cobaltstrike | 8df96031fa530b0401c11017dc563730aedf0bbd8248a1592a450a34e7982672

Analysis

max time kernel
125s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2024 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f952e6aa54c9d887505db82fb4ca3fe8
SHA1

9be171074fa9eb747cf6aabdc2fdf9d244554ee7
SHA256

8df96031fa530b0401c11017dc563730aedf0bbd8248a1592a450a34e7982672
SHA512

0ea4e6a36a6df890a473647358c788d0c0a7f91542f7639b1536945dcbaf8453fbbeac6a1ac5c9a94ad353924b1bee4cdccecf6aefdd021f5f8624674a7f89cd
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU2:T+q56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b42-5.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9e-9.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9f-18.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba1-25.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba0-34.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bb4-70.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bc3-82.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bff-124.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c01-137.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c04-149.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c23-172.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c1d-171.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c0b-170.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c09-168.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c0a-162.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c03-158.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c02-153.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c00-144.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bd0-132.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bcf-126.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bce-116.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bcd-110.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bca-105.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bc8-101.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bc4-98.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bc2-90.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bbd-84.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023ba5-74.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bad-69.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b9a-59.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023ba3-58.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023ba4-54.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba2-51.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9d-15.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/212-0-0x00007FF736BE0000-0x00007FF736F34000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b42-5.dat	xmrig
behavioral2/memory/836-6-0x00007FF65DBB0000-0x00007FF65DF04000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9e-9.dat	xmrig
behavioral2/files/0x000a000000023b9f-18.dat	xmrig
behavioral2/files/0x000a000000023ba1-25.dat	xmrig
behavioral2/files/0x000a000000023ba0-34.dat	xmrig
behavioral2/memory/1148-49-0x00007FF7EA830000-0x00007FF7EAB84000-memory.dmp	xmrig
behavioral2/files/0x000e000000023bb4-70.dat	xmrig
behavioral2/files/0x0009000000023bc3-82.dat	xmrig
behavioral2/files/0x0008000000023bff-124.dat	xmrig
behavioral2/files/0x0008000000023c01-137.dat	xmrig
behavioral2/files/0x0008000000023c04-149.dat	xmrig
behavioral2/memory/2780-336-0x00007FF70DC80000-0x00007FF70DFD4000-memory.dmp	xmrig
behavioral2/memory/1628-343-0x00007FF7560E0000-0x00007FF756434000-memory.dmp	xmrig
behavioral2/memory/3700-347-0x00007FF669B50000-0x00007FF669EA4000-memory.dmp	xmrig
behavioral2/memory/4600-356-0x00007FF676EF0000-0x00007FF677244000-memory.dmp	xmrig
behavioral2/memory/4176-374-0x00007FF606030000-0x00007FF606384000-memory.dmp	xmrig
behavioral2/memory/4188-1073-0x00007FF669820000-0x00007FF669B74000-memory.dmp	xmrig
behavioral2/memory/4580-1072-0x00007FF7ED830000-0x00007FF7EDB84000-memory.dmp	xmrig
behavioral2/memory/836-1071-0x00007FF65DBB0000-0x00007FF65DF04000-memory.dmp	xmrig
behavioral2/memory/212-960-0x00007FF736BE0000-0x00007FF736F34000-memory.dmp	xmrig
behavioral2/memory/2256-370-0x00007FF62CC80000-0x00007FF62CFD4000-memory.dmp	xmrig
behavioral2/memory/3784-369-0x00007FF6E8DE0000-0x00007FF6E9134000-memory.dmp	xmrig
behavioral2/memory/824-359-0x00007FF765FD0000-0x00007FF766324000-memory.dmp	xmrig
behavioral2/memory/5064-350-0x00007FF77ADA0000-0x00007FF77B0F4000-memory.dmp	xmrig
behavioral2/memory/4776-348-0x00007FF796D00000-0x00007FF797054000-memory.dmp	xmrig
behavioral2/memory/440-346-0x00007FF78E470000-0x00007FF78E7C4000-memory.dmp	xmrig
behavioral2/memory/4692-345-0x00007FF7C4490000-0x00007FF7C47E4000-memory.dmp	xmrig
behavioral2/memory/4892-344-0x00007FF68A8D0000-0x00007FF68AC24000-memory.dmp	xmrig
behavioral2/memory/3836-342-0x00007FF6CB0C0000-0x00007FF6CB414000-memory.dmp	xmrig
behavioral2/memory/1632-341-0x00007FF7D04D0000-0x00007FF7D0824000-memory.dmp	xmrig
behavioral2/memory/1188-340-0x00007FF76EAA0000-0x00007FF76EDF4000-memory.dmp	xmrig
behavioral2/memory/2108-339-0x00007FF6F7430000-0x00007FF6F7784000-memory.dmp	xmrig
behavioral2/memory/3908-338-0x00007FF684060000-0x00007FF6843B4000-memory.dmp	xmrig
behavioral2/memory/4980-337-0x00007FF7C8830000-0x00007FF7C8B84000-memory.dmp	xmrig
behavioral2/memory/3748-335-0x00007FF7CF5E0000-0x00007FF7CF934000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c23-172.dat	xmrig
behavioral2/files/0x0008000000023c1d-171.dat	xmrig
behavioral2/files/0x0008000000023c0b-170.dat	xmrig
behavioral2/files/0x0008000000023c09-168.dat	xmrig
behavioral2/files/0x0008000000023c0a-162.dat	xmrig
behavioral2/files/0x0008000000023c03-158.dat	xmrig
behavioral2/files/0x0008000000023c02-153.dat	xmrig
behavioral2/files/0x0008000000023c00-144.dat	xmrig
behavioral2/files/0x0008000000023bd0-132.dat	xmrig
behavioral2/files/0x0008000000023bcf-126.dat	xmrig
behavioral2/memory/2028-1113-0x00007FF6DD1B0000-0x00007FF6DD504000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bce-116.dat	xmrig
behavioral2/files/0x0008000000023bcd-110.dat	xmrig
behavioral2/files/0x0008000000023bca-105.dat	xmrig
behavioral2/files/0x000e000000023bc8-101.dat	xmrig
behavioral2/files/0x0009000000023bc4-98.dat	xmrig
behavioral2/files/0x0009000000023bc2-90.dat	xmrig
behavioral2/files/0x0008000000023bbd-84.dat	xmrig
behavioral2/files/0x000b000000023ba5-74.dat	xmrig
behavioral2/files/0x000a000000023bad-69.dat	xmrig
behavioral2/memory/3640-67-0x00007FF73B760000-0x00007FF73BAB4000-memory.dmp	xmrig
behavioral2/memory/2028-60-0x00007FF6DD1B0000-0x00007FF6DD504000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b9a-59.dat	xmrig
behavioral2/files/0x000b000000023ba3-58.dat	xmrig
behavioral2/memory/1996-56-0x00007FF6220C0000-0x00007FF622414000-memory.dmp	xmrig
behavioral2/files/0x000b000000023ba4-54.dat	xmrig
behavioral2/memory/436-45-0x00007FF63A080000-0x00007FF63A3D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
836	otZGarX.exe
4580	nxStdwu.exe
436	vzcnZTl.exe
4188	drNQguC.exe
1148	GxIHczs.exe
3820	SIPSDlK.exe
3640	guNzuLm.exe
1996	FETOtGC.exe
3748	nGhtFyt.exe
2028	Fixupma.exe
2780	WXbqwXa.exe
4176	lDGJKlK.exe
4980	NpyvvLM.exe
3908	exefdqp.exe
2108	unBQqZc.exe
1188	EyMTBSA.exe
1632	eCGaCIj.exe
3836	GqcizNP.exe
1628	oddFcEG.exe
4892	jUeiQYZ.exe
4692	wDxKaiI.exe
440	gNXepce.exe
3700	HqUkeZt.exe
4776	dbWGNXK.exe
5064	XSpQuGG.exe
4600	dBZCImm.exe
824	KzdZVlI.exe
3784	SkVWdJu.exe
2256	jhuvRck.exe
2076	XQExbiE.exe
3652	XsDIDHk.exe
960	DAAQmQe.exe
1008	foKAxWs.exe
3964	gpvwOij.exe
4668	PyucOMF.exe
208	IfYSlyE.exe
2340	BYXLzdp.exe
820	LFBgLtZ.exe
780	nrKurVg.exe
3840	gjXfuIf.exe
3188	VhjjMce.exe
3860	LUaEjcD.exe
3088	ffIbGeN.exe
5056	nHhnFCW.exe
4108	Ajrhzlh.exe
1484	mWYqbYJ.exe
4044	uiqIqcZ.exe
4484	SjBNszO.exe
116	TjsMGwe.exe
3360	cXrWFuP.exe
4236	GOutXdb.exe
712	pDPqsxC.exe
1544	ctrKqGS.exe
3212	LHdwhfi.exe
1940	EYfuceP.exe
100	BHNpaUe.exe
4940	longxcs.exe
3420	SpurFzB.exe
2692	XAXsObV.exe
2980	lrcZsrv.exe
4276	XbNaMwN.exe
3128	FiMyUDc.exe
224	EhVOMaj.exe
4656	VuORdVy.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/212-0-0x00007FF736BE0000-0x00007FF736F34000-memory.dmp	upx
behavioral2/files/0x000c000000023b42-5.dat	upx
behavioral2/memory/836-6-0x00007FF65DBB0000-0x00007FF65DF04000-memory.dmp	upx
behavioral2/files/0x000a000000023b9e-9.dat	upx
behavioral2/files/0x000a000000023b9f-18.dat	upx
behavioral2/files/0x000a000000023ba1-25.dat	upx
behavioral2/files/0x000a000000023ba0-34.dat	upx
behavioral2/memory/1148-49-0x00007FF7EA830000-0x00007FF7EAB84000-memory.dmp	upx
behavioral2/files/0x000e000000023bb4-70.dat	upx
behavioral2/files/0x0009000000023bc3-82.dat	upx
behavioral2/files/0x0008000000023bff-124.dat	upx
behavioral2/files/0x0008000000023c01-137.dat	upx
behavioral2/files/0x0008000000023c04-149.dat	upx
behavioral2/memory/2780-336-0x00007FF70DC80000-0x00007FF70DFD4000-memory.dmp	upx
behavioral2/memory/1628-343-0x00007FF7560E0000-0x00007FF756434000-memory.dmp	upx
behavioral2/memory/3700-347-0x00007FF669B50000-0x00007FF669EA4000-memory.dmp	upx
behavioral2/memory/4600-356-0x00007FF676EF0000-0x00007FF677244000-memory.dmp	upx
behavioral2/memory/4176-374-0x00007FF606030000-0x00007FF606384000-memory.dmp	upx
behavioral2/memory/4188-1073-0x00007FF669820000-0x00007FF669B74000-memory.dmp	upx
behavioral2/memory/4580-1072-0x00007FF7ED830000-0x00007FF7EDB84000-memory.dmp	upx
behavioral2/memory/836-1071-0x00007FF65DBB0000-0x00007FF65DF04000-memory.dmp	upx
behavioral2/memory/212-960-0x00007FF736BE0000-0x00007FF736F34000-memory.dmp	upx
behavioral2/memory/2256-370-0x00007FF62CC80000-0x00007FF62CFD4000-memory.dmp	upx
behavioral2/memory/3784-369-0x00007FF6E8DE0000-0x00007FF6E9134000-memory.dmp	upx
behavioral2/memory/824-359-0x00007FF765FD0000-0x00007FF766324000-memory.dmp	upx
behavioral2/memory/5064-350-0x00007FF77ADA0000-0x00007FF77B0F4000-memory.dmp	upx
behavioral2/memory/4776-348-0x00007FF796D00000-0x00007FF797054000-memory.dmp	upx
behavioral2/memory/440-346-0x00007FF78E470000-0x00007FF78E7C4000-memory.dmp	upx
behavioral2/memory/4692-345-0x00007FF7C4490000-0x00007FF7C47E4000-memory.dmp	upx
behavioral2/memory/4892-344-0x00007FF68A8D0000-0x00007FF68AC24000-memory.dmp	upx
behavioral2/memory/3836-342-0x00007FF6CB0C0000-0x00007FF6CB414000-memory.dmp	upx
behavioral2/memory/1632-341-0x00007FF7D04D0000-0x00007FF7D0824000-memory.dmp	upx
behavioral2/memory/1188-340-0x00007FF76EAA0000-0x00007FF76EDF4000-memory.dmp	upx
behavioral2/memory/2108-339-0x00007FF6F7430000-0x00007FF6F7784000-memory.dmp	upx
behavioral2/memory/3908-338-0x00007FF684060000-0x00007FF6843B4000-memory.dmp	upx
behavioral2/memory/4980-337-0x00007FF7C8830000-0x00007FF7C8B84000-memory.dmp	upx
behavioral2/memory/3748-335-0x00007FF7CF5E0000-0x00007FF7CF934000-memory.dmp	upx
behavioral2/files/0x0008000000023c23-172.dat	upx
behavioral2/files/0x0008000000023c1d-171.dat	upx
behavioral2/files/0x0008000000023c0b-170.dat	upx
behavioral2/files/0x0008000000023c09-168.dat	upx
behavioral2/files/0x0008000000023c0a-162.dat	upx
behavioral2/files/0x0008000000023c03-158.dat	upx
behavioral2/files/0x0008000000023c02-153.dat	upx
behavioral2/files/0x0008000000023c00-144.dat	upx
behavioral2/files/0x0008000000023bd0-132.dat	upx
behavioral2/files/0x0008000000023bcf-126.dat	upx
behavioral2/memory/2028-1113-0x00007FF6DD1B0000-0x00007FF6DD504000-memory.dmp	upx
behavioral2/files/0x0008000000023bce-116.dat	upx
behavioral2/files/0x0008000000023bcd-110.dat	upx
behavioral2/files/0x0008000000023bca-105.dat	upx
behavioral2/files/0x000e000000023bc8-101.dat	upx
behavioral2/files/0x0009000000023bc4-98.dat	upx
behavioral2/files/0x0009000000023bc2-90.dat	upx
behavioral2/files/0x0008000000023bbd-84.dat	upx
behavioral2/files/0x000b000000023ba5-74.dat	upx
behavioral2/files/0x000a000000023bad-69.dat	upx
behavioral2/memory/3640-67-0x00007FF73B760000-0x00007FF73BAB4000-memory.dmp	upx
behavioral2/memory/2028-60-0x00007FF6DD1B0000-0x00007FF6DD504000-memory.dmp	upx
behavioral2/files/0x000b000000023b9a-59.dat	upx
behavioral2/files/0x000b000000023ba3-58.dat	upx
behavioral2/memory/1996-56-0x00007FF6220C0000-0x00007FF622414000-memory.dmp	upx
behavioral2/files/0x000b000000023ba4-54.dat	upx
behavioral2/memory/436-45-0x00007FF63A080000-0x00007FF63A3D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BHNpaUe.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbNaMwN.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UmykXJI.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSPpvlz.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\anpEucc.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGsyTNe.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHrzCKg.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWmfNOa.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IoYhKrT.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hivlDAX.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVnJcql.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Xphrcpb.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkciurY.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwocgKU.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hdAfzWM.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CITXgtU.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbmrWiy.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMHbTjW.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMaiwHj.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxqYbWt.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DzXEeez.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHVeQfF.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LksKTDN.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpbNcfp.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwfwXCZ.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHcxVuo.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mKwIlEl.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jAgLWga.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIzPDZN.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\drNQguC.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbdPmAH.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gIemlxv.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ofbkXdT.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jaVNrkC.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OtXNVEC.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzsGOsj.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zcgCQTj.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEnftFw.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amEGXzu.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jhuvRck.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHhnFCW.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctrKqGS.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZAElTJq.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqBiZRa.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zyfepGe.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKcHaCs.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqagkUI.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vQQyaYL.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JWvoNYi.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpcFNJP.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNFTRPa.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGNvtFl.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRFlwdL.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJdcBkC.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iakhmPY.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGtcoCN.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fVnNOFb.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGroPvg.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdiFqMf.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QxJaole.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAxofFm.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAGVWTo.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RdnhrqP.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tJFqaSP.exe	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 836	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 212 wrote to memory of 836	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 212 wrote to memory of 4580	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 212 wrote to memory of 4580	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 212 wrote to memory of 436	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 212 wrote to memory of 436	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 212 wrote to memory of 4188	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 212 wrote to memory of 4188	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 212 wrote to memory of 3820	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 212 wrote to memory of 3820	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 212 wrote to memory of 1148	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 212 wrote to memory of 1148	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 212 wrote to memory of 3640	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 212 wrote to memory of 3640	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 212 wrote to memory of 1996	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 212 wrote to memory of 1996	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 212 wrote to memory of 3748	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 212 wrote to memory of 3748	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 212 wrote to memory of 2028	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 212 wrote to memory of 2028	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 212 wrote to memory of 2780	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 212 wrote to memory of 2780	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 212 wrote to memory of 4176	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 212 wrote to memory of 4176	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 212 wrote to memory of 4980	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 212 wrote to memory of 4980	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 212 wrote to memory of 3908	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 212 wrote to memory of 3908	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 212 wrote to memory of 2108	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 212 wrote to memory of 2108	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 212 wrote to memory of 1188	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 212 wrote to memory of 1188	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 212 wrote to memory of 1632	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 212 wrote to memory of 1632	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 212 wrote to memory of 3836	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 212 wrote to memory of 3836	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 212 wrote to memory of 1628	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 212 wrote to memory of 1628	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 212 wrote to memory of 4892	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 212 wrote to memory of 4892	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 212 wrote to memory of 4692	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 212 wrote to memory of 4692	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 212 wrote to memory of 440	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 212 wrote to memory of 440	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 212 wrote to memory of 3700	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 212 wrote to memory of 3700	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 212 wrote to memory of 4776	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 212 wrote to memory of 4776	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 212 wrote to memory of 5064	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 212 wrote to memory of 5064	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 212 wrote to memory of 4600	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 212 wrote to memory of 4600	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 212 wrote to memory of 824	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 212 wrote to memory of 824	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 212 wrote to memory of 3784	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 212 wrote to memory of 3784	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 212 wrote to memory of 2256	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 212 wrote to memory of 2256	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 212 wrote to memory of 2076	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 212 wrote to memory of 2076	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 212 wrote to memory of 3652	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 212 wrote to memory of 3652	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 212 wrote to memory of 960	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 212 wrote to memory of 960	212	2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-16_f952e6aa54c9d887505db82fb4ca3fe8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:212
- C:\Windows\System\otZGarX.exe
  C:\Windows\System\otZGarX.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\nxStdwu.exe
  C:\Windows\System\nxStdwu.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\vzcnZTl.exe
  C:\Windows\System\vzcnZTl.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\drNQguC.exe
  C:\Windows\System\drNQguC.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\SIPSDlK.exe
  C:\Windows\System\SIPSDlK.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\GxIHczs.exe
  C:\Windows\System\GxIHczs.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\guNzuLm.exe
  C:\Windows\System\guNzuLm.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\FETOtGC.exe
  C:\Windows\System\FETOtGC.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\nGhtFyt.exe
  C:\Windows\System\nGhtFyt.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\Fixupma.exe
  C:\Windows\System\Fixupma.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\WXbqwXa.exe
  C:\Windows\System\WXbqwXa.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\lDGJKlK.exe
  C:\Windows\System\lDGJKlK.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\NpyvvLM.exe
  C:\Windows\System\NpyvvLM.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\exefdqp.exe
  C:\Windows\System\exefdqp.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\unBQqZc.exe
  C:\Windows\System\unBQqZc.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\EyMTBSA.exe
  C:\Windows\System\EyMTBSA.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\eCGaCIj.exe
  C:\Windows\System\eCGaCIj.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\GqcizNP.exe
  C:\Windows\System\GqcizNP.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\oddFcEG.exe
  C:\Windows\System\oddFcEG.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\jUeiQYZ.exe
  C:\Windows\System\jUeiQYZ.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\wDxKaiI.exe
  C:\Windows\System\wDxKaiI.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\gNXepce.exe
  C:\Windows\System\gNXepce.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\HqUkeZt.exe
  C:\Windows\System\HqUkeZt.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\dbWGNXK.exe
  C:\Windows\System\dbWGNXK.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\XSpQuGG.exe
  C:\Windows\System\XSpQuGG.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\dBZCImm.exe
  C:\Windows\System\dBZCImm.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\KzdZVlI.exe
  C:\Windows\System\KzdZVlI.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\SkVWdJu.exe
  C:\Windows\System\SkVWdJu.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\jhuvRck.exe
  C:\Windows\System\jhuvRck.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\XQExbiE.exe
  C:\Windows\System\XQExbiE.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\XsDIDHk.exe
  C:\Windows\System\XsDIDHk.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\DAAQmQe.exe
  C:\Windows\System\DAAQmQe.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\foKAxWs.exe
  C:\Windows\System\foKAxWs.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\gpvwOij.exe
  C:\Windows\System\gpvwOij.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\PyucOMF.exe
  C:\Windows\System\PyucOMF.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\IfYSlyE.exe
  C:\Windows\System\IfYSlyE.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\BYXLzdp.exe
  C:\Windows\System\BYXLzdp.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\LFBgLtZ.exe
  C:\Windows\System\LFBgLtZ.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\nrKurVg.exe
  C:\Windows\System\nrKurVg.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\gjXfuIf.exe
  C:\Windows\System\gjXfuIf.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\VhjjMce.exe
  C:\Windows\System\VhjjMce.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\LUaEjcD.exe
  C:\Windows\System\LUaEjcD.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\ffIbGeN.exe
  C:\Windows\System\ffIbGeN.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\nHhnFCW.exe
  C:\Windows\System\nHhnFCW.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\Ajrhzlh.exe
  C:\Windows\System\Ajrhzlh.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\mWYqbYJ.exe
  C:\Windows\System\mWYqbYJ.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\uiqIqcZ.exe
  C:\Windows\System\uiqIqcZ.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\SjBNszO.exe
  C:\Windows\System\SjBNszO.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\TjsMGwe.exe
  C:\Windows\System\TjsMGwe.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\cXrWFuP.exe
  C:\Windows\System\cXrWFuP.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\GOutXdb.exe
  C:\Windows\System\GOutXdb.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\pDPqsxC.exe
  C:\Windows\System\pDPqsxC.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\ctrKqGS.exe
  C:\Windows\System\ctrKqGS.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\LHdwhfi.exe
  C:\Windows\System\LHdwhfi.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\EYfuceP.exe
  C:\Windows\System\EYfuceP.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\BHNpaUe.exe
  C:\Windows\System\BHNpaUe.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\longxcs.exe
  C:\Windows\System\longxcs.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\SpurFzB.exe
  C:\Windows\System\SpurFzB.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\XAXsObV.exe
  C:\Windows\System\XAXsObV.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\lrcZsrv.exe
  C:\Windows\System\lrcZsrv.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\XbNaMwN.exe
  C:\Windows\System\XbNaMwN.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\FiMyUDc.exe
  C:\Windows\System\FiMyUDc.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\EhVOMaj.exe
  C:\Windows\System\EhVOMaj.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\VuORdVy.exe
  C:\Windows\System\VuORdVy.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\bwXhHzb.exe
  C:\Windows\System\bwXhHzb.exe
  2⤵
  PID:4296
- C:\Windows\System\cvduFnc.exe
  C:\Windows\System\cvduFnc.exe
  2⤵
  PID:3260
- C:\Windows\System\pIaptAh.exe
  C:\Windows\System\pIaptAh.exe
  2⤵
  PID:3968
- C:\Windows\System\ksVvGID.exe
  C:\Windows\System\ksVvGID.exe
  2⤵
  PID:2652
- C:\Windows\System\zyvnfCT.exe
  C:\Windows\System\zyvnfCT.exe
  2⤵
  PID:4592
- C:\Windows\System\JKBXBCI.exe
  C:\Windows\System\JKBXBCI.exe
  2⤵
  PID:4028
- C:\Windows\System\yAKnjgn.exe
  C:\Windows\System\yAKnjgn.exe
  2⤵
  PID:3392
- C:\Windows\System\pCjyTmZ.exe
  C:\Windows\System\pCjyTmZ.exe
  2⤵
  PID:3308
- C:\Windows\System\ACCdUpC.exe
  C:\Windows\System\ACCdUpC.exe
  2⤵
  PID:636
- C:\Windows\System\kaVTrWy.exe
  C:\Windows\System\kaVTrWy.exe
  2⤵
  PID:4664
- C:\Windows\System\pgFzRnA.exe
  C:\Windows\System\pgFzRnA.exe
  2⤵
  PID:624
- C:\Windows\System\yBSnmLz.exe
  C:\Windows\System\yBSnmLz.exe
  2⤵
  PID:3832
- C:\Windows\System\XramAyS.exe
  C:\Windows\System\XramAyS.exe
  2⤵
  PID:5060
- C:\Windows\System\HxqYbWt.exe
  C:\Windows\System\HxqYbWt.exe
  2⤵
  PID:4184
- C:\Windows\System\QMHCrCF.exe
  C:\Windows\System\QMHCrCF.exe
  2⤵
  PID:4420
- C:\Windows\System\HqzThqc.exe
  C:\Windows\System\HqzThqc.exe
  2⤵
  PID:348
- C:\Windows\System\SFXYbXR.exe
  C:\Windows\System\SFXYbXR.exe
  2⤵
  PID:2856
- C:\Windows\System\nrJrDAG.exe
  C:\Windows\System\nrJrDAG.exe
  2⤵
  PID:1828
- C:\Windows\System\gXbqtrp.exe
  C:\Windows\System\gXbqtrp.exe
  2⤵
  PID:5136
- C:\Windows\System\ylxPBrm.exe
  C:\Windows\System\ylxPBrm.exe
  2⤵
  PID:5152
- C:\Windows\System\cnDPEeJ.exe
  C:\Windows\System\cnDPEeJ.exe
  2⤵
  PID:5180
- C:\Windows\System\AZdjSGN.exe
  C:\Windows\System\AZdjSGN.exe
  2⤵
  PID:5196
- C:\Windows\System\zUqdrOv.exe
  C:\Windows\System\zUqdrOv.exe
  2⤵
  PID:5212
- C:\Windows\System\pxFiWzS.exe
  C:\Windows\System\pxFiWzS.exe
  2⤵
  PID:5228
- C:\Windows\System\DSXpmkf.exe
  C:\Windows\System\DSXpmkf.exe
  2⤵
  PID:5244
- C:\Windows\System\eJsBimw.exe
  C:\Windows\System\eJsBimw.exe
  2⤵
  PID:5260
- C:\Windows\System\zgbMFtU.exe
  C:\Windows\System\zgbMFtU.exe
  2⤵
  PID:5280
- C:\Windows\System\KeqtKEG.exe
  C:\Windows\System\KeqtKEG.exe
  2⤵
  PID:5372
- C:\Windows\System\BKcCPuH.exe
  C:\Windows\System\BKcCPuH.exe
  2⤵
  PID:5412
- C:\Windows\System\zIiOiyc.exe
  C:\Windows\System\zIiOiyc.exe
  2⤵
  PID:5488
- C:\Windows\System\iDSqosH.exe
  C:\Windows\System\iDSqosH.exe
  2⤵
  PID:5556
- C:\Windows\System\yyRAoTJ.exe
  C:\Windows\System\yyRAoTJ.exe
  2⤵
  PID:5592
- C:\Windows\System\rLeAAzv.exe
  C:\Windows\System\rLeAAzv.exe
  2⤵
  PID:5608
- C:\Windows\System\XHpcSDl.exe
  C:\Windows\System\XHpcSDl.exe
  2⤵
  PID:5636
- C:\Windows\System\roLKuDO.exe
  C:\Windows\System\roLKuDO.exe
  2⤵
  PID:5656
- C:\Windows\System\AraLCVj.exe
  C:\Windows\System\AraLCVj.exe
  2⤵
  PID:5672
- C:\Windows\System\jpgJUto.exe
  C:\Windows\System\jpgJUto.exe
  2⤵
  PID:5688
- C:\Windows\System\soteOkg.exe
  C:\Windows\System\soteOkg.exe
  2⤵
  PID:5704
- C:\Windows\System\sDXGQgH.exe
  C:\Windows\System\sDXGQgH.exe
  2⤵
  PID:5748
- C:\Windows\System\aqHtklu.exe
  C:\Windows\System\aqHtklu.exe
  2⤵
  PID:5772
- C:\Windows\System\pCwifZk.exe
  C:\Windows\System\pCwifZk.exe
  2⤵
  PID:5824
- C:\Windows\System\SibrynB.exe
  C:\Windows\System\SibrynB.exe
  2⤵
  PID:5840
- C:\Windows\System\aObxRlZ.exe
  C:\Windows\System\aObxRlZ.exe
  2⤵
  PID:5884
- C:\Windows\System\sPJAVSg.exe
  C:\Windows\System\sPJAVSg.exe
  2⤵
  PID:5920
- C:\Windows\System\kxmCWBC.exe
  C:\Windows\System\kxmCWBC.exe
  2⤵
  PID:5948
- C:\Windows\System\OjxiSXL.exe
  C:\Windows\System\OjxiSXL.exe
  2⤵
  PID:5964
- C:\Windows\System\RWqpJVI.exe
  C:\Windows\System\RWqpJVI.exe
  2⤵
  PID:5992
- C:\Windows\System\tJFqaSP.exe
  C:\Windows\System\tJFqaSP.exe
  2⤵
  PID:6008
- C:\Windows\System\RhzpiLY.exe
  C:\Windows\System\RhzpiLY.exe
  2⤵
  PID:6028
- C:\Windows\System\IkPawue.exe
  C:\Windows\System\IkPawue.exe
  2⤵
  PID:6052
- C:\Windows\System\UsHhwWK.exe
  C:\Windows\System\UsHhwWK.exe
  2⤵
  PID:6096
- C:\Windows\System\ZAElTJq.exe
  C:\Windows\System\ZAElTJq.exe
  2⤵
  PID:6116
- C:\Windows\System\VFmIiFl.exe
  C:\Windows\System\VFmIiFl.exe
  2⤵
  PID:3660
- C:\Windows\System\BOBKZRU.exe
  C:\Windows\System\BOBKZRU.exe
  2⤵
  PID:5668
- C:\Windows\System\TLhnPJJ.exe
  C:\Windows\System\TLhnPJJ.exe
  2⤵
  PID:5632
- C:\Windows\System\YNTPLZb.exe
  C:\Windows\System\YNTPLZb.exe
  2⤵
  PID:5600
- C:\Windows\System\kItYZlO.exe
  C:\Windows\System\kItYZlO.exe
  2⤵
  PID:5552
- C:\Windows\System\fbjXszS.exe
  C:\Windows\System\fbjXszS.exe
  2⤵
  PID:5484
- C:\Windows\System\QwBMMbs.exe
  C:\Windows\System\QwBMMbs.exe
  2⤵
  PID:5456
- C:\Windows\System\UHlnNoQ.exe
  C:\Windows\System\UHlnNoQ.exe
  2⤵
  PID:5256
- C:\Windows\System\AELgCoX.exe
  C:\Windows\System\AELgCoX.exe
  2⤵
  PID:5224
- C:\Windows\System\UmykXJI.exe
  C:\Windows\System\UmykXJI.exe
  2⤵
  PID:5192
- C:\Windows\System\ZPiOPPJ.exe
  C:\Windows\System\ZPiOPPJ.exe
  2⤵
  PID:5164
- C:\Windows\System\IHAhEXM.exe
  C:\Windows\System\IHAhEXM.exe
  2⤵
  PID:5124
- C:\Windows\System\kfUjdMt.exe
  C:\Windows\System\kfUjdMt.exe
  2⤵
  PID:4800
- C:\Windows\System\GhitFpO.exe
  C:\Windows\System\GhitFpO.exe
  2⤵
  PID:924
- C:\Windows\System\YGRSdEq.exe
  C:\Windows\System\YGRSdEq.exe
  2⤵
  PID:4976
- C:\Windows\System\ywKimPt.exe
  C:\Windows\System\ywKimPt.exe
  2⤵
  PID:3624
- C:\Windows\System\hamCbuU.exe
  C:\Windows\System\hamCbuU.exe
  2⤵
  PID:2376
- C:\Windows\System\jpzQjpa.exe
  C:\Windows\System\jpzQjpa.exe
  2⤵
  PID:4144
- C:\Windows\System\iqGjoJX.exe
  C:\Windows\System\iqGjoJX.exe
  2⤵
  PID:5696
- C:\Windows\System\ahmeIRN.exe
  C:\Windows\System\ahmeIRN.exe
  2⤵
  PID:5732
- C:\Windows\System\YQTTLUZ.exe
  C:\Windows\System\YQTTLUZ.exe
  2⤵
  PID:5768
- C:\Windows\System\perTIwG.exe
  C:\Windows\System\perTIwG.exe
  2⤵
  PID:5804
- C:\Windows\System\ySZyBhO.exe
  C:\Windows\System\ySZyBhO.exe
  2⤵
  PID:5836
- C:\Windows\System\ySqYPGm.exe
  C:\Windows\System\ySqYPGm.exe
  2⤵
  PID:5880
- C:\Windows\System\lxomLTf.exe
  C:\Windows\System\lxomLTf.exe
  2⤵
  PID:5932
- C:\Windows\System\DzXEeez.exe
  C:\Windows\System\DzXEeez.exe
  2⤵
  PID:5960
- C:\Windows\System\JnOBQME.exe
  C:\Windows\System\JnOBQME.exe
  2⤵
  PID:6000
- C:\Windows\System\gTtcNhc.exe
  C:\Windows\System\gTtcNhc.exe
  2⤵
  PID:6036
- C:\Windows\System\OOlmCbi.exe
  C:\Windows\System\OOlmCbi.exe
  2⤵
  PID:6072
- C:\Windows\System\iwJyOJt.exe
  C:\Windows\System\iwJyOJt.exe
  2⤵
  PID:6104
- C:\Windows\System\ueHRCBt.exe
  C:\Windows\System\ueHRCBt.exe
  2⤵
  PID:4288
- C:\Windows\System\wykImEh.exe
  C:\Windows\System\wykImEh.exe
  2⤵
  PID:5684
- C:\Windows\System\uZPJiMG.exe
  C:\Windows\System\uZPJiMG.exe
  2⤵
  PID:5604
- C:\Windows\System\kDyPRci.exe
  C:\Windows\System\kDyPRci.exe
  2⤵
  PID:5496
- C:\Windows\System\KdUlOQq.exe
  C:\Windows\System\KdUlOQq.exe
  2⤵
  PID:5380
- C:\Windows\System\anqbppj.exe
  C:\Windows\System\anqbppj.exe
  2⤵
  PID:5236
- C:\Windows\System\GwOAjMZ.exe
  C:\Windows\System\GwOAjMZ.exe
  2⤵
  PID:5168
- C:\Windows\System\bSmufRC.exe
  C:\Windows\System\bSmufRC.exe
  2⤵
  PID:4376
- C:\Windows\System\EqKcdIU.exe
  C:\Windows\System\EqKcdIU.exe
  2⤵
  PID:1480
- C:\Windows\System\IHkihrI.exe
  C:\Windows\System\IHkihrI.exe
  2⤵
  PID:2716
- C:\Windows\System\UXhHBut.exe
  C:\Windows\System\UXhHBut.exe
  2⤵
  PID:1280
- C:\Windows\System\BWfrjWN.exe
  C:\Windows\System\BWfrjWN.exe
  2⤵
  PID:5756
- C:\Windows\System\ZFFpaxp.exe
  C:\Windows\System\ZFFpaxp.exe
  2⤵
  PID:5832
- C:\Windows\System\VpsYtgJ.exe
  C:\Windows\System\VpsYtgJ.exe
  2⤵
  PID:5912
- C:\Windows\System\OkhkRkQ.exe
  C:\Windows\System\OkhkRkQ.exe
  2⤵
  PID:5984
- C:\Windows\System\wpJtyyb.exe
  C:\Windows\System\wpJtyyb.exe
  2⤵
  PID:6064
- C:\Windows\System\ImJNNAK.exe
  C:\Windows\System\ImJNNAK.exe
  2⤵
  PID:6132
- C:\Windows\System\YaZgwAc.exe
  C:\Windows\System\YaZgwAc.exe
  2⤵
  PID:5644
- C:\Windows\System\WjstWoy.exe
  C:\Windows\System\WjstWoy.exe
  2⤵
  PID:5464
- C:\Windows\System\LTNxvwN.exe
  C:\Windows\System\LTNxvwN.exe
  2⤵
  PID:5204
- C:\Windows\System\kNsxaUj.exe
  C:\Windows\System\kNsxaUj.exe
  2⤵
  PID:3612
- C:\Windows\System\SBdBQVa.exe
  C:\Windows\System\SBdBQVa.exe
  2⤵
  PID:2288
- C:\Windows\System\dtShUyE.exe
  C:\Windows\System\dtShUyE.exe
  2⤵
  PID:5796
- C:\Windows\System\PZGDhhb.exe
  C:\Windows\System\PZGDhhb.exe
  2⤵
  PID:6148
- C:\Windows\System\PCkhLmC.exe
  C:\Windows\System\PCkhLmC.exe
  2⤵
  PID:6164
- C:\Windows\System\ciBNffU.exe
  C:\Windows\System\ciBNffU.exe
  2⤵
  PID:6180
- C:\Windows\System\SzraVDE.exe
  C:\Windows\System\SzraVDE.exe
  2⤵
  PID:6196
- C:\Windows\System\tqBiZRa.exe
  C:\Windows\System\tqBiZRa.exe
  2⤵
  PID:6212
- C:\Windows\System\YEDllDu.exe
  C:\Windows\System\YEDllDu.exe
  2⤵
  PID:6228
- C:\Windows\System\KQfcjsl.exe
  C:\Windows\System\KQfcjsl.exe
  2⤵
  PID:6244
- C:\Windows\System\hivlDAX.exe
  C:\Windows\System\hivlDAX.exe
  2⤵
  PID:6260
- C:\Windows\System\ONiAvFF.exe
  C:\Windows\System\ONiAvFF.exe
  2⤵
  PID:6276
- C:\Windows\System\EbCPvpm.exe
  C:\Windows\System\EbCPvpm.exe
  2⤵
  PID:6292
- C:\Windows\System\ZblrjWQ.exe
  C:\Windows\System\ZblrjWQ.exe
  2⤵
  PID:6308
- C:\Windows\System\DYLfZLo.exe
  C:\Windows\System\DYLfZLo.exe
  2⤵
  PID:6324
- C:\Windows\System\aDRlmsL.exe
  C:\Windows\System\aDRlmsL.exe
  2⤵
  PID:6340
- C:\Windows\System\mpnTWFp.exe
  C:\Windows\System\mpnTWFp.exe
  2⤵
  PID:6356
- C:\Windows\System\LLvfuAE.exe
  C:\Windows\System\LLvfuAE.exe
  2⤵
  PID:6372
- C:\Windows\System\bsQTHvF.exe
  C:\Windows\System\bsQTHvF.exe
  2⤵
  PID:6388
- C:\Windows\System\lWdYmtm.exe
  C:\Windows\System\lWdYmtm.exe
  2⤵
  PID:6404
- C:\Windows\System\CoiZpdW.exe
  C:\Windows\System\CoiZpdW.exe
  2⤵
  PID:6420
- C:\Windows\System\PdStINT.exe
  C:\Windows\System\PdStINT.exe
  2⤵
  PID:6436
- C:\Windows\System\BKOLEKW.exe
  C:\Windows\System\BKOLEKW.exe
  2⤵
  PID:6452
- C:\Windows\System\CKvtwsn.exe
  C:\Windows\System\CKvtwsn.exe
  2⤵
  PID:6468
- C:\Windows\System\iVHijQW.exe
  C:\Windows\System\iVHijQW.exe
  2⤵
  PID:6484
- C:\Windows\System\UoAOjfZ.exe
  C:\Windows\System\UoAOjfZ.exe
  2⤵
  PID:6500
- C:\Windows\System\QMmpAth.exe
  C:\Windows\System\QMmpAth.exe
  2⤵
  PID:6516
- C:\Windows\System\mEJtYSs.exe
  C:\Windows\System\mEJtYSs.exe
  2⤵
  PID:6532
- C:\Windows\System\IYfoDrb.exe
  C:\Windows\System\IYfoDrb.exe
  2⤵
  PID:6548
- C:\Windows\System\vmbsCnx.exe
  C:\Windows\System\vmbsCnx.exe
  2⤵
  PID:6564
- C:\Windows\System\deLHBFY.exe
  C:\Windows\System\deLHBFY.exe
  2⤵
  PID:6580
- C:\Windows\System\IzJMyIW.exe
  C:\Windows\System\IzJMyIW.exe
  2⤵
  PID:6596
- C:\Windows\System\ydACbfJ.exe
  C:\Windows\System\ydACbfJ.exe
  2⤵
  PID:6612
- C:\Windows\System\oVnJcql.exe
  C:\Windows\System\oVnJcql.exe
  2⤵
  PID:6628
- C:\Windows\System\zNoaAse.exe
  C:\Windows\System\zNoaAse.exe
  2⤵
  PID:6644
- C:\Windows\System\yrvQYhy.exe
  C:\Windows\System\yrvQYhy.exe
  2⤵
  PID:6660
- C:\Windows\System\rUTudhY.exe
  C:\Windows\System\rUTudhY.exe
  2⤵
  PID:6676
- C:\Windows\System\ByWktOT.exe
  C:\Windows\System\ByWktOT.exe
  2⤵
  PID:6692
- C:\Windows\System\VEAEZqp.exe
  C:\Windows\System\VEAEZqp.exe
  2⤵
  PID:6720
- C:\Windows\System\qcvsiLj.exe
  C:\Windows\System\qcvsiLj.exe
  2⤵
  PID:6744
- C:\Windows\System\RVRnvPM.exe
  C:\Windows\System\RVRnvPM.exe
  2⤵
  PID:6772
- C:\Windows\System\dkQDoyL.exe
  C:\Windows\System\dkQDoyL.exe
  2⤵
  PID:6788
- C:\Windows\System\gFGwBsI.exe
  C:\Windows\System\gFGwBsI.exe
  2⤵
  PID:6804
- C:\Windows\System\eSjfXyo.exe
  C:\Windows\System\eSjfXyo.exe
  2⤵
  PID:6820
- C:\Windows\System\cVZVlxl.exe
  C:\Windows\System\cVZVlxl.exe
  2⤵
  PID:6836
- C:\Windows\System\BkzkNUy.exe
  C:\Windows\System\BkzkNUy.exe
  2⤵
  PID:6852
- C:\Windows\System\xvdVmSv.exe
  C:\Windows\System\xvdVmSv.exe
  2⤵
  PID:6868
- C:\Windows\System\PzUfofd.exe
  C:\Windows\System\PzUfofd.exe
  2⤵
  PID:6884
- C:\Windows\System\MkSdOCz.exe
  C:\Windows\System\MkSdOCz.exe
  2⤵
  PID:6900
- C:\Windows\System\klyWEOx.exe
  C:\Windows\System\klyWEOx.exe
  2⤵
  PID:6916
- C:\Windows\System\QcIYJQG.exe
  C:\Windows\System\QcIYJQG.exe
  2⤵
  PID:7048
- C:\Windows\System\CTlVjLA.exe
  C:\Windows\System\CTlVjLA.exe
  2⤵
  PID:6560
- C:\Windows\System\nwAKAVF.exe
  C:\Windows\System\nwAKAVF.exe
  2⤵
  PID:7368
- C:\Windows\System\zGtcoCN.exe
  C:\Windows\System\zGtcoCN.exe
  2⤵
  PID:7384
- C:\Windows\System\UBDFGeo.exe
  C:\Windows\System\UBDFGeo.exe
  2⤵
  PID:7400
- C:\Windows\System\niVYAvx.exe
  C:\Windows\System\niVYAvx.exe
  2⤵
  PID:7416
- C:\Windows\System\jioCBqY.exe
  C:\Windows\System\jioCBqY.exe
  2⤵
  PID:7692
- C:\Windows\System\ykxTqgx.exe
  C:\Windows\System\ykxTqgx.exe
  2⤵
  PID:7708
- C:\Windows\System\ktNMGZv.exe
  C:\Windows\System\ktNMGZv.exe
  2⤵
  PID:7728
- C:\Windows\System\vMDcMwx.exe
  C:\Windows\System\vMDcMwx.exe
  2⤵
  PID:7744
- C:\Windows\System\zgiaPcH.exe
  C:\Windows\System\zgiaPcH.exe
  2⤵
  PID:7824
- C:\Windows\System\qkFokMU.exe
  C:\Windows\System\qkFokMU.exe
  2⤵
  PID:7840
- C:\Windows\System\ydWSqOV.exe
  C:\Windows\System\ydWSqOV.exe
  2⤵
  PID:7864
- C:\Windows\System\WUgSNkZ.exe
  C:\Windows\System\WUgSNkZ.exe
  2⤵
  PID:7880
- C:\Windows\System\zOJxiUO.exe
  C:\Windows\System\zOJxiUO.exe
  2⤵
  PID:7896
- C:\Windows\System\udtecoP.exe
  C:\Windows\System\udtecoP.exe
  2⤵
  PID:7912
- C:\Windows\System\EEPHJpm.exe
  C:\Windows\System\EEPHJpm.exe
  2⤵
  PID:7928
- C:\Windows\System\JlndyNS.exe
  C:\Windows\System\JlndyNS.exe
  2⤵
  PID:7960
- C:\Windows\System\dnfSEaS.exe
  C:\Windows\System\dnfSEaS.exe
  2⤵
  PID:7980
- C:\Windows\System\yfaVdty.exe
  C:\Windows\System\yfaVdty.exe
  2⤵
  PID:8000
- C:\Windows\System\gGOSPkS.exe
  C:\Windows\System\gGOSPkS.exe
  2⤵
  PID:8016
- C:\Windows\System\QBuxOVL.exe
  C:\Windows\System\QBuxOVL.exe
  2⤵
  PID:8032
- C:\Windows\System\uSEZKGy.exe
  C:\Windows\System\uSEZKGy.exe
  2⤵
  PID:8048
- C:\Windows\System\soAfjAz.exe
  C:\Windows\System\soAfjAz.exe
  2⤵
  PID:8064
- C:\Windows\System\lgXMgkR.exe
  C:\Windows\System\lgXMgkR.exe
  2⤵
  PID:8080
- C:\Windows\System\UMTbcvk.exe
  C:\Windows\System\UMTbcvk.exe
  2⤵
  PID:8096
- C:\Windows\System\ZPHqWeV.exe
  C:\Windows\System\ZPHqWeV.exe
  2⤵
  PID:8112
- C:\Windows\System\zJaNtDU.exe
  C:\Windows\System\zJaNtDU.exe
  2⤵
  PID:8128
- C:\Windows\System\jRCUDsL.exe
  C:\Windows\System\jRCUDsL.exe
  2⤵
  PID:8144
- C:\Windows\System\bHVeQfF.exe
  C:\Windows\System\bHVeQfF.exe
  2⤵
  PID:8160
- C:\Windows\System\MOlLnGI.exe
  C:\Windows\System\MOlLnGI.exe
  2⤵
  PID:8176
- C:\Windows\System\EiKFAGJ.exe
  C:\Windows\System\EiKFAGJ.exe
  2⤵
  PID:5132
- C:\Windows\System\UOaidxz.exe
  C:\Windows\System\UOaidxz.exe
  2⤵
  PID:6912
- C:\Windows\System\tOyYoay.exe
  C:\Windows\System\tOyYoay.exe
  2⤵
  PID:6952
- C:\Windows\System\JQYzyxU.exe
  C:\Windows\System\JQYzyxU.exe
  2⤵
  PID:6992
- C:\Windows\System\weACczd.exe
  C:\Windows\System\weACczd.exe
  2⤵
  PID:7040
- C:\Windows\System\UkgJliA.exe
  C:\Windows\System\UkgJliA.exe
  2⤵
  PID:7080
- C:\Windows\System\TMVFCwY.exe
  C:\Windows\System\TMVFCwY.exe
  2⤵
  PID:6540
- C:\Windows\System\NUEqZKM.exe
  C:\Windows\System\NUEqZKM.exe
  2⤵
  PID:6740
- C:\Windows\System\eSaJhiv.exe
  C:\Windows\System\eSaJhiv.exe
  2⤵
  PID:6780
- C:\Windows\System\UzDuMQv.exe
  C:\Windows\System\UzDuMQv.exe
  2⤵
  PID:6876
- C:\Windows\System\bjGLula.exe
  C:\Windows\System\bjGLula.exe
  2⤵
  PID:7220
- C:\Windows\System\BPWbRQT.exe
  C:\Windows\System\BPWbRQT.exe
  2⤵
  PID:7268
- C:\Windows\System\fHlaUPU.exe
  C:\Windows\System\fHlaUPU.exe
  2⤵
  PID:7364
- C:\Windows\System\BWZNPqN.exe
  C:\Windows\System\BWZNPqN.exe
  2⤵
  PID:7392
- C:\Windows\System\YnjMbtt.exe
  C:\Windows\System\YnjMbtt.exe
  2⤵
  PID:7876
- C:\Windows\System\UcdhTSV.exe
  C:\Windows\System\UcdhTSV.exe
  2⤵
  PID:7568
- C:\Windows\System\vVGlnKG.exe
  C:\Windows\System\vVGlnKG.exe
  2⤵
  PID:7588
- C:\Windows\System\WNCgGYh.exe
  C:\Windows\System\WNCgGYh.exe
  2⤵
  PID:7604
- C:\Windows\System\hBCzkhe.exe
  C:\Windows\System\hBCzkhe.exe
  2⤵
  PID:7620
- C:\Windows\System\uTLAThb.exe
  C:\Windows\System\uTLAThb.exe
  2⤵
  PID:7892
- C:\Windows\System\XMvEoiC.exe
  C:\Windows\System\XMvEoiC.exe
  2⤵
  PID:7924
- C:\Windows\System\mjOsiZT.exe
  C:\Windows\System\mjOsiZT.exe
  2⤵
  PID:6936
- C:\Windows\System\IIoLftK.exe
  C:\Windows\System\IIoLftK.exe
  2⤵
  PID:8216
- C:\Windows\System\pCQALCv.exe
  C:\Windows\System\pCQALCv.exe
  2⤵
  PID:8308
- C:\Windows\System\kOGweKX.exe
  C:\Windows\System\kOGweKX.exe
  2⤵
  PID:8324
- C:\Windows\System\VfcVFtJ.exe
  C:\Windows\System\VfcVFtJ.exe
  2⤵
  PID:8360
- C:\Windows\System\zZWtAon.exe
  C:\Windows\System\zZWtAon.exe
  2⤵
  PID:8376
- C:\Windows\System\zFFXXos.exe
  C:\Windows\System\zFFXXos.exe
  2⤵
  PID:8392
- C:\Windows\System\dSfYhax.exe
  C:\Windows\System\dSfYhax.exe
  2⤵
  PID:8408
- C:\Windows\System\pySraxY.exe
  C:\Windows\System\pySraxY.exe
  2⤵
  PID:8436
- C:\Windows\System\dSKvpHe.exe
  C:\Windows\System\dSKvpHe.exe
  2⤵
  PID:8452
- C:\Windows\System\iPpxLdf.exe
  C:\Windows\System\iPpxLdf.exe
  2⤵
  PID:8468
- C:\Windows\System\jRozihK.exe
  C:\Windows\System\jRozihK.exe
  2⤵
  PID:8500
- C:\Windows\System\VkOzkAd.exe
  C:\Windows\System\VkOzkAd.exe
  2⤵
  PID:8520
- C:\Windows\System\GxXNaDL.exe
  C:\Windows\System\GxXNaDL.exe
  2⤵
  PID:8540
- C:\Windows\System\DbzRuNt.exe
  C:\Windows\System\DbzRuNt.exe
  2⤵
  PID:8556
- C:\Windows\System\YYfdkHQ.exe
  C:\Windows\System\YYfdkHQ.exe
  2⤵
  PID:8572
- C:\Windows\System\NIENzIj.exe
  C:\Windows\System\NIENzIj.exe
  2⤵
  PID:8588
- C:\Windows\System\PiDAHlL.exe
  C:\Windows\System\PiDAHlL.exe
  2⤵
  PID:8768
- C:\Windows\System\IZzAlZu.exe
  C:\Windows\System\IZzAlZu.exe
  2⤵
  PID:8784
- C:\Windows\System\MAcPWzB.exe
  C:\Windows\System\MAcPWzB.exe
  2⤵
  PID:8800
- C:\Windows\System\ZwJXRYA.exe
  C:\Windows\System\ZwJXRYA.exe
  2⤵
  PID:8816
- C:\Windows\System\OMXxuAX.exe
  C:\Windows\System\OMXxuAX.exe
  2⤵
  PID:8832
- C:\Windows\System\TMYoFbE.exe
  C:\Windows\System\TMYoFbE.exe
  2⤵
  PID:8848
- C:\Windows\System\cQoQYRy.exe
  C:\Windows\System\cQoQYRy.exe
  2⤵
  PID:8888
- C:\Windows\System\vYRSxfg.exe
  C:\Windows\System\vYRSxfg.exe
  2⤵
  PID:8904
- C:\Windows\System\MgYccwK.exe
  C:\Windows\System\MgYccwK.exe
  2⤵
  PID:8928
- C:\Windows\System\NWeXetX.exe
  C:\Windows\System\NWeXetX.exe
  2⤵
  PID:8944
- C:\Windows\System\IlThDtH.exe
  C:\Windows\System\IlThDtH.exe
  2⤵
  PID:9016
- C:\Windows\System\StxlQzP.exe
  C:\Windows\System\StxlQzP.exe
  2⤵
  PID:9036
- C:\Windows\System\UtDlrcE.exe
  C:\Windows\System\UtDlrcE.exe
  2⤵
  PID:9056
- C:\Windows\System\goEhPVj.exe
  C:\Windows\System\goEhPVj.exe
  2⤵
  PID:9084
- C:\Windows\System\IaqpVES.exe
  C:\Windows\System\IaqpVES.exe
  2⤵
  PID:9100
- C:\Windows\System\QqwpUsH.exe
  C:\Windows\System\QqwpUsH.exe
  2⤵
  PID:9136
- C:\Windows\System\RuvFYhT.exe
  C:\Windows\System\RuvFYhT.exe
  2⤵
  PID:9152
- C:\Windows\System\GZxsMGM.exe
  C:\Windows\System\GZxsMGM.exe
  2⤵
  PID:9200
- C:\Windows\System\zgDJHLd.exe
  C:\Windows\System\zgDJHLd.exe
  2⤵
  PID:7576
- C:\Windows\System\YiCbrGp.exe
  C:\Windows\System\YiCbrGp.exe
  2⤵
  PID:7596
- C:\Windows\System\nqBwgTP.exe
  C:\Windows\System\nqBwgTP.exe
  2⤵
  PID:7616
- C:\Windows\System\nYjOMCZ.exe
  C:\Windows\System\nYjOMCZ.exe
  2⤵
  PID:7688
- C:\Windows\System\NeAfjpG.exe
  C:\Windows\System\NeAfjpG.exe
  2⤵
  PID:7952
- C:\Windows\System\DarSMvC.exe
  C:\Windows\System\DarSMvC.exe
  2⤵
  PID:6896
- C:\Windows\System\LtxIDrt.exe
  C:\Windows\System\LtxIDrt.exe
  2⤵
  PID:7336
- C:\Windows\System\FaQvsnY.exe
  C:\Windows\System\FaQvsnY.exe
  2⤵
  PID:8528
- C:\Windows\System\SWbAyje.exe
  C:\Windows\System\SWbAyje.exe
  2⤵
  PID:8460
- C:\Windows\System\NKBldsX.exe
  C:\Windows\System\NKBldsX.exe
  2⤵
  PID:8428
- C:\Windows\System\BiBdhGf.exe
  C:\Windows\System\BiBdhGf.exe
  2⤵
  PID:8404
- C:\Windows\System\tmNwqtP.exe
  C:\Windows\System\tmNwqtP.exe
  2⤵
  PID:5336
- C:\Windows\System\ttNDVOZ.exe
  C:\Windows\System\ttNDVOZ.exe
  2⤵
  PID:5320
- C:\Windows\System\IzMQoRv.exe
  C:\Windows\System\IzMQoRv.exe
  2⤵
  PID:8204
- C:\Windows\System\HkzZZQr.exe
  C:\Windows\System\HkzZZQr.exe
  2⤵
  PID:8604
- C:\Windows\System\oDVdMht.exe
  C:\Windows\System\oDVdMht.exe
  2⤵
  PID:8656
- C:\Windows\System\gonOTcN.exe
  C:\Windows\System\gonOTcN.exe
  2⤵
  PID:8728
- C:\Windows\System\ntRfReT.exe
  C:\Windows\System\ntRfReT.exe
  2⤵
  PID:1780
- C:\Windows\System\gvqaoCw.exe
  C:\Windows\System\gvqaoCw.exe
  2⤵
  PID:8780
- C:\Windows\System\Mvskigg.exe
  C:\Windows\System\Mvskigg.exe
  2⤵
  PID:8824
- C:\Windows\System\emakDYp.exe
  C:\Windows\System\emakDYp.exe
  2⤵
  PID:8936
- C:\Windows\System\PruNMyi.exe
  C:\Windows\System\PruNMyi.exe
  2⤵
  PID:9004
- C:\Windows\System\EalrkCV.exe
  C:\Windows\System\EalrkCV.exe
  2⤵
  PID:9076
- C:\Windows\System\ylanEiP.exe
  C:\Windows\System\ylanEiP.exe
  2⤵
  PID:9096
- C:\Windows\System\PqwryIG.exe
  C:\Windows\System\PqwryIG.exe
  2⤵
  PID:9184
- C:\Windows\System\zbrapNv.exe
  C:\Windows\System\zbrapNv.exe
  2⤵
  PID:7584
- C:\Windows\System\QwSTGrf.exe
  C:\Windows\System\QwSTGrf.exe
  2⤵
  PID:7860
- C:\Windows\System\xeZQxHq.exe
  C:\Windows\System\xeZQxHq.exe
  2⤵
  PID:7992
- C:\Windows\System\NBzgUfD.exe
  C:\Windows\System\NBzgUfD.exe
  2⤵
  PID:5340
- C:\Windows\System\tPjxbZg.exe
  C:\Windows\System\tPjxbZg.exe
  2⤵
  PID:8420
- C:\Windows\System\hGVOxHy.exe
  C:\Windows\System\hGVOxHy.exe
  2⤵
  PID:8344
- C:\Windows\System\rdLBIWY.exe
  C:\Windows\System\rdLBIWY.exe
  2⤵
  PID:8584
- C:\Windows\System\vxmeHNX.exe
  C:\Windows\System\vxmeHNX.exe
  2⤵
  PID:5500
- C:\Windows\System\aUKuXjg.exe
  C:\Windows\System\aUKuXjg.exe
  2⤵
  PID:4100
- C:\Windows\System\VwElMai.exe
  C:\Windows\System\VwElMai.exe
  2⤵
  PID:1452
- C:\Windows\System\kaADlRo.exe
  C:\Windows\System\kaADlRo.exe
  2⤵
  PID:9124
- C:\Windows\System\cyCrKwK.exe
  C:\Windows\System\cyCrKwK.exe
  2⤵
  PID:9176
- C:\Windows\System\ONcmQkN.exe
  C:\Windows\System\ONcmQkN.exe
  2⤵
  PID:7816
- C:\Windows\System\LksKTDN.exe
  C:\Windows\System\LksKTDN.exe
  2⤵
  PID:4152
- C:\Windows\System\yTjoOlo.exe
  C:\Windows\System\yTjoOlo.exe
  2⤵
  PID:4744
- C:\Windows\System\IxPhETL.exe
  C:\Windows\System\IxPhETL.exe
  2⤵
  PID:8712
- C:\Windows\System\ZWdGddS.exe
  C:\Windows\System\ZWdGddS.exe
  2⤵
  PID:2184
- C:\Windows\System\XgHDUOB.exe
  C:\Windows\System\XgHDUOB.exe
  2⤵
  PID:9028
- C:\Windows\System\sHBOMUm.exe
  C:\Windows\System\sHBOMUm.exe
  2⤵
  PID:4876
- C:\Windows\System\IdUtSQU.exe
  C:\Windows\System\IdUtSQU.exe
  2⤵
  PID:3328
- C:\Windows\System\gDXHKcW.exe
  C:\Windows\System\gDXHKcW.exe
  2⤵
  PID:1528
- C:\Windows\System\foMIqoj.exe
  C:\Windows\System\foMIqoj.exe
  2⤵
  PID:8696
- C:\Windows\System\hrqBOsx.exe
  C:\Windows\System\hrqBOsx.exe
  2⤵
  PID:972
- C:\Windows\System\nFmYQAx.exe
  C:\Windows\System\nFmYQAx.exe
  2⤵
  PID:5332
- C:\Windows\System\NNFWlHA.exe
  C:\Windows\System\NNFWlHA.exe
  2⤵
  PID:3060
- C:\Windows\System\yUybrPp.exe
  C:\Windows\System\yUybrPp.exe
  2⤵
  PID:9224
- C:\Windows\System\okVkREJ.exe
  C:\Windows\System\okVkREJ.exe
  2⤵
  PID:9252
- C:\Windows\System\hKvLdiy.exe
  C:\Windows\System\hKvLdiy.exe
  2⤵
  PID:9284
- C:\Windows\System\GgnaQqX.exe
  C:\Windows\System\GgnaQqX.exe
  2⤵
  PID:9316
- C:\Windows\System\RftBIqO.exe
  C:\Windows\System\RftBIqO.exe
  2⤵
  PID:9344
- C:\Windows\System\zcgCQTj.exe
  C:\Windows\System\zcgCQTj.exe
  2⤵
  PID:9380
- C:\Windows\System\nywCZkf.exe
  C:\Windows\System\nywCZkf.exe
  2⤵
  PID:9412
- C:\Windows\System\XwirfrN.exe
  C:\Windows\System\XwirfrN.exe
  2⤵
  PID:9440
- C:\Windows\System\lhcqzez.exe
  C:\Windows\System\lhcqzez.exe
  2⤵
  PID:9468
- C:\Windows\System\tarprGU.exe
  C:\Windows\System\tarprGU.exe
  2⤵
  PID:9496
- C:\Windows\System\NVHFmLE.exe
  C:\Windows\System\NVHFmLE.exe
  2⤵
  PID:9524
- C:\Windows\System\pzvFgOh.exe
  C:\Windows\System\pzvFgOh.exe
  2⤵
  PID:9552
- C:\Windows\System\iVrorxs.exe
  C:\Windows\System\iVrorxs.exe
  2⤵
  PID:9580
- C:\Windows\System\egyvMCE.exe
  C:\Windows\System\egyvMCE.exe
  2⤵
  PID:9612
- C:\Windows\System\rZwAJxD.exe
  C:\Windows\System\rZwAJxD.exe
  2⤵
  PID:9640
- C:\Windows\System\aOyuHYX.exe
  C:\Windows\System\aOyuHYX.exe
  2⤵
  PID:9656
- C:\Windows\System\Uqujwmb.exe
  C:\Windows\System\Uqujwmb.exe
  2⤵
  PID:9684
- C:\Windows\System\GBEdqxJ.exe
  C:\Windows\System\GBEdqxJ.exe
  2⤵
  PID:9732
- C:\Windows\System\aRtMnXS.exe
  C:\Windows\System\aRtMnXS.exe
  2⤵
  PID:9764
- C:\Windows\System\FLLyYVp.exe
  C:\Windows\System\FLLyYVp.exe
  2⤵
  PID:9796
- C:\Windows\System\ZWJFrzD.exe
  C:\Windows\System\ZWJFrzD.exe
  2⤵
  PID:9824
- C:\Windows\System\RwKerhD.exe
  C:\Windows\System\RwKerhD.exe
  2⤵
  PID:9856
- C:\Windows\System\pCuZLmE.exe
  C:\Windows\System\pCuZLmE.exe
  2⤵
  PID:9876
- C:\Windows\System\BuPgqUh.exe
  C:\Windows\System\BuPgqUh.exe
  2⤵
  PID:9900
- C:\Windows\System\XTujMUX.exe
  C:\Windows\System\XTujMUX.exe
  2⤵
  PID:9916
- C:\Windows\System\HXEhNHO.exe
  C:\Windows\System\HXEhNHO.exe
  2⤵
  PID:9936
- C:\Windows\System\hbTwfJH.exe
  C:\Windows\System\hbTwfJH.exe
  2⤵
  PID:9972
- C:\Windows\System\BryELfG.exe
  C:\Windows\System\BryELfG.exe
  2⤵
  PID:9992
- C:\Windows\System\PsIZedo.exe
  C:\Windows\System\PsIZedo.exe
  2⤵
  PID:10008
- C:\Windows\System\qcWAvon.exe
  C:\Windows\System\qcWAvon.exe
  2⤵
  PID:10032
- C:\Windows\System\TjRgbFj.exe
  C:\Windows\System\TjRgbFj.exe
  2⤵
  PID:10088
- C:\Windows\System\VqjgwWO.exe
  C:\Windows\System\VqjgwWO.exe
  2⤵
  PID:10128
- C:\Windows\System\zcHnkTq.exe
  C:\Windows\System\zcHnkTq.exe
  2⤵
  PID:10164
- C:\Windows\System\jnYXubZ.exe
  C:\Windows\System\jnYXubZ.exe
  2⤵
  PID:10224
- C:\Windows\System\hAnJDiw.exe
  C:\Windows\System\hAnJDiw.exe
  2⤵
  PID:2068
- C:\Windows\System\CpFqcAA.exe
  C:\Windows\System\CpFqcAA.exe
  2⤵
  PID:9364
- C:\Windows\System\XwHWnbg.exe
  C:\Windows\System\XwHWnbg.exe
  2⤵
  PID:9428
- C:\Windows\System\zAEmKqL.exe
  C:\Windows\System\zAEmKqL.exe
  2⤵
  PID:9488
- C:\Windows\System\oPLmTha.exe
  C:\Windows\System\oPLmTha.exe
  2⤵
  PID:9576
- C:\Windows\System\MEhXOzK.exe
  C:\Windows\System\MEhXOzK.exe
  2⤵
  PID:9624
- C:\Windows\System\JrJNXIb.exe
  C:\Windows\System\JrJNXIb.exe
  2⤵
  PID:9676
- C:\Windows\System\WSWVhjk.exe
  C:\Windows\System\WSWVhjk.exe
  2⤵
  PID:9744
- C:\Windows\System\WZEjuAG.exe
  C:\Windows\System\WZEjuAG.exe
  2⤵
  PID:9816
- C:\Windows\System\cAxofFm.exe
  C:\Windows\System\cAxofFm.exe
  2⤵
  PID:9868
- C:\Windows\System\hbyRtOd.exe
  C:\Windows\System\hbyRtOd.exe
  2⤵
  PID:9944
- C:\Windows\System\VjyWWGI.exe
  C:\Windows\System\VjyWWGI.exe
  2⤵
  PID:9984
- C:\Windows\System\goQGjWY.exe
  C:\Windows\System\goQGjWY.exe
  2⤵
  PID:10000
- C:\Windows\System\doojRah.exe
  C:\Windows\System\doojRah.exe
  2⤵
  PID:10116
- C:\Windows\System\EwIWXWh.exe
  C:\Windows\System\EwIWXWh.exe
  2⤵
  PID:10220
- C:\Windows\System\inQYiaw.exe
  C:\Windows\System\inQYiaw.exe
  2⤵
  PID:9324
- C:\Windows\System\OcpyBHy.exe
  C:\Windows\System\OcpyBHy.exe
  2⤵
  PID:9492
- C:\Windows\System\IhQnKFu.exe
  C:\Windows\System\IhQnKFu.exe
  2⤵
  PID:9652
- C:\Windows\System\vwihhvi.exe
  C:\Windows\System\vwihhvi.exe
  2⤵
  PID:9844
- C:\Windows\System\uXlgtlg.exe
  C:\Windows\System\uXlgtlg.exe
  2⤵
  PID:9980
- C:\Windows\System\OphhMIZ.exe
  C:\Windows\System\OphhMIZ.exe
  2⤵
  PID:9280
- C:\Windows\System\QOkQezd.exe
  C:\Windows\System\QOkQezd.exe
  2⤵
  PID:9572
- C:\Windows\System\hDJKlEg.exe
  C:\Windows\System\hDJKlEg.exe
  2⤵
  PID:9432
- C:\Windows\System\GrVtUxj.exe
  C:\Windows\System\GrVtUxj.exe
  2⤵
  PID:10268
- C:\Windows\System\PMSaJlz.exe
  C:\Windows\System\PMSaJlz.exe
  2⤵
  PID:10296
- C:\Windows\System\TDEGAnl.exe
  C:\Windows\System\TDEGAnl.exe
  2⤵
  PID:10328
- C:\Windows\System\CgeYfbl.exe
  C:\Windows\System\CgeYfbl.exe
  2⤵
  PID:10348
- C:\Windows\System\oPZakDz.exe
  C:\Windows\System\oPZakDz.exe
  2⤵
  PID:10364
- C:\Windows\System\jSFPuTh.exe
  C:\Windows\System\jSFPuTh.exe
  2⤵
  PID:10392
- C:\Windows\System\xlZZuaJ.exe
  C:\Windows\System\xlZZuaJ.exe
  2⤵
  PID:10432
- C:\Windows\System\claLTtE.exe
  C:\Windows\System\claLTtE.exe
  2⤵
  PID:10472
- C:\Windows\System\CowqdoC.exe
  C:\Windows\System\CowqdoC.exe
  2⤵
  PID:10500
- C:\Windows\System\FEjmIEr.exe
  C:\Windows\System\FEjmIEr.exe
  2⤵
  PID:10516
- C:\Windows\System\lojBFwX.exe
  C:\Windows\System\lojBFwX.exe
  2⤵
  PID:10560
- C:\Windows\System\dYBShLM.exe
  C:\Windows\System\dYBShLM.exe
  2⤵
  PID:10584
- C:\Windows\System\XpRfOaM.exe
  C:\Windows\System\XpRfOaM.exe
  2⤵
  PID:10620
- C:\Windows\System\LMqESzg.exe
  C:\Windows\System\LMqESzg.exe
  2⤵
  PID:10652
- C:\Windows\System\vHQQcXW.exe
  C:\Windows\System\vHQQcXW.exe
  2⤵
  PID:10680
- C:\Windows\System\OXoNuGl.exe
  C:\Windows\System\OXoNuGl.exe
  2⤵
  PID:10708
- C:\Windows\System\SIBDhKQ.exe
  C:\Windows\System\SIBDhKQ.exe
  2⤵
  PID:10728
- C:\Windows\System\GmcUQyB.exe
  C:\Windows\System\GmcUQyB.exe
  2⤵
  PID:10744
- C:\Windows\System\acpnPzH.exe
  C:\Windows\System\acpnPzH.exe
  2⤵
  PID:10788
- C:\Windows\System\yDsavTQ.exe
  C:\Windows\System\yDsavTQ.exe
  2⤵
  PID:10836
- C:\Windows\System\OBrOtPP.exe
  C:\Windows\System\OBrOtPP.exe
  2⤵
  PID:10872
- C:\Windows\System\VSKQXKR.exe
  C:\Windows\System\VSKQXKR.exe
  2⤵
  PID:10900
- C:\Windows\System\nhaUdzz.exe
  C:\Windows\System\nhaUdzz.exe
  2⤵
  PID:10928
- C:\Windows\System\OGSPjne.exe
  C:\Windows\System\OGSPjne.exe
  2⤵
  PID:10956
- C:\Windows\System\SijVqLJ.exe
  C:\Windows\System\SijVqLJ.exe
  2⤵
  PID:10984
- C:\Windows\System\ZLLdcaB.exe
  C:\Windows\System\ZLLdcaB.exe
  2⤵
  PID:11012
- C:\Windows\System\QyRQPts.exe
  C:\Windows\System\QyRQPts.exe
  2⤵
  PID:11040
- C:\Windows\System\ruBmpsQ.exe
  C:\Windows\System\ruBmpsQ.exe
  2⤵
  PID:11056
- C:\Windows\System\FUxdLAE.exe
  C:\Windows\System\FUxdLAE.exe
  2⤵
  PID:11116
- C:\Windows\System\NzHjroF.exe
  C:\Windows\System\NzHjroF.exe
  2⤵
  PID:11136
- C:\Windows\System\gIWqwQx.exe
  C:\Windows\System\gIWqwQx.exe
  2⤵
  PID:11152
- C:\Windows\System\NcZrfdc.exe
  C:\Windows\System\NcZrfdc.exe
  2⤵
  PID:11172
- C:\Windows\System\KqttHnh.exe
  C:\Windows\System\KqttHnh.exe
  2⤵
  PID:11196
- C:\Windows\System\orRQaZH.exe
  C:\Windows\System\orRQaZH.exe
  2⤵
  PID:11252
- C:\Windows\System\fLaGlUJ.exe
  C:\Windows\System\fLaGlUJ.exe
  2⤵
  PID:10284
- C:\Windows\System\JRGknOv.exe
  C:\Windows\System\JRGknOv.exe
  2⤵
  PID:10340
- C:\Windows\System\XYbiUQE.exe
  C:\Windows\System\XYbiUQE.exe
  2⤵
  PID:10416
- C:\Windows\System\gfCMLUS.exe
  C:\Windows\System\gfCMLUS.exe
  2⤵
  PID:10492
- C:\Windows\System\ueJsfGq.exe
  C:\Windows\System\ueJsfGq.exe
  2⤵
  PID:10548
- C:\Windows\System\LlDWbah.exe
  C:\Windows\System\LlDWbah.exe
  2⤵
  PID:10636
- C:\Windows\System\AIasxoq.exe
  C:\Windows\System\AIasxoq.exe
  2⤵
  PID:10704
- C:\Windows\System\yRFGUAp.exe
  C:\Windows\System\yRFGUAp.exe
  2⤵
  PID:10736
- C:\Windows\System\acOlHpB.exe
  C:\Windows\System\acOlHpB.exe
  2⤵
  PID:10828
- C:\Windows\System\oFhdzSt.exe
  C:\Windows\System\oFhdzSt.exe
  2⤵
  PID:9408
- C:\Windows\System\TPBbxnx.exe
  C:\Windows\System\TPBbxnx.exe
  2⤵
  PID:8920
- C:\Windows\System\Xphrcpb.exe
  C:\Windows\System\Xphrcpb.exe
  2⤵
  PID:10924
- C:\Windows\System\bozIXdg.exe
  C:\Windows\System\bozIXdg.exe
  2⤵
  PID:10980
- C:\Windows\System\LKVRoUE.exe
  C:\Windows\System\LKVRoUE.exe
  2⤵
  PID:11052
- C:\Windows\System\ozMINiL.exe
  C:\Windows\System\ozMINiL.exe
  2⤵
  PID:4788
- C:\Windows\System\hDhKgGk.exe
  C:\Windows\System\hDhKgGk.exe
  2⤵
  PID:2388
- C:\Windows\System\wNmJJvs.exe
  C:\Windows\System\wNmJJvs.exe
  2⤵
  PID:11188
- C:\Windows\System\AaXzOua.exe
  C:\Windows\System\AaXzOua.exe
  2⤵
  PID:10052
- C:\Windows\System\djCPdXx.exe
  C:\Windows\System\djCPdXx.exe
  2⤵
  PID:10380
- C:\Windows\System\WcYnKNk.exe
  C:\Windows\System\WcYnKNk.exe
  2⤵
  PID:10488
- C:\Windows\System\QGuvxBI.exe
  C:\Windows\System\QGuvxBI.exe
  2⤵
  PID:10664
- C:\Windows\System\JEapuFB.exe
  C:\Windows\System\JEapuFB.exe
  2⤵
  PID:10756
- C:\Windows\System\UdbrqEF.exe
  C:\Windows\System\UdbrqEF.exe
  2⤵
  PID:888
- C:\Windows\System\fWVtMmT.exe
  C:\Windows\System\fWVtMmT.exe
  2⤵
  PID:11048
- C:\Windows\System\rSPpvlz.exe
  C:\Windows\System\rSPpvlz.exe
  2⤵
  PID:11228
- C:\Windows\System\qQtvxJd.exe
  C:\Windows\System\qQtvxJd.exe
  2⤵
  PID:2240
- C:\Windows\System\BNASaOu.exe
  C:\Windows\System\BNASaOu.exe
  2⤵
  PID:1456
- C:\Windows\System\MKdabLe.exe
  C:\Windows\System\MKdabLe.exe
  2⤵
  PID:11208
- C:\Windows\System\zyfepGe.exe
  C:\Windows\System\zyfepGe.exe
  2⤵
  PID:11032
- C:\Windows\System\AbdPmAH.exe
  C:\Windows\System\AbdPmAH.exe
  2⤵
  PID:10596
- C:\Windows\System\ZAfVQpY.exe
  C:\Windows\System\ZAfVQpY.exe
  2⤵
  PID:11280
- C:\Windows\System\OaAaobI.exe
  C:\Windows\System\OaAaobI.exe
  2⤵
  PID:11308
- C:\Windows\System\sznTeRE.exe
  C:\Windows\System\sznTeRE.exe
  2⤵
  PID:11336
- C:\Windows\System\APVPBvW.exe
  C:\Windows\System\APVPBvW.exe
  2⤵
  PID:11364
- C:\Windows\System\CGAiQnj.exe
  C:\Windows\System\CGAiQnj.exe
  2⤵
  PID:11392
- C:\Windows\System\UwfwXCZ.exe
  C:\Windows\System\UwfwXCZ.exe
  2⤵
  PID:11420
- C:\Windows\System\rYlPgvp.exe
  C:\Windows\System\rYlPgvp.exe
  2⤵
  PID:11440
- C:\Windows\System\SrZYSZy.exe
  C:\Windows\System\SrZYSZy.exe
  2⤵
  PID:11476
- C:\Windows\System\dZVlTWf.exe
  C:\Windows\System\dZVlTWf.exe
  2⤵
  PID:11504
- C:\Windows\System\EMGYDmI.exe
  C:\Windows\System\EMGYDmI.exe
  2⤵
  PID:11532
- C:\Windows\System\GFqgiYi.exe
  C:\Windows\System\GFqgiYi.exe
  2⤵
  PID:11564
- C:\Windows\System\EnxmImr.exe
  C:\Windows\System\EnxmImr.exe
  2⤵
  PID:11592
- C:\Windows\System\fVnNOFb.exe
  C:\Windows\System\fVnNOFb.exe
  2⤵
  PID:11620
- C:\Windows\System\sWXEywE.exe
  C:\Windows\System\sWXEywE.exe
  2⤵
  PID:11648
- C:\Windows\System\ywilqrs.exe
  C:\Windows\System\ywilqrs.exe
  2⤵
  PID:11676
- C:\Windows\System\xpdldxA.exe
  C:\Windows\System\xpdldxA.exe
  2⤵
  PID:11704
- C:\Windows\System\NzUfWkZ.exe
  C:\Windows\System\NzUfWkZ.exe
  2⤵
  PID:11732
- C:\Windows\System\dNUXnzn.exe
  C:\Windows\System\dNUXnzn.exe
  2⤵
  PID:11760
- C:\Windows\System\thcqBCa.exe
  C:\Windows\System\thcqBCa.exe
  2⤵
  PID:11788
- C:\Windows\System\dUasUYe.exe
  C:\Windows\System\dUasUYe.exe
  2⤵
  PID:11804
- C:\Windows\System\gRhsycb.exe
  C:\Windows\System\gRhsycb.exe
  2⤵
  PID:11844
- C:\Windows\System\XIwTQJc.exe
  C:\Windows\System\XIwTQJc.exe
  2⤵
  PID:11876
- C:\Windows\System\knuqDqN.exe
  C:\Windows\System\knuqDqN.exe
  2⤵
  PID:11900
- C:\Windows\System\RbbFNTC.exe
  C:\Windows\System\RbbFNTC.exe
  2⤵
  PID:11920
- C:\Windows\System\YNFTRPa.exe
  C:\Windows\System\YNFTRPa.exe
  2⤵
  PID:11952
- C:\Windows\System\IosKaCZ.exe
  C:\Windows\System\IosKaCZ.exe
  2⤵
  PID:11988
- C:\Windows\System\TdgPKMg.exe
  C:\Windows\System\TdgPKMg.exe
  2⤵
  PID:12016
- C:\Windows\System\ENZWreu.exe
  C:\Windows\System\ENZWreu.exe
  2⤵
  PID:12044
- C:\Windows\System\bTzbIHn.exe
  C:\Windows\System\bTzbIHn.exe
  2⤵
  PID:12072
- C:\Windows\System\LcyMyhH.exe
  C:\Windows\System\LcyMyhH.exe
  2⤵
  PID:12100
- C:\Windows\System\ZcVkAJT.exe
  C:\Windows\System\ZcVkAJT.exe
  2⤵
  PID:12128
- C:\Windows\System\piepVdh.exe
  C:\Windows\System\piepVdh.exe
  2⤵
  PID:12156
- C:\Windows\System\hxgiAOI.exe
  C:\Windows\System\hxgiAOI.exe
  2⤵
  PID:12192
- C:\Windows\System\KzbrrlJ.exe
  C:\Windows\System\KzbrrlJ.exe
  2⤵
  PID:12212
- C:\Windows\System\WkciurY.exe
  C:\Windows\System\WkciurY.exe
  2⤵
  PID:12240
- C:\Windows\System\bytXhAh.exe
  C:\Windows\System\bytXhAh.exe
  2⤵
  PID:12268
- C:\Windows\System\LqhReVL.exe
  C:\Windows\System\LqhReVL.exe
  2⤵
  PID:11276
- C:\Windows\System\CngyNJU.exe
  C:\Windows\System\CngyNJU.exe
  2⤵
  PID:11348
- C:\Windows\System\ekbEAGx.exe
  C:\Windows\System\ekbEAGx.exe
  2⤵
  PID:11412
- C:\Windows\System\ZXEKGYI.exe
  C:\Windows\System\ZXEKGYI.exe
  2⤵
  PID:11472
- C:\Windows\System\BdKmXzo.exe
  C:\Windows\System\BdKmXzo.exe
  2⤵
  PID:11544
- C:\Windows\System\LwDeCzQ.exe
  C:\Windows\System\LwDeCzQ.exe
  2⤵
  PID:11612
- C:\Windows\System\Lzymddm.exe
  C:\Windows\System\Lzymddm.exe
  2⤵
  PID:11672
- C:\Windows\System\ZUIPMtQ.exe
  C:\Windows\System\ZUIPMtQ.exe
  2⤵
  PID:11744
- C:\Windows\System\CATBqYq.exe
  C:\Windows\System\CATBqYq.exe
  2⤵
  PID:5976
- C:\Windows\System\OEMacfE.exe
  C:\Windows\System\OEMacfE.exe
  2⤵
  PID:11856
- C:\Windows\System\iaRlGkA.exe
  C:\Windows\System\iaRlGkA.exe
  2⤵
  PID:11884
- C:\Windows\System\iSICcGd.exe
  C:\Windows\System\iSICcGd.exe
  2⤵
  PID:11964
- C:\Windows\System\zYFAEQq.exe
  C:\Windows\System\zYFAEQq.exe
  2⤵
  PID:12064
- C:\Windows\System\osCRIRA.exe
  C:\Windows\System\osCRIRA.exe
  2⤵
  PID:2396
- C:\Windows\System\inpfrwj.exe
  C:\Windows\System\inpfrwj.exe
  2⤵
  PID:12152
- C:\Windows\System\bBMdnmF.exe
  C:\Windows\System\bBMdnmF.exe
  2⤵
  PID:12252
- C:\Windows\System\BGNvtFl.exe
  C:\Windows\System\BGNvtFl.exe
  2⤵
  PID:11304
- C:\Windows\System\dEuKpkM.exe
  C:\Windows\System\dEuKpkM.exe
  2⤵
  PID:11448
- C:\Windows\System\OrErOUC.exe
  C:\Windows\System\OrErOUC.exe
  2⤵
  PID:11712
- C:\Windows\System\iBraXac.exe
  C:\Windows\System\iBraXac.exe
  2⤵
  PID:11936
- C:\Windows\System\kgjMpiZ.exe
  C:\Windows\System\kgjMpiZ.exe
  2⤵
  PID:12092
- C:\Windows\System\MCBnJij.exe
  C:\Windows\System\MCBnJij.exe
  2⤵
  PID:12236
- C:\Windows\System\wzQdXjd.exe
  C:\Windows\System\wzQdXjd.exe
  2⤵
  PID:11668
- C:\Windows\System\VdTtLLj.exe
  C:\Windows\System\VdTtLLj.exe
  2⤵
  PID:12208
- C:\Windows\System\zpjwbzW.exe
  C:\Windows\System\zpjwbzW.exe
  2⤵
  PID:12304
- C:\Windows\System\MskxmBA.exe
  C:\Windows\System\MskxmBA.exe
  2⤵
  PID:12352
- C:\Windows\System\onaPJdJ.exe
  C:\Windows\System\onaPJdJ.exe
  2⤵
  PID:12388
- C:\Windows\System\FLfOVra.exe
  C:\Windows\System\FLfOVra.exe
  2⤵
  PID:12440
- C:\Windows\System\WlLziPl.exe
  C:\Windows\System\WlLziPl.exe
  2⤵
  PID:12464
- C:\Windows\System\QqqZpaw.exe
  C:\Windows\System\QqqZpaw.exe
  2⤵
  PID:12488
- C:\Windows\System\yExuzBn.exe
  C:\Windows\System\yExuzBn.exe
  2⤵
  PID:12512
- C:\Windows\System\ixLKEnM.exe
  C:\Windows\System\ixLKEnM.exe
  2⤵
  PID:12544
- C:\Windows\System\wIMeAgF.exe
  C:\Windows\System\wIMeAgF.exe
  2⤵
  PID:12572
- C:\Windows\System\mziLUPW.exe
  C:\Windows\System\mziLUPW.exe
  2⤵
  PID:12604
- C:\Windows\System\dxFVDwb.exe
  C:\Windows\System\dxFVDwb.exe
  2⤵
  PID:12652
- C:\Windows\System\udWDkoJ.exe
  C:\Windows\System\udWDkoJ.exe
  2⤵
  PID:12672
- C:\Windows\System\pHcSNfU.exe
  C:\Windows\System\pHcSNfU.exe
  2⤵
  PID:12712
- C:\Windows\System\HWWfINC.exe
  C:\Windows\System\HWWfINC.exe
  2⤵
  PID:12744
- C:\Windows\System\XqiWmTq.exe
  C:\Windows\System\XqiWmTq.exe
  2⤵
  PID:12772
- C:\Windows\System\jiSOHxV.exe
  C:\Windows\System\jiSOHxV.exe
  2⤵
  PID:12800
- C:\Windows\System\ybBCjIR.exe
  C:\Windows\System\ybBCjIR.exe
  2⤵
  PID:12868
- C:\Windows\System\KlpVdjF.exe
  C:\Windows\System\KlpVdjF.exe
  2⤵
  PID:12908
- C:\Windows\System\cvkpVgt.exe
  C:\Windows\System\cvkpVgt.exe
  2⤵
  PID:12952
- C:\Windows\System\IfVfmbX.exe
  C:\Windows\System\IfVfmbX.exe
  2⤵
  PID:12968
- C:\Windows\System\UumgHuS.exe
  C:\Windows\System\UumgHuS.exe
  2⤵
  PID:13028
- C:\Windows\System\znxpTsY.exe
  C:\Windows\System\znxpTsY.exe
  2⤵
  PID:13112
- C:\Windows\System\BjOrrcc.exe
  C:\Windows\System\BjOrrcc.exe
  2⤵
  PID:13132
- C:\Windows\System\nkjCXru.exe
  C:\Windows\System\nkjCXru.exe
  2⤵
  PID:13160
- C:\Windows\System\NjGytuS.exe
  C:\Windows\System\NjGytuS.exe
  2⤵
  PID:13212
- C:\Windows\System\HzDOMiq.exe
  C:\Windows\System\HzDOMiq.exe
  2⤵
  PID:13248
- C:\Windows\System\nTrIryy.exe
  C:\Windows\System\nTrIryy.exe
  2⤵
  PID:13276
- C:\Windows\System\JYeBxJJ.exe
  C:\Windows\System\JYeBxJJ.exe
  2⤵
  PID:13304
- C:\Windows\System\GQdCApe.exe
  C:\Windows\System\GQdCApe.exe
  2⤵
  PID:12312
- C:\Windows\System\WreqpqM.exe
  C:\Windows\System\WreqpqM.exe
  2⤵
  PID:12424
- C:\Windows\System\cUOoTiP.exe
  C:\Windows\System\cUOoTiP.exe
  2⤵
  PID:12484
- C:\Windows\System\gOGKvwT.exe
  C:\Windows\System\gOGKvwT.exe
  2⤵
  PID:12564
- C:\Windows\System\txahrHs.exe
  C:\Windows\System\txahrHs.exe
  2⤵
  PID:2292
- C:\Windows\System\JyLRUcZ.exe
  C:\Windows\System\JyLRUcZ.exe
  2⤵
  PID:12660
- C:\Windows\System\frYhoSk.exe
  C:\Windows\System\frYhoSk.exe
  2⤵
  PID:12720
- C:\Windows\System\yBlFmfS.exe
  C:\Windows\System\yBlFmfS.exe
  2⤵
  PID:12732
- C:\Windows\System\idZdgkv.exe
  C:\Windows\System\idZdgkv.exe
  2⤵
  PID:12824
- C:\Windows\System\PcZrwul.exe
  C:\Windows\System\PcZrwul.exe
  2⤵
  PID:12840
- C:\Windows\System\zJgLPRM.exe
  C:\Windows\System\zJgLPRM.exe
  2⤵
  PID:12916
- C:\Windows\System\gNfCpnQ.exe
  C:\Windows\System\gNfCpnQ.exe
  2⤵
  PID:12944
- C:\Windows\System\qnSSNyo.exe
  C:\Windows\System\qnSSNyo.exe
  2⤵
  PID:12964
- C:\Windows\System\xYdVPaj.exe
  C:\Windows\System\xYdVPaj.exe
  2⤵
  PID:4136
- C:\Windows\System\JtasVDu.exe
  C:\Windows\System\JtasVDu.exe
  2⤵
  PID:3112
- C:\Windows\System\rBEUwYW.exe
  C:\Windows\System\rBEUwYW.exe
  2⤵
  PID:3664
- C:\Windows\System\QjUdNix.exe
  C:\Windows\System\QjUdNix.exe
  2⤵
  PID:4636
- C:\Windows\System\HqEamKB.exe
  C:\Windows\System\HqEamKB.exe
  2⤵
  PID:3628
- C:\Windows\System\yGroPvg.exe
  C:\Windows\System\yGroPvg.exe
  2⤵
  PID:3144
- C:\Windows\System\NdylWwF.exe
  C:\Windows\System\NdylWwF.exe
  2⤵
  PID:13088
- C:\Windows\System\dzRSvCA.exe
  C:\Windows\System\dzRSvCA.exe
  2⤵
  PID:12768
- C:\Windows\System\vbaKvAx.exe
  C:\Windows\System\vbaKvAx.exe
  2⤵
  PID:13000
- C:\Windows\System\IDXVBop.exe
  C:\Windows\System\IDXVBop.exe
  2⤵
  PID:13064
- C:\Windows\System\HfxhfrO.exe
  C:\Windows\System\HfxhfrO.exe
  2⤵
  PID:4724
- C:\Windows\System\XqsjydG.exe
  C:\Windows\System\XqsjydG.exe
  2⤵
  PID:3340
- C:\Windows\System\SvPfkoR.exe
  C:\Windows\System\SvPfkoR.exe
  2⤵
  PID:4308
- C:\Windows\System\MmWbkjJ.exe
  C:\Windows\System\MmWbkjJ.exe
  2⤵
  PID:2200
- C:\Windows\System\YliLmza.exe
  C:\Windows\System\YliLmza.exe
  2⤵
  PID:3232
- C:\Windows\System\YQdmyTi.exe
  C:\Windows\System\YQdmyTi.exe
  2⤵
  PID:400
- C:\Windows\System\ZpuXORB.exe
  C:\Windows\System\ZpuXORB.exe
  2⤵
  PID:1012
- C:\Windows\System\juyCIFl.exe
  C:\Windows\System\juyCIFl.exe
  2⤵
  PID:4564
- C:\Windows\System\ZTBIACY.exe
  C:\Windows\System\ZTBIACY.exe
  2⤵
  PID:3504
- C:\Windows\System\ePKqvWp.exe
  C:\Windows\System\ePKqvWp.exe
  2⤵
  PID:3000
- C:\Windows\System\AQtNOGd.exe
  C:\Windows\System\AQtNOGd.exe
  2⤵
  PID:1604
- C:\Windows\System\pdjXeQu.exe
  C:\Windows\System\pdjXeQu.exe
  2⤵
  PID:2044
- C:\Windows\System\fiCvhZC.exe
  C:\Windows\System\fiCvhZC.exe
  2⤵
  PID:13172
- C:\Windows\System\skeOKdo.exe
  C:\Windows\System\skeOKdo.exe
  2⤵
  PID:13240
- C:\Windows\System\RGgFLWm.exe
  C:\Windows\System\RGgFLWm.exe
  2⤵
  PID:13300
- C:\Windows\System\JstNOMf.exe
  C:\Windows\System\JstNOMf.exe
  2⤵
  PID:5356
- C:\Windows\System\yMoWghp.exe
  C:\Windows\System\yMoWghp.exe
  2⤵
  PID:12480
- C:\Windows\System\ffyLQZy.exe
  C:\Windows\System\ffyLQZy.exe
  2⤵
  PID:5428
- C:\Windows\System\QNAIbeJ.exe
  C:\Windows\System\QNAIbeJ.exe
  2⤵
  PID:5520
- C:\Windows\System\NiEeCQO.exe
  C:\Windows\System\NiEeCQO.exe
  2⤵
  PID:12692
- C:\Windows\System\yhxEUkB.exe
  C:\Windows\System\yhxEUkB.exe
  2⤵
  PID:5524
- C:\Windows\System\ZoEKuGl.exe
  C:\Windows\System\ZoEKuGl.exe
  2⤵
  PID:12764
- C:\Windows\System\yWoDjiL.exe
  C:\Windows\System\yWoDjiL.exe
  2⤵
  PID:4900
- C:\Windows\System\eVtGrZX.exe
  C:\Windows\System\eVtGrZX.exe
  2⤵
  PID:5620
- C:\Windows\System\XERAJKI.exe
  C:\Windows\System\XERAJKI.exe
  2⤵
  PID:10120
- C:\Windows\System\ulCIejy.exe
  C:\Windows\System\ulCIejy.exe
  2⤵
  PID:3636
- C:\Windows\System\wnKhyle.exe
  C:\Windows\System\wnKhyle.exe
  2⤵
  PID:3552
- C:\Windows\System\yAEZZxh.exe
  C:\Windows\System\yAEZZxh.exe
  2⤵
  PID:12808
- C:\Windows\System\EnGKcNa.exe
  C:\Windows\System\EnGKcNa.exe
  2⤵
  PID:12936
- C:\Windows\System\wEnftFw.exe
  C:\Windows\System\wEnftFw.exe
  2⤵
  PID:13076
- C:\Windows\System\NZOsAxO.exe
  C:\Windows\System\NZOsAxO.exe
  2⤵
  PID:5720
- C:\Windows\System\eZuVmuk.exe
  C:\Windows\System\eZuVmuk.exe
  2⤵
  PID:13104
- C:\Windows\System\dOvXKHa.exe
  C:\Windows\System\dOvXKHa.exe
  2⤵
  PID:5800
- C:\Windows\System\ljmjChA.exe
  C:\Windows\System\ljmjChA.exe
  2⤵
  PID:4404
- C:\Windows\System\NEXrghX.exe
  C:\Windows\System\NEXrghX.exe
  2⤵
  PID:9244
- C:\Windows\System\veiiQRG.exe
  C:\Windows\System\veiiQRG.exe
  2⤵
  PID:5896
- C:\Windows\System\gKcHaCs.exe
  C:\Windows\System\gKcHaCs.exe
  2⤵
  PID:5916
- C:\Windows\System\WksEhti.exe
  C:\Windows\System\WksEhti.exe
  2⤵
  PID:4544
- C:\Windows\System\gbgMnbt.exe
  C:\Windows\System\gbgMnbt.exe
  2⤵
  PID:4532
- C:\Windows\System\GVbhTTw.exe
  C:\Windows\System\GVbhTTw.exe
  2⤵
  PID:2656
- C:\Windows\System\aeIaajB.exe
  C:\Windows\System\aeIaajB.exe
  2⤵
  PID:13228
- C:\Windows\System\yTnriDb.exe
  C:\Windows\System\yTnriDb.exe
  2⤵
  PID:12384
- C:\Windows\System\oVoqtjh.exe
  C:\Windows\System\oVoqtjh.exe
  2⤵
  PID:1816
- C:\Windows\System\SEGfAyz.exe
  C:\Windows\System\SEGfAyz.exe
  2⤵
  PID:6112
- C:\Windows\System\gpbNcfp.exe
  C:\Windows\System\gpbNcfp.exe
  2⤵
  PID:5116
- C:\Windows\System\RWtnyzT.exe
  C:\Windows\System\RWtnyzT.exe
  2⤵
  PID:12784
- C:\Windows\System\pJWFxGX.exe
  C:\Windows\System\pJWFxGX.exe
  2⤵
  PID:5680
- C:\Windows\System\vZXytIu.exe
  C:\Windows\System\vZXytIu.exe
  2⤵
  PID:3600
- C:\Windows\System\kYvamgL.exe
  C:\Windows\System\kYvamgL.exe
  2⤵
  PID:3676
- C:\Windows\System\YppRHFO.exe
  C:\Windows\System\YppRHFO.exe
  2⤵
  PID:13060
- C:\Windows\System\rpPqvAz.exe
  C:\Windows\System\rpPqvAz.exe
  2⤵
  PID:4908
- C:\Windows\System\QjHaCpr.exe
  C:\Windows\System\QjHaCpr.exe
  2⤵
  PID:3588
- C:\Windows\System\ojxYeCG.exe
  C:\Windows\System\ojxYeCG.exe
  2⤵
  PID:9704
- C:\Windows\System\UzMcyIv.exe
  C:\Windows\System\UzMcyIv.exe
  2⤵
  PID:4904
- C:\Windows\System\tuQKslt.exe
  C:\Windows\System\tuQKslt.exe
  2⤵
  PID:5944
- C:\Windows\System\nEgrQZx.exe
  C:\Windows\System\nEgrQZx.exe
  2⤵
  PID:12476
- C:\Windows\System\CJaMFTt.exe
  C:\Windows\System\CJaMFTt.exe
  2⤵
  PID:5528
- C:\Windows\System\QqFLdLH.exe
  C:\Windows\System\QqFLdLH.exe
  2⤵
  PID:5544
- C:\Windows\System\SHWuymc.exe
  C:\Windows\System\SHWuymc.exe
  2⤵
  PID:5624
- C:\Windows\System\xbWkbsi.exe
  C:\Windows\System\xbWkbsi.exe
  2⤵
  PID:5388
- C:\Windows\System\cChChgY.exe
  C:\Windows\System\cChChgY.exe
  2⤵
  PID:10200
- C:\Windows\System\uVjKCkh.exe
  C:\Windows\System\uVjKCkh.exe
  2⤵
  PID:13144
- C:\Windows\System\tTuUFYl.exe
  C:\Windows\System\tTuUFYl.exe
  2⤵
  PID:12924
- C:\Windows\System\ZqpNqMl.exe
  C:\Windows\System\ZqpNqMl.exe
  2⤵
  PID:3284
- C:\Windows\System\opolJqH.exe
  C:\Windows\System\opolJqH.exe
  2⤵
  PID:5420
- C:\Windows\System\xlNOjYJ.exe
  C:\Windows\System\xlNOjYJ.exe
  2⤵
  PID:5508
- C:\Windows\System\nFYpioh.exe
  C:\Windows\System\nFYpioh.exe
  2⤵
  PID:13336
- C:\Windows\System\IxFkshD.exe
  C:\Windows\System\IxFkshD.exe
  2⤵
  PID:13368
- C:\Windows\System\NVjMCcp.exe
  C:\Windows\System\NVjMCcp.exe
  2⤵
  PID:13396
- C:\Windows\System\KQkWhKG.exe
  C:\Windows\System\KQkWhKG.exe
  2⤵
  PID:13416
- C:\Windows\System\yPRpXki.exe
  C:\Windows\System\yPRpXki.exe
  2⤵
  PID:13456
- C:\Windows\System\vQhtHmv.exe
  C:\Windows\System\vQhtHmv.exe
  2⤵
  PID:13476
- C:\Windows\System\VWeQLUQ.exe
  C:\Windows\System\VWeQLUQ.exe
  2⤵
  PID:13512
- C:\Windows\System\kXnBcEK.exe
  C:\Windows\System\kXnBcEK.exe
  2⤵
  PID:13540
- C:\Windows\System\OZxTVAx.exe
  C:\Windows\System\OZxTVAx.exe
  2⤵
  PID:13568
- C:\Windows\System\YHUvdkA.exe
  C:\Windows\System\YHUvdkA.exe
  2⤵
  PID:13596
- C:\Windows\System\oAUlExg.exe
  C:\Windows\System\oAUlExg.exe
  2⤵
  PID:13624
- C:\Windows\System\AqpIiIk.exe
  C:\Windows\System\AqpIiIk.exe
  2⤵
  PID:13640
- C:\Windows\System\EKyosxE.exe
  C:\Windows\System\EKyosxE.exe
  2⤵
  PID:13660
- C:\Windows\System\pXEdgVG.exe
  C:\Windows\System\pXEdgVG.exe
  2⤵
  PID:13692
- C:\Windows\System\pqGkOJU.exe
  C:\Windows\System\pqGkOJU.exe
  2⤵
  PID:13736
- C:\Windows\System\ymKktcv.exe
  C:\Windows\System\ymKktcv.exe
  2⤵
  PID:13764
- C:\Windows\System\MvCvyOo.exe
  C:\Windows\System\MvCvyOo.exe
  2⤵
  PID:13792
- C:\Windows\System\pkRclee.exe
  C:\Windows\System\pkRclee.exe
  2⤵
  PID:13820
- C:\Windows\System\BUoSWVs.exe
  C:\Windows\System\BUoSWVs.exe
  2⤵
  PID:13848
- C:\Windows\System\FbzNZoD.exe
  C:\Windows\System\FbzNZoD.exe
  2⤵
  PID:13868
- C:\Windows\System\emUUFdf.exe
  C:\Windows\System\emUUFdf.exe
  2⤵
  PID:13896
- C:\Windows\System\uEufxPF.exe
  C:\Windows\System\uEufxPF.exe
  2⤵
  PID:13932
- C:\Windows\System\FDymSaT.exe
  C:\Windows\System\FDymSaT.exe
  2⤵
  PID:13960
- C:\Windows\System\NERFGBX.exe
  C:\Windows\System\NERFGBX.exe
  2⤵
  PID:14000
- C:\Windows\System\BfWKJJo.exe
  C:\Windows\System\BfWKJJo.exe
  2⤵
  PID:14020
- C:\Windows\System\ajRqjlV.exe
  C:\Windows\System\ajRqjlV.exe
  2⤵
  PID:14048
- C:\Windows\System\BSnNdVI.exe
  C:\Windows\System\BSnNdVI.exe
  2⤵
  PID:14080
- C:\Windows\System\pwdrABu.exe
  C:\Windows\System\pwdrABu.exe
  2⤵
  PID:14100
- C:\Windows\System\GZddZGD.exe
  C:\Windows\System\GZddZGD.exe
  2⤵
  PID:14132
- C:\Windows\System\GCwVXBB.exe
  C:\Windows\System\GCwVXBB.exe
  2⤵
  PID:14152
- C:\Windows\System\rmPAqVN.exe
  C:\Windows\System\rmPAqVN.exe
  2⤵
  PID:14188
- C:\Windows\System\bUwstMh.exe
  C:\Windows\System\bUwstMh.exe
  2⤵
  PID:14212
- C:\Windows\System\WvgJTDU.exe
  C:\Windows\System\WvgJTDU.exe
  2⤵
  PID:14236
- C:\Windows\System\hiwGjEx.exe
  C:\Windows\System\hiwGjEx.exe
  2⤵
  PID:14276
- C:\Windows\System\UCyMjKY.exe
  C:\Windows\System\UCyMjKY.exe
  2⤵
  PID:14304
- C:\Windows\System\RvKZCUZ.exe
  C:\Windows\System\RvKZCUZ.exe
  2⤵
  PID:14320
- C:\Windows\System\tPQjtWU.exe
  C:\Windows\System\tPQjtWU.exe
  2⤵
  PID:13356
- C:\Windows\System\MfcSdwF.exe
  C:\Windows\System\MfcSdwF.exe
  2⤵
  PID:13404
- C:\Windows\System\ktPQVPh.exe
  C:\Windows\System\ktPQVPh.exe
  2⤵
  PID:13496
- C:\Windows\System\PzbtbbD.exe
  C:\Windows\System\PzbtbbD.exe
  2⤵
  PID:13556
- C:\Windows\System\oGCxWYA.exe
  C:\Windows\System\oGCxWYA.exe
  2⤵
  PID:13584
- C:\Windows\System\WhQvsxv.exe
  C:\Windows\System\WhQvsxv.exe
  2⤵
  PID:13680
- C:\Windows\System\aXzJWDK.exe
  C:\Windows\System\aXzJWDK.exe
  2⤵
  PID:13752
- C:\Windows\System\ZtkMSYs.exe
  C:\Windows\System\ZtkMSYs.exe
  2⤵
  PID:13816
- C:\Windows\System\GQsaVbB.exe
  C:\Windows\System\GQsaVbB.exe
  2⤵
  PID:13884
- C:\Windows\System\CdrTonf.exe
  C:\Windows\System\CdrTonf.exe
  2⤵
  PID:13928
- C:\Windows\System\zAGVWTo.exe
  C:\Windows\System\zAGVWTo.exe
  2⤵
  PID:13984
- C:\Windows\System\sCOTGQW.exe
  C:\Windows\System\sCOTGQW.exe
  2⤵
  PID:14076
- C:\Windows\System\nEhsGqQ.exe
  C:\Windows\System\nEhsGqQ.exe
  2⤵
  PID:14148
- C:\Windows\System\fuIHlsT.exe
  C:\Windows\System\fuIHlsT.exe
  2⤵
  PID:14168
- C:\Windows\System\DfEmAeK.exe
  C:\Windows\System\DfEmAeK.exe
  2⤵
  PID:14268
- C:\Windows\System\mpSZLeJ.exe
  C:\Windows\System\mpSZLeJ.exe
  2⤵
  PID:8716
- C:\Windows\System\GEBlMes.exe
  C:\Windows\System\GEBlMes.exe
  2⤵
  PID:13316
- C:\Windows\System\lGbKcwS.exe
  C:\Windows\System\lGbKcwS.exe
  2⤵
  PID:13448
- C:\Windows\System\HkiBRUY.exe
  C:\Windows\System\HkiBRUY.exe
  2⤵
  PID:13636
- C:\Windows\System\JhvGlis.exe
  C:\Windows\System\JhvGlis.exe
  2⤵
  PID:13728
- C:\Windows\System\YiNVQXe.exe
  C:\Windows\System\YiNVQXe.exe
  2⤵
  PID:13956
- C:\Windows\System\pwAKfgj.exe
  C:\Windows\System\pwAKfgj.exe
  2⤵
  PID:14108
- C:\Windows\System\iFMvxhJ.exe
  C:\Windows\System\iFMvxhJ.exe
  2⤵
  PID:14288
- C:\Windows\System\DilHWUA.exe
  C:\Windows\System\DilHWUA.exe
  2⤵
  PID:13388
- C:\Windows\System\oTAraiD.exe
  C:\Windows\System\oTAraiD.exe
  2⤵
  PID:14072
- C:\Windows\System\lQHJEdE.exe
  C:\Windows\System\lQHJEdE.exe
  2⤵
  PID:14060
- C:\Windows\System\anpEucc.exe
  C:\Windows\System\anpEucc.exe
  2⤵
  PID:13632
- C:\Windows\System\XsEEjxU.exe
  C:\Windows\System\XsEEjxU.exe
  2⤵
  PID:13532
- C:\Windows\System\UOeTFov.exe
  C:\Windows\System\UOeTFov.exe
  2⤵
  PID:14356
- C:\Windows\System\xFGrAOu.exe
  C:\Windows\System\xFGrAOu.exe
  2⤵
  PID:14384
- C:\Windows\System\FftRbOu.exe
  C:\Windows\System\FftRbOu.exe
  2⤵
  PID:14412
- C:\Windows\System\HHcxVuo.exe
  C:\Windows\System\HHcxVuo.exe
  2⤵
  PID:14440
- C:\Windows\System\JllRGCn.exe
  C:\Windows\System\JllRGCn.exe
  2⤵
  PID:14468
- C:\Windows\System\LtTcwju.exe
  C:\Windows\System\LtTcwju.exe
  2⤵
  PID:14496
- C:\Windows\System\NYsWChw.exe
  C:\Windows\System\NYsWChw.exe
  2⤵
  PID:14528
- C:\Windows\System\zAavxer.exe
  C:\Windows\System\zAavxer.exe
  2⤵
  PID:14556
- C:\Windows\System\gdBIldT.exe
  C:\Windows\System\gdBIldT.exe
  2⤵
  PID:14584
- C:\Windows\System\IqzMGeu.exe
  C:\Windows\System\IqzMGeu.exe
  2⤵
  PID:14612
- C:\Windows\System\YejRNdE.exe
  C:\Windows\System\YejRNdE.exe
  2⤵
  PID:14640
- C:\Windows\System\YXotvHD.exe
  C:\Windows\System\YXotvHD.exe
  2⤵
  PID:14668
- C:\Windows\System\LBDkIDC.exe
  C:\Windows\System\LBDkIDC.exe
  2⤵
  PID:14696
- C:\Windows\System\opPivmk.exe
  C:\Windows\System\opPivmk.exe
  2⤵
  PID:14724
- C:\Windows\System\UkDwzTH.exe
  C:\Windows\System\UkDwzTH.exe
  2⤵
  PID:14756
- C:\Windows\System\GdFfhnV.exe
  C:\Windows\System\GdFfhnV.exe
  2⤵
  PID:14784
- C:\Windows\System\zXARPOS.exe
  C:\Windows\System\zXARPOS.exe
  2⤵
  PID:14812
- C:\Windows\System\GXJAjut.exe
  C:\Windows\System\GXJAjut.exe
  2⤵
  PID:14840
- C:\Windows\System\gqagkUI.exe
  C:\Windows\System\gqagkUI.exe
  2⤵
  PID:14868
- C:\Windows\System\gRjcpmc.exe
  C:\Windows\System\gRjcpmc.exe
  2⤵
  PID:14896
- C:\Windows\System\UDagzWM.exe
  C:\Windows\System\UDagzWM.exe
  2⤵
  PID:14924
- C:\Windows\System\pZKwbCV.exe
  C:\Windows\System\pZKwbCV.exe
  2⤵
  PID:14952
- C:\Windows\System\wUpydBu.exe
  C:\Windows\System\wUpydBu.exe
  2⤵
  PID:14980
- C:\Windows\System\QwDyJeR.exe
  C:\Windows\System\QwDyJeR.exe
  2⤵
  PID:15008
- C:\Windows\System\oiefJil.exe
  C:\Windows\System\oiefJil.exe
  2⤵
  PID:15036
- C:\Windows\System\jSoUkEt.exe
  C:\Windows\System\jSoUkEt.exe
  2⤵
  PID:15064
- C:\Windows\System\BwocgKU.exe
  C:\Windows\System\BwocgKU.exe
  2⤵
  PID:15092
- C:\Windows\System\lqXDNDO.exe
  C:\Windows\System\lqXDNDO.exe
  2⤵
  PID:15120
- C:\Windows\System\nKeLmiE.exe
  C:\Windows\System\nKeLmiE.exe
  2⤵
  PID:15152
- C:\Windows\System\qVzUFUw.exe
  C:\Windows\System\qVzUFUw.exe
  2⤵
  PID:15180
- C:\Windows\System\mfxzpTV.exe
  C:\Windows\System\mfxzpTV.exe
  2⤵
  PID:15208
- C:\Windows\System\qRgajFr.exe
  C:\Windows\System\qRgajFr.exe
  2⤵
  PID:15236
- C:\Windows\System\BVViuqX.exe
  C:\Windows\System\BVViuqX.exe
  2⤵
  PID:15264
- C:\Windows\System\sWRAmOT.exe
  C:\Windows\System\sWRAmOT.exe
  2⤵
  PID:15296
- C:\Windows\System\fSrNImH.exe
  C:\Windows\System\fSrNImH.exe
  2⤵
  PID:15324
- C:\Windows\System\AqgSokK.exe
  C:\Windows\System\AqgSokK.exe
  2⤵
  PID:15352
- C:\Windows\System\ELxcqzD.exe
  C:\Windows\System\ELxcqzD.exe
  2⤵
  PID:14396
- C:\Windows\System\EfYHgCX.exe
  C:\Windows\System\EfYHgCX.exe
  2⤵
  PID:14460
- C:\Windows\System\UwVJzRp.exe
  C:\Windows\System\UwVJzRp.exe
  2⤵
  PID:14548
- C:\Windows\System\hEBWDBE.exe
  C:\Windows\System\hEBWDBE.exe
  2⤵
  PID:14632
- C:\Windows\System\ftgEZbV.exe
  C:\Windows\System\ftgEZbV.exe
  2⤵
  PID:14716
- C:\Windows\System\enMpDCa.exe
  C:\Windows\System\enMpDCa.exe
  2⤵
  PID:14780
- C:\Windows\System\MgMHlrN.exe
  C:\Windows\System\MgMHlrN.exe
  2⤵
  PID:14852
- C:\Windows\System\YPXpkOw.exe
  C:\Windows\System\YPXpkOw.exe
  2⤵
  PID:14916
- C:\Windows\System\XwrlJqD.exe
  C:\Windows\System\XwrlJqD.exe
  2⤵
  PID:14976
- C:\Windows\System\BgWTwSa.exe
  C:\Windows\System\BgWTwSa.exe
  2⤵
  PID:15048
- C:\Windows\System\wZsxsRB.exe
  C:\Windows\System\wZsxsRB.exe
  2⤵
  PID:15116
- C:\Windows\System\EQSHXFR.exe
  C:\Windows\System\EQSHXFR.exe
  2⤵
  PID:15172
- C:\Windows\System\iGsyTNe.exe
  C:\Windows\System\iGsyTNe.exe
  2⤵
  PID:15232
- C:\Windows\System\DlCVGuu.exe
  C:\Windows\System\DlCVGuu.exe
  2⤵
  PID:15308
- C:\Windows\System\dKDAbfg.exe
  C:\Windows\System\dKDAbfg.exe
  2⤵
  PID:14380
- C:\Windows\System\eOIyRFQ.exe
  C:\Windows\System\eOIyRFQ.exe
  2⤵
  PID:14540
- C:\Windows\System\gjsRrWH.exe
  C:\Windows\System\gjsRrWH.exe
  2⤵
  PID:14748
- C:\Windows\System\qvVMGLF.exe
  C:\Windows\System\qvVMGLF.exe
  2⤵
  PID:14892
- C:\Windows\System\pRhkUwD.exe
  C:\Windows\System\pRhkUwD.exe
  2⤵
  PID:15032
- C:\Windows\System\XtgaAZa.exe
  C:\Windows\System\XtgaAZa.exe
  2⤵
  PID:15200
- C:\Windows\System\hHnsysG.exe
  C:\Windows\System\hHnsysG.exe
  2⤵
  PID:15348
- C:\Windows\System\nxoleGd.exe
  C:\Windows\System\nxoleGd.exe
  2⤵
  PID:14708
- C:\Windows\System\syTMaex.exe
  C:\Windows\System\syTMaex.exe
  2⤵
  PID:15028
- C:\Windows\System\qurieXh.exe
  C:\Windows\System\qurieXh.exe
  2⤵
  PID:4728
- C:\Windows\System\AUkoeyE.exe
  C:\Windows\System\AUkoeyE.exe
  2⤵
  PID:9024
- C:\Windows\System\IlawHaE.exe
  C:\Windows\System\IlawHaE.exe
  2⤵
  PID:3372
- C:\Windows\System\eaoreBC.exe
  C:\Windows\System\eaoreBC.exe
  2⤵
  PID:15376
- C:\Windows\System\bvlDriw.exe
  C:\Windows\System\bvlDriw.exe
  2⤵
  PID:15408
- C:\Windows\System\XBLAxBD.exe
  C:\Windows\System\XBLAxBD.exe
  2⤵
  PID:15452
- C:\Windows\System\nVRgSxB.exe
  C:\Windows\System\nVRgSxB.exe
  2⤵
  PID:15468
- C:\Windows\System\Ifqhyhi.exe
  C:\Windows\System\Ifqhyhi.exe
  2⤵
  PID:15496
- C:\Windows\System\wkYXxKI.exe
  C:\Windows\System\wkYXxKI.exe
  2⤵
  PID:15524
- C:\Windows\System\AoorZjw.exe
  C:\Windows\System\AoorZjw.exe
  2⤵
  PID:15552
- C:\Windows\System\RgGHJaw.exe
  C:\Windows\System\RgGHJaw.exe
  2⤵
  PID:15580
- C:\Windows\System\PkVdgRw.exe
  C:\Windows\System\PkVdgRw.exe
  2⤵
  PID:15608
- C:\Windows\System\YJnmEyX.exe
  C:\Windows\System\YJnmEyX.exe
  2⤵
  PID:15636
- C:\Windows\System\VcpluAX.exe
  C:\Windows\System\VcpluAX.exe
  2⤵
  PID:15664
- C:\Windows\System\BeYaTHU.exe
  C:\Windows\System\BeYaTHU.exe
  2⤵
  PID:15696
- C:\Windows\System\rKuKnNy.exe
  C:\Windows\System\rKuKnNy.exe
  2⤵
  PID:15720
- C:\Windows\System\KyTSdrj.exe
  C:\Windows\System\KyTSdrj.exe
  2⤵
  PID:15748
- C:\Windows\System\fBCVrvY.exe
  C:\Windows\System\fBCVrvY.exe
  2⤵
  PID:15776
- C:\Windows\System\GVfmTvg.exe
  C:\Windows\System\GVfmTvg.exe
  2⤵
  PID:15804
- C:\Windows\System\tbOtXdS.exe
  C:\Windows\System\tbOtXdS.exe
  2⤵
  PID:15832
- C:\Windows\System\ulFrQQK.exe
  C:\Windows\System\ulFrQQK.exe
  2⤵
  PID:15860
- C:\Windows\System\KunXYfN.exe
  C:\Windows\System\KunXYfN.exe
  2⤵
  PID:15888
- C:\Windows\System\UjXFNlx.exe
  C:\Windows\System\UjXFNlx.exe
  2⤵
  PID:15916
- C:\Windows\System\OeNxYHz.exe
  C:\Windows\System\OeNxYHz.exe
  2⤵
  PID:15932
- C:\Windows\System\ulLayOm.exe
  C:\Windows\System\ulLayOm.exe
  2⤵
  PID:15972
- C:\Windows\System\voWdgpl.exe
  C:\Windows\System\voWdgpl.exe
  2⤵
  PID:16000
- C:\Windows\System\HxTsXlf.exe
  C:\Windows\System\HxTsXlf.exe
  2⤵
  PID:16016
- C:\Windows\System\okCQYeN.exe
  C:\Windows\System\okCQYeN.exe
  2⤵
  PID:16048
- C:\Windows\System\dEWegmb.exe
  C:\Windows\System\dEWegmb.exe
  2⤵
  PID:16076
- C:\Windows\System\fLCUTAw.exe
  C:\Windows\System\fLCUTAw.exe
  2⤵
  PID:16120
- C:\Windows\System\ZGYsYBx.exe
  C:\Windows\System\ZGYsYBx.exe
  2⤵
  PID:16140
- C:\Windows\System\LRdTswL.exe
  C:\Windows\System\LRdTswL.exe
  2⤵
  PID:16172
- C:\Windows\System\oWJvSBU.exe
  C:\Windows\System\oWJvSBU.exe
  2⤵
  PID:16196
- C:\Windows\System\qztfaMh.exe
  C:\Windows\System\qztfaMh.exe
  2⤵
  PID:16236
- C:\Windows\System\NnNbpYG.exe
  C:\Windows\System\NnNbpYG.exe
  2⤵
  PID:16264
- C:\Windows\System\ComkuHY.exe
  C:\Windows\System\ComkuHY.exe
  2⤵
  PID:16292
- C:\Windows\System\iHyWEAk.exe
  C:\Windows\System\iHyWEAk.exe
  2⤵
  PID:16324
- C:\Windows\System\ASXzDSI.exe
  C:\Windows\System\ASXzDSI.exe
  2⤵
  PID:16352
- C:\Windows\System\FrfMcTq.exe
  C:\Windows\System\FrfMcTq.exe
  2⤵
  PID:864
- C:\Windows\System\mwZxTff.exe
  C:\Windows\System\mwZxTff.exe
  2⤵
  PID:15404
- C:\Windows\System\enWqkUB.exe
  C:\Windows\System\enWqkUB.exe
  2⤵
  PID:15492
- C:\Windows\System\gIFaPbG.exe
  C:\Windows\System\gIFaPbG.exe
  2⤵
  PID:15564
- C:\Windows\System\cdtjUVY.exe
  C:\Windows\System\cdtjUVY.exe
  2⤵
  PID:5504
- C:\Windows\System\UgJrFGJ.exe
  C:\Windows\System\UgJrFGJ.exe
  2⤵
  PID:15660
- C:\Windows\System\EuBPevd.exe
  C:\Windows\System\EuBPevd.exe
  2⤵
  PID:15712
- C:\Windows\System\mmjnAVs.exe
  C:\Windows\System\mmjnAVs.exe
  2⤵
  PID:15740
- C:\Windows\System\AlvANGv.exe
  C:\Windows\System\AlvANGv.exe
  2⤵
  PID:6220
- C:\Windows\System\AgBOJMK.exe
  C:\Windows\System\AgBOJMK.exe
  2⤵
  PID:6972
- C:\Windows\System\WXTqrIt.exe
  C:\Windows\System\WXTqrIt.exe
  2⤵
  PID:15772
- C:\Windows\System\eNZJrnd.exe
  C:\Windows\System\eNZJrnd.exe
  2⤵
  PID:7028
- C:\Windows\System\yaePhmu.exe
  C:\Windows\System\yaePhmu.exe
  2⤵
  PID:6576
- C:\Windows\System\leQbSOf.exe
  C:\Windows\System\leQbSOf.exe
  2⤵
  PID:7084
- C:\Windows\System\dqbsYCp.exe
  C:\Windows\System\dqbsYCp.exe
  2⤵
  PID:7100
- C:\Windows\System\XKeIldH.exe
  C:\Windows\System\XKeIldH.exe
  2⤵
  PID:6652
- C:\Windows\System\TZXVbyu.exe
  C:\Windows\System\TZXVbyu.exe
  2⤵
  PID:6764
- C:\Windows\System\GbxpvoA.exe
  C:\Windows\System\GbxpvoA.exe
  2⤵
  PID:15900
- C:\Windows\System\SVSWZRi.exe
  C:\Windows\System\SVSWZRi.exe
  2⤵
  PID:7224
- C:\Windows\System\bixThZy.exe
  C:\Windows\System\bixThZy.exe
  2⤵
  PID:3404
- C:\Windows\System\FSYSIiH.exe
  C:\Windows\System\FSYSIiH.exe
  2⤵
  PID:6256
- C:\Windows\System\XmxMmDm.exe
  C:\Windows\System\XmxMmDm.exe
  2⤵
  PID:15928
- C:\Windows\System\mCfkaSM.exe
  C:\Windows\System\mCfkaSM.exe
  2⤵
  PID:7332
- C:\Windows\System\CIhbaWT.exe
  C:\Windows\System\CIhbaWT.exe
  2⤵
  PID:7328
- C:\Windows\System\qrqugLH.exe
  C:\Windows\System\qrqugLH.exe
  2⤵
  PID:6380
- C:\Windows\System\AieYRAO.exe
  C:\Windows\System\AieYRAO.exe
  2⤵
  PID:16036
- C:\Windows\System\FIxKMMo.exe
  C:\Windows\System\FIxKMMo.exe
  2⤵
  PID:16088
- C:\Windows\System\liWnNCV.exe
  C:\Windows\System\liWnNCV.exe
  2⤵
  PID:7444
- C:\Windows\System\nYQTPYK.exe
  C:\Windows\System\nYQTPYK.exe
  2⤵
  PID:16104
- C:\Windows\System\rdiFqMf.exe
  C:\Windows\System\rdiFqMf.exe
  2⤵
  PID:6784
- C:\Windows\System\wQsXBJf.exe
  C:\Windows\System\wQsXBJf.exe
  2⤵
  PID:5540
- C:\Windows\System\uzFoHDa.exe
  C:\Windows\System\uzFoHDa.exe
  2⤵
  PID:7216
- C:\Windows\System\iqmuYfk.exe
  C:\Windows\System\iqmuYfk.exe
  2⤵
  PID:16156
- C:\Windows\System\WyclpQX.exe
  C:\Windows\System\WyclpQX.exe
  2⤵
  PID:7236
- C:\Windows\System\LsEFHHe.exe
  C:\Windows\System\LsEFHHe.exe
  2⤵
  PID:16208
- C:\Windows\System\BwBODnZ.exe
  C:\Windows\System\BwBODnZ.exe
  2⤵
  PID:16256
- C:\Windows\System\TitpsIQ.exe
  C:\Windows\System\TitpsIQ.exe
  2⤵
  PID:16136
- C:\Windows\System\OEMChUh.exe
  C:\Windows\System\OEMChUh.exe
  2⤵
  PID:16100
- C:\Windows\System\FCeKrQY.exe
  C:\Windows\System\FCeKrQY.exe
  2⤵
  PID:7540
- C:\Windows\System\mlJtgTl.exe
  C:\Windows\System\mlJtgTl.exe
  2⤵
  PID:7524
- C:\Windows\System\bqUreeC.exe
  C:\Windows\System\bqUreeC.exe
  2⤵
  PID:16360
- C:\Windows\System\BhdKBuu.exe
  C:\Windows\System\BhdKBuu.exe
  2⤵
  PID:7764
- C:\Windows\System\srielIK.exe
  C:\Windows\System\srielIK.exe
  2⤵
  PID:7492
- C:\Windows\System\ViCgxuC.exe
  C:\Windows\System\ViCgxuC.exe
  2⤵
  PID:7340
- C:\Windows\System\rQqqFli.exe
  C:\Windows\System\rQqqFli.exe
  2⤵
  PID:6088
- C:\Windows\System\bvDLuZa.exe
  C:\Windows\System\bvDLuZa.exe
  2⤵
  PID:6556
- C:\Windows\System\cakprPo.exe
  C:\Windows\System\cakprPo.exe
  2⤵
  PID:15400
- C:\Windows\System\PkSpTJH.exe
  C:\Windows\System\PkSpTJH.exe
  2⤵
  PID:15536
- C:\Windows\System\ITHjxfd.exe
  C:\Windows\System\ITHjxfd.exe
  2⤵
  PID:15620
- C:\Windows\System\zJYqsid.exe
  C:\Windows\System\zJYqsid.exe
  2⤵
  PID:7288
- C:\Windows\System\jHLwgST.exe
  C:\Windows\System\jHLwgST.exe
  2⤵
  PID:6924
- C:\Windows\System\eJtTrLK.exe
  C:\Windows\System\eJtTrLK.exe
  2⤵
  PID:6964
- C:\Windows\System\ooQUkGQ.exe
  C:\Windows\System\ooQUkGQ.exe
  2⤵
  PID:15768
- C:\Windows\System\KOWzuiA.exe
  C:\Windows\System\KOWzuiA.exe
  2⤵
  PID:6316
- C:\Windows\System\LxknREN.exe
  C:\Windows\System\LxknREN.exe
  2⤵
  PID:15824
- C:\Windows\System\dvPYpiJ.exe
  C:\Windows\System\dvPYpiJ.exe
  2⤵
  PID:7472
- C:\Windows\System\VObqEdF.exe
  C:\Windows\System\VObqEdF.exe
  2⤵
  PID:1772
- C:\Windows\System\FBWZdaj.exe
  C:\Windows\System\FBWZdaj.exe
  2⤵
  PID:7132
- C:\Windows\System\uGsadcw.exe
  C:\Windows\System\uGsadcw.exe
  2⤵
  PID:7160
- C:\Windows\System\OxTIRNv.exe
  C:\Windows\System\OxTIRNv.exe
  2⤵
  PID:5268
- C:\Windows\System\nsMiucB.exe
  C:\Windows\System\nsMiucB.exe
  2⤵
  PID:9456
- C:\Windows\System\XtwazWo.exe
  C:\Windows\System\XtwazWo.exe
  2⤵
  PID:15960
- C:\Windows\System\bGLrgXm.exe
  C:\Windows\System\bGLrgXm.exe
  2⤵
  PID:9540
- C:\Windows\System\WZgYdyU.exe
  C:\Windows\System\WZgYdyU.exe
  2⤵
  PID:9560
- C:\Windows\System\PYzBNuZ.exe
  C:\Windows\System\PYzBNuZ.exe
  2⤵
  PID:6668
- C:\Windows\System\oUvxfxu.exe
  C:\Windows\System\oUvxfxu.exe
  2⤵
  PID:6768
- C:\Windows\System\rukmEVq.exe
  C:\Windows\System\rukmEVq.exe
  2⤵
  PID:9672
- C:\Windows\System\aqHySeF.exe
  C:\Windows\System\aqHySeF.exe
  2⤵
  PID:9724
- C:\Windows\System\XyCDpIz.exe
  C:\Windows\System\XyCDpIz.exe
  2⤵
  PID:6172
- C:\Windows\System\ypvyVaq.exe
  C:\Windows\System\ypvyVaq.exe
  2⤵
  PID:7304
- C:\Windows\System\wYfXIqi.exe
  C:\Windows\System\wYfXIqi.exe
  2⤵
  PID:7108
- C:\Windows\System\QfVlNNF.exe
  C:\Windows\System\QfVlNNF.exe
  2⤵
  PID:4556
- C:\Windows\System\uHbNyFT.exe
  C:\Windows\System\uHbNyFT.exe
  2⤵
  PID:2648
- C:\Windows\System\UqqofZZ.exe
  C:\Windows\System\UqqofZZ.exe
  2⤵
  PID:16348
- C:\Windows\System\XCiafjN.exe
  C:\Windows\System\XCiafjN.exe
  2⤵
  PID:6476
- C:\Windows\System\iGBrZcE.exe
  C:\Windows\System\iGBrZcE.exe
  2⤵
  PID:7136
- C:\Windows\System\nahGDmJ.exe
  C:\Windows\System\nahGDmJ.exe
  2⤵
  PID:2096
- C:\Windows\System\EsmqvZw.exe
  C:\Windows\System\EsmqvZw.exe
  2⤵
  PID:7256
- C:\Windows\System\Eprbklk.exe
  C:\Windows\System\Eprbklk.exe
  2⤵
  PID:16380
- C:\Windows\System\QxJaole.exe
  C:\Windows\System\QxJaole.exe
  2⤵
  PID:7768
- C:\Windows\System\RBebfle.exe
  C:\Windows\System\RBebfle.exe
  2⤵
  PID:6844
- C:\Windows\System\fgghEtK.exe
  C:\Windows\System\fgghEtK.exe
  2⤵
  PID:10208
- C:\Windows\System\dXYSmpl.exe
  C:\Windows\System\dXYSmpl.exe
  2⤵
  PID:5024
- C:\Windows\System\oeBiuzt.exe
  C:\Windows\System\oeBiuzt.exe
  2⤵
  PID:9296
- C:\Windows\System\UYnILTO.exe
  C:\Windows\System\UYnILTO.exe
  2⤵
  PID:15688
- C:\Windows\System\nIIOvkG.exe
  C:\Windows\System\nIIOvkG.exe
  2⤵
  PID:9516
- C:\Windows\System\LjbgHNi.exe
  C:\Windows\System\LjbgHNi.exe
  2⤵
  PID:6320
- C:\Windows\System\xTrxzoj.exe
  C:\Windows\System\xTrxzoj.exe
  2⤵
  PID:9272
- C:\Windows\System\CqSpJmq.exe
  C:\Windows\System\CqSpJmq.exe
  2⤵
  PID:1776
- C:\Windows\System\INNUtTy.exe
  C:\Windows\System\INNUtTy.exe
  2⤵
  PID:7812
- C:\Windows\System\PYMpspl.exe
  C:\Windows\System\PYMpspl.exe
  2⤵
  PID:8140
- C:\Windows\System\IoLDccC.exe
  C:\Windows\System\IoLDccC.exe
  2⤵
  PID:8152
- C:\Windows\System\gSPlUHL.exe
  C:\Windows\System\gSPlUHL.exe
  2⤵
  PID:9756
- C:\Windows\System\oZFUACd.exe
  C:\Windows\System\oZFUACd.exe
  2⤵
  PID:15880
- C:\Windows\System\xViiDyL.exe
  C:\Windows\System\xViiDyL.exe
  2⤵
  PID:7956
- C:\Windows\System\nciBNVy.exe
  C:\Windows\System\nciBNVy.exe
  2⤵
  PID:7192
- C:\Windows\System\bISOocP.exe
  C:\Windows\System\bISOocP.exe
  2⤵
  PID:8028
- C:\Windows\System\jkeNegT.exe
  C:\Windows\System\jkeNegT.exe
  2⤵
  PID:8060
- C:\Windows\System\mDdXeQK.exe
  C:\Windows\System\mDdXeQK.exe
  2⤵
  PID:7144
- C:\Windows\System\rgjLIJu.exe
  C:\Windows\System\rgjLIJu.exe
  2⤵
  PID:10096
- C:\Windows\System\vqcufAq.exe
  C:\Windows\System\vqcufAq.exe
  2⤵
  PID:8236
- C:\Windows\System\LRZgBlN.exe
  C:\Windows\System\LRZgBlN.exe
  2⤵
  PID:6756
- C:\Windows\System\klERNdF.exe
  C:\Windows\System\klERNdF.exe
  2⤵
  PID:16072
- C:\Windows\System\hAeRnnJ.exe
  C:\Windows\System\hAeRnnJ.exe
  2⤵
  PID:8252
- C:\Windows\System\iXFAtAU.exe
  C:\Windows\System\iXFAtAU.exe
  2⤵
  PID:8272
- C:\Windows\System\GmFehEA.exe
  C:\Windows\System\GmFehEA.exe
  2⤵
  PID:9536
- C:\Windows\System\gIemlxv.exe
  C:\Windows\System\gIemlxv.exe
  2⤵
  PID:8288
- C:\Windows\System\zExJCoh.exe
  C:\Windows\System\zExJCoh.exe
  2⤵
  PID:3172
- C:\Windows\System\vGmdPga.exe
  C:\Windows\System\vGmdPga.exe
  2⤵
  PID:10124
- C:\Windows\System\afmIgPi.exe
  C:\Windows\System\afmIgPi.exe
  2⤵
  PID:16188
- C:\Windows\System\TTVFYpa.exe
  C:\Windows\System\TTVFYpa.exe
  2⤵
  PID:5076
- C:\Windows\System\vQQyaYL.exe
  C:\Windows\System\vQQyaYL.exe
  2⤵
  PID:8432
- C:\Windows\System\coNcMnZ.exe
  C:\Windows\System\coNcMnZ.exe
  2⤵
  PID:7104
- C:\Windows\System\nHrzCKg.exe
  C:\Windows\System\nHrzCKg.exe
  2⤵
  PID:8516
- C:\Windows\System\nJkizuy.exe
  C:\Windows\System\nJkizuy.exe
  2⤵
  PID:10388
- C:\Windows\System\AopTyAA.exe
  C:\Windows\System\AopTyAA.exe
  2⤵
  PID:10440
- C:\Windows\System\dlVDqyW.exe
  C:\Windows\System\dlVDqyW.exe
  2⤵
  PID:10480
- C:\Windows\System\MgnILxY.exe
  C:\Windows\System\MgnILxY.exe
  2⤵
  PID:10552
- C:\Windows\System\SvsxilD.exe
  C:\Windows\System\SvsxilD.exe
  2⤵
  PID:6544
- C:\Windows\System\eRbIdlz.exe
  C:\Windows\System\eRbIdlz.exe
  2⤵
  PID:9312
- C:\Windows\System\hTshyox.exe
  C:\Windows\System\hTshyox.exe
  2⤵
  PID:10668
- C:\Windows\System\fLLKbpy.exe
  C:\Windows\System\fLLKbpy.exe
  2⤵
  PID:10696
- C:\Windows\System\oUyJxXz.exe
  C:\Windows\System\oUyJxXz.exe
  2⤵
  PID:9632
- C:\Windows\System\PcyPjQA.exe
  C:\Windows\System\PcyPjQA.exe
  2⤵
  PID:10760
- C:\Windows\System\ofbkXdT.exe
  C:\Windows\System\ofbkXdT.exe
  2⤵
  PID:7636
- C:\Windows\System\uMJefTv.exe
  C:\Windows\System\uMJefTv.exe
  2⤵
  PID:8744
- C:\Windows\System\WlNCjAc.exe
  C:\Windows\System\WlNCjAc.exe
  2⤵
  PID:10844
- C:\Windows\System\MLqcMCJ.exe
  C:\Windows\System\MLqcMCJ.exe
  2⤵
  PID:7836
- C:\Windows\System\amGvpwY.exe
  C:\Windows\System\amGvpwY.exe
  2⤵
  PID:10936
- C:\Windows\System\gXJAATj.exe
  C:\Windows\System\gXJAATj.exe
  2⤵
  PID:7940
- C:\Windows\System\bYKqWLd.exe
  C:\Windows\System\bYKqWLd.exe
  2⤵
  PID:11020
- C:\Windows\System\wFPMVDM.exe
  C:\Windows\System\wFPMVDM.exe
  2⤵
  PID:15912
- C:\Windows\System\amLGLwQ.exe
  C:\Windows\System\amLGLwQ.exe
  2⤵
  PID:10076
- C:\Windows\System\JWvoNYi.exe
  C:\Windows\System\JWvoNYi.exe
  2⤵
  PID:6412
- C:\Windows\System\leQklpH.exe
  C:\Windows\System\leQklpH.exe
  2⤵
  PID:6716
- C:\Windows\System\BWkzDVB.exe
  C:\Windows\System\BWkzDVB.exe
  2⤵
  PID:8256
- C:\Windows\System\ePqEzfj.exe
  C:\Windows\System\ePqEzfj.exe
  2⤵
  PID:8264
- C:\Windows\System\LLIWRfi.exe
  C:\Windows\System\LLIWRfi.exe
  2⤵
  PID:9544
- C:\Windows\System\XkSGwzH.exe
  C:\Windows\System\XkSGwzH.exe
  2⤵
  PID:11212
- C:\Windows\System\QkLmerG.exe
  C:\Windows\System\QkLmerG.exe
  2⤵
  PID:9748
- C:\Windows\System\LFFNKDb.exe
  C:\Windows\System\LFFNKDb.exe
  2⤵
  PID:10672
- C:\Windows\System\zrqMuHe.exe
  C:\Windows\System\zrqMuHe.exe
  2⤵
  PID:10716
- C:\Windows\System\DoVLTSQ.exe
  C:\Windows\System\DoVLTSQ.exe
  2⤵
  PID:16336
- C:\Windows\System\sOcPRWX.exe
  C:\Windows\System\sOcPRWX.exe
  2⤵
  PID:4148
- C:\Windows\System\pODeyqG.exe
  C:\Windows\System\pODeyqG.exe
  2⤵
  PID:7516
- C:\Windows\System\eKfOmQe.exe
  C:\Windows\System\eKfOmQe.exe
  2⤵
  PID:10456
- C:\Windows\System\boqBQin.exe
  C:\Windows\System\boqBQin.exe
  2⤵
  PID:9012
- C:\Windows\System\tvCPfvx.exe
  C:\Windows\System\tvCPfvx.exe
  2⤵
  PID:7356
- C:\Windows\System\OwWiAEQ.exe
  C:\Windows\System\OwWiAEQ.exe
  2⤵
  PID:9072
- C:\Windows\System\oyUiAod.exe
  C:\Windows\System\oyUiAod.exe
  2⤵
  PID:8608
- C:\Windows\System\kBOWvvM.exe
  C:\Windows\System\kBOWvvM.exe
  2⤵
  PID:8616
- C:\Windows\System\MouDJsp.exe
  C:\Windows\System\MouDJsp.exe
  2⤵
  PID:1664
- C:\Windows\System\PSApNIM.exe
  C:\Windows\System\PSApNIM.exe
  2⤵
  PID:8684
- C:\Windows\System\GWsAJCI.exe
  C:\Windows\System\GWsAJCI.exe
  2⤵
  PID:10796
- C:\Windows\System\EYKssPJ.exe
  C:\Windows\System\EYKssPJ.exe
  2⤵
  PID:10852
- C:\Windows\System\HnllZBA.exe
  C:\Windows\System\HnllZBA.exe
  2⤵
  PID:9196
- C:\Windows\System\Ffmfnax.exe
  C:\Windows\System\Ffmfnax.exe
  2⤵
  PID:10908
- C:\Windows\System\TibQSHj.exe
  C:\Windows\System\TibQSHj.exe
  2⤵
  PID:10972
- C:\Windows\System\QHNuYSj.exe
  C:\Windows\System\QHNuYSj.exe
  2⤵
  PID:7064
- C:\Windows\System\svYVFcs.exe
  C:\Windows\System\svYVFcs.exe
  2⤵
  PID:7164
- C:\Windows\System\UyrcsXu.exe
  C:\Windows\System\UyrcsXu.exe
  2⤵
  PID:1404
- C:\Windows\System\rBkYjpd.exe
  C:\Windows\System\rBkYjpd.exe
  2⤵
  PID:7944
- C:\Windows\System\nJxZuGE.exe
  C:\Windows\System\nJxZuGE.exe
  2⤵
  PID:8008
- C:\Windows\System\GNQFluH.exe
  C:\Windows\System\GNQFluH.exe
  2⤵
  PID:11296
- C:\Windows\System\fWjrMgW.exe
  C:\Windows\System\fWjrMgW.exe
  2⤵
  PID:8040
- C:\Windows\System\QfMQMUJ.exe
  C:\Windows\System\QfMQMUJ.exe
  2⤵
  PID:11316
- C:\Windows\System\kovhiJS.exe
  C:\Windows\System\kovhiJS.exe
  2⤵
  PID:3692
- C:\Windows\System\DbOlUzM.exe
  C:\Windows\System\DbOlUzM.exe
  2⤵
  PID:9780
- C:\Windows\System\uhtEDVr.exe
  C:\Windows\System\uhtEDVr.exe
  2⤵
  PID:8492
- C:\Windows\System\LyYyiKs.exe
  C:\Windows\System\LyYyiKs.exe
  2⤵
  PID:11484
- C:\Windows\System\YnpGHHh.exe
  C:\Windows\System\YnpGHHh.exe
  2⤵
  PID:11516
- C:\Windows\System\jimrvkP.exe
  C:\Windows\System\jimrvkP.exe
  2⤵
  PID:11572
- C:\Windows\System\vWCwDso.exe
  C:\Windows\System\vWCwDso.exe
  2⤵
  PID:15372
- C:\Windows\System\foLayRR.exe
  C:\Windows\System\foLayRR.exe
  2⤵
  PID:11628
- C:\Windows\System\cZYOxew.exe
  C:\Windows\System\cZYOxew.exe
  2⤵
  PID:8548
- C:\Windows\System\DPXHnHh.exe
  C:\Windows\System\DPXHnHh.exe
  2⤵
  PID:11232
- C:\Windows\System\qpBeDiB.exe
  C:\Windows\System\qpBeDiB.exe
  2⤵
  PID:8568
- C:\Windows\System\KfWnhvB.exe
  C:\Windows\System\KfWnhvB.exe
  2⤵
  PID:11740
- C:\Windows\System\TxkPYgy.exe
  C:\Windows\System\TxkPYgy.exe
  2⤵
  PID:9108
- C:\Windows\System\ynwZUPN.exe
  C:\Windows\System\ynwZUPN.exe
  2⤵
  PID:11812
- C:\Windows\System\AJyjZjP.exe
  C:\Windows\System\AJyjZjP.exe
  2⤵
  PID:7740
- C:\Windows\System\wqTDTOD.exe
  C:\Windows\System\wqTDTOD.exe
  2⤵
  PID:10376
- C:\Windows\System\yRCWVEx.exe
  C:\Windows\System\yRCWVEx.exe
  2⤵
  PID:11972
- C:\Windows\System\mKwIlEl.exe
  C:\Windows\System\mKwIlEl.exe
  2⤵
  PID:11084
- C:\Windows\System\rpMCEOy.exe
  C:\Windows\System\rpMCEOy.exe
  2⤵
  PID:10724
- C:\Windows\System\DMJIjdL.exe
  C:\Windows\System\DMJIjdL.exe
  2⤵
  PID:2976
- C:\Windows\System\MMxEpDz.exe
  C:\Windows\System\MMxEpDz.exe
  2⤵
  PID:10412
- C:\Windows\System\dPYcweG.exe
  C:\Windows\System\dPYcweG.exe
  2⤵
  PID:5908
- C:\Windows\System\YVNyOeP.exe
  C:\Windows\System\YVNyOeP.exe
  2⤵
  PID:11324
- C:\Windows\System\NPLHTbj.exe
  C:\Windows\System\NPLHTbj.exe
  2⤵
  PID:12176
- C:\Windows\System\lpGHtjS.exe
  C:\Windows\System\lpGHtjS.exe
  2⤵
  PID:8464
- C:\Windows\System\AUEYgcV.exe
  C:\Windows\System\AUEYgcV.exe
  2⤵
  PID:11468
- C:\Windows\System\KAfMJYz.exe
  C:\Windows\System\KAfMJYz.exe
  2⤵
  PID:11528
- C:\Windows\System\cdfPael.exe
  C:\Windows\System\cdfPael.exe
  2⤵
  PID:11300
- C:\Windows\System\CRFlwdL.exe
  C:\Windows\System\CRFlwdL.exe
  2⤵
  PID:10172
- C:\Windows\System\nIhnTHP.exe
  C:\Windows\System\nIhnTHP.exe
  2⤵
  PID:11452
- C:\Windows\System\TNkteYr.exe
  C:\Windows\System\TNkteYr.exe
  2⤵
  PID:11664
- C:\Windows\System\tLNvwlT.exe
  C:\Windows\System\tLNvwlT.exe
  2⤵
  PID:11560
- C:\Windows\System\kCirOCE.exe
  C:\Windows\System\kCirOCE.exe
  2⤵
  PID:11716
- C:\Windows\System\BbOMqtC.exe
  C:\Windows\System\BbOMqtC.exe
  2⤵
  PID:11692
- C:\Windows\System\HjLFzpg.exe
  C:\Windows\System\HjLFzpg.exe
  2⤵
  PID:11576
- C:\Windows\System\ZObXZzf.exe
  C:\Windows\System\ZObXZzf.exe
  2⤵
  PID:11756
- C:\Windows\System\lgCVpjT.exe
  C:\Windows\System\lgCVpjT.exe
  2⤵
  PID:12136
- C:\Windows\System\CraFRFW.exe
  C:\Windows\System\CraFRFW.exe
  2⤵
  PID:11400
- C:\Windows\System\IsmnLON.exe
  C:\Windows\System\IsmnLON.exe
  2⤵
  PID:8484
- C:\Windows\System\iNZQHkF.exe
  C:\Windows\System\iNZQHkF.exe
  2⤵
  PID:12396
- C:\Windows\System\HpFVXpR.exe
  C:\Windows\System\HpFVXpR.exe
  2⤵
  PID:9400
- C:\Windows\System\OcSDpLp.exe
  C:\Windows\System\OcSDpLp.exe
  2⤵
  PID:10948
- C:\Windows\System\IUfhjrB.exe
  C:\Windows\System\IUfhjrB.exe
  2⤵
  PID:12532
- C:\Windows\System\hAvfjSf.exe
  C:\Windows\System\hAvfjSf.exe
  2⤵
  PID:4864
- C:\Windows\System\CWmfNOa.exe
  C:\Windows\System\CWmfNOa.exe
  2⤵
  PID:8384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DAAQmQe.exe

Filesize
6.0MB

MD5
669b16ef148f7e300dda8a5ded3db2f9

SHA1
4345fe869d83faeb5e5d785e5f84839c1689b98f

SHA256
595dd3ee57185a0e908d5c75edf806c528f96e39b6729bcaea2e5c959a895dd6

SHA512
208ed721da4e0524ece2058463920fa0cc1cf44312bfff0f8ea01153b4b8559f159607b477045611f49869a71f01343996b6aa83c5be6a4a06dd04f17a70c3a7

Download Submit
C:\Windows\System\EyMTBSA.exe

Filesize
6.0MB

MD5
49b9bac106523c3e4a599d7c8caef152

SHA1
1185f37422f4617fc133d0a998426ce772331f7b

SHA256
da63983a6bf3c9db7ed44d4100b7963870f0319ac44a44b2ebfd0b73308c0d05

SHA512
5fd0d383fca1656d34b66c59570f8fe6d485a94aecc272840e04e9583d768199ecc4bd8c2e72ab99480acd3f035e0398427fd7648b378ffd239f867c34b21436

Download Submit
C:\Windows\System\FETOtGC.exe

Filesize
6.0MB

MD5
b3938c438e161e9de6b9386581238038

SHA1
99819129ea962dcb1327fc0e8874102b04d5a908

SHA256
95d932ff61a6d9c049e45a7f411950692927c7ed6a46214ef8ed1173dc7fce6e

SHA512
db38ad86d4d57e8a447f3924b916a5ea0bf66f57e4f99beb9b9381dae867c53f161ded00bc9ec6e841f5c57965fcea76b0d2e1607f6b964811716655f052339f

Download Submit
C:\Windows\System\Fixupma.exe

Filesize
6.0MB

MD5
6779725ab6a23387d965ff38ff08e754

SHA1
ac99dea4d3a092d05176fd08afcffa5288410ebe

SHA256
15cf398793fe3b633ef0f304598e08bc81d881f2eebf3da4570bc8fe0a3c3f8f

SHA512
f924850eec7843fbbf212d2c1e5ee892742ade62122612bc7d602b91c8bb70b490c48d4eae46529fab341598e32290788abd83abf627418cd3d4659ed16aa935

Download Submit
C:\Windows\System\GqcizNP.exe

Filesize
6.0MB

MD5
7e74bc5ca41783de15c7c9220c11e39d

SHA1
100c927859aba2778718784a9749f57b5dfa0863

SHA256
eafc59e431cd2a0c0c7d31e71f0f5d051e6bec248c26c71638013702ae16e6a3

SHA512
9335f08cff4439a0af692da1aea16ec5b3c133498a544942f80ebf543a2630fa19544604f18b5ecf9fb5c9f151838bf1766864a313bf4f49204de9cdd8373c1a

Download Submit
C:\Windows\System\GxIHczs.exe

Filesize
6.0MB

MD5
f4fc380d745df6bea3d7c53a8d44821e

SHA1
1c6a2033be9e87ab4a48ebc46b16465565814310

SHA256
b49554e45f9e721977bc8ca26fcbab920a3d521c641214df43e0a4beca56ddbb

SHA512
c51486c850ec909e989ba82d23119054cdb24f36d08bd3e7b87c8e5670dadff6868b74b5307511885e32000de21dba44b38e54cd320fb8fe98f8512c02cb0d5f

Download Submit
C:\Windows\System\HqUkeZt.exe

Filesize
6.0MB

MD5
8b9733fc0657161a4bdd869708b51ae7

SHA1
d85d0715cdabb97444f0c0a6dc43ef8165750fef

SHA256
1f9cea06210be62205047355416ebb04de24dc3ae70ae5b5e94fd7ac1bf4282b

SHA512
f74237f748269cc617f925776c71872a2824d1d7578c178bb9366b1ded55c99afbbf3b6ac0ffc12d2fd59687ba52f67909e00017f6fb492e9ff9b71b5f6a8f00

Download Submit
C:\Windows\System\KzdZVlI.exe

Filesize
6.0MB

MD5
4be84ad7f16749a3d68bddd0471ba3ed

SHA1
c69e8dce126515148b5c00b6d2a3cb55842d1f4d

SHA256
c0064aee9889a79421811c2ea518397caa089c8798efa78a57ec2f973d8a9613

SHA512
3ba5592fb5f9d0ddc46f0fa9f86f19723c28ea56015f9216c89f50100db3cf7a0e7e00292b87882bfd21bed9058a66c1ef1fbfba19978abcc525da3dbb6168d7

Download Submit
C:\Windows\System\NpyvvLM.exe

Filesize
6.0MB

MD5
5982ca13147635aa317524d9ad9064a9

SHA1
6f74f5b57ef99a8b2b750d388f12f34a58e08fe5

SHA256
360e33b423f6ed3d23612cd9d7ddb508f5934fe1e3b21241a839f7c162be948d

SHA512
0458d9fd69c656ffd53694958877ea4000a0ba4aa898bcc3c9ac6fbc6b57a3a3777b6a83098f42f29e68053025706182d95795152206c4e19aeaa9584e108658

Download Submit
C:\Windows\System\SIPSDlK.exe

Filesize
6.0MB

MD5
03b3328da13c4437ffaaf3ff3fa17076

SHA1
d8ce81c89469f50c062f743c4f1d82800255eb28

SHA256
e073122a54b795f57c6903823ff16c40acef07547b0ca4b9cc7056129a45000a

SHA512
b8d49f3ccac814c922a94318c133423d112bd18781e458026ea612db8e460904e33491708201bf204f2b066eb21f0d502da650f0e62ed3a4a8ea66c6c65567b9

Download Submit
C:\Windows\System\SkVWdJu.exe

Filesize
6.0MB

MD5
f620e61cb0f32311d5acebfa1bf5e0d0

SHA1
c54f51c1a57061d9f416e4abc801b0743ebb64f1

SHA256
0db4665e7e933c8bb7c8dbe523c7f836b613ef19893e75638c7ff0526c6f7882

SHA512
ad340fd6ebf4c9971f18ddf482f71331989e82f5c673bb144960b3b72a04aca098d0787d5d4628640e08496d20b7044806c3a69e974c9cc3cb9e206be10cb727

Download Submit
C:\Windows\System\WXbqwXa.exe

Filesize
6.0MB

MD5
ae175122a46fbe0c0cf4b72374bb95d5

SHA1
044484a67bf90f9af1868e988ee14b50701eeba2

SHA256
8697710f855c417dac54bca88c777febffd81a0b79b659db05e892dce3b28db7

SHA512
dabbafb5f4ffa0fb1622eaded7fcdc31ca9c30aca1609f0c74b0c844ef84cea2ebf8ce734a3e4f99fca5c667cd20dd8d1c98f48cbfe036b37234fa13726a1eb7

Download Submit
C:\Windows\System\XQExbiE.exe

Filesize
6.0MB

MD5
fd731516b32b497e25b05056c4f1a81d

SHA1
fde212c3d87c1c54f7d92026ed33a81909eefeb0

SHA256
f1dda278d68cc7add9673f3c2791473a61794504ae1a43a7b4c6d62510aa7b56

SHA512
3bb4ace83e9dfe7a341c605ac6e7dcb174e7a7179f06f107bc4abbbf2c85bb8a64cccf476c4297a4987f50006649ba944a1073e52d4988a718309e4156c7fe31

Download Submit
C:\Windows\System\XSpQuGG.exe

Filesize
6.0MB

MD5
379b81926c956769cb59bdb529e78791

SHA1
1a1d9e121ec7c83ecd4dcdb6c3cb24a15c2fa717

SHA256
d7d769df9943e50948e638a52a1f234ac37f83554d44e584f30bb2dc58cc548f

SHA512
7236d1d8a0770b1db4ba6bd04b93175e0583a41e9fc8f02a5ed4916cf76a9b458580cc730e109456a16db848482c025edef6c55f8fe46a10099aec91354a541f

Download Submit
C:\Windows\System\XsDIDHk.exe

Filesize
6.0MB

MD5
931d149d7769919e7fafd655a48315c5

SHA1
ace1f7f31096fe36b10d34a4577009ed9184d04c

SHA256
a013d4d98d0ef49cbdee59e896f4acdaf2a6b4015bec5ac8b36273afd4e0d690

SHA512
b1986ffb86f6a3bed6a461e5ed4da052d4b5ee3e204b8bfdf2024846d72b17905a8f3fdd0c2e31dc65f8b934a4453febcf335f00cad6639cce6820fdbe391798

Download Submit
C:\Windows\System\dBZCImm.exe

Filesize
6.0MB

MD5
615d9b3177d0367307224458cd8512d5

SHA1
d6ccb0945e80c7985e41e2b5b993d968919fa662

SHA256
36b7e009855470919839626fd8104338ccd9e88cccd9361f110b8798db8669f8

SHA512
30290855d55fe37e268ed28d37399ce6f614de6426d4cc938499ae8e770417736157442954bc80a3f93220bfc9a7a8a6daa5cbde1855634135596b3c779435cc

Download Submit
C:\Windows\System\dbWGNXK.exe

Filesize
6.0MB

MD5
f611e893060f57ac875aa0be71c6fe6b

SHA1
24f77a243fc84ab389b94c91a7cf994efc60161f

SHA256
fb3890a7233a1799b406f4d7566bd1dc9010ea082bbc22a53cb24994be546945

SHA512
01b5d32bab455064407ec0574914bc5370924a62218807052fd4c34a18e4043c8f692ab01900cd7ab9e51a737dba7725068a5fa1bac63d42c973f015a2f5485b

Download Submit
C:\Windows\System\drNQguC.exe

Filesize
6.0MB

MD5
4dd4257c32b890aa5844196d7d2ba16c

SHA1
0428f096be5a7210dbef3831dab9a4c61e47fe2a

SHA256
85ab223011263daad2f72f2708f4a58f16c881c31aea411e4de3bb028a366545

SHA512
0aa7ca39693d167c5b63e3e45cf77bdd49446d38ee2e1ef0eb9dacc94c9673a2733af5d709234f64f03a118ef65220b5ceaecfaf122972c04214c81b75af1205

Download Submit
C:\Windows\System\eCGaCIj.exe

Filesize
6.0MB

MD5
0ebe3dc182c6d62e16921e8726eaff15

SHA1
1ea7dd6ff0bde5ac6121474008e42295f74c1a48

SHA256
fdab74ac294221c84f9f7ac3b3bb56566f71dec634239015ac285deebb924aa2

SHA512
e52beb4d719dbe6b876f30c4f89b2cf15feef47510f4c23ba4750fb124268e4716679ec61462d8f6edfe95ec0b68ad48f13ecd6c9593730b3620445817d0d86e

Download Submit
C:\Windows\System\exefdqp.exe

Filesize
6.0MB

MD5
13833726337ce110eaafd3cae2d7b86e

SHA1
bddf0a3ed3c64a75d2be3361f7fd6a01e4ae0ac5

SHA256
2859267107bb795bca0984983646343c3606739a9ffc3bd370339fae9f991a3d

SHA512
b0bf75ee50be8fdcec7066da12c2900516efe0d9f3fda0aca8591888eebc2bc64ef6a11bd1e4d50c549fcfa4011df9e14dd48754ec799c6195d948c3adc89568

Download Submit
C:\Windows\System\foKAxWs.exe

Filesize
6.0MB

MD5
d74a08f159197bd6b66a8ddd51bdd45f

SHA1
f91e4887fb0dc47a23f8740dba8f71a617bc1453

SHA256
63a96c0cf63df4d9b627373282534862067a8b561fe8776f2bb6275b9b72e110

SHA512
858d6999bdf89565b445dd9b6ad485ea27d659552ded70395500ea502fac2793c45207b72b4415842457e1419d84384b68e5b6d31b71c1e3f2879020bbcbcac0

Download Submit
C:\Windows\System\gNXepce.exe

Filesize
6.0MB

MD5
c67b662dae3f32b914efc2cc96c166c0

SHA1
20ecbd8d594c4a5f2d4cc4685d6bfab50c07535d

SHA256
35153ad3e756ad9af3e543dec75c1b9551abe4d4f5b41370798e017dc555bd3e

SHA512
453f11a0ee4e33c6215baeb1964899aed6aacdddc76a3635997743b6de71a598eb6abc0f83748840d5c5eaac82f9b67285966b67f33285460daa10575acfc42d

Download Submit
C:\Windows\System\gpvwOij.exe

Filesize
6.0MB

MD5
2afa45c88f3bd122cb57c883a977a5bd

SHA1
d7be0701c216f41c02ea3644c74dbee75e7c1e6c

SHA256
0b8ba472be48d52a30a0f86e1036595f31fa68a8a2ee5421bb3a208be1b73c66

SHA512
f27ebd53cd72c4ef2f782f634cc9d1224a1a3ee66d43a554551bfc257ef48410d73ff6671e97816f16aa49099b1b432b337afeb3ca2cc7f5c2e03dbdbbdcb125

Download Submit
C:\Windows\System\guNzuLm.exe

Filesize
6.0MB

MD5
d3120ac08dacdd939d6a6834138b654a

SHA1
7161cf58c619440994c15e69ba6830331ed57710

SHA256
1103f08d5e4bcb8c4c0f7e5ba75b0425a5416abac84d672039f23fbd7d8e5344

SHA512
f4de40fe79e2993c1d01326a4d47bf81e8a20a8dc6b14220ebc0c6bc0dcc7aa9b2c6e851c76a83140a7994bab5448eedf7ea70ee7a09d3ba200ac7d3b285cc72

Download Submit
C:\Windows\System\jUeiQYZ.exe

Filesize
6.0MB

MD5
2f9d43957967c3279e6d947c5812f544

SHA1
39d11cc09bef5c351299cb324057df6e1f0532af

SHA256
f43d75f9d2ec2c66f9ae89df495678cab3e3bf0e0980367ef8027aa021e768a9

SHA512
fb6d1b705cc302124f3a73d4e52b429410643c582ddd72dea947128555803f36875b5fc397bc72c2b88ec48d2a3edc46b2354a951a1d707b4c400295e86fa1ad

Download Submit
C:\Windows\System\jhuvRck.exe

Filesize
6.0MB

MD5
03f697da11571516b06251cd25845ba7

SHA1
ac39fc1e638928988b2464befaf27bc19f4c0df1

SHA256
d49aa6e78a3a3d6a2e9badb50cfd9c409b15e0671c65a321fbb6bef0e324cdf8

SHA512
da706e3ac89d7917ee85745f35c42d19dd69a94c353f2691aba346cb2d211b614865efaa044080a2ac3abce30b3f2758d2b2b1e82e885193a1cb22c9f3b63a6c

Download Submit
C:\Windows\System\lDGJKlK.exe

Filesize
6.0MB

MD5
075ad872792b487dd6cc60c6834b17ba

SHA1
6841664a2f4df4478204eed4bf109e6912aa8751

SHA256
3749d1e1f5f8306592eecd235c27b97c7f72adf71f8b207046fe76ca404496a3

SHA512
9a0b067db5b7cd6d8b05c078fc018c4f821fb5debcbefb7a7a1ddf38c85ec3d85a53de9c19a26d0c1bb41d3ca3317529bf19d5a072850fcdf55539ea77fef04e

Download Submit
C:\Windows\System\nGhtFyt.exe

Filesize
6.0MB

MD5
9755d8b3144ff37e8349ba05abb03812

SHA1
dcbb1b08599a56288b78ea8cf0e7d2a566f46ec8

SHA256
5ce4f5229cea6b98a9cc2189f7f03334fa0cf66056ec9eb0f680737b7db482eb

SHA512
41c66b583cd6d7873106e15031cc5208d08eb8b24e13cc609cd4568a9651183112a729131ec909cd428252c416847a038e6ad3217f4f2ffe2be1677ca39d5742

Download Submit
C:\Windows\System\nxStdwu.exe

Filesize
6.0MB

MD5
5c749f619a71283d35b5ecdb469d7283

SHA1
c554d82cb1f9dc917659dc10ba300e614ed03563

SHA256
39dc2517ba2dc47b6c77a95f77a35a53d7e685ddae6bb133a8cdb82f578c8d86

SHA512
3347c402c1c3d72e2cca55bfc8ad6b8d8c0963edbe419fa538bcdbf829b8a63bcf773440fbf04e2c66ff0bd4be839b08484690b4f3a84f08a30d2d12f39ca461

Download Submit
C:\Windows\System\oddFcEG.exe

Filesize
6.0MB

MD5
7758fb9fc7373263aa930c330ac499d8

SHA1
34cf16cc9a6a9222e19eb3a30f673851ecdc55b5

SHA256
74fcac12af5c3037ff513ae8d44eaac0c30809b848fbd52896253f0dcf91ba33

SHA512
3d8d3ecc33f9c3b05b1046a36a9e8cb6f1eb6b267cde6596ee8e900bb5cba7c981a18e55ba14420a8dd776e5a2374c7a201282e1dd5088f5cde79ca7dd118fe9

Download Submit
C:\Windows\System\otZGarX.exe

Filesize
6.0MB

MD5
1c00715a15e0bfb3617dd0990b92507b

SHA1
5808c436008da109791d7ec1b97a8769aeed6e68

SHA256
c01d86add2d8f539ca5548c52c1b72465f58f545e961ff8c0f9d387e143433ac

SHA512
f5f8ff9157357a845e2616f1f90cf6d0abe773a5ebdf212eb232a76d989f8cb749c5402919dfee7555351833978c06417c2c131c05fb13eea10631fb3a8b5c4c

Download Submit
C:\Windows\System\unBQqZc.exe

Filesize
6.0MB

MD5
71e42e39eb2fde503b2b43b4673f8fad

SHA1
27a0395787797e2ffd9b0414c07e1a168df738f0

SHA256
a875b02933c8ff2c793a94ca88e0dace62c447bc69bc81b5eae2dcf9a07a7f24

SHA512
f479a16bb77c2853bb76d8b532e4cbaeedd6687d643526e652084e66a6cbae2c84cf3d0a8894be66dd030c1132fde2df963c83e820ae652cc6a806df2f10fa0a

Download Submit
C:\Windows\System\vzcnZTl.exe

Filesize
6.0MB

MD5
fd93151f240da4ad17f6f774840c58d1

SHA1
36446363bc463ffc79e3420023f229bae1fc9f07

SHA256
496fa27aa3b029fc01edd66fbcffa44aac31cfe65422951cf569b473f10d6df7

SHA512
fd85e06f68a87704c9b22429972a51617e7a861c79e1316ececc97d36f2ee039cb15a63c8362596fc89e5030bf2defe160bc516f3a4a465c2a09141753cb4c43

Download Submit
C:\Windows\System\wDxKaiI.exe

Filesize
6.0MB

MD5
8804218251e6aa06f5779be7d969bb74

SHA1
c0442d389f384756eb2c07d1fc181c1d4f1c53d7

SHA256
8ef7de59e2d8e3080ccd7b1f7a06a71ed3d6a07e6986e22585ec3442293091ea

SHA512
cba66c37866f473808f6d189d58c8cea0936a7b28932e9ffe94000d24e5b2db403aa474011415ed1897f776a7b3e8d2613ec0a7c125197ad84dd3512e8075a8b

Download Submit
memory/212-960-0x00007FF736BE0000-0x00007FF736F34000-memory.dmp

Filesize
3.3MB

Download
memory/212-0-0x00007FF736BE0000-0x00007FF736F34000-memory.dmp

Filesize
3.3MB

Download
memory/212-1-0x000001F283480000-0x000001F283490000-memory.dmp

Filesize
64KB

Download
memory/436-45-0x00007FF63A080000-0x00007FF63A3D4000-memory.dmp

Filesize
3.3MB

Download
memory/436-1727-0x00007FF63A080000-0x00007FF63A3D4000-memory.dmp

Filesize
3.3MB

Download
memory/440-1788-0x00007FF78E470000-0x00007FF78E7C4000-memory.dmp

Filesize
3.3MB

Download
memory/440-346-0x00007FF78E470000-0x00007FF78E7C4000-memory.dmp

Filesize
3.3MB

Download
memory/824-1790-0x00007FF765FD0000-0x00007FF766324000-memory.dmp

Filesize
3.3MB

Download
memory/824-359-0x00007FF765FD0000-0x00007FF766324000-memory.dmp

Filesize
3.3MB

Download
memory/836-1710-0x00007FF65DBB0000-0x00007FF65DF04000-memory.dmp

Filesize
3.3MB

Download
memory/836-6-0x00007FF65DBB0000-0x00007FF65DF04000-memory.dmp

Filesize
3.3MB

Download
memory/836-1071-0x00007FF65DBB0000-0x00007FF65DF04000-memory.dmp

Filesize
3.3MB

Download
memory/1148-49-0x00007FF7EA830000-0x00007FF7EAB84000-memory.dmp

Filesize
3.3MB

Download
memory/1148-1729-0x00007FF7EA830000-0x00007FF7EAB84000-memory.dmp

Filesize
3.3MB

Download
memory/1188-1771-0x00007FF76EAA0000-0x00007FF76EDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1188-340-0x00007FF76EAA0000-0x00007FF76EDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-1781-0x00007FF7560E0000-0x00007FF756434000-memory.dmp

Filesize
3.3MB

Download
memory/1628-343-0x00007FF7560E0000-0x00007FF756434000-memory.dmp

Filesize
3.3MB

Download
memory/1632-1777-0x00007FF7D04D0000-0x00007FF7D0824000-memory.dmp

Filesize
3.3MB

Download
memory/1632-341-0x00007FF7D04D0000-0x00007FF7D0824000-memory.dmp

Filesize
3.3MB

Download
memory/1996-1164-0x00007FF6220C0000-0x00007FF622414000-memory.dmp

Filesize
3.3MB

Download
memory/1996-56-0x00007FF6220C0000-0x00007FF622414000-memory.dmp

Filesize
3.3MB

Download
memory/1996-1756-0x00007FF6220C0000-0x00007FF622414000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1754-0x00007FF6DD1B0000-0x00007FF6DD504000-memory.dmp

Filesize
3.3MB

Download
memory/2028-60-0x00007FF6DD1B0000-0x00007FF6DD504000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1113-0x00007FF6DD1B0000-0x00007FF6DD504000-memory.dmp

Filesize
3.3MB

Download
memory/2108-1775-0x00007FF6F7430000-0x00007FF6F7784000-memory.dmp

Filesize
3.3MB

Download
memory/2108-339-0x00007FF6F7430000-0x00007FF6F7784000-memory.dmp

Filesize
3.3MB

Download
memory/2256-1791-0x00007FF62CC80000-0x00007FF62CFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-370-0x00007FF62CC80000-0x00007FF62CFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-1759-0x00007FF70DC80000-0x00007FF70DFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-336-0x00007FF70DC80000-0x00007FF70DFD4000-memory.dmp

Filesize
3.3MB

Download
memory/3640-67-0x00007FF73B760000-0x00007FF73BAB4000-memory.dmp

Filesize
3.3MB

Download
memory/3640-1219-0x00007FF73B760000-0x00007FF73BAB4000-memory.dmp

Filesize
3.3MB

Download
memory/3640-1750-0x00007FF73B760000-0x00007FF73BAB4000-memory.dmp

Filesize
3.3MB

Download
memory/3700-347-0x00007FF669B50000-0x00007FF669EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3700-1789-0x00007FF669B50000-0x00007FF669EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3748-335-0x00007FF7CF5E0000-0x00007FF7CF934000-memory.dmp

Filesize
3.3MB

Download
memory/3748-1747-0x00007FF7CF5E0000-0x00007FF7CF934000-memory.dmp

Filesize
3.3MB

Download
memory/3784-369-0x00007FF6E8DE0000-0x00007FF6E9134000-memory.dmp

Filesize
3.3MB

Download
memory/3784-1792-0x00007FF6E8DE0000-0x00007FF6E9134000-memory.dmp

Filesize
3.3MB

Download
memory/3820-39-0x00007FF7A1BF0000-0x00007FF7A1F44000-memory.dmp

Filesize
3.3MB

Download
memory/3820-1734-0x00007FF7A1BF0000-0x00007FF7A1F44000-memory.dmp

Filesize
3.3MB

Download
memory/3836-342-0x00007FF6CB0C0000-0x00007FF6CB414000-memory.dmp

Filesize
3.3MB

Download
memory/3836-1779-0x00007FF6CB0C0000-0x00007FF6CB414000-memory.dmp

Filesize
3.3MB

Download
memory/3908-338-0x00007FF684060000-0x00007FF6843B4000-memory.dmp

Filesize
3.3MB

Download
memory/3908-1764-0x00007FF684060000-0x00007FF6843B4000-memory.dmp

Filesize
3.3MB

Download
memory/4176-374-0x00007FF606030000-0x00007FF606384000-memory.dmp

Filesize
3.3MB

Download
memory/4176-1767-0x00007FF606030000-0x00007FF606384000-memory.dmp

Filesize
3.3MB

Download
memory/4188-1073-0x00007FF669820000-0x00007FF669B74000-memory.dmp

Filesize
3.3MB

Download
memory/4188-33-0x00007FF669820000-0x00007FF669B74000-memory.dmp

Filesize
3.3MB

Download
memory/4188-1732-0x00007FF669820000-0x00007FF669B74000-memory.dmp

Filesize
3.3MB

Download
memory/4580-1718-0x00007FF7ED830000-0x00007FF7EDB84000-memory.dmp

Filesize
3.3MB

Download
memory/4580-16-0x00007FF7ED830000-0x00007FF7EDB84000-memory.dmp

Filesize
3.3MB

Download
memory/4580-1072-0x00007FF7ED830000-0x00007FF7EDB84000-memory.dmp

Filesize
3.3MB

Download
memory/4600-1785-0x00007FF676EF0000-0x00007FF677244000-memory.dmp

Filesize
3.3MB

Download
memory/4600-356-0x00007FF676EF0000-0x00007FF677244000-memory.dmp

Filesize
3.3MB

Download
memory/4692-345-0x00007FF7C4490000-0x00007FF7C47E4000-memory.dmp

Filesize
3.3MB

Download
memory/4692-1784-0x00007FF7C4490000-0x00007FF7C47E4000-memory.dmp

Filesize
3.3MB

Download
memory/4776-348-0x00007FF796D00000-0x00007FF797054000-memory.dmp

Filesize
3.3MB

Download
memory/4776-1787-0x00007FF796D00000-0x00007FF797054000-memory.dmp

Filesize
3.3MB

Download
memory/4892-344-0x00007FF68A8D0000-0x00007FF68AC24000-memory.dmp

Filesize
3.3MB

Download
memory/4892-1780-0x00007FF68A8D0000-0x00007FF68AC24000-memory.dmp

Filesize
3.3MB

Download
memory/4980-1766-0x00007FF7C8830000-0x00007FF7C8B84000-memory.dmp

Filesize
3.3MB

Download
memory/4980-337-0x00007FF7C8830000-0x00007FF7C8B84000-memory.dmp

Filesize
3.3MB

Download
memory/5064-350-0x00007FF77ADA0000-0x00007FF77B0F4000-memory.dmp

Filesize
3.3MB

Download
memory/5064-1786-0x00007FF77ADA0000-0x00007FF77B0F4000-memory.dmp

Filesize
3.3MB

Download