cobaltstrike | fd5f960d766659e05684e02e79bcdb5b8fad547f0b5b16978ea11588ec0c4c4e

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2024 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9234e8c905e6a8f61b0df32e21392070
SHA1

464e72b482c90b51faea47447f83cdb790408e19
SHA256

fd5f960d766659e05684e02e79bcdb5b8fad547f0b5b16978ea11588ec0c4c4e
SHA512

70d668e3db113e98ba8beff1a11a10163524049d2607d9fb9b211cd5364c89e1e5a3ddcdbcf57b00b82762e1e67238694f500356c8edcd1dab42eab818163f4c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b08-4.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6b-11.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6c-9.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6d-22.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6e-29.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b70-37.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b68-52.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b71-49.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b72-60.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6f-40.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b73-66.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b74-73.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b75-82.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b76-85.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b77-92.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b78-98.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7b-108.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7c-118.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7d-121.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7e-129.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b7f-134.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b83-150.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b84-164.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b86-175.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b87-179.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b88-183.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8a-202.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b85-194.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b89-187.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b82-168.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b81-161.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b80-159.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7a-112.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3820-0-0x00007FF795940000-0x00007FF795C94000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b08-4.dat	xmrig
behavioral2/files/0x000a000000023b6b-11.dat	xmrig
behavioral2/files/0x000a000000023b6c-9.dat	xmrig
behavioral2/files/0x000a000000023b6d-22.dat	xmrig
behavioral2/memory/3924-24-0x00007FF62D2F0000-0x00007FF62D644000-memory.dmp	xmrig
behavioral2/memory/3508-15-0x00007FF72EDE0000-0x00007FF72F134000-memory.dmp	xmrig
behavioral2/memory/3756-10-0x00007FF7219D0000-0x00007FF721D24000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b6e-29.dat	xmrig
behavioral2/memory/3848-30-0x00007FF7C5080000-0x00007FF7C53D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b70-37.dat	xmrig
behavioral2/memory/2068-41-0x00007FF7A5040000-0x00007FF7A5394000-memory.dmp	xmrig
behavioral2/memory/552-48-0x00007FF6B2890000-0x00007FF6B2BE4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b68-52.dat	xmrig
behavioral2/files/0x000a000000023b71-49.dat	xmrig
behavioral2/memory/2024-59-0x00007FF71F540000-0x00007FF71F894000-memory.dmp	xmrig
behavioral2/memory/1248-62-0x00007FF6D29A0000-0x00007FF6D2CF4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b72-60.dat	xmrig
behavioral2/memory/2932-45-0x00007FF6CC020000-0x00007FF6CC374000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b6f-40.dat	xmrig
behavioral2/memory/3416-28-0x00007FF6E9400000-0x00007FF6E9754000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b73-66.dat	xmrig
behavioral2/memory/1568-70-0x00007FF778380000-0x00007FF7786D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b74-73.dat	xmrig
behavioral2/memory/3508-77-0x00007FF72EDE0000-0x00007FF72F134000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b75-82.dat	xmrig
behavioral2/memory/3756-69-0x00007FF7219D0000-0x00007FF721D24000-memory.dmp	xmrig
behavioral2/memory/3820-64-0x00007FF795940000-0x00007FF795C94000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b76-85.dat	xmrig
behavioral2/memory/2168-89-0x00007FF7ADA40000-0x00007FF7ADD94000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b77-92.dat	xmrig
behavioral2/memory/4144-93-0x00007FF76C9A0000-0x00007FF76CCF4000-memory.dmp	xmrig
behavioral2/memory/3460-95-0x00007FF7180F0000-0x00007FF718444000-memory.dmp	xmrig
behavioral2/memory/1556-91-0x00007FF77A650000-0x00007FF77A9A4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b78-98.dat	xmrig
behavioral2/memory/2932-103-0x00007FF6CC020000-0x00007FF6CC374000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7b-108.dat	xmrig
behavioral2/memory/4664-111-0x00007FF63DFE0000-0x00007FF63E334000-memory.dmp	xmrig
behavioral2/memory/2068-117-0x00007FF7A5040000-0x00007FF7A5394000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7c-118.dat	xmrig
behavioral2/files/0x000a000000023b7d-121.dat	xmrig
behavioral2/files/0x000a000000023b7e-129.dat	xmrig
behavioral2/files/0x0031000000023b7f-134.dat	xmrig
behavioral2/memory/2024-141-0x00007FF71F540000-0x00007FF71F894000-memory.dmp	xmrig
behavioral2/memory/4804-145-0x00007FF7CAED0000-0x00007FF7CB224000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b83-150.dat	xmrig
behavioral2/files/0x000a000000023b84-164.dat	xmrig
behavioral2/memory/1248-169-0x00007FF6D29A0000-0x00007FF6D2CF4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b86-175.dat	xmrig
behavioral2/files/0x000a000000023b87-179.dat	xmrig
behavioral2/files/0x000a000000023b88-183.dat	xmrig
behavioral2/files/0x000a000000023b8a-202.dat	xmrig
behavioral2/memory/1568-293-0x00007FF778380000-0x00007FF7786D4000-memory.dmp	xmrig
behavioral2/memory/1556-340-0x00007FF77A650000-0x00007FF77A9A4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b85-194.dat	xmrig
behavioral2/files/0x000a000000023b89-187.dat	xmrig
behavioral2/memory/1976-186-0x00007FF655BD0000-0x00007FF655F24000-memory.dmp	xmrig
behavioral2/memory/4456-182-0x00007FF7A69E0000-0x00007FF7A6D34000-memory.dmp	xmrig
behavioral2/memory/60-178-0x00007FF638610000-0x00007FF638964000-memory.dmp	xmrig
behavioral2/memory/2424-174-0x00007FF77E680000-0x00007FF77E9D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b82-168.dat	xmrig
behavioral2/memory/3236-165-0x00007FF622060000-0x00007FF6223B4000-memory.dmp	xmrig
behavioral2/files/0x0031000000023b81-161.dat	xmrig
behavioral2/files/0x0031000000023b80-159.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3756	nPbrqmY.exe
3508	hxlAbAX.exe
3924	UHGUnUW.exe
3416	thfxYyN.exe
3848	bAvvErm.exe
2068	XGpsrsT.exe
2932	AJYYjUY.exe
552	wdbAMxY.exe
2024	VEpRxDx.exe
1248	LcpEmJd.exe
1568	fqTrfII.exe
2168	QSgCeXh.exe
4144	zMyVMIm.exe
3460	VvjcSpR.exe
1556	npCzCRx.exe
3892	rReFkDm.exe
4664	LcPuzWF.exe
1668	kFcNeMF.exe
2924	ZbqfjJF.exe
748	ZqFXDaL.exe
4804	GmhXIfE.exe
4560	FhZbRIX.exe
1704	ZiomnVX.exe
3360	WhbYyMN.exe
3236	LVcehYY.exe
2424	TBnbDqb.exe
60	ELHonhm.exe
4456	TzHnRJD.exe
1976	CxdhUHz.exe
2332	INnqHUl.exe
4532	RuhNYaT.exe
1772	Vamqpep.exe
4852	QtKCdAS.exe
4668	RgkuteV.exe
2028	Lgyayrh.exe
1264	oTVqDwd.exe
4604	FOpeoNM.exe
4360	fkcPIun.exe
4200	RjSTyoa.exe
2692	vCyrVBH.exe
1156	ALtbNrc.exe
4528	JIdayOt.exe
3748	RPlAnlq.exe
3420	YFHFtqT.exe
4412	nvRzSZT.exe
2708	aArHjit.exe
2532	sqEfVTf.exe
348	bQQICXR.exe
3784	fBxyzDh.exe
1972	BcpgGyt.exe
3228	QkBXsvj.exe
2088	wEaUXRn.exe
3384	gFuBtaY.exe
3320	zPjUiJe.exe
376	drGCfvk.exe
3020	tppTYMq.exe
4472	IDCfhPQ.exe
2328	blUXPEo.exe
3468	cAdlWWV.exe
2508	BeQpOAW.exe
4224	jgWEJPa.exe
2164	dcbKZyl.exe
1460	ZfyUjEM.exe
2996	EaObpvp.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3820-0-0x00007FF795940000-0x00007FF795C94000-memory.dmp	upx
behavioral2/files/0x000c000000023b08-4.dat	upx
behavioral2/files/0x000a000000023b6b-11.dat	upx
behavioral2/files/0x000a000000023b6c-9.dat	upx
behavioral2/files/0x000a000000023b6d-22.dat	upx
behavioral2/memory/3924-24-0x00007FF62D2F0000-0x00007FF62D644000-memory.dmp	upx
behavioral2/memory/3508-15-0x00007FF72EDE0000-0x00007FF72F134000-memory.dmp	upx
behavioral2/memory/3756-10-0x00007FF7219D0000-0x00007FF721D24000-memory.dmp	upx
behavioral2/files/0x000a000000023b6e-29.dat	upx
behavioral2/memory/3848-30-0x00007FF7C5080000-0x00007FF7C53D4000-memory.dmp	upx
behavioral2/files/0x000a000000023b70-37.dat	upx
behavioral2/memory/2068-41-0x00007FF7A5040000-0x00007FF7A5394000-memory.dmp	upx
behavioral2/memory/552-48-0x00007FF6B2890000-0x00007FF6B2BE4000-memory.dmp	upx
behavioral2/files/0x000b000000023b68-52.dat	upx
behavioral2/files/0x000a000000023b71-49.dat	upx
behavioral2/memory/2024-59-0x00007FF71F540000-0x00007FF71F894000-memory.dmp	upx
behavioral2/memory/1248-62-0x00007FF6D29A0000-0x00007FF6D2CF4000-memory.dmp	upx
behavioral2/files/0x000a000000023b72-60.dat	upx
behavioral2/memory/2932-45-0x00007FF6CC020000-0x00007FF6CC374000-memory.dmp	upx
behavioral2/files/0x000a000000023b6f-40.dat	upx
behavioral2/memory/3416-28-0x00007FF6E9400000-0x00007FF6E9754000-memory.dmp	upx
behavioral2/files/0x000a000000023b73-66.dat	upx
behavioral2/memory/1568-70-0x00007FF778380000-0x00007FF7786D4000-memory.dmp	upx
behavioral2/files/0x000a000000023b74-73.dat	upx
behavioral2/memory/3508-77-0x00007FF72EDE0000-0x00007FF72F134000-memory.dmp	upx
behavioral2/files/0x000a000000023b75-82.dat	upx
behavioral2/memory/3756-69-0x00007FF7219D0000-0x00007FF721D24000-memory.dmp	upx
behavioral2/memory/3820-64-0x00007FF795940000-0x00007FF795C94000-memory.dmp	upx
behavioral2/files/0x000a000000023b76-85.dat	upx
behavioral2/memory/2168-89-0x00007FF7ADA40000-0x00007FF7ADD94000-memory.dmp	upx
behavioral2/files/0x000a000000023b77-92.dat	upx
behavioral2/memory/4144-93-0x00007FF76C9A0000-0x00007FF76CCF4000-memory.dmp	upx
behavioral2/memory/3460-95-0x00007FF7180F0000-0x00007FF718444000-memory.dmp	upx
behavioral2/memory/1556-91-0x00007FF77A650000-0x00007FF77A9A4000-memory.dmp	upx
behavioral2/files/0x000a000000023b78-98.dat	upx
behavioral2/memory/2932-103-0x00007FF6CC020000-0x00007FF6CC374000-memory.dmp	upx
behavioral2/files/0x000a000000023b7b-108.dat	upx
behavioral2/memory/4664-111-0x00007FF63DFE0000-0x00007FF63E334000-memory.dmp	upx
behavioral2/memory/2068-117-0x00007FF7A5040000-0x00007FF7A5394000-memory.dmp	upx
behavioral2/files/0x000a000000023b7c-118.dat	upx
behavioral2/files/0x000a000000023b7d-121.dat	upx
behavioral2/files/0x000a000000023b7e-129.dat	upx
behavioral2/files/0x0031000000023b7f-134.dat	upx
behavioral2/memory/2024-141-0x00007FF71F540000-0x00007FF71F894000-memory.dmp	upx
behavioral2/memory/4804-145-0x00007FF7CAED0000-0x00007FF7CB224000-memory.dmp	upx
behavioral2/files/0x000a000000023b83-150.dat	upx
behavioral2/files/0x000a000000023b84-164.dat	upx
behavioral2/memory/1248-169-0x00007FF6D29A0000-0x00007FF6D2CF4000-memory.dmp	upx
behavioral2/files/0x000a000000023b86-175.dat	upx
behavioral2/files/0x000a000000023b87-179.dat	upx
behavioral2/files/0x000a000000023b88-183.dat	upx
behavioral2/files/0x000a000000023b8a-202.dat	upx
behavioral2/memory/1568-293-0x00007FF778380000-0x00007FF7786D4000-memory.dmp	upx
behavioral2/memory/1556-340-0x00007FF77A650000-0x00007FF77A9A4000-memory.dmp	upx
behavioral2/files/0x000a000000023b85-194.dat	upx
behavioral2/files/0x000a000000023b89-187.dat	upx
behavioral2/memory/1976-186-0x00007FF655BD0000-0x00007FF655F24000-memory.dmp	upx
behavioral2/memory/4456-182-0x00007FF7A69E0000-0x00007FF7A6D34000-memory.dmp	upx
behavioral2/memory/60-178-0x00007FF638610000-0x00007FF638964000-memory.dmp	upx
behavioral2/memory/2424-174-0x00007FF77E680000-0x00007FF77E9D4000-memory.dmp	upx
behavioral2/files/0x000a000000023b82-168.dat	upx
behavioral2/memory/3236-165-0x00007FF622060000-0x00007FF6223B4000-memory.dmp	upx
behavioral2/files/0x0031000000023b81-161.dat	upx
behavioral2/files/0x0031000000023b80-159.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\aqLMRSS.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdziNCS.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJIQoLM.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PDVagEf.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKEYBhf.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LsKJbDU.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\McrUdAp.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cLrAWik.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\muKzeuL.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNsJScn.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSmkczk.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pswtaDl.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\svdBWOr.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylKGTxo.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZDcSAh.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhjkbeM.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPlAnlq.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTskRQD.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovfPYJJ.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vEdarwa.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adYVAqC.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iiKYMlQ.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMZsbQT.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNnTtkn.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovtbdho.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcZXVCG.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOjxnDX.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNLlzcg.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMDroLm.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PvdoGWN.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aNOPIzz.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVuoTIz.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRYbgVE.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSoiTLG.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UapMuDO.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KwCUSET.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdlkDoZ.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kuPGkEJ.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YoBXUfz.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Qjbtsmy.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpLfpKE.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkAZePs.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXwykeI.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UUDmezN.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EziocRJ.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qAvScIM.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdqBkMD.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eaneLEB.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RnxZPLu.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ndESZoe.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRpYcuO.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZFjFOcS.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSXrjki.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dkRItHa.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRwApHy.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHgxztU.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ghxCWis.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egTYbue.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwsgMeh.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCrYjTc.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\smKdzCR.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYapHwU.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hHeQJiF.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAseocn.exe	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3820 wrote to memory of 3756	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3820 wrote to memory of 3756	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3820 wrote to memory of 3508	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3820 wrote to memory of 3508	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3820 wrote to memory of 3924	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3820 wrote to memory of 3924	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3820 wrote to memory of 3416	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3820 wrote to memory of 3416	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3820 wrote to memory of 3848	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3820 wrote to memory of 3848	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3820 wrote to memory of 2068	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3820 wrote to memory of 2068	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3820 wrote to memory of 2932	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3820 wrote to memory of 2932	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3820 wrote to memory of 552	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3820 wrote to memory of 552	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3820 wrote to memory of 2024	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3820 wrote to memory of 2024	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3820 wrote to memory of 1248	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3820 wrote to memory of 1248	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3820 wrote to memory of 1568	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3820 wrote to memory of 1568	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3820 wrote to memory of 2168	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3820 wrote to memory of 2168	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3820 wrote to memory of 4144	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3820 wrote to memory of 4144	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3820 wrote to memory of 3460	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3820 wrote to memory of 3460	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3820 wrote to memory of 1556	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3820 wrote to memory of 1556	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3820 wrote to memory of 3892	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3820 wrote to memory of 3892	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3820 wrote to memory of 4664	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3820 wrote to memory of 4664	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3820 wrote to memory of 1668	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3820 wrote to memory of 1668	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3820 wrote to memory of 2924	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3820 wrote to memory of 2924	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3820 wrote to memory of 748	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3820 wrote to memory of 748	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3820 wrote to memory of 4804	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3820 wrote to memory of 4804	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3820 wrote to memory of 4560	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3820 wrote to memory of 4560	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3820 wrote to memory of 1704	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3820 wrote to memory of 1704	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3820 wrote to memory of 3360	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3820 wrote to memory of 3360	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3820 wrote to memory of 3236	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3820 wrote to memory of 3236	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3820 wrote to memory of 2424	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3820 wrote to memory of 2424	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3820 wrote to memory of 60	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3820 wrote to memory of 60	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3820 wrote to memory of 4456	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3820 wrote to memory of 4456	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3820 wrote to memory of 1976	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3820 wrote to memory of 1976	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3820 wrote to memory of 2332	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3820 wrote to memory of 2332	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3820 wrote to memory of 4532	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3820 wrote to memory of 4532	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3820 wrote to memory of 1772	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3820 wrote to memory of 1772	3820	2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe	117

C:\Users\Admin\AppData\Local\Temp\2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-18_9234e8c905e6a8f61b0df32e21392070_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3820
- C:\Windows\System\nPbrqmY.exe
  C:\Windows\System\nPbrqmY.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\hxlAbAX.exe
  C:\Windows\System\hxlAbAX.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\UHGUnUW.exe
  C:\Windows\System\UHGUnUW.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\thfxYyN.exe
  C:\Windows\System\thfxYyN.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\bAvvErm.exe
  C:\Windows\System\bAvvErm.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\XGpsrsT.exe
  C:\Windows\System\XGpsrsT.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\AJYYjUY.exe
  C:\Windows\System\AJYYjUY.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\wdbAMxY.exe
  C:\Windows\System\wdbAMxY.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\VEpRxDx.exe
  C:\Windows\System\VEpRxDx.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\LcpEmJd.exe
  C:\Windows\System\LcpEmJd.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\fqTrfII.exe
  C:\Windows\System\fqTrfII.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\QSgCeXh.exe
  C:\Windows\System\QSgCeXh.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\zMyVMIm.exe
  C:\Windows\System\zMyVMIm.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\VvjcSpR.exe
  C:\Windows\System\VvjcSpR.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\npCzCRx.exe
  C:\Windows\System\npCzCRx.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\rReFkDm.exe
  C:\Windows\System\rReFkDm.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\LcPuzWF.exe
  C:\Windows\System\LcPuzWF.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\kFcNeMF.exe
  C:\Windows\System\kFcNeMF.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\ZbqfjJF.exe
  C:\Windows\System\ZbqfjJF.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\ZqFXDaL.exe
  C:\Windows\System\ZqFXDaL.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\GmhXIfE.exe
  C:\Windows\System\GmhXIfE.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\FhZbRIX.exe
  C:\Windows\System\FhZbRIX.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\ZiomnVX.exe
  C:\Windows\System\ZiomnVX.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\WhbYyMN.exe
  C:\Windows\System\WhbYyMN.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\LVcehYY.exe
  C:\Windows\System\LVcehYY.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\TBnbDqb.exe
  C:\Windows\System\TBnbDqb.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\ELHonhm.exe
  C:\Windows\System\ELHonhm.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\TzHnRJD.exe
  C:\Windows\System\TzHnRJD.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\CxdhUHz.exe
  C:\Windows\System\CxdhUHz.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\INnqHUl.exe
  C:\Windows\System\INnqHUl.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\RuhNYaT.exe
  C:\Windows\System\RuhNYaT.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\Vamqpep.exe
  C:\Windows\System\Vamqpep.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\QtKCdAS.exe
  C:\Windows\System\QtKCdAS.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\RgkuteV.exe
  C:\Windows\System\RgkuteV.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\Lgyayrh.exe
  C:\Windows\System\Lgyayrh.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\oTVqDwd.exe
  C:\Windows\System\oTVqDwd.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\FOpeoNM.exe
  C:\Windows\System\FOpeoNM.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\fkcPIun.exe
  C:\Windows\System\fkcPIun.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\RjSTyoa.exe
  C:\Windows\System\RjSTyoa.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\vCyrVBH.exe
  C:\Windows\System\vCyrVBH.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ALtbNrc.exe
  C:\Windows\System\ALtbNrc.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\JIdayOt.exe
  C:\Windows\System\JIdayOt.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\RPlAnlq.exe
  C:\Windows\System\RPlAnlq.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\YFHFtqT.exe
  C:\Windows\System\YFHFtqT.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\nvRzSZT.exe
  C:\Windows\System\nvRzSZT.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\aArHjit.exe
  C:\Windows\System\aArHjit.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\sqEfVTf.exe
  C:\Windows\System\sqEfVTf.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\bQQICXR.exe
  C:\Windows\System\bQQICXR.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\fBxyzDh.exe
  C:\Windows\System\fBxyzDh.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\BcpgGyt.exe
  C:\Windows\System\BcpgGyt.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\QkBXsvj.exe
  C:\Windows\System\QkBXsvj.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\wEaUXRn.exe
  C:\Windows\System\wEaUXRn.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\gFuBtaY.exe
  C:\Windows\System\gFuBtaY.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\zPjUiJe.exe
  C:\Windows\System\zPjUiJe.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\drGCfvk.exe
  C:\Windows\System\drGCfvk.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\tppTYMq.exe
  C:\Windows\System\tppTYMq.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\IDCfhPQ.exe
  C:\Windows\System\IDCfhPQ.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\blUXPEo.exe
  C:\Windows\System\blUXPEo.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\cAdlWWV.exe
  C:\Windows\System\cAdlWWV.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\BeQpOAW.exe
  C:\Windows\System\BeQpOAW.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\jgWEJPa.exe
  C:\Windows\System\jgWEJPa.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\dcbKZyl.exe
  C:\Windows\System\dcbKZyl.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\ZfyUjEM.exe
  C:\Windows\System\ZfyUjEM.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\EaObpvp.exe
  C:\Windows\System\EaObpvp.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\UusmXKm.exe
  C:\Windows\System\UusmXKm.exe
  2⤵
  PID:4880
- C:\Windows\System\fnAjXtv.exe
  C:\Windows\System\fnAjXtv.exe
  2⤵
  PID:3452
- C:\Windows\System\uEfvddA.exe
  C:\Windows\System\uEfvddA.exe
  2⤵
  PID:1764
- C:\Windows\System\SMVdomU.exe
  C:\Windows\System\SMVdomU.exe
  2⤵
  PID:3788
- C:\Windows\System\kXRcLCa.exe
  C:\Windows\System\kXRcLCa.exe
  2⤵
  PID:1092
- C:\Windows\System\dNSDmXZ.exe
  C:\Windows\System\dNSDmXZ.exe
  2⤵
  PID:3576
- C:\Windows\System\DIDvzKa.exe
  C:\Windows\System\DIDvzKa.exe
  2⤵
  PID:2056
- C:\Windows\System\qhtfUjt.exe
  C:\Windows\System\qhtfUjt.exe
  2⤵
  PID:3808
- C:\Windows\System\YZiQxyO.exe
  C:\Windows\System\YZiQxyO.exe
  2⤵
  PID:5080
- C:\Windows\System\JRkRaVE.exe
  C:\Windows\System\JRkRaVE.exe
  2⤵
  PID:1052
- C:\Windows\System\szjKFZA.exe
  C:\Windows\System\szjKFZA.exe
  2⤵
  PID:1432
- C:\Windows\System\iCVgUkX.exe
  C:\Windows\System\iCVgUkX.exe
  2⤵
  PID:2740
- C:\Windows\System\eVexBiP.exe
  C:\Windows\System\eVexBiP.exe
  2⤵
  PID:1600
- C:\Windows\System\IhrOLqN.exe
  C:\Windows\System\IhrOLqN.exe
  2⤵
  PID:2912
- C:\Windows\System\pRyIrgE.exe
  C:\Windows\System\pRyIrgE.exe
  2⤵
  PID:2776
- C:\Windows\System\mXtWaoa.exe
  C:\Windows\System\mXtWaoa.exe
  2⤵
  PID:1048
- C:\Windows\System\YDAHiGp.exe
  C:\Windows\System\YDAHiGp.exe
  2⤵
  PID:2704
- C:\Windows\System\ZgaTrev.exe
  C:\Windows\System\ZgaTrev.exe
  2⤵
  PID:832
- C:\Windows\System\LOkDckb.exe
  C:\Windows\System\LOkDckb.exe
  2⤵
  PID:2412
- C:\Windows\System\HjRYXRr.exe
  C:\Windows\System\HjRYXRr.exe
  2⤵
  PID:3904
- C:\Windows\System\hAFDfeB.exe
  C:\Windows\System\hAFDfeB.exe
  2⤵
  PID:3564
- C:\Windows\System\zNLlzcg.exe
  C:\Windows\System\zNLlzcg.exe
  2⤵
  PID:1968
- C:\Windows\System\QTohelZ.exe
  C:\Windows\System\QTohelZ.exe
  2⤵
  PID:1552
- C:\Windows\System\CpEKfzH.exe
  C:\Windows\System\CpEKfzH.exe
  2⤵
  PID:3308
- C:\Windows\System\frKlxUR.exe
  C:\Windows\System\frKlxUR.exe
  2⤵
  PID:396
- C:\Windows\System\jwJxZEc.exe
  C:\Windows\System\jwJxZEc.exe
  2⤵
  PID:1860
- C:\Windows\System\bieuPQx.exe
  C:\Windows\System\bieuPQx.exe
  2⤵
  PID:5140
- C:\Windows\System\uUOliDl.exe
  C:\Windows\System\uUOliDl.exe
  2⤵
  PID:5176
- C:\Windows\System\zvXpnyW.exe
  C:\Windows\System\zvXpnyW.exe
  2⤵
  PID:5208
- C:\Windows\System\QcpsIXB.exe
  C:\Windows\System\QcpsIXB.exe
  2⤵
  PID:5264
- C:\Windows\System\LKGZIxO.exe
  C:\Windows\System\LKGZIxO.exe
  2⤵
  PID:5280
- C:\Windows\System\IQDlPbu.exe
  C:\Windows\System\IQDlPbu.exe
  2⤵
  PID:5300
- C:\Windows\System\AFugJbH.exe
  C:\Windows\System\AFugJbH.exe
  2⤵
  PID:5332
- C:\Windows\System\PqDuqXq.exe
  C:\Windows\System\PqDuqXq.exe
  2⤵
  PID:5404
- C:\Windows\System\fMrqEDQ.exe
  C:\Windows\System\fMrqEDQ.exe
  2⤵
  PID:5488
- C:\Windows\System\fopHRnd.exe
  C:\Windows\System\fopHRnd.exe
  2⤵
  PID:5540
- C:\Windows\System\QdNyxSU.exe
  C:\Windows\System\QdNyxSU.exe
  2⤵
  PID:5620
- C:\Windows\System\bZXSCUp.exe
  C:\Windows\System\bZXSCUp.exe
  2⤵
  PID:5652
- C:\Windows\System\fmSUYjO.exe
  C:\Windows\System\fmSUYjO.exe
  2⤵
  PID:5692
- C:\Windows\System\YJQTZLp.exe
  C:\Windows\System\YJQTZLp.exe
  2⤵
  PID:5736
- C:\Windows\System\TczMmCC.exe
  C:\Windows\System\TczMmCC.exe
  2⤵
  PID:5784
- C:\Windows\System\zzZTcQP.exe
  C:\Windows\System\zzZTcQP.exe
  2⤵
  PID:5816
- C:\Windows\System\HhClfYl.exe
  C:\Windows\System\HhClfYl.exe
  2⤵
  PID:5848
- C:\Windows\System\mQBNoYf.exe
  C:\Windows\System\mQBNoYf.exe
  2⤵
  PID:5884
- C:\Windows\System\BfUlQTx.exe
  C:\Windows\System\BfUlQTx.exe
  2⤵
  PID:5912
- C:\Windows\System\RlrUmvQ.exe
  C:\Windows\System\RlrUmvQ.exe
  2⤵
  PID:5944
- C:\Windows\System\kcXllla.exe
  C:\Windows\System\kcXllla.exe
  2⤵
  PID:5972
- C:\Windows\System\OXxAKZV.exe
  C:\Windows\System\OXxAKZV.exe
  2⤵
  PID:6008
- C:\Windows\System\LddwpWt.exe
  C:\Windows\System\LddwpWt.exe
  2⤵
  PID:6032
- C:\Windows\System\leTTnMD.exe
  C:\Windows\System\leTTnMD.exe
  2⤵
  PID:6068
- C:\Windows\System\eSDExrO.exe
  C:\Windows\System\eSDExrO.exe
  2⤵
  PID:6096
- C:\Windows\System\svdBWOr.exe
  C:\Windows\System\svdBWOr.exe
  2⤵
  PID:6112
- C:\Windows\System\cLrAWik.exe
  C:\Windows\System\cLrAWik.exe
  2⤵
  PID:5172
- C:\Windows\System\vETCTsG.exe
  C:\Windows\System\vETCTsG.exe
  2⤵
  PID:5252
- C:\Windows\System\MjiEoPs.exe
  C:\Windows\System\MjiEoPs.exe
  2⤵
  PID:5276
- C:\Windows\System\Zttfpnc.exe
  C:\Windows\System\Zttfpnc.exe
  2⤵
  PID:2196
- C:\Windows\System\QRdsxbW.exe
  C:\Windows\System\QRdsxbW.exe
  2⤵
  PID:5400
- C:\Windows\System\BZQQfQo.exe
  C:\Windows\System\BZQQfQo.exe
  2⤵
  PID:5516
- C:\Windows\System\xMDroLm.exe
  C:\Windows\System\xMDroLm.exe
  2⤵
  PID:4228
- C:\Windows\System\wSjpZve.exe
  C:\Windows\System\wSjpZve.exe
  2⤵
  PID:4216
- C:\Windows\System\rBgdHiF.exe
  C:\Windows\System\rBgdHiF.exe
  2⤵
  PID:5712
- C:\Windows\System\ViFbHdj.exe
  C:\Windows\System\ViFbHdj.exe
  2⤵
  PID:5772
- C:\Windows\System\dlhFyCK.exe
  C:\Windows\System\dlhFyCK.exe
  2⤵
  PID:5892
- C:\Windows\System\xdghUSZ.exe
  C:\Windows\System\xdghUSZ.exe
  2⤵
  PID:5936
- C:\Windows\System\yQbJWPO.exe
  C:\Windows\System\yQbJWPO.exe
  2⤵
  PID:5984
- C:\Windows\System\AIXAsqN.exe
  C:\Windows\System\AIXAsqN.exe
  2⤵
  PID:6040
- C:\Windows\System\WXMvfhE.exe
  C:\Windows\System\WXMvfhE.exe
  2⤵
  PID:6104
- C:\Windows\System\bvQOVHP.exe
  C:\Windows\System\bvQOVHP.exe
  2⤵
  PID:5864
- C:\Windows\System\cWqbWUY.exe
  C:\Windows\System\cWqbWUY.exe
  2⤵
  PID:4812
- C:\Windows\System\HAseocn.exe
  C:\Windows\System\HAseocn.exe
  2⤵
  PID:4160
- C:\Windows\System\hzjzNij.exe
  C:\Windows\System\hzjzNij.exe
  2⤵
  PID:5580
- C:\Windows\System\uLKcwhv.exe
  C:\Windows\System\uLKcwhv.exe
  2⤵
  PID:5868
- C:\Windows\System\vqYUvuF.exe
  C:\Windows\System\vqYUvuF.exe
  2⤵
  PID:784
- C:\Windows\System\IFdkHFM.exe
  C:\Windows\System\IFdkHFM.exe
  2⤵
  PID:6016
- C:\Windows\System\KiyzHOy.exe
  C:\Windows\System\KiyzHOy.exe
  2⤵
  PID:4976
- C:\Windows\System\ApzzkOI.exe
  C:\Windows\System\ApzzkOI.exe
  2⤵
  PID:2900
- C:\Windows\System\XwxTrkG.exe
  C:\Windows\System\XwxTrkG.exe
  2⤵
  PID:5964
- C:\Windows\System\LlUlnNN.exe
  C:\Windows\System\LlUlnNN.exe
  2⤵
  PID:5184
- C:\Windows\System\EkMyqcv.exe
  C:\Windows\System\EkMyqcv.exe
  2⤵
  PID:2084
- C:\Windows\System\CsnpnQc.exe
  C:\Windows\System\CsnpnQc.exe
  2⤵
  PID:6156
- C:\Windows\System\qAvScIM.exe
  C:\Windows\System\qAvScIM.exe
  2⤵
  PID:6180
- C:\Windows\System\oZAcxDe.exe
  C:\Windows\System\oZAcxDe.exe
  2⤵
  PID:6212
- C:\Windows\System\MDZGRbm.exe
  C:\Windows\System\MDZGRbm.exe
  2⤵
  PID:6240
- C:\Windows\System\GEWOhJr.exe
  C:\Windows\System\GEWOhJr.exe
  2⤵
  PID:6272
- C:\Windows\System\yLsUCkD.exe
  C:\Windows\System\yLsUCkD.exe
  2⤵
  PID:6300
- C:\Windows\System\REtDDVw.exe
  C:\Windows\System\REtDDVw.exe
  2⤵
  PID:6328
- C:\Windows\System\MLZlECS.exe
  C:\Windows\System\MLZlECS.exe
  2⤵
  PID:6360
- C:\Windows\System\ksUvEqm.exe
  C:\Windows\System\ksUvEqm.exe
  2⤵
  PID:6380
- C:\Windows\System\MlyBjxg.exe
  C:\Windows\System\MlyBjxg.exe
  2⤵
  PID:6416
- C:\Windows\System\OIXxUOL.exe
  C:\Windows\System\OIXxUOL.exe
  2⤵
  PID:6444
- C:\Windows\System\RSpIPTp.exe
  C:\Windows\System\RSpIPTp.exe
  2⤵
  PID:6472
- C:\Windows\System\dkRItHa.exe
  C:\Windows\System\dkRItHa.exe
  2⤵
  PID:6500
- C:\Windows\System\bHtCZdy.exe
  C:\Windows\System\bHtCZdy.exe
  2⤵
  PID:6532
- C:\Windows\System\ERPnfbF.exe
  C:\Windows\System\ERPnfbF.exe
  2⤵
  PID:6560
- C:\Windows\System\CyUOSOD.exe
  C:\Windows\System\CyUOSOD.exe
  2⤵
  PID:6592
- C:\Windows\System\qcHbBYU.exe
  C:\Windows\System\qcHbBYU.exe
  2⤵
  PID:6664
- C:\Windows\System\zpPcMjD.exe
  C:\Windows\System\zpPcMjD.exe
  2⤵
  PID:6716
- C:\Windows\System\GZNcuso.exe
  C:\Windows\System\GZNcuso.exe
  2⤵
  PID:6780
- C:\Windows\System\qtTMqjs.exe
  C:\Windows\System\qtTMqjs.exe
  2⤵
  PID:6812
- C:\Windows\System\uQjIOff.exe
  C:\Windows\System\uQjIOff.exe
  2⤵
  PID:6848
- C:\Windows\System\UOYtaaM.exe
  C:\Windows\System\UOYtaaM.exe
  2⤵
  PID:6888
- C:\Windows\System\XCABLvq.exe
  C:\Windows\System\XCABLvq.exe
  2⤵
  PID:6920
- C:\Windows\System\WRKyzvR.exe
  C:\Windows\System\WRKyzvR.exe
  2⤵
  PID:6936
- C:\Windows\System\nOxWFBP.exe
  C:\Windows\System\nOxWFBP.exe
  2⤵
  PID:6972
- C:\Windows\System\zkKOWzr.exe
  C:\Windows\System\zkKOWzr.exe
  2⤵
  PID:7000
- C:\Windows\System\EPRaDqx.exe
  C:\Windows\System\EPRaDqx.exe
  2⤵
  PID:7032
- C:\Windows\System\OdDBfzO.exe
  C:\Windows\System\OdDBfzO.exe
  2⤵
  PID:7056
- C:\Windows\System\IvUOdLO.exe
  C:\Windows\System\IvUOdLO.exe
  2⤵
  PID:7088
- C:\Windows\System\RNrMutg.exe
  C:\Windows\System\RNrMutg.exe
  2⤵
  PID:7124
- C:\Windows\System\IylVyvx.exe
  C:\Windows\System\IylVyvx.exe
  2⤵
  PID:7148
- C:\Windows\System\oJLzHdU.exe
  C:\Windows\System\oJLzHdU.exe
  2⤵
  PID:6108
- C:\Windows\System\ktUeaMx.exe
  C:\Windows\System\ktUeaMx.exe
  2⤵
  PID:5152
- C:\Windows\System\uxOnyfA.exe
  C:\Windows\System\uxOnyfA.exe
  2⤵
  PID:6264
- C:\Windows\System\zWURUlX.exe
  C:\Windows\System\zWURUlX.exe
  2⤵
  PID:6312
- C:\Windows\System\ViMcXeN.exe
  C:\Windows\System\ViMcXeN.exe
  2⤵
  PID:6400
- C:\Windows\System\typUHxH.exe
  C:\Windows\System\typUHxH.exe
  2⤵
  PID:6468
- C:\Windows\System\yHTBzmE.exe
  C:\Windows\System\yHTBzmE.exe
  2⤵
  PID:6528
- C:\Windows\System\jpItOAW.exe
  C:\Windows\System\jpItOAW.exe
  2⤵
  PID:4212
- C:\Windows\System\QKwZzJb.exe
  C:\Windows\System\QKwZzJb.exe
  2⤵
  PID:4500
- C:\Windows\System\CqNFGxM.exe
  C:\Windows\System\CqNFGxM.exe
  2⤵
  PID:6580
- C:\Windows\System\pnBigub.exe
  C:\Windows\System\pnBigub.exe
  2⤵
  PID:6704
- C:\Windows\System\JqPMsLJ.exe
  C:\Windows\System\JqPMsLJ.exe
  2⤵
  PID:2720
- C:\Windows\System\MhfAKYM.exe
  C:\Windows\System\MhfAKYM.exe
  2⤵
  PID:6880
- C:\Windows\System\LNzKFnJ.exe
  C:\Windows\System\LNzKFnJ.exe
  2⤵
  PID:6932
- C:\Windows\System\urREeFO.exe
  C:\Windows\System\urREeFO.exe
  2⤵
  PID:7008
- C:\Windows\System\ZHfgbGU.exe
  C:\Windows\System\ZHfgbGU.exe
  2⤵
  PID:7044
- C:\Windows\System\hKOGLCr.exe
  C:\Windows\System\hKOGLCr.exe
  2⤵
  PID:7120
- C:\Windows\System\MuWbQQK.exe
  C:\Windows\System\MuWbQQK.exe
  2⤵
  PID:6120
- C:\Windows\System\cKOlfaa.exe
  C:\Windows\System\cKOlfaa.exe
  2⤵
  PID:6268
- C:\Windows\System\CpJEIyz.exe
  C:\Windows\System\CpJEIyz.exe
  2⤵
  PID:6376
- C:\Windows\System\kHsnRpl.exe
  C:\Windows\System\kHsnRpl.exe
  2⤵
  PID:6540
- C:\Windows\System\EREfADF.exe
  C:\Windows\System\EREfADF.exe
  2⤵
  PID:4992
- C:\Windows\System\OgKBwqj.exe
  C:\Windows\System\OgKBwqj.exe
  2⤵
  PID:6732
- C:\Windows\System\hLTubuj.exe
  C:\Windows\System\hLTubuj.exe
  2⤵
  PID:6956
- C:\Windows\System\MVrLFDw.exe
  C:\Windows\System\MVrLFDw.exe
  2⤵
  PID:7096
- C:\Windows\System\gnTgwTq.exe
  C:\Windows\System\gnTgwTq.exe
  2⤵
  PID:7136
- C:\Windows\System\OagcLIM.exe
  C:\Windows\System\OagcLIM.exe
  2⤵
  PID:6340
- C:\Windows\System\OtbLoEJ.exe
  C:\Windows\System\OtbLoEJ.exe
  2⤵
  PID:7072
- C:\Windows\System\jbxOJLp.exe
  C:\Windows\System\jbxOJLp.exe
  2⤵
  PID:2204
- C:\Windows\System\WwTumad.exe
  C:\Windows\System\WwTumad.exe
  2⤵
  PID:6308
- C:\Windows\System\upvYkWm.exe
  C:\Windows\System\upvYkWm.exe
  2⤵
  PID:6844
- C:\Windows\System\iiKYMlQ.exe
  C:\Windows\System\iiKYMlQ.exe
  2⤵
  PID:7196
- C:\Windows\System\CXTEsGR.exe
  C:\Windows\System\CXTEsGR.exe
  2⤵
  PID:7224
- C:\Windows\System\ESMTVMb.exe
  C:\Windows\System\ESMTVMb.exe
  2⤵
  PID:7256
- C:\Windows\System\YifMrHv.exe
  C:\Windows\System\YifMrHv.exe
  2⤵
  PID:7292
- C:\Windows\System\FbkrilG.exe
  C:\Windows\System\FbkrilG.exe
  2⤵
  PID:7324
- C:\Windows\System\muKzeuL.exe
  C:\Windows\System\muKzeuL.exe
  2⤵
  PID:7348
- C:\Windows\System\tcpZNGa.exe
  C:\Windows\System\tcpZNGa.exe
  2⤵
  PID:7388
- C:\Windows\System\hgKBBCP.exe
  C:\Windows\System\hgKBBCP.exe
  2⤵
  PID:7412
- C:\Windows\System\vWIKxME.exe
  C:\Windows\System\vWIKxME.exe
  2⤵
  PID:7440
- C:\Windows\System\AuLVkZe.exe
  C:\Windows\System\AuLVkZe.exe
  2⤵
  PID:7460
- C:\Windows\System\lEkeVFC.exe
  C:\Windows\System\lEkeVFC.exe
  2⤵
  PID:7492
- C:\Windows\System\kOHdapf.exe
  C:\Windows\System\kOHdapf.exe
  2⤵
  PID:7524
- C:\Windows\System\fXQsDbC.exe
  C:\Windows\System\fXQsDbC.exe
  2⤵
  PID:7556
- C:\Windows\System\mQXUPyy.exe
  C:\Windows\System\mQXUPyy.exe
  2⤵
  PID:7580
- C:\Windows\System\lzmvPUq.exe
  C:\Windows\System\lzmvPUq.exe
  2⤵
  PID:7616
- C:\Windows\System\YoBXUfz.exe
  C:\Windows\System\YoBXUfz.exe
  2⤵
  PID:7648
- C:\Windows\System\QDSuEcr.exe
  C:\Windows\System\QDSuEcr.exe
  2⤵
  PID:7688
- C:\Windows\System\YBnIeJk.exe
  C:\Windows\System\YBnIeJk.exe
  2⤵
  PID:7728
- C:\Windows\System\aqOEvgr.exe
  C:\Windows\System\aqOEvgr.exe
  2⤵
  PID:7752
- C:\Windows\System\zBJYoIf.exe
  C:\Windows\System\zBJYoIf.exe
  2⤵
  PID:7772
- C:\Windows\System\cCPlaUz.exe
  C:\Windows\System\cCPlaUz.exe
  2⤵
  PID:7800
- C:\Windows\System\skOBBXq.exe
  C:\Windows\System\skOBBXq.exe
  2⤵
  PID:7840
- C:\Windows\System\ZhpBAJx.exe
  C:\Windows\System\ZhpBAJx.exe
  2⤵
  PID:7880
- C:\Windows\System\HIhySBS.exe
  C:\Windows\System\HIhySBS.exe
  2⤵
  PID:7908
- C:\Windows\System\vfWZSgm.exe
  C:\Windows\System\vfWZSgm.exe
  2⤵
  PID:7932
- C:\Windows\System\gIjkwhY.exe
  C:\Windows\System\gIjkwhY.exe
  2⤵
  PID:7964
- C:\Windows\System\QdBrtOP.exe
  C:\Windows\System\QdBrtOP.exe
  2⤵
  PID:7996
- C:\Windows\System\CASBjKc.exe
  C:\Windows\System\CASBjKc.exe
  2⤵
  PID:8028
- C:\Windows\System\mYDfaHl.exe
  C:\Windows\System\mYDfaHl.exe
  2⤵
  PID:8056
- C:\Windows\System\ALvsriX.exe
  C:\Windows\System\ALvsriX.exe
  2⤵
  PID:8080
- C:\Windows\System\SugHwrk.exe
  C:\Windows\System\SugHwrk.exe
  2⤵
  PID:8112
- C:\Windows\System\wNwyPOg.exe
  C:\Windows\System\wNwyPOg.exe
  2⤵
  PID:8140
- C:\Windows\System\nyjWZUp.exe
  C:\Windows\System\nyjWZUp.exe
  2⤵
  PID:8156
- C:\Windows\System\JWUJcax.exe
  C:\Windows\System\JWUJcax.exe
  2⤵
  PID:4936
- C:\Windows\System\fcnwqOX.exe
  C:\Windows\System\fcnwqOX.exe
  2⤵
  PID:7216
- C:\Windows\System\CQNSFlG.exe
  C:\Windows\System\CQNSFlG.exe
  2⤵
  PID:4612
- C:\Windows\System\PnMymeo.exe
  C:\Windows\System\PnMymeo.exe
  2⤵
  PID:5064
- C:\Windows\System\DzEOMcC.exe
  C:\Windows\System\DzEOMcC.exe
  2⤵
  PID:1164
- C:\Windows\System\OcGuCFt.exe
  C:\Windows\System\OcGuCFt.exe
  2⤵
  PID:212
- C:\Windows\System\XxDJIuu.exe
  C:\Windows\System\XxDJIuu.exe
  2⤵
  PID:7356
- C:\Windows\System\UVCAnZN.exe
  C:\Windows\System\UVCAnZN.exe
  2⤵
  PID:7428
- C:\Windows\System\cSOwghd.exe
  C:\Windows\System\cSOwghd.exe
  2⤵
  PID:7488
- C:\Windows\System\ploSPUV.exe
  C:\Windows\System\ploSPUV.exe
  2⤵
  PID:7548
- C:\Windows\System\lUqRhmj.exe
  C:\Windows\System\lUqRhmj.exe
  2⤵
  PID:7600
- C:\Windows\System\bBByxKT.exe
  C:\Windows\System\bBByxKT.exe
  2⤵
  PID:7704
- C:\Windows\System\dkToMkI.exe
  C:\Windows\System\dkToMkI.exe
  2⤵
  PID:7784
- C:\Windows\System\mpVcXhH.exe
  C:\Windows\System\mpVcXhH.exe
  2⤵
  PID:7812
- C:\Windows\System\ffVqwXX.exe
  C:\Windows\System\ffVqwXX.exe
  2⤵
  PID:7876
- C:\Windows\System\lobZOtg.exe
  C:\Windows\System\lobZOtg.exe
  2⤵
  PID:7940
- C:\Windows\System\aLPkKkr.exe
  C:\Windows\System\aLPkKkr.exe
  2⤵
  PID:7980
- C:\Windows\System\VEKaUGL.exe
  C:\Windows\System\VEKaUGL.exe
  2⤵
  PID:8048
- C:\Windows\System\VTnBeSZ.exe
  C:\Windows\System\VTnBeSZ.exe
  2⤵
  PID:8108
- C:\Windows\System\fhKGZef.exe
  C:\Windows\System\fhKGZef.exe
  2⤵
  PID:5360
- C:\Windows\System\kdqBkMD.exe
  C:\Windows\System\kdqBkMD.exe
  2⤵
  PID:2700
- C:\Windows\System\JnRlGrG.exe
  C:\Windows\System\JnRlGrG.exe
  2⤵
  PID:7304
- C:\Windows\System\hLVVnLf.exe
  C:\Windows\System\hLVVnLf.exe
  2⤵
  PID:7368
- C:\Windows\System\cOgTtOz.exe
  C:\Windows\System\cOgTtOz.exe
  2⤵
  PID:7572
- C:\Windows\System\jUxTceY.exe
  C:\Windows\System\jUxTceY.exe
  2⤵
  PID:7724
- C:\Windows\System\gczOkIW.exe
  C:\Windows\System\gczOkIW.exe
  2⤵
  PID:8008
- C:\Windows\System\CKIcloq.exe
  C:\Windows\System\CKIcloq.exe
  2⤵
  PID:2448
- C:\Windows\System\lcfcdPH.exe
  C:\Windows\System\lcfcdPH.exe
  2⤵
  PID:7336
- C:\Windows\System\utSIXDB.exe
  C:\Windows\System\utSIXDB.exe
  2⤵
  PID:7676
- C:\Windows\System\wezmSTF.exe
  C:\Windows\System\wezmSTF.exe
  2⤵
  PID:7480
- C:\Windows\System\PgokCPD.exe
  C:\Windows\System\PgokCPD.exe
  2⤵
  PID:8096
- C:\Windows\System\FCVwcrl.exe
  C:\Windows\System\FCVwcrl.exe
  2⤵
  PID:7456
- C:\Windows\System\NqLbfuW.exe
  C:\Windows\System\NqLbfuW.exe
  2⤵
  PID:8072
- C:\Windows\System\lmxADwj.exe
  C:\Windows\System\lmxADwj.exe
  2⤵
  PID:7972
- C:\Windows\System\xfMMVEF.exe
  C:\Windows\System\xfMMVEF.exe
  2⤵
  PID:7204
- C:\Windows\System\wzcJwdL.exe
  C:\Windows\System\wzcJwdL.exe
  2⤵
  PID:8220
- C:\Windows\System\niKCQZE.exe
  C:\Windows\System\niKCQZE.exe
  2⤵
  PID:8240
- C:\Windows\System\JQQsXqs.exe
  C:\Windows\System\JQQsXqs.exe
  2⤵
  PID:8276
- C:\Windows\System\CCLkUrj.exe
  C:\Windows\System\CCLkUrj.exe
  2⤵
  PID:8304
- C:\Windows\System\mBFytoC.exe
  C:\Windows\System\mBFytoC.exe
  2⤵
  PID:8332
- C:\Windows\System\nNCyGhu.exe
  C:\Windows\System\nNCyGhu.exe
  2⤵
  PID:8360
- C:\Windows\System\cyOQuTg.exe
  C:\Windows\System\cyOQuTg.exe
  2⤵
  PID:8388
- C:\Windows\System\JHsSMWl.exe
  C:\Windows\System\JHsSMWl.exe
  2⤵
  PID:8416
- C:\Windows\System\zLkGeor.exe
  C:\Windows\System\zLkGeor.exe
  2⤵
  PID:8444
- C:\Windows\System\cgRjjAc.exe
  C:\Windows\System\cgRjjAc.exe
  2⤵
  PID:8472
- C:\Windows\System\cWcPLiW.exe
  C:\Windows\System\cWcPLiW.exe
  2⤵
  PID:8504
- C:\Windows\System\sPdmDxK.exe
  C:\Windows\System\sPdmDxK.exe
  2⤵
  PID:8520
- C:\Windows\System\gUDWIwt.exe
  C:\Windows\System\gUDWIwt.exe
  2⤵
  PID:8548
- C:\Windows\System\vUjeYRD.exe
  C:\Windows\System\vUjeYRD.exe
  2⤵
  PID:8580
- C:\Windows\System\ABMHUHr.exe
  C:\Windows\System\ABMHUHr.exe
  2⤵
  PID:8604
- C:\Windows\System\XUQxWMl.exe
  C:\Windows\System\XUQxWMl.exe
  2⤵
  PID:8640
- C:\Windows\System\UwjVHfI.exe
  C:\Windows\System\UwjVHfI.exe
  2⤵
  PID:8660
- C:\Windows\System\zZJUjCM.exe
  C:\Windows\System\zZJUjCM.exe
  2⤵
  PID:8700
- C:\Windows\System\AdZwpdp.exe
  C:\Windows\System\AdZwpdp.exe
  2⤵
  PID:8728
- C:\Windows\System\ogGakNQ.exe
  C:\Windows\System\ogGakNQ.exe
  2⤵
  PID:8756
- C:\Windows\System\sjNaPnR.exe
  C:\Windows\System\sjNaPnR.exe
  2⤵
  PID:8772
- C:\Windows\System\nCWbwRt.exe
  C:\Windows\System\nCWbwRt.exe
  2⤵
  PID:8808
- C:\Windows\System\blYjNzA.exe
  C:\Windows\System\blYjNzA.exe
  2⤵
  PID:8840
- C:\Windows\System\OgfYyOP.exe
  C:\Windows\System\OgfYyOP.exe
  2⤵
  PID:8864
- C:\Windows\System\PcFcgoa.exe
  C:\Windows\System\PcFcgoa.exe
  2⤵
  PID:8900
- C:\Windows\System\IKWOToh.exe
  C:\Windows\System\IKWOToh.exe
  2⤵
  PID:8928
- C:\Windows\System\lExZZxa.exe
  C:\Windows\System\lExZZxa.exe
  2⤵
  PID:8960
- C:\Windows\System\MGprhDO.exe
  C:\Windows\System\MGprhDO.exe
  2⤵
  PID:8988
- C:\Windows\System\OeHImjR.exe
  C:\Windows\System\OeHImjR.exe
  2⤵
  PID:9012
- C:\Windows\System\CbytyIi.exe
  C:\Windows\System\CbytyIi.exe
  2⤵
  PID:9040
- C:\Windows\System\BURbqTV.exe
  C:\Windows\System\BURbqTV.exe
  2⤵
  PID:9072
- C:\Windows\System\qfgWdZf.exe
  C:\Windows\System\qfgWdZf.exe
  2⤵
  PID:9100
- C:\Windows\System\pBcpDTR.exe
  C:\Windows\System\pBcpDTR.exe
  2⤵
  PID:9132
- C:\Windows\System\bqzfNLM.exe
  C:\Windows\System\bqzfNLM.exe
  2⤵
  PID:9164
- C:\Windows\System\oSoiTLG.exe
  C:\Windows\System\oSoiTLG.exe
  2⤵
  PID:9188
- C:\Windows\System\RgaDdll.exe
  C:\Windows\System\RgaDdll.exe
  2⤵
  PID:4960
- C:\Windows\System\whZknkr.exe
  C:\Windows\System\whZknkr.exe
  2⤵
  PID:8256
- C:\Windows\System\PcCbzGa.exe
  C:\Windows\System\PcCbzGa.exe
  2⤵
  PID:8328
- C:\Windows\System\flKZolr.exe
  C:\Windows\System\flKZolr.exe
  2⤵
  PID:8384
- C:\Windows\System\aUdwUMT.exe
  C:\Windows\System\aUdwUMT.exe
  2⤵
  PID:8468
- C:\Windows\System\XeDjqBa.exe
  C:\Windows\System\XeDjqBa.exe
  2⤵
  PID:8532
- C:\Windows\System\tEeSucV.exe
  C:\Windows\System\tEeSucV.exe
  2⤵
  PID:8596
- C:\Windows\System\OoDCosU.exe
  C:\Windows\System\OoDCosU.exe
  2⤵
  PID:8672
- C:\Windows\System\lBhnrlm.exe
  C:\Windows\System\lBhnrlm.exe
  2⤵
  PID:8712
- C:\Windows\System\ltQgylH.exe
  C:\Windows\System\ltQgylH.exe
  2⤵
  PID:8792
- C:\Windows\System\PIKajXq.exe
  C:\Windows\System\PIKajXq.exe
  2⤵
  PID:8852
- C:\Windows\System\oUedQAa.exe
  C:\Windows\System\oUedQAa.exe
  2⤵
  PID:8940
- C:\Windows\System\LglGMhX.exe
  C:\Windows\System\LglGMhX.exe
  2⤵
  PID:9020
- C:\Windows\System\iSOvJZE.exe
  C:\Windows\System\iSOvJZE.exe
  2⤵
  PID:9060
- C:\Windows\System\TIgmuYy.exe
  C:\Windows\System\TIgmuYy.exe
  2⤵
  PID:9144
- C:\Windows\System\uhcUKGK.exe
  C:\Windows\System\uhcUKGK.exe
  2⤵
  PID:8204
- C:\Windows\System\ngIYzhA.exe
  C:\Windows\System\ngIYzhA.exe
  2⤵
  PID:8348
- C:\Windows\System\CcdYlYG.exe
  C:\Windows\System\CcdYlYG.exe
  2⤵
  PID:8516
- C:\Windows\System\CRgJpbj.exe
  C:\Windows\System\CRgJpbj.exe
  2⤵
  PID:8544
- C:\Windows\System\KTGcJRj.exe
  C:\Windows\System\KTGcJRj.exe
  2⤵
  PID:8744
- C:\Windows\System\uWCaapH.exe
  C:\Windows\System\uWCaapH.exe
  2⤵
  PID:9000
- C:\Windows\System\bkirdWC.exe
  C:\Windows\System\bkirdWC.exe
  2⤵
  PID:9116
- C:\Windows\System\upzNZTu.exe
  C:\Windows\System\upzNZTu.exe
  2⤵
  PID:8356
- C:\Windows\System\fsBKoyD.exe
  C:\Windows\System\fsBKoyD.exe
  2⤵
  PID:8752
- C:\Windows\System\rAMmwEZ.exe
  C:\Windows\System\rAMmwEZ.exe
  2⤵
  PID:9176
- C:\Windows\System\UapMuDO.exe
  C:\Windows\System\UapMuDO.exe
  2⤵
  PID:8884
- C:\Windows\System\XBTTlMe.exe
  C:\Windows\System\XBTTlMe.exe
  2⤵
  PID:4380
- C:\Windows\System\gfcvZcc.exe
  C:\Windows\System\gfcvZcc.exe
  2⤵
  PID:4076
- C:\Windows\System\DsiARLp.exe
  C:\Windows\System\DsiARLp.exe
  2⤵
  PID:9244
- C:\Windows\System\KdziNCS.exe
  C:\Windows\System\KdziNCS.exe
  2⤵
  PID:9272
- C:\Windows\System\OEsVpLm.exe
  C:\Windows\System\OEsVpLm.exe
  2⤵
  PID:9316
- C:\Windows\System\IkxQbSt.exe
  C:\Windows\System\IkxQbSt.exe
  2⤵
  PID:9336
- C:\Windows\System\eaneLEB.exe
  C:\Windows\System\eaneLEB.exe
  2⤵
  PID:9372
- C:\Windows\System\IjPiYiQ.exe
  C:\Windows\System\IjPiYiQ.exe
  2⤵
  PID:9400
- C:\Windows\System\nAKzePV.exe
  C:\Windows\System\nAKzePV.exe
  2⤵
  PID:9436
- C:\Windows\System\olUtbgG.exe
  C:\Windows\System\olUtbgG.exe
  2⤵
  PID:9456
- C:\Windows\System\FXrbkEt.exe
  C:\Windows\System\FXrbkEt.exe
  2⤵
  PID:9484
- C:\Windows\System\QAHuJJc.exe
  C:\Windows\System\QAHuJJc.exe
  2⤵
  PID:9516
- C:\Windows\System\YVdkvJH.exe
  C:\Windows\System\YVdkvJH.exe
  2⤵
  PID:9544
- C:\Windows\System\UlrMgDU.exe
  C:\Windows\System\UlrMgDU.exe
  2⤵
  PID:9580
- C:\Windows\System\KwUkGDZ.exe
  C:\Windows\System\KwUkGDZ.exe
  2⤵
  PID:9600
- C:\Windows\System\BsMHdMm.exe
  C:\Windows\System\BsMHdMm.exe
  2⤵
  PID:9640
- C:\Windows\System\VeEpIPC.exe
  C:\Windows\System\VeEpIPC.exe
  2⤵
  PID:9664
- C:\Windows\System\JdBRWvF.exe
  C:\Windows\System\JdBRWvF.exe
  2⤵
  PID:9684
- C:\Windows\System\veAeHhX.exe
  C:\Windows\System\veAeHhX.exe
  2⤵
  PID:9716
- C:\Windows\System\ywvfEHd.exe
  C:\Windows\System\ywvfEHd.exe
  2⤵
  PID:9744
- C:\Windows\System\sbimNFY.exe
  C:\Windows\System\sbimNFY.exe
  2⤵
  PID:9772
- C:\Windows\System\QAanYux.exe
  C:\Windows\System\QAanYux.exe
  2⤵
  PID:9804
- C:\Windows\System\vJGExDA.exe
  C:\Windows\System\vJGExDA.exe
  2⤵
  PID:9836
- C:\Windows\System\EjxoaIQ.exe
  C:\Windows\System\EjxoaIQ.exe
  2⤵
  PID:9880
- C:\Windows\System\mbFfqql.exe
  C:\Windows\System\mbFfqql.exe
  2⤵
  PID:9904
- C:\Windows\System\ovPVuwt.exe
  C:\Windows\System\ovPVuwt.exe
  2⤵
  PID:9928
- C:\Windows\System\twxfswW.exe
  C:\Windows\System\twxfswW.exe
  2⤵
  PID:9956
- C:\Windows\System\ylKGTxo.exe
  C:\Windows\System\ylKGTxo.exe
  2⤵
  PID:9980
- C:\Windows\System\CLkmvNx.exe
  C:\Windows\System\CLkmvNx.exe
  2⤵
  PID:10028
- C:\Windows\System\jWPMQVG.exe
  C:\Windows\System\jWPMQVG.exe
  2⤵
  PID:10060
- C:\Windows\System\vJEPzYR.exe
  C:\Windows\System\vJEPzYR.exe
  2⤵
  PID:10080
- C:\Windows\System\OJoTlLX.exe
  C:\Windows\System\OJoTlLX.exe
  2⤵
  PID:10116
- C:\Windows\System\uTWhDtF.exe
  C:\Windows\System\uTWhDtF.exe
  2⤵
  PID:10144
- C:\Windows\System\ZKSKuxl.exe
  C:\Windows\System\ZKSKuxl.exe
  2⤵
  PID:10168
- C:\Windows\System\WmdqsqL.exe
  C:\Windows\System\WmdqsqL.exe
  2⤵
  PID:10196
- C:\Windows\System\eaOrBvc.exe
  C:\Windows\System\eaOrBvc.exe
  2⤵
  PID:10228
- C:\Windows\System\NDdjToz.exe
  C:\Windows\System\NDdjToz.exe
  2⤵
  PID:9236
- C:\Windows\System\ZPbeHrj.exe
  C:\Windows\System\ZPbeHrj.exe
  2⤵
  PID:4544
- C:\Windows\System\BZDcSAh.exe
  C:\Windows\System\BZDcSAh.exe
  2⤵
  PID:1392
- C:\Windows\System\RZyhFJc.exe
  C:\Windows\System\RZyhFJc.exe
  2⤵
  PID:9324
- C:\Windows\System\znbDoFy.exe
  C:\Windows\System\znbDoFy.exe
  2⤵
  PID:4512
- C:\Windows\System\bsnnOHu.exe
  C:\Windows\System\bsnnOHu.exe
  2⤵
  PID:9384
- C:\Windows\System\HZgstTR.exe
  C:\Windows\System\HZgstTR.exe
  2⤵
  PID:9424
- C:\Windows\System\OgsTPEW.exe
  C:\Windows\System\OgsTPEW.exe
  2⤵
  PID:9468
- C:\Windows\System\azXPRMz.exe
  C:\Windows\System\azXPRMz.exe
  2⤵
  PID:9536
- C:\Windows\System\JvztLNs.exe
  C:\Windows\System\JvztLNs.exe
  2⤵
  PID:9296
- C:\Windows\System\DMjymrW.exe
  C:\Windows\System\DMjymrW.exe
  2⤵
  PID:9652
- C:\Windows\System\SCeLJXp.exe
  C:\Windows\System\SCeLJXp.exe
  2⤵
  PID:9724
- C:\Windows\System\LsKJbDU.exe
  C:\Windows\System\LsKJbDU.exe
  2⤵
  PID:9760
- C:\Windows\System\aRhioJC.exe
  C:\Windows\System\aRhioJC.exe
  2⤵
  PID:744
- C:\Windows\System\FkogHwQ.exe
  C:\Windows\System\FkogHwQ.exe
  2⤵
  PID:9820
- C:\Windows\System\jVuCqgq.exe
  C:\Windows\System\jVuCqgq.exe
  2⤵
  PID:9888
- C:\Windows\System\HSVBpCC.exe
  C:\Windows\System\HSVBpCC.exe
  2⤵
  PID:4644
- C:\Windows\System\ciHLnuZ.exe
  C:\Windows\System\ciHLnuZ.exe
  2⤵
  PID:9968
- C:\Windows\System\TiJaOBD.exe
  C:\Windows\System\TiJaOBD.exe
  2⤵
  PID:10056
- C:\Windows\System\VVMOjfc.exe
  C:\Windows\System\VVMOjfc.exe
  2⤵
  PID:9844
- C:\Windows\System\xvBuXll.exe
  C:\Windows\System\xvBuXll.exe
  2⤵
  PID:10128
- C:\Windows\System\inTfZZG.exe
  C:\Windows\System\inTfZZG.exe
  2⤵
  PID:10236
- C:\Windows\System\pFJoUIL.exe
  C:\Windows\System\pFJoUIL.exe
  2⤵
  PID:1008
- C:\Windows\System\jmNZfED.exe
  C:\Windows\System\jmNZfED.exe
  2⤵
  PID:9304
- C:\Windows\System\pXKgAms.exe
  C:\Windows\System\pXKgAms.exe
  2⤵
  PID:9364
- C:\Windows\System\yhQPcCp.exe
  C:\Windows\System\yhQPcCp.exe
  2⤵
  PID:676
- C:\Windows\System\sSXTGAY.exe
  C:\Windows\System\sSXTGAY.exe
  2⤵
  PID:9564
- C:\Windows\System\fJzpusv.exe
  C:\Windows\System\fJzpusv.exe
  2⤵
  PID:9612
- C:\Windows\System\yHKfZjp.exe
  C:\Windows\System\yHKfZjp.exe
  2⤵
  PID:4488
- C:\Windows\System\ICbdzjD.exe
  C:\Windows\System\ICbdzjD.exe
  2⤵
  PID:2096
- C:\Windows\System\RgJlHPB.exe
  C:\Windows\System\RgJlHPB.exe
  2⤵
  PID:4452
- C:\Windows\System\hIltTmF.exe
  C:\Windows\System\hIltTmF.exe
  2⤵
  PID:5256
- C:\Windows\System\fYCWHwO.exe
  C:\Windows\System\fYCWHwO.exe
  2⤵
  PID:916
- C:\Windows\System\PLecSBd.exe
  C:\Windows\System\PLecSBd.exe
  2⤵
  PID:4060
- C:\Windows\System\QInKuhr.exe
  C:\Windows\System\QInKuhr.exe
  2⤵
  PID:5524
- C:\Windows\System\zUizVSR.exe
  C:\Windows\System\zUizVSR.exe
  2⤵
  PID:10212
- C:\Windows\System\vSEdVmn.exe
  C:\Windows\System\vSEdVmn.exe
  2⤵
  PID:828
- C:\Windows\System\XWBMBJa.exe
  C:\Windows\System\XWBMBJa.exe
  2⤵
  PID:8424
- C:\Windows\System\CYMOCEe.exe
  C:\Windows\System\CYMOCEe.exe
  2⤵
  PID:3380
- C:\Windows\System\sjRRkZn.exe
  C:\Windows\System\sjRRkZn.exe
  2⤵
  PID:3832
- C:\Windows\System\PItUzXg.exe
  C:\Windows\System\PItUzXg.exe
  2⤵
  PID:9768
- C:\Windows\System\rwbxAtK.exe
  C:\Windows\System\rwbxAtK.exe
  2⤵
  PID:3876
- C:\Windows\System\KeaJtAO.exe
  C:\Windows\System\KeaJtAO.exe
  2⤵
  PID:2592
- C:\Windows\System\ZdnAFXq.exe
  C:\Windows\System\ZdnAFXq.exe
  2⤵
  PID:10076
- C:\Windows\System\sQToSPQ.exe
  C:\Windows\System\sQToSPQ.exe
  2⤵
  PID:5780
- C:\Windows\System\PINZRin.exe
  C:\Windows\System\PINZRin.exe
  2⤵
  PID:2152
- C:\Windows\System\blCstTv.exe
  C:\Windows\System\blCstTv.exe
  2⤵
  PID:5032
- C:\Windows\System\CBGsVKc.exe
  C:\Windows\System\CBGsVKc.exe
  2⤵
  PID:2308
- C:\Windows\System\kPHrkIB.exe
  C:\Windows\System\kPHrkIB.exe
  2⤵
  PID:4776
- C:\Windows\System\jnsOZJY.exe
  C:\Windows\System\jnsOZJY.exe
  2⤵
  PID:3288
- C:\Windows\System\ItZNemV.exe
  C:\Windows\System\ItZNemV.exe
  2⤵
  PID:5940
- C:\Windows\System\piiuXuJ.exe
  C:\Windows\System\piiuXuJ.exe
  2⤵
  PID:2296
- C:\Windows\System\dAOjyFl.exe
  C:\Windows\System\dAOjyFl.exe
  2⤵
  PID:4496
- C:\Windows\System\IWwCKsk.exe
  C:\Windows\System\IWwCKsk.exe
  2⤵
  PID:3148
- C:\Windows\System\VbNMXko.exe
  C:\Windows\System\VbNMXko.exe
  2⤵
  PID:6084
- C:\Windows\System\HziwzRj.exe
  C:\Windows\System\HziwzRj.exe
  2⤵
  PID:4920
- C:\Windows\System\qtBIfGa.exe
  C:\Windows\System\qtBIfGa.exe
  2⤵
  PID:10024
- C:\Windows\System\aTngteW.exe
  C:\Windows\System\aTngteW.exe
  2⤵
  PID:2064
- C:\Windows\System\jenBFko.exe
  C:\Windows\System\jenBFko.exe
  2⤵
  PID:5200
- C:\Windows\System\hBmXSRN.exe
  C:\Windows\System\hBmXSRN.exe
  2⤵
  PID:244
- C:\Windows\System\rTjtaDM.exe
  C:\Windows\System\rTjtaDM.exe
  2⤵
  PID:5312
- C:\Windows\System\baavmhu.exe
  C:\Windows\System\baavmhu.exe
  2⤵
  PID:9944
- C:\Windows\System\mknkSRD.exe
  C:\Windows\System\mknkSRD.exe
  2⤵
  PID:2060
- C:\Windows\System\sQAfjfY.exe
  C:\Windows\System\sQAfjfY.exe
  2⤵
  PID:2604
- C:\Windows\System\tmjZNez.exe
  C:\Windows\System\tmjZNez.exe
  2⤵
  PID:2984
- C:\Windows\System\jsHrMAe.exe
  C:\Windows\System\jsHrMAe.exe
  2⤵
  PID:768
- C:\Windows\System\YAEsAGq.exe
  C:\Windows\System\YAEsAGq.exe
  2⤵
  PID:2884
- C:\Windows\System\ygjugPV.exe
  C:\Windows\System\ygjugPV.exe
  2⤵
  PID:5900
- C:\Windows\System\DxZvURe.exe
  C:\Windows\System\DxZvURe.exe
  2⤵
  PID:3692
- C:\Windows\System\hbMwnMC.exe
  C:\Windows\System\hbMwnMC.exe
  2⤵
  PID:6060
- C:\Windows\System\jtZgsED.exe
  C:\Windows\System\jtZgsED.exe
  2⤵
  PID:756
- C:\Windows\System\GgTRMSb.exe
  C:\Windows\System\GgTRMSb.exe
  2⤵
  PID:3920
- C:\Windows\System\mmISHnm.exe
  C:\Windows\System\mmISHnm.exe
  2⤵
  PID:5204
- C:\Windows\System\xZzYcoz.exe
  C:\Windows\System\xZzYcoz.exe
  2⤵
  PID:880
- C:\Windows\System\mlBEFUn.exe
  C:\Windows\System\mlBEFUn.exe
  2⤵
  PID:10152
- C:\Windows\System\yWumxyz.exe
  C:\Windows\System\yWumxyz.exe
  2⤵
  PID:3776
- C:\Windows\System\Ukrdoeq.exe
  C:\Windows\System\Ukrdoeq.exe
  2⤵
  PID:5992
- C:\Windows\System\lxjaAZg.exe
  C:\Windows\System\lxjaAZg.exe
  2⤵
  PID:4656
- C:\Windows\System\bQEOlqA.exe
  C:\Windows\System\bQEOlqA.exe
  2⤵
  PID:5484
- C:\Windows\System\eJsZjre.exe
  C:\Windows\System\eJsZjre.exe
  2⤵
  PID:5960
- C:\Windows\System\WUODTBE.exe
  C:\Windows\System\WUODTBE.exe
  2⤵
  PID:1276
- C:\Windows\System\lTInjcc.exe
  C:\Windows\System\lTInjcc.exe
  2⤵
  PID:3916
- C:\Windows\System\qSmKdea.exe
  C:\Windows\System\qSmKdea.exe
  2⤵
  PID:2280
- C:\Windows\System\ojbooIR.exe
  C:\Windows\System\ojbooIR.exe
  2⤵
  PID:8
- C:\Windows\System\EUCxcQm.exe
  C:\Windows\System\EUCxcQm.exe
  2⤵
  PID:4272
- C:\Windows\System\BylqxtJ.exe
  C:\Windows\System\BylqxtJ.exe
  2⤵
  PID:6200
- C:\Windows\System\RsJKtkD.exe
  C:\Windows\System\RsJKtkD.exe
  2⤵
  PID:6256
- C:\Windows\System\pFGuYqk.exe
  C:\Windows\System\pFGuYqk.exe
  2⤵
  PID:1176
- C:\Windows\System\WeVeOdD.exe
  C:\Windows\System\WeVeOdD.exe
  2⤵
  PID:3404
- C:\Windows\System\orkZXQW.exe
  C:\Windows\System\orkZXQW.exe
  2⤵
  PID:4348
- C:\Windows\System\oRhCcoN.exe
  C:\Windows\System\oRhCcoN.exe
  2⤵
  PID:5108
- C:\Windows\System\bcZXVCG.exe
  C:\Windows\System\bcZXVCG.exe
  2⤵
  PID:5416
- C:\Windows\System\ZVtAXYD.exe
  C:\Windows\System\ZVtAXYD.exe
  2⤵
  PID:2260
- C:\Windows\System\LfMhKxW.exe
  C:\Windows\System\LfMhKxW.exe
  2⤵
  PID:1488
- C:\Windows\System\LkZioJY.exe
  C:\Windows\System\LkZioJY.exe
  2⤵
  PID:6172
- C:\Windows\System\zRqXdRt.exe
  C:\Windows\System\zRqXdRt.exe
  2⤵
  PID:4608
- C:\Windows\System\qZnlEGi.exe
  C:\Windows\System\qZnlEGi.exe
  2⤵
  PID:3352
- C:\Windows\System\PyBVKdg.exe
  C:\Windows\System\PyBVKdg.exe
  2⤵
  PID:5520
- C:\Windows\System\Xwlhixn.exe
  C:\Windows\System\Xwlhixn.exe
  2⤵
  PID:2540
- C:\Windows\System\ZVWpvHR.exe
  C:\Windows\System\ZVWpvHR.exe
  2⤵
  PID:6408
- C:\Windows\System\ckicdYj.exe
  C:\Windows\System\ckicdYj.exe
  2⤵
  PID:6176
- C:\Windows\System\cEoyaqn.exe
  C:\Windows\System\cEoyaqn.exe
  2⤵
  PID:5704
- C:\Windows\System\PvdoGWN.exe
  C:\Windows\System\PvdoGWN.exe
  2⤵
  PID:6952
- C:\Windows\System\NomWPVb.exe
  C:\Windows\System\NomWPVb.exe
  2⤵
  PID:824
- C:\Windows\System\XlHrAIJ.exe
  C:\Windows\System\XlHrAIJ.exe
  2⤵
  PID:6412
- C:\Windows\System\DKcjmwf.exe
  C:\Windows\System\DKcjmwf.exe
  2⤵
  PID:2652
- C:\Windows\System\FOzMgdP.exe
  C:\Windows\System\FOzMgdP.exe
  2⤵
  PID:7116
- C:\Windows\System\akLqPHF.exe
  C:\Windows\System\akLqPHF.exe
  2⤵
  PID:6960
- C:\Windows\System\vyCoHcZ.exe
  C:\Windows\System\vyCoHcZ.exe
  2⤵
  PID:6168
- C:\Windows\System\EMZsbQT.exe
  C:\Windows\System\EMZsbQT.exe
  2⤵
  PID:7076
- C:\Windows\System\bbdrWsj.exe
  C:\Windows\System\bbdrWsj.exe
  2⤵
  PID:6968
- C:\Windows\System\cQssCoY.exe
  C:\Windows\System\cQssCoY.exe
  2⤵
  PID:5632
- C:\Windows\System\lhquLKz.exe
  C:\Windows\System\lhquLKz.exe
  2⤵
  PID:6552
- C:\Windows\System\bqzKsSq.exe
  C:\Windows\System\bqzKsSq.exe
  2⤵
  PID:6512
- C:\Windows\System\QxYlgov.exe
  C:\Windows\System\QxYlgov.exe
  2⤵
  PID:6640
- C:\Windows\System\WuYNihW.exe
  C:\Windows\System\WuYNihW.exe
  2⤵
  PID:6840
- C:\Windows\System\ElwYAKg.exe
  C:\Windows\System\ElwYAKg.exe
  2⤵
  PID:4620
- C:\Windows\System\tLNqLQp.exe
  C:\Windows\System\tLNqLQp.exe
  2⤵
  PID:3000
- C:\Windows\System\ZdJEBBR.exe
  C:\Windows\System\ZdJEBBR.exe
  2⤵
  PID:7100
- C:\Windows\System\SztIOJH.exe
  C:\Windows\System\SztIOJH.exe
  2⤵
  PID:7080
- C:\Windows\System\cVWKwHs.exe
  C:\Windows\System\cVWKwHs.exe
  2⤵
  PID:10268
- C:\Windows\System\BYnINFk.exe
  C:\Windows\System\BYnINFk.exe
  2⤵
  PID:10296
- C:\Windows\System\uMRynYV.exe
  C:\Windows\System\uMRynYV.exe
  2⤵
  PID:10324
- C:\Windows\System\lHZHmAe.exe
  C:\Windows\System\lHZHmAe.exe
  2⤵
  PID:10352
- C:\Windows\System\IHwezue.exe
  C:\Windows\System\IHwezue.exe
  2⤵
  PID:10380
- C:\Windows\System\bklbmKY.exe
  C:\Windows\System\bklbmKY.exe
  2⤵
  PID:10408
- C:\Windows\System\imSplWt.exe
  C:\Windows\System\imSplWt.exe
  2⤵
  PID:10436
- C:\Windows\System\ZbZrNyF.exe
  C:\Windows\System\ZbZrNyF.exe
  2⤵
  PID:10464
- C:\Windows\System\PuruaTA.exe
  C:\Windows\System\PuruaTA.exe
  2⤵
  PID:10496
- C:\Windows\System\YtMEkTZ.exe
  C:\Windows\System\YtMEkTZ.exe
  2⤵
  PID:10540
- C:\Windows\System\tEYmZoJ.exe
  C:\Windows\System\tEYmZoJ.exe
  2⤵
  PID:10568
- C:\Windows\System\mPCAGXk.exe
  C:\Windows\System\mPCAGXk.exe
  2⤵
  PID:10584
- C:\Windows\System\UfQcFrU.exe
  C:\Windows\System\UfQcFrU.exe
  2⤵
  PID:10616
- C:\Windows\System\JljzhxM.exe
  C:\Windows\System\JljzhxM.exe
  2⤵
  PID:10652
- C:\Windows\System\AsnVZHz.exe
  C:\Windows\System\AsnVZHz.exe
  2⤵
  PID:10672
- C:\Windows\System\FOuOpLO.exe
  C:\Windows\System\FOuOpLO.exe
  2⤵
  PID:10696
- C:\Windows\System\rcdoWCW.exe
  C:\Windows\System\rcdoWCW.exe
  2⤵
  PID:10732
- C:\Windows\System\FrpRnBW.exe
  C:\Windows\System\FrpRnBW.exe
  2⤵
  PID:10752
- C:\Windows\System\bUBwFFV.exe
  C:\Windows\System\bUBwFFV.exe
  2⤵
  PID:10788
- C:\Windows\System\vBeXEvP.exe
  C:\Windows\System\vBeXEvP.exe
  2⤵
  PID:10824
- C:\Windows\System\pLxxDGX.exe
  C:\Windows\System\pLxxDGX.exe
  2⤵
  PID:10840
- C:\Windows\System\zhgsVyu.exe
  C:\Windows\System\zhgsVyu.exe
  2⤵
  PID:10876
- C:\Windows\System\KsFRFRI.exe
  C:\Windows\System\KsFRFRI.exe
  2⤵
  PID:10900
- C:\Windows\System\nHOZEda.exe
  C:\Windows\System\nHOZEda.exe
  2⤵
  PID:10924
- C:\Windows\System\CVxbyPW.exe
  C:\Windows\System\CVxbyPW.exe
  2⤵
  PID:10952
- C:\Windows\System\XMBUJzJ.exe
  C:\Windows\System\XMBUJzJ.exe
  2⤵
  PID:10980
- C:\Windows\System\qXGRxKv.exe
  C:\Windows\System\qXGRxKv.exe
  2⤵
  PID:11012
- C:\Windows\System\jbUvCWl.exe
  C:\Windows\System\jbUvCWl.exe
  2⤵
  PID:11040
- C:\Windows\System\jFMYXCS.exe
  C:\Windows\System\jFMYXCS.exe
  2⤵
  PID:11068
- C:\Windows\System\VNFPuIe.exe
  C:\Windows\System\VNFPuIe.exe
  2⤵
  PID:11100
- C:\Windows\System\JayqYqZ.exe
  C:\Windows\System\JayqYqZ.exe
  2⤵
  PID:11124
- C:\Windows\System\xCfdlwD.exe
  C:\Windows\System\xCfdlwD.exe
  2⤵
  PID:11160
- C:\Windows\System\qTDnpsf.exe
  C:\Windows\System\qTDnpsf.exe
  2⤵
  PID:11180
- C:\Windows\System\fntbAQH.exe
  C:\Windows\System\fntbAQH.exe
  2⤵
  PID:11208
- C:\Windows\System\yqzoqEG.exe
  C:\Windows\System\yqzoqEG.exe
  2⤵
  PID:11236
- C:\Windows\System\qfBGpHg.exe
  C:\Windows\System\qfBGpHg.exe
  2⤵
  PID:6224
- C:\Windows\System\MOxNbaJ.exe
  C:\Windows\System\MOxNbaJ.exe
  2⤵
  PID:1884
- C:\Windows\System\BVBkUoP.exe
  C:\Windows\System\BVBkUoP.exe
  2⤵
  PID:6484
- C:\Windows\System\yMPwWcq.exe
  C:\Windows\System\yMPwWcq.exe
  2⤵
  PID:6612
- C:\Windows\System\uTvrPJn.exe
  C:\Windows\System\uTvrPJn.exe
  2⤵
  PID:6916
- C:\Windows\System\zQvTSWg.exe
  C:\Windows\System\zQvTSWg.exe
  2⤵
  PID:5828
- C:\Windows\System\ultvJPe.exe
  C:\Windows\System\ultvJPe.exe
  2⤵
  PID:4424
- C:\Windows\System\xAPLdFI.exe
  C:\Windows\System\xAPLdFI.exe
  2⤵
  PID:10460
- C:\Windows\System\wWHXoCk.exe
  C:\Windows\System\wWHXoCk.exe
  2⤵
  PID:10528
- C:\Windows\System\IWezQeX.exe
  C:\Windows\System\IWezQeX.exe
  2⤵
  PID:10552
- C:\Windows\System\LUjjMfR.exe
  C:\Windows\System\LUjjMfR.exe
  2⤵
  PID:10596
- C:\Windows\System\UHTQpSL.exe
  C:\Windows\System\UHTQpSL.exe
  2⤵
  PID:10624
- C:\Windows\System\VqbuOdA.exe
  C:\Windows\System\VqbuOdA.exe
  2⤵
  PID:5220
- C:\Windows\System\SbtEBwQ.exe
  C:\Windows\System\SbtEBwQ.exe
  2⤵
  PID:10680
- C:\Windows\System\jkSdyZv.exe
  C:\Windows\System\jkSdyZv.exe
  2⤵
  PID:7308
- C:\Windows\System\Vzjhbei.exe
  C:\Windows\System\Vzjhbei.exe
  2⤵
  PID:7344
- C:\Windows\System\ikUETxL.exe
  C:\Windows\System\ikUETxL.exe
  2⤵
  PID:7372
- C:\Windows\System\SvPhSPt.exe
  C:\Windows\System\SvPhSPt.exe
  2⤵
  PID:10804
- C:\Windows\System\ixPCJyw.exe
  C:\Windows\System\ixPCJyw.exe
  2⤵
  PID:5308
- C:\Windows\System\vksChqe.exe
  C:\Windows\System\vksChqe.exe
  2⤵
  PID:10920
- C:\Windows\System\sRtqHON.exe
  C:\Windows\System\sRtqHON.exe
  2⤵
  PID:10948
- C:\Windows\System\xAtcSgy.exe
  C:\Windows\System\xAtcSgy.exe
  2⤵
  PID:11000
- C:\Windows\System\yNnTtkn.exe
  C:\Windows\System\yNnTtkn.exe
  2⤵
  PID:11036
- C:\Windows\System\ZUdDBCi.exe
  C:\Windows\System\ZUdDBCi.exe
  2⤵
  PID:7700
- C:\Windows\System\mwYQvKS.exe
  C:\Windows\System\mwYQvKS.exe
  2⤵
  PID:7708
- C:\Windows\System\wCjtUgB.exe
  C:\Windows\System\wCjtUgB.exe
  2⤵
  PID:11148
- C:\Windows\System\lRUILzm.exe
  C:\Windows\System\lRUILzm.exe
  2⤵
  PID:11204
- C:\Windows\System\pgzmNUp.exe
  C:\Windows\System\pgzmNUp.exe
  2⤵
  PID:3336
- C:\Windows\System\nlnTFAF.exe
  C:\Windows\System\nlnTFAF.exe
  2⤵
  PID:7892
- C:\Windows\System\QPFyRAD.exe
  C:\Windows\System\QPFyRAD.exe
  2⤵
  PID:4344
- C:\Windows\System\YxVsXyq.exe
  C:\Windows\System\YxVsXyq.exe
  2⤵
  PID:7952
- C:\Windows\System\rMWteDf.exe
  C:\Windows\System\rMWteDf.exe
  2⤵
  PID:6904
- C:\Windows\System\AqFbbWG.exe
  C:\Windows\System\AqFbbWG.exe
  2⤵
  PID:8044
- C:\Windows\System\dmvIibz.exe
  C:\Windows\System\dmvIibz.exe
  2⤵
  PID:8068
- C:\Windows\System\BTcpjSj.exe
  C:\Windows\System\BTcpjSj.exe
  2⤵
  PID:10580
- C:\Windows\System\CneECYz.exe
  C:\Windows\System\CneECYz.exe
  2⤵
  PID:7184
- C:\Windows\System\IItkfFX.exe
  C:\Windows\System\IItkfFX.exe
  2⤵
  PID:7240
- C:\Windows\System\vDregQT.exe
  C:\Windows\System\vDregQT.exe
  2⤵
  PID:5844
- C:\Windows\System\qVXqNYj.exe
  C:\Windows\System\qVXqNYj.exe
  2⤵
  PID:7268
- C:\Windows\System\AOMDrGU.exe
  C:\Windows\System\AOMDrGU.exe
  2⤵
  PID:7320
- C:\Windows\System\rKteCVD.exe
  C:\Windows\System\rKteCVD.exe
  2⤵
  PID:10852
- C:\Windows\System\QsMaNvy.exe
  C:\Windows\System\QsMaNvy.exe
  2⤵
  PID:7512
- C:\Windows\System\ngWhnhm.exe
  C:\Windows\System\ngWhnhm.exe
  2⤵
  PID:6028
- C:\Windows\System\mPKjNLH.exe
  C:\Windows\System\mPKjNLH.exe
  2⤵
  PID:10976
- C:\Windows\System\WBYBmlZ.exe
  C:\Windows\System\WBYBmlZ.exe
  2⤵
  PID:11064
- C:\Windows\System\HHURUUb.exe
  C:\Windows\System\HHURUUb.exe
  2⤵
  PID:7836
- C:\Windows\System\ZQMhgrf.exe
  C:\Windows\System\ZQMhgrf.exe
  2⤵
  PID:11228
- C:\Windows\System\OYlDsZZ.exe
  C:\Windows\System\OYlDsZZ.exe
  2⤵
  PID:7900
- C:\Windows\System\YJkPFVL.exe
  C:\Windows\System\YJkPFVL.exe
  2⤵
  PID:10288
- C:\Windows\System\GacedrO.exe
  C:\Windows\System\GacedrO.exe
  2⤵
  PID:8012
- C:\Windows\System\WwYBBuZ.exe
  C:\Windows\System\WwYBBuZ.exe
  2⤵
  PID:8076
- C:\Windows\System\kvjRbGS.exe
  C:\Windows\System\kvjRbGS.exe
  2⤵
  PID:8128
- C:\Windows\System\eDmlxTQ.exe
  C:\Windows\System\eDmlxTQ.exe
  2⤵
  PID:8188
- C:\Windows\System\lLfPRMa.exe
  C:\Windows\System\lLfPRMa.exe
  2⤵
  PID:7520
- C:\Windows\System\RMYNOMq.exe
  C:\Windows\System\RMYNOMq.exe
  2⤵
  PID:208
- C:\Windows\System\cftTgFB.exe
  C:\Windows\System\cftTgFB.exe
  2⤵
  PID:3856
- C:\Windows\System\ZwCTOOl.exe
  C:\Windows\System\ZwCTOOl.exe
  2⤵
  PID:7472
- C:\Windows\System\aBAkEVi.exe
  C:\Windows\System\aBAkEVi.exe
  2⤵
  PID:3792
- C:\Windows\System\krgWHwY.exe
  C:\Windows\System\krgWHwY.exe
  2⤵
  PID:11024
- C:\Windows\System\dBkJpOL.exe
  C:\Windows\System\dBkJpOL.exe
  2⤵
  PID:11192
- C:\Windows\System\EsLoyhH.exe
  C:\Windows\System\EsLoyhH.exe
  2⤵
  PID:388
- C:\Windows\System\TNAWfyF.exe
  C:\Windows\System\TNAWfyF.exe
  2⤵
  PID:10392
- C:\Windows\System\ucjiqae.exe
  C:\Windows\System\ucjiqae.exe
  2⤵
  PID:10532
- C:\Windows\System\qFLZdTJ.exe
  C:\Windows\System\qFLZdTJ.exe
  2⤵
  PID:392
- C:\Windows\System\KJmhkhe.exe
  C:\Windows\System\KJmhkhe.exe
  2⤵
  PID:8252
- C:\Windows\System\TrHrJKB.exe
  C:\Windows\System\TrHrJKB.exe
  2⤵
  PID:8268
- C:\Windows\System\ghxCWis.exe
  C:\Windows\System\ghxCWis.exe
  2⤵
  PID:10884
- C:\Windows\System\kfOXmJo.exe
  C:\Windows\System\kfOXmJo.exe
  2⤵
  PID:2396
- C:\Windows\System\kzqaZQu.exe
  C:\Windows\System\kzqaZQu.exe
  2⤵
  PID:8404
- C:\Windows\System\rQyswvD.exe
  C:\Windows\System\rQyswvD.exe
  2⤵
  PID:8024
- C:\Windows\System\KzWxleA.exe
  C:\Windows\System\KzWxleA.exe
  2⤵
  PID:1072
- C:\Windows\System\drrXdQK.exe
  C:\Windows\System\drrXdQK.exe
  2⤵
  PID:10548
- C:\Windows\System\TjpyrKW.exe
  C:\Windows\System\TjpyrKW.exe
  2⤵
  PID:8172
- C:\Windows\System\sXXnMXv.exe
  C:\Windows\System\sXXnMXv.exe
  2⤵
  PID:3696
- C:\Windows\System\QGJimLo.exe
  C:\Windows\System\QGJimLo.exe
  2⤵
  PID:8320
- C:\Windows\System\ZSLMNPY.exe
  C:\Windows\System\ZSLMNPY.exe
  2⤵
  PID:8408
- C:\Windows\System\vCDdeIu.exe
  C:\Windows\System\vCDdeIu.exe
  2⤵
  PID:7832
- C:\Windows\System\LHmEdBY.exe
  C:\Windows\System\LHmEdBY.exe
  2⤵
  PID:8804
- C:\Windows\System\bJuwwAm.exe
  C:\Windows\System\bJuwwAm.exe
  2⤵
  PID:8828
- C:\Windows\System\LCDOnmy.exe
  C:\Windows\System\LCDOnmy.exe
  2⤵
  PID:6868
- C:\Windows\System\jzSYpQo.exe
  C:\Windows\System\jzSYpQo.exe
  2⤵
  PID:8952
- C:\Windows\System\hMMyGPt.exe
  C:\Windows\System\hMMyGPt.exe
  2⤵
  PID:8980
- C:\Windows\System\XNFuYQK.exe
  C:\Windows\System\XNFuYQK.exe
  2⤵
  PID:7768
- C:\Windows\System\YqpSGdI.exe
  C:\Windows\System\YqpSGdI.exe
  2⤵
  PID:9092
- C:\Windows\System\ykZPMUn.exe
  C:\Windows\System\ykZPMUn.exe
  2⤵
  PID:8788
- C:\Windows\System\bpPcFda.exe
  C:\Windows\System\bpPcFda.exe
  2⤵
  PID:9212
- C:\Windows\System\OzJowTf.exe
  C:\Windows\System\OzJowTf.exe
  2⤵
  PID:8312
- C:\Windows\System\IEeArHm.exe
  C:\Windows\System\IEeArHm.exe
  2⤵
  PID:8924
- C:\Windows\System\QvIQrpJ.exe
  C:\Windows\System\QvIQrpJ.exe
  2⤵
  PID:8692
- C:\Windows\System\buPIKEa.exe
  C:\Windows\System\buPIKEa.exe
  2⤵
  PID:8628
- C:\Windows\System\eSvNwuU.exe
  C:\Windows\System\eSvNwuU.exe
  2⤵
  PID:6992
- C:\Windows\System\ZdasDsk.exe
  C:\Windows\System\ZdasDsk.exe
  2⤵
  PID:8848
- C:\Windows\System\rYZgxvL.exe
  C:\Windows\System\rYZgxvL.exe
  2⤵
  PID:8936
- C:\Windows\System\zWUoJIP.exe
  C:\Windows\System\zWUoJIP.exe
  2⤵
  PID:9068
- C:\Windows\System\jNsJScn.exe
  C:\Windows\System\jNsJScn.exe
  2⤵
  PID:8288
- C:\Windows\System\aNOPIzz.exe
  C:\Windows\System\aNOPIzz.exe
  2⤵
  PID:8480
- C:\Windows\System\ogjxPUR.exe
  C:\Windows\System\ogjxPUR.exe
  2⤵
  PID:8816
- C:\Windows\System\OhfXriP.exe
  C:\Windows\System\OhfXriP.exe
  2⤵
  PID:8916
- C:\Windows\System\pbtCDev.exe
  C:\Windows\System\pbtCDev.exe
  2⤵
  PID:8568
- C:\Windows\System\TwPDSoQ.exe
  C:\Windows\System\TwPDSoQ.exe
  2⤵
  PID:8624
- C:\Windows\System\RHsplcP.exe
  C:\Windows\System\RHsplcP.exe
  2⤵
  PID:8452
- C:\Windows\System\mCiUiIm.exe
  C:\Windows\System\mCiUiIm.exe
  2⤵
  PID:7436
- C:\Windows\System\cFLwRiw.exe
  C:\Windows\System\cFLwRiw.exe
  2⤵
  PID:8888
- C:\Windows\System\ZFWLsPd.exe
  C:\Windows\System\ZFWLsPd.exe
  2⤵
  PID:11292
- C:\Windows\System\wUSCwcU.exe
  C:\Windows\System\wUSCwcU.exe
  2⤵
  PID:11340
- C:\Windows\System\ZlWwmky.exe
  C:\Windows\System\ZlWwmky.exe
  2⤵
  PID:11376
- C:\Windows\System\XETiYta.exe
  C:\Windows\System\XETiYta.exe
  2⤵
  PID:11400
- C:\Windows\System\TWyBqty.exe
  C:\Windows\System\TWyBqty.exe
  2⤵
  PID:11428
- C:\Windows\System\YqyHAWu.exe
  C:\Windows\System\YqyHAWu.exe
  2⤵
  PID:11456
- C:\Windows\System\FcOwnGd.exe
  C:\Windows\System\FcOwnGd.exe
  2⤵
  PID:11484
- C:\Windows\System\RlkrbOk.exe
  C:\Windows\System\RlkrbOk.exe
  2⤵
  PID:11512
- C:\Windows\System\giYxMtZ.exe
  C:\Windows\System\giYxMtZ.exe
  2⤵
  PID:11532
- C:\Windows\System\sUiNMGa.exe
  C:\Windows\System\sUiNMGa.exe
  2⤵
  PID:11568
- C:\Windows\System\QxcwZmZ.exe
  C:\Windows\System\QxcwZmZ.exe
  2⤵
  PID:11596
- C:\Windows\System\QArlGaq.exe
  C:\Windows\System\QArlGaq.exe
  2⤵
  PID:11616
- C:\Windows\System\GbPVPsM.exe
  C:\Windows\System\GbPVPsM.exe
  2⤵
  PID:11644
- C:\Windows\System\MUGHTlW.exe
  C:\Windows\System\MUGHTlW.exe
  2⤵
  PID:11672
- C:\Windows\System\Cupssin.exe
  C:\Windows\System\Cupssin.exe
  2⤵
  PID:11704
- C:\Windows\System\nwYikyq.exe
  C:\Windows\System\nwYikyq.exe
  2⤵
  PID:11732
- C:\Windows\System\RXjHMkD.exe
  C:\Windows\System\RXjHMkD.exe
  2⤵
  PID:11760
- C:\Windows\System\NQhDRAP.exe
  C:\Windows\System\NQhDRAP.exe
  2⤵
  PID:11788
- C:\Windows\System\eJZQgyQ.exe
  C:\Windows\System\eJZQgyQ.exe
  2⤵
  PID:11816
- C:\Windows\System\deykcnv.exe
  C:\Windows\System\deykcnv.exe
  2⤵
  PID:11848
- C:\Windows\System\SGsGwTo.exe
  C:\Windows\System\SGsGwTo.exe
  2⤵
  PID:11880
- C:\Windows\System\ARukcGw.exe
  C:\Windows\System\ARukcGw.exe
  2⤵
  PID:11900
- C:\Windows\System\vxYwGws.exe
  C:\Windows\System\vxYwGws.exe
  2⤵
  PID:11928
- C:\Windows\System\tISerRY.exe
  C:\Windows\System\tISerRY.exe
  2⤵
  PID:11956
- C:\Windows\System\MxbgLOF.exe
  C:\Windows\System\MxbgLOF.exe
  2⤵
  PID:11984
- C:\Windows\System\yPoYEke.exe
  C:\Windows\System\yPoYEke.exe
  2⤵
  PID:12024
- C:\Windows\System\vUdOxIB.exe
  C:\Windows\System\vUdOxIB.exe
  2⤵
  PID:12048
- C:\Windows\System\NuIqZPP.exe
  C:\Windows\System\NuIqZPP.exe
  2⤵
  PID:12072
- C:\Windows\System\jmxCxEk.exe
  C:\Windows\System\jmxCxEk.exe
  2⤵
  PID:12100
- C:\Windows\System\sRpYcuO.exe
  C:\Windows\System\sRpYcuO.exe
  2⤵
  PID:12136
- C:\Windows\System\QapwqDP.exe
  C:\Windows\System\QapwqDP.exe
  2⤵
  PID:12156
- C:\Windows\System\aJIQoLM.exe
  C:\Windows\System\aJIQoLM.exe
  2⤵
  PID:12184
- C:\Windows\System\DTrWVHV.exe
  C:\Windows\System\DTrWVHV.exe
  2⤵
  PID:12204
- C:\Windows\System\zTsNYgj.exe
  C:\Windows\System\zTsNYgj.exe
  2⤵
  PID:12256
- C:\Windows\System\psRQTtt.exe
  C:\Windows\System\psRQTtt.exe
  2⤵
  PID:12280
- C:\Windows\System\cCrYjTc.exe
  C:\Windows\System\cCrYjTc.exe
  2⤵
  PID:11304
- C:\Windows\System\SoPkkVR.exe
  C:\Windows\System\SoPkkVR.exe
  2⤵
  PID:7636
- C:\Windows\System\LAFyVqF.exe
  C:\Windows\System\LAFyVqF.exe
  2⤵
  PID:11372
- C:\Windows\System\StqHikd.exe
  C:\Windows\System\StqHikd.exe
  2⤵
  PID:11416
- C:\Windows\System\nWWUhZE.exe
  C:\Windows\System\nWWUhZE.exe
  2⤵
  PID:11464
- C:\Windows\System\YbphySH.exe
  C:\Windows\System\YbphySH.exe
  2⤵
  PID:11528
- C:\Windows\System\YqpHdNt.exe
  C:\Windows\System\YqpHdNt.exe
  2⤵
  PID:11580
- C:\Windows\System\JJzgFhj.exe
  C:\Windows\System\JJzgFhj.exe
  2⤵
  PID:11636
- C:\Windows\System\OiuxLiR.exe
  C:\Windows\System\OiuxLiR.exe
  2⤵
  PID:11348
- C:\Windows\System\AWTeVaZ.exe
  C:\Windows\System\AWTeVaZ.exe
  2⤵
  PID:11724
- C:\Windows\System\voNaFCy.exe
  C:\Windows\System\voNaFCy.exe
  2⤵
  PID:11784
- C:\Windows\System\DPIToqz.exe
  C:\Windows\System\DPIToqz.exe
  2⤵
  PID:11812
- C:\Windows\System\WADLRZy.exe
  C:\Windows\System\WADLRZy.exe
  2⤵
  PID:11888
- C:\Windows\System\SdtUdck.exe
  C:\Windows\System\SdtUdck.exe
  2⤵
  PID:11920
- C:\Windows\System\JVeNxKr.exe
  C:\Windows\System\JVeNxKr.exe
  2⤵
  PID:11976
- C:\Windows\System\fKsmSyP.exe
  C:\Windows\System\fKsmSyP.exe
  2⤵
  PID:12000
- C:\Windows\System\GTpgZZU.exe
  C:\Windows\System\GTpgZZU.exe
  2⤵
  PID:12068
- C:\Windows\System\yXqXXSu.exe
  C:\Windows\System\yXqXXSu.exe
  2⤵
  PID:7696
- C:\Windows\System\YxtAsyD.exe
  C:\Windows\System\YxtAsyD.exe
  2⤵
  PID:11728
- C:\Windows\System\bzWyuIc.exe
  C:\Windows\System\bzWyuIc.exe
  2⤵
  PID:9628
- C:\Windows\System\GNrncgD.exe
  C:\Windows\System\GNrncgD.exe
  2⤵
  PID:9660
- C:\Windows\System\DAKgjFv.exe
  C:\Windows\System\DAKgjFv.exe
  2⤵
  PID:12240
- C:\Windows\System\IhtXgpH.exe
  C:\Windows\System\IhtXgpH.exe
  2⤵
  PID:9712
- C:\Windows\System\gPQSuWW.exe
  C:\Windows\System\gPQSuWW.exe
  2⤵
  PID:3628
- C:\Windows\System\UOqykFx.exe
  C:\Windows\System\UOqykFx.exe
  2⤵
  PID:1040
- C:\Windows\System\HptOMRA.exe
  C:\Windows\System\HptOMRA.exe
  2⤵
  PID:3412
- C:\Windows\System\wsKAMuD.exe
  C:\Windows\System\wsKAMuD.exe
  2⤵
  PID:1384
- C:\Windows\System\eTskRQD.exe
  C:\Windows\System\eTskRQD.exe
  2⤵
  PID:9832
- C:\Windows\System\GhjkbeM.exe
  C:\Windows\System\GhjkbeM.exe
  2⤵
  PID:11496
- C:\Windows\System\MenFOUu.exe
  C:\Windows\System\MenFOUu.exe
  2⤵
  PID:11664
- C:\Windows\System\qGwhkZN.exe
  C:\Windows\System\qGwhkZN.exe
  2⤵
  PID:9868
- C:\Windows\System\BCIvave.exe
  C:\Windows\System\BCIvave.exe
  2⤵
  PID:9432
- C:\Windows\System\uzcJCgL.exe
  C:\Windows\System\uzcJCgL.exe
  2⤵
  PID:9496
- C:\Windows\System\ktbsacI.exe
  C:\Windows\System\ktbsacI.exe
  2⤵
  PID:9524
- C:\Windows\System\NMuXGao.exe
  C:\Windows\System\NMuXGao.exe
  2⤵
  PID:6220
- C:\Windows\System\xaoCqEp.exe
  C:\Windows\System\xaoCqEp.exe
  2⤵
  PID:12180
- C:\Windows\System\hSdtFPI.exe
  C:\Windows\System\hSdtFPI.exe
  2⤵
  PID:10044
- C:\Windows\System\EpGdDVD.exe
  C:\Windows\System\EpGdDVD.exe
  2⤵
  PID:10096
- C:\Windows\System\tiGzOPc.exe
  C:\Windows\System\tiGzOPc.exe
  2⤵
  PID:2020
- C:\Windows\System\pPeufTj.exe
  C:\Windows\System\pPeufTj.exe
  2⤵
  PID:2696
- C:\Windows\System\gGerXtP.exe
  C:\Windows\System\gGerXtP.exe
  2⤵
  PID:9252
- C:\Windows\System\ptPuBow.exe
  C:\Windows\System\ptPuBow.exe
  2⤵
  PID:11608
- C:\Windows\System\znpwAia.exe
  C:\Windows\System\znpwAia.exe
  2⤵
  PID:10208
- C:\Windows\System\psGpoes.exe
  C:\Windows\System\psGpoes.exe
  2⤵
  PID:11896
- C:\Windows\System\ZwtdIrd.exe
  C:\Windows\System\ZwtdIrd.exe
  2⤵
  PID:2032
- C:\Windows\System\YWwWUzb.exe
  C:\Windows\System\YWwWUzb.exe
  2⤵
  PID:9572
- C:\Windows\System\EgBUuHx.exe
  C:\Windows\System\EgBUuHx.exe
  2⤵
  PID:3048
- C:\Windows\System\OcyVVMm.exe
  C:\Windows\System\OcyVVMm.exe
  2⤵
  PID:5348
- C:\Windows\System\kegVNND.exe
  C:\Windows\System\kegVNND.exe
  2⤵
  PID:11276
- C:\Windows\System\ycsHJSb.exe
  C:\Windows\System\ycsHJSb.exe
  2⤵
  PID:8400
- C:\Windows\System\vWwHiGK.exe
  C:\Windows\System\vWwHiGK.exe
  2⤵
  PID:8620
- C:\Windows\System\gvMFtKD.exe
  C:\Windows\System\gvMFtKD.exe
  2⤵
  PID:9388
- C:\Windows\System\dIPGiBi.exe
  C:\Windows\System\dIPGiBi.exe
  2⤵
  PID:9556
- C:\Windows\System\IXKSGBp.exe
  C:\Windows\System\IXKSGBp.exe
  2⤵
  PID:12032
- C:\Windows\System\egTYbue.exe
  C:\Windows\System\egTYbue.exe
  2⤵
  PID:12128
- C:\Windows\System\ukBlDPj.exe
  C:\Windows\System\ukBlDPj.exe
  2⤵
  PID:12144
- C:\Windows\System\BFOVkQj.exe
  C:\Windows\System\BFOVkQj.exe
  2⤵
  PID:9792
- C:\Windows\System\lpWWKwr.exe
  C:\Windows\System\lpWWKwr.exe
  2⤵
  PID:9448
- C:\Windows\System\WYXAGsr.exe
  C:\Windows\System\WYXAGsr.exe
  2⤵
  PID:2928
- C:\Windows\System\oiWCpvI.exe
  C:\Windows\System\oiWCpvI.exe
  2⤵
  PID:9648
- C:\Windows\System\KuEbRac.exe
  C:\Windows\System\KuEbRac.exe
  2⤵
  PID:9704
- C:\Windows\System\DpSwlWR.exe
  C:\Windows\System\DpSwlWR.exe
  2⤵
  PID:9028
- C:\Windows\System\WmxtYIv.exe
  C:\Windows\System\WmxtYIv.exe
  2⤵
  PID:11840
- C:\Windows\System\yUoZElq.exe
  C:\Windows\System\yUoZElq.exe
  2⤵
  PID:7452
- C:\Windows\System\VTDsBKl.exe
  C:\Windows\System\VTDsBKl.exe
  2⤵
  PID:2588
- C:\Windows\System\IXBClGg.exe
  C:\Windows\System\IXBClGg.exe
  2⤵
  PID:9152
- C:\Windows\System\tPriZhy.exe
  C:\Windows\System\tPriZhy.exe
  2⤵
  PID:9280
- C:\Windows\System\fodAfwj.exe
  C:\Windows\System\fodAfwj.exe
  2⤵
  PID:9328
- C:\Windows\System\wGItzPG.exe
  C:\Windows\System\wGItzPG.exe
  2⤵
  PID:12312
- C:\Windows\System\TRTSCRR.exe
  C:\Windows\System\TRTSCRR.exe
  2⤵
  PID:12348
- C:\Windows\System\ZgWYDMI.exe
  C:\Windows\System\ZgWYDMI.exe
  2⤵
  PID:12376
- C:\Windows\System\AZfDCpR.exe
  C:\Windows\System\AZfDCpR.exe
  2⤵
  PID:12396
- C:\Windows\System\bUujdHF.exe
  C:\Windows\System\bUujdHF.exe
  2⤵
  PID:12424
- C:\Windows\System\RfejqVN.exe
  C:\Windows\System\RfejqVN.exe
  2⤵
  PID:12452
- C:\Windows\System\NJLUTna.exe
  C:\Windows\System\NJLUTna.exe
  2⤵
  PID:12480
- C:\Windows\System\RnxZPLu.exe
  C:\Windows\System\RnxZPLu.exe
  2⤵
  PID:12508
- C:\Windows\System\CezdJgl.exe
  C:\Windows\System\CezdJgl.exe
  2⤵
  PID:12536
- C:\Windows\System\StEqDRm.exe
  C:\Windows\System\StEqDRm.exe
  2⤵
  PID:12564
- C:\Windows\System\quQCIIQ.exe
  C:\Windows\System\quQCIIQ.exe
  2⤵
  PID:12592
- C:\Windows\System\KlLuRhq.exe
  C:\Windows\System\KlLuRhq.exe
  2⤵
  PID:12628
- C:\Windows\System\EXWnWjM.exe
  C:\Windows\System\EXWnWjM.exe
  2⤵
  PID:12652
- C:\Windows\System\aEHydSg.exe
  C:\Windows\System\aEHydSg.exe
  2⤵
  PID:12684
- C:\Windows\System\oQBXooL.exe
  C:\Windows\System\oQBXooL.exe
  2⤵
  PID:12720
- C:\Windows\System\GuXZfHm.exe
  C:\Windows\System\GuXZfHm.exe
  2⤵
  PID:12740
- C:\Windows\System\ZIUyoRO.exe
  C:\Windows\System\ZIUyoRO.exe
  2⤵
  PID:12776
- C:\Windows\System\axUPdck.exe
  C:\Windows\System\axUPdck.exe
  2⤵
  PID:12804
- C:\Windows\System\AblBkzY.exe
  C:\Windows\System\AblBkzY.exe
  2⤵
  PID:12828
- C:\Windows\System\dardYNJ.exe
  C:\Windows\System\dardYNJ.exe
  2⤵
  PID:12852
- C:\Windows\System\MpqgZgP.exe
  C:\Windows\System\MpqgZgP.exe
  2⤵
  PID:12884
- C:\Windows\System\sGdLTcL.exe
  C:\Windows\System\sGdLTcL.exe
  2⤵
  PID:12916
- C:\Windows\System\JCTdCUp.exe
  C:\Windows\System\JCTdCUp.exe
  2⤵
  PID:12948
- C:\Windows\System\VKRwHko.exe
  C:\Windows\System\VKRwHko.exe
  2⤵
  PID:12964
- C:\Windows\System\UcBXLDD.exe
  C:\Windows\System\UcBXLDD.exe
  2⤵
  PID:13004
- C:\Windows\System\lRseoRB.exe
  C:\Windows\System\lRseoRB.exe
  2⤵
  PID:13028
- C:\Windows\System\vYjqzIZ.exe
  C:\Windows\System\vYjqzIZ.exe
  2⤵
  PID:13048
- C:\Windows\System\KiwWcbl.exe
  C:\Windows\System\KiwWcbl.exe
  2⤵
  PID:13076
- C:\Windows\System\Smknlcp.exe
  C:\Windows\System\Smknlcp.exe
  2⤵
  PID:13116
- C:\Windows\System\qftkkdl.exe
  C:\Windows\System\qftkkdl.exe
  2⤵
  PID:13144
- C:\Windows\System\FMBDnOX.exe
  C:\Windows\System\FMBDnOX.exe
  2⤵
  PID:13164
- C:\Windows\System\LeVGBta.exe
  C:\Windows\System\LeVGBta.exe
  2⤵
  PID:13196
- C:\Windows\System\CnDvcei.exe
  C:\Windows\System\CnDvcei.exe
  2⤵
  PID:13220
- C:\Windows\System\hSfgDIm.exe
  C:\Windows\System\hSfgDIm.exe
  2⤵
  PID:13264
- C:\Windows\System\iUPWBrJ.exe
  C:\Windows\System\iUPWBrJ.exe
  2⤵
  PID:13288
- C:\Windows\System\zhQRDeE.exe
  C:\Windows\System\zhQRDeE.exe
  2⤵
  PID:7668
- C:\Windows\System\OVHsvUu.exe
  C:\Windows\System\OVHsvUu.exe
  2⤵
  PID:12320
- C:\Windows\System\ovtbdho.exe
  C:\Windows\System\ovtbdho.exe
  2⤵
  PID:12360
- C:\Windows\System\ZHTLljD.exe
  C:\Windows\System\ZHTLljD.exe
  2⤵
  PID:12416
- C:\Windows\System\vzBYTTL.exe
  C:\Windows\System\vzBYTTL.exe
  2⤵
  PID:12476
- C:\Windows\System\XLDsPUH.exe
  C:\Windows\System\XLDsPUH.exe
  2⤵
  PID:5568
- C:\Windows\System\YiJAsGg.exe
  C:\Windows\System\YiJAsGg.exe
  2⤵
  PID:12548
- C:\Windows\System\vHjiVUd.exe
  C:\Windows\System\vHjiVUd.exe
  2⤵
  PID:12588
- C:\Windows\System\JkNbdQS.exe
  C:\Windows\System\JkNbdQS.exe
  2⤵
  PID:10184
- C:\Windows\System\hNNpiLs.exe
  C:\Windows\System\hNNpiLs.exe
  2⤵
  PID:12704
- C:\Windows\System\GpepgOC.exe
  C:\Windows\System\GpepgOC.exe
  2⤵
  PID:9200
- C:\Windows\System\vyJBjyl.exe
  C:\Windows\System\vyJBjyl.exe
  2⤵
  PID:12840
- C:\Windows\System\wSyMIDc.exe
  C:\Windows\System\wSyMIDc.exe
  2⤵
  PID:12892
- C:\Windows\System\IXsXDUj.exe
  C:\Windows\System\IXsXDUj.exe
  2⤵
  PID:12924
- C:\Windows\System\iGEnVzz.exe
  C:\Windows\System\iGEnVzz.exe
  2⤵
  PID:12988
- C:\Windows\System\WtPhwlp.exe
  C:\Windows\System\WtPhwlp.exe
  2⤵
  PID:9084
- C:\Windows\System\ywGdAER.exe
  C:\Windows\System\ywGdAER.exe
  2⤵
  PID:13072
- C:\Windows\System\iGIeXRk.exe
  C:\Windows\System\iGIeXRk.exe
  2⤵
  PID:13128
- C:\Windows\System\gPMvVie.exe
  C:\Windows\System\gPMvVie.exe
  2⤵
  PID:13184
- C:\Windows\System\rNvzFKJ.exe
  C:\Windows\System\rNvzFKJ.exe
  2⤵
  PID:13212
- C:\Windows\System\qnTbnKf.exe
  C:\Windows\System\qnTbnKf.exe
  2⤵
  PID:13272
- C:\Windows\System\yzgIAOz.exe
  C:\Windows\System\yzgIAOz.exe
  2⤵
  PID:10016
- C:\Windows\System\mlUQxoT.exe
  C:\Windows\System\mlUQxoT.exe
  2⤵
  PID:9504
- C:\Windows\System\pWOepRL.exe
  C:\Windows\System\pWOepRL.exe
  2⤵
  PID:12388
- C:\Windows\System\GkYXzqT.exe
  C:\Windows\System\GkYXzqT.exe
  2⤵
  PID:1464
- C:\Windows\System\ZhqIAhg.exe
  C:\Windows\System\ZhqIAhg.exe
  2⤵
  PID:3060
- C:\Windows\System\ZIQzYzD.exe
  C:\Windows\System\ZIQzYzD.exe
  2⤵
  PID:12616
- C:\Windows\System\xgwthnf.exe
  C:\Windows\System\xgwthnf.exe
  2⤵
  PID:12736
- C:\Windows\System\CBrQAri.exe
  C:\Windows\System\CBrQAri.exe
  2⤵
  PID:12784
- C:\Windows\System\Qjbtsmy.exe
  C:\Windows\System\Qjbtsmy.exe
  2⤵
  PID:12848
- C:\Windows\System\cJsfqYQ.exe
  C:\Windows\System\cJsfqYQ.exe
  2⤵
  PID:4240
- C:\Windows\System\eKjZnEb.exe
  C:\Windows\System\eKjZnEb.exe
  2⤵
  PID:2484
- C:\Windows\System\oNgihix.exe
  C:\Windows\System\oNgihix.exe
  2⤵
  PID:5508
- C:\Windows\System\OwFLEkD.exe
  C:\Windows\System\OwFLEkD.exe
  2⤵
  PID:13156
- C:\Windows\System\qrHNetd.exe
  C:\Windows\System\qrHNetd.exe
  2⤵
  PID:9220
- C:\Windows\System\GtltEPs.exe
  C:\Windows\System\GtltEPs.exe
  2⤵
  PID:9924
- C:\Windows\System\tJgJfjJ.exe
  C:\Windows\System\tJgJfjJ.exe
  2⤵
  PID:12304
- C:\Windows\System\GnfEepG.exe
  C:\Windows\System\GnfEepG.exe
  2⤵
  PID:8488
- C:\Windows\System\sxOPtJG.exe
  C:\Windows\System\sxOPtJG.exe
  2⤵
  PID:12436
- C:\Windows\System\LrksOYg.exe
  C:\Windows\System\LrksOYg.exe
  2⤵
  PID:9636
- C:\Windows\System\iMCuZJw.exe
  C:\Windows\System\iMCuZJw.exe
  2⤵
  PID:12668
- C:\Windows\System\hQbnPlO.exe
  C:\Windows\System\hQbnPlO.exe
  2⤵
  PID:2372
- C:\Windows\System\nVVSODE.exe
  C:\Windows\System\nVVSODE.exe
  2⤵
  PID:12956
- C:\Windows\System\egwsUmB.exe
  C:\Windows\System\egwsUmB.exe
  2⤵
  PID:13060
- C:\Windows\System\aqLMRSS.exe
  C:\Windows\System\aqLMRSS.exe
  2⤵
  PID:3204
- C:\Windows\System\VfzBeEw.exe
  C:\Windows\System\VfzBeEw.exe
  2⤵
  PID:2444
- C:\Windows\System\UjuRAGP.exe
  C:\Windows\System\UjuRAGP.exe
  2⤵
  PID:5088
- C:\Windows\System\kcaYCjl.exe
  C:\Windows\System\kcaYCjl.exe
  2⤵
  PID:5480
- C:\Windows\System\TLKmswe.exe
  C:\Windows\System\TLKmswe.exe
  2⤵
  PID:2896
- C:\Windows\System\XjFZCjH.exe
  C:\Windows\System\XjFZCjH.exe
  2⤵
  PID:5320
- C:\Windows\System\dRVzxlV.exe
  C:\Windows\System\dRVzxlV.exe
  2⤵
  PID:2256
- C:\Windows\System\QFEONST.exe
  C:\Windows\System\QFEONST.exe
  2⤵
  PID:3140
- C:\Windows\System\quNOVTn.exe
  C:\Windows\System\quNOVTn.exe
  2⤵
  PID:2272
- C:\Windows\System\qXUMdaO.exe
  C:\Windows\System\qXUMdaO.exe
  2⤵
  PID:2220
- C:\Windows\System\FFEZuxR.exe
  C:\Windows\System\FFEZuxR.exe
  2⤵
  PID:9788
- C:\Windows\System\oJrTfAE.exe
  C:\Windows\System\oJrTfAE.exe
  2⤵
  PID:12584
- C:\Windows\System\nGxPUNz.exe
  C:\Windows\System\nGxPUNz.exe
  2⤵
  PID:6076
- C:\Windows\System\ZIbfbTg.exe
  C:\Windows\System\ZIbfbTg.exe
  2⤵
  PID:6288
- C:\Windows\System\HkJUkIS.exe
  C:\Windows\System\HkJUkIS.exe
  2⤵
  PID:2340
- C:\Windows\System\masRNeX.exe
  C:\Windows\System\masRNeX.exe
  2⤵
  PID:1404
- C:\Windows\System\gUYhQmb.exe
  C:\Windows\System\gUYhQmb.exe
  2⤵
  PID:6148
- C:\Windows\System\SzXfKjU.exe
  C:\Windows\System\SzXfKjU.exe
  2⤵
  PID:1612
- C:\Windows\System\RNYmDLp.exe
  C:\Windows\System\RNYmDLp.exe
  2⤵
  PID:1440
- C:\Windows\System\gWdpukV.exe
  C:\Windows\System\gWdpukV.exe
  2⤵
  PID:4020
- C:\Windows\System\MfIYNup.exe
  C:\Windows\System\MfIYNup.exe
  2⤵
  PID:1536
- C:\Windows\System\yuwfASu.exe
  C:\Windows\System\yuwfASu.exe
  2⤵
  PID:6520
- C:\Windows\System\DhUNkJv.exe
  C:\Windows\System\DhUNkJv.exe
  2⤵
  PID:9976
- C:\Windows\System\FBsBHUt.exe
  C:\Windows\System\FBsBHUt.exe
  2⤵
  PID:4768
- C:\Windows\System\CbEyaTY.exe
  C:\Windows\System\CbEyaTY.exe
  2⤵
  PID:2180
- C:\Windows\System\xZnTYMo.exe
  C:\Windows\System\xZnTYMo.exe
  2⤵
  PID:1136
- C:\Windows\System\jfIkwkL.exe
  C:\Windows\System\jfIkwkL.exe
  2⤵
  PID:9848
- C:\Windows\System\bSpMKfN.exe
  C:\Windows\System\bSpMKfN.exe
  2⤵
  PID:7084
- C:\Windows\System\ZWdNKdi.exe
  C:\Windows\System\ZWdNKdi.exe
  2⤵
  PID:3292
- C:\Windows\System\gdQnPRG.exe
  C:\Windows\System\gdQnPRG.exe
  2⤵
  PID:10180
- C:\Windows\System\PRADyQd.exe
  C:\Windows\System\PRADyQd.exe
  2⤵
  PID:6556
- C:\Windows\System\GflGJyu.exe
  C:\Windows\System\GflGJyu.exe
  2⤵
  PID:2732
- C:\Windows\System\yfctQke.exe
  C:\Windows\System\yfctQke.exe
  2⤵
  PID:7052
- C:\Windows\System\USzYCje.exe
  C:\Windows\System\USzYCje.exe
  2⤵
  PID:7112
- C:\Windows\System\LAheEtP.exe
  C:\Windows\System\LAheEtP.exe
  2⤵
  PID:4372
- C:\Windows\System\POcbPtD.exe
  C:\Windows\System\POcbPtD.exe
  2⤵
  PID:6372
- C:\Windows\System\xTUqXOW.exe
  C:\Windows\System\xTUqXOW.exe
  2⤵
  PID:10256
- C:\Windows\System\qIcTeVW.exe
  C:\Windows\System\qIcTeVW.exe
  2⤵
  PID:6508
- C:\Windows\System\vRHcdes.exe
  C:\Windows\System\vRHcdes.exe
  2⤵
  PID:10304
- C:\Windows\System\dvPVDcs.exe
  C:\Windows\System\dvPVDcs.exe
  2⤵
  PID:13348
- C:\Windows\System\pWuaNFC.exe
  C:\Windows\System\pWuaNFC.exe
  2⤵
  PID:13368
- C:\Windows\System\vsaQhIh.exe
  C:\Windows\System\vsaQhIh.exe
  2⤵
  PID:13396
- C:\Windows\System\qSCzlqt.exe
  C:\Windows\System\qSCzlqt.exe
  2⤵
  PID:13424
- C:\Windows\System\VZVEJky.exe
  C:\Windows\System\VZVEJky.exe
  2⤵
  PID:13452
- C:\Windows\System\vcuVclv.exe
  C:\Windows\System\vcuVclv.exe
  2⤵
  PID:13492
- C:\Windows\System\HmdJiYQ.exe
  C:\Windows\System\HmdJiYQ.exe
  2⤵
  PID:13508
- C:\Windows\System\LmMqEDZ.exe
  C:\Windows\System\LmMqEDZ.exe
  2⤵
  PID:13536
- C:\Windows\System\fyIqRwq.exe
  C:\Windows\System\fyIqRwq.exe
  2⤵
  PID:13576
- C:\Windows\System\QTsCGCS.exe
  C:\Windows\System\QTsCGCS.exe
  2⤵
  PID:13596
- C:\Windows\System\BrTHrQK.exe
  C:\Windows\System\BrTHrQK.exe
  2⤵
  PID:13632
- C:\Windows\System\nDkmaHp.exe
  C:\Windows\System\nDkmaHp.exe
  2⤵
  PID:13656
- C:\Windows\System\zkKKiqF.exe
  C:\Windows\System\zkKKiqF.exe
  2⤵
  PID:13692
- C:\Windows\System\AwnlydB.exe
  C:\Windows\System\AwnlydB.exe
  2⤵
  PID:13708
- C:\Windows\System\LOPGPUZ.exe
  C:\Windows\System\LOPGPUZ.exe
  2⤵
  PID:13736
- C:\Windows\System\vnUrrPP.exe
  C:\Windows\System\vnUrrPP.exe
  2⤵
  PID:13764
- C:\Windows\System\dyOsqwq.exe
  C:\Windows\System\dyOsqwq.exe
  2⤵
  PID:13800
- C:\Windows\System\UQPgKXG.exe
  C:\Windows\System\UQPgKXG.exe
  2⤵
  PID:13832
- C:\Windows\System\HjRgSLL.exe
  C:\Windows\System\HjRgSLL.exe
  2⤵
  PID:13856
- C:\Windows\System\sgnaLhX.exe
  C:\Windows\System\sgnaLhX.exe
  2⤵
  PID:13892
- C:\Windows\System\hcxGqdE.exe
  C:\Windows\System\hcxGqdE.exe
  2⤵
  PID:13932
- C:\Windows\System\yTzaoAm.exe
  C:\Windows\System\yTzaoAm.exe
  2⤵
  PID:13952
- C:\Windows\System\DLGbpzl.exe
  C:\Windows\System\DLGbpzl.exe
  2⤵
  PID:13984
- C:\Windows\System\rdsrseU.exe
  C:\Windows\System\rdsrseU.exe
  2⤵
  PID:14008
- C:\Windows\System\lSmkczk.exe
  C:\Windows\System\lSmkczk.exe
  2⤵
  PID:14044
- C:\Windows\System\xUuBqFK.exe
  C:\Windows\System\xUuBqFK.exe
  2⤵
  PID:14072
- C:\Windows\System\EeOxPxN.exe
  C:\Windows\System\EeOxPxN.exe
  2⤵
  PID:14112
- C:\Windows\System\jHeFjji.exe
  C:\Windows\System\jHeFjji.exe
  2⤵
  PID:14136
- C:\Windows\System\dYQgeEA.exe
  C:\Windows\System\dYQgeEA.exe
  2⤵
  PID:14164
- C:\Windows\System\hhHaVmj.exe
  C:\Windows\System\hhHaVmj.exe
  2⤵
  PID:14192
- C:\Windows\System\gCjUrlr.exe
  C:\Windows\System\gCjUrlr.exe
  2⤵
  PID:14224
- C:\Windows\System\WBblhAO.exe
  C:\Windows\System\WBblhAO.exe
  2⤵
  PID:14264
- C:\Windows\System\RTTBUzX.exe
  C:\Windows\System\RTTBUzX.exe
  2⤵
  PID:14300
- C:\Windows\System\RgQHoqD.exe
  C:\Windows\System\RgQHoqD.exe
  2⤵
  PID:14320
- C:\Windows\System\YJYJpTr.exe
  C:\Windows\System\YJYJpTr.exe
  2⤵
  PID:13332
- C:\Windows\System\yHmXlxy.exe
  C:\Windows\System\yHmXlxy.exe
  2⤵
  PID:10396
- C:\Windows\System\qBEMaab.exe
  C:\Windows\System\qBEMaab.exe
  2⤵
  PID:10416
- C:\Windows\System\AGnXjZp.exe
  C:\Windows\System\AGnXjZp.exe
  2⤵
  PID:6252
- C:\Windows\System\eXZudRQ.exe
  C:\Windows\System\eXZudRQ.exe
  2⤵
  PID:13488
- C:\Windows\System\hGFVWwd.exe
  C:\Windows\System\hGFVWwd.exe
  2⤵
  PID:13520
- C:\Windows\System\NFtZvWU.exe
  C:\Windows\System\NFtZvWU.exe
  2⤵
  PID:13564
- C:\Windows\System\WHrDozO.exe
  C:\Windows\System\WHrDozO.exe
  2⤵
  PID:13616
- C:\Windows\System\LKfryJC.exe
  C:\Windows\System\LKfryJC.exe
  2⤵
  PID:13644
- C:\Windows\System\TWfCPNK.exe
  C:\Windows\System\TWfCPNK.exe
  2⤵
  PID:13688
- C:\Windows\System\pswtaDl.exe
  C:\Windows\System\pswtaDl.exe
  2⤵
  PID:13700
- C:\Windows\System\CoVdFjg.exe
  C:\Windows\System\CoVdFjg.exe
  2⤵
  PID:2756
- C:\Windows\System\ZAMKhwD.exe
  C:\Windows\System\ZAMKhwD.exe
  2⤵
  PID:10816
- C:\Windows\System\WnUowBJ.exe
  C:\Windows\System\WnUowBJ.exe
  2⤵
  PID:13772
- C:\Windows\System\Dxpmdok.exe
  C:\Windows\System\Dxpmdok.exe
  2⤵
  PID:13812
- C:\Windows\System\vxCiOPd.exe
  C:\Windows\System\vxCiOPd.exe
  2⤵
  PID:10156
- C:\Windows\System\DkHkyNw.exe
  C:\Windows\System\DkHkyNw.exe
  2⤵
  PID:13852
- C:\Windows\System\gDXfEya.exe
  C:\Windows\System\gDXfEya.exe
  2⤵
  PID:10940
- C:\Windows\System\eVZPhzA.exe
  C:\Windows\System\eVZPhzA.exe
  2⤵
  PID:13948
- C:\Windows\System\lJPICwd.exe
  C:\Windows\System\lJPICwd.exe
  2⤵
  PID:13976
- C:\Windows\System\BiDfcGa.exe
  C:\Windows\System\BiDfcGa.exe
  2⤵
  PID:9396
- C:\Windows\System\sZIOFIq.exe
  C:\Windows\System\sZIOFIq.exe
  2⤵
  PID:11076
- C:\Windows\System\fqtJXpL.exe
  C:\Windows\System\fqtJXpL.exe
  2⤵
  PID:11112
- C:\Windows\System\CmNuDgd.exe
  C:\Windows\System\CmNuDgd.exe
  2⤵
  PID:1944
- C:\Windows\System\HcnGcRx.exe
  C:\Windows\System\HcnGcRx.exe
  2⤵
  PID:9624
- C:\Windows\System\duFkHqv.exe
  C:\Windows\System\duFkHqv.exe
  2⤵
  PID:11224
- C:\Windows\System\PSrNIPE.exe
  C:\Windows\System\PSrNIPE.exe
  2⤵
  PID:14256
- C:\Windows\System\NDjTfuf.exe
  C:\Windows\System\NDjTfuf.exe
  2⤵
  PID:1916
- C:\Windows\System\UssNZGW.exe
  C:\Windows\System\UssNZGW.exe
  2⤵
  PID:5224
- C:\Windows\System\aKbyZTd.exe
  C:\Windows\System\aKbyZTd.exe
  2⤵
  PID:6336
- C:\Windows\System\prjxqNd.exe
  C:\Windows\System\prjxqNd.exe
  2⤵
  PID:10424
- C:\Windows\System\rLxAsEb.exe
  C:\Windows\System\rLxAsEb.exe
  2⤵
  PID:10368
- C:\Windows\System\jMcidvW.exe
  C:\Windows\System\jMcidvW.exe
  2⤵
  PID:10176
- C:\Windows\System\JEGcJgh.exe
  C:\Windows\System\JEGcJgh.exe
  2⤵
  PID:14028
- C:\Windows\System\EjJRKhr.exe
  C:\Windows\System\EjJRKhr.exe
  2⤵
  PID:13640
- C:\Windows\System\QTYsAyp.exe
  C:\Windows\System\QTYsAyp.exe
  2⤵
  PID:4988
- C:\Windows\System\WMDuoCg.exe
  C:\Windows\System\WMDuoCg.exe
  2⤵
  PID:10728
- C:\Windows\System\hndlgAW.exe
  C:\Windows\System\hndlgAW.exe
  2⤵
  PID:3984
- C:\Windows\System\AuzmBKK.exe
  C:\Windows\System\AuzmBKK.exe
  2⤵
  PID:13732
- C:\Windows\System\DrNjzUU.exe
  C:\Windows\System\DrNjzUU.exe
  2⤵
  PID:13792
- C:\Windows\System\BOspPLw.exe
  C:\Windows\System\BOspPLw.exe
  2⤵
  PID:10708
- C:\Windows\System\YGjrqRa.exe
  C:\Windows\System\YGjrqRa.exe
  2⤵
  PID:6712
- C:\Windows\System\JdBdPOZ.exe
  C:\Windows\System\JdBdPOZ.exe
  2⤵
  PID:10860
- C:\Windows\System\vzeaqpY.exe
  C:\Windows\System\vzeaqpY.exe
  2⤵
  PID:13964
- C:\Windows\System\zRRPvoF.exe
  C:\Windows\System\zRRPvoF.exe
  2⤵
  PID:14020
- C:\Windows\System\sqnybnV.exe
  C:\Windows\System\sqnybnV.exe
  2⤵
  PID:14032
- C:\Windows\System\OcNGcEK.exe
  C:\Windows\System\OcNGcEK.exe
  2⤵
  PID:6744
- C:\Windows\System\kBsyyHQ.exe
  C:\Windows\System\kBsyyHQ.exe
  2⤵
  PID:7604
- C:\Windows\System\fvcBQrj.exe
  C:\Windows\System\fvcBQrj.exe
  2⤵
  PID:11176
- C:\Windows\System\uwXcRJF.exe
  C:\Windows\System\uwXcRJF.exe
  2⤵
  PID:14220
- C:\Windows\System\bJndJwe.exe
  C:\Windows\System\bJndJwe.exe
  2⤵
  PID:7824
- C:\Windows\System\KNRnhsO.exe
  C:\Windows\System\KNRnhsO.exe
  2⤵
  PID:13360
- C:\Windows\System\rbhhygd.exe
  C:\Windows\System\rbhhygd.exe
  2⤵
  PID:10292
- C:\Windows\System\cdwwVTn.exe
  C:\Windows\System\cdwwVTn.exe
  2⤵
  PID:7992
- C:\Windows\System\bGbmkYY.exe
  C:\Windows\System\bGbmkYY.exe
  2⤵
  PID:10488
- C:\Windows\System\yHkVzrs.exe
  C:\Windows\System\yHkVzrs.exe
  2⤵
  PID:5880
- C:\Windows\System\kZWBFLi.exe
  C:\Windows\System\kZWBFLi.exe
  2⤵
  PID:688
- C:\Windows\System\ZBCNudn.exe
  C:\Windows\System\ZBCNudn.exe
  2⤵
  PID:10780
- C:\Windows\System\VQvxYnT.exe
  C:\Windows\System\VQvxYnT.exe
  2⤵
  PID:7252
- C:\Windows\System\SuQEFIG.exe
  C:\Windows\System\SuQEFIG.exe
  2⤵
  PID:13824
- C:\Windows\System\SvYOgbV.exe
  C:\Windows\System\SvYOgbV.exe
  2⤵
  PID:13920
- C:\Windows\System\bMyfPor.exe
  C:\Windows\System\bMyfPor.exe
  2⤵
  PID:13972
- C:\Windows\System\lueWfQs.exe
  C:\Windows\System\lueWfQs.exe
  2⤵
  PID:6724
- C:\Windows\System\aXWGGEI.exe
  C:\Windows\System\aXWGGEI.exe
  2⤵
  PID:1648
- C:\Windows\System\jXGLoxg.exe
  C:\Windows\System\jXGLoxg.exe
  2⤵
  PID:6752
- C:\Windows\System\KGUonoI.exe
  C:\Windows\System\KGUonoI.exe
  2⤵
  PID:11156
- C:\Windows\System\AqXXWFA.exe
  C:\Windows\System\AqXXWFA.exe
  2⤵
  PID:11116
- C:\Windows\System\ZBmNrmx.exe
  C:\Windows\System\ZBmNrmx.exe
  2⤵
  PID:14244
- C:\Windows\System\hAOQQrF.exe
  C:\Windows\System\hAOQQrF.exe
  2⤵
  PID:13436
- C:\Windows\System\PrjKuaE.exe
  C:\Windows\System\PrjKuaE.exe
  2⤵
  PID:7232
- C:\Windows\System\veCYxZf.exe
  C:\Windows\System\veCYxZf.exe
  2⤵
  PID:8104
- C:\Windows\System\PIBDvrC.exe
  C:\Windows\System\PIBDvrC.exe
  2⤵
  PID:1652
- C:\Windows\System\sGZrIVO.exe
  C:\Windows\System\sGZrIVO.exe
  2⤵
  PID:7316
- C:\Windows\System\gUOFzQU.exe
  C:\Windows\System\gUOFzQU.exe
  2⤵
  PID:3388
- C:\Windows\System\LBVmAHz.exe
  C:\Windows\System\LBVmAHz.exe
  2⤵
  PID:7608
- C:\Windows\System\wpjZwLm.exe
  C:\Windows\System\wpjZwLm.exe
  2⤵
  PID:11092
- C:\Windows\System\BBPKrCV.exe
  C:\Windows\System\BBPKrCV.exe
  2⤵
  PID:14092
- C:\Windows\System\lsNnnce.exe
  C:\Windows\System\lsNnnce.exe
  2⤵
  PID:5636
- C:\Windows\System\TTgRToE.exe
  C:\Windows\System\TTgRToE.exe
  2⤵
  PID:13504
- C:\Windows\System\zZUJOKn.exe
  C:\Windows\System\zZUJOKn.exe
  2⤵
  PID:7264
- C:\Windows\System\iqhEDEs.exe
  C:\Windows\System\iqhEDEs.exe
  2⤵
  PID:7544
- C:\Windows\System\sMoQZHu.exe
  C:\Windows\System\sMoQZHu.exe
  2⤵
  PID:7816
- C:\Windows\System\aXVuqES.exe
  C:\Windows\System\aXVuqES.exe
  2⤵
  PID:7748
- C:\Windows\System\xPdUIJQ.exe
  C:\Windows\System\xPdUIJQ.exe
  2⤵
  PID:8212
- C:\Windows\System\xJZnqvS.exe
  C:\Windows\System\xJZnqvS.exe
  2⤵
  PID:6052
- C:\Windows\System\pRlanuK.exe
  C:\Windows\System\pRlanuK.exe
  2⤵
  PID:6800
- C:\Windows\System\eyXbqEC.exe
  C:\Windows\System\eyXbqEC.exe
  2⤵
  PID:10308
- C:\Windows\System\oecpyZW.exe
  C:\Windows\System\oecpyZW.exe
  2⤵
  PID:10336
- C:\Windows\System\HzExvkr.exe
  C:\Windows\System\HzExvkr.exe
  2⤵
  PID:13356
- C:\Windows\System\KnhgWnI.exe
  C:\Windows\System\KnhgWnI.exe
  2⤵
  PID:8376
- C:\Windows\System\HKWofbg.exe
  C:\Windows\System\HKWofbg.exe
  2⤵
  PID:14368
- C:\Windows\System\ZFjFOcS.exe
  C:\Windows\System\ZFjFOcS.exe
  2⤵
  PID:14392
- C:\Windows\System\ciSLsxG.exe
  C:\Windows\System\ciSLsxG.exe
  2⤵
  PID:14412
- C:\Windows\System\ZftAiGh.exe
  C:\Windows\System\ZftAiGh.exe
  2⤵
  PID:14444
- C:\Windows\System\ApBIVNW.exe
  C:\Windows\System\ApBIVNW.exe
  2⤵
  PID:14480
- C:\Windows\System\LdXIzyE.exe
  C:\Windows\System\LdXIzyE.exe
  2⤵
  PID:14508
- C:\Windows\System\wIgoWwy.exe
  C:\Windows\System\wIgoWwy.exe
  2⤵
  PID:14536
- C:\Windows\System\yZFsitR.exe
  C:\Windows\System\yZFsitR.exe
  2⤵
  PID:14560
- C:\Windows\System\oZmwKjs.exe
  C:\Windows\System\oZmwKjs.exe
  2⤵
  PID:14584
- C:\Windows\System\OSQkNov.exe
  C:\Windows\System\OSQkNov.exe
  2⤵
  PID:14612
- C:\Windows\System\YfQlPMK.exe
  C:\Windows\System\YfQlPMK.exe
  2⤵
  PID:14640
- C:\Windows\System\XwvtBnG.exe
  C:\Windows\System\XwvtBnG.exe
  2⤵
  PID:14668
- C:\Windows\System\mUyUFGv.exe
  C:\Windows\System\mUyUFGv.exe
  2⤵
  PID:14700
- C:\Windows\System\BtBDoSC.exe
  C:\Windows\System\BtBDoSC.exe
  2⤵
  PID:14732
- C:\Windows\System\GliYuLO.exe
  C:\Windows\System\GliYuLO.exe
  2⤵
  PID:14752
- C:\Windows\System\HPxviDB.exe
  C:\Windows\System\HPxviDB.exe
  2⤵
  PID:14780
- C:\Windows\System\yGmMVzx.exe
  C:\Windows\System\yGmMVzx.exe
  2⤵
  PID:14816
- C:\Windows\System\zSXrjki.exe
  C:\Windows\System\zSXrjki.exe
  2⤵
  PID:14836
- C:\Windows\System\oKhnGrB.exe
  C:\Windows\System\oKhnGrB.exe
  2⤵
  PID:14864
- C:\Windows\System\hVmiZkq.exe
  C:\Windows\System\hVmiZkq.exe
  2⤵
  PID:14892
- C:\Windows\System\VYAGezf.exe
  C:\Windows\System\VYAGezf.exe
  2⤵
  PID:14920
- C:\Windows\System\XERuCyD.exe
  C:\Windows\System\XERuCyD.exe
  2⤵
  PID:14948
- C:\Windows\System\sLQCwYS.exe
  C:\Windows\System\sLQCwYS.exe
  2⤵
  PID:14976
- C:\Windows\System\aGKVgMU.exe
  C:\Windows\System\aGKVgMU.exe
  2⤵
  PID:15012
- C:\Windows\System\BtjhpkU.exe
  C:\Windows\System\BtjhpkU.exe
  2⤵
  PID:15032
- C:\Windows\System\zbgVoZy.exe
  C:\Windows\System\zbgVoZy.exe
  2⤵
  PID:15076
- C:\Windows\System\ypyNUxC.exe
  C:\Windows\System\ypyNUxC.exe
  2⤵
  PID:15096
- C:\Windows\System\NReiEpw.exe
  C:\Windows\System\NReiEpw.exe
  2⤵
  PID:15120
- C:\Windows\System\ovfPYJJ.exe
  C:\Windows\System\ovfPYJJ.exe
  2⤵
  PID:15152
- C:\Windows\System\WcdDdlX.exe
  C:\Windows\System\WcdDdlX.exe
  2⤵
  PID:15176
- C:\Windows\System\YDImKPu.exe
  C:\Windows\System\YDImKPu.exe
  2⤵
  PID:15204
- C:\Windows\System\ZsJuupV.exe
  C:\Windows\System\ZsJuupV.exe
  2⤵
  PID:15232
- C:\Windows\System\iUzqNXV.exe
  C:\Windows\System\iUzqNXV.exe
  2⤵
  PID:15264
- C:\Windows\System\oqDiTRl.exe
  C:\Windows\System\oqDiTRl.exe
  2⤵
  PID:15288
- C:\Windows\System\zRQDVsw.exe
  C:\Windows\System\zRQDVsw.exe
  2⤵
  PID:15316
- C:\Windows\System\sPJSQpm.exe
  C:\Windows\System\sPJSQpm.exe
  2⤵
  PID:15352
- C:\Windows\System\nycGSUG.exe
  C:\Windows\System\nycGSUG.exe
  2⤵
  PID:14380
- C:\Windows\System\JEEglSD.exe
  C:\Windows\System\JEEglSD.exe
  2⤵
  PID:14424
- C:\Windows\System\htINUhQ.exe
  C:\Windows\System\htINUhQ.exe
  2⤵
  PID:14516
- C:\Windows\System\wnBIxDg.exe
  C:\Windows\System\wnBIxDg.exe
  2⤵
  PID:7740
- C:\Windows\System\iyaeNGY.exe
  C:\Windows\System\iyaeNGY.exe
  2⤵
  PID:14608
- C:\Windows\System\yEaLGVY.exe
  C:\Windows\System\yEaLGVY.exe
  2⤵
  PID:14652
- C:\Windows\System\qqvMitH.exe
  C:\Windows\System\qqvMitH.exe
  2⤵
  PID:14720
- C:\Windows\System\tTWAkGF.exe
  C:\Windows\System\tTWAkGF.exe
  2⤵
  PID:14772
- C:\Windows\System\qcqSQXe.exe
  C:\Windows\System\qcqSQXe.exe
  2⤵
  PID:14824
- C:\Windows\System\FSbyDGr.exe
  C:\Windows\System\FSbyDGr.exe
  2⤵
  PID:8592
- C:\Windows\System\dwsgMeh.exe
  C:\Windows\System\dwsgMeh.exe
  2⤵
  PID:14932
- C:\Windows\System\GHDyjhI.exe
  C:\Windows\System\GHDyjhI.exe
  2⤵
  PID:14972
- C:\Windows\System\kJmbwFJ.exe
  C:\Windows\System\kJmbwFJ.exe
  2⤵
  PID:15044
- C:\Windows\System\WGWjMkg.exe
  C:\Windows\System\WGWjMkg.exe
  2⤵
  PID:15116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AJYYjUY.exe

Filesize
6.0MB

MD5
c882bcdeaaa3f3010f2349264f6468d8

SHA1
b780a59d1ca0e6375e4771a0f88493a5083af5d9

SHA256
d179c74aea910de85106d4571d6547e0acbc5542c4aa402573210a22dc6a19d8

SHA512
1ef26052ff8c75e4f946b6602495afbfc1f2a4ecf2de5e0c5790648b96ddffb70f7b46cbb4d8d440fcfe358989386162373e58e92af67e057feabbe837064884

Download Submit
C:\Windows\System\CxdhUHz.exe

Filesize
6.0MB

MD5
b2059312b3fbafe3c014ad1fa63ebbaa

SHA1
94d1f15b58453301921f1a44b2b5351d2189d267

SHA256
2d16d9787c659597c6ca1b75e3857fc85aabaab35374d69e8fe85f6402e3e5a5

SHA512
19f012314870094a51c9ddc673a67607b490b772a555425dcb6a499b1969c163dc9a20ba759c0b2860629fefef3e92035172a825ec64b4c145611ba639764332

Download Submit
C:\Windows\System\ELHonhm.exe

Filesize
6.0MB

MD5
cf1374adf6a79dc5c31aeab06233a47a

SHA1
5d474cc1be503ff9c93c2c1cbf90bd14f59aa681

SHA256
ffc5564b0fcf666873a659f82bbccc7d609709f639db06a31da4d670bd395307

SHA512
b5243c04c8c15d67d26b57e8c83d1305928529cd7c4eeb6494b7f5ff9191761dbe513c738ac14c3102eff3f7ec5222cde3f1a607546e3d41b57d4a836d48b075

Download Submit
C:\Windows\System\FhZbRIX.exe

Filesize
6.0MB

MD5
a42e7d10024ded2e79df8112fb6aa593

SHA1
d323035e65c3428c41a65a5cd63a82906fff2917

SHA256
9d77a80b55246ae605afbeaf07021cd3a7f750d08bfcfa88833a0cfe52a80f45

SHA512
b9ab995eb889065440781da465c0b4e537db27c7e006763b8bdec4f15e079ec57311f8adc150884e44e9c9161a6fe852d27f003a83e12b896f9e640064f9de79

Download Submit
C:\Windows\System\GmhXIfE.exe

Filesize
6.0MB

MD5
b4a323aa53ca89838bb53a9854eab274

SHA1
b94e94fafad620068aae485d9298717edb76c6e6

SHA256
3c64a81863df434e1c206f07b4ced63f5e26bfb6aa7ecc543f0dc54ee7edf209

SHA512
51db13383a1f700d7d5fd9b8a19cfaf3ddf5110a0c35794d2ac86637d5ef22053a9f0fa73f4f9144386b8ecf6eeff63c8a07b93a1a0fdfc53e79bb6b78474524

Download Submit
C:\Windows\System\INnqHUl.exe

Filesize
6.0MB

MD5
1c5e9a71777cc4f95757b1d4b5514026

SHA1
76f7adab4ef5071d484af89c2c409db8889c00fa

SHA256
73bdbdb0c7e255c933f5d6c1c26a2a574bcc9a2b916d570d514b659ca7a30f48

SHA512
0d5562b7624e31ad47599b412d17b6e56b2ff7525a0609f320b2038b5622bd4acb8865b2331c5c9e617b084bdebae9cc670fe4bb191e13eb88bbbda011eb8936

Download Submit
C:\Windows\System\LVcehYY.exe

Filesize
6.0MB

MD5
458609bde71bd8a67f69b0163be685ec

SHA1
b00888017e65c43e49dd60e4de2aff2d1988c8b5

SHA256
d08c78b0bbe88a9d66d4bb86b407c8643910dbe024180fb05428eb6226a001f7

SHA512
7098a5102d8b1c2fc8000a0d7a24ed030ddd0ede302e262dda9faa1a869098a7a991dbdfdc2b0cd98355cbcd0f3ce1e552d0ae3f4b8f0deb93604044b9a02c83

Download Submit
C:\Windows\System\LcPuzWF.exe

Filesize
6.0MB

MD5
70abc0e6ddce088d4e8a0c68386485bd

SHA1
dcb306565de0cab69bccc41baf8ab608aeb05efc

SHA256
f0929bf20badf0ecff6b5f240733f1df3308e7b5c4c81c26c15934a5a7a8c968

SHA512
f1488032cbf2bb8af5bdbda81e7ce7c6c92328bc21dd914f74e59e10f1666c2cef8ceabea2d0eb2802727ff9ff15e354e6d4e837fe8c8049820834653ea5c35d

Download Submit
C:\Windows\System\LcpEmJd.exe

Filesize
6.0MB

MD5
66fc0d783a1795692a64c960785d6178

SHA1
735c30ab8f3decc57c7ba50f49a5d25643aa3d44

SHA256
959093eada311a87b9eb33d16e4a8647de26dfc04fc46548b8827375beeb34a1

SHA512
13dbb32f2486318f90784a775c59e9188490be05838cf84eddc6107cf58f1929ed14434d8ef9e36fb84990d890b191f2a1d7716bc2b957d7ce721d079fc35e68

Download Submit
C:\Windows\System\QSgCeXh.exe

Filesize
6.0MB

MD5
dcbaf70417869e5158a1bde010536d12

SHA1
c90d056f5cf116b623d3687bb3a79b82a3c905f4

SHA256
b0e6d78eba4039ac8c6c1ba4fa885517a188b0a3c992fe0b6824f2ce9ab6f0a0

SHA512
0080622add5b7563d598250e1df17a0fdfbbbcbd3001e4fb6194db95183c62a5b3a672da27c5300c6ce96b25fd4d3636a52825ebadecebf86bc4e57040c06cc2

Download Submit
C:\Windows\System\QtKCdAS.exe

Filesize
6.0MB

MD5
c8ed511d0d2ed4a02b8c387edc2b51f0

SHA1
1d18f4bba91ec1bcff8812320b0f42b3c870585e

SHA256
fd1692dee1e927ce7cf3409a8ce874fa1e6cae4be7fd5061e1a068375bc226b0

SHA512
946af6266f341a27a106222194238ba16672d5ae924fe4811f9518dc5221180fa9df8b2c5152a1a8d3e80456706b1152131dff330b5d5f9df38bad52b59ee494

Download Submit
C:\Windows\System\RuhNYaT.exe

Filesize
6.0MB

MD5
e3fe30432f0b35d737db66544ec881d5

SHA1
f1b5e1e526ef30480b5ae40d3080be5983201479

SHA256
f48ffefaa010dd450dcff49887d00fcd10ba34bbc384234138d6ae3517144cec

SHA512
a7ec276da5053c843bf8afb6878ca2de23b50b4cf13b4a8322524d4024b0320439fab4f594587acbccb01eabc102bac315bf2d44858d207dfcfddb3c3d11837d

Download Submit
C:\Windows\System\TBnbDqb.exe

Filesize
6.0MB

MD5
208158504c70ace737c5361894abeb95

SHA1
e72167ea14e64f68b4d685054ca771e3de0c0413

SHA256
13002ef9927bf1641d2fd2191b65d529450bfb528b78bc96c0b30fd900dfe644

SHA512
4c1409a97358f47933cd306dcc151ecf49f0f818b62921b283fc355ceba5d3c3d5e600e750e785a2c1c3c377c44ba4388f4cd29730e906c70e91e7b5eb60e9db

Download Submit
C:\Windows\System\TzHnRJD.exe

Filesize
6.0MB

MD5
394dff95c92410a5d3462d8ebcabaa1e

SHA1
ab0a9b87ad1c85221c9dae9f926641f3cc80ff49

SHA256
864712c928409611adbfbc6a9333f7880fbf4d8b7dfd67bc7823cce37b9d5375

SHA512
27b6ae19674b74fa6d90a3ca2d7d5986331cbdd9f847b2190496b5330369ddfe3c110ee113b5c15b857a783183e34f5cdf700410c0c3f14533d3a3d0bfb42be2

Download Submit
C:\Windows\System\UHGUnUW.exe

Filesize
6.0MB

MD5
879371b94b77936ed758088c66216abd

SHA1
74cf39786283be67b96c1b680fea79d2b48c7d99

SHA256
16d3c39b50cc18f4517d95f886f53adce7aee5fd13c5a69f3270dcb7bd44b8d0

SHA512
076a7b5a856f3244809b7799aa6bbbe5e1a45665882f27b02c1ad6c5f0735322fa37071f1ad84223391c2b601d53b613606138ba8cb16360249d5f82f1c9c380

Download Submit
C:\Windows\System\VEpRxDx.exe

Filesize
6.0MB

MD5
a6d4764a6701043700dc7af7ee8b2de7

SHA1
66f13e84511a133141fcfba51ee00f0fead12499

SHA256
9803aae3bbc7995d222b870b0ae66ffda3fac8138ad04681cd8e5a3df3e1a5b5

SHA512
67e31930b979ffb47903513c27195ef93a61e8be09ee83718f2ad005cd46fcc964b621f25519ec5f7a83ae0cdfb4f1f82416a4e68b70b0d0bf58bf6b451636e4

Download Submit
C:\Windows\System\Vamqpep.exe

Filesize
6.0MB

MD5
43ade4523151e8947f6214de8be383da

SHA1
039309289d0cbca7601561b0c3294b28ad59f833

SHA256
20d2975fe065037e7c077e2d44a9625e34c937cc221f8d01e4f038c698287d0c

SHA512
c551f2efe6f5f3174780352298c8afa52c1ad44f261fdd38613f12d45cef849345cda182f1a807e0a7c5ff324f2d55f5abae21f6146a25e1d1a8e2b9ecf6cb5d

Download Submit
C:\Windows\System\VvjcSpR.exe

Filesize
6.0MB

MD5
2bedfbf48aa2f2814949da60b7b914b9

SHA1
0d5af87bc91237e544fdb82840e2fa61f4e34b9d

SHA256
48c7d5679191fbf5ba898c6d89277622c59b3507bf0ad19f1a6b266ac0435b8f

SHA512
dcae2590a755a2e71ddebbc35440888e4f50988d206f91ddcee97894b926ad3f50c9750b81eb407cba41e8941730a5e2e716b80379f27f11359969be308c6b2e

Download Submit
C:\Windows\System\WhbYyMN.exe

Filesize
6.0MB

MD5
1b6ff9e2f76627c99b1bfbd5a55db4a5

SHA1
125eff9b6050b6bc2b52025be701a7414487a103

SHA256
604144173d3055169171e7d5b1658184062ec9be35f0cd5f00cc761e721f199f

SHA512
530d3a2f08ed92df4786ce9178dc57bf058a2cce3796305fdb86079dc1d4c5bbb20b55ae8a327aa8113134e19189e51c2ca0cd155a141e5eb571515fa01a9929

Download Submit
C:\Windows\System\XGpsrsT.exe

Filesize
6.0MB

MD5
bcca543cd8e2f3b9a4f494a7b8176b70

SHA1
b11874c2ba5d9f4c5994975ebd30c24e64343118

SHA256
7188e43f8582960371a13244930c3d3fe3ee5331632e07a63c9034d1b554cb92

SHA512
d5eb3fa73e97980486f48b7f986fbbfffa16d41552d297ca213f66e494ed972d54eb2d7659593c66f6b0181a7c70494f4e8442ae52dfb3bae9b7219bd4655c20

Download Submit
C:\Windows\System\ZbqfjJF.exe

Filesize
6.0MB

MD5
ed999bd0704dd1743efe58e045bef3b6

SHA1
8e50e6c753276d8bf32ff6813daa1cbe8a15f2fc

SHA256
99613f9f44f0c24fad09a4350960ff720ae65d5740bc300686233f25b560d535

SHA512
dfc927adab5095134d9100c0b71252ee212a0a4ace23cb8b1becd2cb907621ac12abbd4e0a6e28d6eb41c3c82aa5586840f1f58fe629b3a6f2c1541c6537b926

Download Submit
C:\Windows\System\ZiomnVX.exe

Filesize
6.0MB

MD5
aa513b20d57f810619a7fb5bd2cdb138

SHA1
3ab18513a8180196caa810bee2262d6df53a4e7f

SHA256
b97bcc8a729fdda82ff55e1bb44da3f7c08534dae92556aa49a0121459ff988d

SHA512
ad783669244548acb3011c9aeb7a0ab0d5f721f70d57d80fb1d38adb820103579b3bd03213f13c00f3a057214fb26cd1d338e4cc10cbd76ab4d045131f358085

Download Submit
C:\Windows\System\ZqFXDaL.exe

Filesize
6.0MB

MD5
3000dfc199cd7078d39e5b1f06bd09b8

SHA1
3a3bb72c7b3de650b54072b40d0071cfdf5d9cfc

SHA256
6b7ff718ba7b3a741b685a56aa79a3dec6571e02add79e90b2beedd5d6844b28

SHA512
f321ff1dff437321b7cde17d5a4cf783486d3e23af1263379250a17fb0a411e4d226180ec7e58ec315d8fdfdd0b5e14e011f7a50f8458275ecf8407eaf9740e6

Download Submit
C:\Windows\System\bAvvErm.exe

Filesize
6.0MB

MD5
967ba02a1780aa08d4a57de9859f16d4

SHA1
91f4c8eb94d3d4f999d7b21991cb58fbba29711a

SHA256
06ad58aa9d890d80b9fa53bc2c26f012eaecf725f00da6f8c04743b0df12be3c

SHA512
7394a43cdaec7201005cb337754d0a54cc7b6dd789ee7efeba5b29c79f996d9a3b556751acdf744f47f1e1fc064a5104fce26b5a0e1caa2ecb8b55950d2eacdf

Download Submit
C:\Windows\System\fqTrfII.exe

Filesize
6.0MB

MD5
d1d120ccae82d61290a1591593577251

SHA1
d9cb04114fb331e4b0bea81ff7ccc03cbd5c944c

SHA256
4462bc460f4ce8e69591d1e79d81ac1b6f919a501c12ed764bc714015a97c909

SHA512
f8c7563bbaea7b5b16fc1c8ff530db0693f31a046a00d4a0c7fc5b5fa4698734a1eafb610a9ac7e017871da8c8124b1d6a42a3ccf4109838b2e666fa89b3b79f

Download Submit
C:\Windows\System\hxlAbAX.exe

Filesize
6.0MB

MD5
8bf82dce7e62b14f96b30fe1c2688db6

SHA1
3fe3798314c48c08d4512b212a04180e43cca509

SHA256
4aa2c4b61eca104b73a0200260fc6d812269c61c13e732aacdf93a17d4016680

SHA512
85f010979d200bd360ca93eb29994e2a168a92b0c674f4c48cfb6e9b0c3f7cd0817037c1f0c3db7f917d249401be06b7aa193ed15bcb1285ee0e20e4b85d3276

Download Submit
C:\Windows\System\kFcNeMF.exe

Filesize
6.0MB

MD5
9c85fd0dc319291a9c6adea7c5673150

SHA1
fdbe9afdaa4ba2f1daf9bdb1928b686697b096e5

SHA256
3ee15b50010cb8b7cc9c25570d29849650a11be0cd18fec61704cf5571e9be88

SHA512
eaa22a132f997815e89d03725bf26ea4037c80560ac995f56b8050e23a1fd709f684944743019af07ce9ab04909890fd5530b8675d62c7e67bdd8eb6b60ddd19

Download Submit
C:\Windows\System\nPbrqmY.exe

Filesize
6.0MB

MD5
aa67dd865597f28437f6eb8827a1a4b7

SHA1
9c20777a1d255c348780533a8c5c1cea4c9784f0

SHA256
0f2cbccd4b45ad9a804d698af27f7e19a03d86ff0bb06273a9a68ac1149bc248

SHA512
c722130217c7b4ff59c80fb6651c74faccb0b73aa5f24011a2d88b67cbcea1d6d528a6465da243a93f873335addfbdddc2679e847c22c7f751314408b927304e

Download Submit
C:\Windows\System\npCzCRx.exe

Filesize
6.0MB

MD5
e4aedc7aa85dcfbde94b0ce9788c0c34

SHA1
a1897c5215b8abe9b50b2f814b8bb99278f22f7f

SHA256
e9a39845212d29aca6e037c393f0ab6b6b65eeacec75bde89c6f737974921c66

SHA512
13a76e96017cb4da335554b5bd248cbe9cc9e2a2c8103e8e54020324525288f53a460d0b430b009a8873acfe008f7089cca6eccece3b1f6fa2245ac68bb8dce0

Download Submit
C:\Windows\System\rReFkDm.exe

Filesize
6.0MB

MD5
9dbdb9c8e91ffa4fdff5b73122b55cc3

SHA1
dd902b69490501fa0c5fd1bda9c8b3ffc2a65904

SHA256
3cd3d9fa4cae98b6ef394f118a2c3852325f98a36ea9fbc5f9bf84243f8b672c

SHA512
cc1561930959f1d74f57f9bbe255e6b2191eee3742f3f60b6e656bd4f6c5a01587c291ce324aded24f7e507bd45447b87b765d3a6dde85bed33862c79ae05724

Download Submit
C:\Windows\System\thfxYyN.exe

Filesize
6.0MB

MD5
3886695cf3f5c6d6ce333164bf42cda1

SHA1
5f5d41f1230775dd08d0620db066dd2fbbe9068f

SHA256
dc833f9a6a5a09f6644d5fe9db7e0f12fce9e8c4bf1bf8ba73b19f950b4d90e6

SHA512
c9e480a3e2b8aa9f1bcbe354b0ff0b5f395d55292f9aff0ea93000425b9172934ac96c2c8bd98af87f6882cb02eacdeaeb801d25c167933ac8fb57e24efcc651

Download Submit
C:\Windows\System\wdbAMxY.exe

Filesize
6.0MB

MD5
c4af00459f2aa27a878bc98387d6284e

SHA1
a5f3a6c9eef2bd66178b6d636b2dd2a37196ff44

SHA256
e715d4ea759029e6082be87b26262617e5b283db786f77dc179ac207151a67b5

SHA512
376151cdf42943c03129f74e3d0ffb6062881db27b4ef497e91689dcabc7bef8734d908de21efac17266ecd99cc07d6572c35865990b75f13bb1cc15737f8e4d

Download Submit
C:\Windows\System\zMyVMIm.exe

Filesize
6.0MB

MD5
c2541bd62af561195bbb0cf71fcead98

SHA1
570e420a9c4a96ad1dfe82daa3b650ae95c97f85

SHA256
8541b75bdcaba1f5add1981624f83a8571072f429f4ddc8836ebc5f3cae7c5c8

SHA512
806101061a35dec7448dcc4ebdb6f62f6f928e202ce5fa4772e7b8aea23d7d6be0d17a860152e300207a8794a1942f456d6491a9066f230306f652a9c58107ef

Download Submit
memory/60-491-0x00007FF638610000-0x00007FF638964000-memory.dmp

Filesize
3.3MB

Download
memory/60-1356-0x00007FF638610000-0x00007FF638964000-memory.dmp

Filesize
3.3MB

Download
memory/60-178-0x00007FF638610000-0x00007FF638964000-memory.dmp

Filesize
3.3MB

Download
memory/552-133-0x00007FF6B2890000-0x00007FF6B2BE4000-memory.dmp

Filesize
3.3MB

Download
memory/552-1135-0x00007FF6B2890000-0x00007FF6B2BE4000-memory.dmp

Filesize
3.3MB

Download
memory/552-48-0x00007FF6B2890000-0x00007FF6B2BE4000-memory.dmp

Filesize
3.3MB

Download
memory/748-1309-0x00007FF738AA0000-0x00007FF738DF4000-memory.dmp

Filesize
3.3MB

Download
memory/748-132-0x00007FF738AA0000-0x00007FF738DF4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-62-0x00007FF6D29A0000-0x00007FF6D2CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-1137-0x00007FF6D29A0000-0x00007FF6D2CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-169-0x00007FF6D29A0000-0x00007FF6D2CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1556-340-0x00007FF77A650000-0x00007FF77A9A4000-memory.dmp

Filesize
3.3MB

Download
memory/1556-91-0x00007FF77A650000-0x00007FF77A9A4000-memory.dmp

Filesize
3.3MB

Download
memory/1556-1213-0x00007FF77A650000-0x00007FF77A9A4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-70-0x00007FF778380000-0x00007FF7786D4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-293-0x00007FF778380000-0x00007FF7786D4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-1184-0x00007FF778380000-0x00007FF7786D4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-128-0x00007FF7EAD00000-0x00007FF7EB054000-memory.dmp

Filesize
3.3MB

Download
memory/1668-1294-0x00007FF7EAD00000-0x00007FF7EB054000-memory.dmp

Filesize
3.3MB

Download
memory/1704-1334-0x00007FF730A80000-0x00007FF730DD4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-422-0x00007FF730A80000-0x00007FF730DD4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-151-0x00007FF730A80000-0x00007FF730DD4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-186-0x00007FF655BD0000-0x00007FF655F24000-memory.dmp

Filesize
3.3MB

Download
memory/1976-1358-0x00007FF655BD0000-0x00007FF655F24000-memory.dmp

Filesize
3.3MB

Download
memory/1976-564-0x00007FF655BD0000-0x00007FF655F24000-memory.dmp

Filesize
3.3MB

Download
memory/2024-1139-0x00007FF71F540000-0x00007FF71F894000-memory.dmp

Filesize
3.3MB

Download
memory/2024-141-0x00007FF71F540000-0x00007FF71F894000-memory.dmp

Filesize
3.3MB

Download
memory/2024-59-0x00007FF71F540000-0x00007FF71F894000-memory.dmp

Filesize
3.3MB

Download
memory/2068-117-0x00007FF7A5040000-0x00007FF7A5394000-memory.dmp

Filesize
3.3MB

Download
memory/2068-41-0x00007FF7A5040000-0x00007FF7A5394000-memory.dmp

Filesize
3.3MB

Download
memory/2068-1129-0x00007FF7A5040000-0x00007FF7A5394000-memory.dmp

Filesize
3.3MB

Download
memory/2168-89-0x00007FF7ADA40000-0x00007FF7ADD94000-memory.dmp

Filesize
3.3MB

Download
memory/2168-1190-0x00007FF7ADA40000-0x00007FF7ADD94000-memory.dmp

Filesize
3.3MB

Download
memory/2424-174-0x00007FF77E680000-0x00007FF77E9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-487-0x00007FF77E680000-0x00007FF77E9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-1344-0x00007FF77E680000-0x00007FF77E9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1304-0x00007FF795B60000-0x00007FF795EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-137-0x00007FF795B60000-0x00007FF795EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-45-0x00007FF6CC020000-0x00007FF6CC374000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1131-0x00007FF6CC020000-0x00007FF6CC374000-memory.dmp

Filesize
3.3MB

Download
memory/2932-103-0x00007FF6CC020000-0x00007FF6CC374000-memory.dmp

Filesize
3.3MB

Download
memory/3236-525-0x00007FF622060000-0x00007FF6223B4000-memory.dmp

Filesize
3.3MB

Download
memory/3236-165-0x00007FF622060000-0x00007FF6223B4000-memory.dmp

Filesize
3.3MB

Download
memory/3236-1360-0x00007FF622060000-0x00007FF6223B4000-memory.dmp

Filesize
3.3MB

Download
memory/3360-486-0x00007FF72E510000-0x00007FF72E864000-memory.dmp

Filesize
3.3MB

Download
memory/3360-1333-0x00007FF72E510000-0x00007FF72E864000-memory.dmp

Filesize
3.3MB

Download
memory/3360-155-0x00007FF72E510000-0x00007FF72E864000-memory.dmp

Filesize
3.3MB

Download
memory/3416-1119-0x00007FF6E9400000-0x00007FF6E9754000-memory.dmp

Filesize
3.3MB

Download
memory/3416-28-0x00007FF6E9400000-0x00007FF6E9754000-memory.dmp

Filesize
3.3MB

Download
memory/3460-1207-0x00007FF7180F0000-0x00007FF718444000-memory.dmp

Filesize
3.3MB

Download
memory/3460-95-0x00007FF7180F0000-0x00007FF718444000-memory.dmp

Filesize
3.3MB

Download
memory/3508-15-0x00007FF72EDE0000-0x00007FF72F134000-memory.dmp

Filesize
3.3MB

Download
memory/3508-77-0x00007FF72EDE0000-0x00007FF72F134000-memory.dmp

Filesize
3.3MB

Download
memory/3508-1115-0x00007FF72EDE0000-0x00007FF72F134000-memory.dmp

Filesize
3.3MB

Download
memory/3756-10-0x00007FF7219D0000-0x00007FF721D24000-memory.dmp

Filesize
3.3MB

Download
memory/3756-69-0x00007FF7219D0000-0x00007FF721D24000-memory.dmp

Filesize
3.3MB

Download
memory/3756-1114-0x00007FF7219D0000-0x00007FF721D24000-memory.dmp

Filesize
3.3MB

Download
memory/3820-1-0x0000026B8AD00000-0x0000026B8AD10000-memory.dmp

Filesize
64KB

Download
memory/3820-64-0x00007FF795940000-0x00007FF795C94000-memory.dmp

Filesize
3.3MB

Download
memory/3820-0-0x00007FF795940000-0x00007FF795C94000-memory.dmp

Filesize
3.3MB

Download
memory/3848-1124-0x00007FF7C5080000-0x00007FF7C53D4000-memory.dmp

Filesize
3.3MB

Download
memory/3848-101-0x00007FF7C5080000-0x00007FF7C53D4000-memory.dmp

Filesize
3.3MB

Download
memory/3848-30-0x00007FF7C5080000-0x00007FF7C53D4000-memory.dmp

Filesize
3.3MB

Download
memory/3892-376-0x00007FF7F94C0000-0x00007FF7F9814000-memory.dmp

Filesize
3.3MB

Download
memory/3892-110-0x00007FF7F94C0000-0x00007FF7F9814000-memory.dmp

Filesize
3.3MB

Download
memory/3892-1301-0x00007FF7F94C0000-0x00007FF7F9814000-memory.dmp

Filesize
3.3MB

Download
memory/3924-1118-0x00007FF62D2F0000-0x00007FF62D644000-memory.dmp

Filesize
3.3MB

Download
memory/3924-24-0x00007FF62D2F0000-0x00007FF62D644000-memory.dmp

Filesize
3.3MB

Download
memory/4144-93-0x00007FF76C9A0000-0x00007FF76CCF4000-memory.dmp

Filesize
3.3MB

Download
memory/4144-1194-0x00007FF76C9A0000-0x00007FF76CCF4000-memory.dmp

Filesize
3.3MB

Download
memory/4456-563-0x00007FF7A69E0000-0x00007FF7A6D34000-memory.dmp

Filesize
3.3MB

Download
memory/4456-182-0x00007FF7A69E0000-0x00007FF7A6D34000-memory.dmp

Filesize
3.3MB

Download
memory/4456-1359-0x00007FF7A69E0000-0x00007FF7A6D34000-memory.dmp

Filesize
3.3MB

Download
memory/4560-1332-0x00007FF690FE0000-0x00007FF691334000-memory.dmp

Filesize
3.3MB

Download
memory/4560-149-0x00007FF690FE0000-0x00007FF691334000-memory.dmp

Filesize
3.3MB

Download
memory/4560-455-0x00007FF690FE0000-0x00007FF691334000-memory.dmp

Filesize
3.3MB

Download
memory/4664-111-0x00007FF63DFE0000-0x00007FF63E334000-memory.dmp

Filesize
3.3MB

Download
memory/4664-1297-0x00007FF63DFE0000-0x00007FF63E334000-memory.dmp

Filesize
3.3MB

Download
memory/4664-398-0x00007FF63DFE0000-0x00007FF63E334000-memory.dmp

Filesize
3.3MB

Download
memory/4804-1331-0x00007FF7CAED0000-0x00007FF7CB224000-memory.dmp

Filesize
3.3MB

Download
memory/4804-145-0x00007FF7CAED0000-0x00007FF7CB224000-memory.dmp

Filesize
3.3MB

Download
memory/4804-421-0x00007FF7CAED0000-0x00007FF7CB224000-memory.dmp

Filesize
3.3MB

Download