cobaltstrike | 0de4bd3c7d398ca09357ce4e8e55d7193dfe8ea15327897ec7ce617cc27ace2d

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 02:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7355ec3e430ab9239e831330f88be501
SHA1

fe94d6f7ad19a738bd28ef34ed0727651868561c
SHA256

0de4bd3c7d398ca09357ce4e8e55d7193dfe8ea15327897ec7ce617cc27ace2d
SHA512

4e8805468828537876b30a3dd612d6248dcc5091580b2b8ef9444b68e4ffdc7e5f7dd80d5e2948bbdc643d2912918d12c6676bbd75624999dacd5a0cdf261073
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU8:T+q56utgpPF8u/78

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b6c-3.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c65-12.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c66-16.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c67-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c68-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c69-32.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6a-43.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6b-47.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023c5a-52.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6c-58.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6d-66.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6f-71.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c70-77.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c71-94.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c72-99.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c74-106.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c73-100.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c75-111.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c76-115.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c77-121.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c78-126.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7b-144.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7d-149.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7e-156.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c80-166.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c82-175.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c83-183.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c81-171.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7f-161.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7c-147.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7a-136.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c79-131.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4160-0-0x00007FF654930000-0x00007FF654C84000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b6c-3.dat	xmrig
behavioral2/memory/3636-8-0x00007FF78F280000-0x00007FF78F5D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c65-12.dat	xmrig
behavioral2/files/0x0007000000023c66-16.dat	xmrig
behavioral2/memory/4480-15-0x00007FF7C6FD0000-0x00007FF7C7324000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c67-23.dat	xmrig
behavioral2/files/0x0007000000023c68-28.dat	xmrig
behavioral2/files/0x0007000000023c69-32.dat	xmrig
behavioral2/memory/5044-31-0x00007FF756540000-0x00007FF756894000-memory.dmp	xmrig
behavioral2/memory/2112-34-0x00007FF687330000-0x00007FF687684000-memory.dmp	xmrig
behavioral2/memory/844-37-0x00007FF77BDB0000-0x00007FF77C104000-memory.dmp	xmrig
behavioral2/memory/2120-40-0x00007FF702B70000-0x00007FF702EC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c6a-43.dat	xmrig
behavioral2/memory/2204-41-0x00007FF7C28A0000-0x00007FF7C2BF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c6b-47.dat	xmrig
behavioral2/files/0x0009000000023c5a-52.dat	xmrig
behavioral2/files/0x0007000000023c6c-58.dat	xmrig
behavioral2/memory/4192-59-0x00007FF7F3F10000-0x00007FF7F4264000-memory.dmp	xmrig
behavioral2/memory/2376-54-0x00007FF7F23A0000-0x00007FF7F26F4000-memory.dmp	xmrig
behavioral2/memory/2980-50-0x00007FF7453E0000-0x00007FF745734000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c6d-66.dat	xmrig
behavioral2/memory/3104-68-0x00007FF6755E0000-0x00007FF675934000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c6f-71.dat	xmrig
behavioral2/files/0x0007000000023c70-77.dat	xmrig
behavioral2/memory/3636-82-0x00007FF78F280000-0x00007FF78F5D4000-memory.dmp	xmrig
behavioral2/memory/1328-85-0x00007FF793F00000-0x00007FF794254000-memory.dmp	xmrig
behavioral2/memory/844-91-0x00007FF77BDB0000-0x00007FF77C104000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c71-94.dat	xmrig
behavioral2/files/0x0007000000023c72-99.dat	xmrig
behavioral2/files/0x0007000000023c74-106.dat	xmrig
behavioral2/files/0x0007000000023c73-100.dat	xmrig
behavioral2/memory/4324-96-0x00007FF797CE0000-0x00007FF798034000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c75-111.dat	xmrig
behavioral2/files/0x0007000000023c76-115.dat	xmrig
behavioral2/files/0x0007000000023c77-121.dat	xmrig
behavioral2/files/0x0007000000023c78-126.dat	xmrig
behavioral2/files/0x0007000000023c7b-144.dat	xmrig
behavioral2/files/0x0007000000023c7d-149.dat	xmrig
behavioral2/files/0x0007000000023c7e-156.dat	xmrig
behavioral2/files/0x0007000000023c80-166.dat	xmrig
behavioral2/files/0x0007000000023c82-175.dat	xmrig
behavioral2/memory/2204-417-0x00007FF7C28A0000-0x00007FF7C2BF4000-memory.dmp	xmrig
behavioral2/memory/4864-418-0x00007FF78BF10000-0x00007FF78C264000-memory.dmp	xmrig
behavioral2/memory/3468-421-0x00007FF76A9E0000-0x00007FF76AD34000-memory.dmp	xmrig
behavioral2/memory/2696-424-0x00007FF728250000-0x00007FF7285A4000-memory.dmp	xmrig
behavioral2/memory/4964-428-0x00007FF7ECCF0000-0x00007FF7ED044000-memory.dmp	xmrig
behavioral2/memory/2928-434-0x00007FF6CB3E0000-0x00007FF6CB734000-memory.dmp	xmrig
behavioral2/memory/5056-435-0x00007FF7AF730000-0x00007FF7AFA84000-memory.dmp	xmrig
behavioral2/memory/860-436-0x00007FF7D47D0000-0x00007FF7D4B24000-memory.dmp	xmrig
behavioral2/memory/2704-437-0x00007FF60A560000-0x00007FF60A8B4000-memory.dmp	xmrig
behavioral2/memory/3108-432-0x00007FF62C290000-0x00007FF62C5E4000-memory.dmp	xmrig
behavioral2/memory/2256-431-0x00007FF7A9630000-0x00007FF7A9984000-memory.dmp	xmrig
behavioral2/memory/3400-430-0x00007FF625310000-0x00007FF625664000-memory.dmp	xmrig
behavioral2/memory/4972-426-0x00007FF723690000-0x00007FF7239E4000-memory.dmp	xmrig
behavioral2/memory/3320-423-0x00007FF7C4280000-0x00007FF7C45D4000-memory.dmp	xmrig
behavioral2/memory/1020-419-0x00007FF6A9860000-0x00007FF6A9BB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c83-183.dat	xmrig
behavioral2/files/0x0007000000023c81-171.dat	xmrig
behavioral2/files/0x0007000000023c7f-161.dat	xmrig
behavioral2/files/0x0007000000023c7c-147.dat	xmrig
behavioral2/memory/2376-440-0x00007FF7F23A0000-0x00007FF7F26F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c7a-136.dat	xmrig
behavioral2/memory/4192-495-0x00007FF7F3F10000-0x00007FF7F4264000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3636	qMzhAcd.exe
4480	cyxTjNE.exe
5044	SjizpFO.exe
2120	AawoDMa.exe
2112	gwtCsYG.exe
844	SkFMWyu.exe
2204	NlNVSlj.exe
2980	tfuwQqk.exe
2376	xzgOEKe.exe
4192	IDpuSLP.exe
3104	iADjwga.exe
3428	TqKTIMj.exe
1328	ujKVHOP.exe
32	WJYnOBi.exe
4324	BNXCThy.exe
4864	gdHxWcB.exe
2704	tCNShoo.exe
1020	BkfHJOa.exe
3468	TqiUnie.exe
3320	SqPPsFZ.exe
2696	jZeRhjk.exe
4972	IxMyUrD.exe
4964	yEVFBje.exe
3400	aCAMnKT.exe
2256	gGRgRop.exe
3108	yrPavZT.exe
2928	TArIGyK.exe
5056	mElVpKS.exe
860	LCOxyHn.exe
3360	NRCRbqf.exe
4472	KUzmnie.exe
1500	YFtwEmV.exe
3452	dznGSGY.exe
1380	IghOrXT.exe
4500	vaaAfrD.exe
216	Nrgghgz.exe
4256	GSFqpAL.exe
4936	sXdRWln.exe
4720	eyhWQbq.exe
4664	PdesXkR.exe
2188	jEbGTMf.exe
4360	FKjDDqF.exe
1140	wcSJPfo.exe
3184	WjCZjpQ.exe
2196	BNfteto.exe
532	ZnpDBIz.exe
3480	McYANRM.exe
672	YhLTvFY.exe
728	ArDAKfe.exe
3132	hUGAlpa.exe
1156	kUyNSKt.exe
2400	UOghfji.exe
4660	VMrIEnD.exe
3164	tGuFfns.exe
3684	VVsYSru.exe
3788	ghXKhWR.exe
1764	OlepVCG.exe
780	XqVdQvT.exe
3504	RNajYEa.exe
4072	eJqHkgy.exe
1968	CCyzxbS.exe
876	pGGATvO.exe
2268	bFYtURo.exe
2692	dndxzHv.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4160-0-0x00007FF654930000-0x00007FF654C84000-memory.dmp	upx
behavioral2/files/0x000c000000023b6c-3.dat	upx
behavioral2/memory/3636-8-0x00007FF78F280000-0x00007FF78F5D4000-memory.dmp	upx
behavioral2/files/0x0007000000023c65-12.dat	upx
behavioral2/files/0x0007000000023c66-16.dat	upx
behavioral2/memory/4480-15-0x00007FF7C6FD0000-0x00007FF7C7324000-memory.dmp	upx
behavioral2/files/0x0007000000023c67-23.dat	upx
behavioral2/files/0x0007000000023c68-28.dat	upx
behavioral2/files/0x0007000000023c69-32.dat	upx
behavioral2/memory/5044-31-0x00007FF756540000-0x00007FF756894000-memory.dmp	upx
behavioral2/memory/2112-34-0x00007FF687330000-0x00007FF687684000-memory.dmp	upx
behavioral2/memory/844-37-0x00007FF77BDB0000-0x00007FF77C104000-memory.dmp	upx
behavioral2/memory/2120-40-0x00007FF702B70000-0x00007FF702EC4000-memory.dmp	upx
behavioral2/files/0x0007000000023c6a-43.dat	upx
behavioral2/memory/2204-41-0x00007FF7C28A0000-0x00007FF7C2BF4000-memory.dmp	upx
behavioral2/files/0x0007000000023c6b-47.dat	upx
behavioral2/files/0x0009000000023c5a-52.dat	upx
behavioral2/files/0x0007000000023c6c-58.dat	upx
behavioral2/memory/4192-59-0x00007FF7F3F10000-0x00007FF7F4264000-memory.dmp	upx
behavioral2/memory/2376-54-0x00007FF7F23A0000-0x00007FF7F26F4000-memory.dmp	upx
behavioral2/memory/2980-50-0x00007FF7453E0000-0x00007FF745734000-memory.dmp	upx
behavioral2/files/0x0007000000023c6d-66.dat	upx
behavioral2/memory/3104-68-0x00007FF6755E0000-0x00007FF675934000-memory.dmp	upx
behavioral2/files/0x0007000000023c6f-71.dat	upx
behavioral2/files/0x0007000000023c70-77.dat	upx
behavioral2/memory/3636-82-0x00007FF78F280000-0x00007FF78F5D4000-memory.dmp	upx
behavioral2/memory/1328-85-0x00007FF793F00000-0x00007FF794254000-memory.dmp	upx
behavioral2/memory/844-91-0x00007FF77BDB0000-0x00007FF77C104000-memory.dmp	upx
behavioral2/files/0x0007000000023c71-94.dat	upx
behavioral2/files/0x0007000000023c72-99.dat	upx
behavioral2/files/0x0007000000023c74-106.dat	upx
behavioral2/files/0x0007000000023c73-100.dat	upx
behavioral2/memory/4324-96-0x00007FF797CE0000-0x00007FF798034000-memory.dmp	upx
behavioral2/files/0x0007000000023c75-111.dat	upx
behavioral2/files/0x0007000000023c76-115.dat	upx
behavioral2/files/0x0007000000023c77-121.dat	upx
behavioral2/files/0x0007000000023c78-126.dat	upx
behavioral2/files/0x0007000000023c7b-144.dat	upx
behavioral2/files/0x0007000000023c7d-149.dat	upx
behavioral2/files/0x0007000000023c7e-156.dat	upx
behavioral2/files/0x0007000000023c80-166.dat	upx
behavioral2/files/0x0007000000023c82-175.dat	upx
behavioral2/memory/2204-417-0x00007FF7C28A0000-0x00007FF7C2BF4000-memory.dmp	upx
behavioral2/memory/4864-418-0x00007FF78BF10000-0x00007FF78C264000-memory.dmp	upx
behavioral2/memory/3468-421-0x00007FF76A9E0000-0x00007FF76AD34000-memory.dmp	upx
behavioral2/memory/2696-424-0x00007FF728250000-0x00007FF7285A4000-memory.dmp	upx
behavioral2/memory/4964-428-0x00007FF7ECCF0000-0x00007FF7ED044000-memory.dmp	upx
behavioral2/memory/2928-434-0x00007FF6CB3E0000-0x00007FF6CB734000-memory.dmp	upx
behavioral2/memory/5056-435-0x00007FF7AF730000-0x00007FF7AFA84000-memory.dmp	upx
behavioral2/memory/860-436-0x00007FF7D47D0000-0x00007FF7D4B24000-memory.dmp	upx
behavioral2/memory/2704-437-0x00007FF60A560000-0x00007FF60A8B4000-memory.dmp	upx
behavioral2/memory/3108-432-0x00007FF62C290000-0x00007FF62C5E4000-memory.dmp	upx
behavioral2/memory/2256-431-0x00007FF7A9630000-0x00007FF7A9984000-memory.dmp	upx
behavioral2/memory/3400-430-0x00007FF625310000-0x00007FF625664000-memory.dmp	upx
behavioral2/memory/4972-426-0x00007FF723690000-0x00007FF7239E4000-memory.dmp	upx
behavioral2/memory/3320-423-0x00007FF7C4280000-0x00007FF7C45D4000-memory.dmp	upx
behavioral2/memory/1020-419-0x00007FF6A9860000-0x00007FF6A9BB4000-memory.dmp	upx
behavioral2/files/0x0007000000023c83-183.dat	upx
behavioral2/files/0x0007000000023c81-171.dat	upx
behavioral2/files/0x0007000000023c7f-161.dat	upx
behavioral2/files/0x0007000000023c7c-147.dat	upx
behavioral2/memory/2376-440-0x00007FF7F23A0000-0x00007FF7F26F4000-memory.dmp	upx
behavioral2/files/0x0007000000023c7a-136.dat	upx
behavioral2/memory/4192-495-0x00007FF7F3F10000-0x00007FF7F4264000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PQtvQAe.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iShukab.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QucsOWq.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FuoHHhi.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtOkPQz.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ToqaPyf.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJCGurb.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbSskZa.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DaglxEt.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGUqzHo.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqzlLcO.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXwtSBN.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYzdZti.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztAzvAv.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mNjUcGk.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPejkee.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vbtolWr.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gvBHsWt.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXjBUJP.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXuczuk.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egtXXMZ.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPWLsDS.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHrdxXH.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hJYZHlG.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sfDTPPL.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrPavZT.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbkEktk.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZyEdRT.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOLdgUQ.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udopPEd.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmqGEho.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEqbslp.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bNBqPqi.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rShyDdl.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSFqpAL.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pOarRfl.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oWShTTz.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aArsFJv.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XiyTiNG.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jVyMANZ.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZInTgQ.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffbuHSB.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mmAfTAd.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\npIeKwl.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTszCbU.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXEwDEL.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hvcUjNu.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lOPNkPF.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bjsXHWP.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LSyfmLl.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VLUUxWA.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddEEIwG.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhIomIn.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yukCwvZ.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WEVVPEi.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pEBlGqM.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPqOVfA.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWNelOK.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIZnvoW.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gIaPPqi.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vaaAfrD.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PXxPbFm.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbBACpL.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BvbVpbN.exe	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 3636	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4160 wrote to memory of 3636	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4160 wrote to memory of 4480	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4160 wrote to memory of 4480	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4160 wrote to memory of 5044	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4160 wrote to memory of 5044	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4160 wrote to memory of 2120	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4160 wrote to memory of 2120	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4160 wrote to memory of 2112	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4160 wrote to memory of 2112	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4160 wrote to memory of 844	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4160 wrote to memory of 844	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4160 wrote to memory of 2204	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4160 wrote to memory of 2204	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4160 wrote to memory of 2980	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4160 wrote to memory of 2980	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4160 wrote to memory of 2376	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4160 wrote to memory of 2376	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4160 wrote to memory of 4192	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4160 wrote to memory of 4192	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4160 wrote to memory of 3104	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4160 wrote to memory of 3104	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4160 wrote to memory of 3428	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4160 wrote to memory of 3428	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4160 wrote to memory of 1328	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4160 wrote to memory of 1328	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4160 wrote to memory of 32	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4160 wrote to memory of 32	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4160 wrote to memory of 4324	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4160 wrote to memory of 4324	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4160 wrote to memory of 4864	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4160 wrote to memory of 4864	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4160 wrote to memory of 2704	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4160 wrote to memory of 2704	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4160 wrote to memory of 1020	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4160 wrote to memory of 1020	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4160 wrote to memory of 3468	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4160 wrote to memory of 3468	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4160 wrote to memory of 3320	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4160 wrote to memory of 3320	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4160 wrote to memory of 2696	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4160 wrote to memory of 2696	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4160 wrote to memory of 4972	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4160 wrote to memory of 4972	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4160 wrote to memory of 4964	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4160 wrote to memory of 4964	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4160 wrote to memory of 3400	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4160 wrote to memory of 3400	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4160 wrote to memory of 2256	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4160 wrote to memory of 2256	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4160 wrote to memory of 3108	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4160 wrote to memory of 3108	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4160 wrote to memory of 2928	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4160 wrote to memory of 2928	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4160 wrote to memory of 5056	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4160 wrote to memory of 5056	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4160 wrote to memory of 860	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4160 wrote to memory of 860	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4160 wrote to memory of 3360	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4160 wrote to memory of 3360	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4160 wrote to memory of 4472	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4160 wrote to memory of 4472	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4160 wrote to memory of 1500	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 4160 wrote to memory of 1500	4160	2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_7355ec3e430ab9239e831330f88be501_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Windows\System\qMzhAcd.exe
  C:\Windows\System\qMzhAcd.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\cyxTjNE.exe
  C:\Windows\System\cyxTjNE.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\SjizpFO.exe
  C:\Windows\System\SjizpFO.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\AawoDMa.exe
  C:\Windows\System\AawoDMa.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\gwtCsYG.exe
  C:\Windows\System\gwtCsYG.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\SkFMWyu.exe
  C:\Windows\System\SkFMWyu.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\NlNVSlj.exe
  C:\Windows\System\NlNVSlj.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\tfuwQqk.exe
  C:\Windows\System\tfuwQqk.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\xzgOEKe.exe
  C:\Windows\System\xzgOEKe.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\IDpuSLP.exe
  C:\Windows\System\IDpuSLP.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\iADjwga.exe
  C:\Windows\System\iADjwga.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\TqKTIMj.exe
  C:\Windows\System\TqKTIMj.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\ujKVHOP.exe
  C:\Windows\System\ujKVHOP.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\WJYnOBi.exe
  C:\Windows\System\WJYnOBi.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System\BNXCThy.exe
  C:\Windows\System\BNXCThy.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\gdHxWcB.exe
  C:\Windows\System\gdHxWcB.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\tCNShoo.exe
  C:\Windows\System\tCNShoo.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\BkfHJOa.exe
  C:\Windows\System\BkfHJOa.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\TqiUnie.exe
  C:\Windows\System\TqiUnie.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\SqPPsFZ.exe
  C:\Windows\System\SqPPsFZ.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\jZeRhjk.exe
  C:\Windows\System\jZeRhjk.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\IxMyUrD.exe
  C:\Windows\System\IxMyUrD.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\yEVFBje.exe
  C:\Windows\System\yEVFBje.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\aCAMnKT.exe
  C:\Windows\System\aCAMnKT.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\gGRgRop.exe
  C:\Windows\System\gGRgRop.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\yrPavZT.exe
  C:\Windows\System\yrPavZT.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\TArIGyK.exe
  C:\Windows\System\TArIGyK.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\mElVpKS.exe
  C:\Windows\System\mElVpKS.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\LCOxyHn.exe
  C:\Windows\System\LCOxyHn.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\NRCRbqf.exe
  C:\Windows\System\NRCRbqf.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\KUzmnie.exe
  C:\Windows\System\KUzmnie.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\YFtwEmV.exe
  C:\Windows\System\YFtwEmV.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\dznGSGY.exe
  C:\Windows\System\dznGSGY.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\IghOrXT.exe
  C:\Windows\System\IghOrXT.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\vaaAfrD.exe
  C:\Windows\System\vaaAfrD.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\Nrgghgz.exe
  C:\Windows\System\Nrgghgz.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\GSFqpAL.exe
  C:\Windows\System\GSFqpAL.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\sXdRWln.exe
  C:\Windows\System\sXdRWln.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\eyhWQbq.exe
  C:\Windows\System\eyhWQbq.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\PdesXkR.exe
  C:\Windows\System\PdesXkR.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\jEbGTMf.exe
  C:\Windows\System\jEbGTMf.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\FKjDDqF.exe
  C:\Windows\System\FKjDDqF.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\wcSJPfo.exe
  C:\Windows\System\wcSJPfo.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\WjCZjpQ.exe
  C:\Windows\System\WjCZjpQ.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\BNfteto.exe
  C:\Windows\System\BNfteto.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\ZnpDBIz.exe
  C:\Windows\System\ZnpDBIz.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\McYANRM.exe
  C:\Windows\System\McYANRM.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\YhLTvFY.exe
  C:\Windows\System\YhLTvFY.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\ArDAKfe.exe
  C:\Windows\System\ArDAKfe.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System\hUGAlpa.exe
  C:\Windows\System\hUGAlpa.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\kUyNSKt.exe
  C:\Windows\System\kUyNSKt.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\UOghfji.exe
  C:\Windows\System\UOghfji.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\VMrIEnD.exe
  C:\Windows\System\VMrIEnD.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\tGuFfns.exe
  C:\Windows\System\tGuFfns.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\VVsYSru.exe
  C:\Windows\System\VVsYSru.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\ghXKhWR.exe
  C:\Windows\System\ghXKhWR.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\OlepVCG.exe
  C:\Windows\System\OlepVCG.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\XqVdQvT.exe
  C:\Windows\System\XqVdQvT.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\RNajYEa.exe
  C:\Windows\System\RNajYEa.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\eJqHkgy.exe
  C:\Windows\System\eJqHkgy.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\CCyzxbS.exe
  C:\Windows\System\CCyzxbS.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\pGGATvO.exe
  C:\Windows\System\pGGATvO.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\bFYtURo.exe
  C:\Windows\System\bFYtURo.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\dndxzHv.exe
  C:\Windows\System\dndxzHv.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\QPSLwPa.exe
  C:\Windows\System\QPSLwPa.exe
  2⤵
  PID:3876
- C:\Windows\System\PXxPbFm.exe
  C:\Windows\System\PXxPbFm.exe
  2⤵
  PID:228
- C:\Windows\System\EuVLRHF.exe
  C:\Windows\System\EuVLRHF.exe
  2⤵
  PID:632
- C:\Windows\System\tpRQckz.exe
  C:\Windows\System\tpRQckz.exe
  2⤵
  PID:2392
- C:\Windows\System\LrgYSRm.exe
  C:\Windows\System\LrgYSRm.exe
  2⤵
  PID:4560
- C:\Windows\System\SoJPJck.exe
  C:\Windows\System\SoJPJck.exe
  2⤵
  PID:3612
- C:\Windows\System\SNaRChu.exe
  C:\Windows\System\SNaRChu.exe
  2⤵
  PID:3128
- C:\Windows\System\jRyUFQY.exe
  C:\Windows\System\jRyUFQY.exe
  2⤵
  PID:1668
- C:\Windows\System\ykOMAbA.exe
  C:\Windows\System\ykOMAbA.exe
  2⤵
  PID:4700
- C:\Windows\System\SmOcpVk.exe
  C:\Windows\System\SmOcpVk.exe
  2⤵
  PID:3588
- C:\Windows\System\xsQYJnp.exe
  C:\Windows\System\xsQYJnp.exe
  2⤵
  PID:4088
- C:\Windows\System\dQfDeVz.exe
  C:\Windows\System\dQfDeVz.exe
  2⤵
  PID:4152
- C:\Windows\System\VPjzNvy.exe
  C:\Windows\System\VPjzNvy.exe
  2⤵
  PID:1336
- C:\Windows\System\AAiJwNI.exe
  C:\Windows\System\AAiJwNI.exe
  2⤵
  PID:1172
- C:\Windows\System\ATFQkZA.exe
  C:\Windows\System\ATFQkZA.exe
  2⤵
  PID:412
- C:\Windows\System\sTLwCZo.exe
  C:\Windows\System\sTLwCZo.exe
  2⤵
  PID:3496
- C:\Windows\System\UHEdqoV.exe
  C:\Windows\System\UHEdqoV.exe
  2⤵
  PID:1204
- C:\Windows\System\SWvXjuw.exe
  C:\Windows\System\SWvXjuw.exe
  2⤵
  PID:3476
- C:\Windows\System\EgXyXWj.exe
  C:\Windows\System\EgXyXWj.exe
  2⤵
  PID:4520
- C:\Windows\System\ydCuUIx.exe
  C:\Windows\System\ydCuUIx.exe
  2⤵
  PID:4548
- C:\Windows\System\FhdVwjH.exe
  C:\Windows\System\FhdVwjH.exe
  2⤵
  PID:1120
- C:\Windows\System\oQAykWq.exe
  C:\Windows\System\oQAykWq.exe
  2⤵
  PID:1416
- C:\Windows\System\VEjTXpq.exe
  C:\Windows\System\VEjTXpq.exe
  2⤵
  PID:4228
- C:\Windows\System\VJwINgr.exe
  C:\Windows\System\VJwINgr.exe
  2⤵
  PID:4800
- C:\Windows\System\WwIMfsh.exe
  C:\Windows\System\WwIMfsh.exe
  2⤵
  PID:3596
- C:\Windows\System\OFhlxzC.exe
  C:\Windows\System\OFhlxzC.exe
  2⤵
  PID:5140
- C:\Windows\System\bvmVROf.exe
  C:\Windows\System\bvmVROf.exe
  2⤵
  PID:5172
- C:\Windows\System\JJTDxaf.exe
  C:\Windows\System\JJTDxaf.exe
  2⤵
  PID:5228
- C:\Windows\System\XsryeAD.exe
  C:\Windows\System\XsryeAD.exe
  2⤵
  PID:5248
- C:\Windows\System\AcAiyQf.exe
  C:\Windows\System\AcAiyQf.exe
  2⤵
  PID:5288
- C:\Windows\System\UwNZNTJ.exe
  C:\Windows\System\UwNZNTJ.exe
  2⤵
  PID:5304
- C:\Windows\System\NXACkSD.exe
  C:\Windows\System\NXACkSD.exe
  2⤵
  PID:5332
- C:\Windows\System\WIgUWpD.exe
  C:\Windows\System\WIgUWpD.exe
  2⤵
  PID:5360
- C:\Windows\System\jhvDztI.exe
  C:\Windows\System\jhvDztI.exe
  2⤵
  PID:5388
- C:\Windows\System\lBnwomR.exe
  C:\Windows\System\lBnwomR.exe
  2⤵
  PID:5416
- C:\Windows\System\VRqsOIj.exe
  C:\Windows\System\VRqsOIj.exe
  2⤵
  PID:5444
- C:\Windows\System\GIFPHss.exe
  C:\Windows\System\GIFPHss.exe
  2⤵
  PID:5472
- C:\Windows\System\nbvRFcE.exe
  C:\Windows\System\nbvRFcE.exe
  2⤵
  PID:5500
- C:\Windows\System\YMmXiqN.exe
  C:\Windows\System\YMmXiqN.exe
  2⤵
  PID:5528
- C:\Windows\System\lXIxxEU.exe
  C:\Windows\System\lXIxxEU.exe
  2⤵
  PID:5556
- C:\Windows\System\xjRvtEq.exe
  C:\Windows\System\xjRvtEq.exe
  2⤵
  PID:5584
- C:\Windows\System\xzMwNbn.exe
  C:\Windows\System\xzMwNbn.exe
  2⤵
  PID:5612
- C:\Windows\System\lzUoaxV.exe
  C:\Windows\System\lzUoaxV.exe
  2⤵
  PID:5628
- C:\Windows\System\lSGbHxM.exe
  C:\Windows\System\lSGbHxM.exe
  2⤵
  PID:5668
- C:\Windows\System\UOuvdAL.exe
  C:\Windows\System\UOuvdAL.exe
  2⤵
  PID:5708
- C:\Windows\System\XzawIry.exe
  C:\Windows\System\XzawIry.exe
  2⤵
  PID:5724
- C:\Windows\System\RdnhGqR.exe
  C:\Windows\System\RdnhGqR.exe
  2⤵
  PID:5764
- C:\Windows\System\yCPZidc.exe
  C:\Windows\System\yCPZidc.exe
  2⤵
  PID:5820
- C:\Windows\System\ZPzrUcS.exe
  C:\Windows\System\ZPzrUcS.exe
  2⤵
  PID:5904
- C:\Windows\System\JGUqzHo.exe
  C:\Windows\System\JGUqzHo.exe
  2⤵
  PID:6028
- C:\Windows\System\hKiLKya.exe
  C:\Windows\System\hKiLKya.exe
  2⤵
  PID:6064
- C:\Windows\System\zlsBHHk.exe
  C:\Windows\System\zlsBHHk.exe
  2⤵
  PID:6116
- C:\Windows\System\WXrSKvw.exe
  C:\Windows\System\WXrSKvw.exe
  2⤵
  PID:5112
- C:\Windows\System\QRTaXjd.exe
  C:\Windows\System\QRTaXjd.exe
  2⤵
  PID:5128
- C:\Windows\System\ZqqbGQT.exe
  C:\Windows\System\ZqqbGQT.exe
  2⤵
  PID:5484
- C:\Windows\System\Oltjwxl.exe
  C:\Windows\System\Oltjwxl.exe
  2⤵
  PID:5400
- C:\Windows\System\VzgDokW.exe
  C:\Windows\System\VzgDokW.exe
  2⤵
  PID:5320
- C:\Windows\System\VCTmtBb.exe
  C:\Windows\System\VCTmtBb.exe
  2⤵
  PID:5260
- C:\Windows\System\zCBveLM.exe
  C:\Windows\System\zCBveLM.exe
  2⤵
  PID:5184
- C:\Windows\System\qAvXSaD.exe
  C:\Windows\System\qAvXSaD.exe
  2⤵
  PID:5568
- C:\Windows\System\VcNZmGW.exe
  C:\Windows\System\VcNZmGW.exe
  2⤵
  PID:5624
- C:\Windows\System\NeoLQYO.exe
  C:\Windows\System\NeoLQYO.exe
  2⤵
  PID:5680
- C:\Windows\System\pRwMuus.exe
  C:\Windows\System\pRwMuus.exe
  2⤵
  PID:1640
- C:\Windows\System\TXpRtaW.exe
  C:\Windows\System\TXpRtaW.exe
  2⤵
  PID:5816
- C:\Windows\System\fEclssA.exe
  C:\Windows\System\fEclssA.exe
  2⤵
  PID:1492
- C:\Windows\System\TxxGwcj.exe
  C:\Windows\System\TxxGwcj.exe
  2⤵
  PID:1948
- C:\Windows\System\CpFNyjq.exe
  C:\Windows\System\CpFNyjq.exe
  2⤵
  PID:4656
- C:\Windows\System\ITxsoxB.exe
  C:\Windows\System\ITxsoxB.exe
  2⤵
  PID:6012
- C:\Windows\System\hcVrSlQ.exe
  C:\Windows\System\hcVrSlQ.exe
  2⤵
  PID:5832
- C:\Windows\System\rsXrowf.exe
  C:\Windows\System\rsXrowf.exe
  2⤵
  PID:2044
- C:\Windows\System\FQngaSG.exe
  C:\Windows\System\FQngaSG.exe
  2⤵
  PID:5376
- C:\Windows\System\YovfXNC.exe
  C:\Windows\System\YovfXNC.exe
  2⤵
  PID:5520
- C:\Windows\System\pZTSrGv.exe
  C:\Windows\System\pZTSrGv.exe
  2⤵
  PID:5924
- C:\Windows\System\RqPUGtI.exe
  C:\Windows\System\RqPUGtI.exe
  2⤵
  PID:2884
- C:\Windows\System\TmCGPwX.exe
  C:\Windows\System\TmCGPwX.exe
  2⤵
  PID:3688
- C:\Windows\System\UwbfDJr.exe
  C:\Windows\System\UwbfDJr.exe
  2⤵
  PID:3720
- C:\Windows\System\ftYGhfQ.exe
  C:\Windows\System\ftYGhfQ.exe
  2⤵
  PID:4312
- C:\Windows\System\LueEpKP.exe
  C:\Windows\System\LueEpKP.exe
  2⤵
  PID:5752
- C:\Windows\System\ofGBpiT.exe
  C:\Windows\System\ofGBpiT.exe
  2⤵
  PID:5432
- C:\Windows\System\hSoljhp.exe
  C:\Windows\System\hSoljhp.exe
  2⤵
  PID:6152
- C:\Windows\System\knacLGn.exe
  C:\Windows\System\knacLGn.exe
  2⤵
  PID:6180
- C:\Windows\System\qJDxKcC.exe
  C:\Windows\System\qJDxKcC.exe
  2⤵
  PID:6212
- C:\Windows\System\wjFlDoa.exe
  C:\Windows\System\wjFlDoa.exe
  2⤵
  PID:6240
- C:\Windows\System\gEvBMtV.exe
  C:\Windows\System\gEvBMtV.exe
  2⤵
  PID:6264
- C:\Windows\System\gGsDxeZ.exe
  C:\Windows\System\gGsDxeZ.exe
  2⤵
  PID:6296
- C:\Windows\System\pWafUfF.exe
  C:\Windows\System\pWafUfF.exe
  2⤵
  PID:6320
- C:\Windows\System\JnEUxoH.exe
  C:\Windows\System\JnEUxoH.exe
  2⤵
  PID:6352
- C:\Windows\System\PWRyINn.exe
  C:\Windows\System\PWRyINn.exe
  2⤵
  PID:6384
- C:\Windows\System\jwNVUII.exe
  C:\Windows\System\jwNVUII.exe
  2⤵
  PID:6412
- C:\Windows\System\bzLGAcT.exe
  C:\Windows\System\bzLGAcT.exe
  2⤵
  PID:6436
- C:\Windows\System\TrxthkW.exe
  C:\Windows\System\TrxthkW.exe
  2⤵
  PID:6468
- C:\Windows\System\WubRoMg.exe
  C:\Windows\System\WubRoMg.exe
  2⤵
  PID:6496
- C:\Windows\System\eXlFAEq.exe
  C:\Windows\System\eXlFAEq.exe
  2⤵
  PID:6524
- C:\Windows\System\JJxPJPj.exe
  C:\Windows\System\JJxPJPj.exe
  2⤵
  PID:6552
- C:\Windows\System\NnNnXag.exe
  C:\Windows\System\NnNnXag.exe
  2⤵
  PID:6580
- C:\Windows\System\hTYmCJk.exe
  C:\Windows\System\hTYmCJk.exe
  2⤵
  PID:6604
- C:\Windows\System\sVPOaqr.exe
  C:\Windows\System\sVPOaqr.exe
  2⤵
  PID:6636
- C:\Windows\System\KUCHitk.exe
  C:\Windows\System\KUCHitk.exe
  2⤵
  PID:6664
- C:\Windows\System\qJFfmQW.exe
  C:\Windows\System\qJFfmQW.exe
  2⤵
  PID:6700
- C:\Windows\System\HPrQXyX.exe
  C:\Windows\System\HPrQXyX.exe
  2⤵
  PID:6728
- C:\Windows\System\bbuFKkz.exe
  C:\Windows\System\bbuFKkz.exe
  2⤵
  PID:6744
- C:\Windows\System\zqzlLcO.exe
  C:\Windows\System\zqzlLcO.exe
  2⤵
  PID:6776
- C:\Windows\System\cpBNMhS.exe
  C:\Windows\System\cpBNMhS.exe
  2⤵
  PID:6808
- C:\Windows\System\KvqtEyy.exe
  C:\Windows\System\KvqtEyy.exe
  2⤵
  PID:6840
- C:\Windows\System\NNtDOpl.exe
  C:\Windows\System\NNtDOpl.exe
  2⤵
  PID:6868
- C:\Windows\System\pOarRfl.exe
  C:\Windows\System\pOarRfl.exe
  2⤵
  PID:6896
- C:\Windows\System\lUmajKw.exe
  C:\Windows\System\lUmajKw.exe
  2⤵
  PID:6928
- C:\Windows\System\mUeNSTc.exe
  C:\Windows\System\mUeNSTc.exe
  2⤵
  PID:6952
- C:\Windows\System\qgeMyaQ.exe
  C:\Windows\System\qgeMyaQ.exe
  2⤵
  PID:6984
- C:\Windows\System\jTaVSSJ.exe
  C:\Windows\System\jTaVSSJ.exe
  2⤵
  PID:7012
- C:\Windows\System\gRJHjYW.exe
  C:\Windows\System\gRJHjYW.exe
  2⤵
  PID:7040
- C:\Windows\System\UnQpuRr.exe
  C:\Windows\System\UnQpuRr.exe
  2⤵
  PID:7068
- C:\Windows\System\gfGPMOe.exe
  C:\Windows\System\gfGPMOe.exe
  2⤵
  PID:7092
- C:\Windows\System\BSXhPfB.exe
  C:\Windows\System\BSXhPfB.exe
  2⤵
  PID:396
- C:\Windows\System\lBCTLWF.exe
  C:\Windows\System\lBCTLWF.exe
  2⤵
  PID:992
- C:\Windows\System\LXTknIz.exe
  C:\Windows\System\LXTknIz.exe
  2⤵
  PID:6292
- C:\Windows\System\eWerFNL.exe
  C:\Windows\System\eWerFNL.exe
  2⤵
  PID:6380
- C:\Windows\System\YzyKStG.exe
  C:\Windows\System\YzyKStG.exe
  2⤵
  PID:6444
- C:\Windows\System\KLmvxGw.exe
  C:\Windows\System\KLmvxGw.exe
  2⤵
  PID:3980
- C:\Windows\System\UusKNjg.exe
  C:\Windows\System\UusKNjg.exe
  2⤵
  PID:636
- C:\Windows\System\iJYWroC.exe
  C:\Windows\System\iJYWroC.exe
  2⤵
  PID:6476
- C:\Windows\System\PrdKzOC.exe
  C:\Windows\System\PrdKzOC.exe
  2⤵
  PID:6544
- C:\Windows\System\BMMOyJp.exe
  C:\Windows\System\BMMOyJp.exe
  2⤵
  PID:6612
- C:\Windows\System\MODbjCR.exe
  C:\Windows\System\MODbjCR.exe
  2⤵
  PID:6696
- C:\Windows\System\ILxNsHP.exe
  C:\Windows\System\ILxNsHP.exe
  2⤵
  PID:6736
- C:\Windows\System\TdMKNaC.exe
  C:\Windows\System\TdMKNaC.exe
  2⤵
  PID:6788
- C:\Windows\System\ULuPcKW.exe
  C:\Windows\System\ULuPcKW.exe
  2⤵
  PID:6036
- C:\Windows\System\ldpBKtV.exe
  C:\Windows\System\ldpBKtV.exe
  2⤵
  PID:6908
- C:\Windows\System\BpdXoti.exe
  C:\Windows\System\BpdXoti.exe
  2⤵
  PID:6976
- C:\Windows\System\hPejkee.exe
  C:\Windows\System\hPejkee.exe
  2⤵
  PID:7028
- C:\Windows\System\vexItvd.exe
  C:\Windows\System\vexItvd.exe
  2⤵
  PID:7136
- C:\Windows\System\VEcMprM.exe
  C:\Windows\System\VEcMprM.exe
  2⤵
  PID:3512
- C:\Windows\System\PuqhoMl.exe
  C:\Windows\System\PuqhoMl.exe
  2⤵
  PID:6332
- C:\Windows\System\SnxyKov.exe
  C:\Windows\System\SnxyKov.exe
  2⤵
  PID:6272
- C:\Windows\System\iDmwNsv.exe
  C:\Windows\System\iDmwNsv.exe
  2⤵
  PID:3216
- C:\Windows\System\qkIfPFM.exe
  C:\Windows\System\qkIfPFM.exe
  2⤵
  PID:1772
- C:\Windows\System\RVWleJK.exe
  C:\Windows\System\RVWleJK.exe
  2⤵
  PID:6560
- C:\Windows\System\bvAadNS.exe
  C:\Windows\System\bvAadNS.exe
  2⤵
  PID:6724
- C:\Windows\System\JRdvXFv.exe
  C:\Windows\System\JRdvXFv.exe
  2⤵
  PID:6820
- C:\Windows\System\mAqTgVY.exe
  C:\Windows\System\mAqTgVY.exe
  2⤵
  PID:6964
- C:\Windows\System\FbrgzTg.exe
  C:\Windows\System\FbrgzTg.exe
  2⤵
  PID:7084
- C:\Windows\System\YHtrxsL.exe
  C:\Windows\System\YHtrxsL.exe
  2⤵
  PID:6164
- C:\Windows\System\VHJDaAq.exe
  C:\Windows\System\VHJDaAq.exe
  2⤵
  PID:1000
- C:\Windows\System\kCBtiZp.exe
  C:\Windows\System\kCBtiZp.exe
  2⤵
  PID:6708
- C:\Windows\System\tzLrsUS.exe
  C:\Windows\System\tzLrsUS.exe
  2⤵
  PID:6924
- C:\Windows\System\CVwJOCG.exe
  C:\Windows\System\CVwJOCG.exe
  2⤵
  PID:6408
- C:\Windows\System\UfQaOxF.exe
  C:\Windows\System\UfQaOxF.exe
  2⤵
  PID:6800
- C:\Windows\System\DCjdHeK.exe
  C:\Windows\System\DCjdHeK.exe
  2⤵
  PID:6284
- C:\Windows\System\egtXXMZ.exe
  C:\Windows\System\egtXXMZ.exe
  2⤵
  PID:7192
- C:\Windows\System\hQHgjtp.exe
  C:\Windows\System\hQHgjtp.exe
  2⤵
  PID:7224
- C:\Windows\System\XuAKLwZ.exe
  C:\Windows\System\XuAKLwZ.exe
  2⤵
  PID:7252
- C:\Windows\System\xnOipId.exe
  C:\Windows\System\xnOipId.exe
  2⤵
  PID:7280
- C:\Windows\System\wTJlxOR.exe
  C:\Windows\System\wTJlxOR.exe
  2⤵
  PID:7308
- C:\Windows\System\PTagJBf.exe
  C:\Windows\System\PTagJBf.exe
  2⤵
  PID:7336
- C:\Windows\System\PHoKEWc.exe
  C:\Windows\System\PHoKEWc.exe
  2⤵
  PID:7360
- C:\Windows\System\BZjPHOa.exe
  C:\Windows\System\BZjPHOa.exe
  2⤵
  PID:7392
- C:\Windows\System\xDnmXzX.exe
  C:\Windows\System\xDnmXzX.exe
  2⤵
  PID:7416
- C:\Windows\System\XShQwLc.exe
  C:\Windows\System\XShQwLc.exe
  2⤵
  PID:7444
- C:\Windows\System\HawSJeX.exe
  C:\Windows\System\HawSJeX.exe
  2⤵
  PID:7472
- C:\Windows\System\VLUUxWA.exe
  C:\Windows\System\VLUUxWA.exe
  2⤵
  PID:7500
- C:\Windows\System\IipkKsk.exe
  C:\Windows\System\IipkKsk.exe
  2⤵
  PID:7532
- C:\Windows\System\FPpRyhP.exe
  C:\Windows\System\FPpRyhP.exe
  2⤵
  PID:7556
- C:\Windows\System\rvQUKFV.exe
  C:\Windows\System\rvQUKFV.exe
  2⤵
  PID:7584
- C:\Windows\System\jXbZvlU.exe
  C:\Windows\System\jXbZvlU.exe
  2⤵
  PID:7612
- C:\Windows\System\fgjGibJ.exe
  C:\Windows\System\fgjGibJ.exe
  2⤵
  PID:7644
- C:\Windows\System\JVFEhdI.exe
  C:\Windows\System\JVFEhdI.exe
  2⤵
  PID:7700
- C:\Windows\System\ipjOxOC.exe
  C:\Windows\System\ipjOxOC.exe
  2⤵
  PID:7776
- C:\Windows\System\PUmnQQf.exe
  C:\Windows\System\PUmnQQf.exe
  2⤵
  PID:7876
- C:\Windows\System\WvTofjg.exe
  C:\Windows\System\WvTofjg.exe
  2⤵
  PID:7896
- C:\Windows\System\puAxqeo.exe
  C:\Windows\System\puAxqeo.exe
  2⤵
  PID:7912
- C:\Windows\System\JVZyeKJ.exe
  C:\Windows\System\JVZyeKJ.exe
  2⤵
  PID:7976
- C:\Windows\System\UpTHJue.exe
  C:\Windows\System\UpTHJue.exe
  2⤵
  PID:8004
- C:\Windows\System\wjnSsrs.exe
  C:\Windows\System\wjnSsrs.exe
  2⤵
  PID:8032
- C:\Windows\System\VhoCJzp.exe
  C:\Windows\System\VhoCJzp.exe
  2⤵
  PID:8092
- C:\Windows\System\MNexvXM.exe
  C:\Windows\System\MNexvXM.exe
  2⤵
  PID:8124
- C:\Windows\System\KiOAjoU.exe
  C:\Windows\System\KiOAjoU.exe
  2⤵
  PID:8152
- C:\Windows\System\sWMmNpb.exe
  C:\Windows\System\sWMmNpb.exe
  2⤵
  PID:8188
- C:\Windows\System\FPeCkSo.exe
  C:\Windows\System\FPeCkSo.exe
  2⤵
  PID:7212
- C:\Windows\System\BibmOpv.exe
  C:\Windows\System\BibmOpv.exe
  2⤵
  PID:7272
- C:\Windows\System\NUIjyqi.exe
  C:\Windows\System\NUIjyqi.exe
  2⤵
  PID:7344
- C:\Windows\System\SvPHObx.exe
  C:\Windows\System\SvPHObx.exe
  2⤵
  PID:7424
- C:\Windows\System\yYAflrR.exe
  C:\Windows\System\yYAflrR.exe
  2⤵
  PID:7460
- C:\Windows\System\djVPpoq.exe
  C:\Windows\System\djVPpoq.exe
  2⤵
  PID:7544
- C:\Windows\System\ecrrbIF.exe
  C:\Windows\System\ecrrbIF.exe
  2⤵
  PID:7604
- C:\Windows\System\VaIAqkW.exe
  C:\Windows\System\VaIAqkW.exe
  2⤵
  PID:7676
- C:\Windows\System\FBUUnOr.exe
  C:\Windows\System\FBUUnOr.exe
  2⤵
  PID:7856
- C:\Windows\System\jgcaLuI.exe
  C:\Windows\System\jgcaLuI.exe
  2⤵
  PID:7936
- C:\Windows\System\fHuIEvM.exe
  C:\Windows\System\fHuIEvM.exe
  2⤵
  PID:7984
- C:\Windows\System\vsGTQcM.exe
  C:\Windows\System\vsGTQcM.exe
  2⤵
  PID:7816
- C:\Windows\System\yHPBlEv.exe
  C:\Windows\System\yHPBlEv.exe
  2⤵
  PID:8080
- C:\Windows\System\xhCetmE.exe
  C:\Windows\System\xhCetmE.exe
  2⤵
  PID:8064
- C:\Windows\System\DYJKkyK.exe
  C:\Windows\System\DYJKkyK.exe
  2⤵
  PID:8136
- C:\Windows\System\AogNTTN.exe
  C:\Windows\System\AogNTTN.exe
  2⤵
  PID:7232
- C:\Windows\System\cXnyAvU.exe
  C:\Windows\System\cXnyAvU.exe
  2⤵
  PID:7368
- C:\Windows\System\YMeqGus.exe
  C:\Windows\System\YMeqGus.exe
  2⤵
  PID:7528
- C:\Windows\System\MgBNFDT.exe
  C:\Windows\System\MgBNFDT.exe
  2⤵
  PID:7672
- C:\Windows\System\tRjsQXI.exe
  C:\Windows\System\tRjsQXI.exe
  2⤵
  PID:7908
- C:\Windows\System\rFtqQOA.exe
  C:\Windows\System\rFtqQOA.exe
  2⤵
  PID:8076
- C:\Windows\System\cVnUIvM.exe
  C:\Windows\System\cVnUIvM.exe
  2⤵
  PID:8172
- C:\Windows\System\uaNCYEA.exe
  C:\Windows\System\uaNCYEA.exe
  2⤵
  PID:7436
- C:\Windows\System\DLcbwmW.exe
  C:\Windows\System\DLcbwmW.exe
  2⤵
  PID:7888
- C:\Windows\System\RunPxsj.exe
  C:\Windows\System\RunPxsj.exe
  2⤵
  PID:8144
- C:\Windows\System\jIsaAtS.exe
  C:\Windows\System\jIsaAtS.exe
  2⤵
  PID:7904
- C:\Windows\System\pbPLNCe.exe
  C:\Windows\System\pbPLNCe.exe
  2⤵
  PID:4372
- C:\Windows\System\qbCECpX.exe
  C:\Windows\System\qbCECpX.exe
  2⤵
  PID:8216
- C:\Windows\System\irKqVbj.exe
  C:\Windows\System\irKqVbj.exe
  2⤵
  PID:8244
- C:\Windows\System\JWQxGsW.exe
  C:\Windows\System\JWQxGsW.exe
  2⤵
  PID:8272
- C:\Windows\System\QnnLKvc.exe
  C:\Windows\System\QnnLKvc.exe
  2⤵
  PID:8304
- C:\Windows\System\VNKfwgd.exe
  C:\Windows\System\VNKfwgd.exe
  2⤵
  PID:8324
- C:\Windows\System\FOyAsLY.exe
  C:\Windows\System\FOyAsLY.exe
  2⤵
  PID:8356
- C:\Windows\System\soHqqem.exe
  C:\Windows\System\soHqqem.exe
  2⤵
  PID:8384
- C:\Windows\System\gPeoWln.exe
  C:\Windows\System\gPeoWln.exe
  2⤵
  PID:8404
- C:\Windows\System\IfZqbNd.exe
  C:\Windows\System\IfZqbNd.exe
  2⤵
  PID:8440
- C:\Windows\System\ScaBOEa.exe
  C:\Windows\System\ScaBOEa.exe
  2⤵
  PID:8468
- C:\Windows\System\jjeIEKs.exe
  C:\Windows\System\jjeIEKs.exe
  2⤵
  PID:8508
- C:\Windows\System\PSYEgbO.exe
  C:\Windows\System\PSYEgbO.exe
  2⤵
  PID:8536
- C:\Windows\System\jiECBui.exe
  C:\Windows\System\jiECBui.exe
  2⤵
  PID:8560
- C:\Windows\System\OfphsIi.exe
  C:\Windows\System\OfphsIi.exe
  2⤵
  PID:8592
- C:\Windows\System\nadiMah.exe
  C:\Windows\System\nadiMah.exe
  2⤵
  PID:8612
- C:\Windows\System\RgEVGOF.exe
  C:\Windows\System\RgEVGOF.exe
  2⤵
  PID:8648
- C:\Windows\System\rYWVQVa.exe
  C:\Windows\System\rYWVQVa.exe
  2⤵
  PID:8676
- C:\Windows\System\TWvJidx.exe
  C:\Windows\System\TWvJidx.exe
  2⤵
  PID:8704
- C:\Windows\System\ynOViOP.exe
  C:\Windows\System\ynOViOP.exe
  2⤵
  PID:8732
- C:\Windows\System\wIJFKYS.exe
  C:\Windows\System\wIJFKYS.exe
  2⤵
  PID:8756
- C:\Windows\System\SJqjhXt.exe
  C:\Windows\System\SJqjhXt.exe
  2⤵
  PID:8784
- C:\Windows\System\TEhFrEM.exe
  C:\Windows\System\TEhFrEM.exe
  2⤵
  PID:8820
- C:\Windows\System\sxzfHRS.exe
  C:\Windows\System\sxzfHRS.exe
  2⤵
  PID:8844
- C:\Windows\System\gPtdzxW.exe
  C:\Windows\System\gPtdzxW.exe
  2⤵
  PID:8884
- C:\Windows\System\fhxpwMa.exe
  C:\Windows\System\fhxpwMa.exe
  2⤵
  PID:8908
- C:\Windows\System\IqrgLDj.exe
  C:\Windows\System\IqrgLDj.exe
  2⤵
  PID:8940
- C:\Windows\System\hZUMWjs.exe
  C:\Windows\System\hZUMWjs.exe
  2⤵
  PID:8960
- C:\Windows\System\kSOGexm.exe
  C:\Windows\System\kSOGexm.exe
  2⤵
  PID:8988
- C:\Windows\System\VLdgnbk.exe
  C:\Windows\System\VLdgnbk.exe
  2⤵
  PID:9020
- C:\Windows\System\lrqkJNL.exe
  C:\Windows\System\lrqkJNL.exe
  2⤵
  PID:9044
- C:\Windows\System\QzBoeJq.exe
  C:\Windows\System\QzBoeJq.exe
  2⤵
  PID:9084
- C:\Windows\System\cdUuASU.exe
  C:\Windows\System\cdUuASU.exe
  2⤵
  PID:9144
- C:\Windows\System\pUcrpLW.exe
  C:\Windows\System\pUcrpLW.exe
  2⤵
  PID:9176
- C:\Windows\System\cfcnzMS.exe
  C:\Windows\System\cfcnzMS.exe
  2⤵
  PID:9200
- C:\Windows\System\KPWLsDS.exe
  C:\Windows\System\KPWLsDS.exe
  2⤵
  PID:8232
- C:\Windows\System\TqkhGas.exe
  C:\Windows\System\TqkhGas.exe
  2⤵
  PID:8340
- C:\Windows\System\TYMNVVJ.exe
  C:\Windows\System\TYMNVVJ.exe
  2⤵
  PID:8452
- C:\Windows\System\EsiubFG.exe
  C:\Windows\System\EsiubFG.exe
  2⤵
  PID:8532
- C:\Windows\System\dUQuHDH.exe
  C:\Windows\System\dUQuHDH.exe
  2⤵
  PID:8576
- C:\Windows\System\NJULkKp.exe
  C:\Windows\System\NJULkKp.exe
  2⤵
  PID:8660
- C:\Windows\System\qxYoVjh.exe
  C:\Windows\System\qxYoVjh.exe
  2⤵
  PID:8744
- C:\Windows\System\aQVoEuY.exe
  C:\Windows\System\aQVoEuY.exe
  2⤵
  PID:8804
- C:\Windows\System\teamUAh.exe
  C:\Windows\System\teamUAh.exe
  2⤵
  PID:6128
- C:\Windows\System\MbbDClF.exe
  C:\Windows\System\MbbDClF.exe
  2⤵
  PID:6112
- C:\Windows\System\dLGDAyw.exe
  C:\Windows\System\dLGDAyw.exe
  2⤵
  PID:4364
- C:\Windows\System\DNogQdH.exe
  C:\Windows\System\DNogQdH.exe
  2⤵
  PID:8924
- C:\Windows\System\ggtNeam.exe
  C:\Windows\System\ggtNeam.exe
  2⤵
  PID:9000
- C:\Windows\System\gTzQRxT.exe
  C:\Windows\System\gTzQRxT.exe
  2⤵
  PID:9056
- C:\Windows\System\FOLsugL.exe
  C:\Windows\System\FOLsugL.exe
  2⤵
  PID:9108
- C:\Windows\System\PtskxMx.exe
  C:\Windows\System\PtskxMx.exe
  2⤵
  PID:9184
- C:\Windows\System\HHdBzTG.exe
  C:\Windows\System\HHdBzTG.exe
  2⤵
  PID:8400
- C:\Windows\System\cwXxjTt.exe
  C:\Windows\System\cwXxjTt.exe
  2⤵
  PID:8424
- C:\Windows\System\oniQWnR.exe
  C:\Windows\System\oniQWnR.exe
  2⤵
  PID:8300
- C:\Windows\System\aAhfbXR.exe
  C:\Windows\System\aAhfbXR.exe
  2⤵
  PID:8688
- C:\Windows\System\crXKEbR.exe
  C:\Windows\System\crXKEbR.exe
  2⤵
  PID:8800
- C:\Windows\System\wMolZPz.exe
  C:\Windows\System\wMolZPz.exe
  2⤵
  PID:8892
- C:\Windows\System\jldihYm.exe
  C:\Windows\System\jldihYm.exe
  2⤵
  PID:8980
- C:\Windows\System\ZanWyJB.exe
  C:\Windows\System\ZanWyJB.exe
  2⤵
  PID:2320
- C:\Windows\System\gNXMLXi.exe
  C:\Windows\System\gNXMLXi.exe
  2⤵
  PID:8476
- C:\Windows\System\vYfjjiu.exe
  C:\Windows\System\vYfjjiu.exe
  2⤵
  PID:4340
- C:\Windows\System\qdtObIz.exe
  C:\Windows\System\qdtObIz.exe
  2⤵
  PID:6056
- C:\Windows\System\uFidLCr.exe
  C:\Windows\System\uFidLCr.exe
  2⤵
  PID:9040
- C:\Windows\System\EtwfsUM.exe
  C:\Windows\System\EtwfsUM.exe
  2⤵
  PID:5016
- C:\Windows\System\ZROLBcA.exe
  C:\Windows\System\ZROLBcA.exe
  2⤵
  PID:8712
- C:\Windows\System\IsNxPnt.exe
  C:\Windows\System\IsNxPnt.exe
  2⤵
  PID:8480
- C:\Windows\System\uuCaxHU.exe
  C:\Windows\System\uuCaxHU.exe
  2⤵
  PID:4884
- C:\Windows\System\xckICgL.exe
  C:\Windows\System\xckICgL.exe
  2⤵
  PID:9244
- C:\Windows\System\HtNHkEB.exe
  C:\Windows\System\HtNHkEB.exe
  2⤵
  PID:9272
- C:\Windows\System\yLfuMpF.exe
  C:\Windows\System\yLfuMpF.exe
  2⤵
  PID:9300
- C:\Windows\System\YtsMQXG.exe
  C:\Windows\System\YtsMQXG.exe
  2⤵
  PID:9328
- C:\Windows\System\oGqLrhW.exe
  C:\Windows\System\oGqLrhW.exe
  2⤵
  PID:9360
- C:\Windows\System\bTHMxBR.exe
  C:\Windows\System\bTHMxBR.exe
  2⤵
  PID:9388
- C:\Windows\System\RQnqkZC.exe
  C:\Windows\System\RQnqkZC.exe
  2⤵
  PID:9416
- C:\Windows\System\IoRiUMX.exe
  C:\Windows\System\IoRiUMX.exe
  2⤵
  PID:9444
- C:\Windows\System\AsDCEIH.exe
  C:\Windows\System\AsDCEIH.exe
  2⤵
  PID:9472
- C:\Windows\System\AJegBFF.exe
  C:\Windows\System\AJegBFF.exe
  2⤵
  PID:9504
- C:\Windows\System\QsVHFKs.exe
  C:\Windows\System\QsVHFKs.exe
  2⤵
  PID:9532
- C:\Windows\System\qRpQgXX.exe
  C:\Windows\System\qRpQgXX.exe
  2⤵
  PID:9560
- C:\Windows\System\GtyjFuU.exe
  C:\Windows\System\GtyjFuU.exe
  2⤵
  PID:9588
- C:\Windows\System\rdtwAyc.exe
  C:\Windows\System\rdtwAyc.exe
  2⤵
  PID:9616
- C:\Windows\System\ReKbmTp.exe
  C:\Windows\System\ReKbmTp.exe
  2⤵
  PID:9644
- C:\Windows\System\ZNbmjnH.exe
  C:\Windows\System\ZNbmjnH.exe
  2⤵
  PID:9676
- C:\Windows\System\sYLZHwU.exe
  C:\Windows\System\sYLZHwU.exe
  2⤵
  PID:9708
- C:\Windows\System\nHDnkYD.exe
  C:\Windows\System\nHDnkYD.exe
  2⤵
  PID:9736
- C:\Windows\System\KnFxUHX.exe
  C:\Windows\System\KnFxUHX.exe
  2⤵
  PID:9764
- C:\Windows\System\xFBLqFc.exe
  C:\Windows\System\xFBLqFc.exe
  2⤵
  PID:9788
- C:\Windows\System\ktDEGAb.exe
  C:\Windows\System\ktDEGAb.exe
  2⤵
  PID:9824
- C:\Windows\System\bWquuaU.exe
  C:\Windows\System\bWquuaU.exe
  2⤵
  PID:9852
- C:\Windows\System\mgkxAtd.exe
  C:\Windows\System\mgkxAtd.exe
  2⤵
  PID:9872
- C:\Windows\System\FDOcoyS.exe
  C:\Windows\System\FDOcoyS.exe
  2⤵
  PID:9900
- C:\Windows\System\unQKXCW.exe
  C:\Windows\System\unQKXCW.exe
  2⤵
  PID:9932
- C:\Windows\System\cpKsiYk.exe
  C:\Windows\System\cpKsiYk.exe
  2⤵
  PID:9964
- C:\Windows\System\pyNpbPJ.exe
  C:\Windows\System\pyNpbPJ.exe
  2⤵
  PID:10016
- C:\Windows\System\MluCauc.exe
  C:\Windows\System\MluCauc.exe
  2⤵
  PID:10060
- C:\Windows\System\DXxIQog.exe
  C:\Windows\System\DXxIQog.exe
  2⤵
  PID:10088
- C:\Windows\System\ddLwuXu.exe
  C:\Windows\System\ddLwuXu.exe
  2⤵
  PID:10124
- C:\Windows\System\GxSKuif.exe
  C:\Windows\System\GxSKuif.exe
  2⤵
  PID:10152
- C:\Windows\System\JwkdAzj.exe
  C:\Windows\System\JwkdAzj.exe
  2⤵
  PID:10180
- C:\Windows\System\SgUKHMZ.exe
  C:\Windows\System\SgUKHMZ.exe
  2⤵
  PID:10212
- C:\Windows\System\AmLMnvD.exe
  C:\Windows\System\AmLMnvD.exe
  2⤵
  PID:10232
- C:\Windows\System\iNzFFzL.exe
  C:\Windows\System\iNzFFzL.exe
  2⤵
  PID:9280
- C:\Windows\System\nDbXcur.exe
  C:\Windows\System\nDbXcur.exe
  2⤵
  PID:9316
- C:\Windows\System\wnSZuEe.exe
  C:\Windows\System\wnSZuEe.exe
  2⤵
  PID:9424
- C:\Windows\System\GwrzPSK.exe
  C:\Windows\System\GwrzPSK.exe
  2⤵
  PID:1792
- C:\Windows\System\hEuPljo.exe
  C:\Windows\System\hEuPljo.exe
  2⤵
  PID:9544
- C:\Windows\System\UcRtaDP.exe
  C:\Windows\System\UcRtaDP.exe
  2⤵
  PID:9600
- C:\Windows\System\IobuKxg.exe
  C:\Windows\System\IobuKxg.exe
  2⤵
  PID:9632
- C:\Windows\System\JwAgktI.exe
  C:\Windows\System\JwAgktI.exe
  2⤵
  PID:9692
- C:\Windows\System\eaieWtm.exe
  C:\Windows\System\eaieWtm.exe
  2⤵
  PID:9752
- C:\Windows\System\kFpOfDe.exe
  C:\Windows\System\kFpOfDe.exe
  2⤵
  PID:9860
- C:\Windows\System\hyGtKFL.exe
  C:\Windows\System\hyGtKFL.exe
  2⤵
  PID:9896
- C:\Windows\System\jyWYllO.exe
  C:\Windows\System\jyWYllO.exe
  2⤵
  PID:9972
- C:\Windows\System\zMNGpjE.exe
  C:\Windows\System\zMNGpjE.exe
  2⤵
  PID:9104
- C:\Windows\System\BBMngxj.exe
  C:\Windows\System\BBMngxj.exe
  2⤵
  PID:8204
- C:\Windows\System\HPzwTuB.exe
  C:\Windows\System\HPzwTuB.exe
  2⤵
  PID:10100
- C:\Windows\System\FRVKlzP.exe
  C:\Windows\System\FRVKlzP.exe
  2⤵
  PID:10140
- C:\Windows\System\ONTyxUV.exe
  C:\Windows\System\ONTyxUV.exe
  2⤵
  PID:10220
- C:\Windows\System\MrsiHjI.exe
  C:\Windows\System\MrsiHjI.exe
  2⤵
  PID:9344
- C:\Windows\System\QjRpskA.exe
  C:\Windows\System\QjRpskA.exe
  2⤵
  PID:9512
- C:\Windows\System\tmqGEho.exe
  C:\Windows\System\tmqGEho.exe
  2⤵
  PID:9628
- C:\Windows\System\IKwCvBX.exe
  C:\Windows\System\IKwCvBX.exe
  2⤵
  PID:9744
- C:\Windows\System\VCMizcL.exe
  C:\Windows\System\VCMizcL.exe
  2⤵
  PID:9884
- C:\Windows\System\WJikhss.exe
  C:\Windows\System\WJikhss.exe
  2⤵
  PID:8972
- C:\Windows\System\rkSyUoc.exe
  C:\Windows\System\rkSyUoc.exe
  2⤵
  PID:10132
- C:\Windows\System\cCcRgTQ.exe
  C:\Windows\System\cCcRgTQ.exe
  2⤵
  PID:9252
- C:\Windows\System\fKdKCnt.exe
  C:\Windows\System\fKdKCnt.exe
  2⤵
  PID:9572
- C:\Windows\System\FXgzAmU.exe
  C:\Windows\System\FXgzAmU.exe
  2⤵
  PID:9924
- C:\Windows\System\rGdMVcL.exe
  C:\Windows\System\rGdMVcL.exe
  2⤵
  PID:10168
- C:\Windows\System\gedNycZ.exe
  C:\Windows\System\gedNycZ.exe
  2⤵
  PID:9660
- C:\Windows\System\wAxlsgG.exe
  C:\Windows\System\wAxlsgG.exe
  2⤵
  PID:9376
- C:\Windows\System\slEyOmU.exe
  C:\Windows\System\slEyOmU.exe
  2⤵
  PID:10256
- C:\Windows\System\CdpQkZx.exe
  C:\Windows\System\CdpQkZx.exe
  2⤵
  PID:10284
- C:\Windows\System\wQMmnDe.exe
  C:\Windows\System\wQMmnDe.exe
  2⤵
  PID:10304
- C:\Windows\System\LEXbGau.exe
  C:\Windows\System\LEXbGau.exe
  2⤵
  PID:10340
- C:\Windows\System\LFGjHkA.exe
  C:\Windows\System\LFGjHkA.exe
  2⤵
  PID:10368
- C:\Windows\System\rSDMfWs.exe
  C:\Windows\System\rSDMfWs.exe
  2⤵
  PID:10396
- C:\Windows\System\mlJAbNX.exe
  C:\Windows\System\mlJAbNX.exe
  2⤵
  PID:10424
- C:\Windows\System\sTlPGFF.exe
  C:\Windows\System\sTlPGFF.exe
  2⤵
  PID:10452
- C:\Windows\System\HbGIFkK.exe
  C:\Windows\System\HbGIFkK.exe
  2⤵
  PID:10480
- C:\Windows\System\pWdHDnb.exe
  C:\Windows\System\pWdHDnb.exe
  2⤵
  PID:10508
- C:\Windows\System\nJpEVfS.exe
  C:\Windows\System\nJpEVfS.exe
  2⤵
  PID:10536
- C:\Windows\System\NUqaKlv.exe
  C:\Windows\System\NUqaKlv.exe
  2⤵
  PID:10564
- C:\Windows\System\lhznBtS.exe
  C:\Windows\System\lhznBtS.exe
  2⤵
  PID:10592
- C:\Windows\System\TiMyqkI.exe
  C:\Windows\System\TiMyqkI.exe
  2⤵
  PID:10616
- C:\Windows\System\jdWWeTe.exe
  C:\Windows\System\jdWWeTe.exe
  2⤵
  PID:10648
- C:\Windows\System\krLURbW.exe
  C:\Windows\System\krLURbW.exe
  2⤵
  PID:10676
- C:\Windows\System\jIOojzu.exe
  C:\Windows\System\jIOojzu.exe
  2⤵
  PID:10704
- C:\Windows\System\KHZfsPG.exe
  C:\Windows\System\KHZfsPG.exe
  2⤵
  PID:10732
- C:\Windows\System\ftHMSQm.exe
  C:\Windows\System\ftHMSQm.exe
  2⤵
  PID:10768
- C:\Windows\System\bkOnrmD.exe
  C:\Windows\System\bkOnrmD.exe
  2⤵
  PID:10788
- C:\Windows\System\guboHHi.exe
  C:\Windows\System\guboHHi.exe
  2⤵
  PID:10816
- C:\Windows\System\vIOLlYj.exe
  C:\Windows\System\vIOLlYj.exe
  2⤵
  PID:10844
- C:\Windows\System\dQXYiCD.exe
  C:\Windows\System\dQXYiCD.exe
  2⤵
  PID:10876
- C:\Windows\System\sWVolLi.exe
  C:\Windows\System\sWVolLi.exe
  2⤵
  PID:10904
- C:\Windows\System\EQioXiN.exe
  C:\Windows\System\EQioXiN.exe
  2⤵
  PID:10932
- C:\Windows\System\HJbQUXl.exe
  C:\Windows\System\HJbQUXl.exe
  2⤵
  PID:10960
- C:\Windows\System\HhTmnhP.exe
  C:\Windows\System\HhTmnhP.exe
  2⤵
  PID:10988
- C:\Windows\System\jQNaEDr.exe
  C:\Windows\System\jQNaEDr.exe
  2⤵
  PID:11016
- C:\Windows\System\afJiAyq.exe
  C:\Windows\System\afJiAyq.exe
  2⤵
  PID:11044
- C:\Windows\System\EPwbsNp.exe
  C:\Windows\System\EPwbsNp.exe
  2⤵
  PID:11072
- C:\Windows\System\fAETSwn.exe
  C:\Windows\System\fAETSwn.exe
  2⤵
  PID:11100
- C:\Windows\System\EzyWprJ.exe
  C:\Windows\System\EzyWprJ.exe
  2⤵
  PID:11128
- C:\Windows\System\jdwwLCp.exe
  C:\Windows\System\jdwwLCp.exe
  2⤵
  PID:11156
- C:\Windows\System\AEOBWHM.exe
  C:\Windows\System\AEOBWHM.exe
  2⤵
  PID:11184
- C:\Windows\System\kKBtERO.exe
  C:\Windows\System\kKBtERO.exe
  2⤵
  PID:11212
- C:\Windows\System\hHIbmvq.exe
  C:\Windows\System\hHIbmvq.exe
  2⤵
  PID:11240
- C:\Windows\System\rzcuGpA.exe
  C:\Windows\System\rzcuGpA.exe
  2⤵
  PID:10248
- C:\Windows\System\hHkvlwb.exe
  C:\Windows\System\hHkvlwb.exe
  2⤵
  PID:10332
- C:\Windows\System\UwsFbqy.exe
  C:\Windows\System\UwsFbqy.exe
  2⤵
  PID:10380
- C:\Windows\System\XmTWEVT.exe
  C:\Windows\System\XmTWEVT.exe
  2⤵
  PID:10444
- C:\Windows\System\bdpXscw.exe
  C:\Windows\System\bdpXscw.exe
  2⤵
  PID:10504
- C:\Windows\System\NVBASvh.exe
  C:\Windows\System\NVBASvh.exe
  2⤵
  PID:10560
- C:\Windows\System\CYJZPlE.exe
  C:\Windows\System\CYJZPlE.exe
  2⤵
  PID:10632
- C:\Windows\System\MGSWYVn.exe
  C:\Windows\System\MGSWYVn.exe
  2⤵
  PID:10700
- C:\Windows\System\ddEEIwG.exe
  C:\Windows\System\ddEEIwG.exe
  2⤵
  PID:10756
- C:\Windows\System\LNxJgVj.exe
  C:\Windows\System\LNxJgVj.exe
  2⤵
  PID:10812
- C:\Windows\System\xYQbOlh.exe
  C:\Windows\System\xYQbOlh.exe
  2⤵
  PID:10840
- C:\Windows\System\FZbHkTD.exe
  C:\Windows\System\FZbHkTD.exe
  2⤵
  PID:10888
- C:\Windows\System\hWHsrlp.exe
  C:\Windows\System\hWHsrlp.exe
  2⤵
  PID:11004
- C:\Windows\System\xssmzJY.exe
  C:\Windows\System\xssmzJY.exe
  2⤵
  PID:11040
- C:\Windows\System\iimVfqa.exe
  C:\Windows\System\iimVfqa.exe
  2⤵
  PID:11112
- C:\Windows\System\lGUTINq.exe
  C:\Windows\System\lGUTINq.exe
  2⤵
  PID:11176
- C:\Windows\System\YoURigv.exe
  C:\Windows\System\YoURigv.exe
  2⤵
  PID:11236
- C:\Windows\System\BwPHPgl.exe
  C:\Windows\System\BwPHPgl.exe
  2⤵
  PID:10352
- C:\Windows\System\NIEcDwy.exe
  C:\Windows\System\NIEcDwy.exe
  2⤵
  PID:10868
- C:\Windows\System\KFsDgSV.exe
  C:\Windows\System\KFsDgSV.exe
  2⤵
  PID:10556
- C:\Windows\System\BkAgzjw.exe
  C:\Windows\System\BkAgzjw.exe
  2⤵
  PID:10688
- C:\Windows\System\eQibSUE.exe
  C:\Windows\System\eQibSUE.exe
  2⤵
  PID:10800
- C:\Windows\System\qPScyEm.exe
  C:\Windows\System\qPScyEm.exe
  2⤵
  PID:10916
- C:\Windows\System\AQSxwPK.exe
  C:\Windows\System\AQSxwPK.exe
  2⤵
  PID:10984
- C:\Windows\System\xOxEDrj.exe
  C:\Windows\System\xOxEDrj.exe
  2⤵
  PID:11140
- C:\Windows\System\DmCAFZG.exe
  C:\Windows\System\DmCAFZG.exe
  2⤵
  PID:10280
- C:\Windows\System\VWmPmjA.exe
  C:\Windows\System\VWmPmjA.exe
  2⤵
  PID:4556
- C:\Windows\System\UBmAzbw.exe
  C:\Windows\System\UBmAzbw.exe
  2⤵
  PID:3412
- C:\Windows\System\QxioBFi.exe
  C:\Windows\System\QxioBFi.exe
  2⤵
  PID:11092
- C:\Windows\System\QlctRFL.exe
  C:\Windows\System\QlctRFL.exe
  2⤵
  PID:10472
- C:\Windows\System\ozHCuqP.exe
  C:\Windows\System\ozHCuqP.exe
  2⤵
  PID:5008
- C:\Windows\System\JxfwhNg.exe
  C:\Windows\System\JxfwhNg.exe
  2⤵
  PID:10864
- C:\Windows\System\ZWPdjKR.exe
  C:\Windows\System\ZWPdjKR.exe
  2⤵
  PID:10436
- C:\Windows\System\kgyAdkH.exe
  C:\Windows\System\kgyAdkH.exe
  2⤵
  PID:11292
- C:\Windows\System\fMjRYve.exe
  C:\Windows\System\fMjRYve.exe
  2⤵
  PID:11320
- C:\Windows\System\StFUcPr.exe
  C:\Windows\System\StFUcPr.exe
  2⤵
  PID:11348
- C:\Windows\System\MusmJRS.exe
  C:\Windows\System\MusmJRS.exe
  2⤵
  PID:11376
- C:\Windows\System\OQNjeDj.exe
  C:\Windows\System\OQNjeDj.exe
  2⤵
  PID:11416
- C:\Windows\System\fdnZICZ.exe
  C:\Windows\System\fdnZICZ.exe
  2⤵
  PID:11432
- C:\Windows\System\nYUpVua.exe
  C:\Windows\System\nYUpVua.exe
  2⤵
  PID:11460
- C:\Windows\System\XWRRhrm.exe
  C:\Windows\System\XWRRhrm.exe
  2⤵
  PID:11488
- C:\Windows\System\ICtJoLB.exe
  C:\Windows\System\ICtJoLB.exe
  2⤵
  PID:11516
- C:\Windows\System\ciLEwXl.exe
  C:\Windows\System\ciLEwXl.exe
  2⤵
  PID:11536
- C:\Windows\System\coNdtLB.exe
  C:\Windows\System\coNdtLB.exe
  2⤵
  PID:11572
- C:\Windows\System\DrvPcjI.exe
  C:\Windows\System\DrvPcjI.exe
  2⤵
  PID:11600
- C:\Windows\System\MosyCCh.exe
  C:\Windows\System\MosyCCh.exe
  2⤵
  PID:11636
- C:\Windows\System\NhAPkTl.exe
  C:\Windows\System\NhAPkTl.exe
  2⤵
  PID:11656
- C:\Windows\System\sIUOWTY.exe
  C:\Windows\System\sIUOWTY.exe
  2⤵
  PID:11684
- C:\Windows\System\QnIVNhb.exe
  C:\Windows\System\QnIVNhb.exe
  2⤵
  PID:11716
- C:\Windows\System\NhYkgDC.exe
  C:\Windows\System\NhYkgDC.exe
  2⤵
  PID:11744
- C:\Windows\System\TdzKRVU.exe
  C:\Windows\System\TdzKRVU.exe
  2⤵
  PID:11772
- C:\Windows\System\MlSRmQP.exe
  C:\Windows\System\MlSRmQP.exe
  2⤵
  PID:11800
- C:\Windows\System\YJfjnXk.exe
  C:\Windows\System\YJfjnXk.exe
  2⤵
  PID:11828
- C:\Windows\System\XuFuXJs.exe
  C:\Windows\System\XuFuXJs.exe
  2⤵
  PID:11856
- C:\Windows\System\yjMPicV.exe
  C:\Windows\System\yjMPicV.exe
  2⤵
  PID:11884
- C:\Windows\System\lAmPsra.exe
  C:\Windows\System\lAmPsra.exe
  2⤵
  PID:11912
- C:\Windows\System\MdbXpOC.exe
  C:\Windows\System\MdbXpOC.exe
  2⤵
  PID:11940
- C:\Windows\System\chhhdYF.exe
  C:\Windows\System\chhhdYF.exe
  2⤵
  PID:11968
- C:\Windows\System\bYLeLKR.exe
  C:\Windows\System\bYLeLKR.exe
  2⤵
  PID:11996
- C:\Windows\System\kODsOMT.exe
  C:\Windows\System\kODsOMT.exe
  2⤵
  PID:12024
- C:\Windows\System\uJIXmKx.exe
  C:\Windows\System\uJIXmKx.exe
  2⤵
  PID:12052
- C:\Windows\System\wUWUWWz.exe
  C:\Windows\System\wUWUWWz.exe
  2⤵
  PID:12080
- C:\Windows\System\fRppLRN.exe
  C:\Windows\System\fRppLRN.exe
  2⤵
  PID:12108
- C:\Windows\System\DtyRuHA.exe
  C:\Windows\System\DtyRuHA.exe
  2⤵
  PID:12136
- C:\Windows\System\tUshooQ.exe
  C:\Windows\System\tUshooQ.exe
  2⤵
  PID:12164
- C:\Windows\System\hFMTmyg.exe
  C:\Windows\System\hFMTmyg.exe
  2⤵
  PID:12192
- C:\Windows\System\KBvFGce.exe
  C:\Windows\System\KBvFGce.exe
  2⤵
  PID:12220
- C:\Windows\System\LUMcmso.exe
  C:\Windows\System\LUMcmso.exe
  2⤵
  PID:12248
- C:\Windows\System\dWjfajp.exe
  C:\Windows\System\dWjfajp.exe
  2⤵
  PID:12276
- C:\Windows\System\GDPZjpR.exe
  C:\Windows\System\GDPZjpR.exe
  2⤵
  PID:11308
- C:\Windows\System\zenYEaA.exe
  C:\Windows\System\zenYEaA.exe
  2⤵
  PID:11372
- C:\Windows\System\xdMxqNf.exe
  C:\Windows\System\xdMxqNf.exe
  2⤵
  PID:11424
- C:\Windows\System\uBbtQFk.exe
  C:\Windows\System\uBbtQFk.exe
  2⤵
  PID:11484
- C:\Windows\System\VSKusnc.exe
  C:\Windows\System\VSKusnc.exe
  2⤵
  PID:11552
- C:\Windows\System\qOHtIKP.exe
  C:\Windows\System\qOHtIKP.exe
  2⤵
  PID:11036
- C:\Windows\System\mQUPKfm.exe
  C:\Windows\System\mQUPKfm.exe
  2⤵
  PID:11652
- C:\Windows\System\RhGrXGe.exe
  C:\Windows\System\RhGrXGe.exe
  2⤵
  PID:11708
- C:\Windows\System\prTYcHA.exe
  C:\Windows\System\prTYcHA.exe
  2⤵
  PID:11768
- C:\Windows\System\gKEcJxM.exe
  C:\Windows\System\gKEcJxM.exe
  2⤵
  PID:11840
- C:\Windows\System\CjcPUXK.exe
  C:\Windows\System\CjcPUXK.exe
  2⤵
  PID:11904
- C:\Windows\System\IbLMFUc.exe
  C:\Windows\System\IbLMFUc.exe
  2⤵
  PID:11992
- C:\Windows\System\iQbEZYP.exe
  C:\Windows\System\iQbEZYP.exe
  2⤵
  PID:12044
- C:\Windows\System\BEMstXw.exe
  C:\Windows\System\BEMstXw.exe
  2⤵
  PID:12092
- C:\Windows\System\prubckc.exe
  C:\Windows\System\prubckc.exe
  2⤵
  PID:11692
- C:\Windows\System\FOscZCT.exe
  C:\Windows\System\FOscZCT.exe
  2⤵
  PID:12240
- C:\Windows\System\xGWiSQu.exe
  C:\Windows\System\xGWiSQu.exe
  2⤵
  PID:11276
- C:\Windows\System\bWCzXtA.exe
  C:\Windows\System\bWCzXtA.exe
  2⤵
  PID:11400
- C:\Windows\System\QirWKSe.exe
  C:\Windows\System\QirWKSe.exe
  2⤵
  PID:11504
- C:\Windows\System\JHPznjE.exe
  C:\Windows\System\JHPznjE.exe
  2⤵
  PID:4752
- C:\Windows\System\UVdFYia.exe
  C:\Windows\System\UVdFYia.exe
  2⤵
  PID:468
- C:\Windows\System\xyYEYSp.exe
  C:\Windows\System\xyYEYSp.exe
  2⤵
  PID:11812
- C:\Windows\System\BOykiyf.exe
  C:\Windows\System\BOykiyf.exe
  2⤵
  PID:4756
- C:\Windows\System\OEqbslp.exe
  C:\Windows\System\OEqbslp.exe
  2⤵
  PID:5040
- C:\Windows\System\eTdHETI.exe
  C:\Windows\System\eTdHETI.exe
  2⤵
  PID:12020
- C:\Windows\System\aOcSVCg.exe
  C:\Windows\System\aOcSVCg.exe
  2⤵
  PID:12076
- C:\Windows\System\HzrjBSB.exe
  C:\Windows\System\HzrjBSB.exe
  2⤵
  PID:12212
- C:\Windows\System\cAhBqPw.exe
  C:\Windows\System\cAhBqPw.exe
  2⤵
  PID:11328
- C:\Windows\System\sOzkyfT.exe
  C:\Windows\System\sOzkyfT.exe
  2⤵
  PID:2860
- C:\Windows\System\zUnIGxj.exe
  C:\Windows\System\zUnIGxj.exe
  2⤵
  PID:11764
- C:\Windows\System\GOXZVbS.exe
  C:\Windows\System\GOXZVbS.exe
  2⤵
  PID:3424
- C:\Windows\System\ykpskTP.exe
  C:\Windows\System\ykpskTP.exe
  2⤵
  PID:2816
- C:\Windows\System\eHZqomi.exe
  C:\Windows\System\eHZqomi.exe
  2⤵
  PID:11736
- C:\Windows\System\dgsebtJ.exe
  C:\Windows\System\dgsebtJ.exe
  2⤵
  PID:4432
- C:\Windows\System\dJSWrWr.exe
  C:\Windows\System\dJSWrWr.exe
  2⤵
  PID:1404
- C:\Windows\System\RlcFYsx.exe
  C:\Windows\System\RlcFYsx.exe
  2⤵
  PID:5704
- C:\Windows\System\HVxkRTK.exe
  C:\Windows\System\HVxkRTK.exe
  2⤵
  PID:11852
- C:\Windows\System\xjBcTaH.exe
  C:\Windows\System\xjBcTaH.exe
  2⤵
  PID:1160
- C:\Windows\System\zAtPCtF.exe
  C:\Windows\System\zAtPCtF.exe
  2⤵
  PID:12072
- C:\Windows\System\hRsDXFm.exe
  C:\Windows\System\hRsDXFm.exe
  2⤵
  PID:5212
- C:\Windows\System\GukvlTh.exe
  C:\Windows\System\GukvlTh.exe
  2⤵
  PID:12304
- C:\Windows\System\VNbSyKB.exe
  C:\Windows\System\VNbSyKB.exe
  2⤵
  PID:12332
- C:\Windows\System\hdiWmmY.exe
  C:\Windows\System\hdiWmmY.exe
  2⤵
  PID:12360
- C:\Windows\System\TCqdBxg.exe
  C:\Windows\System\TCqdBxg.exe
  2⤵
  PID:12388
- C:\Windows\System\VtVFGcq.exe
  C:\Windows\System\VtVFGcq.exe
  2⤵
  PID:12416
- C:\Windows\System\ZrPZNPz.exe
  C:\Windows\System\ZrPZNPz.exe
  2⤵
  PID:12444
- C:\Windows\System\qjmBKXM.exe
  C:\Windows\System\qjmBKXM.exe
  2⤵
  PID:12472
- C:\Windows\System\NpmNapo.exe
  C:\Windows\System\NpmNapo.exe
  2⤵
  PID:12500
- C:\Windows\System\ackqAvG.exe
  C:\Windows\System\ackqAvG.exe
  2⤵
  PID:12528
- C:\Windows\System\oMMgBsA.exe
  C:\Windows\System\oMMgBsA.exe
  2⤵
  PID:12556
- C:\Windows\System\TKvvqJW.exe
  C:\Windows\System\TKvvqJW.exe
  2⤵
  PID:12584
- C:\Windows\System\SgdZEKB.exe
  C:\Windows\System\SgdZEKB.exe
  2⤵
  PID:12612
- C:\Windows\System\TqAUiQx.exe
  C:\Windows\System\TqAUiQx.exe
  2⤵
  PID:12640
- C:\Windows\System\jhPgFuK.exe
  C:\Windows\System\jhPgFuK.exe
  2⤵
  PID:12668
- C:\Windows\System\awedTWS.exe
  C:\Windows\System\awedTWS.exe
  2⤵
  PID:12696
- C:\Windows\System\bkKNEiq.exe
  C:\Windows\System\bkKNEiq.exe
  2⤵
  PID:12724
- C:\Windows\System\gofVboK.exe
  C:\Windows\System\gofVboK.exe
  2⤵
  PID:12752
- C:\Windows\System\DEgBRaN.exe
  C:\Windows\System\DEgBRaN.exe
  2⤵
  PID:12780
- C:\Windows\System\VjhFbak.exe
  C:\Windows\System\VjhFbak.exe
  2⤵
  PID:12808
- C:\Windows\System\YijuHnz.exe
  C:\Windows\System\YijuHnz.exe
  2⤵
  PID:12836
- C:\Windows\System\UieHAij.exe
  C:\Windows\System\UieHAij.exe
  2⤵
  PID:12864
- C:\Windows\System\tjyiHld.exe
  C:\Windows\System\tjyiHld.exe
  2⤵
  PID:12896
- C:\Windows\System\dtbpTwe.exe
  C:\Windows\System\dtbpTwe.exe
  2⤵
  PID:12924
- C:\Windows\System\EVLzXXm.exe
  C:\Windows\System\EVLzXXm.exe
  2⤵
  PID:12952
- C:\Windows\System\azCVJiU.exe
  C:\Windows\System\azCVJiU.exe
  2⤵
  PID:12980
- C:\Windows\System\lvTPNEI.exe
  C:\Windows\System\lvTPNEI.exe
  2⤵
  PID:13008
- C:\Windows\System\VluFCtO.exe
  C:\Windows\System\VluFCtO.exe
  2⤵
  PID:13036
- C:\Windows\System\pCmclKI.exe
  C:\Windows\System\pCmclKI.exe
  2⤵
  PID:13064
- C:\Windows\System\ZzZbrhB.exe
  C:\Windows\System\ZzZbrhB.exe
  2⤵
  PID:13092
- C:\Windows\System\CsvSwap.exe
  C:\Windows\System\CsvSwap.exe
  2⤵
  PID:13120
- C:\Windows\System\uVouNbK.exe
  C:\Windows\System\uVouNbK.exe
  2⤵
  PID:13148
- C:\Windows\System\lWoTzoD.exe
  C:\Windows\System\lWoTzoD.exe
  2⤵
  PID:13176
- C:\Windows\System\hPjriNa.exe
  C:\Windows\System\hPjriNa.exe
  2⤵
  PID:13204
- C:\Windows\System\DqtTOBK.exe
  C:\Windows\System\DqtTOBK.exe
  2⤵
  PID:13232
- C:\Windows\System\TQIcxUZ.exe
  C:\Windows\System\TQIcxUZ.exe
  2⤵
  PID:13260
- C:\Windows\System\XKjsNGX.exe
  C:\Windows\System\XKjsNGX.exe
  2⤵
  PID:13288
- C:\Windows\System\YsdBbFN.exe
  C:\Windows\System\YsdBbFN.exe
  2⤵
  PID:12296
- C:\Windows\System\ZlJrtVx.exe
  C:\Windows\System\ZlJrtVx.exe
  2⤵
  PID:12352
- C:\Windows\System\iVnTAPP.exe
  C:\Windows\System\iVnTAPP.exe
  2⤵
  PID:12412
- C:\Windows\System\gUilafI.exe
  C:\Windows\System\gUilafI.exe
  2⤵
  PID:12484
- C:\Windows\System\YFfTwSL.exe
  C:\Windows\System\YFfTwSL.exe
  2⤵
  PID:12548
- C:\Windows\System\BgBrbrb.exe
  C:\Windows\System\BgBrbrb.exe
  2⤵
  PID:12608
- C:\Windows\System\MSctbtU.exe
  C:\Windows\System\MSctbtU.exe
  2⤵
  PID:12680
- C:\Windows\System\NIJdhjA.exe
  C:\Windows\System\NIJdhjA.exe
  2⤵
  PID:12740
- C:\Windows\System\jkjyPFL.exe
  C:\Windows\System\jkjyPFL.exe
  2⤵
  PID:12796
- C:\Windows\System\BnOeXpS.exe
  C:\Windows\System\BnOeXpS.exe
  2⤵
  PID:12832
- C:\Windows\System\zSREkzC.exe
  C:\Windows\System\zSREkzC.exe
  2⤵
  PID:12908
- C:\Windows\System\JfSaHmY.exe
  C:\Windows\System\JfSaHmY.exe
  2⤵
  PID:12992
- C:\Windows\System\DOivslQ.exe
  C:\Windows\System\DOivslQ.exe
  2⤵
  PID:13032
- C:\Windows\System\SQYePQb.exe
  C:\Windows\System\SQYePQb.exe
  2⤵
  PID:13108
- C:\Windows\System\FGcQUfh.exe
  C:\Windows\System\FGcQUfh.exe
  2⤵
  PID:13168
- C:\Windows\System\BeDnSjT.exe
  C:\Windows\System\BeDnSjT.exe
  2⤵
  PID:13228
- C:\Windows\System\JSiMvfj.exe
  C:\Windows\System\JSiMvfj.exe
  2⤵
  PID:13300
- C:\Windows\System\nEmdOOT.exe
  C:\Windows\System\nEmdOOT.exe
  2⤵
  PID:12400
- C:\Windows\System\vvkriPm.exe
  C:\Windows\System\vvkriPm.exe
  2⤵
  PID:12544
- C:\Windows\System\uRkrvOR.exe
  C:\Windows\System\uRkrvOR.exe
  2⤵
  PID:12664
- C:\Windows\System\xjKnTFc.exe
  C:\Windows\System\xjKnTFc.exe
  2⤵
  PID:12820
- C:\Windows\System\cGwTSmx.exe
  C:\Windows\System\cGwTSmx.exe
  2⤵
  PID:12888
- C:\Windows\System\bcMSNRT.exe
  C:\Windows\System\bcMSNRT.exe
  2⤵
  PID:13084
- C:\Windows\System\HlIPcwD.exe
  C:\Windows\System\HlIPcwD.exe
  2⤵
  PID:13216
- C:\Windows\System\PvwyZYM.exe
  C:\Windows\System\PvwyZYM.exe
  2⤵
  PID:12344
- C:\Windows\System\KOLdgUQ.exe
  C:\Windows\System\KOLdgUQ.exe
  2⤵
  PID:12720
- C:\Windows\System\vflFqwW.exe
  C:\Windows\System\vflFqwW.exe
  2⤵
  PID:13020
- C:\Windows\System\tWLzDLm.exe
  C:\Windows\System\tWLzDLm.exe
  2⤵
  PID:12464
- C:\Windows\System\npIeKwl.exe
  C:\Windows\System\npIeKwl.exe
  2⤵
  PID:13028
- C:\Windows\System\rsVtTDe.exe
  C:\Windows\System\rsVtTDe.exe
  2⤵
  PID:4220
- C:\Windows\System\BbxlQAe.exe
  C:\Windows\System\BbxlQAe.exe
  2⤵
  PID:13060
- C:\Windows\System\iWouSxS.exe
  C:\Windows\System\iWouSxS.exe
  2⤵
  PID:13196
- C:\Windows\System\vBoyYyL.exe
  C:\Windows\System\vBoyYyL.exe
  2⤵
  PID:13328
- C:\Windows\System\ryoCQFB.exe
  C:\Windows\System\ryoCQFB.exe
  2⤵
  PID:13360
- C:\Windows\System\FIUaKfm.exe
  C:\Windows\System\FIUaKfm.exe
  2⤵
  PID:13392
- C:\Windows\System\VnEHJUl.exe
  C:\Windows\System\VnEHJUl.exe
  2⤵
  PID:13416
- C:\Windows\System\JUfJqDC.exe
  C:\Windows\System\JUfJqDC.exe
  2⤵
  PID:13448
- C:\Windows\System\SgCGrdD.exe
  C:\Windows\System\SgCGrdD.exe
  2⤵
  PID:13484
- C:\Windows\System\JIFadHO.exe
  C:\Windows\System\JIFadHO.exe
  2⤵
  PID:13500
- C:\Windows\System\jwXeVJe.exe
  C:\Windows\System\jwXeVJe.exe
  2⤵
  PID:13524
- C:\Windows\System\WKJvnmP.exe
  C:\Windows\System\WKJvnmP.exe
  2⤵
  PID:13548
- C:\Windows\System\qfTjumd.exe
  C:\Windows\System\qfTjumd.exe
  2⤵
  PID:13588
- C:\Windows\System\FuoHHhi.exe
  C:\Windows\System\FuoHHhi.exe
  2⤵
  PID:13636
- C:\Windows\System\xpOYTgf.exe
  C:\Windows\System\xpOYTgf.exe
  2⤵
  PID:13676
- C:\Windows\System\bpFBbyb.exe
  C:\Windows\System\bpFBbyb.exe
  2⤵
  PID:13700
- C:\Windows\System\CJtpwMy.exe
  C:\Windows\System\CJtpwMy.exe
  2⤵
  PID:13736
- C:\Windows\System\qqUrPgj.exe
  C:\Windows\System\qqUrPgj.exe
  2⤵
  PID:13760
- C:\Windows\System\tBspAwQ.exe
  C:\Windows\System\tBspAwQ.exe
  2⤵
  PID:13808
- C:\Windows\System\nqffRnV.exe
  C:\Windows\System\nqffRnV.exe
  2⤵
  PID:13828
- C:\Windows\System\GPbmyyT.exe
  C:\Windows\System\GPbmyyT.exe
  2⤵
  PID:13844
- C:\Windows\System\lkZfghU.exe
  C:\Windows\System\lkZfghU.exe
  2⤵
  PID:13884
- C:\Windows\System\YoVosts.exe
  C:\Windows\System\YoVosts.exe
  2⤵
  PID:13916
- C:\Windows\System\hwtndOt.exe
  C:\Windows\System\hwtndOt.exe
  2⤵
  PID:13940
- C:\Windows\System\OCLamfY.exe
  C:\Windows\System\OCLamfY.exe
  2⤵
  PID:13968
- C:\Windows\System\IexEgkT.exe
  C:\Windows\System\IexEgkT.exe
  2⤵
  PID:14000
- C:\Windows\System\pAKBoGf.exe
  C:\Windows\System\pAKBoGf.exe
  2⤵
  PID:14028
- C:\Windows\System\KzXbNRT.exe
  C:\Windows\System\KzXbNRT.exe
  2⤵
  PID:14056
- C:\Windows\System\zjshmGR.exe
  C:\Windows\System\zjshmGR.exe
  2⤵
  PID:14088
- C:\Windows\System\XSLufBj.exe
  C:\Windows\System\XSLufBj.exe
  2⤵
  PID:14112
- C:\Windows\System\MTszCbU.exe
  C:\Windows\System\MTszCbU.exe
  2⤵
  PID:14140
- C:\Windows\System\oJHRqZa.exe
  C:\Windows\System\oJHRqZa.exe
  2⤵
  PID:14168
- C:\Windows\System\HcgiPyZ.exe
  C:\Windows\System\HcgiPyZ.exe
  2⤵
  PID:14196
- C:\Windows\System\ffOoPDX.exe
  C:\Windows\System\ffOoPDX.exe
  2⤵
  PID:14224
- C:\Windows\System\RzoLYDJ.exe
  C:\Windows\System\RzoLYDJ.exe
  2⤵
  PID:14248
- C:\Windows\System\cPqOVfA.exe
  C:\Windows\System\cPqOVfA.exe
  2⤵
  PID:14280
- C:\Windows\System\QuSbWWU.exe
  C:\Windows\System\QuSbWWU.exe
  2⤵
  PID:14308
- C:\Windows\System\EVXAEDY.exe
  C:\Windows\System\EVXAEDY.exe
  2⤵
  PID:12636
- C:\Windows\System\gocFrpZ.exe
  C:\Windows\System\gocFrpZ.exe
  2⤵
  PID:13356
- C:\Windows\System\ztAzvAv.exe
  C:\Windows\System\ztAzvAv.exe
  2⤵
  PID:13432
- C:\Windows\System\wKPaovj.exe
  C:\Windows\System\wKPaovj.exe
  2⤵
  PID:4956
- C:\Windows\System\DUuyxOx.exe
  C:\Windows\System\DUuyxOx.exe
  2⤵
  PID:1536
- C:\Windows\System\ADARAeH.exe
  C:\Windows\System\ADARAeH.exe
  2⤵
  PID:4380
- C:\Windows\System\gpkrOxE.exe
  C:\Windows\System\gpkrOxE.exe
  2⤵
  PID:3196
- C:\Windows\System\sWEbIyY.exe
  C:\Windows\System\sWEbIyY.exe
  2⤵
  PID:2744
- C:\Windows\System\vQuMyJW.exe
  C:\Windows\System\vQuMyJW.exe
  2⤵
  PID:13672
- C:\Windows\System\KcgMxgI.exe
  C:\Windows\System\KcgMxgI.exe
  2⤵
  PID:4868
- C:\Windows\System\JGoWveC.exe
  C:\Windows\System\JGoWveC.exe
  2⤵
  PID:1852
- C:\Windows\System\vGvyViG.exe
  C:\Windows\System\vGvyViG.exe
  2⤵
  PID:1424
- C:\Windows\System\SSxrcys.exe
  C:\Windows\System\SSxrcys.exe
  2⤵
  PID:5408
- C:\Windows\System\nmujQGH.exe
  C:\Windows\System\nmujQGH.exe
  2⤵
  PID:4148
- C:\Windows\System\HqFQkBJ.exe
  C:\Windows\System\HqFQkBJ.exe
  2⤵
  PID:13820
- C:\Windows\System\CCvIYti.exe
  C:\Windows\System\CCvIYti.exe
  2⤵
  PID:4596
- C:\Windows\System\Jarkvhy.exe
  C:\Windows\System\Jarkvhy.exe
  2⤵
  PID:4268
- C:\Windows\System\bJiRmyj.exe
  C:\Windows\System\bJiRmyj.exe
  2⤵
  PID:5788
- C:\Windows\System\pFbOzbJ.exe
  C:\Windows\System\pFbOzbJ.exe
  2⤵
  PID:3932
- C:\Windows\System\JjPxcUK.exe
  C:\Windows\System\JjPxcUK.exe
  2⤵
  PID:2168
- C:\Windows\System\UTXcqAO.exe
  C:\Windows\System\UTXcqAO.exe
  2⤵
  PID:4156
- C:\Windows\System\kSUDuEI.exe
  C:\Windows\System\kSUDuEI.exe
  2⤵
  PID:6024
- C:\Windows\System\tFWeajH.exe
  C:\Windows\System\tFWeajH.exe
  2⤵
  PID:13936
- C:\Windows\System\KOKFKtw.exe
  C:\Windows\System\KOKFKtw.exe
  2⤵
  PID:13964
- C:\Windows\System\xWSfCAr.exe
  C:\Windows\System\xWSfCAr.exe
  2⤵
  PID:5220
- C:\Windows\System\KCMbGuq.exe
  C:\Windows\System\KCMbGuq.exe
  2⤵
  PID:14020
- C:\Windows\System\klNfFUj.exe
  C:\Windows\System\klNfFUj.exe
  2⤵
  PID:14048
- C:\Windows\System\bOxwMdv.exe
  C:\Windows\System\bOxwMdv.exe
  2⤵
  PID:5036
- C:\Windows\System\dTxdzuL.exe
  C:\Windows\System\dTxdzuL.exe
  2⤵
  PID:13664
- C:\Windows\System\IMveysU.exe
  C:\Windows\System\IMveysU.exe
  2⤵
  PID:14156
- C:\Windows\System\SvavqwY.exe
  C:\Windows\System\SvavqwY.exe
  2⤵
  PID:13684
- C:\Windows\System\ZyiGAGe.exe
  C:\Windows\System\ZyiGAGe.exe
  2⤵
  PID:5776
- C:\Windows\System\ikhKqkx.exe
  C:\Windows\System\ikhKqkx.exe
  2⤵
  PID:14208
- C:\Windows\System\GRNSYxS.exe
  C:\Windows\System\GRNSYxS.exe
  2⤵
  PID:14260
- C:\Windows\System\PMaByPl.exe
  C:\Windows\System\PMaByPl.exe
  2⤵
  PID:14268
- C:\Windows\System\PjbDhTb.exe
  C:\Windows\System\PjbDhTb.exe
  2⤵
  PID:14304
- C:\Windows\System\yoDqqhE.exe
  C:\Windows\System\yoDqqhE.exe
  2⤵
  PID:6196
- C:\Windows\System\YVrprYy.exe
  C:\Windows\System\YVrprYy.exe
  2⤵
  PID:13352
- C:\Windows\System\wBZiTos.exe
  C:\Windows\System\wBZiTos.exe
  2⤵
  PID:13460
- C:\Windows\System\ZuwNMJL.exe
  C:\Windows\System\ZuwNMJL.exe
  2⤵
  PID:232
- C:\Windows\System\aaMhDum.exe
  C:\Windows\System\aaMhDum.exe
  2⤵
  PID:13516
- C:\Windows\System\dbGDpjS.exe
  C:\Windows\System\dbGDpjS.exe
  2⤵
  PID:4804
- C:\Windows\System\GYfOMrX.exe
  C:\Windows\System\GYfOMrX.exe
  2⤵
  PID:408
- C:\Windows\System\GmZpVDL.exe
  C:\Windows\System\GmZpVDL.exe
  2⤵
  PID:13620
- C:\Windows\System\DTobTZF.exe
  C:\Windows\System\DTobTZF.exe
  2⤵
  PID:3620
- C:\Windows\System\LGpGKxw.exe
  C:\Windows\System\LGpGKxw.exe
  2⤵
  PID:4668
- C:\Windows\System\hODnxVh.exe
  C:\Windows\System\hODnxVh.exe
  2⤵
  PID:4352
- C:\Windows\System\UbLwGZT.exe
  C:\Windows\System\UbLwGZT.exe
  2⤵
  PID:12596
- C:\Windows\System\LfdQEzW.exe
  C:\Windows\System\LfdQEzW.exe
  2⤵
  PID:13752
- C:\Windows\System\XKLAdwq.exe
  C:\Windows\System\XKLAdwq.exe
  2⤵
  PID:6536
- C:\Windows\System\wOxTySk.exe
  C:\Windows\System\wOxTySk.exe
  2⤵
  PID:6572
- C:\Windows\System\jZkeeYl.exe
  C:\Windows\System\jZkeeYl.exe
  2⤵
  PID:13824
- C:\Windows\System\TMsFLtv.exe
  C:\Windows\System\TMsFLtv.exe
  2⤵
  PID:6628
- C:\Windows\System\oMSVFRp.exe
  C:\Windows\System\oMSVFRp.exe
  2⤵
  PID:2124
- C:\Windows\System\lCAlveS.exe
  C:\Windows\System\lCAlveS.exe
  2⤵
  PID:6684
- C:\Windows\System\jblWpoU.exe
  C:\Windows\System\jblWpoU.exe
  2⤵
  PID:6712
- C:\Windows\System\BiYmsnZ.exe
  C:\Windows\System\BiYmsnZ.exe
  2⤵
  PID:13908
- C:\Windows\System\MnDDdbj.exe
  C:\Windows\System\MnDDdbj.exe
  2⤵
  PID:6784
- C:\Windows\System\rQENLwG.exe
  C:\Windows\System\rQENLwG.exe
  2⤵
  PID:6796
- C:\Windows\System\CSOyYkw.exe
  C:\Windows\System\CSOyYkw.exe
  2⤵
  PID:4484
- C:\Windows\System\PHTVzuT.exe
  C:\Windows\System\PHTVzuT.exe
  2⤵
  PID:6852
- C:\Windows\System\nNZggYq.exe
  C:\Windows\System\nNZggYq.exe
  2⤵
  PID:14108
- C:\Windows\System\KlpgDeE.exe
  C:\Windows\System\KlpgDeE.exe
  2⤵
  PID:2252
- C:\Windows\System\ItIaJTi.exe
  C:\Windows\System\ItIaJTi.exe
  2⤵
  PID:6948
- C:\Windows\System\kpJZrZN.exe
  C:\Windows\System\kpJZrZN.exe
  2⤵
  PID:1944
- C:\Windows\System\CAgekQy.exe
  C:\Windows\System\CAgekQy.exe
  2⤵
  PID:940
- C:\Windows\System\ZyuQghx.exe
  C:\Windows\System\ZyuQghx.exe
  2⤵
  PID:7032
- C:\Windows\System\GzjlUkf.exe
  C:\Windows\System\GzjlUkf.exe
  2⤵
  PID:14300
- C:\Windows\System\iONdYPQ.exe
  C:\Windows\System\iONdYPQ.exe
  2⤵
  PID:7064
- C:\Windows\System\XeHfNjs.exe
  C:\Windows\System\XeHfNjs.exe
  2⤵
  PID:4844
- C:\Windows\System\OqMIwLG.exe
  C:\Windows\System\OqMIwLG.exe
  2⤵
  PID:13472
- C:\Windows\System\zCgVrqm.exe
  C:\Windows\System\zCgVrqm.exe
  2⤵
  PID:6336
- C:\Windows\System\pmSUAor.exe
  C:\Windows\System\pmSUAor.exe
  2⤵
  PID:6344
- C:\Windows\System\xtwjSIM.exe
  C:\Windows\System\xtwjSIM.exe
  2⤵
  PID:6424
- C:\Windows\System\lTSGmvb.exe
  C:\Windows\System\lTSGmvb.exe
  2⤵
  PID:3548
- C:\Windows\System\SSgGbqN.exe
  C:\Windows\System\SSgGbqN.exe
  2⤵
  PID:2768
- C:\Windows\System\XbfkVJt.exe
  C:\Windows\System\XbfkVJt.exe
  2⤵
  PID:2776
- C:\Windows\System\UrdWLpT.exe
  C:\Windows\System\UrdWLpT.exe
  2⤵
  PID:5340
- C:\Windows\System\gNycYPm.exe
  C:\Windows\System\gNycYPm.exe
  2⤵
  PID:5368
- C:\Windows\System\SuktLkE.exe
  C:\Windows\System\SuktLkE.exe
  2⤵
  PID:6592
- C:\Windows\System\yJRGXAb.exe
  C:\Windows\System\yJRGXAb.exe
  2⤵
  PID:13348
- C:\Windows\System\GFXQEra.exe
  C:\Windows\System\GFXQEra.exe
  2⤵
  PID:5720
- C:\Windows\System\ozZXuHM.exe
  C:\Windows\System\ozZXuHM.exe
  2⤵
  PID:4508
- C:\Windows\System\QgsymnL.exe
  C:\Windows\System\QgsymnL.exe
  2⤵
  PID:6816
- C:\Windows\System\BPTrAlj.exe
  C:\Windows\System\BPTrAlj.exe
  2⤵
  PID:6752
- C:\Windows\System\ZvgmlKH.exe
  C:\Windows\System\ZvgmlKH.exe
  2⤵
  PID:5552
- C:\Windows\System\xpqxGaS.exe
  C:\Windows\System\xpqxGaS.exe
  2⤵
  PID:5572
- C:\Windows\System\KrNoOhS.exe
  C:\Windows\System\KrNoOhS.exe
  2⤵
  PID:7056
- C:\Windows\System\AQzxVKF.exe
  C:\Windows\System\AQzxVKF.exe
  2⤵
  PID:13712
- C:\Windows\System\pewbMfe.exe
  C:\Windows\System\pewbMfe.exe
  2⤵
  PID:2468
- C:\Windows\System\xOSOxDr.exe
  C:\Windows\System\xOSOxDr.exe
  2⤵
  PID:6168
- C:\Windows\System\sTgrEod.exe
  C:\Windows\System\sTgrEod.exe
  2⤵
  PID:2356
- C:\Windows\System\VXREIyf.exe
  C:\Windows\System\VXREIyf.exe
  2⤵
  PID:6172
- C:\Windows\System\euCEGWs.exe
  C:\Windows\System\euCEGWs.exe
  2⤵
  PID:5744
- C:\Windows\System\uFDYHUW.exe
  C:\Windows\System\uFDYHUW.exe
  2⤵
  PID:7152
- C:\Windows\System\OTwDpVd.exe
  C:\Windows\System\OTwDpVd.exe
  2⤵
  PID:6236
- C:\Windows\System\lYQrNag.exe
  C:\Windows\System\lYQrNag.exe
  2⤵
  PID:6648
- C:\Windows\System\IuwNKKg.exe
  C:\Windows\System\IuwNKKg.exe
  2⤵
  PID:5272
- C:\Windows\System\JSTQclX.exe
  C:\Windows\System\JSTQclX.exe
  2⤵
  PID:2520
- C:\Windows\System\BVrdvyo.exe
  C:\Windows\System\BVrdvyo.exe
  2⤵
  PID:6680
- C:\Windows\System\jVyMANZ.exe
  C:\Windows\System\jVyMANZ.exe
  2⤵
  PID:6232
- C:\Windows\System\VriiKFd.exe
  C:\Windows\System\VriiKFd.exe
  2⤵
  PID:6764
- C:\Windows\System\bTkRXUK.exe
  C:\Windows\System\bTkRXUK.exe
  2⤵
  PID:5880
- C:\Windows\System\UeqoXfA.exe
  C:\Windows\System\UeqoXfA.exe
  2⤵
  PID:6656
- C:\Windows\System\BRvbmPz.exe
  C:\Windows\System\BRvbmPz.exe
  2⤵
  PID:6720
- C:\Windows\System\ePXCOLg.exe
  C:\Windows\System\ePXCOLg.exe
  2⤵
  PID:13628
- C:\Windows\System\ZbRiCGF.exe
  C:\Windows\System\ZbRiCGF.exe
  2⤵
  PID:7292
- C:\Windows\System\jSgxLvR.exe
  C:\Windows\System\jSgxLvR.exe
  2⤵
  PID:7120
- C:\Windows\System\YhcyOKO.exe
  C:\Windows\System\YhcyOKO.exe
  2⤵
  PID:7380
- C:\Windows\System\gfbybhz.exe
  C:\Windows\System\gfbybhz.exe
  2⤵
  PID:5688
- C:\Windows\System\UAtAZEl.exe
  C:\Windows\System\UAtAZEl.exe
  2⤵
  PID:7432
- C:\Windows\System\IpJJQoy.exe
  C:\Windows\System\IpJJQoy.exe
  2⤵
  PID:6904
- C:\Windows\System\OBtWMnm.exe
  C:\Windows\System\OBtWMnm.exe
  2⤵
  PID:692
- C:\Windows\System\CyPZdLx.exe
  C:\Windows\System\CyPZdLx.exe
  2⤵
  PID:5780
- C:\Windows\System\TBhVlYL.exe
  C:\Windows\System\TBhVlYL.exe
  2⤵
  PID:2224
- C:\Windows\System\fTpmhZz.exe
  C:\Windows\System\fTpmhZz.exe
  2⤵
  PID:6200
- C:\Windows\System\OXpMkaB.exe
  C:\Windows\System\OXpMkaB.exe
  2⤵
  PID:5312
- C:\Windows\System\usTKDjh.exe
  C:\Windows\System\usTKDjh.exe
  2⤵
  PID:5284
- C:\Windows\System\WkrCVYi.exe
  C:\Windows\System\WkrCVYi.exe
  2⤵
  PID:7940
- C:\Windows\System\adjNSyh.exe
  C:\Windows\System\adjNSyh.exe
  2⤵
  PID:8000
- C:\Windows\System\NygGqDj.exe
  C:\Windows\System\NygGqDj.exe
  2⤵
  PID:5524
- C:\Windows\System\iulDbcB.exe
  C:\Windows\System\iulDbcB.exe
  2⤵
  PID:4648
- C:\Windows\System\uQaoGXw.exe
  C:\Windows\System\uQaoGXw.exe
  2⤵
  PID:7356
- C:\Windows\System\SrGtNkM.exe
  C:\Windows\System\SrGtNkM.exe
  2⤵
  PID:6348
- C:\Windows\System\LEKthRO.exe
  C:\Windows\System\LEKthRO.exe
  2⤵
  PID:7260
- C:\Windows\System\VnjrtQl.exe
  C:\Windows\System\VnjrtQl.exe
  2⤵
  PID:456
- C:\Windows\System\OWjBwyI.exe
  C:\Windows\System\OWjBwyI.exe
  2⤵
  PID:6280
- C:\Windows\System\etbrFqm.exe
  C:\Windows\System\etbrFqm.exe
  2⤵
  PID:7540
- C:\Windows\System\hwaOSoy.exe
  C:\Windows\System\hwaOSoy.exe
  2⤵
  PID:3376
- C:\Windows\System\ZeGTkMl.exe
  C:\Windows\System\ZeGTkMl.exe
  2⤵
  PID:7948
- C:\Windows\System\fsBESmG.exe
  C:\Windows\System\fsBESmG.exe
  2⤵
  PID:8028
- C:\Windows\System\FrqFrqg.exe
  C:\Windows\System\FrqFrqg.exe
  2⤵
  PID:7812
- C:\Windows\System\JFsPBHy.exe
  C:\Windows\System\JFsPBHy.exe
  2⤵
  PID:8108
- C:\Windows\System\GDcHbkU.exe
  C:\Windows\System\GDcHbkU.exe
  2⤵
  PID:7492
- C:\Windows\System\yqSmBdF.exe
  C:\Windows\System\yqSmBdF.exe
  2⤵
  PID:7304
- C:\Windows\System\VnkGzum.exe
  C:\Windows\System\VnkGzum.exe
  2⤵
  PID:6396
- C:\Windows\System\hPIMRAo.exe
  C:\Windows\System\hPIMRAo.exe
  2⤵
  PID:6392
- C:\Windows\System\NVjGQkt.exe
  C:\Windows\System\NVjGQkt.exe
  2⤵
  PID:7960
- C:\Windows\System\udxFcyf.exe
  C:\Windows\System\udxFcyf.exe
  2⤵
  PID:8060
- C:\Windows\System\KmMzoim.exe
  C:\Windows\System\KmMzoim.exe
  2⤵
  PID:7316
- C:\Windows\System\zVGkkPw.exe
  C:\Windows\System\zVGkkPw.exe
  2⤵
  PID:7660
- C:\Windows\System\VaNaESV.exe
  C:\Windows\System\VaNaESV.exe
  2⤵
  PID:7568
- C:\Windows\System\RPmxYXN.exe
  C:\Windows\System\RPmxYXN.exe
  2⤵
  PID:7764
- C:\Windows\System\ciiYkfM.exe
  C:\Windows\System\ciiYkfM.exe
  2⤵
  PID:8236
- C:\Windows\System\sOJIDIN.exe
  C:\Windows\System\sOJIDIN.exe
  2⤵
  PID:8264
- C:\Windows\System\LTqLvVl.exe
  C:\Windows\System\LTqLvVl.exe
  2⤵
  PID:7388
- C:\Windows\System\DLsuuDR.exe
  C:\Windows\System\DLsuuDR.exe
  2⤵
  PID:1260
- C:\Windows\System\AUbUfzZ.exe
  C:\Windows\System\AUbUfzZ.exe
  2⤵
  PID:7696
- C:\Windows\System\upEtnim.exe
  C:\Windows\System\upEtnim.exe
  2⤵
  PID:8432
- C:\Windows\System\tGyuugY.exe
  C:\Windows\System\tGyuugY.exe
  2⤵
  PID:7488
- C:\Windows\System\SFhghHa.exe
  C:\Windows\System\SFhghHa.exe
  2⤵
  PID:7200
- C:\Windows\System\dpNAYIC.exe
  C:\Windows\System\dpNAYIC.exe
  2⤵
  PID:8556
- C:\Windows\System\dkajIAf.exe
  C:\Windows\System\dkajIAf.exe
  2⤵
  PID:8376
- C:\Windows\System\qUTDeVg.exe
  C:\Windows\System\qUTDeVg.exe
  2⤵
  PID:8644
- C:\Windows\System\hVofHRq.exe
  C:\Windows\System\hVofHRq.exe
  2⤵
  PID:8620
- C:\Windows\System\nkiTRAr.exe
  C:\Windows\System\nkiTRAr.exe
  2⤵
  PID:8728
- C:\Windows\System\gVqhaup.exe
  C:\Windows\System\gVqhaup.exe
  2⤵
  PID:8724
- C:\Windows\System\whvYNUf.exe
  C:\Windows\System\whvYNUf.exe
  2⤵
  PID:8816
- C:\Windows\System\rCoegWL.exe
  C:\Windows\System\rCoegWL.exe
  2⤵
  PID:14508
- C:\Windows\System\ARMtgMz.exe
  C:\Windows\System\ARMtgMz.exe
  2⤵
  PID:14524
- C:\Windows\System\MlHrXcE.exe
  C:\Windows\System\MlHrXcE.exe
  2⤵
  PID:14552
- C:\Windows\System\XpEtJEg.exe
  C:\Windows\System\XpEtJEg.exe
  2⤵
  PID:14580
- C:\Windows\System\eHtgalS.exe
  C:\Windows\System\eHtgalS.exe
  2⤵
  PID:14608
- C:\Windows\System\PzlddiP.exe
  C:\Windows\System\PzlddiP.exe
  2⤵
  PID:14636
- C:\Windows\System\OsEaPkZ.exe
  C:\Windows\System\OsEaPkZ.exe
  2⤵
  PID:14664
- C:\Windows\System\EwPztQP.exe
  C:\Windows\System\EwPztQP.exe
  2⤵
  PID:14692
- C:\Windows\System\nYtBtQG.exe
  C:\Windows\System\nYtBtQG.exe
  2⤵
  PID:14720
- C:\Windows\System\BdGZzvt.exe
  C:\Windows\System\BdGZzvt.exe
  2⤵
  PID:14748
- C:\Windows\System\NUkaQgM.exe
  C:\Windows\System\NUkaQgM.exe
  2⤵
  PID:14776
- C:\Windows\System\vzINSsP.exe
  C:\Windows\System\vzINSsP.exe
  2⤵
  PID:14804
- C:\Windows\System\brcWnZP.exe
  C:\Windows\System\brcWnZP.exe
  2⤵
  PID:14832
- C:\Windows\System\QJeGjiC.exe
  C:\Windows\System\QJeGjiC.exe
  2⤵
  PID:14904
- C:\Windows\System\ncgdrXy.exe
  C:\Windows\System\ncgdrXy.exe
  2⤵
  PID:14920
- C:\Windows\System\EyFvgMt.exe
  C:\Windows\System\EyFvgMt.exe
  2⤵
  PID:14952
- C:\Windows\System\dMreiKs.exe
  C:\Windows\System\dMreiKs.exe
  2⤵
  PID:14980
- C:\Windows\System\DvWaMBC.exe
  C:\Windows\System\DvWaMBC.exe
  2⤵
  PID:15012
- C:\Windows\System\yfEeHhO.exe
  C:\Windows\System\yfEeHhO.exe
  2⤵
  PID:15108
- C:\Windows\System\eJBsinN.exe
  C:\Windows\System\eJBsinN.exe
  2⤵
  PID:15132
- C:\Windows\System\DyWMjWH.exe
  C:\Windows\System\DyWMjWH.exe
  2⤵
  PID:15184
- C:\Windows\System\mNjUcGk.exe
  C:\Windows\System\mNjUcGk.exe
  2⤵
  PID:15200
- C:\Windows\System\JiYTkDJ.exe
  C:\Windows\System\JiYTkDJ.exe
  2⤵
  PID:15232
- C:\Windows\System\VwCXhGj.exe
  C:\Windows\System\VwCXhGj.exe
  2⤵
  PID:15296
- C:\Windows\System\UGwwMyX.exe
  C:\Windows\System\UGwwMyX.exe
  2⤵
  PID:15340
- C:\Windows\System\btFZnQg.exe
  C:\Windows\System\btFZnQg.exe
  2⤵
  PID:14340
- C:\Windows\System\nAzgGOC.exe
  C:\Windows\System\nAzgGOC.exe
  2⤵
  PID:14360
- C:\Windows\System\DpTwUtO.exe
  C:\Windows\System\DpTwUtO.exe
  2⤵
  PID:14376
- C:\Windows\System\fZqlwHK.exe
  C:\Windows\System\fZqlwHK.exe
  2⤵
  PID:14396
- C:\Windows\System\qaDPjeZ.exe
  C:\Windows\System\qaDPjeZ.exe
  2⤵
  PID:9060
- C:\Windows\System\btLXzyR.exe
  C:\Windows\System\btLXzyR.exe
  2⤵
  PID:9116
- C:\Windows\System\uHcyxJX.exe
  C:\Windows\System\uHcyxJX.exe
  2⤵
  PID:9164
- C:\Windows\System\ZKzpFbz.exe
  C:\Windows\System\ZKzpFbz.exe
  2⤵
  PID:14516
- C:\Windows\System\ToqaPyf.exe
  C:\Windows\System\ToqaPyf.exe
  2⤵
  PID:8684
- C:\Windows\System\VzkgfQj.exe
  C:\Windows\System\VzkgfQj.exe
  2⤵
  PID:14604
- C:\Windows\System\cZrJvbf.exe
  C:\Windows\System\cZrJvbf.exe
  2⤵
  PID:8896
- C:\Windows\System\LVZFQMT.exe
  C:\Windows\System\LVZFQMT.exe
  2⤵
  PID:8312
- C:\Windows\System\lNPanmJ.exe
  C:\Windows\System\lNPanmJ.exe
  2⤵
  PID:14884
- C:\Windows\System\uIpmziQ.exe
  C:\Windows\System\uIpmziQ.exe
  2⤵
  PID:14492
- C:\Windows\System\jpIjiFR.exe
  C:\Windows\System\jpIjiFR.exe
  2⤵
  PID:2096
- C:\Windows\System\ekeIlLj.exe
  C:\Windows\System\ekeIlLj.exe
  2⤵
  PID:15040
- C:\Windows\System\uAHUooO.exe
  C:\Windows\System\uAHUooO.exe
  2⤵
  PID:9012
- C:\Windows\System\VkWiZEP.exe
  C:\Windows\System\VkWiZEP.exe
  2⤵
  PID:3660
- C:\Windows\System\apWroXb.exe
  C:\Windows\System\apWroXb.exe
  2⤵
  PID:8288
- C:\Windows\System\nBbPAgc.exe
  C:\Windows\System\nBbPAgc.exe
  2⤵
  PID:8860
- C:\Windows\System\LfovpcW.exe
  C:\Windows\System\LfovpcW.exe
  2⤵
  PID:15124
- C:\Windows\System\gXBDSEw.exe
  C:\Windows\System\gXBDSEw.exe
  2⤵
  PID:15164
- C:\Windows\System\pVeEjmt.exe
  C:\Windows\System\pVeEjmt.exe
  2⤵
  PID:3148
- C:\Windows\System\hNhuAzG.exe
  C:\Windows\System\hNhuAzG.exe
  2⤵
  PID:9236
- C:\Windows\System\ajGxxXy.exe
  C:\Windows\System\ajGxxXy.exe
  2⤵
  PID:15272
- C:\Windows\System\ewBiCQk.exe
  C:\Windows\System\ewBiCQk.exe
  2⤵
  PID:9324
- C:\Windows\System\eERCJCg.exe
  C:\Windows\System\eERCJCg.exe
  2⤵
  PID:15328
- C:\Windows\System\qarponq.exe
  C:\Windows\System\qarponq.exe
  2⤵
  PID:8852
- C:\Windows\System\HQHKAzN.exe
  C:\Windows\System\HQHKAzN.exe
  2⤵
  PID:15156
- C:\Windows\System\REWOruO.exe
  C:\Windows\System\REWOruO.exe
  2⤵
  PID:15172
- C:\Windows\System\QiLZKkg.exe
  C:\Windows\System\QiLZKkg.exe
  2⤵
  PID:14372
- C:\Windows\System\RXKaeTl.exe
  C:\Windows\System\RXKaeTl.exe
  2⤵
  PID:9016
- C:\Windows\System\fKvUNkX.exe
  C:\Windows\System\fKvUNkX.exe
  2⤵
  PID:9528
- C:\Windows\System\PqtuOWG.exe
  C:\Windows\System\PqtuOWG.exe
  2⤵
  PID:14484
- C:\Windows\System\kKVwshY.exe
  C:\Windows\System\kKVwshY.exe
  2⤵
  PID:9636
- C:\Windows\System\btpZwkr.exe
  C:\Windows\System\btpZwkr.exe
  2⤵
  PID:9672
- C:\Windows\System\dcYXFWD.exe
  C:\Windows\System\dcYXFWD.exe
  2⤵
  PID:3248
- C:\Windows\System\PZBuLqq.exe
  C:\Windows\System\PZBuLqq.exe
  2⤵
  PID:8768
- C:\Windows\System\AHrdxXH.exe
  C:\Windows\System\AHrdxXH.exe
  2⤵
  PID:14676
- C:\Windows\System\DacunIN.exe
  C:\Windows\System\DacunIN.exe
  2⤵
  PID:6096
- C:\Windows\System\xNBWQOu.exe
  C:\Windows\System\xNBWQOu.exe
  2⤵
  PID:14656
- C:\Windows\System\ReuouQP.exe
  C:\Windows\System\ReuouQP.exe
  2⤵
  PID:9844
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 9844 -s 256
    3⤵
    PID:14876
- C:\Windows\System\QYOoDSu.exe
  C:\Windows\System\QYOoDSu.exe
  2⤵
  PID:14852
- C:\Windows\System\UaHHoZE.exe
  C:\Windows\System\UaHHoZE.exe
  2⤵
  PID:14964
- C:\Windows\System\MCZAfTJ.exe
  C:\Windows\System\MCZAfTJ.exe
  2⤵
  PID:10048
- C:\Windows\System\jXEfWvE.exe
  C:\Windows\System\jXEfWvE.exe
  2⤵
  PID:3444
- C:\Windows\System\xfXABnp.exe
  C:\Windows\System\xfXABnp.exe
  2⤵
  PID:8428
- C:\Windows\System\kOYMHHx.exe
  C:\Windows\System\kOYMHHx.exe
  2⤵
  PID:10228
- C:\Windows\System\QNewaLS.exe
  C:\Windows\System\QNewaLS.exe
  2⤵
  PID:15120
- C:\Windows\System\kPWVird.exe
  C:\Windows\System\kPWVird.exe
  2⤵
  PID:9404
- C:\Windows\System\HzZUyrs.exe
  C:\Windows\System\HzZUyrs.exe
  2⤵
  PID:9540
- C:\Windows\System\AVgVNve.exe
  C:\Windows\System\AVgVNve.exe
  2⤵
  PID:9656
- C:\Windows\System\mviHcXe.exe
  C:\Windows\System\mviHcXe.exe
  2⤵
  PID:8952
- C:\Windows\System\AGOBLtY.exe
  C:\Windows\System\AGOBLtY.exe
  2⤵
  PID:15280
- C:\Windows\System\wuZIwIy.exe
  C:\Windows\System\wuZIwIy.exe
  2⤵
  PID:9684
- C:\Windows\System\aOWtase.exe
  C:\Windows\System\aOWtase.exe
  2⤵
  PID:9380
- C:\Windows\System\tmFoTyF.exe
  C:\Windows\System\tmFoTyF.exe
  2⤵
  PID:9940
- C:\Windows\System\QyltCor.exe
  C:\Windows\System\QyltCor.exe
  2⤵
  PID:14368
- C:\Windows\System\nQwxWwj.exe
  C:\Windows\System\nQwxWwj.exe
  2⤵
  PID:14428
- C:\Windows\System\ZfamZDx.exe
  C:\Windows\System\ZfamZDx.exe
  2⤵
  PID:10080
- C:\Windows\System\VakCatS.exe
  C:\Windows\System\VakCatS.exe
  2⤵
  PID:10164
- C:\Windows\System\NBmNlFu.exe
  C:\Windows\System\NBmNlFu.exe
  2⤵
  PID:1516
- C:\Windows\System\XDBvPXx.exe
  C:\Windows\System\XDBvPXx.exe
  2⤵
  PID:8256
- C:\Windows\System\uWCsKpK.exe
  C:\Windows\System\uWCsKpK.exe
  2⤵
  PID:9576
- C:\Windows\System\EnlKPsb.exe
  C:\Windows\System\EnlKPsb.exe
  2⤵
  PID:9728
- C:\Windows\System\hGYwLuF.exe
  C:\Windows\System\hGYwLuF.exe
  2⤵
  PID:14684
- C:\Windows\System\FNxajlH.exe
  C:\Windows\System\FNxajlH.exe
  2⤵
  PID:14660
- C:\Windows\System\QOWLrti.exe
  C:\Windows\System\QOWLrti.exe
  2⤵
  PID:9064
- C:\Windows\System\iEVGcOb.exe
  C:\Windows\System\iEVGcOb.exe
  2⤵
  PID:9232
- C:\Windows\System\crXvkuC.exe
  C:\Windows\System\crXvkuC.exe
  2⤵
  PID:9776
- C:\Windows\System\MyUTMwE.exe
  C:\Windows\System\MyUTMwE.exe
  2⤵
  PID:14972
- C:\Windows\System\iWfCtvE.exe
  C:\Windows\System\iWfCtvE.exe
  2⤵
  PID:14988
- C:\Windows\System\IUKVcst.exe
  C:\Windows\System\IUKVcst.exe
  2⤵
  PID:10172
- C:\Windows\System\eAvstHS.exe
  C:\Windows\System\eAvstHS.exe
  2⤵
  PID:14788
- C:\Windows\System\tVkBeql.exe
  C:\Windows\System\tVkBeql.exe
  2⤵
  PID:4908
- C:\Windows\System\hZjUDGp.exe
  C:\Windows\System\hZjUDGp.exe
  2⤵
  PID:14856
- C:\Windows\System\LwyOWUl.exe
  C:\Windows\System\LwyOWUl.exe
  2⤵
  PID:9260
- C:\Windows\System\KnlpELA.exe
  C:\Windows\System\KnlpELA.exe
  2⤵
  PID:9460
- C:\Windows\System\olDqjvJ.exe
  C:\Windows\System\olDqjvJ.exe
  2⤵
  PID:15196
- C:\Windows\System\qLwXocJ.exe
  C:\Windows\System\qLwXocJ.exe
  2⤵
  PID:9268
- C:\Windows\System\gvBHsWt.exe
  C:\Windows\System\gvBHsWt.exe
  2⤵
  PID:8352
- C:\Windows\System\DnnhwFY.exe
  C:\Windows\System\DnnhwFY.exe
  2⤵
  PID:9784
- C:\Windows\System\gebTIEX.exe
  C:\Windows\System\gebTIEX.exe
  2⤵
  PID:15116
- C:\Windows\System\mEKtEKX.exe
  C:\Windows\System\mEKtEKX.exe
  2⤵
  PID:10664
- C:\Windows\System\psDrozL.exe
  C:\Windows\System\psDrozL.exe
  2⤵
  PID:10692
- C:\Windows\System\WgkrLyw.exe
  C:\Windows\System\WgkrLyw.exe
  2⤵
  PID:9552
- C:\Windows\System\RIuegjf.exe
  C:\Windows\System\RIuegjf.exe
  2⤵
  PID:9224
- C:\Windows\System\PJDkWsp.exe
  C:\Windows\System\PJDkWsp.exe
  2⤵
  PID:9704
- C:\Windows\System\uIETfst.exe
  C:\Windows\System\uIETfst.exe
  2⤵
  PID:9868
- C:\Windows\System\cQIGXWg.exe
  C:\Windows\System\cQIGXWg.exe
  2⤵
  PID:9816
- C:\Windows\System\XUajQwJ.exe
  C:\Windows\System\XUajQwJ.exe
  2⤵
  PID:14896
- C:\Windows\System\KVwGpGz.exe
  C:\Windows\System\KVwGpGz.exe
  2⤵
  PID:10940
- C:\Windows\System\HooMDEF.exe
  C:\Windows\System\HooMDEF.exe
  2⤵
  PID:10996
- C:\Windows\System\ZxjZRJy.exe
  C:\Windows\System\ZxjZRJy.exe
  2⤵
  PID:9080
- C:\Windows\System\dINewyY.exe
  C:\Windows\System\dINewyY.exe
  2⤵
  PID:15056
- C:\Windows\System\DFdgAXs.exe
  C:\Windows\System\DFdgAXs.exe
  2⤵
  PID:11108
- C:\Windows\System\UpNcaCW.exe
  C:\Windows\System\UpNcaCW.exe
  2⤵
  PID:11136
- C:\Windows\System\Vpgkgdt.exe
  C:\Windows\System\Vpgkgdt.exe
  2⤵
  PID:9152
- C:\Windows\System\rFTnzjE.exe
  C:\Windows\System\rFTnzjE.exe
  2⤵
  PID:11228
- C:\Windows\System\cYknXJM.exe
  C:\Windows\System\cYknXJM.exe
  2⤵
  PID:11248
- C:\Windows\System\gNiBnBA.exe
  C:\Windows\System\gNiBnBA.exe
  2⤵
  PID:10572
- C:\Windows\System\yMyhWyU.exe
  C:\Windows\System\yMyhWyU.exe
  2⤵
  PID:10408
- C:\Windows\System\QudUfQw.exe
  C:\Windows\System\QudUfQw.exe
  2⤵
  PID:10084
- C:\Windows\System\Camzncx.exe
  C:\Windows\System\Camzncx.exe
  2⤵
  PID:10740
- C:\Windows\System\CxTekME.exe
  C:\Windows\System\CxTekME.exe
  2⤵
  PID:10644
- C:\Windows\System\TZzgbJg.exe
  C:\Windows\System\TZzgbJg.exe
  2⤵
  PID:9720
- C:\Windows\System\bkssQpq.exe
  C:\Windows\System\bkssQpq.exe
  2⤵
  PID:10884
- C:\Windows\System\iTLEUmU.exe
  C:\Windows\System\iTLEUmU.exe
  2⤵
  PID:10948
- C:\Windows\System\abOuGYg.exe
  C:\Windows\System\abOuGYg.exe
  2⤵
  PID:11012
- C:\Windows\System\XuraoBN.exe
  C:\Windows\System\XuraoBN.exe
  2⤵
  PID:11080
- C:\Windows\System\FLMbXPU.exe
  C:\Windows\System\FLMbXPU.exe
  2⤵
  PID:11196
- C:\Windows\System\lAawqmK.exe
  C:\Windows\System\lAawqmK.exe
  2⤵
  PID:11192
- C:\Windows\System\wUrSShS.exe
  C:\Windows\System\wUrSShS.exe
  2⤵
  PID:11256
- C:\Windows\System\VcbHZhc.exe
  C:\Windows\System\VcbHZhc.exe
  2⤵
  PID:10608
- C:\Windows\System\ZnNMyzA.exe
  C:\Windows\System\ZnNMyzA.exe
  2⤵
  PID:8996
- C:\Windows\System\UpjrwzM.exe
  C:\Windows\System\UpjrwzM.exe
  2⤵
  PID:10752
- C:\Windows\System\unxWxpr.exe
  C:\Windows\System\unxWxpr.exe
  2⤵
  PID:9608
- C:\Windows\System\XLOSdLa.exe
  C:\Windows\System\XLOSdLa.exe
  2⤵
  PID:10824
- C:\Windows\System\hxLQcmo.exe
  C:\Windows\System\hxLQcmo.exe
  2⤵
  PID:11172
- C:\Windows\System\jFZeUZR.exe
  C:\Windows\System\jFZeUZR.exe
  2⤵
  PID:14948
- C:\Windows\System\zrRqueD.exe
  C:\Windows\System\zrRqueD.exe
  2⤵
  PID:5100
- C:\Windows\System\aArsFJv.exe
  C:\Windows\System\aArsFJv.exe
  2⤵
  PID:15192
- C:\Windows\System\bIzlwHv.exe
  C:\Windows\System\bIzlwHv.exe
  2⤵
  PID:9352
- C:\Windows\System\AMFrJSn.exe
  C:\Windows\System\AMFrJSn.exe
  2⤵
  PID:7712
- C:\Windows\System\QfWDdvP.exe
  C:\Windows\System\QfWDdvP.exe
  2⤵
  PID:11288
- C:\Windows\System\lthOkwj.exe
  C:\Windows\System\lthOkwj.exe
  2⤵
  PID:14740
- C:\Windows\System\ooOxEJo.exe
  C:\Windows\System\ooOxEJo.exe
  2⤵
  PID:10420
- C:\Windows\System\dOfgfTE.exe
  C:\Windows\System\dOfgfTE.exe
  2⤵
  PID:15036
- C:\Windows\System\MacaUMe.exe
  C:\Windows\System\MacaUMe.exe
  2⤵
  PID:10500
- C:\Windows\System\cTSZOkC.exe
  C:\Windows\System\cTSZOkC.exe
  2⤵
  PID:4292
- C:\Windows\System\ZUGSbFg.exe
  C:\Windows\System\ZUGSbFg.exe
  2⤵
  PID:11496
- C:\Windows\System\fDrtoIR.exe
  C:\Windows\System\fDrtoIR.exe
  2⤵
  PID:11544
- C:\Windows\System\OZwkmCq.exe
  C:\Windows\System\OZwkmCq.exe
  2⤵
  PID:11404
- C:\Windows\System\MzgVxsh.exe
  C:\Windows\System\MzgVxsh.exe
  2⤵
  PID:11440
- C:\Windows\System\DIyElrS.exe
  C:\Windows\System\DIyElrS.exe
  2⤵
  PID:10852
- C:\Windows\System\LSgiNFj.exe
  C:\Windows\System\LSgiNFj.exe
  2⤵
  PID:10956
- C:\Windows\System\YFzhNon.exe
  C:\Windows\System\YFzhNon.exe
  2⤵
  PID:2936
- C:\Windows\System\ZZKXHea.exe
  C:\Windows\System\ZZKXHea.exe
  2⤵
  PID:11760
- C:\Windows\System\MaDDkbA.exe
  C:\Windows\System\MaDDkbA.exe
  2⤵
  PID:11508
- C:\Windows\System\XGWmDbS.exe
  C:\Windows\System\XGWmDbS.exe
  2⤵
  PID:11788
- C:\Windows\System\PsiLbsp.exe
  C:\Windows\System\PsiLbsp.exe
  2⤵
  PID:11612
- C:\Windows\System\XGlVMSM.exe
  C:\Windows\System\XGlVMSM.exe
  2⤵
  PID:15388
- C:\Windows\System\GfqkvhT.exe
  C:\Windows\System\GfqkvhT.exe
  2⤵
  PID:15424
- C:\Windows\System\IcxOFVI.exe
  C:\Windows\System\IcxOFVI.exe
  2⤵
  PID:15448
- C:\Windows\System\ilYbxMS.exe
  C:\Windows\System\ilYbxMS.exe
  2⤵
  PID:15476
- C:\Windows\System\ReZFHUX.exe
  C:\Windows\System\ReZFHUX.exe
  2⤵
  PID:15500
- C:\Windows\System\GvSsCjm.exe
  C:\Windows\System\GvSsCjm.exe
  2⤵
  PID:15528
- C:\Windows\System\PgkrSms.exe
  C:\Windows\System\PgkrSms.exe
  2⤵
  PID:15556
- C:\Windows\System\aNHJiOU.exe
  C:\Windows\System\aNHJiOU.exe
  2⤵
  PID:15596
- C:\Windows\System\qESuyje.exe
  C:\Windows\System\qESuyje.exe
  2⤵
  PID:15612
- C:\Windows\System\iXZdjUz.exe
  C:\Windows\System\iXZdjUz.exe
  2⤵
  PID:15640
- C:\Windows\System\mecbMQw.exe
  C:\Windows\System\mecbMQw.exe
  2⤵
  PID:15668
- C:\Windows\System\XiyTiNG.exe
  C:\Windows\System\XiyTiNG.exe
  2⤵
  PID:15696
- C:\Windows\System\AhldtUi.exe
  C:\Windows\System\AhldtUi.exe
  2⤵
  PID:15724
- C:\Windows\System\MoVGMqD.exe
  C:\Windows\System\MoVGMqD.exe
  2⤵
  PID:15752
- C:\Windows\System\dFkmDYo.exe
  C:\Windows\System\dFkmDYo.exe
  2⤵
  PID:15780
- C:\Windows\System\gENhGhh.exe
  C:\Windows\System\gENhGhh.exe
  2⤵
  PID:15808
- C:\Windows\System\iRFpNFn.exe
  C:\Windows\System\iRFpNFn.exe
  2⤵
  PID:15840
- C:\Windows\System\IrkRLaZ.exe
  C:\Windows\System\IrkRLaZ.exe
  2⤵
  PID:15868
- C:\Windows\System\AVNlWMJ.exe
  C:\Windows\System\AVNlWMJ.exe
  2⤵
  PID:15896
- C:\Windows\System\IwWnzDV.exe
  C:\Windows\System\IwWnzDV.exe
  2⤵
  PID:15924
- C:\Windows\System\cJYUEyW.exe
  C:\Windows\System\cJYUEyW.exe
  2⤵
  PID:15952
- C:\Windows\System\tjuCxzn.exe
  C:\Windows\System\tjuCxzn.exe
  2⤵
  PID:15980
- C:\Windows\System\xDBAxqn.exe
  C:\Windows\System\xDBAxqn.exe
  2⤵
  PID:16008
- C:\Windows\System\sXocply.exe
  C:\Windows\System\sXocply.exe
  2⤵
  PID:16036
- C:\Windows\System\jtJFKAN.exe
  C:\Windows\System\jtJFKAN.exe
  2⤵
  PID:16064
- C:\Windows\System\EdmXoId.exe
  C:\Windows\System\EdmXoId.exe
  2⤵
  PID:16092
- C:\Windows\System\VdweEpm.exe
  C:\Windows\System\VdweEpm.exe
  2⤵
  PID:16120
- C:\Windows\System\kUSpmZi.exe
  C:\Windows\System\kUSpmZi.exe
  2⤵
  PID:16148
- C:\Windows\System\LRkEXvA.exe
  C:\Windows\System\LRkEXvA.exe
  2⤵
  PID:16176
- C:\Windows\System\YuQBOOZ.exe
  C:\Windows\System\YuQBOOZ.exe
  2⤵
  PID:16204
- C:\Windows\System\nlcqooy.exe
  C:\Windows\System\nlcqooy.exe
  2⤵
  PID:16256
- C:\Windows\System\mVzhkQa.exe
  C:\Windows\System\mVzhkQa.exe
  2⤵
  PID:16276
- C:\Windows\System\XhQZNUd.exe
  C:\Windows\System\XhQZNUd.exe
  2⤵
  PID:16304
- C:\Windows\System\yJHPbLa.exe
  C:\Windows\System\yJHPbLa.exe
  2⤵
  PID:16332
- C:\Windows\System\LUAfXuB.exe
  C:\Windows\System\LUAfXuB.exe
  2⤵
  PID:16360
- C:\Windows\System\iTCJEKw.exe
  C:\Windows\System\iTCJEKw.exe
  2⤵
  PID:11864
- C:\Windows\System\qllycWU.exe
  C:\Windows\System\qllycWU.exe
  2⤵
  PID:15400
- C:\Windows\System\JYqjfTD.exe
  C:\Windows\System\JYqjfTD.exe
  2⤵
  PID:15440
- C:\Windows\System\nXPpKjU.exe
  C:\Windows\System\nXPpKjU.exe
  2⤵
  PID:15484
- C:\Windows\System\plhVwdK.exe
  C:\Windows\System\plhVwdK.exe
  2⤵
  PID:12032
- C:\Windows\System\hBhzFOH.exe
  C:\Windows\System\hBhzFOH.exe
  2⤵
  PID:15552
- C:\Windows\System\XNIkXrQ.exe
  C:\Windows\System\XNIkXrQ.exe
  2⤵
  PID:12116
- C:\Windows\System\dwPJMAH.exe
  C:\Windows\System\dwPJMAH.exe
  2⤵
  PID:12172
- C:\Windows\System\RZndUzc.exe
  C:\Windows\System\RZndUzc.exe
  2⤵
  PID:12204
- C:\Windows\System\xZsOIav.exe
  C:\Windows\System\xZsOIav.exe
  2⤵
  PID:15692
- C:\Windows\System\mKGJpdY.exe
  C:\Windows\System\mKGJpdY.exe
  2⤵
  PID:10748
- C:\Windows\System\izBUBaR.exe
  C:\Windows\System\izBUBaR.exe
  2⤵
  PID:15772
- C:\Windows\System\hXVbUGz.exe
  C:\Windows\System\hXVbUGz.exe
  2⤵
  PID:15820
- C:\Windows\System\MPheWxG.exe
  C:\Windows\System\MPheWxG.exe
  2⤵
  PID:11564
- C:\Windows\System\LKHxCqM.exe
  C:\Windows\System\LKHxCqM.exe
  2⤵
  PID:15892
- C:\Windows\System\necbkfZ.exe
  C:\Windows\System\necbkfZ.exe
  2⤵
  PID:15944
- C:\Windows\System\knJzgTM.exe
  C:\Windows\System\knJzgTM.exe
  2⤵
  PID:15992
- C:\Windows\System\jsAQSqH.exe
  C:\Windows\System\jsAQSqH.exe
  2⤵
  PID:16076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AawoDMa.exe

Filesize
6.0MB

MD5
ef59f2bafbccd8eb4837a4e5bbcd7227

SHA1
48b6bc1adeadad21e3718cdbe670c0580e9257e5

SHA256
02b8fb97098ce1e37f301994c270e78c0088ab6cbd0ef82fc3a82722ff187a9c

SHA512
a60f7e0402ac619968e90c61bc440881997a771219da205b9de6ad683fc5dd2fc2b44007db2246ae33616f12a72292aa4d998a4d060cbdb0e75c4f3e3c317f3d

Download Submit
C:\Windows\System\BNXCThy.exe

Filesize
6.0MB

MD5
f34ef7d892f7ca6a3627ba71fe4a9d26

SHA1
59bbbc68893c18d5a8254a721700b6a6771cd0f5

SHA256
d986ee9373871609288d857daa7125562a07b54128a5d2288e0b069d2e481544

SHA512
91798c932bd451cc252cc7e2991b12ce098eec5abbe08a0bb72b948868a68f08da7a2c050b699cf90d1d9efbc36253c7b007fb95e6fd5d19aeac18effefdcb30

Download Submit
C:\Windows\System\BkfHJOa.exe

Filesize
6.0MB

MD5
7150e6dc1616b0e1d2a2adfc89ffde07

SHA1
d69da533deacb84a7776a9dc3d9e7425935efdc4

SHA256
40ce6edaa9e184cebd30cd9cf826822bdc70fe49ad6d3dbcaea99f6a3226cf7a

SHA512
8cc47ebebc27bd892512cad3fc96f11cdc22d9e352b3760fb35a867814f46957979979b47a7a180291919854be8cbda8b93e7f07b6edad56c0e9938b569aed15

Download Submit
C:\Windows\System\IDpuSLP.exe

Filesize
6.0MB

MD5
6b596856d0ffe34b56f3612ae1e40a48

SHA1
00f4b2f37582d47cc77efc2fff881862e0492140

SHA256
977cfedc163ebb8645f837659a5dbbc91b5ec9d486fe459027496f0c2401293f

SHA512
997f6ae254aae4b13b5a57d2dab03f407c6ed6d60c44eaccf24e09831a0ffe3baa8cdbd6af76e689e16de945718a8026a8e93e7167ff35a16010e53d33ba0469

Download Submit
C:\Windows\System\IxMyUrD.exe

Filesize
6.0MB

MD5
62e542e56b3106d71f23bdbfb62ef08c

SHA1
d51532d15de6c305bb0c9b8513b7e3757069984b

SHA256
5a162ced716391293aee6bf6219c2b48e2addb2600d79bf8829686d1c63f5aee

SHA512
606f8f72a4f4eb66ed0150530a99703d1bdb559b1f0d09b831ea5af735bd1e07dc2fd5538681b542c095b0ccb60071e790eb0a1c066046e058069c50e7f90d8e

Download Submit
C:\Windows\System\KUzmnie.exe

Filesize
6.0MB

MD5
16ddf1168ca52f85e59b1da3f255ad23

SHA1
49eba2cc5ad4615ae4147896d838554680716d26

SHA256
9ba1562fc107757143f1578d560ba095b34dc9710ecb1196d5e73ccda5116ec6

SHA512
155b1b4a149b7040e1b7a377bb123c3ca9c6b72685612b58186d3b7290d59010b47cfa430e7f2def19ed907bafb7b802169e3ebd6cc886e911611e84480a284e

Download Submit
C:\Windows\System\LCOxyHn.exe

Filesize
6.0MB

MD5
c730163b9439c7e92961782f3b9217a5

SHA1
b2ce426caa84a7254ec5f8b0070849e18f6aaf4e

SHA256
115b56984f5d7038d43279fdd00d0e8fc1aa80da9a74b2cde91774bbb2039407

SHA512
7eb0ad50216d65468368c3f24f1cec0cc32af49c2dc07c37b3f0b947022adffd4009ea3fb6734d878f46704f213559ef02e822e4fc12b1c23b8bdbb6a0d07dac

Download Submit
C:\Windows\System\NRCRbqf.exe

Filesize
6.0MB

MD5
f8c3dffad8161d23c119a4e1468749d8

SHA1
f0e508105ae662096f7a0f0cc8f443ae76236838

SHA256
4947a69314ef86ad2592acc3b9380e88c1a7aa0b918e36e686e23c2710c17310

SHA512
d0741eb171d0763576c1e2a204df5514984c37158ba65d8ef587c91483885b38fecac37a4fd65c8e5356be379beb00d56ae4b26692db1c587219b3bf67a157f2

Download Submit
C:\Windows\System\NlNVSlj.exe

Filesize
6.0MB

MD5
fd79565069bfb8f134e6f86397136de2

SHA1
dc5fead0d3dec086ae1dc8f9a5d9d82979c9f7cf

SHA256
40738cfeb2d7aec802bb678e0729c83b8e88b5f29cd8681306192c7aa273d573

SHA512
0860a3483dd15aa24f33c3ad0ccfee02f1f83dbf8b54ebe68dd71ff669d286bda97e7f59301d1f020bfab0663f1509dd0ff1778e70e469e271301fbc247b5bf0

Download Submit
C:\Windows\System\SjizpFO.exe

Filesize
6.0MB

MD5
5479ccca3c4af387a2cec6231e27504f

SHA1
f612fa591bb804dd588d5b07fb570131c54bcedc

SHA256
f751d6c6f6448ba920036a4df232a3b3c614d695ad2cd9af29ebc937288c99c5

SHA512
5d9440433ee53f33faba8fcdcfa4d1a3e55604151dde0419290e3dfddb8d2c219fcc7ab93cbc6a57f57aee6ddf9497566b2cba3b55aac1ba58b52ad33c3d642e

Download Submit
C:\Windows\System\SkFMWyu.exe

Filesize
6.0MB

MD5
f15f1a52b7ab8fd9f501cecac6c64ae2

SHA1
a38144ece3edbc63255a032c7df828b383e5b826

SHA256
51d5f11b88d3bd55159298a320c7ac48e2aa4af5b325b9ce25f75a026d2dca92

SHA512
afa21a5158a0133af675b0cf1866d80c6ff499a65fb3663d8f18b363db7ecf64d20eb5c05fafa3b1fad95793233452ff527c9eec746371a6cbdb663d58521eb8

Download Submit
C:\Windows\System\SqPPsFZ.exe

Filesize
6.0MB

MD5
0fbdb6130224deabb787ebbd114f4e72

SHA1
213ce4f4345d0470cb1794d6743808c79eb4f5f4

SHA256
e2abf06f333996782f7ad18035cf0e7ba891c47c270728503dd9bdbca6af4806

SHA512
362ec962e45744d28ee7a9f038cb456160e704feeff00c4ccc1b11afb3c397332379a38ecbbc16ec8198087380c552673ae3804da8e5fa9ec5115d05227bb908

Download Submit
C:\Windows\System\TArIGyK.exe

Filesize
6.0MB

MD5
678729e40a36a5334cf0e2d77294c277

SHA1
ad1b12ae592705f6eb4eb7111cb83c9f05122ba8

SHA256
c37b7cd8d245fb2313535951c079fcfaf444d7af521d012704cba0636fc820dc

SHA512
5234c4346f7a5e0f632eac801b0e197bf2e25edfee479d5c2e874bcf59a6d5eedf7587ffb5534175eb926941ff329994a10d811fa5d0ac500bea94f4d8c4fea7

Download Submit
C:\Windows\System\TqKTIMj.exe

Filesize
6.0MB

MD5
d0668899c0b6ee337eea8437621765fb

SHA1
599604c80ae825139b44873345958bf8a1243cb4

SHA256
42aed817a70499a2dda5e9691a91bab1ee15fad5188c24ca4681b2c6a5991eb8

SHA512
50dcbf58ee055975c2f98e0a1a10d692e29058ce4e422e0b3068427abe096ceb80377bb6ec8c2f47d9614df297737f350470c7fcfc68d15abaac6b3e20b1e851

Download Submit
C:\Windows\System\TqiUnie.exe

Filesize
6.0MB

MD5
e6f8a4e2f7b834c303e24ecf680d1cbd

SHA1
9ab33016c8f06eedff6f265b4e9a9290f3bff1d0

SHA256
391e429af587065fb9c5731c9b092fecf0bf24d3ab6e50f88460df323d636888

SHA512
78827986e874d6decf7411693619b78f54cd6ca09d2df89bb3fbfab956271ad9b215faf22ef672a09d1ff05be98a35ece8aadaa2753614fd885199695acba645

Download Submit
C:\Windows\System\WJYnOBi.exe

Filesize
6.0MB

MD5
1d194dd04ad26dab240b12aa54e9475c

SHA1
564d8b988f4192cab1fccf9e641f423c2e53b5ef

SHA256
bace266baf05824b16fc43331210d249a1ae9d56eb9b839e76a7faeec5c01f52

SHA512
df5e996d1ca34abbedce7600a635accc52fb77476b9d948e7785e158d0beffb358b9ce729df9712373b0936fdc240647efb82b9c61ecc46ec988eb4d03777167

Download Submit
C:\Windows\System\YFtwEmV.exe

Filesize
6.0MB

MD5
e564b724c36e372775e97824763177f6

SHA1
63ef707b0b646888e00a5116b1bb9cff08259f8f

SHA256
47a95a8d82f0d81c5fa6e0b8a86ef57fbc134e264ada1265e838173a37094e72

SHA512
c37aa68cebd6a9bc105b21f58d9a84148e5924c306bb7ff588d783c119a2257e20bb679261204de9ac66eb30c0e050a0e846c97854fb8676a7b5e3eab603e071

Download Submit
C:\Windows\System\aCAMnKT.exe

Filesize
6.0MB

MD5
9b0b023bffa859751b913bce96c11a09

SHA1
2c5cb06544aecd80a6f5330df7c0bb07141c0164

SHA256
7b0968cfde8f4d611a9a5b38cfbb90027706221ccde335e580a0168bf6a282f7

SHA512
9e179bf92f48da9776b7023347ab0889c72663b54d71b6dcd67d57ca0842f852cd78541c6cd2acc02843551b209ce29aaa309014e1fb5af55cdc2228d13605c8

Download Submit
C:\Windows\System\cyxTjNE.exe

Filesize
6.0MB

MD5
bb1b6cc42ca8100fa060b4157e533f31

SHA1
b9ed54a6d633b1da85d511a1a1061f74359ddd50

SHA256
b01b76fd05719b97e4f0f1aefc8af466f269bb299a9581dfa60464a503548168

SHA512
9f0cc88600b5f69dc1d4487e535be8b5ca7ffde3580cdab557ec06ac399a817a0ab776dbb0971d1d6406d95d423d2d76c5a4faff09c5bdb04e3572a7f99ba01a

Download Submit
C:\Windows\System\gGRgRop.exe

Filesize
6.0MB

MD5
3607764e6ecbdf70fc0c77deeb5a0b13

SHA1
4ef8b9ef60b638013724e429430f624bfa402d14

SHA256
5236b4b6ea0fd5ffc8db2b74146b794b88766aa6ebb2fec3e9b8c6c12e2a87fc

SHA512
57a7ae6666be1b5fee8b55d2184c738d140d69fa135430f82f25f09aead32b3e50081abcc5304dda1d99e97a55e4d8794a0016dcd98d88869e5ad25f83a1d58f

Download Submit
C:\Windows\System\gdHxWcB.exe

Filesize
6.0MB

MD5
8314deb796bb42650910c9f2eb4e4eea

SHA1
c1dcda6b0c41d4fd30ca848d570d6d031d045f68

SHA256
46416a9ff00b535d2072a1dfa09f99e86ea4eb3b2bac04217fcec7691f0c6359

SHA512
95676534528aa8b3a3308cf9836d1e268cb667520bcb834b7b444d05ee4ed03905f44ecb0ac5ffbc3039562dcf5cdebd8dc04ab3b517d5e80e1008016ecbafcb

Download Submit
C:\Windows\System\gwtCsYG.exe

Filesize
6.0MB

MD5
d04e89a5b5c61a7ae9bd7288b0645417

SHA1
77984f1090e9ccc9de55b5f96f9d9a5504e38c24

SHA256
8a25a3b1a9b347af17b7e2f48df8f8a62d315e3c524ec8a7dcbd693e2d9e2438

SHA512
95e25f2d10344a6043bccb272bfabfca0269d84a60d24210244cf2d917439c6a20132d4d38c9ad81929068c13ce38654f1f983005a3d625b0913d4cc596d8d42

Download Submit
C:\Windows\System\iADjwga.exe

Filesize
6.0MB

MD5
63894e570dfa7db865982b51d1661eda

SHA1
c45f7bd6bde91fa230aa778edce4e03ada949376

SHA256
ea7803b8969df3043d4bf0c66ee74b40238005c921979996924aed964f8d7718

SHA512
b4475207b682fdbfd4fa0fbef69d97629852c106ecc415d58521cc41ae289969e3d33fcfc67e2c20c68ca02c41d0eceea494524b21d1d1424844284beb543cba

Download Submit
C:\Windows\System\jZeRhjk.exe

Filesize
6.0MB

MD5
6f4ee229d64d1bcddb8c7b6259632aa0

SHA1
a8c3d8f80459c05135304eec4eb492ca54bfc30a

SHA256
6a45687c7153ded0fe4401f622c345dafdd5b185d305c28e0345067249a6e717

SHA512
da4cb2f877497108caa7e4f4b816a64ed5dd654a092873c482ea019d1428cf49fcbbb5b2e3b42d3f33ed7d5be871f4c1f6a9d76bf0b78edb18748751f4f6e248

Download Submit
C:\Windows\System\mElVpKS.exe

Filesize
6.0MB

MD5
712c04f4cfbaa17b2834ee67a9187a5b

SHA1
3f3f709b68860e5392181ef5119623f5ed5a15bd

SHA256
ba61c4f2fdcef3b046dd1ff9df8ee643943124a7b62ff52aa372d53f7aa77274

SHA512
fed3dd86815afebff9888cdebb8b9c8b348ec262886812c873a661c4aa2c8129ec16ec8dfb9b8f7b08866f7ec9a128511a70f962dfdb1028ef5752f8a17be235

Download Submit
C:\Windows\System\qMzhAcd.exe

Filesize
6.0MB

MD5
7848c405e82e28573cf502d8a707a938

SHA1
552365616268269b7beb13818966972596b029a0

SHA256
17e8db5e6544aa3cb3d2f0940520388f352a769ff49f1cb07290c9934de6b7e1

SHA512
0f422a25cb2cd32a8638059392e0d01a1a7cb4dc329076787255f1dc474ba620a7ef7b35e3c5be21ebd028003a0c6cdbe465498b123e0aedf3345256ea6ca737

Download Submit
C:\Windows\System\tCNShoo.exe

Filesize
6.0MB

MD5
f763b35ef89848f3f7c2441474b9aa3e

SHA1
bcd2a1084aeede2dbf8cc8767a9fa4051ae9a5ce

SHA256
ecadb5c5197d832a4c16a9fdbe09c644885b213642aa1c40156e6e4d78e58fa5

SHA512
a13315e931e143a945760edf9d9282691a66316867a5f8cf185376267baab52aaf197a3d2f1e4b20136b9908ae53d25ed5571770f829c0811dae53bcec4b8555

Download Submit
C:\Windows\System\tfuwQqk.exe

Filesize
6.0MB

MD5
03f813d197cd5f79939f0d527916df52

SHA1
6e8ef98e8921ddebfd27c2be41f7c3ef2639a605

SHA256
88849d3c51d243278908793f7a95ee0c58edd3408440b8c40232a7fe051da1bb

SHA512
20854a98e553bf5da9f3c2df97c9f03951a8ba417cad72c410b5d98772bb2ab9b40f2dabe1a3a93e33ea3bc2b21eb269204e2bd6bbf4561a765859eebdd82d94

Download Submit
C:\Windows\System\ujKVHOP.exe

Filesize
6.0MB

MD5
d5c1d4456305a10021d1bb808650889b

SHA1
f3b89d804b2fa9d6ad459903f42e362e6df3428b

SHA256
b1e005b2fbd86d6ddefa409d028ca97c12db8d25cddb538eb6f4eaea67bbe050

SHA512
8b49b6c6f246432c8ce17d5b766ed2438851483608f2994d3dadc761433d3852ceea9434244db241452b047d6374586bb11691eddaf0bd6d28d249eb02a2bd25

Download Submit
C:\Windows\System\xzgOEKe.exe

Filesize
6.0MB

MD5
65cce5b699b6b72cd48498078daa9b3a

SHA1
706802ce354afc510e4c04c4a55e248772a4b0c8

SHA256
e86d0fb7d6307bb4a6428c161c789477325ff9397852d2d25e9693d20f36c689

SHA512
dd4108d2a385b787cc9c4d40f76414fdc4d359c917dd03e0bf79b4d9538f6f22a883077ef513b34298d3fe143de7db3893424ca4b4d78d0c43fd3d9dd0733c39

Download Submit
C:\Windows\System\yEVFBje.exe

Filesize
6.0MB

MD5
772494aa66eae6d4ac1f80cdcf26fc69

SHA1
6610ffe984cf2ad080f9c1803f723f15e744faeb

SHA256
a09162bd4732539c66593c54dcb5f985db046233def498694cf2a6bab0fd0a77

SHA512
19fed1184243fbc5062cea818a11723eb8e858f38ab2764894a7bf483383172880ce496ec1734a1d54c92c2deccb4dbcab157d6f0edf270315cc8552c792d425

Download Submit
C:\Windows\System\yrPavZT.exe

Filesize
6.0MB

MD5
c2d7e4b895abb7966a42fc8dd7eb3a9e

SHA1
e8120e653343a807ea3b54ffa15490df78ec8283

SHA256
ee56197aa21e9a9aa769e70a2cfa917ed5c3bdbc2d4886d5383de81edc00a662

SHA512
0a926b77d1592ffb91426b17c53d5fe90d84efbe992647c20fdf4feddfc1cfedba4722e350cf61edec8c843f09c3c1c7999687c4e70f756adaa4da7b39d06607

Download Submit
memory/32-1940-0x00007FF78AE80000-0x00007FF78B1D4000-memory.dmp

Filesize
3.3MB

Download
memory/32-92-0x00007FF78AE80000-0x00007FF78B1D4000-memory.dmp

Filesize
3.3MB

Download
memory/32-731-0x00007FF78AE80000-0x00007FF78B1D4000-memory.dmp

Filesize
3.3MB

Download
memory/844-37-0x00007FF77BDB0000-0x00007FF77C104000-memory.dmp

Filesize
3.3MB

Download
memory/844-1657-0x00007FF77BDB0000-0x00007FF77C104000-memory.dmp

Filesize
3.3MB

Download
memory/844-91-0x00007FF77BDB0000-0x00007FF77C104000-memory.dmp

Filesize
3.3MB

Download
memory/860-2006-0x00007FF7D47D0000-0x00007FF7D4B24000-memory.dmp

Filesize
3.3MB

Download
memory/860-436-0x00007FF7D47D0000-0x00007FF7D4B24000-memory.dmp

Filesize
3.3MB

Download
memory/1020-1957-0x00007FF6A9860000-0x00007FF6A9BB4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-419-0x00007FF6A9860000-0x00007FF6A9BB4000-memory.dmp

Filesize
3.3MB

Download
memory/1328-1931-0x00007FF793F00000-0x00007FF794254000-memory.dmp

Filesize
3.3MB

Download
memory/1328-85-0x00007FF793F00000-0x00007FF794254000-memory.dmp

Filesize
3.3MB

Download
memory/2112-34-0x00007FF687330000-0x00007FF687684000-memory.dmp

Filesize
3.3MB

Download
memory/2112-1649-0x00007FF687330000-0x00007FF687684000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1645-0x00007FF702B70000-0x00007FF702EC4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-40-0x00007FF702B70000-0x00007FF702EC4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-41-0x00007FF7C28A0000-0x00007FF7C2BF4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-1656-0x00007FF7C28A0000-0x00007FF7C2BF4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-417-0x00007FF7C28A0000-0x00007FF7C2BF4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-431-0x00007FF7A9630000-0x00007FF7A9984000-memory.dmp

Filesize
3.3MB

Download
memory/2256-1992-0x00007FF7A9630000-0x00007FF7A9984000-memory.dmp

Filesize
3.3MB

Download
memory/2376-440-0x00007FF7F23A0000-0x00007FF7F26F4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-54-0x00007FF7F23A0000-0x00007FF7F26F4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-1710-0x00007FF7F23A0000-0x00007FF7F26F4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1973-0x00007FF728250000-0x00007FF7285A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-424-0x00007FF728250000-0x00007FF7285A4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1946-0x00007FF60A560000-0x00007FF60A8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-437-0x00007FF60A560000-0x00007FF60A8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-434-0x00007FF6CB3E0000-0x00007FF6CB734000-memory.dmp

Filesize
3.3MB

Download
memory/2928-1998-0x00007FF6CB3E0000-0x00007FF6CB734000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1697-0x00007FF7453E0000-0x00007FF745734000-memory.dmp

Filesize
3.3MB

Download
memory/2980-50-0x00007FF7453E0000-0x00007FF745734000-memory.dmp

Filesize
3.3MB

Download
memory/3104-68-0x00007FF6755E0000-0x00007FF675934000-memory.dmp

Filesize
3.3MB

Download
memory/3104-584-0x00007FF6755E0000-0x00007FF675934000-memory.dmp

Filesize
3.3MB

Download
memory/3104-1919-0x00007FF6755E0000-0x00007FF675934000-memory.dmp

Filesize
3.3MB

Download
memory/3108-1995-0x00007FF62C290000-0x00007FF62C5E4000-memory.dmp

Filesize
3.3MB

Download
memory/3108-432-0x00007FF62C290000-0x00007FF62C5E4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-423-0x00007FF7C4280000-0x00007FF7C45D4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-1971-0x00007FF7C4280000-0x00007FF7C45D4000-memory.dmp

Filesize
3.3MB

Download
memory/3400-430-0x00007FF625310000-0x00007FF625664000-memory.dmp

Filesize
3.3MB

Download
memory/3400-1994-0x00007FF625310000-0x00007FF625664000-memory.dmp

Filesize
3.3MB

Download
memory/3428-585-0x00007FF6A7220000-0x00007FF6A7574000-memory.dmp

Filesize
3.3MB

Download
memory/3428-73-0x00007FF6A7220000-0x00007FF6A7574000-memory.dmp

Filesize
3.3MB

Download
memory/3428-1929-0x00007FF6A7220000-0x00007FF6A7574000-memory.dmp

Filesize
3.3MB

Download
memory/3468-1969-0x00007FF76A9E0000-0x00007FF76AD34000-memory.dmp

Filesize
3.3MB

Download
memory/3468-421-0x00007FF76A9E0000-0x00007FF76AD34000-memory.dmp

Filesize
3.3MB

Download
memory/3636-1633-0x00007FF78F280000-0x00007FF78F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3636-82-0x00007FF78F280000-0x00007FF78F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3636-8-0x00007FF78F280000-0x00007FF78F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/4160-0-0x00007FF654930000-0x00007FF654C84000-memory.dmp

Filesize
3.3MB

Download
memory/4160-1-0x000001C22B2F0000-0x000001C22B300000-memory.dmp

Filesize
64KB

Download
memory/4160-72-0x00007FF654930000-0x00007FF654C84000-memory.dmp

Filesize
3.3MB

Download
memory/4192-59-0x00007FF7F3F10000-0x00007FF7F4264000-memory.dmp

Filesize
3.3MB

Download
memory/4192-1711-0x00007FF7F3F10000-0x00007FF7F4264000-memory.dmp

Filesize
3.3MB

Download
memory/4192-495-0x00007FF7F3F10000-0x00007FF7F4264000-memory.dmp

Filesize
3.3MB

Download
memory/4324-1937-0x00007FF797CE0000-0x00007FF798034000-memory.dmp

Filesize
3.3MB

Download
memory/4324-96-0x00007FF797CE0000-0x00007FF798034000-memory.dmp

Filesize
3.3MB

Download
memory/4324-734-0x00007FF797CE0000-0x00007FF798034000-memory.dmp

Filesize
3.3MB

Download
memory/4480-1635-0x00007FF7C6FD0000-0x00007FF7C7324000-memory.dmp

Filesize
3.3MB

Download
memory/4480-84-0x00007FF7C6FD0000-0x00007FF7C7324000-memory.dmp

Filesize
3.3MB

Download
memory/4480-15-0x00007FF7C6FD0000-0x00007FF7C7324000-memory.dmp

Filesize
3.3MB

Download
memory/4864-1944-0x00007FF78BF10000-0x00007FF78C264000-memory.dmp

Filesize
3.3MB

Download
memory/4864-418-0x00007FF78BF10000-0x00007FF78C264000-memory.dmp

Filesize
3.3MB

Download
memory/4964-1983-0x00007FF7ECCF0000-0x00007FF7ED044000-memory.dmp

Filesize
3.3MB

Download
memory/4964-428-0x00007FF7ECCF0000-0x00007FF7ED044000-memory.dmp

Filesize
3.3MB

Download
memory/4972-1977-0x00007FF723690000-0x00007FF7239E4000-memory.dmp

Filesize
3.3MB

Download
memory/4972-426-0x00007FF723690000-0x00007FF7239E4000-memory.dmp

Filesize
3.3MB

Download
memory/5044-1638-0x00007FF756540000-0x00007FF756894000-memory.dmp

Filesize
3.3MB

Download
memory/5044-88-0x00007FF756540000-0x00007FF756894000-memory.dmp

Filesize
3.3MB

Download
memory/5044-31-0x00007FF756540000-0x00007FF756894000-memory.dmp

Filesize
3.3MB

Download
memory/5056-2002-0x00007FF7AF730000-0x00007FF7AFA84000-memory.dmp

Filesize
3.3MB

Download
memory/5056-435-0x00007FF7AF730000-0x00007FF7AFA84000-memory.dmp

Filesize
3.3MB

Download