cobaltstrike | ae80362bda9142ac6254615d7c5d18f47b8f744c1913481cd33d4cde6776ebc9

Analysis

max time kernel
116s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2024 23:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b38af1b15557aa3fc06d9ce9997af23b
SHA1

c6f9b6e24a6d8804b263a93767e7cb31d6e6e7bd
SHA256

ae80362bda9142ac6254615d7c5d18f47b8f744c1913481cd33d4cde6776ebc9
SHA512

6a76acc601137fe672ad2b14da62f87980c526e6f803292b17e1cc9f169dda9345196440cf6b27dd91abfbe25ac0da7b8d3fde2fcc82c8e1c3c67621c65d8aa1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUJ:T+q56utgpPF8u/7J

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023cba-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbe-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbf-16.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc0-23.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023cbb-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc1-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc2-41.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc3-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc6-67.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccb-104.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cce-125.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd6-178.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdc-212.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdb-209.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cda-205.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd9-203.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd8-199.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd7-188.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd5-174.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd4-166.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd3-163.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd2-155.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd1-146.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd0-139.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccf-132.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccd-118.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccc-111.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cca-97.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc9-90.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc8-83.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc7-77.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc5-63.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc4-56.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4520-0-0x00007FF73DB50000-0x00007FF73DEA4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023cba-5.dat	xmrig
behavioral2/memory/3932-12-0x00007FF76A140000-0x00007FF76A494000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbe-11.dat	xmrig
behavioral2/files/0x0007000000023cbf-16.dat	xmrig
behavioral2/memory/3924-18-0x00007FF735CB0000-0x00007FF736004000-memory.dmp	xmrig
behavioral2/memory/416-8-0x00007FF735390000-0x00007FF7356E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc0-23.dat	xmrig
behavioral2/memory/2524-24-0x00007FF7FE260000-0x00007FF7FE5B4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023cbb-28.dat	xmrig
behavioral2/files/0x0007000000023cc1-35.dat	xmrig
behavioral2/files/0x0007000000023cc2-41.dat	xmrig
behavioral2/files/0x0007000000023cc3-47.dat	xmrig
behavioral2/memory/416-61-0x00007FF735390000-0x00007FF7356E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc6-67.dat	xmrig
behavioral2/memory/3924-75-0x00007FF735CB0000-0x00007FF736004000-memory.dmp	xmrig
behavioral2/memory/2524-88-0x00007FF7FE260000-0x00007FF7FE5B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ccb-104.dat	xmrig
behavioral2/files/0x0007000000023cce-125.dat	xmrig
behavioral2/memory/1380-152-0x00007FF7C18B0000-0x00007FF7C1C04000-memory.dmp	xmrig
behavioral2/memory/4856-165-0x00007FF7E76C0000-0x00007FF7E7A14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd6-178.dat	xmrig
behavioral2/files/0x0007000000023cdc-212.dat	xmrig
behavioral2/files/0x0007000000023cdb-209.dat	xmrig
behavioral2/files/0x0007000000023cda-205.dat	xmrig
behavioral2/files/0x0007000000023cd9-203.dat	xmrig
behavioral2/files/0x0007000000023cd8-199.dat	xmrig
behavioral2/memory/3508-198-0x00007FF7567B0000-0x00007FF756B04000-memory.dmp	xmrig
behavioral2/memory/3488-195-0x00007FF6E7CE0000-0x00007FF6E8034000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd7-188.dat	xmrig
behavioral2/memory/1084-187-0x00007FF754260000-0x00007FF7545B4000-memory.dmp	xmrig
behavioral2/memory/4444-186-0x00007FF629F40000-0x00007FF62A294000-memory.dmp	xmrig
behavioral2/memory/940-182-0x00007FF7AAE40000-0x00007FF7AB194000-memory.dmp	xmrig
behavioral2/memory/876-181-0x00007FF73A080000-0x00007FF73A3D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd5-174.dat	xmrig
behavioral2/memory/3596-173-0x00007FF7AFA90000-0x00007FF7AFDE4000-memory.dmp	xmrig
behavioral2/memory/3424-172-0x00007FF727720000-0x00007FF727A74000-memory.dmp	xmrig
behavioral2/memory/1804-168-0x00007FF6F0B10000-0x00007FF6F0E64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd4-166.dat	xmrig
behavioral2/files/0x0007000000023cd3-163.dat	xmrig
behavioral2/memory/5104-162-0x00007FF6C0E20000-0x00007FF6C1174000-memory.dmp	xmrig
behavioral2/memory/1016-159-0x00007FF6B1B10000-0x00007FF6B1E64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd2-155.dat	xmrig
behavioral2/memory/2576-151-0x00007FF700E60000-0x00007FF7011B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd1-146.dat	xmrig
behavioral2/memory/2060-145-0x00007FF61B4D0000-0x00007FF61B824000-memory.dmp	xmrig
behavioral2/memory/2148-144-0x00007FF60BF30000-0x00007FF60C284000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd0-139.dat	xmrig
behavioral2/memory/388-138-0x00007FF7284C0000-0x00007FF728814000-memory.dmp	xmrig
behavioral2/memory/5108-137-0x00007FF7C24E0000-0x00007FF7C2834000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ccf-132.dat	xmrig
behavioral2/memory/2500-131-0x00007FF727BB0000-0x00007FF727F04000-memory.dmp	xmrig
behavioral2/memory/1004-130-0x00007FF6896E0000-0x00007FF689A34000-memory.dmp	xmrig
behavioral2/memory/3488-124-0x00007FF6E7CE0000-0x00007FF6E8034000-memory.dmp	xmrig
behavioral2/memory/4284-123-0x00007FF7F1AE0000-0x00007FF7F1E34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ccd-118.dat	xmrig
behavioral2/memory/4444-117-0x00007FF629F40000-0x00007FF62A294000-memory.dmp	xmrig
behavioral2/memory/2308-116-0x00007FF725A40000-0x00007FF725D94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ccc-111.dat	xmrig
behavioral2/memory/876-110-0x00007FF73A080000-0x00007FF73A3D4000-memory.dmp	xmrig
behavioral2/memory/2864-109-0x00007FF649CB0000-0x00007FF64A004000-memory.dmp	xmrig
behavioral2/memory/3424-103-0x00007FF727720000-0x00007FF727A74000-memory.dmp	xmrig
behavioral2/memory/2704-102-0x00007FF785170000-0x00007FF7854C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cca-97.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
416	dBrUPWi.exe
3932	powAFtX.exe
3924	HVcnsch.exe
2524	QroaTvT.exe
3528	DvlfNte.exe
2704	zfKEfgw.exe
2864	QSjCVLT.exe
2308	vunCRHV.exe
4284	bTpTQeb.exe
1004	zuhscVf.exe
5108	SciLcBX.exe
2148	xFeMLvd.exe
2576	RcZYdHt.exe
1016	ArKbPSI.exe
4856	IxhSiUm.exe
3424	gJmaowc.exe
876	TVtUznt.exe
4444	cEnFUIY.exe
3488	LXcvOEO.exe
2500	pFqAVde.exe
388	aieLCVc.exe
2060	rNZpPGp.exe
1380	eyGPuWf.exe
5104	EVTusiu.exe
1804	fRrZDNR.exe
3596	qFqfEXj.exe
940	cOFfZQC.exe
1084	ibUXMfe.exe
3508	POSxugd.exe
4796	tCmgSoJ.exe
2268	eWvxVhl.exe
2648	gPdpyti.exe
4744	ccLiUeB.exe
3656	AilbeNY.exe
3032	KySvTlq.exe
2396	JJcfkHk.exe
4640	IvchqDJ.exe
3944	ZyOdvBC.exe
2668	hzCVtqb.exe
3380	QMxWkGk.exe
4804	ESGlRSC.exe
1096	Gxuwuze.exe
4440	wSNZese.exe
2584	WqnVGSK.exe
4852	OtEzUvd.exe
516	nsTVzQS.exe
2264	EPXacVE.exe
2452	UQRUvmu.exe
2848	nxvAzxg.exe
2556	VkkYFOM.exe
2132	ZLrvyrj.exe
4176	HMwmJfE.exe
3892	QhytiWC.exe
3320	NpTKJIU.exe
4924	kmPlsKA.exe
4904	rQuNOqk.exe
2172	EFvniMK.exe
64	qRuNJUQ.exe
4892	jNakSsr.exe
2824	KyBkpZH.exe
956	SDxMVmw.exe
4996	leotMiU.exe
2812	rRShFQT.exe
1976	iMIfwOH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4520-0-0x00007FF73DB50000-0x00007FF73DEA4000-memory.dmp	upx
behavioral2/files/0x0008000000023cba-5.dat	upx
behavioral2/memory/3932-12-0x00007FF76A140000-0x00007FF76A494000-memory.dmp	upx
behavioral2/files/0x0007000000023cbe-11.dat	upx
behavioral2/files/0x0007000000023cbf-16.dat	upx
behavioral2/memory/3924-18-0x00007FF735CB0000-0x00007FF736004000-memory.dmp	upx
behavioral2/memory/416-8-0x00007FF735390000-0x00007FF7356E4000-memory.dmp	upx
behavioral2/files/0x0007000000023cc0-23.dat	upx
behavioral2/memory/2524-24-0x00007FF7FE260000-0x00007FF7FE5B4000-memory.dmp	upx
behavioral2/files/0x0008000000023cbb-28.dat	upx
behavioral2/files/0x0007000000023cc1-35.dat	upx
behavioral2/files/0x0007000000023cc2-41.dat	upx
behavioral2/files/0x0007000000023cc3-47.dat	upx
behavioral2/memory/416-61-0x00007FF735390000-0x00007FF7356E4000-memory.dmp	upx
behavioral2/files/0x0007000000023cc6-67.dat	upx
behavioral2/memory/3924-75-0x00007FF735CB0000-0x00007FF736004000-memory.dmp	upx
behavioral2/memory/2524-88-0x00007FF7FE260000-0x00007FF7FE5B4000-memory.dmp	upx
behavioral2/files/0x0007000000023ccb-104.dat	upx
behavioral2/files/0x0007000000023cce-125.dat	upx
behavioral2/memory/1380-152-0x00007FF7C18B0000-0x00007FF7C1C04000-memory.dmp	upx
behavioral2/memory/4856-165-0x00007FF7E76C0000-0x00007FF7E7A14000-memory.dmp	upx
behavioral2/files/0x0007000000023cd6-178.dat	upx
behavioral2/files/0x0007000000023cdc-212.dat	upx
behavioral2/files/0x0007000000023cdb-209.dat	upx
behavioral2/files/0x0007000000023cda-205.dat	upx
behavioral2/files/0x0007000000023cd9-203.dat	upx
behavioral2/files/0x0007000000023cd8-199.dat	upx
behavioral2/memory/3508-198-0x00007FF7567B0000-0x00007FF756B04000-memory.dmp	upx
behavioral2/memory/3488-195-0x00007FF6E7CE0000-0x00007FF6E8034000-memory.dmp	upx
behavioral2/files/0x0007000000023cd7-188.dat	upx
behavioral2/memory/1084-187-0x00007FF754260000-0x00007FF7545B4000-memory.dmp	upx
behavioral2/memory/4444-186-0x00007FF629F40000-0x00007FF62A294000-memory.dmp	upx
behavioral2/memory/940-182-0x00007FF7AAE40000-0x00007FF7AB194000-memory.dmp	upx
behavioral2/memory/876-181-0x00007FF73A080000-0x00007FF73A3D4000-memory.dmp	upx
behavioral2/files/0x0007000000023cd5-174.dat	upx
behavioral2/memory/3596-173-0x00007FF7AFA90000-0x00007FF7AFDE4000-memory.dmp	upx
behavioral2/memory/3424-172-0x00007FF727720000-0x00007FF727A74000-memory.dmp	upx
behavioral2/memory/1804-168-0x00007FF6F0B10000-0x00007FF6F0E64000-memory.dmp	upx
behavioral2/files/0x0007000000023cd4-166.dat	upx
behavioral2/files/0x0007000000023cd3-163.dat	upx
behavioral2/memory/5104-162-0x00007FF6C0E20000-0x00007FF6C1174000-memory.dmp	upx
behavioral2/memory/1016-159-0x00007FF6B1B10000-0x00007FF6B1E64000-memory.dmp	upx
behavioral2/files/0x0007000000023cd2-155.dat	upx
behavioral2/memory/2576-151-0x00007FF700E60000-0x00007FF7011B4000-memory.dmp	upx
behavioral2/files/0x0007000000023cd1-146.dat	upx
behavioral2/memory/2060-145-0x00007FF61B4D0000-0x00007FF61B824000-memory.dmp	upx
behavioral2/memory/2148-144-0x00007FF60BF30000-0x00007FF60C284000-memory.dmp	upx
behavioral2/files/0x0007000000023cd0-139.dat	upx
behavioral2/memory/388-138-0x00007FF7284C0000-0x00007FF728814000-memory.dmp	upx
behavioral2/memory/5108-137-0x00007FF7C24E0000-0x00007FF7C2834000-memory.dmp	upx
behavioral2/files/0x0007000000023ccf-132.dat	upx
behavioral2/memory/2500-131-0x00007FF727BB0000-0x00007FF727F04000-memory.dmp	upx
behavioral2/memory/1004-130-0x00007FF6896E0000-0x00007FF689A34000-memory.dmp	upx
behavioral2/memory/3488-124-0x00007FF6E7CE0000-0x00007FF6E8034000-memory.dmp	upx
behavioral2/memory/4284-123-0x00007FF7F1AE0000-0x00007FF7F1E34000-memory.dmp	upx
behavioral2/files/0x0007000000023ccd-118.dat	upx
behavioral2/memory/4444-117-0x00007FF629F40000-0x00007FF62A294000-memory.dmp	upx
behavioral2/memory/2308-116-0x00007FF725A40000-0x00007FF725D94000-memory.dmp	upx
behavioral2/files/0x0007000000023ccc-111.dat	upx
behavioral2/memory/876-110-0x00007FF73A080000-0x00007FF73A3D4000-memory.dmp	upx
behavioral2/memory/2864-109-0x00007FF649CB0000-0x00007FF64A004000-memory.dmp	upx
behavioral2/memory/3424-103-0x00007FF727720000-0x00007FF727A74000-memory.dmp	upx
behavioral2/memory/2704-102-0x00007FF785170000-0x00007FF7854C4000-memory.dmp	upx
behavioral2/files/0x0007000000023cca-97.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XFNSHWY.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYdOlLa.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IxBxxmn.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cRYIlfn.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KUHUhKv.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iekAXQv.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gcDopyp.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cbqbAYO.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fBizUDj.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyetdOs.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBtAFyt.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EadzBbv.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JwvwshE.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TpWqWPb.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uazcaFf.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DiWuJlQ.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fikjbDE.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDiYxYQ.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pAQHejs.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMpfEvP.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYMwGHw.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OIQpSpp.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKOfGRP.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQBHYub.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IoWktsC.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vsNKlJB.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RcZYdHt.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxCWzci.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rixJPet.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHmqSBT.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xpRFWOn.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdKkeqk.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KWmWEGr.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bbLtIzH.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RrFlgZK.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pBWcXDF.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UUoKXHV.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VFfNmHS.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uqCUuQj.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zwTetGN.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFLiAvP.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iHiIEET.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtLYLkY.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ORuFgKP.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfkauAl.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\elKoIPC.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdlQodd.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXOgjlY.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRQicZH.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PyAdVBo.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqhXNpH.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\miCXyKX.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQXNMxA.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waqtmqm.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VWpzadi.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VlSPYAZ.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zuhscVf.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XMYKGpH.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSIHiZu.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtjKzGJ.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WfUTeYV.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hcBaarq.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wrXvKxD.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMIfwOH.exe	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 416	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4520 wrote to memory of 416	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4520 wrote to memory of 3932	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4520 wrote to memory of 3932	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4520 wrote to memory of 3924	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4520 wrote to memory of 3924	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4520 wrote to memory of 2524	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4520 wrote to memory of 2524	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4520 wrote to memory of 3528	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4520 wrote to memory of 3528	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4520 wrote to memory of 2704	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4520 wrote to memory of 2704	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4520 wrote to memory of 2864	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4520 wrote to memory of 2864	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4520 wrote to memory of 2308	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4520 wrote to memory of 2308	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4520 wrote to memory of 4284	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4520 wrote to memory of 4284	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4520 wrote to memory of 1004	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4520 wrote to memory of 1004	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4520 wrote to memory of 5108	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4520 wrote to memory of 5108	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4520 wrote to memory of 2148	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4520 wrote to memory of 2148	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4520 wrote to memory of 2576	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4520 wrote to memory of 2576	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4520 wrote to memory of 1016	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4520 wrote to memory of 1016	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4520 wrote to memory of 4856	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4520 wrote to memory of 4856	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4520 wrote to memory of 3424	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4520 wrote to memory of 3424	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4520 wrote to memory of 876	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4520 wrote to memory of 876	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4520 wrote to memory of 4444	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4520 wrote to memory of 4444	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4520 wrote to memory of 3488	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4520 wrote to memory of 3488	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4520 wrote to memory of 2500	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4520 wrote to memory of 2500	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4520 wrote to memory of 388	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4520 wrote to memory of 388	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4520 wrote to memory of 2060	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4520 wrote to memory of 2060	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4520 wrote to memory of 1380	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4520 wrote to memory of 1380	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4520 wrote to memory of 5104	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4520 wrote to memory of 5104	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4520 wrote to memory of 1804	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4520 wrote to memory of 1804	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4520 wrote to memory of 3596	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4520 wrote to memory of 3596	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4520 wrote to memory of 940	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4520 wrote to memory of 940	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4520 wrote to memory of 1084	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4520 wrote to memory of 1084	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4520 wrote to memory of 3508	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4520 wrote to memory of 3508	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4520 wrote to memory of 4796	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4520 wrote to memory of 4796	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4520 wrote to memory of 2268	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4520 wrote to memory of 2268	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4520 wrote to memory of 2648	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4520 wrote to memory of 2648	4520	2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe	117

C:\Users\Admin\AppData\Local\Temp\2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-16_b38af1b15557aa3fc06d9ce9997af23b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Windows\System\dBrUPWi.exe
  C:\Windows\System\dBrUPWi.exe
  2⤵
  - Executes dropped EXE
  PID:416
- C:\Windows\System\powAFtX.exe
  C:\Windows\System\powAFtX.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\HVcnsch.exe
  C:\Windows\System\HVcnsch.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\QroaTvT.exe
  C:\Windows\System\QroaTvT.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\DvlfNte.exe
  C:\Windows\System\DvlfNte.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\zfKEfgw.exe
  C:\Windows\System\zfKEfgw.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\QSjCVLT.exe
  C:\Windows\System\QSjCVLT.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\vunCRHV.exe
  C:\Windows\System\vunCRHV.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\bTpTQeb.exe
  C:\Windows\System\bTpTQeb.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\zuhscVf.exe
  C:\Windows\System\zuhscVf.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\SciLcBX.exe
  C:\Windows\System\SciLcBX.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\xFeMLvd.exe
  C:\Windows\System\xFeMLvd.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\RcZYdHt.exe
  C:\Windows\System\RcZYdHt.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ArKbPSI.exe
  C:\Windows\System\ArKbPSI.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\IxhSiUm.exe
  C:\Windows\System\IxhSiUm.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\gJmaowc.exe
  C:\Windows\System\gJmaowc.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\TVtUznt.exe
  C:\Windows\System\TVtUznt.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\cEnFUIY.exe
  C:\Windows\System\cEnFUIY.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\LXcvOEO.exe
  C:\Windows\System\LXcvOEO.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\pFqAVde.exe
  C:\Windows\System\pFqAVde.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\aieLCVc.exe
  C:\Windows\System\aieLCVc.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\rNZpPGp.exe
  C:\Windows\System\rNZpPGp.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\eyGPuWf.exe
  C:\Windows\System\eyGPuWf.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\EVTusiu.exe
  C:\Windows\System\EVTusiu.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\fRrZDNR.exe
  C:\Windows\System\fRrZDNR.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\qFqfEXj.exe
  C:\Windows\System\qFqfEXj.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\cOFfZQC.exe
  C:\Windows\System\cOFfZQC.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\ibUXMfe.exe
  C:\Windows\System\ibUXMfe.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\POSxugd.exe
  C:\Windows\System\POSxugd.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\tCmgSoJ.exe
  C:\Windows\System\tCmgSoJ.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\eWvxVhl.exe
  C:\Windows\System\eWvxVhl.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\gPdpyti.exe
  C:\Windows\System\gPdpyti.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\ccLiUeB.exe
  C:\Windows\System\ccLiUeB.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\AilbeNY.exe
  C:\Windows\System\AilbeNY.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\KySvTlq.exe
  C:\Windows\System\KySvTlq.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\JJcfkHk.exe
  C:\Windows\System\JJcfkHk.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\IvchqDJ.exe
  C:\Windows\System\IvchqDJ.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\ZyOdvBC.exe
  C:\Windows\System\ZyOdvBC.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\hzCVtqb.exe
  C:\Windows\System\hzCVtqb.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\QMxWkGk.exe
  C:\Windows\System\QMxWkGk.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\ESGlRSC.exe
  C:\Windows\System\ESGlRSC.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\Gxuwuze.exe
  C:\Windows\System\Gxuwuze.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\wSNZese.exe
  C:\Windows\System\wSNZese.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\WqnVGSK.exe
  C:\Windows\System\WqnVGSK.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\OtEzUvd.exe
  C:\Windows\System\OtEzUvd.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\nsTVzQS.exe
  C:\Windows\System\nsTVzQS.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\EPXacVE.exe
  C:\Windows\System\EPXacVE.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\UQRUvmu.exe
  C:\Windows\System\UQRUvmu.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\nxvAzxg.exe
  C:\Windows\System\nxvAzxg.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\VkkYFOM.exe
  C:\Windows\System\VkkYFOM.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\ZLrvyrj.exe
  C:\Windows\System\ZLrvyrj.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\HMwmJfE.exe
  C:\Windows\System\HMwmJfE.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\QhytiWC.exe
  C:\Windows\System\QhytiWC.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\NpTKJIU.exe
  C:\Windows\System\NpTKJIU.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\kmPlsKA.exe
  C:\Windows\System\kmPlsKA.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\rQuNOqk.exe
  C:\Windows\System\rQuNOqk.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\EFvniMK.exe
  C:\Windows\System\EFvniMK.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\qRuNJUQ.exe
  C:\Windows\System\qRuNJUQ.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\jNakSsr.exe
  C:\Windows\System\jNakSsr.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\KyBkpZH.exe
  C:\Windows\System\KyBkpZH.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\SDxMVmw.exe
  C:\Windows\System\SDxMVmw.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\leotMiU.exe
  C:\Windows\System\leotMiU.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\rRShFQT.exe
  C:\Windows\System\rRShFQT.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\iMIfwOH.exe
  C:\Windows\System\iMIfwOH.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\LqGUkid.exe
  C:\Windows\System\LqGUkid.exe
  2⤵
  PID:3560
- C:\Windows\System\pdspEJh.exe
  C:\Windows\System\pdspEJh.exe
  2⤵
  PID:2868
- C:\Windows\System\vDFCPxr.exe
  C:\Windows\System\vDFCPxr.exe
  2⤵
  PID:232
- C:\Windows\System\ktANyCa.exe
  C:\Windows\System\ktANyCa.exe
  2⤵
  PID:1812
- C:\Windows\System\sWkcubH.exe
  C:\Windows\System\sWkcubH.exe
  2⤵
  PID:2056
- C:\Windows\System\ukyBFhO.exe
  C:\Windows\System\ukyBFhO.exe
  2⤵
  PID:4572
- C:\Windows\System\UqsFFYE.exe
  C:\Windows\System\UqsFFYE.exe
  2⤵
  PID:5148
- C:\Windows\System\LYmikLY.exe
  C:\Windows\System\LYmikLY.exe
  2⤵
  PID:5168
- C:\Windows\System\hwDOJvb.exe
  C:\Windows\System\hwDOJvb.exe
  2⤵
  PID:5196
- C:\Windows\System\wcSKJXa.exe
  C:\Windows\System\wcSKJXa.exe
  2⤵
  PID:5212
- C:\Windows\System\etwsExI.exe
  C:\Windows\System\etwsExI.exe
  2⤵
  PID:5240
- C:\Windows\System\xoTLTAs.exe
  C:\Windows\System\xoTLTAs.exe
  2⤵
  PID:5280
- C:\Windows\System\dBMODkl.exe
  C:\Windows\System\dBMODkl.exe
  2⤵
  PID:5308
- C:\Windows\System\iYHVtTe.exe
  C:\Windows\System\iYHVtTe.exe
  2⤵
  PID:5324
- C:\Windows\System\hbWluEJ.exe
  C:\Windows\System\hbWluEJ.exe
  2⤵
  PID:5364
- C:\Windows\System\jTMiHBB.exe
  C:\Windows\System\jTMiHBB.exe
  2⤵
  PID:5392
- C:\Windows\System\dFtgKkH.exe
  C:\Windows\System\dFtgKkH.exe
  2⤵
  PID:5420
- C:\Windows\System\HGJTIOn.exe
  C:\Windows\System\HGJTIOn.exe
  2⤵
  PID:5448
- C:\Windows\System\DwaQoor.exe
  C:\Windows\System\DwaQoor.exe
  2⤵
  PID:5480
- C:\Windows\System\LgggtOt.exe
  C:\Windows\System\LgggtOt.exe
  2⤵
  PID:5504
- C:\Windows\System\cRzLYUJ.exe
  C:\Windows\System\cRzLYUJ.exe
  2⤵
  PID:5536
- C:\Windows\System\VialzIr.exe
  C:\Windows\System\VialzIr.exe
  2⤵
  PID:5560
- C:\Windows\System\GOoqNxj.exe
  C:\Windows\System\GOoqNxj.exe
  2⤵
  PID:5576
- C:\Windows\System\fThKMbG.exe
  C:\Windows\System\fThKMbG.exe
  2⤵
  PID:5616
- C:\Windows\System\ynZDxMh.exe
  C:\Windows\System\ynZDxMh.exe
  2⤵
  PID:5656
- C:\Windows\System\WIveIDE.exe
  C:\Windows\System\WIveIDE.exe
  2⤵
  PID:5672
- C:\Windows\System\AUuMkpl.exe
  C:\Windows\System\AUuMkpl.exe
  2⤵
  PID:5700
- C:\Windows\System\CgXVwON.exe
  C:\Windows\System\CgXVwON.exe
  2⤵
  PID:5728
- C:\Windows\System\GSIHiZu.exe
  C:\Windows\System\GSIHiZu.exe
  2⤵
  PID:5756
- C:\Windows\System\PQEzfnU.exe
  C:\Windows\System\PQEzfnU.exe
  2⤵
  PID:5784
- C:\Windows\System\XoNHjaT.exe
  C:\Windows\System\XoNHjaT.exe
  2⤵
  PID:5800
- C:\Windows\System\YocUxaL.exe
  C:\Windows\System\YocUxaL.exe
  2⤵
  PID:5836
- C:\Windows\System\pCxXQOv.exe
  C:\Windows\System\pCxXQOv.exe
  2⤵
  PID:5868
- C:\Windows\System\XuNyBmP.exe
  C:\Windows\System\XuNyBmP.exe
  2⤵
  PID:5896
- C:\Windows\System\dIbbGSM.exe
  C:\Windows\System\dIbbGSM.exe
  2⤵
  PID:5936
- C:\Windows\System\noDOCIq.exe
  C:\Windows\System\noDOCIq.exe
  2⤵
  PID:5964
- C:\Windows\System\OjlRxnB.exe
  C:\Windows\System\OjlRxnB.exe
  2⤵
  PID:5980
- C:\Windows\System\SdhWwlI.exe
  C:\Windows\System\SdhWwlI.exe
  2⤵
  PID:6008
- C:\Windows\System\VfkauAl.exe
  C:\Windows\System\VfkauAl.exe
  2⤵
  PID:6036
- C:\Windows\System\TtUnzeP.exe
  C:\Windows\System\TtUnzeP.exe
  2⤵
  PID:6064
- C:\Windows\System\KXMWwFX.exe
  C:\Windows\System\KXMWwFX.exe
  2⤵
  PID:6092
- C:\Windows\System\lUdJtzT.exe
  C:\Windows\System\lUdJtzT.exe
  2⤵
  PID:6132
- C:\Windows\System\JXUdRxK.exe
  C:\Windows\System\JXUdRxK.exe
  2⤵
  PID:1008
- C:\Windows\System\hVhqTQP.exe
  C:\Windows\System\hVhqTQP.exe
  2⤵
  PID:2408
- C:\Windows\System\uoSnSUl.exe
  C:\Windows\System\uoSnSUl.exe
  2⤵
  PID:2052
- C:\Windows\System\wkwRdyO.exe
  C:\Windows\System\wkwRdyO.exe
  2⤵
  PID:1968
- C:\Windows\System\fYjxXVb.exe
  C:\Windows\System\fYjxXVb.exe
  2⤵
  PID:1448
- C:\Windows\System\UfVAggF.exe
  C:\Windows\System\UfVAggF.exe
  2⤵
  PID:5128
- C:\Windows\System\bfprtFN.exe
  C:\Windows\System\bfprtFN.exe
  2⤵
  PID:5164
- C:\Windows\System\DZSGlbQ.exe
  C:\Windows\System\DZSGlbQ.exe
  2⤵
  PID:5228
- C:\Windows\System\xbQpFrV.exe
  C:\Windows\System\xbQpFrV.exe
  2⤵
  PID:5272
- C:\Windows\System\ARQucrP.exe
  C:\Windows\System\ARQucrP.exe
  2⤵
  PID:5356
- C:\Windows\System\zpMUSet.exe
  C:\Windows\System\zpMUSet.exe
  2⤵
  PID:5432
- C:\Windows\System\WIqrUxR.exe
  C:\Windows\System\WIqrUxR.exe
  2⤵
  PID:5500
- C:\Windows\System\FLGqxFt.exe
  C:\Windows\System\FLGqxFt.exe
  2⤵
  PID:5556
- C:\Windows\System\kJnWafw.exe
  C:\Windows\System\kJnWafw.exe
  2⤵
  PID:5648
- C:\Windows\System\mCqowzc.exe
  C:\Windows\System\mCqowzc.exe
  2⤵
  PID:5688
- C:\Windows\System\YaVnCJn.exe
  C:\Windows\System\YaVnCJn.exe
  2⤵
  PID:5752
- C:\Windows\System\YYtZbHd.exe
  C:\Windows\System\YYtZbHd.exe
  2⤵
  PID:5824
- C:\Windows\System\eucZZEX.exe
  C:\Windows\System\eucZZEX.exe
  2⤵
  PID:5884
- C:\Windows\System\ZrqnEHC.exe
  C:\Windows\System\ZrqnEHC.exe
  2⤵
  PID:5956
- C:\Windows\System\orLZeOI.exe
  C:\Windows\System\orLZeOI.exe
  2⤵
  PID:6016
- C:\Windows\System\fyyzCUh.exe
  C:\Windows\System\fyyzCUh.exe
  2⤵
  PID:6080
- C:\Windows\System\fGBuJpL.exe
  C:\Windows\System\fGBuJpL.exe
  2⤵
  PID:392
- C:\Windows\System\dmfcyNn.exe
  C:\Windows\System\dmfcyNn.exe
  2⤵
  PID:2836
- C:\Windows\System\fzfNLKw.exe
  C:\Windows\System\fzfNLKw.exe
  2⤵
  PID:5144
- C:\Windows\System\ZfSEuOF.exe
  C:\Windows\System\ZfSEuOF.exe
  2⤵
  PID:5296
- C:\Windows\System\NiBwQuD.exe
  C:\Windows\System\NiBwQuD.exe
  2⤵
  PID:5384
- C:\Windows\System\UnHYMat.exe
  C:\Windows\System\UnHYMat.exe
  2⤵
  PID:5544
- C:\Windows\System\JdDSANQ.exe
  C:\Windows\System\JdDSANQ.exe
  2⤵
  PID:5684
- C:\Windows\System\oVukIPf.exe
  C:\Windows\System\oVukIPf.exe
  2⤵
  PID:5852
- C:\Windows\System\VrJlTHE.exe
  C:\Windows\System\VrJlTHE.exe
  2⤵
  PID:6172
- C:\Windows\System\bFhRNHC.exe
  C:\Windows\System\bFhRNHC.exe
  2⤵
  PID:6200
- C:\Windows\System\EEyPesZ.exe
  C:\Windows\System\EEyPesZ.exe
  2⤵
  PID:6228
- C:\Windows\System\JwlkxRX.exe
  C:\Windows\System\JwlkxRX.exe
  2⤵
  PID:6256
- C:\Windows\System\oglyRfa.exe
  C:\Windows\System\oglyRfa.exe
  2⤵
  PID:6296
- C:\Windows\System\svufJTC.exe
  C:\Windows\System\svufJTC.exe
  2⤵
  PID:6324
- C:\Windows\System\fluYgmE.exe
  C:\Windows\System\fluYgmE.exe
  2⤵
  PID:6340
- C:\Windows\System\PZlJXWk.exe
  C:\Windows\System\PZlJXWk.exe
  2⤵
  PID:6368
- C:\Windows\System\vfglKtm.exe
  C:\Windows\System\vfglKtm.exe
  2⤵
  PID:6408
- C:\Windows\System\fBizUDj.exe
  C:\Windows\System\fBizUDj.exe
  2⤵
  PID:6424
- C:\Windows\System\DFLiAvP.exe
  C:\Windows\System\DFLiAvP.exe
  2⤵
  PID:6452
- C:\Windows\System\yfHXTUN.exe
  C:\Windows\System\yfHXTUN.exe
  2⤵
  PID:6488
- C:\Windows\System\prnBTZo.exe
  C:\Windows\System\prnBTZo.exe
  2⤵
  PID:6508
- C:\Windows\System\lFnFpij.exe
  C:\Windows\System\lFnFpij.exe
  2⤵
  PID:6536
- C:\Windows\System\ovUFpYI.exe
  C:\Windows\System\ovUFpYI.exe
  2⤵
  PID:6564
- C:\Windows\System\zzstLeK.exe
  C:\Windows\System\zzstLeK.exe
  2⤵
  PID:6604
- C:\Windows\System\zGGAYEn.exe
  C:\Windows\System\zGGAYEn.exe
  2⤵
  PID:6620
- C:\Windows\System\VUVWcdL.exe
  C:\Windows\System\VUVWcdL.exe
  2⤵
  PID:6648
- C:\Windows\System\tiHbfWh.exe
  C:\Windows\System\tiHbfWh.exe
  2⤵
  PID:6676
- C:\Windows\System\jAzJzmW.exe
  C:\Windows\System\jAzJzmW.exe
  2⤵
  PID:6704
- C:\Windows\System\ywWZlHr.exe
  C:\Windows\System\ywWZlHr.exe
  2⤵
  PID:6732
- C:\Windows\System\bBgDRuw.exe
  C:\Windows\System\bBgDRuw.exe
  2⤵
  PID:6748
- C:\Windows\System\KNghOAd.exe
  C:\Windows\System\KNghOAd.exe
  2⤵
  PID:6788
- C:\Windows\System\RKHivVl.exe
  C:\Windows\System\RKHivVl.exe
  2⤵
  PID:6816
- C:\Windows\System\mjDZUSd.exe
  C:\Windows\System\mjDZUSd.exe
  2⤵
  PID:6856
- C:\Windows\System\BYMwGHw.exe
  C:\Windows\System\BYMwGHw.exe
  2⤵
  PID:6872
- C:\Windows\System\wszrQaO.exe
  C:\Windows\System\wszrQaO.exe
  2⤵
  PID:6900
- C:\Windows\System\miCXyKX.exe
  C:\Windows\System\miCXyKX.exe
  2⤵
  PID:6928
- C:\Windows\System\hSKdrYH.exe
  C:\Windows\System\hSKdrYH.exe
  2⤵
  PID:6944
- C:\Windows\System\WlJkpnt.exe
  C:\Windows\System\WlJkpnt.exe
  2⤵
  PID:6972
- C:\Windows\System\TTBkGXi.exe
  C:\Windows\System\TTBkGXi.exe
  2⤵
  PID:7012
- C:\Windows\System\RSHMSER.exe
  C:\Windows\System\RSHMSER.exe
  2⤵
  PID:7052
- C:\Windows\System\UDiTOWX.exe
  C:\Windows\System\UDiTOWX.exe
  2⤵
  PID:7080
- C:\Windows\System\wHHjJZg.exe
  C:\Windows\System\wHHjJZg.exe
  2⤵
  PID:7108
- C:\Windows\System\FJTZFeh.exe
  C:\Windows\System\FJTZFeh.exe
  2⤵
  PID:7124
- C:\Windows\System\hXzlZvz.exe
  C:\Windows\System\hXzlZvz.exe
  2⤵
  PID:7152
- C:\Windows\System\JcXTPQi.exe
  C:\Windows\System\JcXTPQi.exe
  2⤵
  PID:5924
- C:\Windows\System\gVcdtfX.exe
  C:\Windows\System\gVcdtfX.exe
  2⤵
  PID:6076
- C:\Windows\System\OlHOmOR.exe
  C:\Windows\System\OlHOmOR.exe
  2⤵
  PID:4508
- C:\Windows\System\vggBzGB.exe
  C:\Windows\System\vggBzGB.exe
  2⤵
  PID:5336
- C:\Windows\System\mPPahrx.exe
  C:\Windows\System\mPPahrx.exe
  2⤵
  PID:5640
- C:\Windows\System\oBpzaPB.exe
  C:\Windows\System\oBpzaPB.exe
  2⤵
  PID:6184
- C:\Windows\System\TzMLBMR.exe
  C:\Windows\System\TzMLBMR.exe
  2⤵
  PID:6244
- C:\Windows\System\OgBmzyD.exe
  C:\Windows\System\OgBmzyD.exe
  2⤵
  PID:6312
- C:\Windows\System\syaTWxd.exe
  C:\Windows\System\syaTWxd.exe
  2⤵
  PID:6380
- C:\Windows\System\luKaBOq.exe
  C:\Windows\System\luKaBOq.exe
  2⤵
  PID:6416
- C:\Windows\System\biWoBgC.exe
  C:\Windows\System\biWoBgC.exe
  2⤵
  PID:6504
- C:\Windows\System\VvOosva.exe
  C:\Windows\System\VvOosva.exe
  2⤵
  PID:6576
- C:\Windows\System\crYpmAe.exe
  C:\Windows\System\crYpmAe.exe
  2⤵
  PID:6640
- C:\Windows\System\OQXNMxA.exe
  C:\Windows\System\OQXNMxA.exe
  2⤵
  PID:6668
- C:\Windows\System\rMKAfWn.exe
  C:\Windows\System\rMKAfWn.exe
  2⤵
  PID:6772
- C:\Windows\System\QtLRsCw.exe
  C:\Windows\System\QtLRsCw.exe
  2⤵
  PID:6840
- C:\Windows\System\LCMPseD.exe
  C:\Windows\System\LCMPseD.exe
  2⤵
  PID:6868
- C:\Windows\System\pBWcXDF.exe
  C:\Windows\System\pBWcXDF.exe
  2⤵
  PID:6936
- C:\Windows\System\WgTHivz.exe
  C:\Windows\System\WgTHivz.exe
  2⤵
  PID:7028
- C:\Windows\System\qNzKBtu.exe
  C:\Windows\System\qNzKBtu.exe
  2⤵
  PID:7096
- C:\Windows\System\eaGGCHj.exe
  C:\Windows\System\eaGGCHj.exe
  2⤵
  PID:7164
- C:\Windows\System\DlsNbpI.exe
  C:\Windows\System\DlsNbpI.exe
  2⤵
  PID:2216
- C:\Windows\System\jMtguJg.exe
  C:\Windows\System\jMtguJg.exe
  2⤵
  PID:5608
- C:\Windows\System\ZpVQlqJ.exe
  C:\Windows\System\ZpVQlqJ.exe
  2⤵
  PID:6212
- C:\Windows\System\NuTEXBA.exe
  C:\Windows\System\NuTEXBA.exe
  2⤵
  PID:6400
- C:\Windows\System\ZtIuNvZ.exe
  C:\Windows\System\ZtIuNvZ.exe
  2⤵
  PID:6552
- C:\Windows\System\opugqlV.exe
  C:\Windows\System\opugqlV.exe
  2⤵
  PID:6660
- C:\Windows\System\DkuosEV.exe
  C:\Windows\System\DkuosEV.exe
  2⤵
  PID:6804
- C:\Windows\System\awmKraB.exe
  C:\Windows\System\awmKraB.exe
  2⤵
  PID:7200
- C:\Windows\System\NxBIrbg.exe
  C:\Windows\System\NxBIrbg.exe
  2⤵
  PID:7228
- C:\Windows\System\Vmifkhx.exe
  C:\Windows\System\Vmifkhx.exe
  2⤵
  PID:7256
- C:\Windows\System\CwJbjAS.exe
  C:\Windows\System\CwJbjAS.exe
  2⤵
  PID:7272
- C:\Windows\System\QKkWxsv.exe
  C:\Windows\System\QKkWxsv.exe
  2⤵
  PID:7312
- C:\Windows\System\ZPPmgnA.exe
  C:\Windows\System\ZPPmgnA.exe
  2⤵
  PID:7340
- C:\Windows\System\NFdjuXF.exe
  C:\Windows\System\NFdjuXF.exe
  2⤵
  PID:7356
- C:\Windows\System\gHslTCt.exe
  C:\Windows\System\gHslTCt.exe
  2⤵
  PID:7392
- C:\Windows\System\SggmlqV.exe
  C:\Windows\System\SggmlqV.exe
  2⤵
  PID:7424
- C:\Windows\System\xlwEjvT.exe
  C:\Windows\System\xlwEjvT.exe
  2⤵
  PID:7456
- C:\Windows\System\eSoNEMJ.exe
  C:\Windows\System\eSoNEMJ.exe
  2⤵
  PID:7488
- C:\Windows\System\THTeRjw.exe
  C:\Windows\System\THTeRjw.exe
  2⤵
  PID:7508
- C:\Windows\System\YVLaoGZ.exe
  C:\Windows\System\YVLaoGZ.exe
  2⤵
  PID:7536
- C:\Windows\System\kPLavTf.exe
  C:\Windows\System\kPLavTf.exe
  2⤵
  PID:7564
- C:\Windows\System\jjGylJP.exe
  C:\Windows\System\jjGylJP.exe
  2⤵
  PID:7592
- C:\Windows\System\oThdYkE.exe
  C:\Windows\System\oThdYkE.exe
  2⤵
  PID:7620
- C:\Windows\System\efDFtAp.exe
  C:\Windows\System\efDFtAp.exe
  2⤵
  PID:7648
- C:\Windows\System\MFGWxHx.exe
  C:\Windows\System\MFGWxHx.exe
  2⤵
  PID:7664
- C:\Windows\System\awyvHtk.exe
  C:\Windows\System\awyvHtk.exe
  2⤵
  PID:7692
- C:\Windows\System\jizwjHY.exe
  C:\Windows\System\jizwjHY.exe
  2⤵
  PID:7720
- C:\Windows\System\rTbIFJR.exe
  C:\Windows\System\rTbIFJR.exe
  2⤵
  PID:7748
- C:\Windows\System\HhQqcmD.exe
  C:\Windows\System\HhQqcmD.exe
  2⤵
  PID:7788
- C:\Windows\System\FGUFHyi.exe
  C:\Windows\System\FGUFHyi.exe
  2⤵
  PID:7816
- C:\Windows\System\DgfFJpJ.exe
  C:\Windows\System\DgfFJpJ.exe
  2⤵
  PID:7832
- C:\Windows\System\nUNVvWU.exe
  C:\Windows\System\nUNVvWU.exe
  2⤵
  PID:7860
- C:\Windows\System\BJwFOSh.exe
  C:\Windows\System\BJwFOSh.exe
  2⤵
  PID:7888
- C:\Windows\System\ELJgshb.exe
  C:\Windows\System\ELJgshb.exe
  2⤵
  PID:7928
- C:\Windows\System\qbFkJCn.exe
  C:\Windows\System\qbFkJCn.exe
  2⤵
  PID:7956
- C:\Windows\System\QFSJyFj.exe
  C:\Windows\System\QFSJyFj.exe
  2⤵
  PID:7984
- C:\Windows\System\JIYypzf.exe
  C:\Windows\System\JIYypzf.exe
  2⤵
  PID:8012
- C:\Windows\System\UJyejPe.exe
  C:\Windows\System\UJyejPe.exe
  2⤵
  PID:8040
- C:\Windows\System\UtjKzGJ.exe
  C:\Windows\System\UtjKzGJ.exe
  2⤵
  PID:8068
- C:\Windows\System\DiWuJlQ.exe
  C:\Windows\System\DiWuJlQ.exe
  2⤵
  PID:8096
- C:\Windows\System\WbLZISL.exe
  C:\Windows\System\WbLZISL.exe
  2⤵
  PID:8124
- C:\Windows\System\zrkAwJI.exe
  C:\Windows\System\zrkAwJI.exe
  2⤵
  PID:8152
- C:\Windows\System\zAEisDt.exe
  C:\Windows\System\zAEisDt.exe
  2⤵
  PID:8168
- C:\Windows\System\lLDhAyN.exe
  C:\Windows\System\lLDhAyN.exe
  2⤵
  PID:6864
- C:\Windows\System\UUoKXHV.exe
  C:\Windows\System\UUoKXHV.exe
  2⤵
  PID:7072
- C:\Windows\System\kwTksgA.exe
  C:\Windows\System\kwTksgA.exe
  2⤵
  PID:5208
- C:\Windows\System\XDieOEO.exe
  C:\Windows\System\XDieOEO.exe
  2⤵
  PID:6160
- C:\Windows\System\pZVraNW.exe
  C:\Windows\System\pZVraNW.exe
  2⤵
  PID:6528
- C:\Windows\System\ESVAcGN.exe
  C:\Windows\System\ESVAcGN.exe
  2⤵
  PID:7212
- C:\Windows\System\NCgDVBf.exe
  C:\Windows\System\NCgDVBf.exe
  2⤵
  PID:7268
- C:\Windows\System\iPduRhi.exe
  C:\Windows\System\iPduRhi.exe
  2⤵
  PID:7332
- C:\Windows\System\wqRZJsm.exe
  C:\Windows\System\wqRZJsm.exe
  2⤵
  PID:7388
- C:\Windows\System\RIqqpuU.exe
  C:\Windows\System\RIqqpuU.exe
  2⤵
  PID:7464
- C:\Windows\System\FcUNgcd.exe
  C:\Windows\System\FcUNgcd.exe
  2⤵
  PID:2036
- C:\Windows\System\SSHmRGO.exe
  C:\Windows\System\SSHmRGO.exe
  2⤵
  PID:7588
- C:\Windows\System\WnLorAQ.exe
  C:\Windows\System\WnLorAQ.exe
  2⤵
  PID:7640
- C:\Windows\System\RxErXYn.exe
  C:\Windows\System\RxErXYn.exe
  2⤵
  PID:7708
- C:\Windows\System\VrTfBHQ.exe
  C:\Windows\System\VrTfBHQ.exe
  2⤵
  PID:7776
- C:\Windows\System\VvRXixV.exe
  C:\Windows\System\VvRXixV.exe
  2⤵
  PID:7844
- C:\Windows\System\rlRJxlp.exe
  C:\Windows\System\rlRJxlp.exe
  2⤵
  PID:7912
- C:\Windows\System\UMGBngA.exe
  C:\Windows\System\UMGBngA.exe
  2⤵
  PID:7972
- C:\Windows\System\VpkcUva.exe
  C:\Windows\System\VpkcUva.exe
  2⤵
  PID:8032
- C:\Windows\System\ilmqrYy.exe
  C:\Windows\System\ilmqrYy.exe
  2⤵
  PID:8088
- C:\Windows\System\oLhCDtd.exe
  C:\Windows\System\oLhCDtd.exe
  2⤵
  PID:8136
- C:\Windows\System\OYXjSyE.exe
  C:\Windows\System\OYXjSyE.exe
  2⤵
  PID:8184
- C:\Windows\System\yKXGdtl.exe
  C:\Windows\System\yKXGdtl.exe
  2⤵
  PID:7004
- C:\Windows\System\csgfpKx.exe
  C:\Windows\System\csgfpKx.exe
  2⤵
  PID:6480
- C:\Windows\System\pKVVJpU.exe
  C:\Windows\System\pKVVJpU.exe
  2⤵
  PID:7324
- C:\Windows\System\xxBPzNV.exe
  C:\Windows\System\xxBPzNV.exe
  2⤵
  PID:7484
- C:\Windows\System\HROnRwt.exe
  C:\Windows\System\HROnRwt.exe
  2⤵
  PID:7556
- C:\Windows\System\TTjVnmO.exe
  C:\Windows\System\TTjVnmO.exe
  2⤵
  PID:7760
- C:\Windows\System\EqnSaxz.exe
  C:\Windows\System\EqnSaxz.exe
  2⤵
  PID:7880
- C:\Windows\System\jFacPex.exe
  C:\Windows\System\jFacPex.exe
  2⤵
  PID:8204
- C:\Windows\System\AZkEaCb.exe
  C:\Windows\System\AZkEaCb.exe
  2⤵
  PID:8232
- C:\Windows\System\VKIEEOT.exe
  C:\Windows\System\VKIEEOT.exe
  2⤵
  PID:8260
- C:\Windows\System\XFNSHWY.exe
  C:\Windows\System\XFNSHWY.exe
  2⤵
  PID:8276
- C:\Windows\System\YATEuKL.exe
  C:\Windows\System\YATEuKL.exe
  2⤵
  PID:8312
- C:\Windows\System\LoqjpSy.exe
  C:\Windows\System\LoqjpSy.exe
  2⤵
  PID:8348
- C:\Windows\System\CYdOlLa.exe
  C:\Windows\System\CYdOlLa.exe
  2⤵
  PID:8372
- C:\Windows\System\brsLIxx.exe
  C:\Windows\System\brsLIxx.exe
  2⤵
  PID:8400
- C:\Windows\System\MEDFRNe.exe
  C:\Windows\System\MEDFRNe.exe
  2⤵
  PID:8416
- C:\Windows\System\LEsaNIP.exe
  C:\Windows\System\LEsaNIP.exe
  2⤵
  PID:8444
- C:\Windows\System\eBaeYSf.exe
  C:\Windows\System\eBaeYSf.exe
  2⤵
  PID:8484
- C:\Windows\System\mkkTagy.exe
  C:\Windows\System\mkkTagy.exe
  2⤵
  PID:8512
- C:\Windows\System\RqtWoJn.exe
  C:\Windows\System\RqtWoJn.exe
  2⤵
  PID:8540
- C:\Windows\System\XvuUPIm.exe
  C:\Windows\System\XvuUPIm.exe
  2⤵
  PID:8556
- C:\Windows\System\RumayIu.exe
  C:\Windows\System\RumayIu.exe
  2⤵
  PID:8584
- C:\Windows\System\rKGRxwA.exe
  C:\Windows\System\rKGRxwA.exe
  2⤵
  PID:8612
- C:\Windows\System\LikuJzG.exe
  C:\Windows\System\LikuJzG.exe
  2⤵
  PID:8652
- C:\Windows\System\JNMaCwc.exe
  C:\Windows\System\JNMaCwc.exe
  2⤵
  PID:8684
- C:\Windows\System\ZVOeuoz.exe
  C:\Windows\System\ZVOeuoz.exe
  2⤵
  PID:8708
- C:\Windows\System\YjcpnxF.exe
  C:\Windows\System\YjcpnxF.exe
  2⤵
  PID:8736
- C:\Windows\System\ovzckWI.exe
  C:\Windows\System\ovzckWI.exe
  2⤵
  PID:8764
- C:\Windows\System\waqtmqm.exe
  C:\Windows\System\waqtmqm.exe
  2⤵
  PID:8792
- C:\Windows\System\shwNxyk.exe
  C:\Windows\System\shwNxyk.exe
  2⤵
  PID:8808
- C:\Windows\System\ZeWIyas.exe
  C:\Windows\System\ZeWIyas.exe
  2⤵
  PID:8836
- C:\Windows\System\iiSHIeM.exe
  C:\Windows\System\iiSHIeM.exe
  2⤵
  PID:8864
- C:\Windows\System\xYWejkY.exe
  C:\Windows\System\xYWejkY.exe
  2⤵
  PID:8892
- C:\Windows\System\bZUMlWs.exe
  C:\Windows\System\bZUMlWs.exe
  2⤵
  PID:8932
- C:\Windows\System\OToGHIP.exe
  C:\Windows\System\OToGHIP.exe
  2⤵
  PID:8960
- C:\Windows\System\dRKWIWG.exe
  C:\Windows\System\dRKWIWG.exe
  2⤵
  PID:8988
- C:\Windows\System\RXYFdIS.exe
  C:\Windows\System\RXYFdIS.exe
  2⤵
  PID:9016
- C:\Windows\System\cnoVPtI.exe
  C:\Windows\System\cnoVPtI.exe
  2⤵
  PID:9044
- C:\Windows\System\RHbzBEP.exe
  C:\Windows\System\RHbzBEP.exe
  2⤵
  PID:9072
- C:\Windows\System\NnsrdKq.exe
  C:\Windows\System\NnsrdKq.exe
  2⤵
  PID:9088
- C:\Windows\System\EzQtUTc.exe
  C:\Windows\System\EzQtUTc.exe
  2⤵
  PID:9128
- C:\Windows\System\zOBLXIs.exe
  C:\Windows\System\zOBLXIs.exe
  2⤵
  PID:9156
- C:\Windows\System\EpYwDtn.exe
  C:\Windows\System\EpYwDtn.exe
  2⤵
  PID:9184
- C:\Windows\System\OIQpSpp.exe
  C:\Windows\System\OIQpSpp.exe
  2⤵
  PID:9208
- C:\Windows\System\akASlHC.exe
  C:\Windows\System\akASlHC.exe
  2⤵
  PID:8108
- C:\Windows\System\KipfbUO.exe
  C:\Windows\System\KipfbUO.exe
  2⤵
  PID:7000
- C:\Windows\System\fVVGnfx.exe
  C:\Windows\System\fVVGnfx.exe
  2⤵
  PID:7244
- C:\Windows\System\sXDVpGT.exe
  C:\Windows\System\sXDVpGT.exe
  2⤵
  PID:7520
- C:\Windows\System\tIkhGdS.exe
  C:\Windows\System\tIkhGdS.exe
  2⤵
  PID:7684
- C:\Windows\System\kAvLIsn.exe
  C:\Windows\System\kAvLIsn.exe
  2⤵
  PID:8000
- C:\Windows\System\VWpzadi.exe
  C:\Windows\System\VWpzadi.exe
  2⤵
  PID:8248
- C:\Windows\System\LNmBVVL.exe
  C:\Windows\System\LNmBVVL.exe
  2⤵
  PID:8308
- C:\Windows\System\KKOfGRP.exe
  C:\Windows\System\KKOfGRP.exe
  2⤵
  PID:8368
- C:\Windows\System\vyetdOs.exe
  C:\Windows\System\vyetdOs.exe
  2⤵
  PID:8432
- C:\Windows\System\WNixXMQ.exe
  C:\Windows\System\WNixXMQ.exe
  2⤵
  PID:8528
- C:\Windows\System\MdLCrJy.exe
  C:\Windows\System\MdLCrJy.exe
  2⤵
  PID:8596
- C:\Windows\System\NVTBPLf.exe
  C:\Windows\System\NVTBPLf.exe
  2⤵
  PID:8624
- C:\Windows\System\QbpwTsS.exe
  C:\Windows\System\QbpwTsS.exe
  2⤵
  PID:8672
- C:\Windows\System\soocwpT.exe
  C:\Windows\System\soocwpT.exe
  2⤵
  PID:8728
- C:\Windows\System\QcoMWHB.exe
  C:\Windows\System\QcoMWHB.exe
  2⤵
  PID:8800
- C:\Windows\System\IKyndbL.exe
  C:\Windows\System\IKyndbL.exe
  2⤵
  PID:8884
- C:\Windows\System\OwZXmEI.exe
  C:\Windows\System\OwZXmEI.exe
  2⤵
  PID:8948
- C:\Windows\System\PqvYgif.exe
  C:\Windows\System\PqvYgif.exe
  2⤵
  PID:8980
- C:\Windows\System\IbjGTBz.exe
  C:\Windows\System\IbjGTBz.exe
  2⤵
  PID:9064
- C:\Windows\System\iufGlUY.exe
  C:\Windows\System\iufGlUY.exe
  2⤵
  PID:9120
- C:\Windows\System\IxBxxmn.exe
  C:\Windows\System\IxBxxmn.exe
  2⤵
  PID:9196
- C:\Windows\System\euOSNKr.exe
  C:\Windows\System\euOSNKr.exe
  2⤵
  PID:2088
- C:\Windows\System\Gnczpem.exe
  C:\Windows\System\Gnczpem.exe
  2⤵
  PID:3832
- C:\Windows\System\HoKGPkA.exe
  C:\Windows\System\HoKGPkA.exe
  2⤵
  PID:1504
- C:\Windows\System\opwKEKf.exe
  C:\Windows\System\opwKEKf.exe
  2⤵
  PID:8244
- C:\Windows\System\JSGhmse.exe
  C:\Windows\System\JSGhmse.exe
  2⤵
  PID:8356
- C:\Windows\System\edLBxiW.exe
  C:\Windows\System\edLBxiW.exe
  2⤵
  PID:8504
- C:\Windows\System\aFKxjmK.exe
  C:\Windows\System\aFKxjmK.exe
  2⤵
  PID:8600
- C:\Windows\System\yZCzJkY.exe
  C:\Windows\System\yZCzJkY.exe
  2⤵
  PID:8720
- C:\Windows\System\fLOXQGE.exe
  C:\Windows\System\fLOXQGE.exe
  2⤵
  PID:8828
- C:\Windows\System\pLrlFtr.exe
  C:\Windows\System\pLrlFtr.exe
  2⤵
  PID:8972
- C:\Windows\System\hQLsnyd.exe
  C:\Windows\System\hQLsnyd.exe
  2⤵
  PID:9112
- C:\Windows\System\QZysEOi.exe
  C:\Windows\System\QZysEOi.exe
  2⤵
  PID:1712
- C:\Windows\System\qnaxzNW.exe
  C:\Windows\System\qnaxzNW.exe
  2⤵
  PID:5468
- C:\Windows\System\mHYKopc.exe
  C:\Windows\System\mHYKopc.exe
  2⤵
  PID:3304
- C:\Windows\System\yYQRlAj.exe
  C:\Windows\System\yYQRlAj.exe
  2⤵
  PID:8412
- C:\Windows\System\bgMViQh.exe
  C:\Windows\System\bgMViQh.exe
  2⤵
  PID:8572
- C:\Windows\System\VxCWzci.exe
  C:\Windows\System\VxCWzci.exe
  2⤵
  PID:8700
- C:\Windows\System\ILmUqGV.exe
  C:\Windows\System\ILmUqGV.exe
  2⤵
  PID:8924
- C:\Windows\System\miXmIME.exe
  C:\Windows\System\miXmIME.exe
  2⤵
  PID:9232
- C:\Windows\System\mBOPKBe.exe
  C:\Windows\System\mBOPKBe.exe
  2⤵
  PID:9276
- C:\Windows\System\WfUTeYV.exe
  C:\Windows\System\WfUTeYV.exe
  2⤵
  PID:9304
- C:\Windows\System\jTbPOQe.exe
  C:\Windows\System\jTbPOQe.exe
  2⤵
  PID:9320
- C:\Windows\System\uzCnyed.exe
  C:\Windows\System\uzCnyed.exe
  2⤵
  PID:9356
- C:\Windows\System\mqoCdAv.exe
  C:\Windows\System\mqoCdAv.exe
  2⤵
  PID:9388
- C:\Windows\System\hSbyzCA.exe
  C:\Windows\System\hSbyzCA.exe
  2⤵
  PID:9420
- C:\Windows\System\QPlMDid.exe
  C:\Windows\System\QPlMDid.exe
  2⤵
  PID:9448
- C:\Windows\System\XDByfrR.exe
  C:\Windows\System\XDByfrR.exe
  2⤵
  PID:9472
- C:\Windows\System\KWmWEGr.exe
  C:\Windows\System\KWmWEGr.exe
  2⤵
  PID:9500
- C:\Windows\System\qeeqBKS.exe
  C:\Windows\System\qeeqBKS.exe
  2⤵
  PID:9528
- C:\Windows\System\SLsSUYH.exe
  C:\Windows\System\SLsSUYH.exe
  2⤵
  PID:9556
- C:\Windows\System\VzeYjXP.exe
  C:\Windows\System\VzeYjXP.exe
  2⤵
  PID:9584
- C:\Windows\System\fVFPxZr.exe
  C:\Windows\System\fVFPxZr.exe
  2⤵
  PID:9612
- C:\Windows\System\BMjsyQh.exe
  C:\Windows\System\BMjsyQh.exe
  2⤵
  PID:9640
- C:\Windows\System\kPfpMFO.exe
  C:\Windows\System\kPfpMFO.exe
  2⤵
  PID:9668
- C:\Windows\System\rpsRejh.exe
  C:\Windows\System\rpsRejh.exe
  2⤵
  PID:9696
- C:\Windows\System\dJropWz.exe
  C:\Windows\System\dJropWz.exe
  2⤵
  PID:9724
- C:\Windows\System\UWeLxvD.exe
  C:\Windows\System\UWeLxvD.exe
  2⤵
  PID:9764
- C:\Windows\System\TaHCsXo.exe
  C:\Windows\System\TaHCsXo.exe
  2⤵
  PID:9780
- C:\Windows\System\rkLxQmR.exe
  C:\Windows\System\rkLxQmR.exe
  2⤵
  PID:9808
- C:\Windows\System\VGxqfEo.exe
  C:\Windows\System\VGxqfEo.exe
  2⤵
  PID:9824
- C:\Windows\System\cvizZWp.exe
  C:\Windows\System\cvizZWp.exe
  2⤵
  PID:9852
- C:\Windows\System\KeXDwoy.exe
  C:\Windows\System\KeXDwoy.exe
  2⤵
  PID:9892
- C:\Windows\System\kLKVQMT.exe
  C:\Windows\System\kLKVQMT.exe
  2⤵
  PID:9920
- C:\Windows\System\mNJZmOR.exe
  C:\Windows\System\mNJZmOR.exe
  2⤵
  PID:9948
- C:\Windows\System\DuFwoAA.exe
  C:\Windows\System\DuFwoAA.exe
  2⤵
  PID:9976
- C:\Windows\System\dvObnBl.exe
  C:\Windows\System\dvObnBl.exe
  2⤵
  PID:10004
- C:\Windows\System\LHbOGBa.exe
  C:\Windows\System\LHbOGBa.exe
  2⤵
  PID:10032
- C:\Windows\System\gKZofqV.exe
  C:\Windows\System\gKZofqV.exe
  2⤵
  PID:10048
- C:\Windows\System\RdOpaYJ.exe
  C:\Windows\System\RdOpaYJ.exe
  2⤵
  PID:10076
- C:\Windows\System\EyhLJzs.exe
  C:\Windows\System\EyhLJzs.exe
  2⤵
  PID:10104
- C:\Windows\System\HLKCFpF.exe
  C:\Windows\System\HLKCFpF.exe
  2⤵
  PID:10144
- C:\Windows\System\dxlBKYW.exe
  C:\Windows\System\dxlBKYW.exe
  2⤵
  PID:10176
- C:\Windows\System\wUAgggx.exe
  C:\Windows\System\wUAgggx.exe
  2⤵
  PID:10200
- C:\Windows\System\bSiFivP.exe
  C:\Windows\System\bSiFivP.exe
  2⤵
  PID:10228
- C:\Windows\System\oDuuhLK.exe
  C:\Windows\System\oDuuhLK.exe
  2⤵
  PID:9172
- C:\Windows\System\CBtAFyt.exe
  C:\Windows\System\CBtAFyt.exe
  2⤵
  PID:4376
- C:\Windows\System\dHzvdTQ.exe
  C:\Windows\System\dHzvdTQ.exe
  2⤵
  PID:8568
- C:\Windows\System\TKGpejw.exe
  C:\Windows\System\TKGpejw.exe
  2⤵
  PID:9224
- C:\Windows\System\AaWSzpk.exe
  C:\Windows\System\AaWSzpk.exe
  2⤵
  PID:9268
- C:\Windows\System\eKKYXGr.exe
  C:\Windows\System\eKKYXGr.exe
  2⤵
  PID:9316
- C:\Windows\System\lvlRyUj.exe
  C:\Windows\System\lvlRyUj.exe
  2⤵
  PID:9380
- C:\Windows\System\rixJPet.exe
  C:\Windows\System\rixJPet.exe
  2⤵
  PID:9412
- C:\Windows\System\xvvUVjX.exe
  C:\Windows\System\xvvUVjX.exe
  2⤵
  PID:9484
- C:\Windows\System\vQeZgte.exe
  C:\Windows\System\vQeZgte.exe
  2⤵
  PID:9576
- C:\Windows\System\jqHUzNF.exe
  C:\Windows\System\jqHUzNF.exe
  2⤵
  PID:9632
- C:\Windows\System\ySjJTyx.exe
  C:\Windows\System\ySjJTyx.exe
  2⤵
  PID:9680
- C:\Windows\System\qYQSPuD.exe
  C:\Windows\System\qYQSPuD.exe
  2⤵
  PID:9772
- C:\Windows\System\cDrMzMD.exe
  C:\Windows\System\cDrMzMD.exe
  2⤵
  PID:9836
- C:\Windows\System\fTJKhXC.exe
  C:\Windows\System\fTJKhXC.exe
  2⤵
  PID:9904
- C:\Windows\System\QUaHdkV.exe
  C:\Windows\System\QUaHdkV.exe
  2⤵
  PID:9936
- C:\Windows\System\ePvstyi.exe
  C:\Windows\System\ePvstyi.exe
  2⤵
  PID:10024
- C:\Windows\System\taAmnOD.exe
  C:\Windows\System\taAmnOD.exe
  2⤵
  PID:10092
- C:\Windows\System\bIddScG.exe
  C:\Windows\System\bIddScG.exe
  2⤵
  PID:10132
- C:\Windows\System\JMFggLR.exe
  C:\Windows\System\JMFggLR.exe
  2⤵
  PID:10196
- C:\Windows\System\DSCprHP.exe
  C:\Windows\System\DSCprHP.exe
  2⤵
  PID:8
- C:\Windows\System\WKVuSLI.exe
  C:\Windows\System\WKVuSLI.exe
  2⤵
  PID:8776
- C:\Windows\System\nFDTLwo.exe
  C:\Windows\System\nFDTLwo.exe
  2⤵
  PID:9288
- C:\Windows\System\FlRlqOZ.exe
  C:\Windows\System\FlRlqOZ.exe
  2⤵
  PID:9456
- C:\Windows\System\QOCsGTz.exe
  C:\Windows\System\QOCsGTz.exe
  2⤵
  PID:9604
- C:\Windows\System\WdaHpib.exe
  C:\Windows\System\WdaHpib.exe
  2⤵
  PID:9748
- C:\Windows\System\znqJhVY.exe
  C:\Windows\System\znqJhVY.exe
  2⤵
  PID:9880
- C:\Windows\System\duDJseU.exe
  C:\Windows\System\duDJseU.exe
  2⤵
  PID:10060
- C:\Windows\System\ZJJxWHF.exe
  C:\Windows\System\ZJJxWHF.exe
  2⤵
  PID:10164
- C:\Windows\System\fwexhcZ.exe
  C:\Windows\System\fwexhcZ.exe
  2⤵
  PID:9060
- C:\Windows\System\bxekOrO.exe
  C:\Windows\System\bxekOrO.exe
  2⤵
  PID:9248
- C:\Windows\System\CfcNiwB.exe
  C:\Windows\System\CfcNiwB.exe
  2⤵
  PID:9548
- C:\Windows\System\OWGriMT.exe
  C:\Windows\System\OWGriMT.exe
  2⤵
  PID:10016
- C:\Windows\System\pQFdxYI.exe
  C:\Windows\System\pQFdxYI.exe
  2⤵
  PID:10260
- C:\Windows\System\SIHQJpX.exe
  C:\Windows\System\SIHQJpX.exe
  2⤵
  PID:10288
- C:\Windows\System\uEGrnNA.exe
  C:\Windows\System\uEGrnNA.exe
  2⤵
  PID:10312
- C:\Windows\System\KaJfTCQ.exe
  C:\Windows\System\KaJfTCQ.exe
  2⤵
  PID:10340
- C:\Windows\System\wWxTEbw.exe
  C:\Windows\System\wWxTEbw.exe
  2⤵
  PID:10368
- C:\Windows\System\cjByNBs.exe
  C:\Windows\System\cjByNBs.exe
  2⤵
  PID:10388
- C:\Windows\System\rLgpCPV.exe
  C:\Windows\System\rLgpCPV.exe
  2⤵
  PID:10416
- C:\Windows\System\HnJbyeL.exe
  C:\Windows\System\HnJbyeL.exe
  2⤵
  PID:10456
- C:\Windows\System\lWNREYy.exe
  C:\Windows\System\lWNREYy.exe
  2⤵
  PID:10484
- C:\Windows\System\fCGOHOP.exe
  C:\Windows\System\fCGOHOP.exe
  2⤵
  PID:10500
- C:\Windows\System\RHIXgXb.exe
  C:\Windows\System\RHIXgXb.exe
  2⤵
  PID:10528
- C:\Windows\System\kqsxJgP.exe
  C:\Windows\System\kqsxJgP.exe
  2⤵
  PID:10556
- C:\Windows\System\FPKktUY.exe
  C:\Windows\System\FPKktUY.exe
  2⤵
  PID:10596
- C:\Windows\System\CewCEBj.exe
  C:\Windows\System\CewCEBj.exe
  2⤵
  PID:10624
- C:\Windows\System\mdGKdhZ.exe
  C:\Windows\System\mdGKdhZ.exe
  2⤵
  PID:10640
- C:\Windows\System\bXhvgbn.exe
  C:\Windows\System\bXhvgbn.exe
  2⤵
  PID:10668
- C:\Windows\System\ZcovKcW.exe
  C:\Windows\System\ZcovKcW.exe
  2⤵
  PID:10708
- C:\Windows\System\wsBnJkd.exe
  C:\Windows\System\wsBnJkd.exe
  2⤵
  PID:10736
- C:\Windows\System\xuxvPyw.exe
  C:\Windows\System\xuxvPyw.exe
  2⤵
  PID:10752
- C:\Windows\System\TaWoZfj.exe
  C:\Windows\System\TaWoZfj.exe
  2⤵
  PID:10780
- C:\Windows\System\azeTnxU.exe
  C:\Windows\System\azeTnxU.exe
  2⤵
  PID:10816
- C:\Windows\System\uxQRiht.exe
  C:\Windows\System\uxQRiht.exe
  2⤵
  PID:10848
- C:\Windows\System\ODqiEFN.exe
  C:\Windows\System\ODqiEFN.exe
  2⤵
  PID:10964
- C:\Windows\System\wHBifwL.exe
  C:\Windows\System\wHBifwL.exe
  2⤵
  PID:10984
- C:\Windows\System\jluDecf.exe
  C:\Windows\System\jluDecf.exe
  2⤵
  PID:11020
- C:\Windows\System\mVYYsYk.exe
  C:\Windows\System\mVYYsYk.exe
  2⤵
  PID:11056
- C:\Windows\System\GuzrByd.exe
  C:\Windows\System\GuzrByd.exe
  2⤵
  PID:11080
- C:\Windows\System\ZsKdPix.exe
  C:\Windows\System\ZsKdPix.exe
  2⤵
  PID:11160
- C:\Windows\System\ubKRCwX.exe
  C:\Windows\System\ubKRCwX.exe
  2⤵
  PID:11212
- C:\Windows\System\cNVDtTv.exe
  C:\Windows\System\cNVDtTv.exe
  2⤵
  PID:11240
- C:\Windows\System\LSvBLbo.exe
  C:\Windows\System\LSvBLbo.exe
  2⤵
  PID:10116
- C:\Windows\System\YgYJyXv.exe
  C:\Windows\System\YgYJyXv.exe
  2⤵
  PID:9968
- C:\Windows\System\uQwOKrM.exe
  C:\Windows\System\uQwOKrM.exe
  2⤵
  PID:10280
- C:\Windows\System\CNvYUvA.exe
  C:\Windows\System\CNvYUvA.exe
  2⤵
  PID:10380
- C:\Windows\System\QCDWiKn.exe
  C:\Windows\System\QCDWiKn.exe
  2⤵
  PID:10472
- C:\Windows\System\PxXlLdM.exe
  C:\Windows\System\PxXlLdM.exe
  2⤵
  PID:1160
- C:\Windows\System\atDZfik.exe
  C:\Windows\System\atDZfik.exe
  2⤵
  PID:10580
- C:\Windows\System\JxKgXoM.exe
  C:\Windows\System\JxKgXoM.exe
  2⤵
  PID:4984
- C:\Windows\System\WsDEAgK.exe
  C:\Windows\System\WsDEAgK.exe
  2⤵
  PID:10656
- C:\Windows\System\aGetstk.exe
  C:\Windows\System\aGetstk.exe
  2⤵
  PID:10700
- C:\Windows\System\goOggQS.exe
  C:\Windows\System\goOggQS.exe
  2⤵
  PID:10744
- C:\Windows\System\flFeYKq.exe
  C:\Windows\System\flFeYKq.exe
  2⤵
  PID:2852
- C:\Windows\System\UzNGNPE.exe
  C:\Windows\System\UzNGNPE.exe
  2⤵
  PID:10844
- C:\Windows\System\qyjaZtw.exe
  C:\Windows\System\qyjaZtw.exe
  2⤵
  PID:3524
- C:\Windows\System\ENPaYXq.exe
  C:\Windows\System\ENPaYXq.exe
  2⤵
  PID:3096
- C:\Windows\System\cTbGFtz.exe
  C:\Windows\System\cTbGFtz.exe
  2⤵
  PID:1296
- C:\Windows\System\bbLtIzH.exe
  C:\Windows\System\bbLtIzH.exe
  2⤵
  PID:1932
- C:\Windows\System\EzHqjNa.exe
  C:\Windows\System\EzHqjNa.exe
  2⤵
  PID:2304
- C:\Windows\System\WRAXtUf.exe
  C:\Windows\System\WRAXtUf.exe
  2⤵
  PID:1660
- C:\Windows\System\fikjbDE.exe
  C:\Windows\System\fikjbDE.exe
  2⤵
  PID:1076
- C:\Windows\System\eHmqSBT.exe
  C:\Windows\System\eHmqSBT.exe
  2⤵
  PID:10804
- C:\Windows\System\OZyftHt.exe
  C:\Windows\System\OZyftHt.exe
  2⤵
  PID:2980
- C:\Windows\System\oyhFDJm.exe
  C:\Windows\System\oyhFDJm.exe
  2⤵
  PID:440
- C:\Windows\System\XRYvOjv.exe
  C:\Windows\System\XRYvOjv.exe
  2⤵
  PID:1852
- C:\Windows\System\InoDOJZ.exe
  C:\Windows\System\InoDOJZ.exe
  2⤵
  PID:2260
- C:\Windows\System\jhcxyzl.exe
  C:\Windows\System\jhcxyzl.exe
  2⤵
  PID:1508
- C:\Windows\System\rnvUcsS.exe
  C:\Windows\System\rnvUcsS.exe
  2⤵
  PID:10976
- C:\Windows\System\qrbsWNm.exe
  C:\Windows\System\qrbsWNm.exe
  2⤵
  PID:11136
- C:\Windows\System\xqjwGOY.exe
  C:\Windows\System\xqjwGOY.exe
  2⤵
  PID:11196
- C:\Windows\System\JwRVbSR.exe
  C:\Windows\System\JwRVbSR.exe
  2⤵
  PID:10972
- C:\Windows\System\xmLUpFw.exe
  C:\Windows\System\xmLUpFw.exe
  2⤵
  PID:736
- C:\Windows\System\HkOovOZ.exe
  C:\Windows\System\HkOovOZ.exe
  2⤵
  PID:10404
- C:\Windows\System\CmxzMoQ.exe
  C:\Windows\System\CmxzMoQ.exe
  2⤵
  PID:10568
- C:\Windows\System\DQKJqVO.exe
  C:\Windows\System\DQKJqVO.exe
  2⤵
  PID:10724
- C:\Windows\System\tgpfVbm.exe
  C:\Windows\System\tgpfVbm.exe
  2⤵
  PID:228
- C:\Windows\System\vOoSSew.exe
  C:\Windows\System\vOoSSew.exe
  2⤵
  PID:3608
- C:\Windows\System\mSPxDsE.exe
  C:\Windows\System\mSPxDsE.exe
  2⤵
  PID:3324
- C:\Windows\System\eKCpBXp.exe
  C:\Windows\System\eKCpBXp.exe
  2⤵
  PID:3836
- C:\Windows\System\eyFxfJR.exe
  C:\Windows\System\eyFxfJR.exe
  2⤵
  PID:4172
- C:\Windows\System\lqzoobg.exe
  C:\Windows\System\lqzoobg.exe
  2⤵
  PID:4944
- C:\Windows\System\cPltXFO.exe
  C:\Windows\System\cPltXFO.exe
  2⤵
  PID:3992
- C:\Windows\System\fIsaKcA.exe
  C:\Windows\System\fIsaKcA.exe
  2⤵
  PID:11156
- C:\Windows\System\ANANYTH.exe
  C:\Windows\System\ANANYTH.exe
  2⤵
  PID:9736
- C:\Windows\System\KXDZqpo.exe
  C:\Windows\System\KXDZqpo.exe
  2⤵
  PID:2476
- C:\Windows\System\MVvrgVd.exe
  C:\Windows\System\MVvrgVd.exe
  2⤵
  PID:1080
- C:\Windows\System\CaWuaOw.exe
  C:\Windows\System\CaWuaOw.exe
  2⤵
  PID:2012
- C:\Windows\System\tMfprUo.exe
  C:\Windows\System\tMfprUo.exe
  2⤵
  PID:3916
- C:\Windows\System\KQxXQXt.exe
  C:\Windows\System\KQxXQXt.exe
  2⤵
  PID:4408
- C:\Windows\System\IUnSJlt.exe
  C:\Windows\System\IUnSJlt.exe
  2⤵
  PID:10764
- C:\Windows\System\OIbhEtP.exe
  C:\Windows\System\OIbhEtP.exe
  2⤵
  PID:2816
- C:\Windows\System\DoGkKzE.exe
  C:\Windows\System\DoGkKzE.exe
  2⤵
  PID:2176
- C:\Windows\System\QBGgGAk.exe
  C:\Windows\System\QBGgGAk.exe
  2⤵
  PID:11300
- C:\Windows\System\NLyrSIn.exe
  C:\Windows\System\NLyrSIn.exe
  2⤵
  PID:11340
- C:\Windows\System\xQOskXq.exe
  C:\Windows\System\xQOskXq.exe
  2⤵
  PID:11368
- C:\Windows\System\qNxKaSZ.exe
  C:\Windows\System\qNxKaSZ.exe
  2⤵
  PID:11396
- C:\Windows\System\GJiQgdD.exe
  C:\Windows\System\GJiQgdD.exe
  2⤵
  PID:11424
- C:\Windows\System\PfDBrSJ.exe
  C:\Windows\System\PfDBrSJ.exe
  2⤵
  PID:11452
- C:\Windows\System\elKoIPC.exe
  C:\Windows\System\elKoIPC.exe
  2⤵
  PID:11472
- C:\Windows\System\jTXxBaL.exe
  C:\Windows\System\jTXxBaL.exe
  2⤵
  PID:11508
- C:\Windows\System\bXfkAed.exe
  C:\Windows\System\bXfkAed.exe
  2⤵
  PID:11536
- C:\Windows\System\uPRlxcg.exe
  C:\Windows\System\uPRlxcg.exe
  2⤵
  PID:11564
- C:\Windows\System\etINmUh.exe
  C:\Windows\System\etINmUh.exe
  2⤵
  PID:11592
- C:\Windows\System\fhwCjuk.exe
  C:\Windows\System\fhwCjuk.exe
  2⤵
  PID:11620
- C:\Windows\System\LjxPOaf.exe
  C:\Windows\System\LjxPOaf.exe
  2⤵
  PID:11652
- C:\Windows\System\bRROWYg.exe
  C:\Windows\System\bRROWYg.exe
  2⤵
  PID:11680
- C:\Windows\System\aClLBed.exe
  C:\Windows\System\aClLBed.exe
  2⤵
  PID:11708
- C:\Windows\System\YVNjUkB.exe
  C:\Windows\System\YVNjUkB.exe
  2⤵
  PID:11736
- C:\Windows\System\XztoRAj.exe
  C:\Windows\System\XztoRAj.exe
  2⤵
  PID:11764
- C:\Windows\System\vUHQyhz.exe
  C:\Windows\System\vUHQyhz.exe
  2⤵
  PID:11792
- C:\Windows\System\yMkiuzP.exe
  C:\Windows\System\yMkiuzP.exe
  2⤵
  PID:11820
- C:\Windows\System\eDiYxYQ.exe
  C:\Windows\System\eDiYxYQ.exe
  2⤵
  PID:11848
- C:\Windows\System\CRGKthq.exe
  C:\Windows\System\CRGKthq.exe
  2⤵
  PID:11876
- C:\Windows\System\lqWVvUb.exe
  C:\Windows\System\lqWVvUb.exe
  2⤵
  PID:11904
- C:\Windows\System\FyDRwvl.exe
  C:\Windows\System\FyDRwvl.exe
  2⤵
  PID:11932
- C:\Windows\System\vOhJIib.exe
  C:\Windows\System\vOhJIib.exe
  2⤵
  PID:11956
- C:\Windows\System\sDxZKQH.exe
  C:\Windows\System\sDxZKQH.exe
  2⤵
  PID:11988
- C:\Windows\System\ApehrTl.exe
  C:\Windows\System\ApehrTl.exe
  2⤵
  PID:12020
- C:\Windows\System\FZLnVSR.exe
  C:\Windows\System\FZLnVSR.exe
  2⤵
  PID:12048
- C:\Windows\System\peEFfYA.exe
  C:\Windows\System\peEFfYA.exe
  2⤵
  PID:12076
- C:\Windows\System\TEAJNGS.exe
  C:\Windows\System\TEAJNGS.exe
  2⤵
  PID:12104
- C:\Windows\System\WpQbgEt.exe
  C:\Windows\System\WpQbgEt.exe
  2⤵
  PID:12132
- C:\Windows\System\sdyDRVp.exe
  C:\Windows\System\sdyDRVp.exe
  2⤵
  PID:12160
- C:\Windows\System\dJQeetM.exe
  C:\Windows\System\dJQeetM.exe
  2⤵
  PID:12180
- C:\Windows\System\zuBWGwB.exe
  C:\Windows\System\zuBWGwB.exe
  2⤵
  PID:12216
- C:\Windows\System\dqDuNjH.exe
  C:\Windows\System\dqDuNjH.exe
  2⤵
  PID:12244
- C:\Windows\System\cvrdlYO.exe
  C:\Windows\System\cvrdlYO.exe
  2⤵
  PID:12276
- C:\Windows\System\OqCoptA.exe
  C:\Windows\System\OqCoptA.exe
  2⤵
  PID:1152
- C:\Windows\System\EurlCJA.exe
  C:\Windows\System\EurlCJA.exe
  2⤵
  PID:11292
- C:\Windows\System\LUrjMBY.exe
  C:\Windows\System\LUrjMBY.exe
  2⤵
  PID:11280
- C:\Windows\System\RKgMPWQ.exe
  C:\Windows\System\RKgMPWQ.exe
  2⤵
  PID:11352
- C:\Windows\System\mUGfLNP.exe
  C:\Windows\System\mUGfLNP.exe
  2⤵
  PID:11388
- C:\Windows\System\FUUphRw.exe
  C:\Windows\System\FUUphRw.exe
  2⤵
  PID:11492
- C:\Windows\System\agRKBKR.exe
  C:\Windows\System\agRKBKR.exe
  2⤵
  PID:11560
- C:\Windows\System\ZztdRQR.exe
  C:\Windows\System\ZztdRQR.exe
  2⤵
  PID:11636
- C:\Windows\System\OQRPwXW.exe
  C:\Windows\System\OQRPwXW.exe
  2⤵
  PID:11700
- C:\Windows\System\ohCyUFR.exe
  C:\Windows\System\ohCyUFR.exe
  2⤵
  PID:11748
- C:\Windows\System\VyUCcfx.exe
  C:\Windows\System\VyUCcfx.exe
  2⤵
  PID:5476
- C:\Windows\System\inhqqKj.exe
  C:\Windows\System\inhqqKj.exe
  2⤵
  PID:5532
- C:\Windows\System\AuxLEKt.exe
  C:\Windows\System\AuxLEKt.exe
  2⤵
  PID:11944
- C:\Windows\System\IMypUgV.exe
  C:\Windows\System\IMypUgV.exe
  2⤵
  PID:12040
- C:\Windows\System\kTKVPDp.exe
  C:\Windows\System\kTKVPDp.exe
  2⤵
  PID:12124
- C:\Windows\System\tdlQodd.exe
  C:\Windows\System\tdlQodd.exe
  2⤵
  PID:12176
- C:\Windows\System\RCuoYhR.exe
  C:\Windows\System\RCuoYhR.exe
  2⤵
  PID:12240
- C:\Windows\System\cTxJgmI.exe
  C:\Windows\System\cTxJgmI.exe
  2⤵
  PID:4576
- C:\Windows\System\VvzGJXa.exe
  C:\Windows\System\VvzGJXa.exe
  2⤵
  PID:5136
- C:\Windows\System\NElvOWb.exe
  C:\Windows\System\NElvOWb.exe
  2⤵
  PID:11528
- C:\Windows\System\GCPcMFc.exe
  C:\Windows\System\GCPcMFc.exe
  2⤵
  PID:11692
- C:\Windows\System\lbNIcTQ.exe
  C:\Windows\System\lbNIcTQ.exe
  2⤵
  PID:11816
- C:\Windows\System\RUChdDc.exe
  C:\Windows\System\RUChdDc.exe
  2⤵
  PID:11928
- C:\Windows\System\gSMbaWY.exe
  C:\Windows\System\gSMbaWY.exe
  2⤵
  PID:11044
- C:\Windows\System\KtQfcmc.exe
  C:\Windows\System\KtQfcmc.exe
  2⤵
  PID:5044
- C:\Windows\System\gQqrgoE.exe
  C:\Windows\System\gQqrgoE.exe
  2⤵
  PID:3984
- C:\Windows\System\nqxLerI.exe
  C:\Windows\System\nqxLerI.exe
  2⤵
  PID:11144
- C:\Windows\System\fqzowmf.exe
  C:\Windows\System\fqzowmf.exe
  2⤵
  PID:11028
- C:\Windows\System\khrXOqo.exe
  C:\Windows\System\khrXOqo.exe
  2⤵
  PID:11868
- C:\Windows\System\NKfNySH.exe
  C:\Windows\System\NKfNySH.exe
  2⤵
  PID:12172
- C:\Windows\System\YKGJBlH.exe
  C:\Windows\System\YKGJBlH.exe
  2⤵
  PID:10184
- C:\Windows\System\PyAdVBo.exe
  C:\Windows\System\PyAdVBo.exe
  2⤵
  PID:11996
- C:\Windows\System\LfYyXNK.exe
  C:\Windows\System\LfYyXNK.exe
  2⤵
  PID:12016
- C:\Windows\System\cLbuVeS.exe
  C:\Windows\System\cLbuVeS.exe
  2⤵
  PID:12320
- C:\Windows\System\cfpdYRI.exe
  C:\Windows\System\cfpdYRI.exe
  2⤵
  PID:12344
- C:\Windows\System\vBeJtCl.exe
  C:\Windows\System\vBeJtCl.exe
  2⤵
  PID:12396
- C:\Windows\System\qaayQbQ.exe
  C:\Windows\System\qaayQbQ.exe
  2⤵
  PID:12416
- C:\Windows\System\MiLhiiK.exe
  C:\Windows\System\MiLhiiK.exe
  2⤵
  PID:12480
- C:\Windows\System\RqhXNpH.exe
  C:\Windows\System\RqhXNpH.exe
  2⤵
  PID:12508
- C:\Windows\System\glDqMIo.exe
  C:\Windows\System\glDqMIo.exe
  2⤵
  PID:12528
- C:\Windows\System\ZTzQTFL.exe
  C:\Windows\System\ZTzQTFL.exe
  2⤵
  PID:12560
- C:\Windows\System\TjhTbkj.exe
  C:\Windows\System\TjhTbkj.exe
  2⤵
  PID:12588
- C:\Windows\System\WYEXXDb.exe
  C:\Windows\System\WYEXXDb.exe
  2⤵
  PID:12612
- C:\Windows\System\LqRHXpM.exe
  C:\Windows\System\LqRHXpM.exe
  2⤵
  PID:12632
- C:\Windows\System\AverqpX.exe
  C:\Windows\System\AverqpX.exe
  2⤵
  PID:12660
- C:\Windows\System\ldYaZMe.exe
  C:\Windows\System\ldYaZMe.exe
  2⤵
  PID:12688
- C:\Windows\System\YTqyGnV.exe
  C:\Windows\System\YTqyGnV.exe
  2⤵
  PID:12720
- C:\Windows\System\SXjDzeR.exe
  C:\Windows\System\SXjDzeR.exe
  2⤵
  PID:12768
- C:\Windows\System\aoyiIXM.exe
  C:\Windows\System\aoyiIXM.exe
  2⤵
  PID:12792
- C:\Windows\System\uPBGPJd.exe
  C:\Windows\System\uPBGPJd.exe
  2⤵
  PID:12828
- C:\Windows\System\MHfyZiz.exe
  C:\Windows\System\MHfyZiz.exe
  2⤵
  PID:12892
- C:\Windows\System\atwcYYA.exe
  C:\Windows\System\atwcYYA.exe
  2⤵
  PID:12908
- C:\Windows\System\UZPdoQG.exe
  C:\Windows\System\UZPdoQG.exe
  2⤵
  PID:12932
- C:\Windows\System\peVpzgS.exe
  C:\Windows\System\peVpzgS.exe
  2⤵
  PID:12964
- C:\Windows\System\WhKXJiD.exe
  C:\Windows\System\WhKXJiD.exe
  2⤵
  PID:13024
- C:\Windows\System\prxJrVM.exe
  C:\Windows\System\prxJrVM.exe
  2⤵
  PID:13056
- C:\Windows\System\hqflAml.exe
  C:\Windows\System\hqflAml.exe
  2⤵
  PID:13076
- C:\Windows\System\EWMSxQN.exe
  C:\Windows\System\EWMSxQN.exe
  2⤵
  PID:13104
- C:\Windows\System\InSLbCK.exe
  C:\Windows\System\InSLbCK.exe
  2⤵
  PID:13136
- C:\Windows\System\iQYWLfY.exe
  C:\Windows\System\iQYWLfY.exe
  2⤵
  PID:13180
- C:\Windows\System\TjjQoab.exe
  C:\Windows\System\TjjQoab.exe
  2⤵
  PID:13228
- C:\Windows\System\wbzlTeV.exe
  C:\Windows\System\wbzlTeV.exe
  2⤵
  PID:13260
- C:\Windows\System\TQHhMcI.exe
  C:\Windows\System\TQHhMcI.exe
  2⤵
  PID:13300
- C:\Windows\System\PtFgIuq.exe
  C:\Windows\System\PtFgIuq.exe
  2⤵
  PID:12332
- C:\Windows\System\wxIYlOc.exe
  C:\Windows\System\wxIYlOc.exe
  2⤵
  PID:12260
- C:\Windows\System\gJquSvV.exe
  C:\Windows\System\gJquSvV.exe
  2⤵
  PID:12608
- C:\Windows\System\qaIvEDL.exe
  C:\Windows\System\qaIvEDL.exe
  2⤵
  PID:6236
- C:\Windows\System\ohMSwUY.exe
  C:\Windows\System\ohMSwUY.exe
  2⤵
  PID:12744
- C:\Windows\System\gaVVWmI.exe
  C:\Windows\System\gaVVWmI.exe
  2⤵
  PID:12780
- C:\Windows\System\AEjNCoI.exe
  C:\Windows\System\AEjNCoI.exe
  2⤵
  PID:12820
- C:\Windows\System\SwnDnyX.exe
  C:\Windows\System\SwnDnyX.exe
  2⤵
  PID:12860
- C:\Windows\System\ZhzaKTL.exe
  C:\Windows\System\ZhzaKTL.exe
  2⤵
  PID:12996
- C:\Windows\System\EadzBbv.exe
  C:\Windows\System\EadzBbv.exe
  2⤵
  PID:6516
- C:\Windows\System\AAJLNHB.exe
  C:\Windows\System\AAJLNHB.exe
  2⤵
  PID:13096
- C:\Windows\System\VFfNmHS.exe
  C:\Windows\System\VFfNmHS.exe
  2⤵
  PID:13012
- C:\Windows\System\gjDeyPY.exe
  C:\Windows\System\gjDeyPY.exe
  2⤵
  PID:6784
- C:\Windows\System\hJzmIdS.exe
  C:\Windows\System\hJzmIdS.exe
  2⤵
  PID:6852
- C:\Windows\System\FqFZgwN.exe
  C:\Windows\System\FqFZgwN.exe
  2⤵
  PID:7048
- C:\Windows\System\QxpYvFP.exe
  C:\Windows\System\QxpYvFP.exe
  2⤵
  PID:13252
- C:\Windows\System\NoUzmNd.exe
  C:\Windows\System\NoUzmNd.exe
  2⤵
  PID:13084
- C:\Windows\System\fhZLLvs.exe
  C:\Windows\System\fhZLLvs.exe
  2⤵
  PID:4424
- C:\Windows\System\dtpVgDe.exe
  C:\Windows\System\dtpVgDe.exe
  2⤵
  PID:13292
- C:\Windows\System\CWijWAt.exe
  C:\Windows\System\CWijWAt.exe
  2⤵
  PID:13280
- C:\Windows\System\RNKfObW.exe
  C:\Windows\System\RNKfObW.exe
  2⤵
  PID:5976
- C:\Windows\System\yIlhRjr.exe
  C:\Windows\System\yIlhRjr.exe
  2⤵
  PID:6828
- C:\Windows\System\AfRQHJH.exe
  C:\Windows\System\AfRQHJH.exe
  2⤵
  PID:6592
- C:\Windows\System\EFHflwt.exe
  C:\Windows\System\EFHflwt.exe
  2⤵
  PID:3332
- C:\Windows\System\VSAZnDr.exe
  C:\Windows\System\VSAZnDr.exe
  2⤵
  PID:12668
- C:\Windows\System\SCzFKBi.exe
  C:\Windows\System\SCzFKBi.exe
  2⤵
  PID:2412
- C:\Windows\System\oJeFkhB.exe
  C:\Windows\System\oJeFkhB.exe
  2⤵
  PID:636
- C:\Windows\System\moIhOyG.exe
  C:\Windows\System\moIhOyG.exe
  2⤵
  PID:13268
- C:\Windows\System\DKXXAKN.exe
  C:\Windows\System\DKXXAKN.exe
  2⤵
  PID:12784
- C:\Windows\System\HUfIWZV.exe
  C:\Windows\System\HUfIWZV.exe
  2⤵
  PID:13008
- C:\Windows\System\RqWzUhR.exe
  C:\Windows\System\RqWzUhR.exe
  2⤵
  PID:7196
- C:\Windows\System\AOFRMaB.exe
  C:\Windows\System\AOFRMaB.exe
  2⤵
  PID:6764
- C:\Windows\System\yQHHRcS.exe
  C:\Windows\System\yQHHRcS.exe
  2⤵
  PID:4064
- C:\Windows\System\PcJHXNa.exe
  C:\Windows\System\PcJHXNa.exe
  2⤵
  PID:1336
- C:\Windows\System\dfEzzZy.exe
  C:\Windows\System\dfEzzZy.exe
  2⤵
  PID:2820
- C:\Windows\System\taoFwqK.exe
  C:\Windows\System\taoFwqK.exe
  2⤵
  PID:3456
- C:\Windows\System\FyqUyQm.exe
  C:\Windows\System\FyqUyQm.exe
  2⤵
  PID:6120
- C:\Windows\System\ifsRPEC.exe
  C:\Windows\System\ifsRPEC.exe
  2⤵
  PID:12552
- C:\Windows\System\ZQNCyPq.exe
  C:\Windows\System\ZQNCyPq.exe
  2⤵
  PID:12704
- C:\Windows\System\SSIPOfw.exe
  C:\Windows\System\SSIPOfw.exe
  2⤵
  PID:7496
- C:\Windows\System\mBTHgWm.exe
  C:\Windows\System\mBTHgWm.exe
  2⤵
  PID:7572
- C:\Windows\System\zRLKhZt.exe
  C:\Windows\System\zRLKhZt.exe
  2⤵
  PID:7756
- C:\Windows\System\ydLFkeo.exe
  C:\Windows\System\ydLFkeo.exe
  2⤵
  PID:7856
- C:\Windows\System\mHlZukt.exe
  C:\Windows\System\mHlZukt.exe
  2⤵
  PID:7908
- C:\Windows\System\ifBilQc.exe
  C:\Windows\System\ifBilQc.exe
  2⤵
  PID:4900
- C:\Windows\System\CTHBwmq.exe
  C:\Windows\System\CTHBwmq.exe
  2⤵
  PID:1564
- C:\Windows\System\iekAXQv.exe
  C:\Windows\System\iekAXQv.exe
  2⤵
  PID:2284
- C:\Windows\System\XMYKGpH.exe
  C:\Windows\System\XMYKGpH.exe
  2⤵
  PID:2940
- C:\Windows\System\xirMCDC.exe
  C:\Windows\System\xirMCDC.exe
  2⤵
  PID:3640
- C:\Windows\System\nlPuCLO.exe
  C:\Windows\System\nlPuCLO.exe
  2⤵
  PID:4940
- C:\Windows\System\NibmRxm.exe
  C:\Windows\System\NibmRxm.exe
  2⤵
  PID:12900
- C:\Windows\System\nQonxlN.exe
  C:\Windows\System\nQonxlN.exe
  2⤵
  PID:4460
- C:\Windows\System\xwdpEKs.exe
  C:\Windows\System\xwdpEKs.exe
  2⤵
  PID:4692
- C:\Windows\System\PCkIROR.exe
  C:\Windows\System\PCkIROR.exe
  2⤵
  PID:2656
- C:\Windows\System\DYHZRax.exe
  C:\Windows\System\DYHZRax.exe
  2⤵
  PID:6964
- C:\Windows\System\OPloMxi.exe
  C:\Windows\System\OPloMxi.exe
  2⤵
  PID:4992
- C:\Windows\System\hZjnENH.exe
  C:\Windows\System\hZjnENH.exe
  2⤵
  PID:6304
- C:\Windows\System\ifqFUOB.exe
  C:\Windows\System\ifqFUOB.exe
  2⤵
  PID:6744
- C:\Windows\System\DGvSdBa.exe
  C:\Windows\System\DGvSdBa.exe
  2⤵
  PID:7688
- C:\Windows\System\rJKiYTK.exe
  C:\Windows\System\rJKiYTK.exe
  2⤵
  PID:7728
- C:\Windows\System\WhxHSSA.exe
  C:\Windows\System\WhxHSSA.exe
  2⤵
  PID:6524
- C:\Windows\System\TKFRWGu.exe
  C:\Windows\System\TKFRWGu.exe
  2⤵
  PID:5652
- C:\Windows\System\MLuxOCl.exe
  C:\Windows\System\MLuxOCl.exe
  2⤵
  PID:4556
- C:\Windows\System\bHOnoZe.exe
  C:\Windows\System\bHOnoZe.exe
  2⤵
  PID:5680
- C:\Windows\System\dWMgQyU.exe
  C:\Windows\System\dWMgQyU.exe
  2⤵
  PID:4396
- C:\Windows\System\PojBExP.exe
  C:\Windows\System\PojBExP.exe
  2⤵
  PID:5288
- C:\Windows\System\pNUiKhk.exe
  C:\Windows\System\pNUiKhk.exe
  2⤵
  PID:5340
- C:\Windows\System\NPiYOfY.exe
  C:\Windows\System\NPiYOfY.exe
  2⤵
  PID:12428
- C:\Windows\System\mVrvpux.exe
  C:\Windows\System\mVrvpux.exe
  2⤵
  PID:5864
- C:\Windows\System\whTxGbD.exe
  C:\Windows\System\whTxGbD.exe
  2⤵
  PID:7432
- C:\Windows\System\nsXvRAf.exe
  C:\Windows\System\nsXvRAf.exe
  2⤵
  PID:7644
- C:\Windows\System\MxkiFZK.exe
  C:\Windows\System\MxkiFZK.exe
  2⤵
  PID:7904
- C:\Windows\System\xaVkhfZ.exe
  C:\Windows\System\xaVkhfZ.exe
  2⤵
  PID:5988
- C:\Windows\System\iHiIEET.exe
  C:\Windows\System\iHiIEET.exe
  2⤵
  PID:1716
- C:\Windows\System\ZRnqnJf.exe
  C:\Windows\System\ZRnqnJf.exe
  2⤵
  PID:12740
- C:\Windows\System\JTMxLcl.exe
  C:\Windows\System\JTMxLcl.exe
  2⤵
  PID:3464
- C:\Windows\System\wFoYnPH.exe
  C:\Windows\System\wFoYnPH.exe
  2⤵
  PID:1764
- C:\Windows\System\NqxfUnY.exe
  C:\Windows\System\NqxfUnY.exe
  2⤵
  PID:2028
- C:\Windows\System\PXOBTJU.exe
  C:\Windows\System\PXOBTJU.exe
  2⤵
  PID:7452
- C:\Windows\System\aEmdDbO.exe
  C:\Windows\System\aEmdDbO.exe
  2⤵
  PID:5584
- C:\Windows\System\EiFPuvQ.exe
  C:\Windows\System\EiFPuvQ.exe
  2⤵
  PID:2856
- C:\Windows\System\hYYvobq.exe
  C:\Windows\System\hYYvobq.exe
  2⤵
  PID:13068
- C:\Windows\System\QRdIYZV.exe
  C:\Windows\System\QRdIYZV.exe
  2⤵
  PID:8212
- C:\Windows\System\DxqlxWH.exe
  C:\Windows\System\DxqlxWH.exe
  2⤵
  PID:5904
- C:\Windows\System\LbJyCwa.exe
  C:\Windows\System\LbJyCwa.exe
  2⤵
  PID:7240
- C:\Windows\System\xQGlhlr.exe
  C:\Windows\System\xQGlhlr.exe
  2⤵
  PID:5444
- C:\Windows\System\AjBFtSZ.exe
  C:\Windows\System\AjBFtSZ.exe
  2⤵
  PID:5380
- C:\Windows\System\pgUzpJj.exe
  C:\Windows\System\pgUzpJj.exe
  2⤵
  PID:6084
- C:\Windows\System\jKBIOSl.exe
  C:\Windows\System\jKBIOSl.exe
  2⤵
  PID:13328
- C:\Windows\System\fWbbWOk.exe
  C:\Windows\System\fWbbWOk.exe
  2⤵
  PID:13356
- C:\Windows\System\yUUOxOy.exe
  C:\Windows\System\yUUOxOy.exe
  2⤵
  PID:13372
- C:\Windows\System\ttIvADc.exe
  C:\Windows\System\ttIvADc.exe
  2⤵
  PID:13412
- C:\Windows\System\gIqIRqk.exe
  C:\Windows\System\gIqIRqk.exe
  2⤵
  PID:13440
- C:\Windows\System\zcnkiDf.exe
  C:\Windows\System\zcnkiDf.exe
  2⤵
  PID:13468
- C:\Windows\System\GOFFtal.exe
  C:\Windows\System\GOFFtal.exe
  2⤵
  PID:13500
- C:\Windows\System\LsUoPjv.exe
  C:\Windows\System\LsUoPjv.exe
  2⤵
  PID:13528
- C:\Windows\System\VhSBKxe.exe
  C:\Windows\System\VhSBKxe.exe
  2⤵
  PID:13556
- C:\Windows\System\cZDjUHc.exe
  C:\Windows\System\cZDjUHc.exe
  2⤵
  PID:13600
- C:\Windows\System\gsbuFBT.exe
  C:\Windows\System\gsbuFBT.exe
  2⤵
  PID:13616
- C:\Windows\System\uspaJhj.exe
  C:\Windows\System\uspaJhj.exe
  2⤵
  PID:13636
- C:\Windows\System\alIzXmf.exe
  C:\Windows\System\alIzXmf.exe
  2⤵
  PID:13672
- C:\Windows\System\BtyWWcW.exe
  C:\Windows\System\BtyWWcW.exe
  2⤵
  PID:13700
- C:\Windows\System\rxncQyR.exe
  C:\Windows\System\rxncQyR.exe
  2⤵
  PID:13728
- C:\Windows\System\JQvWiwy.exe
  C:\Windows\System\JQvWiwy.exe
  2⤵
  PID:13756
- C:\Windows\System\kMtZGST.exe
  C:\Windows\System\kMtZGST.exe
  2⤵
  PID:13784
- C:\Windows\System\wGoVhkb.exe
  C:\Windows\System\wGoVhkb.exe
  2⤵
  PID:13812
- C:\Windows\System\yENWloX.exe
  C:\Windows\System\yENWloX.exe
  2⤵
  PID:13840
- C:\Windows\System\ONmDgfu.exe
  C:\Windows\System\ONmDgfu.exe
  2⤵
  PID:13868
- C:\Windows\System\nuMgYqZ.exe
  C:\Windows\System\nuMgYqZ.exe
  2⤵
  PID:13888
- C:\Windows\System\OVitiCG.exe
  C:\Windows\System\OVitiCG.exe
  2⤵
  PID:13924
- C:\Windows\System\ovsqWvI.exe
  C:\Windows\System\ovsqWvI.exe
  2⤵
  PID:13952
- C:\Windows\System\AuVdGmH.exe
  C:\Windows\System\AuVdGmH.exe
  2⤵
  PID:13968
- C:\Windows\System\lEMWrha.exe
  C:\Windows\System\lEMWrha.exe
  2⤵
  PID:14004
- C:\Windows\System\XCdyaOE.exe
  C:\Windows\System\XCdyaOE.exe
  2⤵
  PID:14028
- C:\Windows\System\RfAkDwX.exe
  C:\Windows\System\RfAkDwX.exe
  2⤵
  PID:14064
- C:\Windows\System\isvdXiv.exe
  C:\Windows\System\isvdXiv.exe
  2⤵
  PID:14096
- C:\Windows\System\zeMlkep.exe
  C:\Windows\System\zeMlkep.exe
  2⤵
  PID:14124
- C:\Windows\System\ARNJFvi.exe
  C:\Windows\System\ARNJFvi.exe
  2⤵
  PID:14172
- C:\Windows\System\UJmKCVe.exe
  C:\Windows\System\UJmKCVe.exe
  2⤵
  PID:14204
- C:\Windows\System\liwfKQG.exe
  C:\Windows\System\liwfKQG.exe
  2⤵
  PID:14232
- C:\Windows\System\pymOyPp.exe
  C:\Windows\System\pymOyPp.exe
  2⤵
  PID:14260
- C:\Windows\System\njnyGUY.exe
  C:\Windows\System\njnyGUY.exe
  2⤵
  PID:14288
- C:\Windows\System\csSoqpE.exe
  C:\Windows\System\csSoqpE.exe
  2⤵
  PID:14316
- C:\Windows\System\eKLnjcZ.exe
  C:\Windows\System\eKLnjcZ.exe
  2⤵
  PID:5748
- C:\Windows\System\UbhYsAB.exe
  C:\Windows\System\UbhYsAB.exe
  2⤵
  PID:5772
- C:\Windows\System\coqhIaq.exe
  C:\Windows\System\coqhIaq.exe
  2⤵
  PID:13344
- C:\Windows\System\JTnqoEb.exe
  C:\Windows\System\JTnqoEb.exe
  2⤵
  PID:5876
- C:\Windows\System\NEUInFR.exe
  C:\Windows\System\NEUInFR.exe
  2⤵
  PID:13484
- C:\Windows\System\srZQTQP.exe
  C:\Windows\System\srZQTQP.exe
  2⤵
  PID:13548
- C:\Windows\System\ejMqwOy.exe
  C:\Windows\System\ejMqwOy.exe
  2⤵
  PID:13576
- C:\Windows\System\dIJlyOn.exe
  C:\Windows\System\dIJlyOn.exe
  2⤵
  PID:13608
- C:\Windows\System\ovxhbYt.exe
  C:\Windows\System\ovxhbYt.exe
  2⤵
  PID:13660
- C:\Windows\System\SvdDbQM.exe
  C:\Windows\System\SvdDbQM.exe
  2⤵
  PID:13712
- C:\Windows\System\CmlcpPX.exe
  C:\Windows\System\CmlcpPX.exe
  2⤵
  PID:13768
- C:\Windows\System\vAoxWRO.exe
  C:\Windows\System\vAoxWRO.exe
  2⤵
  PID:13824
- C:\Windows\System\MENsQzv.exe
  C:\Windows\System\MENsQzv.exe
  2⤵
  PID:13860
- C:\Windows\System\dnxmeGB.exe
  C:\Windows\System\dnxmeGB.exe
  2⤵
  PID:13916
- C:\Windows\System\LgzpJfq.exe
  C:\Windows\System\LgzpJfq.exe
  2⤵
  PID:13960
- C:\Windows\System\ZfEYYOP.exe
  C:\Windows\System\ZfEYYOP.exe
  2⤵
  PID:14000
- C:\Windows\System\NFeWFTY.exe
  C:\Windows\System\NFeWFTY.exe
  2⤵
  PID:13476
- C:\Windows\System\uFsJvXC.exe
  C:\Windows\System\uFsJvXC.exe
  2⤵
  PID:6384
- C:\Windows\System\uVCHlde.exe
  C:\Windows\System\uVCHlde.exe
  2⤵
  PID:14136
- C:\Windows\System\ljjuggW.exe
  C:\Windows\System\ljjuggW.exe
  2⤵
  PID:5920
- C:\Windows\System\qGzBoQu.exe
  C:\Windows\System\qGzBoQu.exe
  2⤵
  PID:11980
- C:\Windows\System\sUqvoKa.exe
  C:\Windows\System\sUqvoKa.exe
  2⤵
  PID:11976
- C:\Windows\System\MLpDPsD.exe
  C:\Windows\System\MLpDPsD.exe
  2⤵
  PID:1576
- C:\Windows\System\mLAxkuF.exe
  C:\Windows\System\mLAxkuF.exe
  2⤵
  PID:12540
- C:\Windows\System\hfbQOyp.exe
  C:\Windows\System\hfbQOyp.exe
  2⤵
  PID:5592
- C:\Windows\System\oUALXZo.exe
  C:\Windows\System\oUALXZo.exe
  2⤵
  PID:6600
- C:\Windows\System\letMlmw.exe
  C:\Windows\System\letMlmw.exe
  2⤵
  PID:13408
- C:\Windows\System\DqiOVYG.exe
  C:\Windows\System\DqiOVYG.exe
  2⤵
  PID:13524
- C:\Windows\System\psExGyl.exe
  C:\Windows\System\psExGyl.exe
  2⤵
  PID:652
- C:\Windows\System\KBnjQXz.exe
  C:\Windows\System\KBnjQXz.exe
  2⤵
  PID:8912
- C:\Windows\System\AeQDFhR.exe
  C:\Windows\System\AeQDFhR.exe
  2⤵
  PID:8848
- C:\Windows\System\qBumJSI.exe
  C:\Windows\System\qBumJSI.exe
  2⤵
  PID:13192
- C:\Windows\System\cqFygWJ.exe
  C:\Windows\System\cqFygWJ.exe
  2⤵
  PID:13912
- C:\Windows\System\vHcHZaw.exe
  C:\Windows\System\vHcHZaw.exe
  2⤵
  PID:13996
- C:\Windows\System\SmVDmlC.exe
  C:\Windows\System\SmVDmlC.exe
  2⤵
  PID:14092
- C:\Windows\System\uiWUnxh.exe
  C:\Windows\System\uiWUnxh.exe
  2⤵
  PID:14216
- C:\Windows\System\UYSKzjP.exe
  C:\Windows\System\UYSKzjP.exe
  2⤵
  PID:6432
- C:\Windows\System\gqPXiQm.exe
  C:\Windows\System\gqPXiQm.exe
  2⤵
  PID:14244
- C:\Windows\System\YSexoKG.exe
  C:\Windows\System\YSexoKG.exe
  2⤵
  PID:6044
- C:\Windows\System\ZjKfLYp.exe
  C:\Windows\System\ZjKfLYp.exe
  2⤵
  PID:6052
- C:\Windows\System\gDHUAhP.exe
  C:\Windows\System\gDHUAhP.exe
  2⤵
  PID:13644
- C:\Windows\System\VmKHIAW.exe
  C:\Windows\System\VmKHIAW.exe
  2⤵
  PID:13864
- C:\Windows\System\WRTTuUS.exe
  C:\Windows\System\WRTTuUS.exe
  2⤵
  PID:14048
- C:\Windows\System\Ujrakar.exe
  C:\Windows\System\Ujrakar.exe
  2⤵
  PID:4476
- C:\Windows\System\NUhLXEB.exe
  C:\Windows\System\NUhLXEB.exe
  2⤵
  PID:14328
- C:\Windows\System\WbnXSfc.exe
  C:\Windows\System\WbnXSfc.exe
  2⤵
  PID:13808
- C:\Windows\System\ebzkLIP.exe
  C:\Windows\System\ebzkLIP.exe
  2⤵
  PID:14120
- C:\Windows\System\tZSZjpP.exe
  C:\Windows\System\tZSZjpP.exe
  2⤵
  PID:6460
- C:\Windows\System\brUmLfj.exe
  C:\Windows\System\brUmLfj.exe
  2⤵
  PID:9256
- C:\Windows\System\KnNkebX.exe
  C:\Windows\System\KnNkebX.exe
  2⤵
  PID:14340
- C:\Windows\System\sVkdMuY.exe
  C:\Windows\System\sVkdMuY.exe
  2⤵
  PID:14368
- C:\Windows\System\tvzxQab.exe
  C:\Windows\System\tvzxQab.exe
  2⤵
  PID:14396
- C:\Windows\System\YSdiHgo.exe
  C:\Windows\System\YSdiHgo.exe
  2⤵
  PID:14424
- C:\Windows\System\NaHRqBC.exe
  C:\Windows\System\NaHRqBC.exe
  2⤵
  PID:14452
- C:\Windows\System\AzcrFBF.exe
  C:\Windows\System\AzcrFBF.exe
  2⤵
  PID:14480
- C:\Windows\System\LloUhXi.exe
  C:\Windows\System\LloUhXi.exe
  2⤵
  PID:14508
- C:\Windows\System\WtLYLkY.exe
  C:\Windows\System\WtLYLkY.exe
  2⤵
  PID:14536
- C:\Windows\System\mpGXVzf.exe
  C:\Windows\System\mpGXVzf.exe
  2⤵
  PID:14564
- C:\Windows\System\bpAlmEL.exe
  C:\Windows\System\bpAlmEL.exe
  2⤵
  PID:14596
- C:\Windows\System\FeKABiP.exe
  C:\Windows\System\FeKABiP.exe
  2⤵
  PID:14624
- C:\Windows\System\BrNxtWk.exe
  C:\Windows\System\BrNxtWk.exe
  2⤵
  PID:14652
- C:\Windows\System\ZHLOPGG.exe
  C:\Windows\System\ZHLOPGG.exe
  2⤵
  PID:14680
- C:\Windows\System\kasYxMD.exe
  C:\Windows\System\kasYxMD.exe
  2⤵
  PID:14708
- C:\Windows\System\wDfpuRf.exe
  C:\Windows\System\wDfpuRf.exe
  2⤵
  PID:14736
- C:\Windows\System\uTgQgAj.exe
  C:\Windows\System\uTgQgAj.exe
  2⤵
  PID:14764
- C:\Windows\System\FDxfTVE.exe
  C:\Windows\System\FDxfTVE.exe
  2⤵
  PID:14792
- C:\Windows\System\Mmmvnms.exe
  C:\Windows\System\Mmmvnms.exe
  2⤵
  PID:14820
- C:\Windows\System\OucXrns.exe
  C:\Windows\System\OucXrns.exe
  2⤵
  PID:14848
- C:\Windows\System\ZeJXSBV.exe
  C:\Windows\System\ZeJXSBV.exe
  2⤵
  PID:14876
- C:\Windows\System\jcSdvzs.exe
  C:\Windows\System\jcSdvzs.exe
  2⤵
  PID:14904
- C:\Windows\System\odNcPwT.exe
  C:\Windows\System\odNcPwT.exe
  2⤵
  PID:14924
- C:\Windows\System\TzleSbI.exe
  C:\Windows\System\TzleSbI.exe
  2⤵
  PID:14948
- C:\Windows\System\MbRDpvl.exe
  C:\Windows\System\MbRDpvl.exe
  2⤵
  PID:14968
- C:\Windows\System\UOSFgpz.exe
  C:\Windows\System\UOSFgpz.exe
  2⤵
  PID:15004
- C:\Windows\System\RJFKJjA.exe
  C:\Windows\System\RJFKJjA.exe
  2⤵
  PID:15044
- C:\Windows\System\aLPoeBz.exe
  C:\Windows\System\aLPoeBz.exe
  2⤵
  PID:15072
- C:\Windows\System\yQAdzuo.exe
  C:\Windows\System\yQAdzuo.exe
  2⤵
  PID:15100
- C:\Windows\System\dsOpZxF.exe
  C:\Windows\System\dsOpZxF.exe
  2⤵
  PID:15128
- C:\Windows\System\lhyOwsA.exe
  C:\Windows\System\lhyOwsA.exe
  2⤵
  PID:15160
- C:\Windows\System\DPNNhjv.exe
  C:\Windows\System\DPNNhjv.exe
  2⤵
  PID:15188
- C:\Windows\System\SPNDSAS.exe
  C:\Windows\System\SPNDSAS.exe
  2⤵
  PID:15216
- C:\Windows\System\WTTNsTP.exe
  C:\Windows\System\WTTNsTP.exe
  2⤵
  PID:15244
- C:\Windows\System\xxmihba.exe
  C:\Windows\System\xxmihba.exe
  2⤵
  PID:15272
- C:\Windows\System\OXOgjlY.exe
  C:\Windows\System\OXOgjlY.exe
  2⤵
  PID:15300
- C:\Windows\System\JwvwshE.exe
  C:\Windows\System\JwvwshE.exe
  2⤵
  PID:15328
- C:\Windows\System\cpJIQDP.exe
  C:\Windows\System\cpJIQDP.exe
  2⤵
  PID:15344
- C:\Windows\System\TdjkIWg.exe
  C:\Windows\System\TdjkIWg.exe
  2⤵
  PID:14364
- C:\Windows\System\BOGlAHu.exe
  C:\Windows\System\BOGlAHu.exe
  2⤵
  PID:14420
- C:\Windows\System\aFmjlDN.exe
  C:\Windows\System\aFmjlDN.exe
  2⤵
  PID:14448
- C:\Windows\System\GRCmDNv.exe
  C:\Windows\System\GRCmDNv.exe
  2⤵
  PID:14492
- C:\Windows\System\XphteCf.exe
  C:\Windows\System\XphteCf.exe
  2⤵
  PID:9552
- C:\Windows\System\rZdEjwG.exe
  C:\Windows\System\rZdEjwG.exe
  2⤵
  PID:14560
- C:\Windows\System\SSvDDCJ.exe
  C:\Windows\System\SSvDDCJ.exe
  2⤵
  PID:9620
- C:\Windows\System\MMWHoBD.exe
  C:\Windows\System\MMWHoBD.exe
  2⤵
  PID:14664
- C:\Windows\System\dBuPmFd.exe
  C:\Windows\System\dBuPmFd.exe
  2⤵
  PID:14704
- C:\Windows\System\Rfvcaug.exe
  C:\Windows\System\Rfvcaug.exe
  2⤵
  PID:14748
- C:\Windows\System\nHgluKQ.exe
  C:\Windows\System\nHgluKQ.exe
  2⤵
  PID:7252
- C:\Windows\System\tcBSyqR.exe
  C:\Windows\System\tcBSyqR.exe
  2⤵
  PID:7280
- C:\Windows\System\nZPYmKy.exe
  C:\Windows\System\nZPYmKy.exe
  2⤵
  PID:7320
- C:\Windows\System\nVYcLtU.exe
  C:\Windows\System\nVYcLtU.exe
  2⤵
  PID:9928
- C:\Windows\System\TpWqWPb.exe
  C:\Windows\System\TpWqWPb.exe
  2⤵
  PID:14964
- C:\Windows\System\HiNWUEZ.exe
  C:\Windows\System\HiNWUEZ.exe
  2⤵
  PID:14976
- C:\Windows\System\JKqHuoI.exe
  C:\Windows\System\JKqHuoI.exe
  2⤵
  PID:15064
- C:\Windows\System\gkrUqXN.exe
  C:\Windows\System\gkrUqXN.exe
  2⤵
  PID:15120
- C:\Windows\System\BdVKOXO.exe
  C:\Windows\System\BdVKOXO.exe
  2⤵
  PID:15184
- C:\Windows\System\WAqzmla.exe
  C:\Windows\System\WAqzmla.exe
  2⤵
  PID:15240
- C:\Windows\System\VKzCBkg.exe
  C:\Windows\System\VKzCBkg.exe
  2⤵
  PID:15292
- C:\Windows\System\eEwpDkE.exe
  C:\Windows\System\eEwpDkE.exe
  2⤵
  PID:15336
- C:\Windows\System\VlSPYAZ.exe
  C:\Windows\System\VlSPYAZ.exe
  2⤵
  PID:14388
- C:\Windows\System\oCeWYSb.exe
  C:\Windows\System\oCeWYSb.exe
  2⤵
  PID:14476
- C:\Windows\System\UjeggZH.exe
  C:\Windows\System\UjeggZH.exe
  2⤵
  PID:14592
- C:\Windows\System\qQBHYub.exe
  C:\Windows\System\qQBHYub.exe
  2⤵
  PID:14700
- C:\Windows\System\zlMqxsO.exe
  C:\Windows\System\zlMqxsO.exe
  2⤵
  PID:7944
- C:\Windows\System\rZaXpBv.exe
  C:\Windows\System\rZaXpBv.exe
  2⤵
  PID:9520
- C:\Windows\System\daiDTZW.exe
  C:\Windows\System\daiDTZW.exe
  2⤵
  PID:7336
- C:\Windows\System\PTulIca.exe
  C:\Windows\System\PTulIca.exe
  2⤵
  PID:9716
- C:\Windows\System\iQFSrsy.exe
  C:\Windows\System\iQFSrsy.exe
  2⤵
  PID:15028
- C:\Windows\System\xbatLHw.exe
  C:\Windows\System\xbatLHw.exe
  2⤵
  PID:15084
- C:\Windows\System\ZTxsJrl.exe
  C:\Windows\System\ZTxsJrl.exe
  2⤵
  PID:4708
- C:\Windows\System\AFwHjWC.exe
  C:\Windows\System\AFwHjWC.exe
  2⤵
  PID:15256
- C:\Windows\System\xYYkFlI.exe
  C:\Windows\System\xYYkFlI.exe
  2⤵
  PID:14408
- C:\Windows\System\cRYIlfn.exe
  C:\Windows\System\cRYIlfn.exe
  2⤵
  PID:7136
- C:\Windows\System\BjXsOlW.exe
  C:\Windows\System\BjXsOlW.exe
  2⤵
  PID:14676
- C:\Windows\System\zDPqeZn.exe
  C:\Windows\System\zDPqeZn.exe
  2⤵
  PID:7192
- C:\Windows\System\cqaekJy.exe
  C:\Windows\System\cqaekJy.exe
  2⤵
  PID:2356
- C:\Windows\System\hcBaarq.exe
  C:\Windows\System\hcBaarq.exe
  2⤵
  PID:7372
- C:\Windows\System\BeLOnZo.exe
  C:\Windows\System\BeLOnZo.exe
  2⤵
  PID:7328
- C:\Windows\System\NMINbFf.exe
  C:\Windows\System\NMINbFf.exe
  2⤵
  PID:7412
- C:\Windows\System\lfzabBM.exe
  C:\Windows\System\lfzabBM.exe
  2⤵
  PID:13048
- C:\Windows\System\kNsQyrM.exe
  C:\Windows\System\kNsQyrM.exe
  2⤵
  PID:15040
- C:\Windows\System\CrtrNdn.exe
  C:\Windows\System\CrtrNdn.exe
  2⤵
  PID:14992
- C:\Windows\System\OZPBwgB.exe
  C:\Windows\System\OZPBwgB.exe
  2⤵
  PID:6920
- C:\Windows\System\PnVoCBe.exe
  C:\Windows\System\PnVoCBe.exe
  2⤵
  PID:7800
- C:\Windows\System\OYdreZE.exe
  C:\Windows\System\OYdreZE.exe
  2⤵
  PID:7852
- C:\Windows\System\fTAHAsk.exe
  C:\Windows\System\fTAHAsk.exe
  2⤵
  PID:4748
- C:\Windows\System\rNISeni.exe
  C:\Windows\System\rNISeni.exe
  2⤵
  PID:8092
- C:\Windows\System\rDXiScY.exe
  C:\Windows\System\rDXiScY.exe
  2⤵
  PID:7436
- C:\Windows\System\gvGRiOQ.exe
  C:\Windows\System\gvGRiOQ.exe
  2⤵
  PID:15152
- C:\Windows\System\bVsCUbG.exe
  C:\Windows\System\bVsCUbG.exe
  2⤵
  PID:15228
- C:\Windows\System\ytuLbig.exe
  C:\Windows\System\ytuLbig.exe
  2⤵
  PID:6000
- C:\Windows\System\uqCUuQj.exe
  C:\Windows\System\uqCUuQj.exe
  2⤵
  PID:7900
- C:\Windows\System\lhwYvnE.exe
  C:\Windows\System\lhwYvnE.exe
  2⤵
  PID:7304
- C:\Windows\System\fNmhCHd.exe
  C:\Windows\System\fNmhCHd.exe
  2⤵
  PID:7500
- C:\Windows\System\fsoYnMM.exe
  C:\Windows\System\fsoYnMM.exe
  2⤵
  PID:4120
- C:\Windows\System\aJNFwPX.exe
  C:\Windows\System\aJNFwPX.exe
  2⤵
  PID:7824
- C:\Windows\System\oKSLxyR.exe
  C:\Windows\System\oKSLxyR.exe
  2⤵
  PID:7948
- C:\Windows\System\HDBHBUj.exe
  C:\Windows\System\HDBHBUj.exe
  2⤵
  PID:6848
- C:\Windows\System\ITiWMzo.exe
  C:\Windows\System\ITiWMzo.exe
  2⤵
  PID:7288
- C:\Windows\System\axyJBGG.exe
  C:\Windows\System\axyJBGG.exe
  2⤵
  PID:2788
- C:\Windows\System\AXFGrBH.exe
  C:\Windows\System\AXFGrBH.exe
  2⤵
  PID:8256
- C:\Windows\System\mvqCPTX.exe
  C:\Windows\System\mvqCPTX.exe
  2⤵
  PID:8324
- C:\Windows\System\PXDfhnU.exe
  C:\Windows\System\PXDfhnU.exe
  2⤵
  PID:8360
- C:\Windows\System\EjRDyml.exe
  C:\Windows\System\EjRDyml.exe
  2⤵
  PID:7552
- C:\Windows\System\nlTRUhz.exe
  C:\Windows\System\nlTRUhz.exe
  2⤵
  PID:15372
- C:\Windows\System\QeLpLLG.exe
  C:\Windows\System\QeLpLLG.exe
  2⤵
  PID:15400
- C:\Windows\System\aAsmLxy.exe
  C:\Windows\System\aAsmLxy.exe
  2⤵
  PID:15428
- C:\Windows\System\SpRvQii.exe
  C:\Windows\System\SpRvQii.exe
  2⤵
  PID:15456
- C:\Windows\System\uazcaFf.exe
  C:\Windows\System\uazcaFf.exe
  2⤵
  PID:15484
- C:\Windows\System\ysWLxTA.exe
  C:\Windows\System\ysWLxTA.exe
  2⤵
  PID:15512
- C:\Windows\System\ZrwBGCV.exe
  C:\Windows\System\ZrwBGCV.exe
  2⤵
  PID:15540
- C:\Windows\System\vHrmaQf.exe
  C:\Windows\System\vHrmaQf.exe
  2⤵
  PID:15568
- C:\Windows\System\lqZrPBj.exe
  C:\Windows\System\lqZrPBj.exe
  2⤵
  PID:15596
- C:\Windows\System\KPswDLz.exe
  C:\Windows\System\KPswDLz.exe
  2⤵
  PID:15624
- C:\Windows\System\AErgaSr.exe
  C:\Windows\System\AErgaSr.exe
  2⤵
  PID:15660
- C:\Windows\System\AYWNyDx.exe
  C:\Windows\System\AYWNyDx.exe
  2⤵
  PID:15680
- C:\Windows\System\emZuPKy.exe
  C:\Windows\System\emZuPKy.exe
  2⤵
  PID:15708
- C:\Windows\System\qGjmaGA.exe
  C:\Windows\System\qGjmaGA.exe
  2⤵
  PID:15752
- C:\Windows\System\hiIbQBp.exe
  C:\Windows\System\hiIbQBp.exe
  2⤵
  PID:15780
- C:\Windows\System\rKxZeSB.exe
  C:\Windows\System\rKxZeSB.exe
  2⤵
  PID:15808
- C:\Windows\System\xAadvFA.exe
  C:\Windows\System\xAadvFA.exe
  2⤵
  PID:15836
- C:\Windows\System\qCObpXC.exe
  C:\Windows\System\qCObpXC.exe
  2⤵
  PID:15876
- C:\Windows\System\LkyVTQk.exe
  C:\Windows\System\LkyVTQk.exe
  2⤵
  PID:15896
- C:\Windows\System\CgaxFwy.exe
  C:\Windows\System\CgaxFwy.exe
  2⤵
  PID:15924
- C:\Windows\System\zwTetGN.exe
  C:\Windows\System\zwTetGN.exe
  2⤵
  PID:15952
- C:\Windows\System\TvjpWsG.exe
  C:\Windows\System\TvjpWsG.exe
  2⤵
  PID:15980
- C:\Windows\System\pUYgeCZ.exe
  C:\Windows\System\pUYgeCZ.exe
  2⤵
  PID:16008
- C:\Windows\System\zaJuNIZ.exe
  C:\Windows\System\zaJuNIZ.exe
  2⤵
  PID:16036
- C:\Windows\System\ORuFgKP.exe
  C:\Windows\System\ORuFgKP.exe
  2⤵
  PID:16064
- C:\Windows\System\IoWktsC.exe
  C:\Windows\System\IoWktsC.exe
  2⤵
  PID:16092
- C:\Windows\System\VPOuyHk.exe
  C:\Windows\System\VPOuyHk.exe
  2⤵
  PID:16120
- C:\Windows\System\dLnRMNx.exe
  C:\Windows\System\dLnRMNx.exe
  2⤵
  PID:16148
- C:\Windows\System\RwKlXSi.exe
  C:\Windows\System\RwKlXSi.exe
  2⤵
  PID:16176
- C:\Windows\System\uOWiTyQ.exe
  C:\Windows\System\uOWiTyQ.exe
  2⤵
  PID:16204
- C:\Windows\System\WrexSoa.exe
  C:\Windows\System\WrexSoa.exe
  2⤵
  PID:16232
- C:\Windows\System\dkWEBaM.exe
  C:\Windows\System\dkWEBaM.exe
  2⤵
  PID:16260
- C:\Windows\System\AEkkiff.exe
  C:\Windows\System\AEkkiff.exe
  2⤵
  PID:16288
- C:\Windows\System\VzwRPhu.exe
  C:\Windows\System\VzwRPhu.exe
  2⤵
  PID:16316
- C:\Windows\System\tvlZxZq.exe
  C:\Windows\System\tvlZxZq.exe
  2⤵
  PID:16344
- C:\Windows\System\wOiVfit.exe
  C:\Windows\System\wOiVfit.exe
  2⤵
  PID:16372
- C:\Windows\System\WkkDPum.exe
  C:\Windows\System\WkkDPum.exe
  2⤵
  PID:8424
- C:\Windows\System\WtvNLzl.exe
  C:\Windows\System\WtvNLzl.exe
  2⤵
  PID:15420
- C:\Windows\System\hPnnQNU.exe
  C:\Windows\System\hPnnQNU.exe
  2⤵
  PID:15452
- C:\Windows\System\cEDEMgh.exe
  C:\Windows\System\cEDEMgh.exe
  2⤵
  PID:8536
- C:\Windows\System\ocJsBwx.exe
  C:\Windows\System\ocJsBwx.exe
  2⤵
  PID:15552
- C:\Windows\System\LxnjcEr.exe
  C:\Windows\System\LxnjcEr.exe
  2⤵
  PID:15592
- C:\Windows\System\fsSgoLB.exe
  C:\Windows\System\fsSgoLB.exe
  2⤵
  PID:15636
- C:\Windows\System\fEhEywd.exe
  C:\Windows\System\fEhEywd.exe
  2⤵
  PID:15676
- C:\Windows\System\xMNRLbQ.exe
  C:\Windows\System\xMNRLbQ.exe
  2⤵
  PID:8680
- C:\Windows\System\GJsOjOU.exe
  C:\Windows\System\GJsOjOU.exe
  2⤵
  PID:15772
- C:\Windows\System\NsvIDfh.exe
  C:\Windows\System\NsvIDfh.exe
  2⤵
  PID:8744
- C:\Windows\System\POFZRCO.exe
  C:\Windows\System\POFZRCO.exe
  2⤵
  PID:15856
- C:\Windows\System\eauZffq.exe
  C:\Windows\System\eauZffq.exe
  2⤵
  PID:8844
- C:\Windows\System\EzPpEGV.exe
  C:\Windows\System\EzPpEGV.exe
  2⤵
  PID:8888
- C:\Windows\System\uALfLkk.exe
  C:\Windows\System\uALfLkk.exe
  2⤵
  PID:15976
- C:\Windows\System\gaUKZlr.exe
  C:\Windows\System\gaUKZlr.exe
  2⤵
  PID:16020
- C:\Windows\System\CNvYKOG.exe
  C:\Windows\System\CNvYKOG.exe
  2⤵
  PID:16060
- C:\Windows\System\GBYolXC.exe
  C:\Windows\System\GBYolXC.exe
  2⤵
  PID:11064
- C:\Windows\System\tjeylEr.exe
  C:\Windows\System\tjeylEr.exe
  2⤵
  PID:16132
- C:\Windows\System\eSnMZTj.exe
  C:\Windows\System\eSnMZTj.exe
  2⤵
  PID:11192
- C:\Windows\System\AWXQSdA.exe
  C:\Windows\System\AWXQSdA.exe
  2⤵
  PID:16200
- C:\Windows\System\nWXXClh.exe
  C:\Windows\System\nWXXClh.exe
  2⤵
  PID:9104
- C:\Windows\System\iznRHjH.exe
  C:\Windows\System\iznRHjH.exe
  2⤵
  PID:10256
- C:\Windows\System\cTUpFyq.exe
  C:\Windows\System\cTUpFyq.exe
  2⤵
  PID:9136
- C:\Windows\System\dzyMrtq.exe
  C:\Windows\System\dzyMrtq.exe
  2⤵
  PID:16340
- C:\Windows\System\NhCpJta.exe
  C:\Windows\System\NhCpJta.exe
  2⤵
  PID:16368
- C:\Windows\System\yVrQpTU.exe
  C:\Windows\System\yVrQpTU.exe
  2⤵
  PID:8460
- C:\Windows\System\OYGfBKY.exe
  C:\Windows\System\OYGfBKY.exe
  2⤵
  PID:8080
- C:\Windows\System\mmXKoMI.exe
  C:\Windows\System\mmXKoMI.exe
  2⤵
  PID:10692
- C:\Windows\System\TQQsMTv.exe
  C:\Windows\System\TQQsMTv.exe
  2⤵
  PID:15532
- C:\Windows\System\eOlNZsN.exe
  C:\Windows\System\eOlNZsN.exe
  2⤵
  PID:1540
- C:\Windows\System\oqfhdBs.exe
  C:\Windows\System\oqfhdBs.exe
  2⤵
  PID:15620
- C:\Windows\System\VMcpCLi.exe
  C:\Windows\System\VMcpCLi.exe
  2⤵
  PID:1784
- C:\Windows\System\AXSQuOO.exe
  C:\Windows\System\AXSQuOO.exe
  2⤵
  PID:2860
- C:\Windows\System\YAXdPlS.exe
  C:\Windows\System\YAXdPlS.exe
  2⤵
  PID:15820
- C:\Windows\System\yzYqocJ.exe
  C:\Windows\System\yzYqocJ.exe
  2⤵
  PID:8772
- C:\Windows\System\qCMKsTz.exe
  C:\Windows\System\qCMKsTz.exe
  2⤵
  PID:15908
- C:\Windows\System\jacbbsN.exe
  C:\Windows\System\jacbbsN.exe
  2⤵
  PID:8388
- C:\Windows\System\VuXFnGE.exe
  C:\Windows\System\VuXFnGE.exe
  2⤵
  PID:4140
- C:\Windows\System\QohTuKY.exe
  C:\Windows\System\QohTuKY.exe
  2⤵
  PID:16088
- C:\Windows\System\NeJjBxr.exe
  C:\Windows\System\NeJjBxr.exe
  2⤵
  PID:11088
- C:\Windows\System\LlKikPj.exe
  C:\Windows\System\LlKikPj.exe
  2⤵
  PID:16160
- C:\Windows\System\kaEBvXP.exe
  C:\Windows\System\kaEBvXP.exe
  2⤵
  PID:16188
- C:\Windows\System\JLmRIDf.exe
  C:\Windows\System\JLmRIDf.exe
  2⤵
  PID:16244
- C:\Windows\System\bOpxFii.exe
  C:\Windows\System\bOpxFii.exe
  2⤵
  PID:4668
- C:\Windows\System\VuwfBWu.exe
  C:\Windows\System\VuwfBWu.exe
  2⤵
  PID:9164
- C:\Windows\System\doNhWuQ.exe
  C:\Windows\System\doNhWuQ.exe
  2⤵
  PID:5084
- C:\Windows\System\hshmCLl.exe
  C:\Windows\System\hshmCLl.exe
  2⤵
  PID:9192
- C:\Windows\System\xuNqPoz.exe
  C:\Windows\System\xuNqPoz.exe
  2⤵
  PID:10356
- C:\Windows\System\daFebdg.exe
  C:\Windows\System\daFebdg.exe
  2⤵
  PID:10612
- C:\Windows\System\ruCTgmM.exe
  C:\Windows\System\ruCTgmM.exe
  2⤵
  PID:15496
- C:\Windows\System\wrXvKxD.exe
  C:\Windows\System\wrXvKxD.exe
  2⤵
  PID:4264
- C:\Windows\System\rqlJLOl.exe
  C:\Windows\System\rqlJLOl.exe
  2⤵
  PID:7184
- C:\Windows\System\IMuHMma.exe
  C:\Windows\System\IMuHMma.exe
  2⤵
  PID:1908
- C:\Windows\System\LLAbKYV.exe
  C:\Windows\System\LLAbKYV.exe
  2⤵
  PID:15748
- C:\Windows\System\vsNKlJB.exe
  C:\Windows\System\vsNKlJB.exe
  2⤵
  PID:15800
- C:\Windows\System\eRkRYXf.exe
  C:\Windows\System\eRkRYXf.exe
  2⤵
  PID:8496
- C:\Windows\System\nOZZcPm.exe
  C:\Windows\System\nOZZcPm.exe
  2⤵
  PID:2200
- C:\Windows\System\XucBECQ.exe
  C:\Windows\System\XucBECQ.exe
  2⤵
  PID:8428
- C:\Windows\System\JXlhTCu.exe
  C:\Windows\System\JXlhTCu.exe
  2⤵
  PID:16004
- C:\Windows\System\ZoIKjCN.exe
  C:\Windows\System\ZoIKjCN.exe
  2⤵
  PID:16048
- C:\Windows\System\OgtxYZv.exe
  C:\Windows\System\OgtxYZv.exe
  2⤵
  PID:8576
- C:\Windows\System\SghIyPB.exe
  C:\Windows\System\SghIyPB.exe
  2⤵
  PID:4316
- C:\Windows\System\LARruje.exe
  C:\Windows\System\LARruje.exe
  2⤵
  PID:9204
- C:\Windows\System\SIMdCCA.exe
  C:\Windows\System\SIMdCCA.exe
  2⤵
  PID:548
- C:\Windows\System\Djghpfh.exe
  C:\Windows\System\Djghpfh.exe
  2⤵
  PID:7248
- C:\Windows\System\rnWwosb.exe
  C:\Windows\System\rnWwosb.exe
  2⤵
  PID:11104
- C:\Windows\System\gnMzjAk.exe
  C:\Windows\System\gnMzjAk.exe
  2⤵
  PID:8452
- C:\Windows\System\jxCjUYC.exe
  C:\Windows\System\jxCjUYC.exe
  2⤵
  PID:15892
- C:\Windows\System\xpRFWOn.exe
  C:\Windows\System\xpRFWOn.exe
  2⤵
  PID:9144
- C:\Windows\System\senPiPk.exe
  C:\Windows\System\senPiPk.exe
  2⤵
  PID:8608
- C:\Windows\System\CgPHyPw.exe
  C:\Windows\System\CgPHyPw.exe
  2⤵
  PID:8288
- C:\Windows\System\lQKUuQG.exe
  C:\Windows\System\lQKUuQG.exe
  2⤵
  PID:2660
- C:\Windows\System\xehWwVj.exe
  C:\Windows\System\xehWwVj.exe
  2⤵
  PID:11376
- C:\Windows\System\pBEdzbG.exe
  C:\Windows\System\pBEdzbG.exe
  2⤵
  PID:9336
- C:\Windows\System\DJplSxH.exe
  C:\Windows\System\DJplSxH.exe
  2⤵
  PID:9364
- C:\Windows\System\rzkaFTI.exe
  C:\Windows\System\rzkaFTI.exe
  2⤵
  PID:11488
- C:\Windows\System\evgHssm.exe
  C:\Windows\System\evgHssm.exe
  2⤵
  PID:11524
- C:\Windows\System\pucbFUn.exe
  C:\Windows\System\pucbFUn.exe
  2⤵
  PID:11004
- C:\Windows\System\RHFvMmg.exe
  C:\Windows\System\RHFvMmg.exe
  2⤵
  PID:16228
- C:\Windows\System\mVINkHk.exe
  C:\Windows\System\mVINkHk.exe
  2⤵
  PID:11628
- C:\Windows\System\YkKTnMp.exe
  C:\Windows\System\YkKTnMp.exe
  2⤵
  PID:9444
- C:\Windows\System\qAUzrcO.exe
  C:\Windows\System\qAUzrcO.exe
  2⤵
  PID:11688
- C:\Windows\System\DydfkBb.exe
  C:\Windows\System\DydfkBb.exe
  2⤵
  PID:11716
- C:\Windows\System\XMgwLDN.exe
  C:\Windows\System\XMgwLDN.exe
  2⤵
  PID:9508
- C:\Windows\System\MLYeHZZ.exe
  C:\Windows\System\MLYeHZZ.exe
  2⤵
  PID:15704
- C:\Windows\System\oaBoode.exe
  C:\Windows\System\oaBoode.exe
  2⤵
  PID:8304
- C:\Windows\System\NLaPiez.exe
  C:\Windows\System\NLaPiez.exe
  2⤵
  PID:11404
- C:\Windows\System\pAQHejs.exe
  C:\Windows\System\pAQHejs.exe
  2⤵
  PID:11440
- C:\Windows\System\EqHrRkk.exe
  C:\Windows\System\EqHrRkk.exe
  2⤵
  PID:11920
- C:\Windows\System\IJOoefA.exe
  C:\Windows\System\IJOoefA.exe
  2⤵
  PID:9396
- C:\Windows\System\HhUYHFa.exe
  C:\Windows\System\HhUYHFa.exe
  2⤵
  PID:12008
- C:\Windows\System\HVrxpnO.exe
  C:\Windows\System\HVrxpnO.exe
  2⤵
  PID:12028
- C:\Windows\System\jgcdsWk.exe
  C:\Windows\System\jgcdsWk.exe
  2⤵
  PID:16284
- C:\Windows\System\qMzhBpm.exe
  C:\Windows\System\qMzhBpm.exe
  2⤵
  PID:12112
- C:\Windows\System\gljyKIL.exe
  C:\Windows\System\gljyKIL.exe
  2⤵
  PID:11696
- C:\Windows\System\nizXIug.exe
  C:\Windows\System\nizXIug.exe
  2⤵
  PID:9788
- C:\Windows\System\FlgOxbw.exe
  C:\Windows\System\FlgOxbw.exe
  2⤵
  PID:11808
- C:\Windows\System\xfhTwsN.exe
  C:\Windows\System\xfhTwsN.exe
  2⤵
  PID:12224
- C:\Windows\System\mvpINdK.exe
  C:\Windows\System\mvpINdK.exe
  2⤵
  PID:12256
- C:\Windows\System\KUHUhKv.exe
  C:\Windows\System\KUHUhKv.exe
  2⤵
  PID:9900
- C:\Windows\System\ryvgIQB.exe
  C:\Windows\System\ryvgIQB.exe
  2⤵
  PID:9944
- C:\Windows\System\qQhHWbs.exe
  C:\Windows\System\qQhHWbs.exe
  2⤵
  PID:1632
- C:\Windows\System\pGzjuJE.exe
  C:\Windows\System\pGzjuJE.exe
  2⤵
  PID:9992
- C:\Windows\System\kdKkeqk.exe
  C:\Windows\System\kdKkeqk.exe
  2⤵
  PID:9720
- C:\Windows\System\YoBKIFK.exe
  C:\Windows\System\YoBKIFK.exe
  2⤵
  PID:11724
- C:\Windows\System\FnzVdca.exe
  C:\Windows\System\FnzVdca.exe
  2⤵
  PID:11420
- C:\Windows\System\OcwtXhv.exe
  C:\Windows\System\OcwtXhv.exe
  2⤵
  PID:11520
- C:\Windows\System\qpnorOF.exe
  C:\Windows\System\qpnorOF.exe
  2⤵
  PID:10120
- C:\Windows\System\iRBuBhn.exe
  C:\Windows\System\iRBuBhn.exe
  2⤵
  PID:10140
- C:\Windows\System\HwVOfhS.exe
  C:\Windows\System\HwVOfhS.exe
  2⤵
  PID:10152
- C:\Windows\System\TyDWbCI.exe
  C:\Windows\System\TyDWbCI.exe
  2⤵
  PID:9692
- C:\Windows\System\cwAPEbE.exe
  C:\Windows\System\cwAPEbE.exe
  2⤵
  PID:1624
- C:\Windows\System\nSbINgZ.exe
  C:\Windows\System\nSbINgZ.exe
  2⤵
  PID:9168
- C:\Windows\System\WlYxCWZ.exe
  C:\Windows\System\WlYxCWZ.exe
  2⤵
  PID:12088
- C:\Windows\System\gMiEyvf.exe
  C:\Windows\System\gMiEyvf.exe
  2⤵
  PID:676
- C:\Windows\System\nBToSnM.exe
  C:\Windows\System\nBToSnM.exe
  2⤵
  PID:9608
- C:\Windows\System\HyVFDBY.exe
  C:\Windows\System\HyVFDBY.exe
  2⤵
  PID:5944
- C:\Windows\System\puOAdey.exe
  C:\Windows\System\puOAdey.exe
  2⤵
  PID:11444
- C:\Windows\System\LXSOqBX.exe
  C:\Windows\System\LXSOqBX.exe
  2⤵
  PID:11556
- C:\Windows\System\qtDOASr.exe
  C:\Windows\System\qtDOASr.exe
  2⤵
  PID:11732
- C:\Windows\System\INUYLpX.exe
  C:\Windows\System\INUYLpX.exe
  2⤵
  PID:12264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ArKbPSI.exe

Filesize
6.0MB

MD5
9e7cbb5f3329df57523a60f113027a19

SHA1
989203ca0f9a5a1c0361b7b6278129eec2b66a7e

SHA256
42cf494f89ab6950e7a2b1f647b9e14b2ca650d014d571f4f73ce067d38d32e4

SHA512
348cf5c74fc445155db4e43093af45ad0cf1298a688bf95fc3019f6a08782954caa8be0fa61d6845c180bd5b94e43b7049375aa01702eb87453d51f419c0aacc

Download Submit
C:\Windows\System\DvlfNte.exe

Filesize
6.0MB

MD5
fe9fd272bcca40c572ab53e68ff13fba

SHA1
0e813bb2495a037c4b0fbe23ec23d90f7ee1967f

SHA256
d788ecc9fc4707adf495697bf30a50dca54fd80c7f4205be73b30dc0f4520de3

SHA512
1257f5c2f3d699cfaf3f34ba27948c38dea3ab4c0df61d0509607f6026feec3d71577812ddcea05887b728d8b13b972bc2c4541fc3217d6e00d2e0a38dfd61a3

Download Submit
C:\Windows\System\EVTusiu.exe

Filesize
6.0MB

MD5
1bef1706c4348a7781f819589ca46d9c

SHA1
7d137a30036892a3448935819cd2d09cc305579e

SHA256
040cc5f29a50531801ca55c7f0519a6647498b421d5dd633e4391b997e1d1466

SHA512
2ec492af5d3f92416b123646ae5645430ec13182703b43d9aa1b055f98fbc43c0c6c03503371666959814b7c663393631a4f7af0e2f94f167550de1893dc59c0

Download Submit
C:\Windows\System\HVcnsch.exe

Filesize
6.0MB

MD5
a5b17edb3dbd3be31a7478ef931db5f9

SHA1
764dc0768b783ac3a76d99717b9f66e7b70e5ba7

SHA256
0d32a28d883ccbca74bb674133ad78f13f010785f178483fecb8bde7cefcc273

SHA512
bb3cf5fd531b2de0ce152f3dae2fd71d095faa1b3b6cc7cc1febfcf6aa5c9a3c5ca6de7be92a0103e13968599c60e2d149e688f3477782cbe18392c61aaa6581

Download Submit
C:\Windows\System\IxhSiUm.exe

Filesize
6.0MB

MD5
18289a5888fb750b0182461b127e8b0e

SHA1
e79678cc3d66fc84c66bb011c185959a1f533633

SHA256
7a0b0a98b4e881493f00c8ff3853bb85ea290b07363c2ec4080cf5fb6a240b4a

SHA512
e1ddb548322ab02c6fc93d1788a2e43b865c0d34dbe1644b7349ca4ef18de8ce39b076b7bcab8853ef5c45e8e139fd3cd30bc0b3cec965466b9a0feae76e8cde

Download Submit
C:\Windows\System\LXcvOEO.exe

Filesize
6.0MB

MD5
d48bb597e1e5fdcb6ebc010b9dfd5c70

SHA1
fc02b066f68192c9f571cbf3a984cd628f87705c

SHA256
38e3c674c7591e1acd5247700dbac86c694d8e71e4ffc33af293ba63ab0ef4ae

SHA512
759dd600382644df6aa816650f9eaadfbff2996da734e73faa15deae96c8b483537749fbf948b970792502a5e4dd119be965017481da5b58a5b2f6123eae30aa

Download Submit
C:\Windows\System\POSxugd.exe

Filesize
6.0MB

MD5
b27216218360d8ec9b805abc62676c6b

SHA1
cc652fe06193dcdf1b85d83b9515394cd9480172

SHA256
a1a20299678a744e381c4e0a529e8264a3dd4dc632ada761336cfc81ee6f6d75

SHA512
d6560354537c2f892ad106a342755467778212f9c76a9dd6b7e2288a3856f52ed262ab5d73ef979651c7abe683ffc3b1e63ca10af11cb61dbc1000da5ac64c57

Download Submit
C:\Windows\System\QSjCVLT.exe

Filesize
6.0MB

MD5
c7dbb927d8a0a9503a22bf559a69ed81

SHA1
27d15d40ee9ad97da6d147d42584a2540df02e9b

SHA256
b0c2f2551ae67da72be283ebae5a240af3854f00d60ca0213d1b54624e083f38

SHA512
66fec5f1d98a6e49c48650e303b09624218dd4f7086d36fdc008fbd52c634a3722a55970024bd0a77bbe895bb55c074d9788275fdfbc43b3afd8ad801ca1ba2c

Download Submit
C:\Windows\System\QroaTvT.exe

Filesize
6.0MB

MD5
08b64abea879404242c768991f37a8cb

SHA1
8adb3c51bb864db0ca7d6af29733f3739a16e693

SHA256
a77f6d4c09ca51e31318cc4b94e7e425f9eb94024f8a4f20b032d887010b88af

SHA512
239f0a287e5fbf45820e3a8dc53a5e98a872db6849b99b47c3d8ceb57c14e31eeae4f00b6e966e1abc9e5e4d00402b1f08b55206ac6b4576981c275620fc9e45

Download Submit
C:\Windows\System\RcZYdHt.exe

Filesize
6.0MB

MD5
99bf2c24c1134a69037c7180d54cc289

SHA1
2cea12ceb4f3058e308850a570a6e0bfff3e1b38

SHA256
57ad7c2071e18d200864399296440c1507e6d6874e469c7937a5441df7f53825

SHA512
b6b2f15439b36ddc4b811b32cb8dd14f8ddf0e88ae549f8bc2e24734d8db2634dbc05fd7bbbf29cf7b9da54a3a64290dc581059f64f5036f08d10ef30bde35e1

Download Submit
C:\Windows\System\SciLcBX.exe

Filesize
6.0MB

MD5
63597a5c5bd9e2f8ee53d51fb505b46a

SHA1
191cac65e32438bd216a675681cb484626b0d66d

SHA256
2b0fab2499a9ee010f034475a167802d2d0159d96c4b45787c4ca3fc652e4e8c

SHA512
3ccd7e2b5bd651a18d89c41ef8a815a07a8d92556cd0df7f0483d8d9fdb431edc72c3b118f177238f45957273e9c0a66462127bf899e4bc7e6f72e2f454c3380

Download Submit
C:\Windows\System\TVtUznt.exe

Filesize
6.0MB

MD5
87fe57a3fe0362d451ad598c2285e20c

SHA1
912c19f104f6e55c1085f56e253ad077a900d3bb

SHA256
3440684ba8686aa5492b4b8e5afb9ee47ed934223ad8a468beca545329162e50

SHA512
57a3225c5e1809e53c2e36e21c28f5a60660edbbe33d4d4d98fe752eb7d5ec90ff694b78a7f15d6028577d48c6174de181b5fcb5249a02b4de9c5a2b0c06e189

Download Submit
C:\Windows\System\aieLCVc.exe

Filesize
6.0MB

MD5
ce10ba757c329dd290510643dd0eb8c0

SHA1
231a0a6c956fad7a54f8a9774862467787f5c303

SHA256
b034267ba422765a41b56c7e002bec497918f8828e56c7301199b8591fca0968

SHA512
6f88093cad3adb572fabe9b3bf29b8c2f5304c8deee14ee5a6bc6f42f4cb806e538f5d3eae624d3518f6ca7b719901820052526150336f07090dad2dcc41d1f1

Download Submit
C:\Windows\System\bTpTQeb.exe

Filesize
6.0MB

MD5
abca17beb9863de924608b0e2cc80ee7

SHA1
f9d9b189970f713c4a53c845ddf476ddf02b6295

SHA256
1e77c44dc48e282db6d0e2d7508c320844a8eeae284acea7c385d206df307c32

SHA512
25b4e4b2809aa24d14f97303c21c4cfc6f5d52a5ce8643577c4519d06092bb2347393978b175347144a835d52487cb651a1b13c40cef741f07ade27c7ad58199

Download Submit
C:\Windows\System\cEnFUIY.exe

Filesize
6.0MB

MD5
ac7449a486ac92bf3cead8fbb951bde9

SHA1
70e655e6f794b3b20b6f45d5a62f419906c95dde

SHA256
14efc9be92e4a427b44d5d9afa3c19e6690565caf9a26e5bb61ac8ca22d99630

SHA512
a68c60d04650705b98595dd37845952ac1fd429cb65e0267a429a393c5de09a1ea51227e6dd0551edba0ee96b44c6973dfc08e0fa350aad25bfc1a68ea6da509

Download Submit
C:\Windows\System\cOFfZQC.exe

Filesize
6.0MB

MD5
3f1c02c4d857484fe7e60447d185ce49

SHA1
f9e529a37e8cf857e7bcb1395d1cb55cdde085c8

SHA256
ae2cffa2bea59ce37af580bf7dc723798797335ac3b1cfe60df219afef90177a

SHA512
3970abccbdb7b176473e91b7d34c4d2a0d3af31c2bb533a30f08a63dbeee7fef042bad8fd218b14c8ca8cc14bfb1f67f68c77662f181432ff3e9165558c77c30

Download Submit
C:\Windows\System\ccLiUeB.exe

Filesize
6.0MB

MD5
3df10ddd6914669f1fe091444bf3da03

SHA1
21311144d697ccb2497292ab5d7defb56a76361a

SHA256
c435dc9b96ed799595b0fd935e334440aa7949ece31a736775d64241a18f0c05

SHA512
a756553dfbb0bd2e685823358e76a5e868c6ed8d31c68656d46b9b9a2333c91c66bb7cbba665fea5883821e4cb3de1c1b43d866f5e9664b1317b01118410f9d8

Download Submit
C:\Windows\System\dBrUPWi.exe

Filesize
6.0MB

MD5
76968e2c6d0b84287faf300df01161df

SHA1
b9a2661430e25dd86235167744e42d0bcf45380d

SHA256
9d70472cb792555b957453ae54894c3ceeb35aa443cfca3f9fb5b4ee6b0e073f

SHA512
a91a286b0375a09000785a6d6b8c0ecd07a6d3981efd97c9d2178c3faaa34180377889d2866c8a713e2216e527e82af4362b2109e399d42952c25f180e7ccf0b

Download Submit
C:\Windows\System\eWvxVhl.exe

Filesize
6.0MB

MD5
b54678c2f771ec8481a2bbf57daf2032

SHA1
b2602ae523c1a10d81a1a1977f7be5f9b73d046c

SHA256
32279d5173d73c3c5020c7c7bb88d626f6f74eadb65178796e1800a807d85f9f

SHA512
5a83f201a3f917741c4fe4ebdf5ba4e7dd3171e7a7fa4b8bf41522044d42652dd98588da12f7bed8149849da091c18dcc448ef2da668f85f5c2938b3c1e52c26

Download Submit
C:\Windows\System\eyGPuWf.exe

Filesize
6.0MB

MD5
47fb6a43ae4789154ef1229262ae0d6e

SHA1
7ed3450611d53dee29a18457959d6478f573be70

SHA256
2d9f69469e2ff75805959f945b3f0df1ab8e4d093c873a443098db6b8fcf88d9

SHA512
e450e8f9a7cd4bb4dc7a431b8b2def749c38cda2159834819b4918f303c4c5b6fda0d5178b5cf4392c09d1be5be008fc91e7e1980e4c3c1a193aaa5c3deb2c77

Download Submit
C:\Windows\System\fRrZDNR.exe

Filesize
6.0MB

MD5
5a1385a84db0ffe9195e4a357cdebf95

SHA1
5e5c1c0c866d9313321db7d491adaddd1d3d10c3

SHA256
b0becb591c17ffda80bab0f890673385ead8f5f98369f45109e6f0000c161ca1

SHA512
1f6641905d7dcd859c61deadb066998af9d62d81bad2c60494cc671309c5e2c91dff13627e668d76ca5be709432eba9fb6c0d0b635c3f2b0fb889190162b7f12

Download Submit
C:\Windows\System\gJmaowc.exe

Filesize
6.0MB

MD5
9f53895b0052f8d75bf79585e3fb0d51

SHA1
50c62e8a11a7e1e7b9e884960729236ba2984fdc

SHA256
874a3b0bb804e0d50d2a7407ade39c38ec2c148c0bb27883752af898e676784d

SHA512
7d3fe0e89a79754eee1549a7b931e9cd5410100475cc53dd343aaf5b36c5f2cefb38d646d30b55ec203f7da8b33be84259fe8f0af554440572a9373a89825f8a

Download Submit
C:\Windows\System\gPdpyti.exe

Filesize
6.0MB

MD5
65d83558c6193a089291f31745f38388

SHA1
296acad7df86256f7af94385e93b93c1bd06b9db

SHA256
edf36bc6b7a5729d484a3111d911bc3c65ed783ca971ce855136b5444f4251ad

SHA512
f014a2d1650b8668b519331339783c4b5dacb5a017fc3f3532a8cd829643a9033832679ae081f0484b7ecb3a2ef849e3d94822aecac2b899869e473eaecf63ea

Download Submit
C:\Windows\System\ibUXMfe.exe

Filesize
6.0MB

MD5
745a25db51c96abc1b4543b4b50ba48b

SHA1
fbaeec5fa00cf161774ea04257c9092c569d733c

SHA256
67308dc44e8002d032963473cf6a31995464ca0f3dceb372deda105730184ffa

SHA512
acb80ad7e4482d4bf14f0bd0ae424fb6e08357946a4047ed02bfee3e0f7eeb350bb9cfc1d5748fca650005ea4b19f5257c0a2ab6b1086b12f16c564ec1d3534b

Download Submit
C:\Windows\System\pFqAVde.exe

Filesize
6.0MB

MD5
43884d0723a1290c77c25855e27b0f11

SHA1
2eceb7a3d0397a2fded0f4bb6fcc14c53d704fe8

SHA256
6effd4bea8db0c7d9aefba3e6446db27d6bdebafafc7b6ef54b18a484218756e

SHA512
cffebe8f7e8a897094fa40e3cbb75c669cb392b312e560e627d291cc12e623f8fb108b06d83cfed8ae3848d9516221394fc762130535bbf753878223eeff9da8

Download Submit
C:\Windows\System\powAFtX.exe

Filesize
6.0MB

MD5
ad20251820e069f0d10518fe94f2aa2f

SHA1
c3a1cb39a1d51f8b5b563689a38e587412390ac0

SHA256
f17211139edea0888ee196f0ede1b36f31f2222648ab979467e7abdac23aec82

SHA512
c1c7ff0bb63297119654c6647e1254c386901fbf4bfee82c24c07d29c779740dec6f186c2a59d0c800d89a55cc02b7fff1392c1ffaa01a3d3ac09f2b1fbc19bc

Download Submit
C:\Windows\System\qFqfEXj.exe

Filesize
6.0MB

MD5
a8dc38d0e63207ccf11fac967a0a2123

SHA1
bf03a2bcb684b8612a09e889972c53a4f02bacfa

SHA256
699233a43584e609069933df8b722c3be1a409e8f8dbcf06883b65afc9643b70

SHA512
d010f56687ef366b27cf9676f0e09365c917734c3000651d16096899168c7fe8c3895f6444c628ad5eabd0593266353fa006359406ea89f577452a229fc62a5a

Download Submit
C:\Windows\System\rNZpPGp.exe

Filesize
6.0MB

MD5
a0ad8cb26827345bb9e9f3169605104e

SHA1
6c94346184e2f309bc20c30678cdcf1cf7182459

SHA256
dca32917e9e5af37e2e2d307f120d838ff97c296a780cc629ae12d47e1bc8ebd

SHA512
b2431a3cd04f3e8d3ab4b71470a5f4b8ced965852f6214cd4841b07cc57818e1fcd97a4bd2c0021dfe012ab31d1f2f45a5957b66b0703b910191493052ba731c

Download Submit
C:\Windows\System\tCmgSoJ.exe

Filesize
6.0MB

MD5
82c4a49ce1be57a833d3305fd9ad3ab3

SHA1
323ac02e07cbb8ea0b9964954003e8af5e81d574

SHA256
78428832388451ef0ff887fb7fcf2929f7a27ec3ec6e05d32edbdc0c82541666

SHA512
04ad95f5bc94eb4ad08e563f5f5ccd91ed0acbb2b5a577491270112b2a33b38ca93d97f453257cc2304a8b70fd91e381b4fdffd2e98ea56f4e469b0172e4bda0

Download Submit
C:\Windows\System\vunCRHV.exe

Filesize
6.0MB

MD5
edde76c3180d0bec7599c41c8e5165ac

SHA1
73fa4b4492381b5d5970b07c093daaf59ae36495

SHA256
984b6831d88c6d81ffb8227e8d46943836cd93b4b32d9c779299ef9639d44f15

SHA512
a53fb5ff15ec3b3c55686c92c6b192f11e359f990df5628c140e55a21908ed53f09bc8665899c4a13ce2ddc1545bd9d05c9a60f687e0bd7f11d79120f7126a4f

Download Submit
C:\Windows\System\xFeMLvd.exe

Filesize
6.0MB

MD5
342bab61183acf8c66ce5fbd18bd5b2a

SHA1
3acf4c49bca4c74f2f48c85d0a63f84691d9af3a

SHA256
9a19e4782599c4cea0623b597de18c774b8c614845336b0f9b5219cf5453e360

SHA512
5b1914b95e7f670f18fa2ee6688818392e52b74ff06110640fee9fbb5d12f23f9e9cad8634e03c7f68100889a92ef004cbaa7e2cd79cc318aeb4c12ca741fa3e

Download Submit
C:\Windows\System\zfKEfgw.exe

Filesize
6.0MB

MD5
088762f7d35f6f5be9ab952b4c4b39fb

SHA1
d62554b5a25fb91bca8b2fcafe9d562f77dc2772

SHA256
5d35f149aa44615f2fcd95f2c8230b3e08a1b87ef3913d4a35927418b4ac3169

SHA512
636c420407fee5dc0c376e3f054ae7d09b52737bb61bdbc2051e540063dc8773828ed0bee6fac870a427db2df6045b8199d5851e256f9def0c8053e9077c3ecf

Download Submit
C:\Windows\System\zuhscVf.exe

Filesize
6.0MB

MD5
b0b8017cf8664bd2d7ee6ff579bd53b2

SHA1
4c318a8e5a4040cdc2f1eb913f04c6614500d051

SHA256
e82c1d1f5894cdcf512e0c178aa29a23172583e635f3ad8d33d8bd8c9bcc72d3

SHA512
cb0570f288ad88d50954cfd0918a2d4e21d90486880b5ca51d69fa770647e960294c84f5ea4ae152cda264746a2043cc57991cd9d5fcbd906b622fef6276ada8

Download Submit
memory/388-1474-0x00007FF7284C0000-0x00007FF728814000-memory.dmp

Filesize
3.3MB

Download
memory/388-138-0x00007FF7284C0000-0x00007FF728814000-memory.dmp

Filesize
3.3MB

Download
memory/388-1914-0x00007FF7284C0000-0x00007FF728814000-memory.dmp

Filesize
3.3MB

Download
memory/416-8-0x00007FF735390000-0x00007FF7356E4000-memory.dmp

Filesize
3.3MB

Download
memory/416-1782-0x00007FF735390000-0x00007FF7356E4000-memory.dmp

Filesize
3.3MB

Download
memory/416-61-0x00007FF735390000-0x00007FF7356E4000-memory.dmp

Filesize
3.3MB

Download
memory/876-1902-0x00007FF73A080000-0x00007FF73A3D4000-memory.dmp

Filesize
3.3MB

Download
memory/876-181-0x00007FF73A080000-0x00007FF73A3D4000-memory.dmp

Filesize
3.3MB

Download
memory/876-110-0x00007FF73A080000-0x00007FF73A3D4000-memory.dmp

Filesize
3.3MB

Download
memory/940-182-0x00007FF7AAE40000-0x00007FF7AB194000-memory.dmp

Filesize
3.3MB

Download
memory/940-1790-0x00007FF7AAE40000-0x00007FF7AB194000-memory.dmp

Filesize
3.3MB

Download
memory/940-1921-0x00007FF7AAE40000-0x00007FF7AB194000-memory.dmp

Filesize
3.3MB

Download
memory/1004-62-0x00007FF6896E0000-0x00007FF689A34000-memory.dmp

Filesize
3.3MB

Download
memory/1004-130-0x00007FF6896E0000-0x00007FF689A34000-memory.dmp

Filesize
3.3MB

Download
memory/1004-1887-0x00007FF6896E0000-0x00007FF689A34000-memory.dmp

Filesize
3.3MB

Download
memory/1016-159-0x00007FF6B1B10000-0x00007FF6B1E64000-memory.dmp

Filesize
3.3MB

Download
memory/1016-1895-0x00007FF6B1B10000-0x00007FF6B1E64000-memory.dmp

Filesize
3.3MB

Download
memory/1016-89-0x00007FF6B1B10000-0x00007FF6B1E64000-memory.dmp

Filesize
3.3MB

Download
memory/1084-187-0x00007FF754260000-0x00007FF7545B4000-memory.dmp

Filesize
3.3MB

Download
memory/1084-1929-0x00007FF754260000-0x00007FF7545B4000-memory.dmp

Filesize
3.3MB

Download
memory/1084-1833-0x00007FF754260000-0x00007FF7545B4000-memory.dmp

Filesize
3.3MB

Download
memory/1380-152-0x00007FF7C18B0000-0x00007FF7C1C04000-memory.dmp

Filesize
3.3MB

Download
memory/1380-1922-0x00007FF7C18B0000-0x00007FF7C1C04000-memory.dmp

Filesize
3.3MB

Download
memory/1380-1588-0x00007FF7C18B0000-0x00007FF7C1C04000-memory.dmp

Filesize
3.3MB

Download
memory/1804-168-0x00007FF6F0B10000-0x00007FF6F0E64000-memory.dmp

Filesize
3.3MB

Download
memory/1804-1691-0x00007FF6F0B10000-0x00007FF6F0E64000-memory.dmp

Filesize
3.3MB

Download
memory/1804-1918-0x00007FF6F0B10000-0x00007FF6F0E64000-memory.dmp

Filesize
3.3MB

Download
memory/2060-145-0x00007FF61B4D0000-0x00007FF61B824000-memory.dmp

Filesize
3.3MB

Download
memory/2060-1529-0x00007FF61B4D0000-0x00007FF61B824000-memory.dmp

Filesize
3.3MB

Download
memory/2060-1917-0x00007FF61B4D0000-0x00007FF61B824000-memory.dmp

Filesize
3.3MB

Download
memory/2148-76-0x00007FF60BF30000-0x00007FF60C284000-memory.dmp

Filesize
3.3MB

Download
memory/2148-1892-0x00007FF60BF30000-0x00007FF60C284000-memory.dmp

Filesize
3.3MB

Download
memory/2148-144-0x00007FF60BF30000-0x00007FF60C284000-memory.dmp

Filesize
3.3MB

Download
memory/2308-116-0x00007FF725A40000-0x00007FF725D94000-memory.dmp

Filesize
3.3MB

Download
memory/2308-1872-0x00007FF725A40000-0x00007FF725D94000-memory.dmp

Filesize
3.3MB

Download
memory/2308-48-0x00007FF725A40000-0x00007FF725D94000-memory.dmp

Filesize
3.3MB

Download
memory/2500-1926-0x00007FF727BB0000-0x00007FF727F04000-memory.dmp

Filesize
3.3MB

Download
memory/2500-131-0x00007FF727BB0000-0x00007FF727F04000-memory.dmp

Filesize
3.3MB

Download
memory/2500-1409-0x00007FF727BB0000-0x00007FF727F04000-memory.dmp

Filesize
3.3MB

Download
memory/2524-88-0x00007FF7FE260000-0x00007FF7FE5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-1847-0x00007FF7FE260000-0x00007FF7FE5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-24-0x00007FF7FE260000-0x00007FF7FE5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-82-0x00007FF700E60000-0x00007FF7011B4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-1897-0x00007FF700E60000-0x00007FF7011B4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-151-0x00007FF700E60000-0x00007FF7011B4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1868-0x00007FF785170000-0x00007FF7854C4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-102-0x00007FF785170000-0x00007FF7854C4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-36-0x00007FF785170000-0x00007FF7854C4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-1875-0x00007FF649CB0000-0x00007FF64A004000-memory.dmp

Filesize
3.3MB

Download
memory/2864-109-0x00007FF649CB0000-0x00007FF64A004000-memory.dmp

Filesize
3.3MB

Download
memory/2864-42-0x00007FF649CB0000-0x00007FF64A004000-memory.dmp

Filesize
3.3MB

Download
memory/3424-172-0x00007FF727720000-0x00007FF727A74000-memory.dmp

Filesize
3.3MB

Download
memory/3424-103-0x00007FF727720000-0x00007FF727A74000-memory.dmp

Filesize
3.3MB

Download
memory/3424-1898-0x00007FF727720000-0x00007FF727A74000-memory.dmp

Filesize
3.3MB

Download
memory/3488-195-0x00007FF6E7CE0000-0x00007FF6E8034000-memory.dmp

Filesize
3.3MB

Download
memory/3488-124-0x00007FF6E7CE0000-0x00007FF6E8034000-memory.dmp

Filesize
3.3MB

Download
memory/3488-1908-0x00007FF6E7CE0000-0x00007FF6E8034000-memory.dmp

Filesize
3.3MB

Download
memory/3508-1923-0x00007FF7567B0000-0x00007FF756B04000-memory.dmp

Filesize
3.3MB

Download
memory/3508-198-0x00007FF7567B0000-0x00007FF756B04000-memory.dmp

Filesize
3.3MB

Download
memory/3508-1879-0x00007FF7567B0000-0x00007FF756B04000-memory.dmp

Filesize
3.3MB

Download
memory/3528-95-0x00007FF7F4C40000-0x00007FF7F4F94000-memory.dmp

Filesize
3.3MB

Download
memory/3528-29-0x00007FF7F4C40000-0x00007FF7F4F94000-memory.dmp

Filesize
3.3MB

Download
memory/3528-1858-0x00007FF7F4C40000-0x00007FF7F4F94000-memory.dmp

Filesize
3.3MB

Download
memory/3596-1740-0x00007FF7AFA90000-0x00007FF7AFDE4000-memory.dmp

Filesize
3.3MB

Download
memory/3596-1916-0x00007FF7AFA90000-0x00007FF7AFDE4000-memory.dmp

Filesize
3.3MB

Download
memory/3596-173-0x00007FF7AFA90000-0x00007FF7AFDE4000-memory.dmp

Filesize
3.3MB

Download
memory/3924-75-0x00007FF735CB0000-0x00007FF736004000-memory.dmp

Filesize
3.3MB

Download
memory/3924-1797-0x00007FF735CB0000-0x00007FF736004000-memory.dmp

Filesize
3.3MB

Download
memory/3924-18-0x00007FF735CB0000-0x00007FF736004000-memory.dmp

Filesize
3.3MB

Download
memory/3932-68-0x00007FF76A140000-0x00007FF76A494000-memory.dmp

Filesize
3.3MB

Download
memory/3932-12-0x00007FF76A140000-0x00007FF76A494000-memory.dmp

Filesize
3.3MB

Download
memory/3932-1793-0x00007FF76A140000-0x00007FF76A494000-memory.dmp

Filesize
3.3MB

Download
memory/4284-1876-0x00007FF7F1AE0000-0x00007FF7F1E34000-memory.dmp

Filesize
3.3MB

Download
memory/4284-123-0x00007FF7F1AE0000-0x00007FF7F1E34000-memory.dmp

Filesize
3.3MB

Download
memory/4284-55-0x00007FF7F1AE0000-0x00007FF7F1E34000-memory.dmp

Filesize
3.3MB

Download
memory/4444-117-0x00007FF629F40000-0x00007FF62A294000-memory.dmp

Filesize
3.3MB

Download
memory/4444-1904-0x00007FF629F40000-0x00007FF62A294000-memory.dmp

Filesize
3.3MB

Download
memory/4444-186-0x00007FF629F40000-0x00007FF62A294000-memory.dmp

Filesize
3.3MB

Download
memory/4520-1-0x000001A6888E0000-0x000001A6888F0000-memory.dmp

Filesize
64KB

Download
memory/4520-0-0x00007FF73DB50000-0x00007FF73DEA4000-memory.dmp

Filesize
3.3MB

Download
memory/4520-54-0x00007FF73DB50000-0x00007FF73DEA4000-memory.dmp

Filesize
3.3MB

Download
memory/4856-96-0x00007FF7E76C0000-0x00007FF7E7A14000-memory.dmp

Filesize
3.3MB

Download
memory/4856-165-0x00007FF7E76C0000-0x00007FF7E7A14000-memory.dmp

Filesize
3.3MB

Download
memory/4856-1893-0x00007FF7E76C0000-0x00007FF7E7A14000-memory.dmp

Filesize
3.3MB

Download
memory/5104-1919-0x00007FF6C0E20000-0x00007FF6C1174000-memory.dmp

Filesize
3.3MB

Download
memory/5104-162-0x00007FF6C0E20000-0x00007FF6C1174000-memory.dmp

Filesize
3.3MB

Download
memory/5104-1589-0x00007FF6C0E20000-0x00007FF6C1174000-memory.dmp

Filesize
3.3MB

Download
memory/5108-137-0x00007FF7C24E0000-0x00007FF7C2834000-memory.dmp

Filesize
3.3MB

Download
memory/5108-1888-0x00007FF7C24E0000-0x00007FF7C2834000-memory.dmp

Filesize
3.3MB

Download
memory/5108-69-0x00007FF7C24E0000-0x00007FF7C2834000-memory.dmp

Filesize
3.3MB

Download