cobaltstrike | e78d51f995b21a740d6a12a9b87417c86b66dca707288f3560f1b263e74b8c88

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2024 00:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

180d7a405a1958e135ce769537f96cc1
SHA1

307231cbe3b4315aaf263d4ae358304d6125371b
SHA256

e78d51f995b21a740d6a12a9b87417c86b66dca707288f3560f1b263e74b8c88
SHA512

7ca98efe35780606fe8be6b61a12de8b7d7dc77914c0868f67a0d89cf9c776955cddf61e44de90dffb03a1ee849044d7dd5d6c927c822bc0c64a203ca2ac8b10
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUh:T+q56utgpPF8u/7h

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b9c-6.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c87-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c86-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c88-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c89-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8a-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8b-40.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8d-50.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8e-55.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8f-59.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c90-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c92-75.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c94-84.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c95-90.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9b-119.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9d-129.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9f-137.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-164.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca3-160.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca2-158.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca1-152.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca0-148.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9e-140.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9c-127.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9a-115.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c99-110.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c98-105.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c97-100.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c96-95.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c93-80.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c91-70.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8c-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1064-0-0x00007FF74B9A0000-0x00007FF74BCF4000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b9c-6.dat	xmrig
behavioral2/files/0x0007000000023c87-10.dat	xmrig
behavioral2/files/0x0007000000023c86-11.dat	xmrig
behavioral2/memory/4460-12-0x00007FF758AC0000-0x00007FF758E14000-memory.dmp	xmrig
behavioral2/memory/1060-7-0x00007FF73F290000-0x00007FF73F5E4000-memory.dmp	xmrig
behavioral2/memory/3912-18-0x00007FF632B50000-0x00007FF632EA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c88-23.dat	xmrig
behavioral2/files/0x0007000000023c89-28.dat	xmrig
behavioral2/files/0x0007000000023c8a-35.dat	xmrig
behavioral2/files/0x0007000000023c8b-40.dat	xmrig
behavioral2/files/0x0007000000023c8d-50.dat	xmrig
behavioral2/files/0x0007000000023c8e-55.dat	xmrig
behavioral2/files/0x0007000000023c8f-59.dat	xmrig
behavioral2/files/0x0007000000023c90-64.dat	xmrig
behavioral2/files/0x0007000000023c92-75.dat	xmrig
behavioral2/files/0x0007000000023c94-84.dat	xmrig
behavioral2/files/0x0007000000023c95-90.dat	xmrig
behavioral2/files/0x0007000000023c9b-119.dat	xmrig
behavioral2/files/0x0007000000023c9d-129.dat	xmrig
behavioral2/files/0x0007000000023c9f-137.dat	xmrig
behavioral2/files/0x0007000000023ca4-164.dat	xmrig
behavioral2/memory/4548-886-0x00007FF7296B0000-0x00007FF729A04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca3-160.dat	xmrig
behavioral2/files/0x0007000000023ca2-158.dat	xmrig
behavioral2/files/0x0007000000023ca1-152.dat	xmrig
behavioral2/files/0x0007000000023ca0-148.dat	xmrig
behavioral2/files/0x0007000000023c9e-140.dat	xmrig
behavioral2/files/0x0007000000023c9c-127.dat	xmrig
behavioral2/files/0x0007000000023c9a-115.dat	xmrig
behavioral2/files/0x0007000000023c99-110.dat	xmrig
behavioral2/files/0x0007000000023c98-105.dat	xmrig
behavioral2/files/0x0007000000023c97-100.dat	xmrig
behavioral2/files/0x0007000000023c96-95.dat	xmrig
behavioral2/files/0x0007000000023c93-80.dat	xmrig
behavioral2/files/0x0007000000023c91-70.dat	xmrig
behavioral2/files/0x0007000000023c8c-45.dat	xmrig
behavioral2/memory/3028-26-0x00007FF639930000-0x00007FF639C84000-memory.dmp	xmrig
behavioral2/memory/220-890-0x00007FF610E90000-0x00007FF6111E4000-memory.dmp	xmrig
behavioral2/memory/2092-893-0x00007FF6143B0000-0x00007FF614704000-memory.dmp	xmrig
behavioral2/memory/3332-898-0x00007FF741930000-0x00007FF741C84000-memory.dmp	xmrig
behavioral2/memory/1884-903-0x00007FF658500000-0x00007FF658854000-memory.dmp	xmrig
behavioral2/memory/4068-908-0x00007FF669810000-0x00007FF669B64000-memory.dmp	xmrig
behavioral2/memory/4936-909-0x00007FF6F4640000-0x00007FF6F4994000-memory.dmp	xmrig
behavioral2/memory/4980-907-0x00007FF6B8380000-0x00007FF6B86D4000-memory.dmp	xmrig
behavioral2/memory/1964-904-0x00007FF6AF150000-0x00007FF6AF4A4000-memory.dmp	xmrig
behavioral2/memory/2716-915-0x00007FF6B0000000-0x00007FF6B0354000-memory.dmp	xmrig
behavioral2/memory/3772-914-0x00007FF6C0530000-0x00007FF6C0884000-memory.dmp	xmrig
behavioral2/memory/2400-918-0x00007FF6FCE20000-0x00007FF6FD174000-memory.dmp	xmrig
behavioral2/memory/3496-919-0x00007FF6E82E0000-0x00007FF6E8634000-memory.dmp	xmrig
behavioral2/memory/1376-924-0x00007FF71CBD0000-0x00007FF71CF24000-memory.dmp	xmrig
behavioral2/memory/3592-921-0x00007FF6CF250000-0x00007FF6CF5A4000-memory.dmp	xmrig
behavioral2/memory/3312-925-0x00007FF7E7DA0000-0x00007FF7E80F4000-memory.dmp	xmrig
behavioral2/memory/1648-930-0x00007FF63A1A0000-0x00007FF63A4F4000-memory.dmp	xmrig
behavioral2/memory/8-928-0x00007FF76C710000-0x00007FF76CA64000-memory.dmp	xmrig
behavioral2/memory/2720-937-0x00007FF6ED840000-0x00007FF6EDB94000-memory.dmp	xmrig
behavioral2/memory/4156-940-0x00007FF727420000-0x00007FF727774000-memory.dmp	xmrig
behavioral2/memory/2432-936-0x00007FF62B270000-0x00007FF62B5C4000-memory.dmp	xmrig
behavioral2/memory/3880-959-0x00007FF740E90000-0x00007FF7411E4000-memory.dmp	xmrig
behavioral2/memory/1096-961-0x00007FF7BD650000-0x00007FF7BD9A4000-memory.dmp	xmrig
behavioral2/memory/3104-934-0x00007FF670660000-0x00007FF6709B4000-memory.dmp	xmrig
behavioral2/memory/4464-932-0x00007FF7678F0000-0x00007FF767C44000-memory.dmp	xmrig
behavioral2/memory/1064-1073-0x00007FF74B9A0000-0x00007FF74BCF4000-memory.dmp	xmrig
behavioral2/memory/1060-1117-0x00007FF73F290000-0x00007FF73F5E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1060	UUvpVPH.exe
4460	HuPGzHP.exe
3912	bVXkAXZ.exe
3028	bziakIe.exe
4548	uhsZSTc.exe
1096	yzgDFcs.exe
220	TYriLBb.exe
2092	AsXBBmA.exe
3332	lOQoOAs.exe
1884	LoWHZJt.exe
1964	TZmiCyn.exe
4980	rbremmc.exe
4068	hVqDfnN.exe
4936	KKcStwy.exe
3772	zmCqecW.exe
2716	ZUqhxpU.exe
2400	ZkpjJRP.exe
3496	YKxpaKR.exe
3592	ESnHYxd.exe
1376	gSJSqKf.exe
3312	UaTipaF.exe
8	dSqhdgL.exe
1648	SGwwoAJ.exe
4464	xrchjTV.exe
3104	GGZWutt.exe
2432	wSYBZGu.exe
2720	rxvVdRp.exe
4156	SpSZbzo.exe
3880	TAKHipE.exe
4088	xvWcgtv.exe
2196	OFiWOaI.exe
4896	ywwmumD.exe
2928	XUmSASM.exe
3428	wYLbLHv.exe
1688	ykrwitj.exe
4352	tcwdlKY.exe
3980	QYyoIDX.exe
60	KIhPezh.exe
4512	yIvSSxa.exe
3596	mZXstVH.exe
2752	MHUzfRx.exe
3412	KfqzElz.exe
4684	ShyqWbg.exe
4344	jAeQjUR.exe
3352	CabbqrF.exe
5088	UydhwWL.exe
3236	jStPRfL.exe
5108	FXUSzwE.exe
1212	tYSHjBt.exe
2596	wDWLGiJ.exe
4372	aypYnHE.exe
4332	EbldWtk.exe
2208	MSFzzgb.exe
2488	qPgosrk.exe
1120	vNGKWWl.exe
3672	OAGGXht.exe
1124	JwhVdzC.exe
4824	kxRLrCz.exe
4444	oanLcqB.exe
4560	LiqcaSP.exe
4492	LdwAVRg.exe
1260	ilJVqBB.exe
4412	IBvNPcK.exe
1416	kEXegSz.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1064-0-0x00007FF74B9A0000-0x00007FF74BCF4000-memory.dmp	upx
behavioral2/files/0x000c000000023b9c-6.dat	upx
behavioral2/files/0x0007000000023c87-10.dat	upx
behavioral2/files/0x0007000000023c86-11.dat	upx
behavioral2/memory/4460-12-0x00007FF758AC0000-0x00007FF758E14000-memory.dmp	upx
behavioral2/memory/1060-7-0x00007FF73F290000-0x00007FF73F5E4000-memory.dmp	upx
behavioral2/memory/3912-18-0x00007FF632B50000-0x00007FF632EA4000-memory.dmp	upx
behavioral2/files/0x0007000000023c88-23.dat	upx
behavioral2/files/0x0007000000023c89-28.dat	upx
behavioral2/files/0x0007000000023c8a-35.dat	upx
behavioral2/files/0x0007000000023c8b-40.dat	upx
behavioral2/files/0x0007000000023c8d-50.dat	upx
behavioral2/files/0x0007000000023c8e-55.dat	upx
behavioral2/files/0x0007000000023c8f-59.dat	upx
behavioral2/files/0x0007000000023c90-64.dat	upx
behavioral2/files/0x0007000000023c92-75.dat	upx
behavioral2/files/0x0007000000023c94-84.dat	upx
behavioral2/files/0x0007000000023c95-90.dat	upx
behavioral2/files/0x0007000000023c9b-119.dat	upx
behavioral2/files/0x0007000000023c9d-129.dat	upx
behavioral2/files/0x0007000000023c9f-137.dat	upx
behavioral2/files/0x0007000000023ca4-164.dat	upx
behavioral2/memory/4548-886-0x00007FF7296B0000-0x00007FF729A04000-memory.dmp	upx
behavioral2/files/0x0007000000023ca3-160.dat	upx
behavioral2/files/0x0007000000023ca2-158.dat	upx
behavioral2/files/0x0007000000023ca1-152.dat	upx
behavioral2/files/0x0007000000023ca0-148.dat	upx
behavioral2/files/0x0007000000023c9e-140.dat	upx
behavioral2/files/0x0007000000023c9c-127.dat	upx
behavioral2/files/0x0007000000023c9a-115.dat	upx
behavioral2/files/0x0007000000023c99-110.dat	upx
behavioral2/files/0x0007000000023c98-105.dat	upx
behavioral2/files/0x0007000000023c97-100.dat	upx
behavioral2/files/0x0007000000023c96-95.dat	upx
behavioral2/files/0x0007000000023c93-80.dat	upx
behavioral2/files/0x0007000000023c91-70.dat	upx
behavioral2/files/0x0007000000023c8c-45.dat	upx
behavioral2/memory/3028-26-0x00007FF639930000-0x00007FF639C84000-memory.dmp	upx
behavioral2/memory/220-890-0x00007FF610E90000-0x00007FF6111E4000-memory.dmp	upx
behavioral2/memory/2092-893-0x00007FF6143B0000-0x00007FF614704000-memory.dmp	upx
behavioral2/memory/3332-898-0x00007FF741930000-0x00007FF741C84000-memory.dmp	upx
behavioral2/memory/1884-903-0x00007FF658500000-0x00007FF658854000-memory.dmp	upx
behavioral2/memory/4068-908-0x00007FF669810000-0x00007FF669B64000-memory.dmp	upx
behavioral2/memory/4936-909-0x00007FF6F4640000-0x00007FF6F4994000-memory.dmp	upx
behavioral2/memory/4980-907-0x00007FF6B8380000-0x00007FF6B86D4000-memory.dmp	upx
behavioral2/memory/1964-904-0x00007FF6AF150000-0x00007FF6AF4A4000-memory.dmp	upx
behavioral2/memory/2716-915-0x00007FF6B0000000-0x00007FF6B0354000-memory.dmp	upx
behavioral2/memory/3772-914-0x00007FF6C0530000-0x00007FF6C0884000-memory.dmp	upx
behavioral2/memory/2400-918-0x00007FF6FCE20000-0x00007FF6FD174000-memory.dmp	upx
behavioral2/memory/3496-919-0x00007FF6E82E0000-0x00007FF6E8634000-memory.dmp	upx
behavioral2/memory/1376-924-0x00007FF71CBD0000-0x00007FF71CF24000-memory.dmp	upx
behavioral2/memory/3592-921-0x00007FF6CF250000-0x00007FF6CF5A4000-memory.dmp	upx
behavioral2/memory/3312-925-0x00007FF7E7DA0000-0x00007FF7E80F4000-memory.dmp	upx
behavioral2/memory/1648-930-0x00007FF63A1A0000-0x00007FF63A4F4000-memory.dmp	upx
behavioral2/memory/8-928-0x00007FF76C710000-0x00007FF76CA64000-memory.dmp	upx
behavioral2/memory/2720-937-0x00007FF6ED840000-0x00007FF6EDB94000-memory.dmp	upx
behavioral2/memory/4156-940-0x00007FF727420000-0x00007FF727774000-memory.dmp	upx
behavioral2/memory/2432-936-0x00007FF62B270000-0x00007FF62B5C4000-memory.dmp	upx
behavioral2/memory/3880-959-0x00007FF740E90000-0x00007FF7411E4000-memory.dmp	upx
behavioral2/memory/1096-961-0x00007FF7BD650000-0x00007FF7BD9A4000-memory.dmp	upx
behavioral2/memory/3104-934-0x00007FF670660000-0x00007FF6709B4000-memory.dmp	upx
behavioral2/memory/4464-932-0x00007FF7678F0000-0x00007FF767C44000-memory.dmp	upx
behavioral2/memory/1064-1073-0x00007FF74B9A0000-0x00007FF74BCF4000-memory.dmp	upx
behavioral2/memory/1060-1117-0x00007FF73F290000-0x00007FF73F5E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OtvPYDQ.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RnPlXPe.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xwNkkTg.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbtqpxY.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RQJyiGr.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMSdcsr.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xOSAvJr.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpvjAit.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxgBRMS.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cByQyDK.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZkpjJRP.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESFdXcP.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtZNjse.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VOeRqqu.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nMhynyz.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hslSBgr.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UMqpRuc.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HqjEAds.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDLYdrE.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylXLAZx.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVKdbaY.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNRNZlE.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGhrmem.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NbcgfKb.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzQTiFy.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUiHSRw.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NaXObSG.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCSDMro.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irONrPD.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MENaQIL.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNgPity.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUJYMDJ.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBhxBjq.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TAkoqTW.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WpaXkHl.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yIvSSxa.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVeXqoI.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNgLgPW.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKtgrrp.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNlrAwP.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvzDSpu.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vwrTFVR.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VtdOOnn.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSEfYuj.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpRQevE.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxjqaPG.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwiULMa.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wewkAfw.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ghrMgBe.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEVCclh.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTyalQy.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FphwJhP.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MHUzfRx.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBPSWWN.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GudNddM.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PErwMQm.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LXyqMyp.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBLikgr.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKkljqB.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KgFefRJ.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jITgfOP.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfsDaYp.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTDbWIw.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csBunwh.exe	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1064 wrote to memory of 1060	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1064 wrote to memory of 1060	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1064 wrote to memory of 4460	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1064 wrote to memory of 4460	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1064 wrote to memory of 3912	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1064 wrote to memory of 3912	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1064 wrote to memory of 3028	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1064 wrote to memory of 3028	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1064 wrote to memory of 4548	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1064 wrote to memory of 4548	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1064 wrote to memory of 1096	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1064 wrote to memory of 1096	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1064 wrote to memory of 220	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1064 wrote to memory of 220	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1064 wrote to memory of 2092	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1064 wrote to memory of 2092	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1064 wrote to memory of 3332	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1064 wrote to memory of 3332	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1064 wrote to memory of 1884	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1064 wrote to memory of 1884	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1064 wrote to memory of 1964	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1064 wrote to memory of 1964	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1064 wrote to memory of 4980	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1064 wrote to memory of 4980	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1064 wrote to memory of 4068	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1064 wrote to memory of 4068	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1064 wrote to memory of 4936	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1064 wrote to memory of 4936	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1064 wrote to memory of 3772	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1064 wrote to memory of 3772	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1064 wrote to memory of 2716	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1064 wrote to memory of 2716	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1064 wrote to memory of 2400	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1064 wrote to memory of 2400	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1064 wrote to memory of 3496	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1064 wrote to memory of 3496	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1064 wrote to memory of 3592	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1064 wrote to memory of 3592	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1064 wrote to memory of 1376	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1064 wrote to memory of 1376	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1064 wrote to memory of 3312	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1064 wrote to memory of 3312	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1064 wrote to memory of 8	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1064 wrote to memory of 8	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1064 wrote to memory of 1648	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1064 wrote to memory of 1648	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1064 wrote to memory of 4464	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1064 wrote to memory of 4464	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1064 wrote to memory of 3104	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1064 wrote to memory of 3104	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1064 wrote to memory of 2432	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1064 wrote to memory of 2432	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1064 wrote to memory of 2720	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1064 wrote to memory of 2720	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1064 wrote to memory of 4156	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1064 wrote to memory of 4156	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1064 wrote to memory of 3880	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1064 wrote to memory of 3880	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1064 wrote to memory of 4088	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1064 wrote to memory of 4088	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1064 wrote to memory of 2196	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1064 wrote to memory of 2196	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1064 wrote to memory of 4896	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1064 wrote to memory of 4896	1064	2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-16_180d7a405a1958e135ce769537f96cc1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1064
- C:\Windows\System\UUvpVPH.exe
  C:\Windows\System\UUvpVPH.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\HuPGzHP.exe
  C:\Windows\System\HuPGzHP.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\bVXkAXZ.exe
  C:\Windows\System\bVXkAXZ.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\bziakIe.exe
  C:\Windows\System\bziakIe.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\uhsZSTc.exe
  C:\Windows\System\uhsZSTc.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\yzgDFcs.exe
  C:\Windows\System\yzgDFcs.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\TYriLBb.exe
  C:\Windows\System\TYriLBb.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\AsXBBmA.exe
  C:\Windows\System\AsXBBmA.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\lOQoOAs.exe
  C:\Windows\System\lOQoOAs.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\LoWHZJt.exe
  C:\Windows\System\LoWHZJt.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\TZmiCyn.exe
  C:\Windows\System\TZmiCyn.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\rbremmc.exe
  C:\Windows\System\rbremmc.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\hVqDfnN.exe
  C:\Windows\System\hVqDfnN.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\KKcStwy.exe
  C:\Windows\System\KKcStwy.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\zmCqecW.exe
  C:\Windows\System\zmCqecW.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\ZUqhxpU.exe
  C:\Windows\System\ZUqhxpU.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\ZkpjJRP.exe
  C:\Windows\System\ZkpjJRP.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\YKxpaKR.exe
  C:\Windows\System\YKxpaKR.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\ESnHYxd.exe
  C:\Windows\System\ESnHYxd.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\gSJSqKf.exe
  C:\Windows\System\gSJSqKf.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\UaTipaF.exe
  C:\Windows\System\UaTipaF.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\dSqhdgL.exe
  C:\Windows\System\dSqhdgL.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\SGwwoAJ.exe
  C:\Windows\System\SGwwoAJ.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\xrchjTV.exe
  C:\Windows\System\xrchjTV.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\GGZWutt.exe
  C:\Windows\System\GGZWutt.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\wSYBZGu.exe
  C:\Windows\System\wSYBZGu.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\rxvVdRp.exe
  C:\Windows\System\rxvVdRp.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\SpSZbzo.exe
  C:\Windows\System\SpSZbzo.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\TAKHipE.exe
  C:\Windows\System\TAKHipE.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\xvWcgtv.exe
  C:\Windows\System\xvWcgtv.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\OFiWOaI.exe
  C:\Windows\System\OFiWOaI.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\ywwmumD.exe
  C:\Windows\System\ywwmumD.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\XUmSASM.exe
  C:\Windows\System\XUmSASM.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\wYLbLHv.exe
  C:\Windows\System\wYLbLHv.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\ykrwitj.exe
  C:\Windows\System\ykrwitj.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\tcwdlKY.exe
  C:\Windows\System\tcwdlKY.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\QYyoIDX.exe
  C:\Windows\System\QYyoIDX.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\KIhPezh.exe
  C:\Windows\System\KIhPezh.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\yIvSSxa.exe
  C:\Windows\System\yIvSSxa.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\mZXstVH.exe
  C:\Windows\System\mZXstVH.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\MHUzfRx.exe
  C:\Windows\System\MHUzfRx.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\KfqzElz.exe
  C:\Windows\System\KfqzElz.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\ShyqWbg.exe
  C:\Windows\System\ShyqWbg.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\jAeQjUR.exe
  C:\Windows\System\jAeQjUR.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\CabbqrF.exe
  C:\Windows\System\CabbqrF.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\UydhwWL.exe
  C:\Windows\System\UydhwWL.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\jStPRfL.exe
  C:\Windows\System\jStPRfL.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\FXUSzwE.exe
  C:\Windows\System\FXUSzwE.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\tYSHjBt.exe
  C:\Windows\System\tYSHjBt.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\wDWLGiJ.exe
  C:\Windows\System\wDWLGiJ.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\aypYnHE.exe
  C:\Windows\System\aypYnHE.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\EbldWtk.exe
  C:\Windows\System\EbldWtk.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\MSFzzgb.exe
  C:\Windows\System\MSFzzgb.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\qPgosrk.exe
  C:\Windows\System\qPgosrk.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\vNGKWWl.exe
  C:\Windows\System\vNGKWWl.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\OAGGXht.exe
  C:\Windows\System\OAGGXht.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\JwhVdzC.exe
  C:\Windows\System\JwhVdzC.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\kxRLrCz.exe
  C:\Windows\System\kxRLrCz.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\oanLcqB.exe
  C:\Windows\System\oanLcqB.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\LiqcaSP.exe
  C:\Windows\System\LiqcaSP.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\LdwAVRg.exe
  C:\Windows\System\LdwAVRg.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\ilJVqBB.exe
  C:\Windows\System\ilJVqBB.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\IBvNPcK.exe
  C:\Windows\System\IBvNPcK.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\kEXegSz.exe
  C:\Windows\System\kEXegSz.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\CZCiSDj.exe
  C:\Windows\System\CZCiSDj.exe
  2⤵
  PID:4004
- C:\Windows\System\sujwgtc.exe
  C:\Windows\System\sujwgtc.exe
  2⤵
  PID:4952
- C:\Windows\System\fEtHRvP.exe
  C:\Windows\System\fEtHRvP.exe
  2⤵
  PID:1424
- C:\Windows\System\scmoYQG.exe
  C:\Windows\System\scmoYQG.exe
  2⤵
  PID:4120
- C:\Windows\System\rnRxrcZ.exe
  C:\Windows\System\rnRxrcZ.exe
  2⤵
  PID:1068
- C:\Windows\System\uOeahyg.exe
  C:\Windows\System\uOeahyg.exe
  2⤵
  PID:1896
- C:\Windows\System\nAjJaMS.exe
  C:\Windows\System\nAjJaMS.exe
  2⤵
  PID:5072
- C:\Windows\System\lIBBQur.exe
  C:\Windows\System\lIBBQur.exe
  2⤵
  PID:2368
- C:\Windows\System\DGBGkcm.exe
  C:\Windows\System\DGBGkcm.exe
  2⤵
  PID:4260
- C:\Windows\System\hDnsVDX.exe
  C:\Windows\System\hDnsVDX.exe
  2⤵
  PID:3196
- C:\Windows\System\jSsRanS.exe
  C:\Windows\System\jSsRanS.exe
  2⤵
  PID:3808
- C:\Windows\System\PdZVayW.exe
  C:\Windows\System\PdZVayW.exe
  2⤵
  PID:3924
- C:\Windows\System\yQnuasJ.exe
  C:\Windows\System\yQnuasJ.exe
  2⤵
  PID:1968
- C:\Windows\System\YbksuFz.exe
  C:\Windows\System\YbksuFz.exe
  2⤵
  PID:2176
- C:\Windows\System\NYmMAdQ.exe
  C:\Windows\System\NYmMAdQ.exe
  2⤵
  PID:3740
- C:\Windows\System\ZELQwkF.exe
  C:\Windows\System\ZELQwkF.exe
  2⤵
  PID:2260
- C:\Windows\System\shSQBDn.exe
  C:\Windows\System\shSQBDn.exe
  2⤵
  PID:4664
- C:\Windows\System\AnZwJSw.exe
  C:\Windows\System\AnZwJSw.exe
  2⤵
  PID:2764
- C:\Windows\System\lJbQNFT.exe
  C:\Windows\System\lJbQNFT.exe
  2⤵
  PID:1600
- C:\Windows\System\zaEmWZy.exe
  C:\Windows\System\zaEmWZy.exe
  2⤵
  PID:4644
- C:\Windows\System\AkudkUL.exe
  C:\Windows\System\AkudkUL.exe
  2⤵
  PID:4456
- C:\Windows\System\iiFwIMD.exe
  C:\Windows\System\iiFwIMD.exe
  2⤵
  PID:740
- C:\Windows\System\wZeYnyI.exe
  C:\Windows\System\wZeYnyI.exe
  2⤵
  PID:5096
- C:\Windows\System\Nhmmgtu.exe
  C:\Windows\System\Nhmmgtu.exe
  2⤵
  PID:5052
- C:\Windows\System\rctttHY.exe
  C:\Windows\System\rctttHY.exe
  2⤵
  PID:1360
- C:\Windows\System\zgHzkHE.exe
  C:\Windows\System\zgHzkHE.exe
  2⤵
  PID:5136
- C:\Windows\System\URSJMZT.exe
  C:\Windows\System\URSJMZT.exe
  2⤵
  PID:5168
- C:\Windows\System\YZuyIaS.exe
  C:\Windows\System\YZuyIaS.exe
  2⤵
  PID:5192
- C:\Windows\System\oADrbcf.exe
  C:\Windows\System\oADrbcf.exe
  2⤵
  PID:5220
- C:\Windows\System\iyYEVhN.exe
  C:\Windows\System\iyYEVhN.exe
  2⤵
  PID:5248
- C:\Windows\System\FYcorET.exe
  C:\Windows\System\FYcorET.exe
  2⤵
  PID:5276
- C:\Windows\System\ovMcyuW.exe
  C:\Windows\System\ovMcyuW.exe
  2⤵
  PID:5304
- C:\Windows\System\JpaNiDC.exe
  C:\Windows\System\JpaNiDC.exe
  2⤵
  PID:5332
- C:\Windows\System\SVJQqLX.exe
  C:\Windows\System\SVJQqLX.exe
  2⤵
  PID:5360
- C:\Windows\System\PhOhdav.exe
  C:\Windows\System\PhOhdav.exe
  2⤵
  PID:5392
- C:\Windows\System\yVhVNeL.exe
  C:\Windows\System\yVhVNeL.exe
  2⤵
  PID:5416
- C:\Windows\System\EySBeww.exe
  C:\Windows\System\EySBeww.exe
  2⤵
  PID:5444
- C:\Windows\System\NbcgfKb.exe
  C:\Windows\System\NbcgfKb.exe
  2⤵
  PID:5476
- C:\Windows\System\nWdmPbw.exe
  C:\Windows\System\nWdmPbw.exe
  2⤵
  PID:5500
- C:\Windows\System\XGvAaHl.exe
  C:\Windows\System\XGvAaHl.exe
  2⤵
  PID:5528
- C:\Windows\System\kpMlBIv.exe
  C:\Windows\System\kpMlBIv.exe
  2⤵
  PID:5556
- C:\Windows\System\nRnuIXO.exe
  C:\Windows\System\nRnuIXO.exe
  2⤵
  PID:5584
- C:\Windows\System\ORMudzL.exe
  C:\Windows\System\ORMudzL.exe
  2⤵
  PID:5624
- C:\Windows\System\pIiMTAe.exe
  C:\Windows\System\pIiMTAe.exe
  2⤵
  PID:5640
- C:\Windows\System\kuGxUuk.exe
  C:\Windows\System\kuGxUuk.exe
  2⤵
  PID:5668
- C:\Windows\System\FBfDHpE.exe
  C:\Windows\System\FBfDHpE.exe
  2⤵
  PID:5696
- C:\Windows\System\dolXgxX.exe
  C:\Windows\System\dolXgxX.exe
  2⤵
  PID:5724
- C:\Windows\System\AydWXfu.exe
  C:\Windows\System\AydWXfu.exe
  2⤵
  PID:5752
- C:\Windows\System\MljXMnj.exe
  C:\Windows\System\MljXMnj.exe
  2⤵
  PID:5780
- C:\Windows\System\xBsBTUn.exe
  C:\Windows\System\xBsBTUn.exe
  2⤵
  PID:5808
- C:\Windows\System\UWlBuNJ.exe
  C:\Windows\System\UWlBuNJ.exe
  2⤵
  PID:5836
- C:\Windows\System\XrlDMQo.exe
  C:\Windows\System\XrlDMQo.exe
  2⤵
  PID:5876
- C:\Windows\System\nMkUiCq.exe
  C:\Windows\System\nMkUiCq.exe
  2⤵
  PID:5892
- C:\Windows\System\bXplkEu.exe
  C:\Windows\System\bXplkEu.exe
  2⤵
  PID:5920
- C:\Windows\System\OtvPYDQ.exe
  C:\Windows\System\OtvPYDQ.exe
  2⤵
  PID:5948
- C:\Windows\System\ybdyWxR.exe
  C:\Windows\System\ybdyWxR.exe
  2⤵
  PID:5976
- C:\Windows\System\zbLonDo.exe
  C:\Windows\System\zbLonDo.exe
  2⤵
  PID:6016
- C:\Windows\System\aWaneDN.exe
  C:\Windows\System\aWaneDN.exe
  2⤵
  PID:6044
- C:\Windows\System\MQxNiVf.exe
  C:\Windows\System\MQxNiVf.exe
  2⤵
  PID:6060
- C:\Windows\System\HEURKUV.exe
  C:\Windows\System\HEURKUV.exe
  2⤵
  PID:6088
- C:\Windows\System\haaPcCd.exe
  C:\Windows\System\haaPcCd.exe
  2⤵
  PID:6116
- C:\Windows\System\dauVGva.exe
  C:\Windows\System\dauVGva.exe
  2⤵
  PID:6140
- C:\Windows\System\qrRaKTS.exe
  C:\Windows\System\qrRaKTS.exe
  2⤵
  PID:3068
- C:\Windows\System\dvXBwGG.exe
  C:\Windows\System\dvXBwGG.exe
  2⤵
  PID:4084
- C:\Windows\System\xBCAFEL.exe
  C:\Windows\System\xBCAFEL.exe
  2⤵
  PID:5148
- C:\Windows\System\GkaBhPe.exe
  C:\Windows\System\GkaBhPe.exe
  2⤵
  PID:5240
- C:\Windows\System\lWFIyet.exe
  C:\Windows\System\lWFIyet.exe
  2⤵
  PID:5272
- C:\Windows\System\YJkaJFK.exe
  C:\Windows\System\YJkaJFK.exe
  2⤵
  PID:5344
- C:\Windows\System\XgRvFlb.exe
  C:\Windows\System\XgRvFlb.exe
  2⤵
  PID:5408
- C:\Windows\System\lcWhnqA.exe
  C:\Windows\System\lcWhnqA.exe
  2⤵
  PID:5468
- C:\Windows\System\yYLpOhY.exe
  C:\Windows\System\yYLpOhY.exe
  2⤵
  PID:5524
- C:\Windows\System\bPJcDaP.exe
  C:\Windows\System\bPJcDaP.exe
  2⤵
  PID:5596
- C:\Windows\System\SJElptY.exe
  C:\Windows\System\SJElptY.exe
  2⤵
  PID:5652
- C:\Windows\System\FgUYxpb.exe
  C:\Windows\System\FgUYxpb.exe
  2⤵
  PID:5708
- C:\Windows\System\WguKpQl.exe
  C:\Windows\System\WguKpQl.exe
  2⤵
  PID:5768
- C:\Windows\System\LioehYT.exe
  C:\Windows\System\LioehYT.exe
  2⤵
  PID:5832
- C:\Windows\System\dcvEiRn.exe
  C:\Windows\System\dcvEiRn.exe
  2⤵
  PID:5904
- C:\Windows\System\bUhnwTQ.exe
  C:\Windows\System\bUhnwTQ.exe
  2⤵
  PID:5964
- C:\Windows\System\XVzDcLy.exe
  C:\Windows\System\XVzDcLy.exe
  2⤵
  PID:6036
- C:\Windows\System\aBHVQbo.exe
  C:\Windows\System\aBHVQbo.exe
  2⤵
  PID:6104
- C:\Windows\System\fGXuICH.exe
  C:\Windows\System\fGXuICH.exe
  2⤵
  PID:2572
- C:\Windows\System\WWLdMZR.exe
  C:\Windows\System\WWLdMZR.exe
  2⤵
  PID:4108
- C:\Windows\System\EKBwfMa.exe
  C:\Windows\System\EKBwfMa.exe
  2⤵
  PID:5268
- C:\Windows\System\aNkChuD.exe
  C:\Windows\System\aNkChuD.exe
  2⤵
  PID:5436
- C:\Windows\System\mtRbuuT.exe
  C:\Windows\System\mtRbuuT.exe
  2⤵
  PID:5568
- C:\Windows\System\iZCrlhW.exe
  C:\Windows\System\iZCrlhW.exe
  2⤵
  PID:5688
- C:\Windows\System\dCRlwtr.exe
  C:\Windows\System\dCRlwtr.exe
  2⤵
  PID:5864
- C:\Windows\System\HNGFxSx.exe
  C:\Windows\System\HNGFxSx.exe
  2⤵
  PID:6012
- C:\Windows\System\bZWpifW.exe
  C:\Windows\System\bZWpifW.exe
  2⤵
  PID:4368
- C:\Windows\System\nHARvTv.exe
  C:\Windows\System\nHARvTv.exe
  2⤵
  PID:5492
- C:\Windows\System\rBpNGEp.exe
  C:\Windows\System\rBpNGEp.exe
  2⤵
  PID:6160
- C:\Windows\System\iIwALDI.exe
  C:\Windows\System\iIwALDI.exe
  2⤵
  PID:6188
- C:\Windows\System\jJHxoXH.exe
  C:\Windows\System\jJHxoXH.exe
  2⤵
  PID:6216
- C:\Windows\System\PNTocFm.exe
  C:\Windows\System\PNTocFm.exe
  2⤵
  PID:6244
- C:\Windows\System\wGunHLA.exe
  C:\Windows\System\wGunHLA.exe
  2⤵
  PID:6272
- C:\Windows\System\stfBOue.exe
  C:\Windows\System\stfBOue.exe
  2⤵
  PID:6300
- C:\Windows\System\shbNmiT.exe
  C:\Windows\System\shbNmiT.exe
  2⤵
  PID:6328
- C:\Windows\System\lLtthjY.exe
  C:\Windows\System\lLtthjY.exe
  2⤵
  PID:6356
- C:\Windows\System\BvcuwTF.exe
  C:\Windows\System\BvcuwTF.exe
  2⤵
  PID:6384
- C:\Windows\System\uFjNQIY.exe
  C:\Windows\System\uFjNQIY.exe
  2⤵
  PID:6412
- C:\Windows\System\nlmYEFj.exe
  C:\Windows\System\nlmYEFj.exe
  2⤵
  PID:6452
- C:\Windows\System\RiUdibM.exe
  C:\Windows\System\RiUdibM.exe
  2⤵
  PID:6480
- C:\Windows\System\xMtazam.exe
  C:\Windows\System\xMtazam.exe
  2⤵
  PID:6496
- C:\Windows\System\zpBafFM.exe
  C:\Windows\System\zpBafFM.exe
  2⤵
  PID:6536
- C:\Windows\System\IitooUg.exe
  C:\Windows\System\IitooUg.exe
  2⤵
  PID:6552
- C:\Windows\System\uJEvhYS.exe
  C:\Windows\System\uJEvhYS.exe
  2⤵
  PID:6580
- C:\Windows\System\sSdVFAv.exe
  C:\Windows\System\sSdVFAv.exe
  2⤵
  PID:6608
- C:\Windows\System\DLERgRm.exe
  C:\Windows\System\DLERgRm.exe
  2⤵
  PID:6640
- C:\Windows\System\JnMmFRI.exe
  C:\Windows\System\JnMmFRI.exe
  2⤵
  PID:6664
- C:\Windows\System\KPfTNjf.exe
  C:\Windows\System\KPfTNjf.exe
  2⤵
  PID:6692
- C:\Windows\System\nQrMFwq.exe
  C:\Windows\System\nQrMFwq.exe
  2⤵
  PID:6732
- C:\Windows\System\gSsVmWB.exe
  C:\Windows\System\gSsVmWB.exe
  2⤵
  PID:6748
- C:\Windows\System\bydHITY.exe
  C:\Windows\System\bydHITY.exe
  2⤵
  PID:6776
- C:\Windows\System\UFUqdxy.exe
  C:\Windows\System\UFUqdxy.exe
  2⤵
  PID:6804
- C:\Windows\System\sYRUaqq.exe
  C:\Windows\System\sYRUaqq.exe
  2⤵
  PID:6844
- C:\Windows\System\fSKeYGb.exe
  C:\Windows\System\fSKeYGb.exe
  2⤵
  PID:6864
- C:\Windows\System\wriDtnC.exe
  C:\Windows\System\wriDtnC.exe
  2⤵
  PID:6888
- C:\Windows\System\sqOHXqj.exe
  C:\Windows\System\sqOHXqj.exe
  2⤵
  PID:6920
- C:\Windows\System\eJEMoJS.exe
  C:\Windows\System\eJEMoJS.exe
  2⤵
  PID:6956
- C:\Windows\System\NzDJaEi.exe
  C:\Windows\System\NzDJaEi.exe
  2⤵
  PID:6976
- C:\Windows\System\KGzMjyy.exe
  C:\Windows\System\KGzMjyy.exe
  2⤵
  PID:7012
- C:\Windows\System\OkHKhnA.exe
  C:\Windows\System\OkHKhnA.exe
  2⤵
  PID:7040
- C:\Windows\System\Sozxocm.exe
  C:\Windows\System\Sozxocm.exe
  2⤵
  PID:7056
- C:\Windows\System\XRkDEfe.exe
  C:\Windows\System\XRkDEfe.exe
  2⤵
  PID:7096
- C:\Windows\System\JscdjjQ.exe
  C:\Windows\System\JscdjjQ.exe
  2⤵
  PID:7124
- C:\Windows\System\sfHNYLP.exe
  C:\Windows\System\sfHNYLP.exe
  2⤵
  PID:7140
- C:\Windows\System\pxUrboZ.exe
  C:\Windows\System\pxUrboZ.exe
  2⤵
  PID:5512
- C:\Windows\System\UrVoBua.exe
  C:\Windows\System\UrVoBua.exe
  2⤵
  PID:5804
- C:\Windows\System\rsoGqzx.exe
  C:\Windows\System\rsoGqzx.exe
  2⤵
  PID:528
- C:\Windows\System\jLMgKMu.exe
  C:\Windows\System\jLMgKMu.exe
  2⤵
  PID:6176
- C:\Windows\System\dFBMHpG.exe
  C:\Windows\System\dFBMHpG.exe
  2⤵
  PID:6256
- C:\Windows\System\UtSAtgN.exe
  C:\Windows\System\UtSAtgN.exe
  2⤵
  PID:6312
- C:\Windows\System\sNZcHJC.exe
  C:\Windows\System\sNZcHJC.exe
  2⤵
  PID:6380
- C:\Windows\System\pHqFDMv.exe
  C:\Windows\System\pHqFDMv.exe
  2⤵
  PID:6440
- C:\Windows\System\yjpmNbZ.exe
  C:\Windows\System\yjpmNbZ.exe
  2⤵
  PID:6528
- C:\Windows\System\kONhWys.exe
  C:\Windows\System\kONhWys.exe
  2⤵
  PID:6568
- C:\Windows\System\IgsgngA.exe
  C:\Windows\System\IgsgngA.exe
  2⤵
  PID:6648
- C:\Windows\System\TbDjCuT.exe
  C:\Windows\System\TbDjCuT.exe
  2⤵
  PID:6704
- C:\Windows\System\rIKnlIF.exe
  C:\Windows\System\rIKnlIF.exe
  2⤵
  PID:6768
- C:\Windows\System\jXgXxIr.exe
  C:\Windows\System\jXgXxIr.exe
  2⤵
  PID:6832
- C:\Windows\System\LGHwFOm.exe
  C:\Windows\System\LGHwFOm.exe
  2⤵
  PID:6900
- C:\Windows\System\KkSLBfP.exe
  C:\Windows\System\KkSLBfP.exe
  2⤵
  PID:6964
- C:\Windows\System\dORfWnS.exe
  C:\Windows\System\dORfWnS.exe
  2⤵
  PID:7028
- C:\Windows\System\mseBfCg.exe
  C:\Windows\System\mseBfCg.exe
  2⤵
  PID:7088
- C:\Windows\System\GPeJsex.exe
  C:\Windows\System\GPeJsex.exe
  2⤵
  PID:7156
- C:\Windows\System\GDxBYUr.exe
  C:\Windows\System\GDxBYUr.exe
  2⤵
  PID:6084
- C:\Windows\System\BASGkrm.exe
  C:\Windows\System\BASGkrm.exe
  2⤵
  PID:6236
- C:\Windows\System\mVeXqoI.exe
  C:\Windows\System\mVeXqoI.exe
  2⤵
  PID:6404
- C:\Windows\System\eDjjSjb.exe
  C:\Windows\System\eDjjSjb.exe
  2⤵
  PID:6548
- C:\Windows\System\jdIvBEZ.exe
  C:\Windows\System\jdIvBEZ.exe
  2⤵
  PID:6680
- C:\Windows\System\fsRvDuR.exe
  C:\Windows\System\fsRvDuR.exe
  2⤵
  PID:6856
- C:\Windows\System\XiyTHQo.exe
  C:\Windows\System\XiyTHQo.exe
  2⤵
  PID:6996
- C:\Windows\System\IisOBYH.exe
  C:\Windows\System\IisOBYH.exe
  2⤵
  PID:7136
- C:\Windows\System\SIoVnHy.exe
  C:\Windows\System\SIoVnHy.exe
  2⤵
  PID:6172
- C:\Windows\System\dESPtLJ.exe
  C:\Windows\System\dESPtLJ.exe
  2⤵
  PID:6520
- C:\Windows\System\IjKqUhB.exe
  C:\Windows\System\IjKqUhB.exe
  2⤵
  PID:7192
- C:\Windows\System\opCqFCo.exe
  C:\Windows\System\opCqFCo.exe
  2⤵
  PID:7220
- C:\Windows\System\gMztpkq.exe
  C:\Windows\System\gMztpkq.exe
  2⤵
  PID:7260
- C:\Windows\System\jXOudNQ.exe
  C:\Windows\System\jXOudNQ.exe
  2⤵
  PID:7288
- C:\Windows\System\WwdBXdb.exe
  C:\Windows\System\WwdBXdb.exe
  2⤵
  PID:7304
- C:\Windows\System\iUZOMOT.exe
  C:\Windows\System\iUZOMOT.exe
  2⤵
  PID:7336
- C:\Windows\System\fvJPpye.exe
  C:\Windows\System\fvJPpye.exe
  2⤵
  PID:7372
- C:\Windows\System\WnBBTkr.exe
  C:\Windows\System\WnBBTkr.exe
  2⤵
  PID:7388
- C:\Windows\System\GVlCkAh.exe
  C:\Windows\System\GVlCkAh.exe
  2⤵
  PID:7416
- C:\Windows\System\PxNyOND.exe
  C:\Windows\System\PxNyOND.exe
  2⤵
  PID:7444
- C:\Windows\System\tMZzDRE.exe
  C:\Windows\System\tMZzDRE.exe
  2⤵
  PID:7472
- C:\Windows\System\qZJrsMq.exe
  C:\Windows\System\qZJrsMq.exe
  2⤵
  PID:7500
- C:\Windows\System\lynuRyI.exe
  C:\Windows\System\lynuRyI.exe
  2⤵
  PID:7528
- C:\Windows\System\hfvgGVw.exe
  C:\Windows\System\hfvgGVw.exe
  2⤵
  PID:7560
- C:\Windows\System\vqPntNT.exe
  C:\Windows\System\vqPntNT.exe
  2⤵
  PID:7584
- C:\Windows\System\kJirgvQ.exe
  C:\Windows\System\kJirgvQ.exe
  2⤵
  PID:7612
- C:\Windows\System\OKjCEDq.exe
  C:\Windows\System\OKjCEDq.exe
  2⤵
  PID:7640
- C:\Windows\System\IZAyCLh.exe
  C:\Windows\System\IZAyCLh.exe
  2⤵
  PID:7668
- C:\Windows\System\vSvzslm.exe
  C:\Windows\System\vSvzslm.exe
  2⤵
  PID:7696
- C:\Windows\System\tlSiktM.exe
  C:\Windows\System\tlSiktM.exe
  2⤵
  PID:7724
- C:\Windows\System\bbziqMR.exe
  C:\Windows\System\bbziqMR.exe
  2⤵
  PID:7752
- C:\Windows\System\faZQuAU.exe
  C:\Windows\System\faZQuAU.exe
  2⤵
  PID:7780
- C:\Windows\System\xrTpyWf.exe
  C:\Windows\System\xrTpyWf.exe
  2⤵
  PID:7820
- C:\Windows\System\Lvsqlmd.exe
  C:\Windows\System\Lvsqlmd.exe
  2⤵
  PID:7836
- C:\Windows\System\qxUVuhy.exe
  C:\Windows\System\qxUVuhy.exe
  2⤵
  PID:7864
- C:\Windows\System\fUcBYNT.exe
  C:\Windows\System\fUcBYNT.exe
  2⤵
  PID:7892
- C:\Windows\System\hFgFrav.exe
  C:\Windows\System\hFgFrav.exe
  2⤵
  PID:7924
- C:\Windows\System\ZgvWCoz.exe
  C:\Windows\System\ZgvWCoz.exe
  2⤵
  PID:7952
- C:\Windows\System\LxQyNMQ.exe
  C:\Windows\System\LxQyNMQ.exe
  2⤵
  PID:7976
- C:\Windows\System\MpjNNaO.exe
  C:\Windows\System\MpjNNaO.exe
  2⤵
  PID:8004
- C:\Windows\System\IsTvojl.exe
  C:\Windows\System\IsTvojl.exe
  2⤵
  PID:8032
- C:\Windows\System\nRoBbrS.exe
  C:\Windows\System\nRoBbrS.exe
  2⤵
  PID:8060
- C:\Windows\System\DGVJgEb.exe
  C:\Windows\System\DGVJgEb.exe
  2⤵
  PID:8088
- C:\Windows\System\QENdivP.exe
  C:\Windows\System\QENdivP.exe
  2⤵
  PID:8116
- C:\Windows\System\PbKqUAH.exe
  C:\Windows\System\PbKqUAH.exe
  2⤵
  PID:8148
- C:\Windows\System\gCgRZqn.exe
  C:\Windows\System\gCgRZqn.exe
  2⤵
  PID:8172
- C:\Windows\System\NtGJetY.exe
  C:\Windows\System\NtGJetY.exe
  2⤵
  PID:6760
- C:\Windows\System\NkmNtMP.exe
  C:\Windows\System\NkmNtMP.exe
  2⤵
  PID:1576
- C:\Windows\System\acNGoZr.exe
  C:\Windows\System\acNGoZr.exe
  2⤵
  PID:7204
- C:\Windows\System\bZjSETT.exe
  C:\Windows\System\bZjSETT.exe
  2⤵
  PID:7252
- C:\Windows\System\lBVcuYX.exe
  C:\Windows\System\lBVcuYX.exe
  2⤵
  PID:7320
- C:\Windows\System\UNPLhdX.exe
  C:\Windows\System\UNPLhdX.exe
  2⤵
  PID:7356
- C:\Windows\System\JdwFdTB.exe
  C:\Windows\System\JdwFdTB.exe
  2⤵
  PID:7412
- C:\Windows\System\eSAHiTR.exe
  C:\Windows\System\eSAHiTR.exe
  2⤵
  PID:7460
- C:\Windows\System\qApJGda.exe
  C:\Windows\System\qApJGda.exe
  2⤵
  PID:7524
- C:\Windows\System\LiAMYwo.exe
  C:\Windows\System\LiAMYwo.exe
  2⤵
  PID:7600
- C:\Windows\System\rnysCKB.exe
  C:\Windows\System\rnysCKB.exe
  2⤵
  PID:7660
- C:\Windows\System\WZGGgnj.exe
  C:\Windows\System\WZGGgnj.exe
  2⤵
  PID:5104
- C:\Windows\System\HYpcsGq.exe
  C:\Windows\System\HYpcsGq.exe
  2⤵
  PID:7768
- C:\Windows\System\LhRPguN.exe
  C:\Windows\System\LhRPguN.exe
  2⤵
  PID:7848
- C:\Windows\System\doKHbBa.exe
  C:\Windows\System\doKHbBa.exe
  2⤵
  PID:7884
- C:\Windows\System\zKNDqly.exe
  C:\Windows\System\zKNDqly.exe
  2⤵
  PID:7944
- C:\Windows\System\jQoMbgx.exe
  C:\Windows\System\jQoMbgx.exe
  2⤵
  PID:8000
- C:\Windows\System\mLeArNP.exe
  C:\Windows\System\mLeArNP.exe
  2⤵
  PID:8052
- C:\Windows\System\pVSYTfa.exe
  C:\Windows\System\pVSYTfa.exe
  2⤵
  PID:8136
- C:\Windows\System\BcPLFxL.exe
  C:\Windows\System\BcPLFxL.exe
  2⤵
  PID:6928
- C:\Windows\System\VUpcWUQ.exe
  C:\Windows\System\VUpcWUQ.exe
  2⤵
  PID:3320
- C:\Windows\System\EvcvpYB.exe
  C:\Windows\System\EvcvpYB.exe
  2⤵
  PID:7380
- C:\Windows\System\kLHgipz.exe
  C:\Windows\System\kLHgipz.exe
  2⤵
  PID:3608
- C:\Windows\System\VdTtQse.exe
  C:\Windows\System\VdTtQse.exe
  2⤵
  PID:4764
- C:\Windows\System\BxFEoJN.exe
  C:\Windows\System\BxFEoJN.exe
  2⤵
  PID:4752
- C:\Windows\System\Mqrjrzr.exe
  C:\Windows\System\Mqrjrzr.exe
  2⤵
  PID:7880
- C:\Windows\System\zvMQGif.exe
  C:\Windows\System\zvMQGif.exe
  2⤵
  PID:1456
- C:\Windows\System\MUnHLdW.exe
  C:\Windows\System\MUnHLdW.exe
  2⤵
  PID:912
- C:\Windows\System\XGaFnpR.exe
  C:\Windows\System\XGaFnpR.exe
  2⤵
  PID:4868
- C:\Windows\System\XBYinIi.exe
  C:\Windows\System\XBYinIi.exe
  2⤵
  PID:4568
- C:\Windows\System\daEWYQd.exe
  C:\Windows\System\daEWYQd.exe
  2⤵
  PID:1528
- C:\Windows\System\atTzlQs.exe
  C:\Windows\System\atTzlQs.exe
  2⤵
  PID:8164
- C:\Windows\System\edWnwNJ.exe
  C:\Windows\System\edWnwNJ.exe
  2⤵
  PID:6992
- C:\Windows\System\YLMEgLC.exe
  C:\Windows\System\YLMEgLC.exe
  2⤵
  PID:7580
- C:\Windows\System\nVQxwZV.exe
  C:\Windows\System\nVQxwZV.exe
  2⤵
  PID:7456
- C:\Windows\System\pgxzTQP.exe
  C:\Windows\System\pgxzTQP.exe
  2⤵
  PID:1592
- C:\Windows\System\nZZsDNg.exe
  C:\Windows\System\nZZsDNg.exe
  2⤵
  PID:736
- C:\Windows\System\CUrPFxL.exe
  C:\Windows\System\CUrPFxL.exe
  2⤵
  PID:6508
- C:\Windows\System\BWPqKds.exe
  C:\Windows\System\BWPqKds.exe
  2⤵
  PID:7812
- C:\Windows\System\MqLBwze.exe
  C:\Windows\System\MqLBwze.exe
  2⤵
  PID:2672
- C:\Windows\System\oMniSDd.exe
  C:\Windows\System\oMniSDd.exe
  2⤵
  PID:8112
- C:\Windows\System\CrrciAb.exe
  C:\Windows\System\CrrciAb.exe
  2⤵
  PID:4972
- C:\Windows\System\HdZpNZl.exe
  C:\Windows\System\HdZpNZl.exe
  2⤵
  PID:7828
- C:\Windows\System\WhlHkfO.exe
  C:\Windows\System\WhlHkfO.exe
  2⤵
  PID:3816
- C:\Windows\System\opPIenx.exe
  C:\Windows\System\opPIenx.exe
  2⤵
  PID:8240
- C:\Windows\System\ApBwANj.exe
  C:\Windows\System\ApBwANj.exe
  2⤵
  PID:8264
- C:\Windows\System\QspPWSQ.exe
  C:\Windows\System\QspPWSQ.exe
  2⤵
  PID:8308
- C:\Windows\System\DNeIFnd.exe
  C:\Windows\System\DNeIFnd.exe
  2⤵
  PID:8368
- C:\Windows\System\bfdiqie.exe
  C:\Windows\System\bfdiqie.exe
  2⤵
  PID:8420
- C:\Windows\System\KidyBnX.exe
  C:\Windows\System\KidyBnX.exe
  2⤵
  PID:8460
- C:\Windows\System\ZCSDMro.exe
  C:\Windows\System\ZCSDMro.exe
  2⤵
  PID:8492
- C:\Windows\System\vUWSYuB.exe
  C:\Windows\System\vUWSYuB.exe
  2⤵
  PID:8516
- C:\Windows\System\CUbRiaT.exe
  C:\Windows\System\CUbRiaT.exe
  2⤵
  PID:8568
- C:\Windows\System\JrZZHdl.exe
  C:\Windows\System\JrZZHdl.exe
  2⤵
  PID:8596
- C:\Windows\System\icAomHH.exe
  C:\Windows\System\icAomHH.exe
  2⤵
  PID:8624
- C:\Windows\System\FHbRumI.exe
  C:\Windows\System\FHbRumI.exe
  2⤵
  PID:8656
- C:\Windows\System\WVpyBWj.exe
  C:\Windows\System\WVpyBWj.exe
  2⤵
  PID:8684
- C:\Windows\System\THxPyji.exe
  C:\Windows\System\THxPyji.exe
  2⤵
  PID:8720
- C:\Windows\System\oJCrwmS.exe
  C:\Windows\System\oJCrwmS.exe
  2⤵
  PID:8744
- C:\Windows\System\RUZXqRw.exe
  C:\Windows\System\RUZXqRw.exe
  2⤵
  PID:8780
- C:\Windows\System\bCLYKzm.exe
  C:\Windows\System\bCLYKzm.exe
  2⤵
  PID:8804
- C:\Windows\System\gpRQevE.exe
  C:\Windows\System\gpRQevE.exe
  2⤵
  PID:8832
- C:\Windows\System\SjmQGLe.exe
  C:\Windows\System\SjmQGLe.exe
  2⤵
  PID:8860
- C:\Windows\System\DTRsGmo.exe
  C:\Windows\System\DTRsGmo.exe
  2⤵
  PID:8888
- C:\Windows\System\NwXIyYa.exe
  C:\Windows\System\NwXIyYa.exe
  2⤵
  PID:8924
- C:\Windows\System\kHqhOTI.exe
  C:\Windows\System\kHqhOTI.exe
  2⤵
  PID:8948
- C:\Windows\System\TOhfqtZ.exe
  C:\Windows\System\TOhfqtZ.exe
  2⤵
  PID:8976
- C:\Windows\System\nAJjyiF.exe
  C:\Windows\System\nAJjyiF.exe
  2⤵
  PID:9012
- C:\Windows\System\FlWQGrw.exe
  C:\Windows\System\FlWQGrw.exe
  2⤵
  PID:9032
- C:\Windows\System\CWMlIxw.exe
  C:\Windows\System\CWMlIxw.exe
  2⤵
  PID:9064
- C:\Windows\System\pyjyhMS.exe
  C:\Windows\System\pyjyhMS.exe
  2⤵
  PID:9096
- C:\Windows\System\KRpNURV.exe
  C:\Windows\System\KRpNURV.exe
  2⤵
  PID:9124
- C:\Windows\System\rzncNfu.exe
  C:\Windows\System\rzncNfu.exe
  2⤵
  PID:9156
- C:\Windows\System\icyErKm.exe
  C:\Windows\System\icyErKm.exe
  2⤵
  PID:9192
- C:\Windows\System\KFYbabj.exe
  C:\Windows\System\KFYbabj.exe
  2⤵
  PID:4812
- C:\Windows\System\TQpfgqO.exe
  C:\Windows\System\TQpfgqO.exe
  2⤵
  PID:8276
- C:\Windows\System\EowmJBJ.exe
  C:\Windows\System\EowmJBJ.exe
  2⤵
  PID:8348
- C:\Windows\System\BmvxsCy.exe
  C:\Windows\System\BmvxsCy.exe
  2⤵
  PID:7744
- C:\Windows\System\NMuMcQX.exe
  C:\Windows\System\NMuMcQX.exe
  2⤵
  PID:8608
- C:\Windows\System\ZuSnVsd.exe
  C:\Windows\System\ZuSnVsd.exe
  2⤵
  PID:1312
- C:\Windows\System\nGmJfyi.exe
  C:\Windows\System\nGmJfyi.exe
  2⤵
  PID:8740
- C:\Windows\System\RjmEUEw.exe
  C:\Windows\System\RjmEUEw.exe
  2⤵
  PID:8816
- C:\Windows\System\dBqBzeO.exe
  C:\Windows\System\dBqBzeO.exe
  2⤵
  PID:8852
- C:\Windows\System\ryqLjva.exe
  C:\Windows\System\ryqLjva.exe
  2⤵
  PID:8932
- C:\Windows\System\pmEWbmn.exe
  C:\Windows\System\pmEWbmn.exe
  2⤵
  PID:9000
- C:\Windows\System\oEZMkVU.exe
  C:\Windows\System\oEZMkVU.exe
  2⤵
  PID:9072
- C:\Windows\System\VePhCbr.exe
  C:\Windows\System\VePhCbr.exe
  2⤵
  PID:9148
- C:\Windows\System\nlZkEQK.exe
  C:\Windows\System\nlZkEQK.exe
  2⤵
  PID:8252
- C:\Windows\System\NtfvCJP.exe
  C:\Windows\System\NtfvCJP.exe
  2⤵
  PID:8508
- C:\Windows\System\dGXsSPn.exe
  C:\Windows\System\dGXsSPn.exe
  2⤵
  PID:8636
- C:\Windows\System\iPzhNOJ.exe
  C:\Windows\System\iPzhNOJ.exe
  2⤵
  PID:5048
- C:\Windows\System\uZOjGvU.exe
  C:\Windows\System\uZOjGvU.exe
  2⤵
  PID:8972
- C:\Windows\System\dweABWY.exe
  C:\Windows\System\dweABWY.exe
  2⤵
  PID:9180
- C:\Windows\System\FEmkwVl.exe
  C:\Windows\System\FEmkwVl.exe
  2⤵
  PID:8592
- C:\Windows\System\qbXcVec.exe
  C:\Windows\System\qbXcVec.exe
  2⤵
  PID:9136
- C:\Windows\System\xdYwfcX.exe
  C:\Windows\System\xdYwfcX.exe
  2⤵
  PID:3756
- C:\Windows\System\VjGkRrM.exe
  C:\Windows\System\VjGkRrM.exe
  2⤵
  PID:3376
- C:\Windows\System\TiIaffd.exe
  C:\Windows\System\TiIaffd.exe
  2⤵
  PID:9236
- C:\Windows\System\pUJYMDJ.exe
  C:\Windows\System\pUJYMDJ.exe
  2⤵
  PID:9264
- C:\Windows\System\zngrqIs.exe
  C:\Windows\System\zngrqIs.exe
  2⤵
  PID:9304
- C:\Windows\System\EtSKogr.exe
  C:\Windows\System\EtSKogr.exe
  2⤵
  PID:9348
- C:\Windows\System\rzIKzhV.exe
  C:\Windows\System\rzIKzhV.exe
  2⤵
  PID:9372
- C:\Windows\System\RnPlXPe.exe
  C:\Windows\System\RnPlXPe.exe
  2⤵
  PID:9424
- C:\Windows\System\OzOnOvN.exe
  C:\Windows\System\OzOnOvN.exe
  2⤵
  PID:9444
- C:\Windows\System\esrwkHX.exe
  C:\Windows\System\esrwkHX.exe
  2⤵
  PID:9476
- C:\Windows\System\CzvhgZx.exe
  C:\Windows\System\CzvhgZx.exe
  2⤵
  PID:9500
- C:\Windows\System\ZqbeqRg.exe
  C:\Windows\System\ZqbeqRg.exe
  2⤵
  PID:9528
- C:\Windows\System\WvbaAyZ.exe
  C:\Windows\System\WvbaAyZ.exe
  2⤵
  PID:9556
- C:\Windows\System\CXYvNtr.exe
  C:\Windows\System\CXYvNtr.exe
  2⤵
  PID:9584
- C:\Windows\System\PTERlPH.exe
  C:\Windows\System\PTERlPH.exe
  2⤵
  PID:9616
- C:\Windows\System\WBMRKwa.exe
  C:\Windows\System\WBMRKwa.exe
  2⤵
  PID:9644
- C:\Windows\System\dRXPlna.exe
  C:\Windows\System\dRXPlna.exe
  2⤵
  PID:9684
- C:\Windows\System\CDiFSYJ.exe
  C:\Windows\System\CDiFSYJ.exe
  2⤵
  PID:9704
- C:\Windows\System\miioXch.exe
  C:\Windows\System\miioXch.exe
  2⤵
  PID:9740
- C:\Windows\System\XyTcVvv.exe
  C:\Windows\System\XyTcVvv.exe
  2⤵
  PID:9760
- C:\Windows\System\eGnxsma.exe
  C:\Windows\System\eGnxsma.exe
  2⤵
  PID:9792
- C:\Windows\System\GGMVEkn.exe
  C:\Windows\System\GGMVEkn.exe
  2⤵
  PID:9816
- C:\Windows\System\IzUkPGE.exe
  C:\Windows\System\IzUkPGE.exe
  2⤵
  PID:9844
- C:\Windows\System\LSkwjeh.exe
  C:\Windows\System\LSkwjeh.exe
  2⤵
  PID:9872
- C:\Windows\System\tJEQRVv.exe
  C:\Windows\System\tJEQRVv.exe
  2⤵
  PID:9916
- C:\Windows\System\bSAsEpv.exe
  C:\Windows\System\bSAsEpv.exe
  2⤵
  PID:9932
- C:\Windows\System\WtoVcWB.exe
  C:\Windows\System\WtoVcWB.exe
  2⤵
  PID:9960
- C:\Windows\System\KgFefRJ.exe
  C:\Windows\System\KgFefRJ.exe
  2⤵
  PID:9992
- C:\Windows\System\aEYXBvG.exe
  C:\Windows\System\aEYXBvG.exe
  2⤵
  PID:10016
- C:\Windows\System\gPzYjbh.exe
  C:\Windows\System\gPzYjbh.exe
  2⤵
  PID:10052
- C:\Windows\System\OxjqaPG.exe
  C:\Windows\System\OxjqaPG.exe
  2⤵
  PID:10080
- C:\Windows\System\NPvWqgA.exe
  C:\Windows\System\NPvWqgA.exe
  2⤵
  PID:10116
- C:\Windows\System\fAkPNXg.exe
  C:\Windows\System\fAkPNXg.exe
  2⤵
  PID:10136
- C:\Windows\System\OGrunbi.exe
  C:\Windows\System\OGrunbi.exe
  2⤵
  PID:10168
- C:\Windows\System\CZKhOXY.exe
  C:\Windows\System\CZKhOXY.exe
  2⤵
  PID:10192
- C:\Windows\System\KikqrlA.exe
  C:\Windows\System\KikqrlA.exe
  2⤵
  PID:10232
- C:\Windows\System\tbCLwrg.exe
  C:\Windows\System\tbCLwrg.exe
  2⤵
  PID:9252
- C:\Windows\System\uwvsgmc.exe
  C:\Windows\System\uwvsgmc.exe
  2⤵
  PID:4336
- C:\Windows\System\iwdKKsn.exe
  C:\Windows\System\iwdKKsn.exe
  2⤵
  PID:9436
- C:\Windows\System\hvbgoqK.exe
  C:\Windows\System\hvbgoqK.exe
  2⤵
  PID:9524
- C:\Windows\System\uISDBcT.exe
  C:\Windows\System\uISDBcT.exe
  2⤵
  PID:9580
- C:\Windows\System\CkURdKT.exe
  C:\Windows\System\CkURdKT.exe
  2⤵
  PID:1800
- C:\Windows\System\kGGacSY.exe
  C:\Windows\System\kGGacSY.exe
  2⤵
  PID:9752
- C:\Windows\System\nMhynyz.exe
  C:\Windows\System\nMhynyz.exe
  2⤵
  PID:9804
- C:\Windows\System\ylXLAZx.exe
  C:\Windows\System\ylXLAZx.exe
  2⤵
  PID:9868
- C:\Windows\System\oIfhsNu.exe
  C:\Windows\System\oIfhsNu.exe
  2⤵
  PID:8220
- C:\Windows\System\EpXpktc.exe
  C:\Windows\System\EpXpktc.exe
  2⤵
  PID:9912
- C:\Windows\System\wMjqLdY.exe
  C:\Windows\System\wMjqLdY.exe
  2⤵
  PID:9980
- C:\Windows\System\DCbRFNT.exe
  C:\Windows\System\DCbRFNT.exe
  2⤵
  PID:10048
- C:\Windows\System\hiCNDnx.exe
  C:\Windows\System\hiCNDnx.exe
  2⤵
  PID:9680
- C:\Windows\System\FbwlfWD.exe
  C:\Windows\System\FbwlfWD.exe
  2⤵
  PID:10184
- C:\Windows\System\ESFdXcP.exe
  C:\Windows\System\ESFdXcP.exe
  2⤵
  PID:9228
- C:\Windows\System\CtBxsoa.exe
  C:\Windows\System\CtBxsoa.exe
  2⤵
  PID:9488
- C:\Windows\System\QUlBWpN.exe
  C:\Windows\System\QUlBWpN.exe
  2⤵
  PID:9596
- C:\Windows\System\LfERjFM.exe
  C:\Windows\System\LfERjFM.exe
  2⤵
  PID:9748
- C:\Windows\System\usEHUTP.exe
  C:\Windows\System\usEHUTP.exe
  2⤵
  PID:3124
- C:\Windows\System\hCxExqd.exe
  C:\Windows\System\hCxExqd.exe
  2⤵
  PID:10124
- C:\Windows\System\ArIBMle.exe
  C:\Windows\System\ArIBMle.exe
  2⤵
  PID:4852
- C:\Windows\System\ayUzQFp.exe
  C:\Windows\System\ayUzQFp.exe
  2⤵
  PID:10036
- C:\Windows\System\bVcRlkw.exe
  C:\Windows\System\bVcRlkw.exe
  2⤵
  PID:9860
- C:\Windows\System\GIdwFZf.exe
  C:\Windows\System\GIdwFZf.exe
  2⤵
  PID:3356
- C:\Windows\System\jqwAodq.exe
  C:\Windows\System\jqwAodq.exe
  2⤵
  PID:2684
- C:\Windows\System\wEuFeXp.exe
  C:\Windows\System\wEuFeXp.exe
  2⤵
  PID:9632
- C:\Windows\System\YZGjlVd.exe
  C:\Windows\System\YZGjlVd.exe
  2⤵
  PID:1900
- C:\Windows\System\EqDRXrN.exe
  C:\Windows\System\EqDRXrN.exe
  2⤵
  PID:10252
- C:\Windows\System\hjprqWg.exe
  C:\Windows\System\hjprqWg.exe
  2⤵
  PID:10280
- C:\Windows\System\mYhEfQf.exe
  C:\Windows\System\mYhEfQf.exe
  2⤵
  PID:10308
- C:\Windows\System\ppiLkpP.exe
  C:\Windows\System\ppiLkpP.exe
  2⤵
  PID:10336
- C:\Windows\System\uQfaWDy.exe
  C:\Windows\System\uQfaWDy.exe
  2⤵
  PID:10356
- C:\Windows\System\IYlpHJt.exe
  C:\Windows\System\IYlpHJt.exe
  2⤵
  PID:10380
- C:\Windows\System\aNIUVEh.exe
  C:\Windows\System\aNIUVEh.exe
  2⤵
  PID:10424
- C:\Windows\System\VwjBzOs.exe
  C:\Windows\System\VwjBzOs.exe
  2⤵
  PID:10456
- C:\Windows\System\UXaiqJr.exe
  C:\Windows\System\UXaiqJr.exe
  2⤵
  PID:10484
- C:\Windows\System\iKKMCzu.exe
  C:\Windows\System\iKKMCzu.exe
  2⤵
  PID:10512
- C:\Windows\System\fvZGIDu.exe
  C:\Windows\System\fvZGIDu.exe
  2⤵
  PID:10564
- C:\Windows\System\QUDSaJF.exe
  C:\Windows\System\QUDSaJF.exe
  2⤵
  PID:10592
- C:\Windows\System\EjFEkde.exe
  C:\Windows\System\EjFEkde.exe
  2⤵
  PID:10620
- C:\Windows\System\ZheybtX.exe
  C:\Windows\System\ZheybtX.exe
  2⤵
  PID:10648
- C:\Windows\System\wiOdbob.exe
  C:\Windows\System\wiOdbob.exe
  2⤵
  PID:10676
- C:\Windows\System\DHsPTUe.exe
  C:\Windows\System\DHsPTUe.exe
  2⤵
  PID:10704
- C:\Windows\System\QgKjOdh.exe
  C:\Windows\System\QgKjOdh.exe
  2⤵
  PID:10732
- C:\Windows\System\PyuKetc.exe
  C:\Windows\System\PyuKetc.exe
  2⤵
  PID:10764
- C:\Windows\System\iFZbnKz.exe
  C:\Windows\System\iFZbnKz.exe
  2⤵
  PID:10800
- C:\Windows\System\WQoPDbD.exe
  C:\Windows\System\WQoPDbD.exe
  2⤵
  PID:10828
- C:\Windows\System\feETUqk.exe
  C:\Windows\System\feETUqk.exe
  2⤵
  PID:10860
- C:\Windows\System\hslSBgr.exe
  C:\Windows\System\hslSBgr.exe
  2⤵
  PID:10888
- C:\Windows\System\yBPSWWN.exe
  C:\Windows\System\yBPSWWN.exe
  2⤵
  PID:10920
- C:\Windows\System\sgaMOju.exe
  C:\Windows\System\sgaMOju.exe
  2⤵
  PID:10976
- C:\Windows\System\iTKUCRi.exe
  C:\Windows\System\iTKUCRi.exe
  2⤵
  PID:11044
- C:\Windows\System\zdzCYHV.exe
  C:\Windows\System\zdzCYHV.exe
  2⤵
  PID:11116
- C:\Windows\System\ZagzJvf.exe
  C:\Windows\System\ZagzJvf.exe
  2⤵
  PID:11140
- C:\Windows\System\qtqLrwg.exe
  C:\Windows\System\qtqLrwg.exe
  2⤵
  PID:11164
- C:\Windows\System\hSamjxu.exe
  C:\Windows\System\hSamjxu.exe
  2⤵
  PID:11212
- C:\Windows\System\sSncFxH.exe
  C:\Windows\System\sSncFxH.exe
  2⤵
  PID:11244
- C:\Windows\System\XBCqZyg.exe
  C:\Windows\System\XBCqZyg.exe
  2⤵
  PID:10272
- C:\Windows\System\FmtxZqV.exe
  C:\Windows\System\FmtxZqV.exe
  2⤵
  PID:10324
- C:\Windows\System\mQfCymA.exe
  C:\Windows\System\mQfCymA.exe
  2⤵
  PID:10416
- C:\Windows\System\OFyDsZP.exe
  C:\Windows\System\OFyDsZP.exe
  2⤵
  PID:10476
- C:\Windows\System\pQYmTFA.exe
  C:\Windows\System\pQYmTFA.exe
  2⤵
  PID:10556
- C:\Windows\System\DcHcNlU.exe
  C:\Windows\System\DcHcNlU.exe
  2⤵
  PID:10632
- C:\Windows\System\ZZGZVNR.exe
  C:\Windows\System\ZZGZVNR.exe
  2⤵
  PID:10692
- C:\Windows\System\vDqZwIQ.exe
  C:\Windows\System\vDqZwIQ.exe
  2⤵
  PID:10752
- C:\Windows\System\EdVJRHb.exe
  C:\Windows\System\EdVJRHb.exe
  2⤵
  PID:10824
- C:\Windows\System\FwQKMiB.exe
  C:\Windows\System\FwQKMiB.exe
  2⤵
  PID:10900
- C:\Windows\System\iKUaFtd.exe
  C:\Windows\System\iKUaFtd.exe
  2⤵
  PID:10968
- C:\Windows\System\DCdBVMM.exe
  C:\Windows\System\DCdBVMM.exe
  2⤵
  PID:11096
- C:\Windows\System\rUSfLbJ.exe
  C:\Windows\System\rUSfLbJ.exe
  2⤵
  PID:11188
- C:\Windows\System\hxpbwCw.exe
  C:\Windows\System\hxpbwCw.exe
  2⤵
  PID:10264
- C:\Windows\System\ActywAK.exe
  C:\Windows\System\ActywAK.exe
  2⤵
  PID:10404
- C:\Windows\System\lQQtdwb.exe
  C:\Windows\System\lQQtdwb.exe
  2⤵
  PID:10612
- C:\Windows\System\XBTMfsP.exe
  C:\Windows\System\XBTMfsP.exe
  2⤵
  PID:10744
- C:\Windows\System\PvxkMAY.exe
  C:\Windows\System\PvxkMAY.exe
  2⤵
  PID:10916
- C:\Windows\System\GBKDUjw.exe
  C:\Windows\System\GBKDUjw.exe
  2⤵
  PID:5472
- C:\Windows\System\dTeTzoe.exe
  C:\Windows\System\dTeTzoe.exe
  2⤵
  PID:10364
- C:\Windows\System\xWsaoxC.exe
  C:\Windows\System\xWsaoxC.exe
  2⤵
  PID:10820
- C:\Windows\System\FhUvbiO.exe
  C:\Windows\System\FhUvbiO.exe
  2⤵
  PID:10320
- C:\Windows\System\cOzGWWb.exe
  C:\Windows\System\cOzGWWb.exe
  2⤵
  PID:11148
- C:\Windows\System\MyXQEam.exe
  C:\Windows\System\MyXQEam.exe
  2⤵
  PID:11036
- C:\Windows\System\YQnADZR.exe
  C:\Windows\System\YQnADZR.exe
  2⤵
  PID:11292
- C:\Windows\System\HGWSAxa.exe
  C:\Windows\System\HGWSAxa.exe
  2⤵
  PID:11320
- C:\Windows\System\nudQVub.exe
  C:\Windows\System\nudQVub.exe
  2⤵
  PID:11348
- C:\Windows\System\YblmKZW.exe
  C:\Windows\System\YblmKZW.exe
  2⤵
  PID:11376
- C:\Windows\System\TdXirZn.exe
  C:\Windows\System\TdXirZn.exe
  2⤵
  PID:11404
- C:\Windows\System\DsRIpHJ.exe
  C:\Windows\System\DsRIpHJ.exe
  2⤵
  PID:11432
- C:\Windows\System\cprhIDz.exe
  C:\Windows\System\cprhIDz.exe
  2⤵
  PID:11460
- C:\Windows\System\mHrBWCf.exe
  C:\Windows\System\mHrBWCf.exe
  2⤵
  PID:11488
- C:\Windows\System\KhOdwQj.exe
  C:\Windows\System\KhOdwQj.exe
  2⤵
  PID:11516
- C:\Windows\System\VazuqWq.exe
  C:\Windows\System\VazuqWq.exe
  2⤵
  PID:11544
- C:\Windows\System\MaMzJqB.exe
  C:\Windows\System\MaMzJqB.exe
  2⤵
  PID:11580
- C:\Windows\System\UNcVjUu.exe
  C:\Windows\System\UNcVjUu.exe
  2⤵
  PID:11608
- C:\Windows\System\RHDQuSz.exe
  C:\Windows\System\RHDQuSz.exe
  2⤵
  PID:11640
- C:\Windows\System\QrOkEjm.exe
  C:\Windows\System\QrOkEjm.exe
  2⤵
  PID:11668
- C:\Windows\System\PCxfujF.exe
  C:\Windows\System\PCxfujF.exe
  2⤵
  PID:11704
- C:\Windows\System\tXwNULa.exe
  C:\Windows\System\tXwNULa.exe
  2⤵
  PID:11732
- C:\Windows\System\nETFsCF.exe
  C:\Windows\System\nETFsCF.exe
  2⤵
  PID:11760
- C:\Windows\System\VRROYPZ.exe
  C:\Windows\System\VRROYPZ.exe
  2⤵
  PID:11788
- C:\Windows\System\XjPpdZo.exe
  C:\Windows\System\XjPpdZo.exe
  2⤵
  PID:11816
- C:\Windows\System\UNgLgPW.exe
  C:\Windows\System\UNgLgPW.exe
  2⤵
  PID:11844
- C:\Windows\System\NqkdKzX.exe
  C:\Windows\System\NqkdKzX.exe
  2⤵
  PID:11872
- C:\Windows\System\ScTIHBG.exe
  C:\Windows\System\ScTIHBG.exe
  2⤵
  PID:11900
- C:\Windows\System\VoicMHj.exe
  C:\Windows\System\VoicMHj.exe
  2⤵
  PID:11928
- C:\Windows\System\wmJCkqM.exe
  C:\Windows\System\wmJCkqM.exe
  2⤵
  PID:11960
- C:\Windows\System\HfPvJJN.exe
  C:\Windows\System\HfPvJJN.exe
  2⤵
  PID:11996
- C:\Windows\System\BLFtzFR.exe
  C:\Windows\System\BLFtzFR.exe
  2⤵
  PID:12028
- C:\Windows\System\WjJbyAo.exe
  C:\Windows\System\WjJbyAo.exe
  2⤵
  PID:12068
- C:\Windows\System\qeJtqWx.exe
  C:\Windows\System\qeJtqWx.exe
  2⤵
  PID:12096
- C:\Windows\System\RQJyiGr.exe
  C:\Windows\System\RQJyiGr.exe
  2⤵
  PID:12124
- C:\Windows\System\csUxtHM.exe
  C:\Windows\System\csUxtHM.exe
  2⤵
  PID:12160
- C:\Windows\System\isbbwVc.exe
  C:\Windows\System\isbbwVc.exe
  2⤵
  PID:12184
- C:\Windows\System\haQkYue.exe
  C:\Windows\System\haQkYue.exe
  2⤵
  PID:12204
- C:\Windows\System\hxFWqxm.exe
  C:\Windows\System\hxFWqxm.exe
  2⤵
  PID:12252
- C:\Windows\System\ZVhhjFH.exe
  C:\Windows\System\ZVhhjFH.exe
  2⤵
  PID:11284
- C:\Windows\System\aBqhwDc.exe
  C:\Windows\System\aBqhwDc.exe
  2⤵
  PID:11360
- C:\Windows\System\EqxOQQA.exe
  C:\Windows\System\EqxOQQA.exe
  2⤵
  PID:11480
- C:\Windows\System\MbZmPyB.exe
  C:\Windows\System\MbZmPyB.exe
  2⤵
  PID:11600
- C:\Windows\System\ZzTDfCB.exe
  C:\Windows\System\ZzTDfCB.exe
  2⤵
  PID:8344
- C:\Windows\System\CKEUzyG.exe
  C:\Windows\System\CKEUzyG.exe
  2⤵
  PID:11664
- C:\Windows\System\dSFtiVf.exe
  C:\Windows\System\dSFtiVf.exe
  2⤵
  PID:11720
- C:\Windows\System\OErphBw.exe
  C:\Windows\System\OErphBw.exe
  2⤵
  PID:8512
- C:\Windows\System\QEkdJWN.exe
  C:\Windows\System\QEkdJWN.exe
  2⤵
  PID:11772
- C:\Windows\System\WwIvWjO.exe
  C:\Windows\System\WwIvWjO.exe
  2⤵
  PID:5092
- C:\Windows\System\zdsXiHV.exe
  C:\Windows\System\zdsXiHV.exe
  2⤵
  PID:11868
- C:\Windows\System\AZbEjka.exe
  C:\Windows\System\AZbEjka.exe
  2⤵
  PID:11940
- C:\Windows\System\rHJkvtN.exe
  C:\Windows\System\rHJkvtN.exe
  2⤵
  PID:1200
- C:\Windows\System\AIuSbxz.exe
  C:\Windows\System\AIuSbxz.exe
  2⤵
  PID:460
- C:\Windows\System\QSqjyLu.exe
  C:\Windows\System\QSqjyLu.exe
  2⤵
  PID:324
- C:\Windows\System\ADsfnyg.exe
  C:\Windows\System\ADsfnyg.exe
  2⤵
  PID:12048
- C:\Windows\System\NdWhXgL.exe
  C:\Windows\System\NdWhXgL.exe
  2⤵
  PID:12112
- C:\Windows\System\CjMOSQF.exe
  C:\Windows\System\CjMOSQF.exe
  2⤵
  PID:12036
- C:\Windows\System\KiBsZVv.exe
  C:\Windows\System\KiBsZVv.exe
  2⤵
  PID:12196
- C:\Windows\System\jxDicOF.exe
  C:\Windows\System\jxDicOF.exe
  2⤵
  PID:12276
- C:\Windows\System\yQRyEFu.exe
  C:\Windows\System\yQRyEFu.exe
  2⤵
  PID:11092
- C:\Windows\System\TMBUsSs.exe
  C:\Windows\System\TMBUsSs.exe
  2⤵
  PID:12264
- C:\Windows\System\WPKhEsm.exe
  C:\Windows\System\WPKhEsm.exe
  2⤵
  PID:6252
- C:\Windows\System\DXqifng.exe
  C:\Windows\System\DXqifng.exe
  2⤵
  PID:6372
- C:\Windows\System\jVdvTcD.exe
  C:\Windows\System\jVdvTcD.exe
  2⤵
  PID:6436
- C:\Windows\System\skKVxvx.exe
  C:\Windows\System\skKVxvx.exe
  2⤵
  PID:6576
- C:\Windows\System\fWpIfhD.exe
  C:\Windows\System\fWpIfhD.exe
  2⤵
  PID:6636
- C:\Windows\System\UtQcbCx.exe
  C:\Windows\System\UtQcbCx.exe
  2⤵
  PID:3640
- C:\Windows\System\AKtgrrp.exe
  C:\Windows\System\AKtgrrp.exe
  2⤵
  PID:1148
- C:\Windows\System\sokVQfw.exe
  C:\Windows\System\sokVQfw.exe
  2⤵
  PID:4092
- C:\Windows\System\cQfIQIq.exe
  C:\Windows\System\cQfIQIq.exe
  2⤵
  PID:11476
- C:\Windows\System\mygRzoH.exe
  C:\Windows\System\mygRzoH.exe
  2⤵
  PID:6840
- C:\Windows\System\JHmNmAQ.exe
  C:\Windows\System\JHmNmAQ.exe
  2⤵
  PID:8484
- C:\Windows\System\BZjNznN.exe
  C:\Windows\System\BZjNznN.exe
  2⤵
  PID:11536
- C:\Windows\System\DVYFExj.exe
  C:\Windows\System\DVYFExj.exe
  2⤵
  PID:2204
- C:\Windows\System\UMqpRuc.exe
  C:\Windows\System\UMqpRuc.exe
  2⤵
  PID:6916
- C:\Windows\System\YdaVpJO.exe
  C:\Windows\System\YdaVpJO.exe
  2⤵
  PID:6988
- C:\Windows\System\csIAfck.exe
  C:\Windows\System\csIAfck.exe
  2⤵
  PID:7020
- C:\Windows\System\dVfGNhw.exe
  C:\Windows\System\dVfGNhw.exe
  2⤵
  PID:7148
- C:\Windows\System\ylhHmVl.exe
  C:\Windows\System\ylhHmVl.exe
  2⤵
  PID:6212
- C:\Windows\System\belKWFu.exe
  C:\Windows\System\belKWFu.exe
  2⤵
  PID:6464
- C:\Windows\System\veRCpMu.exe
  C:\Windows\System\veRCpMu.exe
  2⤵
  PID:7004
- C:\Windows\System\wUuCwVI.exe
  C:\Windows\System\wUuCwVI.exe
  2⤵
  PID:4500
- C:\Windows\System\jITgfOP.exe
  C:\Windows\System\jITgfOP.exe
  2⤵
  PID:4968
- C:\Windows\System\IHaYgQh.exe
  C:\Windows\System\IHaYgQh.exe
  2⤵
  PID:6320
- C:\Windows\System\vyVwSRZ.exe
  C:\Windows\System\vyVwSRZ.exe
  2⤵
  PID:1420
- C:\Windows\System\yRFBjfa.exe
  C:\Windows\System\yRFBjfa.exe
  2⤵
  PID:2652
- C:\Windows\System\WdOEPFS.exe
  C:\Windows\System\WdOEPFS.exe
  2⤵
  PID:3904
- C:\Windows\System\CZnvIph.exe
  C:\Windows\System\CZnvIph.exe
  2⤵
  PID:1864
- C:\Windows\System\piVZljc.exe
  C:\Windows\System\piVZljc.exe
  2⤵
  PID:4384
- C:\Windows\System\JRCRGmA.exe
  C:\Windows\System\JRCRGmA.exe
  2⤵
  PID:2960
- C:\Windows\System\GZcDmFq.exe
  C:\Windows\System\GZcDmFq.exe
  2⤵
  PID:3676
- C:\Windows\System\eGWxovZ.exe
  C:\Windows\System\eGWxovZ.exe
  2⤵
  PID:2880
- C:\Windows\System\bfGfMNa.exe
  C:\Windows\System\bfGfMNa.exe
  2⤵
  PID:2792
- C:\Windows\System\njReapr.exe
  C:\Windows\System\njReapr.exe
  2⤵
  PID:6740
- C:\Windows\System\tGwUjmc.exe
  C:\Windows\System\tGwUjmc.exe
  2⤵
  PID:2044
- C:\Windows\System\eUDsCss.exe
  C:\Windows\System\eUDsCss.exe
  2⤵
  PID:2648
- C:\Windows\System\RmWIAxi.exe
  C:\Windows\System\RmWIAxi.exe
  2⤵
  PID:1516
- C:\Windows\System\Uccsuyb.exe
  C:\Windows\System\Uccsuyb.exe
  2⤵
  PID:11920
- C:\Windows\System\xbxSGUD.exe
  C:\Windows\System\xbxSGUD.exe
  2⤵
  PID:1608
- C:\Windows\System\QOPxzOG.exe
  C:\Windows\System\QOPxzOG.exe
  2⤵
  PID:2732
- C:\Windows\System\fDymfvQ.exe
  C:\Windows\System\fDymfvQ.exe
  2⤵
  PID:12084
- C:\Windows\System\NjEuEpU.exe
  C:\Windows\System\NjEuEpU.exe
  2⤵
  PID:2240
- C:\Windows\System\XqLlitR.exe
  C:\Windows\System\XqLlitR.exe
  2⤵
  PID:12240
- C:\Windows\System\nTRKOdf.exe
  C:\Windows\System\nTRKOdf.exe
  2⤵
  PID:11396
- C:\Windows\System\SGOuBjl.exe
  C:\Windows\System\SGOuBjl.exe
  2⤵
  PID:5152
- C:\Windows\System\IYCUYin.exe
  C:\Windows\System\IYCUYin.exe
  2⤵
  PID:6352
- C:\Windows\System\XwTqgiB.exe
  C:\Windows\System\XwTqgiB.exe
  2⤵
  PID:5200
- C:\Windows\System\BLadikf.exe
  C:\Windows\System\BLadikf.exe
  2⤵
  PID:6652
- C:\Windows\System\tbdxSnU.exe
  C:\Windows\System\tbdxSnU.exe
  2⤵
  PID:5264
- C:\Windows\System\qFDnxez.exe
  C:\Windows\System\qFDnxez.exe
  2⤵
  PID:5284
- C:\Windows\System\mwXWVXp.exe
  C:\Windows\System\mwXWVXp.exe
  2⤵
  PID:6820
- C:\Windows\System\YHRlUvY.exe
  C:\Windows\System\YHRlUvY.exe
  2⤵
  PID:8900
- C:\Windows\System\FouEnVE.exe
  C:\Windows\System\FouEnVE.exe
  2⤵
  PID:5368
- C:\Windows\System\vrBZDMo.exe
  C:\Windows\System\vrBZDMo.exe
  2⤵
  PID:4064
- C:\Windows\System\LLXWVhP.exe
  C:\Windows\System\LLXWVhP.exe
  2⤵
  PID:7076
- C:\Windows\System\YIFvykb.exe
  C:\Windows\System\YIFvykb.exe
  2⤵
  PID:6152
- C:\Windows\System\oFgRhyl.exe
  C:\Windows\System\oFgRhyl.exe
  2⤵
  PID:6872
- C:\Windows\System\REbBzHs.exe
  C:\Windows\System\REbBzHs.exe
  2⤵
  PID:8452
- C:\Windows\System\yymoewR.exe
  C:\Windows\System\yymoewR.exe
  2⤵
  PID:4564
- C:\Windows\System\OtBRHLB.exe
  C:\Windows\System\OtBRHLB.exe
  2⤵
  PID:6948
- C:\Windows\System\HsBzxcN.exe
  C:\Windows\System\HsBzxcN.exe
  2⤵
  PID:2612
- C:\Windows\System\gTntBmb.exe
  C:\Windows\System\gTntBmb.exe
  2⤵
  PID:3768
- C:\Windows\System\SVKdbaY.exe
  C:\Windows\System\SVKdbaY.exe
  2⤵
  PID:1788
- C:\Windows\System\xFfcJwa.exe
  C:\Windows\System\xFfcJwa.exe
  2⤵
  PID:4748
- C:\Windows\System\xRYIIYH.exe
  C:\Windows\System\xRYIIYH.exe
  2⤵
  PID:5776
- C:\Windows\System\aCkahdx.exe
  C:\Windows\System\aCkahdx.exe
  2⤵
  PID:5796
- C:\Windows\System\paIiXFx.exe
  C:\Windows\System\paIiXFx.exe
  2⤵
  PID:5816
- C:\Windows\System\LXyqMyp.exe
  C:\Windows\System\LXyqMyp.exe
  2⤵
  PID:5844
- C:\Windows\System\HqjEAds.exe
  C:\Windows\System\HqjEAds.exe
  2⤵
  PID:116
- C:\Windows\System\snLAAOR.exe
  C:\Windows\System\snLAAOR.exe
  2⤵
  PID:12012
- C:\Windows\System\NPdKBsC.exe
  C:\Windows\System\NPdKBsC.exe
  2⤵
  PID:5928
- C:\Windows\System\RwiULMa.exe
  C:\Windows\System\RwiULMa.exe
  2⤵
  PID:5956
- C:\Windows\System\OokcurI.exe
  C:\Windows\System\OokcurI.exe
  2⤵
  PID:5984
- C:\Windows\System\JJDBeoG.exe
  C:\Windows\System\JJDBeoG.exe
  2⤵
  PID:6032
- C:\Windows\System\ziFNnjW.exe
  C:\Windows\System\ziFNnjW.exe
  2⤵
  PID:6728
- C:\Windows\System\uAiwqta.exe
  C:\Windows\System\uAiwqta.exe
  2⤵
  PID:6096
- C:\Windows\System\gEmDXht.exe
  C:\Windows\System\gEmDXht.exe
  2⤵
  PID:5340
- C:\Windows\System\soDLeMZ.exe
  C:\Windows\System\soDLeMZ.exe
  2⤵
  PID:648
- C:\Windows\System\ubXiZBg.exe
  C:\Windows\System\ubXiZBg.exe
  2⤵
  PID:7164
- C:\Windows\System\kkJlYSp.exe
  C:\Windows\System\kkJlYSp.exe
  2⤵
  PID:5128
- C:\Windows\System\ictymMP.exe
  C:\Windows\System\ictymMP.exe
  2⤵
  PID:5576
- C:\Windows\System\odUsbxT.exe
  C:\Windows\System\odUsbxT.exe
  2⤵
  PID:5620
- C:\Windows\System\spyQgld.exe
  C:\Windows\System\spyQgld.exe
  2⤵
  PID:3060
- C:\Windows\System\Jewrwdl.exe
  C:\Windows\System\Jewrwdl.exe
  2⤵
  PID:5684
- C:\Windows\System\TpDVsnt.exe
  C:\Windows\System\TpDVsnt.exe
  2⤵
  PID:5732
- C:\Windows\System\vlemWHI.exe
  C:\Windows\System\vlemWHI.exe
  2⤵
  PID:4932
- C:\Windows\System\zZgMykC.exe
  C:\Windows\System\zZgMykC.exe
  2⤵
  PID:5664
- C:\Windows\System\jpwKsdq.exe
  C:\Windows\System\jpwKsdq.exe
  2⤵
  PID:5716
- C:\Windows\System\EkVmOUL.exe
  C:\Windows\System\EkVmOUL.exe
  2⤵
  PID:5900
- C:\Windows\System\ITyBpcR.exe
  C:\Windows\System\ITyBpcR.exe
  2⤵
  PID:11344
- C:\Windows\System\oLLCtvB.exe
  C:\Windows\System\oLLCtvB.exe
  2⤵
  PID:6024
- C:\Windows\System\ChXtiWE.exe
  C:\Windows\System\ChXtiWE.exe
  2⤵
  PID:7256
- C:\Windows\System\vdsyLOU.exe
  C:\Windows\System\vdsyLOU.exe
  2⤵
  PID:6860
- C:\Windows\System\vomyoRy.exe
  C:\Windows\System\vomyoRy.exe
  2⤵
  PID:7940
- C:\Windows\System\vvlHkUN.exe
  C:\Windows\System\vvlHkUN.exe
  2⤵
  PID:7104
- C:\Windows\System\Ytwhheh.exe
  C:\Windows\System\Ytwhheh.exe
  2⤵
  PID:2952
- C:\Windows\System\czZwMDp.exe
  C:\Windows\System\czZwMDp.exe
  2⤵
  PID:1092
- C:\Windows\System\poHLOxh.exe
  C:\Windows\System\poHLOxh.exe
  2⤵
  PID:672
- C:\Windows\System\AekMRyo.exe
  C:\Windows\System\AekMRyo.exe
  2⤵
  PID:5888
- C:\Windows\System\gMOwWdy.exe
  C:\Windows\System\gMOwWdy.exe
  2⤵
  PID:6056
- C:\Windows\System\LITSQfz.exe
  C:\Windows\System\LITSQfz.exe
  2⤵
  PID:5212
- C:\Windows\System\LvtZrza.exe
  C:\Windows\System\LvtZrza.exe
  2⤵
  PID:5792
- C:\Windows\System\ehTDsHu.exe
  C:\Windows\System\ehTDsHu.exe
  2⤵
  PID:5992
- C:\Windows\System\eBFxCNh.exe
  C:\Windows\System\eBFxCNh.exe
  2⤵
  PID:5228
- C:\Windows\System\uInfUCm.exe
  C:\Windows\System\uInfUCm.exe
  2⤵
  PID:6224
- C:\Windows\System\KUAdDmx.exe
  C:\Windows\System\KUAdDmx.exe
  2⤵
  PID:6344
- C:\Windows\System\HkbTBMF.exe
  C:\Windows\System\HkbTBMF.exe
  2⤵
  PID:5612
- C:\Windows\System\QLmkHPp.exe
  C:\Windows\System\QLmkHPp.exe
  2⤵
  PID:5940
- C:\Windows\System\vHQMIVp.exe
  C:\Windows\System\vHQMIVp.exe
  2⤵
  PID:5400
- C:\Windows\System\KUmxgCM.exe
  C:\Windows\System\KUmxgCM.exe
  2⤵
  PID:6468
- C:\Windows\System\bFHjnfE.exe
  C:\Windows\System\bFHjnfE.exe
  2⤵
  PID:7996
- C:\Windows\System\MJBTyxO.exe
  C:\Windows\System\MJBTyxO.exe
  2⤵
  PID:7692
- C:\Windows\System\umAAVAL.exe
  C:\Windows\System\umAAVAL.exe
  2⤵
  PID:6168
- C:\Windows\System\DfvNZdL.exe
  C:\Windows\System\DfvNZdL.exe
  2⤵
  PID:4844
- C:\Windows\System\dZTqlxE.exe
  C:\Windows\System\dZTqlxE.exe
  2⤵
  PID:12296
- C:\Windows\System\YpWqxWz.exe
  C:\Windows\System\YpWqxWz.exe
  2⤵
  PID:12324
- C:\Windows\System\hnpCDll.exe
  C:\Windows\System\hnpCDll.exe
  2⤵
  PID:12352
- C:\Windows\System\RjZtsJE.exe
  C:\Windows\System\RjZtsJE.exe
  2⤵
  PID:12380
- C:\Windows\System\aYYBRcA.exe
  C:\Windows\System\aYYBRcA.exe
  2⤵
  PID:12408
- C:\Windows\System\gSxRQCn.exe
  C:\Windows\System\gSxRQCn.exe
  2⤵
  PID:12444
- C:\Windows\System\rXlrPuF.exe
  C:\Windows\System\rXlrPuF.exe
  2⤵
  PID:12464
- C:\Windows\System\GqJwVud.exe
  C:\Windows\System\GqJwVud.exe
  2⤵
  PID:12492
- C:\Windows\System\THzTtyp.exe
  C:\Windows\System\THzTtyp.exe
  2⤵
  PID:12528
- C:\Windows\System\rMeRikN.exe
  C:\Windows\System\rMeRikN.exe
  2⤵
  PID:12548
- C:\Windows\System\LxrQHyw.exe
  C:\Windows\System\LxrQHyw.exe
  2⤵
  PID:12576
- C:\Windows\System\PnFEFbt.exe
  C:\Windows\System\PnFEFbt.exe
  2⤵
  PID:12604
- C:\Windows\System\hSJBVkS.exe
  C:\Windows\System\hSJBVkS.exe
  2⤵
  PID:12632
- C:\Windows\System\HChtCeC.exe
  C:\Windows\System\HChtCeC.exe
  2⤵
  PID:12664
- C:\Windows\System\MRzHwJs.exe
  C:\Windows\System\MRzHwJs.exe
  2⤵
  PID:12696
- C:\Windows\System\LNdztIT.exe
  C:\Windows\System\LNdztIT.exe
  2⤵
  PID:12716
- C:\Windows\System\irONrPD.exe
  C:\Windows\System\irONrPD.exe
  2⤵
  PID:12744
- C:\Windows\System\PJoebJS.exe
  C:\Windows\System\PJoebJS.exe
  2⤵
  PID:12772
- C:\Windows\System\qwxctwP.exe
  C:\Windows\System\qwxctwP.exe
  2⤵
  PID:12800
- C:\Windows\System\KlIygah.exe
  C:\Windows\System\KlIygah.exe
  2⤵
  PID:12832
- C:\Windows\System\txQRkUi.exe
  C:\Windows\System\txQRkUi.exe
  2⤵
  PID:12860
- C:\Windows\System\MsdfDQo.exe
  C:\Windows\System\MsdfDQo.exe
  2⤵
  PID:12888
- C:\Windows\System\PencIDQ.exe
  C:\Windows\System\PencIDQ.exe
  2⤵
  PID:12916
- C:\Windows\System\FZAqtew.exe
  C:\Windows\System\FZAqtew.exe
  2⤵
  PID:12944
- C:\Windows\System\GYlYKaK.exe
  C:\Windows\System\GYlYKaK.exe
  2⤵
  PID:12972
- C:\Windows\System\oBMFlzq.exe
  C:\Windows\System\oBMFlzq.exe
  2⤵
  PID:13000
- C:\Windows\System\SfixNiR.exe
  C:\Windows\System\SfixNiR.exe
  2⤵
  PID:13028
- C:\Windows\System\vckvceF.exe
  C:\Windows\System\vckvceF.exe
  2⤵
  PID:13060
- C:\Windows\System\Xhxujxf.exe
  C:\Windows\System\Xhxujxf.exe
  2⤵
  PID:13084
- C:\Windows\System\lJXLxYs.exe
  C:\Windows\System\lJXLxYs.exe
  2⤵
  PID:13112
- C:\Windows\System\utYmqNi.exe
  C:\Windows\System\utYmqNi.exe
  2⤵
  PID:13144
- C:\Windows\System\vuLSTaC.exe
  C:\Windows\System\vuLSTaC.exe
  2⤵
  PID:13168
- C:\Windows\System\ogDnKVe.exe
  C:\Windows\System\ogDnKVe.exe
  2⤵
  PID:13200
- C:\Windows\System\zSMIoPb.exe
  C:\Windows\System\zSMIoPb.exe
  2⤵
  PID:13224
- C:\Windows\System\DoXZEoz.exe
  C:\Windows\System\DoXZEoz.exe
  2⤵
  PID:13264
- C:\Windows\System\oAKAzrt.exe
  C:\Windows\System\oAKAzrt.exe
  2⤵
  PID:13288
- C:\Windows\System\WWdFjMZ.exe
  C:\Windows\System\WWdFjMZ.exe
  2⤵
  PID:13308
- C:\Windows\System\QMqPQdA.exe
  C:\Windows\System\QMqPQdA.exe
  2⤵
  PID:12364
- C:\Windows\System\QvgceSN.exe
  C:\Windows\System\QvgceSN.exe
  2⤵
  PID:12420
- C:\Windows\System\JsprkbX.exe
  C:\Windows\System\JsprkbX.exe
  2⤵
  PID:6772
- C:\Windows\System\PDUjoox.exe
  C:\Windows\System\PDUjoox.exe
  2⤵
  PID:6784
- C:\Windows\System\vkAQqXu.exe
  C:\Windows\System\vkAQqXu.exe
  2⤵
  PID:12540
- C:\Windows\System\ykgvEGi.exe
  C:\Windows\System\ykgvEGi.exe
  2⤵
  PID:12588
- C:\Windows\System\jopJisq.exe
  C:\Windows\System\jopJisq.exe
  2⤵
  PID:12684
- C:\Windows\System\pZDThhj.exe
  C:\Windows\System\pZDThhj.exe
  2⤵
  PID:12712
- C:\Windows\System\haNzmwW.exe
  C:\Windows\System\haNzmwW.exe
  2⤵
  PID:6896
- C:\Windows\System\DlPwhEu.exe
  C:\Windows\System\DlPwhEu.exe
  2⤵
  PID:12820
- C:\Windows\System\dshBZrv.exe
  C:\Windows\System\dshBZrv.exe
  2⤵
  PID:12884
- C:\Windows\System\KACCPel.exe
  C:\Windows\System\KACCPel.exe
  2⤵
  PID:12956
- C:\Windows\System\KkekgrS.exe
  C:\Windows\System\KkekgrS.exe
  2⤵
  PID:13020
- C:\Windows\System\OuaMKTf.exe
  C:\Windows\System\OuaMKTf.exe
  2⤵
  PID:13080
- C:\Windows\System\FEukXCe.exe
  C:\Windows\System\FEukXCe.exe
  2⤵
  PID:13152
- C:\Windows\System\KrqMtok.exe
  C:\Windows\System\KrqMtok.exe
  2⤵
  PID:13216
- C:\Windows\System\baaSwPF.exe
  C:\Windows\System\baaSwPF.exe
  2⤵
  PID:13272
- C:\Windows\System\HzUXsIt.exe
  C:\Windows\System\HzUXsIt.exe
  2⤵
  PID:12400
- C:\Windows\System\WdmYIgZ.exe
  C:\Windows\System\WdmYIgZ.exe
  2⤵
  PID:12476
- C:\Windows\System\hJGTlGi.exe
  C:\Windows\System\hJGTlGi.exe
  2⤵
  PID:4284
- C:\Windows\System\OosDPaD.exe
  C:\Windows\System\OosDPaD.exe
  2⤵
  PID:1924
- C:\Windows\System\jgKCNIs.exe
  C:\Windows\System\jgKCNIs.exe
  2⤵
  PID:12848
- C:\Windows\System\KdJtZXK.exe
  C:\Windows\System\KdJtZXK.exe
  2⤵
  PID:12936
- C:\Windows\System\upPMEjj.exe
  C:\Windows\System\upPMEjj.exe
  2⤵
  PID:13132
- C:\Windows\System\tUvWvqu.exe
  C:\Windows\System\tUvWvqu.exe
  2⤵
  PID:2624
- C:\Windows\System\aenpdAD.exe
  C:\Windows\System\aenpdAD.exe
  2⤵
  PID:12856
- C:\Windows\System\wpcIEpl.exe
  C:\Windows\System\wpcIEpl.exe
  2⤵
  PID:12376
- C:\Windows\System\WVhdCHr.exe
  C:\Windows\System\WVhdCHr.exe
  2⤵
  PID:6800
- C:\Windows\System\EqBAUHQ.exe
  C:\Windows\System\EqBAUHQ.exe
  2⤵
  PID:12616
- C:\Windows\System\FCJsgvE.exe
  C:\Windows\System\FCJsgvE.exe
  2⤵
  PID:3304
- C:\Windows\System\tsBtqGG.exe
  C:\Windows\System\tsBtqGG.exe
  2⤵
  PID:8196
- C:\Windows\System\dBDdrEo.exe
  C:\Windows\System\dBDdrEo.exe
  2⤵
  PID:12996
- C:\Windows\System\mXwdmtz.exe
  C:\Windows\System\mXwdmtz.exe
  2⤵
  PID:6596
- C:\Windows\System\gzGMxeC.exe
  C:\Windows\System\gzGMxeC.exe
  2⤵
  PID:8320
- C:\Windows\System\ofdoilV.exe
  C:\Windows\System\ofdoilV.exe
  2⤵
  PID:8396
- C:\Windows\System\VWzRUXx.exe
  C:\Windows\System\VWzRUXx.exe
  2⤵
  PID:6940
- C:\Windows\System\jgHmTXF.exe
  C:\Windows\System\jgHmTXF.exe
  2⤵
  PID:1248
- C:\Windows\System\semVzOq.exe
  C:\Windows\System\semVzOq.exe
  2⤵
  PID:12796
- C:\Windows\System\NDeTOjv.exe
  C:\Windows\System\NDeTOjv.exe
  2⤵
  PID:8584
- C:\Windows\System\xyyBhcj.exe
  C:\Windows\System\xyyBhcj.exe
  2⤵
  PID:6428
- C:\Windows\System\SidlbMn.exe
  C:\Windows\System\SidlbMn.exe
  2⤵
  PID:6296
- C:\Windows\System\mWlUBGh.exe
  C:\Windows\System\mWlUBGh.exe
  2⤵
  PID:7180
- C:\Windows\System\tXmtypU.exe
  C:\Windows\System\tXmtypU.exe
  2⤵
  PID:12308
- C:\Windows\System\IKKiEZP.exe
  C:\Windows\System\IKKiEZP.exe
  2⤵
  PID:7024
- C:\Windows\System\jzvzRyu.exe
  C:\Windows\System\jzvzRyu.exe
  2⤵
  PID:8524
- C:\Windows\System\pyxRsRQ.exe
  C:\Windows\System\pyxRsRQ.exe
  2⤵
  PID:5748
- C:\Windows\System\XlkjdBW.exe
  C:\Windows\System\XlkjdBW.exe
  2⤵
  PID:8616
- C:\Windows\System\dDnpWCO.exe
  C:\Windows\System\dDnpWCO.exe
  2⤵
  PID:7312
- C:\Windows\System\BmYYcFj.exe
  C:\Windows\System\BmYYcFj.exe
  2⤵
  PID:8692
- C:\Windows\System\pmKAGLN.exe
  C:\Windows\System\pmKAGLN.exe
  2⤵
  PID:4636
- C:\Windows\System\pyngcBm.exe
  C:\Windows\System\pyngcBm.exe
  2⤵
  PID:8772
- C:\Windows\System\vLsiLMw.exe
  C:\Windows\System\vLsiLMw.exe
  2⤵
  PID:8840
- C:\Windows\System\qpvaNba.exe
  C:\Windows\System\qpvaNba.exe
  2⤵
  PID:6348
- C:\Windows\System\BysExjA.exe
  C:\Windows\System\BysExjA.exe
  2⤵
  PID:8956
- C:\Windows\System\IylebVZ.exe
  C:\Windows\System\IylebVZ.exe
  2⤵
  PID:9004
- C:\Windows\System\NvwkXXh.exe
  C:\Windows\System\NvwkXXh.exe
  2⤵
  PID:9040
- C:\Windows\System\drxEtlR.exe
  C:\Windows\System\drxEtlR.exe
  2⤵
  PID:7404
- C:\Windows\System\UxLFJVH.exe
  C:\Windows\System\UxLFJVH.exe
  2⤵
  PID:3548
- C:\Windows\System\WOCyldc.exe
  C:\Windows\System\WOCyldc.exe
  2⤵
  PID:7572
- C:\Windows\System\KYQtEEg.exe
  C:\Windows\System\KYQtEEg.exe
  2⤵
  PID:7480
- C:\Windows\System\VWlOGWI.exe
  C:\Windows\System\VWlOGWI.exe
  2⤵
  PID:7508
- C:\Windows\System\jzDCzaV.exe
  C:\Windows\System\jzDCzaV.exe
  2⤵
  PID:7656
- C:\Windows\System\rQBQRgT.exe
  C:\Windows\System\rQBQRgT.exe
  2⤵
  PID:8728
- C:\Windows\System\JzQTiFy.exe
  C:\Windows\System\JzQTiFy.exe
  2⤵
  PID:7592
- C:\Windows\System\GFCzRtw.exe
  C:\Windows\System\GFCzRtw.exe
  2⤵
  PID:7712
- C:\Windows\System\CESYiLZ.exe
  C:\Windows\System\CESYiLZ.exe
  2⤵
  PID:3908
- C:\Windows\System\GSBNCcJ.exe
  C:\Windows\System\GSBNCcJ.exe
  2⤵
  PID:7776
- C:\Windows\System\FMsWUCV.exe
  C:\Windows\System\FMsWUCV.exe
  2⤵
  PID:7816
- C:\Windows\System\QvSzsDP.exe
  C:\Windows\System\QvSzsDP.exe
  2⤵
  PID:7844
- C:\Windows\System\JWuFzZE.exe
  C:\Windows\System\JWuFzZE.exe
  2⤵
  PID:7732
- C:\Windows\System\elEGkuv.exe
  C:\Windows\System\elEGkuv.exe
  2⤵
  PID:8856
- C:\Windows\System\azGrAYk.exe
  C:\Windows\System\azGrAYk.exe
  2⤵
  PID:9056
- C:\Windows\System\PYlfvaM.exe
  C:\Windows\System\PYlfvaM.exe
  2⤵
  PID:9224
- C:\Windows\System\oZYzNJg.exe
  C:\Windows\System\oZYzNJg.exe
  2⤵
  PID:7992
- C:\Windows\System\AkpbFTj.exe
  C:\Windows\System\AkpbFTj.exe
  2⤵
  PID:8068
- C:\Windows\System\JcUyVdf.exe
  C:\Windows\System\JcUyVdf.exe
  2⤵
  PID:8096
- C:\Windows\System\gTIdRPS.exe
  C:\Windows\System\gTIdRPS.exe
  2⤵
  PID:8676
- C:\Windows\System\BICfKpi.exe
  C:\Windows\System\BICfKpi.exe
  2⤵
  PID:7964
- C:\Windows\System\onKbIWj.exe
  C:\Windows\System\onKbIWj.exe
  2⤵
  PID:9024
- C:\Windows\System\OwjCDLl.exe
  C:\Windows\System\OwjCDLl.exe
  2⤵
  PID:6828
- C:\Windows\System\dAnLCdT.exe
  C:\Windows\System\dAnLCdT.exe
  2⤵
  PID:7620
- C:\Windows\System\XHsesxJ.exe
  C:\Windows\System\XHsesxJ.exe
  2⤵
  PID:9516
- C:\Windows\System\KxWQToM.exe
  C:\Windows\System\KxWQToM.exe
  2⤵
  PID:7296
- C:\Windows\System\lDhiiMw.exe
  C:\Windows\System\lDhiiMw.exe
  2⤵
  PID:7900
- C:\Windows\System\MQYeUfs.exe
  C:\Windows\System\MQYeUfs.exe
  2⤵
  PID:7384
- C:\Windows\System\QkOxpsP.exe
  C:\Windows\System\QkOxpsP.exe
  2⤵
  PID:7436
- C:\Windows\System\IgkzVbB.exe
  C:\Windows\System\IgkzVbB.exe
  2⤵
  PID:9536
- C:\Windows\System\yQlevwF.exe
  C:\Windows\System\yQlevwF.exe
  2⤵
  PID:8160
- C:\Windows\System\PtUxzLQ.exe
  C:\Windows\System\PtUxzLQ.exe
  2⤵
  PID:3216
- C:\Windows\System\DhhOQIx.exe
  C:\Windows\System\DhhOQIx.exe
  2⤵
  PID:9712
- C:\Windows\System\dHePyzW.exe
  C:\Windows\System\dHePyzW.exe
  2⤵
  PID:7720
- C:\Windows\System\CSXTqwX.exe
  C:\Windows\System\CSXTqwX.exe
  2⤵
  PID:9572
- C:\Windows\System\scFaJJZ.exe
  C:\Windows\System\scFaJJZ.exe
  2⤵
  PID:7912
- C:\Windows\System\FcaToGn.exe
  C:\Windows\System\FcaToGn.exe
  2⤵
  PID:7968
- C:\Windows\System\jvnekuU.exe
  C:\Windows\System\jvnekuU.exe
  2⤵
  PID:9908
- C:\Windows\System\dZGtvqv.exe
  C:\Windows\System\dZGtvqv.exe
  2⤵
  PID:9948
- C:\Windows\System\ScbgxHJ.exe
  C:\Windows\System\ScbgxHJ.exe
  2⤵
  PID:9880
- C:\Windows\System\ftOfoas.exe
  C:\Windows\System\ftOfoas.exe
  2⤵
  PID:8056
- C:\Windows\System\xwNkkTg.exe
  C:\Windows\System\xwNkkTg.exe
  2⤵
  PID:13320
- C:\Windows\System\aWaFvEm.exe
  C:\Windows\System\aWaFvEm.exe
  2⤵
  PID:13360
- C:\Windows\System\QDazajI.exe
  C:\Windows\System\QDazajI.exe
  2⤵
  PID:13380
- C:\Windows\System\FqWbYbD.exe
  C:\Windows\System\FqWbYbD.exe
  2⤵
  PID:13408
- C:\Windows\System\IqaoyrO.exe
  C:\Windows\System\IqaoyrO.exe
  2⤵
  PID:13444
- C:\Windows\System\stIuqxE.exe
  C:\Windows\System\stIuqxE.exe
  2⤵
  PID:13464
- C:\Windows\System\LbJbpGm.exe
  C:\Windows\System\LbJbpGm.exe
  2⤵
  PID:13492
- C:\Windows\System\uoKQmzE.exe
  C:\Windows\System\uoKQmzE.exe
  2⤵
  PID:13520
- C:\Windows\System\aUEQqIw.exe
  C:\Windows\System\aUEQqIw.exe
  2⤵
  PID:13552
- C:\Windows\System\tOSisyM.exe
  C:\Windows\System\tOSisyM.exe
  2⤵
  PID:13576
- C:\Windows\System\bUnAFZm.exe
  C:\Windows\System\bUnAFZm.exe
  2⤵
  PID:13604
- C:\Windows\System\cjJWlER.exe
  C:\Windows\System\cjJWlER.exe
  2⤵
  PID:13632
- C:\Windows\System\ZuzjOIv.exe
  C:\Windows\System\ZuzjOIv.exe
  2⤵
  PID:13664
- C:\Windows\System\tgsZaNs.exe
  C:\Windows\System\tgsZaNs.exe
  2⤵
  PID:13692
- C:\Windows\System\ZNOLMsr.exe
  C:\Windows\System\ZNOLMsr.exe
  2⤵
  PID:13720
- C:\Windows\System\JDbyduL.exe
  C:\Windows\System\JDbyduL.exe
  2⤵
  PID:13752
- C:\Windows\System\yGfywyb.exe
  C:\Windows\System\yGfywyb.exe
  2⤵
  PID:13776
- C:\Windows\System\zEmWXyW.exe
  C:\Windows\System\zEmWXyW.exe
  2⤵
  PID:13804
- C:\Windows\System\wpXrshM.exe
  C:\Windows\System\wpXrshM.exe
  2⤵
  PID:13840
- C:\Windows\System\MwqbobO.exe
  C:\Windows\System\MwqbobO.exe
  2⤵
  PID:13860
- C:\Windows\System\TmBQlDn.exe
  C:\Windows\System\TmBQlDn.exe
  2⤵
  PID:13888
- C:\Windows\System\uIIadTK.exe
  C:\Windows\System\uIIadTK.exe
  2⤵
  PID:13920
- C:\Windows\System\jOhYFVf.exe
  C:\Windows\System\jOhYFVf.exe
  2⤵
  PID:13944
- C:\Windows\System\NWMrdQV.exe
  C:\Windows\System\NWMrdQV.exe
  2⤵
  PID:13972
- C:\Windows\System\ddXVWWR.exe
  C:\Windows\System\ddXVWWR.exe
  2⤵
  PID:14000
- C:\Windows\System\uaXyXjL.exe
  C:\Windows\System\uaXyXjL.exe
  2⤵
  PID:14028
- C:\Windows\System\jRwUKjg.exe
  C:\Windows\System\jRwUKjg.exe
  2⤵
  PID:14056
- C:\Windows\System\ftdfoCV.exe
  C:\Windows\System\ftdfoCV.exe
  2⤵
  PID:14084
- C:\Windows\System\FKXPzsi.exe
  C:\Windows\System\FKXPzsi.exe
  2⤵
  PID:14112
- C:\Windows\System\JDQtXTW.exe
  C:\Windows\System\JDQtXTW.exe
  2⤵
  PID:14140
- C:\Windows\System\TkGRixw.exe
  C:\Windows\System\TkGRixw.exe
  2⤵
  PID:14168
- C:\Windows\System\ueYrKph.exe
  C:\Windows\System\ueYrKph.exe
  2⤵
  PID:14200
- C:\Windows\System\QKWHJiZ.exe
  C:\Windows\System\QKWHJiZ.exe
  2⤵
  PID:14228
- C:\Windows\System\VcXQrnj.exe
  C:\Windows\System\VcXQrnj.exe
  2⤵
  PID:14256
- C:\Windows\System\BCCvMMA.exe
  C:\Windows\System\BCCvMMA.exe
  2⤵
  PID:14284
- C:\Windows\System\YwdcsUo.exe
  C:\Windows\System\YwdcsUo.exe
  2⤵
  PID:14312
- C:\Windows\System\vRKjHAV.exe
  C:\Windows\System\vRKjHAV.exe
  2⤵
  PID:10024
- C:\Windows\System\MkfVQUU.exe
  C:\Windows\System\MkfVQUU.exe
  2⤵
  PID:13368
- C:\Windows\System\HIBHonL.exe
  C:\Windows\System\HIBHonL.exe
  2⤵
  PID:10164
- C:\Windows\System\bvRYmVn.exe
  C:\Windows\System\bvRYmVn.exe
  2⤵
  PID:10200
- C:\Windows\System\fwKeYsD.exe
  C:\Windows\System\fwKeYsD.exe
  2⤵
  PID:13476
- C:\Windows\System\PxBOcsm.exe
  C:\Windows\System\PxBOcsm.exe
  2⤵
  PID:13516
- C:\Windows\System\umXjwMd.exe
  C:\Windows\System\umXjwMd.exe
  2⤵
  PID:13544
- C:\Windows\System\kdTyFhp.exe
  C:\Windows\System\kdTyFhp.exe
  2⤵
  PID:13572
- C:\Windows\System\uLYYZRS.exe
  C:\Windows\System\uLYYZRS.exe
  2⤵
  PID:13624
- C:\Windows\System\rlsNYvB.exe
  C:\Windows\System\rlsNYvB.exe
  2⤵
  PID:13656
- C:\Windows\System\xgmqxrZ.exe
  C:\Windows\System\xgmqxrZ.exe
  2⤵
  PID:13704
- C:\Windows\System\QJLroCi.exe
  C:\Windows\System\QJLroCi.exe
  2⤵
  PID:13732
- C:\Windows\System\jcCZhmW.exe
  C:\Windows\System\jcCZhmW.exe
  2⤵
  PID:9924
- C:\Windows\System\riHjWev.exe
  C:\Windows\System\riHjWev.exe
  2⤵
  PID:13848
- C:\Windows\System\CHgSUhx.exe
  C:\Windows\System\CHgSUhx.exe
  2⤵
  PID:13872
- C:\Windows\System\xEXZOPo.exe
  C:\Windows\System\xEXZOPo.exe
  2⤵
  PID:9276
- C:\Windows\System\ZBpIyHS.exe
  C:\Windows\System\ZBpIyHS.exe
  2⤵
  PID:13956
- C:\Windows\System\uDfkByZ.exe
  C:\Windows\System\uDfkByZ.exe
  2⤵
  PID:13996
- C:\Windows\System\wrwmbjO.exe
  C:\Windows\System\wrwmbjO.exe
  2⤵
  PID:14052
- C:\Windows\System\fsflcfL.exe
  C:\Windows\System\fsflcfL.exe
  2⤵
  PID:14108
- C:\Windows\System\fJxTVbj.exe
  C:\Windows\System\fJxTVbj.exe
  2⤵
  PID:10176
- C:\Windows\System\fcUXCFd.exe
  C:\Windows\System\fcUXCFd.exe
  2⤵
  PID:8472
- C:\Windows\System\AkmRYVh.exe
  C:\Windows\System\AkmRYVh.exe
  2⤵
  PID:9728
- C:\Windows\System\RGsqWjG.exe
  C:\Windows\System\RGsqWjG.exe
  2⤵
  PID:636
- C:\Windows\System\fcRLqOE.exe
  C:\Windows\System\fcRLqOE.exe
  2⤵
  PID:14296
- C:\Windows\System\QdPFyBN.exe
  C:\Windows\System\QdPFyBN.exe
  2⤵
  PID:14324
- C:\Windows\System\kUkqPQA.exe
  C:\Windows\System\kUkqPQA.exe
  2⤵
  PID:13340
- C:\Windows\System\AkkBiJU.exe
  C:\Windows\System\AkkBiJU.exe
  2⤵
  PID:10180
- C:\Windows\System\XpnBZWW.exe
  C:\Windows\System\XpnBZWW.exe
  2⤵
  PID:10204
- C:\Windows\System\dExUKtt.exe
  C:\Windows\System\dExUKtt.exe
  2⤵
  PID:7116
- C:\Windows\System\dJiRMJS.exe
  C:\Windows\System\dJiRMJS.exe
  2⤵
  PID:9492
- C:\Windows\System\eOnGYOr.exe
  C:\Windows\System\eOnGYOr.exe
  2⤵
  PID:10464
- C:\Windows\System\CuGXXzr.exe
  C:\Windows\System\CuGXXzr.exe
  2⤵
  PID:1292
- C:\Windows\System\wgvTGcQ.exe
  C:\Windows\System\wgvTGcQ.exe
  2⤵
  PID:13684
- C:\Windows\System\LiMvuvO.exe
  C:\Windows\System\LiMvuvO.exe
  2⤵
  PID:10600
- C:\Windows\System\oYaGavv.exe
  C:\Windows\System\oYaGavv.exe
  2⤵
  PID:10656
- C:\Windows\System\zGPboAE.exe
  C:\Windows\System\zGPboAE.exe
  2⤵
  PID:13852
- C:\Windows\System\QogVtbm.exe
  C:\Windows\System\QogVtbm.exe
  2⤵
  PID:9292
- C:\Windows\System\LpIGqRx.exe
  C:\Windows\System\LpIGqRx.exe
  2⤵
  PID:13940
- C:\Windows\System\fIvDdIB.exe
  C:\Windows\System\fIvDdIB.exe
  2⤵
  PID:9200
- C:\Windows\System\adGZCjG.exe
  C:\Windows\System\adGZCjG.exe
  2⤵
  PID:14104
- C:\Windows\System\iRyuHCO.exe
  C:\Windows\System\iRyuHCO.exe
  2⤵
  PID:10904
- C:\Windows\System\qKHqxAo.exe
  C:\Windows\System\qKHqxAo.exe
  2⤵
  PID:10988
- C:\Windows\System\spsLTJj.exe
  C:\Windows\System\spsLTJj.exe
  2⤵
  PID:11112
- C:\Windows\System\CNTtKof.exe
  C:\Windows\System\CNTtKof.exe
  2⤵
  PID:11196
- C:\Windows\System\ESXpfwC.exe
  C:\Windows\System\ESXpfwC.exe
  2⤵
  PID:2992
- C:\Windows\System\uQEONYC.exe
  C:\Windows\System\uQEONYC.exe
  2⤵
  PID:2708
- C:\Windows\System\rNlrAwP.exe
  C:\Windows\System\rNlrAwP.exe
  2⤵
  PID:8188
- C:\Windows\System\JAYUcke.exe
  C:\Windows\System\JAYUcke.exe
  2⤵
  PID:10452
- C:\Windows\System\wpyFmwP.exe
  C:\Windows\System\wpyFmwP.exe
  2⤵
  PID:9364
- C:\Windows\System\jwxCqhG.exe
  C:\Windows\System\jwxCqhG.exe
  2⤵
  PID:7512
- C:\Windows\System\MUVbxrk.exe
  C:\Windows\System\MUVbxrk.exe
  2⤵
  PID:10776
- C:\Windows\System\hZFiENl.exe
  C:\Windows\System\hZFiENl.exe
  2⤵
  PID:10636
- C:\Windows\System\ApdJdmD.exe
  C:\Windows\System\ApdJdmD.exe
  2⤵
  PID:5388
- C:\Windows\System\lXrHgCT.exe
  C:\Windows\System\lXrHgCT.exe
  2⤵
  PID:10712
- C:\Windows\System\PfYZrgx.exe
  C:\Windows\System\PfYZrgx.exe
  2⤵
  PID:13992
- C:\Windows\System\cxgBRMS.exe
  C:\Windows\System\cxgBRMS.exe
  2⤵
  PID:10104
- C:\Windows\System\UHuMrUy.exe
  C:\Windows\System\UHuMrUy.exe
  2⤵
  PID:10448
- C:\Windows\System\CYdWCch.exe
  C:\Windows\System\CYdWCch.exe
  2⤵
  PID:14220
- C:\Windows\System\cWgYLRT.exe
  C:\Windows\System\cWgYLRT.exe
  2⤵
  PID:11028
- C:\Windows\System\GvYOvid.exe
  C:\Windows\System\GvYOvid.exe
  2⤵
  PID:11252
- C:\Windows\System\HAVISzu.exe
  C:\Windows\System\HAVISzu.exe
  2⤵
  PID:10472
- C:\Windows\System\ikubOGH.exe
  C:\Windows\System\ikubOGH.exe
  2⤵
  PID:10328
- C:\Windows\System\rmsjrWc.exe
  C:\Windows\System\rmsjrWc.exe
  2⤵
  PID:1320
- C:\Windows\System\mmzmWlU.exe
  C:\Windows\System\mmzmWlU.exe
  2⤵
  PID:10796
- C:\Windows\System\uJkmnqv.exe
  C:\Windows\System\uJkmnqv.exe
  2⤵
  PID:384
- C:\Windows\System\umblOFj.exe
  C:\Windows\System\umblOFj.exe
  2⤵
  PID:8468
- C:\Windows\System\IaUIjhw.exe
  C:\Windows\System\IaUIjhw.exe
  2⤵
  PID:11224
- C:\Windows\System\eLYKxHq.exe
  C:\Windows\System\eLYKxHq.exe
  2⤵
  PID:11444
- C:\Windows\System\rAmsTLb.exe
  C:\Windows\System\rAmsTLb.exe
  2⤵
  PID:11504
- C:\Windows\System\NxiFsPM.exe
  C:\Windows\System\NxiFsPM.exe
  2⤵
  PID:14248
- C:\Windows\System\ouRGZGu.exe
  C:\Windows\System\ouRGZGu.exe
  2⤵
  PID:3492
- C:\Windows\System\mFuPGoB.exe
  C:\Windows\System\mFuPGoB.exe
  2⤵
  PID:13828
- C:\Windows\System\XaOErcc.exe
  C:\Windows\System\XaOErcc.exe
  2⤵
  PID:11684
- C:\Windows\System\wKRzgMx.exe
  C:\Windows\System\wKRzgMx.exe
  2⤵
  PID:8896
- C:\Windows\System\okNLxHM.exe
  C:\Windows\System\okNLxHM.exe
  2⤵
  PID:11280
- C:\Windows\System\YgfOYVA.exe
  C:\Windows\System\YgfOYVA.exe
  2⤵
  PID:11824
- C:\Windows\System\YnfHifk.exe
  C:\Windows\System\YnfHifk.exe
  2⤵
  PID:11852
- C:\Windows\System\wfWLuVc.exe
  C:\Windows\System\wfWLuVc.exe
  2⤵
  PID:8476
- C:\Windows\System\qHxpyvZ.exe
  C:\Windows\System\qHxpyvZ.exe
  2⤵
  PID:11944
- C:\Windows\System\HPGITOL.exe
  C:\Windows\System\HPGITOL.exe
  2⤵
  PID:11968
- C:\Windows\System\eqTHsyB.exe
  C:\Windows\System\eqTHsyB.exe
  2⤵
  PID:11200
- C:\Windows\System\wHzxAzG.exe
  C:\Windows\System\wHzxAzG.exe
  2⤵
  PID:13504
- C:\Windows\System\EaLCcej.exe
  C:\Windows\System\EaLCcej.exe
  2⤵
  PID:12104
- C:\Windows\System\kOFsacm.exe
  C:\Windows\System\kOFsacm.exe
  2⤵
  PID:11832
- C:\Windows\System\aYglLac.exe
  C:\Windows\System\aYglLac.exe
  2⤵
  PID:9140
- C:\Windows\System\JZcEaiU.exe
  C:\Windows\System\JZcEaiU.exe
  2⤵
  PID:9116
- C:\Windows\System\JUoeaFX.exe
  C:\Windows\System\JUoeaFX.exe
  2⤵
  PID:9176
- C:\Windows\System\yCGiYud.exe
  C:\Windows\System\yCGiYud.exe
  2⤵
  PID:8712
- C:\Windows\System\sZtDqDy.exe
  C:\Windows\System\sZtDqDy.exe
  2⤵
  PID:4360
- C:\Windows\System\wxsqOFs.exe
  C:\Windows\System\wxsqOFs.exe
  2⤵
  PID:14152
- C:\Windows\System\TJSWBnc.exe
  C:\Windows\System\TJSWBnc.exe
  2⤵
  PID:10244
- C:\Windows\System\oxZbIjX.exe
  C:\Windows\System\oxZbIjX.exe
  2⤵
  PID:8500
- C:\Windows\System\SgWemVo.exe
  C:\Windows\System\SgWemVo.exe
  2⤵
  PID:11988
- C:\Windows\System\SvXwDAv.exe
  C:\Windows\System\SvXwDAv.exe
  2⤵
  PID:9052
- C:\Windows\System\zVBymWv.exe
  C:\Windows\System\zVBymWv.exe
  2⤵
  PID:14352
- C:\Windows\System\GsUOIas.exe
  C:\Windows\System\GsUOIas.exe
  2⤵
  PID:14392
- C:\Windows\System\InrWsBi.exe
  C:\Windows\System\InrWsBi.exe
  2⤵
  PID:14424
- C:\Windows\System\dreDYcn.exe
  C:\Windows\System\dreDYcn.exe
  2⤵
  PID:14440
- C:\Windows\System\pSxoHXA.exe
  C:\Windows\System\pSxoHXA.exe
  2⤵
  PID:14468
- C:\Windows\System\NHwvUFe.exe
  C:\Windows\System\NHwvUFe.exe
  2⤵
  PID:14496
- C:\Windows\System\VAeGxMV.exe
  C:\Windows\System\VAeGxMV.exe
  2⤵
  PID:14532
- C:\Windows\System\zlGQeje.exe
  C:\Windows\System\zlGQeje.exe
  2⤵
  PID:14552
- C:\Windows\System\KtOOKek.exe
  C:\Windows\System\KtOOKek.exe
  2⤵
  PID:14580
- C:\Windows\System\NaXObSG.exe
  C:\Windows\System\NaXObSG.exe
  2⤵
  PID:14608
- C:\Windows\System\zNtbrxr.exe
  C:\Windows\System\zNtbrxr.exe
  2⤵
  PID:14636
- C:\Windows\System\WgvOCzu.exe
  C:\Windows\System\WgvOCzu.exe
  2⤵
  PID:14664
- C:\Windows\System\NhfGqEY.exe
  C:\Windows\System\NhfGqEY.exe
  2⤵
  PID:14692
- C:\Windows\System\PcxZXMq.exe
  C:\Windows\System\PcxZXMq.exe
  2⤵
  PID:14720
- C:\Windows\System\LyUWLZH.exe
  C:\Windows\System\LyUWLZH.exe
  2⤵
  PID:14748
- C:\Windows\System\cTaRQdb.exe
  C:\Windows\System\cTaRQdb.exe
  2⤵
  PID:14776
- C:\Windows\System\mPuEjLD.exe
  C:\Windows\System\mPuEjLD.exe
  2⤵
  PID:14804
- C:\Windows\System\AvzDSpu.exe
  C:\Windows\System\AvzDSpu.exe
  2⤵
  PID:14832
- C:\Windows\System\yGYcMnu.exe
  C:\Windows\System\yGYcMnu.exe
  2⤵
  PID:14864
- C:\Windows\System\xagruVm.exe
  C:\Windows\System\xagruVm.exe
  2⤵
  PID:14888
- C:\Windows\System\sNFqxWQ.exe
  C:\Windows\System\sNFqxWQ.exe
  2⤵
  PID:14916
- C:\Windows\System\cgjLcFQ.exe
  C:\Windows\System\cgjLcFQ.exe
  2⤵
  PID:14948
- C:\Windows\System\teHfYpw.exe
  C:\Windows\System\teHfYpw.exe
  2⤵
  PID:14976
- C:\Windows\System\jKYnlKS.exe
  C:\Windows\System\jKYnlKS.exe
  2⤵
  PID:15004
- C:\Windows\System\oYInQrU.exe
  C:\Windows\System\oYInQrU.exe
  2⤵
  PID:15032
- C:\Windows\System\RWhmnnY.exe
  C:\Windows\System\RWhmnnY.exe
  2⤵
  PID:15060
- C:\Windows\System\QSgUIyY.exe
  C:\Windows\System\QSgUIyY.exe
  2⤵
  PID:15088
- C:\Windows\System\IWXCvrE.exe
  C:\Windows\System\IWXCvrE.exe
  2⤵
  PID:15120
- C:\Windows\System\NAQEAKS.exe
  C:\Windows\System\NAQEAKS.exe
  2⤵
  PID:15144
- C:\Windows\System\bPXWXkM.exe
  C:\Windows\System\bPXWXkM.exe
  2⤵
  PID:15176
- C:\Windows\System\DLGfifP.exe
  C:\Windows\System\DLGfifP.exe
  2⤵
  PID:15200
- C:\Windows\System\DivcKXa.exe
  C:\Windows\System\DivcKXa.exe
  2⤵
  PID:15228
- C:\Windows\System\qLJvoJH.exe
  C:\Windows\System\qLJvoJH.exe
  2⤵
  PID:15264
- C:\Windows\System\TMvvZCc.exe
  C:\Windows\System\TMvvZCc.exe
  2⤵
  PID:15284
- C:\Windows\System\sKjRkBJ.exe
  C:\Windows\System\sKjRkBJ.exe
  2⤵
  PID:15320
- C:\Windows\System\zVthfpk.exe
  C:\Windows\System\zVthfpk.exe
  2⤵
  PID:15352
- C:\Windows\System\fenOIhp.exe
  C:\Windows\System\fenOIhp.exe
  2⤵
  PID:9344
- C:\Windows\System\OyDyIHs.exe
  C:\Windows\System\OyDyIHs.exe
  2⤵
  PID:14400
- C:\Windows\System\FEhsVBg.exe
  C:\Windows\System\FEhsVBg.exe
  2⤵
  PID:14488
- C:\Windows\System\PXvIzQd.exe
  C:\Windows\System\PXvIzQd.exe
  2⤵
  PID:14540
- C:\Windows\System\nmEXwIb.exe
  C:\Windows\System\nmEXwIb.exe
  2⤵
  PID:14600
- C:\Windows\System\wAsZHmW.exe
  C:\Windows\System\wAsZHmW.exe
  2⤵
  PID:14688
- C:\Windows\System\MyCosED.exe
  C:\Windows\System\MyCosED.exe
  2⤵
  PID:14732
- C:\Windows\System\BxnnjNe.exe
  C:\Windows\System\BxnnjNe.exe
  2⤵
  PID:9776
- C:\Windows\System\qpOmqrr.exe
  C:\Windows\System\qpOmqrr.exe
  2⤵
  PID:14824
- C:\Windows\System\VvGQaWt.exe
  C:\Windows\System\VvGQaWt.exe
  2⤵
  PID:14856
- C:\Windows\System\CyHWrwF.exe
  C:\Windows\System\CyHWrwF.exe
  2⤵
  PID:9888
- C:\Windows\System\aiBoOjK.exe
  C:\Windows\System\aiBoOjK.exe
  2⤵
  PID:14960
- C:\Windows\System\HfQGXQt.exe
  C:\Windows\System\HfQGXQt.exe
  2⤵
  PID:15000
- C:\Windows\System\MzeOjty.exe
  C:\Windows\System\MzeOjty.exe
  2⤵
  PID:15072
- C:\Windows\System\uBMjCAd.exe
  C:\Windows\System\uBMjCAd.exe
  2⤵
  PID:15112
- C:\Windows\System\ltisITT.exe
  C:\Windows\System\ltisITT.exe
  2⤵
  PID:15184
- C:\Windows\System\gtSWwpf.exe
  C:\Windows\System\gtSWwpf.exe
  2⤵
  PID:15248
- C:\Windows\System\SujReTF.exe
  C:\Windows\System\SujReTF.exe
  2⤵
  PID:15296
- C:\Windows\System\AWfuQyk.exe
  C:\Windows\System\AWfuQyk.exe
  2⤵
  PID:14372
- C:\Windows\System\RBLoBZy.exe
  C:\Windows\System\RBLoBZy.exe
  2⤵
  PID:14460
- C:\Windows\System\WBEfAlD.exe
  C:\Windows\System\WBEfAlD.exe
  2⤵
  PID:8208
- C:\Windows\System\OmusGNz.exe
  C:\Windows\System\OmusGNz.exe
  2⤵
  PID:14760
- C:\Windows\System\MsHpVNe.exe
  C:\Windows\System\MsHpVNe.exe
  2⤵
  PID:14844
- C:\Windows\System\KXohJyZ.exe
  C:\Windows\System\KXohJyZ.exe
  2⤵
  PID:14940
- C:\Windows\System\NDrlMqq.exe
  C:\Windows\System\NDrlMqq.exe
  2⤵
  PID:9864
- C:\Windows\System\eZxxRZv.exe
  C:\Windows\System\eZxxRZv.exe
  2⤵
  PID:15140
- C:\Windows\System\xdLGxZR.exe
  C:\Windows\System\xdLGxZR.exe
  2⤵
  PID:14572
- C:\Windows\System\PdJrUxj.exe
  C:\Windows\System\PdJrUxj.exe
  2⤵
  PID:14432
- C:\Windows\System\csBunwh.exe
  C:\Windows\System\csBunwh.exe
  2⤵
  PID:10012
- C:\Windows\System\EDWXstn.exe
  C:\Windows\System\EDWXstn.exe
  2⤵
  PID:14988
- C:\Windows\System\wewkAfw.exe
  C:\Windows\System\wewkAfw.exe
  2⤵
  PID:15108
- C:\Windows\System\oVfFJkN.exe
  C:\Windows\System\oVfFJkN.exe
  2⤵
  PID:2380
- C:\Windows\System\fCDIAfK.exe
  C:\Windows\System\fCDIAfK.exe
  2⤵
  PID:10000
- C:\Windows\System\GLSHeBD.exe
  C:\Windows\System\GLSHeBD.exe
  2⤵
  PID:10372
- C:\Windows\System\kNbuaoh.exe
  C:\Windows\System\kNbuaoh.exe
  2⤵
  PID:10400
- C:\Windows\System\AFOgIjb.exe
  C:\Windows\System\AFOgIjb.exe
  2⤵
  PID:12116
- C:\Windows\System\qVlxuJq.exe
  C:\Windows\System\qVlxuJq.exe
  2⤵
  PID:11980
- C:\Windows\System\mgMRdco.exe
  C:\Windows\System\mgMRdco.exe
  2⤵
  PID:2328
- C:\Windows\System\jtRFadn.exe
  C:\Windows\System\jtRFadn.exe
  2⤵
  PID:12220
- C:\Windows\System\QIbWDmZ.exe
  C:\Windows\System\QIbWDmZ.exe
  2⤵
  PID:6324
- C:\Windows\System\UTSAday.exe
  C:\Windows\System\UTSAday.exe
  2⤵
  PID:6460
- C:\Windows\System\AbQlpSk.exe
  C:\Windows\System\AbQlpSk.exe
  2⤵
  PID:10412
- C:\Windows\System\tIjOcaB.exe
  C:\Windows\System\tIjOcaB.exe
  2⤵
  PID:1496
- C:\Windows\System\OGWIlDH.exe
  C:\Windows\System\OGWIlDH.exe
  2⤵
  PID:11564
- C:\Windows\System\dfMhjHi.exe
  C:\Windows\System\dfMhjHi.exe
  2⤵
  PID:6280
- C:\Windows\System\acMlFOv.exe
  C:\Windows\System\acMlFOv.exe
  2⤵
  PID:11800
- C:\Windows\System\MPrURIB.exe
  C:\Windows\System\MPrURIB.exe
  2⤵
  PID:6936
- C:\Windows\System\KzqTHoH.exe
  C:\Windows\System\KzqTHoH.exe
  2⤵
  PID:6240
- C:\Windows\System\zWorZRF.exe
  C:\Windows\System\zWorZRF.exe
  2⤵
  PID:11192
- C:\Windows\System\YOPwzWG.exe
  C:\Windows\System\YOPwzWG.exe
  2⤵
  PID:11568
- C:\Windows\System\fdLIPzi.exe
  C:\Windows\System\fdLIPzi.exe
  2⤵
  PID:10508
- C:\Windows\System\WPVbjsY.exe
  C:\Windows\System\WPVbjsY.exe
  2⤵
  PID:6488
- C:\Windows\System\UShmvwO.exe
  C:\Windows\System\UShmvwO.exe
  2⤵
  PID:6984
- C:\Windows\System\BlQdRKO.exe
  C:\Windows\System\BlQdRKO.exe
  2⤵
  PID:6852
- C:\Windows\System\ghrMgBe.exe
  C:\Windows\System\ghrMgBe.exe
  2⤵
  PID:5936
- C:\Windows\System\HlMEwmf.exe
  C:\Windows\System\HlMEwmf.exe
  2⤵
  PID:3084
- C:\Windows\System\HHiiYSa.exe
  C:\Windows\System\HHiiYSa.exe
  2⤵
  PID:1208
- C:\Windows\System\RXjzxzS.exe
  C:\Windows\System\RXjzxzS.exe
  2⤵
  PID:3156
- C:\Windows\System\FjKpxfk.exe
  C:\Windows\System\FjKpxfk.exe
  2⤵
  PID:11864
- C:\Windows\System\QUmWptc.exe
  C:\Windows\System\QUmWptc.exe
  2⤵
  PID:2300
- C:\Windows\System\RoTbXup.exe
  C:\Windows\System\RoTbXup.exe
  2⤵
  PID:12148
- C:\Windows\System\GwKvnPx.exe
  C:\Windows\System\GwKvnPx.exe
  2⤵
  PID:2412
- C:\Windows\System\uKfYAuL.exe
  C:\Windows\System\uKfYAuL.exe
  2⤵
  PID:6292
- C:\Windows\System\CSuFZqD.exe
  C:\Windows\System\CSuFZqD.exe
  2⤵
  PID:12168
- C:\Windows\System\gMtXdEf.exe
  C:\Windows\System\gMtXdEf.exe
  2⤵
  PID:6392
- C:\Windows\System\CQPzBap.exe
  C:\Windows\System\CQPzBap.exe
  2⤵
  PID:7244
- C:\Windows\System\NubjErP.exe
  C:\Windows\System\NubjErP.exe
  2⤵
  PID:15376
- C:\Windows\System\uNtXsed.exe
  C:\Windows\System\uNtXsed.exe
  2⤵
  PID:15404
- C:\Windows\System\KmNEZcD.exe
  C:\Windows\System\KmNEZcD.exe
  2⤵
  PID:15440
- C:\Windows\System\gZYWgAk.exe
  C:\Windows\System\gZYWgAk.exe
  2⤵
  PID:15472
- C:\Windows\System\pSfQrxQ.exe
  C:\Windows\System\pSfQrxQ.exe
  2⤵
  PID:15500
- C:\Windows\System\UOwimdY.exe
  C:\Windows\System\UOwimdY.exe
  2⤵
  PID:15520
- C:\Windows\System\KwTDPLH.exe
  C:\Windows\System\KwTDPLH.exe
  2⤵
  PID:15548
- C:\Windows\System\OVFDFRo.exe
  C:\Windows\System\OVFDFRo.exe
  2⤵
  PID:15576
- C:\Windows\System\fHWzvhY.exe
  C:\Windows\System\fHWzvhY.exe
  2⤵
  PID:15612
- C:\Windows\System\oIFmoSw.exe
  C:\Windows\System\oIFmoSw.exe
  2⤵
  PID:15632
- C:\Windows\System\oZdQfAA.exe
  C:\Windows\System\oZdQfAA.exe
  2⤵
  PID:15676
- C:\Windows\System\OwRDskR.exe
  C:\Windows\System\OwRDskR.exe
  2⤵
  PID:15696
- C:\Windows\System\uLWnVIn.exe
  C:\Windows\System\uLWnVIn.exe
  2⤵
  PID:15728
- C:\Windows\System\wczdNOE.exe
  C:\Windows\System\wczdNOE.exe
  2⤵
  PID:15748
- C:\Windows\System\qdNZwPN.exe
  C:\Windows\System\qdNZwPN.exe
  2⤵
  PID:15776
- C:\Windows\System\nnhnLLf.exe
  C:\Windows\System\nnhnLLf.exe
  2⤵
  PID:15804
- C:\Windows\System\IKBSBix.exe
  C:\Windows\System\IKBSBix.exe
  2⤵
  PID:15832
- C:\Windows\System\mZfBbef.exe
  C:\Windows\System\mZfBbef.exe
  2⤵
  PID:15860
- C:\Windows\System\mSiVQDv.exe
  C:\Windows\System\mSiVQDv.exe
  2⤵
  PID:15900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AsXBBmA.exe

Filesize
6.0MB

MD5
d732e452d73ea69ddacff3a66b0944d5

SHA1
ffad6e149155d198c6db48c34c3efbde0f89c280

SHA256
b608b3430ea5e23c8ca60e596fa117096e16799e7725aec49c53848efdeddbe7

SHA512
99abe53363471255dbfbae7538432415b55e241c1daacee4eb5e67e5306d57d635c84ac353e4dc8e34d1263064dd66daf01c9cc9de590496f6e7160fe4d40961

Download Submit
C:\Windows\System\ESnHYxd.exe

Filesize
6.0MB

MD5
321e2531a18d8a71ca98b3cdc21470ec

SHA1
2c04e350b5ab59c97920948a3f99d450a6179026

SHA256
30bad6b84cba65ffaa3f748b0c91871b9691fb32d200a85eec4b4e1afd881932

SHA512
d4232246e2414eff2a1b3f4150dba2d39ff83b4c0665ad4237db21249a5ab6c70b3e3fa5b1d2e99c14585ac02cab272254583738cc65cedc83a12c83b2911576

Download Submit
C:\Windows\System\GGZWutt.exe

Filesize
6.0MB

MD5
991608e9024b353fda3d7ff41e07d7ad

SHA1
ab17ba4acb937c8a478417701ce3838e60cb5ebd

SHA256
a96628fe4b60323daeddf3cc8bbad696cd3569bb42d6dd344e5c890f01dab263

SHA512
f65ee98605dcbd0b0020672de9ee36c86503c8b9292d50ffc43042c6e73167070dc5ffbe34ee8c596d0f47ec545e17d4c1699299ee30334364d0375025b3a1d0

Download Submit
C:\Windows\System\HuPGzHP.exe

Filesize
6.0MB

MD5
da53e8415742fc7920fd0b5e8d4e84ff

SHA1
3b1dc4545d15ca44736a87f2b5534234b046a959

SHA256
c195a1fbb3a51c44c18912b73bfac8e6940eb044a804f42aa329828bff756b13

SHA512
e5bcbacaa5ea3a3adf68218c32fbdbdd103bb2c400d63426c053f77a84fcb0cf996ee67e0d33f09e771b65c9d5e4f3ec7bc42f4929d2727003c75a1f1fbc6d4c

Download Submit
C:\Windows\System\KKcStwy.exe

Filesize
6.0MB

MD5
8727751dfda44d467ac06f32b87b77ff

SHA1
6c812f28d38e22daf754805406f4325234c8a884

SHA256
5f2e436321ab2abf6cf5783c87bd093b2e86352909c0d6587b2b3cc99dcd68b2

SHA512
9d0a3589cd487aebf3035eb74649f4b3e2530250ea314f1687b6b4e4406363fb52c018e5edbeea58aa7f9bcbb2e9ef451dab84b4836dc1d1888a04b2db71133f

Download Submit
C:\Windows\System\LoWHZJt.exe

Filesize
6.0MB

MD5
30f6c8f2fe853d3155d98368191829da

SHA1
3aa40e91169e64dbdf2ee8c26aa55f6b34522272

SHA256
6dbca25ed40bd2498e6b393550b59a3304864c465e6d2525978bfacad0f7110d

SHA512
32d3e42ec86542b97f42150a38e0360e7c8a52e92461aa06e0d714b9023c341360223e7b4ab3e11bf70da969e49f02e65307089fc7496cabea65ed0178b4046f

Download Submit
C:\Windows\System\OFiWOaI.exe

Filesize
6.0MB

MD5
a4248d3f56c11edfe2e2193e4ea427b2

SHA1
768bf2e1d4e4e60589e7ac269747b51a4bc7ddb8

SHA256
7e964d5ac9513cb4092818626e96d3beea838491e374378dd395d92c3bdaa063

SHA512
31d4dd8aee609f7b0bd4089ce91619500e913f9b85c1b18254ee381de1b19cc959b749bedb17fe729635165e4c9454cc7348735cf4cde623f2e3234610cca6d3

Download Submit
C:\Windows\System\SGwwoAJ.exe

Filesize
6.0MB

MD5
1bcb58b868428f9fed64456e30d37a78

SHA1
f67c6303e15d65dcdcadfc2cf8200e1fecd6f051

SHA256
14e63a1e5f07abca00d6bc510288d5e079d054eeb2e6e62de63b3b3dd8d5fb0d

SHA512
394f65902015edfce47e21f45dcba78bdf8f99401dbf322797461f7dd7903b32a3929087a1db158961affc4215c9893c60f06b22e955d7662d976fe6ace92e1e

Download Submit
C:\Windows\System\SpSZbzo.exe

Filesize
6.0MB

MD5
54c9a6ad1ba493b9ff5e5a1bb05d88a9

SHA1
7a3b68fae726efe442b3ff9cb4fbe0cc99bdd970

SHA256
d05caa8c4ccf43069b4f2a27744e8713b721471a97bdf5755b175940e893f621

SHA512
7c040586943fd31a1ee5117733945b11f896193e8b02650b94c28fd62d76e9f67c14cf394063438720d47012643afabe41ee386d930b9ad1e885c8d17e18b1c3

Download Submit
C:\Windows\System\TAKHipE.exe

Filesize
6.0MB

MD5
57b3e5307ccb91b1fdc5e94f7b68d8e7

SHA1
fb60d3d9f27015018fdf07a553492e78369288bc

SHA256
859799a24b6c3fac659e27bc39c451aa573ae5290452ceb602599f875ece56c6

SHA512
8ff2ac9c91e18cb5feb472418e74e2268bb4cb7a298571a2f463908174d5bc4a91ed37927404329416965fbd96e5711e2c838e088c34898419587ae9118f374c

Download Submit
C:\Windows\System\TYriLBb.exe

Filesize
6.0MB

MD5
51aac8ec6d30ceff4af83d41a17e1e5f

SHA1
bdd4a9155c3a1a2ba228a4fdd0a63fc59bd707a1

SHA256
64f2676b9c4dde65b94deda526d08382a59d45840af6876f31821be4948f47c0

SHA512
3c7366bb0fca143854e007054641cc3928c614ed2b8326734b7345d47c013ae9d2dd1aff23159c0910273e84728e78aed4477c779a89a63d2d638a03012b34e2

Download Submit
C:\Windows\System\TZmiCyn.exe

Filesize
6.0MB

MD5
0b2cd15aa75b261dda0d4cb689c18f16

SHA1
9dbc27a371ccedc4837ea570653a5e619f224410

SHA256
6dde1c4f41ad25f1b586d11c7686e6e2688f3ccf65d4a7635a12153d20ec683d

SHA512
508f6d3706ca5cb6d5d362e1a6340f86ae8c176ab68c188c996513b34326e6d3b8fbc35f4edda638b5f6c89533a1de36af66d6d9d66e3da192e7ae22a33c029e

Download Submit
C:\Windows\System\UUvpVPH.exe

Filesize
6.0MB

MD5
0c2f6a232bf185d2c0295a35a4609429

SHA1
fe579822f399dbd52f0f21276961aba8c18eb600

SHA256
ec89a505d7a2e5105c102f55e054de6e8f569c876ab2b171902aa5b2ac1d0e6a

SHA512
0a62028107e157e0a4cb7a64879a21a3423a71c03b200a77981816b4b652ab0a67b3e367a418466e0c94b1510c4d8a8c4cba15ea2b62d4885a273e9c9cfdaff6

Download Submit
C:\Windows\System\UaTipaF.exe

Filesize
6.0MB

MD5
a7cf9f2347879dccb4df219952a0292b

SHA1
b0b15d94cc0aeea0b728beec1a7925c0b0722db8

SHA256
c7422400d0a532981efbde83284225692be0933f4ad2ae0cea1fb58bae5908b7

SHA512
214297247b12b69685bda1a08d2035fb564bdc0f3e016f9e8b4efe1665abf5fcb1f19885af2cd7727b77ec38969b5334d98a5f78df0f286721c79a551359b107

Download Submit
C:\Windows\System\YKxpaKR.exe

Filesize
6.0MB

MD5
211e4f9d24691634a4f140b4819a009b

SHA1
e7f68e5fd4034b879dd20cdcd4d936277112d56b

SHA256
85f68302925dd9d616c4e158764838d0611548ee2176e0338d2bc5749b0d84fc

SHA512
11cd7e4b579e066e2b700aa78eeca1025c83d41c76617991bccef19e0d5f1774e20059db3de222d400472e29b16c31b24b989023b240ad0e2b6014ac7f58d96f

Download Submit
C:\Windows\System\ZUqhxpU.exe

Filesize
6.0MB

MD5
65ec85feaaf13805ebb2fd4f468626b9

SHA1
30c7b2f45a7aff06a0b88a59a3d429f3b1466847

SHA256
f6b7fbf5f99d3d77dc4ed9832b2bca3807ae8b987b669c6892111cef9a3c7f16

SHA512
2575422636d10bd8d351fde6cd53026efea2836df09bba676f7aaff93a9532a7f50fef11de5bbfc27c9d0cba78114dda633fc0f809ff93cc67600f83a3c94f3a

Download Submit
C:\Windows\System\ZkpjJRP.exe

Filesize
6.0MB

MD5
0fbfec856f93787038c11dfea580dc8a

SHA1
c92a140a30edbe2a32610fac2fe41519b8378d44

SHA256
f5dbc16e80b12635d7b246f6913ae4f415a3dce0c89e35bd38cf41fdc45749c1

SHA512
aed65c81c3fe4787336ddd971759d038c6988007adcee381e0f52cf5e84606f9e38b0c07ff6572380a8e433bdb8843651558c620f626edee3cc18a38d0c290c8

Download Submit
C:\Windows\System\bVXkAXZ.exe

Filesize
6.0MB

MD5
5b5ffeaa3c2bb1a178474271cf969655

SHA1
1fdd3ec8805dcce734fb15cf67f139755cc334c5

SHA256
1272351f93d9f3cab21775e4bf3a65b8244dcb1f9abf5d5eda0dbd18443845ab

SHA512
7d9e618b85b8f714b8ebb3b10c0a9d55f7a5aea2b7b8c1f80412a60ef02e3b301ac2097c374992ac5c86c70302add523776baa7c084db1e7e9c3dbde20c09fd6

Download Submit
C:\Windows\System\bziakIe.exe

Filesize
6.0MB

MD5
86eaf970c2277301254d49c6d6cd1148

SHA1
519e583ec5c46d1e7da68be355a70db06ae01bb7

SHA256
eb7eef59c690eb513e3945fccfff32322b2be8cda6d96a9e9b5dc445fe65c9ff

SHA512
280db239c18d3d25ae0b45ba3121e51238465477d67570e1a348a58e2491655a75a691e8fb96f9fc42b5515d637c2bd94da153ccdb9968029f4e36ed42155492

Download Submit
C:\Windows\System\dSqhdgL.exe

Filesize
6.0MB

MD5
60be5b94f982d1064bb058296990deb1

SHA1
14baf8d95a4d28a789ac7a923e0f5cc5b54b86a7

SHA256
8d0844f321d0245c757f76bfb512e061d4bdbe15ac78891f0ec67d7762986575

SHA512
509274ad3953364a6c1093850f843bc8b3d2c64ec70973b142eb9b1ac9b60b868c93e80a6bec8bcad1e056a41b88c62ed2210250fe132fa21e48f162b26bfd4d

Download Submit
C:\Windows\System\gSJSqKf.exe

Filesize
6.0MB

MD5
953bca88165041ee8c429f9425624d1e

SHA1
a3ebda7d94882cf89a623eaea4a297f254f90062

SHA256
dca3a296cf27783dae7d9dbe3e8e8ae93c5fbb44c9153899d0eed0a0dccf3aa4

SHA512
a84b6750ee1768ed343d17ea1a9bd5bfe619b3685973c5d92210a8c0eb2165cefd24bd03f45d5181d8993f27e174342958eee87735d86d627e1d2f87ebc42195

Download Submit
C:\Windows\System\hVqDfnN.exe

Filesize
6.0MB

MD5
896875c07f8342e0c5ff222b565100dd

SHA1
edc8bb3943037ed30f94f73a3207666223e899fc

SHA256
c2027a919833865e94338ff2337866480a4b12fa91c70ab94fcea92ea0629988

SHA512
4ad608690506d46ec69a07bb336c2a3278d3e6233e5c6228ef51cf87c950daf17408238384517262987fc1786f67d72f880d8c47f3ffedf78939255763983ba9

Download Submit
C:\Windows\System\lOQoOAs.exe

Filesize
6.0MB

MD5
fd978737777d631e425cf49e5b385eca

SHA1
e4f37a0c8b09f3cf86cf98dee7ab56a0743c75a9

SHA256
b9b6d19b9ea2e8cdc28d261f5e79d9805eee9c5c338994c2250bf9fdde23c917

SHA512
c56d2401e0f30653f0dcd3fd7dfb54e1100729314778a5dffc187342be1d79139acfe94714e5d0b10d9199e311fabe6af2685f0fbda83fe093bcb3e16da70a2d

Download Submit
C:\Windows\System\rbremmc.exe

Filesize
6.0MB

MD5
73b7bf357694059b569d38345548248d

SHA1
f23c4f637539264d5f92b8869b760098c5d2f049

SHA256
22e2e2015d8c10912ffb861dfe06691b9d49752d8932e0eb170d63834fca136b

SHA512
e223c58cc03a6f49ca4d080d10e512fcf9e7d4314ed181c0f3dbd77a95605674a5d4774a1324bb7665812a77133d8409ce5a7d6e8b055a53a5b8774487a8ca67

Download Submit
C:\Windows\System\rxvVdRp.exe

Filesize
6.0MB

MD5
f2d729a1495c4fae3411c5d5bf079beb

SHA1
6893dc72e4db6fc94a489d733deb4f030d82b82c

SHA256
0d5adc1ccde1870003aa8fcacb642971eefe21b0d332179c7cd79ad89d1b08a9

SHA512
c52ac58200eec33453b43ca2eff82aa5ec9d7e0dae492325e08ecfb1c35158816fb604ca7a32041da5451e9cc6ebf6ae3f50dd2821f6e0722f1faa62c3e5aea2

Download Submit
C:\Windows\System\uhsZSTc.exe

Filesize
6.0MB

MD5
716a0da84bd46fe1fd9ae5bcd446bee2

SHA1
3bd293d61230b65f95694265e60e972e27d2f969

SHA256
9bd2a1f54f187501c10bf1eab9b5b372d756b22f25383e9bc5858e752e0df0da

SHA512
194401af0512bd562a2b50f3e5f679f01ced6af98fd2d87b669d17936898237eb7030890c00f131be07c1af6e1abab4a348ed75338411241c545298e491e5d27

Download Submit
C:\Windows\System\wSYBZGu.exe

Filesize
6.0MB

MD5
2e45dd4eaf8a2ee4c9eaf64e0c1508e7

SHA1
bf1f29595cab76f60896be7bdafc2ab74145f0ca

SHA256
cfb50990ed3f993c93c44ecbaf520d9816261d3ee56ad6af331d64d13939bec7

SHA512
db344015e7ac8c545927aa4f7d49155f5faebc0330117d10e137797f42c9707bd1b06b3c88c5c1e60315afcdbd01aaa0936ddb4fb5a55ca0c18d025b03847723

Download Submit
C:\Windows\System\xrchjTV.exe

Filesize
6.0MB

MD5
9e4c649a82f6a5beb1c21297e82b28e2

SHA1
38153c75b1257bf923310bfc3119960f9d130243

SHA256
7c457a930e46e4cc29f88206eae0f1f60e1a5304e0bc626e31d3525089541448

SHA512
b3f7face341f23538a842626f58c149dd213bd8945c9bd9e9b46c8e52a442670532a4fe808ad64768663de02587c63d9a76789dff169669a18d30aa70517b168

Download Submit
C:\Windows\System\xvWcgtv.exe

Filesize
6.0MB

MD5
ee8841c18961974f04bfcbd87a56d24b

SHA1
583cf363d30d156bb2592ceaa201196ee0d03a2b

SHA256
131da247fc02e0128eb2b5682bd2703e748fd024614a8f3ed926c86d648d0eec

SHA512
f3d085061aefb671bf953624bc1f58aa4d95b4436a76c39815ba3357f0b5aea99015f1105fa3907e80fd8c2c0f7cb44ab756111f6c32d640c974fe6ec6f466be

Download Submit
C:\Windows\System\ywwmumD.exe

Filesize
6.0MB

MD5
34b7eb34a7ca0d97c461b30517955bac

SHA1
c903c86e296d5e1e9e3f426bbcbaf790ac469f05

SHA256
f7a9cb5b2d05ead7e2171070446b38a0e9251c6e65e964c127bcd61957942aa6

SHA512
cd02038bc479335e4c8e0a1ce8e0c3e91e2240f99861d625bce7666a1eb0e24b3ce7e1b93e6233149e1a3596f506836cf817bb556f860ac14d2cc06b7307e6ae

Download Submit
C:\Windows\System\yzgDFcs.exe

Filesize
6.0MB

MD5
a5477d5f53b495709b2a192f0633b7af

SHA1
286c66944a1aabe80c24a12ebbb03e94cb0f7dfe

SHA256
42113f80a402afb17afc56611e1450e1c5834f872e116d597bf83b639c54c89b

SHA512
f009482093900b4557d4c60e53cd5e70f1609252be227bd534c501e199913170762ab9fd597604871c4a9ab934abf0eff80aa96c382832a0eeadfde836ba313f

Download Submit
C:\Windows\System\zmCqecW.exe

Filesize
6.0MB

MD5
6149d68742b27d2e569f7db629741d09

SHA1
d7910d8d79ee684ac43bb6ed6c2f84d2e8549f68

SHA256
867ad755a7d44bfdb41260dab40650b4151fe3d61b58412eed839385a55cfbc0

SHA512
63c89f83b2d00fdaae6be6a857752d02e6c7d9289c838b9c23fa888bbca3551b2d23b2915947edcd3a892481ab2c55ce9a5136745f1f76c6f676635918b4b385

Download Submit
memory/8-1637-0x00007FF76C710000-0x00007FF76CA64000-memory.dmp

Filesize
3.3MB

Download
memory/8-928-0x00007FF76C710000-0x00007FF76CA64000-memory.dmp

Filesize
3.3MB

Download
memory/220-890-0x00007FF610E90000-0x00007FF6111E4000-memory.dmp

Filesize
3.3MB

Download
memory/220-1600-0x00007FF610E90000-0x00007FF6111E4000-memory.dmp

Filesize
3.3MB

Download
memory/1060-1533-0x00007FF73F290000-0x00007FF73F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1060-7-0x00007FF73F290000-0x00007FF73F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1060-1117-0x00007FF73F290000-0x00007FF73F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-1073-0x00007FF74B9A0000-0x00007FF74BCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-0-0x00007FF74B9A0000-0x00007FF74BCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-1-0x000002158FDC0000-0x000002158FDD0000-memory.dmp

Filesize
64KB

Download
memory/1096-1596-0x00007FF7BD650000-0x00007FF7BD9A4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-961-0x00007FF7BD650000-0x00007FF7BD9A4000-memory.dmp

Filesize
3.3MB

Download
memory/1376-1639-0x00007FF71CBD0000-0x00007FF71CF24000-memory.dmp

Filesize
3.3MB

Download
memory/1376-924-0x00007FF71CBD0000-0x00007FF71CF24000-memory.dmp

Filesize
3.3MB

Download
memory/1648-930-0x00007FF63A1A0000-0x00007FF63A4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-1621-0x00007FF63A1A0000-0x00007FF63A4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1884-903-0x00007FF658500000-0x00007FF658854000-memory.dmp

Filesize
3.3MB

Download
memory/1884-1609-0x00007FF658500000-0x00007FF658854000-memory.dmp

Filesize
3.3MB

Download
memory/1964-1614-0x00007FF6AF150000-0x00007FF6AF4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-904-0x00007FF6AF150000-0x00007FF6AF4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-1604-0x00007FF6143B0000-0x00007FF614704000-memory.dmp

Filesize
3.3MB

Download
memory/2092-893-0x00007FF6143B0000-0x00007FF614704000-memory.dmp

Filesize
3.3MB

Download
memory/2400-918-0x00007FF6FCE20000-0x00007FF6FD174000-memory.dmp

Filesize
3.3MB

Download
memory/2400-1636-0x00007FF6FCE20000-0x00007FF6FD174000-memory.dmp

Filesize
3.3MB

Download
memory/2432-1629-0x00007FF62B270000-0x00007FF62B5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-936-0x00007FF62B270000-0x00007FF62B5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-915-0x00007FF6B0000000-0x00007FF6B0354000-memory.dmp

Filesize
3.3MB

Download
memory/2716-1632-0x00007FF6B0000000-0x00007FF6B0354000-memory.dmp

Filesize
3.3MB

Download
memory/2720-937-0x00007FF6ED840000-0x00007FF6EDB94000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1631-0x00007FF6ED840000-0x00007FF6EDB94000-memory.dmp

Filesize
3.3MB

Download
memory/3028-26-0x00007FF639930000-0x00007FF639C84000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1305-0x00007FF639930000-0x00007FF639C84000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1593-0x00007FF639930000-0x00007FF639C84000-memory.dmp

Filesize
3.3MB

Download
memory/3104-1627-0x00007FF670660000-0x00007FF6709B4000-memory.dmp

Filesize
3.3MB

Download
memory/3104-934-0x00007FF670660000-0x00007FF6709B4000-memory.dmp

Filesize
3.3MB

Download
memory/3312-925-0x00007FF7E7DA0000-0x00007FF7E80F4000-memory.dmp

Filesize
3.3MB

Download
memory/3312-1624-0x00007FF7E7DA0000-0x00007FF7E80F4000-memory.dmp

Filesize
3.3MB

Download
memory/3332-1606-0x00007FF741930000-0x00007FF741C84000-memory.dmp

Filesize
3.3MB

Download
memory/3332-898-0x00007FF741930000-0x00007FF741C84000-memory.dmp

Filesize
3.3MB

Download
memory/3496-1625-0x00007FF6E82E0000-0x00007FF6E8634000-memory.dmp

Filesize
3.3MB

Download
memory/3496-919-0x00007FF6E82E0000-0x00007FF6E8634000-memory.dmp

Filesize
3.3MB

Download
memory/3592-921-0x00007FF6CF250000-0x00007FF6CF5A4000-memory.dmp

Filesize
3.3MB

Download
memory/3592-1635-0x00007FF6CF250000-0x00007FF6CF5A4000-memory.dmp

Filesize
3.3MB

Download
memory/3772-1633-0x00007FF6C0530000-0x00007FF6C0884000-memory.dmp

Filesize
3.3MB

Download
memory/3772-914-0x00007FF6C0530000-0x00007FF6C0884000-memory.dmp

Filesize
3.3MB

Download
memory/3880-959-0x00007FF740E90000-0x00007FF7411E4000-memory.dmp

Filesize
3.3MB

Download
memory/3880-1630-0x00007FF740E90000-0x00007FF7411E4000-memory.dmp

Filesize
3.3MB

Download
memory/3912-1257-0x00007FF632B50000-0x00007FF632EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3912-1582-0x00007FF632B50000-0x00007FF632EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3912-18-0x00007FF632B50000-0x00007FF632EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4068-1620-0x00007FF669810000-0x00007FF669B64000-memory.dmp

Filesize
3.3MB

Download
memory/4068-908-0x00007FF669810000-0x00007FF669B64000-memory.dmp

Filesize
3.3MB

Download
memory/4156-1628-0x00007FF727420000-0x00007FF727774000-memory.dmp

Filesize
3.3MB

Download
memory/4156-940-0x00007FF727420000-0x00007FF727774000-memory.dmp

Filesize
3.3MB

Download
memory/4460-1537-0x00007FF758AC0000-0x00007FF758E14000-memory.dmp

Filesize
3.3MB

Download
memory/4460-12-0x00007FF758AC0000-0x00007FF758E14000-memory.dmp

Filesize
3.3MB

Download
memory/4460-1165-0x00007FF758AC0000-0x00007FF758E14000-memory.dmp

Filesize
3.3MB

Download
memory/4464-1626-0x00007FF7678F0000-0x00007FF767C44000-memory.dmp

Filesize
3.3MB

Download
memory/4464-932-0x00007FF7678F0000-0x00007FF767C44000-memory.dmp

Filesize
3.3MB

Download
memory/4548-1309-0x00007FF7296B0000-0x00007FF729A04000-memory.dmp

Filesize
3.3MB

Download
memory/4548-886-0x00007FF7296B0000-0x00007FF729A04000-memory.dmp

Filesize
3.3MB

Download
memory/4548-1597-0x00007FF7296B0000-0x00007FF729A04000-memory.dmp

Filesize
3.3MB

Download
memory/4936-1634-0x00007FF6F4640000-0x00007FF6F4994000-memory.dmp

Filesize
3.3MB

Download
memory/4936-909-0x00007FF6F4640000-0x00007FF6F4994000-memory.dmp

Filesize
3.3MB

Download
memory/4980-1616-0x00007FF6B8380000-0x00007FF6B86D4000-memory.dmp

Filesize
3.3MB

Download
memory/4980-907-0x00007FF6B8380000-0x00007FF6B86D4000-memory.dmp

Filesize
3.3MB

Download