cobaltstrike | e2115f0bcb571b39c12d2e057c003b3b821867e967b1fb0c539b3dfd984e5fb1

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-11-2024 02:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

53a4ffa3c4bccb63c183638b7fe0b493
SHA1

cdaa359f8721787f33d4f7b3c3d677f64592f41c
SHA256

e2115f0bcb571b39c12d2e057c003b3b821867e967b1fb0c539b3dfd984e5fb1
SHA512

43fbabce4d7899fe52f979431214980d4fb990ae27c7f3a3421f27ff885b959bfd6345aac1799a95049acc636fac1fabaabcc2713a796818d02f7c898f068535
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b36-5.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9a-9.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9c-25.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9b-29.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b99-11.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b9d-35.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b9e-41.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023b96-46.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b9f-53.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bae-59.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bb7-75.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bbc-73.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bbd-82.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bc7-101.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bca-122.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bfb-131.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c17-179.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c20-190.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c1f-189.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c1e-188.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c05-177.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c04-175.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c03-173.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c1d-170.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bfe-166.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bfc-162.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bfa-160.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bfd-158.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bf9-126.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bc2-120.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bc9-116.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bc8-106.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bc4-96.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bbe-91.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4104-0-0x00007FF769E60000-0x00007FF76A1B4000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b36-5.dat	xmrig
behavioral2/files/0x000a000000023b9a-9.dat	xmrig
behavioral2/memory/3124-17-0x00007FF64A3B0000-0x00007FF64A704000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9c-25.dat	xmrig
behavioral2/memory/1804-27-0x00007FF7FDF60000-0x00007FF7FE2B4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9b-29.dat	xmrig
behavioral2/memory/1016-28-0x00007FF780C80000-0x00007FF780FD4000-memory.dmp	xmrig
behavioral2/memory/2336-20-0x00007FF640EB0000-0x00007FF641204000-memory.dmp	xmrig
behavioral2/memory/2472-15-0x00007FF7E3E40000-0x00007FF7E4194000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b99-11.dat	xmrig
behavioral2/files/0x000b000000023b9d-35.dat	xmrig
behavioral2/memory/1208-36-0x00007FF667C80000-0x00007FF667FD4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b9e-41.dat	xmrig
behavioral2/memory/3688-44-0x00007FF790F00000-0x00007FF791254000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b96-46.dat	xmrig
behavioral2/memory/4152-50-0x00007FF7CA560000-0x00007FF7CA8B4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b9f-53.dat	xmrig
behavioral2/memory/1052-54-0x00007FF6D9350000-0x00007FF6D96A4000-memory.dmp	xmrig
behavioral2/files/0x000e000000023bae-59.dat	xmrig
behavioral2/memory/2472-63-0x00007FF7E3E40000-0x00007FF7E4194000-memory.dmp	xmrig
behavioral2/memory/4564-64-0x00007FF63F560000-0x00007FF63F8B4000-memory.dmp	xmrig
behavioral2/memory/3124-68-0x00007FF64A3B0000-0x00007FF64A704000-memory.dmp	xmrig
behavioral2/memory/2480-70-0x00007FF647EA0000-0x00007FF6481F4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bb7-75.dat	xmrig
behavioral2/files/0x0009000000023bbc-73.dat	xmrig
behavioral2/memory/4264-69-0x00007FF7140E0000-0x00007FF714434000-memory.dmp	xmrig
behavioral2/memory/4104-62-0x00007FF769E60000-0x00007FF76A1B4000-memory.dmp	xmrig
behavioral2/memory/1804-78-0x00007FF7FDF60000-0x00007FF7FE2B4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023bbd-82.dat	xmrig
behavioral2/files/0x0008000000023bc7-101.dat	xmrig
behavioral2/files/0x0008000000023bca-122.dat	xmrig
behavioral2/files/0x0008000000023bfb-131.dat	xmrig
behavioral2/memory/1956-134-0x00007FF6CE1B0000-0x00007FF6CE504000-memory.dmp	xmrig
behavioral2/memory/2180-150-0x00007FF6B2DD0000-0x00007FF6B3124000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c17-179.dat	xmrig
behavioral2/memory/2844-191-0x00007FF66DE90000-0x00007FF66E1E4000-memory.dmp	xmrig
behavioral2/memory/1208-198-0x00007FF667C80000-0x00007FF667FD4000-memory.dmp	xmrig
behavioral2/memory/4992-204-0x00007FF70E730000-0x00007FF70EA84000-memory.dmp	xmrig
behavioral2/memory/5088-203-0x00007FF645410000-0x00007FF645764000-memory.dmp	xmrig
behavioral2/memory/1364-202-0x00007FF6AB770000-0x00007FF6ABAC4000-memory.dmp	xmrig
behavioral2/memory/2204-201-0x00007FF6251A0000-0x00007FF6254F4000-memory.dmp	xmrig
behavioral2/memory/3924-199-0x00007FF778100000-0x00007FF778454000-memory.dmp	xmrig
behavioral2/memory/4932-197-0x00007FF653B50000-0x00007FF653EA4000-memory.dmp	xmrig
behavioral2/memory/4864-192-0x00007FF632930000-0x00007FF632C84000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c20-190.dat	xmrig
behavioral2/files/0x0008000000023c1f-189.dat	xmrig
behavioral2/files/0x0008000000023c1e-188.dat	xmrig
behavioral2/memory/4336-187-0x00007FF6BE6B0000-0x00007FF6BEA04000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c05-177.dat	xmrig
behavioral2/files/0x0008000000023c04-175.dat	xmrig
behavioral2/files/0x0008000000023c03-173.dat	xmrig
behavioral2/files/0x0008000000023c1d-170.dat	xmrig
behavioral2/files/0x0008000000023bfe-166.dat	xmrig
behavioral2/files/0x0008000000023bfc-162.dat	xmrig
behavioral2/files/0x0008000000023bfa-160.dat	xmrig
behavioral2/files/0x0008000000023bfd-158.dat	xmrig
behavioral2/memory/3592-144-0x00007FF665360000-0x00007FF6656B4000-memory.dmp	xmrig
behavioral2/memory/3100-139-0x00007FF64AF70000-0x00007FF64B2C4000-memory.dmp	xmrig
behavioral2/memory/2156-138-0x00007FF7DA7A0000-0x00007FF7DAAF4000-memory.dmp	xmrig
behavioral2/memory/4924-133-0x00007FF78EC60000-0x00007FF78EFB4000-memory.dmp	xmrig
behavioral2/memory/116-129-0x00007FF7969C0000-0x00007FF796D14000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bf9-126.dat	xmrig
behavioral2/files/0x000e000000023bc2-120.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2472	RbPHYEk.exe
2336	jyQMzFr.exe
3124	EIwsnvu.exe
1804	ryXRQTk.exe
1016	ZkuCobK.exe
1208	GgUnnTS.exe
3688	gRmVrhz.exe
4152	NPtkInQ.exe
1052	qQSjuxy.exe
4564	JbHAnWI.exe
4264	eKpxfyO.exe
2480	UxwxmKY.exe
1548	fDmRUpH.exe
116	KenPUEJ.exe
3924	scnKhGl.exe
4924	QfNaIMQ.exe
1956	eruddhd.exe
2156	LLDqudQ.exe
3100	RlNIobF.exe
3592	CYFPfoI.exe
2180	DLMipoC.exe
2204	ogGXXhM.exe
4336	iexKenf.exe
1364	bzbiKBY.exe
2844	pOfDISW.exe
5088	OjNgzrJ.exe
4992	pGdEetG.exe
4864	IgXCCFg.exe
4932	SwvSjkv.exe
3424	kPFJqpR.exe
1092	sziPPWJ.exe
3128	NLFkOOP.exe
2836	haMjNRJ.exe
3676	iKdyKeD.exe
4528	aBfDbAi.exe
1072	ywghzMM.exe
4624	CVRHCvD.exe
3716	tSRAyqM.exe
2956	kCSbZnh.exe
4172	rORnhXc.exe
1064	UsZNiuD.exe
1332	qvpLjTA.exe
3740	HakOHbU.exe
1948	yVpQIhy.exe
1244	PIvMgVX.exe
1060	ynlgWyD.exe
2328	HvnUNNj.exe
1592	UgZlrbq.exe
992	ueaBVvV.exe
3516	EEPcxTJ.exe
2228	QQhdjnw.exe
4276	cgMmvXs.exe
4400	fyeFHva.exe
3828	tvrnxLL.exe
4572	gPJaQVl.exe
2064	gnIuYWu.exe
2608	nstVbcW.exe
4100	ehZNzuy.exe
4652	HYTjicW.exe
972	FJiQRbT.exe
3232	hysfYdK.exe
4604	bEYfXbT.exe
3468	VhaENXI.exe
1696	QZKBkLu.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4104-0-0x00007FF769E60000-0x00007FF76A1B4000-memory.dmp	upx
behavioral2/files/0x000c000000023b36-5.dat	upx
behavioral2/files/0x000a000000023b9a-9.dat	upx
behavioral2/memory/3124-17-0x00007FF64A3B0000-0x00007FF64A704000-memory.dmp	upx
behavioral2/files/0x000a000000023b9c-25.dat	upx
behavioral2/memory/1804-27-0x00007FF7FDF60000-0x00007FF7FE2B4000-memory.dmp	upx
behavioral2/files/0x000a000000023b9b-29.dat	upx
behavioral2/memory/1016-28-0x00007FF780C80000-0x00007FF780FD4000-memory.dmp	upx
behavioral2/memory/2336-20-0x00007FF640EB0000-0x00007FF641204000-memory.dmp	upx
behavioral2/memory/2472-15-0x00007FF7E3E40000-0x00007FF7E4194000-memory.dmp	upx
behavioral2/files/0x000a000000023b99-11.dat	upx
behavioral2/files/0x000b000000023b9d-35.dat	upx
behavioral2/memory/1208-36-0x00007FF667C80000-0x00007FF667FD4000-memory.dmp	upx
behavioral2/files/0x000b000000023b9e-41.dat	upx
behavioral2/memory/3688-44-0x00007FF790F00000-0x00007FF791254000-memory.dmp	upx
behavioral2/files/0x000c000000023b96-46.dat	upx
behavioral2/memory/4152-50-0x00007FF7CA560000-0x00007FF7CA8B4000-memory.dmp	upx
behavioral2/files/0x000b000000023b9f-53.dat	upx
behavioral2/memory/1052-54-0x00007FF6D9350000-0x00007FF6D96A4000-memory.dmp	upx
behavioral2/files/0x000e000000023bae-59.dat	upx
behavioral2/memory/2472-63-0x00007FF7E3E40000-0x00007FF7E4194000-memory.dmp	upx
behavioral2/memory/4564-64-0x00007FF63F560000-0x00007FF63F8B4000-memory.dmp	upx
behavioral2/memory/3124-68-0x00007FF64A3B0000-0x00007FF64A704000-memory.dmp	upx
behavioral2/memory/2480-70-0x00007FF647EA0000-0x00007FF6481F4000-memory.dmp	upx
behavioral2/files/0x0008000000023bb7-75.dat	upx
behavioral2/files/0x0009000000023bbc-73.dat	upx
behavioral2/memory/4264-69-0x00007FF7140E0000-0x00007FF714434000-memory.dmp	upx
behavioral2/memory/4104-62-0x00007FF769E60000-0x00007FF76A1B4000-memory.dmp	upx
behavioral2/memory/1804-78-0x00007FF7FDF60000-0x00007FF7FE2B4000-memory.dmp	upx
behavioral2/files/0x0009000000023bbd-82.dat	upx
behavioral2/files/0x0008000000023bc7-101.dat	upx
behavioral2/files/0x0008000000023bca-122.dat	upx
behavioral2/files/0x0008000000023bfb-131.dat	upx
behavioral2/memory/1956-134-0x00007FF6CE1B0000-0x00007FF6CE504000-memory.dmp	upx
behavioral2/memory/2180-150-0x00007FF6B2DD0000-0x00007FF6B3124000-memory.dmp	upx
behavioral2/files/0x0008000000023c17-179.dat	upx
behavioral2/memory/2844-191-0x00007FF66DE90000-0x00007FF66E1E4000-memory.dmp	upx
behavioral2/memory/1208-198-0x00007FF667C80000-0x00007FF667FD4000-memory.dmp	upx
behavioral2/memory/4992-204-0x00007FF70E730000-0x00007FF70EA84000-memory.dmp	upx
behavioral2/memory/5088-203-0x00007FF645410000-0x00007FF645764000-memory.dmp	upx
behavioral2/memory/1364-202-0x00007FF6AB770000-0x00007FF6ABAC4000-memory.dmp	upx
behavioral2/memory/2204-201-0x00007FF6251A0000-0x00007FF6254F4000-memory.dmp	upx
behavioral2/memory/3924-199-0x00007FF778100000-0x00007FF778454000-memory.dmp	upx
behavioral2/memory/4932-197-0x00007FF653B50000-0x00007FF653EA4000-memory.dmp	upx
behavioral2/memory/4864-192-0x00007FF632930000-0x00007FF632C84000-memory.dmp	upx
behavioral2/files/0x0008000000023c20-190.dat	upx
behavioral2/files/0x0008000000023c1f-189.dat	upx
behavioral2/files/0x0008000000023c1e-188.dat	upx
behavioral2/memory/4336-187-0x00007FF6BE6B0000-0x00007FF6BEA04000-memory.dmp	upx
behavioral2/files/0x0008000000023c05-177.dat	upx
behavioral2/files/0x0008000000023c04-175.dat	upx
behavioral2/files/0x0008000000023c03-173.dat	upx
behavioral2/files/0x0008000000023c1d-170.dat	upx
behavioral2/files/0x0008000000023bfe-166.dat	upx
behavioral2/files/0x0008000000023bfc-162.dat	upx
behavioral2/files/0x0008000000023bfa-160.dat	upx
behavioral2/files/0x0008000000023bfd-158.dat	upx
behavioral2/memory/3592-144-0x00007FF665360000-0x00007FF6656B4000-memory.dmp	upx
behavioral2/memory/3100-139-0x00007FF64AF70000-0x00007FF64B2C4000-memory.dmp	upx
behavioral2/memory/2156-138-0x00007FF7DA7A0000-0x00007FF7DAAF4000-memory.dmp	upx
behavioral2/memory/4924-133-0x00007FF78EC60000-0x00007FF78EFB4000-memory.dmp	upx
behavioral2/memory/116-129-0x00007FF7969C0000-0x00007FF796D14000-memory.dmp	upx
behavioral2/files/0x0008000000023bf9-126.dat	upx
behavioral2/files/0x000e000000023bc2-120.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\COrJvIW.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DizwZRo.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fsbrMht.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dsYLyHM.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rkzkqiA.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUvbxzv.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDMJQsE.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPnLRQe.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hJQtkDF.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQFxcFs.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeTpTlN.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBEASCv.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfNiXRp.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYFauHG.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfcZtkQ.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNFlvnt.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFjFNCK.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgRmQzb.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YnLmrhV.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpShFKR.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SITrVdT.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRSGZcz.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKdyKeD.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZpmqWwQ.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBinDgD.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GgMNgZM.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uCtJxVP.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHWSNkV.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWBUPfD.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEwHLCa.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whBMORv.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gygiBzS.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IgXCCFg.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yOWyqyR.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJuGULg.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJiQRbT.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRDHbbP.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XElmhUr.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CLBfLzs.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\myVjnnM.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lrxIKrC.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVMYKXy.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QxmKdhJ.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mawblRe.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GNRXhvG.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UMsCSyS.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EecemgU.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZKlktF.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FeFLgwl.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OprREPg.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlbPNbC.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KLMZtJr.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lEmyVSR.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rEFwgMZ.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQaItGx.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUBbMvE.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBKOQBE.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRumbKF.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whlpxsj.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XuVRPis.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hHuEwpz.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\esrcltb.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ueaBVvV.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Kdvpley.exe	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 2472	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4104 wrote to memory of 2472	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4104 wrote to memory of 2336	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4104 wrote to memory of 2336	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4104 wrote to memory of 3124	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4104 wrote to memory of 3124	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4104 wrote to memory of 1804	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4104 wrote to memory of 1804	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4104 wrote to memory of 1016	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4104 wrote to memory of 1016	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4104 wrote to memory of 1208	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4104 wrote to memory of 1208	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4104 wrote to memory of 3688	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4104 wrote to memory of 3688	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4104 wrote to memory of 4152	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4104 wrote to memory of 4152	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4104 wrote to memory of 1052	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4104 wrote to memory of 1052	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4104 wrote to memory of 4564	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4104 wrote to memory of 4564	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4104 wrote to memory of 2480	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4104 wrote to memory of 2480	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4104 wrote to memory of 4264	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4104 wrote to memory of 4264	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4104 wrote to memory of 1548	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4104 wrote to memory of 1548	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4104 wrote to memory of 116	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4104 wrote to memory of 116	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4104 wrote to memory of 2156	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4104 wrote to memory of 2156	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4104 wrote to memory of 3924	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4104 wrote to memory of 3924	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4104 wrote to memory of 4924	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4104 wrote to memory of 4924	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4104 wrote to memory of 1956	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4104 wrote to memory of 1956	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4104 wrote to memory of 3100	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4104 wrote to memory of 3100	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4104 wrote to memory of 3592	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4104 wrote to memory of 3592	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4104 wrote to memory of 2180	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4104 wrote to memory of 2180	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4104 wrote to memory of 2204	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4104 wrote to memory of 2204	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4104 wrote to memory of 4336	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4104 wrote to memory of 4336	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4104 wrote to memory of 1364	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4104 wrote to memory of 1364	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4104 wrote to memory of 2844	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4104 wrote to memory of 2844	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4104 wrote to memory of 5088	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4104 wrote to memory of 5088	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4104 wrote to memory of 4992	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4104 wrote to memory of 4992	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4104 wrote to memory of 4864	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4104 wrote to memory of 4864	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4104 wrote to memory of 4932	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4104 wrote to memory of 4932	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4104 wrote to memory of 3424	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4104 wrote to memory of 3424	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4104 wrote to memory of 1092	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4104 wrote to memory of 1092	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4104 wrote to memory of 3128	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4104 wrote to memory of 3128	4104	2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe	117

C:\Users\Admin\AppData\Local\Temp\2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-04_53a4ffa3c4bccb63c183638b7fe0b493_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Windows\System\RbPHYEk.exe
  C:\Windows\System\RbPHYEk.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\jyQMzFr.exe
  C:\Windows\System\jyQMzFr.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\EIwsnvu.exe
  C:\Windows\System\EIwsnvu.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\ryXRQTk.exe
  C:\Windows\System\ryXRQTk.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\ZkuCobK.exe
  C:\Windows\System\ZkuCobK.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\GgUnnTS.exe
  C:\Windows\System\GgUnnTS.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\gRmVrhz.exe
  C:\Windows\System\gRmVrhz.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\NPtkInQ.exe
  C:\Windows\System\NPtkInQ.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\qQSjuxy.exe
  C:\Windows\System\qQSjuxy.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\JbHAnWI.exe
  C:\Windows\System\JbHAnWI.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\UxwxmKY.exe
  C:\Windows\System\UxwxmKY.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\eKpxfyO.exe
  C:\Windows\System\eKpxfyO.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\fDmRUpH.exe
  C:\Windows\System\fDmRUpH.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\KenPUEJ.exe
  C:\Windows\System\KenPUEJ.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\LLDqudQ.exe
  C:\Windows\System\LLDqudQ.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\scnKhGl.exe
  C:\Windows\System\scnKhGl.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\QfNaIMQ.exe
  C:\Windows\System\QfNaIMQ.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\eruddhd.exe
  C:\Windows\System\eruddhd.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\RlNIobF.exe
  C:\Windows\System\RlNIobF.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\CYFPfoI.exe
  C:\Windows\System\CYFPfoI.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\DLMipoC.exe
  C:\Windows\System\DLMipoC.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\ogGXXhM.exe
  C:\Windows\System\ogGXXhM.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\iexKenf.exe
  C:\Windows\System\iexKenf.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\bzbiKBY.exe
  C:\Windows\System\bzbiKBY.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\pOfDISW.exe
  C:\Windows\System\pOfDISW.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\OjNgzrJ.exe
  C:\Windows\System\OjNgzrJ.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\pGdEetG.exe
  C:\Windows\System\pGdEetG.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\IgXCCFg.exe
  C:\Windows\System\IgXCCFg.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\SwvSjkv.exe
  C:\Windows\System\SwvSjkv.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\kPFJqpR.exe
  C:\Windows\System\kPFJqpR.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\sziPPWJ.exe
  C:\Windows\System\sziPPWJ.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\NLFkOOP.exe
  C:\Windows\System\NLFkOOP.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\haMjNRJ.exe
  C:\Windows\System\haMjNRJ.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\iKdyKeD.exe
  C:\Windows\System\iKdyKeD.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\aBfDbAi.exe
  C:\Windows\System\aBfDbAi.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\ywghzMM.exe
  C:\Windows\System\ywghzMM.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\CVRHCvD.exe
  C:\Windows\System\CVRHCvD.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\tSRAyqM.exe
  C:\Windows\System\tSRAyqM.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\kCSbZnh.exe
  C:\Windows\System\kCSbZnh.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\rORnhXc.exe
  C:\Windows\System\rORnhXc.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\UsZNiuD.exe
  C:\Windows\System\UsZNiuD.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\qvpLjTA.exe
  C:\Windows\System\qvpLjTA.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\HakOHbU.exe
  C:\Windows\System\HakOHbU.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\yVpQIhy.exe
  C:\Windows\System\yVpQIhy.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\PIvMgVX.exe
  C:\Windows\System\PIvMgVX.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\ynlgWyD.exe
  C:\Windows\System\ynlgWyD.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\HvnUNNj.exe
  C:\Windows\System\HvnUNNj.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\UgZlrbq.exe
  C:\Windows\System\UgZlrbq.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\ueaBVvV.exe
  C:\Windows\System\ueaBVvV.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\EEPcxTJ.exe
  C:\Windows\System\EEPcxTJ.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\QQhdjnw.exe
  C:\Windows\System\QQhdjnw.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\cgMmvXs.exe
  C:\Windows\System\cgMmvXs.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\fyeFHva.exe
  C:\Windows\System\fyeFHva.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\tvrnxLL.exe
  C:\Windows\System\tvrnxLL.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\gPJaQVl.exe
  C:\Windows\System\gPJaQVl.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\gnIuYWu.exe
  C:\Windows\System\gnIuYWu.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\nstVbcW.exe
  C:\Windows\System\nstVbcW.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\ehZNzuy.exe
  C:\Windows\System\ehZNzuy.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\HYTjicW.exe
  C:\Windows\System\HYTjicW.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\FJiQRbT.exe
  C:\Windows\System\FJiQRbT.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\hysfYdK.exe
  C:\Windows\System\hysfYdK.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\bEYfXbT.exe
  C:\Windows\System\bEYfXbT.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\VhaENXI.exe
  C:\Windows\System\VhaENXI.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\QZKBkLu.exe
  C:\Windows\System\QZKBkLu.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\eTDWXxn.exe
  C:\Windows\System\eTDWXxn.exe
  2⤵
  PID:2104
- C:\Windows\System\lynyrHD.exe
  C:\Windows\System\lynyrHD.exe
  2⤵
  PID:3724
- C:\Windows\System\cxzcnFo.exe
  C:\Windows\System\cxzcnFo.exe
  2⤵
  PID:1688
- C:\Windows\System\jVErHjQ.exe
  C:\Windows\System\jVErHjQ.exe
  2⤵
  PID:2876
- C:\Windows\System\VIiNCKC.exe
  C:\Windows\System\VIiNCKC.exe
  2⤵
  PID:964
- C:\Windows\System\IHjJRGz.exe
  C:\Windows\System\IHjJRGz.exe
  2⤵
  PID:2636
- C:\Windows\System\IZaPVrN.exe
  C:\Windows\System\IZaPVrN.exe
  2⤵
  PID:448
- C:\Windows\System\qeMbCqg.exe
  C:\Windows\System\qeMbCqg.exe
  2⤵
  PID:1684
- C:\Windows\System\wxTWLIW.exe
  C:\Windows\System\wxTWLIW.exe
  2⤵
  PID:948
- C:\Windows\System\NQHZPtc.exe
  C:\Windows\System\NQHZPtc.exe
  2⤵
  PID:4356
- C:\Windows\System\iacRRHJ.exe
  C:\Windows\System\iacRRHJ.exe
  2⤵
  PID:4204
- C:\Windows\System\CUnswAl.exe
  C:\Windows\System\CUnswAl.exe
  2⤵
  PID:456
- C:\Windows\System\jpljjqG.exe
  C:\Windows\System\jpljjqG.exe
  2⤵
  PID:720
- C:\Windows\System\kNegIga.exe
  C:\Windows\System\kNegIga.exe
  2⤵
  PID:552
- C:\Windows\System\yOWyqyR.exe
  C:\Windows\System\yOWyqyR.exe
  2⤵
  PID:4872
- C:\Windows\System\xMYwBdO.exe
  C:\Windows\System\xMYwBdO.exe
  2⤵
  PID:1496
- C:\Windows\System\nrbBEXh.exe
  C:\Windows\System\nrbBEXh.exe
  2⤵
  PID:776
- C:\Windows\System\RwvkFjh.exe
  C:\Windows\System\RwvkFjh.exe
  2⤵
  PID:5140
- C:\Windows\System\kOQnixs.exe
  C:\Windows\System\kOQnixs.exe
  2⤵
  PID:5172
- C:\Windows\System\CiLiyXv.exe
  C:\Windows\System\CiLiyXv.exe
  2⤵
  PID:5204
- C:\Windows\System\HLNodTh.exe
  C:\Windows\System\HLNodTh.exe
  2⤵
  PID:5244
- C:\Windows\System\VvXsSWX.exe
  C:\Windows\System\VvXsSWX.exe
  2⤵
  PID:5288
- C:\Windows\System\JohZPPQ.exe
  C:\Windows\System\JohZPPQ.exe
  2⤵
  PID:5328
- C:\Windows\System\RmgRQwQ.exe
  C:\Windows\System\RmgRQwQ.exe
  2⤵
  PID:5356
- C:\Windows\System\GxcMQSV.exe
  C:\Windows\System\GxcMQSV.exe
  2⤵
  PID:5388
- C:\Windows\System\YaQnzJZ.exe
  C:\Windows\System\YaQnzJZ.exe
  2⤵
  PID:5420
- C:\Windows\System\RQGuFdj.exe
  C:\Windows\System\RQGuFdj.exe
  2⤵
  PID:5448
- C:\Windows\System\cXFmpqa.exe
  C:\Windows\System\cXFmpqa.exe
  2⤵
  PID:5484
- C:\Windows\System\zOYUVOR.exe
  C:\Windows\System\zOYUVOR.exe
  2⤵
  PID:5508
- C:\Windows\System\yPoLDvk.exe
  C:\Windows\System\yPoLDvk.exe
  2⤵
  PID:5540
- C:\Windows\System\ticbjAs.exe
  C:\Windows\System\ticbjAs.exe
  2⤵
  PID:5568
- C:\Windows\System\mayhbuL.exe
  C:\Windows\System\mayhbuL.exe
  2⤵
  PID:5592
- C:\Windows\System\VBcwMCS.exe
  C:\Windows\System\VBcwMCS.exe
  2⤵
  PID:5612
- C:\Windows\System\AGWWzgp.exe
  C:\Windows\System\AGWWzgp.exe
  2⤵
  PID:5648
- C:\Windows\System\vmLtsPw.exe
  C:\Windows\System\vmLtsPw.exe
  2⤵
  PID:5676
- C:\Windows\System\tWBoffQ.exe
  C:\Windows\System\tWBoffQ.exe
  2⤵
  PID:5712
- C:\Windows\System\rXntTUf.exe
  C:\Windows\System\rXntTUf.exe
  2⤵
  PID:5740
- C:\Windows\System\uDHzgGi.exe
  C:\Windows\System\uDHzgGi.exe
  2⤵
  PID:5768
- C:\Windows\System\kTHcRfO.exe
  C:\Windows\System\kTHcRfO.exe
  2⤵
  PID:5796
- C:\Windows\System\YchMUay.exe
  C:\Windows\System\YchMUay.exe
  2⤵
  PID:5824
- C:\Windows\System\qSsUJnu.exe
  C:\Windows\System\qSsUJnu.exe
  2⤵
  PID:5872
- C:\Windows\System\RiPcOwb.exe
  C:\Windows\System\RiPcOwb.exe
  2⤵
  PID:5920
- C:\Windows\System\nwWrBbA.exe
  C:\Windows\System\nwWrBbA.exe
  2⤵
  PID:5944
- C:\Windows\System\eshCPqY.exe
  C:\Windows\System\eshCPqY.exe
  2⤵
  PID:5972
- C:\Windows\System\juvYVuj.exe
  C:\Windows\System\juvYVuj.exe
  2⤵
  PID:6000
- C:\Windows\System\BvtIHbq.exe
  C:\Windows\System\BvtIHbq.exe
  2⤵
  PID:6028
- C:\Windows\System\wZKlktF.exe
  C:\Windows\System\wZKlktF.exe
  2⤵
  PID:6060
- C:\Windows\System\iZZrixH.exe
  C:\Windows\System\iZZrixH.exe
  2⤵
  PID:6080
- C:\Windows\System\ICUNdtn.exe
  C:\Windows\System\ICUNdtn.exe
  2⤵
  PID:6104
- C:\Windows\System\DphdqeO.exe
  C:\Windows\System\DphdqeO.exe
  2⤵
  PID:6140
- C:\Windows\System\HFJlaZd.exe
  C:\Windows\System\HFJlaZd.exe
  2⤵
  PID:5180
- C:\Windows\System\LpGyShw.exe
  C:\Windows\System\LpGyShw.exe
  2⤵
  PID:5256
- C:\Windows\System\YolvmZN.exe
  C:\Windows\System\YolvmZN.exe
  2⤵
  PID:5336
- C:\Windows\System\FlkOgrm.exe
  C:\Windows\System\FlkOgrm.exe
  2⤵
  PID:5396
- C:\Windows\System\AJrAzSk.exe
  C:\Windows\System\AJrAzSk.exe
  2⤵
  PID:5464
- C:\Windows\System\myVjnnM.exe
  C:\Windows\System\myVjnnM.exe
  2⤵
  PID:5536
- C:\Windows\System\FMAtMzT.exe
  C:\Windows\System\FMAtMzT.exe
  2⤵
  PID:5608
- C:\Windows\System\WuafmCe.exe
  C:\Windows\System\WuafmCe.exe
  2⤵
  PID:5688
- C:\Windows\System\JEnxkzH.exe
  C:\Windows\System\JEnxkzH.exe
  2⤵
  PID:5752
- C:\Windows\System\lBSPiWL.exe
  C:\Windows\System\lBSPiWL.exe
  2⤵
  PID:5804
- C:\Windows\System\vlxHAEy.exe
  C:\Windows\System\vlxHAEy.exe
  2⤵
  PID:5900
- C:\Windows\System\VZogqeB.exe
  C:\Windows\System\VZogqeB.exe
  2⤵
  PID:5956
- C:\Windows\System\KLMZtJr.exe
  C:\Windows\System\KLMZtJr.exe
  2⤵
  PID:6048
- C:\Windows\System\vSOuBxu.exe
  C:\Windows\System\vSOuBxu.exe
  2⤵
  PID:5148
- C:\Windows\System\VZiwmrY.exe
  C:\Windows\System\VZiwmrY.exe
  2⤵
  PID:5432
- C:\Windows\System\fagBdGS.exe
  C:\Windows\System\fagBdGS.exe
  2⤵
  PID:3832
- C:\Windows\System\NnsRpZY.exe
  C:\Windows\System\NnsRpZY.exe
  2⤵
  PID:6040
- C:\Windows\System\sOgvCrF.exe
  C:\Windows\System\sOgvCrF.exe
  2⤵
  PID:5672
- C:\Windows\System\BcjQpqa.exe
  C:\Windows\System\BcjQpqa.exe
  2⤵
  PID:6068
- C:\Windows\System\FzppvZB.exe
  C:\Windows\System\FzppvZB.exe
  2⤵
  PID:6196
- C:\Windows\System\mnxTgVp.exe
  C:\Windows\System\mnxTgVp.exe
  2⤵
  PID:6224
- C:\Windows\System\bIlnqio.exe
  C:\Windows\System\bIlnqio.exe
  2⤵
  PID:6264
- C:\Windows\System\cwXlsiT.exe
  C:\Windows\System\cwXlsiT.exe
  2⤵
  PID:6292
- C:\Windows\System\lBIDINT.exe
  C:\Windows\System\lBIDINT.exe
  2⤵
  PID:6320
- C:\Windows\System\EqQKKeA.exe
  C:\Windows\System\EqQKKeA.exe
  2⤵
  PID:6348
- C:\Windows\System\kXweVrG.exe
  C:\Windows\System\kXweVrG.exe
  2⤵
  PID:6384
- C:\Windows\System\jvxRdgr.exe
  C:\Windows\System\jvxRdgr.exe
  2⤵
  PID:6404
- C:\Windows\System\xerwXDH.exe
  C:\Windows\System\xerwXDH.exe
  2⤵
  PID:6440
- C:\Windows\System\WmdpJnX.exe
  C:\Windows\System\WmdpJnX.exe
  2⤵
  PID:6468
- C:\Windows\System\BXvOKaX.exe
  C:\Windows\System\BXvOKaX.exe
  2⤵
  PID:6500
- C:\Windows\System\ZyZmAxn.exe
  C:\Windows\System\ZyZmAxn.exe
  2⤵
  PID:6528
- C:\Windows\System\woZjXYo.exe
  C:\Windows\System\woZjXYo.exe
  2⤵
  PID:6544
- C:\Windows\System\QOwNmAa.exe
  C:\Windows\System\QOwNmAa.exe
  2⤵
  PID:6572
- C:\Windows\System\ExsjgSD.exe
  C:\Windows\System\ExsjgSD.exe
  2⤵
  PID:6608
- C:\Windows\System\fuWSXwU.exe
  C:\Windows\System\fuWSXwU.exe
  2⤵
  PID:6640
- C:\Windows\System\MAglpyP.exe
  C:\Windows\System\MAglpyP.exe
  2⤵
  PID:6684
- C:\Windows\System\WfAqcee.exe
  C:\Windows\System\WfAqcee.exe
  2⤵
  PID:6708
- C:\Windows\System\nKClAer.exe
  C:\Windows\System\nKClAer.exe
  2⤵
  PID:6732
- C:\Windows\System\ZZwzzjY.exe
  C:\Windows\System\ZZwzzjY.exe
  2⤵
  PID:6768
- C:\Windows\System\jNLOGTd.exe
  C:\Windows\System\jNLOGTd.exe
  2⤵
  PID:6792
- C:\Windows\System\FydsXuv.exe
  C:\Windows\System\FydsXuv.exe
  2⤵
  PID:6820
- C:\Windows\System\dceBRKl.exe
  C:\Windows\System\dceBRKl.exe
  2⤵
  PID:6848
- C:\Windows\System\MFpLylX.exe
  C:\Windows\System\MFpLylX.exe
  2⤵
  PID:6880
- C:\Windows\System\CtxwsUM.exe
  C:\Windows\System\CtxwsUM.exe
  2⤵
  PID:6900
- C:\Windows\System\gDViomT.exe
  C:\Windows\System\gDViomT.exe
  2⤵
  PID:6940
- C:\Windows\System\rdlCjwH.exe
  C:\Windows\System\rdlCjwH.exe
  2⤵
  PID:6956
- C:\Windows\System\PNuXbrD.exe
  C:\Windows\System\PNuXbrD.exe
  2⤵
  PID:6972
- C:\Windows\System\CyfAmUF.exe
  C:\Windows\System\CyfAmUF.exe
  2⤵
  PID:6992
- C:\Windows\System\XrYAIoy.exe
  C:\Windows\System\XrYAIoy.exe
  2⤵
  PID:7040
- C:\Windows\System\FGVJaDF.exe
  C:\Windows\System\FGVJaDF.exe
  2⤵
  PID:7068
- C:\Windows\System\pgfRBjm.exe
  C:\Windows\System\pgfRBjm.exe
  2⤵
  PID:7104
- C:\Windows\System\JHUhjYV.exe
  C:\Windows\System\JHUhjYV.exe
  2⤵
  PID:7132
- C:\Windows\System\fNYcraA.exe
  C:\Windows\System\fNYcraA.exe
  2⤵
  PID:5856
- C:\Windows\System\RqOadTr.exe
  C:\Windows\System\RqOadTr.exe
  2⤵
  PID:6184
- C:\Windows\System\TKStBTq.exe
  C:\Windows\System\TKStBTq.exe
  2⤵
  PID:6252
- C:\Windows\System\TYfGGve.exe
  C:\Windows\System\TYfGGve.exe
  2⤵
  PID:6332
- C:\Windows\System\MCVsRZX.exe
  C:\Windows\System\MCVsRZX.exe
  2⤵
  PID:2664
- C:\Windows\System\mwXoKqf.exe
  C:\Windows\System\mwXoKqf.exe
  2⤵
  PID:4780
- C:\Windows\System\sHHxzWW.exe
  C:\Windows\System\sHHxzWW.exe
  2⤵
  PID:6364
- C:\Windows\System\PcJMUgq.exe
  C:\Windows\System\PcJMUgq.exe
  2⤵
  PID:6396
- C:\Windows\System\ktoOTyE.exe
  C:\Windows\System\ktoOTyE.exe
  2⤵
  PID:6464
- C:\Windows\System\xGixKRP.exe
  C:\Windows\System\xGixKRP.exe
  2⤵
  PID:6564
- C:\Windows\System\ZfaolHx.exe
  C:\Windows\System\ZfaolHx.exe
  2⤵
  PID:6632
- C:\Windows\System\ixTGALW.exe
  C:\Windows\System\ixTGALW.exe
  2⤵
  PID:6616
- C:\Windows\System\SpZDKeE.exe
  C:\Windows\System\SpZDKeE.exe
  2⤵
  PID:6692
- C:\Windows\System\kjzNssg.exe
  C:\Windows\System\kjzNssg.exe
  2⤵
  PID:6776
- C:\Windows\System\WKtlPwX.exe
  C:\Windows\System\WKtlPwX.exe
  2⤵
  PID:6868
- C:\Windows\System\zpoIPuO.exe
  C:\Windows\System\zpoIPuO.exe
  2⤵
  PID:6952
- C:\Windows\System\mhIwSIF.exe
  C:\Windows\System\mhIwSIF.exe
  2⤵
  PID:7004
- C:\Windows\System\kNbGMtZ.exe
  C:\Windows\System\kNbGMtZ.exe
  2⤵
  PID:7112
- C:\Windows\System\qxdHxhs.exe
  C:\Windows\System\qxdHxhs.exe
  2⤵
  PID:6160
- C:\Windows\System\OqYvvER.exe
  C:\Windows\System\OqYvvER.exe
  2⤵
  PID:6284
- C:\Windows\System\jkMwNvL.exe
  C:\Windows\System\jkMwNvL.exe
  2⤵
  PID:4148
- C:\Windows\System\sLUmsUY.exe
  C:\Windows\System\sLUmsUY.exe
  2⤵
  PID:1404
- C:\Windows\System\QnzUqxF.exe
  C:\Windows\System\QnzUqxF.exe
  2⤵
  PID:6436
- C:\Windows\System\CwPgKRH.exe
  C:\Windows\System\CwPgKRH.exe
  2⤵
  PID:1536
- C:\Windows\System\sbxRCLz.exe
  C:\Windows\System\sbxRCLz.exe
  2⤵
  PID:4116
- C:\Windows\System\SvDXQFF.exe
  C:\Windows\System\SvDXQFF.exe
  2⤵
  PID:3196
- C:\Windows\System\mlUgdYG.exe
  C:\Windows\System\mlUgdYG.exe
  2⤵
  PID:6600
- C:\Windows\System\ldCduKY.exe
  C:\Windows\System\ldCduKY.exe
  2⤵
  PID:6748
- C:\Windows\System\tsZexrs.exe
  C:\Windows\System\tsZexrs.exe
  2⤵
  PID:6924
- C:\Windows\System\Mtgqumu.exe
  C:\Windows\System\Mtgqumu.exe
  2⤵
  PID:7064
- C:\Windows\System\kDmIXoU.exe
  C:\Windows\System\kDmIXoU.exe
  2⤵
  PID:6208
- C:\Windows\System\nmhEeoV.exe
  C:\Windows\System\nmhEeoV.exe
  2⤵
  PID:5152
- C:\Windows\System\pqkGICK.exe
  C:\Windows\System\pqkGICK.exe
  2⤵
  PID:4852
- C:\Windows\System\Zqajtvq.exe
  C:\Windows\System\Zqajtvq.exe
  2⤵
  PID:6764
- C:\Windows\System\ikrGmUp.exe
  C:\Windows\System\ikrGmUp.exe
  2⤵
  PID:6948
- C:\Windows\System\aRrOovc.exe
  C:\Windows\System\aRrOovc.exe
  2⤵
  PID:3192
- C:\Windows\System\iRGQWff.exe
  C:\Windows\System\iRGQWff.exe
  2⤵
  PID:6556
- C:\Windows\System\AIQXOgE.exe
  C:\Windows\System\AIQXOgE.exe
  2⤵
  PID:4712
- C:\Windows\System\kAGUkkc.exe
  C:\Windows\System\kAGUkkc.exe
  2⤵
  PID:7176
- C:\Windows\System\LEwHLCa.exe
  C:\Windows\System\LEwHLCa.exe
  2⤵
  PID:7212
- C:\Windows\System\hdqjonX.exe
  C:\Windows\System\hdqjonX.exe
  2⤵
  PID:7240
- C:\Windows\System\iRTYiVP.exe
  C:\Windows\System\iRTYiVP.exe
  2⤵
  PID:7272
- C:\Windows\System\YFKWwzy.exe
  C:\Windows\System\YFKWwzy.exe
  2⤵
  PID:7296
- C:\Windows\System\LwUDHmm.exe
  C:\Windows\System\LwUDHmm.exe
  2⤵
  PID:7324
- C:\Windows\System\vqpJTxr.exe
  C:\Windows\System\vqpJTxr.exe
  2⤵
  PID:7344
- C:\Windows\System\IeNoyAU.exe
  C:\Windows\System\IeNoyAU.exe
  2⤵
  PID:7376
- C:\Windows\System\ailhLSZ.exe
  C:\Windows\System\ailhLSZ.exe
  2⤵
  PID:7408
- C:\Windows\System\ZXkzMpU.exe
  C:\Windows\System\ZXkzMpU.exe
  2⤵
  PID:7436
- C:\Windows\System\lEmyVSR.exe
  C:\Windows\System\lEmyVSR.exe
  2⤵
  PID:7468
- C:\Windows\System\FEVVuhl.exe
  C:\Windows\System\FEVVuhl.exe
  2⤵
  PID:7484
- C:\Windows\System\bnnFHDg.exe
  C:\Windows\System\bnnFHDg.exe
  2⤵
  PID:7516
- C:\Windows\System\xnsemgT.exe
  C:\Windows\System\xnsemgT.exe
  2⤵
  PID:7544
- C:\Windows\System\mjxfbxb.exe
  C:\Windows\System\mjxfbxb.exe
  2⤵
  PID:7576
- C:\Windows\System\ZSCqkCl.exe
  C:\Windows\System\ZSCqkCl.exe
  2⤵
  PID:7648
- C:\Windows\System\WrjadHL.exe
  C:\Windows\System\WrjadHL.exe
  2⤵
  PID:7676
- C:\Windows\System\wtGjyBS.exe
  C:\Windows\System\wtGjyBS.exe
  2⤵
  PID:7712
- C:\Windows\System\ZOaXEjE.exe
  C:\Windows\System\ZOaXEjE.exe
  2⤵
  PID:7736
- C:\Windows\System\gAZnuTR.exe
  C:\Windows\System\gAZnuTR.exe
  2⤵
  PID:7768
- C:\Windows\System\fEkQbsB.exe
  C:\Windows\System\fEkQbsB.exe
  2⤵
  PID:7792
- C:\Windows\System\cBlKExJ.exe
  C:\Windows\System\cBlKExJ.exe
  2⤵
  PID:7824
- C:\Windows\System\UcHIpeH.exe
  C:\Windows\System\UcHIpeH.exe
  2⤵
  PID:7852
- C:\Windows\System\EsEpBGA.exe
  C:\Windows\System\EsEpBGA.exe
  2⤵
  PID:7880
- C:\Windows\System\LtktWAs.exe
  C:\Windows\System\LtktWAs.exe
  2⤵
  PID:7908
- C:\Windows\System\vIlmxTl.exe
  C:\Windows\System\vIlmxTl.exe
  2⤵
  PID:7940
- C:\Windows\System\MFcqsFQ.exe
  C:\Windows\System\MFcqsFQ.exe
  2⤵
  PID:7964
- C:\Windows\System\SQBNhSb.exe
  C:\Windows\System\SQBNhSb.exe
  2⤵
  PID:7992
- C:\Windows\System\KXCKoru.exe
  C:\Windows\System\KXCKoru.exe
  2⤵
  PID:8012
- C:\Windows\System\JXYNVMH.exe
  C:\Windows\System\JXYNVMH.exe
  2⤵
  PID:8048
- C:\Windows\System\UUCaUoN.exe
  C:\Windows\System\UUCaUoN.exe
  2⤵
  PID:8068
- C:\Windows\System\zCVwZew.exe
  C:\Windows\System\zCVwZew.exe
  2⤵
  PID:8104
- C:\Windows\System\UIVuAql.exe
  C:\Windows\System\UIVuAql.exe
  2⤵
  PID:8124
- C:\Windows\System\ivXOyFc.exe
  C:\Windows\System\ivXOyFc.exe
  2⤵
  PID:8164
- C:\Windows\System\GmhlbCM.exe
  C:\Windows\System\GmhlbCM.exe
  2⤵
  PID:2848
- C:\Windows\System\UawEhWe.exe
  C:\Windows\System\UawEhWe.exe
  2⤵
  PID:7220
- C:\Windows\System\LGitlNZ.exe
  C:\Windows\System\LGitlNZ.exe
  2⤵
  PID:7280
- C:\Windows\System\Kdvpley.exe
  C:\Windows\System\Kdvpley.exe
  2⤵
  PID:7332
- C:\Windows\System\yELlhYH.exe
  C:\Windows\System\yELlhYH.exe
  2⤵
  PID:7392
- C:\Windows\System\bbHTzqC.exe
  C:\Windows\System\bbHTzqC.exe
  2⤵
  PID:7464
- C:\Windows\System\wHOcuSs.exe
  C:\Windows\System\wHOcuSs.exe
  2⤵
  PID:2596
- C:\Windows\System\DeTsDOY.exe
  C:\Windows\System\DeTsDOY.exe
  2⤵
  PID:7588
- C:\Windows\System\vrbvBUv.exe
  C:\Windows\System\vrbvBUv.exe
  2⤵
  PID:1756
- C:\Windows\System\qMTQPtN.exe
  C:\Windows\System\qMTQPtN.exe
  2⤵
  PID:7668
- C:\Windows\System\pXNgPzc.exe
  C:\Windows\System\pXNgPzc.exe
  2⤵
  PID:7744
- C:\Windows\System\ravXHPr.exe
  C:\Windows\System\ravXHPr.exe
  2⤵
  PID:7776
- C:\Windows\System\NzXfYly.exe
  C:\Windows\System\NzXfYly.exe
  2⤵
  PID:7848
- C:\Windows\System\RyOqpdj.exe
  C:\Windows\System\RyOqpdj.exe
  2⤵
  PID:7920
- C:\Windows\System\ZlGlWPL.exe
  C:\Windows\System\ZlGlWPL.exe
  2⤵
  PID:8000
- C:\Windows\System\tESLdPT.exe
  C:\Windows\System\tESLdPT.exe
  2⤵
  PID:8056
- C:\Windows\System\wMZQmgE.exe
  C:\Windows\System\wMZQmgE.exe
  2⤵
  PID:8092
- C:\Windows\System\xHKadjL.exe
  C:\Windows\System\xHKadjL.exe
  2⤵
  PID:8180
- C:\Windows\System\FeFLgwl.exe
  C:\Windows\System\FeFLgwl.exe
  2⤵
  PID:7248
- C:\Windows\System\vwNOckx.exe
  C:\Windows\System\vwNOckx.exe
  2⤵
  PID:7420
- C:\Windows\System\eoYAfiq.exe
  C:\Windows\System\eoYAfiq.exe
  2⤵
  PID:7508
- C:\Windows\System\ltXTFdx.exe
  C:\Windows\System\ltXTFdx.exe
  2⤵
  PID:5324
- C:\Windows\System\kCxoioi.exe
  C:\Windows\System\kCxoioi.exe
  2⤵
  PID:7708
- C:\Windows\System\ktFqEyq.exe
  C:\Windows\System\ktFqEyq.exe
  2⤵
  PID:7900
- C:\Windows\System\rLdknPI.exe
  C:\Windows\System\rLdknPI.exe
  2⤵
  PID:4944
- C:\Windows\System\eohsuOE.exe
  C:\Windows\System\eohsuOE.exe
  2⤵
  PID:7188
- C:\Windows\System\KqdVjWV.exe
  C:\Windows\System\KqdVjWV.exe
  2⤵
  PID:3900
- C:\Windows\System\SBWpSCd.exe
  C:\Windows\System\SBWpSCd.exe
  2⤵
  PID:4948
- C:\Windows\System\lttfLBd.exe
  C:\Windows\System\lttfLBd.exe
  2⤵
  PID:7892
- C:\Windows\System\abPSDeT.exe
  C:\Windows\System\abPSDeT.exe
  2⤵
  PID:8088
- C:\Windows\System\oZVfGZE.exe
  C:\Windows\System\oZVfGZE.exe
  2⤵
  PID:7480
- C:\Windows\System\EAJMmgz.exe
  C:\Windows\System\EAJMmgz.exe
  2⤵
  PID:8032
- C:\Windows\System\WhHfgbT.exe
  C:\Windows\System\WhHfgbT.exe
  2⤵
  PID:7448
- C:\Windows\System\nQDsAlh.exe
  C:\Windows\System\nQDsAlh.exe
  2⤵
  PID:836
- C:\Windows\System\iHuZAsm.exe
  C:\Windows\System\iHuZAsm.exe
  2⤵
  PID:8200
- C:\Windows\System\mIwDBhr.exe
  C:\Windows\System\mIwDBhr.exe
  2⤵
  PID:8228
- C:\Windows\System\nRfRnQY.exe
  C:\Windows\System\nRfRnQY.exe
  2⤵
  PID:8264
- C:\Windows\System\aZwvRSy.exe
  C:\Windows\System\aZwvRSy.exe
  2⤵
  PID:8292
- C:\Windows\System\OpYAxCG.exe
  C:\Windows\System\OpYAxCG.exe
  2⤵
  PID:8320
- C:\Windows\System\MnqZwoq.exe
  C:\Windows\System\MnqZwoq.exe
  2⤵
  PID:8348
- C:\Windows\System\LKswCwF.exe
  C:\Windows\System\LKswCwF.exe
  2⤵
  PID:8376
- C:\Windows\System\zLFGXuL.exe
  C:\Windows\System\zLFGXuL.exe
  2⤵
  PID:8404
- C:\Windows\System\fOVxmam.exe
  C:\Windows\System\fOVxmam.exe
  2⤵
  PID:8432
- C:\Windows\System\QxmKdhJ.exe
  C:\Windows\System\QxmKdhJ.exe
  2⤵
  PID:8460
- C:\Windows\System\qVmLtGl.exe
  C:\Windows\System\qVmLtGl.exe
  2⤵
  PID:8488
- C:\Windows\System\PuFSDty.exe
  C:\Windows\System\PuFSDty.exe
  2⤵
  PID:8520
- C:\Windows\System\rMzajaH.exe
  C:\Windows\System\rMzajaH.exe
  2⤵
  PID:8544
- C:\Windows\System\AqeRods.exe
  C:\Windows\System\AqeRods.exe
  2⤵
  PID:8580
- C:\Windows\System\dKJntwV.exe
  C:\Windows\System\dKJntwV.exe
  2⤵
  PID:8600
- C:\Windows\System\BuCKyjn.exe
  C:\Windows\System\BuCKyjn.exe
  2⤵
  PID:8632
- C:\Windows\System\NUkpaYN.exe
  C:\Windows\System\NUkpaYN.exe
  2⤵
  PID:8652
- C:\Windows\System\PrFIXgU.exe
  C:\Windows\System\PrFIXgU.exe
  2⤵
  PID:8684
- C:\Windows\System\wkScQzM.exe
  C:\Windows\System\wkScQzM.exe
  2⤵
  PID:8712
- C:\Windows\System\NzbMNkT.exe
  C:\Windows\System\NzbMNkT.exe
  2⤵
  PID:8740
- C:\Windows\System\UWCVwiO.exe
  C:\Windows\System\UWCVwiO.exe
  2⤵
  PID:8772
- C:\Windows\System\qfcxrhP.exe
  C:\Windows\System\qfcxrhP.exe
  2⤵
  PID:8800
- C:\Windows\System\LfnnJkg.exe
  C:\Windows\System\LfnnJkg.exe
  2⤵
  PID:8820
- C:\Windows\System\YVMsLmi.exe
  C:\Windows\System\YVMsLmi.exe
  2⤵
  PID:8848
- C:\Windows\System\UOSNMeo.exe
  C:\Windows\System\UOSNMeo.exe
  2⤵
  PID:8876
- C:\Windows\System\sUWdKWH.exe
  C:\Windows\System\sUWdKWH.exe
  2⤵
  PID:8904
- C:\Windows\System\tVvRotS.exe
  C:\Windows\System\tVvRotS.exe
  2⤵
  PID:8932
- C:\Windows\System\KquXUFx.exe
  C:\Windows\System\KquXUFx.exe
  2⤵
  PID:8968
- C:\Windows\System\VJswKha.exe
  C:\Windows\System\VJswKha.exe
  2⤵
  PID:9000
- C:\Windows\System\YUBqkhn.exe
  C:\Windows\System\YUBqkhn.exe
  2⤵
  PID:9016
- C:\Windows\System\mFNTKyp.exe
  C:\Windows\System\mFNTKyp.exe
  2⤵
  PID:9044
- C:\Windows\System\AakImJN.exe
  C:\Windows\System\AakImJN.exe
  2⤵
  PID:9080
- C:\Windows\System\Uymdamp.exe
  C:\Windows\System\Uymdamp.exe
  2⤵
  PID:9100
- C:\Windows\System\ttInwCA.exe
  C:\Windows\System\ttInwCA.exe
  2⤵
  PID:9128
- C:\Windows\System\OoZbqTt.exe
  C:\Windows\System\OoZbqTt.exe
  2⤵
  PID:9156
- C:\Windows\System\IwuThDN.exe
  C:\Windows\System\IwuThDN.exe
  2⤵
  PID:9188
- C:\Windows\System\OzwcPUc.exe
  C:\Windows\System\OzwcPUc.exe
  2⤵
  PID:5052
- C:\Windows\System\plVWeRq.exe
  C:\Windows\System\plVWeRq.exe
  2⤵
  PID:8252
- C:\Windows\System\VeeRkVu.exe
  C:\Windows\System\VeeRkVu.exe
  2⤵
  PID:8328
- C:\Windows\System\cykkpeY.exe
  C:\Windows\System\cykkpeY.exe
  2⤵
  PID:8388
- C:\Windows\System\tEZcglI.exe
  C:\Windows\System\tEZcglI.exe
  2⤵
  PID:8444
- C:\Windows\System\nOLrQUo.exe
  C:\Windows\System\nOLrQUo.exe
  2⤵
  PID:8508
- C:\Windows\System\IeSjFMU.exe
  C:\Windows\System\IeSjFMU.exe
  2⤵
  PID:8592
- C:\Windows\System\XnzymjD.exe
  C:\Windows\System\XnzymjD.exe
  2⤵
  PID:8644
- C:\Windows\System\nSWDsTM.exe
  C:\Windows\System\nSWDsTM.exe
  2⤵
  PID:8704
- C:\Windows\System\DizwZRo.exe
  C:\Windows\System\DizwZRo.exe
  2⤵
  PID:8780
- C:\Windows\System\CMoVrZn.exe
  C:\Windows\System\CMoVrZn.exe
  2⤵
  PID:8840
- C:\Windows\System\MTBAgfc.exe
  C:\Windows\System\MTBAgfc.exe
  2⤵
  PID:8900
- C:\Windows\System\qdqZcMx.exe
  C:\Windows\System\qdqZcMx.exe
  2⤵
  PID:8956
- C:\Windows\System\KORHJYR.exe
  C:\Windows\System\KORHJYR.exe
  2⤵
  PID:9008
- C:\Windows\System\HIczgfs.exe
  C:\Windows\System\HIczgfs.exe
  2⤵
  PID:9064
- C:\Windows\System\BvRvVkq.exe
  C:\Windows\System\BvRvVkq.exe
  2⤵
  PID:9112
- C:\Windows\System\UpGBcNj.exe
  C:\Windows\System\UpGBcNj.exe
  2⤵
  PID:9152
- C:\Windows\System\GjAGPUw.exe
  C:\Windows\System\GjAGPUw.exe
  2⤵
  PID:8220
- C:\Windows\System\DSyMWbL.exe
  C:\Windows\System\DSyMWbL.exe
  2⤵
  PID:8384
- C:\Windows\System\ftRBFHR.exe
  C:\Windows\System\ftRBFHR.exe
  2⤵
  PID:8496
- C:\Windows\System\cKmcJnB.exe
  C:\Windows\System\cKmcJnB.exe
  2⤵
  PID:8672
- C:\Windows\System\HZTlKkx.exe
  C:\Windows\System\HZTlKkx.exe
  2⤵
  PID:8760
- C:\Windows\System\HUIiXpW.exe
  C:\Windows\System\HUIiXpW.exe
  2⤵
  PID:1820
- C:\Windows\System\DvuMlzH.exe
  C:\Windows\System\DvuMlzH.exe
  2⤵
  PID:9056
- C:\Windows\System\tdQQKET.exe
  C:\Windows\System\tdQQKET.exe
  2⤵
  PID:9148
- C:\Windows\System\WdssCPs.exe
  C:\Windows\System\WdssCPs.exe
  2⤵
  PID:768
- C:\Windows\System\tubCLvQ.exe
  C:\Windows\System\tubCLvQ.exe
  2⤵
  PID:8732
- C:\Windows\System\FVtcbrz.exe
  C:\Windows\System\FVtcbrz.exe
  2⤵
  PID:9092
- C:\Windows\System\VqJOplT.exe
  C:\Windows\System\VqJOplT.exe
  2⤵
  PID:3556
- C:\Windows\System\irqwtyP.exe
  C:\Windows\System\irqwtyP.exe
  2⤵
  PID:8896
- C:\Windows\System\joqeJAv.exe
  C:\Windows\System\joqeJAv.exe
  2⤵
  PID:9232
- C:\Windows\System\GFHUwze.exe
  C:\Windows\System\GFHUwze.exe
  2⤵
  PID:9252
- C:\Windows\System\OvRgVku.exe
  C:\Windows\System\OvRgVku.exe
  2⤵
  PID:9284
- C:\Windows\System\ZBkBfPF.exe
  C:\Windows\System\ZBkBfPF.exe
  2⤵
  PID:9308
- C:\Windows\System\OqghAnf.exe
  C:\Windows\System\OqghAnf.exe
  2⤵
  PID:9344
- C:\Windows\System\OpWENob.exe
  C:\Windows\System\OpWENob.exe
  2⤵
  PID:9364
- C:\Windows\System\IHWMmeR.exe
  C:\Windows\System\IHWMmeR.exe
  2⤵
  PID:9400
- C:\Windows\System\mawblRe.exe
  C:\Windows\System\mawblRe.exe
  2⤵
  PID:9424
- C:\Windows\System\DVgXRAz.exe
  C:\Windows\System\DVgXRAz.exe
  2⤵
  PID:9448
- C:\Windows\System\nUXRTFE.exe
  C:\Windows\System\nUXRTFE.exe
  2⤵
  PID:9476
- C:\Windows\System\FeIaCyu.exe
  C:\Windows\System\FeIaCyu.exe
  2⤵
  PID:9504
- C:\Windows\System\Cllpipg.exe
  C:\Windows\System\Cllpipg.exe
  2⤵
  PID:9532
- C:\Windows\System\WgICNlY.exe
  C:\Windows\System\WgICNlY.exe
  2⤵
  PID:9568
- C:\Windows\System\GgMNgZM.exe
  C:\Windows\System\GgMNgZM.exe
  2⤵
  PID:9592
- C:\Windows\System\FZcUdYl.exe
  C:\Windows\System\FZcUdYl.exe
  2⤵
  PID:9624
- C:\Windows\System\ZNGQxYq.exe
  C:\Windows\System\ZNGQxYq.exe
  2⤵
  PID:9652
- C:\Windows\System\pMidmoL.exe
  C:\Windows\System\pMidmoL.exe
  2⤵
  PID:9672
- C:\Windows\System\brsBtzg.exe
  C:\Windows\System\brsBtzg.exe
  2⤵
  PID:9700
- C:\Windows\System\brJOpiu.exe
  C:\Windows\System\brJOpiu.exe
  2⤵
  PID:9728
- C:\Windows\System\kXXWynN.exe
  C:\Windows\System\kXXWynN.exe
  2⤵
  PID:9760
- C:\Windows\System\kyOLSme.exe
  C:\Windows\System\kyOLSme.exe
  2⤵
  PID:9792
- C:\Windows\System\VGdYXXh.exe
  C:\Windows\System\VGdYXXh.exe
  2⤵
  PID:9816
- C:\Windows\System\TalWraL.exe
  C:\Windows\System\TalWraL.exe
  2⤵
  PID:9844
- C:\Windows\System\LetJWyL.exe
  C:\Windows\System\LetJWyL.exe
  2⤵
  PID:9872
- C:\Windows\System\dRJIPsb.exe
  C:\Windows\System\dRJIPsb.exe
  2⤵
  PID:9900
- C:\Windows\System\ITekwMw.exe
  C:\Windows\System\ITekwMw.exe
  2⤵
  PID:9928
- C:\Windows\System\qlEXTJb.exe
  C:\Windows\System\qlEXTJb.exe
  2⤵
  PID:9956
- C:\Windows\System\UCJlWpi.exe
  C:\Windows\System\UCJlWpi.exe
  2⤵
  PID:9992
- C:\Windows\System\QZcfOyP.exe
  C:\Windows\System\QZcfOyP.exe
  2⤵
  PID:10016
- C:\Windows\System\XucwRiW.exe
  C:\Windows\System\XucwRiW.exe
  2⤵
  PID:10048
- C:\Windows\System\LwcoCvD.exe
  C:\Windows\System\LwcoCvD.exe
  2⤵
  PID:10076
- C:\Windows\System\EcWHGwi.exe
  C:\Windows\System\EcWHGwi.exe
  2⤵
  PID:10108
- C:\Windows\System\STVShga.exe
  C:\Windows\System\STVShga.exe
  2⤵
  PID:10132
- C:\Windows\System\AnUiUcd.exe
  C:\Windows\System\AnUiUcd.exe
  2⤵
  PID:10160
- C:\Windows\System\QQnYHxz.exe
  C:\Windows\System\QQnYHxz.exe
  2⤵
  PID:10188
- C:\Windows\System\tKXMmvm.exe
  C:\Windows\System\tKXMmvm.exe
  2⤵
  PID:10208
- C:\Windows\System\GngZopq.exe
  C:\Windows\System\GngZopq.exe
  2⤵
  PID:10236
- C:\Windows\System\vAZIguW.exe
  C:\Windows\System\vAZIguW.exe
  2⤵
  PID:9276
- C:\Windows\System\ASoCOCR.exe
  C:\Windows\System\ASoCOCR.exe
  2⤵
  PID:9352
- C:\Windows\System\caBFkKt.exe
  C:\Windows\System\caBFkKt.exe
  2⤵
  PID:9384
- C:\Windows\System\mBjjMVl.exe
  C:\Windows\System\mBjjMVl.exe
  2⤵
  PID:4048
- C:\Windows\System\YlqAIXz.exe
  C:\Windows\System\YlqAIXz.exe
  2⤵
  PID:9528
- C:\Windows\System\FDvWgUQ.exe
  C:\Windows\System\FDvWgUQ.exe
  2⤵
  PID:9576
- C:\Windows\System\OSIElHW.exe
  C:\Windows\System\OSIElHW.exe
  2⤵
  PID:9660
- C:\Windows\System\LQudElS.exe
  C:\Windows\System\LQudElS.exe
  2⤵
  PID:9740
- C:\Windows\System\TveUKQh.exe
  C:\Windows\System\TveUKQh.exe
  2⤵
  PID:9804
- C:\Windows\System\GxBJrga.exe
  C:\Windows\System\GxBJrga.exe
  2⤵
  PID:9864
- C:\Windows\System\AcHUAxF.exe
  C:\Windows\System\AcHUAxF.exe
  2⤵
  PID:9924
- C:\Windows\System\IwBmPKh.exe
  C:\Windows\System\IwBmPKh.exe
  2⤵
  PID:10000
- C:\Windows\System\fXalxSb.exe
  C:\Windows\System\fXalxSb.exe
  2⤵
  PID:10060
- C:\Windows\System\kDviQMD.exe
  C:\Windows\System\kDviQMD.exe
  2⤵
  PID:10140
- C:\Windows\System\varxdlD.exe
  C:\Windows\System\varxdlD.exe
  2⤵
  PID:10204
- C:\Windows\System\dWafuIU.exe
  C:\Windows\System\dWafuIU.exe
  2⤵
  PID:4692
- C:\Windows\System\RqWTKqV.exe
  C:\Windows\System\RqWTKqV.exe
  2⤵
  PID:4620
- C:\Windows\System\YPzBnoL.exe
  C:\Windows\System\YPzBnoL.exe
  2⤵
  PID:3144
- C:\Windows\System\TIkVYmM.exe
  C:\Windows\System\TIkVYmM.exe
  2⤵
  PID:9556
- C:\Windows\System\malVMOW.exe
  C:\Windows\System\malVMOW.exe
  2⤵
  PID:9696
- C:\Windows\System\tVXhmgs.exe
  C:\Windows\System\tVXhmgs.exe
  2⤵
  PID:9780
- C:\Windows\System\OdAtfBN.exe
  C:\Windows\System\OdAtfBN.exe
  2⤵
  PID:9920
- C:\Windows\System\nsmiCgO.exe
  C:\Windows\System\nsmiCgO.exe
  2⤵
  PID:10036
- C:\Windows\System\WpyIbGP.exe
  C:\Windows\System\WpyIbGP.exe
  2⤵
  PID:9812
- C:\Windows\System\eTkgNyJ.exe
  C:\Windows\System\eTkgNyJ.exe
  2⤵
  PID:5108
- C:\Windows\System\TvjqdiC.exe
  C:\Windows\System\TvjqdiC.exe
  2⤵
  PID:2652
- C:\Windows\System\lGguHda.exe
  C:\Windows\System\lGguHda.exe
  2⤵
  PID:9516
- C:\Windows\System\TPefmmO.exe
  C:\Windows\System\TPefmmO.exe
  2⤵
  PID:10232
- C:\Windows\System\ZrpluYi.exe
  C:\Windows\System\ZrpluYi.exe
  2⤵
  PID:9724
- C:\Windows\System\OprREPg.exe
  C:\Windows\System\OprREPg.exe
  2⤵
  PID:9552
- C:\Windows\System\FYpLnlx.exe
  C:\Windows\System\FYpLnlx.exe
  2⤵
  PID:10244
- C:\Windows\System\koAhBRF.exe
  C:\Windows\System\koAhBRF.exe
  2⤵
  PID:10276
- C:\Windows\System\UbZuSkf.exe
  C:\Windows\System\UbZuSkf.exe
  2⤵
  PID:10300
- C:\Windows\System\YSCNqBw.exe
  C:\Windows\System\YSCNqBw.exe
  2⤵
  PID:10328
- C:\Windows\System\lwYhUWW.exe
  C:\Windows\System\lwYhUWW.exe
  2⤵
  PID:10356
- C:\Windows\System\jijgDAQ.exe
  C:\Windows\System\jijgDAQ.exe
  2⤵
  PID:10384
- C:\Windows\System\tXVuWPE.exe
  C:\Windows\System\tXVuWPE.exe
  2⤵
  PID:10412
- C:\Windows\System\DTWTHkM.exe
  C:\Windows\System\DTWTHkM.exe
  2⤵
  PID:10452
- C:\Windows\System\KxfNEJU.exe
  C:\Windows\System\KxfNEJU.exe
  2⤵
  PID:10480
- C:\Windows\System\iAmjqpo.exe
  C:\Windows\System\iAmjqpo.exe
  2⤵
  PID:10500
- C:\Windows\System\UBjxltb.exe
  C:\Windows\System\UBjxltb.exe
  2⤵
  PID:10528
- C:\Windows\System\wMHFVsj.exe
  C:\Windows\System\wMHFVsj.exe
  2⤵
  PID:10564
- C:\Windows\System\sjUYhCf.exe
  C:\Windows\System\sjUYhCf.exe
  2⤵
  PID:10592
- C:\Windows\System\GcAXSwp.exe
  C:\Windows\System\GcAXSwp.exe
  2⤵
  PID:10616
- C:\Windows\System\FmNBxhi.exe
  C:\Windows\System\FmNBxhi.exe
  2⤵
  PID:10652
- C:\Windows\System\lDxAEom.exe
  C:\Windows\System\lDxAEom.exe
  2⤵
  PID:10680
- C:\Windows\System\cBgnREw.exe
  C:\Windows\System\cBgnREw.exe
  2⤵
  PID:10704
- C:\Windows\System\bQbNwct.exe
  C:\Windows\System\bQbNwct.exe
  2⤵
  PID:10728
- C:\Windows\System\jPSMpnm.exe
  C:\Windows\System\jPSMpnm.exe
  2⤵
  PID:10756
- C:\Windows\System\oNLXTgj.exe
  C:\Windows\System\oNLXTgj.exe
  2⤵
  PID:10784
- C:\Windows\System\VjVWnMC.exe
  C:\Windows\System\VjVWnMC.exe
  2⤵
  PID:10824
- C:\Windows\System\mSVcQsG.exe
  C:\Windows\System\mSVcQsG.exe
  2⤵
  PID:10844
- C:\Windows\System\LWBUPfD.exe
  C:\Windows\System\LWBUPfD.exe
  2⤵
  PID:10880
- C:\Windows\System\uVhyiKe.exe
  C:\Windows\System\uVhyiKe.exe
  2⤵
  PID:10900
- C:\Windows\System\JyRLgNj.exe
  C:\Windows\System\JyRLgNj.exe
  2⤵
  PID:10932
- C:\Windows\System\AnvWeVu.exe
  C:\Windows\System\AnvWeVu.exe
  2⤵
  PID:10964
- C:\Windows\System\mNmNukL.exe
  C:\Windows\System\mNmNukL.exe
  2⤵
  PID:10984
- C:\Windows\System\cPiVzDW.exe
  C:\Windows\System\cPiVzDW.exe
  2⤵
  PID:11012
- C:\Windows\System\UiVHZQj.exe
  C:\Windows\System\UiVHZQj.exe
  2⤵
  PID:11040
- C:\Windows\System\ORCmnHH.exe
  C:\Windows\System\ORCmnHH.exe
  2⤵
  PID:11068
- C:\Windows\System\KUpErBu.exe
  C:\Windows\System\KUpErBu.exe
  2⤵
  PID:11104
- C:\Windows\System\KMgFAHV.exe
  C:\Windows\System\KMgFAHV.exe
  2⤵
  PID:11136
- C:\Windows\System\sQzPOxL.exe
  C:\Windows\System\sQzPOxL.exe
  2⤵
  PID:11156
- C:\Windows\System\UJmYjdL.exe
  C:\Windows\System\UJmYjdL.exe
  2⤵
  PID:11184
- C:\Windows\System\CBEASCv.exe
  C:\Windows\System\CBEASCv.exe
  2⤵
  PID:11212
- C:\Windows\System\tJKPgWb.exe
  C:\Windows\System\tJKPgWb.exe
  2⤵
  PID:11240
- C:\Windows\System\htHbqGU.exe
  C:\Windows\System\htHbqGU.exe
  2⤵
  PID:10284
- C:\Windows\System\tftYxUe.exe
  C:\Windows\System\tftYxUe.exe
  2⤵
  PID:10348
- C:\Windows\System\sOZUGMt.exe
  C:\Windows\System\sOZUGMt.exe
  2⤵
  PID:10424
- C:\Windows\System\zcaZzDM.exe
  C:\Windows\System\zcaZzDM.exe
  2⤵
  PID:10464
- C:\Windows\System\HbbDVxK.exe
  C:\Windows\System\HbbDVxK.exe
  2⤵
  PID:10524
- C:\Windows\System\GvvgMFO.exe
  C:\Windows\System\GvvgMFO.exe
  2⤵
  PID:10600
- C:\Windows\System\vywUpSg.exe
  C:\Windows\System\vywUpSg.exe
  2⤵
  PID:10660
- C:\Windows\System\XHPUrHE.exe
  C:\Windows\System\XHPUrHE.exe
  2⤵
  PID:10720
- C:\Windows\System\HqRmcUD.exe
  C:\Windows\System\HqRmcUD.exe
  2⤵
  PID:10780
- C:\Windows\System\JUfSDeN.exe
  C:\Windows\System\JUfSDeN.exe
  2⤵
  PID:10856
- C:\Windows\System\zIuvFbB.exe
  C:\Windows\System\zIuvFbB.exe
  2⤵
  PID:10924
- C:\Windows\System\kFqACwS.exe
  C:\Windows\System\kFqACwS.exe
  2⤵
  PID:10980
- C:\Windows\System\uHQzkqj.exe
  C:\Windows\System\uHQzkqj.exe
  2⤵
  PID:11052
- C:\Windows\System\hkRxtTF.exe
  C:\Windows\System\hkRxtTF.exe
  2⤵
  PID:11092
- C:\Windows\System\LKtmFew.exe
  C:\Windows\System\LKtmFew.exe
  2⤵
  PID:11168
- C:\Windows\System\LyCktVJ.exe
  C:\Windows\System\LyCktVJ.exe
  2⤵
  PID:11232
- C:\Windows\System\kHfyFDf.exe
  C:\Windows\System\kHfyFDf.exe
  2⤵
  PID:10320
- C:\Windows\System\JwfJENt.exe
  C:\Windows\System\JwfJENt.exe
  2⤵
  PID:10580
- C:\Windows\System\yBUMgca.exe
  C:\Windows\System\yBUMgca.exe
  2⤵
  PID:10696
- C:\Windows\System\vgWKgIL.exe
  C:\Windows\System\vgWKgIL.exe
  2⤵
  PID:10948
- C:\Windows\System\WhDISGK.exe
  C:\Windows\System\WhDISGK.exe
  2⤵
  PID:11036
- C:\Windows\System\pywMrVH.exe
  C:\Windows\System\pywMrVH.exe
  2⤵
  PID:11224
- C:\Windows\System\jIctSHR.exe
  C:\Windows\System\jIctSHR.exe
  2⤵
  PID:10640
- C:\Windows\System\DFIVOWl.exe
  C:\Windows\System\DFIVOWl.exe
  2⤵
  PID:10912
- C:\Windows\System\dVIlDdZ.exe
  C:\Windows\System\dVIlDdZ.exe
  2⤵
  PID:11152
- C:\Windows\System\fhQGIyI.exe
  C:\Windows\System\fhQGIyI.exe
  2⤵
  PID:10688
- C:\Windows\System\efyvBBA.exe
  C:\Windows\System\efyvBBA.exe
  2⤵
  PID:11032
- C:\Windows\System\SbGScYy.exe
  C:\Windows\System\SbGScYy.exe
  2⤵
  PID:11008
- C:\Windows\System\qRRQfXb.exe
  C:\Windows\System\qRRQfXb.exe
  2⤵
  PID:11296
- C:\Windows\System\YnujXex.exe
  C:\Windows\System\YnujXex.exe
  2⤵
  PID:11324
- C:\Windows\System\TMMdIBa.exe
  C:\Windows\System\TMMdIBa.exe
  2⤵
  PID:11340
- C:\Windows\System\qfSKWHF.exe
  C:\Windows\System\qfSKWHF.exe
  2⤵
  PID:11368
- C:\Windows\System\AsKnpRV.exe
  C:\Windows\System\AsKnpRV.exe
  2⤵
  PID:11396
- C:\Windows\System\IqUZjGw.exe
  C:\Windows\System\IqUZjGw.exe
  2⤵
  PID:11432
- C:\Windows\System\FMZSuSM.exe
  C:\Windows\System\FMZSuSM.exe
  2⤵
  PID:11456
- C:\Windows\System\tXMRPwF.exe
  C:\Windows\System\tXMRPwF.exe
  2⤵
  PID:11480
- C:\Windows\System\BnMymAq.exe
  C:\Windows\System\BnMymAq.exe
  2⤵
  PID:11508
- C:\Windows\System\fpbHDxl.exe
  C:\Windows\System\fpbHDxl.exe
  2⤵
  PID:11536
- C:\Windows\System\lWopYLa.exe
  C:\Windows\System\lWopYLa.exe
  2⤵
  PID:11564
- C:\Windows\System\MtxeFHq.exe
  C:\Windows\System\MtxeFHq.exe
  2⤵
  PID:11596
- C:\Windows\System\SxTkjeX.exe
  C:\Windows\System\SxTkjeX.exe
  2⤵
  PID:11624
- C:\Windows\System\TbrVExf.exe
  C:\Windows\System\TbrVExf.exe
  2⤵
  PID:11652
- C:\Windows\System\kmkDBml.exe
  C:\Windows\System\kmkDBml.exe
  2⤵
  PID:11680
- C:\Windows\System\bWejlDk.exe
  C:\Windows\System\bWejlDk.exe
  2⤵
  PID:11712
- C:\Windows\System\mQVtYhF.exe
  C:\Windows\System\mQVtYhF.exe
  2⤵
  PID:11744
- C:\Windows\System\YqAeaFl.exe
  C:\Windows\System\YqAeaFl.exe
  2⤵
  PID:11780
- C:\Windows\System\srxVNQD.exe
  C:\Windows\System\srxVNQD.exe
  2⤵
  PID:11812
- C:\Windows\System\owYNjXY.exe
  C:\Windows\System\owYNjXY.exe
  2⤵
  PID:11856
- C:\Windows\System\gQvPCbr.exe
  C:\Windows\System\gQvPCbr.exe
  2⤵
  PID:11912
- C:\Windows\System\DaZBSqd.exe
  C:\Windows\System\DaZBSqd.exe
  2⤵
  PID:11940
- C:\Windows\System\lmYTLZY.exe
  C:\Windows\System\lmYTLZY.exe
  2⤵
  PID:11960
- C:\Windows\System\PMzyjZF.exe
  C:\Windows\System\PMzyjZF.exe
  2⤵
  PID:11988
- C:\Windows\System\RocIuEx.exe
  C:\Windows\System\RocIuEx.exe
  2⤵
  PID:12040
- C:\Windows\System\SHtnujm.exe
  C:\Windows\System\SHtnujm.exe
  2⤵
  PID:12076
- C:\Windows\System\GAcaNQX.exe
  C:\Windows\System\GAcaNQX.exe
  2⤵
  PID:12104
- C:\Windows\System\PRnRkPu.exe
  C:\Windows\System\PRnRkPu.exe
  2⤵
  PID:12124
- C:\Windows\System\whBMORv.exe
  C:\Windows\System\whBMORv.exe
  2⤵
  PID:12152
- C:\Windows\System\encaqDe.exe
  C:\Windows\System\encaqDe.exe
  2⤵
  PID:12180
- C:\Windows\System\xOqoSKc.exe
  C:\Windows\System\xOqoSKc.exe
  2⤵
  PID:12212
- C:\Windows\System\wDWzcnr.exe
  C:\Windows\System\wDWzcnr.exe
  2⤵
  PID:12236
- C:\Windows\System\Qwvaarl.exe
  C:\Windows\System\Qwvaarl.exe
  2⤵
  PID:12272
- C:\Windows\System\RNGGXsh.exe
  C:\Windows\System\RNGGXsh.exe
  2⤵
  PID:11272
- C:\Windows\System\wTAyttE.exe
  C:\Windows\System\wTAyttE.exe
  2⤵
  PID:11352
- C:\Windows\System\EmzCSnD.exe
  C:\Windows\System\EmzCSnD.exe
  2⤵
  PID:10840
- C:\Windows\System\OXzFqAb.exe
  C:\Windows\System\OXzFqAb.exe
  2⤵
  PID:11464
- C:\Windows\System\AlUOVQx.exe
  C:\Windows\System\AlUOVQx.exe
  2⤵
  PID:11528
- C:\Windows\System\hzrXDkh.exe
  C:\Windows\System\hzrXDkh.exe
  2⤵
  PID:11608
- C:\Windows\System\xEdtPUz.exe
  C:\Windows\System\xEdtPUz.exe
  2⤵
  PID:11664
- C:\Windows\System\rmyAFGu.exe
  C:\Windows\System\rmyAFGu.exe
  2⤵
  PID:11704
- C:\Windows\System\bTsRlVc.exe
  C:\Windows\System\bTsRlVc.exe
  2⤵
  PID:11700
- C:\Windows\System\SxDQzPX.exe
  C:\Windows\System\SxDQzPX.exe
  2⤵
  PID:11792
- C:\Windows\System\nDRyDiE.exe
  C:\Windows\System\nDRyDiE.exe
  2⤵
  PID:3456
- C:\Windows\System\yrldjxx.exe
  C:\Windows\System\yrldjxx.exe
  2⤵
  PID:3172
- C:\Windows\System\eXLvusY.exe
  C:\Windows\System\eXLvusY.exe
  2⤵
  PID:1900
- C:\Windows\System\azVqtNV.exe
  C:\Windows\System\azVqtNV.exe
  2⤵
  PID:11900
- C:\Windows\System\JPSviWk.exe
  C:\Windows\System\JPSviWk.exe
  2⤵
  PID:11948
- C:\Windows\System\zpcrrTs.exe
  C:\Windows\System\zpcrrTs.exe
  2⤵
  PID:4936
- C:\Windows\System\sDbhBHY.exe
  C:\Windows\System\sDbhBHY.exe
  2⤵
  PID:12004
- C:\Windows\System\cqAmuEm.exe
  C:\Windows\System\cqAmuEm.exe
  2⤵
  PID:4268
- C:\Windows\System\MPlCnpZ.exe
  C:\Windows\System\MPlCnpZ.exe
  2⤵
  PID:1316
- C:\Windows\System\ddvIzVI.exe
  C:\Windows\System\ddvIzVI.exe
  2⤵
  PID:2624
- C:\Windows\System\IGXWuyf.exe
  C:\Windows\System\IGXWuyf.exe
  2⤵
  PID:4592
- C:\Windows\System\wWwSeQN.exe
  C:\Windows\System\wWwSeQN.exe
  2⤵
  PID:4912
- C:\Windows\System\wUVYmQv.exe
  C:\Windows\System\wUVYmQv.exe
  2⤵
  PID:3012
- C:\Windows\System\rzMbyDq.exe
  C:\Windows\System\rzMbyDq.exe
  2⤵
  PID:3692
- C:\Windows\System\TdJrbIo.exe
  C:\Windows\System\TdJrbIo.exe
  2⤵
  PID:4128
- C:\Windows\System\BduHgiA.exe
  C:\Windows\System\BduHgiA.exe
  2⤵
  PID:11896
- C:\Windows\System\iZpivCe.exe
  C:\Windows\System\iZpivCe.exe
  2⤵
  PID:11884
- C:\Windows\System\lrxIKrC.exe
  C:\Windows\System\lrxIKrC.exe
  2⤵
  PID:2704
- C:\Windows\System\rbCgQvV.exe
  C:\Windows\System\rbCgQvV.exe
  2⤵
  PID:12136
- C:\Windows\System\kAmdINu.exe
  C:\Windows\System\kAmdINu.exe
  2⤵
  PID:12172
- C:\Windows\System\PxWIPyX.exe
  C:\Windows\System\PxWIPyX.exe
  2⤵
  PID:12204
- C:\Windows\System\OUEwTdV.exe
  C:\Windows\System\OUEwTdV.exe
  2⤵
  PID:1880
- C:\Windows\System\NAAAFfS.exe
  C:\Windows\System\NAAAFfS.exe
  2⤵
  PID:10256
- C:\Windows\System\uVhRdok.exe
  C:\Windows\System\uVhRdok.exe
  2⤵
  PID:11364
- C:\Windows\System\zpcEORv.exe
  C:\Windows\System\zpcEORv.exe
  2⤵
  PID:2716
- C:\Windows\System\zRIisiz.exe
  C:\Windows\System\zRIisiz.exe
  2⤵
  PID:3240
- C:\Windows\System\phlTGlf.exe
  C:\Windows\System\phlTGlf.exe
  2⤵
  PID:12028
- C:\Windows\System\zHtZOYe.exe
  C:\Windows\System\zHtZOYe.exe
  2⤵
  PID:11772
- C:\Windows\System\THlzxux.exe
  C:\Windows\System\THlzxux.exe
  2⤵
  PID:11280
- C:\Windows\System\VjZzAfN.exe
  C:\Windows\System\VjZzAfN.exe
  2⤵
  PID:5064
- C:\Windows\System\nYPRAwX.exe
  C:\Windows\System\nYPRAwX.exe
  2⤵
  PID:1260
- C:\Windows\System\PHxecah.exe
  C:\Windows\System\PHxecah.exe
  2⤵
  PID:11952
- C:\Windows\System\brPNZOi.exe
  C:\Windows\System\brPNZOi.exe
  2⤵
  PID:1704
- C:\Windows\System\ZqXdvYe.exe
  C:\Windows\System\ZqXdvYe.exe
  2⤵
  PID:1144
- C:\Windows\System\YebMIno.exe
  C:\Windows\System\YebMIno.exe
  2⤵
  PID:2312
- C:\Windows\System\BnvodXV.exe
  C:\Windows\System\BnvodXV.exe
  2⤵
  PID:2356
- C:\Windows\System\xexeowa.exe
  C:\Windows\System\xexeowa.exe
  2⤵
  PID:3168
- C:\Windows\System\mRpLPxr.exe
  C:\Windows\System\mRpLPxr.exe
  2⤵
  PID:5136
- C:\Windows\System\AeDyvfW.exe
  C:\Windows\System\AeDyvfW.exe
  2⤵
  PID:3732
- C:\Windows\System\OjNnryf.exe
  C:\Windows\System\OjNnryf.exe
  2⤵
  PID:11876
- C:\Windows\System\yOpTUFn.exe
  C:\Windows\System\yOpTUFn.exe
  2⤵
  PID:5252
- C:\Windows\System\vABZgEE.exe
  C:\Windows\System\vABZgEE.exe
  2⤵
  PID:3696
- C:\Windows\System\cpXqneH.exe
  C:\Windows\System\cpXqneH.exe
  2⤵
  PID:12284
- C:\Windows\System\tgFMnvS.exe
  C:\Windows\System\tgFMnvS.exe
  2⤵
  PID:5376
- C:\Windows\System\RXjOXev.exe
  C:\Windows\System\RXjOXev.exe
  2⤵
  PID:3888
- C:\Windows\System\kbbXYip.exe
  C:\Windows\System\kbbXYip.exe
  2⤵
  PID:5476
- C:\Windows\System\GsdvimY.exe
  C:\Windows\System\GsdvimY.exe
  2⤵
  PID:11740
- C:\Windows\System\NrEYGyu.exe
  C:\Windows\System\NrEYGyu.exe
  2⤵
  PID:2828
- C:\Windows\System\IvDEpTI.exe
  C:\Windows\System\IvDEpTI.exe
  2⤵
  PID:5588
- C:\Windows\System\XvvhCgm.exe
  C:\Windows\System\XvvhCgm.exe
  2⤵
  PID:11836
- C:\Windows\System\OxHnLBk.exe
  C:\Windows\System\OxHnLBk.exe
  2⤵
  PID:3824
- C:\Windows\System\HudbNOz.exe
  C:\Windows\System\HudbNOz.exe
  2⤵
  PID:5704
- C:\Windows\System\DfcZtkQ.exe
  C:\Windows\System\DfcZtkQ.exe
  2⤵
  PID:4236
- C:\Windows\System\PuqXGhA.exe
  C:\Windows\System\PuqXGhA.exe
  2⤵
  PID:12052
- C:\Windows\System\wThaXbU.exe
  C:\Windows\System\wThaXbU.exe
  2⤵
  PID:5784
- C:\Windows\System\PXewPNb.exe
  C:\Windows\System\PXewPNb.exe
  2⤵
  PID:2788
- C:\Windows\System\CBDEcTL.exe
  C:\Windows\System\CBDEcTL.exe
  2⤵
  PID:11308
- C:\Windows\System\rxQkAnp.exe
  C:\Windows\System\rxQkAnp.exe
  2⤵
  PID:5404
- C:\Windows\System\XbgYeKE.exe
  C:\Windows\System\XbgYeKE.exe
  2⤵
  PID:1596
- C:\Windows\System\cvlVpgJ.exe
  C:\Windows\System\cvlVpgJ.exe
  2⤵
  PID:5964
- C:\Windows\System\HACCqyA.exe
  C:\Windows\System\HACCqyA.exe
  2⤵
  PID:5584
- C:\Windows\System\IDEktuH.exe
  C:\Windows\System\IDEktuH.exe
  2⤵
  PID:3768
- C:\Windows\System\mEjVuMP.exe
  C:\Windows\System\mEjVuMP.exe
  2⤵
  PID:2936
- C:\Windows\System\GTvlzNM.exe
  C:\Windows\System\GTvlzNM.exe
  2⤵
  PID:5816
- C:\Windows\System\lkSWLJk.exe
  C:\Windows\System\lkSWLJk.exe
  2⤵
  PID:60
- C:\Windows\System\skdFszC.exe
  C:\Windows\System\skdFszC.exe
  2⤵
  PID:5932
- C:\Windows\System\rFHYzHy.exe
  C:\Windows\System\rFHYzHy.exe
  2⤵
  PID:11820
- C:\Windows\System\KTzBROV.exe
  C:\Windows\System\KTzBROV.exe
  2⤵
  PID:5748
- C:\Windows\System\lgrHwWS.exe
  C:\Windows\System\lgrHwWS.exe
  2⤵
  PID:5848
- C:\Windows\System\iNEKaEy.exe
  C:\Windows\System\iNEKaEy.exe
  2⤵
  PID:6036
- C:\Windows\System\MYYktZT.exe
  C:\Windows\System\MYYktZT.exe
  2⤵
  PID:5500
- C:\Windows\System\iuoGZrA.exe
  C:\Windows\System\iuoGZrA.exe
  2⤵
  PID:5368
- C:\Windows\System\elPTdhK.exe
  C:\Windows\System\elPTdhK.exe
  2⤵
  PID:5992
- C:\Windows\System\uTcKcRI.exe
  C:\Windows\System\uTcKcRI.exe
  2⤵
  PID:6168
- C:\Windows\System\zXLQmll.exe
  C:\Windows\System\zXLQmll.exe
  2⤵
  PID:5380
- C:\Windows\System\hVPnEgG.exe
  C:\Windows\System\hVPnEgG.exe
  2⤵
  PID:6116
- C:\Windows\System\xDBTCNj.exe
  C:\Windows\System\xDBTCNj.exe
  2⤵
  PID:6260
- C:\Windows\System\GbUOHXU.exe
  C:\Windows\System\GbUOHXU.exe
  2⤵
  PID:5792
- C:\Windows\System\mBGMjGq.exe
  C:\Windows\System\mBGMjGq.exe
  2⤵
  PID:12312
- C:\Windows\System\vBUFwqL.exe
  C:\Windows\System\vBUFwqL.exe
  2⤵
  PID:12332
- C:\Windows\System\SjQicCA.exe
  C:\Windows\System\SjQicCA.exe
  2⤵
  PID:12360
- C:\Windows\System\sRDHbbP.exe
  C:\Windows\System\sRDHbbP.exe
  2⤵
  PID:12404
- C:\Windows\System\PdiUDCV.exe
  C:\Windows\System\PdiUDCV.exe
  2⤵
  PID:12432
- C:\Windows\System\VmdRMJa.exe
  C:\Windows\System\VmdRMJa.exe
  2⤵
  PID:12480
- C:\Windows\System\juonYDU.exe
  C:\Windows\System\juonYDU.exe
  2⤵
  PID:12496
- C:\Windows\System\rcDHLGl.exe
  C:\Windows\System\rcDHLGl.exe
  2⤵
  PID:12524
- C:\Windows\System\lCJMuQc.exe
  C:\Windows\System\lCJMuQc.exe
  2⤵
  PID:12552
- C:\Windows\System\pqbpUFV.exe
  C:\Windows\System\pqbpUFV.exe
  2⤵
  PID:12580
- C:\Windows\System\xUeCijf.exe
  C:\Windows\System\xUeCijf.exe
  2⤵
  PID:12612
- C:\Windows\System\SljFFYQ.exe
  C:\Windows\System\SljFFYQ.exe
  2⤵
  PID:12644
- C:\Windows\System\StwOuhJ.exe
  C:\Windows\System\StwOuhJ.exe
  2⤵
  PID:12676
- C:\Windows\System\AvfqClx.exe
  C:\Windows\System\AvfqClx.exe
  2⤵
  PID:12720
- C:\Windows\System\VLiSwxA.exe
  C:\Windows\System\VLiSwxA.exe
  2⤵
  PID:12748
- C:\Windows\System\kwMWiFN.exe
  C:\Windows\System\kwMWiFN.exe
  2⤵
  PID:12776
- C:\Windows\System\FQeehvf.exe
  C:\Windows\System\FQeehvf.exe
  2⤵
  PID:12804
- C:\Windows\System\lDYXDnG.exe
  C:\Windows\System\lDYXDnG.exe
  2⤵
  PID:12832
- C:\Windows\System\QAfalcH.exe
  C:\Windows\System\QAfalcH.exe
  2⤵
  PID:12872
- C:\Windows\System\szkHxPJ.exe
  C:\Windows\System\szkHxPJ.exe
  2⤵
  PID:12888
- C:\Windows\System\atYrqfI.exe
  C:\Windows\System\atYrqfI.exe
  2⤵
  PID:12924
- C:\Windows\System\AilExoi.exe
  C:\Windows\System\AilExoi.exe
  2⤵
  PID:12944
- C:\Windows\System\ktgemTn.exe
  C:\Windows\System\ktgemTn.exe
  2⤵
  PID:12972
- C:\Windows\System\kgcXiey.exe
  C:\Windows\System\kgcXiey.exe
  2⤵
  PID:13004
- C:\Windows\System\hMygdjQ.exe
  C:\Windows\System\hMygdjQ.exe
  2⤵
  PID:13040
- C:\Windows\System\EuWNcSO.exe
  C:\Windows\System\EuWNcSO.exe
  2⤵
  PID:13060
- C:\Windows\System\mZojIqq.exe
  C:\Windows\System\mZojIqq.exe
  2⤵
  PID:13088
- C:\Windows\System\bMFzEvE.exe
  C:\Windows\System\bMFzEvE.exe
  2⤵
  PID:13116
- C:\Windows\System\ZAyIqnA.exe
  C:\Windows\System\ZAyIqnA.exe
  2⤵
  PID:13144
- C:\Windows\System\roCgHYR.exe
  C:\Windows\System\roCgHYR.exe
  2⤵
  PID:13172
- C:\Windows\System\WGrHEBo.exe
  C:\Windows\System\WGrHEBo.exe
  2⤵
  PID:13200
- C:\Windows\System\QscoWNx.exe
  C:\Windows\System\QscoWNx.exe
  2⤵
  PID:13228
- C:\Windows\System\hXRKOgO.exe
  C:\Windows\System\hXRKOgO.exe
  2⤵
  PID:13256
- C:\Windows\System\VdJPaVE.exe
  C:\Windows\System\VdJPaVE.exe
  2⤵
  PID:13284
- C:\Windows\System\ncqpaXC.exe
  C:\Windows\System\ncqpaXC.exe
  2⤵
  PID:6316
- C:\Windows\System\XJljEIE.exe
  C:\Windows\System\XJljEIE.exe
  2⤵
  PID:6376
- C:\Windows\System\iqDBXlO.exe
  C:\Windows\System\iqDBXlO.exe
  2⤵
  PID:6416
- C:\Windows\System\jQYEYtM.exe
  C:\Windows\System\jQYEYtM.exe
  2⤵
  PID:12424
- C:\Windows\System\FKYMJbT.exe
  C:\Windows\System\FKYMJbT.exe
  2⤵
  PID:6484
- C:\Windows\System\HJQHuWI.exe
  C:\Windows\System\HJQHuWI.exe
  2⤵
  PID:12536
- C:\Windows\System\luQZPmF.exe
  C:\Windows\System\luQZPmF.exe
  2⤵
  PID:12576
- C:\Windows\System\qMISTuq.exe
  C:\Windows\System\qMISTuq.exe
  2⤵
  PID:12628
- C:\Windows\System\tiSFDmB.exe
  C:\Windows\System\tiSFDmB.exe
  2⤵
  PID:12716
- C:\Windows\System\AzGAIEx.exe
  C:\Windows\System\AzGAIEx.exe
  2⤵
  PID:12764
- C:\Windows\System\ewpzyKu.exe
  C:\Windows\System\ewpzyKu.exe
  2⤵
  PID:12796
- C:\Windows\System\isRaPfW.exe
  C:\Windows\System\isRaPfW.exe
  2⤵
  PID:12844
- C:\Windows\System\NEIjnWB.exe
  C:\Windows\System\NEIjnWB.exe
  2⤵
  PID:6136
- C:\Windows\System\wdRWCTm.exe
  C:\Windows\System\wdRWCTm.exe
  2⤵
  PID:5444
- C:\Windows\System\PICPMvP.exe
  C:\Windows\System\PICPMvP.exe
  2⤵
  PID:5436
- C:\Windows\System\WWAbBMp.exe
  C:\Windows\System\WWAbBMp.exe
  2⤵
  PID:5560
- C:\Windows\System\dvmVrPK.exe
  C:\Windows\System\dvmVrPK.exe
  2⤵
  PID:6816
- C:\Windows\System\rdXNkLq.exe
  C:\Windows\System\rdXNkLq.exe
  2⤵
  PID:12940
- C:\Windows\System\wANaTUI.exe
  C:\Windows\System\wANaTUI.exe
  2⤵
  PID:12968
- C:\Windows\System\UBFaJSj.exe
  C:\Windows\System\UBFaJSj.exe
  2⤵
  PID:13024
- C:\Windows\System\GNRXhvG.exe
  C:\Windows\System\GNRXhvG.exe
  2⤵
  PID:13072
- C:\Windows\System\gPnLRQe.exe
  C:\Windows\System\gPnLRQe.exe
  2⤵
  PID:7016
- C:\Windows\System\PrlCZEc.exe
  C:\Windows\System\PrlCZEc.exe
  2⤵
  PID:13140
- C:\Windows\System\shOOzMM.exe
  C:\Windows\System\shOOzMM.exe
  2⤵
  PID:7100
- C:\Windows\System\PFwCDBU.exe
  C:\Windows\System\PFwCDBU.exe
  2⤵
  PID:13220
- C:\Windows\System\EdGVvWE.exe
  C:\Windows\System\EdGVvWE.exe
  2⤵
  PID:13304
- C:\Windows\System\GEAyQdF.exe
  C:\Windows\System\GEAyQdF.exe
  2⤵
  PID:6216
- C:\Windows\System\cdNKuDf.exe
  C:\Windows\System\cdNKuDf.exe
  2⤵
  PID:6300
- C:\Windows\System\rtiqYwt.exe
  C:\Windows\System\rtiqYwt.exe
  2⤵
  PID:12412
- C:\Windows\System\QtrXPXv.exe
  C:\Windows\System\QtrXPXv.exe
  2⤵
  PID:6520
- C:\Windows\System\gaNknUZ.exe
  C:\Windows\System\gaNknUZ.exe
  2⤵
  PID:3272
- C:\Windows\System\pxLMzsI.exe
  C:\Windows\System\pxLMzsI.exe
  2⤵
  PID:12712
- C:\Windows\System\AiXoltr.exe
  C:\Windows\System\AiXoltr.exe
  2⤵
  PID:6672
- C:\Windows\System\AmyHJka.exe
  C:\Windows\System\AmyHJka.exe
  2⤵
  PID:3808
- C:\Windows\System\cGHfcOY.exe
  C:\Windows\System\cGHfcOY.exe
  2⤵
  PID:6044
- C:\Windows\System\ADLMXsH.exe
  C:\Windows\System\ADLMXsH.exe
  2⤵
  PID:12852
- C:\Windows\System\IiCSTMH.exe
  C:\Windows\System\IiCSTMH.exe
  2⤵
  PID:6892
- C:\Windows\System\vXoErvS.exe
  C:\Windows\System\vXoErvS.exe
  2⤵
  PID:12880
- C:\Windows\System\YylOIZv.exe
  C:\Windows\System\YylOIZv.exe
  2⤵
  PID:6844
- C:\Windows\System\giaOhoi.exe
  C:\Windows\System\giaOhoi.exe
  2⤵
  PID:6212
- C:\Windows\System\ZFDmiYL.exe
  C:\Windows\System\ZFDmiYL.exe
  2⤵
  PID:13056
- C:\Windows\System\hJQtkDF.exe
  C:\Windows\System\hJQtkDF.exe
  2⤵
  PID:6420
- C:\Windows\System\vooZdsS.exe
  C:\Windows\System\vooZdsS.exe
  2⤵
  PID:13196
- C:\Windows\System\SlleeqB.exe
  C:\Windows\System\SlleeqB.exe
  2⤵
  PID:3216
- C:\Windows\System\keQheVz.exe
  C:\Windows\System\keQheVz.exe
  2⤵
  PID:6840
- C:\Windows\System\VPzkVbq.exe
  C:\Windows\System\VPzkVbq.exe
  2⤵
  PID:7020
- C:\Windows\System\lKwiSiv.exe
  C:\Windows\System\lKwiSiv.exe
  2⤵
  PID:6460
- C:\Windows\System\OfYVMdW.exe
  C:\Windows\System\OfYVMdW.exe
  2⤵
  PID:13268
- C:\Windows\System\nduehSh.exe
  C:\Windows\System\nduehSh.exe
  2⤵
  PID:2972
- C:\Windows\System\rvOadXC.exe
  C:\Windows\System\rvOadXC.exe
  2⤵
  PID:6744
- C:\Windows\System\HfqrCxa.exe
  C:\Windows\System\HfqrCxa.exe
  2⤵
  PID:7052
- C:\Windows\System\uHaLhgw.exe
  C:\Windows\System\uHaLhgw.exe
  2⤵
  PID:6788
- C:\Windows\System\yTRuZLj.exe
  C:\Windows\System\yTRuZLj.exe
  2⤵
  PID:4200
- C:\Windows\System\RJnSNtC.exe
  C:\Windows\System\RJnSNtC.exe
  2⤵
  PID:7160
- C:\Windows\System\pcsRTMz.exe
  C:\Windows\System\pcsRTMz.exe
  2⤵
  PID:7056
- C:\Windows\System\WZMICww.exe
  C:\Windows\System\WZMICww.exe
  2⤵
  PID:7164
- C:\Windows\System\sJnGQEb.exe
  C:\Windows\System\sJnGQEb.exe
  2⤵
  PID:6244
- C:\Windows\System\iUeTZfv.exe
  C:\Windows\System\iUeTZfv.exe
  2⤵
  PID:7320
- C:\Windows\System\yjGyQCE.exe
  C:\Windows\System\yjGyQCE.exe
  2⤵
  PID:12564
- C:\Windows\System\rFJePxJ.exe
  C:\Windows\System\rFJePxJ.exe
  2⤵
  PID:1752
- C:\Windows\System\fwVZnxd.exe
  C:\Windows\System\fwVZnxd.exe
  2⤵
  PID:7460
- C:\Windows\System\iCEZNXK.exe
  C:\Windows\System\iCEZNXK.exe
  2⤵
  PID:6984
- C:\Windows\System\ejEgyFW.exe
  C:\Windows\System\ejEgyFW.exe
  2⤵
  PID:7512
- C:\Windows\System\prvKvlZ.exe
  C:\Windows\System\prvKvlZ.exe
  2⤵
  PID:7236
- C:\Windows\System\ZWMVzCF.exe
  C:\Windows\System\ZWMVzCF.exe
  2⤵
  PID:7656
- C:\Windows\System\XedxrWF.exe
  C:\Windows\System\XedxrWF.exe
  2⤵
  PID:7672
- C:\Windows\System\bTZThmn.exe
  C:\Windows\System\bTZThmn.exe
  2⤵
  PID:7732
- C:\Windows\System\NfKkIBd.exe
  C:\Windows\System\NfKkIBd.exe
  2⤵
  PID:7752
- C:\Windows\System\oUdEnvy.exe
  C:\Windows\System\oUdEnvy.exe
  2⤵
  PID:13000
- C:\Windows\System\qChterl.exe
  C:\Windows\System\qChterl.exe
  2⤵
  PID:13252
- C:\Windows\System\oveaHsK.exe
  C:\Windows\System\oveaHsK.exe
  2⤵
  PID:7872
- C:\Windows\System\KEXptZc.exe
  C:\Windows\System\KEXptZc.exe
  2⤵
  PID:7696
- C:\Windows\System\GUgoZJQ.exe
  C:\Windows\System\GUgoZJQ.exe
  2⤵
  PID:864
- C:\Windows\System\yFxkaeB.exe
  C:\Windows\System\yFxkaeB.exe
  2⤵
  PID:7788
- C:\Windows\System\RwvDgjL.exe
  C:\Windows\System\RwvDgjL.exe
  2⤵
  PID:8040
- C:\Windows\System\hPMlJaA.exe
  C:\Windows\System\hPMlJaA.exe
  2⤵
  PID:8140
- C:\Windows\System\srTlmzZ.exe
  C:\Windows\System\srTlmzZ.exe
  2⤵
  PID:3156
- C:\Windows\System\eJpjGXm.exe
  C:\Windows\System\eJpjGXm.exe
  2⤵
  PID:7896
- C:\Windows\System\GpkMdtg.exe
  C:\Windows\System\GpkMdtg.exe
  2⤵
  PID:7260
- C:\Windows\System\ijzCJZx.exe
  C:\Windows\System\ijzCJZx.exe
  2⤵
  PID:8028
- C:\Windows\System\jfNiXRp.exe
  C:\Windows\System\jfNiXRp.exe
  2⤵
  PID:8084
- C:\Windows\System\TRWNNkZ.exe
  C:\Windows\System\TRWNNkZ.exe
  2⤵
  PID:5084
- C:\Windows\System\qyfosXY.exe
  C:\Windows\System\qyfosXY.exe
  2⤵
  PID:7204
- C:\Windows\System\tRRmKDy.exe
  C:\Windows\System\tRRmKDy.exe
  2⤵
  PID:7364
- C:\Windows\System\ixITLKO.exe
  C:\Windows\System\ixITLKO.exe
  2⤵
  PID:2592
- C:\Windows\System\LSkPhHy.exe
  C:\Windows\System\LSkPhHy.exe
  2⤵
  PID:8188
- C:\Windows\System\kfUiJqy.exe
  C:\Windows\System\kfUiJqy.exe
  2⤵
  PID:2904
- C:\Windows\System\HUxYjHg.exe
  C:\Windows\System\HUxYjHg.exe
  2⤵
  PID:7496
- C:\Windows\System\WqMAeEr.exe
  C:\Windows\System\WqMAeEr.exe
  2⤵
  PID:8152
- C:\Windows\System\FnKdEhD.exe
  C:\Windows\System\FnKdEhD.exe
  2⤵
  PID:8148
- C:\Windows\System\pNnVpiZ.exe
  C:\Windows\System\pNnVpiZ.exe
  2⤵
  PID:3108
- C:\Windows\System\BXuEQim.exe
  C:\Windows\System\BXuEQim.exe
  2⤵
  PID:7636
- C:\Windows\System\szEOFlb.exe
  C:\Windows\System\szEOFlb.exe
  2⤵
  PID:8116
- C:\Windows\System\fQtuoDj.exe
  C:\Windows\System\fQtuoDj.exe
  2⤵
  PID:4804
- C:\Windows\System\bCYTYlZ.exe
  C:\Windows\System\bCYTYlZ.exe
  2⤵
  PID:8160
- C:\Windows\System\jtwAPIt.exe
  C:\Windows\System\jtwAPIt.exe
  2⤵
  PID:7556
- C:\Windows\System\djhtCAn.exe
  C:\Windows\System\djhtCAn.exe
  2⤵
  PID:6552
- C:\Windows\System\Zjigqjl.exe
  C:\Windows\System\Zjigqjl.exe
  2⤵
  PID:7728
- C:\Windows\System\UjFcaou.exe
  C:\Windows\System\UjFcaou.exe
  2⤵
  PID:7804
- C:\Windows\System\dFItevp.exe
  C:\Windows\System\dFItevp.exe
  2⤵
  PID:960
- C:\Windows\System\JLymscl.exe
  C:\Windows\System\JLymscl.exe
  2⤵
  PID:2552
- C:\Windows\System\xatsXsX.exe
  C:\Windows\System\xatsXsX.exe
  2⤵
  PID:13336
- C:\Windows\System\kINPnlv.exe
  C:\Windows\System\kINPnlv.exe
  2⤵
  PID:13364
- C:\Windows\System\DCqzkkR.exe
  C:\Windows\System\DCqzkkR.exe
  2⤵
  PID:13392
- C:\Windows\System\IAvAXVc.exe
  C:\Windows\System\IAvAXVc.exe
  2⤵
  PID:13420
- C:\Windows\System\hYdeqdw.exe
  C:\Windows\System\hYdeqdw.exe
  2⤵
  PID:13456
- C:\Windows\System\JmEBGsf.exe
  C:\Windows\System\JmEBGsf.exe
  2⤵
  PID:13476
- C:\Windows\System\LNGouPa.exe
  C:\Windows\System\LNGouPa.exe
  2⤵
  PID:13504
- C:\Windows\System\ehEqWYw.exe
  C:\Windows\System\ehEqWYw.exe
  2⤵
  PID:13532
- C:\Windows\System\okNwnlV.exe
  C:\Windows\System\okNwnlV.exe
  2⤵
  PID:13560
- C:\Windows\System\kORdYIp.exe
  C:\Windows\System\kORdYIp.exe
  2⤵
  PID:13588
- C:\Windows\System\kXBEzBq.exe
  C:\Windows\System\kXBEzBq.exe
  2⤵
  PID:13620
- C:\Windows\System\wZRpVwE.exe
  C:\Windows\System\wZRpVwE.exe
  2⤵
  PID:13660
- C:\Windows\System\qHCdzOf.exe
  C:\Windows\System\qHCdzOf.exe
  2⤵
  PID:13680
- C:\Windows\System\VwdsItJ.exe
  C:\Windows\System\VwdsItJ.exe
  2⤵
  PID:13704
- C:\Windows\System\GyykmoA.exe
  C:\Windows\System\GyykmoA.exe
  2⤵
  PID:13740
- C:\Windows\System\ZOjjLND.exe
  C:\Windows\System\ZOjjLND.exe
  2⤵
  PID:13764
- C:\Windows\System\DDwnAxb.exe
  C:\Windows\System\DDwnAxb.exe
  2⤵
  PID:13788
- C:\Windows\System\fFlQJws.exe
  C:\Windows\System\fFlQJws.exe
  2⤵
  PID:13824
- C:\Windows\System\JYUcvEJ.exe
  C:\Windows\System\JYUcvEJ.exe
  2⤵
  PID:13856
- C:\Windows\System\cUdbNJt.exe
  C:\Windows\System\cUdbNJt.exe
  2⤵
  PID:13884
- C:\Windows\System\hXrPNQK.exe
  C:\Windows\System\hXrPNQK.exe
  2⤵
  PID:13908
- C:\Windows\System\neLRXCH.exe
  C:\Windows\System\neLRXCH.exe
  2⤵
  PID:13944
- C:\Windows\System\VwYzQCa.exe
  C:\Windows\System\VwYzQCa.exe
  2⤵
  PID:13960
- C:\Windows\System\lCkPJyc.exe
  C:\Windows\System\lCkPJyc.exe
  2⤵
  PID:13988
- C:\Windows\System\fewEYYV.exe
  C:\Windows\System\fewEYYV.exe
  2⤵
  PID:14020
- C:\Windows\System\tZngDHv.exe
  C:\Windows\System\tZngDHv.exe
  2⤵
  PID:14044
- C:\Windows\System\ZMqOnYp.exe
  C:\Windows\System\ZMqOnYp.exe
  2⤵
  PID:14072
- C:\Windows\System\oyNrQom.exe
  C:\Windows\System\oyNrQom.exe
  2⤵
  PID:14100
- C:\Windows\System\ALCxxyC.exe
  C:\Windows\System\ALCxxyC.exe
  2⤵
  PID:14132
- C:\Windows\System\fcvuBhb.exe
  C:\Windows\System\fcvuBhb.exe
  2⤵
  PID:14160
- C:\Windows\System\hoPTLEs.exe
  C:\Windows\System\hoPTLEs.exe
  2⤵
  PID:14188
- C:\Windows\System\PuHcPtY.exe
  C:\Windows\System\PuHcPtY.exe
  2⤵
  PID:14228
- C:\Windows\System\PIZKefc.exe
  C:\Windows\System\PIZKefc.exe
  2⤵
  PID:14252
- C:\Windows\System\WiSGbeN.exe
  C:\Windows\System\WiSGbeN.exe
  2⤵
  PID:14280
- C:\Windows\System\pbshVSp.exe
  C:\Windows\System\pbshVSp.exe
  2⤵
  PID:14300
- C:\Windows\System\ivSGMoM.exe
  C:\Windows\System\ivSGMoM.exe
  2⤵
  PID:8024
- C:\Windows\System\XuVRPis.exe
  C:\Windows\System\XuVRPis.exe
  2⤵
  PID:13332
- C:\Windows\System\tRrfgqn.exe
  C:\Windows\System\tRrfgqn.exe
  2⤵
  PID:13384
- C:\Windows\System\zrrvANc.exe
  C:\Windows\System\zrrvANc.exe
  2⤵
  PID:7888
- C:\Windows\System\OanXjag.exe
  C:\Windows\System\OanXjag.exe
  2⤵
  PID:13444
- C:\Windows\System\qytHLuj.exe
  C:\Windows\System\qytHLuj.exe
  2⤵
  PID:13496
- C:\Windows\System\jftsGPa.exe
  C:\Windows\System\jftsGPa.exe
  2⤵
  PID:8428
- C:\Windows\System\mxKpboI.exe
  C:\Windows\System\mxKpboI.exe
  2⤵
  PID:8452
- C:\Windows\System\jxHyrPE.exe
  C:\Windows\System\jxHyrPE.exe
  2⤵
  PID:13604
- C:\Windows\System\CtqvorH.exe
  C:\Windows\System\CtqvorH.exe
  2⤵
  PID:8516
- C:\Windows\System\sHrvDfM.exe
  C:\Windows\System\sHrvDfM.exe
  2⤵
  PID:13672
- C:\Windows\System\YeBgKeW.exe
  C:\Windows\System\YeBgKeW.exe
  2⤵
  PID:8596
- C:\Windows\System\jhFZAvR.exe
  C:\Windows\System\jhFZAvR.exe
  2⤵
  PID:8660
- C:\Windows\System\hvlWEyY.exe
  C:\Windows\System\hvlWEyY.exe
  2⤵
  PID:13784
- C:\Windows\System\qVrJxAx.exe
  C:\Windows\System\qVrJxAx.exe
  2⤵
  PID:8768
- C:\Windows\System\JyBOQzK.exe
  C:\Windows\System\JyBOQzK.exe
  2⤵
  PID:13840
- C:\Windows\System\bZEVVqf.exe
  C:\Windows\System\bZEVVqf.exe
  2⤵
  PID:13872
- C:\Windows\System\roGNjdh.exe
  C:\Windows\System\roGNjdh.exe
  2⤵
  PID:13924
- C:\Windows\System\FpPgPpE.exe
  C:\Windows\System\FpPgPpE.exe
  2⤵
  PID:13952
- C:\Windows\System\dzHMyNm.exe
  C:\Windows\System\dzHMyNm.exe
  2⤵
  PID:8984
- C:\Windows\System\uNbXUsk.exe
  C:\Windows\System\uNbXUsk.exe
  2⤵
  PID:9024
- C:\Windows\System\RJudorQ.exe
  C:\Windows\System\RJudorQ.exe
  2⤵
  PID:9076
- C:\Windows\System\FXRJsmj.exe
  C:\Windows\System\FXRJsmj.exe
  2⤵
  PID:14092
- C:\Windows\System\doagONx.exe
  C:\Windows\System\doagONx.exe
  2⤵
  PID:9172
- C:\Windows\System\zaeFEiA.exe
  C:\Windows\System\zaeFEiA.exe
  2⤵
  PID:9196
- C:\Windows\System\RsLuZMz.exe
  C:\Windows\System\RsLuZMz.exe
  2⤵
  PID:14208
- C:\Windows\System\BXIFDYo.exe
  C:\Windows\System\BXIFDYo.exe
  2⤵
  PID:8416
- C:\Windows\System\FBtRmiZ.exe
  C:\Windows\System\FBtRmiZ.exe
  2⤵
  PID:14268
- C:\Windows\System\tfGmnNL.exe
  C:\Windows\System\tfGmnNL.exe
  2⤵
  PID:14296
- C:\Windows\System\hTEyUcm.exe
  C:\Windows\System\hTEyUcm.exe
  2⤵
  PID:8216
- C:\Windows\System\icjSthk.exe
  C:\Windows\System\icjSthk.exe
  2⤵
  PID:13360
- C:\Windows\System\SNLuVNP.exe
  C:\Windows\System\SNLuVNP.exe
  2⤵
  PID:8872
- C:\Windows\System\VdWSEeb.exe
  C:\Windows\System\VdWSEeb.exe
  2⤵
  PID:8288
- C:\Windows\System\wXobJoH.exe
  C:\Windows\System\wXobJoH.exe
  2⤵
  PID:13488
- C:\Windows\System\GEGdJeK.exe
  C:\Windows\System\GEGdJeK.exe
  2⤵
  PID:9200
- C:\Windows\System\qOTlKMw.exe
  C:\Windows\System\qOTlKMw.exe
  2⤵
  PID:8248
- C:\Windows\System\hMsaRsV.exe
  C:\Windows\System\hMsaRsV.exe
  2⤵
  PID:8472
- C:\Windows\System\xKdbaSY.exe
  C:\Windows\System\xKdbaSY.exe
  2⤵
  PID:8624
- C:\Windows\System\cTWmxmX.exe
  C:\Windows\System\cTWmxmX.exe
  2⤵
  PID:8988
- C:\Windows\System\XerENTE.exe
  C:\Windows\System\XerENTE.exe
  2⤵
  PID:13748
- C:\Windows\System\rdnyOdV.exe
  C:\Windows\System\rdnyOdV.exe
  2⤵
  PID:8680
- C:\Windows\System\hHuEwpz.exe
  C:\Windows\System\hHuEwpz.exe
  2⤵
  PID:13812
- C:\Windows\System\fiqRhiG.exe
  C:\Windows\System\fiqRhiG.exe
  2⤵
  PID:8796
- C:\Windows\System\EWSbSos.exe
  C:\Windows\System\EWSbSos.exe
  2⤵
  PID:8312
- C:\Windows\System\YbmMSUp.exe
  C:\Windows\System\YbmMSUp.exe
  2⤵
  PID:8940
- C:\Windows\System\UGoPMAt.exe
  C:\Windows\System\UGoPMAt.exe
  2⤵
  PID:9316
- C:\Windows\System\LcReszV.exe
  C:\Windows\System\LcReszV.exe
  2⤵
  PID:9336
- C:\Windows\System\PPgUqBV.exe
  C:\Windows\System\PPgUqBV.exe
  2⤵
  PID:9392
- C:\Windows\System\GQZfNRT.exe
  C:\Windows\System\GQZfNRT.exe
  2⤵
  PID:9108
- C:\Windows\System\haqzLUL.exe
  C:\Windows\System\haqzLUL.exe
  2⤵
  PID:9492
- C:\Windows\System\lwqBpkS.exe
  C:\Windows\System\lwqBpkS.exe
  2⤵
  PID:9540
- C:\Windows\System\RMSbgrp.exe
  C:\Windows\System\RMSbgrp.exe
  2⤵
  PID:8360
- C:\Windows\System\mYPqBmX.exe
  C:\Windows\System\mYPqBmX.exe
  2⤵
  PID:8468
- C:\Windows\System\RgOBOqF.exe
  C:\Windows\System\RgOBOqF.exe
  2⤵
  PID:14292
- C:\Windows\System\FxIWbHt.exe
  C:\Windows\System\FxIWbHt.exe
  2⤵
  PID:9716
- C:\Windows\System\Vtjidgt.exe
  C:\Windows\System\Vtjidgt.exe
  2⤵
  PID:7000
- C:\Windows\System\mXqQZyg.exe
  C:\Windows\System\mXqQZyg.exe
  2⤵
  PID:9788
- C:\Windows\System\wLAopDy.exe
  C:\Windows\System\wLAopDy.exe
  2⤵
  PID:8340
- C:\Windows\System\okfaTmy.exe
  C:\Windows\System\okfaTmy.exe
  2⤵
  PID:13516
- C:\Windows\System\EbrETaw.exe
  C:\Windows\System\EbrETaw.exe
  2⤵
  PID:2208
- C:\Windows\System\BIPMqJZ.exe
  C:\Windows\System\BIPMqJZ.exe
  2⤵
  PID:13652
- C:\Windows\System\OwcOHTv.exe
  C:\Windows\System\OwcOHTv.exe
  2⤵
  PID:13668
- C:\Windows\System\JCmhLYp.exe
  C:\Windows\System\JCmhLYp.exe
  2⤵
  PID:9040
- C:\Windows\System\snuRQFJ.exe
  C:\Windows\System\snuRQFJ.exe
  2⤵
  PID:6604
- C:\Windows\System\URHvuXJ.exe
  C:\Windows\System\URHvuXJ.exe
  2⤵
  PID:3224
- C:\Windows\System\FPGzhwL.exe
  C:\Windows\System\FPGzhwL.exe
  2⤵
  PID:8920
- C:\Windows\System\AhnUiiG.exe
  C:\Windows\System\AhnUiiG.exe
  2⤵
  PID:10156
- C:\Windows\System\LtJjaXZ.exe
  C:\Windows\System\LtJjaXZ.exe
  2⤵
  PID:10216
- C:\Windows\System\xMYuSbf.exe
  C:\Windows\System\xMYuSbf.exe
  2⤵
  PID:6668
- C:\Windows\System\kVjVwZd.exe
  C:\Windows\System\kVjVwZd.exe
  2⤵
  PID:9408
- C:\Windows\System\jjNmkJp.exe
  C:\Windows\System\jjNmkJp.exe
  2⤵
  PID:7060
- C:\Windows\System\mOHAkpy.exe
  C:\Windows\System\mOHAkpy.exe
  2⤵
  PID:8480
- C:\Windows\System\xpQBsoJ.exe
  C:\Windows\System\xpQBsoJ.exe
  2⤵
  PID:2432
- C:\Windows\System\xEfpWcp.exe
  C:\Windows\System\xEfpWcp.exe
  2⤵
  PID:9692
- C:\Windows\System\NMYLZtj.exe
  C:\Windows\System\NMYLZtj.exe
  2⤵
  PID:9824
- C:\Windows\System\xpgNTmj.exe
  C:\Windows\System\xpgNTmj.exe
  2⤵
  PID:8456
- C:\Windows\System\YtqvXVv.exe
  C:\Windows\System\YtqvXVv.exe
  2⤵
  PID:10012
- C:\Windows\System\ANlrotz.exe
  C:\Windows\System\ANlrotz.exe
  2⤵
  PID:6568
- C:\Windows\System\rdwOtOF.exe
  C:\Windows\System\rdwOtOF.exe
  2⤵
  PID:4772
- C:\Windows\System\HRaMUVA.exe
  C:\Windows\System\HRaMUVA.exe
  2⤵
  PID:10200
- C:\Windows\System\bOOEbBJ.exe
  C:\Windows\System\bOOEbBJ.exe
  2⤵
  PID:9340
- C:\Windows\System\soUaoHO.exe
  C:\Windows\System\soUaoHO.exe
  2⤵
  PID:9240
- C:\Windows\System\kpIIgyq.exe
  C:\Windows\System\kpIIgyq.exe
  2⤵
  PID:14152
- C:\Windows\System\KwObdPH.exe
  C:\Windows\System\KwObdPH.exe
  2⤵
  PID:9360
- C:\Windows\System\nWYUUoE.exe
  C:\Windows\System\nWYUUoE.exe
  2⤵
  PID:9668
- C:\Windows\System\gvOONeu.exe
  C:\Windows\System\gvOONeu.exe
  2⤵
  PID:8664
- C:\Windows\System\hVSxVDp.exe
  C:\Windows\System\hVSxVDp.exe
  2⤵
  PID:9712
- C:\Windows\System\XzBRPQE.exe
  C:\Windows\System\XzBRPQE.exe
  2⤵
  PID:3560
- C:\Windows\System\oGGwNEq.exe
  C:\Windows\System\oGGwNEq.exe
  2⤵
  PID:13584
- C:\Windows\System\RcOMeCw.exe
  C:\Windows\System\RcOMeCw.exe
  2⤵
  PID:9980
- C:\Windows\System\SXsDeuA.exe
  C:\Windows\System\SXsDeuA.exe
  2⤵
  PID:6392
- C:\Windows\System\iCQcKQl.exe
  C:\Windows\System\iCQcKQl.exe
  2⤵
  PID:10316
- C:\Windows\System\WKUnwHQ.exe
  C:\Windows\System\WKUnwHQ.exe
  2⤵
  PID:13940
- C:\Windows\System\TKTbgQz.exe
  C:\Windows\System\TKTbgQz.exe
  2⤵
  PID:10392
- C:\Windows\System\rtcAzcL.exe
  C:\Windows\System\rtcAzcL.exe
  2⤵
  PID:10448
- C:\Windows\System\mYxEBZB.exe
  C:\Windows\System\mYxEBZB.exe
  2⤵
  PID:9648
- C:\Windows\System\nnMaUWf.exe
  C:\Windows\System\nnMaUWf.exe
  2⤵
  PID:7528
- C:\Windows\System\gBwJnYM.exe
  C:\Windows\System\gBwJnYM.exe
  2⤵
  PID:10560
- C:\Windows\System\wmyraNt.exe
  C:\Windows\System\wmyraNt.exe
  2⤵
  PID:10624
- C:\Windows\System\jMSRTYj.exe
  C:\Windows\System\jMSRTYj.exe
  2⤵
  PID:4472
- C:\Windows\System\EiCgFxJ.exe
  C:\Windows\System\EiCgFxJ.exe
  2⤵
  PID:13900
- C:\Windows\System\oGxApHU.exe
  C:\Windows\System\oGxApHU.exe
  2⤵
  PID:10180
- C:\Windows\System\HSxlLML.exe
  C:\Windows\System\HSxlLML.exe
  2⤵
  PID:10792
- C:\Windows\System\BYqwoOK.exe
  C:\Windows\System\BYqwoOK.exe
  2⤵
  PID:8224
- C:\Windows\System\UMsCSyS.exe
  C:\Windows\System\UMsCSyS.exe
  2⤵
  PID:10440
- C:\Windows\System\hqYsTLZ.exe
  C:\Windows\System\hqYsTLZ.exe
  2⤵
  PID:10928
- C:\Windows\System\gnzfrFG.exe
  C:\Windows\System\gnzfrFG.exe
  2⤵
  PID:10588
- C:\Windows\System\fvsBPzy.exe
  C:\Windows\System\fvsBPzy.exe
  2⤵
  PID:9948
- C:\Windows\System\rpGbUlC.exe
  C:\Windows\System\rpGbUlC.exe
  2⤵
  PID:11076
- C:\Windows\System\qQgKXHZ.exe
  C:\Windows\System\qQgKXHZ.exe
  2⤵
  PID:7360
- C:\Windows\System\dsYLyHM.exe
  C:\Windows\System\dsYLyHM.exe
  2⤵
  PID:9632
- C:\Windows\System\alJNznE.exe
  C:\Windows\System\alJNznE.exe
  2⤵
  PID:10876
- C:\Windows\System\alVpOhv.exe
  C:\Windows\System\alVpOhv.exe
  2⤵
  PID:11256
- C:\Windows\System\NcjsbhU.exe
  C:\Windows\System\NcjsbhU.exe
  2⤵
  PID:10352
- C:\Windows\System\aBNhIYv.exe
  C:\Windows\System\aBNhIYv.exe
  2⤵
  PID:10404
- C:\Windows\System\YzfhYvY.exe
  C:\Windows\System\YzfhYvY.exe
  2⤵
  PID:11100
- C:\Windows\System\cNwxrnc.exe
  C:\Windows\System\cNwxrnc.exe
  2⤵
  PID:10608
- C:\Windows\System\ifsWJDd.exe
  C:\Windows\System\ifsWJDd.exe
  2⤵
  PID:10832
- C:\Windows\System\sisbYgw.exe
  C:\Windows\System\sisbYgw.exe
  2⤵
  PID:10264
- C:\Windows\System\RWkoVaD.exe
  C:\Windows\System\RWkoVaD.exe
  2⤵
  PID:10648
- C:\Windows\System\SWicPQj.exe
  C:\Windows\System\SWicPQj.exe
  2⤵
  PID:11064
- C:\Windows\System\sbzpwOI.exe
  C:\Windows\System\sbzpwOI.exe
  2⤵
  PID:10576
- C:\Windows\System\lYsyjwU.exe
  C:\Windows\System\lYsyjwU.exe
  2⤵
  PID:10748
- C:\Windows\System\AnKILoZ.exe
  C:\Windows\System\AnKILoZ.exe
  2⤵
  PID:10496
- C:\Windows\System\wxrSyfO.exe
  C:\Windows\System\wxrSyfO.exe
  2⤵
  PID:11200
- C:\Windows\System\keGYAfQ.exe
  C:\Windows\System\keGYAfQ.exe
  2⤵
  PID:11028
- C:\Windows\System\PkNXUli.exe
  C:\Windows\System\PkNXUli.exe
  2⤵
  PID:14344
- C:\Windows\System\gKZmAZg.exe
  C:\Windows\System\gKZmAZg.exe
  2⤵
  PID:14360
- C:\Windows\System\ILOmlJs.exe
  C:\Windows\System\ILOmlJs.exe
  2⤵
  PID:14388
- C:\Windows\System\OXRRmQU.exe
  C:\Windows\System\OXRRmQU.exe
  2⤵
  PID:14424
- C:\Windows\System\UQttuFw.exe
  C:\Windows\System\UQttuFw.exe
  2⤵
  PID:14444
- C:\Windows\System\pQKqpFH.exe
  C:\Windows\System\pQKqpFH.exe
  2⤵
  PID:14472
- C:\Windows\System\EaWyMhQ.exe
  C:\Windows\System\EaWyMhQ.exe
  2⤵
  PID:14504
- C:\Windows\System\lWFmpkc.exe
  C:\Windows\System\lWFmpkc.exe
  2⤵
  PID:14532
- C:\Windows\System\IZsTOip.exe
  C:\Windows\System\IZsTOip.exe
  2⤵
  PID:14564
- C:\Windows\System\GakJeTk.exe
  C:\Windows\System\GakJeTk.exe
  2⤵
  PID:14592
- C:\Windows\System\xKNawds.exe
  C:\Windows\System\xKNawds.exe
  2⤵
  PID:14620
- C:\Windows\System\ZbdjCCx.exe
  C:\Windows\System\ZbdjCCx.exe
  2⤵
  PID:14648
- C:\Windows\System\DNCroNc.exe
  C:\Windows\System\DNCroNc.exe
  2⤵
  PID:14676
- C:\Windows\System\sJGJMJd.exe
  C:\Windows\System\sJGJMJd.exe
  2⤵
  PID:14704
- C:\Windows\System\BQFxcFs.exe
  C:\Windows\System\BQFxcFs.exe
  2⤵
  PID:14732
- C:\Windows\System\WtFLrgf.exe
  C:\Windows\System\WtFLrgf.exe
  2⤵
  PID:14760
- C:\Windows\System\CaxOeni.exe
  C:\Windows\System\CaxOeni.exe
  2⤵
  PID:14788
- C:\Windows\System\OaQvKQp.exe
  C:\Windows\System\OaQvKQp.exe
  2⤵
  PID:14816
- C:\Windows\System\gMAiOXH.exe
  C:\Windows\System\gMAiOXH.exe
  2⤵
  PID:14844
- C:\Windows\System\GJrvfLW.exe
  C:\Windows\System\GJrvfLW.exe
  2⤵
  PID:14876
- C:\Windows\System\EpGtyZj.exe
  C:\Windows\System\EpGtyZj.exe
  2⤵
  PID:14900
- C:\Windows\System\GzxljFR.exe
  C:\Windows\System\GzxljFR.exe
  2⤵
  PID:14936
- C:\Windows\System\JXxePqn.exe
  C:\Windows\System\JXxePqn.exe
  2⤵
  PID:14960
- C:\Windows\System\eLlhKsi.exe
  C:\Windows\System\eLlhKsi.exe
  2⤵
  PID:14984
- C:\Windows\System\LhmPxzJ.exe
  C:\Windows\System\LhmPxzJ.exe
  2⤵
  PID:15012
- C:\Windows\System\BFZzWwC.exe
  C:\Windows\System\BFZzWwC.exe
  2⤵
  PID:15044
- C:\Windows\System\XEFUrWe.exe
  C:\Windows\System\XEFUrWe.exe
  2⤵
  PID:15084
- C:\Windows\System\aYpbyBV.exe
  C:\Windows\System\aYpbyBV.exe
  2⤵
  PID:15108
- C:\Windows\System\HfORooo.exe
  C:\Windows\System\HfORooo.exe
  2⤵
  PID:15136
- C:\Windows\System\GpzRCiL.exe
  C:\Windows\System\GpzRCiL.exe
  2⤵
  PID:15160
- C:\Windows\System\IBntDHv.exe
  C:\Windows\System\IBntDHv.exe
  2⤵
  PID:15184
- C:\Windows\System\gHNvNvg.exe
  C:\Windows\System\gHNvNvg.exe
  2⤵
  PID:15212
- C:\Windows\System\lvVRynS.exe
  C:\Windows\System\lvVRynS.exe
  2⤵
  PID:15240
- C:\Windows\System\WHsImKS.exe
  C:\Windows\System\WHsImKS.exe
  2⤵
  PID:15268
- C:\Windows\System\cjhUBqU.exe
  C:\Windows\System\cjhUBqU.exe
  2⤵
  PID:15296
- C:\Windows\System\EfNcLaZ.exe
  C:\Windows\System\EfNcLaZ.exe
  2⤵
  PID:15324
- C:\Windows\System\RkeYZaT.exe
  C:\Windows\System\RkeYZaT.exe
  2⤵
  PID:14340
- C:\Windows\System\ulATPrz.exe
  C:\Windows\System\ulATPrz.exe
  2⤵
  PID:14384
- C:\Windows\System\yExmzso.exe
  C:\Windows\System\yExmzso.exe
  2⤵
  PID:14436
- C:\Windows\System\aUshAoe.exe
  C:\Windows\System\aUshAoe.exe
  2⤵
  PID:11088
- C:\Windows\System\DXAPBhM.exe
  C:\Windows\System\DXAPBhM.exe
  2⤵
  PID:14516
- C:\Windows\System\PnasSnz.exe
  C:\Windows\System\PnasSnz.exe
  2⤵
  PID:14548
- C:\Windows\System\QUXxXTV.exe
  C:\Windows\System\QUXxXTV.exe
  2⤵
  PID:11316
- C:\Windows\System\cRXJnOE.exe
  C:\Windows\System\cRXJnOE.exe
  2⤵
  PID:11348
- C:\Windows\System\OrWykJi.exe
  C:\Windows\System\OrWykJi.exe
  2⤵
  PID:14644
- C:\Windows\System\GjmGUKZ.exe
  C:\Windows\System\GjmGUKZ.exe
  2⤵
  PID:11496
- C:\Windows\System\iGfOAMn.exe
  C:\Windows\System\iGfOAMn.exe
  2⤵
  PID:11524
- C:\Windows\System\HznvDFV.exe
  C:\Windows\System\HznvDFV.exe
  2⤵
  PID:14728
- C:\Windows\System\VijKBWw.exe
  C:\Windows\System\VijKBWw.exe
  2⤵
  PID:11604
- C:\Windows\System\YGsDigX.exe
  C:\Windows\System\YGsDigX.exe
  2⤵
  PID:14832
- C:\Windows\System\loAnPpl.exe
  C:\Windows\System\loAnPpl.exe
  2⤵
  PID:14868
- C:\Windows\System\kSwqiDf.exe
  C:\Windows\System\kSwqiDf.exe
  2⤵
  PID:14920
- C:\Windows\System\YPByCVg.exe
  C:\Windows\System\YPByCVg.exe
  2⤵
  PID:14560
- C:\Windows\System\EubilOd.exe
  C:\Windows\System\EubilOd.exe
  2⤵
  PID:15036
- C:\Windows\System\iabuONx.exe
  C:\Windows\System\iabuONx.exe
  2⤵
  PID:15096
- C:\Windows\System\VEZMsrX.exe
  C:\Windows\System\VEZMsrX.exe
  2⤵
  PID:15148
- C:\Windows\System\SFYrRAs.exe
  C:\Windows\System\SFYrRAs.exe
  2⤵
  PID:15208
- C:\Windows\System\KeTpTlN.exe
  C:\Windows\System\KeTpTlN.exe
  2⤵
  PID:15264
- C:\Windows\System\sHUiNmz.exe
  C:\Windows\System\sHUiNmz.exe
  2⤵
  PID:14356
- C:\Windows\System\VjPqIPC.exe
  C:\Windows\System\VjPqIPC.exe
  2⤵
  PID:14456
- C:\Windows\System\WUSuhkh.exe
  C:\Windows\System\WUSuhkh.exe
  2⤵
  PID:14496
- C:\Windows\System\joQSPyD.exe
  C:\Windows\System\joQSPyD.exe
  2⤵
  PID:11284
- C:\Windows\System\wCkMQSx.exe
  C:\Windows\System\wCkMQSx.exe
  2⤵
  PID:11356
- C:\Windows\System\jJAZkmq.exe
  C:\Windows\System\jJAZkmq.exe
  2⤵
  PID:14696
- C:\Windows\System\CbwjsmY.exe
  C:\Windows\System\CbwjsmY.exe
  2⤵
  PID:14800
- C:\Windows\System\PgtErvG.exe
  C:\Windows\System\PgtErvG.exe
  2⤵
  PID:14864
- C:\Windows\System\mgFIsin.exe
  C:\Windows\System\mgFIsin.exe
  2⤵
  PID:15008
- C:\Windows\System\snwIJNx.exe
  C:\Windows\System\snwIJNx.exe
  2⤵
  PID:11848
- C:\Windows\System\owIrgAV.exe
  C:\Windows\System\owIrgAV.exe
  2⤵
  PID:2992
- C:\Windows\System\piGsPPi.exe
  C:\Windows\System\piGsPPi.exe
  2⤵
  PID:4996
- C:\Windows\System\noZWnRx.exe
  C:\Windows\System\noZWnRx.exe
  2⤵
  PID:12100
- C:\Windows\System\bIBdKHc.exe
  C:\Windows\System\bIBdKHc.exe
  2⤵
  PID:12168
- C:\Windows\System\ogyLEPr.exe
  C:\Windows\System\ogyLEPr.exe
  2⤵
  PID:14588
- C:\Windows\System\raTqjic.exe
  C:\Windows\System\raTqjic.exe
  2⤵
  PID:12244
- C:\Windows\System\gpkuZRT.exe
  C:\Windows\System\gpkuZRT.exe
  2⤵
  PID:14752
- C:\Windows\System\giZvUqB.exe
  C:\Windows\System\giZvUqB.exe
  2⤵
  PID:15064
- C:\Windows\System\leJEKWJ.exe
  C:\Windows\System\leJEKWJ.exe
  2⤵
  PID:15124
- C:\Windows\System\hTjTxQU.exe
  C:\Windows\System\hTjTxQU.exe
  2⤵
  PID:15236
- C:\Windows\System\SzpkfiI.exe
  C:\Windows\System\SzpkfiI.exe
  2⤵
  PID:11676
- C:\Windows\System\iXbSHGI.exe
  C:\Windows\System\iXbSHGI.exe
  2⤵
  PID:11788
- C:\Windows\System\UNFlvnt.exe
  C:\Windows\System\UNFlvnt.exe
  2⤵
  PID:12020
- C:\Windows\System\VgHnuWN.exe
  C:\Windows\System\VgHnuWN.exe
  2⤵
  PID:744
- C:\Windows\System\YQgDBoz.exe
  C:\Windows\System\YQgDBoz.exe
  2⤵
  PID:8424
- C:\Windows\System\sUyJAlR.exe
  C:\Windows\System\sUyJAlR.exe
  2⤵
  PID:12268
- C:\Windows\System\MURGvBD.exe
  C:\Windows\System\MURGvBD.exe
  2⤵
  PID:9896
- C:\Windows\System\DUfNCaM.exe
  C:\Windows\System\DUfNCaM.exe
  2⤵
  PID:9332
- C:\Windows\System\bcAsklN.exe
  C:\Windows\System\bcAsklN.exe
  2⤵
  PID:11636
- C:\Windows\System\ONcvPve.exe
  C:\Windows\System\ONcvPve.exe
  2⤵
  PID:5072
- C:\Windows\System\wbtEuzK.exe
  C:\Windows\System\wbtEuzK.exe
  2⤵
  PID:12140
- C:\Windows\System\AMadvnD.exe
  C:\Windows\System\AMadvnD.exe
  2⤵
  PID:3944
- C:\Windows\System\QzDghLK.exe
  C:\Windows\System\QzDghLK.exe
  2⤵
  PID:11868
- C:\Windows\System\SYKufno.exe
  C:\Windows\System\SYKufno.exe
  2⤵
  PID:5212
- C:\Windows\System\oCsdvlX.exe
  C:\Windows\System\oCsdvlX.exe
  2⤵
  PID:11416
- C:\Windows\System\nFdtOsh.exe
  C:\Windows\System\nFdtOsh.exe
  2⤵
  PID:11548
- C:\Windows\System\dMnDlpm.exe
  C:\Windows\System\dMnDlpm.exe
  2⤵
  PID:12228
- C:\Windows\System\aRelmSC.exe
  C:\Windows\System\aRelmSC.exe
  2⤵
  PID:4140
- C:\Windows\System\ePlcIWH.exe
  C:\Windows\System\ePlcIWH.exe
  2⤵
  PID:11392
- C:\Windows\System\ZRRIyIe.exe
  C:\Windows\System\ZRRIyIe.exe
  2⤵
  PID:11576
- C:\Windows\System\jEidiyS.exe
  C:\Windows\System\jEidiyS.exe
  2⤵
  PID:11968
- C:\Windows\System\QhLvFKJ.exe
  C:\Windows\System\QhLvFKJ.exe
  2⤵
  PID:9416
- C:\Windows\System\XtbDSUA.exe
  C:\Windows\System\XtbDSUA.exe
  2⤵
  PID:3964
- C:\Windows\System\rnWUcPF.exe
  C:\Windows\System\rnWUcPF.exe
  2⤵
  PID:2284
- C:\Windows\System\dmFActS.exe
  C:\Windows\System\dmFActS.exe
  2⤵
  PID:11644
- C:\Windows\System\lzDnDQt.exe
  C:\Windows\System\lzDnDQt.exe
  2⤵
  PID:11756
- C:\Windows\System\aZOUbqW.exe
  C:\Windows\System\aZOUbqW.exe
  2⤵
  PID:5100
- C:\Windows\System\qpUaVVD.exe
  C:\Windows\System\qpUaVVD.exe
  2⤵
  PID:4304
- C:\Windows\System\JCHujDR.exe
  C:\Windows\System\JCHujDR.exe
  2⤵
  PID:12036
- C:\Windows\System\QfDjerh.exe
  C:\Windows\System\QfDjerh.exe
  2⤵
  PID:11872
- C:\Windows\System\EgBVTbs.exe
  C:\Windows\System\EgBVTbs.exe
  2⤵
  PID:12200
- C:\Windows\System\OsemNNU.exe
  C:\Windows\System\OsemNNU.exe
  2⤵
  PID:4808
- C:\Windows\System\BnaZawn.exe
  C:\Windows\System\BnaZawn.exe
  2⤵
  PID:1648
- C:\Windows\System\yvVjDbj.exe
  C:\Windows\System\yvVjDbj.exe
  2⤵
  PID:11332
- C:\Windows\System\nigYTwF.exe
  C:\Windows\System\nigYTwF.exe
  2⤵
  PID:4180
- C:\Windows\System\XvUFvKp.exe
  C:\Windows\System\XvUFvKp.exe
  2⤵
  PID:3296
- C:\Windows\System\plraMpX.exe
  C:\Windows\System\plraMpX.exe
  2⤵
  PID:5692
- C:\Windows\System\UYiMaMu.exe
  C:\Windows\System\UYiMaMu.exe
  2⤵
  PID:996
- C:\Windows\System\ScrQCcn.exe
  C:\Windows\System\ScrQCcn.exe
  2⤵
  PID:5220
- C:\Windows\System\fknyOJT.exe
  C:\Windows\System\fknyOJT.exe
  2⤵
  PID:15380
- C:\Windows\System\gmGOZWp.exe
  C:\Windows\System\gmGOZWp.exe
  2⤵
  PID:15408
- C:\Windows\System\GShejXa.exe
  C:\Windows\System\GShejXa.exe
  2⤵
  PID:15436
- C:\Windows\System\BmWiGQK.exe
  C:\Windows\System\BmWiGQK.exe
  2⤵
  PID:15472
- C:\Windows\System\WqCwbSa.exe
  C:\Windows\System\WqCwbSa.exe
  2⤵
  PID:15496
- C:\Windows\System\wBiPGbo.exe
  C:\Windows\System\wBiPGbo.exe
  2⤵
  PID:15524
- C:\Windows\System\afEkGRr.exe
  C:\Windows\System\afEkGRr.exe
  2⤵
  PID:15548
- C:\Windows\System\rfRwthp.exe
  C:\Windows\System\rfRwthp.exe
  2⤵
  PID:15588
- C:\Windows\System\DIGMvQS.exe
  C:\Windows\System\DIGMvQS.exe
  2⤵
  PID:15608
- C:\Windows\System\DHfqNGf.exe
  C:\Windows\System\DHfqNGf.exe
  2⤵
  PID:15640
- C:\Windows\System\xqFdppp.exe
  C:\Windows\System\xqFdppp.exe
  2⤵
  PID:15676
- C:\Windows\System\QAJNVWj.exe
  C:\Windows\System\QAJNVWj.exe
  2⤵
  PID:15704
- C:\Windows\System\bGyyoKY.exe
  C:\Windows\System\bGyyoKY.exe
  2⤵
  PID:15724
- C:\Windows\System\imfsLkH.exe
  C:\Windows\System\imfsLkH.exe
  2⤵
  PID:15752
- C:\Windows\System\afdkCTM.exe
  C:\Windows\System\afdkCTM.exe
  2⤵
  PID:15780
- C:\Windows\System\cmkegGq.exe
  C:\Windows\System\cmkegGq.exe
  2⤵
  PID:15812
- C:\Windows\System\LkdIGgK.exe
  C:\Windows\System\LkdIGgK.exe
  2⤵
  PID:15836
- C:\Windows\System\CVOzNrE.exe
  C:\Windows\System\CVOzNrE.exe
  2⤵
  PID:15876
- C:\Windows\System\kExznxZ.exe
  C:\Windows\System\kExznxZ.exe
  2⤵
  PID:15908
- C:\Windows\System\KdcVCwy.exe
  C:\Windows\System\KdcVCwy.exe
  2⤵
  PID:15924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CYFPfoI.exe

Filesize
6.0MB

MD5
897e1228fa58e62a2e9f86c3483969d8

SHA1
fdb143c15659a0c8ecbfe95831d54cebec29801e

SHA256
67a05570727eb06cedc106c3d2a2ad9e0d33ba7cef195e26ce78b3cbc0e08531

SHA512
27175e5743bb4786840d1f58bac6f8d24f9b517d215f14bb91b061c1a39d0f5a355bbdf4e439033dd8de704bb03a8dcfb71c08cd8608fb42d2515e6720d199b3

Download Submit
C:\Windows\System\DLMipoC.exe

Filesize
6.0MB

MD5
3182262569a8be6dea96f0849c4b3227

SHA1
f80648299e74ab19b5722d7d757489efc3d43338

SHA256
965d47c3910097b40b9ad8708a41354e7be68065b0bc5d06c96211231b550e53

SHA512
4e4168a9ab4b3c1dea66bd4a4aa2f0b129f24fd750614d12ec87bed93c7124fa13dd8856bd5a17c7e6b2607d351663055e8bbd120b09d2baeda7b4a5f1bb0486

Download Submit
C:\Windows\System\EIwsnvu.exe

Filesize
6.0MB

MD5
cf53a963e5692d3dba47ade5713b7c68

SHA1
620c197113a8a0c0c17c88455db0e24d4ae7cf5f

SHA256
8aa951db3a75e7cf780f0338085f4f0ca7ac914fe25d0ef1c0bad2a40c492fae

SHA512
415c751720fc80967463df075a5aca8de91c36e0cca8a9abb9ac063c57c06bb858cb5dbf65934a225f664c7aca6d3447feb85915226d39212cdb428c1ce8a921

Download Submit
C:\Windows\System\GgUnnTS.exe

Filesize
6.0MB

MD5
453e332d447015b409c04e804ccd8878

SHA1
8d3df9b0dcc2f0f51ca5ca1c3ac6b61bdda44d90

SHA256
75fb6799851a82f1eed8e76f001426992647b03f3a7220d572677acf510df996

SHA512
835363f24578bbfacf489778fc82c99c2f67ac5b9cf08f3ebc2827b9f5fca0c546e966d60906e93495c7770ed7ca259a73dfe7178504b3ceeba307cfd7bcace2

Download Submit
C:\Windows\System\IgXCCFg.exe

Filesize
6.0MB

MD5
f61dc226a64eba322953274ff266bc98

SHA1
48fda9bc90774e5f422efcdeff5c7de403ea6a96

SHA256
df34e84e0f2e27d483fcce42df199605d4701f10aea31038aa511a8ad20a35c2

SHA512
9d6553d4e35eb85694dc6f9b655afb682fedcf4625a72440f6f559f85ca5fe9476da78500e7a83d3f577df298ae36ae816e4494a0aa6d15403af6cce308e60cf

Download Submit
C:\Windows\System\JbHAnWI.exe

Filesize
6.0MB

MD5
9776427f71374dff45b4dd45e9e24878

SHA1
6f5244242d1570e37c56f4f8b9b1d0574011b05c

SHA256
4690ab8cc56bded23d230ee73cde089f0c92cbaa89c34a65ec6649c153f0b5fc

SHA512
ce254fbc9501c84e1014cb4ce606501c943aaba80bdc878f760868092614ecda04e9714d85f52081bf17c0676913d3f9228fce0643f3f6c40344d873b6c819dc

Download Submit
C:\Windows\System\KenPUEJ.exe

Filesize
6.0MB

MD5
76879d0e827312933ab8d24caff22d1b

SHA1
8ecb10879595d7b994bea7112ccba82fd4f3c149

SHA256
75a3fd472433add83bf7192d11dd12e48304c0957aa7627b2363908f0eec631a

SHA512
9f38f328f25e7a8eacb30283e0db6d23155ab9ff2d74d9ac4c7df766d10255af7986da567226c5c304367ae2e089819cf8ec252f49557e0156f77d0181e0f170

Download Submit
C:\Windows\System\LLDqudQ.exe

Filesize
6.0MB

MD5
e73904ac2e6761a24cf53bffa6c34d57

SHA1
c0e01b60d2c5cf25fe100f3728e0ae69ee2412fe

SHA256
101e628a062930a27ec464a86b56e1c77471faf01d6d9478d93d5dd134987c3b

SHA512
21d5f7eb3aada3ec1c9b2ca8de47720287fc2c2c9dfd06b94e48dc36ce16e834568d39f2af27fe80534c37eee506f16171e12253d98ca257d9f9d292c40acd38

Download Submit
C:\Windows\System\NLFkOOP.exe

Filesize
6.0MB

MD5
8ea15d0a2cf355530216b165b09010de

SHA1
fad18267817c5d6c76836ea4507e0da850ece5f9

SHA256
d2fdfe8cf9e75786cc92cf4c8953af37c213345a4a8b82303f4305908c909395

SHA512
610b1731e406f66cc5b7f40c612fb37930d63d08fb363a55b9ef1004f3f4696b66d54b9c8124e4f6406ac1ca7bcec4d06cc7a350ffcce4321f5da601470f6c56

Download Submit
C:\Windows\System\NPtkInQ.exe

Filesize
6.0MB

MD5
b7323e6b15a0607621e7d9cfb9d70fa8

SHA1
cc89ce41289083e195b122bbb892ef8e4a5423e9

SHA256
c3ffe30f2c6ed85d5076d27545e6aa0fa3d0c15b7c55497b66eb6cf9128ec474

SHA512
ebca9078ce39efd87f83a98b1a3eef6cbfde7dd406bb459f5cd755121a2e351d6544e931a98ab8fe7725e6171232d4c36460966d8b71bc2ada642db68ab12d5d

Download Submit
C:\Windows\System\OjNgzrJ.exe

Filesize
6.0MB

MD5
b97476af49166e680a8fc969a8e9e245

SHA1
ee05da1e14691900b25d59d56e333787141d4264

SHA256
41a04e2ebea2c1dd5c39c27acc293eeb6bdb838c058c6de9d5051f8e9c832821

SHA512
e51f3671d8d4857f69b0796952edae20bc66d16e837b3e74af4c12359cf3cac166298d47ca792de3a897706f821af72cc6e08c515fbac1b41b6a08351ea80fa5

Download Submit
C:\Windows\System\QfNaIMQ.exe

Filesize
6.0MB

MD5
8bb661854576e35d81782558a59ddc24

SHA1
5f15f84206fd03c3ace226ec1ea5b789f9d167d6

SHA256
33e782c7908710438d949011d5048f1b0de6e2840b7c34503204065a8873fbc3

SHA512
c6d90847c285027e1ce687a7e9aca6b63393a2cdc312860386d320e5d576cc2c1604d525344a010dafd9a72e0043a0dc42e1b1337daa8661702aacb0062e8cd4

Download Submit
C:\Windows\System\RbPHYEk.exe

Filesize
6.0MB

MD5
912253cb561ddc9f4cfd41db92314eba

SHA1
bfcad7ddecd5288e3c9719d192237af28a4ba1c4

SHA256
c84c76e02d7eee86f5a0afe9382689f1091c06e6b013630d16e85c2697f4cb9a

SHA512
d948b26001557d5761b8187aaa8eba8bdf605181874f5c7c33fae55fe9374e732c48c9a20284b946030d447b1aa677fe26b3aa06fbf1eb5023c78cf7f61c3548

Download Submit
C:\Windows\System\RlNIobF.exe

Filesize
6.0MB

MD5
336c914780e1658a86dbbf8f2917c8af

SHA1
0c46943cf1aecc00a9b335c282464f15cf74a3a5

SHA256
6a28ee36c29b24da045db1078a8d910aa5d532f51e0987dfe50a678ab94cbeac

SHA512
6df6e170077fca48188895c764880470fd3681bd72d43c061c4673761d42efbb7f425859d3f1ef4292351bf06064b77e438160dfac8587ea236ceb95f950747d

Download Submit
C:\Windows\System\SwvSjkv.exe

Filesize
6.0MB

MD5
3454149a9049507343dd9627980478c3

SHA1
a67bbbc8a74471a221365e2cd36b9864424e3bcf

SHA256
5d7cb16230ccf65a396631c1b070b1f1d8f6f4615961a3fc16902727cd2e504f

SHA512
42466df39270ad7c3350ef91dfe8f4b956bf44c118a8606a32ddb4048a5dfd0ca2b0ec355bdbd0fc6158d909135ecc88a0b35be3b99a2527d9fc34fbf8622a35

Download Submit
C:\Windows\System\UxwxmKY.exe

Filesize
6.0MB

MD5
96d5f84f8e3a1654babf4ec60b23cbae

SHA1
c25a458697f2337f451e0a4c1874e19323dd8b05

SHA256
330d521fc93607e2f3c745f273c35b9ff37ab040bf9d3b2f0f4b09556a028edc

SHA512
915bdb25f735dfd9250305433e666f34330bbb4d639c66a61f9e1dd29e77dd34ffe9f7f3dddfd931a4b447b029e33517fcdf8f8143bbe7ea59ca708418e52916

Download Submit
C:\Windows\System\ZkuCobK.exe

Filesize
6.0MB

MD5
919d4b0acdc479694c09d3790f669aa5

SHA1
462316066fa2074dc78229e3134a1111996cc8cc

SHA256
d7fd7ebf276c30ae84c6a111aa5e8ce57d5cb0b99e1e20dad774b6c28747c2ca

SHA512
6e8de63b1972a7765488589ea6f1fc372708426d90a3686c537329ec58247bcd76adcf0867b1edc59db9439e3ac48d9c0162382a81994bf8c872acd5d6780787

Download Submit
C:\Windows\System\bzbiKBY.exe

Filesize
6.0MB

MD5
0415c21f5e82eec64f9aa5d8cfbaba95

SHA1
9d2e7d0524ab626ff810855b83d5cd0d23e222df

SHA256
fae5df4c3ea593c440c7bd00ca8e35582a18bbe33142395b1df96f831aa811fc

SHA512
6a542ac19c819267eda09ebf8735e7b5af16b143074c0dffa75f39a104f46b845ac97a826fe383461265e84855eec1a3ae07f1cde1c89bcfe3bcaab0aea9efe3

Download Submit
C:\Windows\System\eKpxfyO.exe

Filesize
6.0MB

MD5
9b97539e7f1261c17be390df50340769

SHA1
5b4ee992e473bc792dc7869f732dddbac21e5a50

SHA256
afdf3f534fcd824c7ba194f49a9ea64c0286fdd2ca645ea42f194e81fdffd840

SHA512
240d5cde9840e13b1cb962f9b08f40d821eabf114e566e760bd16794a205c134c8317093780859d3d7fd8b80b9ce4864c45988003c949dcc0816a8f6eb3d36a7

Download Submit
C:\Windows\System\eruddhd.exe

Filesize
6.0MB

MD5
cc88aed0ce0d7627fff3d29ed6340add

SHA1
0cbc01849a079bebe5de1de3bfdf22a0a9d96fe5

SHA256
c2261afc14633d1f39abc1a66b9f9048d5d0be2c817104e7e949f3b136085dd1

SHA512
fa1b7b199dc38597aac8527c4b9d647d81d44308116583bc608ef8db251bda2015f883be7afec5598137b5db9a38151e231ef9aca0b58758eb178ad856f00b5c

Download Submit
C:\Windows\System\fDmRUpH.exe

Filesize
6.0MB

MD5
64dd4a4e3ae673cafdd257d92b97d236

SHA1
e6fb36a9afcd7c230d29e3eb02a08f1fb501cf19

SHA256
d70653c73c64dcd263e34118c96f56aed148112bff035aacf1be9bee8d2107ca

SHA512
220521c732ea4ccaa0018121dbb49cd4ae1c44740c8af62647892206d75d1f857a12c64afd970efc06c8474996e0d52580c51fb9e0e2dd48974295b5ae0d54e2

Download Submit
C:\Windows\System\gRmVrhz.exe

Filesize
6.0MB

MD5
ec25a9fc968c4f8ac6816329515143a4

SHA1
ab98f9af7249bc89952e670abcaf870f4ab53dc1

SHA256
9606bfac8df6c7f961aea8cd507157b30f6ab7f263e8fe3fa29120e91fec0038

SHA512
2b0edd85cab30e0a1ff1e970487dabd0d6a445d46bc9426ea711e8ce4dad7e64fcddee1a3f562893ec84ec85141d4a586eb9dfdb3fec3a052acb9808c4307733

Download Submit
C:\Windows\System\haMjNRJ.exe

Filesize
6.0MB

MD5
392bfc70712e7a608d7ccdbe18b02488

SHA1
764552fc58836b0adef37930b7d3f0ad8ec339e0

SHA256
12c0fb89a677a7e5cf85fcef5af8e10296ccb679ed1bff58c71ea78684052a93

SHA512
6063005e7bbea2af7c028c350197c819af359af5b54d2735e711871ac19879240bee45c35bac3fbd39623a523c3bb57b1ebeb2ae4c105f6facd3011a766b5669

Download Submit
C:\Windows\System\iKdyKeD.exe

Filesize
6.0MB

MD5
078ce567b5af436174d722c21b35d4d7

SHA1
f41c41bee0a016701722e67fef3c7043fcc6aedd

SHA256
ed18946d75d87ed5899df1ab71d3f9ef3f2ac470229136998ff30a9e3c02d41b

SHA512
ecf8932d44947597655197ca28ffcbb6722a3db26775dbaf716aadccafe7b53e541c49b75d5ad5f833ed3c04ac7a1d8190ebbc7714dc7acde1d1b983f96e3fe5

Download Submit
C:\Windows\System\iexKenf.exe

Filesize
6.0MB

MD5
df4446bd51eb17ea2645fce2a061a6de

SHA1
05d4a135356291a5d2ff5a8f268cbb3c20d81175

SHA256
a2aaf5a0deb105b72b0228fcbe31459c3441698f1696ba5b9123bf367494dd19

SHA512
987a3e257f4069c3db4da4f73545eeb47f803500463ca4255c73aa7a92e66e44a99f1af2045dae907dd20ee011aea3fae53e8b988d10e95d0f13e2337e836330

Download Submit
C:\Windows\System\jyQMzFr.exe

Filesize
6.0MB

MD5
fae6e6e5e3b5ab5bb4c8d71668f493f0

SHA1
4ccc0459cb90b74528414e574cbfb1aee7cc1e8f

SHA256
457a051a6f20c01c34139b53d5357744e1e38bf3d2480d1f1e3e92afb1f3e8db

SHA512
3efb395e25165949adf985947c4b596fbba261d25812e4580c24c597362c5883ae2fdc1f4ff0c7f926ae7ca3443eeb87abc0c2f165bbce6f0f53b71e78be1cd0

Download Submit
C:\Windows\System\kPFJqpR.exe

Filesize
6.0MB

MD5
33260f41018e95cde078f53194b2e8cf

SHA1
da1d2856b3b059fca35d920d1c76afe857a7aed9

SHA256
ebe393b69b3e0a42a54eb947d9af0a349dfeebf7822c101deb8083b00be565dd

SHA512
24fc7374ed8de72f0e7e7762c2a02efbad978eddd15b787dd79315e084925b2ee72da85a8e690a6a505741d6ade25251cb11857ce518e10a3bb0331a6dbf3531

Download Submit
C:\Windows\System\ogGXXhM.exe

Filesize
6.0MB

MD5
991d3977c8b0a6ca8b0963ee55b437a0

SHA1
200821f431369e61b1a75f567dd788b4571d665b

SHA256
2d5882411eff0d5aedef51e2f3da1deed064ac3b3d619dc45ce4ff7d8e923308

SHA512
0310b97c572f5a1180c7c749b4a1341a178ec91488ae3abdeabfcbec1f6b6d3fdbaa2776fcf976543978c27d56f55c4038a8834653e56b126a10ed285dd2e5d2

Download Submit
C:\Windows\System\pGdEetG.exe

Filesize
6.0MB

MD5
4f6bd02cc2d6bb45448cd0db5d768c73

SHA1
1712bc8c581b62f4c86dbbe32deff8669eb9bd0d

SHA256
5215a5b7dde6b09331d89c318a92ab1f119fad1a7bef4717b567417ed7d1094f

SHA512
69ee76455dfd577f2b9184058f07a673c7b604ac46b998a7daad9343791c1aae26a8b6bc573f532bb9def5f99f2d63e4ec7c3e444f7faa0a4a822330e3b70499

Download Submit
C:\Windows\System\pOfDISW.exe

Filesize
6.0MB

MD5
42e6e1473425b1e3732d0608790ad2ef

SHA1
a50c61e2165799ba092978a7c10daf193b8dbeb8

SHA256
158b4a7ae40efa9628cda06eadc89628896bc1d4761b80d98288d2284c8c1faa

SHA512
3ab1ad5990eae4111e7e78d0cb27ecb4966c167236a182c0644c9a9e16d6cc1d4e7834b88c21f9ffacbcbb2c9c7baaa6e2319b91b18850833b1ea56ec1d327f9

Download Submit
C:\Windows\System\qQSjuxy.exe

Filesize
6.0MB

MD5
64efbc5f3bb0b5b51f3fe4c1e431b024

SHA1
1e3f72b5eadfd2b38bee4bd53144e40053c76c5c

SHA256
2a40047d0b262f44ddf972a96949c9624af64087c811dcd7f2dc4614fd38186c

SHA512
22b8382bdbcc85bb0ccdb3f79643cfda411a734cd5f71136943db2f2053dc33287177051d153ded96990a07932267efe462805f39bdadbc3d24a248fa1c34ae0

Download Submit
C:\Windows\System\ryXRQTk.exe

Filesize
6.0MB

MD5
78c62b3e96534a6ac49d484cd3b4fad8

SHA1
ab36dc156ec0f4a459715ca8d33f6c56a111af2e

SHA256
62e47540aeaabaa0151fbd0dda8a15d7f0c3390053353e8af41bf208cc07a8e5

SHA512
beca418ad5b6057015dfc432588c8385816522ff65c1fbc6e3585efbd54b29881668ef14a0731ddb96be33eefab716a224dbc98c1ded528577198d1adfe2c2f4

Download Submit
C:\Windows\System\scnKhGl.exe

Filesize
6.0MB

MD5
14427b967dc4f1925c34d33215cbff55

SHA1
abc519aae3b05abbf91ea99c033a9d6fa67661ac

SHA256
89ce201879f9d71e5c44ca8b05b37a6b6f5bd2c43fbef0ea6dc94cfc5a96fd3d

SHA512
901bf7b5232564e36b08004d294a34053cbab8d6ceca8328dbda296931500975e75903cba9c0bd1a21b20da7954cfaa37adf59af007f35fe6163547c45b7aefc

Download Submit
C:\Windows\System\sziPPWJ.exe

Filesize
6.0MB

MD5
de0d1b9e54d65290aaedafd1188e02d8

SHA1
cb52154c2ba327b3410d7d42c089330785d778fd

SHA256
4bf15e78a3029d2d8c967b133fb502d994017790c44e696a1e4e69f0250b25f8

SHA512
eb12fbd19fc1ae9f7d96b8d92dfc156a18d7bb28c3b12e733aa354fa43b5633575490b98bc23c70dc48b4e1a49ca08e03a342c940b48bd8f9ef8e3913c145915

Download Submit
memory/116-542-0x00007FF7969C0000-0x00007FF796D14000-memory.dmp

Filesize
3.3MB

Download
memory/116-1571-0x00007FF7969C0000-0x00007FF796D14000-memory.dmp

Filesize
3.3MB

Download
memory/116-129-0x00007FF7969C0000-0x00007FF796D14000-memory.dmp

Filesize
3.3MB

Download
memory/1016-79-0x00007FF780C80000-0x00007FF780FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1016-1255-0x00007FF780C80000-0x00007FF780FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1016-28-0x00007FF780C80000-0x00007FF780FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1052-1491-0x00007FF6D9350000-0x00007FF6D96A4000-memory.dmp

Filesize
3.3MB

Download
memory/1052-303-0x00007FF6D9350000-0x00007FF6D96A4000-memory.dmp

Filesize
3.3MB

Download
memory/1052-54-0x00007FF6D9350000-0x00007FF6D96A4000-memory.dmp

Filesize
3.3MB

Download
memory/1208-1477-0x00007FF667C80000-0x00007FF667FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1208-198-0x00007FF667C80000-0x00007FF667FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1208-36-0x00007FF667C80000-0x00007FF667FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-202-0x00007FF6AB770000-0x00007FF6ABAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-1596-0x00007FF6AB770000-0x00007FF6ABAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1548-540-0x00007FF689880000-0x00007FF689BD4000-memory.dmp

Filesize
3.3MB

Download
memory/1548-1558-0x00007FF689880000-0x00007FF689BD4000-memory.dmp

Filesize
3.3MB

Download
memory/1548-83-0x00007FF689880000-0x00007FF689BD4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-1251-0x00007FF7FDF60000-0x00007FF7FE2B4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-78-0x00007FF7FDF60000-0x00007FF7FE2B4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-27-0x00007FF7FDF60000-0x00007FF7FE2B4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1583-0x00007FF6CE1B0000-0x00007FF6CE504000-memory.dmp

Filesize
3.3MB

Download
memory/1956-134-0x00007FF6CE1B0000-0x00007FF6CE504000-memory.dmp

Filesize
3.3MB

Download
memory/2156-138-0x00007FF7DA7A0000-0x00007FF7DAAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-1588-0x00007FF7DA7A0000-0x00007FF7DAAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-150-0x00007FF6B2DD0000-0x00007FF6B3124000-memory.dmp

Filesize
3.3MB

Download
memory/2180-1587-0x00007FF6B2DD0000-0x00007FF6B3124000-memory.dmp

Filesize
3.3MB

Download
memory/2204-201-0x00007FF6251A0000-0x00007FF6254F4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-1593-0x00007FF6251A0000-0x00007FF6254F4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-1237-0x00007FF640EB0000-0x00007FF641204000-memory.dmp

Filesize
3.3MB

Download
memory/2336-20-0x00007FF640EB0000-0x00007FF641204000-memory.dmp

Filesize
3.3MB

Download
memory/2472-1230-0x00007FF7E3E40000-0x00007FF7E4194000-memory.dmp

Filesize
3.3MB

Download
memory/2472-15-0x00007FF7E3E40000-0x00007FF7E4194000-memory.dmp

Filesize
3.3MB

Download
memory/2472-63-0x00007FF7E3E40000-0x00007FF7E4194000-memory.dmp

Filesize
3.3MB

Download
memory/2480-393-0x00007FF647EA0000-0x00007FF6481F4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-70-0x00007FF647EA0000-0x00007FF6481F4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1501-0x00007FF647EA0000-0x00007FF6481F4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-191-0x00007FF66DE90000-0x00007FF66E1E4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1594-0x00007FF66DE90000-0x00007FF66E1E4000-memory.dmp

Filesize
3.3MB

Download
memory/3100-139-0x00007FF64AF70000-0x00007FF64B2C4000-memory.dmp

Filesize
3.3MB

Download
memory/3100-1589-0x00007FF64AF70000-0x00007FF64B2C4000-memory.dmp

Filesize
3.3MB

Download
memory/3124-17-0x00007FF64A3B0000-0x00007FF64A704000-memory.dmp

Filesize
3.3MB

Download
memory/3124-1246-0x00007FF64A3B0000-0x00007FF64A704000-memory.dmp

Filesize
3.3MB

Download
memory/3124-68-0x00007FF64A3B0000-0x00007FF64A704000-memory.dmp

Filesize
3.3MB

Download
memory/3592-1586-0x00007FF665360000-0x00007FF6656B4000-memory.dmp

Filesize
3.3MB

Download
memory/3592-144-0x00007FF665360000-0x00007FF6656B4000-memory.dmp

Filesize
3.3MB

Download
memory/3688-44-0x00007FF790F00000-0x00007FF791254000-memory.dmp

Filesize
3.3MB

Download
memory/3688-1482-0x00007FF790F00000-0x00007FF791254000-memory.dmp

Filesize
3.3MB

Download
memory/3924-1574-0x00007FF778100000-0x00007FF778454000-memory.dmp

Filesize
3.3MB

Download
memory/3924-199-0x00007FF778100000-0x00007FF778454000-memory.dmp

Filesize
3.3MB

Download
memory/4104-1-0x000002A8A3430000-0x000002A8A3440000-memory.dmp

Filesize
64KB

Download
memory/4104-0-0x00007FF769E60000-0x00007FF76A1B4000-memory.dmp

Filesize
3.3MB

Download
memory/4104-62-0x00007FF769E60000-0x00007FF76A1B4000-memory.dmp

Filesize
3.3MB

Download
memory/4152-50-0x00007FF7CA560000-0x00007FF7CA8B4000-memory.dmp

Filesize
3.3MB

Download
memory/4152-1485-0x00007FF7CA560000-0x00007FF7CA8B4000-memory.dmp

Filesize
3.3MB

Download
memory/4264-1502-0x00007FF7140E0000-0x00007FF714434000-memory.dmp

Filesize
3.3MB

Download
memory/4264-392-0x00007FF7140E0000-0x00007FF714434000-memory.dmp

Filesize
3.3MB

Download
memory/4264-69-0x00007FF7140E0000-0x00007FF714434000-memory.dmp

Filesize
3.3MB

Download
memory/4336-187-0x00007FF6BE6B0000-0x00007FF6BEA04000-memory.dmp

Filesize
3.3MB

Download
memory/4336-1595-0x00007FF6BE6B0000-0x00007FF6BEA04000-memory.dmp

Filesize
3.3MB

Download
memory/4336-548-0x00007FF6BE6B0000-0x00007FF6BEA04000-memory.dmp

Filesize
3.3MB

Download
memory/4564-349-0x00007FF63F560000-0x00007FF63F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/4564-1498-0x00007FF63F560000-0x00007FF63F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/4564-64-0x00007FF63F560000-0x00007FF63F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/4864-192-0x00007FF632930000-0x00007FF632C84000-memory.dmp

Filesize
3.3MB

Download
memory/4864-1597-0x00007FF632930000-0x00007FF632C84000-memory.dmp

Filesize
3.3MB

Download
memory/4924-133-0x00007FF78EC60000-0x00007FF78EFB4000-memory.dmp

Filesize
3.3MB

Download
memory/4924-1580-0x00007FF78EC60000-0x00007FF78EFB4000-memory.dmp

Filesize
3.3MB

Download
memory/4932-1601-0x00007FF653B50000-0x00007FF653EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4932-197-0x00007FF653B50000-0x00007FF653EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4992-1598-0x00007FF70E730000-0x00007FF70EA84000-memory.dmp

Filesize
3.3MB

Download
memory/4992-204-0x00007FF70E730000-0x00007FF70EA84000-memory.dmp

Filesize
3.3MB

Download
memory/5088-1599-0x00007FF645410000-0x00007FF645764000-memory.dmp

Filesize
3.3MB

Download
memory/5088-203-0x00007FF645410000-0x00007FF645764000-memory.dmp

Filesize
3.3MB

Download