cobaltstrike | f7fa13c40580bd8106ad021dcceed4ded11770810e338e05ab1a85c57213a1a9

Analysis

max time kernel
150s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/11/2024, 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

64e8d8eb8a22ab07fa96c0a24b86592c
SHA1

7d12be79175f79362c6b819c998e3f3437913bd5
SHA256

f7fa13c40580bd8106ad021dcceed4ded11770810e338e05ab1a85c57213a1a9
SHA512

1dfc2b439e433c28d7cc306ee6a7fbacce22d4257e8e4d3576b53f1bc79c49656120de6fef0a64267b587225e6304ee11464ae524be19216ae6763e71d13b3e9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUQ:T+q56utgpPF8u/7Q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023c93-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c98-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c97-12.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c94-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9a-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9b-34.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9c-42.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9d-46.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9e-53.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9f-57.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca0-68.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca1-71.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca2-83.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca3-87.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca5-96.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-103.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca6-109.dat	cobalt_reflective_dll
behavioral2/files/0x0006000000023080-114.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023b2b-125.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000023b31-137.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000023b32-141.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca8-151.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caa-175.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-191.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-198.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cad-204.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cac-202.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-192.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cab-189.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-185.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca9-184.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca7-156.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023b2f-131.dat	cobalt_reflective_dll
behavioral2/files/0x00050000000230d8-121.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3020-0-0x00007FF668A70000-0x00007FF668DC4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c93-5.dat	xmrig
behavioral2/memory/1688-7-0x00007FF638C50000-0x00007FF638FA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c98-10.dat	xmrig
behavioral2/memory/4108-14-0x00007FF7AEDD0000-0x00007FF7AF124000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c97-12.dat	xmrig
behavioral2/memory/2656-20-0x00007FF614EA0000-0x00007FF6151F4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c94-23.dat	xmrig
behavioral2/files/0x0007000000023c9a-28.dat	xmrig
behavioral2/files/0x0007000000023c9b-34.dat	xmrig
behavioral2/memory/5024-35-0x00007FF769C30000-0x00007FF769F84000-memory.dmp	xmrig
behavioral2/memory/5004-36-0x00007FF644E30000-0x00007FF645184000-memory.dmp	xmrig
behavioral2/memory/868-24-0x00007FF7B9FE0000-0x00007FF7BA334000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9c-42.dat	xmrig
behavioral2/files/0x0007000000023c9d-46.dat	xmrig
behavioral2/memory/2032-49-0x00007FF6F3840000-0x00007FF6F3B94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9e-53.dat	xmrig
behavioral2/memory/3580-52-0x00007FF62EBD0000-0x00007FF62EF24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9f-57.dat	xmrig
behavioral2/memory/3900-63-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca0-68.dat	xmrig
behavioral2/files/0x0007000000023ca1-71.dat	xmrig
behavioral2/memory/4108-72-0x00007FF7AEDD0000-0x00007FF7AF124000-memory.dmp	xmrig
behavioral2/memory/2656-81-0x00007FF614EA0000-0x00007FF6151F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca2-83.dat	xmrig
behavioral2/files/0x0007000000023ca3-87.dat	xmrig
behavioral2/memory/5024-91-0x00007FF769C30000-0x00007FF769F84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca5-96.dat	xmrig
behavioral2/memory/4536-98-0x00007FF6DBAB0000-0x00007FF6DBE04000-memory.dmp	xmrig
behavioral2/memory/5004-101-0x00007FF644E30000-0x00007FF645184000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca4-103.dat	xmrig
behavioral2/memory/3972-100-0x00007FF6AF160000-0x00007FF6AF4B4000-memory.dmp	xmrig
behavioral2/memory/2284-93-0x00007FF640890000-0x00007FF640BE4000-memory.dmp	xmrig
behavioral2/memory/868-88-0x00007FF7B9FE0000-0x00007FF7BA334000-memory.dmp	xmrig
behavioral2/memory/2864-82-0x00007FF6A3F50000-0x00007FF6A42A4000-memory.dmp	xmrig
behavioral2/memory/4344-75-0x00007FF7841B0000-0x00007FF784504000-memory.dmp	xmrig
behavioral2/memory/1208-67-0x00007FF6FACC0000-0x00007FF6FB014000-memory.dmp	xmrig
behavioral2/memory/1688-66-0x00007FF638C50000-0x00007FF638FA4000-memory.dmp	xmrig
behavioral2/memory/4696-64-0x00007FF77ABA0000-0x00007FF77AEF4000-memory.dmp	xmrig
behavioral2/memory/3020-56-0x00007FF668A70000-0x00007FF668DC4000-memory.dmp	xmrig
behavioral2/memory/2032-106-0x00007FF6F3840000-0x00007FF6F3B94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca6-109.dat	xmrig
behavioral2/files/0x0006000000023080-114.dat	xmrig
behavioral2/memory/2116-113-0x00007FF755C70000-0x00007FF755FC4000-memory.dmp	xmrig
behavioral2/files/0x000e000000023b2b-125.dat	xmrig
behavioral2/memory/4188-127-0x00007FF7AD670000-0x00007FF7AD9C4000-memory.dmp	xmrig
behavioral2/files/0x000d000000023b31-137.dat	xmrig
behavioral2/files/0x000d000000023b32-141.dat	xmrig
behavioral2/files/0x0007000000023ca8-151.dat	xmrig
behavioral2/memory/732-153-0x00007FF7166F0000-0x00007FF716A44000-memory.dmp	xmrig
behavioral2/memory/2864-167-0x00007FF6A3F50000-0x00007FF6A42A4000-memory.dmp	xmrig
behavioral2/memory/2968-170-0x00007FF6D41F0000-0x00007FF6D4544000-memory.dmp	xmrig
behavioral2/files/0x0007000000023caa-175.dat	xmrig
behavioral2/files/0x0007000000023caf-191.dat	xmrig
behavioral2/files/0x0007000000023cb1-198.dat	xmrig
behavioral2/memory/2072-267-0x00007FF7967E0000-0x00007FF796B34000-memory.dmp	xmrig
behavioral2/memory/4536-436-0x00007FF6DBAB0000-0x00007FF6DBE04000-memory.dmp	xmrig
behavioral2/memory/1716-438-0x00007FF61A660000-0x00007FF61A9B4000-memory.dmp	xmrig
behavioral2/memory/4188-618-0x00007FF7AD670000-0x00007FF7AD9C4000-memory.dmp	xmrig
behavioral2/memory/2116-542-0x00007FF755C70000-0x00007FF755FC4000-memory.dmp	xmrig
behavioral2/memory/3972-437-0x00007FF6AF160000-0x00007FF6AF4B4000-memory.dmp	xmrig
behavioral2/memory/4220-275-0x00007FF70FE80000-0x00007FF7101D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cad-204.dat	xmrig
behavioral2/files/0x0007000000023cac-202.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1688	QNeKjmg.exe
4108	eaLspsq.exe
2656	fRSDzDM.exe
868	aXGfIiq.exe
5024	AevosYe.exe
5004	WCYMdxp.exe
2032	LmvLVMK.exe
3580	ACnzFvL.exe
3900	gQbullk.exe
4696	qqUZdJu.exe
1208	tJrGASl.exe
4344	NMBCPxX.exe
2864	dgPEHEq.exe
2284	BSOhwJk.exe
4536	NIxvzXV.exe
3972	oTQdFQw.exe
2116	xQmWLGu.exe
4280	OVRxAhk.exe
3180	hEZpyql.exe
4188	KqFnuFy.exe
2592	CcPaEKg.exe
732	NvKbEHc.exe
4908	MInXGvM.exe
4880	puynwNu.exe
3956	FuouFnK.exe
2968	acmAMNK.exe
2072	oWhrakE.exe
4220	IBvYzJc.exe
1716	oBRwcqg.exe
4772	iJRSIhy.exe
2328	MJpLVie.exe
1956	uUYhIXf.exe
3440	cpeEDqb.exe
4360	tFzclyp.exe
2848	bWDHIJs.exe
872	TqsGLqQ.exe
4816	AzNxqES.exe
1496	CccLZMx.exe
1460	rwWsjzc.exe
3488	ACFcQYL.exe
1804	YsHjNMs.exe
1476	xldIPVA.exe
1852	WYnQMBP.exe
3412	HLWRLaI.exe
4272	tbSPueT.exe
2972	VECRoEU.exe
3464	oiGafIW.exe
5000	aRaEwCA.exe
3136	tCAFHYk.exe
1968	xzhfQTU.exe
1528	TFLAcWT.exe
2460	BuLgWUp.exe
2008	WSrZeip.exe
3780	CiVcwgU.exe
3816	eNlNFEb.exe
3864	OBTFeqA.exe
3024	hDZBcCX.exe
524	Yqdcojf.exe
4928	wPKsVem.exe
1512	OCbnNhM.exe
3612	gXLQPdZ.exe
3408	EvLblOe.exe
5044	nsdEyKb.exe
1312	YSVHlnG.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3020-0-0x00007FF668A70000-0x00007FF668DC4000-memory.dmp	upx
behavioral2/files/0x0008000000023c93-5.dat	upx
behavioral2/memory/1688-7-0x00007FF638C50000-0x00007FF638FA4000-memory.dmp	upx
behavioral2/files/0x0007000000023c98-10.dat	upx
behavioral2/memory/4108-14-0x00007FF7AEDD0000-0x00007FF7AF124000-memory.dmp	upx
behavioral2/files/0x0007000000023c97-12.dat	upx
behavioral2/memory/2656-20-0x00007FF614EA0000-0x00007FF6151F4000-memory.dmp	upx
behavioral2/files/0x0008000000023c94-23.dat	upx
behavioral2/files/0x0007000000023c9a-28.dat	upx
behavioral2/files/0x0007000000023c9b-34.dat	upx
behavioral2/memory/5024-35-0x00007FF769C30000-0x00007FF769F84000-memory.dmp	upx
behavioral2/memory/5004-36-0x00007FF644E30000-0x00007FF645184000-memory.dmp	upx
behavioral2/memory/868-24-0x00007FF7B9FE0000-0x00007FF7BA334000-memory.dmp	upx
behavioral2/files/0x0007000000023c9c-42.dat	upx
behavioral2/files/0x0007000000023c9d-46.dat	upx
behavioral2/memory/2032-49-0x00007FF6F3840000-0x00007FF6F3B94000-memory.dmp	upx
behavioral2/files/0x0007000000023c9e-53.dat	upx
behavioral2/memory/3580-52-0x00007FF62EBD0000-0x00007FF62EF24000-memory.dmp	upx
behavioral2/files/0x0007000000023c9f-57.dat	upx
behavioral2/memory/3900-63-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp	upx
behavioral2/files/0x0007000000023ca0-68.dat	upx
behavioral2/files/0x0007000000023ca1-71.dat	upx
behavioral2/memory/4108-72-0x00007FF7AEDD0000-0x00007FF7AF124000-memory.dmp	upx
behavioral2/memory/2656-81-0x00007FF614EA0000-0x00007FF6151F4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca2-83.dat	upx
behavioral2/files/0x0007000000023ca3-87.dat	upx
behavioral2/memory/5024-91-0x00007FF769C30000-0x00007FF769F84000-memory.dmp	upx
behavioral2/files/0x0007000000023ca5-96.dat	upx
behavioral2/memory/4536-98-0x00007FF6DBAB0000-0x00007FF6DBE04000-memory.dmp	upx
behavioral2/memory/5004-101-0x00007FF644E30000-0x00007FF645184000-memory.dmp	upx
behavioral2/files/0x0007000000023ca4-103.dat	upx
behavioral2/memory/3972-100-0x00007FF6AF160000-0x00007FF6AF4B4000-memory.dmp	upx
behavioral2/memory/2284-93-0x00007FF640890000-0x00007FF640BE4000-memory.dmp	upx
behavioral2/memory/868-88-0x00007FF7B9FE0000-0x00007FF7BA334000-memory.dmp	upx
behavioral2/memory/2864-82-0x00007FF6A3F50000-0x00007FF6A42A4000-memory.dmp	upx
behavioral2/memory/4344-75-0x00007FF7841B0000-0x00007FF784504000-memory.dmp	upx
behavioral2/memory/1208-67-0x00007FF6FACC0000-0x00007FF6FB014000-memory.dmp	upx
behavioral2/memory/1688-66-0x00007FF638C50000-0x00007FF638FA4000-memory.dmp	upx
behavioral2/memory/4696-64-0x00007FF77ABA0000-0x00007FF77AEF4000-memory.dmp	upx
behavioral2/memory/3020-56-0x00007FF668A70000-0x00007FF668DC4000-memory.dmp	upx
behavioral2/memory/2032-106-0x00007FF6F3840000-0x00007FF6F3B94000-memory.dmp	upx
behavioral2/files/0x0007000000023ca6-109.dat	upx
behavioral2/files/0x0006000000023080-114.dat	upx
behavioral2/memory/2116-113-0x00007FF755C70000-0x00007FF755FC4000-memory.dmp	upx
behavioral2/files/0x000e000000023b2b-125.dat	upx
behavioral2/memory/4188-127-0x00007FF7AD670000-0x00007FF7AD9C4000-memory.dmp	upx
behavioral2/files/0x000d000000023b31-137.dat	upx
behavioral2/files/0x000d000000023b32-141.dat	upx
behavioral2/files/0x0007000000023ca8-151.dat	upx
behavioral2/memory/732-153-0x00007FF7166F0000-0x00007FF716A44000-memory.dmp	upx
behavioral2/memory/2864-167-0x00007FF6A3F50000-0x00007FF6A42A4000-memory.dmp	upx
behavioral2/memory/2968-170-0x00007FF6D41F0000-0x00007FF6D4544000-memory.dmp	upx
behavioral2/files/0x0007000000023caa-175.dat	upx
behavioral2/files/0x0007000000023caf-191.dat	upx
behavioral2/files/0x0007000000023cb1-198.dat	upx
behavioral2/memory/2072-267-0x00007FF7967E0000-0x00007FF796B34000-memory.dmp	upx
behavioral2/memory/4536-436-0x00007FF6DBAB0000-0x00007FF6DBE04000-memory.dmp	upx
behavioral2/memory/1716-438-0x00007FF61A660000-0x00007FF61A9B4000-memory.dmp	upx
behavioral2/memory/4188-618-0x00007FF7AD670000-0x00007FF7AD9C4000-memory.dmp	upx
behavioral2/memory/2116-542-0x00007FF755C70000-0x00007FF755FC4000-memory.dmp	upx
behavioral2/memory/3972-437-0x00007FF6AF160000-0x00007FF6AF4B4000-memory.dmp	upx
behavioral2/memory/4220-275-0x00007FF70FE80000-0x00007FF7101D4000-memory.dmp	upx
behavioral2/files/0x0007000000023cad-204.dat	upx
behavioral2/files/0x0007000000023cac-202.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KUtpgNq.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkpwMJe.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oCDAwHK.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYaRYJu.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uftbFVx.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLvAmyo.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MmYBUrT.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmVvUTi.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhkpgbA.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCCKqJZ.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CcPaEKg.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sGTqzrN.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPadHoH.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RXbSGVk.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLhAxLC.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRvihit.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfFfxOc.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPdDcYc.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHnOdAr.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRZGZvr.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\djxjFnG.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVBvEyR.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STrYSob.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UEdApYr.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEVTmBM.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qThqSsF.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNaIiRB.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSAFEoO.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cVfLvOg.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wofSsro.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYkQWFB.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AVEqnOm.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUafWmY.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IaiGbqh.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ibjqaJH.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AaNWbED.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFeNfMY.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSOsjSD.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uloONku.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhFkncV.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxLCBYb.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rMICknN.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KUlJbbE.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGwcHJh.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LFsldOO.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDbvrZp.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtzCGNs.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zfNajRX.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNDReyL.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZQQmMM.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHHimYP.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLJOjmE.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRqTdod.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IiRLOvc.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQFuBMC.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fMupAtA.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cotiMNU.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hEsrgjo.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eiiZNXe.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBJVEHD.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HidvtzY.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtFHgSl.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oaIkPVo.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSRHsiM.exe	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 1688	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3020 wrote to memory of 1688	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3020 wrote to memory of 4108	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3020 wrote to memory of 4108	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3020 wrote to memory of 2656	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3020 wrote to memory of 2656	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3020 wrote to memory of 868	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3020 wrote to memory of 868	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3020 wrote to memory of 5024	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3020 wrote to memory of 5024	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3020 wrote to memory of 5004	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3020 wrote to memory of 5004	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3020 wrote to memory of 2032	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3020 wrote to memory of 2032	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3020 wrote to memory of 3580	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3020 wrote to memory of 3580	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3020 wrote to memory of 3900	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3020 wrote to memory of 3900	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3020 wrote to memory of 4696	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3020 wrote to memory of 4696	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3020 wrote to memory of 1208	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3020 wrote to memory of 1208	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3020 wrote to memory of 4344	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3020 wrote to memory of 4344	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3020 wrote to memory of 2864	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3020 wrote to memory of 2864	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3020 wrote to memory of 2284	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3020 wrote to memory of 2284	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3020 wrote to memory of 4536	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3020 wrote to memory of 4536	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3020 wrote to memory of 3972	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3020 wrote to memory of 3972	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3020 wrote to memory of 2116	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3020 wrote to memory of 2116	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3020 wrote to memory of 4280	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3020 wrote to memory of 4280	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3020 wrote to memory of 3180	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3020 wrote to memory of 3180	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3020 wrote to memory of 4188	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3020 wrote to memory of 4188	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3020 wrote to memory of 2592	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3020 wrote to memory of 2592	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3020 wrote to memory of 732	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3020 wrote to memory of 732	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3020 wrote to memory of 4908	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3020 wrote to memory of 4908	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3020 wrote to memory of 4880	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3020 wrote to memory of 4880	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3020 wrote to memory of 3956	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3020 wrote to memory of 3956	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3020 wrote to memory of 2968	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3020 wrote to memory of 2968	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3020 wrote to memory of 4220	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3020 wrote to memory of 4220	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3020 wrote to memory of 2072	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 3020 wrote to memory of 2072	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 3020 wrote to memory of 1716	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 3020 wrote to memory of 1716	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 3020 wrote to memory of 4772	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 3020 wrote to memory of 4772	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 3020 wrote to memory of 2328	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 3020 wrote to memory of 2328	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 3020 wrote to memory of 1956	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	122
PID 3020 wrote to memory of 1956	3020	2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe	122

C:\Users\Admin\AppData\Local\Temp\2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-18_64e8d8eb8a22ab07fa96c0a24b86592c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\System\QNeKjmg.exe
  C:\Windows\System\QNeKjmg.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\eaLspsq.exe
  C:\Windows\System\eaLspsq.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\fRSDzDM.exe
  C:\Windows\System\fRSDzDM.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\aXGfIiq.exe
  C:\Windows\System\aXGfIiq.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\AevosYe.exe
  C:\Windows\System\AevosYe.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\WCYMdxp.exe
  C:\Windows\System\WCYMdxp.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\LmvLVMK.exe
  C:\Windows\System\LmvLVMK.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\ACnzFvL.exe
  C:\Windows\System\ACnzFvL.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\gQbullk.exe
  C:\Windows\System\gQbullk.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\qqUZdJu.exe
  C:\Windows\System\qqUZdJu.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\tJrGASl.exe
  C:\Windows\System\tJrGASl.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\NMBCPxX.exe
  C:\Windows\System\NMBCPxX.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\dgPEHEq.exe
  C:\Windows\System\dgPEHEq.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\BSOhwJk.exe
  C:\Windows\System\BSOhwJk.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\NIxvzXV.exe
  C:\Windows\System\NIxvzXV.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\oTQdFQw.exe
  C:\Windows\System\oTQdFQw.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\xQmWLGu.exe
  C:\Windows\System\xQmWLGu.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\OVRxAhk.exe
  C:\Windows\System\OVRxAhk.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\hEZpyql.exe
  C:\Windows\System\hEZpyql.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\KqFnuFy.exe
  C:\Windows\System\KqFnuFy.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\CcPaEKg.exe
  C:\Windows\System\CcPaEKg.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\NvKbEHc.exe
  C:\Windows\System\NvKbEHc.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\MInXGvM.exe
  C:\Windows\System\MInXGvM.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\puynwNu.exe
  C:\Windows\System\puynwNu.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\FuouFnK.exe
  C:\Windows\System\FuouFnK.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\acmAMNK.exe
  C:\Windows\System\acmAMNK.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\IBvYzJc.exe
  C:\Windows\System\IBvYzJc.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\oWhrakE.exe
  C:\Windows\System\oWhrakE.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\oBRwcqg.exe
  C:\Windows\System\oBRwcqg.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\iJRSIhy.exe
  C:\Windows\System\iJRSIhy.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\MJpLVie.exe
  C:\Windows\System\MJpLVie.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\uUYhIXf.exe
  C:\Windows\System\uUYhIXf.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\cpeEDqb.exe
  C:\Windows\System\cpeEDqb.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\tFzclyp.exe
  C:\Windows\System\tFzclyp.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\bWDHIJs.exe
  C:\Windows\System\bWDHIJs.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\TqsGLqQ.exe
  C:\Windows\System\TqsGLqQ.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\AzNxqES.exe
  C:\Windows\System\AzNxqES.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\CccLZMx.exe
  C:\Windows\System\CccLZMx.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\rwWsjzc.exe
  C:\Windows\System\rwWsjzc.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\ACFcQYL.exe
  C:\Windows\System\ACFcQYL.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\YsHjNMs.exe
  C:\Windows\System\YsHjNMs.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\xldIPVA.exe
  C:\Windows\System\xldIPVA.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\WYnQMBP.exe
  C:\Windows\System\WYnQMBP.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\HLWRLaI.exe
  C:\Windows\System\HLWRLaI.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\tbSPueT.exe
  C:\Windows\System\tbSPueT.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\VECRoEU.exe
  C:\Windows\System\VECRoEU.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\oiGafIW.exe
  C:\Windows\System\oiGafIW.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\aRaEwCA.exe
  C:\Windows\System\aRaEwCA.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\tCAFHYk.exe
  C:\Windows\System\tCAFHYk.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\xzhfQTU.exe
  C:\Windows\System\xzhfQTU.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\TFLAcWT.exe
  C:\Windows\System\TFLAcWT.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\BuLgWUp.exe
  C:\Windows\System\BuLgWUp.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\WSrZeip.exe
  C:\Windows\System\WSrZeip.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\CiVcwgU.exe
  C:\Windows\System\CiVcwgU.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\eNlNFEb.exe
  C:\Windows\System\eNlNFEb.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System\OBTFeqA.exe
  C:\Windows\System\OBTFeqA.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\hDZBcCX.exe
  C:\Windows\System\hDZBcCX.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\Yqdcojf.exe
  C:\Windows\System\Yqdcojf.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\wPKsVem.exe
  C:\Windows\System\wPKsVem.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\OCbnNhM.exe
  C:\Windows\System\OCbnNhM.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\gXLQPdZ.exe
  C:\Windows\System\gXLQPdZ.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\EvLblOe.exe
  C:\Windows\System\EvLblOe.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\nsdEyKb.exe
  C:\Windows\System\nsdEyKb.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\YSVHlnG.exe
  C:\Windows\System\YSVHlnG.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\bErRggB.exe
  C:\Windows\System\bErRggB.exe
  2⤵
  PID:5152
- C:\Windows\System\umbkyDz.exe
  C:\Windows\System\umbkyDz.exe
  2⤵
  PID:5176
- C:\Windows\System\dakENTI.exe
  C:\Windows\System\dakENTI.exe
  2⤵
  PID:5204
- C:\Windows\System\nWERkZP.exe
  C:\Windows\System\nWERkZP.exe
  2⤵
  PID:5228
- C:\Windows\System\qjhIfLc.exe
  C:\Windows\System\qjhIfLc.exe
  2⤵
  PID:5260
- C:\Windows\System\BNuKDhq.exe
  C:\Windows\System\BNuKDhq.exe
  2⤵
  PID:5284
- C:\Windows\System\yjqsSsa.exe
  C:\Windows\System\yjqsSsa.exe
  2⤵
  PID:5316
- C:\Windows\System\QuZWFNk.exe
  C:\Windows\System\QuZWFNk.exe
  2⤵
  PID:5352
- C:\Windows\System\IiNljUk.exe
  C:\Windows\System\IiNljUk.exe
  2⤵
  PID:5376
- C:\Windows\System\HTnLuqK.exe
  C:\Windows\System\HTnLuqK.exe
  2⤵
  PID:5400
- C:\Windows\System\fgWVOOH.exe
  C:\Windows\System\fgWVOOH.exe
  2⤵
  PID:5416
- C:\Windows\System\HrcmYBN.exe
  C:\Windows\System\HrcmYBN.exe
  2⤵
  PID:5440
- C:\Windows\System\eiiZNXe.exe
  C:\Windows\System\eiiZNXe.exe
  2⤵
  PID:5460
- C:\Windows\System\ZyMjWcy.exe
  C:\Windows\System\ZyMjWcy.exe
  2⤵
  PID:5504
- C:\Windows\System\rYnXTZZ.exe
  C:\Windows\System\rYnXTZZ.exe
  2⤵
  PID:5520
- C:\Windows\System\nvScrJn.exe
  C:\Windows\System\nvScrJn.exe
  2⤵
  PID:5544
- C:\Windows\System\fPhprsg.exe
  C:\Windows\System\fPhprsg.exe
  2⤵
  PID:5572
- C:\Windows\System\slTXGDg.exe
  C:\Windows\System\slTXGDg.exe
  2⤵
  PID:5588
- C:\Windows\System\IrKJwYa.exe
  C:\Windows\System\IrKJwYa.exe
  2⤵
  PID:5624
- C:\Windows\System\NTYuORl.exe
  C:\Windows\System\NTYuORl.exe
  2⤵
  PID:5656
- C:\Windows\System\NDdaMxB.exe
  C:\Windows\System\NDdaMxB.exe
  2⤵
  PID:5696
- C:\Windows\System\BVjOdyx.exe
  C:\Windows\System\BVjOdyx.exe
  2⤵
  PID:5724
- C:\Windows\System\kxymboL.exe
  C:\Windows\System\kxymboL.exe
  2⤵
  PID:5752
- C:\Windows\System\NehWlXH.exe
  C:\Windows\System\NehWlXH.exe
  2⤵
  PID:5780
- C:\Windows\System\PZOXnvo.exe
  C:\Windows\System\PZOXnvo.exe
  2⤵
  PID:5816
- C:\Windows\System\SBXgoQv.exe
  C:\Windows\System\SBXgoQv.exe
  2⤵
  PID:5844
- C:\Windows\System\vBJVEHD.exe
  C:\Windows\System\vBJVEHD.exe
  2⤵
  PID:5864
- C:\Windows\System\AFUwfNw.exe
  C:\Windows\System\AFUwfNw.exe
  2⤵
  PID:5880
- C:\Windows\System\EOYXARj.exe
  C:\Windows\System\EOYXARj.exe
  2⤵
  PID:5920
- C:\Windows\System\QynaKZV.exe
  C:\Windows\System\QynaKZV.exe
  2⤵
  PID:5948
- C:\Windows\System\ylWsIFU.exe
  C:\Windows\System\ylWsIFU.exe
  2⤵
  PID:5976
- C:\Windows\System\vrigyWU.exe
  C:\Windows\System\vrigyWU.exe
  2⤵
  PID:6012
- C:\Windows\System\xdCRwxU.exe
  C:\Windows\System\xdCRwxU.exe
  2⤵
  PID:6032
- C:\Windows\System\YOchPXD.exe
  C:\Windows\System\YOchPXD.exe
  2⤵
  PID:6048
- C:\Windows\System\EhFkncV.exe
  C:\Windows\System\EhFkncV.exe
  2⤵
  PID:6084
- C:\Windows\System\qFGqyqt.exe
  C:\Windows\System\qFGqyqt.exe
  2⤵
  PID:6120
- C:\Windows\System\YwdvAsL.exe
  C:\Windows\System\YwdvAsL.exe
  2⤵
  PID:5192
- C:\Windows\System\cgWYDJe.exe
  C:\Windows\System\cgWYDJe.exe
  2⤵
  PID:4648
- C:\Windows\System\aHWmZjH.exe
  C:\Windows\System\aHWmZjH.exe
  2⤵
  PID:4992
- C:\Windows\System\IwHaAkW.exe
  C:\Windows\System\IwHaAkW.exe
  2⤵
  PID:4624
- C:\Windows\System\BcGQBjG.exe
  C:\Windows\System\BcGQBjG.exe
  2⤵
  PID:5080
- C:\Windows\System\XIKovTX.exe
  C:\Windows\System\XIKovTX.exe
  2⤵
  PID:2320
- C:\Windows\System\GyFtQmd.exe
  C:\Windows\System\GyFtQmd.exe
  2⤵
  PID:5244
- C:\Windows\System\qAKeVmx.exe
  C:\Windows\System\qAKeVmx.exe
  2⤵
  PID:5304
- C:\Windows\System\qHZkJzY.exe
  C:\Windows\System\qHZkJzY.exe
  2⤵
  PID:5368
- C:\Windows\System\yXNkPHg.exe
  C:\Windows\System\yXNkPHg.exe
  2⤵
  PID:5436
- C:\Windows\System\QfzRjgD.exe
  C:\Windows\System\QfzRjgD.exe
  2⤵
  PID:5472
- C:\Windows\System\etzxore.exe
  C:\Windows\System\etzxore.exe
  2⤵
  PID:5768
- C:\Windows\System\fBnbnQS.exe
  C:\Windows\System\fBnbnQS.exe
  2⤵
  PID:5824
- C:\Windows\System\PMKZSMN.exe
  C:\Windows\System\PMKZSMN.exe
  2⤵
  PID:5900
- C:\Windows\System\thArujJ.exe
  C:\Windows\System\thArujJ.exe
  2⤵
  PID:5940
- C:\Windows\System\mPduOKg.exe
  C:\Windows\System\mPduOKg.exe
  2⤵
  PID:6004
- C:\Windows\System\rAcjMJc.exe
  C:\Windows\System\rAcjMJc.exe
  2⤵
  PID:6072
- C:\Windows\System\dYtFFBF.exe
  C:\Windows\System\dYtFFBF.exe
  2⤵
  PID:5216
- C:\Windows\System\WEFcfwE.exe
  C:\Windows\System\WEFcfwE.exe
  2⤵
  PID:1172
- C:\Windows\System\ZGHsQDm.exe
  C:\Windows\System\ZGHsQDm.exe
  2⤵
  PID:3600
- C:\Windows\System\jgYzEBH.exe
  C:\Windows\System\jgYzEBH.exe
  2⤵
  PID:5276
- C:\Windows\System\makKTyr.exe
  C:\Windows\System\makKTyr.exe
  2⤵
  PID:5332
- C:\Windows\System\kKVXkwY.exe
  C:\Windows\System\kKVXkwY.exe
  2⤵
  PID:5412
- C:\Windows\System\SHnNPRK.exe
  C:\Windows\System\SHnNPRK.exe
  2⤵
  PID:5676
- C:\Windows\System\AWXXfKm.exe
  C:\Windows\System\AWXXfKm.exe
  2⤵
  PID:5928
- C:\Windows\System\uGXjwes.exe
  C:\Windows\System\uGXjwes.exe
  2⤵
  PID:6040
- C:\Windows\System\IlAPkyl.exe
  C:\Windows\System\IlAPkyl.exe
  2⤵
  PID:6108
- C:\Windows\System\mhtQyfP.exe
  C:\Windows\System\mhtQyfP.exe
  2⤵
  PID:1744
- C:\Windows\System\aVPZFFL.exe
  C:\Windows\System\aVPZFFL.exe
  2⤵
  PID:5224
- C:\Windows\System\wcolkWB.exe
  C:\Windows\System\wcolkWB.exe
  2⤵
  PID:4824
- C:\Windows\System\GSegMcZ.exe
  C:\Windows\System\GSegMcZ.exe
  2⤵
  PID:5852
- C:\Windows\System\NyhXmCD.exe
  C:\Windows\System\NyhXmCD.exe
  2⤵
  PID:6176
- C:\Windows\System\zyDsALQ.exe
  C:\Windows\System\zyDsALQ.exe
  2⤵
  PID:6196
- C:\Windows\System\mwDtYbi.exe
  C:\Windows\System\mwDtYbi.exe
  2⤵
  PID:6248
- C:\Windows\System\BUzPmHf.exe
  C:\Windows\System\BUzPmHf.exe
  2⤵
  PID:6288
- C:\Windows\System\cVsgaog.exe
  C:\Windows\System\cVsgaog.exe
  2⤵
  PID:6308
- C:\Windows\System\edaaRJY.exe
  C:\Windows\System\edaaRJY.exe
  2⤵
  PID:6340
- C:\Windows\System\KZFJBYY.exe
  C:\Windows\System\KZFJBYY.exe
  2⤵
  PID:6360
- C:\Windows\System\paSIWwY.exe
  C:\Windows\System\paSIWwY.exe
  2⤵
  PID:6376
- C:\Windows\System\nOxzvkT.exe
  C:\Windows\System\nOxzvkT.exe
  2⤵
  PID:6420
- C:\Windows\System\HidvtzY.exe
  C:\Windows\System\HidvtzY.exe
  2⤵
  PID:6448
- C:\Windows\System\bTRaLCf.exe
  C:\Windows\System\bTRaLCf.exe
  2⤵
  PID:6468
- C:\Windows\System\imLVCKy.exe
  C:\Windows\System\imLVCKy.exe
  2⤵
  PID:6500
- C:\Windows\System\VSEDydE.exe
  C:\Windows\System\VSEDydE.exe
  2⤵
  PID:6544
- C:\Windows\System\nbweKIz.exe
  C:\Windows\System\nbweKIz.exe
  2⤵
  PID:6564
- C:\Windows\System\JPEEBSq.exe
  C:\Windows\System\JPEEBSq.exe
  2⤵
  PID:6596
- C:\Windows\System\CwjgyPN.exe
  C:\Windows\System\CwjgyPN.exe
  2⤵
  PID:6632
- C:\Windows\System\lHqwOjV.exe
  C:\Windows\System\lHqwOjV.exe
  2⤵
  PID:6648
- C:\Windows\System\oxLCBYb.exe
  C:\Windows\System\oxLCBYb.exe
  2⤵
  PID:6664
- C:\Windows\System\msKpAYv.exe
  C:\Windows\System\msKpAYv.exe
  2⤵
  PID:6680
- C:\Windows\System\sGTqzrN.exe
  C:\Windows\System\sGTqzrN.exe
  2⤵
  PID:6696
- C:\Windows\System\vhQBXqn.exe
  C:\Windows\System\vhQBXqn.exe
  2⤵
  PID:6712
- C:\Windows\System\RTuBxlm.exe
  C:\Windows\System\RTuBxlm.exe
  2⤵
  PID:6732
- C:\Windows\System\mJAPVft.exe
  C:\Windows\System\mJAPVft.exe
  2⤵
  PID:6748
- C:\Windows\System\gbPaFVR.exe
  C:\Windows\System\gbPaFVR.exe
  2⤵
  PID:6764
- C:\Windows\System\cgFHOFR.exe
  C:\Windows\System\cgFHOFR.exe
  2⤵
  PID:6780
- C:\Windows\System\kHIthFJ.exe
  C:\Windows\System\kHIthFJ.exe
  2⤵
  PID:6796
- C:\Windows\System\uXPefIh.exe
  C:\Windows\System\uXPefIh.exe
  2⤵
  PID:6812
- C:\Windows\System\lSJCSdy.exe
  C:\Windows\System\lSJCSdy.exe
  2⤵
  PID:6836
- C:\Windows\System\DcsDVOn.exe
  C:\Windows\System\DcsDVOn.exe
  2⤵
  PID:6860
- C:\Windows\System\rGlwYXi.exe
  C:\Windows\System\rGlwYXi.exe
  2⤵
  PID:6876
- C:\Windows\System\yWoFyUj.exe
  C:\Windows\System\yWoFyUj.exe
  2⤵
  PID:6892
- C:\Windows\System\hVroGPc.exe
  C:\Windows\System\hVroGPc.exe
  2⤵
  PID:6908
- C:\Windows\System\nRSkVcK.exe
  C:\Windows\System\nRSkVcK.exe
  2⤵
  PID:6924
- C:\Windows\System\WKlQHJW.exe
  C:\Windows\System\WKlQHJW.exe
  2⤵
  PID:6940
- C:\Windows\System\XnmSHkG.exe
  C:\Windows\System\XnmSHkG.exe
  2⤵
  PID:6956
- C:\Windows\System\iOByDIh.exe
  C:\Windows\System\iOByDIh.exe
  2⤵
  PID:6972
- C:\Windows\System\rkCIadn.exe
  C:\Windows\System\rkCIadn.exe
  2⤵
  PID:6988
- C:\Windows\System\ThkVQXw.exe
  C:\Windows\System\ThkVQXw.exe
  2⤵
  PID:7004
- C:\Windows\System\sauPARc.exe
  C:\Windows\System\sauPARc.exe
  2⤵
  PID:7020
- C:\Windows\System\lXbqWPx.exe
  C:\Windows\System\lXbqWPx.exe
  2⤵
  PID:7036
- C:\Windows\System\OOFYCkJ.exe
  C:\Windows\System\OOFYCkJ.exe
  2⤵
  PID:7052
- C:\Windows\System\WkMaplf.exe
  C:\Windows\System\WkMaplf.exe
  2⤵
  PID:7068
- C:\Windows\System\EevQaQE.exe
  C:\Windows\System\EevQaQE.exe
  2⤵
  PID:7084
- C:\Windows\System\mlKKdSA.exe
  C:\Windows\System\mlKKdSA.exe
  2⤵
  PID:7100
- C:\Windows\System\izzGhoe.exe
  C:\Windows\System\izzGhoe.exe
  2⤵
  PID:7116
- C:\Windows\System\llEWFRF.exe
  C:\Windows\System\llEWFRF.exe
  2⤵
  PID:7132
- C:\Windows\System\XXUCiSs.exe
  C:\Windows\System\XXUCiSs.exe
  2⤵
  PID:7148
- C:\Windows\System\qcxixZC.exe
  C:\Windows\System\qcxixZC.exe
  2⤵
  PID:7164
- C:\Windows\System\BAmOeiU.exe
  C:\Windows\System\BAmOeiU.exe
  2⤵
  PID:116
- C:\Windows\System\oSAFEoO.exe
  C:\Windows\System\oSAFEoO.exe
  2⤵
  PID:5984
- C:\Windows\System\EUzjQwT.exe
  C:\Windows\System\EUzjQwT.exe
  2⤵
  PID:2016
- C:\Windows\System\HPXxJuI.exe
  C:\Windows\System\HPXxJuI.exe
  2⤵
  PID:6444
- C:\Windows\System\vyWHjgm.exe
  C:\Windows\System\vyWHjgm.exe
  2⤵
  PID:6936
- C:\Windows\System\qpZOvLf.exe
  C:\Windows\System\qpZOvLf.exe
  2⤵
  PID:1612
- C:\Windows\System\ONeTmld.exe
  C:\Windows\System\ONeTmld.exe
  2⤵
  PID:5344
- C:\Windows\System\jgxCUnt.exe
  C:\Windows\System\jgxCUnt.exe
  2⤵
  PID:6320
- C:\Windows\System\LdtFAQR.exe
  C:\Windows\System\LdtFAQR.exe
  2⤵
  PID:6588
- C:\Windows\System\jkvppoM.exe
  C:\Windows\System\jkvppoM.exe
  2⤵
  PID:6952
- C:\Windows\System\xBMknnu.exe
  C:\Windows\System\xBMknnu.exe
  2⤵
  PID:2252
- C:\Windows\System\qOKIKAj.exe
  C:\Windows\System\qOKIKAj.exe
  2⤵
  PID:7096
- C:\Windows\System\EuCFInN.exe
  C:\Windows\System\EuCFInN.exe
  2⤵
  PID:7160
- C:\Windows\System\aGFCYVR.exe
  C:\Windows\System\aGFCYVR.exe
  2⤵
  PID:6164
- C:\Windows\System\aFINcZq.exe
  C:\Windows\System\aFINcZq.exe
  2⤵
  PID:4988
- C:\Windows\System\aMsodth.exe
  C:\Windows\System\aMsodth.exe
  2⤵
  PID:5792
- C:\Windows\System\giMgIJQ.exe
  C:\Windows\System\giMgIJQ.exe
  2⤵
  PID:7028
- C:\Windows\System\vEOwqYy.exe
  C:\Windows\System\vEOwqYy.exe
  2⤵
  PID:7048
- C:\Windows\System\QlqicYH.exe
  C:\Windows\System\QlqicYH.exe
  2⤵
  PID:5556
- C:\Windows\System\dNyjNQf.exe
  C:\Windows\System\dNyjNQf.exe
  2⤵
  PID:4160
- C:\Windows\System\GjayITy.exe
  C:\Windows\System\GjayITy.exe
  2⤵
  PID:428
- C:\Windows\System\MUYFGFg.exe
  C:\Windows\System\MUYFGFg.exe
  2⤵
  PID:6672
- C:\Windows\System\lPYmUag.exe
  C:\Windows\System\lPYmUag.exe
  2⤵
  PID:7196
- C:\Windows\System\aqKzmRv.exe
  C:\Windows\System\aqKzmRv.exe
  2⤵
  PID:7228
- C:\Windows\System\bWtCGea.exe
  C:\Windows\System\bWtCGea.exe
  2⤵
  PID:7256
- C:\Windows\System\zBQwKnk.exe
  C:\Windows\System\zBQwKnk.exe
  2⤵
  PID:7288
- C:\Windows\System\JBMvcyN.exe
  C:\Windows\System\JBMvcyN.exe
  2⤵
  PID:7320
- C:\Windows\System\DAdgkGL.exe
  C:\Windows\System\DAdgkGL.exe
  2⤵
  PID:7336
- C:\Windows\System\SknCWvr.exe
  C:\Windows\System\SknCWvr.exe
  2⤵
  PID:7372
- C:\Windows\System\AzogpLK.exe
  C:\Windows\System\AzogpLK.exe
  2⤵
  PID:7400
- C:\Windows\System\NQGFSOa.exe
  C:\Windows\System\NQGFSOa.exe
  2⤵
  PID:7444
- C:\Windows\System\PcgzWvz.exe
  C:\Windows\System\PcgzWvz.exe
  2⤵
  PID:7512
- C:\Windows\System\jVtilBB.exe
  C:\Windows\System\jVtilBB.exe
  2⤵
  PID:7564
- C:\Windows\System\WuuBwAw.exe
  C:\Windows\System\WuuBwAw.exe
  2⤵
  PID:7608
- C:\Windows\System\QHkLTZx.exe
  C:\Windows\System\QHkLTZx.exe
  2⤵
  PID:7644
- C:\Windows\System\isBQZhg.exe
  C:\Windows\System\isBQZhg.exe
  2⤵
  PID:7680
- C:\Windows\System\wuMgLNo.exe
  C:\Windows\System\wuMgLNo.exe
  2⤵
  PID:7720
- C:\Windows\System\BToRtqc.exe
  C:\Windows\System\BToRtqc.exe
  2⤵
  PID:7740
- C:\Windows\System\IjIWjSu.exe
  C:\Windows\System\IjIWjSu.exe
  2⤵
  PID:7788
- C:\Windows\System\tsRjwUA.exe
  C:\Windows\System\tsRjwUA.exe
  2⤵
  PID:7812
- C:\Windows\System\CgALIfx.exe
  C:\Windows\System\CgALIfx.exe
  2⤵
  PID:7856
- C:\Windows\System\SVdvXZV.exe
  C:\Windows\System\SVdvXZV.exe
  2⤵
  PID:7880
- C:\Windows\System\WJJlLlZ.exe
  C:\Windows\System\WJJlLlZ.exe
  2⤵
  PID:7916
- C:\Windows\System\eXtSzpg.exe
  C:\Windows\System\eXtSzpg.exe
  2⤵
  PID:7944
- C:\Windows\System\yxmJOPR.exe
  C:\Windows\System\yxmJOPR.exe
  2⤵
  PID:7960
- C:\Windows\System\GTeEHoo.exe
  C:\Windows\System\GTeEHoo.exe
  2⤵
  PID:7996
- C:\Windows\System\TolpuSQ.exe
  C:\Windows\System\TolpuSQ.exe
  2⤵
  PID:8028
- C:\Windows\System\Fxpgjnx.exe
  C:\Windows\System\Fxpgjnx.exe
  2⤵
  PID:8060
- C:\Windows\System\opcTedu.exe
  C:\Windows\System\opcTedu.exe
  2⤵
  PID:8092
- C:\Windows\System\sItaIGD.exe
  C:\Windows\System\sItaIGD.exe
  2⤵
  PID:8120
- C:\Windows\System\cIcCnzH.exe
  C:\Windows\System\cIcCnzH.exe
  2⤵
  PID:8152
- C:\Windows\System\qSZjMVo.exe
  C:\Windows\System\qSZjMVo.exe
  2⤵
  PID:8176
- C:\Windows\System\pDZSJae.exe
  C:\Windows\System\pDZSJae.exe
  2⤵
  PID:7208
- C:\Windows\System\yvkhmDW.exe
  C:\Windows\System\yvkhmDW.exe
  2⤵
  PID:7284
- C:\Windows\System\YHHimYP.exe
  C:\Windows\System\YHHimYP.exe
  2⤵
  PID:7316
- C:\Windows\System\LfhHVSL.exe
  C:\Windows\System\LfhHVSL.exe
  2⤵
  PID:7388
- C:\Windows\System\XwRceZa.exe
  C:\Windows\System\XwRceZa.exe
  2⤵
  PID:4552
- C:\Windows\System\FFUzCUw.exe
  C:\Windows\System\FFUzCUw.exe
  2⤵
  PID:7620
- C:\Windows\System\LuPyEwE.exe
  C:\Windows\System\LuPyEwE.exe
  2⤵
  PID:7688
- C:\Windows\System\hXMkDLN.exe
  C:\Windows\System\hXMkDLN.exe
  2⤵
  PID:7780
- C:\Windows\System\BUHeEKw.exe
  C:\Windows\System\BUHeEKw.exe
  2⤵
  PID:7852
- C:\Windows\System\cVfLvOg.exe
  C:\Windows\System\cVfLvOg.exe
  2⤵
  PID:7900
- C:\Windows\System\zBRqYYt.exe
  C:\Windows\System\zBRqYYt.exe
  2⤵
  PID:8008
- C:\Windows\System\DlqhpPM.exe
  C:\Windows\System\DlqhpPM.exe
  2⤵
  PID:8040
- C:\Windows\System\hNIIEIM.exe
  C:\Windows\System\hNIIEIM.exe
  2⤵
  PID:8128
- C:\Windows\System\zuUCthe.exe
  C:\Windows\System\zuUCthe.exe
  2⤵
  PID:7244
- C:\Windows\System\drUQnKZ.exe
  C:\Windows\System\drUQnKZ.exe
  2⤵
  PID:7348
- C:\Windows\System\RcnwFnV.exe
  C:\Windows\System\RcnwFnV.exe
  2⤵
  PID:7264
- C:\Windows\System\AdSJzpJ.exe
  C:\Windows\System\AdSJzpJ.exe
  2⤵
  PID:7832
- C:\Windows\System\OGQLxvz.exe
  C:\Windows\System\OGQLxvz.exe
  2⤵
  PID:6524
- C:\Windows\System\ynJAPNh.exe
  C:\Windows\System\ynJAPNh.exe
  2⤵
  PID:7980
- C:\Windows\System\dARZlCr.exe
  C:\Windows\System\dARZlCr.exe
  2⤵
  PID:8136
- C:\Windows\System\BPJyseT.exe
  C:\Windows\System\BPJyseT.exe
  2⤵
  PID:4476
- C:\Windows\System\dAgbTLd.exe
  C:\Windows\System\dAgbTLd.exe
  2⤵
  PID:7240
- C:\Windows\System\axvIYIw.exe
  C:\Windows\System\axvIYIw.exe
  2⤵
  PID:3224
- C:\Windows\System\NXizCBJ.exe
  C:\Windows\System\NXizCBJ.exe
  2⤵
  PID:7896
- C:\Windows\System\oRKNLgi.exe
  C:\Windows\System\oRKNLgi.exe
  2⤵
  PID:6236
- C:\Windows\System\gHIGfLv.exe
  C:\Windows\System\gHIGfLv.exe
  2⤵
  PID:1436
- C:\Windows\System\WtZxUqB.exe
  C:\Windows\System\WtZxUqB.exe
  2⤵
  PID:1568
- C:\Windows\System\FNWUSEn.exe
  C:\Windows\System\FNWUSEn.exe
  2⤵
  PID:4216
- C:\Windows\System\AzVqGTF.exe
  C:\Windows\System\AzVqGTF.exe
  2⤵
  PID:2684
- C:\Windows\System\OdInNye.exe
  C:\Windows\System\OdInNye.exe
  2⤵
  PID:7732
- C:\Windows\System\LdLRcEE.exe
  C:\Windows\System\LdLRcEE.exe
  2⤵
  PID:8100
- C:\Windows\System\uwEBnso.exe
  C:\Windows\System\uwEBnso.exe
  2⤵
  PID:1440
- C:\Windows\System\QjtHjvC.exe
  C:\Windows\System\QjtHjvC.exe
  2⤵
  PID:2472
- C:\Windows\System\kIhVyIN.exe
  C:\Windows\System\kIhVyIN.exe
  2⤵
  PID:7636
- C:\Windows\System\frvvdtm.exe
  C:\Windows\System\frvvdtm.exe
  2⤵
  PID:3556
- C:\Windows\System\qFeNfMY.exe
  C:\Windows\System\qFeNfMY.exe
  2⤵
  PID:7440
- C:\Windows\System\JHOLMCp.exe
  C:\Windows\System\JHOLMCp.exe
  2⤵
  PID:3628
- C:\Windows\System\yvTBDwj.exe
  C:\Windows\System\yvTBDwj.exe
  2⤵
  PID:8224
- C:\Windows\System\lfJivdv.exe
  C:\Windows\System\lfJivdv.exe
  2⤵
  PID:8252
- C:\Windows\System\oGaJudk.exe
  C:\Windows\System\oGaJudk.exe
  2⤵
  PID:8276
- C:\Windows\System\GoRsfVo.exe
  C:\Windows\System\GoRsfVo.exe
  2⤵
  PID:8308
- C:\Windows\System\yYSHChN.exe
  C:\Windows\System\yYSHChN.exe
  2⤵
  PID:8336
- C:\Windows\System\JDrigeV.exe
  C:\Windows\System\JDrigeV.exe
  2⤵
  PID:8360
- C:\Windows\System\PqWKWne.exe
  C:\Windows\System\PqWKWne.exe
  2⤵
  PID:8400
- C:\Windows\System\tSDjnoR.exe
  C:\Windows\System\tSDjnoR.exe
  2⤵
  PID:8428
- C:\Windows\System\TxgQjBT.exe
  C:\Windows\System\TxgQjBT.exe
  2⤵
  PID:8456
- C:\Windows\System\XHnOdAr.exe
  C:\Windows\System\XHnOdAr.exe
  2⤵
  PID:8472
- C:\Windows\System\wSOsjSD.exe
  C:\Windows\System\wSOsjSD.exe
  2⤵
  PID:8500
- C:\Windows\System\FOIfjNg.exe
  C:\Windows\System\FOIfjNg.exe
  2⤵
  PID:8528
- C:\Windows\System\aTAPZFm.exe
  C:\Windows\System\aTAPZFm.exe
  2⤵
  PID:8564
- C:\Windows\System\WEJZaKR.exe
  C:\Windows\System\WEJZaKR.exe
  2⤵
  PID:8584
- C:\Windows\System\wzzfPYq.exe
  C:\Windows\System\wzzfPYq.exe
  2⤵
  PID:8612
- C:\Windows\System\tRBpSgW.exe
  C:\Windows\System\tRBpSgW.exe
  2⤵
  PID:8640
- C:\Windows\System\gbhBqyq.exe
  C:\Windows\System\gbhBqyq.exe
  2⤵
  PID:8668
- C:\Windows\System\jfaVSdB.exe
  C:\Windows\System\jfaVSdB.exe
  2⤵
  PID:8696
- C:\Windows\System\ftMPffm.exe
  C:\Windows\System\ftMPffm.exe
  2⤵
  PID:8724
- C:\Windows\System\YwlbfoV.exe
  C:\Windows\System\YwlbfoV.exe
  2⤵
  PID:8768
- C:\Windows\System\uloONku.exe
  C:\Windows\System\uloONku.exe
  2⤵
  PID:8796
- C:\Windows\System\LlhYvcA.exe
  C:\Windows\System\LlhYvcA.exe
  2⤵
  PID:8820
- C:\Windows\System\TTkAJfE.exe
  C:\Windows\System\TTkAJfE.exe
  2⤵
  PID:8868
- C:\Windows\System\vmYMXwb.exe
  C:\Windows\System\vmYMXwb.exe
  2⤵
  PID:8892
- C:\Windows\System\xImLtHD.exe
  C:\Windows\System\xImLtHD.exe
  2⤵
  PID:8924
- C:\Windows\System\VlgLKvM.exe
  C:\Windows\System\VlgLKvM.exe
  2⤵
  PID:8952
- C:\Windows\System\cHDmHEX.exe
  C:\Windows\System\cHDmHEX.exe
  2⤵
  PID:8984
- C:\Windows\System\vojnAMj.exe
  C:\Windows\System\vojnAMj.exe
  2⤵
  PID:9012
- C:\Windows\System\GddyohE.exe
  C:\Windows\System\GddyohE.exe
  2⤵
  PID:9040
- C:\Windows\System\sPcFRXt.exe
  C:\Windows\System\sPcFRXt.exe
  2⤵
  PID:9060
- C:\Windows\System\BFbnhIP.exe
  C:\Windows\System\BFbnhIP.exe
  2⤵
  PID:9084
- C:\Windows\System\NDUJChv.exe
  C:\Windows\System\NDUJChv.exe
  2⤵
  PID:9128
- C:\Windows\System\QUvLRrD.exe
  C:\Windows\System\QUvLRrD.exe
  2⤵
  PID:9156
- C:\Windows\System\zTFWdWQ.exe
  C:\Windows\System\zTFWdWQ.exe
  2⤵
  PID:9188
- C:\Windows\System\oCDAwHK.exe
  C:\Windows\System\oCDAwHK.exe
  2⤵
  PID:8204
- C:\Windows\System\XYEGEoc.exe
  C:\Windows\System\XYEGEoc.exe
  2⤵
  PID:1588
- C:\Windows\System\lKQxNpD.exe
  C:\Windows\System\lKQxNpD.exe
  2⤵
  PID:8288
- C:\Windows\System\qKjfKSl.exe
  C:\Windows\System\qKjfKSl.exe
  2⤵
  PID:8352
- C:\Windows\System\KUbICdd.exe
  C:\Windows\System\KUbICdd.exe
  2⤵
  PID:4832
- C:\Windows\System\agpndFk.exe
  C:\Windows\System\agpndFk.exe
  2⤵
  PID:8464
- C:\Windows\System\CUNPHhg.exe
  C:\Windows\System\CUNPHhg.exe
  2⤵
  PID:8512
- C:\Windows\System\rwKqcfH.exe
  C:\Windows\System\rwKqcfH.exe
  2⤵
  PID:8580
- C:\Windows\System\YYxEtbO.exe
  C:\Windows\System\YYxEtbO.exe
  2⤵
  PID:8660
- C:\Windows\System\ICiUoEm.exe
  C:\Windows\System\ICiUoEm.exe
  2⤵
  PID:8716
- C:\Windows\System\YpJJORE.exe
  C:\Windows\System\YpJJORE.exe
  2⤵
  PID:8752
- C:\Windows\System\aTshwGb.exe
  C:\Windows\System\aTshwGb.exe
  2⤵
  PID:8804
- C:\Windows\System\mTpHPeY.exe
  C:\Windows\System\mTpHPeY.exe
  2⤵
  PID:8900
- C:\Windows\System\ZiPpfqi.exe
  C:\Windows\System\ZiPpfqi.exe
  2⤵
  PID:8964
- C:\Windows\System\bTMxPyo.exe
  C:\Windows\System\bTMxPyo.exe
  2⤵
  PID:9048
- C:\Windows\System\TitFNrS.exe
  C:\Windows\System\TitFNrS.exe
  2⤵
  PID:620
- C:\Windows\System\dpwTSoL.exe
  C:\Windows\System\dpwTSoL.exe
  2⤵
  PID:9152
- C:\Windows\System\EgHFzah.exe
  C:\Windows\System\EgHFzah.exe
  2⤵
  PID:9208
- C:\Windows\System\flailUx.exe
  C:\Windows\System\flailUx.exe
  2⤵
  PID:8284
- C:\Windows\System\yresWWO.exe
  C:\Windows\System\yresWWO.exe
  2⤵
  PID:8436
- C:\Windows\System\vQVTlOz.exe
  C:\Windows\System\vQVTlOz.exe
  2⤵
  PID:8552
- C:\Windows\System\mgReGMe.exe
  C:\Windows\System\mgReGMe.exe
  2⤵
  PID:8692
- C:\Windows\System\YgLRpgp.exe
  C:\Windows\System\YgLRpgp.exe
  2⤵
  PID:8780
- C:\Windows\System\rjOpimR.exe
  C:\Windows\System\rjOpimR.exe
  2⤵
  PID:8996
- C:\Windows\System\FfYJkit.exe
  C:\Windows\System\FfYJkit.exe
  2⤵
  PID:9120
- C:\Windows\System\NyAYgnl.exe
  C:\Windows\System\NyAYgnl.exe
  2⤵
  PID:8220
- C:\Windows\System\AJMvBFh.exe
  C:\Windows\System\AJMvBFh.exe
  2⤵
  PID:8384
- C:\Windows\System\ISCofJL.exe
  C:\Windows\System\ISCofJL.exe
  2⤵
  PID:9124
- C:\Windows\System\duuXyrP.exe
  C:\Windows\System\duuXyrP.exe
  2⤵
  PID:9036
- C:\Windows\System\csypVZg.exe
  C:\Windows\System\csypVZg.exe
  2⤵
  PID:8316
- C:\Windows\System\kfTOHJf.exe
  C:\Windows\System\kfTOHJf.exe
  2⤵
  PID:1604
- C:\Windows\System\OmYiKPi.exe
  C:\Windows\System\OmYiKPi.exe
  2⤵
  PID:8680
- C:\Windows\System\uKBgCuW.exe
  C:\Windows\System\uKBgCuW.exe
  2⤵
  PID:9196
- C:\Windows\System\uLwaNcA.exe
  C:\Windows\System\uLwaNcA.exe
  2⤵
  PID:9256
- C:\Windows\System\ptChfio.exe
  C:\Windows\System\ptChfio.exe
  2⤵
  PID:9272
- C:\Windows\System\rlNiCvJ.exe
  C:\Windows\System\rlNiCvJ.exe
  2⤵
  PID:9312
- C:\Windows\System\anbgEQk.exe
  C:\Windows\System\anbgEQk.exe
  2⤵
  PID:9340
- C:\Windows\System\NBzlonJ.exe
  C:\Windows\System\NBzlonJ.exe
  2⤵
  PID:9360
- C:\Windows\System\jfvvnaQ.exe
  C:\Windows\System\jfvvnaQ.exe
  2⤵
  PID:9388
- C:\Windows\System\bgxnXeJ.exe
  C:\Windows\System\bgxnXeJ.exe
  2⤵
  PID:9416
- C:\Windows\System\kZWdJhe.exe
  C:\Windows\System\kZWdJhe.exe
  2⤵
  PID:9460
- C:\Windows\System\kNjgxSm.exe
  C:\Windows\System\kNjgxSm.exe
  2⤵
  PID:9484
- C:\Windows\System\wofSsro.exe
  C:\Windows\System\wofSsro.exe
  2⤵
  PID:9504
- C:\Windows\System\avmkaLm.exe
  C:\Windows\System\avmkaLm.exe
  2⤵
  PID:9532
- C:\Windows\System\zOpnUAR.exe
  C:\Windows\System\zOpnUAR.exe
  2⤵
  PID:9560
- C:\Windows\System\ZOMVOQz.exe
  C:\Windows\System\ZOMVOQz.exe
  2⤵
  PID:9600
- C:\Windows\System\xDFrmcO.exe
  C:\Windows\System\xDFrmcO.exe
  2⤵
  PID:9628
- C:\Windows\System\WGcvJHC.exe
  C:\Windows\System\WGcvJHC.exe
  2⤵
  PID:9656
- C:\Windows\System\azKqqMw.exe
  C:\Windows\System\azKqqMw.exe
  2⤵
  PID:9684
- C:\Windows\System\RhIxCaG.exe
  C:\Windows\System\RhIxCaG.exe
  2⤵
  PID:9708
- C:\Windows\System\vUtSHOQ.exe
  C:\Windows\System\vUtSHOQ.exe
  2⤵
  PID:9732
- C:\Windows\System\nIarhES.exe
  C:\Windows\System\nIarhES.exe
  2⤵
  PID:9768
- C:\Windows\System\ZkizYkx.exe
  C:\Windows\System\ZkizYkx.exe
  2⤵
  PID:9788
- C:\Windows\System\fkjjXjl.exe
  C:\Windows\System\fkjjXjl.exe
  2⤵
  PID:9816
- C:\Windows\System\JGzTEqs.exe
  C:\Windows\System\JGzTEqs.exe
  2⤵
  PID:9848
- C:\Windows\System\ofyvEjt.exe
  C:\Windows\System\ofyvEjt.exe
  2⤵
  PID:9872
- C:\Windows\System\rYcHGiG.exe
  C:\Windows\System\rYcHGiG.exe
  2⤵
  PID:9904
- C:\Windows\System\nRCINbH.exe
  C:\Windows\System\nRCINbH.exe
  2⤵
  PID:9932
- C:\Windows\System\HsRIkyf.exe
  C:\Windows\System\HsRIkyf.exe
  2⤵
  PID:9956
- C:\Windows\System\KdZTmzA.exe
  C:\Windows\System\KdZTmzA.exe
  2⤵
  PID:9996
- C:\Windows\System\Badjewl.exe
  C:\Windows\System\Badjewl.exe
  2⤵
  PID:10016
- C:\Windows\System\YaJIkrs.exe
  C:\Windows\System\YaJIkrs.exe
  2⤵
  PID:10040
- C:\Windows\System\xSWQwOl.exe
  C:\Windows\System\xSWQwOl.exe
  2⤵
  PID:10068
- C:\Windows\System\RwVXxsc.exe
  C:\Windows\System\RwVXxsc.exe
  2⤵
  PID:10096
- C:\Windows\System\VyhWkFX.exe
  C:\Windows\System\VyhWkFX.exe
  2⤵
  PID:10124
- C:\Windows\System\wawicXK.exe
  C:\Windows\System\wawicXK.exe
  2⤵
  PID:10152
- C:\Windows\System\askhZTy.exe
  C:\Windows\System\askhZTy.exe
  2⤵
  PID:10188
- C:\Windows\System\UBJfliq.exe
  C:\Windows\System\UBJfliq.exe
  2⤵
  PID:10208
- C:\Windows\System\tTZuVYv.exe
  C:\Windows\System\tTZuVYv.exe
  2⤵
  PID:9232
- C:\Windows\System\ETIcqhw.exe
  C:\Windows\System\ETIcqhw.exe
  2⤵
  PID:860
- C:\Windows\System\suVTSfs.exe
  C:\Windows\System\suVTSfs.exe
  2⤵
  PID:9324
- C:\Windows\System\dwjtZyN.exe
  C:\Windows\System\dwjtZyN.exe
  2⤵
  PID:9384
- C:\Windows\System\EWpmryX.exe
  C:\Windows\System\EWpmryX.exe
  2⤵
  PID:9436
- C:\Windows\System\rSxdCbU.exe
  C:\Windows\System\rSxdCbU.exe
  2⤵
  PID:9492
- C:\Windows\System\eclVink.exe
  C:\Windows\System\eclVink.exe
  2⤵
  PID:9556
- C:\Windows\System\gafBTPz.exe
  C:\Windows\System\gafBTPz.exe
  2⤵
  PID:9584
- C:\Windows\System\rkqAGDH.exe
  C:\Windows\System\rkqAGDH.exe
  2⤵
  PID:9652
- C:\Windows\System\lOcRBRF.exe
  C:\Windows\System\lOcRBRF.exe
  2⤵
  PID:9292
- C:\Windows\System\nAgGgWx.exe
  C:\Windows\System\nAgGgWx.exe
  2⤵
  PID:9720
- C:\Windows\System\ebIvlZI.exe
  C:\Windows\System\ebIvlZI.exe
  2⤵
  PID:9808
- C:\Windows\System\uoYJpah.exe
  C:\Windows\System\uoYJpah.exe
  2⤵
  PID:9840
- C:\Windows\System\zdrsEci.exe
  C:\Windows\System\zdrsEci.exe
  2⤵
  PID:9912
- C:\Windows\System\LkCVuLT.exe
  C:\Windows\System\LkCVuLT.exe
  2⤵
  PID:9992
- C:\Windows\System\lIOHQYt.exe
  C:\Windows\System\lIOHQYt.exe
  2⤵
  PID:10036
- C:\Windows\System\pSzmcCO.exe
  C:\Windows\System\pSzmcCO.exe
  2⤵
  PID:5088
- C:\Windows\System\wGubBsb.exe
  C:\Windows\System\wGubBsb.exe
  2⤵
  PID:2224
- C:\Windows\System\CeKsamJ.exe
  C:\Windows\System\CeKsamJ.exe
  2⤵
  PID:10220
- C:\Windows\System\UlHrMDS.exe
  C:\Windows\System\UlHrMDS.exe
  2⤵
  PID:9284
- C:\Windows\System\cehqlfm.exe
  C:\Windows\System\cehqlfm.exe
  2⤵
  PID:9380
- C:\Windows\System\BgPNNcp.exe
  C:\Windows\System\BgPNNcp.exe
  2⤵
  PID:5092
- C:\Windows\System\OCxuntd.exe
  C:\Windows\System\OCxuntd.exe
  2⤵
  PID:1580
- C:\Windows\System\EYNAyRB.exe
  C:\Windows\System\EYNAyRB.exe
  2⤵
  PID:9780
- C:\Windows\System\furxNDB.exe
  C:\Windows\System\furxNDB.exe
  2⤵
  PID:2436
- C:\Windows\System\fiQtpDz.exe
  C:\Windows\System\fiQtpDz.exe
  2⤵
  PID:3420
- C:\Windows\System\BCGKTXN.exe
  C:\Windows\System\BCGKTXN.exe
  2⤵
  PID:2984
- C:\Windows\System\kxpUrEM.exe
  C:\Windows\System\kxpUrEM.exe
  2⤵
  PID:10064
- C:\Windows\System\ietsiOv.exe
  C:\Windows\System\ietsiOv.exe
  2⤵
  PID:10136
- C:\Windows\System\RJuHprp.exe
  C:\Windows\System\RJuHprp.exe
  2⤵
  PID:1672
- C:\Windows\System\pXdLHZn.exe
  C:\Windows\System\pXdLHZn.exe
  2⤵
  PID:9748
- C:\Windows\System\FNDyyJI.exe
  C:\Windows\System\FNDyyJI.exe
  2⤵
  PID:8624
- C:\Windows\System\MDVmzec.exe
  C:\Windows\System\MDVmzec.exe
  2⤵
  PID:876
- C:\Windows\System\FctxgAB.exe
  C:\Windows\System\FctxgAB.exe
  2⤵
  PID:5268
- C:\Windows\System\bkRxpkv.exe
  C:\Windows\System\bkRxpkv.exe
  2⤵
  PID:9524
- C:\Windows\System\tNRdrCb.exe
  C:\Windows\System\tNRdrCb.exe
  2⤵
  PID:9496
- C:\Windows\System\FZTwhbd.exe
  C:\Windows\System\FZTwhbd.exe
  2⤵
  PID:9868
- C:\Windows\System\DinCUfK.exe
  C:\Windows\System\DinCUfK.exe
  2⤵
  PID:10032
- C:\Windows\System\fNzLmUv.exe
  C:\Windows\System\fNzLmUv.exe
  2⤵
  PID:5636
- C:\Windows\System\OdruLJx.exe
  C:\Windows\System\OdruLJx.exe
  2⤵
  PID:5672
- C:\Windows\System\VSDjuxD.exe
  C:\Windows\System\VSDjuxD.exe
  2⤵
  PID:5296
- C:\Windows\System\qQGeWWM.exe
  C:\Windows\System\qQGeWWM.exe
  2⤵
  PID:9472
- C:\Windows\System\dSiUAWE.exe
  C:\Windows\System\dSiUAWE.exe
  2⤵
  PID:748
- C:\Windows\System\BWBymsa.exe
  C:\Windows\System\BWBymsa.exe
  2⤵
  PID:10204
- C:\Windows\System\WTJPFbq.exe
  C:\Windows\System\WTJPFbq.exe
  2⤵
  PID:5956
- C:\Windows\System\qqWmhUy.exe
  C:\Windows\System\qqWmhUy.exe
  2⤵
  PID:4876
- C:\Windows\System\qTAjDLe.exe
  C:\Windows\System\qTAjDLe.exe
  2⤵
  PID:9836
- C:\Windows\System\FDTakHO.exe
  C:\Windows\System\FDTakHO.exe
  2⤵
  PID:10268
- C:\Windows\System\qXhtFux.exe
  C:\Windows\System\qXhtFux.exe
  2⤵
  PID:10292
- C:\Windows\System\kSnHRDa.exe
  C:\Windows\System\kSnHRDa.exe
  2⤵
  PID:10316
- C:\Windows\System\wvzjgRU.exe
  C:\Windows\System\wvzjgRU.exe
  2⤵
  PID:10360
- C:\Windows\System\zdOXRBO.exe
  C:\Windows\System\zdOXRBO.exe
  2⤵
  PID:10388
- C:\Windows\System\QGnVEjZ.exe
  C:\Windows\System\QGnVEjZ.exe
  2⤵
  PID:10416
- C:\Windows\System\fERsfGU.exe
  C:\Windows\System\fERsfGU.exe
  2⤵
  PID:10432
- C:\Windows\System\tvPJANN.exe
  C:\Windows\System\tvPJANN.exe
  2⤵
  PID:10468
- C:\Windows\System\sCSdoEi.exe
  C:\Windows\System\sCSdoEi.exe
  2⤵
  PID:10496
- C:\Windows\System\VJXKMgS.exe
  C:\Windows\System\VJXKMgS.exe
  2⤵
  PID:10528
- C:\Windows\System\tHsRWEB.exe
  C:\Windows\System\tHsRWEB.exe
  2⤵
  PID:10560
- C:\Windows\System\KqioFjB.exe
  C:\Windows\System\KqioFjB.exe
  2⤵
  PID:10580
- C:\Windows\System\nWzKAXV.exe
  C:\Windows\System\nWzKAXV.exe
  2⤵
  PID:10620
- C:\Windows\System\DOBFLmB.exe
  C:\Windows\System\DOBFLmB.exe
  2⤵
  PID:10648
- C:\Windows\System\wjBlSzT.exe
  C:\Windows\System\wjBlSzT.exe
  2⤵
  PID:10676
- C:\Windows\System\FCxzsHa.exe
  C:\Windows\System\FCxzsHa.exe
  2⤵
  PID:10704
- C:\Windows\System\VXDHyGK.exe
  C:\Windows\System\VXDHyGK.exe
  2⤵
  PID:10728
- C:\Windows\System\fUDDcYI.exe
  C:\Windows\System\fUDDcYI.exe
  2⤵
  PID:10756
- C:\Windows\System\IiRLOvc.exe
  C:\Windows\System\IiRLOvc.exe
  2⤵
  PID:10776
- C:\Windows\System\gCGUmRy.exe
  C:\Windows\System\gCGUmRy.exe
  2⤵
  PID:10804
- C:\Windows\System\NGuDFgP.exe
  C:\Windows\System\NGuDFgP.exe
  2⤵
  PID:10840
- C:\Windows\System\WwPCNnA.exe
  C:\Windows\System\WwPCNnA.exe
  2⤵
  PID:10864
- C:\Windows\System\FwCTBCB.exe
  C:\Windows\System\FwCTBCB.exe
  2⤵
  PID:10888
- C:\Windows\System\eHqTuHR.exe
  C:\Windows\System\eHqTuHR.exe
  2⤵
  PID:10916
- C:\Windows\System\ZjPdXJN.exe
  C:\Windows\System\ZjPdXJN.exe
  2⤵
  PID:10956
- C:\Windows\System\ysSuXwz.exe
  C:\Windows\System\ysSuXwz.exe
  2⤵
  PID:10976
- C:\Windows\System\zSKXOKE.exe
  C:\Windows\System\zSKXOKE.exe
  2⤵
  PID:11016
- C:\Windows\System\jARzqqA.exe
  C:\Windows\System\jARzqqA.exe
  2⤵
  PID:11044
- C:\Windows\System\mZGTEJL.exe
  C:\Windows\System\mZGTEJL.exe
  2⤵
  PID:11068
- C:\Windows\System\NfPlDrw.exe
  C:\Windows\System\NfPlDrw.exe
  2⤵
  PID:11100
- C:\Windows\System\VUYDKzc.exe
  C:\Windows\System\VUYDKzc.exe
  2⤵
  PID:11132
- C:\Windows\System\wMYNKRK.exe
  C:\Windows\System\wMYNKRK.exe
  2⤵
  PID:11164
- C:\Windows\System\rkvlIGC.exe
  C:\Windows\System\rkvlIGC.exe
  2⤵
  PID:11188
- C:\Windows\System\yHKptKS.exe
  C:\Windows\System\yHKptKS.exe
  2⤵
  PID:11208
- C:\Windows\System\oZGyMeY.exe
  C:\Windows\System\oZGyMeY.exe
  2⤵
  PID:11236
- C:\Windows\System\nXUKdZc.exe
  C:\Windows\System\nXUKdZc.exe
  2⤵
  PID:10248
- C:\Windows\System\KsmnEyn.exe
  C:\Windows\System\KsmnEyn.exe
  2⤵
  PID:10300
- C:\Windows\System\ZrFpkvD.exe
  C:\Windows\System\ZrFpkvD.exe
  2⤵
  PID:10356
- C:\Windows\System\QEqVIWA.exe
  C:\Windows\System\QEqVIWA.exe
  2⤵
  PID:10412
- C:\Windows\System\lsAHYAK.exe
  C:\Windows\System\lsAHYAK.exe
  2⤵
  PID:10476
- C:\Windows\System\fEcbayS.exe
  C:\Windows\System\fEcbayS.exe
  2⤵
  PID:10568
- C:\Windows\System\cRDWCHk.exe
  C:\Windows\System\cRDWCHk.exe
  2⤵
  PID:10616
- C:\Windows\System\oYoTEDq.exe
  C:\Windows\System\oYoTEDq.exe
  2⤵
  PID:4688
- C:\Windows\System\FIqiECm.exe
  C:\Windows\System\FIqiECm.exe
  2⤵
  PID:5612
- C:\Windows\System\nNkQQDq.exe
  C:\Windows\System\nNkQQDq.exe
  2⤵
  PID:10736
- C:\Windows\System\CuUyoEp.exe
  C:\Windows\System\CuUyoEp.exe
  2⤵
  PID:10488
- C:\Windows\System\GZZURjE.exe
  C:\Windows\System\GZZURjE.exe
  2⤵
  PID:10852
- C:\Windows\System\GCGAGyq.exe
  C:\Windows\System\GCGAGyq.exe
  2⤵
  PID:10908
- C:\Windows\System\KUlJbbE.exe
  C:\Windows\System\KUlJbbE.exe
  2⤵
  PID:10988
- C:\Windows\System\mliDzAG.exe
  C:\Windows\System\mliDzAG.exe
  2⤵
  PID:11080
- C:\Windows\System\LctmjEW.exe
  C:\Windows\System\LctmjEW.exe
  2⤵
  PID:11140
- C:\Windows\System\pPUTgKA.exe
  C:\Windows\System\pPUTgKA.exe
  2⤵
  PID:11204
- C:\Windows\System\vbaBChx.exe
  C:\Windows\System\vbaBChx.exe
  2⤵
  PID:11256
- C:\Windows\System\LmmoQvo.exe
  C:\Windows\System\LmmoQvo.exe
  2⤵
  PID:10336
- C:\Windows\System\Bmczghg.exe
  C:\Windows\System\Bmczghg.exe
  2⤵
  PID:10456
- C:\Windows\System\TzCxnvy.exe
  C:\Windows\System\TzCxnvy.exe
  2⤵
  PID:10600
- C:\Windows\System\ZOpPCLO.exe
  C:\Windows\System\ZOpPCLO.exe
  2⤵
  PID:10712
- C:\Windows\System\yWWqBTT.exe
  C:\Windows\System\yWWqBTT.exe
  2⤵
  PID:10880
- C:\Windows\System\QflhFfF.exe
  C:\Windows\System\QflhFfF.exe
  2⤵
  PID:11024
- C:\Windows\System\gniEOcx.exe
  C:\Windows\System\gniEOcx.exe
  2⤵
  PID:11176
- C:\Windows\System\JukjXAi.exe
  C:\Windows\System\JukjXAi.exe
  2⤵
  PID:10428
- C:\Windows\System\jCeZaNZ.exe
  C:\Windows\System\jCeZaNZ.exe
  2⤵
  PID:10576
- C:\Windows\System\RJZjGQo.exe
  C:\Windows\System\RJZjGQo.exe
  2⤵
  PID:2904
- C:\Windows\System\RHOuDKB.exe
  C:\Windows\System\RHOuDKB.exe
  2⤵
  PID:10280
- C:\Windows\System\zXwtYkt.exe
  C:\Windows\System\zXwtYkt.exe
  2⤵
  PID:11092
- C:\Windows\System\zZLoqky.exe
  C:\Windows\System\zZLoqky.exe
  2⤵
  PID:4828
- C:\Windows\System\KJGJYnL.exe
  C:\Windows\System\KJGJYnL.exe
  2⤵
  PID:4572
- C:\Windows\System\SLQzhIx.exe
  C:\Windows\System\SLQzhIx.exe
  2⤵
  PID:3604
- C:\Windows\System\cYImpaj.exe
  C:\Windows\System\cYImpaj.exe
  2⤵
  PID:4984
- C:\Windows\System\lQcNVWh.exe
  C:\Windows\System\lQcNVWh.exe
  2⤵
  PID:3724
- C:\Windows\System\BFwEqec.exe
  C:\Windows\System\BFwEqec.exe
  2⤵
  PID:4856
- C:\Windows\System\RfkrrLg.exe
  C:\Windows\System\RfkrrLg.exe
  2⤵
  PID:10664
- C:\Windows\System\YJQzOFa.exe
  C:\Windows\System\YJQzOFa.exe
  2⤵
  PID:4548
- C:\Windows\System\kbaRHVI.exe
  C:\Windows\System\kbaRHVI.exe
  2⤵
  PID:4640
- C:\Windows\System\uLJLCPm.exe
  C:\Windows\System\uLJLCPm.exe
  2⤵
  PID:1204
- C:\Windows\System\qJBvbki.exe
  C:\Windows\System\qJBvbki.exe
  2⤵
  PID:2572
- C:\Windows\System\zYUWbqN.exe
  C:\Windows\System\zYUWbqN.exe
  2⤵
  PID:4744
- C:\Windows\System\vzvlhOW.exe
  C:\Windows\System\vzvlhOW.exe
  2⤵
  PID:1964
- C:\Windows\System\HLaANvZ.exe
  C:\Windows\System\HLaANvZ.exe
  2⤵
  PID:4012
- C:\Windows\System\ZhtCHil.exe
  C:\Windows\System\ZhtCHil.exe
  2⤵
  PID:3568
- C:\Windows\System\qLJOjmE.exe
  C:\Windows\System\qLJOjmE.exe
  2⤵
  PID:4456
- C:\Windows\System\oDkNhVj.exe
  C:\Windows\System\oDkNhVj.exe
  2⤵
  PID:228
- C:\Windows\System\AWkHclt.exe
  C:\Windows\System\AWkHclt.exe
  2⤵
  PID:11280
- C:\Windows\System\AYnfnMO.exe
  C:\Windows\System\AYnfnMO.exe
  2⤵
  PID:11308
- C:\Windows\System\jIrJYMx.exe
  C:\Windows\System\jIrJYMx.exe
  2⤵
  PID:11336
- C:\Windows\System\hHcrGLe.exe
  C:\Windows\System\hHcrGLe.exe
  2⤵
  PID:11364
- C:\Windows\System\ziCMmqB.exe
  C:\Windows\System\ziCMmqB.exe
  2⤵
  PID:11392
- C:\Windows\System\LIiudhp.exe
  C:\Windows\System\LIiudhp.exe
  2⤵
  PID:11420
- C:\Windows\System\qrqswXl.exe
  C:\Windows\System\qrqswXl.exe
  2⤵
  PID:11448
- C:\Windows\System\drTfAuK.exe
  C:\Windows\System\drTfAuK.exe
  2⤵
  PID:11476
- C:\Windows\System\GXzLjTb.exe
  C:\Windows\System\GXzLjTb.exe
  2⤵
  PID:11516
- C:\Windows\System\BSubNQl.exe
  C:\Windows\System\BSubNQl.exe
  2⤵
  PID:11544
- C:\Windows\System\fgWNmQd.exe
  C:\Windows\System\fgWNmQd.exe
  2⤵
  PID:11564
- C:\Windows\System\MnvaQqi.exe
  C:\Windows\System\MnvaQqi.exe
  2⤵
  PID:11600
- C:\Windows\System\CmReheS.exe
  C:\Windows\System\CmReheS.exe
  2⤵
  PID:11628
- C:\Windows\System\igFbtGI.exe
  C:\Windows\System\igFbtGI.exe
  2⤵
  PID:11648
- C:\Windows\System\kOVgFtK.exe
  C:\Windows\System\kOVgFtK.exe
  2⤵
  PID:11676
- C:\Windows\System\dGBDTGx.exe
  C:\Windows\System\dGBDTGx.exe
  2⤵
  PID:11708
- C:\Windows\System\oAnPNGS.exe
  C:\Windows\System\oAnPNGS.exe
  2⤵
  PID:11732
- C:\Windows\System\OOPAkpI.exe
  C:\Windows\System\OOPAkpI.exe
  2⤵
  PID:11760
- C:\Windows\System\NPkQIwo.exe
  C:\Windows\System\NPkQIwo.exe
  2⤵
  PID:11788
- C:\Windows\System\TPXiTyh.exe
  C:\Windows\System\TPXiTyh.exe
  2⤵
  PID:11816
- C:\Windows\System\KnRRPwk.exe
  C:\Windows\System\KnRRPwk.exe
  2⤵
  PID:11844
- C:\Windows\System\FyGmJBz.exe
  C:\Windows\System\FyGmJBz.exe
  2⤵
  PID:11876
- C:\Windows\System\tqEnQUh.exe
  C:\Windows\System\tqEnQUh.exe
  2⤵
  PID:11900
- C:\Windows\System\lXEPUke.exe
  C:\Windows\System\lXEPUke.exe
  2⤵
  PID:11940
- C:\Windows\System\XseGOOF.exe
  C:\Windows\System\XseGOOF.exe
  2⤵
  PID:11968
- C:\Windows\System\YoVpipx.exe
  C:\Windows\System\YoVpipx.exe
  2⤵
  PID:12000
- C:\Windows\System\TuSdkIh.exe
  C:\Windows\System\TuSdkIh.exe
  2⤵
  PID:12028
- C:\Windows\System\MrNuqtC.exe
  C:\Windows\System\MrNuqtC.exe
  2⤵
  PID:12056
- C:\Windows\System\bEYBPUK.exe
  C:\Windows\System\bEYBPUK.exe
  2⤵
  PID:12080
- C:\Windows\System\hZMmUPS.exe
  C:\Windows\System\hZMmUPS.exe
  2⤵
  PID:12100
- C:\Windows\System\KGPIiWD.exe
  C:\Windows\System\KGPIiWD.exe
  2⤵
  PID:12136
- C:\Windows\System\uysghHG.exe
  C:\Windows\System\uysghHG.exe
  2⤵
  PID:12172
- C:\Windows\System\eFDBRGa.exe
  C:\Windows\System\eFDBRGa.exe
  2⤵
  PID:12204
- C:\Windows\System\LBTFrBf.exe
  C:\Windows\System\LBTFrBf.exe
  2⤵
  PID:12260
- C:\Windows\System\XyKftvv.exe
  C:\Windows\System\XyKftvv.exe
  2⤵
  PID:11272
- C:\Windows\System\qPkWbGU.exe
  C:\Windows\System\qPkWbGU.exe
  2⤵
  PID:11328
- C:\Windows\System\uogkBzY.exe
  C:\Windows\System\uogkBzY.exe
  2⤵
  PID:11416
- C:\Windows\System\wmLJTdI.exe
  C:\Windows\System\wmLJTdI.exe
  2⤵
  PID:11444
- C:\Windows\System\fyKZONa.exe
  C:\Windows\System\fyKZONa.exe
  2⤵
  PID:1356
- C:\Windows\System\asgFpBZ.exe
  C:\Windows\System\asgFpBZ.exe
  2⤵
  PID:5144
- C:\Windows\System\YCLdXKm.exe
  C:\Windows\System\YCLdXKm.exe
  2⤵
  PID:11588
- C:\Windows\System\STrYSob.exe
  C:\Windows\System\STrYSob.exe
  2⤵
  PID:11644
- C:\Windows\System\nLJqraX.exe
  C:\Windows\System\nLJqraX.exe
  2⤵
  PID:4528
- C:\Windows\System\BfaRnOQ.exe
  C:\Windows\System\BfaRnOQ.exe
  2⤵
  PID:5256
- C:\Windows\System\AKUkknU.exe
  C:\Windows\System\AKUkknU.exe
  2⤵
  PID:11756
- C:\Windows\System\yHpzqkj.exe
  C:\Windows\System\yHpzqkj.exe
  2⤵
  PID:11784
- C:\Windows\System\njlLSRx.exe
  C:\Windows\System\njlLSRx.exe
  2⤵
  PID:11856
- C:\Windows\System\WRGaxbm.exe
  C:\Windows\System\WRGaxbm.exe
  2⤵
  PID:11896
- C:\Windows\System\yRuQNhp.exe
  C:\Windows\System\yRuQNhp.exe
  2⤵
  PID:5456
- C:\Windows\System\TGBHjRt.exe
  C:\Windows\System\TGBHjRt.exe
  2⤵
  PID:6980
- C:\Windows\System\egxqttF.exe
  C:\Windows\System\egxqttF.exe
  2⤵
  PID:5500
- C:\Windows\System\PcTCarI.exe
  C:\Windows\System\PcTCarI.exe
  2⤵
  PID:11980
- C:\Windows\System\ztQUXHd.exe
  C:\Windows\System\ztQUXHd.exe
  2⤵
  PID:5552
- C:\Windows\System\ZkqaBrj.exe
  C:\Windows\System\ZkqaBrj.exe
  2⤵
  PID:5604
- C:\Windows\System\QnhcuPw.exe
  C:\Windows\System\QnhcuPw.exe
  2⤵
  PID:6488
- C:\Windows\System\qYAMoqx.exe
  C:\Windows\System\qYAMoqx.exe
  2⤵
  PID:1884
- C:\Windows\System\BlAXOxT.exe
  C:\Windows\System\BlAXOxT.exe
  2⤵
  PID:5748
- C:\Windows\System\ZKFuOBi.exe
  C:\Windows\System\ZKFuOBi.exe
  2⤵
  PID:5064
- C:\Windows\System\IvGIcDS.exe
  C:\Windows\System\IvGIcDS.exe
  2⤵
  PID:5828
- C:\Windows\System\TkrQPQQ.exe
  C:\Windows\System\TkrQPQQ.exe
  2⤵
  PID:5832
- C:\Windows\System\ulDiyoK.exe
  C:\Windows\System\ulDiyoK.exe
  2⤵
  PID:12280
- C:\Windows\System\axTHcsR.exe
  C:\Windows\System\axTHcsR.exe
  2⤵
  PID:11320
- C:\Windows\System\ByLReHc.exe
  C:\Windows\System\ByLReHc.exe
  2⤵
  PID:7220
- C:\Windows\System\kBmKzGE.exe
  C:\Windows\System\kBmKzGE.exe
  2⤵
  PID:12168
- C:\Windows\System\qvthqEZ.exe
  C:\Windows\System\qvthqEZ.exe
  2⤵
  PID:5972
- C:\Windows\System\LhsLZLY.exe
  C:\Windows\System\LhsLZLY.exe
  2⤵
  PID:6008
- C:\Windows\System\dzuKmrX.exe
  C:\Windows\System\dzuKmrX.exe
  2⤵
  PID:12256
- C:\Windows\System\sGOWeBr.exe
  C:\Windows\System\sGOWeBr.exe
  2⤵
  PID:6028
- C:\Windows\System\btWMoDC.exe
  C:\Windows\System\btWMoDC.exe
  2⤵
  PID:11668
- C:\Windows\System\cxQvGfW.exe
  C:\Windows\System\cxQvGfW.exe
  2⤵
  PID:6092
- C:\Windows\System\hKpAqSM.exe
  C:\Windows\System\hKpAqSM.exe
  2⤵
  PID:3996
- C:\Windows\System\TsvvrgU.exe
  C:\Windows\System\TsvvrgU.exe
  2⤵
  PID:6140
- C:\Windows\System\KNZUSRy.exe
  C:\Windows\System\KNZUSRy.exe
  2⤵
  PID:7456
- C:\Windows\System\LoaXptt.exe
  C:\Windows\System\LoaXptt.exe
  2⤵
  PID:11892
- C:\Windows\System\VbQYcSc.exe
  C:\Windows\System\VbQYcSc.exe
  2⤵
  PID:2892
- C:\Windows\System\FIqlYgV.exe
  C:\Windows\System\FIqlYgV.exe
  2⤵
  PID:1788
- C:\Windows\System\ifOkqSt.exe
  C:\Windows\System\ifOkqSt.exe
  2⤵
  PID:4516
- C:\Windows\System\VoXCkhz.exe
  C:\Windows\System\VoXCkhz.exe
  2⤵
  PID:7652
- C:\Windows\System\wPadHoH.exe
  C:\Windows\System\wPadHoH.exe
  2⤵
  PID:12040
- C:\Windows\System\owwJqUl.exe
  C:\Windows\System\owwJqUl.exe
  2⤵
  PID:12096
- C:\Windows\System\yYjdKqT.exe
  C:\Windows\System\yYjdKqT.exe
  2⤵
  PID:12144
- C:\Windows\System\FsCFxOT.exe
  C:\Windows\System\FsCFxOT.exe
  2⤵
  PID:6820
- C:\Windows\System\SDrbLtp.exe
  C:\Windows\System\SDrbLtp.exe
  2⤵
  PID:5392
- C:\Windows\System\SxvgNbW.exe
  C:\Windows\System\SxvgNbW.exe
  2⤵
  PID:5432
- C:\Windows\System\Ekglwzf.exe
  C:\Windows\System\Ekglwzf.exe
  2⤵
  PID:7192
- C:\Windows\System\CFtSkNo.exe
  C:\Windows\System\CFtSkNo.exe
  2⤵
  PID:11404
- C:\Windows\System\CAzOyuG.exe
  C:\Windows\System\CAzOyuG.exe
  2⤵
  PID:7252
- C:\Windows\System\gWgMfqh.exe
  C:\Windows\System\gWgMfqh.exe
  2⤵
  PID:5536
- C:\Windows\System\OvKinnQ.exe
  C:\Windows\System\OvKinnQ.exe
  2⤵
  PID:7988
- C:\Windows\System\HPhMepK.exe
  C:\Windows\System\HPhMepK.exe
  2⤵
  PID:8020
- C:\Windows\System\xrtYboY.exe
  C:\Windows\System\xrtYboY.exe
  2⤵
  PID:8044
- C:\Windows\System\rNkLPsU.exe
  C:\Windows\System\rNkLPsU.exe
  2⤵
  PID:7368
- C:\Windows\System\TNvdaFO.exe
  C:\Windows\System\TNvdaFO.exe
  2⤵
  PID:8112
- C:\Windows\System\QdtWpCh.exe
  C:\Windows\System\QdtWpCh.exe
  2⤵
  PID:8140
- C:\Windows\System\xjdLxCI.exe
  C:\Windows\System\xjdLxCI.exe
  2⤵
  PID:5160
- C:\Windows\System\uaihTOQ.exe
  C:\Windows\System\uaihTOQ.exe
  2⤵
  PID:1784
- C:\Windows\System\iePyzzj.exe
  C:\Windows\System\iePyzzj.exe
  2⤵
  PID:3684
- C:\Windows\System\jtWqAld.exe
  C:\Windows\System\jtWqAld.exe
  2⤵
  PID:5648
- C:\Windows\System\AdombnO.exe
  C:\Windows\System\AdombnO.exe
  2⤵
  PID:5292
- C:\Windows\System\fUfWcov.exe
  C:\Windows\System\fUfWcov.exe
  2⤵
  PID:7360
- C:\Windows\System\KpINvKK.exe
  C:\Windows\System\KpINvKK.exe
  2⤵
  PID:5872
- C:\Windows\System\PxufKOL.exe
  C:\Windows\System\PxufKOL.exe
  2⤵
  PID:7544
- C:\Windows\System\AsYRCJj.exe
  C:\Windows\System\AsYRCJj.exe
  2⤵
  PID:2852
- C:\Windows\System\mIDzScN.exe
  C:\Windows\System\mIDzScN.exe
  2⤵
  PID:7696
- C:\Windows\System\ceTfoME.exe
  C:\Windows\System\ceTfoME.exe
  2⤵
  PID:7760
- C:\Windows\System\YBEIvob.exe
  C:\Windows\System\YBEIvob.exe
  2⤵
  PID:5560
- C:\Windows\System\SIQylbs.exe
  C:\Windows\System\SIQylbs.exe
  2⤵
  PID:2940
- C:\Windows\System\kgjXTBW.exe
  C:\Windows\System\kgjXTBW.exe
  2⤵
  PID:7656
- C:\Windows\System\GmvInUb.exe
  C:\Windows\System\GmvInUb.exe
  2⤵
  PID:11696
- C:\Windows\System\kYaRYJu.exe
  C:\Windows\System\kYaRYJu.exe
  2⤵
  PID:6192
- C:\Windows\System\fhSoZyM.exe
  C:\Windows\System\fhSoZyM.exe
  2⤵
  PID:7172
- C:\Windows\System\UVlrAfL.exe
  C:\Windows\System\UVlrAfL.exe
  2⤵
  PID:4888
- C:\Windows\System\iJRBtFC.exe
  C:\Windows\System\iJRBtFC.exe
  2⤵
  PID:6100
- C:\Windows\System\AfaCCBf.exe
  C:\Windows\System\AfaCCBf.exe
  2⤵
  PID:11884
- C:\Windows\System\JszMzbS.exe
  C:\Windows\System\JszMzbS.exe
  2⤵
  PID:7180
- C:\Windows\System\fHsRREE.exe
  C:\Windows\System\fHsRREE.exe
  2⤵
  PID:7660
- C:\Windows\System\oMTXEUN.exe
  C:\Windows\System\oMTXEUN.exe
  2⤵
  PID:1184
- C:\Windows\System\nFmjeHa.exe
  C:\Windows\System\nFmjeHa.exe
  2⤵
  PID:2268
- C:\Windows\System\rErNnJU.exe
  C:\Windows\System\rErNnJU.exe
  2⤵
  PID:4372
- C:\Windows\System\LLDGVsX.exe
  C:\Windows\System\LLDGVsX.exe
  2⤵
  PID:12244
- C:\Windows\System\VjpQhmE.exe
  C:\Windows\System\VjpQhmE.exe
  2⤵
  PID:11432
- C:\Windows\System\HnlhuXM.exe
  C:\Windows\System\HnlhuXM.exe
  2⤵
  PID:11472
- C:\Windows\System\mvjcpmO.exe
  C:\Windows\System\mvjcpmO.exe
  2⤵
  PID:5396
- C:\Windows\System\EedUTNy.exe
  C:\Windows\System\EedUTNy.exe
  2⤵
  PID:1308
- C:\Windows\System\jKsIfuZ.exe
  C:\Windows\System\jKsIfuZ.exe
  2⤵
  PID:6604
- C:\Windows\System\AdXGdkU.exe
  C:\Windows\System\AdXGdkU.exe
  2⤵
  PID:212
- C:\Windows\System\EIhvKJG.exe
  C:\Windows\System\EIhvKJG.exe
  2⤵
  PID:4292
- C:\Windows\System\TeoeGgs.exe
  C:\Windows\System\TeoeGgs.exe
  2⤵
  PID:1164
- C:\Windows\System\sYFkLWy.exe
  C:\Windows\System\sYFkLWy.exe
  2⤵
  PID:12196
- C:\Windows\System\GNBqhHF.exe
  C:\Windows\System\GNBqhHF.exe
  2⤵
  PID:6316
- C:\Windows\System\gXPgLhO.exe
  C:\Windows\System\gXPgLhO.exe
  2⤵
  PID:7712
- C:\Windows\System\tujSFKJ.exe
  C:\Windows\System\tujSFKJ.exe
  2⤵
  PID:8216
- C:\Windows\System\XwaxyAR.exe
  C:\Windows\System\XwaxyAR.exe
  2⤵
  PID:6396
- C:\Windows\System\viQJDuX.exe
  C:\Windows\System\viQJDuX.exe
  2⤵
  PID:7840
- C:\Windows\System\QThOqOE.exe
  C:\Windows\System\QThOqOE.exe
  2⤵
  PID:2412
- C:\Windows\System\boUEXzf.exe
  C:\Windows\System\boUEXzf.exe
  2⤵
  PID:6484
- C:\Windows\System\fDyrhzW.exe
  C:\Windows\System\fDyrhzW.exe
  2⤵
  PID:7940
- C:\Windows\System\kAXDTgC.exe
  C:\Windows\System\kAXDTgC.exe
  2⤵
  PID:6612
- C:\Windows\System\kPEZgyz.exe
  C:\Windows\System\kPEZgyz.exe
  2⤵
  PID:5172
- C:\Windows\System\mhHtXZE.exe
  C:\Windows\System\mhHtXZE.exe
  2⤵
  PID:7928
- C:\Windows\System\qbzmrby.exe
  C:\Windows\System\qbzmrby.exe
  2⤵
  PID:3100
- C:\Windows\System\ayrnNvF.exe
  C:\Windows\System\ayrnNvF.exe
  2⤵
  PID:3212
- C:\Windows\System\AWvHKYL.exe
  C:\Windows\System\AWvHKYL.exe
  2⤵
  PID:8012
- C:\Windows\System\isHKSKA.exe
  C:\Windows\System\isHKSKA.exe
  2⤵
  PID:8756
- C:\Windows\System\tFZxOMB.exe
  C:\Windows\System\tFZxOMB.exe
  2⤵
  PID:8332
- C:\Windows\System\XAiuvDQ.exe
  C:\Windows\System\XAiuvDQ.exe
  2⤵
  PID:11532
- C:\Windows\System\UEdApYr.exe
  C:\Windows\System\UEdApYr.exe
  2⤵
  PID:8488
- C:\Windows\System\KPVEaGQ.exe
  C:\Windows\System\KPVEaGQ.exe
  2⤵
  PID:8556
- C:\Windows\System\kkYUmew.exe
  C:\Windows\System\kkYUmew.exe
  2⤵
  PID:7892
- C:\Windows\System\QVqcvIB.exe
  C:\Windows\System\QVqcvIB.exe
  2⤵
  PID:8912
- C:\Windows\System\LMbhaxB.exe
  C:\Windows\System\LMbhaxB.exe
  2⤵
  PID:8292
- C:\Windows\System\bxpAjon.exe
  C:\Windows\System\bxpAjon.exe
  2⤵
  PID:8972
- C:\Windows\System\KAVxEvQ.exe
  C:\Windows\System\KAVxEvQ.exe
  2⤵
  PID:4204
- C:\Windows\System\RhRmDRV.exe
  C:\Windows\System\RhRmDRV.exe
  2⤵
  PID:8916
- C:\Windows\System\zBbIZze.exe
  C:\Windows\System\zBbIZze.exe
  2⤵
  PID:9100
- C:\Windows\System\fstuTXW.exe
  C:\Windows\System\fstuTXW.exe
  2⤵
  PID:6268
- C:\Windows\System\Wleduvg.exe
  C:\Windows\System\Wleduvg.exe
  2⤵
  PID:8056
- C:\Windows\System\tlEftHF.exe
  C:\Windows\System\tlEftHF.exe
  2⤵
  PID:6240
- C:\Windows\System\HucdlST.exe
  C:\Windows\System\HucdlST.exe
  2⤵
  PID:6640
- C:\Windows\System\FUoFaqI.exe
  C:\Windows\System\FUoFaqI.exe
  2⤵
  PID:8
- C:\Windows\System\YjSUcfv.exe
  C:\Windows\System\YjSUcfv.exe
  2⤵
  PID:884
- C:\Windows\System\fEVTmBM.exe
  C:\Windows\System\fEVTmBM.exe
  2⤵
  PID:6276
- C:\Windows\System\qdtfMuM.exe
  C:\Windows\System\qdtfMuM.exe
  2⤵
  PID:9144
- C:\Windows\System\UiFvJcP.exe
  C:\Windows\System\UiFvJcP.exe
  2⤵
  PID:9180
- C:\Windows\System\GJZRSez.exe
  C:\Windows\System\GJZRSez.exe
  2⤵
  PID:6428
- C:\Windows\System\iBTWdxC.exe
  C:\Windows\System\iBTWdxC.exe
  2⤵
  PID:7064
- C:\Windows\System\xchWQVL.exe
  C:\Windows\System\xchWQVL.exe
  2⤵
  PID:9212
- C:\Windows\System\cDWxZrA.exe
  C:\Windows\System\cDWxZrA.exe
  2⤵
  PID:7000
- C:\Windows\System\uftbFVx.exe
  C:\Windows\System\uftbFVx.exe
  2⤵
  PID:6572
- C:\Windows\System\sepQxIi.exe
  C:\Windows\System\sepQxIi.exe
  2⤵
  PID:2128
- C:\Windows\System\lWBgvbU.exe
  C:\Windows\System\lWBgvbU.exe
  2⤵
  PID:6756
- C:\Windows\System\MRbmhDd.exe
  C:\Windows\System\MRbmhDd.exe
  2⤵
  PID:6552
- C:\Windows\System\fdzwTRH.exe
  C:\Windows\System\fdzwTRH.exe
  2⤵
  PID:6656
- C:\Windows\System\HiqtVkd.exe
  C:\Windows\System\HiqtVkd.exe
  2⤵
  PID:9172
- C:\Windows\System\SiQlsxI.exe
  C:\Windows\System\SiQlsxI.exe
  2⤵
  PID:6968
- C:\Windows\System\yCYhpXD.exe
  C:\Windows\System\yCYhpXD.exe
  2⤵
  PID:4556
- C:\Windows\System\sqWIYtE.exe
  C:\Windows\System\sqWIYtE.exe
  2⤵
  PID:968
- C:\Windows\System\zbchjnz.exe
  C:\Windows\System\zbchjnz.exe
  2⤵
  PID:6272
- C:\Windows\System\VRcvhgU.exe
  C:\Windows\System\VRcvhgU.exe
  2⤵
  PID:6888
- C:\Windows\System\gILCcLP.exe
  C:\Windows\System\gILCcLP.exe
  2⤵
  PID:8880
- C:\Windows\System\IxnmzCf.exe
  C:\Windows\System\IxnmzCf.exe
  2⤵
  PID:8652
- C:\Windows\System\qThqSsF.exe
  C:\Windows\System\qThqSsF.exe
  2⤵
  PID:6772
- C:\Windows\System\tXEttkS.exe
  C:\Windows\System\tXEttkS.exe
  2⤵
  PID:8604
- C:\Windows\System\XluQYuE.exe
  C:\Windows\System\XluQYuE.exe
  2⤵
  PID:8236
- C:\Windows\System\SiFLjCi.exe
  C:\Windows\System\SiFLjCi.exe
  2⤵
  PID:8372
- C:\Windows\System\IZdEHGE.exe
  C:\Windows\System\IZdEHGE.exe
  2⤵
  PID:4740
- C:\Windows\System\hzulNUn.exe
  C:\Windows\System\hzulNUn.exe
  2⤵
  PID:8600
- C:\Windows\System\HxNpzFw.exe
  C:\Windows\System\HxNpzFw.exe
  2⤵
  PID:4776
- C:\Windows\System\cRNWtMi.exe
  C:\Windows\System\cRNWtMi.exe
  2⤵
  PID:8744
- C:\Windows\System\beRCxDY.exe
  C:\Windows\System\beRCxDY.exe
  2⤵
  PID:1544
- C:\Windows\System\uUEtzAq.exe
  C:\Windows\System\uUEtzAq.exe
  2⤵
  PID:12324
- C:\Windows\System\uCSeaeB.exe
  C:\Windows\System\uCSeaeB.exe
  2⤵
  PID:12344
- C:\Windows\System\IOiuEnv.exe
  C:\Windows\System\IOiuEnv.exe
  2⤵
  PID:12388
- C:\Windows\System\vDjYVkz.exe
  C:\Windows\System\vDjYVkz.exe
  2⤵
  PID:12420
- C:\Windows\System\lrKccpM.exe
  C:\Windows\System\lrKccpM.exe
  2⤵
  PID:12436
- C:\Windows\System\fKGQoyC.exe
  C:\Windows\System\fKGQoyC.exe
  2⤵
  PID:12464
- C:\Windows\System\aFHByiz.exe
  C:\Windows\System\aFHByiz.exe
  2⤵
  PID:12504
- C:\Windows\System\EoeebFI.exe
  C:\Windows\System\EoeebFI.exe
  2⤵
  PID:12532
- C:\Windows\System\SXBZqGD.exe
  C:\Windows\System\SXBZqGD.exe
  2⤵
  PID:12548
- C:\Windows\System\frprgTU.exe
  C:\Windows\System\frprgTU.exe
  2⤵
  PID:12588
- C:\Windows\System\dadvDXd.exe
  C:\Windows\System\dadvDXd.exe
  2⤵
  PID:12604
- C:\Windows\System\kawOFHe.exe
  C:\Windows\System\kawOFHe.exe
  2⤵
  PID:12644
- C:\Windows\System\hnnoYRF.exe
  C:\Windows\System\hnnoYRF.exe
  2⤵
  PID:12664
- C:\Windows\System\RPdbawH.exe
  C:\Windows\System\RPdbawH.exe
  2⤵
  PID:12692
- C:\Windows\System\oNJEyJC.exe
  C:\Windows\System\oNJEyJC.exe
  2⤵
  PID:12728
- C:\Windows\System\LsiOKME.exe
  C:\Windows\System\LsiOKME.exe
  2⤵
  PID:12756
- C:\Windows\System\OMZovFk.exe
  C:\Windows\System\OMZovFk.exe
  2⤵
  PID:12796
- C:\Windows\System\jLmHkYN.exe
  C:\Windows\System\jLmHkYN.exe
  2⤵
  PID:12812
- C:\Windows\System\tWVGdIT.exe
  C:\Windows\System\tWVGdIT.exe
  2⤵
  PID:12840
- C:\Windows\System\gHFiGFA.exe
  C:\Windows\System\gHFiGFA.exe
  2⤵
  PID:12876
- C:\Windows\System\uJReWit.exe
  C:\Windows\System\uJReWit.exe
  2⤵
  PID:12908
- C:\Windows\System\HyOGuxu.exe
  C:\Windows\System\HyOGuxu.exe
  2⤵
  PID:12936
- C:\Windows\System\IPHzhfn.exe
  C:\Windows\System\IPHzhfn.exe
  2⤵
  PID:12964
- C:\Windows\System\MhWEoZy.exe
  C:\Windows\System\MhWEoZy.exe
  2⤵
  PID:12992
- C:\Windows\System\rafjycu.exe
  C:\Windows\System\rafjycu.exe
  2⤵
  PID:13016
- C:\Windows\System\sKGIkTj.exe
  C:\Windows\System\sKGIkTj.exe
  2⤵
  PID:13048
- C:\Windows\System\QdJFneT.exe
  C:\Windows\System\QdJFneT.exe
  2⤵
  PID:13076
- C:\Windows\System\tptloee.exe
  C:\Windows\System\tptloee.exe
  2⤵
  PID:13100
- C:\Windows\System\rQDavtV.exe
  C:\Windows\System\rQDavtV.exe
  2⤵
  PID:13132
- C:\Windows\System\EPFCjTo.exe
  C:\Windows\System\EPFCjTo.exe
  2⤵
  PID:13160
- C:\Windows\System\NsGIPVM.exe
  C:\Windows\System\NsGIPVM.exe
  2⤵
  PID:13188
- C:\Windows\System\rapCRst.exe
  C:\Windows\System\rapCRst.exe
  2⤵
  PID:13212
- C:\Windows\System\czmbvTt.exe
  C:\Windows\System\czmbvTt.exe
  2⤵
  PID:13252
- C:\Windows\System\mIqhXfD.exe
  C:\Windows\System\mIqhXfD.exe
  2⤵
  PID:13268
- C:\Windows\System\yWCMDtI.exe
  C:\Windows\System\yWCMDtI.exe
  2⤵
  PID:13296
- C:\Windows\System\eOhvGGS.exe
  C:\Windows\System\eOhvGGS.exe
  2⤵
  PID:12300
- C:\Windows\System\JxPCsYX.exe
  C:\Windows\System\JxPCsYX.exe
  2⤵
  PID:8348
- C:\Windows\System\KRZGZvr.exe
  C:\Windows\System\KRZGZvr.exe
  2⤵
  PID:920
- C:\Windows\System\sjNoaOF.exe
  C:\Windows\System\sjNoaOF.exe
  2⤵
  PID:12404
- C:\Windows\System\vhePePB.exe
  C:\Windows\System\vhePePB.exe
  2⤵
  PID:7492
- C:\Windows\System\sjvKzFx.exe
  C:\Windows\System\sjvKzFx.exe
  2⤵
  PID:1636
- C:\Windows\System\yplPwDQ.exe
  C:\Windows\System\yplPwDQ.exe
  2⤵
  PID:9220
- C:\Windows\System\ZwhQEIz.exe
  C:\Windows\System\ZwhQEIz.exe
  2⤵
  PID:12564
- C:\Windows\System\MGuHAOz.exe
  C:\Windows\System\MGuHAOz.exe
  2⤵
  PID:12624
- C:\Windows\System\yRFblht.exe
  C:\Windows\System\yRFblht.exe
  2⤵
  PID:12680
- C:\Windows\System\aDVTDTo.exe
  C:\Windows\System\aDVTDTo.exe
  2⤵
  PID:12372
- C:\Windows\System\HWCHgyS.exe
  C:\Windows\System\HWCHgyS.exe
  2⤵
  PID:12772
- C:\Windows\System\zcgeJic.exe
  C:\Windows\System\zcgeJic.exe
  2⤵
  PID:9448
- C:\Windows\System\cJhilkj.exe
  C:\Windows\System\cJhilkj.exe
  2⤵
  PID:12852
- C:\Windows\System\PLjansl.exe
  C:\Windows\System\PLjansl.exe
  2⤵
  PID:9548
- C:\Windows\System\CEFUDDO.exe
  C:\Windows\System\CEFUDDO.exe
  2⤵
  PID:12904
- C:\Windows\System\upJHshJ.exe
  C:\Windows\System\upJHshJ.exe
  2⤵
  PID:9616
- C:\Windows\System\rXnwmbq.exe
  C:\Windows\System\rXnwmbq.exe
  2⤵
  PID:12988
- C:\Windows\System\ihlUdwf.exe
  C:\Windows\System\ihlUdwf.exe
  2⤵
  PID:9700
- C:\Windows\System\zxudegv.exe
  C:\Windows\System\zxudegv.exe
  2⤵
  PID:9744
- C:\Windows\System\CuGyuNU.exe
  C:\Windows\System\CuGyuNU.exe
  2⤵
  PID:9760
- C:\Windows\System\zBqxtwm.exe
  C:\Windows\System\zBqxtwm.exe
  2⤵
  PID:13108
- C:\Windows\System\ndJujRb.exe
  C:\Windows\System\ndJujRb.exe
  2⤵
  PID:9844
- C:\Windows\System\sZSMYrL.exe
  C:\Windows\System\sZSMYrL.exe
  2⤵
  PID:9880
- C:\Windows\System\tLBueee.exe
  C:\Windows\System\tLBueee.exe
  2⤵
  PID:9928
- C:\Windows\System\NYWcUVs.exe
  C:\Windows\System\NYWcUVs.exe
  2⤵
  PID:13248
- C:\Windows\System\DYQpqnG.exe
  C:\Windows\System\DYQpqnG.exe
  2⤵
  PID:13284
- C:\Windows\System\kfHjpLd.exe
  C:\Windows\System\kfHjpLd.exe
  2⤵
  PID:8544
- C:\Windows\System\wLlMAlQ.exe
  C:\Windows\System\wLlMAlQ.exe
  2⤵
  PID:12364
- C:\Windows\System\KzDzFfw.exe
  C:\Windows\System\KzDzFfw.exe
  2⤵
  PID:9068
- C:\Windows\System\zctWXNl.exe
  C:\Windows\System\zctWXNl.exe
  2⤵
  PID:12448
- C:\Windows\System\dZigvDk.exe
  C:\Windows\System\dZigvDk.exe
  2⤵
  PID:9184
- C:\Windows\System\YccnDZc.exe
  C:\Windows\System\YccnDZc.exe
  2⤵
  PID:12528
- C:\Windows\System\irPtXEn.exe
  C:\Windows\System\irPtXEn.exe
  2⤵
  PID:9444
- C:\Windows\System\mwTspIQ.exe
  C:\Windows\System\mwTspIQ.exe
  2⤵
  PID:12616
- C:\Windows\System\EYQoztS.exe
  C:\Windows\System\EYQoztS.exe
  2⤵
  PID:12688
- C:\Windows\System\RLiPimR.exe
  C:\Windows\System\RLiPimR.exe
  2⤵
  PID:12744
- C:\Windows\System\HuwnPHw.exe
  C:\Windows\System\HuwnPHw.exe
  2⤵
  PID:12832
- C:\Windows\System\bMWHiPI.exe
  C:\Windows\System\bMWHiPI.exe
  2⤵
  PID:9864
- C:\Windows\System\BZaWohF.exe
  C:\Windows\System\BZaWohF.exe
  2⤵
  PID:9576
- C:\Windows\System\LrmBRGo.exe
  C:\Windows\System\LrmBRGo.exe
  2⤵
  PID:9648
- C:\Windows\System\aILwOaU.exe
  C:\Windows\System\aILwOaU.exe
  2⤵
  PID:10116
- C:\Windows\System\dqmDXmW.exe
  C:\Windows\System\dqmDXmW.exe
  2⤵
  PID:13064
- C:\Windows\System\qxShuWf.exe
  C:\Windows\System\qxShuWf.exe
  2⤵
  PID:9860
- C:\Windows\System\eOfOyDv.exe
  C:\Windows\System\eOfOyDv.exe
  2⤵
  PID:13196
- C:\Windows\System\khKtEOc.exe
  C:\Windows\System\khKtEOc.exe
  2⤵
  PID:2616
- C:\Windows\System\ABVUuXU.exe
  C:\Windows\System\ABVUuXU.exe
  2⤵
  PID:10076
- C:\Windows\System\jQnKzzt.exe
  C:\Windows\System\jQnKzzt.exe
  2⤵
  PID:10216
- C:\Windows\System\ltUCCXV.exe
  C:\Windows\System\ltUCCXV.exe
  2⤵
  PID:8376
- C:\Windows\System\erHFfzq.exe
  C:\Windows\System\erHFfzq.exe
  2⤵
  PID:12660
- C:\Windows\System\mZIpRRn.exe
  C:\Windows\System\mZIpRRn.exe
  2⤵
  PID:9512
- C:\Windows\System\vsXFSnI.exe
  C:\Windows\System\vsXFSnI.exe
  2⤵
  PID:1740
- C:\Windows\System\UWwxdZD.exe
  C:\Windows\System\UWwxdZD.exe
  2⤵
  PID:4668
- C:\Windows\System\JPLpQcK.exe
  C:\Windows\System\JPLpQcK.exe
  2⤵
  PID:8596
- C:\Windows\System\BqHPymt.exe
  C:\Windows\System\BqHPymt.exe
  2⤵
  PID:1872
- C:\Windows\System\qqYiuDv.exe
  C:\Windows\System\qqYiuDv.exe
  2⤵
  PID:9964
- C:\Windows\System\lQxzHoR.exe
  C:\Windows\System\lQxzHoR.exe
  2⤵
  PID:10084
- C:\Windows\System\oPhaDBs.exe
  C:\Windows\System\oPhaDBs.exe
  2⤵
  PID:9356
- C:\Windows\System\riGQpLi.exe
  C:\Windows\System\riGQpLi.exe
  2⤵
  PID:12600
- C:\Windows\System\OpxrJxy.exe
  C:\Windows\System\OpxrJxy.exe
  2⤵
  PID:12764
- C:\Windows\System\eQpvbql.exe
  C:\Windows\System\eQpvbql.exe
  2⤵
  PID:12884
- C:\Windows\System\YMpRWEE.exe
  C:\Windows\System\YMpRWEE.exe
  2⤵
  PID:9724
- C:\Windows\System\AoVNFAT.exe
  C:\Windows\System\AoVNFAT.exe
  2⤵
  PID:3656
- C:\Windows\System\uVliaKN.exe
  C:\Windows\System\uVliaKN.exe
  2⤵
  PID:8620
- C:\Windows\System\kmYDGcO.exe
  C:\Windows\System\kmYDGcO.exe
  2⤵
  PID:4432
- C:\Windows\System\VqXKrIe.exe
  C:\Windows\System\VqXKrIe.exe
  2⤵
  PID:9372
- C:\Windows\System\ydzmAcD.exe
  C:\Windows\System\ydzmAcD.exe
  2⤵
  PID:5184
- C:\Windows\System\FAaEAbe.exe
  C:\Windows\System\FAaEAbe.exe
  2⤵
  PID:10260
- C:\Windows\System\xqrSHrg.exe
  C:\Windows\System\xqrSHrg.exe
  2⤵
  PID:10288
- C:\Windows\System\WJNuDyA.exe
  C:\Windows\System\WJNuDyA.exe
  2⤵
  PID:10344
- C:\Windows\System\iWcQdkz.exe
  C:\Windows\System\iWcQdkz.exe
  2⤵
  PID:13236
- C:\Windows\System\JevTXek.exe
  C:\Windows\System\JevTXek.exe
  2⤵
  PID:10464
- C:\Windows\System\CxXeEot.exe
  C:\Windows\System\CxXeEot.exe
  2⤵
  PID:5116
- C:\Windows\System\oUKchKm.exe
  C:\Windows\System\oUKchKm.exe
  2⤵
  PID:1928
- C:\Windows\System\oCpxtaj.exe
  C:\Windows\System\oCpxtaj.exe
  2⤵
  PID:10160
- C:\Windows\System\aCdWPVq.exe
  C:\Windows\System\aCdWPVq.exe
  2⤵
  PID:996
- C:\Windows\System\UHQBQmX.exe
  C:\Windows\System\UHQBQmX.exe
  2⤵
  PID:4680
- C:\Windows\System\ZDnnTbk.exe
  C:\Windows\System\ZDnnTbk.exe
  2⤵
  PID:5328
- C:\Windows\System\KOHiWud.exe
  C:\Windows\System\KOHiWud.exe
  2⤵
  PID:2488
- C:\Windows\System\SquKJPU.exe
  C:\Windows\System\SquKJPU.exe
  2⤵
  PID:10492
- C:\Windows\System\YuLNLEC.exe
  C:\Windows\System\YuLNLEC.exe
  2⤵
  PID:10752
- C:\Windows\System\dBQSiNP.exe
  C:\Windows\System\dBQSiNP.exe
  2⤵
  PID:5904
- C:\Windows\System\QeYQqsH.exe
  C:\Windows\System\QeYQqsH.exe
  2⤵
  PID:10612
- C:\Windows\System\KwyzjoJ.exe
  C:\Windows\System\KwyzjoJ.exe
  2⤵
  PID:10860
- C:\Windows\System\rFBMkkv.exe
  C:\Windows\System\rFBMkkv.exe
  2⤵
  PID:10924
- C:\Windows\System\XyANJwh.exe
  C:\Windows\System\XyANJwh.exe
  2⤵
  PID:10952
- C:\Windows\System\dkwjcdo.exe
  C:\Windows\System\dkwjcdo.exe
  2⤵
  PID:8712
- C:\Windows\System\vRqTdod.exe
  C:\Windows\System\vRqTdod.exe
  2⤵
  PID:9076
- C:\Windows\System\YDivRmr.exe
  C:\Windows\System\YDivRmr.exe
  2⤵
  PID:11084
- C:\Windows\System\zFxkqRZ.exe
  C:\Windows\System\zFxkqRZ.exe
  2⤵
  PID:5936
- C:\Windows\System\sYglAUs.exe
  C:\Windows\System\sYglAUs.exe
  2⤵
  PID:10876
- C:\Windows\System\zgsgeeC.exe
  C:\Windows\System\zgsgeeC.exe
  2⤵
  PID:11252
- C:\Windows\System\VRMraVA.exe
  C:\Windows\System\VRMraVA.exe
  2⤵
  PID:10984
- C:\Windows\System\uxZhxaN.exe
  C:\Windows\System\uxZhxaN.exe
  2⤵
  PID:10384
- C:\Windows\System\cFHdRZu.exe
  C:\Windows\System\cFHdRZu.exe
  2⤵
  PID:10448
- C:\Windows\System\vkLFtFZ.exe
  C:\Windows\System\vkLFtFZ.exe
  2⤵
  PID:11120
- C:\Windows\System\bcOQirz.exe
  C:\Windows\System\bcOQirz.exe
  2⤵
  PID:11224
- C:\Windows\System\VhbcqRW.exe
  C:\Windows\System\VhbcqRW.exe
  2⤵
  PID:10688
- C:\Windows\System\ihmhBBi.exe
  C:\Windows\System\ihmhBBi.exe
  2⤵
  PID:10744
- C:\Windows\System\hyAbhUM.exe
  C:\Windows\System\hyAbhUM.exe
  2⤵
  PID:10692
- C:\Windows\System\rCBHZiH.exe
  C:\Windows\System\rCBHZiH.exe
  2⤵
  PID:10544
- C:\Windows\System\HPskyED.exe
  C:\Windows\System\HPskyED.exe
  2⤵
  PID:11060
- C:\Windows\System\dEnGpAZ.exe
  C:\Windows\System\dEnGpAZ.exe
  2⤵
  PID:4940
- C:\Windows\System\tNaZISV.exe
  C:\Windows\System\tNaZISV.exe
  2⤵
  PID:11196
- C:\Windows\System\RLvAmyo.exe
  C:\Windows\System\RLvAmyo.exe
  2⤵
  PID:11260
- C:\Windows\System\xKeqQbA.exe
  C:\Windows\System\xKeqQbA.exe
  2⤵
  PID:9308
- C:\Windows\System\KhFsQmB.exe
  C:\Windows\System\KhFsQmB.exe
  2⤵
  PID:10772
- C:\Windows\System\LBEejlD.exe
  C:\Windows\System\LBEejlD.exe
  2⤵
  PID:9248
- C:\Windows\System\NtuIBRy.exe
  C:\Windows\System\NtuIBRy.exe
  2⤵
  PID:3168
- C:\Windows\System\UsslHIO.exe
  C:\Windows\System\UsslHIO.exe
  2⤵
  PID:10512
- C:\Windows\System\rNIQODp.exe
  C:\Windows\System\rNIQODp.exe
  2⤵
  PID:552
- C:\Windows\System\BuDWQVH.exe
  C:\Windows\System\BuDWQVH.exe
  2⤵
  PID:13328
- C:\Windows\System\kZwqvyM.exe
  C:\Windows\System\kZwqvyM.exe
  2⤵
  PID:13344
- C:\Windows\System\flbnWKQ.exe
  C:\Windows\System\flbnWKQ.exe
  2⤵
  PID:13376
- C:\Windows\System\hJBBwRZ.exe
  C:\Windows\System\hJBBwRZ.exe
  2⤵
  PID:13412
- C:\Windows\System\BkTzPdL.exe
  C:\Windows\System\BkTzPdL.exe
  2⤵
  PID:13440
- C:\Windows\System\qQgsxzU.exe
  C:\Windows\System\qQgsxzU.exe
  2⤵
  PID:13472
- C:\Windows\System\LPLqTxL.exe
  C:\Windows\System\LPLqTxL.exe
  2⤵
  PID:13488
- C:\Windows\System\VEQqqSB.exe
  C:\Windows\System\VEQqqSB.exe
  2⤵
  PID:13524
- C:\Windows\System\aJpdkrD.exe
  C:\Windows\System\aJpdkrD.exe
  2⤵
  PID:13548
- C:\Windows\System\cFicbKj.exe
  C:\Windows\System\cFicbKj.exe
  2⤵
  PID:13572
- C:\Windows\System\eTRbLkM.exe
  C:\Windows\System\eTRbLkM.exe
  2⤵
  PID:13600
- C:\Windows\System\yjmAOFQ.exe
  C:\Windows\System\yjmAOFQ.exe
  2⤵
  PID:13644
- C:\Windows\System\CldKUcq.exe
  C:\Windows\System\CldKUcq.exe
  2⤵
  PID:13660
- C:\Windows\System\qGaltMh.exe
  C:\Windows\System\qGaltMh.exe
  2⤵
  PID:13700
- C:\Windows\System\gjIqWCy.exe
  C:\Windows\System\gjIqWCy.exe
  2⤵
  PID:13728
- C:\Windows\System\kynUYWG.exe
  C:\Windows\System\kynUYWG.exe
  2⤵
  PID:13752
- C:\Windows\System\KUtpgNq.exe
  C:\Windows\System\KUtpgNq.exe
  2⤵
  PID:13784
- C:\Windows\System\NtwvHCM.exe
  C:\Windows\System\NtwvHCM.exe
  2⤵
  PID:13804
- C:\Windows\System\GcGnhHR.exe
  C:\Windows\System\GcGnhHR.exe
  2⤵
  PID:13840
- C:\Windows\System\fVjImpL.exe
  C:\Windows\System\fVjImpL.exe
  2⤵
  PID:13864
- C:\Windows\System\GsLrrpN.exe
  C:\Windows\System\GsLrrpN.exe
  2⤵
  PID:13896
- C:\Windows\System\QAnqTCU.exe
  C:\Windows\System\QAnqTCU.exe
  2⤵
  PID:13920
- C:\Windows\System\wSfhosC.exe
  C:\Windows\System\wSfhosC.exe
  2⤵
  PID:13948
- C:\Windows\System\mBbtWBk.exe
  C:\Windows\System\mBbtWBk.exe
  2⤵
  PID:13988
- C:\Windows\System\yQPYAnm.exe
  C:\Windows\System\yQPYAnm.exe
  2⤵
  PID:14004
- C:\Windows\System\keFgNWW.exe
  C:\Windows\System\keFgNWW.exe
  2⤵
  PID:14032
- C:\Windows\System\AomHwlc.exe
  C:\Windows\System\AomHwlc.exe
  2⤵
  PID:14072
- C:\Windows\System\kOjaxQr.exe
  C:\Windows\System\kOjaxQr.exe
  2⤵
  PID:14100
- C:\Windows\System\UZBlOgh.exe
  C:\Windows\System\UZBlOgh.exe
  2⤵
  PID:14116
- C:\Windows\System\CuJODNq.exe
  C:\Windows\System\CuJODNq.exe
  2⤵
  PID:14156
- C:\Windows\System\SnRXGnn.exe
  C:\Windows\System\SnRXGnn.exe
  2⤵
  PID:14180
- C:\Windows\System\ZACeCYs.exe
  C:\Windows\System\ZACeCYs.exe
  2⤵
  PID:14208
- C:\Windows\System\zommxKi.exe
  C:\Windows\System\zommxKi.exe
  2⤵
  PID:14232
- C:\Windows\System\piEGWrE.exe
  C:\Windows\System\piEGWrE.exe
  2⤵
  PID:14264
- C:\Windows\System\pIXqxtx.exe
  C:\Windows\System\pIXqxtx.exe
  2⤵
  PID:14292
- C:\Windows\System\thalabH.exe
  C:\Windows\System\thalabH.exe
  2⤵
  PID:14320
- C:\Windows\System\HFWVdXG.exe
  C:\Windows\System\HFWVdXG.exe
  2⤵
  PID:13324
- C:\Windows\System\NJqoCuO.exe
  C:\Windows\System\NJqoCuO.exe
  2⤵
  PID:13384
- C:\Windows\System\eNaIiRB.exe
  C:\Windows\System\eNaIiRB.exe
  2⤵
  PID:13448
- C:\Windows\System\XOXYWiY.exe
  C:\Windows\System\XOXYWiY.exe
  2⤵
  PID:13504
- C:\Windows\System\LxYXkfL.exe
  C:\Windows\System\LxYXkfL.exe
  2⤵
  PID:13564
- C:\Windows\System\XmaRquB.exe
  C:\Windows\System\XmaRquB.exe
  2⤵
  PID:13596
- C:\Windows\System\xDfmfvT.exe
  C:\Windows\System\xDfmfvT.exe
  2⤵
  PID:3704
- C:\Windows\System\iBjklfi.exe
  C:\Windows\System\iBjklfi.exe
  2⤵
  PID:13712
- C:\Windows\System\JXiNDaq.exe
  C:\Windows\System\JXiNDaq.exe
  2⤵
  PID:13764
- C:\Windows\System\MEkEPMA.exe
  C:\Windows\System\MEkEPMA.exe
  2⤵
  PID:13836
- C:\Windows\System\RNkONfr.exe
  C:\Windows\System\RNkONfr.exe
  2⤵
  PID:2896
- C:\Windows\System\DkpwMJe.exe
  C:\Windows\System\DkpwMJe.exe
  2⤵
  PID:13928
- C:\Windows\System\nArjTia.exe
  C:\Windows\System\nArjTia.exe
  2⤵
  PID:9800
- C:\Windows\System\iOfaWWc.exe
  C:\Windows\System\iOfaWWc.exe
  2⤵
  PID:11232
- C:\Windows\System\lPZIASF.exe
  C:\Windows\System\lPZIASF.exe
  2⤵
  PID:2236
- C:\Windows\System\AofoZEU.exe
  C:\Windows\System\AofoZEU.exe
  2⤵
  PID:4376
- C:\Windows\System\dfhaIsU.exe
  C:\Windows\System\dfhaIsU.exe
  2⤵
  PID:10396
- C:\Windows\System\DilEqYI.exe
  C:\Windows\System\DilEqYI.exe
  2⤵
  PID:14112
- C:\Windows\System\KzUBmmY.exe
  C:\Windows\System\KzUBmmY.exe
  2⤵
  PID:14152
- C:\Windows\System\WWsBVed.exe
  C:\Windows\System\WWsBVed.exe
  2⤵
  PID:14176
- C:\Windows\System\nqnbnyJ.exe
  C:\Windows\System\nqnbnyJ.exe
  2⤵
  PID:11436
- C:\Windows\System\vpwuvPu.exe
  C:\Windows\System\vpwuvPu.exe
  2⤵
  PID:11456
- C:\Windows\System\JYSmNVz.exe
  C:\Windows\System\JYSmNVz.exe
  2⤵
  PID:13940
- C:\Windows\System\BJDzsNU.exe
  C:\Windows\System\BJDzsNU.exe
  2⤵
  PID:11580
- C:\Windows\System\CbdmlEZ.exe
  C:\Windows\System\CbdmlEZ.exe
  2⤵
  PID:11596
- C:\Windows\System\GFDbbVF.exe
  C:\Windows\System\GFDbbVF.exe
  2⤵
  PID:13408
- C:\Windows\System\UGSdauW.exe
  C:\Windows\System\UGSdauW.exe
  2⤵
  PID:11704
- C:\Windows\System\xwgISvQ.exe
  C:\Windows\System\xwgISvQ.exe
  2⤵
  PID:11748
- C:\Windows\System\YFCtAWJ.exe
  C:\Windows\System\YFCtAWJ.exe
  2⤵
  PID:11768
- C:\Windows\System\TccKJKS.exe
  C:\Windows\System\TccKJKS.exe
  2⤵
  PID:11860
- C:\Windows\System\dQFuBMC.exe
  C:\Windows\System\dQFuBMC.exe
  2⤵
  PID:13740
- C:\Windows\System\SGYgRzI.exe
  C:\Windows\System\SGYgRzI.exe
  2⤵
  PID:13820
- C:\Windows\System\iGDBujk.exe
  C:\Windows\System\iGDBujk.exe
  2⤵
  PID:11960
- C:\Windows\System\piWcJky.exe
  C:\Windows\System\piWcJky.exe
  2⤵
  PID:13956
- C:\Windows\System\sSvrrWf.exe
  C:\Windows\System\sSvrrWf.exe
  2⤵
  PID:14016
- C:\Windows\System\YyNlOLc.exe
  C:\Windows\System\YyNlOLc.exe
  2⤵
  PID:2324
- C:\Windows\System\HXoONFD.exe
  C:\Windows\System\HXoONFD.exe
  2⤵
  PID:12076
- C:\Windows\System\zZKltJe.exe
  C:\Windows\System\zZKltJe.exe
  2⤵
  PID:11324
- C:\Windows\System\hHTOVtL.exe
  C:\Windows\System\hHTOVtL.exe
  2⤵
  PID:6300
- C:\Windows\System\qMoFTOu.exe
  C:\Windows\System\qMoFTOu.exe
  2⤵
  PID:12268
- C:\Windows\System\mkEpMJZ.exe
  C:\Windows\System\mkEpMJZ.exe
  2⤵
  PID:11384
- C:\Windows\System\PNudeMN.exe
  C:\Windows\System\PNudeMN.exe
  2⤵
  PID:4052
- C:\Windows\System\vUCnXol.exe
  C:\Windows\System\vUCnXol.exe
  2⤵
  PID:5128
- C:\Windows\System\fzefMxf.exe
  C:\Windows\System\fzefMxf.exe
  2⤵
  PID:11592
- C:\Windows\System\IosWtbb.exe
  C:\Windows\System\IosWtbb.exe
  2⤵
  PID:14332
- C:\Windows\System\RXUiuFY.exe
  C:\Windows\System\RXUiuFY.exe
  2⤵
  PID:6460
- C:\Windows\System\dCfPKJI.exe
  C:\Windows\System\dCfPKJI.exe
  2⤵
  PID:13396
- C:\Windows\System\RetYrjf.exe
  C:\Windows\System\RetYrjf.exe
  2⤵
  PID:11920
- C:\Windows\System\WygVebx.exe
  C:\Windows\System\WygVebx.exe
  2⤵
  PID:13540
- C:\Windows\System\wiIQyUX.exe
  C:\Windows\System\wiIQyUX.exe
  2⤵
  PID:12008
- C:\Windows\System\xZdsvfz.exe
  C:\Windows\System\xZdsvfz.exe
  2⤵
  PID:5620
- C:\Windows\System\RjmVRvi.exe
  C:\Windows\System\RjmVRvi.exe
  2⤵
  PID:13792
- C:\Windows\System\cvtCBKI.exe
  C:\Windows\System\cvtCBKI.exe
  2⤵
  PID:12120
- C:\Windows\System\ZVWGcdl.exe
  C:\Windows\System\ZVWGcdl.exe
  2⤵
  PID:11992
- C:\Windows\System\odPHfbJ.exe
  C:\Windows\System\odPHfbJ.exe
  2⤵
  PID:14000
- C:\Windows\System\RiPHQle.exe
  C:\Windows\System\RiPHQle.exe
  2⤵
  PID:11116
- C:\Windows\System\NidDnXK.exe
  C:\Windows\System\NidDnXK.exe
  2⤵
  PID:11376
- C:\Windows\System\qCiQgbN.exe
  C:\Windows\System\qCiQgbN.exe
  2⤵
  PID:12156
- C:\Windows\System\JzjXCMk.exe
  C:\Windows\System\JzjXCMk.exe
  2⤵
  PID:12276
- C:\Windows\System\nIOSvKk.exe
  C:\Windows\System\nIOSvKk.exe
  2⤵
  PID:12212
- C:\Windows\System\JgrThAU.exe
  C:\Windows\System\JgrThAU.exe
  2⤵
  PID:11540
- C:\Windows\System\RIWMXDJ.exe
  C:\Windows\System\RIWMXDJ.exe
  2⤵
  PID:5732
- C:\Windows\System\NjYwvxT.exe
  C:\Windows\System\NjYwvxT.exe
  2⤵
  PID:13336
- C:\Windows\System\iQeVhNL.exe
  C:\Windows\System\iQeVhNL.exe
  2⤵
  PID:11808
- C:\Windows\System\QNWTAEc.exe
  C:\Windows\System\QNWTAEc.exe
  2⤵
  PID:2420
- C:\Windows\System\VCJxeGu.exe
  C:\Windows\System\VCJxeGu.exe
  2⤵
  PID:5632
- C:\Windows\System\heMrVvo.exe
  C:\Windows\System\heMrVvo.exe
  2⤵
  PID:13640
- C:\Windows\System\vDjEWzB.exe
  C:\Windows\System\vDjEWzB.exe
  2⤵
  PID:5324
- C:\Windows\System\RHUcHVh.exe
  C:\Windows\System\RHUcHVh.exe
  2⤵
  PID:7428
- C:\Windows\System\UzquIoy.exe
  C:\Windows\System\UzquIoy.exe
  2⤵
  PID:12240
- C:\Windows\System\hGmSPrA.exe
  C:\Windows\System\hGmSPrA.exe
  2⤵
  PID:14068
- C:\Windows\System\FWAEBFp.exe
  C:\Windows\System\FWAEBFp.exe
  2⤵
  PID:5708
- C:\Windows\System\yZotKLj.exe
  C:\Windows\System\yZotKLj.exe
  2⤵
  PID:5580
- C:\Windows\System\XDPPktd.exe
  C:\Windows\System\XDPPktd.exe
  2⤵
  PID:11608
- C:\Windows\System\QErOKMw.exe
  C:\Windows\System\QErOKMw.exe
  2⤵
  PID:6024
- C:\Windows\System\KuQLZmM.exe
  C:\Windows\System\KuQLZmM.exe
  2⤵
  PID:11700
- C:\Windows\System\fxhOMNn.exe
  C:\Windows\System\fxhOMNn.exe
  2⤵
  PID:1212
- C:\Windows\System\QvtfjJP.exe
  C:\Windows\System\QvtfjJP.exe
  2⤵
  PID:2096
- C:\Windows\System\yNsbZYQ.exe
  C:\Windows\System\yNsbZYQ.exe
  2⤵
  PID:13624
- C:\Windows\System\ufKRgyy.exe
  C:\Windows\System\ufKRgyy.exe
  2⤵
  PID:13736
- C:\Windows\System\AvCoNxm.exe
  C:\Windows\System\AvCoNxm.exe
  2⤵
  PID:12124
- C:\Windows\System\jTMbTxG.exe
  C:\Windows\System\jTMbTxG.exe
  2⤵
  PID:4500
- C:\Windows\System\VVxCLlH.exe
  C:\Windows\System\VVxCLlH.exe
  2⤵
  PID:5968
- C:\Windows\System\DTGjbMX.exe
  C:\Windows\System\DTGjbMX.exe
  2⤵
  PID:11292
- C:\Windows\System\dzieORB.exe
  C:\Windows\System\dzieORB.exe
  2⤵
  PID:7248
- C:\Windows\System\jeesGFq.exe
  C:\Windows\System\jeesGFq.exe
  2⤵
  PID:7864
- C:\Windows\System\djxjFnG.exe
  C:\Windows\System\djxjFnG.exe
  2⤵
  PID:12232
- C:\Windows\System\EBqbrrc.exe
  C:\Windows\System\EBqbrrc.exe
  2⤵
  PID:1932
- C:\Windows\System\BXDeosx.exe
  C:\Windows\System\BXDeosx.exe
  2⤵
  PID:13340
- C:\Windows\System\sCCEYAV.exe
  C:\Windows\System\sCCEYAV.exe
  2⤵
  PID:3960
- C:\Windows\System\PKwETZJ.exe
  C:\Windows\System\PKwETZJ.exe
  2⤵
  PID:12092
- C:\Windows\System\beMQkoq.exe
  C:\Windows\System\beMQkoq.exe
  2⤵
  PID:7820
- C:\Windows\System\xdmVsRn.exe
  C:\Windows\System\xdmVsRn.exe
  2⤵
  PID:12272
- C:\Windows\System\UaXBYuF.exe
  C:\Windows\System\UaXBYuF.exe
  2⤵
  PID:7936
- C:\Windows\System\NsJSWsV.exe
  C:\Windows\System\NsJSWsV.exe
  2⤵
  PID:7272
- C:\Windows\System\YfIAuIK.exe
  C:\Windows\System\YfIAuIK.exe
  2⤵
  PID:5364
- C:\Windows\System\eMrKdKU.exe
  C:\Windows\System\eMrKdKU.exe
  2⤵
  PID:5132
- C:\Windows\System\JhKSPMb.exe
  C:\Windows\System\JhKSPMb.exe
  2⤵
  PID:5252
- C:\Windows\System\MfDMIUA.exe
  C:\Windows\System\MfDMIUA.exe
  2⤵
  PID:10848
- C:\Windows\System\DVnLIQU.exe
  C:\Windows\System\DVnLIQU.exe
  2⤵
  PID:7156
- C:\Windows\System\BrxZRyf.exe
  C:\Windows\System\BrxZRyf.exe
  2⤵
  PID:3012
- C:\Windows\System\MIjebxE.exe
  C:\Windows\System\MIjebxE.exe
  2⤵
  PID:6000
- C:\Windows\System\RkfOThu.exe
  C:\Windows\System\RkfOThu.exe
  2⤵
  PID:6804
- C:\Windows\System\QdngLtV.exe
  C:\Windows\System\QdngLtV.exe
  2⤵
  PID:8212
- C:\Windows\System\dRszyyJ.exe
  C:\Windows\System\dRszyyJ.exe
  2⤵
  PID:11300
- C:\Windows\System\VZvfdvW.exe
  C:\Windows\System\VZvfdvW.exe
  2⤵
  PID:10788
- C:\Windows\System\gAeAxsD.exe
  C:\Windows\System\gAeAxsD.exe
  2⤵
  PID:8420
- C:\Windows\System\JGUJZEW.exe
  C:\Windows\System\JGUJZEW.exe
  2⤵
  PID:8508
- C:\Windows\System\fxlIuIt.exe
  C:\Windows\System\fxlIuIt.exe
  2⤵
  PID:7300
- C:\Windows\System\pXUJOUm.exe
  C:\Windows\System\pXUJOUm.exe
  2⤵
  PID:8740
- C:\Windows\System\MlygvlD.exe
  C:\Windows\System\MlygvlD.exe
  2⤵
  PID:8452
- C:\Windows\System\APGtwNv.exe
  C:\Windows\System\APGtwNv.exe
  2⤵
  PID:8516
- C:\Windows\System\ZTVLjyU.exe
  C:\Windows\System\ZTVLjyU.exe
  2⤵
  PID:4532
- C:\Windows\System\tBsHowv.exe
  C:\Windows\System\tBsHowv.exe
  2⤵
  PID:8748
- C:\Windows\System\RvjDueJ.exe
  C:\Windows\System\RvjDueJ.exe
  2⤵
  PID:8088
- C:\Windows\System\XHCKVhb.exe
  C:\Windows\System\XHCKVhb.exe
  2⤵
  PID:6560
- C:\Windows\System\PfGKtoG.exe
  C:\Windows\System\PfGKtoG.exe
  2⤵
  PID:6296
- C:\Windows\System\poEcTJb.exe
  C:\Windows\System\poEcTJb.exe
  2⤵
  PID:4544
- C:\Windows\System\BuDdwsH.exe
  C:\Windows\System\BuDdwsH.exe
  2⤵
  PID:8368
- C:\Windows\System\DuWDrce.exe
  C:\Windows\System\DuWDrce.exe
  2⤵
  PID:5272
- C:\Windows\System\aORZxrN.exe
  C:\Windows\System\aORZxrN.exe
  2⤵
  PID:7672
- C:\Windows\System\CjsAxgA.exe
  C:\Windows\System\CjsAxgA.exe
  2⤵
  PID:6644
- C:\Windows\System\DlNKoGs.exe
  C:\Windows\System\DlNKoGs.exe
  2⤵
  PID:5060
- C:\Windows\System\dbaFueG.exe
  C:\Windows\System\dbaFueG.exe
  2⤵
  PID:6984
- C:\Windows\System\kczCwcz.exe
  C:\Windows\System\kczCwcz.exe
  2⤵
  PID:8232
- C:\Windows\System\QBcZZAj.exe
  C:\Windows\System\QBcZZAj.exe
  2⤵
  PID:6848
- C:\Windows\System\LTMQkSe.exe
  C:\Windows\System\LTMQkSe.exe
  2⤵
  PID:8248
- C:\Windows\System\cTQhTlr.exe
  C:\Windows\System\cTQhTlr.exe
  2⤵
  PID:3396
- C:\Windows\System\DLaIcdJ.exe
  C:\Windows\System\DLaIcdJ.exe
  2⤵
  PID:14356
- C:\Windows\System\RDOAGtK.exe
  C:\Windows\System\RDOAGtK.exe
  2⤵
  PID:14384
- C:\Windows\System\TjzatFR.exe
  C:\Windows\System\TjzatFR.exe
  2⤵
  PID:14412
- C:\Windows\System\PKisqIA.exe
  C:\Windows\System\PKisqIA.exe
  2⤵
  PID:14444
- C:\Windows\System\DcWkQeb.exe
  C:\Windows\System\DcWkQeb.exe
  2⤵
  PID:14472
- C:\Windows\System\RXbSGVk.exe
  C:\Windows\System\RXbSGVk.exe
  2⤵
  PID:14504
- C:\Windows\System\hFPnmPC.exe
  C:\Windows\System\hFPnmPC.exe
  2⤵
  PID:14532
- C:\Windows\System\FobasSb.exe
  C:\Windows\System\FobasSb.exe
  2⤵
  PID:14560
- C:\Windows\System\ydWNigD.exe
  C:\Windows\System\ydWNigD.exe
  2⤵
  PID:14588
- C:\Windows\System\YDbvrZp.exe
  C:\Windows\System\YDbvrZp.exe
  2⤵
  PID:14616
- C:\Windows\System\hFKjRpj.exe
  C:\Windows\System\hFKjRpj.exe
  2⤵
  PID:14644
- C:\Windows\System\MSnZfDo.exe
  C:\Windows\System\MSnZfDo.exe
  2⤵
  PID:14660
- C:\Windows\System\ASxDjXI.exe
  C:\Windows\System\ASxDjXI.exe
  2⤵
  PID:14708
- C:\Windows\System\BfbshUI.exe
  C:\Windows\System\BfbshUI.exe
  2⤵
  PID:14736
- C:\Windows\System\kAuudKk.exe
  C:\Windows\System\kAuudKk.exe
  2⤵
  PID:14768
- C:\Windows\System\ebcjSLp.exe
  C:\Windows\System\ebcjSLp.exe
  2⤵
  PID:14796
- C:\Windows\System\DhXKOmu.exe
  C:\Windows\System\DhXKOmu.exe
  2⤵
  PID:14824
- C:\Windows\System\lQgTqJn.exe
  C:\Windows\System\lQgTqJn.exe
  2⤵
  PID:14848
- C:\Windows\System\aetXFRc.exe
  C:\Windows\System\aetXFRc.exe
  2⤵
  PID:14880
- C:\Windows\System\uLLtxnT.exe
  C:\Windows\System\uLLtxnT.exe
  2⤵
  PID:14908
- C:\Windows\System\ZVAjnep.exe
  C:\Windows\System\ZVAjnep.exe
  2⤵
  PID:14932
- C:\Windows\System\DqIhTvU.exe
  C:\Windows\System\DqIhTvU.exe
  2⤵
  PID:14960
- C:\Windows\System\zyOSQPe.exe
  C:\Windows\System\zyOSQPe.exe
  2⤵
  PID:14992
- C:\Windows\System\MGbVRfb.exe
  C:\Windows\System\MGbVRfb.exe
  2⤵
  PID:15024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ACnzFvL.exe

Filesize
6.0MB

MD5
bbd96b6cca5b4618dea7a01effd54b85

SHA1
88813da12d28b431f8e513b895911e61f34abc9e

SHA256
2e55a5b7199288084e0a4638a94b6cd04fde2e15fd8473ab6e7e120f684337bc

SHA512
e44ea11f8605ab1c0a2e8399cf0cf53278536dd270a6707f1816f1a2b30131502a86584ceb52ced3956e0f80651c2b7f46e3805078d8a89e670118653ff237ab

Download Submit
C:\Windows\System\AevosYe.exe

Filesize
6.0MB

MD5
3ba51038819b3fc6930a7a9b27902388

SHA1
ad89084021aba2bc31d95500796ce5a264723115

SHA256
752b6d7db85a6a4792af707e6ccd128c13d3c06e3c4145c00c7a8f4f1ba0d066

SHA512
74f2743d20368d5777dabd6d54f93fabf3cdf33cb40be1b7bdbf3cc1998a7e9efc67cfa003c1574f09f9c7c0b89cbde7ed1f53dfd5b3200ab8c0d3ede57c3555

Download Submit
C:\Windows\System\BSOhwJk.exe

Filesize
6.0MB

MD5
08e09373785e0d49365e4dfe3670b14a

SHA1
297fbe598c54c5806d3ca4970fe52228a6c617fb

SHA256
52a1866d4cec150af03676d31dca2138ac4bda6cce9b47dc16b44c063e336328

SHA512
d5944a02e4ddfa498d77f029579bd4111c36bebce7d849d3243f1b8b7b60a704a7ddd4390e9d04edda5d6f89e61e38e496977f6c2b809e9b253f9dd47e05fe89

Download Submit
C:\Windows\System\CcPaEKg.exe

Filesize
6.0MB

MD5
147265ff17ea12728a517b46d3640558

SHA1
9faa32324be4430819728537e6a3bfe90776ba6b

SHA256
9a3fde0d8c16e25d45e4695cce50690893704811ab9eb8bd0584ca0f769952a9

SHA512
48ba7f62b1621676f57c63bc7dfb57370a22d3d52504192984d2462cc67aaf91ba78ca2ce0f63ebe0cd65a7f3f9b3e4a0cd8bec943ac9183609353af2b8549c8

Download Submit
C:\Windows\System\FuouFnK.exe

Filesize
6.0MB

MD5
3442ead06f2365c0e812047f80048d10

SHA1
e1d1eac6e106d9eef6f316f1686f8fba1a1ba774

SHA256
e09d17719ed9062eef349f3c73b8570cc761b2ea33eeeacaf1870853ed655841

SHA512
11e593c8535d3021dd11f977ff9e8310fb8aa25560026805d450f3460e7d2d4cf2d4313c7860f811fb865edad4741df99ac10003d2884bdcc289f0d5f84f49ea

Download Submit
C:\Windows\System\IBvYzJc.exe

Filesize
6.0MB

MD5
840c10f7dffbb77e24543bf349944e38

SHA1
4a5d87643894eb1d0bd58aeca0644e87f3b8085e

SHA256
5bd6c732724bfa5824c96a4ecf4455ba0303ccbeafec65512cd39076db76f5f6

SHA512
cf1262b948b38b2f7617aae366f8fb3d1bee9525ff2c39d89466cfe9c600466f59ee93059f107ce7a173045e7ed05d8dd4a3c2db629664572245a2b2046e58bd

Download Submit
C:\Windows\System\KqFnuFy.exe

Filesize
6.0MB

MD5
e83f258a16d1ee610f3544f4fd6221e7

SHA1
dd9c7c7f71e79572931ce84126cdcdfadb0f3cd3

SHA256
c54cc8929cc1d776a6969ad292812d44fd0b5330605f58af2e789403dbdfae1e

SHA512
fddbd78582e4d56f8caa51ea3b014e37a54d4534a507af2e49996296ddb5104ce6bc69984356d480948671023b05a33da43ceab8cd628c126882e943f3e85166

Download Submit
C:\Windows\System\LmvLVMK.exe

Filesize
6.0MB

MD5
15bb72c8889ea38e644a5152a36f1fc6

SHA1
9de370a7d35a3d804af4c87739220894a49446fc

SHA256
eae52254a3ae8c7991dd419add0733572473a5cabb21325fd18e5435b6c410e0

SHA512
82eda9d4b8687def53c1b5ad5cdaa27a6e5f37f2322fb86d4bb872aa83cb2f51a3071d7d281665f8880f4184599b7423c28005f9faa805f62944f15cbb02ec6c

Download Submit
C:\Windows\System\MInXGvM.exe

Filesize
6.0MB

MD5
a60c0177f32cb52c73becc59b7ad4683

SHA1
3d449e54dd44b7e06e537922027684c05dec57b9

SHA256
04cfa604b80cf48d9fbb01a98dac87f53f8345209fd38800497c5edc51557552

SHA512
9e610ea5c1406ac0a5049100e0b41a935c6af72387a8fec3f101a6a85ec9fd1b3e657b18f6a2dd82b412a47d32687c81b2ed01476f63bf1b941102b882d2006c

Download Submit
C:\Windows\System\MJpLVie.exe

Filesize
6.0MB

MD5
335cb9b8b576c0a4cf31d0745254c883

SHA1
9da34c6ede14ea843bb235e2281762a433fd933c

SHA256
a48043767b1539dde00831cccb9ea8efd66bf6c3dbceb62d925af204c9185c82

SHA512
c72ce4f98aa4e94220289c2d2d9cc2d02b16c1ea8e0b11a135b15e61210a825d7de0dc91ee2fb6e31d94c002e8fe68f61365421f09bb244df4be13040512b8c8

Download Submit
C:\Windows\System\NIxvzXV.exe

Filesize
6.0MB

MD5
0176ebf496d23ee75981a5dd677efd97

SHA1
f1afd916c3aabb5a7fabb67b5fb7f05ede14a3c7

SHA256
565e590ce86b5ae29a916fd7492314be422424ab571866e23376f7be115010b0

SHA512
57e61791d58e33e891799ec8a68d54b4ea83da7d7aab47647fe673153e6944beec564696acf5a71747f172c691e1c2e40f2cce608747c2f93340a57b5362a740

Download Submit
C:\Windows\System\NMBCPxX.exe

Filesize
6.0MB

MD5
425b0c3a54b0c4fdc2f09690dc98d28e

SHA1
7e7f7e0dad938867573b1e6b5b9893be1204445b

SHA256
4a4a1ecd53d294fcb5711da6f71bf7cada8a88e5704dd154de42adcb2f212859

SHA512
34bc8393d52c51a7ccba80f0090d26687fb4652d969a7955d24a74f302cf5b6610a6ed89298d086d4dc96d56fc8da0061d35c367465ed0f9804bdc13058423e3

Download Submit
C:\Windows\System\NvKbEHc.exe

Filesize
6.0MB

MD5
7e6e611924d38b895799462291a25457

SHA1
41e527fa817c967b390b85ed0aac6ebd7f2c8888

SHA256
e4f7a152cad835f7d3658e9158b04fa089cf762526f4691f8730cba67953b991

SHA512
53322a71347aff2c0cd565ee20fe6c554087dba193ac4d28a8c075c901fc9b15a849de61c8210c035cd76970327539cdcfb5707a7f3a048645666f03bff80b38

Download Submit
C:\Windows\System\OVRxAhk.exe

Filesize
6.0MB

MD5
7563b7809ec243ac2e60430540134174

SHA1
a7838d664965ebc6b090f001d44a52ff2bd3f2b3

SHA256
3e0b76fa71119148e77e457cc492085ff649c1a8a134c32d9a7c94929f959196

SHA512
9994458faf2eefb87557de8c46a7463aa218542848b75c66bf8fb81e730750567f2639789fcf7872599ac2256ca14828daea346314d43f52473a88f88962c382

Download Submit
C:\Windows\System\QNeKjmg.exe

Filesize
6.0MB

MD5
7598c391b0a0558039c23e81b26da112

SHA1
4d03a3b4cde777d2b29e7896927b072961c40ddc

SHA256
f73b1aa5ab2b322854ebdaedea59ae658ee1b8da20d1cdbc678e432de8a04e36

SHA512
12492c344d86c6eb83dca9b1c77104b8c71b351de90f4c51405c2b3b54a9a875013aa1a002bc4efc576427a26005d1f499f5f533ab28483a479c21014561a00d

Download Submit
C:\Windows\System\WCYMdxp.exe

Filesize
6.0MB

MD5
dde25d05b42cfdfa9d4666faa5a66c94

SHA1
1b2c5750f2ac16bc1ecd38c8a0e051985fa4ea6e

SHA256
c7c4e51e84efbcf29141cc23bfb2b19a96754c03dd199ccb3d78a6335ccd470b

SHA512
6762c3ea59190a3a5558acfa94dc8c7445cf7f77a597786d57fddf7b9782ed9a120e4c17dfcd39af823f2f3b6d47eba309a0baeeb21902a880e8b483db44e47b

Download Submit
C:\Windows\System\aXGfIiq.exe

Filesize
6.0MB

MD5
bc35138ac7ba204afb6ba02079ed2a35

SHA1
b61efc097d471fa047d38c904468f624c5bc5ae5

SHA256
76c68492488a7fbdd11cc8e827b2bee8db6378803fd51438e71c92c4417b1a33

SHA512
810ee2973335751d629c2a6fc54d5545f73b9d5ac7e2c992a62c809f1b1240ba55bf3a154b860f3a2ebcad8f59cf6de597d14c45fb131fb0cbb4a2a73b7d0c70

Download Submit
C:\Windows\System\acmAMNK.exe

Filesize
6.0MB

MD5
eb2a7e20815c1a08e16ba2e7e1f8dba4

SHA1
b7b9d7f1996ff221caa00990be231b14ac79b38b

SHA256
55a54f650dd4b9eb6152187301032118af56cb8c85d165a63b31ae7e6347d628

SHA512
56bd2fa676bf37a76817be94a3d6b743943d8fdd34805570f87e9080a4f05040d3d640173e3ec085b2982c4ef286166ebd8c57ed91e005b4952d96ad2768660a

Download Submit
C:\Windows\System\cpeEDqb.exe

Filesize
6.0MB

MD5
d3450b618abd5d9c42a408fc8e954eac

SHA1
e12570df892245f5cf5271ef4abbca0e38f0c92a

SHA256
bf3b6399071d0e3214b2685910d75befbe85bae1652fc0aa804de14b934b8f8e

SHA512
568d5db8cb6f1088cb3261e7dbd489a66768ae4dd0783fde629055440cc2c0b7c85b7b81da51794d8edf6c91ef3871e5036bd770caeadb8fc44a3b00900f43c5

Download Submit
C:\Windows\System\dgPEHEq.exe

Filesize
6.0MB

MD5
a5a542bb8f853fa3fb697c7271627cd7

SHA1
43b084b3a6e5ceb2f479977ed6484d1c4305f0e1

SHA256
556933ac531360709ab48005c7b1b787638335ef0ba41190e4e8d48daff97ad1

SHA512
13c2e8b1d8d258819da6da0d1a2b966deda9da2c4c293129878e872579d1a1c745aa7dcade3932d43b76024ee21be938463c97fad24715c2b338c0340be01748

Download Submit
C:\Windows\System\eaLspsq.exe

Filesize
6.0MB

MD5
3795377e0b69ff5efcf4f22a2a4d645a

SHA1
cd940a2cf7e1b3e41989041bc2a2070da08547ba

SHA256
4a1c6d6ebb0d0f778a281eb2acd5ede9482ae714d1e6a77fc007a483ddbef5dc

SHA512
e78229690570d5d15d083ea56ff562d2e888272037d6fe9f7e42956f7d9fc07c9e4a9fb5fee7390bfffcb1013db56ff12afdfa0446aa4e6f303419a71e3a0af0

Download Submit
C:\Windows\System\fRSDzDM.exe

Filesize
6.0MB

MD5
2bb144cd87831bb5334e007c6c27ccd6

SHA1
b72b8d27f6e4611d3c130fea73ab58b926170751

SHA256
174095cd2f4d6077643d6b46f571489d50016684fcc9e85333a60f4039f4655e

SHA512
aed5003ad95192c01cc747ca54c36135d54b6f887667166a517c592d83822d8559230eecec70cdd483e52237a5ade4339d1db38d86fcc08bbf930224c993e36b

Download Submit
C:\Windows\System\gQbullk.exe

Filesize
6.0MB

MD5
67d1e1c60df689ec895bd5498d7b0a3a

SHA1
1540b9ebe74ec55ecd6cb3d83de0010d8eea1631

SHA256
5812dbe2cc9890031b323586c7bb7d2ec6b840911482f76c32d19c123e81a8ec

SHA512
729548efbf0f52b7db5a928192df22a867269709ef6a52582955550215554d50430b8705bafd3bb2bed8a9d476e731de434e0311dfcd78c23f59fd6be8a8d516

Download Submit
C:\Windows\System\hEZpyql.exe

Filesize
6.0MB

MD5
8c59a512e2c0e2fd99157ec3cc48e342

SHA1
257329752f9f5c24a86240f60e1f80620d80f638

SHA256
945b37e3d42b2f5aa5c21d7bac7bca43c0a25ee45d4abd9922354692429cad57

SHA512
74bd0f599960f56bb423c0d1e80c438058cb12b3c74cda25e23586d69cea5b646055ed269c8b09156e78b7ab8c89e99afd1babf8d5b22ad36d5c16ecc5f8718b

Download Submit
C:\Windows\System\iJRSIhy.exe

Filesize
6.0MB

MD5
61e614738b1410869eec051f0ab13e93

SHA1
e8942d018f03ff075b9ae881b423ef09a8d83a16

SHA256
9bf1fd881a31a1291ff6212be1bed65384e31f36d0b4bf8177c561b15a8056d4

SHA512
770a3470fe30da5aa5d14b9f64b60e75f28cbe9a1273de5b4c52c03fefa66f8aee2e5139e99728acf8b2f1ba98c7f197d9153ecd6d8a9e8d5104d6b9c9072e42

Download Submit
C:\Windows\System\oBRwcqg.exe

Filesize
6.0MB

MD5
3751a4338e3c084f91b8687b6c86a3fe

SHA1
9164eb0e326e83f2ab85cd76214202757c48bf37

SHA256
f36d0210c2965835c3b09e5b23647e390e7d62b320663a175cefd21cb199740c

SHA512
3d9fd95782e7b8216a41702dde528a4754cb99e7752b5ff40fba83a846324cfc2d6927b81847edde80808fe339ef3f721bee29daaa400854e395380ee1dfd63b

Download Submit
C:\Windows\System\oTQdFQw.exe

Filesize
6.0MB

MD5
08f1d0aec9eb22ec311c271bb20b184b

SHA1
2c8cbc6df0a77424b43b89b72bfada8327a94144

SHA256
811dc184a73183c54fcbb3360c996cd8d132b8762b927b53e84e11e6a05509d4

SHA512
f62a8125345b66596715154be38b15e1d0e425012b248058e141db0068f6b3b7a5b4a02de21b7689976d8efcfae2394d5b77c6ec7cacf291fcfb92c428ce104b

Download Submit
C:\Windows\System\oWhrakE.exe

Filesize
6.0MB

MD5
28eb01c2f4bf871428621950eb063c49

SHA1
2afbffcf95669a38faf15666605be2e3f47f7e6c

SHA256
daa9f2e957803c3f95c2c4f652d510e103b5376acee439b04518c1a80d9336ac

SHA512
205be9b693ceb9d4f53d77459ae99bd7fb0354b8ed9f9f8dc5831c53d4f8350b514e20aa2161be7a04fffaad3fca7c9e4c605f18c3a8aa0fba86306ff803e907

Download Submit
C:\Windows\System\puynwNu.exe

Filesize
6.0MB

MD5
661ffaf3dbc987cdb3f56cd21565506c

SHA1
5e617c8307de30114beb03d8d5cc44c4f23bf326

SHA256
f8b00a5dccb017c892b12895f7e57e947fabd0d3a9d02a22b1928db7a22838de

SHA512
d491958a93dce2618368a5ef3d0b6b9712d5fc9eb74240c873ec9f31a429a4d18c779f92bac1de2245c0a1f5225f54179d3075ec35686aafaa18e6cb8d32886b

Download Submit
C:\Windows\System\qqUZdJu.exe

Filesize
6.0MB

MD5
db365da03bf983730a1938bff5708b9b

SHA1
6c0edb118b5b9055a7c79c29fdbc8059504c0146

SHA256
6cd447be45fa1c21cade3024c114339f679e9bc38096d18e8d05431c238dc8c3

SHA512
ba9ba15e008bcecf8539c3242c8ceec1d8688ab3a66a979686f15b93a1296873dcc3d0ce918436f2e4a55ee492b186f03014f735aba5dbc0b966a29624916a2b

Download Submit
C:\Windows\System\tFzclyp.exe

Filesize
6.0MB

MD5
d65484ddd7d0afead78cce2be6c68f08

SHA1
2186db3ecfad39377ddd346d0958797d0de7a358

SHA256
f510c8b75da0328d8eceb0c135ee15d0fc6f78751e6c021d9633937da1b53751

SHA512
062894570733225e3f5f3d5185724b019d6dc289bcf5f4889b10b037dcee335f2c8193a97ce046ceb8572839dc9ae2af18f4ec9732378b0fa16185f6fd87e218

Download Submit
C:\Windows\System\tJrGASl.exe

Filesize
6.0MB

MD5
9f47855975e8b6a92dc4d49fc974bf09

SHA1
14514695a8cb7ac300fa61153fc3fb3ed0cd1b59

SHA256
34f9911b017e9da20c494555f8f847565199517cd091f0260ab6e91eac0a2fe0

SHA512
2904d6b1d25fa142f874605280bfc12a81b91550c283606d994269ebd2e6c19b0fcfcc11978b4ce2be871abaa0973d7164e4f1352d8c84d84ceba51d4637097a

Download Submit
C:\Windows\System\uUYhIXf.exe

Filesize
6.0MB

MD5
a0ad533d019e65d6048039380006d58e

SHA1
fd2d63ee787bf6e39d72c0ff1858cf777043abc2

SHA256
af1fb13a3cc0b6d81708ed2381bb9eb1df781f52ec0bd68aac35acc822d33d16

SHA512
b59f60f0901ac20779ee6241f26de0af89a3e181ae7dd287f5716ef1d2639759ad288c2aa917ffaff55cf9a24b679167639cd9bb00b9697877dc4246ca979c7b

Download Submit
C:\Windows\System\xQmWLGu.exe

Filesize
6.0MB

MD5
45348a183d818295282799d773db6ebe

SHA1
12a9e01c19b4ece72396802d3339022166192381

SHA256
01402edae89dd84e1d649738a74d16ae2cb6e1899518446e3c1bab52a087cf8c

SHA512
9960ad49b634e55539d3e48ea5ffd7f381e16880099b8288d945c73fbf0a392d4585d77ae3c23c841074ea10270232d3e4af0bda5f2bedf747ca31fc5fc8b595

Download Submit
memory/732-1575-0x00007FF7166F0000-0x00007FF716A44000-memory.dmp

Filesize
3.3MB

Download
memory/732-153-0x00007FF7166F0000-0x00007FF716A44000-memory.dmp

Filesize
3.3MB

Download
memory/868-1106-0x00007FF7B9FE0000-0x00007FF7BA334000-memory.dmp

Filesize
3.3MB

Download
memory/868-88-0x00007FF7B9FE0000-0x00007FF7BA334000-memory.dmp

Filesize
3.3MB

Download
memory/868-24-0x00007FF7B9FE0000-0x00007FF7BA334000-memory.dmp

Filesize
3.3MB

Download
memory/1208-67-0x00007FF6FACC0000-0x00007FF6FB014000-memory.dmp

Filesize
3.3MB

Download
memory/1208-1283-0x00007FF6FACC0000-0x00007FF6FB014000-memory.dmp

Filesize
3.3MB

Download
memory/1208-147-0x00007FF6FACC0000-0x00007FF6FB014000-memory.dmp

Filesize
3.3MB

Download
memory/1688-66-0x00007FF638C50000-0x00007FF638FA4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-7-0x00007FF638C50000-0x00007FF638FA4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-1061-0x00007FF638C50000-0x00007FF638FA4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-438-0x00007FF61A660000-0x00007FF61A9B4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-1593-0x00007FF61A660000-0x00007FF61A9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-49-0x00007FF6F3840000-0x00007FF6F3B94000-memory.dmp

Filesize
3.3MB

Download
memory/2032-106-0x00007FF6F3840000-0x00007FF6F3B94000-memory.dmp

Filesize
3.3MB

Download
memory/2032-1260-0x00007FF6F3840000-0x00007FF6F3B94000-memory.dmp

Filesize
3.3MB

Download
memory/2072-1588-0x00007FF7967E0000-0x00007FF796B34000-memory.dmp

Filesize
3.3MB

Download
memory/2072-267-0x00007FF7967E0000-0x00007FF796B34000-memory.dmp

Filesize
3.3MB

Download
memory/2072-811-0x00007FF7967E0000-0x00007FF796B34000-memory.dmp

Filesize
3.3MB

Download
memory/2116-113-0x00007FF755C70000-0x00007FF755FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1558-0x00007FF755C70000-0x00007FF755FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-542-0x00007FF755C70000-0x00007FF755FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-93-0x00007FF640890000-0x00007FF640BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-1300-0x00007FF640890000-0x00007FF640BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-173-0x00007FF640890000-0x00007FF640BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-152-0x00007FF759F90000-0x00007FF75A2E4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-1568-0x00007FF759F90000-0x00007FF75A2E4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1090-0x00007FF614EA0000-0x00007FF6151F4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-20-0x00007FF614EA0000-0x00007FF6151F4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-81-0x00007FF614EA0000-0x00007FF6151F4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-82-0x00007FF6A3F50000-0x00007FF6A42A4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-167-0x00007FF6A3F50000-0x00007FF6A42A4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-1287-0x00007FF6A3F50000-0x00007FF6A42A4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-808-0x00007FF6D41F0000-0x00007FF6D4544000-memory.dmp

Filesize
3.3MB

Download
memory/2968-1589-0x00007FF6D41F0000-0x00007FF6D4544000-memory.dmp

Filesize
3.3MB

Download
memory/2968-170-0x00007FF6D41F0000-0x00007FF6D4544000-memory.dmp

Filesize
3.3MB

Download
memory/3020-1-0x0000017DB9E20000-0x0000017DB9E30000-memory.dmp

Filesize
64KB

Download
memory/3020-0-0x00007FF668A70000-0x00007FF668DC4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-56-0x00007FF668A70000-0x00007FF668DC4000-memory.dmp

Filesize
3.3MB

Download
memory/3180-1563-0x00007FF617600000-0x00007FF617954000-memory.dmp

Filesize
3.3MB

Download
memory/3180-138-0x00007FF617600000-0x00007FF617954000-memory.dmp

Filesize
3.3MB

Download
memory/3580-1263-0x00007FF62EBD0000-0x00007FF62EF24000-memory.dmp

Filesize
3.3MB

Download
memory/3580-52-0x00007FF62EBD0000-0x00007FF62EF24000-memory.dmp

Filesize
3.3MB

Download
memory/3900-63-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp

Filesize
3.3MB

Download
memory/3900-1274-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp

Filesize
3.3MB

Download
memory/3956-1578-0x00007FF6D3B60000-0x00007FF6D3EB4000-memory.dmp

Filesize
3.3MB

Download
memory/3956-155-0x00007FF6D3B60000-0x00007FF6D3EB4000-memory.dmp

Filesize
3.3MB

Download
memory/3956-738-0x00007FF6D3B60000-0x00007FF6D3EB4000-memory.dmp

Filesize
3.3MB

Download
memory/3972-1302-0x00007FF6AF160000-0x00007FF6AF4B4000-memory.dmp

Filesize
3.3MB

Download
memory/3972-100-0x00007FF6AF160000-0x00007FF6AF4B4000-memory.dmp

Filesize
3.3MB

Download
memory/3972-437-0x00007FF6AF160000-0x00007FF6AF4B4000-memory.dmp

Filesize
3.3MB

Download
memory/4108-72-0x00007FF7AEDD0000-0x00007FF7AF124000-memory.dmp

Filesize
3.3MB

Download
memory/4108-14-0x00007FF7AEDD0000-0x00007FF7AF124000-memory.dmp

Filesize
3.3MB

Download
memory/4108-1069-0x00007FF7AEDD0000-0x00007FF7AF124000-memory.dmp

Filesize
3.3MB

Download
memory/4188-127-0x00007FF7AD670000-0x00007FF7AD9C4000-memory.dmp

Filesize
3.3MB

Download
memory/4188-618-0x00007FF7AD670000-0x00007FF7AD9C4000-memory.dmp

Filesize
3.3MB

Download
memory/4188-1569-0x00007FF7AD670000-0x00007FF7AD9C4000-memory.dmp

Filesize
3.3MB

Download
memory/4220-275-0x00007FF70FE80000-0x00007FF7101D4000-memory.dmp

Filesize
3.3MB

Download
memory/4220-1587-0x00007FF70FE80000-0x00007FF7101D4000-memory.dmp

Filesize
3.3MB

Download
memory/4280-1555-0x00007FF671430000-0x00007FF671784000-memory.dmp

Filesize
3.3MB

Download
memory/4280-126-0x00007FF671430000-0x00007FF671784000-memory.dmp

Filesize
3.3MB

Download
memory/4344-164-0x00007FF7841B0000-0x00007FF784504000-memory.dmp

Filesize
3.3MB

Download
memory/4344-75-0x00007FF7841B0000-0x00007FF784504000-memory.dmp

Filesize
3.3MB

Download
memory/4344-1285-0x00007FF7841B0000-0x00007FF784504000-memory.dmp

Filesize
3.3MB

Download
memory/4536-98-0x00007FF6DBAB0000-0x00007FF6DBE04000-memory.dmp

Filesize
3.3MB

Download
memory/4536-436-0x00007FF6DBAB0000-0x00007FF6DBE04000-memory.dmp

Filesize
3.3MB

Download
memory/4536-1301-0x00007FF6DBAB0000-0x00007FF6DBE04000-memory.dmp

Filesize
3.3MB

Download
memory/4696-1284-0x00007FF77ABA0000-0x00007FF77AEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4696-146-0x00007FF77ABA0000-0x00007FF77AEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4696-64-0x00007FF77ABA0000-0x00007FF77AEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4880-1579-0x00007FF65E610000-0x00007FF65E964000-memory.dmp

Filesize
3.3MB

Download
memory/4880-165-0x00007FF65E610000-0x00007FF65E964000-memory.dmp

Filesize
3.3MB

Download
memory/4908-158-0x00007FF7061C0000-0x00007FF706514000-memory.dmp

Filesize
3.3MB

Download
memory/4908-1580-0x00007FF7061C0000-0x00007FF706514000-memory.dmp

Filesize
3.3MB

Download
memory/4908-775-0x00007FF7061C0000-0x00007FF706514000-memory.dmp

Filesize
3.3MB

Download
memory/5004-36-0x00007FF644E30000-0x00007FF645184000-memory.dmp

Filesize
3.3MB

Download
memory/5004-101-0x00007FF644E30000-0x00007FF645184000-memory.dmp

Filesize
3.3MB

Download
memory/5004-1115-0x00007FF644E30000-0x00007FF645184000-memory.dmp

Filesize
3.3MB

Download
memory/5024-35-0x00007FF769C30000-0x00007FF769F84000-memory.dmp

Filesize
3.3MB

Download
memory/5024-91-0x00007FF769C30000-0x00007FF769F84000-memory.dmp

Filesize
3.3MB

Download
memory/5024-1111-0x00007FF769C30000-0x00007FF769F84000-memory.dmp

Filesize
3.3MB

Download