cobaltstrike | 10d23c32a2dee8edd2a51c1742154388ab38c4c17ecec9e5cb6a7ac9bdc28c2c

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2024 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f1f552501f18e046d5163a2a4736696b
SHA1

1f0398ff5a5bea2b9795fa3c5772e3e098207278
SHA256

10d23c32a2dee8edd2a51c1742154388ab38c4c17ecec9e5cb6a7ac9bdc28c2c
SHA512

71ee11cdb1e274776d10e5df322f5c0ba93fe244ca8dd4aaa3dfb70590302efcf65bfa90fbb46c063b06e323c8ff0a30fd4e8ec03bb670e10ea9eff73afce96d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023c5f-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c65-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c63-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c66-23.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c60-34.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c69-44.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6a-49.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6b-54.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6e-68.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6f-74.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c72-92.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c75-101.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c78-121.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c79-129.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c82-169.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c80-166.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c81-161.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7f-159.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7e-154.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7d-149.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7c-144.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7b-139.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7a-135.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c77-117.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c76-109.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c74-102.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c73-94.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c71-86.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c70-79.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6d-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6c-59.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c68-39.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c67-29.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2300-0-0x00007FF670800000-0x00007FF670B54000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c5f-4.dat	xmrig
behavioral2/memory/2432-8-0x00007FF7A08E0000-0x00007FF7A0C34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c65-10.dat	xmrig
behavioral2/files/0x0007000000023c63-11.dat	xmrig
behavioral2/memory/4664-12-0x00007FF77B5F0000-0x00007FF77B944000-memory.dmp	xmrig
behavioral2/memory/4320-22-0x00007FF6D1F60000-0x00007FF6D22B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c66-23.dat	xmrig
behavioral2/files/0x0008000000023c60-34.dat	xmrig
behavioral2/files/0x0007000000023c69-44.dat	xmrig
behavioral2/files/0x0007000000023c6a-49.dat	xmrig
behavioral2/files/0x0007000000023c6b-54.dat	xmrig
behavioral2/files/0x0007000000023c6e-68.dat	xmrig
behavioral2/files/0x0007000000023c6f-74.dat	xmrig
behavioral2/files/0x0007000000023c72-92.dat	xmrig
behavioral2/files/0x0007000000023c75-101.dat	xmrig
behavioral2/files/0x0007000000023c78-121.dat	xmrig
behavioral2/files/0x0007000000023c79-129.dat	xmrig
behavioral2/memory/4476-644-0x00007FF7720B0000-0x00007FF772404000-memory.dmp	xmrig
behavioral2/memory/1800-667-0x00007FF74F450000-0x00007FF74F7A4000-memory.dmp	xmrig
behavioral2/memory/3684-678-0x00007FF7B6460000-0x00007FF7B67B4000-memory.dmp	xmrig
behavioral2/memory/1016-726-0x00007FF6CF880000-0x00007FF6CFBD4000-memory.dmp	xmrig
behavioral2/memory/4872-737-0x00007FF684860000-0x00007FF684BB4000-memory.dmp	xmrig
behavioral2/memory/2244-754-0x00007FF6283B0000-0x00007FF628704000-memory.dmp	xmrig
behavioral2/memory/2408-750-0x00007FF775260000-0x00007FF7755B4000-memory.dmp	xmrig
behavioral2/memory/2456-746-0x00007FF6DABD0000-0x00007FF6DAF24000-memory.dmp	xmrig
behavioral2/memory/3240-745-0x00007FF6A66B0000-0x00007FF6A6A04000-memory.dmp	xmrig
behavioral2/memory/1076-741-0x00007FF605070000-0x00007FF6053C4000-memory.dmp	xmrig
behavioral2/memory/1596-736-0x00007FF649880000-0x00007FF649BD4000-memory.dmp	xmrig
behavioral2/memory/4656-732-0x00007FF6BA2E0000-0x00007FF6BA634000-memory.dmp	xmrig
behavioral2/memory/1380-722-0x00007FF6474D0000-0x00007FF647824000-memory.dmp	xmrig
behavioral2/memory/2828-719-0x00007FF675E40000-0x00007FF676194000-memory.dmp	xmrig
behavioral2/memory/4924-716-0x00007FF6E9FC0000-0x00007FF6EA314000-memory.dmp	xmrig
behavioral2/memory/4856-694-0x00007FF688BB0000-0x00007FF688F04000-memory.dmp	xmrig
behavioral2/memory/796-682-0x00007FF7BB4F0000-0x00007FF7BB844000-memory.dmp	xmrig
behavioral2/memory/3428-675-0x00007FF630020000-0x00007FF630374000-memory.dmp	xmrig
behavioral2/memory/4504-670-0x00007FF7B3B30000-0x00007FF7B3E84000-memory.dmp	xmrig
behavioral2/memory/3252-664-0x00007FF7BB8B0000-0x00007FF7BBC04000-memory.dmp	xmrig
behavioral2/memory/3416-661-0x00007FF7999C0000-0x00007FF799D14000-memory.dmp	xmrig
behavioral2/memory/808-656-0x00007FF77AFC0000-0x00007FF77B314000-memory.dmp	xmrig
behavioral2/memory/1840-650-0x00007FF731D10000-0x00007FF732064000-memory.dmp	xmrig
behavioral2/memory/1356-646-0x00007FF7EF2B0000-0x00007FF7EF604000-memory.dmp	xmrig
behavioral2/memory/3132-641-0x00007FF6D8880000-0x00007FF6D8BD4000-memory.dmp	xmrig
behavioral2/memory/1452-634-0x00007FF6BA7D0000-0x00007FF6BAB24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c82-169.dat	xmrig
behavioral2/files/0x0007000000023c80-166.dat	xmrig
behavioral2/files/0x0007000000023c81-161.dat	xmrig
behavioral2/files/0x0007000000023c7f-159.dat	xmrig
behavioral2/files/0x0007000000023c7e-154.dat	xmrig
behavioral2/files/0x0007000000023c7d-149.dat	xmrig
behavioral2/files/0x0007000000023c7c-144.dat	xmrig
behavioral2/files/0x0007000000023c7b-139.dat	xmrig
behavioral2/files/0x0007000000023c7a-135.dat	xmrig
behavioral2/files/0x0007000000023c77-117.dat	xmrig
behavioral2/files/0x0007000000023c76-109.dat	xmrig
behavioral2/files/0x0007000000023c74-102.dat	xmrig
behavioral2/files/0x0007000000023c73-94.dat	xmrig
behavioral2/files/0x0007000000023c71-86.dat	xmrig
behavioral2/files/0x0007000000023c70-79.dat	xmrig
behavioral2/files/0x0007000000023c6d-64.dat	xmrig
behavioral2/files/0x0007000000023c6c-59.dat	xmrig
behavioral2/files/0x0007000000023c68-39.dat	xmrig
behavioral2/files/0x0007000000023c67-29.dat	xmrig
behavioral2/memory/2432-1337-0x00007FF7A08E0000-0x00007FF7A0C34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2432	jSJkaxf.exe
4664	vdQTemK.exe
4320	ZvRuMlV.exe
2408	kDzaQBx.exe
1452	mDONTCq.exe
2244	PtokoiE.exe
3132	ywyeiox.exe
4476	DNcnGnx.exe
1356	jnpeXzL.exe
1840	mMWjjpI.exe
808	GyyyaWh.exe
3416	ZfiNGXc.exe
3252	VQUEBKR.exe
1800	HLDzgcF.exe
4504	pnLXlki.exe
3428	RXncFzd.exe
3684	HcNvvOR.exe
796	uyXAreH.exe
4856	TlEqCUQ.exe
4924	DrEaQLh.exe
2828	tenKQpm.exe
1380	uSnGItr.exe
1016	RuCxNlb.exe
4656	ZEQWaUE.exe
1596	RhLUrzS.exe
4872	AHSKpSi.exe
1076	uzGMXcv.exe
3240	mDDIkbo.exe
2456	aBapBjc.exe
2160	BxoKNFR.exe
1680	LWPlZhY.exe
3548	JAbdfUH.exe
3968	epdnMlA.exe
3256	WMeBdSr.exe
1664	YsPJtGS.exe
1416	VPHPPNs.exe
752	ZNiOkec.exe
1376	MHZRrjh.exe
3216	HAYMoNP.exe
3304	RQRMkWT.exe
2212	yOiXryH.exe
2100	KOTQjpd.exe
2480	McZTOBN.exe
3000	uBqVIYU.exe
2368	lkEHvBb.exe
2776	WSRLkaG.exe
4628	tYLabRu.exe
1516	jonUOhD.exe
4376	ymxspQc.exe
4460	dOuscFq.exe
908	CMYkMdl.exe
4132	gEsacBN.exe
1892	Dvfagya.exe
2992	fvcZvKh.exe
2152	fjcrwWa.exe
4852	ToiUnao.exe
800	PTzLmwq.exe
5076	DzTtehr.exe
408	mysMLzI.exe
4364	akkVMBI.exe
3372	aZfTBtZ.exe
4740	yKpnVaL.exe
3764	YvLNPcM.exe
3956	WMTAmKy.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2300-0-0x00007FF670800000-0x00007FF670B54000-memory.dmp	upx
behavioral2/files/0x0008000000023c5f-4.dat	upx
behavioral2/memory/2432-8-0x00007FF7A08E0000-0x00007FF7A0C34000-memory.dmp	upx
behavioral2/files/0x0007000000023c65-10.dat	upx
behavioral2/files/0x0007000000023c63-11.dat	upx
behavioral2/memory/4664-12-0x00007FF77B5F0000-0x00007FF77B944000-memory.dmp	upx
behavioral2/memory/4320-22-0x00007FF6D1F60000-0x00007FF6D22B4000-memory.dmp	upx
behavioral2/files/0x0007000000023c66-23.dat	upx
behavioral2/files/0x0008000000023c60-34.dat	upx
behavioral2/files/0x0007000000023c69-44.dat	upx
behavioral2/files/0x0007000000023c6a-49.dat	upx
behavioral2/files/0x0007000000023c6b-54.dat	upx
behavioral2/files/0x0007000000023c6e-68.dat	upx
behavioral2/files/0x0007000000023c6f-74.dat	upx
behavioral2/files/0x0007000000023c72-92.dat	upx
behavioral2/files/0x0007000000023c75-101.dat	upx
behavioral2/files/0x0007000000023c78-121.dat	upx
behavioral2/files/0x0007000000023c79-129.dat	upx
behavioral2/memory/4476-644-0x00007FF7720B0000-0x00007FF772404000-memory.dmp	upx
behavioral2/memory/1800-667-0x00007FF74F450000-0x00007FF74F7A4000-memory.dmp	upx
behavioral2/memory/3684-678-0x00007FF7B6460000-0x00007FF7B67B4000-memory.dmp	upx
behavioral2/memory/1016-726-0x00007FF6CF880000-0x00007FF6CFBD4000-memory.dmp	upx
behavioral2/memory/4872-737-0x00007FF684860000-0x00007FF684BB4000-memory.dmp	upx
behavioral2/memory/2244-754-0x00007FF6283B0000-0x00007FF628704000-memory.dmp	upx
behavioral2/memory/2408-750-0x00007FF775260000-0x00007FF7755B4000-memory.dmp	upx
behavioral2/memory/2456-746-0x00007FF6DABD0000-0x00007FF6DAF24000-memory.dmp	upx
behavioral2/memory/3240-745-0x00007FF6A66B0000-0x00007FF6A6A04000-memory.dmp	upx
behavioral2/memory/1076-741-0x00007FF605070000-0x00007FF6053C4000-memory.dmp	upx
behavioral2/memory/1596-736-0x00007FF649880000-0x00007FF649BD4000-memory.dmp	upx
behavioral2/memory/4656-732-0x00007FF6BA2E0000-0x00007FF6BA634000-memory.dmp	upx
behavioral2/memory/1380-722-0x00007FF6474D0000-0x00007FF647824000-memory.dmp	upx
behavioral2/memory/2828-719-0x00007FF675E40000-0x00007FF676194000-memory.dmp	upx
behavioral2/memory/4924-716-0x00007FF6E9FC0000-0x00007FF6EA314000-memory.dmp	upx
behavioral2/memory/4856-694-0x00007FF688BB0000-0x00007FF688F04000-memory.dmp	upx
behavioral2/memory/796-682-0x00007FF7BB4F0000-0x00007FF7BB844000-memory.dmp	upx
behavioral2/memory/3428-675-0x00007FF630020000-0x00007FF630374000-memory.dmp	upx
behavioral2/memory/4504-670-0x00007FF7B3B30000-0x00007FF7B3E84000-memory.dmp	upx
behavioral2/memory/3252-664-0x00007FF7BB8B0000-0x00007FF7BBC04000-memory.dmp	upx
behavioral2/memory/3416-661-0x00007FF7999C0000-0x00007FF799D14000-memory.dmp	upx
behavioral2/memory/808-656-0x00007FF77AFC0000-0x00007FF77B314000-memory.dmp	upx
behavioral2/memory/1840-650-0x00007FF731D10000-0x00007FF732064000-memory.dmp	upx
behavioral2/memory/1356-646-0x00007FF7EF2B0000-0x00007FF7EF604000-memory.dmp	upx
behavioral2/memory/3132-641-0x00007FF6D8880000-0x00007FF6D8BD4000-memory.dmp	upx
behavioral2/memory/1452-634-0x00007FF6BA7D0000-0x00007FF6BAB24000-memory.dmp	upx
behavioral2/files/0x0007000000023c82-169.dat	upx
behavioral2/files/0x0007000000023c80-166.dat	upx
behavioral2/files/0x0007000000023c81-161.dat	upx
behavioral2/files/0x0007000000023c7f-159.dat	upx
behavioral2/files/0x0007000000023c7e-154.dat	upx
behavioral2/files/0x0007000000023c7d-149.dat	upx
behavioral2/files/0x0007000000023c7c-144.dat	upx
behavioral2/files/0x0007000000023c7b-139.dat	upx
behavioral2/files/0x0007000000023c7a-135.dat	upx
behavioral2/files/0x0007000000023c77-117.dat	upx
behavioral2/files/0x0007000000023c76-109.dat	upx
behavioral2/files/0x0007000000023c74-102.dat	upx
behavioral2/files/0x0007000000023c73-94.dat	upx
behavioral2/files/0x0007000000023c71-86.dat	upx
behavioral2/files/0x0007000000023c70-79.dat	upx
behavioral2/files/0x0007000000023c6d-64.dat	upx
behavioral2/files/0x0007000000023c6c-59.dat	upx
behavioral2/files/0x0007000000023c68-39.dat	upx
behavioral2/files/0x0007000000023c67-29.dat	upx
behavioral2/memory/2432-1337-0x00007FF7A08E0000-0x00007FF7A0C34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FVAXWUW.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BSblrMw.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBXtJyM.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\agECKuQ.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BMwnmFN.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hCnijup.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTLlknv.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTeEQdg.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xHGGgpd.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hyudbfR.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IcNpmaZ.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BxoKNFR.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dTJFEKh.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AIWJdEF.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETkPaKY.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fdtUWLF.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdQTemK.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPJmtsq.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STUwhLl.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EzDUhTc.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPrqTax.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMMjKTW.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sTTAUbk.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwsVGFz.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAzXuEZ.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZuPBaT.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OlSDCJJ.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXPubOh.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fellhxT.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNzAVjC.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ThsZiZK.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ljEhDij.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vUPDcJF.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TlEqCUQ.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQzEZSA.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZoNAwOS.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIDDSHD.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XjLoNpU.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZStjDK.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEIQEOt.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MeNtwNj.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oOvubZk.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOogOYe.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPxjSRA.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SEQHpxh.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpwCkzu.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKvChlZ.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\brQCxcL.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJsQahU.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnLygwx.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUoRxoy.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NfLyKcW.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkByYGD.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zeVxycI.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKbzlAV.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ErzEKSF.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMUPnAi.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yUiQbeX.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\llwcWug.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wfGDryl.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmRBNzn.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTpFbHQ.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvfnVMh.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgNAtwH.exe	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 2432	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 2300 wrote to memory of 2432	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 2300 wrote to memory of 4664	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2300 wrote to memory of 4664	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2300 wrote to memory of 4320	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2300 wrote to memory of 4320	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2300 wrote to memory of 2408	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2300 wrote to memory of 2408	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2300 wrote to memory of 1452	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2300 wrote to memory of 1452	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2300 wrote to memory of 2244	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2300 wrote to memory of 2244	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2300 wrote to memory of 3132	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2300 wrote to memory of 3132	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2300 wrote to memory of 4476	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2300 wrote to memory of 4476	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2300 wrote to memory of 1356	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2300 wrote to memory of 1356	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2300 wrote to memory of 1840	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2300 wrote to memory of 1840	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2300 wrote to memory of 808	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2300 wrote to memory of 808	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2300 wrote to memory of 3416	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2300 wrote to memory of 3416	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2300 wrote to memory of 3252	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2300 wrote to memory of 3252	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2300 wrote to memory of 1800	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2300 wrote to memory of 1800	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2300 wrote to memory of 4504	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2300 wrote to memory of 4504	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2300 wrote to memory of 3428	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2300 wrote to memory of 3428	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2300 wrote to memory of 3684	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2300 wrote to memory of 3684	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2300 wrote to memory of 796	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2300 wrote to memory of 796	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2300 wrote to memory of 4856	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2300 wrote to memory of 4856	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2300 wrote to memory of 4924	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2300 wrote to memory of 4924	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2300 wrote to memory of 2828	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2300 wrote to memory of 2828	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2300 wrote to memory of 1380	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2300 wrote to memory of 1380	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2300 wrote to memory of 1016	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2300 wrote to memory of 1016	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2300 wrote to memory of 4656	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2300 wrote to memory of 4656	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2300 wrote to memory of 1596	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2300 wrote to memory of 1596	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2300 wrote to memory of 4872	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2300 wrote to memory of 4872	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2300 wrote to memory of 1076	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2300 wrote to memory of 1076	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2300 wrote to memory of 3240	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2300 wrote to memory of 3240	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2300 wrote to memory of 2456	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2300 wrote to memory of 2456	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2300 wrote to memory of 2160	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2300 wrote to memory of 2160	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2300 wrote to memory of 1680	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2300 wrote to memory of 1680	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2300 wrote to memory of 3548	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 2300 wrote to memory of 3548	2300	2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-18_f1f552501f18e046d5163a2a4736696b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Windows\System\jSJkaxf.exe
  C:\Windows\System\jSJkaxf.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\vdQTemK.exe
  C:\Windows\System\vdQTemK.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\ZvRuMlV.exe
  C:\Windows\System\ZvRuMlV.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\kDzaQBx.exe
  C:\Windows\System\kDzaQBx.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\mDONTCq.exe
  C:\Windows\System\mDONTCq.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\PtokoiE.exe
  C:\Windows\System\PtokoiE.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\ywyeiox.exe
  C:\Windows\System\ywyeiox.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\DNcnGnx.exe
  C:\Windows\System\DNcnGnx.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\jnpeXzL.exe
  C:\Windows\System\jnpeXzL.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\mMWjjpI.exe
  C:\Windows\System\mMWjjpI.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\GyyyaWh.exe
  C:\Windows\System\GyyyaWh.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\ZfiNGXc.exe
  C:\Windows\System\ZfiNGXc.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\VQUEBKR.exe
  C:\Windows\System\VQUEBKR.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\HLDzgcF.exe
  C:\Windows\System\HLDzgcF.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\pnLXlki.exe
  C:\Windows\System\pnLXlki.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\RXncFzd.exe
  C:\Windows\System\RXncFzd.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\HcNvvOR.exe
  C:\Windows\System\HcNvvOR.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\uyXAreH.exe
  C:\Windows\System\uyXAreH.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\TlEqCUQ.exe
  C:\Windows\System\TlEqCUQ.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\DrEaQLh.exe
  C:\Windows\System\DrEaQLh.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\tenKQpm.exe
  C:\Windows\System\tenKQpm.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\uSnGItr.exe
  C:\Windows\System\uSnGItr.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\RuCxNlb.exe
  C:\Windows\System\RuCxNlb.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\ZEQWaUE.exe
  C:\Windows\System\ZEQWaUE.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\RhLUrzS.exe
  C:\Windows\System\RhLUrzS.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\AHSKpSi.exe
  C:\Windows\System\AHSKpSi.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\uzGMXcv.exe
  C:\Windows\System\uzGMXcv.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\mDDIkbo.exe
  C:\Windows\System\mDDIkbo.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\aBapBjc.exe
  C:\Windows\System\aBapBjc.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\BxoKNFR.exe
  C:\Windows\System\BxoKNFR.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\LWPlZhY.exe
  C:\Windows\System\LWPlZhY.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\JAbdfUH.exe
  C:\Windows\System\JAbdfUH.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\epdnMlA.exe
  C:\Windows\System\epdnMlA.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\WMeBdSr.exe
  C:\Windows\System\WMeBdSr.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\YsPJtGS.exe
  C:\Windows\System\YsPJtGS.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\VPHPPNs.exe
  C:\Windows\System\VPHPPNs.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\ZNiOkec.exe
  C:\Windows\System\ZNiOkec.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\MHZRrjh.exe
  C:\Windows\System\MHZRrjh.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\HAYMoNP.exe
  C:\Windows\System\HAYMoNP.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\RQRMkWT.exe
  C:\Windows\System\RQRMkWT.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\yOiXryH.exe
  C:\Windows\System\yOiXryH.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\KOTQjpd.exe
  C:\Windows\System\KOTQjpd.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\McZTOBN.exe
  C:\Windows\System\McZTOBN.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\uBqVIYU.exe
  C:\Windows\System\uBqVIYU.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\lkEHvBb.exe
  C:\Windows\System\lkEHvBb.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\WSRLkaG.exe
  C:\Windows\System\WSRLkaG.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\tYLabRu.exe
  C:\Windows\System\tYLabRu.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\jonUOhD.exe
  C:\Windows\System\jonUOhD.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\ymxspQc.exe
  C:\Windows\System\ymxspQc.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\dOuscFq.exe
  C:\Windows\System\dOuscFq.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\CMYkMdl.exe
  C:\Windows\System\CMYkMdl.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\gEsacBN.exe
  C:\Windows\System\gEsacBN.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\Dvfagya.exe
  C:\Windows\System\Dvfagya.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\fvcZvKh.exe
  C:\Windows\System\fvcZvKh.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\fjcrwWa.exe
  C:\Windows\System\fjcrwWa.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\ToiUnao.exe
  C:\Windows\System\ToiUnao.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\PTzLmwq.exe
  C:\Windows\System\PTzLmwq.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\DzTtehr.exe
  C:\Windows\System\DzTtehr.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\mysMLzI.exe
  C:\Windows\System\mysMLzI.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\akkVMBI.exe
  C:\Windows\System\akkVMBI.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\aZfTBtZ.exe
  C:\Windows\System\aZfTBtZ.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\yKpnVaL.exe
  C:\Windows\System\yKpnVaL.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\YvLNPcM.exe
  C:\Windows\System\YvLNPcM.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\WMTAmKy.exe
  C:\Windows\System\WMTAmKy.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\urajzpw.exe
  C:\Windows\System\urajzpw.exe
  2⤵
  PID:3860
- C:\Windows\System\YaqYGFd.exe
  C:\Windows\System\YaqYGFd.exe
  2⤵
  PID:1636
- C:\Windows\System\XUbgxXc.exe
  C:\Windows\System\XUbgxXc.exe
  2⤵
  PID:664
- C:\Windows\System\OqLVOso.exe
  C:\Windows\System\OqLVOso.exe
  2⤵
  PID:4340
- C:\Windows\System\DZQKfpq.exe
  C:\Windows\System\DZQKfpq.exe
  2⤵
  PID:4456
- C:\Windows\System\uUeWbra.exe
  C:\Windows\System\uUeWbra.exe
  2⤵
  PID:3704
- C:\Windows\System\OJdpHsT.exe
  C:\Windows\System\OJdpHsT.exe
  2⤵
  PID:4080
- C:\Windows\System\xUKXPyo.exe
  C:\Windows\System\xUKXPyo.exe
  2⤵
  PID:1084
- C:\Windows\System\MsppIqI.exe
  C:\Windows\System\MsppIqI.exe
  2⤵
  PID:4972
- C:\Windows\System\vcUGCJb.exe
  C:\Windows\System\vcUGCJb.exe
  2⤵
  PID:4104
- C:\Windows\System\czyzfPR.exe
  C:\Windows\System\czyzfPR.exe
  2⤵
  PID:1964
- C:\Windows\System\XJproSi.exe
  C:\Windows\System\XJproSi.exe
  2⤵
  PID:1420
- C:\Windows\System\NKkDnjP.exe
  C:\Windows\System\NKkDnjP.exe
  2⤵
  PID:4488
- C:\Windows\System\xBDBOXq.exe
  C:\Windows\System\xBDBOXq.exe
  2⤵
  PID:2572
- C:\Windows\System\hOpeIoK.exe
  C:\Windows\System\hOpeIoK.exe
  2⤵
  PID:2664
- C:\Windows\System\NwGdDev.exe
  C:\Windows\System\NwGdDev.exe
  2⤵
  PID:764
- C:\Windows\System\lsYuZue.exe
  C:\Windows\System\lsYuZue.exe
  2⤵
  PID:4788
- C:\Windows\System\xPxjSRA.exe
  C:\Windows\System\xPxjSRA.exe
  2⤵
  PID:5004
- C:\Windows\System\kwLwywE.exe
  C:\Windows\System\kwLwywE.exe
  2⤵
  PID:904
- C:\Windows\System\OJngyMh.exe
  C:\Windows\System\OJngyMh.exe
  2⤵
  PID:4560
- C:\Windows\System\TwDcrED.exe
  C:\Windows\System\TwDcrED.exe
  2⤵
  PID:1880
- C:\Windows\System\bJnJIlM.exe
  C:\Windows\System\bJnJIlM.exe
  2⤵
  PID:5140
- C:\Windows\System\JjPelOa.exe
  C:\Windows\System\JjPelOa.exe
  2⤵
  PID:5160
- C:\Windows\System\YrSjfUZ.exe
  C:\Windows\System\YrSjfUZ.exe
  2⤵
  PID:5176
- C:\Windows\System\RTpFbHQ.exe
  C:\Windows\System\RTpFbHQ.exe
  2⤵
  PID:5208
- C:\Windows\System\UVRnVcE.exe
  C:\Windows\System\UVRnVcE.exe
  2⤵
  PID:5252
- C:\Windows\System\eNbcEWP.exe
  C:\Windows\System\eNbcEWP.exe
  2⤵
  PID:5284
- C:\Windows\System\JdDXdMP.exe
  C:\Windows\System\JdDXdMP.exe
  2⤵
  PID:5312
- C:\Windows\System\wLdeWYE.exe
  C:\Windows\System\wLdeWYE.exe
  2⤵
  PID:5340
- C:\Windows\System\LoyGRhO.exe
  C:\Windows\System\LoyGRhO.exe
  2⤵
  PID:5368
- C:\Windows\System\alnZFlX.exe
  C:\Windows\System\alnZFlX.exe
  2⤵
  PID:5396
- C:\Windows\System\yFxuXOC.exe
  C:\Windows\System\yFxuXOC.exe
  2⤵
  PID:5436
- C:\Windows\System\pQnyFDu.exe
  C:\Windows\System\pQnyFDu.exe
  2⤵
  PID:5452
- C:\Windows\System\DouvaAw.exe
  C:\Windows\System\DouvaAw.exe
  2⤵
  PID:5468
- C:\Windows\System\qjBUoDc.exe
  C:\Windows\System\qjBUoDc.exe
  2⤵
  PID:5496
- C:\Windows\System\SIEeSqM.exe
  C:\Windows\System\SIEeSqM.exe
  2⤵
  PID:5512
- C:\Windows\System\hIvGveX.exe
  C:\Windows\System\hIvGveX.exe
  2⤵
  PID:5532
- C:\Windows\System\djwOXKQ.exe
  C:\Windows\System\djwOXKQ.exe
  2⤵
  PID:5556
- C:\Windows\System\GggGIgw.exe
  C:\Windows\System\GggGIgw.exe
  2⤵
  PID:5576
- C:\Windows\System\rtEITYR.exe
  C:\Windows\System\rtEITYR.exe
  2⤵
  PID:5612
- C:\Windows\System\IWUdTZz.exe
  C:\Windows\System\IWUdTZz.exe
  2⤵
  PID:5668
- C:\Windows\System\WfdixSY.exe
  C:\Windows\System\WfdixSY.exe
  2⤵
  PID:5712
- C:\Windows\System\MNRLurV.exe
  C:\Windows\System\MNRLurV.exe
  2⤵
  PID:5736
- C:\Windows\System\uevcUrx.exe
  C:\Windows\System\uevcUrx.exe
  2⤵
  PID:5760
- C:\Windows\System\BIdYGxg.exe
  C:\Windows\System\BIdYGxg.exe
  2⤵
  PID:5788
- C:\Windows\System\GIvvhQB.exe
  C:\Windows\System\GIvvhQB.exe
  2⤵
  PID:5804
- C:\Windows\System\wxGgHkS.exe
  C:\Windows\System\wxGgHkS.exe
  2⤵
  PID:5832
- C:\Windows\System\Rlpvsth.exe
  C:\Windows\System\Rlpvsth.exe
  2⤵
  PID:5860
- C:\Windows\System\nYcDICR.exe
  C:\Windows\System\nYcDICR.exe
  2⤵
  PID:5904
- C:\Windows\System\cmxgdcM.exe
  C:\Windows\System\cmxgdcM.exe
  2⤵
  PID:5928
- C:\Windows\System\AqQWBZT.exe
  C:\Windows\System\AqQWBZT.exe
  2⤵
  PID:5956
- C:\Windows\System\faQIywi.exe
  C:\Windows\System\faQIywi.exe
  2⤵
  PID:5996
- C:\Windows\System\ohOzCCC.exe
  C:\Windows\System\ohOzCCC.exe
  2⤵
  PID:6012
- C:\Windows\System\TvkXYlM.exe
  C:\Windows\System\TvkXYlM.exe
  2⤵
  PID:6036
- C:\Windows\System\hrSnufk.exe
  C:\Windows\System\hrSnufk.exe
  2⤵
  PID:6076
- C:\Windows\System\TBEOFRs.exe
  C:\Windows\System\TBEOFRs.exe
  2⤵
  PID:6104
- C:\Windows\System\MJeWUwX.exe
  C:\Windows\System\MJeWUwX.exe
  2⤵
  PID:6136
- C:\Windows\System\JhFZBoa.exe
  C:\Windows\System\JhFZBoa.exe
  2⤵
  PID:2940
- C:\Windows\System\QdQWRWf.exe
  C:\Windows\System\QdQWRWf.exe
  2⤵
  PID:832
- C:\Windows\System\qmjzLil.exe
  C:\Windows\System\qmjzLil.exe
  2⤵
  PID:2552
- C:\Windows\System\QVPwYdn.exe
  C:\Windows\System\QVPwYdn.exe
  2⤵
  PID:5124
- C:\Windows\System\lBJExuv.exe
  C:\Windows\System\lBJExuv.exe
  2⤵
  PID:5204
- C:\Windows\System\iLPlkCR.exe
  C:\Windows\System\iLPlkCR.exe
  2⤵
  PID:5260
- C:\Windows\System\plUvjWV.exe
  C:\Windows\System\plUvjWV.exe
  2⤵
  PID:5324
- C:\Windows\System\xzTpZdf.exe
  C:\Windows\System\xzTpZdf.exe
  2⤵
  PID:5384
- C:\Windows\System\nRnPsrX.exe
  C:\Windows\System\nRnPsrX.exe
  2⤵
  PID:5448
- C:\Windows\System\OOiMWPQ.exe
  C:\Windows\System\OOiMWPQ.exe
  2⤵
  PID:5508
- C:\Windows\System\bFkcmEV.exe
  C:\Windows\System\bFkcmEV.exe
  2⤵
  PID:5564
- C:\Windows\System\uUAiGLB.exe
  C:\Windows\System\uUAiGLB.exe
  2⤵
  PID:5640
- C:\Windows\System\HppHvkK.exe
  C:\Windows\System\HppHvkK.exe
  2⤵
  PID:5704
- C:\Windows\System\CtXZxcX.exe
  C:\Windows\System\CtXZxcX.exe
  2⤵
  PID:5776
- C:\Windows\System\sgrYnTs.exe
  C:\Windows\System\sgrYnTs.exe
  2⤵
  PID:5844
- C:\Windows\System\PEMFHdS.exe
  C:\Windows\System\PEMFHdS.exe
  2⤵
  PID:5896
- C:\Windows\System\mZZvMgO.exe
  C:\Windows\System\mZZvMgO.exe
  2⤵
  PID:5976
- C:\Windows\System\bpdujRR.exe
  C:\Windows\System\bpdujRR.exe
  2⤵
  PID:6008
- C:\Windows\System\dFwEoKC.exe
  C:\Windows\System\dFwEoKC.exe
  2⤵
  PID:6052
- C:\Windows\System\WYBZAiF.exe
  C:\Windows\System\WYBZAiF.exe
  2⤵
  PID:6100
- C:\Windows\System\OCLaqSc.exe
  C:\Windows\System\OCLaqSc.exe
  2⤵
  PID:2072
- C:\Windows\System\YUUFJBw.exe
  C:\Windows\System\YUUFJBw.exe
  2⤵
  PID:3260
- C:\Windows\System\uvfnVMh.exe
  C:\Windows\System\uvfnVMh.exe
  2⤵
  PID:5188
- C:\Windows\System\ioqZRrl.exe
  C:\Windows\System\ioqZRrl.exe
  2⤵
  PID:5420
- C:\Windows\System\VGdjYkw.exe
  C:\Windows\System\VGdjYkw.exe
  2⤵
  PID:5540
- C:\Windows\System\GgULsbg.exe
  C:\Windows\System\GgULsbg.exe
  2⤵
  PID:5588
- C:\Windows\System\ERPCQWE.exe
  C:\Windows\System\ERPCQWE.exe
  2⤵
  PID:5696
- C:\Windows\System\WmljpJz.exe
  C:\Windows\System\WmljpJz.exe
  2⤵
  PID:4776
- C:\Windows\System\PSLzSjA.exe
  C:\Windows\System\PSLzSjA.exe
  2⤵
  PID:5240
- C:\Windows\System\dPvMlDO.exe
  C:\Windows\System\dPvMlDO.exe
  2⤵
  PID:5480
- C:\Windows\System\RLJinCb.exe
  C:\Windows\System\RLJinCb.exe
  2⤵
  PID:5688
- C:\Windows\System\QQfWsnH.exe
  C:\Windows\System\QQfWsnH.exe
  2⤵
  PID:6156
- C:\Windows\System\lfCyEwr.exe
  C:\Windows\System\lfCyEwr.exe
  2⤵
  PID:6180
- C:\Windows\System\fICxZKy.exe
  C:\Windows\System\fICxZKy.exe
  2⤵
  PID:6196
- C:\Windows\System\muAXKZj.exe
  C:\Windows\System\muAXKZj.exe
  2⤵
  PID:6212
- C:\Windows\System\HBSNLAB.exe
  C:\Windows\System\HBSNLAB.exe
  2⤵
  PID:6228
- C:\Windows\System\EywhDpx.exe
  C:\Windows\System\EywhDpx.exe
  2⤵
  PID:6244
- C:\Windows\System\rPLYneV.exe
  C:\Windows\System\rPLYneV.exe
  2⤵
  PID:6268
- C:\Windows\System\XyIkDIJ.exe
  C:\Windows\System\XyIkDIJ.exe
  2⤵
  PID:6284
- C:\Windows\System\flkAACP.exe
  C:\Windows\System\flkAACP.exe
  2⤵
  PID:6364
- C:\Windows\System\moTXGNY.exe
  C:\Windows\System\moTXGNY.exe
  2⤵
  PID:6412
- C:\Windows\System\qHOJHPW.exe
  C:\Windows\System\qHOJHPW.exe
  2⤵
  PID:6452
- C:\Windows\System\rUVtucC.exe
  C:\Windows\System\rUVtucC.exe
  2⤵
  PID:6468
- C:\Windows\System\efqUuWq.exe
  C:\Windows\System\efqUuWq.exe
  2⤵
  PID:6484
- C:\Windows\System\yifTDZJ.exe
  C:\Windows\System\yifTDZJ.exe
  2⤵
  PID:6512
- C:\Windows\System\vjpfltg.exe
  C:\Windows\System\vjpfltg.exe
  2⤵
  PID:6536
- C:\Windows\System\zTRSgAj.exe
  C:\Windows\System\zTRSgAj.exe
  2⤵
  PID:6552
- C:\Windows\System\RmOqItZ.exe
  C:\Windows\System\RmOqItZ.exe
  2⤵
  PID:6572
- C:\Windows\System\XIsFrKr.exe
  C:\Windows\System\XIsFrKr.exe
  2⤵
  PID:6612
- C:\Windows\System\ZEaFGLx.exe
  C:\Windows\System\ZEaFGLx.exe
  2⤵
  PID:6640
- C:\Windows\System\daUPGzk.exe
  C:\Windows\System\daUPGzk.exe
  2⤵
  PID:6684
- C:\Windows\System\jYYixfQ.exe
  C:\Windows\System\jYYixfQ.exe
  2⤵
  PID:6720
- C:\Windows\System\JoNmLkj.exe
  C:\Windows\System\JoNmLkj.exe
  2⤵
  PID:6748
- C:\Windows\System\nQYrQrZ.exe
  C:\Windows\System\nQYrQrZ.exe
  2⤵
  PID:6764
- C:\Windows\System\JgNAtwH.exe
  C:\Windows\System\JgNAtwH.exe
  2⤵
  PID:6792
- C:\Windows\System\cIKKkZp.exe
  C:\Windows\System\cIKKkZp.exe
  2⤵
  PID:6820
- C:\Windows\System\AjSdVhz.exe
  C:\Windows\System\AjSdVhz.exe
  2⤵
  PID:6856
- C:\Windows\System\DgqnlDJ.exe
  C:\Windows\System\DgqnlDJ.exe
  2⤵
  PID:6892
- C:\Windows\System\UrAuNAy.exe
  C:\Windows\System\UrAuNAy.exe
  2⤵
  PID:6916
- C:\Windows\System\BvYdDZS.exe
  C:\Windows\System\BvYdDZS.exe
  2⤵
  PID:6952
- C:\Windows\System\jmoNmhA.exe
  C:\Windows\System\jmoNmhA.exe
  2⤵
  PID:6972
- C:\Windows\System\WHFipoM.exe
  C:\Windows\System\WHFipoM.exe
  2⤵
  PID:7000
- C:\Windows\System\gYhCnSM.exe
  C:\Windows\System\gYhCnSM.exe
  2⤵
  PID:7032
- C:\Windows\System\NtWZLJB.exe
  C:\Windows\System\NtWZLJB.exe
  2⤵
  PID:7060
- C:\Windows\System\tTFusKE.exe
  C:\Windows\System\tTFusKE.exe
  2⤵
  PID:7076
- C:\Windows\System\MIaOxQa.exe
  C:\Windows\System\MIaOxQa.exe
  2⤵
  PID:7104
- C:\Windows\System\dOOQjTR.exe
  C:\Windows\System\dOOQjTR.exe
  2⤵
  PID:7120
- C:\Windows\System\byKwfxK.exe
  C:\Windows\System\byKwfxK.exe
  2⤵
  PID:7140
- C:\Windows\System\ImhVdyt.exe
  C:\Windows\System\ImhVdyt.exe
  2⤵
  PID:7160
- C:\Windows\System\XOeIWaH.exe
  C:\Windows\System\XOeIWaH.exe
  2⤵
  PID:5600
- C:\Windows\System\dGyxGwt.exe
  C:\Windows\System\dGyxGwt.exe
  2⤵
  PID:6172
- C:\Windows\System\WxhfYel.exe
  C:\Windows\System\WxhfYel.exe
  2⤵
  PID:6208
- C:\Windows\System\KXuImrS.exe
  C:\Windows\System\KXuImrS.exe
  2⤵
  PID:6236
- C:\Windows\System\agECKuQ.exe
  C:\Windows\System\agECKuQ.exe
  2⤵
  PID:6264
- C:\Windows\System\cFxCuQl.exe
  C:\Windows\System\cFxCuQl.exe
  2⤵
  PID:6308
- C:\Windows\System\NIRWkLI.exe
  C:\Windows\System\NIRWkLI.exe
  2⤵
  PID:6348
- C:\Windows\System\DWMowSI.exe
  C:\Windows\System\DWMowSI.exe
  2⤵
  PID:6424
- C:\Windows\System\dXlkUQK.exe
  C:\Windows\System\dXlkUQK.exe
  2⤵
  PID:4368
- C:\Windows\System\MYpfWzQ.exe
  C:\Windows\System\MYpfWzQ.exe
  2⤵
  PID:6496
- C:\Windows\System\ebsYqtL.exe
  C:\Windows\System\ebsYqtL.exe
  2⤵
  PID:6528
- C:\Windows\System\ebbFqRG.exe
  C:\Windows\System\ebbFqRG.exe
  2⤵
  PID:6564
- C:\Windows\System\zABHCbh.exe
  C:\Windows\System\zABHCbh.exe
  2⤵
  PID:6604
- C:\Windows\System\CEbhoiE.exe
  C:\Windows\System\CEbhoiE.exe
  2⤵
  PID:6660
- C:\Windows\System\xrlvQUc.exe
  C:\Windows\System\xrlvQUc.exe
  2⤵
  PID:6708
- C:\Windows\System\zaDjWlB.exe
  C:\Windows\System\zaDjWlB.exe
  2⤵
  PID:6756
- C:\Windows\System\lBrLmqM.exe
  C:\Windows\System\lBrLmqM.exe
  2⤵
  PID:6784
- C:\Windows\System\FFuydtf.exe
  C:\Windows\System\FFuydtf.exe
  2⤵
  PID:6840
- C:\Windows\System\SiJUpky.exe
  C:\Windows\System\SiJUpky.exe
  2⤵
  PID:6880
- C:\Windows\System\aVYdehF.exe
  C:\Windows\System\aVYdehF.exe
  2⤵
  PID:6964
- C:\Windows\System\CJsQahU.exe
  C:\Windows\System\CJsQahU.exe
  2⤵
  PID:6992
- C:\Windows\System\dDnrIod.exe
  C:\Windows\System\dDnrIod.exe
  2⤵
  PID:6204
- C:\Windows\System\GJOReBP.exe
  C:\Windows\System\GJOReBP.exe
  2⤵
  PID:7212
- C:\Windows\System\miflwtm.exe
  C:\Windows\System\miflwtm.exe
  2⤵
  PID:7292
- C:\Windows\System\bCMFndF.exe
  C:\Windows\System\bCMFndF.exe
  2⤵
  PID:7312
- C:\Windows\System\bTzuSup.exe
  C:\Windows\System\bTzuSup.exe
  2⤵
  PID:7332
- C:\Windows\System\zsZfOgM.exe
  C:\Windows\System\zsZfOgM.exe
  2⤵
  PID:7364
- C:\Windows\System\oKJGOHV.exe
  C:\Windows\System\oKJGOHV.exe
  2⤵
  PID:7428
- C:\Windows\System\mAfgRJR.exe
  C:\Windows\System\mAfgRJR.exe
  2⤵
  PID:7464
- C:\Windows\System\zZRGhGu.exe
  C:\Windows\System\zZRGhGu.exe
  2⤵
  PID:7496
- C:\Windows\System\ioyZzLm.exe
  C:\Windows\System\ioyZzLm.exe
  2⤵
  PID:7532
- C:\Windows\System\VLOIGmq.exe
  C:\Windows\System\VLOIGmq.exe
  2⤵
  PID:7564
- C:\Windows\System\kPmfOsk.exe
  C:\Windows\System\kPmfOsk.exe
  2⤵
  PID:7596
- C:\Windows\System\aAukzMY.exe
  C:\Windows\System\aAukzMY.exe
  2⤵
  PID:7628
- C:\Windows\System\LcWJMxp.exe
  C:\Windows\System\LcWJMxp.exe
  2⤵
  PID:7656
- C:\Windows\System\TmAIJFZ.exe
  C:\Windows\System\TmAIJFZ.exe
  2⤵
  PID:7684
- C:\Windows\System\WAoLsJU.exe
  C:\Windows\System\WAoLsJU.exe
  2⤵
  PID:7712
- C:\Windows\System\yOqTHbC.exe
  C:\Windows\System\yOqTHbC.exe
  2⤵
  PID:7740
- C:\Windows\System\YfTofby.exe
  C:\Windows\System\YfTofby.exe
  2⤵
  PID:7756
- C:\Windows\System\KQiEdSV.exe
  C:\Windows\System\KQiEdSV.exe
  2⤵
  PID:7784
- C:\Windows\System\fkdszux.exe
  C:\Windows\System\fkdszux.exe
  2⤵
  PID:7804
- C:\Windows\System\UKFiljd.exe
  C:\Windows\System\UKFiljd.exe
  2⤵
  PID:7832
- C:\Windows\System\BMwnmFN.exe
  C:\Windows\System\BMwnmFN.exe
  2⤵
  PID:7848
- C:\Windows\System\auSCQVi.exe
  C:\Windows\System\auSCQVi.exe
  2⤵
  PID:7884
- C:\Windows\System\oLuwAFt.exe
  C:\Windows\System\oLuwAFt.exe
  2⤵
  PID:7924
- C:\Windows\System\QYEyVsq.exe
  C:\Windows\System\QYEyVsq.exe
  2⤵
  PID:7972
- C:\Windows\System\SJRtiBN.exe
  C:\Windows\System\SJRtiBN.exe
  2⤵
  PID:7988
- C:\Windows\System\vQPRbrj.exe
  C:\Windows\System\vQPRbrj.exe
  2⤵
  PID:8024
- C:\Windows\System\QivRLHu.exe
  C:\Windows\System\QivRLHu.exe
  2⤵
  PID:8060
- C:\Windows\System\KbHqByq.exe
  C:\Windows\System\KbHqByq.exe
  2⤵
  PID:8092
- C:\Windows\System\gQVUBcr.exe
  C:\Windows\System\gQVUBcr.exe
  2⤵
  PID:8116
- C:\Windows\System\hwGwIiO.exe
  C:\Windows\System\hwGwIiO.exe
  2⤵
  PID:8144
- C:\Windows\System\TLSgYcr.exe
  C:\Windows\System\TLSgYcr.exe
  2⤵
  PID:8172
- C:\Windows\System\BLZbStQ.exe
  C:\Windows\System\BLZbStQ.exe
  2⤵
  PID:6876
- C:\Windows\System\bKrxwKG.exe
  C:\Windows\System\bKrxwKG.exe
  2⤵
  PID:7044
- C:\Windows\System\mHISFxX.exe
  C:\Windows\System\mHISFxX.exe
  2⤵
  PID:7116
- C:\Windows\System\bdvlZWi.exe
  C:\Windows\System\bdvlZWi.exe
  2⤵
  PID:6404
- C:\Windows\System\avcGTKs.exe
  C:\Windows\System\avcGTKs.exe
  2⤵
  PID:6812
- C:\Windows\System\BAmAXSd.exe
  C:\Windows\System\BAmAXSd.exe
  2⤵
  PID:7288
- C:\Windows\System\GyHCOGO.exe
  C:\Windows\System\GyHCOGO.exe
  2⤵
  PID:7328
- C:\Windows\System\hAPUowm.exe
  C:\Windows\System\hAPUowm.exe
  2⤵
  PID:7452
- C:\Windows\System\npxxsxz.exe
  C:\Windows\System\npxxsxz.exe
  2⤵
  PID:7528
- C:\Windows\System\oPWNATk.exe
  C:\Windows\System\oPWNATk.exe
  2⤵
  PID:7592
- C:\Windows\System\uVxCbbh.exe
  C:\Windows\System\uVxCbbh.exe
  2⤵
  PID:7668
- C:\Windows\System\TjGjauw.exe
  C:\Windows\System\TjGjauw.exe
  2⤵
  PID:7724
- C:\Windows\System\uQzEZSA.exe
  C:\Windows\System\uQzEZSA.exe
  2⤵
  PID:7776
- C:\Windows\System\rKPQkQE.exe
  C:\Windows\System\rKPQkQE.exe
  2⤵
  PID:7844
- C:\Windows\System\rLrOLKp.exe
  C:\Windows\System\rLrOLKp.exe
  2⤵
  PID:7912
- C:\Windows\System\TbkxVbI.exe
  C:\Windows\System\TbkxVbI.exe
  2⤵
  PID:7984
- C:\Windows\System\TFzokFi.exe
  C:\Windows\System\TFzokFi.exe
  2⤵
  PID:8052
- C:\Windows\System\GURdVyo.exe
  C:\Windows\System\GURdVyo.exe
  2⤵
  PID:8112
- C:\Windows\System\bUrwGEM.exe
  C:\Windows\System\bUrwGEM.exe
  2⤵
  PID:8184
- C:\Windows\System\vzkTUmy.exe
  C:\Windows\System\vzkTUmy.exe
  2⤵
  PID:7096
- C:\Windows\System\yJJXltQ.exe
  C:\Windows\System\yJJXltQ.exe
  2⤵
  PID:6676
- C:\Windows\System\nNgyjxq.exe
  C:\Windows\System\nNgyjxq.exe
  2⤵
  PID:7384
- C:\Windows\System\DRkEqll.exe
  C:\Windows\System\DRkEqll.exe
  2⤵
  PID:7588
- C:\Windows\System\kDYNkPm.exe
  C:\Windows\System\kDYNkPm.exe
  2⤵
  PID:7704
- C:\Windows\System\OdpaOYN.exe
  C:\Windows\System\OdpaOYN.exe
  2⤵
  PID:7876
- C:\Windows\System\crDgPBL.exe
  C:\Windows\System\crDgPBL.exe
  2⤵
  PID:8212
- C:\Windows\System\jtcwoWg.exe
  C:\Windows\System\jtcwoWg.exe
  2⤵
  PID:8228
- C:\Windows\System\LUFBZwW.exe
  C:\Windows\System\LUFBZwW.exe
  2⤵
  PID:8256
- C:\Windows\System\YdAcEYq.exe
  C:\Windows\System\YdAcEYq.exe
  2⤵
  PID:8292
- C:\Windows\System\hCnijup.exe
  C:\Windows\System\hCnijup.exe
  2⤵
  PID:8316
- C:\Windows\System\AswxPIa.exe
  C:\Windows\System\AswxPIa.exe
  2⤵
  PID:8344
- C:\Windows\System\SWNXnlQ.exe
  C:\Windows\System\SWNXnlQ.exe
  2⤵
  PID:8372
- C:\Windows\System\hEsYpbw.exe
  C:\Windows\System\hEsYpbw.exe
  2⤵
  PID:8404
- C:\Windows\System\nowHpUY.exe
  C:\Windows\System\nowHpUY.exe
  2⤵
  PID:8436
- C:\Windows\System\RRvqQzd.exe
  C:\Windows\System\RRvqQzd.exe
  2⤵
  PID:8464
- C:\Windows\System\hXoNtjz.exe
  C:\Windows\System\hXoNtjz.exe
  2⤵
  PID:8492
- C:\Windows\System\hdnUsJM.exe
  C:\Windows\System\hdnUsJM.exe
  2⤵
  PID:8520
- C:\Windows\System\oqnEoyE.exe
  C:\Windows\System\oqnEoyE.exe
  2⤵
  PID:8548
- C:\Windows\System\bBCoTFM.exe
  C:\Windows\System\bBCoTFM.exe
  2⤵
  PID:8580
- C:\Windows\System\hFypoDd.exe
  C:\Windows\System\hFypoDd.exe
  2⤵
  PID:8604
- C:\Windows\System\DImsBsL.exe
  C:\Windows\System\DImsBsL.exe
  2⤵
  PID:8632
- C:\Windows\System\jsDnqcO.exe
  C:\Windows\System\jsDnqcO.exe
  2⤵
  PID:8660
- C:\Windows\System\MGgnyzS.exe
  C:\Windows\System\MGgnyzS.exe
  2⤵
  PID:8688
- C:\Windows\System\AyqSiSW.exe
  C:\Windows\System\AyqSiSW.exe
  2⤵
  PID:8720
- C:\Windows\System\FPaepjs.exe
  C:\Windows\System\FPaepjs.exe
  2⤵
  PID:8744
- C:\Windows\System\MTcaFdi.exe
  C:\Windows\System\MTcaFdi.exe
  2⤵
  PID:8772
- C:\Windows\System\cDazkbN.exe
  C:\Windows\System\cDazkbN.exe
  2⤵
  PID:8812
- C:\Windows\System\kZpPNye.exe
  C:\Windows\System\kZpPNye.exe
  2⤵
  PID:8840
- C:\Windows\System\ZznNlGE.exe
  C:\Windows\System\ZznNlGE.exe
  2⤵
  PID:8856
- C:\Windows\System\LTeBcgZ.exe
  C:\Windows\System\LTeBcgZ.exe
  2⤵
  PID:8876
- C:\Windows\System\ZoNAwOS.exe
  C:\Windows\System\ZoNAwOS.exe
  2⤵
  PID:8912
- C:\Windows\System\HYyAOjN.exe
  C:\Windows\System\HYyAOjN.exe
  2⤵
  PID:8940
- C:\Windows\System\qxSDZRz.exe
  C:\Windows\System\qxSDZRz.exe
  2⤵
  PID:8968
- C:\Windows\System\oZuPBaT.exe
  C:\Windows\System\oZuPBaT.exe
  2⤵
  PID:8996
- C:\Windows\System\mdNYEaG.exe
  C:\Windows\System\mdNYEaG.exe
  2⤵
  PID:9024
- C:\Windows\System\LuYlujG.exe
  C:\Windows\System\LuYlujG.exe
  2⤵
  PID:9052
- C:\Windows\System\ZFpNJRB.exe
  C:\Windows\System\ZFpNJRB.exe
  2⤵
  PID:9080
- C:\Windows\System\LDEHvFK.exe
  C:\Windows\System\LDEHvFK.exe
  2⤵
  PID:9108
- C:\Windows\System\Fdhrnot.exe
  C:\Windows\System\Fdhrnot.exe
  2⤵
  PID:9128
- C:\Windows\System\ZquDmXm.exe
  C:\Windows\System\ZquDmXm.exe
  2⤵
  PID:9152
- C:\Windows\System\gLQaEiE.exe
  C:\Windows\System\gLQaEiE.exe
  2⤵
  PID:9188
- C:\Windows\System\WyciLhr.exe
  C:\Windows\System\WyciLhr.exe
  2⤵
  PID:7952
- C:\Windows\System\QSAUOJZ.exe
  C:\Windows\System\QSAUOJZ.exe
  2⤵
  PID:8100
- C:\Windows\System\QGgAyXR.exe
  C:\Windows\System\QGgAyXR.exe
  2⤵
  PID:6300
- C:\Windows\System\RWdXLWw.exe
  C:\Windows\System\RWdXLWw.exe
  2⤵
  PID:7488
- C:\Windows\System\nyhHfSf.exe
  C:\Windows\System\nyhHfSf.exe
  2⤵
  PID:8196
- C:\Windows\System\nrYfNOM.exe
  C:\Windows\System\nrYfNOM.exe
  2⤵
  PID:8240
- C:\Windows\System\mtKfzdm.exe
  C:\Windows\System\mtKfzdm.exe
  2⤵
  PID:8304
- C:\Windows\System\ZGdpnUY.exe
  C:\Windows\System\ZGdpnUY.exe
  2⤵
  PID:8364
- C:\Windows\System\sdKeJws.exe
  C:\Windows\System\sdKeJws.exe
  2⤵
  PID:8424
- C:\Windows\System\vaDfmJh.exe
  C:\Windows\System\vaDfmJh.exe
  2⤵
  PID:8504
- C:\Windows\System\DZpPLzV.exe
  C:\Windows\System\DZpPLzV.exe
  2⤵
  PID:8564
- C:\Windows\System\hiQxagz.exe
  C:\Windows\System\hiQxagz.exe
  2⤵
  PID:8624
- C:\Windows\System\VhJfdDj.exe
  C:\Windows\System\VhJfdDj.exe
  2⤵
  PID:8700
- C:\Windows\System\XMqGBNA.exe
  C:\Windows\System\XMqGBNA.exe
  2⤵
  PID:8788
- C:\Windows\System\fQyeLWG.exe
  C:\Windows\System\fQyeLWG.exe
  2⤵
  PID:8828
- C:\Windows\System\UPSIXqA.exe
  C:\Windows\System\UPSIXqA.exe
  2⤵
  PID:8904
- C:\Windows\System\WqclJyi.exe
  C:\Windows\System\WqclJyi.exe
  2⤵
  PID:8956
- C:\Windows\System\tvHqzsz.exe
  C:\Windows\System\tvHqzsz.exe
  2⤵
  PID:9016
- C:\Windows\System\BuJGDjx.exe
  C:\Windows\System\BuJGDjx.exe
  2⤵
  PID:9092
- C:\Windows\System\incimip.exe
  C:\Windows\System\incimip.exe
  2⤵
  PID:9148
- C:\Windows\System\UNsxNAL.exe
  C:\Windows\System\UNsxNAL.exe
  2⤵
  PID:9208
- C:\Windows\System\NmKMGba.exe
  C:\Windows\System\NmKMGba.exe
  2⤵
  PID:6940
- C:\Windows\System\QiDdCTl.exe
  C:\Windows\System\QiDdCTl.exe
  2⤵
  PID:7700
- C:\Windows\System\YnoFCqB.exe
  C:\Windows\System\YnoFCqB.exe
  2⤵
  PID:8280
- C:\Windows\System\UxoVdCj.exe
  C:\Windows\System\UxoVdCj.exe
  2⤵
  PID:8420
- C:\Windows\System\JwHiWAB.exe
  C:\Windows\System\JwHiWAB.exe
  2⤵
  PID:8596
- C:\Windows\System\azFdlFS.exe
  C:\Windows\System\azFdlFS.exe
  2⤵
  PID:1604
- C:\Windows\System\JuxCotn.exe
  C:\Windows\System\JuxCotn.exe
  2⤵
  PID:8852
- C:\Windows\System\NfLyKcW.exe
  C:\Windows\System\NfLyKcW.exe
  2⤵
  PID:2532
- C:\Windows\System\NKEYHmx.exe
  C:\Windows\System\NKEYHmx.exe
  2⤵
  PID:9116
- C:\Windows\System\PqAmJPi.exe
  C:\Windows\System\PqAmJPi.exe
  2⤵
  PID:4540
- C:\Windows\System\cpvDzVo.exe
  C:\Windows\System\cpvDzVo.exe
  2⤵
  PID:7196
- C:\Windows\System\YOOodEG.exe
  C:\Windows\System\YOOodEG.exe
  2⤵
  PID:8268
- C:\Windows\System\DJLCurC.exe
  C:\Windows\System\DJLCurC.exe
  2⤵
  PID:4668
- C:\Windows\System\EXQDbwR.exe
  C:\Windows\System\EXQDbwR.exe
  2⤵
  PID:9224
- C:\Windows\System\wwQxTeZ.exe
  C:\Windows\System\wwQxTeZ.exe
  2⤵
  PID:9252
- C:\Windows\System\FQNYlxo.exe
  C:\Windows\System\FQNYlxo.exe
  2⤵
  PID:9280
- C:\Windows\System\iaTzhCn.exe
  C:\Windows\System\iaTzhCn.exe
  2⤵
  PID:9308
- C:\Windows\System\ezhiJvu.exe
  C:\Windows\System\ezhiJvu.exe
  2⤵
  PID:9324
- C:\Windows\System\dTZPZbO.exe
  C:\Windows\System\dTZPZbO.exe
  2⤵
  PID:9352
- C:\Windows\System\VbpktYC.exe
  C:\Windows\System\VbpktYC.exe
  2⤵
  PID:9376
- C:\Windows\System\bhxMwde.exe
  C:\Windows\System\bhxMwde.exe
  2⤵
  PID:9408
- C:\Windows\System\eeUPOzE.exe
  C:\Windows\System\eeUPOzE.exe
  2⤵
  PID:9436
- C:\Windows\System\KEbHCHe.exe
  C:\Windows\System\KEbHCHe.exe
  2⤵
  PID:9468
- C:\Windows\System\xIXaBUf.exe
  C:\Windows\System\xIXaBUf.exe
  2⤵
  PID:9484
- C:\Windows\System\HLTpDln.exe
  C:\Windows\System\HLTpDln.exe
  2⤵
  PID:9508
- C:\Windows\System\HQORble.exe
  C:\Windows\System\HQORble.exe
  2⤵
  PID:9540
- C:\Windows\System\iqMiugw.exe
  C:\Windows\System\iqMiugw.exe
  2⤵
  PID:9576
- C:\Windows\System\rPlDDWI.exe
  C:\Windows\System\rPlDDWI.exe
  2⤵
  PID:9608
- C:\Windows\System\OqmQJEe.exe
  C:\Windows\System\OqmQJEe.exe
  2⤵
  PID:9632
- C:\Windows\System\bLkptJI.exe
  C:\Windows\System\bLkptJI.exe
  2⤵
  PID:9652
- C:\Windows\System\DepacBF.exe
  C:\Windows\System\DepacBF.exe
  2⤵
  PID:9680
- C:\Windows\System\ckzwcul.exe
  C:\Windows\System\ckzwcul.exe
  2⤵
  PID:9704
- C:\Windows\System\crIwwgp.exe
  C:\Windows\System\crIwwgp.exe
  2⤵
  PID:9744
- C:\Windows\System\JjLomCn.exe
  C:\Windows\System\JjLomCn.exe
  2⤵
  PID:9776
- C:\Windows\System\VpGmARN.exe
  C:\Windows\System\VpGmARN.exe
  2⤵
  PID:9792
- C:\Windows\System\HtEvNjj.exe
  C:\Windows\System\HtEvNjj.exe
  2⤵
  PID:9812
- C:\Windows\System\qMXgDWy.exe
  C:\Windows\System\qMXgDWy.exe
  2⤵
  PID:9856
- C:\Windows\System\UakwvTP.exe
  C:\Windows\System\UakwvTP.exe
  2⤵
  PID:9888
- C:\Windows\System\uIDDSHD.exe
  C:\Windows\System\uIDDSHD.exe
  2⤵
  PID:10036
- C:\Windows\System\gmxZrff.exe
  C:\Windows\System\gmxZrff.exe
  2⤵
  PID:10060
- C:\Windows\System\hCYNgdh.exe
  C:\Windows\System\hCYNgdh.exe
  2⤵
  PID:10084
- C:\Windows\System\dlFMrcj.exe
  C:\Windows\System\dlFMrcj.exe
  2⤵
  PID:10104
- C:\Windows\System\HreImVv.exe
  C:\Windows\System\HreImVv.exe
  2⤵
  PID:10168
- C:\Windows\System\ICvoudl.exe
  C:\Windows\System\ICvoudl.exe
  2⤵
  PID:10184
- C:\Windows\System\YRLuPGP.exe
  C:\Windows\System\YRLuPGP.exe
  2⤵
  PID:10204
- C:\Windows\System\GWxNIlH.exe
  C:\Windows\System\GWxNIlH.exe
  2⤵
  PID:10232
- C:\Windows\System\zTxISEi.exe
  C:\Windows\System\zTxISEi.exe
  2⤵
  PID:9044
- C:\Windows\System\MmwWmZI.exe
  C:\Windows\System\MmwWmZI.exe
  2⤵
  PID:3444
- C:\Windows\System\olcAaIX.exe
  C:\Windows\System\olcAaIX.exe
  2⤵
  PID:9264
- C:\Windows\System\oxdJlQN.exe
  C:\Windows\System\oxdJlQN.exe
  2⤵
  PID:9452
- C:\Windows\System\qmgVeRN.exe
  C:\Windows\System\qmgVeRN.exe
  2⤵
  PID:2924
- C:\Windows\System\eJeYoql.exe
  C:\Windows\System\eJeYoql.exe
  2⤵
  PID:4276
- C:\Windows\System\TfNZGrg.exe
  C:\Windows\System\TfNZGrg.exe
  2⤵
  PID:3540
- C:\Windows\System\eyaYQZB.exe
  C:\Windows\System\eyaYQZB.exe
  2⤵
  PID:1780
- C:\Windows\System\Jyjpevt.exe
  C:\Windows\System\Jyjpevt.exe
  2⤵
  PID:112
- C:\Windows\System\EYlstKu.exe
  C:\Windows\System\EYlstKu.exe
  2⤵
  PID:2520
- C:\Windows\System\bxmyFvw.exe
  C:\Windows\System\bxmyFvw.exe
  2⤵
  PID:3040
- C:\Windows\System\tWmYIIv.exe
  C:\Windows\System\tWmYIIv.exe
  2⤵
  PID:4468
- C:\Windows\System\vjXawcD.exe
  C:\Windows\System\vjXawcD.exe
  2⤵
  PID:2264
- C:\Windows\System\lAWaMFO.exe
  C:\Windows\System\lAWaMFO.exe
  2⤵
  PID:2344
- C:\Windows\System\wcYbyMy.exe
  C:\Windows\System\wcYbyMy.exe
  2⤵
  PID:3292
- C:\Windows\System\RaqgdaJ.exe
  C:\Windows\System\RaqgdaJ.exe
  2⤵
  PID:1036
- C:\Windows\System\HwpHqIP.exe
  C:\Windows\System\HwpHqIP.exe
  2⤵
  PID:2756
- C:\Windows\System\bycLhMf.exe
  C:\Windows\System\bycLhMf.exe
  2⤵
  PID:708
- C:\Windows\System\DOKAarX.exe
  C:\Windows\System\DOKAarX.exe
  2⤵
  PID:1716
- C:\Windows\System\YUmLJKe.exe
  C:\Windows\System\YUmLJKe.exe
  2⤵
  PID:1588
- C:\Windows\System\QRQNrqd.exe
  C:\Windows\System\QRQNrqd.exe
  2⤵
  PID:2352
- C:\Windows\System\cgZmnQz.exe
  C:\Windows\System\cgZmnQz.exe
  2⤵
  PID:5052
- C:\Windows\System\RADJJFZ.exe
  C:\Windows\System\RADJJFZ.exe
  2⤵
  PID:4436
- C:\Windows\System\iMYyeHn.exe
  C:\Windows\System\iMYyeHn.exe
  2⤵
  PID:3508
- C:\Windows\System\zEQCYbg.exe
  C:\Windows\System\zEQCYbg.exe
  2⤵
  PID:9828
- C:\Windows\System\bgSFXKh.exe
  C:\Windows\System\bgSFXKh.exe
  2⤵
  PID:9820
- C:\Windows\System\zxNMXEA.exe
  C:\Windows\System\zxNMXEA.exe
  2⤵
  PID:4988
- C:\Windows\System\aiAIKjA.exe
  C:\Windows\System\aiAIKjA.exe
  2⤵
  PID:9844
- C:\Windows\System\qVJXRiL.exe
  C:\Windows\System\qVJXRiL.exe
  2⤵
  PID:2600
- C:\Windows\System\BXhWVPx.exe
  C:\Windows\System\BXhWVPx.exe
  2⤵
  PID:6148
- C:\Windows\System\LCcBZXb.exe
  C:\Windows\System\LCcBZXb.exe
  2⤵
  PID:3680
- C:\Windows\System\DiaFmVN.exe
  C:\Windows\System\DiaFmVN.exe
  2⤵
  PID:1292
- C:\Windows\System\CuchKjg.exe
  C:\Windows\System\CuchKjg.exe
  2⤵
  PID:2148
- C:\Windows\System\YUIunFd.exe
  C:\Windows\System\YUIunFd.exe
  2⤵
  PID:10112
- C:\Windows\System\jdnTDOT.exe
  C:\Windows\System\jdnTDOT.exe
  2⤵
  PID:640
- C:\Windows\System\qeOtayf.exe
  C:\Windows\System\qeOtayf.exe
  2⤵
  PID:10144
- C:\Windows\System\upBUxXM.exe
  C:\Windows\System\upBUxXM.exe
  2⤵
  PID:1200
- C:\Windows\System\lWvAKrN.exe
  C:\Windows\System\lWvAKrN.exe
  2⤵
  PID:7348
- C:\Windows\System\NCHdDsZ.exe
  C:\Windows\System\NCHdDsZ.exe
  2⤵
  PID:9396
- C:\Windows\System\PnrDDiU.exe
  C:\Windows\System\PnrDDiU.exe
  2⤵
  PID:9500
- C:\Windows\System\EAEEcnr.exe
  C:\Windows\System\EAEEcnr.exe
  2⤵
  PID:9624
- C:\Windows\System\ZJJrSGg.exe
  C:\Windows\System\ZJJrSGg.exe
  2⤵
  PID:1868
- C:\Windows\System\EkVCasz.exe
  C:\Windows\System\EkVCasz.exe
  2⤵
  PID:4624
- C:\Windows\System\pUSriJs.exe
  C:\Windows\System\pUSriJs.exe
  2⤵
  PID:3984
- C:\Windows\System\QWQTfsH.exe
  C:\Windows\System\QWQTfsH.exe
  2⤵
  PID:3496
- C:\Windows\System\VzPoGvl.exe
  C:\Windows\System\VzPoGvl.exe
  2⤵
  PID:10212
- C:\Windows\System\qFUWOfb.exe
  C:\Windows\System\qFUWOfb.exe
  2⤵
  PID:436
- C:\Windows\System\TxZsfvv.exe
  C:\Windows\System\TxZsfvv.exe
  2⤵
  PID:5096
- C:\Windows\System\NQCDVWY.exe
  C:\Windows\System\NQCDVWY.exe
  2⤵
  PID:320
- C:\Windows\System\uuWVvIx.exe
  C:\Windows\System\uuWVvIx.exe
  2⤵
  PID:4820
- C:\Windows\System\hYHzJmv.exe
  C:\Windows\System\hYHzJmv.exe
  2⤵
  PID:3664
- C:\Windows\System\PYLAHpj.exe
  C:\Windows\System\PYLAHpj.exe
  2⤵
  PID:1752
- C:\Windows\System\NyDeyYE.exe
  C:\Windows\System\NyDeyYE.exe
  2⤵
  PID:1700
- C:\Windows\System\IHmzjlO.exe
  C:\Windows\System\IHmzjlO.exe
  2⤵
  PID:10132
- C:\Windows\System\AUfSeNF.exe
  C:\Windows\System\AUfSeNF.exe
  2⤵
  PID:7300
- C:\Windows\System\SzSMHZv.exe
  C:\Windows\System\SzSMHZv.exe
  2⤵
  PID:9236
- C:\Windows\System\eegtdiS.exe
  C:\Windows\System\eegtdiS.exe
  2⤵
  PID:852
- C:\Windows\System\fdluuMg.exe
  C:\Windows\System\fdluuMg.exe
  2⤵
  PID:944
- C:\Windows\System\VVzvPnX.exe
  C:\Windows\System\VVzvPnX.exe
  2⤵
  PID:1408
- C:\Windows\System\YnYZsyq.exe
  C:\Windows\System\YnYZsyq.exe
  2⤵
  PID:4796
- C:\Windows\System\zobsfTd.exe
  C:\Windows\System\zobsfTd.exe
  2⤵
  PID:10032
- C:\Windows\System\OVuSqrW.exe
  C:\Windows\System\OVuSqrW.exe
  2⤵
  PID:2628
- C:\Windows\System\UkByYGD.exe
  C:\Windows\System\UkByYGD.exe
  2⤵
  PID:552
- C:\Windows\System\pTXPJmu.exe
  C:\Windows\System\pTXPJmu.exe
  2⤵
  PID:4220
- C:\Windows\System\VGKYdiG.exe
  C:\Windows\System\VGKYdiG.exe
  2⤵
  PID:4308
- C:\Windows\System\OfynIaB.exe
  C:\Windows\System\OfynIaB.exe
  2⤵
  PID:9836
- C:\Windows\System\pCwcBKk.exe
  C:\Windows\System\pCwcBKk.exe
  2⤵
  PID:3232
- C:\Windows\System\eSAXoMl.exe
  C:\Windows\System\eSAXoMl.exe
  2⤵
  PID:5348
- C:\Windows\System\PPhrQZp.exe
  C:\Windows\System\PPhrQZp.exe
  2⤵
  PID:3996
- C:\Windows\System\oYnCryw.exe
  C:\Windows\System\oYnCryw.exe
  2⤵
  PID:3268
- C:\Windows\System\nACNZji.exe
  C:\Windows\System\nACNZji.exe
  2⤵
  PID:5948
- C:\Windows\System\SEQHpxh.exe
  C:\Windows\System\SEQHpxh.exe
  2⤵
  PID:6324
- C:\Windows\System\ZVSJjrx.exe
  C:\Windows\System\ZVSJjrx.exe
  2⤵
  PID:9968
- C:\Windows\System\AvopAox.exe
  C:\Windows\System\AvopAox.exe
  2⤵
  PID:684
- C:\Windows\System\GUTOumP.exe
  C:\Windows\System\GUTOumP.exe
  2⤵
  PID:9240
- C:\Windows\System\jgGaXpS.exe
  C:\Windows\System\jgGaXpS.exe
  2⤵
  PID:2356
- C:\Windows\System\wvTCoin.exe
  C:\Windows\System\wvTCoin.exe
  2⤵
  PID:3376
- C:\Windows\System\ThkCAFc.exe
  C:\Windows\System\ThkCAFc.exe
  2⤵
  PID:4432
- C:\Windows\System\AFjewzB.exe
  C:\Windows\System\AFjewzB.exe
  2⤵
  PID:1060
- C:\Windows\System\RzAAZzu.exe
  C:\Windows\System\RzAAZzu.exe
  2⤵
  PID:6420
- C:\Windows\System\QLLMbuv.exe
  C:\Windows\System\QLLMbuv.exe
  2⤵
  PID:6492
- C:\Windows\System\XgqCDrP.exe
  C:\Windows\System\XgqCDrP.exe
  2⤵
  PID:5944
- C:\Windows\System\ItBjUfm.exe
  C:\Windows\System\ItBjUfm.exe
  2⤵
  PID:5552
- C:\Windows\System\TRQgYhV.exe
  C:\Windows\System\TRQgYhV.exe
  2⤵
  PID:5796
- C:\Windows\System\hknuTMa.exe
  C:\Windows\System\hknuTMa.exe
  2⤵
  PID:6124
- C:\Windows\System\XdZMInc.exe
  C:\Windows\System\XdZMInc.exe
  2⤵
  PID:3992
- C:\Windows\System\dEWxPFQ.exe
  C:\Windows\System\dEWxPFQ.exe
  2⤵
  PID:4448
- C:\Windows\System\uZVhVjQ.exe
  C:\Windows\System\uZVhVjQ.exe
  2⤵
  PID:6444
- C:\Windows\System\hefatSu.exe
  C:\Windows\System\hefatSu.exe
  2⤵
  PID:3568
- C:\Windows\System\CxyTAWI.exe
  C:\Windows\System\CxyTAWI.exe
  2⤵
  PID:9916
- C:\Windows\System\twxHoeJ.exe
  C:\Windows\System\twxHoeJ.exe
  2⤵
  PID:5296
- C:\Windows\System\lxfIEjF.exe
  C:\Windows\System\lxfIEjF.exe
  2⤵
  PID:6904
- C:\Windows\System\RfRxGQa.exe
  C:\Windows\System\RfRxGQa.exe
  2⤵
  PID:4520
- C:\Windows\System\mkUjirD.exe
  C:\Windows\System\mkUjirD.exe
  2⤵
  PID:5136
- C:\Windows\System\EzPFzfZ.exe
  C:\Windows\System\EzPFzfZ.exe
  2⤵
  PID:1056
- C:\Windows\System\CFWkURy.exe
  C:\Windows\System\CFWkURy.exe
  2⤵
  PID:4592
- C:\Windows\System\YXRtGXh.exe
  C:\Windows\System\YXRtGXh.exe
  2⤵
  PID:6716
- C:\Windows\System\ROlKAXy.exe
  C:\Windows\System\ROlKAXy.exe
  2⤵
  PID:6176
- C:\Windows\System\eMMjKTW.exe
  C:\Windows\System\eMMjKTW.exe
  2⤵
  PID:5184
- C:\Windows\System\pTLlknv.exe
  C:\Windows\System\pTLlknv.exe
  2⤵
  PID:5224
- C:\Windows\System\IcnfZSf.exe
  C:\Windows\System\IcnfZSf.exe
  2⤵
  PID:3112
- C:\Windows\System\bgBfESz.exe
  C:\Windows\System\bgBfESz.exe
  2⤵
  PID:1424
- C:\Windows\System\AnqEyVI.exe
  C:\Windows\System\AnqEyVI.exe
  2⤵
  PID:7056
- C:\Windows\System\iaRwvgk.exe
  C:\Windows\System\iaRwvgk.exe
  2⤵
  PID:5428
- C:\Windows\System\xemWLfe.exe
  C:\Windows\System\xemWLfe.exe
  2⤵
  PID:5268
- C:\Windows\System\JeRyiwp.exe
  C:\Windows\System\JeRyiwp.exe
  2⤵
  PID:5352
- C:\Windows\System\NvMYZTQ.exe
  C:\Windows\System\NvMYZTQ.exe
  2⤵
  PID:6584
- C:\Windows\System\yvjINZQ.exe
  C:\Windows\System\yvjINZQ.exe
  2⤵
  PID:10248
- C:\Windows\System\HuahyGH.exe
  C:\Windows\System\HuahyGH.exe
  2⤵
  PID:10280
- C:\Windows\System\nJiQOtQ.exe
  C:\Windows\System\nJiQOtQ.exe
  2⤵
  PID:10304
- C:\Windows\System\CohmGhh.exe
  C:\Windows\System\CohmGhh.exe
  2⤵
  PID:10332
- C:\Windows\System\wYRBxwm.exe
  C:\Windows\System\wYRBxwm.exe
  2⤵
  PID:10368
- C:\Windows\System\llwcWug.exe
  C:\Windows\System\llwcWug.exe
  2⤵
  PID:10388
- C:\Windows\System\EQIPBMB.exe
  C:\Windows\System\EQIPBMB.exe
  2⤵
  PID:10428
- C:\Windows\System\xQLaUoL.exe
  C:\Windows\System\xQLaUoL.exe
  2⤵
  PID:10472
- C:\Windows\System\wEJMdMR.exe
  C:\Windows\System\wEJMdMR.exe
  2⤵
  PID:10500
- C:\Windows\System\nTvkAeX.exe
  C:\Windows\System\nTvkAeX.exe
  2⤵
  PID:10524
- C:\Windows\System\NPJmtsq.exe
  C:\Windows\System\NPJmtsq.exe
  2⤵
  PID:10572
- C:\Windows\System\vYROfCx.exe
  C:\Windows\System\vYROfCx.exe
  2⤵
  PID:10632
- C:\Windows\System\dMiOKKk.exe
  C:\Windows\System\dMiOKKk.exe
  2⤵
  PID:10668
- C:\Windows\System\RLlicZQ.exe
  C:\Windows\System\RLlicZQ.exe
  2⤵
  PID:10696
- C:\Windows\System\CoekpUV.exe
  C:\Windows\System\CoekpUV.exe
  2⤵
  PID:10736
- C:\Windows\System\vGpILFn.exe
  C:\Windows\System\vGpILFn.exe
  2⤵
  PID:10768
- C:\Windows\System\WkXerYQ.exe
  C:\Windows\System\WkXerYQ.exe
  2⤵
  PID:10792
- C:\Windows\System\cpaFojc.exe
  C:\Windows\System\cpaFojc.exe
  2⤵
  PID:10820
- C:\Windows\System\WvRTQdc.exe
  C:\Windows\System\WvRTQdc.exe
  2⤵
  PID:10852
- C:\Windows\System\ikdDLZK.exe
  C:\Windows\System\ikdDLZK.exe
  2⤵
  PID:10880
- C:\Windows\System\CIMUsNp.exe
  C:\Windows\System\CIMUsNp.exe
  2⤵
  PID:10908
- C:\Windows\System\OlSDCJJ.exe
  C:\Windows\System\OlSDCJJ.exe
  2⤵
  PID:10952
- C:\Windows\System\FkaKYuF.exe
  C:\Windows\System\FkaKYuF.exe
  2⤵
  PID:10980
- C:\Windows\System\MeVoBxj.exe
  C:\Windows\System\MeVoBxj.exe
  2⤵
  PID:11008
- C:\Windows\System\XjLoNpU.exe
  C:\Windows\System\XjLoNpU.exe
  2⤵
  PID:11036
- C:\Windows\System\KAwLRjO.exe
  C:\Windows\System\KAwLRjO.exe
  2⤵
  PID:11064
- C:\Windows\System\MhHfYBt.exe
  C:\Windows\System\MhHfYBt.exe
  2⤵
  PID:11096
- C:\Windows\System\wBsLQut.exe
  C:\Windows\System\wBsLQut.exe
  2⤵
  PID:11128
- C:\Windows\System\DDhXREZ.exe
  C:\Windows\System\DDhXREZ.exe
  2⤵
  PID:11160
- C:\Windows\System\wWSIcbH.exe
  C:\Windows\System\wWSIcbH.exe
  2⤵
  PID:11188
- C:\Windows\System\YTRVedp.exe
  C:\Windows\System\YTRVedp.exe
  2⤵
  PID:11232
- C:\Windows\System\tDktsSb.exe
  C:\Windows\System\tDktsSb.exe
  2⤵
  PID:11252
- C:\Windows\System\ksTzXcD.exe
  C:\Windows\System\ksTzXcD.exe
  2⤵
  PID:5596
- C:\Windows\System\qcAkXOn.exe
  C:\Windows\System\qcAkXOn.exe
  2⤵
  PID:5628
- C:\Windows\System\scTGQds.exe
  C:\Windows\System\scTGQds.exe
  2⤵
  PID:5684
- C:\Windows\System\RfVfWch.exe
  C:\Windows\System\RfVfWch.exe
  2⤵
  PID:10352
- C:\Windows\System\bpwCkzu.exe
  C:\Windows\System\bpwCkzu.exe
  2⤵
  PID:5768
- C:\Windows\System\gVhsRih.exe
  C:\Windows\System\gVhsRih.exe
  2⤵
  PID:10460
- C:\Windows\System\JTLHhYL.exe
  C:\Windows\System\JTLHhYL.exe
  2⤵
  PID:10512
- C:\Windows\System\MCJOPcu.exe
  C:\Windows\System\MCJOPcu.exe
  2⤵
  PID:5876
- C:\Windows\System\iocmVRq.exe
  C:\Windows\System\iocmVRq.exe
  2⤵
  PID:10604
- C:\Windows\System\jXcJdti.exe
  C:\Windows\System\jXcJdti.exe
  2⤵
  PID:5952
- C:\Windows\System\ZlZZdyM.exe
  C:\Windows\System\ZlZZdyM.exe
  2⤵
  PID:5988
- C:\Windows\System\nlEDwwM.exe
  C:\Windows\System\nlEDwwM.exe
  2⤵
  PID:10788
- C:\Windows\System\EulaYdJ.exe
  C:\Windows\System\EulaYdJ.exe
  2⤵
  PID:10844
- C:\Windows\System\dCuxTuf.exe
  C:\Windows\System\dCuxTuf.exe
  2⤵
  PID:10872
- C:\Windows\System\OTNCAVH.exe
  C:\Windows\System\OTNCAVH.exe
  2⤵
  PID:10944
- C:\Windows\System\VoqGGRE.exe
  C:\Windows\System\VoqGGRE.exe
  2⤵
  PID:11000
- C:\Windows\System\SXKNsnD.exe
  C:\Windows\System\SXKNsnD.exe
  2⤵
  PID:2956
- C:\Windows\System\VAudOqt.exe
  C:\Windows\System\VAudOqt.exe
  2⤵
  PID:3744
- C:\Windows\System\CvzQoXG.exe
  C:\Windows\System\CvzQoXG.exe
  2⤵
  PID:5168
- C:\Windows\System\HxgAkZO.exe
  C:\Windows\System\HxgAkZO.exe
  2⤵
  PID:11224
- C:\Windows\System\bkHhlTm.exe
  C:\Windows\System\bkHhlTm.exe
  2⤵
  PID:10288
- C:\Windows\System\pTeEQdg.exe
  C:\Windows\System\pTeEQdg.exe
  2⤵
  PID:10328
- C:\Windows\System\aPsnQtr.exe
  C:\Windows\System\aPsnQtr.exe
  2⤵
  PID:10344
- C:\Windows\System\FVAXWUW.exe
  C:\Windows\System\FVAXWUW.exe
  2⤵
  PID:5728
- C:\Windows\System\nfAgbAQ.exe
  C:\Windows\System\nfAgbAQ.exe
  2⤵
  PID:5868
- C:\Windows\System\kMUPnAi.exe
  C:\Windows\System\kMUPnAi.exe
  2⤵
  PID:5968
- C:\Windows\System\NRQiwzv.exe
  C:\Windows\System\NRQiwzv.exe
  2⤵
  PID:11228
- C:\Windows\System\QBkVjmb.exe
  C:\Windows\System\QBkVjmb.exe
  2⤵
  PID:6056
- C:\Windows\System\SgJTHUk.exe
  C:\Windows\System\SgJTHUk.exe
  2⤵
  PID:10972
- C:\Windows\System\BGLfXTc.exe
  C:\Windows\System\BGLfXTc.exe
  2⤵
  PID:6936
- C:\Windows\System\WhTuunv.exe
  C:\Windows\System\WhTuunv.exe
  2⤵
  PID:11260
- C:\Windows\System\VsjxuDA.exe
  C:\Windows\System\VsjxuDA.exe
  2⤵
  PID:5592
- C:\Windows\System\PYviuWG.exe
  C:\Windows\System\PYviuWG.exe
  2⤵
  PID:7352
- C:\Windows\System\zjvtJHD.exe
  C:\Windows\System\zjvtJHD.exe
  2⤵
  PID:10728
- C:\Windows\System\nOEETEl.exe
  C:\Windows\System\nOEETEl.exe
  2⤵
  PID:8068
- C:\Windows\System\klMUUOW.exe
  C:\Windows\System\klMUUOW.exe
  2⤵
  PID:11060
- C:\Windows\System\ewqHWHA.exe
  C:\Windows\System\ewqHWHA.exe
  2⤵
  PID:5680
- C:\Windows\System\koNoFMr.exe
  C:\Windows\System\koNoFMr.exe
  2⤵
  PID:7460
- C:\Windows\System\IvjPCjN.exe
  C:\Windows\System\IvjPCjN.exe
  2⤵
  PID:7796
- C:\Windows\System\VvWZnrZ.exe
  C:\Windows\System\VvWZnrZ.exe
  2⤵
  PID:11020
- C:\Windows\System\kGOztEF.exe
  C:\Windows\System\kGOztEF.exe
  2⤵
  PID:5652
- C:\Windows\System\ZJBgoSl.exe
  C:\Windows\System\ZJBgoSl.exe
  2⤵
  PID:6312
- C:\Windows\System\AnfZhDN.exe
  C:\Windows\System\AnfZhDN.exe
  2⤵
  PID:6384
- C:\Windows\System\LFdDoGJ.exe
  C:\Windows\System\LFdDoGJ.exe
  2⤵
  PID:6320
- C:\Windows\System\dTJFEKh.exe
  C:\Windows\System\dTJFEKh.exe
  2⤵
  PID:7404
- C:\Windows\System\vujTpxc.exe
  C:\Windows\System\vujTpxc.exe
  2⤵
  PID:11280
- C:\Windows\System\zlCwyqO.exe
  C:\Windows\System\zlCwyqO.exe
  2⤵
  PID:11308
- C:\Windows\System\hOMJHIh.exe
  C:\Windows\System\hOMJHIh.exe
  2⤵
  PID:11340
- C:\Windows\System\rnvGnXs.exe
  C:\Windows\System\rnvGnXs.exe
  2⤵
  PID:11368
- C:\Windows\System\nUDnrez.exe
  C:\Windows\System\nUDnrez.exe
  2⤵
  PID:11400
- C:\Windows\System\hzIniHJ.exe
  C:\Windows\System\hzIniHJ.exe
  2⤵
  PID:11428
- C:\Windows\System\JUkeeih.exe
  C:\Windows\System\JUkeeih.exe
  2⤵
  PID:11456
- C:\Windows\System\vebxPLT.exe
  C:\Windows\System\vebxPLT.exe
  2⤵
  PID:11484
- C:\Windows\System\jGHWgNN.exe
  C:\Windows\System\jGHWgNN.exe
  2⤵
  PID:11512
- C:\Windows\System\tDgOoAS.exe
  C:\Windows\System\tDgOoAS.exe
  2⤵
  PID:11540
- C:\Windows\System\SMGMdMh.exe
  C:\Windows\System\SMGMdMh.exe
  2⤵
  PID:11568
- C:\Windows\System\CSyljCd.exe
  C:\Windows\System\CSyljCd.exe
  2⤵
  PID:11600
- C:\Windows\System\CaGYxQz.exe
  C:\Windows\System\CaGYxQz.exe
  2⤵
  PID:11624
- C:\Windows\System\LFIkOms.exe
  C:\Windows\System\LFIkOms.exe
  2⤵
  PID:11664
- C:\Windows\System\OIZClwY.exe
  C:\Windows\System\OIZClwY.exe
  2⤵
  PID:11700
- C:\Windows\System\qaAhkFF.exe
  C:\Windows\System\qaAhkFF.exe
  2⤵
  PID:11760
- C:\Windows\System\tKpbbgg.exe
  C:\Windows\System\tKpbbgg.exe
  2⤵
  PID:11808
- C:\Windows\System\efoWjQk.exe
  C:\Windows\System\efoWjQk.exe
  2⤵
  PID:11876
- C:\Windows\System\SnNYvqO.exe
  C:\Windows\System\SnNYvqO.exe
  2⤵
  PID:11904
- C:\Windows\System\IbTwAjL.exe
  C:\Windows\System\IbTwAjL.exe
  2⤵
  PID:11932
- C:\Windows\System\shHPhwr.exe
  C:\Windows\System\shHPhwr.exe
  2⤵
  PID:11976
- C:\Windows\System\caBlCqi.exe
  C:\Windows\System\caBlCqi.exe
  2⤵
  PID:12008
- C:\Windows\System\zeVxycI.exe
  C:\Windows\System\zeVxycI.exe
  2⤵
  PID:12028
- C:\Windows\System\uLaVvaP.exe
  C:\Windows\System\uLaVvaP.exe
  2⤵
  PID:12064
- C:\Windows\System\LlSoVSN.exe
  C:\Windows\System\LlSoVSN.exe
  2⤵
  PID:12084
- C:\Windows\System\PmxauUH.exe
  C:\Windows\System\PmxauUH.exe
  2⤵
  PID:12112
- C:\Windows\System\HSwwDyF.exe
  C:\Windows\System\HSwwDyF.exe
  2⤵
  PID:12140
- C:\Windows\System\venqfdV.exe
  C:\Windows\System\venqfdV.exe
  2⤵
  PID:12168
- C:\Windows\System\WQHuftn.exe
  C:\Windows\System\WQHuftn.exe
  2⤵
  PID:12196
- C:\Windows\System\PAGyjtN.exe
  C:\Windows\System\PAGyjtN.exe
  2⤵
  PID:12224
- C:\Windows\System\dOrzEtM.exe
  C:\Windows\System\dOrzEtM.exe
  2⤵
  PID:12252
- C:\Windows\System\utiEayK.exe
  C:\Windows\System\utiEayK.exe
  2⤵
  PID:5828
- C:\Windows\System\lYeQaqK.exe
  C:\Windows\System\lYeQaqK.exe
  2⤵
  PID:11336
- C:\Windows\System\QBlaTLW.exe
  C:\Windows\System\QBlaTLW.exe
  2⤵
  PID:11380
- C:\Windows\System\cgThKYu.exe
  C:\Windows\System\cgThKYu.exe
  2⤵
  PID:11448
- C:\Windows\System\DXGJwUQ.exe
  C:\Windows\System\DXGJwUQ.exe
  2⤵
  PID:11508
- C:\Windows\System\GPyHJKs.exe
  C:\Windows\System\GPyHJKs.exe
  2⤵
  PID:11592
- C:\Windows\System\JhrAnUw.exe
  C:\Windows\System\JhrAnUw.exe
  2⤵
  PID:8472
- C:\Windows\System\ugzXRqb.exe
  C:\Windows\System\ugzXRqb.exe
  2⤵
  PID:11752
- C:\Windows\System\KUDoadT.exe
  C:\Windows\System\KUDoadT.exe
  2⤵
  PID:11824
- C:\Windows\System\sBvTOXW.exe
  C:\Windows\System\sBvTOXW.exe
  2⤵
  PID:11928
- C:\Windows\System\RqRWosI.exe
  C:\Windows\System\RqRWosI.exe
  2⤵
  PID:6960
- C:\Windows\System\bwBLzlQ.exe
  C:\Windows\System\bwBLzlQ.exe
  2⤵
  PID:12040
- C:\Windows\System\EhxDYVE.exe
  C:\Windows\System\EhxDYVE.exe
  2⤵
  PID:12080
- C:\Windows\System\AIWJdEF.exe
  C:\Windows\System\AIWJdEF.exe
  2⤵
  PID:12152
- C:\Windows\System\OUSVcfG.exe
  C:\Windows\System\OUSVcfG.exe
  2⤵
  PID:12216
- C:\Windows\System\wMwbkgG.exe
  C:\Windows\System\wMwbkgG.exe
  2⤵
  PID:12276
- C:\Windows\System\jAPwFbw.exe
  C:\Windows\System\jAPwFbw.exe
  2⤵
  PID:11364
- C:\Windows\System\cetMoxH.exe
  C:\Windows\System\cetMoxH.exe
  2⤵
  PID:11564
- C:\Windows\System\BXDgdec.exe
  C:\Windows\System\BXDgdec.exe
  2⤵
  PID:11720
- C:\Windows\System\QYqxjfW.exe
  C:\Windows\System\QYqxjfW.exe
  2⤵
  PID:6948
- C:\Windows\System\SwozjPO.exe
  C:\Windows\System\SwozjPO.exe
  2⤵
  PID:12076
- C:\Windows\System\ZhVvzXv.exe
  C:\Windows\System\ZhVvzXv.exe
  2⤵
  PID:12244
- C:\Windows\System\bxazOrx.exe
  C:\Windows\System\bxazOrx.exe
  2⤵
  PID:6568
- C:\Windows\System\XWEXvCb.exe
  C:\Windows\System\XWEXvCb.exe
  2⤵
  PID:11684
- C:\Windows\System\ioJPHRn.exe
  C:\Windows\System\ioJPHRn.exe
  2⤵
  PID:12132
- C:\Windows\System\PyzAtyc.exe
  C:\Windows\System\PyzAtyc.exe
  2⤵
  PID:11292
- C:\Windows\System\hzNsLxB.exe
  C:\Windows\System\hzNsLxB.exe
  2⤵
  PID:2704
- C:\Windows\System\MceDgnB.exe
  C:\Windows\System\MceDgnB.exe
  2⤵
  PID:12208
- C:\Windows\System\bLnhdhD.exe
  C:\Windows\System\bLnhdhD.exe
  2⤵
  PID:9088
- C:\Windows\System\RnpJQdo.exe
  C:\Windows\System\RnpJQdo.exe
  2⤵
  PID:4204
- C:\Windows\System\rdKEebh.exe
  C:\Windows\System\rdKEebh.exe
  2⤵
  PID:12332
- C:\Windows\System\JXMRrcG.exe
  C:\Windows\System\JXMRrcG.exe
  2⤵
  PID:12368
- C:\Windows\System\fhlCRhS.exe
  C:\Windows\System\fhlCRhS.exe
  2⤵
  PID:12396
- C:\Windows\System\wokgWFy.exe
  C:\Windows\System\wokgWFy.exe
  2⤵
  PID:12424
- C:\Windows\System\BSblrMw.exe
  C:\Windows\System\BSblrMw.exe
  2⤵
  PID:12444
- C:\Windows\System\uRbKJMC.exe
  C:\Windows\System\uRbKJMC.exe
  2⤵
  PID:12464
- C:\Windows\System\bUCmMDh.exe
  C:\Windows\System\bUCmMDh.exe
  2⤵
  PID:12520
- C:\Windows\System\quOIeTK.exe
  C:\Windows\System\quOIeTK.exe
  2⤵
  PID:12540
- C:\Windows\System\gOMPSjQ.exe
  C:\Windows\System\gOMPSjQ.exe
  2⤵
  PID:12572
- C:\Windows\System\FRIzgyo.exe
  C:\Windows\System\FRIzgyo.exe
  2⤵
  PID:12600
- C:\Windows\System\mcsFpMa.exe
  C:\Windows\System\mcsFpMa.exe
  2⤵
  PID:12628
- C:\Windows\System\ypQlrZo.exe
  C:\Windows\System\ypQlrZo.exe
  2⤵
  PID:12664
- C:\Windows\System\aVpssVk.exe
  C:\Windows\System\aVpssVk.exe
  2⤵
  PID:12692
- C:\Windows\System\wRWXLgQ.exe
  C:\Windows\System\wRWXLgQ.exe
  2⤵
  PID:12708
- C:\Windows\System\pYNZKAT.exe
  C:\Windows\System\pYNZKAT.exe
  2⤵
  PID:12752
- C:\Windows\System\vhZCEAg.exe
  C:\Windows\System\vhZCEAg.exe
  2⤵
  PID:12780
- C:\Windows\System\WAEktTF.exe
  C:\Windows\System\WAEktTF.exe
  2⤵
  PID:12800
- C:\Windows\System\OaQvpgQ.exe
  C:\Windows\System\OaQvpgQ.exe
  2⤵
  PID:12836
- C:\Windows\System\JKdUKlp.exe
  C:\Windows\System\JKdUKlp.exe
  2⤵
  PID:12872
- C:\Windows\System\ypNpnKO.exe
  C:\Windows\System\ypNpnKO.exe
  2⤵
  PID:12900
- C:\Windows\System\KoyNPtH.exe
  C:\Windows\System\KoyNPtH.exe
  2⤵
  PID:12928
- C:\Windows\System\rjqmPXL.exe
  C:\Windows\System\rjqmPXL.exe
  2⤵
  PID:12956
- C:\Windows\System\LYARHnQ.exe
  C:\Windows\System\LYARHnQ.exe
  2⤵
  PID:12984
- C:\Windows\System\YrdTTlT.exe
  C:\Windows\System\YrdTTlT.exe
  2⤵
  PID:13012
- C:\Windows\System\XzDUtnK.exe
  C:\Windows\System\XzDUtnK.exe
  2⤵
  PID:13040
- C:\Windows\System\rlnNurj.exe
  C:\Windows\System\rlnNurj.exe
  2⤵
  PID:13068
- C:\Windows\System\alHGlvc.exe
  C:\Windows\System\alHGlvc.exe
  2⤵
  PID:13096
- C:\Windows\System\VdwstaX.exe
  C:\Windows\System\VdwstaX.exe
  2⤵
  PID:13124
- C:\Windows\System\qaOmNnH.exe
  C:\Windows\System\qaOmNnH.exe
  2⤵
  PID:13152
- C:\Windows\System\aJUisUi.exe
  C:\Windows\System\aJUisUi.exe
  2⤵
  PID:13180
- C:\Windows\System\UKOLOyv.exe
  C:\Windows\System\UKOLOyv.exe
  2⤵
  PID:13208
- C:\Windows\System\yokwxfQ.exe
  C:\Windows\System\yokwxfQ.exe
  2⤵
  PID:13252
- C:\Windows\System\vxDuuBh.exe
  C:\Windows\System\vxDuuBh.exe
  2⤵
  PID:13268
- C:\Windows\System\FkARrtZ.exe
  C:\Windows\System\FkARrtZ.exe
  2⤵
  PID:13296
- C:\Windows\System\yUiQbeX.exe
  C:\Windows\System\yUiQbeX.exe
  2⤵
  PID:12328
- C:\Windows\System\UiemaPb.exe
  C:\Windows\System\UiemaPb.exe
  2⤵
  PID:12384
- C:\Windows\System\WhwIpwK.exe
  C:\Windows\System\WhwIpwK.exe
  2⤵
  PID:12456
- C:\Windows\System\eyAXegF.exe
  C:\Windows\System\eyAXegF.exe
  2⤵
  PID:12528
- C:\Windows\System\LGRMyeX.exe
  C:\Windows\System\LGRMyeX.exe
  2⤵
  PID:12556
- C:\Windows\System\QuxOfxD.exe
  C:\Windows\System\QuxOfxD.exe
  2⤵
  PID:8652
- C:\Windows\System\nBKALKs.exe
  C:\Windows\System\nBKALKs.exe
  2⤵
  PID:7040
- C:\Windows\System\PnJZYRN.exe
  C:\Windows\System\PnJZYRN.exe
  2⤵
  PID:6168
- C:\Windows\System\FxtctNo.exe
  C:\Windows\System\FxtctNo.exe
  2⤵
  PID:12656
- C:\Windows\System\HGEquRG.exe
  C:\Windows\System\HGEquRG.exe
  2⤵
  PID:12732
- C:\Windows\System\ZZgLvLZ.exe
  C:\Windows\System\ZZgLvLZ.exe
  2⤵
  PID:6252
- C:\Windows\System\QPeadQV.exe
  C:\Windows\System\QPeadQV.exe
  2⤵
  PID:7232
- C:\Windows\System\RevRlXq.exe
  C:\Windows\System\RevRlXq.exe
  2⤵
  PID:12812
- C:\Windows\System\ytzkOHM.exe
  C:\Windows\System\ytzkOHM.exe
  2⤵
  PID:7252
- C:\Windows\System\zqJvahy.exe
  C:\Windows\System\zqJvahy.exe
  2⤵
  PID:6632
- C:\Windows\System\TnhvQWx.exe
  C:\Windows\System\TnhvQWx.exe
  2⤵
  PID:5336
- C:\Windows\System\Fsvunws.exe
  C:\Windows\System\Fsvunws.exe
  2⤵
  PID:4408
- C:\Windows\System\XAGcXPh.exe
  C:\Windows\System\XAGcXPh.exe
  2⤵
  PID:2524
- C:\Windows\System\BDtgGPm.exe
  C:\Windows\System\BDtgGPm.exe
  2⤵
  PID:7180
- C:\Windows\System\jnFGShm.exe
  C:\Windows\System\jnFGShm.exe
  2⤵
  PID:12636
- C:\Windows\System\VXkHiBk.exe
  C:\Windows\System\VXkHiBk.exe
  2⤵
  PID:12920
- C:\Windows\System\XjSfMaH.exe
  C:\Windows\System\XjSfMaH.exe
  2⤵
  PID:12996
- C:\Windows\System\SDxKhaW.exe
  C:\Windows\System\SDxKhaW.exe
  2⤵
  PID:7340
- C:\Windows\System\DffoEIN.exe
  C:\Windows\System\DffoEIN.exe
  2⤵
  PID:13092
- C:\Windows\System\ORbZiNq.exe
  C:\Windows\System\ORbZiNq.exe
  2⤵
  PID:13136
- C:\Windows\System\lmFAeRk.exe
  C:\Windows\System\lmFAeRk.exe
  2⤵
  PID:13148
- C:\Windows\System\bvxfaJR.exe
  C:\Windows\System\bvxfaJR.exe
  2⤵
  PID:13192
- C:\Windows\System\qwqFFQb.exe
  C:\Windows\System\qwqFFQb.exe
  2⤵
  PID:8864
- C:\Windows\System\iToXHqs.exe
  C:\Windows\System\iToXHqs.exe
  2⤵
  PID:7512
- C:\Windows\System\OSXcOTj.exe
  C:\Windows\System\OSXcOTj.exe
  2⤵
  PID:7544
- C:\Windows\System\JVtmQcw.exe
  C:\Windows\System\JVtmQcw.exe
  2⤵
  PID:12440
- C:\Windows\System\ThsZiZK.exe
  C:\Windows\System\ThsZiZK.exe
  2⤵
  PID:2304
- C:\Windows\System\xsoJmCf.exe
  C:\Windows\System\xsoJmCf.exe
  2⤵
  PID:7604
- C:\Windows\System\kZiUxDe.exe
  C:\Windows\System\kZiUxDe.exe
  2⤵
  PID:388
- C:\Windows\System\sfrsSHJ.exe
  C:\Windows\System\sfrsSHJ.exe
  2⤵
  PID:12612
- C:\Windows\System\CLmCJcE.exe
  C:\Windows\System\CLmCJcE.exe
  2⤵
  PID:12624
- C:\Windows\System\ydSlSjB.exe
  C:\Windows\System\ydSlSjB.exe
  2⤵
  PID:12704
- C:\Windows\System\DOTBQTK.exe
  C:\Windows\System\DOTBQTK.exe
  2⤵
  PID:7720
- C:\Windows\System\BAPrLrt.exe
  C:\Windows\System\BAPrLrt.exe
  2⤵
  PID:10444
- C:\Windows\System\PHCBNVQ.exe
  C:\Windows\System\PHCBNVQ.exe
  2⤵
  PID:7228
- C:\Windows\System\abDqCvR.exe
  C:\Windows\System\abDqCvR.exe
  2⤵
  PID:7800
- C:\Windows\System\wbNQTWA.exe
  C:\Windows\System\wbNQTWA.exe
  2⤵
  PID:7828
- C:\Windows\System\sdnLeFl.exe
  C:\Windows\System\sdnLeFl.exe
  2⤵
  PID:7184
- C:\Windows\System\EFPqGxe.exe
  C:\Windows\System\EFPqGxe.exe
  2⤵
  PID:12860
- C:\Windows\System\bIFayfo.exe
  C:\Windows\System\bIFayfo.exe
  2⤵
  PID:12968
- C:\Windows\System\BYTjnmR.exe
  C:\Windows\System\BYTjnmR.exe
  2⤵
  PID:9516
- C:\Windows\System\oZBxmdE.exe
  C:\Windows\System\oZBxmdE.exe
  2⤵
  PID:13080
- C:\Windows\System\vWBeZGb.exe
  C:\Windows\System\vWBeZGb.exe
  2⤵
  PID:8036
- C:\Windows\System\umYhTkB.exe
  C:\Windows\System\umYhTkB.exe
  2⤵
  PID:13176
- C:\Windows\System\eWBbkoz.exe
  C:\Windows\System\eWBbkoz.exe
  2⤵
  PID:13260
- C:\Windows\System\CWNdTSX.exe
  C:\Windows\System\CWNdTSX.exe
  2⤵
  PID:8164
- C:\Windows\System\zJbEsAH.exe
  C:\Windows\System\zJbEsAH.exe
  2⤵
  PID:6944
- C:\Windows\System\RghBeTz.exe
  C:\Windows\System\RghBeTz.exe
  2⤵
  PID:1464
- C:\Windows\System\ZptWHpY.exe
  C:\Windows\System\ZptWHpY.exe
  2⤵
  PID:12584
- C:\Windows\System\OayfRpY.exe
  C:\Windows\System\OayfRpY.exe
  2⤵
  PID:10716
- C:\Windows\System\bdGDQcD.exe
  C:\Windows\System\bdGDQcD.exe
  2⤵
  PID:12660
- C:\Windows\System\HZCtODZ.exe
  C:\Windows\System\HZCtODZ.exe
  2⤵
  PID:7520
- C:\Windows\System\CCSPCzj.exe
  C:\Windows\System\CCSPCzj.exe
  2⤵
  PID:7648
- C:\Windows\System\DOFYQdb.exe
  C:\Windows\System\DOFYQdb.exe
  2⤵
  PID:7696
- C:\Windows\System\nmQIGrh.exe
  C:\Windows\System\nmQIGrh.exe
  2⤵
  PID:6128
- C:\Windows\System\YBODjwK.exe
  C:\Windows\System\YBODjwK.exe
  2⤵
  PID:7904
- C:\Windows\System\AKbzlAV.exe
  C:\Windows\System\AKbzlAV.exe
  2⤵
  PID:7944
- C:\Windows\System\qdgCnyH.exe
  C:\Windows\System\qdgCnyH.exe
  2⤵
  PID:7980
- C:\Windows\System\STUwhLl.exe
  C:\Windows\System\STUwhLl.exe
  2⤵
  PID:8088
- C:\Windows\System\XrLlvwk.exe
  C:\Windows\System\XrLlvwk.exe
  2⤵
  PID:12376
- C:\Windows\System\JKGwngD.exe
  C:\Windows\System\JKGwngD.exe
  2⤵
  PID:3024
- C:\Windows\System\mhFcCKp.exe
  C:\Windows\System\mhFcCKp.exe
  2⤵
  PID:10732
- C:\Windows\System\MHBlwZr.exe
  C:\Windows\System\MHBlwZr.exe
  2⤵
  PID:7188
- C:\Windows\System\uYxoIxo.exe
  C:\Windows\System\uYxoIxo.exe
  2⤵
  PID:7584
- C:\Windows\System\valvwWu.exe
  C:\Windows\System\valvwWu.exe
  2⤵
  PID:7816
- C:\Windows\System\MMCMtcK.exe
  C:\Windows\System\MMCMtcK.exe
  2⤵
  PID:396
- C:\Windows\System\hXMUfPi.exe
  C:\Windows\System\hXMUfPi.exe
  2⤵
  PID:7996
- C:\Windows\System\drCiMPZ.exe
  C:\Windows\System\drCiMPZ.exe
  2⤵
  PID:8020
- C:\Windows\System\hZNMbRD.exe
  C:\Windows\System\hZNMbRD.exe
  2⤵
  PID:8108
- C:\Windows\System\ylZdZEb.exe
  C:\Windows\System\ylZdZEb.exe
  2⤵
  PID:13280
- C:\Windows\System\EzDUhTc.exe
  C:\Windows\System\EzDUhTc.exe
  2⤵
  PID:9644
- C:\Windows\System\xqUXASa.exe
  C:\Windows\System\xqUXASa.exe
  2⤵
  PID:8328
- C:\Windows\System\gPWKaon.exe
  C:\Windows\System\gPWKaon.exe
  2⤵
  PID:7556
- C:\Windows\System\eKMRBvM.exe
  C:\Windows\System\eKMRBvM.exe
  2⤵
  PID:8368
- C:\Windows\System\OTxUoyR.exe
  C:\Windows\System\OTxUoyR.exe
  2⤵
  PID:7324
- C:\Windows\System\IJlacIE.exe
  C:\Windows\System\IJlacIE.exe
  2⤵
  PID:10416
- C:\Windows\System\ZgsgbJR.exe
  C:\Windows\System\ZgsgbJR.exe
  2⤵
  PID:8444
- C:\Windows\System\BjOxzWD.exe
  C:\Windows\System\BjOxzWD.exe
  2⤵
  PID:8488
- C:\Windows\System\sJUmyag.exe
  C:\Windows\System\sJUmyag.exe
  2⤵
  PID:9588
- C:\Windows\System\zMtzuYB.exe
  C:\Windows\System\zMtzuYB.exe
  2⤵
  PID:3760
- C:\Windows\System\CeRUkXY.exe
  C:\Windows\System\CeRUkXY.exe
  2⤵
  PID:9724
- C:\Windows\System\AwPFubB.exe
  C:\Windows\System\AwPFubB.exe
  2⤵
  PID:3524
- C:\Windows\System\khYGYUa.exe
  C:\Windows\System\khYGYUa.exe
  2⤵
  PID:7820
- C:\Windows\System\kXrAsMF.exe
  C:\Windows\System\kXrAsMF.exe
  2⤵
  PID:8416
- C:\Windows\System\thvfUgF.exe
  C:\Windows\System\thvfUgF.exe
  2⤵
  PID:4424
- C:\Windows\System\mEbgdvm.exe
  C:\Windows\System\mEbgdvm.exe
  2⤵
  PID:9532
- C:\Windows\System\PuSPQRv.exe
  C:\Windows\System\PuSPQRv.exe
  2⤵
  PID:3284
- C:\Windows\System\DZmhKEG.exe
  C:\Windows\System\DZmhKEG.exe
  2⤵
  PID:1712
- C:\Windows\System\kyURkPy.exe
  C:\Windows\System\kyURkPy.exe
  2⤵
  PID:2168
- C:\Windows\System\qYHvzJt.exe
  C:\Windows\System\qYHvzJt.exe
  2⤵
  PID:8732
- C:\Windows\System\ysXjQdK.exe
  C:\Windows\System\ysXjQdK.exe
  2⤵
  PID:1268
- C:\Windows\System\ogwZNyZ.exe
  C:\Windows\System\ogwZNyZ.exe
  2⤵
  PID:2144
- C:\Windows\System\kMgERoZ.exe
  C:\Windows\System\kMgERoZ.exe
  2⤵
  PID:8820
- C:\Windows\System\oNFxhZv.exe
  C:\Windows\System\oNFxhZv.exe
  2⤵
  PID:4500
- C:\Windows\System\BvtixVZ.exe
  C:\Windows\System\BvtixVZ.exe
  2⤵
  PID:6628
- C:\Windows\System\hUiERQr.exe
  C:\Windows\System\hUiERQr.exe
  2⤵
  PID:8696
- C:\Windows\System\tyWRhyp.exe
  C:\Windows\System\tyWRhyp.exe
  2⤵
  PID:9988
- C:\Windows\System\OcnvNnU.exe
  C:\Windows\System\OcnvNnU.exe
  2⤵
  PID:8592
- C:\Windows\System\ZBXtJyM.exe
  C:\Windows\System\ZBXtJyM.exe
  2⤵
  PID:8768
- C:\Windows\System\HPoJflg.exe
  C:\Windows\System\HPoJflg.exe
  2⤵
  PID:4604
- C:\Windows\System\qcWOpYT.exe
  C:\Windows\System\qcWOpYT.exe
  2⤵
  PID:9728
- C:\Windows\System\kBsAHDC.exe
  C:\Windows\System\kBsAHDC.exe
  2⤵
  PID:6072
- C:\Windows\System\cDAVmGy.exe
  C:\Windows\System\cDAVmGy.exe
  2⤵
  PID:9048
- C:\Windows\System\ljEhDij.exe
  C:\Windows\System\ljEhDij.exe
  2⤵
  PID:7540
- C:\Windows\System\AoftALq.exe
  C:\Windows\System\AoftALq.exe
  2⤵
  PID:5104
- C:\Windows\System\hBOUHLW.exe
  C:\Windows\System\hBOUHLW.exe
  2⤵
  PID:8992
- C:\Windows\System\UuYagQO.exe
  C:\Windows\System\UuYagQO.exe
  2⤵
  PID:9168
- C:\Windows\System\IPpEQVN.exe
  C:\Windows\System\IPpEQVN.exe
  2⤵
  PID:7440
- C:\Windows\System\CqJRSDK.exe
  C:\Windows\System\CqJRSDK.exe
  2⤵
  PID:4920
- C:\Windows\System\HRDTlRv.exe
  C:\Windows\System\HRDTlRv.exe
  2⤵
  PID:9004
- C:\Windows\System\qOwufSg.exe
  C:\Windows\System\qOwufSg.exe
  2⤵
  PID:2560
- C:\Windows\System\GiBlGgd.exe
  C:\Windows\System\GiBlGgd.exe
  2⤵
  PID:8964
- C:\Windows\System\zhbCrHk.exe
  C:\Windows\System\zhbCrHk.exe
  2⤵
  PID:9140
- C:\Windows\System\DYFyrYd.exe
  C:\Windows\System\DYFyrYd.exe
  2⤵
  PID:1048
- C:\Windows\System\tRNKikX.exe
  C:\Windows\System\tRNKikX.exe
  2⤵
  PID:8080
- C:\Windows\System\hRShyJa.exe
  C:\Windows\System\hRShyJa.exe
  2⤵
  PID:6672
- C:\Windows\System\GLtCpxR.exe
  C:\Windows\System\GLtCpxR.exe
  2⤵
  PID:8428
- C:\Windows\System\dYiLLlw.exe
  C:\Windows\System\dYiLLlw.exe
  2⤵
  PID:8484
- C:\Windows\System\IGAGGar.exe
  C:\Windows\System\IGAGGar.exe
  2⤵
  PID:8
- C:\Windows\System\XDxToSo.exe
  C:\Windows\System\XDxToSo.exe
  2⤵
  PID:13332
- C:\Windows\System\GkphMbO.exe
  C:\Windows\System\GkphMbO.exe
  2⤵
  PID:13364
- C:\Windows\System\xrsChsf.exe
  C:\Windows\System\xrsChsf.exe
  2⤵
  PID:13396
- C:\Windows\System\IKBkbMC.exe
  C:\Windows\System\IKBkbMC.exe
  2⤵
  PID:13424
- C:\Windows\System\BgvYedS.exe
  C:\Windows\System\BgvYedS.exe
  2⤵
  PID:13452
- C:\Windows\System\GIiqCuI.exe
  C:\Windows\System\GIiqCuI.exe
  2⤵
  PID:13476
- C:\Windows\System\KZoFSoF.exe
  C:\Windows\System\KZoFSoF.exe
  2⤵
  PID:13504
- C:\Windows\System\difvXqv.exe
  C:\Windows\System\difvXqv.exe
  2⤵
  PID:13532
- C:\Windows\System\Ewdvwsj.exe
  C:\Windows\System\Ewdvwsj.exe
  2⤵
  PID:13560
- C:\Windows\System\PCLFZuy.exe
  C:\Windows\System\PCLFZuy.exe
  2⤵
  PID:13592
- C:\Windows\System\EuabjvC.exe
  C:\Windows\System\EuabjvC.exe
  2⤵
  PID:13616
- C:\Windows\System\oQusUfs.exe
  C:\Windows\System\oQusUfs.exe
  2⤵
  PID:13652
- C:\Windows\System\nhkWioS.exe
  C:\Windows\System\nhkWioS.exe
  2⤵
  PID:13672
- C:\Windows\System\unCSlcL.exe
  C:\Windows\System\unCSlcL.exe
  2⤵
  PID:13712
- C:\Windows\System\IpFVuso.exe
  C:\Windows\System\IpFVuso.exe
  2⤵
  PID:13736
- C:\Windows\System\ETkPaKY.exe
  C:\Windows\System\ETkPaKY.exe
  2⤵
  PID:13756
- C:\Windows\System\LoudPWU.exe
  C:\Windows\System\LoudPWU.exe
  2⤵
  PID:13792
- C:\Windows\System\AtbURQK.exe
  C:\Windows\System\AtbURQK.exe
  2⤵
  PID:13820
- C:\Windows\System\AKvChlZ.exe
  C:\Windows\System\AKvChlZ.exe
  2⤵
  PID:13840
- C:\Windows\System\WHwIiwk.exe
  C:\Windows\System\WHwIiwk.exe
  2⤵
  PID:13868
- C:\Windows\System\YuVDsrd.exe
  C:\Windows\System\YuVDsrd.exe
  2⤵
  PID:13896
- C:\Windows\System\dPanDcP.exe
  C:\Windows\System\dPanDcP.exe
  2⤵
  PID:13928
- C:\Windows\System\znMkPcN.exe
  C:\Windows\System\znMkPcN.exe
  2⤵
  PID:13956
- C:\Windows\System\QdDFfdR.exe
  C:\Windows\System\QdDFfdR.exe
  2⤵
  PID:13984
- C:\Windows\System\DoqDPTw.exe
  C:\Windows\System\DoqDPTw.exe
  2⤵
  PID:14012
- C:\Windows\System\HuyLoac.exe
  C:\Windows\System\HuyLoac.exe
  2⤵
  PID:14040
- C:\Windows\System\pfOXUkv.exe
  C:\Windows\System\pfOXUkv.exe
  2⤵
  PID:14068
- C:\Windows\System\CwrKzjs.exe
  C:\Windows\System\CwrKzjs.exe
  2⤵
  PID:14096
- C:\Windows\System\bNEtqeM.exe
  C:\Windows\System\bNEtqeM.exe
  2⤵
  PID:14128
- C:\Windows\System\dnOCHIk.exe
  C:\Windows\System\dnOCHIk.exe
  2⤵
  PID:14156
- C:\Windows\System\PZLOSFe.exe
  C:\Windows\System\PZLOSFe.exe
  2⤵
  PID:14188
- C:\Windows\System\rjGIIyp.exe
  C:\Windows\System\rjGIIyp.exe
  2⤵
  PID:14212
- C:\Windows\System\nGAziLz.exe
  C:\Windows\System\nGAziLz.exe
  2⤵
  PID:14244
- C:\Windows\System\nXKnRVm.exe
  C:\Windows\System\nXKnRVm.exe
  2⤵
  PID:14272
- C:\Windows\System\DCGhDjE.exe
  C:\Windows\System\DCGhDjE.exe
  2⤵
  PID:14300
- C:\Windows\System\DoXzVoT.exe
  C:\Windows\System\DoXzVoT.exe
  2⤵
  PID:14324
- C:\Windows\System\BxPnQEi.exe
  C:\Windows\System\BxPnQEi.exe
  2⤵
  PID:8784
- C:\Windows\System\CWOHePZ.exe
  C:\Windows\System\CWOHePZ.exe
  2⤵
  PID:13380
- C:\Windows\System\ZIhjrOZ.exe
  C:\Windows\System\ZIhjrOZ.exe
  2⤵
  PID:13404
- C:\Windows\System\zBplqnI.exe
  C:\Windows\System\zBplqnI.exe
  2⤵
  PID:13460
- C:\Windows\System\npaHltY.exe
  C:\Windows\System\npaHltY.exe
  2⤵
  PID:13516
- C:\Windows\System\MjEedfl.exe
  C:\Windows\System\MjEedfl.exe
  2⤵
  PID:13572
- C:\Windows\System\CnLygwx.exe
  C:\Windows\System\CnLygwx.exe
  2⤵
  PID:13612
- C:\Windows\System\ZgSWwar.exe
  C:\Windows\System\ZgSWwar.exe
  2⤵
  PID:13664
- C:\Windows\System\NHYtmxQ.exe
  C:\Windows\System\NHYtmxQ.exe
  2⤵
  PID:7308
- C:\Windows\System\TTDfHmc.exe
  C:\Windows\System\TTDfHmc.exe
  2⤵
  PID:13720
- C:\Windows\System\VRSPQcA.exe
  C:\Windows\System\VRSPQcA.exe
  2⤵
  PID:13776
- C:\Windows\System\vYNXbkw.exe
  C:\Windows\System\vYNXbkw.exe
  2⤵
  PID:13808
- C:\Windows\System\xlktFqF.exe
  C:\Windows\System\xlktFqF.exe
  2⤵
  PID:7504
- C:\Windows\System\MdZwNmX.exe
  C:\Windows\System\MdZwNmX.exe
  2⤵
  PID:9072
- C:\Windows\System\pAPYOuG.exe
  C:\Windows\System\pAPYOuG.exe
  2⤵
  PID:13948
- C:\Windows\System\bfNImkq.exe
  C:\Windows\System\bfNImkq.exe
  2⤵
  PID:4380
- C:\Windows\System\XJRIPZC.exe
  C:\Windows\System\XJRIPZC.exe
  2⤵
  PID:14064
- C:\Windows\System\UhlLmCf.exe
  C:\Windows\System\UhlLmCf.exe
  2⤵
  PID:9220
- C:\Windows\System\ivOHzGK.exe
  C:\Windows\System\ivOHzGK.exe
  2⤵
  PID:14120
- C:\Windows\System\QBGDqdL.exe
  C:\Windows\System\QBGDqdL.exe
  2⤵
  PID:9276
- C:\Windows\System\zMSxAqd.exe
  C:\Windows\System\zMSxAqd.exe
  2⤵
  PID:9304
- C:\Windows\System\qFrHact.exe
  C:\Windows\System\qFrHact.exe
  2⤵
  PID:14252
- C:\Windows\System\ctQstvP.exe
  C:\Windows\System\ctQstvP.exe
  2⤵
  PID:14288
- C:\Windows\System\IWlDTHP.exe
  C:\Windows\System\IWlDTHP.exe
  2⤵
  PID:9384
- C:\Windows\System\cNVTBjw.exe
  C:\Windows\System\cNVTBjw.exe
  2⤵
  PID:9428
- C:\Windows\System\ayXxpzm.exe
  C:\Windows\System\ayXxpzm.exe
  2⤵
  PID:9444
- C:\Windows\System\gVNcIzo.exe
  C:\Windows\System\gVNcIzo.exe
  2⤵
  PID:13580
- C:\Windows\System\TkkDCWS.exe
  C:\Windows\System\TkkDCWS.exe
  2⤵
  PID:13640
- C:\Windows\System\JjxGnRn.exe
  C:\Windows\System\JjxGnRn.exe
  2⤵
  PID:8336
- C:\Windows\System\CaQQvdQ.exe
  C:\Windows\System\CaQQvdQ.exe
  2⤵
  PID:13768
- C:\Windows\System\XlGFfGZ.exe
  C:\Windows\System\XlGFfGZ.exe
  2⤵
  PID:9584
- C:\Windows\System\nyhDjEq.exe
  C:\Windows\System\nyhDjEq.exe
  2⤵
  PID:9604
- C:\Windows\System\YoRxkBT.exe
  C:\Windows\System\YoRxkBT.exe
  2⤵
  PID:13996
- C:\Windows\System\bdOrWRA.exe
  C:\Windows\System\bdOrWRA.exe
  2⤵
  PID:8480
- C:\Windows\System\YuBISUh.exe
  C:\Windows\System\YuBISUh.exe
  2⤵
  PID:828
- C:\Windows\System\lkoIbAR.exe
  C:\Windows\System\lkoIbAR.exe
  2⤵
  PID:14204
- C:\Windows\System\NfRpNoM.exe
  C:\Windows\System\NfRpNoM.exe
  2⤵
  PID:14284
- C:\Windows\System\FzUVghB.exe
  C:\Windows\System\FzUVghB.exe
  2⤵
  PID:13344
- C:\Windows\System\fCSObmk.exe
  C:\Windows\System\fCSObmk.exe
  2⤵
  PID:13432
- C:\Windows\System\gViuFDa.exe
  C:\Windows\System\gViuFDa.exe
  2⤵
  PID:13556
- C:\Windows\System\drELHEc.exe
  C:\Windows\System\drELHEc.exe
  2⤵
  PID:8540
- C:\Windows\System\vUPDcJF.exe
  C:\Windows\System\vUPDcJF.exe
  2⤵
  PID:4232
- C:\Windows\System\vmDqeWi.exe
  C:\Windows\System\vmDqeWi.exe
  2⤵
  PID:9648
- C:\Windows\System\GhhFLCj.exe
  C:\Windows\System\GhhFLCj.exe
  2⤵
  PID:9736
- C:\Windows\System\xlUigmE.exe
  C:\Windows\System\xlUigmE.exe
  2⤵
  PID:9960
- C:\Windows\System\tAKtDzN.exe
  C:\Windows\System\tAKtDzN.exe
  2⤵
  PID:9772
- C:\Windows\System\SHiIOVk.exe
  C:\Windows\System\SHiIOVk.exe
  2⤵
  PID:9840
- C:\Windows\System\QAMUPuQ.exe
  C:\Windows\System\QAMUPuQ.exe
  2⤵
  PID:8740
- C:\Windows\System\iUgTDAp.exe
  C:\Windows\System\iUgTDAp.exe
  2⤵
  PID:13980
- C:\Windows\System\BRortob.exe
  C:\Windows\System\BRortob.exe
  2⤵
  PID:9948
- C:\Windows\System\uZNUHVX.exe
  C:\Windows\System\uZNUHVX.exe
  2⤵
  PID:10128
- C:\Windows\System\cDXMxsH.exe
  C:\Windows\System\cDXMxsH.exe
  2⤵
  PID:9936
- C:\Windows\System\AGPvVPo.exe
  C:\Windows\System\AGPvVPo.exe
  2⤵
  PID:9404
- C:\Windows\System\dGNHmhN.exe
  C:\Windows\System\dGNHmhN.exe
  2⤵
  PID:14116
- C:\Windows\System\BBZlTRX.exe
  C:\Windows\System\BBZlTRX.exe
  2⤵
  PID:13628
- C:\Windows\System\uTRYOxq.exe
  C:\Windows\System\uTRYOxq.exe
  2⤵
  PID:14364
- C:\Windows\System\vgwUHfo.exe
  C:\Windows\System\vgwUHfo.exe
  2⤵
  PID:14384
- C:\Windows\System\kDYUblS.exe
  C:\Windows\System\kDYUblS.exe
  2⤵
  PID:14416
- C:\Windows\System\wHZWLlP.exe
  C:\Windows\System\wHZWLlP.exe
  2⤵
  PID:14444
- C:\Windows\System\SPONRFe.exe
  C:\Windows\System\SPONRFe.exe
  2⤵
  PID:14472
- C:\Windows\System\LudUDuC.exe
  C:\Windows\System\LudUDuC.exe
  2⤵
  PID:14496
- C:\Windows\System\LcHvZvt.exe
  C:\Windows\System\LcHvZvt.exe
  2⤵
  PID:14528
- C:\Windows\System\iDKGVlS.exe
  C:\Windows\System\iDKGVlS.exe
  2⤵
  PID:14552
- C:\Windows\System\lMKkpcb.exe
  C:\Windows\System\lMKkpcb.exe
  2⤵
  PID:14588
- C:\Windows\System\XGEiGZI.exe
  C:\Windows\System\XGEiGZI.exe
  2⤵
  PID:14608
- C:\Windows\System\oeMecuM.exe
  C:\Windows\System\oeMecuM.exe
  2⤵
  PID:14644
- C:\Windows\System\zbgfkCW.exe
  C:\Windows\System\zbgfkCW.exe
  2⤵
  PID:14676
- C:\Windows\System\hXMsUdN.exe
  C:\Windows\System\hXMsUdN.exe
  2⤵
  PID:14704
- C:\Windows\System\jZStjDK.exe
  C:\Windows\System\jZStjDK.exe
  2⤵
  PID:14732
- C:\Windows\System\MYDZUno.exe
  C:\Windows\System\MYDZUno.exe
  2⤵
  PID:14752
- C:\Windows\System\NFmRkyg.exe
  C:\Windows\System\NFmRkyg.exe
  2⤵
  PID:14788
- C:\Windows\System\pUedPlL.exe
  C:\Windows\System\pUedPlL.exe
  2⤵
  PID:14808
- C:\Windows\System\kUZjQov.exe
  C:\Windows\System\kUZjQov.exe
  2⤵
  PID:14836
- C:\Windows\System\CBRBzVf.exe
  C:\Windows\System\CBRBzVf.exe
  2⤵
  PID:14864
- C:\Windows\System\mznPDIm.exe
  C:\Windows\System\mznPDIm.exe
  2⤵
  PID:14892
- C:\Windows\System\xbzsmeo.exe
  C:\Windows\System\xbzsmeo.exe
  2⤵
  PID:14920
- C:\Windows\System\YBoMEWE.exe
  C:\Windows\System\YBoMEWE.exe
  2⤵
  PID:14960
- C:\Windows\System\uSlCdwE.exe
  C:\Windows\System\uSlCdwE.exe
  2⤵
  PID:14988
- C:\Windows\System\IZUfVOD.exe
  C:\Windows\System\IZUfVOD.exe
  2⤵
  PID:15016
- C:\Windows\System\PUscXGK.exe
  C:\Windows\System\PUscXGK.exe
  2⤵
  PID:15044
- C:\Windows\System\vkCOuIn.exe
  C:\Windows\System\vkCOuIn.exe
  2⤵
  PID:15064
- C:\Windows\System\FiNUaaa.exe
  C:\Windows\System\FiNUaaa.exe
  2⤵
  PID:15100
- C:\Windows\System\VnIgjia.exe
  C:\Windows\System\VnIgjia.exe
  2⤵
  PID:15120
- C:\Windows\System\dfLAPsR.exe
  C:\Windows\System\dfLAPsR.exe
  2⤵
  PID:15156
- C:\Windows\System\yrHEvkn.exe
  C:\Windows\System\yrHEvkn.exe
  2⤵
  PID:15180
- C:\Windows\System\XBxGAYl.exe
  C:\Windows\System\XBxGAYl.exe
  2⤵
  PID:15208
- C:\Windows\System\wAyBVfY.exe
  C:\Windows\System\wAyBVfY.exe
  2⤵
  PID:15240
- C:\Windows\System\wwHRvcj.exe
  C:\Windows\System\wwHRvcj.exe
  2⤵
  PID:15264
- C:\Windows\System\ZGyKXeB.exe
  C:\Windows\System\ZGyKXeB.exe
  2⤵
  PID:15292
- C:\Windows\System\kUtbmCo.exe
  C:\Windows\System\kUtbmCo.exe
  2⤵
  PID:15324
- C:\Windows\System\YQyPAVN.exe
  C:\Windows\System\YQyPAVN.exe
  2⤵
  PID:15348
- C:\Windows\System\yhQTgTo.exe
  C:\Windows\System\yhQTgTo.exe
  2⤵
  PID:14372
- C:\Windows\System\mmVJKJF.exe
  C:\Windows\System\mmVJKJF.exe
  2⤵
  PID:9244
- C:\Windows\System\DeyIQKN.exe
  C:\Windows\System\DeyIQKN.exe
  2⤵
  PID:14480
- C:\Windows\System\owPQnlR.exe
  C:\Windows\System\owPQnlR.exe
  2⤵
  PID:14516
- C:\Windows\System\IXnWfuD.exe
  C:\Windows\System\IXnWfuD.exe
  2⤵
  PID:14604
- C:\Windows\System\FmxHyjh.exe
  C:\Windows\System\FmxHyjh.exe
  2⤵
  PID:14660
- C:\Windows\System\SFOcagh.exe
  C:\Windows\System\SFOcagh.exe
  2⤵
  PID:14716
- C:\Windows\System\LoopMLZ.exe
  C:\Windows\System\LoopMLZ.exe
  2⤵
  PID:14748
- C:\Windows\System\sRKZIKt.exe
  C:\Windows\System\sRKZIKt.exe
  2⤵
  PID:14796
- C:\Windows\System\dohHXog.exe
  C:\Windows\System\dohHXog.exe
  2⤵
  PID:6788
- C:\Windows\System\sBqGDad.exe
  C:\Windows\System\sBqGDad.exe
  2⤵
  PID:14876
- C:\Windows\System\yNdVwPw.exe
  C:\Windows\System\yNdVwPw.exe
  2⤵
  PID:4272
- C:\Windows\System\xvImtVg.exe
  C:\Windows\System\xvImtVg.exe
  2⤵
  PID:4116
- C:\Windows\System\pXPubOh.exe
  C:\Windows\System\pXPubOh.exe
  2⤵
  PID:15024
- C:\Windows\System\SvZkMal.exe
  C:\Windows\System\SvZkMal.exe
  2⤵
  PID:15056
- C:\Windows\System\PnDRxHM.exe
  C:\Windows\System\PnDRxHM.exe
  2⤵
  PID:15088
- C:\Windows\System\EyWeKDI.exe
  C:\Windows\System\EyWeKDI.exe
  2⤵
  PID:15140
- C:\Windows\System\iEVHmOv.exe
  C:\Windows\System\iEVHmOv.exe
  2⤵
  PID:15220
- C:\Windows\System\nDbPpkZ.exe
  C:\Windows\System\nDbPpkZ.exe
  2⤵
  PID:15232
- C:\Windows\System\LYlEAJV.exe
  C:\Windows\System\LYlEAJV.exe
  2⤵
  PID:15276
- C:\Windows\System\mWmnEic.exe
  C:\Windows\System\mWmnEic.exe
  2⤵
  PID:15316
- C:\Windows\System\xnwTRQK.exe
  C:\Windows\System\xnwTRQK.exe
  2⤵
  PID:10360
- C:\Windows\System\gKilkVh.exe
  C:\Windows\System\gKilkVh.exe
  2⤵
  PID:10396
- C:\Windows\System\jDAShth.exe
  C:\Windows\System\jDAShth.exe
  2⤵
  PID:9980
- C:\Windows\System\PVyXkbw.exe
  C:\Windows\System\PVyXkbw.exe
  2⤵
  PID:14636
- C:\Windows\System\brQCxcL.exe
  C:\Windows\System\brQCxcL.exe
  2⤵
  PID:14692
- C:\Windows\System\kmSBIqG.exe
  C:\Windows\System\kmSBIqG.exe
  2⤵
  PID:4680
- C:\Windows\System\stQODwo.exe
  C:\Windows\System\stQODwo.exe
  2⤵
  PID:14820
- C:\Windows\System\iLcPAik.exe
  C:\Windows\System\iLcPAik.exe
  2⤵
  PID:14904
- C:\Windows\System\EEHozeD.exe
  C:\Windows\System\EEHozeD.exe
  2⤵
  PID:2392
- C:\Windows\System\euviMSS.exe
  C:\Windows\System\euviMSS.exe
  2⤵
  PID:2448
- C:\Windows\System\LGxLjfv.exe
  C:\Windows\System\LGxLjfv.exe
  2⤵
  PID:6828
- C:\Windows\System\YSTxbko.exe
  C:\Windows\System\YSTxbko.exe
  2⤵
  PID:4948
- C:\Windows\System\KIXpFuG.exe
  C:\Windows\System\KIXpFuG.exe
  2⤵
  PID:15204
- C:\Windows\System\MBhggfY.exe
  C:\Windows\System\MBhggfY.exe
  2⤵
  PID:10996
- C:\Windows\System\gmpzPQh.exe
  C:\Windows\System\gmpzPQh.exe
  2⤵
  PID:11052
- C:\Windows\System\oxvXJgc.exe
  C:\Windows\System\oxvXJgc.exe
  2⤵
  PID:11072
- C:\Windows\System\CIXAjkO.exe
  C:\Windows\System\CIXAjkO.exe
  2⤵
  PID:11104
- C:\Windows\System\tJKFwRM.exe
  C:\Windows\System\tJKFwRM.exe
  2⤵
  PID:14436
- C:\Windows\System\TIkAwcB.exe
  C:\Windows\System\TIkAwcB.exe
  2⤵
  PID:11200
- C:\Windows\System\tncXwYg.exe
  C:\Windows\System\tncXwYg.exe
  2⤵
  PID:10532
- C:\Windows\System\HMSHpqK.exe
  C:\Windows\System\HMSHpqK.exe
  2⤵
  PID:14804
- C:\Windows\System\dqJJyiM.exe
  C:\Windows\System\dqJJyiM.exe
  2⤵
  PID:3172
- C:\Windows\System\HtrTKUJ.exe
  C:\Windows\System\HtrTKUJ.exe
  2⤵
  PID:9696
- C:\Windows\System\jEheMWP.exe
  C:\Windows\System\jEheMWP.exe
  2⤵
  PID:2624
- C:\Windows\System\sKFHuaz.exe
  C:\Windows\System\sKFHuaz.exe
  2⤵
  PID:10968
- C:\Windows\System\hqGWLUU.exe
  C:\Windows\System\hqGWLUU.exe
  2⤵
  PID:1308
- C:\Windows\System\pwmJKej.exe
  C:\Windows\System\pwmJKej.exe
  2⤵
  PID:10276
- C:\Windows\System\eBgWtJm.exe
  C:\Windows\System\eBgWtJm.exe
  2⤵
  PID:11112
- C:\Windows\System\bQMLdPd.exe
  C:\Windows\System\bQMLdPd.exe
  2⤵
  PID:3200
- C:\Windows\System\sgzMAJy.exe
  C:\Windows\System\sgzMAJy.exe
  2⤵
  PID:14688
- C:\Windows\System\aYupOaj.exe
  C:\Windows\System\aYupOaj.exe
  2⤵
  PID:11216
- C:\Windows\System\UqaFLsx.exe
  C:\Windows\System\UqaFLsx.exe
  2⤵
  PID:14948
- C:\Windows\System\gyaCYlL.exe
  C:\Windows\System\gyaCYlL.exe
  2⤵
  PID:10272
- C:\Windows\System\SRxoULP.exe
  C:\Windows\System\SRxoULP.exe
  2⤵
  PID:15188
- C:\Windows\System\evgLXBi.exe
  C:\Windows\System\evgLXBi.exe
  2⤵
  PID:6120
- C:\Windows\System\ZQFZVAU.exe
  C:\Windows\System\ZQFZVAU.exe
  2⤵
  PID:11004
- C:\Windows\System\NqJbzXf.exe
  C:\Windows\System\NqJbzXf.exe
  2⤵
  PID:11032
- C:\Windows\System\kaBrFCm.exe
  C:\Windows\System\kaBrFCm.exe
  2⤵
  PID:232
- C:\Windows\System\HaqHpHf.exe
  C:\Windows\System\HaqHpHf.exe
  2⤵
  PID:6256
- C:\Windows\System\NmQFTYr.exe
  C:\Windows\System\NmQFTYr.exe
  2⤵
  PID:10804
- C:\Windows\System\eYxfFJv.exe
  C:\Windows\System\eYxfFJv.exe
  2⤵
  PID:10296
- C:\Windows\System\OcsdQap.exe
  C:\Windows\System\OcsdQap.exe
  2⤵
  PID:10520
- C:\Windows\System\xHODAsi.exe
  C:\Windows\System\xHODAsi.exe
  2⤵
  PID:3012
- C:\Windows\System\UZJfzIb.exe
  C:\Windows\System\UZJfzIb.exe
  2⤵
  PID:11220
- C:\Windows\System\uHlMDFd.exe
  C:\Windows\System\uHlMDFd.exe
  2⤵
  PID:5444
- C:\Windows\System\UmWfVtD.exe
  C:\Windows\System\UmWfVtD.exe
  2⤵
  PID:10924
- C:\Windows\System\EDUGIkY.exe
  C:\Windows\System\EDUGIkY.exe
  2⤵
  PID:10776
- C:\Windows\System\ZEjMebg.exe
  C:\Windows\System\ZEjMebg.exe
  2⤵
  PID:5816
- C:\Windows\System\eMjXGQD.exe
  C:\Windows\System\eMjXGQD.exe
  2⤵
  PID:5244
- C:\Windows\System\QDWRMYN.exe
  C:\Windows\System\QDWRMYN.exe
  2⤵
  PID:10340
- C:\Windows\System\vWyLCxR.exe
  C:\Windows\System\vWyLCxR.exe
  2⤵
  PID:8868
- C:\Windows\System\ukHlixz.exe
  C:\Windows\System\ukHlixz.exe
  2⤵
  PID:5700
- C:\Windows\System\VcxpqJR.exe
  C:\Windows\System\VcxpqJR.exe
  2⤵
  PID:7376
- C:\Windows\System\rTzOBuJ.exe
  C:\Windows\System\rTzOBuJ.exe
  2⤵
  PID:7472
- C:\Windows\System\YKSvenn.exe
  C:\Windows\System\YKSvenn.exe
  2⤵
  PID:7272
- C:\Windows\System\PeskkxS.exe
  C:\Windows\System\PeskkxS.exe
  2⤵
  PID:10508
- C:\Windows\System\OnAamfX.exe
  C:\Windows\System\OnAamfX.exe
  2⤵
  PID:10200
- C:\Windows\System\YdGpBgY.exe
  C:\Windows\System\YdGpBgY.exe
  2⤵
  PID:6832
- C:\Windows\System\tiUGrat.exe
  C:\Windows\System\tiUGrat.exe
  2⤵
  PID:6296
- C:\Windows\System\FNYjqJs.exe
  C:\Windows\System\FNYjqJs.exe
  2⤵
  PID:15380
- C:\Windows\System\ujfHtsD.exe
  C:\Windows\System\ujfHtsD.exe
  2⤵
  PID:15408
- C:\Windows\System\GbyTRoE.exe
  C:\Windows\System\GbyTRoE.exe
  2⤵
  PID:15444
- C:\Windows\System\aPNVnFX.exe
  C:\Windows\System\aPNVnFX.exe
  2⤵
  PID:15472
- C:\Windows\System\yAnrvYD.exe
  C:\Windows\System\yAnrvYD.exe
  2⤵
  PID:15492
- C:\Windows\System\kuPmajL.exe
  C:\Windows\System\kuPmajL.exe
  2⤵
  PID:15520
- C:\Windows\System\apVwQmh.exe
  C:\Windows\System\apVwQmh.exe
  2⤵
  PID:15556
- C:\Windows\System\IFhmePL.exe
  C:\Windows\System\IFhmePL.exe
  2⤵
  PID:15580
- C:\Windows\System\xVeNhcC.exe
  C:\Windows\System\xVeNhcC.exe
  2⤵
  PID:15608
- C:\Windows\System\VHtUJpE.exe
  C:\Windows\System\VHtUJpE.exe
  2⤵
  PID:15648
- C:\Windows\System\UodVIla.exe
  C:\Windows\System\UodVIla.exe
  2⤵
  PID:15664
- C:\Windows\System\PlDTcaI.exe
  C:\Windows\System\PlDTcaI.exe
  2⤵
  PID:15692
- C:\Windows\System\EUuIUNi.exe
  C:\Windows\System\EUuIUNi.exe
  2⤵
  PID:15720
- C:\Windows\System\OIDaVLP.exe
  C:\Windows\System\OIDaVLP.exe
  2⤵
  PID:15748
- C:\Windows\System\AsdUroL.exe
  C:\Windows\System\AsdUroL.exe
  2⤵
  PID:15776
- C:\Windows\System\euMOKkk.exe
  C:\Windows\System\euMOKkk.exe
  2⤵
  PID:15804
- C:\Windows\System\CjHZKzl.exe
  C:\Windows\System\CjHZKzl.exe
  2⤵
  PID:15832
- C:\Windows\System\MVlZwCZ.exe
  C:\Windows\System\MVlZwCZ.exe
  2⤵
  PID:15860
- C:\Windows\System\XfaDeVQ.exe
  C:\Windows\System\XfaDeVQ.exe
  2⤵
  PID:15888
- C:\Windows\System\GXQTXou.exe
  C:\Windows\System\GXQTXou.exe
  2⤵
  PID:15916
- C:\Windows\System\wfGDryl.exe
  C:\Windows\System\wfGDryl.exe
  2⤵
  PID:15944
- C:\Windows\System\CCNqrbo.exe
  C:\Windows\System\CCNqrbo.exe
  2⤵
  PID:15972
- C:\Windows\System\AjRPMBr.exe
  C:\Windows\System\AjRPMBr.exe
  2⤵
  PID:16000
- C:\Windows\System\oACDzVX.exe
  C:\Windows\System\oACDzVX.exe
  2⤵
  PID:16028
- C:\Windows\System\JJcFpHJ.exe
  C:\Windows\System\JJcFpHJ.exe
  2⤵
  PID:16056
- C:\Windows\System\OVmhlRl.exe
  C:\Windows\System\OVmhlRl.exe
  2⤵
  PID:16084
- C:\Windows\System\HctHgLo.exe
  C:\Windows\System\HctHgLo.exe
  2⤵
  PID:16116
- C:\Windows\System\oILBYfl.exe
  C:\Windows\System\oILBYfl.exe
  2⤵
  PID:16144
- C:\Windows\System\eBWQZuo.exe
  C:\Windows\System\eBWQZuo.exe
  2⤵
  PID:16176
- C:\Windows\System\KkPsDqq.exe
  C:\Windows\System\KkPsDqq.exe
  2⤵
  PID:16200
- C:\Windows\System\XhYOpgc.exe
  C:\Windows\System\XhYOpgc.exe
  2⤵
  PID:16228
- C:\Windows\System\tffhwTt.exe
  C:\Windows\System\tffhwTt.exe
  2⤵
  PID:16256
- C:\Windows\System\bSmvqxC.exe
  C:\Windows\System\bSmvqxC.exe
  2⤵
  PID:16284
- C:\Windows\System\EBcdrZt.exe
  C:\Windows\System\EBcdrZt.exe
  2⤵
  PID:16316
- C:\Windows\System\QishCMI.exe
  C:\Windows\System\QishCMI.exe
  2⤵
  PID:16340
- C:\Windows\System\XHPfkvl.exe
  C:\Windows\System\XHPfkvl.exe
  2⤵
  PID:16368
- C:\Windows\System\fdtUWLF.exe
  C:\Windows\System\fdtUWLF.exe
  2⤵
  PID:6376
- C:\Windows\System\ieALQFE.exe
  C:\Windows\System\ieALQFE.exe
  2⤵
  PID:15404
- C:\Windows\System\mEGdCdz.exe
  C:\Windows\System\mEGdCdz.exe
  2⤵
  PID:15432
- C:\Windows\System\MkWPSDD.exe
  C:\Windows\System\MkWPSDD.exe
  2⤵
  PID:15456
- C:\Windows\System\ZPbVcFW.exe
  C:\Windows\System\ZPbVcFW.exe
  2⤵
  PID:5880
- C:\Windows\System\HbuaUqh.exe
  C:\Windows\System\HbuaUqh.exe
  2⤵
  PID:15516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AHSKpSi.exe

Filesize
6.0MB

MD5
f9ae58668d937ab18d66893403baa6fc

SHA1
6eacb254930a3a50186fd5e66aaa4492d27c4c5f

SHA256
3512125544e48f0dec33742dd68109e8bfe4bc8271f3ddb7dab33e10696d7f6e

SHA512
9c604a8a7bdc5f3c8bded8ab6cf3863782b55b7b1fb8b7b50046fcc47d4e9263d6802bcedb59ff0fad8d30d8bd3404631872d4559710a00d60ecdfdf075b5572

Download Submit
C:\Windows\System\BxoKNFR.exe

Filesize
6.0MB

MD5
9198848086d1abf66e68fa2263e97813

SHA1
84deae3f0a30bfaf6962602c7ccdf99a47074550

SHA256
b7746b988fef875a4836c477b6ef3dfe266e91168c365dc1f72add8c0e178533

SHA512
5de1bd7536301a139511fd1517a2458e47bb381ad3a516c5bb9e28c5f1784f0580eb8fb08570e5fe18283b40ebf7c56cf45e1766090791c4cf26523dff4ffd20

Download Submit
C:\Windows\System\DNcnGnx.exe

Filesize
6.0MB

MD5
cb2759f127547f32d0450e7706aed3ef

SHA1
921716e49f5e2bc6ee659ac30f89d2fd2b795743

SHA256
86807bf9478e34025e4c8d9ccee8d9b57c28b52fcbce2854621acc9a1444210a

SHA512
376b3af688e1a1fd6ab14cf038e1ab0a12263f659ba9f284230577b286081d24e7804e61980e265edb59d614c477fd52f58301896b208792f248a3e7d349c28c

Download Submit
C:\Windows\System\DrEaQLh.exe

Filesize
6.0MB

MD5
10ccad644b35756723589b6d2042284b

SHA1
69091600a59a449e8ff2c70f037e7ac33d754467

SHA256
7a6bfbb5e9e29cd051200eb3e6f1b149dc41b24bc62d6924985c7ff110222cdd

SHA512
d047e170ba8edec03be073540e298ed79804f7545bc22e3df9ec039f8aba82b886fac70d0c060528f61d3f84ce8c7af4bdb108f59e7e15f7f702c7346b8eb8a1

Download Submit
C:\Windows\System\GyyyaWh.exe

Filesize
6.0MB

MD5
7369099bfe230bcf90254e2d53e64280

SHA1
9839d36bcf01b206b4031dfdba3b4d5b20d5a66c

SHA256
2fdbf0ca9ed54b3182e99ebd263f688a58f399f7aa5596eade01f39e2075f109

SHA512
f575cf7b971f490087d5032b305856e65ab6b43e4bc7b33e46521c71ba22c213091b7f2da1a4b19e238ed27c5e38bd289bd605800ccfd90b044ec866f72a1c9d

Download Submit
C:\Windows\System\HLDzgcF.exe

Filesize
6.0MB

MD5
34b3d56f368b77c3240a81d76b597819

SHA1
4bff9f43e6b6f1da1911cc093345ac329a9223b9

SHA256
372055604017f68ea93808b7ff254896d611fe49b1b764512736cdf109d7e2c3

SHA512
724b649f8f0050bfebcee3b0ca0810516adffd7b498c9251e9ebb1407dfc129cf837d28d8c662042234ddc6a1ca537f136705a5b42b3b4e8cf6b92d6b8e5b48f

Download Submit
C:\Windows\System\HcNvvOR.exe

Filesize
6.0MB

MD5
c29acec80650df6b5d17fe68420a2e6f

SHA1
ad042f8271ddd485013ddfe4880d291ee1446219

SHA256
590ec380d5d75664cb260c137e87041c196077e1006345d0ca2ad0702bc4dcbb

SHA512
8e0f571316b452b7d187a4718a272a0d95cf2c91c4382ea3ce2627a345f9d29491ac2f066824b9796a75e63ad4b1002ef40d60bb1d825fd3628faba1ed4e26b8

Download Submit
C:\Windows\System\JAbdfUH.exe

Filesize
6.0MB

MD5
a78b083c2796cecbd8a48241f61fa96f

SHA1
c9935da8b94466adf76b97fb3729f40e7f8cf89b

SHA256
70d63a88f7428914fd5df6f31f4a0534160ac0f4b4eeaf4e0f5e83164e2c0d63

SHA512
05b95f054ca48716833a227521e1269b0f3c6ed099a1e3a2426ca1ccf13e386fece60e5e961298542c4e7491ee8900f7afff845547ac5f17a939ac9956e458ea

Download Submit
C:\Windows\System\LWPlZhY.exe

Filesize
6.0MB

MD5
e33354f2dadefb8721378bfb97a96bf0

SHA1
516746b069c6bc769babe24dc5970fa4b92e1fe9

SHA256
d2f23dc9f4899db94e79b32d498289f2782b7b007ccf986c809b521c66221129

SHA512
a047dba5c0fe89decaab4a4b8127772976099af68876ebf66f23f1db1eb719d4486f9917a1bad2ba178c165c0b1f893668a3da44148aaefd8f9a8ea0533406a7

Download Submit
C:\Windows\System\PtokoiE.exe

Filesize
6.0MB

MD5
d8714940c30d3e0b7ee69b50d71f6ddb

SHA1
d55de78f2e8d0a41ea0d48848509986db120a768

SHA256
5e7236f2f3af81ea433187f57f00b5648c797e90d3c70696b1faaf741444764f

SHA512
32b3262c36ef245c0d62558a0414e7ffc330d2d73e872abcf7c561552ffcba45c7191d98ecfb849eb8b30eb5ca0e0ea65e88dab56be3897abfbe91c3343222aa

Download Submit
C:\Windows\System\RXncFzd.exe

Filesize
6.0MB

MD5
70d7f8273548d6fec70c52d740450a5e

SHA1
b3a5dde3846abaa3c9d3fd0722a709800532ebd8

SHA256
cc1b542da0428a90acb77a39947922734096ee94c7f08f39486968adddb31292

SHA512
e7bb5d145bbdb6461faca09dbeec0dd625a80f0395ef8ebec687d9a5e12fad9f485f166ee64f3a4524298b625d26d9edab9d55d755deccf9b6897ca1574ffdc0

Download Submit
C:\Windows\System\RhLUrzS.exe

Filesize
6.0MB

MD5
ef4ec3b28da8f0bad96a3d813bee178a

SHA1
b9b13bcd44497decdd3103c48f073d4ff853e481

SHA256
968010723135d378d7cae5d7c1b2e7439ad2d1fe4c3ec8d135e0dd0c14bff485

SHA512
8097162ae2e5b0807f95fc1fd10409bf71311baef1e6c51ff4d3dd2ecb3205043b6ab0c7b1f90f964cc16e544293f928fcfabbe423fe5ee5493501f1eebb423c

Download Submit
C:\Windows\System\RuCxNlb.exe

Filesize
6.0MB

MD5
736576c4f3372a7adecd0c817f11c760

SHA1
10e206ee81e665166c5cb7758b49e5128534f3fc

SHA256
959509923b3814a08a7ac871d37792c979e59d8c46ef95df833e478182631b65

SHA512
8afc626b6d8fb5eb39c92d35d1fa8118a071a1b11f9af6ae94b801728be3379df42896708d18b832191fe63f0ff40b71789d28e1349a930e5f4ee18e67f3a071

Download Submit
C:\Windows\System\TlEqCUQ.exe

Filesize
6.0MB

MD5
b9ac171cf5fab6c6877b9ed280bc024e

SHA1
758f407dee591e791dc1066fa7b72522939c1a28

SHA256
e4894f64a904b21b524da4857513c6f94a25108ed322ccf6c3b15eddf6e2c39a

SHA512
1493e85ebe1cacee52c312362dae82c60dd2c67aeeada8dfd8afd91fdb8d3ec45eb362fd6b9afff77d14fa40cd6487517067a223944b0f01f7cb75364c232f71

Download Submit
C:\Windows\System\VQUEBKR.exe

Filesize
6.0MB

MD5
2a73498c335badb62ece60753fcd80d1

SHA1
32e2328db4037d5993715145de5f24e65d9a9f0e

SHA256
43b64e2a48015ec23350ec8489a0a213a9349b432de500349bc89420ce67f850

SHA512
b11e2b64e284148863d1873e77e280f493466a054422418c756ab299d3edfb79e4992144d62cb39370cac164aa85db031395d73197a5dc2e904983e85176e4e9

Download Submit
C:\Windows\System\ZEQWaUE.exe

Filesize
6.0MB

MD5
36f742620237d946b7920e40b3121bd0

SHA1
96474ce8051692ce72d87da56e04d0d8fa6d7b1f

SHA256
14352cf4fcc79477eafc1eb3065071b760a83b1e37362c7fb15e6d74764c0ff2

SHA512
5f06708f372c1d12b338230047e6f5b0eeb9981141127808404dd77bf8fb980fe2e22fb7604148b5e87e2dfbfab28f350809758e1ba098861c79f15cebe09d45

Download Submit
C:\Windows\System\ZfiNGXc.exe

Filesize
6.0MB

MD5
3c80a20f4091641aa27b8fed15adc88e

SHA1
5c070b8d470ccace015a619eda90458f0519c527

SHA256
e1892bb6e56612d744dcc22da93c46d382cbe9112c8232a9021bb95c9d22a23f

SHA512
1c9a1a361e94cc32a1c869b986e20c575dfe13b44524cfa6bd86db6103e32aff9e3611bb14926bccccb8dd0a489b9086759dc88f10ea9daab7b5c3e7d71e5c0d

Download Submit
C:\Windows\System\ZvRuMlV.exe

Filesize
6.0MB

MD5
8f8ad1acd3dbb6bd0de4c95db9bcca47

SHA1
a0858a550779cb2a420aa2a4fd9310e2b81abb2d

SHA256
b5c967c75efb0f0b0f4dab92ceab3cd7084e793721fcf5485407f20c8b808634

SHA512
8058ac233f1e8e49c1be038274e74490f948db1187c70817cc5f45763ceaac8f8fd1e41b115234c9581b9383a19ceb926908be615edf15bf13f5bf5feee5e012

Download Submit
C:\Windows\System\aBapBjc.exe

Filesize
6.0MB

MD5
cf5e019aa8f4bcb30d24e8e9e2b85052

SHA1
4cc553a46933e0e369f69fc80c0dfc3b13080716

SHA256
e509c1d93f13034a5e2938f8308180b16d6df5949b7e26051331cc70ab03aecd

SHA512
d9be40af1321fb9fe27d8605e4cb6a0abf60bef0a505885c13206e708401b96502d0106ff6d7bea4605d2e5f81c1495b4d776186897e3fd8cf86a4c62b4a6e7d

Download Submit
C:\Windows\System\epdnMlA.exe

Filesize
6.0MB

MD5
6f977eea30375b6de3e1f774b8d09f65

SHA1
fe8b3ac44d82eee4f40d8537b49827b2d2494597

SHA256
4d0ff44978b04344b82014704d532c0ff91947c34620af8c0a2ae5c100f6bf67

SHA512
5f13c8d0d8937cb620c1ec95420425b9ec5b35ff491c5c1a527dadd114d791fb4619edb3baa2be75b820b7854e7be2982ed364e056ea1ae0f87a87615b6125c2

Download Submit
C:\Windows\System\jSJkaxf.exe

Filesize
6.0MB

MD5
8bddca108aca8d0ebd61a85cb85339d9

SHA1
7fa0a0337dfe46153ccd4208af895c81693980bc

SHA256
ccbd05d8de28012d1ac9b3a06516db9f99f712f289f2a533ff8c26ef588fdf83

SHA512
4eb61c7a69259efaea3174afe90888d6dfbadb2190a18fe6ff7d2e7c1e5111104915a081cb8108f4408498fbb48092143601fe7638688f709c711fca2b44bbee

Download Submit
C:\Windows\System\jnpeXzL.exe

Filesize
6.0MB

MD5
676043b54e0727eea8d87445f06564f1

SHA1
56b3498289338da5a5f1bdc587959959a5a052ae

SHA256
72d6b4b4bf6b26702d8bb4ef214645dee3e3880e9cdfb8d432ce7bdd43408608

SHA512
c4996024b26e4ce3b234bdab0d8ba33278822c6a4f8a846a30704967ede640d13897a53c90998f1963580caa56887f85f8193d8083fd865b4d5b9e1bf52f0bdf

Download Submit
C:\Windows\System\kDzaQBx.exe

Filesize
6.0MB

MD5
492517afc8cd78a5cfbac54f69142166

SHA1
d2ce7901e822944a1bd8baf89db27f3a1239d44e

SHA256
f85551acf588b465d7bd2ebb25269189ca922f839b5797db7898f7b9ae29c495

SHA512
06390607bd4281621d676b5ea84546ec889962da5bcf020138fd9aade5df54074f63dc405b7752c3937639320657f5171f78f856a692d0ff75ebc19f3d8a9982

Download Submit
C:\Windows\System\mDDIkbo.exe

Filesize
6.0MB

MD5
4e8d4ecb1e6b3142d8147f5a7213b052

SHA1
56d52d5c932b1561021d1640e710c3578ef3d941

SHA256
641e3023e4e26dcf97f5c21d592756adbae75501cb2a597237ef5247c6e18cf3

SHA512
f5bb7d7916166c6dab3ae329991fa85cdc41e2170987911ea51e3205c36c0a459c294aa644df89094259b6ece09ec2b37e61eb87ddf4b2cc40add1e1a884d9d3

Download Submit
C:\Windows\System\mDONTCq.exe

Filesize
6.0MB

MD5
30dbc8759b539e18910f2dfe16d960db

SHA1
66b205a2bda615d1f3daf871959d32932f2797a3

SHA256
3a06183db63d51da6a8fa3b9212c80d4a6e0d37e0cd4cf2eb34912e0b46b9e8c

SHA512
9dbe9f8ab8a95737ea529444536a63dacd33168e7694886ec1855410a60396973d7ab3ffc9f12e6f15c50c56bf7c07a82665e98aa801bb919b3ecb5975f6310b

Download Submit
C:\Windows\System\mMWjjpI.exe

Filesize
6.0MB

MD5
45bf3bc4e852066d88607ca1494edef2

SHA1
dd99e2f7acd052f29ecb93d6b4f3b53aa9771182

SHA256
32c464ec31b04f4b4001044e82d051045f7fd0776245ead408524377ba25d803

SHA512
7e8f3e906a7d6d9821df8dd468d0c41c111e5aff9a38f0a791f60989e29cbcc715b916da03c3ab40f487e63805950c45851a83fd7c9fe3f4b4732bd00b708f48

Download Submit
C:\Windows\System\pnLXlki.exe

Filesize
6.0MB

MD5
0d4af067c8f8739cba4f5c82e39553d4

SHA1
e6b3786c81391c10e18b94937f3076f8562100c7

SHA256
76b6ff8d32965ec90315900f444f36712d3fc1f26f6514cc3b09fe596f8160c5

SHA512
1256fc176fbbd29d9fa16b07e64dba07b08067f1ebdc354292501f9b981a3a995e6ab6471f5d00644ee451ff2a771dc12c514d285ed464bdb5575b6c7c2b291f

Download Submit
C:\Windows\System\tenKQpm.exe

Filesize
6.0MB

MD5
9e451467262a91307d7ecdd20e944c2c

SHA1
f29ce25d7e7e720691455dd47d00040028934697

SHA256
4172c2fc25810def2fdd501540b30bdf32ae747bfec355839a6aed7f567b851a

SHA512
6479eb7fe62f2e49d4cde0078507f881b8d839c359209cb86ef5d6c13844d3635e24ee9fd6769e5c35d757224efb4b722d57ff5c923f592ca9582b37a3f6b063

Download Submit
C:\Windows\System\uSnGItr.exe

Filesize
6.0MB

MD5
7b19fa4bd7b11b689a35411ae1fa618f

SHA1
e3f66f795baf4d59097175bb2481a4faf4847f61

SHA256
38522791e0cea86b474f4ab8bcbe6ead7487dcbd7ad2b730724cbe92f51004bf

SHA512
dbcb5e20a50221ee1ba9d212ae8e5795e5b6acec6c07fe8eede7500bfd8b1181668e75de2b7a51ff466c3a781f037664056d6982e6be4d8a889956aa2a7f3396

Download Submit
C:\Windows\System\uyXAreH.exe

Filesize
6.0MB

MD5
3375359282ba150792b58aa8b8b790be

SHA1
f13f4e57eb2e3dd02611f97b14a323a397fd8e52

SHA256
f25d9dd010b8866cc205dab5a1765e5bea9381c713efff441c61dacc5d45bfb0

SHA512
69c158d0b42760edf3a95662be2d9f983e52a452ef3c2ec9891052bc68c9c506fe365840808ad0adb7f00554ddf74cbd44609d2a3157e2c5ca80b1b9e6f4c62d

Download Submit
C:\Windows\System\uzGMXcv.exe

Filesize
6.0MB

MD5
e131508d75291e070761687fb45f6f47

SHA1
23cf57b36370e793001a84db6c74cbdc41848b2b

SHA256
7880a5fd794a9575d34d0ab833025256d13226494773da73d1f55d5665b27190

SHA512
d1267ca7245a1aafbc230bd61f183c1702f38bd4ee9680e56acde7a3846ec15c2db4bf9b2469b42bb291ae673ddf11aea0a6a188780a2cd5b0897d6cfbda317e

Download Submit
C:\Windows\System\vdQTemK.exe

Filesize
6.0MB

MD5
efeebda926941ff5236df540f75b63c8

SHA1
061e5b81f4677acfd7325955268363b6688fe075

SHA256
2ca197cc3aecdc228498532a9bd79600dfdafc913cd84534056a79252423453c

SHA512
d6bc76317e866f5dd763f24c8e2441bf20c1db48cf0890b008e5608cd2d152a02982a44bb934a046a884039416dbf90c827d844f7e59a550ffc68aecc56ee352

Download Submit
C:\Windows\System\ywyeiox.exe

Filesize
6.0MB

MD5
3309e83f17b3f043b52bc8283519ca64

SHA1
d5700552ad33626c051f665c00c54018dd567e0a

SHA256
aedef9d93e7a6fcc75067df2a18679f900afb068d1fd1e1fca04e6628f59df71

SHA512
97d50b7998f9a4b46177b205b89ca06f6c6191b0d6400891f9d5e530a3f6bd27bb61c7a82584040eaa46a0fd09b0a4d1a6126cc52d2443ed568afa915e046142

Download Submit
memory/796-682-0x00007FF7BB4F0000-0x00007FF7BB844000-memory.dmp

Filesize
3.3MB

Download
memory/796-1416-0x00007FF7BB4F0000-0x00007FF7BB844000-memory.dmp

Filesize
3.3MB

Download
memory/808-656-0x00007FF77AFC0000-0x00007FF77B314000-memory.dmp

Filesize
3.3MB

Download
memory/808-1395-0x00007FF77AFC0000-0x00007FF77B314000-memory.dmp

Filesize
3.3MB

Download
memory/1016-1426-0x00007FF6CF880000-0x00007FF6CFBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1016-726-0x00007FF6CF880000-0x00007FF6CFBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1076-1421-0x00007FF605070000-0x00007FF6053C4000-memory.dmp

Filesize
3.3MB

Download
memory/1076-741-0x00007FF605070000-0x00007FF6053C4000-memory.dmp

Filesize
3.3MB

Download
memory/1356-646-0x00007FF7EF2B0000-0x00007FF7EF604000-memory.dmp

Filesize
3.3MB

Download
memory/1356-1384-0x00007FF7EF2B0000-0x00007FF7EF604000-memory.dmp

Filesize
3.3MB

Download
memory/1380-722-0x00007FF6474D0000-0x00007FF647824000-memory.dmp

Filesize
3.3MB

Download
memory/1380-1418-0x00007FF6474D0000-0x00007FF647824000-memory.dmp

Filesize
3.3MB

Download
memory/1452-634-0x00007FF6BA7D0000-0x00007FF6BAB24000-memory.dmp

Filesize
3.3MB

Download
memory/1452-1377-0x00007FF6BA7D0000-0x00007FF6BAB24000-memory.dmp

Filesize
3.3MB

Download
memory/1596-736-0x00007FF649880000-0x00007FF649BD4000-memory.dmp

Filesize
3.3MB

Download
memory/1596-1428-0x00007FF649880000-0x00007FF649BD4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-1410-0x00007FF74F450000-0x00007FF74F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-667-0x00007FF74F450000-0x00007FF74F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1840-1388-0x00007FF731D10000-0x00007FF732064000-memory.dmp

Filesize
3.3MB

Download
memory/1840-650-0x00007FF731D10000-0x00007FF732064000-memory.dmp

Filesize
3.3MB

Download
memory/2244-754-0x00007FF6283B0000-0x00007FF628704000-memory.dmp

Filesize
3.3MB

Download
memory/2244-1374-0x00007FF6283B0000-0x00007FF628704000-memory.dmp

Filesize
3.3MB

Download
memory/2300-1-0x0000023513860000-0x0000023513870000-memory.dmp

Filesize
64KB

Download
memory/2300-1386-0x00007FF670800000-0x00007FF670B54000-memory.dmp

Filesize
3.3MB

Download
memory/2300-0-0x00007FF670800000-0x00007FF670B54000-memory.dmp

Filesize
3.3MB

Download
memory/2408-750-0x00007FF775260000-0x00007FF7755B4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-1378-0x00007FF775260000-0x00007FF7755B4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-1337-0x00007FF7A08E0000-0x00007FF7A0C34000-memory.dmp

Filesize
3.3MB

Download
memory/2432-8-0x00007FF7A08E0000-0x00007FF7A0C34000-memory.dmp

Filesize
3.3MB

Download
memory/2456-746-0x00007FF6DABD0000-0x00007FF6DAF24000-memory.dmp

Filesize
3.3MB

Download
memory/2456-1429-0x00007FF6DABD0000-0x00007FF6DAF24000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1425-0x00007FF675E40000-0x00007FF676194000-memory.dmp

Filesize
3.3MB

Download
memory/2828-719-0x00007FF675E40000-0x00007FF676194000-memory.dmp

Filesize
3.3MB

Download
memory/3132-641-0x00007FF6D8880000-0x00007FF6D8BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3132-1379-0x00007FF6D8880000-0x00007FF6D8BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3240-745-0x00007FF6A66B0000-0x00007FF6A6A04000-memory.dmp

Filesize
3.3MB

Download
memory/3240-1420-0x00007FF6A66B0000-0x00007FF6A6A04000-memory.dmp

Filesize
3.3MB

Download
memory/3252-1405-0x00007FF7BB8B0000-0x00007FF7BBC04000-memory.dmp

Filesize
3.3MB

Download
memory/3252-664-0x00007FF7BB8B0000-0x00007FF7BBC04000-memory.dmp

Filesize
3.3MB

Download
memory/3416-661-0x00007FF7999C0000-0x00007FF799D14000-memory.dmp

Filesize
3.3MB

Download
memory/3416-1396-0x00007FF7999C0000-0x00007FF799D14000-memory.dmp

Filesize
3.3MB

Download
memory/3428-675-0x00007FF630020000-0x00007FF630374000-memory.dmp

Filesize
3.3MB

Download
memory/3428-1414-0x00007FF630020000-0x00007FF630374000-memory.dmp

Filesize
3.3MB

Download
memory/3684-678-0x00007FF7B6460000-0x00007FF7B67B4000-memory.dmp

Filesize
3.3MB

Download
memory/3684-1415-0x00007FF7B6460000-0x00007FF7B67B4000-memory.dmp

Filesize
3.3MB

Download
memory/4320-1370-0x00007FF6D1F60000-0x00007FF6D22B4000-memory.dmp

Filesize
3.3MB

Download
memory/4320-22-0x00007FF6D1F60000-0x00007FF6D22B4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-644-0x00007FF7720B0000-0x00007FF772404000-memory.dmp

Filesize
3.3MB

Download
memory/4476-1383-0x00007FF7720B0000-0x00007FF772404000-memory.dmp

Filesize
3.3MB

Download
memory/4504-1407-0x00007FF7B3B30000-0x00007FF7B3E84000-memory.dmp

Filesize
3.3MB

Download
memory/4504-670-0x00007FF7B3B30000-0x00007FF7B3E84000-memory.dmp

Filesize
3.3MB

Download
memory/4656-1427-0x00007FF6BA2E0000-0x00007FF6BA634000-memory.dmp

Filesize
3.3MB

Download
memory/4656-732-0x00007FF6BA2E0000-0x00007FF6BA634000-memory.dmp

Filesize
3.3MB

Download
memory/4664-12-0x00007FF77B5F0000-0x00007FF77B944000-memory.dmp

Filesize
3.3MB

Download
memory/4664-1369-0x00007FF77B5F0000-0x00007FF77B944000-memory.dmp

Filesize
3.3MB

Download
memory/4856-1417-0x00007FF688BB0000-0x00007FF688F04000-memory.dmp

Filesize
3.3MB

Download
memory/4856-694-0x00007FF688BB0000-0x00007FF688F04000-memory.dmp

Filesize
3.3MB

Download
memory/4872-1422-0x00007FF684860000-0x00007FF684BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4872-737-0x00007FF684860000-0x00007FF684BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4924-1419-0x00007FF6E9FC0000-0x00007FF6EA314000-memory.dmp

Filesize
3.3MB

Download
memory/4924-716-0x00007FF6E9FC0000-0x00007FF6EA314000-memory.dmp

Filesize
3.3MB

Download