cobaltstrike | 6798262ab4da21bd0facd135231999007b8823db636eac8e3e2486769d8874c6

Analysis

max time kernel
150s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2024 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0d504c65515b641a5d1cacb9eb3eebcb
SHA1

41bb3dc1c917a35864178ac82594b4f0ac06ae2a
SHA256

6798262ab4da21bd0facd135231999007b8823db636eac8e3e2486769d8874c6
SHA512

aea72dc6df81ff124806bc008531bbed317793fe708a42ab5842225c53ad8fa0ef514ff17a8c13f18065f31e7d9d62cc8f61178deda39b1252855d82027d7c2d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b26-4.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7b-10.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7c-11.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7d-25.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7e-29.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b78-34.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7f-41.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b80-46.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b81-52.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b82-59.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b83-67.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b87-94.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8a-113.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8b-119.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8c-125.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8d-132.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b90-156.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b91-165.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b92-175.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b95-188.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b98-203.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b97-204.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b96-198.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b94-183.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b93-180.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8f-149.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8e-142.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b89-109.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b88-103.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b86-90.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b85-83.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b84-80.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/884-0-0x00007FF668230000-0x00007FF668584000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b26-4.dat	xmrig
behavioral2/memory/4840-7-0x00007FF65E4D0000-0x00007FF65E824000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7b-10.dat	xmrig
behavioral2/memory/1076-12-0x00007FF6E26C0000-0x00007FF6E2A14000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7c-11.dat	xmrig
behavioral2/memory/2852-18-0x00007FF68E0F0000-0x00007FF68E444000-memory.dmp	xmrig
behavioral2/memory/2524-24-0x00007FF7B3990000-0x00007FF7B3CE4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7d-25.dat	xmrig
behavioral2/files/0x000a000000023b7e-29.dat	xmrig
behavioral2/memory/4760-30-0x00007FF68B1D0000-0x00007FF68B524000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b78-34.dat	xmrig
behavioral2/memory/2248-38-0x00007FF6F9710000-0x00007FF6F9A64000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7f-41.dat	xmrig
behavioral2/files/0x000a000000023b80-46.dat	xmrig
behavioral2/memory/4464-49-0x00007FF6AC560000-0x00007FF6AC8B4000-memory.dmp	xmrig
behavioral2/memory/784-50-0x00007FF671210000-0x00007FF671564000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b81-52.dat	xmrig
behavioral2/memory/884-56-0x00007FF668230000-0x00007FF668584000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b82-59.dat	xmrig
behavioral2/memory/4840-61-0x00007FF65E4D0000-0x00007FF65E824000-memory.dmp	xmrig
behavioral2/memory/752-65-0x00007FF6EB9D0000-0x00007FF6EBD24000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b83-67.dat	xmrig
behavioral2/memory/1076-68-0x00007FF6E26C0000-0x00007FF6E2A14000-memory.dmp	xmrig
behavioral2/memory/376-70-0x00007FF78B450000-0x00007FF78B7A4000-memory.dmp	xmrig
behavioral2/memory/2852-75-0x00007FF68E0F0000-0x00007FF68E444000-memory.dmp	xmrig
behavioral2/memory/2524-82-0x00007FF7B3990000-0x00007FF7B3CE4000-memory.dmp	xmrig
behavioral2/memory/4992-85-0x00007FF6EE320000-0x00007FF6EE674000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b87-94.dat	xmrig
behavioral2/memory/3216-102-0x00007FF6CD220000-0x00007FF6CD574000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8a-113.dat	xmrig
behavioral2/files/0x000a000000023b8b-119.dat	xmrig
behavioral2/files/0x000a000000023b8c-125.dat	xmrig
behavioral2/files/0x000a000000023b8d-132.dat	xmrig
behavioral2/memory/2540-140-0x00007FF6617A0000-0x00007FF661AF4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b90-156.dat	xmrig
behavioral2/files/0x000a000000023b91-165.dat	xmrig
behavioral2/files/0x000a000000023b92-175.dat	xmrig
behavioral2/files/0x000a000000023b95-188.dat	xmrig
behavioral2/files/0x000a000000023b98-203.dat	xmrig
behavioral2/memory/1540-1119-0x00007FF709290000-0x00007FF7095E4000-memory.dmp	xmrig
behavioral2/memory/4512-1120-0x00007FF71CB40000-0x00007FF71CE94000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b97-204.dat	xmrig
behavioral2/files/0x000a000000023b96-198.dat	xmrig
behavioral2/memory/4604-192-0x00007FF70EFE0000-0x00007FF70F334000-memory.dmp	xmrig
behavioral2/memory/3676-189-0x00007FF7660E0000-0x00007FF766434000-memory.dmp	xmrig
behavioral2/memory/4136-187-0x00007FF7CE870000-0x00007FF7CEBC4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b94-183.dat	xmrig
behavioral2/memory/3268-182-0x00007FF6E7320000-0x00007FF6E7674000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b93-180.dat	xmrig
behavioral2/memory/100-179-0x00007FF6BC080000-0x00007FF6BC3D4000-memory.dmp	xmrig
behavioral2/memory/1520-174-0x00007FF771F20000-0x00007FF772274000-memory.dmp	xmrig
behavioral2/memory/4064-173-0x00007FF6F64F0000-0x00007FF6F6844000-memory.dmp	xmrig
behavioral2/memory/3216-170-0x00007FF6CD220000-0x00007FF6CD574000-memory.dmp	xmrig
behavioral2/memory/4352-162-0x00007FF673210000-0x00007FF673564000-memory.dmp	xmrig
behavioral2/memory/1712-161-0x00007FF60CF60000-0x00007FF60D2B4000-memory.dmp	xmrig
behavioral2/memory/3664-155-0x00007FF743420000-0x00007FF743774000-memory.dmp	xmrig
behavioral2/memory/2924-154-0x00007FF6FC500000-0x00007FF6FC854000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8f-149.dat	xmrig
behavioral2/memory/1104-148-0x00007FF7A7850000-0x00007FF7A7BA4000-memory.dmp	xmrig
behavioral2/memory/4992-147-0x00007FF6EE320000-0x00007FF6EE674000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8e-142.dat	xmrig
behavioral2/memory/4916-141-0x00007FF72C630000-0x00007FF72C984000-memory.dmp	xmrig
behavioral2/memory/4512-137-0x00007FF71CB40000-0x00007FF71CE94000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4840	flcQjek.exe
1076	LpQjsXi.exe
2852	OsqqXql.exe
2524	QpxsajB.exe
4760	EpzGHsA.exe
2248	dalsXEe.exe
4464	NbcAWeD.exe
784	yPtZBYa.exe
1684	qxqqfFa.exe
752	kTkcyNK.exe
376	wBHnPtV.exe
2540	QjPGiKA.exe
4992	kMfZIdw.exe
2924	JZDfdsU.exe
1712	TVmtCwH.exe
3216	IUJPuXy.exe
1520	uktlVTg.exe
3268	hAQlojD.exe
3676	EtNQkCi.exe
1540	kRJyTUz.exe
4512	EsCTYAv.exe
4916	SCDTXkB.exe
1104	kNFmUeP.exe
3664	zFFDRJH.exe
4352	ZlYGRVd.exe
4064	eQuUNdb.exe
100	pTUugBF.exe
4136	YdusbUx.exe
4604	lZOzciA.exe
1444	rMFdJsA.exe
2328	FRpoQqj.exe
2780	huvyVxa.exe
3476	pROjLKF.exe
3148	zvlpMqE.exe
3920	Jagyvlu.exe
4240	MBAkhJG.exe
2584	UaygJwv.exe
2708	SyDnIQH.exe
4056	XYCbFjd.exe
4280	ZGNYnnj.exe
4296	giskIpe.exe
3612	VdzCfvv.exe
3708	UDwCcnk.exe
2844	vODXqsh.exe
2108	ZoPsPDl.exe
2200	WLhwqQI.exe
3928	milYgKS.exe
2440	ZsFHWKV.exe
3076	Fgxilrt.exe
1544	ZkhfZAH.exe
2744	UqYsBkH.exe
3276	lmDqwSp.exe
4536	JgyLsqt.exe
4176	mSSOZnh.exe
4020	FuTwOis.exe
2808	vHQtLKe.exe
736	TZkMzSx.exe
4228	oamAjvj.exe
712	OxenyIr.exe
2896	YWluRPG.exe
1380	XLySoOD.exe
436	nNANVaf.exe
1640	UdOSbrm.exe
2952	IxZtkJl.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/884-0-0x00007FF668230000-0x00007FF668584000-memory.dmp	upx
behavioral2/files/0x000c000000023b26-4.dat	upx
behavioral2/memory/4840-7-0x00007FF65E4D0000-0x00007FF65E824000-memory.dmp	upx
behavioral2/files/0x000a000000023b7b-10.dat	upx
behavioral2/memory/1076-12-0x00007FF6E26C0000-0x00007FF6E2A14000-memory.dmp	upx
behavioral2/files/0x000a000000023b7c-11.dat	upx
behavioral2/memory/2852-18-0x00007FF68E0F0000-0x00007FF68E444000-memory.dmp	upx
behavioral2/memory/2524-24-0x00007FF7B3990000-0x00007FF7B3CE4000-memory.dmp	upx
behavioral2/files/0x000a000000023b7d-25.dat	upx
behavioral2/files/0x000a000000023b7e-29.dat	upx
behavioral2/memory/4760-30-0x00007FF68B1D0000-0x00007FF68B524000-memory.dmp	upx
behavioral2/files/0x000b000000023b78-34.dat	upx
behavioral2/memory/2248-38-0x00007FF6F9710000-0x00007FF6F9A64000-memory.dmp	upx
behavioral2/files/0x000a000000023b7f-41.dat	upx
behavioral2/files/0x000a000000023b80-46.dat	upx
behavioral2/memory/4464-49-0x00007FF6AC560000-0x00007FF6AC8B4000-memory.dmp	upx
behavioral2/memory/784-50-0x00007FF671210000-0x00007FF671564000-memory.dmp	upx
behavioral2/files/0x000a000000023b81-52.dat	upx
behavioral2/memory/884-56-0x00007FF668230000-0x00007FF668584000-memory.dmp	upx
behavioral2/files/0x000a000000023b82-59.dat	upx
behavioral2/memory/4840-61-0x00007FF65E4D0000-0x00007FF65E824000-memory.dmp	upx
behavioral2/memory/752-65-0x00007FF6EB9D0000-0x00007FF6EBD24000-memory.dmp	upx
behavioral2/files/0x000a000000023b83-67.dat	upx
behavioral2/memory/1076-68-0x00007FF6E26C0000-0x00007FF6E2A14000-memory.dmp	upx
behavioral2/memory/376-70-0x00007FF78B450000-0x00007FF78B7A4000-memory.dmp	upx
behavioral2/memory/2852-75-0x00007FF68E0F0000-0x00007FF68E444000-memory.dmp	upx
behavioral2/memory/2524-82-0x00007FF7B3990000-0x00007FF7B3CE4000-memory.dmp	upx
behavioral2/memory/4992-85-0x00007FF6EE320000-0x00007FF6EE674000-memory.dmp	upx
behavioral2/files/0x000a000000023b87-94.dat	upx
behavioral2/memory/3216-102-0x00007FF6CD220000-0x00007FF6CD574000-memory.dmp	upx
behavioral2/files/0x000a000000023b8a-113.dat	upx
behavioral2/files/0x000a000000023b8b-119.dat	upx
behavioral2/files/0x000a000000023b8c-125.dat	upx
behavioral2/files/0x000a000000023b8d-132.dat	upx
behavioral2/memory/2540-140-0x00007FF6617A0000-0x00007FF661AF4000-memory.dmp	upx
behavioral2/files/0x000a000000023b90-156.dat	upx
behavioral2/files/0x000a000000023b91-165.dat	upx
behavioral2/files/0x000a000000023b92-175.dat	upx
behavioral2/files/0x000a000000023b95-188.dat	upx
behavioral2/files/0x000a000000023b98-203.dat	upx
behavioral2/memory/1540-1119-0x00007FF709290000-0x00007FF7095E4000-memory.dmp	upx
behavioral2/memory/4512-1120-0x00007FF71CB40000-0x00007FF71CE94000-memory.dmp	upx
behavioral2/files/0x000a000000023b97-204.dat	upx
behavioral2/files/0x000a000000023b96-198.dat	upx
behavioral2/memory/4604-192-0x00007FF70EFE0000-0x00007FF70F334000-memory.dmp	upx
behavioral2/memory/3676-189-0x00007FF7660E0000-0x00007FF766434000-memory.dmp	upx
behavioral2/memory/4136-187-0x00007FF7CE870000-0x00007FF7CEBC4000-memory.dmp	upx
behavioral2/files/0x000a000000023b94-183.dat	upx
behavioral2/memory/3268-182-0x00007FF6E7320000-0x00007FF6E7674000-memory.dmp	upx
behavioral2/files/0x000a000000023b93-180.dat	upx
behavioral2/memory/100-179-0x00007FF6BC080000-0x00007FF6BC3D4000-memory.dmp	upx
behavioral2/memory/1520-174-0x00007FF771F20000-0x00007FF772274000-memory.dmp	upx
behavioral2/memory/4064-173-0x00007FF6F64F0000-0x00007FF6F6844000-memory.dmp	upx
behavioral2/memory/3216-170-0x00007FF6CD220000-0x00007FF6CD574000-memory.dmp	upx
behavioral2/memory/4352-162-0x00007FF673210000-0x00007FF673564000-memory.dmp	upx
behavioral2/memory/1712-161-0x00007FF60CF60000-0x00007FF60D2B4000-memory.dmp	upx
behavioral2/memory/3664-155-0x00007FF743420000-0x00007FF743774000-memory.dmp	upx
behavioral2/memory/2924-154-0x00007FF6FC500000-0x00007FF6FC854000-memory.dmp	upx
behavioral2/files/0x000a000000023b8f-149.dat	upx
behavioral2/memory/1104-148-0x00007FF7A7850000-0x00007FF7A7BA4000-memory.dmp	upx
behavioral2/memory/4992-147-0x00007FF6EE320000-0x00007FF6EE674000-memory.dmp	upx
behavioral2/files/0x000a000000023b8e-142.dat	upx
behavioral2/memory/4916-141-0x00007FF72C630000-0x00007FF72C984000-memory.dmp	upx
behavioral2/memory/4512-137-0x00007FF71CB40000-0x00007FF71CE94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vGxomUj.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KGRdNGj.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kFsQxyo.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCWkKym.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqYsBkH.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmPVGjb.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WIMMzdD.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oRjnmSe.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LkjPALf.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Htomalz.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFidRiG.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVbwRPE.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRJhKYd.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGndRFx.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\neURXvV.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCrBIXm.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXyPtFm.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MCPfSbz.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PTdrupp.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxenyIr.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfFDrrq.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjVlFOG.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EtbtQvF.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hGVskBq.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shqVhEj.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XxFywpM.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZRwmjqp.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sWnXqPU.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qghlMWn.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kEypaXN.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gHkGYsF.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfkGfOb.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRCJdvJ.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INQpfXV.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QGufeDE.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffKuadY.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDJCnJm.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nnHeMSE.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\anAYAuz.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPSWpqg.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCyWEsy.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRmSDYt.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TkBgZdF.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hhxxxvq.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKDLxQu.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IIHaOWj.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VHcAhHt.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sePTtIc.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Heibver.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JFkHJPL.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTJnwsJ.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXuLqhD.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILmitaB.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqNuhpy.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqqfxJa.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LzDOvwc.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rblqNVX.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\czwzcYk.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UHInjfP.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFxyjFh.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWBHNHE.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XzgYpbE.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MgZfdUU.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNfQTkN.exe	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 4840	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 884 wrote to memory of 4840	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 884 wrote to memory of 1076	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 884 wrote to memory of 1076	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 884 wrote to memory of 2852	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 884 wrote to memory of 2852	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 884 wrote to memory of 2524	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 884 wrote to memory of 2524	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 884 wrote to memory of 4760	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 884 wrote to memory of 4760	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 884 wrote to memory of 2248	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 884 wrote to memory of 2248	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 884 wrote to memory of 4464	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 884 wrote to memory of 4464	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 884 wrote to memory of 784	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 884 wrote to memory of 784	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 884 wrote to memory of 1684	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 884 wrote to memory of 1684	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 884 wrote to memory of 752	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 884 wrote to memory of 752	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 884 wrote to memory of 376	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 884 wrote to memory of 376	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 884 wrote to memory of 2540	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 884 wrote to memory of 2540	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 884 wrote to memory of 4992	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 884 wrote to memory of 4992	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 884 wrote to memory of 2924	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 884 wrote to memory of 2924	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 884 wrote to memory of 1712	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 884 wrote to memory of 1712	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 884 wrote to memory of 3216	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 884 wrote to memory of 3216	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 884 wrote to memory of 1520	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 884 wrote to memory of 1520	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 884 wrote to memory of 3268	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 884 wrote to memory of 3268	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 884 wrote to memory of 3676	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 884 wrote to memory of 3676	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 884 wrote to memory of 1540	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 884 wrote to memory of 1540	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 884 wrote to memory of 4512	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 884 wrote to memory of 4512	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 884 wrote to memory of 4916	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 884 wrote to memory of 4916	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 884 wrote to memory of 1104	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 884 wrote to memory of 1104	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 884 wrote to memory of 3664	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 884 wrote to memory of 3664	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 884 wrote to memory of 4352	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 884 wrote to memory of 4352	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 884 wrote to memory of 4064	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 884 wrote to memory of 4064	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 884 wrote to memory of 100	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 884 wrote to memory of 100	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 884 wrote to memory of 4136	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 884 wrote to memory of 4136	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 884 wrote to memory of 4604	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 884 wrote to memory of 4604	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 884 wrote to memory of 1444	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 884 wrote to memory of 1444	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 884 wrote to memory of 2328	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 884 wrote to memory of 2328	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 884 wrote to memory of 2780	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 884 wrote to memory of 2780	884	2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe	117

C:\Users\Admin\AppData\Local\Temp\2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-18_0d504c65515b641a5d1cacb9eb3eebcb_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:884
- C:\Windows\System\flcQjek.exe
  C:\Windows\System\flcQjek.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\LpQjsXi.exe
  C:\Windows\System\LpQjsXi.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\OsqqXql.exe
  C:\Windows\System\OsqqXql.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\QpxsajB.exe
  C:\Windows\System\QpxsajB.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\EpzGHsA.exe
  C:\Windows\System\EpzGHsA.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\dalsXEe.exe
  C:\Windows\System\dalsXEe.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\NbcAWeD.exe
  C:\Windows\System\NbcAWeD.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\yPtZBYa.exe
  C:\Windows\System\yPtZBYa.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\qxqqfFa.exe
  C:\Windows\System\qxqqfFa.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\kTkcyNK.exe
  C:\Windows\System\kTkcyNK.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\wBHnPtV.exe
  C:\Windows\System\wBHnPtV.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\QjPGiKA.exe
  C:\Windows\System\QjPGiKA.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\kMfZIdw.exe
  C:\Windows\System\kMfZIdw.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\JZDfdsU.exe
  C:\Windows\System\JZDfdsU.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\TVmtCwH.exe
  C:\Windows\System\TVmtCwH.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\IUJPuXy.exe
  C:\Windows\System\IUJPuXy.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\uktlVTg.exe
  C:\Windows\System\uktlVTg.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\hAQlojD.exe
  C:\Windows\System\hAQlojD.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\EtNQkCi.exe
  C:\Windows\System\EtNQkCi.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\kRJyTUz.exe
  C:\Windows\System\kRJyTUz.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\EsCTYAv.exe
  C:\Windows\System\EsCTYAv.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\SCDTXkB.exe
  C:\Windows\System\SCDTXkB.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\kNFmUeP.exe
  C:\Windows\System\kNFmUeP.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\zFFDRJH.exe
  C:\Windows\System\zFFDRJH.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\ZlYGRVd.exe
  C:\Windows\System\ZlYGRVd.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\eQuUNdb.exe
  C:\Windows\System\eQuUNdb.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\pTUugBF.exe
  C:\Windows\System\pTUugBF.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\YdusbUx.exe
  C:\Windows\System\YdusbUx.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\lZOzciA.exe
  C:\Windows\System\lZOzciA.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\rMFdJsA.exe
  C:\Windows\System\rMFdJsA.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\FRpoQqj.exe
  C:\Windows\System\FRpoQqj.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\huvyVxa.exe
  C:\Windows\System\huvyVxa.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\pROjLKF.exe
  C:\Windows\System\pROjLKF.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\zvlpMqE.exe
  C:\Windows\System\zvlpMqE.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\Jagyvlu.exe
  C:\Windows\System\Jagyvlu.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\MBAkhJG.exe
  C:\Windows\System\MBAkhJG.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\UaygJwv.exe
  C:\Windows\System\UaygJwv.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\SyDnIQH.exe
  C:\Windows\System\SyDnIQH.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\XYCbFjd.exe
  C:\Windows\System\XYCbFjd.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\ZGNYnnj.exe
  C:\Windows\System\ZGNYnnj.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\giskIpe.exe
  C:\Windows\System\giskIpe.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\VdzCfvv.exe
  C:\Windows\System\VdzCfvv.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\UDwCcnk.exe
  C:\Windows\System\UDwCcnk.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\vODXqsh.exe
  C:\Windows\System\vODXqsh.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\ZoPsPDl.exe
  C:\Windows\System\ZoPsPDl.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\WLhwqQI.exe
  C:\Windows\System\WLhwqQI.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\milYgKS.exe
  C:\Windows\System\milYgKS.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\ZsFHWKV.exe
  C:\Windows\System\ZsFHWKV.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\Fgxilrt.exe
  C:\Windows\System\Fgxilrt.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\ZkhfZAH.exe
  C:\Windows\System\ZkhfZAH.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\UqYsBkH.exe
  C:\Windows\System\UqYsBkH.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\lmDqwSp.exe
  C:\Windows\System\lmDqwSp.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\JgyLsqt.exe
  C:\Windows\System\JgyLsqt.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\mSSOZnh.exe
  C:\Windows\System\mSSOZnh.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\FuTwOis.exe
  C:\Windows\System\FuTwOis.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\vHQtLKe.exe
  C:\Windows\System\vHQtLKe.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\TZkMzSx.exe
  C:\Windows\System\TZkMzSx.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\oamAjvj.exe
  C:\Windows\System\oamAjvj.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\OxenyIr.exe
  C:\Windows\System\OxenyIr.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\YWluRPG.exe
  C:\Windows\System\YWluRPG.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\XLySoOD.exe
  C:\Windows\System\XLySoOD.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\nNANVaf.exe
  C:\Windows\System\nNANVaf.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\UdOSbrm.exe
  C:\Windows\System\UdOSbrm.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\IxZtkJl.exe
  C:\Windows\System\IxZtkJl.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\aFRglRr.exe
  C:\Windows\System\aFRglRr.exe
  2⤵
  PID:4428
- C:\Windows\System\BPLHmaX.exe
  C:\Windows\System\BPLHmaX.exe
  2⤵
  PID:1396
- C:\Windows\System\uhqmFkp.exe
  C:\Windows\System\uhqmFkp.exe
  2⤵
  PID:2472
- C:\Windows\System\xFoGiSI.exe
  C:\Windows\System\xFoGiSI.exe
  2⤵
  PID:4060
- C:\Windows\System\shmcLUy.exe
  C:\Windows\System\shmcLUy.exe
  2⤵
  PID:868
- C:\Windows\System\gnJNMQc.exe
  C:\Windows\System\gnJNMQc.exe
  2⤵
  PID:2928
- C:\Windows\System\VEkutFw.exe
  C:\Windows\System\VEkutFw.exe
  2⤵
  PID:2288
- C:\Windows\System\ABLVBYc.exe
  C:\Windows\System\ABLVBYc.exe
  2⤵
  PID:1696
- C:\Windows\System\FNDAdEw.exe
  C:\Windows\System\FNDAdEw.exe
  2⤵
  PID:2616
- C:\Windows\System\CxliISj.exe
  C:\Windows\System\CxliISj.exe
  2⤵
  PID:3916
- C:\Windows\System\ZBqBTNP.exe
  C:\Windows\System\ZBqBTNP.exe
  2⤵
  PID:2728
- C:\Windows\System\uHntwsi.exe
  C:\Windows\System\uHntwsi.exe
  2⤵
  PID:408
- C:\Windows\System\NGooxOL.exe
  C:\Windows\System\NGooxOL.exe
  2⤵
  PID:2372
- C:\Windows\System\mhttyDm.exe
  C:\Windows\System\mhttyDm.exe
  2⤵
  PID:5128
- C:\Windows\System\sUzfHEk.exe
  C:\Windows\System\sUzfHEk.exe
  2⤵
  PID:5168
- C:\Windows\System\NDEkePU.exe
  C:\Windows\System\NDEkePU.exe
  2⤵
  PID:5184
- C:\Windows\System\nagcZKy.exe
  C:\Windows\System\nagcZKy.exe
  2⤵
  PID:5212
- C:\Windows\System\tJxvJUq.exe
  C:\Windows\System\tJxvJUq.exe
  2⤵
  PID:5240
- C:\Windows\System\YbtHbwz.exe
  C:\Windows\System\YbtHbwz.exe
  2⤵
  PID:5272
- C:\Windows\System\qkUJkVe.exe
  C:\Windows\System\qkUJkVe.exe
  2⤵
  PID:5296
- C:\Windows\System\aftlHhb.exe
  C:\Windows\System\aftlHhb.exe
  2⤵
  PID:5324
- C:\Windows\System\Czogvbk.exe
  C:\Windows\System\Czogvbk.exe
  2⤵
  PID:5352
- C:\Windows\System\XQzoDtI.exe
  C:\Windows\System\XQzoDtI.exe
  2⤵
  PID:5380
- C:\Windows\System\ozNVofA.exe
  C:\Windows\System\ozNVofA.exe
  2⤵
  PID:5408
- C:\Windows\System\DHQLjIV.exe
  C:\Windows\System\DHQLjIV.exe
  2⤵
  PID:5436
- C:\Windows\System\geexrRE.exe
  C:\Windows\System\geexrRE.exe
  2⤵
  PID:5476
- C:\Windows\System\aHumUcL.exe
  C:\Windows\System\aHumUcL.exe
  2⤵
  PID:5504
- C:\Windows\System\KbxbdOC.exe
  C:\Windows\System\KbxbdOC.exe
  2⤵
  PID:5524
- C:\Windows\System\hGVskBq.exe
  C:\Windows\System\hGVskBq.exe
  2⤵
  PID:5548
- C:\Windows\System\PFqyhWJ.exe
  C:\Windows\System\PFqyhWJ.exe
  2⤵
  PID:5576
- C:\Windows\System\JZIxAiT.exe
  C:\Windows\System\JZIxAiT.exe
  2⤵
  PID:5604
- C:\Windows\System\sEbAMpd.exe
  C:\Windows\System\sEbAMpd.exe
  2⤵
  PID:5632
- C:\Windows\System\vphntfb.exe
  C:\Windows\System\vphntfb.exe
  2⤵
  PID:5660
- C:\Windows\System\leOeuSn.exe
  C:\Windows\System\leOeuSn.exe
  2⤵
  PID:5696
- C:\Windows\System\VnuLeoy.exe
  C:\Windows\System\VnuLeoy.exe
  2⤵
  PID:5716
- C:\Windows\System\wVhekNb.exe
  C:\Windows\System\wVhekNb.exe
  2⤵
  PID:5744
- C:\Windows\System\yBhlYfz.exe
  C:\Windows\System\yBhlYfz.exe
  2⤵
  PID:5772
- C:\Windows\System\HnzBZly.exe
  C:\Windows\System\HnzBZly.exe
  2⤵
  PID:5804
- C:\Windows\System\XvVzaED.exe
  C:\Windows\System\XvVzaED.exe
  2⤵
  PID:5828
- C:\Windows\System\SphZgwN.exe
  C:\Windows\System\SphZgwN.exe
  2⤵
  PID:5856
- C:\Windows\System\oYonEvE.exe
  C:\Windows\System\oYonEvE.exe
  2⤵
  PID:5884
- C:\Windows\System\FFcYAYt.exe
  C:\Windows\System\FFcYAYt.exe
  2⤵
  PID:5912
- C:\Windows\System\fpoXjTD.exe
  C:\Windows\System\fpoXjTD.exe
  2⤵
  PID:5940
- C:\Windows\System\WsPUelf.exe
  C:\Windows\System\WsPUelf.exe
  2⤵
  PID:5968
- C:\Windows\System\KuCkNqH.exe
  C:\Windows\System\KuCkNqH.exe
  2⤵
  PID:5996
- C:\Windows\System\kQCAwJG.exe
  C:\Windows\System\kQCAwJG.exe
  2⤵
  PID:6024
- C:\Windows\System\GlrimDO.exe
  C:\Windows\System\GlrimDO.exe
  2⤵
  PID:6052
- C:\Windows\System\IhVeZaR.exe
  C:\Windows\System\IhVeZaR.exe
  2⤵
  PID:6080
- C:\Windows\System\tNOqlmJ.exe
  C:\Windows\System\tNOqlmJ.exe
  2⤵
  PID:6120
- C:\Windows\System\dycFemN.exe
  C:\Windows\System\dycFemN.exe
  2⤵
  PID:6136
- C:\Windows\System\BxupSbH.exe
  C:\Windows\System\BxupSbH.exe
  2⤵
  PID:3292
- C:\Windows\System\NZzZsIX.exe
  C:\Windows\System\NZzZsIX.exe
  2⤵
  PID:4708
- C:\Windows\System\hVqBlSz.exe
  C:\Windows\System\hVqBlSz.exe
  2⤵
  PID:1936
- C:\Windows\System\CngKxfb.exe
  C:\Windows\System\CngKxfb.exe
  2⤵
  PID:1536
- C:\Windows\System\BSIkfQN.exe
  C:\Windows\System\BSIkfQN.exe
  2⤵
  PID:5156
- C:\Windows\System\zNndIlv.exe
  C:\Windows\System\zNndIlv.exe
  2⤵
  PID:5208
- C:\Windows\System\SRrgHwe.exe
  C:\Windows\System\SRrgHwe.exe
  2⤵
  PID:5288
- C:\Windows\System\IfupMHt.exe
  C:\Windows\System\IfupMHt.exe
  2⤵
  PID:5348
- C:\Windows\System\inBneXJ.exe
  C:\Windows\System\inBneXJ.exe
  2⤵
  PID:5420
- C:\Windows\System\vBHDsUE.exe
  C:\Windows\System\vBHDsUE.exe
  2⤵
  PID:5488
- C:\Windows\System\jdTQRuU.exe
  C:\Windows\System\jdTQRuU.exe
  2⤵
  PID:5544
- C:\Windows\System\gooJnwA.exe
  C:\Windows\System\gooJnwA.exe
  2⤵
  PID:5616
- C:\Windows\System\ThOqHzc.exe
  C:\Windows\System\ThOqHzc.exe
  2⤵
  PID:5684
- C:\Windows\System\hFidRiG.exe
  C:\Windows\System\hFidRiG.exe
  2⤵
  PID:5736
- C:\Windows\System\OxFcOao.exe
  C:\Windows\System\OxFcOao.exe
  2⤵
  PID:5820
- C:\Windows\System\yjadpIa.exe
  C:\Windows\System\yjadpIa.exe
  2⤵
  PID:5872
- C:\Windows\System\pPjdddk.exe
  C:\Windows\System\pPjdddk.exe
  2⤵
  PID:5932
- C:\Windows\System\gdicRvX.exe
  C:\Windows\System\gdicRvX.exe
  2⤵
  PID:5992
- C:\Windows\System\omoBxDQ.exe
  C:\Windows\System\omoBxDQ.exe
  2⤵
  PID:6064
- C:\Windows\System\fmnfNFK.exe
  C:\Windows\System\fmnfNFK.exe
  2⤵
  PID:6128
- C:\Windows\System\KAlBQpC.exe
  C:\Windows\System\KAlBQpC.exe
  2⤵
  PID:3228
- C:\Windows\System\pBiMTzR.exe
  C:\Windows\System\pBiMTzR.exe
  2⤵
  PID:1844
- C:\Windows\System\RxTiyVi.exe
  C:\Windows\System\RxTiyVi.exe
  2⤵
  PID:5264
- C:\Windows\System\PgtzXHe.exe
  C:\Windows\System\PgtzXHe.exe
  2⤵
  PID:5396
- C:\Windows\System\eWCRdMH.exe
  C:\Windows\System\eWCRdMH.exe
  2⤵
  PID:5596
- C:\Windows\System\ObWExwd.exe
  C:\Windows\System\ObWExwd.exe
  2⤵
  PID:5728
- C:\Windows\System\ZBlNcKl.exe
  C:\Windows\System\ZBlNcKl.exe
  2⤵
  PID:5868
- C:\Windows\System\Ngqryap.exe
  C:\Windows\System\Ngqryap.exe
  2⤵
  PID:6020
- C:\Windows\System\YjPlIKW.exe
  C:\Windows\System\YjPlIKW.exe
  2⤵
  PID:6156
- C:\Windows\System\afFGDGs.exe
  C:\Windows\System\afFGDGs.exe
  2⤵
  PID:6172
- C:\Windows\System\mOWgxew.exe
  C:\Windows\System\mOWgxew.exe
  2⤵
  PID:6212
- C:\Windows\System\ucCSEAs.exe
  C:\Windows\System\ucCSEAs.exe
  2⤵
  PID:6240
- C:\Windows\System\tOOplNX.exe
  C:\Windows\System\tOOplNX.exe
  2⤵
  PID:6268
- C:\Windows\System\snWIJTG.exe
  C:\Windows\System\snWIJTG.exe
  2⤵
  PID:6300
- C:\Windows\System\rqNSftJ.exe
  C:\Windows\System\rqNSftJ.exe
  2⤵
  PID:6324
- C:\Windows\System\sITNDEQ.exe
  C:\Windows\System\sITNDEQ.exe
  2⤵
  PID:6352
- C:\Windows\System\AmQTWul.exe
  C:\Windows\System\AmQTWul.exe
  2⤵
  PID:6384
- C:\Windows\System\AFWxlMj.exe
  C:\Windows\System\AFWxlMj.exe
  2⤵
  PID:6408
- C:\Windows\System\yhOFEBK.exe
  C:\Windows\System\yhOFEBK.exe
  2⤵
  PID:6436
- C:\Windows\System\xJOcvNC.exe
  C:\Windows\System\xJOcvNC.exe
  2⤵
  PID:6464
- C:\Windows\System\kcuJaPn.exe
  C:\Windows\System\kcuJaPn.exe
  2⤵
  PID:6492
- C:\Windows\System\uEuyueI.exe
  C:\Windows\System\uEuyueI.exe
  2⤵
  PID:6520
- C:\Windows\System\lgULGXK.exe
  C:\Windows\System\lgULGXK.exe
  2⤵
  PID:6548
- C:\Windows\System\iWlwFyE.exe
  C:\Windows\System\iWlwFyE.exe
  2⤵
  PID:6588
- C:\Windows\System\DgZaATv.exe
  C:\Windows\System\DgZaATv.exe
  2⤵
  PID:6616
- C:\Windows\System\bDpvcJb.exe
  C:\Windows\System\bDpvcJb.exe
  2⤵
  PID:6640
- C:\Windows\System\ioagiop.exe
  C:\Windows\System\ioagiop.exe
  2⤵
  PID:6664
- C:\Windows\System\uybxSmG.exe
  C:\Windows\System\uybxSmG.exe
  2⤵
  PID:6692
- C:\Windows\System\UGlCSnU.exe
  C:\Windows\System\UGlCSnU.exe
  2⤵
  PID:6720
- C:\Windows\System\NJkcYjZ.exe
  C:\Windows\System\NJkcYjZ.exe
  2⤵
  PID:6744
- C:\Windows\System\bIwUQeB.exe
  C:\Windows\System\bIwUQeB.exe
  2⤵
  PID:6760
- C:\Windows\System\BGfeKfL.exe
  C:\Windows\System\BGfeKfL.exe
  2⤵
  PID:6808
- C:\Windows\System\WUeYjPl.exe
  C:\Windows\System\WUeYjPl.exe
  2⤵
  PID:6828
- C:\Windows\System\QZnBCUd.exe
  C:\Windows\System\QZnBCUd.exe
  2⤵
  PID:6856
- C:\Windows\System\ZKbDnSG.exe
  C:\Windows\System\ZKbDnSG.exe
  2⤵
  PID:6908
- C:\Windows\System\ECNkuEN.exe
  C:\Windows\System\ECNkuEN.exe
  2⤵
  PID:6928
- C:\Windows\System\acUHkup.exe
  C:\Windows\System\acUHkup.exe
  2⤵
  PID:6952
- C:\Windows\System\rBtVlTD.exe
  C:\Windows\System\rBtVlTD.exe
  2⤵
  PID:6968
- C:\Windows\System\yWBHNHE.exe
  C:\Windows\System\yWBHNHE.exe
  2⤵
  PID:6996
- C:\Windows\System\cZaoObd.exe
  C:\Windows\System\cZaoObd.exe
  2⤵
  PID:7036
- C:\Windows\System\pysUSFu.exe
  C:\Windows\System\pysUSFu.exe
  2⤵
  PID:7064
- C:\Windows\System\PgKMpgu.exe
  C:\Windows\System\PgKMpgu.exe
  2⤵
  PID:7080
- C:\Windows\System\CBVNNPi.exe
  C:\Windows\System\CBVNNPi.exe
  2⤵
  PID:7108
- C:\Windows\System\GqMmqAG.exe
  C:\Windows\System\GqMmqAG.exe
  2⤵
  PID:7136
- C:\Windows\System\FctMgSS.exe
  C:\Windows\System\FctMgSS.exe
  2⤵
  PID:7164
- C:\Windows\System\ffOIleB.exe
  C:\Windows\System\ffOIleB.exe
  2⤵
  PID:3864
- C:\Windows\System\IbudgtT.exe
  C:\Windows\System\IbudgtT.exe
  2⤵
  PID:5468
- C:\Windows\System\PnVfVQJ.exe
  C:\Windows\System\PnVfVQJ.exe
  2⤵
  PID:5796
- C:\Windows\System\CakBrnv.exe
  C:\Windows\System\CakBrnv.exe
  2⤵
  PID:6164
- C:\Windows\System\rYfmxTh.exe
  C:\Windows\System\rYfmxTh.exe
  2⤵
  PID:6200
- C:\Windows\System\rIgMCLL.exe
  C:\Windows\System\rIgMCLL.exe
  2⤵
  PID:6260
- C:\Windows\System\ncibjGJ.exe
  C:\Windows\System\ncibjGJ.exe
  2⤵
  PID:6336
- C:\Windows\System\QngZuQf.exe
  C:\Windows\System\QngZuQf.exe
  2⤵
  PID:6400
- C:\Windows\System\DoMYTfm.exe
  C:\Windows\System\DoMYTfm.exe
  2⤵
  PID:6460
- C:\Windows\System\eklIMGM.exe
  C:\Windows\System\eklIMGM.exe
  2⤵
  PID:6532
- C:\Windows\System\jCCJAeD.exe
  C:\Windows\System\jCCJAeD.exe
  2⤵
  PID:6600
- C:\Windows\System\UPAbjhn.exe
  C:\Windows\System\UPAbjhn.exe
  2⤵
  PID:6672
- C:\Windows\System\ayocEVp.exe
  C:\Windows\System\ayocEVp.exe
  2⤵
  PID:6728
- C:\Windows\System\EDwpDwU.exe
  C:\Windows\System\EDwpDwU.exe
  2⤵
  PID:6784
- C:\Windows\System\LneWtNM.exe
  C:\Windows\System\LneWtNM.exe
  2⤵
  PID:6848
- C:\Windows\System\ZWslmWF.exe
  C:\Windows\System\ZWslmWF.exe
  2⤵
  PID:6888
- C:\Windows\System\QIuCRRw.exe
  C:\Windows\System\QIuCRRw.exe
  2⤵
  PID:6964
- C:\Windows\System\HQYPJtj.exe
  C:\Windows\System\HQYPJtj.exe
  2⤵
  PID:7024
- C:\Windows\System\dBfgdrt.exe
  C:\Windows\System\dBfgdrt.exe
  2⤵
  PID:3396
- C:\Windows\System\hnywnaB.exe
  C:\Windows\System\hnywnaB.exe
  2⤵
  PID:7148
- C:\Windows\System\udepOtc.exe
  C:\Windows\System\udepOtc.exe
  2⤵
  PID:5644
- C:\Windows\System\LrZTHaQ.exe
  C:\Windows\System\LrZTHaQ.exe
  2⤵
  PID:6148
- C:\Windows\System\xwfelPs.exe
  C:\Windows\System\xwfelPs.exe
  2⤵
  PID:6316
- C:\Windows\System\zQnoAzC.exe
  C:\Windows\System\zQnoAzC.exe
  2⤵
  PID:6512
- C:\Windows\System\ACgzmcV.exe
  C:\Windows\System\ACgzmcV.exe
  2⤵
  PID:6624
- C:\Windows\System\BdXFwZJ.exe
  C:\Windows\System\BdXFwZJ.exe
  2⤵
  PID:6752
- C:\Windows\System\xKNdJbQ.exe
  C:\Windows\System\xKNdJbQ.exe
  2⤵
  PID:6840
- C:\Windows\System\hkBvZcF.exe
  C:\Windows\System\hkBvZcF.exe
  2⤵
  PID:6960
- C:\Windows\System\vtePSMv.exe
  C:\Windows\System\vtePSMv.exe
  2⤵
  PID:7120
- C:\Windows\System\WhOTJkn.exe
  C:\Windows\System\WhOTJkn.exe
  2⤵
  PID:5924
- C:\Windows\System\RcMMkzg.exe
  C:\Windows\System\RcMMkzg.exe
  2⤵
  PID:6456
- C:\Windows\System\ZPsZzdB.exe
  C:\Windows\System\ZPsZzdB.exe
  2⤵
  PID:7188
- C:\Windows\System\dJWrByP.exe
  C:\Windows\System\dJWrByP.exe
  2⤵
  PID:7212
- C:\Windows\System\UflFlEj.exe
  C:\Windows\System\UflFlEj.exe
  2⤵
  PID:7248
- C:\Windows\System\EwFhaFl.exe
  C:\Windows\System\EwFhaFl.exe
  2⤵
  PID:7284
- C:\Windows\System\zrTWYHP.exe
  C:\Windows\System\zrTWYHP.exe
  2⤵
  PID:7308
- C:\Windows\System\YlAHgrl.exe
  C:\Windows\System\YlAHgrl.exe
  2⤵
  PID:7336
- C:\Windows\System\gRfLduw.exe
  C:\Windows\System\gRfLduw.exe
  2⤵
  PID:7356
- C:\Windows\System\SlbpVnM.exe
  C:\Windows\System\SlbpVnM.exe
  2⤵
  PID:7380
- C:\Windows\System\sCVuigB.exe
  C:\Windows\System\sCVuigB.exe
  2⤵
  PID:7408
- C:\Windows\System\LFLtnPX.exe
  C:\Windows\System\LFLtnPX.exe
  2⤵
  PID:7436
- C:\Windows\System\MIUPCAF.exe
  C:\Windows\System\MIUPCAF.exe
  2⤵
  PID:7464
- C:\Windows\System\emjKtLq.exe
  C:\Windows\System\emjKtLq.exe
  2⤵
  PID:7492
- C:\Windows\System\CatXfFI.exe
  C:\Windows\System\CatXfFI.exe
  2⤵
  PID:7524
- C:\Windows\System\GazQtgE.exe
  C:\Windows\System\GazQtgE.exe
  2⤵
  PID:7548
- C:\Windows\System\fCKcmeB.exe
  C:\Windows\System\fCKcmeB.exe
  2⤵
  PID:7580
- C:\Windows\System\PLNqHRv.exe
  C:\Windows\System\PLNqHRv.exe
  2⤵
  PID:7604
- C:\Windows\System\LhdEFRF.exe
  C:\Windows\System\LhdEFRF.exe
  2⤵
  PID:7632
- C:\Windows\System\wLWyXFP.exe
  C:\Windows\System\wLWyXFP.exe
  2⤵
  PID:7664
- C:\Windows\System\gpENCMW.exe
  C:\Windows\System\gpENCMW.exe
  2⤵
  PID:7688
- C:\Windows\System\OsAMuis.exe
  C:\Windows\System\OsAMuis.exe
  2⤵
  PID:7716
- C:\Windows\System\SxyJbTx.exe
  C:\Windows\System\SxyJbTx.exe
  2⤵
  PID:7744
- C:\Windows\System\cuobqoM.exe
  C:\Windows\System\cuobqoM.exe
  2⤵
  PID:7772
- C:\Windows\System\vasfKZp.exe
  C:\Windows\System\vasfKZp.exe
  2⤵
  PID:7800
- C:\Windows\System\rhfKOcA.exe
  C:\Windows\System\rhfKOcA.exe
  2⤵
  PID:7828
- C:\Windows\System\NxZkKkF.exe
  C:\Windows\System\NxZkKkF.exe
  2⤵
  PID:7856
- C:\Windows\System\dtOeouv.exe
  C:\Windows\System\dtOeouv.exe
  2⤵
  PID:7884
- C:\Windows\System\ObxDSAM.exe
  C:\Windows\System\ObxDSAM.exe
  2⤵
  PID:7912
- C:\Windows\System\toFQTKl.exe
  C:\Windows\System\toFQTKl.exe
  2⤵
  PID:7928
- C:\Windows\System\oPQynwD.exe
  C:\Windows\System\oPQynwD.exe
  2⤵
  PID:7968
- C:\Windows\System\pUvoLej.exe
  C:\Windows\System\pUvoLej.exe
  2⤵
  PID:7996
- C:\Windows\System\pgWhRhP.exe
  C:\Windows\System\pgWhRhP.exe
  2⤵
  PID:8024
- C:\Windows\System\NeQNvMO.exe
  C:\Windows\System\NeQNvMO.exe
  2⤵
  PID:8052
- C:\Windows\System\ZdRVHEr.exe
  C:\Windows\System\ZdRVHEr.exe
  2⤵
  PID:8080
- C:\Windows\System\qcoTFKD.exe
  C:\Windows\System\qcoTFKD.exe
  2⤵
  PID:8108
- C:\Windows\System\faDrlsS.exe
  C:\Windows\System\faDrlsS.exe
  2⤵
  PID:8140
- C:\Windows\System\lydYIyA.exe
  C:\Windows\System\lydYIyA.exe
  2⤵
  PID:8164
- C:\Windows\System\horaovN.exe
  C:\Windows\System\horaovN.exe
  2⤵
  PID:6560
- C:\Windows\System\bdLFREz.exe
  C:\Windows\System\bdLFREz.exe
  2⤵
  PID:624
- C:\Windows\System\hWZDFvl.exe
  C:\Windows\System\hWZDFvl.exe
  2⤵
  PID:4500
- C:\Windows\System\Sbjbcoo.exe
  C:\Windows\System\Sbjbcoo.exe
  2⤵
  PID:6428
- C:\Windows\System\vMNVxpj.exe
  C:\Windows\System\vMNVxpj.exe
  2⤵
  PID:7224
- C:\Windows\System\FCvByyZ.exe
  C:\Windows\System\FCvByyZ.exe
  2⤵
  PID:7292
- C:\Windows\System\ZkHuNJG.exe
  C:\Windows\System\ZkHuNJG.exe
  2⤵
  PID:7348
- C:\Windows\System\YgbVeui.exe
  C:\Windows\System\YgbVeui.exe
  2⤵
  PID:7424
- C:\Windows\System\ydSkunO.exe
  C:\Windows\System\ydSkunO.exe
  2⤵
  PID:7460
- C:\Windows\System\ycKcgPP.exe
  C:\Windows\System\ycKcgPP.exe
  2⤵
  PID:7532
- C:\Windows\System\PBtikHG.exe
  C:\Windows\System\PBtikHG.exe
  2⤵
  PID:7596
- C:\Windows\System\sZCwwSQ.exe
  C:\Windows\System\sZCwwSQ.exe
  2⤵
  PID:7656
- C:\Windows\System\HmqzJZC.exe
  C:\Windows\System\HmqzJZC.exe
  2⤵
  PID:7708
- C:\Windows\System\WmywfHI.exe
  C:\Windows\System\WmywfHI.exe
  2⤵
  PID:3660
- C:\Windows\System\eMYzana.exe
  C:\Windows\System\eMYzana.exe
  2⤵
  PID:7824
- C:\Windows\System\YHSupug.exe
  C:\Windows\System\YHSupug.exe
  2⤵
  PID:7876
- C:\Windows\System\WKZStVE.exe
  C:\Windows\System\WKZStVE.exe
  2⤵
  PID:7940
- C:\Windows\System\jfmIfSX.exe
  C:\Windows\System\jfmIfSX.exe
  2⤵
  PID:8008
- C:\Windows\System\ShCNEsc.exe
  C:\Windows\System\ShCNEsc.exe
  2⤵
  PID:8048
- C:\Windows\System\xZVbDec.exe
  C:\Windows\System\xZVbDec.exe
  2⤵
  PID:8100
- C:\Windows\System\kHkQJYg.exe
  C:\Windows\System\kHkQJYg.exe
  2⤵
  PID:8160
- C:\Windows\System\PvECimh.exe
  C:\Windows\System\PvECimh.exe
  2⤵
  PID:4920
- C:\Windows\System\pHRGWUc.exe
  C:\Windows\System\pHRGWUc.exe
  2⤵
  PID:6364
- C:\Windows\System\fXzjEts.exe
  C:\Windows\System\fXzjEts.exe
  2⤵
  PID:1808
- C:\Windows\System\btiFBUo.exe
  C:\Windows\System\btiFBUo.exe
  2⤵
  PID:7376
- C:\Windows\System\nLfOXqR.exe
  C:\Windows\System\nLfOXqR.exe
  2⤵
  PID:3432
- C:\Windows\System\UUZfxan.exe
  C:\Windows\System\UUZfxan.exe
  2⤵
  PID:7624
- C:\Windows\System\tBHQuBv.exe
  C:\Windows\System\tBHQuBv.exe
  2⤵
  PID:7736
- C:\Windows\System\ZUCnEZN.exe
  C:\Windows\System\ZUCnEZN.exe
  2⤵
  PID:7820
- C:\Windows\System\LqAmROE.exe
  C:\Windows\System\LqAmROE.exe
  2⤵
  PID:7920
- C:\Windows\System\xZnOYGL.exe
  C:\Windows\System\xZnOYGL.exe
  2⤵
  PID:8036
- C:\Windows\System\mHeOVkL.exe
  C:\Windows\System\mHeOVkL.exe
  2⤵
  PID:8184
- C:\Windows\System\brdpuOi.exe
  C:\Windows\System\brdpuOi.exe
  2⤵
  PID:7204
- C:\Windows\System\TWaIMGC.exe
  C:\Windows\System\TWaIMGC.exe
  2⤵
  PID:7512
- C:\Windows\System\fViNKFr.exe
  C:\Windows\System\fViNKFr.exe
  2⤵
  PID:7756
- C:\Windows\System\zbANYVE.exe
  C:\Windows\System\zbANYVE.exe
  2⤵
  PID:8200
- C:\Windows\System\lJqdXkT.exe
  C:\Windows\System\lJqdXkT.exe
  2⤵
  PID:8228
- C:\Windows\System\xoNUvFS.exe
  C:\Windows\System\xoNUvFS.exe
  2⤵
  PID:8256
- C:\Windows\System\aZNnjcz.exe
  C:\Windows\System\aZNnjcz.exe
  2⤵
  PID:8284
- C:\Windows\System\PlPYUpG.exe
  C:\Windows\System\PlPYUpG.exe
  2⤵
  PID:8312
- C:\Windows\System\PkfEnIV.exe
  C:\Windows\System\PkfEnIV.exe
  2⤵
  PID:8344
- C:\Windows\System\oTyPoaf.exe
  C:\Windows\System\oTyPoaf.exe
  2⤵
  PID:8372
- C:\Windows\System\xMBBjWc.exe
  C:\Windows\System\xMBBjWc.exe
  2⤵
  PID:8400
- C:\Windows\System\HJkWHTX.exe
  C:\Windows\System\HJkWHTX.exe
  2⤵
  PID:8428
- C:\Windows\System\mqtLsms.exe
  C:\Windows\System\mqtLsms.exe
  2⤵
  PID:8452
- C:\Windows\System\tRyZGcD.exe
  C:\Windows\System\tRyZGcD.exe
  2⤵
  PID:8480
- C:\Windows\System\xDcZyBO.exe
  C:\Windows\System\xDcZyBO.exe
  2⤵
  PID:8508
- C:\Windows\System\ompeieJ.exe
  C:\Windows\System\ompeieJ.exe
  2⤵
  PID:8532
- C:\Windows\System\TJYVjcE.exe
  C:\Windows\System\TJYVjcE.exe
  2⤵
  PID:8564
- C:\Windows\System\NYTPUPx.exe
  C:\Windows\System\NYTPUPx.exe
  2⤵
  PID:8592
- C:\Windows\System\gFlHFmV.exe
  C:\Windows\System\gFlHFmV.exe
  2⤵
  PID:8624
- C:\Windows\System\GISxgKC.exe
  C:\Windows\System\GISxgKC.exe
  2⤵
  PID:8652
- C:\Windows\System\TGDEOpg.exe
  C:\Windows\System\TGDEOpg.exe
  2⤵
  PID:8676
- C:\Windows\System\BgFXqvb.exe
  C:\Windows\System\BgFXqvb.exe
  2⤵
  PID:8708
- C:\Windows\System\RFCWNgy.exe
  C:\Windows\System\RFCWNgy.exe
  2⤵
  PID:8732
- C:\Windows\System\ofagQum.exe
  C:\Windows\System\ofagQum.exe
  2⤵
  PID:8760
- C:\Windows\System\aQGEzoc.exe
  C:\Windows\System\aQGEzoc.exe
  2⤵
  PID:8788
- C:\Windows\System\MaxOLvG.exe
  C:\Windows\System\MaxOLvG.exe
  2⤵
  PID:8816
- C:\Windows\System\iWnhAfp.exe
  C:\Windows\System\iWnhAfp.exe
  2⤵
  PID:8844
- C:\Windows\System\VwNWVsU.exe
  C:\Windows\System\VwNWVsU.exe
  2⤵
  PID:8872
- C:\Windows\System\YfustIL.exe
  C:\Windows\System\YfustIL.exe
  2⤵
  PID:8900
- C:\Windows\System\TNIyMKD.exe
  C:\Windows\System\TNIyMKD.exe
  2⤵
  PID:8932
- C:\Windows\System\yTkzrGH.exe
  C:\Windows\System\yTkzrGH.exe
  2⤵
  PID:8956
- C:\Windows\System\OZzlTGk.exe
  C:\Windows\System\OZzlTGk.exe
  2⤵
  PID:8984
- C:\Windows\System\GWYTXQA.exe
  C:\Windows\System\GWYTXQA.exe
  2⤵
  PID:9012
- C:\Windows\System\WKTnORf.exe
  C:\Windows\System\WKTnORf.exe
  2⤵
  PID:9044
- C:\Windows\System\BzDMLMw.exe
  C:\Windows\System\BzDMLMw.exe
  2⤵
  PID:9072
- C:\Windows\System\BjNGWmF.exe
  C:\Windows\System\BjNGWmF.exe
  2⤵
  PID:9096
- C:\Windows\System\FeVXZxV.exe
  C:\Windows\System\FeVXZxV.exe
  2⤵
  PID:9128
- C:\Windows\System\MbdmEHt.exe
  C:\Windows\System\MbdmEHt.exe
  2⤵
  PID:9156
- C:\Windows\System\ztCCTbP.exe
  C:\Windows\System\ztCCTbP.exe
  2⤵
  PID:9184
- C:\Windows\System\KYDVrqx.exe
  C:\Windows\System\KYDVrqx.exe
  2⤵
  PID:9212
- C:\Windows\System\KKlqNPd.exe
  C:\Windows\System\KKlqNPd.exe
  2⤵
  PID:1848
- C:\Windows\System\mMVTiRk.exe
  C:\Windows\System\mMVTiRk.exe
  2⤵
  PID:4880
- C:\Windows\System\lSZSQjg.exe
  C:\Windows\System\lSZSQjg.exe
  2⤵
  PID:8224
- C:\Windows\System\cIHQgRP.exe
  C:\Windows\System\cIHQgRP.exe
  2⤵
  PID:8272
- C:\Windows\System\OYloCkI.exe
  C:\Windows\System\OYloCkI.exe
  2⤵
  PID:8332
- C:\Windows\System\dkLjeTO.exe
  C:\Windows\System\dkLjeTO.exe
  2⤵
  PID:8392
- C:\Windows\System\JcIOkbj.exe
  C:\Windows\System\JcIOkbj.exe
  2⤵
  PID:8464
- C:\Windows\System\hNkYlXo.exe
  C:\Windows\System\hNkYlXo.exe
  2⤵
  PID:8524
- C:\Windows\System\kLXJiMU.exe
  C:\Windows\System\kLXJiMU.exe
  2⤵
  PID:8588
- C:\Windows\System\POXtRyP.exe
  C:\Windows\System\POXtRyP.exe
  2⤵
  PID:8644
- C:\Windows\System\ECNnsgU.exe
  C:\Windows\System\ECNnsgU.exe
  2⤵
  PID:8720
- C:\Windows\System\yfIigYP.exe
  C:\Windows\System\yfIigYP.exe
  2⤵
  PID:8780
- C:\Windows\System\YXSHoZw.exe
  C:\Windows\System\YXSHoZw.exe
  2⤵
  PID:8836
- C:\Windows\System\IwXJTJu.exe
  C:\Windows\System\IwXJTJu.exe
  2⤵
  PID:8896
- C:\Windows\System\kRsCqma.exe
  C:\Windows\System\kRsCqma.exe
  2⤵
  PID:8968
- C:\Windows\System\HwLtrnR.exe
  C:\Windows\System\HwLtrnR.exe
  2⤵
  PID:1012
- C:\Windows\System\gkVnlhw.exe
  C:\Windows\System\gkVnlhw.exe
  2⤵
  PID:9060
- C:\Windows\System\jTJPqyd.exe
  C:\Windows\System\jTJPqyd.exe
  2⤵
  PID:9120
- C:\Windows\System\IpjXEln.exe
  C:\Windows\System\IpjXEln.exe
  2⤵
  PID:8380
- C:\Windows\System\ILmitaB.exe
  C:\Windows\System\ILmitaB.exe
  2⤵
  PID:8496
- C:\Windows\System\gjxHmPB.exe
  C:\Windows\System\gjxHmPB.exe
  2⤵
  PID:8668
- C:\Windows\System\PCeaUTV.exe
  C:\Windows\System\PCeaUTV.exe
  2⤵
  PID:8884
- C:\Windows\System\mMQdCLB.exe
  C:\Windows\System\mMQdCLB.exe
  2⤵
  PID:8940
- C:\Windows\System\hFKPwcB.exe
  C:\Windows\System\hFKPwcB.exe
  2⤵
  PID:1364
- C:\Windows\System\EqBscmF.exe
  C:\Windows\System\EqBscmF.exe
  2⤵
  PID:3908
- C:\Windows\System\fBVeicF.exe
  C:\Windows\System\fBVeicF.exe
  2⤵
  PID:820
- C:\Windows\System\vsQrWhq.exe
  C:\Windows\System\vsQrWhq.exe
  2⤵
  PID:1056
- C:\Windows\System\fxGeJun.exe
  C:\Windows\System\fxGeJun.exe
  2⤵
  PID:2792
- C:\Windows\System\RKzSGsT.exe
  C:\Windows\System\RKzSGsT.exe
  2⤵
  PID:5100
- C:\Windows\System\yzXDcAS.exe
  C:\Windows\System\yzXDcAS.exe
  2⤵
  PID:4692
- C:\Windows\System\QGCYCkr.exe
  C:\Windows\System\QGCYCkr.exe
  2⤵
  PID:5084
- C:\Windows\System\CjOHzEN.exe
  C:\Windows\System\CjOHzEN.exe
  2⤵
  PID:8436
- C:\Windows\System\ycQRdgb.exe
  C:\Windows\System\ycQRdgb.exe
  2⤵
  PID:1096
- C:\Windows\System\WJpRVLl.exe
  C:\Windows\System\WJpRVLl.exe
  2⤵
  PID:4912
- C:\Windows\System\RomuLjN.exe
  C:\Windows\System\RomuLjN.exe
  2⤵
  PID:4360
- C:\Windows\System\DpPXzgR.exe
  C:\Windows\System\DpPXzgR.exe
  2⤵
  PID:2980
- C:\Windows\System\UgiJaWO.exe
  C:\Windows\System\UgiJaWO.exe
  2⤵
  PID:872
- C:\Windows\System\jyRHwdi.exe
  C:\Windows\System\jyRHwdi.exe
  2⤵
  PID:1204
- C:\Windows\System\qbRjIJs.exe
  C:\Windows\System\qbRjIJs.exe
  2⤵
  PID:8148
- C:\Windows\System\XzgYpbE.exe
  C:\Windows\System\XzgYpbE.exe
  2⤵
  PID:8688
- C:\Windows\System\uAKuTiN.exe
  C:\Windows\System\uAKuTiN.exe
  2⤵
  PID:9220
- C:\Windows\System\NYSxXVN.exe
  C:\Windows\System\NYSxXVN.exe
  2⤵
  PID:9252
- C:\Windows\System\KUXbLYF.exe
  C:\Windows\System\KUXbLYF.exe
  2⤵
  PID:9284
- C:\Windows\System\MZhEnIy.exe
  C:\Windows\System\MZhEnIy.exe
  2⤵
  PID:9312
- C:\Windows\System\BhZZvJF.exe
  C:\Windows\System\BhZZvJF.exe
  2⤵
  PID:9348
- C:\Windows\System\XDgYYYo.exe
  C:\Windows\System\XDgYYYo.exe
  2⤵
  PID:9384
- C:\Windows\System\VAXiZov.exe
  C:\Windows\System\VAXiZov.exe
  2⤵
  PID:9404
- C:\Windows\System\shqVhEj.exe
  C:\Windows\System\shqVhEj.exe
  2⤵
  PID:9452
- C:\Windows\System\BnrqimK.exe
  C:\Windows\System\BnrqimK.exe
  2⤵
  PID:9476
- C:\Windows\System\dMMyUPT.exe
  C:\Windows\System\dMMyUPT.exe
  2⤵
  PID:9504
- C:\Windows\System\krJdLDw.exe
  C:\Windows\System\krJdLDw.exe
  2⤵
  PID:9544
- C:\Windows\System\TSKZZft.exe
  C:\Windows\System\TSKZZft.exe
  2⤵
  PID:9600
- C:\Windows\System\faXVDYy.exe
  C:\Windows\System\faXVDYy.exe
  2⤵
  PID:9672
- C:\Windows\System\yQCCMcv.exe
  C:\Windows\System\yQCCMcv.exe
  2⤵
  PID:9708
- C:\Windows\System\NIWlnrT.exe
  C:\Windows\System\NIWlnrT.exe
  2⤵
  PID:9736
- C:\Windows\System\sicWRWJ.exe
  C:\Windows\System\sicWRWJ.exe
  2⤵
  PID:9784
- C:\Windows\System\hrAITyg.exe
  C:\Windows\System\hrAITyg.exe
  2⤵
  PID:9800
- C:\Windows\System\dJdCwsm.exe
  C:\Windows\System\dJdCwsm.exe
  2⤵
  PID:9828
- C:\Windows\System\uHNsdfQ.exe
  C:\Windows\System\uHNsdfQ.exe
  2⤵
  PID:9856
- C:\Windows\System\TwzSVqR.exe
  C:\Windows\System\TwzSVqR.exe
  2⤵
  PID:9880
- C:\Windows\System\DdrXbcO.exe
  C:\Windows\System\DdrXbcO.exe
  2⤵
  PID:9916
- C:\Windows\System\VXmDWBl.exe
  C:\Windows\System\VXmDWBl.exe
  2⤵
  PID:9952
- C:\Windows\System\BYBgzML.exe
  C:\Windows\System\BYBgzML.exe
  2⤵
  PID:9972
- C:\Windows\System\OotNzAW.exe
  C:\Windows\System\OotNzAW.exe
  2⤵
  PID:10000
- C:\Windows\System\IicjwQG.exe
  C:\Windows\System\IicjwQG.exe
  2⤵
  PID:10028
- C:\Windows\System\qIpXimX.exe
  C:\Windows\System\qIpXimX.exe
  2⤵
  PID:10056
- C:\Windows\System\fOoLfov.exe
  C:\Windows\System\fOoLfov.exe
  2⤵
  PID:10092
- C:\Windows\System\MgZfdUU.exe
  C:\Windows\System\MgZfdUU.exe
  2⤵
  PID:10120
- C:\Windows\System\oasXsBl.exe
  C:\Windows\System\oasXsBl.exe
  2⤵
  PID:10140
- C:\Windows\System\KsoNINY.exe
  C:\Windows\System\KsoNINY.exe
  2⤵
  PID:10180
- C:\Windows\System\PyKflju.exe
  C:\Windows\System\PyKflju.exe
  2⤵
  PID:10208
- C:\Windows\System\XxFywpM.exe
  C:\Windows\System\XxFywpM.exe
  2⤵
  PID:10236
- C:\Windows\System\koYwshR.exe
  C:\Windows\System\koYwshR.exe
  2⤵
  PID:9276
- C:\Windows\System\LKUApaP.exe
  C:\Windows\System\LKUApaP.exe
  2⤵
  PID:2388
- C:\Windows\System\eerqEMM.exe
  C:\Windows\System\eerqEMM.exe
  2⤵
  PID:9400
- C:\Windows\System\SrwriyB.exe
  C:\Windows\System\SrwriyB.exe
  2⤵
  PID:5064
- C:\Windows\System\AgZbUhf.exe
  C:\Windows\System\AgZbUhf.exe
  2⤵
  PID:9524
- C:\Windows\System\WIMMzdD.exe
  C:\Windows\System\WIMMzdD.exe
  2⤵
  PID:9572
- C:\Windows\System\fVYjzem.exe
  C:\Windows\System\fVYjzem.exe
  2⤵
  PID:9464
- C:\Windows\System\InOjmnz.exe
  C:\Windows\System\InOjmnz.exe
  2⤵
  PID:9684
- C:\Windows\System\eLHVQHY.exe
  C:\Windows\System\eLHVQHY.exe
  2⤵
  PID:9748
- C:\Windows\System\nMIeKWQ.exe
  C:\Windows\System\nMIeKWQ.exe
  2⤵
  PID:9816
- C:\Windows\System\BSvzGak.exe
  C:\Windows\System\BSvzGak.exe
  2⤵
  PID:9876
- C:\Windows\System\rmiaSvN.exe
  C:\Windows\System\rmiaSvN.exe
  2⤵
  PID:9940
- C:\Windows\System\DWAyZdj.exe
  C:\Windows\System\DWAyZdj.exe
  2⤵
  PID:9864
- C:\Windows\System\BlahfZo.exe
  C:\Windows\System\BlahfZo.exe
  2⤵
  PID:2208
- C:\Windows\System\ycHqIMX.exe
  C:\Windows\System\ycHqIMX.exe
  2⤵
  PID:10116
- C:\Windows\System\qOMouZg.exe
  C:\Windows\System\qOMouZg.exe
  2⤵
  PID:10168
- C:\Windows\System\sZAbNnU.exe
  C:\Windows\System\sZAbNnU.exe
  2⤵
  PID:8728
- C:\Windows\System\podPdpf.exe
  C:\Windows\System\podPdpf.exe
  2⤵
  PID:4600
- C:\Windows\System\xitJWye.exe
  C:\Windows\System\xitJWye.exe
  2⤵
  PID:9308
- C:\Windows\System\DFFiDSU.exe
  C:\Windows\System\DFFiDSU.exe
  2⤵
  PID:9432
- C:\Windows\System\cbNuzPt.exe
  C:\Windows\System\cbNuzPt.exe
  2⤵
  PID:840
- C:\Windows\System\Mxvuzcj.exe
  C:\Windows\System\Mxvuzcj.exe
  2⤵
  PID:9564
- C:\Windows\System\mlLDzGW.exe
  C:\Windows\System\mlLDzGW.exe
  2⤵
  PID:9840
- C:\Windows\System\TwExhhS.exe
  C:\Windows\System\TwExhhS.exe
  2⤵
  PID:2188
- C:\Windows\System\CUAzUda.exe
  C:\Windows\System\CUAzUda.exe
  2⤵
  PID:10088
- C:\Windows\System\HdFtLse.exe
  C:\Windows\System\HdFtLse.exe
  2⤵
  PID:8360
- C:\Windows\System\XkWfqkO.exe
  C:\Windows\System\XkWfqkO.exe
  2⤵
  PID:9396
- C:\Windows\System\HhHnOom.exe
  C:\Windows\System\HhHnOom.exe
  2⤵
  PID:748
- C:\Windows\System\uXMRpNr.exe
  C:\Windows\System\uXMRpNr.exe
  2⤵
  PID:9992
- C:\Windows\System\LmPVGjb.exe
  C:\Windows\System\LmPVGjb.exe
  2⤵
  PID:9264
- C:\Windows\System\qXiyzct.exe
  C:\Windows\System\qXiyzct.exe
  2⤵
  PID:9928
- C:\Windows\System\MXeqwFq.exe
  C:\Windows\System\MXeqwFq.exe
  2⤵
  PID:9248
- C:\Windows\System\fbdsmBq.exe
  C:\Windows\System\fbdsmBq.exe
  2⤵
  PID:10292
- C:\Windows\System\QQGJMJQ.exe
  C:\Windows\System\QQGJMJQ.exe
  2⤵
  PID:10340
- C:\Windows\System\FCNLsga.exe
  C:\Windows\System\FCNLsga.exe
  2⤵
  PID:10376
- C:\Windows\System\GzpYIBl.exe
  C:\Windows\System\GzpYIBl.exe
  2⤵
  PID:10416
- C:\Windows\System\HVIpCxK.exe
  C:\Windows\System\HVIpCxK.exe
  2⤵
  PID:10472
- C:\Windows\System\GwYJOvq.exe
  C:\Windows\System\GwYJOvq.exe
  2⤵
  PID:10504
- C:\Windows\System\PAJlbaD.exe
  C:\Windows\System\PAJlbaD.exe
  2⤵
  PID:10532
- C:\Windows\System\vCcdNaU.exe
  C:\Windows\System\vCcdNaU.exe
  2⤵
  PID:10552
- C:\Windows\System\OlKgewZ.exe
  C:\Windows\System\OlKgewZ.exe
  2⤵
  PID:10584
- C:\Windows\System\HrTgjib.exe
  C:\Windows\System\HrTgjib.exe
  2⤵
  PID:10616
- C:\Windows\System\pLLhFkH.exe
  C:\Windows\System\pLLhFkH.exe
  2⤵
  PID:10652
- C:\Windows\System\GeIqjph.exe
  C:\Windows\System\GeIqjph.exe
  2⤵
  PID:10680
- C:\Windows\System\CDRscvj.exe
  C:\Windows\System\CDRscvj.exe
  2⤵
  PID:10728
- C:\Windows\System\yDwdSPb.exe
  C:\Windows\System\yDwdSPb.exe
  2⤵
  PID:10760
- C:\Windows\System\TDdlFTB.exe
  C:\Windows\System\TDdlFTB.exe
  2⤵
  PID:10796
- C:\Windows\System\DTzHnwq.exe
  C:\Windows\System\DTzHnwq.exe
  2⤵
  PID:10824
- C:\Windows\System\JzCBOuQ.exe
  C:\Windows\System\JzCBOuQ.exe
  2⤵
  PID:10852
- C:\Windows\System\vlWENbb.exe
  C:\Windows\System\vlWENbb.exe
  2⤵
  PID:10884
- C:\Windows\System\xXZUrmg.exe
  C:\Windows\System\xXZUrmg.exe
  2⤵
  PID:10912
- C:\Windows\System\JKuRHeg.exe
  C:\Windows\System\JKuRHeg.exe
  2⤵
  PID:10944
- C:\Windows\System\BZtiifG.exe
  C:\Windows\System\BZtiifG.exe
  2⤵
  PID:10972
- C:\Windows\System\ETmAEwK.exe
  C:\Windows\System\ETmAEwK.exe
  2⤵
  PID:11000
- C:\Windows\System\HHdAIYd.exe
  C:\Windows\System\HHdAIYd.exe
  2⤵
  PID:11028
- C:\Windows\System\gXiGILu.exe
  C:\Windows\System\gXiGILu.exe
  2⤵
  PID:11060
- C:\Windows\System\fhFkKtD.exe
  C:\Windows\System\fhFkKtD.exe
  2⤵
  PID:11092
- C:\Windows\System\RyBWLqx.exe
  C:\Windows\System\RyBWLqx.exe
  2⤵
  PID:11120
- C:\Windows\System\kBBIbjO.exe
  C:\Windows\System\kBBIbjO.exe
  2⤵
  PID:11148
- C:\Windows\System\XxbwRJl.exe
  C:\Windows\System\XxbwRJl.exe
  2⤵
  PID:11176
- C:\Windows\System\hWEAoKd.exe
  C:\Windows\System\hWEAoKd.exe
  2⤵
  PID:11204
- C:\Windows\System\lYfIaXX.exe
  C:\Windows\System\lYfIaXX.exe
  2⤵
  PID:11232
- C:\Windows\System\hVLGCtk.exe
  C:\Windows\System\hVLGCtk.exe
  2⤵
  PID:9436
- C:\Windows\System\vAwMnTu.exe
  C:\Windows\System\vAwMnTu.exe
  2⤵
  PID:10288
- C:\Windows\System\OcLUxHu.exe
  C:\Windows\System\OcLUxHu.exe
  2⤵
  PID:10372
- C:\Windows\System\CDShnoR.exe
  C:\Windows\System\CDShnoR.exe
  2⤵
  PID:10464
- C:\Windows\System\zSwkoeG.exe
  C:\Windows\System\zSwkoeG.exe
  2⤵
  PID:10528
- C:\Windows\System\VDwKGyB.exe
  C:\Windows\System\VDwKGyB.exe
  2⤵
  PID:10576
- C:\Windows\System\XPUWWox.exe
  C:\Windows\System\XPUWWox.exe
  2⤵
  PID:10644
- C:\Windows\System\LLQPCeV.exe
  C:\Windows\System\LLQPCeV.exe
  2⤵
  PID:10744
- C:\Windows\System\SaUXSid.exe
  C:\Windows\System\SaUXSid.exe
  2⤵
  PID:10784
- C:\Windows\System\XyMegdF.exe
  C:\Windows\System\XyMegdF.exe
  2⤵
  PID:10844
- C:\Windows\System\VlEYfud.exe
  C:\Windows\System\VlEYfud.exe
  2⤵
  PID:10736
- C:\Windows\System\aSfozYa.exe
  C:\Windows\System\aSfozYa.exe
  2⤵
  PID:10932
- C:\Windows\System\ICWftTZ.exe
  C:\Windows\System\ICWftTZ.exe
  2⤵
  PID:11024
- C:\Windows\System\xWmlxCo.exe
  C:\Windows\System\xWmlxCo.exe
  2⤵
  PID:11084
- C:\Windows\System\Frkibtn.exe
  C:\Windows\System\Frkibtn.exe
  2⤵
  PID:11140
- C:\Windows\System\gvoRSVq.exe
  C:\Windows\System\gvoRSVq.exe
  2⤵
  PID:11196
- C:\Windows\System\qVqexnH.exe
  C:\Windows\System\qVqexnH.exe
  2⤵
  PID:11260
- C:\Windows\System\geZhgrn.exe
  C:\Windows\System\geZhgrn.exe
  2⤵
  PID:3032
- C:\Windows\System\ZqSyOlN.exe
  C:\Windows\System\ZqSyOlN.exe
  2⤵
  PID:10612
- C:\Windows\System\gYReqCY.exe
  C:\Windows\System\gYReqCY.exe
  2⤵
  PID:10848
- C:\Windows\System\RjwgdEq.exe
  C:\Windows\System\RjwgdEq.exe
  2⤵
  PID:10992
- C:\Windows\System\jFQMvFI.exe
  C:\Windows\System\jFQMvFI.exe
  2⤵
  PID:11116
- C:\Windows\System\IKDLxQu.exe
  C:\Windows\System\IKDLxQu.exe
  2⤵
  PID:10368
- C:\Windows\System\TuyFLWs.exe
  C:\Windows\System\TuyFLWs.exe
  2⤵
  PID:4276
- C:\Windows\System\YhasFYj.exe
  C:\Windows\System\YhasFYj.exe
  2⤵
  PID:9796
- C:\Windows\System\tdwXbWT.exe
  C:\Windows\System\tdwXbWT.exe
  2⤵
  PID:11224
- C:\Windows\System\UiOkSkd.exe
  C:\Windows\System\UiOkSkd.exe
  2⤵
  PID:3804
- C:\Windows\System\YlVbzXV.exe
  C:\Windows\System\YlVbzXV.exe
  2⤵
  PID:11268
- C:\Windows\System\qWgAtXc.exe
  C:\Windows\System\qWgAtXc.exe
  2⤵
  PID:11296
- C:\Windows\System\SXUxKEh.exe
  C:\Windows\System\SXUxKEh.exe
  2⤵
  PID:11316
- C:\Windows\System\jvWHOYq.exe
  C:\Windows\System\jvWHOYq.exe
  2⤵
  PID:11360
- C:\Windows\System\cpnEnFw.exe
  C:\Windows\System\cpnEnFw.exe
  2⤵
  PID:11396
- C:\Windows\System\BwJcIaV.exe
  C:\Windows\System\BwJcIaV.exe
  2⤵
  PID:11436
- C:\Windows\System\fGaUTEq.exe
  C:\Windows\System\fGaUTEq.exe
  2⤵
  PID:11476
- C:\Windows\System\BcklcxL.exe
  C:\Windows\System\BcklcxL.exe
  2⤵
  PID:11500
- C:\Windows\System\cGOQCiV.exe
  C:\Windows\System\cGOQCiV.exe
  2⤵
  PID:11532
- C:\Windows\System\vGxomUj.exe
  C:\Windows\System\vGxomUj.exe
  2⤵
  PID:11608
- C:\Windows\System\YOFyLZf.exe
  C:\Windows\System\YOFyLZf.exe
  2⤵
  PID:11660
- C:\Windows\System\keYrrbQ.exe
  C:\Windows\System\keYrrbQ.exe
  2⤵
  PID:11692
- C:\Windows\System\vJUmXrU.exe
  C:\Windows\System\vJUmXrU.exe
  2⤵
  PID:11740
- C:\Windows\System\KpQurPp.exe
  C:\Windows\System\KpQurPp.exe
  2⤵
  PID:11784
- C:\Windows\System\KGRdNGj.exe
  C:\Windows\System\KGRdNGj.exe
  2⤵
  PID:11828
- C:\Windows\System\snQLZcp.exe
  C:\Windows\System\snQLZcp.exe
  2⤵
  PID:11880
- C:\Windows\System\UQuRfsa.exe
  C:\Windows\System\UQuRfsa.exe
  2⤵
  PID:11920
- C:\Windows\System\mbHJwLH.exe
  C:\Windows\System\mbHJwLH.exe
  2⤵
  PID:11952
- C:\Windows\System\YDXdrGD.exe
  C:\Windows\System\YDXdrGD.exe
  2⤵
  PID:11988
- C:\Windows\System\IIHaOWj.exe
  C:\Windows\System\IIHaOWj.exe
  2⤵
  PID:12012
- C:\Windows\System\kpsJZTh.exe
  C:\Windows\System\kpsJZTh.exe
  2⤵
  PID:12060
- C:\Windows\System\MiYcUCr.exe
  C:\Windows\System\MiYcUCr.exe
  2⤵
  PID:12092
- C:\Windows\System\dfdkhCL.exe
  C:\Windows\System\dfdkhCL.exe
  2⤵
  PID:12120
- C:\Windows\System\nuHGgzM.exe
  C:\Windows\System\nuHGgzM.exe
  2⤵
  PID:12148
- C:\Windows\System\yOhoGFz.exe
  C:\Windows\System\yOhoGFz.exe
  2⤵
  PID:12180
- C:\Windows\System\ulkcwno.exe
  C:\Windows\System\ulkcwno.exe
  2⤵
  PID:12208
- C:\Windows\System\mKOmSZx.exe
  C:\Windows\System\mKOmSZx.exe
  2⤵
  PID:12236
- C:\Windows\System\WuniPIF.exe
  C:\Windows\System\WuniPIF.exe
  2⤵
  PID:12272
- C:\Windows\System\gRImZYM.exe
  C:\Windows\System\gRImZYM.exe
  2⤵
  PID:3940
- C:\Windows\System\ksunnzt.exe
  C:\Windows\System\ksunnzt.exe
  2⤵
  PID:11324
- C:\Windows\System\PVSiDTk.exe
  C:\Windows\System\PVSiDTk.exe
  2⤵
  PID:11380
- C:\Windows\System\fbQSEIk.exe
  C:\Windows\System\fbQSEIk.exe
  2⤵
  PID:11416
- C:\Windows\System\EpOXOZd.exe
  C:\Windows\System\EpOXOZd.exe
  2⤵
  PID:10716
- C:\Windows\System\mrAKSWq.exe
  C:\Windows\System\mrAKSWq.exe
  2⤵
  PID:11280
- C:\Windows\System\anunCiX.exe
  C:\Windows\System\anunCiX.exe
  2⤵
  PID:5908
- C:\Windows\System\zCVveGg.exe
  C:\Windows\System\zCVveGg.exe
  2⤵
  PID:6232
- C:\Windows\System\BmkuHKS.exe
  C:\Windows\System\BmkuHKS.exe
  2⤵
  PID:6360
- C:\Windows\System\bNqzeft.exe
  C:\Windows\System\bNqzeft.exe
  2⤵
  PID:6444
- C:\Windows\System\djaThnP.exe
  C:\Windows\System\djaThnP.exe
  2⤵
  PID:4616
- C:\Windows\System\hvYjJVk.exe
  C:\Windows\System\hvYjJVk.exe
  2⤵
  PID:4424
- C:\Windows\System\BRxseyR.exe
  C:\Windows\System\BRxseyR.exe
  2⤵
  PID:11540
- C:\Windows\System\dkjKXhP.exe
  C:\Windows\System\dkjKXhP.exe
  2⤵
  PID:11600
- C:\Windows\System\VhMsjxw.exe
  C:\Windows\System\VhMsjxw.exe
  2⤵
  PID:11564
- C:\Windows\System\ayEDJGl.exe
  C:\Windows\System\ayEDJGl.exe
  2⤵
  PID:6564
- C:\Windows\System\wubvRQw.exe
  C:\Windows\System\wubvRQw.exe
  2⤵
  PID:6676
- C:\Windows\System\EjdtedO.exe
  C:\Windows\System\EjdtedO.exe
  2⤵
  PID:468
- C:\Windows\System\IXwkifD.exe
  C:\Windows\System\IXwkifD.exe
  2⤵
  PID:6836
- C:\Windows\System\qyvKuCz.exe
  C:\Windows\System\qyvKuCz.exe
  2⤵
  PID:6988
- C:\Windows\System\oRjnmSe.exe
  C:\Windows\System\oRjnmSe.exe
  2⤵
  PID:11624
- C:\Windows\System\gJTDWmc.exe
  C:\Windows\System\gJTDWmc.exe
  2⤵
  PID:3840
- C:\Windows\System\rsrNRZd.exe
  C:\Windows\System\rsrNRZd.exe
  2⤵
  PID:4832
- C:\Windows\System\opRQKda.exe
  C:\Windows\System\opRQKda.exe
  2⤵
  PID:3240
- C:\Windows\System\wsmxwuG.exe
  C:\Windows\System\wsmxwuG.exe
  2⤵
  PID:3164
- C:\Windows\System\VbZjvaZ.exe
  C:\Windows\System\VbZjvaZ.exe
  2⤵
  PID:3808
- C:\Windows\System\olMnZSX.exe
  C:\Windows\System\olMnZSX.exe
  2⤵
  PID:11756
- C:\Windows\System\HHqdOQO.exe
  C:\Windows\System\HHqdOQO.exe
  2⤵
  PID:11796
- C:\Windows\System\iyiPdRX.exe
  C:\Windows\System\iyiPdRX.exe
  2⤵
  PID:11820
- C:\Windows\System\LXOKQjH.exe
  C:\Windows\System\LXOKQjH.exe
  2⤵
  PID:924
- C:\Windows\System\GbkoVcm.exe
  C:\Windows\System\GbkoVcm.exe
  2⤵
  PID:11940
- C:\Windows\System\iWWfRVW.exe
  C:\Windows\System\iWWfRVW.exe
  2⤵
  PID:12024
- C:\Windows\System\kuDVSke.exe
  C:\Windows\System\kuDVSke.exe
  2⤵
  PID:12088
- C:\Windows\System\RvNYRxX.exe
  C:\Windows\System\RvNYRxX.exe
  2⤵
  PID:12144
- C:\Windows\System\pgHaZpV.exe
  C:\Windows\System\pgHaZpV.exe
  2⤵
  PID:12192
- C:\Windows\System\sAjKXrB.exe
  C:\Windows\System\sAjKXrB.exe
  2⤵
  PID:4720
- C:\Windows\System\NyXXxiH.exe
  C:\Windows\System\NyXXxiH.exe
  2⤵
  PID:12268
- C:\Windows\System\vsRxYHq.exe
  C:\Windows\System\vsRxYHq.exe
  2⤵
  PID:5812
- C:\Windows\System\hWhZYWL.exe
  C:\Windows\System\hWhZYWL.exe
  2⤵
  PID:11392
- C:\Windows\System\IANvURc.exe
  C:\Windows\System\IANvURc.exe
  2⤵
  PID:11448
- C:\Windows\System\XXyPtFm.exe
  C:\Windows\System\XXyPtFm.exe
  2⤵
  PID:9032
- C:\Windows\System\VzrMaYD.exe
  C:\Windows\System\VzrMaYD.exe
  2⤵
  PID:6188
- C:\Windows\System\IgJDVlu.exe
  C:\Windows\System\IgJDVlu.exe
  2⤵
  PID:5020
- C:\Windows\System\dolKzTl.exe
  C:\Windows\System\dolKzTl.exe
  2⤵
  PID:3636
- C:\Windows\System\HlrAClh.exe
  C:\Windows\System\HlrAClh.exe
  2⤵
  PID:2476
- C:\Windows\System\RmIQvdC.exe
  C:\Windows\System\RmIQvdC.exe
  2⤵
  PID:4000
- C:\Windows\System\BKWHLwv.exe
  C:\Windows\System\BKWHLwv.exe
  2⤵
  PID:11568
- C:\Windows\System\ZcYLdpq.exe
  C:\Windows\System\ZcYLdpq.exe
  2⤵
  PID:3884
- C:\Windows\System\mNiMobH.exe
  C:\Windows\System\mNiMobH.exe
  2⤵
  PID:6732
- C:\Windows\System\UkXZYEB.exe
  C:\Windows\System\UkXZYEB.exe
  2⤵
  PID:5220
- C:\Windows\System\MxdydXC.exe
  C:\Windows\System\MxdydXC.exe
  2⤵
  PID:6824
- C:\Windows\System\srpqjtd.exe
  C:\Windows\System\srpqjtd.exe
  2⤵
  PID:2264
- C:\Windows\System\UuvjBaY.exe
  C:\Windows\System\UuvjBaY.exe
  2⤵
  PID:1108
- C:\Windows\System\ixKNlGz.exe
  C:\Windows\System\ixKNlGz.exe
  2⤵
  PID:5388
- C:\Windows\System\CpmDIaE.exe
  C:\Windows\System\CpmDIaE.exe
  2⤵
  PID:4528
- C:\Windows\System\ibCembF.exe
  C:\Windows\System\ibCembF.exe
  2⤵
  PID:4004
- C:\Windows\System\YiadjMu.exe
  C:\Windows\System\YiadjMu.exe
  2⤵
  PID:10964
- C:\Windows\System\NzEkRoS.exe
  C:\Windows\System\NzEkRoS.exe
  2⤵
  PID:7264
- C:\Windows\System\wyudiuq.exe
  C:\Windows\System\wyudiuq.exe
  2⤵
  PID:11996
- C:\Windows\System\KJPTnAS.exe
  C:\Windows\System\KJPTnAS.exe
  2⤵
  PID:1324
- C:\Windows\System\vwECOOJ.exe
  C:\Windows\System\vwECOOJ.exe
  2⤵
  PID:12132
- C:\Windows\System\QjpFZli.exe
  C:\Windows\System\QjpFZli.exe
  2⤵
  PID:12156
- C:\Windows\System\rOydSjB.exe
  C:\Windows\System\rOydSjB.exe
  2⤵
  PID:12256
- C:\Windows\System\ulfhKQu.exe
  C:\Windows\System\ulfhKQu.exe
  2⤵
  PID:10484
- C:\Windows\System\GPgnpFe.exe
  C:\Windows\System\GPgnpFe.exe
  2⤵
  PID:5740
- C:\Windows\System\JWvDohh.exe
  C:\Windows\System\JWvDohh.exe
  2⤵
  PID:5768
- C:\Windows\System\MSgzjQK.exe
  C:\Windows\System\MSgzjQK.exe
  2⤵
  PID:1756
- C:\Windows\System\aZTodIu.exe
  C:\Windows\System\aZTodIu.exe
  2⤵
  PID:3996
- C:\Windows\System\OxjyKXh.exe
  C:\Windows\System\OxjyKXh.exe
  2⤵
  PID:9460
- C:\Windows\System\KhrngzP.exe
  C:\Windows\System\KhrngzP.exe
  2⤵
  PID:4996
- C:\Windows\System\FvBAEGl.exe
  C:\Windows\System\FvBAEGl.exe
  2⤵
  PID:11496
- C:\Windows\System\QsigdxN.exe
  C:\Windows\System\QsigdxN.exe
  2⤵
  PID:3596
- C:\Windows\System\PEspIni.exe
  C:\Windows\System\PEspIni.exe
  2⤵
  PID:11552
- C:\Windows\System\Uqdufwd.exe
  C:\Windows\System\Uqdufwd.exe
  2⤵
  PID:6648
- C:\Windows\System\ohmFoAS.exe
  C:\Windows\System\ohmFoAS.exe
  2⤵
  PID:6584
- C:\Windows\System\KRpaNhv.exe
  C:\Windows\System\KRpaNhv.exe
  2⤵
  PID:7016
- C:\Windows\System\slcOrXI.exe
  C:\Windows\System\slcOrXI.exe
  2⤵
  PID:6096
- C:\Windows\System\ketBeNG.exe
  C:\Windows\System\ketBeNG.exe
  2⤵
  PID:6116
- C:\Windows\System\gDybyEB.exe
  C:\Windows\System\gDybyEB.exe
  2⤵
  PID:2444
- C:\Windows\System\RTAHeHw.exe
  C:\Windows\System\RTAHeHw.exe
  2⤵
  PID:7240
- C:\Windows\System\QnQiIQn.exe
  C:\Windows\System\QnQiIQn.exe
  2⤵
  PID:2324
- C:\Windows\System\myOBIrO.exe
  C:\Windows\System\myOBIrO.exe
  2⤵
  PID:1136
- C:\Windows\System\uIXXbSu.exe
  C:\Windows\System\uIXXbSu.exe
  2⤵
  PID:3844
- C:\Windows\System\ZCVZocd.exe
  C:\Windows\System\ZCVZocd.exe
  2⤵
  PID:3732
- C:\Windows\System\neURXvV.exe
  C:\Windows\System\neURXvV.exe
  2⤵
  PID:12084
- C:\Windows\System\KXfvMGi.exe
  C:\Windows\System\KXfvMGi.exe
  2⤵
  PID:5236
- C:\Windows\System\lfFDrrq.exe
  C:\Windows\System\lfFDrrq.exe
  2⤵
  PID:12232
- C:\Windows\System\RwSBiQs.exe
  C:\Windows\System\RwSBiQs.exe
  2⤵
  PID:10332
- C:\Windows\System\zxqZCja.exe
  C:\Windows\System\zxqZCja.exe
  2⤵
  PID:5516
- C:\Windows\System\MueDmwi.exe
  C:\Windows\System\MueDmwi.exe
  2⤵
  PID:5588
- C:\Windows\System\iwOgLGn.exe
  C:\Windows\System\iwOgLGn.exe
  2⤵
  PID:5628
- C:\Windows\System\UTNVKss.exe
  C:\Windows\System\UTNVKss.exe
  2⤵
  PID:5692
- C:\Windows\System\HlMGdkN.exe
  C:\Windows\System\HlMGdkN.exe
  2⤵
  PID:5900
- C:\Windows\System\GiPprnJ.exe
  C:\Windows\System\GiPprnJ.exe
  2⤵
  PID:11572
- C:\Windows\System\dmAqlNA.exe
  C:\Windows\System\dmAqlNA.exe
  2⤵
  PID:5960
- C:\Windows\System\djisnpI.exe
  C:\Windows\System\djisnpI.exe
  2⤵
  PID:7544
- C:\Windows\System\DtftooQ.exe
  C:\Windows\System\DtftooQ.exe
  2⤵
  PID:11656
- C:\Windows\System\iBECvly.exe
  C:\Windows\System\iBECvly.exe
  2⤵
  PID:5484
- C:\Windows\System\nrpdSgP.exe
  C:\Windows\System\nrpdSgP.exe
  2⤵
  PID:3816
- C:\Windows\System\phrndYp.exe
  C:\Windows\System\phrndYp.exe
  2⤵
  PID:2736
- C:\Windows\System\xVQpYrn.exe
  C:\Windows\System\xVQpYrn.exe
  2⤵
  PID:5556
- C:\Windows\System\uplzDVR.exe
  C:\Windows\System\uplzDVR.exe
  2⤵
  PID:5656
- C:\Windows\System\rKLfbkQ.exe
  C:\Windows\System\rKLfbkQ.exe
  2⤵
  PID:5400
- C:\Windows\System\RGEdUKI.exe
  C:\Windows\System\RGEdUKI.exe
  2⤵
  PID:5788
- C:\Windows\System\wlvaVCs.exe
  C:\Windows\System\wlvaVCs.exe
  2⤵
  PID:7100
- C:\Windows\System\ETDDiZb.exe
  C:\Windows\System\ETDDiZb.exe
  2⤵
  PID:6004
- C:\Windows\System\KVzJDqX.exe
  C:\Windows\System\KVzJDqX.exe
  2⤵
  PID:6048
- C:\Windows\System\HkcsZho.exe
  C:\Windows\System\HkcsZho.exe
  2⤵
  PID:4596
- C:\Windows\System\pBJHIDo.exe
  C:\Windows\System\pBJHIDo.exe
  2⤵
  PID:4620
- C:\Windows\System\uyxNroU.exe
  C:\Windows\System\uyxNroU.exe
  2⤵
  PID:5260
- C:\Windows\System\KQwdMqy.exe
  C:\Windows\System\KQwdMqy.exe
  2⤵
  PID:2700
- C:\Windows\System\RjVlFOG.exe
  C:\Windows\System\RjVlFOG.exe
  2⤵
  PID:6804
- C:\Windows\System\SYKyoRf.exe
  C:\Windows\System\SYKyoRf.exe
  2⤵
  PID:1796
- C:\Windows\System\xDeqrkx.exe
  C:\Windows\System\xDeqrkx.exe
  2⤵
  PID:5152
- C:\Windows\System\PgbrgRN.exe
  C:\Windows\System\PgbrgRN.exe
  2⤵
  PID:6472
- C:\Windows\System\VHcAhHt.exe
  C:\Windows\System\VHcAhHt.exe
  2⤵
  PID:7704
- C:\Windows\System\kFsQxyo.exe
  C:\Windows\System\kFsQxyo.exe
  2⤵
  PID:7420
- C:\Windows\System\iPflbaB.exe
  C:\Windows\System\iPflbaB.exe
  2⤵
  PID:9324
- C:\Windows\System\TICvaWf.exe
  C:\Windows\System\TICvaWf.exe
  2⤵
  PID:12308
- C:\Windows\System\oSRfnvz.exe
  C:\Windows\System\oSRfnvz.exe
  2⤵
  PID:12336
- C:\Windows\System\JqgJNrZ.exe
  C:\Windows\System\JqgJNrZ.exe
  2⤵
  PID:12380
- C:\Windows\System\WRVffdx.exe
  C:\Windows\System\WRVffdx.exe
  2⤵
  PID:12396
- C:\Windows\System\gcRDTjl.exe
  C:\Windows\System\gcRDTjl.exe
  2⤵
  PID:12424
- C:\Windows\System\DulVpTo.exe
  C:\Windows\System\DulVpTo.exe
  2⤵
  PID:12452
- C:\Windows\System\BrAiLan.exe
  C:\Windows\System\BrAiLan.exe
  2⤵
  PID:12480
- C:\Windows\System\kkZOKDo.exe
  C:\Windows\System\kkZOKDo.exe
  2⤵
  PID:12508
- C:\Windows\System\IEHOgcj.exe
  C:\Windows\System\IEHOgcj.exe
  2⤵
  PID:12536
- C:\Windows\System\fUXpOwK.exe
  C:\Windows\System\fUXpOwK.exe
  2⤵
  PID:12564
- C:\Windows\System\mQbNGjp.exe
  C:\Windows\System\mQbNGjp.exe
  2⤵
  PID:12604
- C:\Windows\System\mIFKaDr.exe
  C:\Windows\System\mIFKaDr.exe
  2⤵
  PID:12624
- C:\Windows\System\Kipcmul.exe
  C:\Windows\System\Kipcmul.exe
  2⤵
  PID:12652
- C:\Windows\System\ChAZSSp.exe
  C:\Windows\System\ChAZSSp.exe
  2⤵
  PID:12680
- C:\Windows\System\ZWZrsgy.exe
  C:\Windows\System\ZWZrsgy.exe
  2⤵
  PID:12720
- C:\Windows\System\nJksnFk.exe
  C:\Windows\System\nJksnFk.exe
  2⤵
  PID:12744
- C:\Windows\System\UfqDgOx.exe
  C:\Windows\System\UfqDgOx.exe
  2⤵
  PID:12776
- C:\Windows\System\UrULJUd.exe
  C:\Windows\System\UrULJUd.exe
  2⤵
  PID:12792
- C:\Windows\System\TNzEdsz.exe
  C:\Windows\System\TNzEdsz.exe
  2⤵
  PID:12828
- C:\Windows\System\AghrmIX.exe
  C:\Windows\System\AghrmIX.exe
  2⤵
  PID:12848
- C:\Windows\System\xuxYxGJ.exe
  C:\Windows\System\xuxYxGJ.exe
  2⤵
  PID:12892
- C:\Windows\System\AOQqxHq.exe
  C:\Windows\System\AOQqxHq.exe
  2⤵
  PID:12916
- C:\Windows\System\KJkqKaS.exe
  C:\Windows\System\KJkqKaS.exe
  2⤵
  PID:12944
- C:\Windows\System\qKmoYyh.exe
  C:\Windows\System\qKmoYyh.exe
  2⤵
  PID:12964
- C:\Windows\System\qfkFyWa.exe
  C:\Windows\System\qfkFyWa.exe
  2⤵
  PID:12992
- C:\Windows\System\zxBgxkl.exe
  C:\Windows\System\zxBgxkl.exe
  2⤵
  PID:13020
- C:\Windows\System\lsoGKgD.exe
  C:\Windows\System\lsoGKgD.exe
  2⤵
  PID:13048
- C:\Windows\System\TzMQUxZ.exe
  C:\Windows\System\TzMQUxZ.exe
  2⤵
  PID:13084
- C:\Windows\System\aYYeoDa.exe
  C:\Windows\System\aYYeoDa.exe
  2⤵
  PID:13116
- C:\Windows\System\FaGkeeo.exe
  C:\Windows\System\FaGkeeo.exe
  2⤵
  PID:13152
- C:\Windows\System\tLpwWLK.exe
  C:\Windows\System\tLpwWLK.exe
  2⤵
  PID:13176
- C:\Windows\System\ulmQRnu.exe
  C:\Windows\System\ulmQRnu.exe
  2⤵
  PID:13212
- C:\Windows\System\OqvgiEA.exe
  C:\Windows\System\OqvgiEA.exe
  2⤵
  PID:13236
- C:\Windows\System\DUogAKJ.exe
  C:\Windows\System\DUogAKJ.exe
  2⤵
  PID:13260
- C:\Windows\System\TxEBvOn.exe
  C:\Windows\System\TxEBvOn.exe
  2⤵
  PID:13288
- C:\Windows\System\TXPVvdi.exe
  C:\Windows\System\TXPVvdi.exe
  2⤵
  PID:12328
- C:\Windows\System\phPKXUF.exe
  C:\Windows\System\phPKXUF.exe
  2⤵
  PID:12388
- C:\Windows\System\BezgepW.exe
  C:\Windows\System\BezgepW.exe
  2⤵
  PID:12436
- C:\Windows\System\YUmnnRO.exe
  C:\Windows\System\YUmnnRO.exe
  2⤵
  PID:12492
- C:\Windows\System\qlqPZlr.exe
  C:\Windows\System\qlqPZlr.exe
  2⤵
  PID:12556
- C:\Windows\System\LmZmROn.exe
  C:\Windows\System\LmZmROn.exe
  2⤵
  PID:12620
- C:\Windows\System\DNmsuUh.exe
  C:\Windows\System\DNmsuUh.exe
  2⤵
  PID:12700
- C:\Windows\System\bniAulT.exe
  C:\Windows\System\bniAulT.exe
  2⤵
  PID:12756
- C:\Windows\System\CkllaAr.exe
  C:\Windows\System\CkllaAr.exe
  2⤵
  PID:7116
- C:\Windows\System\SJlwbla.exe
  C:\Windows\System\SJlwbla.exe
  2⤵
  PID:12840
- C:\Windows\System\oNhlSKe.exe
  C:\Windows\System\oNhlSKe.exe
  2⤵
  PID:12900
- C:\Windows\System\JBbVtIy.exe
  C:\Windows\System\JBbVtIy.exe
  2⤵
  PID:12952
- C:\Windows\System\GVbwRPE.exe
  C:\Windows\System\GVbwRPE.exe
  2⤵
  PID:12984
- C:\Windows\System\efNrMUo.exe
  C:\Windows\System\efNrMUo.exe
  2⤵
  PID:13012
- C:\Windows\System\VSgRlOb.exe
  C:\Windows\System\VSgRlOb.exe
  2⤵
  PID:6236
- C:\Windows\System\KlglCdL.exe
  C:\Windows\System\KlglCdL.exe
  2⤵
  PID:13100
- C:\Windows\System\mvXrLwD.exe
  C:\Windows\System\mvXrLwD.exe
  2⤵
  PID:13160
- C:\Windows\System\CubMhVQ.exe
  C:\Windows\System\CubMhVQ.exe
  2⤵
  PID:6484
- C:\Windows\System\GLvNCRQ.exe
  C:\Windows\System\GLvNCRQ.exe
  2⤵
  PID:13228
- C:\Windows\System\buLLQRp.exe
  C:\Windows\System\buLLQRp.exe
  2⤵
  PID:6608
- C:\Windows\System\MsVVUgo.exe
  C:\Windows\System\MsVVUgo.exe
  2⤵
  PID:12320
- C:\Windows\System\eKGmQzE.exe
  C:\Windows\System\eKGmQzE.exe
  2⤵
  PID:12372
- C:\Windows\System\dAKWeGx.exe
  C:\Windows\System\dAKWeGx.exe
  2⤵
  PID:8476
- C:\Windows\System\YWibJMX.exe
  C:\Windows\System\YWibJMX.exe
  2⤵
  PID:6944
- C:\Windows\System\HMruYLn.exe
  C:\Windows\System\HMruYLn.exe
  2⤵
  PID:6984
- C:\Windows\System\bpYwLoe.exe
  C:\Windows\System\bpYwLoe.exe
  2⤵
  PID:12732
- C:\Windows\System\ROebbWn.exe
  C:\Windows\System\ROebbWn.exe
  2⤵
  PID:12788
- C:\Windows\System\ktdiymb.exe
  C:\Windows\System\ktdiymb.exe
  2⤵
  PID:5372
- C:\Windows\System\pQDSIwS.exe
  C:\Windows\System\pQDSIwS.exe
  2⤵
  PID:12924
- C:\Windows\System\pNfQTkN.exe
  C:\Windows\System\pNfQTkN.exe
  2⤵
  PID:6488
- C:\Windows\System\BXCXaDW.exe
  C:\Windows\System\BXCXaDW.exe
  2⤵
  PID:13060
- C:\Windows\System\oFHdKOI.exe
  C:\Windows\System\oFHdKOI.exe
  2⤵
  PID:6816
- C:\Windows\System\nMOQrKG.exe
  C:\Windows\System\nMOQrKG.exe
  2⤵
  PID:13200
- C:\Windows\System\iNvdPpQ.exe
  C:\Windows\System\iNvdPpQ.exe
  2⤵
  PID:7052
- C:\Windows\System\COebuvG.exe
  C:\Windows\System\COebuvG.exe
  2⤵
  PID:4260
- C:\Windows\System\qEwwOJS.exe
  C:\Windows\System\qEwwOJS.exe
  2⤵
  PID:1688
- C:\Windows\System\NQoSyXe.exe
  C:\Windows\System\NQoSyXe.exe
  2⤵
  PID:8620
- C:\Windows\System\YuIhQAg.exe
  C:\Windows\System\YuIhQAg.exe
  2⤵
  PID:12648
- C:\Windows\System\PRTMAbk.exe
  C:\Windows\System\PRTMAbk.exe
  2⤵
  PID:7220
- C:\Windows\System\fAdXCik.exe
  C:\Windows\System\fAdXCik.exe
  2⤵
  PID:5316
- C:\Windows\System\WwrDCvk.exe
  C:\Windows\System\WwrDCvk.exe
  2⤵
  PID:13004
- C:\Windows\System\ayVJlWQ.exe
  C:\Windows\System\ayVJlWQ.exe
  2⤵
  PID:6308
- C:\Windows\System\bxDzXgx.exe
  C:\Windows\System\bxDzXgx.exe
  2⤵
  PID:13188
- C:\Windows\System\KUYCMUz.exe
  C:\Windows\System\KUYCMUz.exe
  2⤵
  PID:3960
- C:\Windows\System\aNoylbe.exe
  C:\Windows\System\aNoylbe.exe
  2⤵
  PID:312
- C:\Windows\System\WRqgWQM.exe
  C:\Windows\System\WRqgWQM.exe
  2⤵
  PID:3524
- C:\Windows\System\gryUIZP.exe
  C:\Windows\System\gryUIZP.exe
  2⤵
  PID:12616
- C:\Windows\System\IJJvRvs.exe
  C:\Windows\System\IJJvRvs.exe
  2⤵
  PID:12376
- C:\Windows\System\psNSCMI.exe
  C:\Windows\System\psNSCMI.exe
  2⤵
  PID:5792
- C:\Windows\System\PuuiTWR.exe
  C:\Windows\System\PuuiTWR.exe
  2⤵
  PID:7556
- C:\Windows\System\IqNuhpy.exe
  C:\Windows\System\IqNuhpy.exe
  2⤵
  PID:7900
- C:\Windows\System\UHVnOFb.exe
  C:\Windows\System\UHVnOFb.exe
  2⤵
  PID:7620
- C:\Windows\System\BKpyaYN.exe
  C:\Windows\System\BKpyaYN.exe
  2⤵
  PID:4868
- C:\Windows\System\scawlnQ.exe
  C:\Windows\System\scawlnQ.exe
  2⤵
  PID:8616
- C:\Windows\System\RszjBPV.exe
  C:\Windows\System\RszjBPV.exe
  2⤵
  PID:6448
- C:\Windows\System\nnHeMSE.exe
  C:\Windows\System\nnHeMSE.exe
  2⤵
  PID:7724
- C:\Windows\System\MULYKxC.exe
  C:\Windows\System\MULYKxC.exe
  2⤵
  PID:7564
- C:\Windows\System\XLZFFxn.exe
  C:\Windows\System\XLZFFxn.exe
  2⤵
  PID:3464
- C:\Windows\System\nAhPYWQ.exe
  C:\Windows\System\nAhPYWQ.exe
  2⤵
  PID:7844
- C:\Windows\System\LibCWyW.exe
  C:\Windows\System\LibCWyW.exe
  2⤵
  PID:4524
- C:\Windows\System\Txroutq.exe
  C:\Windows\System\Txroutq.exe
  2⤵
  PID:1976
- C:\Windows\System\nvyXQgu.exe
  C:\Windows\System\nvyXQgu.exe
  2⤵
  PID:9236
- C:\Windows\System\UWWFwTw.exe
  C:\Windows\System\UWWFwTw.exe
  2⤵
  PID:4268
- C:\Windows\System\snxFByY.exe
  C:\Windows\System\snxFByY.exe
  2⤵
  PID:7984
- C:\Windows\System\RJoZmVs.exe
  C:\Windows\System\RJoZmVs.exe
  2⤵
  PID:8020
- C:\Windows\System\yKuggOD.exe
  C:\Windows\System\yKuggOD.exe
  2⤵
  PID:7808
- C:\Windows\System\ZQrwJEN.exe
  C:\Windows\System\ZQrwJEN.exe
  2⤵
  PID:12532
- C:\Windows\System\ZRwmjqp.exe
  C:\Windows\System\ZRwmjqp.exe
  2⤵
  PID:7432
- C:\Windows\System\pqAeTTi.exe
  C:\Windows\System\pqAeTTi.exe
  2⤵
  PID:1584
- C:\Windows\System\OUXUQNO.exe
  C:\Windows\System\OUXUQNO.exe
  2⤵
  PID:6712
- C:\Windows\System\hMTSiDd.exe
  C:\Windows\System\hMTSiDd.exe
  2⤵
  PID:9344
- C:\Windows\System\NRLYcnr.exe
  C:\Windows\System\NRLYcnr.exe
  2⤵
  PID:8060
- C:\Windows\System\eBhTzqL.exe
  C:\Windows\System\eBhTzqL.exe
  2⤵
  PID:9448
- C:\Windows\System\TNszbvm.exe
  C:\Windows\System\TNszbvm.exe
  2⤵
  PID:7892
- C:\Windows\System\IsmfiNI.exe
  C:\Windows\System\IsmfiNI.exe
  2⤵
  PID:7752
- C:\Windows\System\ttyXQUc.exe
  C:\Windows\System\ttyXQUc.exe
  2⤵
  PID:3336
- C:\Windows\System\MwcCSGF.exe
  C:\Windows\System\MwcCSGF.exe
  2⤵
  PID:7388
- C:\Windows\System\bBotuIO.exe
  C:\Windows\System\bBotuIO.exe
  2⤵
  PID:9720
- C:\Windows\System\NaVwZJh.exe
  C:\Windows\System\NaVwZJh.exe
  2⤵
  PID:9552
- C:\Windows\System\uJaMSsC.exe
  C:\Windows\System\uJaMSsC.exe
  2⤵
  PID:8032
- C:\Windows\System\INQpfXV.exe
  C:\Windows\System\INQpfXV.exe
  2⤵
  PID:7236
- C:\Windows\System\rlCTapG.exe
  C:\Windows\System\rlCTapG.exe
  2⤵
  PID:7244
- C:\Windows\System\XNUHseI.exe
  C:\Windows\System\XNUHseI.exe
  2⤵
  PID:9868
- C:\Windows\System\xoGyIJM.exe
  C:\Windows\System\xoGyIJM.exe
  2⤵
  PID:9768
- C:\Windows\System\YtbCYso.exe
  C:\Windows\System\YtbCYso.exe
  2⤵
  PID:9812
- C:\Windows\System\WultRAw.exe
  C:\Windows\System\WultRAw.exe
  2⤵
  PID:7868
- C:\Windows\System\lZgAmpe.exe
  C:\Windows\System\lZgAmpe.exe
  2⤵
  PID:10008
- C:\Windows\System\fHrxUNk.exe
  C:\Windows\System\fHrxUNk.exe
  2⤵
  PID:10036
- C:\Windows\System\YWwraAj.exe
  C:\Windows\System\YWwraAj.exe
  2⤵
  PID:7792
- C:\Windows\System\qSTppkG.exe
  C:\Windows\System\qSTppkG.exe
  2⤵
  PID:5392
- C:\Windows\System\uYyuZeE.exe
  C:\Windows\System\uYyuZeE.exe
  2⤵
  PID:7208
- C:\Windows\System\sePTtIc.exe
  C:\Windows\System\sePTtIc.exe
  2⤵
  PID:7924
- C:\Windows\System\xomrUPp.exe
  C:\Windows\System\xomrUPp.exe
  2⤵
  PID:10216
- C:\Windows\System\puMklOa.exe
  C:\Windows\System\puMklOa.exe
  2⤵
  PID:9300
- C:\Windows\System\SpyNbGJ.exe
  C:\Windows\System\SpyNbGJ.exe
  2⤵
  PID:8180
- C:\Windows\System\MUClnDA.exe
  C:\Windows\System\MUClnDA.exe
  2⤵
  PID:9472
- C:\Windows\System\rQYvpZi.exe
  C:\Windows\System\rQYvpZi.exe
  2⤵
  PID:7904
- C:\Windows\System\KxcykcY.exe
  C:\Windows\System\KxcykcY.exe
  2⤵
  PID:10224
- C:\Windows\System\aCigvgO.exe
  C:\Windows\System\aCigvgO.exe
  2⤵
  PID:4368
- C:\Windows\System\XRJhKYd.exe
  C:\Windows\System\XRJhKYd.exe
  2⤵
  PID:4768
- C:\Windows\System\wXhfeQd.exe
  C:\Windows\System\wXhfeQd.exe
  2⤵
  PID:4780
- C:\Windows\System\QGufeDE.exe
  C:\Windows\System\QGufeDE.exe
  2⤵
  PID:7812
- C:\Windows\System\ivsZQAh.exe
  C:\Windows\System\ivsZQAh.exe
  2⤵
  PID:8208
- C:\Windows\System\aPeJmfY.exe
  C:\Windows\System\aPeJmfY.exe
  2⤵
  PID:2412
- C:\Windows\System\aeTuQbP.exe
  C:\Windows\System\aeTuQbP.exe
  2⤵
  PID:8280
- C:\Windows\System\wcnGDSA.exe
  C:\Windows\System\wcnGDSA.exe
  2⤵
  PID:10012
- C:\Windows\System\XQBdDUJ.exe
  C:\Windows\System\XQBdDUJ.exe
  2⤵
  PID:3332
- C:\Windows\System\EMggxUy.exe
  C:\Windows\System\EMggxUy.exe
  2⤵
  PID:10132
- C:\Windows\System\vgCQinc.exe
  C:\Windows\System\vgCQinc.exe
  2⤵
  PID:10196
- C:\Windows\System\LTgjRdt.exe
  C:\Windows\System\LTgjRdt.exe
  2⤵
  PID:10220
- C:\Windows\System\gYFkMdU.exe
  C:\Windows\System\gYFkMdU.exe
  2⤵
  PID:9368
- C:\Windows\System\OoNTVTi.exe
  C:\Windows\System\OoNTVTi.exe
  2⤵
  PID:1340
- C:\Windows\System\NcaAgGP.exe
  C:\Windows\System\NcaAgGP.exe
  2⤵
  PID:8488
- C:\Windows\System\wFPZcSx.exe
  C:\Windows\System\wFPZcSx.exe
  2⤵
  PID:9900
- C:\Windows\System\WCyWEsy.exe
  C:\Windows\System\WCyWEsy.exe
  2⤵
  PID:8544
- C:\Windows\System\CeyncUq.exe
  C:\Windows\System\CeyncUq.exe
  2⤵
  PID:10052
- C:\Windows\System\BRnFgIh.exe
  C:\Windows\System\BRnFgIh.exe
  2⤵
  PID:9732
- C:\Windows\System\iulikva.exe
  C:\Windows\System\iulikva.exe
  2⤵
  PID:9652
- C:\Windows\System\eYlVbek.exe
  C:\Windows\System\eYlVbek.exe
  2⤵
  PID:9792
- C:\Windows\System\PagOmVB.exe
  C:\Windows\System\PagOmVB.exe
  2⤵
  PID:4364
- C:\Windows\System\RqqfxJa.exe
  C:\Windows\System\RqqfxJa.exe
  2⤵
  PID:9516
- C:\Windows\System\WeHsljU.exe
  C:\Windows\System\WeHsljU.exe
  2⤵
  PID:8444
- C:\Windows\System\rCDONLQ.exe
  C:\Windows\System\rCDONLQ.exe
  2⤵
  PID:13328
- C:\Windows\System\IlOqkEF.exe
  C:\Windows\System\IlOqkEF.exe
  2⤵
  PID:13356
- C:\Windows\System\GUHRedL.exe
  C:\Windows\System\GUHRedL.exe
  2⤵
  PID:13388
- C:\Windows\System\TpqEibG.exe
  C:\Windows\System\TpqEibG.exe
  2⤵
  PID:13416
- C:\Windows\System\NgSoKrR.exe
  C:\Windows\System\NgSoKrR.exe
  2⤵
  PID:13440
- C:\Windows\System\rJNZREu.exe
  C:\Windows\System\rJNZREu.exe
  2⤵
  PID:13472
- C:\Windows\System\brebPsl.exe
  C:\Windows\System\brebPsl.exe
  2⤵
  PID:13500
- C:\Windows\System\daYVviR.exe
  C:\Windows\System\daYVviR.exe
  2⤵
  PID:13524
- C:\Windows\System\yVqUwEY.exe
  C:\Windows\System\yVqUwEY.exe
  2⤵
  PID:13552
- C:\Windows\System\anAYAuz.exe
  C:\Windows\System\anAYAuz.exe
  2⤵
  PID:13580
- C:\Windows\System\NLBFZrZ.exe
  C:\Windows\System\NLBFZrZ.exe
  2⤵
  PID:13608
- C:\Windows\System\fCZVkAL.exe
  C:\Windows\System\fCZVkAL.exe
  2⤵
  PID:13636
- C:\Windows\System\CcUyJgH.exe
  C:\Windows\System\CcUyJgH.exe
  2⤵
  PID:13668
- C:\Windows\System\NBfgmaE.exe
  C:\Windows\System\NBfgmaE.exe
  2⤵
  PID:13692
- C:\Windows\System\hijHpni.exe
  C:\Windows\System\hijHpni.exe
  2⤵
  PID:13724
- C:\Windows\System\xdtaDmW.exe
  C:\Windows\System\xdtaDmW.exe
  2⤵
  PID:13756
- C:\Windows\System\KXtButC.exe
  C:\Windows\System\KXtButC.exe
  2⤵
  PID:13784
- C:\Windows\System\kbmgUjo.exe
  C:\Windows\System\kbmgUjo.exe
  2⤵
  PID:13812
- C:\Windows\System\jLYzgjp.exe
  C:\Windows\System\jLYzgjp.exe
  2⤵
  PID:13836
- C:\Windows\System\JMoKfHC.exe
  C:\Windows\System\JMoKfHC.exe
  2⤵
  PID:13864
- C:\Windows\System\pYqYRDJ.exe
  C:\Windows\System\pYqYRDJ.exe
  2⤵
  PID:13896
- C:\Windows\System\YncnCUb.exe
  C:\Windows\System\YncnCUb.exe
  2⤵
  PID:13920
- C:\Windows\System\GwJqQFW.exe
  C:\Windows\System\GwJqQFW.exe
  2⤵
  PID:13952
- C:\Windows\System\mYkGrmd.exe
  C:\Windows\System\mYkGrmd.exe
  2⤵
  PID:13976
- C:\Windows\System\mKjJUcM.exe
  C:\Windows\System\mKjJUcM.exe
  2⤵
  PID:14004
- C:\Windows\System\yLOfXpD.exe
  C:\Windows\System\yLOfXpD.exe
  2⤵
  PID:14032
- C:\Windows\System\txIjraQ.exe
  C:\Windows\System\txIjraQ.exe
  2⤵
  PID:14068
- C:\Windows\System\uKUCIga.exe
  C:\Windows\System\uKUCIga.exe
  2⤵
  PID:14088
- C:\Windows\System\wEPRibe.exe
  C:\Windows\System\wEPRibe.exe
  2⤵
  PID:14120
- C:\Windows\System\EgIjYKq.exe
  C:\Windows\System\EgIjYKq.exe
  2⤵
  PID:14144
- C:\Windows\System\ERCLeCn.exe
  C:\Windows\System\ERCLeCn.exe
  2⤵
  PID:14172
- C:\Windows\System\GuJijmQ.exe
  C:\Windows\System\GuJijmQ.exe
  2⤵
  PID:14200
- C:\Windows\System\EFVdafv.exe
  C:\Windows\System\EFVdafv.exe
  2⤵
  PID:14228
- C:\Windows\System\fAiOSGs.exe
  C:\Windows\System\fAiOSGs.exe
  2⤵
  PID:14256
- C:\Windows\System\nrLvkjU.exe
  C:\Windows\System\nrLvkjU.exe
  2⤵
  PID:14292
- C:\Windows\System\OpSusfN.exe
  C:\Windows\System\OpSusfN.exe
  2⤵
  PID:14316
- C:\Windows\System\zoIppYu.exe
  C:\Windows\System\zoIppYu.exe
  2⤵
  PID:8740
- C:\Windows\System\yRDBURE.exe
  C:\Windows\System\yRDBURE.exe
  2⤵
  PID:13348
- C:\Windows\System\eSXQcoI.exe
  C:\Windows\System\eSXQcoI.exe
  2⤵
  PID:8804
- C:\Windows\System\LpTgvEx.exe
  C:\Windows\System\LpTgvEx.exe
  2⤵
  PID:13424
- C:\Windows\System\kRgqsyZ.exe
  C:\Windows\System\kRgqsyZ.exe
  2⤵
  PID:10252
- C:\Windows\System\LUnDoVy.exe
  C:\Windows\System\LUnDoVy.exe
  2⤵
  PID:13488
- C:\Windows\System\JhtAtzx.exe
  C:\Windows\System\JhtAtzx.exe
  2⤵
  PID:8916
- C:\Windows\System\rblqNVX.exe
  C:\Windows\System\rblqNVX.exe
  2⤵
  PID:10480
- C:\Windows\System\BWysJlU.exe
  C:\Windows\System\BWysJlU.exe
  2⤵
  PID:13576
- C:\Windows\System\CZBbdgV.exe
  C:\Windows\System\CZBbdgV.exe
  2⤵
  PID:9008
- C:\Windows\System\RgGHHOR.exe
  C:\Windows\System\RgGHHOR.exe
  2⤵
  PID:9028
- C:\Windows\System\fiwrFwl.exe
  C:\Windows\System\fiwrFwl.exe
  2⤵
  PID:13704
- C:\Windows\System\neegvId.exe
  C:\Windows\System\neegvId.exe
  2⤵
  PID:10628
- C:\Windows\System\VEIDwyD.exe
  C:\Windows\System\VEIDwyD.exe
  2⤵
  PID:13772
- C:\Windows\System\pWHJjVw.exe
  C:\Windows\System\pWHJjVw.exe
  2⤵
  PID:13820
- C:\Windows\System\krSlOKZ.exe
  C:\Windows\System\krSlOKZ.exe
  2⤵
  PID:10776
- C:\Windows\System\QDleZZY.exe
  C:\Windows\System\QDleZZY.exe
  2⤵
  PID:13888
- C:\Windows\System\HiEGMAU.exe
  C:\Windows\System\HiEGMAU.exe
  2⤵
  PID:10812
- C:\Windows\System\cWUPYgN.exe
  C:\Windows\System\cWUPYgN.exe
  2⤵
  PID:13968
- C:\Windows\System\lvmwYsO.exe
  C:\Windows\System\lvmwYsO.exe
  2⤵
  PID:3092
- C:\Windows\System\lgQRKlv.exe
  C:\Windows\System\lgQRKlv.exe
  2⤵
  PID:14028
- C:\Windows\System\LWQxLFo.exe
  C:\Windows\System\LWQxLFo.exe
  2⤵
  PID:14084
- C:\Windows\System\DLwMxMq.exe
  C:\Windows\System\DLwMxMq.exe
  2⤵
  PID:10960
- C:\Windows\System\oepmGWm.exe
  C:\Windows\System\oepmGWm.exe
  2⤵
  PID:14156
- C:\Windows\System\HVokDkN.exe
  C:\Windows\System\HVokDkN.exe
  2⤵
  PID:11020
- C:\Windows\System\dEkKbdP.exe
  C:\Windows\System\dEkKbdP.exe
  2⤵
  PID:14240
- C:\Windows\System\piefJbx.exe
  C:\Windows\System\piefJbx.exe
  2⤵
  PID:14252
- C:\Windows\System\PzpXJfy.exe
  C:\Windows\System\PzpXJfy.exe
  2⤵
  PID:14280
- C:\Windows\System\UurBGwJ.exe
  C:\Windows\System\UurBGwJ.exe
  2⤵
  PID:8632
- C:\Windows\System\NaVkXGe.exe
  C:\Windows\System\NaVkXGe.exe
  2⤵
  PID:13324
- C:\Windows\System\ffKuadY.exe
  C:\Windows\System\ffKuadY.exe
  2⤵
  PID:13376
- C:\Windows\System\Mgibnpw.exe
  C:\Windows\System\Mgibnpw.exe
  2⤵
  PID:5268
- C:\Windows\System\hQRVZbm.exe
  C:\Windows\System\hQRVZbm.exe
  2⤵
  PID:13452
- C:\Windows\System\siHtGuV.exe
  C:\Windows\System\siHtGuV.exe
  2⤵
  PID:8888
- C:\Windows\System\VHxXxmd.exe
  C:\Windows\System\VHxXxmd.exe
  2⤵
  PID:10548
- C:\Windows\System\ZhgbXPw.exe
  C:\Windows\System\ZhgbXPw.exe
  2⤵
  PID:10600
- C:\Windows\System\BJIYnQt.exe
  C:\Windows\System\BJIYnQt.exe
  2⤵
  PID:10672
- C:\Windows\System\GyYHvFL.exe
  C:\Windows\System\GyYHvFL.exe
  2⤵
  PID:10560
- C:\Windows\System\WzEMagR.exe
  C:\Windows\System\WzEMagR.exe
  2⤵
  PID:9004
- C:\Windows\System\FCMDaqj.exe
  C:\Windows\System\FCMDaqj.exe
  2⤵
  PID:10908
- C:\Windows\System\XaKwJBo.exe
  C:\Windows\System\XaKwJBo.exe
  2⤵
  PID:13720
- C:\Windows\System\eZNobux.exe
  C:\Windows\System\eZNobux.exe
  2⤵
  PID:9084
- C:\Windows\System\FVhdlAn.exe
  C:\Windows\System\FVhdlAn.exe
  2⤵
  PID:9124
- C:\Windows\System\WRWFDir.exe
  C:\Windows\System\WRWFDir.exe
  2⤵
  PID:13828
- C:\Windows\System\ywDQWKt.exe
  C:\Windows\System\ywDQWKt.exe
  2⤵
  PID:9180
- C:\Windows\System\DmqWKpL.exe
  C:\Windows\System\DmqWKpL.exe
  2⤵
  PID:13960
- C:\Windows\System\kYiVNMz.exe
  C:\Windows\System\kYiVNMz.exe
  2⤵
  PID:7700
- C:\Windows\System\eEwMoJq.exe
  C:\Windows\System\eEwMoJq.exe
  2⤵
  PID:8364
- C:\Windows\System\czwzcYk.exe
  C:\Windows\System\czwzcYk.exe
  2⤵
  PID:11036
- C:\Windows\System\zJwPJGP.exe
  C:\Windows\System\zJwPJGP.exe
  2⤵
  PID:14312
- C:\Windows\System\kFjxCaZ.exe
  C:\Windows\System\kFjxCaZ.exe
  2⤵
  PID:8660
- C:\Windows\System\WukFAYU.exe
  C:\Windows\System\WukFAYU.exe
  2⤵
  PID:13380
- C:\Windows\System\uKFztHO.exe
  C:\Windows\System\uKFztHO.exe
  2⤵
  PID:4856
- C:\Windows\System\bcmSXkM.exe
  C:\Windows\System\bcmSXkM.exe
  2⤵
  PID:10428
- C:\Windows\System\YVoEKCi.exe
  C:\Windows\System\YVoEKCi.exe
  2⤵
  PID:13592
- C:\Windows\System\BoUVMak.exe
  C:\Windows\System\BoUVMak.exe
  2⤵
  PID:10924
- C:\Windows\System\fUqjJEw.exe
  C:\Windows\System\fUqjJEw.exe
  2⤵
  PID:4844
- C:\Windows\System\LzDOvwc.exe
  C:\Windows\System\LzDOvwc.exe
  2⤵
  PID:10740
- C:\Windows\System\QBcAXap.exe
  C:\Windows\System\QBcAXap.exe
  2⤵
  PID:10720
- C:\Windows\System\HtePJUG.exe
  C:\Windows\System\HtePJUG.exe
  2⤵
  PID:10892
- C:\Windows\System\ElbtOGi.exe
  C:\Windows\System\ElbtOGi.exe
  2⤵
  PID:11088
- C:\Windows\System\uLijgrT.exe
  C:\Windows\System\uLijgrT.exe
  2⤵
  PID:13436
- C:\Windows\System\CNPkgsT.exe
  C:\Windows\System\CNPkgsT.exe
  2⤵
  PID:10392
- C:\Windows\System\VsBCKqT.exe
  C:\Windows\System\VsBCKqT.exe
  2⤵
  PID:9340
- C:\Windows\System\bIyrdtN.exe
  C:\Windows\System\bIyrdtN.exe
  2⤵
  PID:11228
- C:\Windows\System\uafZMTV.exe
  C:\Windows\System\uafZMTV.exe
  2⤵
  PID:14024
- C:\Windows\System\WouXheJ.exe
  C:\Windows\System\WouXheJ.exe
  2⤵
  PID:8856
- C:\Windows\System\mDJCnJm.exe
  C:\Windows\System\mDJCnJm.exe
  2⤵
  PID:8500
- C:\Windows\System\sXFoUuS.exe
  C:\Windows\System\sXFoUuS.exe
  2⤵
  PID:9080
- C:\Windows\System\DnlUUKW.exe
  C:\Windows\System\DnlUUKW.exe
  2⤵
  PID:14000
- C:\Windows\System\kbbZEmy.exe
  C:\Windows\System\kbbZEmy.exe
  2⤵
  PID:14304
- C:\Windows\System\fVIIhrE.exe
  C:\Windows\System\fVIIhrE.exe
  2⤵
  PID:9196
- C:\Windows\System\omtiMCL.exe
  C:\Windows\System\omtiMCL.exe
  2⤵
  PID:11072
- C:\Windows\System\FCrBIXm.exe
  C:\Windows\System\FCrBIXm.exe
  2⤵
  PID:14364
- C:\Windows\System\EDjmMIh.exe
  C:\Windows\System\EDjmMIh.exe
  2⤵
  PID:14408
- C:\Windows\System\sSDIGbG.exe
  C:\Windows\System\sSDIGbG.exe
  2⤵
  PID:14424
- C:\Windows\System\aXBKLGP.exe
  C:\Windows\System\aXBKLGP.exe
  2⤵
  PID:14452
- C:\Windows\System\NKQxNIc.exe
  C:\Windows\System\NKQxNIc.exe
  2⤵
  PID:14480
- C:\Windows\System\VPyrMfD.exe
  C:\Windows\System\VPyrMfD.exe
  2⤵
  PID:14508
- C:\Windows\System\VokRhxU.exe
  C:\Windows\System\VokRhxU.exe
  2⤵
  PID:14536
- C:\Windows\System\zORZdQG.exe
  C:\Windows\System\zORZdQG.exe
  2⤵
  PID:14564
- C:\Windows\System\NIVxcWT.exe
  C:\Windows\System\NIVxcWT.exe
  2⤵
  PID:14592
- C:\Windows\System\IlWZdMO.exe
  C:\Windows\System\IlWZdMO.exe
  2⤵
  PID:14620
- C:\Windows\System\ZkvjdWH.exe
  C:\Windows\System\ZkvjdWH.exe
  2⤵
  PID:14648
- C:\Windows\System\imCOZix.exe
  C:\Windows\System\imCOZix.exe
  2⤵
  PID:14676
- C:\Windows\System\YTKqcxY.exe
  C:\Windows\System\YTKqcxY.exe
  2⤵
  PID:14704
- C:\Windows\System\nIvkCyU.exe
  C:\Windows\System\nIvkCyU.exe
  2⤵
  PID:14732
- C:\Windows\System\hKSFBEs.exe
  C:\Windows\System\hKSFBEs.exe
  2⤵
  PID:14768
- C:\Windows\System\gHkGYsF.exe
  C:\Windows\System\gHkGYsF.exe
  2⤵
  PID:14788
- C:\Windows\System\ZZKOkWB.exe
  C:\Windows\System\ZZKOkWB.exe
  2⤵
  PID:14816
- C:\Windows\System\FSnqLta.exe
  C:\Windows\System\FSnqLta.exe
  2⤵
  PID:14844
- C:\Windows\System\mbhSUIw.exe
  C:\Windows\System\mbhSUIw.exe
  2⤵
  PID:14876
- C:\Windows\System\biuQnTC.exe
  C:\Windows\System\biuQnTC.exe
  2⤵
  PID:14900
- C:\Windows\System\ZclccKS.exe
  C:\Windows\System\ZclccKS.exe
  2⤵
  PID:14928
- C:\Windows\System\JpHXGiO.exe
  C:\Windows\System\JpHXGiO.exe
  2⤵
  PID:14956
- C:\Windows\System\TEeMJyu.exe
  C:\Windows\System\TEeMJyu.exe
  2⤵
  PID:15000
- C:\Windows\System\RkqUVBl.exe
  C:\Windows\System\RkqUVBl.exe
  2⤵
  PID:15016
- C:\Windows\System\DzEmyNI.exe
  C:\Windows\System\DzEmyNI.exe
  2⤵
  PID:15044
- C:\Windows\System\WcIlMsP.exe
  C:\Windows\System\WcIlMsP.exe
  2⤵
  PID:15072
- C:\Windows\System\TPIVGFM.exe
  C:\Windows\System\TPIVGFM.exe
  2⤵
  PID:15100
- C:\Windows\System\VNAkFyV.exe
  C:\Windows\System\VNAkFyV.exe
  2⤵
  PID:15128
- C:\Windows\System\OnUJznO.exe
  C:\Windows\System\OnUJznO.exe
  2⤵
  PID:15156
- C:\Windows\System\hCGfLiy.exe
  C:\Windows\System\hCGfLiy.exe
  2⤵
  PID:15184
- C:\Windows\System\SSAoSTt.exe
  C:\Windows\System\SSAoSTt.exe
  2⤵
  PID:15212
- C:\Windows\System\YIhoeMU.exe
  C:\Windows\System\YIhoeMU.exe
  2⤵
  PID:15240
- C:\Windows\System\tIyBUjG.exe
  C:\Windows\System\tIyBUjG.exe
  2⤵
  PID:15268
- C:\Windows\System\EZMKrrj.exe
  C:\Windows\System\EZMKrrj.exe
  2⤵
  PID:15296
- C:\Windows\System\LDAAnIF.exe
  C:\Windows\System\LDAAnIF.exe
  2⤵
  PID:15324
- C:\Windows\System\bVMyZMl.exe
  C:\Windows\System\bVMyZMl.exe
  2⤵
  PID:15352
- C:\Windows\System\dvfXNPN.exe
  C:\Windows\System\dvfXNPN.exe
  2⤵
  PID:14384
- C:\Windows\System\LFfzJzJ.exe
  C:\Windows\System\LFfzJzJ.exe
  2⤵
  PID:14448
- C:\Windows\System\KOxNMuX.exe
  C:\Windows\System\KOxNMuX.exe
  2⤵
  PID:14520
- C:\Windows\System\HTzcYIm.exe
  C:\Windows\System\HTzcYIm.exe
  2⤵
  PID:14584
- C:\Windows\System\UyDCUJR.exe
  C:\Windows\System\UyDCUJR.exe
  2⤵
  PID:14640
- C:\Windows\System\dWVlWWL.exe
  C:\Windows\System\dWVlWWL.exe
  2⤵
  PID:14696
- C:\Windows\System\pXngkTs.exe
  C:\Windows\System\pXngkTs.exe
  2⤵
  PID:9644
- C:\Windows\System\TNClZfs.exe
  C:\Windows\System\TNClZfs.exe
  2⤵
  PID:14812
- C:\Windows\System\YxiPxuY.exe
  C:\Windows\System\YxiPxuY.exe
  2⤵
  PID:14892
- C:\Windows\System\ZsPyFeY.exe
  C:\Windows\System\ZsPyFeY.exe
  2⤵
  PID:14924
- C:\Windows\System\cnFyOkA.exe
  C:\Windows\System\cnFyOkA.exe
  2⤵
  PID:14984
- C:\Windows\System\mEisdZK.exe
  C:\Windows\System\mEisdZK.exe
  2⤵
  PID:11768
- C:\Windows\System\LGtIZsH.exe
  C:\Windows\System\LGtIZsH.exe
  2⤵
  PID:11792
- C:\Windows\System\oCLgStd.exe
  C:\Windows\System\oCLgStd.exe
  2⤵
  PID:4936
- C:\Windows\System\mbZdOUR.exe
  C:\Windows\System\mbZdOUR.exe
  2⤵
  PID:15168
- C:\Windows\System\upsArdK.exe
  C:\Windows\System\upsArdK.exe
  2⤵
  PID:11948
- C:\Windows\System\okafAzM.exe
  C:\Windows\System\okafAzM.exe
  2⤵
  PID:15232
- C:\Windows\System\vCBhUWD.exe
  C:\Windows\System\vCBhUWD.exe
  2⤵
  PID:12004
- C:\Windows\System\FNYoABY.exe
  C:\Windows\System\FNYoABY.exe
  2⤵
  PID:12076
- C:\Windows\System\LFFoiZk.exe
  C:\Windows\System\LFFoiZk.exe
  2⤵
  PID:15348
- C:\Windows\System\HNRucvr.exe
  C:\Windows\System\HNRucvr.exe
  2⤵
  PID:14976
- C:\Windows\System\tUBFDTo.exe
  C:\Windows\System\tUBFDTo.exe
  2⤵
  PID:14504
- C:\Windows\System\XVZZWEQ.exe
  C:\Windows\System\XVZZWEQ.exe
  2⤵
  PID:14576
- C:\Windows\System\JYoTEeH.exe
  C:\Windows\System\JYoTEeH.exe
  2⤵
  PID:2672
- C:\Windows\System\KoAfteg.exe
  C:\Windows\System\KoAfteg.exe
  2⤵
  PID:14752
- C:\Windows\System\UHInjfP.exe
  C:\Windows\System\UHInjfP.exe
  2⤵
  PID:5312
- C:\Windows\System\dIYvsnv.exe
  C:\Windows\System\dIYvsnv.exe
  2⤵
  PID:11492
- C:\Windows\System\TvIZQBH.exe
  C:\Windows\System\TvIZQBH.exe
  2⤵
  PID:11728
- C:\Windows\System\sWnXqPU.exe
  C:\Windows\System\sWnXqPU.exe
  2⤵
  PID:5848
- C:\Windows\System\LkMICVA.exe
  C:\Windows\System\LkMICVA.exe
  2⤵
  PID:6044
- C:\Windows\System\jSpiAyk.exe
  C:\Windows\System\jSpiAyk.exe
  2⤵
  PID:6332
- C:\Windows\System\qDYYKlp.exe
  C:\Windows\System\qDYYKlp.exe
  2⤵
  PID:15280
- C:\Windows\System\CNxpnRH.exe
  C:\Windows\System\CNxpnRH.exe
  2⤵
  PID:15336
- C:\Windows\System\SLoNQiM.exe
  C:\Windows\System\SLoNQiM.exe
  2⤵
  PID:892
- C:\Windows\System\OCECtwd.exe
  C:\Windows\System\OCECtwd.exe
  2⤵
  PID:11544
- C:\Windows\System\lCeLSij.exe
  C:\Windows\System\lCeLSij.exe
  2⤵
  PID:14644
- C:\Windows\System\xAtVqFL.exe
  C:\Windows\System\xAtVqFL.exe
  2⤵
  PID:6632
- C:\Windows\System\jgtpcoh.exe
  C:\Windows\System\jgtpcoh.exe
  2⤵
  PID:10072
- C:\Windows\System\GZzaRiS.exe
  C:\Windows\System\GZzaRiS.exe
  2⤵
  PID:6892
- C:\Windows\System\ljuuilH.exe
  C:\Windows\System\ljuuilH.exe
  2⤵
  PID:6940
- C:\Windows\System\QJaAbVn.exe
  C:\Windows\System\QJaAbVn.exe
  2⤵
  PID:15208
- C:\Windows\System\xooTHVO.exe
  C:\Windows\System\xooTHVO.exe
  2⤵
  PID:12020
- C:\Windows\System\ZvLFWCW.exe
  C:\Windows\System\ZvLFWCW.exe
  2⤵
  PID:4392
- C:\Windows\System\kvsanIP.exe
  C:\Windows\System\kvsanIP.exe
  2⤵
  PID:11652
- C:\Windows\System\CNLjcgc.exe
  C:\Windows\System\CNLjcgc.exe
  2⤵
  PID:10356
- C:\Windows\System\RsgzDGC.exe
  C:\Windows\System\RsgzDGC.exe
  2⤵
  PID:2212
- C:\Windows\System\VfkGfOb.exe
  C:\Windows\System\VfkGfOb.exe
  2⤵
  PID:11720
- C:\Windows\System\IlUQrgt.exe
  C:\Windows\System\IlUQrgt.exe
  2⤵
  PID:11960
- C:\Windows\System\hnBKXuk.exe
  C:\Windows\System\hnBKXuk.exe
  2⤵
  PID:4412
- C:\Windows\System\xSXYxpY.exe
  C:\Windows\System\xSXYxpY.exe
  2⤵
  PID:11668
- C:\Windows\System\XGAzoHt.exe
  C:\Windows\System\XGAzoHt.exe
  2⤵
  PID:10592
- C:\Windows\System\IuPGMDe.exe
  C:\Windows\System\IuPGMDe.exe
  2⤵
  PID:14912
- C:\Windows\System\XWsOBKQ.exe
  C:\Windows\System\XWsOBKQ.exe
  2⤵
  PID:14376
- C:\Windows\System\LfxVaIA.exe
  C:\Windows\System\LfxVaIA.exe
  2⤵
  PID:3880
- C:\Windows\System\qYhgJIM.exe
  C:\Windows\System\qYhgJIM.exe
  2⤵
  PID:2036
- C:\Windows\System\TjXYnRv.exe
  C:\Windows\System\TjXYnRv.exe
  2⤵
  PID:3620
- C:\Windows\System\ZMGZBVA.exe
  C:\Windows\System\ZMGZBVA.exe
  2⤵
  PID:2348
- C:\Windows\System\eIqPEJP.exe
  C:\Windows\System\eIqPEJP.exe
  2⤵
  PID:10836
- C:\Windows\System\CMgvLXu.exe
  C:\Windows\System\CMgvLXu.exe
  2⤵
  PID:5956
- C:\Windows\System\EogjmPK.exe
  C:\Windows\System\EogjmPK.exe
  2⤵
  PID:2536
- C:\Windows\System\yuOhACc.exe
  C:\Windows\System\yuOhACc.exe
  2⤵
  PID:12112
- C:\Windows\System\CaLkqiF.exe
  C:\Windows\System\CaLkqiF.exe
  2⤵
  PID:864
- C:\Windows\System\DoqQKOP.exe
  C:\Windows\System\DoqQKOP.exe
  2⤵
  PID:15204
- C:\Windows\System\iFwFRgJ.exe
  C:\Windows\System\iFwFRgJ.exe
  2⤵
  PID:5164
- C:\Windows\System\TQIKWnt.exe
  C:\Windows\System\TQIKWnt.exe
  2⤵
  PID:15384
- C:\Windows\System\rQmJBDg.exe
  C:\Windows\System\rQmJBDg.exe
  2⤵
  PID:15404
- C:\Windows\System\zVbIxfc.exe
  C:\Windows\System\zVbIxfc.exe
  2⤵
  PID:15436
- C:\Windows\System\FQeLmQi.exe
  C:\Windows\System\FQeLmQi.exe
  2⤵
  PID:15464
- C:\Windows\System\HKMCaIL.exe
  C:\Windows\System\HKMCaIL.exe
  2⤵
  PID:15488
- C:\Windows\System\lgpwwCv.exe
  C:\Windows\System\lgpwwCv.exe
  2⤵
  PID:15520
- C:\Windows\System\QDwDzfE.exe
  C:\Windows\System\QDwDzfE.exe
  2⤵
  PID:15548
- C:\Windows\System\rHinFIK.exe
  C:\Windows\System\rHinFIK.exe
  2⤵
  PID:15584
- C:\Windows\System\gowjlPi.exe
  C:\Windows\System\gowjlPi.exe
  2⤵
  PID:15604
- C:\Windows\System\TWonHzm.exe
  C:\Windows\System\TWonHzm.exe
  2⤵
  PID:15632
- C:\Windows\System\izfJVZq.exe
  C:\Windows\System\izfJVZq.exe
  2⤵
  PID:15660
- C:\Windows\System\MWGnWMl.exe
  C:\Windows\System\MWGnWMl.exe
  2⤵
  PID:15688
- C:\Windows\System\tThmcpO.exe
  C:\Windows\System\tThmcpO.exe
  2⤵
  PID:15716
- C:\Windows\System\jIKejMs.exe
  C:\Windows\System\jIKejMs.exe
  2⤵
  PID:15748
- C:\Windows\System\HUPqzco.exe
  C:\Windows\System\HUPqzco.exe
  2⤵
  PID:15772
- C:\Windows\System\Rfrwbaa.exe
  C:\Windows\System\Rfrwbaa.exe
  2⤵
  PID:15800
- C:\Windows\System\yRzspaY.exe
  C:\Windows\System\yRzspaY.exe
  2⤵
  PID:15828
- C:\Windows\System\OTOGfRI.exe
  C:\Windows\System\OTOGfRI.exe
  2⤵
  PID:15856
- C:\Windows\System\wrfBNzb.exe
  C:\Windows\System\wrfBNzb.exe
  2⤵
  PID:15884
- C:\Windows\System\KIEeBAc.exe
  C:\Windows\System\KIEeBAc.exe
  2⤵
  PID:15920
- C:\Windows\System\OAWvvwF.exe
  C:\Windows\System\OAWvvwF.exe
  2⤵
  PID:15940
- C:\Windows\System\DBKkzDX.exe
  C:\Windows\System\DBKkzDX.exe
  2⤵
  PID:15968
- C:\Windows\System\lKwDkQT.exe
  C:\Windows\System\lKwDkQT.exe
  2⤵
  PID:15996
- C:\Windows\System\QQyRYgx.exe
  C:\Windows\System\QQyRYgx.exe
  2⤵
  PID:16024
- C:\Windows\System\KGQjEMR.exe
  C:\Windows\System\KGQjEMR.exe
  2⤵
  PID:16052
- C:\Windows\System\lPIcxkE.exe
  C:\Windows\System\lPIcxkE.exe
  2⤵
  PID:16080
- C:\Windows\System\sBcdHnB.exe
  C:\Windows\System\sBcdHnB.exe
  2⤵
  PID:16108
- C:\Windows\System\tlzmuzH.exe
  C:\Windows\System\tlzmuzH.exe
  2⤵
  PID:16140
- C:\Windows\System\yaaKxAT.exe
  C:\Windows\System\yaaKxAT.exe
  2⤵
  PID:16168
- C:\Windows\System\BhOzSBe.exe
  C:\Windows\System\BhOzSBe.exe
  2⤵
  PID:16196
- C:\Windows\System\LxGntXO.exe
  C:\Windows\System\LxGntXO.exe
  2⤵
  PID:16224
- C:\Windows\System\MKIHpdD.exe
  C:\Windows\System\MKIHpdD.exe
  2⤵
  PID:16256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\EpzGHsA.exe

Filesize
6.0MB

MD5
98589f0dac011a930f978652499da6fe

SHA1
8aeb017bfde8130f343f930c891f4c42c9eb1a53

SHA256
356e5a860c46c1bfcf864b90f9e873c6033fc6f189feb4ef495db4cf72249707

SHA512
a9567d85626f3701daa353949630d042ed26d1c4942b5d44548eabdafb47e483c6b952c85775e7f88d10ef2a6ca67ace437b091d0ba3242b9677dd30f24b7ccd

Download Submit
C:\Windows\System\EsCTYAv.exe

Filesize
6.0MB

MD5
f790bd7214f0327cd50fd51e5e8e78cb

SHA1
af6bfddeaea23ebcd1e82666b8fc8ff6f76a5de3

SHA256
f79c5099890a0d6c285c5ab488d8bdd0e8780dfb71f4b5e0c859825cac1ae409

SHA512
ad20127ee5e028f3f5aef015ee993abd8eeabab40ad363b10198dd1c7594053cc9366f78119626dbd41aa79f3d3f3024c6f60f9be7ab56c6937256705c080793

Download Submit
C:\Windows\System\EtNQkCi.exe

Filesize
6.0MB

MD5
c2589ee07b9ec960567243365bd8c354

SHA1
e68e85a118d7c198d5b0c40def9adb9d97f67bb6

SHA256
d502caa8771cb29e809bd662762f18ae7e0ce41542f0f744ea7eb6be90f5720d

SHA512
5684ec6bf4c3e04a2a9cbaa7db58100cebacd29cb5d36f1e72291cc0cb3a20c14a9473ba6ab330d83d5a305dffdb1b302903f9e4f0ae6027a682f9395d125210

Download Submit
C:\Windows\System\FRpoQqj.exe

Filesize
6.0MB

MD5
353114329d690391a19d92f4a055d50c

SHA1
7e3cebe6c4fcf58a23e183f322bb6fae7c008247

SHA256
2a89e403598e1694b5fce6e544bf0870a40b8b0302631ec0b8a726dcce5a8bd7

SHA512
70fc3242a42e6e52bca07dcd678c873154b11ecbc671f67274342ba1225056665652702a3e40e82b176a950e3aed5fbb28c33e6a9e0d4dd318bb5bf84b05add6

Download Submit
C:\Windows\System\IUJPuXy.exe

Filesize
6.0MB

MD5
937285560b3750751e86c4a42cc3d648

SHA1
d7b255aff1138ca48fc70e338b5e340a593cb7c8

SHA256
597e2c562ee263e600da8be5c73e881e00201583452113fb895650466bae5f6b

SHA512
098b76769353b07c10ba1a2920979b2bec959bbda9a2f9cb7d42e3f7b691ddf56102b5f0356466c6b1a99a44bee4589f0d139c6efe48ebf5abef4534a7e63d97

Download Submit
C:\Windows\System\JZDfdsU.exe

Filesize
6.0MB

MD5
06633806fe2e6afc7095fdad5fde96de

SHA1
3354a858058faaded912dd41cdd7646cb5f1ab30

SHA256
18dc2636031038805c795a9a1843e749f019b7bdc973441b0ae2700b1d6d4495

SHA512
ed866bec596d4f9460d37b4585b87b3193e4197b974dc093a0978055e45675a268c35168d4460954e0ef38f181a927329d41e1a9a539ea14d586b49e281816d8

Download Submit
C:\Windows\System\LpQjsXi.exe

Filesize
6.0MB

MD5
d566d79b2bc7dd0f1d1e2f90ed123d15

SHA1
c706a82b30f5076a0e38159f51d1427fd2d51996

SHA256
3545ce02d8d0837c51d5177ed38bf59841c1d086bd909740ff5752c216253548

SHA512
a7c9de7046ee209c1f1575e79d5b91e2a8f7292d193f469760c2268401157d22c70bb5e358e631846e616ceefd85b25d23d6ef7f5c897ea07e6ef9a56638ab59

Download Submit
C:\Windows\System\NbcAWeD.exe

Filesize
6.0MB

MD5
36a64b29f47d7650f76fed948f861257

SHA1
1a4c86fb08a267f17e33c6cc65a1e468b36fff57

SHA256
1b13d586532e46df7e4ca647fcab69f527ee98e58fa6448687505800b1e59561

SHA512
25912414fcea5f14043705f84e6f1efc6151e1742645aba911d7758159e3dacda3837245b3ab3fb033317a2fa538a78a448a5400d0ca3a75de8566e6e63199e7

Download Submit
C:\Windows\System\OsqqXql.exe

Filesize
6.0MB

MD5
6cfae98ecc6f0434f1c5286f9aec10fc

SHA1
377ee0b6eb96a43453159f72e7ea112a8c7c44b7

SHA256
fa9b6d71cb984bde0d585ead5b3ecde5169bd6ae1bbfde696cee869032707404

SHA512
92cd18dd4ce83b93d15c51eefd6380ee3ced0cae69046ca92e05d89ae5de54a9e9f2c0a1b6fc570ba6e5e1e8b953cce575eddcfe79d07f348db6d4ac4c0a0882

Download Submit
C:\Windows\System\QjPGiKA.exe

Filesize
6.0MB

MD5
14bafbe816337fb02f52a74fa26a9379

SHA1
0744e49b51ad9769eca534a0d20f1c420548756e

SHA256
de6cdc2e930e43d79de0956878a27a5a73bc27920f54df15fbc972d8df404a31

SHA512
269b7260a5273afff5e67a36a1f3a446f4976cfd3fb625977931a9721c905015362aa32f06df77ba2f3998a306e38fbb144889fd806d166410f9746747fca1d8

Download Submit
C:\Windows\System\QpxsajB.exe

Filesize
6.0MB

MD5
7bb7a458552c899cfca60b05382f5d1e

SHA1
04e1f26fd3c1a07f065935f247ebb29601a84c37

SHA256
11c997c796966d465c1fb54cdffb00da7ad9f6807dcc3e680f38fafb5265a264

SHA512
522843f933cf4daaa4f14dfd32fd1111125e016cc0dced7ea9c0ed0935c135d1d4558cdce3008b2276a9b2533c24b1ba745663dfc715b3835e8a4cb525020d79

Download Submit
C:\Windows\System\SCDTXkB.exe

Filesize
6.0MB

MD5
a5e77a0e419b656825cecf34c10b8a1a

SHA1
b2a7bc86ca6b28d0d1c6f3810067e5ed69b277a3

SHA256
89e98b5d2904cc3853a35231d839992a9af2a1138fd02bbbb570982b0e37d251

SHA512
c66b0c018f27c3d1a71827621be0c0827b7e0ecf3618d7cae243c19d79c76d2d93ec6cd91d35f6bb4aaa23ec783962379fd5efc94c3534a2d29dfb781e57455a

Download Submit
C:\Windows\System\TVmtCwH.exe

Filesize
6.0MB

MD5
d428eda314909cc2a6f729680d9620f5

SHA1
573c54e0346b1b4d932a856c7f6c28be4b33fba1

SHA256
84bd9ed5c220494943b106716af65765bdfd3e5456e3a5232f965d1674e46776

SHA512
02828d725e660a2992e817616f2940d2c23292ca471aacca30be8f470af324ebffbc81a8d2ce44664e7cc4e02b45f99d28d9e86acfa21c167bba0f8e56f5404a

Download Submit
C:\Windows\System\YdusbUx.exe

Filesize
6.0MB

MD5
a3e7c010ac60f6aeb4899776ebb7ab7a

SHA1
6e184eab0ef91ce4b7ffcec0453bd75dbc0fb4c7

SHA256
3e26daac43041743e3c21d4336c76d831f4650a4ae71e83d421dd0939240fcdd

SHA512
f3921cf16dc791fb6a5cae1a325c39c2980910a8a11419b95a493f4458faf7b4dab66ebd1b10ec1f6812f3204dc9b0dc5914ca93ff2ab30c25cbe5ba8fd7109c

Download Submit
C:\Windows\System\ZlYGRVd.exe

Filesize
6.0MB

MD5
2d71bdd4a3ad4229190e43fa023477fa

SHA1
e13d85aafb5370a7eb01e97c494f3eabd4d5c74f

SHA256
20246337341bdd0817cfdae901b2e03e8d27b13f9ea03a9c74e2614b3a904d98

SHA512
652f4094402a197f9957dcef4296b30d486f8e8a7d0ee2cbce332a5c9e82ce8bb3e4765e58ad9dcc3a9da5156631ef76705f77a70b66bb5dcfd2f7ab48745751

Download Submit
C:\Windows\System\dalsXEe.exe

Filesize
6.0MB

MD5
c3f565740b15902355285c24ca15fba1

SHA1
8eb19485fd2b0aacc5fb3036689db6fb2de1cab3

SHA256
b93506efc6da182aabbf9b7cfb5e6026fde460235e1c5e947d23999ae51876ca

SHA512
af9b6cdbe77efdd086cd06ad71fb46b166ae82f38cc1a712fb6575487f5c9add6c4761f7bc15fda81bd9896665145aabcf585de3169676ee05ff9f69848e08b1

Download Submit
C:\Windows\System\eQuUNdb.exe

Filesize
6.0MB

MD5
9ad7d3bedf6887dceb8cfe31a407d4a4

SHA1
b892bf9b8ed268e923c67fca44708ac479950436

SHA256
85f135ee88b1ddfd9f4da92a98a5e17e63be1f3cbc029163c3b035514319380c

SHA512
6c0acfa262c081e2f6a3d5521ee29734569f9e91aaac3764858ee2337f835b73d045e5726a8995b36a5861bc2ac1122c6a23f1799f12a868de1140738e767cee

Download Submit
C:\Windows\System\flcQjek.exe

Filesize
6.0MB

MD5
3ab14b30096f99d42a35dd8c2f5c6333

SHA1
fc75622eb2617509ba69aff290c4334b9eb3e2d3

SHA256
c61c9d809447b7adbe68b26906e9340eb4ad36c69bf6f4eaecc7e0898e0734a5

SHA512
49b59f1fb134d22d2f8b56e01145bf0145bceff07ea90775ce7899cfb170833ed0241903638e2140f8e6ed80b743843632dd03b9ba3286af1f6ddd19a870e53e

Download Submit
C:\Windows\System\hAQlojD.exe

Filesize
6.0MB

MD5
9ca44ef03866ef0ab2b96d6485e07955

SHA1
00bd5aadb9a9d90dfb980499f9ab3cf61aab8855

SHA256
ec852af79fc9c00f32f4c6e8cc1ced4d338656f46eec33d2fad05cceeb026a8a

SHA512
800b4ca77ece8feab9d6dc885729e244d3ac55f8d2e839b36d4b65d5ce0a3f3f06fa5e1109dba0d95cd60df2c49913e74c890c16c75c043bf9cc3e3be37e9251

Download Submit
C:\Windows\System\huvyVxa.exe

Filesize
6.0MB

MD5
30b3cc62ce0702fff0280c38857f4d29

SHA1
dfc046347de70657a099ed6689244be308a50a16

SHA256
2203e15fae63b08e02cbd840e46c47d0cbddebe96b4ff030a60d801eab5a4a37

SHA512
0858157eb8f58d04819767c954492da1855826eb28688033e1c4aa068eb2250e2f5b0a3376db0b5d29ee04cec9f3bead164a47de695821e972a4c450f805b215

Download Submit
C:\Windows\System\kMfZIdw.exe

Filesize
6.0MB

MD5
a0bcb59125bde69a41ca2616a0e57124

SHA1
feb96fb23306e5a69ccf85c6170c71001d78375b

SHA256
606c1dfa4d06b58cc09ffee24d6937371b2c35ff979f5aabfed5c6c2f78ace52

SHA512
901cff77f29a48669b2ad68b8d4fd1d781ebfb5898cb7bc869aa1ccea5f0ea6febc0a9a6d9f321d313016add6b208ad193d8eab324314b39959ec7fa1233a31c

Download Submit
C:\Windows\System\kNFmUeP.exe

Filesize
6.0MB

MD5
10f80c6c06b532cc9eeb02b60c99578e

SHA1
46ee805cbaaad577867ffae18d6858d8f35a3fbf

SHA256
8e26b7c4e076734086004a2bbaeee1b3ba06c986f97a48cd4dda04390e5c9f06

SHA512
e8d11dc5bed13a5220d8a582980c43e098682d23879a375a446498bdb62c5966c9e6077aa6a1ceb27e0167430bc309851e59560e72ec3976954154c8df36da1d

Download Submit
C:\Windows\System\kRJyTUz.exe

Filesize
6.0MB

MD5
9c6e8bd205e96fcb11a132ca74039478

SHA1
4041ec6df4aad036d14f386e66494ae4e2ed618a

SHA256
2d189634fc975b8f9921b87cdaa08dbe60a92895b63d3cc991da9b3ee0802d1b

SHA512
54b8497828719bda3935a9aaf57e8c705ddbe309c42ed8580bb3275f82fb274fc57357698064e4bfff7ddfad873b0ceccccec4be47c209f423ec54ba53ee4be8

Download Submit
C:\Windows\System\kTkcyNK.exe

Filesize
6.0MB

MD5
0978a469f3dcfa2370bc827e12d95bbb

SHA1
56e09c395e89f860f0b32a759d54252803236289

SHA256
9609da72e94e530a7323f41864626a5ef0d5043241e10d13079b7f0339d841de

SHA512
c610e5d9410958e40cc0ece6114496b9b6aa7fe667ed4e2a1c54ac384a1312121052e0b3d5410648ed80c27b0d041eea67457fea7102f71b06c743e8f5dd61d2

Download Submit
C:\Windows\System\lZOzciA.exe

Filesize
6.0MB

MD5
cbf376d3e29ea85c71610d7e1039c525

SHA1
388b0514ed6552360815dc992d75adb119b03e30

SHA256
cfd67a33e2bb34645544de72c8f83bc3e1eea1915fbeb73b3600889b20305055

SHA512
2e999b479e5bec6efaa81d6a08466129cddf478b1dfd192d9c01f6da0444cb9aa1851d3a25f83dcb6380b3a5dc523fa08e649738578bdf855c93ccaaa281cb15

Download Submit
C:\Windows\System\pTUugBF.exe

Filesize
6.0MB

MD5
db3241a5d314b964cece57060d389e16

SHA1
628bafed37b4ce36bcc2b3102097bb97f3a48ec9

SHA256
b14c53c20a1788315a4a5e9ccee98b91080bcf253bb8c37e9df482492fffb1f3

SHA512
e8518ee0af11115dec18bc4c9349c03115907fe22875233d491173f13b520f935a8243e4db19279431d2fb0f014ddf995b604af5f6704a1cf6c6a754602bfa93

Download Submit
C:\Windows\System\qxqqfFa.exe

Filesize
6.0MB

MD5
faac4ead7f92635210837cabc0e55040

SHA1
0f23826b3a845f49e75ac8c78be25862db8443d3

SHA256
454f1737c82b323f736b29fc31b7250586324470ac3e2d59a91350e4c68e1959

SHA512
cd6d851bee4fd6a4eb48cd9edbd33d9e87e43b3614eab952741f327251474ccfe4206e211e7e05334bb779b5a126c553efe85b99f3347da4ebf1d92bd20f2be3

Download Submit
C:\Windows\System\rMFdJsA.exe

Filesize
6.0MB

MD5
d4cef1f1268887f12929cae347ceaf7f

SHA1
48f30f01d2bae452dd60f6bf74a92e2eb07adf8f

SHA256
a15482b4b2b05f5c7ee74aa7f8cde2bd550b90381c34e45bdd31cae709efc71d

SHA512
96072f542464a5afd229b8748d7d85c72e9b3d4ce98f802d88f4f79178d9ef16931d869ec3bf219bd7679d56328e6729551212d033e406e4406f609868a63abf

Download Submit
C:\Windows\System\uktlVTg.exe

Filesize
6.0MB

MD5
d13a527333a8891a3775a6bc8a7c911a

SHA1
145dbf40d9fc9b6461daaac86fdfda8c515ed4c5

SHA256
34cfdb952a641703c977c594850e610315c4fdd173ba78ffdcc69e3b2c8104ef

SHA512
4b5f6c12e5eefabc7edbc3b110c26a50dead988c929fdb38bd93bec4b6736d4e282110b05190dff5a57173bb0030be41e560ad8d5e50026a6ed7720599e71532

Download Submit
C:\Windows\System\wBHnPtV.exe

Filesize
6.0MB

MD5
a5ca6ae19ac0b912e334a38098b329c6

SHA1
942dc9b33303e9bf7cfd07ce569b8cba7783fb2f

SHA256
da080af941cd4fb71f9c83a549414f6d25ee44f2ac24b7704b0e0778fe17fa9d

SHA512
1c49f22ebbba46536ccd59b8616e0331f7b7b2128306c3914ca6355db446f78255633f312feba156d9a0646f68e587feaf153d5b5bc1f3d07e0415fb96f781f5

Download Submit
C:\Windows\System\yPtZBYa.exe

Filesize
6.0MB

MD5
fd6d1e8f4ae1e060b37aa696da820ad0

SHA1
217d11b1f0833b9ade54b2d351a7c871c8c10db2

SHA256
4c1c1b0d3a240e81e10a18e6aa4d0e3fd86ec417bb3317bff7889373c8796691

SHA512
0efbf2895cc120e017e50e5ce1ddba23b9fd0a0e736e902420337ace92fe2c11aed4d0175c9a4dc8bc30b43245fd6b842e05e62e2f3afbb905d97a392be4739c

Download Submit
C:\Windows\System\zFFDRJH.exe

Filesize
6.0MB

MD5
d180ae96cb54e7454141ae747ea61c9a

SHA1
1b0712408d3c4e79c6beb6119b5fc043558abbcb

SHA256
b189edecca53498398ab394bc66bfea87ee482bc09f90ead3e03974b010930f8

SHA512
8048a1a7cc34427ffd8fa063940e3aad887e02df6269d4efb5fd9eb0980d65596bdfab49f08be9ee2d06c81db23b1d53b63346299760ab29f95b255f6f77d52c

Download Submit
memory/100-1376-0x00007FF6BC080000-0x00007FF6BC3D4000-memory.dmp

Filesize
3.3MB

Download
memory/100-1605-0x00007FF6BC080000-0x00007FF6BC3D4000-memory.dmp

Filesize
3.3MB

Download
memory/100-179-0x00007FF6BC080000-0x00007FF6BC3D4000-memory.dmp

Filesize
3.3MB

Download
memory/376-70-0x00007FF78B450000-0x00007FF78B7A4000-memory.dmp

Filesize
3.3MB

Download
memory/376-1552-0x00007FF78B450000-0x00007FF78B7A4000-memory.dmp

Filesize
3.3MB

Download
memory/376-134-0x00007FF78B450000-0x00007FF78B7A4000-memory.dmp

Filesize
3.3MB

Download
memory/752-65-0x00007FF6EB9D0000-0x00007FF6EBD24000-memory.dmp

Filesize
3.3MB

Download
memory/752-126-0x00007FF6EB9D0000-0x00007FF6EBD24000-memory.dmp

Filesize
3.3MB

Download
memory/752-1545-0x00007FF6EB9D0000-0x00007FF6EBD24000-memory.dmp

Filesize
3.3MB

Download
memory/784-50-0x00007FF671210000-0x00007FF671564000-memory.dmp

Filesize
3.3MB

Download
memory/784-1432-0x00007FF671210000-0x00007FF671564000-memory.dmp

Filesize
3.3MB

Download
memory/884-56-0x00007FF668230000-0x00007FF668584000-memory.dmp

Filesize
3.3MB

Download
memory/884-0-0x00007FF668230000-0x00007FF668584000-memory.dmp

Filesize
3.3MB

Download
memory/884-1-0x0000018ACAAA0000-0x0000018ACAAB0000-memory.dmp

Filesize
64KB

Download
memory/1076-68-0x00007FF6E26C0000-0x00007FF6E2A14000-memory.dmp

Filesize
3.3MB

Download
memory/1076-1206-0x00007FF6E26C0000-0x00007FF6E2A14000-memory.dmp

Filesize
3.3MB

Download
memory/1076-12-0x00007FF6E26C0000-0x00007FF6E2A14000-memory.dmp

Filesize
3.3MB

Download
memory/1104-1603-0x00007FF7A7850000-0x00007FF7A7BA4000-memory.dmp

Filesize
3.3MB

Download
memory/1104-148-0x00007FF7A7850000-0x00007FF7A7BA4000-memory.dmp

Filesize
3.3MB

Download
memory/1104-1222-0x00007FF7A7850000-0x00007FF7A7BA4000-memory.dmp

Filesize
3.3MB

Download
memory/1520-174-0x00007FF771F20000-0x00007FF772274000-memory.dmp

Filesize
3.3MB

Download
memory/1520-1584-0x00007FF771F20000-0x00007FF772274000-memory.dmp

Filesize
3.3MB

Download
memory/1520-108-0x00007FF771F20000-0x00007FF772274000-memory.dmp

Filesize
3.3MB

Download
memory/1540-1598-0x00007FF709290000-0x00007FF7095E4000-memory.dmp

Filesize
3.3MB

Download
memory/1540-129-0x00007FF709290000-0x00007FF7095E4000-memory.dmp

Filesize
3.3MB

Download
memory/1540-1119-0x00007FF709290000-0x00007FF7095E4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-1534-0x00007FF67C510000-0x00007FF67C864000-memory.dmp

Filesize
3.3MB

Download
memory/1684-60-0x00007FF67C510000-0x00007FF67C864000-memory.dmp

Filesize
3.3MB

Download
memory/1712-161-0x00007FF60CF60000-0x00007FF60D2B4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-1569-0x00007FF60CF60000-0x00007FF60D2B4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-96-0x00007FF60CF60000-0x00007FF60D2B4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-38-0x00007FF6F9710000-0x00007FF6F9A64000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1381-0x00007FF6F9710000-0x00007FF6F9A64000-memory.dmp

Filesize
3.3MB

Download
memory/2524-24-0x00007FF7B3990000-0x00007FF7B3CE4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-1214-0x00007FF7B3990000-0x00007FF7B3CE4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-82-0x00007FF7B3990000-0x00007FF7B3CE4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-76-0x00007FF6617A0000-0x00007FF661AF4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-140-0x00007FF6617A0000-0x00007FF661AF4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-1560-0x00007FF6617A0000-0x00007FF661AF4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-75-0x00007FF68E0F0000-0x00007FF68E444000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1211-0x00007FF68E0F0000-0x00007FF68E444000-memory.dmp

Filesize
3.3MB

Download
memory/2852-18-0x00007FF68E0F0000-0x00007FF68E444000-memory.dmp

Filesize
3.3MB

Download
memory/2924-154-0x00007FF6FC500000-0x00007FF6FC854000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1561-0x00007FF6FC500000-0x00007FF6FC854000-memory.dmp

Filesize
3.3MB

Download
memory/2924-89-0x00007FF6FC500000-0x00007FF6FC854000-memory.dmp

Filesize
3.3MB

Download
memory/3216-102-0x00007FF6CD220000-0x00007FF6CD574000-memory.dmp

Filesize
3.3MB

Download
memory/3216-170-0x00007FF6CD220000-0x00007FF6CD574000-memory.dmp

Filesize
3.3MB

Download
memory/3216-1578-0x00007FF6CD220000-0x00007FF6CD574000-memory.dmp

Filesize
3.3MB

Download
memory/3268-1591-0x00007FF6E7320000-0x00007FF6E7674000-memory.dmp

Filesize
3.3MB

Download
memory/3268-114-0x00007FF6E7320000-0x00007FF6E7674000-memory.dmp

Filesize
3.3MB

Download
memory/3268-182-0x00007FF6E7320000-0x00007FF6E7674000-memory.dmp

Filesize
3.3MB

Download
memory/3664-1246-0x00007FF743420000-0x00007FF743774000-memory.dmp

Filesize
3.3MB

Download
memory/3664-1604-0x00007FF743420000-0x00007FF743774000-memory.dmp

Filesize
3.3MB

Download
memory/3664-155-0x00007FF743420000-0x00007FF743774000-memory.dmp

Filesize
3.3MB

Download
memory/3676-1599-0x00007FF7660E0000-0x00007FF766434000-memory.dmp

Filesize
3.3MB

Download
memory/3676-189-0x00007FF7660E0000-0x00007FF766434000-memory.dmp

Filesize
3.3MB

Download
memory/3676-120-0x00007FF7660E0000-0x00007FF766434000-memory.dmp

Filesize
3.3MB

Download
memory/4064-1606-0x00007FF6F64F0000-0x00007FF6F6844000-memory.dmp

Filesize
3.3MB

Download
memory/4064-1297-0x00007FF6F64F0000-0x00007FF6F6844000-memory.dmp

Filesize
3.3MB

Download
memory/4064-173-0x00007FF6F64F0000-0x00007FF6F6844000-memory.dmp

Filesize
3.3MB

Download
memory/4136-1611-0x00007FF7CE870000-0x00007FF7CEBC4000-memory.dmp

Filesize
3.3MB

Download
memory/4136-187-0x00007FF7CE870000-0x00007FF7CEBC4000-memory.dmp

Filesize
3.3MB

Download
memory/4136-1410-0x00007FF7CE870000-0x00007FF7CEBC4000-memory.dmp

Filesize
3.3MB

Download
memory/4352-162-0x00007FF673210000-0x00007FF673564000-memory.dmp

Filesize
3.3MB

Download
memory/4352-1295-0x00007FF673210000-0x00007FF673564000-memory.dmp

Filesize
3.3MB

Download
memory/4352-1610-0x00007FF673210000-0x00007FF673564000-memory.dmp

Filesize
3.3MB

Download
memory/4464-1427-0x00007FF6AC560000-0x00007FF6AC8B4000-memory.dmp

Filesize
3.3MB

Download
memory/4464-49-0x00007FF6AC560000-0x00007FF6AC8B4000-memory.dmp

Filesize
3.3MB

Download
memory/4512-1120-0x00007FF71CB40000-0x00007FF71CE94000-memory.dmp

Filesize
3.3MB

Download
memory/4512-1601-0x00007FF71CB40000-0x00007FF71CE94000-memory.dmp

Filesize
3.3MB

Download
memory/4512-137-0x00007FF71CB40000-0x00007FF71CE94000-memory.dmp

Filesize
3.3MB

Download
memory/4604-1615-0x00007FF70EFE0000-0x00007FF70F334000-memory.dmp

Filesize
3.3MB

Download
memory/4604-192-0x00007FF70EFE0000-0x00007FF70F334000-memory.dmp

Filesize
3.3MB

Download
memory/4604-1450-0x00007FF70EFE0000-0x00007FF70F334000-memory.dmp

Filesize
3.3MB

Download
memory/4760-1380-0x00007FF68B1D0000-0x00007FF68B524000-memory.dmp

Filesize
3.3MB

Download
memory/4760-30-0x00007FF68B1D0000-0x00007FF68B524000-memory.dmp

Filesize
3.3MB

Download
memory/4760-95-0x00007FF68B1D0000-0x00007FF68B524000-memory.dmp

Filesize
3.3MB

Download
memory/4840-1202-0x00007FF65E4D0000-0x00007FF65E824000-memory.dmp

Filesize
3.3MB

Download
memory/4840-61-0x00007FF65E4D0000-0x00007FF65E824000-memory.dmp

Filesize
3.3MB

Download
memory/4840-7-0x00007FF65E4D0000-0x00007FF65E824000-memory.dmp

Filesize
3.3MB

Download
memory/4916-141-0x00007FF72C630000-0x00007FF72C984000-memory.dmp

Filesize
3.3MB

Download
memory/4916-1602-0x00007FF72C630000-0x00007FF72C984000-memory.dmp

Filesize
3.3MB

Download
memory/4916-1180-0x00007FF72C630000-0x00007FF72C984000-memory.dmp

Filesize
3.3MB

Download
memory/4992-85-0x00007FF6EE320000-0x00007FF6EE674000-memory.dmp

Filesize
3.3MB

Download
memory/4992-147-0x00007FF6EE320000-0x00007FF6EE674000-memory.dmp

Filesize
3.3MB

Download
memory/4992-1557-0x00007FF6EE320000-0x00007FF6EE674000-memory.dmp

Filesize
3.3MB

Download