cobaltstrike | 80589f89c31b7baa78df15d0cd4e2a4c9131d3f34c959035a442a8fcdc2e9384

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-11-2024 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fa5acf353bb6868b0c9953a053cefe71
SHA1

26f09641cb2fa1e1ae248e03513aab1d868dffc6
SHA256

80589f89c31b7baa78df15d0cd4e2a4c9131d3f34c959035a442a8fcdc2e9384
SHA512

8ca217c35b3f7f8e92f0e4da8615c6ee3ab1f7f6591b79004ff4e36cc6f664a57e67135565055de82c8d2d78207514bfc60581b276fda8a6ce48a3a15bb195c3
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUY:T+q56utgpPF8u/7Y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b60-4.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b69-10.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6a-23.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6c-32.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6d-40.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6e-47.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6f-61.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b71-71.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b73-77.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b76-93.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7a-110.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b84-171.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b86-167.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b85-166.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b83-164.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b82-158.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b81-153.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b80-148.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7f-141.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7e-136.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7d-130.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7c-128.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7b-122.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b79-113.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b78-103.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b77-98.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b75-91.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b74-86.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b72-73.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b70-66.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b65-57.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6b-35.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b68-13.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1572-0-0x00007FF77FD80000-0x00007FF7800D4000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b60-4.dat	xmrig
behavioral2/memory/980-8-0x00007FF6CA3A0000-0x00007FF6CA6F4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b69-10.dat	xmrig
behavioral2/files/0x000a000000023b6a-23.dat	xmrig
behavioral2/memory/116-24-0x00007FF7191A0000-0x00007FF7194F4000-memory.dmp	xmrig
behavioral2/memory/2684-28-0x00007FF7BA3B0000-0x00007FF7BA704000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b6c-32.dat	xmrig
behavioral2/files/0x000a000000023b6d-40.dat	xmrig
behavioral2/memory/184-43-0x00007FF719980000-0x00007FF719CD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b6e-47.dat	xmrig
behavioral2/files/0x000a000000023b6f-61.dat	xmrig
behavioral2/files/0x0031000000023b71-71.dat	xmrig
behavioral2/files/0x000a000000023b73-77.dat	xmrig
behavioral2/files/0x000a000000023b76-93.dat	xmrig
behavioral2/files/0x000a000000023b7a-110.dat	xmrig
behavioral2/memory/212-221-0x00007FF65FBC0000-0x00007FF65FF14000-memory.dmp	xmrig
behavioral2/memory/768-225-0x00007FF6054E0000-0x00007FF605834000-memory.dmp	xmrig
behavioral2/memory/4176-231-0x00007FF74B610000-0x00007FF74B964000-memory.dmp	xmrig
behavioral2/memory/4860-237-0x00007FF63C870000-0x00007FF63CBC4000-memory.dmp	xmrig
behavioral2/memory/4836-254-0x00007FF65A9D0000-0x00007FF65AD24000-memory.dmp	xmrig
behavioral2/memory/3332-273-0x00007FF692D40000-0x00007FF693094000-memory.dmp	xmrig
behavioral2/memory/1676-276-0x00007FF727DC0000-0x00007FF728114000-memory.dmp	xmrig
behavioral2/memory/3508-270-0x00007FF665420000-0x00007FF665774000-memory.dmp	xmrig
behavioral2/memory/2744-264-0x00007FF7DF270000-0x00007FF7DF5C4000-memory.dmp	xmrig
behavioral2/memory/2172-256-0x00007FF6F8060000-0x00007FF6F83B4000-memory.dmp	xmrig
behavioral2/memory/2332-248-0x00007FF7FA460000-0x00007FF7FA7B4000-memory.dmp	xmrig
behavioral2/memory/2620-240-0x00007FF711420000-0x00007FF711774000-memory.dmp	xmrig
behavioral2/memory/3144-232-0x00007FF6FB5E0000-0x00007FF6FB934000-memory.dmp	xmrig
behavioral2/memory/2240-230-0x00007FF65B0B0000-0x00007FF65B404000-memory.dmp	xmrig
behavioral2/memory/1572-1195-0x00007FF77FD80000-0x00007FF7800D4000-memory.dmp	xmrig
behavioral2/memory/3464-229-0x00007FF7E3BA0000-0x00007FF7E3EF4000-memory.dmp	xmrig
behavioral2/memory/4928-228-0x00007FF6936F0000-0x00007FF693A44000-memory.dmp	xmrig
behavioral2/memory/4524-227-0x00007FF7158D0000-0x00007FF715C24000-memory.dmp	xmrig
behavioral2/memory/3924-226-0x00007FF7D3430000-0x00007FF7D3784000-memory.dmp	xmrig
behavioral2/memory/4296-224-0x00007FF655D20000-0x00007FF656074000-memory.dmp	xmrig
behavioral2/memory/3880-223-0x00007FF6783F0000-0x00007FF678744000-memory.dmp	xmrig
behavioral2/memory/1740-222-0x00007FF6FA0E0000-0x00007FF6FA434000-memory.dmp	xmrig
behavioral2/memory/1172-220-0x00007FF6D4FA0000-0x00007FF6D52F4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b84-171.dat	xmrig
behavioral2/files/0x000a000000023b86-167.dat	xmrig
behavioral2/files/0x000a000000023b85-166.dat	xmrig
behavioral2/files/0x000a000000023b83-164.dat	xmrig
behavioral2/files/0x000a000000023b82-158.dat	xmrig
behavioral2/files/0x000a000000023b81-153.dat	xmrig
behavioral2/files/0x000a000000023b80-148.dat	xmrig
behavioral2/files/0x000a000000023b7f-141.dat	xmrig
behavioral2/files/0x000a000000023b7e-136.dat	xmrig
behavioral2/files/0x000a000000023b7d-130.dat	xmrig
behavioral2/files/0x000a000000023b7c-128.dat	xmrig
behavioral2/files/0x000a000000023b7b-122.dat	xmrig
behavioral2/files/0x000a000000023b79-113.dat	xmrig
behavioral2/files/0x000a000000023b78-103.dat	xmrig
behavioral2/files/0x000a000000023b77-98.dat	xmrig
behavioral2/files/0x000a000000023b75-91.dat	xmrig
behavioral2/files/0x000a000000023b74-86.dat	xmrig
behavioral2/files/0x0031000000023b72-73.dat	xmrig
behavioral2/files/0x0031000000023b70-66.dat	xmrig
behavioral2/files/0x000b000000023b65-57.dat	xmrig
behavioral2/memory/3920-44-0x00007FF7B74C0000-0x00007FF7B7814000-memory.dmp	xmrig
behavioral2/memory/1468-39-0x00007FF6D8860000-0x00007FF6D8BB4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b6b-35.dat	xmrig
behavioral2/files/0x000a000000023b68-13.dat	xmrig
behavioral2/memory/3524-12-0x00007FF7E1CA0000-0x00007FF7E1FF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
980	pdtFqke.exe
3524	mQgyYZV.exe
116	XiPWPWT.exe
2684	tpomyjb.exe
1468	rIUqlvW.exe
184	cWFZFej.exe
3920	SmjJzcV.exe
1172	RecUwls.exe
1676	rfAeKSx.exe
212	QTAVNoM.exe
1740	NsHlMoQ.exe
3880	OPgjqho.exe
4296	towLXcp.exe
768	KZYevZs.exe
3924	DrNGIdp.exe
4524	aXMiARf.exe
4928	npfKFpJ.exe
3464	knBbMew.exe
2240	MbLVrrx.exe
4176	dsKFqKN.exe
3144	oQaVKJA.exe
4860	DlvFxwM.exe
2620	PjsyzSr.exe
2332	rjxSupZ.exe
4836	LRWFIkk.exe
2172	gtharmc.exe
2744	oFUpoLW.exe
3508	OjKtUcS.exe
3332	mCjuzTv.exe
3400	bdHyNsD.exe
1028	BWPzFtX.exe
3000	OjuxNIB.exe
2212	oKCGVhs.exe
2060	mGSandt.exe
1372	jCyQCeO.exe
516	QGFqsgx.exe
5076	JOYXghZ.exe
3048	BgPrhNA.exe
4616	hIzOlRg.exe
4900	qCHYdwP.exe
4540	zZQrvsr.exe
2900	HTpjllq.exe
4516	bdCaKjN.exe
3140	NhSAuam.exe
1464	jciMEiV.exe
4776	YhcLVCN.exe
1368	dETNLiQ.exe
1088	atgShsm.exe
3968	FakXxPb.exe
2424	WuaBatm.exe
4432	GoyhnQk.exe
4620	ehRymIf.exe
4448	KTcxAZt.exe
1156	sOtoWrZ.exe
4944	fXFlvmZ.exe
552	RjzomZX.exe
3308	xUZDVYM.exe
1964	MilqAJT.exe
4208	OOJIrzY.exe
3652	PCmLAmD.exe
1916	RmhEbVp.exe
2616	VDpERkQ.exe
3132	zgGiiCe.exe
3396	HEFRVJB.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1572-0-0x00007FF77FD80000-0x00007FF7800D4000-memory.dmp	upx
behavioral2/files/0x000c000000023b60-4.dat	upx
behavioral2/memory/980-8-0x00007FF6CA3A0000-0x00007FF6CA6F4000-memory.dmp	upx
behavioral2/files/0x000a000000023b69-10.dat	upx
behavioral2/files/0x000a000000023b6a-23.dat	upx
behavioral2/memory/116-24-0x00007FF7191A0000-0x00007FF7194F4000-memory.dmp	upx
behavioral2/memory/2684-28-0x00007FF7BA3B0000-0x00007FF7BA704000-memory.dmp	upx
behavioral2/files/0x000a000000023b6c-32.dat	upx
behavioral2/files/0x000a000000023b6d-40.dat	upx
behavioral2/memory/184-43-0x00007FF719980000-0x00007FF719CD4000-memory.dmp	upx
behavioral2/files/0x000a000000023b6e-47.dat	upx
behavioral2/files/0x000a000000023b6f-61.dat	upx
behavioral2/files/0x0031000000023b71-71.dat	upx
behavioral2/files/0x000a000000023b73-77.dat	upx
behavioral2/files/0x000a000000023b76-93.dat	upx
behavioral2/files/0x000a000000023b7a-110.dat	upx
behavioral2/memory/212-221-0x00007FF65FBC0000-0x00007FF65FF14000-memory.dmp	upx
behavioral2/memory/768-225-0x00007FF6054E0000-0x00007FF605834000-memory.dmp	upx
behavioral2/memory/4176-231-0x00007FF74B610000-0x00007FF74B964000-memory.dmp	upx
behavioral2/memory/4860-237-0x00007FF63C870000-0x00007FF63CBC4000-memory.dmp	upx
behavioral2/memory/4836-254-0x00007FF65A9D0000-0x00007FF65AD24000-memory.dmp	upx
behavioral2/memory/3332-273-0x00007FF692D40000-0x00007FF693094000-memory.dmp	upx
behavioral2/memory/1676-276-0x00007FF727DC0000-0x00007FF728114000-memory.dmp	upx
behavioral2/memory/3508-270-0x00007FF665420000-0x00007FF665774000-memory.dmp	upx
behavioral2/memory/2744-264-0x00007FF7DF270000-0x00007FF7DF5C4000-memory.dmp	upx
behavioral2/memory/2172-256-0x00007FF6F8060000-0x00007FF6F83B4000-memory.dmp	upx
behavioral2/memory/2332-248-0x00007FF7FA460000-0x00007FF7FA7B4000-memory.dmp	upx
behavioral2/memory/2620-240-0x00007FF711420000-0x00007FF711774000-memory.dmp	upx
behavioral2/memory/3144-232-0x00007FF6FB5E0000-0x00007FF6FB934000-memory.dmp	upx
behavioral2/memory/2240-230-0x00007FF65B0B0000-0x00007FF65B404000-memory.dmp	upx
behavioral2/memory/1572-1195-0x00007FF77FD80000-0x00007FF7800D4000-memory.dmp	upx
behavioral2/memory/3464-229-0x00007FF7E3BA0000-0x00007FF7E3EF4000-memory.dmp	upx
behavioral2/memory/4928-228-0x00007FF6936F0000-0x00007FF693A44000-memory.dmp	upx
behavioral2/memory/4524-227-0x00007FF7158D0000-0x00007FF715C24000-memory.dmp	upx
behavioral2/memory/3924-226-0x00007FF7D3430000-0x00007FF7D3784000-memory.dmp	upx
behavioral2/memory/4296-224-0x00007FF655D20000-0x00007FF656074000-memory.dmp	upx
behavioral2/memory/3880-223-0x00007FF6783F0000-0x00007FF678744000-memory.dmp	upx
behavioral2/memory/1740-222-0x00007FF6FA0E0000-0x00007FF6FA434000-memory.dmp	upx
behavioral2/memory/1172-220-0x00007FF6D4FA0000-0x00007FF6D52F4000-memory.dmp	upx
behavioral2/files/0x000a000000023b84-171.dat	upx
behavioral2/files/0x000a000000023b86-167.dat	upx
behavioral2/files/0x000a000000023b85-166.dat	upx
behavioral2/files/0x000a000000023b83-164.dat	upx
behavioral2/files/0x000a000000023b82-158.dat	upx
behavioral2/files/0x000a000000023b81-153.dat	upx
behavioral2/files/0x000a000000023b80-148.dat	upx
behavioral2/files/0x000a000000023b7f-141.dat	upx
behavioral2/files/0x000a000000023b7e-136.dat	upx
behavioral2/files/0x000a000000023b7d-130.dat	upx
behavioral2/files/0x000a000000023b7c-128.dat	upx
behavioral2/files/0x000a000000023b7b-122.dat	upx
behavioral2/files/0x000a000000023b79-113.dat	upx
behavioral2/files/0x000a000000023b78-103.dat	upx
behavioral2/files/0x000a000000023b77-98.dat	upx
behavioral2/files/0x000a000000023b75-91.dat	upx
behavioral2/files/0x000a000000023b74-86.dat	upx
behavioral2/files/0x0031000000023b72-73.dat	upx
behavioral2/files/0x0031000000023b70-66.dat	upx
behavioral2/files/0x000b000000023b65-57.dat	upx
behavioral2/memory/3920-44-0x00007FF7B74C0000-0x00007FF7B7814000-memory.dmp	upx
behavioral2/memory/1468-39-0x00007FF6D8860000-0x00007FF6D8BB4000-memory.dmp	upx
behavioral2/files/0x000a000000023b6b-35.dat	upx
behavioral2/files/0x000a000000023b68-13.dat	upx
behavioral2/memory/3524-12-0x00007FF7E1CA0000-0x00007FF7E1FF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zBjVTgB.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEFfJld.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWuXWed.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZYevZs.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\npfKFpJ.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BsmGFvy.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rJEzPXM.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owpkhZc.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYQdonp.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbwzICN.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdmkAxf.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WuCrhIH.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqCEKDY.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cYuKssk.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xUZDVYM.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVOEHIn.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cyzftwV.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhffQcE.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXDULBh.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjmFpeS.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ewAoKBo.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqPtLDZ.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXjgxbg.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fvUDUPv.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVCjkAO.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMUNkiX.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\plFMMvZ.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXStSzc.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aocXaNs.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LzLjwNE.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zlzmWGj.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdSqFIO.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\towLXcp.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JOYXghZ.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yIBtySw.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSDCUOW.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjEuYYv.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMJMcuz.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IltWRch.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pQIKXWr.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNyFeOO.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ewCSQzO.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZIxYfTq.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TdIibXX.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ApUqmUW.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xBrtimp.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zwFQlZy.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MyRZcld.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjsyzSr.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AeJKILH.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ALDwjRn.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbfdJpn.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cknlWtK.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ijljwuD.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mRyeAlw.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYNUBCj.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qpkHjMq.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBsXLMJ.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PffwgyC.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RuzIcBQ.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTBPyWR.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cirFWMI.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\urVsPyb.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xOZbOjE.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 980	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1572 wrote to memory of 980	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1572 wrote to memory of 3524	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1572 wrote to memory of 3524	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1572 wrote to memory of 116	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1572 wrote to memory of 116	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1572 wrote to memory of 2684	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1572 wrote to memory of 2684	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1572 wrote to memory of 1468	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1572 wrote to memory of 1468	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1572 wrote to memory of 184	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1572 wrote to memory of 184	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1572 wrote to memory of 3920	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1572 wrote to memory of 3920	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1572 wrote to memory of 1172	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1572 wrote to memory of 1172	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1572 wrote to memory of 212	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1572 wrote to memory of 212	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1572 wrote to memory of 1676	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1572 wrote to memory of 1676	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1572 wrote to memory of 1740	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1572 wrote to memory of 1740	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1572 wrote to memory of 3880	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1572 wrote to memory of 3880	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1572 wrote to memory of 4296	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1572 wrote to memory of 4296	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1572 wrote to memory of 768	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1572 wrote to memory of 768	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1572 wrote to memory of 3924	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1572 wrote to memory of 3924	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1572 wrote to memory of 4524	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1572 wrote to memory of 4524	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1572 wrote to memory of 4928	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1572 wrote to memory of 4928	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1572 wrote to memory of 3464	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1572 wrote to memory of 3464	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1572 wrote to memory of 2240	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1572 wrote to memory of 2240	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1572 wrote to memory of 4176	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1572 wrote to memory of 4176	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1572 wrote to memory of 3144	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1572 wrote to memory of 3144	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1572 wrote to memory of 4860	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1572 wrote to memory of 4860	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1572 wrote to memory of 2620	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1572 wrote to memory of 2620	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1572 wrote to memory of 2332	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1572 wrote to memory of 2332	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1572 wrote to memory of 4836	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1572 wrote to memory of 4836	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1572 wrote to memory of 2172	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1572 wrote to memory of 2172	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1572 wrote to memory of 2744	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1572 wrote to memory of 2744	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1572 wrote to memory of 3508	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1572 wrote to memory of 3508	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1572 wrote to memory of 3332	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1572 wrote to memory of 3332	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1572 wrote to memory of 3400	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1572 wrote to memory of 3400	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1572 wrote to memory of 1028	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1572 wrote to memory of 1028	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1572 wrote to memory of 3000	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 1572 wrote to memory of 3000	1572	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	117

C:\Users\Admin\AppData\Local\Temp\2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Windows\System\pdtFqke.exe
  C:\Windows\System\pdtFqke.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\mQgyYZV.exe
  C:\Windows\System\mQgyYZV.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\XiPWPWT.exe
  C:\Windows\System\XiPWPWT.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\tpomyjb.exe
  C:\Windows\System\tpomyjb.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\rIUqlvW.exe
  C:\Windows\System\rIUqlvW.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\cWFZFej.exe
  C:\Windows\System\cWFZFej.exe
  2⤵
  - Executes dropped EXE
  PID:184
- C:\Windows\System\SmjJzcV.exe
  C:\Windows\System\SmjJzcV.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\RecUwls.exe
  C:\Windows\System\RecUwls.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\QTAVNoM.exe
  C:\Windows\System\QTAVNoM.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\rfAeKSx.exe
  C:\Windows\System\rfAeKSx.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\NsHlMoQ.exe
  C:\Windows\System\NsHlMoQ.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\OPgjqho.exe
  C:\Windows\System\OPgjqho.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\towLXcp.exe
  C:\Windows\System\towLXcp.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\KZYevZs.exe
  C:\Windows\System\KZYevZs.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\DrNGIdp.exe
  C:\Windows\System\DrNGIdp.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\aXMiARf.exe
  C:\Windows\System\aXMiARf.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\npfKFpJ.exe
  C:\Windows\System\npfKFpJ.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\knBbMew.exe
  C:\Windows\System\knBbMew.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\MbLVrrx.exe
  C:\Windows\System\MbLVrrx.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\dsKFqKN.exe
  C:\Windows\System\dsKFqKN.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\oQaVKJA.exe
  C:\Windows\System\oQaVKJA.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\DlvFxwM.exe
  C:\Windows\System\DlvFxwM.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\PjsyzSr.exe
  C:\Windows\System\PjsyzSr.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\rjxSupZ.exe
  C:\Windows\System\rjxSupZ.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\LRWFIkk.exe
  C:\Windows\System\LRWFIkk.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\gtharmc.exe
  C:\Windows\System\gtharmc.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\oFUpoLW.exe
  C:\Windows\System\oFUpoLW.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\OjKtUcS.exe
  C:\Windows\System\OjKtUcS.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\mCjuzTv.exe
  C:\Windows\System\mCjuzTv.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\bdHyNsD.exe
  C:\Windows\System\bdHyNsD.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\BWPzFtX.exe
  C:\Windows\System\BWPzFtX.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\OjuxNIB.exe
  C:\Windows\System\OjuxNIB.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\oKCGVhs.exe
  C:\Windows\System\oKCGVhs.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\mGSandt.exe
  C:\Windows\System\mGSandt.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\jCyQCeO.exe
  C:\Windows\System\jCyQCeO.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\QGFqsgx.exe
  C:\Windows\System\QGFqsgx.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\JOYXghZ.exe
  C:\Windows\System\JOYXghZ.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\BgPrhNA.exe
  C:\Windows\System\BgPrhNA.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\hIzOlRg.exe
  C:\Windows\System\hIzOlRg.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\qCHYdwP.exe
  C:\Windows\System\qCHYdwP.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\zZQrvsr.exe
  C:\Windows\System\zZQrvsr.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\HTpjllq.exe
  C:\Windows\System\HTpjllq.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\bdCaKjN.exe
  C:\Windows\System\bdCaKjN.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\NhSAuam.exe
  C:\Windows\System\NhSAuam.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\jciMEiV.exe
  C:\Windows\System\jciMEiV.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\YhcLVCN.exe
  C:\Windows\System\YhcLVCN.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\dETNLiQ.exe
  C:\Windows\System\dETNLiQ.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\atgShsm.exe
  C:\Windows\System\atgShsm.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\FakXxPb.exe
  C:\Windows\System\FakXxPb.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\WuaBatm.exe
  C:\Windows\System\WuaBatm.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\GoyhnQk.exe
  C:\Windows\System\GoyhnQk.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\ehRymIf.exe
  C:\Windows\System\ehRymIf.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\KTcxAZt.exe
  C:\Windows\System\KTcxAZt.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\sOtoWrZ.exe
  C:\Windows\System\sOtoWrZ.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\fXFlvmZ.exe
  C:\Windows\System\fXFlvmZ.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\RjzomZX.exe
  C:\Windows\System\RjzomZX.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\xUZDVYM.exe
  C:\Windows\System\xUZDVYM.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\MilqAJT.exe
  C:\Windows\System\MilqAJT.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\OOJIrzY.exe
  C:\Windows\System\OOJIrzY.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\PCmLAmD.exe
  C:\Windows\System\PCmLAmD.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\RmhEbVp.exe
  C:\Windows\System\RmhEbVp.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\VDpERkQ.exe
  C:\Windows\System\VDpERkQ.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\zgGiiCe.exe
  C:\Windows\System\zgGiiCe.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\HEFRVJB.exe
  C:\Windows\System\HEFRVJB.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\XcALntv.exe
  C:\Windows\System\XcALntv.exe
  2⤵
  PID:1120
- C:\Windows\System\TukTZSo.exe
  C:\Windows\System\TukTZSo.exe
  2⤵
  PID:3204
- C:\Windows\System\mjEuYYv.exe
  C:\Windows\System\mjEuYYv.exe
  2⤵
  PID:4940
- C:\Windows\System\RMsOSef.exe
  C:\Windows\System\RMsOSef.exe
  2⤵
  PID:1424
- C:\Windows\System\MEeAJEh.exe
  C:\Windows\System\MEeAJEh.exe
  2⤵
  PID:548
- C:\Windows\System\HGNWsVG.exe
  C:\Windows\System\HGNWsVG.exe
  2⤵
  PID:4380
- C:\Windows\System\kpnyKvg.exe
  C:\Windows\System\kpnyKvg.exe
  2⤵
  PID:3840
- C:\Windows\System\hiDvyLD.exe
  C:\Windows\System\hiDvyLD.exe
  2⤵
  PID:4456
- C:\Windows\System\FefxKta.exe
  C:\Windows\System\FefxKta.exe
  2⤵
  PID:3632
- C:\Windows\System\kVoqHin.exe
  C:\Windows\System\kVoqHin.exe
  2⤵
  PID:4216
- C:\Windows\System\geoaCLn.exe
  C:\Windows\System\geoaCLn.exe
  2⤵
  PID:4816
- C:\Windows\System\grRlRFb.exe
  C:\Windows\System\grRlRFb.exe
  2⤵
  PID:716
- C:\Windows\System\BYkxDta.exe
  C:\Windows\System\BYkxDta.exe
  2⤵
  PID:1608
- C:\Windows\System\PffwgyC.exe
  C:\Windows\System\PffwgyC.exe
  2⤵
  PID:4492
- C:\Windows\System\ioEWYii.exe
  C:\Windows\System\ioEWYii.exe
  2⤵
  PID:1684
- C:\Windows\System\myZEBqk.exe
  C:\Windows\System\myZEBqk.exe
  2⤵
  PID:5136
- C:\Windows\System\rGgyqVb.exe
  C:\Windows\System\rGgyqVb.exe
  2⤵
  PID:5160
- C:\Windows\System\hIiGghB.exe
  C:\Windows\System\hIiGghB.exe
  2⤵
  PID:5176
- C:\Windows\System\tRPsyVD.exe
  C:\Windows\System\tRPsyVD.exe
  2⤵
  PID:5208
- C:\Windows\System\RuzIcBQ.exe
  C:\Windows\System\RuzIcBQ.exe
  2⤵
  PID:5224
- C:\Windows\System\Jdbjsrt.exe
  C:\Windows\System\Jdbjsrt.exe
  2⤵
  PID:5240
- C:\Windows\System\MzykIyo.exe
  C:\Windows\System\MzykIyo.exe
  2⤵
  PID:5284
- C:\Windows\System\ouMJvog.exe
  C:\Windows\System\ouMJvog.exe
  2⤵
  PID:5316
- C:\Windows\System\vBdGYaw.exe
  C:\Windows\System\vBdGYaw.exe
  2⤵
  PID:5372
- C:\Windows\System\jDAIuhT.exe
  C:\Windows\System\jDAIuhT.exe
  2⤵
  PID:5400
- C:\Windows\System\GbzChSu.exe
  C:\Windows\System\GbzChSu.exe
  2⤵
  PID:5416
- C:\Windows\System\JjmUuKq.exe
  C:\Windows\System\JjmUuKq.exe
  2⤵
  PID:5432
- C:\Windows\System\POueZDA.exe
  C:\Windows\System\POueZDA.exe
  2⤵
  PID:5460
- C:\Windows\System\StAJjjz.exe
  C:\Windows\System\StAJjjz.exe
  2⤵
  PID:5488
- C:\Windows\System\DeCCMBP.exe
  C:\Windows\System\DeCCMBP.exe
  2⤵
  PID:5504
- C:\Windows\System\aapEWhl.exe
  C:\Windows\System\aapEWhl.exe
  2⤵
  PID:5532
- C:\Windows\System\yEbAVrT.exe
  C:\Windows\System\yEbAVrT.exe
  2⤵
  PID:5560
- C:\Windows\System\YTHVkNx.exe
  C:\Windows\System\YTHVkNx.exe
  2⤵
  PID:5600
- C:\Windows\System\yvtEYhM.exe
  C:\Windows\System\yvtEYhM.exe
  2⤵
  PID:5624
- C:\Windows\System\FuuVMXv.exe
  C:\Windows\System\FuuVMXv.exe
  2⤵
  PID:5656
- C:\Windows\System\WWIuPtV.exe
  C:\Windows\System\WWIuPtV.exe
  2⤵
  PID:5684
- C:\Windows\System\HWPsTnT.exe
  C:\Windows\System\HWPsTnT.exe
  2⤵
  PID:5712
- C:\Windows\System\OlZRKer.exe
  C:\Windows\System\OlZRKer.exe
  2⤵
  PID:5732
- C:\Windows\System\fnsdJFk.exe
  C:\Windows\System\fnsdJFk.exe
  2⤵
  PID:5748
- C:\Windows\System\wdmkAxf.exe
  C:\Windows\System\wdmkAxf.exe
  2⤵
  PID:5772
- C:\Windows\System\QIlpBuO.exe
  C:\Windows\System\QIlpBuO.exe
  2⤵
  PID:5804
- C:\Windows\System\perbFjW.exe
  C:\Windows\System\perbFjW.exe
  2⤵
  PID:5852
- C:\Windows\System\zwoebYH.exe
  C:\Windows\System\zwoebYH.exe
  2⤵
  PID:5880
- C:\Windows\System\TcwuWPT.exe
  C:\Windows\System\TcwuWPT.exe
  2⤵
  PID:5908
- C:\Windows\System\GXqmwHO.exe
  C:\Windows\System\GXqmwHO.exe
  2⤵
  PID:5936
- C:\Windows\System\pYdffdA.exe
  C:\Windows\System\pYdffdA.exe
  2⤵
  PID:5964
- C:\Windows\System\CHZhbqt.exe
  C:\Windows\System\CHZhbqt.exe
  2⤵
  PID:5992
- C:\Windows\System\UVPERPd.exe
  C:\Windows\System\UVPERPd.exe
  2⤵
  PID:6020
- C:\Windows\System\sFHPFJh.exe
  C:\Windows\System\sFHPFJh.exe
  2⤵
  PID:6052
- C:\Windows\System\aujtZQp.exe
  C:\Windows\System\aujtZQp.exe
  2⤵
  PID:6088
- C:\Windows\System\uRWGWaa.exe
  C:\Windows\System\uRWGWaa.exe
  2⤵
  PID:6116
- C:\Windows\System\HZYBfSC.exe
  C:\Windows\System\HZYBfSC.exe
  2⤵
  PID:4936
- C:\Windows\System\oVTCUBA.exe
  C:\Windows\System\oVTCUBA.exe
  2⤵
  PID:4512
- C:\Windows\System\XmyrgDc.exe
  C:\Windows\System\XmyrgDc.exe
  2⤵
  PID:3644
- C:\Windows\System\cSlqEBj.exe
  C:\Windows\System\cSlqEBj.exe
  2⤵
  PID:1644
- C:\Windows\System\YwDlcBf.exe
  C:\Windows\System\YwDlcBf.exe
  2⤵
  PID:4004
- C:\Windows\System\tOorEyN.exe
  C:\Windows\System\tOorEyN.exe
  2⤵
  PID:5172
- C:\Windows\System\gMMpjYz.exe
  C:\Windows\System\gMMpjYz.exe
  2⤵
  PID:5236
- C:\Windows\System\bdJbMgz.exe
  C:\Windows\System\bdJbMgz.exe
  2⤵
  PID:5344
- C:\Windows\System\EkHOqmV.exe
  C:\Windows\System\EkHOqmV.exe
  2⤵
  PID:5384
- C:\Windows\System\svZVbJa.exe
  C:\Windows\System\svZVbJa.exe
  2⤵
  PID:5444
- C:\Windows\System\FFwfVWh.exe
  C:\Windows\System\FFwfVWh.exe
  2⤵
  PID:5500
- C:\Windows\System\CByvyJH.exe
  C:\Windows\System\CByvyJH.exe
  2⤵
  PID:5584
- C:\Windows\System\sJkDexu.exe
  C:\Windows\System\sJkDexu.exe
  2⤵
  PID:5640
- C:\Windows\System\GbAjNnH.exe
  C:\Windows\System\GbAjNnH.exe
  2⤵
  PID:5672
- C:\Windows\System\KWvHpyv.exe
  C:\Windows\System\KWvHpyv.exe
  2⤵
  PID:5740
- C:\Windows\System\ImQwKBJ.exe
  C:\Windows\System\ImQwKBJ.exe
  2⤵
  PID:5788
- C:\Windows\System\AGCfoOK.exe
  C:\Windows\System\AGCfoOK.exe
  2⤵
  PID:5864
- C:\Windows\System\EpTXeIh.exe
  C:\Windows\System\EpTXeIh.exe
  2⤵
  PID:5924
- C:\Windows\System\aKyRkBA.exe
  C:\Windows\System\aKyRkBA.exe
  2⤵
  PID:5980
- C:\Windows\System\rtxLKMW.exe
  C:\Windows\System\rtxLKMW.exe
  2⤵
  PID:6060
- C:\Windows\System\SLmtlgU.exe
  C:\Windows\System\SLmtlgU.exe
  2⤵
  PID:6104
- C:\Windows\System\WkYalAa.exe
  C:\Windows\System\WkYalAa.exe
  2⤵
  PID:6136
- C:\Windows\System\TNvOpya.exe
  C:\Windows\System\TNvOpya.exe
  2⤵
  PID:4772
- C:\Windows\System\hPsthpA.exe
  C:\Windows\System\hPsthpA.exe
  2⤵
  PID:5148
- C:\Windows\System\iuTBaaW.exe
  C:\Windows\System\iuTBaaW.exe
  2⤵
  PID:5408
- C:\Windows\System\XSohkGs.exe
  C:\Windows\System\XSohkGs.exe
  2⤵
  PID:5572
- C:\Windows\System\hSkDfyn.exe
  C:\Windows\System\hSkDfyn.exe
  2⤵
  PID:5668
- C:\Windows\System\NWxGPta.exe
  C:\Windows\System\NWxGPta.exe
  2⤵
  PID:5840
- C:\Windows\System\hjORHCR.exe
  C:\Windows\System\hjORHCR.exe
  2⤵
  PID:5976
- C:\Windows\System\EjKihmY.exe
  C:\Windows\System\EjKihmY.exe
  2⤵
  PID:6164
- C:\Windows\System\hPejnMM.exe
  C:\Windows\System\hPejnMM.exe
  2⤵
  PID:6204
- C:\Windows\System\BsmGFvy.exe
  C:\Windows\System\BsmGFvy.exe
  2⤵
  PID:6232
- C:\Windows\System\pYZAEOF.exe
  C:\Windows\System\pYZAEOF.exe
  2⤵
  PID:6260
- C:\Windows\System\YXgfjVL.exe
  C:\Windows\System\YXgfjVL.exe
  2⤵
  PID:6284
- C:\Windows\System\xERwRZb.exe
  C:\Windows\System\xERwRZb.exe
  2⤵
  PID:6304
- C:\Windows\System\BUVsVJH.exe
  C:\Windows\System\BUVsVJH.exe
  2⤵
  PID:6340
- C:\Windows\System\gBBRCiw.exe
  C:\Windows\System\gBBRCiw.exe
  2⤵
  PID:6372
- C:\Windows\System\zJQiKbO.exe
  C:\Windows\System\zJQiKbO.exe
  2⤵
  PID:6400
- C:\Windows\System\DSIEDSS.exe
  C:\Windows\System\DSIEDSS.exe
  2⤵
  PID:6428
- C:\Windows\System\XqoiJBH.exe
  C:\Windows\System\XqoiJBH.exe
  2⤵
  PID:6444
- C:\Windows\System\gAzfzQM.exe
  C:\Windows\System\gAzfzQM.exe
  2⤵
  PID:6460
- C:\Windows\System\opUbabV.exe
  C:\Windows\System\opUbabV.exe
  2⤵
  PID:6476
- C:\Windows\System\XHvrVga.exe
  C:\Windows\System\XHvrVga.exe
  2⤵
  PID:6492
- C:\Windows\System\jhYGZGK.exe
  C:\Windows\System\jhYGZGK.exe
  2⤵
  PID:6520
- C:\Windows\System\gfjphpn.exe
  C:\Windows\System\gfjphpn.exe
  2⤵
  PID:6536
- C:\Windows\System\pMqVqPJ.exe
  C:\Windows\System\pMqVqPJ.exe
  2⤵
  PID:6560
- C:\Windows\System\tmglwBU.exe
  C:\Windows\System\tmglwBU.exe
  2⤵
  PID:6628
- C:\Windows\System\eEWkOcJ.exe
  C:\Windows\System\eEWkOcJ.exe
  2⤵
  PID:6644
- C:\Windows\System\YKFvMIP.exe
  C:\Windows\System\YKFvMIP.exe
  2⤵
  PID:6660
- C:\Windows\System\LMVDiFZ.exe
  C:\Windows\System\LMVDiFZ.exe
  2⤵
  PID:6676
- C:\Windows\System\XnhgNaQ.exe
  C:\Windows\System\XnhgNaQ.exe
  2⤵
  PID:6728
- C:\Windows\System\qXStSzc.exe
  C:\Windows\System\qXStSzc.exe
  2⤵
  PID:6744
- C:\Windows\System\xNAjjml.exe
  C:\Windows\System\xNAjjml.exe
  2⤵
  PID:6820
- C:\Windows\System\imCQBxA.exe
  C:\Windows\System\imCQBxA.exe
  2⤵
  PID:6844
- C:\Windows\System\tnMyddY.exe
  C:\Windows\System\tnMyddY.exe
  2⤵
  PID:6876
- C:\Windows\System\JlaMsYW.exe
  C:\Windows\System\JlaMsYW.exe
  2⤵
  PID:6892
- C:\Windows\System\xnvrlCT.exe
  C:\Windows\System\xnvrlCT.exe
  2⤵
  PID:6920
- C:\Windows\System\nrlEZLd.exe
  C:\Windows\System\nrlEZLd.exe
  2⤵
  PID:6956
- C:\Windows\System\KOqoAJn.exe
  C:\Windows\System\KOqoAJn.exe
  2⤵
  PID:6988
- C:\Windows\System\jDgSonN.exe
  C:\Windows\System\jDgSonN.exe
  2⤵
  PID:7016
- C:\Windows\System\HDRAIhJ.exe
  C:\Windows\System\HDRAIhJ.exe
  2⤵
  PID:7040
- C:\Windows\System\WYIsPRa.exe
  C:\Windows\System\WYIsPRa.exe
  2⤵
  PID:7068
- C:\Windows\System\NXjgxbg.exe
  C:\Windows\System\NXjgxbg.exe
  2⤵
  PID:7100
- C:\Windows\System\dzAZdca.exe
  C:\Windows\System\dzAZdca.exe
  2⤵
  PID:7128
- C:\Windows\System\tNFpPVv.exe
  C:\Windows\System\tNFpPVv.exe
  2⤵
  PID:7156
- C:\Windows\System\wchutFl.exe
  C:\Windows\System\wchutFl.exe
  2⤵
  PID:1380
- C:\Windows\System\bZEzQpv.exe
  C:\Windows\System\bZEzQpv.exe
  2⤵
  PID:5216
- C:\Windows\System\dsXUHWt.exe
  C:\Windows\System\dsXUHWt.exe
  2⤵
  PID:3360
- C:\Windows\System\JPiaOsv.exe
  C:\Windows\System\JPiaOsv.exe
  2⤵
  PID:5896
- C:\Windows\System\OLNlmhB.exe
  C:\Windows\System\OLNlmhB.exe
  2⤵
  PID:6176
- C:\Windows\System\FtzSzON.exe
  C:\Windows\System\FtzSzON.exe
  2⤵
  PID:6248
- C:\Windows\System\rSoENcy.exe
  C:\Windows\System\rSoENcy.exe
  2⤵
  PID:6280
- C:\Windows\System\xixeukX.exe
  C:\Windows\System\xixeukX.exe
  2⤵
  PID:6324
- C:\Windows\System\dGJUuJM.exe
  C:\Windows\System\dGJUuJM.exe
  2⤵
  PID:6384
- C:\Windows\System\ROdezSR.exe
  C:\Windows\System\ROdezSR.exe
  2⤵
  PID:6456
- C:\Windows\System\NmrZgFY.exe
  C:\Windows\System\NmrZgFY.exe
  2⤵
  PID:6528
- C:\Windows\System\fMJrMiJ.exe
  C:\Windows\System\fMJrMiJ.exe
  2⤵
  PID:6596
- C:\Windows\System\BNlLaAf.exe
  C:\Windows\System\BNlLaAf.exe
  2⤵
  PID:6672
- C:\Windows\System\PoJBChs.exe
  C:\Windows\System\PoJBChs.exe
  2⤵
  PID:6740
- C:\Windows\System\THoZwNI.exe
  C:\Windows\System\THoZwNI.exe
  2⤵
  PID:6796
- C:\Windows\System\YbtQIQA.exe
  C:\Windows\System\YbtQIQA.exe
  2⤵
  PID:4536
- C:\Windows\System\pEDWPwq.exe
  C:\Windows\System\pEDWPwq.exe
  2⤵
  PID:6900
- C:\Windows\System\alQcKLB.exe
  C:\Windows\System\alQcKLB.exe
  2⤵
  PID:6968
- C:\Windows\System\tochBuc.exe
  C:\Windows\System\tochBuc.exe
  2⤵
  PID:7008
- C:\Windows\System\ZbIJIki.exe
  C:\Windows\System\ZbIJIki.exe
  2⤵
  PID:7088
- C:\Windows\System\DSijhIW.exe
  C:\Windows\System\DSijhIW.exe
  2⤵
  PID:7148
- C:\Windows\System\AHiTDqm.exe
  C:\Windows\System\AHiTDqm.exe
  2⤵
  PID:5308
- C:\Windows\System\kFKfcQq.exe
  C:\Windows\System\kFKfcQq.exe
  2⤵
  PID:6152
- C:\Windows\System\UlKBqFw.exe
  C:\Windows\System\UlKBqFw.exe
  2⤵
  PID:6224
- C:\Windows\System\WZDDATw.exe
  C:\Windows\System\WZDDATw.exe
  2⤵
  PID:6332
- C:\Windows\System\eDqGxHL.exe
  C:\Windows\System\eDqGxHL.exe
  2⤵
  PID:6440
- C:\Windows\System\hXDULBh.exe
  C:\Windows\System\hXDULBh.exe
  2⤵
  PID:6640
- C:\Windows\System\imFwJfM.exe
  C:\Windows\System\imFwJfM.exe
  2⤵
  PID:6888
- C:\Windows\System\EHNvLkF.exe
  C:\Windows\System\EHNvLkF.exe
  2⤵
  PID:7004
- C:\Windows\System\rfVjrqY.exe
  C:\Windows\System\rfVjrqY.exe
  2⤵
  PID:7172
- C:\Windows\System\LZwSopK.exe
  C:\Windows\System\LZwSopK.exe
  2⤵
  PID:7192
- C:\Windows\System\NpIkTcK.exe
  C:\Windows\System\NpIkTcK.exe
  2⤵
  PID:7216
- C:\Windows\System\kvcrujn.exe
  C:\Windows\System\kvcrujn.exe
  2⤵
  PID:7232
- C:\Windows\System\LJZgkFp.exe
  C:\Windows\System\LJZgkFp.exe
  2⤵
  PID:7260
- C:\Windows\System\jGXYaie.exe
  C:\Windows\System\jGXYaie.exe
  2⤵
  PID:7276
- C:\Windows\System\QLPHINV.exe
  C:\Windows\System\QLPHINV.exe
  2⤵
  PID:7292
- C:\Windows\System\AeJKILH.exe
  C:\Windows\System\AeJKILH.exe
  2⤵
  PID:7332
- C:\Windows\System\SPFUhGG.exe
  C:\Windows\System\SPFUhGG.exe
  2⤵
  PID:7352
- C:\Windows\System\TABbMPV.exe
  C:\Windows\System\TABbMPV.exe
  2⤵
  PID:7384
- C:\Windows\System\hNtikTQ.exe
  C:\Windows\System\hNtikTQ.exe
  2⤵
  PID:7440
- C:\Windows\System\QCYXuaP.exe
  C:\Windows\System\QCYXuaP.exe
  2⤵
  PID:7484
- C:\Windows\System\bAQNUxU.exe
  C:\Windows\System\bAQNUxU.exe
  2⤵
  PID:7508
- C:\Windows\System\AIQlXta.exe
  C:\Windows\System\AIQlXta.exe
  2⤵
  PID:7528
- C:\Windows\System\ZjmNIXU.exe
  C:\Windows\System\ZjmNIXU.exe
  2⤵
  PID:7544
- C:\Windows\System\yIBtySw.exe
  C:\Windows\System\yIBtySw.exe
  2⤵
  PID:7568
- C:\Windows\System\pPSpBoy.exe
  C:\Windows\System\pPSpBoy.exe
  2⤵
  PID:7596
- C:\Windows\System\wHtaIsd.exe
  C:\Windows\System\wHtaIsd.exe
  2⤵
  PID:7640
- C:\Windows\System\ONmhzBN.exe
  C:\Windows\System\ONmhzBN.exe
  2⤵
  PID:7676
- C:\Windows\System\BYbBJbJ.exe
  C:\Windows\System\BYbBJbJ.exe
  2⤵
  PID:7704
- C:\Windows\System\hwVfLbV.exe
  C:\Windows\System\hwVfLbV.exe
  2⤵
  PID:7732
- C:\Windows\System\EOOJKiy.exe
  C:\Windows\System\EOOJKiy.exe
  2⤵
  PID:7752
- C:\Windows\System\nftVmKj.exe
  C:\Windows\System\nftVmKj.exe
  2⤵
  PID:7776
- C:\Windows\System\zEgDaSZ.exe
  C:\Windows\System\zEgDaSZ.exe
  2⤵
  PID:7796
- C:\Windows\System\oRkHRPH.exe
  C:\Windows\System\oRkHRPH.exe
  2⤵
  PID:7820
- C:\Windows\System\NUyxIcz.exe
  C:\Windows\System\NUyxIcz.exe
  2⤵
  PID:7860
- C:\Windows\System\jCamRWT.exe
  C:\Windows\System\jCamRWT.exe
  2⤵
  PID:7904
- C:\Windows\System\xBogekd.exe
  C:\Windows\System\xBogekd.exe
  2⤵
  PID:7928
- C:\Windows\System\fjhaGnB.exe
  C:\Windows\System\fjhaGnB.exe
  2⤵
  PID:7956
- C:\Windows\System\BpRwIfP.exe
  C:\Windows\System\BpRwIfP.exe
  2⤵
  PID:7984
- C:\Windows\System\NPiKoLm.exe
  C:\Windows\System\NPiKoLm.exe
  2⤵
  PID:8012
- C:\Windows\System\FupdITW.exe
  C:\Windows\System\FupdITW.exe
  2⤵
  PID:8032
- C:\Windows\System\imhhlFF.exe
  C:\Windows\System\imhhlFF.exe
  2⤵
  PID:8056
- C:\Windows\System\aiqTExr.exe
  C:\Windows\System\aiqTExr.exe
  2⤵
  PID:8084
- C:\Windows\System\bwiaUyM.exe
  C:\Windows\System\bwiaUyM.exe
  2⤵
  PID:8124
- C:\Windows\System\WJjJOcI.exe
  C:\Windows\System\WJjJOcI.exe
  2⤵
  PID:8152
- C:\Windows\System\icjXecY.exe
  C:\Windows\System\icjXecY.exe
  2⤵
  PID:8180
- C:\Windows\System\rqWakht.exe
  C:\Windows\System\rqWakht.exe
  2⤵
  PID:5784
- C:\Windows\System\kcUlgol.exe
  C:\Windows\System\kcUlgol.exe
  2⤵
  PID:6436
- C:\Windows\System\aMOWdxA.exe
  C:\Windows\System\aMOWdxA.exe
  2⤵
  PID:6708
- C:\Windows\System\lvZGvrU.exe
  C:\Windows\System\lvZGvrU.exe
  2⤵
  PID:6944
- C:\Windows\System\cIeoSoz.exe
  C:\Windows\System\cIeoSoz.exe
  2⤵
  PID:7200
- C:\Windows\System\zHYKgYV.exe
  C:\Windows\System\zHYKgYV.exe
  2⤵
  PID:7224
- C:\Windows\System\lawZeIz.exe
  C:\Windows\System\lawZeIz.exe
  2⤵
  PID:7312
- C:\Windows\System\ZyLmPHV.exe
  C:\Windows\System\ZyLmPHV.exe
  2⤵
  PID:7376
- C:\Windows\System\AfmkReM.exe
  C:\Windows\System\AfmkReM.exe
  2⤵
  PID:7420
- C:\Windows\System\ZBqfqmA.exe
  C:\Windows\System\ZBqfqmA.exe
  2⤵
  PID:7516
- C:\Windows\System\zwbnxWN.exe
  C:\Windows\System\zwbnxWN.exe
  2⤵
  PID:7560
- C:\Windows\System\KPPSGFO.exe
  C:\Windows\System\KPPSGFO.exe
  2⤵
  PID:7616
- C:\Windows\System\lxCpmxM.exe
  C:\Windows\System\lxCpmxM.exe
  2⤵
  PID:7664
- C:\Windows\System\RUYuCfy.exe
  C:\Windows\System\RUYuCfy.exe
  2⤵
  PID:7744
- C:\Windows\System\ssmLwnx.exe
  C:\Windows\System\ssmLwnx.exe
  2⤵
  PID:7788
- C:\Windows\System\FTYTfnp.exe
  C:\Windows\System\FTYTfnp.exe
  2⤵
  PID:7888
- C:\Windows\System\EbkQaWY.exe
  C:\Windows\System\EbkQaWY.exe
  2⤵
  PID:7944
- C:\Windows\System\TDFoncY.exe
  C:\Windows\System\TDFoncY.exe
  2⤵
  PID:8004
- C:\Windows\System\FENVMed.exe
  C:\Windows\System\FENVMed.exe
  2⤵
  PID:8048
- C:\Windows\System\nOXYZaz.exe
  C:\Windows\System\nOXYZaz.exe
  2⤵
  PID:8096
- C:\Windows\System\ZowHCxt.exe
  C:\Windows\System\ZowHCxt.exe
  2⤵
  PID:8136
- C:\Windows\System\TnPaPap.exe
  C:\Windows\System\TnPaPap.exe
  2⤵
  PID:8168
- C:\Windows\System\IWcdVrc.exe
  C:\Windows\System\IWcdVrc.exe
  2⤵
  PID:6552
- C:\Windows\System\vZqigeH.exe
  C:\Windows\System\vZqigeH.exe
  2⤵
  PID:7212
- C:\Windows\System\oLymWPI.exe
  C:\Windows\System\oLymWPI.exe
  2⤵
  PID:7540
- C:\Windows\System\NeQqTXA.exe
  C:\Windows\System\NeQqTXA.exe
  2⤵
  PID:7696
- C:\Windows\System\lXBJiZg.exe
  C:\Windows\System\lXBJiZg.exe
  2⤵
  PID:7812
- C:\Windows\System\ThzeDgB.exe
  C:\Windows\System\ThzeDgB.exe
  2⤵
  PID:7920
- C:\Windows\System\PHhePmQ.exe
  C:\Windows\System\PHhePmQ.exe
  2⤵
  PID:8068
- C:\Windows\System\pSIhTQa.exe
  C:\Windows\System\pSIhTQa.exe
  2⤵
  PID:8144
- C:\Windows\System\zpbsNsX.exe
  C:\Windows\System\zpbsNsX.exe
  2⤵
  PID:8204
- C:\Windows\System\VynFlHm.exe
  C:\Windows\System\VynFlHm.exe
  2⤵
  PID:8232
- C:\Windows\System\FsudUyE.exe
  C:\Windows\System\FsudUyE.exe
  2⤵
  PID:8252
- C:\Windows\System\GOBgqUD.exe
  C:\Windows\System\GOBgqUD.exe
  2⤵
  PID:8272
- C:\Windows\System\gzgCIoo.exe
  C:\Windows\System\gzgCIoo.exe
  2⤵
  PID:8292
- C:\Windows\System\TSUvDFj.exe
  C:\Windows\System\TSUvDFj.exe
  2⤵
  PID:8348
- C:\Windows\System\WLUCrdk.exe
  C:\Windows\System\WLUCrdk.exe
  2⤵
  PID:8400
- C:\Windows\System\qHxsfTG.exe
  C:\Windows\System\qHxsfTG.exe
  2⤵
  PID:8420
- C:\Windows\System\HCKKedL.exe
  C:\Windows\System\HCKKedL.exe
  2⤵
  PID:8448
- C:\Windows\System\cQuPZbV.exe
  C:\Windows\System\cQuPZbV.exe
  2⤵
  PID:8488
- C:\Windows\System\pmRUaBN.exe
  C:\Windows\System\pmRUaBN.exe
  2⤵
  PID:8520
- C:\Windows\System\YsZccxe.exe
  C:\Windows\System\YsZccxe.exe
  2⤵
  PID:8536
- C:\Windows\System\ewCSQzO.exe
  C:\Windows\System\ewCSQzO.exe
  2⤵
  PID:8568
- C:\Windows\System\nBbjenM.exe
  C:\Windows\System\nBbjenM.exe
  2⤵
  PID:8604
- C:\Windows\System\hsTjCEJ.exe
  C:\Windows\System\hsTjCEJ.exe
  2⤵
  PID:8632
- C:\Windows\System\EIoronO.exe
  C:\Windows\System\EIoronO.exe
  2⤵
  PID:8660
- C:\Windows\System\eJcloQa.exe
  C:\Windows\System\eJcloQa.exe
  2⤵
  PID:8688
- C:\Windows\System\zwHjHJh.exe
  C:\Windows\System\zwHjHJh.exe
  2⤵
  PID:8716
- C:\Windows\System\bIeukDs.exe
  C:\Windows\System\bIeukDs.exe
  2⤵
  PID:8744
- C:\Windows\System\YjmFpeS.exe
  C:\Windows\System\YjmFpeS.exe
  2⤵
  PID:8772
- C:\Windows\System\NezUuFd.exe
  C:\Windows\System\NezUuFd.exe
  2⤵
  PID:8796
- C:\Windows\System\sJfbpUq.exe
  C:\Windows\System\sJfbpUq.exe
  2⤵
  PID:8828
- C:\Windows\System\XYmRxYg.exe
  C:\Windows\System\XYmRxYg.exe
  2⤵
  PID:8856
- C:\Windows\System\CcHdQrx.exe
  C:\Windows\System\CcHdQrx.exe
  2⤵
  PID:8884
- C:\Windows\System\aRNGXUx.exe
  C:\Windows\System\aRNGXUx.exe
  2⤵
  PID:8912
- C:\Windows\System\ZIxYfTq.exe
  C:\Windows\System\ZIxYfTq.exe
  2⤵
  PID:8936
- C:\Windows\System\qYGOind.exe
  C:\Windows\System\qYGOind.exe
  2⤵
  PID:8968
- C:\Windows\System\KsOXYVR.exe
  C:\Windows\System\KsOXYVR.exe
  2⤵
  PID:8996
- C:\Windows\System\IUITmOU.exe
  C:\Windows\System\IUITmOU.exe
  2⤵
  PID:9024
- C:\Windows\System\BLzhxnG.exe
  C:\Windows\System\BLzhxnG.exe
  2⤵
  PID:9052
- C:\Windows\System\BcyzTWZ.exe
  C:\Windows\System\BcyzTWZ.exe
  2⤵
  PID:9080
- C:\Windows\System\ifBjIdP.exe
  C:\Windows\System\ifBjIdP.exe
  2⤵
  PID:9100
- C:\Windows\System\JsDWfHv.exe
  C:\Windows\System\JsDWfHv.exe
  2⤵
  PID:9136
- C:\Windows\System\ufLwWBp.exe
  C:\Windows\System\ufLwWBp.exe
  2⤵
  PID:9188
- C:\Windows\System\coVRwpZ.exe
  C:\Windows\System\coVRwpZ.exe
  2⤵
  PID:9204
- C:\Windows\System\xOZbOjE.exe
  C:\Windows\System\xOZbOjE.exe
  2⤵
  PID:3268
- C:\Windows\System\XJZVefG.exe
  C:\Windows\System\XJZVefG.exe
  2⤵
  PID:7180
- C:\Windows\System\LqGsPsU.exe
  C:\Windows\System\LqGsPsU.exe
  2⤵
  PID:7464
- C:\Windows\System\AIzqXcx.exe
  C:\Windows\System\AIzqXcx.exe
  2⤵
  PID:1520
- C:\Windows\System\AwIMQxJ.exe
  C:\Windows\System\AwIMQxJ.exe
  2⤵
  PID:7968
- C:\Windows\System\SsuNqST.exe
  C:\Windows\System\SsuNqST.exe
  2⤵
  PID:8200
- C:\Windows\System\KumKFqQ.exe
  C:\Windows\System\KumKFqQ.exe
  2⤵
  PID:8260
- C:\Windows\System\MfGXPWG.exe
  C:\Windows\System\MfGXPWG.exe
  2⤵
  PID:8304
- C:\Windows\System\VEWAgVl.exe
  C:\Windows\System\VEWAgVl.exe
  2⤵
  PID:8360
- C:\Windows\System\qtyAGdH.exe
  C:\Windows\System\qtyAGdH.exe
  2⤵
  PID:8436
- C:\Windows\System\MAwVzfF.exe
  C:\Windows\System\MAwVzfF.exe
  2⤵
  PID:8480
- C:\Windows\System\wQbfIxJ.exe
  C:\Windows\System\wQbfIxJ.exe
  2⤵
  PID:8552
- C:\Windows\System\hlGkCgO.exe
  C:\Windows\System\hlGkCgO.exe
  2⤵
  PID:8596
- C:\Windows\System\WScTVCc.exe
  C:\Windows\System\WScTVCc.exe
  2⤵
  PID:8648
- C:\Windows\System\pGcoapg.exe
  C:\Windows\System\pGcoapg.exe
  2⤵
  PID:8728
- C:\Windows\System\KqJvNwj.exe
  C:\Windows\System\KqJvNwj.exe
  2⤵
  PID:8788
- C:\Windows\System\HutRqsN.exe
  C:\Windows\System\HutRqsN.exe
  2⤵
  PID:8848
- C:\Windows\System\HytLBuv.exe
  C:\Windows\System\HytLBuv.exe
  2⤵
  PID:8900
- C:\Windows\System\VjYjPFt.exe
  C:\Windows\System\VjYjPFt.exe
  2⤵
  PID:8960
- C:\Windows\System\AZaHxvl.exe
  C:\Windows\System\AZaHxvl.exe
  2⤵
  PID:9008
- C:\Windows\System\NBgrrVZ.exe
  C:\Windows\System\NBgrrVZ.exe
  2⤵
  PID:1656
- C:\Windows\System\odJYWSx.exe
  C:\Windows\System\odJYWSx.exe
  2⤵
  PID:4932
- C:\Windows\System\pqajSyZ.exe
  C:\Windows\System\pqajSyZ.exe
  2⤵
  PID:9152
- C:\Windows\System\bPaQPnh.exe
  C:\Windows\System\bPaQPnh.exe
  2⤵
  PID:1952
- C:\Windows\System\uIFGpWB.exe
  C:\Windows\System\uIFGpWB.exe
  2⤵
  PID:3716
- C:\Windows\System\eDXjoDr.exe
  C:\Windows\System\eDXjoDr.exe
  2⤵
  PID:5060
- C:\Windows\System\dcdbbiw.exe
  C:\Windows\System\dcdbbiw.exe
  2⤵
  PID:3420
- C:\Windows\System\VflXzSm.exe
  C:\Windows\System\VflXzSm.exe
  2⤵
  PID:8408
- C:\Windows\System\VHhTuFe.exe
  C:\Windows\System\VHhTuFe.exe
  2⤵
  PID:8528
- C:\Windows\System\ghBxkhl.exe
  C:\Windows\System\ghBxkhl.exe
  2⤵
  PID:8584
- C:\Windows\System\WGCmETO.exe
  C:\Windows\System\WGCmETO.exe
  2⤵
  PID:8756
- C:\Windows\System\aZXWADm.exe
  C:\Windows\System\aZXWADm.exe
  2⤵
  PID:8820
- C:\Windows\System\vLKrcHa.exe
  C:\Windows\System\vLKrcHa.exe
  2⤵
  PID:8932
- C:\Windows\System\xDfrjrf.exe
  C:\Windows\System\xDfrjrf.exe
  2⤵
  PID:3848
- C:\Windows\System\qGfNhkS.exe
  C:\Windows\System\qGfNhkS.exe
  2⤵
  PID:9196
- C:\Windows\System\ynTYCWg.exe
  C:\Windows\System\ynTYCWg.exe
  2⤵
  PID:2556
- C:\Windows\System\UYOchBo.exe
  C:\Windows\System\UYOchBo.exe
  2⤵
  PID:8680
- C:\Windows\System\LfoEiwH.exe
  C:\Windows\System\LfoEiwH.exe
  2⤵
  PID:8816
- C:\Windows\System\EketoSJ.exe
  C:\Windows\System\EketoSJ.exe
  2⤵
  PID:3648
- C:\Windows\System\HMznorr.exe
  C:\Windows\System\HMznorr.exe
  2⤵
  PID:2468
- C:\Windows\System\QMWJAXd.exe
  C:\Windows\System\QMWJAXd.exe
  2⤵
  PID:4924
- C:\Windows\System\nAjLgFs.exe
  C:\Windows\System\nAjLgFs.exe
  2⤵
  PID:3856
- C:\Windows\System\ghUgvmo.exe
  C:\Windows\System\ghUgvmo.exe
  2⤵
  PID:8988
- C:\Windows\System\nuYDlEf.exe
  C:\Windows\System\nuYDlEf.exe
  2⤵
  PID:1752
- C:\Windows\System\Gbotfbi.exe
  C:\Windows\System\Gbotfbi.exe
  2⤵
  PID:8224
- C:\Windows\System\QEjcfNI.exe
  C:\Windows\System\QEjcfNI.exe
  2⤵
  PID:420
- C:\Windows\System\AkGwsBk.exe
  C:\Windows\System\AkGwsBk.exe
  2⤵
  PID:4988
- C:\Windows\System\efszcuZ.exe
  C:\Windows\System\efszcuZ.exe
  2⤵
  PID:636
- C:\Windows\System\PMJMcuz.exe
  C:\Windows\System\PMJMcuz.exe
  2⤵
  PID:3792
- C:\Windows\System\HzQsIdV.exe
  C:\Windows\System\HzQsIdV.exe
  2⤵
  PID:2704
- C:\Windows\System\zfmpphj.exe
  C:\Windows\System\zfmpphj.exe
  2⤵
  PID:4664
- C:\Windows\System\rGIkqDP.exe
  C:\Windows\System\rGIkqDP.exe
  2⤵
  PID:4364
- C:\Windows\System\UGBghnf.exe
  C:\Windows\System\UGBghnf.exe
  2⤵
  PID:4904
- C:\Windows\System\pidvozv.exe
  C:\Windows\System\pidvozv.exe
  2⤵
  PID:2724
- C:\Windows\System\GtpPuUG.exe
  C:\Windows\System\GtpPuUG.exe
  2⤵
  PID:9244
- C:\Windows\System\UWJxKub.exe
  C:\Windows\System\UWJxKub.exe
  2⤵
  PID:9276
- C:\Windows\System\UbpXUOY.exe
  C:\Windows\System\UbpXUOY.exe
  2⤵
  PID:9304
- C:\Windows\System\TdIibXX.exe
  C:\Windows\System\TdIibXX.exe
  2⤵
  PID:9332
- C:\Windows\System\OtoTxNJ.exe
  C:\Windows\System\OtoTxNJ.exe
  2⤵
  PID:9360
- C:\Windows\System\WLayyDs.exe
  C:\Windows\System\WLayyDs.exe
  2⤵
  PID:9392
- C:\Windows\System\sKRRCtG.exe
  C:\Windows\System\sKRRCtG.exe
  2⤵
  PID:9424
- C:\Windows\System\ksjWdab.exe
  C:\Windows\System\ksjWdab.exe
  2⤵
  PID:9452
- C:\Windows\System\uZoicQk.exe
  C:\Windows\System\uZoicQk.exe
  2⤵
  PID:9484
- C:\Windows\System\ilShRPX.exe
  C:\Windows\System\ilShRPX.exe
  2⤵
  PID:9532
- C:\Windows\System\suyXopQ.exe
  C:\Windows\System\suyXopQ.exe
  2⤵
  PID:9552
- C:\Windows\System\HFhIuzj.exe
  C:\Windows\System\HFhIuzj.exe
  2⤵
  PID:9584
- C:\Windows\System\bjKBgVF.exe
  C:\Windows\System\bjKBgVF.exe
  2⤵
  PID:9612
- C:\Windows\System\SxMzwbP.exe
  C:\Windows\System\SxMzwbP.exe
  2⤵
  PID:9644
- C:\Windows\System\aluRKPk.exe
  C:\Windows\System\aluRKPk.exe
  2⤵
  PID:9676
- C:\Windows\System\ewAoKBo.exe
  C:\Windows\System\ewAoKBo.exe
  2⤵
  PID:9704
- C:\Windows\System\CyOcVvp.exe
  C:\Windows\System\CyOcVvp.exe
  2⤵
  PID:9732
- C:\Windows\System\nXnXAuw.exe
  C:\Windows\System\nXnXAuw.exe
  2⤵
  PID:9760
- C:\Windows\System\OoFZiFH.exe
  C:\Windows\System\OoFZiFH.exe
  2⤵
  PID:9800
- C:\Windows\System\JDeqZDE.exe
  C:\Windows\System\JDeqZDE.exe
  2⤵
  PID:9828
- C:\Windows\System\cjfTYWZ.exe
  C:\Windows\System\cjfTYWZ.exe
  2⤵
  PID:9856
- C:\Windows\System\qKgbvkr.exe
  C:\Windows\System\qKgbvkr.exe
  2⤵
  PID:9884
- C:\Windows\System\dCgPcnJ.exe
  C:\Windows\System\dCgPcnJ.exe
  2⤵
  PID:9916
- C:\Windows\System\ZOVFbhp.exe
  C:\Windows\System\ZOVFbhp.exe
  2⤵
  PID:9944
- C:\Windows\System\JQSInwf.exe
  C:\Windows\System\JQSInwf.exe
  2⤵
  PID:10008
- C:\Windows\System\NILnenS.exe
  C:\Windows\System\NILnenS.exe
  2⤵
  PID:10032
- C:\Windows\System\QWEVKQG.exe
  C:\Windows\System\QWEVKQG.exe
  2⤵
  PID:10056
- C:\Windows\System\MPOzoDY.exe
  C:\Windows\System\MPOzoDY.exe
  2⤵
  PID:10080
- C:\Windows\System\tGwBqXV.exe
  C:\Windows\System\tGwBqXV.exe
  2⤵
  PID:10116
- C:\Windows\System\tcmstUi.exe
  C:\Windows\System\tcmstUi.exe
  2⤵
  PID:10148
- C:\Windows\System\InatpBY.exe
  C:\Windows\System\InatpBY.exe
  2⤵
  PID:10176
- C:\Windows\System\GRhnXqk.exe
  C:\Windows\System\GRhnXqk.exe
  2⤵
  PID:10208
- C:\Windows\System\uXDECMv.exe
  C:\Windows\System\uXDECMv.exe
  2⤵
  PID:10236
- C:\Windows\System\bnHveUy.exe
  C:\Windows\System\bnHveUy.exe
  2⤵
  PID:9284
- C:\Windows\System\msqWzZX.exe
  C:\Windows\System\msqWzZX.exe
  2⤵
  PID:1500
- C:\Windows\System\vTdqLKg.exe
  C:\Windows\System\vTdqLKg.exe
  2⤵
  PID:9416
- C:\Windows\System\pVtjDAv.exe
  C:\Windows\System\pVtjDAv.exe
  2⤵
  PID:9496
- C:\Windows\System\RZlsmna.exe
  C:\Windows\System\RZlsmna.exe
  2⤵
  PID:9572
- C:\Windows\System\KcgJXsA.exe
  C:\Windows\System\KcgJXsA.exe
  2⤵
  PID:9624
- C:\Windows\System\TCOMkCc.exe
  C:\Windows\System\TCOMkCc.exe
  2⤵
  PID:9668
- C:\Windows\System\IKdAKEJ.exe
  C:\Windows\System\IKdAKEJ.exe
  2⤵
  PID:9784
- C:\Windows\System\cSUgbKW.exe
  C:\Windows\System\cSUgbKW.exe
  2⤵
  PID:9820
- C:\Windows\System\ZhOoutX.exe
  C:\Windows\System\ZhOoutX.exe
  2⤵
  PID:9900
- C:\Windows\System\mPbAUEO.exe
  C:\Windows\System\mPbAUEO.exe
  2⤵
  PID:9956
- C:\Windows\System\zQMdzLS.exe
  C:\Windows\System\zQMdzLS.exe
  2⤵
  PID:10048
- C:\Windows\System\VJhUdza.exe
  C:\Windows\System\VJhUdza.exe
  2⤵
  PID:10204
- C:\Windows\System\aUEQQUJ.exe
  C:\Windows\System\aUEQQUJ.exe
  2⤵
  PID:9264
- C:\Windows\System\WltomOB.exe
  C:\Windows\System\WltomOB.exe
  2⤵
  PID:9444
- C:\Windows\System\tIvlJIZ.exe
  C:\Windows\System\tIvlJIZ.exe
  2⤵
  PID:9604
- C:\Windows\System\EaTwLzh.exe
  C:\Windows\System\EaTwLzh.exe
  2⤵
  PID:9696
- C:\Windows\System\rFvNYcK.exe
  C:\Windows\System\rFvNYcK.exe
  2⤵
  PID:4420
- C:\Windows\System\ofuhCJk.exe
  C:\Windows\System\ofuhCJk.exe
  2⤵
  PID:9876
- C:\Windows\System\HOHkEcg.exe
  C:\Windows\System\HOHkEcg.exe
  2⤵
  PID:4824
- C:\Windows\System\MWwJvLW.exe
  C:\Windows\System\MWwJvLW.exe
  2⤵
  PID:10112
- C:\Windows\System\ZpFhNcF.exe
  C:\Windows\System\ZpFhNcF.exe
  2⤵
  PID:10128
- C:\Windows\System\FkWGvVv.exe
  C:\Windows\System\FkWGvVv.exe
  2⤵
  PID:10232
- C:\Windows\System\qQOVEHm.exe
  C:\Windows\System\qQOVEHm.exe
  2⤵
  PID:9660
- C:\Windows\System\xBrtimp.exe
  C:\Windows\System\xBrtimp.exe
  2⤵
  PID:3120
- C:\Windows\System\kHYFHxp.exe
  C:\Windows\System\kHYFHxp.exe
  2⤵
  PID:9508
- C:\Windows\System\MYyeVbr.exe
  C:\Windows\System\MYyeVbr.exe
  2⤵
  PID:9540
- C:\Windows\System\PyvOhFd.exe
  C:\Windows\System\PyvOhFd.exe
  2⤵
  PID:10168
- C:\Windows\System\FWuRIiW.exe
  C:\Windows\System\FWuRIiW.exe
  2⤵
  PID:10248
- C:\Windows\System\TbMIHAo.exe
  C:\Windows\System\TbMIHAo.exe
  2⤵
  PID:10292
- C:\Windows\System\fVtbhqq.exe
  C:\Windows\System\fVtbhqq.exe
  2⤵
  PID:10328
- C:\Windows\System\QGnijvt.exe
  C:\Windows\System\QGnijvt.exe
  2⤵
  PID:10348
- C:\Windows\System\NnMUcWv.exe
  C:\Windows\System\NnMUcWv.exe
  2⤵
  PID:10408
- C:\Windows\System\kHgmkrN.exe
  C:\Windows\System\kHgmkrN.exe
  2⤵
  PID:10448
- C:\Windows\System\mLlxVZw.exe
  C:\Windows\System\mLlxVZw.exe
  2⤵
  PID:10480
- C:\Windows\System\ZJQFpix.exe
  C:\Windows\System\ZJQFpix.exe
  2⤵
  PID:10508
- C:\Windows\System\SLZECjc.exe
  C:\Windows\System\SLZECjc.exe
  2⤵
  PID:10536
- C:\Windows\System\Kcegpbc.exe
  C:\Windows\System\Kcegpbc.exe
  2⤵
  PID:10564
- C:\Windows\System\kSOQikZ.exe
  C:\Windows\System\kSOQikZ.exe
  2⤵
  PID:10596
- C:\Windows\System\OeuAdwr.exe
  C:\Windows\System\OeuAdwr.exe
  2⤵
  PID:10624
- C:\Windows\System\IuoxdrR.exe
  C:\Windows\System\IuoxdrR.exe
  2⤵
  PID:10652
- C:\Windows\System\RvJObrI.exe
  C:\Windows\System\RvJObrI.exe
  2⤵
  PID:10680
- C:\Windows\System\gZizIcI.exe
  C:\Windows\System\gZizIcI.exe
  2⤵
  PID:10708
- C:\Windows\System\midxYto.exe
  C:\Windows\System\midxYto.exe
  2⤵
  PID:10744
- C:\Windows\System\Rsgvhaf.exe
  C:\Windows\System\Rsgvhaf.exe
  2⤵
  PID:10764
- C:\Windows\System\HBocecv.exe
  C:\Windows\System\HBocecv.exe
  2⤵
  PID:10796
- C:\Windows\System\HGwaaPy.exe
  C:\Windows\System\HGwaaPy.exe
  2⤵
  PID:10824
- C:\Windows\System\fdYtgVG.exe
  C:\Windows\System\fdYtgVG.exe
  2⤵
  PID:10868
- C:\Windows\System\PqdYOhF.exe
  C:\Windows\System\PqdYOhF.exe
  2⤵
  PID:10904
- C:\Windows\System\WWTYEoW.exe
  C:\Windows\System\WWTYEoW.exe
  2⤵
  PID:10956
- C:\Windows\System\tgfROBo.exe
  C:\Windows\System\tgfROBo.exe
  2⤵
  PID:11020
- C:\Windows\System\tPqMVcy.exe
  C:\Windows\System\tPqMVcy.exe
  2⤵
  PID:11060
- C:\Windows\System\CdgbFnD.exe
  C:\Windows\System\CdgbFnD.exe
  2⤵
  PID:11092
- C:\Windows\System\SODTBDY.exe
  C:\Windows\System\SODTBDY.exe
  2⤵
  PID:11120
- C:\Windows\System\LfSCkrv.exe
  C:\Windows\System\LfSCkrv.exe
  2⤵
  PID:11148
- C:\Windows\System\ptwKeIM.exe
  C:\Windows\System\ptwKeIM.exe
  2⤵
  PID:11176
- C:\Windows\System\ENTjRsk.exe
  C:\Windows\System\ENTjRsk.exe
  2⤵
  PID:11208
- C:\Windows\System\wYmglTY.exe
  C:\Windows\System\wYmglTY.exe
  2⤵
  PID:11244
- C:\Windows\System\ewUiBaE.exe
  C:\Windows\System\ewUiBaE.exe
  2⤵
  PID:10244
- C:\Windows\System\aeXJIaF.exe
  C:\Windows\System\aeXJIaF.exe
  2⤵
  PID:5068
- C:\Windows\System\kwBRYVA.exe
  C:\Windows\System\kwBRYVA.exe
  2⤵
  PID:10396
- C:\Windows\System\mkqfdrC.exe
  C:\Windows\System\mkqfdrC.exe
  2⤵
  PID:10492
- C:\Windows\System\SvMkcpT.exe
  C:\Windows\System\SvMkcpT.exe
  2⤵
  PID:10556
- C:\Windows\System\QHWusgs.exe
  C:\Windows\System\QHWusgs.exe
  2⤵
  PID:10648
- C:\Windows\System\TiRrfPq.exe
  C:\Windows\System\TiRrfPq.exe
  2⤵
  PID:10700
- C:\Windows\System\vBKvdUi.exe
  C:\Windows\System\vBKvdUi.exe
  2⤵
  PID:10776
- C:\Windows\System\IltWRch.exe
  C:\Windows\System\IltWRch.exe
  2⤵
  PID:10820
- C:\Windows\System\zMptjZf.exe
  C:\Windows\System\zMptjZf.exe
  2⤵
  PID:5348
- C:\Windows\System\AdTXFTq.exe
  C:\Windows\System\AdTXFTq.exe
  2⤵
  PID:11068
- C:\Windows\System\aQnUqJt.exe
  C:\Windows\System\aQnUqJt.exe
  2⤵
  PID:11160
- C:\Windows\System\lRGmzSk.exe
  C:\Windows\System\lRGmzSk.exe
  2⤵
  PID:11200
- C:\Windows\System\WuCrhIH.exe
  C:\Windows\System\WuCrhIH.exe
  2⤵
  PID:596
- C:\Windows\System\uDbPQKl.exe
  C:\Windows\System\uDbPQKl.exe
  2⤵
  PID:10440
- C:\Windows\System\lKpJFfA.exe
  C:\Windows\System\lKpJFfA.exe
  2⤵
  PID:10532
- C:\Windows\System\LzNOOmo.exe
  C:\Windows\System\LzNOOmo.exe
  2⤵
  PID:5692
- C:\Windows\System\KUZgKdP.exe
  C:\Windows\System\KUZgKdP.exe
  2⤵
  PID:10784
- C:\Windows\System\upOXMkU.exe
  C:\Windows\System\upOXMkU.exe
  2⤵
  PID:10900
- C:\Windows\System\DcOlNyx.exe
  C:\Windows\System\DcOlNyx.exe
  2⤵
  PID:11204
- C:\Windows\System\mRpKmoA.exe
  C:\Windows\System\mRpKmoA.exe
  2⤵
  PID:10476
- C:\Windows\System\drddtPz.exe
  C:\Windows\System\drddtPz.exe
  2⤵
  PID:10852
- C:\Windows\System\aDrBVkh.exe
  C:\Windows\System\aDrBVkh.exe
  2⤵
  PID:11048
- C:\Windows\System\gPGDJYT.exe
  C:\Windows\System\gPGDJYT.exe
  2⤵
  PID:10728
- C:\Windows\System\mqCEKDY.exe
  C:\Windows\System\mqCEKDY.exe
  2⤵
  PID:11296
- C:\Windows\System\MJFyJiq.exe
  C:\Windows\System\MJFyJiq.exe
  2⤵
  PID:11324
- C:\Windows\System\nsflCKq.exe
  C:\Windows\System\nsflCKq.exe
  2⤵
  PID:11364
- C:\Windows\System\TTOxcfX.exe
  C:\Windows\System\TTOxcfX.exe
  2⤵
  PID:11400
- C:\Windows\System\wjQuSJY.exe
  C:\Windows\System\wjQuSJY.exe
  2⤵
  PID:11444
- C:\Windows\System\kkjfuvb.exe
  C:\Windows\System\kkjfuvb.exe
  2⤵
  PID:11544
- C:\Windows\System\AKrEazt.exe
  C:\Windows\System\AKrEazt.exe
  2⤵
  PID:11600
- C:\Windows\System\eMupXUr.exe
  C:\Windows\System\eMupXUr.exe
  2⤵
  PID:11640
- C:\Windows\System\OVpgvrl.exe
  C:\Windows\System\OVpgvrl.exe
  2⤵
  PID:11704
- C:\Windows\System\eXcaiVd.exe
  C:\Windows\System\eXcaiVd.exe
  2⤵
  PID:11740
- C:\Windows\System\GbfdJpn.exe
  C:\Windows\System\GbfdJpn.exe
  2⤵
  PID:11796
- C:\Windows\System\CMUNkiX.exe
  C:\Windows\System\CMUNkiX.exe
  2⤵
  PID:11852
- C:\Windows\System\qOEuyRj.exe
  C:\Windows\System\qOEuyRj.exe
  2⤵
  PID:11912
- C:\Windows\System\GuafmHr.exe
  C:\Windows\System\GuafmHr.exe
  2⤵
  PID:11948
- C:\Windows\System\blpIUsa.exe
  C:\Windows\System\blpIUsa.exe
  2⤵
  PID:11980
- C:\Windows\System\XVRnNEC.exe
  C:\Windows\System\XVRnNEC.exe
  2⤵
  PID:12000
- C:\Windows\System\tjPNWls.exe
  C:\Windows\System\tjPNWls.exe
  2⤵
  PID:12040
- C:\Windows\System\DaQcdfi.exe
  C:\Windows\System\DaQcdfi.exe
  2⤵
  PID:12072
- C:\Windows\System\PJLgJmV.exe
  C:\Windows\System\PJLgJmV.exe
  2⤵
  PID:12104
- C:\Windows\System\BuYPnbl.exe
  C:\Windows\System\BuYPnbl.exe
  2⤵
  PID:12132
- C:\Windows\System\KeDhXeH.exe
  C:\Windows\System\KeDhXeH.exe
  2⤵
  PID:12168
- C:\Windows\System\SQWfDqR.exe
  C:\Windows\System\SQWfDqR.exe
  2⤵
  PID:12188
- C:\Windows\System\myUKvwq.exe
  C:\Windows\System\myUKvwq.exe
  2⤵
  PID:12216
- C:\Windows\System\tasItxj.exe
  C:\Windows\System\tasItxj.exe
  2⤵
  PID:12244
- C:\Windows\System\RIkLIPj.exe
  C:\Windows\System\RIkLIPj.exe
  2⤵
  PID:12272
- C:\Windows\System\qagLUlb.exe
  C:\Windows\System\qagLUlb.exe
  2⤵
  PID:11316
- C:\Windows\System\vQyaeQx.exe
  C:\Windows\System\vQyaeQx.exe
  2⤵
  PID:11372
- C:\Windows\System\NZjHFmM.exe
  C:\Windows\System\NZjHFmM.exe
  2⤵
  PID:6140
- C:\Windows\System\zVfOaJK.exe
  C:\Windows\System\zVfOaJK.exe
  2⤵
  PID:3948
- C:\Windows\System\ogSQoVz.exe
  C:\Windows\System\ogSQoVz.exe
  2⤵
  PID:11436
- C:\Windows\System\XNEJbxt.exe
  C:\Windows\System\XNEJbxt.exe
  2⤵
  PID:11440
- C:\Windows\System\gRIOuWO.exe
  C:\Windows\System\gRIOuWO.exe
  2⤵
  PID:5696
- C:\Windows\System\MVyIpun.exe
  C:\Windows\System\MVyIpun.exe
  2⤵
  PID:840
- C:\Windows\System\RRkkHKo.exe
  C:\Windows\System\RRkkHKo.exe
  2⤵
  PID:6032
- C:\Windows\System\IBTlUef.exe
  C:\Windows\System\IBTlUef.exe
  2⤵
  PID:11452
- C:\Windows\System\idrTbJm.exe
  C:\Windows\System\idrTbJm.exe
  2⤵
  PID:4520
- C:\Windows\System\PqqmdVu.exe
  C:\Windows\System\PqqmdVu.exe
  2⤵
  PID:5900
- C:\Windows\System\dfccfiF.exe
  C:\Windows\System\dfccfiF.exe
  2⤵
  PID:5720
- C:\Windows\System\HTXkWHE.exe
  C:\Windows\System\HTXkWHE.exe
  2⤵
  PID:3876
- C:\Windows\System\avQpVhP.exe
  C:\Windows\System\avQpVhP.exe
  2⤵
  PID:6240
- C:\Windows\System\EETnFyX.exe
  C:\Windows\System\EETnFyX.exe
  2⤵
  PID:3096
- C:\Windows\System\SbJIOEn.exe
  C:\Windows\System\SbJIOEn.exe
  2⤵
  PID:1760
- C:\Windows\System\misAPdI.exe
  C:\Windows\System\misAPdI.exe
  2⤵
  PID:11636
- C:\Windows\System\htbKvyD.exe
  C:\Windows\System\htbKvyD.exe
  2⤵
  PID:11556
- C:\Windows\System\tKrsyDs.exe
  C:\Windows\System\tKrsyDs.exe
  2⤵
  PID:6312
- C:\Windows\System\KHhAgts.exe
  C:\Windows\System\KHhAgts.exe
  2⤵
  PID:6380
- C:\Windows\System\WFQjvsR.exe
  C:\Windows\System\WFQjvsR.exe
  2⤵
  PID:6612
- C:\Windows\System\XINonSS.exe
  C:\Windows\System\XINonSS.exe
  2⤵
  PID:6592
- C:\Windows\System\WgxihnZ.exe
  C:\Windows\System\WgxihnZ.exe
  2⤵
  PID:6800
- C:\Windows\System\IwsGrll.exe
  C:\Windows\System\IwsGrll.exe
  2⤵
  PID:6828
- C:\Windows\System\oxtQRGY.exe
  C:\Windows\System\oxtQRGY.exe
  2⤵
  PID:6940
- C:\Windows\System\PfwELYq.exe
  C:\Windows\System\PfwELYq.exe
  2⤵
  PID:7024
- C:\Windows\System\wthqvSJ.exe
  C:\Windows\System\wthqvSJ.exe
  2⤵
  PID:7136
- C:\Windows\System\sNQSPst.exe
  C:\Windows\System\sNQSPst.exe
  2⤵
  PID:11608
- C:\Windows\System\gnfKXQY.exe
  C:\Windows\System\gnfKXQY.exe
  2⤵
  PID:11628
- C:\Windows\System\ALDwjRn.exe
  C:\Windows\System\ALDwjRn.exe
  2⤵
  PID:1488
- C:\Windows\System\UiHAXWd.exe
  C:\Windows\System\UiHAXWd.exe
  2⤵
  PID:4164
- C:\Windows\System\UlZOQfh.exe
  C:\Windows\System\UlZOQfh.exe
  2⤵
  PID:2432
- C:\Windows\System\NqvNTYE.exe
  C:\Windows\System\NqvNTYE.exe
  2⤵
  PID:3052
- C:\Windows\System\xUjydUs.exe
  C:\Windows\System\xUjydUs.exe
  2⤵
  PID:1672
- C:\Windows\System\tDgIzVk.exe
  C:\Windows\System\tDgIzVk.exe
  2⤵
  PID:11700
- C:\Windows\System\amshKPV.exe
  C:\Windows\System\amshKPV.exe
  2⤵
  PID:11840
- C:\Windows\System\EYhGVTR.exe
  C:\Windows\System\EYhGVTR.exe
  2⤵
  PID:11976
- C:\Windows\System\zwFQlZy.exe
  C:\Windows\System\zwFQlZy.exe
  2⤵
  PID:12060
- C:\Windows\System\PELPoqW.exe
  C:\Windows\System\PELPoqW.exe
  2⤵
  PID:4556
- C:\Windows\System\OaHCWfZ.exe
  C:\Windows\System\OaHCWfZ.exe
  2⤵
  PID:2804
- C:\Windows\System\QYSxowf.exe
  C:\Windows\System\QYSxowf.exe
  2⤵
  PID:12128
- C:\Windows\System\GJNVGsk.exe
  C:\Windows\System\GJNVGsk.exe
  2⤵
  PID:4876
- C:\Windows\System\YOKFaVV.exe
  C:\Windows\System\YOKFaVV.exe
  2⤵
  PID:12212
- C:\Windows\System\SnKlWEj.exe
  C:\Windows\System\SnKlWEj.exe
  2⤵
  PID:12256
- C:\Windows\System\DPMThHD.exe
  C:\Windows\System\DPMThHD.exe
  2⤵
  PID:6636
- C:\Windows\System\YqTMHzT.exe
  C:\Windows\System\YqTMHzT.exe
  2⤵
  PID:11392
- C:\Windows\System\UlsrPIm.exe
  C:\Windows\System\UlsrPIm.exe
  2⤵
  PID:11532
- C:\Windows\System\fycQuhF.exe
  C:\Windows\System\fycQuhF.exe
  2⤵
  PID:5192
- C:\Windows\System\QKrLuvJ.exe
  C:\Windows\System\QKrLuvJ.exe
  2⤵
  PID:864
- C:\Windows\System\VFefjii.exe
  C:\Windows\System\VFefjii.exe
  2⤵
  PID:3944
- C:\Windows\System\nMJXHnc.exe
  C:\Windows\System\nMJXHnc.exe
  2⤵
  PID:5544
- C:\Windows\System\MKjPjdN.exe
  C:\Windows\System\MKjPjdN.exe
  2⤵
  PID:1612
- C:\Windows\System\ZJTNHHt.exe
  C:\Windows\System\ZJTNHHt.exe
  2⤵
  PID:4356
- C:\Windows\System\XhKitgR.exe
  C:\Windows\System\XhKitgR.exe
  2⤵
  PID:3988
- C:\Windows\System\ZcTuRbY.exe
  C:\Windows\System\ZcTuRbY.exe
  2⤵
  PID:11572
- C:\Windows\System\yRirxrw.exe
  C:\Windows\System\yRirxrw.exe
  2⤵
  PID:6516
- C:\Windows\System\bRkDtyA.exe
  C:\Windows\System\bRkDtyA.exe
  2⤵
  PID:6548
- C:\Windows\System\UXbWUUt.exe
  C:\Windows\System\UXbWUUt.exe
  2⤵
  PID:6720
- C:\Windows\System\qPcJRkj.exe
  C:\Windows\System\qPcJRkj.exe
  2⤵
  PID:5204
- C:\Windows\System\atSrgKm.exe
  C:\Windows\System\atSrgKm.exe
  2⤵
  PID:6964
- C:\Windows\System\Quggvjv.exe
  C:\Windows\System\Quggvjv.exe
  2⤵
  PID:11612
- C:\Windows\System\LGuwEWO.exe
  C:\Windows\System\LGuwEWO.exe
  2⤵
  PID:5264
- C:\Windows\System\zUTgVQO.exe
  C:\Windows\System\zUTgVQO.exe
  2⤵
  PID:2896
- C:\Windows\System\owpkhZc.exe
  C:\Windows\System\owpkhZc.exe
  2⤵
  PID:520
- C:\Windows\System\fvUDUPv.exe
  C:\Windows\System\fvUDUPv.exe
  2⤵
  PID:5336
- C:\Windows\System\TFYmmJZ.exe
  C:\Windows\System\TFYmmJZ.exe
  2⤵
  PID:11720
- C:\Windows\System\dpmJTOW.exe
  C:\Windows\System\dpmJTOW.exe
  2⤵
  PID:5456
- C:\Windows\System\tvJaDWK.exe
  C:\Windows\System\tvJaDWK.exe
  2⤵
  PID:5516
- C:\Windows\System\TAIvCzp.exe
  C:\Windows\System\TAIvCzp.exe
  2⤵
  PID:1816
- C:\Windows\System\JWtypsb.exe
  C:\Windows\System\JWtypsb.exe
  2⤵
  PID:10928
- C:\Windows\System\fJtLHcl.exe
  C:\Windows\System\fJtLHcl.exe
  2⤵
  PID:12208
- C:\Windows\System\XYhmULE.exe
  C:\Windows\System\XYhmULE.exe
  2⤵
  PID:5568
- C:\Windows\System\QHFdjcZ.exe
  C:\Windows\System\QHFdjcZ.exe
  2⤵
  PID:6124
- C:\Windows\System\XpBwUgv.exe
  C:\Windows\System\XpBwUgv.exe
  2⤵
  PID:10424
- C:\Windows\System\drgcPOi.exe
  C:\Windows\System\drgcPOi.exe
  2⤵
  PID:228
- C:\Windows\System\NTBPyWR.exe
  C:\Windows\System\NTBPyWR.exe
  2⤵
  PID:5632
- C:\Windows\System\CkpCSLo.exe
  C:\Windows\System\CkpCSLo.exe
  2⤵
  PID:5948
- C:\Windows\System\eYYppEU.exe
  C:\Windows\System\eYYppEU.exe
  2⤵
  PID:5680
- C:\Windows\System\XMsQSgF.exe
  C:\Windows\System\XMsQSgF.exe
  2⤵
  PID:4992
- C:\Windows\System\MjjSNha.exe
  C:\Windows\System\MjjSNha.exe
  2⤵
  PID:4376
- C:\Windows\System\aWRebts.exe
  C:\Windows\System\aWRebts.exe
  2⤵
  PID:5476
- C:\Windows\System\cpJujjs.exe
  C:\Windows\System\cpJujjs.exe
  2⤵
  PID:5796
- C:\Windows\System\RfUWPtO.exe
  C:\Windows\System\RfUWPtO.exe
  2⤵
  PID:5848
- C:\Windows\System\MKyrOEG.exe
  C:\Windows\System\MKyrOEG.exe
  2⤵
  PID:6812
- C:\Windows\System\GAhIUGP.exe
  C:\Windows\System\GAhIUGP.exe
  2⤵
  PID:9212
- C:\Windows\System\AUnrCNw.exe
  C:\Windows\System\AUnrCNw.exe
  2⤵
  PID:2492
- C:\Windows\System\rmXPXLg.exe
  C:\Windows\System\rmXPXLg.exe
  2⤵
  PID:4312
- C:\Windows\System\OKiOPVo.exe
  C:\Windows\System\OKiOPVo.exe
  2⤵
  PID:11428
- C:\Windows\System\TQuJlBX.exe
  C:\Windows\System\TQuJlBX.exe
  2⤵
  PID:11944
- C:\Windows\System\viiQyLW.exe
  C:\Windows\System\viiQyLW.exe
  2⤵
  PID:3736
- C:\Windows\System\SnshmFY.exe
  C:\Windows\System\SnshmFY.exe
  2⤵
  PID:4036
- C:\Windows\System\vjsKjCp.exe
  C:\Windows\System\vjsKjCp.exe
  2⤵
  PID:5592
- C:\Windows\System\iDHaooG.exe
  C:\Windows\System\iDHaooG.exe
  2⤵
  PID:10404
- C:\Windows\System\BPQJeyb.exe
  C:\Windows\System\BPQJeyb.exe
  2⤵
  PID:5452
- C:\Windows\System\ZFXLCHZ.exe
  C:\Windows\System\ZFXLCHZ.exe
  2⤵
  PID:3336
- C:\Windows\System\vYgqTUo.exe
  C:\Windows\System\vYgqTUo.exe
  2⤵
  PID:8
- C:\Windows\System\eFKOfQt.exe
  C:\Windows\System\eFKOfQt.exe
  2⤵
  PID:4184
- C:\Windows\System\vwAEzFL.exe
  C:\Windows\System\vwAEzFL.exe
  2⤵
  PID:7872
- C:\Windows\System\SXSYDWh.exe
  C:\Windows\System\SXSYDWh.exe
  2⤵
  PID:5300
- C:\Windows\System\zUEfWWl.exe
  C:\Windows\System\zUEfWWl.exe
  2⤵
  PID:5944
- C:\Windows\System\mpMELwQ.exe
  C:\Windows\System\mpMELwQ.exe
  2⤵
  PID:6016
- C:\Windows\System\UdvECVV.exe
  C:\Windows\System\UdvECVV.exe
  2⤵
  PID:6064
- C:\Windows\System\UqRTFDU.exe
  C:\Windows\System\UqRTFDU.exe
  2⤵
  PID:2856
- C:\Windows\System\kIAmIdN.exe
  C:\Windows\System\kIAmIdN.exe
  2⤵
  PID:2448
- C:\Windows\System\DBDSXOd.exe
  C:\Windows\System\DBDSXOd.exe
  2⤵
  PID:5272
- C:\Windows\System\FiFzZiN.exe
  C:\Windows\System\FiFzZiN.exe
  2⤵
  PID:12184
- C:\Windows\System\fgOzOUs.exe
  C:\Windows\System\fgOzOUs.exe
  2⤵
  PID:2596
- C:\Windows\System\BFZxdev.exe
  C:\Windows\System\BFZxdev.exe
  2⤵
  PID:5260
- C:\Windows\System\OYOfVMM.exe
  C:\Windows\System\OYOfVMM.exe
  2⤵
  PID:5812
- C:\Windows\System\naDduxt.exe
  C:\Windows\System\naDduxt.exe
  2⤵
  PID:3580
- C:\Windows\System\rduSOPO.exe
  C:\Windows\System\rduSOPO.exe
  2⤵
  PID:12316
- C:\Windows\System\uqCFnoC.exe
  C:\Windows\System\uqCFnoC.exe
  2⤵
  PID:12344
- C:\Windows\System\ZOKYowQ.exe
  C:\Windows\System\ZOKYowQ.exe
  2⤵
  PID:12376
- C:\Windows\System\ctUJxAc.exe
  C:\Windows\System\ctUJxAc.exe
  2⤵
  PID:12404
- C:\Windows\System\TgqmpZG.exe
  C:\Windows\System\TgqmpZG.exe
  2⤵
  PID:12432
- C:\Windows\System\SdcNCNF.exe
  C:\Windows\System\SdcNCNF.exe
  2⤵
  PID:12460
- C:\Windows\System\zqauLYq.exe
  C:\Windows\System\zqauLYq.exe
  2⤵
  PID:12488
- C:\Windows\System\WOStWMh.exe
  C:\Windows\System\WOStWMh.exe
  2⤵
  PID:12516
- C:\Windows\System\IEbnyqW.exe
  C:\Windows\System\IEbnyqW.exe
  2⤵
  PID:12544
- C:\Windows\System\keHUyjg.exe
  C:\Windows\System\keHUyjg.exe
  2⤵
  PID:12572
- C:\Windows\System\IGJlhhL.exe
  C:\Windows\System\IGJlhhL.exe
  2⤵
  PID:12600
- C:\Windows\System\GEYXqnA.exe
  C:\Windows\System\GEYXqnA.exe
  2⤵
  PID:12628
- C:\Windows\System\laELTpQ.exe
  C:\Windows\System\laELTpQ.exe
  2⤵
  PID:12656
- C:\Windows\System\yhYHPbG.exe
  C:\Windows\System\yhYHPbG.exe
  2⤵
  PID:12684
- C:\Windows\System\CChqZPC.exe
  C:\Windows\System\CChqZPC.exe
  2⤵
  PID:12700
- C:\Windows\System\aVqTLEq.exe
  C:\Windows\System\aVqTLEq.exe
  2⤵
  PID:12740
- C:\Windows\System\IWzeOSL.exe
  C:\Windows\System\IWzeOSL.exe
  2⤵
  PID:12768
- C:\Windows\System\xsGcKYt.exe
  C:\Windows\System\xsGcKYt.exe
  2⤵
  PID:12796
- C:\Windows\System\WThupEK.exe
  C:\Windows\System\WThupEK.exe
  2⤵
  PID:12824
- C:\Windows\System\ZUinMnp.exe
  C:\Windows\System\ZUinMnp.exe
  2⤵
  PID:12852
- C:\Windows\System\Rngqjjw.exe
  C:\Windows\System\Rngqjjw.exe
  2⤵
  PID:12880
- C:\Windows\System\mRyeAlw.exe
  C:\Windows\System\mRyeAlw.exe
  2⤵
  PID:12908
- C:\Windows\System\vXxCzej.exe
  C:\Windows\System\vXxCzej.exe
  2⤵
  PID:12936
- C:\Windows\System\LpwhXGV.exe
  C:\Windows\System\LpwhXGV.exe
  2⤵
  PID:12964
- C:\Windows\System\DVOEHIn.exe
  C:\Windows\System\DVOEHIn.exe
  2⤵
  PID:12992
- C:\Windows\System\DtWuGMk.exe
  C:\Windows\System\DtWuGMk.exe
  2⤵
  PID:13020
- C:\Windows\System\GTOUCak.exe
  C:\Windows\System\GTOUCak.exe
  2⤵
  PID:13052
- C:\Windows\System\MkjyLiX.exe
  C:\Windows\System\MkjyLiX.exe
  2⤵
  PID:13080
- C:\Windows\System\dlGFJjL.exe
  C:\Windows\System\dlGFJjL.exe
  2⤵
  PID:13108
- C:\Windows\System\NkTanQc.exe
  C:\Windows\System\NkTanQc.exe
  2⤵
  PID:13136
- C:\Windows\System\KYrsnBL.exe
  C:\Windows\System\KYrsnBL.exe
  2⤵
  PID:13164
- C:\Windows\System\VzcDUKl.exe
  C:\Windows\System\VzcDUKl.exe
  2⤵
  PID:13192
- C:\Windows\System\VUpdGsf.exe
  C:\Windows\System\VUpdGsf.exe
  2⤵
  PID:13220
- C:\Windows\System\FIjWgum.exe
  C:\Windows\System\FIjWgum.exe
  2⤵
  PID:13248
- C:\Windows\System\HTuuWxO.exe
  C:\Windows\System\HTuuWxO.exe
  2⤵
  PID:13288
- C:\Windows\System\fxYfteE.exe
  C:\Windows\System\fxYfteE.exe
  2⤵
  PID:13304
- C:\Windows\System\QaQfhfJ.exe
  C:\Windows\System\QaQfhfJ.exe
  2⤵
  PID:12328
- C:\Windows\System\qGUHOkt.exe
  C:\Windows\System\qGUHOkt.exe
  2⤵
  PID:12396
- C:\Windows\System\WqzucKY.exe
  C:\Windows\System\WqzucKY.exe
  2⤵
  PID:12452
- C:\Windows\System\gaNQQKe.exe
  C:\Windows\System\gaNQQKe.exe
  2⤵
  PID:12508
- C:\Windows\System\RYixrNS.exe
  C:\Windows\System\RYixrNS.exe
  2⤵
  PID:12536
- C:\Windows\System\rhTcQtM.exe
  C:\Windows\System\rhTcQtM.exe
  2⤵
  PID:6212
- C:\Windows\System\oYKDVAX.exe
  C:\Windows\System\oYKDVAX.exe
  2⤵
  PID:6256
- C:\Windows\System\AVRoPhY.exe
  C:\Windows\System\AVRoPhY.exe
  2⤵
  PID:12696
- C:\Windows\System\prCaqQD.exe
  C:\Windows\System\prCaqQD.exe
  2⤵
  PID:12752
- C:\Windows\System\FGcaUmV.exe
  C:\Windows\System\FGcaUmV.exe
  2⤵
  PID:12816
- C:\Windows\System\tjlzXpH.exe
  C:\Windows\System\tjlzXpH.exe
  2⤵
  PID:12876
- C:\Windows\System\AUtatPc.exe
  C:\Windows\System\AUtatPc.exe
  2⤵
  PID:12932
- C:\Windows\System\KokTzWd.exe
  C:\Windows\System\KokTzWd.exe
  2⤵
  PID:12988
- C:\Windows\System\JkSFSZg.exe
  C:\Windows\System\JkSFSZg.exe
  2⤵
  PID:13064
- C:\Windows\System\imVwPHP.exe
  C:\Windows\System\imVwPHP.exe
  2⤵
  PID:13120
- C:\Windows\System\hDmKPTQ.exe
  C:\Windows\System\hDmKPTQ.exe
  2⤵
  PID:8724
- C:\Windows\System\WAvKAvX.exe
  C:\Windows\System\WAvKAvX.exe
  2⤵
  PID:13232
- C:\Windows\System\MyRZcld.exe
  C:\Windows\System\MyRZcld.exe
  2⤵
  PID:8836
- C:\Windows\System\gNojrWa.exe
  C:\Windows\System\gNojrWa.exe
  2⤵
  PID:12356
- C:\Windows\System\ApUqmUW.exe
  C:\Windows\System\ApUqmUW.exe
  2⤵
  PID:12480
- C:\Windows\System\mMQAciR.exe
  C:\Windows\System\mMQAciR.exe
  2⤵
  PID:13040
- C:\Windows\System\nIQYJlu.exe
  C:\Windows\System\nIQYJlu.exe
  2⤵
  PID:12680
- C:\Windows\System\ojovSUt.exe
  C:\Windows\System\ojovSUt.exe
  2⤵
  PID:12808
- C:\Windows\System\QavdHqY.exe
  C:\Windows\System\QavdHqY.exe
  2⤵
  PID:12392
- C:\Windows\System\lDNbBnL.exe
  C:\Windows\System\lDNbBnL.exe
  2⤵
  PID:13048
- C:\Windows\System\HMCIJTd.exe
  C:\Windows\System\HMCIJTd.exe
  2⤵
  PID:13188
- C:\Windows\System\BkxEAel.exe
  C:\Windows\System\BkxEAel.exe
  2⤵
  PID:12304
- C:\Windows\System\obeRyrT.exe
  C:\Windows\System\obeRyrT.exe
  2⤵
  PID:12564
- C:\Windows\System\tgoaeTt.exe
  C:\Windows\System\tgoaeTt.exe
  2⤵
  PID:12780
- C:\Windows\System\HYQdonp.exe
  C:\Windows\System\HYQdonp.exe
  2⤵
  PID:13044
- C:\Windows\System\kdtjOCB.exe
  C:\Windows\System\kdtjOCB.exe
  2⤵
  PID:12448
- C:\Windows\System\PRQPUwy.exe
  C:\Windows\System\PRQPUwy.exe
  2⤵
  PID:12904
- C:\Windows\System\pRqJrDS.exe
  C:\Windows\System\pRqJrDS.exe
  2⤵
  PID:12668
- C:\Windows\System\EsLvDqd.exe
  C:\Windows\System\EsLvDqd.exe
  2⤵
  PID:4280
- C:\Windows\System\FSKMyjT.exe
  C:\Windows\System\FSKMyjT.exe
  2⤵
  PID:7772
- C:\Windows\System\LVAOOPq.exe
  C:\Windows\System\LVAOOPq.exe
  2⤵
  PID:13332
- C:\Windows\System\APFopvk.exe
  C:\Windows\System\APFopvk.exe
  2⤵
  PID:13364
- C:\Windows\System\cUQjCDw.exe
  C:\Windows\System\cUQjCDw.exe
  2⤵
  PID:13400
- C:\Windows\System\UhMttHw.exe
  C:\Windows\System\UhMttHw.exe
  2⤵
  PID:13416
- C:\Windows\System\RRZASDK.exe
  C:\Windows\System\RRZASDK.exe
  2⤵
  PID:13444
- C:\Windows\System\eukQxKm.exe
  C:\Windows\System\eukQxKm.exe
  2⤵
  PID:13472
- C:\Windows\System\vVboUtS.exe
  C:\Windows\System\vVboUtS.exe
  2⤵
  PID:13500
- C:\Windows\System\hZclxBA.exe
  C:\Windows\System\hZclxBA.exe
  2⤵
  PID:13528
- C:\Windows\System\McOpCMg.exe
  C:\Windows\System\McOpCMg.exe
  2⤵
  PID:13556
- C:\Windows\System\FhlQUeM.exe
  C:\Windows\System\FhlQUeM.exe
  2⤵
  PID:13584
- C:\Windows\System\MpGeTfA.exe
  C:\Windows\System\MpGeTfA.exe
  2⤵
  PID:13612
- C:\Windows\System\SwNYDeD.exe
  C:\Windows\System\SwNYDeD.exe
  2⤵
  PID:13640
- C:\Windows\System\kPpLJxg.exe
  C:\Windows\System\kPpLJxg.exe
  2⤵
  PID:13668
- C:\Windows\System\vDhCgfr.exe
  C:\Windows\System\vDhCgfr.exe
  2⤵
  PID:13696
- C:\Windows\System\XbcCbKN.exe
  C:\Windows\System\XbcCbKN.exe
  2⤵
  PID:13724
- C:\Windows\System\rhMtmvl.exe
  C:\Windows\System\rhMtmvl.exe
  2⤵
  PID:13752
- C:\Windows\System\LFnPePo.exe
  C:\Windows\System\LFnPePo.exe
  2⤵
  PID:13780
- C:\Windows\System\uogNcNT.exe
  C:\Windows\System\uogNcNT.exe
  2⤵
  PID:13808
- C:\Windows\System\aMJmzpu.exe
  C:\Windows\System\aMJmzpu.exe
  2⤵
  PID:13836
- C:\Windows\System\aNKSZcA.exe
  C:\Windows\System\aNKSZcA.exe
  2⤵
  PID:13864
- C:\Windows\System\pmfszAi.exe
  C:\Windows\System\pmfszAi.exe
  2⤵
  PID:13892
- C:\Windows\System\zBjVTgB.exe
  C:\Windows\System\zBjVTgB.exe
  2⤵
  PID:13920
- C:\Windows\System\yAayDza.exe
  C:\Windows\System\yAayDza.exe
  2⤵
  PID:13952
- C:\Windows\System\hZrLnsm.exe
  C:\Windows\System\hZrLnsm.exe
  2⤵
  PID:13980
- C:\Windows\System\RfnFojo.exe
  C:\Windows\System\RfnFojo.exe
  2⤵
  PID:14008
- C:\Windows\System\bncMAlQ.exe
  C:\Windows\System\bncMAlQ.exe
  2⤵
  PID:14036
- C:\Windows\System\TLbpLrj.exe
  C:\Windows\System\TLbpLrj.exe
  2⤵
  PID:14064
- C:\Windows\System\bWOpyIp.exe
  C:\Windows\System\bWOpyIp.exe
  2⤵
  PID:14092
- C:\Windows\System\TxwAKqm.exe
  C:\Windows\System\TxwAKqm.exe
  2⤵
  PID:14120
- C:\Windows\System\BCgTeVd.exe
  C:\Windows\System\BCgTeVd.exe
  2⤵
  PID:14160
- C:\Windows\System\EYDAhaK.exe
  C:\Windows\System\EYDAhaK.exe
  2⤵
  PID:14176
- C:\Windows\System\bQRMtzU.exe
  C:\Windows\System\bQRMtzU.exe
  2⤵
  PID:14204
- C:\Windows\System\qmJdvbW.exe
  C:\Windows\System\qmJdvbW.exe
  2⤵
  PID:14232
- C:\Windows\System\WGvHptr.exe
  C:\Windows\System\WGvHptr.exe
  2⤵
  PID:14260
- C:\Windows\System\eybpNhx.exe
  C:\Windows\System\eybpNhx.exe
  2⤵
  PID:14288
- C:\Windows\System\eCNxRvM.exe
  C:\Windows\System\eCNxRvM.exe
  2⤵
  PID:14324
- C:\Windows\System\ZIZSLky.exe
  C:\Windows\System\ZIZSLky.exe
  2⤵
  PID:7996
- C:\Windows\System\PUCbqbY.exe
  C:\Windows\System\PUCbqbY.exe
  2⤵
  PID:1140
- C:\Windows\System\bgJggIY.exe
  C:\Windows\System\bgJggIY.exe
  2⤵
  PID:2356
- C:\Windows\System\XmhIwIn.exe
  C:\Windows\System\XmhIwIn.exe
  2⤵
  PID:13396
- C:\Windows\System\IiQMQri.exe
  C:\Windows\System\IiQMQri.exe
  2⤵
  PID:11512
- C:\Windows\System\gCaErnf.exe
  C:\Windows\System\gCaErnf.exe
  2⤵
  PID:6328
- C:\Windows\System\ZesHlia.exe
  C:\Windows\System\ZesHlia.exe
  2⤵
  PID:6412
- C:\Windows\System\rUOGaby.exe
  C:\Windows\System\rUOGaby.exe
  2⤵
  PID:13524
- C:\Windows\System\gVZOgKh.exe
  C:\Windows\System\gVZOgKh.exe
  2⤵
  PID:13576
- C:\Windows\System\fmIIEEj.exe
  C:\Windows\System\fmIIEEj.exe
  2⤵
  PID:13624
- C:\Windows\System\SczXUXs.exe
  C:\Windows\System\SczXUXs.exe
  2⤵
  PID:13664
- C:\Windows\System\WFJfJiP.exe
  C:\Windows\System\WFJfJiP.exe
  2⤵
  PID:13708
- C:\Windows\System\xWITPDQ.exe
  C:\Windows\System\xWITPDQ.exe
  2⤵
  PID:13764
- C:\Windows\System\gphJcqV.exe
  C:\Windows\System\gphJcqV.exe
  2⤵
  PID:6868
- C:\Windows\System\wxCAfOw.exe
  C:\Windows\System\wxCAfOw.exe
  2⤵
  PID:13832
- C:\Windows\System\kDQyVFZ.exe
  C:\Windows\System\kDQyVFZ.exe
  2⤵
  PID:13884
- C:\Windows\System\rbVzHov.exe
  C:\Windows\System\rbVzHov.exe
  2⤵
  PID:13948
- C:\Windows\System\QXMelGo.exe
  C:\Windows\System\QXMelGo.exe
  2⤵
  PID:13992
- C:\Windows\System\WdgVwBr.exe
  C:\Windows\System\WdgVwBr.exe
  2⤵
  PID:14032
- C:\Windows\System\hIWRVrF.exe
  C:\Windows\System\hIWRVrF.exe
  2⤵
  PID:14088
- C:\Windows\System\kGhHCgK.exe
  C:\Windows\System\kGhHCgK.exe
  2⤵
  PID:14132
- C:\Windows\System\gjfSZxf.exe
  C:\Windows\System\gjfSZxf.exe
  2⤵
  PID:14188
- C:\Windows\System\TvenFWo.exe
  C:\Windows\System\TvenFWo.exe
  2⤵
  PID:6392
- C:\Windows\System\RMKugza.exe
  C:\Windows\System\RMKugza.exe
  2⤵
  PID:14300
- C:\Windows\System\ORxnmJW.exe
  C:\Windows\System\ORxnmJW.exe
  2⤵
  PID:6856
- C:\Windows\System\Ygalkov.exe
  C:\Windows\System\Ygalkov.exe
  2⤵
  PID:6216
- C:\Windows\System\efSVLlo.exe
  C:\Windows\System\efSVLlo.exe
  2⤵
  PID:4240
- C:\Windows\System\HOwvfnP.exe
  C:\Windows\System\HOwvfnP.exe
  2⤵
  PID:13940
- C:\Windows\System\SVCBzKV.exe
  C:\Windows\System\SVCBzKV.exe
  2⤵
  PID:7204
- C:\Windows\System\YPDrTSh.exe
  C:\Windows\System\YPDrTSh.exe
  2⤵
  PID:13552
- C:\Windows\System\lsUSjai.exe
  C:\Windows\System\lsUSjai.exe
  2⤵
  PID:13632
- C:\Windows\System\qmvMdix.exe
  C:\Windows\System\qmvMdix.exe
  2⤵
  PID:2872
- C:\Windows\System\cNIWlds.exe
  C:\Windows\System\cNIWlds.exe
  2⤵
  PID:13320
- C:\Windows\System\dwWjrGJ.exe
  C:\Windows\System\dwWjrGJ.exe
  2⤵
  PID:13828
- C:\Windows\System\zFvdnmc.exe
  C:\Windows\System\zFvdnmc.exe
  2⤵
  PID:13916
- C:\Windows\System\PAsYzhK.exe
  C:\Windows\System\PAsYzhK.exe
  2⤵
  PID:7392
- C:\Windows\System\UGiJZRu.exe
  C:\Windows\System\UGiJZRu.exe
  2⤵
  PID:14020
- C:\Windows\System\zDMHgUA.exe
  C:\Windows\System\zDMHgUA.exe
  2⤵
  PID:7496
- C:\Windows\System\lENboKE.exe
  C:\Windows\System\lENboKE.exe
  2⤵
  PID:14244
- C:\Windows\System\InwptHE.exe
  C:\Windows\System\InwptHE.exe
  2⤵
  PID:14284
- C:\Windows\System\yyVRsGG.exe
  C:\Windows\System\yyVRsGG.exe
  2⤵
  PID:3056
- C:\Windows\System\QNEUJwf.exe
  C:\Windows\System\QNEUJwf.exe
  2⤵
  PID:7648
- C:\Windows\System\YpTbEEG.exe
  C:\Windows\System\YpTbEEG.exe
  2⤵
  PID:9116
- C:\Windows\System\finRwap.exe
  C:\Windows\System\finRwap.exe
  2⤵
  PID:4812
- C:\Windows\System\uLJPVUd.exe
  C:\Windows\System\uLJPVUd.exe
  2⤵
  PID:13520
- C:\Windows\System\CjrCEwT.exe
  C:\Windows\System\CjrCEwT.exe
  2⤵
  PID:13692
- C:\Windows\System\KMYothF.exe
  C:\Windows\System\KMYothF.exe
  2⤵
  PID:7764
- C:\Windows\System\VwpPkhl.exe
  C:\Windows\System\VwpPkhl.exe
  2⤵
  PID:7428
- C:\Windows\System\aocXaNs.exe
  C:\Windows\System\aocXaNs.exe
  2⤵
  PID:7852
- C:\Windows\System\vefjdMo.exe
  C:\Windows\System\vefjdMo.exe
  2⤵
  PID:2248
- C:\Windows\System\yoCnAAX.exe
  C:\Windows\System\yoCnAAX.exe
  2⤵
  PID:7896
- C:\Windows\System\toIjFRD.exe
  C:\Windows\System\toIjFRD.exe
  2⤵
  PID:13324
- C:\Windows\System\gxMMslM.exe
  C:\Windows\System\gxMMslM.exe
  2⤵
  PID:1216
- C:\Windows\System\OGEOPcP.exe
  C:\Windows\System\OGEOPcP.exe
  2⤵
  PID:7620
- C:\Windows\System\nPdSKAZ.exe
  C:\Windows\System\nPdSKAZ.exe
  2⤵
  PID:7684
- C:\Windows\System\tnZyarh.exe
  C:\Windows\System\tnZyarh.exe
  2⤵
  PID:7728
- C:\Windows\System\qBpFgEM.exe
  C:\Windows\System\qBpFgEM.exe
  2⤵
  PID:8028
- C:\Windows\System\kcLhoWS.exe
  C:\Windows\System\kcLhoWS.exe
  2⤵
  PID:9328
- C:\Windows\System\uffAWqm.exe
  C:\Windows\System\uffAWqm.exe
  2⤵
  PID:7556
- C:\Windows\System\PyhbZGg.exe
  C:\Windows\System\PyhbZGg.exe
  2⤵
  PID:7524
- C:\Windows\System\yfNTWAz.exe
  C:\Windows\System\yfNTWAz.exe
  2⤵
  PID:8160
- C:\Windows\System\MzAdOWE.exe
  C:\Windows\System\MzAdOWE.exe
  2⤵
  PID:8188
- C:\Windows\System\nJCNNsP.exe
  C:\Windows\System\nJCNNsP.exe
  2⤵
  PID:6364
- C:\Windows\System\nOnBlBr.exe
  C:\Windows\System\nOnBlBr.exe
  2⤵
  PID:9252
- C:\Windows\System\jeCYgpT.exe
  C:\Windows\System\jeCYgpT.exe
  2⤵
  PID:7112
- C:\Windows\System\rnCVCJt.exe
  C:\Windows\System\rnCVCJt.exe
  2⤵
  PID:8092
- C:\Windows\System\SGYJvPi.exe
  C:\Windows\System\SGYJvPi.exe
  2⤵
  PID:4764
- C:\Windows\System\SFJhzwC.exe
  C:\Windows\System\SFJhzwC.exe
  2⤵
  PID:14116
- C:\Windows\System\oLzmjIZ.exe
  C:\Windows\System\oLzmjIZ.exe
  2⤵
  PID:7284
- C:\Windows\System\FzFdYNI.exe
  C:\Windows\System\FzFdYNI.exe
  2⤵
  PID:7964
- C:\Windows\System\zmgXMyo.exe
  C:\Windows\System\zmgXMyo.exe
  2⤵
  PID:9684
- C:\Windows\System\GsbOGBS.exe
  C:\Windows\System\GsbOGBS.exe
  2⤵
  PID:7836
- C:\Windows\System\KsOJxAA.exe
  C:\Windows\System\KsOJxAA.exe
  2⤵
  PID:7064
- C:\Windows\System\GXjIRMP.exe
  C:\Windows\System\GXjIRMP.exe
  2⤵
  PID:7584
- C:\Windows\System\Hxfemaj.exe
  C:\Windows\System\Hxfemaj.exe
  2⤵
  PID:8080
- C:\Windows\System\NMjXdTr.exe
  C:\Windows\System\NMjXdTr.exe
  2⤵
  PID:9560
- C:\Windows\System\NZoyASH.exe
  C:\Windows\System\NZoyASH.exe
  2⤵
  PID:2812
- C:\Windows\System\eKCvDQw.exe
  C:\Windows\System\eKCvDQw.exe
  2⤵
  PID:9904
- C:\Windows\System\sMZUByo.exe
  C:\Windows\System\sMZUByo.exe
  2⤵
  PID:7784
- C:\Windows\System\BtfAseL.exe
  C:\Windows\System\BtfAseL.exe
  2⤵
  PID:9524
- C:\Windows\System\SXMGhvh.exe
  C:\Windows\System\SXMGhvh.exe
  2⤵
  PID:7876
- C:\Windows\System\hqeDNQK.exe
  C:\Windows\System\hqeDNQK.exe
  2⤵
  PID:7184
- C:\Windows\System\MfGGYAP.exe
  C:\Windows\System\MfGGYAP.exe
  2⤵
  PID:10076
- C:\Windows\System\cUPbsFY.exe
  C:\Windows\System\cUPbsFY.exe
  2⤵
  PID:6220
- C:\Windows\System\pPGgvhO.exe
  C:\Windows\System\pPGgvhO.exe
  2⤵
  PID:7716
- C:\Windows\System\eaPsexs.exe
  C:\Windows\System\eaPsexs.exe
  2⤵
  PID:10192
- C:\Windows\System\AhywKMB.exe
  C:\Windows\System\AhywKMB.exe
  2⤵
  PID:10096
- C:\Windows\System\cyzftwV.exe
  C:\Windows\System\cyzftwV.exe
  2⤵
  PID:720
- C:\Windows\System\KEOfdDZ.exe
  C:\Windows\System\KEOfdDZ.exe
  2⤵
  PID:7340
- C:\Windows\System\OlMluNw.exe
  C:\Windows\System\OlMluNw.exe
  2⤵
  PID:7588
- C:\Windows\System\dBTVRFq.exe
  C:\Windows\System\dBTVRFq.exe
  2⤵
  PID:6840
- C:\Windows\System\GBOulVS.exe
  C:\Windows\System\GBOulVS.exe
  2⤵
  PID:9592
- C:\Windows\System\LzLjwNE.exe
  C:\Windows\System\LzLjwNE.exe
  2⤵
  PID:7768
- C:\Windows\System\fxfeyCB.exe
  C:\Windows\System\fxfeyCB.exe
  2⤵
  PID:1920
- C:\Windows\System\hhHjMxo.exe
  C:\Windows\System\hhHjMxo.exe
  2⤵
  PID:7396
- C:\Windows\System\aQcpBEw.exe
  C:\Windows\System\aQcpBEw.exe
  2⤵
  PID:9296
- C:\Windows\System\MBTQBZQ.exe
  C:\Windows\System\MBTQBZQ.exe
  2⤵
  PID:4140
- C:\Windows\System\SEzZxqB.exe
  C:\Windows\System\SEzZxqB.exe
  2⤵
  PID:9724
- C:\Windows\System\YhQgokK.exe
  C:\Windows\System\YhQgokK.exe
  2⤵
  PID:8220
- C:\Windows\System\KLoQsuy.exe
  C:\Windows\System\KLoQsuy.exe
  2⤵
  PID:7208
- C:\Windows\System\OxMQQIy.exe
  C:\Windows\System\OxMQQIy.exe
  2⤵
  PID:14368
- C:\Windows\System\AgrCDTD.exe
  C:\Windows\System\AgrCDTD.exe
  2⤵
  PID:14396
- C:\Windows\System\MxzTZsJ.exe
  C:\Windows\System\MxzTZsJ.exe
  2⤵
  PID:14424
- C:\Windows\System\hEHtLnz.exe
  C:\Windows\System\hEHtLnz.exe
  2⤵
  PID:14452
- C:\Windows\System\EoWDxUP.exe
  C:\Windows\System\EoWDxUP.exe
  2⤵
  PID:14480
- C:\Windows\System\qswSSnE.exe
  C:\Windows\System\qswSSnE.exe
  2⤵
  PID:14512
- C:\Windows\System\ymTULIm.exe
  C:\Windows\System\ymTULIm.exe
  2⤵
  PID:14536
- C:\Windows\System\nPEdrSd.exe
  C:\Windows\System\nPEdrSd.exe
  2⤵
  PID:14564
- C:\Windows\System\KfduQVW.exe
  C:\Windows\System\KfduQVW.exe
  2⤵
  PID:14592
- C:\Windows\System\KOLoSZx.exe
  C:\Windows\System\KOLoSZx.exe
  2⤵
  PID:14620
- C:\Windows\System\NOJwfBB.exe
  C:\Windows\System\NOJwfBB.exe
  2⤵
  PID:14648
- C:\Windows\System\pQIKXWr.exe
  C:\Windows\System\pQIKXWr.exe
  2⤵
  PID:14676
- C:\Windows\System\TuGuInJ.exe
  C:\Windows\System\TuGuInJ.exe
  2⤵
  PID:14704
- C:\Windows\System\mtrsvAx.exe
  C:\Windows\System\mtrsvAx.exe
  2⤵
  PID:14732
- C:\Windows\System\HPMIsmE.exe
  C:\Windows\System\HPMIsmE.exe
  2⤵
  PID:14760
- C:\Windows\System\cISHhYX.exe
  C:\Windows\System\cISHhYX.exe
  2⤵
  PID:14788
- C:\Windows\System\AEFfJld.exe
  C:\Windows\System\AEFfJld.exe
  2⤵
  PID:14816
- C:\Windows\System\AYFCpli.exe
  C:\Windows\System\AYFCpli.exe
  2⤵
  PID:14844
- C:\Windows\System\qJviRUt.exe
  C:\Windows\System\qJviRUt.exe
  2⤵
  PID:14884
- C:\Windows\System\pxDiOJy.exe
  C:\Windows\System\pxDiOJy.exe
  2⤵
  PID:14900
- C:\Windows\System\BMYwFrF.exe
  C:\Windows\System\BMYwFrF.exe
  2⤵
  PID:14928
- C:\Windows\System\cgxKafl.exe
  C:\Windows\System\cgxKafl.exe
  2⤵
  PID:14956
- C:\Windows\System\pFxGEvm.exe
  C:\Windows\System\pFxGEvm.exe
  2⤵
  PID:14984
- C:\Windows\System\bLirzLW.exe
  C:\Windows\System\bLirzLW.exe
  2⤵
  PID:15028
- C:\Windows\System\YGPJttM.exe
  C:\Windows\System\YGPJttM.exe
  2⤵
  PID:15044
- C:\Windows\System\yPGVEdL.exe
  C:\Windows\System\yPGVEdL.exe
  2⤵
  PID:15072
- C:\Windows\System\CxFHSfK.exe
  C:\Windows\System\CxFHSfK.exe
  2⤵
  PID:15100
- C:\Windows\System\LfYEpuC.exe
  C:\Windows\System\LfYEpuC.exe
  2⤵
  PID:15128
- C:\Windows\System\YYUCUTr.exe
  C:\Windows\System\YYUCUTr.exe
  2⤵
  PID:15156
- C:\Windows\System\FzlTCng.exe
  C:\Windows\System\FzlTCng.exe
  2⤵
  PID:15184
- C:\Windows\System\lDMcrUb.exe
  C:\Windows\System\lDMcrUb.exe
  2⤵
  PID:15212
- C:\Windows\System\UPWsRmA.exe
  C:\Windows\System\UPWsRmA.exe
  2⤵
  PID:15240
- C:\Windows\System\dpJiubt.exe
  C:\Windows\System\dpJiubt.exe
  2⤵
  PID:15268
- C:\Windows\System\XNWSIZF.exe
  C:\Windows\System\XNWSIZF.exe
  2⤵
  PID:15296
- C:\Windows\System\XzQmPKs.exe
  C:\Windows\System\XzQmPKs.exe
  2⤵
  PID:15324
- C:\Windows\System\cirFWMI.exe
  C:\Windows\System\cirFWMI.exe
  2⤵
  PID:15352
- C:\Windows\System\dmkSvTf.exe
  C:\Windows\System\dmkSvTf.exe
  2⤵
  PID:14360
- C:\Windows\System\odKmmbd.exe
  C:\Windows\System\odKmmbd.exe
  2⤵
  PID:8308
- C:\Windows\System\hOPeKbA.exe
  C:\Windows\System\hOPeKbA.exe
  2⤵
  PID:14392
- C:\Windows\System\TXaXASH.exe
  C:\Windows\System\TXaXASH.exe
  2⤵
  PID:14420
- C:\Windows\System\WdyNBRT.exe
  C:\Windows\System\WdyNBRT.exe
  2⤵
  PID:14448
- C:\Windows\System\wjtyMHf.exe
  C:\Windows\System\wjtyMHf.exe
  2⤵
  PID:14500
- C:\Windows\System\lhuBHqA.exe
  C:\Windows\System\lhuBHqA.exe
  2⤵
  PID:14548
- C:\Windows\System\plFMMvZ.exe
  C:\Windows\System\plFMMvZ.exe
  2⤵
  PID:8496
- C:\Windows\System\hzBOmQu.exe
  C:\Windows\System\hzBOmQu.exe
  2⤵
  PID:14612
- C:\Windows\System\xWuXWed.exe
  C:\Windows\System\xWuXWed.exe
  2⤵
  PID:984
- C:\Windows\System\LQOzLpX.exe
  C:\Windows\System\LQOzLpX.exe
  2⤵
  PID:4584
- C:\Windows\System\ADSuxsu.exe
  C:\Windows\System\ADSuxsu.exe
  2⤵
  PID:14724
- C:\Windows\System\hBHIDqQ.exe
  C:\Windows\System\hBHIDqQ.exe
  2⤵
  PID:8588
- C:\Windows\System\tYppxrV.exe
  C:\Windows\System\tYppxrV.exe
  2⤵
  PID:14784
- C:\Windows\System\AzJHzCv.exe
  C:\Windows\System\AzJHzCv.exe
  2⤵
  PID:9344
- C:\Windows\System\RoaCEIk.exe
  C:\Windows\System\RoaCEIk.exe
  2⤵
  PID:14864
- C:\Windows\System\RDhTfIs.exe
  C:\Windows\System\RDhTfIs.exe
  2⤵
  PID:14896
- C:\Windows\System\ioZDAGz.exe
  C:\Windows\System\ioZDAGz.exe
  2⤵
  PID:14924
- C:\Windows\System\fjdVogn.exe
  C:\Windows\System\fjdVogn.exe
  2⤵
  PID:14968
- C:\Windows\System\MwSarAg.exe
  C:\Windows\System\MwSarAg.exe
  2⤵
  PID:10040
- C:\Windows\System\uPMARoo.exe
  C:\Windows\System\uPMARoo.exe
  2⤵
  PID:8768
- C:\Windows\System\XQcKsYE.exe
  C:\Windows\System\XQcKsYE.exe
  2⤵
  PID:8780
- C:\Windows\System\zdNaFgk.exe
  C:\Windows\System\zdNaFgk.exe
  2⤵
  PID:15112
- C:\Windows\System\AUxdBNQ.exe
  C:\Windows\System\AUxdBNQ.exe
  2⤵
  PID:15168
- C:\Windows\System\vRMXcGU.exe
  C:\Windows\System\vRMXcGU.exe
  2⤵
  PID:15204
- C:\Windows\System\ZtYmDWC.exe
  C:\Windows\System\ZtYmDWC.exe
  2⤵
  PID:15232
- C:\Windows\System\hYumfDS.exe
  C:\Windows\System\hYumfDS.exe
  2⤵
  PID:8920
- C:\Windows\System\JJqpilS.exe
  C:\Windows\System\JJqpilS.exe
  2⤵
  PID:8944
- C:\Windows\System\XSVxHUD.exe
  C:\Windows\System\XSVxHUD.exe
  2⤵
  PID:10456
- C:\Windows\System\CJMqrsO.exe
  C:\Windows\System\CJMqrsO.exe
  2⤵
  PID:9840
- C:\Windows\System\RbUJCeT.exe
  C:\Windows\System\RbUJCeT.exe
  2⤵
  PID:9988
- C:\Windows\System\ImsbVTX.exe
  C:\Windows\System\ImsbVTX.exe
  2⤵
  PID:10544
- C:\Windows\System\nxMKRIA.exe
  C:\Windows\System\nxMKRIA.exe
  2⤵
  PID:10572
- C:\Windows\System\PlWtHPu.exe
  C:\Windows\System\PlWtHPu.exe
  2⤵
  PID:14476
- C:\Windows\System\rbwzICN.exe
  C:\Windows\System\rbwzICN.exe
  2⤵
  PID:14532
- C:\Windows\System\cYuKssk.exe
  C:\Windows\System\cYuKssk.exe
  2⤵
  PID:9436
- C:\Windows\System\BsiDTht.exe
  C:\Windows\System\BsiDTht.exe
  2⤵
  PID:14640
- C:\Windows\System\OdMTmfv.exe
  C:\Windows\System\OdMTmfv.exe
  2⤵
  PID:14688
- C:\Windows\System\JCifNMK.exe
  C:\Windows\System\JCifNMK.exe
  2⤵
  PID:10780
- C:\Windows\System\cfFgKmO.exe
  C:\Windows\System\cfFgKmO.exe
  2⤵
  PID:10812
- C:\Windows\System\wUpiTXi.exe
  C:\Windows\System\wUpiTXi.exe
  2⤵
  PID:10832
- C:\Windows\System\SaRnpke.exe
  C:\Windows\System\SaRnpke.exe
  2⤵
  PID:9812
- C:\Windows\System\kWuyimb.exe
  C:\Windows\System\kWuyimb.exe
  2⤵
  PID:10964
- C:\Windows\System\oDuAXcP.exe
  C:\Windows\System\oDuAXcP.exe
  2⤵
  PID:8740
- C:\Windows\System\fWKYhiz.exe
  C:\Windows\System\fWKYhiz.exe
  2⤵
  PID:15056
- C:\Windows\System\vKXOuXY.exe
  C:\Windows\System\vKXOuXY.exe
  2⤵
  PID:15096
- C:\Windows\System\SssZkvl.exe
  C:\Windows\System\SssZkvl.exe
  2⤵
  PID:15196
- C:\Windows\System\stEVebQ.exe
  C:\Windows\System\stEVebQ.exe
  2⤵
  PID:10024
- C:\Windows\System\tmrawUt.exe
  C:\Windows\System\tmrawUt.exe
  2⤵
  PID:11188
- C:\Windows\System\cZmlMjU.exe
  C:\Windows\System\cZmlMjU.exe
  2⤵
  PID:8196
- C:\Windows\System\wzXYhyc.exe
  C:\Windows\System\wzXYhyc.exe
  2⤵
  PID:660
- C:\Windows\System\wMgXLBI.exe
  C:\Windows\System\wMgXLBI.exe
  2⤵
  PID:2532
- C:\Windows\System\dXlVcpv.exe
  C:\Windows\System\dXlVcpv.exe
  2⤵
  PID:10336
- C:\Windows\System\MkGplWy.exe
  C:\Windows\System\MkGplWy.exe
  2⤵
  PID:14444
- C:\Windows\System\PHScfli.exe
  C:\Windows\System\PHScfli.exe
  2⤵
  PID:8432
- C:\Windows\System\wFIdmAj.exe
  C:\Windows\System\wFIdmAj.exe
  2⤵
  PID:10576
- C:\Windows\System\tFQuGgD.exe
  C:\Windows\System\tFQuGgD.exe
  2⤵
  PID:10276
- C:\Windows\System\RJvnbYY.exe
  C:\Windows\System\RJvnbYY.exe
  2⤵
  PID:10888
- C:\Windows\System\UExvtqD.exe
  C:\Windows\System\UExvtqD.exe
  2⤵
  PID:8592
- C:\Windows\System\PJZLAKp.exe
  C:\Windows\System\PJZLAKp.exe
  2⤵
  PID:10144
- C:\Windows\System\YwuNyXP.exe
  C:\Windows\System\YwuNyXP.exe
  2⤵
  PID:11236
- C:\Windows\System\lSvRZTZ.exe
  C:\Windows\System\lSvRZTZ.exe
  2⤵
  PID:14920
- C:\Windows\System\FGCTOOs.exe
  C:\Windows\System\FGCTOOs.exe
  2⤵
  PID:10256
- C:\Windows\System\cNiWDWG.exe
  C:\Windows\System\cNiWDWG.exe
  2⤵
  PID:11136
- C:\Windows\System\vbXXPPN.exe
  C:\Windows\System\vbXXPPN.exe
  2⤵
  PID:8864
- C:\Windows\System\ngAbrWY.exe
  C:\Windows\System\ngAbrWY.exe
  2⤵
  PID:10924
- C:\Windows\System\OvNSZFU.exe
  C:\Windows\System\OvNSZFU.exe
  2⤵
  PID:11108
- C:\Windows\System\aSrFdvh.exe
  C:\Windows\System\aSrFdvh.exe
  2⤵
  PID:9004
- C:\Windows\System\aXsBirp.exe
  C:\Windows\System\aXsBirp.exe
  2⤵
  PID:10340
- C:\Windows\System\mrVdkkM.exe
  C:\Windows\System\mrVdkkM.exe
  2⤵
  PID:9108
- C:\Windows\System\FMWqhVa.exe
  C:\Windows\System\FMWqhVa.exe
  2⤵
  PID:9164
- C:\Windows\System\zyaHbTR.exe
  C:\Windows\System\zyaHbTR.exe
  2⤵
  PID:6132
- C:\Windows\System\dSDCUOW.exe
  C:\Windows\System\dSDCUOW.exe
  2⤵
  PID:4580
- C:\Windows\System\HbmeqTV.exe
  C:\Windows\System\HbmeqTV.exe
  2⤵
  PID:9168
- C:\Windows\System\StohYci.exe
  C:\Windows\System\StohYci.exe
  2⤵
  PID:10284
- C:\Windows\System\oCGNcFb.exe
  C:\Windows\System\oCGNcFb.exe
  2⤵
  PID:11416
- C:\Windows\System\TxGyPuT.exe
  C:\Windows\System\TxGyPuT.exe
  2⤵
  PID:11052
- C:\Windows\System\AqkEmNQ.exe
  C:\Windows\System\AqkEmNQ.exe
  2⤵
  PID:15348
- C:\Windows\System\eQIZUIK.exe
  C:\Windows\System\eQIZUIK.exe
  2⤵
  PID:14380
- C:\Windows\System\YJJYScp.exe
  C:\Windows\System\YJJYScp.exe
  2⤵
  PID:8320
- C:\Windows\System\NWBFzBe.exe
  C:\Windows\System\NWBFzBe.exe
  2⤵
  PID:2012
- C:\Windows\System\IEKUCeT.exe
  C:\Windows\System\IEKUCeT.exe
  2⤵
  PID:8472
- C:\Windows\System\KgUtCLX.exe
  C:\Windows\System\KgUtCLX.exe
  2⤵
  PID:10068
- C:\Windows\System\HHyWGNN.exe
  C:\Windows\System\HHyWGNN.exe
  2⤵
  PID:8704
- C:\Windows\System\whjYGRK.exe
  C:\Windows\System\whjYGRK.exe
  2⤵
  PID:8652
- C:\Windows\System\oemWzPG.exe
  C:\Windows\System\oemWzPG.exe
  2⤵
  PID:9040
- C:\Windows\System\wxGQGOJ.exe
  C:\Windows\System\wxGQGOJ.exe
  2⤵
  PID:4780
- C:\Windows\System\BOFwiOZ.exe
  C:\Windows\System\BOFwiOZ.exe
  2⤵
  PID:5100
- C:\Windows\System\CMqKdtH.exe
  C:\Windows\System\CMqKdtH.exe
  2⤵
  PID:3668
- C:\Windows\System\iUEJiph.exe
  C:\Windows\System\iUEJiph.exe
  2⤵
  PID:9120
- C:\Windows\System\SLqmdBO.exe
  C:\Windows\System\SLqmdBO.exe
  2⤵
  PID:8876
- C:\Windows\System\QDxyXVp.exe
  C:\Windows\System\QDxyXVp.exe
  2⤵
  PID:8624
- C:\Windows\System\BwupHXB.exe
  C:\Windows\System\BwupHXB.exe
  2⤵
  PID:1548
- C:\Windows\System\IOqimaj.exe
  C:\Windows\System\IOqimaj.exe
  2⤵
  PID:1428
- C:\Windows\System\gKkpzjb.exe
  C:\Windows\System\gKkpzjb.exe
  2⤵
  PID:232
- C:\Windows\System\lihoTjw.exe
  C:\Windows\System\lihoTjw.exe
  2⤵
  PID:15368
- C:\Windows\System\WjnhStL.exe
  C:\Windows\System\WjnhStL.exe
  2⤵
  PID:15396
- C:\Windows\System\dXDcwmW.exe
  C:\Windows\System\dXDcwmW.exe
  2⤵
  PID:15424
- C:\Windows\System\lPeZURj.exe
  C:\Windows\System\lPeZURj.exe
  2⤵
  PID:15452
- C:\Windows\System\NhBLoLm.exe
  C:\Windows\System\NhBLoLm.exe
  2⤵
  PID:15480
- C:\Windows\System\uDJjiJV.exe
  C:\Windows\System\uDJjiJV.exe
  2⤵
  PID:15508
- C:\Windows\System\anLucTs.exe
  C:\Windows\System\anLucTs.exe
  2⤵
  PID:15536
- C:\Windows\System\UPWlXTE.exe
  C:\Windows\System\UPWlXTE.exe
  2⤵
  PID:15564
- C:\Windows\System\FbKUSmb.exe
  C:\Windows\System\FbKUSmb.exe
  2⤵
  PID:15592
- C:\Windows\System\uVCjkAO.exe
  C:\Windows\System\uVCjkAO.exe
  2⤵
  PID:15620
- C:\Windows\System\BcKFErJ.exe
  C:\Windows\System\BcKFErJ.exe
  2⤵
  PID:15648
- C:\Windows\System\VZCZmEq.exe
  C:\Windows\System\VZCZmEq.exe
  2⤵
  PID:15676
- C:\Windows\System\AGCtXel.exe
  C:\Windows\System\AGCtXel.exe
  2⤵
  PID:15704
- C:\Windows\System\IYNUBCj.exe
  C:\Windows\System\IYNUBCj.exe
  2⤵
  PID:15732
- C:\Windows\System\CEqTQDZ.exe
  C:\Windows\System\CEqTQDZ.exe
  2⤵
  PID:15760
- C:\Windows\System\BxEncfr.exe
  C:\Windows\System\BxEncfr.exe
  2⤵
  PID:15788
- C:\Windows\System\AylPepn.exe
  C:\Windows\System\AylPepn.exe
  2⤵
  PID:15816
- C:\Windows\System\FVAicXh.exe
  C:\Windows\System\FVAicXh.exe
  2⤵
  PID:15844
- C:\Windows\System\VcqfyTx.exe
  C:\Windows\System\VcqfyTx.exe
  2⤵
  PID:15872
- C:\Windows\System\eUjrQHu.exe
  C:\Windows\System\eUjrQHu.exe
  2⤵
  PID:15900
- C:\Windows\System\BAUIOll.exe
  C:\Windows\System\BAUIOll.exe
  2⤵
  PID:15928
- C:\Windows\System\XRSUXhA.exe
  C:\Windows\System\XRSUXhA.exe
  2⤵
  PID:15960
- C:\Windows\System\OQixrUA.exe
  C:\Windows\System\OQixrUA.exe
  2⤵
  PID:15988
- C:\Windows\System\yjnTpPw.exe
  C:\Windows\System\yjnTpPw.exe
  2⤵
  PID:16016
- C:\Windows\System\XycVaVI.exe
  C:\Windows\System\XycVaVI.exe
  2⤵
  PID:16044
- C:\Windows\System\jashSdR.exe
  C:\Windows\System\jashSdR.exe
  2⤵
  PID:16072
- C:\Windows\System\TJBSHVd.exe
  C:\Windows\System\TJBSHVd.exe
  2⤵
  PID:16100
- C:\Windows\System\HwmXmiv.exe
  C:\Windows\System\HwmXmiv.exe
  2⤵
  PID:16128
- C:\Windows\System\qyAiSvm.exe
  C:\Windows\System\qyAiSvm.exe
  2⤵
  PID:16156
- C:\Windows\System\OZOyhiF.exe
  C:\Windows\System\OZOyhiF.exe
  2⤵
  PID:16184
- C:\Windows\System\jbRYdKs.exe
  C:\Windows\System\jbRYdKs.exe
  2⤵
  PID:16212
- C:\Windows\System\ZTknaRi.exe
  C:\Windows\System\ZTknaRi.exe
  2⤵
  PID:16240
- C:\Windows\System\CuIzfru.exe
  C:\Windows\System\CuIzfru.exe
  2⤵
  PID:16272
- C:\Windows\System\GMipaRi.exe
  C:\Windows\System\GMipaRi.exe
  2⤵
  PID:16308
- C:\Windows\System\ltZjgRw.exe
  C:\Windows\System\ltZjgRw.exe
  2⤵
  PID:16324
- C:\Windows\System\kfkPxBg.exe
  C:\Windows\System\kfkPxBg.exe
  2⤵
  PID:16352
- C:\Windows\System\AkoOjRX.exe
  C:\Windows\System\AkoOjRX.exe
  2⤵
  PID:16380
- C:\Windows\System\sbstnAL.exe
  C:\Windows\System\sbstnAL.exe
  2⤵
  PID:15416
- C:\Windows\System\AjGwVfd.exe
  C:\Windows\System\AjGwVfd.exe
  2⤵
  PID:15492
- C:\Windows\System\zYiljIZ.exe
  C:\Windows\System\zYiljIZ.exe
  2⤵
  PID:15532
- C:\Windows\System\LpKRDnq.exe
  C:\Windows\System\LpKRDnq.exe
  2⤵
  PID:15584
- C:\Windows\System\MBqrEjJ.exe
  C:\Windows\System\MBqrEjJ.exe
  2⤵
  PID:15668
- C:\Windows\System\OKFcvsi.exe
  C:\Windows\System\OKFcvsi.exe
  2⤵
  PID:11656
- C:\Windows\System\txmQTVh.exe
  C:\Windows\System\txmQTVh.exe
  2⤵
  PID:15744
- C:\Windows\System\QdHlJkD.exe
  C:\Windows\System\QdHlJkD.exe
  2⤵
  PID:15800
- C:\Windows\System\THZLUWr.exe
  C:\Windows\System\THZLUWr.exe
  2⤵
  PID:15864
- C:\Windows\System\PAgHuKT.exe
  C:\Windows\System\PAgHuKT.exe
  2⤵
  PID:15912
- C:\Windows\System\VyJeOpC.exe
  C:\Windows\System\VyJeOpC.exe
  2⤵
  PID:15980
- C:\Windows\System\unLNATH.exe
  C:\Windows\System\unLNATH.exe
  2⤵
  PID:16040
- C:\Windows\System\FUXuxJD.exe
  C:\Windows\System\FUXuxJD.exe
  2⤵
  PID:16112
- C:\Windows\System\pNajRiB.exe
  C:\Windows\System\pNajRiB.exe
  2⤵
  PID:16168
- C:\Windows\System\BqoSGpm.exe
  C:\Windows\System\BqoSGpm.exe
  2⤵
  PID:16224
- C:\Windows\System\qpkHjMq.exe
  C:\Windows\System\qpkHjMq.exe
  2⤵
  PID:16288
- C:\Windows\System\LwyuMLx.exe
  C:\Windows\System\LwyuMLx.exe
  2⤵
  PID:15948
- C:\Windows\System\UkuTZoL.exe
  C:\Windows\System\UkuTZoL.exe
  2⤵
  PID:10052
- C:\Windows\System\CYapXsT.exe
  C:\Windows\System\CYapXsT.exe
  2⤵
  PID:9224
- C:\Windows\System\jhcVGbs.exe
  C:\Windows\System\jhcVGbs.exe
  2⤵
  PID:15632
- C:\Windows\System\eDdHsFZ.exe
  C:\Windows\System\eDdHsFZ.exe
  2⤵
  PID:15724
- C:\Windows\System\FhffQcE.exe
  C:\Windows\System\FhffQcE.exe
  2⤵
  PID:2380
- C:\Windows\System\rROqkjZ.exe
  C:\Windows\System\rROqkjZ.exe
  2⤵
  PID:15956
- C:\Windows\System\TYWEOYn.exe
  C:\Windows\System\TYWEOYn.exe
  2⤵
  PID:9752
- C:\Windows\System\WotMmWY.exe
  C:\Windows\System\WotMmWY.exe
  2⤵
  PID:9608
- C:\Windows\System\urVsPyb.exe
  C:\Windows\System\urVsPyb.exe
  2⤵
  PID:9768
- C:\Windows\System\lcDJhAH.exe
  C:\Windows\System\lcDJhAH.exe
  2⤵
  PID:15528
- C:\Windows\System\AkEruXm.exe
  C:\Windows\System\AkEruXm.exe
  2⤵
  PID:15700
- C:\Windows\System\ggwhmAa.exe
  C:\Windows\System\ggwhmAa.exe
  2⤵
  PID:10016
- C:\Windows\System\ijANdBG.exe
  C:\Windows\System\ijANdBG.exe
  2⤵
  PID:9964
- C:\Windows\System\vDCxlig.exe
  C:\Windows\System\vDCxlig.exe
  2⤵
  PID:11812
- C:\Windows\System\lVNyuAr.exe
  C:\Windows\System\lVNyuAr.exe
  2⤵
  PID:16280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BWPzFtX.exe

Filesize
6.0MB

MD5
b3cee9cb62c527066b0d9846b07398e8

SHA1
f14d84c9374abb6713ed2b4cca65346519d2541e

SHA256
e8e3c863f133d93ce41275dc1a307fc94f572b7ed2b054baf38449f595fa29b1

SHA512
687b6e75fc1fcc5c4132b3a24c4dc6ac5143e76834dca453d9f0cbc93263f98b0072856fe92e2daca2672ae29d35a575b7e9c25f52b1f98eb1a9ef1c5415b187

Download Submit
C:\Windows\System\DlvFxwM.exe

Filesize
6.0MB

MD5
51b5c237f0410f2b3015846352212cd6

SHA1
18df1dfdfca5f680db5e27a7370186df7dc4313a

SHA256
554f1956d04688288acef8592a4eb8d1deaef60021bf270fe816daf8a3405ec4

SHA512
1799496c31e4cf2830e03d54a5302d415457f53fdd6ee7fbe0c85d83456d71a0b4a3ff148df853c889f093dd06c02082d91e5b7d60aef9d26f94d8222763a011

Download Submit
C:\Windows\System\DrNGIdp.exe

Filesize
6.0MB

MD5
386c5ef7c9a791a155cdd70a50b18b3d

SHA1
106eef72799bbd96d460d21468635eaf04f76401

SHA256
df4d8489e26edae5fcee901bc6257153a4981e8453e81dfa869507c873c24b5c

SHA512
7885067763bd27c180c04aff56357069c8ad4ac1702bb3e384f7f88f0a1746653f4e0fff4401e74d576bbf84c93869420948c80e9d81f020c324e7d8170058c8

Download Submit
C:\Windows\System\KZYevZs.exe

Filesize
6.0MB

MD5
505d05e661d78949c466ed2bcdcf9a58

SHA1
45a78e4ce1da4afbffb0c836030717337809c819

SHA256
cfd406281dc38a9842b898c78a9ebdb4db451b5c3bc0f4f3953fc210a5bfd304

SHA512
3ca9eece4efba21641bc0aa33e5b84eae783729f3b44260f4d23c9d8914055f8a3f61472ea1bc1fffa76763e240f46b7376313083614ba5d8ea5c1b3457c1dca

Download Submit
C:\Windows\System\LRWFIkk.exe

Filesize
6.0MB

MD5
548559e384af68964b115c4199756ab4

SHA1
7588dca2aab0e7513f3928612b47022245cf7e80

SHA256
cc33cc2b52a55f6ae828aabef4fab54e545a6cecb3811f4970524a0c2c0be3c9

SHA512
4a4fcd6f01f7d8754886cff87c7f34cd1a2d713e7222431aa0780ebbc89764c27d22b6d2fe5ae9ae70b9806fdc53e8e1252486322de6dc6ab9649f9bce43a25d

Download Submit
C:\Windows\System\MbLVrrx.exe

Filesize
6.0MB

MD5
fc366babde2c91d00b1c39c71461ca3a

SHA1
46299a3cd774fbec0f416b7ad5548db4a9351f2f

SHA256
6eca9ebda7fadb87a51c4d5021d374994ca1fb5c8ac4802964b2292c7fb1a5e5

SHA512
625b0ecc4cc53967882c381d521b7d8f3d314648bf77b1c1888c56c7101f4d170557ed6536d1409dd515c66c627bd5a9dbfc06396cb2a9b7d56b1619233d6be3

Download Submit
C:\Windows\System\NsHlMoQ.exe

Filesize
6.0MB

MD5
ee06fbf49743f621565a3c009b4e7f22

SHA1
2dca8ee98ea0c201718ce8942cd8397df340fd84

SHA256
fbc63b872b50ce7ca8b33312d6677a0b476adea9ef216ce4913af6c13e04246e

SHA512
731cfb428409393e8f6989481a965b228d949ab8cd959aba03ab7d0ee27ea8bcbae9d869e1a045c38a399fe0e7b02416ddf8b076ed33347ae64e0ce80e96756c

Download Submit
C:\Windows\System\OPgjqho.exe

Filesize
6.0MB

MD5
93fc973a774bed2ca9be1724b5aee30d

SHA1
1a4144b89084126e8141dc5d1485e4eff8a2ba79

SHA256
0ae4d954acfa905d8ac5a9069c136c3b010594b3fd05af477cab049d2be35036

SHA512
6e4ec067e725c49cf564143e033bb69afed42649855dabd212e904519925060d841b356cd54ec0f1c438f2df2bb611dbff717ecd07f0a4b3a67c29c42eab3d78

Download Submit
C:\Windows\System\OjKtUcS.exe

Filesize
6.0MB

MD5
d455ca2cad4fa7f577d50ef854dcb53d

SHA1
be6ad7bc31d675c807e130f71ebdb7780b21ea57

SHA256
21ecec0f7cbacd45f8d00d9b6ea4a2b6b8913b8c728a6527ae17a3711a3a3665

SHA512
3bb2ac9ac4b47db4c67ed0b1163d9f2736d797b429284f5a7d7c38f867fc5fb2ac0963ae3eddba23dce82a794f7a5d80a8e623f04f2e23c309c1a38014ce26f6

Download Submit
C:\Windows\System\OjuxNIB.exe

Filesize
6.0MB

MD5
d3b46058c69d7ff21e7c38752684b534

SHA1
2b9fafc8a6f384523b60d14214043aa719ac717f

SHA256
5e1d06a20f9ca1f611fd9b90ab92466cd2f8ed5b01d77728e4c1becc85be3345

SHA512
80e8f5b65ad0532a329c1fb351dfac8a0f6103a1c4bfe7da2ad6db9e217879e7e844e62906d3034b180c1faddaa3707e86e9d031bddf08a17c3f35de5a68419b

Download Submit
C:\Windows\System\PjsyzSr.exe

Filesize
6.0MB

MD5
c5d88a481dbd7986f1dc4e6ae2480aad

SHA1
135ec7cc95e3ab7baae7d10ade185e74323a7d27

SHA256
0c9e3a4280dd8797152334fc5edbbdee7b332404118c327f5c3d4e82b317e1aa

SHA512
b73d809921733a38472402b26bff276172f4da9aaf5b9e458dd6764fc1f12ac9ae56b3da4db0202ac7c2d23464480a9c0cd2059ee2def405fb545c606131e97f

Download Submit
C:\Windows\System\QTAVNoM.exe

Filesize
6.0MB

MD5
42a333f3cd1cfcbbd32230651c99b101

SHA1
6ca711b6346ff84246abb30e02fba7aa8194f33b

SHA256
de560a98a4df514086b56abc111d61396f444f867b2e8e1768dd62d04189cc74

SHA512
63b2a3f9be07d20e48a3b8aa7acb0bcfabcd57ce26ec3c4190362c6dfdfde465b4bd643ea84ec47d5d1168e5db843f0fcb263f06e6cc09f56f933e51409c3f17

Download Submit
C:\Windows\System\RecUwls.exe

Filesize
6.0MB

MD5
19b790ab8d77145fc524e5311f450556

SHA1
158b75e5c92cd3e0ed2f0a559c37609e67b48f33

SHA256
50399984c419bbad236c4550426debc88c585018ec8562fc3619b3e2f85e74ed

SHA512
2171e3da8ef2116ccfd048a34595abd73d7e1c82bc4e6bb968cdb83f7281bc1531b15ecd00bc650fe90075a5d4aedaf464cb7a32a0108bb503bea52e67d67a0d

Download Submit
C:\Windows\System\SmjJzcV.exe

Filesize
6.0MB

MD5
42498620a3e713bcf0b5805527370d4b

SHA1
4d6e3843c67cecd679789936e8c49e77e6e16754

SHA256
179ad0c8375603092b32e872ad5ef3ca5bca9f4cf7e5d8d6bde7e8a894f7d20f

SHA512
9bfd4983f07cae5448312e93fe299cdd056a4eb8645f9d8fd62ac9b2a2439417c6e82f77ea7a1f2c11279db1958622422de063d45d4661fb6ea7839810d73ae3

Download Submit
C:\Windows\System\XiPWPWT.exe

Filesize
6.0MB

MD5
2b5880031f9a78e2521354c01fca09e2

SHA1
450fd1166fed5e8b040a730ef4518e0e2a957516

SHA256
ba2563f45bfcd3e3cacf6b86fef598ca90112f06763db2716307d00894a5ec3a

SHA512
7f761a044130331de13d8d3d87ae0e0d2e12cfad43503509d9d98f038ea874240f50e2af2329fd9b380ccfacc41d7a8a2bcb65784e9c27ce45f1e90681b8a68d

Download Submit
C:\Windows\System\aXMiARf.exe

Filesize
6.0MB

MD5
f1a15df126661627fd1234857fc71ff9

SHA1
bce8a6f42b65d221c0bd3abcc22a53784fc8c85e

SHA256
c093619e6a69a99582e4e14a64aa5cb2e0bae72a4f1bb788dc54fbbe964c706d

SHA512
201a3d491c666ca11b20243fc059c27626b27507b32e96ea48ea5812e82fa31551cc8e97bef5ebf73a363e56eded15a803c5f7f9a74790a24cb4893a446b36b7

Download Submit
C:\Windows\System\bdHyNsD.exe

Filesize
6.0MB

MD5
ede38a161cc3be5ed0fb2412e305fa4f

SHA1
b1e7cd87536fb78f1c159bc09bc9ea0cf62cd1a5

SHA256
565f31572aac597beaf6a40030e416a7896e771c60fe0a6c5fabbdfee50d0d37

SHA512
f1625ca58c43e5c9a3a51bab7660fe74e80e66f8b95ec076d7a0649165160e777e393e04ec1f06e3d9c2263823843ed842b5880337376e3b4c54a6430568ce5a

Download Submit
C:\Windows\System\cWFZFej.exe

Filesize
6.0MB

MD5
c42e7deaf8b9a27dcd9665e4d63ed473

SHA1
fd8c7a2a2e477a9b1961057a0a878ce42d709f36

SHA256
cd22469c9bdb07687ecc17ea94aff3aed177dbf9e6a43cac5a0fb1d350666fb6

SHA512
d6511594769d315edae0c291462d0259cf7019bd1c7fce5ee1b9f75e94f3af4a8450c1bbb202b5c4c6b6ad2b26b07a1d04264524b8131c6b86fcd3b2b0967b70

Download Submit
C:\Windows\System\dsKFqKN.exe

Filesize
6.0MB

MD5
8d15e356a2c99c93740ecf96baa5f574

SHA1
19fb056c63808898a83b8578770a62d601d08e81

SHA256
fa83a1e80da352fe65299b897609797361100dfea7552e85bb10460a2f9012d0

SHA512
f2d8af5d78d84324ca9f2c99f829833b34d12e49ebf8df0d9bbb93422d888878af08a88772ba8eaf0c63f85b40bf12e18a997e8540dd19f678bfddaefc196f24

Download Submit
C:\Windows\System\gtharmc.exe

Filesize
6.0MB

MD5
547ed42c5e53f40958f27aa4649678ac

SHA1
6f5d3ea53e0a12761d9d527311866086f184daaa

SHA256
ed436aa2109647144e698063c604ee893d831b87201a26bbe126e38ffb9306b8

SHA512
70a56afa071a80018352bd841763954ed3e38da3404633d344e49220637420bd4848fa325d261931bd2d03d70d5b0bc5e17651ba6fcc48c6d050cae1cb24f915

Download Submit
C:\Windows\System\knBbMew.exe

Filesize
6.0MB

MD5
8caf10f7322c3271a520fb4bc95cdbc2

SHA1
b2fb6436279f7e09b8929930e26235511076796a

SHA256
e2304d81d4653b65f383d086d79f1f0a7ea3fa78dbeb4de4f2202d665a790dd9

SHA512
5f80d1a71ef711bddb42b12e35e001b7b142625aac926d41103555ffdafdb3af99860315aaafb30d706a90d2e35af13f67d971081ed99b108c0aa87c660d4ead

Download Submit
C:\Windows\System\mCjuzTv.exe

Filesize
6.0MB

MD5
4edc33e0c089666dbe9d745fd497af1e

SHA1
a0379561bd2fd627dcfd84f07d70f12e3eaad4ff

SHA256
991f5849bc0c046270fc4c2c78b550b08b0e2092aad42c8ce33afb1161a9d916

SHA512
bda54571afb26cb360c9b42ace6dca0b91cfed7f8243cf173a360da8e0251bd9c5ca3976215d41dc110d745eebf2418d479a0e6300d1b09daf00b58be61568bd

Download Submit
C:\Windows\System\mQgyYZV.exe

Filesize
6.0MB

MD5
a8be62e312c01714310a52d2f713e479

SHA1
41e194bb827ee6e010677533c4725d383695b036

SHA256
81b7b89a7711c08614786b8a66204b3fbf3216cda6b759e889269a876a9dd717

SHA512
bd1129c919a368c09c348eeaca30a15ff65716fd77f0fd026ae9e5fc9594be0d0ea5e5bcffe9ee480cd6db67051904d832dff771c0bf9fcb0447516c21ecf219

Download Submit
C:\Windows\System\npfKFpJ.exe

Filesize
6.0MB

MD5
6000cd3280082c6b7b60118a89501e09

SHA1
ee5c6528b4850319ccbd60b8fa64e2f36af05093

SHA256
a688dcc0f1171319ece26e8008261fa7c126fc2eb76ce8ec565da6ff91c3929d

SHA512
d8464fcc11b4b6dee677ffb3c6411b4717a773df8a771757c05046a63fa54c6253f3a495577f1fbd6d2399207a70b0186337076bd44763fbca829e0c458ff51c

Download Submit
C:\Windows\System\oFUpoLW.exe

Filesize
6.0MB

MD5
762c3de5ba4a42a052b09b7902a0bf2e

SHA1
cd705b091e43dab9f59d21682b321486deec9f41

SHA256
ca260c309c0807f0d939b800e5735577bcc33dd5a7ab57a41354acaf9a56df8c

SHA512
e35ebc577f88c617ce107029a7ef29515323f04c5552f3f597b1b3413fbe60e88b0725cc0bf7077f295e58b018115ffd1afb88e5d3b2f51edfb1286bfcf9a13d

Download Submit
C:\Windows\System\oKCGVhs.exe

Filesize
6.0MB

MD5
c6542cfebe2b842c75457e24b116367f

SHA1
0ea734809f1d61dbce643dd40d6d3170582c7e75

SHA256
9199ce210ae58e2ed600e7ee36768c93f1e8b61744ec2298b78d8c7df02139a4

SHA512
f15d5f34a2f6066c09c2a56fe0aed0ab39c6fb99805c8ef3ab19d15c4ae2de6530707d76e7a30389be20caf04ea582d585139bdb503d27bcc71d3747253d40bd

Download Submit
C:\Windows\System\oQaVKJA.exe

Filesize
6.0MB

MD5
56f30f835523fa4cddbea4ac05296253

SHA1
1beeddb67e0fa3720a3f5a6d237739677d026824

SHA256
fe27f32a5dc41b6df62bf7fef7098cfd443ad0ea3e4c45eb2cbba5ff0fd53723

SHA512
b2ad875e4fa2f8b5a7fc249b465f0640a38d4ceff4e09b97a50bc88a4c7f8264b97192db642e781182679cd0ee534c37395862d156443d0e96830fdeda83db98

Download Submit
C:\Windows\System\pdtFqke.exe

Filesize
6.0MB

MD5
422d7a5075e74486b8639064ac1611de

SHA1
46d663d8a348d4a10ae94df5dfb10bcefdccf0fe

SHA256
0f87534f680923e5710644bfa1a6470c8c6272780648a358ccbe77c3ffdab6e3

SHA512
1763575f000b034fa428bdd55931e35a2460c3e4abf2f4de2e915074ef966e9509f05b6cd29e7cd5b2595b9ab6ba59aa9561b3859d3ec3f7f551bb375e6356b0

Download Submit
C:\Windows\System\rIUqlvW.exe

Filesize
6.0MB

MD5
b1e3cbabf327e6184b14f7e854b58a84

SHA1
8fa3b59241de2cdf48c178e7241eb966982da44c

SHA256
ffcdaeb90fc9f3f3d43fbcc3e1cc0a2214d5010d44ee2dd07956b24170945699

SHA512
abff8f88baeb98ba142c19d034a02b7685a3eb4e26818a25d4f3838e94b95805c3fe095d2605663af7cc6c09ea83b10dbe73e118880c8f6ae2c40348d1bca253

Download Submit
C:\Windows\System\rfAeKSx.exe

Filesize
6.0MB

MD5
1606f51e6f5ecf09123ae050feefee57

SHA1
50303a97eef80f78f6e9bc03458f9a9e86a75448

SHA256
956d535c8771a4238b33f9348fe8e4f47af6af2367ed3cf30dea241417787e73

SHA512
af9cff74b35ab7ce44c398c760b427b031faefdf42db6b9b4b70f373bea89f5f17397c06658a19f9715f3bb9aaf5381b57b6a319f96514dcae574c585b84878c

Download Submit
C:\Windows\System\rjxSupZ.exe

Filesize
6.0MB

MD5
b8637278252da5f09fed0eb34a6b2d71

SHA1
c3420ca389ae4aba3d57a357dd640fb61d9c7d8b

SHA256
514312a06f383b9599d66f4dc4717f4d5b262fab84680729cb9a6864a2c488d4

SHA512
d6c73cbd00f6e5c1e886a086703be53b7931c7833bb507d6825a01804c6a4c22a940809c0f85f1a414b7f18a286e8c8d6e34161a5cfb2dc58ce79b9f1749a677

Download Submit
C:\Windows\System\towLXcp.exe

Filesize
6.0MB

MD5
9ceb16177c576a0cc0155b7bebeb0860

SHA1
9169f7248d81bed9ca93eca14041a5d5d64ffee0

SHA256
8b425ae62eb2680fd9d43101d59cb653741b7a98104621489425e3a70bf3316f

SHA512
06395a27310f0446c323baf3c0aa9fd53ee2fa4e0fd43b921d37c493f6119b07e9e9d38549516bf9bf095b6e144e36d97b8cdd44f8a7006f9c05c6803b33c500

Download Submit
C:\Windows\System\tpomyjb.exe

Filesize
6.0MB

MD5
146cae3ca16db82516c9c01d3528c187

SHA1
78d822e94a624b9bd86414ba735e9de4a3fcbc84

SHA256
660b10de8093d985ae517ca25ddefb17ad49e07edd615a3c95faa182bb71b46b

SHA512
191f1b6989e08099ef9207eca0333590071133e7162fc7f08f4fc5c9bd1e980c8b66111e8c019213560c6b741f441b12aa132016739bbb943c0122e40596f49a

Download Submit
memory/116-1292-0x00007FF7191A0000-0x00007FF7194F4000-memory.dmp

Filesize
3.3MB

Download
memory/116-24-0x00007FF7191A0000-0x00007FF7194F4000-memory.dmp

Filesize
3.3MB

Download
memory/116-1548-0x00007FF7191A0000-0x00007FF7194F4000-memory.dmp

Filesize
3.3MB

Download
memory/184-1554-0x00007FF719980000-0x00007FF719CD4000-memory.dmp

Filesize
3.3MB

Download
memory/184-43-0x00007FF719980000-0x00007FF719CD4000-memory.dmp

Filesize
3.3MB

Download
memory/212-1566-0x00007FF65FBC0000-0x00007FF65FF14000-memory.dmp

Filesize
3.3MB

Download
memory/212-221-0x00007FF65FBC0000-0x00007FF65FF14000-memory.dmp

Filesize
3.3MB

Download
memory/768-225-0x00007FF6054E0000-0x00007FF605834000-memory.dmp

Filesize
3.3MB

Download
memory/768-1585-0x00007FF6054E0000-0x00007FF605834000-memory.dmp

Filesize
3.3MB

Download
memory/980-1538-0x00007FF6CA3A0000-0x00007FF6CA6F4000-memory.dmp

Filesize
3.3MB

Download
memory/980-1239-0x00007FF6CA3A0000-0x00007FF6CA6F4000-memory.dmp

Filesize
3.3MB

Download
memory/980-8-0x00007FF6CA3A0000-0x00007FF6CA6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1172-1461-0x00007FF6D4FA0000-0x00007FF6D52F4000-memory.dmp

Filesize
3.3MB

Download
memory/1172-1559-0x00007FF6D4FA0000-0x00007FF6D52F4000-memory.dmp

Filesize
3.3MB

Download
memory/1172-220-0x00007FF6D4FA0000-0x00007FF6D52F4000-memory.dmp

Filesize
3.3MB

Download
memory/1468-39-0x00007FF6D8860000-0x00007FF6D8BB4000-memory.dmp

Filesize
3.3MB

Download
memory/1468-1375-0x00007FF6D8860000-0x00007FF6D8BB4000-memory.dmp

Filesize
3.3MB

Download
memory/1468-1555-0x00007FF6D8860000-0x00007FF6D8BB4000-memory.dmp

Filesize
3.3MB

Download
memory/1572-1195-0x00007FF77FD80000-0x00007FF7800D4000-memory.dmp

Filesize
3.3MB

Download
memory/1572-0-0x00007FF77FD80000-0x00007FF7800D4000-memory.dmp

Filesize
3.3MB

Download
memory/1572-1-0x0000014CE7790000-0x0000014CE77A0000-memory.dmp

Filesize
64KB

Download
memory/1676-1561-0x00007FF727DC0000-0x00007FF728114000-memory.dmp

Filesize
3.3MB

Download
memory/1676-276-0x00007FF727DC0000-0x00007FF728114000-memory.dmp

Filesize
3.3MB

Download
memory/1740-1564-0x00007FF6FA0E0000-0x00007FF6FA434000-memory.dmp

Filesize
3.3MB

Download
memory/1740-222-0x00007FF6FA0E0000-0x00007FF6FA434000-memory.dmp

Filesize
3.3MB

Download
memory/2172-256-0x00007FF6F8060000-0x00007FF6F83B4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-1580-0x00007FF6F8060000-0x00007FF6F83B4000-memory.dmp

Filesize
3.3MB

Download
memory/2240-230-0x00007FF65B0B0000-0x00007FF65B404000-memory.dmp

Filesize
3.3MB

Download
memory/2240-1575-0x00007FF65B0B0000-0x00007FF65B404000-memory.dmp

Filesize
3.3MB

Download
memory/2332-248-0x00007FF7FA460000-0x00007FF7FA7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-1588-0x00007FF7FA460000-0x00007FF7FA7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-240-0x00007FF711420000-0x00007FF711774000-memory.dmp

Filesize
3.3MB

Download
memory/2620-1578-0x00007FF711420000-0x00007FF711774000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1374-0x00007FF7BA3B0000-0x00007FF7BA704000-memory.dmp

Filesize
3.3MB

Download
memory/2684-28-0x00007FF7BA3B0000-0x00007FF7BA704000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1553-0x00007FF7BA3B0000-0x00007FF7BA704000-memory.dmp

Filesize
3.3MB

Download
memory/2744-1579-0x00007FF7DF270000-0x00007FF7DF5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-264-0x00007FF7DF270000-0x00007FF7DF5C4000-memory.dmp

Filesize
3.3MB

Download
memory/3144-1577-0x00007FF6FB5E0000-0x00007FF6FB934000-memory.dmp

Filesize
3.3MB

Download
memory/3144-232-0x00007FF6FB5E0000-0x00007FF6FB934000-memory.dmp

Filesize
3.3MB

Download
memory/3332-273-0x00007FF692D40000-0x00007FF693094000-memory.dmp

Filesize
3.3MB

Download
memory/3332-1589-0x00007FF692D40000-0x00007FF693094000-memory.dmp

Filesize
3.3MB

Download
memory/3464-1574-0x00007FF7E3BA0000-0x00007FF7E3EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3464-229-0x00007FF7E3BA0000-0x00007FF7E3EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3508-1584-0x00007FF665420000-0x00007FF665774000-memory.dmp

Filesize
3.3MB

Download
memory/3508-270-0x00007FF665420000-0x00007FF665774000-memory.dmp

Filesize
3.3MB

Download
memory/3524-1289-0x00007FF7E1CA0000-0x00007FF7E1FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3524-12-0x00007FF7E1CA0000-0x00007FF7E1FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3524-1545-0x00007FF7E1CA0000-0x00007FF7E1FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3880-1565-0x00007FF6783F0000-0x00007FF678744000-memory.dmp

Filesize
3.3MB

Download
memory/3880-223-0x00007FF6783F0000-0x00007FF678744000-memory.dmp

Filesize
3.3MB

Download
memory/3920-1560-0x00007FF7B74C0000-0x00007FF7B7814000-memory.dmp

Filesize
3.3MB

Download
memory/3920-1410-0x00007FF7B74C0000-0x00007FF7B7814000-memory.dmp

Filesize
3.3MB

Download
memory/3920-44-0x00007FF7B74C0000-0x00007FF7B7814000-memory.dmp

Filesize
3.3MB

Download
memory/3924-1586-0x00007FF7D3430000-0x00007FF7D3784000-memory.dmp

Filesize
3.3MB

Download
memory/3924-226-0x00007FF7D3430000-0x00007FF7D3784000-memory.dmp

Filesize
3.3MB

Download
memory/4176-231-0x00007FF74B610000-0x00007FF74B964000-memory.dmp

Filesize
3.3MB

Download
memory/4176-1587-0x00007FF74B610000-0x00007FF74B964000-memory.dmp

Filesize
3.3MB

Download
memory/4296-1567-0x00007FF655D20000-0x00007FF656074000-memory.dmp

Filesize
3.3MB

Download
memory/4296-224-0x00007FF655D20000-0x00007FF656074000-memory.dmp

Filesize
3.3MB

Download
memory/4524-227-0x00007FF7158D0000-0x00007FF715C24000-memory.dmp

Filesize
3.3MB

Download
memory/4524-1573-0x00007FF7158D0000-0x00007FF715C24000-memory.dmp

Filesize
3.3MB

Download
memory/4836-254-0x00007FF65A9D0000-0x00007FF65AD24000-memory.dmp

Filesize
3.3MB

Download
memory/4836-1581-0x00007FF65A9D0000-0x00007FF65AD24000-memory.dmp

Filesize
3.3MB

Download
memory/4860-1576-0x00007FF63C870000-0x00007FF63CBC4000-memory.dmp

Filesize
3.3MB

Download
memory/4860-237-0x00007FF63C870000-0x00007FF63CBC4000-memory.dmp

Filesize
3.3MB

Download
memory/4928-228-0x00007FF6936F0000-0x00007FF693A44000-memory.dmp

Filesize
3.3MB

Download
memory/4928-1572-0x00007FF6936F0000-0x00007FF693A44000-memory.dmp

Filesize
3.3MB

Download