cobaltstrike | e68d7999f40b12bac4e7c36034cc3a235d8cf340337a838438a4bb1a209dcad3

Analysis

max time kernel
124s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-11-2024 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e028b0954699a3037f9e9bb6716659dc
SHA1

8ef8b713cd848eb69ea4b0ae615fe933aaf46e5e
SHA256

e68d7999f40b12bac4e7c36034cc3a235d8cf340337a838438a4bb1a209dcad3
SHA512

e55e0795622d169de76862cd6da21b70c4a5d2d88302526567ffdf2068a7f7d7cd21c49858456886725010faa5bb480a917fdc435aa3475c5e7d16593a664c69
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUu:T+q56utgpPF8u/7u

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b4c-5.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023baf-11.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb1-23.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023bb3-35.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023bb4-41.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023bb2-31.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb0-20.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bbc-46.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023bac-55.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bc3-60.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bcc-65.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bd1-73.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bd2-80.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bd3-85.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bd7-91.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bd9-96.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bdc-101.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c0f-128.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c11-138.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c19-155.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c33-178.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c32-174.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c2c-168.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c1a-163.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c18-153.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c13-148.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c12-143.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c10-134.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c0e-121.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bdf-116.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bde-111.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bdd-106.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2388-0-0x00007FF60F650000-0x00007FF60F9A4000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b4c-5.dat	xmrig
behavioral2/memory/2700-8-0x00007FF743980000-0x00007FF743CD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023baf-11.dat	xmrig
behavioral2/memory/2200-12-0x00007FF73F100000-0x00007FF73F454000-memory.dmp	xmrig
behavioral2/memory/4312-18-0x00007FF7FF1B0000-0x00007FF7FF504000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb1-23.dat	xmrig
behavioral2/files/0x000b000000023bb3-35.dat	xmrig
behavioral2/files/0x000b000000023bb4-41.dat	xmrig
behavioral2/memory/2076-42-0x00007FF781610000-0x00007FF781964000-memory.dmp	xmrig
behavioral2/memory/532-36-0x00007FF690F00000-0x00007FF691254000-memory.dmp	xmrig
behavioral2/files/0x000b000000023bb2-31.dat	xmrig
behavioral2/memory/4080-30-0x00007FF6C89A0000-0x00007FF6C8CF4000-memory.dmp	xmrig
behavioral2/memory/3796-24-0x00007FF7AA980000-0x00007FF7AACD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb0-20.dat	xmrig
behavioral2/files/0x000a000000023bbc-46.dat	xmrig
behavioral2/memory/2540-48-0x00007FF7A6190000-0x00007FF7A64E4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023bac-55.dat	xmrig
behavioral2/files/0x000e000000023bc3-60.dat	xmrig
behavioral2/files/0x0008000000023bcc-65.dat	xmrig
behavioral2/memory/2200-68-0x00007FF73F100000-0x00007FF73F454000-memory.dmp	xmrig
behavioral2/files/0x0009000000023bd1-73.dat	xmrig
behavioral2/files/0x0009000000023bd2-80.dat	xmrig
behavioral2/files/0x0009000000023bd3-85.dat	xmrig
behavioral2/files/0x000e000000023bd7-91.dat	xmrig
behavioral2/files/0x0008000000023bd9-96.dat	xmrig
behavioral2/files/0x0008000000023bdc-101.dat	xmrig
behavioral2/files/0x0008000000023c0f-128.dat	xmrig
behavioral2/files/0x0008000000023c11-138.dat	xmrig
behavioral2/files/0x0008000000023c19-155.dat	xmrig
behavioral2/files/0x0008000000023c33-178.dat	xmrig
behavioral2/files/0x0008000000023c32-174.dat	xmrig
behavioral2/files/0x0008000000023c2c-168.dat	xmrig
behavioral2/files/0x0008000000023c1a-163.dat	xmrig
behavioral2/files/0x0008000000023c18-153.dat	xmrig
behavioral2/files/0x0008000000023c13-148.dat	xmrig
behavioral2/files/0x0008000000023c12-143.dat	xmrig
behavioral2/files/0x0008000000023c10-134.dat	xmrig
behavioral2/files/0x0008000000023c0e-121.dat	xmrig
behavioral2/files/0x0008000000023bdf-116.dat	xmrig
behavioral2/files/0x0008000000023bde-111.dat	xmrig
behavioral2/files/0x0008000000023bdd-106.dat	xmrig
behavioral2/memory/4312-76-0x00007FF7FF1B0000-0x00007FF7FF504000-memory.dmp	xmrig
behavioral2/memory/4264-70-0x00007FF7A9D80000-0x00007FF7AA0D4000-memory.dmp	xmrig
behavioral2/memory/5064-67-0x00007FF7C1E60000-0x00007FF7C21B4000-memory.dmp	xmrig
behavioral2/memory/2700-61-0x00007FF743980000-0x00007FF743CD4000-memory.dmp	xmrig
behavioral2/memory/1356-59-0x00007FF6F7780000-0x00007FF6F7AD4000-memory.dmp	xmrig
behavioral2/memory/2388-54-0x00007FF60F650000-0x00007FF60F9A4000-memory.dmp	xmrig
behavioral2/memory/4136-819-0x00007FF68E550000-0x00007FF68E8A4000-memory.dmp	xmrig
behavioral2/memory/4376-825-0x00007FF7FC060000-0x00007FF7FC3B4000-memory.dmp	xmrig
behavioral2/memory/1748-823-0x00007FF7E7CA0000-0x00007FF7E7FF4000-memory.dmp	xmrig
behavioral2/memory/4172-839-0x00007FF705DB0000-0x00007FF706104000-memory.dmp	xmrig
behavioral2/memory/1308-836-0x00007FF7214B0000-0x00007FF721804000-memory.dmp	xmrig
behavioral2/memory/4072-847-0x00007FF6836C0000-0x00007FF683A14000-memory.dmp	xmrig
behavioral2/memory/4944-851-0x00007FF790850000-0x00007FF790BA4000-memory.dmp	xmrig
behavioral2/memory/4640-857-0x00007FF71FA70000-0x00007FF71FDC4000-memory.dmp	xmrig
behavioral2/memory/3796-862-0x00007FF7AA980000-0x00007FF7AACD4000-memory.dmp	xmrig
behavioral2/memory/4068-861-0x00007FF6C31B0000-0x00007FF6C3504000-memory.dmp	xmrig
behavioral2/memory/4080-867-0x00007FF6C89A0000-0x00007FF6C8CF4000-memory.dmp	xmrig
behavioral2/memory/5068-865-0x00007FF7F2C20000-0x00007FF7F2F74000-memory.dmp	xmrig
behavioral2/memory/208-856-0x00007FF75DCE0000-0x00007FF75E034000-memory.dmp	xmrig
behavioral2/memory/3920-852-0x00007FF625140000-0x00007FF625494000-memory.dmp	xmrig
behavioral2/memory/5028-846-0x00007FF71E810000-0x00007FF71EB64000-memory.dmp	xmrig
behavioral2/memory/4916-834-0x00007FF7D7770000-0x00007FF7D7AC4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2700	cMRiCIW.exe
2200	VsnhuEz.exe
4312	gzpTkbl.exe
3796	jVmqMWR.exe
4080	rOvzSLC.exe
532	fuCKEbF.exe
2076	nTtZxeh.exe
2540	defQaKX.exe
1356	NHnIpyO.exe
5064	XTZefgH.exe
4264	tBRfTSH.exe
4136	LRWPTXa.exe
5068	ayRDjPA.exe
1748	kxBbQCM.exe
4376	MLcctLp.exe
2440	qmSrtxi.exe
3260	EFSRapY.exe
4768	myrohpX.exe
2536	NUScnXZ.exe
4916	KryZuwx.exe
1308	pefKDIt.exe
4172	wfXvKLm.exe
5028	GcWvPGE.exe
4072	cyZrFMF.exe
4944	IWfkeOL.exe
3920	VsAnPmf.exe
208	lokCfUo.exe
4640	cCuJUXI.exe
4068	TOrEuZG.exe
3932	AiuEeHm.exe
2644	lWABUuI.exe
2468	IzXZkxB.exe
1636	ajAotER.exe
1348	mBLHETj.exe
2448	guCqFdZ.exe
1524	oquouuX.exe
3100	dCesohb.exe
4052	SQATdEm.exe
3396	klSOTPC.exe
1084	DjggNhV.exe
2924	zuKSpUr.exe
2248	xHTvRZk.exe
1808	IacSLal.exe
3900	KaTCZdj.exe
1464	pZJqqsK.exe
3508	CtTxVzH.exe
1764	CbXvCla.exe
1968	ktDZPLD.exe
1572	RduyUXm.exe
3608	GFTrYWi.exe
2552	JCMlWAo.exe
3504	NrIqBOc.exe
4268	xZtqyiN.exe
3556	artnuWD.exe
4488	RmbBNcV.exe
2712	xAWgkpZ.exe
1396	zXdZUHO.exe
1108	xuUZQCW.exe
3924	vTdLCmI.exe
1212	YhRfETr.exe
2324	mOXHRIi.exe
3036	uWJwnkt.exe
2864	KbGqsOE.exe
2968	diXhKvk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2388-0-0x00007FF60F650000-0x00007FF60F9A4000-memory.dmp	upx
behavioral2/files/0x000c000000023b4c-5.dat	upx
behavioral2/memory/2700-8-0x00007FF743980000-0x00007FF743CD4000-memory.dmp	upx
behavioral2/files/0x000a000000023baf-11.dat	upx
behavioral2/memory/2200-12-0x00007FF73F100000-0x00007FF73F454000-memory.dmp	upx
behavioral2/memory/4312-18-0x00007FF7FF1B0000-0x00007FF7FF504000-memory.dmp	upx
behavioral2/files/0x000a000000023bb1-23.dat	upx
behavioral2/files/0x000b000000023bb3-35.dat	upx
behavioral2/files/0x000b000000023bb4-41.dat	upx
behavioral2/memory/2076-42-0x00007FF781610000-0x00007FF781964000-memory.dmp	upx
behavioral2/memory/532-36-0x00007FF690F00000-0x00007FF691254000-memory.dmp	upx
behavioral2/files/0x000b000000023bb2-31.dat	upx
behavioral2/memory/4080-30-0x00007FF6C89A0000-0x00007FF6C8CF4000-memory.dmp	upx
behavioral2/memory/3796-24-0x00007FF7AA980000-0x00007FF7AACD4000-memory.dmp	upx
behavioral2/files/0x000a000000023bb0-20.dat	upx
behavioral2/files/0x000a000000023bbc-46.dat	upx
behavioral2/memory/2540-48-0x00007FF7A6190000-0x00007FF7A64E4000-memory.dmp	upx
behavioral2/files/0x000b000000023bac-55.dat	upx
behavioral2/files/0x000e000000023bc3-60.dat	upx
behavioral2/files/0x0008000000023bcc-65.dat	upx
behavioral2/memory/2200-68-0x00007FF73F100000-0x00007FF73F454000-memory.dmp	upx
behavioral2/files/0x0009000000023bd1-73.dat	upx
behavioral2/files/0x0009000000023bd2-80.dat	upx
behavioral2/files/0x0009000000023bd3-85.dat	upx
behavioral2/files/0x000e000000023bd7-91.dat	upx
behavioral2/files/0x0008000000023bd9-96.dat	upx
behavioral2/files/0x0008000000023bdc-101.dat	upx
behavioral2/files/0x0008000000023c0f-128.dat	upx
behavioral2/files/0x0008000000023c11-138.dat	upx
behavioral2/files/0x0008000000023c19-155.dat	upx
behavioral2/files/0x0008000000023c33-178.dat	upx
behavioral2/files/0x0008000000023c32-174.dat	upx
behavioral2/files/0x0008000000023c2c-168.dat	upx
behavioral2/files/0x0008000000023c1a-163.dat	upx
behavioral2/files/0x0008000000023c18-153.dat	upx
behavioral2/files/0x0008000000023c13-148.dat	upx
behavioral2/files/0x0008000000023c12-143.dat	upx
behavioral2/files/0x0008000000023c10-134.dat	upx
behavioral2/files/0x0008000000023c0e-121.dat	upx
behavioral2/files/0x0008000000023bdf-116.dat	upx
behavioral2/files/0x0008000000023bde-111.dat	upx
behavioral2/files/0x0008000000023bdd-106.dat	upx
behavioral2/memory/4312-76-0x00007FF7FF1B0000-0x00007FF7FF504000-memory.dmp	upx
behavioral2/memory/4264-70-0x00007FF7A9D80000-0x00007FF7AA0D4000-memory.dmp	upx
behavioral2/memory/5064-67-0x00007FF7C1E60000-0x00007FF7C21B4000-memory.dmp	upx
behavioral2/memory/2700-61-0x00007FF743980000-0x00007FF743CD4000-memory.dmp	upx
behavioral2/memory/1356-59-0x00007FF6F7780000-0x00007FF6F7AD4000-memory.dmp	upx
behavioral2/memory/2388-54-0x00007FF60F650000-0x00007FF60F9A4000-memory.dmp	upx
behavioral2/memory/4136-819-0x00007FF68E550000-0x00007FF68E8A4000-memory.dmp	upx
behavioral2/memory/4376-825-0x00007FF7FC060000-0x00007FF7FC3B4000-memory.dmp	upx
behavioral2/memory/1748-823-0x00007FF7E7CA0000-0x00007FF7E7FF4000-memory.dmp	upx
behavioral2/memory/4172-839-0x00007FF705DB0000-0x00007FF706104000-memory.dmp	upx
behavioral2/memory/1308-836-0x00007FF7214B0000-0x00007FF721804000-memory.dmp	upx
behavioral2/memory/4072-847-0x00007FF6836C0000-0x00007FF683A14000-memory.dmp	upx
behavioral2/memory/4944-851-0x00007FF790850000-0x00007FF790BA4000-memory.dmp	upx
behavioral2/memory/4640-857-0x00007FF71FA70000-0x00007FF71FDC4000-memory.dmp	upx
behavioral2/memory/3796-862-0x00007FF7AA980000-0x00007FF7AACD4000-memory.dmp	upx
behavioral2/memory/4068-861-0x00007FF6C31B0000-0x00007FF6C3504000-memory.dmp	upx
behavioral2/memory/4080-867-0x00007FF6C89A0000-0x00007FF6C8CF4000-memory.dmp	upx
behavioral2/memory/5068-865-0x00007FF7F2C20000-0x00007FF7F2F74000-memory.dmp	upx
behavioral2/memory/208-856-0x00007FF75DCE0000-0x00007FF75E034000-memory.dmp	upx
behavioral2/memory/3920-852-0x00007FF625140000-0x00007FF625494000-memory.dmp	upx
behavioral2/memory/5028-846-0x00007FF71E810000-0x00007FF71EB64000-memory.dmp	upx
behavioral2/memory/4916-834-0x00007FF7D7770000-0x00007FF7D7AC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\etmTiKH.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSZAsWL.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpHCimK.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cyZrFMF.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MiDcLPx.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKAsDOx.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIAhItM.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTXgyPW.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDTDdCR.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNZQIyC.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxjTmfI.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRvoPKZ.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xuUZQCW.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rAOASqv.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lOIZUHj.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vkjhrQY.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\drysdkC.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bahOcuC.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etBufJi.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQcTfPw.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSSBfzb.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZiPpCgS.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ScbgPup.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUtzNuh.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKdJblj.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\apfbnwr.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDByeal.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\greJtiu.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHsdTya.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbOGbxl.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ajAotER.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbGqsOE.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfvrtxe.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\unmvPNS.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\meavnPH.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pinwasV.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rEKbAeo.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dcJaGXu.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgCszWz.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJRlUgc.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKLGfgE.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQnHOeE.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NrIqBOc.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqsyrZn.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\znlHMZP.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbLFSWy.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WEwNXOt.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDmoqQS.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tuWDZAI.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYIxSlT.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UMDOoZt.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qllxwFB.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RSBswUI.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwpWQYo.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqyBQqT.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XfIkhCV.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BLvaQvg.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\klSOTPC.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gaXJAXE.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDMGIJQ.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pOJcovy.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDVZJnG.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUWBUHK.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qJsXQMa.exe	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2700	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 2388 wrote to memory of 2700	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 2388 wrote to memory of 2200	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2388 wrote to memory of 2200	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2388 wrote to memory of 4312	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2388 wrote to memory of 4312	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2388 wrote to memory of 3796	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2388 wrote to memory of 3796	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2388 wrote to memory of 4080	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2388 wrote to memory of 4080	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2388 wrote to memory of 532	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2388 wrote to memory of 532	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2388 wrote to memory of 2076	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2388 wrote to memory of 2076	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2388 wrote to memory of 2540	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2388 wrote to memory of 2540	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2388 wrote to memory of 1356	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2388 wrote to memory of 1356	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2388 wrote to memory of 5064	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2388 wrote to memory of 5064	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2388 wrote to memory of 4264	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2388 wrote to memory of 4264	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2388 wrote to memory of 4136	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2388 wrote to memory of 4136	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2388 wrote to memory of 5068	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2388 wrote to memory of 5068	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2388 wrote to memory of 1748	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2388 wrote to memory of 1748	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2388 wrote to memory of 4376	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2388 wrote to memory of 4376	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2388 wrote to memory of 2440	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2388 wrote to memory of 2440	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2388 wrote to memory of 3260	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2388 wrote to memory of 3260	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2388 wrote to memory of 4768	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2388 wrote to memory of 4768	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2388 wrote to memory of 2536	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2388 wrote to memory of 2536	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2388 wrote to memory of 4916	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2388 wrote to memory of 4916	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2388 wrote to memory of 1308	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2388 wrote to memory of 1308	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2388 wrote to memory of 4172	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2388 wrote to memory of 4172	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2388 wrote to memory of 5028	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2388 wrote to memory of 5028	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2388 wrote to memory of 4072	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2388 wrote to memory of 4072	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2388 wrote to memory of 4944	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2388 wrote to memory of 4944	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2388 wrote to memory of 3920	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2388 wrote to memory of 3920	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2388 wrote to memory of 208	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2388 wrote to memory of 208	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2388 wrote to memory of 4640	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2388 wrote to memory of 4640	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2388 wrote to memory of 4068	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2388 wrote to memory of 4068	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2388 wrote to memory of 3932	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2388 wrote to memory of 3932	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2388 wrote to memory of 2644	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 2388 wrote to memory of 2644	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 2388 wrote to memory of 2468	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 2388 wrote to memory of 2468	2388	2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe	116

C:\Users\Admin\AppData\Local\Temp\2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-17_e028b0954699a3037f9e9bb6716659dc_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\System\cMRiCIW.exe
  C:\Windows\System\cMRiCIW.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\VsnhuEz.exe
  C:\Windows\System\VsnhuEz.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\gzpTkbl.exe
  C:\Windows\System\gzpTkbl.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\jVmqMWR.exe
  C:\Windows\System\jVmqMWR.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\rOvzSLC.exe
  C:\Windows\System\rOvzSLC.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\fuCKEbF.exe
  C:\Windows\System\fuCKEbF.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\nTtZxeh.exe
  C:\Windows\System\nTtZxeh.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\defQaKX.exe
  C:\Windows\System\defQaKX.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\NHnIpyO.exe
  C:\Windows\System\NHnIpyO.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\XTZefgH.exe
  C:\Windows\System\XTZefgH.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\tBRfTSH.exe
  C:\Windows\System\tBRfTSH.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\LRWPTXa.exe
  C:\Windows\System\LRWPTXa.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\ayRDjPA.exe
  C:\Windows\System\ayRDjPA.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\kxBbQCM.exe
  C:\Windows\System\kxBbQCM.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\MLcctLp.exe
  C:\Windows\System\MLcctLp.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\qmSrtxi.exe
  C:\Windows\System\qmSrtxi.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\EFSRapY.exe
  C:\Windows\System\EFSRapY.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\myrohpX.exe
  C:\Windows\System\myrohpX.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\NUScnXZ.exe
  C:\Windows\System\NUScnXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\KryZuwx.exe
  C:\Windows\System\KryZuwx.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\pefKDIt.exe
  C:\Windows\System\pefKDIt.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\wfXvKLm.exe
  C:\Windows\System\wfXvKLm.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\GcWvPGE.exe
  C:\Windows\System\GcWvPGE.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\cyZrFMF.exe
  C:\Windows\System\cyZrFMF.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\IWfkeOL.exe
  C:\Windows\System\IWfkeOL.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\VsAnPmf.exe
  C:\Windows\System\VsAnPmf.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\lokCfUo.exe
  C:\Windows\System\lokCfUo.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\cCuJUXI.exe
  C:\Windows\System\cCuJUXI.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\TOrEuZG.exe
  C:\Windows\System\TOrEuZG.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\AiuEeHm.exe
  C:\Windows\System\AiuEeHm.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\lWABUuI.exe
  C:\Windows\System\lWABUuI.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\IzXZkxB.exe
  C:\Windows\System\IzXZkxB.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\ajAotER.exe
  C:\Windows\System\ajAotER.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\mBLHETj.exe
  C:\Windows\System\mBLHETj.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\guCqFdZ.exe
  C:\Windows\System\guCqFdZ.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\oquouuX.exe
  C:\Windows\System\oquouuX.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\dCesohb.exe
  C:\Windows\System\dCesohb.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\SQATdEm.exe
  C:\Windows\System\SQATdEm.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\klSOTPC.exe
  C:\Windows\System\klSOTPC.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\DjggNhV.exe
  C:\Windows\System\DjggNhV.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\zuKSpUr.exe
  C:\Windows\System\zuKSpUr.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\xHTvRZk.exe
  C:\Windows\System\xHTvRZk.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\IacSLal.exe
  C:\Windows\System\IacSLal.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\KaTCZdj.exe
  C:\Windows\System\KaTCZdj.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\pZJqqsK.exe
  C:\Windows\System\pZJqqsK.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\CtTxVzH.exe
  C:\Windows\System\CtTxVzH.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\CbXvCla.exe
  C:\Windows\System\CbXvCla.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\ktDZPLD.exe
  C:\Windows\System\ktDZPLD.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\RduyUXm.exe
  C:\Windows\System\RduyUXm.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\GFTrYWi.exe
  C:\Windows\System\GFTrYWi.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\JCMlWAo.exe
  C:\Windows\System\JCMlWAo.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\NrIqBOc.exe
  C:\Windows\System\NrIqBOc.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\xZtqyiN.exe
  C:\Windows\System\xZtqyiN.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\artnuWD.exe
  C:\Windows\System\artnuWD.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\RmbBNcV.exe
  C:\Windows\System\RmbBNcV.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\xAWgkpZ.exe
  C:\Windows\System\xAWgkpZ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\zXdZUHO.exe
  C:\Windows\System\zXdZUHO.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\xuUZQCW.exe
  C:\Windows\System\xuUZQCW.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\vTdLCmI.exe
  C:\Windows\System\vTdLCmI.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\YhRfETr.exe
  C:\Windows\System\YhRfETr.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\mOXHRIi.exe
  C:\Windows\System\mOXHRIi.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\uWJwnkt.exe
  C:\Windows\System\uWJwnkt.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\KbGqsOE.exe
  C:\Windows\System\KbGqsOE.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\diXhKvk.exe
  C:\Windows\System\diXhKvk.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\NJkNUZk.exe
  C:\Windows\System\NJkNUZk.exe
  2⤵
  PID:2776
- C:\Windows\System\DjoEcOW.exe
  C:\Windows\System\DjoEcOW.exe
  2⤵
  PID:2736
- C:\Windows\System\ctrHVMf.exe
  C:\Windows\System\ctrHVMf.exe
  2⤵
  PID:3912
- C:\Windows\System\SzPLcOK.exe
  C:\Windows\System\SzPLcOK.exe
  2⤵
  PID:2520
- C:\Windows\System\pOJcovy.exe
  C:\Windows\System\pOJcovy.exe
  2⤵
  PID:116
- C:\Windows\System\rqzfmar.exe
  C:\Windows\System\rqzfmar.exe
  2⤵
  PID:1392
- C:\Windows\System\hWfokAX.exe
  C:\Windows\System\hWfokAX.exe
  2⤵
  PID:3460
- C:\Windows\System\PZktgTf.exe
  C:\Windows\System\PZktgTf.exe
  2⤵
  PID:4148
- C:\Windows\System\TOgAlUc.exe
  C:\Windows\System\TOgAlUc.exe
  2⤵
  PID:3660
- C:\Windows\System\vsecRcB.exe
  C:\Windows\System\vsecRcB.exe
  2⤵
  PID:4728
- C:\Windows\System\zabLwGA.exe
  C:\Windows\System\zabLwGA.exe
  2⤵
  PID:3992
- C:\Windows\System\uJcChqP.exe
  C:\Windows\System\uJcChqP.exe
  2⤵
  PID:4556
- C:\Windows\System\tTukTVK.exe
  C:\Windows\System\tTukTVK.exe
  2⤵
  PID:868
- C:\Windows\System\cyjvztC.exe
  C:\Windows\System\cyjvztC.exe
  2⤵
  PID:2216
- C:\Windows\System\oFZyQcB.exe
  C:\Windows\System\oFZyQcB.exe
  2⤵
  PID:3904
- C:\Windows\System\sKWOYTg.exe
  C:\Windows\System\sKWOYTg.exe
  2⤵
  PID:3628
- C:\Windows\System\MTdUlHC.exe
  C:\Windows\System\MTdUlHC.exe
  2⤵
  PID:740
- C:\Windows\System\Byprvua.exe
  C:\Windows\System\Byprvua.exe
  2⤵
  PID:2868
- C:\Windows\System\oNsOOvp.exe
  C:\Windows\System\oNsOOvp.exe
  2⤵
  PID:3408
- C:\Windows\System\FoVcJTS.exe
  C:\Windows\System\FoVcJTS.exe
  2⤵
  PID:4088
- C:\Windows\System\nJpKYZM.exe
  C:\Windows\System\nJpKYZM.exe
  2⤵
  PID:3168
- C:\Windows\System\fMQXlLa.exe
  C:\Windows\System\fMQXlLa.exe
  2⤵
  PID:2568
- C:\Windows\System\XULzYzU.exe
  C:\Windows\System\XULzYzU.exe
  2⤵
  PID:4260
- C:\Windows\System\DqwcWeB.exe
  C:\Windows\System\DqwcWeB.exe
  2⤵
  PID:2464
- C:\Windows\System\LOnVtaz.exe
  C:\Windows\System\LOnVtaz.exe
  2⤵
  PID:4492
- C:\Windows\System\wLkKONj.exe
  C:\Windows\System\wLkKONj.exe
  2⤵
  PID:4548
- C:\Windows\System\ZjIPVee.exe
  C:\Windows\System\ZjIPVee.exe
  2⤵
  PID:5000
- C:\Windows\System\LUogxkQ.exe
  C:\Windows\System\LUogxkQ.exe
  2⤵
  PID:3340
- C:\Windows\System\TQhYRUs.exe
  C:\Windows\System\TQhYRUs.exe
  2⤵
  PID:4020
- C:\Windows\System\wgopTUa.exe
  C:\Windows\System\wgopTUa.exe
  2⤵
  PID:2528
- C:\Windows\System\UMDOoZt.exe
  C:\Windows\System\UMDOoZt.exe
  2⤵
  PID:5148
- C:\Windows\System\drysdkC.exe
  C:\Windows\System\drysdkC.exe
  2⤵
  PID:5176
- C:\Windows\System\avPNrRX.exe
  C:\Windows\System\avPNrRX.exe
  2⤵
  PID:5204
- C:\Windows\System\clEpbiY.exe
  C:\Windows\System\clEpbiY.exe
  2⤵
  PID:5232
- C:\Windows\System\EYZLoXI.exe
  C:\Windows\System\EYZLoXI.exe
  2⤵
  PID:5260
- C:\Windows\System\lLPiLSO.exe
  C:\Windows\System\lLPiLSO.exe
  2⤵
  PID:5288
- C:\Windows\System\dEXpxgH.exe
  C:\Windows\System\dEXpxgH.exe
  2⤵
  PID:5316
- C:\Windows\System\hAxpMnF.exe
  C:\Windows\System\hAxpMnF.exe
  2⤵
  PID:5344
- C:\Windows\System\qpQYkbS.exe
  C:\Windows\System\qpQYkbS.exe
  2⤵
  PID:5372
- C:\Windows\System\aGrfnXX.exe
  C:\Windows\System\aGrfnXX.exe
  2⤵
  PID:5400
- C:\Windows\System\SqsyrZn.exe
  C:\Windows\System\SqsyrZn.exe
  2⤵
  PID:5440
- C:\Windows\System\bGTZVUG.exe
  C:\Windows\System\bGTZVUG.exe
  2⤵
  PID:5468
- C:\Windows\System\oEtKfFW.exe
  C:\Windows\System\oEtKfFW.exe
  2⤵
  PID:5484
- C:\Windows\System\CPLEhCf.exe
  C:\Windows\System\CPLEhCf.exe
  2⤵
  PID:5512
- C:\Windows\System\AOCADza.exe
  C:\Windows\System\AOCADza.exe
  2⤵
  PID:5540
- C:\Windows\System\QKCsuEv.exe
  C:\Windows\System\QKCsuEv.exe
  2⤵
  PID:5580
- C:\Windows\System\ijeOpSW.exe
  C:\Windows\System\ijeOpSW.exe
  2⤵
  PID:5596
- C:\Windows\System\sruIkUE.exe
  C:\Windows\System\sruIkUE.exe
  2⤵
  PID:5624
- C:\Windows\System\QOwvXhV.exe
  C:\Windows\System\QOwvXhV.exe
  2⤵
  PID:5652
- C:\Windows\System\xZWUyjG.exe
  C:\Windows\System\xZWUyjG.exe
  2⤵
  PID:5680
- C:\Windows\System\tPSRbRu.exe
  C:\Windows\System\tPSRbRu.exe
  2⤵
  PID:5708
- C:\Windows\System\bahOcuC.exe
  C:\Windows\System\bahOcuC.exe
  2⤵
  PID:5748
- C:\Windows\System\GayqCRs.exe
  C:\Windows\System\GayqCRs.exe
  2⤵
  PID:5776
- C:\Windows\System\EKtoVaD.exe
  C:\Windows\System\EKtoVaD.exe
  2⤵
  PID:5804
- C:\Windows\System\vTZAEWw.exe
  C:\Windows\System\vTZAEWw.exe
  2⤵
  PID:5820
- C:\Windows\System\VUCzqoP.exe
  C:\Windows\System\VUCzqoP.exe
  2⤵
  PID:5860
- C:\Windows\System\TQTdgVc.exe
  C:\Windows\System\TQTdgVc.exe
  2⤵
  PID:5876
- C:\Windows\System\dLSttYZ.exe
  C:\Windows\System\dLSttYZ.exe
  2⤵
  PID:5904
- C:\Windows\System\dgwMLDB.exe
  C:\Windows\System\dgwMLDB.exe
  2⤵
  PID:5944
- C:\Windows\System\UQNOiax.exe
  C:\Windows\System\UQNOiax.exe
  2⤵
  PID:5960
- C:\Windows\System\GAVGeUG.exe
  C:\Windows\System\GAVGeUG.exe
  2⤵
  PID:5988
- C:\Windows\System\zNcAXjb.exe
  C:\Windows\System\zNcAXjb.exe
  2⤵
  PID:6020
- C:\Windows\System\UQRNEsi.exe
  C:\Windows\System\UQRNEsi.exe
  2⤵
  PID:6044
- C:\Windows\System\hEpIKgQ.exe
  C:\Windows\System\hEpIKgQ.exe
  2⤵
  PID:6072
- C:\Windows\System\RFzXauO.exe
  C:\Windows\System\RFzXauO.exe
  2⤵
  PID:6100
- C:\Windows\System\haGQBDo.exe
  C:\Windows\System\haGQBDo.exe
  2⤵
  PID:6128
- C:\Windows\System\szLLRqM.exe
  C:\Windows\System\szLLRqM.exe
  2⤵
  PID:4644
- C:\Windows\System\uugTJfJ.exe
  C:\Windows\System\uugTJfJ.exe
  2⤵
  PID:2032
- C:\Windows\System\QZIpYUN.exe
  C:\Windows\System\QZIpYUN.exe
  2⤵
  PID:5164
- C:\Windows\System\pFgmxgf.exe
  C:\Windows\System\pFgmxgf.exe
  2⤵
  PID:5224
- C:\Windows\System\oGnuCGF.exe
  C:\Windows\System\oGnuCGF.exe
  2⤵
  PID:5272
- C:\Windows\System\ioTyfeP.exe
  C:\Windows\System\ioTyfeP.exe
  2⤵
  PID:2804
- C:\Windows\System\sGsvFyH.exe
  C:\Windows\System\sGsvFyH.exe
  2⤵
  PID:5388
- C:\Windows\System\oUUvRiT.exe
  C:\Windows\System\oUUvRiT.exe
  2⤵
  PID:5460
- C:\Windows\System\FaijbDp.exe
  C:\Windows\System\FaijbDp.exe
  2⤵
  PID:5524
- C:\Windows\System\XXqUEVq.exe
  C:\Windows\System\XXqUEVq.exe
  2⤵
  PID:5588
- C:\Windows\System\UMAMNtc.exe
  C:\Windows\System\UMAMNtc.exe
  2⤵
  PID:5644
- C:\Windows\System\WYcNbEh.exe
  C:\Windows\System\WYcNbEh.exe
  2⤵
  PID:5740
- C:\Windows\System\TAsnECi.exe
  C:\Windows\System\TAsnECi.exe
  2⤵
  PID:5812
- C:\Windows\System\SVauEnY.exe
  C:\Windows\System\SVauEnY.exe
  2⤵
  PID:5852
- C:\Windows\System\femaUtu.exe
  C:\Windows\System\femaUtu.exe
  2⤵
  PID:5928
- C:\Windows\System\suAjDAT.exe
  C:\Windows\System\suAjDAT.exe
  2⤵
  PID:5956
- C:\Windows\System\jOCssRc.exe
  C:\Windows\System\jOCssRc.exe
  2⤵
  PID:6012
- C:\Windows\System\uuyhBqc.exe
  C:\Windows\System\uuyhBqc.exe
  2⤵
  PID:6068
- C:\Windows\System\egYXLXb.exe
  C:\Windows\System\egYXLXb.exe
  2⤵
  PID:6140
- C:\Windows\System\EjrKwjL.exe
  C:\Windows\System\EjrKwjL.exe
  2⤵
  PID:5132
- C:\Windows\System\SKPdhqN.exe
  C:\Windows\System\SKPdhqN.exe
  2⤵
  PID:5248
- C:\Windows\System\iasqpqk.exe
  C:\Windows\System\iasqpqk.exe
  2⤵
  PID:5364
- C:\Windows\System\DsrYfqA.exe
  C:\Windows\System\DsrYfqA.exe
  2⤵
  PID:4328
- C:\Windows\System\SFECSZh.exe
  C:\Windows\System\SFECSZh.exe
  2⤵
  PID:5724
- C:\Windows\System\FBOlcis.exe
  C:\Windows\System\FBOlcis.exe
  2⤵
  PID:5872
- C:\Windows\System\swVnBZN.exe
  C:\Windows\System\swVnBZN.exe
  2⤵
  PID:2080
- C:\Windows\System\XOIBLhd.exe
  C:\Windows\System\XOIBLhd.exe
  2⤵
  PID:6120
- C:\Windows\System\SodIJdc.exe
  C:\Windows\System\SodIJdc.exe
  2⤵
  PID:5304
- C:\Windows\System\ZjFeMTL.exe
  C:\Windows\System\ZjFeMTL.exe
  2⤵
  PID:5480
- C:\Windows\System\HTzywQZ.exe
  C:\Windows\System\HTzywQZ.exe
  2⤵
  PID:3640
- C:\Windows\System\lpBhdey.exe
  C:\Windows\System\lpBhdey.exe
  2⤵
  PID:6164
- C:\Windows\System\mADvZcA.exe
  C:\Windows\System\mADvZcA.exe
  2⤵
  PID:6192
- C:\Windows\System\ttpqNyD.exe
  C:\Windows\System\ttpqNyD.exe
  2⤵
  PID:6220
- C:\Windows\System\lJDDvGN.exe
  C:\Windows\System\lJDDvGN.exe
  2⤵
  PID:6248
- C:\Windows\System\qJsXQMa.exe
  C:\Windows\System\qJsXQMa.exe
  2⤵
  PID:6280
- C:\Windows\System\fJBtCZx.exe
  C:\Windows\System\fJBtCZx.exe
  2⤵
  PID:6304
- C:\Windows\System\PqiNEHQ.exe
  C:\Windows\System\PqiNEHQ.exe
  2⤵
  PID:6332
- C:\Windows\System\EheCQOM.exe
  C:\Windows\System\EheCQOM.exe
  2⤵
  PID:6360
- C:\Windows\System\UbOcZkF.exe
  C:\Windows\System\UbOcZkF.exe
  2⤵
  PID:6388
- C:\Windows\System\FMPAsJc.exe
  C:\Windows\System\FMPAsJc.exe
  2⤵
  PID:6416
- C:\Windows\System\hfvrtxe.exe
  C:\Windows\System\hfvrtxe.exe
  2⤵
  PID:6444
- C:\Windows\System\RCFpNfY.exe
  C:\Windows\System\RCFpNfY.exe
  2⤵
  PID:6484
- C:\Windows\System\sOlrGPF.exe
  C:\Windows\System\sOlrGPF.exe
  2⤵
  PID:6500
- C:\Windows\System\HBlegYZ.exe
  C:\Windows\System\HBlegYZ.exe
  2⤵
  PID:6528
- C:\Windows\System\PNBMUfs.exe
  C:\Windows\System\PNBMUfs.exe
  2⤵
  PID:6556
- C:\Windows\System\EYpMkrI.exe
  C:\Windows\System\EYpMkrI.exe
  2⤵
  PID:6584
- C:\Windows\System\dcJaGXu.exe
  C:\Windows\System\dcJaGXu.exe
  2⤵
  PID:6624
- C:\Windows\System\pdmqbme.exe
  C:\Windows\System\pdmqbme.exe
  2⤵
  PID:6640
- C:\Windows\System\gDVZJnG.exe
  C:\Windows\System\gDVZJnG.exe
  2⤵
  PID:6668
- C:\Windows\System\svmNvJU.exe
  C:\Windows\System\svmNvJU.exe
  2⤵
  PID:6696
- C:\Windows\System\Kvonjul.exe
  C:\Windows\System\Kvonjul.exe
  2⤵
  PID:6724
- C:\Windows\System\YYBwZJh.exe
  C:\Windows\System\YYBwZJh.exe
  2⤵
  PID:6752
- C:\Windows\System\HBDCbUf.exe
  C:\Windows\System\HBDCbUf.exe
  2⤵
  PID:6780
- C:\Windows\System\EkGbKVA.exe
  C:\Windows\System\EkGbKVA.exe
  2⤵
  PID:6808
- C:\Windows\System\AWUoNmc.exe
  C:\Windows\System\AWUoNmc.exe
  2⤵
  PID:6836
- C:\Windows\System\eveNQzz.exe
  C:\Windows\System\eveNQzz.exe
  2⤵
  PID:6876
- C:\Windows\System\zIduNum.exe
  C:\Windows\System\zIduNum.exe
  2⤵
  PID:6892
- C:\Windows\System\GAPMcQh.exe
  C:\Windows\System\GAPMcQh.exe
  2⤵
  PID:6920
- C:\Windows\System\jihRhWR.exe
  C:\Windows\System\jihRhWR.exe
  2⤵
  PID:6948
- C:\Windows\System\etmTiKH.exe
  C:\Windows\System\etmTiKH.exe
  2⤵
  PID:6976
- C:\Windows\System\wOzfkmx.exe
  C:\Windows\System\wOzfkmx.exe
  2⤵
  PID:7016
- C:\Windows\System\BNFjcvc.exe
  C:\Windows\System\BNFjcvc.exe
  2⤵
  PID:7044
- C:\Windows\System\HVhcoKq.exe
  C:\Windows\System\HVhcoKq.exe
  2⤵
  PID:7072
- C:\Windows\System\PpxovJG.exe
  C:\Windows\System\PpxovJG.exe
  2⤵
  PID:7088
- C:\Windows\System\pYXkoed.exe
  C:\Windows\System\pYXkoed.exe
  2⤵
  PID:7116
- C:\Windows\System\BswJZaB.exe
  C:\Windows\System\BswJZaB.exe
  2⤵
  PID:7144
- C:\Windows\System\SvkzWcU.exe
  C:\Windows\System\SvkzWcU.exe
  2⤵
  PID:5984
- C:\Windows\System\GkoLLqM.exe
  C:\Windows\System\GkoLLqM.exe
  2⤵
  PID:5452
- C:\Windows\System\asGHxQF.exe
  C:\Windows\System\asGHxQF.exe
  2⤵
  PID:6184
- C:\Windows\System\EnjQlOO.exe
  C:\Windows\System\EnjQlOO.exe
  2⤵
  PID:6232
- C:\Windows\System\jYzgCTj.exe
  C:\Windows\System\jYzgCTj.exe
  2⤵
  PID:6292
- C:\Windows\System\MQQqHtc.exe
  C:\Windows\System\MQQqHtc.exe
  2⤵
  PID:6324
- C:\Windows\System\nWHooqo.exe
  C:\Windows\System\nWHooqo.exe
  2⤵
  PID:6400
- C:\Windows\System\XfmAGrK.exe
  C:\Windows\System\XfmAGrK.exe
  2⤵
  PID:6492
- C:\Windows\System\PprCyet.exe
  C:\Windows\System\PprCyet.exe
  2⤵
  PID:6548
- C:\Windows\System\rYYjeCd.exe
  C:\Windows\System\rYYjeCd.exe
  2⤵
  PID:6616
- C:\Windows\System\bkGKXmk.exe
  C:\Windows\System\bkGKXmk.exe
  2⤵
  PID:6684
- C:\Windows\System\wMIWnMk.exe
  C:\Windows\System\wMIWnMk.exe
  2⤵
  PID:6748
- C:\Windows\System\nrHKriD.exe
  C:\Windows\System\nrHKriD.exe
  2⤵
  PID:6804
- C:\Windows\System\vmlXNjh.exe
  C:\Windows\System\vmlXNjh.exe
  2⤵
  PID:6868
- C:\Windows\System\zSqrkIK.exe
  C:\Windows\System\zSqrkIK.exe
  2⤵
  PID:6940
- C:\Windows\System\ppeJARz.exe
  C:\Windows\System\ppeJARz.exe
  2⤵
  PID:6972
- C:\Windows\System\wbsosmE.exe
  C:\Windows\System\wbsosmE.exe
  2⤵
  PID:7036
- C:\Windows\System\DveXguF.exe
  C:\Windows\System\DveXguF.exe
  2⤵
  PID:7100
- C:\Windows\System\jpmGGuP.exe
  C:\Windows\System\jpmGGuP.exe
  2⤵
  PID:7160
- C:\Windows\System\iBNoaYj.exe
  C:\Windows\System\iBNoaYj.exe
  2⤵
  PID:6212
- C:\Windows\System\hfyWhOf.exe
  C:\Windows\System\hfyWhOf.exe
  2⤵
  PID:6356
- C:\Windows\System\lzqGcLH.exe
  C:\Windows\System\lzqGcLH.exe
  2⤵
  PID:6520
- C:\Windows\System\lbZnivo.exe
  C:\Windows\System\lbZnivo.exe
  2⤵
  PID:3844
- C:\Windows\System\KphsNxP.exe
  C:\Windows\System\KphsNxP.exe
  2⤵
  PID:6772
- C:\Windows\System\UvoevMO.exe
  C:\Windows\System\UvoevMO.exe
  2⤵
  PID:6912
- C:\Windows\System\etBufJi.exe
  C:\Windows\System\etBufJi.exe
  2⤵
  PID:7128
- C:\Windows\System\EMedlgn.exe
  C:\Windows\System\EMedlgn.exe
  2⤵
  PID:6268
- C:\Windows\System\iKBeSZc.exe
  C:\Windows\System\iKBeSZc.exe
  2⤵
  PID:6580
- C:\Windows\System\upfPDOC.exe
  C:\Windows\System\upfPDOC.exe
  2⤵
  PID:7172
- C:\Windows\System\FqbxsrX.exe
  C:\Windows\System\FqbxsrX.exe
  2⤵
  PID:7188
- C:\Windows\System\NfOFJzN.exe
  C:\Windows\System\NfOFJzN.exe
  2⤵
  PID:7216
- C:\Windows\System\TVazUOC.exe
  C:\Windows\System\TVazUOC.exe
  2⤵
  PID:7244
- C:\Windows\System\KNriCiY.exe
  C:\Windows\System\KNriCiY.exe
  2⤵
  PID:7272
- C:\Windows\System\avlkILy.exe
  C:\Windows\System\avlkILy.exe
  2⤵
  PID:7300
- C:\Windows\System\BkHZRru.exe
  C:\Windows\System\BkHZRru.exe
  2⤵
  PID:7328
- C:\Windows\System\ebSKTsA.exe
  C:\Windows\System\ebSKTsA.exe
  2⤵
  PID:7360
- C:\Windows\System\IdyAjfD.exe
  C:\Windows\System\IdyAjfD.exe
  2⤵
  PID:7396
- C:\Windows\System\EKFMVbE.exe
  C:\Windows\System\EKFMVbE.exe
  2⤵
  PID:7412
- C:\Windows\System\NweMBHV.exe
  C:\Windows\System\NweMBHV.exe
  2⤵
  PID:7440
- C:\Windows\System\pjPtSjb.exe
  C:\Windows\System\pjPtSjb.exe
  2⤵
  PID:7468
- C:\Windows\System\znlHMZP.exe
  C:\Windows\System\znlHMZP.exe
  2⤵
  PID:7496
- C:\Windows\System\xKqnyhn.exe
  C:\Windows\System\xKqnyhn.exe
  2⤵
  PID:7524
- C:\Windows\System\LZfcfsv.exe
  C:\Windows\System\LZfcfsv.exe
  2⤵
  PID:7552
- C:\Windows\System\wRFxGrs.exe
  C:\Windows\System\wRFxGrs.exe
  2⤵
  PID:7580
- C:\Windows\System\hsVElIL.exe
  C:\Windows\System\hsVElIL.exe
  2⤵
  PID:7608
- C:\Windows\System\sNWFGqM.exe
  C:\Windows\System\sNWFGqM.exe
  2⤵
  PID:7636
- C:\Windows\System\HnevaYq.exe
  C:\Windows\System\HnevaYq.exe
  2⤵
  PID:7676
- C:\Windows\System\WRyuTHM.exe
  C:\Windows\System\WRyuTHM.exe
  2⤵
  PID:7692
- C:\Windows\System\zDrlXAy.exe
  C:\Windows\System\zDrlXAy.exe
  2⤵
  PID:7720
- C:\Windows\System\SLTXAgz.exe
  C:\Windows\System\SLTXAgz.exe
  2⤵
  PID:7828
- C:\Windows\System\GFnrmFI.exe
  C:\Windows\System\GFnrmFI.exe
  2⤵
  PID:7856
- C:\Windows\System\rnMoVog.exe
  C:\Windows\System\rnMoVog.exe
  2⤵
  PID:7892
- C:\Windows\System\PChqREZ.exe
  C:\Windows\System\PChqREZ.exe
  2⤵
  PID:7936
- C:\Windows\System\GyCtebI.exe
  C:\Windows\System\GyCtebI.exe
  2⤵
  PID:7964
- C:\Windows\System\ZbuduiW.exe
  C:\Windows\System\ZbuduiW.exe
  2⤵
  PID:8008
- C:\Windows\System\maRELTG.exe
  C:\Windows\System\maRELTG.exe
  2⤵
  PID:8024
- C:\Windows\System\HzehyhL.exe
  C:\Windows\System\HzehyhL.exe
  2⤵
  PID:8052
- C:\Windows\System\vvcwmcg.exe
  C:\Windows\System\vvcwmcg.exe
  2⤵
  PID:8092
- C:\Windows\System\uivPVjx.exe
  C:\Windows\System\uivPVjx.exe
  2⤵
  PID:8132
- C:\Windows\System\VWhLZXe.exe
  C:\Windows\System\VWhLZXe.exe
  2⤵
  PID:8164
- C:\Windows\System\rAOASqv.exe
  C:\Windows\System\rAOASqv.exe
  2⤵
  PID:6860
- C:\Windows\System\KwVpAlm.exe
  C:\Windows\System\KwVpAlm.exe
  2⤵
  PID:2824
- C:\Windows\System\BVRhwgI.exe
  C:\Windows\System\BVRhwgI.exe
  2⤵
  PID:7204
- C:\Windows\System\CerCSmq.exe
  C:\Windows\System\CerCSmq.exe
  2⤵
  PID:7260
- C:\Windows\System\ZCxmjRe.exe
  C:\Windows\System\ZCxmjRe.exe
  2⤵
  PID:2932
- C:\Windows\System\pinwasV.exe
  C:\Windows\System\pinwasV.exe
  2⤵
  PID:7484
- C:\Windows\System\ZbZelZS.exe
  C:\Windows\System\ZbZelZS.exe
  2⤵
  PID:4976
- C:\Windows\System\uJAitMM.exe
  C:\Windows\System\uJAitMM.exe
  2⤵
  PID:7624
- C:\Windows\System\cPtUGIQ.exe
  C:\Windows\System\cPtUGIQ.exe
  2⤵
  PID:7668
- C:\Windows\System\BUEODvg.exe
  C:\Windows\System\BUEODvg.exe
  2⤵
  PID:3328
- C:\Windows\System\pmUqQnH.exe
  C:\Windows\System\pmUqQnH.exe
  2⤵
  PID:3812
- C:\Windows\System\EAlTIGX.exe
  C:\Windows\System\EAlTIGX.exe
  2⤵
  PID:7752
- C:\Windows\System\HtHIghY.exe
  C:\Windows\System\HtHIghY.exe
  2⤵
  PID:7876
- C:\Windows\System\CZLuyIP.exe
  C:\Windows\System\CZLuyIP.exe
  2⤵
  PID:8036
- C:\Windows\System\ibMIqvn.exe
  C:\Windows\System\ibMIqvn.exe
  2⤵
  PID:8120
- C:\Windows\System\KPHnIjr.exe
  C:\Windows\System\KPHnIjr.exe
  2⤵
  PID:8188
- C:\Windows\System\iGfBiXZ.exe
  C:\Windows\System\iGfBiXZ.exe
  2⤵
  PID:7240
- C:\Windows\System\blqsxUd.exe
  C:\Windows\System\blqsxUd.exe
  2⤵
  PID:7888
- C:\Windows\System\mKfnBZX.exe
  C:\Windows\System\mKfnBZX.exe
  2⤵
  PID:8068
- C:\Windows\System\mOSUATA.exe
  C:\Windows\System\mOSUATA.exe
  2⤵
  PID:8180
- C:\Windows\System\jJWuvEc.exe
  C:\Windows\System\jJWuvEc.exe
  2⤵
  PID:1544
- C:\Windows\System\MNAffts.exe
  C:\Windows\System\MNAffts.exe
  2⤵
  PID:4784
- C:\Windows\System\yWoKfNW.exe
  C:\Windows\System\yWoKfNW.exe
  2⤵
  PID:7536
- C:\Windows\System\VkDaWTM.exe
  C:\Windows\System\VkDaWTM.exe
  2⤵
  PID:840
- C:\Windows\System\GkYHIZC.exe
  C:\Windows\System\GkYHIZC.exe
  2⤵
  PID:7732
- C:\Windows\System\HFtfBrs.exe
  C:\Windows\System\HFtfBrs.exe
  2⤵
  PID:7992
- C:\Windows\System\qFheieH.exe
  C:\Windows\System\qFheieH.exe
  2⤵
  PID:8156
- C:\Windows\System\jMIsKRG.exe
  C:\Windows\System\jMIsKRG.exe
  2⤵
  PID:8184
- C:\Windows\System\MgiAhIZ.exe
  C:\Windows\System\MgiAhIZ.exe
  2⤵
  PID:2288
- C:\Windows\System\wwUXFZK.exe
  C:\Windows\System\wwUXFZK.exe
  2⤵
  PID:7548
- C:\Windows\System\hDnPhmX.exe
  C:\Windows\System\hDnPhmX.exe
  2⤵
  PID:7872
- C:\Windows\System\UhMWBpJ.exe
  C:\Windows\System\UhMWBpJ.exe
  2⤵
  PID:3680
- C:\Windows\System\VGbvpGP.exe
  C:\Windows\System\VGbvpGP.exe
  2⤵
  PID:1836
- C:\Windows\System\HBvNWPM.exe
  C:\Windows\System\HBvNWPM.exe
  2⤵
  PID:4520
- C:\Windows\System\KrglCFe.exe
  C:\Windows\System\KrglCFe.exe
  2⤵
  PID:7340
- C:\Windows\System\jLRtcFj.exe
  C:\Windows\System\jLRtcFj.exe
  2⤵
  PID:8220
- C:\Windows\System\bZHpxCp.exe
  C:\Windows\System\bZHpxCp.exe
  2⤵
  PID:8248
- C:\Windows\System\EIjGfVR.exe
  C:\Windows\System\EIjGfVR.exe
  2⤵
  PID:8276
- C:\Windows\System\ScbgPup.exe
  C:\Windows\System\ScbgPup.exe
  2⤵
  PID:8308
- C:\Windows\System\BtMjoyw.exe
  C:\Windows\System\BtMjoyw.exe
  2⤵
  PID:8340
- C:\Windows\System\SuSoyyL.exe
  C:\Windows\System\SuSoyyL.exe
  2⤵
  PID:8384
- C:\Windows\System\PfVMgHY.exe
  C:\Windows\System\PfVMgHY.exe
  2⤵
  PID:8412
- C:\Windows\System\xyCKoaL.exe
  C:\Windows\System\xyCKoaL.exe
  2⤵
  PID:8436
- C:\Windows\System\LRAnabq.exe
  C:\Windows\System\LRAnabq.exe
  2⤵
  PID:8476
- C:\Windows\System\ijJbfBs.exe
  C:\Windows\System\ijJbfBs.exe
  2⤵
  PID:8492
- C:\Windows\System\ZUHSMdH.exe
  C:\Windows\System\ZUHSMdH.exe
  2⤵
  PID:8524
- C:\Windows\System\ZmILfIT.exe
  C:\Windows\System\ZmILfIT.exe
  2⤵
  PID:8572
- C:\Windows\System\wyuCysu.exe
  C:\Windows\System\wyuCysu.exe
  2⤵
  PID:8616
- C:\Windows\System\OKwUhYK.exe
  C:\Windows\System\OKwUhYK.exe
  2⤵
  PID:8644
- C:\Windows\System\bggpsgW.exe
  C:\Windows\System\bggpsgW.exe
  2⤵
  PID:8676
- C:\Windows\System\PLbwhCR.exe
  C:\Windows\System\PLbwhCR.exe
  2⤵
  PID:8700
- C:\Windows\System\GNaqDJl.exe
  C:\Windows\System\GNaqDJl.exe
  2⤵
  PID:8732
- C:\Windows\System\UsnbmtW.exe
  C:\Windows\System\UsnbmtW.exe
  2⤵
  PID:8760
- C:\Windows\System\icQkwHP.exe
  C:\Windows\System\icQkwHP.exe
  2⤵
  PID:8788
- C:\Windows\System\qHHWxue.exe
  C:\Windows\System\qHHWxue.exe
  2⤵
  PID:8816
- C:\Windows\System\barpBgf.exe
  C:\Windows\System\barpBgf.exe
  2⤵
  PID:8844
- C:\Windows\System\twEausn.exe
  C:\Windows\System\twEausn.exe
  2⤵
  PID:8872
- C:\Windows\System\TCfbCyJ.exe
  C:\Windows\System\TCfbCyJ.exe
  2⤵
  PID:8900
- C:\Windows\System\rnYgVMJ.exe
  C:\Windows\System\rnYgVMJ.exe
  2⤵
  PID:8928
- C:\Windows\System\wqCnNtI.exe
  C:\Windows\System\wqCnNtI.exe
  2⤵
  PID:8956
- C:\Windows\System\YswNlWY.exe
  C:\Windows\System\YswNlWY.exe
  2⤵
  PID:8976
- C:\Windows\System\ejYkiuS.exe
  C:\Windows\System\ejYkiuS.exe
  2⤵
  PID:9012
- C:\Windows\System\WjHBNQq.exe
  C:\Windows\System\WjHBNQq.exe
  2⤵
  PID:9040
- C:\Windows\System\tXvfbVH.exe
  C:\Windows\System\tXvfbVH.exe
  2⤵
  PID:9068
- C:\Windows\System\BEKmQJc.exe
  C:\Windows\System\BEKmQJc.exe
  2⤵
  PID:9096
- C:\Windows\System\gCWbqaS.exe
  C:\Windows\System\gCWbqaS.exe
  2⤵
  PID:9128
- C:\Windows\System\migrCDD.exe
  C:\Windows\System\migrCDD.exe
  2⤵
  PID:9156
- C:\Windows\System\JnNarRR.exe
  C:\Windows\System\JnNarRR.exe
  2⤵
  PID:9184
- C:\Windows\System\kwgRmjG.exe
  C:\Windows\System\kwgRmjG.exe
  2⤵
  PID:7780
- C:\Windows\System\JhtPkKo.exe
  C:\Windows\System\JhtPkKo.exe
  2⤵
  PID:2668
- C:\Windows\System\rEKbAeo.exe
  C:\Windows\System\rEKbAeo.exe
  2⤵
  PID:8328
- C:\Windows\System\VHyaHjZ.exe
  C:\Windows\System\VHyaHjZ.exe
  2⤵
  PID:8368
- C:\Windows\System\PQeDHhL.exe
  C:\Windows\System\PQeDHhL.exe
  2⤵
  PID:8460
- C:\Windows\System\yneOdRn.exe
  C:\Windows\System\yneOdRn.exe
  2⤵
  PID:8520
- C:\Windows\System\UFPwhBp.exe
  C:\Windows\System\UFPwhBp.exe
  2⤵
  PID:8604
- C:\Windows\System\nnkpTPd.exe
  C:\Windows\System\nnkpTPd.exe
  2⤵
  PID:8668
- C:\Windows\System\OZwKNdn.exe
  C:\Windows\System\OZwKNdn.exe
  2⤵
  PID:8744
- C:\Windows\System\OcetySF.exe
  C:\Windows\System\OcetySF.exe
  2⤵
  PID:8800
- C:\Windows\System\TnNgOng.exe
  C:\Windows\System\TnNgOng.exe
  2⤵
  PID:8868
- C:\Windows\System\YKrdXrl.exe
  C:\Windows\System\YKrdXrl.exe
  2⤵
  PID:8940
- C:\Windows\System\uzCHBjw.exe
  C:\Windows\System\uzCHBjw.exe
  2⤵
  PID:9004
- C:\Windows\System\OcRWLLY.exe
  C:\Windows\System\OcRWLLY.exe
  2⤵
  PID:9080
- C:\Windows\System\CdBrBws.exe
  C:\Windows\System\CdBrBws.exe
  2⤵
  PID:3128
- C:\Windows\System\qllxwFB.exe
  C:\Windows\System\qllxwFB.exe
  2⤵
  PID:3516
- C:\Windows\System\arxsQnQ.exe
  C:\Windows\System\arxsQnQ.exe
  2⤵
  PID:9168
- C:\Windows\System\EEdyPvQ.exe
  C:\Windows\System\EEdyPvQ.exe
  2⤵
  PID:2168
- C:\Windows\System\IolFAcC.exe
  C:\Windows\System\IolFAcC.exe
  2⤵
  PID:8428
- C:\Windows\System\NXHqjsZ.exe
  C:\Windows\System\NXHqjsZ.exe
  2⤵
  PID:8716
- C:\Windows\System\NKBuiPb.exe
  C:\Windows\System\NKBuiPb.exe
  2⤵
  PID:8896
- C:\Windows\System\OmZIEYj.exe
  C:\Windows\System\OmZIEYj.exe
  2⤵
  PID:7704
- C:\Windows\System\yGyqwTq.exe
  C:\Windows\System\yGyqwTq.exe
  2⤵
  PID:1868
- C:\Windows\System\mIiyONu.exe
  C:\Windows\System\mIiyONu.exe
  2⤵
  PID:9060
- C:\Windows\System\xNsLhSE.exe
  C:\Windows\System\xNsLhSE.exe
  2⤵
  PID:8856
- C:\Windows\System\QEuaDdW.exe
  C:\Windows\System\QEuaDdW.exe
  2⤵
  PID:9236
- C:\Windows\System\JXafuPF.exe
  C:\Windows\System\JXafuPF.exe
  2⤵
  PID:9260
- C:\Windows\System\iXJibhO.exe
  C:\Windows\System\iXJibhO.exe
  2⤵
  PID:9288
- C:\Windows\System\elLrYhu.exe
  C:\Windows\System\elLrYhu.exe
  2⤵
  PID:9316
- C:\Windows\System\mLFpuJh.exe
  C:\Windows\System\mLFpuJh.exe
  2⤵
  PID:9348
- C:\Windows\System\uMDVFdC.exe
  C:\Windows\System\uMDVFdC.exe
  2⤵
  PID:9388
- C:\Windows\System\NuSihYy.exe
  C:\Windows\System\NuSihYy.exe
  2⤵
  PID:9428
- C:\Windows\System\MlgwfQK.exe
  C:\Windows\System\MlgwfQK.exe
  2⤵
  PID:9456
- C:\Windows\System\UiZSeig.exe
  C:\Windows\System\UiZSeig.exe
  2⤵
  PID:9484
- C:\Windows\System\xGiRYAa.exe
  C:\Windows\System\xGiRYAa.exe
  2⤵
  PID:9512
- C:\Windows\System\zLDZTzm.exe
  C:\Windows\System\zLDZTzm.exe
  2⤵
  PID:9540
- C:\Windows\System\WgFqFVQ.exe
  C:\Windows\System\WgFqFVQ.exe
  2⤵
  PID:9568
- C:\Windows\System\BAlguNe.exe
  C:\Windows\System\BAlguNe.exe
  2⤵
  PID:9596
- C:\Windows\System\unzNkrA.exe
  C:\Windows\System\unzNkrA.exe
  2⤵
  PID:9624
- C:\Windows\System\EsQUfjz.exe
  C:\Windows\System\EsQUfjz.exe
  2⤵
  PID:9656
- C:\Windows\System\OKbYZap.exe
  C:\Windows\System\OKbYZap.exe
  2⤵
  PID:9684
- C:\Windows\System\vQnIecQ.exe
  C:\Windows\System\vQnIecQ.exe
  2⤵
  PID:9712
- C:\Windows\System\VFRBSYP.exe
  C:\Windows\System\VFRBSYP.exe
  2⤵
  PID:9740
- C:\Windows\System\RSBswUI.exe
  C:\Windows\System\RSBswUI.exe
  2⤵
  PID:9768
- C:\Windows\System\SpvzQYl.exe
  C:\Windows\System\SpvzQYl.exe
  2⤵
  PID:9800
- C:\Windows\System\jfUdnwr.exe
  C:\Windows\System\jfUdnwr.exe
  2⤵
  PID:9828
- C:\Windows\System\LqurOJn.exe
  C:\Windows\System\LqurOJn.exe
  2⤵
  PID:9856
- C:\Windows\System\BvkpDXX.exe
  C:\Windows\System\BvkpDXX.exe
  2⤵
  PID:9884
- C:\Windows\System\lTEKeet.exe
  C:\Windows\System\lTEKeet.exe
  2⤵
  PID:9912
- C:\Windows\System\tCdgEVM.exe
  C:\Windows\System\tCdgEVM.exe
  2⤵
  PID:9940
- C:\Windows\System\oKSbwXY.exe
  C:\Windows\System\oKSbwXY.exe
  2⤵
  PID:9968
- C:\Windows\System\qkHCAZy.exe
  C:\Windows\System\qkHCAZy.exe
  2⤵
  PID:9996
- C:\Windows\System\pDfYihG.exe
  C:\Windows\System\pDfYihG.exe
  2⤵
  PID:10044
- C:\Windows\System\UpSoUCI.exe
  C:\Windows\System\UpSoUCI.exe
  2⤵
  PID:10072
- C:\Windows\System\yuEAGnv.exe
  C:\Windows\System\yuEAGnv.exe
  2⤵
  PID:10100
- C:\Windows\System\wfypsGr.exe
  C:\Windows\System\wfypsGr.exe
  2⤵
  PID:10128
- C:\Windows\System\MoHquZd.exe
  C:\Windows\System\MoHquZd.exe
  2⤵
  PID:10156
- C:\Windows\System\fIwmqLJ.exe
  C:\Windows\System\fIwmqLJ.exe
  2⤵
  PID:10184
- C:\Windows\System\FmOXuFY.exe
  C:\Windows\System\FmOXuFY.exe
  2⤵
  PID:10212
- C:\Windows\System\yPmgwxY.exe
  C:\Windows\System\yPmgwxY.exe
  2⤵
  PID:8720
- C:\Windows\System\lGeOzIL.exe
  C:\Windows\System\lGeOzIL.exe
  2⤵
  PID:9280
- C:\Windows\System\zTxNnxA.exe
  C:\Windows\System\zTxNnxA.exe
  2⤵
  PID:9340
- C:\Windows\System\LisKjAZ.exe
  C:\Windows\System\LisKjAZ.exe
  2⤵
  PID:9476
- C:\Windows\System\OJqkowQ.exe
  C:\Windows\System\OJqkowQ.exe
  2⤵
  PID:9524
- C:\Windows\System\bqbJeTG.exe
  C:\Windows\System\bqbJeTG.exe
  2⤵
  PID:9588
- C:\Windows\System\MiDcLPx.exe
  C:\Windows\System\MiDcLPx.exe
  2⤵
  PID:9644
- C:\Windows\System\rHrwvaL.exe
  C:\Windows\System\rHrwvaL.exe
  2⤵
  PID:9752
- C:\Windows\System\wQNZPQV.exe
  C:\Windows\System\wQNZPQV.exe
  2⤵
  PID:9812
- C:\Windows\System\QPrQUya.exe
  C:\Windows\System\QPrQUya.exe
  2⤵
  PID:9868
- C:\Windows\System\aaRLWWh.exe
  C:\Windows\System\aaRLWWh.exe
  2⤵
  PID:9924
- C:\Windows\System\GULXRBS.exe
  C:\Windows\System\GULXRBS.exe
  2⤵
  PID:9988
- C:\Windows\System\NAmhiZU.exe
  C:\Windows\System\NAmhiZU.exe
  2⤵
  PID:10096
- C:\Windows\System\yEiKILJ.exe
  C:\Windows\System\yEiKILJ.exe
  2⤵
  PID:10208
- C:\Windows\System\RBvuOjx.exe
  C:\Windows\System\RBvuOjx.exe
  2⤵
  PID:9256
- C:\Windows\System\iUtzNuh.exe
  C:\Windows\System\iUtzNuh.exe
  2⤵
  PID:3968
- C:\Windows\System\DQsPIpe.exe
  C:\Windows\System\DQsPIpe.exe
  2⤵
  PID:9508
- C:\Windows\System\FZssdTJ.exe
  C:\Windows\System\FZssdTJ.exe
  2⤵
  PID:9616
- C:\Windows\System\eXhAHnu.exe
  C:\Windows\System\eXhAHnu.exe
  2⤵
  PID:4924
- C:\Windows\System\OcRgrcj.exe
  C:\Windows\System\OcRgrcj.exe
  2⤵
  PID:9900
- C:\Windows\System\gaXJAXE.exe
  C:\Windows\System\gaXJAXE.exe
  2⤵
  PID:10092
- C:\Windows\System\xlVjfLj.exe
  C:\Windows\System\xlVjfLj.exe
  2⤵
  PID:10236
- C:\Windows\System\tNRfHtq.exe
  C:\Windows\System\tNRfHtq.exe
  2⤵
  PID:9504
- C:\Windows\System\boeuyyk.exe
  C:\Windows\System\boeuyyk.exe
  2⤵
  PID:9780
- C:\Windows\System\MJnizTd.exe
  C:\Windows\System\MJnizTd.exe
  2⤵
  PID:2680
- C:\Windows\System\tChARVB.exe
  C:\Windows\System\tChARVB.exe
  2⤵
  PID:9620
- C:\Windows\System\JzmjFbO.exe
  C:\Windows\System\JzmjFbO.exe
  2⤵
  PID:9980
- C:\Windows\System\XDMGIJQ.exe
  C:\Windows\System\XDMGIJQ.exe
  2⤵
  PID:10248
- C:\Windows\System\gmcfnAQ.exe
  C:\Windows\System\gmcfnAQ.exe
  2⤵
  PID:10304
- C:\Windows\System\qZEbseO.exe
  C:\Windows\System\qZEbseO.exe
  2⤵
  PID:10332
- C:\Windows\System\barUlYg.exe
  C:\Windows\System\barUlYg.exe
  2⤵
  PID:10360
- C:\Windows\System\CltlifQ.exe
  C:\Windows\System\CltlifQ.exe
  2⤵
  PID:10388
- C:\Windows\System\FRqImUy.exe
  C:\Windows\System\FRqImUy.exe
  2⤵
  PID:10416
- C:\Windows\System\qumZaQx.exe
  C:\Windows\System\qumZaQx.exe
  2⤵
  PID:10444
- C:\Windows\System\swglDFe.exe
  C:\Windows\System\swglDFe.exe
  2⤵
  PID:10472
- C:\Windows\System\DsgGLrW.exe
  C:\Windows\System\DsgGLrW.exe
  2⤵
  PID:10500
- C:\Windows\System\ZzzdGXa.exe
  C:\Windows\System\ZzzdGXa.exe
  2⤵
  PID:10528
- C:\Windows\System\FVCorbp.exe
  C:\Windows\System\FVCorbp.exe
  2⤵
  PID:10556
- C:\Windows\System\uJyFVPp.exe
  C:\Windows\System\uJyFVPp.exe
  2⤵
  PID:10584
- C:\Windows\System\CJMxZDw.exe
  C:\Windows\System\CJMxZDw.exe
  2⤵
  PID:10612
- C:\Windows\System\SwuHAoI.exe
  C:\Windows\System\SwuHAoI.exe
  2⤵
  PID:10640
- C:\Windows\System\xHXOPHe.exe
  C:\Windows\System\xHXOPHe.exe
  2⤵
  PID:10668
- C:\Windows\System\YdOSRkg.exe
  C:\Windows\System\YdOSRkg.exe
  2⤵
  PID:10696
- C:\Windows\System\ykSYnaJ.exe
  C:\Windows\System\ykSYnaJ.exe
  2⤵
  PID:10724
- C:\Windows\System\PKAsDOx.exe
  C:\Windows\System\PKAsDOx.exe
  2⤵
  PID:10752
- C:\Windows\System\uNmahJl.exe
  C:\Windows\System\uNmahJl.exe
  2⤵
  PID:10780
- C:\Windows\System\faCcMPW.exe
  C:\Windows\System\faCcMPW.exe
  2⤵
  PID:10808
- C:\Windows\System\TpspibG.exe
  C:\Windows\System\TpspibG.exe
  2⤵
  PID:10848
- C:\Windows\System\RyVecox.exe
  C:\Windows\System\RyVecox.exe
  2⤵
  PID:10872
- C:\Windows\System\AGgNzgG.exe
  C:\Windows\System\AGgNzgG.exe
  2⤵
  PID:10900
- C:\Windows\System\Xxsxwdb.exe
  C:\Windows\System\Xxsxwdb.exe
  2⤵
  PID:10928
- C:\Windows\System\zNGqJqU.exe
  C:\Windows\System\zNGqJqU.exe
  2⤵
  PID:10960
- C:\Windows\System\iKVajVG.exe
  C:\Windows\System\iKVajVG.exe
  2⤵
  PID:10988
- C:\Windows\System\mXGZEOA.exe
  C:\Windows\System\mXGZEOA.exe
  2⤵
  PID:11016
- C:\Windows\System\paMfIXe.exe
  C:\Windows\System\paMfIXe.exe
  2⤵
  PID:11044
- C:\Windows\System\FrsosPg.exe
  C:\Windows\System\FrsosPg.exe
  2⤵
  PID:11072
- C:\Windows\System\OfAUENr.exe
  C:\Windows\System\OfAUENr.exe
  2⤵
  PID:11100
- C:\Windows\System\bAsZTRy.exe
  C:\Windows\System\bAsZTRy.exe
  2⤵
  PID:11128
- C:\Windows\System\FruXwID.exe
  C:\Windows\System\FruXwID.exe
  2⤵
  PID:11156
- C:\Windows\System\EoBwxgg.exe
  C:\Windows\System\EoBwxgg.exe
  2⤵
  PID:11184
- C:\Windows\System\GhZtfrf.exe
  C:\Windows\System\GhZtfrf.exe
  2⤵
  PID:11212
- C:\Windows\System\NMXYaFs.exe
  C:\Windows\System\NMXYaFs.exe
  2⤵
  PID:11240
- C:\Windows\System\TLTnqcO.exe
  C:\Windows\System\TLTnqcO.exe
  2⤵
  PID:10264
- C:\Windows\System\xnNvHRs.exe
  C:\Windows\System\xnNvHRs.exe
  2⤵
  PID:10296
- C:\Windows\System\ufeeeyv.exe
  C:\Windows\System\ufeeeyv.exe
  2⤵
  PID:10356
- C:\Windows\System\cNcCFHw.exe
  C:\Windows\System\cNcCFHw.exe
  2⤵
  PID:10412
- C:\Windows\System\KxokGWK.exe
  C:\Windows\System\KxokGWK.exe
  2⤵
  PID:10484
- C:\Windows\System\MeNJGrC.exe
  C:\Windows\System\MeNJGrC.exe
  2⤵
  PID:10552
- C:\Windows\System\VpyxFKM.exe
  C:\Windows\System\VpyxFKM.exe
  2⤵
  PID:10596
- C:\Windows\System\KToupxF.exe
  C:\Windows\System\KToupxF.exe
  2⤵
  PID:10688
- C:\Windows\System\pwTIeQy.exe
  C:\Windows\System\pwTIeQy.exe
  2⤵
  PID:10256
- C:\Windows\System\RfjXvmk.exe
  C:\Windows\System\RfjXvmk.exe
  2⤵
  PID:10884
- C:\Windows\System\OVmmFrQ.exe
  C:\Windows\System\OVmmFrQ.exe
  2⤵
  PID:10984
- C:\Windows\System\IbioYSL.exe
  C:\Windows\System\IbioYSL.exe
  2⤵
  PID:11112
- C:\Windows\System\fBFpsgL.exe
  C:\Windows\System\fBFpsgL.exe
  2⤵
  PID:11232
- C:\Windows\System\FyoLKWq.exe
  C:\Windows\System\FyoLKWq.exe
  2⤵
  PID:10344
- C:\Windows\System\pensQiZ.exe
  C:\Windows\System\pensQiZ.exe
  2⤵
  PID:10580
- C:\Windows\System\yXCZBvj.exe
  C:\Windows\System\yXCZBvj.exe
  2⤵
  PID:10664
- C:\Windows\System\iPwCyMJ.exe
  C:\Windows\System\iPwCyMJ.exe
  2⤵
  PID:10940
- C:\Windows\System\ffMURWU.exe
  C:\Windows\System\ffMURWU.exe
  2⤵
  PID:11056
- C:\Windows\System\FKXWrpP.exe
  C:\Windows\System\FKXWrpP.exe
  2⤵
  PID:11204
- C:\Windows\System\OxFuwPi.exe
  C:\Windows\System\OxFuwPi.exe
  2⤵
  PID:10468
- C:\Windows\System\aphzWhY.exe
  C:\Windows\System\aphzWhY.exe
  2⤵
  PID:4528
- C:\Windows\System\WndtMCG.exe
  C:\Windows\System\WndtMCG.exe
  2⤵
  PID:4504
- C:\Windows\System\DEIUAYH.exe
  C:\Windows\System\DEIUAYH.exe
  2⤵
  PID:848
- C:\Windows\System\UidLdel.exe
  C:\Windows\System\UidLdel.exe
  2⤵
  PID:1152
- C:\Windows\System\BQcTfPw.exe
  C:\Windows\System\BQcTfPw.exe
  2⤵
  PID:10524
- C:\Windows\System\hqFdzka.exe
  C:\Windows\System\hqFdzka.exe
  2⤵
  PID:10464
- C:\Windows\System\UXpmtPU.exe
  C:\Windows\System\UXpmtPU.exe
  2⤵
  PID:2132
- C:\Windows\System\YUlsMHb.exe
  C:\Windows\System\YUlsMHb.exe
  2⤵
  PID:2016
- C:\Windows\System\wrgZArZ.exe
  C:\Windows\System\wrgZArZ.exe
  2⤵
  PID:7804
- C:\Windows\System\vPHbStU.exe
  C:\Windows\System\vPHbStU.exe
  2⤵
  PID:4968
- C:\Windows\System\fZRmwrv.exe
  C:\Windows\System\fZRmwrv.exe
  2⤵
  PID:4196
- C:\Windows\System\nxVfATn.exe
  C:\Windows\System\nxVfATn.exe
  2⤵
  PID:1468
- C:\Windows\System\jCDATzz.exe
  C:\Windows\System\jCDATzz.exe
  2⤵
  PID:11028
- C:\Windows\System\mdqKXzQ.exe
  C:\Windows\System\mdqKXzQ.exe
  2⤵
  PID:2232
- C:\Windows\System\TbFioMK.exe
  C:\Windows\System\TbFioMK.exe
  2⤵
  PID:11284
- C:\Windows\System\DYApRGa.exe
  C:\Windows\System\DYApRGa.exe
  2⤵
  PID:11312
- C:\Windows\System\zpwCPOt.exe
  C:\Windows\System\zpwCPOt.exe
  2⤵
  PID:11340
- C:\Windows\System\UjeYjHs.exe
  C:\Windows\System\UjeYjHs.exe
  2⤵
  PID:11376
- C:\Windows\System\rGnHnZf.exe
  C:\Windows\System\rGnHnZf.exe
  2⤵
  PID:11404
- C:\Windows\System\OQhJtbQ.exe
  C:\Windows\System\OQhJtbQ.exe
  2⤵
  PID:11440
- C:\Windows\System\OCuGMgv.exe
  C:\Windows\System\OCuGMgv.exe
  2⤵
  PID:11460
- C:\Windows\System\xSWrbkz.exe
  C:\Windows\System\xSWrbkz.exe
  2⤵
  PID:11488
- C:\Windows\System\FRPWLYF.exe
  C:\Windows\System\FRPWLYF.exe
  2⤵
  PID:11516
- C:\Windows\System\JkQhClp.exe
  C:\Windows\System\JkQhClp.exe
  2⤵
  PID:11544
- C:\Windows\System\zZdkXVd.exe
  C:\Windows\System\zZdkXVd.exe
  2⤵
  PID:11576
- C:\Windows\System\PcVYzGI.exe
  C:\Windows\System\PcVYzGI.exe
  2⤵
  PID:11620
- C:\Windows\System\chGaIJQ.exe
  C:\Windows\System\chGaIJQ.exe
  2⤵
  PID:11644
- C:\Windows\System\WgCszWz.exe
  C:\Windows\System\WgCszWz.exe
  2⤵
  PID:11688
- C:\Windows\System\ZJAzGGp.exe
  C:\Windows\System\ZJAzGGp.exe
  2⤵
  PID:11716
- C:\Windows\System\nnjkGOh.exe
  C:\Windows\System\nnjkGOh.exe
  2⤵
  PID:11744
- C:\Windows\System\KWuBKfh.exe
  C:\Windows\System\KWuBKfh.exe
  2⤵
  PID:11780
- C:\Windows\System\oRxJboA.exe
  C:\Windows\System\oRxJboA.exe
  2⤵
  PID:11812
- C:\Windows\System\nPNbckO.exe
  C:\Windows\System\nPNbckO.exe
  2⤵
  PID:11828
- C:\Windows\System\TPmyGtw.exe
  C:\Windows\System\TPmyGtw.exe
  2⤵
  PID:11848
- C:\Windows\System\hPuSjGv.exe
  C:\Windows\System\hPuSjGv.exe
  2⤵
  PID:11888
- C:\Windows\System\naGlRrd.exe
  C:\Windows\System\naGlRrd.exe
  2⤵
  PID:11916
- C:\Windows\System\cMHEYwF.exe
  C:\Windows\System\cMHEYwF.exe
  2⤵
  PID:11944
- C:\Windows\System\EhNjDWW.exe
  C:\Windows\System\EhNjDWW.exe
  2⤵
  PID:11980
- C:\Windows\System\WAafvKo.exe
  C:\Windows\System\WAafvKo.exe
  2⤵
  PID:12024
- C:\Windows\System\rSdhQVw.exe
  C:\Windows\System\rSdhQVw.exe
  2⤵
  PID:12052
- C:\Windows\System\KWmyyDg.exe
  C:\Windows\System\KWmyyDg.exe
  2⤵
  PID:12068
- C:\Windows\System\LLORWHt.exe
  C:\Windows\System\LLORWHt.exe
  2⤵
  PID:12124
- C:\Windows\System\OOzAKMM.exe
  C:\Windows\System\OOzAKMM.exe
  2⤵
  PID:12152
- C:\Windows\System\qsJWTnq.exe
  C:\Windows\System\qsJWTnq.exe
  2⤵
  PID:12168
- C:\Windows\System\ZsFbilL.exe
  C:\Windows\System\ZsFbilL.exe
  2⤵
  PID:12204
- C:\Windows\System\QiyVTJI.exe
  C:\Windows\System\QiyVTJI.exe
  2⤵
  PID:12232
- C:\Windows\System\XGzAfdW.exe
  C:\Windows\System\XGzAfdW.exe
  2⤵
  PID:12260
- C:\Windows\System\IeFQcuh.exe
  C:\Windows\System\IeFQcuh.exe
  2⤵
  PID:11268
- C:\Windows\System\MiZADAv.exe
  C:\Windows\System\MiZADAv.exe
  2⤵
  PID:11332
- C:\Windows\System\tVHViXm.exe
  C:\Windows\System\tVHViXm.exe
  2⤵
  PID:11388
- C:\Windows\System\XKRAKMW.exe
  C:\Windows\System\XKRAKMW.exe
  2⤵
  PID:11452
- C:\Windows\System\NQanWFQ.exe
  C:\Windows\System\NQanWFQ.exe
  2⤵
  PID:11536
- C:\Windows\System\kIrLVkU.exe
  C:\Windows\System\kIrLVkU.exe
  2⤵
  PID:11588
- C:\Windows\System\WpuAiKJ.exe
  C:\Windows\System\WpuAiKJ.exe
  2⤵
  PID:11680
- C:\Windows\System\huvjujG.exe
  C:\Windows\System\huvjujG.exe
  2⤵
  PID:11740
- C:\Windows\System\tdJCVlA.exe
  C:\Windows\System\tdJCVlA.exe
  2⤵
  PID:11792
- C:\Windows\System\JDCjdPD.exe
  C:\Windows\System\JDCjdPD.exe
  2⤵
  PID:11860
- C:\Windows\System\UkGLuRd.exe
  C:\Windows\System\UkGLuRd.exe
  2⤵
  PID:11928
- C:\Windows\System\reTNrTS.exe
  C:\Windows\System\reTNrTS.exe
  2⤵
  PID:8596
- C:\Windows\System\apTmsVT.exe
  C:\Windows\System\apTmsVT.exe
  2⤵
  PID:12036
- C:\Windows\System\avfsLpL.exe
  C:\Windows\System\avfsLpL.exe
  2⤵
  PID:5660
- C:\Windows\System\GMShlpA.exe
  C:\Windows\System\GMShlpA.exe
  2⤵
  PID:8244
- C:\Windows\System\greJtiu.exe
  C:\Windows\System\greJtiu.exe
  2⤵
  PID:8232
- C:\Windows\System\RCdcgKt.exe
  C:\Windows\System\RCdcgKt.exe
  2⤵
  PID:12136
- C:\Windows\System\BTjXKJY.exe
  C:\Windows\System\BTjXKJY.exe
  2⤵
  PID:12188
- C:\Windows\System\iWCrGik.exe
  C:\Windows\System\iWCrGik.exe
  2⤵
  PID:12248
- C:\Windows\System\JIAhItM.exe
  C:\Windows\System\JIAhItM.exe
  2⤵
  PID:5840
- C:\Windows\System\DrITEBN.exe
  C:\Windows\System\DrITEBN.exe
  2⤵
  PID:11420
- C:\Windows\System\OguJnsw.exe
  C:\Windows\System\OguJnsw.exe
  2⤵
  PID:11568
- C:\Windows\System\dhMURiq.exe
  C:\Windows\System\dhMURiq.exe
  2⤵
  PID:11820
- C:\Windows\System\gNcjtli.exe
  C:\Windows\System\gNcjtli.exe
  2⤵
  PID:11908
- C:\Windows\System\tXLUbpn.exe
  C:\Windows\System\tXLUbpn.exe
  2⤵
  PID:12012
- C:\Windows\System\bvcBhSa.exe
  C:\Windows\System\bvcBhSa.exe
  2⤵
  PID:8212
- C:\Windows\System\UzbIyCU.exe
  C:\Windows\System\UzbIyCU.exe
  2⤵
  PID:12132
- C:\Windows\System\YbEttiS.exe
  C:\Windows\System\YbEttiS.exe
  2⤵
  PID:12272
- C:\Windows\System\odDbDWH.exe
  C:\Windows\System\odDbDWH.exe
  2⤵
  PID:11416
- C:\Windows\System\CTbrlub.exe
  C:\Windows\System\CTbrlub.exe
  2⤵
  PID:11736
- C:\Windows\System\UqjyUfp.exe
  C:\Windows\System\UqjyUfp.exe
  2⤵
  PID:12092
- C:\Windows\System\qYAocOU.exe
  C:\Windows\System\qYAocOU.exe
  2⤵
  PID:12228
- C:\Windows\System\PMxBDZU.exe
  C:\Windows\System\PMxBDZU.exe
  2⤵
  PID:11788
- C:\Windows\System\KCSYKuT.exe
  C:\Windows\System\KCSYKuT.exe
  2⤵
  PID:11384
- C:\Windows\System\hrkeMgS.exe
  C:\Windows\System\hrkeMgS.exe
  2⤵
  PID:12008
- C:\Windows\System\cmuUBXt.exe
  C:\Windows\System\cmuUBXt.exe
  2⤵
  PID:2024
- C:\Windows\System\LrunNCl.exe
  C:\Windows\System\LrunNCl.exe
  2⤵
  PID:12304
- C:\Windows\System\wlBrHoi.exe
  C:\Windows\System\wlBrHoi.exe
  2⤵
  PID:12332
- C:\Windows\System\ixGQFKT.exe
  C:\Windows\System\ixGQFKT.exe
  2⤵
  PID:12360
- C:\Windows\System\EltRdVh.exe
  C:\Windows\System\EltRdVh.exe
  2⤵
  PID:12388
- C:\Windows\System\UXwrdGl.exe
  C:\Windows\System\UXwrdGl.exe
  2⤵
  PID:12416
- C:\Windows\System\jpUyynZ.exe
  C:\Windows\System\jpUyynZ.exe
  2⤵
  PID:12448
- C:\Windows\System\UcCZqEz.exe
  C:\Windows\System\UcCZqEz.exe
  2⤵
  PID:12476
- C:\Windows\System\mCQbZXU.exe
  C:\Windows\System\mCQbZXU.exe
  2⤵
  PID:12504
- C:\Windows\System\yjzrHEV.exe
  C:\Windows\System\yjzrHEV.exe
  2⤵
  PID:12532
- C:\Windows\System\tmhlEMa.exe
  C:\Windows\System\tmhlEMa.exe
  2⤵
  PID:12568
- C:\Windows\System\lnYWWRJ.exe
  C:\Windows\System\lnYWWRJ.exe
  2⤵
  PID:12592
- C:\Windows\System\jxnhfjk.exe
  C:\Windows\System\jxnhfjk.exe
  2⤵
  PID:12624
- C:\Windows\System\qhlMrPj.exe
  C:\Windows\System\qhlMrPj.exe
  2⤵
  PID:12664
- C:\Windows\System\KNAJmsg.exe
  C:\Windows\System\KNAJmsg.exe
  2⤵
  PID:12684
- C:\Windows\System\vqtKKFQ.exe
  C:\Windows\System\vqtKKFQ.exe
  2⤵
  PID:12724
- C:\Windows\System\aeSYfSY.exe
  C:\Windows\System\aeSYfSY.exe
  2⤵
  PID:12752
- C:\Windows\System\oUCmLpq.exe
  C:\Windows\System\oUCmLpq.exe
  2⤵
  PID:12800
- C:\Windows\System\lrtXYVJ.exe
  C:\Windows\System\lrtXYVJ.exe
  2⤵
  PID:12828
- C:\Windows\System\MBGcTyM.exe
  C:\Windows\System\MBGcTyM.exe
  2⤵
  PID:12876
- C:\Windows\System\iyaXowv.exe
  C:\Windows\System\iyaXowv.exe
  2⤵
  PID:12900
- C:\Windows\System\tPFQJke.exe
  C:\Windows\System\tPFQJke.exe
  2⤵
  PID:12944
- C:\Windows\System\bkQqeAd.exe
  C:\Windows\System\bkQqeAd.exe
  2⤵
  PID:12992
- C:\Windows\System\KsZryDU.exe
  C:\Windows\System\KsZryDU.exe
  2⤵
  PID:13016
- C:\Windows\System\pscxFoC.exe
  C:\Windows\System\pscxFoC.exe
  2⤵
  PID:13048
- C:\Windows\System\LTThDTU.exe
  C:\Windows\System\LTThDTU.exe
  2⤵
  PID:13068
- C:\Windows\System\EmmNvNy.exe
  C:\Windows\System\EmmNvNy.exe
  2⤵
  PID:13104
- C:\Windows\System\tSWSEhe.exe
  C:\Windows\System\tSWSEhe.exe
  2⤵
  PID:13132
- C:\Windows\System\sNVPeOE.exe
  C:\Windows\System\sNVPeOE.exe
  2⤵
  PID:13160
- C:\Windows\System\vBGcfMv.exe
  C:\Windows\System\vBGcfMv.exe
  2⤵
  PID:13188
- C:\Windows\System\HCbkjML.exe
  C:\Windows\System\HCbkjML.exe
  2⤵
  PID:13216
- C:\Windows\System\ysaaNNF.exe
  C:\Windows\System\ysaaNNF.exe
  2⤵
  PID:13244
- C:\Windows\System\GdEObqZ.exe
  C:\Windows\System\GdEObqZ.exe
  2⤵
  PID:13272
- C:\Windows\System\xcRRJqF.exe
  C:\Windows\System\xcRRJqF.exe
  2⤵
  PID:13300
- C:\Windows\System\emFdcQw.exe
  C:\Windows\System\emFdcQw.exe
  2⤵
  PID:12320
- C:\Windows\System\kIUJeBf.exe
  C:\Windows\System\kIUJeBf.exe
  2⤵
  PID:12356
- C:\Windows\System\cSiQUZA.exe
  C:\Windows\System\cSiQUZA.exe
  2⤵
  PID:12440
- C:\Windows\System\thPMiEX.exe
  C:\Windows\System\thPMiEX.exe
  2⤵
  PID:12496
- C:\Windows\System\mBkycRn.exe
  C:\Windows\System\mBkycRn.exe
  2⤵
  PID:12588
- C:\Windows\System\zSZAsWL.exe
  C:\Windows\System\zSZAsWL.exe
  2⤵
  PID:1012
- C:\Windows\System\XXaKKTV.exe
  C:\Windows\System\XXaKKTV.exe
  2⤵
  PID:1940
- C:\Windows\System\SsBLBgC.exe
  C:\Windows\System\SsBLBgC.exe
  2⤵
  PID:12644
- C:\Windows\System\DwOVzpS.exe
  C:\Windows\System\DwOVzpS.exe
  2⤵
  PID:1876
- C:\Windows\System\MzHbBnh.exe
  C:\Windows\System\MzHbBnh.exe
  2⤵
  PID:6152
- C:\Windows\System\XUahgVp.exe
  C:\Windows\System\XUahgVp.exe
  2⤵
  PID:6200
- C:\Windows\System\ylRYAxw.exe
  C:\Windows\System\ylRYAxw.exe
  2⤵
  PID:6348
- C:\Windows\System\JlOvhyQ.exe
  C:\Windows\System\JlOvhyQ.exe
  2⤵
  PID:4544
- C:\Windows\System\mbhOCvt.exe
  C:\Windows\System\mbhOCvt.exe
  2⤵
  PID:4216
- C:\Windows\System\JNPAYKC.exe
  C:\Windows\System\JNPAYKC.exe
  2⤵
  PID:368
- C:\Windows\System\TTXgyPW.exe
  C:\Windows\System\TTXgyPW.exe
  2⤵
  PID:12768
- C:\Windows\System\GecujVI.exe
  C:\Windows\System\GecujVI.exe
  2⤵
  PID:6464
- C:\Windows\System\fSSBfzb.exe
  C:\Windows\System\fSSBfzb.exe
  2⤵
  PID:1800
- C:\Windows\System\geUhbgP.exe
  C:\Windows\System\geUhbgP.exe
  2⤵
  PID:6564
- C:\Windows\System\FYFdqmM.exe
  C:\Windows\System\FYFdqmM.exe
  2⤵
  PID:12972
- C:\Windows\System\yLcpIBy.exe
  C:\Windows\System\yLcpIBy.exe
  2⤵
  PID:12744
- C:\Windows\System\tTleFOb.exe
  C:\Windows\System\tTleFOb.exe
  2⤵
  PID:12916
- C:\Windows\System\UqvdOgv.exe
  C:\Windows\System\UqvdOgv.exe
  2⤵
  PID:6604
- C:\Windows\System\ZEyoXuO.exe
  C:\Windows\System\ZEyoXuO.exe
  2⤵
  PID:6740
- C:\Windows\System\baFZsww.exe
  C:\Windows\System\baFZsww.exe
  2⤵
  PID:6816
- C:\Windows\System\bZTVlXf.exe
  C:\Windows\System\bZTVlXf.exe
  2⤵
  PID:6928
- C:\Windows\System\FJRDyRB.exe
  C:\Windows\System\FJRDyRB.exe
  2⤵
  PID:7000
- C:\Windows\System\YhhjqHX.exe
  C:\Windows\System\YhhjqHX.exe
  2⤵
  PID:7140
- C:\Windows\System\liEiiyt.exe
  C:\Windows\System\liEiiyt.exe
  2⤵
  PID:5356
- C:\Windows\System\GxoFsKy.exe
  C:\Windows\System\GxoFsKy.exe
  2⤵
  PID:12980
- C:\Windows\System\eMonikY.exe
  C:\Windows\System\eMonikY.exe
  2⤵
  PID:4864
- C:\Windows\System\xZzxLRO.exe
  C:\Windows\System\xZzxLRO.exe
  2⤵
  PID:4940
- C:\Windows\System\ZiPpCgS.exe
  C:\Windows\System\ZiPpCgS.exe
  2⤵
  PID:1812
- C:\Windows\System\OVyHGDw.exe
  C:\Windows\System\OVyHGDw.exe
  2⤵
  PID:3440
- C:\Windows\System\zJRlUgc.exe
  C:\Windows\System\zJRlUgc.exe
  2⤵
  PID:3960
- C:\Windows\System\kDEMkTy.exe
  C:\Windows\System\kDEMkTy.exe
  2⤵
  PID:1548
- C:\Windows\System\SVBqIUc.exe
  C:\Windows\System\SVBqIUc.exe
  2⤵
  PID:4776
- C:\Windows\System\NPIybUJ.exe
  C:\Windows\System\NPIybUJ.exe
  2⤵
  PID:2392
- C:\Windows\System\gYIKqth.exe
  C:\Windows\System\gYIKqth.exe
  2⤵
  PID:3064
- C:\Windows\System\yNaWBgK.exe
  C:\Windows\System\yNaWBgK.exe
  2⤵
  PID:4652
- C:\Windows\System\PUuJriP.exe
  C:\Windows\System\PUuJriP.exe
  2⤵
  PID:13124
- C:\Windows\System\GcNOqrD.exe
  C:\Windows\System\GcNOqrD.exe
  2⤵
  PID:2596
- C:\Windows\System\cEnppRu.exe
  C:\Windows\System\cEnppRu.exe
  2⤵
  PID:13236
- C:\Windows\System\KzoBvaY.exe
  C:\Windows\System\KzoBvaY.exe
  2⤵
  PID:13284
- C:\Windows\System\byvPFSF.exe
  C:\Windows\System\byvPFSF.exe
  2⤵
  PID:12344
- C:\Windows\System\XDwPLXy.exe
  C:\Windows\System\XDwPLXy.exe
  2⤵
  PID:12472
- C:\Windows\System\lOIZUHj.exe
  C:\Windows\System\lOIZUHj.exe
  2⤵
  PID:12604
- C:\Windows\System\OTAfEKB.exe
  C:\Windows\System\OTAfEKB.exe
  2⤵
  PID:4608
- C:\Windows\System\QQqmcWK.exe
  C:\Windows\System\QQqmcWK.exe
  2⤵
  PID:12632
- C:\Windows\System\rXppLVL.exe
  C:\Windows\System\rXppLVL.exe
  2⤵
  PID:6276
- C:\Windows\System\unmvPNS.exe
  C:\Windows\System\unmvPNS.exe
  2⤵
  PID:2052
- C:\Windows\System\dYAhGHm.exe
  C:\Windows\System\dYAhGHm.exe
  2⤵
  PID:3576
- C:\Windows\System\VJDykON.exe
  C:\Windows\System\VJDykON.exe
  2⤵
  PID:2500
- C:\Windows\System\hKdJblj.exe
  C:\Windows\System\hKdJblj.exe
  2⤵
  PID:2484
- C:\Windows\System\xYFRkYS.exe
  C:\Windows\System\xYFRkYS.exe
  2⤵
  PID:12736
- C:\Windows\System\wKvFNYt.exe
  C:\Windows\System\wKvFNYt.exe
  2⤵
  PID:3468
- C:\Windows\System\edqmXBe.exe
  C:\Windows\System\edqmXBe.exe
  2⤵
  PID:1984
- C:\Windows\System\sHamNsp.exe
  C:\Windows\System\sHamNsp.exe
  2⤵
  PID:6828
- C:\Windows\System\lMoefwh.exe
  C:\Windows\System\lMoefwh.exe
  2⤵
  PID:7012
- C:\Windows\System\AlOTOtv.exe
  C:\Windows\System\AlOTOtv.exe
  2⤵
  PID:3744
- C:\Windows\System\TCRYAVm.exe
  C:\Windows\System\TCRYAVm.exe
  2⤵
  PID:2408
- C:\Windows\System\DDfPykn.exe
  C:\Windows\System\DDfPykn.exe
  2⤵
  PID:7356
- C:\Windows\System\sqJHZfV.exe
  C:\Windows\System\sqJHZfV.exe
  2⤵
  PID:3388
- C:\Windows\System\AUFjzkF.exe
  C:\Windows\System\AUFjzkF.exe
  2⤵
  PID:396
- C:\Windows\System\tlbNUAA.exe
  C:\Windows\System\tlbNUAA.exe
  2⤵
  PID:3080
- C:\Windows\System\IBNcycD.exe
  C:\Windows\System\IBNcycD.exe
  2⤵
  PID:2728
- C:\Windows\System\kmCvhRc.exe
  C:\Windows\System\kmCvhRc.exe
  2⤵
  PID:13076
- C:\Windows\System\DuvzorT.exe
  C:\Windows\System\DuvzorT.exe
  2⤵
  PID:13152
- C:\Windows\System\HSHBwga.exe
  C:\Windows\System\HSHBwga.exe
  2⤵
  PID:5284
- C:\Windows\System\mwpWQYo.exe
  C:\Windows\System\mwpWQYo.exe
  2⤵
  PID:5312
- C:\Windows\System\pvYwCrJ.exe
  C:\Windows\System\pvYwCrJ.exe
  2⤵
  PID:5340
- C:\Windows\System\GOzRMEd.exe
  C:\Windows\System\GOzRMEd.exe
  2⤵
  PID:6092
- C:\Windows\System\aYAFcBm.exe
  C:\Windows\System\aYAFcBm.exe
  2⤵
  PID:6172
- C:\Windows\System\XbbBxZL.exe
  C:\Windows\System\XbbBxZL.exe
  2⤵
  PID:4764
- C:\Windows\System\WpwGKan.exe
  C:\Windows\System\WpwGKan.exe
  2⤵
  PID:7080
- C:\Windows\System\RWzTMwJ.exe
  C:\Windows\System\RWzTMwJ.exe
  2⤵
  PID:5508
- C:\Windows\System\myTQqlL.exe
  C:\Windows\System\myTQqlL.exe
  2⤵
  PID:12792
- C:\Windows\System\eJVxtep.exe
  C:\Windows\System\eJVxtep.exe
  2⤵
  PID:5556
- C:\Windows\System\gkKTRKV.exe
  C:\Windows\System\gkKTRKV.exe
  2⤵
  PID:3164
- C:\Windows\System\KbHyqat.exe
  C:\Windows\System\KbHyqat.exe
  2⤵
  PID:5604
- C:\Windows\System\wOwqbBS.exe
  C:\Windows\System\wOwqbBS.exe
  2⤵
  PID:5648
- C:\Windows\System\XcPMgIl.exe
  C:\Windows\System\XcPMgIl.exe
  2⤵
  PID:4432
- C:\Windows\System\ITJYLtU.exe
  C:\Windows\System\ITJYLtU.exe
  2⤵
  PID:7868
- C:\Windows\System\iPBWxnr.exe
  C:\Windows\System\iPBWxnr.exe
  2⤵
  PID:5228
- C:\Windows\System\mCyuuTu.exe
  C:\Windows\System\mCyuuTu.exe
  2⤵
  PID:13212
- C:\Windows\System\OOHRhiu.exe
  C:\Windows\System\OOHRhiu.exe
  2⤵
  PID:5792
- C:\Windows\System\xKtpLWp.exe
  C:\Windows\System\xKtpLWp.exe
  2⤵
  PID:12580
- C:\Windows\System\uTKKyUg.exe
  C:\Windows\System\uTKKyUg.exe
  2⤵
  PID:3896
- C:\Windows\System\GbLFSWy.exe
  C:\Windows\System\GbLFSWy.exe
  2⤵
  PID:12740
- C:\Windows\System\qFGyCKT.exe
  C:\Windows\System\qFGyCKT.exe
  2⤵
  PID:5532
- C:\Windows\System\wmffSWO.exe
  C:\Windows\System\wmffSWO.exe
  2⤵
  PID:4936
- C:\Windows\System\UcUndEL.exe
  C:\Windows\System\UcUndEL.exe
  2⤵
  PID:5788
- C:\Windows\System\EuDJwUi.exe
  C:\Windows\System\EuDJwUi.exe
  2⤵
  PID:6160
- C:\Windows\System\MkpIvmC.exe
  C:\Windows\System\MkpIvmC.exe
  2⤵
  PID:4552
- C:\Windows\System\TjZtTtV.exe
  C:\Windows\System\TjZtTtV.exe
  2⤵
  PID:5200
- C:\Windows\System\eHOPsLq.exe
  C:\Windows\System\eHOPsLq.exe
  2⤵
  PID:5240
- C:\Windows\System\fkdPpzH.exe
  C:\Windows\System\fkdPpzH.exe
  2⤵
  PID:12412
- C:\Windows\System\bvhSocy.exe
  C:\Windows\System\bvhSocy.exe
  2⤵
  PID:5448
- C:\Windows\System\ahpSGMC.exe
  C:\Windows\System\ahpSGMC.exe
  2⤵
  PID:12960
- C:\Windows\System\DpabkkB.exe
  C:\Windows\System\DpabkkB.exe
  2⤵
  PID:6008
- C:\Windows\System\BIDJMhv.exe
  C:\Windows\System\BIDJMhv.exe
  2⤵
  PID:536
- C:\Windows\System\ufTUGNS.exe
  C:\Windows\System\ufTUGNS.exe
  2⤵
  PID:13060
- C:\Windows\System\XcAsYHT.exe
  C:\Windows\System\XcAsYHT.exe
  2⤵
  PID:4336
- C:\Windows\System\SaFeqJa.exe
  C:\Windows\System\SaFeqJa.exe
  2⤵
  PID:5912
- C:\Windows\System\soZIxgK.exe
  C:\Windows\System\soZIxgK.exe
  2⤵
  PID:5560
- C:\Windows\System\AfJBudJ.exe
  C:\Windows\System\AfJBudJ.exe
  2⤵
  PID:5668
- C:\Windows\System\laPeuQb.exe
  C:\Windows\System\laPeuQb.exe
  2⤵
  PID:5884
- C:\Windows\System\oSqqTUR.exe
  C:\Windows\System\oSqqTUR.exe
  2⤵
  PID:5308
- C:\Windows\System\LLAyfOK.exe
  C:\Windows\System\LLAyfOK.exe
  2⤵
  PID:5188
- C:\Windows\System\PhgtDvw.exe
  C:\Windows\System\PhgtDvw.exe
  2⤵
  PID:6136
- C:\Windows\System\SUWBUHK.exe
  C:\Windows\System\SUWBUHK.exe
  2⤵
  PID:13328
- C:\Windows\System\vkjhrQY.exe
  C:\Windows\System\vkjhrQY.exe
  2⤵
  PID:13356
- C:\Windows\System\VqiHoKR.exe
  C:\Windows\System\VqiHoKR.exe
  2⤵
  PID:13388
- C:\Windows\System\IqQbzAk.exe
  C:\Windows\System\IqQbzAk.exe
  2⤵
  PID:13412
- C:\Windows\System\LPowZaM.exe
  C:\Windows\System\LPowZaM.exe
  2⤵
  PID:13440
- C:\Windows\System\PsbpTaj.exe
  C:\Windows\System\PsbpTaj.exe
  2⤵
  PID:13468
- C:\Windows\System\WeHvZqY.exe
  C:\Windows\System\WeHvZqY.exe
  2⤵
  PID:13496
- C:\Windows\System\YfDsndE.exe
  C:\Windows\System\YfDsndE.exe
  2⤵
  PID:13524
- C:\Windows\System\AlscHUW.exe
  C:\Windows\System\AlscHUW.exe
  2⤵
  PID:13552
- C:\Windows\System\qJkZIfJ.exe
  C:\Windows\System\qJkZIfJ.exe
  2⤵
  PID:13580
- C:\Windows\System\ufluINC.exe
  C:\Windows\System\ufluINC.exe
  2⤵
  PID:13608
- C:\Windows\System\lzZIXbl.exe
  C:\Windows\System\lzZIXbl.exe
  2⤵
  PID:13636
- C:\Windows\System\iSNuzst.exe
  C:\Windows\System\iSNuzst.exe
  2⤵
  PID:13664
- C:\Windows\System\mDFJdXk.exe
  C:\Windows\System\mDFJdXk.exe
  2⤵
  PID:13692
- C:\Windows\System\iuSufwY.exe
  C:\Windows\System\iuSufwY.exe
  2⤵
  PID:13720
- C:\Windows\System\pFANZJs.exe
  C:\Windows\System\pFANZJs.exe
  2⤵
  PID:13748
- C:\Windows\System\MsyeSIJ.exe
  C:\Windows\System\MsyeSIJ.exe
  2⤵
  PID:13776
- C:\Windows\System\sMOGudd.exe
  C:\Windows\System\sMOGudd.exe
  2⤵
  PID:13804
- C:\Windows\System\HKIrbny.exe
  C:\Windows\System\HKIrbny.exe
  2⤵
  PID:13832
- C:\Windows\System\vUJJyDE.exe
  C:\Windows\System\vUJJyDE.exe
  2⤵
  PID:13860
- C:\Windows\System\femuEeg.exe
  C:\Windows\System\femuEeg.exe
  2⤵
  PID:13892
- C:\Windows\System\SRkCJuA.exe
  C:\Windows\System\SRkCJuA.exe
  2⤵
  PID:13920
- C:\Windows\System\tXcqbIv.exe
  C:\Windows\System\tXcqbIv.exe
  2⤵
  PID:13948
- C:\Windows\System\VtLsysp.exe
  C:\Windows\System\VtLsysp.exe
  2⤵
  PID:13976
- C:\Windows\System\pPdOded.exe
  C:\Windows\System\pPdOded.exe
  2⤵
  PID:14004
- C:\Windows\System\Wbjrtbb.exe
  C:\Windows\System\Wbjrtbb.exe
  2⤵
  PID:14032
- C:\Windows\System\cclbIoP.exe
  C:\Windows\System\cclbIoP.exe
  2⤵
  PID:14060
- C:\Windows\System\VULhlPq.exe
  C:\Windows\System\VULhlPq.exe
  2⤵
  PID:14088
- C:\Windows\System\NpvHisA.exe
  C:\Windows\System\NpvHisA.exe
  2⤵
  PID:14116
- C:\Windows\System\HABdceX.exe
  C:\Windows\System\HABdceX.exe
  2⤵
  PID:14144
- C:\Windows\System\WSMmhBR.exe
  C:\Windows\System\WSMmhBR.exe
  2⤵
  PID:14172
- C:\Windows\System\fCiReCI.exe
  C:\Windows\System\fCiReCI.exe
  2⤵
  PID:14200
- C:\Windows\System\EpjkVCe.exe
  C:\Windows\System\EpjkVCe.exe
  2⤵
  PID:14228
- C:\Windows\System\SbUIUPD.exe
  C:\Windows\System\SbUIUPD.exe
  2⤵
  PID:14256
- C:\Windows\System\ovAokyh.exe
  C:\Windows\System\ovAokyh.exe
  2⤵
  PID:14284
- C:\Windows\System\ZADWiIw.exe
  C:\Windows\System\ZADWiIw.exe
  2⤵
  PID:14312
- C:\Windows\System\RUHnlUr.exe
  C:\Windows\System\RUHnlUr.exe
  2⤵
  PID:6056
- C:\Windows\System\dvxNVHe.exe
  C:\Windows\System\dvxNVHe.exe
  2⤵
  PID:13348
- C:\Windows\System\dxQLdBg.exe
  C:\Windows\System\dxQLdBg.exe
  2⤵
  PID:4116
- C:\Windows\System\bZLwYhn.exe
  C:\Windows\System\bZLwYhn.exe
  2⤵
  PID:13432
- C:\Windows\System\tomLMzU.exe
  C:\Windows\System\tomLMzU.exe
  2⤵
  PID:13480
- C:\Windows\System\zNLBfcW.exe
  C:\Windows\System\zNLBfcW.exe
  2⤵
  PID:13520
- C:\Windows\System\bNcIFze.exe
  C:\Windows\System\bNcIFze.exe
  2⤵
  PID:13592
- C:\Windows\System\avRCbsT.exe
  C:\Windows\System\avRCbsT.exe
  2⤵
  PID:13632
- C:\Windows\System\zKOHZBd.exe
  C:\Windows\System\zKOHZBd.exe
  2⤵
  PID:13704
- C:\Windows\System\WJruEBM.exe
  C:\Windows\System\WJruEBM.exe
  2⤵
  PID:5620
- C:\Windows\System\PmYVBwd.exe
  C:\Windows\System\PmYVBwd.exe
  2⤵
  PID:13816
- C:\Windows\System\ZuroDAV.exe
  C:\Windows\System\ZuroDAV.exe
  2⤵
  PID:13880
- C:\Windows\System\WUxyxqq.exe
  C:\Windows\System\WUxyxqq.exe
  2⤵
  PID:13944
- C:\Windows\System\sMZnCmF.exe
  C:\Windows\System\sMZnCmF.exe
  2⤵
  PID:14016
- C:\Windows\System\AzZfpnp.exe
  C:\Windows\System\AzZfpnp.exe
  2⤵
  PID:14080
- C:\Windows\System\HfjimsF.exe
  C:\Windows\System\HfjimsF.exe
  2⤵
  PID:7512
- C:\Windows\System\CwiTavz.exe
  C:\Windows\System\CwiTavz.exe
  2⤵
  PID:7592
- C:\Windows\System\YxAkDUR.exe
  C:\Windows\System\YxAkDUR.exe
  2⤵
  PID:14212
- C:\Windows\System\BjayalY.exe
  C:\Windows\System\BjayalY.exe
  2⤵
  PID:14248
- C:\Windows\System\LmbSMci.exe
  C:\Windows\System\LmbSMci.exe
  2⤵
  PID:14280
- C:\Windows\System\gFPtJoX.exe
  C:\Windows\System\gFPtJoX.exe
  2⤵
  PID:14304
- C:\Windows\System\XoWvoIO.exe
  C:\Windows\System\XoWvoIO.exe
  2⤵
  PID:7960
- C:\Windows\System\qNAioZB.exe
  C:\Windows\System\qNAioZB.exe
  2⤵
  PID:5216
- C:\Windows\System\BTsGSbN.exe
  C:\Windows\System\BTsGSbN.exe
  2⤵
  PID:5496
- C:\Windows\System\qsQQpdU.exe
  C:\Windows\System\qsQQpdU.exe
  2⤵
  PID:5640
- C:\Windows\System\hPLwnaX.exe
  C:\Windows\System\hPLwnaX.exe
  2⤵
  PID:7980
- C:\Windows\System\fkCyXfB.exe
  C:\Windows\System\fkCyXfB.exe
  2⤵
  PID:13660
- C:\Windows\System\oqJbBkF.exe
  C:\Windows\System\oqJbBkF.exe
  2⤵
  PID:13716
- C:\Windows\System\VvvPFGP.exe
  C:\Windows\System\VvvPFGP.exe
  2⤵
  PID:13800
- C:\Windows\System\lmzzofO.exe
  C:\Windows\System\lmzzofO.exe
  2⤵
  PID:13932
- C:\Windows\System\oaWTJys.exe
  C:\Windows\System\oaWTJys.exe
  2⤵
  PID:3088
- C:\Windows\System\EfxdniV.exe
  C:\Windows\System\EfxdniV.exe
  2⤵
  PID:1076
- C:\Windows\System\rsuVgeJ.exe
  C:\Windows\System\rsuVgeJ.exe
  2⤵
  PID:7232
- C:\Windows\System\sdcbpgk.exe
  C:\Windows\System\sdcbpgk.exe
  2⤵
  PID:6396
- C:\Windows\System\krpRXwK.exe
  C:\Windows\System\krpRXwK.exe
  2⤵
  PID:14296
- C:\Windows\System\oUBYVWd.exe
  C:\Windows\System\oUBYVWd.exe
  2⤵
  PID:8084
- C:\Windows\System\NAPNjXQ.exe
  C:\Windows\System\NAPNjXQ.exe
  2⤵
  PID:4888
- C:\Windows\System\zPVeSws.exe
  C:\Windows\System\zPVeSws.exe
  2⤵
  PID:7184
- C:\Windows\System\QaQAtQE.exe
  C:\Windows\System\QaQAtQE.exe
  2⤵
  PID:4952
- C:\Windows\System\QzOiUaG.exe
  C:\Windows\System\QzOiUaG.exe
  2⤵
  PID:8256
- C:\Windows\System\XouPIhM.exe
  C:\Windows\System\XouPIhM.exe
  2⤵
  PID:8292
- C:\Windows\System\LiHaAMF.exe
  C:\Windows\System\LiHaAMF.exe
  2⤵
  PID:8372
- C:\Windows\System\VCPIZFp.exe
  C:\Windows\System\VCPIZFp.exe
  2⤵
  PID:8392
- C:\Windows\System\eHnLjsF.exe
  C:\Windows\System\eHnLjsF.exe
  2⤵
  PID:8432
- C:\Windows\System\acGwMEs.exe
  C:\Windows\System\acGwMEs.exe
  2⤵
  PID:7932
- C:\Windows\System\vYMKsnD.exe
  C:\Windows\System\vYMKsnD.exe
  2⤵
  PID:7684
- C:\Windows\System\WEwNXOt.exe
  C:\Windows\System\WEwNXOt.exe
  2⤵
  PID:3928
- C:\Windows\System\kcBVyVS.exe
  C:\Windows\System\kcBVyVS.exe
  2⤵
  PID:216
- C:\Windows\System\qVcNlNj.exe
  C:\Windows\System\qVcNlNj.exe
  2⤵
  PID:13576
- C:\Windows\System\ctLjGce.exe
  C:\Windows\System\ctLjGce.exe
  2⤵
  PID:8304
- C:\Windows\System\SAdadWk.exe
  C:\Windows\System\SAdadWk.exe
  2⤵
  PID:8768
- C:\Windows\System\YlGqTCJ.exe
  C:\Windows\System\YlGqTCJ.exe
  2⤵
  PID:8796
- C:\Windows\System\IGOWEVj.exe
  C:\Windows\System\IGOWEVj.exe
  2⤵
  PID:14276
- C:\Windows\System\fUhKJCf.exe
  C:\Windows\System\fUhKJCf.exe
  2⤵
  PID:8880
- C:\Windows\System\EjFEtTF.exe
  C:\Windows\System\EjFEtTF.exe
  2⤵
  PID:8152
- C:\Windows\System\dABkyYq.exe
  C:\Windows\System\dABkyYq.exe
  2⤵
  PID:14108
- C:\Windows\System\QFrpEcA.exe
  C:\Windows\System\QFrpEcA.exe
  2⤵
  PID:8420
- C:\Windows\System\isCpoEu.exe
  C:\Windows\System\isCpoEu.exe
  2⤵
  PID:8004
- C:\Windows\System\iDmoqQS.exe
  C:\Windows\System\iDmoqQS.exe
  2⤵
  PID:1496
- C:\Windows\System\fDMKooe.exe
  C:\Windows\System\fDMKooe.exe
  2⤵
  PID:9084
- C:\Windows\System\OngPiND.exe
  C:\Windows\System\OngPiND.exe
  2⤵
  PID:4448
- C:\Windows\System\tmXzkFs.exe
  C:\Windows\System\tmXzkFs.exe
  2⤵
  PID:9144
- C:\Windows\System\HOrpUdq.exe
  C:\Windows\System\HOrpUdq.exe
  2⤵
  PID:6544
- C:\Windows\System\tuWDZAI.exe
  C:\Windows\System\tuWDZAI.exe
  2⤵
  PID:8936
- C:\Windows\System\JAGHVom.exe
  C:\Windows\System\JAGHVom.exe
  2⤵
  PID:5040
- C:\Windows\System\vxEPsPu.exe
  C:\Windows\System\vxEPsPu.exe
  2⤵
  PID:6888
- C:\Windows\System\tUcBnSq.exe
  C:\Windows\System\tUcBnSq.exe
  2⤵
  PID:8404
- C:\Windows\System\BskgVJr.exe
  C:\Windows\System\BskgVJr.exe
  2⤵
  PID:8624
- C:\Windows\System\nsPUygR.exe
  C:\Windows\System\nsPUygR.exe
  2⤵
  PID:7084
- C:\Windows\System\pDGkylz.exe
  C:\Windows\System\pDGkylz.exe
  2⤵
  PID:9164
- C:\Windows\System\apUSQgi.exe
  C:\Windows\System\apUSQgi.exe
  2⤵
  PID:7032
- C:\Windows\System\AfGglHB.exe
  C:\Windows\System\AfGglHB.exe
  2⤵
  PID:6176
- C:\Windows\System\qGuUhBY.exe
  C:\Windows\System\qGuUhBY.exe
  2⤵
  PID:7112
- C:\Windows\System\SrckMmD.exe
  C:\Windows\System\SrckMmD.exe
  2⤵
  PID:8628
- C:\Windows\System\zpylwOM.exe
  C:\Windows\System\zpylwOM.exe
  2⤵
  PID:8712
- C:\Windows\System\XkrxhUX.exe
  C:\Windows\System\XkrxhUX.exe
  2⤵
  PID:6540
- C:\Windows\System\jLEVvud.exe
  C:\Windows\System\jLEVvud.exe
  2⤵
  PID:6744
- C:\Windows\System\meavnPH.exe
  C:\Windows\System\meavnPH.exe
  2⤵
  PID:3612
- C:\Windows\System\zdlhEdd.exe
  C:\Windows\System\zdlhEdd.exe
  2⤵
  PID:8892
- C:\Windows\System\pYEqwoO.exe
  C:\Windows\System\pYEqwoO.exe
  2⤵
  PID:8296
- C:\Windows\System\xnxhwio.exe
  C:\Windows\System\xnxhwio.exe
  2⤵
  PID:8488
- C:\Windows\System\TSANngt.exe
  C:\Windows\System\TSANngt.exe
  2⤵
  PID:8672
- C:\Windows\System\VZePyyB.exe
  C:\Windows\System\VZePyyB.exe
  2⤵
  PID:9036
- C:\Windows\System\IgsJLIp.exe
  C:\Windows\System\IgsJLIp.exe
  2⤵
  PID:6320
- C:\Windows\System\gUJYrNH.exe
  C:\Windows\System\gUJYrNH.exe
  2⤵
  PID:14352
- C:\Windows\System\bFkUVho.exe
  C:\Windows\System\bFkUVho.exe
  2⤵
  PID:14380
- C:\Windows\System\DJyWzay.exe
  C:\Windows\System\DJyWzay.exe
  2⤵
  PID:14408
- C:\Windows\System\AJSKnki.exe
  C:\Windows\System\AJSKnki.exe
  2⤵
  PID:14436
- C:\Windows\System\zWyiWgH.exe
  C:\Windows\System\zWyiWgH.exe
  2⤵
  PID:14464
- C:\Windows\System\PmcOTYT.exe
  C:\Windows\System\PmcOTYT.exe
  2⤵
  PID:14492
- C:\Windows\System\rkhDaOs.exe
  C:\Windows\System\rkhDaOs.exe
  2⤵
  PID:14520
- C:\Windows\System\xiwmtTM.exe
  C:\Windows\System\xiwmtTM.exe
  2⤵
  PID:14548
- C:\Windows\System\HpUAeFR.exe
  C:\Windows\System\HpUAeFR.exe
  2⤵
  PID:14576
- C:\Windows\System\LTYeTIL.exe
  C:\Windows\System\LTYeTIL.exe
  2⤵
  PID:14604
- C:\Windows\System\dEURWyd.exe
  C:\Windows\System\dEURWyd.exe
  2⤵
  PID:14632
- C:\Windows\System\pGaBrgg.exe
  C:\Windows\System\pGaBrgg.exe
  2⤵
  PID:14660
- C:\Windows\System\UviLVXJ.exe
  C:\Windows\System\UviLVXJ.exe
  2⤵
  PID:14688
- C:\Windows\System\eQJoeeP.exe
  C:\Windows\System\eQJoeeP.exe
  2⤵
  PID:14716
- C:\Windows\System\lvfLEDs.exe
  C:\Windows\System\lvfLEDs.exe
  2⤵
  PID:14744
- C:\Windows\System\TgUAUpl.exe
  C:\Windows\System\TgUAUpl.exe
  2⤵
  PID:14772
- C:\Windows\System\QcRROSz.exe
  C:\Windows\System\QcRROSz.exe
  2⤵
  PID:14800
- C:\Windows\System\JBljDmi.exe
  C:\Windows\System\JBljDmi.exe
  2⤵
  PID:14832
- C:\Windows\System\NLJJaXY.exe
  C:\Windows\System\NLJJaXY.exe
  2⤵
  PID:14860
- C:\Windows\System\tirhNAM.exe
  C:\Windows\System\tirhNAM.exe
  2⤵
  PID:14888
- C:\Windows\System\UWNUXUi.exe
  C:\Windows\System\UWNUXUi.exe
  2⤵
  PID:14916
- C:\Windows\System\HHoRfoM.exe
  C:\Windows\System\HHoRfoM.exe
  2⤵
  PID:14948
- C:\Windows\System\tthapzS.exe
  C:\Windows\System\tthapzS.exe
  2⤵
  PID:14976
- C:\Windows\System\cpDKqgN.exe
  C:\Windows\System\cpDKqgN.exe
  2⤵
  PID:15004
- C:\Windows\System\qVZpGcL.exe
  C:\Windows\System\qVZpGcL.exe
  2⤵
  PID:15036
- C:\Windows\System\HLYyfqd.exe
  C:\Windows\System\HLYyfqd.exe
  2⤵
  PID:15060
- C:\Windows\System\wQTtKwF.exe
  C:\Windows\System\wQTtKwF.exe
  2⤵
  PID:15084
- C:\Windows\System\bKDYWnB.exe
  C:\Windows\System\bKDYWnB.exe
  2⤵
  PID:15112
- C:\Windows\System\eksVUSN.exe
  C:\Windows\System\eksVUSN.exe
  2⤵
  PID:15140
- C:\Windows\System\dPFigSi.exe
  C:\Windows\System\dPFigSi.exe
  2⤵
  PID:15168
- C:\Windows\System\cUYocON.exe
  C:\Windows\System\cUYocON.exe
  2⤵
  PID:15196
- C:\Windows\System\YqlOxVv.exe
  C:\Windows\System\YqlOxVv.exe
  2⤵
  PID:15224
- C:\Windows\System\gSdEIoW.exe
  C:\Windows\System\gSdEIoW.exe
  2⤵
  PID:15252
- C:\Windows\System\DpvyTQr.exe
  C:\Windows\System\DpvyTQr.exe
  2⤵
  PID:15280
- C:\Windows\System\tvtwCyl.exe
  C:\Windows\System\tvtwCyl.exe
  2⤵
  PID:15308
- C:\Windows\System\WczdqKU.exe
  C:\Windows\System\WczdqKU.exe
  2⤵
  PID:15336
- C:\Windows\System\zcQTEVz.exe
  C:\Windows\System\zcQTEVz.exe
  2⤵
  PID:7212
- C:\Windows\System\sGCztpK.exe
  C:\Windows\System\sGCztpK.exe
  2⤵
  PID:7236
- C:\Windows\System\HzGLBrT.exe
  C:\Windows\System\HzGLBrT.exe
  2⤵
  PID:7268
- C:\Windows\System\ggbjVsb.exe
  C:\Windows\System\ggbjVsb.exe
  2⤵
  PID:14448
- C:\Windows\System\jTjynwO.exe
  C:\Windows\System\jTjynwO.exe
  2⤵
  PID:14476
- C:\Windows\System\NJPWKZN.exe
  C:\Windows\System\NJPWKZN.exe
  2⤵
  PID:14504
- C:\Windows\System\bPFVppf.exe
  C:\Windows\System\bPFVppf.exe
  2⤵
  PID:14532
- C:\Windows\System\nxJiDkl.exe
  C:\Windows\System\nxJiDkl.exe
  2⤵
  PID:14572
- C:\Windows\System\SDuzMeM.exe
  C:\Windows\System\SDuzMeM.exe
  2⤵
  PID:9468
- C:\Windows\System\SAKPgXs.exe
  C:\Windows\System\SAKPgXs.exe
  2⤵
  PID:14656
- C:\Windows\System\JONwbcv.exe
  C:\Windows\System\JONwbcv.exe
  2⤵
  PID:9496
- C:\Windows\System\uqKwgSD.exe
  C:\Windows\System\uqKwgSD.exe
  2⤵
  PID:7492
- C:\Windows\System\rVGfvBq.exe
  C:\Windows\System\rVGfvBq.exe
  2⤵
  PID:14764
- C:\Windows\System\GVlUvgS.exe
  C:\Windows\System\GVlUvgS.exe
  2⤵
  PID:9576
- C:\Windows\System\UKLGfgE.exe
  C:\Windows\System\UKLGfgE.exe
  2⤵
  PID:7532
- C:\Windows\System\UEjFSNr.exe
  C:\Windows\System\UEjFSNr.exe
  2⤵
  PID:14872
- C:\Windows\System\iZfWAbW.exe
  C:\Windows\System\iZfWAbW.exe
  2⤵
  PID:14908
- C:\Windows\System\UblMXam.exe
  C:\Windows\System\UblMXam.exe
  2⤵
  PID:7616
- C:\Windows\System\mEJKEtW.exe
  C:\Windows\System\mEJKEtW.exe
  2⤵
  PID:9748
- C:\Windows\System\dZfayhZ.exe
  C:\Windows\System\dZfayhZ.exe
  2⤵
  PID:9776
- C:\Windows\System\iDTDdCR.exe
  C:\Windows\System\iDTDdCR.exe
  2⤵
  PID:15012
- C:\Windows\System\gvUPldV.exe
  C:\Windows\System\gvUPldV.exe
  2⤵
  PID:15048
- C:\Windows\System\rwcfckx.exe
  C:\Windows\System\rwcfckx.exe
  2⤵
  PID:7748
- C:\Windows\System\xLgcrMr.exe
  C:\Windows\System\xLgcrMr.exe
  2⤵
  PID:15104
- C:\Windows\System\hmkDIwD.exe
  C:\Windows\System\hmkDIwD.exe
  2⤵
  PID:15132
- C:\Windows\System\gNAwGgH.exe
  C:\Windows\System\gNAwGgH.exe
  2⤵
  PID:15180
- C:\Windows\System\MvTtVMc.exe
  C:\Windows\System\MvTtVMc.exe
  2⤵
  PID:15216
- C:\Windows\System\OqyBQqT.exe
  C:\Windows\System\OqyBQqT.exe
  2⤵
  PID:15276
- C:\Windows\System\JJiaAmB.exe
  C:\Windows\System\JJiaAmB.exe
  2⤵
  PID:15320
- C:\Windows\System\ElDOjfZ.exe
  C:\Windows\System\ElDOjfZ.exe
  2⤵
  PID:10140
- C:\Windows\System\aWbRavo.exe
  C:\Windows\System\aWbRavo.exe
  2⤵
  PID:1104
- C:\Windows\System\JZMNbVc.exe
  C:\Windows\System\JZMNbVc.exe
  2⤵
  PID:7816
- C:\Windows\System\lPStdAe.exe
  C:\Windows\System\lPStdAe.exe
  2⤵
  PID:10220
- C:\Windows\System\MqrGgVE.exe
  C:\Windows\System\MqrGgVE.exe
  2⤵
  PID:980
- C:\Windows\System\IwRsmrW.exe
  C:\Windows\System\IwRsmrW.exe
  2⤵
  PID:9332
- C:\Windows\System\JTApjsD.exe
  C:\Windows\System\JTApjsD.exe
  2⤵
  PID:9396
- C:\Windows\System\KPnIGwc.exe
  C:\Windows\System\KPnIGwc.exe
  2⤵
  PID:7972
- C:\Windows\System\VkeKgTH.exe
  C:\Windows\System\VkeKgTH.exe
  2⤵
  PID:6380
- C:\Windows\System\ILimmxj.exe
  C:\Windows\System\ILimmxj.exe
  2⤵
  PID:8060
- C:\Windows\System\wqucDRU.exe
  C:\Windows\System\wqucDRU.exe
  2⤵
  PID:9548
- C:\Windows\System\YLLutel.exe
  C:\Windows\System\YLLutel.exe
  2⤵
  PID:9584
- C:\Windows\System\rIQvIzQ.exe
  C:\Windows\System\rIQvIzQ.exe
  2⤵
  PID:8144
- C:\Windows\System\DHvWPMQ.exe
  C:\Windows\System\DHvWPMQ.exe
  2⤵
  PID:14900
- C:\Windows\System\GYBpXBE.exe
  C:\Windows\System\GYBpXBE.exe
  2⤵
  PID:14928
- C:\Windows\System\RzWMmhP.exe
  C:\Windows\System\RzWMmhP.exe
  2⤵
  PID:14964
- C:\Windows\System\CWxZBxP.exe
  C:\Windows\System\CWxZBxP.exe
  2⤵
  PID:14992
- C:\Windows\System\nxqFLdo.exe
  C:\Windows\System\nxqFLdo.exe
  2⤵
  PID:3916
- C:\Windows\System\BGrkXun.exe
  C:\Windows\System\BGrkXun.exe
  2⤵
  PID:9312
- C:\Windows\System\iLNCRJs.exe
  C:\Windows\System\iLNCRJs.exe
  2⤵
  PID:9472
- C:\Windows\System\cuMqXAY.exe
  C:\Windows\System\cuMqXAY.exe
  2⤵
  PID:9956
- C:\Windows\System\YLwJHXW.exe
  C:\Windows\System\YLwJHXW.exe
  2⤵
  PID:10004
- C:\Windows\System\JKACsSf.exe
  C:\Windows\System\JKACsSf.exe
  2⤵
  PID:9792
- C:\Windows\System\UFnEooz.exe
  C:\Windows\System\UFnEooz.exe
  2⤵
  PID:15304
- C:\Windows\System\rZADFfC.exe
  C:\Windows\System\rZADFfC.exe
  2⤵
  PID:9212
- C:\Windows\System\oiSrCPS.exe
  C:\Windows\System\oiSrCPS.exe
  2⤵
  PID:7280
- C:\Windows\System\oSFJSwl.exe
  C:\Windows\System\oSFJSwl.exe
  2⤵
  PID:9284
- C:\Windows\System\ymMyxQi.exe
  C:\Windows\System\ymMyxQi.exe
  2⤵
  PID:7984
- C:\Windows\System\THSpmTq.exe
  C:\Windows\System\THSpmTq.exe
  2⤵
  PID:10272
- C:\Windows\System\yQUSBIQ.exe
  C:\Windows\System\yQUSBIQ.exe
  2⤵
  PID:8076
- C:\Windows\System\fJCmJql.exe
  C:\Windows\System\fJCmJql.exe
  2⤵
  PID:14768
- C:\Windows\System\fTYOgbn.exe
  C:\Windows\System\fTYOgbn.exe
  2⤵
  PID:10404
- C:\Windows\System\sNCCaDm.exe
  C:\Windows\System\sNCCaDm.exe
  2⤵
  PID:9664
- C:\Windows\System\ZdfOHkp.exe
  C:\Windows\System\ZdfOHkp.exe
  2⤵
  PID:10488
- C:\Windows\System\qHsdTya.exe
  C:\Windows\System\qHsdTya.exe
  2⤵
  PID:10516
- C:\Windows\System\jHumORx.exe
  C:\Windows\System\jHumORx.exe
  2⤵
  PID:9836
- C:\Windows\System\sFhlhaw.exe
  C:\Windows\System\sFhlhaw.exe
  2⤵
  PID:10600
- C:\Windows\System\rGbiftq.exe
  C:\Windows\System\rGbiftq.exe
  2⤵
  PID:10620
- C:\Windows\System\NQzxklc.exe
  C:\Windows\System\NQzxklc.exe
  2⤵
  PID:15236
- C:\Windows\System\ZhemIDN.exe
  C:\Windows\System\ZhemIDN.exe
  2⤵
  PID:10712
- C:\Windows\System\FYkeuzp.exe
  C:\Windows\System\FYkeuzp.exe
  2⤵
  PID:14372
- C:\Windows\System\JViXmcd.exe
  C:\Windows\System\JViXmcd.exe
  2⤵
  PID:7908
- C:\Windows\System\MKaVpEM.exe
  C:\Windows\System\MKaVpEM.exe
  2⤵
  PID:7372
- C:\Windows\System\XfIkhCV.exe
  C:\Windows\System\XfIkhCV.exe
  2⤵
  PID:14684
- C:\Windows\System\AiTOomj.exe
  C:\Windows\System\AiTOomj.exe
  2⤵
  PID:10888
- C:\Windows\System\RwHbIEz.exe
  C:\Windows\System\RwHbIEz.exe
  2⤵
  PID:7540
- C:\Windows\System\svxZJKC.exe
  C:\Windows\System\svxZJKC.exe
  2⤵
  PID:10976
- C:\Windows\System\dUlhFNZ.exe
  C:\Windows\System\dUlhFNZ.exe
  2⤵
  PID:14984
- C:\Windows\System\USOQXFV.exe
  C:\Windows\System\USOQXFV.exe
  2⤵
  PID:11060
- C:\Windows\System\reptyBj.exe
  C:\Windows\System\reptyBj.exe
  2⤵
  PID:15096
- C:\Windows\System\zfuJgmT.exe
  C:\Windows\System\zfuJgmT.exe
  2⤵
  PID:11140
- C:\Windows\System\lYaIsCr.exe
  C:\Windows\System\lYaIsCr.exe
  2⤵
  PID:11164
- C:\Windows\System\thZLHCT.exe
  C:\Windows\System\thZLHCT.exe
  2⤵
  PID:10760
- C:\Windows\System\qntwPOr.exe
  C:\Windows\System\qntwPOr.exe
  2⤵
  PID:10136
- C:\Windows\System\WelAEzp.exe
  C:\Windows\System\WelAEzp.exe
  2⤵
  PID:9328
- C:\Windows\System\zddUXWi.exe
  C:\Windows\System\zddUXWi.exe
  2⤵
  PID:10916
- C:\Windows\System\KDTJWlF.exe
  C:\Windows\System\KDTJWlF.exe
  2⤵
  PID:11004
- C:\Windows\System\ywRuspr.exe
  C:\Windows\System\ywRuspr.exe
  2⤵
  PID:10496
- C:\Windows\System\njDxNHq.exe
  C:\Windows\System\njDxNHq.exe
  2⤵
  PID:3684
- C:\Windows\System\tQhOqLi.exe
  C:\Windows\System\tQhOqLi.exe
  2⤵
  PID:10708
- C:\Windows\System\cGzFqzq.exe
  C:\Windows\System\cGzFqzq.exe
  2⤵
  PID:10792
- C:\Windows\System\whmTtgP.exe
  C:\Windows\System\whmTtgP.exe
  2⤵
  PID:10316
- C:\Windows\System\DUlBUGt.exe
  C:\Windows\System\DUlBUGt.exe
  2⤵
  PID:10428
- C:\Windows\System\hQnHOeE.exe
  C:\Windows\System\hQnHOeE.exe
  2⤵
  PID:7228
- C:\Windows\System\FRmRYvW.exe
  C:\Windows\System\FRmRYvW.exe
  2⤵
  PID:11136
- C:\Windows\System\vQPiZfj.exe
  C:\Windows\System\vQPiZfj.exe
  2⤵
  PID:10820
- C:\Windows\System\IyImsJL.exe
  C:\Windows\System\IyImsJL.exe
  2⤵
  PID:6716
- C:\Windows\System\OAPEqKE.exe
  C:\Windows\System\OAPEqKE.exe
  2⤵
  PID:7408
- C:\Windows\System\HMSwomG.exe
  C:\Windows\System\HMSwomG.exe
  2⤵
  PID:15068
- C:\Windows\System\hTjpgBv.exe
  C:\Windows\System\hTjpgBv.exe
  2⤵
  PID:10380
- C:\Windows\System\KjgmHaN.exe
  C:\Windows\System\KjgmHaN.exe
  2⤵
  PID:11260
- C:\Windows\System\UgZujbI.exe
  C:\Windows\System\UgZujbI.exe
  2⤵
  PID:9520
- C:\Windows\System\TUerkMy.exe
  C:\Windows\System\TUerkMy.exe
  2⤵
  PID:15376
- C:\Windows\System\SoyBPsW.exe
  C:\Windows\System\SoyBPsW.exe
  2⤵
  PID:15404
- C:\Windows\System\KshpMvB.exe
  C:\Windows\System\KshpMvB.exe
  2⤵
  PID:15432
- C:\Windows\System\tSZtruH.exe
  C:\Windows\System\tSZtruH.exe
  2⤵
  PID:15460
- C:\Windows\System\qmnieIl.exe
  C:\Windows\System\qmnieIl.exe
  2⤵
  PID:15488
- C:\Windows\System\BLvaQvg.exe
  C:\Windows\System\BLvaQvg.exe
  2⤵
  PID:15516
- C:\Windows\System\SkzyTfn.exe
  C:\Windows\System\SkzyTfn.exe
  2⤵
  PID:15544
- C:\Windows\System\oyudmLo.exe
  C:\Windows\System\oyudmLo.exe
  2⤵
  PID:15584
- C:\Windows\System\YYWEZjE.exe
  C:\Windows\System\YYWEZjE.exe
  2⤵
  PID:15600
- C:\Windows\System\IhWrsnF.exe
  C:\Windows\System\IhWrsnF.exe
  2⤵
  PID:15628
- C:\Windows\System\mUzEtDj.exe
  C:\Windows\System\mUzEtDj.exe
  2⤵
  PID:15656
- C:\Windows\System\jsWZZHc.exe
  C:\Windows\System\jsWZZHc.exe
  2⤵
  PID:15684
- C:\Windows\System\HrgvSEd.exe
  C:\Windows\System\HrgvSEd.exe
  2⤵
  PID:15712
- C:\Windows\System\ESxxudM.exe
  C:\Windows\System\ESxxudM.exe
  2⤵
  PID:15740
- C:\Windows\System\LbOGbxl.exe
  C:\Windows\System\LbOGbxl.exe
  2⤵
  PID:15768
- C:\Windows\System\EBQaCjl.exe
  C:\Windows\System\EBQaCjl.exe
  2⤵
  PID:15796
- C:\Windows\System\nEuAZmW.exe
  C:\Windows\System\nEuAZmW.exe
  2⤵
  PID:15824
- C:\Windows\System\mdzkqco.exe
  C:\Windows\System\mdzkqco.exe
  2⤵
  PID:15852
- C:\Windows\System\LLuZfZa.exe
  C:\Windows\System\LLuZfZa.exe
  2⤵
  PID:15880
- C:\Windows\System\JYpUEUG.exe
  C:\Windows\System\JYpUEUG.exe
  2⤵
  PID:15912
- C:\Windows\System\vwfWYwQ.exe
  C:\Windows\System\vwfWYwQ.exe
  2⤵
  PID:15940
- C:\Windows\System\QTJlZzm.exe
  C:\Windows\System\QTJlZzm.exe
  2⤵
  PID:15968
- C:\Windows\System\TRoyQZa.exe
  C:\Windows\System\TRoyQZa.exe
  2⤵
  PID:15996
- C:\Windows\System\rqyObdE.exe
  C:\Windows\System\rqyObdE.exe
  2⤵
  PID:16024
- C:\Windows\System\NhbnMsY.exe
  C:\Windows\System\NhbnMsY.exe
  2⤵
  PID:16052
- C:\Windows\System\PMprQOz.exe
  C:\Windows\System\PMprQOz.exe
  2⤵
  PID:16080
- C:\Windows\System\Qrcgjyq.exe
  C:\Windows\System\Qrcgjyq.exe
  2⤵
  PID:16108
- C:\Windows\System\WidGWlq.exe
  C:\Windows\System\WidGWlq.exe
  2⤵
  PID:16136
- C:\Windows\System\eubpeLm.exe
  C:\Windows\System\eubpeLm.exe
  2⤵
  PID:16164
- C:\Windows\System\EGxeOcc.exe
  C:\Windows\System\EGxeOcc.exe
  2⤵
  PID:16192
- C:\Windows\System\WTgPRIc.exe
  C:\Windows\System\WTgPRIc.exe
  2⤵
  PID:16220
- C:\Windows\System\mUsSdRy.exe
  C:\Windows\System\mUsSdRy.exe
  2⤵
  PID:16248
- C:\Windows\System\tKZDEOQ.exe
  C:\Windows\System\tKZDEOQ.exe
  2⤵
  PID:16276
- C:\Windows\System\WVyAHWF.exe
  C:\Windows\System\WVyAHWF.exe
  2⤵
  PID:16304
- C:\Windows\System\CpzBYif.exe
  C:\Windows\System\CpzBYif.exe
  2⤵
  PID:16332
- C:\Windows\System\vKTdbfF.exe
  C:\Windows\System\vKTdbfF.exe
  2⤵
  PID:16360
- C:\Windows\System\MEwnXty.exe
  C:\Windows\System\MEwnXty.exe
  2⤵
  PID:15368
- C:\Windows\System\xNPfsmG.exe
  C:\Windows\System\xNPfsmG.exe
  2⤵
  PID:15428
- C:\Windows\System\xZJjsHP.exe
  C:\Windows\System\xZJjsHP.exe
  2⤵
  PID:15456
- C:\Windows\System\udSFvpE.exe
  C:\Windows\System\udSFvpE.exe
  2⤵
  PID:15528
- C:\Windows\System\OHQFknT.exe
  C:\Windows\System\OHQFknT.exe
  2⤵
  PID:10284
- C:\Windows\System\pybephD.exe
  C:\Windows\System\pybephD.exe
  2⤵
  PID:10952
- C:\Windows\System\PMVfCrE.exe
  C:\Windows\System\PMVfCrE.exe
  2⤵
  PID:15640
- C:\Windows\System\VrlXLgb.exe
  C:\Windows\System\VrlXLgb.exe
  2⤵
  PID:8560
- C:\Windows\System\rosRmGA.exe
  C:\Windows\System\rosRmGA.exe
  2⤵
  PID:8532
- C:\Windows\System\eZWyEgk.exe
  C:\Windows\System\eZWyEgk.exe
  2⤵
  PID:10868
- C:\Windows\System\svDPFgY.exe
  C:\Windows\System\svDPFgY.exe
  2⤵
  PID:11148
- C:\Windows\System\CVFjVNM.exe
  C:\Windows\System\CVFjVNM.exe
  2⤵
  PID:15760
- C:\Windows\System\sfLyZjB.exe
  C:\Windows\System\sfLyZjB.exe
  2⤵
  PID:15808
- C:\Windows\System\QGSdwra.exe
  C:\Windows\System\QGSdwra.exe
  2⤵
  PID:9500
- C:\Windows\System\nNZQIyC.exe
  C:\Windows\System\nNZQIyC.exe
  2⤵
  PID:15876
- C:\Windows\System\kujqazM.exe
  C:\Windows\System\kujqazM.exe
  2⤵
  PID:15908
- C:\Windows\System\ZMVBCmC.exe
  C:\Windows\System\ZMVBCmC.exe
  2⤵
  PID:4440
- C:\Windows\System\oSJKoaB.exe
  C:\Windows\System\oSJKoaB.exe
  2⤵
  PID:8636
- C:\Windows\System\ldiueXi.exe
  C:\Windows\System\ldiueXi.exe
  2⤵
  PID:11292
- C:\Windows\System\nQOywmk.exe
  C:\Windows\System\nQOywmk.exe
  2⤵
  PID:16048
- C:\Windows\System\dhocnBu.exe
  C:\Windows\System\dhocnBu.exe
  2⤵
  PID:16072
- C:\Windows\System\yYuGwLw.exe
  C:\Windows\System\yYuGwLw.exe
  2⤵
  PID:16120
- C:\Windows\System\FpPKNtn.exe
  C:\Windows\System\FpPKNtn.exe
  2⤵
  PID:16156
- C:\Windows\System\sNdYhaF.exe
  C:\Windows\System\sNdYhaF.exe
  2⤵
  PID:16184
- C:\Windows\System\QwAypKt.exe
  C:\Windows\System\QwAypKt.exe
  2⤵
  PID:16216
- C:\Windows\System\qWpcFVz.exe
  C:\Windows\System\qWpcFVz.exe
  2⤵
  PID:16260
- C:\Windows\System\zOWqppz.exe
  C:\Windows\System\zOWqppz.exe
  2⤵
  PID:8908
- C:\Windows\System\UivzNJy.exe
  C:\Windows\System\UivzNJy.exe
  2⤵
  PID:16300
- C:\Windows\System\hImkdex.exe
  C:\Windows\System\hImkdex.exe
  2⤵
  PID:11640
- C:\Windows\System\FHKgwPy.exe
  C:\Windows\System\FHKgwPy.exe
  2⤵
  PID:11696
- C:\Windows\System\OTnNEfb.exe
  C:\Windows\System\OTnNEfb.exe
  2⤵
  PID:7480
- C:\Windows\System\uxghbYF.exe
  C:\Windows\System\uxghbYF.exe
  2⤵
  PID:15512
- C:\Windows\System\jVxXMRb.exe
  C:\Windows\System\jVxXMRb.exe
  2⤵
  PID:9112
- C:\Windows\System\DWdqLnP.exe
  C:\Windows\System\DWdqLnP.exe
  2⤵
  PID:4188
- C:\Windows\System\yzJMZfQ.exe
  C:\Windows\System\yzJMZfQ.exe
  2⤵
  PID:11880
- C:\Windows\System\SwBlKxG.exe
  C:\Windows\System\SwBlKxG.exe
  2⤵
  PID:8468
- C:\Windows\System\awMfEeL.exe
  C:\Windows\System\awMfEeL.exe
  2⤵
  PID:11956
- C:\Windows\System\GCVnRxI.exe
  C:\Windows\System\GCVnRxI.exe
  2⤵
  PID:11988
- C:\Windows\System\OPlMzEZ.exe
  C:\Windows\System\OPlMzEZ.exe
  2⤵
  PID:15836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AiuEeHm.exe

Filesize
6.0MB

MD5
ed8cb068b5b944782f4b9eb7bc7e917b

SHA1
d5c0ca6c39fa2931e99eeff00c2c31e5fd9d9141

SHA256
d5f965b627cf8e8ad2a66f2b2d74807fa1c5d3f19e6e83468360570a90d5355c

SHA512
1f7f1b7ca297dd7a8d6d64464bcded12e48e8c4ce22e87122f07a3a0157f1a0cb561493519aa41eb47c0beecfb4e918a2c89f22ae4938e9dd7d2948eb64bdc17

Download Submit
C:\Windows\System\EFSRapY.exe

Filesize
6.0MB

MD5
1b62622e9a7833b93eadea9089d1af56

SHA1
3415c16c10a998728075fbe61be255d7c9c6ef95

SHA256
cd3789345f53726d4fc5eece6642dd68ba49d0b39bc93c9186ecdf9e31f72093

SHA512
a03292675cf3169b699434eb4a17daddb33ebafe9b338691f4c6fc4fc1a85095696362bd74eba392e8161662c23227e2ad0ac68c9b87d584e2a8d1a483787eed

Download Submit
C:\Windows\System\GcWvPGE.exe

Filesize
6.0MB

MD5
50976cca83df826ed9a08a4bdc098da4

SHA1
5ebdcfc82c7ebeb9f74b5b1c3300cac364932a81

SHA256
9e3ca811aae56a000523ec28c8c04335251d5b29d1b83ce394c819756a9f446d

SHA512
c81f7072aab0de32befbe8df6d35b95515a67ca36df93759167df608deaa0fa49a4bb8b1665f7c3793469f1046e9ac785aef3ef3f599b1b8f24639319b724f49

Download Submit
C:\Windows\System\IWfkeOL.exe

Filesize
6.0MB

MD5
35a24c337c1756d2e9699a0a4417e9aa

SHA1
a2e779d0dfc50d6c541a4379021abee6589514b7

SHA256
b6a13a0af5e9dd3c069069f0786f25bfa5061e67aaa7ea0ef5afdd149ea218d7

SHA512
d57382bc5a1a49166f71977a8a1b3319ac5c87eef94a5666a30decd60e3907e4f2f0e03974bff920bc47db3a66e7e651a0c0907ca66bf90b3927545e75e83cad

Download Submit
C:\Windows\System\IzXZkxB.exe

Filesize
6.0MB

MD5
fe783aace020902f396ef222fea8cdf0

SHA1
d503945877e3845249c7a1318625dd5fa621e488

SHA256
3f1cb00f7be2e8b742fe7e641357bcad08c2410f15b32876501997657f9aadba

SHA512
8469b854be225b77b97cf46d8850d411a8b4a09686f6976610c89e8d39d1d51a705617d2adc148857e3c69d700959e86ae7f9327dfdd7ece317b14814ad0c6fa

Download Submit
C:\Windows\System\KryZuwx.exe

Filesize
6.0MB

MD5
10828e12371f0f5eae216818f34c4ca6

SHA1
baab32148c78d27b434b29dd852ce555c5f2d074

SHA256
9d7210739a3be2415cd25262c6682186bf89fc8c03f2964dc0df6680b12ccb91

SHA512
7b64508a2e34ba409606804b570e1163e0adc280fb048157286f909042f36f6191bb3725ec2b6b5cde37c80d0320f5c3e3d5ef4873426cc08a3bc323eea60dc4

Download Submit
C:\Windows\System\LRWPTXa.exe

Filesize
6.0MB

MD5
69e848a060149b8b77e3b2e613185e96

SHA1
5815f257acbd7a569ebbea6927920743aee2b5bd

SHA256
0b0e0f5ad6b52852306f4c55236ecc78b4bccbae02cbcb1eb82c9fa6faf15fb7

SHA512
3ccdb5ada98f8167995a338f206e1771193c817a25fdffb006f0d20ae97521b8c2c21129b6f7fd48630f1bd0689e93abd4712de6f086b2be257244d6a0a5071b

Download Submit
C:\Windows\System\MLcctLp.exe

Filesize
6.0MB

MD5
517d8b00cb26b78795496b228a561d52

SHA1
c893a88f1faeaa148b4b27d944a4769ef678efe6

SHA256
0767ba78b053af2bf8a175fc05685a4373e4cbcced2780e9bb47e5141dc98883

SHA512
57cd22c703fbb92168ce7f0d0f1390528af8033d86c164444fccb3e2f03d3f71c96398b8fa612ae88207e0f8a0d0947eb399c51d0576ebf2e15c827fb1941fbd

Download Submit
C:\Windows\System\NHnIpyO.exe

Filesize
6.0MB

MD5
124b937b2777ddf335931d092da2a57f

SHA1
bd15caf06a6d0258b0cd39a8f3297b5c29ca3e5c

SHA256
d2868839ef89d33eacc3ded56d9f1716ac6fed91d55422c0264ee32eb8c265b4

SHA512
0c0002c2c152a18cf40887745239fea8dda65d4c7c524fdb127a41669611a70c6d8a9165bcf71ea1f7f4f7434b5ee030374769547c6ae4f4c4be59ab7667bc02

Download Submit
C:\Windows\System\NUScnXZ.exe

Filesize
6.0MB

MD5
dd5b4c00773c1feadc8909bc930f805f

SHA1
c4f00856b2511f93c85ed805d037ec7dabd2e6bc

SHA256
6da60e32a8134cdf1a258df6efdba71a89ec797075a380966763c620cc6dfa2a

SHA512
a7c0e568e4ccacd85ebfddfcc3ba33a13008dbb730aa362ebd3bc107f8544b7a842961176b178960f8ffa2effcd49b97bac81be51a8d1504ef18c6bd9d2fa9e3

Download Submit
C:\Windows\System\TOrEuZG.exe

Filesize
6.0MB

MD5
afc2f24a2bc4ee4679a1f607a43fb7f1

SHA1
1dec29124e8fde8329f538539a19d36c55dfda28

SHA256
021d2bba1a1753b66d4cd736cdb3914431816f280fa07074fc460467ad8c08ef

SHA512
3828320a055bcf82a5713b7b0f3e9ebd5aac36606eb97e26caf36ba18fa37f1cc01e607d3a4990e51765147bef8195c3b0e7416019e599c10d9d00c87c373d34

Download Submit
C:\Windows\System\VsAnPmf.exe

Filesize
6.0MB

MD5
4da1467a53520314326eed5a7ed98b26

SHA1
236cd03601b11dc190c1ce101634878b0ddbb3c2

SHA256
d3b11f61dd3b1d410222fe355e7c1f395abe48243230ae4838f52b9f0e9b23c1

SHA512
563c3e54cfbbbb3bb9b91e80e8b329563df517b7367d17b1c18005149c2eecb00a74f17e8b376e0c0eddedeb3b9aa38c07d3cc0e26410c9ec7b0992b306d0671

Download Submit
C:\Windows\System\VsnhuEz.exe

Filesize
6.0MB

MD5
e8b597da6d3eeda094bef5c7bd796360

SHA1
e3ea930b8db55ddb629ff2732e1a564918bad054

SHA256
b398a006167fd233d27d04e48be6babfb9ec2cd5446ea50f96d94a14f92dcdfd

SHA512
71def07943f9a64860d611254b4602c70190bd08e3e76b836c5e00e1668e28b916e7c6f0d3d3048d3d200d96f3c36217ce9b4eeaf343fa183df5e3d0647aaace

Download Submit
C:\Windows\System\XTZefgH.exe

Filesize
6.0MB

MD5
d23d43c34172f876bfdf00dd595ff3a3

SHA1
15765d5a3dbdf3ee320c134dbc6ae6c45808a18a

SHA256
27316dc1450ba38379322907692d6886e02045d99e15dcee819a48498906a73e

SHA512
2395722e551c78a77f9766eb01446730b1aba9ab9d6a545ba95a17dadb8883bd770f24e3f674587d5e650bbf087519147d8c5405989a3cfcf14dde52c6d51f71

Download Submit
C:\Windows\System\ayRDjPA.exe

Filesize
6.0MB

MD5
696d8a381be61fbf1eaa30822780f708

SHA1
e6a48ac8d06aef3424c9d43cf6a68cb72582a608

SHA256
5b80ce0150af54c95a2fd83b28b7a8d5a1ee634d1194f7a0338f36955c87e61f

SHA512
50422795d2380750aa13a47b983b3b4396709da2f46fc822c4246a66f4d86c6de4fffcebf52c8fd11161fd9a02e888008e15a34641e954d4abd2c965bdd4489a

Download Submit
C:\Windows\System\cCuJUXI.exe

Filesize
6.0MB

MD5
93ed0926dc0c5c9256a38383c489a0f7

SHA1
1afc620307e1e43abea3ba428cc462f3a1cebcb5

SHA256
a2f954cee4b6d72704730cc9225ea344621abd394913f99aee833d51f787021a

SHA512
72f20b3178d6d8330f4f004c5b216433bca61747c1989f8569efb3234e69f86cccf334bd88242ff5735bf8e71f84e3659a0880d5950c71710775ed9148813983

Download Submit
C:\Windows\System\cMRiCIW.exe

Filesize
6.0MB

MD5
1100d5eb9db0cabbc38e01d3c98f3725

SHA1
74944b142c32c6fbcc3560f1a3bd913bace49d0c

SHA256
0ad9df99611a6f04f128351ccc0811c5fd2dec527559407292a90cc4fad5ef0c

SHA512
be88164b9abcaf4953248d2f5137691dcb7a0d5d723461f9f77f1f92230695c736fc8cb9d1649a75bf2e01e7de2934b34d5d693b2b1cfb79069073a63fb445de

Download Submit
C:\Windows\System\cyZrFMF.exe

Filesize
6.0MB

MD5
df650e29f437d46279302798d395b0ea

SHA1
0a660aa8142cc97b60dc47122e6073c421fbc783

SHA256
ee907f115198849a80077b59b544704cf1c69154933de19555a77e16c0cca741

SHA512
e26904d0719a8da9d4cd64f56f65f8335cd4f21f41e1a04539270b1fcb7a336bce5d1f75f1abb244f7f1941c453881cea642cbda9fb2b4e12f279b42e6316747

Download Submit
C:\Windows\System\defQaKX.exe

Filesize
6.0MB

MD5
f49e0eeb1b0adb89f3f0b5625e93ab51

SHA1
31150407a8bb2e0b51fbd11a2eb3f682c6e30e38

SHA256
7c04978e0774a89907d3cb485bd2f380aa69810c1758fa979240b1484fbfc4c9

SHA512
a5db11fa4fd4004baa631d41f065d4ddf58ba69a32948d29e1c7c8269fc98445f9f683f7843a068066c74a13568042f54db419c84844548f7d165a0953971972

Download Submit
C:\Windows\System\fuCKEbF.exe

Filesize
6.0MB

MD5
2b3e6bab808aa8447d3916f158473773

SHA1
eb9b273a9a27ea9292f4227be545eeb3955dd06c

SHA256
e9652a6fd01b49f69f2bac199294a116eb399293ec32e26e58f8f2c8afe8be9e

SHA512
dafe9dd21b3fc52cda259f9439e8f41752dedaf13577a304be34714fd6eeec3809fdf1c48353a72d5fa03127d4277f8acb534ee475f5696620df23b93e80b5ad

Download Submit
C:\Windows\System\gzpTkbl.exe

Filesize
6.0MB

MD5
e3eed04f9dd70927e002ddbc9aa6b526

SHA1
91fc948aacef2b94672fb1d33e884f31a850426c

SHA256
f1843b117d88be296f0bc81b04a01bc085eca28aad39812e7a7c062dcfeb9f8f

SHA512
799ef960b48e86a0e9c29fab7b6d4fc7193288c052128ae25165f3549d49ab6e5ba5917b6c00b09431d49cf8c732e1d8ba1fbff6a9109c2606e773119a5d49fe

Download Submit
C:\Windows\System\jVmqMWR.exe

Filesize
6.0MB

MD5
b14d0680f3001699b7725ff3eccc3b3f

SHA1
4d2ba074595211b972d4a1826f1fe6babc7c36ae

SHA256
5f388523e26a157682869dc11972d12c11efd577324676be3fb2377558090ed4

SHA512
a9385b805004aa0a2631ebba10199bbed3488f8ecb32f452626569f3df3dab65e9686be0da7796b0eac37d4be393d64b299729e0c82ffdc4ba6133939aad33bf

Download Submit
C:\Windows\System\kxBbQCM.exe

Filesize
6.0MB

MD5
fdfd134700d9aef371dec03682eda885

SHA1
fe4494e627daea6a329cda59b851276d9a523a2b

SHA256
d6457d5d24327811396451e688b9fe8957ca26be89b0ca494bdee7bbadf5c176

SHA512
c77bcb7275b5f5b2217b0138d65d28d6e1e185b33884a7aeeef1d7626149bf625d23eb486cb1b2ef2692694ebb913405b480002c0fddc64aea14dd31fcabc204

Download Submit
C:\Windows\System\lWABUuI.exe

Filesize
6.0MB

MD5
f8bfc2ef383306b7edc26f1c5efcd8bc

SHA1
c2a8d5076d5a353ca3aa2e41b3ceb2021b22c756

SHA256
254a083ecaaa1c5cdf01ae65ce82249902f20df1dfe8ccdc0cddb456fa7d8e2b

SHA512
e4568aaf0b6185755125e4d84bc91bf4b6267817fa74c770aed73e7b09dcb15fbe83a316dcfc22e9ab0ee36ef4e22f59d12daeb18f7cc12cac3e0a9cc3edc32d

Download Submit
C:\Windows\System\lokCfUo.exe

Filesize
6.0MB

MD5
3a041e80311cca3ed30e6344d7b4e7b2

SHA1
350d9e7f0efb1e432e468a2894f4efb7fc2df71f

SHA256
0c3f1bc5b4f2e2cd17958090a05c8eea46663ffb9e0d6d0d72e2a0089c2e5d65

SHA512
b26e51e7af7c0b42563425dc0fd1933bbc60d7a5469aefdfff136b034e1463c1ceb54fe58af9c2491f0fef93b744c778cb61eacd2052c3b8d27122a23fe0e3fc

Download Submit
C:\Windows\System\myrohpX.exe

Filesize
6.0MB

MD5
d8ec448107e35bef534d08f17847e444

SHA1
b07981ddddb911debd63e6314efdcf8baf41bdad

SHA256
90ae8054c6826853ef43fc4be92b1314df00ccb375482197ac3b17e595f7f0ba

SHA512
6a2f4e8dfa206620c181760237051e0c61260f80e843586e7a6f0007c8a0aed86b56bb1bddd812904ae612c136836a92f82ef53fd3d5574021de0ee2c7a816b9

Download Submit
C:\Windows\System\nTtZxeh.exe

Filesize
6.0MB

MD5
4327c3b85ab230b7913821e997ab1a8c

SHA1
c28244f8f953b2c9d940aaed63b13d58c89a10df

SHA256
e0201b227444547aaa2780041e8af1772dfffd40af5e2499dbfeefbf5facef15

SHA512
5123673fa2d6a366be2354392c56915bcdabb7a527ffcb20d0ac7773f62a43a5d9f33b7001d525945816be3676e89803e5f20fcbfb51dd0b169e3ed670a8adf8

Download Submit
C:\Windows\System\pefKDIt.exe

Filesize
6.0MB

MD5
e521209dc42b9c30ce27a08e2cd80622

SHA1
fdb6f99ddc6f3c91353448bff977c71c65bb66c9

SHA256
ca4ad8f8a10b0ad52d9d993b6401621fe62e0324d610168ca99a0a9fd2de286a

SHA512
510513b35d6cef1296d042e3e4a18e3d5be38993849dc617a81aa0c6377f8fa9367fe9a69cb57518d7f410998b08104871f8140b4a9aa3eeb48e3294e4b77179

Download Submit
C:\Windows\System\qmSrtxi.exe

Filesize
6.0MB

MD5
025a831f7d8284bc3c3a443fa664f4c7

SHA1
3777a2ee8ef4a19581ffff84aad995a336d83ebf

SHA256
18006fc1a6318adabd8cd6d4425a0b244c1b4187a6bfe1a5dbb8938a2b2f5c9a

SHA512
a6257b40ba014eb61cdd80c334b261f40645396ff4b824e26697746f9a6e7304c4f5b8dcbf1240418b28d3825bd250f67cd46e34f38e388df810b5cbd766b144

Download Submit
C:\Windows\System\rOvzSLC.exe

Filesize
6.0MB

MD5
36fcd47e71b0400f1266836e974b03a6

SHA1
ece042838dfdb1d788f8183ea64ce9c1c9b01b4b

SHA256
a75b08e661dd499d5e8240b2e99e602e675efb697563b56aeb7e75a95acf587e

SHA512
e88aea2413624e3ba8835902690d6d8e7f5833f8b49dcdd8444deeba00c4bc548aaf3bcb316ec0ecd42120da440db4086d5b043458733bba7391e4c2161c4e00

Download Submit
C:\Windows\System\tBRfTSH.exe

Filesize
6.0MB

MD5
180085203317576cded36da2d38d229f

SHA1
a8140df6f2f19fba369c8b902bdb2a1de29d542d

SHA256
46f69fdefb0cac32ca3599fac51ecc1a402543341ac62504bbca07a1793773ea

SHA512
e9afed985ea73b392b706815b9962055566862a15baedeb09186cb840ebc2695120b599090598a490aad859c70676716f165dce9d0776d76835e7ae5768d44f6

Download Submit
C:\Windows\System\wfXvKLm.exe

Filesize
6.0MB

MD5
3ac187b4d5cad57d29b7ec8045d91427

SHA1
c13eca10bde7d775c60ceb850d3c5be48c0662e5

SHA256
466d995660207979c0d2c18b4ae6fa505255e0bf1ab0048c810214dd1c5c41b8

SHA512
d6027be82082bf65e8e5629311ee389415fcb4971650fe6d7b31ca3ae3ed8fbd075b800c9dba15744fb73984ad0da6ae63a1ef3837ed3a018c3e2d2793f5c0ca

Download Submit
memory/208-856-0x00007FF75DCE0000-0x00007FF75E034000-memory.dmp

Filesize
3.3MB

Download
memory/208-1829-0x00007FF75DCE0000-0x00007FF75E034000-memory.dmp

Filesize
3.3MB

Download
memory/532-36-0x00007FF690F00000-0x00007FF691254000-memory.dmp

Filesize
3.3MB

Download
memory/532-1482-0x00007FF690F00000-0x00007FF691254000-memory.dmp

Filesize
3.3MB

Download
memory/532-942-0x00007FF690F00000-0x00007FF691254000-memory.dmp

Filesize
3.3MB

Download
memory/1308-1817-0x00007FF7214B0000-0x00007FF721804000-memory.dmp

Filesize
3.3MB

Download
memory/1308-836-0x00007FF7214B0000-0x00007FF721804000-memory.dmp

Filesize
3.3MB

Download
memory/1356-59-0x00007FF6F7780000-0x00007FF6F7AD4000-memory.dmp

Filesize
3.3MB

Download
memory/1356-1790-0x00007FF6F7780000-0x00007FF6F7AD4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-1802-0x00007FF7E7CA0000-0x00007FF7E7FF4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-823-0x00007FF7E7CA0000-0x00007FF7E7FF4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1001-0x00007FF781610000-0x00007FF781964000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1486-0x00007FF781610000-0x00007FF781964000-memory.dmp

Filesize
3.3MB

Download
memory/2076-42-0x00007FF781610000-0x00007FF781964000-memory.dmp

Filesize
3.3MB

Download
memory/2200-1464-0x00007FF73F100000-0x00007FF73F454000-memory.dmp

Filesize
3.3MB

Download
memory/2200-68-0x00007FF73F100000-0x00007FF73F454000-memory.dmp

Filesize
3.3MB

Download
memory/2200-12-0x00007FF73F100000-0x00007FF73F454000-memory.dmp

Filesize
3.3MB

Download
memory/2388-54-0x00007FF60F650000-0x00007FF60F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-0-0x00007FF60F650000-0x00007FF60F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-1-0x000002BBCF280000-0x000002BBCF290000-memory.dmp

Filesize
64KB

Download
memory/2440-1811-0x00007FF7E2200000-0x00007FF7E2554000-memory.dmp

Filesize
3.3MB

Download
memory/2440-828-0x00007FF7E2200000-0x00007FF7E2554000-memory.dmp

Filesize
3.3MB

Download
memory/2536-1813-0x00007FF6CDA60000-0x00007FF6CDDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-833-0x00007FF6CDA60000-0x00007FF6CDDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-48-0x00007FF7A6190000-0x00007FF7A64E4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-1785-0x00007FF7A6190000-0x00007FF7A64E4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-1111-0x00007FF7A6190000-0x00007FF7A64E4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-1454-0x00007FF743980000-0x00007FF743CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-8-0x00007FF743980000-0x00007FF743CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-61-0x00007FF743980000-0x00007FF743CD4000-memory.dmp

Filesize
3.3MB

Download
memory/3260-1810-0x00007FF6E1290000-0x00007FF6E15E4000-memory.dmp

Filesize
3.3MB

Download
memory/3260-829-0x00007FF6E1290000-0x00007FF6E15E4000-memory.dmp

Filesize
3.3MB

Download
memory/3796-24-0x00007FF7AA980000-0x00007FF7AACD4000-memory.dmp

Filesize
3.3MB

Download
memory/3796-862-0x00007FF7AA980000-0x00007FF7AACD4000-memory.dmp

Filesize
3.3MB

Download
memory/3796-1473-0x00007FF7AA980000-0x00007FF7AACD4000-memory.dmp

Filesize
3.3MB

Download
memory/3920-852-0x00007FF625140000-0x00007FF625494000-memory.dmp

Filesize
3.3MB

Download
memory/3920-1821-0x00007FF625140000-0x00007FF625494000-memory.dmp

Filesize
3.3MB

Download
memory/4068-1837-0x00007FF6C31B0000-0x00007FF6C3504000-memory.dmp

Filesize
3.3MB

Download
memory/4068-861-0x00007FF6C31B0000-0x00007FF6C3504000-memory.dmp

Filesize
3.3MB

Download
memory/4072-1814-0x00007FF6836C0000-0x00007FF683A14000-memory.dmp

Filesize
3.3MB

Download
memory/4072-847-0x00007FF6836C0000-0x00007FF683A14000-memory.dmp

Filesize
3.3MB

Download
memory/4080-867-0x00007FF6C89A0000-0x00007FF6C8CF4000-memory.dmp

Filesize
3.3MB

Download
memory/4080-30-0x00007FF6C89A0000-0x00007FF6C8CF4000-memory.dmp

Filesize
3.3MB

Download
memory/4080-1478-0x00007FF6C89A0000-0x00007FF6C8CF4000-memory.dmp

Filesize
3.3MB

Download
memory/4136-1797-0x00007FF68E550000-0x00007FF68E8A4000-memory.dmp

Filesize
3.3MB

Download
memory/4136-819-0x00007FF68E550000-0x00007FF68E8A4000-memory.dmp

Filesize
3.3MB

Download
memory/4172-839-0x00007FF705DB0000-0x00007FF706104000-memory.dmp

Filesize
3.3MB

Download
memory/4172-1815-0x00007FF705DB0000-0x00007FF706104000-memory.dmp

Filesize
3.3MB

Download
memory/4264-70-0x00007FF7A9D80000-0x00007FF7AA0D4000-memory.dmp

Filesize
3.3MB

Download
memory/4264-1269-0x00007FF7A9D80000-0x00007FF7AA0D4000-memory.dmp

Filesize
3.3MB

Download
memory/4264-1796-0x00007FF7A9D80000-0x00007FF7AA0D4000-memory.dmp

Filesize
3.3MB

Download
memory/4312-18-0x00007FF7FF1B0000-0x00007FF7FF504000-memory.dmp

Filesize
3.3MB

Download
memory/4312-76-0x00007FF7FF1B0000-0x00007FF7FF504000-memory.dmp

Filesize
3.3MB

Download
memory/4312-1468-0x00007FF7FF1B0000-0x00007FF7FF504000-memory.dmp

Filesize
3.3MB

Download
memory/4376-825-0x00007FF7FC060000-0x00007FF7FC3B4000-memory.dmp

Filesize
3.3MB

Download
memory/4376-1806-0x00007FF7FC060000-0x00007FF7FC3B4000-memory.dmp

Filesize
3.3MB

Download
memory/4640-857-0x00007FF71FA70000-0x00007FF71FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/4640-1833-0x00007FF71FA70000-0x00007FF71FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/4768-1808-0x00007FF614250000-0x00007FF6145A4000-memory.dmp

Filesize
3.3MB

Download
memory/4768-830-0x00007FF614250000-0x00007FF6145A4000-memory.dmp

Filesize
3.3MB

Download
memory/4916-1805-0x00007FF7D7770000-0x00007FF7D7AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4916-834-0x00007FF7D7770000-0x00007FF7D7AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4944-851-0x00007FF790850000-0x00007FF790BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4944-1820-0x00007FF790850000-0x00007FF790BA4000-memory.dmp

Filesize
3.3MB

Download
memory/5028-1816-0x00007FF71E810000-0x00007FF71EB64000-memory.dmp

Filesize
3.3MB

Download
memory/5028-846-0x00007FF71E810000-0x00007FF71EB64000-memory.dmp

Filesize
3.3MB

Download
memory/5064-1792-0x00007FF7C1E60000-0x00007FF7C21B4000-memory.dmp

Filesize
3.3MB

Download
memory/5064-67-0x00007FF7C1E60000-0x00007FF7C21B4000-memory.dmp

Filesize
3.3MB

Download
memory/5064-1166-0x00007FF7C1E60000-0x00007FF7C21B4000-memory.dmp

Filesize
3.3MB

Download
memory/5068-1798-0x00007FF7F2C20000-0x00007FF7F2F74000-memory.dmp

Filesize
3.3MB

Download
memory/5068-865-0x00007FF7F2C20000-0x00007FF7F2F74000-memory.dmp

Filesize
3.3MB

Download