cobaltstrike | 8e04b1479619847f2bdbd130ded375a36d1a4214764d93ce3cd37a9480a27342

Analysis

max time kernel
125s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5da5dffcfac57a5cf49c3283c2a712e0
SHA1

380baf166445cb1b1fda80b5613b75ebbadd37b4
SHA256

8e04b1479619847f2bdbd130ded375a36d1a4214764d93ce3cd37a9480a27342
SHA512

98e85a95d0cef6a7e7411ee0aefe3c9b06b21752316701b940e37616dce5fa634bbe76c6a695a4750c4204c835bf4050893e754d3ab90d52cee26ef9d91c10c4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUR:T+q56utgpPF8u/7R

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b3c-4.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9b-27.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9d-24.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9e-30.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9c-32.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9f-39.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba0-47.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b98-67.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023ba4-75.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba3-73.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba2-65.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba1-54.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b97-13.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba5-83.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba9-91.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023baa-99.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bac-112.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bad-119.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bab-118.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba8-92.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bae-132.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023baf-138.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb0-145.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb2-153.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb3-164.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb1-160.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb6-180.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb8-193.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb9-201.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bba-199.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb5-187.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb7-185.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb4-173.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1892-0-0x00007FF7D1860000-0x00007FF7D1BB4000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b3c-4.dat	xmrig
behavioral2/memory/4752-6-0x00007FF685550000-0x00007FF6858A4000-memory.dmp	xmrig
behavioral2/memory/2908-11-0x00007FF792980000-0x00007FF792CD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9b-27.dat	xmrig
behavioral2/files/0x000a000000023b9d-24.dat	xmrig
behavioral2/files/0x000a000000023b9e-30.dat	xmrig
behavioral2/files/0x000a000000023b9c-32.dat	xmrig
behavioral2/files/0x000a000000023b9f-39.dat	xmrig
behavioral2/memory/2784-42-0x00007FF727020000-0x00007FF727374000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba0-47.dat	xmrig
behavioral2/memory/232-59-0x00007FF736770000-0x00007FF736AC4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b98-67.dat	xmrig
behavioral2/memory/3300-72-0x00007FF63FA90000-0x00007FF63FDE4000-memory.dmp	xmrig
behavioral2/memory/4644-78-0x00007FF61FC70000-0x00007FF61FFC4000-memory.dmp	xmrig
behavioral2/memory/2612-79-0x00007FF77F8C0000-0x00007FF77FC14000-memory.dmp	xmrig
behavioral2/memory/4180-77-0x00007FF7EDF70000-0x00007FF7EE2C4000-memory.dmp	xmrig
behavioral2/files/0x0031000000023ba4-75.dat	xmrig
behavioral2/files/0x000a000000023ba3-73.dat	xmrig
behavioral2/memory/3148-71-0x00007FF6901D0000-0x00007FF690524000-memory.dmp	xmrig
behavioral2/memory/4576-70-0x00007FF7C8A80000-0x00007FF7C8DD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba2-65.dat	xmrig
behavioral2/files/0x000a000000023ba1-54.dat	xmrig
behavioral2/memory/4736-49-0x00007FF624440000-0x00007FF624794000-memory.dmp	xmrig
behavioral2/memory/4916-35-0x00007FF659F90000-0x00007FF65A2E4000-memory.dmp	xmrig
behavioral2/memory/3764-21-0x00007FF78B000000-0x00007FF78B354000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b97-13.dat	xmrig
behavioral2/files/0x000a000000023ba5-83.dat	xmrig
behavioral2/memory/3204-86-0x00007FF7E7FD0000-0x00007FF7E8324000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba9-91.dat	xmrig
behavioral2/memory/1892-97-0x00007FF7D1860000-0x00007FF7D1BB4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023baa-99.dat	xmrig
behavioral2/memory/4752-103-0x00007FF685550000-0x00007FF6858A4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bac-112.dat	xmrig
behavioral2/files/0x000a000000023bad-119.dat	xmrig
behavioral2/memory/4712-120-0x00007FF627340000-0x00007FF627694000-memory.dmp	xmrig
behavioral2/memory/4736-126-0x00007FF624440000-0x00007FF624794000-memory.dmp	xmrig
behavioral2/memory/700-127-0x00007FF726B90000-0x00007FF726EE4000-memory.dmp	xmrig
behavioral2/memory/2784-125-0x00007FF727020000-0x00007FF727374000-memory.dmp	xmrig
behavioral2/memory/4916-124-0x00007FF659F90000-0x00007FF65A2E4000-memory.dmp	xmrig
behavioral2/memory/1996-123-0x00007FF7B34A0000-0x00007FF7B37F4000-memory.dmp	xmrig
behavioral2/memory/3764-122-0x00007FF78B000000-0x00007FF78B354000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bab-118.dat	xmrig
behavioral2/memory/2908-110-0x00007FF792980000-0x00007FF792CD4000-memory.dmp	xmrig
behavioral2/memory/4472-106-0x00007FF7872D0000-0x00007FF787624000-memory.dmp	xmrig
behavioral2/memory/4992-102-0x00007FF66B4A0000-0x00007FF66B7F4000-memory.dmp	xmrig
behavioral2/memory/3340-96-0x00007FF74DC20000-0x00007FF74DF74000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba8-92.dat	xmrig
behavioral2/files/0x000a000000023bae-132.dat	xmrig
behavioral2/memory/3300-133-0x00007FF63FA90000-0x00007FF63FDE4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023baf-138.dat	xmrig
behavioral2/files/0x000a000000023bb0-145.dat	xmrig
behavioral2/memory/3388-134-0x00007FF648310000-0x00007FF648664000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb2-153.dat	xmrig
behavioral2/memory/2672-158-0x00007FF7A6740000-0x00007FF7A6A94000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb3-164.dat	xmrig
behavioral2/files/0x000a000000023bb1-160.dat	xmrig
behavioral2/memory/2656-159-0x00007FF7B3250000-0x00007FF7B35A4000-memory.dmp	xmrig
behavioral2/memory/4808-157-0x00007FF67A0B0000-0x00007FF67A404000-memory.dmp	xmrig
behavioral2/memory/4192-156-0x00007FF600550000-0x00007FF6008A4000-memory.dmp	xmrig
behavioral2/memory/5032-154-0x00007FF7FA400000-0x00007FF7FA754000-memory.dmp	xmrig
behavioral2/memory/4856-172-0x00007FF637150000-0x00007FF6374A4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb6-180.dat	xmrig
behavioral2/memory/2580-179-0x00007FF7AF390000-0x00007FF7AF6E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4752	msAOtSD.exe
2908	zilJrRc.exe
3764	ptkMexp.exe
4916	ntiHqbY.exe
2784	NUQaMsD.exe
232	ZWhlPkT.exe
4576	gecAySA.exe
4736	qCajvgo.exe
3148	uHWBEOc.exe
4644	JwHnmaq.exe
2612	sJFnPnl.exe
3300	rsFrJpH.exe
4180	abzrQsJ.exe
3204	IzOGzep.exe
3340	gzGjqmr.exe
4992	PicECOL.exe
4472	dbUQwfi.exe
4712	UIXSwhQ.exe
1996	azIDeyn.exe
700	hhFQZZf.exe
3388	ufJMayV.exe
5032	JnokDjA.exe
4808	pJlYPAp.exe
2672	lkMdyPd.exe
4192	QLFkIDo.exe
2656	WGNaaeN.exe
4856	FPndlLu.exe
2580	uitPgnn.exe
724	GSYrNEg.exe
2076	OcCeOIx.exe
2428	UNTwlnZ.exe
1692	oHpnAOA.exe
2796	WCQwxej.exe
2844	efDKteq.exe
4456	HZCwaEr.exe
3892	SRMFgkr.exe
5064	uzNJXKZ.exe
1460	fDvLaDf.exe
4076	ZLLdWWU.exe
2148	cQdfETQ.exe
3332	MoNeiTj.exe
3336	nKWPUMg.exe
4404	PdZvVyy.exe
4976	bhUBgyv.exe
244	coNMUYX.exe
4420	rOPGVpN.exe
4088	GoVJqBQ.exe
1980	aUJsNVQ.exe
4732	RwZMHjn.exe
4188	sRFRRbj.exe
4316	qggKiML.exe
1856	fJduhbr.exe
4140	lhEYRrh.exe
3736	JGeQGNV.exe
1916	WBsYWFt.exe
2044	DlEfyGV.exe
4716	wwkpyqI.exe
3716	dOtjDEI.exe
4444	VdkZZxt.exe
3664	tsOiUKt.exe
2660	YTDSVcP.exe
4924	idelkTI.exe
5060	IBywBiz.exe
3128	asnSAqG.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1892-0-0x00007FF7D1860000-0x00007FF7D1BB4000-memory.dmp	upx
behavioral2/files/0x000c000000023b3c-4.dat	upx
behavioral2/memory/4752-6-0x00007FF685550000-0x00007FF6858A4000-memory.dmp	upx
behavioral2/memory/2908-11-0x00007FF792980000-0x00007FF792CD4000-memory.dmp	upx
behavioral2/files/0x000a000000023b9b-27.dat	upx
behavioral2/files/0x000a000000023b9d-24.dat	upx
behavioral2/files/0x000a000000023b9e-30.dat	upx
behavioral2/files/0x000a000000023b9c-32.dat	upx
behavioral2/files/0x000a000000023b9f-39.dat	upx
behavioral2/memory/2784-42-0x00007FF727020000-0x00007FF727374000-memory.dmp	upx
behavioral2/files/0x000a000000023ba0-47.dat	upx
behavioral2/memory/232-59-0x00007FF736770000-0x00007FF736AC4000-memory.dmp	upx
behavioral2/files/0x000b000000023b98-67.dat	upx
behavioral2/memory/3300-72-0x00007FF63FA90000-0x00007FF63FDE4000-memory.dmp	upx
behavioral2/memory/4644-78-0x00007FF61FC70000-0x00007FF61FFC4000-memory.dmp	upx
behavioral2/memory/2612-79-0x00007FF77F8C0000-0x00007FF77FC14000-memory.dmp	upx
behavioral2/memory/4180-77-0x00007FF7EDF70000-0x00007FF7EE2C4000-memory.dmp	upx
behavioral2/files/0x0031000000023ba4-75.dat	upx
behavioral2/files/0x000a000000023ba3-73.dat	upx
behavioral2/memory/3148-71-0x00007FF6901D0000-0x00007FF690524000-memory.dmp	upx
behavioral2/memory/4576-70-0x00007FF7C8A80000-0x00007FF7C8DD4000-memory.dmp	upx
behavioral2/files/0x000a000000023ba2-65.dat	upx
behavioral2/files/0x000a000000023ba1-54.dat	upx
behavioral2/memory/4736-49-0x00007FF624440000-0x00007FF624794000-memory.dmp	upx
behavioral2/memory/4916-35-0x00007FF659F90000-0x00007FF65A2E4000-memory.dmp	upx
behavioral2/memory/3764-21-0x00007FF78B000000-0x00007FF78B354000-memory.dmp	upx
behavioral2/files/0x000b000000023b97-13.dat	upx
behavioral2/files/0x000a000000023ba5-83.dat	upx
behavioral2/memory/3204-86-0x00007FF7E7FD0000-0x00007FF7E8324000-memory.dmp	upx
behavioral2/files/0x000a000000023ba9-91.dat	upx
behavioral2/memory/1892-97-0x00007FF7D1860000-0x00007FF7D1BB4000-memory.dmp	upx
behavioral2/files/0x000a000000023baa-99.dat	upx
behavioral2/memory/4752-103-0x00007FF685550000-0x00007FF6858A4000-memory.dmp	upx
behavioral2/files/0x000a000000023bac-112.dat	upx
behavioral2/files/0x000a000000023bad-119.dat	upx
behavioral2/memory/4712-120-0x00007FF627340000-0x00007FF627694000-memory.dmp	upx
behavioral2/memory/4736-126-0x00007FF624440000-0x00007FF624794000-memory.dmp	upx
behavioral2/memory/700-127-0x00007FF726B90000-0x00007FF726EE4000-memory.dmp	upx
behavioral2/memory/2784-125-0x00007FF727020000-0x00007FF727374000-memory.dmp	upx
behavioral2/memory/4916-124-0x00007FF659F90000-0x00007FF65A2E4000-memory.dmp	upx
behavioral2/memory/1996-123-0x00007FF7B34A0000-0x00007FF7B37F4000-memory.dmp	upx
behavioral2/memory/3764-122-0x00007FF78B000000-0x00007FF78B354000-memory.dmp	upx
behavioral2/files/0x000a000000023bab-118.dat	upx
behavioral2/memory/2908-110-0x00007FF792980000-0x00007FF792CD4000-memory.dmp	upx
behavioral2/memory/4472-106-0x00007FF7872D0000-0x00007FF787624000-memory.dmp	upx
behavioral2/memory/4992-102-0x00007FF66B4A0000-0x00007FF66B7F4000-memory.dmp	upx
behavioral2/memory/3340-96-0x00007FF74DC20000-0x00007FF74DF74000-memory.dmp	upx
behavioral2/files/0x000a000000023ba8-92.dat	upx
behavioral2/files/0x000a000000023bae-132.dat	upx
behavioral2/memory/3300-133-0x00007FF63FA90000-0x00007FF63FDE4000-memory.dmp	upx
behavioral2/files/0x000a000000023baf-138.dat	upx
behavioral2/files/0x000a000000023bb0-145.dat	upx
behavioral2/memory/3388-134-0x00007FF648310000-0x00007FF648664000-memory.dmp	upx
behavioral2/files/0x000a000000023bb2-153.dat	upx
behavioral2/memory/2672-158-0x00007FF7A6740000-0x00007FF7A6A94000-memory.dmp	upx
behavioral2/files/0x000a000000023bb3-164.dat	upx
behavioral2/files/0x000a000000023bb1-160.dat	upx
behavioral2/memory/2656-159-0x00007FF7B3250000-0x00007FF7B35A4000-memory.dmp	upx
behavioral2/memory/4808-157-0x00007FF67A0B0000-0x00007FF67A404000-memory.dmp	upx
behavioral2/memory/4192-156-0x00007FF600550000-0x00007FF6008A4000-memory.dmp	upx
behavioral2/memory/5032-154-0x00007FF7FA400000-0x00007FF7FA754000-memory.dmp	upx
behavioral2/memory/4856-172-0x00007FF637150000-0x00007FF6374A4000-memory.dmp	upx
behavioral2/files/0x000a000000023bb6-180.dat	upx
behavioral2/memory/2580-179-0x00007FF7AF390000-0x00007FF7AF6E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ONvvXHe.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HorobcA.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIWVDXk.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwKKEfF.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLFkIDo.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WbmEtGY.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBGTCrT.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOlzmOa.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wAUzLqy.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\okiFDVM.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zilJrRc.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qgTRtHC.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zrNoFXL.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsZDkQr.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZvaFjE.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTLZCQt.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPHgNuY.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qCajvgo.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ptfIxda.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLFNCAp.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vYtxtiQ.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTfQhyF.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvZIvOa.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRzfwuc.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWYmHvy.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\imBOhun.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cpGRUGN.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYpyNiq.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBnnVzJ.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FiQUheA.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLfbbqM.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXchWSm.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfxFXqI.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qggKiML.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pZpspxU.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzoKBZK.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ehbRfcv.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWypDuu.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\boFDBXB.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVWSPDH.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfTRYtr.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiSUoqf.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyAfZAl.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GeMlBSQ.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRMFgkr.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JXZMwba.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZATTaT.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQYoSsM.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rxwvCSY.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYMRqGo.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UpDTkux.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zzzHOMd.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IwTOlxC.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKUNUda.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UlwkDvR.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kEWhuFd.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntiHqbY.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aoznRCh.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwupsMY.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WjfHnIR.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fJduhbr.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVTURjh.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBFOEYr.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NiqLCwA.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 4752	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1892 wrote to memory of 4752	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1892 wrote to memory of 2908	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1892 wrote to memory of 2908	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1892 wrote to memory of 3764	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1892 wrote to memory of 3764	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1892 wrote to memory of 4916	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1892 wrote to memory of 4916	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1892 wrote to memory of 2784	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1892 wrote to memory of 2784	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1892 wrote to memory of 232	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1892 wrote to memory of 232	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1892 wrote to memory of 4576	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1892 wrote to memory of 4576	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1892 wrote to memory of 4736	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1892 wrote to memory of 4736	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1892 wrote to memory of 3148	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1892 wrote to memory of 3148	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1892 wrote to memory of 4644	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1892 wrote to memory of 4644	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1892 wrote to memory of 2612	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1892 wrote to memory of 2612	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1892 wrote to memory of 3300	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1892 wrote to memory of 3300	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1892 wrote to memory of 4180	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1892 wrote to memory of 4180	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1892 wrote to memory of 3204	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1892 wrote to memory of 3204	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1892 wrote to memory of 3340	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1892 wrote to memory of 3340	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1892 wrote to memory of 4992	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1892 wrote to memory of 4992	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1892 wrote to memory of 4472	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1892 wrote to memory of 4472	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1892 wrote to memory of 4712	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1892 wrote to memory of 4712	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1892 wrote to memory of 1996	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1892 wrote to memory of 1996	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1892 wrote to memory of 700	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1892 wrote to memory of 700	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1892 wrote to memory of 3388	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1892 wrote to memory of 3388	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1892 wrote to memory of 5032	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1892 wrote to memory of 5032	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1892 wrote to memory of 4808	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1892 wrote to memory of 4808	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1892 wrote to memory of 2672	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1892 wrote to memory of 2672	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1892 wrote to memory of 4192	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1892 wrote to memory of 4192	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1892 wrote to memory of 2656	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1892 wrote to memory of 2656	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1892 wrote to memory of 4856	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1892 wrote to memory of 4856	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1892 wrote to memory of 2580	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1892 wrote to memory of 2580	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1892 wrote to memory of 724	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1892 wrote to memory of 724	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1892 wrote to memory of 2076	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1892 wrote to memory of 2076	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1892 wrote to memory of 2428	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1892 wrote to memory of 2428	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1892 wrote to memory of 2796	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1892 wrote to memory of 2796	1892	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Windows\System\msAOtSD.exe
  C:\Windows\System\msAOtSD.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\zilJrRc.exe
  C:\Windows\System\zilJrRc.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\ptkMexp.exe
  C:\Windows\System\ptkMexp.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\ntiHqbY.exe
  C:\Windows\System\ntiHqbY.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\NUQaMsD.exe
  C:\Windows\System\NUQaMsD.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\ZWhlPkT.exe
  C:\Windows\System\ZWhlPkT.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\gecAySA.exe
  C:\Windows\System\gecAySA.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\qCajvgo.exe
  C:\Windows\System\qCajvgo.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\uHWBEOc.exe
  C:\Windows\System\uHWBEOc.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\JwHnmaq.exe
  C:\Windows\System\JwHnmaq.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\sJFnPnl.exe
  C:\Windows\System\sJFnPnl.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\rsFrJpH.exe
  C:\Windows\System\rsFrJpH.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\abzrQsJ.exe
  C:\Windows\System\abzrQsJ.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\IzOGzep.exe
  C:\Windows\System\IzOGzep.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\gzGjqmr.exe
  C:\Windows\System\gzGjqmr.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\PicECOL.exe
  C:\Windows\System\PicECOL.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\dbUQwfi.exe
  C:\Windows\System\dbUQwfi.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\UIXSwhQ.exe
  C:\Windows\System\UIXSwhQ.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\azIDeyn.exe
  C:\Windows\System\azIDeyn.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\hhFQZZf.exe
  C:\Windows\System\hhFQZZf.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\ufJMayV.exe
  C:\Windows\System\ufJMayV.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\JnokDjA.exe
  C:\Windows\System\JnokDjA.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\pJlYPAp.exe
  C:\Windows\System\pJlYPAp.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\lkMdyPd.exe
  C:\Windows\System\lkMdyPd.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\QLFkIDo.exe
  C:\Windows\System\QLFkIDo.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\WGNaaeN.exe
  C:\Windows\System\WGNaaeN.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\FPndlLu.exe
  C:\Windows\System\FPndlLu.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\uitPgnn.exe
  C:\Windows\System\uitPgnn.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\GSYrNEg.exe
  C:\Windows\System\GSYrNEg.exe
  2⤵
  - Executes dropped EXE
  PID:724
- C:\Windows\System\OcCeOIx.exe
  C:\Windows\System\OcCeOIx.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\UNTwlnZ.exe
  C:\Windows\System\UNTwlnZ.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\WCQwxej.exe
  C:\Windows\System\WCQwxej.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\oHpnAOA.exe
  C:\Windows\System\oHpnAOA.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\efDKteq.exe
  C:\Windows\System\efDKteq.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\HZCwaEr.exe
  C:\Windows\System\HZCwaEr.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\SRMFgkr.exe
  C:\Windows\System\SRMFgkr.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\uzNJXKZ.exe
  C:\Windows\System\uzNJXKZ.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\fDvLaDf.exe
  C:\Windows\System\fDvLaDf.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\ZLLdWWU.exe
  C:\Windows\System\ZLLdWWU.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\cQdfETQ.exe
  C:\Windows\System\cQdfETQ.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\MoNeiTj.exe
  C:\Windows\System\MoNeiTj.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\nKWPUMg.exe
  C:\Windows\System\nKWPUMg.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\PdZvVyy.exe
  C:\Windows\System\PdZvVyy.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\bhUBgyv.exe
  C:\Windows\System\bhUBgyv.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\coNMUYX.exe
  C:\Windows\System\coNMUYX.exe
  2⤵
  - Executes dropped EXE
  PID:244
- C:\Windows\System\rOPGVpN.exe
  C:\Windows\System\rOPGVpN.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\GoVJqBQ.exe
  C:\Windows\System\GoVJqBQ.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\aUJsNVQ.exe
  C:\Windows\System\aUJsNVQ.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\RwZMHjn.exe
  C:\Windows\System\RwZMHjn.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\sRFRRbj.exe
  C:\Windows\System\sRFRRbj.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\qggKiML.exe
  C:\Windows\System\qggKiML.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\fJduhbr.exe
  C:\Windows\System\fJduhbr.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\lhEYRrh.exe
  C:\Windows\System\lhEYRrh.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\JGeQGNV.exe
  C:\Windows\System\JGeQGNV.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\WBsYWFt.exe
  C:\Windows\System\WBsYWFt.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\DlEfyGV.exe
  C:\Windows\System\DlEfyGV.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\wwkpyqI.exe
  C:\Windows\System\wwkpyqI.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\dOtjDEI.exe
  C:\Windows\System\dOtjDEI.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\VdkZZxt.exe
  C:\Windows\System\VdkZZxt.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\tsOiUKt.exe
  C:\Windows\System\tsOiUKt.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\YTDSVcP.exe
  C:\Windows\System\YTDSVcP.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\idelkTI.exe
  C:\Windows\System\idelkTI.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\IBywBiz.exe
  C:\Windows\System\IBywBiz.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\asnSAqG.exe
  C:\Windows\System\asnSAqG.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\rsUzcbH.exe
  C:\Windows\System\rsUzcbH.exe
  2⤵
  PID:2476
- C:\Windows\System\jVnAZaX.exe
  C:\Windows\System\jVnAZaX.exe
  2⤵
  PID:4504
- C:\Windows\System\neTFouA.exe
  C:\Windows\System\neTFouA.exe
  2⤵
  PID:1564
- C:\Windows\System\iXkJQiI.exe
  C:\Windows\System\iXkJQiI.exe
  2⤵
  PID:2104
- C:\Windows\System\vpvLGBl.exe
  C:\Windows\System\vpvLGBl.exe
  2⤵
  PID:4376
- C:\Windows\System\OSSGWiu.exe
  C:\Windows\System\OSSGWiu.exe
  2⤵
  PID:1100
- C:\Windows\System\WBXeKbW.exe
  C:\Windows\System\WBXeKbW.exe
  2⤵
  PID:944
- C:\Windows\System\ZYcGVqR.exe
  C:\Windows\System\ZYcGVqR.exe
  2⤵
  PID:2280
- C:\Windows\System\oYquOpF.exe
  C:\Windows\System\oYquOpF.exe
  2⤵
  PID:1492
- C:\Windows\System\XNpVxyN.exe
  C:\Windows\System\XNpVxyN.exe
  2⤵
  PID:668
- C:\Windows\System\BRODnEa.exe
  C:\Windows\System\BRODnEa.exe
  2⤵
  PID:1680
- C:\Windows\System\XLIFXyN.exe
  C:\Windows\System\XLIFXyN.exe
  2⤵
  PID:4400
- C:\Windows\System\POeZDLc.exe
  C:\Windows\System\POeZDLc.exe
  2⤵
  PID:4020
- C:\Windows\System\bMbezBE.exe
  C:\Windows\System\bMbezBE.exe
  2⤵
  PID:412
- C:\Windows\System\nGsbqTl.exe
  C:\Windows\System\nGsbqTl.exe
  2⤵
  PID:3988
- C:\Windows\System\nDRbXFk.exe
  C:\Windows\System\nDRbXFk.exe
  2⤵
  PID:4432
- C:\Windows\System\warAmuh.exe
  C:\Windows\System\warAmuh.exe
  2⤵
  PID:3652
- C:\Windows\System\HQjsJGH.exe
  C:\Windows\System\HQjsJGH.exe
  2⤵
  PID:3976
- C:\Windows\System\oYkMxuA.exe
  C:\Windows\System\oYkMxuA.exe
  2⤵
  PID:4720
- C:\Windows\System\cdUsooQ.exe
  C:\Windows\System\cdUsooQ.exe
  2⤵
  PID:2308
- C:\Windows\System\iVuCHdZ.exe
  C:\Windows\System\iVuCHdZ.exe
  2⤵
  PID:4520
- C:\Windows\System\QaEQYGP.exe
  C:\Windows\System\QaEQYGP.exe
  2⤵
  PID:4488
- C:\Windows\System\lBtDCII.exe
  C:\Windows\System\lBtDCII.exe
  2⤵
  PID:3284
- C:\Windows\System\NixhjQt.exe
  C:\Windows\System\NixhjQt.exe
  2⤵
  PID:2964
- C:\Windows\System\IblMYth.exe
  C:\Windows\System\IblMYth.exe
  2⤵
  PID:2328
- C:\Windows\System\jdvTEEJ.exe
  C:\Windows\System\jdvTEEJ.exe
  2⤵
  PID:4160
- C:\Windows\System\CQQTQIr.exe
  C:\Windows\System\CQQTQIr.exe
  2⤵
  PID:4216
- C:\Windows\System\xxhsCjB.exe
  C:\Windows\System\xxhsCjB.exe
  2⤵
  PID:2604
- C:\Windows\System\xKmsvKm.exe
  C:\Windows\System\xKmsvKm.exe
  2⤵
  PID:1428
- C:\Windows\System\xUeGquR.exe
  C:\Windows\System\xUeGquR.exe
  2⤵
  PID:3132
- C:\Windows\System\ZTXbXSa.exe
  C:\Windows\System\ZTXbXSa.exe
  2⤵
  PID:2704
- C:\Windows\System\iowssoG.exe
  C:\Windows\System\iowssoG.exe
  2⤵
  PID:640
- C:\Windows\System\jvNNqUJ.exe
  C:\Windows\System\jvNNqUJ.exe
  2⤵
  PID:3440
- C:\Windows\System\tTpbvJb.exe
  C:\Windows\System\tTpbvJb.exe
  2⤵
  PID:1992
- C:\Windows\System\wEWTofw.exe
  C:\Windows\System\wEWTofw.exe
  2⤵
  PID:212
- C:\Windows\System\CEeMtpb.exe
  C:\Windows\System\CEeMtpb.exe
  2⤵
  PID:4568
- C:\Windows\System\NHeNfOr.exe
  C:\Windows\System\NHeNfOr.exe
  2⤵
  PID:1908
- C:\Windows\System\izIMgao.exe
  C:\Windows\System\izIMgao.exe
  2⤵
  PID:1644
- C:\Windows\System\CxQZuXC.exe
  C:\Windows\System\CxQZuXC.exe
  2⤵
  PID:2532
- C:\Windows\System\sKPjeOy.exe
  C:\Windows\System\sKPjeOy.exe
  2⤵
  PID:1420
- C:\Windows\System\BfPBctG.exe
  C:\Windows\System\BfPBctG.exe
  2⤵
  PID:3620
- C:\Windows\System\leXVQdD.exe
  C:\Windows\System\leXVQdD.exe
  2⤵
  PID:4000
- C:\Windows\System\BsUuaLf.exe
  C:\Windows\System\BsUuaLf.exe
  2⤵
  PID:2060
- C:\Windows\System\vKRVeag.exe
  C:\Windows\System\vKRVeag.exe
  2⤵
  PID:1504
- C:\Windows\System\LkZUXtP.exe
  C:\Windows\System\LkZUXtP.exe
  2⤵
  PID:3436
- C:\Windows\System\mxFkanL.exe
  C:\Windows\System\mxFkanL.exe
  2⤵
  PID:2488
- C:\Windows\System\OTXNgMe.exe
  C:\Windows\System\OTXNgMe.exe
  2⤵
  PID:5132
- C:\Windows\System\hYRvMMY.exe
  C:\Windows\System\hYRvMMY.exe
  2⤵
  PID:5168
- C:\Windows\System\eXgZcbv.exe
  C:\Windows\System\eXgZcbv.exe
  2⤵
  PID:5236
- C:\Windows\System\luiIROb.exe
  C:\Windows\System\luiIROb.exe
  2⤵
  PID:5288
- C:\Windows\System\iaRtAVS.exe
  C:\Windows\System\iaRtAVS.exe
  2⤵
  PID:5388
- C:\Windows\System\Pkjeivh.exe
  C:\Windows\System\Pkjeivh.exe
  2⤵
  PID:5408
- C:\Windows\System\BewVnTF.exe
  C:\Windows\System\BewVnTF.exe
  2⤵
  PID:5440
- C:\Windows\System\xhGwGiJ.exe
  C:\Windows\System\xhGwGiJ.exe
  2⤵
  PID:5476
- C:\Windows\System\VXNpFMb.exe
  C:\Windows\System\VXNpFMb.exe
  2⤵
  PID:5520
- C:\Windows\System\NNqRZCM.exe
  C:\Windows\System\NNqRZCM.exe
  2⤵
  PID:5556
- C:\Windows\System\IfuILXb.exe
  C:\Windows\System\IfuILXb.exe
  2⤵
  PID:5596
- C:\Windows\System\mtWTiJl.exe
  C:\Windows\System\mtWTiJl.exe
  2⤵
  PID:5636
- C:\Windows\System\qWHPSbG.exe
  C:\Windows\System\qWHPSbG.exe
  2⤵
  PID:5704
- C:\Windows\System\PJfyRBq.exe
  C:\Windows\System\PJfyRBq.exe
  2⤵
  PID:5740
- C:\Windows\System\NoaIWln.exe
  C:\Windows\System\NoaIWln.exe
  2⤵
  PID:5772
- C:\Windows\System\jcAnHsS.exe
  C:\Windows\System\jcAnHsS.exe
  2⤵
  PID:5812
- C:\Windows\System\WbmEtGY.exe
  C:\Windows\System\WbmEtGY.exe
  2⤵
  PID:5840
- C:\Windows\System\PMiBBwF.exe
  C:\Windows\System\PMiBBwF.exe
  2⤵
  PID:5872
- C:\Windows\System\bDTJNqh.exe
  C:\Windows\System\bDTJNqh.exe
  2⤵
  PID:5896
- C:\Windows\System\IWKvCXe.exe
  C:\Windows\System\IWKvCXe.exe
  2⤵
  PID:5924
- C:\Windows\System\qiLOVjL.exe
  C:\Windows\System\qiLOVjL.exe
  2⤵
  PID:5960
- C:\Windows\System\DaRtMMt.exe
  C:\Windows\System\DaRtMMt.exe
  2⤵
  PID:5992
- C:\Windows\System\aprbAlm.exe
  C:\Windows\System\aprbAlm.exe
  2⤵
  PID:6024
- C:\Windows\System\SLvkCmY.exe
  C:\Windows\System\SLvkCmY.exe
  2⤵
  PID:6048
- C:\Windows\System\OVuWWKv.exe
  C:\Windows\System\OVuWWKv.exe
  2⤵
  PID:6076
- C:\Windows\System\zzzHOMd.exe
  C:\Windows\System\zzzHOMd.exe
  2⤵
  PID:6108
- C:\Windows\System\rVmfkOb.exe
  C:\Windows\System\rVmfkOb.exe
  2⤵
  PID:6136
- C:\Windows\System\KFUrtvV.exe
  C:\Windows\System\KFUrtvV.exe
  2⤵
  PID:5188
- C:\Windows\System\kmMViwS.exe
  C:\Windows\System\kmMViwS.exe
  2⤵
  PID:5396
- C:\Windows\System\WWTrtio.exe
  C:\Windows\System\WWTrtio.exe
  2⤵
  PID:5464
- C:\Windows\System\UGjHNGm.exe
  C:\Windows\System\UGjHNGm.exe
  2⤵
  PID:5548
- C:\Windows\System\qEqKLrh.exe
  C:\Windows\System\qEqKLrh.exe
  2⤵
  PID:5424
- C:\Windows\System\RxREGTQ.exe
  C:\Windows\System\RxREGTQ.exe
  2⤵
  PID:1720
- C:\Windows\System\PLRcXIp.exe
  C:\Windows\System\PLRcXIp.exe
  2⤵
  PID:5728
- C:\Windows\System\awdqEiu.exe
  C:\Windows\System\awdqEiu.exe
  2⤵
  PID:5836
- C:\Windows\System\eqSYQTt.exe
  C:\Windows\System\eqSYQTt.exe
  2⤵
  PID:5356
- C:\Windows\System\cXqsrFQ.exe
  C:\Windows\System\cXqsrFQ.exe
  2⤵
  PID:5252
- C:\Windows\System\lwuYTJC.exe
  C:\Windows\System\lwuYTJC.exe
  2⤵
  PID:5932
- C:\Windows\System\idRfawp.exe
  C:\Windows\System\idRfawp.exe
  2⤵
  PID:1092
- C:\Windows\System\xZXpagM.exe
  C:\Windows\System\xZXpagM.exe
  2⤵
  PID:4384
- C:\Windows\System\QEYWiKV.exe
  C:\Windows\System\QEYWiKV.exe
  2⤵
  PID:6056
- C:\Windows\System\ivYRKyW.exe
  C:\Windows\System\ivYRKyW.exe
  2⤵
  PID:3368
- C:\Windows\System\rMYqCtP.exe
  C:\Windows\System\rMYqCtP.exe
  2⤵
  PID:5472
- C:\Windows\System\NrPDNdK.exe
  C:\Windows\System\NrPDNdK.exe
  2⤵
  PID:5592
- C:\Windows\System\klSNrWh.exe
  C:\Windows\System\klSNrWh.exe
  2⤵
  PID:5720
- C:\Windows\System\uhsHztB.exe
  C:\Windows\System\uhsHztB.exe
  2⤵
  PID:5580
- C:\Windows\System\EIvjYhV.exe
  C:\Windows\System\EIvjYhV.exe
  2⤵
  PID:4680
- C:\Windows\System\RtCSJam.exe
  C:\Windows\System\RtCSJam.exe
  2⤵
  PID:6096
- C:\Windows\System\IBnnVzJ.exe
  C:\Windows\System\IBnnVzJ.exe
  2⤵
  PID:4596
- C:\Windows\System\wURueeq.exe
  C:\Windows\System\wURueeq.exe
  2⤵
  PID:5864
- C:\Windows\System\VOgzNQP.exe
  C:\Windows\System\VOgzNQP.exe
  2⤵
  PID:6152
- C:\Windows\System\QdxUDMX.exe
  C:\Windows\System\QdxUDMX.exe
  2⤵
  PID:6200
- C:\Windows\System\FIWhwOI.exe
  C:\Windows\System\FIWhwOI.exe
  2⤵
  PID:6228
- C:\Windows\System\NiHETTm.exe
  C:\Windows\System\NiHETTm.exe
  2⤵
  PID:6260
- C:\Windows\System\katpdik.exe
  C:\Windows\System\katpdik.exe
  2⤵
  PID:6288
- C:\Windows\System\nYomOHq.exe
  C:\Windows\System\nYomOHq.exe
  2⤵
  PID:6316
- C:\Windows\System\uqJfDpR.exe
  C:\Windows\System\uqJfDpR.exe
  2⤵
  PID:6348
- C:\Windows\System\dHImJKh.exe
  C:\Windows\System\dHImJKh.exe
  2⤵
  PID:6372
- C:\Windows\System\ASsBzCz.exe
  C:\Windows\System\ASsBzCz.exe
  2⤵
  PID:6400
- C:\Windows\System\AhtaSpK.exe
  C:\Windows\System\AhtaSpK.exe
  2⤵
  PID:6432
- C:\Windows\System\vMhACwP.exe
  C:\Windows\System\vMhACwP.exe
  2⤵
  PID:6456
- C:\Windows\System\FAyGVti.exe
  C:\Windows\System\FAyGVti.exe
  2⤵
  PID:6492
- C:\Windows\System\SRzfwuc.exe
  C:\Windows\System\SRzfwuc.exe
  2⤵
  PID:6520
- C:\Windows\System\PDzLPMS.exe
  C:\Windows\System\PDzLPMS.exe
  2⤵
  PID:6548
- C:\Windows\System\BGQWftq.exe
  C:\Windows\System\BGQWftq.exe
  2⤵
  PID:6580
- C:\Windows\System\KDPARLd.exe
  C:\Windows\System\KDPARLd.exe
  2⤵
  PID:6596
- C:\Windows\System\JmOflwN.exe
  C:\Windows\System\JmOflwN.exe
  2⤵
  PID:6628
- C:\Windows\System\qRpHUVU.exe
  C:\Windows\System\qRpHUVU.exe
  2⤵
  PID:6652
- C:\Windows\System\EurbduE.exe
  C:\Windows\System\EurbduE.exe
  2⤵
  PID:6700
- C:\Windows\System\lUtjQVc.exe
  C:\Windows\System\lUtjQVc.exe
  2⤵
  PID:6756
- C:\Windows\System\hBFCbON.exe
  C:\Windows\System\hBFCbON.exe
  2⤵
  PID:6796
- C:\Windows\System\UlVWyJT.exe
  C:\Windows\System\UlVWyJT.exe
  2⤵
  PID:6820
- C:\Windows\System\AdxfhRD.exe
  C:\Windows\System\AdxfhRD.exe
  2⤵
  PID:6856
- C:\Windows\System\YPJCoOm.exe
  C:\Windows\System\YPJCoOm.exe
  2⤵
  PID:6888
- C:\Windows\System\FiQUheA.exe
  C:\Windows\System\FiQUheA.exe
  2⤵
  PID:6916
- C:\Windows\System\NCZLgDE.exe
  C:\Windows\System\NCZLgDE.exe
  2⤵
  PID:6944
- C:\Windows\System\wFpAqZg.exe
  C:\Windows\System\wFpAqZg.exe
  2⤵
  PID:6976
- C:\Windows\System\HHMHkeI.exe
  C:\Windows\System\HHMHkeI.exe
  2⤵
  PID:7004
- C:\Windows\System\HvglaCz.exe
  C:\Windows\System\HvglaCz.exe
  2⤵
  PID:7032
- C:\Windows\System\fDFuEPe.exe
  C:\Windows\System\fDFuEPe.exe
  2⤵
  PID:7056
- C:\Windows\System\jCGwqtX.exe
  C:\Windows\System\jCGwqtX.exe
  2⤵
  PID:7088
- C:\Windows\System\BLebAWp.exe
  C:\Windows\System\BLebAWp.exe
  2⤵
  PID:7108
- C:\Windows\System\irWgybY.exe
  C:\Windows\System\irWgybY.exe
  2⤵
  PID:7148
- C:\Windows\System\dFyZVIM.exe
  C:\Windows\System\dFyZVIM.exe
  2⤵
  PID:5980
- C:\Windows\System\iQEhldk.exe
  C:\Windows\System\iQEhldk.exe
  2⤵
  PID:6168
- C:\Windows\System\TJONgrU.exe
  C:\Windows\System\TJONgrU.exe
  2⤵
  PID:6128
- C:\Windows\System\muZboKH.exe
  C:\Windows\System\muZboKH.exe
  2⤵
  PID:6300
- C:\Windows\System\gbPfLEv.exe
  C:\Windows\System\gbPfLEv.exe
  2⤵
  PID:6364
- C:\Windows\System\lBpOTgp.exe
  C:\Windows\System\lBpOTgp.exe
  2⤵
  PID:6412
- C:\Windows\System\zFAsNWF.exe
  C:\Windows\System\zFAsNWF.exe
  2⤵
  PID:6480
- C:\Windows\System\aaBKXey.exe
  C:\Windows\System\aaBKXey.exe
  2⤵
  PID:6556
- C:\Windows\System\JONfVIj.exe
  C:\Windows\System\JONfVIj.exe
  2⤵
  PID:6612
- C:\Windows\System\rmLDHRP.exe
  C:\Windows\System\rmLDHRP.exe
  2⤵
  PID:6712
- C:\Windows\System\HyGONLd.exe
  C:\Windows\System\HyGONLd.exe
  2⤵
  PID:6116
- C:\Windows\System\CtRHBxo.exe
  C:\Windows\System\CtRHBxo.exe
  2⤵
  PID:5664
- C:\Windows\System\fJeDkfD.exe
  C:\Windows\System\fJeDkfD.exe
  2⤵
  PID:6840
- C:\Windows\System\houmPpQ.exe
  C:\Windows\System\houmPpQ.exe
  2⤵
  PID:6912
- C:\Windows\System\jkxlyfl.exe
  C:\Windows\System\jkxlyfl.exe
  2⤵
  PID:6964
- C:\Windows\System\bvvwYFJ.exe
  C:\Windows\System\bvvwYFJ.exe
  2⤵
  PID:7096
- C:\Windows\System\FvlYCIv.exe
  C:\Windows\System\FvlYCIv.exe
  2⤵
  PID:6336
- C:\Windows\System\nwhwjBk.exe
  C:\Windows\System\nwhwjBk.exe
  2⤵
  PID:6748
- C:\Windows\System\tQEqEML.exe
  C:\Windows\System\tQEqEML.exe
  2⤵
  PID:6864
- C:\Windows\System\THpTjEl.exe
  C:\Windows\System\THpTjEl.exe
  2⤵
  PID:6952
- C:\Windows\System\llOrhgu.exe
  C:\Windows\System\llOrhgu.exe
  2⤵
  PID:6664
- C:\Windows\System\NMWjKOo.exe
  C:\Windows\System\NMWjKOo.exe
  2⤵
  PID:7184
- C:\Windows\System\AyAPskt.exe
  C:\Windows\System\AyAPskt.exe
  2⤵
  PID:7208
- C:\Windows\System\YRYhEDj.exe
  C:\Windows\System\YRYhEDj.exe
  2⤵
  PID:7240
- C:\Windows\System\oncXkPp.exe
  C:\Windows\System\oncXkPp.exe
  2⤵
  PID:7300
- C:\Windows\System\uniJDMq.exe
  C:\Windows\System\uniJDMq.exe
  2⤵
  PID:7340
- C:\Windows\System\uYSDGNS.exe
  C:\Windows\System\uYSDGNS.exe
  2⤵
  PID:7368
- C:\Windows\System\oNxJfwD.exe
  C:\Windows\System\oNxJfwD.exe
  2⤵
  PID:7396
- C:\Windows\System\dZxkGct.exe
  C:\Windows\System\dZxkGct.exe
  2⤵
  PID:7424
- C:\Windows\System\eorAEjh.exe
  C:\Windows\System\eorAEjh.exe
  2⤵
  PID:7448
- C:\Windows\System\VWJQDEB.exe
  C:\Windows\System\VWJQDEB.exe
  2⤵
  PID:7480
- C:\Windows\System\tajvImX.exe
  C:\Windows\System\tajvImX.exe
  2⤵
  PID:7508
- C:\Windows\System\MBGTCrT.exe
  C:\Windows\System\MBGTCrT.exe
  2⤵
  PID:7536
- C:\Windows\System\vHRares.exe
  C:\Windows\System\vHRares.exe
  2⤵
  PID:7564
- C:\Windows\System\PlUdhIt.exe
  C:\Windows\System\PlUdhIt.exe
  2⤵
  PID:7600
- C:\Windows\System\cuSwHrY.exe
  C:\Windows\System\cuSwHrY.exe
  2⤵
  PID:7628
- C:\Windows\System\WYYKVqa.exe
  C:\Windows\System\WYYKVqa.exe
  2⤵
  PID:7656
- C:\Windows\System\wkpKEiq.exe
  C:\Windows\System\wkpKEiq.exe
  2⤵
  PID:7680
- C:\Windows\System\jhhJYqC.exe
  C:\Windows\System\jhhJYqC.exe
  2⤵
  PID:7712
- C:\Windows\System\uFJCWQl.exe
  C:\Windows\System\uFJCWQl.exe
  2⤵
  PID:7744
- C:\Windows\System\INxqjyt.exe
  C:\Windows\System\INxqjyt.exe
  2⤵
  PID:7772
- C:\Windows\System\mXfOJML.exe
  C:\Windows\System\mXfOJML.exe
  2⤵
  PID:7800
- C:\Windows\System\ptfIxda.exe
  C:\Windows\System\ptfIxda.exe
  2⤵
  PID:7820
- C:\Windows\System\vludoCH.exe
  C:\Windows\System\vludoCH.exe
  2⤵
  PID:7848
- C:\Windows\System\LacPoXr.exe
  C:\Windows\System\LacPoXr.exe
  2⤵
  PID:7876
- C:\Windows\System\zOIliQH.exe
  C:\Windows\System\zOIliQH.exe
  2⤵
  PID:7904
- C:\Windows\System\vfHMtet.exe
  C:\Windows\System\vfHMtet.exe
  2⤵
  PID:7932
- C:\Windows\System\fhkSOEF.exe
  C:\Windows\System\fhkSOEF.exe
  2⤵
  PID:7968
- C:\Windows\System\sLSgxEn.exe
  C:\Windows\System\sLSgxEn.exe
  2⤵
  PID:7988
- C:\Windows\System\uwTItAd.exe
  C:\Windows\System\uwTItAd.exe
  2⤵
  PID:8016
- C:\Windows\System\bcvhipq.exe
  C:\Windows\System\bcvhipq.exe
  2⤵
  PID:8048
- C:\Windows\System\Svcueyd.exe
  C:\Windows\System\Svcueyd.exe
  2⤵
  PID:8080
- C:\Windows\System\dMsRzZy.exe
  C:\Windows\System\dMsRzZy.exe
  2⤵
  PID:8104
- C:\Windows\System\EnyKVIk.exe
  C:\Windows\System\EnyKVIk.exe
  2⤵
  PID:8128
- C:\Windows\System\QHqmJFI.exe
  C:\Windows\System\QHqmJFI.exe
  2⤵
  PID:8156
- C:\Windows\System\WidybjH.exe
  C:\Windows\System\WidybjH.exe
  2⤵
  PID:8184
- C:\Windows\System\nlxSgFk.exe
  C:\Windows\System\nlxSgFk.exe
  2⤵
  PID:7224
- C:\Windows\System\iGrUwbM.exe
  C:\Windows\System\iGrUwbM.exe
  2⤵
  PID:7164
- C:\Windows\System\fVYJeNQ.exe
  C:\Windows\System\fVYJeNQ.exe
  2⤵
  PID:7308
- C:\Windows\System\BAXJcLf.exe
  C:\Windows\System\BAXJcLf.exe
  2⤵
  PID:7268
- C:\Windows\System\mRCngtU.exe
  C:\Windows\System\mRCngtU.exe
  2⤵
  PID:7364
- C:\Windows\System\ikiCzxI.exe
  C:\Windows\System\ikiCzxI.exe
  2⤵
  PID:7412
- C:\Windows\System\rhIYWYT.exe
  C:\Windows\System\rhIYWYT.exe
  2⤵
  PID:7492
- C:\Windows\System\cbVoAmk.exe
  C:\Windows\System\cbVoAmk.exe
  2⤵
  PID:7548
- C:\Windows\System\oewaDpi.exe
  C:\Windows\System\oewaDpi.exe
  2⤵
  PID:7608
- C:\Windows\System\STIkPKe.exe
  C:\Windows\System\STIkPKe.exe
  2⤵
  PID:7668
- C:\Windows\System\GMXHAlB.exe
  C:\Windows\System\GMXHAlB.exe
  2⤵
  PID:7728
- C:\Windows\System\KioCWic.exe
  C:\Windows\System\KioCWic.exe
  2⤵
  PID:7812
- C:\Windows\System\xwDHcEb.exe
  C:\Windows\System\xwDHcEb.exe
  2⤵
  PID:7888
- C:\Windows\System\WVTURjh.exe
  C:\Windows\System\WVTURjh.exe
  2⤵
  PID:7952
- C:\Windows\System\XELEbMJ.exe
  C:\Windows\System\XELEbMJ.exe
  2⤵
  PID:8012
- C:\Windows\System\XDQdbYA.exe
  C:\Windows\System\XDQdbYA.exe
  2⤵
  PID:8088
- C:\Windows\System\BGwDjBi.exe
  C:\Windows\System\BGwDjBi.exe
  2⤵
  PID:8148
- C:\Windows\System\qUwovWq.exe
  C:\Windows\System\qUwovWq.exe
  2⤵
  PID:7216
- C:\Windows\System\zCcLpzI.exe
  C:\Windows\System\zCcLpzI.exe
  2⤵
  PID:7328
- C:\Windows\System\cmqTxDi.exe
  C:\Windows\System\cmqTxDi.exe
  2⤵
  PID:7740
- C:\Windows\System\eehCuBb.exe
  C:\Windows\System\eehCuBb.exe
  2⤵
  PID:7596
- C:\Windows\System\EfTRYtr.exe
  C:\Windows\System\EfTRYtr.exe
  2⤵
  PID:7704
- C:\Windows\System\ZcYpkud.exe
  C:\Windows\System\ZcYpkud.exe
  2⤵
  PID:7872
- C:\Windows\System\CeNgomJ.exe
  C:\Windows\System\CeNgomJ.exe
  2⤵
  PID:8040
- C:\Windows\System\GGvvvCx.exe
  C:\Windows\System\GGvvvCx.exe
  2⤵
  PID:6644
- C:\Windows\System\QTpOeQw.exe
  C:\Windows\System\QTpOeQw.exe
  2⤵
  PID:7388
- C:\Windows\System\boyJENN.exe
  C:\Windows\System\boyJENN.exe
  2⤵
  PID:7644
- C:\Windows\System\ILaOYQp.exe
  C:\Windows\System\ILaOYQp.exe
  2⤵
  PID:3800
- C:\Windows\System\AsxfUqS.exe
  C:\Windows\System\AsxfUqS.exe
  2⤵
  PID:4212
- C:\Windows\System\lcAtrMI.exe
  C:\Windows\System\lcAtrMI.exe
  2⤵
  PID:8000
- C:\Windows\System\WMmRwSp.exe
  C:\Windows\System\WMmRwSp.exe
  2⤵
  PID:7256
- C:\Windows\System\kXiUXnF.exe
  C:\Windows\System\kXiUXnF.exe
  2⤵
  PID:1616
- C:\Windows\System\rqnxqNh.exe
  C:\Windows\System\rqnxqNh.exe
  2⤵
  PID:7280
- C:\Windows\System\JbgtPej.exe
  C:\Windows\System\JbgtPej.exe
  2⤵
  PID:2276
- C:\Windows\System\FkJbpHJ.exe
  C:\Windows\System\FkJbpHJ.exe
  2⤵
  PID:8200
- C:\Windows\System\pPRHBDg.exe
  C:\Windows\System\pPRHBDg.exe
  2⤵
  PID:8236
- C:\Windows\System\PKsznhl.exe
  C:\Windows\System\PKsznhl.exe
  2⤵
  PID:8272
- C:\Windows\System\jKSaQYS.exe
  C:\Windows\System\jKSaQYS.exe
  2⤵
  PID:8296
- C:\Windows\System\EutpeiE.exe
  C:\Windows\System\EutpeiE.exe
  2⤵
  PID:8316
- C:\Windows\System\YGJIIXw.exe
  C:\Windows\System\YGJIIXw.exe
  2⤵
  PID:8344
- C:\Windows\System\YDNiLSH.exe
  C:\Windows\System\YDNiLSH.exe
  2⤵
  PID:8372
- C:\Windows\System\CApyJOz.exe
  C:\Windows\System\CApyJOz.exe
  2⤵
  PID:8400
- C:\Windows\System\DgAPUmz.exe
  C:\Windows\System\DgAPUmz.exe
  2⤵
  PID:8428
- C:\Windows\System\AlULHgB.exe
  C:\Windows\System\AlULHgB.exe
  2⤵
  PID:8456
- C:\Windows\System\tVDbkXL.exe
  C:\Windows\System\tVDbkXL.exe
  2⤵
  PID:8484
- C:\Windows\System\dHCXekJ.exe
  C:\Windows\System\dHCXekJ.exe
  2⤵
  PID:8512
- C:\Windows\System\lyhetqw.exe
  C:\Windows\System\lyhetqw.exe
  2⤵
  PID:8540
- C:\Windows\System\qcucqFp.exe
  C:\Windows\System\qcucqFp.exe
  2⤵
  PID:8568
- C:\Windows\System\kICOGbz.exe
  C:\Windows\System\kICOGbz.exe
  2⤵
  PID:8596
- C:\Windows\System\OQPuehj.exe
  C:\Windows\System\OQPuehj.exe
  2⤵
  PID:8628
- C:\Windows\System\tPbbhMz.exe
  C:\Windows\System\tPbbhMz.exe
  2⤵
  PID:8652
- C:\Windows\System\crbmzYP.exe
  C:\Windows\System\crbmzYP.exe
  2⤵
  PID:8680
- C:\Windows\System\eZxkTsG.exe
  C:\Windows\System\eZxkTsG.exe
  2⤵
  PID:8708
- C:\Windows\System\Idtwatu.exe
  C:\Windows\System\Idtwatu.exe
  2⤵
  PID:8736
- C:\Windows\System\sOEwUdk.exe
  C:\Windows\System\sOEwUdk.exe
  2⤵
  PID:8764
- C:\Windows\System\AgJGYWG.exe
  C:\Windows\System\AgJGYWG.exe
  2⤵
  PID:8792
- C:\Windows\System\CDoFhoz.exe
  C:\Windows\System\CDoFhoz.exe
  2⤵
  PID:8820
- C:\Windows\System\pNMQniT.exe
  C:\Windows\System\pNMQniT.exe
  2⤵
  PID:8848
- C:\Windows\System\mUkZyMU.exe
  C:\Windows\System\mUkZyMU.exe
  2⤵
  PID:8876
- C:\Windows\System\oGIlMaw.exe
  C:\Windows\System\oGIlMaw.exe
  2⤵
  PID:8904
- C:\Windows\System\RUiVoAH.exe
  C:\Windows\System\RUiVoAH.exe
  2⤵
  PID:8932
- C:\Windows\System\cpynSJD.exe
  C:\Windows\System\cpynSJD.exe
  2⤵
  PID:8960
- C:\Windows\System\ZFhpRWp.exe
  C:\Windows\System\ZFhpRWp.exe
  2⤵
  PID:8988
- C:\Windows\System\VVZQGSA.exe
  C:\Windows\System\VVZQGSA.exe
  2⤵
  PID:9020
- C:\Windows\System\rWLIwPb.exe
  C:\Windows\System\rWLIwPb.exe
  2⤵
  PID:9048
- C:\Windows\System\hZAvVht.exe
  C:\Windows\System\hZAvVht.exe
  2⤵
  PID:9076
- C:\Windows\System\pucFqiC.exe
  C:\Windows\System\pucFqiC.exe
  2⤵
  PID:9116
- C:\Windows\System\UkjwWwi.exe
  C:\Windows\System\UkjwWwi.exe
  2⤵
  PID:9144
- C:\Windows\System\QsXMeov.exe
  C:\Windows\System\QsXMeov.exe
  2⤵
  PID:9172
- C:\Windows\System\hKlpZoH.exe
  C:\Windows\System\hKlpZoH.exe
  2⤵
  PID:9200
- C:\Windows\System\FIINOSe.exe
  C:\Windows\System\FIINOSe.exe
  2⤵
  PID:8220
- C:\Windows\System\gfbyyQD.exe
  C:\Windows\System\gfbyyQD.exe
  2⤵
  PID:8284
- C:\Windows\System\mRkrQyr.exe
  C:\Windows\System\mRkrQyr.exe
  2⤵
  PID:8356
- C:\Windows\System\PBFOEYr.exe
  C:\Windows\System\PBFOEYr.exe
  2⤵
  PID:8448
- C:\Windows\System\YjXOWsP.exe
  C:\Windows\System\YjXOWsP.exe
  2⤵
  PID:8524
- C:\Windows\System\LgtrkDA.exe
  C:\Windows\System\LgtrkDA.exe
  2⤵
  PID:8648
- C:\Windows\System\xUKkpLB.exe
  C:\Windows\System\xUKkpLB.exe
  2⤵
  PID:8720
- C:\Windows\System\jpFPbdq.exe
  C:\Windows\System\jpFPbdq.exe
  2⤵
  PID:8776
- C:\Windows\System\PWrffuY.exe
  C:\Windows\System\PWrffuY.exe
  2⤵
  PID:8816
- C:\Windows\System\HZvWnwL.exe
  C:\Windows\System\HZvWnwL.exe
  2⤵
  PID:8888
- C:\Windows\System\JEcOcGg.exe
  C:\Windows\System\JEcOcGg.exe
  2⤵
  PID:8972
- C:\Windows\System\jPzkxzy.exe
  C:\Windows\System\jPzkxzy.exe
  2⤵
  PID:9040
- C:\Windows\System\OaacJts.exe
  C:\Windows\System\OaacJts.exe
  2⤵
  PID:2228
- C:\Windows\System\gIoKKXP.exe
  C:\Windows\System\gIoKKXP.exe
  2⤵
  PID:9164
- C:\Windows\System\EbnWZgR.exe
  C:\Windows\System\EbnWZgR.exe
  2⤵
  PID:8212
- C:\Windows\System\yHnJCnK.exe
  C:\Windows\System\yHnJCnK.exe
  2⤵
  PID:8340
- C:\Windows\System\CKUhABY.exe
  C:\Windows\System\CKUhABY.exe
  2⤵
  PID:8476
- C:\Windows\System\wByQMcf.exe
  C:\Windows\System\wByQMcf.exe
  2⤵
  PID:8732
- C:\Windows\System\HWehPju.exe
  C:\Windows\System\HWehPju.exe
  2⤵
  PID:8860
- C:\Windows\System\tdAAIAH.exe
  C:\Windows\System\tdAAIAH.exe
  2⤵
  PID:9008
- C:\Windows\System\scvdqoI.exe
  C:\Windows\System\scvdqoI.exe
  2⤵
  PID:9128
- C:\Windows\System\OemZjfQ.exe
  C:\Windows\System\OemZjfQ.exe
  2⤵
  PID:2720
- C:\Windows\System\FkTrEOU.exe
  C:\Windows\System\FkTrEOU.exe
  2⤵
  PID:8336
- C:\Windows\System\EJasgAK.exe
  C:\Windows\System\EJasgAK.exe
  2⤵
  PID:2240
- C:\Windows\System\YLSybwY.exe
  C:\Windows\System\YLSybwY.exe
  2⤵
  PID:1148
- C:\Windows\System\GwpJWhM.exe
  C:\Windows\System\GwpJWhM.exe
  2⤵
  PID:8840
- C:\Windows\System\DWwDqfU.exe
  C:\Windows\System\DWwDqfU.exe
  2⤵
  PID:4560
- C:\Windows\System\MxTMtoX.exe
  C:\Windows\System\MxTMtoX.exe
  2⤵
  PID:1264
- C:\Windows\System\qgTRtHC.exe
  C:\Windows\System\qgTRtHC.exe
  2⤵
  PID:8468
- C:\Windows\System\GzicaeJ.exe
  C:\Windows\System\GzicaeJ.exe
  2⤵
  PID:9248
- C:\Windows\System\sHybhvz.exe
  C:\Windows\System\sHybhvz.exe
  2⤵
  PID:9280
- C:\Windows\System\XhlOUAR.exe
  C:\Windows\System\XhlOUAR.exe
  2⤵
  PID:9296
- C:\Windows\System\DRkVrEC.exe
  C:\Windows\System\DRkVrEC.exe
  2⤵
  PID:9364
- C:\Windows\System\BusSJZY.exe
  C:\Windows\System\BusSJZY.exe
  2⤵
  PID:9380
- C:\Windows\System\tHxwzqu.exe
  C:\Windows\System\tHxwzqu.exe
  2⤵
  PID:9412
- C:\Windows\System\VTDeZdC.exe
  C:\Windows\System\VTDeZdC.exe
  2⤵
  PID:9440
- C:\Windows\System\ykECwzW.exe
  C:\Windows\System\ykECwzW.exe
  2⤵
  PID:9472
- C:\Windows\System\KSHoxBR.exe
  C:\Windows\System\KSHoxBR.exe
  2⤵
  PID:9496
- C:\Windows\System\yKPogTW.exe
  C:\Windows\System\yKPogTW.exe
  2⤵
  PID:9524
- C:\Windows\System\MttMNlR.exe
  C:\Windows\System\MttMNlR.exe
  2⤵
  PID:9552
- C:\Windows\System\oZWDtWp.exe
  C:\Windows\System\oZWDtWp.exe
  2⤵
  PID:9580
- C:\Windows\System\NgijSUX.exe
  C:\Windows\System\NgijSUX.exe
  2⤵
  PID:9608
- C:\Windows\System\tlFsUFN.exe
  C:\Windows\System\tlFsUFN.exe
  2⤵
  PID:9636
- C:\Windows\System\zHNiyCK.exe
  C:\Windows\System\zHNiyCK.exe
  2⤵
  PID:9664
- C:\Windows\System\HpznWli.exe
  C:\Windows\System\HpznWli.exe
  2⤵
  PID:9692
- C:\Windows\System\xLyjURK.exe
  C:\Windows\System\xLyjURK.exe
  2⤵
  PID:9720
- C:\Windows\System\EgZqtPT.exe
  C:\Windows\System\EgZqtPT.exe
  2⤵
  PID:9748
- C:\Windows\System\PJdlCcT.exe
  C:\Windows\System\PJdlCcT.exe
  2⤵
  PID:9776
- C:\Windows\System\fLjzqFQ.exe
  C:\Windows\System\fLjzqFQ.exe
  2⤵
  PID:9804
- C:\Windows\System\fLfbbqM.exe
  C:\Windows\System\fLfbbqM.exe
  2⤵
  PID:9832
- C:\Windows\System\qRQUobG.exe
  C:\Windows\System\qRQUobG.exe
  2⤵
  PID:9860
- C:\Windows\System\onbfoMg.exe
  C:\Windows\System\onbfoMg.exe
  2⤵
  PID:9888
- C:\Windows\System\hgNZtIB.exe
  C:\Windows\System\hgNZtIB.exe
  2⤵
  PID:9916
- C:\Windows\System\eXanIpX.exe
  C:\Windows\System\eXanIpX.exe
  2⤵
  PID:9944
- C:\Windows\System\YsoOKhd.exe
  C:\Windows\System\YsoOKhd.exe
  2⤵
  PID:9972
- C:\Windows\System\yrhQkNM.exe
  C:\Windows\System\yrhQkNM.exe
  2⤵
  PID:10000
- C:\Windows\System\SRBvLCy.exe
  C:\Windows\System\SRBvLCy.exe
  2⤵
  PID:10028
- C:\Windows\System\PASgqgC.exe
  C:\Windows\System\PASgqgC.exe
  2⤵
  PID:10056
- C:\Windows\System\rBWulGa.exe
  C:\Windows\System\rBWulGa.exe
  2⤵
  PID:10084
- C:\Windows\System\ZrKyAPN.exe
  C:\Windows\System\ZrKyAPN.exe
  2⤵
  PID:10112
- C:\Windows\System\hQENyuZ.exe
  C:\Windows\System\hQENyuZ.exe
  2⤵
  PID:10140
- C:\Windows\System\wlBGhlV.exe
  C:\Windows\System\wlBGhlV.exe
  2⤵
  PID:10172
- C:\Windows\System\IXPDoGk.exe
  C:\Windows\System\IXPDoGk.exe
  2⤵
  PID:10204
- C:\Windows\System\JZkRIZH.exe
  C:\Windows\System\JZkRIZH.exe
  2⤵
  PID:10228
- C:\Windows\System\pZpspxU.exe
  C:\Windows\System\pZpspxU.exe
  2⤵
  PID:3400
- C:\Windows\System\zrNoFXL.exe
  C:\Windows\System\zrNoFXL.exe
  2⤵
  PID:808
- C:\Windows\System\KOFanos.exe
  C:\Windows\System\KOFanos.exe
  2⤵
  PID:9256
- C:\Windows\System\ktLXLqc.exe
  C:\Windows\System\ktLXLqc.exe
  2⤵
  PID:9328
- C:\Windows\System\sGHFPaH.exe
  C:\Windows\System\sGHFPaH.exe
  2⤵
  PID:9012
- C:\Windows\System\RsfgvQf.exe
  C:\Windows\System\RsfgvQf.exe
  2⤵
  PID:9272
- C:\Windows\System\rhxTInV.exe
  C:\Windows\System\rhxTInV.exe
  2⤵
  PID:9424
- C:\Windows\System\NauzOFV.exe
  C:\Windows\System\NauzOFV.exe
  2⤵
  PID:9508
- C:\Windows\System\QGFNOwr.exe
  C:\Windows\System\QGFNOwr.exe
  2⤵
  PID:9548
- C:\Windows\System\JmZsoGv.exe
  C:\Windows\System\JmZsoGv.exe
  2⤵
  PID:9620
- C:\Windows\System\zMCITLi.exe
  C:\Windows\System\zMCITLi.exe
  2⤵
  PID:9684
- C:\Windows\System\naoLyER.exe
  C:\Windows\System\naoLyER.exe
  2⤵
  PID:9744
- C:\Windows\System\HdwnOBq.exe
  C:\Windows\System\HdwnOBq.exe
  2⤵
  PID:9816
- C:\Windows\System\YFLIrGY.exe
  C:\Windows\System\YFLIrGY.exe
  2⤵
  PID:9348
- C:\Windows\System\JIZiono.exe
  C:\Windows\System\JIZiono.exe
  2⤵
  PID:9936
- C:\Windows\System\KivuJAc.exe
  C:\Windows\System\KivuJAc.exe
  2⤵
  PID:9996
- C:\Windows\System\JieLatP.exe
  C:\Windows\System\JieLatP.exe
  2⤵
  PID:10068
- C:\Windows\System\IwTOlxC.exe
  C:\Windows\System\IwTOlxC.exe
  2⤵
  PID:10108
- C:\Windows\System\UZjadFP.exe
  C:\Windows\System\UZjadFP.exe
  2⤵
  PID:10164
- C:\Windows\System\Hkbtskh.exe
  C:\Windows\System\Hkbtskh.exe
  2⤵
  PID:9156
- C:\Windows\System\QMbyUGK.exe
  C:\Windows\System\QMbyUGK.exe
  2⤵
  PID:380
- C:\Windows\System\Jyzfsje.exe
  C:\Windows\System\Jyzfsje.exe
  2⤵
  PID:9376
- C:\Windows\System\dkhRoQn.exe
  C:\Windows\System\dkhRoQn.exe
  2⤵
  PID:9432
- C:\Windows\System\JFAYOLh.exe
  C:\Windows\System\JFAYOLh.exe
  2⤵
  PID:2748
- C:\Windows\System\EkfiVOT.exe
  C:\Windows\System\EkfiVOT.exe
  2⤵
  PID:9648
- C:\Windows\System\HFnMSuJ.exe
  C:\Windows\System\HFnMSuJ.exe
  2⤵
  PID:9796
- C:\Windows\System\XsaYxqS.exe
  C:\Windows\System\XsaYxqS.exe
  2⤵
  PID:9928
- C:\Windows\System\gugemWX.exe
  C:\Windows\System\gugemWX.exe
  2⤵
  PID:10080
- C:\Windows\System\OYMERys.exe
  C:\Windows\System\OYMERys.exe
  2⤵
  PID:10196
- C:\Windows\System\YKBjBte.exe
  C:\Windows\System\YKBjBte.exe
  2⤵
  PID:8196
- C:\Windows\System\wAVwvwT.exe
  C:\Windows\System\wAVwvwT.exe
  2⤵
  PID:2180
- C:\Windows\System\onAWdWu.exe
  C:\Windows\System\onAWdWu.exe
  2⤵
  PID:9856
- C:\Windows\System\nFskofA.exe
  C:\Windows\System\nFskofA.exe
  2⤵
  PID:3432
- C:\Windows\System\litZOix.exe
  C:\Windows\System\litZOix.exe
  2⤵
  PID:9604
- C:\Windows\System\zSsxuBR.exe
  C:\Windows\System\zSsxuBR.exe
  2⤵
  PID:10104
- C:\Windows\System\NsaMYBN.exe
  C:\Windows\System\NsaMYBN.exe
  2⤵
  PID:8412
- C:\Windows\System\LrMPcCi.exe
  C:\Windows\System\LrMPcCi.exe
  2⤵
  PID:10048
- C:\Windows\System\MBpkKCA.exe
  C:\Windows\System\MBpkKCA.exe
  2⤵
  PID:10260
- C:\Windows\System\lzSblcv.exe
  C:\Windows\System\lzSblcv.exe
  2⤵
  PID:10288
- C:\Windows\System\KvdqsIb.exe
  C:\Windows\System\KvdqsIb.exe
  2⤵
  PID:10316
- C:\Windows\System\IWYmHvy.exe
  C:\Windows\System\IWYmHvy.exe
  2⤵
  PID:10344
- C:\Windows\System\rbuonNm.exe
  C:\Windows\System\rbuonNm.exe
  2⤵
  PID:10372
- C:\Windows\System\KcSyBmO.exe
  C:\Windows\System\KcSyBmO.exe
  2⤵
  PID:10400
- C:\Windows\System\YkskAUN.exe
  C:\Windows\System\YkskAUN.exe
  2⤵
  PID:10428
- C:\Windows\System\TzuULIz.exe
  C:\Windows\System\TzuULIz.exe
  2⤵
  PID:10456
- C:\Windows\System\vdWqvWp.exe
  C:\Windows\System\vdWqvWp.exe
  2⤵
  PID:10484
- C:\Windows\System\gvRaNQd.exe
  C:\Windows\System\gvRaNQd.exe
  2⤵
  PID:10516
- C:\Windows\System\YIorjuV.exe
  C:\Windows\System\YIorjuV.exe
  2⤵
  PID:10544
- C:\Windows\System\pOEVmwn.exe
  C:\Windows\System\pOEVmwn.exe
  2⤵
  PID:10572
- C:\Windows\System\QejRXkF.exe
  C:\Windows\System\QejRXkF.exe
  2⤵
  PID:10600
- C:\Windows\System\SZOnhfh.exe
  C:\Windows\System\SZOnhfh.exe
  2⤵
  PID:10628
- C:\Windows\System\EAEZYWc.exe
  C:\Windows\System\EAEZYWc.exe
  2⤵
  PID:10656
- C:\Windows\System\uRijumv.exe
  C:\Windows\System\uRijumv.exe
  2⤵
  PID:10684
- C:\Windows\System\lrWQXZp.exe
  C:\Windows\System\lrWQXZp.exe
  2⤵
  PID:10712
- C:\Windows\System\hkOIBMp.exe
  C:\Windows\System\hkOIBMp.exe
  2⤵
  PID:10740
- C:\Windows\System\nOlzmOa.exe
  C:\Windows\System\nOlzmOa.exe
  2⤵
  PID:10768
- C:\Windows\System\bIjJdqP.exe
  C:\Windows\System\bIjJdqP.exe
  2⤵
  PID:10796
- C:\Windows\System\fAltGUi.exe
  C:\Windows\System\fAltGUi.exe
  2⤵
  PID:10824
- C:\Windows\System\zzHayIY.exe
  C:\Windows\System\zzHayIY.exe
  2⤵
  PID:10852
- C:\Windows\System\ZfyfGNp.exe
  C:\Windows\System\ZfyfGNp.exe
  2⤵
  PID:10880
- C:\Windows\System\MWbTeLK.exe
  C:\Windows\System\MWbTeLK.exe
  2⤵
  PID:10908
- C:\Windows\System\sdNzIyA.exe
  C:\Windows\System\sdNzIyA.exe
  2⤵
  PID:10936
- C:\Windows\System\LjnuilP.exe
  C:\Windows\System\LjnuilP.exe
  2⤵
  PID:10964
- C:\Windows\System\UbqGnYU.exe
  C:\Windows\System\UbqGnYU.exe
  2⤵
  PID:10992
- C:\Windows\System\tBobvLG.exe
  C:\Windows\System\tBobvLG.exe
  2⤵
  PID:11020
- C:\Windows\System\skfMZdh.exe
  C:\Windows\System\skfMZdh.exe
  2⤵
  PID:11048
- C:\Windows\System\aSQRVeV.exe
  C:\Windows\System\aSQRVeV.exe
  2⤵
  PID:11076
- C:\Windows\System\azXjaAd.exe
  C:\Windows\System\azXjaAd.exe
  2⤵
  PID:11104
- C:\Windows\System\vWfyGKA.exe
  C:\Windows\System\vWfyGKA.exe
  2⤵
  PID:11132
- C:\Windows\System\XuYsGJT.exe
  C:\Windows\System\XuYsGJT.exe
  2⤵
  PID:11160
- C:\Windows\System\UWIqLyD.exe
  C:\Windows\System\UWIqLyD.exe
  2⤵
  PID:11188
- C:\Windows\System\zSMvKvq.exe
  C:\Windows\System\zSMvKvq.exe
  2⤵
  PID:11220
- C:\Windows\System\aYAased.exe
  C:\Windows\System\aYAased.exe
  2⤵
  PID:11248
- C:\Windows\System\aoznRCh.exe
  C:\Windows\System\aoznRCh.exe
  2⤵
  PID:10272
- C:\Windows\System\kydtBln.exe
  C:\Windows\System\kydtBln.exe
  2⤵
  PID:10336
- C:\Windows\System\RauFSFE.exe
  C:\Windows\System\RauFSFE.exe
  2⤵
  PID:10392
- C:\Windows\System\LqVfkTN.exe
  C:\Windows\System\LqVfkTN.exe
  2⤵
  PID:10452
- C:\Windows\System\MtgRiBc.exe
  C:\Windows\System\MtgRiBc.exe
  2⤵
  PID:10556
- C:\Windows\System\JJncYbl.exe
  C:\Windows\System\JJncYbl.exe
  2⤵
  PID:10596
- C:\Windows\System\xiSUoqf.exe
  C:\Windows\System\xiSUoqf.exe
  2⤵
  PID:10652
- C:\Windows\System\sgJEUMi.exe
  C:\Windows\System\sgJEUMi.exe
  2⤵
  PID:10724
- C:\Windows\System\LMHpvhb.exe
  C:\Windows\System\LMHpvhb.exe
  2⤵
  PID:10788
- C:\Windows\System\imBOhun.exe
  C:\Windows\System\imBOhun.exe
  2⤵
  PID:10848
- C:\Windows\System\hKFNzAA.exe
  C:\Windows\System\hKFNzAA.exe
  2⤵
  PID:10920
- C:\Windows\System\yNkUyJE.exe
  C:\Windows\System\yNkUyJE.exe
  2⤵
  PID:10984
- C:\Windows\System\UJdngUU.exe
  C:\Windows\System\UJdngUU.exe
  2⤵
  PID:11040
- C:\Windows\System\DkrYhgE.exe
  C:\Windows\System\DkrYhgE.exe
  2⤵
  PID:11100
- C:\Windows\System\GVpRdbG.exe
  C:\Windows\System\GVpRdbG.exe
  2⤵
  PID:11172
- C:\Windows\System\kEWhuFd.exe
  C:\Windows\System\kEWhuFd.exe
  2⤵
  PID:11240
- C:\Windows\System\PTtXXtM.exe
  C:\Windows\System\PTtXXtM.exe
  2⤵
  PID:10328
- C:\Windows\System\QhaEzwp.exe
  C:\Windows\System\QhaEzwp.exe
  2⤵
  PID:10480
- C:\Windows\System\dJCXxYX.exe
  C:\Windows\System\dJCXxYX.exe
  2⤵
  PID:10640
- C:\Windows\System\cUpNqSg.exe
  C:\Windows\System\cUpNqSg.exe
  2⤵
  PID:10780
- C:\Windows\System\XGNWWRb.exe
  C:\Windows\System\XGNWWRb.exe
  2⤵
  PID:10948
- C:\Windows\System\quKyaXE.exe
  C:\Windows\System\quKyaXE.exe
  2⤵
  PID:11088
- C:\Windows\System\FaWoOqt.exe
  C:\Windows\System\FaWoOqt.exe
  2⤵
  PID:11216
- C:\Windows\System\vwaGrpi.exe
  C:\Windows\System\vwaGrpi.exe
  2⤵
  PID:10448
- C:\Windows\System\AXLBQkH.exe
  C:\Windows\System\AXLBQkH.exe
  2⤵
  PID:10764
- C:\Windows\System\RCvJjFX.exe
  C:\Windows\System\RCvJjFX.exe
  2⤵
  PID:11152
- C:\Windows\System\ZbvyRav.exe
  C:\Windows\System\ZbvyRav.exe
  2⤵
  PID:2020
- C:\Windows\System\HSPQJXt.exe
  C:\Windows\System\HSPQJXt.exe
  2⤵
  PID:10504
- C:\Windows\System\iiwACLz.exe
  C:\Windows\System\iiwACLz.exe
  2⤵
  PID:11268
- C:\Windows\System\DIwgOwV.exe
  C:\Windows\System\DIwgOwV.exe
  2⤵
  PID:11296
- C:\Windows\System\fioWgVy.exe
  C:\Windows\System\fioWgVy.exe
  2⤵
  PID:11324
- C:\Windows\System\MVAlQfu.exe
  C:\Windows\System\MVAlQfu.exe
  2⤵
  PID:11352
- C:\Windows\System\vDKhBsz.exe
  C:\Windows\System\vDKhBsz.exe
  2⤵
  PID:11380
- C:\Windows\System\hpUSkPY.exe
  C:\Windows\System\hpUSkPY.exe
  2⤵
  PID:11408
- C:\Windows\System\uvZmNhE.exe
  C:\Windows\System\uvZmNhE.exe
  2⤵
  PID:11436
- C:\Windows\System\SxNHBxN.exe
  C:\Windows\System\SxNHBxN.exe
  2⤵
  PID:11464
- C:\Windows\System\eNQFCbn.exe
  C:\Windows\System\eNQFCbn.exe
  2⤵
  PID:11492
- C:\Windows\System\XeZmRbs.exe
  C:\Windows\System\XeZmRbs.exe
  2⤵
  PID:11520
- C:\Windows\System\YgLStZt.exe
  C:\Windows\System\YgLStZt.exe
  2⤵
  PID:11548
- C:\Windows\System\xXmikIt.exe
  C:\Windows\System\xXmikIt.exe
  2⤵
  PID:11576
- C:\Windows\System\BxEBTga.exe
  C:\Windows\System\BxEBTga.exe
  2⤵
  PID:11604
- C:\Windows\System\WXlpFbH.exe
  C:\Windows\System\WXlpFbH.exe
  2⤵
  PID:11632
- C:\Windows\System\NiqLCwA.exe
  C:\Windows\System\NiqLCwA.exe
  2⤵
  PID:11660
- C:\Windows\System\aRiezzD.exe
  C:\Windows\System\aRiezzD.exe
  2⤵
  PID:11688
- C:\Windows\System\plcgcSH.exe
  C:\Windows\System\plcgcSH.exe
  2⤵
  PID:11720
- C:\Windows\System\hMwQhab.exe
  C:\Windows\System\hMwQhab.exe
  2⤵
  PID:11748
- C:\Windows\System\ascfdua.exe
  C:\Windows\System\ascfdua.exe
  2⤵
  PID:11776
- C:\Windows\System\CcnFoOr.exe
  C:\Windows\System\CcnFoOr.exe
  2⤵
  PID:11804
- C:\Windows\System\mHhLTJL.exe
  C:\Windows\System\mHhLTJL.exe
  2⤵
  PID:11832
- C:\Windows\System\VeSltiL.exe
  C:\Windows\System\VeSltiL.exe
  2⤵
  PID:11860
- C:\Windows\System\yQDIbnE.exe
  C:\Windows\System\yQDIbnE.exe
  2⤵
  PID:11888
- C:\Windows\System\yhGyUfN.exe
  C:\Windows\System\yhGyUfN.exe
  2⤵
  PID:11916
- C:\Windows\System\hraMNEO.exe
  C:\Windows\System\hraMNEO.exe
  2⤵
  PID:11948
- C:\Windows\System\YyrvqPv.exe
  C:\Windows\System\YyrvqPv.exe
  2⤵
  PID:11980
- C:\Windows\System\WCIoHNk.exe
  C:\Windows\System\WCIoHNk.exe
  2⤵
  PID:12012
- C:\Windows\System\BGNNfmr.exe
  C:\Windows\System\BGNNfmr.exe
  2⤵
  PID:12040
- C:\Windows\System\wowhNUg.exe
  C:\Windows\System\wowhNUg.exe
  2⤵
  PID:12076
- C:\Windows\System\aUtGeLN.exe
  C:\Windows\System\aUtGeLN.exe
  2⤵
  PID:12120
- C:\Windows\System\hYFyCGZ.exe
  C:\Windows\System\hYFyCGZ.exe
  2⤵
  PID:12136
- C:\Windows\System\AlOZFAf.exe
  C:\Windows\System\AlOZFAf.exe
  2⤵
  PID:12172
- C:\Windows\System\tSZDPOG.exe
  C:\Windows\System\tSZDPOG.exe
  2⤵
  PID:12204
- C:\Windows\System\jDeTGvi.exe
  C:\Windows\System\jDeTGvi.exe
  2⤵
  PID:12232
- C:\Windows\System\Lnceefo.exe
  C:\Windows\System\Lnceefo.exe
  2⤵
  PID:12260
- C:\Windows\System\FQlDApf.exe
  C:\Windows\System\FQlDApf.exe
  2⤵
  PID:868
- C:\Windows\System\alcLjcR.exe
  C:\Windows\System\alcLjcR.exe
  2⤵
  PID:752
- C:\Windows\System\bqmxmOA.exe
  C:\Windows\System\bqmxmOA.exe
  2⤵
  PID:11336
- C:\Windows\System\vgejZfi.exe
  C:\Windows\System\vgejZfi.exe
  2⤵
  PID:11400
- C:\Windows\System\lOyUvXO.exe
  C:\Windows\System\lOyUvXO.exe
  2⤵
  PID:11460
- C:\Windows\System\NCvGopd.exe
  C:\Windows\System\NCvGopd.exe
  2⤵
  PID:11532
- C:\Windows\System\rbRPURz.exe
  C:\Windows\System\rbRPURz.exe
  2⤵
  PID:11588
- C:\Windows\System\qSpEkbQ.exe
  C:\Windows\System\qSpEkbQ.exe
  2⤵
  PID:11652
- C:\Windows\System\QEqdzAQ.exe
  C:\Windows\System\QEqdzAQ.exe
  2⤵
  PID:11712
- C:\Windows\System\lXchWSm.exe
  C:\Windows\System\lXchWSm.exe
  2⤵
  PID:11788
- C:\Windows\System\BexOosc.exe
  C:\Windows\System\BexOosc.exe
  2⤵
  PID:11852
- C:\Windows\System\gKksAIq.exe
  C:\Windows\System\gKksAIq.exe
  2⤵
  PID:1872
- C:\Windows\System\DdwkSzt.exe
  C:\Windows\System\DdwkSzt.exe
  2⤵
  PID:11976
- C:\Windows\System\YipPHMy.exe
  C:\Windows\System\YipPHMy.exe
  2⤵
  PID:12036
- C:\Windows\System\sYcwnmq.exe
  C:\Windows\System\sYcwnmq.exe
  2⤵
  PID:12052
- C:\Windows\System\kmRUQSF.exe
  C:\Windows\System\kmRUQSF.exe
  2⤵
  PID:11988
- C:\Windows\System\kyCDJvP.exe
  C:\Windows\System\kyCDJvP.exe
  2⤵
  PID:12148
- C:\Windows\System\VdyvoVM.exe
  C:\Windows\System\VdyvoVM.exe
  2⤵
  PID:12196
- C:\Windows\System\qQTDHvq.exe
  C:\Windows\System\qQTDHvq.exe
  2⤵
  PID:12256
- C:\Windows\System\ONvvXHe.exe
  C:\Windows\System\ONvvXHe.exe
  2⤵
  PID:1700
- C:\Windows\System\ZIGOwdB.exe
  C:\Windows\System\ZIGOwdB.exe
  2⤵
  PID:11392
- C:\Windows\System\KRvoTAX.exe
  C:\Windows\System\KRvoTAX.exe
  2⤵
  PID:11512
- C:\Windows\System\mDAJdXr.exe
  C:\Windows\System\mDAJdXr.exe
  2⤵
  PID:11644
- C:\Windows\System\QBwvZEp.exe
  C:\Windows\System\QBwvZEp.exe
  2⤵
  PID:11828
- C:\Windows\System\AsZDkQr.exe
  C:\Windows\System\AsZDkQr.exe
  2⤵
  PID:4968
- C:\Windows\System\pvUqHxn.exe
  C:\Windows\System\pvUqHxn.exe
  2⤵
  PID:12004
- C:\Windows\System\YxFIfhZ.exe
  C:\Windows\System\YxFIfhZ.exe
  2⤵
  PID:572
- C:\Windows\System\CwhPRON.exe
  C:\Windows\System\CwhPRON.exe
  2⤵
  PID:3464
- C:\Windows\System\CKaPCSV.exe
  C:\Windows\System\CKaPCSV.exe
  2⤵
  PID:11716
- C:\Windows\System\lioXBEa.exe
  C:\Windows\System\lioXBEa.exe
  2⤵
  PID:11488
- C:\Windows\System\cpGRUGN.exe
  C:\Windows\System\cpGRUGN.exe
  2⤵
  PID:2412
- C:\Windows\System\aQCLskP.exe
  C:\Windows\System\aQCLskP.exe
  2⤵
  PID:3016
- C:\Windows\System\NiOrAXa.exe
  C:\Windows\System\NiOrAXa.exe
  2⤵
  PID:12068
- C:\Windows\System\CXtAgie.exe
  C:\Windows\System\CXtAgie.exe
  2⤵
  PID:12252
- C:\Windows\System\TcgaiJU.exe
  C:\Windows\System\TcgaiJU.exe
  2⤵
  PID:3512
- C:\Windows\System\UYUbxSi.exe
  C:\Windows\System\UYUbxSi.exe
  2⤵
  PID:3840
- C:\Windows\System\gzwKUMt.exe
  C:\Windows\System\gzwKUMt.exe
  2⤵
  PID:2840
- C:\Windows\System\RjorfVx.exe
  C:\Windows\System\RjorfVx.exe
  2⤵
  PID:1224
- C:\Windows\System\QWgsmxq.exe
  C:\Windows\System\QWgsmxq.exe
  2⤵
  PID:5048
- C:\Windows\System\bcOyzTn.exe
  C:\Windows\System\bcOyzTn.exe
  2⤵
  PID:2212
- C:\Windows\System\RWOexMr.exe
  C:\Windows\System\RWOexMr.exe
  2⤵
  PID:1040
- C:\Windows\System\URoRweW.exe
  C:\Windows\System\URoRweW.exe
  2⤵
  PID:12316
- C:\Windows\System\HnqaYeh.exe
  C:\Windows\System\HnqaYeh.exe
  2⤵
  PID:12344
- C:\Windows\System\anOznao.exe
  C:\Windows\System\anOznao.exe
  2⤵
  PID:12372
- C:\Windows\System\EGeKUmY.exe
  C:\Windows\System\EGeKUmY.exe
  2⤵
  PID:12400
- C:\Windows\System\ZczAIqh.exe
  C:\Windows\System\ZczAIqh.exe
  2⤵
  PID:12428
- C:\Windows\System\bQhkRJO.exe
  C:\Windows\System\bQhkRJO.exe
  2⤵
  PID:12456
- C:\Windows\System\QDisRDj.exe
  C:\Windows\System\QDisRDj.exe
  2⤵
  PID:12484
- C:\Windows\System\MDcZLHP.exe
  C:\Windows\System\MDcZLHP.exe
  2⤵
  PID:12512
- C:\Windows\System\QzoKBZK.exe
  C:\Windows\System\QzoKBZK.exe
  2⤵
  PID:12540
- C:\Windows\System\HEyoKBE.exe
  C:\Windows\System\HEyoKBE.exe
  2⤵
  PID:12568
- C:\Windows\System\EEuPyaT.exe
  C:\Windows\System\EEuPyaT.exe
  2⤵
  PID:12596
- C:\Windows\System\qLFNCAp.exe
  C:\Windows\System\qLFNCAp.exe
  2⤵
  PID:12624
- C:\Windows\System\PaRwQFs.exe
  C:\Windows\System\PaRwQFs.exe
  2⤵
  PID:12652
- C:\Windows\System\MZClZfE.exe
  C:\Windows\System\MZClZfE.exe
  2⤵
  PID:12680
- C:\Windows\System\LNajXsh.exe
  C:\Windows\System\LNajXsh.exe
  2⤵
  PID:12708
- C:\Windows\System\LuTyORY.exe
  C:\Windows\System\LuTyORY.exe
  2⤵
  PID:12736
- C:\Windows\System\bxtaWat.exe
  C:\Windows\System\bxtaWat.exe
  2⤵
  PID:12764
- C:\Windows\System\YDvPplp.exe
  C:\Windows\System\YDvPplp.exe
  2⤵
  PID:12792
- C:\Windows\System\sGocKct.exe
  C:\Windows\System\sGocKct.exe
  2⤵
  PID:12824
- C:\Windows\System\klQYpZA.exe
  C:\Windows\System\klQYpZA.exe
  2⤵
  PID:12852
- C:\Windows\System\RZpWbEY.exe
  C:\Windows\System\RZpWbEY.exe
  2⤵
  PID:12880
- C:\Windows\System\uwwRCeW.exe
  C:\Windows\System\uwwRCeW.exe
  2⤵
  PID:12908
- C:\Windows\System\drJJutE.exe
  C:\Windows\System\drJJutE.exe
  2⤵
  PID:12936
- C:\Windows\System\ASkurft.exe
  C:\Windows\System\ASkurft.exe
  2⤵
  PID:12964
- C:\Windows\System\sLJsSQW.exe
  C:\Windows\System\sLJsSQW.exe
  2⤵
  PID:12992
- C:\Windows\System\GEdRBwx.exe
  C:\Windows\System\GEdRBwx.exe
  2⤵
  PID:13024
- C:\Windows\System\OgjPmAg.exe
  C:\Windows\System\OgjPmAg.exe
  2⤵
  PID:13044
- C:\Windows\System\KSiOOBt.exe
  C:\Windows\System\KSiOOBt.exe
  2⤵
  PID:13080
- C:\Windows\System\XxrNgIQ.exe
  C:\Windows\System\XxrNgIQ.exe
  2⤵
  PID:13116
- C:\Windows\System\PgOnxyX.exe
  C:\Windows\System\PgOnxyX.exe
  2⤵
  PID:13132
- C:\Windows\System\jqgolhO.exe
  C:\Windows\System\jqgolhO.exe
  2⤵
  PID:13160
- C:\Windows\System\YmVcGkq.exe
  C:\Windows\System\YmVcGkq.exe
  2⤵
  PID:13200
- C:\Windows\System\tDzOtFW.exe
  C:\Windows\System\tDzOtFW.exe
  2⤵
  PID:13228
- C:\Windows\System\cbHQuSD.exe
  C:\Windows\System\cbHQuSD.exe
  2⤵
  PID:13256
- C:\Windows\System\PsdGEtQ.exe
  C:\Windows\System\PsdGEtQ.exe
  2⤵
  PID:13296
- C:\Windows\System\HWIMWXv.exe
  C:\Windows\System\HWIMWXv.exe
  2⤵
  PID:840
- C:\Windows\System\clnmwws.exe
  C:\Windows\System\clnmwws.exe
  2⤵
  PID:4128
- C:\Windows\System\ggVthrW.exe
  C:\Windows\System\ggVthrW.exe
  2⤵
  PID:3568
- C:\Windows\System\dvyTkql.exe
  C:\Windows\System\dvyTkql.exe
  2⤵
  PID:12440
- C:\Windows\System\aVJASON.exe
  C:\Windows\System\aVJASON.exe
  2⤵
  PID:12480
- C:\Windows\System\yvrNKYN.exe
  C:\Windows\System\yvrNKYN.exe
  2⤵
  PID:1308
- C:\Windows\System\oIbdClU.exe
  C:\Windows\System\oIbdClU.exe
  2⤵
  PID:552
- C:\Windows\System\AgsWAVZ.exe
  C:\Windows\System\AgsWAVZ.exe
  2⤵
  PID:4144
- C:\Windows\System\FpqYCCI.exe
  C:\Windows\System\FpqYCCI.exe
  2⤵
  PID:12644
- C:\Windows\System\eCPGOQG.exe
  C:\Windows\System\eCPGOQG.exe
  2⤵
  PID:12692
- C:\Windows\System\mNBWeyb.exe
  C:\Windows\System\mNBWeyb.exe
  2⤵
  PID:12732
- C:\Windows\System\iImbHUj.exe
  C:\Windows\System\iImbHUj.exe
  2⤵
  PID:12784
- C:\Windows\System\dHmAhvA.exe
  C:\Windows\System\dHmAhvA.exe
  2⤵
  PID:12820
- C:\Windows\System\RMFluIB.exe
  C:\Windows\System\RMFluIB.exe
  2⤵
  PID:12892
- C:\Windows\System\oKEzdBX.exe
  C:\Windows\System\oKEzdBX.exe
  2⤵
  PID:12956
- C:\Windows\System\UMCfkyH.exe
  C:\Windows\System\UMCfkyH.exe
  2⤵
  PID:12984
- C:\Windows\System\jBZjAku.exe
  C:\Windows\System\jBZjAku.exe
  2⤵
  PID:1452
- C:\Windows\System\lXnkCJM.exe
  C:\Windows\System\lXnkCJM.exe
  2⤵
  PID:13096
- C:\Windows\System\wCAXuym.exe
  C:\Windows\System\wCAXuym.exe
  2⤵
  PID:2264
- C:\Windows\System\wvQIxRe.exe
  C:\Windows\System\wvQIxRe.exe
  2⤵
  PID:1312
- C:\Windows\System\ipyAeMB.exe
  C:\Windows\System\ipyAeMB.exe
  2⤵
  PID:13000
- C:\Windows\System\EiIAHRm.exe
  C:\Windows\System\EiIAHRm.exe
  2⤵
  PID:13072
- C:\Windows\System\LBlpHHB.exe
  C:\Windows\System\LBlpHHB.exe
  2⤵
  PID:2288
- C:\Windows\System\PoQLPIw.exe
  C:\Windows\System\PoQLPIw.exe
  2⤵
  PID:4092
- C:\Windows\System\cuarwGW.exe
  C:\Windows\System\cuarwGW.exe
  2⤵
  PID:2440
- C:\Windows\System\NExoair.exe
  C:\Windows\System\NExoair.exe
  2⤵
  PID:12812
- C:\Windows\System\QdfmzEV.exe
  C:\Windows\System\QdfmzEV.exe
  2⤵
  PID:2300
- C:\Windows\System\poRbKDW.exe
  C:\Windows\System\poRbKDW.exe
  2⤵
  PID:12508
- C:\Windows\System\KvDppgx.exe
  C:\Windows\System\KvDppgx.exe
  2⤵
  PID:64
- C:\Windows\System\BhrXtzf.exe
  C:\Windows\System\BhrXtzf.exe
  2⤵
  PID:2552
- C:\Windows\System\NxQWVOn.exe
  C:\Windows\System\NxQWVOn.exe
  2⤵
  PID:12728
- C:\Windows\System\MmMrqgk.exe
  C:\Windows\System\MmMrqgk.exe
  2⤵
  PID:2224
- C:\Windows\System\VSpDSHT.exe
  C:\Windows\System\VSpDSHT.exe
  2⤵
  PID:2472
- C:\Windows\System\KiPDjaC.exe
  C:\Windows\System\KiPDjaC.exe
  2⤵
  PID:3672
- C:\Windows\System\gsdqZXH.exe
  C:\Windows\System\gsdqZXH.exe
  2⤵
  PID:4616
- C:\Windows\System\ROASxvC.exe
  C:\Windows\System\ROASxvC.exe
  2⤵
  PID:2828
- C:\Windows\System\EkHsLYa.exe
  C:\Windows\System\EkHsLYa.exe
  2⤵
  PID:12864
- C:\Windows\System\YzXizjW.exe
  C:\Windows\System\YzXizjW.exe
  2⤵
  PID:13012
- C:\Windows\System\xsAGfEm.exe
  C:\Windows\System\xsAGfEm.exe
  2⤵
  PID:13032
- C:\Windows\System\qKWWUIy.exe
  C:\Windows\System\qKWWUIy.exe
  2⤵
  PID:2944
- C:\Windows\System\FdPaQMT.exe
  C:\Windows\System\FdPaQMT.exe
  2⤵
  PID:5184
- C:\Windows\System\tEyOfzi.exe
  C:\Windows\System\tEyOfzi.exe
  2⤵
  PID:13240
- C:\Windows\System\TpVwGFw.exe
  C:\Windows\System\TpVwGFw.exe
  2⤵
  PID:1136
- C:\Windows\System\uYvEUVz.exe
  C:\Windows\System\uYvEUVz.exe
  2⤵
  PID:12336
- C:\Windows\System\kcDCsMd.exe
  C:\Windows\System\kcDCsMd.exe
  2⤵
  PID:2244
- C:\Windows\System\opWBXCz.exe
  C:\Windows\System\opWBXCz.exe
  2⤵
  PID:5528
- C:\Windows\System\VtbXLjg.exe
  C:\Windows\System\VtbXLjg.exe
  2⤵
  PID:12700
- C:\Windows\System\oGZKoHI.exe
  C:\Windows\System\oGZKoHI.exe
  2⤵
  PID:4484
- C:\Windows\System\jUzMlDa.exe
  C:\Windows\System\jUzMlDa.exe
  2⤵
  PID:5608
- C:\Windows\System\BBCHdJK.exe
  C:\Windows\System\BBCHdJK.exe
  2⤵
  PID:876
- C:\Windows\System\COqgrjx.exe
  C:\Windows\System\COqgrjx.exe
  2⤵
  PID:5732
- C:\Windows\System\WwNFAha.exe
  C:\Windows\System\WwNFAha.exe
  2⤵
  PID:5768
- C:\Windows\System\LfsVZyv.exe
  C:\Windows\System\LfsVZyv.exe
  2⤵
  PID:13088
- C:\Windows\System\tpyfZDZ.exe
  C:\Windows\System\tpyfZDZ.exe
  2⤵
  PID:5824
- C:\Windows\System\iERHrNh.exe
  C:\Windows\System\iERHrNh.exe
  2⤵
  PID:5308
- C:\Windows\System\pPeLJqd.exe
  C:\Windows\System\pPeLJqd.exe
  2⤵
  PID:1816
- C:\Windows\System\STGlJad.exe
  C:\Windows\System\STGlJad.exe
  2⤵
  PID:5952
- C:\Windows\System\dXNrDgg.exe
  C:\Windows\System\dXNrDgg.exe
  2⤵
  PID:12776
- C:\Windows\System\LSDprUh.exe
  C:\Windows\System\LSDprUh.exe
  2⤵
  PID:6044
- C:\Windows\System\FCuaamO.exe
  C:\Windows\System\FCuaamO.exe
  2⤵
  PID:6064
- C:\Windows\System\ZGZvDsc.exe
  C:\Windows\System\ZGZvDsc.exe
  2⤵
  PID:2504
- C:\Windows\System\UWbkgTw.exe
  C:\Windows\System\UWbkgTw.exe
  2⤵
  PID:5268
- C:\Windows\System\cOeavwX.exe
  C:\Windows\System\cOeavwX.exe
  2⤵
  PID:5856
- C:\Windows\System\vobvvFh.exe
  C:\Windows\System\vobvvFh.exe
  2⤵
  PID:5432
- C:\Windows\System\JrTueFH.exe
  C:\Windows\System\JrTueFH.exe
  2⤵
  PID:5584
- C:\Windows\System\qiTdEdt.exe
  C:\Windows\System\qiTdEdt.exe
  2⤵
  PID:5736
- C:\Windows\System\PIBXMBE.exe
  C:\Windows\System\PIBXMBE.exe
  2⤵
  PID:6016
- C:\Windows\System\NIqIFVP.exe
  C:\Windows\System\NIqIFVP.exe
  2⤵
  PID:5748
- C:\Windows\System\bvoYWVW.exe
  C:\Windows\System\bvoYWVW.exe
  2⤵
  PID:4512
- C:\Windows\System\lFMEkJF.exe
  C:\Windows\System\lFMEkJF.exe
  2⤵
  PID:1764
- C:\Windows\System\vzLSYMh.exe
  C:\Windows\System\vzLSYMh.exe
  2⤵
  PID:3488
- C:\Windows\System\ahkkLQj.exe
  C:\Windows\System\ahkkLQj.exe
  2⤵
  PID:6084
- C:\Windows\System\zlustBZ.exe
  C:\Windows\System\zlustBZ.exe
  2⤵
  PID:5092
- C:\Windows\System\TRJerri.exe
  C:\Windows\System\TRJerri.exe
  2⤵
  PID:5552
- C:\Windows\System\kaVbafW.exe
  C:\Windows\System\kaVbafW.exe
  2⤵
  PID:5792
- C:\Windows\System\XzHILHu.exe
  C:\Windows\System\XzHILHu.exe
  2⤵
  PID:1620
- C:\Windows\System\cctrDmw.exe
  C:\Windows\System\cctrDmw.exe
  2⤵
  PID:13068
- C:\Windows\System\QRFUiJU.exe
  C:\Windows\System\QRFUiJU.exe
  2⤵
  PID:5576
- C:\Windows\System\AVJwKxN.exe
  C:\Windows\System\AVJwKxN.exe
  2⤵
  PID:6068
- C:\Windows\System\ONXmRqY.exe
  C:\Windows\System\ONXmRqY.exe
  2⤵
  PID:3848
- C:\Windows\System\zZLIvfp.exe
  C:\Windows\System\zZLIvfp.exe
  2⤵
  PID:5164
- C:\Windows\System\RzadFvC.exe
  C:\Windows\System\RzadFvC.exe
  2⤵
  PID:6020
- C:\Windows\System\WnZvBkJ.exe
  C:\Windows\System\WnZvBkJ.exe
  2⤵
  PID:6188
- C:\Windows\System\hyqLvJH.exe
  C:\Windows\System\hyqLvJH.exe
  2⤵
  PID:5948
- C:\Windows\System\QfLgXBJ.exe
  C:\Windows\System\QfLgXBJ.exe
  2⤵
  PID:6284
- C:\Windows\System\Qyjtyjo.exe
  C:\Windows\System\Qyjtyjo.exe
  2⤵
  PID:6312
- C:\Windows\System\DFNPaQh.exe
  C:\Windows\System\DFNPaQh.exe
  2⤵
  PID:6332
- C:\Windows\System\PVpaUqB.exe
  C:\Windows\System\PVpaUqB.exe
  2⤵
  PID:5920
- C:\Windows\System\PoYNEld.exe
  C:\Windows\System\PoYNEld.exe
  2⤵
  PID:6196
- C:\Windows\System\qawwdgs.exe
  C:\Windows\System\qawwdgs.exe
  2⤵
  PID:5572
- C:\Windows\System\fVxqVeB.exe
  C:\Windows\System\fVxqVeB.exe
  2⤵
  PID:6360
- C:\Windows\System\JwfSVRX.exe
  C:\Windows\System\JwfSVRX.exe
  2⤵
  PID:6368
- C:\Windows\System\XPiTUoy.exe
  C:\Windows\System\XPiTUoy.exe
  2⤵
  PID:13328
- C:\Windows\System\esminhC.exe
  C:\Windows\System\esminhC.exe
  2⤵
  PID:13356
- C:\Windows\System\LKwJhCI.exe
  C:\Windows\System\LKwJhCI.exe
  2⤵
  PID:13384
- C:\Windows\System\KbvmsbT.exe
  C:\Windows\System\KbvmsbT.exe
  2⤵
  PID:13412
- C:\Windows\System\kLEVNOv.exe
  C:\Windows\System\kLEVNOv.exe
  2⤵
  PID:13440
- C:\Windows\System\bSVgcff.exe
  C:\Windows\System\bSVgcff.exe
  2⤵
  PID:13468
- C:\Windows\System\QhhxHGR.exe
  C:\Windows\System\QhhxHGR.exe
  2⤵
  PID:13496
- C:\Windows\System\gdylGBv.exe
  C:\Windows\System\gdylGBv.exe
  2⤵
  PID:13524
- C:\Windows\System\UrYSDoh.exe
  C:\Windows\System\UrYSDoh.exe
  2⤵
  PID:13560
- C:\Windows\System\HTFPSDB.exe
  C:\Windows\System\HTFPSDB.exe
  2⤵
  PID:13588
- C:\Windows\System\oewPpzS.exe
  C:\Windows\System\oewPpzS.exe
  2⤵
  PID:13616
- C:\Windows\System\JiNkNLo.exe
  C:\Windows\System\JiNkNLo.exe
  2⤵
  PID:13648
- C:\Windows\System\XslpjqT.exe
  C:\Windows\System\XslpjqT.exe
  2⤵
  PID:13676
- C:\Windows\System\IcEMUpv.exe
  C:\Windows\System\IcEMUpv.exe
  2⤵
  PID:13704
- C:\Windows\System\AgXMjRZ.exe
  C:\Windows\System\AgXMjRZ.exe
  2⤵
  PID:13732
- C:\Windows\System\wTsOOtD.exe
  C:\Windows\System\wTsOOtD.exe
  2⤵
  PID:13760
- C:\Windows\System\DAUVYzN.exe
  C:\Windows\System\DAUVYzN.exe
  2⤵
  PID:13788
- C:\Windows\System\guymWUX.exe
  C:\Windows\System\guymWUX.exe
  2⤵
  PID:13816
- C:\Windows\System\oNducBA.exe
  C:\Windows\System\oNducBA.exe
  2⤵
  PID:13844
- C:\Windows\System\tpAnpJn.exe
  C:\Windows\System\tpAnpJn.exe
  2⤵
  PID:13872
- C:\Windows\System\cstiaIO.exe
  C:\Windows\System\cstiaIO.exe
  2⤵
  PID:13900
- C:\Windows\System\FYMMyfc.exe
  C:\Windows\System\FYMMyfc.exe
  2⤵
  PID:13940
- C:\Windows\System\uTfQhyF.exe
  C:\Windows\System\uTfQhyF.exe
  2⤵
  PID:13960
- C:\Windows\System\yNpLKch.exe
  C:\Windows\System\yNpLKch.exe
  2⤵
  PID:13988
- C:\Windows\System\INefpRU.exe
  C:\Windows\System\INefpRU.exe
  2⤵
  PID:14016
- C:\Windows\System\sDKmNAm.exe
  C:\Windows\System\sDKmNAm.exe
  2⤵
  PID:14044
- C:\Windows\System\inXxcDJ.exe
  C:\Windows\System\inXxcDJ.exe
  2⤵
  PID:14072
- C:\Windows\System\xHGevgf.exe
  C:\Windows\System\xHGevgf.exe
  2⤵
  PID:14100
- C:\Windows\System\YzSWiYH.exe
  C:\Windows\System\YzSWiYH.exe
  2⤵
  PID:14128
- C:\Windows\System\YqJRQgD.exe
  C:\Windows\System\YqJRQgD.exe
  2⤵
  PID:14156
- C:\Windows\System\wnHrxRN.exe
  C:\Windows\System\wnHrxRN.exe
  2⤵
  PID:14184
- C:\Windows\System\juItUxg.exe
  C:\Windows\System\juItUxg.exe
  2⤵
  PID:14212
- C:\Windows\System\vhfdLcZ.exe
  C:\Windows\System\vhfdLcZ.exe
  2⤵
  PID:14240
- C:\Windows\System\GmKMpao.exe
  C:\Windows\System\GmKMpao.exe
  2⤵
  PID:14268
- C:\Windows\System\xQrHGeq.exe
  C:\Windows\System\xQrHGeq.exe
  2⤵
  PID:14296
- C:\Windows\System\UCjnhBm.exe
  C:\Windows\System\UCjnhBm.exe
  2⤵
  PID:14324
- C:\Windows\System\qUylrts.exe
  C:\Windows\System\qUylrts.exe
  2⤵
  PID:13320
- C:\Windows\System\XhQqXRa.exe
  C:\Windows\System\XhQqXRa.exe
  2⤵
  PID:13368
- C:\Windows\System\MtleEev.exe
  C:\Windows\System\MtleEev.exe
  2⤵
  PID:13424
- C:\Windows\System\UNleyur.exe
  C:\Windows\System\UNleyur.exe
  2⤵
  PID:13464
- C:\Windows\System\SvCMNTX.exe
  C:\Windows\System\SvCMNTX.exe
  2⤵
  PID:13516
- C:\Windows\System\fvkHfsW.exe
  C:\Windows\System\fvkHfsW.exe
  2⤵
  PID:13580
- C:\Windows\System\KUmDkDC.exe
  C:\Windows\System\KUmDkDC.exe
  2⤵
  PID:13640
- C:\Windows\System\tdNGdXx.exe
  C:\Windows\System\tdNGdXx.exe
  2⤵
  PID:13672
- C:\Windows\System\gieUEaT.exe
  C:\Windows\System\gieUEaT.exe
  2⤵
  PID:13716
- C:\Windows\System\AGgFzrV.exe
  C:\Windows\System\AGgFzrV.exe
  2⤵
  PID:13756
- C:\Windows\System\gYyGkzd.exe
  C:\Windows\System\gYyGkzd.exe
  2⤵
  PID:13800
- C:\Windows\System\myEyTLr.exe
  C:\Windows\System\myEyTLr.exe
  2⤵
  PID:6988
- C:\Windows\System\SPVuBVc.exe
  C:\Windows\System\SPVuBVc.exe
  2⤵
  PID:7016
- C:\Windows\System\dSVlaoB.exe
  C:\Windows\System\dSVlaoB.exe
  2⤵
  PID:13896
- C:\Windows\System\lKntOld.exe
  C:\Windows\System\lKntOld.exe
  2⤵
  PID:13948
- C:\Windows\System\BxvkBDx.exe
  C:\Windows\System\BxvkBDx.exe
  2⤵
  PID:13984
- C:\Windows\System\hNFeKta.exe
  C:\Windows\System\hNFeKta.exe
  2⤵
  PID:6172
- C:\Windows\System\qkUVERc.exe
  C:\Windows\System\qkUVERc.exe
  2⤵
  PID:6164
- C:\Windows\System\atiDZwe.exe
  C:\Windows\System\atiDZwe.exe
  2⤵
  PID:14112
- C:\Windows\System\ItgPhOk.exe
  C:\Windows\System\ItgPhOk.exe
  2⤵
  PID:14176
- C:\Windows\System\HSiYvGv.exe
  C:\Windows\System\HSiYvGv.exe
  2⤵
  PID:14208
- C:\Windows\System\bTtPjub.exe
  C:\Windows\System\bTtPjub.exe
  2⤵
  PID:6608
- C:\Windows\System\TXdIUGI.exe
  C:\Windows\System\TXdIUGI.exe
  2⤵
  PID:14288
- C:\Windows\System\LlJZIMW.exe
  C:\Windows\System\LlJZIMW.exe
  2⤵
  PID:6504
- C:\Windows\System\JXZMwba.exe
  C:\Windows\System\JXZMwba.exe
  2⤵
  PID:6832
- C:\Windows\System\TvYvWmV.exe
  C:\Windows\System\TvYvWmV.exe
  2⤵
  PID:13452
- C:\Windows\System\UtMPTlD.exe
  C:\Windows\System\UtMPTlD.exe
  2⤵
  PID:13492
- C:\Windows\System\cQQJiRR.exe
  C:\Windows\System\cQQJiRR.exe
  2⤵
  PID:13608
- C:\Windows\System\VxnphAH.exe
  C:\Windows\System\VxnphAH.exe
  2⤵
  PID:13668
- C:\Windows\System\NYpyNiq.exe
  C:\Windows\System\NYpyNiq.exe
  2⤵
  PID:13744
- C:\Windows\System\qwOnrPR.exe
  C:\Windows\System\qwOnrPR.exe
  2⤵
  PID:6992
- C:\Windows\System\ZTogxtJ.exe
  C:\Windows\System\ZTogxtJ.exe
  2⤵
  PID:6176
- C:\Windows\System\TEnxFHF.exe
  C:\Windows\System\TEnxFHF.exe
  2⤵
  PID:13924
- C:\Windows\System\wWdjHaP.exe
  C:\Windows\System\wWdjHaP.exe
  2⤵
  PID:14088
- C:\Windows\System\sMQxsOy.exe
  C:\Windows\System\sMQxsOy.exe
  2⤵
  PID:14140
- C:\Windows\System\luebIgg.exe
  C:\Windows\System\luebIgg.exe
  2⤵
  PID:13920
- C:\Windows\System\mVCvWqY.exe
  C:\Windows\System\mVCvWqY.exe
  2⤵
  PID:7072
- C:\Windows\System\pmpEsGH.exe
  C:\Windows\System\pmpEsGH.exe
  2⤵
  PID:7652
- C:\Windows\System\JMdjjtC.exe
  C:\Windows\System\JMdjjtC.exe
  2⤵
  PID:6784
- C:\Windows\System\VZHjAcS.exe
  C:\Windows\System\VZHjAcS.exe
  2⤵
  PID:7724
- C:\Windows\System\CDeDQgx.exe
  C:\Windows\System\CDeDQgx.exe
  2⤵
  PID:7796
- C:\Windows\System\GieyAiS.exe
  C:\Windows\System\GieyAiS.exe
  2⤵
  PID:1396
- C:\Windows\System\JKkFMZI.exe
  C:\Windows\System\JKkFMZI.exe
  2⤵
  PID:7380
- C:\Windows\System\RCIrfWo.exe
  C:\Windows\System\RCIrfWo.exe
  2⤵
  PID:3608
- C:\Windows\System\QBogzKp.exe
  C:\Windows\System\QBogzKp.exe
  2⤵
  PID:5676
- C:\Windows\System\dSjzSWb.exe
  C:\Windows\System\dSjzSWb.exe
  2⤵
  PID:6696
- C:\Windows\System\cDhGIdL.exe
  C:\Windows\System\cDhGIdL.exe
  2⤵
  PID:8024
- C:\Windows\System\CakcSfb.exe
  C:\Windows\System\CakcSfb.exe
  2⤵
  PID:8076
- C:\Windows\System\lCcDjRI.exe
  C:\Windows\System\lCcDjRI.exe
  2⤵
  PID:14040
- C:\Windows\System\axXAFZC.exe
  C:\Windows\System\axXAFZC.exe
  2⤵
  PID:6248
- C:\Windows\System\NDYdccZ.exe
  C:\Windows\System\NDYdccZ.exe
  2⤵
  PID:7828
- C:\Windows\System\gUrVkiR.exe
  C:\Windows\System\gUrVkiR.exe
  2⤵
  PID:7336
- C:\Windows\System\WqHhuzw.exe
  C:\Windows\System\WqHhuzw.exe
  2⤵
  PID:7856
- C:\Windows\System\FgZpsOg.exe
  C:\Windows\System\FgZpsOg.exe
  2⤵
  PID:6572
- C:\Windows\System\mcCmpPm.exe
  C:\Windows\System\mcCmpPm.exe
  2⤵
  PID:7440
- C:\Windows\System\gXPavYE.exe
  C:\Windows\System\gXPavYE.exe
  2⤵
  PID:7576
- C:\Windows\System\pqwNtoY.exe
  C:\Windows\System\pqwNtoY.exe
  2⤵
  PID:7648
- C:\Windows\System\RkUmvdf.exe
  C:\Windows\System\RkUmvdf.exe
  2⤵
  PID:7068
- C:\Windows\System\nswdkGJ.exe
  C:\Windows\System\nswdkGJ.exe
  2⤵
  PID:7836
- C:\Windows\System\cpepKfU.exe
  C:\Windows\System\cpepKfU.exe
  2⤵
  PID:14252
- C:\Windows\System\OIIQSzP.exe
  C:\Windows\System\OIIQSzP.exe
  2⤵
  PID:7392
- C:\Windows\System\tXDyEGr.exe
  C:\Windows\System\tXDyEGr.exe
  2⤵
  PID:7520
- C:\Windows\System\suwzxTh.exe
  C:\Windows\System\suwzxTh.exe
  2⤵
  PID:8032
- C:\Windows\System\eXDRoPw.exe
  C:\Windows\System\eXDRoPw.exe
  2⤵
  PID:7764
- C:\Windows\System\KtrDmHU.exe
  C:\Windows\System\KtrDmHU.exe
  2⤵
  PID:7928
- C:\Windows\System\vIWVDXk.exe
  C:\Windows\System\vIWVDXk.exe
  2⤵
  PID:8064
- C:\Windows\System\VOgqVzP.exe
  C:\Windows\System\VOgqVzP.exe
  2⤵
  PID:7912
- C:\Windows\System\zbchoks.exe
  C:\Windows\System\zbchoks.exe
  2⤵
  PID:7192
- C:\Windows\System\VJsuIAk.exe
  C:\Windows\System\VJsuIAk.exe
  2⤵
  PID:2664
- C:\Windows\System\AQNWzcU.exe
  C:\Windows\System\AQNWzcU.exe
  2⤵
  PID:4684
- C:\Windows\System\kTLbnJg.exe
  C:\Windows\System\kTLbnJg.exe
  2⤵
  PID:7868
- C:\Windows\System\uTuSSWU.exe
  C:\Windows\System\uTuSSWU.exe
  2⤵
  PID:5100
- C:\Windows\System\kwzWagK.exe
  C:\Windows\System\kwzWagK.exe
  2⤵
  PID:13784
- C:\Windows\System\VyfuTwA.exe
  C:\Windows\System\VyfuTwA.exe
  2⤵
  PID:8216
- C:\Windows\System\ApCSwrb.exe
  C:\Windows\System\ApCSwrb.exe
  2⤵
  PID:7920
- C:\Windows\System\IgUyjLy.exe
  C:\Windows\System\IgUyjLy.exe
  2⤵
  PID:3192
- C:\Windows\System\gyGecDk.exe
  C:\Windows\System\gyGecDk.exe
  2⤵
  PID:7840
- C:\Windows\System\plbikPS.exe
  C:\Windows\System\plbikPS.exe
  2⤵
  PID:7156
- C:\Windows\System\JScEpmz.exe
  C:\Windows\System\JScEpmz.exe
  2⤵
  PID:8408
- C:\Windows\System\pTfBCnP.exe
  C:\Windows\System\pTfBCnP.exe
  2⤵
  PID:3820
- C:\Windows\System\xWxAvZw.exe
  C:\Windows\System\xWxAvZw.exe
  2⤵
  PID:8492
- C:\Windows\System\cnnqnph.exe
  C:\Windows\System\cnnqnph.exe
  2⤵
  PID:8548
- C:\Windows\System\jNnxgdO.exe
  C:\Windows\System\jNnxgdO.exe
  2⤵
  PID:14148
- C:\Windows\System\ZBcWtpk.exe
  C:\Windows\System\ZBcWtpk.exe
  2⤵
  PID:8056
- C:\Windows\System\GHElBuZ.exe
  C:\Windows\System\GHElBuZ.exe
  2⤵
  PID:8096
- C:\Windows\System\kDXpYDt.exe
  C:\Windows\System\kDXpYDt.exe
  2⤵
  PID:7264
- C:\Windows\System\hUlfsgW.exe
  C:\Windows\System\hUlfsgW.exe
  2⤵
  PID:8808
- C:\Windows\System\cBEVtXG.exe
  C:\Windows\System\cBEVtXG.exe
  2⤵
  PID:8856
- C:\Windows\System\uQrZoIg.exe
  C:\Windows\System\uQrZoIg.exe
  2⤵
  PID:8576
- C:\Windows\System\WCoDYki.exe
  C:\Windows\System\WCoDYki.exe
  2⤵
  PID:7864
- C:\Windows\System\zQjEnnE.exe
  C:\Windows\System\zQjEnnE.exe
  2⤵
  PID:8436
- C:\Windows\System\uLSTYIJ.exe
  C:\Windows\System\uLSTYIJ.exe
  2⤵
  PID:9064
- C:\Windows\System\OQYoSsM.exe
  C:\Windows\System\OQYoSsM.exe
  2⤵
  PID:1280
- C:\Windows\System\QLcuBQv.exe
  C:\Windows\System\QLcuBQv.exe
  2⤵
  PID:5436
- C:\Windows\System\qXELTcr.exe
  C:\Windows\System\qXELTcr.exe
  2⤵
  PID:8120
- C:\Windows\System\IBPdLsY.exe
  C:\Windows\System\IBPdLsY.exe
  2⤵
  PID:9004
- C:\Windows\System\cHmXTmZ.exe
  C:\Windows\System\cHmXTmZ.exe
  2⤵
  PID:8500
- C:\Windows\System\FvXFuLe.exe
  C:\Windows\System\FvXFuLe.exe
  2⤵
  PID:8368
- C:\Windows\System\jSnbtHL.exe
  C:\Windows\System\jSnbtHL.exe
  2⤵
  PID:8624
- C:\Windows\System\YHiIodQ.exe
  C:\Windows\System\YHiIodQ.exe
  2⤵
  PID:8504
- C:\Windows\System\DXIMyOP.exe
  C:\Windows\System\DXIMyOP.exe
  2⤵
  PID:8116
- C:\Windows\System\VCJGYTr.exe
  C:\Windows\System\VCJGYTr.exe
  2⤵
  PID:9124
- C:\Windows\System\oRjTFgk.exe
  C:\Windows\System\oRjTFgk.exe
  2⤵
  PID:8424
- C:\Windows\System\DsOpmwh.exe
  C:\Windows\System\DsOpmwh.exe
  2⤵
  PID:8464
- C:\Windows\System\GhgYWUz.exe
  C:\Windows\System\GhgYWUz.exe
  2⤵
  PID:8900
- C:\Windows\System\kkgPerZ.exe
  C:\Windows\System\kkgPerZ.exe
  2⤵
  PID:4068
- C:\Windows\System\FmtZXQS.exe
  C:\Windows\System\FmtZXQS.exe
  2⤵
  PID:9196
- C:\Windows\System\eZDlklc.exe
  C:\Windows\System\eZDlklc.exe
  2⤵
  PID:8760
- C:\Windows\System\kJUFUHy.exe
  C:\Windows\System\kJUFUHy.exe
  2⤵
  PID:8004
- C:\Windows\System\NyOpZoi.exe
  C:\Windows\System\NyOpZoi.exe
  2⤵
  PID:8984
- C:\Windows\System\GhihYwl.exe
  C:\Windows\System\GhihYwl.exe
  2⤵
  PID:9140
- C:\Windows\System\vILVhTO.exe
  C:\Windows\System\vILVhTO.exe
  2⤵
  PID:8312
- C:\Windows\System\EBihiBy.exe
  C:\Windows\System\EBihiBy.exe
  2⤵
  PID:8804
- C:\Windows\System\yjlddWU.exe
  C:\Windows\System\yjlddWU.exe
  2⤵
  PID:14360
- C:\Windows\System\PlEwPVZ.exe
  C:\Windows\System\PlEwPVZ.exe
  2⤵
  PID:14388
- C:\Windows\System\qFxjEEe.exe
  C:\Windows\System\qFxjEEe.exe
  2⤵
  PID:14416
- C:\Windows\System\dzUgLCS.exe
  C:\Windows\System\dzUgLCS.exe
  2⤵
  PID:14444
- C:\Windows\System\BTlAjIC.exe
  C:\Windows\System\BTlAjIC.exe
  2⤵
  PID:14472
- C:\Windows\System\mTrjTtv.exe
  C:\Windows\System\mTrjTtv.exe
  2⤵
  PID:14500
- C:\Windows\System\PcGmBav.exe
  C:\Windows\System\PcGmBav.exe
  2⤵
  PID:14528
- C:\Windows\System\RMDBuRQ.exe
  C:\Windows\System\RMDBuRQ.exe
  2⤵
  PID:14556
- C:\Windows\System\PWqGscL.exe
  C:\Windows\System\PWqGscL.exe
  2⤵
  PID:14604
- C:\Windows\System\CKUNUda.exe
  C:\Windows\System\CKUNUda.exe
  2⤵
  PID:14636
- C:\Windows\System\rxwvCSY.exe
  C:\Windows\System\rxwvCSY.exe
  2⤵
  PID:14652
- C:\Windows\System\HpAhRTL.exe
  C:\Windows\System\HpAhRTL.exe
  2⤵
  PID:14684
- C:\Windows\System\oFyCHWS.exe
  C:\Windows\System\oFyCHWS.exe
  2⤵
  PID:14712
- C:\Windows\System\fGoZFSK.exe
  C:\Windows\System\fGoZFSK.exe
  2⤵
  PID:14740
- C:\Windows\System\yJfxZVp.exe
  C:\Windows\System\yJfxZVp.exe
  2⤵
  PID:14768
- C:\Windows\System\hVwLAaG.exe
  C:\Windows\System\hVwLAaG.exe
  2⤵
  PID:14796
- C:\Windows\System\pGeUCSD.exe
  C:\Windows\System\pGeUCSD.exe
  2⤵
  PID:14824
- C:\Windows\System\YmXkUau.exe
  C:\Windows\System\YmXkUau.exe
  2⤵
  PID:14852
- C:\Windows\System\xfaKAzc.exe
  C:\Windows\System\xfaKAzc.exe
  2⤵
  PID:14880
- C:\Windows\System\iywoBNq.exe
  C:\Windows\System\iywoBNq.exe
  2⤵
  PID:14908
- C:\Windows\System\XKnrEoJ.exe
  C:\Windows\System\XKnrEoJ.exe
  2⤵
  PID:14964
- C:\Windows\System\ndQxPmw.exe
  C:\Windows\System\ndQxPmw.exe
  2⤵
  PID:14980
- C:\Windows\System\UaLWKFi.exe
  C:\Windows\System\UaLWKFi.exe
  2⤵
  PID:15008
- C:\Windows\System\rKbUsxs.exe
  C:\Windows\System\rKbUsxs.exe
  2⤵
  PID:15036
- C:\Windows\System\tFXsdBp.exe
  C:\Windows\System\tFXsdBp.exe
  2⤵
  PID:15064
- C:\Windows\System\bBplOIx.exe
  C:\Windows\System\bBplOIx.exe
  2⤵
  PID:15092
- C:\Windows\System\TQKFEZa.exe
  C:\Windows\System\TQKFEZa.exe
  2⤵
  PID:15160
- C:\Windows\System\AETDHFC.exe
  C:\Windows\System\AETDHFC.exe
  2⤵
  PID:15176
- C:\Windows\System\XPeNrri.exe
  C:\Windows\System\XPeNrri.exe
  2⤵
  PID:15204
- C:\Windows\System\VulTtJX.exe
  C:\Windows\System\VulTtJX.exe
  2⤵
  PID:15248
- C:\Windows\System\DxNjkPT.exe
  C:\Windows\System\DxNjkPT.exe
  2⤵
  PID:15316
- C:\Windows\System\abvZgKM.exe
  C:\Windows\System\abvZgKM.exe
  2⤵
  PID:15344
- C:\Windows\System\NyAfZAl.exe
  C:\Windows\System\NyAfZAl.exe
  2⤵
  PID:14372
- C:\Windows\System\gmrUITq.exe
  C:\Windows\System\gmrUITq.exe
  2⤵
  PID:14436
- C:\Windows\System\bRWJsxE.exe
  C:\Windows\System\bRWJsxE.exe
  2⤵
  PID:14492
- C:\Windows\System\UlwkDvR.exe
  C:\Windows\System\UlwkDvR.exe
  2⤵
  PID:14548
- C:\Windows\System\eGzLosI.exe
  C:\Windows\System\eGzLosI.exe
  2⤵
  PID:14592
- C:\Windows\System\jLtwzkT.exe
  C:\Windows\System\jLtwzkT.exe
  2⤵
  PID:3036
- C:\Windows\System\MDlbVLP.exe
  C:\Windows\System\MDlbVLP.exe
  2⤵
  PID:14676
- C:\Windows\System\GOAvdcf.exe
  C:\Windows\System\GOAvdcf.exe
  2⤵
  PID:14724
- C:\Windows\System\mDRActy.exe
  C:\Windows\System\mDRActy.exe
  2⤵
  PID:14788
- C:\Windows\System\IQKXuCi.exe
  C:\Windows\System\IQKXuCi.exe
  2⤵
  PID:14936
- C:\Windows\System\dXUiwtN.exe
  C:\Windows\System\dXUiwtN.exe
  2⤵
  PID:14952
- C:\Windows\System\qQivFGF.exe
  C:\Windows\System\qQivFGF.exe
  2⤵
  PID:15004
- C:\Windows\System\kugYBbN.exe
  C:\Windows\System\kugYBbN.exe
  2⤵
  PID:15076
- C:\Windows\System\ehbRfcv.exe
  C:\Windows\System\ehbRfcv.exe
  2⤵
  PID:15132
- C:\Windows\System\AWJznzW.exe
  C:\Windows\System\AWJznzW.exe
  2⤵
  PID:15188
- C:\Windows\System\YpjghHZ.exe
  C:\Windows\System\YpjghHZ.exe
  2⤵
  PID:15268
- C:\Windows\System\NmaMkaE.exe
  C:\Windows\System\NmaMkaE.exe
  2⤵
  PID:14352
- C:\Windows\System\hlKTdBu.exe
  C:\Windows\System\hlKTdBu.exe
  2⤵
  PID:9596
- C:\Windows\System\pcBnEHm.exe
  C:\Windows\System\pcBnEHm.exe
  2⤵
  PID:9644
- C:\Windows\System\uSlphUZ.exe
  C:\Windows\System\uSlphUZ.exe
  2⤵
  PID:9680
- C:\Windows\System\XwDEomU.exe
  C:\Windows\System\XwDEomU.exe
  2⤵
  PID:14632
- C:\Windows\System\KAFFrAr.exe
  C:\Windows\System\KAFFrAr.exe
  2⤵
  PID:9324
- C:\Windows\System\qKXLWkR.exe
  C:\Windows\System\qKXLWkR.exe
  2⤵
  PID:14708
- C:\Windows\System\yQssfRK.exe
  C:\Windows\System\yQssfRK.exe
  2⤵
  PID:9848
- C:\Windows\System\cgKILSz.exe
  C:\Windows\System\cgKILSz.exe
  2⤵
  PID:9868
- C:\Windows\System\pXeSkOn.exe
  C:\Windows\System\pXeSkOn.exe
  2⤵
  PID:9896
- C:\Windows\System\OiYyKAO.exe
  C:\Windows\System\OiYyKAO.exe
  2⤵
  PID:14992
- C:\Windows\System\WjfHnIR.exe
  C:\Windows\System\WjfHnIR.exe
  2⤵
  PID:9980
- C:\Windows\System\WwDjXdS.exe
  C:\Windows\System\WwDjXdS.exe
  2⤵
  PID:15124
- C:\Windows\System\IFRRHuW.exe
  C:\Windows\System\IFRRHuW.exe
  2⤵
  PID:15168
- C:\Windows\System\nhcIOck.exe
  C:\Windows\System\nhcIOck.exe
  2⤵
  PID:7124
- C:\Windows\System\lcUWhqx.exe
  C:\Windows\System\lcUWhqx.exe
  2⤵
  PID:9436
- C:\Windows\System\wrbkjnf.exe
  C:\Windows\System\wrbkjnf.exe
  2⤵
  PID:3048
- C:\Windows\System\BXRhFDw.exe
  C:\Windows\System\BXRhFDw.exe
  2⤵
  PID:9504
- C:\Windows\System\KEQSzRG.exe
  C:\Windows\System\KEQSzRG.exe
  2⤵
  PID:9568
- C:\Windows\System\RHLfyrr.exe
  C:\Windows\System\RHLfyrr.exe
  2⤵
  PID:9292
- C:\Windows\System\eexsZNE.exe
  C:\Windows\System\eexsZNE.exe
  2⤵
  PID:8564
- C:\Windows\System\GvmQkjE.exe
  C:\Windows\System\GvmQkjE.exe
  2⤵
  PID:14540
- C:\Windows\System\TWzbqfc.exe
  C:\Windows\System\TWzbqfc.exe
  2⤵
  PID:9728
- C:\Windows\System\ltntyVz.exe
  C:\Windows\System\ltntyVz.exe
  2⤵
  PID:9784
- C:\Windows\System\gZvaFjE.exe
  C:\Windows\System\gZvaFjE.exe
  2⤵
  PID:14816
- C:\Windows\System\dbgwGmk.exe
  C:\Windows\System\dbgwGmk.exe
  2⤵
  PID:9768
- C:\Windows\System\hCPPJNH.exe
  C:\Windows\System\hCPPJNH.exe
  2⤵
  PID:14972
- C:\Windows\System\AKuphPM.exe
  C:\Windows\System\AKuphPM.exe
  2⤵
  PID:15288
- C:\Windows\System\ALsSNtI.exe
  C:\Windows\System\ALsSNtI.exe
  2⤵
  PID:9408
- C:\Windows\System\vPTmUBM.exe
  C:\Windows\System\vPTmUBM.exe
  2⤵
  PID:10092
- C:\Windows\System\kbHwpEW.exe
  C:\Windows\System\kbHwpEW.exe
  2⤵
  PID:10148
- C:\Windows\System\nqaONoM.exe
  C:\Windows\System\nqaONoM.exe
  2⤵
  PID:9212
- C:\Windows\System\zYmadIm.exe
  C:\Windows\System\zYmadIm.exe
  2⤵
  PID:9316
- C:\Windows\System\uulghUB.exe
  C:\Windows\System\uulghUB.exe
  2⤵
  PID:9512
- C:\Windows\System\VHunqMo.exe
  C:\Windows\System\VHunqMo.exe
  2⤵
  PID:9268
- C:\Windows\System\JFigsYe.exe
  C:\Windows\System\JFigsYe.exe
  2⤵
  PID:9576
- C:\Windows\System\TfiKzoS.exe
  C:\Windows\System\TfiKzoS.exe
  2⤵
  PID:8560
- C:\Windows\System\pTXnMDd.exe
  C:\Windows\System\pTXnMDd.exe
  2⤵
  PID:10020
- C:\Windows\System\EgeRXrk.exe
  C:\Windows\System\EgeRXrk.exe
  2⤵
  PID:5304
- C:\Windows\System\UTLZCQt.exe
  C:\Windows\System\UTLZCQt.exe
  2⤵
  PID:9904
- C:\Windows\System\fwKKEfF.exe
  C:\Windows\System\fwKKEfF.exe
  2⤵
  PID:9828
- C:\Windows\System\hQPzzZv.exe
  C:\Windows\System\hQPzzZv.exe
  2⤵
  PID:10160
- C:\Windows\System\foTiska.exe
  C:\Windows\System\foTiska.exe
  2⤵
  PID:10100
- C:\Windows\System\GfkljUc.exe
  C:\Windows\System\GfkljUc.exe
  2⤵
  PID:2036
- C:\Windows\System\pscbcfg.exe
  C:\Windows\System\pscbcfg.exe
  2⤵
  PID:10188
- C:\Windows\System\PvuJEwC.exe
  C:\Windows\System\PvuJEwC.exe
  2⤵
  PID:10276
- C:\Windows\System\HvZIvOa.exe
  C:\Windows\System\HvZIvOa.exe
  2⤵
  PID:10296
- C:\Windows\System\jYjXMXm.exe
  C:\Windows\System\jYjXMXm.exe
  2⤵
  PID:6752
- C:\Windows\System\eOqTUvd.exe
  C:\Windows\System\eOqTUvd.exe
  2⤵
  PID:10380
- C:\Windows\System\SDbcVqU.exe
  C:\Windows\System\SDbcVqU.exe
  2⤵
  PID:6852
- C:\Windows\System\zFoDnvS.exe
  C:\Windows\System\zFoDnvS.exe
  2⤵
  PID:10472
- C:\Windows\System\RQtswKH.exe
  C:\Windows\System\RQtswKH.exe
  2⤵
  PID:10532
- C:\Windows\System\LKgyqPw.exe
  C:\Windows\System\LKgyqPw.exe
  2⤵
  PID:10560
- C:\Windows\System\XklNlib.exe
  C:\Windows\System\XklNlib.exe
  2⤵
  PID:9388
- C:\Windows\System\gXXbDKJ.exe
  C:\Windows\System\gXXbDKJ.exe
  2⤵
  PID:10636
- C:\Windows\System\muUrSNc.exe
  C:\Windows\System\muUrSNc.exe
  2⤵
  PID:1600
- C:\Windows\System\WcBscQV.exe
  C:\Windows\System\WcBscQV.exe
  2⤵
  PID:10728
- C:\Windows\System\ocQyXGc.exe
  C:\Windows\System\ocQyXGc.exe
  2⤵
  PID:10776
- C:\Windows\System\prJQejx.exe
  C:\Windows\System\prJQejx.exe
  2⤵
  PID:10812
- C:\Windows\System\PUfpyBS.exe
  C:\Windows\System\PUfpyBS.exe
  2⤵
  PID:9404
- C:\Windows\System\UYLUFdT.exe
  C:\Windows\System\UYLUFdT.exe
  2⤵
  PID:10016
- C:\Windows\System\QMZLlbN.exe
  C:\Windows\System\QMZLlbN.exe
  2⤵
  PID:10980
- C:\Windows\System\ZOYFZUB.exe
  C:\Windows\System\ZOYFZUB.exe
  2⤵
  PID:10052
- C:\Windows\System\HuRbafb.exe
  C:\Windows\System\HuRbafb.exe
  2⤵
  PID:7844
- C:\Windows\System\DDEutEG.exe
  C:\Windows\System\DDEutEG.exe
  2⤵
  PID:11084
- C:\Windows\System\hTGTbjF.exe
  C:\Windows\System\hTGTbjF.exe
  2⤵
  PID:6792
- C:\Windows\System\XDCzTra.exe
  C:\Windows\System\XDCzTra.exe
  2⤵
  PID:9844
- C:\Windows\System\UlKpZtC.exe
  C:\Windows\System\UlKpZtC.exe
  2⤵
  PID:11236
- C:\Windows\System\fSAckJn.exe
  C:\Windows\System\fSAckJn.exe
  2⤵
  PID:10952
- C:\Windows\System\IxxxpXd.exe
  C:\Windows\System\IxxxpXd.exe
  2⤵
  PID:11056
- C:\Windows\System\NgJtnPU.exe
  C:\Windows\System\NgJtnPU.exe
  2⤵
  PID:2520
- C:\Windows\System\DoJNBBb.exe
  C:\Windows\System\DoJNBBb.exe
  2⤵
  PID:10748
- C:\Windows\System\BDNjZbU.exe
  C:\Windows\System\BDNjZbU.exe
  2⤵
  PID:11196
- C:\Windows\System\NrrWbtE.exe
  C:\Windows\System\NrrWbtE.exe
  2⤵
  PID:10284
- C:\Windows\System\tDOLHnr.exe
  C:\Windows\System\tDOLHnr.exe
  2⤵
  PID:10192
- C:\Windows\System\fxncbGc.exe
  C:\Windows\System\fxncbGc.exe
  2⤵
  PID:11112
- C:\Windows\System\ETKPMme.exe
  C:\Windows\System\ETKPMme.exe
  2⤵
  PID:10896
- C:\Windows\System\rgVWtki.exe
  C:\Windows\System\rgVWtki.exe
  2⤵
  PID:11004
- C:\Windows\System\obxfAlh.exe
  C:\Windows\System\obxfAlh.exe
  2⤵
  PID:10808
- C:\Windows\System\KgkGtDT.exe
  C:\Windows\System\KgkGtDT.exe
  2⤵
  PID:11212
- C:\Windows\System\BVLRIgF.exe
  C:\Windows\System\BVLRIgF.exe
  2⤵
  PID:10820
- C:\Windows\System\KQaymao.exe
  C:\Windows\System\KQaymao.exe
  2⤵
  PID:10932
- C:\Windows\System\rrevfBa.exe
  C:\Windows\System\rrevfBa.exe
  2⤵
  PID:10708
- C:\Windows\System\JIBPjkq.exe
  C:\Windows\System\JIBPjkq.exe
  2⤵
  PID:6616
- C:\Windows\System\pdswWNd.exe
  C:\Windows\System\pdswWNd.exe
  2⤵
  PID:11032
- C:\Windows\System\mAnzjQO.exe
  C:\Windows\System\mAnzjQO.exe
  2⤵
  PID:15388
- C:\Windows\System\ThRkDVE.exe
  C:\Windows\System\ThRkDVE.exe
  2⤵
  PID:15420
- C:\Windows\System\fyRKURZ.exe
  C:\Windows\System\fyRKURZ.exe
  2⤵
  PID:15444
- C:\Windows\System\jOQcWQi.exe
  C:\Windows\System\jOQcWQi.exe
  2⤵
  PID:15476
- C:\Windows\System\nWUfzVa.exe
  C:\Windows\System\nWUfzVa.exe
  2⤵
  PID:15500
- C:\Windows\System\GeMlBSQ.exe
  C:\Windows\System\GeMlBSQ.exe
  2⤵
  PID:15532
- C:\Windows\System\mNpAhat.exe
  C:\Windows\System\mNpAhat.exe
  2⤵
  PID:15556
- C:\Windows\System\dURbgJV.exe
  C:\Windows\System\dURbgJV.exe
  2⤵
  PID:15584
- C:\Windows\System\XAbpSDn.exe
  C:\Windows\System\XAbpSDn.exe
  2⤵
  PID:15612
- C:\Windows\System\FqHNYvC.exe
  C:\Windows\System\FqHNYvC.exe
  2⤵
  PID:15640
- C:\Windows\System\HaYxSDd.exe
  C:\Windows\System\HaYxSDd.exe
  2⤵
  PID:15668
- C:\Windows\System\rdHnZMb.exe
  C:\Windows\System\rdHnZMb.exe
  2⤵
  PID:15696
- C:\Windows\System\yXYiFvS.exe
  C:\Windows\System\yXYiFvS.exe
  2⤵
  PID:15724
- C:\Windows\System\JwjivUQ.exe
  C:\Windows\System\JwjivUQ.exe
  2⤵
  PID:15752
- C:\Windows\System\uDXDUJU.exe
  C:\Windows\System\uDXDUJU.exe
  2⤵
  PID:15780
- C:\Windows\System\nZATTaT.exe
  C:\Windows\System\nZATTaT.exe
  2⤵
  PID:15808
- C:\Windows\System\ZQmcvxm.exe
  C:\Windows\System\ZQmcvxm.exe
  2⤵
  PID:15836
- C:\Windows\System\qiMnayX.exe
  C:\Windows\System\qiMnayX.exe
  2⤵
  PID:15864
- C:\Windows\System\ggfktmL.exe
  C:\Windows\System\ggfktmL.exe
  2⤵
  PID:15892
- C:\Windows\System\dcvyPag.exe
  C:\Windows\System\dcvyPag.exe
  2⤵
  PID:15920
- C:\Windows\System\NYLzOLE.exe
  C:\Windows\System\NYLzOLE.exe
  2⤵
  PID:15948
- C:\Windows\System\VkwRnPF.exe
  C:\Windows\System\VkwRnPF.exe
  2⤵
  PID:15976
- C:\Windows\System\oGKEenn.exe
  C:\Windows\System\oGKEenn.exe
  2⤵
  PID:16004
- C:\Windows\System\KDDQSDO.exe
  C:\Windows\System\KDDQSDO.exe
  2⤵
  PID:16036
- C:\Windows\System\prViFqa.exe
  C:\Windows\System\prViFqa.exe
  2⤵
  PID:16064
- C:\Windows\System\OjLpRwU.exe
  C:\Windows\System\OjLpRwU.exe
  2⤵
  PID:16092
- C:\Windows\System\RAWDBAH.exe
  C:\Windows\System\RAWDBAH.exe
  2⤵
  PID:16120
- C:\Windows\System\GunNqTa.exe
  C:\Windows\System\GunNqTa.exe
  2⤵
  PID:16148
- C:\Windows\System\mvqclkl.exe
  C:\Windows\System\mvqclkl.exe
  2⤵
  PID:16176
- C:\Windows\System\pgYqlWX.exe
  C:\Windows\System\pgYqlWX.exe
  2⤵
  PID:16204
- C:\Windows\System\awqUfKN.exe
  C:\Windows\System\awqUfKN.exe
  2⤵
  PID:16232
- C:\Windows\System\rpSiEAE.exe
  C:\Windows\System\rpSiEAE.exe
  2⤵
  PID:16260
- C:\Windows\System\EfxFXqI.exe
  C:\Windows\System\EfxFXqI.exe
  2⤵
  PID:16288
- C:\Windows\System\okiFDVM.exe
  C:\Windows\System\okiFDVM.exe
  2⤵
  PID:16316
- C:\Windows\System\qzHlLDp.exe
  C:\Windows\System\qzHlLDp.exe
  2⤵
  PID:16344
- C:\Windows\System\qiwBoCg.exe
  C:\Windows\System\qiwBoCg.exe
  2⤵
  PID:16372
- C:\Windows\System\MhzHsCE.exe
  C:\Windows\System\MhzHsCE.exe
  2⤵
  PID:15380
- C:\Windows\System\yWypDuu.exe
  C:\Windows\System\yWypDuu.exe
  2⤵
  PID:15428
- C:\Windows\System\neXfgTt.exe
  C:\Windows\System\neXfgTt.exe
  2⤵
  PID:15468
- C:\Windows\System\szldgpG.exe
  C:\Windows\System\szldgpG.exe
  2⤵
  PID:10384
- C:\Windows\System\NckqtVL.exe
  C:\Windows\System\NckqtVL.exe
  2⤵
  PID:15548
- C:\Windows\System\ZqVScTt.exe
  C:\Windows\System\ZqVScTt.exe
  2⤵
  PID:4980
- C:\Windows\System\hvmHHFw.exe
  C:\Windows\System\hvmHHFw.exe
  2⤵
  PID:15632
- C:\Windows\System\AsqwHxv.exe
  C:\Windows\System\AsqwHxv.exe
  2⤵
  PID:15680
- C:\Windows\System\MjUHwyI.exe
  C:\Windows\System\MjUHwyI.exe
  2⤵
  PID:11388
- C:\Windows\System\teyJvuS.exe
  C:\Windows\System\teyJvuS.exe
  2⤵
  PID:11452
- C:\Windows\System\YuftVTl.exe
  C:\Windows\System\YuftVTl.exe
  2⤵
  PID:11508
- C:\Windows\System\YxwDKuT.exe
  C:\Windows\System\YxwDKuT.exe
  2⤵
  PID:15820
- C:\Windows\System\YeJEtuE.exe
  C:\Windows\System\YeJEtuE.exe
  2⤵
  PID:15860
- C:\Windows\System\cmHXlIR.exe
  C:\Windows\System\cmHXlIR.exe
  2⤵
  PID:11620
- C:\Windows\System\xvHkDKQ.exe
  C:\Windows\System\xvHkDKQ.exe
  2⤵
  PID:15932
- C:\Windows\System\VFcrIZe.exe
  C:\Windows\System\VFcrIZe.exe
  2⤵
  PID:15972
- C:\Windows\System\CrlDGwp.exe
  C:\Windows\System\CrlDGwp.exe
  2⤵
  PID:16076
- C:\Windows\System\zGdhouW.exe
  C:\Windows\System\zGdhouW.exe
  2⤵
  PID:16140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\FPndlLu.exe

Filesize
6.0MB

MD5
4b7ec1c3302cc69fd8460c72b0c3c30b

SHA1
b5fbebed35dc9751b69b8a3c78f7d05ce278e2a9

SHA256
0c9bbd07f65c62af031636f7f6d5bc21d5cbf59cd66e33f7de147b5b0fa48ba6

SHA512
f6d3f178c381608fb9a8be7ff7e062fd02fb8a215e8992ba7719625f3f399afa2f7e8aeadbc635834513e6a7a8ed1ad192f9df732eb0a7f15f42848516371c99

Download Submit
C:\Windows\System\GSYrNEg.exe

Filesize
6.0MB

MD5
fec96a16662257609702fb32eb14b559

SHA1
29b6469c3abe27568e1d5f26967f25a1c42f6c0b

SHA256
83af96de3c72170e3730767ce3410e03206811bc6c9107e9a593d6b1095418d8

SHA512
6f767abe5767afdc4872793090d5530fac6118057ee8c04735c11c741f2d945223daeae73dd9cc86b30f4f343e1d450f2f6d95d030eed29e5eba3715e9062356

Download Submit
C:\Windows\System\IzOGzep.exe

Filesize
6.0MB

MD5
a6421966f6a1e869b7eebc3c5c3fe427

SHA1
1f246c30ae252ccf4e94b4514458d798331b59e0

SHA256
c5a5a0135dd692bf3a6cca44abae797705bb5b6421964fb9c8818a12a8d21147

SHA512
dc7e266e18a381efaedb3f79458fc843eb8fb1dcc427a1e453d242630a6c639a46659981a9f7b2ebd2438a8b000aa97967cded2312ab54995f4d0a647ccc3114

Download Submit
C:\Windows\System\JnokDjA.exe

Filesize
6.0MB

MD5
3bcfed3daaa2283738d5d0f34bc71abf

SHA1
2d1a353e3f8a7676dd7649643b577f446b8196c4

SHA256
e0bfe69127297bff13a0cf418d82437c5685f4008a3a72855cac9cccbe519b2d

SHA512
9ebba7a54bd85aed3a9ed5a696baedd1d84585689ff49eaf79e06f7528352a93e995f43bc463b04f60cd2e3d7037f5c10226f1192cf51bdcfe50480b8d3f0ba2

Download Submit
C:\Windows\System\JwHnmaq.exe

Filesize
6.0MB

MD5
9e8a82d722feb12a89014f0276de3059

SHA1
44239e5fa594f441258577ff26483f1ee43fdc98

SHA256
edb47fcd3a637dabab7319d2947f7853d2682a16fd133d8b97d50d4ef1ef4c59

SHA512
710f85dad043a45031817c74e224467505f0e18c4cb6661193b0d8e72aef7c1c09e76f7531fb7e1f9e95b7e5bb68b4c66329ad5d55d8c4ae7b338c0d2e255852

Download Submit
C:\Windows\System\NUQaMsD.exe

Filesize
6.0MB

MD5
1bf41c616866d4f280ab5dc96049907c

SHA1
d583cf161a93fd24365b458dc5378d16074aab54

SHA256
1d3a0544a9ed98b4a5e4b7d504035e9cd001cc80e5360642ee729fca0a6fa72c

SHA512
ab081c54b67a6ba319e9a6e189eda076c5c55ac287173b59a0dd66b661aa9750596a86349da34cda948e02ab47122a0882a98076a12c91c92aa6bc6b819e306a

Download Submit
C:\Windows\System\OcCeOIx.exe

Filesize
6.0MB

MD5
b145e0f4b301531351627686363f2da4

SHA1
684a675ca095234306b8a58fff166fc544106698

SHA256
2ad72b42bb92cbd9ea7970b45d50f716da7dd9dad654bafd01da4209e03cf382

SHA512
a36f58e7ab437ce864110c3e59b593de020547d7983a49376e53ac39d436f2b1694fb9de3a23587cddcea1883b2ca25e02a94f0a45618f5eba3e490ce327883c

Download Submit
C:\Windows\System\PicECOL.exe

Filesize
6.0MB

MD5
c7ff7993b18a7f01d42ec53b73bdf5cd

SHA1
543c031f40586cba6f421485abfadb8973e822ef

SHA256
535f478c9ca3ff2ccf5cbd0a21ea4b6cd2fae3f5aa26583cad8430d0c3e022d9

SHA512
cc2af459763dc4834be538673c2d00cec7680c33851b1d506519da7e033d750340b71ef64bfe5838969414d74cf1315a69787fe610ebd3f718ff361709dd0535

Download Submit
C:\Windows\System\QLFkIDo.exe

Filesize
6.0MB

MD5
75157e14898764510d8e0f049d177932

SHA1
eab24f304b033b76f1990735dfd95b12543b07cc

SHA256
fa02ab153715eb712b2e3f904d87fb7874c514df90c56af2145c2d2d48b01145

SHA512
a1ead1b5dcea29ade36165c968b14a192af4d154567c245b6833f709c54cc267d204caf031d52c2d944f766ad0cd0c70b1c4eee4a0c9abeae9121251f1bc6c6d

Download Submit
C:\Windows\System\UIXSwhQ.exe

Filesize
6.0MB

MD5
e1d937149b47741fb4614a371e604bb0

SHA1
7c6ba3ea5acbf04dc0dcc1ad4692882f7da9ffe0

SHA256
04be942172e42c4663e94588116f22d170c7cdfd1261b30037162bbd2cb3eba9

SHA512
dd612ea0563c00a6bd450786619dd404dcdc4eb1803ea7fd2fbe205c10e5e30b5c472bad82b82ab7c289c2666680f422eb425bb3049ee62b5a233dc79cbaeda6

Download Submit
C:\Windows\System\UNTwlnZ.exe

Filesize
6.0MB

MD5
9a5dd6d415afbacd0194729434c48890

SHA1
9c5c8d1be31faa323fc860a24ad1f2d91c87c3fa

SHA256
a3197ac9e25589593debaa99e589d6fd98c6ce089ae96cf464810e6d771faad7

SHA512
894da588ba47a75dd2669b116201e31e64a2ea9821280725e2ec0e6c3224754202cc91fd520307c4cc039b5e5e35e5c0705a9a3bd5177906daf4f2000663386b

Download Submit
C:\Windows\System\WCQwxej.exe

Filesize
6.0MB

MD5
5114224061263de6a4fa4d8089681cec

SHA1
f370ba414f6c40a65df808fb9e9d6973c574ea63

SHA256
7a261df589b056b943a53451a6b4bf0b327f11b2aae9816687bde7cbf9e545bb

SHA512
248b27a5d22d9d9d3131f901a778aba98f523e9ea265882014b413b5948c50b24eacdfc1eab6b9865106ee4d42772186ccc3e6e326a0e77ea78f67738b518d2f

Download Submit
C:\Windows\System\WGNaaeN.exe

Filesize
6.0MB

MD5
73c0c22b9e38b502e2064c28d559673f

SHA1
2a571c2e565b9555c8f792f38dc03a7de468c2f6

SHA256
07fa64df5145bb2b6312e7f4c30aa2808fa156f03bc0a55eead9fac925481a61

SHA512
673d540768a5a0939f6da12cd4358f8d33c66d2c6330eb300e2f9a41e49a97d7d88ae09f6f789dca13f5becd367fdd4ad01b03c74158270145a15a1fc425904a

Download Submit
C:\Windows\System\ZWhlPkT.exe

Filesize
6.0MB

MD5
6e307594559e79cd01f0b8c9ffb5eac6

SHA1
4fc15bdf93b67d7326ce6e0f734143f1abed9c29

SHA256
df6eb86483ebc71ecdf90f5aa34ea447c2df1c5b888259e97a46f26b6d0c2221

SHA512
85a7b984c5eadc5e492c2d0ea9da6c36a22c97abc4d3aeba635bce9f341a5ab5cac5a001ed15a5d5acf4bb90c5a260505c2068e527e4d363c1246adcfbfc18db

Download Submit
C:\Windows\System\abzrQsJ.exe

Filesize
6.0MB

MD5
aed107aec7f95426aff8a8842894aa33

SHA1
b78dca9c025debb669a843c730196906d6332e4c

SHA256
806636b97b080ca6d361c8abd4854165e48e707eeeb3816fc68998ac002a3d3c

SHA512
389864048758972c03b6da6a6b60d37ff30c7f1c93a2eeaeef882f3afd07de61afabc111784559f000b6df79e97e196a39891f0eac8588e738c85c4b358ed69a

Download Submit
C:\Windows\System\azIDeyn.exe

Filesize
6.0MB

MD5
e848bf83017f184514545ff0088df96f

SHA1
0dc80ef3557f256c65de4e988831bd91ccc24721

SHA256
bd2bf15f76f8fce5abd535afa5b8cdcc335bca128780bac7c1b129f45e29dc9b

SHA512
376e94b6e38f0bc7abb5fd01417529c98633e2045edbe236f431ad2b9549c565e69ff1fbb4470c707aab7991ee7b5f97e5fd578c573abeacf368be451adf7018

Download Submit
C:\Windows\System\dbUQwfi.exe

Filesize
6.0MB

MD5
21540252cbffc53ea65c17f7a1f907c7

SHA1
2b7cd94f74d92b2cb44ae111701237644825164f

SHA256
b65bf2c6aa8b595d75e5ec90435fc8a182aafad17c60e9f6936cfedfa0b55aff

SHA512
6320e3703b8f3c105557a12d4baed7f1dd749292fea74bc4786d5c8152102ad0059d2ccc6a6c86db3a8194aa21d05033f5bcf75d5adc3c66970e876ad4927bc9

Download Submit
C:\Windows\System\gecAySA.exe

Filesize
6.0MB

MD5
2f7af56ed42c5cf7eb3c348f3af5c525

SHA1
ed12ac9d3120a67074d7a7ac72180eca12308b6d

SHA256
adf761a4aa1fc9c4e63e0145cde6c5d45f54bc0cef5e896f34ab8ba15d8354b1

SHA512
38dbd110aaffe94a33b711692782a5a986869211f5278ca8a890a095858639757b3453a86a03c723290786dd692ec022806f233c75ca8d067b4ce86132be96f4

Download Submit
C:\Windows\System\gzGjqmr.exe

Filesize
6.0MB

MD5
a551d773cff250d1ff4b5242a0efa533

SHA1
a4b10b9efbcc5d7a6617608b099a364dede5bd60

SHA256
2d102ab4bc03a879ee5b363384640b94a0a6ecb4a18134fd894ea287ccdb73a4

SHA512
fbe0551b2fdff3df63d66d65f67289c36afa7f8bde4b01d76423dcc85d1d74c8515ef1035a78813f829c593393241b5e149fe9501e349c8b090484a39e2382cb

Download Submit
C:\Windows\System\hhFQZZf.exe

Filesize
6.0MB

MD5
3300172243f5e85df30241d8164031ac

SHA1
df2d2d83f0bf9631e986d90e41613b0a24789e0b

SHA256
765f113e5d860ec87ad6918c5ffbff2204ece665c00b8a3d99239a562891ab8a

SHA512
9720ae5debcecc06e618680613fc8e7675ea9dfe3c896adc4b0956c36e31d5b6a0b5f111c0b76c8b2bfceefbe3773257d0cbd2ba2075896ae3950044700be44b

Download Submit
C:\Windows\System\lkMdyPd.exe

Filesize
6.0MB

MD5
37baac964d6ff5d6798ac8f939e3098a

SHA1
f0bc261327e50da45026419e74b331cb18c6d494

SHA256
25a2220cfddae16c1a670a267563d0df91df094a45908f5ef68a341f7b36306f

SHA512
7a052549595b10d878f71ae1c3d7af85be843a1fa929e7cedaec2469f4687ffbf4a1ca20244aaf6d65e815472c070db9dac4868d6bd40300409afdf87489c159

Download Submit
C:\Windows\System\msAOtSD.exe

Filesize
6.0MB

MD5
e281880572e99f6b0afb9a24ae5f61e2

SHA1
bab8139c63247cf9ac04dce106deca3cb1478578

SHA256
168c598a516368c2cba28efe77d27875d89ebc314950cf6ac196c70b99d15b89

SHA512
e0fde7a73279c6ecad8f5a4f73196e67eb8ebbbb612d0442e093acaf753cb3f076885388a07985fc716e4887b63a4e7cbaf262a39d345dc555742d2d4578b08e

Download Submit
C:\Windows\System\ntiHqbY.exe

Filesize
6.0MB

MD5
b218d82c30ab1b0892b925322ccc4396

SHA1
d23ec926e7a8b98f2c7d4445761bd84ed28c5c4d

SHA256
3a1132f102aa8be71970016da57c2e414ed2c1abd4244bf15a4f472d604f89bc

SHA512
2c6985139ed1ce6215f8cacc867e547b954ca88202ac4098bd6e7d5aa73b6b2901c36ccf8b7bed8978b574c42a53553bc13f1b83f7e51b08e10ef5dcf821d50b

Download Submit
C:\Windows\System\oHpnAOA.exe

Filesize
6.0MB

MD5
f89c428f648db62bf069f32c667657f2

SHA1
da04b833793b63c63fe76af65d170314be8871a5

SHA256
d1b6c2a828cf0adacb6787d6da06788858f2be196f6a9b3965a0f3cbe018543a

SHA512
cbd46b8d5024e81e9668cf3a436bdac1e861c0f2a9580425253c4a90992b2d88434e459876f7d4d21971181fe15208f1760e43f15806ea722bc980310090aed7

Download Submit
C:\Windows\System\pJlYPAp.exe

Filesize
6.0MB

MD5
2ea57c3586d314113b2ce7070db53eef

SHA1
e67e77676b734bea3de1886409f7cb04e762e63b

SHA256
024fe5a269afd7c66aea1991f9109ceef15ed999ca4da1c6a61d54ddd045e432

SHA512
5a6fd326f84389319a3cd7417f79fc63bc4342156e9b4dff722a241d2c17d93d676aef44f1705e2383f109f1a1c5db565c9860c74c879ff6c1c0034ec39bcdae

Download Submit
C:\Windows\System\ptkMexp.exe

Filesize
6.0MB

MD5
02be96a1e05cec8a0cdf24f81788e47c

SHA1
569f5bc7faaa9e1f1374ce99ad78a603e15a7e0a

SHA256
84c590cab86b5fb73f5b4d93d4272f95f7a7340e9e269cd3b022c640da616a96

SHA512
a2471872e366a1d5279f2bf30d05fe97e95ee62b5b28a31da86dbf2f43691088ce7eb042f20bfc9a5b03d03b7a4b9c074ed7072cfb334cddfed54351cf48ae6a

Download Submit
C:\Windows\System\qCajvgo.exe

Filesize
6.0MB

MD5
c9e4cdffab53c3b6781276208746c7e8

SHA1
cee928158551b31fd073c2a4ce5fd1c720012f4e

SHA256
1127ff897dae896e871d528daea57d528fbb80eb5a899bc9496e6bd8817f7584

SHA512
4407db9fa3c4031695e4a202cef60a7e7e59501987c75f0b905abcc7943890a5bbc8068440cbe62160c248bc4939d011ba0a02446cd29ce6886ad91dc2aca6ce

Download Submit
C:\Windows\System\rsFrJpH.exe

Filesize
6.0MB

MD5
61f068d945818eeded718034a822dd97

SHA1
595747998f8df366b38d6790292fdf563a6aad22

SHA256
d78624e72ef3ada5199b20877571cbf55a5c94fbb0a6027d19b65346c06e34d7

SHA512
0546c84ed17466792a966b1ffbe9340d75c2c269b66f99f9e2e5e072fdb1e0b53ed7e585b4ba23b1dbf2dfee5e03a9999fdc0137a2781d356b5bd99918108e37

Download Submit
C:\Windows\System\sJFnPnl.exe

Filesize
6.0MB

MD5
6a4c6fe4c77b90ba0b0bf75a97962b92

SHA1
03ebb66aba51d2427167db044219bba5c094e8da

SHA256
35bdec87ec24fdcf25a965172b1edfba0ca488350fbc3773c8fbf63778a027e7

SHA512
69bfc3fbd9e9924f7fae977374a0c88fe29133d2dd1f7d340a807d49f1f8e26564f7273b67f57824219b3509960e383c6eeab7786c620572022be29438c2be3c

Download Submit
C:\Windows\System\uHWBEOc.exe

Filesize
6.0MB

MD5
ac0131aeb4ede24c845eddf129691987

SHA1
6f8b7d41fcc909d8befaac17cdd59b2db9cdf29e

SHA256
4074c92c584cb6bfc38a02108d1e94bc495efaba8b77bda2b2719151e6d120b7

SHA512
2189e88cfb300c7c5a4c4aaa4912c4491a33dbf96d445216302829219a3da5313dacff788dac8edf6f79362aafe4cc6319a07596d97f2165137ce474d019cfc2

Download Submit
C:\Windows\System\ufJMayV.exe

Filesize
6.0MB

MD5
48d70f076d87ea9fc9cd62c58cb6dd38

SHA1
6694db729d4b14903622aecfb4726758583733fb

SHA256
a924bded7661bcc4de837fffad0b97959d9e957bb106f354d5b97e364fb990da

SHA512
1efb458a0b38fedcedba5b5824b2dd70e07a83af5957d80561476e37b1c461a2e83bd4e29faf25827908eb88bd98b926272f685bef0d5539aae21b9bda94b7ab

Download Submit
C:\Windows\System\uitPgnn.exe

Filesize
6.0MB

MD5
cc0f2d4bce81bcd87905054509cb17e6

SHA1
7f2df1ba8d499012f0dccfae974c3e59f5c13ea3

SHA256
9973cf50895f6de79c907f8364e38786a802a22f53c1a2f859055be3e00c2158

SHA512
3a1087504e4aeb4ff254b65f71b44a35d3474fa1349db656d1eafea6a00ba188c07fee2ffda6405a38178835e0c7f4d94d99464cb613f20b63f1386303c72f38

Download Submit
C:\Windows\System\zilJrRc.exe

Filesize
6.0MB

MD5
0bb099e16275f395d99c7661102b72d7

SHA1
36ee8b9d254cb24d9a8883bafc525fc2937e3467

SHA256
a4de09df77de776e3293d879eb84594eae89d9d9a109028f84ffef277b4adcba

SHA512
af360c35af71fd4cb0ba3aa5d5ae0857933639a08c71849d999fb4395fb8168f0995224de951d8d1ff2a7cb87e7f189acad7d5c0a8b21637b9a1ebd98f157a13

Download Submit
memory/232-1139-0x00007FF736770000-0x00007FF736AC4000-memory.dmp

Filesize
3.3MB

Download
memory/232-59-0x00007FF736770000-0x00007FF736AC4000-memory.dmp

Filesize
3.3MB

Download
memory/700-1669-0x00007FF726B90000-0x00007FF726EE4000-memory.dmp

Filesize
3.3MB

Download
memory/700-127-0x00007FF726B90000-0x00007FF726EE4000-memory.dmp

Filesize
3.3MB

Download
memory/700-261-0x00007FF726B90000-0x00007FF726EE4000-memory.dmp

Filesize
3.3MB

Download
memory/724-2108-0x00007FF7534B0000-0x00007FF753804000-memory.dmp

Filesize
3.3MB

Download
memory/724-192-0x00007FF7534B0000-0x00007FF753804000-memory.dmp

Filesize
3.3MB

Download
memory/724-655-0x00007FF7534B0000-0x00007FF753804000-memory.dmp

Filesize
3.3MB

Download
memory/1892-97-0x00007FF7D1860000-0x00007FF7D1BB4000-memory.dmp

Filesize
3.3MB

Download
memory/1892-1-0x000002806A140000-0x000002806A150000-memory.dmp

Filesize
64KB

Download
memory/1892-0-0x00007FF7D1860000-0x00007FF7D1BB4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-123-0x00007FF7B34A0000-0x00007FF7B37F4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-1666-0x00007FF7B34A0000-0x00007FF7B37F4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-179-0x00007FF7AF390000-0x00007FF7AF6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-560-0x00007FF7AF390000-0x00007FF7AF6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-2097-0x00007FF7AF390000-0x00007FF7AF6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-1164-0x00007FF77F8C0000-0x00007FF77FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2612-79-0x00007FF77F8C0000-0x00007FF77FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2656-456-0x00007FF7B3250000-0x00007FF7B35A4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1961-0x00007FF7B3250000-0x00007FF7B35A4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-159-0x00007FF7B3250000-0x00007FF7B35A4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1963-0x00007FF7A6740000-0x00007FF7A6A94000-memory.dmp

Filesize
3.3MB

Download
memory/2672-158-0x00007FF7A6740000-0x00007FF7A6A94000-memory.dmp

Filesize
3.3MB

Download
memory/2672-455-0x00007FF7A6740000-0x00007FF7A6A94000-memory.dmp

Filesize
3.3MB

Download
memory/2784-125-0x00007FF727020000-0x00007FF727374000-memory.dmp

Filesize
3.3MB

Download
memory/2784-1145-0x00007FF727020000-0x00007FF727374000-memory.dmp

Filesize
3.3MB

Download
memory/2784-42-0x00007FF727020000-0x00007FF727374000-memory.dmp

Filesize
3.3MB

Download
memory/2908-110-0x00007FF792980000-0x00007FF792CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-1128-0x00007FF792980000-0x00007FF792CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-11-0x00007FF792980000-0x00007FF792CD4000-memory.dmp

Filesize
3.3MB

Download
memory/3148-1152-0x00007FF6901D0000-0x00007FF690524000-memory.dmp

Filesize
3.3MB

Download
memory/3148-71-0x00007FF6901D0000-0x00007FF690524000-memory.dmp

Filesize
3.3MB

Download
memory/3204-168-0x00007FF7E7FD0000-0x00007FF7E8324000-memory.dmp

Filesize
3.3MB

Download
memory/3204-1649-0x00007FF7E7FD0000-0x00007FF7E8324000-memory.dmp

Filesize
3.3MB

Download
memory/3204-86-0x00007FF7E7FD0000-0x00007FF7E8324000-memory.dmp

Filesize
3.3MB

Download
memory/3300-133-0x00007FF63FA90000-0x00007FF63FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/3300-72-0x00007FF63FA90000-0x00007FF63FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/3300-1169-0x00007FF63FA90000-0x00007FF63FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/3340-170-0x00007FF74DC20000-0x00007FF74DF74000-memory.dmp

Filesize
3.3MB

Download
memory/3340-96-0x00007FF74DC20000-0x00007FF74DF74000-memory.dmp

Filesize
3.3MB

Download
memory/3340-1657-0x00007FF74DC20000-0x00007FF74DF74000-memory.dmp

Filesize
3.3MB

Download
memory/3388-134-0x00007FF648310000-0x00007FF648664000-memory.dmp

Filesize
3.3MB

Download
memory/3388-1887-0x00007FF648310000-0x00007FF648664000-memory.dmp

Filesize
3.3MB

Download
memory/3388-343-0x00007FF648310000-0x00007FF648664000-memory.dmp

Filesize
3.3MB

Download
memory/3764-122-0x00007FF78B000000-0x00007FF78B354000-memory.dmp

Filesize
3.3MB

Download
memory/3764-1136-0x00007FF78B000000-0x00007FF78B354000-memory.dmp

Filesize
3.3MB

Download
memory/3764-21-0x00007FF78B000000-0x00007FF78B354000-memory.dmp

Filesize
3.3MB

Download
memory/4180-1173-0x00007FF7EDF70000-0x00007FF7EE2C4000-memory.dmp

Filesize
3.3MB

Download
memory/4180-77-0x00007FF7EDF70000-0x00007FF7EE2C4000-memory.dmp

Filesize
3.3MB

Download
memory/4192-347-0x00007FF600550000-0x00007FF6008A4000-memory.dmp

Filesize
3.3MB

Download
memory/4192-1959-0x00007FF600550000-0x00007FF6008A4000-memory.dmp

Filesize
3.3MB

Download
memory/4192-156-0x00007FF600550000-0x00007FF6008A4000-memory.dmp

Filesize
3.3MB

Download
memory/4472-184-0x00007FF7872D0000-0x00007FF787624000-memory.dmp

Filesize
3.3MB

Download
memory/4472-106-0x00007FF7872D0000-0x00007FF787624000-memory.dmp

Filesize
3.3MB

Download
memory/4472-1665-0x00007FF7872D0000-0x00007FF787624000-memory.dmp

Filesize
3.3MB

Download
memory/4576-1149-0x00007FF7C8A80000-0x00007FF7C8DD4000-memory.dmp

Filesize
3.3MB

Download
memory/4576-70-0x00007FF7C8A80000-0x00007FF7C8DD4000-memory.dmp

Filesize
3.3MB

Download
memory/4644-78-0x00007FF61FC70000-0x00007FF61FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/4644-1165-0x00007FF61FC70000-0x00007FF61FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/4712-191-0x00007FF627340000-0x00007FF627694000-memory.dmp

Filesize
3.3MB

Download
memory/4712-1670-0x00007FF627340000-0x00007FF627694000-memory.dmp

Filesize
3.3MB

Download
memory/4712-120-0x00007FF627340000-0x00007FF627694000-memory.dmp

Filesize
3.3MB

Download
memory/4736-1147-0x00007FF624440000-0x00007FF624794000-memory.dmp

Filesize
3.3MB

Download
memory/4736-126-0x00007FF624440000-0x00007FF624794000-memory.dmp

Filesize
3.3MB

Download
memory/4736-49-0x00007FF624440000-0x00007FF624794000-memory.dmp

Filesize
3.3MB

Download
memory/4752-1124-0x00007FF685550000-0x00007FF6858A4000-memory.dmp

Filesize
3.3MB

Download
memory/4752-103-0x00007FF685550000-0x00007FF6858A4000-memory.dmp

Filesize
3.3MB

Download
memory/4752-6-0x00007FF685550000-0x00007FF6858A4000-memory.dmp

Filesize
3.3MB

Download
memory/4808-1897-0x00007FF67A0B0000-0x00007FF67A404000-memory.dmp

Filesize
3.3MB

Download
memory/4808-157-0x00007FF67A0B0000-0x00007FF67A404000-memory.dmp

Filesize
3.3MB

Download
memory/4856-172-0x00007FF637150000-0x00007FF6374A4000-memory.dmp

Filesize
3.3MB

Download
memory/4856-2088-0x00007FF637150000-0x00007FF6374A4000-memory.dmp

Filesize
3.3MB

Download
memory/4856-559-0x00007FF637150000-0x00007FF6374A4000-memory.dmp

Filesize
3.3MB

Download
memory/4916-35-0x00007FF659F90000-0x00007FF65A2E4000-memory.dmp

Filesize
3.3MB

Download
memory/4916-1146-0x00007FF659F90000-0x00007FF65A2E4000-memory.dmp

Filesize
3.3MB

Download
memory/4916-124-0x00007FF659F90000-0x00007FF65A2E4000-memory.dmp

Filesize
3.3MB

Download
memory/4992-1654-0x00007FF66B4A0000-0x00007FF66B7F4000-memory.dmp

Filesize
3.3MB

Download
memory/4992-102-0x00007FF66B4A0000-0x00007FF66B7F4000-memory.dmp

Filesize
3.3MB

Download
memory/5032-1894-0x00007FF7FA400000-0x00007FF7FA754000-memory.dmp

Filesize
3.3MB

Download
memory/5032-154-0x00007FF7FA400000-0x00007FF7FA754000-memory.dmp

Filesize
3.3MB

Download