cobaltstrike | 3ec35792e97d0a02786f69793925d8a9dd0c48da1d977b0b9b6d479686d4409c

Analysis

max time kernel
150s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2024 02:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

443a40d649cd1db1983237b7a3e8e6c0
SHA1

b6fb614820370fa6064e6e30b205b8807ed4e634
SHA256

3ec35792e97d0a02786f69793925d8a9dd0c48da1d977b0b9b6d479686d4409c
SHA512

6cf3bb72e34a7df21496c72696977f17fe1eb76c2712598363c5149936796811f4106eb3f1f8438cd79fbd9a54b3c4a2489e1535cc52067549aeb9d36e5d3523
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUM:T+q56utgpPF8u/7M

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000f000000023bc3-5.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bd3-11.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bd7-9.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bdc-25.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bdd-34.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bcc-27.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bde-40.dat	cobalt_reflective_dll
behavioral2/files/0x0002000000022af2-47.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000023b1c-54.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c0e-68.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c10-84.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c0f-75.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bdf-65.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c11-88.dat	cobalt_reflective_dll
behavioral2/files/0x0002000000022ae8-91.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023b16-102.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023b17-107.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000023b18-117.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c12-123.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c18-129.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c19-134.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c32-146.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c1a-149.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c35-165.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c33-167.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c37-171.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c36-183.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023c4c-185.dat	cobalt_reflective_dll
behavioral2/files/0x0016000000023c4d-189.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c57-194.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c64-204.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c63-203.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c34-176.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c2c-152.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3928-0-0x00007FF604880000-0x00007FF604BD4000-memory.dmp	xmrig
behavioral2/files/0x000f000000023bc3-5.dat	xmrig
behavioral2/files/0x0009000000023bd3-11.dat	xmrig
behavioral2/files/0x000e000000023bd7-9.dat	xmrig
behavioral2/memory/2592-12-0x00007FF7AD1B0000-0x00007FF7AD504000-memory.dmp	xmrig
behavioral2/memory/2712-6-0x00007FF66B8D0000-0x00007FF66BC24000-memory.dmp	xmrig
behavioral2/memory/224-18-0x00007FF7E54F0000-0x00007FF7E5844000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bdc-25.dat	xmrig
behavioral2/memory/992-32-0x00007FF694E40000-0x00007FF695194000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bdd-34.dat	xmrig
behavioral2/memory/32-35-0x00007FF7F2D50000-0x00007FF7F30A4000-memory.dmp	xmrig
behavioral2/memory/3012-33-0x00007FF7D6250000-0x00007FF7D65A4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023bcc-27.dat	xmrig
behavioral2/files/0x0008000000023bde-40.dat	xmrig
behavioral2/memory/3424-41-0x00007FF6A4D20000-0x00007FF6A5074000-memory.dmp	xmrig
behavioral2/files/0x0002000000022af2-47.dat	xmrig
behavioral2/memory/3928-48-0x00007FF604880000-0x00007FF604BD4000-memory.dmp	xmrig
behavioral2/files/0x000d000000023b1c-54.dat	xmrig
behavioral2/memory/2712-55-0x00007FF66B8D0000-0x00007FF66BC24000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c0e-68.dat	xmrig
behavioral2/memory/992-80-0x00007FF694E40000-0x00007FF695194000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c10-84.dat	xmrig
behavioral2/memory/4408-83-0x00007FF7B7450000-0x00007FF7B77A4000-memory.dmp	xmrig
behavioral2/memory/3256-82-0x00007FF6151B0000-0x00007FF615504000-memory.dmp	xmrig
behavioral2/memory/224-79-0x00007FF7E54F0000-0x00007FF7E5844000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c0f-75.dat	xmrig
behavioral2/memory/4076-72-0x00007FF78DBF0000-0x00007FF78DF44000-memory.dmp	xmrig
behavioral2/memory/4312-69-0x00007FF6CB660000-0x00007FF6CB9B4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bdf-65.dat	xmrig
behavioral2/memory/2592-63-0x00007FF7AD1B0000-0x00007FF7AD504000-memory.dmp	xmrig
behavioral2/memory/2948-57-0x00007FF613410000-0x00007FF613764000-memory.dmp	xmrig
behavioral2/memory/2444-53-0x00007FF66DA80000-0x00007FF66DDD4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c11-88.dat	xmrig
behavioral2/files/0x0002000000022ae8-91.dat	xmrig
behavioral2/memory/2912-95-0x00007FF796700000-0x00007FF796A54000-memory.dmp	xmrig
behavioral2/memory/32-94-0x00007FF7F2D50000-0x00007FF7F30A4000-memory.dmp	xmrig
behavioral2/memory/3424-99-0x00007FF6A4D20000-0x00007FF6A5074000-memory.dmp	xmrig
behavioral2/memory/3516-98-0x00007FF6D2850000-0x00007FF6D2BA4000-memory.dmp	xmrig
behavioral2/files/0x000e000000023b16-102.dat	xmrig
behavioral2/files/0x000c000000023b17-107.dat	xmrig
behavioral2/memory/912-106-0x00007FF6229F0000-0x00007FF622D44000-memory.dmp	xmrig
behavioral2/memory/3228-113-0x00007FF747930000-0x00007FF747C84000-memory.dmp	xmrig
behavioral2/memory/4312-115-0x00007FF6CB660000-0x00007FF6CB9B4000-memory.dmp	xmrig
behavioral2/files/0x000d000000023b18-117.dat	xmrig
behavioral2/memory/4876-116-0x00007FF6F4490000-0x00007FF6F47E4000-memory.dmp	xmrig
behavioral2/memory/2948-114-0x00007FF613410000-0x00007FF613764000-memory.dmp	xmrig
behavioral2/memory/2444-109-0x00007FF66DA80000-0x00007FF66DDD4000-memory.dmp	xmrig
behavioral2/memory/4076-121-0x00007FF78DBF0000-0x00007FF78DF44000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c12-123.dat	xmrig
behavioral2/files/0x0008000000023c18-129.dat	xmrig
behavioral2/memory/864-130-0x00007FF688C40000-0x00007FF688F94000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c19-134.dat	xmrig
behavioral2/files/0x0008000000023c32-146.dat	xmrig
behavioral2/memory/4012-147-0x00007FF65C260000-0x00007FF65C5B4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c1a-149.dat	xmrig
behavioral2/files/0x0008000000023c35-165.dat	xmrig
behavioral2/files/0x0008000000023c33-167.dat	xmrig
behavioral2/files/0x0008000000023c37-171.dat	xmrig
behavioral2/files/0x0008000000023c36-183.dat	xmrig
behavioral2/files/0x000b000000023c4c-185.dat	xmrig
behavioral2/files/0x0016000000023c4d-189.dat	xmrig
behavioral2/files/0x0008000000023c57-194.dat	xmrig
behavioral2/files/0x0008000000023c64-204.dat	xmrig
behavioral2/memory/4968-213-0x00007FF6A07F0000-0x00007FF6A0B44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2712	ZrvRQxs.exe
2592	RbtnHrG.exe
224	ykqpeda.exe
992	aSOPgDp.exe
3012	KNiFuYA.exe
32	WnAwPIo.exe
3424	OZMJTrG.exe
2444	CeoWNqP.exe
2948	fzPahTI.exe
4312	bCmXnZC.exe
4076	arAwtbn.exe
3256	XeGFiOC.exe
4408	zWIvBCb.exe
2912	LvSiHQO.exe
3516	jOSiaWX.exe
912	NUiCfYx.exe
3228	rMWWXkn.exe
4876	MGgOqxq.exe
864	yXHeeRm.exe
2684	lCXoYnu.exe
4012	zaYrmOq.exe
1000	WozSqrk.exe
2700	jZMvlHy.exe
2284	PHsXSpz.exe
2176	bUpjmtu.exe
1400	VyrgOrX.exe
3580	dtTshBP.exe
4968	WCGIYYa.exe
3716	lKBxtGt.exe
2852	EurwKHG.exe
2400	PwBgKCQ.exe
5052	skQjEPJ.exe
3604	wzJkCEW.exe
1124	aeFcfBd.exe
620	VZTCbHs.exe
1968	GJSrUzX.exe
2304	poItnwI.exe
3020	vzxbGqh.exe
3468	hMHbkPA.exe
1836	ArsLTKB.exe
1020	tRVfsmG.exe
3260	mCTLoZb.exe
4136	VvTGcZJ.exe
4724	LytimoI.exe
4952	aNCYNgB.exe
4772	EgtLzyq.exe
3820	jRQllJJ.exe
1392	kgyTstz.exe
3596	GzvXLgG.exe
4384	ogKoyPX.exe
4352	soJzZTz.exe
856	vNhIBJj.exe
5108	lbmriPP.exe
4280	nDhaiXL.exe
3056	csSClhM.exe
1060	NTiVRrC.exe
4788	ckCrSQM.exe
5012	IhNHNgf.exe
4000	hyYNaJK.exe
852	OzRxCjN.exe
320	lXeiEHZ.exe
2828	gjZWxEb.exe
4056	LJDHhCM.exe
1084	WTXrftA.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3928-0-0x00007FF604880000-0x00007FF604BD4000-memory.dmp	upx
behavioral2/files/0x000f000000023bc3-5.dat	upx
behavioral2/files/0x0009000000023bd3-11.dat	upx
behavioral2/files/0x000e000000023bd7-9.dat	upx
behavioral2/memory/2592-12-0x00007FF7AD1B0000-0x00007FF7AD504000-memory.dmp	upx
behavioral2/memory/2712-6-0x00007FF66B8D0000-0x00007FF66BC24000-memory.dmp	upx
behavioral2/memory/224-18-0x00007FF7E54F0000-0x00007FF7E5844000-memory.dmp	upx
behavioral2/files/0x0008000000023bdc-25.dat	upx
behavioral2/memory/992-32-0x00007FF694E40000-0x00007FF695194000-memory.dmp	upx
behavioral2/files/0x0008000000023bdd-34.dat	upx
behavioral2/memory/32-35-0x00007FF7F2D50000-0x00007FF7F30A4000-memory.dmp	upx
behavioral2/memory/3012-33-0x00007FF7D6250000-0x00007FF7D65A4000-memory.dmp	upx
behavioral2/files/0x0009000000023bcc-27.dat	upx
behavioral2/files/0x0008000000023bde-40.dat	upx
behavioral2/memory/3424-41-0x00007FF6A4D20000-0x00007FF6A5074000-memory.dmp	upx
behavioral2/files/0x0002000000022af2-47.dat	upx
behavioral2/memory/3928-48-0x00007FF604880000-0x00007FF604BD4000-memory.dmp	upx
behavioral2/files/0x000d000000023b1c-54.dat	upx
behavioral2/memory/2712-55-0x00007FF66B8D0000-0x00007FF66BC24000-memory.dmp	upx
behavioral2/files/0x0008000000023c0e-68.dat	upx
behavioral2/memory/992-80-0x00007FF694E40000-0x00007FF695194000-memory.dmp	upx
behavioral2/files/0x0008000000023c10-84.dat	upx
behavioral2/memory/4408-83-0x00007FF7B7450000-0x00007FF7B77A4000-memory.dmp	upx
behavioral2/memory/3256-82-0x00007FF6151B0000-0x00007FF615504000-memory.dmp	upx
behavioral2/memory/224-79-0x00007FF7E54F0000-0x00007FF7E5844000-memory.dmp	upx
behavioral2/files/0x0008000000023c0f-75.dat	upx
behavioral2/memory/4076-72-0x00007FF78DBF0000-0x00007FF78DF44000-memory.dmp	upx
behavioral2/memory/4312-69-0x00007FF6CB660000-0x00007FF6CB9B4000-memory.dmp	upx
behavioral2/files/0x0008000000023bdf-65.dat	upx
behavioral2/memory/2592-63-0x00007FF7AD1B0000-0x00007FF7AD504000-memory.dmp	upx
behavioral2/memory/2948-57-0x00007FF613410000-0x00007FF613764000-memory.dmp	upx
behavioral2/memory/2444-53-0x00007FF66DA80000-0x00007FF66DDD4000-memory.dmp	upx
behavioral2/files/0x0008000000023c11-88.dat	upx
behavioral2/files/0x0002000000022ae8-91.dat	upx
behavioral2/memory/2912-95-0x00007FF796700000-0x00007FF796A54000-memory.dmp	upx
behavioral2/memory/32-94-0x00007FF7F2D50000-0x00007FF7F30A4000-memory.dmp	upx
behavioral2/memory/3424-99-0x00007FF6A4D20000-0x00007FF6A5074000-memory.dmp	upx
behavioral2/memory/3516-98-0x00007FF6D2850000-0x00007FF6D2BA4000-memory.dmp	upx
behavioral2/files/0x000e000000023b16-102.dat	upx
behavioral2/files/0x000c000000023b17-107.dat	upx
behavioral2/memory/912-106-0x00007FF6229F0000-0x00007FF622D44000-memory.dmp	upx
behavioral2/memory/3228-113-0x00007FF747930000-0x00007FF747C84000-memory.dmp	upx
behavioral2/memory/4312-115-0x00007FF6CB660000-0x00007FF6CB9B4000-memory.dmp	upx
behavioral2/files/0x000d000000023b18-117.dat	upx
behavioral2/memory/4876-116-0x00007FF6F4490000-0x00007FF6F47E4000-memory.dmp	upx
behavioral2/memory/2948-114-0x00007FF613410000-0x00007FF613764000-memory.dmp	upx
behavioral2/memory/2444-109-0x00007FF66DA80000-0x00007FF66DDD4000-memory.dmp	upx
behavioral2/memory/4076-121-0x00007FF78DBF0000-0x00007FF78DF44000-memory.dmp	upx
behavioral2/files/0x0008000000023c12-123.dat	upx
behavioral2/files/0x0008000000023c18-129.dat	upx
behavioral2/memory/864-130-0x00007FF688C40000-0x00007FF688F94000-memory.dmp	upx
behavioral2/files/0x0008000000023c19-134.dat	upx
behavioral2/files/0x0008000000023c32-146.dat	upx
behavioral2/memory/4012-147-0x00007FF65C260000-0x00007FF65C5B4000-memory.dmp	upx
behavioral2/files/0x0008000000023c1a-149.dat	upx
behavioral2/files/0x0008000000023c35-165.dat	upx
behavioral2/files/0x0008000000023c33-167.dat	upx
behavioral2/files/0x0008000000023c37-171.dat	upx
behavioral2/files/0x0008000000023c36-183.dat	upx
behavioral2/files/0x000b000000023c4c-185.dat	upx
behavioral2/files/0x0016000000023c4d-189.dat	upx
behavioral2/files/0x0008000000023c57-194.dat	upx
behavioral2/files/0x0008000000023c64-204.dat	upx
behavioral2/memory/4968-213-0x00007FF6A07F0000-0x00007FF6A0B44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wctlwPy.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFwXDMh.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lzSsuHY.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWlmEky.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEFOEjR.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ofVXjBM.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gEJyPcP.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eSXTpyo.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZPoybO.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbtnHrG.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WROvVIB.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QUSgdDx.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ViiUqgE.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtIwqmj.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kwENNAT.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTVzEmG.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAPtyeu.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HORIMLe.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUiCfYx.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gtRQKHL.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aXREwOv.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\reXAdPB.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtfTPdl.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rfwImvm.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhihuDk.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTCwlbd.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwOjMaj.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTWZuwf.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjzybCm.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXFbbiF.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AftATEa.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EKaXjfr.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwnhyHa.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sncWBHC.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MLSRQvG.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\unhEwqF.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXLmMpU.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCbyFms.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dObxnoG.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPMkDTe.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PwqSLyr.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKrTNrx.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNeRzRA.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQiJnzZ.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwXxidd.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPRwVmH.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSEcDvq.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QblTdAG.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqQJrSC.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqmarQZ.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qAEQNIr.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lCXoYnu.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WuAeWeI.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOQHYuR.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWSBSTn.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFTjeYl.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SswtEBT.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qoFcvQl.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mrCxZhJ.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\piPIPGj.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RATaCxH.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVtDSwZ.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhzErES.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVgNYCX.exe	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3928 wrote to memory of 2712	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3928 wrote to memory of 2712	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3928 wrote to memory of 2592	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3928 wrote to memory of 2592	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3928 wrote to memory of 224	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3928 wrote to memory of 224	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3928 wrote to memory of 992	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3928 wrote to memory of 992	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3928 wrote to memory of 3012	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3928 wrote to memory of 3012	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3928 wrote to memory of 32	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3928 wrote to memory of 32	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3928 wrote to memory of 3424	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3928 wrote to memory of 3424	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3928 wrote to memory of 2444	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3928 wrote to memory of 2444	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3928 wrote to memory of 2948	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3928 wrote to memory of 2948	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3928 wrote to memory of 4312	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3928 wrote to memory of 4312	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3928 wrote to memory of 4076	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3928 wrote to memory of 4076	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3928 wrote to memory of 3256	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3928 wrote to memory of 3256	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3928 wrote to memory of 4408	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3928 wrote to memory of 4408	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3928 wrote to memory of 2912	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3928 wrote to memory of 2912	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3928 wrote to memory of 3516	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3928 wrote to memory of 3516	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3928 wrote to memory of 912	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3928 wrote to memory of 912	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3928 wrote to memory of 3228	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3928 wrote to memory of 3228	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3928 wrote to memory of 4876	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3928 wrote to memory of 4876	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3928 wrote to memory of 864	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3928 wrote to memory of 864	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3928 wrote to memory of 2684	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3928 wrote to memory of 2684	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3928 wrote to memory of 4012	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3928 wrote to memory of 4012	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3928 wrote to memory of 1000	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3928 wrote to memory of 1000	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3928 wrote to memory of 2700	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3928 wrote to memory of 2700	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3928 wrote to memory of 2284	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3928 wrote to memory of 2284	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3928 wrote to memory of 3580	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3928 wrote to memory of 3580	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3928 wrote to memory of 2176	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3928 wrote to memory of 2176	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3928 wrote to memory of 1400	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3928 wrote to memory of 1400	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3928 wrote to memory of 3716	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 3928 wrote to memory of 3716	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 3928 wrote to memory of 4968	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 3928 wrote to memory of 4968	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 3928 wrote to memory of 2852	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 3928 wrote to memory of 2852	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 3928 wrote to memory of 2400	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 3928 wrote to memory of 2400	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 3928 wrote to memory of 620	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	122
PID 3928 wrote to memory of 620	3928	2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe	122

C:\Users\Admin\AppData\Local\Temp\2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-18_443a40d649cd1db1983237b7a3e8e6c0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3928
- C:\Windows\System\ZrvRQxs.exe
  C:\Windows\System\ZrvRQxs.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\RbtnHrG.exe
  C:\Windows\System\RbtnHrG.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\ykqpeda.exe
  C:\Windows\System\ykqpeda.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\aSOPgDp.exe
  C:\Windows\System\aSOPgDp.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\KNiFuYA.exe
  C:\Windows\System\KNiFuYA.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\WnAwPIo.exe
  C:\Windows\System\WnAwPIo.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System\OZMJTrG.exe
  C:\Windows\System\OZMJTrG.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\CeoWNqP.exe
  C:\Windows\System\CeoWNqP.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\fzPahTI.exe
  C:\Windows\System\fzPahTI.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\bCmXnZC.exe
  C:\Windows\System\bCmXnZC.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\arAwtbn.exe
  C:\Windows\System\arAwtbn.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\XeGFiOC.exe
  C:\Windows\System\XeGFiOC.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\zWIvBCb.exe
  C:\Windows\System\zWIvBCb.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\LvSiHQO.exe
  C:\Windows\System\LvSiHQO.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\jOSiaWX.exe
  C:\Windows\System\jOSiaWX.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\NUiCfYx.exe
  C:\Windows\System\NUiCfYx.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\rMWWXkn.exe
  C:\Windows\System\rMWWXkn.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\MGgOqxq.exe
  C:\Windows\System\MGgOqxq.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\yXHeeRm.exe
  C:\Windows\System\yXHeeRm.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\lCXoYnu.exe
  C:\Windows\System\lCXoYnu.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\zaYrmOq.exe
  C:\Windows\System\zaYrmOq.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\WozSqrk.exe
  C:\Windows\System\WozSqrk.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\jZMvlHy.exe
  C:\Windows\System\jZMvlHy.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\PHsXSpz.exe
  C:\Windows\System\PHsXSpz.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\dtTshBP.exe
  C:\Windows\System\dtTshBP.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\bUpjmtu.exe
  C:\Windows\System\bUpjmtu.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\VyrgOrX.exe
  C:\Windows\System\VyrgOrX.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\lKBxtGt.exe
  C:\Windows\System\lKBxtGt.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\WCGIYYa.exe
  C:\Windows\System\WCGIYYa.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\EurwKHG.exe
  C:\Windows\System\EurwKHG.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\PwBgKCQ.exe
  C:\Windows\System\PwBgKCQ.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\VZTCbHs.exe
  C:\Windows\System\VZTCbHs.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\skQjEPJ.exe
  C:\Windows\System\skQjEPJ.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\wzJkCEW.exe
  C:\Windows\System\wzJkCEW.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\aeFcfBd.exe
  C:\Windows\System\aeFcfBd.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\GJSrUzX.exe
  C:\Windows\System\GJSrUzX.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\poItnwI.exe
  C:\Windows\System\poItnwI.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\vzxbGqh.exe
  C:\Windows\System\vzxbGqh.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\hMHbkPA.exe
  C:\Windows\System\hMHbkPA.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\ArsLTKB.exe
  C:\Windows\System\ArsLTKB.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\tRVfsmG.exe
  C:\Windows\System\tRVfsmG.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\mCTLoZb.exe
  C:\Windows\System\mCTLoZb.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\VvTGcZJ.exe
  C:\Windows\System\VvTGcZJ.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\LytimoI.exe
  C:\Windows\System\LytimoI.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\aNCYNgB.exe
  C:\Windows\System\aNCYNgB.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\EgtLzyq.exe
  C:\Windows\System\EgtLzyq.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\jRQllJJ.exe
  C:\Windows\System\jRQllJJ.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\kgyTstz.exe
  C:\Windows\System\kgyTstz.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\GzvXLgG.exe
  C:\Windows\System\GzvXLgG.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\ogKoyPX.exe
  C:\Windows\System\ogKoyPX.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\soJzZTz.exe
  C:\Windows\System\soJzZTz.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\vNhIBJj.exe
  C:\Windows\System\vNhIBJj.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\lbmriPP.exe
  C:\Windows\System\lbmriPP.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\nDhaiXL.exe
  C:\Windows\System\nDhaiXL.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\csSClhM.exe
  C:\Windows\System\csSClhM.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\NTiVRrC.exe
  C:\Windows\System\NTiVRrC.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\ckCrSQM.exe
  C:\Windows\System\ckCrSQM.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\IhNHNgf.exe
  C:\Windows\System\IhNHNgf.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\hyYNaJK.exe
  C:\Windows\System\hyYNaJK.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\OzRxCjN.exe
  C:\Windows\System\OzRxCjN.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\lXeiEHZ.exe
  C:\Windows\System\lXeiEHZ.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\gjZWxEb.exe
  C:\Windows\System\gjZWxEb.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\LJDHhCM.exe
  C:\Windows\System\LJDHhCM.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\WTXrftA.exe
  C:\Windows\System\WTXrftA.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\MeDZpeL.exe
  C:\Windows\System\MeDZpeL.exe
  2⤵
  PID:2012
- C:\Windows\System\ePyPkMY.exe
  C:\Windows\System\ePyPkMY.exe
  2⤵
  PID:1044
- C:\Windows\System\UFpTjjW.exe
  C:\Windows\System\UFpTjjW.exe
  2⤵
  PID:3924
- C:\Windows\System\wukHGXj.exe
  C:\Windows\System\wukHGXj.exe
  2⤵
  PID:4496
- C:\Windows\System\aPrTzXc.exe
  C:\Windows\System\aPrTzXc.exe
  2⤵
  PID:4396
- C:\Windows\System\pyMLzJL.exe
  C:\Windows\System\pyMLzJL.exe
  2⤵
  PID:4716
- C:\Windows\System\sJjpyPy.exe
  C:\Windows\System\sJjpyPy.exe
  2⤵
  PID:668
- C:\Windows\System\qosOqgI.exe
  C:\Windows\System\qosOqgI.exe
  2⤵
  PID:5136
- C:\Windows\System\WiVZyjH.exe
  C:\Windows\System\WiVZyjH.exe
  2⤵
  PID:5152
- C:\Windows\System\UYrnMdW.exe
  C:\Windows\System\UYrnMdW.exe
  2⤵
  PID:5168
- C:\Windows\System\aaJGwaI.exe
  C:\Windows\System\aaJGwaI.exe
  2⤵
  PID:5184
- C:\Windows\System\rwwGfoW.exe
  C:\Windows\System\rwwGfoW.exe
  2⤵
  PID:5200
- C:\Windows\System\UdajLBl.exe
  C:\Windows\System\UdajLBl.exe
  2⤵
  PID:5216
- C:\Windows\System\FNrOiuo.exe
  C:\Windows\System\FNrOiuo.exe
  2⤵
  PID:5232
- C:\Windows\System\TfZHfOi.exe
  C:\Windows\System\TfZHfOi.exe
  2⤵
  PID:5248
- C:\Windows\System\ieNvdOc.exe
  C:\Windows\System\ieNvdOc.exe
  2⤵
  PID:5264
- C:\Windows\System\hjgwAHk.exe
  C:\Windows\System\hjgwAHk.exe
  2⤵
  PID:5280
- C:\Windows\System\tgYLmab.exe
  C:\Windows\System\tgYLmab.exe
  2⤵
  PID:5296
- C:\Windows\System\iELSBSY.exe
  C:\Windows\System\iELSBSY.exe
  2⤵
  PID:5312
- C:\Windows\System\MviXfHF.exe
  C:\Windows\System\MviXfHF.exe
  2⤵
  PID:5328
- C:\Windows\System\pBuQuQT.exe
  C:\Windows\System\pBuQuQT.exe
  2⤵
  PID:5344
- C:\Windows\System\fXmzxiO.exe
  C:\Windows\System\fXmzxiO.exe
  2⤵
  PID:5360
- C:\Windows\System\MmyWJFS.exe
  C:\Windows\System\MmyWJFS.exe
  2⤵
  PID:5376
- C:\Windows\System\fbeHnIU.exe
  C:\Windows\System\fbeHnIU.exe
  2⤵
  PID:5392
- C:\Windows\System\IsgpHvJ.exe
  C:\Windows\System\IsgpHvJ.exe
  2⤵
  PID:5408
- C:\Windows\System\liyQJeu.exe
  C:\Windows\System\liyQJeu.exe
  2⤵
  PID:5424
- C:\Windows\System\xswSejk.exe
  C:\Windows\System\xswSejk.exe
  2⤵
  PID:5440
- C:\Windows\System\VYyGaCA.exe
  C:\Windows\System\VYyGaCA.exe
  2⤵
  PID:5456
- C:\Windows\System\GbCoKTX.exe
  C:\Windows\System\GbCoKTX.exe
  2⤵
  PID:5472
- C:\Windows\System\aQjbGgs.exe
  C:\Windows\System\aQjbGgs.exe
  2⤵
  PID:5488
- C:\Windows\System\dVaWLHB.exe
  C:\Windows\System\dVaWLHB.exe
  2⤵
  PID:5504
- C:\Windows\System\sccuItm.exe
  C:\Windows\System\sccuItm.exe
  2⤵
  PID:5520
- C:\Windows\System\bMiQZCq.exe
  C:\Windows\System\bMiQZCq.exe
  2⤵
  PID:5552
- C:\Windows\System\KgxqsbM.exe
  C:\Windows\System\KgxqsbM.exe
  2⤵
  PID:5568
- C:\Windows\System\ZFooWZu.exe
  C:\Windows\System\ZFooWZu.exe
  2⤵
  PID:5588
- C:\Windows\System\wZvMHwR.exe
  C:\Windows\System\wZvMHwR.exe
  2⤵
  PID:5724
- C:\Windows\System\IKzjYrZ.exe
  C:\Windows\System\IKzjYrZ.exe
  2⤵
  PID:5884
- C:\Windows\System\CnjIGsT.exe
  C:\Windows\System\CnjIGsT.exe
  2⤵
  PID:5988
- C:\Windows\System\wnDahmd.exe
  C:\Windows\System\wnDahmd.exe
  2⤵
  PID:6064
- C:\Windows\System\RXMpHgb.exe
  C:\Windows\System\RXMpHgb.exe
  2⤵
  PID:4068
- C:\Windows\System\KPLhYKG.exe
  C:\Windows\System\KPLhYKG.exe
  2⤵
  PID:5132
- C:\Windows\System\WROvVIB.exe
  C:\Windows\System\WROvVIB.exe
  2⤵
  PID:5272
- C:\Windows\System\pypfLpE.exe
  C:\Windows\System\pypfLpE.exe
  2⤵
  PID:5372
- C:\Windows\System\VbkCptR.exe
  C:\Windows\System\VbkCptR.exe
  2⤵
  PID:5480
- C:\Windows\System\wpruZBo.exe
  C:\Windows\System\wpruZBo.exe
  2⤵
  PID:5560
- C:\Windows\System\YsSbhYJ.exe
  C:\Windows\System\YsSbhYJ.exe
  2⤵
  PID:5732
- C:\Windows\System\HPdPLnO.exe
  C:\Windows\System\HPdPLnO.exe
  2⤵
  PID:5896
- C:\Windows\System\reXAdPB.exe
  C:\Windows\System\reXAdPB.exe
  2⤵
  PID:5916
- C:\Windows\System\ECMjxoy.exe
  C:\Windows\System\ECMjxoy.exe
  2⤵
  PID:5980
- C:\Windows\System\KzZiQrY.exe
  C:\Windows\System\KzZiQrY.exe
  2⤵
  PID:6104
- C:\Windows\System\gCdRqOF.exe
  C:\Windows\System\gCdRqOF.exe
  2⤵
  PID:2180
- C:\Windows\System\aqekmGy.exe
  C:\Windows\System\aqekmGy.exe
  2⤵
  PID:4920
- C:\Windows\System\lBZUxNb.exe
  C:\Windows\System\lBZUxNb.exe
  2⤵
  PID:4256
- C:\Windows\System\IqpYZfc.exe
  C:\Windows\System\IqpYZfc.exe
  2⤵
  PID:4888
- C:\Windows\System\fDcPMPl.exe
  C:\Windows\System\fDcPMPl.exe
  2⤵
  PID:3124
- C:\Windows\System\WEkLMwv.exe
  C:\Windows\System\WEkLMwv.exe
  2⤵
  PID:3964
- C:\Windows\System\BqDzOur.exe
  C:\Windows\System\BqDzOur.exe
  2⤵
  PID:2560
- C:\Windows\System\EyXYftW.exe
  C:\Windows\System\EyXYftW.exe
  2⤵
  PID:3668
- C:\Windows\System\Jbioeit.exe
  C:\Windows\System\Jbioeit.exe
  2⤵
  PID:4944
- C:\Windows\System\cJGcZvy.exe
  C:\Windows\System\cJGcZvy.exe
  2⤵
  PID:5240
- C:\Windows\System\GClkoRG.exe
  C:\Windows\System\GClkoRG.exe
  2⤵
  PID:5416
- C:\Windows\System\AftATEa.exe
  C:\Windows\System\AftATEa.exe
  2⤵
  PID:5696
- C:\Windows\System\CCqOHOk.exe
  C:\Windows\System\CCqOHOk.exe
  2⤵
  PID:5908
- C:\Windows\System\vZlrXjw.exe
  C:\Windows\System\vZlrXjw.exe
  2⤵
  PID:6092
- C:\Windows\System\vLTYIjU.exe
  C:\Windows\System\vLTYIjU.exe
  2⤵
  PID:4388
- C:\Windows\System\FWWUYSq.exe
  C:\Windows\System\FWWUYSq.exe
  2⤵
  PID:4524
- C:\Windows\System\pJohbmQ.exe
  C:\Windows\System\pJohbmQ.exe
  2⤵
  PID:2440
- C:\Windows\System\KSgJSKw.exe
  C:\Windows\System\KSgJSKw.exe
  2⤵
  PID:3576
- C:\Windows\System\LczVXeI.exe
  C:\Windows\System\LczVXeI.exe
  2⤵
  PID:1228
- C:\Windows\System\oOcJMlh.exe
  C:\Windows\System\oOcJMlh.exe
  2⤵
  PID:4552
- C:\Windows\System\haGLihl.exe
  C:\Windows\System\haGLihl.exe
  2⤵
  PID:6048
- C:\Windows\System\ZVXWsIf.exe
  C:\Windows\System\ZVXWsIf.exe
  2⤵
  PID:4368
- C:\Windows\System\JCbyFms.exe
  C:\Windows\System\JCbyFms.exe
  2⤵
  PID:1372
- C:\Windows\System\zenHdNn.exe
  C:\Windows\System\zenHdNn.exe
  2⤵
  PID:5352
- C:\Windows\System\ktFLDGp.exe
  C:\Windows\System\ktFLDGp.exe
  2⤵
  PID:388
- C:\Windows\System\DQfyBdE.exe
  C:\Windows\System\DQfyBdE.exe
  2⤵
  PID:464
- C:\Windows\System\WTuIdJY.exe
  C:\Windows\System\WTuIdJY.exe
  2⤵
  PID:5340
- C:\Windows\System\GrkZvwN.exe
  C:\Windows\System\GrkZvwN.exe
  2⤵
  PID:6156
- C:\Windows\System\OqQJrSC.exe
  C:\Windows\System\OqQJrSC.exe
  2⤵
  PID:6188
- C:\Windows\System\svbVyRY.exe
  C:\Windows\System\svbVyRY.exe
  2⤵
  PID:6212
- C:\Windows\System\uuPkeBI.exe
  C:\Windows\System\uuPkeBI.exe
  2⤵
  PID:6240
- C:\Windows\System\fBevXFB.exe
  C:\Windows\System\fBevXFB.exe
  2⤵
  PID:6260
- C:\Windows\System\zEGmXvX.exe
  C:\Windows\System\zEGmXvX.exe
  2⤵
  PID:6292
- C:\Windows\System\TlRQxdm.exe
  C:\Windows\System\TlRQxdm.exe
  2⤵
  PID:6328
- C:\Windows\System\pnblFmB.exe
  C:\Windows\System\pnblFmB.exe
  2⤵
  PID:6352
- C:\Windows\System\JCIGiLy.exe
  C:\Windows\System\JCIGiLy.exe
  2⤵
  PID:6380
- C:\Windows\System\RLJGGjY.exe
  C:\Windows\System\RLJGGjY.exe
  2⤵
  PID:6416
- C:\Windows\System\sevrAkB.exe
  C:\Windows\System\sevrAkB.exe
  2⤵
  PID:6448
- C:\Windows\System\SxeNHlm.exe
  C:\Windows\System\SxeNHlm.exe
  2⤵
  PID:6472
- C:\Windows\System\RKpBXzz.exe
  C:\Windows\System\RKpBXzz.exe
  2⤵
  PID:6504
- C:\Windows\System\QtTJxNZ.exe
  C:\Windows\System\QtTJxNZ.exe
  2⤵
  PID:6528
- C:\Windows\System\tQQUAua.exe
  C:\Windows\System\tQQUAua.exe
  2⤵
  PID:6564
- C:\Windows\System\HXdVDkZ.exe
  C:\Windows\System\HXdVDkZ.exe
  2⤵
  PID:6588
- C:\Windows\System\DPENrtk.exe
  C:\Windows\System\DPENrtk.exe
  2⤵
  PID:6616
- C:\Windows\System\QGPKlEl.exe
  C:\Windows\System\QGPKlEl.exe
  2⤵
  PID:6648
- C:\Windows\System\geIyhfM.exe
  C:\Windows\System\geIyhfM.exe
  2⤵
  PID:6676
- C:\Windows\System\xJZURAT.exe
  C:\Windows\System\xJZURAT.exe
  2⤵
  PID:6692
- C:\Windows\System\mBAwnML.exe
  C:\Windows\System\mBAwnML.exe
  2⤵
  PID:6732
- C:\Windows\System\KCBMYfw.exe
  C:\Windows\System\KCBMYfw.exe
  2⤵
  PID:6760
- C:\Windows\System\aKNzcIJ.exe
  C:\Windows\System\aKNzcIJ.exe
  2⤵
  PID:6792
- C:\Windows\System\QKbtYff.exe
  C:\Windows\System\QKbtYff.exe
  2⤵
  PID:6836
- C:\Windows\System\MoqKIaY.exe
  C:\Windows\System\MoqKIaY.exe
  2⤵
  PID:6864
- C:\Windows\System\nWuXlIa.exe
  C:\Windows\System\nWuXlIa.exe
  2⤵
  PID:6892
- C:\Windows\System\oRNwmCC.exe
  C:\Windows\System\oRNwmCC.exe
  2⤵
  PID:6920
- C:\Windows\System\HNKpWws.exe
  C:\Windows\System\HNKpWws.exe
  2⤵
  PID:6944
- C:\Windows\System\QOLDeZc.exe
  C:\Windows\System\QOLDeZc.exe
  2⤵
  PID:6968
- C:\Windows\System\trGBlWr.exe
  C:\Windows\System\trGBlWr.exe
  2⤵
  PID:7008
- C:\Windows\System\ruTheWJ.exe
  C:\Windows\System\ruTheWJ.exe
  2⤵
  PID:7036
- C:\Windows\System\TxWgsEX.exe
  C:\Windows\System\TxWgsEX.exe
  2⤵
  PID:7056
- C:\Windows\System\XqQVkdL.exe
  C:\Windows\System\XqQVkdL.exe
  2⤵
  PID:7112
- C:\Windows\System\OxnOrje.exe
  C:\Windows\System\OxnOrje.exe
  2⤵
  PID:7148
- C:\Windows\System\EfCRXfP.exe
  C:\Windows\System\EfCRXfP.exe
  2⤵
  PID:6168
- C:\Windows\System\lPxYIgJ.exe
  C:\Windows\System\lPxYIgJ.exe
  2⤵
  PID:6248
- C:\Windows\System\dSvtSQO.exe
  C:\Windows\System\dSvtSQO.exe
  2⤵
  PID:6304
- C:\Windows\System\XofbqlU.exe
  C:\Windows\System\XofbqlU.exe
  2⤵
  PID:5000
- C:\Windows\System\dBgrlDn.exe
  C:\Windows\System\dBgrlDn.exe
  2⤵
  PID:6404
- C:\Windows\System\QKsRMIr.exe
  C:\Windows\System\QKsRMIr.exe
  2⤵
  PID:3232
- C:\Windows\System\VCrcfiQ.exe
  C:\Windows\System\VCrcfiQ.exe
  2⤵
  PID:4736
- C:\Windows\System\WaXzvgp.exe
  C:\Windows\System\WaXzvgp.exe
  2⤵
  PID:1812
- C:\Windows\System\okwtbzp.exe
  C:\Windows\System\okwtbzp.exe
  2⤵
  PID:6520
- C:\Windows\System\lhVmBYV.exe
  C:\Windows\System\lhVmBYV.exe
  2⤵
  PID:6596
- C:\Windows\System\LSwxlnN.exe
  C:\Windows\System\LSwxlnN.exe
  2⤵
  PID:6684
- C:\Windows\System\SQvidAt.exe
  C:\Windows\System\SQvidAt.exe
  2⤵
  PID:6848
- C:\Windows\System\JXoFrHd.exe
  C:\Windows\System\JXoFrHd.exe
  2⤵
  PID:6928
- C:\Windows\System\NjbWXIV.exe
  C:\Windows\System\NjbWXIV.exe
  2⤵
  PID:6960
- C:\Windows\System\DRSRTgb.exe
  C:\Windows\System\DRSRTgb.exe
  2⤵
  PID:5636
- C:\Windows\System\wNyPScL.exe
  C:\Windows\System\wNyPScL.exe
  2⤵
  PID:7068
- C:\Windows\System\LniscyJ.exe
  C:\Windows\System\LniscyJ.exe
  2⤵
  PID:4852
- C:\Windows\System\RtNEYKH.exe
  C:\Windows\System\RtNEYKH.exe
  2⤵
  PID:6288
- C:\Windows\System\RVkMIii.exe
  C:\Windows\System\RVkMIii.exe
  2⤵
  PID:2564
- C:\Windows\System\WgMPDyi.exe
  C:\Windows\System\WgMPDyi.exe
  2⤵
  PID:3884
- C:\Windows\System\YQbZkIU.exe
  C:\Windows\System\YQbZkIU.exe
  2⤵
  PID:6496
- C:\Windows\System\OglHHjM.exe
  C:\Windows\System\OglHHjM.exe
  2⤵
  PID:6672
- C:\Windows\System\KUKYXsx.exe
  C:\Windows\System\KUKYXsx.exe
  2⤵
  PID:2608
- C:\Windows\System\CkfHZfH.exe
  C:\Windows\System\CkfHZfH.exe
  2⤵
  PID:5292
- C:\Windows\System\wBECUdV.exe
  C:\Windows\System\wBECUdV.exe
  2⤵
  PID:5584
- C:\Windows\System\MTWZuwf.exe
  C:\Windows\System\MTWZuwf.exe
  2⤵
  PID:7044
- C:\Windows\System\grCzeWZ.exe
  C:\Windows\System\grCzeWZ.exe
  2⤵
  PID:6232
- C:\Windows\System\YeMcJMX.exe
  C:\Windows\System\YeMcJMX.exe
  2⤵
  PID:3212
- C:\Windows\System\rFiYdmu.exe
  C:\Windows\System\rFiYdmu.exe
  2⤵
  PID:2340
- C:\Windows\System\eoIoGST.exe
  C:\Windows\System\eoIoGST.exe
  2⤵
  PID:452
- C:\Windows\System\DfaOtNA.exe
  C:\Windows\System\DfaOtNA.exe
  2⤵
  PID:1756
- C:\Windows\System\ZlsGzoK.exe
  C:\Windows\System\ZlsGzoK.exe
  2⤵
  PID:7072
- C:\Windows\System\wkcWbBF.exe
  C:\Windows\System\wkcWbBF.exe
  2⤵
  PID:6456
- C:\Windows\System\QbWuSCa.exe
  C:\Windows\System\QbWuSCa.exe
  2⤵
  PID:7160
- C:\Windows\System\PNDrjJD.exe
  C:\Windows\System\PNDrjJD.exe
  2⤵
  PID:3724
- C:\Windows\System\XTTmaRW.exe
  C:\Windows\System\XTTmaRW.exe
  2⤵
  PID:6628
- C:\Windows\System\CstsAzS.exe
  C:\Windows\System\CstsAzS.exe
  2⤵
  PID:5228
- C:\Windows\System\qbHmsqQ.exe
  C:\Windows\System\qbHmsqQ.exe
  2⤵
  PID:4680
- C:\Windows\System\KbgnkUR.exe
  C:\Windows\System\KbgnkUR.exe
  2⤵
  PID:2224
- C:\Windows\System\iZUxUvZ.exe
  C:\Windows\System\iZUxUvZ.exe
  2⤵
  PID:6908
- C:\Windows\System\LYDPxNH.exe
  C:\Windows\System\LYDPxNH.exe
  2⤵
  PID:7172
- C:\Windows\System\ZuQPUSh.exe
  C:\Windows\System\ZuQPUSh.exe
  2⤵
  PID:7204
- C:\Windows\System\SGTfoWV.exe
  C:\Windows\System\SGTfoWV.exe
  2⤵
  PID:7232
- C:\Windows\System\chZDUMj.exe
  C:\Windows\System\chZDUMj.exe
  2⤵
  PID:7264
- C:\Windows\System\AVeQppv.exe
  C:\Windows\System\AVeQppv.exe
  2⤵
  PID:7292
- C:\Windows\System\uCaNwlg.exe
  C:\Windows\System\uCaNwlg.exe
  2⤵
  PID:7324
- C:\Windows\System\IDxslcL.exe
  C:\Windows\System\IDxslcL.exe
  2⤵
  PID:7352
- C:\Windows\System\iZRERFb.exe
  C:\Windows\System\iZRERFb.exe
  2⤵
  PID:7380
- C:\Windows\System\aXWjlTv.exe
  C:\Windows\System\aXWjlTv.exe
  2⤵
  PID:7404
- C:\Windows\System\fjRyShx.exe
  C:\Windows\System\fjRyShx.exe
  2⤵
  PID:7436
- C:\Windows\System\LRWTkeq.exe
  C:\Windows\System\LRWTkeq.exe
  2⤵
  PID:7452
- C:\Windows\System\JrRkqxC.exe
  C:\Windows\System\JrRkqxC.exe
  2⤵
  PID:7484
- C:\Windows\System\gdDTTQM.exe
  C:\Windows\System\gdDTTQM.exe
  2⤵
  PID:7516
- C:\Windows\System\BiHQAhK.exe
  C:\Windows\System\BiHQAhK.exe
  2⤵
  PID:7552
- C:\Windows\System\mKavsCQ.exe
  C:\Windows\System\mKavsCQ.exe
  2⤵
  PID:7580
- C:\Windows\System\mXzyCGE.exe
  C:\Windows\System\mXzyCGE.exe
  2⤵
  PID:7604
- C:\Windows\System\RDyWslN.exe
  C:\Windows\System\RDyWslN.exe
  2⤵
  PID:7632
- C:\Windows\System\XVBDVap.exe
  C:\Windows\System\XVBDVap.exe
  2⤵
  PID:7652
- C:\Windows\System\ArvviHQ.exe
  C:\Windows\System\ArvviHQ.exe
  2⤵
  PID:7688
- C:\Windows\System\cAqGLgf.exe
  C:\Windows\System\cAqGLgf.exe
  2⤵
  PID:7716
- C:\Windows\System\kpaeBBb.exe
  C:\Windows\System\kpaeBBb.exe
  2⤵
  PID:7736
- C:\Windows\System\joQnvPS.exe
  C:\Windows\System\joQnvPS.exe
  2⤵
  PID:7768
- C:\Windows\System\SonRtug.exe
  C:\Windows\System\SonRtug.exe
  2⤵
  PID:7800
- C:\Windows\System\laNMojN.exe
  C:\Windows\System\laNMojN.exe
  2⤵
  PID:7828
- C:\Windows\System\bTkLvoO.exe
  C:\Windows\System\bTkLvoO.exe
  2⤵
  PID:7872
- C:\Windows\System\aQTDsXD.exe
  C:\Windows\System\aQTDsXD.exe
  2⤵
  PID:7896
- C:\Windows\System\NQXvszh.exe
  C:\Windows\System\NQXvszh.exe
  2⤵
  PID:7924
- C:\Windows\System\HUwaeqg.exe
  C:\Windows\System\HUwaeqg.exe
  2⤵
  PID:7948
- C:\Windows\System\noODpaS.exe
  C:\Windows\System\noODpaS.exe
  2⤵
  PID:7976
- C:\Windows\System\ofVXjBM.exe
  C:\Windows\System\ofVXjBM.exe
  2⤵
  PID:8004
- C:\Windows\System\WHUySBK.exe
  C:\Windows\System\WHUySBK.exe
  2⤵
  PID:8032
- C:\Windows\System\YzvgBIk.exe
  C:\Windows\System\YzvgBIk.exe
  2⤵
  PID:8060
- C:\Windows\System\VQnsuTf.exe
  C:\Windows\System\VQnsuTf.exe
  2⤵
  PID:8088
- C:\Windows\System\pRUXZZy.exe
  C:\Windows\System\pRUXZZy.exe
  2⤵
  PID:8120
- C:\Windows\System\riXGKzd.exe
  C:\Windows\System\riXGKzd.exe
  2⤵
  PID:8144
- C:\Windows\System\tACMkQF.exe
  C:\Windows\System\tACMkQF.exe
  2⤵
  PID:8180
- C:\Windows\System\rPnhuhn.exe
  C:\Windows\System\rPnhuhn.exe
  2⤵
  PID:7184
- C:\Windows\System\sUYFWHr.exe
  C:\Windows\System\sUYFWHr.exe
  2⤵
  PID:7260
- C:\Windows\System\aHAvRbM.exe
  C:\Windows\System\aHAvRbM.exe
  2⤵
  PID:7320
- C:\Windows\System\tYOirSU.exe
  C:\Windows\System\tYOirSU.exe
  2⤵
  PID:7396
- C:\Windows\System\MvKwrSm.exe
  C:\Windows\System\MvKwrSm.exe
  2⤵
  PID:7464
- C:\Windows\System\DUizuVB.exe
  C:\Windows\System\DUizuVB.exe
  2⤵
  PID:7524
- C:\Windows\System\TSZlcOF.exe
  C:\Windows\System\TSZlcOF.exe
  2⤵
  PID:7596
- C:\Windows\System\OLYRzYc.exe
  C:\Windows\System\OLYRzYc.exe
  2⤵
  PID:7272
- C:\Windows\System\WzgfEZi.exe
  C:\Windows\System\WzgfEZi.exe
  2⤵
  PID:7704
- C:\Windows\System\OomuCdl.exe
  C:\Windows\System\OomuCdl.exe
  2⤵
  PID:7780
- C:\Windows\System\zWceXqs.exe
  C:\Windows\System\zWceXqs.exe
  2⤵
  PID:7836
- C:\Windows\System\WfzFVQn.exe
  C:\Windows\System\WfzFVQn.exe
  2⤵
  PID:7904
- C:\Windows\System\WETHRXB.exe
  C:\Windows\System\WETHRXB.exe
  2⤵
  PID:7968
- C:\Windows\System\mWKTESe.exe
  C:\Windows\System\mWKTESe.exe
  2⤵
  PID:8052
- C:\Windows\System\vYDIaZv.exe
  C:\Windows\System\vYDIaZv.exe
  2⤵
  PID:8112
- C:\Windows\System\FCBuzvZ.exe
  C:\Windows\System\FCBuzvZ.exe
  2⤵
  PID:8188
- C:\Windows\System\mryUmlZ.exe
  C:\Windows\System\mryUmlZ.exe
  2⤵
  PID:7312
- C:\Windows\System\fYOpvQQ.exe
  C:\Windows\System\fYOpvQQ.exe
  2⤵
  PID:7448
- C:\Windows\System\AoVCdIq.exe
  C:\Windows\System\AoVCdIq.exe
  2⤵
  PID:7568
- C:\Windows\System\IqBIyRM.exe
  C:\Windows\System\IqBIyRM.exe
  2⤵
  PID:7760
- C:\Windows\System\tHfYEza.exe
  C:\Windows\System\tHfYEza.exe
  2⤵
  PID:8072
- C:\Windows\System\EKaXjfr.exe
  C:\Windows\System\EKaXjfr.exe
  2⤵
  PID:1488
- C:\Windows\System\MhzoiOW.exe
  C:\Windows\System\MhzoiOW.exe
  2⤵
  PID:8156
- C:\Windows\System\LxDKjRK.exe
  C:\Windows\System\LxDKjRK.exe
  2⤵
  PID:7416
- C:\Windows\System\thyhtQR.exe
  C:\Windows\System\thyhtQR.exe
  2⤵
  PID:2920
- C:\Windows\System\hHtniXb.exe
  C:\Windows\System\hHtniXb.exe
  2⤵
  PID:7644
- C:\Windows\System\OlkjUwj.exe
  C:\Windows\System\OlkjUwj.exe
  2⤵
  PID:1656
- C:\Windows\System\eVMtdjJ.exe
  C:\Windows\System\eVMtdjJ.exe
  2⤵
  PID:8168
- C:\Windows\System\sVRrlLi.exe
  C:\Windows\System\sVRrlLi.exe
  2⤵
  PID:7732
- C:\Windows\System\DxvDfPD.exe
  C:\Windows\System\DxvDfPD.exe
  2⤵
  PID:7504
- C:\Windows\System\FlYUaWj.exe
  C:\Windows\System\FlYUaWj.exe
  2⤵
  PID:7700
- C:\Windows\System\iYySzIW.exe
  C:\Windows\System\iYySzIW.exe
  2⤵
  PID:8212
- C:\Windows\System\IARjODW.exe
  C:\Windows\System\IARjODW.exe
  2⤵
  PID:8240
- C:\Windows\System\TwqmNLv.exe
  C:\Windows\System\TwqmNLv.exe
  2⤵
  PID:8276
- C:\Windows\System\VsXiKbN.exe
  C:\Windows\System\VsXiKbN.exe
  2⤵
  PID:8300
- C:\Windows\System\fZEozsc.exe
  C:\Windows\System\fZEozsc.exe
  2⤵
  PID:8324
- C:\Windows\System\mHHrATi.exe
  C:\Windows\System\mHHrATi.exe
  2⤵
  PID:8360
- C:\Windows\System\hnBJNWT.exe
  C:\Windows\System\hnBJNWT.exe
  2⤵
  PID:8388
- C:\Windows\System\OUWKGBu.exe
  C:\Windows\System\OUWKGBu.exe
  2⤵
  PID:8412
- C:\Windows\System\BDkdfxR.exe
  C:\Windows\System\BDkdfxR.exe
  2⤵
  PID:8440
- C:\Windows\System\loqrTXK.exe
  C:\Windows\System\loqrTXK.exe
  2⤵
  PID:8468
- C:\Windows\System\NhJSPLG.exe
  C:\Windows\System\NhJSPLG.exe
  2⤵
  PID:8504
- C:\Windows\System\vJquhGu.exe
  C:\Windows\System\vJquhGu.exe
  2⤵
  PID:8532
- C:\Windows\System\ItsLRuO.exe
  C:\Windows\System\ItsLRuO.exe
  2⤵
  PID:8552
- C:\Windows\System\XAVYTON.exe
  C:\Windows\System\XAVYTON.exe
  2⤵
  PID:8580
- C:\Windows\System\PWZEfrd.exe
  C:\Windows\System\PWZEfrd.exe
  2⤵
  PID:8616
- C:\Windows\System\dyVgyul.exe
  C:\Windows\System\dyVgyul.exe
  2⤵
  PID:8636
- C:\Windows\System\cYYsxzM.exe
  C:\Windows\System\cYYsxzM.exe
  2⤵
  PID:8664
- C:\Windows\System\ZVCNdQU.exe
  C:\Windows\System\ZVCNdQU.exe
  2⤵
  PID:8692
- C:\Windows\System\deBupkn.exe
  C:\Windows\System\deBupkn.exe
  2⤵
  PID:8724
- C:\Windows\System\lLGQIdb.exe
  C:\Windows\System\lLGQIdb.exe
  2⤵
  PID:8748
- C:\Windows\System\DbUMbGv.exe
  C:\Windows\System\DbUMbGv.exe
  2⤵
  PID:8776
- C:\Windows\System\zSdRMWa.exe
  C:\Windows\System\zSdRMWa.exe
  2⤵
  PID:8804
- C:\Windows\System\HfFxOlL.exe
  C:\Windows\System\HfFxOlL.exe
  2⤵
  PID:8836
- C:\Windows\System\HtGqpOs.exe
  C:\Windows\System\HtGqpOs.exe
  2⤵
  PID:8860
- C:\Windows\System\QojgpBU.exe
  C:\Windows\System\QojgpBU.exe
  2⤵
  PID:8888
- C:\Windows\System\SdVuWYc.exe
  C:\Windows\System\SdVuWYc.exe
  2⤵
  PID:8916
- C:\Windows\System\muBIVmG.exe
  C:\Windows\System\muBIVmG.exe
  2⤵
  PID:8944
- C:\Windows\System\qqrqPKH.exe
  C:\Windows\System\qqrqPKH.exe
  2⤵
  PID:8972
- C:\Windows\System\vFHIEXt.exe
  C:\Windows\System\vFHIEXt.exe
  2⤵
  PID:9000
- C:\Windows\System\qWlmEky.exe
  C:\Windows\System\qWlmEky.exe
  2⤵
  PID:9028
- C:\Windows\System\heXeOkh.exe
  C:\Windows\System\heXeOkh.exe
  2⤵
  PID:9068
- C:\Windows\System\tgFMnvS.exe
  C:\Windows\System\tgFMnvS.exe
  2⤵
  PID:9092
- C:\Windows\System\CDwHPEi.exe
  C:\Windows\System\CDwHPEi.exe
  2⤵
  PID:9120
- C:\Windows\System\zIGmCXw.exe
  C:\Windows\System\zIGmCXw.exe
  2⤵
  PID:9148
- C:\Windows\System\CgLvBoT.exe
  C:\Windows\System\CgLvBoT.exe
  2⤵
  PID:9180
- C:\Windows\System\ZjmsYyH.exe
  C:\Windows\System\ZjmsYyH.exe
  2⤵
  PID:9204
- C:\Windows\System\DAPPeng.exe
  C:\Windows\System\DAPPeng.exe
  2⤵
  PID:8232
- C:\Windows\System\SrwVbLI.exe
  C:\Windows\System\SrwVbLI.exe
  2⤵
  PID:8308
- C:\Windows\System\cEZcqju.exe
  C:\Windows\System\cEZcqju.exe
  2⤵
  PID:8348
- C:\Windows\System\rTFGHYK.exe
  C:\Windows\System\rTFGHYK.exe
  2⤵
  PID:8404
- C:\Windows\System\HUqLmaE.exe
  C:\Windows\System\HUqLmaE.exe
  2⤵
  PID:8480
- C:\Windows\System\jnRXRlj.exe
  C:\Windows\System\jnRXRlj.exe
  2⤵
  PID:8544
- C:\Windows\System\YONUikX.exe
  C:\Windows\System\YONUikX.exe
  2⤵
  PID:8624
- C:\Windows\System\dmKyZXG.exe
  C:\Windows\System\dmKyZXG.exe
  2⤵
  PID:8676
- C:\Windows\System\KEBlOUZ.exe
  C:\Windows\System\KEBlOUZ.exe
  2⤵
  PID:8740
- C:\Windows\System\RyKrhyR.exe
  C:\Windows\System\RyKrhyR.exe
  2⤵
  PID:8800
- C:\Windows\System\bFiqACH.exe
  C:\Windows\System\bFiqACH.exe
  2⤵
  PID:8872
- C:\Windows\System\jTCYusK.exe
  C:\Windows\System\jTCYusK.exe
  2⤵
  PID:8936
- C:\Windows\System\cmoXFGc.exe
  C:\Windows\System\cmoXFGc.exe
  2⤵
  PID:8996
- C:\Windows\System\NmSWxHU.exe
  C:\Windows\System\NmSWxHU.exe
  2⤵
  PID:9084
- C:\Windows\System\moiSDfQ.exe
  C:\Windows\System\moiSDfQ.exe
  2⤵
  PID:9132
- C:\Windows\System\duYbafb.exe
  C:\Windows\System\duYbafb.exe
  2⤵
  PID:9196
- C:\Windows\System\ukiFWid.exe
  C:\Windows\System\ukiFWid.exe
  2⤵
  PID:8288
- C:\Windows\System\UWlGoFA.exe
  C:\Windows\System\UWlGoFA.exe
  2⤵
  PID:8432
- C:\Windows\System\dZPlSDX.exe
  C:\Windows\System\dZPlSDX.exe
  2⤵
  PID:8592
- C:\Windows\System\HrFxtoW.exe
  C:\Windows\System\HrFxtoW.exe
  2⤵
  PID:8732
- C:\Windows\System\SqeDAOS.exe
  C:\Windows\System\SqeDAOS.exe
  2⤵
  PID:8900
- C:\Windows\System\byXtAAr.exe
  C:\Windows\System\byXtAAr.exe
  2⤵
  PID:4660
- C:\Windows\System\tjOZodj.exe
  C:\Windows\System\tjOZodj.exe
  2⤵
  PID:2552
- C:\Windows\System\undoBfb.exe
  C:\Windows\System\undoBfb.exe
  2⤵
  PID:8400
- C:\Windows\System\SxEobxT.exe
  C:\Windows\System\SxEobxT.exe
  2⤵
  PID:8716
- C:\Windows\System\TdmENXd.exe
  C:\Windows\System\TdmENXd.exe
  2⤵
  PID:8968
- C:\Windows\System\YcTRjGg.exe
  C:\Windows\System\YcTRjGg.exe
  2⤵
  PID:8344
- C:\Windows\System\GjzybCm.exe
  C:\Windows\System\GjzybCm.exe
  2⤵
  PID:8208
- C:\Windows\System\dfZoWZl.exe
  C:\Windows\System\dfZoWZl.exe
  2⤵
  PID:9228
- C:\Windows\System\iXBcakw.exe
  C:\Windows\System\iXBcakw.exe
  2⤵
  PID:9260
- C:\Windows\System\tSYuhDz.exe
  C:\Windows\System\tSYuhDz.exe
  2⤵
  PID:9276
- C:\Windows\System\lbRCYMt.exe
  C:\Windows\System\lbRCYMt.exe
  2⤵
  PID:9296
- C:\Windows\System\AWIbXKv.exe
  C:\Windows\System\AWIbXKv.exe
  2⤵
  PID:9344
- C:\Windows\System\sLfALZT.exe
  C:\Windows\System\sLfALZT.exe
  2⤵
  PID:9376
- C:\Windows\System\ODCANxT.exe
  C:\Windows\System\ODCANxT.exe
  2⤵
  PID:9404
- C:\Windows\System\uypwruf.exe
  C:\Windows\System\uypwruf.exe
  2⤵
  PID:9436
- C:\Windows\System\HmNZFik.exe
  C:\Windows\System\HmNZFik.exe
  2⤵
  PID:9460
- C:\Windows\System\KxFIFsK.exe
  C:\Windows\System\KxFIFsK.exe
  2⤵
  PID:9504
- C:\Windows\System\hrWkmOy.exe
  C:\Windows\System\hrWkmOy.exe
  2⤵
  PID:9532
- C:\Windows\System\sZDzAhH.exe
  C:\Windows\System\sZDzAhH.exe
  2⤵
  PID:9560
- C:\Windows\System\SwaXVdS.exe
  C:\Windows\System\SwaXVdS.exe
  2⤵
  PID:9588
- C:\Windows\System\fciDdYh.exe
  C:\Windows\System\fciDdYh.exe
  2⤵
  PID:9620
- C:\Windows\System\DICidrT.exe
  C:\Windows\System\DICidrT.exe
  2⤵
  PID:9648
- C:\Windows\System\QdGImKq.exe
  C:\Windows\System\QdGImKq.exe
  2⤵
  PID:9676
- C:\Windows\System\WgNVfcu.exe
  C:\Windows\System\WgNVfcu.exe
  2⤵
  PID:9708
- C:\Windows\System\SDLSDuE.exe
  C:\Windows\System\SDLSDuE.exe
  2⤵
  PID:9740
- C:\Windows\System\ZzwYcSs.exe
  C:\Windows\System\ZzwYcSs.exe
  2⤵
  PID:9760
- C:\Windows\System\bwFAEjR.exe
  C:\Windows\System\bwFAEjR.exe
  2⤵
  PID:9792
- C:\Windows\System\ZxLmsRT.exe
  C:\Windows\System\ZxLmsRT.exe
  2⤵
  PID:9816
- C:\Windows\System\pMACoVu.exe
  C:\Windows\System\pMACoVu.exe
  2⤵
  PID:9848
- C:\Windows\System\rfwImvm.exe
  C:\Windows\System\rfwImvm.exe
  2⤵
  PID:9872
- C:\Windows\System\PVwJquc.exe
  C:\Windows\System\PVwJquc.exe
  2⤵
  PID:9908
- C:\Windows\System\cPteUAI.exe
  C:\Windows\System\cPteUAI.exe
  2⤵
  PID:9928
- C:\Windows\System\fPJbqaV.exe
  C:\Windows\System\fPJbqaV.exe
  2⤵
  PID:9956
- C:\Windows\System\NJnyLJo.exe
  C:\Windows\System\NJnyLJo.exe
  2⤵
  PID:9984
- C:\Windows\System\SZaUhTr.exe
  C:\Windows\System\SZaUhTr.exe
  2⤵
  PID:10012
- C:\Windows\System\AVIuJFU.exe
  C:\Windows\System\AVIuJFU.exe
  2⤵
  PID:10040
- C:\Windows\System\BcFBCKm.exe
  C:\Windows\System\BcFBCKm.exe
  2⤵
  PID:10076
- C:\Windows\System\AETrNXT.exe
  C:\Windows\System\AETrNXT.exe
  2⤵
  PID:10096
- C:\Windows\System\ICaFcAf.exe
  C:\Windows\System\ICaFcAf.exe
  2⤵
  PID:10132
- C:\Windows\System\UoNOtSP.exe
  C:\Windows\System\UoNOtSP.exe
  2⤵
  PID:10156
- C:\Windows\System\UJWexkL.exe
  C:\Windows\System\UJWexkL.exe
  2⤵
  PID:10184
- C:\Windows\System\RSlqPPH.exe
  C:\Windows\System\RSlqPPH.exe
  2⤵
  PID:10212
- C:\Windows\System\TsRXtTs.exe
  C:\Windows\System\TsRXtTs.exe
  2⤵
  PID:8928
- C:\Windows\System\AaRXGjb.exe
  C:\Windows\System\AaRXGjb.exe
  2⤵
  PID:3652
- C:\Windows\System\OOtCuBS.exe
  C:\Windows\System\OOtCuBS.exe
  2⤵
  PID:9308
- C:\Windows\System\qZgLHcm.exe
  C:\Windows\System\qZgLHcm.exe
  2⤵
  PID:3828
- C:\Windows\System\YbDmezv.exe
  C:\Windows\System\YbDmezv.exe
  2⤵
  PID:9424
- C:\Windows\System\FdDuBqP.exe
  C:\Windows\System\FdDuBqP.exe
  2⤵
  PID:2600
- C:\Windows\System\sVfNzUa.exe
  C:\Windows\System\sVfNzUa.exe
  2⤵
  PID:4512
- C:\Windows\System\ULnzswG.exe
  C:\Windows\System\ULnzswG.exe
  2⤵
  PID:9468
- C:\Windows\System\qTtQpEq.exe
  C:\Windows\System\qTtQpEq.exe
  2⤵
  PID:9516
- C:\Windows\System\elXApXP.exe
  C:\Windows\System\elXApXP.exe
  2⤵
  PID:9572
- C:\Windows\System\pkvAxOS.exe
  C:\Windows\System\pkvAxOS.exe
  2⤵
  PID:9632
- C:\Windows\System\dCbsaqS.exe
  C:\Windows\System\dCbsaqS.exe
  2⤵
  PID:9700
- C:\Windows\System\MBddSdZ.exe
  C:\Windows\System\MBddSdZ.exe
  2⤵
  PID:9756
- C:\Windows\System\FhihuDk.exe
  C:\Windows\System\FhihuDk.exe
  2⤵
  PID:9432
- C:\Windows\System\nCYuShB.exe
  C:\Windows\System\nCYuShB.exe
  2⤵
  PID:9884
- C:\Windows\System\bDQSvsB.exe
  C:\Windows\System\bDQSvsB.exe
  2⤵
  PID:9948
- C:\Windows\System\hFkmdhe.exe
  C:\Windows\System\hFkmdhe.exe
  2⤵
  PID:10036
- C:\Windows\System\AnEEvGY.exe
  C:\Windows\System\AnEEvGY.exe
  2⤵
  PID:10088
- C:\Windows\System\pPyHUlH.exe
  C:\Windows\System\pPyHUlH.exe
  2⤵
  PID:10140
- C:\Windows\System\tVsaqpJ.exe
  C:\Windows\System\tVsaqpJ.exe
  2⤵
  PID:10204
- C:\Windows\System\IFaKUPi.exe
  C:\Windows\System\IFaKUPi.exe
  2⤵
  PID:9252
- C:\Windows\System\CfjLtfD.exe
  C:\Windows\System\CfjLtfD.exe
  2⤵
  PID:9104
- C:\Windows\System\ERxHMrr.exe
  C:\Windows\System\ERxHMrr.exe
  2⤵
  PID:5680
- C:\Windows\System\otGOShQ.exe
  C:\Windows\System\otGOShQ.exe
  2⤵
  PID:9456
- C:\Windows\System\yIinFpm.exe
  C:\Windows\System\yIinFpm.exe
  2⤵
  PID:9600
- C:\Windows\System\CneVqTc.exe
  C:\Windows\System\CneVqTc.exe
  2⤵
  PID:9748
- C:\Windows\System\zkSJhrd.exe
  C:\Windows\System\zkSJhrd.exe
  2⤵
  PID:9864
- C:\Windows\System\ChTFdID.exe
  C:\Windows\System\ChTFdID.exe
  2⤵
  PID:10024
- C:\Windows\System\cMlXjgh.exe
  C:\Windows\System\cMlXjgh.exe
  2⤵
  PID:10116
- C:\Windows\System\ywnfQbN.exe
  C:\Windows\System\ywnfQbN.exe
  2⤵
  PID:9272
- C:\Windows\System\pjFKrlt.exe
  C:\Windows\System\pjFKrlt.exe
  2⤵
  PID:1128
- C:\Windows\System\COajRsj.exe
  C:\Windows\System\COajRsj.exe
  2⤵
  PID:9688
- C:\Windows\System\VKAMnJM.exe
  C:\Windows\System\VKAMnJM.exe
  2⤵
  PID:9940
- C:\Windows\System\lMcnAoV.exe
  C:\Windows\System\lMcnAoV.exe
  2⤵
  PID:10180
- C:\Windows\System\zpRlugj.exe
  C:\Windows\System\zpRlugj.exe
  2⤵
  PID:9556
- C:\Windows\System\XhzErES.exe
  C:\Windows\System\XhzErES.exe
  2⤵
  PID:10060
- C:\Windows\System\UsPzwLp.exe
  C:\Windows\System\UsPzwLp.exe
  2⤵
  PID:2448
- C:\Windows\System\aEJapcN.exe
  C:\Windows\System\aEJapcN.exe
  2⤵
  PID:10252
- C:\Windows\System\PPlPoRc.exe
  C:\Windows\System\PPlPoRc.exe
  2⤵
  PID:10280
- C:\Windows\System\gcRXhrv.exe
  C:\Windows\System\gcRXhrv.exe
  2⤵
  PID:10308
- C:\Windows\System\ZuBOwHK.exe
  C:\Windows\System\ZuBOwHK.exe
  2⤵
  PID:10344
- C:\Windows\System\PIIczow.exe
  C:\Windows\System\PIIczow.exe
  2⤵
  PID:10364
- C:\Windows\System\IfXtCeG.exe
  C:\Windows\System\IfXtCeG.exe
  2⤵
  PID:10392
- C:\Windows\System\SHvHyXg.exe
  C:\Windows\System\SHvHyXg.exe
  2⤵
  PID:10424
- C:\Windows\System\ITGJOgT.exe
  C:\Windows\System\ITGJOgT.exe
  2⤵
  PID:10456
- C:\Windows\System\huBjMhE.exe
  C:\Windows\System\huBjMhE.exe
  2⤵
  PID:10488
- C:\Windows\System\KukOmDi.exe
  C:\Windows\System\KukOmDi.exe
  2⤵
  PID:10516
- C:\Windows\System\LzSzBFZ.exe
  C:\Windows\System\LzSzBFZ.exe
  2⤵
  PID:10540
- C:\Windows\System\JGCCShC.exe
  C:\Windows\System\JGCCShC.exe
  2⤵
  PID:10576
- C:\Windows\System\XBvmLmF.exe
  C:\Windows\System\XBvmLmF.exe
  2⤵
  PID:10604
- C:\Windows\System\URqwUJv.exe
  C:\Windows\System\URqwUJv.exe
  2⤵
  PID:10628
- C:\Windows\System\LQUmTHH.exe
  C:\Windows\System\LQUmTHH.exe
  2⤵
  PID:10664
- C:\Windows\System\NcMYXMA.exe
  C:\Windows\System\NcMYXMA.exe
  2⤵
  PID:10696
- C:\Windows\System\MlSlnQO.exe
  C:\Windows\System\MlSlnQO.exe
  2⤵
  PID:10728
- C:\Windows\System\VGRGezg.exe
  C:\Windows\System\VGRGezg.exe
  2⤵
  PID:10752
- C:\Windows\System\mPMHRxb.exe
  C:\Windows\System\mPMHRxb.exe
  2⤵
  PID:10780
- C:\Windows\System\KqNxhHB.exe
  C:\Windows\System\KqNxhHB.exe
  2⤵
  PID:10808
- C:\Windows\System\qldKbfX.exe
  C:\Windows\System\qldKbfX.exe
  2⤵
  PID:10836
- C:\Windows\System\utozjZq.exe
  C:\Windows\System\utozjZq.exe
  2⤵
  PID:10864
- C:\Windows\System\wTbKiJM.exe
  C:\Windows\System\wTbKiJM.exe
  2⤵
  PID:10892
- C:\Windows\System\ZeNvEfZ.exe
  C:\Windows\System\ZeNvEfZ.exe
  2⤵
  PID:10920
- C:\Windows\System\oWktPFx.exe
  C:\Windows\System\oWktPFx.exe
  2⤵
  PID:10952
- C:\Windows\System\QUSgdDx.exe
  C:\Windows\System\QUSgdDx.exe
  2⤵
  PID:10980
- C:\Windows\System\OwOtRik.exe
  C:\Windows\System\OwOtRik.exe
  2⤵
  PID:11008
- C:\Windows\System\BmEEvbY.exe
  C:\Windows\System\BmEEvbY.exe
  2⤵
  PID:11044
- C:\Windows\System\cdfwsiR.exe
  C:\Windows\System\cdfwsiR.exe
  2⤵
  PID:11072
- C:\Windows\System\QwprIBZ.exe
  C:\Windows\System\QwprIBZ.exe
  2⤵
  PID:11096
- C:\Windows\System\aPkNSEA.exe
  C:\Windows\System\aPkNSEA.exe
  2⤵
  PID:11124
- C:\Windows\System\PhUjojw.exe
  C:\Windows\System\PhUjojw.exe
  2⤵
  PID:11156
- C:\Windows\System\ewOUkOA.exe
  C:\Windows\System\ewOUkOA.exe
  2⤵
  PID:11184
- C:\Windows\System\gHRiADA.exe
  C:\Windows\System\gHRiADA.exe
  2⤵
  PID:11212
- C:\Windows\System\RwExnNZ.exe
  C:\Windows\System\RwExnNZ.exe
  2⤵
  PID:11240
- C:\Windows\System\qVlMeHd.exe
  C:\Windows\System\qVlMeHd.exe
  2⤵
  PID:10244
- C:\Windows\System\RYhgitv.exe
  C:\Windows\System\RYhgitv.exe
  2⤵
  PID:10304
- C:\Windows\System\AhWIAEn.exe
  C:\Windows\System\AhWIAEn.exe
  2⤵
  PID:10376
- C:\Windows\System\WjNcZdw.exe
  C:\Windows\System\WjNcZdw.exe
  2⤵
  PID:10420
- C:\Windows\System\YrJKlHZ.exe
  C:\Windows\System\YrJKlHZ.exe
  2⤵
  PID:10480
- C:\Windows\System\bzjfjZk.exe
  C:\Windows\System\bzjfjZk.exe
  2⤵
  PID:10532
- C:\Windows\System\ZjBRERY.exe
  C:\Windows\System\ZjBRERY.exe
  2⤵
  PID:10588
- C:\Windows\System\poRrbNX.exe
  C:\Windows\System\poRrbNX.exe
  2⤵
  PID:6096
- C:\Windows\System\dllUGbA.exe
  C:\Windows\System\dllUGbA.exe
  2⤵
  PID:924
- C:\Windows\System\hLGZyVu.exe
  C:\Windows\System\hLGZyVu.exe
  2⤵
  PID:4776
- C:\Windows\System\zgpVslO.exe
  C:\Windows\System\zgpVslO.exe
  2⤵
  PID:10748
- C:\Windows\System\MHmQhnq.exe
  C:\Windows\System\MHmQhnq.exe
  2⤵
  PID:10804
- C:\Windows\System\adhTLTP.exe
  C:\Windows\System\adhTLTP.exe
  2⤵
  PID:10904
- C:\Windows\System\zuPoOCx.exe
  C:\Windows\System\zuPoOCx.exe
  2⤵
  PID:10944
- C:\Windows\System\KIMHqNV.exe
  C:\Windows\System\KIMHqNV.exe
  2⤵
  PID:11004
- C:\Windows\System\zysMblt.exe
  C:\Windows\System\zysMblt.exe
  2⤵
  PID:11060
- C:\Windows\System\iZcBdDb.exe
  C:\Windows\System\iZcBdDb.exe
  2⤵
  PID:11136
- C:\Windows\System\tunETcU.exe
  C:\Windows\System\tunETcU.exe
  2⤵
  PID:11204
- C:\Windows\System\obwdwxV.exe
  C:\Windows\System\obwdwxV.exe
  2⤵
  PID:10032
- C:\Windows\System\ebjHxmp.exe
  C:\Windows\System\ebjHxmp.exe
  2⤵
  PID:10404
- C:\Windows\System\nlqJvkK.exe
  C:\Windows\System\nlqJvkK.exe
  2⤵
  PID:10508
- C:\Windows\System\ZZYCCbl.exe
  C:\Windows\System\ZZYCCbl.exe
  2⤵
  PID:10644
- C:\Windows\System\bFifCok.exe
  C:\Windows\System\bFifCok.exe
  2⤵
  PID:10736
- C:\Windows\System\nqqslVE.exe
  C:\Windows\System\nqqslVE.exe
  2⤵
  PID:10832
- C:\Windows\System\VLUUslh.exe
  C:\Windows\System\VLUUslh.exe
  2⤵
  PID:10992
- C:\Windows\System\NsASWIm.exe
  C:\Windows\System\NsASWIm.exe
  2⤵
  PID:11168
- C:\Windows\System\HzGKRQt.exe
  C:\Windows\System\HzGKRQt.exe
  2⤵
  PID:10360
- C:\Windows\System\IAFSHNz.exe
  C:\Windows\System\IAFSHNz.exe
  2⤵
  PID:3196
- C:\Windows\System\IUbioxP.exe
  C:\Windows\System\IUbioxP.exe
  2⤵
  PID:10860
- C:\Windows\System\TtIuiId.exe
  C:\Windows\System\TtIuiId.exe
  2⤵
  PID:10300
- C:\Windows\System\HOSNCJK.exe
  C:\Windows\System\HOSNCJK.exe
  2⤵
  PID:11196
- C:\Windows\System\ogPyHhY.exe
  C:\Windows\System\ogPyHhY.exe
  2⤵
  PID:3464
- C:\Windows\System\lFTjeYl.exe
  C:\Windows\System\lFTjeYl.exe
  2⤵
  PID:11288
- C:\Windows\System\AljcfCt.exe
  C:\Windows\System\AljcfCt.exe
  2⤵
  PID:11308
- C:\Windows\System\UdWgnew.exe
  C:\Windows\System\UdWgnew.exe
  2⤵
  PID:11324
- C:\Windows\System\YvpKgNP.exe
  C:\Windows\System\YvpKgNP.exe
  2⤵
  PID:11368
- C:\Windows\System\ysguRKa.exe
  C:\Windows\System\ysguRKa.exe
  2⤵
  PID:11420
- C:\Windows\System\WPvZcMa.exe
  C:\Windows\System\WPvZcMa.exe
  2⤵
  PID:11456
- C:\Windows\System\GuibLzL.exe
  C:\Windows\System\GuibLzL.exe
  2⤵
  PID:11484
- C:\Windows\System\qSXuLBc.exe
  C:\Windows\System\qSXuLBc.exe
  2⤵
  PID:11500
- C:\Windows\System\TJzfSyl.exe
  C:\Windows\System\TJzfSyl.exe
  2⤵
  PID:11552
- C:\Windows\System\wdcQDGr.exe
  C:\Windows\System\wdcQDGr.exe
  2⤵
  PID:11576
- C:\Windows\System\dtWKTGc.exe
  C:\Windows\System\dtWKTGc.exe
  2⤵
  PID:11608
- C:\Windows\System\WuAeWeI.exe
  C:\Windows\System\WuAeWeI.exe
  2⤵
  PID:11640
- C:\Windows\System\oeDLPve.exe
  C:\Windows\System\oeDLPve.exe
  2⤵
  PID:11680
- C:\Windows\System\rCNYZGA.exe
  C:\Windows\System\rCNYZGA.exe
  2⤵
  PID:11700
- C:\Windows\System\GjqeVXC.exe
  C:\Windows\System\GjqeVXC.exe
  2⤵
  PID:11728
- C:\Windows\System\sAPtyeu.exe
  C:\Windows\System\sAPtyeu.exe
  2⤵
  PID:11756
- C:\Windows\System\xsSsKOF.exe
  C:\Windows\System\xsSsKOF.exe
  2⤵
  PID:11784
- C:\Windows\System\XCLYLzD.exe
  C:\Windows\System\XCLYLzD.exe
  2⤵
  PID:11812
- C:\Windows\System\RtOaARH.exe
  C:\Windows\System\RtOaARH.exe
  2⤵
  PID:11840
- C:\Windows\System\CIYoFuf.exe
  C:\Windows\System\CIYoFuf.exe
  2⤵
  PID:11868
- C:\Windows\System\TSrdcvj.exe
  C:\Windows\System\TSrdcvj.exe
  2⤵
  PID:11896
- C:\Windows\System\dCigYVw.exe
  C:\Windows\System\dCigYVw.exe
  2⤵
  PID:11924
- C:\Windows\System\EpMUeOS.exe
  C:\Windows\System\EpMUeOS.exe
  2⤵
  PID:11952
- C:\Windows\System\RCdkGGF.exe
  C:\Windows\System\RCdkGGF.exe
  2⤵
  PID:11984
- C:\Windows\System\iRErDrX.exe
  C:\Windows\System\iRErDrX.exe
  2⤵
  PID:12012
- C:\Windows\System\NtOgHsJ.exe
  C:\Windows\System\NtOgHsJ.exe
  2⤵
  PID:12040
- C:\Windows\System\oNnUXSN.exe
  C:\Windows\System\oNnUXSN.exe
  2⤵
  PID:12068
- C:\Windows\System\XSEgqDp.exe
  C:\Windows\System\XSEgqDp.exe
  2⤵
  PID:12096
- C:\Windows\System\TPXtLMr.exe
  C:\Windows\System\TPXtLMr.exe
  2⤵
  PID:12124
- C:\Windows\System\IrEfWcx.exe
  C:\Windows\System\IrEfWcx.exe
  2⤵
  PID:12156
- C:\Windows\System\weUkixt.exe
  C:\Windows\System\weUkixt.exe
  2⤵
  PID:12184
- C:\Windows\System\YAfYBDB.exe
  C:\Windows\System\YAfYBDB.exe
  2⤵
  PID:12212
- C:\Windows\System\KUyKpmW.exe
  C:\Windows\System\KUyKpmW.exe
  2⤵
  PID:12240
- C:\Windows\System\sUxLMSF.exe
  C:\Windows\System\sUxLMSF.exe
  2⤵
  PID:12268
- C:\Windows\System\kYpJDqZ.exe
  C:\Windows\System\kYpJDqZ.exe
  2⤵
  PID:4884
- C:\Windows\System\yiXlevB.exe
  C:\Windows\System\yiXlevB.exe
  2⤵
  PID:4896
- C:\Windows\System\ZzJeICC.exe
  C:\Windows\System\ZzJeICC.exe
  2⤵
  PID:2080
- C:\Windows\System\bcrRbBl.exe
  C:\Windows\System\bcrRbBl.exe
  2⤵
  PID:11412
- C:\Windows\System\nlglcVO.exe
  C:\Windows\System\nlglcVO.exe
  2⤵
  PID:11376
- C:\Windows\System\tBRMyIi.exe
  C:\Windows\System\tBRMyIi.exe
  2⤵
  PID:11508
- C:\Windows\System\wjaElTp.exe
  C:\Windows\System\wjaElTp.exe
  2⤵
  PID:968
- C:\Windows\System\jEpdzTj.exe
  C:\Windows\System\jEpdzTj.exe
  2⤵
  PID:5196
- C:\Windows\System\vITbbzm.exe
  C:\Windows\System\vITbbzm.exe
  2⤵
  PID:3888
- C:\Windows\System\QxpZsIV.exe
  C:\Windows\System\QxpZsIV.exe
  2⤵
  PID:3276
- C:\Windows\System\KNHoFkQ.exe
  C:\Windows\System\KNHoFkQ.exe
  2⤵
  PID:5516
- C:\Windows\System\zNSdyHz.exe
  C:\Windows\System\zNSdyHz.exe
  2⤵
  PID:2864
- C:\Windows\System\qZbBRPT.exe
  C:\Windows\System\qZbBRPT.exe
  2⤵
  PID:3044
- C:\Windows\System\VrtWErj.exe
  C:\Windows\System\VrtWErj.exe
  2⤵
  PID:11604
- C:\Windows\System\NzzRQbn.exe
  C:\Windows\System\NzzRQbn.exe
  2⤵
  PID:11628
- C:\Windows\System\YOiaGkS.exe
  C:\Windows\System\YOiaGkS.exe
  2⤵
  PID:11660
- C:\Windows\System\gEJyPcP.exe
  C:\Windows\System\gEJyPcP.exe
  2⤵
  PID:11692
- C:\Windows\System\LaxkKrZ.exe
  C:\Windows\System\LaxkKrZ.exe
  2⤵
  PID:6008
- C:\Windows\System\pEBDfYG.exe
  C:\Windows\System\pEBDfYG.exe
  2⤵
  PID:3556
- C:\Windows\System\hxjNTTi.exe
  C:\Windows\System\hxjNTTi.exe
  2⤵
  PID:11768
- C:\Windows\System\kIDCGXS.exe
  C:\Windows\System\kIDCGXS.exe
  2⤵
  PID:4164
- C:\Windows\System\WgkRgEG.exe
  C:\Windows\System\WgkRgEG.exe
  2⤵
  PID:1072
- C:\Windows\System\sZlKjEO.exe
  C:\Windows\System\sZlKjEO.exe
  2⤵
  PID:3608
- C:\Windows\System\KoFTmYh.exe
  C:\Windows\System\KoFTmYh.exe
  2⤵
  PID:672
- C:\Windows\System\OXNbjJn.exe
  C:\Windows\System\OXNbjJn.exe
  2⤵
  PID:11920
- C:\Windows\System\wkwCUSX.exe
  C:\Windows\System\wkwCUSX.exe
  2⤵
  PID:3700
- C:\Windows\System\ZIyOQFZ.exe
  C:\Windows\System\ZIyOQFZ.exe
  2⤵
  PID:11980
- C:\Windows\System\mGBfSkP.exe
  C:\Windows\System\mGBfSkP.exe
  2⤵
  PID:964
- C:\Windows\System\fGboctK.exe
  C:\Windows\System\fGboctK.exe
  2⤵
  PID:12036
- C:\Windows\System\ODTJRUu.exe
  C:\Windows\System\ODTJRUu.exe
  2⤵
  PID:12080
- C:\Windows\System\RotCqQR.exe
  C:\Windows\System\RotCqQR.exe
  2⤵
  PID:12120
- C:\Windows\System\ZDyGgTp.exe
  C:\Windows\System\ZDyGgTp.exe
  2⤵
  PID:3760
- C:\Windows\System\UuTrMzi.exe
  C:\Windows\System\UuTrMzi.exe
  2⤵
  PID:12168
- C:\Windows\System\zsczQue.exe
  C:\Windows\System\zsczQue.exe
  2⤵
  PID:264
- C:\Windows\System\icFbnOp.exe
  C:\Windows\System\icFbnOp.exe
  2⤵
  PID:12232
- C:\Windows\System\FMwfIYd.exe
  C:\Windows\System\FMwfIYd.exe
  2⤵
  PID:1808
- C:\Windows\System\pvdvSHX.exe
  C:\Windows\System\pvdvSHX.exe
  2⤵
  PID:11320
- C:\Windows\System\qhGJgSu.exe
  C:\Windows\System\qhGJgSu.exe
  2⤵
  PID:5964
- C:\Windows\System\IMUSXiL.exe
  C:\Windows\System\IMUSXiL.exe
  2⤵
  PID:11468
- C:\Windows\System\xfiEcmj.exe
  C:\Windows\System\xfiEcmj.exe
  2⤵
  PID:2052
- C:\Windows\System\ABWxCdf.exe
  C:\Windows\System\ABWxCdf.exe
  2⤵
  PID:5004
- C:\Windows\System\dZxcbxu.exe
  C:\Windows\System\dZxcbxu.exe
  2⤵
  PID:1136
- C:\Windows\System\MDgqfnD.exe
  C:\Windows\System\MDgqfnD.exe
  2⤵
  PID:6152
- C:\Windows\System\Piznzka.exe
  C:\Windows\System\Piznzka.exe
  2⤵
  PID:6180
- C:\Windows\System\LwzGdGr.exe
  C:\Windows\System\LwzGdGr.exe
  2⤵
  PID:4644
- C:\Windows\System\wcSPPcT.exe
  C:\Windows\System\wcSPPcT.exe
  2⤵
  PID:4300
- C:\Windows\System\gjXMVsd.exe
  C:\Windows\System\gjXMVsd.exe
  2⤵
  PID:11696
- C:\Windows\System\ftWkBjr.exe
  C:\Windows\System\ftWkBjr.exe
  2⤵
  PID:6348
- C:\Windows\System\FYKllCU.exe
  C:\Windows\System\FYKllCU.exe
  2⤵
  PID:1820
- C:\Windows\System\IaKrdfR.exe
  C:\Windows\System\IaKrdfR.exe
  2⤵
  PID:4456
- C:\Windows\System\QxbjAbv.exe
  C:\Windows\System\QxbjAbv.exe
  2⤵
  PID:11852
- C:\Windows\System\QpKbNes.exe
  C:\Windows\System\QpKbNes.exe
  2⤵
  PID:6492
- C:\Windows\System\vCRKhJJ.exe
  C:\Windows\System\vCRKhJJ.exe
  2⤵
  PID:11972
- C:\Windows\System\pirDbcb.exe
  C:\Windows\System\pirDbcb.exe
  2⤵
  PID:6556
- C:\Windows\System\jRJRdyt.exe
  C:\Windows\System\jRJRdyt.exe
  2⤵
  PID:12108
- C:\Windows\System\YieGMVP.exe
  C:\Windows\System\YieGMVP.exe
  2⤵
  PID:6604
- C:\Windows\System\lZQdVvd.exe
  C:\Windows\System\lZQdVvd.exe
  2⤵
  PID:3320
- C:\Windows\System\fnRdouI.exe
  C:\Windows\System\fnRdouI.exe
  2⤵
  PID:4664
- C:\Windows\System\OVhWwOW.exe
  C:\Windows\System\OVhWwOW.exe
  2⤵
  PID:12204
- C:\Windows\System\LFcSwPX.exe
  C:\Windows\System\LFcSwPX.exe
  2⤵
  PID:4296
- C:\Windows\System\EbgdRVc.exe
  C:\Windows\System\EbgdRVc.exe
  2⤵
  PID:6744
- C:\Windows\System\dXFbbiF.exe
  C:\Windows\System\dXFbbiF.exe
  2⤵
  PID:5632
- C:\Windows\System\uYnCawe.exe
  C:\Windows\System\uYnCawe.exe
  2⤵
  PID:5656
- C:\Windows\System\XBsMonK.exe
  C:\Windows\System\XBsMonK.exe
  2⤵
  PID:6788
- C:\Windows\System\xHZOiek.exe
  C:\Windows\System\xHZOiek.exe
  2⤵
  PID:5700
- C:\Windows\System\WOSBYQx.exe
  C:\Windows\System\WOSBYQx.exe
  2⤵
  PID:2908
- C:\Windows\System\TrPPKmr.exe
  C:\Windows\System\TrPPKmr.exe
  2⤵
  PID:5736
- C:\Windows\System\sQhnXZb.exe
  C:\Windows\System\sQhnXZb.exe
  2⤵
  PID:5604
- C:\Windows\System\EpngBIH.exe
  C:\Windows\System\EpngBIH.exe
  2⤵
  PID:5788
- C:\Windows\System\ShQmFgd.exe
  C:\Windows\System\ShQmFgd.exe
  2⤵
  PID:5784
- C:\Windows\System\vtcONSY.exe
  C:\Windows\System\vtcONSY.exe
  2⤵
  PID:6912
- C:\Windows\System\LihOuoe.exe
  C:\Windows\System\LihOuoe.exe
  2⤵
  PID:5804
- C:\Windows\System\MXnaOGS.exe
  C:\Windows\System\MXnaOGS.exe
  2⤵
  PID:5404
- C:\Windows\System\DdQEqoL.exe
  C:\Windows\System\DdQEqoL.exe
  2⤵
  PID:6000
- C:\Windows\System\PUQJKnC.exe
  C:\Windows\System\PUQJKnC.exe
  2⤵
  PID:5844
- C:\Windows\System\cDXlyQK.exe
  C:\Windows\System\cDXlyQK.exe
  2⤵
  PID:6076
- C:\Windows\System\DvLZaTT.exe
  C:\Windows\System\DvLZaTT.exe
  2⤵
  PID:5596
- C:\Windows\System\PjVExdF.exe
  C:\Windows\System\PjVExdF.exe
  2⤵
  PID:4200
- C:\Windows\System\vSubYTK.exe
  C:\Windows\System\vSubYTK.exe
  2⤵
  PID:6060
- C:\Windows\System\uDRtrbT.exe
  C:\Windows\System\uDRtrbT.exe
  2⤵
  PID:2396
- C:\Windows\System\xhpjmsA.exe
  C:\Windows\System\xhpjmsA.exe
  2⤵
  PID:4260
- C:\Windows\System\bKTaxWA.exe
  C:\Windows\System\bKTaxWA.exe
  2⤵
  PID:4836
- C:\Windows\System\UfbBadM.exe
  C:\Windows\System\UfbBadM.exe
  2⤵
  PID:6200
- C:\Windows\System\fDpUMNQ.exe
  C:\Windows\System\fDpUMNQ.exe
  2⤵
  PID:6632
- C:\Windows\System\WvuAoUb.exe
  C:\Windows\System\WvuAoUb.exe
  2⤵
  PID:12196
- C:\Windows\System\niJWLEo.exe
  C:\Windows\System\niJWLEo.exe
  2⤵
  PID:6700
- C:\Windows\System\DLOvzHM.exe
  C:\Windows\System\DLOvzHM.exe
  2⤵
  PID:5812
- C:\Windows\System\tmPmELb.exe
  C:\Windows\System\tmPmELb.exe
  2⤵
  PID:6572
- C:\Windows\System\VHfpBoR.exe
  C:\Windows\System\VHfpBoR.exe
  2⤵
  PID:6860
- C:\Windows\System\kFHhbKC.exe
  C:\Windows\System\kFHhbKC.exe
  2⤵
  PID:5892
- C:\Windows\System\oWDtoSw.exe
  C:\Windows\System\oWDtoSw.exe
  2⤵
  PID:5612
- C:\Windows\System\SRJkRiB.exe
  C:\Windows\System\SRJkRiB.exe
  2⤵
  PID:5920
- C:\Windows\System\uzlGtLM.exe
  C:\Windows\System\uzlGtLM.exe
  2⤵
  PID:7164
- C:\Windows\System\ROnIGkJ.exe
  C:\Windows\System\ROnIGkJ.exe
  2⤵
  PID:5984
- C:\Windows\System\xFxvogV.exe
  C:\Windows\System\xFxvogV.exe
  2⤵
  PID:6996
- C:\Windows\System\VrnJXnE.exe
  C:\Windows\System\VrnJXnE.exe
  2⤵
  PID:216
- C:\Windows\System\TjPuJuZ.exe
  C:\Windows\System\TjPuJuZ.exe
  2⤵
  PID:5824
- C:\Windows\System\pLPexrC.exe
  C:\Windows\System\pLPexrC.exe
  2⤵
  PID:6408
- C:\Windows\System\gkgwayk.exe
  C:\Windows\System\gkgwayk.exe
  2⤵
  PID:7144
- C:\Windows\System\dYXpgtx.exe
  C:\Windows\System\dYXpgtx.exe
  2⤵
  PID:2344
- C:\Windows\System\wZApaJR.exe
  C:\Windows\System\wZApaJR.exe
  2⤵
  PID:7024
- C:\Windows\System\pOPBFAu.exe
  C:\Windows\System\pOPBFAu.exe
  2⤵
  PID:6708
- C:\Windows\System\FiKDmJP.exe
  C:\Windows\System\FiKDmJP.exe
  2⤵
  PID:5580
- C:\Windows\System\KeAuAMt.exe
  C:\Windows\System\KeAuAMt.exe
  2⤵
  PID:5944
- C:\Windows\System\wjrDZcp.exe
  C:\Windows\System\wjrDZcp.exe
  2⤵
  PID:6800
- C:\Windows\System\cqaExDs.exe
  C:\Windows\System\cqaExDs.exe
  2⤵
  PID:6888
- C:\Windows\System\zoQFqIi.exe
  C:\Windows\System\zoQFqIi.exe
  2⤵
  PID:2124
- C:\Windows\System\BSLhVQp.exe
  C:\Windows\System\BSLhVQp.exe
  2⤵
  PID:6220
- C:\Windows\System\bCVXvwe.exe
  C:\Windows\System\bCVXvwe.exe
  2⤵
  PID:2928
- C:\Windows\System\OrGFXvL.exe
  C:\Windows\System\OrGFXvL.exe
  2⤵
  PID:7032
- C:\Windows\System\bPgrKdP.exe
  C:\Windows\System\bPgrKdP.exe
  2⤵
  PID:2460
- C:\Windows\System\INuncaZ.exe
  C:\Windows\System\INuncaZ.exe
  2⤵
  PID:3872
- C:\Windows\System\fqVYNVG.exe
  C:\Windows\System\fqVYNVG.exe
  2⤵
  PID:7224
- C:\Windows\System\WoAtXWd.exe
  C:\Windows\System\WoAtXWd.exe
  2⤵
  PID:2064
- C:\Windows\System\pTapXxi.exe
  C:\Windows\System\pTapXxi.exe
  2⤵
  PID:5800
- C:\Windows\System\FMtKWoA.exe
  C:\Windows\System\FMtKWoA.exe
  2⤵
  PID:7344
- C:\Windows\System\WAgemyH.exe
  C:\Windows\System\WAgemyH.exe
  2⤵
  PID:7392
- C:\Windows\System\uJbXsaq.exe
  C:\Windows\System\uJbXsaq.exe
  2⤵
  PID:7428
- C:\Windows\System\QbzMkvd.exe
  C:\Windows\System\QbzMkvd.exe
  2⤵
  PID:212
- C:\Windows\System\oMKCLFU.exe
  C:\Windows\System\oMKCLFU.exe
  2⤵
  PID:1584
- C:\Windows\System\EpHSKmu.exe
  C:\Windows\System\EpHSKmu.exe
  2⤵
  PID:7512
- C:\Windows\System\iBvhkry.exe
  C:\Windows\System\iBvhkry.exe
  2⤵
  PID:11528
- C:\Windows\System\VFaviFx.exe
  C:\Windows\System\VFaviFx.exe
  2⤵
  PID:6876
- C:\Windows\System\EyrFWnN.exe
  C:\Windows\System\EyrFWnN.exe
  2⤵
  PID:7628
- C:\Windows\System\LVYPGdy.exe
  C:\Windows\System\LVYPGdy.exe
  2⤵
  PID:4336
- C:\Windows\System\jlNykrq.exe
  C:\Windows\System\jlNykrq.exe
  2⤵
  PID:11884
- C:\Windows\System\RpIlIlp.exe
  C:\Windows\System\RpIlIlp.exe
  2⤵
  PID:7372
- C:\Windows\System\JTNDiay.exe
  C:\Windows\System\JTNDiay.exe
  2⤵
  PID:6208
- C:\Windows\System\AZZrobD.exe
  C:\Windows\System\AZZrobD.exe
  2⤵
  PID:7016
- C:\Windows\System\OTZQVEf.exe
  C:\Windows\System\OTZQVEf.exe
  2⤵
  PID:7868
- C:\Windows\System\PKIJlPV.exe
  C:\Windows\System\PKIJlPV.exe
  2⤵
  PID:7848
- C:\Windows\System\vrGijGV.exe
  C:\Windows\System\vrGijGV.exe
  2⤵
  PID:7956
- C:\Windows\System\taGdlOL.exe
  C:\Windows\System\taGdlOL.exe
  2⤵
  PID:7964
- C:\Windows\System\RkZHfhB.exe
  C:\Windows\System\RkZHfhB.exe
  2⤵
  PID:7744
- C:\Windows\System\itTZOFB.exe
  C:\Windows\System\itTZOFB.exe
  2⤵
  PID:8104
- C:\Windows\System\AVpRCEQ.exe
  C:\Windows\System\AVpRCEQ.exe
  2⤵
  PID:8116
- C:\Windows\System\jxuAErT.exe
  C:\Windows\System\jxuAErT.exe
  2⤵
  PID:12316
- C:\Windows\System\tqEOJMw.exe
  C:\Windows\System\tqEOJMw.exe
  2⤵
  PID:12344
- C:\Windows\System\TWgjsaJ.exe
  C:\Windows\System\TWgjsaJ.exe
  2⤵
  PID:12372
- C:\Windows\System\WfDflml.exe
  C:\Windows\System\WfDflml.exe
  2⤵
  PID:12400
- C:\Windows\System\rGPjtbF.exe
  C:\Windows\System\rGPjtbF.exe
  2⤵
  PID:12428
- C:\Windows\System\gJnqpxF.exe
  C:\Windows\System\gJnqpxF.exe
  2⤵
  PID:12456
- C:\Windows\System\aXmHdqb.exe
  C:\Windows\System\aXmHdqb.exe
  2⤵
  PID:12484
- C:\Windows\System\gyoSFCu.exe
  C:\Windows\System\gyoSFCu.exe
  2⤵
  PID:12512
- C:\Windows\System\vhTUARb.exe
  C:\Windows\System\vhTUARb.exe
  2⤵
  PID:12540
- C:\Windows\System\jghrSdy.exe
  C:\Windows\System\jghrSdy.exe
  2⤵
  PID:12572
- C:\Windows\System\csXvtcq.exe
  C:\Windows\System\csXvtcq.exe
  2⤵
  PID:12600
- C:\Windows\System\uStwwrK.exe
  C:\Windows\System\uStwwrK.exe
  2⤵
  PID:12628
- C:\Windows\System\OsUXnJe.exe
  C:\Windows\System\OsUXnJe.exe
  2⤵
  PID:12656
- C:\Windows\System\KPRwVmH.exe
  C:\Windows\System\KPRwVmH.exe
  2⤵
  PID:12684
- C:\Windows\System\KHXxVIy.exe
  C:\Windows\System\KHXxVIy.exe
  2⤵
  PID:12712
- C:\Windows\System\kIqPoVr.exe
  C:\Windows\System\kIqPoVr.exe
  2⤵
  PID:12740
- C:\Windows\System\zmoueLc.exe
  C:\Windows\System\zmoueLc.exe
  2⤵
  PID:12768
- C:\Windows\System\fXLiLRj.exe
  C:\Windows\System\fXLiLRj.exe
  2⤵
  PID:12796
- C:\Windows\System\lMHUvYA.exe
  C:\Windows\System\lMHUvYA.exe
  2⤵
  PID:12824
- C:\Windows\System\EYXttsL.exe
  C:\Windows\System\EYXttsL.exe
  2⤵
  PID:12852
- C:\Windows\System\RpECXUB.exe
  C:\Windows\System\RpECXUB.exe
  2⤵
  PID:12880
- C:\Windows\System\KTUjEpI.exe
  C:\Windows\System\KTUjEpI.exe
  2⤵
  PID:12908
- C:\Windows\System\AbJnryX.exe
  C:\Windows\System\AbJnryX.exe
  2⤵
  PID:12936
- C:\Windows\System\RDPnriB.exe
  C:\Windows\System\RDPnriB.exe
  2⤵
  PID:12964
- C:\Windows\System\vKCJlZZ.exe
  C:\Windows\System\vKCJlZZ.exe
  2⤵
  PID:12992
- C:\Windows\System\CCqPEby.exe
  C:\Windows\System\CCqPEby.exe
  2⤵
  PID:13020
- C:\Windows\System\feqFvEs.exe
  C:\Windows\System\feqFvEs.exe
  2⤵
  PID:13048
- C:\Windows\System\HORIMLe.exe
  C:\Windows\System\HORIMLe.exe
  2⤵
  PID:13076
- C:\Windows\System\HQUoQHB.exe
  C:\Windows\System\HQUoQHB.exe
  2⤵
  PID:13108
- C:\Windows\System\QTAMhUa.exe
  C:\Windows\System\QTAMhUa.exe
  2⤵
  PID:13136
- C:\Windows\System\xINKOXa.exe
  C:\Windows\System\xINKOXa.exe
  2⤵
  PID:13164
- C:\Windows\System\iOGHMae.exe
  C:\Windows\System\iOGHMae.exe
  2⤵
  PID:13192
- C:\Windows\System\iBspLNB.exe
  C:\Windows\System\iBspLNB.exe
  2⤵
  PID:13220
- C:\Windows\System\KjoupwM.exe
  C:\Windows\System\KjoupwM.exe
  2⤵
  PID:13248
- C:\Windows\System\brTdeuB.exe
  C:\Windows\System\brTdeuB.exe
  2⤵
  PID:13284
- C:\Windows\System\kUatill.exe
  C:\Windows\System\kUatill.exe
  2⤵
  PID:13308
- C:\Windows\System\nCcyKFc.exe
  C:\Windows\System\nCcyKFc.exe
  2⤵
  PID:8176
- C:\Windows\System\xpiHDAB.exe
  C:\Windows\System\xpiHDAB.exe
  2⤵
  PID:4668
- C:\Windows\System\RkGstdf.exe
  C:\Windows\System\RkGstdf.exe
  2⤵
  PID:12384
- C:\Windows\System\YGezdYm.exe
  C:\Windows\System\YGezdYm.exe
  2⤵
  PID:7388
- C:\Windows\System\icefdMp.exe
  C:\Windows\System\icefdMp.exe
  2⤵
  PID:7280
- C:\Windows\System\swrASwE.exe
  C:\Windows\System\swrASwE.exe
  2⤵
  PID:7624
- C:\Windows\System\BlEfacb.exe
  C:\Windows\System\BlEfacb.exe
  2⤵
  PID:7728
- C:\Windows\System\fNXNbLc.exe
  C:\Windows\System\fNXNbLc.exe
  2⤵
  PID:7812
- C:\Windows\System\FMfVkKL.exe
  C:\Windows\System\FMfVkKL.exe
  2⤵
  PID:12584
- C:\Windows\System\uYiOIuB.exe
  C:\Windows\System\uYiOIuB.exe
  2⤵
  PID:7988
- C:\Windows\System\gRBiFsX.exe
  C:\Windows\System\gRBiFsX.exe
  2⤵
  PID:12652
- C:\Windows\System\DvDoHtU.exe
  C:\Windows\System\DvDoHtU.exe
  2⤵
  PID:12704
- C:\Windows\System\sbloHWw.exe
  C:\Windows\System\sbloHWw.exe
  2⤵
  PID:12752
- C:\Windows\System\eTpvFAD.exe
  C:\Windows\System\eTpvFAD.exe
  2⤵
  PID:12792
- C:\Windows\System\jEFFXOh.exe
  C:\Windows\System\jEFFXOh.exe
  2⤵
  PID:7856
- C:\Windows\System\rfdQXUc.exe
  C:\Windows\System\rfdQXUc.exe
  2⤵
  PID:12892
- C:\Windows\System\WkVwRIC.exe
  C:\Windows\System\WkVwRIC.exe
  2⤵
  PID:5608
- C:\Windows\System\TawZJVf.exe
  C:\Windows\System\TawZJVf.exe
  2⤵
  PID:4144
- C:\Windows\System\kPvpspC.exe
  C:\Windows\System\kPvpspC.exe
  2⤵
  PID:13040
- C:\Windows\System\bmSopNN.exe
  C:\Windows\System\bmSopNN.exe
  2⤵
  PID:13060
- C:\Windows\System\tqDMmkj.exe
  C:\Windows\System\tqDMmkj.exe
  2⤵
  PID:13100
- C:\Windows\System\qVWkyjL.exe
  C:\Windows\System\qVWkyjL.exe
  2⤵
  PID:7368
- C:\Windows\System\RATaCxH.exe
  C:\Windows\System\RATaCxH.exe
  2⤵
  PID:13156
- C:\Windows\System\ItZcmdc.exe
  C:\Windows\System\ItZcmdc.exe
  2⤵
  PID:7888
- C:\Windows\System\WnaoFnF.exe
  C:\Windows\System\WnaoFnF.exe
  2⤵
  PID:13240
- C:\Windows\System\KvgYOzd.exe
  C:\Windows\System\KvgYOzd.exe
  2⤵
  PID:13268
- C:\Windows\System\QiGkdTm.exe
  C:\Windows\System\QiGkdTm.exe
  2⤵
  PID:8200
- C:\Windows\System\keurEjY.exe
  C:\Windows\System\keurEjY.exe
  2⤵
  PID:12328
- C:\Windows\System\cugKecV.exe
  C:\Windows\System\cugKecV.exe
  2⤵
  PID:8272
- C:\Windows\System\bMsxCWr.exe
  C:\Windows\System\bMsxCWr.exe
  2⤵
  PID:7432
- C:\Windows\System\XTCwlbd.exe
  C:\Windows\System\XTCwlbd.exe
  2⤵
  PID:8352
- C:\Windows\System\unhEwqF.exe
  C:\Windows\System\unhEwqF.exe
  2⤵
  PID:12508
- C:\Windows\System\ryEkBmu.exe
  C:\Windows\System\ryEkBmu.exe
  2⤵
  PID:13104
- C:\Windows\System\OPgcJWo.exe
  C:\Windows\System\OPgcJWo.exe
  2⤵
  PID:7916
- C:\Windows\System\QdWxQfT.exe
  C:\Windows\System\QdWxQfT.exe
  2⤵
  PID:8528
- C:\Windows\System\GVZykTs.exe
  C:\Windows\System\GVZykTs.exe
  2⤵
  PID:12696
- C:\Windows\System\fYwimLO.exe
  C:\Windows\System\fYwimLO.exe
  2⤵
  PID:8612
- C:\Windows\System\meZigny.exe
  C:\Windows\System\meZigny.exe
  2⤵
  PID:8644
- C:\Windows\System\ntqdAfR.exe
  C:\Windows\System\ntqdAfR.exe
  2⤵
  PID:12876
- C:\Windows\System\TPADVvV.exe
  C:\Windows\System\TPADVvV.exe
  2⤵
  PID:8720
- C:\Windows\System\zWwsNtA.exe
  C:\Windows\System\zWwsNtA.exe
  2⤵
  PID:8792
- C:\Windows\System\uPnxjEX.exe
  C:\Windows\System\uPnxjEX.exe
  2⤵
  PID:8848
- C:\Windows\System\EEyKNhC.exe
  C:\Windows\System\EEyKNhC.exe
  2⤵
  PID:13096
- C:\Windows\System\fcFOZCr.exe
  C:\Windows\System\fcFOZCr.exe
  2⤵
  PID:13120
- C:\Windows\System\qkbnvws.exe
  C:\Windows\System\qkbnvws.exe
  2⤵
  PID:3684
- C:\Windows\System\SqYMRff.exe
  C:\Windows\System\SqYMRff.exe
  2⤵
  PID:9008
- C:\Windows\System\TpKcifF.exe
  C:\Windows\System\TpKcifF.exe
  2⤵
  PID:8016
- C:\Windows\System\UaxyUkD.exe
  C:\Windows\System\UaxyUkD.exe
  2⤵
  PID:12736
- C:\Windows\System\wdjoWVB.exe
  C:\Windows\System\wdjoWVB.exe
  2⤵
  PID:9136
- C:\Windows\System\VIVaAPw.exe
  C:\Windows\System\VIVaAPw.exe
  2⤵
  PID:8312
- C:\Windows\System\ryxAron.exe
  C:\Windows\System\ryxAron.exe
  2⤵
  PID:8204
- C:\Windows\System\pZZsRQB.exe
  C:\Windows\System\pZZsRQB.exe
  2⤵
  PID:8320
- C:\Windows\System\wdcgYVd.exe
  C:\Windows\System\wdcgYVd.exe
  2⤵
  PID:8484
- C:\Windows\System\gXLmMpU.exe
  C:\Windows\System\gXLmMpU.exe
  2⤵
  PID:8492
- C:\Windows\System\rUzihbl.exe
  C:\Windows\System\rUzihbl.exe
  2⤵
  PID:8648
- C:\Windows\System\PwqSLyr.exe
  C:\Windows\System\PwqSLyr.exe
  2⤵
  PID:8712
- C:\Windows\System\mEFOEjR.exe
  C:\Windows\System\mEFOEjR.exe
  2⤵
  PID:12872
- C:\Windows\System\ubXsBYb.exe
  C:\Windows\System\ubXsBYb.exe
  2⤵
  PID:12988
- C:\Windows\System\xjZXIcY.exe
  C:\Windows\System\xjZXIcY.exe
  2⤵
  PID:13008
- C:\Windows\System\mvimPzm.exe
  C:\Windows\System\mvimPzm.exe
  2⤵
  PID:8992
- C:\Windows\System\SaPghfZ.exe
  C:\Windows\System\SaPghfZ.exe
  2⤵
  PID:13216
- C:\Windows\System\MarOHoy.exe
  C:\Windows\System\MarOHoy.exe
  2⤵
  PID:4932
- C:\Windows\System\kOAoQFA.exe
  C:\Windows\System\kOAoQFA.exe
  2⤵
  PID:9100
- C:\Windows\System\NSEcDvq.exe
  C:\Windows\System\NSEcDvq.exe
  2⤵
  PID:8336
- C:\Windows\System\TfbgwVw.exe
  C:\Windows\System\TfbgwVw.exe
  2⤵
  PID:8632
- C:\Windows\System\KnYNDtj.exe
  C:\Windows\System\KnYNDtj.exe
  2⤵
  PID:8788
- C:\Windows\System\LSlnRtX.exe
  C:\Windows\System\LSlnRtX.exe
  2⤵
  PID:9112
- C:\Windows\System\DICejJB.exe
  C:\Windows\System\DICejJB.exe
  2⤵
  PID:6916
- C:\Windows\System\HgKjdBk.exe
  C:\Windows\System\HgKjdBk.exe
  2⤵
  PID:8680
- C:\Windows\System\BBfmXGi.exe
  C:\Windows\System\BBfmXGi.exe
  2⤵
  PID:8844
- C:\Windows\System\utxOIMc.exe
  C:\Windows\System\utxOIMc.exe
  2⤵
  PID:4308
- C:\Windows\System\PaAxHUp.exe
  C:\Windows\System\PaAxHUp.exe
  2⤵
  PID:6500
- C:\Windows\System\PMjtQye.exe
  C:\Windows\System\PMjtQye.exe
  2⤵
  PID:6608
- C:\Windows\System\PdImMzZ.exe
  C:\Windows\System\PdImMzZ.exe
  2⤵
  PID:13296
- C:\Windows\System\UJDBTsF.exe
  C:\Windows\System\UJDBTsF.exe
  2⤵
  PID:8464
- C:\Windows\System\eXkcxUz.exe
  C:\Windows\System\eXkcxUz.exe
  2⤵
  PID:8828
- C:\Windows\System\CVSZIrm.exe
  C:\Windows\System\CVSZIrm.exe
  2⤵
  PID:8260
- C:\Windows\System\gnwnMcm.exe
  C:\Windows\System\gnwnMcm.exe
  2⤵
  PID:9040
- C:\Windows\System\CHbezju.exe
  C:\Windows\System\CHbezju.exe
  2⤵
  PID:13128
- C:\Windows\System\nOuUvLf.exe
  C:\Windows\System\nOuUvLf.exe
  2⤵
  PID:8376
- C:\Windows\System\AsiviGS.exe
  C:\Windows\System\AsiviGS.exe
  2⤵
  PID:6992
- C:\Windows\System\YGexCPC.exe
  C:\Windows\System\YGexCPC.exe
  2⤵
  PID:9480
- C:\Windows\System\nvmslwy.exe
  C:\Windows\System\nvmslwy.exe
  2⤵
  PID:9492
- C:\Windows\System\ousjODi.exe
  C:\Windows\System\ousjODi.exe
  2⤵
  PID:9512
- C:\Windows\System\kroWPrz.exe
  C:\Windows\System\kroWPrz.exe
  2⤵
  PID:8408
- C:\Windows\System\FEmuKOL.exe
  C:\Windows\System\FEmuKOL.exe
  2⤵
  PID:9604
- C:\Windows\System\JBVLwtO.exe
  C:\Windows\System\JBVLwtO.exe
  2⤵
  PID:8760
- C:\Windows\System\ynXOVpn.exe
  C:\Windows\System\ynXOVpn.exe
  2⤵
  PID:9628
- C:\Windows\System\eebpsHe.exe
  C:\Windows\System\eebpsHe.exe
  2⤵
  PID:9636
- C:\Windows\System\osvWbay.exe
  C:\Windows\System\osvWbay.exe
  2⤵
  PID:13332
- C:\Windows\System\ecKYCsV.exe
  C:\Windows\System\ecKYCsV.exe
  2⤵
  PID:13360
- C:\Windows\System\rUMDDyQ.exe
  C:\Windows\System\rUMDDyQ.exe
  2⤵
  PID:13388
- C:\Windows\System\OXQhkiP.exe
  C:\Windows\System\OXQhkiP.exe
  2⤵
  PID:13416
- C:\Windows\System\ZjJyIkN.exe
  C:\Windows\System\ZjJyIkN.exe
  2⤵
  PID:13444
- C:\Windows\System\qguiFVk.exe
  C:\Windows\System\qguiFVk.exe
  2⤵
  PID:13472
- C:\Windows\System\EvTNvGK.exe
  C:\Windows\System\EvTNvGK.exe
  2⤵
  PID:13500
- C:\Windows\System\mfSazkK.exe
  C:\Windows\System\mfSazkK.exe
  2⤵
  PID:13528
- C:\Windows\System\icLfVUl.exe
  C:\Windows\System\icLfVUl.exe
  2⤵
  PID:13556
- C:\Windows\System\lXzFNQy.exe
  C:\Windows\System\lXzFNQy.exe
  2⤵
  PID:13584
- C:\Windows\System\zRGoyYx.exe
  C:\Windows\System\zRGoyYx.exe
  2⤵
  PID:13612
- C:\Windows\System\NGHHXap.exe
  C:\Windows\System\NGHHXap.exe
  2⤵
  PID:13640
- C:\Windows\System\ZNRSjsN.exe
  C:\Windows\System\ZNRSjsN.exe
  2⤵
  PID:13668
- C:\Windows\System\iBYAGcE.exe
  C:\Windows\System\iBYAGcE.exe
  2⤵
  PID:13696
- C:\Windows\System\OryDZwt.exe
  C:\Windows\System\OryDZwt.exe
  2⤵
  PID:13724
- C:\Windows\System\fOUgnkw.exe
  C:\Windows\System\fOUgnkw.exe
  2⤵
  PID:13752
- C:\Windows\System\omQjtzT.exe
  C:\Windows\System\omQjtzT.exe
  2⤵
  PID:13780
- C:\Windows\System\mbBkGgM.exe
  C:\Windows\System\mbBkGgM.exe
  2⤵
  PID:13808
- C:\Windows\System\qxxfEuY.exe
  C:\Windows\System\qxxfEuY.exe
  2⤵
  PID:13836
- C:\Windows\System\DdVBzlx.exe
  C:\Windows\System\DdVBzlx.exe
  2⤵
  PID:13868
- C:\Windows\System\tHFJZdK.exe
  C:\Windows\System\tHFJZdK.exe
  2⤵
  PID:13904
- C:\Windows\System\XlTQIfG.exe
  C:\Windows\System\XlTQIfG.exe
  2⤵
  PID:13924
- C:\Windows\System\hPAIyhj.exe
  C:\Windows\System\hPAIyhj.exe
  2⤵
  PID:13952
- C:\Windows\System\ClnQMws.exe
  C:\Windows\System\ClnQMws.exe
  2⤵
  PID:13980
- C:\Windows\System\NgEFVOo.exe
  C:\Windows\System\NgEFVOo.exe
  2⤵
  PID:14008
- C:\Windows\System\lqHEBdW.exe
  C:\Windows\System\lqHEBdW.exe
  2⤵
  PID:14036
- C:\Windows\System\IwPSVhD.exe
  C:\Windows\System\IwPSVhD.exe
  2⤵
  PID:14064
- C:\Windows\System\rfwgUnu.exe
  C:\Windows\System\rfwgUnu.exe
  2⤵
  PID:14092
- C:\Windows\System\dJkoDPI.exe
  C:\Windows\System\dJkoDPI.exe
  2⤵
  PID:14120
- C:\Windows\System\itecKzP.exe
  C:\Windows\System\itecKzP.exe
  2⤵
  PID:14148
- C:\Windows\System\sZdNeiY.exe
  C:\Windows\System\sZdNeiY.exe
  2⤵
  PID:14176
- C:\Windows\System\MuOOBjf.exe
  C:\Windows\System\MuOOBjf.exe
  2⤵
  PID:14204
- C:\Windows\System\NacTJqc.exe
  C:\Windows\System\NacTJqc.exe
  2⤵
  PID:14232
- C:\Windows\System\tgNuIBU.exe
  C:\Windows\System\tgNuIBU.exe
  2⤵
  PID:14260
- C:\Windows\System\FBiSjHB.exe
  C:\Windows\System\FBiSjHB.exe
  2⤵
  PID:14288
- C:\Windows\System\LqUOvOx.exe
  C:\Windows\System\LqUOvOx.exe
  2⤵
  PID:14316
- C:\Windows\System\WxKZGPv.exe
  C:\Windows\System\WxKZGPv.exe
  2⤵
  PID:9732
- C:\Windows\System\okIkbKB.exe
  C:\Windows\System\okIkbKB.exe
  2⤵
  PID:13356
- C:\Windows\System\MGJzLOv.exe
  C:\Windows\System\MGJzLOv.exe
  2⤵
  PID:13408
- C:\Windows\System\akXfmhg.exe
  C:\Windows\System\akXfmhg.exe
  2⤵
  PID:9860
- C:\Windows\System\dfJsyUa.exe
  C:\Windows\System\dfJsyUa.exe
  2⤵
  PID:9880
- C:\Windows\System\cRpNmTo.exe
  C:\Windows\System\cRpNmTo.exe
  2⤵
  PID:13540
- C:\Windows\System\abrbvVf.exe
  C:\Windows\System\abrbvVf.exe
  2⤵
  PID:13568
- C:\Windows\System\iclKgPE.exe
  C:\Windows\System\iclKgPE.exe
  2⤵
  PID:9992
- C:\Windows\System\mrzeNLq.exe
  C:\Windows\System\mrzeNLq.exe
  2⤵
  PID:13636
- C:\Windows\System\ctMEuKF.exe
  C:\Windows\System\ctMEuKF.exe
  2⤵
  PID:10072
- C:\Windows\System\daWwSVX.exe
  C:\Windows\System\daWwSVX.exe
  2⤵
  PID:10128
- C:\Windows\System\xGzsuQI.exe
  C:\Windows\System\xGzsuQI.exe
  2⤵
  PID:13736
- C:\Windows\System\VSwFDJJ.exe
  C:\Windows\System\VSwFDJJ.exe
  2⤵
  PID:13772
- C:\Windows\System\keSbbAN.exe
  C:\Windows\System\keSbbAN.exe
  2⤵
  PID:13800
- C:\Windows\System\UFeiFRg.exe
  C:\Windows\System\UFeiFRg.exe
  2⤵
  PID:13832
- C:\Windows\System\paNDJFp.exe
  C:\Windows\System\paNDJFp.exe
  2⤵
  PID:3000
- C:\Windows\System\TMbhlKE.exe
  C:\Windows\System\TMbhlKE.exe
  2⤵
  PID:8796
- C:\Windows\System\mskYgig.exe
  C:\Windows\System\mskYgig.exe
  2⤵
  PID:13964
- C:\Windows\System\ZENjMeg.exe
  C:\Windows\System\ZENjMeg.exe
  2⤵
  PID:9488
- C:\Windows\System\OtoFQMj.exe
  C:\Windows\System\OtoFQMj.exe
  2⤵
  PID:14032
- C:\Windows\System\Hxacqvg.exe
  C:\Windows\System\Hxacqvg.exe
  2⤵
  PID:14084
- C:\Windows\System\RARNUeE.exe
  C:\Windows\System\RARNUeE.exe
  2⤵
  PID:4880
- C:\Windows\System\VvigBgt.exe
  C:\Windows\System\VvigBgt.exe
  2⤵
  PID:9780
- C:\Windows\System\wibXdsl.exe
  C:\Windows\System\wibXdsl.exe
  2⤵
  PID:14172
- C:\Windows\System\vNgnHjd.exe
  C:\Windows\System\vNgnHjd.exe
  2⤵
  PID:7788
- C:\Windows\System\WGWFFVC.exe
  C:\Windows\System\WGWFFVC.exe
  2⤵
  PID:14256
- C:\Windows\System\SswtEBT.exe
  C:\Windows\System\SswtEBT.exe
  2⤵
  PID:14308
- C:\Windows\System\mWNMEPB.exe
  C:\Windows\System\mWNMEPB.exe
  2⤵
  PID:10084
- C:\Windows\System\MFkkZiU.exe
  C:\Windows\System\MFkkZiU.exe
  2⤵
  PID:9804
- C:\Windows\System\XzeSZEy.exe
  C:\Windows\System\XzeSZEy.exe
  2⤵
  PID:7816
- C:\Windows\System\raOtonN.exe
  C:\Windows\System\raOtonN.exe
  2⤵
  PID:13512
- C:\Windows\System\yqDshSe.exe
  C:\Windows\System\yqDshSe.exe
  2⤵
  PID:5060
- C:\Windows\System\rMvGEYF.exe
  C:\Windows\System\rMvGEYF.exe
  2⤵
  PID:10000
- C:\Windows\System\CftIVgJ.exe
  C:\Windows\System\CftIVgJ.exe
  2⤵
  PID:13664
- C:\Windows\System\UZSqtIT.exe
  C:\Windows\System\UZSqtIT.exe
  2⤵
  PID:13708
- C:\Windows\System\JOsvOxx.exe
  C:\Windows\System\JOsvOxx.exe
  2⤵
  PID:13748
- C:\Windows\System\wctlwPy.exe
  C:\Windows\System\wctlwPy.exe
  2⤵
  PID:3500
- C:\Windows\System\eDRHgFv.exe
  C:\Windows\System\eDRHgFv.exe
  2⤵
  PID:13828
- C:\Windows\System\UzPcREM.exe
  C:\Windows\System\UzPcREM.exe
  2⤵
  PID:2040
- C:\Windows\System\drhMsPa.exe
  C:\Windows\System\drhMsPa.exe
  2⤵
  PID:1660
- C:\Windows\System\EKxhlNT.exe
  C:\Windows\System\EKxhlNT.exe
  2⤵
  PID:9552
- C:\Windows\System\gwUGESE.exe
  C:\Windows\System\gwUGESE.exe
  2⤵
  PID:14060
- C:\Windows\System\PmimEeh.exe
  C:\Windows\System\PmimEeh.exe
  2⤵
  PID:9728
- C:\Windows\System\vSsKcmf.exe
  C:\Windows\System\vSsKcmf.exe
  2⤵
  PID:10340
- C:\Windows\System\LFUVSUw.exe
  C:\Windows\System\LFUVSUw.exe
  2⤵
  PID:14168
- C:\Windows\System\zCQFBTu.exe
  C:\Windows\System\zCQFBTu.exe
  2⤵
  PID:14252
- C:\Windows\System\wXhWMKt.exe
  C:\Windows\System\wXhWMKt.exe
  2⤵
  PID:13864
- C:\Windows\System\JSqHQkK.exe
  C:\Windows\System\JSqHQkK.exe
  2⤵
  PID:10236
- C:\Windows\System\XgLoGNf.exe
  C:\Windows\System\XgLoGNf.exe
  2⤵
  PID:9944
- C:\Windows\System\sIbraUA.exe
  C:\Windows\System\sIbraUA.exe
  2⤵
  PID:9612
- C:\Windows\System\YfnJYrD.exe
  C:\Windows\System\YfnJYrD.exe
  2⤵
  PID:10512
- C:\Windows\System\APzCfbV.exe
  C:\Windows\System\APzCfbV.exe
  2⤵
  PID:10556
- C:\Windows\System\vbNFtfm.exe
  C:\Windows\System\vbNFtfm.exe
  2⤵
  PID:9452
- C:\Windows\System\jXpmpRQ.exe
  C:\Windows\System\jXpmpRQ.exe
  2⤵
  PID:5716
- C:\Windows\System\jkGeGaM.exe
  C:\Windows\System\jkGeGaM.exe
  2⤵
  PID:13992
- C:\Windows\System\YwCnbyj.exe
  C:\Windows\System\YwCnbyj.exe
  2⤵
  PID:9644
- C:\Windows\System\JAGHScY.exe
  C:\Windows\System\JAGHScY.exe
  2⤵
  PID:9800
- C:\Windows\System\FEwpXkl.exe
  C:\Windows\System\FEwpXkl.exe
  2⤵
  PID:14284
- C:\Windows\System\XObQcTf.exe
  C:\Windows\System\XObQcTf.exe
  2⤵
  PID:13520
- C:\Windows\System\VEMtMSw.exe
  C:\Windows\System\VEMtMSw.exe
  2⤵
  PID:9980
- C:\Windows\System\GQZTYFe.exe
  C:\Windows\System\GQZTYFe.exe
  2⤵
  PID:10768
- C:\Windows\System\QFJstkf.exe
  C:\Windows\System\QFJstkf.exe
  2⤵
  PID:13892
- C:\Windows\System\sYWlNaa.exe
  C:\Windows\System\sYWlNaa.exe
  2⤵
  PID:10672
- C:\Windows\System\CVgNYCX.exe
  C:\Windows\System\CVgNYCX.exe
  2⤵
  PID:9696
- C:\Windows\System\DWmhPlL.exe
  C:\Windows\System\DWmhPlL.exe
  2⤵
  PID:5064
- C:\Windows\System\MdfAJve.exe
  C:\Windows\System\MdfAJve.exe
  2⤵
  PID:9924
- C:\Windows\System\UusrrnU.exe
  C:\Windows\System\UusrrnU.exe
  2⤵
  PID:10988
- C:\Windows\System\dnUFDLl.exe
  C:\Windows\System\dnUFDLl.exe
  2⤵
  PID:10640
- C:\Windows\System\JjEWJPB.exe
  C:\Windows\System\JjEWJPB.exe
  2⤵
  PID:10900
- C:\Windows\System\BmZsdJF.exe
  C:\Windows\System\BmZsdJF.exe
  2⤵
  PID:11112
- C:\Windows\System\lbRKtcg.exe
  C:\Windows\System\lbRKtcg.exe
  2⤵
  PID:11140
- C:\Windows\System\yrievit.exe
  C:\Windows\System\yrievit.exe
  2⤵
  PID:11068
- C:\Windows\System\SGksevF.exe
  C:\Windows\System\SGksevF.exe
  2⤵
  PID:11016
- C:\Windows\System\xDRHEMP.exe
  C:\Windows\System\xDRHEMP.exe
  2⤵
  PID:11256
- C:\Windows\System\kZMwaki.exe
  C:\Windows\System\kZMwaki.exe
  2⤵
  PID:10908
- C:\Windows\System\DVAFNas.exe
  C:\Windows\System\DVAFNas.exe
  2⤵
  PID:10276
- C:\Windows\System\VOjVKwT.exe
  C:\Windows\System\VOjVKwT.exe
  2⤵
  PID:14356
- C:\Windows\System\HTCLBaP.exe
  C:\Windows\System\HTCLBaP.exe
  2⤵
  PID:14384
- C:\Windows\System\yTVHSmA.exe
  C:\Windows\System\yTVHSmA.exe
  2⤵
  PID:14412
- C:\Windows\System\vJTBBxE.exe
  C:\Windows\System\vJTBBxE.exe
  2⤵
  PID:14440
- C:\Windows\System\JeAFbAA.exe
  C:\Windows\System\JeAFbAA.exe
  2⤵
  PID:14468
- C:\Windows\System\FpTOACu.exe
  C:\Windows\System\FpTOACu.exe
  2⤵
  PID:14496
- C:\Windows\System\tqSCAHN.exe
  C:\Windows\System\tqSCAHN.exe
  2⤵
  PID:14524
- C:\Windows\System\QnXEgEU.exe
  C:\Windows\System\QnXEgEU.exe
  2⤵
  PID:14552
- C:\Windows\System\QAFASAc.exe
  C:\Windows\System\QAFASAc.exe
  2⤵
  PID:14588
- C:\Windows\System\flBgBQu.exe
  C:\Windows\System\flBgBQu.exe
  2⤵
  PID:14612
- C:\Windows\System\WSJUZoE.exe
  C:\Windows\System\WSJUZoE.exe
  2⤵
  PID:14640
- C:\Windows\System\hkxFtFK.exe
  C:\Windows\System\hkxFtFK.exe
  2⤵
  PID:14668
- C:\Windows\System\WeWhtwd.exe
  C:\Windows\System\WeWhtwd.exe
  2⤵
  PID:14696
- C:\Windows\System\wZlyVrS.exe
  C:\Windows\System\wZlyVrS.exe
  2⤵
  PID:14724
- C:\Windows\System\MLXoaLw.exe
  C:\Windows\System\MLXoaLw.exe
  2⤵
  PID:14752
- C:\Windows\System\ZXDhRNH.exe
  C:\Windows\System\ZXDhRNH.exe
  2⤵
  PID:14780
- C:\Windows\System\CwnhyHa.exe
  C:\Windows\System\CwnhyHa.exe
  2⤵
  PID:14808
- C:\Windows\System\YDTXRLr.exe
  C:\Windows\System\YDTXRLr.exe
  2⤵
  PID:14836
- C:\Windows\System\BOlRacO.exe
  C:\Windows\System\BOlRacO.exe
  2⤵
  PID:14864
- C:\Windows\System\AttTyim.exe
  C:\Windows\System\AttTyim.exe
  2⤵
  PID:14892
- C:\Windows\System\gVtDSwZ.exe
  C:\Windows\System\gVtDSwZ.exe
  2⤵
  PID:14924
- C:\Windows\System\TirtpUa.exe
  C:\Windows\System\TirtpUa.exe
  2⤵
  PID:14948
- C:\Windows\System\ZihgHHJ.exe
  C:\Windows\System\ZihgHHJ.exe
  2⤵
  PID:14976
- C:\Windows\System\YhXmjRi.exe
  C:\Windows\System\YhXmjRi.exe
  2⤵
  PID:15004
- C:\Windows\System\ncmMqMr.exe
  C:\Windows\System\ncmMqMr.exe
  2⤵
  PID:15032
- C:\Windows\System\XozAgEz.exe
  C:\Windows\System\XozAgEz.exe
  2⤵
  PID:15060
- C:\Windows\System\ZmNyhuG.exe
  C:\Windows\System\ZmNyhuG.exe
  2⤵
  PID:15088
- C:\Windows\System\afmapMj.exe
  C:\Windows\System\afmapMj.exe
  2⤵
  PID:15116
- C:\Windows\System\uMGXEQP.exe
  C:\Windows\System\uMGXEQP.exe
  2⤵
  PID:15144
- C:\Windows\System\zuzBqFQ.exe
  C:\Windows\System\zuzBqFQ.exe
  2⤵
  PID:15172
- C:\Windows\System\JddGvqS.exe
  C:\Windows\System\JddGvqS.exe
  2⤵
  PID:15204
- C:\Windows\System\mHJpmvx.exe
  C:\Windows\System\mHJpmvx.exe
  2⤵
  PID:15232
- C:\Windows\System\wWezXGd.exe
  C:\Windows\System\wWezXGd.exe
  2⤵
  PID:15260
- C:\Windows\System\UuYcGdl.exe
  C:\Windows\System\UuYcGdl.exe
  2⤵
  PID:15288
- C:\Windows\System\CCiAass.exe
  C:\Windows\System\CCiAass.exe
  2⤵
  PID:15316
- C:\Windows\System\VdBdQkM.exe
  C:\Windows\System\VdBdQkM.exe
  2⤵
  PID:15344
- C:\Windows\System\FnxaZxH.exe
  C:\Windows\System\FnxaZxH.exe
  2⤵
  PID:14352
- C:\Windows\System\jbRLcPq.exe
  C:\Windows\System\jbRLcPq.exe
  2⤵
  PID:10476
- C:\Windows\System\wuEHyaE.exe
  C:\Windows\System\wuEHyaE.exe
  2⤵
  PID:14436
- C:\Windows\System\GWUibtU.exe
  C:\Windows\System\GWUibtU.exe
  2⤵
  PID:10620
- C:\Windows\System\ONSZIYr.exe
  C:\Windows\System\ONSZIYr.exe
  2⤵
  PID:14520
- C:\Windows\System\tSDebcZ.exe
  C:\Windows\System\tSDebcZ.exe
  2⤵
  PID:14548
- C:\Windows\System\dVFdxCM.exe
  C:\Windows\System\dVFdxCM.exe
  2⤵
  PID:8448
- C:\Windows\System\rUArlpB.exe
  C:\Windows\System\rUArlpB.exe
  2⤵
  PID:10828
- C:\Windows\System\RcoNcVl.exe
  C:\Windows\System\RcoNcVl.exe
  2⤵
  PID:14660
- C:\Windows\System\TfBHfez.exe
  C:\Windows\System\TfBHfez.exe
  2⤵
  PID:14708
- C:\Windows\System\fhvGqeq.exe
  C:\Windows\System\fhvGqeq.exe
  2⤵
  PID:14748
- C:\Windows\System\moWBcMX.exe
  C:\Windows\System\moWBcMX.exe
  2⤵
  PID:14776
- C:\Windows\System\AtfTPdl.exe
  C:\Windows\System\AtfTPdl.exe
  2⤵
  PID:10332
- C:\Windows\System\DArzEDJ.exe
  C:\Windows\System\DArzEDJ.exe
  2⤵
  PID:10412
- C:\Windows\System\TtvecId.exe
  C:\Windows\System\TtvecId.exe
  2⤵
  PID:14904
- C:\Windows\System\arjAMPJ.exe
  C:\Windows\System\arjAMPJ.exe
  2⤵
  PID:10684
- C:\Windows\System\csDAVGC.exe
  C:\Windows\System\csDAVGC.exe
  2⤵
  PID:10888
- C:\Windows\System\LtMUmeD.exe
  C:\Windows\System\LtMUmeD.exe
  2⤵
  PID:15024
- C:\Windows\System\yZBWjoj.exe
  C:\Windows\System\yZBWjoj.exe
  2⤵
  PID:10356
- C:\Windows\System\fIBZAxm.exe
  C:\Windows\System\fIBZAxm.exe
  2⤵
  PID:15140
- C:\Windows\System\bWmNIIZ.exe
  C:\Windows\System\bWmNIIZ.exe
  2⤵
  PID:15168
- C:\Windows\System\KLtuyiM.exe
  C:\Windows\System\KLtuyiM.exe
  2⤵
  PID:15224
- C:\Windows\System\vgEDdPP.exe
  C:\Windows\System\vgEDdPP.exe
  2⤵
  PID:15284
- C:\Windows\System\QwiBeKK.exe
  C:\Windows\System\QwiBeKK.exe
  2⤵
  PID:9224
- C:\Windows\System\ObBpjOq.exe
  C:\Windows\System\ObBpjOq.exe
  2⤵
  PID:14380
- C:\Windows\System\fNGRJIC.exe
  C:\Windows\System\fNGRJIC.exe
  2⤵
  PID:9328
- C:\Windows\System\xnIchsx.exe
  C:\Windows\System\xnIchsx.exe
  2⤵
  PID:9364
- C:\Windows\System\gtRQKHL.exe
  C:\Windows\System\gtRQKHL.exe
  2⤵
  PID:14536
- C:\Windows\System\TBERxQQ.exe
  C:\Windows\System\TBERxQQ.exe
  2⤵
  PID:14604
- C:\Windows\System\KuTtcjc.exe
  C:\Windows\System\KuTtcjc.exe
  2⤵
  PID:14688
- C:\Windows\System\UHAtJaG.exe
  C:\Windows\System\UHAtJaG.exe
  2⤵
  PID:11180
- C:\Windows\System\lUrnUZs.exe
  C:\Windows\System\lUrnUZs.exe
  2⤵
  PID:14884
- C:\Windows\System\LWYPfWD.exe
  C:\Windows\System\LWYPfWD.exe
  2⤵
  PID:14988
- C:\Windows\System\ABZAPnI.exe
  C:\Windows\System\ABZAPnI.exe
  2⤵
  PID:11464
- C:\Windows\System\aPTiXsa.exe
  C:\Windows\System\aPTiXsa.exe
  2⤵
  PID:9444
- C:\Windows\System\CjrxdHv.exe
  C:\Windows\System\CjrxdHv.exe
  2⤵
  PID:10972
- C:\Windows\System\eSXTpyo.exe
  C:\Windows\System\eSXTpyo.exe
  2⤵
  PID:15340
- C:\Windows\System\VwKxnYd.exe
  C:\Windows\System\VwKxnYd.exe
  2⤵
  PID:14464
- C:\Windows\System\ylRtfbo.exe
  C:\Windows\System\ylRtfbo.exe
  2⤵
  PID:9400
- C:\Windows\System\FymOGTp.exe
  C:\Windows\System\FymOGTp.exe
  2⤵
  PID:4648
- C:\Windows\System\IpMeGrA.exe
  C:\Windows\System\IpMeGrA.exe
  2⤵
  PID:5452
- C:\Windows\System\toXMRWP.exe
  C:\Windows\System\toXMRWP.exe
  2⤵
  PID:14764
- C:\Windows\System\nKpLgLF.exe
  C:\Windows\System\nKpLgLF.exe
  2⤵
  PID:11656
- C:\Windows\System\cqFYdfn.exe
  C:\Windows\System\cqFYdfn.exe
  2⤵
  PID:15056
- C:\Windows\System\NvVjjOF.exe
  C:\Windows\System\NvVjjOF.exe
  2⤵
  PID:11708
- C:\Windows\System\RIFZblt.exe
  C:\Windows\System\RIFZblt.exe
  2⤵
  PID:15336
- C:\Windows\System\czJvvwh.exe
  C:\Windows\System\czJvvwh.exe
  2⤵
  PID:11792
- C:\Windows\System\DbVejgC.exe
  C:\Windows\System\DbVejgC.exe
  2⤵
  PID:6808
- C:\Windows\System\QQszVTK.exe
  C:\Windows\System\QQszVTK.exe
  2⤵
  PID:14736
- C:\Windows\System\HHQDIho.exe
  C:\Windows\System\HHQDIho.exe
  2⤵
  PID:11904
- C:\Windows\System\XjJygzA.exe
  C:\Windows\System\XjJygzA.exe
  2⤵
  PID:10692
- C:\Windows\System\yOaXSMt.exe
  C:\Windows\System\yOaXSMt.exe
  2⤵
  PID:15312
- C:\Windows\System\LqtWJZK.exe
  C:\Windows\System\LqtWJZK.exe
  2⤵
  PID:11828
- C:\Windows\System\cneGhmR.exe
  C:\Windows\System\cneGhmR.exe
  2⤵
  PID:12076
- C:\Windows\System\NWQeLoL.exe
  C:\Windows\System\NWQeLoL.exe
  2⤵
  PID:12132
- C:\Windows\System\UCFktHQ.exe
  C:\Windows\System\UCFktHQ.exe
  2⤵
  PID:12200
- C:\Windows\System\sncWBHC.exe
  C:\Windows\System\sncWBHC.exe
  2⤵
  PID:5432
- C:\Windows\System\wIxwPdp.exe
  C:\Windows\System\wIxwPdp.exe
  2⤵
  PID:11960
- C:\Windows\System\YbOiOKn.exe
  C:\Windows\System\YbOiOKn.exe
  2⤵
  PID:984
- C:\Windows\System\ZSLPSAx.exe
  C:\Windows\System\ZSLPSAx.exe
  2⤵
  PID:14968
- C:\Windows\System\neDEYYn.exe
  C:\Windows\System\neDEYYn.exe
  2⤵
  PID:11336
- C:\Windows\System\ZYJFcSY.exe
  C:\Windows\System\ZYJFcSY.exe
  2⤵
  PID:10448
- C:\Windows\System\XmALOCC.exe
  C:\Windows\System\XmALOCC.exe
  2⤵
  PID:11544
- C:\Windows\System\rwDfLRe.exe
  C:\Windows\System\rwDfLRe.exe
  2⤵
  PID:12284
- C:\Windows\System\nHAJqzV.exe
  C:\Windows\System\nHAJqzV.exe
  2⤵
  PID:3720
- C:\Windows\System\kciLJGJ.exe
  C:\Windows\System\kciLJGJ.exe
  2⤵
  PID:15376
- C:\Windows\System\CkvUAOm.exe
  C:\Windows\System\CkvUAOm.exe
  2⤵
  PID:15412
- C:\Windows\System\XqONtSb.exe
  C:\Windows\System\XqONtSb.exe
  2⤵
  PID:15436
- C:\Windows\System\fWxsAfm.exe
  C:\Windows\System\fWxsAfm.exe
  2⤵
  PID:15460
- C:\Windows\System\HZesGyo.exe
  C:\Windows\System\HZesGyo.exe
  2⤵
  PID:15488
- C:\Windows\System\grtJacq.exe
  C:\Windows\System\grtJacq.exe
  2⤵
  PID:15520
- C:\Windows\System\bPDnrWE.exe
  C:\Windows\System\bPDnrWE.exe
  2⤵
  PID:15548
- C:\Windows\System\FNzlbsu.exe
  C:\Windows\System\FNzlbsu.exe
  2⤵
  PID:15576
- C:\Windows\System\Kpslriz.exe
  C:\Windows\System\Kpslriz.exe
  2⤵
  PID:15604
- C:\Windows\System\ZrrxIFl.exe
  C:\Windows\System\ZrrxIFl.exe
  2⤵
  PID:15636
- C:\Windows\System\vtFbylJ.exe
  C:\Windows\System\vtFbylJ.exe
  2⤵
  PID:15660
- C:\Windows\System\Futfxmk.exe
  C:\Windows\System\Futfxmk.exe
  2⤵
  PID:15688
- C:\Windows\System\eEJtxlF.exe
  C:\Windows\System\eEJtxlF.exe
  2⤵
  PID:15716
- C:\Windows\System\taNNpOc.exe
  C:\Windows\System\taNNpOc.exe
  2⤵
  PID:15744
- C:\Windows\System\YMxjRZD.exe
  C:\Windows\System\YMxjRZD.exe
  2⤵
  PID:15772
- C:\Windows\System\wfoNFnX.exe
  C:\Windows\System\wfoNFnX.exe
  2⤵
  PID:15812
- C:\Windows\System\LUcAoCl.exe
  C:\Windows\System\LUcAoCl.exe
  2⤵
  PID:15832
- C:\Windows\System\drhCHXx.exe
  C:\Windows\System\drhCHXx.exe
  2⤵
  PID:15860
- C:\Windows\System\hVbngyV.exe
  C:\Windows\System\hVbngyV.exe
  2⤵
  PID:15888
- C:\Windows\System\DkLUSmJ.exe
  C:\Windows\System\DkLUSmJ.exe
  2⤵
  PID:15916
- C:\Windows\System\OqGhxia.exe
  C:\Windows\System\OqGhxia.exe
  2⤵
  PID:15944
- C:\Windows\System\BTrOxgZ.exe
  C:\Windows\System\BTrOxgZ.exe
  2⤵
  PID:15972
- C:\Windows\System\TxRpEDo.exe
  C:\Windows\System\TxRpEDo.exe
  2⤵
  PID:16000
- C:\Windows\System\yQnjHkG.exe
  C:\Windows\System\yQnjHkG.exe
  2⤵
  PID:16028
- C:\Windows\System\OmwkOcy.exe
  C:\Windows\System\OmwkOcy.exe
  2⤵
  PID:16060
- C:\Windows\System\PIbEvJt.exe
  C:\Windows\System\PIbEvJt.exe
  2⤵
  PID:16092
- C:\Windows\System\dWUpJzx.exe
  C:\Windows\System\dWUpJzx.exe
  2⤵
  PID:16116
- C:\Windows\System\TDhBLST.exe
  C:\Windows\System\TDhBLST.exe
  2⤵
  PID:16144
- C:\Windows\System\QvIZNcM.exe
  C:\Windows\System\QvIZNcM.exe
  2⤵
  PID:16172
- C:\Windows\System\xcwatOL.exe
  C:\Windows\System\xcwatOL.exe
  2⤵
  PID:16200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CeoWNqP.exe

Filesize
6.0MB

MD5
81d4dd3c09360ba24f500af592b6c715

SHA1
10c06f769bde4e03be0c4a22562073a45a496c3e

SHA256
9fe43685ce378ecaceb12f193bfb56b283be295b84ab74c3cace0f2d8b48a4f0

SHA512
757dba030cf458beef9542feec79a971e038d79b2f22117d9108fe42c2bf528f4c26232fc1bc47fb5d5667562d10b5877a3d42e082f0234f9640c53f70569161

Download Submit
C:\Windows\System\EurwKHG.exe

Filesize
6.0MB

MD5
ed1574fed400980a48cbc666169dbc94

SHA1
c938131cd20abae115acab3b438eeaff97d9c447

SHA256
b88f3a567bdd1eb205878969816d5cbca8d73a9f0e00daf01af1b9eb5ea4874a

SHA512
f2095eca1e927e8eb271ef99190b4afa87e6fca9677b6cdb7b6fba07da390cb74b5c65e4563536cc385b646021bf8e3461c9b91a2c1200a37e62573fd1a1db28

Download Submit
C:\Windows\System\KNiFuYA.exe

Filesize
6.0MB

MD5
4f7c1d8ff2f659bf5a92002724c39da6

SHA1
ed377d51d044eb97274ab0ca4ecc490cb592f85c

SHA256
8922ee0d54b75cd40ad4fffe7fad809ea670a649b744102e9d49e96791804bd4

SHA512
103abd2b316aa24bce3caa66332c57f547fa9d77c9a0c9e479647817cebe2a44656b787bc5d9ac7ec34534a28ddfd31d1ce750ec0b0a2647140668d1c15db4fb

Download Submit
C:\Windows\System\LvSiHQO.exe

Filesize
6.0MB

MD5
6792b4e50771083919b74285e5d6a99e

SHA1
38133669288f62b6c4cf9833e0d7eee66a36104a

SHA256
29f84b71db61fc678cbb5b5d134a1d7f0d08af80a5c48d09d2df59aee3f998ec

SHA512
b0fc4c5d649f8c63bbb3ec4cb5da6cdb53214c8faff195ee58a0ef2f21da96c42c52eb6b5b3a75714fc6268546c02cbcaa9c9b001b75fd55594c80644cebf1a7

Download Submit
C:\Windows\System\MGgOqxq.exe

Filesize
6.0MB

MD5
5390380b94d87efc3bbbbd3dc858c5af

SHA1
09d53d3a1a5c8641225464772dd25f901d721a0c

SHA256
349f77c88a664154105a77ad32dc04f1e3113e02fb19cc44852c1efca662fcd3

SHA512
12e967efd9b930c87cc4ca757341d3cf0b5c3eacfd614e0d6f592af6ca29916372893d51172d8fe7746d9a444f8619e9b1baa4564fd9ab5fa77206d15f172306

Download Submit
C:\Windows\System\NUiCfYx.exe

Filesize
6.0MB

MD5
9edffeb0b6ec701e7b8c485ba50e34c9

SHA1
131233bdb402ea7b90f6bd821fbc256dda1d3a74

SHA256
b591e60b2981b6d6f54d49d1ac471a9e45162c5437dc88a3a5bc843482bae807

SHA512
cb6d878f7f6a3a125642a49bd92b5ea42a20ff2e4bcad447379256f46d91aa0e263e411d95b454af00670e3f3388e5585c58813fff317febb11797896bf1817b

Download Submit
C:\Windows\System\OZMJTrG.exe

Filesize
6.0MB

MD5
1aef7eb8068c3da86c3800e4e5d44358

SHA1
f49e8ac2c7f581aeaed49672139003c0a6db7c47

SHA256
fddb79ef2cd158eddde155c2c03039f579fc7c9f397b0d78cddf240d1797bb8c

SHA512
d35304924ff160394e07a0d44aa0c9f496299cc3ce0c0f5c5ae7dc665ea44d3898d01d92763f872d890fbb82b7305fced96d3c5f3663d6406af1781f3daccd69

Download Submit
C:\Windows\System\PHsXSpz.exe

Filesize
6.0MB

MD5
6114f61e92fbb5847e502a63bdf18af1

SHA1
516e7329b244fb7786d124bdc516f13c2a268dea

SHA256
8ef06680c07264aa6e2340b4ea8bf2d8b5596e726406ef3d34dbc3cc18b95d31

SHA512
d4a2d773c04cd4e751567415c6cb482a391ba03e3e8f1f2d9ffb9fcfe06cd1ec796bc9b0dc7a0e477ce808cbc5b851a53155cf26e25816106b93b6df8e4faaac

Download Submit
C:\Windows\System\PwBgKCQ.exe

Filesize
6.0MB

MD5
a87cc8e3f7e52a2928e006098848d1c7

SHA1
2fff9e4d35134ce6ea6552e50bf3afb999ffcfc1

SHA256
1f2db17c544a873b53838a82201d71cf1468bc76ccba4ab90c02cd4d7d0ab7b2

SHA512
e49ec804d4c63165a5666436733781c7eb488ed8d8efc2ffba6e0a1987689b6a57db2a08ecea27d1b9236ae4fe02b4cc793b40170f3a4cabcf8ea2853c475cf1

Download Submit
C:\Windows\System\RbtnHrG.exe

Filesize
6.0MB

MD5
faefcb00b6bbcc70fb96936b99f8adad

SHA1
5c12daa8b20425fad34855ed429350af4d8d8be8

SHA256
74e285cb79a35dcbc0b17056a6e279c13da6e695c63db4f535aa19a21681863e

SHA512
704d2d5fbd6c51b334770b45bb9665ddf67cb448aea7a3a9b003ad99b4d0c68a2a9fe36e5b39b96d3910cc6ee0199ee7e41c6e138e24185e3da5f5732b08cd33

Download Submit
C:\Windows\System\VyrgOrX.exe

Filesize
6.0MB

MD5
00f390711a7513c15edc3efe446513b4

SHA1
d487389b5ec6168bd2ee859ea1f0781634560cb0

SHA256
cad7bdfe86cff56eeab06b60fadf0d67e790c5cb890db430ce46a19f752a6988

SHA512
b9f6fe1697254b6cd1707b095957b179bde9ccc163222af304830f00560b7cebc15ffd2e9aee75cb2a41bd97042c6b28560f753c85682aa04fba9e2968ad9e54

Download Submit
C:\Windows\System\WCGIYYa.exe

Filesize
6.0MB

MD5
5fd7c2897dc5e091b59e518a3fa11fbe

SHA1
0a20c5a370593631abe0faa4436be0fdb965cb03

SHA256
1d4e07b09ee3296456dccb5303571c9c0741077e99a361d47981487b891f6b40

SHA512
84f9b243d31b6279bac60f009c8fa4066af4c7522086031d897a620cdedb3dc4990c0981fd901e96259d069e2672521a06f4348cb6dd9eb80c4b550521380d60

Download Submit
C:\Windows\System\WnAwPIo.exe

Filesize
6.0MB

MD5
ffebd5affdaf2a69a2c93975e702350b

SHA1
9e1c678debe175e71638eb5248abfcf8f045e4bf

SHA256
0dd9b55844031b4a37f8ef4aeab48cfee28836e05430350a904f017ab88feb2c

SHA512
6b57bbf44178926607a36f1e5d9d132afbf10511d7f381199cd39c8f5c07986566faab041506df04eea420ca43d0b283fe314eaf4d2d7e72602bb7dd8c7dbece

Download Submit
C:\Windows\System\WozSqrk.exe

Filesize
6.0MB

MD5
2d2647c629d2a98c53e630e0d3e958b2

SHA1
cdb456eedebf18ce5183d92f57b2f7c0cc6642d0

SHA256
f7b398eb610b76f8028b698e3ea60092268e31bdd60a370d04e99b7eb1dc0664

SHA512
dd9d1ec1a5681813672933fa00ba898b39d64e6bb0af2aaa33f82db330a22ab6bcdae3060cc1de60b1310d2d1c188548f27858875ccffba61e5467dc4da43651

Download Submit
C:\Windows\System\XeGFiOC.exe

Filesize
6.0MB

MD5
d5582151870ed8f192f1b183c156134c

SHA1
edb6eb18afaecdfffe6d7a49804eceaaa29dde58

SHA256
eb8fc1cafece7483960fcc4a045aeab6f0e0bbd0e4e41a97d68ff0575aceaaca

SHA512
cf6f794bbc2392edae492b30765d4c8a8b170076c4162dd1fab0da46e9430e89765be893b889294bd7b4e1ccd6f71784ae9a2536d85adea0997c3d46a5f1be9a

Download Submit
C:\Windows\System\ZrvRQxs.exe

Filesize
6.0MB

MD5
09dac945e08fd19f71c6210f6358e12d

SHA1
a69512876912102628c044231ada1643cb27510f

SHA256
f5a8406890a6b8746c21a49af00366978af287a5a084a67883254a3f3b0b60b9

SHA512
e8e98abdc12727cce89f910780e4fc38b4429b0194374b646ff130593b6c476ec12e41d8194986ec8c31c3a534fbfec0e169231d3cc3d7f65badd3644b83f9d5

Download Submit
C:\Windows\System\aSOPgDp.exe

Filesize
6.0MB

MD5
6bc8c5202890e4b1a3806f465ae7bf2a

SHA1
0d616b012b1e2fe55fff8e2af437ff7c63929996

SHA256
999c8bb337936b6c85e82d72e28ce4cae69f8b7562466f080e5411beed00e326

SHA512
688936de16db1352994bde9a15acb42ac8fd6722a6c0e27b18a46f888e60b188482ccbbcab44423d1f6002d4627d4baed0b1131978b36e0987081f7dcdcd9c80

Download Submit
C:\Windows\System\aeFcfBd.exe

Filesize
6.0MB

MD5
040d81f2683f560399ecbc3546f75b46

SHA1
d5ec730eddedcb519c3cdf613bee414b2de12a92

SHA256
1f0c4bab5013a5f10694804dab4637e0803809fd722526532ad0ed749c2d294f

SHA512
d9fd68acb4bc6f38cedfdeb61a18299ea43d8d60dc0e88522ce5d177c15a66df7da8e7022e8fd6c7d7f33b45371c398209be781c88d4da0db6d3851e39a4a7f7

Download Submit
C:\Windows\System\arAwtbn.exe

Filesize
6.0MB

MD5
6374163498b7059bce6aca0e4c7a8306

SHA1
93ae688332d57e37c423e7309307f9b404a8e5c8

SHA256
e25ff5bd1ea8844cda5e8447305cf5edd1e1e8b71503c5ba8a206ade0f1efc96

SHA512
023a5ff91eecf197b7b4a230222bd8c366f26aa8340139923e89618f7d86717e092304214e64c2e30df2d64a253cc7a6c01db63855c2ad72ca4a738d70b171c4

Download Submit
C:\Windows\System\bCmXnZC.exe

Filesize
6.0MB

MD5
80ad8fda8bafc505d33deb6d4e109fcc

SHA1
fb28a221a707033a70ea22056729a7acfae6896d

SHA256
eb8fc60bcb40894a904a642667f1b85d2c8ef5d395efda397d873d48a0562c21

SHA512
aa07562774a1dd19a7903a2bbd2b3bfc1aba2ae1fe781a0a335ba4756b8c391d3c870c3cecd7ca5b1d82a37b3ab42faf158de7cab1e5f4692683ec48ee66d033

Download Submit
C:\Windows\System\bUpjmtu.exe

Filesize
6.0MB

MD5
ef64c2fafc1908acc81ad23cb9300b6a

SHA1
ea0d8cae9e421af557072a6964645d76f4d750ac

SHA256
4e2aae7a2a2fd7c137612e73099580b1048dc55c6d59bc64d90526707698cf92

SHA512
049bdb2a71281aa9013bfefbcabccaa8c50316dde6e190f604c26b5be8550416a619f34ab08876ff18bdcf277bcf87426813640105493ae8b14ec04814ac56d7

Download Submit
C:\Windows\System\dtTshBP.exe

Filesize
6.0MB

MD5
7fc0b306892c2cb050608a88a2ddcf81

SHA1
11054c7da1f891d15dbd626f8c5127a7c83a53eb

SHA256
fc0674e1b823ecc983de6e40718a1a2ea771a1587f8e63e2cf40634dc0254d77

SHA512
529aea883a30d21ee19f02b59f92cfcd5dd132aaf988c2ba669956185c06c0206d4d246d955d14357010cfb640836be5f57735da9b396f8a0cf513e52dc24acf

Download Submit
C:\Windows\System\fzPahTI.exe

Filesize
6.0MB

MD5
de4f646362b3367e3deda3e8f2508d6a

SHA1
bcfdb9b28c4d7f328979249bcad9ed36ef570115

SHA256
3cfa33eabc3d10e61f207ca5c453a887845f430a3f1fde8756d5f0383e6c4b25

SHA512
9a4820029a0dfccbb69027ab0a29f5d8f19c7369f876edca476da38bd85c5f713f1a25c0eae0f39bcdf0d85cee6ea70916dbd8778f2852dadabc075ee40a95c5

Download Submit
C:\Windows\System\jOSiaWX.exe

Filesize
6.0MB

MD5
ca83f313cb333a9b2ac6a2e4b3f85bf9

SHA1
67fc80846337135a2fa427f28c32425e9c8ffdfe

SHA256
02b7fcf4cbd7a8945500bb3c25cd709585f15378ca32468bc8c20a721b8d004e

SHA512
449d3ed8be93955c1ac4b1f0dca57ced2a9efcd1099bd009a81373c5354217790f7bff4e9ad78013d33f7451ccf0acdffea915499ab1fd16cad553609bb719f4

Download Submit
C:\Windows\System\jZMvlHy.exe

Filesize
6.0MB

MD5
698fb16717c9c71a18e6137e59a01928

SHA1
2bc078b030f3d5134f40865a2429966ece85246d

SHA256
b05fc5df4b7c4fa4d2dd879a04cfd4b6000194c9f3f08e3e5443471644f0fcd7

SHA512
11443c8833966f5b7dd26557426afa664897a492550322fe6517061bde75cbef8545272cfa327e922ed36238de3adc8ed439a3c639fa43bb3958f726aa59e731

Download Submit
C:\Windows\System\lCXoYnu.exe

Filesize
6.0MB

MD5
bd5b9d9aa10bc127ead8dba22488fe17

SHA1
5bd1a31447ee1fad2cf7e56ff0f83d71d7f19f96

SHA256
3e0f7864de9be36acaa059170d8f96d5901ddc4fb8b88062d445793397e867c3

SHA512
2da4b8112f68425ebd0534f9a023b54034a060bab4ad9f7522f61fd423cd7ef69566463351ec4edd7b5e258b28369331988d9a8e0ba0ee2fed5d3c19c94b74f3

Download Submit
C:\Windows\System\lKBxtGt.exe

Filesize
6.0MB

MD5
0cb94ef81d6187fcaabf14b866b81dd1

SHA1
92a3843b9ccd315ec7b3734a705bb6d07c191274

SHA256
86ba346aac1ddfb87a85bbf71e8af5ea495761585ff2c92413212a2dad6ca51b

SHA512
204704759abd471755ee275a307f96e92b1c37f18e7f0e26d3176d2459044c0c01b77d5f0ea0daab390e1adc4234cfbdf5290a7fe50ce11f905a9f0543b20e46

Download Submit
C:\Windows\System\rMWWXkn.exe

Filesize
6.0MB

MD5
5ae470c3291995d7db9bb75b37c37a56

SHA1
34762da68cf574f89721b362a1108f9df1d1ac66

SHA256
8dd083423a7ed06007207fe65e41492bf56b43fcb5302d280c1752a72431db49

SHA512
102773f34743c1e0ee0ece679a9b90286723473403ea3b976c356ae40f895ab2f0e628552aff01662030246a752d606bab07e72a3ab64af066a68503f86166a8

Download Submit
C:\Windows\System\skQjEPJ.exe

Filesize
6.0MB

MD5
d924040ad2a2907ead371ac07233ca2f

SHA1
5ffebeff40f0d1707039c336f7a3f276beb5f0a2

SHA256
14cae2b17ff5a60fa8a55f9ad8385810ddd3ab18064fd29ab70d3caf5a76be33

SHA512
3c4b49b331a51600e2ec5110c2876cafe03b0b7762906873cd2fdb7b18d6eddbb8a377484e501985d060c0f2db2becede433d2473c745bbad5f3b29278cbe077

Download Submit
C:\Windows\System\wzJkCEW.exe

Filesize
6.0MB

MD5
4715bdbddee30c42287129fca99db401

SHA1
49a61a6830b4eecf148a6b1171c5bff2d732fcfa

SHA256
8b3b6047ee75c5602d974288205962804ed29cbf657fc652f1b5b207e59b12e3

SHA512
29cc4d1b5ca157fe2f9177a04776457b1b31bcfbf8c45ecfa4e2fbd5145a10d4d419d979579dac11f75215aecd9f491f9a6aee9cb6ca01f0fdb33f2c5ccad014

Download Submit
C:\Windows\System\yXHeeRm.exe

Filesize
6.0MB

MD5
14ed26ce9a4be2104657a4521be2ef3f

SHA1
55e24009101d21b2c614fa5d78f7782f17ed69c6

SHA256
4c29eefdb8858bd59cbb3bb3c3086301a04b73d4a2839d1c64b610fabccc8823

SHA512
ff21a2d49e5f135addd02ec388963b69fdd425e891f9a237a969313e2a878ff175bf62ddf9c694f3902a7b5bbbcde19e04e2e7923dafa38cc4af0dfc208efad6

Download Submit
C:\Windows\System\ykqpeda.exe

Filesize
6.0MB

MD5
1a1457aa40deb4802c4f33fe87eb0296

SHA1
8fd3280df3c21c0b1579cbce44481874580ab4bb

SHA256
fe13bf583c461d98846ba9b6def5931289acb3557c91b334fd6d0dd3c0da4084

SHA512
e4fbdc1755c5bc68577f6f932c7e2baf60430bec6db205e5b7961f28ef338295915478f4e76533f3b7f5bd5dab268e0f073bd0f8a2c04abcf37d322b6de3ad6a

Download Submit
C:\Windows\System\zWIvBCb.exe

Filesize
6.0MB

MD5
4c50db0ab68f0b1124c8feb1ec7ef91a

SHA1
b5d6cdedd057db0d87b010a48823258d75a579ee

SHA256
9169cbe0f37fd29b01519e3b2bc8a213084687d21f2056018020bd8162ab92aa

SHA512
504467039a5bb868cd0cb7dc94108d28bfa8e032da546387d2be49decd2e1b61066b4bb92da3ee701f3c810e08395ddbd4ce71d5f80e762addc7dc093d61cc6c

Download Submit
C:\Windows\System\zaYrmOq.exe

Filesize
6.0MB

MD5
ee042d829efaaff21f178939ec522630

SHA1
2c761bc2fed36bc7f7c569bcb92b96debbb0c39d

SHA256
30e9f491c9de9b7f27158d4972e0a9a4f471dad48e01393c7aaf95e64d03b15b

SHA512
27fd114eebca5b6a0f4acdb6e79909b07aaa1f4324f3a145f459d9643f847e93ae1e908abd5fd695d404d8434f9298ac1617be3925225d96c014c22d4d525c4d

Download Submit
memory/32-932-0x00007FF7F2D50000-0x00007FF7F30A4000-memory.dmp

Filesize
3.3MB

Download
memory/32-94-0x00007FF7F2D50000-0x00007FF7F30A4000-memory.dmp

Filesize
3.3MB

Download
memory/32-35-0x00007FF7F2D50000-0x00007FF7F30A4000-memory.dmp

Filesize
3.3MB

Download
memory/224-79-0x00007FF7E54F0000-0x00007FF7E5844000-memory.dmp

Filesize
3.3MB

Download
memory/224-911-0x00007FF7E54F0000-0x00007FF7E5844000-memory.dmp

Filesize
3.3MB

Download
memory/224-18-0x00007FF7E54F0000-0x00007FF7E5844000-memory.dmp

Filesize
3.3MB

Download
memory/864-130-0x00007FF688C40000-0x00007FF688F94000-memory.dmp

Filesize
3.3MB

Download
memory/864-1571-0x00007FF688C40000-0x00007FF688F94000-memory.dmp

Filesize
3.3MB

Download
memory/912-286-0x00007FF6229F0000-0x00007FF622D44000-memory.dmp

Filesize
3.3MB

Download
memory/912-1422-0x00007FF6229F0000-0x00007FF622D44000-memory.dmp

Filesize
3.3MB

Download
memory/912-106-0x00007FF6229F0000-0x00007FF622D44000-memory.dmp

Filesize
3.3MB

Download
memory/992-32-0x00007FF694E40000-0x00007FF695194000-memory.dmp

Filesize
3.3MB

Download
memory/992-927-0x00007FF694E40000-0x00007FF695194000-memory.dmp

Filesize
3.3MB

Download
memory/992-80-0x00007FF694E40000-0x00007FF695194000-memory.dmp

Filesize
3.3MB

Download
memory/1000-1588-0x00007FF695B60000-0x00007FF695EB4000-memory.dmp

Filesize
3.3MB

Download
memory/1000-158-0x00007FF695B60000-0x00007FF695EB4000-memory.dmp

Filesize
3.3MB

Download
memory/1400-1610-0x00007FF64CCE0000-0x00007FF64D034000-memory.dmp

Filesize
3.3MB

Download
memory/1400-746-0x00007FF64CCE0000-0x00007FF64D034000-memory.dmp

Filesize
3.3MB

Download
memory/1400-182-0x00007FF64CCE0000-0x00007FF64D034000-memory.dmp

Filesize
3.3MB

Download
memory/2176-698-0x00007FF736950000-0x00007FF736CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-1608-0x00007FF736950000-0x00007FF736CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-173-0x00007FF736950000-0x00007FF736CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-1603-0x00007FF6F48B0000-0x00007FF6F4C04000-memory.dmp

Filesize
3.3MB

Download
memory/2284-655-0x00007FF6F48B0000-0x00007FF6F4C04000-memory.dmp

Filesize
3.3MB

Download
memory/2284-154-0x00007FF6F48B0000-0x00007FF6F4C04000-memory.dmp

Filesize
3.3MB

Download
memory/2444-53-0x00007FF66DA80000-0x00007FF66DDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-109-0x00007FF66DA80000-0x00007FF66DDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1156-0x00007FF66DA80000-0x00007FF66DDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-825-0x00007FF7AD1B0000-0x00007FF7AD504000-memory.dmp

Filesize
3.3MB

Download
memory/2592-12-0x00007FF7AD1B0000-0x00007FF7AD504000-memory.dmp

Filesize
3.3MB

Download
memory/2592-63-0x00007FF7AD1B0000-0x00007FF7AD504000-memory.dmp

Filesize
3.3MB

Download
memory/2684-139-0x00007FF6FE8D0000-0x00007FF6FEC24000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1582-0x00007FF6FE8D0000-0x00007FF6FEC24000-memory.dmp

Filesize
3.3MB

Download
memory/2684-626-0x00007FF6FE8D0000-0x00007FF6FEC24000-memory.dmp

Filesize
3.3MB

Download
memory/2700-163-0x00007FF6B2C40000-0x00007FF6B2F94000-memory.dmp

Filesize
3.3MB

Download
memory/2700-1593-0x00007FF6B2C40000-0x00007FF6B2F94000-memory.dmp

Filesize
3.3MB

Download
memory/2712-55-0x00007FF66B8D0000-0x00007FF66BC24000-memory.dmp

Filesize
3.3MB

Download
memory/2712-6-0x00007FF66B8D0000-0x00007FF66BC24000-memory.dmp

Filesize
3.3MB

Download
memory/2712-822-0x00007FF66B8D0000-0x00007FF66BC24000-memory.dmp

Filesize
3.3MB

Download
memory/2912-95-0x00007FF796700000-0x00007FF796A54000-memory.dmp

Filesize
3.3MB

Download
memory/2912-1399-0x00007FF796700000-0x00007FF796A54000-memory.dmp

Filesize
3.3MB

Download
memory/2948-57-0x00007FF613410000-0x00007FF613764000-memory.dmp

Filesize
3.3MB

Download
memory/2948-114-0x00007FF613410000-0x00007FF613764000-memory.dmp

Filesize
3.3MB

Download
memory/2948-1162-0x00007FF613410000-0x00007FF613764000-memory.dmp

Filesize
3.3MB

Download
memory/3012-33-0x00007FF7D6250000-0x00007FF7D65A4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-926-0x00007FF7D6250000-0x00007FF7D65A4000-memory.dmp

Filesize
3.3MB

Download
memory/3228-113-0x00007FF747930000-0x00007FF747C84000-memory.dmp

Filesize
3.3MB

Download
memory/3228-291-0x00007FF747930000-0x00007FF747C84000-memory.dmp

Filesize
3.3MB

Download
memory/3228-1428-0x00007FF747930000-0x00007FF747C84000-memory.dmp

Filesize
3.3MB

Download
memory/3256-1179-0x00007FF6151B0000-0x00007FF615504000-memory.dmp

Filesize
3.3MB

Download
memory/3256-82-0x00007FF6151B0000-0x00007FF615504000-memory.dmp

Filesize
3.3MB

Download
memory/3424-99-0x00007FF6A4D20000-0x00007FF6A5074000-memory.dmp

Filesize
3.3MB

Download
memory/3424-936-0x00007FF6A4D20000-0x00007FF6A5074000-memory.dmp

Filesize
3.3MB

Download
memory/3424-41-0x00007FF6A4D20000-0x00007FF6A5074000-memory.dmp

Filesize
3.3MB

Download
memory/3516-1402-0x00007FF6D2850000-0x00007FF6D2BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3516-98-0x00007FF6D2850000-0x00007FF6D2BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3580-188-0x00007FF605190000-0x00007FF6054E4000-memory.dmp

Filesize
3.3MB

Download
memory/3580-1609-0x00007FF605190000-0x00007FF6054E4000-memory.dmp

Filesize
3.3MB

Download
memory/3716-218-0x00007FF702C50000-0x00007FF702FA4000-memory.dmp

Filesize
3.3MB

Download
memory/3716-791-0x00007FF702C50000-0x00007FF702FA4000-memory.dmp

Filesize
3.3MB

Download
memory/3716-1625-0x00007FF702C50000-0x00007FF702FA4000-memory.dmp

Filesize
3.3MB

Download
memory/3928-48-0x00007FF604880000-0x00007FF604BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3928-1-0x0000023CA6D00000-0x0000023CA6D10000-memory.dmp

Filesize
64KB

Download
memory/3928-0-0x00007FF604880000-0x00007FF604BD4000-memory.dmp

Filesize
3.3MB

Download
memory/4012-147-0x00007FF65C260000-0x00007FF65C5B4000-memory.dmp

Filesize
3.3MB

Download
memory/4012-1590-0x00007FF65C260000-0x00007FF65C5B4000-memory.dmp

Filesize
3.3MB

Download
memory/4012-627-0x00007FF65C260000-0x00007FF65C5B4000-memory.dmp

Filesize
3.3MB

Download
memory/4076-121-0x00007FF78DBF0000-0x00007FF78DF44000-memory.dmp

Filesize
3.3MB

Download
memory/4076-1182-0x00007FF78DBF0000-0x00007FF78DF44000-memory.dmp

Filesize
3.3MB

Download
memory/4076-72-0x00007FF78DBF0000-0x00007FF78DF44000-memory.dmp

Filesize
3.3MB

Download
memory/4312-1170-0x00007FF6CB660000-0x00007FF6CB9B4000-memory.dmp

Filesize
3.3MB

Download
memory/4312-69-0x00007FF6CB660000-0x00007FF6CB9B4000-memory.dmp

Filesize
3.3MB

Download
memory/4312-115-0x00007FF6CB660000-0x00007FF6CB9B4000-memory.dmp

Filesize
3.3MB

Download
memory/4408-1183-0x00007FF7B7450000-0x00007FF7B77A4000-memory.dmp

Filesize
3.3MB

Download
memory/4408-143-0x00007FF7B7450000-0x00007FF7B77A4000-memory.dmp

Filesize
3.3MB

Download
memory/4408-83-0x00007FF7B7450000-0x00007FF7B77A4000-memory.dmp

Filesize
3.3MB

Download
memory/4876-1430-0x00007FF6F4490000-0x00007FF6F47E4000-memory.dmp

Filesize
3.3MB

Download
memory/4876-116-0x00007FF6F4490000-0x00007FF6F47E4000-memory.dmp

Filesize
3.3MB

Download
memory/4876-502-0x00007FF6F4490000-0x00007FF6F47E4000-memory.dmp

Filesize
3.3MB

Download
memory/4968-213-0x00007FF6A07F0000-0x00007FF6A0B44000-memory.dmp

Filesize
3.3MB

Download
memory/4968-1611-0x00007FF6A07F0000-0x00007FF6A0B44000-memory.dmp

Filesize
3.3MB

Download