cobaltstrike | d7b74a9aa3507287debc5eae276ead44f3de9e8eba7b82f94932ee3e3d29040e

Analysis

max time kernel
141s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 04:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ce5ee7fd2a185ae5f8817528976b8e3b
SHA1

af289a4e78bf60ae2a3311a0e3a6600abdc7054b
SHA256

d7b74a9aa3507287debc5eae276ead44f3de9e8eba7b82f94932ee3e3d29040e
SHA512

5c0438246e586ed6b793aff6d6fcb86580548c9d41106c6680e432431d00dc86991bb68699ce588878f7fad3a8ba2e709d70a3f6e1d237b6fc5d0c0d7cfa0f71
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU/:T+q56utgpPF8u/7/

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000b000000023b8e-5.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b93-17.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b92-12.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b94-24.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b8f-29.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b95-36.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b96-40.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b97-47.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b98-50.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b99-60.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9b-65.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9e-79.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9d-75.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9c-70.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9f-94.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba0-95.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba1-100.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba2-105.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba3-114.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023ba4-120.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba5-124.dat	cobalt_reflective_dll
behavioral2/files/0x0058000000023ba6-127.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba7-138.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba8-146.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba9-154.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023baa-162.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bab-163.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bac-172.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bad-179.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bae-190.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023baf-194.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb1-195.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb0-191.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1404-0-0x00007FF6B1E00000-0x00007FF6B2154000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b8e-5.dat	xmrig
behavioral2/memory/4928-11-0x00007FF6513A0000-0x00007FF6516F4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b93-17.dat	xmrig
behavioral2/files/0x000a000000023b92-12.dat	xmrig
behavioral2/memory/2700-19-0x00007FF63E110000-0x00007FF63E464000-memory.dmp	xmrig
behavioral2/memory/2032-20-0x00007FF78E050000-0x00007FF78E3A4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b94-24.dat	xmrig
behavioral2/files/0x000b000000023b8f-29.dat	xmrig
behavioral2/memory/4660-31-0x00007FF68A200000-0x00007FF68A554000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b95-36.dat	xmrig
behavioral2/memory/5024-34-0x00007FF7A5880000-0x00007FF7A5BD4000-memory.dmp	xmrig
behavioral2/memory/3788-38-0x00007FF7E63A0000-0x00007FF7E66F4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b96-40.dat	xmrig
behavioral2/files/0x000a000000023b97-47.dat	xmrig
behavioral2/files/0x000a000000023b98-50.dat	xmrig
behavioral2/files/0x000a000000023b99-60.dat	xmrig
behavioral2/files/0x000a000000023b9b-65.dat	xmrig
behavioral2/files/0x000a000000023b9e-79.dat	xmrig
behavioral2/memory/3296-81-0x00007FF611370000-0x00007FF6116C4000-memory.dmp	xmrig
behavioral2/memory/4004-84-0x00007FF7922D0000-0x00007FF792624000-memory.dmp	xmrig
behavioral2/memory/2700-88-0x00007FF63E110000-0x00007FF63E464000-memory.dmp	xmrig
behavioral2/memory/2036-89-0x00007FF658090000-0x00007FF6583E4000-memory.dmp	xmrig
behavioral2/memory/1980-87-0x00007FF6FB070000-0x00007FF6FB3C4000-memory.dmp	xmrig
behavioral2/memory/4976-86-0x00007FF7FEA60000-0x00007FF7FEDB4000-memory.dmp	xmrig
behavioral2/memory/2864-82-0x00007FF7A2050000-0x00007FF7A23A4000-memory.dmp	xmrig
behavioral2/memory/4928-78-0x00007FF6513A0000-0x00007FF6516F4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9d-75.dat	xmrig
behavioral2/files/0x000a000000023b9c-70.dat	xmrig
behavioral2/memory/1404-52-0x00007FF6B1E00000-0x00007FF6B2154000-memory.dmp	xmrig
behavioral2/memory/448-51-0x00007FF6C6FF0000-0x00007FF6C7344000-memory.dmp	xmrig
behavioral2/memory/1244-44-0x00007FF738110000-0x00007FF738464000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9f-94.dat	xmrig
behavioral2/files/0x000a000000023ba0-95.dat	xmrig
behavioral2/memory/3136-101-0x00007FF6E9B10000-0x00007FF6E9E64000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba1-100.dat	xmrig
behavioral2/files/0x000a000000023ba2-105.dat	xmrig
behavioral2/files/0x000a000000023ba3-114.dat	xmrig
behavioral2/memory/4368-108-0x00007FF78AE70000-0x00007FF78B1C4000-memory.dmp	xmrig
behavioral2/memory/4552-117-0x00007FF6C1600000-0x00007FF6C1954000-memory.dmp	xmrig
behavioral2/files/0x0031000000023ba4-120.dat	xmrig
behavioral2/memory/2380-121-0x00007FF6E3D50000-0x00007FF6E40A4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba5-124.dat	xmrig
behavioral2/files/0x0058000000023ba6-127.dat	xmrig
behavioral2/memory/4408-134-0x00007FF7B37A0000-0x00007FF7B3AF4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba7-138.dat	xmrig
behavioral2/files/0x000a000000023ba8-146.dat	xmrig
behavioral2/memory/448-148-0x00007FF6C6FF0000-0x00007FF6C7344000-memory.dmp	xmrig
behavioral2/memory/2560-149-0x00007FF63AC40000-0x00007FF63AF94000-memory.dmp	xmrig
behavioral2/memory/1244-147-0x00007FF738110000-0x00007FF738464000-memory.dmp	xmrig
behavioral2/memory/3888-143-0x00007FF6E3570000-0x00007FF6E38C4000-memory.dmp	xmrig
behavioral2/memory/1320-135-0x00007FF69EFD0000-0x00007FF69F324000-memory.dmp	xmrig
behavioral2/memory/3452-132-0x00007FF69AF10000-0x00007FF69B264000-memory.dmp	xmrig
behavioral2/memory/4076-125-0x00007FF600000000-0x00007FF600354000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba9-154.dat	xmrig
behavioral2/files/0x000a000000023baa-162.dat	xmrig
behavioral2/files/0x000a000000023bab-163.dat	xmrig
behavioral2/files/0x000a000000023bac-172.dat	xmrig
behavioral2/memory/1876-173-0x00007FF6623C0000-0x00007FF662714000-memory.dmp	xmrig
behavioral2/memory/4368-170-0x00007FF78AE70000-0x00007FF78B1C4000-memory.dmp	xmrig
behavioral2/memory/1020-167-0x00007FF666900000-0x00007FF666C54000-memory.dmp	xmrig
behavioral2/memory/1904-166-0x00007FF6EA9A0000-0x00007FF6EACF4000-memory.dmp	xmrig
behavioral2/memory/352-159-0x00007FF7DC510000-0x00007FF7DC864000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bad-179.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4928	UeBphtg.exe
2700	dWKkuFu.exe
2032	AAVDqUP.exe
4660	GiBsOZH.exe
5024	ljqhfek.exe
3788	WtllcLw.exe
1244	Tqjjkwi.exe
448	BhuHjgP.exe
3296	tFGLlVh.exe
1980	TKIATVw.exe
2864	chKRJIB.exe
4004	YpOfmdD.exe
4976	pKrZxKC.exe
2036	ikbpcYJ.exe
3136	CHIQJFB.exe
4368	eALkYWO.exe
4552	iOlqIFf.exe
2380	dphsBkr.exe
4076	dwXgPGD.exe
3452	UYgqkco.exe
4408	pIwQRhC.exe
1320	trVhwIi.exe
3888	kkvnBYt.exe
2560	tiVKdsn.exe
352	eDNovUL.exe
1904	yIphStR.exe
1020	oLcyPms.exe
1876	IqiBzjs.exe
212	fTflPVx.exe
4812	MPjzoKg.exe
4996	dkFgMZQ.exe
3596	AanRHzu.exe
3772	lOOddJq.exe
4472	XcqhVdf.exe
4844	TzDvUXd.exe
2100	WwOGIOk.exe
2924	yJwUabS.exe
3916	TzkxGvV.exe
4900	DoLBtxR.exe
1712	odurkUa.exe
2324	zaUylFc.exe
4520	xzaFwNN.exe
3304	lWhFmab.exe
4092	jLcGRsQ.exe
2528	tJaSEdc.exe
4000	uLdNhrt.exe
4912	AIsLZgo.exe
3476	PPpBOqI.exe
2272	MSqqjVW.exe
4704	GXtxyiF.exe
1548	VhacftX.exe
4596	GPVmXLi.exe
2476	zcYWnMa.exe
696	ORgJHZS.exe
452	zXmtMXv.exe
2668	rjFhNHW.exe
1700	pqICSPv.exe
976	UpQotGO.exe
5072	JQEYalK.exe
3672	IqgDiRy.exe
3232	uvOqbiX.exe
4024	juoTifG.exe
1352	LLPoiyF.exe
5012	TvRItXl.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1404-0-0x00007FF6B1E00000-0x00007FF6B2154000-memory.dmp	upx
behavioral2/files/0x000b000000023b8e-5.dat	upx
behavioral2/memory/4928-11-0x00007FF6513A0000-0x00007FF6516F4000-memory.dmp	upx
behavioral2/files/0x000a000000023b93-17.dat	upx
behavioral2/files/0x000a000000023b92-12.dat	upx
behavioral2/memory/2700-19-0x00007FF63E110000-0x00007FF63E464000-memory.dmp	upx
behavioral2/memory/2032-20-0x00007FF78E050000-0x00007FF78E3A4000-memory.dmp	upx
behavioral2/files/0x000a000000023b94-24.dat	upx
behavioral2/files/0x000b000000023b8f-29.dat	upx
behavioral2/memory/4660-31-0x00007FF68A200000-0x00007FF68A554000-memory.dmp	upx
behavioral2/files/0x000a000000023b95-36.dat	upx
behavioral2/memory/5024-34-0x00007FF7A5880000-0x00007FF7A5BD4000-memory.dmp	upx
behavioral2/memory/3788-38-0x00007FF7E63A0000-0x00007FF7E66F4000-memory.dmp	upx
behavioral2/files/0x000a000000023b96-40.dat	upx
behavioral2/files/0x000a000000023b97-47.dat	upx
behavioral2/files/0x000a000000023b98-50.dat	upx
behavioral2/files/0x000a000000023b99-60.dat	upx
behavioral2/files/0x000a000000023b9b-65.dat	upx
behavioral2/files/0x000a000000023b9e-79.dat	upx
behavioral2/memory/3296-81-0x00007FF611370000-0x00007FF6116C4000-memory.dmp	upx
behavioral2/memory/4004-84-0x00007FF7922D0000-0x00007FF792624000-memory.dmp	upx
behavioral2/memory/2700-88-0x00007FF63E110000-0x00007FF63E464000-memory.dmp	upx
behavioral2/memory/2036-89-0x00007FF658090000-0x00007FF6583E4000-memory.dmp	upx
behavioral2/memory/1980-87-0x00007FF6FB070000-0x00007FF6FB3C4000-memory.dmp	upx
behavioral2/memory/4976-86-0x00007FF7FEA60000-0x00007FF7FEDB4000-memory.dmp	upx
behavioral2/memory/2864-82-0x00007FF7A2050000-0x00007FF7A23A4000-memory.dmp	upx
behavioral2/memory/4928-78-0x00007FF6513A0000-0x00007FF6516F4000-memory.dmp	upx
behavioral2/files/0x000a000000023b9d-75.dat	upx
behavioral2/files/0x000a000000023b9c-70.dat	upx
behavioral2/memory/1404-52-0x00007FF6B1E00000-0x00007FF6B2154000-memory.dmp	upx
behavioral2/memory/448-51-0x00007FF6C6FF0000-0x00007FF6C7344000-memory.dmp	upx
behavioral2/memory/1244-44-0x00007FF738110000-0x00007FF738464000-memory.dmp	upx
behavioral2/files/0x000a000000023b9f-94.dat	upx
behavioral2/files/0x000a000000023ba0-95.dat	upx
behavioral2/memory/3136-101-0x00007FF6E9B10000-0x00007FF6E9E64000-memory.dmp	upx
behavioral2/files/0x000a000000023ba1-100.dat	upx
behavioral2/files/0x000a000000023ba2-105.dat	upx
behavioral2/files/0x000a000000023ba3-114.dat	upx
behavioral2/memory/4368-108-0x00007FF78AE70000-0x00007FF78B1C4000-memory.dmp	upx
behavioral2/memory/4552-117-0x00007FF6C1600000-0x00007FF6C1954000-memory.dmp	upx
behavioral2/files/0x0031000000023ba4-120.dat	upx
behavioral2/memory/2380-121-0x00007FF6E3D50000-0x00007FF6E40A4000-memory.dmp	upx
behavioral2/files/0x000a000000023ba5-124.dat	upx
behavioral2/files/0x0058000000023ba6-127.dat	upx
behavioral2/memory/4408-134-0x00007FF7B37A0000-0x00007FF7B3AF4000-memory.dmp	upx
behavioral2/files/0x000a000000023ba7-138.dat	upx
behavioral2/files/0x000a000000023ba8-146.dat	upx
behavioral2/memory/448-148-0x00007FF6C6FF0000-0x00007FF6C7344000-memory.dmp	upx
behavioral2/memory/2560-149-0x00007FF63AC40000-0x00007FF63AF94000-memory.dmp	upx
behavioral2/memory/1244-147-0x00007FF738110000-0x00007FF738464000-memory.dmp	upx
behavioral2/memory/3888-143-0x00007FF6E3570000-0x00007FF6E38C4000-memory.dmp	upx
behavioral2/memory/1320-135-0x00007FF69EFD0000-0x00007FF69F324000-memory.dmp	upx
behavioral2/memory/3452-132-0x00007FF69AF10000-0x00007FF69B264000-memory.dmp	upx
behavioral2/memory/4076-125-0x00007FF600000000-0x00007FF600354000-memory.dmp	upx
behavioral2/files/0x000a000000023ba9-154.dat	upx
behavioral2/files/0x000a000000023baa-162.dat	upx
behavioral2/files/0x000a000000023bab-163.dat	upx
behavioral2/files/0x000a000000023bac-172.dat	upx
behavioral2/memory/1876-173-0x00007FF6623C0000-0x00007FF662714000-memory.dmp	upx
behavioral2/memory/4368-170-0x00007FF78AE70000-0x00007FF78B1C4000-memory.dmp	upx
behavioral2/memory/1020-167-0x00007FF666900000-0x00007FF666C54000-memory.dmp	upx
behavioral2/memory/1904-166-0x00007FF6EA9A0000-0x00007FF6EACF4000-memory.dmp	upx
behavioral2/memory/352-159-0x00007FF7DC510000-0x00007FF7DC864000-memory.dmp	upx
behavioral2/files/0x000a000000023bad-179.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\oySwBok.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qAXoGRb.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UhqLHFJ.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WpnZZVQ.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZLOYcgc.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zlnhNGT.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pzYPrLT.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZsQfVxS.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIGPCqP.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fnMAPnF.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vaAsBnn.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtIvrEZ.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oiigHZu.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NKmXrzW.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPDcpVG.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqgDiRy.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPJvuyH.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CIuKdOs.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jQgSVdh.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FvfKISU.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfzTivY.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wVerIBh.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXEFJiH.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UpQotGO.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qRpZfSY.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HhLCtQi.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lftNYUp.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrCSRkk.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBTpmkG.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZAegdif.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfTvwIS.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvnxWdj.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CQAWFGY.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNqDvLq.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rATClAT.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ApyCHag.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqiBzjs.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bEcitJH.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oWCtZil.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GliYTkZ.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lKMMVJF.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HRSiejU.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZwvXCvV.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sXJvqov.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\USJmAyW.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAFJXvV.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtOCmlo.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGMHFHz.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KTZRlbL.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VihniVS.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBfdupi.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XePwgOy.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XajXfBJ.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GGfmtxl.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgcongj.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUirUCY.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMTXwAQ.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLhtriW.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shMrltm.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFUZizq.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awBOuyb.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKbhJSl.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TgKWthU.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hZwmYbU.exe	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 4928	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1404 wrote to memory of 4928	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1404 wrote to memory of 2700	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1404 wrote to memory of 2700	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1404 wrote to memory of 2032	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1404 wrote to memory of 2032	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1404 wrote to memory of 4660	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1404 wrote to memory of 4660	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1404 wrote to memory of 5024	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1404 wrote to memory of 5024	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1404 wrote to memory of 3788	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1404 wrote to memory of 3788	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1404 wrote to memory of 1244	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1404 wrote to memory of 1244	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1404 wrote to memory of 448	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1404 wrote to memory of 448	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1404 wrote to memory of 3296	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1404 wrote to memory of 3296	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1404 wrote to memory of 1980	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1404 wrote to memory of 1980	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1404 wrote to memory of 2864	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1404 wrote to memory of 2864	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1404 wrote to memory of 4004	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1404 wrote to memory of 4004	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1404 wrote to memory of 4976	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1404 wrote to memory of 4976	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1404 wrote to memory of 2036	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1404 wrote to memory of 2036	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1404 wrote to memory of 3136	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1404 wrote to memory of 3136	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1404 wrote to memory of 4368	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1404 wrote to memory of 4368	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1404 wrote to memory of 4552	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1404 wrote to memory of 4552	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1404 wrote to memory of 2380	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1404 wrote to memory of 2380	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1404 wrote to memory of 4076	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1404 wrote to memory of 4076	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1404 wrote to memory of 3452	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1404 wrote to memory of 3452	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1404 wrote to memory of 4408	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1404 wrote to memory of 4408	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1404 wrote to memory of 1320	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1404 wrote to memory of 1320	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1404 wrote to memory of 3888	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1404 wrote to memory of 3888	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1404 wrote to memory of 2560	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1404 wrote to memory of 2560	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1404 wrote to memory of 352	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1404 wrote to memory of 352	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1404 wrote to memory of 1904	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1404 wrote to memory of 1904	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1404 wrote to memory of 1020	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1404 wrote to memory of 1020	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1404 wrote to memory of 1876	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1404 wrote to memory of 1876	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1404 wrote to memory of 212	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1404 wrote to memory of 212	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1404 wrote to memory of 4812	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1404 wrote to memory of 4812	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1404 wrote to memory of 3596	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1404 wrote to memory of 3596	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1404 wrote to memory of 4996	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 1404 wrote to memory of 4996	1404	2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe	117

C:\Users\Admin\AppData\Local\Temp\2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_ce5ee7fd2a185ae5f8817528976b8e3b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\System\UeBphtg.exe
  C:\Windows\System\UeBphtg.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\dWKkuFu.exe
  C:\Windows\System\dWKkuFu.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\AAVDqUP.exe
  C:\Windows\System\AAVDqUP.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\GiBsOZH.exe
  C:\Windows\System\GiBsOZH.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\ljqhfek.exe
  C:\Windows\System\ljqhfek.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\WtllcLw.exe
  C:\Windows\System\WtllcLw.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\Tqjjkwi.exe
  C:\Windows\System\Tqjjkwi.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\BhuHjgP.exe
  C:\Windows\System\BhuHjgP.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\tFGLlVh.exe
  C:\Windows\System\tFGLlVh.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\TKIATVw.exe
  C:\Windows\System\TKIATVw.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\chKRJIB.exe
  C:\Windows\System\chKRJIB.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\YpOfmdD.exe
  C:\Windows\System\YpOfmdD.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\pKrZxKC.exe
  C:\Windows\System\pKrZxKC.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\ikbpcYJ.exe
  C:\Windows\System\ikbpcYJ.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\CHIQJFB.exe
  C:\Windows\System\CHIQJFB.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\eALkYWO.exe
  C:\Windows\System\eALkYWO.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\iOlqIFf.exe
  C:\Windows\System\iOlqIFf.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\dphsBkr.exe
  C:\Windows\System\dphsBkr.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\dwXgPGD.exe
  C:\Windows\System\dwXgPGD.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\UYgqkco.exe
  C:\Windows\System\UYgqkco.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\pIwQRhC.exe
  C:\Windows\System\pIwQRhC.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\trVhwIi.exe
  C:\Windows\System\trVhwIi.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\kkvnBYt.exe
  C:\Windows\System\kkvnBYt.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\tiVKdsn.exe
  C:\Windows\System\tiVKdsn.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\eDNovUL.exe
  C:\Windows\System\eDNovUL.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\yIphStR.exe
  C:\Windows\System\yIphStR.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\oLcyPms.exe
  C:\Windows\System\oLcyPms.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\IqiBzjs.exe
  C:\Windows\System\IqiBzjs.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\fTflPVx.exe
  C:\Windows\System\fTflPVx.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\MPjzoKg.exe
  C:\Windows\System\MPjzoKg.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\AanRHzu.exe
  C:\Windows\System\AanRHzu.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\dkFgMZQ.exe
  C:\Windows\System\dkFgMZQ.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\lOOddJq.exe
  C:\Windows\System\lOOddJq.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\XcqhVdf.exe
  C:\Windows\System\XcqhVdf.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\TzDvUXd.exe
  C:\Windows\System\TzDvUXd.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\WwOGIOk.exe
  C:\Windows\System\WwOGIOk.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\yJwUabS.exe
  C:\Windows\System\yJwUabS.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\TzkxGvV.exe
  C:\Windows\System\TzkxGvV.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\DoLBtxR.exe
  C:\Windows\System\DoLBtxR.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\odurkUa.exe
  C:\Windows\System\odurkUa.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\zaUylFc.exe
  C:\Windows\System\zaUylFc.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\xzaFwNN.exe
  C:\Windows\System\xzaFwNN.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\lWhFmab.exe
  C:\Windows\System\lWhFmab.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\jLcGRsQ.exe
  C:\Windows\System\jLcGRsQ.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\tJaSEdc.exe
  C:\Windows\System\tJaSEdc.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\uLdNhrt.exe
  C:\Windows\System\uLdNhrt.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\AIsLZgo.exe
  C:\Windows\System\AIsLZgo.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\PPpBOqI.exe
  C:\Windows\System\PPpBOqI.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\MSqqjVW.exe
  C:\Windows\System\MSqqjVW.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\GXtxyiF.exe
  C:\Windows\System\GXtxyiF.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\VhacftX.exe
  C:\Windows\System\VhacftX.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\GPVmXLi.exe
  C:\Windows\System\GPVmXLi.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\zcYWnMa.exe
  C:\Windows\System\zcYWnMa.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\ORgJHZS.exe
  C:\Windows\System\ORgJHZS.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\zXmtMXv.exe
  C:\Windows\System\zXmtMXv.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\rjFhNHW.exe
  C:\Windows\System\rjFhNHW.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\pqICSPv.exe
  C:\Windows\System\pqICSPv.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\UpQotGO.exe
  C:\Windows\System\UpQotGO.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\JQEYalK.exe
  C:\Windows\System\JQEYalK.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\IqgDiRy.exe
  C:\Windows\System\IqgDiRy.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\uvOqbiX.exe
  C:\Windows\System\uvOqbiX.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\juoTifG.exe
  C:\Windows\System\juoTifG.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\LLPoiyF.exe
  C:\Windows\System\LLPoiyF.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\TvRItXl.exe
  C:\Windows\System\TvRItXl.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\aXpKAIJ.exe
  C:\Windows\System\aXpKAIJ.exe
  2⤵
  PID:2720
- C:\Windows\System\lFUZizq.exe
  C:\Windows\System\lFUZizq.exe
  2⤵
  PID:764
- C:\Windows\System\XVPrqYx.exe
  C:\Windows\System\XVPrqYx.exe
  2⤵
  PID:2040
- C:\Windows\System\RzfaSSh.exe
  C:\Windows\System\RzfaSSh.exe
  2⤵
  PID:2628
- C:\Windows\System\eSaBpph.exe
  C:\Windows\System\eSaBpph.exe
  2⤵
  PID:1328
- C:\Windows\System\DGMHFHz.exe
  C:\Windows\System\DGMHFHz.exe
  2⤵
  PID:3168
- C:\Windows\System\ZurytZy.exe
  C:\Windows\System\ZurytZy.exe
  2⤵
  PID:1028
- C:\Windows\System\oySwBok.exe
  C:\Windows\System\oySwBok.exe
  2⤵
  PID:2916
- C:\Windows\System\tVNxKsC.exe
  C:\Windows\System\tVNxKsC.exe
  2⤵
  PID:556
- C:\Windows\System\FRmSvMY.exe
  C:\Windows\System\FRmSvMY.exe
  2⤵
  PID:1692
- C:\Windows\System\pupkmBt.exe
  C:\Windows\System\pupkmBt.exe
  2⤵
  PID:3276
- C:\Windows\System\wQdygKi.exe
  C:\Windows\System\wQdygKi.exe
  2⤵
  PID:1300
- C:\Windows\System\cInITNQ.exe
  C:\Windows\System\cInITNQ.exe
  2⤵
  PID:1868
- C:\Windows\System\lPJvuyH.exe
  C:\Windows\System\lPJvuyH.exe
  2⤵
  PID:1512
- C:\Windows\System\EwLOKwS.exe
  C:\Windows\System\EwLOKwS.exe
  2⤵
  PID:1592
- C:\Windows\System\tayCNdy.exe
  C:\Windows\System\tayCNdy.exe
  2⤵
  PID:2332
- C:\Windows\System\YBPeoAb.exe
  C:\Windows\System\YBPeoAb.exe
  2⤵
  PID:3988
- C:\Windows\System\iMRTnZS.exe
  C:\Windows\System\iMRTnZS.exe
  2⤵
  PID:2280
- C:\Windows\System\HUVOuvm.exe
  C:\Windows\System\HUVOuvm.exe
  2⤵
  PID:612
- C:\Windows\System\apBhfjv.exe
  C:\Windows\System\apBhfjv.exe
  2⤵
  PID:532
- C:\Windows\System\nLZETXx.exe
  C:\Windows\System\nLZETXx.exe
  2⤵
  PID:1136
- C:\Windows\System\miahPoS.exe
  C:\Windows\System\miahPoS.exe
  2⤵
  PID:3316
- C:\Windows\System\TUySESM.exe
  C:\Windows\System\TUySESM.exe
  2⤵
  PID:2340
- C:\Windows\System\VjLkRDP.exe
  C:\Windows\System\VjLkRDP.exe
  2⤵
  PID:768
- C:\Windows\System\YKrRRNQ.exe
  C:\Windows\System\YKrRRNQ.exe
  2⤵
  PID:2636
- C:\Windows\System\NsKdpIN.exe
  C:\Windows\System\NsKdpIN.exe
  2⤵
  PID:540
- C:\Windows\System\DyufvnD.exe
  C:\Windows\System\DyufvnD.exe
  2⤵
  PID:1396
- C:\Windows\System\BAcnXJe.exe
  C:\Windows\System\BAcnXJe.exe
  2⤵
  PID:4984
- C:\Windows\System\UFCpeXW.exe
  C:\Windows\System\UFCpeXW.exe
  2⤵
  PID:2464
- C:\Windows\System\ptAngrc.exe
  C:\Windows\System\ptAngrc.exe
  2⤵
  PID:1820
- C:\Windows\System\vpflpqK.exe
  C:\Windows\System\vpflpqK.exe
  2⤵
  PID:3248
- C:\Windows\System\siqiOmL.exe
  C:\Windows\System\siqiOmL.exe
  2⤵
  PID:3288
- C:\Windows\System\uhABcnS.exe
  C:\Windows\System\uhABcnS.exe
  2⤵
  PID:3008
- C:\Windows\System\IVnyzPr.exe
  C:\Windows\System\IVnyzPr.exe
  2⤵
  PID:5136
- C:\Windows\System\aAkeJLz.exe
  C:\Windows\System\aAkeJLz.exe
  2⤵
  PID:5156
- C:\Windows\System\ooJSgao.exe
  C:\Windows\System\ooJSgao.exe
  2⤵
  PID:5196
- C:\Windows\System\CWJivUV.exe
  C:\Windows\System\CWJivUV.exe
  2⤵
  PID:5228
- C:\Windows\System\DitxACG.exe
  C:\Windows\System\DitxACG.exe
  2⤵
  PID:5252
- C:\Windows\System\lVrAEPm.exe
  C:\Windows\System\lVrAEPm.exe
  2⤵
  PID:5280
- C:\Windows\System\StYzcRq.exe
  C:\Windows\System\StYzcRq.exe
  2⤵
  PID:5312
- C:\Windows\System\wWgdUVy.exe
  C:\Windows\System\wWgdUVy.exe
  2⤵
  PID:5340
- C:\Windows\System\pfUoAmD.exe
  C:\Windows\System\pfUoAmD.exe
  2⤵
  PID:5396
- C:\Windows\System\BUhGKmQ.exe
  C:\Windows\System\BUhGKmQ.exe
  2⤵
  PID:5440
- C:\Windows\System\wSKtaqI.exe
  C:\Windows\System\wSKtaqI.exe
  2⤵
  PID:5484
- C:\Windows\System\cmuJXct.exe
  C:\Windows\System\cmuJXct.exe
  2⤵
  PID:5568
- C:\Windows\System\mNLHpjn.exe
  C:\Windows\System\mNLHpjn.exe
  2⤵
  PID:5596
- C:\Windows\System\eQIANaE.exe
  C:\Windows\System\eQIANaE.exe
  2⤵
  PID:5616
- C:\Windows\System\UyRlXrf.exe
  C:\Windows\System\UyRlXrf.exe
  2⤵
  PID:5652
- C:\Windows\System\VrGAjIA.exe
  C:\Windows\System\VrGAjIA.exe
  2⤵
  PID:5736
- C:\Windows\System\gldHOrD.exe
  C:\Windows\System\gldHOrD.exe
  2⤵
  PID:5764
- C:\Windows\System\fwfWcGh.exe
  C:\Windows\System\fwfWcGh.exe
  2⤵
  PID:5780
- C:\Windows\System\LaNvaub.exe
  C:\Windows\System\LaNvaub.exe
  2⤵
  PID:5808
- C:\Windows\System\QYuElsu.exe
  C:\Windows\System\QYuElsu.exe
  2⤵
  PID:5840
- C:\Windows\System\jCvnhIC.exe
  C:\Windows\System\jCvnhIC.exe
  2⤵
  PID:5872
- C:\Windows\System\vrxoxOD.exe
  C:\Windows\System\vrxoxOD.exe
  2⤵
  PID:5940
- C:\Windows\System\HDCLSWe.exe
  C:\Windows\System\HDCLSWe.exe
  2⤵
  PID:5992
- C:\Windows\System\ldCAHdR.exe
  C:\Windows\System\ldCAHdR.exe
  2⤵
  PID:6016
- C:\Windows\System\yqWdczI.exe
  C:\Windows\System\yqWdczI.exe
  2⤵
  PID:6044
- C:\Windows\System\XgnjpUc.exe
  C:\Windows\System\XgnjpUc.exe
  2⤵
  PID:6068
- C:\Windows\System\nBmlNNG.exe
  C:\Windows\System\nBmlNNG.exe
  2⤵
  PID:6096
- C:\Windows\System\PdEuocw.exe
  C:\Windows\System\PdEuocw.exe
  2⤵
  PID:6128
- C:\Windows\System\VjRQRBX.exe
  C:\Windows\System\VjRQRBX.exe
  2⤵
  PID:5164
- C:\Windows\System\atBDUBo.exe
  C:\Windows\System\atBDUBo.exe
  2⤵
  PID:5240
- C:\Windows\System\wmDcnGt.exe
  C:\Windows\System\wmDcnGt.exe
  2⤵
  PID:5304
- C:\Windows\System\JgoZsVN.exe
  C:\Windows\System\JgoZsVN.exe
  2⤵
  PID:5420
- C:\Windows\System\GlsydRK.exe
  C:\Windows\System\GlsydRK.exe
  2⤵
  PID:5552
- C:\Windows\System\qBquJEO.exe
  C:\Windows\System\qBquJEO.exe
  2⤵
  PID:5644
- C:\Windows\System\PttFSRt.exe
  C:\Windows\System\PttFSRt.exe
  2⤵
  PID:5684
- C:\Windows\System\xsQBFMu.exe
  C:\Windows\System\xsQBFMu.exe
  2⤵
  PID:3472
- C:\Windows\System\nLPljRj.exe
  C:\Windows\System\nLPljRj.exe
  2⤵
  PID:5172
- C:\Windows\System\lTfrvED.exe
  C:\Windows\System\lTfrvED.exe
  2⤵
  PID:5924
- C:\Windows\System\TJXMqlc.exe
  C:\Windows\System\TJXMqlc.exe
  2⤵
  PID:1880
- C:\Windows\System\sFogfhB.exe
  C:\Windows\System\sFogfhB.exe
  2⤵
  PID:5116
- C:\Windows\System\nRtnKnw.exe
  C:\Windows\System\nRtnKnw.exe
  2⤵
  PID:5708
- C:\Windows\System\HRSiejU.exe
  C:\Windows\System\HRSiejU.exe
  2⤵
  PID:5724
- C:\Windows\System\fkAhHlT.exe
  C:\Windows\System\fkAhHlT.exe
  2⤵
  PID:6052
- C:\Windows\System\tUmuXMl.exe
  C:\Windows\System\tUmuXMl.exe
  2⤵
  PID:6056
- C:\Windows\System\zqfhwjG.exe
  C:\Windows\System\zqfhwjG.exe
  2⤵
  PID:5264
- C:\Windows\System\ROspPtF.exe
  C:\Windows\System\ROspPtF.exe
  2⤵
  PID:5476
- C:\Windows\System\wLKUScW.exe
  C:\Windows\System\wLKUScW.exe
  2⤵
  PID:1596
- C:\Windows\System\UgAyRaZ.exe
  C:\Windows\System\UgAyRaZ.exe
  2⤵
  PID:5828
- C:\Windows\System\YZvcoOF.exe
  C:\Windows\System\YZvcoOF.exe
  2⤵
  PID:3776
- C:\Windows\System\VCRgVtw.exe
  C:\Windows\System\VCRgVtw.exe
  2⤵
  PID:5972
- C:\Windows\System\GXjgKJb.exe
  C:\Windows\System\GXjgKJb.exe
  2⤵
  PID:6076
- C:\Windows\System\VENgpEb.exe
  C:\Windows\System\VENgpEb.exe
  2⤵
  PID:5216
- C:\Windows\System\mhPeCCp.exe
  C:\Windows\System\mhPeCCp.exe
  2⤵
  PID:4824
- C:\Windows\System\owVRgjJ.exe
  C:\Windows\System\owVRgjJ.exe
  2⤵
  PID:5988
- C:\Windows\System\hXWtIHO.exe
  C:\Windows\System\hXWtIHO.exe
  2⤵
  PID:5364
- C:\Windows\System\gtZclHe.exe
  C:\Windows\System\gtZclHe.exe
  2⤵
  PID:6008
- C:\Windows\System\uGtDiHk.exe
  C:\Windows\System\uGtDiHk.exe
  2⤵
  PID:6156
- C:\Windows\System\vfzTRAq.exe
  C:\Windows\System\vfzTRAq.exe
  2⤵
  PID:6212
- C:\Windows\System\eXiZUpb.exe
  C:\Windows\System\eXiZUpb.exe
  2⤵
  PID:6240
- C:\Windows\System\hCyMJFK.exe
  C:\Windows\System\hCyMJFK.exe
  2⤵
  PID:6264
- C:\Windows\System\AilBYFz.exe
  C:\Windows\System\AilBYFz.exe
  2⤵
  PID:6292
- C:\Windows\System\MFDOjYk.exe
  C:\Windows\System\MFDOjYk.exe
  2⤵
  PID:6324
- C:\Windows\System\UBUIHPt.exe
  C:\Windows\System\UBUIHPt.exe
  2⤵
  PID:6356
- C:\Windows\System\NctGQHQ.exe
  C:\Windows\System\NctGQHQ.exe
  2⤵
  PID:6392
- C:\Windows\System\dxOGQBW.exe
  C:\Windows\System\dxOGQBW.exe
  2⤵
  PID:6424
- C:\Windows\System\BmSZBvc.exe
  C:\Windows\System\BmSZBvc.exe
  2⤵
  PID:6448
- C:\Windows\System\mntUMMf.exe
  C:\Windows\System\mntUMMf.exe
  2⤵
  PID:6496
- C:\Windows\System\eEIPTBz.exe
  C:\Windows\System\eEIPTBz.exe
  2⤵
  PID:6516
- C:\Windows\System\iVanynJ.exe
  C:\Windows\System\iVanynJ.exe
  2⤵
  PID:6544
- C:\Windows\System\yqTlojQ.exe
  C:\Windows\System\yqTlojQ.exe
  2⤵
  PID:6584
- C:\Windows\System\lOgPbxj.exe
  C:\Windows\System\lOgPbxj.exe
  2⤵
  PID:6600
- C:\Windows\System\cOjlfXe.exe
  C:\Windows\System\cOjlfXe.exe
  2⤵
  PID:6648
- C:\Windows\System\mhtPOMw.exe
  C:\Windows\System\mhtPOMw.exe
  2⤵
  PID:6676
- C:\Windows\System\pUzZBJZ.exe
  C:\Windows\System\pUzZBJZ.exe
  2⤵
  PID:6704
- C:\Windows\System\kStNLqu.exe
  C:\Windows\System\kStNLqu.exe
  2⤵
  PID:6732
- C:\Windows\System\FdbOELr.exe
  C:\Windows\System\FdbOELr.exe
  2⤵
  PID:6760
- C:\Windows\System\lIwKlUb.exe
  C:\Windows\System\lIwKlUb.exe
  2⤵
  PID:6792
- C:\Windows\System\GTQNzue.exe
  C:\Windows\System\GTQNzue.exe
  2⤵
  PID:6820
- C:\Windows\System\qQiQKld.exe
  C:\Windows\System\qQiQKld.exe
  2⤵
  PID:6848
- C:\Windows\System\lxRvJpF.exe
  C:\Windows\System\lxRvJpF.exe
  2⤵
  PID:6876
- C:\Windows\System\DKJQsEW.exe
  C:\Windows\System\DKJQsEW.exe
  2⤵
  PID:6904
- C:\Windows\System\JdGrcEb.exe
  C:\Windows\System\JdGrcEb.exe
  2⤵
  PID:6936
- C:\Windows\System\PeoFFGW.exe
  C:\Windows\System\PeoFFGW.exe
  2⤵
  PID:6960
- C:\Windows\System\cquomzb.exe
  C:\Windows\System\cquomzb.exe
  2⤵
  PID:6992
- C:\Windows\System\DDdnxyb.exe
  C:\Windows\System\DDdnxyb.exe
  2⤵
  PID:7024
- C:\Windows\System\CHgQEot.exe
  C:\Windows\System\CHgQEot.exe
  2⤵
  PID:7052
- C:\Windows\System\rCoDqVN.exe
  C:\Windows\System\rCoDqVN.exe
  2⤵
  PID:7080
- C:\Windows\System\PMQXNAE.exe
  C:\Windows\System\PMQXNAE.exe
  2⤵
  PID:7112
- C:\Windows\System\hBdVgpy.exe
  C:\Windows\System\hBdVgpy.exe
  2⤵
  PID:7140
- C:\Windows\System\NuoIbTE.exe
  C:\Windows\System\NuoIbTE.exe
  2⤵
  PID:6148
- C:\Windows\System\lYXQQKn.exe
  C:\Windows\System\lYXQQKn.exe
  2⤵
  PID:6224
- C:\Windows\System\dtEIsCQ.exe
  C:\Windows\System\dtEIsCQ.exe
  2⤵
  PID:2008
- C:\Windows\System\mRZCzAj.exe
  C:\Windows\System\mRZCzAj.exe
  2⤵
  PID:6284
- C:\Windows\System\bCaXqeF.exe
  C:\Windows\System\bCaXqeF.exe
  2⤵
  PID:3312
- C:\Windows\System\jHdrrdJ.exe
  C:\Windows\System\jHdrrdJ.exe
  2⤵
  PID:6252
- C:\Windows\System\IBDANIN.exe
  C:\Windows\System\IBDANIN.exe
  2⤵
  PID:6444
- C:\Windows\System\csJaLXx.exe
  C:\Windows\System\csJaLXx.exe
  2⤵
  PID:6508
- C:\Windows\System\lbPzilX.exe
  C:\Windows\System\lbPzilX.exe
  2⤵
  PID:6580
- C:\Windows\System\siCRDTC.exe
  C:\Windows\System\siCRDTC.exe
  2⤵
  PID:5032
- C:\Windows\System\LfTvwIS.exe
  C:\Windows\System\LfTvwIS.exe
  2⤵
  PID:3284
- C:\Windows\System\hQWByJo.exe
  C:\Windows\System\hQWByJo.exe
  2⤵
  PID:6624
- C:\Windows\System\jErwxBi.exe
  C:\Windows\System\jErwxBi.exe
  2⤵
  PID:6668
- C:\Windows\System\yWVUWJp.exe
  C:\Windows\System\yWVUWJp.exe
  2⤵
  PID:6740
- C:\Windows\System\ZxjAlpW.exe
  C:\Windows\System\ZxjAlpW.exe
  2⤵
  PID:6816
- C:\Windows\System\qEWHbfz.exe
  C:\Windows\System\qEWHbfz.exe
  2⤵
  PID:6868
- C:\Windows\System\VCsnoED.exe
  C:\Windows\System\VCsnoED.exe
  2⤵
  PID:6932
- C:\Windows\System\QciOmdW.exe
  C:\Windows\System\QciOmdW.exe
  2⤵
  PID:7004
- C:\Windows\System\BShfyrK.exe
  C:\Windows\System\BShfyrK.exe
  2⤵
  PID:7068
- C:\Windows\System\nwAFHai.exe
  C:\Windows\System\nwAFHai.exe
  2⤵
  PID:7128
- C:\Windows\System\dEqxpcG.exe
  C:\Windows\System\dEqxpcG.exe
  2⤵
  PID:6248
- C:\Windows\System\FBNVMMC.exe
  C:\Windows\System\FBNVMMC.exe
  2⤵
  PID:6312
- C:\Windows\System\AsVcHZE.exe
  C:\Windows\System\AsVcHZE.exe
  2⤵
  PID:6460
- C:\Windows\System\bUHBbjb.exe
  C:\Windows\System\bUHBbjb.exe
  2⤵
  PID:2824
- C:\Windows\System\TOmsGyy.exe
  C:\Windows\System\TOmsGyy.exe
  2⤵
  PID:5092
- C:\Windows\System\usoFOFd.exe
  C:\Windows\System\usoFOFd.exe
  2⤵
  PID:6728
- C:\Windows\System\oAFSkhd.exe
  C:\Windows\System\oAFSkhd.exe
  2⤵
  PID:6892
- C:\Windows\System\ZwvXCvV.exe
  C:\Windows\System\ZwvXCvV.exe
  2⤵
  PID:7060
- C:\Windows\System\xgIqENb.exe
  C:\Windows\System\xgIqENb.exe
  2⤵
  PID:6196
- C:\Windows\System\qMXVJuB.exe
  C:\Windows\System\qMXVJuB.exe
  2⤵
  PID:6524
- C:\Windows\System\fgrjkse.exe
  C:\Windows\System\fgrjkse.exe
  2⤵
  PID:6664
- C:\Windows\System\vKmdmbU.exe
  C:\Windows\System\vKmdmbU.exe
  2⤵
  PID:7036
- C:\Windows\System\wesqGat.exe
  C:\Windows\System\wesqGat.exe
  2⤵
  PID:6536
- C:\Windows\System\BiTpagd.exe
  C:\Windows\System\BiTpagd.exe
  2⤵
  PID:6884
- C:\Windows\System\vpQilge.exe
  C:\Windows\System\vpQilge.exe
  2⤵
  PID:6504
- C:\Windows\System\OkNodiv.exe
  C:\Windows\System\OkNodiv.exe
  2⤵
  PID:7196
- C:\Windows\System\hlGleDb.exe
  C:\Windows\System\hlGleDb.exe
  2⤵
  PID:7232
- C:\Windows\System\QvnxWdj.exe
  C:\Windows\System\QvnxWdj.exe
  2⤵
  PID:7256
- C:\Windows\System\fkGcFls.exe
  C:\Windows\System\fkGcFls.exe
  2⤵
  PID:7284
- C:\Windows\System\frSSnzZ.exe
  C:\Windows\System\frSSnzZ.exe
  2⤵
  PID:7312
- C:\Windows\System\VjlCwUl.exe
  C:\Windows\System\VjlCwUl.exe
  2⤵
  PID:7340
- C:\Windows\System\evIDxFj.exe
  C:\Windows\System\evIDxFj.exe
  2⤵
  PID:7368
- C:\Windows\System\shgzRzx.exe
  C:\Windows\System\shgzRzx.exe
  2⤵
  PID:7396
- C:\Windows\System\oYiRxWF.exe
  C:\Windows\System\oYiRxWF.exe
  2⤵
  PID:7428
- C:\Windows\System\qrfLxuY.exe
  C:\Windows\System\qrfLxuY.exe
  2⤵
  PID:7456
- C:\Windows\System\VSiSIWi.exe
  C:\Windows\System\VSiSIWi.exe
  2⤵
  PID:7484
- C:\Windows\System\rKldLjQ.exe
  C:\Windows\System\rKldLjQ.exe
  2⤵
  PID:7512
- C:\Windows\System\jQLYfhR.exe
  C:\Windows\System\jQLYfhR.exe
  2⤵
  PID:7540
- C:\Windows\System\JnOUzkJ.exe
  C:\Windows\System\JnOUzkJ.exe
  2⤵
  PID:7568
- C:\Windows\System\HCHbRga.exe
  C:\Windows\System\HCHbRga.exe
  2⤵
  PID:7596
- C:\Windows\System\ivdTtWX.exe
  C:\Windows\System\ivdTtWX.exe
  2⤵
  PID:7624
- C:\Windows\System\SzROKcU.exe
  C:\Windows\System\SzROKcU.exe
  2⤵
  PID:7648
- C:\Windows\System\VnzMRMC.exe
  C:\Windows\System\VnzMRMC.exe
  2⤵
  PID:7668
- C:\Windows\System\ZnpvgCy.exe
  C:\Windows\System\ZnpvgCy.exe
  2⤵
  PID:7696
- C:\Windows\System\wugEfYP.exe
  C:\Windows\System\wugEfYP.exe
  2⤵
  PID:7724
- C:\Windows\System\qsYgxFn.exe
  C:\Windows\System\qsYgxFn.exe
  2⤵
  PID:7752
- C:\Windows\System\ANqbSxJ.exe
  C:\Windows\System\ANqbSxJ.exe
  2⤵
  PID:7780
- C:\Windows\System\KNzQRNr.exe
  C:\Windows\System\KNzQRNr.exe
  2⤵
  PID:7808
- C:\Windows\System\qarkhzj.exe
  C:\Windows\System\qarkhzj.exe
  2⤵
  PID:7844
- C:\Windows\System\ZsQfVxS.exe
  C:\Windows\System\ZsQfVxS.exe
  2⤵
  PID:7868
- C:\Windows\System\wrupykA.exe
  C:\Windows\System\wrupykA.exe
  2⤵
  PID:7904
- C:\Windows\System\sywrVFE.exe
  C:\Windows\System\sywrVFE.exe
  2⤵
  PID:7924
- C:\Windows\System\vDdPvCR.exe
  C:\Windows\System\vDdPvCR.exe
  2⤵
  PID:7952
- C:\Windows\System\cuPQoSv.exe
  C:\Windows\System\cuPQoSv.exe
  2⤵
  PID:7984
- C:\Windows\System\IaLFDzt.exe
  C:\Windows\System\IaLFDzt.exe
  2⤵
  PID:8008
- C:\Windows\System\dmkRgee.exe
  C:\Windows\System\dmkRgee.exe
  2⤵
  PID:8036
- C:\Windows\System\DKddKdM.exe
  C:\Windows\System\DKddKdM.exe
  2⤵
  PID:8068
- C:\Windows\System\VLFqTOv.exe
  C:\Windows\System\VLFqTOv.exe
  2⤵
  PID:8100
- C:\Windows\System\qAXoGRb.exe
  C:\Windows\System\qAXoGRb.exe
  2⤵
  PID:8132
- C:\Windows\System\ZCqNmFF.exe
  C:\Windows\System\ZCqNmFF.exe
  2⤵
  PID:8160
- C:\Windows\System\drSoyJU.exe
  C:\Windows\System\drSoyJU.exe
  2⤵
  PID:8188
- C:\Windows\System\uBQVDNg.exe
  C:\Windows\System\uBQVDNg.exe
  2⤵
  PID:7228
- C:\Windows\System\pLxYiVM.exe
  C:\Windows\System\pLxYiVM.exe
  2⤵
  PID:7292
- C:\Windows\System\jACCEyV.exe
  C:\Windows\System\jACCEyV.exe
  2⤵
  PID:7352
- C:\Windows\System\PxwpWHG.exe
  C:\Windows\System\PxwpWHG.exe
  2⤵
  PID:7424
- C:\Windows\System\aFsuFLo.exe
  C:\Windows\System\aFsuFLo.exe
  2⤵
  PID:7500
- C:\Windows\System\wVamgty.exe
  C:\Windows\System\wVamgty.exe
  2⤵
  PID:7548
- C:\Windows\System\yJGWQKQ.exe
  C:\Windows\System\yJGWQKQ.exe
  2⤵
  PID:456
- C:\Windows\System\qRpZfSY.exe
  C:\Windows\System\qRpZfSY.exe
  2⤵
  PID:7208
- C:\Windows\System\xlpGTGa.exe
  C:\Windows\System\xlpGTGa.exe
  2⤵
  PID:7736
- C:\Windows\System\AuUMpNN.exe
  C:\Windows\System\AuUMpNN.exe
  2⤵
  PID:3240
- C:\Windows\System\UoQIaBy.exe
  C:\Windows\System\UoQIaBy.exe
  2⤵
  PID:7856
- C:\Windows\System\LDDXMfz.exe
  C:\Windows\System\LDDXMfz.exe
  2⤵
  PID:7920
- C:\Windows\System\GXNxnfB.exe
  C:\Windows\System\GXNxnfB.exe
  2⤵
  PID:7992
- C:\Windows\System\rZXHDGV.exe
  C:\Windows\System\rZXHDGV.exe
  2⤵
  PID:8056
- C:\Windows\System\SGcFmbh.exe
  C:\Windows\System\SGcFmbh.exe
  2⤵
  PID:2820
- C:\Windows\System\dTeLprF.exe
  C:\Windows\System\dTeLprF.exe
  2⤵
  PID:8088
- C:\Windows\System\CGMRJgk.exe
  C:\Windows\System\CGMRJgk.exe
  2⤵
  PID:8184
- C:\Windows\System\TFNwBMs.exe
  C:\Windows\System\TFNwBMs.exe
  2⤵
  PID:7320
- C:\Windows\System\cGMSTHI.exe
  C:\Windows\System\cGMSTHI.exe
  2⤵
  PID:7464
- C:\Windows\System\sVgrrLf.exe
  C:\Windows\System\sVgrrLf.exe
  2⤵
  PID:7656
- C:\Windows\System\jvDDeFz.exe
  C:\Windows\System\jvDDeFz.exe
  2⤵
  PID:7764
- C:\Windows\System\PIGPCqP.exe
  C:\Windows\System\PIGPCqP.exe
  2⤵
  PID:7888
- C:\Windows\System\bMOUhCQ.exe
  C:\Windows\System\bMOUhCQ.exe
  2⤵
  PID:8032
- C:\Windows\System\FTAYhvU.exe
  C:\Windows\System\FTAYhvU.exe
  2⤵
  PID:8172
- C:\Windows\System\FRYSFGm.exe
  C:\Windows\System\FRYSFGm.exe
  2⤵
  PID:7380
- C:\Windows\System\NjEIuPv.exe
  C:\Windows\System\NjEIuPv.exe
  2⤵
  PID:7716
- C:\Windows\System\ixgugYJ.exe
  C:\Windows\System\ixgugYJ.exe
  2⤵
  PID:8020
- C:\Windows\System\lSovBCh.exe
  C:\Windows\System\lSovBCh.exe
  2⤵
  PID:7692
- C:\Windows\System\vKxoDQI.exe
  C:\Windows\System\vKxoDQI.exe
  2⤵
  PID:7584
- C:\Windows\System\UwpJttM.exe
  C:\Windows\System\UwpJttM.exe
  2⤵
  PID:8200
- C:\Windows\System\aMBIYeY.exe
  C:\Windows\System\aMBIYeY.exe
  2⤵
  PID:8228
- C:\Windows\System\PbqryZh.exe
  C:\Windows\System\PbqryZh.exe
  2⤵
  PID:8256
- C:\Windows\System\lfXYlis.exe
  C:\Windows\System\lfXYlis.exe
  2⤵
  PID:8284
- C:\Windows\System\GGfmtxl.exe
  C:\Windows\System\GGfmtxl.exe
  2⤵
  PID:8320
- C:\Windows\System\cyeDTzZ.exe
  C:\Windows\System\cyeDTzZ.exe
  2⤵
  PID:8344
- C:\Windows\System\OUaSqcf.exe
  C:\Windows\System\OUaSqcf.exe
  2⤵
  PID:8372
- C:\Windows\System\YrucRzX.exe
  C:\Windows\System\YrucRzX.exe
  2⤵
  PID:8400
- C:\Windows\System\ZcWuOCd.exe
  C:\Windows\System\ZcWuOCd.exe
  2⤵
  PID:8428
- C:\Windows\System\KBZkzKa.exe
  C:\Windows\System\KBZkzKa.exe
  2⤵
  PID:8464
- C:\Windows\System\NqzzMir.exe
  C:\Windows\System\NqzzMir.exe
  2⤵
  PID:8492
- C:\Windows\System\NCOdeTG.exe
  C:\Windows\System\NCOdeTG.exe
  2⤵
  PID:8512
- C:\Windows\System\zTnqTvK.exe
  C:\Windows\System\zTnqTvK.exe
  2⤵
  PID:8540
- C:\Windows\System\kmRtrwv.exe
  C:\Windows\System\kmRtrwv.exe
  2⤵
  PID:8568
- C:\Windows\System\EyavMVI.exe
  C:\Windows\System\EyavMVI.exe
  2⤵
  PID:8596
- C:\Windows\System\HaufELv.exe
  C:\Windows\System\HaufELv.exe
  2⤵
  PID:8628
- C:\Windows\System\PTewUxD.exe
  C:\Windows\System\PTewUxD.exe
  2⤵
  PID:8676
- C:\Windows\System\IxqAZHf.exe
  C:\Windows\System\IxqAZHf.exe
  2⤵
  PID:8692
- C:\Windows\System\VraNBdf.exe
  C:\Windows\System\VraNBdf.exe
  2⤵
  PID:8720
- C:\Windows\System\FJYfwDx.exe
  C:\Windows\System\FJYfwDx.exe
  2⤵
  PID:8756
- C:\Windows\System\UqAyvHe.exe
  C:\Windows\System\UqAyvHe.exe
  2⤵
  PID:8776
- C:\Windows\System\nNNsCrt.exe
  C:\Windows\System\nNNsCrt.exe
  2⤵
  PID:8812
- C:\Windows\System\cJOfGii.exe
  C:\Windows\System\cJOfGii.exe
  2⤵
  PID:8836
- C:\Windows\System\qVyptzC.exe
  C:\Windows\System\qVyptzC.exe
  2⤵
  PID:8868
- C:\Windows\System\krQAaJh.exe
  C:\Windows\System\krQAaJh.exe
  2⤵
  PID:8892
- C:\Windows\System\apWmOty.exe
  C:\Windows\System\apWmOty.exe
  2⤵
  PID:8920
- C:\Windows\System\mKKhSiM.exe
  C:\Windows\System\mKKhSiM.exe
  2⤵
  PID:8948
- C:\Windows\System\MumLukj.exe
  C:\Windows\System\MumLukj.exe
  2⤵
  PID:8976
- C:\Windows\System\TgLZKWx.exe
  C:\Windows\System\TgLZKWx.exe
  2⤵
  PID:9004
- C:\Windows\System\gBNCVri.exe
  C:\Windows\System\gBNCVri.exe
  2⤵
  PID:9032
- C:\Windows\System\CizWSzD.exe
  C:\Windows\System\CizWSzD.exe
  2⤵
  PID:9068
- C:\Windows\System\HdNemFC.exe
  C:\Windows\System\HdNemFC.exe
  2⤵
  PID:9088
- C:\Windows\System\casaRRG.exe
  C:\Windows\System\casaRRG.exe
  2⤵
  PID:9116
- C:\Windows\System\tLIiPsI.exe
  C:\Windows\System\tLIiPsI.exe
  2⤵
  PID:9144
- C:\Windows\System\lgYKjJA.exe
  C:\Windows\System\lgYKjJA.exe
  2⤵
  PID:9172
- C:\Windows\System\pMUrOsS.exe
  C:\Windows\System\pMUrOsS.exe
  2⤵
  PID:9204
- C:\Windows\System\atyIpeQ.exe
  C:\Windows\System\atyIpeQ.exe
  2⤵
  PID:8212
- C:\Windows\System\xynxiwy.exe
  C:\Windows\System\xynxiwy.exe
  2⤵
  PID:8272
- C:\Windows\System\LBTyOPl.exe
  C:\Windows\System\LBTyOPl.exe
  2⤵
  PID:8312
- C:\Windows\System\tKyoQnE.exe
  C:\Windows\System\tKyoQnE.exe
  2⤵
  PID:8384
- C:\Windows\System\EGRKgSV.exe
  C:\Windows\System\EGRKgSV.exe
  2⤵
  PID:8448
- C:\Windows\System\zGMTZDA.exe
  C:\Windows\System\zGMTZDA.exe
  2⤵
  PID:8508
- C:\Windows\System\kdLkaCw.exe
  C:\Windows\System\kdLkaCw.exe
  2⤵
  PID:8580
- C:\Windows\System\JIyteut.exe
  C:\Windows\System\JIyteut.exe
  2⤵
  PID:8612
- C:\Windows\System\IAqbFzH.exe
  C:\Windows\System\IAqbFzH.exe
  2⤵
  PID:8672
- C:\Windows\System\XcperCI.exe
  C:\Windows\System\XcperCI.exe
  2⤵
  PID:8740
- C:\Windows\System\hpiCguv.exe
  C:\Windows\System\hpiCguv.exe
  2⤵
  PID:8800
- C:\Windows\System\widLnbk.exe
  C:\Windows\System\widLnbk.exe
  2⤵
  PID:8860
- C:\Windows\System\ILzZWpJ.exe
  C:\Windows\System\ILzZWpJ.exe
  2⤵
  PID:8940
- C:\Windows\System\nMKIGHU.exe
  C:\Windows\System\nMKIGHU.exe
  2⤵
  PID:9000
- C:\Windows\System\OiivcXo.exe
  C:\Windows\System\OiivcXo.exe
  2⤵
  PID:9076
- C:\Windows\System\GNLICRh.exe
  C:\Windows\System\GNLICRh.exe
  2⤵
  PID:9136
- C:\Windows\System\LayjsOt.exe
  C:\Windows\System\LayjsOt.exe
  2⤵
  PID:4384
- C:\Windows\System\gDhdITJ.exe
  C:\Windows\System\gDhdITJ.exe
  2⤵
  PID:8248
- C:\Windows\System\cNwUTVB.exe
  C:\Windows\System\cNwUTVB.exe
  2⤵
  PID:8368
- C:\Windows\System\fKXrTSq.exe
  C:\Windows\System\fKXrTSq.exe
  2⤵
  PID:8552
- C:\Windows\System\tgwiEpJ.exe
  C:\Windows\System\tgwiEpJ.exe
  2⤵
  PID:8656
- C:\Windows\System\hNfbYOS.exe
  C:\Windows\System\hNfbYOS.exe
  2⤵
  PID:8792
- C:\Windows\System\WaNmqEo.exe
  C:\Windows\System\WaNmqEo.exe
  2⤵
  PID:8932
- C:\Windows\System\bJIOuyB.exe
  C:\Windows\System\bJIOuyB.exe
  2⤵
  PID:9108
- C:\Windows\System\TyNWsZN.exe
  C:\Windows\System\TyNWsZN.exe
  2⤵
  PID:5088
- C:\Windows\System\SckBTHu.exe
  C:\Windows\System\SckBTHu.exe
  2⤵
  PID:3208
- C:\Windows\System\dlufjQo.exe
  C:\Windows\System\dlufjQo.exe
  2⤵
  PID:8996
- C:\Windows\System\OYFFVpo.exe
  C:\Windows\System\OYFFVpo.exe
  2⤵
  PID:3388
- C:\Windows\System\NAoVuxa.exe
  C:\Windows\System\NAoVuxa.exe
  2⤵
  PID:1656
- C:\Windows\System\rmjjxEl.exe
  C:\Windows\System\rmjjxEl.exe
  2⤵
  PID:9224
- C:\Windows\System\mGqToUo.exe
  C:\Windows\System\mGqToUo.exe
  2⤵
  PID:9260
- C:\Windows\System\ldzKVAe.exe
  C:\Windows\System\ldzKVAe.exe
  2⤵
  PID:9292
- C:\Windows\System\fzSalBl.exe
  C:\Windows\System\fzSalBl.exe
  2⤵
  PID:9316
- C:\Windows\System\CiwwBwA.exe
  C:\Windows\System\CiwwBwA.exe
  2⤵
  PID:9344
- C:\Windows\System\shREaOs.exe
  C:\Windows\System\shREaOs.exe
  2⤵
  PID:9372
- C:\Windows\System\vKWtBen.exe
  C:\Windows\System\vKWtBen.exe
  2⤵
  PID:9400
- C:\Windows\System\aFZCYBs.exe
  C:\Windows\System\aFZCYBs.exe
  2⤵
  PID:9428
- C:\Windows\System\bBSpZPd.exe
  C:\Windows\System\bBSpZPd.exe
  2⤵
  PID:9456
- C:\Windows\System\VGNylSc.exe
  C:\Windows\System\VGNylSc.exe
  2⤵
  PID:9484
- C:\Windows\System\baTRwUm.exe
  C:\Windows\System\baTRwUm.exe
  2⤵
  PID:9512
- C:\Windows\System\JatrqfB.exe
  C:\Windows\System\JatrqfB.exe
  2⤵
  PID:9540
- C:\Windows\System\QyGkaCm.exe
  C:\Windows\System\QyGkaCm.exe
  2⤵
  PID:9568
- C:\Windows\System\ykLqadE.exe
  C:\Windows\System\ykLqadE.exe
  2⤵
  PID:9596
- C:\Windows\System\VVDyyTQ.exe
  C:\Windows\System\VVDyyTQ.exe
  2⤵
  PID:9624
- C:\Windows\System\TbQRbbW.exe
  C:\Windows\System\TbQRbbW.exe
  2⤵
  PID:9652
- C:\Windows\System\kJgdgJA.exe
  C:\Windows\System\kJgdgJA.exe
  2⤵
  PID:9680
- C:\Windows\System\AlEbkMU.exe
  C:\Windows\System\AlEbkMU.exe
  2⤵
  PID:9708
- C:\Windows\System\CntaCMW.exe
  C:\Windows\System\CntaCMW.exe
  2⤵
  PID:9736
- C:\Windows\System\sCHBHBr.exe
  C:\Windows\System\sCHBHBr.exe
  2⤵
  PID:9764
- C:\Windows\System\vlDtoqg.exe
  C:\Windows\System\vlDtoqg.exe
  2⤵
  PID:9800
- C:\Windows\System\edbJiWW.exe
  C:\Windows\System\edbJiWW.exe
  2⤵
  PID:9820
- C:\Windows\System\FOTUyvt.exe
  C:\Windows\System\FOTUyvt.exe
  2⤵
  PID:9848
- C:\Windows\System\PLujehz.exe
  C:\Windows\System\PLujehz.exe
  2⤵
  PID:9880
- C:\Windows\System\QOZwqcI.exe
  C:\Windows\System\QOZwqcI.exe
  2⤵
  PID:9908
- C:\Windows\System\odfLNwc.exe
  C:\Windows\System\odfLNwc.exe
  2⤵
  PID:9936
- C:\Windows\System\dwGdWFT.exe
  C:\Windows\System\dwGdWFT.exe
  2⤵
  PID:9964
- C:\Windows\System\HUlEAGR.exe
  C:\Windows\System\HUlEAGR.exe
  2⤵
  PID:9992
- C:\Windows\System\BoFZSLJ.exe
  C:\Windows\System\BoFZSLJ.exe
  2⤵
  PID:10024
- C:\Windows\System\hRfqeGC.exe
  C:\Windows\System\hRfqeGC.exe
  2⤵
  PID:10048
- C:\Windows\System\jLQcTzm.exe
  C:\Windows\System\jLQcTzm.exe
  2⤵
  PID:10088
- C:\Windows\System\FkcGCMM.exe
  C:\Windows\System\FkcGCMM.exe
  2⤵
  PID:10104
- C:\Windows\System\hfPHnQf.exe
  C:\Windows\System\hfPHnQf.exe
  2⤵
  PID:10136
- C:\Windows\System\LOKZOXe.exe
  C:\Windows\System\LOKZOXe.exe
  2⤵
  PID:10160
- C:\Windows\System\spSAACc.exe
  C:\Windows\System\spSAACc.exe
  2⤵
  PID:10188
- C:\Windows\System\IVTHqDQ.exe
  C:\Windows\System\IVTHqDQ.exe
  2⤵
  PID:10216
- C:\Windows\System\WzzMJQc.exe
  C:\Windows\System\WzzMJQc.exe
  2⤵
  PID:9220
- C:\Windows\System\EHDJdLI.exe
  C:\Windows\System\EHDJdLI.exe
  2⤵
  PID:9272
- C:\Windows\System\TMjHhhD.exe
  C:\Windows\System\TMjHhhD.exe
  2⤵
  PID:9276
- C:\Windows\System\CUATkqI.exe
  C:\Windows\System\CUATkqI.exe
  2⤵
  PID:4728
- C:\Windows\System\tNLQIfT.exe
  C:\Windows\System\tNLQIfT.exe
  2⤵
  PID:9340
- C:\Windows\System\qtNbOXq.exe
  C:\Windows\System\qtNbOXq.exe
  2⤵
  PID:9396
- C:\Windows\System\mJkeXCv.exe
  C:\Windows\System\mJkeXCv.exe
  2⤵
  PID:9472
- C:\Windows\System\EblazAx.exe
  C:\Windows\System\EblazAx.exe
  2⤵
  PID:9532
- C:\Windows\System\coTfNdE.exe
  C:\Windows\System\coTfNdE.exe
  2⤵
  PID:9608
- C:\Windows\System\veONvGz.exe
  C:\Windows\System\veONvGz.exe
  2⤵
  PID:9672
- C:\Windows\System\ExKCbIy.exe
  C:\Windows\System\ExKCbIy.exe
  2⤵
  PID:9732
- C:\Windows\System\vBARqbP.exe
  C:\Windows\System\vBARqbP.exe
  2⤵
  PID:9808
- C:\Windows\System\yNNXEyD.exe
  C:\Windows\System\yNNXEyD.exe
  2⤵
  PID:9860
- C:\Windows\System\JOikftY.exe
  C:\Windows\System\JOikftY.exe
  2⤵
  PID:9928
- C:\Windows\System\rvfqVbe.exe
  C:\Windows\System\rvfqVbe.exe
  2⤵
  PID:9988
- C:\Windows\System\fUIZMAe.exe
  C:\Windows\System\fUIZMAe.exe
  2⤵
  PID:10060
- C:\Windows\System\jpgdpST.exe
  C:\Windows\System\jpgdpST.exe
  2⤵
  PID:10124
- C:\Windows\System\RytDrGy.exe
  C:\Windows\System\RytDrGy.exe
  2⤵
  PID:10208
- C:\Windows\System\pNnYMtT.exe
  C:\Windows\System\pNnYMtT.exe
  2⤵
  PID:8848
- C:\Windows\System\pgKCOas.exe
  C:\Windows\System\pgKCOas.exe
  2⤵
  PID:4324
- C:\Windows\System\rRBUpFc.exe
  C:\Windows\System\rRBUpFc.exe
  2⤵
  PID:9384
- C:\Windows\System\BRZYIXF.exe
  C:\Windows\System\BRZYIXF.exe
  2⤵
  PID:9524
- C:\Windows\System\awBOuyb.exe
  C:\Windows\System\awBOuyb.exe
  2⤵
  PID:9700
- C:\Windows\System\NHoepmX.exe
  C:\Windows\System\NHoepmX.exe
  2⤵
  PID:9840
- C:\Windows\System\BfQETYx.exe
  C:\Windows\System\BfQETYx.exe
  2⤵
  PID:9984
- C:\Windows\System\cuxqLLT.exe
  C:\Windows\System\cuxqLLT.exe
  2⤵
  PID:10152
- C:\Windows\System\DiIHocM.exe
  C:\Windows\System\DiIHocM.exe
  2⤵
  PID:8364
- C:\Windows\System\xtmLOPn.exe
  C:\Windows\System\xtmLOPn.exe
  2⤵
  PID:9508
- C:\Windows\System\ySopopB.exe
  C:\Windows\System\ySopopB.exe
  2⤵
  PID:9904
- C:\Windows\System\EqycTdl.exe
  C:\Windows\System\EqycTdl.exe
  2⤵
  PID:8888
- C:\Windows\System\AJTfwHE.exe
  C:\Windows\System\AJTfwHE.exe
  2⤵
  PID:9788
- C:\Windows\System\ATWUsex.exe
  C:\Windows\System\ATWUsex.exe
  2⤵
  PID:10228
- C:\Windows\System\uuaCgrh.exe
  C:\Windows\System\uuaCgrh.exe
  2⤵
  PID:10260
- C:\Windows\System\rMOaAkh.exe
  C:\Windows\System\rMOaAkh.exe
  2⤵
  PID:10288
- C:\Windows\System\IaBSVww.exe
  C:\Windows\System\IaBSVww.exe
  2⤵
  PID:10316
- C:\Windows\System\qiLsvlV.exe
  C:\Windows\System\qiLsvlV.exe
  2⤵
  PID:10344
- C:\Windows\System\EXgJqkQ.exe
  C:\Windows\System\EXgJqkQ.exe
  2⤵
  PID:10372
- C:\Windows\System\bmjDHJD.exe
  C:\Windows\System\bmjDHJD.exe
  2⤵
  PID:10400
- C:\Windows\System\qJCwoue.exe
  C:\Windows\System\qJCwoue.exe
  2⤵
  PID:10428
- C:\Windows\System\vrlwYjZ.exe
  C:\Windows\System\vrlwYjZ.exe
  2⤵
  PID:10456
- C:\Windows\System\CKXpyiy.exe
  C:\Windows\System\CKXpyiy.exe
  2⤵
  PID:10484
- C:\Windows\System\xzPcSUL.exe
  C:\Windows\System\xzPcSUL.exe
  2⤵
  PID:10512
- C:\Windows\System\jEjJFtq.exe
  C:\Windows\System\jEjJFtq.exe
  2⤵
  PID:10540
- C:\Windows\System\unWvLQX.exe
  C:\Windows\System\unWvLQX.exe
  2⤵
  PID:10568
- C:\Windows\System\QWgFWPt.exe
  C:\Windows\System\QWgFWPt.exe
  2⤵
  PID:10596
- C:\Windows\System\XSqbAlP.exe
  C:\Windows\System\XSqbAlP.exe
  2⤵
  PID:10624
- C:\Windows\System\TABITef.exe
  C:\Windows\System\TABITef.exe
  2⤵
  PID:10652
- C:\Windows\System\NcwmZvg.exe
  C:\Windows\System\NcwmZvg.exe
  2⤵
  PID:10680
- C:\Windows\System\ORdEGXC.exe
  C:\Windows\System\ORdEGXC.exe
  2⤵
  PID:10708
- C:\Windows\System\CIuKdOs.exe
  C:\Windows\System\CIuKdOs.exe
  2⤵
  PID:10736
- C:\Windows\System\ncpwsZQ.exe
  C:\Windows\System\ncpwsZQ.exe
  2⤵
  PID:10764
- C:\Windows\System\sArknkv.exe
  C:\Windows\System\sArknkv.exe
  2⤵
  PID:10792
- C:\Windows\System\bQqZwcS.exe
  C:\Windows\System\bQqZwcS.exe
  2⤵
  PID:10820
- C:\Windows\System\EJwaqUK.exe
  C:\Windows\System\EJwaqUK.exe
  2⤵
  PID:10848
- C:\Windows\System\KTZRlbL.exe
  C:\Windows\System\KTZRlbL.exe
  2⤵
  PID:10876
- C:\Windows\System\cfcSEeY.exe
  C:\Windows\System\cfcSEeY.exe
  2⤵
  PID:10904
- C:\Windows\System\tkZpYlw.exe
  C:\Windows\System\tkZpYlw.exe
  2⤵
  PID:10932
- C:\Windows\System\ephVIcA.exe
  C:\Windows\System\ephVIcA.exe
  2⤵
  PID:10960
- C:\Windows\System\OBbXkHc.exe
  C:\Windows\System\OBbXkHc.exe
  2⤵
  PID:10992
- C:\Windows\System\xqEyHmP.exe
  C:\Windows\System\xqEyHmP.exe
  2⤵
  PID:11020
- C:\Windows\System\eoVTlYN.exe
  C:\Windows\System\eoVTlYN.exe
  2⤵
  PID:11048
- C:\Windows\System\YTjJlKV.exe
  C:\Windows\System\YTjJlKV.exe
  2⤵
  PID:11080
- C:\Windows\System\MYmdMdJ.exe
  C:\Windows\System\MYmdMdJ.exe
  2⤵
  PID:11104
- C:\Windows\System\uEnlasw.exe
  C:\Windows\System\uEnlasw.exe
  2⤵
  PID:11132
- C:\Windows\System\BtahguE.exe
  C:\Windows\System\BtahguE.exe
  2⤵
  PID:11160
- C:\Windows\System\VARQvaX.exe
  C:\Windows\System\VARQvaX.exe
  2⤵
  PID:11188
- C:\Windows\System\cdMLyGH.exe
  C:\Windows\System\cdMLyGH.exe
  2⤵
  PID:11216
- C:\Windows\System\PdmhFvC.exe
  C:\Windows\System\PdmhFvC.exe
  2⤵
  PID:11244
- C:\Windows\System\PXBoPAB.exe
  C:\Windows\System\PXBoPAB.exe
  2⤵
  PID:10256
- C:\Windows\System\aNmYKHZ.exe
  C:\Windows\System\aNmYKHZ.exe
  2⤵
  PID:10328
- C:\Windows\System\gRrubmV.exe
  C:\Windows\System\gRrubmV.exe
  2⤵
  PID:10392
- C:\Windows\System\BVikoua.exe
  C:\Windows\System\BVikoua.exe
  2⤵
  PID:10452
- C:\Windows\System\MInQvOJ.exe
  C:\Windows\System\MInQvOJ.exe
  2⤵
  PID:10524
- C:\Windows\System\LwdTlZi.exe
  C:\Windows\System\LwdTlZi.exe
  2⤵
  PID:10588
- C:\Windows\System\PUJKhrl.exe
  C:\Windows\System\PUJKhrl.exe
  2⤵
  PID:10676
- C:\Windows\System\iEMNCeG.exe
  C:\Windows\System\iEMNCeG.exe
  2⤵
  PID:10720
- C:\Windows\System\wgeAeGV.exe
  C:\Windows\System\wgeAeGV.exe
  2⤵
  PID:10784
- C:\Windows\System\iSZCzmh.exe
  C:\Windows\System\iSZCzmh.exe
  2⤵
  PID:10840
- C:\Windows\System\wPOPzJT.exe
  C:\Windows\System\wPOPzJT.exe
  2⤵
  PID:10900
- C:\Windows\System\UVwWwaq.exe
  C:\Windows\System\UVwWwaq.exe
  2⤵
  PID:10952
- C:\Windows\System\tzsKoaM.exe
  C:\Windows\System\tzsKoaM.exe
  2⤵
  PID:11016
- C:\Windows\System\LKdulke.exe
  C:\Windows\System\LKdulke.exe
  2⤵
  PID:11088
- C:\Windows\System\zRSKeOh.exe
  C:\Windows\System\zRSKeOh.exe
  2⤵
  PID:11152
- C:\Windows\System\otTDxRl.exe
  C:\Windows\System\otTDxRl.exe
  2⤵
  PID:11212
- C:\Windows\System\fzYVJpl.exe
  C:\Windows\System\fzYVJpl.exe
  2⤵
  PID:10308
- C:\Windows\System\iNmxCYE.exe
  C:\Windows\System\iNmxCYE.exe
  2⤵
  PID:10448
- C:\Windows\System\hRsMMmR.exe
  C:\Windows\System\hRsMMmR.exe
  2⤵
  PID:10616
- C:\Windows\System\EuwmRoQ.exe
  C:\Windows\System\EuwmRoQ.exe
  2⤵
  PID:10760
- C:\Windows\System\eCUQrna.exe
  C:\Windows\System\eCUQrna.exe
  2⤵
  PID:10888
- C:\Windows\System\FtlBDKd.exe
  C:\Windows\System\FtlBDKd.exe
  2⤵
  PID:11012
- C:\Windows\System\UIymYBz.exe
  C:\Windows\System\UIymYBz.exe
  2⤵
  PID:11180
- C:\Windows\System\MRcqogY.exe
  C:\Windows\System\MRcqogY.exe
  2⤵
  PID:10420
- C:\Windows\System\VdGfOrR.exe
  C:\Windows\System\VdGfOrR.exe
  2⤵
  PID:10748
- C:\Windows\System\QaCfKXz.exe
  C:\Windows\System\QaCfKXz.exe
  2⤵
  PID:11128
- C:\Windows\System\xTmzKFx.exe
  C:\Windows\System\xTmzKFx.exe
  2⤵
  PID:10368
- C:\Windows\System\roFWNHE.exe
  C:\Windows\System\roFWNHE.exe
  2⤵
  PID:11004
- C:\Windows\System\MmjiQcA.exe
  C:\Windows\System\MmjiQcA.exe
  2⤵
  PID:116
- C:\Windows\System\HRJqRia.exe
  C:\Windows\System\HRJqRia.exe
  2⤵
  PID:11296
- C:\Windows\System\EBwxrnb.exe
  C:\Windows\System\EBwxrnb.exe
  2⤵
  PID:11324
- C:\Windows\System\wINuOQH.exe
  C:\Windows\System\wINuOQH.exe
  2⤵
  PID:11352
- C:\Windows\System\HwQkSNm.exe
  C:\Windows\System\HwQkSNm.exe
  2⤵
  PID:11380
- C:\Windows\System\JDooKqj.exe
  C:\Windows\System\JDooKqj.exe
  2⤵
  PID:11408
- C:\Windows\System\mZHOAQG.exe
  C:\Windows\System\mZHOAQG.exe
  2⤵
  PID:11436
- C:\Windows\System\KSPTgro.exe
  C:\Windows\System\KSPTgro.exe
  2⤵
  PID:11464
- C:\Windows\System\nioLehk.exe
  C:\Windows\System\nioLehk.exe
  2⤵
  PID:11492
- C:\Windows\System\kpwBlkL.exe
  C:\Windows\System\kpwBlkL.exe
  2⤵
  PID:11520
- C:\Windows\System\bHuyFaS.exe
  C:\Windows\System\bHuyFaS.exe
  2⤵
  PID:11548
- C:\Windows\System\PzsfzPV.exe
  C:\Windows\System\PzsfzPV.exe
  2⤵
  PID:11576
- C:\Windows\System\iuxETQJ.exe
  C:\Windows\System\iuxETQJ.exe
  2⤵
  PID:11604
- C:\Windows\System\QcbIMAf.exe
  C:\Windows\System\QcbIMAf.exe
  2⤵
  PID:11632
- C:\Windows\System\IPWkagn.exe
  C:\Windows\System\IPWkagn.exe
  2⤵
  PID:11660
- C:\Windows\System\WUrfeNc.exe
  C:\Windows\System\WUrfeNc.exe
  2⤵
  PID:11688
- C:\Windows\System\DFGPknF.exe
  C:\Windows\System\DFGPknF.exe
  2⤵
  PID:11716
- C:\Windows\System\SNODLWj.exe
  C:\Windows\System\SNODLWj.exe
  2⤵
  PID:11744
- C:\Windows\System\ktdNbtK.exe
  C:\Windows\System\ktdNbtK.exe
  2⤵
  PID:11772
- C:\Windows\System\AscVwop.exe
  C:\Windows\System\AscVwop.exe
  2⤵
  PID:11800
- C:\Windows\System\elcNxEr.exe
  C:\Windows\System\elcNxEr.exe
  2⤵
  PID:11828
- C:\Windows\System\nQHPGzt.exe
  C:\Windows\System\nQHPGzt.exe
  2⤵
  PID:11856
- C:\Windows\System\MxthDtz.exe
  C:\Windows\System\MxthDtz.exe
  2⤵
  PID:11884
- C:\Windows\System\ZPaHvxL.exe
  C:\Windows\System\ZPaHvxL.exe
  2⤵
  PID:11912
- C:\Windows\System\MDIqDNC.exe
  C:\Windows\System\MDIqDNC.exe
  2⤵
  PID:11940
- C:\Windows\System\CHxzwDW.exe
  C:\Windows\System\CHxzwDW.exe
  2⤵
  PID:11968
- C:\Windows\System\UvqCaZz.exe
  C:\Windows\System\UvqCaZz.exe
  2⤵
  PID:11996
- C:\Windows\System\jwAYJJf.exe
  C:\Windows\System\jwAYJJf.exe
  2⤵
  PID:12028
- C:\Windows\System\fMoxTzX.exe
  C:\Windows\System\fMoxTzX.exe
  2⤵
  PID:12056
- C:\Windows\System\sRhCwou.exe
  C:\Windows\System\sRhCwou.exe
  2⤵
  PID:12084
- C:\Windows\System\daXYzAb.exe
  C:\Windows\System\daXYzAb.exe
  2⤵
  PID:12112
- C:\Windows\System\sAIvAtP.exe
  C:\Windows\System\sAIvAtP.exe
  2⤵
  PID:12140
- C:\Windows\System\zgZTIeB.exe
  C:\Windows\System\zgZTIeB.exe
  2⤵
  PID:12168
- C:\Windows\System\vmZHHba.exe
  C:\Windows\System\vmZHHba.exe
  2⤵
  PID:12196
- C:\Windows\System\jfVEAEJ.exe
  C:\Windows\System\jfVEAEJ.exe
  2⤵
  PID:12224
- C:\Windows\System\fnMAPnF.exe
  C:\Windows\System\fnMAPnF.exe
  2⤵
  PID:12252
- C:\Windows\System\lCbbbqX.exe
  C:\Windows\System\lCbbbqX.exe
  2⤵
  PID:12280
- C:\Windows\System\gqnGfde.exe
  C:\Windows\System\gqnGfde.exe
  2⤵
  PID:11288
- C:\Windows\System\uWByyCS.exe
  C:\Windows\System\uWByyCS.exe
  2⤵
  PID:11336
- C:\Windows\System\ftNVYIv.exe
  C:\Windows\System\ftNVYIv.exe
  2⤵
  PID:1768
- C:\Windows\System\CQAWFGY.exe
  C:\Windows\System\CQAWFGY.exe
  2⤵
  PID:11448
- C:\Windows\System\vtVLVxl.exe
  C:\Windows\System\vtVLVxl.exe
  2⤵
  PID:11508
- C:\Windows\System\sQZvzVu.exe
  C:\Windows\System\sQZvzVu.exe
  2⤵
  PID:11568
- C:\Windows\System\OSvLDcf.exe
  C:\Windows\System\OSvLDcf.exe
  2⤵
  PID:11628
- C:\Windows\System\wBIttSj.exe
  C:\Windows\System\wBIttSj.exe
  2⤵
  PID:11704
- C:\Windows\System\yNgdAMt.exe
  C:\Windows\System\yNgdAMt.exe
  2⤵
  PID:11764
- C:\Windows\System\SMxPouX.exe
  C:\Windows\System\SMxPouX.exe
  2⤵
  PID:11824
- C:\Windows\System\qMFSOYy.exe
  C:\Windows\System\qMFSOYy.exe
  2⤵
  PID:11896
- C:\Windows\System\iNPIzNd.exe
  C:\Windows\System\iNPIzNd.exe
  2⤵
  PID:11932
- C:\Windows\System\VElEeer.exe
  C:\Windows\System\VElEeer.exe
  2⤵
  PID:11980
- C:\Windows\System\jQgSVdh.exe
  C:\Windows\System\jQgSVdh.exe
  2⤵
  PID:12040
- C:\Windows\System\ployBLH.exe
  C:\Windows\System\ployBLH.exe
  2⤵
  PID:12080
- C:\Windows\System\KvKsbmL.exe
  C:\Windows\System\KvKsbmL.exe
  2⤵
  PID:12152
- C:\Windows\System\ncZitMA.exe
  C:\Windows\System\ncZitMA.exe
  2⤵
  PID:12216
- C:\Windows\System\WsBtWyG.exe
  C:\Windows\System\WsBtWyG.exe
  2⤵
  PID:12276
- C:\Windows\System\skyJDCV.exe
  C:\Windows\System\skyJDCV.exe
  2⤵
  PID:11368
- C:\Windows\System\WuTSQUc.exe
  C:\Windows\System\WuTSQUc.exe
  2⤵
  PID:3456
- C:\Windows\System\yDseQJr.exe
  C:\Windows\System\yDseQJr.exe
  2⤵
  PID:11684
- C:\Windows\System\vPdDIgj.exe
  C:\Windows\System\vPdDIgj.exe
  2⤵
  PID:12016
- C:\Windows\System\ZNNveio.exe
  C:\Windows\System\ZNNveio.exe
  2⤵
  PID:11952
- C:\Windows\System\UhqLHFJ.exe
  C:\Windows\System\UhqLHFJ.exe
  2⤵
  PID:12128
- C:\Windows\System\bCRWKoH.exe
  C:\Windows\System\bCRWKoH.exe
  2⤵
  PID:12264
- C:\Windows\System\ykSCyQm.exe
  C:\Windows\System\ykSCyQm.exe
  2⤵
  PID:640
- C:\Windows\System\mMoPAVL.exe
  C:\Windows\System\mMoPAVL.exe
  2⤵
  PID:11740
- C:\Windows\System\lqcOMbM.exe
  C:\Windows\System\lqcOMbM.exe
  2⤵
  PID:1540
- C:\Windows\System\nZxSRMG.exe
  C:\Windows\System\nZxSRMG.exe
  2⤵
  PID:3340
- C:\Windows\System\WpnZZVQ.exe
  C:\Windows\System\WpnZZVQ.exe
  2⤵
  PID:12244
- C:\Windows\System\RSnVShz.exe
  C:\Windows\System\RSnVShz.exe
  2⤵
  PID:2576
- C:\Windows\System\yumnkiE.exe
  C:\Windows\System\yumnkiE.exe
  2⤵
  PID:516
- C:\Windows\System\BbQidIg.exe
  C:\Windows\System\BbQidIg.exe
  2⤵
  PID:11544
- C:\Windows\System\WcBfFmN.exe
  C:\Windows\System\WcBfFmN.exe
  2⤵
  PID:11564
- C:\Windows\System\CbaOHDK.exe
  C:\Windows\System\CbaOHDK.exe
  2⤵
  PID:12020
- C:\Windows\System\HTgmvSk.exe
  C:\Windows\System\HTgmvSk.exe
  2⤵
  PID:2884
- C:\Windows\System\RdXxmkO.exe
  C:\Windows\System\RdXxmkO.exe
  2⤵
  PID:4528
- C:\Windows\System\WfmfBlk.exe
  C:\Windows\System\WfmfBlk.exe
  2⤵
  PID:2444
- C:\Windows\System\zkhfJjh.exe
  C:\Windows\System\zkhfJjh.exe
  2⤵
  PID:4012
- C:\Windows\System\rdhemOl.exe
  C:\Windows\System\rdhemOl.exe
  2⤵
  PID:11820
- C:\Windows\System\TyQllmu.exe
  C:\Windows\System\TyQllmu.exe
  2⤵
  PID:3260
- C:\Windows\System\CYcwkdz.exe
  C:\Windows\System\CYcwkdz.exe
  2⤵
  PID:2372
- C:\Windows\System\YOTWljI.exe
  C:\Windows\System\YOTWljI.exe
  2⤵
  PID:12312
- C:\Windows\System\GFjMYYK.exe
  C:\Windows\System\GFjMYYK.exe
  2⤵
  PID:12340
- C:\Windows\System\iIvKbWt.exe
  C:\Windows\System\iIvKbWt.exe
  2⤵
  PID:12368
- C:\Windows\System\HPObyDl.exe
  C:\Windows\System\HPObyDl.exe
  2⤵
  PID:12396
- C:\Windows\System\eddQKOA.exe
  C:\Windows\System\eddQKOA.exe
  2⤵
  PID:12424
- C:\Windows\System\TpsIVVo.exe
  C:\Windows\System\TpsIVVo.exe
  2⤵
  PID:12452
- C:\Windows\System\BITlQDr.exe
  C:\Windows\System\BITlQDr.exe
  2⤵
  PID:12480
- C:\Windows\System\SpqMozC.exe
  C:\Windows\System\SpqMozC.exe
  2⤵
  PID:12512
- C:\Windows\System\DCMbVBJ.exe
  C:\Windows\System\DCMbVBJ.exe
  2⤵
  PID:12540
- C:\Windows\System\hOIMmrF.exe
  C:\Windows\System\hOIMmrF.exe
  2⤵
  PID:12568
- C:\Windows\System\cAaEzGg.exe
  C:\Windows\System\cAaEzGg.exe
  2⤵
  PID:12596
- C:\Windows\System\MKwvoRY.exe
  C:\Windows\System\MKwvoRY.exe
  2⤵
  PID:12624
- C:\Windows\System\fLjXXKS.exe
  C:\Windows\System\fLjXXKS.exe
  2⤵
  PID:12652
- C:\Windows\System\NNIfvvh.exe
  C:\Windows\System\NNIfvvh.exe
  2⤵
  PID:12680
- C:\Windows\System\KfFYkMp.exe
  C:\Windows\System\KfFYkMp.exe
  2⤵
  PID:12708
- C:\Windows\System\qFuHprM.exe
  C:\Windows\System\qFuHprM.exe
  2⤵
  PID:12736
- C:\Windows\System\wvrvFei.exe
  C:\Windows\System\wvrvFei.exe
  2⤵
  PID:12764
- C:\Windows\System\PygKccE.exe
  C:\Windows\System\PygKccE.exe
  2⤵
  PID:12792
- C:\Windows\System\CCOQSrE.exe
  C:\Windows\System\CCOQSrE.exe
  2⤵
  PID:12820
- C:\Windows\System\tYqvaNI.exe
  C:\Windows\System\tYqvaNI.exe
  2⤵
  PID:12848
- C:\Windows\System\NEloZhG.exe
  C:\Windows\System\NEloZhG.exe
  2⤵
  PID:12876
- C:\Windows\System\goQFnzl.exe
  C:\Windows\System\goQFnzl.exe
  2⤵
  PID:12904
- C:\Windows\System\KLEpUFV.exe
  C:\Windows\System\KLEpUFV.exe
  2⤵
  PID:12932
- C:\Windows\System\wanRzmL.exe
  C:\Windows\System\wanRzmL.exe
  2⤵
  PID:12960
- C:\Windows\System\tXlpCyb.exe
  C:\Windows\System\tXlpCyb.exe
  2⤵
  PID:12988
- C:\Windows\System\PxYppYZ.exe
  C:\Windows\System\PxYppYZ.exe
  2⤵
  PID:13016
- C:\Windows\System\nwCzEVU.exe
  C:\Windows\System\nwCzEVU.exe
  2⤵
  PID:13044
- C:\Windows\System\YbAWNhU.exe
  C:\Windows\System\YbAWNhU.exe
  2⤵
  PID:13072
- C:\Windows\System\ioiukQG.exe
  C:\Windows\System\ioiukQG.exe
  2⤵
  PID:13100
- C:\Windows\System\sYQYset.exe
  C:\Windows\System\sYQYset.exe
  2⤵
  PID:13128
- C:\Windows\System\VBvBxtS.exe
  C:\Windows\System\VBvBxtS.exe
  2⤵
  PID:13156
- C:\Windows\System\dhTPfYb.exe
  C:\Windows\System\dhTPfYb.exe
  2⤵
  PID:13184
- C:\Windows\System\lVoFjuu.exe
  C:\Windows\System\lVoFjuu.exe
  2⤵
  PID:13220
- C:\Windows\System\pIaHSJR.exe
  C:\Windows\System\pIaHSJR.exe
  2⤵
  PID:13252
- C:\Windows\System\UwwJlFm.exe
  C:\Windows\System\UwwJlFm.exe
  2⤵
  PID:13284
- C:\Windows\System\VcqLhyb.exe
  C:\Windows\System\VcqLhyb.exe
  2⤵
  PID:12304
- C:\Windows\System\NisphWb.exe
  C:\Windows\System\NisphWb.exe
  2⤵
  PID:2176
- C:\Windows\System\DZkPIyX.exe
  C:\Windows\System\DZkPIyX.exe
  2⤵
  PID:12364
- C:\Windows\System\yIlIxdC.exe
  C:\Windows\System\yIlIxdC.exe
  2⤵
  PID:12416
- C:\Windows\System\yJTeNCH.exe
  C:\Windows\System\yJTeNCH.exe
  2⤵
  PID:1688
- C:\Windows\System\EItvYIN.exe
  C:\Windows\System\EItvYIN.exe
  2⤵
  PID:1848
- C:\Windows\System\FtyphjI.exe
  C:\Windows\System\FtyphjI.exe
  2⤵
  PID:1628
- C:\Windows\System\HGkLBIF.exe
  C:\Windows\System\HGkLBIF.exe
  2⤵
  PID:12564
- C:\Windows\System\NZncINd.exe
  C:\Windows\System\NZncINd.exe
  2⤵
  PID:12616
- C:\Windows\System\BWWYcml.exe
  C:\Windows\System\BWWYcml.exe
  2⤵
  PID:12664
- C:\Windows\System\lEnmWTV.exe
  C:\Windows\System\lEnmWTV.exe
  2⤵
  PID:12704
- C:\Windows\System\YSjPXzQ.exe
  C:\Windows\System\YSjPXzQ.exe
  2⤵
  PID:3696
- C:\Windows\System\vaAsBnn.exe
  C:\Windows\System\vaAsBnn.exe
  2⤵
  PID:4424
- C:\Windows\System\lBGnbSu.exe
  C:\Windows\System\lBGnbSu.exe
  2⤵
  PID:3192
- C:\Windows\System\FKVcYYm.exe
  C:\Windows\System\FKVcYYm.exe
  2⤵
  PID:12868
- C:\Windows\System\waTBnyq.exe
  C:\Windows\System\waTBnyq.exe
  2⤵
  PID:12916
- C:\Windows\System\odFqblK.exe
  C:\Windows\System\odFqblK.exe
  2⤵
  PID:552
- C:\Windows\System\UvAqzod.exe
  C:\Windows\System\UvAqzod.exe
  2⤵
  PID:12984
- C:\Windows\System\dzhJJXW.exe
  C:\Windows\System\dzhJJXW.exe
  2⤵
  PID:13040
- C:\Windows\System\bMZyFyA.exe
  C:\Windows\System\bMZyFyA.exe
  2⤵
  PID:12500
- C:\Windows\System\TcUwicQ.exe
  C:\Windows\System\TcUwicQ.exe
  2⤵
  PID:680
- C:\Windows\System\HqDLATJ.exe
  C:\Windows\System\HqDLATJ.exe
  2⤵
  PID:13176
- C:\Windows\System\ZDMFFgx.exe
  C:\Windows\System\ZDMFFgx.exe
  2⤵
  PID:13232
- C:\Windows\System\NnPVXIo.exe
  C:\Windows\System\NnPVXIo.exe
  2⤵
  PID:628
- C:\Windows\System\HysmCRn.exe
  C:\Windows\System\HysmCRn.exe
  2⤵
  PID:1696
- C:\Windows\System\qcehaGy.exe
  C:\Windows\System\qcehaGy.exe
  2⤵
  PID:868
- C:\Windows\System\GFNDokM.exe
  C:\Windows\System\GFNDokM.exe
  2⤵
  PID:4948
- C:\Windows\System\twpkDll.exe
  C:\Windows\System\twpkDll.exe
  2⤵
  PID:12472
- C:\Windows\System\hrYXNfO.exe
  C:\Windows\System\hrYXNfO.exe
  2⤵
  PID:12504
- C:\Windows\System\DCdZTdo.exe
  C:\Windows\System\DCdZTdo.exe
  2⤵
  PID:4428
- C:\Windows\System\ZJEOvYE.exe
  C:\Windows\System\ZJEOvYE.exe
  2⤵
  PID:2204
- C:\Windows\System\DJLlySf.exe
  C:\Windows\System\DJLlySf.exe
  2⤵
  PID:2732
- C:\Windows\System\dlySCrZ.exe
  C:\Windows\System\dlySCrZ.exe
  2⤵
  PID:12760
- C:\Windows\System\EVpsRHZ.exe
  C:\Windows\System\EVpsRHZ.exe
  2⤵
  PID:5192
- C:\Windows\System\vGimUdx.exe
  C:\Windows\System\vGimUdx.exe
  2⤵
  PID:512
- C:\Windows\System\tkSMWOx.exe
  C:\Windows\System\tkSMWOx.exe
  2⤵
  PID:12924
- C:\Windows\System\aDNyjWd.exe
  C:\Windows\System\aDNyjWd.exe
  2⤵
  PID:5300
- C:\Windows\System\miNHdNg.exe
  C:\Windows\System\miNHdNg.exe
  2⤵
  PID:3264
- C:\Windows\System\FaqneDq.exe
  C:\Windows\System\FaqneDq.exe
  2⤵
  PID:13168
- C:\Windows\System\maxQxti.exe
  C:\Windows\System\maxQxti.exe
  2⤵
  PID:5560
- C:\Windows\System\rsqeXEK.exe
  C:\Windows\System\rsqeXEK.exe
  2⤵
  PID:13304
- C:\Windows\System\bJSCiia.exe
  C:\Windows\System\bJSCiia.exe
  2⤵
  PID:5668
- C:\Windows\System\vZygNnC.exe
  C:\Windows\System\vZygNnC.exe
  2⤵
  PID:5688
- C:\Windows\System\rNWDVWd.exe
  C:\Windows\System\rNWDVWd.exe
  2⤵
  PID:12552
- C:\Windows\System\IXbZhGE.exe
  C:\Windows\System\IXbZhGE.exe
  2⤵
  PID:4160
- C:\Windows\System\DcjLhkY.exe
  C:\Windows\System\DcjLhkY.exe
  2⤵
  PID:4780
- C:\Windows\System\qgzalkh.exe
  C:\Windows\System\qgzalkh.exe
  2⤵
  PID:5212
- C:\Windows\System\NZwQHXl.exe
  C:\Windows\System\NZwQHXl.exe
  2⤵
  PID:4444
- C:\Windows\System\OCKaBIx.exe
  C:\Windows\System\OCKaBIx.exe
  2⤵
  PID:12900
- C:\Windows\System\mOydkVc.exe
  C:\Windows\System\mOydkVc.exe
  2⤵
  PID:5336
- C:\Windows\System\cAKydgL.exe
  C:\Windows\System\cAKydgL.exe
  2⤵
  PID:6104
- C:\Windows\System\aLUhynZ.exe
  C:\Windows\System\aLUhynZ.exe
  2⤵
  PID:5292
- C:\Windows\System\AHUfPaU.exe
  C:\Windows\System\AHUfPaU.exe
  2⤵
  PID:3640
- C:\Windows\System\PASMToP.exe
  C:\Windows\System\PASMToP.exe
  2⤵
  PID:5664
- C:\Windows\System\XJDqInj.exe
  C:\Windows\System\XJDqInj.exe
  2⤵
  PID:5760
- C:\Windows\System\ERBmKpK.exe
  C:\Windows\System\ERBmKpK.exe
  2⤵
  PID:3756
- C:\Windows\System\PzTdoGA.exe
  C:\Windows\System\PzTdoGA.exe
  2⤵
  PID:5848
- C:\Windows\System\wjdyHKm.exe
  C:\Windows\System\wjdyHKm.exe
  2⤵
  PID:12648
- C:\Windows\System\dipjVWq.exe
  C:\Windows\System\dipjVWq.exe
  2⤵
  PID:5716
- C:\Windows\System\HVdXnjs.exe
  C:\Windows\System\HVdXnjs.exe
  2⤵
  PID:3204
- C:\Windows\System\IvWVtqK.exe
  C:\Windows\System\IvWVtqK.exe
  2⤵
  PID:1296
- C:\Windows\System\AFJXKUZ.exe
  C:\Windows\System\AFJXKUZ.exe
  2⤵
  PID:5236
- C:\Windows\System\bGMcvEG.exe
  C:\Windows\System\bGMcvEG.exe
  2⤵
  PID:5348
- C:\Windows\System\HesxQbm.exe
  C:\Windows\System\HesxQbm.exe
  2⤵
  PID:13180
- C:\Windows\System\HksVpWr.exe
  C:\Windows\System\HksVpWr.exe
  2⤵
  PID:5800
- C:\Windows\System\zjQWOUp.exe
  C:\Windows\System\zjQWOUp.exe
  2⤵
  PID:13084
- C:\Windows\System\MOtdgek.exe
  C:\Windows\System\MOtdgek.exe
  2⤵
  PID:6120
- C:\Windows\System\HokbVld.exe
  C:\Windows\System\HokbVld.exe
  2⤵
  PID:6036
- C:\Windows\System\QcXGwOo.exe
  C:\Windows\System\QcXGwOo.exe
  2⤵
  PID:6080
- C:\Windows\System\hJWIrKx.exe
  C:\Windows\System\hJWIrKx.exe
  2⤵
  PID:5640
- C:\Windows\System\CVVUPAG.exe
  C:\Windows\System\CVVUPAG.exe
  2⤵
  PID:5692
- C:\Windows\System\SgFHcfG.exe
  C:\Windows\System\SgFHcfG.exe
  2⤵
  PID:5728
- C:\Windows\System\FAMPeNc.exe
  C:\Windows\System\FAMPeNc.exe
  2⤵
  PID:5888
- C:\Windows\System\MGHygdM.exe
  C:\Windows\System\MGHygdM.exe
  2⤵
  PID:6272
- C:\Windows\System\JJCtgFA.exe
  C:\Windows\System\JJCtgFA.exe
  2⤵
  PID:5752
- C:\Windows\System\kGBhYZb.exe
  C:\Windows\System\kGBhYZb.exe
  2⤵
  PID:5276
- C:\Windows\System\qzjBGeL.exe
  C:\Windows\System\qzjBGeL.exe
  2⤵
  PID:6308
- C:\Windows\System\ixNGAfk.exe
  C:\Windows\System\ixNGAfk.exe
  2⤵
  PID:5184
- C:\Windows\System\nDxiOcd.exe
  C:\Windows\System\nDxiOcd.exe
  2⤵
  PID:6464
- C:\Windows\System\mqqrvpJ.exe
  C:\Windows\System\mqqrvpJ.exe
  2⤵
  PID:6484
- C:\Windows\System\kxnMunG.exe
  C:\Windows\System\kxnMunG.exe
  2⤵
  PID:13332
- C:\Windows\System\XdBwQRY.exe
  C:\Windows\System\XdBwQRY.exe
  2⤵
  PID:13360
- C:\Windows\System\KSytAJP.exe
  C:\Windows\System\KSytAJP.exe
  2⤵
  PID:13388
- C:\Windows\System\JhxnVxh.exe
  C:\Windows\System\JhxnVxh.exe
  2⤵
  PID:13416
- C:\Windows\System\dTSfRHC.exe
  C:\Windows\System\dTSfRHC.exe
  2⤵
  PID:13448
- C:\Windows\System\AXmcEjT.exe
  C:\Windows\System\AXmcEjT.exe
  2⤵
  PID:13472
- C:\Windows\System\uwvjPds.exe
  C:\Windows\System\uwvjPds.exe
  2⤵
  PID:13504
- C:\Windows\System\THFndAG.exe
  C:\Windows\System\THFndAG.exe
  2⤵
  PID:13532
- C:\Windows\System\LuzOwYI.exe
  C:\Windows\System\LuzOwYI.exe
  2⤵
  PID:13560
- C:\Windows\System\jpHbRol.exe
  C:\Windows\System\jpHbRol.exe
  2⤵
  PID:13588
- C:\Windows\System\VDwYUOz.exe
  C:\Windows\System\VDwYUOz.exe
  2⤵
  PID:13612
- C:\Windows\System\SGhVhXf.exe
  C:\Windows\System\SGhVhXf.exe
  2⤵
  PID:13648
- C:\Windows\System\NIKxoBm.exe
  C:\Windows\System\NIKxoBm.exe
  2⤵
  PID:13676
- C:\Windows\System\PBoTUYv.exe
  C:\Windows\System\PBoTUYv.exe
  2⤵
  PID:13704
- C:\Windows\System\OWAFoKE.exe
  C:\Windows\System\OWAFoKE.exe
  2⤵
  PID:13732
- C:\Windows\System\RAYunXg.exe
  C:\Windows\System\RAYunXg.exe
  2⤵
  PID:13760
- C:\Windows\System\SHWSOqf.exe
  C:\Windows\System\SHWSOqf.exe
  2⤵
  PID:13788
- C:\Windows\System\AGRpMpf.exe
  C:\Windows\System\AGRpMpf.exe
  2⤵
  PID:13816
- C:\Windows\System\ttBoBZl.exe
  C:\Windows\System\ttBoBZl.exe
  2⤵
  PID:13848
- C:\Windows\System\YgxzIrG.exe
  C:\Windows\System\YgxzIrG.exe
  2⤵
  PID:13876
- C:\Windows\System\tsmUgwf.exe
  C:\Windows\System\tsmUgwf.exe
  2⤵
  PID:13904
- C:\Windows\System\NJnpsKp.exe
  C:\Windows\System\NJnpsKp.exe
  2⤵
  PID:13932
- C:\Windows\System\oqNwOic.exe
  C:\Windows\System\oqNwOic.exe
  2⤵
  PID:13960
- C:\Windows\System\sXJvqov.exe
  C:\Windows\System\sXJvqov.exe
  2⤵
  PID:13988
- C:\Windows\System\NjDRDoH.exe
  C:\Windows\System\NjDRDoH.exe
  2⤵
  PID:14016
- C:\Windows\System\pgNviwD.exe
  C:\Windows\System\pgNviwD.exe
  2⤵
  PID:14044
- C:\Windows\System\LfmMWMn.exe
  C:\Windows\System\LfmMWMn.exe
  2⤵
  PID:14072
- C:\Windows\System\aPOnuGX.exe
  C:\Windows\System\aPOnuGX.exe
  2⤵
  PID:14100
- C:\Windows\System\Xbdigdg.exe
  C:\Windows\System\Xbdigdg.exe
  2⤵
  PID:14128
- C:\Windows\System\AqhqDdS.exe
  C:\Windows\System\AqhqDdS.exe
  2⤵
  PID:14156
- C:\Windows\System\QLlwLvz.exe
  C:\Windows\System\QLlwLvz.exe
  2⤵
  PID:14188
- C:\Windows\System\xWBMjTP.exe
  C:\Windows\System\xWBMjTP.exe
  2⤵
  PID:14216
- C:\Windows\System\xctjAdU.exe
  C:\Windows\System\xctjAdU.exe
  2⤵
  PID:14244
- C:\Windows\System\mETPrHQ.exe
  C:\Windows\System\mETPrHQ.exe
  2⤵
  PID:14272
- C:\Windows\System\NqaCGeg.exe
  C:\Windows\System\NqaCGeg.exe
  2⤵
  PID:14300
- C:\Windows\System\YMEyBfX.exe
  C:\Windows\System\YMEyBfX.exe
  2⤵
  PID:14328
- C:\Windows\System\zPOMFLY.exe
  C:\Windows\System\zPOMFLY.exe
  2⤵
  PID:13344
- C:\Windows\System\jyObOaf.exe
  C:\Windows\System\jyObOaf.exe
  2⤵
  PID:13372
- C:\Windows\System\VezQpVK.exe
  C:\Windows\System\VezQpVK.exe
  2⤵
  PID:6616
- C:\Windows\System\OpSgWtA.exe
  C:\Windows\System\OpSgWtA.exe
  2⤵
  PID:13440
- C:\Windows\System\cPRiMeC.exe
  C:\Windows\System\cPRiMeC.exe
  2⤵
  PID:13500
- C:\Windows\System\ouogJCM.exe
  C:\Windows\System\ouogJCM.exe
  2⤵
  PID:13544
- C:\Windows\System\eNBxRSz.exe
  C:\Windows\System\eNBxRSz.exe
  2⤵
  PID:6744
- C:\Windows\System\vWLNGkN.exe
  C:\Windows\System\vWLNGkN.exe
  2⤵
  PID:2436
- C:\Windows\System\fHSTFpd.exe
  C:\Windows\System\fHSTFpd.exe
  2⤵
  PID:13644
- C:\Windows\System\MmTlEXY.exe
  C:\Windows\System\MmTlEXY.exe
  2⤵
  PID:13668
- C:\Windows\System\bNydYNx.exe
  C:\Windows\System\bNydYNx.exe
  2⤵
  PID:13696
- C:\Windows\System\ESaFclx.exe
  C:\Windows\System\ESaFclx.exe
  2⤵
  PID:13744
- C:\Windows\System\asqApDc.exe
  C:\Windows\System\asqApDc.exe
  2⤵
  PID:6984
- C:\Windows\System\xIQroYA.exe
  C:\Windows\System\xIQroYA.exe
  2⤵
  PID:1536
- C:\Windows\System\mQzmyLI.exe
  C:\Windows\System\mQzmyLI.exe
  2⤵
  PID:1824
- C:\Windows\System\DgykCDD.exe
  C:\Windows\System\DgykCDD.exe
  2⤵
  PID:3792
- C:\Windows\System\eOxQFHo.exe
  C:\Windows\System\eOxQFHo.exe
  2⤵
  PID:13896
- C:\Windows\System\CRpcRkJ.exe
  C:\Windows\System\CRpcRkJ.exe
  2⤵
  PID:7124
- C:\Windows\System\eFHhmEx.exe
  C:\Windows\System\eFHhmEx.exe
  2⤵
  PID:6204
- C:\Windows\System\RfEuSin.exe
  C:\Windows\System\RfEuSin.exe
  2⤵
  PID:14012
- C:\Windows\System\gfebsGB.exe
  C:\Windows\System\gfebsGB.exe
  2⤵
  PID:14040
- C:\Windows\System\FvfKISU.exe
  C:\Windows\System\FvfKISU.exe
  2⤵
  PID:14112
- C:\Windows\System\DorTcve.exe
  C:\Windows\System\DorTcve.exe
  2⤵
  PID:14152
- C:\Windows\System\LizbFcI.exe
  C:\Windows\System\LizbFcI.exe
  2⤵
  PID:14232
- C:\Windows\System\geAOOlz.exe
  C:\Windows\System\geAOOlz.exe
  2⤵
  PID:6488
- C:\Windows\System\DDqFUxC.exe
  C:\Windows\System\DDqFUxC.exe
  2⤵
  PID:14296
- C:\Windows\System\VihniVS.exe
  C:\Windows\System\VihniVS.exe
  2⤵
  PID:13428
- C:\Windows\System\eKbhJSl.exe
  C:\Windows\System\eKbhJSl.exe
  2⤵
  PID:13524
- C:\Windows\System\XpirHfB.exe
  C:\Windows\System\XpirHfB.exe
  2⤵
  PID:13572
- C:\Windows\System\RdtMbab.exe
  C:\Windows\System\RdtMbab.exe
  2⤵
  PID:7064
- C:\Windows\System\inEkMyA.exe
  C:\Windows\System\inEkMyA.exe
  2⤵
  PID:6860
- C:\Windows\System\LLaQIyg.exe
  C:\Windows\System\LLaQIyg.exe
  2⤵
  PID:6288
- C:\Windows\System\WwclLBs.exe
  C:\Windows\System\WwclLBs.exe
  2⤵
  PID:6416
- C:\Windows\System\WSUEhjZ.exe
  C:\Windows\System\WSUEhjZ.exe
  2⤵
  PID:3960
- C:\Windows\System\FaKDVSr.exe
  C:\Windows\System\FaKDVSr.exe
  2⤵
  PID:4032
- C:\Windows\System\dCfxbmo.exe
  C:\Windows\System\dCfxbmo.exe
  2⤵
  PID:13924
- C:\Windows\System\biPSpjL.exe
  C:\Windows\System\biPSpjL.exe
  2⤵
  PID:7152
- C:\Windows\System\BWIhLnY.exe
  C:\Windows\System\BWIhLnY.exe
  2⤵
  PID:6256
- C:\Windows\System\ezeKaVY.exe
  C:\Windows\System\ezeKaVY.exe
  2⤵
  PID:14324
- C:\Windows\System\USJmAyW.exe
  C:\Windows\System\USJmAyW.exe
  2⤵
  PID:732
- C:\Windows\System\MGTPpVF.exe
  C:\Windows\System\MGTPpVF.exe
  2⤵
  PID:13380
- C:\Windows\System\TgKWthU.exe
  C:\Windows\System\TgKWthU.exe
  2⤵
  PID:6632
- C:\Windows\System\sjZqXiP.exe
  C:\Windows\System\sjZqXiP.exe
  2⤵
  PID:2284
- C:\Windows\System\yitRVjn.exe
  C:\Windows\System\yitRVjn.exe
  2⤵
  PID:4512
- C:\Windows\System\MVoosLE.exe
  C:\Windows\System\MVoosLE.exe
  2⤵
  PID:13552
- C:\Windows\System\FBFnXyN.exe
  C:\Windows\System\FBFnXyN.exe
  2⤵
  PID:6276
- C:\Windows\System\BaxHsNy.exe
  C:\Windows\System\BaxHsNy.exe
  2⤵
  PID:6952
- C:\Windows\System\wDbpNxH.exe
  C:\Windows\System\wDbpNxH.exe
  2⤵
  PID:7412
- C:\Windows\System\YngWmfM.exe
  C:\Windows\System\YngWmfM.exe
  2⤵
  PID:6644
- C:\Windows\System\AEhPyZp.exe
  C:\Windows\System\AEhPyZp.exe
  2⤵
  PID:13952
- C:\Windows\System\vMiURiH.exe
  C:\Windows\System\vMiURiH.exe
  2⤵
  PID:7536
- C:\Windows\System\nZJnvxC.exe
  C:\Windows\System\nZJnvxC.exe
  2⤵
  PID:6480
- C:\Windows\System\sZJIdhD.exe
  C:\Windows\System\sZJIdhD.exe
  2⤵
  PID:6564
- C:\Windows\System\siyeHdR.exe
  C:\Windows\System\siyeHdR.exe
  2⤵
  PID:748
- C:\Windows\System\HhLCtQi.exe
  C:\Windows\System\HhLCtQi.exe
  2⤵
  PID:2388
- C:\Windows\System\aKjMMwo.exe
  C:\Windows\System\aKjMMwo.exe
  2⤵
  PID:13408
- C:\Windows\System\lCtmdXE.exe
  C:\Windows\System\lCtmdXE.exe
  2⤵
  PID:7732
- C:\Windows\System\EHUccRH.exe
  C:\Windows\System\EHUccRH.exe
  2⤵
  PID:6856
- C:\Windows\System\BlrLmen.exe
  C:\Windows\System\BlrLmen.exe
  2⤵
  PID:7816
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 7816 -s 248
    3⤵
    PID:16296
- C:\Windows\System\VNTMFns.exe
  C:\Windows\System\VNTMFns.exe
  2⤵
  PID:3608
- C:\Windows\System\VFMUZBa.exe
  C:\Windows\System\VFMUZBa.exe
  2⤵
  PID:7392
- C:\Windows\System\nfzTivY.exe
  C:\Windows\System\nfzTivY.exe
  2⤵
  PID:8016
- C:\Windows\System\MpVPYrs.exe
  C:\Windows\System\MpVPYrs.exe
  2⤵
  PID:7504
- C:\Windows\System\MWNtrZL.exe
  C:\Windows\System\MWNtrZL.exe
  2⤵
  PID:6348
- C:\Windows\System\vNzGMUv.exe
  C:\Windows\System\vNzGMUv.exe
  2⤵
  PID:8120
- C:\Windows\System\toVXrlj.exe
  C:\Windows\System\toVXrlj.exe
  2⤵
  PID:7640
- C:\Windows\System\uFelNHH.exe
  C:\Windows\System\uFelNHH.exe
  2⤵
  PID:13496
- C:\Windows\System\vWBgkUV.exe
  C:\Windows\System\vWBgkUV.exe
  2⤵
  PID:8168
- C:\Windows\System\XYUFMGI.exe
  C:\Windows\System\XYUFMGI.exe
  2⤵
  PID:7840
- C:\Windows\System\TSeMXRo.exe
  C:\Windows\System\TSeMXRo.exe
  2⤵
  PID:2744
- C:\Windows\System\bcHTFtu.exe
  C:\Windows\System\bcHTFtu.exe
  2⤵
  PID:7348
- C:\Windows\System\pETvMSR.exe
  C:\Windows\System\pETvMSR.exe
  2⤵
  PID:7436
- C:\Windows\System\gwOIXdd.exe
  C:\Windows\System\gwOIXdd.exe
  2⤵
  PID:8024
- C:\Windows\System\RjeYsaL.exe
  C:\Windows\System\RjeYsaL.exe
  2⤵
  PID:7620
- C:\Windows\System\ZpvziwY.exe
  C:\Windows\System\ZpvziwY.exe
  2⤵
  PID:2244
- C:\Windows\System\nxBVljN.exe
  C:\Windows\System\nxBVljN.exe
  2⤵
  PID:7892
- C:\Windows\System\ZooKgAb.exe
  C:\Windows\System\ZooKgAb.exe
  2⤵
  PID:13972
- C:\Windows\System\fydmWiv.exe
  C:\Windows\System\fydmWiv.exe
  2⤵
  PID:8004
- C:\Windows\System\WmhWaBa.exe
  C:\Windows\System\WmhWaBa.exe
  2⤵
  PID:8076
- C:\Windows\System\xbzZdlp.exe
  C:\Windows\System\xbzZdlp.exe
  2⤵
  PID:8176
- C:\Windows\System\bOwGkzz.exe
  C:\Windows\System\bOwGkzz.exe
  2⤵
  PID:7212
- C:\Windows\System\jimypgO.exe
  C:\Windows\System\jimypgO.exe
  2⤵
  PID:7332
- C:\Windows\System\tOgMCNi.exe
  C:\Windows\System\tOgMCNi.exe
  2⤵
  PID:7604
- C:\Windows\System\lftNYUp.exe
  C:\Windows\System\lftNYUp.exe
  2⤵
  PID:7720
- C:\Windows\System\DiZwPlb.exe
  C:\Windows\System\DiZwPlb.exe
  2⤵
  PID:8096
- C:\Windows\System\mtKgBPa.exe
  C:\Windows\System\mtKgBPa.exe
  2⤵
  PID:7804
- C:\Windows\System\KYkRdcf.exe
  C:\Windows\System\KYkRdcf.exe
  2⤵
  PID:7852
- C:\Windows\System\XiOyVFs.exe
  C:\Windows\System\XiOyVFs.exe
  2⤵
  PID:1604
- C:\Windows\System\HcwGnIO.exe
  C:\Windows\System\HcwGnIO.exe
  2⤵
  PID:7244
- C:\Windows\System\GgXKyLM.exe
  C:\Windows\System\GgXKyLM.exe
  2⤵
  PID:8208
- C:\Windows\System\wVLsRGF.exe
  C:\Windows\System\wVLsRGF.exe
  2⤵
  PID:8244
- C:\Windows\System\IgJjxsv.exe
  C:\Windows\System\IgJjxsv.exe
  2⤵
  PID:7916
- C:\Windows\System\HReZAJH.exe
  C:\Windows\System\HReZAJH.exe
  2⤵
  PID:7940
- C:\Windows\System\RzNcvdT.exe
  C:\Windows\System\RzNcvdT.exe
  2⤵
  PID:4192
- C:\Windows\System\WfDSuqp.exe
  C:\Windows\System\WfDSuqp.exe
  2⤵
  PID:2236
- C:\Windows\System\AECfaTF.exe
  C:\Windows\System\AECfaTF.exe
  2⤵
  PID:2020
- C:\Windows\System\ZIMgKTA.exe
  C:\Windows\System\ZIMgKTA.exe
  2⤵
  PID:8488
- C:\Windows\System\LkXRFAa.exe
  C:\Windows\System\LkXRFAa.exe
  2⤵
  PID:8264
- C:\Windows\System\MJDrAtB.exe
  C:\Windows\System\MJDrAtB.exe
  2⤵
  PID:8576
- C:\Windows\System\TRReZJZ.exe
  C:\Windows\System\TRReZJZ.exe
  2⤵
  PID:5404
- C:\Windows\System\ZURUaMm.exe
  C:\Windows\System\ZURUaMm.exe
  2⤵
  PID:7204
- C:\Windows\System\BUOxlYt.exe
  C:\Windows\System\BUOxlYt.exe
  2⤵
  PID:8520
- C:\Windows\System\CuganVy.exe
  C:\Windows\System\CuganVy.exe
  2⤵
  PID:5824
- C:\Windows\System\rxDSzuQ.exe
  C:\Windows\System\rxDSzuQ.exe
  2⤵
  PID:8300
- C:\Windows\System\neKDyKN.exe
  C:\Windows\System\neKDyKN.exe
  2⤵
  PID:8352
- C:\Windows\System\dgxvbYn.exe
  C:\Windows\System\dgxvbYn.exe
  2⤵
  PID:8736
- C:\Windows\System\kEbWYJR.exe
  C:\Windows\System\kEbWYJR.exe
  2⤵
  PID:8044
- C:\Windows\System\gduKxUg.exe
  C:\Windows\System\gduKxUg.exe
  2⤵
  PID:8808
- C:\Windows\System\iymYojh.exe
  C:\Windows\System\iymYojh.exe
  2⤵
  PID:8844
- C:\Windows\System\smOAvaN.exe
  C:\Windows\System\smOAvaN.exe
  2⤵
  PID:8584
- C:\Windows\System\wOUQPqM.exe
  C:\Windows\System\wOUQPqM.exe
  2⤵
  PID:5796
- C:\Windows\System\WQFRqGJ.exe
  C:\Windows\System\WQFRqGJ.exe
  2⤵
  PID:8992
- C:\Windows\System\BoLKzNP.exe
  C:\Windows\System\BoLKzNP.exe
  2⤵
  PID:8928
- C:\Windows\System\DHwLnph.exe
  C:\Windows\System\DHwLnph.exe
  2⤵
  PID:8936
- C:\Windows\System\jQsWKZY.exe
  C:\Windows\System\jQsWKZY.exe
  2⤵
  PID:9188
- C:\Windows\System\zbAiHia.exe
  C:\Windows\System\zbAiHia.exe
  2⤵
  PID:9048
- C:\Windows\System\wThDrcV.exe
  C:\Windows\System\wThDrcV.exe
  2⤵
  PID:8280
- C:\Windows\System\raXGpAv.exe
  C:\Windows\System\raXGpAv.exe
  2⤵
  PID:8224
- C:\Windows\System\xsfbnlS.exe
  C:\Windows\System\xsfbnlS.exe
  2⤵
  PID:8472
- C:\Windows\System\pUEomlf.exe
  C:\Windows\System\pUEomlf.exe
  2⤵
  PID:8536
- C:\Windows\System\xCDqxoK.exe
  C:\Windows\System\xCDqxoK.exe
  2⤵
  PID:8480
- C:\Windows\System\fZkWXeq.exe
  C:\Windows\System\fZkWXeq.exe
  2⤵
  PID:8704
- C:\Windows\System\vLCKfFc.exe
  C:\Windows\System\vLCKfFc.exe
  2⤵
  PID:14364
- C:\Windows\System\bLNBzSf.exe
  C:\Windows\System\bLNBzSf.exe
  2⤵
  PID:14392
- C:\Windows\System\sVZjGHz.exe
  C:\Windows\System\sVZjGHz.exe
  2⤵
  PID:14420
- C:\Windows\System\fDQHkTt.exe
  C:\Windows\System\fDQHkTt.exe
  2⤵
  PID:14448
- C:\Windows\System\NUXchsk.exe
  C:\Windows\System\NUXchsk.exe
  2⤵
  PID:14476
- C:\Windows\System\idzTlCh.exe
  C:\Windows\System\idzTlCh.exe
  2⤵
  PID:14504
- C:\Windows\System\ubeRbrH.exe
  C:\Windows\System\ubeRbrH.exe
  2⤵
  PID:14532
- C:\Windows\System\hEUXbui.exe
  C:\Windows\System\hEUXbui.exe
  2⤵
  PID:14568
- C:\Windows\System\uQQCMJs.exe
  C:\Windows\System\uQQCMJs.exe
  2⤵
  PID:14596
- C:\Windows\System\nLIJbVU.exe
  C:\Windows\System\nLIJbVU.exe
  2⤵
  PID:14648
- C:\Windows\System\PyZYVPL.exe
  C:\Windows\System\PyZYVPL.exe
  2⤵
  PID:14668
- C:\Windows\System\uaLtNSc.exe
  C:\Windows\System\uaLtNSc.exe
  2⤵
  PID:14724
- C:\Windows\System\pgSBYZt.exe
  C:\Windows\System\pgSBYZt.exe
  2⤵
  PID:14744
- C:\Windows\System\DKXCUDx.exe
  C:\Windows\System\DKXCUDx.exe
  2⤵
  PID:14772
- C:\Windows\System\UEWUzCl.exe
  C:\Windows\System\UEWUzCl.exe
  2⤵
  PID:14900
- C:\Windows\System\GYlfGhQ.exe
  C:\Windows\System\GYlfGhQ.exe
  2⤵
  PID:14916
- C:\Windows\System\jQRKsOI.exe
  C:\Windows\System\jQRKsOI.exe
  2⤵
  PID:14944
- C:\Windows\System\uvcXxqM.exe
  C:\Windows\System\uvcXxqM.exe
  2⤵
  PID:14972
- C:\Windows\System\cyPvPNl.exe
  C:\Windows\System\cyPvPNl.exe
  2⤵
  PID:15000
- C:\Windows\System\qYNoKYr.exe
  C:\Windows\System\qYNoKYr.exe
  2⤵
  PID:15028
- C:\Windows\System\Fxqatgg.exe
  C:\Windows\System\Fxqatgg.exe
  2⤵
  PID:15056
- C:\Windows\System\cuCldYw.exe
  C:\Windows\System\cuCldYw.exe
  2⤵
  PID:15084
- C:\Windows\System\gQyFcwc.exe
  C:\Windows\System\gQyFcwc.exe
  2⤵
  PID:15112
- C:\Windows\System\MuUoqOi.exe
  C:\Windows\System\MuUoqOi.exe
  2⤵
  PID:15140
- C:\Windows\System\ILbIoBs.exe
  C:\Windows\System\ILbIoBs.exe
  2⤵
  PID:15168
- C:\Windows\System\PGzwREX.exe
  C:\Windows\System\PGzwREX.exe
  2⤵
  PID:15196
- C:\Windows\System\iUeMvfq.exe
  C:\Windows\System\iUeMvfq.exe
  2⤵
  PID:15224
- C:\Windows\System\UwbBnuZ.exe
  C:\Windows\System\UwbBnuZ.exe
  2⤵
  PID:15252
- C:\Windows\System\OltJCsN.exe
  C:\Windows\System\OltJCsN.exe
  2⤵
  PID:15280
- C:\Windows\System\aYFzgHP.exe
  C:\Windows\System\aYFzgHP.exe
  2⤵
  PID:15308
- C:\Windows\System\XMczCfm.exe
  C:\Windows\System\XMczCfm.exe
  2⤵
  PID:15340
- C:\Windows\System\QbKNSwQ.exe
  C:\Windows\System\QbKNSwQ.exe
  2⤵
  PID:9196
- C:\Windows\System\uIFVpAF.exe
  C:\Windows\System\uIFVpAF.exe
  2⤵
  PID:14560
- C:\Windows\System\kszRooh.exe
  C:\Windows\System\kszRooh.exe
  2⤵
  PID:8476
- C:\Windows\System\dWGNqpw.exe
  C:\Windows\System\dWGNqpw.exe
  2⤵
  PID:14616
- C:\Windows\System\DzLcMoD.exe
  C:\Windows\System\DzLcMoD.exe
  2⤵
  PID:2456
- C:\Windows\System\pxQrTup.exe
  C:\Windows\System\pxQrTup.exe
  2⤵
  PID:8832
- C:\Windows\System\rOhdGpz.exe
  C:\Windows\System\rOhdGpz.exe
  2⤵
  PID:14704
- C:\Windows\System\AUWqTcI.exe
  C:\Windows\System\AUWqTcI.exe
  2⤵
  PID:8296
- C:\Windows\System\gKSrEXQ.exe
  C:\Windows\System\gKSrEXQ.exe
  2⤵
  PID:6236
- C:\Windows\System\SyHCrNu.exe
  C:\Windows\System\SyHCrNu.exe
  2⤵
  PID:8616
- C:\Windows\System\PATOoZJ.exe
  C:\Windows\System\PATOoZJ.exe
  2⤵
  PID:14836
- C:\Windows\System\eZckWHG.exe
  C:\Windows\System\eZckWHG.exe
  2⤵
  PID:14856
- C:\Windows\System\fxApeXz.exe
  C:\Windows\System\fxApeXz.exe
  2⤵
  PID:6320
- C:\Windows\System\avClboE.exe
  C:\Windows\System\avClboE.exe
  2⤵
  PID:14912
- C:\Windows\System\gIsGXtZ.exe
  C:\Windows\System\gIsGXtZ.exe
  2⤵
  PID:14964
- C:\Windows\System\pLWgveD.exe
  C:\Windows\System\pLWgveD.exe
  2⤵
  PID:15052
- C:\Windows\System\GYeWrnG.exe
  C:\Windows\System\GYeWrnG.exe
  2⤵
  PID:15108
- C:\Windows\System\RIpzHBY.exe
  C:\Windows\System\RIpzHBY.exe
  2⤵
  PID:15188
- C:\Windows\System\TYJTBLi.exe
  C:\Windows\System\TYJTBLi.exe
  2⤵
  PID:15244
- C:\Windows\System\tufdNCz.exe
  C:\Windows\System\tufdNCz.exe
  2⤵
  PID:15304
- C:\Windows\System\JhxXhSo.exe
  C:\Windows\System\JhxXhSo.exe
  2⤵
  PID:9352
- C:\Windows\System\CluhswR.exe
  C:\Windows\System\CluhswR.exe
  2⤵
  PID:8304
- C:\Windows\System\JpAYqTn.exe
  C:\Windows\System\JpAYqTn.exe
  2⤵
  PID:14384
- C:\Windows\System\whoTjrd.exe
  C:\Windows\System\whoTjrd.exe
  2⤵
  PID:9044
- C:\Windows\System\dAAhDdt.exe
  C:\Windows\System\dAAhDdt.exe
  2⤵
  PID:9468
- C:\Windows\System\KqEMwIv.exe
  C:\Windows\System\KqEMwIv.exe
  2⤵
  PID:9168
- C:\Windows\System\drzYfts.exe
  C:\Windows\System\drzYfts.exe
  2⤵
  PID:9576
- C:\Windows\System\uasWkkN.exe
  C:\Windows\System\uasWkkN.exe
  2⤵
  PID:14580
- C:\Windows\System\hCXzmCm.exe
  C:\Windows\System\hCXzmCm.exe
  2⤵
  PID:9660
- C:\Windows\System\SlLWAOf.exe
  C:\Windows\System\SlLWAOf.exe
  2⤵
  PID:14660
- C:\Windows\System\jcFQRlm.exe
  C:\Windows\System\jcFQRlm.exe
  2⤵
  PID:9780
- C:\Windows\System\QWwDURW.exe
  C:\Windows\System\QWwDURW.exe
  2⤵
  PID:9792
- C:\Windows\System\SxqTXvk.exe
  C:\Windows\System\SxqTXvk.exe
  2⤵
  PID:14804
- C:\Windows\System\HEPTZhc.exe
  C:\Windows\System\HEPTZhc.exe
  2⤵
  PID:14868
- C:\Windows\System\OzIYGVZ.exe
  C:\Windows\System\OzIYGVZ.exe
  2⤵
  PID:14880
- C:\Windows\System\BGIUfMj.exe
  C:\Windows\System\BGIUfMj.exe
  2⤵
  PID:9288
- C:\Windows\System\DsLssws.exe
  C:\Windows\System\DsLssws.exe
  2⤵
  PID:15104
- C:\Windows\System\dugjDNn.exe
  C:\Windows\System\dugjDNn.exe
  2⤵
  PID:15292
- C:\Windows\System\hhXqtMt.exe
  C:\Windows\System\hhXqtMt.exe
  2⤵
  PID:14360
- C:\Windows\System\jExBOOV.exe
  C:\Windows\System\jExBOOV.exe
  2⤵
  PID:8960
- C:\Windows\System\tSvGEnl.exe
  C:\Windows\System\tSvGEnl.exe
  2⤵
  PID:9464
- C:\Windows\System\QGGhJRE.exe
  C:\Windows\System\QGGhJRE.exe
  2⤵
  PID:10232
- C:\Windows\System\QPRVpWe.exe
  C:\Windows\System\QPRVpWe.exe
  2⤵
  PID:14468
- C:\Windows\System\GvcPtuF.exe
  C:\Windows\System\GvcPtuF.exe
  2⤵
  PID:8276
- C:\Windows\System\cOAlUGe.exe
  C:\Windows\System\cOAlUGe.exe
  2⤵
  PID:4308
- C:\Windows\System\ZdoEMsj.exe
  C:\Windows\System\ZdoEMsj.exe
  2⤵
  PID:9688
- C:\Windows\System\xaOfnTH.exe
  C:\Windows\System\xaOfnTH.exe
  2⤵
  PID:9744
- C:\Windows\System\IcUwRSl.exe
  C:\Windows\System\IcUwRSl.exe
  2⤵
  PID:14768
- C:\Windows\System\HBUUnXi.exe
  C:\Windows\System\HBUUnXi.exe
  2⤵
  PID:9828
- C:\Windows\System\FNzvMjB.exe
  C:\Windows\System\FNzvMjB.exe
  2⤵
  PID:9644
- C:\Windows\System\RjBYXrS.exe
  C:\Windows\System\RjBYXrS.exe
  2⤵
  PID:9920
- C:\Windows\System\MKUNlmb.exe
  C:\Windows\System\MKUNlmb.exe
  2⤵
  PID:15020
- C:\Windows\System\FNqDvLq.exe
  C:\Windows\System\FNqDvLq.exe
  2⤵
  PID:10008
- C:\Windows\System\ophKUuv.exe
  C:\Windows\System\ophKUuv.exe
  2⤵
  PID:10056
- C:\Windows\System\CLAymAj.exe
  C:\Windows\System\CLAymAj.exe
  2⤵
  PID:9948
- C:\Windows\System\IBURYnQ.exe
  C:\Windows\System\IBURYnQ.exe
  2⤵
  PID:10012
- C:\Windows\System\rATClAT.exe
  C:\Windows\System\rATClAT.exe
  2⤵
  PID:8772
- C:\Windows\System\nxWBfTY.exe
  C:\Windows\System\nxWBfTY.exe
  2⤵
  PID:10200
- C:\Windows\System\lZbIVNc.exe
  C:\Windows\System\lZbIVNc.exe
  2⤵
  PID:10204
- C:\Windows\System\CYcfPLl.exe
  C:\Windows\System\CYcfPLl.exe
  2⤵
  PID:9588
- C:\Windows\System\VJhIucF.exe
  C:\Windows\System\VJhIucF.exe
  2⤵
  PID:10072
- C:\Windows\System\dtqztcx.exe
  C:\Windows\System\dtqztcx.exe
  2⤵
  PID:14500
- C:\Windows\System\DFfcowA.exe
  C:\Windows\System\DFfcowA.exe
  2⤵
  PID:14624
- C:\Windows\System\MGOKJrk.exe
  C:\Windows\System\MGOKJrk.exe
  2⤵
  PID:10044
- C:\Windows\System\ApyCHag.exe
  C:\Windows\System\ApyCHag.exe
  2⤵
  PID:9420
- C:\Windows\System\hcwlCKi.exe
  C:\Windows\System\hcwlCKi.exe
  2⤵
  PID:14852
- C:\Windows\System\msSVCjf.exe
  C:\Windows\System\msSVCjf.exe
  2⤵
  PID:9704
- C:\Windows\System\GNpLbEb.exe
  C:\Windows\System\GNpLbEb.exe
  2⤵
  PID:9756
- C:\Windows\System\PtCBDXX.exe
  C:\Windows\System\PtCBDXX.exe
  2⤵
  PID:10352
- C:\Windows\System\GysySkp.exe
  C:\Windows\System\GysySkp.exe
  2⤵
  PID:9868
- C:\Windows\System\POtZrXS.exe
  C:\Windows\System\POtZrXS.exe
  2⤵
  PID:10080
- C:\Windows\System\niaKHcg.exe
  C:\Windows\System\niaKHcg.exe
  2⤵
  PID:10464
- C:\Windows\System\eRjhIyN.exe
  C:\Windows\System\eRjhIyN.exe
  2⤵
  PID:10520
- C:\Windows\System\ywVDCAp.exe
  C:\Windows\System\ywVDCAp.exe
  2⤵
  PID:10296
- C:\Windows\System\XanziTr.exe
  C:\Windows\System\XanziTr.exe
  2⤵
  PID:10892
- C:\Windows\System\vZfATfb.exe
  C:\Windows\System\vZfATfb.exe
  2⤵
  PID:9328
- C:\Windows\System\AVWANsm.exe
  C:\Windows\System\AVWANsm.exe
  2⤵
  PID:10944
- C:\Windows\System\YDRPKgn.exe
  C:\Windows\System\YDRPKgn.exe
  2⤵
  PID:10968
- C:\Windows\System\pAHiUuX.exe
  C:\Windows\System\pAHiUuX.exe
  2⤵
  PID:11000
- C:\Windows\System\quRcwdF.exe
  C:\Windows\System\quRcwdF.exe
  2⤵
  PID:9632
- C:\Windows\System\ISQwguE.exe
  C:\Windows\System\ISQwguE.exe
  2⤵
  PID:11056
- C:\Windows\System\CxmEqWX.exe
  C:\Windows\System\CxmEqWX.exe
  2⤵
  PID:9836
- C:\Windows\System\eWPEbgr.exe
  C:\Windows\System\eWPEbgr.exe
  2⤵
  PID:11112
- C:\Windows\System\IQmptpx.exe
  C:\Windows\System\IQmptpx.exe
  2⤵
  PID:10752
- C:\Windows\System\rAizTxc.exe
  C:\Windows\System\rAizTxc.exe
  2⤵
  PID:11168
- C:\Windows\System\iLugTyY.exe
  C:\Windows\System\iLugTyY.exe
  2⤵
  PID:11196
- C:\Windows\System\lfiYuRI.exe
  C:\Windows\System\lfiYuRI.exe
  2⤵
  PID:10864
- C:\Windows\System\lRnRUqw.exe
  C:\Windows\System\lRnRUqw.exe
  2⤵
  PID:10020
- C:\Windows\System\qKKJcqf.exe
  C:\Windows\System\qKKJcqf.exe
  2⤵
  PID:10340
- C:\Windows\System\JqXyADu.exe
  C:\Windows\System\JqXyADu.exe
  2⤵
  PID:9424
- C:\Windows\System\blxbeUY.exe
  C:\Windows\System\blxbeUY.exe
  2⤵
  PID:10560
- C:\Windows\System\DIaoWHb.exe
  C:\Windows\System\DIaoWHb.exe
  2⤵
  PID:2832
- C:\Windows\System\UFTDjbB.exe
  C:\Windows\System\UFTDjbB.exe
  2⤵
  PID:11064
- C:\Windows\System\MDvkYCh.exe
  C:\Windows\System\MDvkYCh.exe
  2⤵
  PID:10724
- C:\Windows\System\BBfdupi.exe
  C:\Windows\System\BBfdupi.exe
  2⤵
  PID:10744
- C:\Windows\System\JJnwlwA.exe
  C:\Windows\System\JJnwlwA.exe
  2⤵
  PID:10924
- C:\Windows\System\GnxgrbR.exe
  C:\Windows\System\GnxgrbR.exe
  2⤵
  PID:11224
- C:\Windows\System\uKbPmGv.exe
  C:\Windows\System\uKbPmGv.exe
  2⤵
  PID:4128
- C:\Windows\System\MTQmJrH.exe
  C:\Windows\System\MTQmJrH.exe
  2⤵
  PID:4168
- C:\Windows\System\sEQMESV.exe
  C:\Windows\System\sEQMESV.exe
  2⤵
  PID:14516
- C:\Windows\System\ArlkhyO.exe
  C:\Windows\System\ArlkhyO.exe
  2⤵
  PID:10144
- C:\Windows\System\jQbnNMb.exe
  C:\Windows\System\jQbnNMb.exe
  2⤵
  PID:11076
- C:\Windows\System\kiPFXtK.exe
  C:\Windows\System\kiPFXtK.exe
  2⤵
  PID:14732
- C:\Windows\System\ndEVABm.exe
  C:\Windows\System\ndEVABm.exe
  2⤵
  PID:11068
- C:\Windows\System\fbuinAr.exe
  C:\Windows\System\fbuinAr.exe
  2⤵
  PID:11208
- C:\Windows\System\uXVynnt.exe
  C:\Windows\System\uXVynnt.exe
  2⤵
  PID:10548
- C:\Windows\System\DOOMUfA.exe
  C:\Windows\System\DOOMUfA.exe
  2⤵
  PID:10612
- C:\Windows\System\flgSbpO.exe
  C:\Windows\System\flgSbpO.exe
  2⤵
  PID:10980
- C:\Windows\System\bvhYmhm.exe
  C:\Windows\System\bvhYmhm.exe
  2⤵
  PID:10528
- C:\Windows\System\dYhaBBq.exe
  C:\Windows\System\dYhaBBq.exe
  2⤵
  PID:10868
- C:\Windows\System\DBDyMqi.exe
  C:\Windows\System\DBDyMqi.exe
  2⤵
  PID:11268
- C:\Windows\System\YHCOdBm.exe
  C:\Windows\System\YHCOdBm.exe
  2⤵
  PID:10808
- C:\Windows\System\MtusZPa.exe
  C:\Windows\System\MtusZPa.exe
  2⤵
  PID:8608
- C:\Windows\System\WVxBgae.exe
  C:\Windows\System\WVxBgae.exe
  2⤵
  PID:15376
- C:\Windows\System\cMYqKkG.exe
  C:\Windows\System\cMYqKkG.exe
  2⤵
  PID:15404
- C:\Windows\System\sIEXCQD.exe
  C:\Windows\System\sIEXCQD.exe
  2⤵
  PID:15432
- C:\Windows\System\eJMTAHC.exe
  C:\Windows\System\eJMTAHC.exe
  2⤵
  PID:15460
- C:\Windows\System\sdpxDqC.exe
  C:\Windows\System\sdpxDqC.exe
  2⤵
  PID:15492
- C:\Windows\System\YMYdUOQ.exe
  C:\Windows\System\YMYdUOQ.exe
  2⤵
  PID:15520
- C:\Windows\System\mkLwCHj.exe
  C:\Windows\System\mkLwCHj.exe
  2⤵
  PID:15588
- C:\Windows\System\XlwEruz.exe
  C:\Windows\System\XlwEruz.exe
  2⤵
  PID:15604
- C:\Windows\System\cKZsorJ.exe
  C:\Windows\System\cKZsorJ.exe
  2⤵
  PID:15676
- C:\Windows\System\evIvlZi.exe
  C:\Windows\System\evIvlZi.exe
  2⤵
  PID:15696
- C:\Windows\System\VZiDTSs.exe
  C:\Windows\System\VZiDTSs.exe
  2⤵
  PID:15728
- C:\Windows\System\UfcmCHh.exe
  C:\Windows\System\UfcmCHh.exe
  2⤵
  PID:15752
- C:\Windows\System\JtEZGUZ.exe
  C:\Windows\System\JtEZGUZ.exe
  2⤵
  PID:15780
- C:\Windows\System\VOaTden.exe
  C:\Windows\System\VOaTden.exe
  2⤵
  PID:15808
- C:\Windows\System\gJvpmnW.exe
  C:\Windows\System\gJvpmnW.exe
  2⤵
  PID:15836
- C:\Windows\System\KETFqAF.exe
  C:\Windows\System\KETFqAF.exe
  2⤵
  PID:15864
- C:\Windows\System\kVdtSaN.exe
  C:\Windows\System\kVdtSaN.exe
  2⤵
  PID:15892
- C:\Windows\System\ydJeAon.exe
  C:\Windows\System\ydJeAon.exe
  2⤵
  PID:15920
- C:\Windows\System\LvNpKXb.exe
  C:\Windows\System\LvNpKXb.exe
  2⤵
  PID:15948
- C:\Windows\System\XercHfX.exe
  C:\Windows\System\XercHfX.exe
  2⤵
  PID:15976
- C:\Windows\System\yvXVABx.exe
  C:\Windows\System\yvXVABx.exe
  2⤵
  PID:16004
- C:\Windows\System\BelxTVV.exe
  C:\Windows\System\BelxTVV.exe
  2⤵
  PID:16032
- C:\Windows\System\ZLOYcgc.exe
  C:\Windows\System\ZLOYcgc.exe
  2⤵
  PID:16060
- C:\Windows\System\oZxDrBo.exe
  C:\Windows\System\oZxDrBo.exe
  2⤵
  PID:16096
- C:\Windows\System\PFWmOjn.exe
  C:\Windows\System\PFWmOjn.exe
  2⤵
  PID:16116
- C:\Windows\System\tFwXjWv.exe
  C:\Windows\System\tFwXjWv.exe
  2⤵
  PID:16144
- C:\Windows\System\YxdYsma.exe
  C:\Windows\System\YxdYsma.exe
  2⤵
  PID:16176
- C:\Windows\System\HMrxpJR.exe
  C:\Windows\System\HMrxpJR.exe
  2⤵
  PID:16208
- C:\Windows\System\oWCtZil.exe
  C:\Windows\System\oWCtZil.exe
  2⤵
  PID:16232
- C:\Windows\System\MbrorjJ.exe
  C:\Windows\System\MbrorjJ.exe
  2⤵
  PID:16260
- C:\Windows\System\GrSLXeR.exe
  C:\Windows\System\GrSLXeR.exe
  2⤵
  PID:16288
- C:\Windows\System\xcfoQAO.exe
  C:\Windows\System\xcfoQAO.exe
  2⤵
  PID:16340
- C:\Windows\System\Ezhmjrt.exe
  C:\Windows\System\Ezhmjrt.exe
  2⤵
  PID:16372
- C:\Windows\System\JYLTHuc.exe
  C:\Windows\System\JYLTHuc.exe
  2⤵
  PID:11312
- C:\Windows\System\qCKfbFo.exe
  C:\Windows\System\qCKfbFo.exe
  2⤵
  PID:15428
- C:\Windows\System\QcDWzri.exe
  C:\Windows\System\QcDWzri.exe
  2⤵
  PID:15472
- C:\Windows\System\zAaolSq.exe
  C:\Windows\System\zAaolSq.exe
  2⤵
  PID:15556
- C:\Windows\System\PFYRIjq.exe
  C:\Windows\System\PFYRIjq.exe
  2⤵
  PID:15580
- C:\Windows\System\YGbITqz.exe
  C:\Windows\System\YGbITqz.exe
  2⤵
  PID:15640
- C:\Windows\System\pPvqiJZ.exe
  C:\Windows\System\pPvqiJZ.exe
  2⤵
  PID:15668
- C:\Windows\System\eFXgdfo.exe
  C:\Windows\System\eFXgdfo.exe
  2⤵
  PID:11620
- C:\Windows\System\gPDcpVG.exe
  C:\Windows\System\gPDcpVG.exe
  2⤵
  PID:15736
- C:\Windows\System\zeuqPLR.exe
  C:\Windows\System\zeuqPLR.exe
  2⤵
  PID:15772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AAVDqUP.exe

Filesize
6.0MB

MD5
f4e0356711dbb8b17a49befbf18f3495

SHA1
7adbbfff31b780a038751816482ac3aa294172a1

SHA256
28e5db039964d92e9c1ccfd1417ee17754a77f9684dacc92d8c77610f8816507

SHA512
4d56eb0f6c9a5c9ca1eb52cfb1eef17c7c0ccfdcc65483bb917c8d0b8c8975ec95f555441869d1ec79648f7ab9269da3ddcb3a56d32da95cdd485d9fbba6f1ed

Download Submit
C:\Windows\System\AanRHzu.exe

Filesize
6.0MB

MD5
52cf816058fab4a006bff2092ebe6702

SHA1
1d4c8b3b23fac59090513018797b34ede33411f8

SHA256
f49c36fedcd2d2c263c1f46b6cec74abe4e5fc23925a59ff73c6b465687054e0

SHA512
3bff00cbbf0caac770c93ba5185181f14063331b612b451687880f7ee8ea765a690c6e097be49eb0e3bfba6eb212fa2b19dd67fc6681aae38ebd55b86afbd493

Download Submit
C:\Windows\System\BhuHjgP.exe

Filesize
6.0MB

MD5
6fdebb7d7034772620c99d62dddd24eb

SHA1
85b16eb19369eaf488025988b4d534c4821dd9de

SHA256
afa8ce06894e70a0803b163ee2dac07a414e65d1c8df31a5a926d7177f13917a

SHA512
2c4f8854470db4e5f81e599a226a1d297e85a4e39bfb13a929e866124b9dab8686dca621074c0f59ac43c366b1e07140cdf4cd76cee472b7d524ac5c76deb062

Download Submit
C:\Windows\System\CHIQJFB.exe

Filesize
6.0MB

MD5
8e01d369515c1b29edb4658adad89d06

SHA1
dfb6b831cb3f3f5956db44219848b40116dc1221

SHA256
15a9c111cc817cc38dd879e5a0ceb9eb327a9cdfcf932cef9245b700f304f346

SHA512
76db4a900e9d2019ec827716693839e68c5707712eaea34b1a7a85bbfb8a09b27d6a9f48d42326ef38aaebdddff4c9356ce84fa5d952f24c2110e885be572a06

Download Submit
C:\Windows\System\GiBsOZH.exe

Filesize
6.0MB

MD5
46f4012d6fa202d0a02a400a60a25d0a

SHA1
5a3e6e7974abfcbbf207e0a46d6feade6c3cac65

SHA256
76c12e1fed8c678ce10c43439f8d15d5ee3f3848abb20a697ef08526e5fbfbc0

SHA512
4d46cca0147193eea6743a6574a812faccc3f62779631d74e82c1d4fe3921d1050c5f07a85d2c0882ff33c7e28a6ba53c759ec27b0d722b42d8335782b4b535e

Download Submit
C:\Windows\System\IqiBzjs.exe

Filesize
6.0MB

MD5
93188b25d0b7b1d278aeb0c3d6bea5ac

SHA1
ca3503fa6780d7037cf34c267421aa3030621cf9

SHA256
7a9d62e66501caa3f68e6eef6389fb89ad8a6ccaf4e834225001eb1d0618f2f0

SHA512
66099fc8dc70a207e12a62fa80aba4cd1917056a48ad13bd95b93aabc2f01aae4e75c53edc397585ef665fcd7fd55244386bd630c840dc305042362c769720c6

Download Submit
C:\Windows\System\MPjzoKg.exe

Filesize
6.0MB

MD5
4fc3c231bdbae6514a56eb6f14f23d6e

SHA1
537c33e311b98d228734d0b194a73da505d09833

SHA256
e6bc333e942a4281dae01c4c6ece172003fcd662643f8abc687d81625d565f7e

SHA512
3ac6965db4b3576f403cc9d249f2b2b0a751f5208558b78c515f9a903823364ba9a60e85ac6543d19e88cd5d0475a9e47eeade57d095c46ade3c42088a27ce14

Download Submit
C:\Windows\System\TKIATVw.exe

Filesize
6.0MB

MD5
dbea4cefcf991abb168cbeeb4b5f4808

SHA1
9672279fa9acd2776f262b47f1f420e2a6003558

SHA256
3582dfc73bcf06defc7690e9adf27fc3cf5259aaf89621843591b6623f076a7d

SHA512
98244e278b8e844491c78712f89d273f6f9aad7ccbdbe6254f139934e1a12e1134669ca7699d05921ed8ac508a4462c10a03ed45439e2ffa68819bce6a7845b3

Download Submit
C:\Windows\System\Tqjjkwi.exe

Filesize
6.0MB

MD5
c0c13e587b3e4c97f221476d36963ef3

SHA1
d3fbcfc76794c6f153c214ba60510338a56723e5

SHA256
1210480ddf48aec11ff0d6b497107a46c676d05f48cc5ae3a04d0a8952019e58

SHA512
73d3825741efba9181bd231bb39f2e68c9ff252b0b2ff881296dd732743b6982bf8f12e3de3f2f1eabecc5882c232239ba087ec49f2483217d21a1087a4339bf

Download Submit
C:\Windows\System\UYgqkco.exe

Filesize
6.0MB

MD5
14648a1d5abbd7421faa19c70274429a

SHA1
c88dc1868204d7d5647c024e432ffa9f525eefe3

SHA256
e67f25c175e1aec14aa8cb16546f54664ced0ae62375304deff1555efc72ed03

SHA512
7449919d2afdf318c2af7be0c20cfffd1b04be0d869ade526bd5ba996ae4d3c59f32ad22c44ab493439f37272438f5f2dbef4b6978d5cfb0fb87d79b406f1bb1

Download Submit
C:\Windows\System\UeBphtg.exe

Filesize
6.0MB

MD5
84dee6e375dc7c7e9b5bffb9179074b4

SHA1
d5eb648b5971af5b7e7939c5a1be0d30c7b754f4

SHA256
dc9e84d1ad227d20b30d1ba6955afdf81f75e81ae2b06119a86e9ac6049f902e

SHA512
1cc9a08156dac7ef9f0e216366e38aeccca35b74ecc34fbbc0994e023840f485ae9fd64773a8fa08b8b92d32155cc65ed9f650a5efacf2d18584d20874b0a9a3

Download Submit
C:\Windows\System\WtllcLw.exe

Filesize
6.0MB

MD5
70583b06c0f67095d80f67418402e741

SHA1
d94fc11e04c05b8947b87d186f86ae6aad2a12f2

SHA256
750f3958804542c8cbdf93a128cb1fc5d7f3f88abfb676059f98e1639757f298

SHA512
e767b9644a2e0c74e9324a8475b72ecf0ba31d3a17cb0896250fee0c066b81321da08435804c3686d6820751377238007db9d00ab4aec3137548b4572e06d6a2

Download Submit
C:\Windows\System\YpOfmdD.exe

Filesize
6.0MB

MD5
0aec376c6a98a2cbcccce30101de9b0b

SHA1
d494c85c8c6eda2b6b507bd759a8c5a2dd5419af

SHA256
72329d0123a693e05239dad1e5d8a56f67395014fae5e0c2f3359a6442eb99d1

SHA512
8069e509fb929f517f88f21729e7136cf0d064c8fd7ab40a310305fd86e98bd2b8d1e41948e7bd41df3092774eb0cf3c937bdcba2e79063483e9286e1b120c0e

Download Submit
C:\Windows\System\chKRJIB.exe

Filesize
6.0MB

MD5
8b3fdc3aff8aea773f73d12a1580a560

SHA1
8af6d206e3e484a77614c927a085bffe5d7c5b66

SHA256
1bed21cd95029a0adeb89c3623538ba6e5e7945ec7c740751968e375addac6c9

SHA512
b5342553651508773336d52d054522acc033b03b9d360a079be85f89466664ea1cae7e03cb569fb6b98d591a103334592d262d526a9791e517030d8d13ec24b1

Download Submit
C:\Windows\System\dWKkuFu.exe

Filesize
6.0MB

MD5
469012e2b27b8ecec04a55ad65c1219c

SHA1
ed3b305408f14c351771346ca7547e567b329136

SHA256
6f3a72add75187678927a710f2ac11bc84fb1cefeaeaa8caf82c67bec4e5f77b

SHA512
c5420e00ca4653b2206bfd72d68d0761d283a1f081afd073177e784bbd989fc95f68f0e382124137bb0f050ccf2b02da85a312209d72f8504af76e5b95fdfcbe

Download Submit
C:\Windows\System\dkFgMZQ.exe

Filesize
6.0MB

MD5
8e38225f6f03a2fdef726e2315eb71d0

SHA1
a9d3588c9232a5ca52b1d08ed95cf2698cd773fe

SHA256
e0cda4a473631c1d66ae9f602c1f0a2a62dc6f21de7bd73a30890f48a79cf314

SHA512
9c9b490e3d5400cfb38a939293903a2dda50db6b450a59212d5d878deae3ff2fe383903d8d0a6aef22ee229e018257b9619a326456c02211c182f124db1dcb7d

Download Submit
C:\Windows\System\dphsBkr.exe

Filesize
6.0MB

MD5
ccf6d44a36135acf35f7f56d4a69c15c

SHA1
87b74a9f55b062c7c5f166350173caf5b284e2e5

SHA256
ef918cd721676ad089ba2f50767c3b1a495324f6ec3be8d4988ee757a3ca12d8

SHA512
b1771dea048d0511a2764d7f0488c0f7c81773bbb7e305c6e7e16445c45160f864d9452d611dd582eb830c8f704a38840125e735c8a0481d07bbecf2812dce5c

Download Submit
C:\Windows\System\dwXgPGD.exe

Filesize
6.0MB

MD5
ff1d2ab04b13143d2eb803f58a8c942f

SHA1
f5f920d4c9c665ac896f485f94d85234e1e7ef04

SHA256
2d491351845d1373352a1ce2366b4b0e0a026100b91d54f8f4a4d6928e64dc47

SHA512
1daf58bc14c584a8f5491e6b0ecaafe5c6f57e0fb54141d6df622d6364f40a000ae1c43134347d541e179a4cc6d2c6dcf18bf5e2262e381852dd5cecce239612

Download Submit
C:\Windows\System\eALkYWO.exe

Filesize
6.0MB

MD5
1e4462fd6571c675f539e5b562d83bec

SHA1
de888397bba57c2cc00c24fa2aa799d4859eda64

SHA256
0017b4e500a7ba486b84d7887779c9a8194cf9a1b9e949f3aeca004f91d5105e

SHA512
d16b004c5e417569318f18dcecbbd33d9d006b8dcd137731a3f40f013e41c274d80c2efdbb4fa023c2edd059c832fbfea0f864dde7593afd4c0f7c0588322d8f

Download Submit
C:\Windows\System\eDNovUL.exe

Filesize
6.0MB

MD5
a718b839c9e40097ed4c69030a4eedd9

SHA1
7466c73c53b770c6c6fc506612ee6fb81906f6f6

SHA256
7ac0d436d50b7cb3fa4df1c610fbb14aad124ecf0f48f62028712cd87080d61e

SHA512
38554a41dcbad611674b2c120006740b553f1fb87733bcec854ac75a33ea5e96e68891ea4e623cd0e91eecb9bb137cc7828e7ad5575c3f21f078fd574e52e201

Download Submit
C:\Windows\System\fTflPVx.exe

Filesize
6.0MB

MD5
e597f6ed778726af250cec64d4789fc8

SHA1
8ea49738f76d7ba6b77b81420dc84b11c4e75f9b

SHA256
fe2a86087bb56335a4ea00f1ecc74a16e3913a5dce631e68a5db9cace8aeedd6

SHA512
a9608d3d11d274ddd70b2bcc3fb2487c3251a4e7b67fcffc88d9cc5e841c71f4fc29c63f11143e3c39bbae23612cd1276914d7f20435a2cc88cc45dec9252f61

Download Submit
C:\Windows\System\iOlqIFf.exe

Filesize
6.0MB

MD5
f1689a2cfaf0be380bdc3475e83390cc

SHA1
995a767cf33824d5cd74a8df182dfd2bc7fbe9f5

SHA256
73aeaff88440a265f3cf3f7853655e14c9274a170f9433e731bdd7275e8c5c4d

SHA512
3ba87906ff4d226ba49eb544e1d2f0c4319e352e544fbc1f9350b176acf8a546e791f6a60a25a5190472f59652a75fb8c6fa2f199a2f58ffb56a763d5513de40

Download Submit
C:\Windows\System\ikbpcYJ.exe

Filesize
6.0MB

MD5
511980d0a1238d8440f1d52449b757be

SHA1
f8ecc6a29bcb7b389e4f433348baced2ee392442

SHA256
9250069f3988a5a799de70a300c08de2a69bfc59530793485f7874a5a2d49163

SHA512
840face0c57ff70dceaf76fe4b886bde188a70858de2391b9a8235b7ceddd637256e6fbe2d914de5e1f900c8d133e3daa405683699980c98c66ab41f75dc3a74

Download Submit
C:\Windows\System\kkvnBYt.exe

Filesize
6.0MB

MD5
550c497d4c0b2e7726baf7b071c6ade5

SHA1
dc3016a776c5fc4a34c27720f4147e87434a3a45

SHA256
673a8c2f8edc27627c65b321631269b6a7421617fba9bdcb595a3849a98adbaf

SHA512
0aba2478116c8d3241b4ccd93265928168fc3d5254924a6799fb5a8ff3bcd0fbe9529b5147ebac9487453ad53da881898f888e977509df027c8e2500f5e548b1

Download Submit
C:\Windows\System\lOOddJq.exe

Filesize
6.0MB

MD5
f8a036602d90273b07688c44561c63bc

SHA1
f837bd7f2c98ab5d9c3942dd8e3f31c350b9c1c2

SHA256
08d1a789e98b64b1bdef0f96328e2ba6ae780564c082e0a9576a394b6bcd555f

SHA512
41a89e4df99e4d22f0eaf68782b30c2aecef89665f692d166ff55f057e0a4a2080fc79b8bb9661834731e078921b8e9253ad54cbce8a6e89de2b9febe59e7c85

Download Submit
C:\Windows\System\ljqhfek.exe

Filesize
6.0MB

MD5
69c88f4481e0f993b31a5b8c0c5dcdea

SHA1
c4393065eeb5b9e5d05f2b98606ae06fc5e5b29f

SHA256
f2a1c3c1fca2339b18ae217f1c2ddc07c3eeda2a0d573d4e0ee7e37a7fd5286d

SHA512
822d10f0e0ea8c2c47e10c45cc25ea473d0422952ab819b276474739139671938a0f1548c415241c0da0e338be457dc48b776a7dd5b7e664423f587e34b3a40e

Download Submit
C:\Windows\System\oLcyPms.exe

Filesize
6.0MB

MD5
4c897458c6af69e35bba91b87f6455f8

SHA1
dc565914e5049fa47f8f4090e1ec08bb12f2a012

SHA256
3f328d79b94f6c5dc98b715d242e8a56d8e25840b4de145bdcc3755ad6dd35a9

SHA512
e9cd382702d8eb604fb5b4c63386aff7ab3b401965d7621768da8e77d25eacff6daf406a7ee032fe6b93b0a3cf17811065a74e4bcc70c099bc9e05a8a708e9e2

Download Submit
C:\Windows\System\pIwQRhC.exe

Filesize
6.0MB

MD5
1977de067be47b4da30569dcaeb78cf4

SHA1
d50fc51305b38ecbc25c6b9f78a018336c7b4f84

SHA256
8ae6572efc97a43dece6dc180a08e855c6ed3783ef48f23b690e6494e4413b54

SHA512
730e6998590fea4f971a39ff3d5e69518c03b74ad9df870afb6232b39ec8aa6dbd98e720defaa1e8e4fc924cddba4ea19fa7d781fe6b3f1a6621060d00263df4

Download Submit
C:\Windows\System\pKrZxKC.exe

Filesize
6.0MB

MD5
fc5d6013e655c27f59cb7f7b6cd27c00

SHA1
540148adee5faa9d8d1a79d3147dcf5a68eae5e9

SHA256
5f988218b7e3f2d97c73e7225f5a04e27abc9c420c6d4e7a3524c46a6dc6c7d4

SHA512
1b2eef7a597f7db4806057be0924a62a79086479a06bb42e8b497d205cad19bd8426a0cc1a0b57bbb2699742981dd47aaf17d4d49e1e82308364db0da3ee6d74

Download Submit
C:\Windows\System\tFGLlVh.exe

Filesize
6.0MB

MD5
4aa400e59973ef1aba994bea1bc8f23f

SHA1
a77e47564f3adaad73c3c634fe733eaace759ca3

SHA256
53771e27445067394ccf7349cc3cd24289228e2e0b506b04df7301b233c34d68

SHA512
40849695a818bc4db87f04746c58b2a944acc76a8857dbd0df5aaa75ccb3dd80dc0f9ecf126def4bd7e11a08eb1bf53c2cf113315def20608bcab0cb0b6d66b2

Download Submit
C:\Windows\System\tiVKdsn.exe

Filesize
6.0MB

MD5
6c50eb02668432bc7f9db3ff72042375

SHA1
c200bc968df70872473ec8ecc5aef1c13140de23

SHA256
d8100a651e3a2f56bbdbbd9b040f55c51f9b909adf36feb76d4e376f52980134

SHA512
f16d6d5c3642731cb485064efc3b36fed893222c6634242bc6a72e9a5001d740d00b66ef5ed39a8b9e2347baff80b5a9c3f91304c007c78e9b74cee5f8bf268b

Download Submit
C:\Windows\System\trVhwIi.exe

Filesize
6.0MB

MD5
51376ba687309fcce79bd808fd3ec8a1

SHA1
131fae115d851de4d8c1a99419ca2b4ef8115650

SHA256
00b9a0afd76f71308ebd10a26a16abb36955deaaf513af39a7219524f6b42c11

SHA512
041a1c87fbc49d2cdc06ace64fef6338690390ca5ce58ed4b51507e15a8f5e4ddab1e6864a57ca127f6ca13026a9eb4c649c11e99fe662368b44584b51f30699

Download Submit
C:\Windows\System\yIphStR.exe

Filesize
6.0MB

MD5
b08e79f886455990c5b4200bf21ba18e

SHA1
c52a42b006496d9367ec682b0d991fef7128a65c

SHA256
45a1b63cda5e9b07051182368a6415efea17d38999b8afe80f87d24c8ee7476f

SHA512
1666891d9fe54106f986b42888e9c06e9bfc305a82ed3b87e9d7feeb9018e17b0fb60e040bdbf22f0b491427f19b3d1bb780e61a7bc9a2151db7addb182bc30d

Download Submit
memory/212-182-0x00007FF747ED0000-0x00007FF748224000-memory.dmp

Filesize
3.3MB

Download
memory/212-2193-0x00007FF747ED0000-0x00007FF748224000-memory.dmp

Filesize
3.3MB

Download
memory/212-676-0x00007FF747ED0000-0x00007FF748224000-memory.dmp

Filesize
3.3MB

Download
memory/352-2018-0x00007FF7DC510000-0x00007FF7DC864000-memory.dmp

Filesize
3.3MB

Download
memory/352-159-0x00007FF7DC510000-0x00007FF7DC864000-memory.dmp

Filesize
3.3MB

Download
memory/448-148-0x00007FF6C6FF0000-0x00007FF6C7344000-memory.dmp

Filesize
3.3MB

Download
memory/448-51-0x00007FF6C6FF0000-0x00007FF6C7344000-memory.dmp

Filesize
3.3MB

Download
memory/448-1158-0x00007FF6C6FF0000-0x00007FF6C7344000-memory.dmp

Filesize
3.3MB

Download
memory/1020-167-0x00007FF666900000-0x00007FF666C54000-memory.dmp

Filesize
3.3MB

Download
memory/1020-2025-0x00007FF666900000-0x00007FF666C54000-memory.dmp

Filesize
3.3MB

Download
memory/1244-147-0x00007FF738110000-0x00007FF738464000-memory.dmp

Filesize
3.3MB

Download
memory/1244-44-0x00007FF738110000-0x00007FF738464000-memory.dmp

Filesize
3.3MB

Download
memory/1244-1151-0x00007FF738110000-0x00007FF738464000-memory.dmp

Filesize
3.3MB

Download
memory/1320-213-0x00007FF69EFD0000-0x00007FF69F324000-memory.dmp

Filesize
3.3MB

Download
memory/1320-135-0x00007FF69EFD0000-0x00007FF69F324000-memory.dmp

Filesize
3.3MB

Download
memory/1320-1750-0x00007FF69EFD0000-0x00007FF69F324000-memory.dmp

Filesize
3.3MB

Download
memory/1404-0-0x00007FF6B1E00000-0x00007FF6B2154000-memory.dmp

Filesize
3.3MB

Download
memory/1404-1-0x00000280826A0000-0x00000280826B0000-memory.dmp

Filesize
64KB

Download
memory/1404-52-0x00007FF6B1E00000-0x00007FF6B2154000-memory.dmp

Filesize
3.3MB

Download
memory/1876-173-0x00007FF6623C0000-0x00007FF662714000-memory.dmp

Filesize
3.3MB

Download
memory/1876-2028-0x00007FF6623C0000-0x00007FF662714000-memory.dmp

Filesize
3.3MB

Download
memory/1876-571-0x00007FF6623C0000-0x00007FF662714000-memory.dmp

Filesize
3.3MB

Download
memory/1904-468-0x00007FF6EA9A0000-0x00007FF6EACF4000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2030-0x00007FF6EA9A0000-0x00007FF6EACF4000-memory.dmp

Filesize
3.3MB

Download
memory/1904-166-0x00007FF6EA9A0000-0x00007FF6EACF4000-memory.dmp

Filesize
3.3MB

Download
memory/1980-1163-0x00007FF6FB070000-0x00007FF6FB3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1980-87-0x00007FF6FB070000-0x00007FF6FB3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-868-0x00007FF78E050000-0x00007FF78E3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-20-0x00007FF78E050000-0x00007FF78E3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-89-0x00007FF658090000-0x00007FF6583E4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-1181-0x00007FF658090000-0x00007FF6583E4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-121-0x00007FF6E3D50000-0x00007FF6E40A4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1568-0x00007FF6E3D50000-0x00007FF6E40A4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-149-0x00007FF63AC40000-0x00007FF63AF94000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1754-0x00007FF63AC40000-0x00007FF63AF94000-memory.dmp

Filesize
3.3MB

Download
memory/2560-268-0x00007FF63AC40000-0x00007FF63AF94000-memory.dmp

Filesize
3.3MB

Download
memory/2700-865-0x00007FF63E110000-0x00007FF63E464000-memory.dmp

Filesize
3.3MB

Download
memory/2700-19-0x00007FF63E110000-0x00007FF63E464000-memory.dmp

Filesize
3.3MB

Download
memory/2700-88-0x00007FF63E110000-0x00007FF63E464000-memory.dmp

Filesize
3.3MB

Download
memory/2864-1164-0x00007FF7A2050000-0x00007FF7A23A4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-82-0x00007FF7A2050000-0x00007FF7A23A4000-memory.dmp

Filesize
3.3MB

Download
memory/3136-1561-0x00007FF6E9B10000-0x00007FF6E9E64000-memory.dmp

Filesize
3.3MB

Download
memory/3136-101-0x00007FF6E9B10000-0x00007FF6E9E64000-memory.dmp

Filesize
3.3MB

Download
memory/3296-1156-0x00007FF611370000-0x00007FF6116C4000-memory.dmp

Filesize
3.3MB

Download
memory/3296-81-0x00007FF611370000-0x00007FF6116C4000-memory.dmp

Filesize
3.3MB

Download
memory/3452-132-0x00007FF69AF10000-0x00007FF69B264000-memory.dmp

Filesize
3.3MB

Download
memory/3452-185-0x00007FF69AF10000-0x00007FF69B264000-memory.dmp

Filesize
3.3MB

Download
memory/3452-1745-0x00007FF69AF10000-0x00007FF69B264000-memory.dmp

Filesize
3.3MB

Download
memory/3788-38-0x00007FF7E63A0000-0x00007FF7E66F4000-memory.dmp

Filesize
3.3MB

Download
memory/3788-1018-0x00007FF7E63A0000-0x00007FF7E66F4000-memory.dmp

Filesize
3.3MB

Download
memory/3888-265-0x00007FF6E3570000-0x00007FF6E38C4000-memory.dmp

Filesize
3.3MB

Download
memory/3888-1749-0x00007FF6E3570000-0x00007FF6E38C4000-memory.dmp

Filesize
3.3MB

Download
memory/3888-143-0x00007FF6E3570000-0x00007FF6E38C4000-memory.dmp

Filesize
3.3MB

Download
memory/4004-84-0x00007FF7922D0000-0x00007FF792624000-memory.dmp

Filesize
3.3MB

Download
memory/4004-1168-0x00007FF7922D0000-0x00007FF792624000-memory.dmp

Filesize
3.3MB

Download
memory/4076-1569-0x00007FF600000000-0x00007FF600354000-memory.dmp

Filesize
3.3MB

Download
memory/4076-125-0x00007FF600000000-0x00007FF600354000-memory.dmp

Filesize
3.3MB

Download
memory/4368-170-0x00007FF78AE70000-0x00007FF78B1C4000-memory.dmp

Filesize
3.3MB

Download
memory/4368-108-0x00007FF78AE70000-0x00007FF78B1C4000-memory.dmp

Filesize
3.3MB

Download
memory/4368-1570-0x00007FF78AE70000-0x00007FF78B1C4000-memory.dmp

Filesize
3.3MB

Download
memory/4408-134-0x00007FF7B37A0000-0x00007FF7B3AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4408-1744-0x00007FF7B37A0000-0x00007FF7B3AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4552-1574-0x00007FF6C1600000-0x00007FF6C1954000-memory.dmp

Filesize
3.3MB

Download
memory/4552-117-0x00007FF6C1600000-0x00007FF6C1954000-memory.dmp

Filesize
3.3MB

Download
memory/4660-1010-0x00007FF68A200000-0x00007FF68A554000-memory.dmp

Filesize
3.3MB

Download
memory/4660-31-0x00007FF68A200000-0x00007FF68A554000-memory.dmp

Filesize
3.3MB

Download
memory/4928-864-0x00007FF6513A0000-0x00007FF6516F4000-memory.dmp

Filesize
3.3MB

Download
memory/4928-78-0x00007FF6513A0000-0x00007FF6516F4000-memory.dmp

Filesize
3.3MB

Download
memory/4928-11-0x00007FF6513A0000-0x00007FF6516F4000-memory.dmp

Filesize
3.3MB

Download
memory/4976-1170-0x00007FF7FEA60000-0x00007FF7FEDB4000-memory.dmp

Filesize
3.3MB

Download
memory/4976-86-0x00007FF7FEA60000-0x00007FF7FEDB4000-memory.dmp

Filesize
3.3MB

Download
memory/5024-34-0x00007FF7A5880000-0x00007FF7A5BD4000-memory.dmp

Filesize
3.3MB

Download
memory/5024-1016-0x00007FF7A5880000-0x00007FF7A5BD4000-memory.dmp

Filesize
3.3MB

Download