cobaltstrike | 0c0359b98d2a054aa35db96d49f2a72d60b4e39e7e7e644b2582a8d4d9d7b5ba

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-11-2024 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

51bc98e936dd17a6177173bb3b6a1535
SHA1

1bc05d8dd47a9af5027de84bce866846b96ea471
SHA256

0c0359b98d2a054aa35db96d49f2a72d60b4e39e7e7e644b2582a8d4d9d7b5ba
SHA512

ca122032017cfd5d9c74627c3db88f4894d5d18eb73275ced77a70bfc67f4f2db7e26867ce17c016deb53114dc07d4b17119cd888f12b355e5f8c4cc90e070a6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUe:T+q56utgpPF8u/7e

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b4f-5.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb0-10.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023baf-11.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb1-25.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb2-28.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023bac-36.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb4-42.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb5-47.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb6-49.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb7-63.dat	cobalt_reflective_dll
behavioral2/files/0x000800000001e581-67.dat	cobalt_reflective_dll
behavioral2/files/0x000700000001e588-74.dat	cobalt_reflective_dll
behavioral2/files/0x000800000001e58a-78.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000022719-87.dat	cobalt_reflective_dll
behavioral2/files/0x000900000001e58b-88.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bba-117.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bbb-123.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bbd-131.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bbe-137.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bc0-164.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bc3-185.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bc8-201.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bc7-200.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bc6-198.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bc5-196.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bc4-194.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bc2-171.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bc1-169.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bbf-158.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bbc-144.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb9-118.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb8-108.dat	cobalt_reflective_dll
behavioral2/files/0x00050000000229c7-104.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4076-0-0x00007FF61CDD0000-0x00007FF61D124000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b4f-5.dat	xmrig
behavioral2/memory/4864-8-0x00007FF72B870000-0x00007FF72BBC4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb0-10.dat	xmrig
behavioral2/files/0x000a000000023baf-11.dat	xmrig
behavioral2/memory/2112-18-0x00007FF76BCC0000-0x00007FF76C014000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb1-25.dat	xmrig
behavioral2/memory/2364-24-0x00007FF768020000-0x00007FF768374000-memory.dmp	xmrig
behavioral2/memory/1432-14-0x00007FF7F7990000-0x00007FF7F7CE4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb2-28.dat	xmrig
behavioral2/memory/3680-34-0x00007FF7CE8D0000-0x00007FF7CEC24000-memory.dmp	xmrig
behavioral2/files/0x000b000000023bac-36.dat	xmrig
behavioral2/memory/2420-39-0x00007FF605F00000-0x00007FF606254000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb4-42.dat	xmrig
behavioral2/memory/4400-44-0x00007FF745EC0000-0x00007FF746214000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb5-47.dat	xmrig
behavioral2/files/0x000a000000023bb6-49.dat	xmrig
behavioral2/memory/3384-52-0x00007FF7DE130000-0x00007FF7DE484000-memory.dmp	xmrig
behavioral2/memory/4076-53-0x00007FF61CDD0000-0x00007FF61D124000-memory.dmp	xmrig
behavioral2/memory/4100-51-0x00007FF694D80000-0x00007FF6950D4000-memory.dmp	xmrig
behavioral2/memory/1432-59-0x00007FF7F7990000-0x00007FF7F7CE4000-memory.dmp	xmrig
behavioral2/memory/4864-58-0x00007FF72B870000-0x00007FF72BBC4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb7-63.dat	xmrig
behavioral2/files/0x000800000001e581-67.dat	xmrig
behavioral2/files/0x000700000001e588-74.dat	xmrig
behavioral2/files/0x000800000001e58a-78.dat	xmrig
behavioral2/files/0x0008000000022719-87.dat	xmrig
behavioral2/files/0x000900000001e58b-88.dat	xmrig
behavioral2/memory/2112-92-0x00007FF76BCC0000-0x00007FF76C014000-memory.dmp	xmrig
behavioral2/memory/4460-93-0x00007FF61B790000-0x00007FF61BAE4000-memory.dmp	xmrig
behavioral2/memory/3132-102-0x00007FF71F780000-0x00007FF71FAD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bba-117.dat	xmrig
behavioral2/files/0x000a000000023bbb-123.dat	xmrig
behavioral2/files/0x000a000000023bbd-131.dat	xmrig
behavioral2/files/0x000a000000023bbe-137.dat	xmrig
behavioral2/memory/4360-156-0x00007FF6AA790000-0x00007FF6AAAE4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc0-164.dat	xmrig
behavioral2/files/0x000a000000023bc3-185.dat	xmrig
behavioral2/memory/4488-193-0x00007FF7B9330000-0x00007FF7B9684000-memory.dmp	xmrig
behavioral2/memory/1528-219-0x00007FF751950000-0x00007FF751CA4000-memory.dmp	xmrig
behavioral2/memory/3132-770-0x00007FF71F780000-0x00007FF71FAD4000-memory.dmp	xmrig
behavioral2/memory/2940-824-0x00007FF6004D0000-0x00007FF600824000-memory.dmp	xmrig
behavioral2/memory/1008-428-0x00007FF7B0A20000-0x00007FF7B0D74000-memory.dmp	xmrig
behavioral2/memory/1092-215-0x00007FF7CCA10000-0x00007FF7CCD64000-memory.dmp	xmrig
behavioral2/memory/1820-208-0x00007FF6E4380000-0x00007FF6E46D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc8-201.dat	xmrig
behavioral2/files/0x000a000000023bc7-200.dat	xmrig
behavioral2/files/0x000a000000023bc6-198.dat	xmrig
behavioral2/files/0x000a000000023bc5-196.dat	xmrig
behavioral2/files/0x000a000000023bc4-194.dat	xmrig
behavioral2/memory/1020-184-0x00007FF78F7F0000-0x00007FF78FB44000-memory.dmp	xmrig
behavioral2/memory/2468-179-0x00007FF62DD00000-0x00007FF62E054000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc2-171.dat	xmrig
behavioral2/files/0x000a000000023bc1-169.dat	xmrig
behavioral2/memory/732-168-0x00007FF749A10000-0x00007FF749D64000-memory.dmp	xmrig
behavioral2/memory/4580-163-0x00007FF632D70000-0x00007FF6330C4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bbf-158.dat	xmrig
behavioral2/memory/3384-157-0x00007FF7DE130000-0x00007FF7DE484000-memory.dmp	xmrig
behavioral2/memory/4976-149-0x00007FF6A8290000-0x00007FF6A85E4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bbc-144.dat	xmrig
behavioral2/memory/3372-141-0x00007FF626460000-0x00007FF6267B4000-memory.dmp	xmrig
behavioral2/memory/4100-140-0x00007FF694D80000-0x00007FF6950D4000-memory.dmp	xmrig
behavioral2/memory/4400-134-0x00007FF745EC0000-0x00007FF746214000-memory.dmp	xmrig
behavioral2/memory/4112-128-0x00007FF682180000-0x00007FF6824D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4864	mWDMaNS.exe
1432	xVlKfns.exe
2112	qbJPYkB.exe
2364	NDebXQZ.exe
3680	GNjguJV.exe
2420	IyGQvub.exe
4400	OtvymrR.exe
4100	xQnFGgn.exe
3384	NVyrNrL.exe
1100	lGyIbza.exe
1008	aCbklZy.exe
4460	nTBdWKk.exe
2204	NSuLFWR.exe
1092	OqScfnD.exe
3132	CkrbZdP.exe
2940	MYpslUh.exe
2920	XxpiJTa.exe
3240	HhmyGLP.exe
4112	YghVsOe.exe
3372	ECHadLG.exe
4360	SNNyXKl.exe
4976	QYSidEq.exe
4580	pMHASZw.exe
732	cpqYdYd.exe
4488	rqOFWYK.exe
1820	RYCjVse.exe
2468	OVWgucm.exe
1528	kMOVlro.exe
1020	doNImtM.exe
3588	JPQhVtq.exe
1184	pavoXDy.exe
3204	YnHqoVq.exe
4120	AfhHjoY.exe
3368	RHpCitI.exe
2052	RQDyxjQ.exe
4736	dntjhdN.exe
2928	SZbfVZm.exe
1080	SojWZnz.exe
4492	BrCkQOW.exe
5064	tvvRsxh.exe
3932	lmyKFTq.exe
1400	MNmqdyv.exe
1620	pxfQJWA.exe
404	YqXUkkS.exe
1824	ZqICgqq.exe
5080	WjSSKlB.exe
2292	ozWbUTO.exe
952	NKsnrgC.exe
3448	iaNIqRM.exe
5008	EGSOtAp.exe
5036	dBoIPgo.exe
4964	CNpCJPD.exe
4652	sfmYEni.exe
3840	lxyDHIq.exe
524	qujFiXb.exe
3268	oSWUvDt.exe
4532	UlgZDlp.exe
2000	ldfXRkG.exe
1760	hZXiHKf.exe
4724	WpzhkGb.exe
4436	JboqVGr.exe
2932	YEBabiu.exe
4480	LtPumQO.exe
948	OmgQpyM.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4076-0-0x00007FF61CDD0000-0x00007FF61D124000-memory.dmp	upx
behavioral2/files/0x000c000000023b4f-5.dat	upx
behavioral2/memory/4864-8-0x00007FF72B870000-0x00007FF72BBC4000-memory.dmp	upx
behavioral2/files/0x000a000000023bb0-10.dat	upx
behavioral2/files/0x000a000000023baf-11.dat	upx
behavioral2/memory/2112-18-0x00007FF76BCC0000-0x00007FF76C014000-memory.dmp	upx
behavioral2/files/0x000a000000023bb1-25.dat	upx
behavioral2/memory/2364-24-0x00007FF768020000-0x00007FF768374000-memory.dmp	upx
behavioral2/memory/1432-14-0x00007FF7F7990000-0x00007FF7F7CE4000-memory.dmp	upx
behavioral2/files/0x000a000000023bb2-28.dat	upx
behavioral2/memory/3680-34-0x00007FF7CE8D0000-0x00007FF7CEC24000-memory.dmp	upx
behavioral2/files/0x000b000000023bac-36.dat	upx
behavioral2/memory/2420-39-0x00007FF605F00000-0x00007FF606254000-memory.dmp	upx
behavioral2/files/0x000a000000023bb4-42.dat	upx
behavioral2/memory/4400-44-0x00007FF745EC0000-0x00007FF746214000-memory.dmp	upx
behavioral2/files/0x000a000000023bb5-47.dat	upx
behavioral2/files/0x000a000000023bb6-49.dat	upx
behavioral2/memory/3384-52-0x00007FF7DE130000-0x00007FF7DE484000-memory.dmp	upx
behavioral2/memory/4076-53-0x00007FF61CDD0000-0x00007FF61D124000-memory.dmp	upx
behavioral2/memory/4100-51-0x00007FF694D80000-0x00007FF6950D4000-memory.dmp	upx
behavioral2/memory/1432-59-0x00007FF7F7990000-0x00007FF7F7CE4000-memory.dmp	upx
behavioral2/memory/4864-58-0x00007FF72B870000-0x00007FF72BBC4000-memory.dmp	upx
behavioral2/files/0x000a000000023bb7-63.dat	upx
behavioral2/files/0x000800000001e581-67.dat	upx
behavioral2/files/0x000700000001e588-74.dat	upx
behavioral2/files/0x000800000001e58a-78.dat	upx
behavioral2/files/0x0008000000022719-87.dat	upx
behavioral2/files/0x000900000001e58b-88.dat	upx
behavioral2/memory/2112-92-0x00007FF76BCC0000-0x00007FF76C014000-memory.dmp	upx
behavioral2/memory/4460-93-0x00007FF61B790000-0x00007FF61BAE4000-memory.dmp	upx
behavioral2/memory/3132-102-0x00007FF71F780000-0x00007FF71FAD4000-memory.dmp	upx
behavioral2/files/0x000a000000023bba-117.dat	upx
behavioral2/files/0x000a000000023bbb-123.dat	upx
behavioral2/files/0x000a000000023bbd-131.dat	upx
behavioral2/files/0x000a000000023bbe-137.dat	upx
behavioral2/memory/4360-156-0x00007FF6AA790000-0x00007FF6AAAE4000-memory.dmp	upx
behavioral2/files/0x000a000000023bc0-164.dat	upx
behavioral2/files/0x000a000000023bc3-185.dat	upx
behavioral2/memory/4488-193-0x00007FF7B9330000-0x00007FF7B9684000-memory.dmp	upx
behavioral2/memory/1528-219-0x00007FF751950000-0x00007FF751CA4000-memory.dmp	upx
behavioral2/memory/3132-770-0x00007FF71F780000-0x00007FF71FAD4000-memory.dmp	upx
behavioral2/memory/2940-824-0x00007FF6004D0000-0x00007FF600824000-memory.dmp	upx
behavioral2/memory/1008-428-0x00007FF7B0A20000-0x00007FF7B0D74000-memory.dmp	upx
behavioral2/memory/1092-215-0x00007FF7CCA10000-0x00007FF7CCD64000-memory.dmp	upx
behavioral2/memory/1820-208-0x00007FF6E4380000-0x00007FF6E46D4000-memory.dmp	upx
behavioral2/files/0x000a000000023bc8-201.dat	upx
behavioral2/files/0x000a000000023bc7-200.dat	upx
behavioral2/files/0x000a000000023bc6-198.dat	upx
behavioral2/files/0x000a000000023bc5-196.dat	upx
behavioral2/files/0x000a000000023bc4-194.dat	upx
behavioral2/memory/1020-184-0x00007FF78F7F0000-0x00007FF78FB44000-memory.dmp	upx
behavioral2/memory/2468-179-0x00007FF62DD00000-0x00007FF62E054000-memory.dmp	upx
behavioral2/files/0x000a000000023bc2-171.dat	upx
behavioral2/files/0x000a000000023bc1-169.dat	upx
behavioral2/memory/732-168-0x00007FF749A10000-0x00007FF749D64000-memory.dmp	upx
behavioral2/memory/4580-163-0x00007FF632D70000-0x00007FF6330C4000-memory.dmp	upx
behavioral2/files/0x000a000000023bbf-158.dat	upx
behavioral2/memory/3384-157-0x00007FF7DE130000-0x00007FF7DE484000-memory.dmp	upx
behavioral2/memory/4976-149-0x00007FF6A8290000-0x00007FF6A85E4000-memory.dmp	upx
behavioral2/files/0x000a000000023bbc-144.dat	upx
behavioral2/memory/3372-141-0x00007FF626460000-0x00007FF6267B4000-memory.dmp	upx
behavioral2/memory/4100-140-0x00007FF694D80000-0x00007FF6950D4000-memory.dmp	upx
behavioral2/memory/4400-134-0x00007FF745EC0000-0x00007FF746214000-memory.dmp	upx
behavioral2/memory/4112-128-0x00007FF682180000-0x00007FF6824D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\yVHGYft.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jJFhLYv.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pavoXDy.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxuOgUU.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OONQCSZ.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whLziTP.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hTFdekc.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sMmpIup.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mozEchW.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMXrcdx.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JaRUVYG.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aetiWFM.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\meWrXVe.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BRIRKdM.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iAgZnVk.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QyOzxdi.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MuulFQg.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLvZzXQ.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BrCxzZy.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmtcNuf.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXjEhES.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RrOfdxa.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JBaGOXo.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UyyXAqw.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFSjLYm.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DMsVfOQ.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwBETgo.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHWeeFK.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABTteLy.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\maIXYSE.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPYXmnn.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tIUZLtF.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gOcDVbt.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AttzAAH.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PyRtpxO.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LYgDRPC.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pEigwnK.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QuLuTpD.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcBYhqs.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HVcWRYo.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffjlOnR.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ioRQCOe.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcZFbjR.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OlEJmAR.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VEhXuMm.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMVFAWH.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wAZHxAb.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VLzlXwt.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TQgOuJp.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwVOaYM.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxtIiIV.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XZcAKxy.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pbWRkgN.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvXAnMM.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VpLNTKY.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSkdmMp.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OllqIRj.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rkUAAkh.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FVYtgMn.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nBQzTaG.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSuLFWR.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MCDMigp.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tsBCnlc.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RyThEXf.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4076 wrote to memory of 4864	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4076 wrote to memory of 4864	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4076 wrote to memory of 1432	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4076 wrote to memory of 1432	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4076 wrote to memory of 2112	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4076 wrote to memory of 2112	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4076 wrote to memory of 2364	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4076 wrote to memory of 2364	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4076 wrote to memory of 3680	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4076 wrote to memory of 3680	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4076 wrote to memory of 2420	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4076 wrote to memory of 2420	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4076 wrote to memory of 4400	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4076 wrote to memory of 4400	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4076 wrote to memory of 4100	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4076 wrote to memory of 4100	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4076 wrote to memory of 3384	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4076 wrote to memory of 3384	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4076 wrote to memory of 1100	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4076 wrote to memory of 1100	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4076 wrote to memory of 1008	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4076 wrote to memory of 1008	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4076 wrote to memory of 4460	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4076 wrote to memory of 4460	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4076 wrote to memory of 2204	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4076 wrote to memory of 2204	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4076 wrote to memory of 1092	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4076 wrote to memory of 1092	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4076 wrote to memory of 3132	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4076 wrote to memory of 3132	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4076 wrote to memory of 2940	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4076 wrote to memory of 2940	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4076 wrote to memory of 2920	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4076 wrote to memory of 2920	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4076 wrote to memory of 3240	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4076 wrote to memory of 3240	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4076 wrote to memory of 4112	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4076 wrote to memory of 4112	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4076 wrote to memory of 3372	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4076 wrote to memory of 3372	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4076 wrote to memory of 4360	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4076 wrote to memory of 4360	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4076 wrote to memory of 4976	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4076 wrote to memory of 4976	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4076 wrote to memory of 4580	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4076 wrote to memory of 4580	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4076 wrote to memory of 732	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4076 wrote to memory of 732	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4076 wrote to memory of 4488	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4076 wrote to memory of 4488	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4076 wrote to memory of 1820	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4076 wrote to memory of 1820	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4076 wrote to memory of 2468	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4076 wrote to memory of 2468	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4076 wrote to memory of 1528	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4076 wrote to memory of 1528	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4076 wrote to memory of 1020	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4076 wrote to memory of 1020	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4076 wrote to memory of 3588	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4076 wrote to memory of 3588	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4076 wrote to memory of 1184	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4076 wrote to memory of 1184	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4076 wrote to memory of 3204	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 4076 wrote to memory of 3204	4076	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Windows\System\mWDMaNS.exe
  C:\Windows\System\mWDMaNS.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\xVlKfns.exe
  C:\Windows\System\xVlKfns.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\qbJPYkB.exe
  C:\Windows\System\qbJPYkB.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\NDebXQZ.exe
  C:\Windows\System\NDebXQZ.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\GNjguJV.exe
  C:\Windows\System\GNjguJV.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\IyGQvub.exe
  C:\Windows\System\IyGQvub.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\OtvymrR.exe
  C:\Windows\System\OtvymrR.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\xQnFGgn.exe
  C:\Windows\System\xQnFGgn.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\NVyrNrL.exe
  C:\Windows\System\NVyrNrL.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\lGyIbza.exe
  C:\Windows\System\lGyIbza.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\aCbklZy.exe
  C:\Windows\System\aCbklZy.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\nTBdWKk.exe
  C:\Windows\System\nTBdWKk.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\NSuLFWR.exe
  C:\Windows\System\NSuLFWR.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\OqScfnD.exe
  C:\Windows\System\OqScfnD.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\CkrbZdP.exe
  C:\Windows\System\CkrbZdP.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\MYpslUh.exe
  C:\Windows\System\MYpslUh.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\XxpiJTa.exe
  C:\Windows\System\XxpiJTa.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\HhmyGLP.exe
  C:\Windows\System\HhmyGLP.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\YghVsOe.exe
  C:\Windows\System\YghVsOe.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\ECHadLG.exe
  C:\Windows\System\ECHadLG.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\SNNyXKl.exe
  C:\Windows\System\SNNyXKl.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\QYSidEq.exe
  C:\Windows\System\QYSidEq.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\pMHASZw.exe
  C:\Windows\System\pMHASZw.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\cpqYdYd.exe
  C:\Windows\System\cpqYdYd.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\rqOFWYK.exe
  C:\Windows\System\rqOFWYK.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\RYCjVse.exe
  C:\Windows\System\RYCjVse.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\OVWgucm.exe
  C:\Windows\System\OVWgucm.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\kMOVlro.exe
  C:\Windows\System\kMOVlro.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\doNImtM.exe
  C:\Windows\System\doNImtM.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\JPQhVtq.exe
  C:\Windows\System\JPQhVtq.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\pavoXDy.exe
  C:\Windows\System\pavoXDy.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\YnHqoVq.exe
  C:\Windows\System\YnHqoVq.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\AfhHjoY.exe
  C:\Windows\System\AfhHjoY.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\RHpCitI.exe
  C:\Windows\System\RHpCitI.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\RQDyxjQ.exe
  C:\Windows\System\RQDyxjQ.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\dntjhdN.exe
  C:\Windows\System\dntjhdN.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\SZbfVZm.exe
  C:\Windows\System\SZbfVZm.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\SojWZnz.exe
  C:\Windows\System\SojWZnz.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\BrCkQOW.exe
  C:\Windows\System\BrCkQOW.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\tvvRsxh.exe
  C:\Windows\System\tvvRsxh.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\lmyKFTq.exe
  C:\Windows\System\lmyKFTq.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\MNmqdyv.exe
  C:\Windows\System\MNmqdyv.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\pxfQJWA.exe
  C:\Windows\System\pxfQJWA.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\YqXUkkS.exe
  C:\Windows\System\YqXUkkS.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\ZqICgqq.exe
  C:\Windows\System\ZqICgqq.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\WjSSKlB.exe
  C:\Windows\System\WjSSKlB.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\ozWbUTO.exe
  C:\Windows\System\ozWbUTO.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\NKsnrgC.exe
  C:\Windows\System\NKsnrgC.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\iaNIqRM.exe
  C:\Windows\System\iaNIqRM.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\EGSOtAp.exe
  C:\Windows\System\EGSOtAp.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\dBoIPgo.exe
  C:\Windows\System\dBoIPgo.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\CNpCJPD.exe
  C:\Windows\System\CNpCJPD.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\sfmYEni.exe
  C:\Windows\System\sfmYEni.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\lxyDHIq.exe
  C:\Windows\System\lxyDHIq.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\qujFiXb.exe
  C:\Windows\System\qujFiXb.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\oSWUvDt.exe
  C:\Windows\System\oSWUvDt.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\UlgZDlp.exe
  C:\Windows\System\UlgZDlp.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\ldfXRkG.exe
  C:\Windows\System\ldfXRkG.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\hZXiHKf.exe
  C:\Windows\System\hZXiHKf.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\WpzhkGb.exe
  C:\Windows\System\WpzhkGb.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\JboqVGr.exe
  C:\Windows\System\JboqVGr.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\YEBabiu.exe
  C:\Windows\System\YEBabiu.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\LtPumQO.exe
  C:\Windows\System\LtPumQO.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\OmgQpyM.exe
  C:\Windows\System\OmgQpyM.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\HRooZFA.exe
  C:\Windows\System\HRooZFA.exe
  2⤵
  PID:1180
- C:\Windows\System\egyaCAB.exe
  C:\Windows\System\egyaCAB.exe
  2⤵
  PID:444
- C:\Windows\System\araIwDw.exe
  C:\Windows\System\araIwDw.exe
  2⤵
  PID:2748
- C:\Windows\System\HWNxaTm.exe
  C:\Windows\System\HWNxaTm.exe
  2⤵
  PID:4772
- C:\Windows\System\zmnchgv.exe
  C:\Windows\System\zmnchgv.exe
  2⤵
  PID:1460
- C:\Windows\System\MNqaYfU.exe
  C:\Windows\System\MNqaYfU.exe
  2⤵
  PID:2012
- C:\Windows\System\oIFTymz.exe
  C:\Windows\System\oIFTymz.exe
  2⤵
  PID:1228
- C:\Windows\System\VaPEfda.exe
  C:\Windows\System\VaPEfda.exe
  2⤵
  PID:2536
- C:\Windows\System\vwbEICX.exe
  C:\Windows\System\vwbEICX.exe
  2⤵
  PID:5128
- C:\Windows\System\TgJeLvX.exe
  C:\Windows\System\TgJeLvX.exe
  2⤵
  PID:5144
- C:\Windows\System\AlrTzLK.exe
  C:\Windows\System\AlrTzLK.exe
  2⤵
  PID:5172
- C:\Windows\System\mwBETgo.exe
  C:\Windows\System\mwBETgo.exe
  2⤵
  PID:5200
- C:\Windows\System\DhsQdmI.exe
  C:\Windows\System\DhsQdmI.exe
  2⤵
  PID:5240
- C:\Windows\System\VgJPfeJ.exe
  C:\Windows\System\VgJPfeJ.exe
  2⤵
  PID:5256
- C:\Windows\System\mpvHjFp.exe
  C:\Windows\System\mpvHjFp.exe
  2⤵
  PID:5272
- C:\Windows\System\QyOzxdi.exe
  C:\Windows\System\QyOzxdi.exe
  2⤵
  PID:5288
- C:\Windows\System\cdwJzLG.exe
  C:\Windows\System\cdwJzLG.exe
  2⤵
  PID:5316
- C:\Windows\System\ATBrpfz.exe
  C:\Windows\System\ATBrpfz.exe
  2⤵
  PID:5336
- C:\Windows\System\tOeFGZm.exe
  C:\Windows\System\tOeFGZm.exe
  2⤵
  PID:5376
- C:\Windows\System\CXyVFDT.exe
  C:\Windows\System\CXyVFDT.exe
  2⤵
  PID:5424
- C:\Windows\System\RwmHMOi.exe
  C:\Windows\System\RwmHMOi.exe
  2⤵
  PID:5452
- C:\Windows\System\yoMoFHZ.exe
  C:\Windows\System\yoMoFHZ.exe
  2⤵
  PID:5468
- C:\Windows\System\etEFdUl.exe
  C:\Windows\System\etEFdUl.exe
  2⤵
  PID:5488
- C:\Windows\System\LWExhyC.exe
  C:\Windows\System\LWExhyC.exe
  2⤵
  PID:5504
- C:\Windows\System\kbSmVYF.exe
  C:\Windows\System\kbSmVYF.exe
  2⤵
  PID:5540
- C:\Windows\System\rPYXmnn.exe
  C:\Windows\System\rPYXmnn.exe
  2⤵
  PID:5568
- C:\Windows\System\ncaNkdz.exe
  C:\Windows\System\ncaNkdz.exe
  2⤵
  PID:5620
- C:\Windows\System\SLFsqdY.exe
  C:\Windows\System\SLFsqdY.exe
  2⤵
  PID:5656
- C:\Windows\System\xGCiVLa.exe
  C:\Windows\System\xGCiVLa.exe
  2⤵
  PID:5688
- C:\Windows\System\bzykpUC.exe
  C:\Windows\System\bzykpUC.exe
  2⤵
  PID:5704
- C:\Windows\System\HMdnXWP.exe
  C:\Windows\System\HMdnXWP.exe
  2⤵
  PID:5732
- C:\Windows\System\qDKdsTe.exe
  C:\Windows\System\qDKdsTe.exe
  2⤵
  PID:5772
- C:\Windows\System\oCQbNZE.exe
  C:\Windows\System\oCQbNZE.exe
  2⤵
  PID:5788
- C:\Windows\System\KTleukE.exe
  C:\Windows\System\KTleukE.exe
  2⤵
  PID:5824
- C:\Windows\System\JpyHyAa.exe
  C:\Windows\System\JpyHyAa.exe
  2⤵
  PID:5844
- C:\Windows\System\CoBVswY.exe
  C:\Windows\System\CoBVswY.exe
  2⤵
  PID:5860
- C:\Windows\System\VccxnrG.exe
  C:\Windows\System\VccxnrG.exe
  2⤵
  PID:5888
- C:\Windows\System\kGtlOgl.exe
  C:\Windows\System\kGtlOgl.exe
  2⤵
  PID:5924
- C:\Windows\System\APwblPh.exe
  C:\Windows\System\APwblPh.exe
  2⤵
  PID:5968
- C:\Windows\System\BFaJaYa.exe
  C:\Windows\System\BFaJaYa.exe
  2⤵
  PID:5984
- C:\Windows\System\XHWeeFK.exe
  C:\Windows\System\XHWeeFK.exe
  2⤵
  PID:6024
- C:\Windows\System\gCSDMVW.exe
  C:\Windows\System\gCSDMVW.exe
  2⤵
  PID:6044
- C:\Windows\System\QzgJCjW.exe
  C:\Windows\System\QzgJCjW.exe
  2⤵
  PID:6060
- C:\Windows\System\kFvFesL.exe
  C:\Windows\System\kFvFesL.exe
  2⤵
  PID:6076
- C:\Windows\System\yNVDJfQ.exe
  C:\Windows\System\yNVDJfQ.exe
  2⤵
  PID:6092
- C:\Windows\System\WmETYae.exe
  C:\Windows\System\WmETYae.exe
  2⤵
  PID:4612
- C:\Windows\System\XQPrNgH.exe
  C:\Windows\System\XQPrNgH.exe
  2⤵
  PID:1356
- C:\Windows\System\bDSVHVl.exe
  C:\Windows\System\bDSVHVl.exe
  2⤵
  PID:4056
- C:\Windows\System\lpqjcpu.exe
  C:\Windows\System\lpqjcpu.exe
  2⤵
  PID:5152
- C:\Windows\System\EgYMBcI.exe
  C:\Windows\System\EgYMBcI.exe
  2⤵
  PID:5216
- C:\Windows\System\FXkRelT.exe
  C:\Windows\System\FXkRelT.exe
  2⤵
  PID:5264
- C:\Windows\System\zCRlhwm.exe
  C:\Windows\System\zCRlhwm.exe
  2⤵
  PID:5304
- C:\Windows\System\lEkDIeo.exe
  C:\Windows\System\lEkDIeo.exe
  2⤵
  PID:5344
- C:\Windows\System\PElhvIv.exe
  C:\Windows\System\PElhvIv.exe
  2⤵
  PID:5404
- C:\Windows\System\ckPATYJ.exe
  C:\Windows\System\ckPATYJ.exe
  2⤵
  PID:5520
- C:\Windows\System\YoPCAfF.exe
  C:\Windows\System\YoPCAfF.exe
  2⤵
  PID:5588
- C:\Windows\System\akLEzgI.exe
  C:\Windows\System\akLEzgI.exe
  2⤵
  PID:5672
- C:\Windows\System\ZSNCkCZ.exe
  C:\Windows\System\ZSNCkCZ.exe
  2⤵
  PID:5700
- C:\Windows\System\pPnOtih.exe
  C:\Windows\System\pPnOtih.exe
  2⤵
  PID:5800
- C:\Windows\System\pOtfaDX.exe
  C:\Windows\System\pOtfaDX.exe
  2⤵
  PID:5868
- C:\Windows\System\OJLtiiM.exe
  C:\Windows\System\OJLtiiM.exe
  2⤵
  PID:5912
- C:\Windows\System\jNendLi.exe
  C:\Windows\System\jNendLi.exe
  2⤵
  PID:5976
- C:\Windows\System\oinminR.exe
  C:\Windows\System\oinminR.exe
  2⤵
  PID:6036
- C:\Windows\System\umjqboU.exe
  C:\Windows\System\umjqboU.exe
  2⤵
  PID:6072
- C:\Windows\System\jHEUwDS.exe
  C:\Windows\System\jHEUwDS.exe
  2⤵
  PID:6120
- C:\Windows\System\UgYDXEt.exe
  C:\Windows\System\UgYDXEt.exe
  2⤵
  PID:3972
- C:\Windows\System\FtYXKuW.exe
  C:\Windows\System\FtYXKuW.exe
  2⤵
  PID:5192
- C:\Windows\System\Kfanovz.exe
  C:\Windows\System\Kfanovz.exe
  2⤵
  PID:5384
- C:\Windows\System\EMkeGiN.exe
  C:\Windows\System\EMkeGiN.exe
  2⤵
  PID:5464
- C:\Windows\System\yfBFhMg.exe
  C:\Windows\System\yfBFhMg.exe
  2⤵
  PID:5576
- C:\Windows\System\EWiEFdf.exe
  C:\Windows\System\EWiEFdf.exe
  2⤵
  PID:5696
- C:\Windows\System\NMgtxpa.exe
  C:\Windows\System\NMgtxpa.exe
  2⤵
  PID:3348
- C:\Windows\System\GubGPjn.exe
  C:\Windows\System\GubGPjn.exe
  2⤵
  PID:5944
- C:\Windows\System\kPtiUGD.exe
  C:\Windows\System\kPtiUGD.exe
  2⤵
  PID:6100
- C:\Windows\System\qecAnsu.exe
  C:\Windows\System\qecAnsu.exe
  2⤵
  PID:6160
- C:\Windows\System\HJkrHTp.exe
  C:\Windows\System\HJkrHTp.exe
  2⤵
  PID:6180
- C:\Windows\System\sonHvtu.exe
  C:\Windows\System\sonHvtu.exe
  2⤵
  PID:6216
- C:\Windows\System\SlmmjOy.exe
  C:\Windows\System\SlmmjOy.exe
  2⤵
  PID:6248
- C:\Windows\System\LUugAKw.exe
  C:\Windows\System\LUugAKw.exe
  2⤵
  PID:6292
- C:\Windows\System\IuAUMGj.exe
  C:\Windows\System\IuAUMGj.exe
  2⤵
  PID:6328
- C:\Windows\System\pEigwnK.exe
  C:\Windows\System\pEigwnK.exe
  2⤵
  PID:6344
- C:\Windows\System\IStqdle.exe
  C:\Windows\System\IStqdle.exe
  2⤵
  PID:6372
- C:\Windows\System\CNgolQs.exe
  C:\Windows\System\CNgolQs.exe
  2⤵
  PID:6396
- C:\Windows\System\OXvNYZR.exe
  C:\Windows\System\OXvNYZR.exe
  2⤵
  PID:6428
- C:\Windows\System\ckoVoUs.exe
  C:\Windows\System\ckoVoUs.exe
  2⤵
  PID:6456
- C:\Windows\System\HPdaNIM.exe
  C:\Windows\System\HPdaNIM.exe
  2⤵
  PID:6484
- C:\Windows\System\RVUzwkU.exe
  C:\Windows\System\RVUzwkU.exe
  2⤵
  PID:6520
- C:\Windows\System\acbTfcZ.exe
  C:\Windows\System\acbTfcZ.exe
  2⤵
  PID:6540
- C:\Windows\System\PXonPRM.exe
  C:\Windows\System\PXonPRM.exe
  2⤵
  PID:6556
- C:\Windows\System\QuLuTpD.exe
  C:\Windows\System\QuLuTpD.exe
  2⤵
  PID:6572
- C:\Windows\System\BduFBBG.exe
  C:\Windows\System\BduFBBG.exe
  2⤵
  PID:6600
- C:\Windows\System\rCOkaEA.exe
  C:\Windows\System\rCOkaEA.exe
  2⤵
  PID:6640
- C:\Windows\System\yVDLCHe.exe
  C:\Windows\System\yVDLCHe.exe
  2⤵
  PID:6668
- C:\Windows\System\LaGXxkD.exe
  C:\Windows\System\LaGXxkD.exe
  2⤵
  PID:6708
- C:\Windows\System\XQVTXPQ.exe
  C:\Windows\System\XQVTXPQ.exe
  2⤵
  PID:6724
- C:\Windows\System\ISdTEMA.exe
  C:\Windows\System\ISdTEMA.exe
  2⤵
  PID:6760
- C:\Windows\System\HUpDYXJ.exe
  C:\Windows\System\HUpDYXJ.exe
  2⤵
  PID:6780
- C:\Windows\System\LjtxcKE.exe
  C:\Windows\System\LjtxcKE.exe
  2⤵
  PID:6808
- C:\Windows\System\AHbTFFz.exe
  C:\Windows\System\AHbTFFz.exe
  2⤵
  PID:6824
- C:\Windows\System\YxYAuhc.exe
  C:\Windows\System\YxYAuhc.exe
  2⤵
  PID:6844
- C:\Windows\System\Qshaioc.exe
  C:\Windows\System\Qshaioc.exe
  2⤵
  PID:6880
- C:\Windows\System\xMtIeaZ.exe
  C:\Windows\System\xMtIeaZ.exe
  2⤵
  PID:6900
- C:\Windows\System\oXAutJE.exe
  C:\Windows\System\oXAutJE.exe
  2⤵
  PID:6960
- C:\Windows\System\NgtfpSS.exe
  C:\Windows\System\NgtfpSS.exe
  2⤵
  PID:6988
- C:\Windows\System\DzpVOAO.exe
  C:\Windows\System\DzpVOAO.exe
  2⤵
  PID:7016
- C:\Windows\System\DMOSIof.exe
  C:\Windows\System\DMOSIof.exe
  2⤵
  PID:7044
- C:\Windows\System\ouFpRkH.exe
  C:\Windows\System\ouFpRkH.exe
  2⤵
  PID:7072
- C:\Windows\System\ekJTEyM.exe
  C:\Windows\System\ekJTEyM.exe
  2⤵
  PID:7088
- C:\Windows\System\QyzDgPF.exe
  C:\Windows\System\QyzDgPF.exe
  2⤵
  PID:7116
- C:\Windows\System\gJFpKVc.exe
  C:\Windows\System\gJFpKVc.exe
  2⤵
  PID:7132
- C:\Windows\System\HTrIOhx.exe
  C:\Windows\System\HTrIOhx.exe
  2⤵
  PID:5124
- C:\Windows\System\wNJpstb.exe
  C:\Windows\System\wNJpstb.exe
  2⤵
  PID:5640
- C:\Windows\System\FoNqNaN.exe
  C:\Windows\System\FoNqNaN.exe
  2⤵
  PID:4752
- C:\Windows\System\wsywuUe.exe
  C:\Windows\System\wsywuUe.exe
  2⤵
  PID:6168
- C:\Windows\System\KyQNyBR.exe
  C:\Windows\System\KyQNyBR.exe
  2⤵
  PID:6204
- C:\Windows\System\RZQoQmW.exe
  C:\Windows\System\RZQoQmW.exe
  2⤵
  PID:6280
- C:\Windows\System\KbawrUI.exe
  C:\Windows\System\KbawrUI.exe
  2⤵
  PID:6336
- C:\Windows\System\GrHPKVs.exe
  C:\Windows\System\GrHPKVs.exe
  2⤵
  PID:6408
- C:\Windows\System\oJqAsPY.exe
  C:\Windows\System\oJqAsPY.exe
  2⤵
  PID:6504
- C:\Windows\System\XrEOfPI.exe
  C:\Windows\System\XrEOfPI.exe
  2⤵
  PID:6536
- C:\Windows\System\BlVPEfs.exe
  C:\Windows\System\BlVPEfs.exe
  2⤵
  PID:6568
- C:\Windows\System\IElIYom.exe
  C:\Windows\System\IElIYom.exe
  2⤵
  PID:6628
- C:\Windows\System\sCTZoJq.exe
  C:\Windows\System\sCTZoJq.exe
  2⤵
  PID:6688
- C:\Windows\System\eLBggcL.exe
  C:\Windows\System\eLBggcL.exe
  2⤵
  PID:6792
- C:\Windows\System\OFDvkAA.exe
  C:\Windows\System\OFDvkAA.exe
  2⤵
  PID:6852
- C:\Windows\System\AGlZCyU.exe
  C:\Windows\System\AGlZCyU.exe
  2⤵
  PID:6912
- C:\Windows\System\veAZmYl.exe
  C:\Windows\System\veAZmYl.exe
  2⤵
  PID:6972
- C:\Windows\System\SWDDPss.exe
  C:\Windows\System\SWDDPss.exe
  2⤵
  PID:7008
- C:\Windows\System\sUXReZt.exe
  C:\Windows\System\sUXReZt.exe
  2⤵
  PID:7060
- C:\Windows\System\cZHDSkw.exe
  C:\Windows\System\cZHDSkw.exe
  2⤵
  PID:7100
- C:\Windows\System\lTOwaYi.exe
  C:\Windows\System\lTOwaYi.exe
  2⤵
  PID:7156
- C:\Windows\System\vvHiicl.exe
  C:\Windows\System\vvHiicl.exe
  2⤵
  PID:5528
- C:\Windows\System\MLSusyo.exe
  C:\Windows\System\MLSusyo.exe
  2⤵
  PID:6192
- C:\Windows\System\BpOoJnq.exe
  C:\Windows\System\BpOoJnq.exe
  2⤵
  PID:6320
- C:\Windows\System\FXKFfaC.exe
  C:\Windows\System\FXKFfaC.exe
  2⤵
  PID:6588
- C:\Windows\System\RBlQJpy.exe
  C:\Windows\System\RBlQJpy.exe
  2⤵
  PID:6660
- C:\Windows\System\jUxvptA.exe
  C:\Windows\System\jUxvptA.exe
  2⤵
  PID:2168
- C:\Windows\System\BLVkjIG.exe
  C:\Windows\System\BLVkjIG.exe
  2⤵
  PID:6928
- C:\Windows\System\nPuXAYc.exe
  C:\Windows\System\nPuXAYc.exe
  2⤵
  PID:408
- C:\Windows\System\qZhzLvD.exe
  C:\Windows\System\qZhzLvD.exe
  2⤵
  PID:7080
- C:\Windows\System\ZxrcrjG.exe
  C:\Windows\System\ZxrcrjG.exe
  2⤵
  PID:6004
- C:\Windows\System\kOOKrrx.exe
  C:\Windows\System\kOOKrrx.exe
  2⤵
  PID:6472
- C:\Windows\System\PovwJxY.exe
  C:\Windows\System\PovwJxY.exe
  2⤵
  PID:6736
- C:\Windows\System\UPHvMVx.exe
  C:\Windows\System\UPHvMVx.exe
  2⤵
  PID:7188
- C:\Windows\System\ViSsxdT.exe
  C:\Windows\System\ViSsxdT.exe
  2⤵
  PID:7212
- C:\Windows\System\seyfLWv.exe
  C:\Windows\System\seyfLWv.exe
  2⤵
  PID:7252
- C:\Windows\System\yZHEudN.exe
  C:\Windows\System\yZHEudN.exe
  2⤵
  PID:7280
- C:\Windows\System\oSLMrPX.exe
  C:\Windows\System\oSLMrPX.exe
  2⤵
  PID:7308
- C:\Windows\System\HJXJpKu.exe
  C:\Windows\System\HJXJpKu.exe
  2⤵
  PID:7336
- C:\Windows\System\YxMYsWH.exe
  C:\Windows\System\YxMYsWH.exe
  2⤵
  PID:7352
- C:\Windows\System\xDysLlr.exe
  C:\Windows\System\xDysLlr.exe
  2⤵
  PID:7380
- C:\Windows\System\prXkaeD.exe
  C:\Windows\System\prXkaeD.exe
  2⤵
  PID:7408
- C:\Windows\System\MOJZZLY.exe
  C:\Windows\System\MOJZZLY.exe
  2⤵
  PID:7440
- C:\Windows\System\VXbOrOJ.exe
  C:\Windows\System\VXbOrOJ.exe
  2⤵
  PID:7456
- C:\Windows\System\mbzGPXM.exe
  C:\Windows\System\mbzGPXM.exe
  2⤵
  PID:7484
- C:\Windows\System\xkmvSsI.exe
  C:\Windows\System\xkmvSsI.exe
  2⤵
  PID:7512
- C:\Windows\System\GBJVNPN.exe
  C:\Windows\System\GBJVNPN.exe
  2⤵
  PID:7528
- C:\Windows\System\BokfsZI.exe
  C:\Windows\System\BokfsZI.exe
  2⤵
  PID:7544
- C:\Windows\System\hIgabUS.exe
  C:\Windows\System\hIgabUS.exe
  2⤵
  PID:7592
- C:\Windows\System\FdhXDoU.exe
  C:\Windows\System\FdhXDoU.exe
  2⤵
  PID:7624
- C:\Windows\System\HopAxuC.exe
  C:\Windows\System\HopAxuC.exe
  2⤵
  PID:7644
- C:\Windows\System\cxuWTvW.exe
  C:\Windows\System\cxuWTvW.exe
  2⤵
  PID:7664
- C:\Windows\System\DKvBpwP.exe
  C:\Windows\System\DKvBpwP.exe
  2⤵
  PID:7680
- C:\Windows\System\IhuGYyM.exe
  C:\Windows\System\IhuGYyM.exe
  2⤵
  PID:7708
- C:\Windows\System\GaXFkFF.exe
  C:\Windows\System\GaXFkFF.exe
  2⤵
  PID:7744
- C:\Windows\System\bFELeKJ.exe
  C:\Windows\System\bFELeKJ.exe
  2⤵
  PID:7784
- C:\Windows\System\yJfBiZR.exe
  C:\Windows\System\yJfBiZR.exe
  2⤵
  PID:7804
- C:\Windows\System\NpdTqbh.exe
  C:\Windows\System\NpdTqbh.exe
  2⤵
  PID:7824
- C:\Windows\System\FpDECBz.exe
  C:\Windows\System\FpDECBz.exe
  2⤵
  PID:7844
- C:\Windows\System\WPjLmmn.exe
  C:\Windows\System\WPjLmmn.exe
  2⤵
  PID:7864
- C:\Windows\System\CCrvxIS.exe
  C:\Windows\System\CCrvxIS.exe
  2⤵
  PID:7896
- C:\Windows\System\lWSMSNF.exe
  C:\Windows\System\lWSMSNF.exe
  2⤵
  PID:7916
- C:\Windows\System\ZPpRcTN.exe
  C:\Windows\System\ZPpRcTN.exe
  2⤵
  PID:7944
- C:\Windows\System\fPRCHQb.exe
  C:\Windows\System\fPRCHQb.exe
  2⤵
  PID:7972
- C:\Windows\System\diiVrAX.exe
  C:\Windows\System\diiVrAX.exe
  2⤵
  PID:7988
- C:\Windows\System\StonPgP.exe
  C:\Windows\System\StonPgP.exe
  2⤵
  PID:8004
- C:\Windows\System\MhLBJQd.exe
  C:\Windows\System\MhLBJQd.exe
  2⤵
  PID:8108
- C:\Windows\System\PNtaZLP.exe
  C:\Windows\System\PNtaZLP.exe
  2⤵
  PID:6892
- C:\Windows\System\GHJeLxB.exe
  C:\Windows\System\GHJeLxB.exe
  2⤵
  PID:5104
- C:\Windows\System\astwrBX.exe
  C:\Windows\System\astwrBX.exe
  2⤵
  PID:1440
- C:\Windows\System\CbloORL.exe
  C:\Windows\System\CbloORL.exe
  2⤵
  PID:7296
- C:\Windows\System\aInltMy.exe
  C:\Windows\System\aInltMy.exe
  2⤵
  PID:7392
- C:\Windows\System\VGcjgeg.exe
  C:\Windows\System\VGcjgeg.exe
  2⤵
  PID:7504
- C:\Windows\System\NfqTrxx.exe
  C:\Windows\System\NfqTrxx.exe
  2⤵
  PID:7616
- C:\Windows\System\SixrUww.exe
  C:\Windows\System\SixrUww.exe
  2⤵
  PID:7700
- C:\Windows\System\nnxQvoB.exe
  C:\Windows\System\nnxQvoB.exe
  2⤵
  PID:7832
- C:\Windows\System\mbZJZMt.exe
  C:\Windows\System\mbZJZMt.exe
  2⤵
  PID:7904
- C:\Windows\System\deBFmXk.exe
  C:\Windows\System\deBFmXk.exe
  2⤵
  PID:7960
- C:\Windows\System\CKjWLFi.exe
  C:\Windows\System\CKjWLFi.exe
  2⤵
  PID:8000
- C:\Windows\System\iuLavGR.exe
  C:\Windows\System\iuLavGR.exe
  2⤵
  PID:8040
- C:\Windows\System\YewtlaV.exe
  C:\Windows\System\YewtlaV.exe
  2⤵
  PID:1672
- C:\Windows\System\hwXGwUt.exe
  C:\Windows\System\hwXGwUt.exe
  2⤵
  PID:3056
- C:\Windows\System\fkYNDZR.exe
  C:\Windows\System\fkYNDZR.exe
  2⤵
  PID:2776
- C:\Windows\System\tjOxCnp.exe
  C:\Windows\System\tjOxCnp.exe
  2⤵
  PID:1848
- C:\Windows\System\IrlrrpG.exe
  C:\Windows\System\IrlrrpG.exe
  2⤵
  PID:5072
- C:\Windows\System\ObKNgOQ.exe
  C:\Windows\System\ObKNgOQ.exe
  2⤵
  PID:3916
- C:\Windows\System\gbMQtmP.exe
  C:\Windows\System\gbMQtmP.exe
  2⤵
  PID:1900
- C:\Windows\System\GJewNDA.exe
  C:\Windows\System\GJewNDA.exe
  2⤵
  PID:1388
- C:\Windows\System\IrUTFgT.exe
  C:\Windows\System\IrUTFgT.exe
  2⤵
  PID:6980
- C:\Windows\System\FSrdXDk.exe
  C:\Windows\System\FSrdXDk.exe
  2⤵
  PID:7208
- C:\Windows\System\CwyNvQR.exe
  C:\Windows\System\CwyNvQR.exe
  2⤵
  PID:7368
- C:\Windows\System\elegUJn.exe
  C:\Windows\System\elegUJn.exe
  2⤵
  PID:4944
- C:\Windows\System\zaNsXDd.exe
  C:\Windows\System\zaNsXDd.exe
  2⤵
  PID:7820
- C:\Windows\System\WdFGWkJ.exe
  C:\Windows\System\WdFGWkJ.exe
  2⤵
  PID:2884
- C:\Windows\System\GTQnsgR.exe
  C:\Windows\System\GTQnsgR.exe
  2⤵
  PID:8032
- C:\Windows\System\wCppKVI.exe
  C:\Windows\System\wCppKVI.exe
  2⤵
  PID:2212
- C:\Windows\System\jefZlUU.exe
  C:\Windows\System\jefZlUU.exe
  2⤵
  PID:7572
- C:\Windows\System\ndvUBYn.exe
  C:\Windows\System\ndvUBYn.exe
  2⤵
  PID:1572
- C:\Windows\System\OPdfuAZ.exe
  C:\Windows\System\OPdfuAZ.exe
  2⤵
  PID:3020
- C:\Windows\System\TPYLXPX.exe
  C:\Windows\System\TPYLXPX.exe
  2⤵
  PID:676
- C:\Windows\System\yGSnxaN.exe
  C:\Windows\System\yGSnxaN.exe
  2⤵
  PID:1648
- C:\Windows\System\ngqcWDa.exe
  C:\Windows\System\ngqcWDa.exe
  2⤵
  PID:6128
- C:\Windows\System\FYmIrTG.exe
  C:\Windows\System\FYmIrTG.exe
  2⤵
  PID:5016
- C:\Windows\System\UONivlE.exe
  C:\Windows\System\UONivlE.exe
  2⤵
  PID:8208
- C:\Windows\System\UNbJdbe.exe
  C:\Windows\System\UNbJdbe.exe
  2⤵
  PID:8232
- C:\Windows\System\vUbzXSI.exe
  C:\Windows\System\vUbzXSI.exe
  2⤵
  PID:8260
- C:\Windows\System\ysRqniF.exe
  C:\Windows\System\ysRqniF.exe
  2⤵
  PID:8280
- C:\Windows\System\ZpXdwGO.exe
  C:\Windows\System\ZpXdwGO.exe
  2⤵
  PID:8320
- C:\Windows\System\aetiWFM.exe
  C:\Windows\System\aetiWFM.exe
  2⤵
  PID:8352
- C:\Windows\System\whRelSd.exe
  C:\Windows\System\whRelSd.exe
  2⤵
  PID:8380
- C:\Windows\System\eHoeaCD.exe
  C:\Windows\System\eHoeaCD.exe
  2⤵
  PID:8416
- C:\Windows\System\sKKaLMP.exe
  C:\Windows\System\sKKaLMP.exe
  2⤵
  PID:8448
- C:\Windows\System\InaimjR.exe
  C:\Windows\System\InaimjR.exe
  2⤵
  PID:8484
- C:\Windows\System\eNOQDUX.exe
  C:\Windows\System\eNOQDUX.exe
  2⤵
  PID:8532
- C:\Windows\System\UMQwruE.exe
  C:\Windows\System\UMQwruE.exe
  2⤵
  PID:8548
- C:\Windows\System\wTwoUHy.exe
  C:\Windows\System\wTwoUHy.exe
  2⤵
  PID:8576
- C:\Windows\System\qupinTi.exe
  C:\Windows\System\qupinTi.exe
  2⤵
  PID:8604
- C:\Windows\System\hEmByFp.exe
  C:\Windows\System\hEmByFp.exe
  2⤵
  PID:8632
- C:\Windows\System\wRNKzwV.exe
  C:\Windows\System\wRNKzwV.exe
  2⤵
  PID:8664
- C:\Windows\System\LJluuuN.exe
  C:\Windows\System\LJluuuN.exe
  2⤵
  PID:8708
- C:\Windows\System\ePptOtp.exe
  C:\Windows\System\ePptOtp.exe
  2⤵
  PID:8724
- C:\Windows\System\QTxmoHG.exe
  C:\Windows\System\QTxmoHG.exe
  2⤵
  PID:8744
- C:\Windows\System\RcrwqLl.exe
  C:\Windows\System\RcrwqLl.exe
  2⤵
  PID:8780
- C:\Windows\System\ALkjNjS.exe
  C:\Windows\System\ALkjNjS.exe
  2⤵
  PID:8808
- C:\Windows\System\tLiwXio.exe
  C:\Windows\System\tLiwXio.exe
  2⤵
  PID:8836
- C:\Windows\System\eihJDUk.exe
  C:\Windows\System\eihJDUk.exe
  2⤵
  PID:8864
- C:\Windows\System\FuYaCur.exe
  C:\Windows\System\FuYaCur.exe
  2⤵
  PID:8896
- C:\Windows\System\cJzjUpC.exe
  C:\Windows\System\cJzjUpC.exe
  2⤵
  PID:8924
- C:\Windows\System\VLzlXwt.exe
  C:\Windows\System\VLzlXwt.exe
  2⤵
  PID:8956
- C:\Windows\System\nBQzTaG.exe
  C:\Windows\System\nBQzTaG.exe
  2⤵
  PID:8984
- C:\Windows\System\YSfVOgZ.exe
  C:\Windows\System\YSfVOgZ.exe
  2⤵
  PID:9012
- C:\Windows\System\zrJGBpK.exe
  C:\Windows\System\zrJGBpK.exe
  2⤵
  PID:9044
- C:\Windows\System\xtbaDTl.exe
  C:\Windows\System\xtbaDTl.exe
  2⤵
  PID:9068
- C:\Windows\System\jSJwZBs.exe
  C:\Windows\System\jSJwZBs.exe
  2⤵
  PID:9108
- C:\Windows\System\ywNyUic.exe
  C:\Windows\System\ywNyUic.exe
  2⤵
  PID:9128
- C:\Windows\System\FlKbwbp.exe
  C:\Windows\System\FlKbwbp.exe
  2⤵
  PID:9156
- C:\Windows\System\EZALETo.exe
  C:\Windows\System\EZALETo.exe
  2⤵
  PID:9196
- C:\Windows\System\vblnBLR.exe
  C:\Windows\System\vblnBLR.exe
  2⤵
  PID:3920
- C:\Windows\System\NCwPLCx.exe
  C:\Windows\System\NCwPLCx.exe
  2⤵
  PID:1232
- C:\Windows\System\JnFizME.exe
  C:\Windows\System\JnFizME.exe
  2⤵
  PID:8312
- C:\Windows\System\ZULELRm.exe
  C:\Windows\System\ZULELRm.exe
  2⤵
  PID:8372
- C:\Windows\System\ecjavrl.exe
  C:\Windows\System\ecjavrl.exe
  2⤵
  PID:8468
- C:\Windows\System\WAsAVqb.exe
  C:\Windows\System\WAsAVqb.exe
  2⤵
  PID:8560
- C:\Windows\System\PxonETE.exe
  C:\Windows\System\PxonETE.exe
  2⤵
  PID:8600
- C:\Windows\System\GcnpAie.exe
  C:\Windows\System\GcnpAie.exe
  2⤵
  PID:8716
- C:\Windows\System\ofYbnHm.exe
  C:\Windows\System\ofYbnHm.exe
  2⤵
  PID:8348
- C:\Windows\System\LYMFgyp.exe
  C:\Windows\System\LYMFgyp.exe
  2⤵
  PID:8860
- C:\Windows\System\dKKpodt.exe
  C:\Windows\System\dKKpodt.exe
  2⤵
  PID:6864
- C:\Windows\System\KEVIGOn.exe
  C:\Windows\System\KEVIGOn.exe
  2⤵
  PID:964
- C:\Windows\System\SlTfheA.exe
  C:\Windows\System\SlTfheA.exe
  2⤵
  PID:8936
- C:\Windows\System\kgzAWSE.exe
  C:\Windows\System\kgzAWSE.exe
  2⤵
  PID:8996
- C:\Windows\System\hRZHBsX.exe
  C:\Windows\System\hRZHBsX.exe
  2⤵
  PID:9060
- C:\Windows\System\UqlgnrQ.exe
  C:\Windows\System\UqlgnrQ.exe
  2⤵
  PID:9140
- C:\Windows\System\ksmJSpY.exe
  C:\Windows\System\ksmJSpY.exe
  2⤵
  PID:2472
- C:\Windows\System\eQaGMAT.exe
  C:\Windows\System\eQaGMAT.exe
  2⤵
  PID:9168
- C:\Windows\System\aQgTqSf.exe
  C:\Windows\System\aQgTqSf.exe
  2⤵
  PID:3836
- C:\Windows\System\vaUrERQ.exe
  C:\Windows\System\vaUrERQ.exe
  2⤵
  PID:8224
- C:\Windows\System\nDYpJCb.exe
  C:\Windows\System\nDYpJCb.exe
  2⤵
  PID:8340
- C:\Windows\System\jnBIPMf.exe
  C:\Windows\System\jnBIPMf.exe
  2⤵
  PID:8540
- C:\Windows\System\aEuxRYf.exe
  C:\Windows\System\aEuxRYf.exe
  2⤵
  PID:8772
- C:\Windows\System\KzqKJdZ.exe
  C:\Windows\System\KzqKJdZ.exe
  2⤵
  PID:8884
- C:\Windows\System\SATcNSH.exe
  C:\Windows\System\SATcNSH.exe
  2⤵
  PID:4536
- C:\Windows\System\ZHnOWow.exe
  C:\Windows\System\ZHnOWow.exe
  2⤵
  PID:9064
- C:\Windows\System\qWCMcet.exe
  C:\Windows\System\qWCMcet.exe
  2⤵
  PID:4260
- C:\Windows\System\lkqMxCI.exe
  C:\Windows\System\lkqMxCI.exe
  2⤵
  PID:6592
- C:\Windows\System\rOTLIfF.exe
  C:\Windows\System\rOTLIfF.exe
  2⤵
  PID:8528
- C:\Windows\System\CrSdvSB.exe
  C:\Windows\System\CrSdvSB.exe
  2⤵
  PID:8832
- C:\Windows\System\Vymoxxx.exe
  C:\Windows\System\Vymoxxx.exe
  2⤵
  PID:3764
- C:\Windows\System\caHrWDz.exe
  C:\Windows\System\caHrWDz.exe
  2⤵
  PID:8464
- C:\Windows\System\tlsAGhj.exe
  C:\Windows\System\tlsAGhj.exe
  2⤵
  PID:8316
- C:\Windows\System\dmnowru.exe
  C:\Windows\System\dmnowru.exe
  2⤵
  PID:3708
- C:\Windows\System\uzEqzdu.exe
  C:\Windows\System\uzEqzdu.exe
  2⤵
  PID:8856
- C:\Windows\System\mWngPHn.exe
  C:\Windows\System\mWngPHn.exe
  2⤵
  PID:9244
- C:\Windows\System\VVKOMsf.exe
  C:\Windows\System\VVKOMsf.exe
  2⤵
  PID:9272
- C:\Windows\System\RFHtYcj.exe
  C:\Windows\System\RFHtYcj.exe
  2⤵
  PID:9308
- C:\Windows\System\hGiyCrF.exe
  C:\Windows\System\hGiyCrF.exe
  2⤵
  PID:9328
- C:\Windows\System\xFWStTc.exe
  C:\Windows\System\xFWStTc.exe
  2⤵
  PID:9356
- C:\Windows\System\jWHosCd.exe
  C:\Windows\System\jWHosCd.exe
  2⤵
  PID:9384
- C:\Windows\System\LnZoUMT.exe
  C:\Windows\System\LnZoUMT.exe
  2⤵
  PID:9416
- C:\Windows\System\MPeFDLt.exe
  C:\Windows\System\MPeFDLt.exe
  2⤵
  PID:9444
- C:\Windows\System\QkvwHJz.exe
  C:\Windows\System\QkvwHJz.exe
  2⤵
  PID:9468
- C:\Windows\System\sSpUzRn.exe
  C:\Windows\System\sSpUzRn.exe
  2⤵
  PID:9496
- C:\Windows\System\dVIKzfH.exe
  C:\Windows\System\dVIKzfH.exe
  2⤵
  PID:9524
- C:\Windows\System\JEtOZPi.exe
  C:\Windows\System\JEtOZPi.exe
  2⤵
  PID:9552
- C:\Windows\System\LQVtprX.exe
  C:\Windows\System\LQVtprX.exe
  2⤵
  PID:9584
- C:\Windows\System\TRKGcqK.exe
  C:\Windows\System\TRKGcqK.exe
  2⤵
  PID:9612
- C:\Windows\System\KNCIBBY.exe
  C:\Windows\System\KNCIBBY.exe
  2⤵
  PID:9640
- C:\Windows\System\jcKsjDb.exe
  C:\Windows\System\jcKsjDb.exe
  2⤵
  PID:9668
- C:\Windows\System\HxuqekR.exe
  C:\Windows\System\HxuqekR.exe
  2⤵
  PID:9696
- C:\Windows\System\lynzIJX.exe
  C:\Windows\System\lynzIJX.exe
  2⤵
  PID:9728
- C:\Windows\System\GyzcSks.exe
  C:\Windows\System\GyzcSks.exe
  2⤵
  PID:9756
- C:\Windows\System\utLxkju.exe
  C:\Windows\System\utLxkju.exe
  2⤵
  PID:9784
- C:\Windows\System\SQrijdN.exe
  C:\Windows\System\SQrijdN.exe
  2⤵
  PID:9812
- C:\Windows\System\PTQCBrf.exe
  C:\Windows\System\PTQCBrf.exe
  2⤵
  PID:9840
- C:\Windows\System\pyygqpt.exe
  C:\Windows\System\pyygqpt.exe
  2⤵
  PID:9868
- C:\Windows\System\ZGVdLmM.exe
  C:\Windows\System\ZGVdLmM.exe
  2⤵
  PID:9916
- C:\Windows\System\VPVQExW.exe
  C:\Windows\System\VPVQExW.exe
  2⤵
  PID:9956
- C:\Windows\System\vnQHbee.exe
  C:\Windows\System\vnQHbee.exe
  2⤵
  PID:10004
- C:\Windows\System\iKNmrBg.exe
  C:\Windows\System\iKNmrBg.exe
  2⤵
  PID:10048
- C:\Windows\System\JNkueUY.exe
  C:\Windows\System\JNkueUY.exe
  2⤵
  PID:10080
- C:\Windows\System\tALeIxk.exe
  C:\Windows\System\tALeIxk.exe
  2⤵
  PID:10104
- C:\Windows\System\lesdVYP.exe
  C:\Windows\System\lesdVYP.exe
  2⤵
  PID:10188
- C:\Windows\System\CVCmWlv.exe
  C:\Windows\System\CVCmWlv.exe
  2⤵
  PID:10224
- C:\Windows\System\HtCaYLd.exe
  C:\Windows\System\HtCaYLd.exe
  2⤵
  PID:9268
- C:\Windows\System\zDltfev.exe
  C:\Windows\System\zDltfev.exe
  2⤵
  PID:9324
- C:\Windows\System\AGHwIEn.exe
  C:\Windows\System\AGHwIEn.exe
  2⤵
  PID:9408
- C:\Windows\System\BHJckdf.exe
  C:\Windows\System\BHJckdf.exe
  2⤵
  PID:9024
- C:\Windows\System\gHrtJdn.exe
  C:\Windows\System\gHrtJdn.exe
  2⤵
  PID:9464
- C:\Windows\System\NmRtDev.exe
  C:\Windows\System\NmRtDev.exe
  2⤵
  PID:9548
- C:\Windows\System\LLmKjxR.exe
  C:\Windows\System\LLmKjxR.exe
  2⤵
  PID:9604
- C:\Windows\System\dXHOpsG.exe
  C:\Windows\System\dXHOpsG.exe
  2⤵
  PID:9664
- C:\Windows\System\xGLrcyf.exe
  C:\Windows\System\xGLrcyf.exe
  2⤵
  PID:9740
- C:\Windows\System\UCOoCRw.exe
  C:\Windows\System\UCOoCRw.exe
  2⤵
  PID:9804
- C:\Windows\System\EbcSyWo.exe
  C:\Windows\System\EbcSyWo.exe
  2⤵
  PID:9864
- C:\Windows\System\LWWjuwc.exe
  C:\Windows\System\LWWjuwc.exe
  2⤵
  PID:10000
- C:\Windows\System\xDaOgiu.exe
  C:\Windows\System\xDaOgiu.exe
  2⤵
  PID:10096
- C:\Windows\System\GwdusUW.exe
  C:\Windows\System\GwdusUW.exe
  2⤵
  PID:10200
- C:\Windows\System\CndOjav.exe
  C:\Windows\System\CndOjav.exe
  2⤵
  PID:9320
- C:\Windows\System\UngAFhC.exe
  C:\Windows\System\UngAFhC.exe
  2⤵
  PID:10060
- C:\Windows\System\mDOXimh.exe
  C:\Windows\System\mDOXimh.exe
  2⤵
  PID:9492
- C:\Windows\System\bOjYqTu.exe
  C:\Windows\System\bOjYqTu.exe
  2⤵
  PID:9692
- C:\Windows\System\rMdZoFb.exe
  C:\Windows\System\rMdZoFb.exe
  2⤵
  PID:9948
- C:\Windows\System\DzykfAr.exe
  C:\Windows\System\DzykfAr.exe
  2⤵
  PID:9284
- C:\Windows\System\ViWcDNM.exe
  C:\Windows\System\ViWcDNM.exe
  2⤵
  PID:9460
- C:\Windows\System\GXzTZWP.exe
  C:\Windows\System\GXzTZWP.exe
  2⤵
  PID:8440
- C:\Windows\System\ABTteLy.exe
  C:\Windows\System\ABTteLy.exe
  2⤵
  PID:10032
- C:\Windows\System\tmTKZxz.exe
  C:\Windows\System\tmTKZxz.exe
  2⤵
  PID:9204
- C:\Windows\System\Jqconpu.exe
  C:\Windows\System\Jqconpu.exe
  2⤵
  PID:9992
- C:\Windows\System\UHPzvmp.exe
  C:\Windows\System\UHPzvmp.exe
  2⤵
  PID:9256
- C:\Windows\System\uGLPCRG.exe
  C:\Windows\System\uGLPCRG.exe
  2⤵
  PID:10260
- C:\Windows\System\MEDoJeW.exe
  C:\Windows\System\MEDoJeW.exe
  2⤵
  PID:10292
- C:\Windows\System\ouBXbrW.exe
  C:\Windows\System\ouBXbrW.exe
  2⤵
  PID:10320
- C:\Windows\System\lGtJAHk.exe
  C:\Windows\System\lGtJAHk.exe
  2⤵
  PID:10348
- C:\Windows\System\PQtLagx.exe
  C:\Windows\System\PQtLagx.exe
  2⤵
  PID:10376
- C:\Windows\System\HOIOlMo.exe
  C:\Windows\System\HOIOlMo.exe
  2⤵
  PID:10404
- C:\Windows\System\xLtlDQs.exe
  C:\Windows\System\xLtlDQs.exe
  2⤵
  PID:10432
- C:\Windows\System\mzeoajd.exe
  C:\Windows\System\mzeoajd.exe
  2⤵
  PID:10460
- C:\Windows\System\kQqtvMi.exe
  C:\Windows\System\kQqtvMi.exe
  2⤵
  PID:10488
- C:\Windows\System\QhPecle.exe
  C:\Windows\System\QhPecle.exe
  2⤵
  PID:10516
- C:\Windows\System\AmwOsEN.exe
  C:\Windows\System\AmwOsEN.exe
  2⤵
  PID:10544
- C:\Windows\System\HytijQY.exe
  C:\Windows\System\HytijQY.exe
  2⤵
  PID:10572
- C:\Windows\System\LBZKEIC.exe
  C:\Windows\System\LBZKEIC.exe
  2⤵
  PID:10600
- C:\Windows\System\kCxlZqm.exe
  C:\Windows\System\kCxlZqm.exe
  2⤵
  PID:10644
- C:\Windows\System\LAlwDZj.exe
  C:\Windows\System\LAlwDZj.exe
  2⤵
  PID:10660
- C:\Windows\System\eOmIIqb.exe
  C:\Windows\System\eOmIIqb.exe
  2⤵
  PID:10688
- C:\Windows\System\NUPrcaV.exe
  C:\Windows\System\NUPrcaV.exe
  2⤵
  PID:10724
- C:\Windows\System\LdwDaFl.exe
  C:\Windows\System\LdwDaFl.exe
  2⤵
  PID:10744
- C:\Windows\System\AKQVMeM.exe
  C:\Windows\System\AKQVMeM.exe
  2⤵
  PID:10772
- C:\Windows\System\mvMUpqV.exe
  C:\Windows\System\mvMUpqV.exe
  2⤵
  PID:10808
- C:\Windows\System\SRIRGEE.exe
  C:\Windows\System\SRIRGEE.exe
  2⤵
  PID:10844
- C:\Windows\System\VlEwkVL.exe
  C:\Windows\System\VlEwkVL.exe
  2⤵
  PID:10864
- C:\Windows\System\kmtcNuf.exe
  C:\Windows\System\kmtcNuf.exe
  2⤵
  PID:10896
- C:\Windows\System\FFKmfpU.exe
  C:\Windows\System\FFKmfpU.exe
  2⤵
  PID:10920
- C:\Windows\System\ddkghHr.exe
  C:\Windows\System\ddkghHr.exe
  2⤵
  PID:10948
- C:\Windows\System\eqfgPck.exe
  C:\Windows\System\eqfgPck.exe
  2⤵
  PID:10988
- C:\Windows\System\iEeHdGP.exe
  C:\Windows\System\iEeHdGP.exe
  2⤵
  PID:11008
- C:\Windows\System\hgVPWEx.exe
  C:\Windows\System\hgVPWEx.exe
  2⤵
  PID:11036
- C:\Windows\System\EmdexAf.exe
  C:\Windows\System\EmdexAf.exe
  2⤵
  PID:11064
- C:\Windows\System\MxsoRCv.exe
  C:\Windows\System\MxsoRCv.exe
  2⤵
  PID:11092
- C:\Windows\System\ImOBznI.exe
  C:\Windows\System\ImOBznI.exe
  2⤵
  PID:11124
- C:\Windows\System\UHEMiBP.exe
  C:\Windows\System\UHEMiBP.exe
  2⤵
  PID:11148
- C:\Windows\System\AXZDBMY.exe
  C:\Windows\System\AXZDBMY.exe
  2⤵
  PID:11176
- C:\Windows\System\NtWYDUr.exe
  C:\Windows\System\NtWYDUr.exe
  2⤵
  PID:11204
- C:\Windows\System\CAUIcqE.exe
  C:\Windows\System\CAUIcqE.exe
  2⤵
  PID:11232
- C:\Windows\System\vFFOLEV.exe
  C:\Windows\System\vFFOLEV.exe
  2⤵
  PID:10252
- C:\Windows\System\OlEJmAR.exe
  C:\Windows\System\OlEJmAR.exe
  2⤵
  PID:9860
- C:\Windows\System\MHyyNlx.exe
  C:\Windows\System\MHyyNlx.exe
  2⤵
  PID:10340
- C:\Windows\System\VDQgDpA.exe
  C:\Windows\System\VDQgDpA.exe
  2⤵
  PID:10400
- C:\Windows\System\EXsAUmG.exe
  C:\Windows\System\EXsAUmG.exe
  2⤵
  PID:9768
- C:\Windows\System\frLqIze.exe
  C:\Windows\System\frLqIze.exe
  2⤵
  PID:10540
- C:\Windows\System\nHvGsEd.exe
  C:\Windows\System\nHvGsEd.exe
  2⤵
  PID:10624
- C:\Windows\System\YgpTpAf.exe
  C:\Windows\System\YgpTpAf.exe
  2⤵
  PID:10680
- C:\Windows\System\WHNZpPl.exe
  C:\Windows\System\WHNZpPl.exe
  2⤵
  PID:10740
- C:\Windows\System\lIwLpHr.exe
  C:\Windows\System\lIwLpHr.exe
  2⤵
  PID:10820
- C:\Windows\System\lMIamfr.exe
  C:\Windows\System\lMIamfr.exe
  2⤵
  PID:6132
- C:\Windows\System\EEYnVCE.exe
  C:\Windows\System\EEYnVCE.exe
  2⤵
  PID:8060
- C:\Windows\System\SZfFUzP.exe
  C:\Windows\System\SZfFUzP.exe
  2⤵
  PID:10888
- C:\Windows\System\QoqNLkg.exe
  C:\Windows\System\QoqNLkg.exe
  2⤵
  PID:10972
- C:\Windows\System\meWrXVe.exe
  C:\Windows\System\meWrXVe.exe
  2⤵
  PID:1596
- C:\Windows\System\PJuuvFf.exe
  C:\Windows\System\PJuuvFf.exe
  2⤵
  PID:11076
- C:\Windows\System\KJDMdVQ.exe
  C:\Windows\System\KJDMdVQ.exe
  2⤵
  PID:7348
- C:\Windows\System\lElyxud.exe
  C:\Windows\System\lElyxud.exe
  2⤵
  PID:11188
- C:\Windows\System\EslWugl.exe
  C:\Windows\System\EslWugl.exe
  2⤵
  PID:11244
- C:\Windows\System\NgJmUEv.exe
  C:\Windows\System\NgJmUEv.exe
  2⤵
  PID:10332
- C:\Windows\System\vhwAaIT.exe
  C:\Windows\System\vhwAaIT.exe
  2⤵
  PID:10456
- C:\Windows\System\YZldSuH.exe
  C:\Windows\System\YZldSuH.exe
  2⤵
  PID:116
- C:\Windows\System\qgpdtOS.exe
  C:\Windows\System\qgpdtOS.exe
  2⤵
  PID:10708
- C:\Windows\System\ifIgpGJ.exe
  C:\Windows\System\ifIgpGJ.exe
  2⤵
  PID:4932
- C:\Windows\System\DnjcIhV.exe
  C:\Windows\System\DnjcIhV.exe
  2⤵
  PID:10484
- C:\Windows\System\WmhpUjD.exe
  C:\Windows\System\WmhpUjD.exe
  2⤵
  PID:5432
- C:\Windows\System\zFSeVoG.exe
  C:\Windows\System\zFSeVoG.exe
  2⤵
  PID:1980
- C:\Windows\System\LGUlbza.exe
  C:\Windows\System\LGUlbza.exe
  2⤵
  PID:11112
- C:\Windows\System\TwAUuMI.exe
  C:\Windows\System\TwAUuMI.exe
  2⤵
  PID:10280
- C:\Windows\System\eSRjooK.exe
  C:\Windows\System\eSRjooK.exe
  2⤵
  PID:10396
- C:\Windows\System\laItxIW.exe
  C:\Windows\System\laItxIW.exe
  2⤵
  PID:10628
- C:\Windows\System\souxttJ.exe
  C:\Windows\System\souxttJ.exe
  2⤵
  PID:8084
- C:\Windows\System\cdirFRl.exe
  C:\Windows\System\cdirFRl.exe
  2⤵
  PID:11004
- C:\Windows\System\wcXMEuS.exe
  C:\Windows\System\wcXMEuS.exe
  2⤵
  PID:2116
- C:\Windows\System\qmbAuPO.exe
  C:\Windows\System\qmbAuPO.exe
  2⤵
  PID:10512
- C:\Windows\System\VRnyhBd.exe
  C:\Windows\System\VRnyhBd.exe
  2⤵
  PID:10960
- C:\Windows\System\tmNiuaF.exe
  C:\Windows\System\tmNiuaF.exe
  2⤵
  PID:10064
- C:\Windows\System\Amppxpt.exe
  C:\Windows\System\Amppxpt.exe
  2⤵
  PID:10176
- C:\Windows\System\Ppnltto.exe
  C:\Windows\System\Ppnltto.exe
  2⤵
  PID:11272
- C:\Windows\System\UZxhKaV.exe
  C:\Windows\System\UZxhKaV.exe
  2⤵
  PID:11300
- C:\Windows\System\THCKFiw.exe
  C:\Windows\System\THCKFiw.exe
  2⤵
  PID:11328
- C:\Windows\System\LBPLNtt.exe
  C:\Windows\System\LBPLNtt.exe
  2⤵
  PID:11360
- C:\Windows\System\mfoqBGK.exe
  C:\Windows\System\mfoqBGK.exe
  2⤵
  PID:11388
- C:\Windows\System\XegOdfD.exe
  C:\Windows\System\XegOdfD.exe
  2⤵
  PID:11416
- C:\Windows\System\kCBHzqB.exe
  C:\Windows\System\kCBHzqB.exe
  2⤵
  PID:11444
- C:\Windows\System\cwXCsYw.exe
  C:\Windows\System\cwXCsYw.exe
  2⤵
  PID:11472
- C:\Windows\System\PIATdek.exe
  C:\Windows\System\PIATdek.exe
  2⤵
  PID:11500
- C:\Windows\System\UENtHuu.exe
  C:\Windows\System\UENtHuu.exe
  2⤵
  PID:11528
- C:\Windows\System\GGycjCg.exe
  C:\Windows\System\GGycjCg.exe
  2⤵
  PID:11556
- C:\Windows\System\oLCiNeO.exe
  C:\Windows\System\oLCiNeO.exe
  2⤵
  PID:11584
- C:\Windows\System\Bsgsfie.exe
  C:\Windows\System\Bsgsfie.exe
  2⤵
  PID:11612
- C:\Windows\System\aFcpqUd.exe
  C:\Windows\System\aFcpqUd.exe
  2⤵
  PID:11640
- C:\Windows\System\aFeByCm.exe
  C:\Windows\System\aFeByCm.exe
  2⤵
  PID:11668
- C:\Windows\System\vrvuZCL.exe
  C:\Windows\System\vrvuZCL.exe
  2⤵
  PID:11696
- C:\Windows\System\RkEnmRe.exe
  C:\Windows\System\RkEnmRe.exe
  2⤵
  PID:11724
- C:\Windows\System\sroNMec.exe
  C:\Windows\System\sroNMec.exe
  2⤵
  PID:11752
- C:\Windows\System\xzfgxTZ.exe
  C:\Windows\System\xzfgxTZ.exe
  2⤵
  PID:11780
- C:\Windows\System\zmKtyXK.exe
  C:\Windows\System\zmKtyXK.exe
  2⤵
  PID:11808
- C:\Windows\System\tLULgZh.exe
  C:\Windows\System\tLULgZh.exe
  2⤵
  PID:11836
- C:\Windows\System\KHQokmX.exe
  C:\Windows\System\KHQokmX.exe
  2⤵
  PID:11864
- C:\Windows\System\egPCHtu.exe
  C:\Windows\System\egPCHtu.exe
  2⤵
  PID:11892
- C:\Windows\System\DuFvyEb.exe
  C:\Windows\System\DuFvyEb.exe
  2⤵
  PID:11920
- C:\Windows\System\TOkwCVM.exe
  C:\Windows\System\TOkwCVM.exe
  2⤵
  PID:11960
- C:\Windows\System\lqLXCRo.exe
  C:\Windows\System\lqLXCRo.exe
  2⤵
  PID:11976
- C:\Windows\System\zWhCJtL.exe
  C:\Windows\System\zWhCJtL.exe
  2⤵
  PID:12004
- C:\Windows\System\klEIBMA.exe
  C:\Windows\System\klEIBMA.exe
  2⤵
  PID:12036
- C:\Windows\System\gQJmzac.exe
  C:\Windows\System\gQJmzac.exe
  2⤵
  PID:12064
- C:\Windows\System\SnnEkGG.exe
  C:\Windows\System\SnnEkGG.exe
  2⤵
  PID:12092
- C:\Windows\System\VUYFERr.exe
  C:\Windows\System\VUYFERr.exe
  2⤵
  PID:12120
- C:\Windows\System\cjpoAmW.exe
  C:\Windows\System\cjpoAmW.exe
  2⤵
  PID:12148
- C:\Windows\System\mQWqGqm.exe
  C:\Windows\System\mQWqGqm.exe
  2⤵
  PID:12176
- C:\Windows\System\xAxhURX.exe
  C:\Windows\System\xAxhURX.exe
  2⤵
  PID:12204
- C:\Windows\System\tfMBbGw.exe
  C:\Windows\System\tfMBbGw.exe
  2⤵
  PID:12232
- C:\Windows\System\aeqKhbv.exe
  C:\Windows\System\aeqKhbv.exe
  2⤵
  PID:12260
- C:\Windows\System\yZQLWrd.exe
  C:\Windows\System\yZQLWrd.exe
  2⤵
  PID:11268
- C:\Windows\System\HKqdMFg.exe
  C:\Windows\System\HKqdMFg.exe
  2⤵
  PID:11340
- C:\Windows\System\XxsFkxt.exe
  C:\Windows\System\XxsFkxt.exe
  2⤵
  PID:11408
- C:\Windows\System\VIIQbLJ.exe
  C:\Windows\System\VIIQbLJ.exe
  2⤵
  PID:11468
- C:\Windows\System\pqfSSyb.exe
  C:\Windows\System\pqfSSyb.exe
  2⤵
  PID:11540
- C:\Windows\System\nGJedZr.exe
  C:\Windows\System\nGJedZr.exe
  2⤵
  PID:11604
- C:\Windows\System\fmQeWvL.exe
  C:\Windows\System\fmQeWvL.exe
  2⤵
  PID:11664
- C:\Windows\System\DJGwmJq.exe
  C:\Windows\System\DJGwmJq.exe
  2⤵
  PID:11736
- C:\Windows\System\BdwsaXN.exe
  C:\Windows\System\BdwsaXN.exe
  2⤵
  PID:1496
- C:\Windows\System\daFbTWa.exe
  C:\Windows\System\daFbTWa.exe
  2⤵
  PID:4224
- C:\Windows\System\mAtOEja.exe
  C:\Windows\System\mAtOEja.exe
  2⤵
  PID:11832
- C:\Windows\System\ekURYUT.exe
  C:\Windows\System\ekURYUT.exe
  2⤵
  PID:11904
- C:\Windows\System\qPElBwk.exe
  C:\Windows\System\qPElBwk.exe
  2⤵
  PID:11944
- C:\Windows\System\cTakDpu.exe
  C:\Windows\System\cTakDpu.exe
  2⤵
  PID:12024
- C:\Windows\System\DGRpHxE.exe
  C:\Windows\System\DGRpHxE.exe
  2⤵
  PID:12112
- C:\Windows\System\wFvbAWL.exe
  C:\Windows\System\wFvbAWL.exe
  2⤵
  PID:12160
- C:\Windows\System\XfEdkHO.exe
  C:\Windows\System\XfEdkHO.exe
  2⤵
  PID:12224
- C:\Windows\System\hILxiMw.exe
  C:\Windows\System\hILxiMw.exe
  2⤵
  PID:10916
- C:\Windows\System\hlmbPRz.exe
  C:\Windows\System\hlmbPRz.exe
  2⤵
  PID:11372
- C:\Windows\System\TZinNIc.exe
  C:\Windows\System\TZinNIc.exe
  2⤵
  PID:11464
- C:\Windows\System\ZVSweZx.exe
  C:\Windows\System\ZVSweZx.exe
  2⤵
  PID:11596
- C:\Windows\System\eOvsaVT.exe
  C:\Windows\System\eOvsaVT.exe
  2⤵
  PID:11764
- C:\Windows\System\ZoeptMH.exe
  C:\Windows\System\ZoeptMH.exe
  2⤵
  PID:11820
- C:\Windows\System\JdqjgOx.exe
  C:\Windows\System\JdqjgOx.exe
  2⤵
  PID:11940
- C:\Windows\System\OJSmeTF.exe
  C:\Windows\System\OJSmeTF.exe
  2⤵
  PID:12084
- C:\Windows\System\gbSJpac.exe
  C:\Windows\System\gbSJpac.exe
  2⤵
  PID:12284
- C:\Windows\System\IZVOgVk.exe
  C:\Windows\System\IZVOgVk.exe
  2⤵
  PID:11580
- C:\Windows\System\PUahzLV.exe
  C:\Windows\System\PUahzLV.exe
  2⤵
  PID:3900
- C:\Windows\System\pXIygpw.exe
  C:\Windows\System\pXIygpw.exe
  2⤵
  PID:708
- C:\Windows\System\WyVJQNu.exe
  C:\Windows\System\WyVJQNu.exe
  2⤵
  PID:6012
- C:\Windows\System\pqqiPld.exe
  C:\Windows\System\pqqiPld.exe
  2⤵
  PID:6224
- C:\Windows\System\HKelvpO.exe
  C:\Windows\System\HKelvpO.exe
  2⤵
  PID:5548
- C:\Windows\System\aPJvhma.exe
  C:\Windows\System\aPJvhma.exe
  2⤵
  PID:532
- C:\Windows\System\JxIxFse.exe
  C:\Windows\System\JxIxFse.exe
  2⤵
  PID:11716
- C:\Windows\System\ZXhgjdO.exe
  C:\Windows\System\ZXhgjdO.exe
  2⤵
  PID:12216
- C:\Windows\System\gwOJsMM.exe
  C:\Windows\System\gwOJsMM.exe
  2⤵
  PID:6480
- C:\Windows\System\grZgDWr.exe
  C:\Windows\System\grZgDWr.exe
  2⤵
  PID:1800
- C:\Windows\System\jctZtPJ.exe
  C:\Windows\System\jctZtPJ.exe
  2⤵
  PID:5748
- C:\Windows\System\MUCguvD.exe
  C:\Windows\System\MUCguvD.exe
  2⤵
  PID:6196
- C:\Windows\System\aFRsWqV.exe
  C:\Windows\System\aFRsWqV.exe
  2⤵
  PID:396
- C:\Windows\System\bXjEhES.exe
  C:\Windows\System\bXjEhES.exe
  2⤵
  PID:6804
- C:\Windows\System\LKgtIiG.exe
  C:\Windows\System\LKgtIiG.exe
  2⤵
  PID:6896
- C:\Windows\System\XznCDlP.exe
  C:\Windows\System\XznCDlP.exe
  2⤵
  PID:6984
- C:\Windows\System\GcBYhqs.exe
  C:\Windows\System\GcBYhqs.exe
  2⤵
  PID:2108
- C:\Windows\System\MXVoWYb.exe
  C:\Windows\System\MXVoWYb.exe
  2⤵
  PID:3156
- C:\Windows\System\XMBTcPm.exe
  C:\Windows\System\XMBTcPm.exe
  2⤵
  PID:4516
- C:\Windows\System\DCGaQLG.exe
  C:\Windows\System\DCGaQLG.exe
  2⤵
  PID:1608
- C:\Windows\System\fnxOdGH.exe
  C:\Windows\System\fnxOdGH.exe
  2⤵
  PID:4396
- C:\Windows\System\IELnXBr.exe
  C:\Windows\System\IELnXBr.exe
  2⤵
  PID:11692
- C:\Windows\System\weCpzZl.exe
  C:\Windows\System\weCpzZl.exe
  2⤵
  PID:2524
- C:\Windows\System\Yuzecwz.exe
  C:\Windows\System\Yuzecwz.exe
  2⤵
  PID:6840
- C:\Windows\System\TtPjLZv.exe
  C:\Windows\System\TtPjLZv.exe
  2⤵
  PID:6932
- C:\Windows\System\yfSapmA.exe
  C:\Windows\System\yfSapmA.exe
  2⤵
  PID:2036
- C:\Windows\System\SkJuPla.exe
  C:\Windows\System\SkJuPla.exe
  2⤵
  PID:1796
- C:\Windows\System\FKgWsqG.exe
  C:\Windows\System\FKgWsqG.exe
  2⤵
  PID:2316
- C:\Windows\System\QXhkxOv.exe
  C:\Windows\System\QXhkxOv.exe
  2⤵
  PID:3492
- C:\Windows\System\hQGSiMv.exe
  C:\Windows\System\hQGSiMv.exe
  2⤵
  PID:996
- C:\Windows\System\PsmWXmz.exe
  C:\Windows\System\PsmWXmz.exe
  2⤵
  PID:11524
- C:\Windows\System\aWFEMnL.exe
  C:\Windows\System\aWFEMnL.exe
  2⤵
  PID:4420
- C:\Windows\System\TuNxIGq.exe
  C:\Windows\System\TuNxIGq.exe
  2⤵
  PID:1040
- C:\Windows\System\YmuUuze.exe
  C:\Windows\System\YmuUuze.exe
  2⤵
  PID:4048
- C:\Windows\System\kMdHQmM.exe
  C:\Windows\System\kMdHQmM.exe
  2⤵
  PID:5448
- C:\Windows\System\yutFBab.exe
  C:\Windows\System\yutFBab.exe
  2⤵
  PID:4588
- C:\Windows\System\YCCDCPa.exe
  C:\Windows\System\YCCDCPa.exe
  2⤵
  PID:4384
- C:\Windows\System\RhTcqIo.exe
  C:\Windows\System\RhTcqIo.exe
  2⤵
  PID:6512
- C:\Windows\System\muMloAi.exe
  C:\Windows\System\muMloAi.exe
  2⤵
  PID:7024
- C:\Windows\System\szSrViB.exe
  C:\Windows\System\szSrViB.exe
  2⤵
  PID:3160
- C:\Windows\System\QbQfXjb.exe
  C:\Windows\System\QbQfXjb.exe
  2⤵
  PID:1328
- C:\Windows\System\TIwXWJD.exe
  C:\Windows\System\TIwXWJD.exe
  2⤵
  PID:5932
- C:\Windows\System\MyyaXmd.exe
  C:\Windows\System\MyyaXmd.exe
  2⤵
  PID:3324
- C:\Windows\System\KSPomjf.exe
  C:\Windows\System\KSPomjf.exe
  2⤵
  PID:12304
- C:\Windows\System\UgvczDF.exe
  C:\Windows\System\UgvczDF.exe
  2⤵
  PID:12332
- C:\Windows\System\oKPSGUa.exe
  C:\Windows\System\oKPSGUa.exe
  2⤵
  PID:12360
- C:\Windows\System\XFRFoHR.exe
  C:\Windows\System\XFRFoHR.exe
  2⤵
  PID:12388
- C:\Windows\System\xMyNLmU.exe
  C:\Windows\System\xMyNLmU.exe
  2⤵
  PID:12416
- C:\Windows\System\TzhdeOA.exe
  C:\Windows\System\TzhdeOA.exe
  2⤵
  PID:12444
- C:\Windows\System\BabnKJw.exe
  C:\Windows\System\BabnKJw.exe
  2⤵
  PID:12484
- C:\Windows\System\gGlkEdw.exe
  C:\Windows\System\gGlkEdw.exe
  2⤵
  PID:12504
- C:\Windows\System\cMuWRmg.exe
  C:\Windows\System\cMuWRmg.exe
  2⤵
  PID:12532
- C:\Windows\System\VEhXuMm.exe
  C:\Windows\System\VEhXuMm.exe
  2⤵
  PID:12560
- C:\Windows\System\kfwNXPj.exe
  C:\Windows\System\kfwNXPj.exe
  2⤵
  PID:12588
- C:\Windows\System\CDQfFkl.exe
  C:\Windows\System\CDQfFkl.exe
  2⤵
  PID:12616
- C:\Windows\System\HgMMKuo.exe
  C:\Windows\System\HgMMKuo.exe
  2⤵
  PID:12652
- C:\Windows\System\WSWYide.exe
  C:\Windows\System\WSWYide.exe
  2⤵
  PID:12672
- C:\Windows\System\dxklJVq.exe
  C:\Windows\System\dxklJVq.exe
  2⤵
  PID:12700
- C:\Windows\System\lnSDTBj.exe
  C:\Windows\System\lnSDTBj.exe
  2⤵
  PID:12728
- C:\Windows\System\jFoftXG.exe
  C:\Windows\System\jFoftXG.exe
  2⤵
  PID:12756
- C:\Windows\System\dvVdROD.exe
  C:\Windows\System\dvVdROD.exe
  2⤵
  PID:12784
- C:\Windows\System\YzakSzd.exe
  C:\Windows\System\YzakSzd.exe
  2⤵
  PID:12812
- C:\Windows\System\HOxzKCC.exe
  C:\Windows\System\HOxzKCC.exe
  2⤵
  PID:12844
- C:\Windows\System\TKioUKi.exe
  C:\Windows\System\TKioUKi.exe
  2⤵
  PID:12868
- C:\Windows\System\aoSZQSJ.exe
  C:\Windows\System\aoSZQSJ.exe
  2⤵
  PID:12896
- C:\Windows\System\juaJlzj.exe
  C:\Windows\System\juaJlzj.exe
  2⤵
  PID:12924
- C:\Windows\System\OgoudJL.exe
  C:\Windows\System\OgoudJL.exe
  2⤵
  PID:12952
- C:\Windows\System\UBNWldn.exe
  C:\Windows\System\UBNWldn.exe
  2⤵
  PID:12980
- C:\Windows\System\mDWRTov.exe
  C:\Windows\System\mDWRTov.exe
  2⤵
  PID:13008
- C:\Windows\System\UTJgQIH.exe
  C:\Windows\System\UTJgQIH.exe
  2⤵
  PID:13036
- C:\Windows\System\spJCigg.exe
  C:\Windows\System\spJCigg.exe
  2⤵
  PID:13064
- C:\Windows\System\eZROxLl.exe
  C:\Windows\System\eZROxLl.exe
  2⤵
  PID:13092
- C:\Windows\System\FqDokAM.exe
  C:\Windows\System\FqDokAM.exe
  2⤵
  PID:13124
- C:\Windows\System\MvXEaFn.exe
  C:\Windows\System\MvXEaFn.exe
  2⤵
  PID:13152
- C:\Windows\System\jEMtzll.exe
  C:\Windows\System\jEMtzll.exe
  2⤵
  PID:13180
- C:\Windows\System\wqBgsxT.exe
  C:\Windows\System\wqBgsxT.exe
  2⤵
  PID:13208
- C:\Windows\System\bkspJqw.exe
  C:\Windows\System\bkspJqw.exe
  2⤵
  PID:13236
- C:\Windows\System\nhkMbHv.exe
  C:\Windows\System\nhkMbHv.exe
  2⤵
  PID:13264
- C:\Windows\System\ngZffLG.exe
  C:\Windows\System\ngZffLG.exe
  2⤵
  PID:13292
- C:\Windows\System\DWNkdri.exe
  C:\Windows\System\DWNkdri.exe
  2⤵
  PID:2660
- C:\Windows\System\HxVqUMV.exe
  C:\Windows\System\HxVqUMV.exe
  2⤵
  PID:2240
- C:\Windows\System\nsHSIiL.exe
  C:\Windows\System\nsHSIiL.exe
  2⤵
  PID:4024
- C:\Windows\System\ANAFPKI.exe
  C:\Windows\System\ANAFPKI.exe
  2⤵
  PID:12428
- C:\Windows\System\TTlzORE.exe
  C:\Windows\System\TTlzORE.exe
  2⤵
  PID:12464
- C:\Windows\System\uNslKAX.exe
  C:\Windows\System\uNslKAX.exe
  2⤵
  PID:4312
- C:\Windows\System\wAEnCeD.exe
  C:\Windows\System\wAEnCeD.exe
  2⤵
  PID:12580
- C:\Windows\System\NFVMMrF.exe
  C:\Windows\System\NFVMMrF.exe
  2⤵
  PID:5168
- C:\Windows\System\WigtMmM.exe
  C:\Windows\System\WigtMmM.exe
  2⤵
  PID:5196
- C:\Windows\System\xGMgUab.exe
  C:\Windows\System\xGMgUab.exe
  2⤵
  PID:12692
- C:\Windows\System\UuEivez.exe
  C:\Windows\System\UuEivez.exe
  2⤵
  PID:12752
- C:\Windows\System\gwBITWn.exe
  C:\Windows\System\gwBITWn.exe
  2⤵
  PID:5300
- C:\Windows\System\khlaygF.exe
  C:\Windows\System\khlaygF.exe
  2⤵
  PID:12864
- C:\Windows\System\BZvKrvE.exe
  C:\Windows\System\BZvKrvE.exe
  2⤵
  PID:5356
- C:\Windows\System\swCXXMX.exe
  C:\Windows\System\swCXXMX.exe
  2⤵
  PID:5420
- C:\Windows\System\napbvWy.exe
  C:\Windows\System\napbvWy.exe
  2⤵
  PID:12972
- C:\Windows\System\jJOSnYe.exe
  C:\Windows\System\jJOSnYe.exe
  2⤵
  PID:13032
- C:\Windows\System\kAQAPgW.exe
  C:\Windows\System\kAQAPgW.exe
  2⤵
  PID:13104
- C:\Windows\System\OeOZQnY.exe
  C:\Windows\System\OeOZQnY.exe
  2⤵
  PID:13148
- C:\Windows\System\siWtbRq.exe
  C:\Windows\System\siWtbRq.exe
  2⤵
  PID:5600
- C:\Windows\System\QgNWWjn.exe
  C:\Windows\System\QgNWWjn.exe
  2⤵
  PID:5604
- C:\Windows\System\NSOPRhw.exe
  C:\Windows\System\NSOPRhw.exe
  2⤵
  PID:13260
- C:\Windows\System\tIElhmc.exe
  C:\Windows\System\tIElhmc.exe
  2⤵
  PID:5636
- C:\Windows\System\snPAWNj.exe
  C:\Windows\System\snPAWNj.exe
  2⤵
  PID:5668
- C:\Windows\System\hBNzgWg.exe
  C:\Windows\System\hBNzgWg.exe
  2⤵
  PID:12456
- C:\Windows\System\IVzjngu.exe
  C:\Windows\System\IVzjngu.exe
  2⤵
  PID:12496
- C:\Windows\System\pbWRkgN.exe
  C:\Windows\System\pbWRkgN.exe
  2⤵
  PID:5768
- C:\Windows\System\bWGJFVu.exe
  C:\Windows\System\bWGJFVu.exe
  2⤵
  PID:5840
- C:\Windows\System\TEFSmYT.exe
  C:\Windows\System\TEFSmYT.exe
  2⤵
  PID:12740
- C:\Windows\System\mYxmTQH.exe
  C:\Windows\System\mYxmTQH.exe
  2⤵
  PID:12860
- C:\Windows\System\YZTNWiD.exe
  C:\Windows\System\YZTNWiD.exe
  2⤵
  PID:12936
- C:\Windows\System\WlSuiAm.exe
  C:\Windows\System\WlSuiAm.exe
  2⤵
  PID:5936
- C:\Windows\System\DVsnUEQ.exe
  C:\Windows\System\DVsnUEQ.exe
  2⤵
  PID:5536
- C:\Windows\System\gVldrOy.exe
  C:\Windows\System\gVldrOy.exe
  2⤵
  PID:13172
- C:\Windows\System\LXTXFsL.exe
  C:\Windows\System\LXTXFsL.exe
  2⤵
  PID:6016
- C:\Windows\System\exMFxev.exe
  C:\Windows\System\exMFxev.exe
  2⤵
  PID:5628
- C:\Windows\System\KwiAbUM.exe
  C:\Windows\System\KwiAbUM.exe
  2⤵
  PID:12412
- C:\Windows\System\qhUZpRP.exe
  C:\Windows\System\qhUZpRP.exe
  2⤵
  PID:12556
- C:\Windows\System\HjLRFlB.exe
  C:\Windows\System\HjLRFlB.exe
  2⤵
  PID:4816
- C:\Windows\System\zbljrwF.exe
  C:\Windows\System\zbljrwF.exe
  2⤵
  PID:8128
- C:\Windows\System\tEzsidT.exe
  C:\Windows\System\tEzsidT.exe
  2⤵
  PID:3124
- C:\Windows\System\XEJAiEM.exe
  C:\Windows\System\XEJAiEM.exe
  2⤵
  PID:1316
- C:\Windows\System\NObJdlW.exe
  C:\Windows\System\NObJdlW.exe
  2⤵
  PID:13028
- C:\Windows\System\SnPukbz.exe
  C:\Windows\System\SnPukbz.exe
  2⤵
  PID:13204
- C:\Windows\System\PyRtpxO.exe
  C:\Windows\System\PyRtpxO.exe
  2⤵
  PID:13288
- C:\Windows\System\GGNIYVb.exe
  C:\Windows\System\GGNIYVb.exe
  2⤵
  PID:5232
- C:\Windows\System\kwOKFGN.exe
  C:\Windows\System\kwOKFGN.exe
  2⤵
  PID:12832
- C:\Windows\System\lftOhRH.exe
  C:\Windows\System\lftOhRH.exe
  2⤵
  PID:5920
- C:\Windows\System\ZfXhRPG.exe
  C:\Windows\System\ZfXhRPG.exe
  2⤵
  PID:5164
- C:\Windows\System\TQYpJmO.exe
  C:\Windows\System\TQYpJmO.exe
  2⤵
  PID:5756
- C:\Windows\System\EGJDTNA.exe
  C:\Windows\System\EGJDTNA.exe
  2⤵
  PID:1704
- C:\Windows\System\vgdmJKN.exe
  C:\Windows\System\vgdmJKN.exe
  2⤵
  PID:5412
- C:\Windows\System\JXCrqHF.exe
  C:\Windows\System\JXCrqHF.exe
  2⤵
  PID:12720
- C:\Windows\System\FPOcpmm.exe
  C:\Windows\System\FPOcpmm.exe
  2⤵
  PID:5724
- C:\Windows\System\fKnZATh.exe
  C:\Windows\System\fKnZATh.exe
  2⤵
  PID:5856
- C:\Windows\System\mzKKZzU.exe
  C:\Windows\System\mzKKZzU.exe
  2⤵
  PID:1172
- C:\Windows\System\aMjjVhs.exe
  C:\Windows\System\aMjjVhs.exe
  2⤵
  PID:13332
- C:\Windows\System\sEPrfih.exe
  C:\Windows\System\sEPrfih.exe
  2⤵
  PID:13360
- C:\Windows\System\AgJGbTz.exe
  C:\Windows\System\AgJGbTz.exe
  2⤵
  PID:13388
- C:\Windows\System\MHJRJst.exe
  C:\Windows\System\MHJRJst.exe
  2⤵
  PID:13416
- C:\Windows\System\dWKZKYE.exe
  C:\Windows\System\dWKZKYE.exe
  2⤵
  PID:13448
- C:\Windows\System\oAIwJxF.exe
  C:\Windows\System\oAIwJxF.exe
  2⤵
  PID:13476
- C:\Windows\System\oKgsosx.exe
  C:\Windows\System\oKgsosx.exe
  2⤵
  PID:13504
- C:\Windows\System\HqSPJCE.exe
  C:\Windows\System\HqSPJCE.exe
  2⤵
  PID:13532
- C:\Windows\System\XSYlkJg.exe
  C:\Windows\System\XSYlkJg.exe
  2⤵
  PID:13560
- C:\Windows\System\eoYQneT.exe
  C:\Windows\System\eoYQneT.exe
  2⤵
  PID:13588
- C:\Windows\System\ZtlDIwl.exe
  C:\Windows\System\ZtlDIwl.exe
  2⤵
  PID:13616
- C:\Windows\System\bFKXyVQ.exe
  C:\Windows\System\bFKXyVQ.exe
  2⤵
  PID:13644
- C:\Windows\System\oUidYcO.exe
  C:\Windows\System\oUidYcO.exe
  2⤵
  PID:13672
- C:\Windows\System\BYvOEJa.exe
  C:\Windows\System\BYvOEJa.exe
  2⤵
  PID:13700
- C:\Windows\System\dIEcwoO.exe
  C:\Windows\System\dIEcwoO.exe
  2⤵
  PID:13728
- C:\Windows\System\KCwdeAE.exe
  C:\Windows\System\KCwdeAE.exe
  2⤵
  PID:13756
- C:\Windows\System\vWxJFjL.exe
  C:\Windows\System\vWxJFjL.exe
  2⤵
  PID:13784
- C:\Windows\System\tjscMFY.exe
  C:\Windows\System\tjscMFY.exe
  2⤵
  PID:13820
- C:\Windows\System\BRIRKdM.exe
  C:\Windows\System\BRIRKdM.exe
  2⤵
  PID:13860
- C:\Windows\System\cYYUMta.exe
  C:\Windows\System\cYYUMta.exe
  2⤵
  PID:13876
- C:\Windows\System\hnFnzol.exe
  C:\Windows\System\hnFnzol.exe
  2⤵
  PID:13904
- C:\Windows\System\EFtnfIs.exe
  C:\Windows\System\EFtnfIs.exe
  2⤵
  PID:13932
- C:\Windows\System\RDJHJYk.exe
  C:\Windows\System\RDJHJYk.exe
  2⤵
  PID:13960
- C:\Windows\System\oVuhIoI.exe
  C:\Windows\System\oVuhIoI.exe
  2⤵
  PID:13988
- C:\Windows\System\PNbtbow.exe
  C:\Windows\System\PNbtbow.exe
  2⤵
  PID:14016
- C:\Windows\System\yVGWaHw.exe
  C:\Windows\System\yVGWaHw.exe
  2⤵
  PID:14048
- C:\Windows\System\HmajjKI.exe
  C:\Windows\System\HmajjKI.exe
  2⤵
  PID:14076
- C:\Windows\System\WsbLRFY.exe
  C:\Windows\System\WsbLRFY.exe
  2⤵
  PID:14104
- C:\Windows\System\QJsKvtA.exe
  C:\Windows\System\QJsKvtA.exe
  2⤵
  PID:14132
- C:\Windows\System\RYuQGfA.exe
  C:\Windows\System\RYuQGfA.exe
  2⤵
  PID:14160
- C:\Windows\System\TLseouM.exe
  C:\Windows\System\TLseouM.exe
  2⤵
  PID:14188
- C:\Windows\System\yxroqKr.exe
  C:\Windows\System\yxroqKr.exe
  2⤵
  PID:14220
- C:\Windows\System\FFdVgpt.exe
  C:\Windows\System\FFdVgpt.exe
  2⤵
  PID:14244
- C:\Windows\System\avsOeWF.exe
  C:\Windows\System\avsOeWF.exe
  2⤵
  PID:14272
- C:\Windows\System\zfkWnCW.exe
  C:\Windows\System\zfkWnCW.exe
  2⤵
  PID:14300
- C:\Windows\System\TQgOuJp.exe
  C:\Windows\System\TQgOuJp.exe
  2⤵
  PID:13316
- C:\Windows\System\xSGMOis.exe
  C:\Windows\System\xSGMOis.exe
  2⤵
  PID:13344
- C:\Windows\System\OVrugYP.exe
  C:\Windows\System\OVrugYP.exe
  2⤵
  PID:13384
- C:\Windows\System\OXXXRRl.exe
  C:\Windows\System\OXXXRRl.exe
  2⤵
  PID:13460
- C:\Windows\System\sjPyCzV.exe
  C:\Windows\System\sjPyCzV.exe
  2⤵
  PID:13500
- C:\Windows\System\dIzLqVE.exe
  C:\Windows\System\dIzLqVE.exe
  2⤵
  PID:3716
- C:\Windows\System\QeXxoDp.exe
  C:\Windows\System\QeXxoDp.exe
  2⤵
  PID:13584
- C:\Windows\System\JRoNJnM.exe
  C:\Windows\System\JRoNJnM.exe
  2⤵
  PID:13628
- C:\Windows\System\xKBNtEC.exe
  C:\Windows\System\xKBNtEC.exe
  2⤵
  PID:13692
- C:\Windows\System\ClcBJDg.exe
  C:\Windows\System\ClcBJDg.exe
  2⤵
  PID:5644
- C:\Windows\System\iHEdGCH.exe
  C:\Windows\System\iHEdGCH.exe
  2⤵
  PID:5764
- C:\Windows\System\jmMmTIP.exe
  C:\Windows\System\jmMmTIP.exe
  2⤵
  PID:13840
- C:\Windows\System\oZjVaqX.exe
  C:\Windows\System\oZjVaqX.exe
  2⤵
  PID:13896
- C:\Windows\System\exnpYIt.exe
  C:\Windows\System\exnpYIt.exe
  2⤵
  PID:6268
- C:\Windows\System\KYekSnw.exe
  C:\Windows\System\KYekSnw.exe
  2⤵
  PID:14012
- C:\Windows\System\owjufMl.exe
  C:\Windows\System\owjufMl.exe
  2⤵
  PID:14040
- C:\Windows\System\FODJMOY.exe
  C:\Windows\System\FODJMOY.exe
  2⤵
  PID:14068
- C:\Windows\System\RZUnRLe.exe
  C:\Windows\System\RZUnRLe.exe
  2⤵
  PID:14116
- C:\Windows\System\xWeaIjO.exe
  C:\Windows\System\xWeaIjO.exe
  2⤵
  PID:14156
- C:\Windows\System\qoIpRpq.exe
  C:\Windows\System\qoIpRpq.exe
  2⤵
  PID:14208
- C:\Windows\System\DcWoxPu.exe
  C:\Windows\System\DcWoxPu.exe
  2⤵
  PID:14256
- C:\Windows\System\PONDUPE.exe
  C:\Windows\System\PONDUPE.exe
  2⤵
  PID:6616
- C:\Windows\System\qLtZiDE.exe
  C:\Windows\System\qLtZiDE.exe
  2⤵
  PID:14324
- C:\Windows\System\ZHLyrGw.exe
  C:\Windows\System\ZHLyrGw.exe
  2⤵
  PID:7400
- C:\Windows\System\hzMSyEL.exe
  C:\Windows\System\hzMSyEL.exe
  2⤵
  PID:7556
- C:\Windows\System\IryAeFU.exe
  C:\Windows\System\IryAeFU.exe
  2⤵
  PID:13496
- C:\Windows\System\vDzhMvX.exe
  C:\Windows\System\vDzhMvX.exe
  2⤵
  PID:13580
- C:\Windows\System\IjVyejT.exe
  C:\Windows\System\IjVyejT.exe
  2⤵
  PID:13608
- C:\Windows\System\gFoEFNz.exe
  C:\Windows\System\gFoEFNz.exe
  2⤵
  PID:13668
- C:\Windows\System\mowyuRV.exe
  C:\Windows\System\mowyuRV.exe
  2⤵
  PID:13740
- C:\Windows\System\FBCXqUO.exe
  C:\Windows\System\FBCXqUO.exe
  2⤵
  PID:13780
- C:\Windows\System\fPUildp.exe
  C:\Windows\System\fPUildp.exe
  2⤵
  PID:6684
- C:\Windows\System\vFpFiUy.exe
  C:\Windows\System\vFpFiUy.exe
  2⤵
  PID:13436
- C:\Windows\System\kyihTxZ.exe
  C:\Windows\System\kyihTxZ.exe
  2⤵
  PID:13956
- C:\Windows\System\BOlyHDF.exe
  C:\Windows\System\BOlyHDF.exe
  2⤵
  PID:6740
- C:\Windows\System\LGTVlBP.exe
  C:\Windows\System\LGTVlBP.exe
  2⤵
  PID:3624
- C:\Windows\System\PSfVrhd.exe
  C:\Windows\System\PSfVrhd.exe
  2⤵
  PID:14100
- C:\Windows\System\ffnUSSY.exe
  C:\Windows\System\ffnUSSY.exe
  2⤵
  PID:14200
- C:\Windows\System\GjKPyqK.exe
  C:\Windows\System\GjKPyqK.exe
  2⤵
  PID:14284
- C:\Windows\System\rroWpYR.exe
  C:\Windows\System\rroWpYR.exe
  2⤵
  PID:13324
- C:\Windows\System\LAWyEqP.exe
  C:\Windows\System\LAWyEqP.exe
  2⤵
  PID:5996
- C:\Windows\System\vXhmijF.exe
  C:\Windows\System\vXhmijF.exe
  2⤵
  PID:2680
- C:\Windows\System\nNHlQBv.exe
  C:\Windows\System\nNHlQBv.exe
  2⤵
  PID:4732
- C:\Windows\System\diDIOUT.exe
  C:\Windows\System\diDIOUT.exe
  2⤵
  PID:8080
- C:\Windows\System\SwVAOXi.exe
  C:\Windows\System\SwVAOXi.exe
  2⤵
  PID:832
- C:\Windows\System\sUXQkUw.exe
  C:\Windows\System\sUXQkUw.exe
  2⤵
  PID:6700
- C:\Windows\System\mOuNIBG.exe
  C:\Windows\System\mOuNIBG.exe
  2⤵
  PID:13928
- C:\Windows\System\KaAxzgE.exe
  C:\Windows\System\KaAxzgE.exe
  2⤵
  PID:7096
- C:\Windows\System\SKxjoMx.exe
  C:\Windows\System\SKxjoMx.exe
  2⤵
  PID:1612
- C:\Windows\System\vkgHdtx.exe
  C:\Windows\System\vkgHdtx.exe
  2⤵
  PID:6360
- C:\Windows\System\AmIGIgC.exe
  C:\Windows\System\AmIGIgC.exe
  2⤵
  PID:6748
- C:\Windows\System\bYaohyx.exe
  C:\Windows\System\bYaohyx.exe
  2⤵
  PID:5680
- C:\Windows\System\LRaeUKZ.exe
  C:\Windows\System\LRaeUKZ.exe
  2⤵
  PID:3468
- C:\Windows\System\SnGjpgM.exe
  C:\Windows\System\SnGjpgM.exe
  2⤵
  PID:8292
- C:\Windows\System\lJOANzm.exe
  C:\Windows\System\lJOANzm.exe
  2⤵
  PID:8328
- C:\Windows\System\AMEYgJA.exe
  C:\Windows\System\AMEYgJA.exe
  2⤵
  PID:8360
- C:\Windows\System\VFiifSD.exe
  C:\Windows\System\VFiifSD.exe
  2⤵
  PID:6232
- C:\Windows\System\VOtTgwR.exe
  C:\Windows\System\VOtTgwR.exe
  2⤵
  PID:8500
- C:\Windows\System\aLUgQUj.exe
  C:\Windows\System\aLUgQUj.exe
  2⤵
  PID:2892
- C:\Windows\System\joSUfes.exe
  C:\Windows\System\joSUfes.exe
  2⤵
  PID:6444
- C:\Windows\System\XILPPpF.exe
  C:\Windows\System\XILPPpF.exe
  2⤵
  PID:14184
- C:\Windows\System\leFdajJ.exe
  C:\Windows\System\leFdajJ.exe
  2⤵
  PID:5908
- C:\Windows\System\GbMiRZJ.exe
  C:\Windows\System\GbMiRZJ.exe
  2⤵
  PID:8612
- C:\Windows\System\AkDacrN.exe
  C:\Windows\System\AkDacrN.exe
  2⤵
  PID:6752
- C:\Windows\System\VpuSDBg.exe
  C:\Windows\System\VpuSDBg.exe
  2⤵
  PID:7856
- C:\Windows\System\RrOfdxa.exe
  C:\Windows\System\RrOfdxa.exe
  2⤵
  PID:8376
- C:\Windows\System\rnKgiAK.exe
  C:\Windows\System\rnKgiAK.exe
  2⤵
  PID:7068
- C:\Windows\System\OllqIRj.exe
  C:\Windows\System\OllqIRj.exe
  2⤵
  PID:6420
- C:\Windows\System\mtSzkxw.exe
  C:\Windows\System\mtSzkxw.exe
  2⤵
  PID:988
- C:\Windows\System\qQTRyqx.exe
  C:\Windows\System\qQTRyqx.exe
  2⤵
  PID:8768
- C:\Windows\System\JGsVQtA.exe
  C:\Windows\System\JGsVQtA.exe
  2⤵
  PID:8640
- C:\Windows\System\XIuhLeM.exe
  C:\Windows\System\XIuhLeM.exe
  2⤵
  PID:6744
- C:\Windows\System\WXBNhHi.exe
  C:\Windows\System\WXBNhHi.exe
  2⤵
  PID:8888
- C:\Windows\System\wQVjLMC.exe
  C:\Windows\System\wQVjLMC.exe
  2⤵
  PID:7152
- C:\Windows\System\jSQXNmW.exe
  C:\Windows\System\jSQXNmW.exe
  2⤵
  PID:5020
- C:\Windows\System\pIwyYMq.exe
  C:\Windows\System\pIwyYMq.exe
  2⤵
  PID:6240
- C:\Windows\System\hTFdekc.exe
  C:\Windows\System\hTFdekc.exe
  2⤵
  PID:8788
- C:\Windows\System\bXjBcGi.exe
  C:\Windows\System\bXjBcGi.exe
  2⤵
  PID:6564
- C:\Windows\System\qXxpCDQ.exe
  C:\Windows\System\qXxpCDQ.exe
  2⤵
  PID:9020
- C:\Windows\System\DELSuda.exe
  C:\Windows\System\DELSuda.exe
  2⤵
  PID:9040
- C:\Windows\System\OYWsoGJ.exe
  C:\Windows\System\OYWsoGJ.exe
  2⤵
  PID:6768
- C:\Windows\System\gIeykyS.exe
  C:\Windows\System\gIeykyS.exe
  2⤵
  PID:7000
- C:\Windows\System\RcPWmhE.exe
  C:\Windows\System\RcPWmhE.exe
  2⤵
  PID:8852
- C:\Windows\System\lHIPjxw.exe
  C:\Windows\System\lHIPjxw.exe
  2⤵
  PID:9176
- C:\Windows\System\RvXAnMM.exe
  C:\Windows\System\RvXAnMM.exe
  2⤵
  PID:3896
- C:\Windows\System\JmEIkCW.exe
  C:\Windows\System\JmEIkCW.exe
  2⤵
  PID:4656
- C:\Windows\System\zVhWelW.exe
  C:\Windows\System\zVhWelW.exe
  2⤵
  PID:9192
- C:\Windows\System\qRrQFmv.exe
  C:\Windows\System\qRrQFmv.exe
  2⤵
  PID:6516
- C:\Windows\System\StvTyUG.exe
  C:\Windows\System\StvTyUG.exe
  2⤵
  PID:9056
- C:\Windows\System\srdQvhD.exe
  C:\Windows\System\srdQvhD.exe
  2⤵
  PID:3100
- C:\Windows\System\tkxLpoT.exe
  C:\Windows\System\tkxLpoT.exe
  2⤵
  PID:9104
- C:\Windows\System\nMIXFwa.exe
  C:\Windows\System\nMIXFwa.exe
  2⤵
  PID:1688
- C:\Windows\System\pRXDfzh.exe
  C:\Windows\System\pRXDfzh.exe
  2⤵
  PID:8220
- C:\Windows\System\iqrothE.exe
  C:\Windows\System\iqrothE.exe
  2⤵
  PID:9076
- C:\Windows\System\QxjfRQg.exe
  C:\Windows\System\QxjfRQg.exe
  2⤵
  PID:8680
- C:\Windows\System\ijroBFW.exe
  C:\Windows\System\ijroBFW.exe
  2⤵
  PID:7184
- C:\Windows\System\MCfVipE.exe
  C:\Windows\System\MCfVipE.exe
  2⤵
  PID:7220
- C:\Windows\System\dMVFAWH.exe
  C:\Windows\System\dMVFAWH.exe
  2⤵
  PID:2252
- C:\Windows\System\hRbBaEH.exe
  C:\Windows\System\hRbBaEH.exe
  2⤵
  PID:8908
- C:\Windows\System\LlgFike.exe
  C:\Windows\System\LlgFike.exe
  2⤵
  PID:8508
- C:\Windows\System\fPCuAPF.exe
  C:\Windows\System\fPCuAPF.exe
  2⤵
  PID:7276
- C:\Windows\System\PJTCERj.exe
  C:\Windows\System\PJTCERj.exe
  2⤵
  PID:7388
- C:\Windows\System\sMmpIup.exe
  C:\Windows\System\sMmpIup.exe
  2⤵
  PID:2040
- C:\Windows\System\JXckUgx.exe
  C:\Windows\System\JXckUgx.exe
  2⤵
  PID:9148
- C:\Windows\System\YqBwqjY.exe
  C:\Windows\System\YqBwqjY.exe
  2⤵
  PID:7436
- C:\Windows\System\cWswPkl.exe
  C:\Windows\System\cWswPkl.exe
  2⤵
  PID:8816
- C:\Windows\System\tqgzBgr.exe
  C:\Windows\System\tqgzBgr.exe
  2⤵
  PID:8568
- C:\Windows\System\usAwvsM.exe
  C:\Windows\System\usAwvsM.exe
  2⤵
  PID:7404
- C:\Windows\System\fylhXTq.exe
  C:\Windows\System\fylhXTq.exe
  2⤵
  PID:7508
- C:\Windows\System\ViGQwbk.exe
  C:\Windows\System\ViGQwbk.exe
  2⤵
  PID:8952
- C:\Windows\System\VpLNTKY.exe
  C:\Windows\System\VpLNTKY.exe
  2⤵
  PID:5296
- C:\Windows\System\TQQAtta.exe
  C:\Windows\System\TQQAtta.exe
  2⤵
  PID:8980
- C:\Windows\System\tsBCnlc.exe
  C:\Windows\System\tsBCnlc.exe
  2⤵
  PID:9180
- C:\Windows\System\TxNfqjC.exe
  C:\Windows\System\TxNfqjC.exe
  2⤵
  PID:8976
- C:\Windows\System\jgUTDHD.exe
  C:\Windows\System\jgUTDHD.exe
  2⤵
  PID:7588
- C:\Windows\System\HpCIOlb.exe
  C:\Windows\System\HpCIOlb.exe
  2⤵
  PID:14352
- C:\Windows\System\HuYxhms.exe
  C:\Windows\System\HuYxhms.exe
  2⤵
  PID:14380
- C:\Windows\System\yBFKICT.exe
  C:\Windows\System\yBFKICT.exe
  2⤵
  PID:14408
- C:\Windows\System\DVdrjQw.exe
  C:\Windows\System\DVdrjQw.exe
  2⤵
  PID:14436
- C:\Windows\System\wbGyKei.exe
  C:\Windows\System\wbGyKei.exe
  2⤵
  PID:14464
- C:\Windows\System\rtfQJMm.exe
  C:\Windows\System\rtfQJMm.exe
  2⤵
  PID:14492
- C:\Windows\System\UtBgUIr.exe
  C:\Windows\System\UtBgUIr.exe
  2⤵
  PID:14520
- C:\Windows\System\iLeKQcV.exe
  C:\Windows\System\iLeKQcV.exe
  2⤵
  PID:14548
- C:\Windows\System\IAnZlkW.exe
  C:\Windows\System\IAnZlkW.exe
  2⤵
  PID:14576
- C:\Windows\System\EIkkCga.exe
  C:\Windows\System\EIkkCga.exe
  2⤵
  PID:14604
- C:\Windows\System\hMevGEo.exe
  C:\Windows\System\hMevGEo.exe
  2⤵
  PID:14636
- C:\Windows\System\PbPVLBV.exe
  C:\Windows\System\PbPVLBV.exe
  2⤵
  PID:14664
- C:\Windows\System\VaTnzHP.exe
  C:\Windows\System\VaTnzHP.exe
  2⤵
  PID:14692
- C:\Windows\System\FaBisXQ.exe
  C:\Windows\System\FaBisXQ.exe
  2⤵
  PID:14732
- C:\Windows\System\esopIZY.exe
  C:\Windows\System\esopIZY.exe
  2⤵
  PID:14748
- C:\Windows\System\LDmATPr.exe
  C:\Windows\System\LDmATPr.exe
  2⤵
  PID:14776
- C:\Windows\System\LxtMmWi.exe
  C:\Windows\System\LxtMmWi.exe
  2⤵
  PID:14804
- C:\Windows\System\XNQOPbR.exe
  C:\Windows\System\XNQOPbR.exe
  2⤵
  PID:14832
- C:\Windows\System\INXaoBO.exe
  C:\Windows\System\INXaoBO.exe
  2⤵
  PID:14860
- C:\Windows\System\oZcugFv.exe
  C:\Windows\System\oZcugFv.exe
  2⤵
  PID:14888
- C:\Windows\System\dswvffb.exe
  C:\Windows\System\dswvffb.exe
  2⤵
  PID:14916
- C:\Windows\System\FrTeBXj.exe
  C:\Windows\System\FrTeBXj.exe
  2⤵
  PID:14944
- C:\Windows\System\TitxwZs.exe
  C:\Windows\System\TitxwZs.exe
  2⤵
  PID:14972
- C:\Windows\System\yapoRMH.exe
  C:\Windows\System\yapoRMH.exe
  2⤵
  PID:15000
- C:\Windows\System\BeLaBVR.exe
  C:\Windows\System\BeLaBVR.exe
  2⤵
  PID:15028
- C:\Windows\System\luoAhUY.exe
  C:\Windows\System\luoAhUY.exe
  2⤵
  PID:15056
- C:\Windows\System\fCEvBrq.exe
  C:\Windows\System\fCEvBrq.exe
  2⤵
  PID:15084
- C:\Windows\System\HNDedpU.exe
  C:\Windows\System\HNDedpU.exe
  2⤵
  PID:15112
- C:\Windows\System\qEwsUOZ.exe
  C:\Windows\System\qEwsUOZ.exe
  2⤵
  PID:15140
- C:\Windows\System\gObUvvr.exe
  C:\Windows\System\gObUvvr.exe
  2⤵
  PID:15168
- C:\Windows\System\tmfUOSY.exe
  C:\Windows\System\tmfUOSY.exe
  2⤵
  PID:15196
- C:\Windows\System\sCNwiFg.exe
  C:\Windows\System\sCNwiFg.exe
  2⤵
  PID:15224
- C:\Windows\System\JiYqGSG.exe
  C:\Windows\System\JiYqGSG.exe
  2⤵
  PID:15252
- C:\Windows\System\KjFOPsx.exe
  C:\Windows\System\KjFOPsx.exe
  2⤵
  PID:15284
- C:\Windows\System\mfLfLUy.exe
  C:\Windows\System\mfLfLUy.exe
  2⤵
  PID:15312
- C:\Windows\System\dybSypZ.exe
  C:\Windows\System\dybSypZ.exe
  2⤵
  PID:15340
- C:\Windows\System\XtbYghc.exe
  C:\Windows\System\XtbYghc.exe
  2⤵
  PID:8800
- C:\Windows\System\kLcXqhm.exe
  C:\Windows\System\kLcXqhm.exe
  2⤵
  PID:14364
- C:\Windows\System\GqONvuv.exe
  C:\Windows\System\GqONvuv.exe
  2⤵
  PID:14404
- C:\Windows\System\fOXIIjG.exe
  C:\Windows\System\fOXIIjG.exe
  2⤵
  PID:9224
- C:\Windows\System\fYHNfOS.exe
  C:\Windows\System\fYHNfOS.exe
  2⤵
  PID:9252
- C:\Windows\System\mKWhbLF.exe
  C:\Windows\System\mKWhbLF.exe
  2⤵
  PID:9304
- C:\Windows\System\VsKrWcS.exe
  C:\Windows\System\VsKrWcS.exe
  2⤵
  PID:9336
- C:\Windows\System\gsvuzpz.exe
  C:\Windows\System\gsvuzpz.exe
  2⤵
  PID:14596
- C:\Windows\System\gozdrBx.exe
  C:\Windows\System\gozdrBx.exe
  2⤵
  PID:9412
- C:\Windows\System\fyEVPkS.exe
  C:\Windows\System\fyEVPkS.exe
  2⤵
  PID:9440
- C:\Windows\System\juSGFtJ.exe
  C:\Windows\System\juSGFtJ.exe
  2⤵
  PID:14728
- C:\Windows\System\RNNiMsA.exe
  C:\Windows\System\RNNiMsA.exe
  2⤵
  PID:9532
- C:\Windows\System\tzcOyjV.exe
  C:\Windows\System\tzcOyjV.exe
  2⤵
  PID:14796
- C:\Windows\System\qqtoykn.exe
  C:\Windows\System\qqtoykn.exe
  2⤵
  PID:8024
- C:\Windows\System\KBDNZUV.exe
  C:\Windows\System\KBDNZUV.exe
  2⤵
  PID:7924
- C:\Windows\System\UxtIiIV.exe
  C:\Windows\System\UxtIiIV.exe
  2⤵
  PID:7800
- C:\Windows\System\KAFLEPn.exe
  C:\Windows\System\KAFLEPn.exe
  2⤵
  PID:7872
- C:\Windows\System\cATrrGh.exe
  C:\Windows\System\cATrrGh.exe
  2⤵
  PID:7780
- C:\Windows\System\WoQmkSR.exe
  C:\Windows\System\WoQmkSR.exe
  2⤵
  PID:9628
- C:\Windows\System\vtZaUKq.exe
  C:\Windows\System\vtZaUKq.exe
  2⤵
  PID:9648
- C:\Windows\System\EFwZUSi.exe
  C:\Windows\System\EFwZUSi.exe
  2⤵
  PID:14940
- C:\Windows\System\STjZeNd.exe
  C:\Windows\System\STjZeNd.exe
  2⤵
  PID:9744
- C:\Windows\System\RaVfSir.exe
  C:\Windows\System\RaVfSir.exe
  2⤵
  PID:15024
- C:\Windows\System\NTLCSwj.exe
  C:\Windows\System\NTLCSwj.exe
  2⤵
  PID:15076
- C:\Windows\System\IPipxNf.exe
  C:\Windows\System\IPipxNf.exe
  2⤵
  PID:14632
- C:\Windows\System\SVsdbGd.exe
  C:\Windows\System\SVsdbGd.exe
  2⤵
  PID:15136
- C:\Windows\System\dkFEKls.exe
  C:\Windows\System\dkFEKls.exe
  2⤵
  PID:15188
- C:\Windows\System\SnUGzBC.exe
  C:\Windows\System\SnUGzBC.exe
  2⤵
  PID:15236
- C:\Windows\System\cRNZyFa.exe
  C:\Windows\System\cRNZyFa.exe
  2⤵
  PID:15276
- C:\Windows\System\GZaenCu.exe
  C:\Windows\System\GZaenCu.exe
  2⤵
  PID:8144
- C:\Windows\System\FNkUtEs.exe
  C:\Windows\System\FNkUtEs.exe
  2⤵
  PID:1476
- C:\Windows\System\GrLJtev.exe
  C:\Windows\System\GrLJtev.exe
  2⤵
  PID:14432
- C:\Windows\System\RHsjyzD.exe
  C:\Windows\System\RHsjyzD.exe
  2⤵
  PID:9288
- C:\Windows\System\RognnHm.exe
  C:\Windows\System\RognnHm.exe
  2⤵
  PID:14572
- C:\Windows\System\tIUZLtF.exe
  C:\Windows\System\tIUZLtF.exe
  2⤵
  PID:8432
- C:\Windows\System\hIsKFzB.exe
  C:\Windows\System\hIsKFzB.exe
  2⤵
  PID:9484
- C:\Windows\System\fobrHTT.exe
  C:\Windows\System\fobrHTT.exe
  2⤵
  PID:14772
- C:\Windows\System\hFpPGOu.exe
  C:\Windows\System\hFpPGOu.exe
  2⤵
  PID:9576
- C:\Windows\System\ILrjEAe.exe
  C:\Windows\System\ILrjEAe.exe
  2⤵
  PID:9636
- C:\Windows\System\miUhVzu.exe
  C:\Windows\System\miUhVzu.exe
  2⤵
  PID:15280
- C:\Windows\System\JSjqECk.exe
  C:\Windows\System\JSjqECk.exe
  2⤵
  PID:7640
- C:\Windows\System\maIXYSE.exe
  C:\Windows\System\maIXYSE.exe
  2⤵
  PID:14900
- C:\Windows\System\prwwGmL.exe
  C:\Windows\System\prwwGmL.exe
  2⤵
  PID:9708
- C:\Windows\System\znajlYg.exe
  C:\Windows\System\znajlYg.exe
  2⤵
  PID:10056
- C:\Windows\System\GREHJUa.exe
  C:\Windows\System\GREHJUa.exe
  2⤵
  PID:15108
- C:\Windows\System\kiMIQHI.exe
  C:\Windows\System\kiMIQHI.exe
  2⤵
  PID:9352
- C:\Windows\System\ZeEcbvJ.exe
  C:\Windows\System\ZeEcbvJ.exe
  2⤵
  PID:15220
- C:\Windows\System\QQGWUpA.exe
  C:\Windows\System\QQGWUpA.exe
  2⤵
  PID:9660
- C:\Windows\System\aNTLcTE.exe
  C:\Windows\System\aNTLcTE.exe
  2⤵
  PID:15336
- C:\Windows\System\RhUDoJM.exe
  C:\Windows\System\RhUDoJM.exe
  2⤵
  PID:9596
- C:\Windows\System\wPfvYEy.exe
  C:\Windows\System\wPfvYEy.exe
  2⤵
  PID:9260
- C:\Windows\System\SvfOjib.exe
  C:\Windows\System\SvfOjib.exe
  2⤵
  PID:1472
- C:\Windows\System\fCwnejF.exe
  C:\Windows\System\fCwnejF.exe
  2⤵
  PID:9632
- C:\Windows\System\gzYMpky.exe
  C:\Windows\System\gzYMpky.exe
  2⤵
  PID:9568
- C:\Windows\System\vmxyILc.exe
  C:\Windows\System\vmxyILc.exe
  2⤵
  PID:10308
- C:\Windows\System\zzAjQch.exe
  C:\Windows\System\zzAjQch.exe
  2⤵
  PID:10336
- C:\Windows\System\IqZjOiY.exe
  C:\Windows\System\IqZjOiY.exe
  2⤵
  PID:7716
- C:\Windows\System\HmrnOGK.exe
  C:\Windows\System\HmrnOGK.exe
  2⤵
  PID:10384
- C:\Windows\System\nHKDJIu.exe
  C:\Windows\System\nHKDJIu.exe
  2⤵
  PID:10116
- C:\Windows\System\SSIUHBz.exe
  C:\Windows\System\SSIUHBz.exe
  2⤵
  PID:15132
- C:\Windows\System\onGBMZV.exe
  C:\Windows\System\onGBMZV.exe
  2⤵
  PID:10496
- C:\Windows\System\jUMKscg.exe
  C:\Windows\System\jUMKscg.exe
  2⤵
  PID:15332
- C:\Windows\System\LljkWiF.exe
  C:\Windows\System\LljkWiF.exe
  2⤵
  PID:7056
- C:\Windows\System\pqEPWSA.exe
  C:\Windows\System\pqEPWSA.exe
  2⤵
  PID:14392
- C:\Windows\System\vhERkjc.exe
  C:\Windows\System\vhERkjc.exe
  2⤵
  PID:9704
- C:\Windows\System\TnLkFGf.exe
  C:\Windows\System\TnLkFGf.exe
  2⤵
  PID:10632
- C:\Windows\System\JBaGOXo.exe
  C:\Windows\System\JBaGOXo.exe
  2⤵
  PID:10676
- C:\Windows\System\UyyXAqw.exe
  C:\Windows\System\UyyXAqw.exe
  2⤵
  PID:9772
- C:\Windows\System\tPAOJOi.exe
  C:\Windows\System\tPAOJOi.exe
  2⤵
  PID:10752
- C:\Windows\System\WwyFYXA.exe
  C:\Windows\System\WwyFYXA.exe
  2⤵
  PID:10824
- C:\Windows\System\wsWUIWL.exe
  C:\Windows\System\wsWUIWL.exe
  2⤵
  PID:10476
- C:\Windows\System\WntKVnW.exe
  C:\Windows\System\WntKVnW.exe
  2⤵
  PID:10528
- C:\Windows\System\nJkPOwb.exe
  C:\Windows\System\nJkPOwb.exe
  2⤵
  PID:9852
- C:\Windows\System\LBwqnHc.exe
  C:\Windows\System\LBwqnHc.exe
  2⤵
  PID:10588
- C:\Windows\System\rTaHpNk.exe
  C:\Windows\System\rTaHpNk.exe
  2⤵
  PID:3104
- C:\Windows\System\MeTeSzr.exe
  C:\Windows\System\MeTeSzr.exe
  2⤵
  PID:9996
- C:\Windows\System\FozrOUB.exe
  C:\Windows\System\FozrOUB.exe
  2⤵
  PID:9752
- C:\Windows\System\RtcFSgg.exe
  C:\Windows\System\RtcFSgg.exe
  2⤵
  PID:10788
- C:\Windows\System\oFMezOp.exe
  C:\Windows\System\oFMezOp.exe
  2⤵
  PID:15068
- C:\Windows\System\VFbqjvu.exe
  C:\Windows\System\VFbqjvu.exe
  2⤵
  PID:11184
- C:\Windows\System\blmwjBD.exe
  C:\Windows\System\blmwjBD.exe
  2⤵
  PID:9904
- C:\Windows\System\pAfukSy.exe
  C:\Windows\System\pAfukSy.exe
  2⤵
  PID:10304
- C:\Windows\System\uxEAIuy.exe
  C:\Windows\System\uxEAIuy.exe
  2⤵
  PID:11052
- C:\Windows\System\kRDolEn.exe
  C:\Windows\System\kRDolEn.exe
  2⤵
  PID:10356
- C:\Windows\System\gdDhsIA.exe
  C:\Windows\System\gdDhsIA.exe
  2⤵
  PID:10392
- C:\Windows\System\uwtKreO.exe
  C:\Windows\System\uwtKreO.exe
  2⤵
  PID:10564
- C:\Windows\System\hTRIWTA.exe
  C:\Windows\System\hTRIWTA.exe
  2⤵
  PID:916
- C:\Windows\System\wAZHxAb.exe
  C:\Windows\System\wAZHxAb.exe
  2⤵
  PID:11136
- C:\Windows\System\ovHYfhr.exe
  C:\Windows\System\ovHYfhr.exe
  2⤵
  PID:10976
- C:\Windows\System\stplqdO.exe
  C:\Windows\System\stplqdO.exe
  2⤵
  PID:8204
- C:\Windows\System\QDYNemy.exe
  C:\Windows\System\QDYNemy.exe
  2⤵
  PID:7180
- C:\Windows\System\kLxzViJ.exe
  C:\Windows\System\kLxzViJ.exe
  2⤵
  PID:10180
- C:\Windows\System\EsKGmGx.exe
  C:\Windows\System\EsKGmGx.exe
  2⤵
  PID:11032
- C:\Windows\System\AYdtTpL.exe
  C:\Windows\System\AYdtTpL.exe
  2⤵
  PID:15380
- C:\Windows\System\TxcgDFM.exe
  C:\Windows\System\TxcgDFM.exe
  2⤵
  PID:15408
- C:\Windows\System\uVvQepb.exe
  C:\Windows\System\uVvQepb.exe
  2⤵
  PID:15436
- C:\Windows\System\IsnWXGa.exe
  C:\Windows\System\IsnWXGa.exe
  2⤵
  PID:15464
- C:\Windows\System\SCPmszT.exe
  C:\Windows\System\SCPmszT.exe
  2⤵
  PID:15492
- C:\Windows\System\HJZujAc.exe
  C:\Windows\System\HJZujAc.exe
  2⤵
  PID:15520
- C:\Windows\System\AargdNv.exe
  C:\Windows\System\AargdNv.exe
  2⤵
  PID:15548
- C:\Windows\System\AfVwcrq.exe
  C:\Windows\System\AfVwcrq.exe
  2⤵
  PID:15576
- C:\Windows\System\dkPcUow.exe
  C:\Windows\System\dkPcUow.exe
  2⤵
  PID:15616
- C:\Windows\System\zvNWTUa.exe
  C:\Windows\System\zvNWTUa.exe
  2⤵
  PID:15632
- C:\Windows\System\iAgZnVk.exe
  C:\Windows\System\iAgZnVk.exe
  2⤵
  PID:15660
- C:\Windows\System\RGQQalf.exe
  C:\Windows\System\RGQQalf.exe
  2⤵
  PID:15688
- C:\Windows\System\ZBxzbqW.exe
  C:\Windows\System\ZBxzbqW.exe
  2⤵
  PID:15716
- C:\Windows\System\StPPUQG.exe
  C:\Windows\System\StPPUQG.exe
  2⤵
  PID:15744
- C:\Windows\System\mozEchW.exe
  C:\Windows\System\mozEchW.exe
  2⤵
  PID:15772
- C:\Windows\System\KkqGuja.exe
  C:\Windows\System\KkqGuja.exe
  2⤵
  PID:15800
- C:\Windows\System\kngbXLK.exe
  C:\Windows\System\kngbXLK.exe
  2⤵
  PID:15828
- C:\Windows\System\xRFEAli.exe
  C:\Windows\System\xRFEAli.exe
  2⤵
  PID:15856
- C:\Windows\System\edzbbLJ.exe
  C:\Windows\System\edzbbLJ.exe
  2⤵
  PID:15888
- C:\Windows\System\vAKeLLA.exe
  C:\Windows\System\vAKeLLA.exe
  2⤵
  PID:15916
- C:\Windows\System\vjDoTXG.exe
  C:\Windows\System\vjDoTXG.exe
  2⤵
  PID:15944
- C:\Windows\System\zEERAUp.exe
  C:\Windows\System\zEERAUp.exe
  2⤵
  PID:15972
- C:\Windows\System\lyJPujt.exe
  C:\Windows\System\lyJPujt.exe
  2⤵
  PID:16000
- C:\Windows\System\iCoArSi.exe
  C:\Windows\System\iCoArSi.exe
  2⤵
  PID:16028
- C:\Windows\System\jNgvOTq.exe
  C:\Windows\System\jNgvOTq.exe
  2⤵
  PID:16056
- C:\Windows\System\fEYNguY.exe
  C:\Windows\System\fEYNguY.exe
  2⤵
  PID:16088
- C:\Windows\System\wMAwWor.exe
  C:\Windows\System\wMAwWor.exe
  2⤵
  PID:16112
- C:\Windows\System\ORQJrxt.exe
  C:\Windows\System\ORQJrxt.exe
  2⤵
  PID:16140
- C:\Windows\System\ROuvJhh.exe
  C:\Windows\System\ROuvJhh.exe
  2⤵
  PID:16168
- C:\Windows\System\rDgyXHA.exe
  C:\Windows\System\rDgyXHA.exe
  2⤵
  PID:16196
- C:\Windows\System\cDXaWLw.exe
  C:\Windows\System\cDXaWLw.exe
  2⤵
  PID:16224
- C:\Windows\System\AouAtNV.exe
  C:\Windows\System\AouAtNV.exe
  2⤵
  PID:16252
- C:\Windows\System\zaLkjWu.exe
  C:\Windows\System\zaLkjWu.exe
  2⤵
  PID:16280
- C:\Windows\System\vhAnIOa.exe
  C:\Windows\System\vhAnIOa.exe
  2⤵
  PID:16320
- C:\Windows\System\ydIcVnw.exe
  C:\Windows\System\ydIcVnw.exe
  2⤵
  PID:16340
- C:\Windows\System\KjGKfoj.exe
  C:\Windows\System\KjGKfoj.exe
  2⤵
  PID:16364
- C:\Windows\System\QsOaiUk.exe
  C:\Windows\System\QsOaiUk.exe
  2⤵
  PID:15456
- C:\Windows\System\FvQYNNc.exe
  C:\Windows\System\FvQYNNc.exe
  2⤵
  PID:15488
- C:\Windows\System\jESQHCt.exe
  C:\Windows\System\jESQHCt.exe
  2⤵
  PID:5096
- C:\Windows\System\ffSWzkk.exe
  C:\Windows\System\ffSWzkk.exe
  2⤵
  PID:10656
- C:\Windows\System\xVdHTsM.exe
  C:\Windows\System\xVdHTsM.exe
  2⤵
  PID:10876
- C:\Windows\System\jVSkTcf.exe
  C:\Windows\System\jVSkTcf.exe
  2⤵
  PID:15712
- C:\Windows\System\oVGRaoR.exe
  C:\Windows\System\oVGRaoR.exe
  2⤵
  PID:15756
- C:\Windows\System\oIdZopX.exe
  C:\Windows\System\oIdZopX.exe
  2⤵
  PID:11224
- C:\Windows\System\ltxqGrV.exe
  C:\Windows\System\ltxqGrV.exe
  2⤵
  PID:15824
- C:\Windows\System\ClyWpSp.exe
  C:\Windows\System\ClyWpSp.exe
  2⤵
  PID:15848
- C:\Windows\System\kKyTFsl.exe
  C:\Windows\System\kKyTFsl.exe
  2⤵
  PID:8736
- C:\Windows\System\PJMGJDO.exe
  C:\Windows\System\PJMGJDO.exe
  2⤵
  PID:8804
- C:\Windows\System\aTlerBK.exe
  C:\Windows\System\aTlerBK.exe
  2⤵
  PID:5760
- C:\Windows\System\IuiLjho.exe
  C:\Windows\System\IuiLjho.exe
  2⤵
  PID:11168
- C:\Windows\System\YmHLPNs.exe
  C:\Windows\System\YmHLPNs.exe
  2⤵
  PID:16020
- C:\Windows\System\cTsVtgU.exe
  C:\Windows\System\cTsVtgU.exe
  2⤵
  PID:16048
- C:\Windows\System\juMjWDI.exe
  C:\Windows\System\juMjWDI.exe
  2⤵
  PID:11368
- C:\Windows\System\DZrJNqd.exe
  C:\Windows\System\DZrJNqd.exe
  2⤵
  PID:16124
- C:\Windows\System\mRayVEF.exe
  C:\Windows\System\mRayVEF.exe
  2⤵
  PID:16180
- C:\Windows\System\pAWjwgI.exe
  C:\Windows\System\pAWjwgI.exe
  2⤵
  PID:16208
- C:\Windows\System\VUMiHaY.exe
  C:\Windows\System\VUMiHaY.exe
  2⤵
  PID:16244
- C:\Windows\System\FRitAxS.exe
  C:\Windows\System\FRitAxS.exe
  2⤵
  PID:16276
- C:\Windows\System\xPtiFpI.exe
  C:\Windows\System\xPtiFpI.exe
  2⤵
  PID:11676
- C:\Windows\System\VmHlogf.exe
  C:\Windows\System\VmHlogf.exe
  2⤵
  PID:11704
- C:\Windows\System\tKIhzGb.exe
  C:\Windows\System\tKIhzGb.exe
  2⤵
  PID:11088
- C:\Windows\System\ZCLvvSn.exe
  C:\Windows\System\ZCLvvSn.exe
  2⤵
  PID:15400
- C:\Windows\System\WejUSFa.exe
  C:\Windows\System\WejUSFa.exe
  2⤵
  PID:15448
- C:\Windows\System\bfyioBD.exe
  C:\Windows\System\bfyioBD.exe
  2⤵
  PID:15476
- C:\Windows\System\CRmIODt.exe
  C:\Windows\System\CRmIODt.exe
  2⤵
  PID:15532
- C:\Windows\System\JsZzyhl.exe
  C:\Windows\System\JsZzyhl.exe
  2⤵
  PID:5392
- C:\Windows\System\rRmIocK.exe
  C:\Windows\System\rRmIocK.exe
  2⤵
  PID:11992
- C:\Windows\System\vFRknqe.exe
  C:\Windows\System\vFRknqe.exe
  2⤵
  PID:12012
- C:\Windows\System\xACZoah.exe
  C:\Windows\System\xACZoah.exe
  2⤵
  PID:12072
- C:\Windows\System\xmQgbFk.exe
  C:\Windows\System\xmQgbFk.exe
  2⤵
  PID:12100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AfhHjoY.exe

Filesize
6.0MB

MD5
5461c498ab033bc4c329fcb5ca51578e

SHA1
f16ff725d1cbe2ef83aaac70f5f0363d32a9fba4

SHA256
0e1302b3be6533a31dce5b7e960fa000385212a8ddc17a125f638ce57009ba44

SHA512
7571debc05ad65c2a1c4025150eec5f7dc6540c5c187ea64a6c25c0e0472b463a4e0c42b551f24c9f3d1983ef72333a29ec7b94c183efc013c131aab01f71d34

Download Submit
C:\Windows\System\CkrbZdP.exe

Filesize
6.0MB

MD5
c7fc5e623e7dc0eb594b66e6e521d2f1

SHA1
bced645abe08aa32010d1600090e4403c8b38348

SHA256
850ba0ceeaf65b27a3c4dd5fe13c76359eb0946b7f686fa9435cbc52f767563d

SHA512
26f60bd53ee72ff657d00da2020b8d8e7bc534000aab9a4f42c95af66bc9feed7be343c8c893574be7d5dc4547d057e4852f24cb51ac3980274b722fba4bb76e

Download Submit
C:\Windows\System\ECHadLG.exe

Filesize
6.0MB

MD5
d85c6e3e7c838de0c75cef1a179737d0

SHA1
0568a21b81ebd3791cb9732e087bbef4c273fdf3

SHA256
261313bd4c48d5c466a42ecef35094ecfe05a75e11a51ce3dd2ae440332170d1

SHA512
84f5790d6ca9bc40fdb6b34b8efba9270b0e16721a04b0c0b9b4c10dbe3ad35486c04ec96048dc46e0daf267b7c68036b16f75f7625373ef13b01557d6bd6335

Download Submit
C:\Windows\System\GNjguJV.exe

Filesize
6.0MB

MD5
8c725bea7d2e8903790f67887b2c1a05

SHA1
df98b758478a705c97665b82560fd06dc0d863c5

SHA256
a8d578640594c045415c293b4fba08c01ae4b059e5af6fed12ed9e66a5f0116b

SHA512
884689b7bb0a3ff6d98c4a86ed18fb11ee5fe0d3c8658b580731aa11b0206e1fc9ff2a05a7d62a45ecb94b07c99e3ea53e7b5502514f7bfafea86ac62e780136

Download Submit
C:\Windows\System\HhmyGLP.exe

Filesize
6.0MB

MD5
cde03b8fbf6aaa9f94df3ed4c0c65f8b

SHA1
9a193c95bb48843adc261d4c8b845e4370b61c96

SHA256
87ea59d1e6f0e413a3058bdff6f1684edf493d1dbe3d181605aa68c95ab1b198

SHA512
33d2eb065d83a365dc90e8671cf64d30f6859a97a08476e30a45aa834799a4e3def04f7e9c3ecba033c1de85bdb76694f8eb23aea5ff01b1fc309503758fb433

Download Submit
C:\Windows\System\IyGQvub.exe

Filesize
6.0MB

MD5
35caa3ee9b2d0375753013e4ea5329ec

SHA1
eefbe458ff98dec61491716aa5acb6c6ebbd9a46

SHA256
8f5b234d45100b8ff6b643158b1d58c0d83bf1ac051f6eb35d7be44cd33ada94

SHA512
da35763f27cd326efa6950948690ea24154c786dd299e99bf29fee577ead52ce121e5b4054836de1588d935ce6422b9fce1ceef2a9435ad6d22cac53c5f8fad3

Download Submit
C:\Windows\System\JPQhVtq.exe

Filesize
6.0MB

MD5
ed6a50feafd6cc6454ea3616826081c3

SHA1
1af85e5ac2a1b4ed00479507a3a0fd2ad9f0a3d4

SHA256
936c8d7b261e1236b3fb273831d41203c1a6930a75a25e399c9069fbaec0a1a2

SHA512
3744dcf816df07d44482b4f63b1f4b5f5c99a579104b250261cf895f9ac6344b1d3d9468275bb88dcdde5233f02cb9b0ef51309a6a11bf72b5d0a56764ff0a38

Download Submit
C:\Windows\System\MYpslUh.exe

Filesize
6.0MB

MD5
f527fa9972c4afa1bf28953ecfe3e017

SHA1
76ebf06f46e95e2ebaada96136ad3ea41a6931bd

SHA256
e99fe16e4258e5d36efb654d3238c43537867026f98842f1c84450f11568d9d8

SHA512
690023b208ace57ac4bdef059ee5b49bd3ebf2f2878b8655fc805925b210e38555fb772682d4f74a75ea0a1f53510ed7d4fe7a1da16cabfb029785ad15f88245

Download Submit
C:\Windows\System\NDebXQZ.exe

Filesize
6.0MB

MD5
a5d59807e50d76f22833b247055d8f84

SHA1
10a38ae304fe3bee5f072e1d130f02d98545f5dc

SHA256
954fdf625fdeb00d019f4cd4cb4b47716727748423bab3b1b531613a6855d9ea

SHA512
a7a996d25cf025b322c1848b455136ede1efc0ff90d5001b813901f4d9579e2ebc0cacf686dfedd518c1e8dddd3f4d416b58b1d9e465de383b992783c8dca5be

Download Submit
C:\Windows\System\NSuLFWR.exe

Filesize
6.0MB

MD5
5b719b65a52341cfad49d63144a28aa4

SHA1
09c473390536e24df7c3d04a5b405c3e3e4de353

SHA256
d18d68f035a974ae01340170ac52e7647aa4c2a465ce279003f01d124b8d4d9c

SHA512
d92a9e58c01fe83cac84274c4a94c88872a7ca0fbd484db881d29032199c572d7e1a8a98eab4b941a974b6b134d0427315546f7016dc269f986bdafeebfe8b4b

Download Submit
C:\Windows\System\NVyrNrL.exe

Filesize
6.0MB

MD5
47323d704670cf4325c0ecf865f30d69

SHA1
390ccfd2dd232ba75c15a83401b533626837160b

SHA256
1a0c0b80d9e0b9f8ea94398d696b570102197d5440b6e126cc80021abe8e6132

SHA512
79f662b5a9d66b0f8fac7d7701ed9ed0e9e8bc9975d80da7baee216f72e9baf33329a8fcc2a4b448952c688f1147cd55bb2fdb143d01474ba3a075caad50eb84

Download Submit
C:\Windows\System\OVWgucm.exe

Filesize
6.0MB

MD5
1785ee3eb00e32e344ffdf266eaafb22

SHA1
019ab9afcaf2128090ad33a18f8b1cd1f603c1f6

SHA256
2382dfea6b38fc99b167543529f85abea76f0830e1e0f72b043af218e465cca8

SHA512
40e93a8e84b2cf1e8ac4446bd7768d877487524d99591a60744237e8fa99dfc31696fbfe64a75ac7c9465d09eff64fec19794809f8ea5f4708603e264509d879

Download Submit
C:\Windows\System\OqScfnD.exe

Filesize
6.0MB

MD5
953e67e2745841c3c7c2b258c3c27c47

SHA1
873b89f15426b941ec8b619c4751c1707db870bc

SHA256
08d41678cbb26d43a1248e5d71991f5d612b6a4d6bf7c295e87fc80b672faf28

SHA512
30b534ab8caade536f34cc6510456e22a596e2c0ef201a439c8889823bd63997786c7b20c6427a1f56b213d6bbd2bba6dcb61dc4c7f96845282d0b44c75b672d

Download Submit
C:\Windows\System\OtvymrR.exe

Filesize
6.0MB

MD5
77dd61b9a3a41f70e82442f753b6764c

SHA1
536332f8b8661d637c3b037fdd72e08fe8b4ca2c

SHA256
4111a6b9f347cb5e04a4a8cfd9d70bd860b080ac11b79f25787e2ff7fc6f2c65

SHA512
74e412dc8b28d112f28bc0aabcb16eeae664b33df2288920647eb4d12a7380572fb028b200034492cd87f9b99308841a09139faed76a90a3e5531a836ed247b3

Download Submit
C:\Windows\System\QYSidEq.exe

Filesize
6.0MB

MD5
d1f1c33150e77c740deec998cabaa017

SHA1
8c7dcf5652062130de5bebd9624e4ca4000951eb

SHA256
3b2f3b4435147e2617f58059d8227d318efd7f825079c749854fb858089ab56b

SHA512
7b012fe351333c20703639b984c23223aecf6e2b22741d6f1c8f463d2c42c08840bedcef779853274e1d7f288af125b717f2fa9a56a8993513e9d793d0698065

Download Submit
C:\Windows\System\RYCjVse.exe

Filesize
6.0MB

MD5
0700d833edef16c04fe1bdf934f382df

SHA1
57cfc4eedbfc682b7ac16af13a1cad9b98b3f6b8

SHA256
c0bdda41a7deebfcd7cce0745cb4aa16e9bea3eb01bcc3925111e425d360d937

SHA512
8121d4805c63c2f6d31d2ec67f30461a41c3eb3423db795007ac07877da35e22568bf8904ebc161a242adadafdbe8e2a89ff1ec604816c3264c9bc8a0c2567a4

Download Submit
C:\Windows\System\SNNyXKl.exe

Filesize
6.0MB

MD5
b504327671cd866ef5a94821cc8cf88f

SHA1
5bd7f829d3cc93ea2c841e2112980a1989f09b3b

SHA256
76a9cbb52b24d0ec069716aab9e1ed359de6f3500e283e54dad4a116f02f04f2

SHA512
64ee6e403b0ebe33ab1047508106b35a96028cba21abbe63deaa58077738c5dfb868f01d013dbc905fb932702653626ce1ae75174e824ac0f57d8816f29f7a13

Download Submit
C:\Windows\System\XxpiJTa.exe

Filesize
6.0MB

MD5
8caecefdb913a681875ca7ce64f27d3f

SHA1
7de1eecbeb236b3296d221d5fa1b9321012b58bb

SHA256
5f7684fd97dde843d50031d5743f9984142be678e938b93588d540231d08a565

SHA512
9621391322442515c4800c407d4e9b2a5530ce7114ab0f209617636703b0aca59bdec06e04db39f52a2e76e0e3474ff2eddf7d7b7d2ce161d9994697d841fcd6

Download Submit
C:\Windows\System\YghVsOe.exe

Filesize
6.0MB

MD5
c53941eef6d0c98166a380063fce4bc2

SHA1
ef4519aecd3d11e5846db20adc20bd54718fb4a6

SHA256
3d510799b38e65935026024b1bc7e00cc35e135ed6fcca5f4edb88749a9d32b2

SHA512
f38be31a2813418a4b37e1045bae15acb1fe0b22cdf7f2bbdddafb87a298ed4f098bcebf819228b03a7147bace02d0ae2d73fb637326a5ce92a98b3310449cc8

Download Submit
C:\Windows\System\YnHqoVq.exe

Filesize
6.0MB

MD5
e5be1cf13bd9130ad777435ea768f130

SHA1
8af8612e8280c7c76ee8e24d97bbd1a09554f0ca

SHA256
a96c3e1f59e426654f02824b841661573a6d1cb79d735a200f7a684f326e9f9d

SHA512
7b0d71e2161be7304e4a91575197e4b0b09771c21418485c474b4f603fa95656166f22a1513360b1c552071be3ce5b5d044a67371f8f45e4cb5eaf4675248764

Download Submit
C:\Windows\System\aCbklZy.exe

Filesize
6.0MB

MD5
3a11e93485909c956a4dd78bdff1896d

SHA1
54e62ac1c24f2ea6b8cb5b0be944131b2a1958c0

SHA256
28023abb2408fe40a40cde41d20511caebdc105b03c7962dc1786e8960ce1a37

SHA512
8e410e7904127cf1e487e68adeda30bbe6054d63a41f0eaf0f5e13269b2425fe223b606247e91cd638e40ee3f400345080c10667d3a6c6641b0ce584908eabdf

Download Submit
C:\Windows\System\cpqYdYd.exe

Filesize
6.0MB

MD5
4043cb2c922f9a86b12b5444b9849ea2

SHA1
b784e6f15c2f4b8dc9bc8e97b4e35073bf74022d

SHA256
fcf80cd4d63edaffff98b709ac53bc505e90765449ebeeb2d46830c8ceb1e2af

SHA512
21c503795e0a7168b4aa2ed832829885ba0af56c1a772969a4384f4d1a206a1112099cd21af3e53561e1ca8ea586b64614b561737b8ec97c6542c55a5ea78c8b

Download Submit
C:\Windows\System\doNImtM.exe

Filesize
6.0MB

MD5
5dea6fb0b0b881d93e2c66c1f9b521e2

SHA1
b2b935165f28502dd0e341bc132b0ed2d319120c

SHA256
1100a733fb8a821dc53b3a83d21056ee44e0e4f389c4e59cf4e1890fd683dce9

SHA512
31e2de7d73c4b6389cd4421d43fb69d714fae686e4682bcd0c5bfa0b80d6634a4bade4d29d29c79e18be2ab8693c214e3a68f41d888c10aa14b15522aee88bf9

Download Submit
C:\Windows\System\kMOVlro.exe

Filesize
6.0MB

MD5
733ed4eb45f35b3e796f0af2a4a6f013

SHA1
fc5204b6b8864a78d53ea2111bb464792ab1d449

SHA256
6bfe59941a27ddfc89029e768ff822148463a0cbbc7c40741e7ca4dfde74cc0a

SHA512
b21b76147d9992310f0a91036059758a4e8e20d843a6b094772e512f845e8bbf35003a1181f7e59ed62b36b9b292487e4d75ae79ecb820057e48e213c210ccfe

Download Submit
C:\Windows\System\lGyIbza.exe

Filesize
6.0MB

MD5
edaaadf24bcfc31901221089eb619258

SHA1
3b8f3a85233a074446a9d8159c429ff3ddf1e109

SHA256
b17d2d02a666bfcb8e6a1b44f6fc94aebe1abdd7f4155a450a6829d6952dcb7c

SHA512
ba7f19edab4f2bd3392fe1bcad0d30e6c491a1430e9718d824f3e070740256ec91e4c49805d79946da822168c058d475f98392cb3772cde916cff8f3b8935bd0

Download Submit
C:\Windows\System\mWDMaNS.exe

Filesize
6.0MB

MD5
c5939ab3d96bd0d6f7001e465976b03b

SHA1
6d876f630c9900ac648cd06f58febfdb3c8b7aaf

SHA256
e5b357ab73afee2cefb457de2d1654092f67e1c3488a1834fa744f8a76720b70

SHA512
070f2beddc8f0ced7c4164baf8828116a9fc4745eee6767cac4cd6b0a535b0e5591b5a8810631ee93bae1477cdea3f61b26aaf9bfb454f01fe2213bafca6e433

Download Submit
C:\Windows\System\nTBdWKk.exe

Filesize
6.0MB

MD5
988895453e3a3261378a4f31b52d9fc2

SHA1
7afb0fadb69280e4e5bcce352a1396d206fb1b49

SHA256
ae203a4507fb6cf4bea6ce438510f76c72efbaf506b41369eeeac98188f25178

SHA512
5be939d1a083be94edec69e2ba55c74da959f49e6a7421a8419c07c70f10c60ab4a94addbcaa526cbeb3136f53b50591d925a0709705a6fe06b7eed5668e7145

Download Submit
C:\Windows\System\pMHASZw.exe

Filesize
6.0MB

MD5
98c75e4db160756e1b7fbc422ad6f6f6

SHA1
1fa62555b166321bbc1528c301564cdc5afcd910

SHA256
359d273b89935ff69d931848989fdcfe7886c5b7a3b4ebd3cf786a606d1f5799

SHA512
d3af07624f135f27fa622f4dfc11686292627f6df85bea15ef971abfdd22eb9ab9cfe94cafc5a8895d32cbe043d611892f3abb3397e5d75b303cc7e528f8465b

Download Submit
C:\Windows\System\pavoXDy.exe

Filesize
6.0MB

MD5
c58db3d3aa1b102f066196a2ab8982c1

SHA1
ee46ec4fb92ad1fcc446ae5ba292d603f818b41d

SHA256
1b72e327c6cf2fcf2ef6e88737f8fcecc646bae5bda41a8278f8963b55f9cc66

SHA512
516eb95f8c746767a1e44ce684a03b8d21d5c434cf20d80963e718f4fd220f86cb99d53f7dd17023d322dbf4b9dc4d3e07978af9a9ade6086b335c3682495bc9

Download Submit
C:\Windows\System\qbJPYkB.exe

Filesize
6.0MB

MD5
f41ccdc6a15ca8cb67dfcccce2369b23

SHA1
9a2dc73dabcf5f95f18753b1b149963518a2af0a

SHA256
f3d4bdfcd2c8379be774ce642887732d9b15071475d3c36812520d8d75fd4537

SHA512
b6a61bc144d9b9d9178d018d20d00cda2feba5658df2f0705463f82d6ffc71d429c055d686469904b244442b4e1a0bed66f7ec222094cceaa71fe8456a9f0906

Download Submit
C:\Windows\System\rqOFWYK.exe

Filesize
6.0MB

MD5
6b2217a5f85228ceaf3904439a99f260

SHA1
23c0205c418924dc2085117ec94c4faed31b5e90

SHA256
266a9f24e2bff581378bdb1eb4d749bd9faa3be795b272ad0dc054e681de4321

SHA512
a263566b2e087167278ba8db0db26d87976ddbd848ecf2e9c67e7d28447e5e2ae17e4529ce1823d9144cd4dd1b96d606be2a5a4aeca027271aedb28f7fe6aa3e

Download Submit
C:\Windows\System\xQnFGgn.exe

Filesize
6.0MB

MD5
1235626fefd7f34c4b0df1b70d1aed43

SHA1
71ee8393240ec42d5d6beb21a4fe22cc88656fac

SHA256
66daf0c3d0729ef9db0b855f5c91c363ed5b331325cdd8f250ac7c6d6f70d57d

SHA512
507a56463b1137b7119c5c70b714adccaf29471ec8e40631678e1ef49036d04a8e333e5e93907a35db3d81ccad259d23d61411a5e9c25bd584281dddf3d7971a

Download Submit
C:\Windows\System\xVlKfns.exe

Filesize
6.0MB

MD5
15ca126865c49fe5cf9a6ababb5e0857

SHA1
5b28ffcfa1d29de0035cbbd11abb07df47652db8

SHA256
1f3b7ac7cca8f571d7948608fc1f4b8a375ffe00ac02af44a0ad11c6324c226c

SHA512
7c3fd2ab01bcdd7b4e49a563e477c8afa6d787840447327881d55bfa06a99b92abb2dade77a60b5ed88fba9e52baa1b0a025b8b7657b4308c189d8689f97442a

Download Submit
memory/732-168-0x00007FF749A10000-0x00007FF749D64000-memory.dmp

Filesize
3.3MB

Download
memory/732-1772-0x00007FF749A10000-0x00007FF749D64000-memory.dmp

Filesize
3.3MB

Download
memory/1008-1723-0x00007FF7B0A20000-0x00007FF7B0D74000-memory.dmp

Filesize
3.3MB

Download
memory/1008-428-0x00007FF7B0A20000-0x00007FF7B0D74000-memory.dmp

Filesize
3.3MB

Download
memory/1008-72-0x00007FF7B0A20000-0x00007FF7B0D74000-memory.dmp

Filesize
3.3MB

Download
memory/1020-184-0x00007FF78F7F0000-0x00007FF78FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1020-1789-0x00007FF78F7F0000-0x00007FF78FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1020-1077-0x00007FF78F7F0000-0x00007FF78FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1092-1743-0x00007FF7CCA10000-0x00007FF7CCD64000-memory.dmp

Filesize
3.3MB

Download
memory/1092-90-0x00007FF7CCA10000-0x00007FF7CCD64000-memory.dmp

Filesize
3.3MB

Download
memory/1092-215-0x00007FF7CCA10000-0x00007FF7CCD64000-memory.dmp

Filesize
3.3MB

Download
memory/1100-85-0x00007FF63F430000-0x00007FF63F784000-memory.dmp

Filesize
3.3MB

Download
memory/1100-1718-0x00007FF63F430000-0x00007FF63F784000-memory.dmp

Filesize
3.3MB

Download
memory/1432-59-0x00007FF7F7990000-0x00007FF7F7CE4000-memory.dmp

Filesize
3.3MB

Download
memory/1432-14-0x00007FF7F7990000-0x00007FF7F7CE4000-memory.dmp

Filesize
3.3MB

Download
memory/1432-1223-0x00007FF7F7990000-0x00007FF7F7CE4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-1792-0x00007FF751950000-0x00007FF751CA4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-219-0x00007FF751950000-0x00007FF751CA4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-1783-0x00007FF6E4380000-0x00007FF6E46D4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-208-0x00007FF6E4380000-0x00007FF6E46D4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-18-0x00007FF76BCC0000-0x00007FF76C014000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1233-0x00007FF76BCC0000-0x00007FF76C014000-memory.dmp

Filesize
3.3MB

Download
memory/2112-92-0x00007FF76BCC0000-0x00007FF76C014000-memory.dmp

Filesize
3.3MB

Download
memory/2204-1731-0x00007FF66C8D0000-0x00007FF66CC24000-memory.dmp

Filesize
3.3MB

Download
memory/2204-94-0x00007FF66C8D0000-0x00007FF66CC24000-memory.dmp

Filesize
3.3MB

Download
memory/2364-1235-0x00007FF768020000-0x00007FF768374000-memory.dmp

Filesize
3.3MB

Download
memory/2364-24-0x00007FF768020000-0x00007FF768374000-memory.dmp

Filesize
3.3MB

Download
memory/2364-97-0x00007FF768020000-0x00007FF768374000-memory.dmp

Filesize
3.3MB

Download
memory/2420-1446-0x00007FF605F00000-0x00007FF606254000-memory.dmp

Filesize
3.3MB

Download
memory/2420-39-0x00007FF605F00000-0x00007FF606254000-memory.dmp

Filesize
3.3MB

Download
memory/2420-122-0x00007FF605F00000-0x00007FF606254000-memory.dmp

Filesize
3.3MB

Download
memory/2468-179-0x00007FF62DD00000-0x00007FF62E054000-memory.dmp

Filesize
3.3MB

Download
memory/2468-1033-0x00007FF62DD00000-0x00007FF62E054000-memory.dmp

Filesize
3.3MB

Download
memory/2468-1785-0x00007FF62DD00000-0x00007FF62E054000-memory.dmp

Filesize
3.3MB

Download
memory/2920-883-0x00007FF7C35E0000-0x00007FF7C3934000-memory.dmp

Filesize
3.3MB

Download
memory/2920-1742-0x00007FF7C35E0000-0x00007FF7C3934000-memory.dmp

Filesize
3.3MB

Download
memory/2920-110-0x00007FF7C35E0000-0x00007FF7C3934000-memory.dmp

Filesize
3.3MB

Download
memory/2940-106-0x00007FF6004D0000-0x00007FF600824000-memory.dmp

Filesize
3.3MB

Download
memory/2940-824-0x00007FF6004D0000-0x00007FF600824000-memory.dmp

Filesize
3.3MB

Download
memory/2940-1741-0x00007FF6004D0000-0x00007FF600824000-memory.dmp

Filesize
3.3MB

Download
memory/3132-1739-0x00007FF71F780000-0x00007FF71FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/3132-770-0x00007FF71F780000-0x00007FF71FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/3132-102-0x00007FF71F780000-0x00007FF71FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/3240-938-0x00007FF7F8DD0000-0x00007FF7F9124000-memory.dmp

Filesize
3.3MB

Download
memory/3240-116-0x00007FF7F8DD0000-0x00007FF7F9124000-memory.dmp

Filesize
3.3MB

Download
memory/3240-1754-0x00007FF7F8DD0000-0x00007FF7F9124000-memory.dmp

Filesize
3.3MB

Download
memory/3372-1764-0x00007FF626460000-0x00007FF6267B4000-memory.dmp

Filesize
3.3MB

Download
memory/3372-141-0x00007FF626460000-0x00007FF6267B4000-memory.dmp

Filesize
3.3MB

Download
memory/3384-52-0x00007FF7DE130000-0x00007FF7DE484000-memory.dmp

Filesize
3.3MB

Download
memory/3384-1473-0x00007FF7DE130000-0x00007FF7DE484000-memory.dmp

Filesize
3.3MB

Download
memory/3384-157-0x00007FF7DE130000-0x00007FF7DE484000-memory.dmp

Filesize
3.3MB

Download
memory/3680-107-0x00007FF7CE8D0000-0x00007FF7CEC24000-memory.dmp

Filesize
3.3MB

Download
memory/3680-1442-0x00007FF7CE8D0000-0x00007FF7CEC24000-memory.dmp

Filesize
3.3MB

Download
memory/3680-34-0x00007FF7CE8D0000-0x00007FF7CEC24000-memory.dmp

Filesize
3.3MB

Download
memory/4076-53-0x00007FF61CDD0000-0x00007FF61D124000-memory.dmp

Filesize
3.3MB

Download
memory/4076-1-0x000001736EBF0000-0x000001736EC00000-memory.dmp

Filesize
64KB

Download
memory/4076-0-0x00007FF61CDD0000-0x00007FF61D124000-memory.dmp

Filesize
3.3MB

Download
memory/4100-1472-0x00007FF694D80000-0x00007FF6950D4000-memory.dmp

Filesize
3.3MB

Download
memory/4100-51-0x00007FF694D80000-0x00007FF6950D4000-memory.dmp

Filesize
3.3MB

Download
memory/4100-140-0x00007FF694D80000-0x00007FF6950D4000-memory.dmp

Filesize
3.3MB

Download
memory/4112-2079-0x00007FF682180000-0x00007FF6824D4000-memory.dmp

Filesize
3.3MB

Download
memory/4112-128-0x00007FF682180000-0x00007FF6824D4000-memory.dmp

Filesize
3.3MB

Download
memory/4112-985-0x00007FF682180000-0x00007FF6824D4000-memory.dmp

Filesize
3.3MB

Download
memory/4360-156-0x00007FF6AA790000-0x00007FF6AAAE4000-memory.dmp

Filesize
3.3MB

Download
memory/4360-1760-0x00007FF6AA790000-0x00007FF6AAAE4000-memory.dmp

Filesize
3.3MB

Download
memory/4400-134-0x00007FF745EC0000-0x00007FF746214000-memory.dmp

Filesize
3.3MB

Download
memory/4400-44-0x00007FF745EC0000-0x00007FF746214000-memory.dmp

Filesize
3.3MB

Download
memory/4400-1451-0x00007FF745EC0000-0x00007FF746214000-memory.dmp

Filesize
3.3MB

Download
memory/4460-1735-0x00007FF61B790000-0x00007FF61BAE4000-memory.dmp

Filesize
3.3MB

Download
memory/4460-93-0x00007FF61B790000-0x00007FF61BAE4000-memory.dmp

Filesize
3.3MB

Download
memory/4488-1777-0x00007FF7B9330000-0x00007FF7B9684000-memory.dmp

Filesize
3.3MB

Download
memory/4488-193-0x00007FF7B9330000-0x00007FF7B9684000-memory.dmp

Filesize
3.3MB

Download
memory/4580-1765-0x00007FF632D70000-0x00007FF6330C4000-memory.dmp

Filesize
3.3MB

Download
memory/4580-163-0x00007FF632D70000-0x00007FF6330C4000-memory.dmp

Filesize
3.3MB

Download
memory/4864-8-0x00007FF72B870000-0x00007FF72BBC4000-memory.dmp

Filesize
3.3MB

Download
memory/4864-58-0x00007FF72B870000-0x00007FF72BBC4000-memory.dmp

Filesize
3.3MB

Download
memory/4864-1201-0x00007FF72B870000-0x00007FF72BBC4000-memory.dmp

Filesize
3.3MB

Download
memory/4976-988-0x00007FF6A8290000-0x00007FF6A85E4000-memory.dmp

Filesize
3.3MB

Download
memory/4976-149-0x00007FF6A8290000-0x00007FF6A85E4000-memory.dmp

Filesize
3.3MB

Download
memory/4976-1762-0x00007FF6A8290000-0x00007FF6A85E4000-memory.dmp

Filesize
3.3MB

Download