cobaltstrike | a5c64281e2ce92f0e9acf1248ac876dbf3867ae67e9f362e93ee20034f2c362e

Analysis

max time kernel
127s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2024 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

44fc11d4dc2146103ff1301f7006afa1
SHA1

bd0ac91dce69f5fc82057dc704ae6517294bede9
SHA256

a5c64281e2ce92f0e9acf1248ac876dbf3867ae67e9f362e93ee20034f2c362e
SHA512

c0fc4c7ec27101696661263efda23c1efa11cb4ecc99c594fa32df93b2dc35795fa9c5c3ed42016015408ffc00b9366b565fde750ebde82b53c2e55ca6bdbf86
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUH:T+q56utgpPF8u/7H

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023c7f-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c83-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c84-10.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c80-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c85-26.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c86-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c87-41.dat	cobalt_reflective_dll
behavioral2/files/0x0002000000022dc9-47.dat	cobalt_reflective_dll
behavioral2/files/0x0002000000022dcd-54.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000023b39-60.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023b3e-66.dat	cobalt_reflective_dll
behavioral2/files/0x0010000000023b3f-73.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c89-90.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8c-104.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8d-110.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c90-140.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c93-154.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c95-174.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c97-189.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9c-208.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9b-205.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9a-201.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c99-198.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c98-192.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c96-182.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c94-167.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c92-150.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c91-146.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8f-134.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8e-128.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8b-108.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8a-99.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000023b41-84.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5004-0-0x00007FF7C8940000-0x00007FF7C8C94000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c7f-5.dat	xmrig
behavioral2/memory/4980-8-0x00007FF67A2D0000-0x00007FF67A624000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c83-11.dat	xmrig
behavioral2/files/0x0007000000023c84-10.dat	xmrig
behavioral2/memory/4500-14-0x00007FF69EFB0000-0x00007FF69F304000-memory.dmp	xmrig
behavioral2/memory/2204-20-0x00007FF76C120000-0x00007FF76C474000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c80-23.dat	xmrig
behavioral2/files/0x0007000000023c85-26.dat	xmrig
behavioral2/memory/2176-30-0x00007FF70A690000-0x00007FF70A9E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c86-35.dat	xmrig
behavioral2/memory/32-36-0x00007FF76EBD0000-0x00007FF76EF24000-memory.dmp	xmrig
behavioral2/memory/2692-25-0x00007FF7F0020000-0x00007FF7F0374000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c87-41.dat	xmrig
behavioral2/memory/3940-43-0x00007FF7F79F0000-0x00007FF7F7D44000-memory.dmp	xmrig
behavioral2/files/0x0002000000022dc9-47.dat	xmrig
behavioral2/memory/5004-50-0x00007FF7C8940000-0x00007FF7C8C94000-memory.dmp	xmrig
behavioral2/files/0x0002000000022dcd-54.dat	xmrig
behavioral2/memory/4980-55-0x00007FF67A2D0000-0x00007FF67A624000-memory.dmp	xmrig
behavioral2/files/0x000d000000023b39-60.dat	xmrig
behavioral2/files/0x000c000000023b3e-66.dat	xmrig
behavioral2/files/0x0010000000023b3f-73.dat	xmrig
behavioral2/memory/2992-82-0x00007FF694100000-0x00007FF694454000-memory.dmp	xmrig
behavioral2/memory/2176-88-0x00007FF70A690000-0x00007FF70A9E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c89-90.dat	xmrig
behavioral2/files/0x0007000000023c8c-104.dat	xmrig
behavioral2/files/0x0007000000023c8d-110.dat	xmrig
behavioral2/memory/3936-116-0x00007FF7D6DE0000-0x00007FF7D7134000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c90-140.dat	xmrig
behavioral2/files/0x0007000000023c93-154.dat	xmrig
behavioral2/memory/744-161-0x00007FF6673E0000-0x00007FF667734000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c95-174.dat	xmrig
behavioral2/files/0x0007000000023c97-189.dat	xmrig
behavioral2/files/0x0007000000023c9c-208.dat	xmrig
behavioral2/files/0x0007000000023c9b-205.dat	xmrig
behavioral2/files/0x0007000000023c9a-201.dat	xmrig
behavioral2/files/0x0007000000023c99-198.dat	xmrig
behavioral2/files/0x0007000000023c98-192.dat	xmrig
behavioral2/memory/3184-188-0x00007FF6B3C90000-0x00007FF6B3FE4000-memory.dmp	xmrig
behavioral2/memory/1456-187-0x00007FF738560000-0x00007FF7388B4000-memory.dmp	xmrig
behavioral2/memory/3936-184-0x00007FF7D6DE0000-0x00007FF7D7134000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c96-182.dat	xmrig
behavioral2/memory/4416-179-0x00007FF61F970000-0x00007FF61FCC4000-memory.dmp	xmrig
behavioral2/memory/2720-173-0x00007FF663730000-0x00007FF663A84000-memory.dmp	xmrig
behavioral2/memory/4600-172-0x00007FF7EC090000-0x00007FF7EC3E4000-memory.dmp	xmrig
behavioral2/memory/4012-171-0x00007FF6A58A0000-0x00007FF6A5BF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c94-167.dat	xmrig
behavioral2/memory/2012-166-0x00007FF7CD890000-0x00007FF7CDBE4000-memory.dmp	xmrig
behavioral2/memory/4004-162-0x00007FF79A710000-0x00007FF79AA64000-memory.dmp	xmrig
behavioral2/memory/2992-157-0x00007FF694100000-0x00007FF694454000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c92-150.dat	xmrig
behavioral2/memory/3168-149-0x00007FF68CF80000-0x00007FF68D2D4000-memory.dmp	xmrig
behavioral2/memory/3448-148-0x00007FF7214B0000-0x00007FF721804000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c91-146.dat	xmrig
behavioral2/memory/2956-145-0x00007FF68E670000-0x00007FF68E9C4000-memory.dmp	xmrig
behavioral2/memory/1048-144-0x00007FF641C40000-0x00007FF641F94000-memory.dmp	xmrig
behavioral2/memory/4064-139-0x00007FF6D5890000-0x00007FF6D5BE4000-memory.dmp	xmrig
behavioral2/memory/3588-138-0x00007FF661350000-0x00007FF6616A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8f-134.dat	xmrig
behavioral2/memory/4164-133-0x00007FF7353A0000-0x00007FF7356F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8e-128.dat	xmrig
behavioral2/memory/2924-127-0x00007FF7E2E40000-0x00007FF7E3194000-memory.dmp	xmrig
behavioral2/memory/4900-126-0x00007FF6BF770000-0x00007FF6BFAC4000-memory.dmp	xmrig
behavioral2/memory/540-117-0x00007FF7ADFA0000-0x00007FF7AE2F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4980	dNwdoVA.exe
4500	yXxwwOb.exe
2204	CYpcdGG.exe
2692	VsoXstz.exe
2176	zyDlOKx.exe
32	rWxgrEt.exe
3940	qVQGcdU.exe
2768	VUIfqDs.exe
4900	KgNJWZS.exe
3588	YrlbKYj.exe
2956	IvjgTHA.exe
3168	QHWUVAb.exe
2992	pPwFdqo.exe
4004	kcYBeWD.exe
4012	FWVVYts.exe
4600	pxtkBhT.exe
3936	qjRigMm.exe
540	eibFZwJ.exe
2924	sCJPJvY.exe
4164	DLaBNSQ.exe
4064	pouWDon.exe
1048	qqKfFvM.exe
3448	xnHuvor.exe
744	nNqjDlG.exe
2012	rNFQAjS.exe
2720	SAqRsHA.exe
4416	MlHICRR.exe
1456	Bmmhxpk.exe
3184	yPRZboG.exe
1276	qEGXbHv.exe
1044	hNhPlHU.exe
1688	OSAJyZJ.exe
860	VoxdPPM.exe
4812	IwfXURr.exe
1160	AcxGvtO.exe
3160	CNqIpkt.exe
2216	zCGCUHR.exe
4388	XhdZqsO.exe
4376	qlyvszJ.exe
4088	elzUtmv.exe
1080	lkUBRZY.exe
3920	Wplcjgr.exe
3860	hTcBrJw.exe
516	uzUNijC.exe
3140	APuIoDN.exe
4464	AhsfDtZ.exe
2008	ONroViE.exe
2312	XmuFHNz.exe
3212	eLMsiOw.exe
1100	rmzGLYI.exe
1616	VeEYPkF.exe
2804	tCedatt.exe
3760	vAfTrYp.exe
4352	SqvBnqj.exe
4440	NHWjOwS.exe
2944	LGbaJKx.exe
2860	FjvbEjE.exe
4296	hyKhhtm.exe
1308	PIszTcP.exe
4640	Frfoozk.exe
2268	geBnfya.exe
4548	xYEeoQI.exe
1948	mKfQiYW.exe
2124	DVGxSXc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5004-0-0x00007FF7C8940000-0x00007FF7C8C94000-memory.dmp	upx
behavioral2/files/0x0008000000023c7f-5.dat	upx
behavioral2/memory/4980-8-0x00007FF67A2D0000-0x00007FF67A624000-memory.dmp	upx
behavioral2/files/0x0007000000023c83-11.dat	upx
behavioral2/files/0x0007000000023c84-10.dat	upx
behavioral2/memory/4500-14-0x00007FF69EFB0000-0x00007FF69F304000-memory.dmp	upx
behavioral2/memory/2204-20-0x00007FF76C120000-0x00007FF76C474000-memory.dmp	upx
behavioral2/files/0x0008000000023c80-23.dat	upx
behavioral2/files/0x0007000000023c85-26.dat	upx
behavioral2/memory/2176-30-0x00007FF70A690000-0x00007FF70A9E4000-memory.dmp	upx
behavioral2/files/0x0007000000023c86-35.dat	upx
behavioral2/memory/32-36-0x00007FF76EBD0000-0x00007FF76EF24000-memory.dmp	upx
behavioral2/memory/2692-25-0x00007FF7F0020000-0x00007FF7F0374000-memory.dmp	upx
behavioral2/files/0x0007000000023c87-41.dat	upx
behavioral2/memory/3940-43-0x00007FF7F79F0000-0x00007FF7F7D44000-memory.dmp	upx
behavioral2/files/0x0002000000022dc9-47.dat	upx
behavioral2/memory/5004-50-0x00007FF7C8940000-0x00007FF7C8C94000-memory.dmp	upx
behavioral2/files/0x0002000000022dcd-54.dat	upx
behavioral2/memory/4980-55-0x00007FF67A2D0000-0x00007FF67A624000-memory.dmp	upx
behavioral2/files/0x000d000000023b39-60.dat	upx
behavioral2/files/0x000c000000023b3e-66.dat	upx
behavioral2/files/0x0010000000023b3f-73.dat	upx
behavioral2/memory/2992-82-0x00007FF694100000-0x00007FF694454000-memory.dmp	upx
behavioral2/memory/2176-88-0x00007FF70A690000-0x00007FF70A9E4000-memory.dmp	upx
behavioral2/files/0x0007000000023c89-90.dat	upx
behavioral2/files/0x0007000000023c8c-104.dat	upx
behavioral2/files/0x0007000000023c8d-110.dat	upx
behavioral2/memory/3936-116-0x00007FF7D6DE0000-0x00007FF7D7134000-memory.dmp	upx
behavioral2/files/0x0007000000023c90-140.dat	upx
behavioral2/files/0x0007000000023c93-154.dat	upx
behavioral2/memory/744-161-0x00007FF6673E0000-0x00007FF667734000-memory.dmp	upx
behavioral2/files/0x0007000000023c95-174.dat	upx
behavioral2/files/0x0007000000023c97-189.dat	upx
behavioral2/files/0x0007000000023c9c-208.dat	upx
behavioral2/files/0x0007000000023c9b-205.dat	upx
behavioral2/files/0x0007000000023c9a-201.dat	upx
behavioral2/files/0x0007000000023c99-198.dat	upx
behavioral2/files/0x0007000000023c98-192.dat	upx
behavioral2/memory/3184-188-0x00007FF6B3C90000-0x00007FF6B3FE4000-memory.dmp	upx
behavioral2/memory/1456-187-0x00007FF738560000-0x00007FF7388B4000-memory.dmp	upx
behavioral2/memory/3936-184-0x00007FF7D6DE0000-0x00007FF7D7134000-memory.dmp	upx
behavioral2/files/0x0007000000023c96-182.dat	upx
behavioral2/memory/4416-179-0x00007FF61F970000-0x00007FF61FCC4000-memory.dmp	upx
behavioral2/memory/2720-173-0x00007FF663730000-0x00007FF663A84000-memory.dmp	upx
behavioral2/memory/4600-172-0x00007FF7EC090000-0x00007FF7EC3E4000-memory.dmp	upx
behavioral2/memory/4012-171-0x00007FF6A58A0000-0x00007FF6A5BF4000-memory.dmp	upx
behavioral2/files/0x0007000000023c94-167.dat	upx
behavioral2/memory/2012-166-0x00007FF7CD890000-0x00007FF7CDBE4000-memory.dmp	upx
behavioral2/memory/4004-162-0x00007FF79A710000-0x00007FF79AA64000-memory.dmp	upx
behavioral2/memory/2992-157-0x00007FF694100000-0x00007FF694454000-memory.dmp	upx
behavioral2/files/0x0007000000023c92-150.dat	upx
behavioral2/memory/3168-149-0x00007FF68CF80000-0x00007FF68D2D4000-memory.dmp	upx
behavioral2/memory/3448-148-0x00007FF7214B0000-0x00007FF721804000-memory.dmp	upx
behavioral2/files/0x0007000000023c91-146.dat	upx
behavioral2/memory/2956-145-0x00007FF68E670000-0x00007FF68E9C4000-memory.dmp	upx
behavioral2/memory/1048-144-0x00007FF641C40000-0x00007FF641F94000-memory.dmp	upx
behavioral2/memory/4064-139-0x00007FF6D5890000-0x00007FF6D5BE4000-memory.dmp	upx
behavioral2/memory/3588-138-0x00007FF661350000-0x00007FF6616A4000-memory.dmp	upx
behavioral2/files/0x0007000000023c8f-134.dat	upx
behavioral2/memory/4164-133-0x00007FF7353A0000-0x00007FF7356F4000-memory.dmp	upx
behavioral2/files/0x0007000000023c8e-128.dat	upx
behavioral2/memory/2924-127-0x00007FF7E2E40000-0x00007FF7E3194000-memory.dmp	upx
behavioral2/memory/4900-126-0x00007FF6BF770000-0x00007FF6BFAC4000-memory.dmp	upx
behavioral2/memory/540-117-0x00007FF7ADFA0000-0x00007FF7AE2F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XgzPWVR.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Bmmhxpk.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgmyPri.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WRQPvIO.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkpBLgQ.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PWfKpRF.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJDTTRF.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abYdYSh.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aGeroEy.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDonvIO.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XrrnebP.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DauuIsz.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cUynKAg.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwmKmCA.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQhAfdp.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrlbKYj.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPXIZWP.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KIsALIX.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEoJpUJ.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VusDXzu.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bjTYYTC.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdIahMS.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oRnRoap.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMlcIsJ.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ATJTvPX.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnxMyKn.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TlIWRCO.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JjrQFvJ.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fYTCMRb.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aGtBFgP.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\huVNsQi.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VZfsVag.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NeBVlLs.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFHqVWd.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rlpatON.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AePzOoC.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUObHaA.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\toaAJRg.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sDdIzJV.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQYKgRv.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdFLXvX.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjIrwIH.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Txshjxt.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YfrPklx.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgOpajZ.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YIdPfYt.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxbMfdD.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkpUvDG.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vISOcCN.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zyopEbw.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqjoEOu.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDeOVXL.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hcmvlti.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PyQcgko.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FSVqCzQ.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGUtaOW.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hHjvjkA.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWxhgxs.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BSAnbSu.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYOPHdu.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TALYUDF.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wfFjAAC.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhdZqsO.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmOYLvw.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 4980	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 5004 wrote to memory of 4980	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 5004 wrote to memory of 4500	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 5004 wrote to memory of 4500	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 5004 wrote to memory of 2204	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 5004 wrote to memory of 2204	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 5004 wrote to memory of 2692	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 5004 wrote to memory of 2692	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 5004 wrote to memory of 2176	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 5004 wrote to memory of 2176	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 5004 wrote to memory of 32	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 5004 wrote to memory of 32	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 5004 wrote to memory of 3940	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 5004 wrote to memory of 3940	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 5004 wrote to memory of 2768	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 5004 wrote to memory of 2768	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 5004 wrote to memory of 4900	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 5004 wrote to memory of 4900	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 5004 wrote to memory of 3588	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 5004 wrote to memory of 3588	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 5004 wrote to memory of 2956	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 5004 wrote to memory of 2956	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 5004 wrote to memory of 3168	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 5004 wrote to memory of 3168	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 5004 wrote to memory of 2992	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 5004 wrote to memory of 2992	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 5004 wrote to memory of 4004	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 5004 wrote to memory of 4004	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 5004 wrote to memory of 4012	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 5004 wrote to memory of 4012	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 5004 wrote to memory of 4600	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 5004 wrote to memory of 4600	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 5004 wrote to memory of 3936	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 5004 wrote to memory of 3936	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 5004 wrote to memory of 540	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 5004 wrote to memory of 540	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 5004 wrote to memory of 2924	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 5004 wrote to memory of 2924	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 5004 wrote to memory of 4164	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 5004 wrote to memory of 4164	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 5004 wrote to memory of 4064	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 5004 wrote to memory of 4064	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 5004 wrote to memory of 1048	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 5004 wrote to memory of 1048	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 5004 wrote to memory of 3448	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 5004 wrote to memory of 3448	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 5004 wrote to memory of 744	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 5004 wrote to memory of 744	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 5004 wrote to memory of 2012	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 5004 wrote to memory of 2012	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 5004 wrote to memory of 2720	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 5004 wrote to memory of 2720	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 5004 wrote to memory of 4416	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 5004 wrote to memory of 4416	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 5004 wrote to memory of 1456	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 5004 wrote to memory of 1456	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 5004 wrote to memory of 3184	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 5004 wrote to memory of 3184	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 5004 wrote to memory of 1276	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 5004 wrote to memory of 1276	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 5004 wrote to memory of 1044	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 5004 wrote to memory of 1044	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 5004 wrote to memory of 1688	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 5004 wrote to memory of 1688	5004	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Windows\System\dNwdoVA.exe
  C:\Windows\System\dNwdoVA.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\yXxwwOb.exe
  C:\Windows\System\yXxwwOb.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\CYpcdGG.exe
  C:\Windows\System\CYpcdGG.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\VsoXstz.exe
  C:\Windows\System\VsoXstz.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\zyDlOKx.exe
  C:\Windows\System\zyDlOKx.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\rWxgrEt.exe
  C:\Windows\System\rWxgrEt.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System\qVQGcdU.exe
  C:\Windows\System\qVQGcdU.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\VUIfqDs.exe
  C:\Windows\System\VUIfqDs.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\KgNJWZS.exe
  C:\Windows\System\KgNJWZS.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\YrlbKYj.exe
  C:\Windows\System\YrlbKYj.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\IvjgTHA.exe
  C:\Windows\System\IvjgTHA.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\QHWUVAb.exe
  C:\Windows\System\QHWUVAb.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\pPwFdqo.exe
  C:\Windows\System\pPwFdqo.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\kcYBeWD.exe
  C:\Windows\System\kcYBeWD.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\FWVVYts.exe
  C:\Windows\System\FWVVYts.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\pxtkBhT.exe
  C:\Windows\System\pxtkBhT.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\qjRigMm.exe
  C:\Windows\System\qjRigMm.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\eibFZwJ.exe
  C:\Windows\System\eibFZwJ.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\sCJPJvY.exe
  C:\Windows\System\sCJPJvY.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\DLaBNSQ.exe
  C:\Windows\System\DLaBNSQ.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\pouWDon.exe
  C:\Windows\System\pouWDon.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\qqKfFvM.exe
  C:\Windows\System\qqKfFvM.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\xnHuvor.exe
  C:\Windows\System\xnHuvor.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\nNqjDlG.exe
  C:\Windows\System\nNqjDlG.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\rNFQAjS.exe
  C:\Windows\System\rNFQAjS.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\SAqRsHA.exe
  C:\Windows\System\SAqRsHA.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\MlHICRR.exe
  C:\Windows\System\MlHICRR.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\Bmmhxpk.exe
  C:\Windows\System\Bmmhxpk.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\yPRZboG.exe
  C:\Windows\System\yPRZboG.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\qEGXbHv.exe
  C:\Windows\System\qEGXbHv.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\hNhPlHU.exe
  C:\Windows\System\hNhPlHU.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\OSAJyZJ.exe
  C:\Windows\System\OSAJyZJ.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\VoxdPPM.exe
  C:\Windows\System\VoxdPPM.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\IwfXURr.exe
  C:\Windows\System\IwfXURr.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\AcxGvtO.exe
  C:\Windows\System\AcxGvtO.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\CNqIpkt.exe
  C:\Windows\System\CNqIpkt.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\zCGCUHR.exe
  C:\Windows\System\zCGCUHR.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\XhdZqsO.exe
  C:\Windows\System\XhdZqsO.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\qlyvszJ.exe
  C:\Windows\System\qlyvszJ.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\elzUtmv.exe
  C:\Windows\System\elzUtmv.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\lkUBRZY.exe
  C:\Windows\System\lkUBRZY.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\Wplcjgr.exe
  C:\Windows\System\Wplcjgr.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\hTcBrJw.exe
  C:\Windows\System\hTcBrJw.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\uzUNijC.exe
  C:\Windows\System\uzUNijC.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\APuIoDN.exe
  C:\Windows\System\APuIoDN.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\AhsfDtZ.exe
  C:\Windows\System\AhsfDtZ.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\ONroViE.exe
  C:\Windows\System\ONroViE.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\XmuFHNz.exe
  C:\Windows\System\XmuFHNz.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\eLMsiOw.exe
  C:\Windows\System\eLMsiOw.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\rmzGLYI.exe
  C:\Windows\System\rmzGLYI.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\VeEYPkF.exe
  C:\Windows\System\VeEYPkF.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\tCedatt.exe
  C:\Windows\System\tCedatt.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\vAfTrYp.exe
  C:\Windows\System\vAfTrYp.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\SqvBnqj.exe
  C:\Windows\System\SqvBnqj.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\NHWjOwS.exe
  C:\Windows\System\NHWjOwS.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\LGbaJKx.exe
  C:\Windows\System\LGbaJKx.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\FjvbEjE.exe
  C:\Windows\System\FjvbEjE.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\hyKhhtm.exe
  C:\Windows\System\hyKhhtm.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\PIszTcP.exe
  C:\Windows\System\PIszTcP.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\Frfoozk.exe
  C:\Windows\System\Frfoozk.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\geBnfya.exe
  C:\Windows\System\geBnfya.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\xYEeoQI.exe
  C:\Windows\System\xYEeoQI.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\mKfQiYW.exe
  C:\Windows\System\mKfQiYW.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\DVGxSXc.exe
  C:\Windows\System\DVGxSXc.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\lSRGlku.exe
  C:\Windows\System\lSRGlku.exe
  2⤵
  PID:2936
- C:\Windows\System\lshIRnn.exe
  C:\Windows\System\lshIRnn.exe
  2⤵
  PID:1052
- C:\Windows\System\AwOCXgS.exe
  C:\Windows\System\AwOCXgS.exe
  2⤵
  PID:2756
- C:\Windows\System\ctCuUes.exe
  C:\Windows\System\ctCuUes.exe
  2⤵
  PID:3892
- C:\Windows\System\lwQuSHy.exe
  C:\Windows\System\lwQuSHy.exe
  2⤵
  PID:1900
- C:\Windows\System\bbTrTnE.exe
  C:\Windows\System\bbTrTnE.exe
  2⤵
  PID:1060
- C:\Windows\System\xgqPCnR.exe
  C:\Windows\System\xgqPCnR.exe
  2⤵
  PID:3412
- C:\Windows\System\MjJJAst.exe
  C:\Windows\System\MjJJAst.exe
  2⤵
  PID:5148
- C:\Windows\System\aUObHaA.exe
  C:\Windows\System\aUObHaA.exe
  2⤵
  PID:5176
- C:\Windows\System\fdaYGlE.exe
  C:\Windows\System\fdaYGlE.exe
  2⤵
  PID:5204
- C:\Windows\System\lelubRK.exe
  C:\Windows\System\lelubRK.exe
  2⤵
  PID:5232
- C:\Windows\System\zhLRtkZ.exe
  C:\Windows\System\zhLRtkZ.exe
  2⤵
  PID:5260
- C:\Windows\System\ZatIXrm.exe
  C:\Windows\System\ZatIXrm.exe
  2⤵
  PID:5288
- C:\Windows\System\EmlwUBl.exe
  C:\Windows\System\EmlwUBl.exe
  2⤵
  PID:5316
- C:\Windows\System\nSpuTZP.exe
  C:\Windows\System\nSpuTZP.exe
  2⤵
  PID:5344
- C:\Windows\System\ixBLvpk.exe
  C:\Windows\System\ixBLvpk.exe
  2⤵
  PID:5384
- C:\Windows\System\IcXJRNx.exe
  C:\Windows\System\IcXJRNx.exe
  2⤵
  PID:5412
- C:\Windows\System\YsWuceJ.exe
  C:\Windows\System\YsWuceJ.exe
  2⤵
  PID:5428
- C:\Windows\System\IUWVvbr.exe
  C:\Windows\System\IUWVvbr.exe
  2⤵
  PID:5460
- C:\Windows\System\dDivDFt.exe
  C:\Windows\System\dDivDFt.exe
  2⤵
  PID:5496
- C:\Windows\System\hypFxdH.exe
  C:\Windows\System\hypFxdH.exe
  2⤵
  PID:5512
- C:\Windows\System\ozUTxTF.exe
  C:\Windows\System\ozUTxTF.exe
  2⤵
  PID:5540
- C:\Windows\System\rElqpPH.exe
  C:\Windows\System\rElqpPH.exe
  2⤵
  PID:5568
- C:\Windows\System\eRpzzPY.exe
  C:\Windows\System\eRpzzPY.exe
  2⤵
  PID:5596
- C:\Windows\System\OCmxKyL.exe
  C:\Windows\System\OCmxKyL.exe
  2⤵
  PID:5624
- C:\Windows\System\FfiVTOv.exe
  C:\Windows\System\FfiVTOv.exe
  2⤵
  PID:5652
- C:\Windows\System\KNAoONp.exe
  C:\Windows\System\KNAoONp.exe
  2⤵
  PID:5680
- C:\Windows\System\OVYJWKN.exe
  C:\Windows\System\OVYJWKN.exe
  2⤵
  PID:5720
- C:\Windows\System\KTYjzWA.exe
  C:\Windows\System\KTYjzWA.exe
  2⤵
  PID:5748
- C:\Windows\System\IDkFmAF.exe
  C:\Windows\System\IDkFmAF.exe
  2⤵
  PID:5776
- C:\Windows\System\AhoNEkV.exe
  C:\Windows\System\AhoNEkV.exe
  2⤵
  PID:5804
- C:\Windows\System\tWEdBhp.exe
  C:\Windows\System\tWEdBhp.exe
  2⤵
  PID:5832
- C:\Windows\System\yvETquY.exe
  C:\Windows\System\yvETquY.exe
  2⤵
  PID:5860
- C:\Windows\System\hoZxoma.exe
  C:\Windows\System\hoZxoma.exe
  2⤵
  PID:5888
- C:\Windows\System\LnpLwLK.exe
  C:\Windows\System\LnpLwLK.exe
  2⤵
  PID:5904
- C:\Windows\System\txhbDgI.exe
  C:\Windows\System\txhbDgI.exe
  2⤵
  PID:5932
- C:\Windows\System\YtjbFuO.exe
  C:\Windows\System\YtjbFuO.exe
  2⤵
  PID:5960
- C:\Windows\System\AIYNriL.exe
  C:\Windows\System\AIYNriL.exe
  2⤵
  PID:5988
- C:\Windows\System\MFvXmtF.exe
  C:\Windows\System\MFvXmtF.exe
  2⤵
  PID:6016
- C:\Windows\System\DfuMZXI.exe
  C:\Windows\System\DfuMZXI.exe
  2⤵
  PID:6044
- C:\Windows\System\NUkPtYW.exe
  C:\Windows\System\NUkPtYW.exe
  2⤵
  PID:6072
- C:\Windows\System\IVmBgXS.exe
  C:\Windows\System\IVmBgXS.exe
  2⤵
  PID:6100
- C:\Windows\System\GfFDLFH.exe
  C:\Windows\System\GfFDLFH.exe
  2⤵
  PID:6132
- C:\Windows\System\zBARpEb.exe
  C:\Windows\System\zBARpEb.exe
  2⤵
  PID:4412
- C:\Windows\System\huhucwe.exe
  C:\Windows\System\huhucwe.exe
  2⤵
  PID:1692
- C:\Windows\System\iooxFxs.exe
  C:\Windows\System\iooxFxs.exe
  2⤵
  PID:1732
- C:\Windows\System\xkDJeyN.exe
  C:\Windows\System\xkDJeyN.exe
  2⤵
  PID:3856
- C:\Windows\System\zQuUevp.exe
  C:\Windows\System\zQuUevp.exe
  2⤵
  PID:2716
- C:\Windows\System\QuSXYet.exe
  C:\Windows\System\QuSXYet.exe
  2⤵
  PID:5168
- C:\Windows\System\DbQFtOn.exe
  C:\Windows\System\DbQFtOn.exe
  2⤵
  PID:5256
- C:\Windows\System\vAUofRP.exe
  C:\Windows\System\vAUofRP.exe
  2⤵
  PID:5300
- C:\Windows\System\EhDoSzk.exe
  C:\Windows\System\EhDoSzk.exe
  2⤵
  PID:5360
- C:\Windows\System\zQCBtnK.exe
  C:\Windows\System\zQCBtnK.exe
  2⤵
  PID:5452
- C:\Windows\System\UlWCwlq.exe
  C:\Windows\System\UlWCwlq.exe
  2⤵
  PID:5524
- C:\Windows\System\WsQCoYe.exe
  C:\Windows\System\WsQCoYe.exe
  2⤵
  PID:5584
- C:\Windows\System\cdYIvcm.exe
  C:\Windows\System\cdYIvcm.exe
  2⤵
  PID:5616
- C:\Windows\System\vwQztvx.exe
  C:\Windows\System\vwQztvx.exe
  2⤵
  PID:5692
- C:\Windows\System\HjnJZqC.exe
  C:\Windows\System\HjnJZqC.exe
  2⤵
  PID:5760
- C:\Windows\System\tdFLXvX.exe
  C:\Windows\System\tdFLXvX.exe
  2⤵
  PID:5828
- C:\Windows\System\IzMLLWA.exe
  C:\Windows\System\IzMLLWA.exe
  2⤵
  PID:5880
- C:\Windows\System\duKmeZT.exe
  C:\Windows\System\duKmeZT.exe
  2⤵
  PID:5980
- C:\Windows\System\ykJbOet.exe
  C:\Windows\System\ykJbOet.exe
  2⤵
  PID:6012
- C:\Windows\System\SkbOOkV.exe
  C:\Windows\System\SkbOOkV.exe
  2⤵
  PID:6084
- C:\Windows\System\yCWFJlt.exe
  C:\Windows\System\yCWFJlt.exe
  2⤵
  PID:1656
- C:\Windows\System\vMhthXf.exe
  C:\Windows\System\vMhthXf.exe
  2⤵
  PID:4176
- C:\Windows\System\nrKncdJ.exe
  C:\Windows\System\nrKncdJ.exe
  2⤵
  PID:5140
- C:\Windows\System\eiwkSmR.exe
  C:\Windows\System\eiwkSmR.exe
  2⤵
  PID:5276
- C:\Windows\System\TMDWAhN.exe
  C:\Windows\System\TMDWAhN.exe
  2⤵
  PID:5424
- C:\Windows\System\NFaHkJJ.exe
  C:\Windows\System\NFaHkJJ.exe
  2⤵
  PID:5644
- C:\Windows\System\BwQXOsb.exe
  C:\Windows\System\BwQXOsb.exe
  2⤵
  PID:5732
- C:\Windows\System\mgmyPri.exe
  C:\Windows\System\mgmyPri.exe
  2⤵
  PID:5876
- C:\Windows\System\nRGmqZY.exe
  C:\Windows\System\nRGmqZY.exe
  2⤵
  PID:6112
- C:\Windows\System\EUiQLWa.exe
  C:\Windows\System\EUiQLWa.exe
  2⤵
  PID:6160
- C:\Windows\System\YdcpwiE.exe
  C:\Windows\System\YdcpwiE.exe
  2⤵
  PID:6188
- C:\Windows\System\aGeroEy.exe
  C:\Windows\System\aGeroEy.exe
  2⤵
  PID:6212
- C:\Windows\System\OcvgnWq.exe
  C:\Windows\System\OcvgnWq.exe
  2⤵
  PID:6244
- C:\Windows\System\rpLoedZ.exe
  C:\Windows\System\rpLoedZ.exe
  2⤵
  PID:6272
- C:\Windows\System\VZfsVag.exe
  C:\Windows\System\VZfsVag.exe
  2⤵
  PID:6300
- C:\Windows\System\qfOAyQa.exe
  C:\Windows\System\qfOAyQa.exe
  2⤵
  PID:6328
- C:\Windows\System\tTAeuxX.exe
  C:\Windows\System\tTAeuxX.exe
  2⤵
  PID:6356
- C:\Windows\System\PeeFFsh.exe
  C:\Windows\System\PeeFFsh.exe
  2⤵
  PID:6396
- C:\Windows\System\OcRzJJL.exe
  C:\Windows\System\OcRzJJL.exe
  2⤵
  PID:6424
- C:\Windows\System\vFkTKwk.exe
  C:\Windows\System\vFkTKwk.exe
  2⤵
  PID:6440
- C:\Windows\System\QrkLxru.exe
  C:\Windows\System\QrkLxru.exe
  2⤵
  PID:6468
- C:\Windows\System\VusDXzu.exe
  C:\Windows\System\VusDXzu.exe
  2⤵
  PID:6496
- C:\Windows\System\jUIULpq.exe
  C:\Windows\System\jUIULpq.exe
  2⤵
  PID:6524
- C:\Windows\System\ChOvvZv.exe
  C:\Windows\System\ChOvvZv.exe
  2⤵
  PID:6552
- C:\Windows\System\BwRmAxs.exe
  C:\Windows\System\BwRmAxs.exe
  2⤵
  PID:6580
- C:\Windows\System\bUmEmDc.exe
  C:\Windows\System\bUmEmDc.exe
  2⤵
  PID:6620
- C:\Windows\System\PeLkIdo.exe
  C:\Windows\System\PeLkIdo.exe
  2⤵
  PID:6648
- C:\Windows\System\AXRIqiG.exe
  C:\Windows\System\AXRIqiG.exe
  2⤵
  PID:6664
- C:\Windows\System\YJQGJqZ.exe
  C:\Windows\System\YJQGJqZ.exe
  2⤵
  PID:6704
- C:\Windows\System\wvfEstQ.exe
  C:\Windows\System\wvfEstQ.exe
  2⤵
  PID:6732
- C:\Windows\System\bjTYYTC.exe
  C:\Windows\System\bjTYYTC.exe
  2⤵
  PID:6760
- C:\Windows\System\ZfZYbgS.exe
  C:\Windows\System\ZfZYbgS.exe
  2⤵
  PID:6776
- C:\Windows\System\sQJwCZw.exe
  C:\Windows\System\sQJwCZw.exe
  2⤵
  PID:6816
- C:\Windows\System\ATJTvPX.exe
  C:\Windows\System\ATJTvPX.exe
  2⤵
  PID:6832
- C:\Windows\System\YPEJdAX.exe
  C:\Windows\System\YPEJdAX.exe
  2⤵
  PID:6860
- C:\Windows\System\GdMCRdI.exe
  C:\Windows\System\GdMCRdI.exe
  2⤵
  PID:6888
- C:\Windows\System\iCDAQTT.exe
  C:\Windows\System\iCDAQTT.exe
  2⤵
  PID:6916
- C:\Windows\System\wkpUvDG.exe
  C:\Windows\System\wkpUvDG.exe
  2⤵
  PID:6944
- C:\Windows\System\OzqeHvA.exe
  C:\Windows\System\OzqeHvA.exe
  2⤵
  PID:6972
- C:\Windows\System\nCyQyvO.exe
  C:\Windows\System\nCyQyvO.exe
  2⤵
  PID:7012
- C:\Windows\System\jNRXnFS.exe
  C:\Windows\System\jNRXnFS.exe
  2⤵
  PID:7040
- C:\Windows\System\hxjKksE.exe
  C:\Windows\System\hxjKksE.exe
  2⤵
  PID:7056
- C:\Windows\System\BTsieaf.exe
  C:\Windows\System\BTsieaf.exe
  2⤵
  PID:7096
- C:\Windows\System\rVrLlyY.exe
  C:\Windows\System\rVrLlyY.exe
  2⤵
  PID:7124
- C:\Windows\System\VgHfvHh.exe
  C:\Windows\System\VgHfvHh.exe
  2⤵
  PID:7152
- C:\Windows\System\BcdLWSk.exe
  C:\Windows\System\BcdLWSk.exe
  2⤵
  PID:6140
- C:\Windows\System\RDuhCwv.exe
  C:\Windows\System\RDuhCwv.exe
  2⤵
  PID:5132
- C:\Windows\System\RnuEyob.exe
  C:\Windows\System\RnuEyob.exe
  2⤵
  PID:5608
- C:\Windows\System\jAtexhV.exe
  C:\Windows\System\jAtexhV.exe
  2⤵
  PID:5816
- C:\Windows\System\EqDwakf.exe
  C:\Windows\System\EqDwakf.exe
  2⤵
  PID:6172
- C:\Windows\System\SuhoASJ.exe
  C:\Windows\System\SuhoASJ.exe
  2⤵
  PID:6256
- C:\Windows\System\IUXApKn.exe
  C:\Windows\System\IUXApKn.exe
  2⤵
  PID:6320
- C:\Windows\System\LvGoUhz.exe
  C:\Windows\System\LvGoUhz.exe
  2⤵
  PID:6344
- C:\Windows\System\qiZassK.exe
  C:\Windows\System\qiZassK.exe
  2⤵
  PID:6412
- C:\Windows\System\YxTZYmN.exe
  C:\Windows\System\YxTZYmN.exe
  2⤵
  PID:6480
- C:\Windows\System\YibJZnp.exe
  C:\Windows\System\YibJZnp.exe
  2⤵
  PID:6516
- C:\Windows\System\sPGtfXd.exe
  C:\Windows\System\sPGtfXd.exe
  2⤵
  PID:6592
- C:\Windows\System\qKvIVtH.exe
  C:\Windows\System\qKvIVtH.exe
  2⤵
  PID:6640
- C:\Windows\System\JrTsncV.exe
  C:\Windows\System\JrTsncV.exe
  2⤵
  PID:6724
- C:\Windows\System\ORCrcuy.exe
  C:\Windows\System\ORCrcuy.exe
  2⤵
  PID:6808
- C:\Windows\System\NDjfanc.exe
  C:\Windows\System\NDjfanc.exe
  2⤵
  PID:6852
- C:\Windows\System\tRrpSsy.exe
  C:\Windows\System\tRrpSsy.exe
  2⤵
  PID:6936
- C:\Windows\System\HUvoMar.exe
  C:\Windows\System\HUvoMar.exe
  2⤵
  PID:6968
- C:\Windows\System\bQNLqXV.exe
  C:\Windows\System\bQNLqXV.exe
  2⤵
  PID:7032
- C:\Windows\System\YlrUeQx.exe
  C:\Windows\System\YlrUeQx.exe
  2⤵
  PID:7104
- C:\Windows\System\GunpUAA.exe
  C:\Windows\System\GunpUAA.exe
  2⤵
  PID:7164
- C:\Windows\System\MuDpsgp.exe
  C:\Windows\System\MuDpsgp.exe
  2⤵
  PID:5564
- C:\Windows\System\unptycy.exe
  C:\Windows\System\unptycy.exe
  2⤵
  PID:6204
- C:\Windows\System\IPpDyXG.exe
  C:\Windows\System\IPpDyXG.exe
  2⤵
  PID:2412
- C:\Windows\System\pxkomLu.exe
  C:\Windows\System\pxkomLu.exe
  2⤵
  PID:6456
- C:\Windows\System\vdmFjsS.exe
  C:\Windows\System\vdmFjsS.exe
  2⤵
  PID:4664
- C:\Windows\System\Mxcybxq.exe
  C:\Windows\System\Mxcybxq.exe
  2⤵
  PID:6800
- C:\Windows\System\AiwTGLG.exe
  C:\Windows\System\AiwTGLG.exe
  2⤵
  PID:6904
- C:\Windows\System\wpfKhYM.exe
  C:\Windows\System\wpfKhYM.exe
  2⤵
  PID:7024
- C:\Windows\System\BoCxusG.exe
  C:\Windows\System\BoCxusG.exe
  2⤵
  PID:7160
- C:\Windows\System\tiwomcw.exe
  C:\Windows\System\tiwomcw.exe
  2⤵
  PID:7208
- C:\Windows\System\zroVVbf.exe
  C:\Windows\System\zroVVbf.exe
  2⤵
  PID:7224
- C:\Windows\System\xWUyOjT.exe
  C:\Windows\System\xWUyOjT.exe
  2⤵
  PID:7252
- C:\Windows\System\LNkjGzz.exe
  C:\Windows\System\LNkjGzz.exe
  2⤵
  PID:7280
- C:\Windows\System\mhWrzSe.exe
  C:\Windows\System\mhWrzSe.exe
  2⤵
  PID:7308
- C:\Windows\System\wJYVHqc.exe
  C:\Windows\System\wJYVHqc.exe
  2⤵
  PID:7336
- C:\Windows\System\jMkHoeg.exe
  C:\Windows\System\jMkHoeg.exe
  2⤵
  PID:7352
- C:\Windows\System\vPwEzxw.exe
  C:\Windows\System\vPwEzxw.exe
  2⤵
  PID:7392
- C:\Windows\System\ZFmUjOj.exe
  C:\Windows\System\ZFmUjOj.exe
  2⤵
  PID:7420
- C:\Windows\System\kxkoFAn.exe
  C:\Windows\System\kxkoFAn.exe
  2⤵
  PID:7448
- C:\Windows\System\rBLATGm.exe
  C:\Windows\System\rBLATGm.exe
  2⤵
  PID:7476
- C:\Windows\System\zCycZdv.exe
  C:\Windows\System\zCycZdv.exe
  2⤵
  PID:7504
- C:\Windows\System\SLABYNu.exe
  C:\Windows\System\SLABYNu.exe
  2⤵
  PID:7532
- C:\Windows\System\ulgFGZm.exe
  C:\Windows\System\ulgFGZm.exe
  2⤵
  PID:7560
- C:\Windows\System\cmIQaux.exe
  C:\Windows\System\cmIQaux.exe
  2⤵
  PID:7588
- C:\Windows\System\hKUwOxg.exe
  C:\Windows\System\hKUwOxg.exe
  2⤵
  PID:7620
- C:\Windows\System\ooyAoYm.exe
  C:\Windows\System\ooyAoYm.exe
  2⤵
  PID:7644
- C:\Windows\System\DJONPIJ.exe
  C:\Windows\System\DJONPIJ.exe
  2⤵
  PID:7672
- C:\Windows\System\KgadmtK.exe
  C:\Windows\System\KgadmtK.exe
  2⤵
  PID:7700
- C:\Windows\System\Hohpudg.exe
  C:\Windows\System\Hohpudg.exe
  2⤵
  PID:7728
- C:\Windows\System\SoohAaQ.exe
  C:\Windows\System\SoohAaQ.exe
  2⤵
  PID:7756
- C:\Windows\System\hdiIXmF.exe
  C:\Windows\System\hdiIXmF.exe
  2⤵
  PID:7784
- C:\Windows\System\jHUUMIL.exe
  C:\Windows\System\jHUUMIL.exe
  2⤵
  PID:7812
- C:\Windows\System\zkvurfi.exe
  C:\Windows\System\zkvurfi.exe
  2⤵
  PID:7840
- C:\Windows\System\ExIiIIb.exe
  C:\Windows\System\ExIiIIb.exe
  2⤵
  PID:7856
- C:\Windows\System\nLHPgkm.exe
  C:\Windows\System\nLHPgkm.exe
  2⤵
  PID:7896
- C:\Windows\System\ngnQOXI.exe
  C:\Windows\System\ngnQOXI.exe
  2⤵
  PID:7924
- C:\Windows\System\JfNlGqy.exe
  C:\Windows\System\JfNlGqy.exe
  2⤵
  PID:7952
- C:\Windows\System\UnTryWT.exe
  C:\Windows\System\UnTryWT.exe
  2⤵
  PID:7980
- C:\Windows\System\GtpuBfT.exe
  C:\Windows\System\GtpuBfT.exe
  2⤵
  PID:8008
- C:\Windows\System\rCPLGUK.exe
  C:\Windows\System\rCPLGUK.exe
  2⤵
  PID:8036
- C:\Windows\System\tPmOBfG.exe
  C:\Windows\System\tPmOBfG.exe
  2⤵
  PID:8076
- C:\Windows\System\WmREgkX.exe
  C:\Windows\System\WmREgkX.exe
  2⤵
  PID:8104
- C:\Windows\System\kADqIJO.exe
  C:\Windows\System\kADqIJO.exe
  2⤵
  PID:8120
- C:\Windows\System\cYojwdd.exe
  C:\Windows\System\cYojwdd.exe
  2⤵
  PID:8148
- C:\Windows\System\KHKiSWm.exe
  C:\Windows\System\KHKiSWm.exe
  2⤵
  PID:8176
- C:\Windows\System\CzSZlNc.exe
  C:\Windows\System\CzSZlNc.exe
  2⤵
  PID:2740
- C:\Windows\System\xeNVCww.exe
  C:\Windows\System\xeNVCww.exe
  2⤵
  PID:6436
- C:\Windows\System\YXhbKxE.exe
  C:\Windows\System\YXhbKxE.exe
  2⤵
  PID:6752
- C:\Windows\System\JJeOBWA.exe
  C:\Windows\System\JJeOBWA.exe
  2⤵
  PID:6960
- C:\Windows\System\vvHbooV.exe
  C:\Windows\System\vvHbooV.exe
  2⤵
  PID:7200
- C:\Windows\System\MrTmKhn.exe
  C:\Windows\System\MrTmKhn.exe
  2⤵
  PID:7272
- C:\Windows\System\ASAgJFj.exe
  C:\Windows\System\ASAgJFj.exe
  2⤵
  PID:7328
- C:\Windows\System\YtepHmg.exe
  C:\Windows\System\YtepHmg.exe
  2⤵
  PID:7412
- C:\Windows\System\ioVTqMJ.exe
  C:\Windows\System\ioVTqMJ.exe
  2⤵
  PID:7460
- C:\Windows\System\PEjiHKq.exe
  C:\Windows\System\PEjiHKq.exe
  2⤵
  PID:3496
- C:\Windows\System\mAUQUqo.exe
  C:\Windows\System\mAUQUqo.exe
  2⤵
  PID:7572
- C:\Windows\System\SlAvJCt.exe
  C:\Windows\System\SlAvJCt.exe
  2⤵
  PID:7636
- C:\Windows\System\qEPmGSf.exe
  C:\Windows\System\qEPmGSf.exe
  2⤵
  PID:7688
- C:\Windows\System\mYUhIyh.exe
  C:\Windows\System\mYUhIyh.exe
  2⤵
  PID:7752
- C:\Windows\System\AycDmUL.exe
  C:\Windows\System\AycDmUL.exe
  2⤵
  PID:7808
- C:\Windows\System\OBMohqV.exe
  C:\Windows\System\OBMohqV.exe
  2⤵
  PID:1664
- C:\Windows\System\toaAJRg.exe
  C:\Windows\System\toaAJRg.exe
  2⤵
  PID:7944
- C:\Windows\System\NAonojz.exe
  C:\Windows\System\NAonojz.exe
  2⤵
  PID:8000
- C:\Windows\System\ZYDfDLu.exe
  C:\Windows\System\ZYDfDLu.exe
  2⤵
  PID:8068
- C:\Windows\System\QOkXMTD.exe
  C:\Windows\System\QOkXMTD.exe
  2⤵
  PID:8116
- C:\Windows\System\eHzLLso.exe
  C:\Windows\System\eHzLLso.exe
  2⤵
  PID:8184
- C:\Windows\System\WmCvIYI.exe
  C:\Windows\System\WmCvIYI.exe
  2⤵
  PID:6548
- C:\Windows\System\wriseDN.exe
  C:\Windows\System\wriseDN.exe
  2⤵
  PID:7180
- C:\Windows\System\DAvxcXi.exe
  C:\Windows\System\DAvxcXi.exe
  2⤵
  PID:7304
- C:\Windows\System\rHUgemD.exe
  C:\Windows\System\rHUgemD.exe
  2⤵
  PID:7440
- C:\Windows\System\ZRBMTaO.exe
  C:\Windows\System\ZRBMTaO.exe
  2⤵
  PID:7544
- C:\Windows\System\cDPdnoS.exe
  C:\Windows\System\cDPdnoS.exe
  2⤵
  PID:7664
- C:\Windows\System\tGUtaOW.exe
  C:\Windows\System\tGUtaOW.exe
  2⤵
  PID:7832
- C:\Windows\System\kUiEmMs.exe
  C:\Windows\System\kUiEmMs.exe
  2⤵
  PID:7964
- C:\Windows\System\VzYnaWp.exe
  C:\Windows\System\VzYnaWp.exe
  2⤵
  PID:1960
- C:\Windows\System\qeVhfiK.exe
  C:\Windows\System\qeVhfiK.exe
  2⤵
  PID:6284
- C:\Windows\System\mxYDxFO.exe
  C:\Windows\System\mxYDxFO.exe
  2⤵
  PID:7236
- C:\Windows\System\nDIgkup.exe
  C:\Windows\System\nDIgkup.exe
  2⤵
  PID:7432
- C:\Windows\System\yNsfkPn.exe
  C:\Windows\System\yNsfkPn.exe
  2⤵
  PID:7612
- C:\Windows\System\wHPCWeM.exe
  C:\Windows\System\wHPCWeM.exe
  2⤵
  PID:8212
- C:\Windows\System\TgnwSFC.exe
  C:\Windows\System\TgnwSFC.exe
  2⤵
  PID:8240
- C:\Windows\System\LPwZAsB.exe
  C:\Windows\System\LPwZAsB.exe
  2⤵
  PID:8268
- C:\Windows\System\aWznYHp.exe
  C:\Windows\System\aWznYHp.exe
  2⤵
  PID:8296
- C:\Windows\System\xTmxsdJ.exe
  C:\Windows\System\xTmxsdJ.exe
  2⤵
  PID:8328
- C:\Windows\System\okCBmJo.exe
  C:\Windows\System\okCBmJo.exe
  2⤵
  PID:8352
- C:\Windows\System\QqBdcoq.exe
  C:\Windows\System\QqBdcoq.exe
  2⤵
  PID:8380
- C:\Windows\System\ztEUyce.exe
  C:\Windows\System\ztEUyce.exe
  2⤵
  PID:8408
- C:\Windows\System\DlBykJr.exe
  C:\Windows\System\DlBykJr.exe
  2⤵
  PID:8436
- C:\Windows\System\SyEaJCW.exe
  C:\Windows\System\SyEaJCW.exe
  2⤵
  PID:8464
- C:\Windows\System\YsjffOw.exe
  C:\Windows\System\YsjffOw.exe
  2⤵
  PID:8496
- C:\Windows\System\juimZdu.exe
  C:\Windows\System\juimZdu.exe
  2⤵
  PID:8520
- C:\Windows\System\eFxdmdS.exe
  C:\Windows\System\eFxdmdS.exe
  2⤵
  PID:8548
- C:\Windows\System\kVsXyRW.exe
  C:\Windows\System\kVsXyRW.exe
  2⤵
  PID:8576
- C:\Windows\System\FLSotXV.exe
  C:\Windows\System\FLSotXV.exe
  2⤵
  PID:8604
- C:\Windows\System\uFCTGQL.exe
  C:\Windows\System\uFCTGQL.exe
  2⤵
  PID:8632
- C:\Windows\System\sVZrEbO.exe
  C:\Windows\System\sVZrEbO.exe
  2⤵
  PID:8660
- C:\Windows\System\dUqavPf.exe
  C:\Windows\System\dUqavPf.exe
  2⤵
  PID:8688
- C:\Windows\System\uosoTgB.exe
  C:\Windows\System\uosoTgB.exe
  2⤵
  PID:8716
- C:\Windows\System\WRQPvIO.exe
  C:\Windows\System\WRQPvIO.exe
  2⤵
  PID:8744
- C:\Windows\System\OgVYmZN.exe
  C:\Windows\System\OgVYmZN.exe
  2⤵
  PID:8772
- C:\Windows\System\dovBxcL.exe
  C:\Windows\System\dovBxcL.exe
  2⤵
  PID:8800
- C:\Windows\System\lBmAspw.exe
  C:\Windows\System\lBmAspw.exe
  2⤵
  PID:8832
- C:\Windows\System\tvIVtOG.exe
  C:\Windows\System\tvIVtOG.exe
  2⤵
  PID:8856
- C:\Windows\System\eEKZsSZ.exe
  C:\Windows\System\eEKZsSZ.exe
  2⤵
  PID:8884
- C:\Windows\System\ZOnahXT.exe
  C:\Windows\System\ZOnahXT.exe
  2⤵
  PID:8912
- C:\Windows\System\Ahjcgec.exe
  C:\Windows\System\Ahjcgec.exe
  2⤵
  PID:8944
- C:\Windows\System\NkKrNqQ.exe
  C:\Windows\System\NkKrNqQ.exe
  2⤵
  PID:8968
- C:\Windows\System\rPPsscE.exe
  C:\Windows\System\rPPsscE.exe
  2⤵
  PID:8996
- C:\Windows\System\QbNdxih.exe
  C:\Windows\System\QbNdxih.exe
  2⤵
  PID:9024
- C:\Windows\System\QANTARe.exe
  C:\Windows\System\QANTARe.exe
  2⤵
  PID:9052
- C:\Windows\System\CMNzMog.exe
  C:\Windows\System\CMNzMog.exe
  2⤵
  PID:9080
- C:\Windows\System\qAKjulO.exe
  C:\Windows\System\qAKjulO.exe
  2⤵
  PID:9108
- C:\Windows\System\KFvsvua.exe
  C:\Windows\System\KFvsvua.exe
  2⤵
  PID:9136
- C:\Windows\System\CUDGILa.exe
  C:\Windows\System\CUDGILa.exe
  2⤵
  PID:9164
- C:\Windows\System\CvbJDYm.exe
  C:\Windows\System\CvbJDYm.exe
  2⤵
  PID:9192
- C:\Windows\System\NFTlGuz.exe
  C:\Windows\System\NFTlGuz.exe
  2⤵
  PID:1880
- C:\Windows\System\qpPPJZo.exe
  C:\Windows\System\qpPPJZo.exe
  2⤵
  PID:4436
- C:\Windows\System\ibRWFgd.exe
  C:\Windows\System\ibRWFgd.exe
  2⤵
  PID:8168
- C:\Windows\System\NTVXtKu.exe
  C:\Windows\System\NTVXtKu.exe
  2⤵
  PID:1228
- C:\Windows\System\HDDYKeZ.exe
  C:\Windows\System\HDDYKeZ.exe
  2⤵
  PID:7608
- C:\Windows\System\bqtKpdk.exe
  C:\Windows\System\bqtKpdk.exe
  2⤵
  PID:4652
- C:\Windows\System\ZNYhprm.exe
  C:\Windows\System\ZNYhprm.exe
  2⤵
  PID:8288
- C:\Windows\System\RdIMNVB.exe
  C:\Windows\System\RdIMNVB.exe
  2⤵
  PID:8364
- C:\Windows\System\uNqBkoC.exe
  C:\Windows\System\uNqBkoC.exe
  2⤵
  PID:8420
- C:\Windows\System\yjXlNvw.exe
  C:\Windows\System\yjXlNvw.exe
  2⤵
  PID:8476
- C:\Windows\System\BpIYnRI.exe
  C:\Windows\System\BpIYnRI.exe
  2⤵
  PID:8532
- C:\Windows\System\pANewLL.exe
  C:\Windows\System\pANewLL.exe
  2⤵
  PID:8596
- C:\Windows\System\egmvIGg.exe
  C:\Windows\System\egmvIGg.exe
  2⤵
  PID:8676
- C:\Windows\System\EaKZqPX.exe
  C:\Windows\System\EaKZqPX.exe
  2⤵
  PID:8732
- C:\Windows\System\MlJntUh.exe
  C:\Windows\System\MlJntUh.exe
  2⤵
  PID:8792
- C:\Windows\System\lmpAVIp.exe
  C:\Windows\System\lmpAVIp.exe
  2⤵
  PID:8872
- C:\Windows\System\RAhgDiP.exe
  C:\Windows\System\RAhgDiP.exe
  2⤵
  PID:8932
- C:\Windows\System\AjGOwFR.exe
  C:\Windows\System\AjGOwFR.exe
  2⤵
  PID:8988
- C:\Windows\System\LVavgCo.exe
  C:\Windows\System\LVavgCo.exe
  2⤵
  PID:9064
- C:\Windows\System\pnTZpJM.exe
  C:\Windows\System\pnTZpJM.exe
  2⤵
  PID:9128
- C:\Windows\System\pNxSEkx.exe
  C:\Windows\System\pNxSEkx.exe
  2⤵
  PID:9184
- C:\Windows\System\sDdIzJV.exe
  C:\Windows\System\sDdIzJV.exe
  2⤵
  PID:8052
- C:\Windows\System\GxtwysP.exe
  C:\Windows\System\GxtwysP.exe
  2⤵
  PID:7516
- C:\Windows\System\IfqflEP.exe
  C:\Windows\System\IfqflEP.exe
  2⤵
  PID:8280
- C:\Windows\System\SYPneis.exe
  C:\Windows\System\SYPneis.exe
  2⤵
  PID:8376
- C:\Windows\System\OVJkYjZ.exe
  C:\Windows\System\OVJkYjZ.exe
  2⤵
  PID:8512
- C:\Windows\System\GCvrYJB.exe
  C:\Windows\System\GCvrYJB.exe
  2⤵
  PID:8648
- C:\Windows\System\XHIcOJd.exe
  C:\Windows\System\XHIcOJd.exe
  2⤵
  PID:8784
- C:\Windows\System\CSJHXlk.exe
  C:\Windows\System\CSJHXlk.exe
  2⤵
  PID:8960
- C:\Windows\System\aoqUaGH.exe
  C:\Windows\System\aoqUaGH.exe
  2⤵
  PID:9092
- C:\Windows\System\fYyenzE.exe
  C:\Windows\System\fYyenzE.exe
  2⤵
  PID:7908
- C:\Windows\System\QBPDrha.exe
  C:\Windows\System\QBPDrha.exe
  2⤵
  PID:3740
- C:\Windows\System\xYdSbJi.exe
  C:\Windows\System\xYdSbJi.exe
  2⤵
  PID:8448
- C:\Windows\System\evhvxje.exe
  C:\Windows\System\evhvxje.exe
  2⤵
  PID:8764
- C:\Windows\System\mlQDHiS.exe
  C:\Windows\System\mlQDHiS.exe
  2⤵
  PID:9224
- C:\Windows\System\GAXaCVV.exe
  C:\Windows\System\GAXaCVV.exe
  2⤵
  PID:9256
- C:\Windows\System\uMDWCmI.exe
  C:\Windows\System\uMDWCmI.exe
  2⤵
  PID:9280
- C:\Windows\System\BkutlPh.exe
  C:\Windows\System\BkutlPh.exe
  2⤵
  PID:9308
- C:\Windows\System\izMazdA.exe
  C:\Windows\System\izMazdA.exe
  2⤵
  PID:9336
- C:\Windows\System\oEAMhZL.exe
  C:\Windows\System\oEAMhZL.exe
  2⤵
  PID:9364
- C:\Windows\System\qcFNOKg.exe
  C:\Windows\System\qcFNOKg.exe
  2⤵
  PID:9392
- C:\Windows\System\LzGbZsF.exe
  C:\Windows\System\LzGbZsF.exe
  2⤵
  PID:9420
- C:\Windows\System\pyhsUXL.exe
  C:\Windows\System\pyhsUXL.exe
  2⤵
  PID:9448
- C:\Windows\System\mDXtiSc.exe
  C:\Windows\System\mDXtiSc.exe
  2⤵
  PID:9476
- C:\Windows\System\JKZzfYS.exe
  C:\Windows\System\JKZzfYS.exe
  2⤵
  PID:9504
- C:\Windows\System\ODGWvTa.exe
  C:\Windows\System\ODGWvTa.exe
  2⤵
  PID:9536
- C:\Windows\System\auMrwcp.exe
  C:\Windows\System\auMrwcp.exe
  2⤵
  PID:9560
- C:\Windows\System\JbAZxPB.exe
  C:\Windows\System\JbAZxPB.exe
  2⤵
  PID:9588
- C:\Windows\System\bmgYovT.exe
  C:\Windows\System\bmgYovT.exe
  2⤵
  PID:9616
- C:\Windows\System\XZfvnlA.exe
  C:\Windows\System\XZfvnlA.exe
  2⤵
  PID:9644
- C:\Windows\System\UvEiqud.exe
  C:\Windows\System\UvEiqud.exe
  2⤵
  PID:9672
- C:\Windows\System\WxofJir.exe
  C:\Windows\System\WxofJir.exe
  2⤵
  PID:9700
- C:\Windows\System\aanVBCL.exe
  C:\Windows\System\aanVBCL.exe
  2⤵
  PID:9728
- C:\Windows\System\foeJzNj.exe
  C:\Windows\System\foeJzNj.exe
  2⤵
  PID:9756
- C:\Windows\System\mDeQNVE.exe
  C:\Windows\System\mDeQNVE.exe
  2⤵
  PID:9784
- C:\Windows\System\WlrSsVZ.exe
  C:\Windows\System\WlrSsVZ.exe
  2⤵
  PID:9808
- C:\Windows\System\EJPzNYA.exe
  C:\Windows\System\EJPzNYA.exe
  2⤵
  PID:9828
- C:\Windows\System\mkpBLgQ.exe
  C:\Windows\System\mkpBLgQ.exe
  2⤵
  PID:9856
- C:\Windows\System\rBeWdrE.exe
  C:\Windows\System\rBeWdrE.exe
  2⤵
  PID:9896
- C:\Windows\System\HfFEjwW.exe
  C:\Windows\System\HfFEjwW.exe
  2⤵
  PID:9924
- C:\Windows\System\NeBVlLs.exe
  C:\Windows\System\NeBVlLs.exe
  2⤵
  PID:9952
- C:\Windows\System\rdIahMS.exe
  C:\Windows\System\rdIahMS.exe
  2⤵
  PID:9976
- C:\Windows\System\NNzBxik.exe
  C:\Windows\System\NNzBxik.exe
  2⤵
  PID:10004
- C:\Windows\System\VIkfTtp.exe
  C:\Windows\System\VIkfTtp.exe
  2⤵
  PID:10108
- C:\Windows\System\driRxtd.exe
  C:\Windows\System\driRxtd.exe
  2⤵
  PID:10144
- C:\Windows\System\krHOqSn.exe
  C:\Windows\System\krHOqSn.exe
  2⤵
  PID:10164
- C:\Windows\System\TrLWMvl.exe
  C:\Windows\System\TrLWMvl.exe
  2⤵
  PID:10204
- C:\Windows\System\ulDHkbr.exe
  C:\Windows\System\ulDHkbr.exe
  2⤵
  PID:8588
- C:\Windows\System\xjIrwIH.exe
  C:\Windows\System\xjIrwIH.exe
  2⤵
  PID:9264
- C:\Windows\System\uFyYNpl.exe
  C:\Windows\System\uFyYNpl.exe
  2⤵
  PID:1528
- C:\Windows\System\bJZoisf.exe
  C:\Windows\System\bJZoisf.exe
  2⤵
  PID:9432
- C:\Windows\System\NbxmBim.exe
  C:\Windows\System\NbxmBim.exe
  2⤵
  PID:9460
- C:\Windows\System\rETPoFE.exe
  C:\Windows\System\rETPoFE.exe
  2⤵
  PID:4220
- C:\Windows\System\nZLUsEq.exe
  C:\Windows\System\nZLUsEq.exe
  2⤵
  PID:2972
- C:\Windows\System\RilJcwQ.exe
  C:\Windows\System\RilJcwQ.exe
  2⤵
  PID:4084
- C:\Windows\System\YEeUwAl.exe
  C:\Windows\System\YEeUwAl.exe
  2⤵
  PID:9744
- C:\Windows\System\NEOQxXy.exe
  C:\Windows\System\NEOQxXy.exe
  2⤵
  PID:9804
- C:\Windows\System\GsvDJjJ.exe
  C:\Windows\System\GsvDJjJ.exe
  2⤵
  PID:9824
- C:\Windows\System\eyLUQgA.exe
  C:\Windows\System\eyLUQgA.exe
  2⤵
  PID:992
- C:\Windows\System\ynaKcGX.exe
  C:\Windows\System\ynaKcGX.exe
  2⤵
  PID:9920
- C:\Windows\System\bvLnNXi.exe
  C:\Windows\System\bvLnNXi.exe
  2⤵
  PID:756
- C:\Windows\System\KybdjJN.exe
  C:\Windows\System\KybdjJN.exe
  2⤵
  PID:4216
- C:\Windows\System\UPjcGJF.exe
  C:\Windows\System\UPjcGJF.exe
  2⤵
  PID:2300
- C:\Windows\System\oENdshA.exe
  C:\Windows\System\oENdshA.exe
  2⤵
  PID:3228
- C:\Windows\System\MoUVhiA.exe
  C:\Windows\System\MoUVhiA.exe
  2⤵
  PID:3876
- C:\Windows\System\mSEgVFl.exe
  C:\Windows\System\mSEgVFl.exe
  2⤵
  PID:2332
- C:\Windows\System\vUbUciv.exe
  C:\Windows\System\vUbUciv.exe
  2⤵
  PID:10000
- C:\Windows\System\UoWEgcM.exe
  C:\Windows\System\UoWEgcM.exe
  2⤵
  PID:2852
- C:\Windows\System\VtAZxuA.exe
  C:\Windows\System\VtAZxuA.exe
  2⤵
  PID:636
- C:\Windows\System\IvUAmDB.exe
  C:\Windows\System\IvUAmDB.exe
  2⤵
  PID:2984
- C:\Windows\System\aJdUXqR.exe
  C:\Windows\System\aJdUXqR.exe
  2⤵
  PID:3052
- C:\Windows\System\DccyqIc.exe
  C:\Windows\System\DccyqIc.exe
  2⤵
  PID:8760
- C:\Windows\System\afdGvmH.exe
  C:\Windows\System\afdGvmH.exe
  2⤵
  PID:9328
- C:\Windows\System\EzunwLm.exe
  C:\Windows\System\EzunwLm.exe
  2⤵
  PID:9496
- C:\Windows\System\vTAaSbu.exe
  C:\Windows\System\vTAaSbu.exe
  2⤵
  PID:4668
- C:\Windows\System\wkitwio.exe
  C:\Windows\System\wkitwio.exe
  2⤵
  PID:9800
- C:\Windows\System\NnFyuJh.exe
  C:\Windows\System\NnFyuJh.exe
  2⤵
  PID:1352
- C:\Windows\System\FXBfMEf.exe
  C:\Windows\System\FXBfMEf.exe
  2⤵
  PID:3928
- C:\Windows\System\qZdnFCG.exe
  C:\Windows\System\qZdnFCG.exe
  2⤵
  PID:3608
- C:\Windows\System\pVzkAyZ.exe
  C:\Windows\System\pVzkAyZ.exe
  2⤵
  PID:2832
- C:\Windows\System\XsrnXta.exe
  C:\Windows\System\XsrnXta.exe
  2⤵
  PID:224
- C:\Windows\System\kdvPGBD.exe
  C:\Windows\System\kdvPGBD.exe
  2⤵
  PID:1544
- C:\Windows\System\MYtsQoe.exe
  C:\Windows\System\MYtsQoe.exe
  2⤵
  PID:10192
- C:\Windows\System\TOpstjc.exe
  C:\Windows\System\TOpstjc.exe
  2⤵
  PID:9488
- C:\Windows\System\RVlAIbt.exe
  C:\Windows\System\RVlAIbt.exe
  2⤵
  PID:1788
- C:\Windows\System\XFuxkeH.exe
  C:\Windows\System\XFuxkeH.exe
  2⤵
  PID:3464
- C:\Windows\System\iCrWzdx.exe
  C:\Windows\System\iCrWzdx.exe
  2⤵
  PID:9656
- C:\Windows\System\xIwnXlr.exe
  C:\Windows\System\xIwnXlr.exe
  2⤵
  PID:4888
- C:\Windows\System\UZqJxBa.exe
  C:\Windows\System\UZqJxBa.exe
  2⤵
  PID:9600
- C:\Windows\System\WQFpxrQ.exe
  C:\Windows\System\WQFpxrQ.exe
  2⤵
  PID:4008
- C:\Windows\System\hqUleUH.exe
  C:\Windows\System\hqUleUH.exe
  2⤵
  PID:2040
- C:\Windows\System\qmusSMt.exe
  C:\Windows\System\qmusSMt.exe
  2⤵
  PID:2656
- C:\Windows\System\czCLneL.exe
  C:\Windows\System\czCLneL.exe
  2⤵
  PID:3812
- C:\Windows\System\NjRHXIG.exe
  C:\Windows\System\NjRHXIG.exe
  2⤵
  PID:2632
- C:\Windows\System\wmnafmW.exe
  C:\Windows\System\wmnafmW.exe
  2⤵
  PID:10264
- C:\Windows\System\zRMFriu.exe
  C:\Windows\System\zRMFriu.exe
  2⤵
  PID:10308
- C:\Windows\System\DqenAWy.exe
  C:\Windows\System\DqenAWy.exe
  2⤵
  PID:10348
- C:\Windows\System\pNIgJXM.exe
  C:\Windows\System\pNIgJXM.exe
  2⤵
  PID:10372
- C:\Windows\System\WYcjjRp.exe
  C:\Windows\System\WYcjjRp.exe
  2⤵
  PID:10432
- C:\Windows\System\hSmyLLb.exe
  C:\Windows\System\hSmyLLb.exe
  2⤵
  PID:10476
- C:\Windows\System\RZXvnEz.exe
  C:\Windows\System\RZXvnEz.exe
  2⤵
  PID:10504
- C:\Windows\System\CuzXlWj.exe
  C:\Windows\System\CuzXlWj.exe
  2⤵
  PID:10532
- C:\Windows\System\fDBUicm.exe
  C:\Windows\System\fDBUicm.exe
  2⤵
  PID:10572
- C:\Windows\System\HqtRnJb.exe
  C:\Windows\System\HqtRnJb.exe
  2⤵
  PID:10588
- C:\Windows\System\xIexzQW.exe
  C:\Windows\System\xIexzQW.exe
  2⤵
  PID:10616
- C:\Windows\System\bruPJJE.exe
  C:\Windows\System\bruPJJE.exe
  2⤵
  PID:10644
- C:\Windows\System\OPPTbGJ.exe
  C:\Windows\System\OPPTbGJ.exe
  2⤵
  PID:10676
- C:\Windows\System\plgNyFV.exe
  C:\Windows\System\plgNyFV.exe
  2⤵
  PID:10696
- C:\Windows\System\JHJhhjl.exe
  C:\Windows\System\JHJhhjl.exe
  2⤵
  PID:10732
- C:\Windows\System\gxwfvGL.exe
  C:\Windows\System\gxwfvGL.exe
  2⤵
  PID:10760
- C:\Windows\System\JbTpZZF.exe
  C:\Windows\System\JbTpZZF.exe
  2⤵
  PID:10776
- C:\Windows\System\GJtzgQn.exe
  C:\Windows\System\GJtzgQn.exe
  2⤵
  PID:10804
- C:\Windows\System\QfkvEJR.exe
  C:\Windows\System\QfkvEJR.exe
  2⤵
  PID:10844
- C:\Windows\System\UPPebpw.exe
  C:\Windows\System\UPPebpw.exe
  2⤵
  PID:10876
- C:\Windows\System\Vzvinia.exe
  C:\Windows\System\Vzvinia.exe
  2⤵
  PID:10908
- C:\Windows\System\eqdoNxr.exe
  C:\Windows\System\eqdoNxr.exe
  2⤵
  PID:10948
- C:\Windows\System\gpFFUrL.exe
  C:\Windows\System\gpFFUrL.exe
  2⤵
  PID:10984
- C:\Windows\System\RkasqnA.exe
  C:\Windows\System\RkasqnA.exe
  2⤵
  PID:11020
- C:\Windows\System\DwHEdaw.exe
  C:\Windows\System\DwHEdaw.exe
  2⤵
  PID:11072
- C:\Windows\System\PWfKpRF.exe
  C:\Windows\System\PWfKpRF.exe
  2⤵
  PID:11128
- C:\Windows\System\ANlLIqH.exe
  C:\Windows\System\ANlLIqH.exe
  2⤵
  PID:11160
- C:\Windows\System\YJkYRcq.exe
  C:\Windows\System\YJkYRcq.exe
  2⤵
  PID:11188
- C:\Windows\System\jhlQFBa.exe
  C:\Windows\System\jhlQFBa.exe
  2⤵
  PID:11216
- C:\Windows\System\LdlCHmU.exe
  C:\Windows\System\LdlCHmU.exe
  2⤵
  PID:11240
- C:\Windows\System\HFBekIU.exe
  C:\Windows\System\HFBekIU.exe
  2⤵
  PID:808
- C:\Windows\System\xCaRabw.exe
  C:\Windows\System\xCaRabw.exe
  2⤵
  PID:10332
- C:\Windows\System\zftTiqD.exe
  C:\Windows\System\zftTiqD.exe
  2⤵
  PID:10400
- C:\Windows\System\SXzVZhe.exe
  C:\Windows\System\SXzVZhe.exe
  2⤵
  PID:10464
- C:\Windows\System\MPeGwCO.exe
  C:\Windows\System\MPeGwCO.exe
  2⤵
  PID:10568
- C:\Windows\System\PQaDoVj.exe
  C:\Windows\System\PQaDoVj.exe
  2⤵
  PID:10612
- C:\Windows\System\jKRPfIe.exe
  C:\Windows\System\jKRPfIe.exe
  2⤵
  PID:10720
- C:\Windows\System\VKsonsC.exe
  C:\Windows\System\VKsonsC.exe
  2⤵
  PID:10792
- C:\Windows\System\gxOuePS.exe
  C:\Windows\System\gxOuePS.exe
  2⤵
  PID:10860
- C:\Windows\System\OhmYnuY.exe
  C:\Windows\System\OhmYnuY.exe
  2⤵
  PID:10900
- C:\Windows\System\KRKmhvZ.exe
  C:\Windows\System\KRKmhvZ.exe
  2⤵
  PID:468
- C:\Windows\System\OwAPbXC.exe
  C:\Windows\System\OwAPbXC.exe
  2⤵
  PID:10960
- C:\Windows\System\GbDmDnz.exe
  C:\Windows\System\GbDmDnz.exe
  2⤵
  PID:11008
- C:\Windows\System\WIdmGmH.exe
  C:\Windows\System\WIdmGmH.exe
  2⤵
  PID:11108
- C:\Windows\System\mRSmrfV.exe
  C:\Windows\System\mRSmrfV.exe
  2⤵
  PID:11184
- C:\Windows\System\wDiYFJh.exe
  C:\Windows\System\wDiYFJh.exe
  2⤵
  PID:11228
- C:\Windows\System\gkICWDG.exe
  C:\Windows\System\gkICWDG.exe
  2⤵
  PID:10300
- C:\Windows\System\ijgBKPp.exe
  C:\Windows\System\ijgBKPp.exe
  2⤵
  PID:10244
- C:\Windows\System\ydksCEz.exe
  C:\Windows\System\ydksCEz.exe
  2⤵
  PID:10528
- C:\Windows\System\LFPaunk.exe
  C:\Windows\System\LFPaunk.exe
  2⤵
  PID:10748
- C:\Windows\System\xVOGHEk.exe
  C:\Windows\System\xVOGHEk.exe
  2⤵
  PID:10888
- C:\Windows\System\mcQtscL.exe
  C:\Windows\System\mcQtscL.exe
  2⤵
  PID:10452
- C:\Windows\System\lPPCCMu.exe
  C:\Windows\System\lPPCCMu.exe
  2⤵
  PID:11064
- C:\Windows\System\ulwmEct.exe
  C:\Windows\System\ulwmEct.exe
  2⤵
  PID:11256
- C:\Windows\System\bmgEjtf.exe
  C:\Windows\System\bmgEjtf.exe
  2⤵
  PID:10444
- C:\Windows\System\zRkYyah.exe
  C:\Windows\System\zRkYyah.exe
  2⤵
  PID:10832
- C:\Windows\System\USWCtqn.exe
  C:\Windows\System\USWCtqn.exe
  2⤵
  PID:11180
- C:\Windows\System\DfOxpYQ.exe
  C:\Windows\System\DfOxpYQ.exe
  2⤵
  PID:10836
- C:\Windows\System\soKRGzW.exe
  C:\Windows\System\soKRGzW.exe
  2⤵
  PID:3948
- C:\Windows\System\VctAnBz.exe
  C:\Windows\System\VctAnBz.exe
  2⤵
  PID:2128
- C:\Windows\System\oEATtqA.exe
  C:\Windows\System\oEATtqA.exe
  2⤵
  PID:4344
- C:\Windows\System\kmKJnQd.exe
  C:\Windows\System\kmKJnQd.exe
  2⤵
  PID:11280
- C:\Windows\System\vuNyiBi.exe
  C:\Windows\System\vuNyiBi.exe
  2⤵
  PID:11316
- C:\Windows\System\hltwHik.exe
  C:\Windows\System\hltwHik.exe
  2⤵
  PID:11348
- C:\Windows\System\BedTPUn.exe
  C:\Windows\System\BedTPUn.exe
  2⤵
  PID:11376
- C:\Windows\System\mjkHGmv.exe
  C:\Windows\System\mjkHGmv.exe
  2⤵
  PID:11416
- C:\Windows\System\llvajst.exe
  C:\Windows\System\llvajst.exe
  2⤵
  PID:11432
- C:\Windows\System\WAmLVJX.exe
  C:\Windows\System\WAmLVJX.exe
  2⤵
  PID:11480
- C:\Windows\System\SfDCvpN.exe
  C:\Windows\System\SfDCvpN.exe
  2⤵
  PID:11520
- C:\Windows\System\pEvAADd.exe
  C:\Windows\System\pEvAADd.exe
  2⤵
  PID:11552
- C:\Windows\System\xsWKWKp.exe
  C:\Windows\System\xsWKWKp.exe
  2⤵
  PID:11580
- C:\Windows\System\LMUDdmD.exe
  C:\Windows\System\LMUDdmD.exe
  2⤵
  PID:11608
- C:\Windows\System\gRKXZHE.exe
  C:\Windows\System\gRKXZHE.exe
  2⤵
  PID:11636
- C:\Windows\System\BzJORTK.exe
  C:\Windows\System\BzJORTK.exe
  2⤵
  PID:11664
- C:\Windows\System\mYtCUPc.exe
  C:\Windows\System\mYtCUPc.exe
  2⤵
  PID:11692
- C:\Windows\System\evLEGcQ.exe
  C:\Windows\System\evLEGcQ.exe
  2⤵
  PID:11720
- C:\Windows\System\GFjMiXU.exe
  C:\Windows\System\GFjMiXU.exe
  2⤵
  PID:11748
- C:\Windows\System\iLFeNcx.exe
  C:\Windows\System\iLFeNcx.exe
  2⤵
  PID:11776
- C:\Windows\System\TuthGnX.exe
  C:\Windows\System\TuthGnX.exe
  2⤵
  PID:11804
- C:\Windows\System\dLUWvBG.exe
  C:\Windows\System\dLUWvBG.exe
  2⤵
  PID:11832
- C:\Windows\System\pkRlaRm.exe
  C:\Windows\System\pkRlaRm.exe
  2⤵
  PID:11860
- C:\Windows\System\qFHqVWd.exe
  C:\Windows\System\qFHqVWd.exe
  2⤵
  PID:11892
- C:\Windows\System\lguoYVe.exe
  C:\Windows\System\lguoYVe.exe
  2⤵
  PID:11924
- C:\Windows\System\CkJzeGp.exe
  C:\Windows\System\CkJzeGp.exe
  2⤵
  PID:11952
- C:\Windows\System\NkcoOYf.exe
  C:\Windows\System\NkcoOYf.exe
  2⤵
  PID:11980
- C:\Windows\System\cJiRzjk.exe
  C:\Windows\System\cJiRzjk.exe
  2⤵
  PID:12016
- C:\Windows\System\wAXyFph.exe
  C:\Windows\System\wAXyFph.exe
  2⤵
  PID:12032
- C:\Windows\System\drovblf.exe
  C:\Windows\System\drovblf.exe
  2⤵
  PID:12068
- C:\Windows\System\JvUYUSo.exe
  C:\Windows\System\JvUYUSo.exe
  2⤵
  PID:12084
- C:\Windows\System\gjIgILP.exe
  C:\Windows\System\gjIgILP.exe
  2⤵
  PID:12128
- C:\Windows\System\UixsvgS.exe
  C:\Windows\System\UixsvgS.exe
  2⤵
  PID:12164
- C:\Windows\System\RgmdbKI.exe
  C:\Windows\System\RgmdbKI.exe
  2⤵
  PID:12212
- C:\Windows\System\QDILiDt.exe
  C:\Windows\System\QDILiDt.exe
  2⤵
  PID:12228
- C:\Windows\System\VTuQdlu.exe
  C:\Windows\System\VTuQdlu.exe
  2⤵
  PID:12256
- C:\Windows\System\KykVJxr.exe
  C:\Windows\System\KykVJxr.exe
  2⤵
  PID:12284
- C:\Windows\System\hHjvjkA.exe
  C:\Windows\System\hHjvjkA.exe
  2⤵
  PID:11300
- C:\Windows\System\erivqxU.exe
  C:\Windows\System\erivqxU.exe
  2⤵
  PID:5064
- C:\Windows\System\DFtkiCy.exe
  C:\Windows\System\DFtkiCy.exe
  2⤵
  PID:11344
- C:\Windows\System\IsTcaGZ.exe
  C:\Windows\System\IsTcaGZ.exe
  2⤵
  PID:11412
- C:\Windows\System\cUodwCo.exe
  C:\Windows\System\cUodwCo.exe
  2⤵
  PID:11472
- C:\Windows\System\GzoWjOn.exe
  C:\Windows\System\GzoWjOn.exe
  2⤵
  PID:11536
- C:\Windows\System\LdcUQpE.exe
  C:\Windows\System\LdcUQpE.exe
  2⤵
  PID:11604
- C:\Windows\System\ZDonvIO.exe
  C:\Windows\System\ZDonvIO.exe
  2⤵
  PID:11672
- C:\Windows\System\WbiTrLI.exe
  C:\Windows\System\WbiTrLI.exe
  2⤵
  PID:11760
- C:\Windows\System\kiMSyNJ.exe
  C:\Windows\System\kiMSyNJ.exe
  2⤵
  PID:11828
- C:\Windows\System\QOUjRjK.exe
  C:\Windows\System\QOUjRjK.exe
  2⤵
  PID:11976
- C:\Windows\System\whngZxn.exe
  C:\Windows\System\whngZxn.exe
  2⤵
  PID:12052
- C:\Windows\System\KMNRSMa.exe
  C:\Windows\System\KMNRSMa.exe
  2⤵
  PID:5668
- C:\Windows\System\oqwGlwX.exe
  C:\Windows\System\oqwGlwX.exe
  2⤵
  PID:5768
- C:\Windows\System\igBiFPH.exe
  C:\Windows\System\igBiFPH.exe
  2⤵
  PID:1340
- C:\Windows\System\WlIGUoV.exe
  C:\Windows\System\WlIGUoV.exe
  2⤵
  PID:12184
- C:\Windows\System\bwgpcJv.exe
  C:\Windows\System\bwgpcJv.exe
  2⤵
  PID:12196
- C:\Windows\System\QKBXmqn.exe
  C:\Windows\System\QKBXmqn.exe
  2⤵
  PID:12272
- C:\Windows\System\AIHfKht.exe
  C:\Windows\System\AIHfKht.exe
  2⤵
  PID:1132
- C:\Windows\System\ECXKLlh.exe
  C:\Windows\System\ECXKLlh.exe
  2⤵
  PID:11392
- C:\Windows\System\wSlmEzh.exe
  C:\Windows\System\wSlmEzh.exe
  2⤵
  PID:11532
- C:\Windows\System\ViYwJxg.exe
  C:\Windows\System\ViYwJxg.exe
  2⤵
  PID:11592
- C:\Windows\System\LdslKne.exe
  C:\Windows\System\LdslKne.exe
  2⤵
  PID:11716
- C:\Windows\System\dAAyPgM.exe
  C:\Windows\System\dAAyPgM.exe
  2⤵
  PID:11868
- C:\Windows\System\NwgtHxE.exe
  C:\Windows\System\NwgtHxE.exe
  2⤵
  PID:12000
- C:\Windows\System\PfMDuxh.exe
  C:\Windows\System\PfMDuxh.exe
  2⤵
  PID:12060
- C:\Windows\System\kdTPwoQ.exe
  C:\Windows\System\kdTPwoQ.exe
  2⤵
  PID:12220
- C:\Windows\System\FnDaztu.exe
  C:\Windows\System\FnDaztu.exe
  2⤵
  PID:11304
- C:\Windows\System\fTwmLnV.exe
  C:\Windows\System\fTwmLnV.exe
  2⤵
  PID:11500
- C:\Windows\System\ayoVJoe.exe
  C:\Windows\System\ayoVJoe.exe
  2⤵
  PID:11936
- C:\Windows\System\XDpMXXY.exe
  C:\Windows\System\XDpMXXY.exe
  2⤵
  PID:5784
- C:\Windows\System\aEfMnJL.exe
  C:\Windows\System\aEfMnJL.exe
  2⤵
  PID:2488
- C:\Windows\System\yUrvSmN.exe
  C:\Windows\System\yUrvSmN.exe
  2⤵
  PID:11712
- C:\Windows\System\TWpaGNZ.exe
  C:\Windows\System\TWpaGNZ.exe
  2⤵
  PID:4276
- C:\Windows\System\dAQEmgq.exe
  C:\Windows\System\dAQEmgq.exe
  2⤵
  PID:12252
- C:\Windows\System\ZquTVkI.exe
  C:\Windows\System\ZquTVkI.exe
  2⤵
  PID:4944
- C:\Windows\System\GZUNCpt.exe
  C:\Windows\System\GZUNCpt.exe
  2⤵
  PID:12316
- C:\Windows\System\pxdlXqr.exe
  C:\Windows\System\pxdlXqr.exe
  2⤵
  PID:12344
- C:\Windows\System\qPXIZWP.exe
  C:\Windows\System\qPXIZWP.exe
  2⤵
  PID:12372
- C:\Windows\System\odqVGXc.exe
  C:\Windows\System\odqVGXc.exe
  2⤵
  PID:12400
- C:\Windows\System\mrDENhW.exe
  C:\Windows\System\mrDENhW.exe
  2⤵
  PID:12432
- C:\Windows\System\rsOXEpW.exe
  C:\Windows\System\rsOXEpW.exe
  2⤵
  PID:12460
- C:\Windows\System\XHGmPlm.exe
  C:\Windows\System\XHGmPlm.exe
  2⤵
  PID:12488
- C:\Windows\System\oLiloZa.exe
  C:\Windows\System\oLiloZa.exe
  2⤵
  PID:12516
- C:\Windows\System\MbRgIfa.exe
  C:\Windows\System\MbRgIfa.exe
  2⤵
  PID:12544
- C:\Windows\System\SlIiTQo.exe
  C:\Windows\System\SlIiTQo.exe
  2⤵
  PID:12572
- C:\Windows\System\YdNgeJl.exe
  C:\Windows\System\YdNgeJl.exe
  2⤵
  PID:12600
- C:\Windows\System\pItVErv.exe
  C:\Windows\System\pItVErv.exe
  2⤵
  PID:12628
- C:\Windows\System\fDqWNSm.exe
  C:\Windows\System\fDqWNSm.exe
  2⤵
  PID:12660
- C:\Windows\System\RdBySba.exe
  C:\Windows\System\RdBySba.exe
  2⤵
  PID:12680
- C:\Windows\System\dWxhgxs.exe
  C:\Windows\System\dWxhgxs.exe
  2⤵
  PID:12720
- C:\Windows\System\XOdoHDE.exe
  C:\Windows\System\XOdoHDE.exe
  2⤵
  PID:12760
- C:\Windows\System\DjiNOTw.exe
  C:\Windows\System\DjiNOTw.exe
  2⤵
  PID:12792
- C:\Windows\System\JQWqCba.exe
  C:\Windows\System\JQWqCba.exe
  2⤵
  PID:12820
- C:\Windows\System\vtmrtcx.exe
  C:\Windows\System\vtmrtcx.exe
  2⤵
  PID:12876
- C:\Windows\System\ieNmEMx.exe
  C:\Windows\System\ieNmEMx.exe
  2⤵
  PID:12892
- C:\Windows\System\tsjOQFd.exe
  C:\Windows\System\tsjOQFd.exe
  2⤵
  PID:12924
- C:\Windows\System\BqDiHlg.exe
  C:\Windows\System\BqDiHlg.exe
  2⤵
  PID:12992
- C:\Windows\System\JGONsVD.exe
  C:\Windows\System\JGONsVD.exe
  2⤵
  PID:13012
- C:\Windows\System\igsSxdg.exe
  C:\Windows\System\igsSxdg.exe
  2⤵
  PID:13060
- C:\Windows\System\hCQhRQd.exe
  C:\Windows\System\hCQhRQd.exe
  2⤵
  PID:13100
- C:\Windows\System\Hcmvlti.exe
  C:\Windows\System\Hcmvlti.exe
  2⤵
  PID:13124
- C:\Windows\System\hmOYLvw.exe
  C:\Windows\System\hmOYLvw.exe
  2⤵
  PID:13148
- C:\Windows\System\oxbAKLd.exe
  C:\Windows\System\oxbAKLd.exe
  2⤵
  PID:13168
- C:\Windows\System\LwCzAUw.exe
  C:\Windows\System\LwCzAUw.exe
  2⤵
  PID:13204
- C:\Windows\System\fHxdEIt.exe
  C:\Windows\System\fHxdEIt.exe
  2⤵
  PID:13276
- C:\Windows\System\EZDrJMs.exe
  C:\Windows\System\EZDrJMs.exe
  2⤵
  PID:13292
- C:\Windows\System\GABrojM.exe
  C:\Windows\System\GABrojM.exe
  2⤵
  PID:13308
- C:\Windows\System\TfXjhMn.exe
  C:\Windows\System\TfXjhMn.exe
  2⤵
  PID:12396
- C:\Windows\System\ZKmgAVS.exe
  C:\Windows\System\ZKmgAVS.exe
  2⤵
  PID:12456
- C:\Windows\System\jIXXkme.exe
  C:\Windows\System\jIXXkme.exe
  2⤵
  PID:12528
- C:\Windows\System\KAmviuJ.exe
  C:\Windows\System\KAmviuJ.exe
  2⤵
  PID:12584
- C:\Windows\System\XrrnebP.exe
  C:\Windows\System\XrrnebP.exe
  2⤵
  PID:12624
- C:\Windows\System\fbcbLrx.exe
  C:\Windows\System\fbcbLrx.exe
  2⤵
  PID:12648
- C:\Windows\System\SHNDIkQ.exe
  C:\Windows\System\SHNDIkQ.exe
  2⤵
  PID:4512
- C:\Windows\System\nbhQzLU.exe
  C:\Windows\System\nbhQzLU.exe
  2⤵
  PID:6404
- C:\Windows\System\iHYvSED.exe
  C:\Windows\System\iHYvSED.exe
  2⤵
  PID:12704
- C:\Windows\System\VFzpoCD.exe
  C:\Windows\System\VFzpoCD.exe
  2⤵
  PID:6572
- C:\Windows\System\VsKIwoB.exe
  C:\Windows\System\VsKIwoB.exe
  2⤵
  PID:6616
- C:\Windows\System\PkgJLvK.exe
  C:\Windows\System\PkgJLvK.exe
  2⤵
  PID:3640
- C:\Windows\System\yWTyoRF.exe
  C:\Windows\System\yWTyoRF.exe
  2⤵
  PID:4816
- C:\Windows\System\DcFXOKE.exe
  C:\Windows\System\DcFXOKE.exe
  2⤵
  PID:12912
- C:\Windows\System\ElHgrEs.exe
  C:\Windows\System\ElHgrEs.exe
  2⤵
  PID:6812
- C:\Windows\System\gUxMVAT.exe
  C:\Windows\System\gUxMVAT.exe
  2⤵
  PID:6940
- C:\Windows\System\UjLjsKS.exe
  C:\Windows\System\UjLjsKS.exe
  2⤵
  PID:4924
- C:\Windows\System\oSeNxKh.exe
  C:\Windows\System\oSeNxKh.exe
  2⤵
  PID:1776
- C:\Windows\System\JxLCjJj.exe
  C:\Windows\System\JxLCjJj.exe
  2⤵
  PID:4444
- C:\Windows\System\heABAjz.exe
  C:\Windows\System\heABAjz.exe
  2⤵
  PID:1596
- C:\Windows\System\gBHvLPH.exe
  C:\Windows\System\gBHvLPH.exe
  2⤵
  PID:3268
- C:\Windows\System\jMcmuTc.exe
  C:\Windows\System\jMcmuTc.exe
  2⤵
  PID:1020
- C:\Windows\System\UuBospl.exe
  C:\Windows\System\UuBospl.exe
  2⤵
  PID:13180
- C:\Windows\System\TvblCdO.exe
  C:\Windows\System\TvblCdO.exe
  2⤵
  PID:13196
- C:\Windows\System\RkkEktJ.exe
  C:\Windows\System\RkkEktJ.exe
  2⤵
  PID:12852
- C:\Windows\System\LqJmOfO.exe
  C:\Windows\System\LqJmOfO.exe
  2⤵
  PID:13040
- C:\Windows\System\rMFAdcU.exe
  C:\Windows\System\rMFAdcU.exe
  2⤵
  PID:9044
- C:\Windows\System\EAaLBBO.exe
  C:\Windows\System\EAaLBBO.exe
  2⤵
  PID:6208
- C:\Windows\System\gwozwWX.exe
  C:\Windows\System\gwozwWX.exe
  2⤵
  PID:6564
- C:\Windows\System\eDznwNu.exe
  C:\Windows\System\eDznwNu.exe
  2⤵
  PID:6748
- C:\Windows\System\bUEFjSM.exe
  C:\Windows\System\bUEFjSM.exe
  2⤵
  PID:6988
- C:\Windows\System\pXXFWPr.exe
  C:\Windows\System\pXXFWPr.exe
  2⤵
  PID:6152
- C:\Windows\System\tmrrTFh.exe
  C:\Windows\System\tmrrTFh.exe
  2⤵
  PID:6632
- C:\Windows\System\viAvhUb.exe
  C:\Windows\System\viAvhUb.exe
  2⤵
  PID:1864
- C:\Windows\System\oSkJlge.exe
  C:\Windows\System\oSkJlge.exe
  2⤵
  PID:3848
- C:\Windows\System\eCGLEGd.exe
  C:\Windows\System\eCGLEGd.exe
  2⤵
  PID:456
- C:\Windows\System\BSAnbSu.exe
  C:\Windows\System\BSAnbSu.exe
  2⤵
  PID:3816
- C:\Windows\System\OMDReCw.exe
  C:\Windows\System\OMDReCw.exe
  2⤵
  PID:228
- C:\Windows\System\MROWTAB.exe
  C:\Windows\System\MROWTAB.exe
  2⤵
  PID:4424
- C:\Windows\System\YEJhryc.exe
  C:\Windows\System\YEJhryc.exe
  2⤵
  PID:12328
- C:\Windows\System\NZXQkjm.exe
  C:\Windows\System\NZXQkjm.exe
  2⤵
  PID:10972
- C:\Windows\System\ITsjAWv.exe
  C:\Windows\System\ITsjAWv.exe
  2⤵
  PID:7188
- C:\Windows\System\UJDTTRF.exe
  C:\Windows\System\UJDTTRF.exe
  2⤵
  PID:3692
- C:\Windows\System\echAQwq.exe
  C:\Windows\System\echAQwq.exe
  2⤵
  PID:12752
- C:\Windows\System\bThInCq.exe
  C:\Windows\System\bThInCq.exe
  2⤵
  PID:12812
- C:\Windows\System\ODEZNpL.exe
  C:\Windows\System\ODEZNpL.exe
  2⤵
  PID:6628
- C:\Windows\System\KHXMzIe.exe
  C:\Windows\System\KHXMzIe.exe
  2⤵
  PID:4576
- C:\Windows\System\RMTctkK.exe
  C:\Windows\System\RMTctkK.exe
  2⤵
  PID:10472
- C:\Windows\System\Txshjxt.exe
  C:\Windows\System\Txshjxt.exe
  2⤵
  PID:10920
- C:\Windows\System\MiQvrfg.exe
  C:\Windows\System\MiQvrfg.exe
  2⤵
  PID:10412
- C:\Windows\System\fFQGRrG.exe
  C:\Windows\System\fFQGRrG.exe
  2⤵
  PID:4108
- C:\Windows\System\UvjvToO.exe
  C:\Windows\System\UvjvToO.exe
  2⤵
  PID:6952
- C:\Windows\System\LMgQPkQ.exe
  C:\Windows\System\LMgQPkQ.exe
  2⤵
  PID:1192
- C:\Windows\System\SSIyAeA.exe
  C:\Windows\System\SSIyAeA.exe
  2⤵
  PID:13036
- C:\Windows\System\BAHKBku.exe
  C:\Windows\System\BAHKBku.exe
  2⤵
  PID:13108
- C:\Windows\System\BWRmugy.exe
  C:\Windows\System\BWRmugy.exe
  2⤵
  PID:13160
- C:\Windows\System\LqhxFng.exe
  C:\Windows\System\LqhxFng.exe
  2⤵
  PID:13232
- C:\Windows\System\dLtmxYe.exe
  C:\Windows\System\dLtmxYe.exe
  2⤵
  PID:13024
- C:\Windows\System\KhrlPoO.exe
  C:\Windows\System\KhrlPoO.exe
  2⤵
  PID:6240
- C:\Windows\System\KDhmFup.exe
  C:\Windows\System\KDhmFup.exe
  2⤵
  PID:6720
- C:\Windows\System\haAwbTw.exe
  C:\Windows\System\haAwbTw.exe
  2⤵
  PID:6932
- C:\Windows\System\dEmlaFL.exe
  C:\Windows\System\dEmlaFL.exe
  2⤵
  PID:6296
- C:\Windows\System\DoNxBOp.exe
  C:\Windows\System\DoNxBOp.exe
  2⤵
  PID:13272
- C:\Windows\System\RWNUFwn.exe
  C:\Windows\System\RWNUFwn.exe
  2⤵
  PID:400
- C:\Windows\System\uFZBcmI.exe
  C:\Windows\System\uFZBcmI.exe
  2⤵
  PID:2228
- C:\Windows\System\SAJaeJf.exe
  C:\Windows\System\SAJaeJf.exe
  2⤵
  PID:2840
- C:\Windows\System\YfrPklx.exe
  C:\Windows\System\YfrPklx.exe
  2⤵
  PID:12484
- C:\Windows\System\NDsEydF.exe
  C:\Windows\System\NDsEydF.exe
  2⤵
  PID:12568
- C:\Windows\System\JGDdolr.exe
  C:\Windows\System\JGDdolr.exe
  2⤵
  PID:5548
- C:\Windows\System\gdjeufO.exe
  C:\Windows\System\gdjeufO.exe
  2⤵
  PID:6600
- C:\Windows\System\fPVzgtM.exe
  C:\Windows\System\fPVzgtM.exe
  2⤵
  PID:12884
- C:\Windows\System\HGqJQbk.exe
  C:\Windows\System\HGqJQbk.exe
  2⤵
  PID:4868
- C:\Windows\System\xQMJkkf.exe
  C:\Windows\System\xQMJkkf.exe
  2⤵
  PID:1980
- C:\Windows\System\NTBAAoR.exe
  C:\Windows\System\NTBAAoR.exe
  2⤵
  PID:5164
- C:\Windows\System\JKdBuPj.exe
  C:\Windows\System\JKdBuPj.exe
  2⤵
  PID:5220
- C:\Windows\System\IpXUrua.exe
  C:\Windows\System\IpXUrua.exe
  2⤵
  PID:1760
- C:\Windows\System\KIsALIX.exe
  C:\Windows\System\KIsALIX.exe
  2⤵
  PID:6884
- C:\Windows\System\nSGZRgM.exe
  C:\Windows\System\nSGZRgM.exe
  2⤵
  PID:2420
- C:\Windows\System\fEoJpUJ.exe
  C:\Windows\System\fEoJpUJ.exe
  2⤵
  PID:5912
- C:\Windows\System\qSuUaiK.exe
  C:\Windows\System\qSuUaiK.exe
  2⤵
  PID:13300
- C:\Windows\System\TuQcGTg.exe
  C:\Windows\System\TuQcGTg.exe
  2⤵
  PID:5968
- C:\Windows\System\nycKHsw.exe
  C:\Windows\System\nycKHsw.exe
  2⤵
  PID:5556
- C:\Windows\System\oyAAHGo.exe
  C:\Windows\System\oyAAHGo.exe
  2⤵
  PID:6024
- C:\Windows\System\geQjOTM.exe
  C:\Windows\System\geQjOTM.exe
  2⤵
  PID:6060
- C:\Windows\System\VeLvGrB.exe
  C:\Windows\System\VeLvGrB.exe
  2⤵
  PID:5128
- C:\Windows\System\RyuWhcK.exe
  C:\Windows\System\RyuWhcK.exe
  2⤵
  PID:6108
- C:\Windows\System\HpacZel.exe
  C:\Windows\System\HpacZel.exe
  2⤵
  PID:7220
- C:\Windows\System\mkBSJIv.exe
  C:\Windows\System\mkBSJIv.exe
  2⤵
  PID:5928
- C:\Windows\System\FQYmGVv.exe
  C:\Windows\System\FQYmGVv.exe
  2⤵
  PID:7204
- C:\Windows\System\rlpatON.exe
  C:\Windows\System\rlpatON.exe
  2⤵
  PID:6504
- C:\Windows\System\YlAefYc.exe
  C:\Windows\System\YlAefYc.exe
  2⤵
  PID:1492
- C:\Windows\System\tMRQEWD.exe
  C:\Windows\System\tMRQEWD.exe
  2⤵
  PID:5188
- C:\Windows\System\XouhBTm.exe
  C:\Windows\System\XouhBTm.exe
  2⤵
  PID:1720
- C:\Windows\System\XAnBKfU.exe
  C:\Windows\System\XAnBKfU.exe
  2⤵
  PID:2564
- C:\Windows\System\QmBRJVv.exe
  C:\Windows\System\QmBRJVv.exe
  2⤵
  PID:3060
- C:\Windows\System\TpnBzhq.exe
  C:\Windows\System\TpnBzhq.exe
  2⤵
  PID:5200
- C:\Windows\System\ntKoupL.exe
  C:\Windows\System\ntKoupL.exe
  2⤵
  PID:5340
- C:\Windows\System\oRnRoap.exe
  C:\Windows\System\oRnRoap.exe
  2⤵
  PID:5580
- C:\Windows\System\PyQcgko.exe
  C:\Windows\System\PyQcgko.exe
  2⤵
  PID:5744
- C:\Windows\System\LQeZqxB.exe
  C:\Windows\System\LQeZqxB.exe
  2⤵
  PID:5532
- C:\Windows\System\RnTsRiu.exe
  C:\Windows\System\RnTsRiu.exe
  2⤵
  PID:7804
- C:\Windows\System\LITRnJr.exe
  C:\Windows\System\LITRnJr.exe
  2⤵
  PID:5820
- C:\Windows\System\lmzyXDS.exe
  C:\Windows\System\lmzyXDS.exe
  2⤵
  PID:5096
- C:\Windows\System\YVDHNxz.exe
  C:\Windows\System\YVDHNxz.exe
  2⤵
  PID:6068
- C:\Windows\System\hZRwIDV.exe
  C:\Windows\System\hZRwIDV.exe
  2⤵
  PID:13332
- C:\Windows\System\mRtjbQJ.exe
  C:\Windows\System\mRtjbQJ.exe
  2⤵
  PID:13360
- C:\Windows\System\UsHlSXF.exe
  C:\Windows\System\UsHlSXF.exe
  2⤵
  PID:13388
- C:\Windows\System\BvIrING.exe
  C:\Windows\System\BvIrING.exe
  2⤵
  PID:13416
- C:\Windows\System\zbHPEEa.exe
  C:\Windows\System\zbHPEEa.exe
  2⤵
  PID:13444
- C:\Windows\System\dWAKMtc.exe
  C:\Windows\System\dWAKMtc.exe
  2⤵
  PID:13472
- C:\Windows\System\LyOCgEC.exe
  C:\Windows\System\LyOCgEC.exe
  2⤵
  PID:13500
- C:\Windows\System\djzTOHx.exe
  C:\Windows\System\djzTOHx.exe
  2⤵
  PID:13528
- C:\Windows\System\OuNOFQt.exe
  C:\Windows\System\OuNOFQt.exe
  2⤵
  PID:13556
- C:\Windows\System\VXyQNnQ.exe
  C:\Windows\System\VXyQNnQ.exe
  2⤵
  PID:13584
- C:\Windows\System\VLUXJBc.exe
  C:\Windows\System\VLUXJBc.exe
  2⤵
  PID:13612
- C:\Windows\System\NnFCIMq.exe
  C:\Windows\System\NnFCIMq.exe
  2⤵
  PID:13640
- C:\Windows\System\iawfWRv.exe
  C:\Windows\System\iawfWRv.exe
  2⤵
  PID:13668
- C:\Windows\System\EuvbduZ.exe
  C:\Windows\System\EuvbduZ.exe
  2⤵
  PID:13696
- C:\Windows\System\sNhPTwu.exe
  C:\Windows\System\sNhPTwu.exe
  2⤵
  PID:13732
- C:\Windows\System\UloDSyJ.exe
  C:\Windows\System\UloDSyJ.exe
  2⤵
  PID:13752
- C:\Windows\System\yqjpBSF.exe
  C:\Windows\System\yqjpBSF.exe
  2⤵
  PID:13780
- C:\Windows\System\LNbQisw.exe
  C:\Windows\System\LNbQisw.exe
  2⤵
  PID:13812
- C:\Windows\System\sVjXuvE.exe
  C:\Windows\System\sVjXuvE.exe
  2⤵
  PID:13840
- C:\Windows\System\LTUzEOD.exe
  C:\Windows\System\LTUzEOD.exe
  2⤵
  PID:13868
- C:\Windows\System\plnfiYE.exe
  C:\Windows\System\plnfiYE.exe
  2⤵
  PID:13896
- C:\Windows\System\QiBeLkp.exe
  C:\Windows\System\QiBeLkp.exe
  2⤵
  PID:13924
- C:\Windows\System\KagcpJX.exe
  C:\Windows\System\KagcpJX.exe
  2⤵
  PID:13952
- C:\Windows\System\egcPcXi.exe
  C:\Windows\System\egcPcXi.exe
  2⤵
  PID:13980
- C:\Windows\System\otoqHZT.exe
  C:\Windows\System\otoqHZT.exe
  2⤵
  PID:14008
- C:\Windows\System\fdwIOiu.exe
  C:\Windows\System\fdwIOiu.exe
  2⤵
  PID:14036
- C:\Windows\System\dIqQSjn.exe
  C:\Windows\System\dIqQSjn.exe
  2⤵
  PID:14064
- C:\Windows\System\kpCbDQY.exe
  C:\Windows\System\kpCbDQY.exe
  2⤵
  PID:14092
- C:\Windows\System\gTpsyjD.exe
  C:\Windows\System\gTpsyjD.exe
  2⤵
  PID:14120
- C:\Windows\System\xcvbtBO.exe
  C:\Windows\System\xcvbtBO.exe
  2⤵
  PID:14148
- C:\Windows\System\utGrZzq.exe
  C:\Windows\System\utGrZzq.exe
  2⤵
  PID:14176
- C:\Windows\System\YpwUwRB.exe
  C:\Windows\System\YpwUwRB.exe
  2⤵
  PID:14204
- C:\Windows\System\LcASDFE.exe
  C:\Windows\System\LcASDFE.exe
  2⤵
  PID:14232
- C:\Windows\System\IYwKFTF.exe
  C:\Windows\System\IYwKFTF.exe
  2⤵
  PID:14260
- C:\Windows\System\GYOPHdu.exe
  C:\Windows\System\GYOPHdu.exe
  2⤵
  PID:14288
- C:\Windows\System\XdvbUBz.exe
  C:\Windows\System\XdvbUBz.exe
  2⤵
  PID:14316
- C:\Windows\System\mLzVaWB.exe
  C:\Windows\System\mLzVaWB.exe
  2⤵
  PID:6092
- C:\Windows\System\chegCWp.exe
  C:\Windows\System\chegCWp.exe
  2⤵
  PID:13352
- C:\Windows\System\aDABswM.exe
  C:\Windows\System\aDABswM.exe
  2⤵
  PID:4528
- C:\Windows\System\UJFhHzo.exe
  C:\Windows\System\UJFhHzo.exe
  2⤵
  PID:13440
- C:\Windows\System\GkeoBsM.exe
  C:\Windows\System\GkeoBsM.exe
  2⤵
  PID:3512
- C:\Windows\System\cYevtXU.exe
  C:\Windows\System\cYevtXU.exe
  2⤵
  PID:5328
- C:\Windows\System\MTAYLZu.exe
  C:\Windows\System\MTAYLZu.exe
  2⤵
  PID:13548
- C:\Windows\System\fdhliLn.exe
  C:\Windows\System\fdhliLn.exe
  2⤵
  PID:13596
- C:\Windows\System\mjyJYqc.exe
  C:\Windows\System\mjyJYqc.exe
  2⤵
  PID:3684
- C:\Windows\System\fpawwHR.exe
  C:\Windows\System\fpawwHR.exe
  2⤵
  PID:13664
- C:\Windows\System\SnQdkgm.exe
  C:\Windows\System\SnQdkgm.exe
  2⤵
  PID:13720
- C:\Windows\System\PKZQnRP.exe
  C:\Windows\System\PKZQnRP.exe
  2⤵
  PID:2140
- C:\Windows\System\ZTcQakr.exe
  C:\Windows\System\ZTcQakr.exe
  2⤵
  PID:13808
- C:\Windows\System\ieubYaq.exe
  C:\Windows\System\ieubYaq.exe
  2⤵
  PID:13888
- C:\Windows\System\zsodMuN.exe
  C:\Windows\System\zsodMuN.exe
  2⤵
  PID:13944
- C:\Windows\System\SisCoAi.exe
  C:\Windows\System\SisCoAi.exe
  2⤵
  PID:6316
- C:\Windows\System\vBrRWYo.exe
  C:\Windows\System\vBrRWYo.exe
  2⤵
  PID:14004
- C:\Windows\System\AKldCwC.exe
  C:\Windows\System\AKldCwC.exe
  2⤵
  PID:6376
- C:\Windows\System\cDxNdgB.exe
  C:\Windows\System\cDxNdgB.exe
  2⤵
  PID:4492
- C:\Windows\System\CPUjOph.exe
  C:\Windows\System\CPUjOph.exe
  2⤵
  PID:14144
- C:\Windows\System\kWgKruT.exe
  C:\Windows\System\kWgKruT.exe
  2⤵
  PID:6464
- C:\Windows\System\IjaDElV.exe
  C:\Windows\System\IjaDElV.exe
  2⤵
  PID:6484
- C:\Windows\System\zPpwGDu.exe
  C:\Windows\System\zPpwGDu.exe
  2⤵
  PID:14300
- C:\Windows\System\AePzOoC.exe
  C:\Windows\System\AePzOoC.exe
  2⤵
  PID:13788
- C:\Windows\System\DjoGagW.exe
  C:\Windows\System\DjoGagW.exe
  2⤵
  PID:13412
- C:\Windows\System\pVYTTHB.exe
  C:\Windows\System\pVYTTHB.exe
  2⤵
  PID:13496
- C:\Windows\System\MhkVxXG.exe
  C:\Windows\System\MhkVxXG.exe
  2⤵
  PID:13580
- C:\Windows\System\ambrXHV.exe
  C:\Windows\System\ambrXHV.exe
  2⤵
  PID:13688
- C:\Windows\System\ForTloJ.exe
  C:\Windows\System\ForTloJ.exe
  2⤵
  PID:13772
- C:\Windows\System\fZGQDLU.exe
  C:\Windows\System\fZGQDLU.exe
  2⤵
  PID:3132
- C:\Windows\System\ihZcxgh.exe
  C:\Windows\System\ihZcxgh.exe
  2⤵
  PID:3324
- C:\Windows\System\BohlFnV.exe
  C:\Windows\System\BohlFnV.exe
  2⤵
  PID:14060
- C:\Windows\System\AAUUoWD.exe
  C:\Windows\System\AAUUoWD.exe
  2⤵
  PID:14140
- C:\Windows\System\VFDcVPs.exe
  C:\Windows\System\VFDcVPs.exe
  2⤵
  PID:14244
- C:\Windows\System\jncopol.exe
  C:\Windows\System\jncopol.exe
  2⤵
  PID:6120
- C:\Windows\System\yCBbyBL.exe
  C:\Windows\System\yCBbyBL.exe
  2⤵
  PID:14032
- C:\Windows\System\AtDOVLK.exe
  C:\Windows\System\AtDOVLK.exe
  2⤵
  PID:13576
- C:\Windows\System\yKoIsgN.exe
  C:\Windows\System\yKoIsgN.exe
  2⤵
  PID:6740
- C:\Windows\System\vISOcCN.exe
  C:\Windows\System\vISOcCN.exe
  2⤵
  PID:13916
- C:\Windows\System\pVbyKJV.exe
  C:\Windows\System\pVbyKJV.exe
  2⤵
  PID:14132
- C:\Windows\System\lIdPoRa.exe
  C:\Windows\System\lIdPoRa.exe
  2⤵
  PID:13316
- C:\Windows\System\frEKFZR.exe
  C:\Windows\System\frEKFZR.exe
  2⤵
  PID:5356
- C:\Windows\System\GArLuAl.exe
  C:\Windows\System\GArLuAl.exe
  2⤵
  PID:13660
- C:\Windows\System\ttxyijv.exe
  C:\Windows\System\ttxyijv.exe
  2⤵
  PID:14272
- C:\Windows\System\PbOMDac.exe
  C:\Windows\System\PbOMDac.exe
  2⤵
  PID:7092
- C:\Windows\System\DauuIsz.exe
  C:\Windows\System\DauuIsz.exe
  2⤵
  PID:14056
- C:\Windows\System\uppkxdi.exe
  C:\Windows\System\uppkxdi.exe
  2⤵
  PID:14352
- C:\Windows\System\iiooRCP.exe
  C:\Windows\System\iiooRCP.exe
  2⤵
  PID:14380
- C:\Windows\System\VsBLMAk.exe
  C:\Windows\System\VsBLMAk.exe
  2⤵
  PID:14408
- C:\Windows\System\QxONPHL.exe
  C:\Windows\System\QxONPHL.exe
  2⤵
  PID:14436
- C:\Windows\System\LyqSfRE.exe
  C:\Windows\System\LyqSfRE.exe
  2⤵
  PID:14464
- C:\Windows\System\fqpsDJC.exe
  C:\Windows\System\fqpsDJC.exe
  2⤵
  PID:14492
- C:\Windows\System\dgLbkxk.exe
  C:\Windows\System\dgLbkxk.exe
  2⤵
  PID:14520
- C:\Windows\System\nAjBOXL.exe
  C:\Windows\System\nAjBOXL.exe
  2⤵
  PID:14548
- C:\Windows\System\MtKcgHW.exe
  C:\Windows\System\MtKcgHW.exe
  2⤵
  PID:14580
- C:\Windows\System\eGsvNsA.exe
  C:\Windows\System\eGsvNsA.exe
  2⤵
  PID:14608
- C:\Windows\System\skmNqOb.exe
  C:\Windows\System\skmNqOb.exe
  2⤵
  PID:14644
- C:\Windows\System\nfeRPjT.exe
  C:\Windows\System\nfeRPjT.exe
  2⤵
  PID:14664
- C:\Windows\System\BenmvBC.exe
  C:\Windows\System\BenmvBC.exe
  2⤵
  PID:14692
- C:\Windows\System\eNxEPft.exe
  C:\Windows\System\eNxEPft.exe
  2⤵
  PID:14720
- C:\Windows\System\UOUHnOE.exe
  C:\Windows\System\UOUHnOE.exe
  2⤵
  PID:14748
- C:\Windows\System\abzIsCc.exe
  C:\Windows\System\abzIsCc.exe
  2⤵
  PID:14776
- C:\Windows\System\Mzdvcts.exe
  C:\Windows\System\Mzdvcts.exe
  2⤵
  PID:14804
- C:\Windows\System\yMEZamL.exe
  C:\Windows\System\yMEZamL.exe
  2⤵
  PID:14832
- C:\Windows\System\oGcfULj.exe
  C:\Windows\System\oGcfULj.exe
  2⤵
  PID:14860
- C:\Windows\System\DBICXSi.exe
  C:\Windows\System\DBICXSi.exe
  2⤵
  PID:14888
- C:\Windows\System\fkZBspV.exe
  C:\Windows\System\fkZBspV.exe
  2⤵
  PID:14916
- C:\Windows\System\IdzEnOe.exe
  C:\Windows\System\IdzEnOe.exe
  2⤵
  PID:14944
- C:\Windows\System\fJQEhhX.exe
  C:\Windows\System\fJQEhhX.exe
  2⤵
  PID:14972
- C:\Windows\System\JFwLdqH.exe
  C:\Windows\System\JFwLdqH.exe
  2⤵
  PID:15000
- C:\Windows\System\VtlqlbX.exe
  C:\Windows\System\VtlqlbX.exe
  2⤵
  PID:15028
- C:\Windows\System\xOhSGYo.exe
  C:\Windows\System\xOhSGYo.exe
  2⤵
  PID:15056
- C:\Windows\System\UKHJpEU.exe
  C:\Windows\System\UKHJpEU.exe
  2⤵
  PID:15084
- C:\Windows\System\LNUYFJH.exe
  C:\Windows\System\LNUYFJH.exe
  2⤵
  PID:15112
- C:\Windows\System\sgClMvy.exe
  C:\Windows\System\sgClMvy.exe
  2⤵
  PID:15140
- C:\Windows\System\ognoHFY.exe
  C:\Windows\System\ognoHFY.exe
  2⤵
  PID:15168
- C:\Windows\System\ogsRaRZ.exe
  C:\Windows\System\ogsRaRZ.exe
  2⤵
  PID:15196
- C:\Windows\System\cKbXBWd.exe
  C:\Windows\System\cKbXBWd.exe
  2⤵
  PID:15224
- C:\Windows\System\aajOgPV.exe
  C:\Windows\System\aajOgPV.exe
  2⤵
  PID:15252
- C:\Windows\System\dePneTX.exe
  C:\Windows\System\dePneTX.exe
  2⤵
  PID:15284
- C:\Windows\System\gjNStnK.exe
  C:\Windows\System\gjNStnK.exe
  2⤵
  PID:15312
- C:\Windows\System\rlVPmIA.exe
  C:\Windows\System\rlVPmIA.exe
  2⤵
  PID:15340
- C:\Windows\System\vnWFVUJ.exe
  C:\Windows\System\vnWFVUJ.exe
  2⤵
  PID:14348
- C:\Windows\System\peEOElN.exe
  C:\Windows\System\peEOElN.exe
  2⤵
  PID:14420
- C:\Windows\System\lWvmwgh.exe
  C:\Windows\System\lWvmwgh.exe
  2⤵
  PID:14476
- C:\Windows\System\vzVohsQ.exe
  C:\Windows\System\vzVohsQ.exe
  2⤵
  PID:14532
- C:\Windows\System\JwROzVV.exe
  C:\Windows\System\JwROzVV.exe
  2⤵
  PID:14600
- C:\Windows\System\naXQiBa.exe
  C:\Windows\System\naXQiBa.exe
  2⤵
  PID:14660
- C:\Windows\System\CZrautm.exe
  C:\Windows\System\CZrautm.exe
  2⤵
  PID:14732
- C:\Windows\System\sLEarwc.exe
  C:\Windows\System\sLEarwc.exe
  2⤵
  PID:14796
- C:\Windows\System\GIscQwH.exe
  C:\Windows\System\GIscQwH.exe
  2⤵
  PID:14856
- C:\Windows\System\gxkMgcA.exe
  C:\Windows\System\gxkMgcA.exe
  2⤵
  PID:14908
- C:\Windows\System\bChOYiU.exe
  C:\Windows\System\bChOYiU.exe
  2⤵
  PID:15012
- C:\Windows\System\zfzLQLt.exe
  C:\Windows\System\zfzLQLt.exe
  2⤵
  PID:15048
- C:\Windows\System\lGWIvUe.exe
  C:\Windows\System\lGWIvUe.exe
  2⤵
  PID:15104
- C:\Windows\System\rgtzceK.exe
  C:\Windows\System\rgtzceK.exe
  2⤵
  PID:15152
- C:\Windows\System\fuabstb.exe
  C:\Windows\System\fuabstb.exe
  2⤵
  PID:6908
- C:\Windows\System\SBkAxUh.exe
  C:\Windows\System\SBkAxUh.exe
  2⤵
  PID:15244
- C:\Windows\System\KoPiwtB.exe
  C:\Windows\System\KoPiwtB.exe
  2⤵
  PID:15296
- C:\Windows\System\EOmJVyJ.exe
  C:\Windows\System\EOmJVyJ.exe
  2⤵
  PID:7240
- C:\Windows\System\pPdlhPu.exe
  C:\Windows\System\pPdlhPu.exe
  2⤵
  PID:14432
- C:\Windows\System\HQWUtqh.exe
  C:\Windows\System\HQWUtqh.exe
  2⤵
  PID:14516
- C:\Windows\System\PnLXuVX.exe
  C:\Windows\System\PnLXuVX.exe
  2⤵
  PID:14628
- C:\Windows\System\BxKZRCJ.exe
  C:\Windows\System\BxKZRCJ.exe
  2⤵
  PID:7368
- C:\Windows\System\WKxllUh.exe
  C:\Windows\System\WKxllUh.exe
  2⤵
  PID:14852
- C:\Windows\System\nxbqwGe.exe
  C:\Windows\System\nxbqwGe.exe
  2⤵
  PID:14940
- C:\Windows\System\bGFPyBK.exe
  C:\Windows\System\bGFPyBK.exe
  2⤵
  PID:2708
- C:\Windows\System\LOwPMqq.exe
  C:\Windows\System\LOwPMqq.exe
  2⤵
  PID:7492
- C:\Windows\System\jEcHSfp.exe
  C:\Windows\System\jEcHSfp.exe
  2⤵
  PID:15096
- C:\Windows\System\bhdgrJt.exe
  C:\Windows\System\bhdgrJt.exe
  2⤵
  PID:15272
- C:\Windows\System\rvwWTFl.exe
  C:\Windows\System\rvwWTFl.exe
  2⤵
  PID:15192
- C:\Windows\System\BEfdnHV.exe
  C:\Windows\System\BEfdnHV.exe
  2⤵
  PID:7136
- C:\Windows\System\HYpCVqZ.exe
  C:\Windows\System\HYpCVqZ.exe
  2⤵
  PID:15336
- C:\Windows\System\JgOpajZ.exe
  C:\Windows\System\JgOpajZ.exe
  2⤵
  PID:14456
- C:\Windows\System\YpNvLxv.exe
  C:\Windows\System\YpNvLxv.exe
  2⤵
  PID:7332
- C:\Windows\System\JRHmlZt.exe
  C:\Windows\System\JRHmlZt.exe
  2⤵
  PID:7736
- C:\Windows\System\BBeMitX.exe
  C:\Windows\System\BBeMitX.exe
  2⤵
  PID:7772
- C:\Windows\System\OSeSwAv.exe
  C:\Windows\System\OSeSwAv.exe
  2⤵
  PID:14912
- C:\Windows\System\seZwFGM.exe
  C:\Windows\System\seZwFGM.exe
  2⤵
  PID:9664
- C:\Windows\System\nZvGZNb.exe
  C:\Windows\System\nZvGZNb.exe
  2⤵
  PID:7836
- C:\Windows\System\ZKMUaFH.exe
  C:\Windows\System\ZKMUaFH.exe
  2⤵
  PID:7568
- C:\Windows\System\bbvlXzY.exe
  C:\Windows\System\bbvlXzY.exe
  2⤵
  PID:7604
- C:\Windows\System\jKcsjkI.exe
  C:\Windows\System\jKcsjkI.exe
  2⤵
  PID:7916
- C:\Windows\System\VpMaVbe.exe
  C:\Windows\System\VpMaVbe.exe
  2⤵
  PID:9940
- C:\Windows\System\EbhQEMR.exe
  C:\Windows\System\EbhQEMR.exe
  2⤵
  PID:14688
- C:\Windows\System\MNGubCE.exe
  C:\Windows\System\MNGubCE.exe
  2⤵
  PID:9544
- C:\Windows\System\MiPkvkC.exe
  C:\Windows\System\MiPkvkC.exe
  2⤵
  PID:8016
- C:\Windows\System\jGkzBnd.exe
  C:\Windows\System\jGkzBnd.exe
  2⤵
  PID:1328
- C:\Windows\System\wqMmEiO.exe
  C:\Windows\System\wqMmEiO.exe
  2⤵
  PID:10180
- C:\Windows\System\mJEQPUX.exe
  C:\Windows\System\mJEQPUX.exe
  2⤵
  PID:8084
- C:\Windows\System\cbCkOyw.exe
  C:\Windows\System\cbCkOyw.exe
  2⤵
  PID:3400
- C:\Windows\System\siuRpot.exe
  C:\Windows\System\siuRpot.exe
  2⤵
  PID:9692
- C:\Windows\System\cUynKAg.exe
  C:\Windows\System\cUynKAg.exe
  2⤵
  PID:7408
- C:\Windows\System\AUeXqiU.exe
  C:\Windows\System\AUeXqiU.exe
  2⤵
  PID:6040
- C:\Windows\System\bIgZPYJ.exe
  C:\Windows\System\bIgZPYJ.exe
  2⤵
  PID:10184
- C:\Windows\System\dulPUOv.exe
  C:\Windows\System\dulPUOv.exe
  2⤵
  PID:10104
- C:\Windows\System\YdVmqkv.exe
  C:\Windows\System\YdVmqkv.exe
  2⤵
  PID:9440
- C:\Windows\System\sJdZeuW.exe
  C:\Windows\System\sJdZeuW.exe
  2⤵
  PID:8128
- C:\Windows\System\knccgic.exe
  C:\Windows\System\knccgic.exe
  2⤵
  PID:832
- C:\Windows\System\zroWffR.exe
  C:\Windows\System\zroWffR.exe
  2⤵
  PID:412
- C:\Windows\System\qEoFnaB.exe
  C:\Windows\System\qEoFnaB.exe
  2⤵
  PID:532
- C:\Windows\System\dgcCTQW.exe
  C:\Windows\System\dgcCTQW.exe
  2⤵
  PID:7288
- C:\Windows\System\byAxYPK.exe
  C:\Windows\System\byAxYPK.exe
  2⤵
  PID:9844
- C:\Windows\System\rBOAsCC.exe
  C:\Windows\System\rBOAsCC.exe
  2⤵
  PID:10044
- C:\Windows\System\bhmBENp.exe
  C:\Windows\System\bhmBENp.exe
  2⤵
  PID:10084
- C:\Windows\System\uIoWReG.exe
  C:\Windows\System\uIoWReG.exe
  2⤵
  PID:7720
- C:\Windows\System\WlzUnIT.exe
  C:\Windows\System\WlzUnIT.exe
  2⤵
  PID:916
- C:\Windows\System\KBOHaCs.exe
  C:\Windows\System\KBOHaCs.exe
  2⤵
  PID:7580
- C:\Windows\System\QdOvSqV.exe
  C:\Windows\System\QdOvSqV.exe
  2⤵
  PID:1924
- C:\Windows\System\WqwFPQI.exe
  C:\Windows\System\WqwFPQI.exe
  2⤵
  PID:888
- C:\Windows\System\XyPSAtY.exe
  C:\Windows\System\XyPSAtY.exe
  2⤵
  PID:2780
- C:\Windows\System\SAAdodE.exe
  C:\Windows\System\SAAdodE.exe
  2⤵
  PID:7656
- C:\Windows\System\VrcXqRe.exe
  C:\Windows\System\VrcXqRe.exe
  2⤵
  PID:7884
- C:\Windows\System\IBWSxPn.exe
  C:\Windows\System\IBWSxPn.exe
  2⤵
  PID:8160
- C:\Windows\System\YsRKoiy.exe
  C:\Windows\System\YsRKoiy.exe
  2⤵
  PID:6008
- C:\Windows\System\MPczHfT.exe
  C:\Windows\System\MPczHfT.exe
  2⤵
  PID:4032
- C:\Windows\System\xKLdQkZ.exe
  C:\Windows\System\xKLdQkZ.exe
  2⤵
  PID:8020
- C:\Windows\System\KYonKrV.exe
  C:\Windows\System\KYonKrV.exe
  2⤵
  PID:10320
- C:\Windows\System\dwQWsWS.exe
  C:\Windows\System\dwQWsWS.exe
  2⤵
  PID:15384
- C:\Windows\System\sntMgNs.exe
  C:\Windows\System\sntMgNs.exe
  2⤵
  PID:15412
- C:\Windows\System\bYCwuoE.exe
  C:\Windows\System\bYCwuoE.exe
  2⤵
  PID:15452
- C:\Windows\System\URvCNsS.exe
  C:\Windows\System\URvCNsS.exe
  2⤵
  PID:15468
- C:\Windows\System\kfpzsTr.exe
  C:\Windows\System\kfpzsTr.exe
  2⤵
  PID:15496
- C:\Windows\System\oXcMoBI.exe
  C:\Windows\System\oXcMoBI.exe
  2⤵
  PID:15524
- C:\Windows\System\xEbRPIk.exe
  C:\Windows\System\xEbRPIk.exe
  2⤵
  PID:15552
- C:\Windows\System\uJwkugT.exe
  C:\Windows\System\uJwkugT.exe
  2⤵
  PID:15580
- C:\Windows\System\IClZvjt.exe
  C:\Windows\System\IClZvjt.exe
  2⤵
  PID:15608
- C:\Windows\System\zhoIRAr.exe
  C:\Windows\System\zhoIRAr.exe
  2⤵
  PID:15636
- C:\Windows\System\EBTlVqU.exe
  C:\Windows\System\EBTlVqU.exe
  2⤵
  PID:15664
- C:\Windows\System\lnxMyKn.exe
  C:\Windows\System\lnxMyKn.exe
  2⤵
  PID:15692
- C:\Windows\System\DKjOXih.exe
  C:\Windows\System\DKjOXih.exe
  2⤵
  PID:15720
- C:\Windows\System\KDKFxod.exe
  C:\Windows\System\KDKFxod.exe
  2⤵
  PID:15748
- C:\Windows\System\jjaVWBl.exe
  C:\Windows\System\jjaVWBl.exe
  2⤵
  PID:15776
- C:\Windows\System\abYdYSh.exe
  C:\Windows\System\abYdYSh.exe
  2⤵
  PID:15804
- C:\Windows\System\oEaVoUb.exe
  C:\Windows\System\oEaVoUb.exe
  2⤵
  PID:15836
- C:\Windows\System\HtmySsS.exe
  C:\Windows\System\HtmySsS.exe
  2⤵
  PID:15864
- C:\Windows\System\KBqNpvZ.exe
  C:\Windows\System\KBqNpvZ.exe
  2⤵
  PID:15892
- C:\Windows\System\Hfbrlvz.exe
  C:\Windows\System\Hfbrlvz.exe
  2⤵
  PID:15920
- C:\Windows\System\kLYYrCI.exe
  C:\Windows\System\kLYYrCI.exe
  2⤵
  PID:15948
- C:\Windows\System\xJsKHwN.exe
  C:\Windows\System\xJsKHwN.exe
  2⤵
  PID:15976
- C:\Windows\System\IqFwtVU.exe
  C:\Windows\System\IqFwtVU.exe
  2⤵
  PID:16004
- C:\Windows\System\QyePLzk.exe
  C:\Windows\System\QyePLzk.exe
  2⤵
  PID:16032
- C:\Windows\System\FQifVnP.exe
  C:\Windows\System\FQifVnP.exe
  2⤵
  PID:16060
- C:\Windows\System\HfOlVyo.exe
  C:\Windows\System\HfOlVyo.exe
  2⤵
  PID:16088
- C:\Windows\System\DkYsZmL.exe
  C:\Windows\System\DkYsZmL.exe
  2⤵
  PID:16116
- C:\Windows\System\zIiafJV.exe
  C:\Windows\System\zIiafJV.exe
  2⤵
  PID:16144
- C:\Windows\System\YIdPfYt.exe
  C:\Windows\System\YIdPfYt.exe
  2⤵
  PID:16172
- C:\Windows\System\KDVGmhT.exe
  C:\Windows\System\KDVGmhT.exe
  2⤵
  PID:16200
- C:\Windows\System\XfFFPiJ.exe
  C:\Windows\System\XfFFPiJ.exe
  2⤵
  PID:16228
- C:\Windows\System\JJNHAfj.exe
  C:\Windows\System\JJNHAfj.exe
  2⤵
  PID:16256
- C:\Windows\System\gOKTqGV.exe
  C:\Windows\System\gOKTqGV.exe
  2⤵
  PID:16284
- C:\Windows\System\MCccVcd.exe
  C:\Windows\System\MCccVcd.exe
  2⤵
  PID:16312
- C:\Windows\System\grdHYjM.exe
  C:\Windows\System\grdHYjM.exe
  2⤵
  PID:16340
- C:\Windows\System\zmyxqRc.exe
  C:\Windows\System\zmyxqRc.exe
  2⤵
  PID:16368
- C:\Windows\System\sOaTgIu.exe
  C:\Windows\System\sOaTgIu.exe
  2⤵
  PID:15376
- C:\Windows\System\ynvLXVv.exe
  C:\Windows\System\ynvLXVv.exe
  2⤵
  PID:15424
- C:\Windows\System\segKsXf.exe
  C:\Windows\System\segKsXf.exe
  2⤵
  PID:15480
- C:\Windows\System\HXszMDr.exe
  C:\Windows\System\HXszMDr.exe
  2⤵
  PID:15492
- C:\Windows\System\qTyioPL.exe
  C:\Windows\System\qTyioPL.exe
  2⤵
  PID:15536
- C:\Windows\System\lxWUGYF.exe
  C:\Windows\System\lxWUGYF.exe
  2⤵
  PID:10540
- C:\Windows\System\QYasRSu.exe
  C:\Windows\System\QYasRSu.exe
  2⤵
  PID:10560
- C:\Windows\System\ypDwaNJ.exe
  C:\Windows\System\ypDwaNJ.exe
  2⤵
  PID:15648
- C:\Windows\System\gpyEKqQ.exe
  C:\Windows\System\gpyEKqQ.exe
  2⤵
  PID:15688
- C:\Windows\System\aqKJKpC.exe
  C:\Windows\System\aqKJKpC.exe
  2⤵
  PID:15732
- C:\Windows\System\HuduegP.exe
  C:\Windows\System\HuduegP.exe
  2⤵
  PID:15768
- C:\Windows\System\KJVlCxN.exe
  C:\Windows\System\KJVlCxN.exe
  2⤵
  PID:15800
- C:\Windows\System\BCrRWxS.exe
  C:\Windows\System\BCrRWxS.exe
  2⤵
  PID:15856
- C:\Windows\System\xnegEFM.exe
  C:\Windows\System\xnegEFM.exe
  2⤵
  PID:10716
- C:\Windows\System\ywdSedv.exe
  C:\Windows\System\ywdSedv.exe
  2⤵
  PID:15916
- C:\Windows\System\TYMXbHQ.exe
  C:\Windows\System\TYMXbHQ.exe
  2⤵
  PID:8340
- C:\Windows\System\nyzbKpf.exe
  C:\Windows\System\nyzbKpf.exe
  2⤵
  PID:16000
- C:\Windows\System\guaqzSE.exe
  C:\Windows\System\guaqzSE.exe
  2⤵
  PID:16044
- C:\Windows\System\PDOTqlc.exe
  C:\Windows\System\PDOTqlc.exe
  2⤵
  PID:10856
- C:\Windows\System\fIrVmZr.exe
  C:\Windows\System\fIrVmZr.exe
  2⤵
  PID:16108
- C:\Windows\System\zhbbXoT.exe
  C:\Windows\System\zhbbXoT.exe
  2⤵
  PID:16136
- C:\Windows\System\QekdbPg.exe
  C:\Windows\System\QekdbPg.exe
  2⤵
  PID:10964
- C:\Windows\System\qmkOkrr.exe
  C:\Windows\System\qmkOkrr.exe
  2⤵
  PID:16220
- C:\Windows\System\hwylfFm.exe
  C:\Windows\System\hwylfFm.exe
  2⤵
  PID:16248
- C:\Windows\System\VgXNRAI.exe
  C:\Windows\System\VgXNRAI.exe
  2⤵
  PID:16276
- C:\Windows\System\NfCkqFS.exe
  C:\Windows\System\NfCkqFS.exe
  2⤵
  PID:16304
- C:\Windows\System\KaKLVfM.exe
  C:\Windows\System\KaKLVfM.exe
  2⤵
  PID:11168
- C:\Windows\System\MkRyBkC.exe
  C:\Windows\System\MkRyBkC.exe
  2⤵
  PID:8656
- C:\Windows\System\mWhWUnz.exe
  C:\Windows\System\mWhWUnz.exe
  2⤵
  PID:8668
- C:\Windows\System\EVBeFlZ.exe
  C:\Windows\System\EVBeFlZ.exe
  2⤵
  PID:15460
- C:\Windows\System\jrxqkxE.exe
  C:\Windows\System\jrxqkxE.exe
  2⤵
  PID:8768
- C:\Windows\System\zyopEbw.exe
  C:\Windows\System\zyopEbw.exe
  2⤵
  PID:15544
- C:\Windows\System\KcgwRZY.exe
  C:\Windows\System\KcgwRZY.exe
  2⤵
  PID:15604
- C:\Windows\System\MUMZRfH.exe
  C:\Windows\System\MUMZRfH.exe
  2⤵
  PID:15632
- C:\Windows\System\tHtkShs.exe
  C:\Windows\System\tHtkShs.exe
  2⤵
  PID:10524
- C:\Windows\System\oBvzhiD.exe
  C:\Windows\System\oBvzhiD.exe
  2⤵
  PID:15760
- C:\Windows\System\aNmlwsb.exe
  C:\Windows\System\aNmlwsb.exe
  2⤵
  PID:10672
- C:\Windows\System\lfbGXfo.exe
  C:\Windows\System\lfbGXfo.exe
  2⤵
  PID:15828
- C:\Windows\System\IZPPsiM.exe
  C:\Windows\System\IZPPsiM.exe
  2⤵
  PID:8956
- C:\Windows\System\vewAIIQ.exe
  C:\Windows\System\vewAIIQ.exe
  2⤵
  PID:8992
- C:\Windows\System\PtJFOQe.exe
  C:\Windows\System\PtJFOQe.exe
  2⤵
  PID:10940
- C:\Windows\System\XMhZOdI.exe
  C:\Windows\System\XMhZOdI.exe
  2⤵
  PID:11000
- C:\Windows\System\JdNfLrC.exe
  C:\Windows\System\JdNfLrC.exe
  2⤵
  PID:16056
- C:\Windows\System\AjzuJwz.exe
  C:\Windows\System\AjzuJwz.exe
  2⤵
  PID:16084
- C:\Windows\System\eDOWwui.exe
  C:\Windows\System\eDOWwui.exe
  2⤵
  PID:9088
- C:\Windows\System\AwmKmCA.exe
  C:\Windows\System\AwmKmCA.exe
  2⤵
  PID:3280
- C:\Windows\System\OmOzJju.exe
  C:\Windows\System\OmOzJju.exe
  2⤵
  PID:16212
- C:\Windows\System\XgzPWVR.exe
  C:\Windows\System\XgzPWVR.exe
  2⤵
  PID:16240
- C:\Windows\System\XHyBQXn.exe
  C:\Windows\System\XHyBQXn.exe
  2⤵
  PID:8556
- C:\Windows\System\BWXTDit.exe
  C:\Windows\System\BWXTDit.exe
  2⤵
  PID:15592
- C:\Windows\System\iIgkdDg.exe
  C:\Windows\System\iIgkdDg.exe
  2⤵
  PID:16352
- C:\Windows\System\VBdXSac.exe
  C:\Windows\System\VBdXSac.exe
  2⤵
  PID:4908
- C:\Windows\System\nrBHAAe.exe
  C:\Windows\System\nrBHAAe.exe
  2⤵
  PID:11224
- C:\Windows\System\HUkTzsb.exe
  C:\Windows\System\HUkTzsb.exe
  2⤵
  PID:10992
- C:\Windows\System\Pjfybmg.exe
  C:\Windows\System\Pjfybmg.exe
  2⤵
  PID:3716
- C:\Windows\System\FFzFrWK.exe
  C:\Windows\System\FFzFrWK.exe
  2⤵
  PID:15520
- C:\Windows\System\xBmwBwT.exe
  C:\Windows\System\xBmwBwT.exe
  2⤵
  PID:8808
- C:\Windows\System\HgkEzGM.exe
  C:\Windows\System\HgkEzGM.exe
  2⤵
  PID:8864
- C:\Windows\System\diixOGz.exe
  C:\Windows\System\diixOGz.exe
  2⤵
  PID:10632
- C:\Windows\System\JsogBYT.exe
  C:\Windows\System\JsogBYT.exe
  2⤵
  PID:8560
- C:\Windows\System\yTQcwSw.exe
  C:\Windows\System\yTQcwSw.exe
  2⤵
  PID:8620
- C:\Windows\System\QwNZTaH.exe
  C:\Windows\System\QwNZTaH.exe
  2⤵
  PID:8704
- C:\Windows\System\NgBaTYT.exe
  C:\Windows\System\NgBaTYT.exe
  2⤵
  PID:15996
- C:\Windows\System\QninVlJ.exe
  C:\Windows\System\QninVlJ.exe
  2⤵
  PID:8840
- C:\Windows\System\qSvaMfS.exe
  C:\Windows\System\qSvaMfS.exe
  2⤵
  PID:9104
- C:\Windows\System\poPzsIa.exe
  C:\Windows\System\poPzsIa.exe
  2⤵
  PID:9116
- C:\Windows\System\ziSNzCs.exe
  C:\Windows\System\ziSNzCs.exe
  2⤵
  PID:16224
- C:\Windows\System\tXLivUw.exe
  C:\Windows\System\tXLivUw.exe
  2⤵
  PID:11356
- C:\Windows\System\bXJdIJp.exe
  C:\Windows\System\bXJdIJp.exe
  2⤵
  PID:11384
- C:\Windows\System\ASjEWXY.exe
  C:\Windows\System\ASjEWXY.exe
  2⤵
  PID:8092
- C:\Windows\System\GMlcIsJ.exe
  C:\Windows\System\GMlcIsJ.exe
  2⤵
  PID:11448
- C:\Windows\System\RjMFRDw.exe
  C:\Windows\System\RjMFRDw.exe
  2⤵
  PID:8260
- C:\Windows\System\TlIWRCO.exe
  C:\Windows\System\TlIWRCO.exe
  2⤵
  PID:2872
- C:\Windows\System\HKbKlUD.exe
  C:\Windows\System\HKbKlUD.exe
  2⤵
  PID:3976
- C:\Windows\System\LLRyqmU.exe
  C:\Windows\System\LLRyqmU.exe
  2⤵
  PID:2328
- C:\Windows\System\FRWwyge.exe
  C:\Windows\System\FRWwyge.exe
  2⤵
  PID:11588
- C:\Windows\System\IXIfwaf.exe
  C:\Windows\System\IXIfwaf.exe
  2⤵
  PID:11616
- C:\Windows\System\uTpwRCv.exe
  C:\Windows\System\uTpwRCv.exe
  2⤵
  PID:8848
- C:\Windows\System\rrCQiUy.exe
  C:\Windows\System\rrCQiUy.exe
  2⤵
  PID:9036
- C:\Windows\System\txrGgqK.exe
  C:\Windows\System\txrGgqK.exe
  2⤵
  PID:9156
- C:\Windows\System\wSsyOzB.exe
  C:\Windows\System\wSsyOzB.exe
  2⤵
  PID:8232
- C:\Windows\System\YOwqHNA.exe
  C:\Windows\System\YOwqHNA.exe
  2⤵
  PID:8544
- C:\Windows\System\pXdGKVg.exe
  C:\Windows\System\pXdGKVg.exe
  2⤵
  PID:9172
- C:\Windows\System\gVbJvmY.exe
  C:\Windows\System\gVbJvmY.exe
  2⤵
  PID:11400
- C:\Windows\System\wYFaqKi.exe
  C:\Windows\System\wYFaqKi.exe
  2⤵
  PID:11812
- C:\Windows\System\oCJKblS.exe
  C:\Windows\System\oCJKblS.exe
  2⤵
  PID:10636
- C:\Windows\System\RdJXygr.exe
  C:\Windows\System\RdJXygr.exe
  2⤵
  PID:15440
- C:\Windows\System\cvMtbph.exe
  C:\Windows\System\cvMtbph.exe
  2⤵
  PID:9304
- C:\Windows\System\cGkGTCo.exe
  C:\Windows\System\cGkGTCo.exe
  2⤵
  PID:9316
- C:\Windows\System\vvqusNF.exe
  C:\Windows\System\vvqusNF.exe
  2⤵
  PID:9352
- C:\Windows\System\CzoJzuJ.exe
  C:\Windows\System\CzoJzuJ.exe
  2⤵
  PID:9380
- C:\Windows\System\CfeBhuC.exe
  C:\Windows\System\CfeBhuC.exe
  2⤵
  PID:9400
- C:\Windows\System\gRPfIzf.exe
  C:\Windows\System\gRPfIzf.exe
  2⤵
  PID:9428
- C:\Windows\System\wRCCHNZ.exe
  C:\Windows\System\wRCCHNZ.exe
  2⤵
  PID:9472
- C:\Windows\System\ZjpxgUp.exe
  C:\Windows\System\ZjpxgUp.exe
  2⤵
  PID:9484
- C:\Windows\System\novedYd.exe
  C:\Windows\System\novedYd.exe
  2⤵
  PID:11840
- C:\Windows\System\WknMbsn.exe
  C:\Windows\System\WknMbsn.exe
  2⤵
  PID:11880
- C:\Windows\System\uGHoOcO.exe
  C:\Windows\System\uGHoOcO.exe
  2⤵
  PID:9624
- C:\Windows\System\ncIiCTe.exe
  C:\Windows\System\ncIiCTe.exe
  2⤵
  PID:2036
- C:\Windows\System\CnpiYyO.exe
  C:\Windows\System\CnpiYyO.exe
  2⤵
  PID:8508
- C:\Windows\System\hWBenbt.exe
  C:\Windows\System\hWBenbt.exe
  2⤵
  PID:16364
- C:\Windows\System\FTSsFei.exe
  C:\Windows\System\FTSsFei.exe
  2⤵
  PID:9736
- C:\Windows\System\sSpOyMr.exe
  C:\Windows\System\sSpOyMr.exe
  2⤵
  PID:8372
- C:\Windows\System\XyihQVV.exe
  C:\Windows\System\XyihQVV.exe
  2⤵
  PID:12180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\Bmmhxpk.exe

Filesize
6.0MB

MD5
048636333b2f310268a7f18258a27565

SHA1
e8e107a51476ea98afcb7b1584bbeea05be03f5a

SHA256
5963157b735b14b1397b96e93be2d4e1db628b55be8728dec8721d455011d2db

SHA512
d9e6c15d110e2419265843d87d57b43da64942886c69f82c2d9ca335a08dfe2d08dda3999e676b530f325c742aafd5d7e92f19613f459307f8dd190624b4832a

Download Submit
C:\Windows\System\CYpcdGG.exe

Filesize
6.0MB

MD5
b06997fc12f9c0adc3de1ffea158c27f

SHA1
b0e5e7cbd14bd3614a06041d50f06e5bacf79f1d

SHA256
7cb7ac0283284f1fcd67230f4b1af32877fd3746e939f6df3fcf93a9c9694392

SHA512
0c609c7c5f11306bd2bbcf622fa27f8b7e046cfb2bad4de6fb1423f2f20493ba43e73093423002c8600e4d559adb6a0fda4a7113e0c572724fefa3e66ef027ce

Download Submit
C:\Windows\System\DLaBNSQ.exe

Filesize
6.0MB

MD5
221559a887946554221a0cd136258eb1

SHA1
b170dd5bf8b33e27239139221b3b1a577e663f57

SHA256
45014edafaec3e283969556f2a1510cac228d2932cc8a4c1a0952c7177a3ff3c

SHA512
94e18f42a44c3b687cc65855492213e40e3de482b4ceba551e7e79bcd49c89ac4cd11360edd5c3434f9cba14179de764044fb25c1947dd339b23d5ebcb2f91f1

Download Submit
C:\Windows\System\FWVVYts.exe

Filesize
6.0MB

MD5
21d40f4d201c07a6de14bdaeb105d7b6

SHA1
5d7757aafd5fbf28899afc8a4a29f911fb2efa79

SHA256
94f9eed5fcc2cd4b39043d697dfe30a33ee0416e218edf01cada2fb9cd25974f

SHA512
bb63bf7af5f2b19425b619220fc8f73a5d3cf864621b2e026cb5809466cf34f8972e99970da7aa1eed9dea78ca227316abdc96e98b6a70b0e003a20fb72a1df0

Download Submit
C:\Windows\System\IvjgTHA.exe

Filesize
6.0MB

MD5
d86308f76990b6e0929f051f8fd286d4

SHA1
6d1911349a7d0f4e26e5cc9ab60f699393b57c02

SHA256
ce8702aa09f36250af23ff5127a910628332fae89d8c685a26e8ca8068464f7e

SHA512
41fa11af093157eb23702134dec5f6e32f71d71f35a6ed6479d058c77e060d07be82b514b7f3f0d8b95ef7a359b972fead49d76ddb83953a9b3688b34bcacd61

Download Submit
C:\Windows\System\KgNJWZS.exe

Filesize
6.0MB

MD5
22b167283aeb253c66e3e5a22fbea215

SHA1
35a841f7950d6ea7b268e2ea4b7661ed2ab82639

SHA256
2e029a9a0264b9adbf4be8634535294744f24acc6c50383a5e8c467cfbb2574e

SHA512
16d1f7088584e33205a80ec91a3ec3984605fceda514bfaec55bcda2ef5f45627b165298ab21ebc973542f42bc01bd0b6c0f6cb44606a83a7a1bd6d161be38ce

Download Submit
C:\Windows\System\MlHICRR.exe

Filesize
6.0MB

MD5
911bec43aa70b800333f3825251458d8

SHA1
dac174b0df91c9c140bd9ce3809d23567742955a

SHA256
5370c00875dd4dbcd7fdd32379d9417abb6237f870985135e685ca908f244a8c

SHA512
7895066153f280205ca625e704b3fe0e3a240bc32e8b7329723b11ea2c4dc12864de18dac4aed7ea9f4fbb381d7f3c583f3c6dccd91b1ff2cc3dae8056a522cb

Download Submit
C:\Windows\System\OSAJyZJ.exe

Filesize
6.0MB

MD5
0a455eb7e0198e7448403b420e06db41

SHA1
e289c290acc742811e60846acbc1a7c8d124f8a6

SHA256
a14da163187caaed7951475de1eb17953f768821a625587e57dda13b0d8a3569

SHA512
6dcc332db77372ef148f31e7a0c12dd623a000785ae9e7bafa99781d1e8f3092f936b693ddf77d6f9137b05c8df63cd35f776db35c2d37eb7b8ac39b1d2b124a

Download Submit
C:\Windows\System\QHWUVAb.exe

Filesize
6.0MB

MD5
f0f854853cc6ff51461fa85556865545

SHA1
aedc70ba0ef61e6f9403ae4c265e060626bc75e0

SHA256
c04528be94dc0457e7ae400c07d5203674bff410469d973e2961f8da44fc8e30

SHA512
a102543d8395e6637d8429487927507fcc19b61ce73e8a7b3e61f0ee69f94dcb57af284b8240e25fbf5ef13af1401b0e8305d4ca1ebaac3143521d2b583168fb

Download Submit
C:\Windows\System\SAqRsHA.exe

Filesize
6.0MB

MD5
50d88c1fd01a1481c4ddd04ef890130b

SHA1
7488a84df124a996d8a942e3a7bf101570de3672

SHA256
f80be6817b49c1441201fd143bcbae417a537aa3fa32e944de3a5d18406a1f3a

SHA512
34702ab548d956f23722d933a38a4b266bf96fec8ecba82552d354bb05788a679683607490f061963e6cc450049828a9a0b596233d046200b35bb2af4b9f564f

Download Submit
C:\Windows\System\VUIfqDs.exe

Filesize
6.0MB

MD5
2687a554355e27b7248946fdc0e87eb7

SHA1
7a21f91cdaec376f18de85460214f6738a8a546e

SHA256
b66161bc77e0942e833f5850c16cd0be9a62c9ad0eafe00072a3b0abb7668b7d

SHA512
89cc104e962521975a49e0d672e9f2e782bfc1b92f398e0c7a7d2a44319dc39790bb317aa16760cf4c1e9584a96c50f80fc871646b2bcee335bfab93a20c8ece

Download Submit
C:\Windows\System\VoxdPPM.exe

Filesize
6.0MB

MD5
04b90bc29e52bd1cbbf72798ade4dab1

SHA1
04ec2f312ddc68dda843e51acac509c3d0511785

SHA256
2789dbb04c50fafd5265b30f393d1dd6289217d18c5b9010b673cab6149f50b5

SHA512
ab8ffce94368b703ba1308d74dd586b47af90a685d045e1a61e7d40de9d324cf9631b10a6570373b6528ad5318bc2203daad4cdc3084acf30c88ba80658a4b65

Download Submit
C:\Windows\System\VsoXstz.exe

Filesize
6.0MB

MD5
34e5765c03864589ff405e63f9a01cfb

SHA1
596d10f9419e437f1812a40898ac0be7da62ab1d

SHA256
aad0f99c4889a1107bcfb8960f9519bb437ec50e5f568120a4e7b351785567ec

SHA512
3c8c7dcca5f9238b77581bc643b5209b45928f0d52e86714b90b562703320627ec4e91daf8f3667b757a038c32d23ea0021968c565f9e3c770ae9d9e79fc2057

Download Submit
C:\Windows\System\YrlbKYj.exe

Filesize
6.0MB

MD5
f4d567d721aae7faf476f5752a83a52a

SHA1
47a4840b96c3e6cf03c6ba911205806b7765e6fa

SHA256
0b713fe92e8e10eeac94e8183f46d421052bdd7f5958e41a4bf702c01203dccb

SHA512
ff76615857f8bb27ebf8779409f148999fd452c2854584a8d7efd3af13e4e8a3eb09c3d5128a80dc3f87c5bae105bd97b24168a0cbeefb38cd0d68cd1f8cf7d4

Download Submit
C:\Windows\System\dNwdoVA.exe

Filesize
6.0MB

MD5
bc0ecfc81c1cf06988defadec310af6b

SHA1
f9b0c20f446646eafc4261943ae6bb499317d2d8

SHA256
9b04e437d4973df7eb40037b08915f7d33e65d6aca5496728334df122e710bb0

SHA512
8886b88819d2a23aef9aabdc46cc30ab033e57c1752d374d85d11c71cde074a4f67b5f5cc8d22491cc3839d1ec10fee982f4b2feeb28248fa3229accef781c9e

Download Submit
C:\Windows\System\eibFZwJ.exe

Filesize
6.0MB

MD5
905ccc8408ac895cdeec7c802a23f458

SHA1
c1afd98d9ae9c146e34b68560278b0f1f3695c95

SHA256
e0dcd2dc5a6766a881d6f1e64e4a479a82ea6bda99a328a216680678181084c2

SHA512
58e75a7228ab455848e11bba96c275883e5e42e016530748d8e88791851a8dee790ec6257cc0b02b57ba96b350d3aed979185121e89480054b74d5c9128cc413

Download Submit
C:\Windows\System\hNhPlHU.exe

Filesize
6.0MB

MD5
3f243857934981d7eb25da4bda01dc1e

SHA1
c9c004548e61b72ff6ebba7729c4d0eca97e2262

SHA256
60d6ce65d853d34aab2b41576ae348b886bd2a7df7e8cd1e1048409a52acab75

SHA512
ff802d9d146723f0c8059e65ad5ff939dc296fa6c15021cd58bafab2ec4fcf57f12239e63ad6197b957749bf84ea53fadcd92f21ade661e7061d453f4e696899

Download Submit
C:\Windows\System\kcYBeWD.exe

Filesize
6.0MB

MD5
700eb20001ca6f7d5363d1606d040d03

SHA1
33c4ece007ce6ac4f753cdde5208aa60893ee05f

SHA256
5cef2e8f1b9c98fa07398ef7d677cadc33d5fbed0055212e594edb3fd0e713d2

SHA512
7141bff0abb032c5f9d3501fbccb68fcc63f9b1c8112cf10dad911dd4198e58900b88be2d11fa33cd14cbefdc3987ca2b5ac0fa7290929cc62bb917c9cd4426b

Download Submit
C:\Windows\System\nNqjDlG.exe

Filesize
6.0MB

MD5
ad51433d043e89b5183816f5bedd0dd2

SHA1
80f49e669df78b5aaea0eaf4dd4fa8ceef179775

SHA256
a18fccd60c7b4c7ecde6700302d435ea7870bb3eb922c5f67b4797e9a5ac98ab

SHA512
d54e9885b79a915f93dc043961b0cf08cad007344beb27da40c654a2637586cc8259c124ce4b5091d982994adc96564046b024eba9313229f3020a12eb1c3cd6

Download Submit
C:\Windows\System\pPwFdqo.exe

Filesize
6.0MB

MD5
c6728474bc80d8370aceefa21cbb2c5b

SHA1
3ef8c4fa1319a1ea42062157bb4df423f5276c15

SHA256
76405cb2ac885b15e8f48c27c8ca0b497f620b93b0fae7710a2fb4ee9ffb56c1

SHA512
99b6924e8376b9e8605b0153d5509b34733e8ddc5b8374e8c8d773dbbbe2aa2b700e9a63bc31dc0e4e56fd31875591d54c743f178e7dc5df93e6efdc8edb54c8

Download Submit
C:\Windows\System\pouWDon.exe

Filesize
6.0MB

MD5
e9aae1416d746ffaf966c4b9188e3c91

SHA1
1c912a873e90c26b16886e11bd82b4e210327101

SHA256
6c76b98e1f55d05b8163395f1e056f1d7b82c393583607f77304ac43409a51b1

SHA512
f8732643664825cac7c44dfcae21ce96ea70bf2da0b256d45f3716353141e28b5d073635ab597a35323c20c0b2c3e02b19948fe5c178bfae540b98151e30293c

Download Submit
C:\Windows\System\pxtkBhT.exe

Filesize
6.0MB

MD5
e9a10251ae593965f233254ff52672f3

SHA1
dfc9472267b1b0eba1f6b71ff9f93ce2d8367533

SHA256
9d14bb0ac89bc1d0b58c0f3b972599623ef30c682d27ec9e753e4d54730a5f71

SHA512
79d114ee1cb4a491343eaf99b9d65f1912f76b1e6123513918fdaa5e6cb25c75955ff00f973e17a21b63095afb78e5a3075f8126d5de130eb80bbe04b77f895b

Download Submit
C:\Windows\System\qEGXbHv.exe

Filesize
6.0MB

MD5
3505a25dc86ed1f5f1b426db4fdd0d76

SHA1
4ed0369821a2fe19879ffaf533ae9234c950b138

SHA256
1eea77f9dfcacafc1dffddb8d03c552f75326fbfd92cefdd5cd50447a8c2dce6

SHA512
6e0afdc9d466902a0ae6899cca5c2218922a04324a4518c769f290b2519b3f1723afe2e06a91f18cf675be5cf5ae3ab699c4981f3a6179f8d3117a1fd14915f6

Download Submit
C:\Windows\System\qVQGcdU.exe

Filesize
6.0MB

MD5
eb02e91f4e2f16d09c09c71b38c7b930

SHA1
5076350c3cea6006589c48f89738d01703e19cce

SHA256
fe3a6e8047e39bed63d8f05447f0769b40697b4b440ba42550cb22050ef37650

SHA512
3127c71bd24e6487b9a1cd18069f7644679828fd0d17cc37aa3c64fe8ba65b8a7c6e7460790ebf76af7c070575dedf8428ee0d2a1f10fe287892bc724a6f14a9

Download Submit
C:\Windows\System\qjRigMm.exe

Filesize
6.0MB

MD5
3fce35880691a97172efc1a07a6035e2

SHA1
4b1a42f1ca652b92201fd58c2b5f4a79c03dec4d

SHA256
f35a12e86e2838c89c3a0edbf521514833caed920e3c004c55a57971ad4d4d11

SHA512
7a1310fed0772caba087e069b0022da9b815b11ddeb336fe25fd483177567d57a0a88e1268d22eae793903a6dd33b806f0b451cc7a9565c052735c9495df3fa9

Download Submit
C:\Windows\System\qqKfFvM.exe

Filesize
6.0MB

MD5
27165887a15d64acfd68c71f9de920f3

SHA1
c91c4b57ba2dc5a9afa82651b50e377f05708794

SHA256
ba9ffb4b1b67cbfac8768b883d9ef01061fa243bc3ccd124121650c5edee3f3c

SHA512
2fa53b4f1529e16b80bca6233e5784b451be7cf25045b1cb165c9575b703ae661d48ef25428e4fc1d687f50776a8cd0fa38519af6b7d31d7e2aaebd17b082429

Download Submit
C:\Windows\System\rNFQAjS.exe

Filesize
6.0MB

MD5
519e78dc9545f26598bf52525debe25e

SHA1
a0b4b1462bcffe8ebf6854cbbdacf00ed10bb004

SHA256
ae494c14b4db5531a7b7f59f293ca3b2715852d3347ec02f8066225bf5125246

SHA512
18f6f82120618f9d7e6d21b91f43c4fd92be00ba8990c2a42c32f8ee2d34083610751d9b2535e0a02858e3b5b0dc70050739eb9af35c75692f90123ef0e34527

Download Submit
C:\Windows\System\rWxgrEt.exe

Filesize
6.0MB

MD5
14cc960d852a0f0f4d7b789f2d2557d3

SHA1
a695bc454398dd7885dd76c0aa22efa77a52e2d9

SHA256
9b0e4e6290bb26b79825219839aa2258fa9eab6fc42a6c8fcfce39b556a4e97c

SHA512
a1c03be168740e28d839073daf149d75e897d3315310c2c940d79755508c711883709ee7dbb0d1a3c6eaec8afef0398a05c749f061498aac784f9cea9f86dca0

Download Submit
C:\Windows\System\sCJPJvY.exe

Filesize
6.0MB

MD5
77e74baeaaf545285a9d371b7409f44e

SHA1
7de5de5138dcf56e1ad54d8acaca109828265c48

SHA256
c49121c0eefb7f0ead10ea69ac513650134612bbda686af32f524756241c482b

SHA512
0f453dc74a0a3763b2015504a2527b5c194333fa145243e1ccd56ffdba5a17357633c0c0863d9ba1ac3afff789d79e9867100f0f74505fd2d1d7ce6c293905da

Download Submit
C:\Windows\System\xnHuvor.exe

Filesize
6.0MB

MD5
f76ce6f74ccf30d3b2caffba85c095a4

SHA1
21711b64763fa76db1a85aa6b63f353f89b71b55

SHA256
17d01b906dd33ab36fe9f642cede6ad3daa7acc0d4f51d94089b52e126f0cdab

SHA512
aec9956c0455e50f5a1958f042671ebfd7681f3bd6a1b81ee4a8f0c9edf99da8c81c80bd8bf533a1c727c3a3b5b5a776da2746ba89475154266199e3bd08f4c7

Download Submit
C:\Windows\System\yPRZboG.exe

Filesize
6.0MB

MD5
b028ba4f763873a0754609b24ea75749

SHA1
277e9cc7a40e1aff04b03bac17629118cfd22069

SHA256
5e854e31afa6e0c0eb50c5b2e6b607af8e7526371846090ffd360476c56b4432

SHA512
44700694dcb07c276e79d7b7450b7a7f3c0fd7aec908714cad6210933c1e104ba09cebb0eee7715c777b6f3c5eea6065b9deeab05a23d80e62869ddfea1f6c0f

Download Submit
C:\Windows\System\yXxwwOb.exe

Filesize
6.0MB

MD5
160bc86ea6b38676c717e18a9d9041f0

SHA1
f72bf3a97b678ecc62715f2f464ac3b0a9d869cc

SHA256
d6729bbf6798236c90def7c7308e81876b7daef67a58325702a79c23c5eb63b5

SHA512
02d28ea29cedc0053783610bba270d807781e06b3e2326262fbf3cd0e3ba77aaca933c802ea50e9812c091eabe5ff97cebbb0ae20daab31fd91a5b4fdce15dbf

Download Submit
C:\Windows\System\zyDlOKx.exe

Filesize
6.0MB

MD5
91c90e3a21bc51f7b95e71ed1589db99

SHA1
f5af29b73dbb07b413949a463cb2f9517aabc7a7

SHA256
689a303ec24d72c1a8b02f11627001e643df0e4fbcda40f2a907d2fb320377bd

SHA512
030ad059ae7c87be01c791c755f205c0c3d409a43c12c39d9396605656929e153594bd668491c5c0cb6d7b0650025351b6df50512391b0f5e0fbbfffc8394f7a

Download Submit
memory/32-1649-0x00007FF76EBD0000-0x00007FF76EF24000-memory.dmp

Filesize
3.3MB

Download
memory/32-95-0x00007FF76EBD0000-0x00007FF76EF24000-memory.dmp

Filesize
3.3MB

Download
memory/32-36-0x00007FF76EBD0000-0x00007FF76EF24000-memory.dmp

Filesize
3.3MB

Download
memory/540-117-0x00007FF7ADFA0000-0x00007FF7AE2F4000-memory.dmp

Filesize
3.3MB

Download
memory/540-1849-0x00007FF7ADFA0000-0x00007FF7AE2F4000-memory.dmp

Filesize
3.3MB

Download
memory/744-1870-0x00007FF6673E0000-0x00007FF667734000-memory.dmp

Filesize
3.3MB

Download
memory/744-161-0x00007FF6673E0000-0x00007FF667734000-memory.dmp

Filesize
3.3MB

Download
memory/744-1378-0x00007FF6673E0000-0x00007FF667734000-memory.dmp

Filesize
3.3MB

Download
memory/1048-144-0x00007FF641C40000-0x00007FF641F94000-memory.dmp

Filesize
3.3MB

Download
memory/1048-1268-0x00007FF641C40000-0x00007FF641F94000-memory.dmp

Filesize
3.3MB

Download
memory/1048-1868-0x00007FF641C40000-0x00007FF641F94000-memory.dmp

Filesize
3.3MB

Download
memory/1456-187-0x00007FF738560000-0x00007FF7388B4000-memory.dmp

Filesize
3.3MB

Download
memory/1456-1886-0x00007FF738560000-0x00007FF7388B4000-memory.dmp

Filesize
3.3MB

Download
memory/1456-1574-0x00007FF738560000-0x00007FF7388B4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-166-0x00007FF7CD890000-0x00007FF7CDBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-1873-0x00007FF7CD890000-0x00007FF7CDBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-1418-0x00007FF7CD890000-0x00007FF7CDBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-30-0x00007FF70A690000-0x00007FF70A9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-88-0x00007FF70A690000-0x00007FF70A9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-1644-0x00007FF70A690000-0x00007FF70A9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-1629-0x00007FF76C120000-0x00007FF76C474000-memory.dmp

Filesize
3.3MB

Download
memory/2204-74-0x00007FF76C120000-0x00007FF76C474000-memory.dmp

Filesize
3.3MB

Download
memory/2204-20-0x00007FF76C120000-0x00007FF76C474000-memory.dmp

Filesize
3.3MB

Download
memory/2692-81-0x00007FF7F0020000-0x00007FF7F0374000-memory.dmp

Filesize
3.3MB

Download
memory/2692-25-0x00007FF7F0020000-0x00007FF7F0374000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1643-0x00007FF7F0020000-0x00007FF7F0374000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1874-0x00007FF663730000-0x00007FF663A84000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1468-0x00007FF663730000-0x00007FF663A84000-memory.dmp

Filesize
3.3MB

Download
memory/2720-173-0x00007FF663730000-0x00007FF663A84000-memory.dmp

Filesize
3.3MB

Download
memory/2768-1826-0x00007FF6C4A40000-0x00007FF6C4D94000-memory.dmp

Filesize
3.3MB

Download
memory/2768-53-0x00007FF6C4A40000-0x00007FF6C4D94000-memory.dmp

Filesize
3.3MB

Download
memory/2924-127-0x00007FF7E2E40000-0x00007FF7E3194000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1225-0x00007FF7E2E40000-0x00007FF7E3194000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1858-0x00007FF7E2E40000-0x00007FF7E3194000-memory.dmp

Filesize
3.3MB

Download
memory/2956-68-0x00007FF68E670000-0x00007FF68E9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-1833-0x00007FF68E670000-0x00007FF68E9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-145-0x00007FF68E670000-0x00007FF68E9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-157-0x00007FF694100000-0x00007FF694454000-memory.dmp

Filesize
3.3MB

Download
memory/2992-1844-0x00007FF694100000-0x00007FF694454000-memory.dmp

Filesize
3.3MB

Download
memory/2992-82-0x00007FF694100000-0x00007FF694454000-memory.dmp

Filesize
3.3MB

Download
memory/3168-149-0x00007FF68CF80000-0x00007FF68D2D4000-memory.dmp

Filesize
3.3MB

Download
memory/3168-75-0x00007FF68CF80000-0x00007FF68D2D4000-memory.dmp

Filesize
3.3MB

Download
memory/3168-1837-0x00007FF68CF80000-0x00007FF68D2D4000-memory.dmp

Filesize
3.3MB

Download
memory/3184-188-0x00007FF6B3C90000-0x00007FF6B3FE4000-memory.dmp

Filesize
3.3MB

Download
memory/3184-1891-0x00007FF6B3C90000-0x00007FF6B3FE4000-memory.dmp

Filesize
3.3MB

Download
memory/3184-1653-0x00007FF6B3C90000-0x00007FF6B3FE4000-memory.dmp

Filesize
3.3MB

Download
memory/3448-1867-0x00007FF7214B0000-0x00007FF721804000-memory.dmp

Filesize
3.3MB

Download
memory/3448-148-0x00007FF7214B0000-0x00007FF721804000-memory.dmp

Filesize
3.3MB

Download
memory/3448-1377-0x00007FF7214B0000-0x00007FF721804000-memory.dmp

Filesize
3.3MB

Download
memory/3588-1828-0x00007FF661350000-0x00007FF6616A4000-memory.dmp

Filesize
3.3MB

Download
memory/3588-62-0x00007FF661350000-0x00007FF6616A4000-memory.dmp

Filesize
3.3MB

Download
memory/3588-138-0x00007FF661350000-0x00007FF6616A4000-memory.dmp

Filesize
3.3MB

Download
memory/3936-184-0x00007FF7D6DE0000-0x00007FF7D7134000-memory.dmp

Filesize
3.3MB

Download
memory/3936-1852-0x00007FF7D6DE0000-0x00007FF7D7134000-memory.dmp

Filesize
3.3MB

Download
memory/3936-116-0x00007FF7D6DE0000-0x00007FF7D7134000-memory.dmp

Filesize
3.3MB

Download
memory/3940-1821-0x00007FF7F79F0000-0x00007FF7F7D44000-memory.dmp

Filesize
3.3MB

Download
memory/3940-43-0x00007FF7F79F0000-0x00007FF7F7D44000-memory.dmp

Filesize
3.3MB

Download
memory/3940-111-0x00007FF7F79F0000-0x00007FF7F7D44000-memory.dmp

Filesize
3.3MB

Download
memory/4004-162-0x00007FF79A710000-0x00007FF79AA64000-memory.dmp

Filesize
3.3MB

Download
memory/4004-89-0x00007FF79A710000-0x00007FF79AA64000-memory.dmp

Filesize
3.3MB

Download
memory/4004-1847-0x00007FF79A710000-0x00007FF79AA64000-memory.dmp

Filesize
3.3MB

Download
memory/4012-1848-0x00007FF6A58A0000-0x00007FF6A5BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4012-171-0x00007FF6A58A0000-0x00007FF6A5BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4012-98-0x00007FF6A58A0000-0x00007FF6A5BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4064-139-0x00007FF6D5890000-0x00007FF6D5BE4000-memory.dmp

Filesize
3.3MB

Download
memory/4064-1865-0x00007FF6D5890000-0x00007FF6D5BE4000-memory.dmp

Filesize
3.3MB

Download
memory/4064-1320-0x00007FF6D5890000-0x00007FF6D5BE4000-memory.dmp

Filesize
3.3MB

Download
memory/4164-1866-0x00007FF7353A0000-0x00007FF7356F4000-memory.dmp

Filesize
3.3MB

Download
memory/4164-133-0x00007FF7353A0000-0x00007FF7356F4000-memory.dmp

Filesize
3.3MB

Download
memory/4164-1226-0x00007FF7353A0000-0x00007FF7356F4000-memory.dmp

Filesize
3.3MB

Download
memory/4416-1571-0x00007FF61F970000-0x00007FF61FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/4416-1881-0x00007FF61F970000-0x00007FF61FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/4416-179-0x00007FF61F970000-0x00007FF61FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/4500-14-0x00007FF69EFB0000-0x00007FF69F304000-memory.dmp

Filesize
3.3MB

Download
memory/4500-1555-0x00007FF69EFB0000-0x00007FF69F304000-memory.dmp

Filesize
3.3MB

Download
memory/4600-1846-0x00007FF7EC090000-0x00007FF7EC3E4000-memory.dmp

Filesize
3.3MB

Download
memory/4600-107-0x00007FF7EC090000-0x00007FF7EC3E4000-memory.dmp

Filesize
3.3MB

Download
memory/4600-172-0x00007FF7EC090000-0x00007FF7EC3E4000-memory.dmp

Filesize
3.3MB

Download
memory/4900-1829-0x00007FF6BF770000-0x00007FF6BFAC4000-memory.dmp

Filesize
3.3MB

Download
memory/4900-56-0x00007FF6BF770000-0x00007FF6BFAC4000-memory.dmp

Filesize
3.3MB

Download
memory/4900-126-0x00007FF6BF770000-0x00007FF6BFAC4000-memory.dmp

Filesize
3.3MB

Download
memory/4980-8-0x00007FF67A2D0000-0x00007FF67A624000-memory.dmp

Filesize
3.3MB

Download
memory/4980-55-0x00007FF67A2D0000-0x00007FF67A624000-memory.dmp

Filesize
3.3MB

Download
memory/4980-1551-0x00007FF67A2D0000-0x00007FF67A624000-memory.dmp

Filesize
3.3MB

Download
memory/5004-0-0x00007FF7C8940000-0x00007FF7C8C94000-memory.dmp

Filesize
3.3MB

Download
memory/5004-1-0x0000022D621E0000-0x0000022D621F0000-memory.dmp

Filesize
64KB

Download
memory/5004-50-0x00007FF7C8940000-0x00007FF7C8C94000-memory.dmp

Filesize
3.3MB

Download