cobaltstrike | 0607a0e647b74c01fabb75d42ebe7974755b92671e318d621a1f193aa40e62f0

Analysis

max time kernel
135s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2024 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

82019f3ec039dc50afda9f8e79593cef
SHA1

070b8380f16f4cb62fc00805d2f79d1d64fd2df0
SHA256

0607a0e647b74c01fabb75d42ebe7974755b92671e318d621a1f193aa40e62f0
SHA512

6736fc595f21bf4abd915523b2c0e0b2c4d04e1f7680c150dc6878c7f474295dcd3269fdb30bb705dd87693b8712ae808f04b35012e8c8b6aae94d46b8f3f11c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0009000000023c8b-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c99-13.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9a-17.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9b-21.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9d-31.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9c-37.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9e-43.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9f-47.dat	cobalt_reflective_dll
behavioral2/files/0x0002000000022efc-52.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023b5a-58.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000023b5c-63.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000023b5d-76.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023b56-84.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca2-104.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca1-95.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023c8c-90.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-115.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca7-128.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caa-153.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cab-162.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca9-146.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca8-144.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca5-135.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca6-134.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca3-110.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cad-173.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-184.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-189.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cac-169.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-195.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb2-199.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-205.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4808-0-0x00007FF7996C0000-0x00007FF799A14000-memory.dmp	xmrig
behavioral2/files/0x0009000000023c8b-4.dat	xmrig
behavioral2/memory/1816-7-0x00007FF6F01D0000-0x00007FF6F0524000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c99-13.dat	xmrig
behavioral2/files/0x0007000000023c9a-17.dat	xmrig
behavioral2/files/0x0007000000023c9b-21.dat	xmrig
behavioral2/memory/2512-20-0x00007FF7164F0000-0x00007FF716844000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9d-31.dat	xmrig
behavioral2/files/0x0007000000023c9c-37.dat	xmrig
behavioral2/files/0x0007000000023c9e-43.dat	xmrig
behavioral2/memory/2612-42-0x00007FF6FD950000-0x00007FF6FDCA4000-memory.dmp	xmrig
behavioral2/memory/2752-39-0x00007FF633B90000-0x00007FF633EE4000-memory.dmp	xmrig
behavioral2/memory/4848-35-0x00007FF71B7F0000-0x00007FF71BB44000-memory.dmp	xmrig
behavioral2/memory/1796-32-0x00007FF76C060000-0x00007FF76C3B4000-memory.dmp	xmrig
behavioral2/memory/3068-12-0x00007FF679200000-0x00007FF679554000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9f-47.dat	xmrig
behavioral2/files/0x0002000000022efc-52.dat	xmrig
behavioral2/files/0x000c000000023b5a-58.dat	xmrig
behavioral2/files/0x000d000000023b5c-63.dat	xmrig
behavioral2/memory/3980-65-0x00007FF6D4F20000-0x00007FF6D5274000-memory.dmp	xmrig
behavioral2/memory/4808-64-0x00007FF7996C0000-0x00007FF799A14000-memory.dmp	xmrig
behavioral2/memory/3396-62-0x00007FF6FADD0000-0x00007FF6FB124000-memory.dmp	xmrig
behavioral2/memory/3020-53-0x00007FF745A80000-0x00007FF745DD4000-memory.dmp	xmrig
behavioral2/memory/2892-48-0x00007FF63A1C0000-0x00007FF63A514000-memory.dmp	xmrig
behavioral2/memory/1816-70-0x00007FF6F01D0000-0x00007FF6F0524000-memory.dmp	xmrig
behavioral2/memory/3068-74-0x00007FF679200000-0x00007FF679554000-memory.dmp	xmrig
behavioral2/files/0x000d000000023b5d-76.dat	xmrig
behavioral2/memory/828-75-0x00007FF63A5D0000-0x00007FF63A924000-memory.dmp	xmrig
behavioral2/files/0x000e000000023b56-84.dat	xmrig
behavioral2/memory/2204-86-0x00007FF7DDE60000-0x00007FF7DE1B4000-memory.dmp	xmrig
behavioral2/memory/4848-80-0x00007FF71B7F0000-0x00007FF71BB44000-memory.dmp	xmrig
behavioral2/memory/1796-79-0x00007FF76C060000-0x00007FF76C3B4000-memory.dmp	xmrig
behavioral2/memory/2512-78-0x00007FF7164F0000-0x00007FF716844000-memory.dmp	xmrig
behavioral2/memory/2612-92-0x00007FF6FD950000-0x00007FF6FDCA4000-memory.dmp	xmrig
behavioral2/memory/4400-97-0x00007FF6C1710000-0x00007FF6C1A64000-memory.dmp	xmrig
behavioral2/memory/4364-96-0x00007FF7D6F80000-0x00007FF7D72D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca2-104.dat	xmrig
behavioral2/memory/692-106-0x00007FF65F9B0000-0x00007FF65FD04000-memory.dmp	xmrig
behavioral2/memory/2892-103-0x00007FF63A1C0000-0x00007FF63A514000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca1-95.dat	xmrig
behavioral2/files/0x0009000000023c8c-90.dat	xmrig
behavioral2/files/0x0007000000023ca4-115.dat	xmrig
behavioral2/memory/2456-120-0x00007FF769450000-0x00007FF7697A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca7-128.dat	xmrig
behavioral2/memory/3396-129-0x00007FF6FADD0000-0x00007FF6FB124000-memory.dmp	xmrig
behavioral2/memory/928-131-0x00007FF7A8D20000-0x00007FF7A9074000-memory.dmp	xmrig
behavioral2/files/0x0007000000023caa-153.dat	xmrig
behavioral2/memory/384-158-0x00007FF621A10000-0x00007FF621D64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cab-162.dat	xmrig
behavioral2/memory/1184-159-0x00007FF739730000-0x00007FF739A84000-memory.dmp	xmrig
behavioral2/memory/2596-157-0x00007FF702950000-0x00007FF702CA4000-memory.dmp	xmrig
behavioral2/memory/1944-156-0x00007FF724160000-0x00007FF7244B4000-memory.dmp	xmrig
behavioral2/memory/3980-155-0x00007FF6D4F20000-0x00007FF6D5274000-memory.dmp	xmrig
behavioral2/memory/796-152-0x00007FF6FF890000-0x00007FF6FFBE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca9-146.dat	xmrig
behavioral2/files/0x0007000000023ca8-144.dat	xmrig
behavioral2/files/0x0007000000023ca5-135.dat	xmrig
behavioral2/files/0x0007000000023ca6-134.dat	xmrig
behavioral2/memory/4336-126-0x00007FF63E470000-0x00007FF63E7C4000-memory.dmp	xmrig
behavioral2/memory/3976-122-0x00007FF709510000-0x00007FF709864000-memory.dmp	xmrig
behavioral2/memory/3020-117-0x00007FF745A80000-0x00007FF745DD4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca3-110.dat	xmrig
behavioral2/files/0x0007000000023cad-173.dat	xmrig
behavioral2/files/0x0007000000023caf-184.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1816	GQMtLGr.exe
3068	PRVmUbm.exe
2512	UwvntAy.exe
1796	DQbORNm.exe
2752	NfefQyR.exe
4848	KVJFekj.exe
2612	ROhpZjz.exe
2892	HtygFVf.exe
3020	SCeHmun.exe
3396	TIUoFVn.exe
3980	EPqVmQe.exe
828	daMGNFr.exe
2204	ZBpXcxa.exe
4364	VSWAtJy.exe
4400	vwPywnL.exe
692	aQjVYal.exe
2456	ghEaLpO.exe
3976	nreEOIj.exe
928	UjSxIph.exe
4336	RLeSuPj.exe
796	HErnXMZ.exe
1184	YGFqXVv.exe
1944	qWunMUz.exe
2596	HBVWwxs.exe
384	rZNlzsB.exe
4268	LWRwNqk.exe
3972	RGpDQTU.exe
3284	cKgAOHg.exe
2412	jtWqodB.exe
4780	CAMTqSr.exe
2376	ivwLuCD.exe
5064	XgWDwmh.exe
920	ZnkaGTz.exe
4044	idBAwwR.exe
4756	HQGEWgV.exe
2584	bhjkRMh.exe
3388	yIyEndb.exe
2988	oPdqJXw.exe
3696	HWGSsnN.exe
1064	EIomLwU.exe
8	IOdZHaF.exe
4392	MrylwvN.exe
4232	QVPaUHR.exe
876	kNfPxhZ.exe
3280	ecfwHFq.exe
548	KQBsCvR.exe
1544	TsdZjDt.exe
4292	pCUIlrU.exe
836	ZQWgQIy.exe
3452	wJzdpup.exe
4752	ohSNBjQ.exe
376	LevRRov.exe
5068	GQnFtuF.exe
4316	nQTVghJ.exe
4296	eyNXxgf.exe
988	fVsXGax.exe
4252	WrMkAxi.exe
4136	liKYKlE.exe
3444	ChRzVpd.exe
3804	anLZrll.exe
1128	iNdSfqZ.exe
2552	kVwCtoj.exe
3556	roHLXHC.exe
4368	XFsyYRP.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4808-0-0x00007FF7996C0000-0x00007FF799A14000-memory.dmp	upx
behavioral2/files/0x0009000000023c8b-4.dat	upx
behavioral2/memory/1816-7-0x00007FF6F01D0000-0x00007FF6F0524000-memory.dmp	upx
behavioral2/files/0x0007000000023c99-13.dat	upx
behavioral2/files/0x0007000000023c9a-17.dat	upx
behavioral2/files/0x0007000000023c9b-21.dat	upx
behavioral2/memory/2512-20-0x00007FF7164F0000-0x00007FF716844000-memory.dmp	upx
behavioral2/files/0x0007000000023c9d-31.dat	upx
behavioral2/files/0x0007000000023c9c-37.dat	upx
behavioral2/files/0x0007000000023c9e-43.dat	upx
behavioral2/memory/2612-42-0x00007FF6FD950000-0x00007FF6FDCA4000-memory.dmp	upx
behavioral2/memory/2752-39-0x00007FF633B90000-0x00007FF633EE4000-memory.dmp	upx
behavioral2/memory/4848-35-0x00007FF71B7F0000-0x00007FF71BB44000-memory.dmp	upx
behavioral2/memory/1796-32-0x00007FF76C060000-0x00007FF76C3B4000-memory.dmp	upx
behavioral2/memory/3068-12-0x00007FF679200000-0x00007FF679554000-memory.dmp	upx
behavioral2/files/0x0007000000023c9f-47.dat	upx
behavioral2/files/0x0002000000022efc-52.dat	upx
behavioral2/files/0x000c000000023b5a-58.dat	upx
behavioral2/files/0x000d000000023b5c-63.dat	upx
behavioral2/memory/3980-65-0x00007FF6D4F20000-0x00007FF6D5274000-memory.dmp	upx
behavioral2/memory/4808-64-0x00007FF7996C0000-0x00007FF799A14000-memory.dmp	upx
behavioral2/memory/3396-62-0x00007FF6FADD0000-0x00007FF6FB124000-memory.dmp	upx
behavioral2/memory/3020-53-0x00007FF745A80000-0x00007FF745DD4000-memory.dmp	upx
behavioral2/memory/2892-48-0x00007FF63A1C0000-0x00007FF63A514000-memory.dmp	upx
behavioral2/memory/1816-70-0x00007FF6F01D0000-0x00007FF6F0524000-memory.dmp	upx
behavioral2/memory/3068-74-0x00007FF679200000-0x00007FF679554000-memory.dmp	upx
behavioral2/files/0x000d000000023b5d-76.dat	upx
behavioral2/memory/828-75-0x00007FF63A5D0000-0x00007FF63A924000-memory.dmp	upx
behavioral2/files/0x000e000000023b56-84.dat	upx
behavioral2/memory/2204-86-0x00007FF7DDE60000-0x00007FF7DE1B4000-memory.dmp	upx
behavioral2/memory/4848-80-0x00007FF71B7F0000-0x00007FF71BB44000-memory.dmp	upx
behavioral2/memory/1796-79-0x00007FF76C060000-0x00007FF76C3B4000-memory.dmp	upx
behavioral2/memory/2512-78-0x00007FF7164F0000-0x00007FF716844000-memory.dmp	upx
behavioral2/memory/2612-92-0x00007FF6FD950000-0x00007FF6FDCA4000-memory.dmp	upx
behavioral2/memory/4400-97-0x00007FF6C1710000-0x00007FF6C1A64000-memory.dmp	upx
behavioral2/memory/4364-96-0x00007FF7D6F80000-0x00007FF7D72D4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca2-104.dat	upx
behavioral2/memory/692-106-0x00007FF65F9B0000-0x00007FF65FD04000-memory.dmp	upx
behavioral2/memory/2892-103-0x00007FF63A1C0000-0x00007FF63A514000-memory.dmp	upx
behavioral2/files/0x0007000000023ca1-95.dat	upx
behavioral2/files/0x0009000000023c8c-90.dat	upx
behavioral2/files/0x0007000000023ca4-115.dat	upx
behavioral2/memory/2456-120-0x00007FF769450000-0x00007FF7697A4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca7-128.dat	upx
behavioral2/memory/3396-129-0x00007FF6FADD0000-0x00007FF6FB124000-memory.dmp	upx
behavioral2/memory/928-131-0x00007FF7A8D20000-0x00007FF7A9074000-memory.dmp	upx
behavioral2/files/0x0007000000023caa-153.dat	upx
behavioral2/memory/384-158-0x00007FF621A10000-0x00007FF621D64000-memory.dmp	upx
behavioral2/files/0x0007000000023cab-162.dat	upx
behavioral2/memory/1184-159-0x00007FF739730000-0x00007FF739A84000-memory.dmp	upx
behavioral2/memory/2596-157-0x00007FF702950000-0x00007FF702CA4000-memory.dmp	upx
behavioral2/memory/1944-156-0x00007FF724160000-0x00007FF7244B4000-memory.dmp	upx
behavioral2/memory/3980-155-0x00007FF6D4F20000-0x00007FF6D5274000-memory.dmp	upx
behavioral2/memory/796-152-0x00007FF6FF890000-0x00007FF6FFBE4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca9-146.dat	upx
behavioral2/files/0x0007000000023ca8-144.dat	upx
behavioral2/files/0x0007000000023ca5-135.dat	upx
behavioral2/files/0x0007000000023ca6-134.dat	upx
behavioral2/memory/4336-126-0x00007FF63E470000-0x00007FF63E7C4000-memory.dmp	upx
behavioral2/memory/3976-122-0x00007FF709510000-0x00007FF709864000-memory.dmp	upx
behavioral2/memory/3020-117-0x00007FF745A80000-0x00007FF745DD4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca3-110.dat	upx
behavioral2/files/0x0007000000023cad-173.dat	upx
behavioral2/files/0x0007000000023caf-184.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CeOlLzF.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nyXtmbQ.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DoREhYz.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSyHzqY.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihmzIyc.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mRoZghy.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdIzhKg.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWunMUz.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTAaCxj.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pOnHuCk.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SckJhBL.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHaADnw.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iqGZzNv.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ueVGTFW.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuFevDZ.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqbVstQ.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TzCNklc.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqpToDO.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nMcAHll.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMrquDu.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxiVXmm.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkTckQz.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPHHeOf.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tEPBUnn.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsoeRSn.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHgNMGf.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSTdUlS.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TtuvdFD.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxyAkpi.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsrqyVq.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtHWpdL.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmsCwsc.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwVWHCn.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQGEWgV.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZKatEGJ.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GuYmiVu.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqiBkLz.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TfIuHov.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ubvVgzI.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bccfrfe.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\spwAfyl.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpKiprj.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VIYmgur.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUfMDkl.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTMLQFJ.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJFIRnh.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQWMUfB.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvatZCM.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhSriCP.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AxWxGAw.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohSNBjQ.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CavBqoM.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GErlMXX.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTxnhTl.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMEHynm.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIKSzOu.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\avShQHw.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHPzPhj.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxLYEEW.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HGeFPST.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZkNTrb.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRkjwMr.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sByaCph.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmDNhkn.exe	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 1816	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4808 wrote to memory of 1816	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4808 wrote to memory of 3068	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4808 wrote to memory of 3068	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4808 wrote to memory of 2512	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4808 wrote to memory of 2512	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4808 wrote to memory of 1796	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4808 wrote to memory of 1796	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4808 wrote to memory of 2752	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4808 wrote to memory of 2752	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4808 wrote to memory of 4848	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4808 wrote to memory of 4848	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4808 wrote to memory of 2612	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4808 wrote to memory of 2612	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4808 wrote to memory of 2892	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4808 wrote to memory of 2892	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4808 wrote to memory of 3020	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4808 wrote to memory of 3020	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4808 wrote to memory of 3396	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4808 wrote to memory of 3396	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4808 wrote to memory of 3980	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4808 wrote to memory of 3980	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4808 wrote to memory of 828	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4808 wrote to memory of 828	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4808 wrote to memory of 2204	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4808 wrote to memory of 2204	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4808 wrote to memory of 4364	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4808 wrote to memory of 4364	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4808 wrote to memory of 4400	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4808 wrote to memory of 4400	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4808 wrote to memory of 692	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4808 wrote to memory of 692	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4808 wrote to memory of 2456	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4808 wrote to memory of 2456	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4808 wrote to memory of 3976	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4808 wrote to memory of 3976	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4808 wrote to memory of 928	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4808 wrote to memory of 928	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4808 wrote to memory of 4336	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4808 wrote to memory of 4336	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4808 wrote to memory of 796	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4808 wrote to memory of 796	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4808 wrote to memory of 1184	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4808 wrote to memory of 1184	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4808 wrote to memory of 1944	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4808 wrote to memory of 1944	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4808 wrote to memory of 2596	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4808 wrote to memory of 2596	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4808 wrote to memory of 384	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4808 wrote to memory of 384	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4808 wrote to memory of 4268	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4808 wrote to memory of 4268	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4808 wrote to memory of 3972	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 4808 wrote to memory of 3972	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 4808 wrote to memory of 3284	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 4808 wrote to memory of 3284	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 4808 wrote to memory of 2412	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 4808 wrote to memory of 2412	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 4808 wrote to memory of 4780	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 4808 wrote to memory of 4780	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 4808 wrote to memory of 2376	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	123
PID 4808 wrote to memory of 2376	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	123
PID 4808 wrote to memory of 5064	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	124
PID 4808 wrote to memory of 5064	4808	2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe	124

C:\Users\Admin\AppData\Local\Temp\2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-16_82019f3ec039dc50afda9f8e79593cef_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Windows\System\GQMtLGr.exe
  C:\Windows\System\GQMtLGr.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\PRVmUbm.exe
  C:\Windows\System\PRVmUbm.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\UwvntAy.exe
  C:\Windows\System\UwvntAy.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\DQbORNm.exe
  C:\Windows\System\DQbORNm.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\NfefQyR.exe
  C:\Windows\System\NfefQyR.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\KVJFekj.exe
  C:\Windows\System\KVJFekj.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\ROhpZjz.exe
  C:\Windows\System\ROhpZjz.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\HtygFVf.exe
  C:\Windows\System\HtygFVf.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\SCeHmun.exe
  C:\Windows\System\SCeHmun.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\TIUoFVn.exe
  C:\Windows\System\TIUoFVn.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\EPqVmQe.exe
  C:\Windows\System\EPqVmQe.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\daMGNFr.exe
  C:\Windows\System\daMGNFr.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\ZBpXcxa.exe
  C:\Windows\System\ZBpXcxa.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\VSWAtJy.exe
  C:\Windows\System\VSWAtJy.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\vwPywnL.exe
  C:\Windows\System\vwPywnL.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\aQjVYal.exe
  C:\Windows\System\aQjVYal.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\ghEaLpO.exe
  C:\Windows\System\ghEaLpO.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\nreEOIj.exe
  C:\Windows\System\nreEOIj.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\UjSxIph.exe
  C:\Windows\System\UjSxIph.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\RLeSuPj.exe
  C:\Windows\System\RLeSuPj.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\HErnXMZ.exe
  C:\Windows\System\HErnXMZ.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\YGFqXVv.exe
  C:\Windows\System\YGFqXVv.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\qWunMUz.exe
  C:\Windows\System\qWunMUz.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\HBVWwxs.exe
  C:\Windows\System\HBVWwxs.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\rZNlzsB.exe
  C:\Windows\System\rZNlzsB.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\LWRwNqk.exe
  C:\Windows\System\LWRwNqk.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\RGpDQTU.exe
  C:\Windows\System\RGpDQTU.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\cKgAOHg.exe
  C:\Windows\System\cKgAOHg.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\jtWqodB.exe
  C:\Windows\System\jtWqodB.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\CAMTqSr.exe
  C:\Windows\System\CAMTqSr.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\ivwLuCD.exe
  C:\Windows\System\ivwLuCD.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\XgWDwmh.exe
  C:\Windows\System\XgWDwmh.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\ZnkaGTz.exe
  C:\Windows\System\ZnkaGTz.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\idBAwwR.exe
  C:\Windows\System\idBAwwR.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\HQGEWgV.exe
  C:\Windows\System\HQGEWgV.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\bhjkRMh.exe
  C:\Windows\System\bhjkRMh.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\yIyEndb.exe
  C:\Windows\System\yIyEndb.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\oPdqJXw.exe
  C:\Windows\System\oPdqJXw.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\HWGSsnN.exe
  C:\Windows\System\HWGSsnN.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\EIomLwU.exe
  C:\Windows\System\EIomLwU.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\IOdZHaF.exe
  C:\Windows\System\IOdZHaF.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\MrylwvN.exe
  C:\Windows\System\MrylwvN.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\QVPaUHR.exe
  C:\Windows\System\QVPaUHR.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\kNfPxhZ.exe
  C:\Windows\System\kNfPxhZ.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\ecfwHFq.exe
  C:\Windows\System\ecfwHFq.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\KQBsCvR.exe
  C:\Windows\System\KQBsCvR.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\TsdZjDt.exe
  C:\Windows\System\TsdZjDt.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\pCUIlrU.exe
  C:\Windows\System\pCUIlrU.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\ZQWgQIy.exe
  C:\Windows\System\ZQWgQIy.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\wJzdpup.exe
  C:\Windows\System\wJzdpup.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\ohSNBjQ.exe
  C:\Windows\System\ohSNBjQ.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\LevRRov.exe
  C:\Windows\System\LevRRov.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\GQnFtuF.exe
  C:\Windows\System\GQnFtuF.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\nQTVghJ.exe
  C:\Windows\System\nQTVghJ.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\eyNXxgf.exe
  C:\Windows\System\eyNXxgf.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\fVsXGax.exe
  C:\Windows\System\fVsXGax.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\WrMkAxi.exe
  C:\Windows\System\WrMkAxi.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\liKYKlE.exe
  C:\Windows\System\liKYKlE.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\ChRzVpd.exe
  C:\Windows\System\ChRzVpd.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\anLZrll.exe
  C:\Windows\System\anLZrll.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\iNdSfqZ.exe
  C:\Windows\System\iNdSfqZ.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\kVwCtoj.exe
  C:\Windows\System\kVwCtoj.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\roHLXHC.exe
  C:\Windows\System\roHLXHC.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\XFsyYRP.exe
  C:\Windows\System\XFsyYRP.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\skYqCsd.exe
  C:\Windows\System\skYqCsd.exe
  2⤵
  PID:4820
- C:\Windows\System\iVzpspc.exe
  C:\Windows\System\iVzpspc.exe
  2⤵
  PID:2300
- C:\Windows\System\hDbfEEM.exe
  C:\Windows\System\hDbfEEM.exe
  2⤵
  PID:2560
- C:\Windows\System\HyakGuR.exe
  C:\Windows\System\HyakGuR.exe
  2⤵
  PID:2820
- C:\Windows\System\IkIyJoH.exe
  C:\Windows\System\IkIyJoH.exe
  2⤵
  PID:1420
- C:\Windows\System\FXVGyRD.exe
  C:\Windows\System\FXVGyRD.exe
  2⤵
  PID:4964
- C:\Windows\System\LoyrjZR.exe
  C:\Windows\System\LoyrjZR.exe
  2⤵
  PID:3004
- C:\Windows\System\NwmJkCo.exe
  C:\Windows\System\NwmJkCo.exe
  2⤵
  PID:1072
- C:\Windows\System\XXYSCCu.exe
  C:\Windows\System\XXYSCCu.exe
  2⤵
  PID:1580
- C:\Windows\System\nyTFrdZ.exe
  C:\Windows\System\nyTFrdZ.exe
  2⤵
  PID:2996
- C:\Windows\System\hNusyqb.exe
  C:\Windows\System\hNusyqb.exe
  2⤵
  PID:3276
- C:\Windows\System\RGEkXtP.exe
  C:\Windows\System\RGEkXtP.exe
  2⤵
  PID:5128
- C:\Windows\System\Avioihj.exe
  C:\Windows\System\Avioihj.exe
  2⤵
  PID:5148
- C:\Windows\System\LRDblKn.exe
  C:\Windows\System\LRDblKn.exe
  2⤵
  PID:5180
- C:\Windows\System\jZUJJgk.exe
  C:\Windows\System\jZUJJgk.exe
  2⤵
  PID:5228
- C:\Windows\System\zMtWboM.exe
  C:\Windows\System\zMtWboM.exe
  2⤵
  PID:5248
- C:\Windows\System\fJBSsUP.exe
  C:\Windows\System\fJBSsUP.exe
  2⤵
  PID:5288
- C:\Windows\System\NEPHHfG.exe
  C:\Windows\System\NEPHHfG.exe
  2⤵
  PID:5304
- C:\Windows\System\qwmrREK.exe
  C:\Windows\System\qwmrREK.exe
  2⤵
  PID:5340
- C:\Windows\System\zOaRkjL.exe
  C:\Windows\System\zOaRkjL.exe
  2⤵
  PID:5360
- C:\Windows\System\skTqxSL.exe
  C:\Windows\System\skTqxSL.exe
  2⤵
  PID:5376
- C:\Windows\System\wgxjBGO.exe
  C:\Windows\System\wgxjBGO.exe
  2⤵
  PID:5416
- C:\Windows\System\OVceBwR.exe
  C:\Windows\System\OVceBwR.exe
  2⤵
  PID:5456
- C:\Windows\System\IZIvkvf.exe
  C:\Windows\System\IZIvkvf.exe
  2⤵
  PID:5492
- C:\Windows\System\KHRsWlA.exe
  C:\Windows\System\KHRsWlA.exe
  2⤵
  PID:5524
- C:\Windows\System\vhbVxHk.exe
  C:\Windows\System\vhbVxHk.exe
  2⤵
  PID:5540
- C:\Windows\System\qJsvCon.exe
  C:\Windows\System\qJsvCon.exe
  2⤵
  PID:5584
- C:\Windows\System\sHKmLQo.exe
  C:\Windows\System\sHKmLQo.exe
  2⤵
  PID:5612
- C:\Windows\System\dHPzPhj.exe
  C:\Windows\System\dHPzPhj.exe
  2⤵
  PID:5636
- C:\Windows\System\hjqCVhg.exe
  C:\Windows\System\hjqCVhg.exe
  2⤵
  PID:5660
- C:\Windows\System\uwuJywn.exe
  C:\Windows\System\uwuJywn.exe
  2⤵
  PID:5696
- C:\Windows\System\pouLvPo.exe
  C:\Windows\System\pouLvPo.exe
  2⤵
  PID:5712
- C:\Windows\System\SwcHIAU.exe
  C:\Windows\System\SwcHIAU.exe
  2⤵
  PID:5748
- C:\Windows\System\YBDZcmz.exe
  C:\Windows\System\YBDZcmz.exe
  2⤵
  PID:5780
- C:\Windows\System\QydKNEb.exe
  C:\Windows\System\QydKNEb.exe
  2⤵
  PID:5804
- C:\Windows\System\atQGlII.exe
  C:\Windows\System\atQGlII.exe
  2⤵
  PID:5836
- C:\Windows\System\bGGrupr.exe
  C:\Windows\System\bGGrupr.exe
  2⤵
  PID:5860
- C:\Windows\System\iLEMFbA.exe
  C:\Windows\System\iLEMFbA.exe
  2⤵
  PID:5888
- C:\Windows\System\SoQyOaR.exe
  C:\Windows\System\SoQyOaR.exe
  2⤵
  PID:5916
- C:\Windows\System\pKnVyxu.exe
  C:\Windows\System\pKnVyxu.exe
  2⤵
  PID:5948
- C:\Windows\System\ifguwKJ.exe
  C:\Windows\System\ifguwKJ.exe
  2⤵
  PID:5972
- C:\Windows\System\FxLYEEW.exe
  C:\Windows\System\FxLYEEW.exe
  2⤵
  PID:6004
- C:\Windows\System\PTpkSbd.exe
  C:\Windows\System\PTpkSbd.exe
  2⤵
  PID:6032
- C:\Windows\System\LxzHUeT.exe
  C:\Windows\System\LxzHUeT.exe
  2⤵
  PID:6060
- C:\Windows\System\XNwaVEY.exe
  C:\Windows\System\XNwaVEY.exe
  2⤵
  PID:6088
- C:\Windows\System\kpyBfNU.exe
  C:\Windows\System\kpyBfNU.exe
  2⤵
  PID:6116
- C:\Windows\System\pDxYeui.exe
  C:\Windows\System\pDxYeui.exe
  2⤵
  PID:1424
- C:\Windows\System\HbBpOSy.exe
  C:\Windows\System\HbBpOSy.exe
  2⤵
  PID:5188
- C:\Windows\System\lSFYcFz.exe
  C:\Windows\System\lSFYcFz.exe
  2⤵
  PID:5260
- C:\Windows\System\BprCyZF.exe
  C:\Windows\System\BprCyZF.exe
  2⤵
  PID:5324
- C:\Windows\System\oxiVXmm.exe
  C:\Windows\System\oxiVXmm.exe
  2⤵
  PID:5368
- C:\Windows\System\fTfdePP.exe
  C:\Windows\System\fTfdePP.exe
  2⤵
  PID:5436
- C:\Windows\System\wNNKRuu.exe
  C:\Windows\System\wNNKRuu.exe
  2⤵
  PID:5080
- C:\Windows\System\pMmRGBP.exe
  C:\Windows\System\pMmRGBP.exe
  2⤵
  PID:5560
- C:\Windows\System\itMgnci.exe
  C:\Windows\System\itMgnci.exe
  2⤵
  PID:5628
- C:\Windows\System\WgemCUR.exe
  C:\Windows\System\WgemCUR.exe
  2⤵
  PID:5668
- C:\Windows\System\RtVSUXi.exe
  C:\Windows\System\RtVSUXi.exe
  2⤵
  PID:1180
- C:\Windows\System\JeuQogD.exe
  C:\Windows\System\JeuQogD.exe
  2⤵
  PID:1172
- C:\Windows\System\QpKiprj.exe
  C:\Windows\System\QpKiprj.exe
  2⤵
  PID:5740
- C:\Windows\System\ajRtuga.exe
  C:\Windows\System\ajRtuga.exe
  2⤵
  PID:5812
- C:\Windows\System\bbhgazL.exe
  C:\Windows\System\bbhgazL.exe
  2⤵
  PID:4636
- C:\Windows\System\ogLnKDp.exe
  C:\Windows\System\ogLnKDp.exe
  2⤵
  PID:5924
- C:\Windows\System\dnTNpQC.exe
  C:\Windows\System\dnTNpQC.exe
  2⤵
  PID:5960
- C:\Windows\System\SlCKxYh.exe
  C:\Windows\System\SlCKxYh.exe
  2⤵
  PID:6012
- C:\Windows\System\ukyPrQm.exe
  C:\Windows\System\ukyPrQm.exe
  2⤵
  PID:2236
- C:\Windows\System\jYIgsij.exe
  C:\Windows\System\jYIgsij.exe
  2⤵
  PID:6124
- C:\Windows\System\goRjCDu.exe
  C:\Windows\System\goRjCDu.exe
  2⤵
  PID:5212
- C:\Windows\System\vvGjSVI.exe
  C:\Windows\System\vvGjSVI.exe
  2⤵
  PID:5396
- C:\Windows\System\iiNpbKu.exe
  C:\Windows\System\iiNpbKu.exe
  2⤵
  PID:5488
- C:\Windows\System\hViwIon.exe
  C:\Windows\System\hViwIon.exe
  2⤵
  PID:1244
- C:\Windows\System\CKVamxe.exe
  C:\Windows\System\CKVamxe.exe
  2⤵
  PID:5676
- C:\Windows\System\pexNPur.exe
  C:\Windows\System\pexNPur.exe
  2⤵
  PID:5772
- C:\Windows\System\mfQxIKY.exe
  C:\Windows\System\mfQxIKY.exe
  2⤵
  PID:5928
- C:\Windows\System\xFBMeXE.exe
  C:\Windows\System\xFBMeXE.exe
  2⤵
  PID:6052
- C:\Windows\System\VsVGGMq.exe
  C:\Windows\System\VsVGGMq.exe
  2⤵
  PID:5236
- C:\Windows\System\UxdzzKK.exe
  C:\Windows\System\UxdzzKK.exe
  2⤵
  PID:5532
- C:\Windows\System\dnbLUYB.exe
  C:\Windows\System\dnbLUYB.exe
  2⤵
  PID:2344
- C:\Windows\System\yWNOgcT.exe
  C:\Windows\System\yWNOgcT.exe
  2⤵
  PID:2628
- C:\Windows\System\YmLwMbU.exe
  C:\Windows\System\YmLwMbU.exe
  2⤵
  PID:6112
- C:\Windows\System\FODvadQ.exe
  C:\Windows\System\FODvadQ.exe
  2⤵
  PID:2432
- C:\Windows\System\poTiAQe.exe
  C:\Windows\System\poTiAQe.exe
  2⤵
  PID:5348
- C:\Windows\System\kzLxktC.exe
  C:\Windows\System\kzLxktC.exe
  2⤵
  PID:6152
- C:\Windows\System\WLpYOmE.exe
  C:\Windows\System\WLpYOmE.exe
  2⤵
  PID:6180
- C:\Windows\System\dJYVoYW.exe
  C:\Windows\System\dJYVoYW.exe
  2⤵
  PID:6208
- C:\Windows\System\iGuvOsz.exe
  C:\Windows\System\iGuvOsz.exe
  2⤵
  PID:6236
- C:\Windows\System\kCXMmNp.exe
  C:\Windows\System\kCXMmNp.exe
  2⤵
  PID:6260
- C:\Windows\System\Gkcpchm.exe
  C:\Windows\System\Gkcpchm.exe
  2⤵
  PID:6288
- C:\Windows\System\ajavggf.exe
  C:\Windows\System\ajavggf.exe
  2⤵
  PID:6312
- C:\Windows\System\twKMvrG.exe
  C:\Windows\System\twKMvrG.exe
  2⤵
  PID:6348
- C:\Windows\System\sltBGUO.exe
  C:\Windows\System\sltBGUO.exe
  2⤵
  PID:6380
- C:\Windows\System\ZKrFRos.exe
  C:\Windows\System\ZKrFRos.exe
  2⤵
  PID:6404
- C:\Windows\System\QwsozPH.exe
  C:\Windows\System\QwsozPH.exe
  2⤵
  PID:6436
- C:\Windows\System\kbLWzOC.exe
  C:\Windows\System\kbLWzOC.exe
  2⤵
  PID:6464
- C:\Windows\System\lCRdztP.exe
  C:\Windows\System\lCRdztP.exe
  2⤵
  PID:6492
- C:\Windows\System\rdEMrzD.exe
  C:\Windows\System\rdEMrzD.exe
  2⤵
  PID:6520
- C:\Windows\System\VZWeGgx.exe
  C:\Windows\System\VZWeGgx.exe
  2⤵
  PID:6548
- C:\Windows\System\SGMFkzZ.exe
  C:\Windows\System\SGMFkzZ.exe
  2⤵
  PID:6576
- C:\Windows\System\sOvlkTu.exe
  C:\Windows\System\sOvlkTu.exe
  2⤵
  PID:6600
- C:\Windows\System\alTGDzC.exe
  C:\Windows\System\alTGDzC.exe
  2⤵
  PID:6632
- C:\Windows\System\YseBcuy.exe
  C:\Windows\System\YseBcuy.exe
  2⤵
  PID:6660
- C:\Windows\System\dFVkqJd.exe
  C:\Windows\System\dFVkqJd.exe
  2⤵
  PID:6688
- C:\Windows\System\jDvyacz.exe
  C:\Windows\System\jDvyacz.exe
  2⤵
  PID:6716
- C:\Windows\System\NifIDSI.exe
  C:\Windows\System\NifIDSI.exe
  2⤵
  PID:6748
- C:\Windows\System\kfSXZBa.exe
  C:\Windows\System\kfSXZBa.exe
  2⤵
  PID:6776
- C:\Windows\System\dnMszvx.exe
  C:\Windows\System\dnMszvx.exe
  2⤵
  PID:6804
- C:\Windows\System\MZajkIM.exe
  C:\Windows\System\MZajkIM.exe
  2⤵
  PID:6840
- C:\Windows\System\QTxxpnu.exe
  C:\Windows\System\QTxxpnu.exe
  2⤵
  PID:6892
- C:\Windows\System\zYdsacn.exe
  C:\Windows\System\zYdsacn.exe
  2⤵
  PID:6912
- C:\Windows\System\DElfHsO.exe
  C:\Windows\System\DElfHsO.exe
  2⤵
  PID:6968
- C:\Windows\System\vzpijgp.exe
  C:\Windows\System\vzpijgp.exe
  2⤵
  PID:7004
- C:\Windows\System\EmSAUku.exe
  C:\Windows\System\EmSAUku.exe
  2⤵
  PID:7032
- C:\Windows\System\SqYInht.exe
  C:\Windows\System\SqYInht.exe
  2⤵
  PID:7060
- C:\Windows\System\avSdvoS.exe
  C:\Windows\System\avSdvoS.exe
  2⤵
  PID:7092
- C:\Windows\System\veKeHXd.exe
  C:\Windows\System\veKeHXd.exe
  2⤵
  PID:7116
- C:\Windows\System\rzZjwgk.exe
  C:\Windows\System\rzZjwgk.exe
  2⤵
  PID:7148
- C:\Windows\System\nwTxlzG.exe
  C:\Windows\System\nwTxlzG.exe
  2⤵
  PID:6160
- C:\Windows\System\UrqCpSc.exe
  C:\Windows\System\UrqCpSc.exe
  2⤵
  PID:6232
- C:\Windows\System\LMySiXp.exe
  C:\Windows\System\LMySiXp.exe
  2⤵
  PID:6272
- C:\Windows\System\qcUxDeh.exe
  C:\Windows\System\qcUxDeh.exe
  2⤵
  PID:5684
- C:\Windows\System\gtfTTVR.exe
  C:\Windows\System\gtfTTVR.exe
  2⤵
  PID:6388
- C:\Windows\System\seqkPSi.exe
  C:\Windows\System\seqkPSi.exe
  2⤵
  PID:6488
- C:\Windows\System\cXdrGvb.exe
  C:\Windows\System\cXdrGvb.exe
  2⤵
  PID:6560
- C:\Windows\System\hzjjFlm.exe
  C:\Windows\System\hzjjFlm.exe
  2⤵
  PID:6616
- C:\Windows\System\icDCuTL.exe
  C:\Windows\System\icDCuTL.exe
  2⤵
  PID:6696
- C:\Windows\System\lWgcFTj.exe
  C:\Windows\System\lWgcFTj.exe
  2⤵
  PID:6756
- C:\Windows\System\cuvtFwa.exe
  C:\Windows\System\cuvtFwa.exe
  2⤵
  PID:6784
- C:\Windows\System\UxFwGZJ.exe
  C:\Windows\System\UxFwGZJ.exe
  2⤵
  PID:860
- C:\Windows\System\cPLECXk.exe
  C:\Windows\System\cPLECXk.exe
  2⤵
  PID:6884
- C:\Windows\System\VfNtSaK.exe
  C:\Windows\System\VfNtSaK.exe
  2⤵
  PID:6996
- C:\Windows\System\LzIVwAX.exe
  C:\Windows\System\LzIVwAX.exe
  2⤵
  PID:7072
- C:\Windows\System\NyflgWO.exe
  C:\Windows\System\NyflgWO.exe
  2⤵
  PID:7124
- C:\Windows\System\HIKSzOu.exe
  C:\Windows\System\HIKSzOu.exe
  2⤵
  PID:6168
- C:\Windows\System\pmeyUDj.exe
  C:\Windows\System\pmeyUDj.exe
  2⤵
  PID:6308
- C:\Windows\System\NXcmZka.exe
  C:\Windows\System\NXcmZka.exe
  2⤵
  PID:6452
- C:\Windows\System\VIYmgur.exe
  C:\Windows\System\VIYmgur.exe
  2⤵
  PID:6608
- C:\Windows\System\jBXsquz.exe
  C:\Windows\System\jBXsquz.exe
  2⤵
  PID:3548
- C:\Windows\System\YXdxoVt.exe
  C:\Windows\System\YXdxoVt.exe
  2⤵
  PID:6832
- C:\Windows\System\ZKatEGJ.exe
  C:\Windows\System\ZKatEGJ.exe
  2⤵
  PID:1700
- C:\Windows\System\XxXGCux.exe
  C:\Windows\System\XxXGCux.exe
  2⤵
  PID:7020
- C:\Windows\System\voLuRdl.exe
  C:\Windows\System\voLuRdl.exe
  2⤵
  PID:6268
- C:\Windows\System\IIghzbM.exe
  C:\Windows\System\IIghzbM.exe
  2⤵
  PID:6584
- C:\Windows\System\kMNCkhS.exe
  C:\Windows\System\kMNCkhS.exe
  2⤵
  PID:1684
- C:\Windows\System\VOWAMLc.exe
  C:\Windows\System\VOWAMLc.exe
  2⤵
  PID:6204
- C:\Windows\System\KqEZZJO.exe
  C:\Windows\System\KqEZZJO.exe
  2⤵
  PID:6300
- C:\Windows\System\vTSDhmF.exe
  C:\Windows\System\vTSDhmF.exe
  2⤵
  PID:3964
- C:\Windows\System\CTpORTL.exe
  C:\Windows\System\CTpORTL.exe
  2⤵
  PID:6984
- C:\Windows\System\sswcEIP.exe
  C:\Windows\System\sswcEIP.exe
  2⤵
  PID:7196
- C:\Windows\System\HgLROLt.exe
  C:\Windows\System\HgLROLt.exe
  2⤵
  PID:7228
- C:\Windows\System\zRESAlb.exe
  C:\Windows\System\zRESAlb.exe
  2⤵
  PID:7252
- C:\Windows\System\EQGJFKq.exe
  C:\Windows\System\EQGJFKq.exe
  2⤵
  PID:7272
- C:\Windows\System\OTRNdbv.exe
  C:\Windows\System\OTRNdbv.exe
  2⤵
  PID:7312
- C:\Windows\System\zyraJtY.exe
  C:\Windows\System\zyraJtY.exe
  2⤵
  PID:7340
- C:\Windows\System\VxMULLD.exe
  C:\Windows\System\VxMULLD.exe
  2⤵
  PID:7368
- C:\Windows\System\ADKnOcc.exe
  C:\Windows\System\ADKnOcc.exe
  2⤵
  PID:7384
- C:\Windows\System\rYRaLru.exe
  C:\Windows\System\rYRaLru.exe
  2⤵
  PID:7412
- C:\Windows\System\hwTYgct.exe
  C:\Windows\System\hwTYgct.exe
  2⤵
  PID:7428
- C:\Windows\System\qpWfGuD.exe
  C:\Windows\System\qpWfGuD.exe
  2⤵
  PID:7468
- C:\Windows\System\YMWxTuS.exe
  C:\Windows\System\YMWxTuS.exe
  2⤵
  PID:7532
- C:\Windows\System\gtIPCgB.exe
  C:\Windows\System\gtIPCgB.exe
  2⤵
  PID:7568
- C:\Windows\System\DoREhYz.exe
  C:\Windows\System\DoREhYz.exe
  2⤵
  PID:7604
- C:\Windows\System\yLhnezQ.exe
  C:\Windows\System\yLhnezQ.exe
  2⤵
  PID:7628
- C:\Windows\System\zkTckQz.exe
  C:\Windows\System\zkTckQz.exe
  2⤵
  PID:7660
- C:\Windows\System\GuYmiVu.exe
  C:\Windows\System\GuYmiVu.exe
  2⤵
  PID:7680
- C:\Windows\System\ivSlYFj.exe
  C:\Windows\System\ivSlYFj.exe
  2⤵
  PID:7708
- C:\Windows\System\CavBqoM.exe
  C:\Windows\System\CavBqoM.exe
  2⤵
  PID:7736
- C:\Windows\System\FGAMNzS.exe
  C:\Windows\System\FGAMNzS.exe
  2⤵
  PID:7768
- C:\Windows\System\IIoGVtO.exe
  C:\Windows\System\IIoGVtO.exe
  2⤵
  PID:7812
- C:\Windows\System\ZxIvtVG.exe
  C:\Windows\System\ZxIvtVG.exe
  2⤵
  PID:7832
- C:\Windows\System\rDJmQXY.exe
  C:\Windows\System\rDJmQXY.exe
  2⤵
  PID:7860
- C:\Windows\System\dbpQlUX.exe
  C:\Windows\System\dbpQlUX.exe
  2⤵
  PID:7888
- C:\Windows\System\jdhIjLk.exe
  C:\Windows\System\jdhIjLk.exe
  2⤵
  PID:7916
- C:\Windows\System\aHvttEb.exe
  C:\Windows\System\aHvttEb.exe
  2⤵
  PID:7944
- C:\Windows\System\JsESyHK.exe
  C:\Windows\System\JsESyHK.exe
  2⤵
  PID:7972
- C:\Windows\System\yYNYsNe.exe
  C:\Windows\System\yYNYsNe.exe
  2⤵
  PID:8000
- C:\Windows\System\XgoEMnt.exe
  C:\Windows\System\XgoEMnt.exe
  2⤵
  PID:8028
- C:\Windows\System\gOeqAjd.exe
  C:\Windows\System\gOeqAjd.exe
  2⤵
  PID:8056
- C:\Windows\System\GcEintU.exe
  C:\Windows\System\GcEintU.exe
  2⤵
  PID:8084
- C:\Windows\System\cxNsEFn.exe
  C:\Windows\System\cxNsEFn.exe
  2⤵
  PID:8112
- C:\Windows\System\snvIaRI.exe
  C:\Windows\System\snvIaRI.exe
  2⤵
  PID:8140
- C:\Windows\System\kdVyWNU.exe
  C:\Windows\System\kdVyWNU.exe
  2⤵
  PID:8168
- C:\Windows\System\ucqpMRP.exe
  C:\Windows\System\ucqpMRP.exe
  2⤵
  PID:7176
- C:\Windows\System\xwncYCX.exe
  C:\Windows\System\xwncYCX.exe
  2⤵
  PID:7236
- C:\Windows\System\SiunyBL.exe
  C:\Windows\System\SiunyBL.exe
  2⤵
  PID:7292
- C:\Windows\System\IvwLjRH.exe
  C:\Windows\System\IvwLjRH.exe
  2⤵
  PID:7336
- C:\Windows\System\LeRCguA.exe
  C:\Windows\System\LeRCguA.exe
  2⤵
  PID:4904
- C:\Windows\System\xGsRpNg.exe
  C:\Windows\System\xGsRpNg.exe
  2⤵
  PID:7440
- C:\Windows\System\rqyvWOb.exe
  C:\Windows\System\rqyvWOb.exe
  2⤵
  PID:4628
- C:\Windows\System\vTHUNNy.exe
  C:\Windows\System\vTHUNNy.exe
  2⤵
  PID:6856
- C:\Windows\System\uGTvRfQ.exe
  C:\Windows\System\uGTvRfQ.exe
  2⤵
  PID:4012
- C:\Windows\System\fYsbivH.exe
  C:\Windows\System\fYsbivH.exe
  2⤵
  PID:7592
- C:\Windows\System\TfvbEtn.exe
  C:\Windows\System\TfvbEtn.exe
  2⤵
  PID:7676
- C:\Windows\System\nHDVnFF.exe
  C:\Windows\System\nHDVnFF.exe
  2⤵
  PID:7720
- C:\Windows\System\rqtfrpN.exe
  C:\Windows\System\rqtfrpN.exe
  2⤵
  PID:7776
- C:\Windows\System\spXxhkw.exe
  C:\Windows\System\spXxhkw.exe
  2⤵
  PID:7856
- C:\Windows\System\xSnRztv.exe
  C:\Windows\System\xSnRztv.exe
  2⤵
  PID:7928
- C:\Windows\System\MxourAm.exe
  C:\Windows\System\MxourAm.exe
  2⤵
  PID:7992
- C:\Windows\System\DoChSUg.exe
  C:\Windows\System\DoChSUg.exe
  2⤵
  PID:8048
- C:\Windows\System\xAQtHaQ.exe
  C:\Windows\System\xAQtHaQ.exe
  2⤵
  PID:8124
- C:\Windows\System\QJRSYdO.exe
  C:\Windows\System\QJRSYdO.exe
  2⤵
  PID:8188
- C:\Windows\System\bOAyJGb.exe
  C:\Windows\System\bOAyJGb.exe
  2⤵
  PID:7284
- C:\Windows\System\KynqyhB.exe
  C:\Windows\System\KynqyhB.exe
  2⤵
  PID:4652
- C:\Windows\System\kYTmfIC.exe
  C:\Windows\System\kYTmfIC.exe
  2⤵
  PID:4124
- C:\Windows\System\nHQcDbC.exe
  C:\Windows\System\nHQcDbC.exe
  2⤵
  PID:3488
- C:\Windows\System\XDWWBGa.exe
  C:\Windows\System\XDWWBGa.exe
  2⤵
  PID:7704
- C:\Windows\System\JkjGJmY.exe
  C:\Windows\System\JkjGJmY.exe
  2⤵
  PID:7852
- C:\Windows\System\XxJObas.exe
  C:\Windows\System\XxJObas.exe
  2⤵
  PID:8020
- C:\Windows\System\KubgvpL.exe
  C:\Windows\System\KubgvpL.exe
  2⤵
  PID:8164
- C:\Windows\System\NbIHkmR.exe
  C:\Windows\System\NbIHkmR.exe
  2⤵
  PID:7364
- C:\Windows\System\mWuZdhn.exe
  C:\Windows\System\mWuZdhn.exe
  2⤵
  PID:7560
- C:\Windows\System\KtnCCBx.exe
  C:\Windows\System\KtnCCBx.exe
  2⤵
  PID:7824
- C:\Windows\System\QuteiZL.exe
  C:\Windows\System\QuteiZL.exe
  2⤵
  PID:8080
- C:\Windows\System\BHDCysC.exe
  C:\Windows\System\BHDCysC.exe
  2⤵
  PID:7672
- C:\Windows\System\vqCkKGl.exe
  C:\Windows\System\vqCkKGl.exe
  2⤵
  PID:7464
- C:\Windows\System\EJprCYD.exe
  C:\Windows\System\EJprCYD.exe
  2⤵
  PID:8196
- C:\Windows\System\CRHVpYq.exe
  C:\Windows\System\CRHVpYq.exe
  2⤵
  PID:8228
- C:\Windows\System\KLDPpVW.exe
  C:\Windows\System\KLDPpVW.exe
  2⤵
  PID:8256
- C:\Windows\System\UZDVlcL.exe
  C:\Windows\System\UZDVlcL.exe
  2⤵
  PID:8284
- C:\Windows\System\eruEzME.exe
  C:\Windows\System\eruEzME.exe
  2⤵
  PID:8312
- C:\Windows\System\eMSFJuB.exe
  C:\Windows\System\eMSFJuB.exe
  2⤵
  PID:8340
- C:\Windows\System\FXEcYue.exe
  C:\Windows\System\FXEcYue.exe
  2⤵
  PID:8368
- C:\Windows\System\VREcaNM.exe
  C:\Windows\System\VREcaNM.exe
  2⤵
  PID:8396
- C:\Windows\System\UmIyNdM.exe
  C:\Windows\System\UmIyNdM.exe
  2⤵
  PID:8416
- C:\Windows\System\xNlCbOn.exe
  C:\Windows\System\xNlCbOn.exe
  2⤵
  PID:8452
- C:\Windows\System\TxyAkpi.exe
  C:\Windows\System\TxyAkpi.exe
  2⤵
  PID:8480
- C:\Windows\System\XTAaCxj.exe
  C:\Windows\System\XTAaCxj.exe
  2⤵
  PID:8508
- C:\Windows\System\fBWhpFx.exe
  C:\Windows\System\fBWhpFx.exe
  2⤵
  PID:8536
- C:\Windows\System\dtsMlcL.exe
  C:\Windows\System\dtsMlcL.exe
  2⤵
  PID:8556
- C:\Windows\System\oRWhbKX.exe
  C:\Windows\System\oRWhbKX.exe
  2⤵
  PID:8584
- C:\Windows\System\cYpnSjI.exe
  C:\Windows\System\cYpnSjI.exe
  2⤵
  PID:8620
- C:\Windows\System\cluIfIr.exe
  C:\Windows\System\cluIfIr.exe
  2⤵
  PID:8636
- C:\Windows\System\vJBQWUv.exe
  C:\Windows\System\vJBQWUv.exe
  2⤵
  PID:8664
- C:\Windows\System\BQNFAQH.exe
  C:\Windows\System\BQNFAQH.exe
  2⤵
  PID:8704
- C:\Windows\System\NSUxPMh.exe
  C:\Windows\System\NSUxPMh.exe
  2⤵
  PID:8740
- C:\Windows\System\ZCDvRon.exe
  C:\Windows\System\ZCDvRon.exe
  2⤵
  PID:8760
- C:\Windows\System\gsoeRSn.exe
  C:\Windows\System\gsoeRSn.exe
  2⤵
  PID:8788
- C:\Windows\System\exTzayS.exe
  C:\Windows\System\exTzayS.exe
  2⤵
  PID:8816
- C:\Windows\System\OKjoxZv.exe
  C:\Windows\System\OKjoxZv.exe
  2⤵
  PID:8848
- C:\Windows\System\JNWDocB.exe
  C:\Windows\System\JNWDocB.exe
  2⤵
  PID:8876
- C:\Windows\System\CKjhSwE.exe
  C:\Windows\System\CKjhSwE.exe
  2⤵
  PID:8904
- C:\Windows\System\ookTtRm.exe
  C:\Windows\System\ookTtRm.exe
  2⤵
  PID:8932
- C:\Windows\System\LJKIOnq.exe
  C:\Windows\System\LJKIOnq.exe
  2⤵
  PID:8960
- C:\Windows\System\XuScmLe.exe
  C:\Windows\System\XuScmLe.exe
  2⤵
  PID:8988
- C:\Windows\System\nUUAXTw.exe
  C:\Windows\System\nUUAXTw.exe
  2⤵
  PID:9016
- C:\Windows\System\sNHrCdt.exe
  C:\Windows\System\sNHrCdt.exe
  2⤵
  PID:9044
- C:\Windows\System\qpVTIMQ.exe
  C:\Windows\System\qpVTIMQ.exe
  2⤵
  PID:9080
- C:\Windows\System\nvNnAXz.exe
  C:\Windows\System\nvNnAXz.exe
  2⤵
  PID:9100
- C:\Windows\System\eUsGCXk.exe
  C:\Windows\System\eUsGCXk.exe
  2⤵
  PID:9128
- C:\Windows\System\djQhzxR.exe
  C:\Windows\System\djQhzxR.exe
  2⤵
  PID:9156
- C:\Windows\System\XTpJSFW.exe
  C:\Windows\System\XTpJSFW.exe
  2⤵
  PID:9176
- C:\Windows\System\kLWhXif.exe
  C:\Windows\System\kLWhXif.exe
  2⤵
  PID:9212
- C:\Windows\System\wWBuSPs.exe
  C:\Windows\System\wWBuSPs.exe
  2⤵
  PID:8248
- C:\Windows\System\MToeWrN.exe
  C:\Windows\System\MToeWrN.exe
  2⤵
  PID:8304
- C:\Windows\System\gNQRBeC.exe
  C:\Windows\System\gNQRBeC.exe
  2⤵
  PID:8384
- C:\Windows\System\fmSGlzm.exe
  C:\Windows\System\fmSGlzm.exe
  2⤵
  PID:8444
- C:\Windows\System\ihmzIyc.exe
  C:\Windows\System\ihmzIyc.exe
  2⤵
  PID:8500
- C:\Windows\System\INKIwnu.exe
  C:\Windows\System\INKIwnu.exe
  2⤵
  PID:8564
- C:\Windows\System\CECiupX.exe
  C:\Windows\System\CECiupX.exe
  2⤵
  PID:8632
- C:\Windows\System\TEebxhC.exe
  C:\Windows\System\TEebxhC.exe
  2⤵
  PID:8716
- C:\Windows\System\SkbBmTd.exe
  C:\Windows\System\SkbBmTd.exe
  2⤵
  PID:8772
- C:\Windows\System\wJbSlUO.exe
  C:\Windows\System\wJbSlUO.exe
  2⤵
  PID:8808
- C:\Windows\System\KvsbgZL.exe
  C:\Windows\System\KvsbgZL.exe
  2⤵
  PID:8872
- C:\Windows\System\xxwFUeB.exe
  C:\Windows\System\xxwFUeB.exe
  2⤵
  PID:8944
- C:\Windows\System\AWHPqax.exe
  C:\Windows\System\AWHPqax.exe
  2⤵
  PID:9004
- C:\Windows\System\OQRaBdd.exe
  C:\Windows\System\OQRaBdd.exe
  2⤵
  PID:9068
- C:\Windows\System\EeuQHjt.exe
  C:\Windows\System\EeuQHjt.exe
  2⤵
  PID:9144
- C:\Windows\System\AcKJZFN.exe
  C:\Windows\System\AcKJZFN.exe
  2⤵
  PID:9192
- C:\Windows\System\ZrVKDIU.exe
  C:\Windows\System\ZrVKDIU.exe
  2⤵
  PID:8364
- C:\Windows\System\rBvOwUH.exe
  C:\Windows\System\rBvOwUH.exe
  2⤵
  PID:8436
- C:\Windows\System\IkZpwwO.exe
  C:\Windows\System\IkZpwwO.exe
  2⤵
  PID:8532
- C:\Windows\System\CFLDzeB.exe
  C:\Windows\System\CFLDzeB.exe
  2⤵
  PID:8696
- C:\Windows\System\TCpOQAV.exe
  C:\Windows\System\TCpOQAV.exe
  2⤵
  PID:8800
- C:\Windows\System\WOzHnWZ.exe
  C:\Windows\System\WOzHnWZ.exe
  2⤵
  PID:8972
- C:\Windows\System\ZYofPqY.exe
  C:\Windows\System\ZYofPqY.exe
  2⤵
  PID:9120
- C:\Windows\System\kQZsrCp.exe
  C:\Windows\System\kQZsrCp.exe
  2⤵
  PID:8360
- C:\Windows\System\mSyHzqY.exe
  C:\Windows\System\mSyHzqY.exe
  2⤵
  PID:8604
- C:\Windows\System\gBBoBaD.exe
  C:\Windows\System\gBBoBaD.exe
  2⤵
  PID:8920
- C:\Windows\System\YROBEKA.exe
  C:\Windows\System\YROBEKA.exe
  2⤵
  PID:8224
- C:\Windows\System\oOqeuQb.exe
  C:\Windows\System\oOqeuQb.exe
  2⤵
  PID:8784
- C:\Windows\System\OTiGmmo.exe
  C:\Windows\System\OTiGmmo.exe
  2⤵
  PID:8612
- C:\Windows\System\veGGiRF.exe
  C:\Windows\System\veGGiRF.exe
  2⤵
  PID:3380
- C:\Windows\System\LWYXAgy.exe
  C:\Windows\System\LWYXAgy.exe
  2⤵
  PID:9232
- C:\Windows\System\GVmkbYh.exe
  C:\Windows\System\GVmkbYh.exe
  2⤵
  PID:9260
- C:\Windows\System\QpeHwVN.exe
  C:\Windows\System\QpeHwVN.exe
  2⤵
  PID:9288
- C:\Windows\System\ObNwGmG.exe
  C:\Windows\System\ObNwGmG.exe
  2⤵
  PID:9316
- C:\Windows\System\LqxOxZL.exe
  C:\Windows\System\LqxOxZL.exe
  2⤵
  PID:9348
- C:\Windows\System\YsmXNeB.exe
  C:\Windows\System\YsmXNeB.exe
  2⤵
  PID:9376
- C:\Windows\System\uQzjvCT.exe
  C:\Windows\System\uQzjvCT.exe
  2⤵
  PID:9404
- C:\Windows\System\qPLKvwy.exe
  C:\Windows\System\qPLKvwy.exe
  2⤵
  PID:9432
- C:\Windows\System\wQkZoRZ.exe
  C:\Windows\System\wQkZoRZ.exe
  2⤵
  PID:9460
- C:\Windows\System\hGgUtdP.exe
  C:\Windows\System\hGgUtdP.exe
  2⤵
  PID:9488
- C:\Windows\System\qqDYfqe.exe
  C:\Windows\System\qqDYfqe.exe
  2⤵
  PID:9516
- C:\Windows\System\vbUCwhX.exe
  C:\Windows\System\vbUCwhX.exe
  2⤵
  PID:9544
- C:\Windows\System\lQpRWVt.exe
  C:\Windows\System\lQpRWVt.exe
  2⤵
  PID:9572
- C:\Windows\System\GAOgzak.exe
  C:\Windows\System\GAOgzak.exe
  2⤵
  PID:9600
- C:\Windows\System\eRvHFSM.exe
  C:\Windows\System\eRvHFSM.exe
  2⤵
  PID:9628
- C:\Windows\System\qxhvjvK.exe
  C:\Windows\System\qxhvjvK.exe
  2⤵
  PID:9656
- C:\Windows\System\cdYhFye.exe
  C:\Windows\System\cdYhFye.exe
  2⤵
  PID:9684
- C:\Windows\System\irkmGUU.exe
  C:\Windows\System\irkmGUU.exe
  2⤵
  PID:9712
- C:\Windows\System\bNaXAVL.exe
  C:\Windows\System\bNaXAVL.exe
  2⤵
  PID:9740
- C:\Windows\System\uAMOlJo.exe
  C:\Windows\System\uAMOlJo.exe
  2⤵
  PID:9768
- C:\Windows\System\omJhrfZ.exe
  C:\Windows\System\omJhrfZ.exe
  2⤵
  PID:9796
- C:\Windows\System\Yisyqcg.exe
  C:\Windows\System\Yisyqcg.exe
  2⤵
  PID:9824
- C:\Windows\System\BDraaeV.exe
  C:\Windows\System\BDraaeV.exe
  2⤵
  PID:9852
- C:\Windows\System\yoJiaLl.exe
  C:\Windows\System\yoJiaLl.exe
  2⤵
  PID:9880
- C:\Windows\System\wNifjbO.exe
  C:\Windows\System\wNifjbO.exe
  2⤵
  PID:9908
- C:\Windows\System\AoPMXwS.exe
  C:\Windows\System\AoPMXwS.exe
  2⤵
  PID:9936
- C:\Windows\System\EXgylMe.exe
  C:\Windows\System\EXgylMe.exe
  2⤵
  PID:9964
- C:\Windows\System\xNfNvmV.exe
  C:\Windows\System\xNfNvmV.exe
  2⤵
  PID:9992
- C:\Windows\System\odjjkmR.exe
  C:\Windows\System\odjjkmR.exe
  2⤵
  PID:10020
- C:\Windows\System\KpheGyq.exe
  C:\Windows\System\KpheGyq.exe
  2⤵
  PID:10048
- C:\Windows\System\mNwBpxk.exe
  C:\Windows\System\mNwBpxk.exe
  2⤵
  PID:10076
- C:\Windows\System\Nlvygpp.exe
  C:\Windows\System\Nlvygpp.exe
  2⤵
  PID:10104
- C:\Windows\System\GytBHRP.exe
  C:\Windows\System\GytBHRP.exe
  2⤵
  PID:10132
- C:\Windows\System\lNzoeUm.exe
  C:\Windows\System\lNzoeUm.exe
  2⤵
  PID:10160
- C:\Windows\System\SArHvIX.exe
  C:\Windows\System\SArHvIX.exe
  2⤵
  PID:10188
- C:\Windows\System\UCbNhAv.exe
  C:\Windows\System\UCbNhAv.exe
  2⤵
  PID:10220
- C:\Windows\System\VUlxglu.exe
  C:\Windows\System\VUlxglu.exe
  2⤵
  PID:9228
- C:\Windows\System\nntxqkV.exe
  C:\Windows\System\nntxqkV.exe
  2⤵
  PID:9300
- C:\Windows\System\FqHgbhQ.exe
  C:\Windows\System\FqHgbhQ.exe
  2⤵
  PID:9368
- C:\Windows\System\UsJmetd.exe
  C:\Windows\System\UsJmetd.exe
  2⤵
  PID:9428
- C:\Windows\System\huQCokh.exe
  C:\Windows\System\huQCokh.exe
  2⤵
  PID:9500
- C:\Windows\System\JQnEhNp.exe
  C:\Windows\System\JQnEhNp.exe
  2⤵
  PID:9564
- C:\Windows\System\qbOKhhk.exe
  C:\Windows\System\qbOKhhk.exe
  2⤵
  PID:9624
- C:\Windows\System\JkzcxmN.exe
  C:\Windows\System\JkzcxmN.exe
  2⤵
  PID:9696
- C:\Windows\System\koSkONW.exe
  C:\Windows\System\koSkONW.exe
  2⤵
  PID:9760
- C:\Windows\System\CeOlLzF.exe
  C:\Windows\System\CeOlLzF.exe
  2⤵
  PID:9820
- C:\Windows\System\TfqNewr.exe
  C:\Windows\System\TfqNewr.exe
  2⤵
  PID:9892
- C:\Windows\System\KgtEMvx.exe
  C:\Windows\System\KgtEMvx.exe
  2⤵
  PID:9956
- C:\Windows\System\DASaByP.exe
  C:\Windows\System\DASaByP.exe
  2⤵
  PID:10012
- C:\Windows\System\TqRWgzk.exe
  C:\Windows\System\TqRWgzk.exe
  2⤵
  PID:10088
- C:\Windows\System\FRwGAcz.exe
  C:\Windows\System\FRwGAcz.exe
  2⤵
  PID:10184
- C:\Windows\System\OncnMIy.exe
  C:\Windows\System\OncnMIy.exe
  2⤵
  PID:10216
- C:\Windows\System\ZTTjjqg.exe
  C:\Windows\System\ZTTjjqg.exe
  2⤵
  PID:9328
- C:\Windows\System\FaFweDx.exe
  C:\Windows\System\FaFweDx.exe
  2⤵
  PID:9480
- C:\Windows\System\MtIHDZy.exe
  C:\Windows\System\MtIHDZy.exe
  2⤵
  PID:9652
- C:\Windows\System\ViRafFi.exe
  C:\Windows\System\ViRafFi.exe
  2⤵
  PID:9816
- C:\Windows\System\gumOPlA.exe
  C:\Windows\System\gumOPlA.exe
  2⤵
  PID:9932
- C:\Windows\System\cJFIRnh.exe
  C:\Windows\System\cJFIRnh.exe
  2⤵
  PID:10040
- C:\Windows\System\OsdepPK.exe
  C:\Windows\System\OsdepPK.exe
  2⤵
  PID:1856
- C:\Windows\System\eWLaJuz.exe
  C:\Windows\System\eWLaJuz.exe
  2⤵
  PID:116
- C:\Windows\System\vxWZuLg.exe
  C:\Windows\System\vxWZuLg.exe
  2⤵
  PID:2672
- C:\Windows\System\gugNzFq.exe
  C:\Windows\System\gugNzFq.exe
  2⤵
  PID:4952
- C:\Windows\System\uUWcKdm.exe
  C:\Windows\System\uUWcKdm.exe
  2⤵
  PID:4576
- C:\Windows\System\WrZVCRN.exe
  C:\Windows\System\WrZVCRN.exe
  2⤵
  PID:1272
- C:\Windows\System\DhthKcs.exe
  C:\Windows\System\DhthKcs.exe
  2⤵
  PID:10004
- C:\Windows\System\gYceMbj.exe
  C:\Windows\System\gYceMbj.exe
  2⤵
  PID:2776
- C:\Windows\System\UMqQzza.exe
  C:\Windows\System\UMqQzza.exe
  2⤵
  PID:5100
- C:\Windows\System\HJUJWra.exe
  C:\Windows\System\HJUJWra.exe
  2⤵
  PID:4052
- C:\Windows\System\HVlgFLT.exe
  C:\Windows\System\HVlgFLT.exe
  2⤵
  PID:9284
- C:\Windows\System\wVSAUhF.exe
  C:\Windows\System\wVSAUhF.exe
  2⤵
  PID:1224
- C:\Windows\System\vHiAALD.exe
  C:\Windows\System\vHiAALD.exe
  2⤵
  PID:4236
- C:\Windows\System\iDPgDwT.exe
  C:\Windows\System\iDPgDwT.exe
  2⤵
  PID:10260
- C:\Windows\System\RfwJlyS.exe
  C:\Windows\System\RfwJlyS.exe
  2⤵
  PID:10308
- C:\Windows\System\qutTyxH.exe
  C:\Windows\System\qutTyxH.exe
  2⤵
  PID:10336
- C:\Windows\System\QgKTiDu.exe
  C:\Windows\System\QgKTiDu.exe
  2⤵
  PID:10352
- C:\Windows\System\lNCrjdx.exe
  C:\Windows\System\lNCrjdx.exe
  2⤵
  PID:10392
- C:\Windows\System\siwRCHD.exe
  C:\Windows\System\siwRCHD.exe
  2⤵
  PID:10420
- C:\Windows\System\wbmkVKQ.exe
  C:\Windows\System\wbmkVKQ.exe
  2⤵
  PID:10448
- C:\Windows\System\aeXnPpj.exe
  C:\Windows\System\aeXnPpj.exe
  2⤵
  PID:10476
- C:\Windows\System\OUUTLCi.exe
  C:\Windows\System\OUUTLCi.exe
  2⤵
  PID:10508
- C:\Windows\System\yYAFoev.exe
  C:\Windows\System\yYAFoev.exe
  2⤵
  PID:10536
- C:\Windows\System\OdxPTvy.exe
  C:\Windows\System\OdxPTvy.exe
  2⤵
  PID:10564
- C:\Windows\System\wTjSvjZ.exe
  C:\Windows\System\wTjSvjZ.exe
  2⤵
  PID:10592
- C:\Windows\System\lJqVTOR.exe
  C:\Windows\System\lJqVTOR.exe
  2⤵
  PID:10620
- C:\Windows\System\AjucGhQ.exe
  C:\Windows\System\AjucGhQ.exe
  2⤵
  PID:10648
- C:\Windows\System\niTatKW.exe
  C:\Windows\System\niTatKW.exe
  2⤵
  PID:10676
- C:\Windows\System\YUJBAeG.exe
  C:\Windows\System\YUJBAeG.exe
  2⤵
  PID:10704
- C:\Windows\System\ulJUYUI.exe
  C:\Windows\System\ulJUYUI.exe
  2⤵
  PID:10732
- C:\Windows\System\tpLGiBa.exe
  C:\Windows\System\tpLGiBa.exe
  2⤵
  PID:10760
- C:\Windows\System\MITWFAn.exe
  C:\Windows\System\MITWFAn.exe
  2⤵
  PID:10788
- C:\Windows\System\sLHvbcd.exe
  C:\Windows\System\sLHvbcd.exe
  2⤵
  PID:10816
- C:\Windows\System\VJwwbQQ.exe
  C:\Windows\System\VJwwbQQ.exe
  2⤵
  PID:10844
- C:\Windows\System\tKoWckT.exe
  C:\Windows\System\tKoWckT.exe
  2⤵
  PID:10872
- C:\Windows\System\YExlLWZ.exe
  C:\Windows\System\YExlLWZ.exe
  2⤵
  PID:10900
- C:\Windows\System\uHJNNGH.exe
  C:\Windows\System\uHJNNGH.exe
  2⤵
  PID:10928
- C:\Windows\System\wkIakty.exe
  C:\Windows\System\wkIakty.exe
  2⤵
  PID:10956
- C:\Windows\System\OSHyyij.exe
  C:\Windows\System\OSHyyij.exe
  2⤵
  PID:10984
- C:\Windows\System\MtHWpdL.exe
  C:\Windows\System\MtHWpdL.exe
  2⤵
  PID:11012
- C:\Windows\System\vUEDgQv.exe
  C:\Windows\System\vUEDgQv.exe
  2⤵
  PID:11040
- C:\Windows\System\NRGlaGo.exe
  C:\Windows\System\NRGlaGo.exe
  2⤵
  PID:11068
- C:\Windows\System\MGtsQsW.exe
  C:\Windows\System\MGtsQsW.exe
  2⤵
  PID:11096
- C:\Windows\System\PgipmYa.exe
  C:\Windows\System\PgipmYa.exe
  2⤵
  PID:11124
- C:\Windows\System\oLhtsNf.exe
  C:\Windows\System\oLhtsNf.exe
  2⤵
  PID:11152
- C:\Windows\System\lAWDDSt.exe
  C:\Windows\System\lAWDDSt.exe
  2⤵
  PID:11180
- C:\Windows\System\IoganAZ.exe
  C:\Windows\System\IoganAZ.exe
  2⤵
  PID:11208
- C:\Windows\System\xXgoKNu.exe
  C:\Windows\System\xXgoKNu.exe
  2⤵
  PID:11236
- C:\Windows\System\oYYDMac.exe
  C:\Windows\System\oYYDMac.exe
  2⤵
  PID:9680
- C:\Windows\System\VUsNLlD.exe
  C:\Windows\System\VUsNLlD.exe
  2⤵
  PID:10280
- C:\Windows\System\sOvQEhn.exe
  C:\Windows\System\sOvQEhn.exe
  2⤵
  PID:10332
- C:\Windows\System\KWhKYxI.exe
  C:\Windows\System\KWhKYxI.exe
  2⤵
  PID:10376
- C:\Windows\System\eLWrEEk.exe
  C:\Windows\System\eLWrEEk.exe
  2⤵
  PID:10440
- C:\Windows\System\pGHOIqN.exe
  C:\Windows\System\pGHOIqN.exe
  2⤵
  PID:10504
- C:\Windows\System\GXjEBLx.exe
  C:\Windows\System\GXjEBLx.exe
  2⤵
  PID:10576
- C:\Windows\System\HFPLPYl.exe
  C:\Windows\System\HFPLPYl.exe
  2⤵
  PID:10616
- C:\Windows\System\ksLMVEn.exe
  C:\Windows\System\ksLMVEn.exe
  2⤵
  PID:2924
- C:\Windows\System\idfhzml.exe
  C:\Windows\System\idfhzml.exe
  2⤵
  PID:10744
- C:\Windows\System\VrMsSsg.exe
  C:\Windows\System\VrMsSsg.exe
  2⤵
  PID:10808
- C:\Windows\System\MSFzjel.exe
  C:\Windows\System\MSFzjel.exe
  2⤵
  PID:10868
- C:\Windows\System\pAIGscS.exe
  C:\Windows\System\pAIGscS.exe
  2⤵
  PID:10940
- C:\Windows\System\ugvzioc.exe
  C:\Windows\System\ugvzioc.exe
  2⤵
  PID:11004
- C:\Windows\System\DAWSNSk.exe
  C:\Windows\System\DAWSNSk.exe
  2⤵
  PID:11064
- C:\Windows\System\mkgIOkH.exe
  C:\Windows\System\mkgIOkH.exe
  2⤵
  PID:11136
- C:\Windows\System\pToAjbq.exe
  C:\Windows\System\pToAjbq.exe
  2⤵
  PID:11192
- C:\Windows\System\BorFIEu.exe
  C:\Windows\System\BorFIEu.exe
  2⤵
  PID:11256
- C:\Windows\System\lLBnMKB.exe
  C:\Windows\System\lLBnMKB.exe
  2⤵
  PID:9876
- C:\Windows\System\ZaQFWYk.exe
  C:\Windows\System\ZaQFWYk.exe
  2⤵
  PID:10468
- C:\Windows\System\jlwKIzn.exe
  C:\Windows\System\jlwKIzn.exe
  2⤵
  PID:10604
- C:\Windows\System\LtKejcD.exe
  C:\Windows\System\LtKejcD.exe
  2⤵
  PID:10728
- C:\Windows\System\PxwgOLq.exe
  C:\Windows\System\PxwgOLq.exe
  2⤵
  PID:10896
- C:\Windows\System\cEmPBGm.exe
  C:\Windows\System\cEmPBGm.exe
  2⤵
  PID:11052
- C:\Windows\System\yNIjShV.exe
  C:\Windows\System\yNIjShV.exe
  2⤵
  PID:11176
- C:\Windows\System\EUIrICk.exe
  C:\Windows\System\EUIrICk.exe
  2⤵
  PID:10364
- C:\Windows\System\lVRcZSk.exe
  C:\Windows\System\lVRcZSk.exe
  2⤵
  PID:10700
- C:\Windows\System\VWrDYpI.exe
  C:\Windows\System\VWrDYpI.exe
  2⤵
  PID:11032
- C:\Windows\System\cSXBofG.exe
  C:\Windows\System\cSXBofG.exe
  2⤵
  PID:10532
- C:\Windows\System\NgusmnO.exe
  C:\Windows\System\NgusmnO.exe
  2⤵
  PID:10496
- C:\Windows\System\ivqaLxm.exe
  C:\Windows\System\ivqaLxm.exe
  2⤵
  PID:10968
- C:\Windows\System\pfJEmEY.exe
  C:\Windows\System\pfJEmEY.exe
  2⤵
  PID:11292
- C:\Windows\System\lHLRRFe.exe
  C:\Windows\System\lHLRRFe.exe
  2⤵
  PID:11320
- C:\Windows\System\sqiBkLz.exe
  C:\Windows\System\sqiBkLz.exe
  2⤵
  PID:11348
- C:\Windows\System\NtboKty.exe
  C:\Windows\System\NtboKty.exe
  2⤵
  PID:11376
- C:\Windows\System\vVXlNwq.exe
  C:\Windows\System\vVXlNwq.exe
  2⤵
  PID:11404
- C:\Windows\System\hKwvmyt.exe
  C:\Windows\System\hKwvmyt.exe
  2⤵
  PID:11432
- C:\Windows\System\nwSxTYq.exe
  C:\Windows\System\nwSxTYq.exe
  2⤵
  PID:11460
- C:\Windows\System\FeSyucS.exe
  C:\Windows\System\FeSyucS.exe
  2⤵
  PID:11488
- C:\Windows\System\otoicxZ.exe
  C:\Windows\System\otoicxZ.exe
  2⤵
  PID:11516
- C:\Windows\System\IELUWFQ.exe
  C:\Windows\System\IELUWFQ.exe
  2⤵
  PID:11544
- C:\Windows\System\hLxFfIO.exe
  C:\Windows\System\hLxFfIO.exe
  2⤵
  PID:11572
- C:\Windows\System\zebSVDs.exe
  C:\Windows\System\zebSVDs.exe
  2⤵
  PID:11604
- C:\Windows\System\uFXufej.exe
  C:\Windows\System\uFXufej.exe
  2⤵
  PID:11632
- C:\Windows\System\HZbrMIt.exe
  C:\Windows\System\HZbrMIt.exe
  2⤵
  PID:11660
- C:\Windows\System\McnJNxF.exe
  C:\Windows\System\McnJNxF.exe
  2⤵
  PID:11688
- C:\Windows\System\mcCtPoJ.exe
  C:\Windows\System\mcCtPoJ.exe
  2⤵
  PID:11716
- C:\Windows\System\lGGKitl.exe
  C:\Windows\System\lGGKitl.exe
  2⤵
  PID:11744
- C:\Windows\System\ZpVOdUR.exe
  C:\Windows\System\ZpVOdUR.exe
  2⤵
  PID:11772
- C:\Windows\System\aIyXgpP.exe
  C:\Windows\System\aIyXgpP.exe
  2⤵
  PID:11800
- C:\Windows\System\rVgPtmL.exe
  C:\Windows\System\rVgPtmL.exe
  2⤵
  PID:11832
- C:\Windows\System\SuHaBsH.exe
  C:\Windows\System\SuHaBsH.exe
  2⤵
  PID:11860
- C:\Windows\System\vbPaUQV.exe
  C:\Windows\System\vbPaUQV.exe
  2⤵
  PID:11888
- C:\Windows\System\opiQNIc.exe
  C:\Windows\System\opiQNIc.exe
  2⤵
  PID:11916
- C:\Windows\System\ShrzHVq.exe
  C:\Windows\System\ShrzHVq.exe
  2⤵
  PID:11944
- C:\Windows\System\hGCWIpM.exe
  C:\Windows\System\hGCWIpM.exe
  2⤵
  PID:11972
- C:\Windows\System\qmsCwsc.exe
  C:\Windows\System\qmsCwsc.exe
  2⤵
  PID:12000
- C:\Windows\System\GbythGk.exe
  C:\Windows\System\GbythGk.exe
  2⤵
  PID:12028
- C:\Windows\System\VxApwqk.exe
  C:\Windows\System\VxApwqk.exe
  2⤵
  PID:12056
- C:\Windows\System\kFvyvgT.exe
  C:\Windows\System\kFvyvgT.exe
  2⤵
  PID:12084
- C:\Windows\System\zIUnmbG.exe
  C:\Windows\System\zIUnmbG.exe
  2⤵
  PID:12112
- C:\Windows\System\RGLyVnq.exe
  C:\Windows\System\RGLyVnq.exe
  2⤵
  PID:12140
- C:\Windows\System\nhsHpZV.exe
  C:\Windows\System\nhsHpZV.exe
  2⤵
  PID:12168
- C:\Windows\System\TfIuHov.exe
  C:\Windows\System\TfIuHov.exe
  2⤵
  PID:12184
- C:\Windows\System\IuFevDZ.exe
  C:\Windows\System\IuFevDZ.exe
  2⤵
  PID:12224
- C:\Windows\System\erLMjVQ.exe
  C:\Windows\System\erLMjVQ.exe
  2⤵
  PID:12244
- C:\Windows\System\yqTCHQd.exe
  C:\Windows\System\yqTCHQd.exe
  2⤵
  PID:12284
- C:\Windows\System\qapLvWP.exe
  C:\Windows\System\qapLvWP.exe
  2⤵
  PID:11332
- C:\Windows\System\CqbVstQ.exe
  C:\Windows\System\CqbVstQ.exe
  2⤵
  PID:11372
- C:\Windows\System\CBJVUsa.exe
  C:\Windows\System\CBJVUsa.exe
  2⤵
  PID:5056
- C:\Windows\System\BVVoQpe.exe
  C:\Windows\System\BVVoQpe.exe
  2⤵
  PID:11456
- C:\Windows\System\uaIFOUz.exe
  C:\Windows\System\uaIFOUz.exe
  2⤵
  PID:11528
- C:\Windows\System\QdFCycY.exe
  C:\Windows\System\QdFCycY.exe
  2⤵
  PID:3876
- C:\Windows\System\nyHrnRf.exe
  C:\Windows\System\nyHrnRf.exe
  2⤵
  PID:11624
- C:\Windows\System\rsnnFhN.exe
  C:\Windows\System\rsnnFhN.exe
  2⤵
  PID:11684
- C:\Windows\System\INetiCr.exe
  C:\Windows\System\INetiCr.exe
  2⤵
  PID:11756
- C:\Windows\System\OGZNwph.exe
  C:\Windows\System\OGZNwph.exe
  2⤵
  PID:11812
- C:\Windows\System\lwPbmvv.exe
  C:\Windows\System\lwPbmvv.exe
  2⤵
  PID:11880
- C:\Windows\System\GZXmJgG.exe
  C:\Windows\System\GZXmJgG.exe
  2⤵
  PID:11956
- C:\Windows\System\vJXOMki.exe
  C:\Windows\System\vJXOMki.exe
  2⤵
  PID:11996
- C:\Windows\System\tMuZWLS.exe
  C:\Windows\System\tMuZWLS.exe
  2⤵
  PID:12068
- C:\Windows\System\ohTJVLk.exe
  C:\Windows\System\ohTJVLk.exe
  2⤵
  PID:12160
- C:\Windows\System\pHLDCmP.exe
  C:\Windows\System\pHLDCmP.exe
  2⤵
  PID:12200
- C:\Windows\System\dOUykpN.exe
  C:\Windows\System\dOUykpN.exe
  2⤵
  PID:11316
- C:\Windows\System\HGeFPST.exe
  C:\Windows\System\HGeFPST.exe
  2⤵
  PID:12192
- C:\Windows\System\WwPxkPe.exe
  C:\Windows\System\WwPxkPe.exe
  2⤵
  PID:11512
- C:\Windows\System\vHvPhLK.exe
  C:\Windows\System\vHvPhLK.exe
  2⤵
  PID:11652
- C:\Windows\System\rqSbGUm.exe
  C:\Windows\System\rqSbGUm.exe
  2⤵
  PID:11792
- C:\Windows\System\avShQHw.exe
  C:\Windows\System\avShQHw.exe
  2⤵
  PID:11936
- C:\Windows\System\FytJlvO.exe
  C:\Windows\System\FytJlvO.exe
  2⤵
  PID:12020
- C:\Windows\System\lfHPVAm.exe
  C:\Windows\System\lfHPVAm.exe
  2⤵
  PID:12176
- C:\Windows\System\JuyKHWb.exe
  C:\Windows\System\JuyKHWb.exe
  2⤵
  PID:11964
- C:\Windows\System\JcYzGHo.exe
  C:\Windows\System\JcYzGHo.exe
  2⤵
  PID:11568
- C:\Windows\System\ejheetN.exe
  C:\Windows\System\ejheetN.exe
  2⤵
  PID:11740
- C:\Windows\System\juFTElF.exe
  C:\Windows\System\juFTElF.exe
  2⤵
  PID:11984
- C:\Windows\System\eGUXrDq.exe
  C:\Windows\System\eGUXrDq.exe
  2⤵
  PID:11452
- C:\Windows\System\EZAOVyE.exe
  C:\Windows\System\EZAOVyE.exe
  2⤵
  PID:4180
- C:\Windows\System\jfXgkTE.exe
  C:\Windows\System\jfXgkTE.exe
  2⤵
  PID:2796
- C:\Windows\System\MSVBWif.exe
  C:\Windows\System\MSVBWif.exe
  2⤵
  PID:11928
- C:\Windows\System\JSqnPzU.exe
  C:\Windows\System\JSqnPzU.exe
  2⤵
  PID:2296
- C:\Windows\System\xpxonwv.exe
  C:\Windows\System\xpxonwv.exe
  2⤵
  PID:4796
- C:\Windows\System\LuAiXOg.exe
  C:\Windows\System\LuAiXOg.exe
  2⤵
  PID:12296
- C:\Windows\System\EYpQRrU.exe
  C:\Windows\System\EYpQRrU.exe
  2⤵
  PID:12324
- C:\Windows\System\EPCoNEa.exe
  C:\Windows\System\EPCoNEa.exe
  2⤵
  PID:12352
- C:\Windows\System\hpnJtiH.exe
  C:\Windows\System\hpnJtiH.exe
  2⤵
  PID:12380
- C:\Windows\System\igiapIx.exe
  C:\Windows\System\igiapIx.exe
  2⤵
  PID:12408
- C:\Windows\System\sWCGAoZ.exe
  C:\Windows\System\sWCGAoZ.exe
  2⤵
  PID:12436
- C:\Windows\System\eBVzcPT.exe
  C:\Windows\System\eBVzcPT.exe
  2⤵
  PID:12464
- C:\Windows\System\uBXXHrk.exe
  C:\Windows\System\uBXXHrk.exe
  2⤵
  PID:12492
- C:\Windows\System\lgyYPef.exe
  C:\Windows\System\lgyYPef.exe
  2⤵
  PID:12520
- C:\Windows\System\zXtqGdT.exe
  C:\Windows\System\zXtqGdT.exe
  2⤵
  PID:12548
- C:\Windows\System\EJQqgVt.exe
  C:\Windows\System\EJQqgVt.exe
  2⤵
  PID:12576
- C:\Windows\System\ZBXxUEO.exe
  C:\Windows\System\ZBXxUEO.exe
  2⤵
  PID:12608
- C:\Windows\System\bfVHcXQ.exe
  C:\Windows\System\bfVHcXQ.exe
  2⤵
  PID:12632
- C:\Windows\System\YRonRfM.exe
  C:\Windows\System\YRonRfM.exe
  2⤵
  PID:12660
- C:\Windows\System\lTCPWUD.exe
  C:\Windows\System\lTCPWUD.exe
  2⤵
  PID:12696
- C:\Windows\System\QkibRMD.exe
  C:\Windows\System\QkibRMD.exe
  2⤵
  PID:12716
- C:\Windows\System\mXqRyHb.exe
  C:\Windows\System\mXqRyHb.exe
  2⤵
  PID:12752
- C:\Windows\System\ukPFLOo.exe
  C:\Windows\System\ukPFLOo.exe
  2⤵
  PID:12772
- C:\Windows\System\FJEBDGn.exe
  C:\Windows\System\FJEBDGn.exe
  2⤵
  PID:12804
- C:\Windows\System\vNzzRLu.exe
  C:\Windows\System\vNzzRLu.exe
  2⤵
  PID:12832
- C:\Windows\System\cZkNTrb.exe
  C:\Windows\System\cZkNTrb.exe
  2⤵
  PID:12868
- C:\Windows\System\xmypRMG.exe
  C:\Windows\System\xmypRMG.exe
  2⤵
  PID:12904
- C:\Windows\System\YFKvfXz.exe
  C:\Windows\System\YFKvfXz.exe
  2⤵
  PID:12920
- C:\Windows\System\nMAebTz.exe
  C:\Windows\System\nMAebTz.exe
  2⤵
  PID:12936
- C:\Windows\System\DajIanQ.exe
  C:\Windows\System\DajIanQ.exe
  2⤵
  PID:12968
- C:\Windows\System\qyOBARf.exe
  C:\Windows\System\qyOBARf.exe
  2⤵
  PID:13004
- C:\Windows\System\vkWfkDa.exe
  C:\Windows\System\vkWfkDa.exe
  2⤵
  PID:13072
- C:\Windows\System\CqdwyIk.exe
  C:\Windows\System\CqdwyIk.exe
  2⤵
  PID:13096
- C:\Windows\System\baeneQx.exe
  C:\Windows\System\baeneQx.exe
  2⤵
  PID:13136
- C:\Windows\System\DwzOBAQ.exe
  C:\Windows\System\DwzOBAQ.exe
  2⤵
  PID:13152
- C:\Windows\System\jJGVIQI.exe
  C:\Windows\System\jJGVIQI.exe
  2⤵
  PID:13180
- C:\Windows\System\iqGZzNv.exe
  C:\Windows\System\iqGZzNv.exe
  2⤵
  PID:13208
- C:\Windows\System\UCKIEOJ.exe
  C:\Windows\System\UCKIEOJ.exe
  2⤵
  PID:13236
- C:\Windows\System\oyhsFuZ.exe
  C:\Windows\System\oyhsFuZ.exe
  2⤵
  PID:13264
- C:\Windows\System\nAMbRke.exe
  C:\Windows\System\nAMbRke.exe
  2⤵
  PID:13292
- C:\Windows\System\zMZVHIy.exe
  C:\Windows\System\zMZVHIy.exe
  2⤵
  PID:12308
- C:\Windows\System\LLnCWSU.exe
  C:\Windows\System\LLnCWSU.exe
  2⤵
  PID:12372
- C:\Windows\System\qjuVUOP.exe
  C:\Windows\System\qjuVUOP.exe
  2⤵
  PID:12432
- C:\Windows\System\vIMxjUJ.exe
  C:\Windows\System\vIMxjUJ.exe
  2⤵
  PID:12484
- C:\Windows\System\YVzNtTv.exe
  C:\Windows\System\YVzNtTv.exe
  2⤵
  PID:12532
- C:\Windows\System\GVfaFNP.exe
  C:\Windows\System\GVfaFNP.exe
  2⤵
  PID:12588
- C:\Windows\System\lmpSPXg.exe
  C:\Windows\System\lmpSPXg.exe
  2⤵
  PID:12652
- C:\Windows\System\FqJaukW.exe
  C:\Windows\System\FqJaukW.exe
  2⤵
  PID:12712
- C:\Windows\System\IzXFwPk.exe
  C:\Windows\System\IzXFwPk.exe
  2⤵
  PID:1368
- C:\Windows\System\HBthQQB.exe
  C:\Windows\System\HBthQQB.exe
  2⤵
  PID:3480
- C:\Windows\System\msMfFxW.exe
  C:\Windows\System\msMfFxW.exe
  2⤵
  PID:12800
- C:\Windows\System\iRVXYkZ.exe
  C:\Windows\System\iRVXYkZ.exe
  2⤵
  PID:12852
- C:\Windows\System\ceaRNCW.exe
  C:\Windows\System\ceaRNCW.exe
  2⤵
  PID:12948
- C:\Windows\System\MtjvhKJ.exe
  C:\Windows\System\MtjvhKJ.exe
  2⤵
  PID:2368
- C:\Windows\System\jSATpQi.exe
  C:\Windows\System\jSATpQi.exe
  2⤵
  PID:13040
- C:\Windows\System\LOWhDeP.exe
  C:\Windows\System\LOWhDeP.exe
  2⤵
  PID:4968
- C:\Windows\System\gnOFIsJ.exe
  C:\Windows\System\gnOFIsJ.exe
  2⤵
  PID:3304
- C:\Windows\System\qQDkbRv.exe
  C:\Windows\System\qQDkbRv.exe
  2⤵
  PID:3688
- C:\Windows\System\UShoeGJ.exe
  C:\Windows\System\UShoeGJ.exe
  2⤵
  PID:4312
- C:\Windows\System\ZKZJAyY.exe
  C:\Windows\System\ZKZJAyY.exe
  2⤵
  PID:4816
- C:\Windows\System\HCrueSN.exe
  C:\Windows\System\HCrueSN.exe
  2⤵
  PID:12876
- C:\Windows\System\ZcSMmce.exe
  C:\Windows\System\ZcSMmce.exe
  2⤵
  PID:13020
- C:\Windows\System\ERuZTPw.exe
  C:\Windows\System\ERuZTPw.exe
  2⤵
  PID:4452
- C:\Windows\System\xePdsOG.exe
  C:\Windows\System\xePdsOG.exe
  2⤵
  PID:1080
- C:\Windows\System\qHgNMGf.exe
  C:\Windows\System\qHgNMGf.exe
  2⤵
  PID:13248
- C:\Windows\System\ijxENAM.exe
  C:\Windows\System\ijxENAM.exe
  2⤵
  PID:13304
- C:\Windows\System\qpttfPU.exe
  C:\Windows\System\qpttfPU.exe
  2⤵
  PID:12364
- C:\Windows\System\AgmiTwq.exe
  C:\Windows\System\AgmiTwq.exe
  2⤵
  PID:12448
- C:\Windows\System\JkoyTQY.exe
  C:\Windows\System\JkoyTQY.exe
  2⤵
  PID:12512
- C:\Windows\System\JCQmXbD.exe
  C:\Windows\System\JCQmXbD.exe
  2⤵
  PID:5276
- C:\Windows\System\Hdpirka.exe
  C:\Windows\System\Hdpirka.exe
  2⤵
  PID:12704
- C:\Windows\System\OyctuuY.exe
  C:\Windows\System\OyctuuY.exe
  2⤵
  PID:5328
- C:\Windows\System\JpxAcIU.exe
  C:\Windows\System\JpxAcIU.exe
  2⤵
  PID:3100
- C:\Windows\System\yBfbpyH.exe
  C:\Windows\System\yBfbpyH.exe
  2⤵
  PID:5008
- C:\Windows\System\fMshMAc.exe
  C:\Windows\System\fMshMAc.exe
  2⤵
  PID:13032
- C:\Windows\System\FoXBuxS.exe
  C:\Windows\System\FoXBuxS.exe
  2⤵
  PID:756
- C:\Windows\System\ORMvrkC.exe
  C:\Windows\System\ORMvrkC.exe
  2⤵
  PID:1656
- C:\Windows\System\TiTaNGi.exe
  C:\Windows\System\TiTaNGi.exe
  2⤵
  PID:1860
- C:\Windows\System\ACmHorY.exe
  C:\Windows\System\ACmHorY.exe
  2⤵
  PID:4500
- C:\Windows\System\eydXCll.exe
  C:\Windows\System\eydXCll.exe
  2⤵
  PID:13176
- C:\Windows\System\nyXtmbQ.exe
  C:\Windows\System\nyXtmbQ.exe
  2⤵
  PID:5004
- C:\Windows\System\cNyTuax.exe
  C:\Windows\System\cNyTuax.exe
  2⤵
  PID:12596
- C:\Windows\System\DPyOScC.exe
  C:\Windows\System\DPyOScC.exe
  2⤵
  PID:4492
- C:\Windows\System\okaMxVD.exe
  C:\Windows\System\okaMxVD.exe
  2⤵
  PID:11508
- C:\Windows\System\JAmdoFL.exe
  C:\Windows\System\JAmdoFL.exe
  2⤵
  PID:12516
- C:\Windows\System\DntcbtQ.exe
  C:\Windows\System\DntcbtQ.exe
  2⤵
  PID:5744
- C:\Windows\System\CGovYJJ.exe
  C:\Windows\System\CGovYJJ.exe
  2⤵
  PID:12788
- C:\Windows\System\mORuSxf.exe
  C:\Windows\System\mORuSxf.exe
  2⤵
  PID:12932
- C:\Windows\System\nOZzvKt.exe
  C:\Windows\System\nOZzvKt.exe
  2⤵
  PID:13016
- C:\Windows\System\pHDfOGh.exe
  C:\Windows\System\pHDfOGh.exe
  2⤵
  PID:1556
- C:\Windows\System\aEbURCG.exe
  C:\Windows\System\aEbURCG.exe
  2⤵
  PID:5932
- C:\Windows\System\tFyZBHO.exe
  C:\Windows\System\tFyZBHO.exe
  2⤵
  PID:5548
- C:\Windows\System\GwxBmQk.exe
  C:\Windows\System\GwxBmQk.exe
  2⤵
  PID:2396
- C:\Windows\System\vICVETD.exe
  C:\Windows\System\vICVETD.exe
  2⤵
  PID:6044
- C:\Windows\System\RfRzuJh.exe
  C:\Windows\System\RfRzuJh.exe
  2⤵
  PID:5196
- C:\Windows\System\ZXUmJdC.exe
  C:\Windows\System\ZXUmJdC.exe
  2⤵
  PID:6136
- C:\Windows\System\PYZwecr.exe
  C:\Windows\System\PYZwecr.exe
  2⤵
  PID:12620
- C:\Windows\System\AoDeCwk.exe
  C:\Windows\System\AoDeCwk.exe
  2⤵
  PID:5800
- C:\Windows\System\NfVKMOw.exe
  C:\Windows\System\NfVKMOw.exe
  2⤵
  PID:5440
- C:\Windows\System\EJAQnDh.exe
  C:\Windows\System\EJAQnDh.exe
  2⤵
  PID:5940
- C:\Windows\System\mVRxvFR.exe
  C:\Windows\System\mVRxvFR.exe
  2⤵
  PID:5988
- C:\Windows\System\lsaRUnY.exe
  C:\Windows\System\lsaRUnY.exe
  2⤵
  PID:13260
- C:\Windows\System\bQWMUfB.exe
  C:\Windows\System\bQWMUfB.exe
  2⤵
  PID:3620
- C:\Windows\System\CUDLIUq.exe
  C:\Windows\System\CUDLIUq.exe
  2⤵
  PID:5140
- C:\Windows\System\csBkMLi.exe
  C:\Windows\System\csBkMLi.exe
  2⤵
  PID:3552
- C:\Windows\System\jgVxfwY.exe
  C:\Windows\System\jgVxfwY.exe
  2⤵
  PID:5724
- C:\Windows\System\QkABTOW.exe
  C:\Windows\System\QkABTOW.exe
  2⤵
  PID:13228
- C:\Windows\System\rbTdnvK.exe
  C:\Windows\System\rbTdnvK.exe
  2⤵
  PID:5824
- C:\Windows\System\RqGtlWt.exe
  C:\Windows\System\RqGtlWt.exe
  2⤵
  PID:12736
- C:\Windows\System\qwNXxDB.exe
  C:\Windows\System\qwNXxDB.exe
  2⤵
  PID:5992
- C:\Windows\System\USEQgVQ.exe
  C:\Windows\System\USEQgVQ.exe
  2⤵
  PID:5564
- C:\Windows\System\eahtEjv.exe
  C:\Windows\System\eahtEjv.exe
  2⤵
  PID:1552
- C:\Windows\System\Jnbfmqj.exe
  C:\Windows\System\Jnbfmqj.exe
  2⤵
  PID:5316
- C:\Windows\System\yakeJOh.exe
  C:\Windows\System\yakeJOh.exe
  2⤵
  PID:6096
- C:\Windows\System\mHEZrAb.exe
  C:\Windows\System\mHEZrAb.exe
  2⤵
  PID:5608
- C:\Windows\System\nccVpox.exe
  C:\Windows\System\nccVpox.exe
  2⤵
  PID:5592
- C:\Windows\System\hmDliIE.exe
  C:\Windows\System\hmDliIE.exe
  2⤵
  PID:6020
- C:\Windows\System\fctESYy.exe
  C:\Windows\System\fctESYy.exe
  2⤵
  PID:1488
- C:\Windows\System\XYKEjvx.exe
  C:\Windows\System\XYKEjvx.exe
  2⤵
  PID:5708
- C:\Windows\System\eIZKskG.exe
  C:\Windows\System\eIZKskG.exe
  2⤵
  PID:5904
- C:\Windows\System\kVWAfNm.exe
  C:\Windows\System\kVWAfNm.exe
  2⤵
  PID:6200
- C:\Windows\System\MJfYsRz.exe
  C:\Windows\System\MJfYsRz.exe
  2⤵
  PID:6284
- C:\Windows\System\IMKsafF.exe
  C:\Windows\System\IMKsafF.exe
  2⤵
  PID:5356
- C:\Windows\System\OKpiOPF.exe
  C:\Windows\System\OKpiOPF.exe
  2⤵
  PID:6428
- C:\Windows\System\VIOqkSN.exe
  C:\Windows\System\VIOqkSN.exe
  2⤵
  PID:5468
- C:\Windows\System\ySTMaiE.exe
  C:\Windows\System\ySTMaiE.exe
  2⤵
  PID:6484
- C:\Windows\System\JrfjcvB.exe
  C:\Windows\System\JrfjcvB.exe
  2⤵
  PID:6364
- C:\Windows\System\iEQiBRq.exe
  C:\Windows\System\iEQiBRq.exe
  2⤵
  PID:6132
- C:\Windows\System\lgLuLyf.exe
  C:\Windows\System\lgLuLyf.exe
  2⤵
  PID:6612
- C:\Windows\System\tLoIFjr.exe
  C:\Windows\System\tLoIFjr.exe
  2⤵
  PID:6400
- C:\Windows\System\phRgMYD.exe
  C:\Windows\System\phRgMYD.exe
  2⤵
  PID:6220
- C:\Windows\System\XsLhJeG.exe
  C:\Windows\System\XsLhJeG.exe
  2⤵
  PID:6712
- C:\Windows\System\IDpAQtE.exe
  C:\Windows\System\IDpAQtE.exe
  2⤵
  PID:6628
- C:\Windows\System\FfQhrMD.exe
  C:\Windows\System\FfQhrMD.exe
  2⤵
  PID:6764
- C:\Windows\System\OmCtbXq.exe
  C:\Windows\System\OmCtbXq.exe
  2⤵
  PID:6788
- C:\Windows\System\CHtcrfi.exe
  C:\Windows\System\CHtcrfi.exe
  2⤵
  PID:13332
- C:\Windows\System\HSLZLMG.exe
  C:\Windows\System\HSLZLMG.exe
  2⤵
  PID:13364
- C:\Windows\System\WliFzZF.exe
  C:\Windows\System\WliFzZF.exe
  2⤵
  PID:13392
- C:\Windows\System\oEqnLZw.exe
  C:\Windows\System\oEqnLZw.exe
  2⤵
  PID:13420
- C:\Windows\System\FCzkOKF.exe
  C:\Windows\System\FCzkOKF.exe
  2⤵
  PID:13448
- C:\Windows\System\mwqTKqr.exe
  C:\Windows\System\mwqTKqr.exe
  2⤵
  PID:13476
- C:\Windows\System\oyrLvKK.exe
  C:\Windows\System\oyrLvKK.exe
  2⤵
  PID:13504
- C:\Windows\System\xsDFnPc.exe
  C:\Windows\System\xsDFnPc.exe
  2⤵
  PID:13532
- C:\Windows\System\mAVoAMb.exe
  C:\Windows\System\mAVoAMb.exe
  2⤵
  PID:13560
- C:\Windows\System\HZbpxeo.exe
  C:\Windows\System\HZbpxeo.exe
  2⤵
  PID:13588
- C:\Windows\System\dHHNSot.exe
  C:\Windows\System\dHHNSot.exe
  2⤵
  PID:13616
- C:\Windows\System\wLgvewB.exe
  C:\Windows\System\wLgvewB.exe
  2⤵
  PID:13644
- C:\Windows\System\XdreSwK.exe
  C:\Windows\System\XdreSwK.exe
  2⤵
  PID:13672
- C:\Windows\System\pcsThIb.exe
  C:\Windows\System\pcsThIb.exe
  2⤵
  PID:13700
- C:\Windows\System\hxIaYnB.exe
  C:\Windows\System\hxIaYnB.exe
  2⤵
  PID:13728
- C:\Windows\System\ScDaHdx.exe
  C:\Windows\System\ScDaHdx.exe
  2⤵
  PID:13756
- C:\Windows\System\SMqGCtQ.exe
  C:\Windows\System\SMqGCtQ.exe
  2⤵
  PID:13784
- C:\Windows\System\wcOxApx.exe
  C:\Windows\System\wcOxApx.exe
  2⤵
  PID:13812
- C:\Windows\System\GErlMXX.exe
  C:\Windows\System\GErlMXX.exe
  2⤵
  PID:13840
- C:\Windows\System\FgkJRPH.exe
  C:\Windows\System\FgkJRPH.exe
  2⤵
  PID:13868
- C:\Windows\System\JlbHZZI.exe
  C:\Windows\System\JlbHZZI.exe
  2⤵
  PID:13896
- C:\Windows\System\ubvVgzI.exe
  C:\Windows\System\ubvVgzI.exe
  2⤵
  PID:13924
- C:\Windows\System\drsQCLc.exe
  C:\Windows\System\drsQCLc.exe
  2⤵
  PID:13952
- C:\Windows\System\NPhSOAO.exe
  C:\Windows\System\NPhSOAO.exe
  2⤵
  PID:13980
- C:\Windows\System\JgmhmwW.exe
  C:\Windows\System\JgmhmwW.exe
  2⤵
  PID:14008
- C:\Windows\System\lrHPpwQ.exe
  C:\Windows\System\lrHPpwQ.exe
  2⤵
  PID:14036
- C:\Windows\System\tuVbBhv.exe
  C:\Windows\System\tuVbBhv.exe
  2⤵
  PID:14064
- C:\Windows\System\OYXoKZl.exe
  C:\Windows\System\OYXoKZl.exe
  2⤵
  PID:14092
- C:\Windows\System\VrQvFZt.exe
  C:\Windows\System\VrQvFZt.exe
  2⤵
  PID:14124
- C:\Windows\System\hjqFSwf.exe
  C:\Windows\System\hjqFSwf.exe
  2⤵
  PID:14152
- C:\Windows\System\BMeRQst.exe
  C:\Windows\System\BMeRQst.exe
  2⤵
  PID:14180
- C:\Windows\System\yxrlNLX.exe
  C:\Windows\System\yxrlNLX.exe
  2⤵
  PID:14208
- C:\Windows\System\cKBqHLc.exe
  C:\Windows\System\cKBqHLc.exe
  2⤵
  PID:14236
- C:\Windows\System\XKlJZhq.exe
  C:\Windows\System\XKlJZhq.exe
  2⤵
  PID:14264
- C:\Windows\System\MAddSof.exe
  C:\Windows\System\MAddSof.exe
  2⤵
  PID:14292
- C:\Windows\System\wnlMDTG.exe
  C:\Windows\System\wnlMDTG.exe
  2⤵
  PID:14320
- C:\Windows\System\vyXJwFS.exe
  C:\Windows\System\vyXJwFS.exe
  2⤵
  PID:6864
- C:\Windows\System\PwrqjIR.exe
  C:\Windows\System\PwrqjIR.exe
  2⤵
  PID:13376
- C:\Windows\System\kobzVtY.exe
  C:\Windows\System\kobzVtY.exe
  2⤵
  PID:13412
- C:\Windows\System\ESIeKzU.exe
  C:\Windows\System\ESIeKzU.exe
  2⤵
  PID:13472
- C:\Windows\System\BHNLOOF.exe
  C:\Windows\System\BHNLOOF.exe
  2⤵
  PID:13500
- C:\Windows\System\YFnfBVL.exe
  C:\Windows\System\YFnfBVL.exe
  2⤵
  PID:13528
- C:\Windows\System\VFUrMmA.exe
  C:\Windows\System\VFUrMmA.exe
  2⤵
  PID:13584
- C:\Windows\System\cnrhmyE.exe
  C:\Windows\System\cnrhmyE.exe
  2⤵
  PID:13628
- C:\Windows\System\EvTIBhD.exe
  C:\Windows\System\EvTIBhD.exe
  2⤵
  PID:13668
- C:\Windows\System\WNxJkwN.exe
  C:\Windows\System\WNxJkwN.exe
  2⤵
  PID:13720
- C:\Windows\System\NljnLaA.exe
  C:\Windows\System\NljnLaA.exe
  2⤵
  PID:5388
- C:\Windows\System\VbdNFLi.exe
  C:\Windows\System\VbdNFLi.exe
  2⤵
  PID:13340
- C:\Windows\System\DsrqyVq.exe
  C:\Windows\System\DsrqyVq.exe
  2⤵
  PID:13992
- C:\Windows\System\pfWbFKS.exe
  C:\Windows\System\pfWbFKS.exe
  2⤵
  PID:14172
- C:\Windows\System\ADWJoUz.exe
  C:\Windows\System\ADWJoUz.exe
  2⤵
  PID:14204
- C:\Windows\System\ytRNhhH.exe
  C:\Windows\System\ytRNhhH.exe
  2⤵
  PID:14232
- C:\Windows\System\EUcqwCf.exe
  C:\Windows\System\EUcqwCf.exe
  2⤵
  PID:14284
- C:\Windows\System\weTPnXz.exe
  C:\Windows\System\weTPnXz.exe
  2⤵
  PID:6888
- C:\Windows\System\lEIsDuC.exe
  C:\Windows\System\lEIsDuC.exe
  2⤵
  PID:13404
- C:\Windows\System\VxuvCzW.exe
  C:\Windows\System\VxuvCzW.exe
  2⤵
  PID:13460
- C:\Windows\System\JjiNzrg.exe
  C:\Windows\System\JjiNzrg.exe
  2⤵
  PID:6708
- C:\Windows\System\hrlAmad.exe
  C:\Windows\System\hrlAmad.exe
  2⤵
  PID:13656
- C:\Windows\System\IOSRVse.exe
  C:\Windows\System\IOSRVse.exe
  2⤵
  PID:13696
- C:\Windows\System\GhWVlak.exe
  C:\Windows\System\GhWVlak.exe
  2⤵
  PID:7216
- C:\Windows\System\RCdeZQj.exe
  C:\Windows\System\RCdeZQj.exe
  2⤵
  PID:6336
- C:\Windows\System\bccfrfe.exe
  C:\Windows\System\bccfrfe.exe
  2⤵
  PID:13852
- C:\Windows\System\nCkzQPe.exe
  C:\Windows\System\nCkzQPe.exe
  2⤵
  PID:13936
- C:\Windows\System\sanCzBW.exe
  C:\Windows\System\sanCzBW.exe
  2⤵
  PID:13964
- C:\Windows\System\mDFGKru.exe
  C:\Windows\System\mDFGKru.exe
  2⤵
  PID:13976
- C:\Windows\System\ADXpbST.exe
  C:\Windows\System\ADXpbST.exe
  2⤵
  PID:14028
- C:\Windows\System\wevTaBK.exe
  C:\Windows\System\wevTaBK.exe
  2⤵
  PID:14048
- C:\Windows\System\VsVdGnE.exe
  C:\Windows\System\VsVdGnE.exe
  2⤵
  PID:14084
- C:\Windows\System\cebpcTY.exe
  C:\Windows\System\cebpcTY.exe
  2⤵
  PID:14120
- C:\Windows\System\xZzTlUC.exe
  C:\Windows\System\xZzTlUC.exe
  2⤵
  PID:7616
- C:\Windows\System\gSzSTMN.exe
  C:\Windows\System\gSzSTMN.exe
  2⤵
  PID:6508
- C:\Windows\System\gOiagfk.exe
  C:\Windows\System\gOiagfk.exe
  2⤵
  PID:14276
- C:\Windows\System\QGGDpji.exe
  C:\Windows\System\QGGDpji.exe
  2⤵
  PID:14316
- C:\Windows\System\OvORevW.exe
  C:\Windows\System\OvORevW.exe
  2⤵
  PID:6852
- C:\Windows\System\USMXTWS.exe
  C:\Windows\System\USMXTWS.exe
  2⤵
  PID:7144
- C:\Windows\System\yewKDDc.exe
  C:\Windows\System\yewKDDc.exe
  2⤵
  PID:13516
- C:\Windows\System\nBIciPE.exe
  C:\Windows\System\nBIciPE.exe
  2⤵
  PID:13572
- C:\Windows\System\VzMACRx.exe
  C:\Windows\System\VzMACRx.exe
  2⤵
  PID:7924
- C:\Windows\System\nFbhpee.exe
  C:\Windows\System\nFbhpee.exe
  2⤵
  PID:7952
- C:\Windows\System\iLMDkyU.exe
  C:\Windows\System\iLMDkyU.exe
  2⤵
  PID:2904
- C:\Windows\System\pZMCCUS.exe
  C:\Windows\System\pZMCCUS.exe
  2⤵
  PID:14100
- C:\Windows\System\RxyGxiT.exe
  C:\Windows\System\RxyGxiT.exe
  2⤵
  PID:6532
- C:\Windows\System\hGAeqaB.exe
  C:\Windows\System\hGAeqaB.exe
  2⤵
  PID:5352
- C:\Windows\System\QlekPpq.exe
  C:\Windows\System\QlekPpq.exe
  2⤵
  PID:7540
- C:\Windows\System\dusbAVG.exe
  C:\Windows\System\dusbAVG.exe
  2⤵
  PID:7596
- C:\Windows\System\iYkTFRc.exe
  C:\Windows\System\iYkTFRc.exe
  2⤵
  PID:6296
- C:\Windows\System\cNmyicy.exe
  C:\Windows\System\cNmyicy.exe
  2⤵
  PID:14192
- C:\Windows\System\dABtUOF.exe
  C:\Windows\System\dABtUOF.exe
  2⤵
  PID:7880
- C:\Windows\System\LoGYdzu.exe
  C:\Windows\System\LoGYdzu.exe
  2⤵
  PID:8012
- C:\Windows\System\OrCdElh.exe
  C:\Windows\System\OrCdElh.exe
  2⤵
  PID:14312
- C:\Windows\System\ixAkfgw.exe
  C:\Windows\System\ixAkfgw.exe
  2⤵
  PID:1124
- C:\Windows\System\sMvGhIf.exe
  C:\Windows\System\sMvGhIf.exe
  2⤵
  PID:7380
- C:\Windows\System\BQXbbAV.exe
  C:\Windows\System\BQXbbAV.exe
  2⤵
  PID:6304
- C:\Windows\System\tOMUMsl.exe
  C:\Windows\System\tOMUMsl.exe
  2⤵
  PID:7732
- C:\Windows\System\LHISxeR.exe
  C:\Windows\System\LHISxeR.exe
  2⤵
  PID:7212
- C:\Windows\System\mwIUOPp.exe
  C:\Windows\System\mwIUOPp.exe
  2⤵
  PID:8100
- C:\Windows\System\zZQOGdA.exe
  C:\Windows\System\zZQOGdA.exe
  2⤵
  PID:13864
- C:\Windows\System\XdvODXh.exe
  C:\Windows\System\XdvODXh.exe
  2⤵
  PID:13888
- C:\Windows\System\zFlzSbG.exe
  C:\Windows\System\zFlzSbG.exe
  2⤵
  PID:7332
- C:\Windows\System\gvzXsjq.exe
  C:\Windows\System\gvzXsjq.exe
  2⤵
  PID:13916
- C:\Windows\System\sRkjwMr.exe
  C:\Windows\System\sRkjwMr.exe
  2⤵
  PID:6908
- C:\Windows\System\CyiurrA.exe
  C:\Windows\System\CyiurrA.exe
  2⤵
  PID:6868
- C:\Windows\System\GJeqCDu.exe
  C:\Windows\System\GJeqCDu.exe
  2⤵
  PID:8320
- C:\Windows\System\zhLiFak.exe
  C:\Windows\System\zhLiFak.exe
  2⤵
  PID:6148
- C:\Windows\System\qdcXlgZ.exe
  C:\Windows\System\qdcXlgZ.exe
  2⤵
  PID:8428
- C:\Windows\System\HKDRWRR.exe
  C:\Windows\System\HKDRWRR.exe
  2⤵
  PID:8440
- C:\Windows\System\nnWYcez.exe
  C:\Windows\System\nnWYcez.exe
  2⤵
  PID:13860
- C:\Windows\System\TlIutdx.exe
  C:\Windows\System\TlIutdx.exe
  2⤵
  PID:5092
- C:\Windows\System\QDFstIj.exe
  C:\Windows\System\QDFstIj.exe
  2⤵
  PID:4916
- C:\Windows\System\ykLbKNv.exe
  C:\Windows\System\ykLbKNv.exe
  2⤵
  PID:8072
- C:\Windows\System\gzHAgjL.exe
  C:\Windows\System\gzHAgjL.exe
  2⤵
  PID:6928
- C:\Windows\System\wWLlMjm.exe
  C:\Windows\System\wWLlMjm.exe
  2⤵
  PID:8720
- C:\Windows\System\DGdpgBW.exe
  C:\Windows\System\DGdpgBW.exe
  2⤵
  PID:7084
- C:\Windows\System\yXaRIeP.exe
  C:\Windows\System\yXaRIeP.exe
  2⤵
  PID:8768
- C:\Windows\System\pqaRuuJ.exe
  C:\Windows\System\pqaRuuJ.exe
  2⤵
  PID:4004
- C:\Windows\System\TzCNklc.exe
  C:\Windows\System\TzCNklc.exe
  2⤵
  PID:8176
- C:\Windows\System\VQUbFnw.exe
  C:\Windows\System\VQUbFnw.exe
  2⤵
  PID:13920
- C:\Windows\System\WcXsahc.exe
  C:\Windows\System\WcXsahc.exe
  2⤵
  PID:8912
- C:\Windows\System\WlNHgmc.exe
  C:\Windows\System\WlNHgmc.exe
  2⤵
  PID:7940
- C:\Windows\System\VXdzaED.exe
  C:\Windows\System\VXdzaED.exe
  2⤵
  PID:14076
- C:\Windows\System\BnEjveH.exe
  C:\Windows\System\BnEjveH.exe
  2⤵
  PID:8976
- C:\Windows\System\GtzJDXH.exe
  C:\Windows\System\GtzJDXH.exe
  2⤵
  PID:7564
- C:\Windows\System\jtcofHg.exe
  C:\Windows\System\jtcofHg.exe
  2⤵
  PID:9052
- C:\Windows\System\kuLjywt.exe
  C:\Windows\System\kuLjywt.exe
  2⤵
  PID:1212
- C:\Windows\System\BHVHRsH.exe
  C:\Windows\System\BHVHRsH.exe
  2⤵
  PID:9148
- C:\Windows\System\jgkMPyy.exe
  C:\Windows\System\jgkMPyy.exe
  2⤵
  PID:9204
- C:\Windows\System\ZQBITaR.exe
  C:\Windows\System\ZQBITaR.exe
  2⤵
  PID:8660
- C:\Windows\System\BoNFYns.exe
  C:\Windows\System\BoNFYns.exe
  2⤵
  PID:13524
- C:\Windows\System\UWpBqBp.exe
  C:\Windows\System\UWpBqBp.exe
  2⤵
  PID:7956
- C:\Windows\System\BoHlSPB.exe
  C:\Windows\System\BoHlSPB.exe
  2⤵
  PID:8092
- C:\Windows\System\PvhxZpI.exe
  C:\Windows\System\PvhxZpI.exe
  2⤵
  PID:5404
- C:\Windows\System\RafFvcp.exe
  C:\Windows\System\RafFvcp.exe
  2⤵
  PID:8856
- C:\Windows\System\DEaBwaT.exe
  C:\Windows\System\DEaBwaT.exe
  2⤵
  PID:8948
- C:\Windows\System\hUwkUSz.exe
  C:\Windows\System\hUwkUSz.exe
  2⤵
  PID:8780
- C:\Windows\System\fQScGYu.exe
  C:\Windows\System\fQScGYu.exe
  2⤵
  PID:2992
- C:\Windows\System\pcxLjSd.exe
  C:\Windows\System\pcxLjSd.exe
  2⤵
  PID:9024
- C:\Windows\System\eoIGNUA.exe
  C:\Windows\System\eoIGNUA.exe
  2⤵
  PID:7644
- C:\Windows\System\OtqdIwM.exe
  C:\Windows\System\OtqdIwM.exe
  2⤵
  PID:8212
- C:\Windows\System\PQlStZP.exe
  C:\Windows\System\PQlStZP.exe
  2⤵
  PID:8204
- C:\Windows\System\ewltIIw.exe
  C:\Windows\System\ewltIIw.exe
  2⤵
  PID:5408
- C:\Windows\System\CfjZIRr.exe
  C:\Windows\System\CfjZIRr.exe
  2⤵
  PID:7960
- C:\Windows\System\DYGEnRb.exe
  C:\Windows\System\DYGEnRb.exe
  2⤵
  PID:8896
- C:\Windows\System\uOkUXnc.exe
  C:\Windows\System\uOkUXnc.exe
  2⤵
  PID:2404
- C:\Windows\System\JQsfAnC.exe
  C:\Windows\System\JQsfAnC.exe
  2⤵
  PID:8592
- C:\Windows\System\oekCSer.exe
  C:\Windows\System\oekCSer.exe
  2⤵
  PID:14056
- C:\Windows\System\PuPHgXc.exe
  C:\Windows\System\PuPHgXc.exe
  2⤵
  PID:8828
- C:\Windows\System\RzyTnHr.exe
  C:\Windows\System\RzyTnHr.exe
  2⤵
  PID:9096
- C:\Windows\System\RLGETCo.exe
  C:\Windows\System\RLGETCo.exe
  2⤵
  PID:2400
- C:\Windows\System\IujFHnr.exe
  C:\Windows\System\IujFHnr.exe
  2⤵
  PID:8240
- C:\Windows\System\euFUICE.exe
  C:\Windows\System\euFUICE.exe
  2⤵
  PID:6424
- C:\Windows\System\msTsbqs.exe
  C:\Windows\System\msTsbqs.exe
  2⤵
  PID:9324
- C:\Windows\System\hVDAhHN.exe
  C:\Windows\System\hVDAhHN.exe
  2⤵
  PID:8044
- C:\Windows\System\aKTtuwK.exe
  C:\Windows\System\aKTtuwK.exe
  2⤵
  PID:8796
- C:\Windows\System\gHCkzTs.exe
  C:\Windows\System\gHCkzTs.exe
  2⤵
  PID:8152
- C:\Windows\System\oChXNxg.exe
  C:\Windows\System\oChXNxg.exe
  2⤵
  PID:13948
- C:\Windows\System\RvuDDsS.exe
  C:\Windows\System\RvuDDsS.exe
  2⤵
  PID:924
- C:\Windows\System\EJYujyp.exe
  C:\Windows\System\EJYujyp.exe
  2⤵
  PID:9608
- C:\Windows\System\WuRmxiV.exe
  C:\Windows\System\WuRmxiV.exe
  2⤵
  PID:9664
- C:\Windows\System\mcdplKF.exe
  C:\Windows\System\mcdplKF.exe
  2⤵
  PID:9728
- C:\Windows\System\AcNhibB.exe
  C:\Windows\System\AcNhibB.exe
  2⤵
  PID:9748
- C:\Windows\System\DraNhFJ.exe
  C:\Windows\System\DraNhFJ.exe
  2⤵
  PID:9804
- C:\Windows\System\gbXmCtD.exe
  C:\Windows\System\gbXmCtD.exe
  2⤵
  PID:9868
- C:\Windows\System\FlVELsn.exe
  C:\Windows\System\FlVELsn.exe
  2⤵
  PID:9476
- C:\Windows\System\ycxJwZN.exe
  C:\Windows\System\ycxJwZN.exe
  2⤵
  PID:9952
- C:\Windows\System\rPZMSly.exe
  C:\Windows\System\rPZMSly.exe
  2⤵
  PID:9032
- C:\Windows\System\ADfXwKi.exe
  C:\Windows\System\ADfXwKi.exe
  2⤵
  PID:10036
- C:\Windows\System\avSrvFx.exe
  C:\Windows\System\avSrvFx.exe
  2⤵
  PID:9220
- C:\Windows\System\LSiMzSO.exe
  C:\Windows\System\LSiMzSO.exe
  2⤵
  PID:8324
- C:\Windows\System\EUWPMSh.exe
  C:\Windows\System\EUWPMSh.exe
  2⤵
  PID:8628
- C:\Windows\System\oyapnRA.exe
  C:\Windows\System\oyapnRA.exe
  2⤵
  PID:10200
- C:\Windows\System\RkANqkN.exe
  C:\Windows\System\RkANqkN.exe
  2⤵
  PID:2220
- C:\Windows\System\oqsQFYv.exe
  C:\Windows\System\oqsQFYv.exe
  2⤵
  PID:9312
- C:\Windows\System\TtZUeXx.exe
  C:\Windows\System\TtZUeXx.exe
  2⤵
  PID:9452
- C:\Windows\System\pqRBvDx.exe
  C:\Windows\System\pqRBvDx.exe
  2⤵
  PID:8600
- C:\Windows\System\iXdvqyb.exe
  C:\Windows\System\iXdvqyb.exe
  2⤵
  PID:9648
- C:\Windows\System\loeDOnC.exe
  C:\Windows\System\loeDOnC.exe
  2⤵
  PID:10236
- C:\Windows\System\XsDSglr.exe
  C:\Windows\System\XsDSglr.exe
  2⤵
  PID:9848
- C:\Windows\System\olXlunL.exe
  C:\Windows\System\olXlunL.exe
  2⤵
  PID:9984
- C:\Windows\System\WUNlOXa.exe
  C:\Windows\System\WUNlOXa.exe
  2⤵
  PID:10112
- C:\Windows\System\ELyLiaP.exe
  C:\Windows\System\ELyLiaP.exe
  2⤵
  PID:9708
- C:\Windows\System\ueVGTFW.exe
  C:\Windows\System\ueVGTFW.exe
  2⤵
  PID:9864
- C:\Windows\System\EPHHeOf.exe
  C:\Windows\System\EPHHeOf.exe
  2⤵
  PID:5200
- C:\Windows\System\QxsYtxi.exe
  C:\Windows\System\QxsYtxi.exe
  2⤵
  PID:9360
- C:\Windows\System\gVJAhne.exe
  C:\Windows\System\gVJAhne.exe
  2⤵
  PID:10032
- C:\Windows\System\VAqcabl.exe
  C:\Windows\System\VAqcabl.exe
  2⤵
  PID:1588
- C:\Windows\System\TwYpffD.exe
  C:\Windows\System\TwYpffD.exe
  2⤵
  PID:9472
- C:\Windows\System\dBQBAND.exe
  C:\Windows\System\dBQBAND.exe
  2⤵
  PID:14356
- C:\Windows\System\bObGCCt.exe
  C:\Windows\System\bObGCCt.exe
  2⤵
  PID:14384
- C:\Windows\System\HbuukaN.exe
  C:\Windows\System\HbuukaN.exe
  2⤵
  PID:14424
- C:\Windows\System\fQOmMne.exe
  C:\Windows\System\fQOmMne.exe
  2⤵
  PID:14440
- C:\Windows\System\cpSzVbP.exe
  C:\Windows\System\cpSzVbP.exe
  2⤵
  PID:14468
- C:\Windows\System\JTIazIz.exe
  C:\Windows\System\JTIazIz.exe
  2⤵
  PID:14496
- C:\Windows\System\zEQfAOJ.exe
  C:\Windows\System\zEQfAOJ.exe
  2⤵
  PID:14524
- C:\Windows\System\NrfLDIE.exe
  C:\Windows\System\NrfLDIE.exe
  2⤵
  PID:14552
- C:\Windows\System\iLGFytV.exe
  C:\Windows\System\iLGFytV.exe
  2⤵
  PID:14580
- C:\Windows\System\KPiqYCS.exe
  C:\Windows\System\KPiqYCS.exe
  2⤵
  PID:14608
- C:\Windows\System\AKOxpEu.exe
  C:\Windows\System\AKOxpEu.exe
  2⤵
  PID:14636
- C:\Windows\System\CqMlqou.exe
  C:\Windows\System\CqMlqou.exe
  2⤵
  PID:14668
- C:\Windows\System\UNLnKDN.exe
  C:\Windows\System\UNLnKDN.exe
  2⤵
  PID:14696
- C:\Windows\System\WTFpOqB.exe
  C:\Windows\System\WTFpOqB.exe
  2⤵
  PID:14724
- C:\Windows\System\hJUIXyv.exe
  C:\Windows\System\hJUIXyv.exe
  2⤵
  PID:14752
- C:\Windows\System\NNUcXCH.exe
  C:\Windows\System\NNUcXCH.exe
  2⤵
  PID:14780
- C:\Windows\System\sByaCph.exe
  C:\Windows\System\sByaCph.exe
  2⤵
  PID:14808
- C:\Windows\System\BFHhyoR.exe
  C:\Windows\System\BFHhyoR.exe
  2⤵
  PID:14836
- C:\Windows\System\yXbJqHT.exe
  C:\Windows\System\yXbJqHT.exe
  2⤵
  PID:14864
- C:\Windows\System\XxTUvXs.exe
  C:\Windows\System\XxTUvXs.exe
  2⤵
  PID:14892
- C:\Windows\System\IiiTmkV.exe
  C:\Windows\System\IiiTmkV.exe
  2⤵
  PID:14920
- C:\Windows\System\ciWzWEW.exe
  C:\Windows\System\ciWzWEW.exe
  2⤵
  PID:14948
- C:\Windows\System\sKGTvUd.exe
  C:\Windows\System\sKGTvUd.exe
  2⤵
  PID:14976
- C:\Windows\System\GfNUHDL.exe
  C:\Windows\System\GfNUHDL.exe
  2⤵
  PID:15004
- C:\Windows\System\CHDEDDm.exe
  C:\Windows\System\CHDEDDm.exe
  2⤵
  PID:15024
- C:\Windows\System\BYCitgQ.exe
  C:\Windows\System\BYCitgQ.exe
  2⤵
  PID:15060
- C:\Windows\System\MZzrKSd.exe
  C:\Windows\System\MZzrKSd.exe
  2⤵
  PID:15088
- C:\Windows\System\kqEXFal.exe
  C:\Windows\System\kqEXFal.exe
  2⤵
  PID:15116
- C:\Windows\System\CYYjPxi.exe
  C:\Windows\System\CYYjPxi.exe
  2⤵
  PID:15144
- C:\Windows\System\yWsbKpu.exe
  C:\Windows\System\yWsbKpu.exe
  2⤵
  PID:15172
- C:\Windows\System\yKHLbRj.exe
  C:\Windows\System\yKHLbRj.exe
  2⤵
  PID:15200
- C:\Windows\System\TWODCgI.exe
  C:\Windows\System\TWODCgI.exe
  2⤵
  PID:15228
- C:\Windows\System\JaZHwgn.exe
  C:\Windows\System\JaZHwgn.exe
  2⤵
  PID:15256
- C:\Windows\System\ujnANHl.exe
  C:\Windows\System\ujnANHl.exe
  2⤵
  PID:15284
- C:\Windows\System\qHHOwvq.exe
  C:\Windows\System\qHHOwvq.exe
  2⤵
  PID:15312
- C:\Windows\System\MCFyxwE.exe
  C:\Windows\System\MCFyxwE.exe
  2⤵
  PID:15344
- C:\Windows\System\VzazzNI.exe
  C:\Windows\System\VzazzNI.exe
  2⤵
  PID:14368
- C:\Windows\System\WnzwUac.exe
  C:\Windows\System\WnzwUac.exe
  2⤵
  PID:14432
- C:\Windows\System\SqpToDO.exe
  C:\Windows\System\SqpToDO.exe
  2⤵
  PID:14480
- C:\Windows\System\QkoJJis.exe
  C:\Windows\System\QkoJJis.exe
  2⤵
  PID:14520
- C:\Windows\System\ZTLYBMN.exe
  C:\Windows\System\ZTLYBMN.exe
  2⤵
  PID:14576
- C:\Windows\System\PjMRilP.exe
  C:\Windows\System\PjMRilP.exe
  2⤵
  PID:14648
- C:\Windows\System\rRDifkQ.exe
  C:\Windows\System\rRDifkQ.exe
  2⤵
  PID:14716
- C:\Windows\System\QybQSiC.exe
  C:\Windows\System\QybQSiC.exe
  2⤵
  PID:14764
- C:\Windows\System\OnpEGpD.exe
  C:\Windows\System\OnpEGpD.exe
  2⤵
  PID:14828
- C:\Windows\System\RzEWiMm.exe
  C:\Windows\System\RzEWiMm.exe
  2⤵
  PID:14944
- C:\Windows\System\MOMgedH.exe
  C:\Windows\System\MOMgedH.exe
  2⤵
  PID:14972
- C:\Windows\System\lGbfZEO.exe
  C:\Windows\System\lGbfZEO.exe
  2⤵
  PID:15016
- C:\Windows\System\jrGlXZw.exe
  C:\Windows\System\jrGlXZw.exe
  2⤵
  PID:1228
- C:\Windows\System\DWonaBQ.exe
  C:\Windows\System\DWonaBQ.exe
  2⤵
  PID:15100
- C:\Windows\System\EJcuqmW.exe
  C:\Windows\System\EJcuqmW.exe
  2⤵
  PID:15128
- C:\Windows\System\XqXfXZS.exe
  C:\Windows\System\XqXfXZS.exe
  2⤵
  PID:15140
- C:\Windows\System\OpdvCON.exe
  C:\Windows\System\OpdvCON.exe
  2⤵
  PID:15212
- C:\Windows\System\gcxwTnU.exe
  C:\Windows\System\gcxwTnU.exe
  2⤵
  PID:15248
- C:\Windows\System\TmffIbn.exe
  C:\Windows\System\TmffIbn.exe
  2⤵
  PID:10276
- C:\Windows\System\TVmxteA.exe
  C:\Windows\System\TVmxteA.exe
  2⤵
  PID:10324
- C:\Windows\System\hhULtmv.exe
  C:\Windows\System\hhULtmv.exe
  2⤵
  PID:14464
- C:\Windows\System\NpHUfxb.exe
  C:\Windows\System\NpHUfxb.exe
  2⤵
  PID:14804
- C:\Windows\System\afxfGjg.exe
  C:\Windows\System\afxfGjg.exe
  2⤵
  PID:10360
- C:\Windows\System\nnlbfxk.exe
  C:\Windows\System\nnlbfxk.exe
  2⤵
  PID:14888
- C:\Windows\System\mRchcdy.exe
  C:\Windows\System\mRchcdy.exe
  2⤵
  PID:9424
- C:\Windows\System\FXijFYz.exe
  C:\Windows\System\FXijFYz.exe
  2⤵
  PID:10492
- C:\Windows\System\RFzFvyP.exe
  C:\Windows\System\RFzFvyP.exe
  2⤵
  PID:9872
- C:\Windows\System\SWNCEgP.exe
  C:\Windows\System\SWNCEgP.exe
  2⤵
  PID:15112
- C:\Windows\System\LsBqasR.exe
  C:\Windows\System\LsBqasR.exe
  2⤵
  PID:10636
- C:\Windows\System\rUNSexM.exe
  C:\Windows\System\rUNSexM.exe
  2⤵
  PID:10664
- C:\Windows\System\DMUCKNh.exe
  C:\Windows\System\DMUCKNh.exe
  2⤵
  PID:15276
- C:\Windows\System\tPdfybn.exe
  C:\Windows\System\tPdfybn.exe
  2⤵
  PID:10804
- C:\Windows\System\rsVFZgn.exe
  C:\Windows\System\rsVFZgn.exe
  2⤵
  PID:14544
- C:\Windows\System\uEuvkNo.exe
  C:\Windows\System\uEuvkNo.exe
  2⤵
  PID:10888
- C:\Windows\System\nRcwoWi.exe
  C:\Windows\System\nRcwoWi.exe
  2⤵
  PID:3528
- C:\Windows\System\NSdlaGM.exe
  C:\Windows\System\NSdlaGM.exe
  2⤵
  PID:14856
- C:\Windows\System\NQFKKYC.exe
  C:\Windows\System\NQFKKYC.exe
  2⤵
  PID:11000
- C:\Windows\System\eEULSXM.exe
  C:\Windows\System\eEULSXM.exe
  2⤵
  PID:11048
- C:\Windows\System\aggbFCP.exe
  C:\Windows\System\aggbFCP.exe
  2⤵
  PID:11076
- C:\Windows\System\sIdHXrp.exe
  C:\Windows\System\sIdHXrp.exe
  2⤵
  PID:10516
- C:\Windows\System\kgaXJzb.exe
  C:\Windows\System\kgaXJzb.exe
  2⤵
  PID:11168
- C:\Windows\System\RIeDDoi.exe
  C:\Windows\System\RIeDDoi.exe
  2⤵
  PID:8104
- C:\Windows\System\lVkOzuo.exe
  C:\Windows\System\lVkOzuo.exe
  2⤵
  PID:11252
- C:\Windows\System\NSZdkYR.exe
  C:\Windows\System\NSZdkYR.exe
  2⤵
  PID:10740
- C:\Windows\System\zrrWPqH.exe
  C:\Windows\System\zrrWPqH.exe
  2⤵
  PID:10344
- C:\Windows\System\iNXdiPP.exe
  C:\Windows\System\iNXdiPP.exe
  2⤵
  PID:10388
- C:\Windows\System\XfFUEgA.exe
  C:\Windows\System\XfFUEgA.exe
  2⤵
  PID:14604
- C:\Windows\System\fDqZrSq.exe
  C:\Windows\System\fDqZrSq.exe
  2⤵
  PID:14680
- C:\Windows\System\SthQkie.exe
  C:\Windows\System\SthQkie.exe
  2⤵
  PID:10696
- C:\Windows\System\CmPcrvv.exe
  C:\Windows\System\CmPcrvv.exe
  2⤵
  PID:14904
- C:\Windows\System\pouFOCh.exe
  C:\Windows\System\pouFOCh.exe
  2⤵
  PID:14968
- C:\Windows\System\nMcAHll.exe
  C:\Windows\System\nMcAHll.exe
  2⤵
  PID:11024
- C:\Windows\System\xmDNhkn.exe
  C:\Windows\System\xmDNhkn.exe
  2⤵
  PID:10572
- C:\Windows\System\fcENsuZ.exe
  C:\Windows\System\fcENsuZ.exe
  2⤵
  PID:15196
- C:\Windows\System\JlfGLlF.exe
  C:\Windows\System\JlfGLlF.exe
  2⤵
  PID:15328
- C:\Windows\System\DODrjNs.exe
  C:\Windows\System\DODrjNs.exe
  2⤵
  PID:10672
- C:\Windows\System\HtzpFmy.exe
  C:\Windows\System\HtzpFmy.exe
  2⤵
  PID:7748
- C:\Windows\System\EPQjIKT.exe
  C:\Windows\System\EPQjIKT.exe
  2⤵
  PID:10460
- C:\Windows\System\IxrANqx.exe
  C:\Windows\System\IxrANqx.exe
  2⤵
  PID:10660
- C:\Windows\System\MCQoxRv.exe
  C:\Windows\System\MCQoxRv.exe
  2⤵
  PID:10780
- C:\Windows\System\AYhxcLZ.exe
  C:\Windows\System\AYhxcLZ.exe
  2⤵
  PID:10912
- C:\Windows\System\cACnGPm.exe
  C:\Windows\System\cACnGPm.exe
  2⤵
  PID:11108
- C:\Windows\System\UwrtBOF.exe
  C:\Windows\System\UwrtBOF.exe
  2⤵
  PID:10608
- C:\Windows\System\MIKEqRK.exe
  C:\Windows\System\MIKEqRK.exe
  2⤵
  PID:11268
- C:\Windows\System\wJbFvwg.exe
  C:\Windows\System\wJbFvwg.exe
  2⤵
  PID:10784
- C:\Windows\System\UmyMCmn.exe
  C:\Windows\System\UmyMCmn.exe
  2⤵
  PID:11336
- C:\Windows\System\gNWsVlm.exe
  C:\Windows\System\gNWsVlm.exe
  2⤵
  PID:11364
- C:\Windows\System\gNGpLWa.exe
  C:\Windows\System\gNGpLWa.exe
  2⤵
  PID:11392
- C:\Windows\System\LJJcvWz.exe
  C:\Windows\System\LJJcvWz.exe
  2⤵
  PID:4828
- C:\Windows\System\UZHjuba.exe
  C:\Windows\System\UZHjuba.exe
  2⤵
  PID:11440
- C:\Windows\System\ksqsyxu.exe
  C:\Windows\System\ksqsyxu.exe
  2⤵
  PID:11476
- C:\Windows\System\SxyfRCc.exe
  C:\Windows\System\SxyfRCc.exe
  2⤵
  PID:11552
- C:\Windows\System\eOiaZAr.exe
  C:\Windows\System\eOiaZAr.exe
  2⤵
  PID:11300
- C:\Windows\System\gJxGSSl.exe
  C:\Windows\System\gJxGSSl.exe
  2⤵
  PID:9540
- C:\Windows\System\yQCGqvt.exe
  C:\Windows\System\yQCGqvt.exe
  2⤵
  PID:11648
- C:\Windows\System\xaWhbvJ.exe
  C:\Windows\System\xaWhbvJ.exe
  2⤵
  PID:8692
- C:\Windows\System\zwrwuRc.exe
  C:\Windows\System\zwrwuRc.exe
  2⤵
  PID:11732
- C:\Windows\System\Alvrgyb.exe
  C:\Windows\System\Alvrgyb.exe
  2⤵
  PID:10560
- C:\Windows\System\AFmOGnj.exe
  C:\Windows\System\AFmOGnj.exe
  2⤵
  PID:11808
- C:\Windows\System\xPHBVhu.exe
  C:\Windows\System\xPHBVhu.exe
  2⤵
  PID:11840
- C:\Windows\System\vKOKtNf.exe
  C:\Windows\System\vKOKtNf.exe
  2⤵
  PID:11752
- C:\Windows\System\XkrhnmH.exe
  C:\Windows\System\XkrhnmH.exe
  2⤵
  PID:14408
- C:\Windows\System\atMEnrd.exe
  C:\Windows\System\atMEnrd.exe
  2⤵
  PID:11848
- C:\Windows\System\gXyWIDU.exe
  C:\Windows\System\gXyWIDU.exe
  2⤵
  PID:11904
- C:\Windows\System\bvtbOzq.exe
  C:\Windows\System\bvtbOzq.exe
  2⤵
  PID:12008
- C:\Windows\System\Skimzgg.exe
  C:\Windows\System\Skimzgg.exe
  2⤵
  PID:11988
- C:\Windows\System\PSlEDPq.exe
  C:\Windows\System\PSlEDPq.exe
  2⤵
  PID:12092
- C:\Windows\System\BZWdlZO.exe
  C:\Windows\System\BZWdlZO.exe
  2⤵
  PID:12016
- C:\Windows\System\SWcCFZZ.exe
  C:\Windows\System\SWcCFZZ.exe
  2⤵
  PID:12156
- C:\Windows\System\vrkJVsb.exe
  C:\Windows\System\vrkJVsb.exe
  2⤵
  PID:12196
- C:\Windows\System\VvdpEMf.exe
  C:\Windows\System\VvdpEMf.exe
  2⤵
  PID:15384
- C:\Windows\System\dPZUtwE.exe
  C:\Windows\System\dPZUtwE.exe
  2⤵
  PID:15412
- C:\Windows\System\EWDBFJc.exe
  C:\Windows\System\EWDBFJc.exe
  2⤵
  PID:15464
- C:\Windows\System\HCiAurS.exe
  C:\Windows\System\HCiAurS.exe
  2⤵
  PID:15532
- C:\Windows\System\vNybawM.exe
  C:\Windows\System\vNybawM.exe
  2⤵
  PID:15556
- C:\Windows\System\eLyIFHL.exe
  C:\Windows\System\eLyIFHL.exe
  2⤵
  PID:15596
- C:\Windows\System\DMucDpM.exe
  C:\Windows\System\DMucDpM.exe
  2⤵
  PID:15624
- C:\Windows\System\xOnBJTw.exe
  C:\Windows\System\xOnBJTw.exe
  2⤵
  PID:15652
- C:\Windows\System\KPzPScn.exe
  C:\Windows\System\KPzPScn.exe
  2⤵
  PID:15680
- C:\Windows\System\uCAQOqg.exe
  C:\Windows\System\uCAQOqg.exe
  2⤵
  PID:15708
- C:\Windows\System\pOnHuCk.exe
  C:\Windows\System\pOnHuCk.exe
  2⤵
  PID:15736
- C:\Windows\System\NPvilKs.exe
  C:\Windows\System\NPvilKs.exe
  2⤵
  PID:15764
- C:\Windows\System\qVSlJux.exe
  C:\Windows\System\qVSlJux.exe
  2⤵
  PID:15796
- C:\Windows\System\JlXLlyu.exe
  C:\Windows\System\JlXLlyu.exe
  2⤵
  PID:15824
- C:\Windows\System\nphHuFQ.exe
  C:\Windows\System\nphHuFQ.exe
  2⤵
  PID:15852
- C:\Windows\System\xNXsUgM.exe
  C:\Windows\System\xNXsUgM.exe
  2⤵
  PID:15880
- C:\Windows\System\czSKLeI.exe
  C:\Windows\System\czSKLeI.exe
  2⤵
  PID:15908
- C:\Windows\System\mnSvWUf.exe
  C:\Windows\System\mnSvWUf.exe
  2⤵
  PID:15936
- C:\Windows\System\AtbuRCP.exe
  C:\Windows\System\AtbuRCP.exe
  2⤵
  PID:15964
- C:\Windows\System\kTkoUPS.exe
  C:\Windows\System\kTkoUPS.exe
  2⤵
  PID:15992
- C:\Windows\System\xpJHgSD.exe
  C:\Windows\System\xpJHgSD.exe
  2⤵
  PID:16020
- C:\Windows\System\etjRRcM.exe
  C:\Windows\System\etjRRcM.exe
  2⤵
  PID:16048
- C:\Windows\System\veTUbei.exe
  C:\Windows\System\veTUbei.exe
  2⤵
  PID:16076
- C:\Windows\System\zmAMdMl.exe
  C:\Windows\System\zmAMdMl.exe
  2⤵
  PID:16104
- C:\Windows\System\ecIkKWp.exe
  C:\Windows\System\ecIkKWp.exe
  2⤵
  PID:16132
- C:\Windows\System\Tnazzfo.exe
  C:\Windows\System\Tnazzfo.exe
  2⤵
  PID:16160
- C:\Windows\System\PqpfQGA.exe
  C:\Windows\System\PqpfQGA.exe
  2⤵
  PID:16188
- C:\Windows\System\kaZSjGM.exe
  C:\Windows\System\kaZSjGM.exe
  2⤵
  PID:16216
- C:\Windows\System\hnueBPM.exe
  C:\Windows\System\hnueBPM.exe
  2⤵
  PID:16244
- C:\Windows\System\bavWims.exe
  C:\Windows\System\bavWims.exe
  2⤵
  PID:16272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CAMTqSr.exe

Filesize
6.0MB

MD5
8a9f5222b2b3dc68c176db6226470ae3

SHA1
8580392517d2fb373f021aa1ebd2e6912c3e013b

SHA256
fdd633520660ca0dd7ff93803a3b93ebefcd387515e995b2d355d70dd46d5bc9

SHA512
22df9a5c5bfadb9d994381b1d0ec2c1bf072c7b29d0aa5926fcb6f1cf8c215c67a1cca880056a8e4455ab4cce3a2f6a9f6e1d31f79adbbd14f52975fc4aec759

Download Submit
C:\Windows\System\DQbORNm.exe

Filesize
6.0MB

MD5
926a1fc7d63d360425c901b8fe0f9694

SHA1
2997e9c5c4aadd8aab076b720bec79e09dfd6e33

SHA256
3378c09fb622f8ccbbccffc5c489a7907aaa238449880d9299f0e66c170dfe0b

SHA512
f5bee1cc33577a3c1751a97ed54ad7c5346aa3c0a4a2a076884b85e8a3f370d22473f3206b8612d231abc2c1d04cb7716a3bab803775e7dbc01a1fe4c66617e3

Download Submit
C:\Windows\System\EPqVmQe.exe

Filesize
6.0MB

MD5
116fd9c7105a5d9a5e8e0b7785456b1b

SHA1
06afcb13799bc32a70a7ee279858ebd680f9a306

SHA256
8b5c8940cfe7a6f7b30d4af0229b33ffce2a4c281765dc4aee77fda55feeb087

SHA512
b23bde7772af3d47dc56c4657bde8f2a70c643685fcbcf9e26a7a3a61cd689d6a65651e50d8f925182a74d5d9e0748885e7e3351ebe89c4dd3a8e726c1a81e7e

Download Submit
C:\Windows\System\GQMtLGr.exe

Filesize
6.0MB

MD5
7b0d318b2689d539554a57d4674e8ab5

SHA1
91fb166efe0ead123ef2ec2ea9db4fbb47c81867

SHA256
2edbbca9d3765743915e0625f713edb1ca21b881b10fb5e6adede773e1b56474

SHA512
0eae93430723862b2c8996e13da41ed94fbc582c993269da4214285116f6162043b757a763980daeba88659795f65300e00dd9ea6bef6b8e7db0a3897c874229

Download Submit
C:\Windows\System\HBVWwxs.exe

Filesize
6.0MB

MD5
8a3334454ea585f52c90f6536c2968a5

SHA1
c8436a41bb2148581f965397e743b118f9079b12

SHA256
b43b4e5452ba0e0180aa766e39fe7e1bd4ca34d1302b9fae3b38811716f268d3

SHA512
20438702f656a451bb68ee40ec32ce0508e3da22404869c31391f8d7f0260c12de35c4c25de7d150885696fd47293203427e3e085d5ca5900fb40f71097fa648

Download Submit
C:\Windows\System\HErnXMZ.exe

Filesize
6.0MB

MD5
37c6c4aae46f9029c2cf187245ab24dd

SHA1
0cfb2275daa9d37eb6731460050232dca1345272

SHA256
6f2615db800bd1fc7696274123966e9c221fa31b0227afbd5ad5fcbdc03fdc8d

SHA512
0503c554e1534365c3c9e130461703569cd897543f212e488a406199c900827fbedd24e0b857c7969a18c92202e85710c2638b49043335e9e4428b8779303bdc

Download Submit
C:\Windows\System\HtygFVf.exe

Filesize
6.0MB

MD5
5e4810c3a0ea11d65da627a8886d0a7c

SHA1
fa3b08c6efa50c0ba6641cd2f3a7dab938e6f100

SHA256
fe9cad96616854d319c81d645d8080efd7e17b4c682969cb9cc6a4fc28dd806f

SHA512
f1b25dc08b55d12a50f4e3ea636cdc9d409c6ede8f8d4ea2718057519683a7714c0efa8a26275301dd7d7e46114ba6d0da13a4b5cc367d344409f59abacba231

Download Submit
C:\Windows\System\KVJFekj.exe

Filesize
6.0MB

MD5
e941de7031c1a97a8ded501b16f7257e

SHA1
5128fbe3c59bc8ffe34bcbf3c1660fbc106c7f32

SHA256
38b768331d392f6efaad1ff13d8b4fc72efb6751670906336e42065f7c763abe

SHA512
e6f33d96ad0d3dfee0b821e04d30b2dd80d609f885b8da33b8c761cda410c7011f9efbd2c87244c027058e6bbf9b6e2c6204e81907f37eb5f5de95e674736763

Download Submit
C:\Windows\System\LWRwNqk.exe

Filesize
6.0MB

MD5
2a3475ec74e04c08e0df5e481b846bae

SHA1
f279bb4ee744ef5c0538f4698bf7126ab014ccdf

SHA256
c8163e1c0e6557776b9e84d977ff50f546e56e91ca909bcb2644db30cfa2dbdc

SHA512
0c9c483d661b8c41830c1ade913d071136cfa704c2fd9409baa830e1789a1f24ea9d1e8c5f2f39b3fc32d5e34381ed33949db8098c35efe42ae4f50111100358

Download Submit
C:\Windows\System\NfefQyR.exe

Filesize
6.0MB

MD5
e7a362c2debb77de7ceab3bd1629cb9b

SHA1
8f4af2b58aa4b07462f05e829a112353d8cadc3d

SHA256
b2748e27c88b4ca29c034befc52fdb31a6c2902d191660085e8ef1befaa7d06a

SHA512
47884c464a49ef26795294dcca91145548e692a5fe423dc67fd62408b4b2abf98db7faf07386bc6380cfc512c55c0bf86c349320a2cd9b9abd8bf6a34fed0d60

Download Submit
C:\Windows\System\PRVmUbm.exe

Filesize
6.0MB

MD5
b2fc301a804f45c221fbc337565cc2f1

SHA1
db5de24f72bb91d87f4a9ef36795158c94142de8

SHA256
4d5a19a0fc3ea2d99c33622432298b6c5ca9f96a10874f604237f77f69ef97da

SHA512
ad97c079f351e8e7fd31c218ef22e83d18b9677a0c59dd78a9701acf6c5a04346cd388ef8450fddb8cf95fec2e962877a8c80cee51628b7c195f1198b6bd935a

Download Submit
C:\Windows\System\RGpDQTU.exe

Filesize
6.0MB

MD5
e33badb5b3600918c1ac6f1fac6d1edc

SHA1
6b7aa6e2fc49ddd37dc8aa1f538122c290c06387

SHA256
4c7d8201d5f0f11efa81c7f9733541f4d04739bf051a8352b26d2651829fe7ee

SHA512
b216c7e3455e0b427a982eeaf1f5e1edafa860ccafc9ea907f86f2e464a47a3c01b362ce974e7708852669bf2287c79c8a82b9d8615ef187bda4bb5925165b6d

Download Submit
C:\Windows\System\RLeSuPj.exe

Filesize
6.0MB

MD5
0e51ff1be284e0ea9916b6b03210bd95

SHA1
325eba05b08beddad6ef0b34f95386b77f911be2

SHA256
2c94df16f25b82787b6e84b8cb23770a32e2e4bb674e12de8e035527fed57aa1

SHA512
787243d2e6ef6fd7da9f8e77d8c18b22619bd71f2c6fa973f5c679b07ef5a5a83fc9a96c1b4de622bc81ae104c8787d1e3476f316a00f858c2cff684d02b43d3

Download Submit
C:\Windows\System\ROhpZjz.exe

Filesize
6.0MB

MD5
892625e47645c65e9bbe3695e2b869ec

SHA1
103355c3227f4d65bb52cc77fd9e62f8b7902d6c

SHA256
f3d05332be20005a61086622ee9e83de995a97b46230942a444e61ac0a2f6dae

SHA512
62c21c8baa54dba6b4680bf45d8fc9a22779f0b0ab0d1e9690cd7999f76f41a6d0478e16a061a94c9fa317dd72c0f2ab3294ec7c0264bdbbbbc0c13f7ba82eb8

Download Submit
C:\Windows\System\SCeHmun.exe

Filesize
6.0MB

MD5
e53d33e413b59783d7f3f53ab4b5fa40

SHA1
36048fab21a66554fff1ff13258cae0e9153abea

SHA256
c0b407228ae3d6a23f760be950b8c692ef15f2968580128f411f766fa29ce4f8

SHA512
84728b810dce571a56860cea6fbaeb0095fa2a1b15fae542ebdd200ef8258ca84b9309cbd933fc1083025adca6c1d61c8756956dfc96821fec0e833c0c2f28cc

Download Submit
C:\Windows\System\TIUoFVn.exe

Filesize
6.0MB

MD5
51e0cd73cc381041f63773725c96ed34

SHA1
ad1661db3300ce05efcb0fc77045f5d909aa5024

SHA256
1ddaa7aafcc8634f2bb20915c504df7f5b910863860896d31da04d298d8b32ef

SHA512
3a538e45870fe5ca23e0f077c13f0a16b018ad36ce74e8babc3e2612e2375d498caf006440ad225b02234753968f1ccd82c48e2d94457b91f9f245a7ef536ee1

Download Submit
C:\Windows\System\UjSxIph.exe

Filesize
6.0MB

MD5
6feea19a54f95ce0d95d8a2fc03ebf8d

SHA1
c06983ca4b715b0cac86b3baf902f1a06983bcd4

SHA256
2b8caf7258352a9f30901fbaf9eeff3696cec2f88eb21ad5cdb70569d2e08e43

SHA512
47a1c7c04d924027602989afa88e0b4e306b1102ef9204acc08333fcf63c5c4b7f59b7ad67d1eccfb666a09ee9dabc018bc0317c20f930e7892b22788a94ef03

Download Submit
C:\Windows\System\UwvntAy.exe

Filesize
6.0MB

MD5
2b2f1277906e3eb5436440b0be400869

SHA1
085292aabb35471e24d9941378896094d56a3dc8

SHA256
abcce53cac253a8e6653e77a300971ebeea22937f2adf9b7cdac13c3e1a8cb0a

SHA512
55212aed138dd82c0937c694c6ccc29647fe7ad5d904e7467727745fb175821025fed46d1e13b559293840b5ee70759b44e0b96f288419f04c981abeef3c44e0

Download Submit
C:\Windows\System\VSWAtJy.exe

Filesize
6.0MB

MD5
e098e75cb4f0737ac68674bc131a6e98

SHA1
0d285d0063353d243f6c461a62a1eb4ddb7ebe90

SHA256
ed68b71afb79bc1225daed5f82d927671c111023a18e8124b37279fdb41614fa

SHA512
d66939754c2afcc155142e5b18a07abaded5818c5f4e8514d4b3ec27fb35a28aa82774438bf14665fccbd07bb312de0bafe3d283f01e2cd9fdd467abf9f18b8c

Download Submit
C:\Windows\System\XgWDwmh.exe

Filesize
6.0MB

MD5
a6eef2a55e62a45467f510af4a1dab3b

SHA1
080762b0d0434f8a8e743e7f6034d69a11d8f06d

SHA256
a11cf8ed6c1e015488d24b26872a6e175c684e9d69e4d8f9139df0e6cdf905eb

SHA512
9275d0b81c71533b0c47297e6932a20346975b81f704b40bff4841d0ef7572b3336e116c71c2569c07db72646bba8f9f382226a9571517e89b6596367d1a2b58

Download Submit
C:\Windows\System\YGFqXVv.exe

Filesize
6.0MB

MD5
f6a3f51d6ca05b83d13f92cba387140f

SHA1
6e90023c81a04d8cd047ddb9fe7c705731e45b1d

SHA256
00f5fc6e209140d08e83a4a7c90c99e5b0a277e16d789cc3b78944fe82f1fe8d

SHA512
834841fcadc78d936462b875d19f762dc9d10c2c3ea71b7d5c1c4e3a777fdf540ecaf029fa03b3689722eaa906b7b8cf0ec37c715164b147e2a3ab57385088b1

Download Submit
C:\Windows\System\ZBpXcxa.exe

Filesize
6.0MB

MD5
165d05e2f2a2aad9c8d3f74dfbd2e337

SHA1
7bfe487c6d1726d3d944d1d34a7c9b81d4a9a610

SHA256
febb2006c04a56ae4f083f1ff368b800ef0a6996973d1bd2fa4953f0aa8cdb21

SHA512
6452690f1fadd0d818241ad0da4f2c86d1d823a2d7b8f1c49b250991e5b41f68ff52ca0b82f1424db320471df0cc7fe038809a8c0dba5934ce905d1370662184

Download Submit
C:\Windows\System\aQjVYal.exe

Filesize
6.0MB

MD5
6d31e70fc34aec418a03bbf29159eafa

SHA1
24b224b88314252c00ecc135375800c8f70f7e87

SHA256
de2857f0dadcb4bd470ee67e0708704c14e27f6d3b04bef9431fd290047d789a

SHA512
adc8009b08b56ed5da7b940a85483244ab078bfe3fdb05fbbd79988d56fecf4b7f6a52f24e50ee95ba4f827e037fc497b590ec7656b2921c35deeaab7b929bc0

Download Submit
C:\Windows\System\cKgAOHg.exe

Filesize
6.0MB

MD5
372646c6438661a9cc11548a6b5cdc6b

SHA1
6eb4268f82a12c89d284534288500df7783d7bdf

SHA256
25d1df2e894e389bbdf65b39b8947779a874e61c6f7ae734b6cf52075e64e810

SHA512
e5a9f421605e631ca3c36801fb4ec8133bb657a60fa407119e3b3c92205a5b5816a20a18f5b3dcd1e7cef99386e3e66f64f1e25c13d714be13bb16fce567063d

Download Submit
C:\Windows\System\daMGNFr.exe

Filesize
6.0MB

MD5
8ef46ef81b11d6876aa15b17a980b161

SHA1
5f41261c5bd3ba267b005b528a892d93d3485452

SHA256
fd5f59f3da0ba84edb8545d0c540537a8e4749b8f1b5f449291c7e890472ba05

SHA512
fde5271fd94ab03b805b9ba94946050677e97b78f6ba4dcc6258a03af87a3ae2bc6da6758479c9099716e9cbfecfbce678da75a8915269884aa0c80ebe99b290

Download Submit
C:\Windows\System\ghEaLpO.exe

Filesize
6.0MB

MD5
d736a8b96f2c7631ddae49d0b72abb6b

SHA1
9b32bd4bfa18615eafc2a9d489995c7baad7ebf0

SHA256
5d29da17ea36f5e2ebd04aebc39d5907932d3d897590d03888c65fbc394cada5

SHA512
7e494467a19516534449a0498061a078642e6775206542a2c47581b576bc5f28d357b149138214fecfcc28b7a75dfa278d724b1ba677660e583573fa6d570777

Download Submit
C:\Windows\System\ivwLuCD.exe

Filesize
6.0MB

MD5
598a6757e9c06a8b266ea93a2204b22c

SHA1
a85e3746be023824b11a41c743f7dfdfa6e291aa

SHA256
3654649b0b1e0a1c9d81672086806f5123884934de71ce59c2f50d79604dbe47

SHA512
7692b270eebc7e83ede64a16025865d41b347354d0626f7fd50119c7b93941f2a0e1858839e3b2740c2c9ad976537b682e9f2d397f171955af259671cd3a3eb8

Download Submit
C:\Windows\System\jtWqodB.exe

Filesize
6.0MB

MD5
2614ce13bf5c902ebbc853ced60f0122

SHA1
4bb38ff4d1aad002150c8ae4c2f1a9d7ef2a74d9

SHA256
d60558015f6f2e76ff1573d3801351a7d38ba4e9ecce8c15a315f1dcd39d4f59

SHA512
21ae7208da1f1a4b9dc8b53574f9b6d5b9479ceff6e4fadaf31e59ed4dc6c69d90d2451eb871befb598b11e9959727281617542796cd07225148faebd504ef82

Download Submit
C:\Windows\System\nreEOIj.exe

Filesize
6.0MB

MD5
3bbf09e77aecf29f5b23e17b2ec91aa8

SHA1
8a3c2c7c0623a145cb2f5ec7689a1f93a65b523c

SHA256
30a6bd4756d96f0688a56b2ba4f88ad00eda338cf1d55d8cb244443a2c2eab47

SHA512
4d4c2394e7c93d5fbc367820daaa4159e474479d8b4fadf0a062d8c89c038da05d2bb239e4fccbbbc7eb9884d583ba4f73248ee80c9c7a6fb49fb78a8f798ce9

Download Submit
C:\Windows\System\qWunMUz.exe

Filesize
6.0MB

MD5
d92797592d8854c4e68a83c6322c2007

SHA1
643863bcc7aad5e53add79a67c05030f0a4d466a

SHA256
2ded61d4786246ccdcd4559e526d4931a547199f2fa1ca6662aff4f667bc14e0

SHA512
bdbbdc876b202dcfd1dbfbef0caee3fc64f84c97fc6829524b0c0aaf61485899d26e5a0d5c877dd42253e2573a9ad104832783a6481ee17c26a149a159597d98

Download Submit
C:\Windows\System\rZNlzsB.exe

Filesize
6.0MB

MD5
27649bf98e497c2c6567d995d085c695

SHA1
dd2b49bbea12b9cffe89dd024873fdd692c06c56

SHA256
1b5a7f739625f73b2e91f9d3379846cf75fcc4df59f3ac5a1dd57b027da47dff

SHA512
f5bf8091536978f0e63bf96f1ffe642294339d9d4cadf9e1ba938773072f92dc6901395fae2d6c379b4f47c6c6349d4cd8dbc56d380e74ca16bb27bbe559fe1a

Download Submit
C:\Windows\System\vwPywnL.exe

Filesize
6.0MB

MD5
1fd2f25d3f882b0f5bd56ad9e3ac52d6

SHA1
4cc2c6aa58602cacc87c79c839d56b13c0e8b68b

SHA256
263e3992d817abbe2add8fe7d01098496c2ef36a8c5e4b14684068604efb79fc

SHA512
f154fee7930ad144b9b303349c798b9486383aced2c5972f97828d1430d82b4d521b1ec8d812c79a6d94e3ba7a9d69e9436dfd953e74f98099666e4d12c56608

Download Submit
memory/384-303-0x00007FF621A10000-0x00007FF621D64000-memory.dmp

Filesize
3.3MB

Download
memory/384-158-0x00007FF621A10000-0x00007FF621D64000-memory.dmp

Filesize
3.3MB

Download
memory/384-1868-0x00007FF621A10000-0x00007FF621D64000-memory.dmp

Filesize
3.3MB

Download
memory/692-1728-0x00007FF65F9B0000-0x00007FF65FD04000-memory.dmp

Filesize
3.3MB

Download
memory/692-106-0x00007FF65F9B0000-0x00007FF65FD04000-memory.dmp

Filesize
3.3MB

Download
memory/692-192-0x00007FF65F9B0000-0x00007FF65FD04000-memory.dmp

Filesize
3.3MB

Download
memory/796-152-0x00007FF6FF890000-0x00007FF6FFBE4000-memory.dmp

Filesize
3.3MB

Download
memory/796-1851-0x00007FF6FF890000-0x00007FF6FFBE4000-memory.dmp

Filesize
3.3MB

Download
memory/796-273-0x00007FF6FF890000-0x00007FF6FFBE4000-memory.dmp

Filesize
3.3MB

Download
memory/828-75-0x00007FF63A5D0000-0x00007FF63A924000-memory.dmp

Filesize
3.3MB

Download
memory/828-164-0x00007FF63A5D0000-0x00007FF63A924000-memory.dmp

Filesize
3.3MB

Download
memory/828-1603-0x00007FF63A5D0000-0x00007FF63A924000-memory.dmp

Filesize
3.3MB

Download
memory/928-1849-0x00007FF7A8D20000-0x00007FF7A9074000-memory.dmp

Filesize
3.3MB

Download
memory/928-131-0x00007FF7A8D20000-0x00007FF7A9074000-memory.dmp

Filesize
3.3MB

Download
memory/928-268-0x00007FF7A8D20000-0x00007FF7A9074000-memory.dmp

Filesize
3.3MB

Download
memory/1184-159-0x00007FF739730000-0x00007FF739A84000-memory.dmp

Filesize
3.3MB

Download
memory/1184-1855-0x00007FF739730000-0x00007FF739A84000-memory.dmp

Filesize
3.3MB

Download
memory/1796-32-0x00007FF76C060000-0x00007FF76C3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-79-0x00007FF76C060000-0x00007FF76C3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-1318-0x00007FF76C060000-0x00007FF76C3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1816-70-0x00007FF6F01D0000-0x00007FF6F0524000-memory.dmp

Filesize
3.3MB

Download
memory/1816-7-0x00007FF6F01D0000-0x00007FF6F0524000-memory.dmp

Filesize
3.3MB

Download
memory/1816-1311-0x00007FF6F01D0000-0x00007FF6F0524000-memory.dmp

Filesize
3.3MB

Download
memory/1944-156-0x00007FF724160000-0x00007FF7244B4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-1850-0x00007FF724160000-0x00007FF7244B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-174-0x00007FF7DDE60000-0x00007FF7DE1B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-86-0x00007FF7DDE60000-0x00007FF7DE1B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-1668-0x00007FF7DDE60000-0x00007FF7DE1B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-628-0x00007FF62AFB0000-0x00007FF62B304000-memory.dmp

Filesize
3.3MB

Download
memory/2412-188-0x00007FF62AFB0000-0x00007FF62B304000-memory.dmp

Filesize
3.3MB

Download
memory/2412-2132-0x00007FF62AFB0000-0x00007FF62B304000-memory.dmp

Filesize
3.3MB

Download
memory/2456-120-0x00007FF769450000-0x00007FF7697A4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-1820-0x00007FF769450000-0x00007FF7697A4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-20-0x00007FF7164F0000-0x00007FF716844000-memory.dmp

Filesize
3.3MB

Download
memory/2512-78-0x00007FF7164F0000-0x00007FF716844000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1319-0x00007FF7164F0000-0x00007FF716844000-memory.dmp

Filesize
3.3MB

Download
memory/2596-302-0x00007FF702950000-0x00007FF702CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-1874-0x00007FF702950000-0x00007FF702CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-157-0x00007FF702950000-0x00007FF702CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-92-0x00007FF6FD950000-0x00007FF6FDCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-42-0x00007FF6FD950000-0x00007FF6FDCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-1317-0x00007FF6FD950000-0x00007FF6FDCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1320-0x00007FF633B90000-0x00007FF633EE4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-39-0x00007FF633B90000-0x00007FF633EE4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1358-0x00007FF63A1C0000-0x00007FF63A514000-memory.dmp

Filesize
3.3MB

Download
memory/2892-103-0x00007FF63A1C0000-0x00007FF63A514000-memory.dmp

Filesize
3.3MB

Download
memory/2892-48-0x00007FF63A1C0000-0x00007FF63A514000-memory.dmp

Filesize
3.3MB

Download
memory/3020-1362-0x00007FF745A80000-0x00007FF745DD4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-117-0x00007FF745A80000-0x00007FF745DD4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-53-0x00007FF745A80000-0x00007FF745DD4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-74-0x00007FF679200000-0x00007FF679554000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1313-0x00007FF679200000-0x00007FF679554000-memory.dmp

Filesize
3.3MB

Download
memory/3068-12-0x00007FF679200000-0x00007FF679554000-memory.dmp

Filesize
3.3MB

Download
memory/3284-568-0x00007FF759A30000-0x00007FF759D84000-memory.dmp

Filesize
3.3MB

Download
memory/3284-182-0x00007FF759A30000-0x00007FF759D84000-memory.dmp

Filesize
3.3MB

Download
memory/3284-2133-0x00007FF759A30000-0x00007FF759D84000-memory.dmp

Filesize
3.3MB

Download
memory/3396-1371-0x00007FF6FADD0000-0x00007FF6FB124000-memory.dmp

Filesize
3.3MB

Download
memory/3396-62-0x00007FF6FADD0000-0x00007FF6FB124000-memory.dmp

Filesize
3.3MB

Download
memory/3396-129-0x00007FF6FADD0000-0x00007FF6FB124000-memory.dmp

Filesize
3.3MB

Download
memory/3972-2131-0x00007FF7C4D50000-0x00007FF7C50A4000-memory.dmp

Filesize
3.3MB

Download
memory/3972-180-0x00007FF7C4D50000-0x00007FF7C50A4000-memory.dmp

Filesize
3.3MB

Download
memory/3972-458-0x00007FF7C4D50000-0x00007FF7C50A4000-memory.dmp

Filesize
3.3MB

Download
memory/3976-122-0x00007FF709510000-0x00007FF709864000-memory.dmp

Filesize
3.3MB

Download
memory/3976-1823-0x00007FF709510000-0x00007FF709864000-memory.dmp

Filesize
3.3MB

Download
memory/3980-1372-0x00007FF6D4F20000-0x00007FF6D5274000-memory.dmp

Filesize
3.3MB

Download
memory/3980-155-0x00007FF6D4F20000-0x00007FF6D5274000-memory.dmp

Filesize
3.3MB

Download
memory/3980-65-0x00007FF6D4F20000-0x00007FF6D5274000-memory.dmp

Filesize
3.3MB

Download
memory/4268-457-0x00007FF6C6270000-0x00007FF6C65C4000-memory.dmp

Filesize
3.3MB

Download
memory/4268-2130-0x00007FF6C6270000-0x00007FF6C65C4000-memory.dmp

Filesize
3.3MB

Download
memory/4268-168-0x00007FF6C6270000-0x00007FF6C65C4000-memory.dmp

Filesize
3.3MB

Download
memory/4336-1845-0x00007FF63E470000-0x00007FF63E7C4000-memory.dmp

Filesize
3.3MB

Download
memory/4336-221-0x00007FF63E470000-0x00007FF63E7C4000-memory.dmp

Filesize
3.3MB

Download
memory/4336-126-0x00007FF63E470000-0x00007FF63E7C4000-memory.dmp

Filesize
3.3MB

Download
memory/4364-1715-0x00007FF7D6F80000-0x00007FF7D72D4000-memory.dmp

Filesize
3.3MB

Download
memory/4364-96-0x00007FF7D6F80000-0x00007FF7D72D4000-memory.dmp

Filesize
3.3MB

Download
memory/4400-187-0x00007FF6C1710000-0x00007FF6C1A64000-memory.dmp

Filesize
3.3MB

Download
memory/4400-1723-0x00007FF6C1710000-0x00007FF6C1A64000-memory.dmp

Filesize
3.3MB

Download
memory/4400-97-0x00007FF6C1710000-0x00007FF6C1A64000-memory.dmp

Filesize
3.3MB

Download
memory/4808-64-0x00007FF7996C0000-0x00007FF799A14000-memory.dmp

Filesize
3.3MB

Download
memory/4808-0-0x00007FF7996C0000-0x00007FF799A14000-memory.dmp

Filesize
3.3MB

Download
memory/4808-1-0x0000021570270000-0x0000021570280000-memory.dmp

Filesize
64KB

Download
memory/4848-80-0x00007FF71B7F0000-0x00007FF71BB44000-memory.dmp

Filesize
3.3MB

Download
memory/4848-1323-0x00007FF71B7F0000-0x00007FF71BB44000-memory.dmp

Filesize
3.3MB

Download
memory/4848-35-0x00007FF71B7F0000-0x00007FF71BB44000-memory.dmp

Filesize
3.3MB

Download