cobaltstrike | 44b778b57f32c15fbf28919211e4f876c9b490392b39a7764f6e571a4f2a2131

Analysis

max time kernel
149s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ecf588f0ebabd33730be9df896ef2c17
SHA1

05a81f685e53418915c03b1e2d1384a6f4caf363
SHA256

44b778b57f32c15fbf28919211e4f876c9b490392b39a7764f6e571a4f2a2131
SHA512

9cb906fd1fed30a0f2e3955f80fb9c1b58cc9ca4203262eb364a01b0709c0f033026e9215cf2f90f5bfe1f8e0c859afbef883e90a6e07ae7226efe2920db4981
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0009000000023c59-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c65-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c66-15.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c67-22.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c68-29.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c69-35.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023c5a-42.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6a-48.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6b-55.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6c-60.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6e-66.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6f-72.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c70-80.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000023b1c-87.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000023b24-94.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023b28-100.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c71-114.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c73-127.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c76-150.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c79-168.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7f-206.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c80-209.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7e-204.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7d-199.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7c-194.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7b-186.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7a-181.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c78-164.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c77-161.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c75-144.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c74-137.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c72-123.dat	cobalt_reflective_dll
behavioral2/files/0x000f000000023b2a-110.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4160-0-0x00007FF74B0D0000-0x00007FF74B424000-memory.dmp	xmrig
behavioral2/files/0x0009000000023c59-5.dat	xmrig
behavioral2/files/0x0007000000023c65-11.dat	xmrig
behavioral2/files/0x0007000000023c66-15.dat	xmrig
behavioral2/memory/3184-19-0x00007FF7367B0000-0x00007FF736B04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c67-22.dat	xmrig
behavioral2/files/0x0007000000023c68-29.dat	xmrig
behavioral2/files/0x0007000000023c69-35.dat	xmrig
behavioral2/memory/4648-36-0x00007FF70DC20000-0x00007FF70DF74000-memory.dmp	xmrig
behavioral2/memory/1048-30-0x00007FF72E460000-0x00007FF72E7B4000-memory.dmp	xmrig
behavioral2/memory/3012-26-0x00007FF7D36C0000-0x00007FF7D3A14000-memory.dmp	xmrig
behavioral2/memory/1708-23-0x00007FF7F38D0000-0x00007FF7F3C24000-memory.dmp	xmrig
behavioral2/memory/3632-8-0x00007FF7B0F80000-0x00007FF7B12D4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023c5a-42.dat	xmrig
behavioral2/memory/4700-44-0x00007FF7C5BA0000-0x00007FF7C5EF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c6a-48.dat	xmrig
behavioral2/memory/3104-50-0x00007FF7E3DF0000-0x00007FF7E4144000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c6b-55.dat	xmrig
behavioral2/memory/796-57-0x00007FF738730000-0x00007FF738A84000-memory.dmp	xmrig
behavioral2/memory/4160-54-0x00007FF74B0D0000-0x00007FF74B424000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c6c-60.dat	xmrig
behavioral2/memory/3184-61-0x00007FF7367B0000-0x00007FF736B04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c6e-66.dat	xmrig
behavioral2/files/0x0007000000023c6f-72.dat	xmrig
behavioral2/memory/4572-74-0x00007FF635DE0000-0x00007FF636134000-memory.dmp	xmrig
behavioral2/memory/4660-67-0x00007FF739B70000-0x00007FF739EC4000-memory.dmp	xmrig
behavioral2/memory/2932-62-0x00007FF7FAA60000-0x00007FF7FADB4000-memory.dmp	xmrig
behavioral2/memory/3012-77-0x00007FF7D36C0000-0x00007FF7D3A14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c70-80.dat	xmrig
behavioral2/memory/1048-81-0x00007FF72E460000-0x00007FF72E7B4000-memory.dmp	xmrig
behavioral2/files/0x000d000000023b1c-87.dat	xmrig
behavioral2/memory/4648-88-0x00007FF70DC20000-0x00007FF70DF74000-memory.dmp	xmrig
behavioral2/memory/2264-89-0x00007FF6070A0000-0x00007FF6073F4000-memory.dmp	xmrig
behavioral2/files/0x000d000000023b24-94.dat	xmrig
behavioral2/files/0x000e000000023b28-100.dat	xmrig
behavioral2/files/0x0007000000023c71-114.dat	xmrig
behavioral2/files/0x0007000000023c73-127.dat	xmrig
behavioral2/memory/4572-135-0x00007FF635DE0000-0x00007FF636134000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c76-150.dat	xmrig
behavioral2/memory/4772-159-0x00007FF715B10000-0x00007FF715E64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c79-168.dat	xmrig
behavioral2/memory/2692-189-0x00007FF6549A0000-0x00007FF654CF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c7f-206.dat	xmrig
behavioral2/memory/4576-1007-0x00007FF719E70000-0x00007FF71A1C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c80-209.dat	xmrig
behavioral2/files/0x0007000000023c7e-204.dat	xmrig
behavioral2/files/0x0007000000023c7d-199.dat	xmrig
behavioral2/files/0x0007000000023c7c-194.dat	xmrig
behavioral2/memory/1500-193-0x00007FF6282B0000-0x00007FF628604000-memory.dmp	xmrig
behavioral2/memory/2696-190-0x00007FF7C4DF0000-0x00007FF7C5144000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c7b-186.dat	xmrig
behavioral2/memory/2884-185-0x00007FF69B270000-0x00007FF69B5C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c7a-181.dat	xmrig
behavioral2/memory/3008-180-0x00007FF607F70000-0x00007FF6082C4000-memory.dmp	xmrig
behavioral2/memory/956-178-0x00007FF74B650000-0x00007FF74B9A4000-memory.dmp	xmrig
behavioral2/memory/2268-172-0x00007FF6058F0000-0x00007FF605C44000-memory.dmp	xmrig
behavioral2/memory/4092-169-0x00007FF7EC8A0000-0x00007FF7ECBF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c78-164.dat	xmrig
behavioral2/memory/1436-163-0x00007FF6E44C0000-0x00007FF6E4814000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c77-161.dat	xmrig
behavioral2/memory/2096-160-0x00007FF712000000-0x00007FF712354000-memory.dmp	xmrig
behavioral2/memory/2264-156-0x00007FF6070A0000-0x00007FF6073F4000-memory.dmp	xmrig
behavioral2/memory/648-149-0x00007FF768010000-0x00007FF768364000-memory.dmp	xmrig
behavioral2/memory/3740-148-0x00007FF7C5500000-0x00007FF7C5854000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3632	fIXtwMt.exe
3184	tjUEbxQ.exe
1708	zURtTNj.exe
3012	XNxQciR.exe
1048	japYqwO.exe
4648	FkZnAQE.exe
4700	oUOhcaS.exe
3104	bEYoCkv.exe
796	qWqaLeL.exe
2932	CnNrlSy.exe
4660	lzkycLD.exe
4572	sDfKNxn.exe
3740	ssqJFvO.exe
2264	WGxZquo.exe
2096	PmAzaiz.exe
4092	xMDwIXc.exe
956	kzxMWaq.exe
2884	kyDpoSc.exe
2696	rJOmOCf.exe
4576	sqQACMA.exe
4952	Xrhbqua.exe
3916	GUpxHOb.exe
648	MnpYKCO.exe
4772	sakXiAT.exe
1436	bqMbonP.exe
2268	pAeYmSc.exe
3008	uAFtZDN.exe
2692	IOzBzyl.exe
1500	lzmCJOk.exe
3444	UYJUlFR.exe
4268	IsDVkpE.exe
2632	SyDKErJ.exe
848	VlNdKXt.exe
1260	VTPVjRO.exe
1324	JfHtZlM.exe
4228	hOOZhCD.exe
4356	lLoWAUf.exe
4424	GHbNygy.exe
780	NCZKqKg.exe
2880	wyzlKUO.exe
2296	jgecukZ.exe
5036	JFOoUPN.exe
1264	WyQKeKQ.exe
3200	ZDBsdMF.exe
3424	AVFXbht.exe
2024	dXhzOFB.exe
3520	wosPUVS.exe
2208	KbgOWWU.exe
3588	XtZoUte.exe
1328	BFBHXTn.exe
3260	rEBNcMy.exe
4880	FaoLpYJ.exe
912	xMOsIwe.exe
852	Aomohlp.exe
2256	jxkYpXg.exe
5076	ZLPiuJW.exe
3884	Xplvevj.exe
3264	OFdTEBn.exe
2316	pXTjqHB.exe
3888	RDdlqli.exe
4112	wPwdCBk.exe
5044	UEfiSqG.exe
672	CTReeXa.exe
5052	ThobRBt.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4160-0-0x00007FF74B0D0000-0x00007FF74B424000-memory.dmp	upx
behavioral2/files/0x0009000000023c59-5.dat	upx
behavioral2/files/0x0007000000023c65-11.dat	upx
behavioral2/files/0x0007000000023c66-15.dat	upx
behavioral2/memory/3184-19-0x00007FF7367B0000-0x00007FF736B04000-memory.dmp	upx
behavioral2/files/0x0007000000023c67-22.dat	upx
behavioral2/files/0x0007000000023c68-29.dat	upx
behavioral2/files/0x0007000000023c69-35.dat	upx
behavioral2/memory/4648-36-0x00007FF70DC20000-0x00007FF70DF74000-memory.dmp	upx
behavioral2/memory/1048-30-0x00007FF72E460000-0x00007FF72E7B4000-memory.dmp	upx
behavioral2/memory/3012-26-0x00007FF7D36C0000-0x00007FF7D3A14000-memory.dmp	upx
behavioral2/memory/1708-23-0x00007FF7F38D0000-0x00007FF7F3C24000-memory.dmp	upx
behavioral2/memory/3632-8-0x00007FF7B0F80000-0x00007FF7B12D4000-memory.dmp	upx
behavioral2/files/0x0009000000023c5a-42.dat	upx
behavioral2/memory/4700-44-0x00007FF7C5BA0000-0x00007FF7C5EF4000-memory.dmp	upx
behavioral2/files/0x0007000000023c6a-48.dat	upx
behavioral2/memory/3104-50-0x00007FF7E3DF0000-0x00007FF7E4144000-memory.dmp	upx
behavioral2/files/0x0007000000023c6b-55.dat	upx
behavioral2/memory/796-57-0x00007FF738730000-0x00007FF738A84000-memory.dmp	upx
behavioral2/memory/4160-54-0x00007FF74B0D0000-0x00007FF74B424000-memory.dmp	upx
behavioral2/files/0x0007000000023c6c-60.dat	upx
behavioral2/memory/3184-61-0x00007FF7367B0000-0x00007FF736B04000-memory.dmp	upx
behavioral2/files/0x0007000000023c6e-66.dat	upx
behavioral2/files/0x0007000000023c6f-72.dat	upx
behavioral2/memory/4572-74-0x00007FF635DE0000-0x00007FF636134000-memory.dmp	upx
behavioral2/memory/4660-67-0x00007FF739B70000-0x00007FF739EC4000-memory.dmp	upx
behavioral2/memory/2932-62-0x00007FF7FAA60000-0x00007FF7FADB4000-memory.dmp	upx
behavioral2/memory/3012-77-0x00007FF7D36C0000-0x00007FF7D3A14000-memory.dmp	upx
behavioral2/files/0x0007000000023c70-80.dat	upx
behavioral2/memory/1048-81-0x00007FF72E460000-0x00007FF72E7B4000-memory.dmp	upx
behavioral2/files/0x000d000000023b1c-87.dat	upx
behavioral2/memory/4648-88-0x00007FF70DC20000-0x00007FF70DF74000-memory.dmp	upx
behavioral2/memory/2264-89-0x00007FF6070A0000-0x00007FF6073F4000-memory.dmp	upx
behavioral2/files/0x000d000000023b24-94.dat	upx
behavioral2/files/0x000e000000023b28-100.dat	upx
behavioral2/files/0x0007000000023c71-114.dat	upx
behavioral2/files/0x0007000000023c73-127.dat	upx
behavioral2/memory/4572-135-0x00007FF635DE0000-0x00007FF636134000-memory.dmp	upx
behavioral2/files/0x0007000000023c76-150.dat	upx
behavioral2/memory/4772-159-0x00007FF715B10000-0x00007FF715E64000-memory.dmp	upx
behavioral2/files/0x0007000000023c79-168.dat	upx
behavioral2/memory/2692-189-0x00007FF6549A0000-0x00007FF654CF4000-memory.dmp	upx
behavioral2/files/0x0007000000023c7f-206.dat	upx
behavioral2/memory/4576-1007-0x00007FF719E70000-0x00007FF71A1C4000-memory.dmp	upx
behavioral2/files/0x0007000000023c80-209.dat	upx
behavioral2/files/0x0007000000023c7e-204.dat	upx
behavioral2/files/0x0007000000023c7d-199.dat	upx
behavioral2/files/0x0007000000023c7c-194.dat	upx
behavioral2/memory/1500-193-0x00007FF6282B0000-0x00007FF628604000-memory.dmp	upx
behavioral2/memory/2696-190-0x00007FF7C4DF0000-0x00007FF7C5144000-memory.dmp	upx
behavioral2/files/0x0007000000023c7b-186.dat	upx
behavioral2/memory/2884-185-0x00007FF69B270000-0x00007FF69B5C4000-memory.dmp	upx
behavioral2/files/0x0007000000023c7a-181.dat	upx
behavioral2/memory/3008-180-0x00007FF607F70000-0x00007FF6082C4000-memory.dmp	upx
behavioral2/memory/956-178-0x00007FF74B650000-0x00007FF74B9A4000-memory.dmp	upx
behavioral2/memory/2268-172-0x00007FF6058F0000-0x00007FF605C44000-memory.dmp	upx
behavioral2/memory/4092-169-0x00007FF7EC8A0000-0x00007FF7ECBF4000-memory.dmp	upx
behavioral2/files/0x0007000000023c78-164.dat	upx
behavioral2/memory/1436-163-0x00007FF6E44C0000-0x00007FF6E4814000-memory.dmp	upx
behavioral2/files/0x0007000000023c77-161.dat	upx
behavioral2/memory/2096-160-0x00007FF712000000-0x00007FF712354000-memory.dmp	upx
behavioral2/memory/2264-156-0x00007FF6070A0000-0x00007FF6073F4000-memory.dmp	upx
behavioral2/memory/648-149-0x00007FF768010000-0x00007FF768364000-memory.dmp	upx
behavioral2/memory/3740-148-0x00007FF7C5500000-0x00007FF7C5854000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uHecHDx.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLCNzjQ.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PGoElYc.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcHqkNO.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXaVUVF.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAxFIFI.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fdOJoUz.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\loNIqDv.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oAzMTMn.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PGQIVbE.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIFQVXI.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oIwMIAC.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvfttqQ.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vlNbryu.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xghpkPC.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmaJFow.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYxrLIP.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vCgZUSq.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXPIcWf.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hejlQMS.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVzVZFW.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUofGgK.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\thYBqav.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\inEzJDX.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIydaDM.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYjtpSt.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOEfgAx.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ToHCSjM.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRGgKhL.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lrOufuy.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFgFLiX.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCerblp.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UWbrdsl.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBInrsc.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YBXBYIK.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPTYmCa.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aCQovnz.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWHWWeI.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFXakxg.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwSWEEn.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlodOhu.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BlimMGG.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKLhvBz.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\blDrwrZ.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oyffUFi.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKwKXdR.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\undoyyQ.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnpsmQD.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ewEoUaj.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HSOWXJc.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bGVaKak.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ryHqitV.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOWVhcp.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrPiiEN.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OawlTwY.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qIHMOMA.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SlohmqW.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGeUdqz.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ytGBnGE.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DgLnOLd.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GZGWaJr.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVnVZcp.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgmpEhT.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODpfOJe.exe	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 3632	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4160 wrote to memory of 3632	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4160 wrote to memory of 3184	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4160 wrote to memory of 3184	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4160 wrote to memory of 1708	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4160 wrote to memory of 1708	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4160 wrote to memory of 3012	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4160 wrote to memory of 3012	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4160 wrote to memory of 1048	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4160 wrote to memory of 1048	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4160 wrote to memory of 4648	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4160 wrote to memory of 4648	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4160 wrote to memory of 4700	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4160 wrote to memory of 4700	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4160 wrote to memory of 3104	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4160 wrote to memory of 3104	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4160 wrote to memory of 796	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4160 wrote to memory of 796	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4160 wrote to memory of 2932	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4160 wrote to memory of 2932	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4160 wrote to memory of 4660	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4160 wrote to memory of 4660	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4160 wrote to memory of 4572	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4160 wrote to memory of 4572	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4160 wrote to memory of 3740	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4160 wrote to memory of 3740	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4160 wrote to memory of 2264	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4160 wrote to memory of 2264	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4160 wrote to memory of 2096	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4160 wrote to memory of 2096	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4160 wrote to memory of 4092	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4160 wrote to memory of 4092	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4160 wrote to memory of 956	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4160 wrote to memory of 956	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4160 wrote to memory of 2884	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4160 wrote to memory of 2884	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4160 wrote to memory of 2696	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4160 wrote to memory of 2696	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4160 wrote to memory of 4576	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4160 wrote to memory of 4576	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4160 wrote to memory of 4952	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4160 wrote to memory of 4952	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4160 wrote to memory of 3916	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4160 wrote to memory of 3916	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4160 wrote to memory of 648	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4160 wrote to memory of 648	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4160 wrote to memory of 4772	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4160 wrote to memory of 4772	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4160 wrote to memory of 1436	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4160 wrote to memory of 1436	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4160 wrote to memory of 2268	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4160 wrote to memory of 2268	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4160 wrote to memory of 3008	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4160 wrote to memory of 3008	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4160 wrote to memory of 2692	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4160 wrote to memory of 2692	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4160 wrote to memory of 1500	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4160 wrote to memory of 1500	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4160 wrote to memory of 3444	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4160 wrote to memory of 3444	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4160 wrote to memory of 4268	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4160 wrote to memory of 4268	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4160 wrote to memory of 2632	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 4160 wrote to memory of 2632	4160	2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_ecf588f0ebabd33730be9df896ef2c17_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Windows\System\fIXtwMt.exe
  C:\Windows\System\fIXtwMt.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\tjUEbxQ.exe
  C:\Windows\System\tjUEbxQ.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\zURtTNj.exe
  C:\Windows\System\zURtTNj.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\XNxQciR.exe
  C:\Windows\System\XNxQciR.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\japYqwO.exe
  C:\Windows\System\japYqwO.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\FkZnAQE.exe
  C:\Windows\System\FkZnAQE.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\oUOhcaS.exe
  C:\Windows\System\oUOhcaS.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\bEYoCkv.exe
  C:\Windows\System\bEYoCkv.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\qWqaLeL.exe
  C:\Windows\System\qWqaLeL.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\CnNrlSy.exe
  C:\Windows\System\CnNrlSy.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\lzkycLD.exe
  C:\Windows\System\lzkycLD.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\sDfKNxn.exe
  C:\Windows\System\sDfKNxn.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\ssqJFvO.exe
  C:\Windows\System\ssqJFvO.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\WGxZquo.exe
  C:\Windows\System\WGxZquo.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\PmAzaiz.exe
  C:\Windows\System\PmAzaiz.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\xMDwIXc.exe
  C:\Windows\System\xMDwIXc.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\kzxMWaq.exe
  C:\Windows\System\kzxMWaq.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\kyDpoSc.exe
  C:\Windows\System\kyDpoSc.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\rJOmOCf.exe
  C:\Windows\System\rJOmOCf.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\sqQACMA.exe
  C:\Windows\System\sqQACMA.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\Xrhbqua.exe
  C:\Windows\System\Xrhbqua.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\GUpxHOb.exe
  C:\Windows\System\GUpxHOb.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\MnpYKCO.exe
  C:\Windows\System\MnpYKCO.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\sakXiAT.exe
  C:\Windows\System\sakXiAT.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\bqMbonP.exe
  C:\Windows\System\bqMbonP.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\pAeYmSc.exe
  C:\Windows\System\pAeYmSc.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\uAFtZDN.exe
  C:\Windows\System\uAFtZDN.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\IOzBzyl.exe
  C:\Windows\System\IOzBzyl.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\lzmCJOk.exe
  C:\Windows\System\lzmCJOk.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\UYJUlFR.exe
  C:\Windows\System\UYJUlFR.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\IsDVkpE.exe
  C:\Windows\System\IsDVkpE.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\SyDKErJ.exe
  C:\Windows\System\SyDKErJ.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\VlNdKXt.exe
  C:\Windows\System\VlNdKXt.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\VTPVjRO.exe
  C:\Windows\System\VTPVjRO.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\JfHtZlM.exe
  C:\Windows\System\JfHtZlM.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\hOOZhCD.exe
  C:\Windows\System\hOOZhCD.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\lLoWAUf.exe
  C:\Windows\System\lLoWAUf.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\GHbNygy.exe
  C:\Windows\System\GHbNygy.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\NCZKqKg.exe
  C:\Windows\System\NCZKqKg.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\wyzlKUO.exe
  C:\Windows\System\wyzlKUO.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\jgecukZ.exe
  C:\Windows\System\jgecukZ.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\JFOoUPN.exe
  C:\Windows\System\JFOoUPN.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\WyQKeKQ.exe
  C:\Windows\System\WyQKeKQ.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\ZDBsdMF.exe
  C:\Windows\System\ZDBsdMF.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\AVFXbht.exe
  C:\Windows\System\AVFXbht.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\dXhzOFB.exe
  C:\Windows\System\dXhzOFB.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\wosPUVS.exe
  C:\Windows\System\wosPUVS.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\KbgOWWU.exe
  C:\Windows\System\KbgOWWU.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\XtZoUte.exe
  C:\Windows\System\XtZoUte.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\BFBHXTn.exe
  C:\Windows\System\BFBHXTn.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\rEBNcMy.exe
  C:\Windows\System\rEBNcMy.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\FaoLpYJ.exe
  C:\Windows\System\FaoLpYJ.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\xMOsIwe.exe
  C:\Windows\System\xMOsIwe.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\Aomohlp.exe
  C:\Windows\System\Aomohlp.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\jxkYpXg.exe
  C:\Windows\System\jxkYpXg.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\ZLPiuJW.exe
  C:\Windows\System\ZLPiuJW.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\Xplvevj.exe
  C:\Windows\System\Xplvevj.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\OFdTEBn.exe
  C:\Windows\System\OFdTEBn.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\pXTjqHB.exe
  C:\Windows\System\pXTjqHB.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\RDdlqli.exe
  C:\Windows\System\RDdlqli.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\wPwdCBk.exe
  C:\Windows\System\wPwdCBk.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\UEfiSqG.exe
  C:\Windows\System\UEfiSqG.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\CTReeXa.exe
  C:\Windows\System\CTReeXa.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\ThobRBt.exe
  C:\Windows\System\ThobRBt.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\alFgFhF.exe
  C:\Windows\System\alFgFhF.exe
  2⤵
  PID:3148
- C:\Windows\System\ECtFGlX.exe
  C:\Windows\System\ECtFGlX.exe
  2⤵
  PID:2840
- C:\Windows\System\hNyxPgY.exe
  C:\Windows\System\hNyxPgY.exe
  2⤵
  PID:3188
- C:\Windows\System\jGkpclc.exe
  C:\Windows\System\jGkpclc.exe
  2⤵
  PID:960
- C:\Windows\System\sqpDeFw.exe
  C:\Windows\System\sqpDeFw.exe
  2⤵
  PID:4956
- C:\Windows\System\DgLnOLd.exe
  C:\Windows\System\DgLnOLd.exe
  2⤵
  PID:2940
- C:\Windows\System\YiCUBTh.exe
  C:\Windows\System\YiCUBTh.exe
  2⤵
  PID:3816
- C:\Windows\System\oFEMZdB.exe
  C:\Windows\System\oFEMZdB.exe
  2⤵
  PID:5008
- C:\Windows\System\jFpCsBM.exe
  C:\Windows\System\jFpCsBM.exe
  2⤵
  PID:3480
- C:\Windows\System\OvwuFdZ.exe
  C:\Windows\System\OvwuFdZ.exe
  2⤵
  PID:5136
- C:\Windows\System\QHaEfmz.exe
  C:\Windows\System\QHaEfmz.exe
  2⤵
  PID:5160
- C:\Windows\System\lUHNGKL.exe
  C:\Windows\System\lUHNGKL.exe
  2⤵
  PID:5188
- C:\Windows\System\RJDFJve.exe
  C:\Windows\System\RJDFJve.exe
  2⤵
  PID:5216
- C:\Windows\System\skLCEMf.exe
  C:\Windows\System\skLCEMf.exe
  2⤵
  PID:5244
- C:\Windows\System\LVvpJFj.exe
  C:\Windows\System\LVvpJFj.exe
  2⤵
  PID:5272
- C:\Windows\System\OFTdNuP.exe
  C:\Windows\System\OFTdNuP.exe
  2⤵
  PID:5300
- C:\Windows\System\nLdTFAP.exe
  C:\Windows\System\nLdTFAP.exe
  2⤵
  PID:5340
- C:\Windows\System\KtZDZSr.exe
  C:\Windows\System\KtZDZSr.exe
  2⤵
  PID:5356
- C:\Windows\System\iMmhJHN.exe
  C:\Windows\System\iMmhJHN.exe
  2⤵
  PID:5384
- C:\Windows\System\eZMfQQl.exe
  C:\Windows\System\eZMfQQl.exe
  2⤵
  PID:5412
- C:\Windows\System\dqNWfSG.exe
  C:\Windows\System\dqNWfSG.exe
  2⤵
  PID:5440
- C:\Windows\System\kQOOzVt.exe
  C:\Windows\System\kQOOzVt.exe
  2⤵
  PID:5468
- C:\Windows\System\iapMfbb.exe
  C:\Windows\System\iapMfbb.exe
  2⤵
  PID:5496
- C:\Windows\System\ULZkPBM.exe
  C:\Windows\System\ULZkPBM.exe
  2⤵
  PID:5524
- C:\Windows\System\xGyFRyG.exe
  C:\Windows\System\xGyFRyG.exe
  2⤵
  PID:5552
- C:\Windows\System\ZxMksej.exe
  C:\Windows\System\ZxMksej.exe
  2⤵
  PID:5580
- C:\Windows\System\UoyizEJ.exe
  C:\Windows\System\UoyizEJ.exe
  2⤵
  PID:5608
- C:\Windows\System\qcleYMU.exe
  C:\Windows\System\qcleYMU.exe
  2⤵
  PID:5644
- C:\Windows\System\AEgHeKQ.exe
  C:\Windows\System\AEgHeKQ.exe
  2⤵
  PID:5664
- C:\Windows\System\TKuiPhi.exe
  C:\Windows\System\TKuiPhi.exe
  2⤵
  PID:5692
- C:\Windows\System\kHNzPgo.exe
  C:\Windows\System\kHNzPgo.exe
  2⤵
  PID:5724
- C:\Windows\System\cqvHFZz.exe
  C:\Windows\System\cqvHFZz.exe
  2⤵
  PID:5748
- C:\Windows\System\KLmTmyg.exe
  C:\Windows\System\KLmTmyg.exe
  2⤵
  PID:5780
- C:\Windows\System\wEYCWAv.exe
  C:\Windows\System\wEYCWAv.exe
  2⤵
  PID:5816
- C:\Windows\System\uKYxGuO.exe
  C:\Windows\System\uKYxGuO.exe
  2⤵
  PID:5844
- C:\Windows\System\ToYxqXp.exe
  C:\Windows\System\ToYxqXp.exe
  2⤵
  PID:5860
- C:\Windows\System\UfmKjVb.exe
  C:\Windows\System\UfmKjVb.exe
  2⤵
  PID:5888
- C:\Windows\System\GAsQMdM.exe
  C:\Windows\System\GAsQMdM.exe
  2⤵
  PID:5916
- C:\Windows\System\lIqFQlq.exe
  C:\Windows\System\lIqFQlq.exe
  2⤵
  PID:5944
- C:\Windows\System\JJbFaXF.exe
  C:\Windows\System\JJbFaXF.exe
  2⤵
  PID:5972
- C:\Windows\System\ExaNxhV.exe
  C:\Windows\System\ExaNxhV.exe
  2⤵
  PID:5988
- C:\Windows\System\PlwdXSA.exe
  C:\Windows\System\PlwdXSA.exe
  2⤵
  PID:6028
- C:\Windows\System\qtIuohL.exe
  C:\Windows\System\qtIuohL.exe
  2⤵
  PID:6056
- C:\Windows\System\vzJUMxw.exe
  C:\Windows\System\vzJUMxw.exe
  2⤵
  PID:6084
- C:\Windows\System\QQlnnwm.exe
  C:\Windows\System\QQlnnwm.exe
  2⤵
  PID:6112
- C:\Windows\System\czwQNji.exe
  C:\Windows\System\czwQNji.exe
  2⤵
  PID:6140
- C:\Windows\System\fbSQThJ.exe
  C:\Windows\System\fbSQThJ.exe
  2⤵
  PID:4440
- C:\Windows\System\UHytpNe.exe
  C:\Windows\System\UHytpNe.exe
  2⤵
  PID:4932
- C:\Windows\System\RCEOaHa.exe
  C:\Windows\System\RCEOaHa.exe
  2⤵
  PID:552
- C:\Windows\System\PKDZwCn.exe
  C:\Windows\System\PKDZwCn.exe
  2⤵
  PID:5132
- C:\Windows\System\BsBAMzx.exe
  C:\Windows\System\BsBAMzx.exe
  2⤵
  PID:5204
- C:\Windows\System\pRbpaSD.exe
  C:\Windows\System\pRbpaSD.exe
  2⤵
  PID:5268
- C:\Windows\System\pmMZLwu.exe
  C:\Windows\System\pmMZLwu.exe
  2⤵
  PID:5328
- C:\Windows\System\dwBIOVk.exe
  C:\Windows\System\dwBIOVk.exe
  2⤵
  PID:5424
- C:\Windows\System\ZiIFjHr.exe
  C:\Windows\System\ZiIFjHr.exe
  2⤵
  PID:5460
- C:\Windows\System\NBInrsc.exe
  C:\Windows\System\NBInrsc.exe
  2⤵
  PID:5516
- C:\Windows\System\xvoNVSZ.exe
  C:\Windows\System\xvoNVSZ.exe
  2⤵
  PID:5576
- C:\Windows\System\kVVdkNK.exe
  C:\Windows\System\kVVdkNK.exe
  2⤵
  PID:5640
- C:\Windows\System\lSViGYQ.exe
  C:\Windows\System\lSViGYQ.exe
  2⤵
  PID:5712
- C:\Windows\System\oXBXdOf.exe
  C:\Windows\System\oXBXdOf.exe
  2⤵
  PID:5772
- C:\Windows\System\LlyXDsw.exe
  C:\Windows\System\LlyXDsw.exe
  2⤵
  PID:5832
- C:\Windows\System\BFKRdJJ.exe
  C:\Windows\System\BFKRdJJ.exe
  2⤵
  PID:5900
- C:\Windows\System\ZVuDZDX.exe
  C:\Windows\System\ZVuDZDX.exe
  2⤵
  PID:5960
- C:\Windows\System\Kwqyony.exe
  C:\Windows\System\Kwqyony.exe
  2⤵
  PID:6020
- C:\Windows\System\ijYpYOE.exe
  C:\Windows\System\ijYpYOE.exe
  2⤵
  PID:6096
- C:\Windows\System\ycjeDiN.exe
  C:\Windows\System\ycjeDiN.exe
  2⤵
  PID:2980
- C:\Windows\System\eVzpgnu.exe
  C:\Windows\System\eVzpgnu.exe
  2⤵
  PID:1204
- C:\Windows\System\kMZAsLH.exe
  C:\Windows\System\kMZAsLH.exe
  2⤵
  PID:5232
- C:\Windows\System\wJBZQPw.exe
  C:\Windows\System\wJBZQPw.exe
  2⤵
  PID:5380
- C:\Windows\System\xxfRjFH.exe
  C:\Windows\System\xxfRjFH.exe
  2⤵
  PID:5548
- C:\Windows\System\dSosZOV.exe
  C:\Windows\System\dSosZOV.exe
  2⤵
  PID:5624
- C:\Windows\System\pNtgRKB.exe
  C:\Windows\System\pNtgRKB.exe
  2⤵
  PID:5796
- C:\Windows\System\hZBvcpq.exe
  C:\Windows\System\hZBvcpq.exe
  2⤵
  PID:5940
- C:\Windows\System\ymwgCUC.exe
  C:\Windows\System\ymwgCUC.exe
  2⤵
  PID:6080
- C:\Windows\System\lVBjImQ.exe
  C:\Windows\System\lVBjImQ.exe
  2⤵
  PID:6156
- C:\Windows\System\caMqjNk.exe
  C:\Windows\System\caMqjNk.exe
  2⤵
  PID:6196
- C:\Windows\System\opodRkA.exe
  C:\Windows\System\opodRkA.exe
  2⤵
  PID:6224
- C:\Windows\System\cirUyGB.exe
  C:\Windows\System\cirUyGB.exe
  2⤵
  PID:6252
- C:\Windows\System\UBokkui.exe
  C:\Windows\System\UBokkui.exe
  2⤵
  PID:6280
- C:\Windows\System\FJzVjdQ.exe
  C:\Windows\System\FJzVjdQ.exe
  2⤵
  PID:6304
- C:\Windows\System\oAzMTMn.exe
  C:\Windows\System\oAzMTMn.exe
  2⤵
  PID:6336
- C:\Windows\System\bHwdCWw.exe
  C:\Windows\System\bHwdCWw.exe
  2⤵
  PID:6352
- C:\Windows\System\keCcloB.exe
  C:\Windows\System\keCcloB.exe
  2⤵
  PID:6396
- C:\Windows\System\GcpooMT.exe
  C:\Windows\System\GcpooMT.exe
  2⤵
  PID:6420
- C:\Windows\System\XzBoMaN.exe
  C:\Windows\System\XzBoMaN.exe
  2⤵
  PID:6436
- C:\Windows\System\TEMAbOs.exe
  C:\Windows\System\TEMAbOs.exe
  2⤵
  PID:6468
- C:\Windows\System\AKCeCbg.exe
  C:\Windows\System\AKCeCbg.exe
  2⤵
  PID:6492
- C:\Windows\System\XavtIXH.exe
  C:\Windows\System\XavtIXH.exe
  2⤵
  PID:6532
- C:\Windows\System\sqmnJry.exe
  C:\Windows\System\sqmnJry.exe
  2⤵
  PID:6564
- C:\Windows\System\QURJfyt.exe
  C:\Windows\System\QURJfyt.exe
  2⤵
  PID:6588
- C:\Windows\System\ZzCvykD.exe
  C:\Windows\System\ZzCvykD.exe
  2⤵
  PID:6604
- C:\Windows\System\iajQlUq.exe
  C:\Windows\System\iajQlUq.exe
  2⤵
  PID:6632
- C:\Windows\System\uHecHDx.exe
  C:\Windows\System\uHecHDx.exe
  2⤵
  PID:6660
- C:\Windows\System\chVuMDX.exe
  C:\Windows\System\chVuMDX.exe
  2⤵
  PID:6688
- C:\Windows\System\ZSseMRR.exe
  C:\Windows\System\ZSseMRR.exe
  2⤵
  PID:6728
- C:\Windows\System\xEsHvbe.exe
  C:\Windows\System\xEsHvbe.exe
  2⤵
  PID:6748
- C:\Windows\System\FpUOpsw.exe
  C:\Windows\System\FpUOpsw.exe
  2⤵
  PID:6772
- C:\Windows\System\OrunLTS.exe
  C:\Windows\System\OrunLTS.exe
  2⤵
  PID:6800
- C:\Windows\System\HfZdDIG.exe
  C:\Windows\System\HfZdDIG.exe
  2⤵
  PID:6840
- C:\Windows\System\jbMqVCU.exe
  C:\Windows\System\jbMqVCU.exe
  2⤵
  PID:6856
- C:\Windows\System\RRQfkLm.exe
  C:\Windows\System\RRQfkLm.exe
  2⤵
  PID:6896
- C:\Windows\System\YBXBYIK.exe
  C:\Windows\System\YBXBYIK.exe
  2⤵
  PID:6912
- C:\Windows\System\bZSGugD.exe
  C:\Windows\System\bZSGugD.exe
  2⤵
  PID:6940
- C:\Windows\System\lWEJKeO.exe
  C:\Windows\System\lWEJKeO.exe
  2⤵
  PID:6976
- C:\Windows\System\rULLbdx.exe
  C:\Windows\System\rULLbdx.exe
  2⤵
  PID:6996
- C:\Windows\System\QyNFeGI.exe
  C:\Windows\System\QyNFeGI.exe
  2⤵
  PID:7024
- C:\Windows\System\JCJfIZn.exe
  C:\Windows\System\JCJfIZn.exe
  2⤵
  PID:7052
- C:\Windows\System\uvsqesO.exe
  C:\Windows\System\uvsqesO.exe
  2⤵
  PID:7092
- C:\Windows\System\HxOjsXB.exe
  C:\Windows\System\HxOjsXB.exe
  2⤵
  PID:7108
- C:\Windows\System\AcMLgUj.exe
  C:\Windows\System\AcMLgUj.exe
  2⤵
  PID:7148
- C:\Windows\System\CHyeScJ.exe
  C:\Windows\System\CHyeScJ.exe
  2⤵
  PID:1980
- C:\Windows\System\JaVzChu.exe
  C:\Windows\System\JaVzChu.exe
  2⤵
  PID:5312
- C:\Windows\System\MXBiURD.exe
  C:\Windows\System\MXBiURD.exe
  2⤵
  PID:5620
- C:\Windows\System\YlSzulS.exe
  C:\Windows\System\YlSzulS.exe
  2⤵
  PID:6012
- C:\Windows\System\SbNGBHq.exe
  C:\Windows\System\SbNGBHq.exe
  2⤵
  PID:6172
- C:\Windows\System\zUXoqil.exe
  C:\Windows\System\zUXoqil.exe
  2⤵
  PID:6240
- C:\Windows\System\MnWNnVn.exe
  C:\Windows\System\MnWNnVn.exe
  2⤵
  PID:6312
- C:\Windows\System\idiZlAW.exe
  C:\Windows\System\idiZlAW.exe
  2⤵
  PID:6368
- C:\Windows\System\PAfQEGr.exe
  C:\Windows\System\PAfQEGr.exe
  2⤵
  PID:6448
- C:\Windows\System\QSGvZwV.exe
  C:\Windows\System\QSGvZwV.exe
  2⤵
  PID:6504
- C:\Windows\System\BqNEWmr.exe
  C:\Windows\System\BqNEWmr.exe
  2⤵
  PID:6552
- C:\Windows\System\RspTOOC.exe
  C:\Windows\System\RspTOOC.exe
  2⤵
  PID:6624
- C:\Windows\System\sgsUEJZ.exe
  C:\Windows\System\sgsUEJZ.exe
  2⤵
  PID:6684
- C:\Windows\System\sEnarqn.exe
  C:\Windows\System\sEnarqn.exe
  2⤵
  PID:6756
- C:\Windows\System\JOsvKfW.exe
  C:\Windows\System\JOsvKfW.exe
  2⤵
  PID:6824
- C:\Windows\System\KOeRoio.exe
  C:\Windows\System\KOeRoio.exe
  2⤵
  PID:6880
- C:\Windows\System\gkMJaKA.exe
  C:\Windows\System\gkMJaKA.exe
  2⤵
  PID:6936
- C:\Windows\System\FKMgxSA.exe
  C:\Windows\System\FKMgxSA.exe
  2⤵
  PID:7008
- C:\Windows\System\oVJbTxw.exe
  C:\Windows\System\oVJbTxw.exe
  2⤵
  PID:7076
- C:\Windows\System\gFBjQfV.exe
  C:\Windows\System\gFBjQfV.exe
  2⤵
  PID:7136
- C:\Windows\System\uoMJiTD.exe
  C:\Windows\System\uoMJiTD.exe
  2⤵
  PID:5296
- C:\Windows\System\KngMAbq.exe
  C:\Windows\System\KngMAbq.exe
  2⤵
  PID:4916
- C:\Windows\System\XKunTFy.exe
  C:\Windows\System\XKunTFy.exe
  2⤵
  PID:6288
- C:\Windows\System\lLhBYWJ.exe
  C:\Windows\System\lLhBYWJ.exe
  2⤵
  PID:6460
- C:\Windows\System\XiMWIHl.exe
  C:\Windows\System\XiMWIHl.exe
  2⤵
  PID:6616
- C:\Windows\System\ljlTawX.exe
  C:\Windows\System\ljlTawX.exe
  2⤵
  PID:4960
- C:\Windows\System\luUWkNc.exe
  C:\Windows\System\luUWkNc.exe
  2⤵
  PID:6848
- C:\Windows\System\FvIuzcV.exe
  C:\Windows\System\FvIuzcV.exe
  2⤵
  PID:6924
- C:\Windows\System\mtMdeyk.exe
  C:\Windows\System\mtMdeyk.exe
  2⤵
  PID:7100
- C:\Windows\System\zZEZCoo.exe
  C:\Windows\System\zZEZCoo.exe
  2⤵
  PID:5184
- C:\Windows\System\fblBzpc.exe
  C:\Windows\System\fblBzpc.exe
  2⤵
  PID:6272
- C:\Windows\System\tVFnqet.exe
  C:\Windows\System\tVFnqet.exe
  2⤵
  PID:5084
- C:\Windows\System\iBwhzGe.exe
  C:\Windows\System\iBwhzGe.exe
  2⤵
  PID:3396
- C:\Windows\System\fPIFmVL.exe
  C:\Windows\System\fPIFmVL.exe
  2⤵
  PID:7048
- C:\Windows\System\FGDiRqo.exe
  C:\Windows\System\FGDiRqo.exe
  2⤵
  PID:1544
- C:\Windows\System\sreGFIk.exe
  C:\Windows\System\sreGFIk.exe
  2⤵
  PID:7188
- C:\Windows\System\ICOiDqo.exe
  C:\Windows\System\ICOiDqo.exe
  2⤵
  PID:7216
- C:\Windows\System\ugtKsph.exe
  C:\Windows\System\ugtKsph.exe
  2⤵
  PID:7244
- C:\Windows\System\oTZOMEp.exe
  C:\Windows\System\oTZOMEp.exe
  2⤵
  PID:7272
- C:\Windows\System\zdEsGKX.exe
  C:\Windows\System\zdEsGKX.exe
  2⤵
  PID:7300
- C:\Windows\System\LaKZpNS.exe
  C:\Windows\System\LaKZpNS.exe
  2⤵
  PID:7328
- C:\Windows\System\mYlVfAJ.exe
  C:\Windows\System\mYlVfAJ.exe
  2⤵
  PID:7356
- C:\Windows\System\BzQsBPu.exe
  C:\Windows\System\BzQsBPu.exe
  2⤵
  PID:7384
- C:\Windows\System\XSHkHbZ.exe
  C:\Windows\System\XSHkHbZ.exe
  2⤵
  PID:7412
- C:\Windows\System\yQzvTmH.exe
  C:\Windows\System\yQzvTmH.exe
  2⤵
  PID:7440
- C:\Windows\System\HpKkQrV.exe
  C:\Windows\System\HpKkQrV.exe
  2⤵
  PID:7472
- C:\Windows\System\XZUMitd.exe
  C:\Windows\System\XZUMitd.exe
  2⤵
  PID:7500
- C:\Windows\System\iwDvVgk.exe
  C:\Windows\System\iwDvVgk.exe
  2⤵
  PID:7524
- C:\Windows\System\PNWHhlm.exe
  C:\Windows\System\PNWHhlm.exe
  2⤵
  PID:7552
- C:\Windows\System\BtEzrzQ.exe
  C:\Windows\System\BtEzrzQ.exe
  2⤵
  PID:7580
- C:\Windows\System\hbVjfAQ.exe
  C:\Windows\System\hbVjfAQ.exe
  2⤵
  PID:7608
- C:\Windows\System\EBzjxWv.exe
  C:\Windows\System\EBzjxWv.exe
  2⤵
  PID:7636
- C:\Windows\System\ajyoGCr.exe
  C:\Windows\System\ajyoGCr.exe
  2⤵
  PID:7664
- C:\Windows\System\kiaxgfr.exe
  C:\Windows\System\kiaxgfr.exe
  2⤵
  PID:7692
- C:\Windows\System\yuyStBf.exe
  C:\Windows\System\yuyStBf.exe
  2⤵
  PID:7724
- C:\Windows\System\KIIssKs.exe
  C:\Windows\System\KIIssKs.exe
  2⤵
  PID:7748
- C:\Windows\System\ewnZmtZ.exe
  C:\Windows\System\ewnZmtZ.exe
  2⤵
  PID:7776
- C:\Windows\System\splAMal.exe
  C:\Windows\System\splAMal.exe
  2⤵
  PID:7804
- C:\Windows\System\rHvaUEF.exe
  C:\Windows\System\rHvaUEF.exe
  2⤵
  PID:7836
- C:\Windows\System\kPTYmCa.exe
  C:\Windows\System\kPTYmCa.exe
  2⤵
  PID:7864
- C:\Windows\System\LeSjMBq.exe
  C:\Windows\System\LeSjMBq.exe
  2⤵
  PID:7888
- C:\Windows\System\vAEqXVZ.exe
  C:\Windows\System\vAEqXVZ.exe
  2⤵
  PID:7916
- C:\Windows\System\RRjOuHa.exe
  C:\Windows\System\RRjOuHa.exe
  2⤵
  PID:7944
- C:\Windows\System\CqTousI.exe
  C:\Windows\System\CqTousI.exe
  2⤵
  PID:7976
- C:\Windows\System\zgtNXhV.exe
  C:\Windows\System\zgtNXhV.exe
  2⤵
  PID:8012
- C:\Windows\System\NsDZoWg.exe
  C:\Windows\System\NsDZoWg.exe
  2⤵
  PID:8028
- C:\Windows\System\URkfRFc.exe
  C:\Windows\System\URkfRFc.exe
  2⤵
  PID:8056
- C:\Windows\System\sihYugS.exe
  C:\Windows\System\sihYugS.exe
  2⤵
  PID:8084
- C:\Windows\System\WtdgTze.exe
  C:\Windows\System\WtdgTze.exe
  2⤵
  PID:8112
- C:\Windows\System\GZGWaJr.exe
  C:\Windows\System\GZGWaJr.exe
  2⤵
  PID:8140
- C:\Windows\System\zXIcBjz.exe
  C:\Windows\System\zXIcBjz.exe
  2⤵
  PID:8172
- C:\Windows\System\temUwZx.exe
  C:\Windows\System\temUwZx.exe
  2⤵
  PID:6584
- C:\Windows\System\PPMMtcC.exe
  C:\Windows\System\PPMMtcC.exe
  2⤵
  PID:2872
- C:\Windows\System\aBfvcck.exe
  C:\Windows\System\aBfvcck.exe
  2⤵
  PID:4668
- C:\Windows\System\jZERLSZ.exe
  C:\Windows\System\jZERLSZ.exe
  2⤵
  PID:7208
- C:\Windows\System\hVVhYjx.exe
  C:\Windows\System\hVVhYjx.exe
  2⤵
  PID:7260
- C:\Windows\System\mofmPzl.exe
  C:\Windows\System\mofmPzl.exe
  2⤵
  PID:1676
- C:\Windows\System\yRPHwcY.exe
  C:\Windows\System\yRPHwcY.exe
  2⤵
  PID:4924
- C:\Windows\System\KtSwdrL.exe
  C:\Windows\System\KtSwdrL.exe
  2⤵
  PID:7404
- C:\Windows\System\NDUbGvD.exe
  C:\Windows\System\NDUbGvD.exe
  2⤵
  PID:4948
- C:\Windows\System\xspNyTZ.exe
  C:\Windows\System\xspNyTZ.exe
  2⤵
  PID:7508
- C:\Windows\System\vSTKXOt.exe
  C:\Windows\System\vSTKXOt.exe
  2⤵
  PID:7548
- C:\Windows\System\SAxugaI.exe
  C:\Windows\System\SAxugaI.exe
  2⤵
  PID:7600
- C:\Windows\System\RQmHHlT.exe
  C:\Windows\System\RQmHHlT.exe
  2⤵
  PID:7656
- C:\Windows\System\BpBYisa.exe
  C:\Windows\System\BpBYisa.exe
  2⤵
  PID:7688
- C:\Windows\System\RGdCKSR.exe
  C:\Windows\System\RGdCKSR.exe
  2⤵
  PID:7744
- C:\Windows\System\JDmdeAO.exe
  C:\Windows\System\JDmdeAO.exe
  2⤵
  PID:7828
- C:\Windows\System\eWBSzFX.exe
  C:\Windows\System\eWBSzFX.exe
  2⤵
  PID:7872
- C:\Windows\System\efuqWrg.exe
  C:\Windows\System\efuqWrg.exe
  2⤵
  PID:7936
- C:\Windows\System\AMeSQyz.exe
  C:\Windows\System\AMeSQyz.exe
  2⤵
  PID:8000
- C:\Windows\System\dfoPTHO.exe
  C:\Windows\System\dfoPTHO.exe
  2⤵
  PID:8072
- C:\Windows\System\LHsQWNX.exe
  C:\Windows\System\LHsQWNX.exe
  2⤵
  PID:8152
- C:\Windows\System\qEXryTq.exe
  C:\Windows\System\qEXryTq.exe
  2⤵
  PID:6904
- C:\Windows\System\YsJFpRh.exe
  C:\Windows\System\YsJFpRh.exe
  2⤵
  PID:5092
- C:\Windows\System\NQGsmru.exe
  C:\Windows\System\NQGsmru.exe
  2⤵
  PID:7292
- C:\Windows\System\zxtdyZc.exe
  C:\Windows\System\zxtdyZc.exe
  2⤵
  PID:7396
- C:\Windows\System\RqBjMhe.exe
  C:\Windows\System\RqBjMhe.exe
  2⤵
  PID:7516
- C:\Windows\System\lUgVLCQ.exe
  C:\Windows\System\lUgVLCQ.exe
  2⤵
  PID:4204
- C:\Windows\System\colitPx.exe
  C:\Windows\System\colitPx.exe
  2⤵
  PID:228
- C:\Windows\System\HOREFux.exe
  C:\Windows\System\HOREFux.exe
  2⤵
  PID:7900
- C:\Windows\System\AIaQNdQ.exe
  C:\Windows\System\AIaQNdQ.exe
  2⤵
  PID:8024
- C:\Windows\System\MhbaLmj.exe
  C:\Windows\System\MhbaLmj.exe
  2⤵
  PID:8188
- C:\Windows\System\gatvUGk.exe
  C:\Windows\System\gatvUGk.exe
  2⤵
  PID:4696
- C:\Windows\System\EvnKJhC.exe
  C:\Windows\System\EvnKJhC.exe
  2⤵
  PID:2616
- C:\Windows\System\MLMGzOs.exe
  C:\Windows\System\MLMGzOs.exe
  2⤵
  PID:7800
- C:\Windows\System\ctKVOPZ.exe
  C:\Windows\System\ctKVOPZ.exe
  2⤵
  PID:8096
- C:\Windows\System\TQMeLmu.exe
  C:\Windows\System\TQMeLmu.exe
  2⤵
  PID:8216
- C:\Windows\System\NOhMBRL.exe
  C:\Windows\System\NOhMBRL.exe
  2⤵
  PID:8244
- C:\Windows\System\hgcmYEy.exe
  C:\Windows\System\hgcmYEy.exe
  2⤵
  PID:8276
- C:\Windows\System\dsPmXhs.exe
  C:\Windows\System\dsPmXhs.exe
  2⤵
  PID:8300
- C:\Windows\System\sOaZjbC.exe
  C:\Windows\System\sOaZjbC.exe
  2⤵
  PID:8340
- C:\Windows\System\iADdsHV.exe
  C:\Windows\System\iADdsHV.exe
  2⤵
  PID:8368
- C:\Windows\System\fWSmBQf.exe
  C:\Windows\System\fWSmBQf.exe
  2⤵
  PID:8384
- C:\Windows\System\BhlffLk.exe
  C:\Windows\System\BhlffLk.exe
  2⤵
  PID:8424
- C:\Windows\System\KXbxwbw.exe
  C:\Windows\System\KXbxwbw.exe
  2⤵
  PID:8452
- C:\Windows\System\YidTYmS.exe
  C:\Windows\System\YidTYmS.exe
  2⤵
  PID:8468
- C:\Windows\System\JxXXWFH.exe
  C:\Windows\System\JxXXWFH.exe
  2⤵
  PID:8496
- C:\Windows\System\GxumCDC.exe
  C:\Windows\System\GxumCDC.exe
  2⤵
  PID:8524
- C:\Windows\System\xNBubwj.exe
  C:\Windows\System\xNBubwj.exe
  2⤵
  PID:8556
- C:\Windows\System\uuLEPDO.exe
  C:\Windows\System\uuLEPDO.exe
  2⤵
  PID:8580
- C:\Windows\System\xfiBesj.exe
  C:\Windows\System\xfiBesj.exe
  2⤵
  PID:8608
- C:\Windows\System\jXKzzPe.exe
  C:\Windows\System\jXKzzPe.exe
  2⤵
  PID:8636
- C:\Windows\System\kmgQoyV.exe
  C:\Windows\System\kmgQoyV.exe
  2⤵
  PID:8664
- C:\Windows\System\wahAgfb.exe
  C:\Windows\System\wahAgfb.exe
  2⤵
  PID:8692
- C:\Windows\System\ttfuarz.exe
  C:\Windows\System\ttfuarz.exe
  2⤵
  PID:8752
- C:\Windows\System\USPzkdo.exe
  C:\Windows\System\USPzkdo.exe
  2⤵
  PID:8828
- C:\Windows\System\iPsyuXp.exe
  C:\Windows\System\iPsyuXp.exe
  2⤵
  PID:8848
- C:\Windows\System\cMZScOx.exe
  C:\Windows\System\cMZScOx.exe
  2⤵
  PID:8892
- C:\Windows\System\AtNuQWp.exe
  C:\Windows\System\AtNuQWp.exe
  2⤵
  PID:8920
- C:\Windows\System\MwyibrM.exe
  C:\Windows\System\MwyibrM.exe
  2⤵
  PID:8956
- C:\Windows\System\dnViJDc.exe
  C:\Windows\System\dnViJDc.exe
  2⤵
  PID:9004
- C:\Windows\System\jmjJyJF.exe
  C:\Windows\System\jmjJyJF.exe
  2⤵
  PID:9048
- C:\Windows\System\KRVyWET.exe
  C:\Windows\System\KRVyWET.exe
  2⤵
  PID:9108
- C:\Windows\System\bhHJcrR.exe
  C:\Windows\System\bhHJcrR.exe
  2⤵
  PID:9148
- C:\Windows\System\ABnYAVZ.exe
  C:\Windows\System\ABnYAVZ.exe
  2⤵
  PID:9172
- C:\Windows\System\RAsJReE.exe
  C:\Windows\System\RAsJReE.exe
  2⤵
  PID:3828
- C:\Windows\System\hejlQMS.exe
  C:\Windows\System\hejlQMS.exe
  2⤵
  PID:1836
- C:\Windows\System\vPprwNx.exe
  C:\Windows\System\vPprwNx.exe
  2⤵
  PID:8200
- C:\Windows\System\lAVIIsr.exe
  C:\Windows\System\lAVIIsr.exe
  2⤵
  PID:8264
- C:\Windows\System\hNxKcxq.exe
  C:\Windows\System\hNxKcxq.exe
  2⤵
  PID:8332
- C:\Windows\System\zjeIntu.exe
  C:\Windows\System\zjeIntu.exe
  2⤵
  PID:8380
- C:\Windows\System\gCNpIBN.exe
  C:\Windows\System\gCNpIBN.exe
  2⤵
  PID:8448
- C:\Windows\System\uQoLeQq.exe
  C:\Windows\System\uQoLeQq.exe
  2⤵
  PID:5072
- C:\Windows\System\BuxmbVO.exe
  C:\Windows\System\BuxmbVO.exe
  2⤵
  PID:4372
- C:\Windows\System\bhQjaXm.exe
  C:\Windows\System\bhQjaXm.exe
  2⤵
  PID:8548
- C:\Windows\System\TNuriqc.exe
  C:\Windows\System\TNuriqc.exe
  2⤵
  PID:8604
- C:\Windows\System\invjFek.exe
  C:\Windows\System\invjFek.exe
  2⤵
  PID:4104
- C:\Windows\System\xqsrWbD.exe
  C:\Windows\System\xqsrWbD.exe
  2⤵
  PID:1588
- C:\Windows\System\rEqGadv.exe
  C:\Windows\System\rEqGadv.exe
  2⤵
  PID:2500
- C:\Windows\System\iqRBzzM.exe
  C:\Windows\System\iqRBzzM.exe
  2⤵
  PID:2596
- C:\Windows\System\idiifLU.exe
  C:\Windows\System\idiifLU.exe
  2⤵
  PID:2524
- C:\Windows\System\MhbVWXh.exe
  C:\Windows\System\MhbVWXh.exe
  2⤵
  PID:8704
- C:\Windows\System\zgrTzyQ.exe
  C:\Windows\System\zgrTzyQ.exe
  2⤵
  PID:216
- C:\Windows\System\ijLhAVK.exe
  C:\Windows\System\ijLhAVK.exe
  2⤵
  PID:1044
- C:\Windows\System\DVnVZcp.exe
  C:\Windows\System\DVnVZcp.exe
  2⤵
  PID:1248
- C:\Windows\System\EpMNmCy.exe
  C:\Windows\System\EpMNmCy.exe
  2⤵
  PID:8908
- C:\Windows\System\QyeYukK.exe
  C:\Windows\System\QyeYukK.exe
  2⤵
  PID:9012
- C:\Windows\System\SYdbfIm.exe
  C:\Windows\System\SYdbfIm.exe
  2⤵
  PID:9136
- C:\Windows\System\igXfiGf.exe
  C:\Windows\System\igXfiGf.exe
  2⤵
  PID:4428
- C:\Windows\System\KafzceD.exe
  C:\Windows\System\KafzceD.exe
  2⤵
  PID:8236
- C:\Windows\System\lARXYLK.exe
  C:\Windows\System\lARXYLK.exe
  2⤵
  PID:3504
- C:\Windows\System\VoZlcfw.exe
  C:\Windows\System\VoZlcfw.exe
  2⤵
  PID:4964
- C:\Windows\System\sCZQFni.exe
  C:\Windows\System\sCZQFni.exe
  2⤵
  PID:8544
- C:\Windows\System\acQMekJ.exe
  C:\Windows\System\acQMekJ.exe
  2⤵
  PID:2764
- C:\Windows\System\TSeeNcP.exe
  C:\Windows\System\TSeeNcP.exe
  2⤵
  PID:1164
- C:\Windows\System\XGnIpRl.exe
  C:\Windows\System\XGnIpRl.exe
  2⤵
  PID:4332
- C:\Windows\System\TPWRJEl.exe
  C:\Windows\System\TPWRJEl.exe
  2⤵
  PID:3892
- C:\Windows\System\HhcVGXd.exe
  C:\Windows\System\HhcVGXd.exe
  2⤵
  PID:632
- C:\Windows\System\dsUJEqi.exe
  C:\Windows\System\dsUJEqi.exe
  2⤵
  PID:9032
- C:\Windows\System\MccpDib.exe
  C:\Windows\System\MccpDib.exe
  2⤵
  PID:7968
- C:\Windows\System\ZarBZsn.exe
  C:\Windows\System\ZarBZsn.exe
  2⤵
  PID:1680
- C:\Windows\System\JtjXHoD.exe
  C:\Windows\System\JtjXHoD.exe
  2⤵
  PID:5880
- C:\Windows\System\EPFuPaS.exe
  C:\Windows\System\EPFuPaS.exe
  2⤵
  PID:2952
- C:\Windows\System\UgmpEhT.exe
  C:\Windows\System\UgmpEhT.exe
  2⤵
  PID:3648
- C:\Windows\System\smwAoaC.exe
  C:\Windows\System\smwAoaC.exe
  2⤵
  PID:9252
- C:\Windows\System\CUIWSti.exe
  C:\Windows\System\CUIWSti.exe
  2⤵
  PID:9284
- C:\Windows\System\newrEtc.exe
  C:\Windows\System\newrEtc.exe
  2⤵
  PID:9304
- C:\Windows\System\vvSSxzm.exe
  C:\Windows\System\vvSSxzm.exe
  2⤵
  PID:9332
- C:\Windows\System\JKwNkEs.exe
  C:\Windows\System\JKwNkEs.exe
  2⤵
  PID:9376
- C:\Windows\System\rFzzRHX.exe
  C:\Windows\System\rFzzRHX.exe
  2⤵
  PID:9404
- C:\Windows\System\jyZijcB.exe
  C:\Windows\System\jyZijcB.exe
  2⤵
  PID:9440
- C:\Windows\System\hSZYiqS.exe
  C:\Windows\System\hSZYiqS.exe
  2⤵
  PID:9468
- C:\Windows\System\UrXVnEs.exe
  C:\Windows\System\UrXVnEs.exe
  2⤵
  PID:9496
- C:\Windows\System\KmEKBKU.exe
  C:\Windows\System\KmEKBKU.exe
  2⤵
  PID:9532
- C:\Windows\System\SuMjNeZ.exe
  C:\Windows\System\SuMjNeZ.exe
  2⤵
  PID:9560
- C:\Windows\System\QMPFLca.exe
  C:\Windows\System\QMPFLca.exe
  2⤵
  PID:9608
- C:\Windows\System\aLsfYel.exe
  C:\Windows\System\aLsfYel.exe
  2⤵
  PID:9636
- C:\Windows\System\SsYXWNd.exe
  C:\Windows\System\SsYXWNd.exe
  2⤵
  PID:9664
- C:\Windows\System\VicRNkS.exe
  C:\Windows\System\VicRNkS.exe
  2⤵
  PID:9692
- C:\Windows\System\isURrUX.exe
  C:\Windows\System\isURrUX.exe
  2⤵
  PID:9724
- C:\Windows\System\zEeUOMj.exe
  C:\Windows\System\zEeUOMj.exe
  2⤵
  PID:9760
- C:\Windows\System\MbUCAre.exe
  C:\Windows\System\MbUCAre.exe
  2⤵
  PID:9788
- C:\Windows\System\nXEhkEh.exe
  C:\Windows\System\nXEhkEh.exe
  2⤵
  PID:9812
- C:\Windows\System\CnpsmQD.exe
  C:\Windows\System\CnpsmQD.exe
  2⤵
  PID:9840
- C:\Windows\System\cOEfgAx.exe
  C:\Windows\System\cOEfgAx.exe
  2⤵
  PID:9876
- C:\Windows\System\lZCqQWJ.exe
  C:\Windows\System\lZCqQWJ.exe
  2⤵
  PID:9904
- C:\Windows\System\RUtrfer.exe
  C:\Windows\System\RUtrfer.exe
  2⤵
  PID:9920
- C:\Windows\System\QfmJGQo.exe
  C:\Windows\System\QfmJGQo.exe
  2⤵
  PID:9980
- C:\Windows\System\dxJqgks.exe
  C:\Windows\System\dxJqgks.exe
  2⤵
  PID:10008
- C:\Windows\System\SHrHaEj.exe
  C:\Windows\System\SHrHaEj.exe
  2⤵
  PID:10036
- C:\Windows\System\vuEhCLG.exe
  C:\Windows\System\vuEhCLG.exe
  2⤵
  PID:10072
- C:\Windows\System\ToHCSjM.exe
  C:\Windows\System\ToHCSjM.exe
  2⤵
  PID:10124
- C:\Windows\System\cJtFfpB.exe
  C:\Windows\System\cJtFfpB.exe
  2⤵
  PID:10152
- C:\Windows\System\rLtXxMm.exe
  C:\Windows\System\rLtXxMm.exe
  2⤵
  PID:10212
- C:\Windows\System\nlRJsMq.exe
  C:\Windows\System\nlRJsMq.exe
  2⤵
  PID:9132
- C:\Windows\System\EduZcMe.exe
  C:\Windows\System\EduZcMe.exe
  2⤵
  PID:5040
- C:\Windows\System\ZUGTwBv.exe
  C:\Windows\System\ZUGTwBv.exe
  2⤵
  PID:9312
- C:\Windows\System\NsYULbZ.exe
  C:\Windows\System\NsYULbZ.exe
  2⤵
  PID:9352
- C:\Windows\System\WCxWBZT.exe
  C:\Windows\System\WCxWBZT.exe
  2⤵
  PID:9420
- C:\Windows\System\nPgYfLd.exe
  C:\Windows\System\nPgYfLd.exe
  2⤵
  PID:1160
- C:\Windows\System\vcXCZxo.exe
  C:\Windows\System\vcXCZxo.exe
  2⤵
  PID:8864
- C:\Windows\System\kTiTTmd.exe
  C:\Windows\System\kTiTTmd.exe
  2⤵
  PID:9520
- C:\Windows\System\crbVcne.exe
  C:\Windows\System\crbVcne.exe
  2⤵
  PID:9592
- C:\Windows\System\rLSqQvj.exe
  C:\Windows\System\rLSqQvj.exe
  2⤵
  PID:9644
- C:\Windows\System\vbnaOzN.exe
  C:\Windows\System\vbnaOzN.exe
  2⤵
  PID:9704
- C:\Windows\System\klfmDDP.exe
  C:\Windows\System\klfmDDP.exe
  2⤵
  PID:2152
- C:\Windows\System\kmVRHwQ.exe
  C:\Windows\System\kmVRHwQ.exe
  2⤵
  PID:9868
- C:\Windows\System\rqEjVVG.exe
  C:\Windows\System\rqEjVVG.exe
  2⤵
  PID:9916
- C:\Windows\System\lbwNyHX.exe
  C:\Windows\System\lbwNyHX.exe
  2⤵
  PID:9976
- C:\Windows\System\AWQSAIY.exe
  C:\Windows\System\AWQSAIY.exe
  2⤵
  PID:1952
- C:\Windows\System\aXdFEfI.exe
  C:\Windows\System\aXdFEfI.exe
  2⤵
  PID:10044
- C:\Windows\System\txXKISn.exe
  C:\Windows\System\txXKISn.exe
  2⤵
  PID:10108
- C:\Windows\System\yHoFLJZ.exe
  C:\Windows\System\yHoFLJZ.exe
  2⤵
  PID:3980
- C:\Windows\System\GvvAaeS.exe
  C:\Windows\System\GvvAaeS.exe
  2⤵
  PID:3948
- C:\Windows\System\vaydkrT.exe
  C:\Windows\System\vaydkrT.exe
  2⤵
  PID:9992
- C:\Windows\System\RGasSBJ.exe
  C:\Windows\System\RGasSBJ.exe
  2⤵
  PID:10188
- C:\Windows\System\xGrvPav.exe
  C:\Windows\System\xGrvPav.exe
  2⤵
  PID:4520
- C:\Windows\System\UoPhYsz.exe
  C:\Windows\System\UoPhYsz.exe
  2⤵
  PID:10232
- C:\Windows\System\iyTXCgP.exe
  C:\Windows\System\iyTXCgP.exe
  2⤵
  PID:9320
- C:\Windows\System\bgZkrLo.exe
  C:\Windows\System\bgZkrLo.exe
  2⤵
  PID:8940
- C:\Windows\System\pLCNzjQ.exe
  C:\Windows\System\pLCNzjQ.exe
  2⤵
  PID:9492
- C:\Windows\System\eYyWOTI.exe
  C:\Windows\System\eYyWOTI.exe
  2⤵
  PID:1412
- C:\Windows\System\MmeZkMk.exe
  C:\Windows\System\MmeZkMk.exe
  2⤵
  PID:9808
- C:\Windows\System\QevcZmn.exe
  C:\Windows\System\QevcZmn.exe
  2⤵
  PID:9896
- C:\Windows\System\JtPSugP.exe
  C:\Windows\System\JtPSugP.exe
  2⤵
  PID:10000
- C:\Windows\System\NzuyiDh.exe
  C:\Windows\System\NzuyiDh.exe
  2⤵
  PID:4400
- C:\Windows\System\SkSpnaZ.exe
  C:\Windows\System\SkSpnaZ.exe
  2⤵
  PID:10168
- C:\Windows\System\whUSNji.exe
  C:\Windows\System\whUSNji.exe
  2⤵
  PID:3488
- C:\Windows\System\XIzkKhs.exe
  C:\Windows\System\XIzkKhs.exe
  2⤵
  PID:4432
- C:\Windows\System\jucAQaE.exe
  C:\Windows\System\jucAQaE.exe
  2⤵
  PID:2248
- C:\Windows\System\RssJPgy.exe
  C:\Windows\System\RssJPgy.exe
  2⤵
  PID:4276
- C:\Windows\System\houNYYy.exe
  C:\Windows\System\houNYYy.exe
  2⤵
  PID:1364
- C:\Windows\System\oXDPUtE.exe
  C:\Windows\System\oXDPUtE.exe
  2⤵
  PID:4524
- C:\Windows\System\ODpfOJe.exe
  C:\Windows\System\ODpfOJe.exe
  2⤵
  PID:10260
- C:\Windows\System\oqSwhgy.exe
  C:\Windows\System\oqSwhgy.exe
  2⤵
  PID:10292
- C:\Windows\System\hvFQiTB.exe
  C:\Windows\System\hvFQiTB.exe
  2⤵
  PID:10308
- C:\Windows\System\GMODkRT.exe
  C:\Windows\System\GMODkRT.exe
  2⤵
  PID:10352
- C:\Windows\System\gCwJfzC.exe
  C:\Windows\System\gCwJfzC.exe
  2⤵
  PID:10396
- C:\Windows\System\ojPyCzH.exe
  C:\Windows\System\ojPyCzH.exe
  2⤵
  PID:10424
- C:\Windows\System\lUYTIOf.exe
  C:\Windows\System\lUYTIOf.exe
  2⤵
  PID:10464
- C:\Windows\System\VzKQbgy.exe
  C:\Windows\System\VzKQbgy.exe
  2⤵
  PID:10480
- C:\Windows\System\wcGZqrC.exe
  C:\Windows\System\wcGZqrC.exe
  2⤵
  PID:10512
- C:\Windows\System\dJdItDI.exe
  C:\Windows\System\dJdItDI.exe
  2⤵
  PID:10540
- C:\Windows\System\uDvlOuO.exe
  C:\Windows\System\uDvlOuO.exe
  2⤵
  PID:10568
- C:\Windows\System\WAXvomW.exe
  C:\Windows\System\WAXvomW.exe
  2⤵
  PID:10600
- C:\Windows\System\oytvbes.exe
  C:\Windows\System\oytvbes.exe
  2⤵
  PID:10628
- C:\Windows\System\fGQerqS.exe
  C:\Windows\System\fGQerqS.exe
  2⤵
  PID:10656
- C:\Windows\System\PtUEsDD.exe
  C:\Windows\System\PtUEsDD.exe
  2⤵
  PID:10684
- C:\Windows\System\DKmVKsj.exe
  C:\Windows\System\DKmVKsj.exe
  2⤵
  PID:10712
- C:\Windows\System\WHVWePU.exe
  C:\Windows\System\WHVWePU.exe
  2⤵
  PID:10740
- C:\Windows\System\CJucgAB.exe
  C:\Windows\System\CJucgAB.exe
  2⤵
  PID:10772
- C:\Windows\System\SBDkbHe.exe
  C:\Windows\System\SBDkbHe.exe
  2⤵
  PID:10800
- C:\Windows\System\YVgZtzm.exe
  C:\Windows\System\YVgZtzm.exe
  2⤵
  PID:10828
- C:\Windows\System\kqNXGWb.exe
  C:\Windows\System\kqNXGWb.exe
  2⤵
  PID:10856
- C:\Windows\System\Kyrasdq.exe
  C:\Windows\System\Kyrasdq.exe
  2⤵
  PID:10884
- C:\Windows\System\bXaVUVF.exe
  C:\Windows\System\bXaVUVF.exe
  2⤵
  PID:10912
- C:\Windows\System\tiODxgI.exe
  C:\Windows\System\tiODxgI.exe
  2⤵
  PID:10944
- C:\Windows\System\kIpTjcT.exe
  C:\Windows\System\kIpTjcT.exe
  2⤵
  PID:10972
- C:\Windows\System\fOsVawA.exe
  C:\Windows\System\fOsVawA.exe
  2⤵
  PID:11000
- C:\Windows\System\VYZfuKj.exe
  C:\Windows\System\VYZfuKj.exe
  2⤵
  PID:11028
- C:\Windows\System\YcdmTju.exe
  C:\Windows\System\YcdmTju.exe
  2⤵
  PID:11060
- C:\Windows\System\vwtGefl.exe
  C:\Windows\System\vwtGefl.exe
  2⤵
  PID:11100
- C:\Windows\System\rIMnCSI.exe
  C:\Windows\System\rIMnCSI.exe
  2⤵
  PID:11144
- C:\Windows\System\iTPtQMg.exe
  C:\Windows\System\iTPtQMg.exe
  2⤵
  PID:11160
- C:\Windows\System\YMtbYrA.exe
  C:\Windows\System\YMtbYrA.exe
  2⤵
  PID:11188
- C:\Windows\System\COMGRme.exe
  C:\Windows\System\COMGRme.exe
  2⤵
  PID:11216
- C:\Windows\System\hQVXOpI.exe
  C:\Windows\System\hQVXOpI.exe
  2⤵
  PID:11248
- C:\Windows\System\esCxLCv.exe
  C:\Windows\System\esCxLCv.exe
  2⤵
  PID:10252
- C:\Windows\System\WaMbBgD.exe
  C:\Windows\System\WaMbBgD.exe
  2⤵
  PID:10304
- C:\Windows\System\MViMsqB.exe
  C:\Windows\System\MViMsqB.exe
  2⤵
  PID:10408
- C:\Windows\System\bVayLAU.exe
  C:\Windows\System\bVayLAU.exe
  2⤵
  PID:10504
- C:\Windows\System\LOFpGZJ.exe
  C:\Windows\System\LOFpGZJ.exe
  2⤵
  PID:10536
- C:\Windows\System\NTriOZd.exe
  C:\Windows\System\NTriOZd.exe
  2⤵
  PID:10624
- C:\Windows\System\bGVaKak.exe
  C:\Windows\System\bGVaKak.exe
  2⤵
  PID:10736
- C:\Windows\System\kOoOehA.exe
  C:\Windows\System\kOoOehA.exe
  2⤵
  PID:10792
- C:\Windows\System\FekfdLI.exe
  C:\Windows\System\FekfdLI.exe
  2⤵
  PID:10852
- C:\Windows\System\VEesJhi.exe
  C:\Windows\System\VEesJhi.exe
  2⤵
  PID:10924
- C:\Windows\System\roaivxC.exe
  C:\Windows\System\roaivxC.exe
  2⤵
  PID:10964
- C:\Windows\System\NRGgKhL.exe
  C:\Windows\System\NRGgKhL.exe
  2⤵
  PID:11024
- C:\Windows\System\IrPiiEN.exe
  C:\Windows\System\IrPiiEN.exe
  2⤵
  PID:3840
- C:\Windows\System\PGQIVbE.exe
  C:\Windows\System\PGQIVbE.exe
  2⤵
  PID:5904
- C:\Windows\System\hWuhDMm.exe
  C:\Windows\System\hWuhDMm.exe
  2⤵
  PID:11048
- C:\Windows\System\DNPkAZe.exe
  C:\Windows\System\DNPkAZe.exe
  2⤵
  PID:6008
- C:\Windows\System\YWFBLXC.exe
  C:\Windows\System\YWFBLXC.exe
  2⤵
  PID:11204
- C:\Windows\System\OqryHzN.exe
  C:\Windows\System\OqryHzN.exe
  2⤵
  PID:11240
- C:\Windows\System\bozZWiT.exe
  C:\Windows\System\bozZWiT.exe
  2⤵
  PID:10392
- C:\Windows\System\UNynLRO.exe
  C:\Windows\System\UNynLRO.exe
  2⤵
  PID:4088
- C:\Windows\System\jmVTULR.exe
  C:\Windows\System\jmVTULR.exe
  2⤵
  PID:10588
- C:\Windows\System\mAyNiaz.exe
  C:\Windows\System\mAyNiaz.exe
  2⤵
  PID:5352
- C:\Windows\System\QPAIPOe.exe
  C:\Windows\System\QPAIPOe.exe
  2⤵
  PID:10840
- C:\Windows\System\XbQnYiy.exe
  C:\Windows\System\XbQnYiy.exe
  2⤵
  PID:5776
- C:\Windows\System\CuAcxVZ.exe
  C:\Windows\System\CuAcxVZ.exe
  2⤵
  PID:11088
- C:\Windows\System\NkhLeKw.exe
  C:\Windows\System\NkhLeKw.exe
  2⤵
  PID:5968
- C:\Windows\System\ermzdpR.exe
  C:\Windows\System\ermzdpR.exe
  2⤵
  PID:11152
- C:\Windows\System\IqSNoDL.exe
  C:\Windows\System\IqSNoDL.exe
  2⤵
  PID:11236
- C:\Windows\System\JkrQjCw.exe
  C:\Windows\System\JkrQjCw.exe
  2⤵
  PID:9212
- C:\Windows\System\EwoWmzU.exe
  C:\Windows\System\EwoWmzU.exe
  2⤵
  PID:9084
- C:\Windows\System\wfHChLg.exe
  C:\Windows\System\wfHChLg.exe
  2⤵
  PID:1612
- C:\Windows\System\EsUlodc.exe
  C:\Windows\System\EsUlodc.exe
  2⤵
  PID:5316
- C:\Windows\System\qgkhCLE.exe
  C:\Windows\System\qgkhCLE.exe
  2⤵
  PID:10904
- C:\Windows\System\fPhRVVR.exe
  C:\Windows\System\fPhRVVR.exe
  2⤵
  PID:11056
- C:\Windows\System\XypKzgo.exe
  C:\Windows\System\XypKzgo.exe
  2⤵
  PID:3232
- C:\Windows\System\UQpAvvN.exe
  C:\Windows\System\UQpAvvN.exe
  2⤵
  PID:9096
- C:\Windows\System\tSZdzlD.exe
  C:\Windows\System\tSZdzlD.exe
  2⤵
  PID:6148
- C:\Windows\System\BlimMGG.exe
  C:\Windows\System\BlimMGG.exe
  2⤵
  PID:4516
- C:\Windows\System\xHwEnap.exe
  C:\Windows\System\xHwEnap.exe
  2⤵
  PID:10820
- C:\Windows\System\TEKfGeD.exe
  C:\Windows\System\TEKfGeD.exe
  2⤵
  PID:8744
- C:\Windows\System\DqsnMuV.exe
  C:\Windows\System\DqsnMuV.exe
  2⤵
  PID:2468
- C:\Windows\System\lmporcc.exe
  C:\Windows\System\lmporcc.exe
  2⤵
  PID:6380
- C:\Windows\System\iaVuKUJ.exe
  C:\Windows\System\iaVuKUJ.exe
  2⤵
  PID:1844
- C:\Windows\System\gNjcliy.exe
  C:\Windows\System\gNjcliy.exe
  2⤵
  PID:4552
- C:\Windows\System\gtPZGOW.exe
  C:\Windows\System\gtPZGOW.exe
  2⤵
  PID:6556
- C:\Windows\System\giOoYyw.exe
  C:\Windows\System\giOoYyw.exe
  2⤵
  PID:10384
- C:\Windows\System\TDpemtN.exe
  C:\Windows\System\TDpemtN.exe
  2⤵
  PID:6640
- C:\Windows\System\ztORivA.exe
  C:\Windows\System\ztORivA.exe
  2⤵
  PID:2808
- C:\Windows\System\qcSXfwR.exe
  C:\Windows\System\qcSXfwR.exe
  2⤵
  PID:6528
- C:\Windows\System\rnnvbPf.exe
  C:\Windows\System\rnnvbPf.exe
  2⤵
  PID:5736
- C:\Windows\System\naVwuGm.exe
  C:\Windows\System\naVwuGm.exe
  2⤵
  PID:6808
- C:\Windows\System\DjsAFVO.exe
  C:\Windows\System\DjsAFVO.exe
  2⤵
  PID:6876
- C:\Windows\System\tcsEYrg.exe
  C:\Windows\System\tcsEYrg.exe
  2⤵
  PID:6260
- C:\Windows\System\CzGKPGa.exe
  C:\Windows\System\CzGKPGa.exe
  2⤵
  PID:220
- C:\Windows\System\dgifOIm.exe
  C:\Windows\System\dgifOIm.exe
  2⤵
  PID:6392
- C:\Windows\System\dlQquAH.exe
  C:\Windows\System\dlQquAH.exe
  2⤵
  PID:1792
- C:\Windows\System\jbFCEbk.exe
  C:\Windows\System\jbFCEbk.exe
  2⤵
  PID:6780
- C:\Windows\System\dKLhvBz.exe
  C:\Windows\System\dKLhvBz.exe
  2⤵
  PID:6932
- C:\Windows\System\TEQLwhh.exe
  C:\Windows\System\TEQLwhh.exe
  2⤵
  PID:8972
- C:\Windows\System\USqRPqq.exe
  C:\Windows\System\USqRPqq.exe
  2⤵
  PID:5896
- C:\Windows\System\RaWVqKN.exe
  C:\Windows\System\RaWVqKN.exe
  2⤵
  PID:4604
- C:\Windows\System\ziFlWng.exe
  C:\Windows\System\ziFlWng.exe
  2⤵
  PID:3728
- C:\Windows\System\zcqlEuw.exe
  C:\Windows\System\zcqlEuw.exe
  2⤵
  PID:4460
- C:\Windows\System\ErHIyYT.exe
  C:\Windows\System\ErHIyYT.exe
  2⤵
  PID:2704
- C:\Windows\System\qWsRqnK.exe
  C:\Windows\System\qWsRqnK.exe
  2⤵
  PID:2252
- C:\Windows\System\FxdvdZg.exe
  C:\Windows\System\FxdvdZg.exe
  2⤵
  PID:11268
- C:\Windows\System\xeuskQH.exe
  C:\Windows\System\xeuskQH.exe
  2⤵
  PID:11288
- C:\Windows\System\PIFQVXI.exe
  C:\Windows\System\PIFQVXI.exe
  2⤵
  PID:11316
- C:\Windows\System\ySPfJeN.exe
  C:\Windows\System\ySPfJeN.exe
  2⤵
  PID:11344
- C:\Windows\System\uuYdJCc.exe
  C:\Windows\System\uuYdJCc.exe
  2⤵
  PID:11372
- C:\Windows\System\dExuRKe.exe
  C:\Windows\System\dExuRKe.exe
  2⤵
  PID:11400
- C:\Windows\System\ccEeCBb.exe
  C:\Windows\System\ccEeCBb.exe
  2⤵
  PID:11428
- C:\Windows\System\ynKGImS.exe
  C:\Windows\System\ynKGImS.exe
  2⤵
  PID:11456
- C:\Windows\System\TvzdcqY.exe
  C:\Windows\System\TvzdcqY.exe
  2⤵
  PID:11484
- C:\Windows\System\lrOufuy.exe
  C:\Windows\System\lrOufuy.exe
  2⤵
  PID:11512
- C:\Windows\System\ZlkxwbP.exe
  C:\Windows\System\ZlkxwbP.exe
  2⤵
  PID:11544
- C:\Windows\System\aCQovnz.exe
  C:\Windows\System\aCQovnz.exe
  2⤵
  PID:11572
- C:\Windows\System\aaDWenC.exe
  C:\Windows\System\aaDWenC.exe
  2⤵
  PID:11600
- C:\Windows\System\ZkZNLYs.exe
  C:\Windows\System\ZkZNLYs.exe
  2⤵
  PID:11628
- C:\Windows\System\vOIALab.exe
  C:\Windows\System\vOIALab.exe
  2⤵
  PID:11656
- C:\Windows\System\ytTfCWF.exe
  C:\Windows\System\ytTfCWF.exe
  2⤵
  PID:11684
- C:\Windows\System\HHcFkos.exe
  C:\Windows\System\HHcFkos.exe
  2⤵
  PID:11712
- C:\Windows\System\RUDhxnP.exe
  C:\Windows\System\RUDhxnP.exe
  2⤵
  PID:11740
- C:\Windows\System\hdxKCYw.exe
  C:\Windows\System\hdxKCYw.exe
  2⤵
  PID:11768
- C:\Windows\System\RJvlcgF.exe
  C:\Windows\System\RJvlcgF.exe
  2⤵
  PID:11796
- C:\Windows\System\ZseaBgU.exe
  C:\Windows\System\ZseaBgU.exe
  2⤵
  PID:11820
- C:\Windows\System\iiPSFTM.exe
  C:\Windows\System\iiPSFTM.exe
  2⤵
  PID:11840
- C:\Windows\System\DedFOOl.exe
  C:\Windows\System\DedFOOl.exe
  2⤵
  PID:11868
- C:\Windows\System\sEpoldN.exe
  C:\Windows\System\sEpoldN.exe
  2⤵
  PID:11908
- C:\Windows\System\iowtime.exe
  C:\Windows\System\iowtime.exe
  2⤵
  PID:11940
- C:\Windows\System\RmiQFPj.exe
  C:\Windows\System\RmiQFPj.exe
  2⤵
  PID:11968
- C:\Windows\System\UNvSwMh.exe
  C:\Windows\System\UNvSwMh.exe
  2⤵
  PID:11996
- C:\Windows\System\RioyFgI.exe
  C:\Windows\System\RioyFgI.exe
  2⤵
  PID:12012
- C:\Windows\System\CuTHwVY.exe
  C:\Windows\System\CuTHwVY.exe
  2⤵
  PID:12040
- C:\Windows\System\IGSEohb.exe
  C:\Windows\System\IGSEohb.exe
  2⤵
  PID:12080
- C:\Windows\System\zBifhyA.exe
  C:\Windows\System\zBifhyA.exe
  2⤵
  PID:12108
- C:\Windows\System\VbFEgaA.exe
  C:\Windows\System\VbFEgaA.exe
  2⤵
  PID:12140
- C:\Windows\System\blDrwrZ.exe
  C:\Windows\System\blDrwrZ.exe
  2⤵
  PID:12168
- C:\Windows\System\nohxTHL.exe
  C:\Windows\System\nohxTHL.exe
  2⤵
  PID:12196
- C:\Windows\System\EZBawpr.exe
  C:\Windows\System\EZBawpr.exe
  2⤵
  PID:12224
- C:\Windows\System\MqSfuYt.exe
  C:\Windows\System\MqSfuYt.exe
  2⤵
  PID:12252
- C:\Windows\System\jXAuNij.exe
  C:\Windows\System\jXAuNij.exe
  2⤵
  PID:12280
- C:\Windows\System\xVzVZFW.exe
  C:\Windows\System\xVzVZFW.exe
  2⤵
  PID:2116
- C:\Windows\System\RxgZZSE.exe
  C:\Windows\System\RxgZZSE.exe
  2⤵
  PID:4724
- C:\Windows\System\IWovFlZ.exe
  C:\Windows\System\IWovFlZ.exe
  2⤵
  PID:11368
- C:\Windows\System\zrSGyTH.exe
  C:\Windows\System\zrSGyTH.exe
  2⤵
  PID:4292
- C:\Windows\System\ZfqfrIr.exe
  C:\Windows\System\ZfqfrIr.exe
  2⤵
  PID:11476
- C:\Windows\System\GREgCYj.exe
  C:\Windows\System\GREgCYj.exe
  2⤵
  PID:2120
- C:\Windows\System\PDulhdr.exe
  C:\Windows\System\PDulhdr.exe
  2⤵
  PID:11564
- C:\Windows\System\iXTawjZ.exe
  C:\Windows\System\iXTawjZ.exe
  2⤵
  PID:3000
- C:\Windows\System\OawlTwY.exe
  C:\Windows\System\OawlTwY.exe
  2⤵
  PID:4152
- C:\Windows\System\HffhOiq.exe
  C:\Windows\System\HffhOiq.exe
  2⤵
  PID:11708
- C:\Windows\System\TfgRCtH.exe
  C:\Windows\System\TfgRCtH.exe
  2⤵
  PID:11752
- C:\Windows\System\JfWBqkl.exe
  C:\Windows\System\JfWBqkl.exe
  2⤵
  PID:11788
- C:\Windows\System\vOfYkFK.exe
  C:\Windows\System\vOfYkFK.exe
  2⤵
  PID:11860
- C:\Windows\System\IhIkZjL.exe
  C:\Windows\System\IhIkZjL.exe
  2⤵
  PID:11896
- C:\Windows\System\vtCaBLV.exe
  C:\Windows\System\vtCaBLV.exe
  2⤵
  PID:5148
- C:\Windows\System\RanUbLt.exe
  C:\Windows\System\RanUbLt.exe
  2⤵
  PID:11992
- C:\Windows\System\pOGPKoQ.exe
  C:\Windows\System\pOGPKoQ.exe
  2⤵
  PID:5240
- C:\Windows\System\ryHqitV.exe
  C:\Windows\System\ryHqitV.exe
  2⤵
  PID:11532
- C:\Windows\System\iQojoWe.exe
  C:\Windows\System\iQojoWe.exe
  2⤵
  PID:12092
- C:\Windows\System\GiiksVW.exe
  C:\Windows\System\GiiksVW.exe
  2⤵
  PID:12136
- C:\Windows\System\XNhtOvA.exe
  C:\Windows\System\XNhtOvA.exe
  2⤵
  PID:12188
- C:\Windows\System\nVNOncL.exe
  C:\Windows\System\nVNOncL.exe
  2⤵
  PID:12236
- C:\Windows\System\uTepCpd.exe
  C:\Windows\System\uTepCpd.exe
  2⤵
  PID:12276
- C:\Windows\System\kIPFnlh.exe
  C:\Windows\System\kIPFnlh.exe
  2⤵
  PID:5448
- C:\Windows\System\nghDMXx.exe
  C:\Windows\System\nghDMXx.exe
  2⤵
  PID:5484
- C:\Windows\System\XGsdfsp.exe
  C:\Windows\System\XGsdfsp.exe
  2⤵
  PID:11468
- C:\Windows\System\LVjXcfS.exe
  C:\Windows\System\LVjXcfS.exe
  2⤵
  PID:5532
- C:\Windows\System\HChrvzj.exe
  C:\Windows\System\HChrvzj.exe
  2⤵
  PID:5560
- C:\Windows\System\gkhZHEu.exe
  C:\Windows\System\gkhZHEu.exe
  2⤵
  PID:5588
- C:\Windows\System\rIyzrcJ.exe
  C:\Windows\System\rIyzrcJ.exe
  2⤵
  PID:5616
- C:\Windows\System\JgMQlPY.exe
  C:\Windows\System\JgMQlPY.exe
  2⤵
  PID:11832
- C:\Windows\System\sPDWIVb.exe
  C:\Windows\System\sPDWIVb.exe
  2⤵
  PID:11916
- C:\Windows\System\fFSmSFq.exe
  C:\Windows\System\fFSmSFq.exe
  2⤵
  PID:5196
- C:\Windows\System\HcvOXJT.exe
  C:\Windows\System\HcvOXJT.exe
  2⤵
  PID:5768
- C:\Windows\System\VuSyKcf.exe
  C:\Windows\System\VuSyKcf.exe
  2⤵
  PID:5280
- C:\Windows\System\xZpDFTJ.exe
  C:\Windows\System\xZpDFTJ.exe
  2⤵
  PID:12164
- C:\Windows\System\pqtHGma.exe
  C:\Windows\System\pqtHGma.exe
  2⤵
  PID:12264
- C:\Windows\System\VJYsFnk.exe
  C:\Windows\System\VJYsFnk.exe
  2⤵
  PID:4360
- C:\Windows\System\XoBypfD.exe
  C:\Windows\System\XoBypfD.exe
  2⤵
  PID:11508
- C:\Windows\System\nMPSOxb.exe
  C:\Windows\System\nMPSOxb.exe
  2⤵
  PID:5632
- C:\Windows\System\ksxcBZR.exe
  C:\Windows\System\ksxcBZR.exe
  2⤵
  PID:5688
- C:\Windows\System\fqJAjEW.exe
  C:\Windows\System\fqJAjEW.exe
  2⤵
  PID:6024
- C:\Windows\System\BBcQxAk.exe
  C:\Windows\System\BBcQxAk.exe
  2⤵
  PID:6716
- C:\Windows\System\erplylV.exe
  C:\Windows\System\erplylV.exe
  2⤵
  PID:5824
- C:\Windows\System\kpATLvK.exe
  C:\Windows\System\kpATLvK.exe
  2⤵
  PID:11308
- C:\Windows\System\vlNbryu.exe
  C:\Windows\System\vlNbryu.exe
  2⤵
  PID:11592
- C:\Windows\System\LPyTxlE.exe
  C:\Windows\System\LPyTxlE.exe
  2⤵
  PID:7280
- C:\Windows\System\sxRkfsp.exe
  C:\Windows\System\sxRkfsp.exe
  2⤵
  PID:6044
- C:\Windows\System\oIVnUEJ.exe
  C:\Windows\System\oIVnUEJ.exe
  2⤵
  PID:5876
- C:\Windows\System\GDnjVjy.exe
  C:\Windows\System\GDnjVjy.exe
  2⤵
  PID:5156
- C:\Windows\System\EGdyTMU.exe
  C:\Windows\System\EGdyTMU.exe
  2⤵
  PID:12052
- C:\Windows\System\OFaggIz.exe
  C:\Windows\System\OFaggIz.exe
  2⤵
  PID:5652
- C:\Windows\System\uhgLkQt.exe
  C:\Windows\System\uhgLkQt.exe
  2⤵
  PID:7992
- C:\Windows\System\xghpkPC.exe
  C:\Windows\System\xghpkPC.exe
  2⤵
  PID:8008
- C:\Windows\System\YmCQnTf.exe
  C:\Windows\System\YmCQnTf.exe
  2⤵
  PID:12304
- C:\Windows\System\VkVWVJx.exe
  C:\Windows\System\VkVWVJx.exe
  2⤵
  PID:12352
- C:\Windows\System\McQexcx.exe
  C:\Windows\System\McQexcx.exe
  2⤵
  PID:12380
- C:\Windows\System\dNDsWEv.exe
  C:\Windows\System\dNDsWEv.exe
  2⤵
  PID:12424
- C:\Windows\System\gtwhFPI.exe
  C:\Windows\System\gtwhFPI.exe
  2⤵
  PID:12464
- C:\Windows\System\TxOZlNe.exe
  C:\Windows\System\TxOZlNe.exe
  2⤵
  PID:12496
- C:\Windows\System\wOWVhcp.exe
  C:\Windows\System\wOWVhcp.exe
  2⤵
  PID:12540
- C:\Windows\System\hzbXfZN.exe
  C:\Windows\System\hzbXfZN.exe
  2⤵
  PID:12560
- C:\Windows\System\aScknkt.exe
  C:\Windows\System\aScknkt.exe
  2⤵
  PID:12592
- C:\Windows\System\ZepzBsY.exe
  C:\Windows\System\ZepzBsY.exe
  2⤵
  PID:12620
- C:\Windows\System\AVCPEiV.exe
  C:\Windows\System\AVCPEiV.exe
  2⤵
  PID:12648
- C:\Windows\System\GUNWYek.exe
  C:\Windows\System\GUNWYek.exe
  2⤵
  PID:12680
- C:\Windows\System\vbpcpWI.exe
  C:\Windows\System\vbpcpWI.exe
  2⤵
  PID:12708
- C:\Windows\System\YfAzLfV.exe
  C:\Windows\System\YfAzLfV.exe
  2⤵
  PID:12736
- C:\Windows\System\JsKpggJ.exe
  C:\Windows\System\JsKpggJ.exe
  2⤵
  PID:12764
- C:\Windows\System\GlbJPuH.exe
  C:\Windows\System\GlbJPuH.exe
  2⤵
  PID:12792
- C:\Windows\System\GBdpFNy.exe
  C:\Windows\System\GBdpFNy.exe
  2⤵
  PID:12820
- C:\Windows\System\ZojlkjX.exe
  C:\Windows\System\ZojlkjX.exe
  2⤵
  PID:12848
- C:\Windows\System\ZbXVJwB.exe
  C:\Windows\System\ZbXVJwB.exe
  2⤵
  PID:12876
- C:\Windows\System\uFgFLiX.exe
  C:\Windows\System\uFgFLiX.exe
  2⤵
  PID:12904
- C:\Windows\System\dHfskHO.exe
  C:\Windows\System\dHfskHO.exe
  2⤵
  PID:12932
- C:\Windows\System\WOJuipV.exe
  C:\Windows\System\WOJuipV.exe
  2⤵
  PID:12960
- C:\Windows\System\RfEstKh.exe
  C:\Windows\System\RfEstKh.exe
  2⤵
  PID:12988
- C:\Windows\System\jDViQxv.exe
  C:\Windows\System\jDViQxv.exe
  2⤵
  PID:13016
- C:\Windows\System\kchoOjl.exe
  C:\Windows\System\kchoOjl.exe
  2⤵
  PID:13044
- C:\Windows\System\pprjfOw.exe
  C:\Windows\System\pprjfOw.exe
  2⤵
  PID:13072
- C:\Windows\System\Ybfugxk.exe
  C:\Windows\System\Ybfugxk.exe
  2⤵
  PID:13100
- C:\Windows\System\EHfRgue.exe
  C:\Windows\System\EHfRgue.exe
  2⤵
  PID:13128
- C:\Windows\System\GgFCUIH.exe
  C:\Windows\System\GgFCUIH.exe
  2⤵
  PID:13156
- C:\Windows\System\uJBamYP.exe
  C:\Windows\System\uJBamYP.exe
  2⤵
  PID:13188
- C:\Windows\System\IyYQSCI.exe
  C:\Windows\System\IyYQSCI.exe
  2⤵
  PID:13216
- C:\Windows\System\ytrvDtJ.exe
  C:\Windows\System\ytrvDtJ.exe
  2⤵
  PID:13244
- C:\Windows\System\XfpJbgu.exe
  C:\Windows\System\XfpJbgu.exe
  2⤵
  PID:13272
- C:\Windows\System\JXwKkvN.exe
  C:\Windows\System\JXwKkvN.exe
  2⤵
  PID:13300
- C:\Windows\System\rbzZChL.exe
  C:\Windows\System\rbzZChL.exe
  2⤵
  PID:2456
- C:\Windows\System\JPuOJcw.exe
  C:\Windows\System\JPuOJcw.exe
  2⤵
  PID:5572
- C:\Windows\System\dMBORmS.exe
  C:\Windows\System\dMBORmS.exe
  2⤵
  PID:12332
- C:\Windows\System\MWHWWeI.exe
  C:\Windows\System\MWHWWeI.exe
  2⤵
  PID:12320
- C:\Windows\System\wyexBfJ.exe
  C:\Windows\System\wyexBfJ.exe
  2⤵
  PID:12516
- C:\Windows\System\SolFQEZ.exe
  C:\Windows\System\SolFQEZ.exe
  2⤵
  PID:12552
- C:\Windows\System\zoyhWCd.exe
  C:\Windows\System\zoyhWCd.exe
  2⤵
  PID:12408
- C:\Windows\System\TYxdhbO.exe
  C:\Windows\System\TYxdhbO.exe
  2⤵
  PID:5852
- C:\Windows\System\IValkmw.exe
  C:\Windows\System\IValkmw.exe
  2⤵
  PID:12644
- C:\Windows\System\OnfqtNq.exe
  C:\Windows\System\OnfqtNq.exe
  2⤵
  PID:12668
- C:\Windows\System\IZFIgdl.exe
  C:\Windows\System\IZFIgdl.exe
  2⤵
  PID:12732
- C:\Windows\System\ZKjAaNk.exe
  C:\Windows\System\ZKjAaNk.exe
  2⤵
  PID:6132
- C:\Windows\System\KpqDxdN.exe
  C:\Windows\System\KpqDxdN.exe
  2⤵
  PID:12832
- C:\Windows\System\jaOYVNt.exe
  C:\Windows\System\jaOYVNt.exe
  2⤵
  PID:12872
- C:\Windows\System\fVmQgMZ.exe
  C:\Windows\System\fVmQgMZ.exe
  2⤵
  PID:12944
- C:\Windows\System\QpCgpqd.exe
  C:\Windows\System\QpCgpqd.exe
  2⤵
  PID:12984
- C:\Windows\System\GfELnvP.exe
  C:\Windows\System\GfELnvP.exe
  2⤵
  PID:5060
- C:\Windows\System\REeUFeH.exe
  C:\Windows\System\REeUFeH.exe
  2⤵
  PID:13064
- C:\Windows\System\BpCKTIa.exe
  C:\Windows\System\BpCKTIa.exe
  2⤵
  PID:13124
- C:\Windows\System\hdKEUKx.exe
  C:\Windows\System\hdKEUKx.exe
  2⤵
  PID:13208
- C:\Windows\System\oyffUFi.exe
  C:\Windows\System\oyffUFi.exe
  2⤵
  PID:13240
- C:\Windows\System\nVcqMDR.exe
  C:\Windows\System\nVcqMDR.exe
  2⤵
  PID:13296
- C:\Windows\System\zjUVMUE.exe
  C:\Windows\System\zjUVMUE.exe
  2⤵
  PID:5568
- C:\Windows\System\cyiUYue.exe
  C:\Windows\System\cyiUYue.exe
  2⤵
  PID:12476
- C:\Windows\System\IYMdAJE.exe
  C:\Windows\System\IYMdAJE.exe
  2⤵
  PID:6244
- C:\Windows\System\ECEpZll.exe
  C:\Windows\System\ECEpZll.exe
  2⤵
  PID:12548
- C:\Windows\System\VqTNINQ.exe
  C:\Windows\System\VqTNINQ.exe
  2⤵
  PID:12640
- C:\Windows\System\RuxCLqx.exe
  C:\Windows\System\RuxCLqx.exe
  2⤵
  PID:5980
- C:\Windows\System\gBRwybv.exe
  C:\Windows\System\gBRwybv.exe
  2⤵
  PID:6360
- C:\Windows\System\nUidDKk.exe
  C:\Windows\System\nUidDKk.exe
  2⤵
  PID:12868
- C:\Windows\System\CevlqHn.exe
  C:\Windows\System\CevlqHn.exe
  2⤵
  PID:12980
- C:\Windows\System\wTsKRrS.exe
  C:\Windows\System\wTsKRrS.exe
  2⤵
  PID:6452
- C:\Windows\System\PozAHAg.exe
  C:\Windows\System\PozAHAg.exe
  2⤵
  PID:5928
- C:\Windows\System\PPZkRTE.exe
  C:\Windows\System\PPZkRTE.exe
  2⤵
  PID:13292
- C:\Windows\System\NpdHCjs.exe
  C:\Windows\System\NpdHCjs.exe
  2⤵
  PID:12448
- C:\Windows\System\JgiyewO.exe
  C:\Windows\System\JgiyewO.exe
  2⤵
  PID:12404
- C:\Windows\System\jMezfho.exe
  C:\Windows\System\jMezfho.exe
  2⤵
  PID:4908
- C:\Windows\System\wSjdZJI.exe
  C:\Windows\System\wSjdZJI.exe
  2⤵
  PID:2776
- C:\Windows\System\HcCkggv.exe
  C:\Windows\System\HcCkggv.exe
  2⤵
  PID:13112
- C:\Windows\System\hFXakxg.exe
  C:\Windows\System\hFXakxg.exe
  2⤵
  PID:6704
- C:\Windows\System\ewEoUaj.exe
  C:\Windows\System\ewEoUaj.exe
  2⤵
  PID:5732
- C:\Windows\System\OvfYtbi.exe
  C:\Windows\System\OvfYtbi.exe
  2⤵
  PID:4828
- C:\Windows\System\HAlDUyE.exe
  C:\Windows\System\HAlDUyE.exe
  2⤵
  PID:13148
- C:\Windows\System\AJCEpHJ.exe
  C:\Windows\System\AJCEpHJ.exe
  2⤵
  PID:8272
- C:\Windows\System\GWspAJL.exe
  C:\Windows\System\GWspAJL.exe
  2⤵
  PID:1540
- C:\Windows\System\KOsASug.exe
  C:\Windows\System\KOsASug.exe
  2⤵
  PID:13328
- C:\Windows\System\YpdInmb.exe
  C:\Windows\System\YpdInmb.exe
  2⤵
  PID:13348
- C:\Windows\System\NLVNHBx.exe
  C:\Windows\System\NLVNHBx.exe
  2⤵
  PID:13384
- C:\Windows\System\rvffMYV.exe
  C:\Windows\System\rvffMYV.exe
  2⤵
  PID:13408
- C:\Windows\System\AQpBxHR.exe
  C:\Windows\System\AQpBxHR.exe
  2⤵
  PID:13432
- C:\Windows\System\wsJpxBd.exe
  C:\Windows\System\wsJpxBd.exe
  2⤵
  PID:13460
- C:\Windows\System\rIUDIfc.exe
  C:\Windows\System\rIUDIfc.exe
  2⤵
  PID:13488
- C:\Windows\System\AVmrqml.exe
  C:\Windows\System\AVmrqml.exe
  2⤵
  PID:13516
- C:\Windows\System\LmlOmFs.exe
  C:\Windows\System\LmlOmFs.exe
  2⤵
  PID:13544
- C:\Windows\System\kFXOFDG.exe
  C:\Windows\System\kFXOFDG.exe
  2⤵
  PID:13584
- C:\Windows\System\ioNTGIf.exe
  C:\Windows\System\ioNTGIf.exe
  2⤵
  PID:13612
- C:\Windows\System\WXkpCjF.exe
  C:\Windows\System\WXkpCjF.exe
  2⤵
  PID:13640
- C:\Windows\System\TODFLsE.exe
  C:\Windows\System\TODFLsE.exe
  2⤵
  PID:13684
- C:\Windows\System\AKwKXdR.exe
  C:\Windows\System\AKwKXdR.exe
  2⤵
  PID:13708
- C:\Windows\System\cjUPBJb.exe
  C:\Windows\System\cjUPBJb.exe
  2⤵
  PID:13732
- C:\Windows\System\zsWSWBE.exe
  C:\Windows\System\zsWSWBE.exe
  2⤵
  PID:13756
- C:\Windows\System\rtmLFZT.exe
  C:\Windows\System\rtmLFZT.exe
  2⤵
  PID:13784
- C:\Windows\System\qqYAlIK.exe
  C:\Windows\System\qqYAlIK.exe
  2⤵
  PID:13812
- C:\Windows\System\LqqpPTK.exe
  C:\Windows\System\LqqpPTK.exe
  2⤵
  PID:13848
- C:\Windows\System\ipKDsTs.exe
  C:\Windows\System\ipKDsTs.exe
  2⤵
  PID:13884
- C:\Windows\System\WmAHpJy.exe
  C:\Windows\System\WmAHpJy.exe
  2⤵
  PID:13900
- C:\Windows\System\EIanhfq.exe
  C:\Windows\System\EIanhfq.exe
  2⤵
  PID:13928
- C:\Windows\System\AoIZxpT.exe
  C:\Windows\System\AoIZxpT.exe
  2⤵
  PID:13956
- C:\Windows\System\ttpZrxX.exe
  C:\Windows\System\ttpZrxX.exe
  2⤵
  PID:13984
- C:\Windows\System\VBCDkve.exe
  C:\Windows\System\VBCDkve.exe
  2⤵
  PID:14012
- C:\Windows\System\HcXFhII.exe
  C:\Windows\System\HcXFhII.exe
  2⤵
  PID:14040
- C:\Windows\System\LJkkaow.exe
  C:\Windows\System\LJkkaow.exe
  2⤵
  PID:14068
- C:\Windows\System\PfXYCzd.exe
  C:\Windows\System\PfXYCzd.exe
  2⤵
  PID:14096
- C:\Windows\System\fgTFMHr.exe
  C:\Windows\System\fgTFMHr.exe
  2⤵
  PID:14124
- C:\Windows\System\tAZcRIq.exe
  C:\Windows\System\tAZcRIq.exe
  2⤵
  PID:14152
- C:\Windows\System\ZiFwdwx.exe
  C:\Windows\System\ZiFwdwx.exe
  2⤵
  PID:14180
- C:\Windows\System\TNhDqaN.exe
  C:\Windows\System\TNhDqaN.exe
  2⤵
  PID:14208
- C:\Windows\System\KLaqkTS.exe
  C:\Windows\System\KLaqkTS.exe
  2⤵
  PID:14236
- C:\Windows\System\nUYZgpZ.exe
  C:\Windows\System\nUYZgpZ.exe
  2⤵
  PID:14264
- C:\Windows\System\ToLoABe.exe
  C:\Windows\System\ToLoABe.exe
  2⤵
  PID:14292
- C:\Windows\System\QEcKXtb.exe
  C:\Windows\System\QEcKXtb.exe
  2⤵
  PID:14320
- C:\Windows\System\fVTHTpf.exe
  C:\Windows\System\fVTHTpf.exe
  2⤵
  PID:13344
- C:\Windows\System\TCzlETt.exe
  C:\Windows\System\TCzlETt.exe
  2⤵
  PID:13400
- C:\Windows\System\LeDzJBe.exe
  C:\Windows\System\LeDzJBe.exe
  2⤵
  PID:13472
- C:\Windows\System\BEhwofu.exe
  C:\Windows\System\BEhwofu.exe
  2⤵
  PID:13512
- C:\Windows\System\buBGjmM.exe
  C:\Windows\System\buBGjmM.exe
  2⤵
  PID:13576
- C:\Windows\System\HqfSfHj.exe
  C:\Windows\System\HqfSfHj.exe
  2⤵
  PID:7088
- C:\Windows\System\uwVhNvf.exe
  C:\Windows\System\uwVhNvf.exe
  2⤵
  PID:3128
- C:\Windows\System\gjLhJHl.exe
  C:\Windows\System\gjLhJHl.exe
  2⤵
  PID:8796
- C:\Windows\System\aBGqijq.exe
  C:\Windows\System\aBGqijq.exe
  2⤵
  PID:13692
- C:\Windows\System\TRMChRP.exe
  C:\Windows\System\TRMChRP.exe
  2⤵
  PID:13740
- C:\Windows\System\sZwzfYS.exe
  C:\Windows\System\sZwzfYS.exe
  2⤵
  PID:13780
- C:\Windows\System\DZjSXpB.exe
  C:\Windows\System\DZjSXpB.exe
  2⤵
  PID:13832
- C:\Windows\System\CklktfK.exe
  C:\Windows\System\CklktfK.exe
  2⤵
  PID:13868
- C:\Windows\System\fIVeSjW.exe
  C:\Windows\System\fIVeSjW.exe
  2⤵
  PID:3088
- C:\Windows\System\NTGcsVy.exe
  C:\Windows\System\NTGcsVy.exe
  2⤵
  PID:13948
- C:\Windows\System\KvtuKpq.exe
  C:\Windows\System\KvtuKpq.exe
  2⤵
  PID:9000
- C:\Windows\System\rEnRZWj.exe
  C:\Windows\System\rEnRZWj.exe
  2⤵
  PID:14024
- C:\Windows\System\jJgDySQ.exe
  C:\Windows\System\jJgDySQ.exe
  2⤵
  PID:14036
- C:\Windows\System\HqtzAQt.exe
  C:\Windows\System\HqtzAQt.exe
  2⤵
  PID:9144
- C:\Windows\System\GjsbwET.exe
  C:\Windows\System\GjsbwET.exe
  2⤵
  PID:14116
- C:\Windows\System\YSiQLLz.exe
  C:\Windows\System\YSiQLLz.exe
  2⤵
  PID:14148
- C:\Windows\System\bMrgLKb.exe
  C:\Windows\System\bMrgLKb.exe
  2⤵
  PID:6512
- C:\Windows\System\qJcXehm.exe
  C:\Windows\System\qJcXehm.exe
  2⤵
  PID:6596
- C:\Windows\System\TerByMu.exe
  C:\Windows\System\TerByMu.exe
  2⤵
  PID:14260
- C:\Windows\System\xYJlOwK.exe
  C:\Windows\System\xYJlOwK.exe
  2⤵
  PID:14288
- C:\Windows\System\FeaXasY.exe
  C:\Windows\System\FeaXasY.exe
  2⤵
  PID:13856
- C:\Windows\System\biYUlkX.exe
  C:\Windows\System\biYUlkX.exe
  2⤵
  PID:13392
- C:\Windows\System\BowKnWp.exe
  C:\Windows\System\BowKnWp.exe
  2⤵
  PID:13500
- C:\Windows\System\YEzZRgN.exe
  C:\Windows\System\YEzZRgN.exe
  2⤵
  PID:7032
- C:\Windows\System\NUofGgK.exe
  C:\Windows\System\NUofGgK.exe
  2⤵
  PID:1520
- C:\Windows\System\qVJvsSC.exe
  C:\Windows\System\qVJvsSC.exe
  2⤵
  PID:6964
- C:\Windows\System\MeLuIsS.exe
  C:\Windows\System\MeLuIsS.exe
  2⤵
  PID:7040
- C:\Windows\System\arKsItV.exe
  C:\Windows\System\arKsItV.exe
  2⤵
  PID:4656
- C:\Windows\System\AdgXSJE.exe
  C:\Windows\System\AdgXSJE.exe
  2⤵
  PID:13768
- C:\Windows\System\iIfkeaM.exe
  C:\Windows\System\iIfkeaM.exe
  2⤵
  PID:5432
- C:\Windows\System\zjnmBMx.exe
  C:\Windows\System\zjnmBMx.exe
  2⤵
  PID:8856
- C:\Windows\System\seDXjTM.exe
  C:\Windows\System\seDXjTM.exe
  2⤵
  PID:13912
- C:\Windows\System\rSmTdhG.exe
  C:\Windows\System\rSmTdhG.exe
  2⤵
  PID:6168
- C:\Windows\System\kkBJsAG.exe
  C:\Windows\System\kkBJsAG.exe
  2⤵
  PID:6328
- C:\Windows\System\jVdgOSF.exe
  C:\Windows\System\jVdgOSF.exe
  2⤵
  PID:6516
- C:\Windows\System\KrDHHrg.exe
  C:\Windows\System\KrDHHrg.exe
  2⤵
  PID:6600
- C:\Windows\System\WoBIJgb.exe
  C:\Windows\System\WoBIJgb.exe
  2⤵
  PID:6476
- C:\Windows\System\eQfxiyB.exe
  C:\Windows\System\eQfxiyB.exe
  2⤵
  PID:6784
- C:\Windows\System\iPJttSU.exe
  C:\Windows\System\iPJttSU.exe
  2⤵
  PID:9208
- C:\Windows\System\RiQwGLR.exe
  C:\Windows\System\RiQwGLR.exe
  2⤵
  PID:13624
- C:\Windows\System\pTcLPFb.exe
  C:\Windows\System\pTcLPFb.exe
  2⤵
  PID:14332
- C:\Windows\System\zmfailT.exe
  C:\Windows\System\zmfailT.exe
  2⤵
  PID:8628
- C:\Windows\System\PdlgkWL.exe
  C:\Windows\System\PdlgkWL.exe
  2⤵
  PID:3380
- C:\Windows\System\uYOPtaK.exe
  C:\Windows\System\uYOPtaK.exe
  2⤵
  PID:4792
- C:\Windows\System\lUEaozW.exe
  C:\Windows\System\lUEaozW.exe
  2⤵
  PID:4980
- C:\Windows\System\PaRnmBw.exe
  C:\Windows\System\PaRnmBw.exe
  2⤵
  PID:6364
- C:\Windows\System\fgCwrVG.exe
  C:\Windows\System\fgCwrVG.exe
  2⤵
  PID:6792
- C:\Windows\System\NjJcfwH.exe
  C:\Windows\System\NjJcfwH.exe
  2⤵
  PID:7036
- C:\Windows\System\TSlRUAu.exe
  C:\Windows\System\TSlRUAu.exe
  2⤵
  PID:5760
- C:\Windows\System\ZAKyKzQ.exe
  C:\Windows\System\ZAKyKzQ.exe
  2⤵
  PID:8376
- C:\Windows\System\iIQqqBz.exe
  C:\Windows\System\iIQqqBz.exe
  2⤵
  PID:6404
- C:\Windows\System\cZOHUgC.exe
  C:\Windows\System\cZOHUgC.exe
  2⤵
  PID:14080
- C:\Windows\System\rFIRxKs.exe
  C:\Windows\System\rFIRxKs.exe
  2⤵
  PID:14176
- C:\Windows\System\QknYRDs.exe
  C:\Windows\System\QknYRDs.exe
  2⤵
  PID:7712
- C:\Windows\System\WOaijKu.exe
  C:\Windows\System\WOaijKu.exe
  2⤵
  PID:7296
- C:\Windows\System\vxwdWyT.exe
  C:\Windows\System\vxwdWyT.exe
  2⤵
  PID:7308
- C:\Windows\System\JuRaFzf.exe
  C:\Windows\System\JuRaFzf.exe
  2⤵
  PID:13452
- C:\Windows\System\vPbVtoI.exe
  C:\Windows\System\vPbVtoI.exe
  2⤵
  PID:13604
- C:\Windows\System\AAwsYAy.exe
  C:\Windows\System\AAwsYAy.exe
  2⤵
  PID:7060
- C:\Windows\System\EdAirFs.exe
  C:\Windows\System\EdAirFs.exe
  2⤵
  PID:5100
- C:\Windows\System\moSmMkI.exe
  C:\Windows\System\moSmMkI.exe
  2⤵
  PID:5028
- C:\Windows\System\IalZmAC.exe
  C:\Windows\System\IalZmAC.exe
  2⤵
  PID:7448
- C:\Windows\System\brobzvS.exe
  C:\Windows\System\brobzvS.exe
  2⤵
  PID:7204
- C:\Windows\System\lUvcOwa.exe
  C:\Windows\System\lUvcOwa.exe
  2⤵
  PID:7512
- C:\Windows\System\ZwGDsmc.exe
  C:\Windows\System\ZwGDsmc.exe
  2⤵
  PID:7252
- C:\Windows\System\dWuMUvE.exe
  C:\Windows\System\dWuMUvE.exe
  2⤵
  PID:9528
- C:\Windows\System\etGmLWM.exe
  C:\Windows\System\etGmLWM.exe
  2⤵
  PID:7568
- C:\Windows\System\mBsuRGu.exe
  C:\Windows\System\mBsuRGu.exe
  2⤵
  PID:9604
- C:\Windows\System\iWaNsnH.exe
  C:\Windows\System\iWaNsnH.exe
  2⤵
  PID:9632
- C:\Windows\System\JjzswII.exe
  C:\Windows\System\JjzswII.exe
  2⤵
  PID:7400
- C:\Windows\System\LCIybZH.exe
  C:\Windows\System\LCIybZH.exe
  2⤵
  PID:9360
- C:\Windows\System\ruxzeOU.exe
  C:\Windows\System\ruxzeOU.exe
  2⤵
  PID:13980
- C:\Windows\System\PsaDUgb.exe
  C:\Windows\System\PsaDUgb.exe
  2⤵
  PID:7672
- C:\Windows\System\bzBPaAv.exe
  C:\Windows\System\bzBPaAv.exe
  2⤵
  PID:7700
- C:\Windows\System\zdIbKyK.exe
  C:\Windows\System\zdIbKyK.exe
  2⤵
  PID:9544
- C:\Windows\System\PnSRpmg.exe
  C:\Windows\System\PnSRpmg.exe
  2⤵
  PID:8840
- C:\Windows\System\KuJlMPc.exe
  C:\Windows\System\KuJlMPc.exe
  2⤵
  PID:7316
- C:\Windows\System\YnsrMUx.exe
  C:\Windows\System\YnsrMUx.exe
  2⤵
  PID:9928
- C:\Windows\System\fvkMQZe.exe
  C:\Windows\System\fvkMQZe.exe
  2⤵
  PID:4444
- C:\Windows\System\cKeSLnx.exe
  C:\Windows\System\cKeSLnx.exe
  2⤵
  PID:8760
- C:\Windows\System\rshErbN.exe
  C:\Windows\System\rshErbN.exe
  2⤵
  PID:7680
- C:\Windows\System\AWvBkgn.exe
  C:\Windows\System\AWvBkgn.exe
  2⤵
  PID:7964
- C:\Windows\System\YyeNcaY.exe
  C:\Windows\System\YyeNcaY.exe
  2⤵
  PID:7792
- C:\Windows\System\QbLBNns.exe
  C:\Windows\System\QbLBNns.exe
  2⤵
  PID:7832
- C:\Windows\System\XZGtEGo.exe
  C:\Windows\System\XZGtEGo.exe
  2⤵
  PID:9672
- C:\Windows\System\uFGUlpn.exe
  C:\Windows\System\uFGUlpn.exe
  2⤵
  PID:7708
- C:\Windows\System\IfaJNZz.exe
  C:\Windows\System\IfaJNZz.exe
  2⤵
  PID:7756
- C:\Windows\System\PzVDfpu.exe
  C:\Windows\System\PzVDfpu.exe
  2⤵
  PID:9680
- C:\Windows\System\thYBqav.exe
  C:\Windows\System\thYBqav.exe
  2⤵
  PID:8092
- C:\Windows\System\ZtvHFSo.exe
  C:\Windows\System\ZtvHFSo.exe
  2⤵
  PID:6972
- C:\Windows\System\QPGwyWO.exe
  C:\Windows\System\QPGwyWO.exe
  2⤵
  PID:10100
- C:\Windows\System\CATXgDw.exe
  C:\Windows\System\CATXgDw.exe
  2⤵
  PID:3468
- C:\Windows\System\tHqTFoT.exe
  C:\Windows\System\tHqTFoT.exe
  2⤵
  PID:7180
- C:\Windows\System\YfDouNT.exe
  C:\Windows\System\YfDouNT.exe
  2⤵
  PID:7236
- C:\Windows\System\wKhsUtl.exe
  C:\Windows\System\wKhsUtl.exe
  2⤵
  PID:14364
- C:\Windows\System\amPFUVB.exe
  C:\Windows\System\amPFUVB.exe
  2⤵
  PID:14392
- C:\Windows\System\FUtcbjQ.exe
  C:\Windows\System\FUtcbjQ.exe
  2⤵
  PID:14420
- C:\Windows\System\bNUZNPF.exe
  C:\Windows\System\bNUZNPF.exe
  2⤵
  PID:14448
- C:\Windows\System\HSOWXJc.exe
  C:\Windows\System\HSOWXJc.exe
  2⤵
  PID:14476
- C:\Windows\System\FfnuQWf.exe
  C:\Windows\System\FfnuQWf.exe
  2⤵
  PID:14504
- C:\Windows\System\uHhfyyR.exe
  C:\Windows\System\uHhfyyR.exe
  2⤵
  PID:14532
- C:\Windows\System\kfuGwjU.exe
  C:\Windows\System\kfuGwjU.exe
  2⤵
  PID:14560
- C:\Windows\System\nWjhTat.exe
  C:\Windows\System\nWjhTat.exe
  2⤵
  PID:14588
- C:\Windows\System\IcEGbYT.exe
  C:\Windows\System\IcEGbYT.exe
  2⤵
  PID:14616
- C:\Windows\System\LTwBgar.exe
  C:\Windows\System\LTwBgar.exe
  2⤵
  PID:14644
- C:\Windows\System\LrhscqY.exe
  C:\Windows\System\LrhscqY.exe
  2⤵
  PID:14672
- C:\Windows\System\cUvhkdQ.exe
  C:\Windows\System\cUvhkdQ.exe
  2⤵
  PID:14700
- C:\Windows\System\BldWOkc.exe
  C:\Windows\System\BldWOkc.exe
  2⤵
  PID:14728
- C:\Windows\System\upcTKxi.exe
  C:\Windows\System\upcTKxi.exe
  2⤵
  PID:14756
- C:\Windows\System\NtqxQtz.exe
  C:\Windows\System\NtqxQtz.exe
  2⤵
  PID:14784
- C:\Windows\System\uEBUPwF.exe
  C:\Windows\System\uEBUPwF.exe
  2⤵
  PID:14812
- C:\Windows\System\GtXyhcb.exe
  C:\Windows\System\GtXyhcb.exe
  2⤵
  PID:14840
- C:\Windows\System\eSXpkcJ.exe
  C:\Windows\System\eSXpkcJ.exe
  2⤵
  PID:14868
- C:\Windows\System\nnCBVQn.exe
  C:\Windows\System\nnCBVQn.exe
  2⤵
  PID:14896
- C:\Windows\System\EjdEPXI.exe
  C:\Windows\System\EjdEPXI.exe
  2⤵
  PID:14940
- C:\Windows\System\cHLulfv.exe
  C:\Windows\System\cHLulfv.exe
  2⤵
  PID:14956
- C:\Windows\System\ZSJsUbS.exe
  C:\Windows\System\ZSJsUbS.exe
  2⤵
  PID:14984
- C:\Windows\System\FBhwGmt.exe
  C:\Windows\System\FBhwGmt.exe
  2⤵
  PID:15012
- C:\Windows\System\eslpugC.exe
  C:\Windows\System\eslpugC.exe
  2⤵
  PID:15040
- C:\Windows\System\YgdmLFU.exe
  C:\Windows\System\YgdmLFU.exe
  2⤵
  PID:15068
- C:\Windows\System\jHLizdL.exe
  C:\Windows\System\jHLizdL.exe
  2⤵
  PID:15096
- C:\Windows\System\gjkTOZe.exe
  C:\Windows\System\gjkTOZe.exe
  2⤵
  PID:15124
- C:\Windows\System\EmfqGYq.exe
  C:\Windows\System\EmfqGYq.exe
  2⤵
  PID:15152
- C:\Windows\System\AAxFIFI.exe
  C:\Windows\System\AAxFIFI.exe
  2⤵
  PID:15180
- C:\Windows\System\tOCZPUU.exe
  C:\Windows\System\tOCZPUU.exe
  2⤵
  PID:15208
- C:\Windows\System\EAOAgbQ.exe
  C:\Windows\System\EAOAgbQ.exe
  2⤵
  PID:15236
- C:\Windows\System\KSWrNxm.exe
  C:\Windows\System\KSWrNxm.exe
  2⤵
  PID:15264
- C:\Windows\System\fjkzUhF.exe
  C:\Windows\System\fjkzUhF.exe
  2⤵
  PID:15292
- C:\Windows\System\DMBkCav.exe
  C:\Windows\System\DMBkCav.exe
  2⤵
  PID:15320
- C:\Windows\System\MNhlTpl.exe
  C:\Windows\System\MNhlTpl.exe
  2⤵
  PID:15348
- C:\Windows\System\oFtmOaJ.exe
  C:\Windows\System\oFtmOaJ.exe
  2⤵
  PID:14376
- C:\Windows\System\GdePwub.exe
  C:\Windows\System\GdePwub.exe
  2⤵
  PID:14416
- C:\Windows\System\SDmRvZz.exe
  C:\Windows\System\SDmRvZz.exe
  2⤵
  PID:7376
- C:\Windows\System\CvDNCMx.exe
  C:\Windows\System\CvDNCMx.exe
  2⤵
  PID:3192
- C:\Windows\System\lgfjLYN.exe
  C:\Windows\System\lgfjLYN.exe
  2⤵
  PID:7464
- C:\Windows\System\EogRGoi.exe
  C:\Windows\System\EogRGoi.exe
  2⤵
  PID:14584
- C:\Windows\System\LIMfTSp.exe
  C:\Windows\System\LIMfTSp.exe
  2⤵
  PID:10164
- C:\Windows\System\TgbkXHQ.exe
  C:\Windows\System\TgbkXHQ.exe
  2⤵
  PID:14684
- C:\Windows\System\HBrsfAp.exe
  C:\Windows\System\HBrsfAp.exe
  2⤵
  PID:14720
- C:\Windows\System\WFAsvmj.exe
  C:\Windows\System\WFAsvmj.exe
  2⤵
  PID:14768
- C:\Windows\System\undoyyQ.exe
  C:\Windows\System\undoyyQ.exe
  2⤵
  PID:14808
- C:\Windows\System\zWAzkMj.exe
  C:\Windows\System\zWAzkMj.exe
  2⤵
  PID:14852
- C:\Windows\System\IgbTvNN.exe
  C:\Windows\System\IgbTvNN.exe
  2⤵
  PID:14892
- C:\Windows\System\qCkxXuI.exe
  C:\Windows\System\qCkxXuI.exe
  2⤵
  PID:10236
- C:\Windows\System\xNXkQSa.exe
  C:\Windows\System\xNXkQSa.exe
  2⤵
  PID:9264
- C:\Windows\System\nnDJsZE.exe
  C:\Windows\System\nnDJsZE.exe
  2⤵
  PID:1944
- C:\Windows\System\fdOJoUz.exe
  C:\Windows\System\fdOJoUz.exe
  2⤵
  PID:9364
- C:\Windows\System\lFlVBdg.exe
  C:\Windows\System\lFlVBdg.exe
  2⤵
  PID:15052
- C:\Windows\System\WQoFkBE.exe
  C:\Windows\System\WQoFkBE.exe
  2⤵
  PID:8880
- C:\Windows\System\jLkkbTy.exe
  C:\Windows\System\jLkkbTy.exe
  2⤵
  PID:7436
- C:\Windows\System\JTSmCfO.exe
  C:\Windows\System\JTSmCfO.exe
  2⤵
  PID:9516
- C:\Windows\System\SuobYdv.exe
  C:\Windows\System\SuobYdv.exe
  2⤵
  PID:9620
- C:\Windows\System\QhLILgT.exe
  C:\Windows\System\QhLILgT.exe
  2⤵
  PID:15204
- C:\Windows\System\gJEhaUC.exe
  C:\Windows\System\gJEhaUC.exe
  2⤵
  PID:7816
- C:\Windows\System\nTiqkYb.exe
  C:\Windows\System\nTiqkYb.exe
  2⤵
  PID:15288
- C:\Windows\System\WUBNpRM.exe
  C:\Windows\System\WUBNpRM.exe
  2⤵
  PID:15316
- C:\Windows\System\vSuZYFS.exe
  C:\Windows\System\vSuZYFS.exe
  2⤵
  PID:9860
- C:\Windows\System\OBqELlY.exe
  C:\Windows\System\OBqELlY.exe
  2⤵
  PID:1148
- C:\Windows\System\iiSjCtR.exe
  C:\Windows\System\iiSjCtR.exe
  2⤵
  PID:9964
- C:\Windows\System\JHhKbMS.exe
  C:\Windows\System\JHhKbMS.exe
  2⤵
  PID:14496
- C:\Windows\System\PGEolRA.exe
  C:\Windows\System\PGEolRA.exe
  2⤵
  PID:14544
- C:\Windows\System\EeAmhxo.exe
  C:\Windows\System\EeAmhxo.exe
  2⤵
  PID:7572
- C:\Windows\System\yJDcNdc.exe
  C:\Windows\System\yJDcNdc.exe
  2⤵
  PID:3412
- C:\Windows\System\eCnESWH.exe
  C:\Windows\System\eCnESWH.exe
  2⤵
  PID:14664
- C:\Windows\System\qaCgfbH.exe
  C:\Windows\System\qaCgfbH.exe
  2⤵
  PID:10200
- C:\Windows\System\IZROeNy.exe
  C:\Windows\System\IZROeNy.exe
  2⤵
  PID:9652
- C:\Windows\System\hqTHUAJ.exe
  C:\Windows\System\hqTHUAJ.exe
  2⤵
  PID:14832
- C:\Windows\System\wOePnDp.exe
  C:\Windows\System\wOePnDp.exe
  2⤵
  PID:7956
- C:\Windows\System\UWbrdsl.exe
  C:\Windows\System\UWbrdsl.exe
  2⤵
  PID:8068
- C:\Windows\System\xYOwlKp.exe
  C:\Windows\System\xYOwlKp.exe
  2⤵
  PID:9368
- C:\Windows\System\shCGiVH.exe
  C:\Windows\System\shCGiVH.exe
  2⤵
  PID:8392
- C:\Windows\System\QsTmVLU.exe
  C:\Windows\System\QsTmVLU.exe
  2⤵
  PID:3596
- C:\Windows\System\VTPdoCm.exe
  C:\Windows\System\VTPdoCm.exe
  2⤵
  PID:15088
- C:\Windows\System\eMgffKd.exe
  C:\Windows\System\eMgffKd.exe
  2⤵
  PID:9508
- C:\Windows\System\iRGJVRB.exe
  C:\Windows\System\iRGJVRB.exe
  2⤵
  PID:8484
- C:\Windows\System\lEzaKSE.exe
  C:\Windows\System\lEzaKSE.exe
  2⤵
  PID:10028
- C:\Windows\System\AxZkitT.exe
  C:\Windows\System\AxZkitT.exe
  2⤵
  PID:1252
- C:\Windows\System\rOEWHFu.exe
  C:\Windows\System\rOEWHFu.exe
  2⤵
  PID:3820
- C:\Windows\System\hhziiOm.exe
  C:\Windows\System\hhziiOm.exe
  2⤵
  PID:8540
- C:\Windows\System\nhHAQmq.exe
  C:\Windows\System\nhHAQmq.exe
  2⤵
  PID:8104
- C:\Windows\System\JXcoqmE.exe
  C:\Windows\System\JXcoqmE.exe
  2⤵
  PID:14404
- C:\Windows\System\zMQEYfh.exe
  C:\Windows\System\zMQEYfh.exe
  2⤵
  PID:7492
- C:\Windows\System\juSjRNm.exe
  C:\Windows\System\juSjRNm.exe
  2⤵
  PID:7716
- C:\Windows\System\urvBQCN.exe
  C:\Windows\System\urvBQCN.exe
  2⤵
  PID:940
- C:\Windows\System\wmpeXsW.exe
  C:\Windows\System\wmpeXsW.exe
  2⤵
  PID:10256
- C:\Windows\System\SrHcBME.exe
  C:\Windows\System\SrHcBME.exe
  2⤵
  PID:8700
- C:\Windows\System\TzzPVMN.exe
  C:\Windows\System\TzzPVMN.exe
  2⤵
  PID:8260
- C:\Windows\System\HtHTdeZ.exe
  C:\Windows\System\HtHTdeZ.exe
  2⤵
  PID:14796
- C:\Windows\System\KJFlFzD.exe
  C:\Windows\System\KJFlFzD.exe
  2⤵
  PID:8320
- C:\Windows\System\jpEhPjw.exe
  C:\Windows\System\jpEhPjw.exe
  2⤵
  PID:4480
- C:\Windows\System\DmCBzOO.exe
  C:\Windows\System\DmCBzOO.exe
  2⤵
  PID:15008
- C:\Windows\System\PGoElYc.exe
  C:\Windows\System\PGoElYc.exe
  2⤵
  PID:15080
- C:\Windows\System\UnUARzQ.exe
  C:\Windows\System\UnUARzQ.exe
  2⤵
  PID:10548
- C:\Windows\System\ZxzXZqG.exe
  C:\Windows\System\ZxzXZqG.exe
  2⤵
  PID:7684
- C:\Windows\System\FzAtPKo.exe
  C:\Windows\System\FzAtPKo.exe
  2⤵
  PID:8816
- C:\Windows\System\ZnwqxaP.exe
  C:\Windows\System\ZnwqxaP.exe
  2⤵
  PID:3532
- C:\Windows\System\jsBzBMX.exe
  C:\Windows\System\jsBzBMX.exe
  2⤵
  PID:10696
- C:\Windows\System\KmaJFow.exe
  C:\Windows\System\KmaJFow.exe
  2⤵
  PID:4684
- C:\Windows\System\HevGFao.exe
  C:\Windows\System\HevGFao.exe
  2⤵
  PID:8588
- C:\Windows\System\faaMddg.exe
  C:\Windows\System\faaMddg.exe
  2⤵
  PID:10812
- C:\Windows\System\RSGzGMC.exe
  C:\Windows\System\RSGzGMC.exe
  2⤵
  PID:9044
- C:\Windows\System\vaPrEIN.exe
  C:\Windows\System\vaPrEIN.exe
  2⤵
  PID:10272
- C:\Windows\System\jEiIFit.exe
  C:\Windows\System\jEiIFit.exe
  2⤵
  PID:8224
- C:\Windows\System\EGaTrXM.exe
  C:\Windows\System\EGaTrXM.exe
  2⤵
  PID:10980
- C:\Windows\System\LFaJLtg.exe
  C:\Windows\System\LFaJLtg.exe
  2⤵
  PID:1608
- C:\Windows\System\SrLaSaM.exe
  C:\Windows\System\SrLaSaM.exe
  2⤵
  PID:11072
- C:\Windows\System\nFTzRkQ.exe
  C:\Windows\System\nFTzRkQ.exe
  2⤵
  PID:9548
- C:\Windows\System\JPRNWYf.exe
  C:\Windows\System\JPRNWYf.exe
  2⤵
  PID:8328
- C:\Windows\System\DahryNY.exe
  C:\Windows\System\DahryNY.exe
  2⤵
  PID:4328
- C:\Windows\System\ndenolN.exe
  C:\Windows\System\ndenolN.exe
  2⤵
  PID:8536
- C:\Windows\System\aihklzp.exe
  C:\Windows\System\aihklzp.exe
  2⤵
  PID:11128
- C:\Windows\System\qCzFCBq.exe
  C:\Windows\System\qCzFCBq.exe
  2⤵
  PID:10836
- C:\Windows\System\zMMucEM.exe
  C:\Windows\System\zMMucEM.exe
  2⤵
  PID:7628
- C:\Windows\System\QkDbteG.exe
  C:\Windows\System\QkDbteG.exe
  2⤵
  PID:11224
- C:\Windows\System\aXJIzvY.exe
  C:\Windows\System\aXJIzvY.exe
  2⤵
  PID:10448
- C:\Windows\System\zRSYoHp.exe
  C:\Windows\System\zRSYoHp.exe
  2⤵
  PID:11096
- C:\Windows\System\OrrppMQ.exe
  C:\Windows\System\OrrppMQ.exe
  2⤵
  PID:8836
- C:\Windows\System\FWOghpM.exe
  C:\Windows\System\FWOghpM.exe
  2⤵
  PID:10492
- C:\Windows\System\qNeTIiP.exe
  C:\Windows\System\qNeTIiP.exe
  2⤵
  PID:10004
- C:\Windows\System\xKWjkYj.exe
  C:\Windows\System\xKWjkYj.exe
  2⤵
  PID:10412
- C:\Windows\System\DxMEiNO.exe
  C:\Windows\System\DxMEiNO.exe
  2⤵
  PID:8228
- C:\Windows\System\zRirRmL.exe
  C:\Windows\System\zRirRmL.exe
  2⤵
  PID:15304
- C:\Windows\System\liJIvUp.exe
  C:\Windows\System\liJIvUp.exe
  2⤵
  PID:10344
- C:\Windows\System\loNIqDv.exe
  C:\Windows\System\loNIqDv.exe
  2⤵
  PID:9736
- C:\Windows\System\vOPIcca.exe
  C:\Windows\System\vOPIcca.exe
  2⤵
  PID:10580
- C:\Windows\System\pAaxRKQ.exe
  C:\Windows\System\pAaxRKQ.exe
  2⤵
  PID:14472
- C:\Windows\System\JjpuYdu.exe
  C:\Windows\System\JjpuYdu.exe
  2⤵
  PID:15384
- C:\Windows\System\qfzqxXe.exe
  C:\Windows\System\qfzqxXe.exe
  2⤵
  PID:15412
- C:\Windows\System\EeqTySF.exe
  C:\Windows\System\EeqTySF.exe
  2⤵
  PID:15440
- C:\Windows\System\LFRKiYi.exe
  C:\Windows\System\LFRKiYi.exe
  2⤵
  PID:15468
- C:\Windows\System\QPNHMJe.exe
  C:\Windows\System\QPNHMJe.exe
  2⤵
  PID:15496
- C:\Windows\System\FkytpFr.exe
  C:\Windows\System\FkytpFr.exe
  2⤵
  PID:15524
- C:\Windows\System\sDrpXih.exe
  C:\Windows\System\sDrpXih.exe
  2⤵
  PID:15552
- C:\Windows\System\YSdRhRu.exe
  C:\Windows\System\YSdRhRu.exe
  2⤵
  PID:15580
- C:\Windows\System\XlGSReR.exe
  C:\Windows\System\XlGSReR.exe
  2⤵
  PID:15608
- C:\Windows\System\FGSNlvy.exe
  C:\Windows\System\FGSNlvy.exe
  2⤵
  PID:15636
- C:\Windows\System\stnAoWH.exe
  C:\Windows\System\stnAoWH.exe
  2⤵
  PID:15664
- C:\Windows\System\PgmBsME.exe
  C:\Windows\System\PgmBsME.exe
  2⤵
  PID:15692
- C:\Windows\System\PCyQDVM.exe
  C:\Windows\System\PCyQDVM.exe
  2⤵
  PID:15728
- C:\Windows\System\QAAPjoF.exe
  C:\Windows\System\QAAPjoF.exe
  2⤵
  PID:15748
- C:\Windows\System\OvDHxme.exe
  C:\Windows\System\OvDHxme.exe
  2⤵
  PID:15776
- C:\Windows\System\saQowMG.exe
  C:\Windows\System\saQowMG.exe
  2⤵
  PID:15804
- C:\Windows\System\yCwkxhH.exe
  C:\Windows\System\yCwkxhH.exe
  2⤵
  PID:15832
- C:\Windows\System\VFjGzOH.exe
  C:\Windows\System\VFjGzOH.exe
  2⤵
  PID:15860
- C:\Windows\System\vpJizoW.exe
  C:\Windows\System\vpJizoW.exe
  2⤵
  PID:15888
- C:\Windows\System\vaOfDIW.exe
  C:\Windows\System\vaOfDIW.exe
  2⤵
  PID:15916
- C:\Windows\System\eEKGHhb.exe
  C:\Windows\System\eEKGHhb.exe
  2⤵
  PID:15944
- C:\Windows\System\aTghvqK.exe
  C:\Windows\System\aTghvqK.exe
  2⤵
  PID:15976
- C:\Windows\System\cIvSoUP.exe
  C:\Windows\System\cIvSoUP.exe
  2⤵
  PID:16004
- C:\Windows\System\pARRUOz.exe
  C:\Windows\System\pARRUOz.exe
  2⤵
  PID:16032
- C:\Windows\System\YzEotRO.exe
  C:\Windows\System\YzEotRO.exe
  2⤵
  PID:16060
- C:\Windows\System\CgERUQt.exe
  C:\Windows\System\CgERUQt.exe
  2⤵
  PID:16088
- C:\Windows\System\gkrQrge.exe
  C:\Windows\System\gkrQrge.exe
  2⤵
  PID:16116
- C:\Windows\System\NJhXIQW.exe
  C:\Windows\System\NJhXIQW.exe
  2⤵
  PID:16144
- C:\Windows\System\hygNzSe.exe
  C:\Windows\System\hygNzSe.exe
  2⤵
  PID:16172
- C:\Windows\System\kuhXWyL.exe
  C:\Windows\System\kuhXWyL.exe
  2⤵
  PID:16200
- C:\Windows\System\QQXEpFb.exe
  C:\Windows\System\QQXEpFb.exe
  2⤵
  PID:16228
- C:\Windows\System\zlyDuCQ.exe
  C:\Windows\System\zlyDuCQ.exe
  2⤵
  PID:16256
- C:\Windows\System\BZUFIzu.exe
  C:\Windows\System\BZUFIzu.exe
  2⤵
  PID:16300
- C:\Windows\System\vUzOnbd.exe
  C:\Windows\System\vUzOnbd.exe
  2⤵
  PID:16316
- C:\Windows\System\mPtHqnT.exe
  C:\Windows\System\mPtHqnT.exe
  2⤵
  PID:16344
- C:\Windows\System\REVBaxp.exe
  C:\Windows\System\REVBaxp.exe
  2⤵
  PID:16372
- C:\Windows\System\vVuWzOn.exe
  C:\Windows\System\vVuWzOn.exe
  2⤵
  PID:15380
- C:\Windows\System\zhBFfsf.exe
  C:\Windows\System\zhBFfsf.exe
  2⤵
  PID:15408
- C:\Windows\System\XysWHne.exe
  C:\Windows\System\XysWHne.exe
  2⤵
  PID:10380
- C:\Windows\System\IYxrLIP.exe
  C:\Windows\System\IYxrLIP.exe
  2⤵
  PID:15488
- C:\Windows\System\atdUxFL.exe
  C:\Windows\System\atdUxFL.exe
  2⤵
  PID:15536
- C:\Windows\System\RNlmnBH.exe
  C:\Windows\System\RNlmnBH.exe
  2⤵
  PID:15576
- C:\Windows\System\ZkCTDSx.exe
  C:\Windows\System\ZkCTDSx.exe
  2⤵
  PID:10440
- C:\Windows\System\MnXiRQW.exe
  C:\Windows\System\MnXiRQW.exe
  2⤵
  PID:15628
- C:\Windows\System\LWORbBU.exe
  C:\Windows\System\LWORbBU.exe
  2⤵
  PID:9220
- C:\Windows\System\uhgPkNz.exe
  C:\Windows\System\uhgPkNz.exe
  2⤵
  PID:10880
- C:\Windows\System\EFwutkN.exe
  C:\Windows\System\EFwutkN.exe
  2⤵
  PID:15744
- C:\Windows\System\VbjOHTT.exe
  C:\Windows\System\VbjOHTT.exe
  2⤵
  PID:15796
- C:\Windows\System\UOUcubh.exe
  C:\Windows\System\UOUcubh.exe
  2⤵
  PID:15828
- C:\Windows\System\lBiNIdu.exe
  C:\Windows\System\lBiNIdu.exe
  2⤵
  PID:9344
- C:\Windows\System\ZQmFDhY.exe
  C:\Windows\System\ZQmFDhY.exe
  2⤵
  PID:15928
- C:\Windows\System\TXVWJxx.exe
  C:\Windows\System\TXVWJxx.exe
  2⤵
  PID:15972
- C:\Windows\System\tspIiKr.exe
  C:\Windows\System\tspIiKr.exe
  2⤵
  PID:16016
- C:\Windows\System\RheTXUK.exe
  C:\Windows\System\RheTXUK.exe
  2⤵
  PID:16080
- C:\Windows\System\QwvPoYA.exe
  C:\Windows\System\QwvPoYA.exe
  2⤵
  PID:16128
- C:\Windows\System\XjblzIz.exe
  C:\Windows\System\XjblzIz.exe
  2⤵
  PID:16168
- C:\Windows\System\vWzEZJl.exe
  C:\Windows\System\vWzEZJl.exe
  2⤵
  PID:16248
- C:\Windows\System\yjEBLwU.exe
  C:\Windows\System\yjEBLwU.exe
  2⤵
  PID:16296
- C:\Windows\System\LYktPId.exe
  C:\Windows\System\LYktPId.exe
  2⤵
  PID:16340
- C:\Windows\System\fIqHEnA.exe
  C:\Windows\System\fIqHEnA.exe
  2⤵
  PID:15396
- C:\Windows\System\NfiLvJS.exe
  C:\Windows\System\NfiLvJS.exe
  2⤵
  PID:15464
- C:\Windows\System\fWHnsEo.exe
  C:\Windows\System\fWHnsEo.exe
  2⤵
  PID:15516
- C:\Windows\System\nJfopMi.exe
  C:\Windows\System\nJfopMi.exe
  2⤵
  PID:10760
- C:\Windows\System\AXfKPsn.exe
  C:\Windows\System\AXfKPsn.exe
  2⤵
  PID:10524
- C:\Windows\System\iYOPkGa.exe
  C:\Windows\System\iYOPkGa.exe
  2⤵
  PID:10724
- C:\Windows\System\GQbjSor.exe
  C:\Windows\System\GQbjSor.exe
  2⤵
  PID:15788
- C:\Windows\System\rDgjJIX.exe
  C:\Windows\System\rDgjJIX.exe
  2⤵
  PID:460
- C:\Windows\System\CYgynIQ.exe
  C:\Windows\System\CYgynIQ.exe
  2⤵
  PID:15988
- C:\Windows\System\EgdgrFa.exe
  C:\Windows\System\EgdgrFa.exe
  2⤵
  PID:10460
- C:\Windows\System\wgFgXGO.exe
  C:\Windows\System\wgFgXGO.exe
  2⤵
  PID:10048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CnNrlSy.exe

Filesize
6.0MB

MD5
0348b043f64e9fc71adab9a63a3c441d

SHA1
759d3df315db25350af3c053502b515b55603ef4

SHA256
ccd36f428a5102335f54f71b47b3b1cac8c837310bf323f5eef26bd6ce1d9494

SHA512
750f13ecf198b394fc7cf125c6ccaafc758d303679e109b5efa1fa9d4a8e9dd5b8d218cfdfcb007c20b818d2f6ad04d5e1faf236870d4fb6aa1b69ab23622897

Download Submit
C:\Windows\System\FkZnAQE.exe

Filesize
6.0MB

MD5
51c2dff1ebf205961bfad44fce4b1212

SHA1
80c57394d07a5c6596335fe95054622b25c9a5ea

SHA256
2ecde6078347a77b401e4ed1512d1128a19d56f60febb1fb8e2706360cfebe1e

SHA512
b8950f939834ff30db0ac93ae1f42d86a1801e32369c9509ea6bf463bebc853fdf3bff61c339baa8a7767a5b10ea5ccd781074891d828f65996b798af5ca98c3

Download Submit
C:\Windows\System\GUpxHOb.exe

Filesize
6.0MB

MD5
9486270be18220020059072af4d73273

SHA1
5ad4a65651e982a0194707940e00ec33024958e3

SHA256
f0ee7eec89c89fd29c299cfc28a19d349a504d87692647d6cbc47a075e9b89fd

SHA512
c5cf2842015a60eaace5dc17847b96e198d5b76368cdc7bf76c267bd27ed2ce3834fd401a230347f0e76538d8a826f8ccc107005e2fc88c0f2510f9f247523f3

Download Submit
C:\Windows\System\IOzBzyl.exe

Filesize
6.0MB

MD5
12c3e487203fde68a462242543fd775e

SHA1
a5118e4d4fa0f82a81b07480b3581e5021499eb7

SHA256
8a3bf9b7274d1e1d6abdaf53d354a09ff7f4ab8526cd0cd9c06dcfc40b95a676

SHA512
58f36ad061c7e859a218454078412f1892a4746a93ba3dc1bffacb71191aea5da3153d63a55c9f0c8b87d697754771150e055e2e3d22c4afe09d478d162b4d8b

Download Submit
C:\Windows\System\IsDVkpE.exe

Filesize
6.0MB

MD5
7ae60a1f68b5d07ff7424683e8d93d80

SHA1
17c2b0bbd5ff9b776de6203fec79cec2821a8d6e

SHA256
43d01033649d1f3fcb40fcecadfb276811bda7453957e39bfbf50c1ba156561d

SHA512
2c9bc6cca044b856f0f3aeeee197a25af6ab8713f1d6ecbd638f59ee851104f42631fe78a9b3c01d8f75f7bfe5e854feab1e01266cc08d939fb7ff6cb804a186

Download Submit
C:\Windows\System\MnpYKCO.exe

Filesize
6.0MB

MD5
d5a0eff7d807bb02aa0c5dd91582e303

SHA1
4cc3d532ba4b06bf5c9dfc326eca1d3f324cb940

SHA256
c24d5daeeef2bb05b12bcd8988bf72251105fbf4247323bf53ae29ee18ad3c19

SHA512
710d918535c433d6f1b0d9237ef8afa219ac83d877d44121b9fb59d2674afc7e52ec8ee382dfabc78ac29d3c786b495f145b6ceac96d81e7b5d49997271038a3

Download Submit
C:\Windows\System\PmAzaiz.exe

Filesize
6.0MB

MD5
6ab6a66bf3fabc1910519bc35e1ae610

SHA1
bc368f71d10249ad31872c03f8c82a0137362b55

SHA256
02b67a6238780292302c1fade1c7cdc3b51fd4a77cf3cb65a879869594b841d4

SHA512
c72f99d25be2c79fb66a74c270252868f0d7cecfeb5436c56e9381a509c8ad706b1837e129c68f2e743d93caf8398486186cd99884f81610b1f079d566b6356e

Download Submit
C:\Windows\System\SyDKErJ.exe

Filesize
6.0MB

MD5
a5035fb3e404c9583830a055351bbf58

SHA1
f580a1cb6c77c3aaee5991c48a6a096b2646c639

SHA256
cd2edd1cef485f6ef2a8d5e9279f4f548ebc4a8762c956b1f31566d8dcbb2c42

SHA512
7e6f616ebecc5fd4b58b768a9e0ff0d93fba6ae0b11f601e120030be6680a7d6b9a8c9c5c15dd6c08050eafc5f59463575b30c9e56d78a16abb1fdc97e0f18ad

Download Submit
C:\Windows\System\UYJUlFR.exe

Filesize
6.0MB

MD5
4fc6f77c11f4223a2afd80c4d219cead

SHA1
c0f38cd1bc25bc46b8f8ada9fa0dd1482f3e79ec

SHA256
048105cf1cb383620c8e71aa834a8b3f20824ff3ac4416c82cce4e9e0e653ded

SHA512
63b879615e64b4f273958bd01f114e7b63597af96fe1e56c3cec095116186821b2c5e37ba45b38e2cd8c2d921f2c6bab417a74cebb5b8ba803bc8c7d920fc0ff

Download Submit
C:\Windows\System\VlNdKXt.exe

Filesize
6.0MB

MD5
47660a90a8f6cf2ec88250a321416ff5

SHA1
0420aab811a4f5010936aa8ff963ac96e5877ef1

SHA256
b52f69b54a9cf795c55563ffcaf2b5c228123918467aae042d42877e6d3799ca

SHA512
a1595e2933617a276a2229afc8a83974ded05ff7c3f0da748627a7f8305c4613ce465431dbe9c82ae9a92a47b19d189bed641e5404fa1a6e34be72c1e8c20160

Download Submit
C:\Windows\System\WGxZquo.exe

Filesize
6.0MB

MD5
965f15c9ece7755c71da0d892a591d87

SHA1
c8ba14e0df296b260f30c0f8ce702f11173c39db

SHA256
85255fa113e81296630265ef543ebf28b4fb3424109be359de0280c1d3b4dee1

SHA512
1a83f33de409787881bad923b71b55d7998865713509c9e5abdd59af2ce8ffbe0f148f57a2f9b47fa2be96f3e0287cc5cfc189cb2a227879013486fe4cc838ad

Download Submit
C:\Windows\System\XNxQciR.exe

Filesize
6.0MB

MD5
71d34fac570b53c14c92509676b30d81

SHA1
d2a6881e447b5916aff04e9b94ac381ee27d2c9c

SHA256
60968b9f13bea8f96130ebce3e861e897d3b17033e8a2fbdc7814bf68d263d29

SHA512
d80c44e71578d8785cdfb1f2ea009ab83f694810fd30da29d1e556842f1a84f0aca4fc9bb1e2bd75763d2c5fbb91056721cd2456c3811c90aabe0cf13051bcab

Download Submit
C:\Windows\System\Xrhbqua.exe

Filesize
6.0MB

MD5
68f2e59ceff03269bae1db087f668790

SHA1
5b64dc72da5555ac5a107f7f08a11348b1775b8f

SHA256
08f54d178ae5f363ca2c566b15dc44a7128b068e620047d83310fc260e68654c

SHA512
f4a0a3863cd8931ab7ee6f85db27cc904e721c7c45fcbccc3e98f9ec5c4869875b760518ada637f2d85a8c17ee8fcc4f756be7a3803ee54d38c98cbfb21c335b

Download Submit
C:\Windows\System\bEYoCkv.exe

Filesize
6.0MB

MD5
289956d023981b3ac088f94d9b361ff9

SHA1
1ffb4d0a9d6c646115ce67b6e2df016f3f4d880d

SHA256
a25a7581e69a5dad2c298c2625b142c0233b720cc2b8cb71b82638c499688b13

SHA512
66cf7b78a70e53ba6860c8286c36baeedf2249810d935fcfc46c5cc281c70d551c2d083b3d79557eb9de7dfae51814dba78a3c39acd8f2be5d6a2dbcfaee654c

Download Submit
C:\Windows\System\bqMbonP.exe

Filesize
6.0MB

MD5
d844ac2169036689bc67100ec4c1fddd

SHA1
00e1bc22aab4d133cd8ca71d6d733bad9bca2b53

SHA256
f3dbb5becc61abba82b895f51513c089d78cd4046c6fe2a5aa479b4f17654e4b

SHA512
1e265f23ca3b776a6fc55df6100d07a8c5caf756ebc18dc9ad2ad4f6d2061a4cffebc4b154182b711d02c88ffa3fae9461334cbb5bf0685c685cc84b1046e44e

Download Submit
C:\Windows\System\fIXtwMt.exe

Filesize
6.0MB

MD5
d5d6f0306212682035edf1abd3dbba63

SHA1
d5e449d512bd1a3e9716a0b6b6215dcdb36f7e8f

SHA256
61a96158b12de6e1c794e7c450fc7fd7f840dc4973944de96187ce4f0c1f489a

SHA512
b75fe53a6c9ddce45b8cbda9cca9e5d1c8702ca68dc8e3dc908e174c2b5061ff0fbd346c92b4ec0eeaa93ae870c1b8a89fbae5650b03ccf274b2d5cd55d8a9fd

Download Submit
C:\Windows\System\japYqwO.exe

Filesize
6.0MB

MD5
dc53a64a9bf4233a0d871fe91c48f99b

SHA1
8b80c3a1269c4f6d1b92da9226546c49fcd2aeb7

SHA256
a515d14fce32ea6082308e82d6dd6832ffb43fd7ad8a2ce5592e2ac1154bd26e

SHA512
eb19c76a1497ba7160fe51f36b83afa309cd7841478466b902cfbb0883b18836369fe832343721d4488a86d643752f36d30fec7ab520183f0d1123b98d2c860c

Download Submit
C:\Windows\System\kyDpoSc.exe

Filesize
6.0MB

MD5
b37bdd90b83dabccb2f0f822d814b798

SHA1
27db19e780f40dd7a373487183da2bcd66eb364a

SHA256
fbe6c2341c8d3935f54361e835e66e9446cf0ea98b224ddca581a248a8f4d36e

SHA512
22c5342ab495d5078897631614e8db74596f35cb3bb00fc6d64d61d5fadaf64b75b646c7b9f9125abb54c471286e37edaf401b14ee268046577970b283e3457d

Download Submit
C:\Windows\System\kzxMWaq.exe

Filesize
6.0MB

MD5
e36da825cffadc23249927bda429fa39

SHA1
cfc86e602e17307c5a8038d9637bb690d34d8aef

SHA256
47bd82a987ab24959acbc77e257cc49e75056f627f7cf0e12c15f9a15830df43

SHA512
9afa96d1b39540684cff3c84746479ad20f3dc730027a147a0897e5e0c966d74a1ded49925472e7120cb2f38861901e5d639ef48aa95c06b4cbd488cb996a93f

Download Submit
C:\Windows\System\lzkycLD.exe

Filesize
6.0MB

MD5
3080fd17c1343198acd2da4b1a64c51f

SHA1
e55824aa3192c294fca941be58ecb12b184fe6f1

SHA256
791f161886af1699647e27f5753a202e69c3d404b671642618e716e222d080b9

SHA512
cbfc505c0f47fa37d259930f531e13561eb51ce6ca9f69ee100dfbb04ba6bcc9b1eeb0a6c2792beb98bf79d439d6c91ab3ac84b2711819874b5c2f1d877336f9

Download Submit
C:\Windows\System\lzmCJOk.exe

Filesize
6.0MB

MD5
2a19d589d34bebf6b6668c1080f29a61

SHA1
6632e2b35bba97cd79e7ddee5e5caedf293518f4

SHA256
8eb1c4315ef07cc445cc3bc5b6bfc77df7f1d68260b98746c394d6761435461e

SHA512
dd8d5f749dfec5f8f9f56e8e5f9e0d17ef44e5c129edcfb925c8b335da49a24bfbaa59e0b1b80de2189566d633fb75d73dadcbd5db320b7581d28040046c5bfa

Download Submit
C:\Windows\System\oUOhcaS.exe

Filesize
6.0MB

MD5
63232465a14e6d96bea651921e3c3dee

SHA1
74756e9e40c57cc13e6286edf0de596b128f617d

SHA256
9022ef070b3820373202e1314afb28361288f25a5653c96817040fb256e6feed

SHA512
a5baa63a9c13f9446d6274ab3009b9361c08fc12c7032ca5894b9e27f8738ddd23061fff70f274600dc7f14fcf3aef598c2734ef783194e91128bf1e488ece35

Download Submit
C:\Windows\System\pAeYmSc.exe

Filesize
6.0MB

MD5
507afd22438cd070eb6aab4166fe2ec5

SHA1
4b50fff047d7adb4bdfc184c2c74bd8fbc46dd6f

SHA256
5a5636e1bb756863482f33609bcf30b2f716438ff6b546e14c9c00b23b7f5b96

SHA512
e0b518e36f19bd2e43213e0e5fe899339b606c018e51c419a963c2b19c466f958453cff515b9a3de0671a4bbe1104bdad481347deec5ca7a82dc69c2294a659e

Download Submit
C:\Windows\System\qWqaLeL.exe

Filesize
6.0MB

MD5
762c7e38c1472118d02ce5a9f2003b45

SHA1
779b13e856017e2d89afd1f02f322938f1f02365

SHA256
0d6b28f12c5befbf17a5c0263d7efbb01218ac01e90d89769d8ac0cd5279930f

SHA512
95b90a8619876fcec6cbf424071bcf1ebe76af073cfabb2269b406700479f1423592e690bd4f3dfbee12ed079f26d0c240b4ec9944a1a6ee46d15d1d2a724c33

Download Submit
C:\Windows\System\rJOmOCf.exe

Filesize
6.0MB

MD5
e8d66fd22bc717db1e58ef67e4b23f59

SHA1
77d40e618e2d11efe077d9412cc308f9749d17d9

SHA256
e1abe213fff22d7a986ad0eed130db9d66504b31299565368aadb3d41c4707aa

SHA512
9217c250173d21b0ab488773d56042fe269f428b7fd42663b6b4f09142997e922134dfafb8e254735f0790e361ff47d064004687706c99729ccf4f3c9fc38592

Download Submit
C:\Windows\System\sDfKNxn.exe

Filesize
6.0MB

MD5
933d2107e0b527c04cbf2478a7eaa51a

SHA1
f8f4d13bea36e38611f5d30e0a93adbb7a798a00

SHA256
e92b2262637ee217106693f06bedb218dfc8c4155219a43ee406267558c0a636

SHA512
43dfe3a0e952b5c1128a701cc2e59ad8e5634f80dff7e76a1feba2827aee5abf8da1461eb0fbb73a2f3a23bb1eaa478a040a8eac83ae057d91683333a6a6039a

Download Submit
C:\Windows\System\sakXiAT.exe

Filesize
6.0MB

MD5
ae8fac7411500fa57b9cf6484baa8491

SHA1
74e4b0d8fd0307ee4c9b9e906e06e3512c01ab03

SHA256
e409f27adbc93f4e1eb443560c9eae6af1c474988864159812e11af2dba8918b

SHA512
adaad11e6fa7954d32debcaf7416b1d8e6bf94ff3bf1849f1655aff5c1cbd46dda68a506fa3af9121a646d6576ecf6295197be4b5c2af5824a206a193735c5f7

Download Submit
C:\Windows\System\sqQACMA.exe

Filesize
6.0MB

MD5
5e5d4c3261873c47be2d45a8929eda9b

SHA1
f83abc9109ad84cbfd3d748ef4bc471e8ee82c49

SHA256
30e5c72bcdec6a31c0854a65f3f883554be34c0247f86cef46cc67b8c407aac8

SHA512
fd46e2397bcf50895de7b7dc680fc4f4f7e25041f37a7913e6dd40181f14233d32c564ed92f6d6d544db3a54d6f4fe8ab5fc6e7f7c5a51e06bcf70022ecbe978

Download Submit
C:\Windows\System\ssqJFvO.exe

Filesize
6.0MB

MD5
f65e64a2cf5f820d7b3146d547253f6e

SHA1
2ebf06f73fcc13629cdad30410a0be10481e6734

SHA256
f2e3115c424d9d8cdeb10e628d806b03d58491a5384c3cb76b6c12dd341592f8

SHA512
6938abbdbba6ba82d7c325820bb3f3c566e085feeb9a0a4df27c794adc51f15343bf7fc85afd5f6e23dc3a5acd02cfc5102bd3e71c8155000bc54647b677de1c

Download Submit
C:\Windows\System\tjUEbxQ.exe

Filesize
6.0MB

MD5
33d6c69cf0b3c561b17084533feace87

SHA1
aa094d8af704f20e929fd9a566ee4fa3eac86837

SHA256
5dec12c53e4b064093220f4e18d0e612921596321798e15c8aa6763081b3fb54

SHA512
fc507fd794fb626a33bd589d0ad210e0dcdb8d9144aac3eddcfbba854fbf854a39e2db138e09d976600f535c8302e0a222f15c354762e555a1acbd02c7155b60

Download Submit
C:\Windows\System\uAFtZDN.exe

Filesize
6.0MB

MD5
f9ab091a71935d0059a2d2d498a88f32

SHA1
ef9bb8af4105f34a18a3426dde5304b4875fcf4b

SHA256
45f34a1f2c6cd75b6fa3df4827f884f8a5c3c9c62ee7f3211b208ea16ded524b

SHA512
74270c7443d19d27e2afd268af4f7297b27161bf29953e251a1d42d5d67febed15dbbddeb0c2bc05e047512306f808bac8af4f9d6415471ceb0753abef49e694

Download Submit
C:\Windows\System\xMDwIXc.exe

Filesize
6.0MB

MD5
4409723228d73d7e5eea8ca7b82466dd

SHA1
4fc01682a55f6b71dde59e5983bf750625116713

SHA256
9ce92d89ea38fa3e345ded1c7428b6bd757a83d03a159406b53e401a2303c30d

SHA512
061525caf61b424bc64a5f16d0e253668b95d5850f5dab389736afee9e1771cc3d5e7754f635752d3e720cd41deebaf9aa63eeda86e15b907034ddb7bce13947

Download Submit
C:\Windows\System\zURtTNj.exe

Filesize
6.0MB

MD5
4f2ad81c973d4531b244a2344b7b484f

SHA1
23150e81fa53e8f1a8c408660321538c22136ec3

SHA256
3f36fb0fab8dd83df077c76424d93476b2305358ad2ec7b153b6f507923304d9

SHA512
a0c7b04d4a29fe5104887ad6e8e58213405cddfaf6fb1f5f2ffcd78ab5e16380c42bba61d2c8a4285824154235b33fe5d328568182b4830207c598bc265e4161

Download Submit
memory/648-1140-0x00007FF768010000-0x00007FF768364000-memory.dmp

Filesize
3.3MB

Download
memory/648-1601-0x00007FF768010000-0x00007FF768364000-memory.dmp

Filesize
3.3MB

Download
memory/648-149-0x00007FF768010000-0x00007FF768364000-memory.dmp

Filesize
3.3MB

Download
memory/796-1468-0x00007FF738730000-0x00007FF738A84000-memory.dmp

Filesize
3.3MB

Download
memory/796-57-0x00007FF738730000-0x00007FF738A84000-memory.dmp

Filesize
3.3MB

Download
memory/956-109-0x00007FF74B650000-0x00007FF74B9A4000-memory.dmp

Filesize
3.3MB

Download
memory/956-178-0x00007FF74B650000-0x00007FF74B9A4000-memory.dmp

Filesize
3.3MB

Download
memory/956-1574-0x00007FF74B650000-0x00007FF74B9A4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-81-0x00007FF72E460000-0x00007FF72E7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-1238-0x00007FF72E460000-0x00007FF72E7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-30-0x00007FF72E460000-0x00007FF72E7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1436-163-0x00007FF6E44C0000-0x00007FF6E4814000-memory.dmp

Filesize
3.3MB

Download
memory/1436-1222-0x00007FF6E44C0000-0x00007FF6E4814000-memory.dmp

Filesize
3.3MB

Download
memory/1436-1610-0x00007FF6E44C0000-0x00007FF6E4814000-memory.dmp

Filesize
3.3MB

Download
memory/1500-1326-0x00007FF6282B0000-0x00007FF628604000-memory.dmp

Filesize
3.3MB

Download
memory/1500-1625-0x00007FF6282B0000-0x00007FF628604000-memory.dmp

Filesize
3.3MB

Download
memory/1500-193-0x00007FF6282B0000-0x00007FF628604000-memory.dmp

Filesize
3.3MB

Download
memory/1708-1233-0x00007FF7F38D0000-0x00007FF7F3C24000-memory.dmp

Filesize
3.3MB

Download
memory/1708-23-0x00007FF7F38D0000-0x00007FF7F3C24000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1565-0x00007FF712000000-0x00007FF712354000-memory.dmp

Filesize
3.3MB

Download
memory/2096-95-0x00007FF712000000-0x00007FF712354000-memory.dmp

Filesize
3.3MB

Download
memory/2096-160-0x00007FF712000000-0x00007FF712354000-memory.dmp

Filesize
3.3MB

Download
memory/2264-89-0x00007FF6070A0000-0x00007FF6073F4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-1561-0x00007FF6070A0000-0x00007FF6073F4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-156-0x00007FF6070A0000-0x00007FF6073F4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-1614-0x00007FF6058F0000-0x00007FF605C44000-memory.dmp

Filesize
3.3MB

Download
memory/2268-172-0x00007FF6058F0000-0x00007FF605C44000-memory.dmp

Filesize
3.3MB

Download
memory/2268-1245-0x00007FF6058F0000-0x00007FF605C44000-memory.dmp

Filesize
3.3MB

Download
memory/2692-189-0x00007FF6549A0000-0x00007FF654CF4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1618-0x00007FF6549A0000-0x00007FF654CF4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1257-0x00007FF6549A0000-0x00007FF654CF4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-122-0x00007FF7C4DF0000-0x00007FF7C5144000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1588-0x00007FF7C4DF0000-0x00007FF7C5144000-memory.dmp

Filesize
3.3MB

Download
memory/2696-190-0x00007FF7C4DF0000-0x00007FF7C5144000-memory.dmp

Filesize
3.3MB

Download
memory/2884-1577-0x00007FF69B270000-0x00007FF69B5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-185-0x00007FF69B270000-0x00007FF69B5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-115-0x00007FF69B270000-0x00007FF69B5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-62-0x00007FF7FAA60000-0x00007FF7FADB4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1493-0x00007FF7FAA60000-0x00007FF7FADB4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-121-0x00007FF7FAA60000-0x00007FF7FADB4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-1617-0x00007FF607F70000-0x00007FF6082C4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-180-0x00007FF607F70000-0x00007FF6082C4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-1256-0x00007FF607F70000-0x00007FF6082C4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-77-0x00007FF7D36C0000-0x00007FF7D3A14000-memory.dmp

Filesize
3.3MB

Download
memory/3012-26-0x00007FF7D36C0000-0x00007FF7D3A14000-memory.dmp

Filesize
3.3MB

Download
memory/3012-1234-0x00007FF7D36C0000-0x00007FF7D3A14000-memory.dmp

Filesize
3.3MB

Download
memory/3104-108-0x00007FF7E3DF0000-0x00007FF7E4144000-memory.dmp

Filesize
3.3MB

Download
memory/3104-50-0x00007FF7E3DF0000-0x00007FF7E4144000-memory.dmp

Filesize
3.3MB

Download
memory/3104-1464-0x00007FF7E3DF0000-0x00007FF7E4144000-memory.dmp

Filesize
3.3MB

Download
memory/3184-61-0x00007FF7367B0000-0x00007FF736B04000-memory.dmp

Filesize
3.3MB

Download
memory/3184-1230-0x00007FF7367B0000-0x00007FF736B04000-memory.dmp

Filesize
3.3MB

Download
memory/3184-19-0x00007FF7367B0000-0x00007FF736B04000-memory.dmp

Filesize
3.3MB

Download
memory/3632-8-0x00007FF7B0F80000-0x00007FF7B12D4000-memory.dmp

Filesize
3.3MB

Download
memory/3632-1217-0x00007FF7B0F80000-0x00007FF7B12D4000-memory.dmp

Filesize
3.3MB

Download
memory/3740-82-0x00007FF7C5500000-0x00007FF7C5854000-memory.dmp

Filesize
3.3MB

Download
memory/3740-1558-0x00007FF7C5500000-0x00007FF7C5854000-memory.dmp

Filesize
3.3MB

Download
memory/3740-148-0x00007FF7C5500000-0x00007FF7C5854000-memory.dmp

Filesize
3.3MB

Download
memory/3916-1089-0x00007FF7B20E0000-0x00007FF7B2434000-memory.dmp

Filesize
3.3MB

Download
memory/3916-1598-0x00007FF7B20E0000-0x00007FF7B2434000-memory.dmp

Filesize
3.3MB

Download
memory/3916-142-0x00007FF7B20E0000-0x00007FF7B2434000-memory.dmp

Filesize
3.3MB

Download
memory/4092-169-0x00007FF7EC8A0000-0x00007FF7ECBF4000-memory.dmp

Filesize
3.3MB

Download
memory/4092-1572-0x00007FF7EC8A0000-0x00007FF7ECBF4000-memory.dmp

Filesize
3.3MB

Download
memory/4092-102-0x00007FF7EC8A0000-0x00007FF7ECBF4000-memory.dmp

Filesize
3.3MB

Download
memory/4160-54-0x00007FF74B0D0000-0x00007FF74B424000-memory.dmp

Filesize
3.3MB

Download
memory/4160-0-0x00007FF74B0D0000-0x00007FF74B424000-memory.dmp

Filesize
3.3MB

Download
memory/4160-1-0x00000258A7500000-0x00000258A7510000-memory.dmp

Filesize
64KB

Download
memory/4572-1497-0x00007FF635DE0000-0x00007FF636134000-memory.dmp

Filesize
3.3MB

Download
memory/4572-135-0x00007FF635DE0000-0x00007FF636134000-memory.dmp

Filesize
3.3MB

Download
memory/4572-74-0x00007FF635DE0000-0x00007FF636134000-memory.dmp

Filesize
3.3MB

Download
memory/4576-1007-0x00007FF719E70000-0x00007FF71A1C4000-memory.dmp

Filesize
3.3MB

Download
memory/4576-1592-0x00007FF719E70000-0x00007FF71A1C4000-memory.dmp

Filesize
3.3MB

Download
memory/4576-129-0x00007FF719E70000-0x00007FF71A1C4000-memory.dmp

Filesize
3.3MB

Download
memory/4648-36-0x00007FF70DC20000-0x00007FF70DF74000-memory.dmp

Filesize
3.3MB

Download
memory/4648-88-0x00007FF70DC20000-0x00007FF70DF74000-memory.dmp

Filesize
3.3MB

Download
memory/4648-1237-0x00007FF70DC20000-0x00007FF70DF74000-memory.dmp

Filesize
3.3MB

Download
memory/4660-128-0x00007FF739B70000-0x00007FF739EC4000-memory.dmp

Filesize
3.3MB

Download
memory/4660-67-0x00007FF739B70000-0x00007FF739EC4000-memory.dmp

Filesize
3.3MB

Download
memory/4660-1489-0x00007FF739B70000-0x00007FF739EC4000-memory.dmp

Filesize
3.3MB

Download
memory/4700-44-0x00007FF7C5BA0000-0x00007FF7C5EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4700-1459-0x00007FF7C5BA0000-0x00007FF7C5EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4700-101-0x00007FF7C5BA0000-0x00007FF7C5EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4772-1605-0x00007FF715B10000-0x00007FF715E64000-memory.dmp

Filesize
3.3MB

Download
memory/4772-1141-0x00007FF715B10000-0x00007FF715E64000-memory.dmp

Filesize
3.3MB

Download
memory/4772-159-0x00007FF715B10000-0x00007FF715E64000-memory.dmp

Filesize
3.3MB

Download
memory/4952-1597-0x00007FF678EE0000-0x00007FF679234000-memory.dmp

Filesize
3.3MB

Download
memory/4952-1038-0x00007FF678EE0000-0x00007FF679234000-memory.dmp

Filesize
3.3MB

Download
memory/4952-136-0x00007FF678EE0000-0x00007FF679234000-memory.dmp

Filesize
3.3MB

Download