmRkHnD.exe
  C:\Windows\System\nmRkHnD.exe
  2⤵
  PID:4928
- C:\Windows\System\KeujVCB.exe
  C:\Windows\System\KeujVCB.exe
  2⤵
  PID:4944
- C:\Windows\System\zMrgoTH.exe
  C:\Windows\System\zMrgoTH.exe
  2⤵
  PID:4960
- C:\Windows\System\ZJbXIhR.exe
  C:\Windows\System\ZJbXIhR.exe
  2⤵
  PID:4976
- C:\Windows\System\WDdKwgx.exe
  C:\Windows\System\WDdKwgx.exe
  2⤵
  PID:4992
- C:\Windows\System\BwlYdBT.exe
  C:\Windows\System\BwlYdBT.exe
  2⤵
  PID:5008
- C:\Windows\System\ZWtMLwy.exe
  C:\Windows\System\ZWtMLwy.exe
  2⤵
  PID:5024
- C:\Windows\System\mOXFavE.exe
  C:\Windows\System\mOXFavE.exe
  2⤵
  PID:5040
- C:\Windows\System\dnGpUmL.exe
  C:\Windows\System\dnGpUmL.exe
  2⤵
  PID:5056
- C:\Windows\System\mdQgAot.exe
  C:\Windows\System\mdQgAot.exe
  2⤵
  PID:5072
- C:\Windows\System\KRmPkIg.exe
  C:\Windows\System\KRmPkIg.exe
  2⤵
  PID:5088
- C:\Windows\System\MqGjiDO.exe
  C:\Windows\System\MqGjiDO.exe
  2⤵
  PID:5104
- C:\Windows\System\ppDJhQt.exe
  C:\Windows\System\ppDJhQt.exe
  2⤵
  PID:3484
- C:\Windows\System\vZgThAl.exe
  C:\Windows\System\vZgThAl.exe
  2⤵
  PID:3500
- C:\Windows\System\jimzKJy.exe
  C:\Windows\System\jimzKJy.exe
  2⤵
  PID:3580
- C:\Windows\System\HAjofQT.exe
  C:\Windows\System\HAjofQT.exe
  2⤵
  PID:3788
- C:\Windows\System\iBgYDoI.exe
  C:\Windows\System\iBgYDoI.exe
  2⤵
  PID:3776
- C:\Windows\System\HQeifxt.exe
  C:\Windows\System\HQeifxt.exe
  2⤵
  PID:4044
- C:\Windows\System\sKejlqi.exe
  C:\Windows\System\sKejlqi.exe
  2⤵
  PID:4076
- C:\Windows\System\FUMBAjB.exe
  C:\Windows\System\FUMBAjB.exe
  2⤵
  PID:2708
- C:\Windows\System\KuApkDQ.exe
  C:\Windows\System\KuApkDQ.exe
  2⤵
  PID:3388
- C:\Windows\System\EMoBFae.exe
  C:\Windows\System\EMoBFae.exe
  2⤵
  PID:4136
- C:\Windows\System\qUBaUxW.exe
  C:\Windows\System\qUBaUxW.exe
  2⤵
  PID:4148
- C:\Windows\System\gcEZXvr.exe
  C:\Windows\System\gcEZXvr.exe
  2⤵
  PID:4196
- C:\Windows\System\SWXoGNr.exe
  C:\Windows\System\SWXoGNr.exe
  2⤵
  PID:4212
- C:\Windows\System\dNqrbke.exe
  C:\Windows\System\dNqrbke.exe
  2⤵
  PID:4260
- C:\Windows\System\MwAyrvJ.exe
  C:\Windows\System\MwAyrvJ.exe
  2⤵
  PID:4292
- C:\Windows\System\GjynQfO.exe
  C:\Windows\System\GjynQfO.exe
  2⤵
  PID:4308
- C:\Windows\System\qQInSLv.exe
  C:\Windows\System\qQInSLv.exe
  2⤵
  PID:4340
- C:\Windows\System\KzCiPPj.exe
  C:\Windows\System\KzCiPPj.exe
  2⤵
  PID:4392
- C:\Windows\System\ewZYvTM.exe
  C:\Windows\System\ewZYvTM.exe
  2⤵
  PID:4408
- C:\Windows\System\kXNYHWh.exe
  C:\Windows\System\kXNYHWh.exe
  2⤵
  PID:4460
- C:\Windows\System\XjMqeuf.exe
  C:\Windows\System\XjMqeuf.exe
  2⤵
  PID:4476
- C:\Windows\System\yEEuVus.exe
  C:\Windows\System\yEEuVus.exe
  2⤵
  PID:4524
- C:\Windows\System\TEnSUBx.exe
  C:\Windows\System\TEnSUBx.exe
  2⤵
  PID:4540
- C:\Windows\System\JhujkuV.exe
  C:\Windows\System\JhujkuV.exe
  2⤵
  PID:4588
- C:\Windows\System\HDePUXu.exe
  C:\Windows\System\HDePUXu.exe
  2⤵
  PID:4620
- C:\Windows\System\fnZbbbi.exe
  C:\Windows\System\fnZbbbi.exe
  2⤵
  PID:4652
- C:\Windows\System\pqYZslZ.exe
  C:\Windows\System\pqYZslZ.exe
  2⤵
  PID:4684
- C:\Windows\System\DMpkQgC.exe
  C:\Windows\System\DMpkQgC.exe
  2⤵
  PID:4716
- C:\Windows\System\zDcHknZ.exe
  C:\Windows\System\zDcHknZ.exe
  2⤵
  PID:4748
- C:\Windows\System\HxaznSP.exe
  C:\Windows\System\HxaznSP.exe
  2⤵
  PID:4780
- C:\Windows\System\bwESWzr.exe
  C:\Windows\System\bwESWzr.exe
  2⤵
  PID:4812
- C:\Windows\System\GNepayr.exe
  C:\Windows\System\GNepayr.exe
  2⤵
  PID:4828
- C:\Windows\System\VbbvePz.exe
  C:\Windows\System\VbbvePz.exe
  2⤵
  PID:4860
- C:\Windows\System\MdyPjjj.exe
  C:\Windows\System\MdyPjjj.exe
  2⤵
  PID:4888
- C:\Windows\System\jMdgrhM.exe
  C:\Windows\System\jMdgrhM.exe
  2⤵
  PID:4936
- C:\Windows\System\ZjoZyTJ.exe
  C:\Windows\System\ZjoZyTJ.exe
  2⤵
  PID:4968
- C:\Windows\System\pfzekfq.exe
  C:\Windows\System\pfzekfq.exe
  2⤵
  PID:5000
- C:\Windows\System\JbaEVoR.exe
  C:\Windows\System\JbaEVoR.exe
  2⤵
  PID:5032
- C:\Windows\System\pZUmLba.exe
  C:\Windows\System\pZUmLba.exe
  2⤵
  PID:5048
- C:\Windows\System\PVkiKWO.exe
  C:\Windows\System\PVkiKWO.exe
  2⤵
  PID:5096
- C:\Windows\System\qifjemK.exe
  C:\Windows\System\qifjemK.exe
  2⤵
  PID:5112
- C:\Windows\System\UKjNObY.exe
  C:\Windows\System\UKjNObY.exe
  2⤵
  PID:3740
- C:\Windows\System\UNKkxcO.exe
  C:\Windows\System\UNKkxcO.exe
  2⤵
  PID:3904
- C:\Windows\System\JgxYuen.exe
  C:\Windows\System\JgxYuen.exe
  2⤵
  PID:3244
- C:\Windows\System\FIXThQT.exe
  C:\Windows\System\FIXThQT.exe
  2⤵
  PID:4104
- C:\Windows\System\NgXYLwn.exe
  C:\Windows\System\NgXYLwn.exe
  2⤵
  PID:4168
- C:\Windows\System\TKWdjpC.exe
  C:\Windows\System\TKWdjpC.exe
  2⤵
  PID:4232
- C:\Windows\System\NZwkDqI.exe
  C:\Windows\System\NZwkDqI.exe
  2⤵
  PID:4280
- C:\Windows\System\LXbVIQj.exe
  C:\Windows\System\LXbVIQj.exe
  2⤵
  PID:4328
- C:\Windows\System\QbbbegQ.exe
  C:\Windows\System\QbbbegQ.exe
  2⤵
  PID:4396
- C:\Windows\System\AAmTbVb.exe
  C:\Windows\System\AAmTbVb.exe
  2⤵
  PID:4504
- C:\Windows\System\WzPdTsc.exe
  C:\Windows\System\WzPdTsc.exe
  2⤵
  PID:4552
- C:\Windows\System\bPkOAMy.exe
  C:\Windows\System\bPkOAMy.exe
  2⤵
  PID:4648
- C:\Windows\System\AZMSekE.exe
  C:\Windows\System\AZMSekE.exe
  2⤵
  PID:4664
- C:\Windows\System\YmCAyFa.exe
  C:\Windows\System\YmCAyFa.exe
  2⤵
  PID:4744
- C:\Windows\System\McZuFvP.exe
  C:\Windows\System\McZuFvP.exe
  2⤵
  PID:4808
- C:\Windows\System\UfIzhSD.exe
  C:\Windows\System\UfIzhSD.exe
  2⤵
  PID:4872
- C:\Windows\System\ILvCGxV.exe
  C:\Windows\System\ILvCGxV.exe
  2⤵
  PID:4920
- C:\Windows\System\YHulgYe.exe
  C:\Windows\System\YHulgYe.exe
  2⤵
  PID:4956
- C:\Windows\System\zbBfqWp.exe
  C:\Windows\System\zbBfqWp.exe
  2⤵
  PID:5036
- C:\Windows\System\ZkPowKq.exe
  C:\Windows\System\ZkPowKq.exe
  2⤵
  PID:5100
- C:\Windows\System\xyZGeIJ.exe
  C:\Windows\System\xyZGeIJ.exe
  2⤵
  PID:3692
- C:\Windows\System\LkpkcjS.exe
  C:\Windows\System\LkpkcjS.exe
  2⤵
  PID:4132
- C:\Windows\System\RXHaxPr.exe
  C:\Windows\System\RXHaxPr.exe
  2⤵
  PID:4244
- C:\Windows\System\vtWxobO.exe
  C:\Windows\System\vtWxobO.exe
  2⤵
  PID:4324
- C:\Windows\System\nkaSMvK.exe
  C:\Windows\System\nkaSMvK.exe
  2⤵
  PID:5136
- C:\Windows\System\GtmYmDP.exe
  C:\Windows\System\GtmYmDP.exe
  2⤵
  PID:5152
- C:\Windows\System\bTdGHom.exe
  C:\Windows\System\bTdGHom.exe
  2⤵
  PID:5168
- C:\Windows\System\LHsaoCG.exe
  C:\Windows\System\LHsaoCG.exe
  2⤵
  PID:5184
- C:\Windows\System\DxupOAT.exe
  C:\Windows\System\DxupOAT.exe
  2⤵
  PID:5200
- C:\Windows\System\EgkbRYW.exe
  C:\Windows\System\EgkbRYW.exe
  2⤵
  PID:5216
- C:\Windows\System\ZzCYsOD.exe
  C:\Windows\System\ZzCYsOD.exe
  2⤵
  PID:5232
- C:\Windows\System\mrtRiae.exe
  C:\Windows\System\mrtRiae.exe
  2⤵
  PID:5248
- C:\Windows\System\NTnSeyY.exe
  C:\Windows\System\NTnSeyY.exe
  2⤵
  PID:5264
- C:\Windows\System\wfieDJn.exe
  C:\Windows\System\wfieDJn.exe
  2⤵
  PID:5280
- C:\Windows\System\wTuwZHm.exe
  C:\Windows\System\wTuwZHm.exe
  2⤵
  PID:5296
- C:\Windows\System\gteEZHY.exe
  C:\Windows\System\gteEZHY.exe
  2⤵
  PID:5312
- C:\Windows\System\YiIssAO.exe
  C:\Windows\System\YiIssAO.exe
  2⤵
  PID:5328
- C:\Windows\System\XqFWaav.exe
  C:\Windows\System\XqFWaav.exe
  2⤵
  PID:5344
- C:\Windows\System\HZJKPof.exe
  C:\Windows\System\HZJKPof.exe
  2⤵
  PID:5360
- C:\Windows\System\sNTQegS.exe
  C:\Windows\System\sNTQegS.exe
  2⤵
  PID:5376
- C:\Windows\System\CtEJAyP.exe
  C:\Windows\System\CtEJAyP.exe
  2⤵
  PID:5392
- C:\Windows\System\nlsnncS.exe
  C:\Windows\System\nlsnncS.exe
  2⤵
  PID:5408
- C:\Windows\System\dzvgDBw.exe
  C:\Windows\System\dzvgDBw.exe
  2⤵
  PID:5424
- C:\Windows\System\DkTWpff.exe
  C:\Windows\System\DkTWpff.exe
  2⤵
  PID:5444
- C:\Windows\System\APDLqRo.exe
  C:\Windows\System\APDLqRo.exe
  2⤵
  PID:5460
- C:\Windows\System\QEBofWR.exe
  C:\Windows\System\QEBofWR.exe
  2⤵
  PID:5476
- C:\Windows\System\HyLDQDv.exe
  C:\Windows\System\HyLDQDv.exe
  2⤵
  PID:5492
- C:\Windows\System\vOJydtA.exe
  C:\Windows\System\vOJydtA.exe
  2⤵
  PID:5508
- C:\Windows\System\EQfVCMe.exe
  C:\Windows\System\EQfVCMe.exe
  2⤵
  PID:5524
- C:\Windows\System\UHdxzmO.exe
  C:\Windows\System\UHdxzmO.exe
  2⤵
  PID:5540
- C:\Windows\System\xyMlyER.exe
  C:\Windows\System\xyMlyER.exe
  2⤵
  PID:5556
- C:\Windows\System\RKDKqyA.exe
  C:\Windows\System\RKDKqyA.exe
  2⤵
  PID:5572
- C:\Windows\System\MwGWphv.exe
  C:\Windows\System\MwGWphv.exe
  2⤵
  PID:5588
- C:\Windows\System\ZMdanMb.exe
  C:\Windows\System\ZMdanMb.exe
  2⤵
  PID:5604
- C:\Windows\System\DFYKXvJ.exe
  C:\Windows\System\DFYKXvJ.exe
  2⤵
  PID:5620
- C:\Windows\System\LgojyrW.exe
  C:\Windows\System\LgojyrW.exe
  2⤵
  PID:5636
- C:\Windows\System\zDzLJPt.exe
  C:\Windows\System\zDzLJPt.exe
  2⤵
  PID:5652
- C:\Windows\System\FQrSadB.exe
  C:\Windows\System\FQrSadB.exe
  2⤵
  PID:5668
- C:\Windows\System\kUFwDrG.exe
  C:\Windows\System\kUFwDrG.exe
  2⤵
  PID:5684
- C:\Windows\System\SRTyaKy.exe
  C:\Windows\System\SRTyaKy.exe
  2⤵
  PID:5700
- C:\Windows\System\RrWFyAR.exe
  C:\Windows\System\RrWFyAR.exe
  2⤵
  PID:5716
- C:\Windows\System\AKVLPdS.exe
  C:\Windows\System\AKVLPdS.exe
  2⤵
  PID:5732
- C:\Windows\System\AaJhJLD.exe
  C:\Windows\System\AaJhJLD.exe
  2⤵
  PID:5748
- C:\Windows\System\GhUQEsN.exe
  C:\Windows\System\GhUQEsN.exe
  2⤵
  PID:5764
- C:\Windows\System\yqIORMk.exe
  C:\Windows\System\yqIORMk.exe
  2⤵
  PID:5780
- C:\Windows\System\GULuCAB.exe
  C:\Windows\System\GULuCAB.exe
  2⤵
  PID:5796
- C:\Windows\System\zXcdqgd.exe
  C:\Windows\System\zXcdqgd.exe
  2⤵
  PID:5812
- C:\Windows\System\epRfHNz.exe
  C:\Windows\System\epRfHNz.exe
  2⤵
  PID:5828
- C:\Windows\System\uPXWHXi.exe
  C:\Windows\System\uPXWHXi.exe
  2⤵
  PID:5844
- C:\Windows\System\LBMwVWH.exe
  C:\Windows\System\LBMwVWH.exe
  2⤵
  PID:5860
- C:\Windows\System\fyTePwa.exe
  C:\Windows\System\fyTePwa.exe
  2⤵
  PID:5876
- C:\Windows\System\RSQtHSJ.exe
  C:\Windows\System\RSQtHSJ.exe
  2⤵
  PID:5892
- C:\Windows\System\nMhIAOV.exe
  C:\Windows\System\nMhIAOV.exe
  2⤵
  PID:5908
- C:\Windows\System\IqzOfAJ.exe
  C:\Windows\System\IqzOfAJ.exe
  2⤵
  PID:5924
- C:\Windows\System\hboyvrE.exe
  C:\Windows\System\hboyvrE.exe
  2⤵
  PID:5940
- C:\Windows\System\HlTBcCT.exe
  C:\Windows\System\HlTBcCT.exe
  2⤵
  PID:5956
- C:\Windows\System\joQdEQt.exe
  C:\Windows\System\joQdEQt.exe
  2⤵
  PID:5972
- C:\Windows\System\vJEHliu.exe
  C:\Windows\System\vJEHliu.exe
  2⤵
  PID:5992
- C:\Windows\System\EXQPdad.exe
  C:\Windows\System\EXQPdad.exe
  2⤵
  PID:6008
- C:\Windows\System\ItWXWoZ.exe
  C:\Windows\System\ItWXWoZ.exe
  2⤵
  PID:6024
- C:\Windows\System\KhHvbIw.exe
  C:\Windows\System\KhHvbIw.exe
  2⤵
  PID:6040
- C:\Windows\System\jDNwodd.exe
  C:\Windows\System\jDNwodd.exe
  2⤵
  PID:6056
- C:\Windows\System\ZGOfuQW.exe
  C:\Windows\System\ZGOfuQW.exe
  2⤵
  PID:6072
- C:\Windows\System\SMVfFIV.exe
  C:\Windows\System\SMVfFIV.exe
  2⤵
  PID:6088
- C:\Windows\System\JHABuap.exe
  C:\Windows\System\JHABuap.exe
  2⤵
  PID:6104
- C:\Windows\System\GMbEXuh.exe
  C:\Windows\System\GMbEXuh.exe
  2⤵
  PID:6120
- C:\Windows\System\RsJVror.exe
  C:\Windows\System\RsJVror.exe
  2⤵
  PID:6136
- C:\Windows\System\nHsQCxs.exe
  C:\Windows\System\nHsQCxs.exe
  2⤵
  PID:4344
- C:\Windows\System\xKCGCzU.exe
  C:\Windows\System\xKCGCzU.exe
  2⤵
  PID:4616
- C:\Windows\System\CzXuoPQ.exe
  C:\Windows\System\CzXuoPQ.exe
  2⤵
  PID:4824
- C:\Windows\System\pDdfcoX.exe
  C:\Windows\System\pDdfcoX.exe
  2⤵
  PID:4456
- C:\Windows\System\IthUYNz.exe
  C:\Windows\System\IthUYNz.exe
  2⤵
  PID:4904
- C:\Windows\System\uITdYlF.exe
  C:\Windows\System\uITdYlF.exe
  2⤵
  PID:4988
- C:\Windows\System\WPhSFmL.exe
  C:\Windows\System\WPhSFmL.exe
  2⤵
  PID:3436
- C:\Windows\System\VyeTiej.exe
  C:\Windows\System\VyeTiej.exe
  2⤵
  PID:2444
- C:\Windows\System\FBOkdhu.exe
  C:\Windows\System\FBOkdhu.exe
  2⤵
  PID:5132
- C:\Windows\System\MnWOrVz.exe
  C:\Windows\System\MnWOrVz.exe
  2⤵
  PID:5164
- C:\Windows\System\KnrXZOP.exe
  C:\Windows\System\KnrXZOP.exe
  2⤵
  PID:5196
- C:\Windows\System\iDWwHba.exe
  C:\Windows\System\iDWwHba.exe
  2⤵
  PID:5212
- C:\Windows\System\OnjJDzE.exe
  C:\Windows\System\OnjJDzE.exe
  2⤵
  PID:5260
- C:\Windows\System\nfquvmA.exe
  C:\Windows\System\nfquvmA.exe
  2⤵
  PID:5276
- C:\Windows\System\vaocipa.exe
  C:\Windows\System\vaocipa.exe
  2⤵
  PID:5308
- C:\Windows\System\duciYXq.exe
  C:\Windows\System\duciYXq.exe
  2⤵
  PID:5356
- C:\Windows\System\rNpszDW.exe
  C:\Windows\System\rNpszDW.exe
  2⤵
  PID:5372
- C:\Windows\System\kUFMREp.exe
  C:\Windows\System\kUFMREp.exe
  2⤵
  PID:5420
- C:\Windows\System\xxPCumU.exe
  C:\Windows\System\xxPCumU.exe
  2⤵
  PID:5456
- C:\Windows\System\wWQTPIc.exe
  C:\Windows\System\wWQTPIc.exe
  2⤵
  PID:5488
- C:\Windows\System\bpTjmKm.exe
  C:\Windows\System\bpTjmKm.exe
  2⤵
  PID:5504
- C:\Windows\System\fCLpeRj.exe
  C:\Windows\System\fCLpeRj.exe
  2⤵
  PID:5552
- C:\Windows\System\KOzwmDF.exe
  C:\Windows\System\KOzwmDF.exe
  2⤵
  PID:5584
- C:\Windows\System\FPpcvdR.exe
  C:\Windows\System\FPpcvdR.exe
  2⤵
  PID:5616
- C:\Windows\System\yjKqXDX.exe
  C:\Windows\System\yjKqXDX.exe
  2⤵
  PID:5648
- C:\Windows\System\aONedBD.exe
  C:\Windows\System\aONedBD.exe
  2⤵
  PID:5664
- C:\Windows\System\nPEOgBm.exe
  C:\Windows\System\nPEOgBm.exe
  2⤵
  PID:5712
- C:\Windows\System\EFOcAcZ.exe
  C:\Windows\System\EFOcAcZ.exe
  2⤵
  PID:5744
- C:\Windows\System\sMMpziX.exe
  C:\Windows\System\sMMpziX.exe
  2⤵
  PID:5776
- C:\Windows\System\ijHdElL.exe
  C:\Windows\System\ijHdElL.exe
  2⤵
  PID:5808
- C:\Windows\System\VdMaBBY.exe
  C:\Windows\System\VdMaBBY.exe
  2⤵
  PID:5840
- C:\Windows\System\MmrUymn.exe
  C:\Windows\System\MmrUymn.exe
  2⤵
  PID:5872
- C:\Windows\System\wLoZHHS.exe
  C:\Windows\System\wLoZHHS.exe
  2⤵
  PID:5904
- C:\Windows\System\UsnVPyM.exe
  C:\Windows\System\UsnVPyM.exe
  2⤵
  PID:5936
- C:\Windows\System\bEXsDYd.exe
  C:\Windows\System\bEXsDYd.exe
  2⤵
  PID:5968
- C:\Windows\System\VrBvgfP.exe
  C:\Windows\System\VrBvgfP.exe
  2⤵
  PID:5984
- C:\Windows\System\DfEHqWU.exe
  C:\Windows\System\DfEHqWU.exe
  2⤵
  PID:6036
- C:\Windows\System\waIzteY.exe
  C:\Windows\System\waIzteY.exe
  2⤵
  PID:6052
- C:\Windows\System\xwSXfzo.exe
  C:\Windows\System\xwSXfzo.exe
  2⤵
  PID:6096
- C:\Windows\System\KjEFSyr.exe
  C:\Windows\System\KjEFSyr.exe
  2⤵
  PID:6116
- C:\Windows\System\vuEljLF.exe
  C:\Windows\System\vuEljLF.exe
  2⤵
  PID:4488
- C:\Windows\System\TXUhMpq.exe
  C:\Windows\System\TXUhMpq.exe
  2⤵
  PID:4712
- C:\Windows\System\sjSRAKL.exe
  C:\Windows\System\sjSRAKL.exe
  2⤵
  PID:5068
- C:\Windows\System\akKxaeP.exe
  C:\Windows\System\akKxaeP.exe
  2⤵
  PID:4180
- C:\Windows\System\qBgcEgi.exe
  C:\Windows\System\qBgcEgi.exe
  2⤵
  PID:4376
- C:\Windows\System\rxhEpYo.exe
  C:\Windows\System\rxhEpYo.exe
  2⤵
  PID:5228
- C:\Windows\System\kCNuSrY.exe
  C:\Windows\System\kCNuSrY.exe
  2⤵
  PID:5256
- C:\Windows\System\lIMkuwn.exe
  C:\Windows\System\lIMkuwn.exe
  2⤵
  PID:5324
- C:\Windows\System\RmzQSoP.exe
  C:\Windows\System\RmzQSoP.exe
  2⤵
  PID:5388
- C:\Windows\System\Jumwxwn.exe
  C:\Windows\System\Jumwxwn.exe
  2⤵
  PID:5452
- C:\Windows\System\cwtNotO.exe
  C:\Windows\System\cwtNotO.exe
  2⤵
  PID:5520
- C:\Windows\System\Lgpmjyg.exe
  C:\Windows\System\Lgpmjyg.exe
  2⤵
  PID:5612
- C:\Windows\System\fGMceKr.exe
  C:\Windows\System\fGMceKr.exe
  2⤵
  PID:5644
- C:\Windows\System\ZKtlcdO.exe
  C:\Windows\System\ZKtlcdO.exe
  2⤵
  PID:5724
- C:\Windows\System\hNaJQPP.exe
  C:\Windows\System\hNaJQPP.exe
  2⤵
  PID:5772
- C:\Windows\System\kqpsbAW.exe
  C:\Windows\System\kqpsbAW.exe
  2⤵
  PID:5836
- C:\Windows\System\mYgZfdM.exe
  C:\Windows\System\mYgZfdM.exe
  2⤵
  PID:5888
- C:\Windows\System\ycrjZDM.exe
  C:\Windows\System\ycrjZDM.exe
  2⤵
  PID:5964
- C:\Windows\System\uPIHekf.exe
  C:\Windows\System\uPIHekf.exe
  2⤵
  PID:6032
- C:\Windows\System\uSquPKV.exe
  C:\Windows\System\uSquPKV.exe
  2⤵
  PID:6128
- C:\Windows\System\iZcbAPP.exe
  C:\Windows\System\iZcbAPP.exe
  2⤵
  PID:4428
- C:\Windows\System\obDxRRM.exe
  C:\Windows\System\obDxRRM.exe
  2⤵
  PID:4840
- C:\Windows\System\zSonPtl.exe
  C:\Windows\System\zSonPtl.exe
  2⤵
  PID:5224
- C:\Windows\System\GkNGbHe.exe
  C:\Windows\System\GkNGbHe.exe
  2⤵
  PID:5180
- C:\Windows\System\ZrSuxiv.exe
  C:\Windows\System\ZrSuxiv.exe
  2⤵
  PID:5384
- C:\Windows\System\ZFyaROg.exe
  C:\Windows\System\ZFyaROg.exe
  2⤵
  PID:5564
- C:\Windows\System\SkikYgk.exe
  C:\Windows\System\SkikYgk.exe
  2⤵
  PID:5680
- C:\Windows\System\BUxHlnd.exe
  C:\Windows\System\BUxHlnd.exe
  2⤵
  PID:5804
- C:\Windows\System\FjLoFWD.exe
  C:\Windows\System\FjLoFWD.exe
  2⤵
  PID:6156
- C:\Windows\System\eUBxMsJ.exe
  C:\Windows\System\eUBxMsJ.exe
  2⤵
  PID:6172
- C:\Windows\System\ioxvZUd.exe
  C:\Windows\System\ioxvZUd.exe
  2⤵
  PID:6188
- C:\Windows\System\FpHXarb.exe
  C:\Windows\System\FpHXarb.exe
  2⤵
  PID:6204
- C:\Windows\System\NFKaDrb.exe
  C:\Windows\System\NFKaDrb.exe
  2⤵
  PID:6220
- C:\Windows\System\FaPdYYI.exe
  C:\Windows\System\FaPdYYI.exe
  2⤵
  PID:6236
- C:\Windows\System\MuqsEMj.exe
  C:\Windows\System\MuqsEMj.exe
  2⤵
  PID:6252
- C:\Windows\System\OQmYFfE.exe
  C:\Windows\System\OQmYFfE.exe
  2⤵
  PID:6268
- C:\Windows\System\xpgarpT.exe
  C:\Windows\System\xpgarpT.exe
  2⤵
  PID:6284
- C:\Windows\System\jTqcgii.exe
  C:\Windows\System\jTqcgii.exe
  2⤵
  PID:6300
- C:\Windows\System\qcrduka.exe
  C:\Windows\System\qcrduka.exe
  2⤵
  PID:6316
- C:\Windows\System\ejtiscp.exe
  C:\Windows\System\ejtiscp.exe
  2⤵
  PID:6332
- C:\Windows\System\NVSOrzL.exe
  C:\Windows\System\NVSOrzL.exe
  2⤵
  PID:6348
- C:\Windows\System\xOapHSj.exe
  C:\Windows\System\xOapHSj.exe
  2⤵
  PID:6364
- C:\Windows\System\bMIZntl.exe
  C:\Windows\System\bMIZntl.exe
  2⤵
  PID:6380
- C:\Windows\System\sGgAHXR.exe
  C:\Windows\System\sGgAHXR.exe
  2⤵
  PID:6396
- C:\Windows\System\rSZNpGI.exe
  C:\Windows\System\rSZNpGI.exe
  2⤵
  PID:6412
- C:\Windows\System\Chtvrvt.exe
  C:\Windows\System\Chtvrvt.exe
  2⤵
  PID:6428
- C:\Windows\System\jqAzZsn.exe
  C:\Windows\System\jqAzZsn.exe
  2⤵
  PID:6444
- C:\Windows\System\XsMJwZx.exe
  C:\Windows\System\XsMJwZx.exe
  2⤵
  PID:6460
- C:\Windows\System\fNnuIQv.exe
  C:\Windows\System\fNnuIQv.exe
  2⤵
  PID:6476
- C:\Windows\System\zyXdVGe.exe
  C:\Windows\System\zyXdVGe.exe
  2⤵
  PID:6492
- C:\Windows\System\OPsLHly.exe
  C:\Windows\System\OPsLHly.exe
  2⤵
  PID:6508
- C:\Windows\System\KygCekf.exe
  C:\Windows\System\KygCekf.exe
  2⤵
  PID:6524
- C:\Windows\System\emtStMY.exe
  C:\Windows\System\emtStMY.exe
  2⤵
  PID:6540
- C:\Windows\System\zxNQZbV.exe
  C:\Windows\System\zxNQZbV.exe
  2⤵
  PID:6556
- C:\Windows\System\wATcKtn.exe
  C:\Windows\System\wATcKtn.exe
  2⤵
  PID:6572
- C:\Windows\System\cSHbPhD.exe
  C:\Windows\System\cSHbPhD.exe
  2⤵
  PID:6588
- C:\Windows\System\UfPyAOM.exe
  C:\Windows\System\UfPyAOM.exe
  2⤵
  PID:6604
- C:\Windows\System\LBqJydY.exe
  C:\Windows\System\LBqJydY.exe
  2⤵
  PID:6620
- C:\Windows\System\dkEPmQt.exe
  C:\Windows\System\dkEPmQt.exe
  2⤵
  PID:6636
- C:\Windows\System\JLgYVGV.exe
  C:\Windows\System\JLgYVGV.exe
  2⤵
  PID:6652
- C:\Windows\System\lxnFBwS.exe
  C:\Windows\System\lxnFBwS.exe
  2⤵
  PID:6668
- C:\Windows\System\oaTSGKy.exe
  C:\Windows\System\oaTSGKy.exe
  2⤵
  PID:6684
- C:\Windows\System\AcSKjxL.exe
  C:\Windows\System\AcSKjxL.exe
  2⤵
  PID:6700
- C:\Windows\System\MrDWuOb.exe
  C:\Windows\System\MrDWuOb.exe
  2⤵
  PID:6716
- C:\Windows\System\rlsANpX.exe
  C:\Windows\System\rlsANpX.exe
  2⤵
  PID:6732
- C:\Windows\System\ZHbGLhF.exe
  C:\Windows\System\ZHbGLhF.exe
  2⤵
  PID:6748
- C:\Windows\System\OOpIpxQ.exe
  C:\Windows\System\OOpIpxQ.exe
  2⤵
  PID:6764
- C:\Windows\System\DfHgHfn.exe
  C:\Windows\System\DfHgHfn.exe
  2⤵
  PID:6780
- C:\Windows\System\HRcuvNh.exe
  C:\Windows\System\HRcuvNh.exe
  2⤵
  PID:6796
- C:\Windows\System\VDXvNHZ.exe
  C:\Windows\System\VDXvNHZ.exe
  2⤵
  PID:6812
- C:\Windows\System\EganYzH.exe
  C:\Windows\System\EganYzH.exe
  2⤵
  PID:6828
- C:\Windows\System\WRtuKZg.exe
  C:\Windows\System\WRtuKZg.exe
  2⤵
  PID:6844
- C:\Windows\System\cbWOUpP.exe
  C:\Windows\System\cbWOUpP.exe
  2⤵
  PID:6864
- C:\Windows\System\EviSHiW.exe
  C:\Windows\System\EviSHiW.exe
  2⤵
  PID:6880
- C:\Windows\System\MyABgzb.exe
  C:\Windows\System\MyABgzb.exe
  2⤵
  PID:6896
- C:\Windows\System\bzZJLUi.exe
  C:\Windows\System\bzZJLUi.exe
  2⤵
  PID:6912
- C:\Windows\System\DWKQenP.exe
  C:\Windows\System\DWKQenP.exe
  2⤵
  PID:6928
- C:\Windows\System\MFDiLYC.exe
  C:\Windows\System\MFDiLYC.exe
  2⤵
  PID:6944
- C:\Windows\System\VwaFrDF.exe
  C:\Windows\System\VwaFrDF.exe
  2⤵
  PID:6960
- C:\Windows\System\YIeZryS.exe
  C:\Windows\System\YIeZryS.exe
  2⤵
  PID:6976
- C:\Windows\System\SVMJtaF.exe
  C:\Windows\System\SVMJtaF.exe
  2⤵
  PID:6992
- C:\Windows\System\UkJKmtx.exe
  C:\Windows\System\UkJKmtx.exe
  2⤵
  PID:7008
- C:\Windows\System\ynxDXBk.exe
  C:\Windows\System\ynxDXBk.exe
  2⤵
  PID:7024
- C:\Windows\System\VEpjfTF.exe
  C:\Windows\System\VEpjfTF.exe
  2⤵
  PID:7040
- C:\Windows\System\fMcMicJ.exe
  C:\Windows\System\fMcMicJ.exe
  2⤵
  PID:7056
- C:\Windows\System\QvIxtqe.exe
  C:\Windows\System\QvIxtqe.exe
  2⤵
  PID:7072
- C:\Windows\System\bqcATna.exe
  C:\Windows\System\bqcATna.exe
  2⤵
  PID:7088
- C:\Windows\System\rgVbFYs.exe
  C:\Windows\System\rgVbFYs.exe
  2⤵
  PID:7104
- C:\Windows\System\pYmKIni.exe
  C:\Windows\System\pYmKIni.exe
  2⤵
  PID:7120
- C:\Windows\System\nNlIXAE.exe
  C:\Windows\System\nNlIXAE.exe
  2⤵
  PID:7136
- C:\Windows\System\aSNEGPP.exe
  C:\Windows\System\aSNEGPP.exe
  2⤵
  PID:7152
- C:\Windows\System\cEPyynk.exe
  C:\Windows\System\cEPyynk.exe
  2⤵
  PID:2856
- C:\Windows\System\yZuMBRK.exe
  C:\Windows\System\yZuMBRK.exe
  2⤵
  PID:5932
- C:\Windows\System\SnUSykp.exe
  C:\Windows\System\SnUSykp.exe
  2⤵
  PID:6000
- C:\Windows\System\YjgzltB.exe
  C:\Windows\System\YjgzltB.exe
  2⤵
  PID:6048
- C:\Windows\System\ZjRoReO.exe
  C:\Windows\System\ZjRoReO.exe
  2⤵
  PID:5160
- C:\Windows\System\QiZWOJN.exe
  C:\Windows\System\QiZWOJN.exe
  2⤵
  PID:2796
- C:\Windows\System\BSnOSep.exe
  C:\Windows\System\BSnOSep.exe
  2⤵
  PID:5536
- C:\Windows\System\uUGeqwO.exe
  C:\Windows\System\uUGeqwO.exe
  2⤵
  PID:5548
- C:\Windows\System\hUVmjnK.exe
  C:\Windows\System\hUVmjnK.exe
  2⤵
  PID:6200
- C:\Windows\System\zfPgFYV.exe
  C:\Windows\System\zfPgFYV.exe
  2⤵
  PID:6152
- C:\Windows\System\ufMjjXW.exe
  C:\Windows\System\ufMjjXW.exe
  2⤵
  PID:2804
- C:\Windows\System\LHRJOaH.exe
  C:\Windows\System\LHRJOaH.exe
  2⤵
  PID:6264
- C:\Windows\System\kczrhCv.exe
  C:\Windows\System\kczrhCv.exe
  2⤵
  PID:6216
- C:\Windows\System\EEGLUmO.exe
  C:\Windows\System\EEGLUmO.exe
  2⤵
  PID:6276
- C:\Windows\System\vlFopwH.exe
  C:\Windows\System\vlFopwH.exe
  2⤵
  PID:6388
- C:\Windows\System\dcNBZTJ.exe
  C:\Windows\System\dcNBZTJ.exe
  2⤵
  PID:6452
- C:\Windows\System\vkYYzRj.exe
  C:\Windows\System\vkYYzRj.exe
  2⤵
  PID:5352
- C:\Windows\System\fGnjKoV.exe
  C:\Windows\System\fGnjKoV.exe
  2⤵
  PID:6488
- C:\Windows\System\VfHKnrD.exe
  C:\Windows\System\VfHKnrD.exe
  2⤵
  PID:6548
- C:\Windows\System\ybAUIMm.exe
  C:\Windows\System\ybAUIMm.exe
  2⤵
  PID:6372
- C:\Windows\System\lIYXfbB.exe
  C:\Windows\System\lIYXfbB.exe
  2⤵
  PID:6440
- C:\Windows\System\zRjMyhE.exe
  C:\Windows\System\zRjMyhE.exe
  2⤵
  PID:6552
- C:\Windows\System\evLSEWu.exe
  C:\Windows\System\evLSEWu.exe
  2⤵
  PID:6616
- C:\Windows\System\JuSFhuY.exe
  C:\Windows\System\JuSFhuY.exe
  2⤵
  PID:6532
- C:\Windows\System\aVIThPt.exe
  C:\Windows\System\aVIThPt.exe
  2⤵
  PID:6596
- C:\Windows\System\pHYLasZ.exe
  C:\Windows\System\pHYLasZ.exe
  2⤵
  PID:6648
- C:\Windows\System\BXdRBnG.exe
  C:\Windows\System\BXdRBnG.exe
  2⤵
  PID:6676
- C:\Windows\System\wtUYMBq.exe
  C:\Windows\System\wtUYMBq.exe
  2⤵
  PID:6712
- C:\Windows\System\pawWSfX.exe
  C:\Windows\System\pawWSfX.exe
  2⤵
  PID:6724
- C:\Windows\System\pNBWtRW.exe
  C:\Windows\System\pNBWtRW.exe
  2⤵
  PID:6728
- C:\Windows\System\QZxgNMl.exe
  C:\Windows\System\QZxgNMl.exe
  2⤵
  PID:6804
- C:\Windows\System\rPiSndc.exe
  C:\Windows\System\rPiSndc.exe
  2⤵
  PID:6788
- C:\Windows\System\WlqQiZt.exe
  C:\Windows\System\WlqQiZt.exe
  2⤵
  PID:6876
- C:\Windows\System\Kyjvioz.exe
  C:\Windows\System\Kyjvioz.exe
  2⤵
  PID:6888
- C:\Windows\System\cIOpRPH.exe
  C:\Windows\System\cIOpRPH.exe
  2⤵
  PID:6940
- C:\Windows\System\aegjXWH.exe
  C:\Windows\System\aegjXWH.exe
  2⤵
  PID:6968
- C:\Windows\System\vDQLPgF.exe
  C:\Windows\System\vDQLPgF.exe
  2⤵
  PID:7000
- C:\Windows\System\ltieovF.exe
  C:\Windows\System\ltieovF.exe
  2⤵
  PID:7032
- C:\Windows\System\KbZvvdl.exe
  C:\Windows\System\KbZvvdl.exe
  2⤵
  PID:7016
- C:\Windows\System\IotRkuw.exe
  C:\Windows\System\IotRkuw.exe
  2⤵
  PID:7048
- C:\Windows\System\XToJPdc.exe
  C:\Windows\System\XToJPdc.exe
  2⤵
  PID:2712
- C:\Windows\System\bYlYFPi.exe
  C:\Windows\System\bYlYFPi.exe
  2⤵
  PID:7128
- C:\Windows\System\bBvubTt.exe
  C:\Windows\System\bBvubTt.exe
  2⤵
  PID:7160
- C:\Windows\System\ykZWGjj.exe
  C:\Windows\System\ykZWGjj.exe
  2⤵
  PID:7116
- C:\Windows\System\gyPChIb.exe
  C:\Windows\System\gyPChIb.exe
  2⤵
  PID:5868
- C:\Windows\System\JPUafyI.exe
  C:\Windows\System\JPUafyI.exe
  2⤵
  PID:7144
- C:\Windows\System\OwFfgTj.exe
  C:\Windows\System\OwFfgTj.exe
  2⤵
  PID:2704
- C:\Windows\System\YzAaCzC.exe
  C:\Windows\System\YzAaCzC.exe
  2⤵
  PID:4360
- C:\Windows\System\tkIjfOx.exe
  C:\Windows\System\tkIjfOx.exe
  2⤵
  PID:2760
- C:\Windows\System\gaBwIuu.exe
  C:\Windows\System\gaBwIuu.exe
  2⤵
  PID:6148
- C:\Windows\System\ruOnvdY.exe
  C:\Windows\System\ruOnvdY.exe
  2⤵
  PID:6296
- C:\Windows\System\LYCsOzc.exe
  C:\Windows\System\LYCsOzc.exe
  2⤵
  PID:6360
- C:\Windows\System\oSZDJLR.exe
  C:\Windows\System\oSZDJLR.exe
  2⤵
  PID:1628
- C:\Windows\System\ZsHJGzr.exe
  C:\Windows\System\ZsHJGzr.exe
  2⤵
  PID:6280
- C:\Windows\System\omDnvUs.exe
  C:\Windows\System\omDnvUs.exe
  2⤵
  PID:6424
- C:\Windows\System\BOjfFwE.exe
  C:\Windows\System\BOjfFwE.exe
  2⤵
  PID:2188
- C:\Windows\System\arbbLkf.exe
  C:\Windows\System\arbbLkf.exe
  2⤵
  PID:6564
- C:\Windows\System\QYGxuep.exe
  C:\Windows\System\QYGxuep.exe
  2⤵
  PID:6644
- C:\Windows\System\nnGJsRH.exe
  C:\Windows\System\nnGJsRH.exe
  2⤵
  PID:6740
- C:\Windows\System\IgToLdY.exe
  C:\Windows\System\IgToLdY.exe
  2⤵
  PID:760
- C:\Windows\System\AMbwBOJ.exe
  C:\Windows\System\AMbwBOJ.exe
  2⤵
  PID:6820
- C:\Windows\System\XqqVeIc.exe
  C:\Windows\System\XqqVeIc.exe
  2⤵
  PID:6908
- C:\Windows\System\bjXkejK.exe
  C:\Windows\System\bjXkejK.exe
  2⤵
  PID:6956
- C:\Windows\System\GbuvCzi.exe
  C:\Windows\System\GbuvCzi.exe
  2⤵
  PID:6860
- C:\Windows\System\MJdvLhI.exe
  C:\Windows\System\MJdvLhI.exe
  2⤵
  PID:7112
- C:\Windows\System\AWawHRR.exe
  C:\Windows\System\AWawHRR.exe
  2⤵
  PID:5920
- C:\Windows\System\uKNHCKr.exe
  C:\Windows\System\uKNHCKr.exe
  2⤵
  PID:5988
- C:\Windows\System\gHvxxWp.exe
  C:\Windows\System\gHvxxWp.exe
  2⤵
  PID:1780
- C:\Windows\System\ZBQxdbM.exe
  C:\Windows\System\ZBQxdbM.exe
  2⤵
  PID:7068
- C:\Windows\System\dRnFQmI.exe
  C:\Windows\System\dRnFQmI.exe
  2⤵
  PID:7148
- C:\Windows\System\HvrlTUs.exe
  C:\Windows\System\HvrlTUs.exe
  2⤵
  PID:1928
- C:\Windows\System\hyjJqGc.exe
  C:\Windows\System\hyjJqGc.exe
  2⤵
  PID:2456
- C:\Windows\System\BAXXGGh.exe
  C:\Windows\System\BAXXGGh.exe
  2⤵
  PID:2408
- C:\Windows\System\qsKSaBi.exe
  C:\Windows\System\qsKSaBi.exe
  2⤵
  PID:2932
- C:\Windows\System\eGyfgeO.exe
  C:\Windows\System\eGyfgeO.exe
  2⤵
  PID:6840
- C:\Windows\System\igmMFni.exe
  C:\Windows\System\igmMFni.exe
  2⤵
  PID:5176
- C:\Windows\System\yBahNqs.exe
  C:\Windows\System\yBahNqs.exe
  2⤵
  PID:2820
- C:\Windows\System\eUGXttl.exe
  C:\Windows\System\eUGXttl.exe
  2⤵
  PID:6184
- C:\Windows\System\QNovupo.exe
  C:\Windows\System\QNovupo.exe
  2⤵
  PID:1720
- C:\Windows\System\snEeGtc.exe
  C:\Windows\System\snEeGtc.exe
  2⤵
  PID:6852
- C:\Windows\System\sjyHrLH.exe
  C:\Windows\System\sjyHrLH.exe
  2⤵
  PID:6244
- C:\Windows\System\gCTJxgV.exe
  C:\Windows\System\gCTJxgV.exe
  2⤵
  PID:6708
- C:\Windows\System\oEzGVgz.exe
  C:\Windows\System\oEzGVgz.exe
  2⤵
  PID:7064
- C:\Windows\System\jCDwPUS.exe
  C:\Windows\System\jCDwPUS.exe
  2⤵
  PID:6984
- C:\Windows\System\HUqCMSr.exe
  C:\Windows\System\HUqCMSr.exe
  2⤵
  PID:7184
- C:\Windows\System\QmycXBG.exe
  C:\Windows\System\QmycXBG.exe
  2⤵
  PID:7200
- C:\Windows\System\IyKvkKD.exe
  C:\Windows\System\IyKvkKD.exe
  2⤵
  PID:7216
- C:\Windows\System\VlogISC.exe
  C:\Windows\System\VlogISC.exe
  2⤵
  PID:7232
- C:\Windows\System\MBAOHid.exe
  C:\Windows\System\MBAOHid.exe
  2⤵
  PID:7248
- C:\Windows\System\zlgoBdN.exe
  C:\Windows\System\zlgoBdN.exe
  2⤵
  PID:7264
- C:\Windows\System\rgZuHQj.exe
  C:\Windows\System\rgZuHQj.exe
  2⤵
  PID:7280
- C:\Windows\System\WrFHOxf.exe
  C:\Windows\System\WrFHOxf.exe
  2⤵
  PID:7296
- C:\Windows\System\mBSJnOq.exe
  C:\Windows\System\mBSJnOq.exe
  2⤵
  PID:7312
- C:\Windows\System\wAaIlEi.exe
  C:\Windows\System\wAaIlEi.exe
  2⤵
  PID:7328
- C:\Windows\System\TuWmzan.exe
  C:\Windows\System\TuWmzan.exe
  2⤵
  PID:7440
- C:\Windows\System\hqlyLBF.exe
  C:\Windows\System\hqlyLBF.exe
  2⤵
  PID:7488
- C:\Windows\System\mJEyrwJ.exe
  C:\Windows\System\mJEyrwJ.exe
  2⤵
  PID:7520
- C:\Windows\System\UTMykxX.exe
  C:\Windows\System\UTMykxX.exe
  2⤵
  PID:7848
- C:\Windows\System\wHThOOz.exe
  C:\Windows\System\wHThOOz.exe
  2⤵
  PID:7864
- C:\Windows\System\ZpCOPis.exe
  C:\Windows\System\ZpCOPis.exe
  2⤵
  PID:7880
- C:\Windows\System\FvRoPEj.exe
  C:\Windows\System\FvRoPEj.exe
  2⤵
  PID:7896
- C:\Windows\System\grQyvMN.exe
  C:\Windows\System\grQyvMN.exe
  2⤵
  PID:7912
- C:\Windows\System\AKSOqle.exe
  C:\Windows\System\AKSOqle.exe
  2⤵
  PID:7928
- C:\Windows\System\vOrWRpw.exe
  C:\Windows\System\vOrWRpw.exe
  2⤵
  PID:7948
- C:\Windows\System\oIrNchW.exe
  C:\Windows\System\oIrNchW.exe
  2⤵
  PID:7968
- C:\Windows\System\wXPyUOn.exe
  C:\Windows\System\wXPyUOn.exe
  2⤵
  PID:7984
- C:\Windows\System\cGcuPIV.exe
  C:\Windows\System\cGcuPIV.exe
  2⤵
  PID:8000
- C:\Windows\System\eyEsEDI.exe
  C:\Windows\System\eyEsEDI.exe
  2⤵
  PID:8016
- C:\Windows\System\qGnmVVC.exe
  C:\Windows\System\qGnmVVC.exe
  2⤵
  PID:8032
- C:\Windows\System\YwYVaaC.exe
  C:\Windows\System\YwYVaaC.exe
  2⤵
  PID:7516
- C:\Windows\System\KwTDmsI.exe
  C:\Windows\System\KwTDmsI.exe
  2⤵
  PID:6600
- C:\Windows\System\ADCrGpd.exe
  C:\Windows\System\ADCrGpd.exe
  2⤵
  PID:7552
- C:\Windows\System\RiGfDbh.exe
  C:\Windows\System\RiGfDbh.exe
  2⤵
  PID:7572
- C:\Windows\System\AyVddKP.exe
  C:\Windows\System\AyVddKP.exe
  2⤵
  PID:7592
- C:\Windows\System\ioeVSjO.exe
  C:\Windows\System\ioeVSjO.exe
  2⤵
  PID:7608
- C:\Windows\System\rVQRVnJ.exe
  C:\Windows\System\rVQRVnJ.exe
  2⤵
  PID:7624
- C:\Windows\System\JMBGFhA.exe
  C:\Windows\System\JMBGFhA.exe
  2⤵
  PID:7640
- C:\Windows\System\dgqjkXG.exe
  C:\Windows\System\dgqjkXG.exe
  2⤵
  PID:7656
- C:\Windows\System\OOouVZf.exe
  C:\Windows\System\OOouVZf.exe
  2⤵
  PID:7672
- C:\Windows\System\NttMiQv.exe
  C:\Windows\System\NttMiQv.exe
  2⤵
  PID:7688
- C:\Windows\System\FMkGYxx.exe
  C:\Windows\System\FMkGYxx.exe
  2⤵
  PID:7704
- C:\Windows\System\kjQnXmw.exe
  C:\Windows\System\kjQnXmw.exe
  2⤵
  PID:6340
- C:\Windows\System\XytWltf.exe
  C:\Windows\System\XytWltf.exe
  2⤵
  PID:7720
- C:\Windows\System\nXyOHKU.exe
  C:\Windows\System\nXyOHKU.exe
  2⤵
  PID:7736
- C:\Windows\System\ZfaSbHS.exe
  C:\Windows\System\ZfaSbHS.exe
  2⤵
  PID:7752
- C:\Windows\System\oHYumZS.exe
  C:\Windows\System\oHYumZS.exe
  2⤵
  PID:7768
- C:\Windows\System\pvMbdRh.exe
  C:\Windows\System\pvMbdRh.exe
  2⤵
  PID:7340
- C:\Windows\System\TzYIFlf.exe
  C:\Windows\System\TzYIFlf.exe
  2⤵
  PID:7364
- C:\Windows\System\zHSrBEd.exe
  C:\Windows\System\zHSrBEd.exe
  2⤵
  PID:7800
- C:\Windows\System\ueYZaLu.exe
  C:\Windows\System\ueYZaLu.exe
  2⤵
  PID:7832
- C:\Windows\System\CkulpKx.exe
  C:\Windows\System\CkulpKx.exe
  2⤵
  PID:7784
- C:\Windows\System\btYSVHH.exe
  C:\Windows\System\btYSVHH.exe
  2⤵
  PID:7808
- C:\Windows\System\mSkbAyx.exe
  C:\Windows\System\mSkbAyx.exe
  2⤵
  PID:7824
- C:\Windows\System\AWxvvHY.exe
  C:\Windows\System\AWxvvHY.exe
  2⤵
  PID:7856
- C:\Windows\System\KraQRRD.exe
  C:\Windows\System\KraQRRD.exe
  2⤵
  PID:7920
- C:\Windows\System\HwtAkWt.exe
  C:\Windows\System\HwtAkWt.exe
  2⤵
  PID:7964
- C:\Windows\System\kLkWMke.exe
  C:\Windows\System\kLkWMke.exe
  2⤵
  PID:8028
- C:\Windows\System\NlHVMDi.exe
  C:\Windows\System\NlHVMDi.exe
  2⤵
  PID:8008
- C:\Windows\System\CltIEGB.exe
  C:\Windows\System\CltIEGB.exe
  2⤵
  PID:8064
- C:\Windows\System\LyiJSVF.exe
  C:\Windows\System\LyiJSVF.exe
  2⤵
  PID:7872
- C:\Windows\System\sVqfuPc.exe
  C:\Windows\System\sVqfuPc.exe
  2⤵
  PID:7936
- C:\Windows\System\aSAxOXt.exe
  C:\Windows\System\aSAxOXt.exe
  2⤵
  PID:8140
- C:\Windows\System\vsGwoSS.exe
  C:\Windows\System\vsGwoSS.exe
  2⤵
  PID:8052
- C:\Windows\System\WdkApei.exe
  C:\Windows\System\WdkApei.exe
  2⤵
  PID:1316
- C:\Windows\System\UoIdEsD.exe
  C:\Windows\System\UoIdEsD.exe
  2⤵
  PID:7436
- C:\Windows\System\UOkRTBh.exe
  C:\Windows\System\UOkRTBh.exe
  2⤵
  PID:7460
- C:\Windows\System\rZzycLH.exe
  C:\Windows\System\rZzycLH.exe
  2⤵
  PID:2128
- C:\Windows\System\uyVzCUv.exe
  C:\Windows\System\uyVzCUv.exe
  2⤵
  PID:1948
- C:\Windows\System\ObABnfR.exe
  C:\Windows\System\ObABnfR.exe
  2⤵
  PID:6696
- C:\Windows\System\TaMPpJh.exe
  C:\Windows\System\TaMPpJh.exe
  2⤵
  PID:7604
- C:\Windows\System\TbxCjtp.exe
  C:\Windows\System\TbxCjtp.exe
  2⤵
  PID:2504
- C:\Windows\System\sAnASuD.exe
  C:\Windows\System\sAnASuD.exe
  2⤵
  PID:7636
- C:\Windows\System\RPTAuhW.exe
  C:\Windows\System\RPTAuhW.exe
  2⤵
  PID:7744
- C:\Windows\System\KdlyCUo.exe
  C:\Windows\System\KdlyCUo.exe
  2⤵
  PID:7372
- C:\Windows\System\wtDfnXH.exe
  C:\Windows\System\wtDfnXH.exe
  2⤵
  PID:7816
- C:\Windows\System\jPFJgQd.exe
  C:\Windows\System\jPFJgQd.exe
  2⤵
  PID:7996
- C:\Windows\System\jUqOWjQ.exe
  C:\Windows\System\jUqOWjQ.exe
  2⤵
  PID:7904
- C:\Windows\System\qtuJTyn.exe
  C:\Windows\System\qtuJTyn.exe
  2⤵
  PID:7036
- C:\Windows\System\AEbXmLa.exe
  C:\Windows\System\AEbXmLa.exe
  2⤵
  PID:7616
- C:\Windows\System\HQBfIuK.exe
  C:\Windows\System\HQBfIuK.exe
  2⤵
  PID:7356
- C:\Windows\System\UqIDZOn.exe
  C:\Windows\System\UqIDZOn.exe
  2⤵
  PID:7792
- C:\Windows\System\xPaihca.exe
  C:\Windows\System\xPaihca.exe
  2⤵
  PID:7956
- C:\Windows\System\UhhBJeW.exe
  C:\Windows\System\UhhBJeW.exe
  2⤵
  PID:8080
- C:\Windows\System\jSrlrHa.exe
  C:\Windows\System\jSrlrHa.exe
  2⤵
  PID:7728
- C:\Windows\System\PaQbVBn.exe
  C:\Windows\System\PaQbVBn.exe
  2⤵
  PID:7176
- C:\Windows\System\CvBVZph.exe
  C:\Windows\System\CvBVZph.exe
  2⤵
  PID:7648
- C:\Windows\System\liaLado.exe
  C:\Windows\System\liaLado.exe
  2⤵
  PID:7540
- C:\Windows\System\yspXkVK.exe
  C:\Windows\System\yspXkVK.exe
  2⤵
  PID:7348
- C:\Windows\System\skewYSV.exe
  C:\Windows\System\skewYSV.exe
  2⤵
  PID:6500
- C:\Windows\System\FSrGJLP.exe
  C:\Windows\System\FSrGJLP.exe
  2⤵
  PID:8088
- C:\Windows\System\CPqLBQf.exe
  C:\Windows\System\CPqLBQf.exe
  2⤵
  PID:7776
- C:\Windows\System\MVpcmqi.exe
  C:\Windows\System\MVpcmqi.exe
  2⤵
  PID:8112
- C:\Windows\System\lCLOobI.exe
  C:\Windows\System\lCLOobI.exe
  2⤵
  PID:8128
- C:\Windows\System\lSEWJrV.exe
  C:\Windows\System\lSEWJrV.exe
  2⤵
  PID:8136
- C:\Windows\System\LNFdYln.exe
  C:\Windows\System\LNFdYln.exe
  2⤵
  PID:7456
- C:\Windows\System\ZUktwgu.exe
  C:\Windows\System\ZUktwgu.exe
  2⤵
  PID:7480
- C:\Windows\System\nlUpcwK.exe
  C:\Windows\System\nlUpcwK.exe
  2⤵
  PID:1516
- C:\Windows\System\pimbrVQ.exe
  C:\Windows\System\pimbrVQ.exe
  2⤵
  PID:7288
- C:\Windows\System\ltHkHDc.exe
  C:\Windows\System\ltHkHDc.exe
  2⤵
  PID:7320
- C:\Windows\System\xByxxOu.exe
  C:\Windows\System\xByxxOu.exe
  2⤵
  PID:8164
- C:\Windows\System\VdidXFl.exe
  C:\Windows\System\VdidXFl.exe
  2⤵
  PID:8180
- C:\Windows\System\bWbbWzS.exe
  C:\Windows\System\bWbbWzS.exe
  2⤵
  PID:2928
- C:\Windows\System\iwwEfHf.exe
  C:\Windows\System\iwwEfHf.exe
  2⤵
  PID:7272
- C:\Windows\System\YHZisKx.exe
  C:\Windows\System\YHZisKx.exe
  2⤵
  PID:6872
- C:\Windows\System\KHhvlWw.exe
  C:\Windows\System\KHhvlWw.exe
  2⤵
  PID:7388
- C:\Windows\System\tZYuHcH.exe
  C:\Windows\System\tZYuHcH.exe
  2⤵
  PID:7412
- C:\Windows\System\PFSAcbC.exe
  C:\Windows\System\PFSAcbC.exe
  2⤵
  PID:7448
- C:\Windows\System\ZvjLLPs.exe
  C:\Windows\System\ZvjLLPs.exe
  2⤵
  PID:7476
- C:\Windows\System\aOmlnYt.exe
  C:\Windows\System\aOmlnYt.exe
  2⤵
  PID:2004
- C:\Windows\System\mQyjVZx.exe
  C:\Windows\System\mQyjVZx.exe
  2⤵
  PID:7700
- C:\Windows\System\xhIpYWd.exe
  C:\Windows\System\xhIpYWd.exe
  2⤵
  PID:7892
- C:\Windows\System\jQypFxv.exe
  C:\Windows\System\jQypFxv.exe
  2⤵
  PID:7696
- C:\Windows\System\crGZWKv.exe
  C:\Windows\System\crGZWKv.exe
  2⤵
  PID:7712
- C:\Windows\System\vbSvsLv.exe
  C:\Windows\System\vbSvsLv.exe
  2⤵
  PID:7944
- C:\Windows\System\WKlQhPq.exe
  C:\Windows\System\WKlQhPq.exe
  2⤵
  PID:1560
- C:\Windows\System\gZdSqPO.exe
  C:\Windows\System\gZdSqPO.exe
  2⤵
  PID:8076
- C:\Windows\System\qrBuxaV.exe
  C:\Windows\System\qrBuxaV.exe
  2⤵
  PID:8096
- C:\Windows\System\tNFHOQR.exe
  C:\Windows\System\tNFHOQR.exe
  2⤵
  PID:7684
- C:\Windows\System\AcstDXk.exe
  C:\Windows\System\AcstDXk.exe
  2⤵
  PID:1216
- C:\Windows\System\WWYkgbF.exe
  C:\Windows\System\WWYkgbF.exe
  2⤵
  PID:6112
- C:\Windows\System\FLQAzmg.exe
  C:\Windows\System\FLQAzmg.exe
  2⤵
  PID:8108
- C:\Windows\System\YmNJsXp.exe
  C:\Windows\System\YmNJsXp.exe
  2⤵
  PID:7496
- C:\Windows\System\SoSJRVL.exe
  C:\Windows\System\SoSJRVL.exe
  2⤵
  PID:7256
- C:\Windows\System\OOdhquW.exe
  C:\Windows\System\OOdhquW.exe
  2⤵
  PID:8176
- C:\Windows\System\zJDiiOs.exe
  C:\Windows\System\zJDiiOs.exe
  2⤵
  PID:8152
- C:\Windows\System\spWaXlb.exe
  C:\Windows\System\spWaXlb.exe
  2⤵
  PID:7308
- C:\Windows\System\AjnLqWx.exe
  C:\Windows\System\AjnLqWx.exe
  2⤵
  PID:7408
- C:\Windows\System\ozdqKoP.exe
  C:\Windows\System\ozdqKoP.exe
  2⤵
  PID:7668
- C:\Windows\System\xWJlMdd.exe
  C:\Windows\System\xWJlMdd.exe
  2⤵
  PID:1088
- C:\Windows\System\ZtxBCsX.exe
  C:\Windows\System\ZtxBCsX.exe
  2⤵
  PID:7960
- C:\Windows\System\miJvKcR.exe
  C:\Windows\System\miJvKcR.exe
  2⤵
  PID:7420
- C:\Windows\System\nAbEarN.exe
  C:\Windows\System\nAbEarN.exe
  2⤵
  PID:7564
- C:\Windows\System\sawIQua.exe
  C:\Windows\System\sawIQua.exe
  2⤵
  PID:7780
- C:\Windows\System\ROFJTxe.exe
  C:\Windows\System\ROFJTxe.exe
  2⤵
  PID:8120
- C:\Windows\System\AxOjvVw.exe
  C:\Windows\System\AxOjvVw.exe
  2⤵
  PID:8104
- C:\Windows\System\QeMTxNq.exe
  C:\Windows\System\QeMTxNq.exe
  2⤵
  PID:7468
- C:\Windows\System\zvBpVzU.exe
  C:\Windows\System\zvBpVzU.exe
  2⤵
  PID:7292
- C:\Windows\System\daslxEm.exe
  C:\Windows\System\daslxEm.exe
  2⤵
  PID:1820
- C:\Windows\System\KRahxnO.exe
  C:\Windows\System\KRahxnO.exe
  2⤵
  PID:8196
- C:\Windows\System\SkkKOTQ.exe
  C:\Windows\System\SkkKOTQ.exe
  2⤵
  PID:8212
- C:\Windows\System\dvGTrOB.exe
  C:\Windows\System\dvGTrOB.exe
  2⤵
  PID:8228
- C:\Windows\System\pshgcgt.exe
  C:\Windows\System\pshgcgt.exe
  2⤵
  PID:8244
- C:\Windows\System\MYXWNFL.exe
  C:\Windows\System\MYXWNFL.exe
  2⤵
  PID:8260
- C:\Windows\System\qarwEkC.exe
  C:\Windows\System\qarwEkC.exe
  2⤵
  PID:8276
- C:\Windows\System\XFcDOUi.exe
  C:\Windows\System\XFcDOUi.exe
  2⤵
  PID:8292
- C:\Windows\System\LIhCwUx.exe
  C:\Windows\System\LIhCwUx.exe
  2⤵
  PID:8308
- C:\Windows\System\MHROnIV.exe
  C:\Windows\System\MHROnIV.exe
  2⤵
  PID:8324
- C:\Windows\System\GwUWYHG.exe
  C:\Windows\System\GwUWYHG.exe
  2⤵
  PID:8340
- C:\Windows\System\WBARIIH.exe
  C:\Windows\System\WBARIIH.exe
  2⤵
  PID:8356
- C:\Windows\System\PMteAxL.exe
  C:\Windows\System\PMteAxL.exe
  2⤵
  PID:8376
- C:\Windows\System\oYqwWMj.exe
  C:\Windows\System\oYqwWMj.exe
  2⤵
  PID:8400
- C:\Windows\System\cRdZVXI.exe
  C:\Windows\System\cRdZVXI.exe
  2⤵
  PID:8424
- C:\Windows\System\KJfBRaG.exe
  C:\Windows\System\KJfBRaG.exe
  2⤵
  PID:8440
- C:\Windows\System\mkDOBKK.exe
  C:\Windows\System\mkDOBKK.exe
  2⤵
  PID:8456
- C:\Windows\System\AjtEqRl.exe
  C:\Windows\System\AjtEqRl.exe
  2⤵
  PID:8472
- C:\Windows\System\kamjUAx.exe
  C:\Windows\System\kamjUAx.exe
  2⤵
  PID:8488
- C:\Windows\System\rlJjpnM.exe
  C:\Windows\System\rlJjpnM.exe
  2⤵
  PID:8504
- C:\Windows\System\gaoioaR.exe
  C:\Windows\System\gaoioaR.exe
  2⤵
  PID:8520
- C:\Windows\System\fjRSmdK.exe
  C:\Windows\System\fjRSmdK.exe
  2⤵
  PID:8536
- C:\Windows\System\ZgkjMJH.exe
  C:\Windows\System\ZgkjMJH.exe
  2⤵
  PID:8552
- C:\Windows\System\MPwfwJo.exe
  C:\Windows\System\MPwfwJo.exe
  2⤵
  PID:8568
- C:\Windows\System\ydppIwc.exe
  C:\Windows\System\ydppIwc.exe
  2⤵
  PID:8584
- C:\Windows\System\AuazmUc.exe
  C:\Windows\System\AuazmUc.exe
  2⤵
  PID:8600
- C:\Windows\System\BVvsQBp.exe
  C:\Windows\System\BVvsQBp.exe
  2⤵
  PID:8616
- C:\Windows\System\uOQVPGp.exe
  C:\Windows\System\uOQVPGp.exe
  2⤵
  PID:8632
- C:\Windows\System\YGcqULz.exe
  C:\Windows\System\YGcqULz.exe
  2⤵
  PID:8648
- C:\Windows\System\lrHNhwB.exe
  C:\Windows\System\lrHNhwB.exe
  2⤵
  PID:8664
- C:\Windows\System\MdKwRVv.exe
  C:\Windows\System\MdKwRVv.exe
  2⤵
  PID:8680
- C:\Windows\System\eDsTxGR.exe
  C:\Windows\System\eDsTxGR.exe
  2⤵
  PID:8696
- C:\Windows\System\SXFxKXh.exe
  C:\Windows\System\SXFxKXh.exe
  2⤵
  PID:8712
- C:\Windows\System\DDDvlyx.exe
  C:\Windows\System\DDDvlyx.exe
  2⤵
  PID:8728
- C:\Windows\System\dSwXfkC.exe
  C:\Windows\System\dSwXfkC.exe
  2⤵
  PID:8744
- C:\Windows\System\nwjgifo.exe
  C:\Windows\System\nwjgifo.exe
  2⤵
  PID:8760
- C:\Windows\System\HIzhkYO.exe
  C:\Windows\System\HIzhkYO.exe
  2⤵
  PID:8776
- C:\Windows\System\EUvmvXe.exe
  C:\Windows\System\EUvmvXe.exe
  2⤵
  PID:8792
- C:\Windows\System\wzKSEGf.exe
  C:\Windows\System\wzKSEGf.exe
  2⤵
  PID:8808
- C:\Windows\System\XRZSswT.exe
  C:\Windows\System\XRZSswT.exe
  2⤵
  PID:8824
- C:\Windows\System\NzCKtoX.exe
  C:\Windows\System\NzCKtoX.exe
  2⤵
  PID:8840
- C:\Windows\System\qEFrMKy.exe
  C:\Windows\System\qEFrMKy.exe
  2⤵
  PID:8856
- C:\Windows\System\GWUMufO.exe
  C:\Windows\System\GWUMufO.exe
  2⤵
  PID:8872
- C:\Windows\System\bMwZAEs.exe
  C:\Windows\System\bMwZAEs.exe
  2⤵
  PID:8888
- C:\Windows\System\opxCttn.exe
  C:\Windows\System\opxCttn.exe
  2⤵
  PID:8904
- C:\Windows\System\MShQwse.exe
  C:\Windows\System\MShQwse.exe
  2⤵
  PID:8920
- C:\Windows\System\BjdEmqY.exe
  C:\Windows\System\BjdEmqY.exe
  2⤵
  PID:8936
- C:\Windows\System\IxsESsv.exe
  C:\Windows\System\IxsESsv.exe
  2⤵
  PID:8952
- C:\Windows\System\LuwRvZU.exe
  C:\Windows\System\LuwRvZU.exe
  2⤵
  PID:8968
- C:\Windows\System\WuPSZYg.exe
  C:\Windows\System\WuPSZYg.exe
  2⤵
  PID:8984
- C:\Windows\System\XIobOmc.exe
  C:\Windows\System\XIobOmc.exe
  2⤵
  PID:9000
- C:\Windows\System\ZUpGQzC.exe
  C:\Windows\System\ZUpGQzC.exe
  2⤵
  PID:9016
- C:\Windows\System\AWyhJXm.exe
  C:\Windows\System\AWyhJXm.exe
  2⤵
  PID:9032
- C:\Windows\System\XlLFoOe.exe
  C:\Windows\System\XlLFoOe.exe
  2⤵
  PID:9048
- C:\Windows\System\bJoZKUj.exe
  C:\Windows\System\bJoZKUj.exe
  2⤵
  PID:9064
- C:\Windows\System\gjtLNJr.exe
  C:\Windows\System\gjtLNJr.exe
  2⤵
  PID:9080
- C:\Windows\System\CsQJwJN.exe
  C:\Windows\System\CsQJwJN.exe
  2⤵
  PID:9096
- C:\Windows\System\ZTownST.exe
  C:\Windows\System\ZTownST.exe
  2⤵
  PID:9112
- C:\Windows\System\KEzMxtc.exe
  C:\Windows\System\KEzMxtc.exe
  2⤵
  PID:9132
- C:\Windows\System\HUQBcOG.exe
  C:\Windows\System\HUQBcOG.exe
  2⤵
  PID:9148
- C:\Windows\System\dZpiFsI.exe
  C:\Windows\System\dZpiFsI.exe
  2⤵
  PID:9188
- C:\Windows\System\MhLLHLo.exe
  C:\Windows\System\MhLLHLo.exe
  2⤵
  PID:9212
- C:\Windows\System\kIZwftd.exe
  C:\Windows\System\kIZwftd.exe
  2⤵
  PID:1424
- C:\Windows\System\bEeYXZL.exe
  C:\Windows\System\bEeYXZL.exe
  2⤵
  PID:7304
- C:\Windows\System\BiXFqbn.exe
  C:\Windows\System\BiXFqbn.exe
  2⤵
  PID:1756
- C:\Windows\System\MWNINSb.exe
  C:\Windows\System\MWNINSb.exe
  2⤵
  PID:7888
- C:\Windows\System\KnKVVds.exe
  C:\Windows\System\KnKVVds.exe
  2⤵
  PID:8220
- C:\Windows\System\KxclPiZ.exe
  C:\Windows\System\KxclPiZ.exe
  2⤵
  PID:8300
- C:\Windows\System\bQkKxqE.exe
  C:\Windows\System\bQkKxqE.exe
  2⤵
  PID:8316
- C:\Windows\System\teKIlSc.exe
  C:\Windows\System\teKIlSc.exe
  2⤵
  PID:8364
- C:\Windows\System\YEVCCYx.exe
  C:\Windows\System\YEVCCYx.exe
  2⤵
  PID:8368
- C:\Windows\System\xubtgJy.exe
  C:\Windows\System\xubtgJy.exe
  2⤵
  PID:8436
- C:\Windows\System\hvZDxyW.exe
  C:\Windows\System\hvZDxyW.exe
  2⤵
  PID:8420
- C:\Windows\System\dcBMrIe.exe
  C:\Windows\System\dcBMrIe.exe
  2⤵
  PID:8484
- C:\Windows\System\UYfBRfi.exe
  C:\Windows\System\UYfBRfi.exe
  2⤵
  PID:8560
- C:\Windows\System\YElVqpS.exe
  C:\Windows\System\YElVqpS.exe
  2⤵
  PID:8528
- C:\Windows\System\NrAynea.exe
  C:\Windows\System\NrAynea.exe
  2⤵
  PID:8592
- C:\Windows\System\VjcmemQ.exe
  C:\Windows\System\VjcmemQ.exe
  2⤵
  PID:8580
- C:\Windows\System\zuqQInF.exe
  C:\Windows\System\zuqQInF.exe
  2⤵
  PID:8672
- C:\Windows\System\OnsFeij.exe
  C:\Windows\System\OnsFeij.exe
  2⤵
  PID:8740
- C:\Windows\System\bGJqDTg.exe
  C:\Windows\System\bGJqDTg.exe
  2⤵
  PID:8832
- C:\Windows\System\uDVadjK.exe
  C:\Windows\System\uDVadjK.exe
  2⤵
  PID:8896
- C:\Windows\System\GtWNPPq.exe
  C:\Windows\System\GtWNPPq.exe
  2⤵
  PID:7764
- C:\Windows\System\FBYdMRJ.exe
  C:\Windows\System\FBYdMRJ.exe
  2⤵
  PID:8720
- C:\Windows\System\VkSNIqC.exe
  C:\Windows\System\VkSNIqC.exe
  2⤵
  PID:9060
- C:\Windows\System\hQZFJlz.exe
  C:\Windows\System\hQZFJlz.exe
  2⤵
  PID:8660
- C:\Windows\System\qjhmbYX.exe
  C:\Windows\System\qjhmbYX.exe
  2⤵
  PID:8784
- C:\Windows\System\eyXPlyL.exe
  C:\Windows\System\eyXPlyL.exe
  2⤵
  PID:8752
- C:\Windows\System\bTMUiSk.exe
  C:\Windows\System\bTMUiSk.exe
  2⤵
  PID:8912
- C:\Windows\System\QGtvLXH.exe
  C:\Windows\System\QGtvLXH.exe
  2⤵
  PID:8884
- C:\Windows\System\XoflEch.exe
  C:\Windows\System\XoflEch.exe
  2⤵
  PID:8976
- C:\Windows\System\LegauRZ.exe
  C:\Windows\System\LegauRZ.exe
  2⤵
  PID:9044
- C:\Windows\System\bLEUCWJ.exe
  C:\Windows\System\bLEUCWJ.exe
  2⤵
  PID:9108
- C:\Windows\System\NQGdjQg.exe
  C:\Windows\System\NQGdjQg.exe
  2⤵
  PID:9164
- C:\Windows\System\UjZbcej.exe
  C:\Windows\System\UjZbcej.exe
  2⤵
  PID:9176
- C:\Windows\System\LpLlGFn.exe
  C:\Windows\System\LpLlGFn.exe
  2⤵
  PID:8068
- C:\Windows\System\IlOBGMC.exe
  C:\Windows\System\IlOBGMC.exe
  2⤵
  PID:6232
- C:\Windows\System\XNdOwzG.exe
  C:\Windows\System\XNdOwzG.exe
  2⤵
  PID:9208
- C:\Windows\System\HOvOMgU.exe
  C:\Windows\System\HOvOMgU.exe
  2⤵
  PID:8332
- C:\Windows\System\RmBoKoe.exe
  C:\Windows\System\RmBoKoe.exe
  2⤵
  PID:8412
- C:\Windows\System\eFjjLov.exe
  C:\Windows\System\eFjjLov.exe
  2⤵
  PID:8204
- C:\Windows\System\IMaZeAg.exe
  C:\Windows\System\IMaZeAg.exe
  2⤵
  PID:8468
- C:\Windows\System\MTIQNhG.exe
  C:\Windows\System\MTIQNhG.exe
  2⤵
  PID:8612
- C:\Windows\System\AUYhmJD.exe
  C:\Windows\System\AUYhmJD.exe
  2⤵
  PID:8256
- C:\Windows\System\raDRrrG.exe
  C:\Windows\System\raDRrrG.exe
  2⤵
  PID:8692
- C:\Windows\System\HNBboKl.exe
  C:\Windows\System\HNBboKl.exe
  2⤵
  PID:8708
- C:\Windows\System\DVDpTyf.exe
  C:\Windows\System\DVDpTyf.exe
  2⤵
  PID:9012
- C:\Windows\System\zInJJLH.exe
  C:\Windows\System\zInJJLH.exe
  2⤵
  PID:8576
- C:\Windows\System\lKXfUFb.exe
  C:\Windows\System\lKXfUFb.exe
  2⤵
  PID:8500
- C:\Windows\System\OeNSWkt.exe
  C:\Windows\System\OeNSWkt.exe
  2⤵
  PID:9196
- C:\Windows\System\gnWdvWq.exe
  C:\Windows\System\gnWdvWq.exe
  2⤵
  PID:9172
- C:\Windows\System\BUGnxuX.exe
  C:\Windows\System\BUGnxuX.exe
  2⤵
  PID:8208
- C:\Windows\System\OOUqkcN.exe
  C:\Windows\System\OOUqkcN.exe
  2⤵
  PID:8268
- C:\Windows\System\qImEuSV.exe
  C:\Windows\System\qImEuSV.exe
  2⤵
  PID:8388
- C:\Windows\System\GXVkXSL.exe
  C:\Windows\System\GXVkXSL.exe
  2⤵
  PID:8864
- C:\Windows\System\kPBywhc.exe
  C:\Windows\System\kPBywhc.exe
  2⤵
  PID:8644
- C:\Windows\System\noCHCkC.exe
  C:\Windows\System\noCHCkC.exe
  2⤵
  PID:8656
- C:\Windows\System\Ikuyzen.exe
  C:\Windows\System\Ikuyzen.exe
  2⤵
  PID:8348
- C:\Windows\System\GuzYPhH.exe
  C:\Windows\System\GuzYPhH.exe
  2⤵
  PID:9156
- C:\Windows\System\uIwkqSj.exe
  C:\Windows\System\uIwkqSj.exe
  2⤵
  PID:8480
- C:\Windows\System\LqYnLzJ.exe
  C:\Windows\System\LqYnLzJ.exe
  2⤵
  PID:8868
- C:\Windows\System\JfluxWI.exe
  C:\Windows\System\JfluxWI.exe
  2⤵
  PID:8392
- C:\Windows\System\EFnvtog.exe
  C:\Windows\System\EFnvtog.exe
  2⤵
  PID:8820
- C:\Windows\System\lnmONzm.exe
  C:\Windows\System\lnmONzm.exe
  2⤵
  PID:9220
- C:\Windows\System\zxBpHPu.exe
  C:\Windows\System\zxBpHPu.exe
  2⤵
  PID:9236
- C:\Windows\System\lrLWPqp.exe
  C:\Windows\System\lrLWPqp.exe
  2⤵
  PID:9252
- C:\Windows\System\IKYVnDY.exe
  C:\Windows\System\IKYVnDY.exe
  2⤵
  PID:9268
- C:\Windows\System\KHqaGqL.exe
  C:\Windows\System\KHqaGqL.exe
  2⤵
  PID:9284
- C:\Windows\System\YiLlhGI.exe
  C:\Windows\System\YiLlhGI.exe
  2⤵
  PID:9300
- C:\Windows\System\TpbQjZJ.exe
  C:\Windows\System\TpbQjZJ.exe
  2⤵
  PID:9316
- C:\Windows\System\pIfabLi.exe
  C:\Windows\System\pIfabLi.exe
  2⤵
  PID:9336
- C:\Windows\System\MfevMvR.exe
  C:\Windows\System\MfevMvR.exe
  2⤵
  PID:9368
- C:\Windows\System\POVDrTQ.exe
  C:\Windows\System\POVDrTQ.exe
  2⤵
  PID:9384
- C:\Windows\System\lawQoKj.exe
  C:\Windows\System\lawQoKj.exe
  2⤵
  PID:9504
- C:\Windows\System\HZBNKSs.exe
  C:\Windows\System\HZBNKSs.exe
  2⤵
  PID:9520
- C:\Windows\System\pUNCCGf.exe
  C:\Windows\System\pUNCCGf.exe
  2⤵
  PID:9536
- C:\Windows\System\XjGYFGb.exe
  C:\Windows\System\XjGYFGb.exe
  2⤵
  PID:9552
- C:\Windows\System\dtuuAZT.exe
  C:\Windows\System\dtuuAZT.exe
  2⤵
  PID:9580
- C:\Windows\System\EOlQRmA.exe
  C:\Windows\System\EOlQRmA.exe
  2⤵
  PID:9596
- C:\Windows\System\DuvNXTc.exe
  C:\Windows\System\DuvNXTc.exe
  2⤵
  PID:9632
- C:\Windows\System\ljONPlC.exe
  C:\Windows\System\ljONPlC.exe
  2⤵
  PID:9648
- C:\Windows\System\scSASxq.exe
  C:\Windows\System\scSASxq.exe
  2⤵
  PID:9664
- C:\Windows\System\urYvyYl.exe
  C:\Windows\System\urYvyYl.exe
  2⤵
  PID:9680
- C:\Windows\System\gfgwHFx.exe
  C:\Windows\System\gfgwHFx.exe
  2⤵
  PID:9696
- C:\Windows\System\hIzAmRF.exe
  C:\Windows\System\hIzAmRF.exe
  2⤵
  PID:9712
- C:\Windows\System\RHulpwB.exe
  C:\Windows\System\RHulpwB.exe
  2⤵
  PID:9728
- C:\Windows\System\HlptdBz.exe
  C:\Windows\System\HlptdBz.exe
  2⤵
  PID:9744
- C:\Windows\System\EkcctEs.exe
  C:\Windows\System\EkcctEs.exe
  2⤵
  PID:9760
- C:\Windows\System\czPOLJN.exe
  C:\Windows\System\czPOLJN.exe
  2⤵
  PID:9776
- C:\Windows\System\CeUXnZh.exe
  C:\Windows\System\CeUXnZh.exe
  2⤵
  PID:9792
- C:\Windows\System\fCnuTwW.exe
  C:\Windows\System\fCnuTwW.exe
  2⤵
  PID:9808
- C:\Windows\System\HCiFymc.exe
  C:\Windows\System\HCiFymc.exe
  2⤵
  PID:9824
- C:\Windows\System\MOhArpi.exe
  C:\Windows\System\MOhArpi.exe
  2⤵
  PID:9840
- C:\Windows\System\TqWjPwe.exe
  C:\Windows\System\TqWjPwe.exe
  2⤵
  PID:9856
- C:\Windows\System\kAahUuS.exe
  C:\Windows\System\kAahUuS.exe
  2⤵
  PID:9872
- C:\Windows\System\XKIfXBE.exe
  C:\Windows\System\XKIfXBE.exe
  2⤵
  PID:9888
- C:\Windows\System\EyHsVEs.exe
  C:\Windows\System\EyHsVEs.exe
  2⤵
  PID:9904
- C:\Windows\System\kiLDhgs.exe
  C:\Windows\System\kiLDhgs.exe
  2⤵
  PID:9920
- C:\Windows\System\QlkXxYj.exe
  C:\Windows\System\QlkXxYj.exe
  2⤵
  PID:9936
- C:\Windows\System\nRFSMkh.exe
  C:\Windows\System\nRFSMkh.exe
  2⤵
  PID:9952
- C:\Windows\System\dbZdESK.exe
  C:\Windows\System\dbZdESK.exe
  2⤵
  PID:9976
- C:\Windows\System\PPZOZVr.exe
  C:\Windows\System\PPZOZVr.exe
  2⤵
  PID:9992
- C:\Windows\System\Xnmnoso.exe
  C:\Windows\System\Xnmnoso.exe
  2⤵
  PID:10008
- C:\Windows\System\WYollDP.exe
  C:\Windows\System\WYollDP.exe
  2⤵
  PID:10024
- C:\Windows\System\mwaTzzO.exe
  C:\Windows\System\mwaTzzO.exe
  2⤵
  PID:10040
- C:\Windows\System\DnLyuwn.exe
  C:\Windows\System\DnLyuwn.exe
  2⤵
  PID:10056
- C:\Windows\System\RmOHYuI.exe
  C:\Windows\System\RmOHYuI.exe
  2⤵
  PID:10072
- C:\Windows\System\vlJMXql.exe
  C:\Windows\System\vlJMXql.exe
  2⤵
  PID:10088
- C:\Windows\System\BdBtjTo.exe
  C:\Windows\System\BdBtjTo.exe
  2⤵
  PID:10108
- C:\Windows\System\LqTszsU.exe
  C:\Windows\System\LqTszsU.exe
  2⤵
  PID:10124
- C:\Windows\System\aKZNstR.exe
  C:\Windows\System\aKZNstR.exe
  2⤵
  PID:10140
- C:\Windows\System\cAcRgQA.exe
  C:\Windows\System\cAcRgQA.exe
  2⤵
  PID:10160
- C:\Windows\System\FRFnLQL.exe
  C:\Windows\System\FRFnLQL.exe
  2⤵
  PID:10176
- C:\Windows\System\vEcntcl.exe
  C:\Windows\System\vEcntcl.exe
  2⤵
  PID:10192
- C:\Windows\System\ncRvFko.exe
  C:\Windows\System\ncRvFko.exe
  2⤵
  PID:10208
- C:\Windows\System\IxUVQLM.exe
  C:\Windows\System\IxUVQLM.exe
  2⤵
  PID:10224
- C:\Windows\System\Slizzxq.exe
  C:\Windows\System\Slizzxq.exe
  2⤵
  PID:8852
- C:\Windows\System\qtKnOpM.exe
  C:\Windows\System\qtKnOpM.exe
  2⤵
  PID:7528
- C:\Windows\System\Qcacnuv.exe
  C:\Windows\System\Qcacnuv.exe
  2⤵
  PID:7404
- C:\Windows\System\mehryVw.exe
  C:\Windows\System\mehryVw.exe
  2⤵
  PID:8992
- C:\Windows\System\LdBMoxX.exe
  C:\Windows\System\LdBMoxX.exe
  2⤵
  PID:9308
- C:\Windows\System\nVhxxFO.exe
  C:\Windows\System\nVhxxFO.exe
  2⤵
  PID:9232
- C:\Windows\System\sDQIvMJ.exe
  C:\Windows\System\sDQIvMJ.exe
  2⤵
  PID:8548
- C:\Windows\System\iUuUSxI.exe
  C:\Windows\System\iUuUSxI.exe
  2⤵
  PID:9280
- C:\Windows\System\wZihFnN.exe
  C:\Windows\System\wZihFnN.exe
  2⤵
  PID:9376
- C:\Windows\System\kzqpFEM.exe
  C:\Windows\System\kzqpFEM.exe
  2⤵
  PID:9352
- C:\Windows\System\zYqsFWu.exe
  C:\Windows\System\zYqsFWu.exe
  2⤵
  PID:9392
- C:\Windows\System\UVhLhDM.exe
  C:\Windows\System\UVhLhDM.exe
  2⤵
  PID:8724
- C:\Windows\System\mefvuaG.exe
  C:\Windows\System\mefvuaG.exe
  2⤵
  PID:9412
- C:\Windows\System\dWSUDgU.exe
  C:\Windows\System\dWSUDgU.exe
  2⤵
  PID:9424
- C:\Windows\System\YXknlCV.exe
  C:\Windows\System\YXknlCV.exe
  2⤵
  PID:9476
- C:\Windows\System\zvCKmDB.exe
  C:\Windows\System\zvCKmDB.exe
  2⤵
  PID:9436
- C:\Windows\System\XJNRXYf.exe
  C:\Windows\System\XJNRXYf.exe
  2⤵
  PID:9472
- C:\Windows\System\pdZojPN.exe
  C:\Windows\System\pdZojPN.exe
  2⤵
  PID:9496
- C:\Windows\System\WKMLyNc.exe
  C:\Windows\System\WKMLyNc.exe
  2⤵
  PID:9560
- C:\Windows\System\RtCqknT.exe
  C:\Windows\System\RtCqknT.exe
  2⤵
  PID:9076
- C:\Windows\System\ZqKOwnF.exe
  C:\Windows\System\ZqKOwnF.exe
  2⤵
  PID:9588
- C:\Windows\System\DXFLLKD.exe
  C:\Windows\System\DXFLLKD.exe
  2⤵
  PID:9604
- C:\Windows\System\aSikYFl.exe
  C:\Windows\System\aSikYFl.exe
  2⤵
  PID:9620
- C:\Windows\System\AUuGfnZ.exe
  C:\Windows\System\AUuGfnZ.exe
  2⤵
  PID:9720
- C:\Windows\System\BGlCCPa.exe
  C:\Windows\System\BGlCCPa.exe
  2⤵
  PID:9804
- C:\Windows\System\OCRxwkT.exe
  C:\Windows\System\OCRxwkT.exe
  2⤵
  PID:9868
- C:\Windows\System\eBThqNj.exe
  C:\Windows\System\eBThqNj.exe
  2⤵
  PID:9932
- C:\Windows\System\SsWGxzV.exe
  C:\Windows\System\SsWGxzV.exe
  2⤵
  PID:9948
- C:\Windows\System\spgeSFH.exe
  C:\Windows\System\spgeSFH.exe
  2⤵
  PID:9820
- C:\Windows\System\OGzoarw.exe
  C:\Windows\System\OGzoarw.exe
  2⤵
  PID:9848
- C:\Windows\System\dvnrhTs.exe
  C:\Windows\System\dvnrhTs.exe
  2⤵
  PID:9912
- C:\Windows\System\UhbhIIF.exe
  C:\Windows\System\UhbhIIF.exe
  2⤵
  PID:10100
- C:\Windows\System\iFXdcpl.exe
  C:\Windows\System\iFXdcpl.exe
  2⤵
  PID:9984
- C:\Windows\System\bTpEcJI.exe
  C:\Windows\System\bTpEcJI.exe
  2⤵
  PID:10148
- C:\Windows\System\dXvoIeG.exe
  C:\Windows\System\dXvoIeG.exe
  2⤵
  PID:10232
- C:\Windows\System\aSpXQly.exe
  C:\Windows\System\aSpXQly.exe
  2⤵
  PID:10156
- C:\Windows\System\mUUWXjE.exe
  C:\Windows\System\mUUWXjE.exe
  2⤵
  PID:8948
- C:\Windows\System\AVCElAM.exe
  C:\Windows\System\AVCElAM.exe
  2⤵
  PID:9296
- C:\Windows\System\PNaCWRo.exe
  C:\Windows\System\PNaCWRo.exe
  2⤵
  PID:9328
- C:\Windows\System\mpMObZd.exe
  C:\Windows\System\mpMObZd.exe
  2⤵
  PID:8800
- C:\Windows\System\BHvYeiL.exe
  C:\Windows\System\BHvYeiL.exe
  2⤵
  PID:9248
- C:\Windows\System\fxIogOP.exe
  C:\Windows\System\fxIogOP.exe
  2⤵
  PID:9460
- C:\Windows\System\imNMgcc.exe
  C:\Windows\System\imNMgcc.exe
  2⤵
  PID:9456
- C:\Windows\System\EGyJBQS.exe
  C:\Windows\System\EGyJBQS.exe
  2⤵
  PID:1000
- C:\Windows\System\DmlDjbV.exe
  C:\Windows\System\DmlDjbV.exe
  2⤵
  PID:9608
- C:\Windows\System\hWoYHIF.exe
  C:\Windows\System\hWoYHIF.exe
  2⤵
  PID:9348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AuABCOq.exe

Filesize
5.7MB

MD5
51d948dcd1991a991e54cb5f1f6bf190

SHA1
7d20a52a40341718c125b4e623d46de01a470d47

SHA256
7d80746ac56fcffdf5250811a76c0457c214aef2deea5af8719e5cf7a2a0b97d

SHA512
685db8d0c836e6c1825be4edf7ee538d1b2306e5ff034fbcaa48dab07d0f3fe69e8d094849ea24c967c36c82c89f90a78e8917872405a5ef1de3114514ac6162

Download Submit
C:\Windows\system\DVQmnqa.exe

Filesize
5.7MB

MD5
8149f94dc4aad14400656b8736633525

SHA1
784935e3a330d73d1a1be8b6b6fbf36ddcd6789f

SHA256
be35ed91d2175875abdedee57ab6e5f1eaf3a6dc162f56dcf3677d249741f227

SHA512
d8713896ddfb4d558e6fa35ac0c734f90dab4611cb1f83a283812ae26b1b1808e8c0194836dba5b99186128733bb6486f3fa94499c34b0179ca5224474fb9e31

Download Submit
C:\Windows\system\FekAzoR.exe

Filesize
5.7MB

MD5
b91d2fc1adab625cb3ccc38bde70f1dc

SHA1
c37c6b4f503729d434e46c6aae53d87ba505ac66

SHA256
058952b96b1342bee09b0047e15ede2c821dc7699145bfee4667e52321640f71

SHA512
768c99ae1a9e1b3a5bf022d32700fa259dde8719fdae7d91c36fdefbcd2beb838912aa6a7ed77d939047e640b93737077b2313ab2b637edef3df2aa109c31fe5

Download Submit
C:\Windows\system\FnwkkXU.exe

Filesize
5.7MB

MD5
216a3f5033e2df835758e85dba3576a0

SHA1
892d58e78dd9aa7387ddad8e56efd490e090425a

SHA256
904719f6a3e641aecd6a294b99bd8f55cd0f10f634174d062f32f9c1afafcb4c

SHA512
edcd6b2ff0b63174f33541cb63d4662ef6a313418627fea1657953e967faac900c99642b325323ff7e7e5109a4ce761561a28b39179dea1d9e682769377351b3

Download Submit
C:\Windows\system\HBqWVay.exe

Filesize
5.7MB

MD5
b941d2b7f6cfa38e3a82cce6369f22e7

SHA1
5c31eaa6da98e20430569682dd7471b3425c6577

SHA256
fb1a980c1bfdf68f05fba4c8d7d618cf3c9361ca5124078a494653057f7519f5

SHA512
4cc11400521e34f7849c1f14d182ed3e2343b96da43d3899f8c712b0a07dc6961a67ae1e3e775334914eda0ea9c8887851c38f6bbebba2ed5dc24394d63a2fdd

Download Submit
C:\Windows\system\HZMGFgW.exe

Filesize
5.7MB

MD5
526c6757170bc45f7bceb83ab15f41eb

SHA1
5b7d572474c92749bd5bbd9599c3aeafa0cb1adb

SHA256
84e0b26344fffd5b031462cafbaa995d3d5ab842cc8e20391a2773b0262ae2fe

SHA512
ce7b641c7090dd6498316f4d35c0d61b14eee2522db3d2b640226cf1a644464a301c0c55806165ddf1677c247d72f75682b53c820e6dd255805889887528c392

Download Submit
C:\Windows\system\IuyyUIr.exe

Filesize
5.7MB

MD5
650ac21f2f15d42777dd6bb9febd7474

SHA1
ee15e6311c36121674e82dcd151ca193db401e5b

SHA256
e701f83fed2911e0816ced66508af17ead22615c3866af0139a504c373164456

SHA512
3442dd3e0a78dd61344aecec4ac48c01cd9ed7ce3183f1b95b9f2469288812879eb959d2f8196472bae04ffb075dba2e736241db2995ac9fcfd42e93400b3988

Download Submit
C:\Windows\system\KElIIYG.exe

Filesize
5.7MB

MD5
45625574fd157007113935410e8fb8cd

SHA1
bee98aa4f5179aaa00e4a9768c9a5f2116bfc4df

SHA256
625f476f960c696842df3e3ce5a0acf1fc197a8607811b7d4ce20a67b97db721

SHA512
4943884126fdc7e2f724416a4ef2006848224aa03aa6488daa793eb13d9f83b24500b4ea3a5f1f6b4cf8e98fc156880b13f545c452d4107212a14313c655d144

Download Submit
C:\Windows\system\OmAbdmp.exe

Filesize
5.7MB

MD5
c037767cf45e3c5d4bda552b605d09cf

SHA1
fba3b6f3db35289fe60b82cd285abfb63b9a5c1e

SHA256
82d6f84a2d2d612b65a00354a89307b3d11cffee0cebf8555cfc91c436790792

SHA512
c0452e78f9522b05444d9d21da54a1a3d48f270c65dbe3ba40b33c760981377aa638fed041eede03c07c7eea4be3216a73824421b226c49e99845348cf5cb289

Download Submit
C:\Windows\system\PuyOxzB.exe

Filesize
5.7MB

MD5
d96f9e1d1e46953c21628bae968c56ee

SHA1
0683168db93d3b20224789ab1b17b2c205f119e8

SHA256
b1feae5db503ce9bbd193cb47744751427cdbb69647b27e9d5636995ff8439e3

SHA512
0f9e292d15b159ab9651b0e80c24118aff0fad4e660fe6e23a9bac8d3e4b8355bee2cd7ba7b73390a36cd953d78f0f7017ef42429ade45dcfb382a180c65141b

Download Submit
C:\Windows\system\QRMDhIG.exe

Filesize
5.7MB

MD5
1abb6da3d90132aeea41a97c4a93237e

SHA1
2bb768dcd26f0d0423ab23a8aabfb0a68360df0a

SHA256
bb17f23671bf054142b1614a7459029db5319fb3ad02c52ded844a1e20ded867

SHA512
1cd23b9349249be210c0fa1400b4993a0beb269d6924e922993b8f7b45c05607e54542013317bcf10cb39c67f82b437dd6318f9f7e47da07a1966d598f3e7577

Download Submit
C:\Windows\system\UrNSzkL.exe

Filesize
5.7MB

MD5
cbff725ab01907392a07d5083cc50e63

SHA1
1ed931f47d2cf9fac11c13989455fa8ced602e2c

SHA256
672232ab8eebd75204c598e08e03502ea4716b913a82af696eaa17987b4ac5e0

SHA512
1c8896e09b32c6213ddabea552fe8d843ad07e2beb15990f845e8e72e0d4e4601f8fe522dc732766e2125e235ac443c5e4101b528f6bab8babec458c11f689a5

Download Submit
C:\Windows\system\YaYBMoh.exe

Filesize
5.7MB

MD5
9f463437b5b78a06504666741f5e8631

SHA1
cecaeedda49b8acb49cd51db4b1ced0cec38145d

SHA256
88b96b0d514bbcfb4026d72e1cf0c17d752555a9ce505548f16e00b6c9bb4ab4

SHA512
4f22ae77c7676af7e7d03d6e9709b1a20a0d2083dedc225e4deeaf166761496a9d6cd6dd163a5e46865cfa55e4ee2e10babad486308777e7723e915cf5bff8ed

Download Submit
C:\Windows\system\ZTJWScc.exe

Filesize
5.7MB

MD5
0d772fce7dd4a758f2b50315544a8368

SHA1
811c2a8b3b01e9d1cc6a63f040095f29c1b98fd5

SHA256
f90c4cfdeb684dbb04e8a3dffe0eefe9d729890d1e52d16c1089a5ed3b0f2655

SHA512
37a074c74266aafe452aac1b4decd8cc018139b0df111a8877429afe2ffe8ddd255e27f8ecad1f8a953885d87b297891531e28787d0a87b6d4e0cb9f93a1bba9

Download Submit
C:\Windows\system\ZTkZscl.exe

Filesize
5.7MB

MD5
2e3623c0d84f7e4fa33e257f07a962c6

SHA1
3395d4537fba317b17aac05409ae89ecbfa311f2

SHA256
d86465cd691895428d858e6337876ecb1cd8468893451cb41ea73028b9d3c361

SHA512
2231e1e06a8c6bc9b3e9b050e10903a3b03fe3ee22429c8a25566656ac4c68476dd67841d647e5fe739aa00ec3c45c937a1f6d7ced0996a70e7a36f4b713f55f

Download Submit
C:\Windows\system\cngOzCr.exe

Filesize
5.7MB

MD5
0da8a4d9196790b7c23e466937bb7288

SHA1
e37ec6c29e2d5d881baeb4e46fdd0870aa50da3e

SHA256
58e0d5e5b13ce138b37f0756f7ecc8cacb6c1f104b1bf3cf30a9a62d5f70079a

SHA512
9d77c4e2684953a5e15fc7700154a27558146b6d13f9d9600131c59c4e012ff41ea49aea4965cbd8c06e2fc2c1d71251fe5c78d8a254a15a4dc9480bd0ef2ac7

Download Submit
C:\Windows\system\gxBaKmJ.exe

Filesize
5.7MB

MD5
d4a4e0fbd48e3ce5298599451335cbcc

SHA1
c2699068b735e8791de1fbbd343bc1ea6cc0c7d0

SHA256
7a210bf1e4560dc8efc93bccd16a4439220989b232baaf381b3f9232ab8827e2

SHA512
0e6c30caa2cd5fe61bfa84db98487d71cadf44a5222a98a2bba4251c75b37927a03de68018b5654ac00fc9dbd422105959bdb59ceab3e5ebad9cdc956c75762c

Download Submit
C:\Windows\system\iUIXGLF.exe

Filesize
5.7MB

MD5
76abe7eaaa1151f59c9a5b09d9fb9880

SHA1
cc8c05ba0f252a7f86dd74373b8e52128ac468e8

SHA256
db22b8ae2c0b7ad22fe9aaf9aa58d1f8660e64f5590005149864419493c2dd31

SHA512
3af2c1ca1d02385e5a1bbd534da987d985aaea3b1f89c98837b73ca3fb1f0d473f72f951bf689d63ad8d2b9dedfb44d3461a64ecb1a735415f921e073b085cdf

Download Submit
C:\Windows\system\kweGXCA.exe

Filesize
5.7MB

MD5
d17d99e01cd936ed720d215b614a1f97

SHA1
eea33359ae72a0b3313b774ee078adf96ef1c9e6

SHA256
2a7bdcae92987a2acf63d00116ae9ba72c8731ecf34704aa1cd3fb7605a3bd2c

SHA512
01ba92278b1b3071e0d1eb1f214fe45aaa74308c420f910d14499b63799c4f3e71b1c534a2c765f9013cb5f9c2ffe465c2ac65f682fcefffb895d5a580c6f6cc

Download Submit
C:\Windows\system\lhZOicx.exe

Filesize
5.7MB

MD5
ca9f89ed49d869069c315259e77d2dfe

SHA1
25c1e59a9fe91d9dfa9b14daeacba822e4966194

SHA256
8577109209a2f6bf84af34434183593946629ddc3dc4f70c5c7611520947adf6

SHA512
360eef3dc9dafaa7f1d9630d1647bbc4767500a93ad3e1d0608a355d9c5ccb66b4a5b2f0ae091367496cd08f0a4f54b5561538ace456823a3654de950c086d50

Download Submit
C:\Windows\system\mdKdEfm.exe

Filesize
5.7MB

MD5
d9d52c49db8aaab26e59dd5a865aea5c

SHA1
1140b061081734140bbe4d9f3f0063dec7b505e4

SHA256
d6d21ba5082f62e96e13c47e951338eeeacdffa5e3bc043c6459328014fdd7ac

SHA512
2bd726dac38479fd49f959a77a70d98cb41aad8162fb7c1d268d25fea6ae9ccdb48820364ebcfe84379f1a9aea48a573425ec939c6e49bb105340a2815719ae0

Download Submit
C:\Windows\system\nvamomx.exe

Filesize
5.7MB

MD5
c31b7dfcf1ce93d6c512f4d56506cf90

SHA1
699b6ae6c41f3e256243427f05727a2a3a1c89a7

SHA256
06d809d5d9e1880e4bbb0a85a338d5ccb00c783fc61cae6d200924ae7244d98e

SHA512
cb6463a1b945a16d9c7b02e1c62db8629d172caafc2340044f3087647180003036e82f7a27e2e06dd3ee353fcfd3635083802b3e5c47f7b74a104e252ee8ae6b

Download Submit
C:\Windows\system\sxDSbfT.exe

Filesize
5.7MB

MD5
2c661684c156642ec91000f47cc83db5

SHA1
0ce924141f4f31505c12f3879e139d8fbdfb073d

SHA256
10416dd17670ec1d089072c14faac4a8efbe7012699f5d4cad2d83f0d0104468

SHA512
11a881e88c72b92af313b86fab39f243146c081f6e62d2ae4eedb3395efc2432ce4e8b3db85ff3349b990b2810e40c77db6fa059b763de980746d2ad0d00093a

Download Submit
C:\Windows\system\uMgnLdW.exe

Filesize
5.7MB

MD5
aab3f8419c5a895eb1161da5ee5b289c

SHA1
bde0209b56a7cfb826fd33f5d8b3b1acde08b36f

SHA256
0274102c999c39a9f368621c49e01fd28fa51d094d4a449ec4f1c1f2ff401c44

SHA512
48b623d43aafcb9bbda645d3f1b47eb79febdaa426fb84ce1b6ecfdbaa83d1af5087bbc3b4947e41cfff382f537a0d207092327ba5c34dfdfaf47af94c248f27

Download Submit
C:\Windows\system\wDXBpFm.exe

Filesize
5.7MB

MD5
51532ae2bf5994b936d84156ab0631ca

SHA1
e502e1019c0291d562ce549b44d4142bc59aaca1

SHA256
610e1811403d821ca74f7ab7fe51c2430f4d9f904e7a54e1168b081552074fc0

SHA512
0dcb9444fd2b9a825f25c69539ed75469f7ffe728ff86da79429331e5897e84658bee6116f09fa15aa8be7356e0777d65a4b78d289bd5ec96d51dbc0e6471b82

Download Submit
C:\Windows\system\yKvhZbx.exe

Filesize
5.7MB

MD5
b8599cf2d3f532a13e95f3e46758653f

SHA1
7c8abf0e68b90769f5a06d848c02080c614cb71f

SHA256
bcb54017b8e1d91d735fb582703988d8af99809c1dfa0de5951e922105c2387e

SHA512
4f6d4c8894025bb9b7b0100a3f5c3dbada88304cdea930b50ac05cace4e74d142f31ab0af6c7aa931a1bb771847bb735775a9a4f476a5b5cfc3f5439936595b5

Download Submit
\Windows\system\EAJKFdO.exe

Filesize
5.7MB

MD5
75f915465bf77e036fea84eead014792

SHA1
c23adf11eb96435d5159f267998ca783dd351eb5

SHA256
fc66c8a6acf641af3d416a15a8333d1d03596956478aa892d424e3e3bfd1f0d4

SHA512
2c1fd8a1aafb82d4d7c5234e4d37a8e29fcf7de3e16623bad6bc137cb822533ab9e8f233cf0c5ec500c4521c5807d94e4ab13c5561f9c05517da1cf5177904cd

Download Submit
\Windows\system\EzJPNdd.exe

Filesize
5.7MB

MD5
98c9c786145684ee64dd3437306fb9eb

SHA1
e78c6089741592478a59068a26c99c0873e71134

SHA256
f84c85d00218c8cbcec15b0caa64cfff3aa51114e7150adcf53f9bbf21519d45

SHA512
077aedf542abc5e4b8b73dcb64b90d9d0aed3449ef4b29d6671daf8917dc2ba7d5558cbf1d075231aa2fdd737a82768932442cfacc6285ae01ed66e1d9774eac

Download Submit
\Windows\system\aUbySgk.exe

Filesize
5.7MB

MD5
a517c96332f680dfeb4353c224987fe4

SHA1
77e51d9fd5bc8c85eac2699c6879fac40c9ae78d

SHA256
705344dbeca99f5b7a024ad1d642c33ac5af3822a4ab1a847fd91ebf17224f5f

SHA512
868abfbbe3bc9a8cc887f4b7c4531610067c7979787117e224b85edbebd9e2ea89abf1cef3711915a37a23378254b349d5947da7d5374a979ad0b9dd2971fb04

Download Submit
\Windows\system\oVVBcyM.exe

Filesize
5.7MB

MD5
4da91bdf2d0c248f4dbb015a63b4d9b4

SHA1
d756719e5106b36eb678020dc9901983dced161f

SHA256
a7d4d54ebf4dd174788ae25b56c9eb26208e8eed06711a75648b8453b8597eac

SHA512
2ce99d8a8cb69b4924715c7d5d50cf6c1c7e20b71df853dc8a00a61c9561d9c42ba938c54d168dccb842d48bba96ed2c68e137d70618b823c4c857f449a3c015

Download Submit
\Windows\system\raKpAcu.exe

Filesize
5.7MB

MD5
aa4468c26f58dec9fa8bfdc9aa7dcc95

SHA1
5a51430832cf8e442a80f6e2c0e20a8280292f80

SHA256
00825cf211e07610736372102fb39fc3cdba600b0c29a3094a45096f048ec47b

SHA512
245a6ef7ff69a129a927574256bae7d7886dac340e3faca701a54435ca5f9b7e82152edb7bad44813e19481f5d87b0cd92a50df4e5f9c37235f673527cd5820a

Download Submit
\Windows\system\sLppkIR.exe

Filesize
5.7MB

MD5
341bbc425c5f7a5a001dd2dc373a387d

SHA1
37b472fbdc6ed4a6294d5f2cc9b848bda8a889ca

SHA256
80008908db14079a6e39b3599db60ec19bfe202a41e22d4316c377b7fcd513ca

SHA512
91fd27fb8931fe77060b285175f1737f867da5dc5523fdf4541481f21dc80e5c75b28e6c38162d1dce8bd093ca3175fe2b308fbf6bf0653e05e4abebaea0f46d

Download Submit
memory/684-1357-0x000000013FFB0000-0x00000001402FD000-memory.dmp

Filesize
3.3MB

Download
memory/796-1354-0x000000013F360000-0x000000013F6AD000-memory.dmp

Filesize
3.3MB

Download
memory/988-13-0x000000013F440000-0x000000013F78D000-memory.dmp

Filesize
3.3MB

Download
memory/1184-1352-0x000000013F990000-0x000000013FCDD000-memory.dmp

Filesize
3.3MB

Download
memory/1380-1350-0x000000013F080000-0x000000013F3CD000-memory.dmp

Filesize
3.3MB

Download
memory/1436-1367-0x000000013F950000-0x000000013FC9D000-memory.dmp

Filesize
3.3MB

Download
memory/1512-1369-0x000000013FFA0000-0x00000001402ED000-memory.dmp

Filesize
3.3MB

Download
memory/1588-1361-0x000000013FD20000-0x000000014006D000-memory.dmp

Filesize
3.3MB

Download
memory/1956-10-0x000000013F960000-0x000000013FCAD000-memory.dmp

Filesize
3.3MB

Download
memory/2060-1360-0x000000013F3F0000-0x000000013F73D000-memory.dmp

Filesize
3.3MB

Download
memory/2084-1366-0x000000013F2B0000-0x000000013F5FD000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2112-0-0x000000013F270000-0x000000013F5BD000-memory.dmp

Filesize
3.3MB

Download
memory/2316-1365-0x000000013F6B0000-0x000000013F9FD000-memory.dmp

Filesize
3.3MB

Download
memory/2448-19-0x000000013FA00000-0x000000013FD4D000-memory.dmp

Filesize
3.3MB

Download
memory/2476-1359-0x000000013FD90000-0x00000001400DD000-memory.dmp

Filesize
3.3MB

Download
memory/2496-1362-0x000000013F870000-0x000000013FBBD000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1368-0x000000013F150000-0x000000013F49D000-memory.dmp

Filesize
3.3MB

Download
memory/2604-1364-0x000000013F580000-0x000000013F8CD000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1358-0x000000013F3A0000-0x000000013F6ED000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1351-0x000000013F340000-0x000000013F68D000-memory.dmp

Filesize
3.3MB

Download
memory/5132-1486-0x000000013FF30000-0x000000014027D000-memory.dmp

Filesize
3.3MB

Download
memory/5504-1504-0x000000013F5B0000-0x000000013F8FD000-memory.dmp

Filesize
3.3MB

Download
memory/5764-1356-0x000000013F9E0000-0x000000013FD2D000-memory.dmp

Filesize
3.3MB

Download
memory/5796-1355-0x000000013F3B0000-0x000000013F6FD000-memory.dmp

Filesize
3.3MB

Download
memory/5828-1471-0x000000013FFF0000-0x000000014033D000-memory.dmp

Filesize
3.3MB

Download
memory/5860-1473-0x000000013F0C0000-0x000000013F40D000-memory.dmp

Filesize
3.3MB

Download
memory/5892-1472-0x000000013F420000-0x000000013F76D000-memory.dmp

Filesize
3.3MB

Download
memory/5956-1484-0x000000013FC40000-0x000000013FF8D000-memory.dmp

Filesize
3.3MB

Download
memory/5992-1476-0x000000013F220000-0x000000013F56D000-memory.dmp

Filesize
3.3MB

Download
memory/7136-1533-0x000000013FB10000-0x000000013FE5D000-memory.dmp

Filesize
3.3MB

Download