cobaltstrike | bf8e32eb0cbb25068ca4e336f2c4affd914f198085da58f734756602a575c315

Analysis

max time kernel
126s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 05:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f9b0c1d261020130a7192d92ac68ca2e
SHA1

5e85baa41717af601526de9b02488e9201afc309
SHA256

bf8e32eb0cbb25068ca4e336f2c4affd914f198085da58f734756602a575c315
SHA512

439e82872537272143ea8950861e556e3469a9f4b57d2fe43d559455735a1b31fe94467650f1c369273f3404b1de01303376abe17c3947f32a61dcf40d64f2cd
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUO:T+q56utgpPF8u/7O

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0032000000023b84-7.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b89-10.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b88-16.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8a-27.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8c-30.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8f-51.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b90-61.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b93-70.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b94-79.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b97-93.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9b-109.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9c-116.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9f-137.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba6-164.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba5-162.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba4-160.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba3-157.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba2-155.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba1-143.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba0-141.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9e-135.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9d-129.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9a-106.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b99-102.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b98-99.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b96-86.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b95-82.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b92-65.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b91-59.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8e-47.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8d-44.dat	cobalt_reflective_dll
behavioral2/files/0x0032000000023b85-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2360-0-0x00007FF7D9D20000-0x00007FF7DA074000-memory.dmp	xmrig
behavioral2/memory/1508-6-0x00007FF618BD0000-0x00007FF618F24000-memory.dmp	xmrig
behavioral2/files/0x0032000000023b84-7.dat	xmrig
behavioral2/files/0x000a000000023b89-10.dat	xmrig
behavioral2/files/0x000a000000023b88-16.dat	xmrig
behavioral2/memory/4508-18-0x00007FF6B5020000-0x00007FF6B5374000-memory.dmp	xmrig
behavioral2/memory/4132-13-0x00007FF6955A0000-0x00007FF6958F4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8a-27.dat	xmrig
behavioral2/files/0x000a000000023b8c-30.dat	xmrig
behavioral2/files/0x000a000000023b8f-51.dat	xmrig
behavioral2/files/0x000a000000023b90-61.dat	xmrig
behavioral2/files/0x000a000000023b93-70.dat	xmrig
behavioral2/files/0x000a000000023b94-79.dat	xmrig
behavioral2/files/0x000a000000023b97-93.dat	xmrig
behavioral2/files/0x000a000000023b9b-109.dat	xmrig
behavioral2/files/0x000a000000023b9c-116.dat	xmrig
behavioral2/files/0x000a000000023b9f-137.dat	xmrig
behavioral2/files/0x000a000000023ba6-164.dat	xmrig
behavioral2/memory/1684-880-0x00007FF637810000-0x00007FF637B64000-memory.dmp	xmrig
behavioral2/memory/1580-886-0x00007FF7A5170000-0x00007FF7A54C4000-memory.dmp	xmrig
behavioral2/memory/748-885-0x00007FF68B070000-0x00007FF68B3C4000-memory.dmp	xmrig
behavioral2/memory/3872-884-0x00007FF7D8250000-0x00007FF7D85A4000-memory.dmp	xmrig
behavioral2/memory/1016-890-0x00007FF6A2740000-0x00007FF6A2A94000-memory.dmp	xmrig
behavioral2/memory/4000-892-0x00007FF758470000-0x00007FF7587C4000-memory.dmp	xmrig
behavioral2/memory/4232-900-0x00007FF686070000-0x00007FF6863C4000-memory.dmp	xmrig
behavioral2/memory/4856-906-0x00007FF6AFE60000-0x00007FF6B01B4000-memory.dmp	xmrig
behavioral2/memory/5116-915-0x00007FF7D3900000-0x00007FF7D3C54000-memory.dmp	xmrig
behavioral2/memory/640-922-0x00007FF69E4B0000-0x00007FF69E804000-memory.dmp	xmrig
behavioral2/memory/1760-924-0x00007FF68D7A0000-0x00007FF68DAF4000-memory.dmp	xmrig
behavioral2/memory/384-927-0x00007FF6146E0000-0x00007FF614A34000-memory.dmp	xmrig
behavioral2/memory/5088-928-0x00007FF651640000-0x00007FF651994000-memory.dmp	xmrig
behavioral2/memory/860-926-0x00007FF769450000-0x00007FF7697A4000-memory.dmp	xmrig
behavioral2/memory/3212-925-0x00007FF75CC20000-0x00007FF75CF74000-memory.dmp	xmrig
behavioral2/memory/4700-923-0x00007FF608200000-0x00007FF608554000-memory.dmp	xmrig
behavioral2/memory/1620-916-0x00007FF6660A0000-0x00007FF6663F4000-memory.dmp	xmrig
behavioral2/memory/2512-914-0x00007FF7C18E0000-0x00007FF7C1C34000-memory.dmp	xmrig
behavioral2/memory/4776-913-0x00007FF61F880000-0x00007FF61FBD4000-memory.dmp	xmrig
behavioral2/memory/4060-910-0x00007FF7D8B00000-0x00007FF7D8E54000-memory.dmp	xmrig
behavioral2/memory/3820-904-0x00007FF71D240000-0x00007FF71D594000-memory.dmp	xmrig
behavioral2/memory/4984-899-0x00007FF755CB0000-0x00007FF756004000-memory.dmp	xmrig
behavioral2/memory/2216-901-0x00007FF64CAC0000-0x00007FF64CE14000-memory.dmp	xmrig
behavioral2/memory/3476-894-0x00007FF74DB00000-0x00007FF74DE54000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba5-162.dat	xmrig
behavioral2/files/0x000a000000023ba4-160.dat	xmrig
behavioral2/files/0x000a000000023ba3-157.dat	xmrig
behavioral2/files/0x000a000000023ba2-155.dat	xmrig
behavioral2/files/0x000a000000023ba1-143.dat	xmrig
behavioral2/files/0x000a000000023ba0-141.dat	xmrig
behavioral2/files/0x000a000000023b9e-135.dat	xmrig
behavioral2/files/0x000a000000023b9d-129.dat	xmrig
behavioral2/files/0x000a000000023b9a-106.dat	xmrig
behavioral2/files/0x000a000000023b99-102.dat	xmrig
behavioral2/files/0x000a000000023b98-99.dat	xmrig
behavioral2/files/0x000a000000023b96-86.dat	xmrig
behavioral2/files/0x000a000000023b95-82.dat	xmrig
behavioral2/files/0x000a000000023b92-65.dat	xmrig
behavioral2/files/0x000a000000023b91-59.dat	xmrig
behavioral2/files/0x000a000000023b8e-47.dat	xmrig
behavioral2/files/0x000a000000023b8d-44.dat	xmrig
behavioral2/memory/2916-38-0x00007FF700180000-0x00007FF7004D4000-memory.dmp	xmrig
behavioral2/files/0x0032000000023b85-33.dat	xmrig
behavioral2/memory/4436-28-0x00007FF7ED1A0000-0x00007FF7ED4F4000-memory.dmp	xmrig
behavioral2/memory/2360-1118-0x00007FF7D9D20000-0x00007FF7DA074000-memory.dmp	xmrig
behavioral2/memory/1508-1121-0x00007FF618BD0000-0x00007FF618F24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1508	gTgnvmY.exe
4132	BRQAqTC.exe
4508	pxLSTIH.exe
4436	JcIbsID.exe
2916	XBQbWYA.exe
384	zEdZUbl.exe
5088	ycDdRZH.exe
1684	HFbCuRP.exe
3872	RnTEEEb.exe
748	MCotuzb.exe
1580	bISucmg.exe
1016	bDSFByd.exe
4000	ybAvYUz.exe
3476	rfVmgDS.exe
4984	OHDHiTu.exe
4232	uqIiOto.exe
2216	VxipTGg.exe
3820	yrslTHA.exe
4856	tkRZywT.exe
4060	wWqTZJV.exe
4776	oeSSOzb.exe
2512	PZDRpWH.exe
5116	rzOtgSD.exe
1620	IdaQWVG.exe
640	sozWxEW.exe
4700	vIjFtyZ.exe
1760	cTHtPSe.exe
3212	qdhnTXP.exe
860	MpBmiIE.exe
3256	RSAsyOJ.exe
1860	rwpcQjZ.exe
4868	hXncZyC.exe
4064	DWIXNAb.exe
3172	LUDcTEF.exe
1444	zoxsVdp.exe
3228	YxsDscx.exe
4916	DpGXRjt.exe
1708	MftqgbD.exe
3040	YWVCPLV.exe
4532	IWlNncV.exe
3340	WNoTLcY.exe
4044	mzBnZCn.exe
4476	TkRbmAN.exe
5108	xKjMcrM.exe
4492	aLdkXXR.exe
3712	voZZClD.exe
3948	cvtsrVU.exe
4760	TeABvzP.exe
3480	baHWyCs.exe
4556	oxkmbjl.exe
1248	gukEUZT.exe
4656	axIirBx.exe
912	bxLiJtn.exe
4812	WtEgSQB.exe
2008	KnHMxWw.exe
1724	OxVHKQC.exe
5068	UuyUdEp.exe
5080	eiOHMvr.exe
636	dskxISK.exe
4588	rEYCXhz.exe
4020	Ujjozan.exe
3860	FhHRDGh.exe
2052	LEfqyTT.exe
2224	cYPqruk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2360-0-0x00007FF7D9D20000-0x00007FF7DA074000-memory.dmp	upx
behavioral2/memory/1508-6-0x00007FF618BD0000-0x00007FF618F24000-memory.dmp	upx
behavioral2/files/0x0032000000023b84-7.dat	upx
behavioral2/files/0x000a000000023b89-10.dat	upx
behavioral2/files/0x000a000000023b88-16.dat	upx
behavioral2/memory/4508-18-0x00007FF6B5020000-0x00007FF6B5374000-memory.dmp	upx
behavioral2/memory/4132-13-0x00007FF6955A0000-0x00007FF6958F4000-memory.dmp	upx
behavioral2/files/0x000a000000023b8a-27.dat	upx
behavioral2/files/0x000a000000023b8c-30.dat	upx
behavioral2/files/0x000a000000023b8f-51.dat	upx
behavioral2/files/0x000a000000023b90-61.dat	upx
behavioral2/files/0x000a000000023b93-70.dat	upx
behavioral2/files/0x000a000000023b94-79.dat	upx
behavioral2/files/0x000a000000023b97-93.dat	upx
behavioral2/files/0x000a000000023b9b-109.dat	upx
behavioral2/files/0x000a000000023b9c-116.dat	upx
behavioral2/files/0x000a000000023b9f-137.dat	upx
behavioral2/files/0x000a000000023ba6-164.dat	upx
behavioral2/memory/1684-880-0x00007FF637810000-0x00007FF637B64000-memory.dmp	upx
behavioral2/memory/1580-886-0x00007FF7A5170000-0x00007FF7A54C4000-memory.dmp	upx
behavioral2/memory/748-885-0x00007FF68B070000-0x00007FF68B3C4000-memory.dmp	upx
behavioral2/memory/3872-884-0x00007FF7D8250000-0x00007FF7D85A4000-memory.dmp	upx
behavioral2/memory/1016-890-0x00007FF6A2740000-0x00007FF6A2A94000-memory.dmp	upx
behavioral2/memory/4000-892-0x00007FF758470000-0x00007FF7587C4000-memory.dmp	upx
behavioral2/memory/4232-900-0x00007FF686070000-0x00007FF6863C4000-memory.dmp	upx
behavioral2/memory/4856-906-0x00007FF6AFE60000-0x00007FF6B01B4000-memory.dmp	upx
behavioral2/memory/5116-915-0x00007FF7D3900000-0x00007FF7D3C54000-memory.dmp	upx
behavioral2/memory/640-922-0x00007FF69E4B0000-0x00007FF69E804000-memory.dmp	upx
behavioral2/memory/1760-924-0x00007FF68D7A0000-0x00007FF68DAF4000-memory.dmp	upx
behavioral2/memory/384-927-0x00007FF6146E0000-0x00007FF614A34000-memory.dmp	upx
behavioral2/memory/5088-928-0x00007FF651640000-0x00007FF651994000-memory.dmp	upx
behavioral2/memory/860-926-0x00007FF769450000-0x00007FF7697A4000-memory.dmp	upx
behavioral2/memory/3212-925-0x00007FF75CC20000-0x00007FF75CF74000-memory.dmp	upx
behavioral2/memory/4700-923-0x00007FF608200000-0x00007FF608554000-memory.dmp	upx
behavioral2/memory/1620-916-0x00007FF6660A0000-0x00007FF6663F4000-memory.dmp	upx
behavioral2/memory/2512-914-0x00007FF7C18E0000-0x00007FF7C1C34000-memory.dmp	upx
behavioral2/memory/4776-913-0x00007FF61F880000-0x00007FF61FBD4000-memory.dmp	upx
behavioral2/memory/4060-910-0x00007FF7D8B00000-0x00007FF7D8E54000-memory.dmp	upx
behavioral2/memory/3820-904-0x00007FF71D240000-0x00007FF71D594000-memory.dmp	upx
behavioral2/memory/4984-899-0x00007FF755CB0000-0x00007FF756004000-memory.dmp	upx
behavioral2/memory/2216-901-0x00007FF64CAC0000-0x00007FF64CE14000-memory.dmp	upx
behavioral2/memory/3476-894-0x00007FF74DB00000-0x00007FF74DE54000-memory.dmp	upx
behavioral2/files/0x000a000000023ba5-162.dat	upx
behavioral2/files/0x000a000000023ba4-160.dat	upx
behavioral2/files/0x000a000000023ba3-157.dat	upx
behavioral2/files/0x000a000000023ba2-155.dat	upx
behavioral2/files/0x000a000000023ba1-143.dat	upx
behavioral2/files/0x000a000000023ba0-141.dat	upx
behavioral2/files/0x000a000000023b9e-135.dat	upx
behavioral2/files/0x000a000000023b9d-129.dat	upx
behavioral2/files/0x000a000000023b9a-106.dat	upx
behavioral2/files/0x000a000000023b99-102.dat	upx
behavioral2/files/0x000a000000023b98-99.dat	upx
behavioral2/files/0x000a000000023b96-86.dat	upx
behavioral2/files/0x000a000000023b95-82.dat	upx
behavioral2/files/0x000a000000023b92-65.dat	upx
behavioral2/files/0x000a000000023b91-59.dat	upx
behavioral2/files/0x000a000000023b8e-47.dat	upx
behavioral2/files/0x000a000000023b8d-44.dat	upx
behavioral2/memory/2916-38-0x00007FF700180000-0x00007FF7004D4000-memory.dmp	upx
behavioral2/files/0x0032000000023b85-33.dat	upx
behavioral2/memory/4436-28-0x00007FF7ED1A0000-0x00007FF7ED4F4000-memory.dmp	upx
behavioral2/memory/2360-1118-0x00007FF7D9D20000-0x00007FF7DA074000-memory.dmp	upx
behavioral2/memory/1508-1121-0x00007FF618BD0000-0x00007FF618F24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\okUtbcu.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LXtdyVa.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Nessmez.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBPhWuM.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXAJzXf.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOQcCdv.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jgUozYx.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HVSEsBk.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FWItHOy.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIFXHol.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Xhtoxjv.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\npRUEhF.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXqloIE.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJqgoib.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVYfIKk.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYLiBbI.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJYMyka.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWcrIki.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wXQaJiV.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPrcdlg.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZNkiXJ.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRJbdeC.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfISKCS.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDUDXpo.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtNOpTJ.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdtAZSb.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfjlKcS.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HjNZJkN.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\azbcMhU.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\arOmXrW.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YflFAAl.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adrhsvD.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfjNHfO.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zVEjQiR.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJTnUll.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNkhUCf.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iIcOmlw.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkifSGX.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilSLqnR.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wMwMjSz.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvgTVIq.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGrCBSW.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEfqyTT.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PvKIYAJ.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdqKxlf.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mujVCHR.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EUNFDsa.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NWHwnkc.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPTSSCe.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPMzptl.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uyoQIur.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cvAQWZH.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHvRXth.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yfEoGGl.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbeoXol.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WlLIdre.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\umCiSdm.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vkPjUCH.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFaiswU.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsdRocD.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kqMxZPK.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFFACXi.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYfJcBi.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVNJINJ.exe	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 1508	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 2360 wrote to memory of 1508	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 2360 wrote to memory of 4132	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2360 wrote to memory of 4132	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2360 wrote to memory of 4508	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2360 wrote to memory of 4508	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2360 wrote to memory of 4436	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2360 wrote to memory of 4436	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2360 wrote to memory of 2916	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2360 wrote to memory of 2916	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2360 wrote to memory of 384	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2360 wrote to memory of 384	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2360 wrote to memory of 5088	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2360 wrote to memory of 5088	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2360 wrote to memory of 1684	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2360 wrote to memory of 1684	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2360 wrote to memory of 3872	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2360 wrote to memory of 3872	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2360 wrote to memory of 748	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2360 wrote to memory of 748	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2360 wrote to memory of 1580	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2360 wrote to memory of 1580	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2360 wrote to memory of 1016	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2360 wrote to memory of 1016	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2360 wrote to memory of 4000	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2360 wrote to memory of 4000	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2360 wrote to memory of 3476	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2360 wrote to memory of 3476	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2360 wrote to memory of 4984	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2360 wrote to memory of 4984	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2360 wrote to memory of 4232	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2360 wrote to memory of 4232	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2360 wrote to memory of 2216	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2360 wrote to memory of 2216	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2360 wrote to memory of 3820	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2360 wrote to memory of 3820	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2360 wrote to memory of 4856	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2360 wrote to memory of 4856	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2360 wrote to memory of 4060	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2360 wrote to memory of 4060	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2360 wrote to memory of 4776	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2360 wrote to memory of 4776	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2360 wrote to memory of 2512	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2360 wrote to memory of 2512	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2360 wrote to memory of 5116	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2360 wrote to memory of 5116	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2360 wrote to memory of 1620	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2360 wrote to memory of 1620	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2360 wrote to memory of 640	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2360 wrote to memory of 640	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2360 wrote to memory of 4700	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2360 wrote to memory of 4700	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2360 wrote to memory of 1760	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2360 wrote to memory of 1760	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2360 wrote to memory of 3212	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2360 wrote to memory of 3212	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2360 wrote to memory of 860	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2360 wrote to memory of 860	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2360 wrote to memory of 3256	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2360 wrote to memory of 3256	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2360 wrote to memory of 1860	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2360 wrote to memory of 1860	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2360 wrote to memory of 4868	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 2360 wrote to memory of 4868	2360	2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_f9b0c1d261020130a7192d92ac68ca2e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Windows\System\gTgnvmY.exe
  C:\Windows\System\gTgnvmY.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\BRQAqTC.exe
  C:\Windows\System\BRQAqTC.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\pxLSTIH.exe
  C:\Windows\System\pxLSTIH.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\JcIbsID.exe
  C:\Windows\System\JcIbsID.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\XBQbWYA.exe
  C:\Windows\System\XBQbWYA.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\zEdZUbl.exe
  C:\Windows\System\zEdZUbl.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\ycDdRZH.exe
  C:\Windows\System\ycDdRZH.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\HFbCuRP.exe
  C:\Windows\System\HFbCuRP.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\RnTEEEb.exe
  C:\Windows\System\RnTEEEb.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\MCotuzb.exe
  C:\Windows\System\MCotuzb.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\bISucmg.exe
  C:\Windows\System\bISucmg.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\bDSFByd.exe
  C:\Windows\System\bDSFByd.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\ybAvYUz.exe
  C:\Windows\System\ybAvYUz.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\rfVmgDS.exe
  C:\Windows\System\rfVmgDS.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\OHDHiTu.exe
  C:\Windows\System\OHDHiTu.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\uqIiOto.exe
  C:\Windows\System\uqIiOto.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\VxipTGg.exe
  C:\Windows\System\VxipTGg.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\yrslTHA.exe
  C:\Windows\System\yrslTHA.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\tkRZywT.exe
  C:\Windows\System\tkRZywT.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\wWqTZJV.exe
  C:\Windows\System\wWqTZJV.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\oeSSOzb.exe
  C:\Windows\System\oeSSOzb.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\PZDRpWH.exe
  C:\Windows\System\PZDRpWH.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\rzOtgSD.exe
  C:\Windows\System\rzOtgSD.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\IdaQWVG.exe
  C:\Windows\System\IdaQWVG.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\sozWxEW.exe
  C:\Windows\System\sozWxEW.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\vIjFtyZ.exe
  C:\Windows\System\vIjFtyZ.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\cTHtPSe.exe
  C:\Windows\System\cTHtPSe.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\qdhnTXP.exe
  C:\Windows\System\qdhnTXP.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\MpBmiIE.exe
  C:\Windows\System\MpBmiIE.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\RSAsyOJ.exe
  C:\Windows\System\RSAsyOJ.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\rwpcQjZ.exe
  C:\Windows\System\rwpcQjZ.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\hXncZyC.exe
  C:\Windows\System\hXncZyC.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\DWIXNAb.exe
  C:\Windows\System\DWIXNAb.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\LUDcTEF.exe
  C:\Windows\System\LUDcTEF.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\zoxsVdp.exe
  C:\Windows\System\zoxsVdp.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\YxsDscx.exe
  C:\Windows\System\YxsDscx.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\DpGXRjt.exe
  C:\Windows\System\DpGXRjt.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\MftqgbD.exe
  C:\Windows\System\MftqgbD.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\YWVCPLV.exe
  C:\Windows\System\YWVCPLV.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\IWlNncV.exe
  C:\Windows\System\IWlNncV.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\WNoTLcY.exe
  C:\Windows\System\WNoTLcY.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\mzBnZCn.exe
  C:\Windows\System\mzBnZCn.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\TkRbmAN.exe
  C:\Windows\System\TkRbmAN.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\xKjMcrM.exe
  C:\Windows\System\xKjMcrM.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\aLdkXXR.exe
  C:\Windows\System\aLdkXXR.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\voZZClD.exe
  C:\Windows\System\voZZClD.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\cvtsrVU.exe
  C:\Windows\System\cvtsrVU.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\TeABvzP.exe
  C:\Windows\System\TeABvzP.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\baHWyCs.exe
  C:\Windows\System\baHWyCs.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\oxkmbjl.exe
  C:\Windows\System\oxkmbjl.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\gukEUZT.exe
  C:\Windows\System\gukEUZT.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\axIirBx.exe
  C:\Windows\System\axIirBx.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\bxLiJtn.exe
  C:\Windows\System\bxLiJtn.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\WtEgSQB.exe
  C:\Windows\System\WtEgSQB.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\KnHMxWw.exe
  C:\Windows\System\KnHMxWw.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\OxVHKQC.exe
  C:\Windows\System\OxVHKQC.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\UuyUdEp.exe
  C:\Windows\System\UuyUdEp.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\eiOHMvr.exe
  C:\Windows\System\eiOHMvr.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\dskxISK.exe
  C:\Windows\System\dskxISK.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\rEYCXhz.exe
  C:\Windows\System\rEYCXhz.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\Ujjozan.exe
  C:\Windows\System\Ujjozan.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\FhHRDGh.exe
  C:\Windows\System\FhHRDGh.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\LEfqyTT.exe
  C:\Windows\System\LEfqyTT.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\cYPqruk.exe
  C:\Windows\System\cYPqruk.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\BwHrGwi.exe
  C:\Windows\System\BwHrGwi.exe
  2⤵
  PID:4960
- C:\Windows\System\KtGmjIp.exe
  C:\Windows\System\KtGmjIp.exe
  2⤵
  PID:3988
- C:\Windows\System\yBpozOC.exe
  C:\Windows\System\yBpozOC.exe
  2⤵
  PID:4288
- C:\Windows\System\kdbeLeG.exe
  C:\Windows\System\kdbeLeG.exe
  2⤵
  PID:4384
- C:\Windows\System\FPccBJF.exe
  C:\Windows\System\FPccBJF.exe
  2⤵
  PID:3176
- C:\Windows\System\KpkWfoH.exe
  C:\Windows\System\KpkWfoH.exe
  2⤵
  PID:3704
- C:\Windows\System\iWBlqVJ.exe
  C:\Windows\System\iWBlqVJ.exe
  2⤵
  PID:1072
- C:\Windows\System\qccHpRV.exe
  C:\Windows\System\qccHpRV.exe
  2⤵
  PID:3768
- C:\Windows\System\SISqymh.exe
  C:\Windows\System\SISqymh.exe
  2⤵
  PID:3632
- C:\Windows\System\MrvRsHH.exe
  C:\Windows\System\MrvRsHH.exe
  2⤵
  PID:3484
- C:\Windows\System\URulall.exe
  C:\Windows\System\URulall.exe
  2⤵
  PID:2220
- C:\Windows\System\ErnJwZW.exe
  C:\Windows\System\ErnJwZW.exe
  2⤵
  PID:2020
- C:\Windows\System\PMRokFe.exe
  C:\Windows\System\PMRokFe.exe
  2⤵
  PID:5144
- C:\Windows\System\tCocXRk.exe
  C:\Windows\System\tCocXRk.exe
  2⤵
  PID:5164
- C:\Windows\System\ZPjrMXK.exe
  C:\Windows\System\ZPjrMXK.exe
  2⤵
  PID:5188
- C:\Windows\System\HAtKEpG.exe
  C:\Windows\System\HAtKEpG.exe
  2⤵
  PID:5228
- C:\Windows\System\cDoBFuK.exe
  C:\Windows\System\cDoBFuK.exe
  2⤵
  PID:5256
- C:\Windows\System\rGSzMRY.exe
  C:\Windows\System\rGSzMRY.exe
  2⤵
  PID:5272
- C:\Windows\System\jZxAHFk.exe
  C:\Windows\System\jZxAHFk.exe
  2⤵
  PID:5300
- C:\Windows\System\MVfhdYe.exe
  C:\Windows\System\MVfhdYe.exe
  2⤵
  PID:5340
- C:\Windows\System\BSBdzEs.exe
  C:\Windows\System\BSBdzEs.exe
  2⤵
  PID:5356
- C:\Windows\System\UGuPDeF.exe
  C:\Windows\System\UGuPDeF.exe
  2⤵
  PID:5384
- C:\Windows\System\smcXSaW.exe
  C:\Windows\System\smcXSaW.exe
  2⤵
  PID:5408
- C:\Windows\System\XLsIoOh.exe
  C:\Windows\System\XLsIoOh.exe
  2⤵
  PID:5428
- C:\Windows\System\ceDkTSu.exe
  C:\Windows\System\ceDkTSu.exe
  2⤵
  PID:5468
- C:\Windows\System\adrhsvD.exe
  C:\Windows\System\adrhsvD.exe
  2⤵
  PID:5484
- C:\Windows\System\NLtQxzq.exe
  C:\Windows\System\NLtQxzq.exe
  2⤵
  PID:5528
- C:\Windows\System\LTbNaiZ.exe
  C:\Windows\System\LTbNaiZ.exe
  2⤵
  PID:5552
- C:\Windows\System\ElKChas.exe
  C:\Windows\System\ElKChas.exe
  2⤵
  PID:5580
- C:\Windows\System\uOQLqHo.exe
  C:\Windows\System\uOQLqHo.exe
  2⤵
  PID:5608
- C:\Windows\System\dUkEZtl.exe
  C:\Windows\System\dUkEZtl.exe
  2⤵
  PID:5636
- C:\Windows\System\EaUtTRF.exe
  C:\Windows\System\EaUtTRF.exe
  2⤵
  PID:5664
- C:\Windows\System\gRhSRNv.exe
  C:\Windows\System\gRhSRNv.exe
  2⤵
  PID:5700
- C:\Windows\System\wLbrtZk.exe
  C:\Windows\System\wLbrtZk.exe
  2⤵
  PID:5720
- C:\Windows\System\EcFyXyX.exe
  C:\Windows\System\EcFyXyX.exe
  2⤵
  PID:5760
- C:\Windows\System\yIBFHai.exe
  C:\Windows\System\yIBFHai.exe
  2⤵
  PID:5776
- C:\Windows\System\ERTmTdk.exe
  C:\Windows\System\ERTmTdk.exe
  2⤵
  PID:5792
- C:\Windows\System\VWqJzDP.exe
  C:\Windows\System\VWqJzDP.exe
  2⤵
  PID:5832
- C:\Windows\System\WkezHMX.exe
  C:\Windows\System\WkezHMX.exe
  2⤵
  PID:5876
- C:\Windows\System\okUtbcu.exe
  C:\Windows\System\okUtbcu.exe
  2⤵
  PID:5900
- C:\Windows\System\lSQJfvv.exe
  C:\Windows\System\lSQJfvv.exe
  2⤵
  PID:5924
- C:\Windows\System\oJEhygB.exe
  C:\Windows\System\oJEhygB.exe
  2⤵
  PID:5952
- C:\Windows\System\uiycXBg.exe
  C:\Windows\System\uiycXBg.exe
  2⤵
  PID:5984
- C:\Windows\System\kqMxZPK.exe
  C:\Windows\System\kqMxZPK.exe
  2⤵
  PID:6024
- C:\Windows\System\rMxBMAw.exe
  C:\Windows\System\rMxBMAw.exe
  2⤵
  PID:6052
- C:\Windows\System\JUsEjnS.exe
  C:\Windows\System\JUsEjnS.exe
  2⤵
  PID:6068
- C:\Windows\System\GYrftcT.exe
  C:\Windows\System\GYrftcT.exe
  2⤵
  PID:6084
- C:\Windows\System\ikDqlMj.exe
  C:\Windows\System\ikDqlMj.exe
  2⤵
  PID:6112
- C:\Windows\System\GtbNJmd.exe
  C:\Windows\System\GtbNJmd.exe
  2⤵
  PID:3628
- C:\Windows\System\lOZjZFN.exe
  C:\Windows\System\lOZjZFN.exe
  2⤵
  PID:4844
- C:\Windows\System\juQvbqc.exe
  C:\Windows\System\juQvbqc.exe
  2⤵
  PID:1740
- C:\Windows\System\ZSminDI.exe
  C:\Windows\System\ZSminDI.exe
  2⤵
  PID:3864
- C:\Windows\System\GurHRwm.exe
  C:\Windows\System\GurHRwm.exe
  2⤵
  PID:5176
- C:\Windows\System\ysRrLni.exe
  C:\Windows\System\ysRrLni.exe
  2⤵
  PID:5212
- C:\Windows\System\oVxeRjP.exe
  C:\Windows\System\oVxeRjP.exe
  2⤵
  PID:5248
- C:\Windows\System\VKtyRlA.exe
  C:\Windows\System\VKtyRlA.exe
  2⤵
  PID:5328
- C:\Windows\System\yIKrOIx.exe
  C:\Windows\System\yIKrOIx.exe
  2⤵
  PID:5416
- C:\Windows\System\UcKwdKK.exe
  C:\Windows\System\UcKwdKK.exe
  2⤵
  PID:5516
- C:\Windows\System\VlHZKZj.exe
  C:\Windows\System\VlHZKZj.exe
  2⤵
  PID:4600
- C:\Windows\System\NJqdcJi.exe
  C:\Windows\System\NJqdcJi.exe
  2⤵
  PID:5592
- C:\Windows\System\YyjXANe.exe
  C:\Windows\System\YyjXANe.exe
  2⤵
  PID:5624
- C:\Windows\System\cxvZtMa.exe
  C:\Windows\System\cxvZtMa.exe
  2⤵
  PID:5712
- C:\Windows\System\YStxPgO.exe
  C:\Windows\System\YStxPgO.exe
  2⤵
  PID:5852
- C:\Windows\System\pscdkAg.exe
  C:\Windows\System\pscdkAg.exe
  2⤵
  PID:5932
- C:\Windows\System\BRisPsF.exe
  C:\Windows\System\BRisPsF.exe
  2⤵
  PID:5960
- C:\Windows\System\wjdIqZz.exe
  C:\Windows\System\wjdIqZz.exe
  2⤵
  PID:6036
- C:\Windows\System\pgZSBHs.exe
  C:\Windows\System\pgZSBHs.exe
  2⤵
  PID:6096
- C:\Windows\System\SydzKTC.exe
  C:\Windows\System\SydzKTC.exe
  2⤵
  PID:6128
- C:\Windows\System\LXtdyVa.exe
  C:\Windows\System\LXtdyVa.exe
  2⤵
  PID:2980
- C:\Windows\System\CazgZgD.exe
  C:\Windows\System\CazgZgD.exe
  2⤵
  PID:5136
- C:\Windows\System\KQGvUkv.exe
  C:\Windows\System\KQGvUkv.exe
  2⤵
  PID:5268
- C:\Windows\System\ZFmbSVi.exe
  C:\Windows\System\ZFmbSVi.exe
  2⤵
  PID:5476
- C:\Windows\System\OdOwwXx.exe
  C:\Windows\System\OdOwwXx.exe
  2⤵
  PID:5568
- C:\Windows\System\wajsQuH.exe
  C:\Windows\System\wajsQuH.exe
  2⤵
  PID:5688
- C:\Windows\System\mcJnuAO.exe
  C:\Windows\System\mcJnuAO.exe
  2⤵
  PID:5768
- C:\Windows\System\IrXzzao.exe
  C:\Windows\System\IrXzzao.exe
  2⤵
  PID:6004
- C:\Windows\System\dEIUXfh.exe
  C:\Windows\System\dEIUXfh.exe
  2⤵
  PID:6148
- C:\Windows\System\NWHwnkc.exe
  C:\Windows\System\NWHwnkc.exe
  2⤵
  PID:6192
- C:\Windows\System\rmPtisI.exe
  C:\Windows\System\rmPtisI.exe
  2⤵
  PID:6212
- C:\Windows\System\ovIpSNY.exe
  C:\Windows\System\ovIpSNY.exe
  2⤵
  PID:6228
- C:\Windows\System\bAXWRBl.exe
  C:\Windows\System\bAXWRBl.exe
  2⤵
  PID:6244
- C:\Windows\System\USNXPPj.exe
  C:\Windows\System\USNXPPj.exe
  2⤵
  PID:6260
- C:\Windows\System\DPbubxa.exe
  C:\Windows\System\DPbubxa.exe
  2⤵
  PID:6276
- C:\Windows\System\zgrkudE.exe
  C:\Windows\System\zgrkudE.exe
  2⤵
  PID:6320
- C:\Windows\System\CYpHfhR.exe
  C:\Windows\System\CYpHfhR.exe
  2⤵
  PID:6364
- C:\Windows\System\HjNZJkN.exe
  C:\Windows\System\HjNZJkN.exe
  2⤵
  PID:6396
- C:\Windows\System\LlyKAoG.exe
  C:\Windows\System\LlyKAoG.exe
  2⤵
  PID:6432
- C:\Windows\System\VqfTtPD.exe
  C:\Windows\System\VqfTtPD.exe
  2⤵
  PID:6452
- C:\Windows\System\IYEAiyr.exe
  C:\Windows\System\IYEAiyr.exe
  2⤵
  PID:6488
- C:\Windows\System\LbEossF.exe
  C:\Windows\System\LbEossF.exe
  2⤵
  PID:6528
- C:\Windows\System\bZtJGwN.exe
  C:\Windows\System\bZtJGwN.exe
  2⤵
  PID:6548
- C:\Windows\System\iYVBauh.exe
  C:\Windows\System\iYVBauh.exe
  2⤵
  PID:6572
- C:\Windows\System\dnNFUFD.exe
  C:\Windows\System\dnNFUFD.exe
  2⤵
  PID:6604
- C:\Windows\System\yfEoGGl.exe
  C:\Windows\System\yfEoGGl.exe
  2⤵
  PID:6620
- C:\Windows\System\JDoezZH.exe
  C:\Windows\System\JDoezZH.exe
  2⤵
  PID:6660
- C:\Windows\System\LHqeKZX.exe
  C:\Windows\System\LHqeKZX.exe
  2⤵
  PID:6676
- C:\Windows\System\XxhxygR.exe
  C:\Windows\System\XxhxygR.exe
  2⤵
  PID:6704
- C:\Windows\System\qUhsaWP.exe
  C:\Windows\System\qUhsaWP.exe
  2⤵
  PID:6720
- C:\Windows\System\rVEbaMd.exe
  C:\Windows\System\rVEbaMd.exe
  2⤵
  PID:6764
- C:\Windows\System\wvJYHpB.exe
  C:\Windows\System\wvJYHpB.exe
  2⤵
  PID:6788
- C:\Windows\System\lilYQwL.exe
  C:\Windows\System\lilYQwL.exe
  2⤵
  PID:6816
- C:\Windows\System\xxTWCBC.exe
  C:\Windows\System\xxTWCBC.exe
  2⤵
  PID:6844
- C:\Windows\System\DmDNzoi.exe
  C:\Windows\System\DmDNzoi.exe
  2⤵
  PID:6880
- C:\Windows\System\jAKFpcT.exe
  C:\Windows\System\jAKFpcT.exe
  2⤵
  PID:6900
- C:\Windows\System\azbcMhU.exe
  C:\Windows\System\azbcMhU.exe
  2⤵
  PID:6928
- C:\Windows\System\nBlyBFq.exe
  C:\Windows\System\nBlyBFq.exe
  2⤵
  PID:6956
- C:\Windows\System\DytrjuD.exe
  C:\Windows\System\DytrjuD.exe
  2⤵
  PID:6992
- C:\Windows\System\NWcEuVV.exe
  C:\Windows\System\NWcEuVV.exe
  2⤵
  PID:7024
- C:\Windows\System\puHkoBG.exe
  C:\Windows\System\puHkoBG.exe
  2⤵
  PID:7048
- C:\Windows\System\zbCsabq.exe
  C:\Windows\System\zbCsabq.exe
  2⤵
  PID:7080
- C:\Windows\System\rScHYUT.exe
  C:\Windows\System\rScHYUT.exe
  2⤵
  PID:7096
- C:\Windows\System\qxCyWuH.exe
  C:\Windows\System\qxCyWuH.exe
  2⤵
  PID:7124
- C:\Windows\System\rMoNhTf.exe
  C:\Windows\System\rMoNhTf.exe
  2⤵
  PID:7152
- C:\Windows\System\qODzynM.exe
  C:\Windows\System\qODzynM.exe
  2⤵
  PID:5204
- C:\Windows\System\fYcxMOh.exe
  C:\Windows\System\fYcxMOh.exe
  2⤵
  PID:5648
- C:\Windows\System\LzMLkjS.exe
  C:\Windows\System\LzMLkjS.exe
  2⤵
  PID:5864
- C:\Windows\System\ptUCNGo.exe
  C:\Windows\System\ptUCNGo.exe
  2⤵
  PID:2340
- C:\Windows\System\xjqlSEx.exe
  C:\Windows\System\xjqlSEx.exe
  2⤵
  PID:6236
- C:\Windows\System\FILWejw.exe
  C:\Windows\System\FILWejw.exe
  2⤵
  PID:6296
- C:\Windows\System\ckDtTiG.exe
  C:\Windows\System\ckDtTiG.exe
  2⤵
  PID:6384
- C:\Windows\System\LGCgHtv.exe
  C:\Windows\System\LGCgHtv.exe
  2⤵
  PID:6424
- C:\Windows\System\ifZJZha.exe
  C:\Windows\System\ifZJZha.exe
  2⤵
  PID:6468
- C:\Windows\System\FsnteIn.exe
  C:\Windows\System\FsnteIn.exe
  2⤵
  PID:6536
- C:\Windows\System\qPLBqmT.exe
  C:\Windows\System\qPLBqmT.exe
  2⤵
  PID:6640
- C:\Windows\System\BYxKkvm.exe
  C:\Windows\System\BYxKkvm.exe
  2⤵
  PID:6692
- C:\Windows\System\kubFcUz.exe
  C:\Windows\System\kubFcUz.exe
  2⤵
  PID:6740
- C:\Windows\System\wMmOZoL.exe
  C:\Windows\System\wMmOZoL.exe
  2⤵
  PID:6808
- C:\Windows\System\jqrfzGw.exe
  C:\Windows\System\jqrfzGw.exe
  2⤵
  PID:6864
- C:\Windows\System\nXgJPGF.exe
  C:\Windows\System\nXgJPGF.exe
  2⤵
  PID:6948
- C:\Windows\System\fvRKImi.exe
  C:\Windows\System\fvRKImi.exe
  2⤵
  PID:6984
- C:\Windows\System\bgKOWou.exe
  C:\Windows\System\bgKOWou.exe
  2⤵
  PID:7056
- C:\Windows\System\LMHVrKz.exe
  C:\Windows\System\LMHVrKz.exe
  2⤵
  PID:7144
- C:\Windows\System\PWcMCCe.exe
  C:\Windows\System\PWcMCCe.exe
  2⤵
  PID:5748
- C:\Windows\System\GruXZJI.exe
  C:\Windows\System\GruXZJI.exe
  2⤵
  PID:6204
- C:\Windows\System\EqaxHFU.exe
  C:\Windows\System\EqaxHFU.exe
  2⤵
  PID:6272
- C:\Windows\System\WkaDCSz.exe
  C:\Windows\System\WkaDCSz.exe
  2⤵
  PID:6504
- C:\Windows\System\AekYrKf.exe
  C:\Windows\System\AekYrKf.exe
  2⤵
  PID:6568
- C:\Windows\System\lvUWyBK.exe
  C:\Windows\System\lvUWyBK.exe
  2⤵
  PID:6784
- C:\Windows\System\cgQYFnX.exe
  C:\Windows\System\cgQYFnX.exe
  2⤵
  PID:1916
- C:\Windows\System\uULLfpU.exe
  C:\Windows\System\uULLfpU.exe
  2⤵
  PID:7088
- C:\Windows\System\rWVPcwf.exe
  C:\Windows\System\rWVPcwf.exe
  2⤵
  PID:6104
- C:\Windows\System\npRUEhF.exe
  C:\Windows\System\npRUEhF.exe
  2⤵
  PID:7180
- C:\Windows\System\LyiDNMr.exe
  C:\Windows\System\LyiDNMr.exe
  2⤵
  PID:7208
- C:\Windows\System\OJxmVJG.exe
  C:\Windows\System\OJxmVJG.exe
  2⤵
  PID:7236
- C:\Windows\System\YZdwhRa.exe
  C:\Windows\System\YZdwhRa.exe
  2⤵
  PID:7252
- C:\Windows\System\JJPXJVK.exe
  C:\Windows\System\JJPXJVK.exe
  2⤵
  PID:7280
- C:\Windows\System\rgDjiey.exe
  C:\Windows\System\rgDjiey.exe
  2⤵
  PID:7320
- C:\Windows\System\IfDAvoI.exe
  C:\Windows\System\IfDAvoI.exe
  2⤵
  PID:7348
- C:\Windows\System\zYcwOBZ.exe
  C:\Windows\System\zYcwOBZ.exe
  2⤵
  PID:7372
- C:\Windows\System\SYwhjQz.exe
  C:\Windows\System\SYwhjQz.exe
  2⤵
  PID:7392
- C:\Windows\System\BAoKXYH.exe
  C:\Windows\System\BAoKXYH.exe
  2⤵
  PID:7420
- C:\Windows\System\cQPpwxt.exe
  C:\Windows\System\cQPpwxt.exe
  2⤵
  PID:7472
- C:\Windows\System\eWLVBlW.exe
  C:\Windows\System\eWLVBlW.exe
  2⤵
  PID:7512
- C:\Windows\System\PsrSwRW.exe
  C:\Windows\System\PsrSwRW.exe
  2⤵
  PID:7528
- C:\Windows\System\WqGqKiD.exe
  C:\Windows\System\WqGqKiD.exe
  2⤵
  PID:7544
- C:\Windows\System\YNShqNS.exe
  C:\Windows\System\YNShqNS.exe
  2⤵
  PID:7572
- C:\Windows\System\GYqfILS.exe
  C:\Windows\System\GYqfILS.exe
  2⤵
  PID:7620
- C:\Windows\System\sjnxvTc.exe
  C:\Windows\System\sjnxvTc.exe
  2⤵
  PID:7640
- C:\Windows\System\oPDhdLj.exe
  C:\Windows\System\oPDhdLj.exe
  2⤵
  PID:7668
- C:\Windows\System\UGuFFZs.exe
  C:\Windows\System\UGuFFZs.exe
  2⤵
  PID:7696
- C:\Windows\System\xcxhDVY.exe
  C:\Windows\System\xcxhDVY.exe
  2⤵
  PID:7712
- C:\Windows\System\NERNFTB.exe
  C:\Windows\System\NERNFTB.exe
  2⤵
  PID:7740
- C:\Windows\System\iIQPgVL.exe
  C:\Windows\System\iIQPgVL.exe
  2⤵
  PID:7788
- C:\Windows\System\YPEtAjd.exe
  C:\Windows\System\YPEtAjd.exe
  2⤵
  PID:7808
- C:\Windows\System\mmtBXvJ.exe
  C:\Windows\System\mmtBXvJ.exe
  2⤵
  PID:7836
- C:\Windows\System\IUcgWyC.exe
  C:\Windows\System\IUcgWyC.exe
  2⤵
  PID:7872
- C:\Windows\System\mkDQMKn.exe
  C:\Windows\System\mkDQMKn.exe
  2⤵
  PID:7892
- C:\Windows\System\cDtUzZE.exe
  C:\Windows\System\cDtUzZE.exe
  2⤵
  PID:7908
- C:\Windows\System\CBuUSJy.exe
  C:\Windows\System\CBuUSJy.exe
  2⤵
  PID:7924
- C:\Windows\System\WPIZLWL.exe
  C:\Windows\System\WPIZLWL.exe
  2⤵
  PID:7968
- C:\Windows\System\LwCyynW.exe
  C:\Windows\System\LwCyynW.exe
  2⤵
  PID:7992
- C:\Windows\System\lvwwNNO.exe
  C:\Windows\System\lvwwNNO.exe
  2⤵
  PID:8012
- C:\Windows\System\XkGnSHA.exe
  C:\Windows\System\XkGnSHA.exe
  2⤵
  PID:8048
- C:\Windows\System\XrMMtis.exe
  C:\Windows\System\XrMMtis.exe
  2⤵
  PID:8076
- C:\Windows\System\XgFQfrF.exe
  C:\Windows\System\XgFQfrF.exe
  2⤵
  PID:8104
- C:\Windows\System\SQUKxgq.exe
  C:\Windows\System\SQUKxgq.exe
  2⤵
  PID:8144
- C:\Windows\System\oobRVLz.exe
  C:\Windows\System\oobRVLz.exe
  2⤵
  PID:8172
- C:\Windows\System\gszrRFj.exe
  C:\Windows\System\gszrRFj.exe
  2⤵
  PID:6336
- C:\Windows\System\LkzdYfS.exe
  C:\Windows\System\LkzdYfS.exe
  2⤵
  PID:6516
- C:\Windows\System\wtOqWVk.exe
  C:\Windows\System\wtOqWVk.exe
  2⤵
  PID:7016
- C:\Windows\System\pGEheFq.exe
  C:\Windows\System\pGEheFq.exe
  2⤵
  PID:7172
- C:\Windows\System\OeenhTK.exe
  C:\Windows\System\OeenhTK.exe
  2⤵
  PID:7224
- C:\Windows\System\IfwWjYH.exe
  C:\Windows\System\IfwWjYH.exe
  2⤵
  PID:7304
- C:\Windows\System\jJmysPs.exe
  C:\Windows\System\jJmysPs.exe
  2⤵
  PID:7360
- C:\Windows\System\KtWloJf.exe
  C:\Windows\System\KtWloJf.exe
  2⤵
  PID:7408
- C:\Windows\System\qthIApN.exe
  C:\Windows\System\qthIApN.exe
  2⤵
  PID:7484
- C:\Windows\System\qyZftAs.exe
  C:\Windows\System\qyZftAs.exe
  2⤵
  PID:7536
- C:\Windows\System\hgYqFuJ.exe
  C:\Windows\System\hgYqFuJ.exe
  2⤵
  PID:7560
- C:\Windows\System\jgxTNyY.exe
  C:\Windows\System\jgxTNyY.exe
  2⤵
  PID:7604
- C:\Windows\System\QLaMTSz.exe
  C:\Windows\System\QLaMTSz.exe
  2⤵
  PID:7660
- C:\Windows\System\epXTbJm.exe
  C:\Windows\System\epXTbJm.exe
  2⤵
  PID:7704
- C:\Windows\System\VrYohcP.exe
  C:\Windows\System\VrYohcP.exe
  2⤵
  PID:7756
- C:\Windows\System\cIOUlGv.exe
  C:\Windows\System\cIOUlGv.exe
  2⤵
  PID:7800
- C:\Windows\System\WCwWZob.exe
  C:\Windows\System\WCwWZob.exe
  2⤵
  PID:7860
- C:\Windows\System\LWpuqKs.exe
  C:\Windows\System\LWpuqKs.exe
  2⤵
  PID:7920
- C:\Windows\System\yBxAjGT.exe
  C:\Windows\System\yBxAjGT.exe
  2⤵
  PID:8092
- C:\Windows\System\rqUTlPi.exe
  C:\Windows\System\rqUTlPi.exe
  2⤵
  PID:8180
- C:\Windows\System\QokktBr.exe
  C:\Windows\System\QokktBr.exe
  2⤵
  PID:6448
- C:\Windows\System\NoClugi.exe
  C:\Windows\System\NoClugi.exe
  2⤵
  PID:6832
- C:\Windows\System\CNkhUCf.exe
  C:\Windows\System\CNkhUCf.exe
  2⤵
  PID:7192
- C:\Windows\System\VfjNHfO.exe
  C:\Windows\System\VfjNHfO.exe
  2⤵
  PID:7336
- C:\Windows\System\yKgokhF.exe
  C:\Windows\System\yKgokhF.exe
  2⤵
  PID:7384
- C:\Windows\System\AIiZTHz.exe
  C:\Windows\System\AIiZTHz.exe
  2⤵
  PID:7496
- C:\Windows\System\TkDTIWW.exe
  C:\Windows\System\TkDTIWW.exe
  2⤵
  PID:4456
- C:\Windows\System\KGXpnul.exe
  C:\Windows\System\KGXpnul.exe
  2⤵
  PID:8160
- C:\Windows\System\VJXxNdw.exe
  C:\Windows\System\VJXxNdw.exe
  2⤵
  PID:1328
- C:\Windows\System\milfdyA.exe
  C:\Windows\System\milfdyA.exe
  2⤵
  PID:1320
- C:\Windows\System\hhLzUhz.exe
  C:\Windows\System\hhLzUhz.exe
  2⤵
  PID:2924
- C:\Windows\System\jHXgNgN.exe
  C:\Windows\System\jHXgNgN.exe
  2⤵
  PID:1780
- C:\Windows\System\viJqpbh.exe
  C:\Windows\System\viJqpbh.exe
  2⤵
  PID:2688
- C:\Windows\System\bjoPDKX.exe
  C:\Windows\System\bjoPDKX.exe
  2⤵
  PID:3232
- C:\Windows\System\cTqJtCm.exe
  C:\Windows\System\cTqJtCm.exe
  2⤵
  PID:5048
- C:\Windows\System\lGslrSZ.exe
  C:\Windows\System\lGslrSZ.exe
  2⤵
  PID:3812
- C:\Windows\System\KJiOCKi.exe
  C:\Windows\System\KJiOCKi.exe
  2⤵
  PID:6672
- C:\Windows\System\FDtLOub.exe
  C:\Windows\System\FDtLOub.exe
  2⤵
  PID:4692
- C:\Windows\System\UYZeWii.exe
  C:\Windows\System\UYZeWii.exe
  2⤵
  PID:3248
- C:\Windows\System\npzsBxC.exe
  C:\Windows\System\npzsBxC.exe
  2⤵
  PID:3500
- C:\Windows\System\xvUfKvr.exe
  C:\Windows\System\xvUfKvr.exe
  2⤵
  PID:380
- C:\Windows\System\BoRaQLR.exe
  C:\Windows\System\BoRaQLR.exe
  2⤵
  PID:1408
- C:\Windows\System\FTinDCR.exe
  C:\Windows\System\FTinDCR.exe
  2⤵
  PID:1592
- C:\Windows\System\UjVErSJ.exe
  C:\Windows\System\UjVErSJ.exe
  2⤵
  PID:4228
- C:\Windows\System\psiswOU.exe
  C:\Windows\System\psiswOU.exe
  2⤵
  PID:4768
- C:\Windows\System\qXqloIE.exe
  C:\Windows\System\qXqloIE.exe
  2⤵
  PID:3956
- C:\Windows\System\UDokKVx.exe
  C:\Windows\System\UDokKVx.exe
  2⤵
  PID:776
- C:\Windows\System\ZctHZMN.exe
  C:\Windows\System\ZctHZMN.exe
  2⤵
  PID:2756
- C:\Windows\System\YBuJEEW.exe
  C:\Windows\System\YBuJEEW.exe
  2⤵
  PID:3688
- C:\Windows\System\liCGBvU.exe
  C:\Windows\System\liCGBvU.exe
  2⤵
  PID:1852
- C:\Windows\System\bOgOJnj.exe
  C:\Windows\System\bOgOJnj.exe
  2⤵
  PID:2572
- C:\Windows\System\wziNxyH.exe
  C:\Windows\System\wziNxyH.exe
  2⤵
  PID:2468
- C:\Windows\System\yboPqNf.exe
  C:\Windows\System\yboPqNf.exe
  2⤵
  PID:3568
- C:\Windows\System\QmTkaeG.exe
  C:\Windows\System\QmTkaeG.exe
  2⤵
  PID:1616
- C:\Windows\System\ZbByKFV.exe
  C:\Windows\System\ZbByKFV.exe
  2⤵
  PID:2184
- C:\Windows\System\ASMaQgq.exe
  C:\Windows\System\ASMaQgq.exe
  2⤵
  PID:3536
- C:\Windows\System\hUMcEsU.exe
  C:\Windows\System\hUMcEsU.exe
  2⤵
  PID:3240
- C:\Windows\System\RocsLFk.exe
  C:\Windows\System\RocsLFk.exe
  2⤵
  PID:8220
- C:\Windows\System\rAcMQcl.exe
  C:\Windows\System\rAcMQcl.exe
  2⤵
  PID:8252
- C:\Windows\System\OLLpjVh.exe
  C:\Windows\System\OLLpjVh.exe
  2⤵
  PID:8284
- C:\Windows\System\NHmasnc.exe
  C:\Windows\System\NHmasnc.exe
  2⤵
  PID:8312
- C:\Windows\System\ptqeTUd.exe
  C:\Windows\System\ptqeTUd.exe
  2⤵
  PID:8348
- C:\Windows\System\nELoLul.exe
  C:\Windows\System\nELoLul.exe
  2⤵
  PID:8368
- C:\Windows\System\vTvnWco.exe
  C:\Windows\System\vTvnWco.exe
  2⤵
  PID:8392
- C:\Windows\System\bUNleLh.exe
  C:\Windows\System\bUNleLh.exe
  2⤵
  PID:8432
- C:\Windows\System\MiLxTcO.exe
  C:\Windows\System\MiLxTcO.exe
  2⤵
  PID:8468
- C:\Windows\System\YmzmJCt.exe
  C:\Windows\System\YmzmJCt.exe
  2⤵
  PID:8496
- C:\Windows\System\NBhTnAE.exe
  C:\Windows\System\NBhTnAE.exe
  2⤵
  PID:8524
- C:\Windows\System\ytGyEMA.exe
  C:\Windows\System\ytGyEMA.exe
  2⤵
  PID:8552
- C:\Windows\System\iXNMAzf.exe
  C:\Windows\System\iXNMAzf.exe
  2⤵
  PID:8580
- C:\Windows\System\UQzLHNd.exe
  C:\Windows\System\UQzLHNd.exe
  2⤵
  PID:8636
- C:\Windows\System\QTJsbLA.exe
  C:\Windows\System\QTJsbLA.exe
  2⤵
  PID:8676
- C:\Windows\System\mpWDNgg.exe
  C:\Windows\System\mpWDNgg.exe
  2⤵
  PID:8708
- C:\Windows\System\URtZnTs.exe
  C:\Windows\System\URtZnTs.exe
  2⤵
  PID:8736
- C:\Windows\System\rCkYoMB.exe
  C:\Windows\System\rCkYoMB.exe
  2⤵
  PID:8764
- C:\Windows\System\xRqoScD.exe
  C:\Windows\System\xRqoScD.exe
  2⤵
  PID:8792
- C:\Windows\System\GUMHnGQ.exe
  C:\Windows\System\GUMHnGQ.exe
  2⤵
  PID:8820
- C:\Windows\System\vLEKiYq.exe
  C:\Windows\System\vLEKiYq.exe
  2⤵
  PID:8848
- C:\Windows\System\QZmdZyC.exe
  C:\Windows\System\QZmdZyC.exe
  2⤵
  PID:8880
- C:\Windows\System\HKbBbgH.exe
  C:\Windows\System\HKbBbgH.exe
  2⤵
  PID:8908
- C:\Windows\System\RqsNVdh.exe
  C:\Windows\System\RqsNVdh.exe
  2⤵
  PID:8936
- C:\Windows\System\PvKIYAJ.exe
  C:\Windows\System\PvKIYAJ.exe
  2⤵
  PID:8960
- C:\Windows\System\QieYNdE.exe
  C:\Windows\System\QieYNdE.exe
  2⤵
  PID:8992
- C:\Windows\System\TVfJKMu.exe
  C:\Windows\System\TVfJKMu.exe
  2⤵
  PID:9020
- C:\Windows\System\JleadCX.exe
  C:\Windows\System\JleadCX.exe
  2⤵
  PID:9048
- C:\Windows\System\wemqexd.exe
  C:\Windows\System\wemqexd.exe
  2⤵
  PID:9080
- C:\Windows\System\wMXjhWU.exe
  C:\Windows\System\wMXjhWU.exe
  2⤵
  PID:9108
- C:\Windows\System\JhlrgLL.exe
  C:\Windows\System\JhlrgLL.exe
  2⤵
  PID:9136
- C:\Windows\System\YsxgsEU.exe
  C:\Windows\System\YsxgsEU.exe
  2⤵
  PID:9164
- C:\Windows\System\DVdInuL.exe
  C:\Windows\System\DVdInuL.exe
  2⤵
  PID:9212
- C:\Windows\System\rFqcpmV.exe
  C:\Windows\System\rFqcpmV.exe
  2⤵
  PID:8244
- C:\Windows\System\hViPtbq.exe
  C:\Windows\System\hViPtbq.exe
  2⤵
  PID:8328
- C:\Windows\System\wVloTTM.exe
  C:\Windows\System\wVloTTM.exe
  2⤵
  PID:8412
- C:\Windows\System\sKYDtOX.exe
  C:\Windows\System\sKYDtOX.exe
  2⤵
  PID:8516
- C:\Windows\System\MPrcdlg.exe
  C:\Windows\System\MPrcdlg.exe
  2⤵
  PID:8672
- C:\Windows\System\OJEcXdJ.exe
  C:\Windows\System\OJEcXdJ.exe
  2⤵
  PID:8756
- C:\Windows\System\OJqgoib.exe
  C:\Windows\System\OJqgoib.exe
  2⤵
  PID:8804
- C:\Windows\System\ssbvXTj.exe
  C:\Windows\System\ssbvXTj.exe
  2⤵
  PID:8872
- C:\Windows\System\DGVDIZF.exe
  C:\Windows\System\DGVDIZF.exe
  2⤵
  PID:3076
- C:\Windows\System\IyKQDzo.exe
  C:\Windows\System\IyKQDzo.exe
  2⤵
  PID:8928
- C:\Windows\System\KKwsaij.exe
  C:\Windows\System\KKwsaij.exe
  2⤵
  PID:9032
- C:\Windows\System\MeCxKPU.exe
  C:\Windows\System\MeCxKPU.exe
  2⤵
  PID:9072
- C:\Windows\System\RmpWTfI.exe
  C:\Windows\System\RmpWTfI.exe
  2⤵
  PID:4468
- C:\Windows\System\aDuDiIY.exe
  C:\Windows\System\aDuDiIY.exe
  2⤵
  PID:9132
- C:\Windows\System\HMjQilI.exe
  C:\Windows\System\HMjQilI.exe
  2⤵
  PID:8508
- C:\Windows\System\NpZqlBb.exe
  C:\Windows\System\NpZqlBb.exe
  2⤵
  PID:2668
- C:\Windows\System\QJbZJBG.exe
  C:\Windows\System\QJbZJBG.exe
  2⤵
  PID:8844
- C:\Windows\System\WfloxxD.exe
  C:\Windows\System\WfloxxD.exe
  2⤵
  PID:8976
- C:\Windows\System\gFFACXi.exe
  C:\Windows\System\gFFACXi.exe
  2⤵
  PID:9128
- C:\Windows\System\unhSDmz.exe
  C:\Windows\System\unhSDmz.exe
  2⤵
  PID:8492
- C:\Windows\System\aPTSSCe.exe
  C:\Windows\System\aPTSSCe.exe
  2⤵
  PID:8816
- C:\Windows\System\EEoaTOI.exe
  C:\Windows\System\EEoaTOI.exe
  2⤵
  PID:3180
- C:\Windows\System\ERxIMGj.exe
  C:\Windows\System\ERxIMGj.exe
  2⤵
  PID:8208
- C:\Windows\System\uuNlVdt.exe
  C:\Windows\System\uuNlVdt.exe
  2⤵
  PID:4172
- C:\Windows\System\AqXMfpz.exe
  C:\Windows\System\AqXMfpz.exe
  2⤵
  PID:8720
- C:\Windows\System\zLdFBxQ.exe
  C:\Windows\System\zLdFBxQ.exe
  2⤵
  PID:9224
- C:\Windows\System\iCwPbRv.exe
  C:\Windows\System\iCwPbRv.exe
  2⤵
  PID:9252
- C:\Windows\System\JYDqswz.exe
  C:\Windows\System\JYDqswz.exe
  2⤵
  PID:9276
- C:\Windows\System\vxDjRCI.exe
  C:\Windows\System\vxDjRCI.exe
  2⤵
  PID:9296
- C:\Windows\System\dLaoPEv.exe
  C:\Windows\System\dLaoPEv.exe
  2⤵
  PID:9312
- C:\Windows\System\mGmaHCF.exe
  C:\Windows\System\mGmaHCF.exe
  2⤵
  PID:9344
- C:\Windows\System\HmUpiqV.exe
  C:\Windows\System\HmUpiqV.exe
  2⤵
  PID:9400
- C:\Windows\System\QUPuIsl.exe
  C:\Windows\System\QUPuIsl.exe
  2⤵
  PID:9428
- C:\Windows\System\yERizeK.exe
  C:\Windows\System\yERizeK.exe
  2⤵
  PID:9456
- C:\Windows\System\OjsSdRN.exe
  C:\Windows\System\OjsSdRN.exe
  2⤵
  PID:9484
- C:\Windows\System\arOmXrW.exe
  C:\Windows\System\arOmXrW.exe
  2⤵
  PID:9512
- C:\Windows\System\AzbGDFQ.exe
  C:\Windows\System\AzbGDFQ.exe
  2⤵
  PID:9540
- C:\Windows\System\wLKybYD.exe
  C:\Windows\System\wLKybYD.exe
  2⤵
  PID:9576
- C:\Windows\System\SOwPHaH.exe
  C:\Windows\System\SOwPHaH.exe
  2⤵
  PID:9596
- C:\Windows\System\BCZUctO.exe
  C:\Windows\System\BCZUctO.exe
  2⤵
  PID:9628
- C:\Windows\System\ysQyYoj.exe
  C:\Windows\System\ysQyYoj.exe
  2⤵
  PID:9656
- C:\Windows\System\uKzISrV.exe
  C:\Windows\System\uKzISrV.exe
  2⤵
  PID:9684
- C:\Windows\System\pUCrITT.exe
  C:\Windows\System\pUCrITT.exe
  2⤵
  PID:9716
- C:\Windows\System\mamOPNJ.exe
  C:\Windows\System\mamOPNJ.exe
  2⤵
  PID:9740
- C:\Windows\System\UhCXtaS.exe
  C:\Windows\System\UhCXtaS.exe
  2⤵
  PID:9768
- C:\Windows\System\Nessmez.exe
  C:\Windows\System\Nessmez.exe
  2⤵
  PID:9788
- C:\Windows\System\iPVNNQi.exe
  C:\Windows\System\iPVNNQi.exe
  2⤵
  PID:9808
- C:\Windows\System\qPiZnjz.exe
  C:\Windows\System\qPiZnjz.exe
  2⤵
  PID:9860
- C:\Windows\System\IYhLQAf.exe
  C:\Windows\System\IYhLQAf.exe
  2⤵
  PID:9884
- C:\Windows\System\UZhYpHl.exe
  C:\Windows\System\UZhYpHl.exe
  2⤵
  PID:9916
- C:\Windows\System\bxbHzES.exe
  C:\Windows\System\bxbHzES.exe
  2⤵
  PID:9960
- C:\Windows\System\HJUFuyI.exe
  C:\Windows\System\HJUFuyI.exe
  2⤵
  PID:10048
- C:\Windows\System\MFegEMh.exe
  C:\Windows\System\MFegEMh.exe
  2⤵
  PID:10084
- C:\Windows\System\iIcOmlw.exe
  C:\Windows\System\iIcOmlw.exe
  2⤵
  PID:10112
- C:\Windows\System\OhGMTWW.exe
  C:\Windows\System\OhGMTWW.exe
  2⤵
  PID:10140
- C:\Windows\System\PCwKtGy.exe
  C:\Windows\System\PCwKtGy.exe
  2⤵
  PID:10168
- C:\Windows\System\dcDJnWe.exe
  C:\Windows\System\dcDJnWe.exe
  2⤵
  PID:10196
- C:\Windows\System\FifGmFJ.exe
  C:\Windows\System\FifGmFJ.exe
  2⤵
  PID:10228
- C:\Windows\System\IGUUWeG.exe
  C:\Windows\System\IGUUWeG.exe
  2⤵
  PID:9248
- C:\Windows\System\vIOkvAK.exe
  C:\Windows\System\vIOkvAK.exe
  2⤵
  PID:9304
- C:\Windows\System\WOMDFHz.exe
  C:\Windows\System\WOMDFHz.exe
  2⤵
  PID:9384
- C:\Windows\System\vufCRwV.exe
  C:\Windows\System\vufCRwV.exe
  2⤵
  PID:9440
- C:\Windows\System\nnXIyUK.exe
  C:\Windows\System\nnXIyUK.exe
  2⤵
  PID:9504
- C:\Windows\System\gkifSGX.exe
  C:\Windows\System\gkifSGX.exe
  2⤵
  PID:9560
- C:\Windows\System\FiNHbnG.exe
  C:\Windows\System\FiNHbnG.exe
  2⤵
  PID:9620
- C:\Windows\System\lxEXOJX.exe
  C:\Windows\System\lxEXOJX.exe
  2⤵
  PID:9672
- C:\Windows\System\LFSfWaq.exe
  C:\Windows\System\LFSfWaq.exe
  2⤵
  PID:9752
- C:\Windows\System\YuiVegv.exe
  C:\Windows\System\YuiVegv.exe
  2⤵
  PID:9776
- C:\Windows\System\kPMzptl.exe
  C:\Windows\System\kPMzptl.exe
  2⤵
  PID:9856
- C:\Windows\System\PDNBIgf.exe
  C:\Windows\System\PDNBIgf.exe
  2⤵
  PID:9928
- C:\Windows\System\amQSWkB.exe
  C:\Windows\System\amQSWkB.exe
  2⤵
  PID:10040
- C:\Windows\System\KcMCtMz.exe
  C:\Windows\System\KcMCtMz.exe
  2⤵
  PID:7248
- C:\Windows\System\wCArHnq.exe
  C:\Windows\System\wCArHnq.exe
  2⤵
  PID:8440
- C:\Windows\System\XpxLNAQ.exe
  C:\Windows\System\XpxLNAQ.exe
  2⤵
  PID:10132
- C:\Windows\System\UrRzCMN.exe
  C:\Windows\System\UrRzCMN.exe
  2⤵
  PID:10192
- C:\Windows\System\GaCUbOG.exe
  C:\Windows\System\GaCUbOG.exe
  2⤵
  PID:9244
- C:\Windows\System\qmaRGxc.exe
  C:\Windows\System\qmaRGxc.exe
  2⤵
  PID:9356
- C:\Windows\System\UWRTvVI.exe
  C:\Windows\System\UWRTvVI.exe
  2⤵
  PID:9480
- C:\Windows\System\KrrXKSs.exe
  C:\Windows\System\KrrXKSs.exe
  2⤵
  PID:9676
- C:\Windows\System\CcbQxeN.exe
  C:\Windows\System\CcbQxeN.exe
  2⤵
  PID:9852
- C:\Windows\System\SjyJbuQ.exe
  C:\Windows\System\SjyJbuQ.exe
  2⤵
  PID:9980
- C:\Windows\System\SafTqsN.exe
  C:\Windows\System\SafTqsN.exe
  2⤵
  PID:8272
- C:\Windows\System\OqvxlSB.exe
  C:\Windows\System\OqvxlSB.exe
  2⤵
  PID:10212
- C:\Windows\System\JbnoHjQ.exe
  C:\Windows\System\JbnoHjQ.exe
  2⤵
  PID:9236
- C:\Windows\System\AMgPgGX.exe
  C:\Windows\System\AMgPgGX.exe
  2⤵
  PID:9608
- C:\Windows\System\JDnFuNA.exe
  C:\Windows\System\JDnFuNA.exe
  2⤵
  PID:9640
- C:\Windows\System\RKKGAzk.exe
  C:\Windows\System\RKKGAzk.exe
  2⤵
  PID:9948
- C:\Windows\System\HAKGrLK.exe
  C:\Windows\System\HAKGrLK.exe
  2⤵
  PID:10180
- C:\Windows\System\QVRYxxQ.exe
  C:\Windows\System\QVRYxxQ.exe
  2⤵
  PID:9412
- C:\Windows\System\HlSTQAl.exe
  C:\Windows\System\HlSTQAl.exe
  2⤵
  PID:8
- C:\Windows\System\AZzhEUE.exe
  C:\Windows\System\AZzhEUE.exe
  2⤵
  PID:5560
- C:\Windows\System\tbeoXol.exe
  C:\Windows\System\tbeoXol.exe
  2⤵
  PID:5380
- C:\Windows\System\turfWKc.exe
  C:\Windows\System\turfWKc.exe
  2⤵
  PID:10260
- C:\Windows\System\JdQkeaL.exe
  C:\Windows\System\JdQkeaL.exe
  2⤵
  PID:10300
- C:\Windows\System\bbZIhHB.exe
  C:\Windows\System\bbZIhHB.exe
  2⤵
  PID:10320
- C:\Windows\System\WaJZMIv.exe
  C:\Windows\System\WaJZMIv.exe
  2⤵
  PID:10348
- C:\Windows\System\zNGZQnq.exe
  C:\Windows\System\zNGZQnq.exe
  2⤵
  PID:10408
- C:\Windows\System\CQeqlIb.exe
  C:\Windows\System\CQeqlIb.exe
  2⤵
  PID:10444
- C:\Windows\System\CDdOWKo.exe
  C:\Windows\System\CDdOWKo.exe
  2⤵
  PID:10492
- C:\Windows\System\VCaqQQN.exe
  C:\Windows\System\VCaqQQN.exe
  2⤵
  PID:10532
- C:\Windows\System\bAxTKLa.exe
  C:\Windows\System\bAxTKLa.exe
  2⤵
  PID:10588
- C:\Windows\System\gnFmmqs.exe
  C:\Windows\System\gnFmmqs.exe
  2⤵
  PID:10620
- C:\Windows\System\CqBsSgx.exe
  C:\Windows\System\CqBsSgx.exe
  2⤵
  PID:10668
- C:\Windows\System\zVEjQiR.exe
  C:\Windows\System\zVEjQiR.exe
  2⤵
  PID:10696
- C:\Windows\System\uxJcPpT.exe
  C:\Windows\System\uxJcPpT.exe
  2⤵
  PID:10724
- C:\Windows\System\ouTJUmq.exe
  C:\Windows\System\ouTJUmq.exe
  2⤵
  PID:10740
- C:\Windows\System\GTpMlRZ.exe
  C:\Windows\System\GTpMlRZ.exe
  2⤵
  PID:10772
- C:\Windows\System\JNCieZk.exe
  C:\Windows\System\JNCieZk.exe
  2⤵
  PID:10800
- C:\Windows\System\CcuGuUK.exe
  C:\Windows\System\CcuGuUK.exe
  2⤵
  PID:10844
- C:\Windows\System\IILxZIH.exe
  C:\Windows\System\IILxZIH.exe
  2⤵
  PID:10876
- C:\Windows\System\bYKacoc.exe
  C:\Windows\System\bYKacoc.exe
  2⤵
  PID:10900
- C:\Windows\System\hnVROnD.exe
  C:\Windows\System\hnVROnD.exe
  2⤵
  PID:10932
- C:\Windows\System\HOIzRSe.exe
  C:\Windows\System\HOIzRSe.exe
  2⤵
  PID:10960
- C:\Windows\System\PrhurmH.exe
  C:\Windows\System\PrhurmH.exe
  2⤵
  PID:11000
- C:\Windows\System\jqlZkRj.exe
  C:\Windows\System\jqlZkRj.exe
  2⤵
  PID:11016
- C:\Windows\System\twIqyCP.exe
  C:\Windows\System\twIqyCP.exe
  2⤵
  PID:11052
- C:\Windows\System\kIEXuDP.exe
  C:\Windows\System\kIEXuDP.exe
  2⤵
  PID:11080
- C:\Windows\System\nWREFjr.exe
  C:\Windows\System\nWREFjr.exe
  2⤵
  PID:11108
- C:\Windows\System\GBNpzYX.exe
  C:\Windows\System\GBNpzYX.exe
  2⤵
  PID:11140
- C:\Windows\System\cXQfYoS.exe
  C:\Windows\System\cXQfYoS.exe
  2⤵
  PID:11176
- C:\Windows\System\IyDzuxO.exe
  C:\Windows\System\IyDzuxO.exe
  2⤵
  PID:11204
- C:\Windows\System\qlgegio.exe
  C:\Windows\System\qlgegio.exe
  2⤵
  PID:11232
- C:\Windows\System\aAxIcIJ.exe
  C:\Windows\System\aAxIcIJ.exe
  2⤵
  PID:11260
- C:\Windows\System\TbRvQxh.exe
  C:\Windows\System\TbRvQxh.exe
  2⤵
  PID:10312
- C:\Windows\System\AirnngD.exe
  C:\Windows\System\AirnngD.exe
  2⤵
  PID:10356
- C:\Windows\System\wMYOyAB.exe
  C:\Windows\System\wMYOyAB.exe
  2⤵
  PID:10440
- C:\Windows\System\OZQuAko.exe
  C:\Windows\System\OZQuAko.exe
  2⤵
  PID:10528
- C:\Windows\System\JNAEoSS.exe
  C:\Windows\System\JNAEoSS.exe
  2⤵
  PID:10600
- C:\Windows\System\uDcSOLl.exe
  C:\Windows\System\uDcSOLl.exe
  2⤵
  PID:10692
- C:\Windows\System\akHjSfM.exe
  C:\Windows\System\akHjSfM.exe
  2⤵
  PID:5964
- C:\Windows\System\cBPcJcu.exe
  C:\Windows\System\cBPcJcu.exe
  2⤵
  PID:10792
- C:\Windows\System\CmYsTsl.exe
  C:\Windows\System\CmYsTsl.exe
  2⤵
  PID:10868
- C:\Windows\System\QBLBPCF.exe
  C:\Windows\System\QBLBPCF.exe
  2⤵
  PID:10924
- C:\Windows\System\etesfJS.exe
  C:\Windows\System\etesfJS.exe
  2⤵
  PID:10996
- C:\Windows\System\yZUqSHj.exe
  C:\Windows\System\yZUqSHj.exe
  2⤵
  PID:11048
- C:\Windows\System\oBWXfFG.exe
  C:\Windows\System\oBWXfFG.exe
  2⤵
  PID:11104
- C:\Windows\System\suqfPaF.exe
  C:\Windows\System\suqfPaF.exe
  2⤵
  PID:11188
- C:\Windows\System\fJipGJW.exe
  C:\Windows\System\fJipGJW.exe
  2⤵
  PID:2948
- C:\Windows\System\pxCnnBK.exe
  C:\Windows\System\pxCnnBK.exe
  2⤵
  PID:10252
- C:\Windows\System\LVSVYOX.exe
  C:\Windows\System\LVSVYOX.exe
  2⤵
  PID:10328
- C:\Windows\System\kgdcIrB.exe
  C:\Windows\System\kgdcIrB.exe
  2⤵
  PID:10560
- C:\Windows\System\BxfVdIh.exe
  C:\Windows\System\BxfVdIh.exe
  2⤵
  PID:10736
- C:\Windows\System\pIgWXYP.exe
  C:\Windows\System\pIgWXYP.exe
  2⤵
  PID:10860
- C:\Windows\System\jJfZTwa.exe
  C:\Windows\System\jJfZTwa.exe
  2⤵
  PID:11008
- C:\Windows\System\uVyqFVo.exe
  C:\Windows\System\uVyqFVo.exe
  2⤵
  PID:11092
- C:\Windows\System\dnqidSm.exe
  C:\Windows\System\dnqidSm.exe
  2⤵
  PID:11244
- C:\Windows\System\foNHYMu.exe
  C:\Windows\System\foNHYMu.exe
  2⤵
  PID:10508
- C:\Windows\System\OfhzzSS.exe
  C:\Windows\System\OfhzzSS.exe
  2⤵
  PID:10956
- C:\Windows\System\KMmvZOb.exe
  C:\Windows\System\KMmvZOb.exe
  2⤵
  PID:5744
- C:\Windows\System\VbGuGfu.exe
  C:\Windows\System\VbGuGfu.exe
  2⤵
  PID:10916
- C:\Windows\System\qqUvdlZ.exe
  C:\Windows\System\qqUvdlZ.exe
  2⤵
  PID:10980
- C:\Windows\System\QfdTcZG.exe
  C:\Windows\System\QfdTcZG.exe
  2⤵
  PID:6012
- C:\Windows\System\OtYRZHD.exe
  C:\Windows\System\OtYRZHD.exe
  2⤵
  PID:4872
- C:\Windows\System\rpEdyHq.exe
  C:\Windows\System\rpEdyHq.exe
  2⤵
  PID:11280
- C:\Windows\System\mhqLiZO.exe
  C:\Windows\System\mhqLiZO.exe
  2⤵
  PID:11308
- C:\Windows\System\PlloKSU.exe
  C:\Windows\System\PlloKSU.exe
  2⤵
  PID:11336
- C:\Windows\System\UdQexvP.exe
  C:\Windows\System\UdQexvP.exe
  2⤵
  PID:11380
- C:\Windows\System\nXRVqnz.exe
  C:\Windows\System\nXRVqnz.exe
  2⤵
  PID:11428
- C:\Windows\System\sCywqhF.exe
  C:\Windows\System\sCywqhF.exe
  2⤵
  PID:11456
- C:\Windows\System\xVpIdqw.exe
  C:\Windows\System\xVpIdqw.exe
  2⤵
  PID:11476
- C:\Windows\System\BGkuhUy.exe
  C:\Windows\System\BGkuhUy.exe
  2⤵
  PID:11504
- C:\Windows\System\rBPhWuM.exe
  C:\Windows\System\rBPhWuM.exe
  2⤵
  PID:11536
- C:\Windows\System\NXmvjxR.exe
  C:\Windows\System\NXmvjxR.exe
  2⤵
  PID:11560
- C:\Windows\System\zoyUiMW.exe
  C:\Windows\System\zoyUiMW.exe
  2⤵
  PID:11580
- C:\Windows\System\JkdfMqc.exe
  C:\Windows\System\JkdfMqc.exe
  2⤵
  PID:11604
- C:\Windows\System\fjzbQai.exe
  C:\Windows\System\fjzbQai.exe
  2⤵
  PID:11640
- C:\Windows\System\GQQwfff.exe
  C:\Windows\System\GQQwfff.exe
  2⤵
  PID:11696
- C:\Windows\System\KZNkiXJ.exe
  C:\Windows\System\KZNkiXJ.exe
  2⤵
  PID:11728
- C:\Windows\System\JPVfjHs.exe
  C:\Windows\System\JPVfjHs.exe
  2⤵
  PID:11756
- C:\Windows\System\KjZIEef.exe
  C:\Windows\System\KjZIEef.exe
  2⤵
  PID:11780
- C:\Windows\System\ePUPukY.exe
  C:\Windows\System\ePUPukY.exe
  2⤵
  PID:11804
- C:\Windows\System\PJuvdmd.exe
  C:\Windows\System\PJuvdmd.exe
  2⤵
  PID:11856
- C:\Windows\System\kVUElWH.exe
  C:\Windows\System\kVUElWH.exe
  2⤵
  PID:11928
- C:\Windows\System\Sflrxdq.exe
  C:\Windows\System\Sflrxdq.exe
  2⤵
  PID:11944
- C:\Windows\System\FqlqpoC.exe
  C:\Windows\System\FqlqpoC.exe
  2⤵
  PID:11984
- C:\Windows\System\cpOwkvy.exe
  C:\Windows\System\cpOwkvy.exe
  2⤵
  PID:12000
- C:\Windows\System\hUgJmaP.exe
  C:\Windows\System\hUgJmaP.exe
  2⤵
  PID:12028
- C:\Windows\System\kDUAURY.exe
  C:\Windows\System\kDUAURY.exe
  2⤵
  PID:12088
- C:\Windows\System\FXWTSrh.exe
  C:\Windows\System\FXWTSrh.exe
  2⤵
  PID:12124
- C:\Windows\System\BuAYfXg.exe
  C:\Windows\System\BuAYfXg.exe
  2⤵
  PID:12140
- C:\Windows\System\BpDFSxN.exe
  C:\Windows\System\BpDFSxN.exe
  2⤵
  PID:12176
- C:\Windows\System\OYZsdQY.exe
  C:\Windows\System\OYZsdQY.exe
  2⤵
  PID:12228
- C:\Windows\System\cAGqOmH.exe
  C:\Windows\System\cAGqOmH.exe
  2⤵
  PID:12252
- C:\Windows\System\OClTyaO.exe
  C:\Windows\System\OClTyaO.exe
  2⤵
  PID:11272
- C:\Windows\System\SjTyRXc.exe
  C:\Windows\System\SjTyRXc.exe
  2⤵
  PID:11348
- C:\Windows\System\FCfNdzv.exe
  C:\Windows\System\FCfNdzv.exe
  2⤵
  PID:452
- C:\Windows\System\bBGdHsP.exe
  C:\Windows\System\bBGdHsP.exe
  2⤵
  PID:1776
- C:\Windows\System\SCQjRYy.exe
  C:\Windows\System\SCQjRYy.exe
  2⤵
  PID:11548
- C:\Windows\System\kjXScIS.exe
  C:\Windows\System\kjXScIS.exe
  2⤵
  PID:3504
- C:\Windows\System\gelEddy.exe
  C:\Windows\System\gelEddy.exe
  2⤵
  PID:11596
- C:\Windows\System\GVewPoW.exe
  C:\Windows\System\GVewPoW.exe
  2⤵
  PID:11684
- C:\Windows\System\WRghwNl.exe
  C:\Windows\System\WRghwNl.exe
  2⤵
  PID:11740
- C:\Windows\System\yMizxJl.exe
  C:\Windows\System\yMizxJl.exe
  2⤵
  PID:11800
- C:\Windows\System\PsfacNw.exe
  C:\Windows\System\PsfacNw.exe
  2⤵
  PID:6628
- C:\Windows\System\geQGRkD.exe
  C:\Windows\System\geQGRkD.exe
  2⤵
  PID:3292
- C:\Windows\System\EHlFZDQ.exe
  C:\Windows\System\EHlFZDQ.exe
  2⤵
  PID:11936
- C:\Windows\System\RJAHUaU.exe
  C:\Windows\System\RJAHUaU.exe
  2⤵
  PID:6772
- C:\Windows\System\kvugSkb.exe
  C:\Windows\System\kvugSkb.exe
  2⤵
  PID:11956
- C:\Windows\System\eDJedhQ.exe
  C:\Windows\System\eDJedhQ.exe
  2⤵
  PID:12012
- C:\Windows\System\rxmoqmp.exe
  C:\Windows\System\rxmoqmp.exe
  2⤵
  PID:11488
- C:\Windows\System\GZgFEUF.exe
  C:\Windows\System\GZgFEUF.exe
  2⤵
  PID:11720
- C:\Windows\System\cMAauPV.exe
  C:\Windows\System\cMAauPV.exe
  2⤵
  PID:11892
- C:\Windows\System\QubMhHr.exe
  C:\Windows\System\QubMhHr.exe
  2⤵
  PID:6860
- C:\Windows\System\lRmuSdB.exe
  C:\Windows\System\lRmuSdB.exe
  2⤵
  PID:7004
- C:\Windows\System\CsaChxB.exe
  C:\Windows\System\CsaChxB.exe
  2⤵
  PID:7148
- C:\Windows\System\kDlgjJs.exe
  C:\Windows\System\kDlgjJs.exe
  2⤵
  PID:6224
- C:\Windows\System\pAoHAWz.exe
  C:\Windows\System\pAoHAWz.exe
  2⤵
  PID:6420
- C:\Windows\System\xsQuEiC.exe
  C:\Windows\System\xsQuEiC.exe
  2⤵
  PID:7044
- C:\Windows\System\GvJUxyK.exe
  C:\Windows\System\GvJUxyK.exe
  2⤵
  PID:7140
- C:\Windows\System\SPrzfKs.exe
  C:\Windows\System\SPrzfKs.exe
  2⤵
  PID:1512
- C:\Windows\System\LpqCozZ.exe
  C:\Windows\System\LpqCozZ.exe
  2⤵
  PID:2752
- C:\Windows\System\uEuQtvW.exe
  C:\Windows\System\uEuQtvW.exe
  2⤵
  PID:6648
- C:\Windows\System\BGfXpzW.exe
  C:\Windows\System\BGfXpzW.exe
  2⤵
  PID:3636
- C:\Windows\System\sMcoyuN.exe
  C:\Windows\System\sMcoyuN.exe
  2⤵
  PID:3960
- C:\Windows\System\AAnbSfx.exe
  C:\Windows\System\AAnbSfx.exe
  2⤵
  PID:2424
- C:\Windows\System\yGVOfHC.exe
  C:\Windows\System\yGVOfHC.exe
  2⤵
  PID:2900
- C:\Windows\System\MlKDgDA.exe
  C:\Windows\System\MlKDgDA.exe
  2⤵
  PID:4444
- C:\Windows\System\EfISKCS.exe
  C:\Windows\System\EfISKCS.exe
  2⤵
  PID:2936
- C:\Windows\System\WQxrRcS.exe
  C:\Windows\System\WQxrRcS.exe
  2⤵
  PID:4460
- C:\Windows\System\rIgdOzy.exe
  C:\Windows\System\rIgdOzy.exe
  2⤵
  PID:4676
- C:\Windows\System\HKzNvYC.exe
  C:\Windows\System\HKzNvYC.exe
  2⤵
  PID:5044
- C:\Windows\System\cRybTmW.exe
  C:\Windows\System\cRybTmW.exe
  2⤵
  PID:12136
- C:\Windows\System\eXlblPs.exe
  C:\Windows\System\eXlblPs.exe
  2⤵
  PID:12164
- C:\Windows\System\BtZzVwY.exe
  C:\Windows\System\BtZzVwY.exe
  2⤵
  PID:1560
- C:\Windows\System\uPevOOX.exe
  C:\Windows\System\uPevOOX.exe
  2⤵
  PID:12240
- C:\Windows\System\hdrYpoM.exe
  C:\Windows\System\hdrYpoM.exe
  2⤵
  PID:12280
- C:\Windows\System\yMCeZGL.exe
  C:\Windows\System\yMCeZGL.exe
  2⤵
  PID:7232
- C:\Windows\System\QKZHphQ.exe
  C:\Windows\System\QKZHphQ.exe
  2⤵
  PID:7300
- C:\Windows\System\BdfqYEG.exe
  C:\Windows\System\BdfqYEG.exe
  2⤵
  PID:7432
- C:\Windows\System\xXRyMNG.exe
  C:\Windows\System\xXRyMNG.exe
  2⤵
  PID:7480
- C:\Windows\System\bVYfIKk.exe
  C:\Windows\System\bVYfIKk.exe
  2⤵
  PID:8668
- C:\Windows\System\BgsQnUf.exe
  C:\Windows\System\BgsQnUf.exe
  2⤵
  PID:5308
- C:\Windows\System\LtdkcAH.exe
  C:\Windows\System\LtdkcAH.exe
  2⤵
  PID:2296
- C:\Windows\System\tTgybBr.exe
  C:\Windows\System\tTgybBr.exe
  2⤵
  PID:5280
- C:\Windows\System\dPPbMaA.exe
  C:\Windows\System\dPPbMaA.exe
  2⤵
  PID:8624
- C:\Windows\System\rZallCQ.exe
  C:\Windows\System\rZallCQ.exe
  2⤵
  PID:2608
- C:\Windows\System\XJXZzoC.exe
  C:\Windows\System\XJXZzoC.exe
  2⤵
  PID:11276
- C:\Windows\System\mefeOzp.exe
  C:\Windows\System\mefeOzp.exe
  2⤵
  PID:7648
- C:\Windows\System\zSVdlsz.exe
  C:\Windows\System\zSVdlsz.exe
  2⤵
  PID:11512
- C:\Windows\System\EFYeofI.exe
  C:\Windows\System\EFYeofI.exe
  2⤵
  PID:11568
- C:\Windows\System\hCjTvZJ.exe
  C:\Windows\System\hCjTvZJ.exe
  2⤵
  PID:5492
- C:\Windows\System\ERzyPoR.exe
  C:\Windows\System\ERzyPoR.exe
  2⤵
  PID:3160
- C:\Windows\System\hdgjUQY.exe
  C:\Windows\System\hdgjUQY.exe
  2⤵
  PID:11880
- C:\Windows\System\xobTUjL.exe
  C:\Windows\System\xobTUjL.exe
  2⤵
  PID:1400
- C:\Windows\System\TsMtBQK.exe
  C:\Windows\System\TsMtBQK.exe
  2⤵
  PID:11964
- C:\Windows\System\MSZAZvW.exe
  C:\Windows\System\MSZAZvW.exe
  2⤵
  PID:4788
- C:\Windows\System\GtYaUof.exe
  C:\Windows\System\GtYaUof.exe
  2⤵
  PID:12044
- C:\Windows\System\Rvgvjgu.exe
  C:\Windows\System\Rvgvjgu.exe
  2⤵
  PID:11712
- C:\Windows\System\TlHbVOb.exe
  C:\Windows\System\TlHbVOb.exe
  2⤵
  PID:5756
- C:\Windows\System\cpcbhdl.exe
  C:\Windows\System\cpcbhdl.exe
  2⤵
  PID:5616
- C:\Windows\System\GrWbGya.exe
  C:\Windows\System\GrWbGya.exe
  2⤵
  PID:5828
- C:\Windows\System\wwWBQiE.exe
  C:\Windows\System\wwWBQiE.exe
  2⤵
  PID:5872
- C:\Windows\System\jbxwLVw.exe
  C:\Windows\System\jbxwLVw.exe
  2⤵
  PID:7092
- C:\Windows\System\KgeSEtm.exe
  C:\Windows\System\KgeSEtm.exe
  2⤵
  PID:5400
- C:\Windows\System\ubxVqkD.exe
  C:\Windows\System\ubxVqkD.exe
  2⤵
  PID:5992
- C:\Windows\System\hfVJXKf.exe
  C:\Windows\System\hfVJXKf.exe
  2⤵
  PID:2632
- C:\Windows\System\olUFFRL.exe
  C:\Windows\System\olUFFRL.exe
  2⤵
  PID:6800
- C:\Windows\System\hLOjlYQ.exe
  C:\Windows\System\hLOjlYQ.exe
  2⤵
  PID:6048
- C:\Windows\System\eyQBJHO.exe
  C:\Windows\System\eyQBJHO.exe
  2⤵
  PID:2540
- C:\Windows\System\cjmWgrB.exe
  C:\Windows\System\cjmWgrB.exe
  2⤵
  PID:6108
- C:\Windows\System\jXyrwvc.exe
  C:\Windows\System\jXyrwvc.exe
  2⤵
  PID:12224
- C:\Windows\System\VhWZSFu.exe
  C:\Windows\System\VhWZSFu.exe
  2⤵
  PID:3564
- C:\Windows\System\gSgwLoB.exe
  C:\Windows\System\gSgwLoB.exe
  2⤵
  PID:4804
- C:\Windows\System\XmcUZMg.exe
  C:\Windows\System\XmcUZMg.exe
  2⤵
  PID:2172
- C:\Windows\System\wReANgb.exe
  C:\Windows\System\wReANgb.exe
  2⤵
  PID:7456
- C:\Windows\System\lNYOkEj.exe
  C:\Windows\System\lNYOkEj.exe
  2⤵
  PID:9208
- C:\Windows\System\qYgXHgb.exe
  C:\Windows\System\qYgXHgb.exe
  2⤵
  PID:5292
- C:\Windows\System\HAJpECE.exe
  C:\Windows\System\HAJpECE.exe
  2⤵
  PID:2528
- C:\Windows\System\xXAewHI.exe
  C:\Windows\System\xXAewHI.exe
  2⤵
  PID:11332
- C:\Windows\System\qOuzaRF.exe
  C:\Windows\System\qOuzaRF.exe
  2⤵
  PID:4780
- C:\Windows\System\mNAoToG.exe
  C:\Windows\System\mNAoToG.exe
  2⤵
  PID:5548
- C:\Windows\System\PhbOQUP.exe
  C:\Windows\System\PhbOQUP.exe
  2⤵
  PID:11676
- C:\Windows\System\zVIfhCJ.exe
  C:\Windows\System\zVIfhCJ.exe
  2⤵
  PID:11788
- C:\Windows\System\DIJAbRQ.exe
  C:\Windows\System\DIJAbRQ.exe
  2⤵
  PID:12076
- C:\Windows\System\pWXelFC.exe
  C:\Windows\System\pWXelFC.exe
  2⤵
  PID:5892
- C:\Windows\System\ZczRmir.exe
  C:\Windows\System\ZczRmir.exe
  2⤵
  PID:5696
- C:\Windows\System\VuQFfkF.exe
  C:\Windows\System\VuQFfkF.exe
  2⤵
  PID:3144
- C:\Windows\System\CkykHcO.exe
  C:\Windows\System\CkykHcO.exe
  2⤵
  PID:7108
- C:\Windows\System\acxvNdh.exe
  C:\Windows\System\acxvNdh.exe
  2⤵
  PID:6580
- C:\Windows\System\ZePhFdG.exe
  C:\Windows\System\ZePhFdG.exe
  2⤵
  PID:12036
- C:\Windows\System\XFnCdSO.exe
  C:\Windows\System\XFnCdSO.exe
  2⤵
  PID:1228
- C:\Windows\System\NQeJxOO.exe
  C:\Windows\System\NQeJxOO.exe
  2⤵
  PID:5244
- C:\Windows\System\oULrFWI.exe
  C:\Windows\System\oULrFWI.exe
  2⤵
  PID:12116
- C:\Windows\System\GfmLPJI.exe
  C:\Windows\System\GfmLPJI.exe
  2⤵
  PID:1960
- C:\Windows\System\MkYOcBZ.exe
  C:\Windows\System\MkYOcBZ.exe
  2⤵
  PID:3384
- C:\Windows\System\LPqKQrO.exe
  C:\Windows\System\LPqKQrO.exe
  2⤵
  PID:5132
- C:\Windows\System\FOtuPSX.exe
  C:\Windows\System\FOtuPSX.exe
  2⤵
  PID:12112
- C:\Windows\System\GckETiY.exe
  C:\Windows\System\GckETiY.exe
  2⤵
  PID:5252
- C:\Windows\System\qdcVJXp.exe
  C:\Windows\System\qdcVJXp.exe
  2⤵
  PID:5352
- C:\Windows\System\bXAJzXf.exe
  C:\Windows\System\bXAJzXf.exe
  2⤵
  PID:6936
- C:\Windows\System\lIaZgGa.exe
  C:\Windows\System\lIaZgGa.exe
  2⤵
  PID:5736
- C:\Windows\System\rlEinlI.exe
  C:\Windows\System\rlEinlI.exe
  2⤵
  PID:5800
- C:\Windows\System\lIugXnL.exe
  C:\Windows\System\lIugXnL.exe
  2⤵
  PID:6284
- C:\Windows\System\ZfzJUhr.exe
  C:\Windows\System\ZfzJUhr.exe
  2⤵
  PID:5976
- C:\Windows\System\JPxtmBg.exe
  C:\Windows\System\JPxtmBg.exe
  2⤵
  PID:6360
- C:\Windows\System\VtoEPhm.exe
  C:\Windows\System\VtoEPhm.exe
  2⤵
  PID:1344
- C:\Windows\System\UDUhyHY.exe
  C:\Windows\System\UDUhyHY.exe
  2⤵
  PID:6428
- C:\Windows\System\INxMdhP.exe
  C:\Windows\System\INxMdhP.exe
  2⤵
  PID:5312
- C:\Windows\System\CWRwvGq.exe
  C:\Windows\System\CWRwvGq.exe
  2⤵
  PID:5948
- C:\Windows\System\KEFNmEQ.exe
  C:\Windows\System\KEFNmEQ.exe
  2⤵
  PID:6160
- C:\Windows\System\WCctsyW.exe
  C:\Windows\System\WCctsyW.exe
  2⤵
  PID:6172
- C:\Windows\System\dVwPnvD.exe
  C:\Windows\System\dVwPnvD.exe
  2⤵
  PID:6592
- C:\Windows\System\ydKAjkA.exe
  C:\Windows\System\ydKAjkA.exe
  2⤵
  PID:5868
- C:\Windows\System\ZjXsvDO.exe
  C:\Windows\System\ZjXsvDO.exe
  2⤵
  PID:6352
- C:\Windows\System\EcdTWth.exe
  C:\Windows\System\EcdTWth.exe
  2⤵
  PID:5060
- C:\Windows\System\yihaxgS.exe
  C:\Windows\System\yihaxgS.exe
  2⤵
  PID:6412
- C:\Windows\System\NKlUbrF.exe
  C:\Windows\System\NKlUbrF.exe
  2⤵
  PID:6480
- C:\Windows\System\LrCfvxf.exe
  C:\Windows\System\LrCfvxf.exe
  2⤵
  PID:11624
- C:\Windows\System\FJvljjP.exe
  C:\Windows\System\FJvljjP.exe
  2⤵
  PID:6652
- C:\Windows\System\dMJifDy.exe
  C:\Windows\System\dMJifDy.exe
  2⤵
  PID:6700
- C:\Windows\System\BcRhhey.exe
  C:\Windows\System\BcRhhey.exe
  2⤵
  PID:6600
- C:\Windows\System\EuppOfh.exe
  C:\Windows\System\EuppOfh.exe
  2⤵
  PID:7268
- C:\Windows\System\uzKsmPE.exe
  C:\Windows\System\uzKsmPE.exe
  2⤵
  PID:5424
- C:\Windows\System\sjOwPGT.exe
  C:\Windows\System\sjOwPGT.exe
  2⤵
  PID:12308
- C:\Windows\System\QdWfeSW.exe
  C:\Windows\System\QdWfeSW.exe
  2⤵
  PID:12336
- C:\Windows\System\FDUDXpo.exe
  C:\Windows\System\FDUDXpo.exe
  2⤵
  PID:12364
- C:\Windows\System\gBBRqKT.exe
  C:\Windows\System\gBBRqKT.exe
  2⤵
  PID:12392
- C:\Windows\System\jiKaPDO.exe
  C:\Windows\System\jiKaPDO.exe
  2⤵
  PID:12424
- C:\Windows\System\vXaSPcU.exe
  C:\Windows\System\vXaSPcU.exe
  2⤵
  PID:12448
- C:\Windows\System\YucIgmJ.exe
  C:\Windows\System\YucIgmJ.exe
  2⤵
  PID:12476
- C:\Windows\System\kGKQdza.exe
  C:\Windows\System\kGKQdza.exe
  2⤵
  PID:12504
- C:\Windows\System\fAxpMSv.exe
  C:\Windows\System\fAxpMSv.exe
  2⤵
  PID:12532
- C:\Windows\System\bjgdOzr.exe
  C:\Windows\System\bjgdOzr.exe
  2⤵
  PID:12564
- C:\Windows\System\CcDATSA.exe
  C:\Windows\System\CcDATSA.exe
  2⤵
  PID:12592
- C:\Windows\System\ZwOHGMX.exe
  C:\Windows\System\ZwOHGMX.exe
  2⤵
  PID:12620
- C:\Windows\System\QThvyUG.exe
  C:\Windows\System\QThvyUG.exe
  2⤵
  PID:12648
- C:\Windows\System\qgsCXba.exe
  C:\Windows\System\qgsCXba.exe
  2⤵
  PID:12688
- C:\Windows\System\bGPcSNy.exe
  C:\Windows\System\bGPcSNy.exe
  2⤵
  PID:12708
- C:\Windows\System\PyDAvim.exe
  C:\Windows\System\PyDAvim.exe
  2⤵
  PID:12736
- C:\Windows\System\zsiVlKN.exe
  C:\Windows\System\zsiVlKN.exe
  2⤵
  PID:12764
- C:\Windows\System\CSQaOTQ.exe
  C:\Windows\System\CSQaOTQ.exe
  2⤵
  PID:12792
- C:\Windows\System\jcAZbJt.exe
  C:\Windows\System\jcAZbJt.exe
  2⤵
  PID:12820
- C:\Windows\System\xLECqxb.exe
  C:\Windows\System\xLECqxb.exe
  2⤵
  PID:12848
- C:\Windows\System\eeokmaL.exe
  C:\Windows\System\eeokmaL.exe
  2⤵
  PID:12876
- C:\Windows\System\zhfkxbd.exe
  C:\Windows\System\zhfkxbd.exe
  2⤵
  PID:12904
- C:\Windows\System\uQcUqaj.exe
  C:\Windows\System\uQcUqaj.exe
  2⤵
  PID:12932
- C:\Windows\System\oXiXyzC.exe
  C:\Windows\System\oXiXyzC.exe
  2⤵
  PID:12960
- C:\Windows\System\BzOoaQx.exe
  C:\Windows\System\BzOoaQx.exe
  2⤵
  PID:12988
- C:\Windows\System\RgcseNg.exe
  C:\Windows\System\RgcseNg.exe
  2⤵
  PID:13016
- C:\Windows\System\WlLIdre.exe
  C:\Windows\System\WlLIdre.exe
  2⤵
  PID:13044
- C:\Windows\System\Sccbkdw.exe
  C:\Windows\System\Sccbkdw.exe
  2⤵
  PID:13076
- C:\Windows\System\iUrUhst.exe
  C:\Windows\System\iUrUhst.exe
  2⤵
  PID:13100
- C:\Windows\System\qKsBTjI.exe
  C:\Windows\System\qKsBTjI.exe
  2⤵
  PID:13128
- C:\Windows\System\cIbLiQl.exe
  C:\Windows\System\cIbLiQl.exe
  2⤵
  PID:13160
- C:\Windows\System\CNQCSiO.exe
  C:\Windows\System\CNQCSiO.exe
  2⤵
  PID:13184
- C:\Windows\System\zmZQTSy.exe
  C:\Windows\System\zmZQTSy.exe
  2⤵
  PID:13216
- C:\Windows\System\yYlxlpE.exe
  C:\Windows\System\yYlxlpE.exe
  2⤵
  PID:13244
- C:\Windows\System\cuMGoCp.exe
  C:\Windows\System\cuMGoCp.exe
  2⤵
  PID:13272
- C:\Windows\System\oSGHYuP.exe
  C:\Windows\System\oSGHYuP.exe
  2⤵
  PID:13300
- C:\Windows\System\hJmOiif.exe
  C:\Windows\System\hJmOiif.exe
  2⤵
  PID:12328
- C:\Windows\System\FvzQPQV.exe
  C:\Windows\System\FvzQPQV.exe
  2⤵
  PID:12388
- C:\Windows\System\bxsVgwY.exe
  C:\Windows\System\bxsVgwY.exe
  2⤵
  PID:12444
- C:\Windows\System\AKdxvqG.exe
  C:\Windows\System\AKdxvqG.exe
  2⤵
  PID:12500
- C:\Windows\System\WruGItL.exe
  C:\Windows\System\WruGItL.exe
  2⤵
  PID:12576
- C:\Windows\System\QNJCvLU.exe
  C:\Windows\System\QNJCvLU.exe
  2⤵
  PID:12640
- C:\Windows\System\RwXPDGt.exe
  C:\Windows\System\RwXPDGt.exe
  2⤵
  PID:12700
- C:\Windows\System\tmXtEmI.exe
  C:\Windows\System\tmXtEmI.exe
  2⤵
  PID:12760
- C:\Windows\System\oIISZDS.exe
  C:\Windows\System\oIISZDS.exe
  2⤵
  PID:12832
- C:\Windows\System\rkZvgYl.exe
  C:\Windows\System\rkZvgYl.exe
  2⤵
  PID:12896
- C:\Windows\System\FnufNzk.exe
  C:\Windows\System\FnufNzk.exe
  2⤵
  PID:12956
- C:\Windows\System\zlDrQMu.exe
  C:\Windows\System\zlDrQMu.exe
  2⤵
  PID:13028
- C:\Windows\System\lpURtwr.exe
  C:\Windows\System\lpURtwr.exe
  2⤵
  PID:13092
- C:\Windows\System\WibyqXm.exe
  C:\Windows\System\WibyqXm.exe
  2⤵
  PID:13148
- C:\Windows\System\PgDFopa.exe
  C:\Windows\System\PgDFopa.exe
  2⤵
  PID:13180
- C:\Windows\System\iyTNjcx.exe
  C:\Windows\System\iyTNjcx.exe
  2⤵
  PID:13256
- C:\Windows\System\TIJQZWC.exe
  C:\Windows\System\TIJQZWC.exe
  2⤵
  PID:12304
- C:\Windows\System\SuGFogg.exe
  C:\Windows\System\SuGFogg.exe
  2⤵
  PID:12468
- C:\Windows\System\zktokTg.exe
  C:\Windows\System\zktokTg.exe
  2⤵
  PID:12632
- C:\Windows\System\ezXwlcf.exe
  C:\Windows\System\ezXwlcf.exe
  2⤵
  PID:12748
- C:\Windows\System\gcMRNju.exe
  C:\Windows\System\gcMRNju.exe
  2⤵
  PID:12872
- C:\Windows\System\vIRGaUw.exe
  C:\Windows\System\vIRGaUw.exe
  2⤵
  PID:6616
- C:\Windows\System\zikMVid.exe
  C:\Windows\System\zikMVid.exe
  2⤵
  PID:13084
- C:\Windows\System\sgzpXqA.exe
  C:\Windows\System\sgzpXqA.exe
  2⤵
  PID:6980
- C:\Windows\System\ILgNJTI.exe
  C:\Windows\System\ILgNJTI.exe
  2⤵
  PID:13296
- C:\Windows\System\syOLcgK.exe
  C:\Windows\System\syOLcgK.exe
  2⤵
  PID:12496
- C:\Windows\System\vsTDgtU.exe
  C:\Windows\System\vsTDgtU.exe
  2⤵
  PID:12728
- C:\Windows\System\EuZnbfX.exe
  C:\Windows\System\EuZnbfX.exe
  2⤵
  PID:13008
- C:\Windows\System\kiOVcAY.exe
  C:\Windows\System\kiOVcAY.exe
  2⤵
  PID:13240
- C:\Windows\System\BnavGFk.exe
  C:\Windows\System\BnavGFk.exe
  2⤵
  PID:12696
- C:\Windows\System\YWqfmvp.exe
  C:\Windows\System\YWqfmvp.exe
  2⤵
  PID:12416
- C:\Windows\System\ZBOhSsZ.exe
  C:\Windows\System\ZBOhSsZ.exe
  2⤵
  PID:13212
- C:\Windows\System\CcGPHDt.exe
  C:\Windows\System\CcGPHDt.exe
  2⤵
  PID:13340
- C:\Windows\System\xxpZjRQ.exe
  C:\Windows\System\xxpZjRQ.exe
  2⤵
  PID:13368
- C:\Windows\System\rsRmpqz.exe
  C:\Windows\System\rsRmpqz.exe
  2⤵
  PID:13396
- C:\Windows\System\QsDEbrQ.exe
  C:\Windows\System\QsDEbrQ.exe
  2⤵
  PID:13424
- C:\Windows\System\jbTNewe.exe
  C:\Windows\System\jbTNewe.exe
  2⤵
  PID:13452
- C:\Windows\System\nTzLwJZ.exe
  C:\Windows\System\nTzLwJZ.exe
  2⤵
  PID:13480
- C:\Windows\System\AwjoXiE.exe
  C:\Windows\System\AwjoXiE.exe
  2⤵
  PID:13508
- C:\Windows\System\YHEOvpp.exe
  C:\Windows\System\YHEOvpp.exe
  2⤵
  PID:13536
- C:\Windows\System\aWkenqo.exe
  C:\Windows\System\aWkenqo.exe
  2⤵
  PID:13564
- C:\Windows\System\EkrHyKi.exe
  C:\Windows\System\EkrHyKi.exe
  2⤵
  PID:13592
- C:\Windows\System\kYLiBbI.exe
  C:\Windows\System\kYLiBbI.exe
  2⤵
  PID:13624
- C:\Windows\System\SyAZBmL.exe
  C:\Windows\System\SyAZBmL.exe
  2⤵
  PID:13648
- C:\Windows\System\lRarlwu.exe
  C:\Windows\System\lRarlwu.exe
  2⤵
  PID:13680
- C:\Windows\System\OMfnSAa.exe
  C:\Windows\System\OMfnSAa.exe
  2⤵
  PID:13716
- C:\Windows\System\CgTanSY.exe
  C:\Windows\System\CgTanSY.exe
  2⤵
  PID:13736
- C:\Windows\System\lCKtevq.exe
  C:\Windows\System\lCKtevq.exe
  2⤵
  PID:13764
- C:\Windows\System\ldQmiOP.exe
  C:\Windows\System\ldQmiOP.exe
  2⤵
  PID:13792
- C:\Windows\System\NzHzpFb.exe
  C:\Windows\System\NzHzpFb.exe
  2⤵
  PID:13820
- C:\Windows\System\umCiSdm.exe
  C:\Windows\System\umCiSdm.exe
  2⤵
  PID:13848
- C:\Windows\System\LqkJPrR.exe
  C:\Windows\System\LqkJPrR.exe
  2⤵
  PID:13876
- C:\Windows\System\vlEfwcV.exe
  C:\Windows\System\vlEfwcV.exe
  2⤵
  PID:13908
- C:\Windows\System\cSgqILz.exe
  C:\Windows\System\cSgqILz.exe
  2⤵
  PID:13932
- C:\Windows\System\uyoQIur.exe
  C:\Windows\System\uyoQIur.exe
  2⤵
  PID:13960
- C:\Windows\System\TgsvDmf.exe
  C:\Windows\System\TgsvDmf.exe
  2⤵
  PID:13988
- C:\Windows\System\sBIRXmx.exe
  C:\Windows\System\sBIRXmx.exe
  2⤵
  PID:14016
- C:\Windows\System\tboDQZD.exe
  C:\Windows\System\tboDQZD.exe
  2⤵
  PID:14044
- C:\Windows\System\MtwctKz.exe
  C:\Windows\System\MtwctKz.exe
  2⤵
  PID:14072
- C:\Windows\System\LRdPDJn.exe
  C:\Windows\System\LRdPDJn.exe
  2⤵
  PID:14100
- C:\Windows\System\Ofimzpd.exe
  C:\Windows\System\Ofimzpd.exe
  2⤵
  PID:14128
- C:\Windows\System\JsqIBWx.exe
  C:\Windows\System\JsqIBWx.exe
  2⤵
  PID:14156
- C:\Windows\System\NFNOSRX.exe
  C:\Windows\System\NFNOSRX.exe
  2⤵
  PID:14184
- C:\Windows\System\ilSLqnR.exe
  C:\Windows\System\ilSLqnR.exe
  2⤵
  PID:14212
- C:\Windows\System\WLGwsPz.exe
  C:\Windows\System\WLGwsPz.exe
  2⤵
  PID:14240
- C:\Windows\System\pKnhSKw.exe
  C:\Windows\System\pKnhSKw.exe
  2⤵
  PID:14268
- C:\Windows\System\NgBkfrw.exe
  C:\Windows\System\NgBkfrw.exe
  2⤵
  PID:14296
- C:\Windows\System\AsKSTUs.exe
  C:\Windows\System\AsKSTUs.exe
  2⤵
  PID:14324
- C:\Windows\System\ZFHtbwu.exe
  C:\Windows\System\ZFHtbwu.exe
  2⤵
  PID:13352
- C:\Windows\System\wSxwPWP.exe
  C:\Windows\System\wSxwPWP.exe
  2⤵
  PID:13416
- C:\Windows\System\GyVNPqd.exe
  C:\Windows\System\GyVNPqd.exe
  2⤵
  PID:13492
- C:\Windows\System\HatKdFk.exe
  C:\Windows\System\HatKdFk.exe
  2⤵
  PID:13576
- C:\Windows\System\VYZYSsX.exe
  C:\Windows\System\VYZYSsX.exe
  2⤵
  PID:13584
- C:\Windows\System\WPKPcDJ.exe
  C:\Windows\System\WPKPcDJ.exe
  2⤵
  PID:13644
- C:\Windows\System\vIitKYx.exe
  C:\Windows\System\vIitKYx.exe
  2⤵
  PID:13724
- C:\Windows\System\JXyjPnW.exe
  C:\Windows\System\JXyjPnW.exe
  2⤵
  PID:13776
- C:\Windows\System\BPQlMQO.exe
  C:\Windows\System\BPQlMQO.exe
  2⤵
  PID:2156
- C:\Windows\System\dycxybI.exe
  C:\Windows\System\dycxybI.exe
  2⤵
  PID:7736
- C:\Windows\System\cQKKKXG.exe
  C:\Windows\System\cQKKKXG.exe
  2⤵
  PID:7780
- C:\Windows\System\vkPjUCH.exe
  C:\Windows\System\vkPjUCH.exe
  2⤵
  PID:4968
- C:\Windows\System\IzuHsie.exe
  C:\Windows\System\IzuHsie.exe
  2⤵
  PID:3196
- C:\Windows\System\WdneUFI.exe
  C:\Windows\System\WdneUFI.exe
  2⤵
  PID:13944
- C:\Windows\System\pCkrEjh.exe
  C:\Windows\System\pCkrEjh.exe
  2⤵
  PID:14000
- C:\Windows\System\ahZaoEC.exe
  C:\Windows\System\ahZaoEC.exe
  2⤵
  PID:4420
- C:\Windows\System\OtBMcTS.exe
  C:\Windows\System\OtBMcTS.exe
  2⤵
  PID:14056
- C:\Windows\System\TyxZfHV.exe
  C:\Windows\System\TyxZfHV.exe
  2⤵
  PID:14096
- C:\Windows\System\nMyrBwI.exe
  C:\Windows\System\nMyrBwI.exe
  2⤵
  PID:14140
- C:\Windows\System\vBNbKFF.exe
  C:\Windows\System\vBNbKFF.exe
  2⤵
  PID:7936
- C:\Windows\System\epPVTcP.exe
  C:\Windows\System\epPVTcP.exe
  2⤵
  PID:2552
- C:\Windows\System\YhmgySU.exe
  C:\Windows\System\YhmgySU.exe
  2⤵
  PID:14224
- C:\Windows\System\ELHTFsX.exe
  C:\Windows\System\ELHTFsX.exe
  2⤵
  PID:8212
- C:\Windows\System\UQQHtBv.exe
  C:\Windows\System\UQQHtBv.exe
  2⤵
  PID:8008
- C:\Windows\System\lgYZYaF.exe
  C:\Windows\System\lgYZYaF.exe
  2⤵
  PID:14320
- C:\Windows\System\oZugjpg.exe
  C:\Windows\System\oZugjpg.exe
  2⤵
  PID:13380
- C:\Windows\System\ChDkGvY.exe
  C:\Windows\System\ChDkGvY.exe
  2⤵
  PID:13472
- C:\Windows\System\rcQcqtm.exe
  C:\Windows\System\rcQcqtm.exe
  2⤵
  PID:8116
- C:\Windows\System\wOepQVF.exe
  C:\Windows\System\wOepQVF.exe
  2⤵
  PID:7588
- C:\Windows\System\rGFXVBM.exe
  C:\Windows\System\rGFXVBM.exe
  2⤵
  PID:8168
- C:\Windows\System\jUYzTic.exe
  C:\Windows\System\jUYzTic.exe
  2⤵
  PID:13692
- C:\Windows\System\OJvBUta.exe
  C:\Windows\System\OJvBUta.exe
  2⤵
  PID:8532
- C:\Windows\System\icqgDLh.exe
  C:\Windows\System\icqgDLh.exe
  2⤵
  PID:8588
- C:\Windows\System\BgeBKSF.exe
  C:\Windows\System\BgeBKSF.exe
  2⤵
  PID:13788
- C:\Windows\System\ApHwQlO.exe
  C:\Windows\System\ApHwQlO.exe
  2⤵
  PID:8692
- C:\Windows\System\crzMqmg.exe
  C:\Windows\System\crzMqmg.exe
  2⤵
  PID:13868
- C:\Windows\System\bYjytmP.exe
  C:\Windows\System\bYjytmP.exe
  2⤵
  PID:8744
- C:\Windows\System\weKPfCB.exe
  C:\Windows\System\weKPfCB.exe
  2⤵
  PID:7296
- C:\Windows\System\tgKXQQl.exe
  C:\Windows\System\tgKXQQl.exe
  2⤵
  PID:8808
- C:\Windows\System\nWcrIki.exe
  C:\Windows\System\nWcrIki.exe
  2⤵
  PID:880
- C:\Windows\System\VkbNnVz.exe
  C:\Windows\System\VkbNnVz.exe
  2⤵
  PID:14092
- C:\Windows\System\DeCNmTn.exe
  C:\Windows\System\DeCNmTn.exe
  2⤵
  PID:14124
- C:\Windows\System\QgNIIaw.exe
  C:\Windows\System\QgNIIaw.exe
  2⤵
  PID:7524
- C:\Windows\System\uvFfhdl.exe
  C:\Windows\System\uvFfhdl.exe
  2⤵
  PID:8972
- C:\Windows\System\boFyfDo.exe
  C:\Windows\System\boFyfDo.exe
  2⤵
  PID:14236
- C:\Windows\System\YflFAAl.exe
  C:\Windows\System\YflFAAl.exe
  2⤵
  PID:14288
- C:\Windows\System\WdKPuLZ.exe
  C:\Windows\System\WdKPuLZ.exe
  2⤵
  PID:14316
- C:\Windows\System\skGPJpp.exe
  C:\Windows\System\skGPJpp.exe
  2⤵
  PID:8100
- C:\Windows\System\yhnVAjU.exe
  C:\Windows\System\yhnVAjU.exe
  2⤵
  PID:8416
- C:\Windows\System\OQwSeXE.exe
  C:\Windows\System\OQwSeXE.exe
  2⤵
  PID:8204
- C:\Windows\System\xuoRAzN.exe
  C:\Windows\System\xuoRAzN.exe
  2⤵
  PID:13728
- C:\Windows\System\FqrnqLp.exe
  C:\Windows\System\FqrnqLp.exe
  2⤵
  PID:8120
- C:\Windows\System\WdtAZSb.exe
  C:\Windows\System\WdtAZSb.exe
  2⤵
  PID:7884
- C:\Windows\System\Ctjwzra.exe
  C:\Windows\System\Ctjwzra.exe
  2⤵
  PID:6976
- C:\Windows\System\pPTkble.exe
  C:\Windows\System\pPTkble.exe
  2⤵
  PID:8648
- C:\Windows\System\jedWVOC.exe
  C:\Windows\System\jedWVOC.exe
  2⤵
  PID:8700
- C:\Windows\System\plskelw.exe
  C:\Windows\System\plskelw.exe
  2⤵
  PID:8752
- C:\Windows\System\wMwMjSz.exe
  C:\Windows\System\wMwMjSz.exe
  2⤵
  PID:7380
- C:\Windows\System\QQasMeX.exe
  C:\Windows\System\QQasMeX.exe
  2⤵
  PID:2944
- C:\Windows\System\wWQaipC.exe
  C:\Windows\System\wWQaipC.exe
  2⤵
  PID:14148
- C:\Windows\System\BptiDSo.exe
  C:\Windows\System\BptiDSo.exe
  2⤵
  PID:9036
- C:\Windows\System\VoMxMJt.exe
  C:\Windows\System\VoMxMJt.exe
  2⤵
  PID:1792
- C:\Windows\System\XVEjZBj.exe
  C:\Windows\System\XVEjZBj.exe
  2⤵
  PID:13392
- C:\Windows\System\QRTrnnb.exe
  C:\Windows\System\QRTrnnb.exe
  2⤵
  PID:7580
- C:\Windows\System\xpcQBeE.exe
  C:\Windows\System\xpcQBeE.exe
  2⤵
  PID:8868
- C:\Windows\System\UDsPQsj.exe
  C:\Windows\System\UDsPQsj.exe
  2⤵
  PID:7948
- C:\Windows\System\xNTpgMF.exe
  C:\Windows\System\xNTpgMF.exe
  2⤵
  PID:8568
- C:\Windows\System\BMxxjEM.exe
  C:\Windows\System\BMxxjEM.exe
  2⤵
  PID:7760
- C:\Windows\System\tNOiILl.exe
  C:\Windows\System\tNOiILl.exe
  2⤵
  PID:3092
- C:\Windows\System\VUIrzyk.exe
  C:\Windows\System\VUIrzyk.exe
  2⤵
  PID:8836
- C:\Windows\System\UDneiaT.exe
  C:\Windows\System\UDneiaT.exe
  2⤵
  PID:13476
- C:\Windows\System\tOQcCdv.exe
  C:\Windows\System\tOQcCdv.exe
  2⤵
  PID:8980
- C:\Windows\System\jvGgyAF.exe
  C:\Windows\System\jvGgyAF.exe
  2⤵
  PID:7720
- C:\Windows\System\KuFNOCX.exe
  C:\Windows\System\KuFNOCX.exe
  2⤵
  PID:9368
- C:\Windows\System\CcUpAfv.exe
  C:\Windows\System\CcUpAfv.exe
  2⤵
  PID:8128
- C:\Windows\System\ojRJJtC.exe
  C:\Windows\System\ojRJJtC.exe
  2⤵
  PID:8444
- C:\Windows\System\LrGrblp.exe
  C:\Windows\System\LrGrblp.exe
  2⤵
  PID:1664
- C:\Windows\System\TyxJWts.exe
  C:\Windows\System\TyxJWts.exe
  2⤵
  PID:9492
- C:\Windows\System\jrkubkK.exe
  C:\Windows\System\jrkubkK.exe
  2⤵
  PID:8448
- C:\Windows\System\lQfVsDr.exe
  C:\Windows\System\lQfVsDr.exe
  2⤵
  PID:7900
- C:\Windows\System\usLVBuB.exe
  C:\Windows\System\usLVBuB.exe
  2⤵
  PID:9604
- C:\Windows\System\uslBLsX.exe
  C:\Windows\System\uslBLsX.exe
  2⤵
  PID:9636
- C:\Windows\System\ArcatgK.exe
  C:\Windows\System\ArcatgK.exe
  2⤵
  PID:9548
- C:\Windows\System\jgUozYx.exe
  C:\Windows\System\jgUozYx.exe
  2⤵
  PID:9464
- C:\Windows\System\LwBOOzL.exe
  C:\Windows\System\LwBOOzL.exe
  2⤵
  PID:9444
- C:\Windows\System\JWHpmID.exe
  C:\Windows\System\JWHpmID.exe
  2⤵
  PID:9848
- C:\Windows\System\ZhxTcvR.exe
  C:\Windows\System\ZhxTcvR.exe
  2⤵
  PID:392
- C:\Windows\System\nSSooBh.exe
  C:\Windows\System\nSSooBh.exe
  2⤵
  PID:1192
- C:\Windows\System\CEvXiwi.exe
  C:\Windows\System\CEvXiwi.exe
  2⤵
  PID:4524
- C:\Windows\System\SvgTVIq.exe
  C:\Windows\System\SvgTVIq.exe
  2⤵
  PID:9748
- C:\Windows\System\yYoeXdM.exe
  C:\Windows\System\yYoeXdM.exe
  2⤵
  PID:1232
- C:\Windows\System\VEVrIWf.exe
  C:\Windows\System\VEVrIWf.exe
  2⤵
  PID:3996
- C:\Windows\System\NFtoJBH.exe
  C:\Windows\System\NFtoJBH.exe
  2⤵
  PID:9976
- C:\Windows\System\CYHNOOw.exe
  C:\Windows\System\CYHNOOw.exe
  2⤵
  PID:772
- C:\Windows\System\UWccVPx.exe
  C:\Windows\System\UWccVPx.exe
  2⤵
  PID:14356
- C:\Windows\System\CLcgPhn.exe
  C:\Windows\System\CLcgPhn.exe
  2⤵
  PID:14384
- C:\Windows\System\jjnmmub.exe
  C:\Windows\System\jjnmmub.exe
  2⤵
  PID:14412
- C:\Windows\System\CllVFZO.exe
  C:\Windows\System\CllVFZO.exe
  2⤵
  PID:14448
- C:\Windows\System\OGrCBSW.exe
  C:\Windows\System\OGrCBSW.exe
  2⤵
  PID:14472
- C:\Windows\System\IOMxcfK.exe
  C:\Windows\System\IOMxcfK.exe
  2⤵
  PID:14500
- C:\Windows\System\Czigvvs.exe
  C:\Windows\System\Czigvvs.exe
  2⤵
  PID:14528
- C:\Windows\System\nmgSnpx.exe
  C:\Windows\System\nmgSnpx.exe
  2⤵
  PID:14556
- C:\Windows\System\cCGIZOS.exe
  C:\Windows\System\cCGIZOS.exe
  2⤵
  PID:14584
- C:\Windows\System\LTMOEZW.exe
  C:\Windows\System\LTMOEZW.exe
  2⤵
  PID:14616
- C:\Windows\System\ANVVUHn.exe
  C:\Windows\System\ANVVUHn.exe
  2⤵
  PID:14640
- C:\Windows\System\ssREfcI.exe
  C:\Windows\System\ssREfcI.exe
  2⤵
  PID:14668
- C:\Windows\System\IRSvRTK.exe
  C:\Windows\System\IRSvRTK.exe
  2⤵
  PID:14696
- C:\Windows\System\gKJlvAb.exe
  C:\Windows\System\gKJlvAb.exe
  2⤵
  PID:14724
- C:\Windows\System\XcluhXc.exe
  C:\Windows\System\XcluhXc.exe
  2⤵
  PID:14752
- C:\Windows\System\rxYPqWu.exe
  C:\Windows\System\rxYPqWu.exe
  2⤵
  PID:14780
- C:\Windows\System\LPLokyI.exe
  C:\Windows\System\LPLokyI.exe
  2⤵
  PID:14808
- C:\Windows\System\lvbTvVu.exe
  C:\Windows\System\lvbTvVu.exe
  2⤵
  PID:14836
- C:\Windows\System\ZSMSfjw.exe
  C:\Windows\System\ZSMSfjw.exe
  2⤵
  PID:14864
- C:\Windows\System\fOsvRxT.exe
  C:\Windows\System\fOsvRxT.exe
  2⤵
  PID:14892
- C:\Windows\System\ujLTojd.exe
  C:\Windows\System\ujLTojd.exe
  2⤵
  PID:14920
- C:\Windows\System\jbrqqkX.exe
  C:\Windows\System\jbrqqkX.exe
  2⤵
  PID:14948
- C:\Windows\System\GWlctZr.exe
  C:\Windows\System\GWlctZr.exe
  2⤵
  PID:14976
- C:\Windows\System\HVSEsBk.exe
  C:\Windows\System\HVSEsBk.exe
  2⤵
  PID:15004
- C:\Windows\System\GcLYooY.exe
  C:\Windows\System\GcLYooY.exe
  2⤵
  PID:15032
- C:\Windows\System\VSpBEFr.exe
  C:\Windows\System\VSpBEFr.exe
  2⤵
  PID:15060
- C:\Windows\System\BagsgZq.exe
  C:\Windows\System\BagsgZq.exe
  2⤵
  PID:15088
- C:\Windows\System\pUwhBUY.exe
  C:\Windows\System\pUwhBUY.exe
  2⤵
  PID:15120
- C:\Windows\System\uTHOEJU.exe
  C:\Windows\System\uTHOEJU.exe
  2⤵
  PID:15156
- C:\Windows\System\LOHEyab.exe
  C:\Windows\System\LOHEyab.exe
  2⤵
  PID:15176
- C:\Windows\System\jkAabfu.exe
  C:\Windows\System\jkAabfu.exe
  2⤵
  PID:15204
- C:\Windows\System\DLXAMIP.exe
  C:\Windows\System\DLXAMIP.exe
  2⤵
  PID:15232
- C:\Windows\System\yoFBOMe.exe
  C:\Windows\System\yoFBOMe.exe
  2⤵
  PID:15264
- C:\Windows\System\CHDicgc.exe
  C:\Windows\System\CHDicgc.exe
  2⤵
  PID:15288
- C:\Windows\System\uXcSade.exe
  C:\Windows\System\uXcSade.exe
  2⤵
  PID:15316
- C:\Windows\System\ekynFMW.exe
  C:\Windows\System\ekynFMW.exe
  2⤵
  PID:15344
- C:\Windows\System\TAsdiMA.exe
  C:\Windows\System\TAsdiMA.exe
  2⤵
  PID:10056
- C:\Windows\System\PQnQdHs.exe
  C:\Windows\System\PQnQdHs.exe
  2⤵
  PID:10100
- C:\Windows\System\TeeaiYt.exe
  C:\Windows\System\TeeaiYt.exe
  2⤵
  PID:10120
- C:\Windows\System\GfdBcSb.exe
  C:\Windows\System\GfdBcSb.exe
  2⤵
  PID:4764
- C:\Windows\System\DFaiswU.exe
  C:\Windows\System\DFaiswU.exe
  2⤵
  PID:14496
- C:\Windows\System\IgyaSoq.exe
  C:\Windows\System\IgyaSoq.exe
  2⤵
  PID:14524
- C:\Windows\System\VipCmEf.exe
  C:\Windows\System\VipCmEf.exe
  2⤵
  PID:9260
- C:\Windows\System\JDePXus.exe
  C:\Windows\System\JDePXus.exe
  2⤵
  PID:14580
- C:\Windows\System\MZddQay.exe
  C:\Windows\System\MZddQay.exe
  2⤵
  PID:14632
- C:\Windows\System\GlFasvE.exe
  C:\Windows\System\GlFasvE.exe
  2⤵
  PID:9452
- C:\Windows\System\YqSrbON.exe
  C:\Windows\System\YqSrbON.exe
  2⤵
  PID:14708
- C:\Windows\System\QxKkziA.exe
  C:\Windows\System\QxKkziA.exe
  2⤵
  PID:9592
- C:\Windows\System\mWXAoJn.exe
  C:\Windows\System\mWXAoJn.exe
  2⤵
  PID:14820
- C:\Windows\System\LzcFBYu.exe
  C:\Windows\System\LzcFBYu.exe
  2⤵
  PID:9760
- C:\Windows\System\lBzSyiE.exe
  C:\Windows\System\lBzSyiE.exe
  2⤵
  PID:14904
- C:\Windows\System\UmgHRza.exe
  C:\Windows\System\UmgHRza.exe
  2⤵
  PID:14960
- C:\Windows\System\VSVXtrE.exe
  C:\Windows\System\VSVXtrE.exe
  2⤵
  PID:10060
- C:\Windows\System\wyNBzTE.exe
  C:\Windows\System\wyNBzTE.exe
  2⤵
  PID:15028
- C:\Windows\System\izLYyAC.exe
  C:\Windows\System\izLYyAC.exe
  2⤵
  PID:10188
- C:\Windows\System\yitcFPB.exe
  C:\Windows\System\yitcFPB.exe
  2⤵
  PID:15112
- C:\Windows\System\KgMaKJT.exe
  C:\Windows\System\KgMaKJT.exe
  2⤵
  PID:9268
- C:\Windows\System\NZAWLft.exe
  C:\Windows\System\NZAWLft.exe
  2⤵
  PID:2284
- C:\Windows\System\FWItHOy.exe
  C:\Windows\System\FWItHOy.exe
  2⤵
  PID:15272
- C:\Windows\System\ylrLDlN.exe
  C:\Windows\System\ylrLDlN.exe
  2⤵
  PID:15336
- C:\Windows\System\xQkxhdX.exe
  C:\Windows\System\xQkxhdX.exe
  2⤵
  PID:10092
- C:\Windows\System\cDvlowQ.exe
  C:\Windows\System\cDvlowQ.exe
  2⤵
  PID:9796
- C:\Windows\System\cPscUQK.exe
  C:\Windows\System\cPscUQK.exe
  2⤵
  PID:7520
- C:\Windows\System\etvpOqX.exe
  C:\Windows\System\etvpOqX.exe
  2⤵
  PID:10160
- C:\Windows\System\WjpTlct.exe
  C:\Windows\System\WjpTlct.exe
  2⤵
  PID:4948
- C:\Windows\System\NFgrWAB.exe
  C:\Windows\System\NFgrWAB.exe
  2⤵
  PID:1180
- C:\Windows\System\QxNAcwJ.exe
  C:\Windows\System\QxNAcwJ.exe
  2⤵
  PID:14688
- C:\Windows\System\libtdpB.exe
  C:\Windows\System\libtdpB.exe
  2⤵
  PID:14800
- C:\Windows\System\rnGxvFv.exe
  C:\Windows\System\rnGxvFv.exe
  2⤵
  PID:14876
- C:\Windows\System\lLCNtVP.exe
  C:\Windows\System\lLCNtVP.exe
  2⤵
  PID:14944
- C:\Windows\System\cSXKavz.exe
  C:\Windows\System\cSXKavz.exe
  2⤵
  PID:15024
- C:\Windows\System\MMfsGJw.exe
  C:\Windows\System\MMfsGJw.exe
  2⤵
  PID:15072
- C:\Windows\System\GjHLsYP.exe
  C:\Windows\System\GjHLsYP.exe
  2⤵
  PID:15188
- C:\Windows\System\RzIuMDA.exe
  C:\Windows\System\RzIuMDA.exe
  2⤵
  PID:15256
- C:\Windows\System\xtStHFM.exe
  C:\Windows\System\xtStHFM.exe
  2⤵
  PID:3244
- C:\Windows\System\XOkwQPw.exe
  C:\Windows\System\XOkwQPw.exe
  2⤵
  PID:14484
- C:\Windows\System\SlcbqTu.exe
  C:\Windows\System\SlcbqTu.exe
  2⤵
  PID:9292
- C:\Windows\System\WPAVjOk.exe
  C:\Windows\System\WPAVjOk.exe
  2⤵
  PID:9324
- C:\Windows\System\OTZTrdw.exe
  C:\Windows\System\OTZTrdw.exe
  2⤵
  PID:9336
- C:\Windows\System\XNRDqxg.exe
  C:\Windows\System\XNRDqxg.exe
  2⤵
  PID:14884
- C:\Windows\System\NTGvcce.exe
  C:\Windows\System\NTGvcce.exe
  2⤵
  PID:8340
- C:\Windows\System\DSMQivK.exe
  C:\Windows\System\DSMQivK.exe
  2⤵
  PID:15056
- C:\Windows\System\qKfCdDm.exe
  C:\Windows\System\qKfCdDm.exe
  2⤵
  PID:10992
- C:\Windows\System\ikPNFhg.exe
  C:\Windows\System\ikPNFhg.exe
  2⤵
  PID:9844
- C:\Windows\System\KdqKxlf.exe
  C:\Windows\System\KdqKxlf.exe
  2⤵
  PID:11032
- C:\Windows\System\yFJUGJs.exe
  C:\Windows\System\yFJUGJs.exe
  2⤵
  PID:10780
- C:\Windows\System\YPlVhxo.exe
  C:\Windows\System\YPlVhxo.exe
  2⤵
  PID:14940
- C:\Windows\System\AoYTdki.exe
  C:\Windows\System\AoYTdki.exe
  2⤵
  PID:11148
- C:\Windows\System\IjhaDHV.exe
  C:\Windows\System\IjhaDHV.exe
  2⤵
  PID:11220
- C:\Windows\System\CvFukeu.exe
  C:\Windows\System\CvFukeu.exe
  2⤵
  PID:10224
- C:\Windows\System\WZiHgtQ.exe
  C:\Windows\System\WZiHgtQ.exe
  2⤵
  PID:10296
- C:\Windows\System\xphwTQe.exe
  C:\Windows\System\xphwTQe.exe
  2⤵
  PID:10376
- C:\Windows\System\eibafeP.exe
  C:\Windows\System\eibafeP.exe
  2⤵
  PID:5812
- C:\Windows\System\CbYFAgz.exe
  C:\Windows\System\CbYFAgz.exe
  2⤵
  PID:10632
- C:\Windows\System\wXvqfTS.exe
  C:\Windows\System\wXvqfTS.exe
  2⤵
  PID:11116
- C:\Windows\System\hZrajuw.exe
  C:\Windows\System\hZrajuw.exe
  2⤵
  PID:10424
- C:\Windows\System\aioCxmA.exe
  C:\Windows\System\aioCxmA.exe
  2⤵
  PID:10952
- C:\Windows\System\OxPKJYT.exe
  C:\Windows\System\OxPKJYT.exe
  2⤵
  PID:11076
- C:\Windows\System\YQdDZkY.exe
  C:\Windows\System\YQdDZkY.exe
  2⤵
  PID:10816
- C:\Windows\System\rFcwTWh.exe
  C:\Windows\System\rFcwTWh.exe
  2⤵
  PID:1484
- C:\Windows\System\Hvxuwus.exe
  C:\Windows\System\Hvxuwus.exe
  2⤵
  PID:3580
- C:\Windows\System\mKGqZLj.exe
  C:\Windows\System\mKGqZLj.exe
  2⤵
  PID:4864
- C:\Windows\System\JzakpLz.exe
  C:\Windows\System\JzakpLz.exe
  2⤵
  PID:11152
- C:\Windows\System\GIXXsxa.exe
  C:\Windows\System\GIXXsxa.exe
  2⤵
  PID:10788
- C:\Windows\System\KIGFRCU.exe
  C:\Windows\System\KIGFRCU.exe
  2⤵
  PID:11160
- C:\Windows\System\WvDhzav.exe
  C:\Windows\System\WvDhzav.exe
  2⤵
  PID:4704
- C:\Windows\System\wSiLRYJ.exe
  C:\Windows\System\wSiLRYJ.exe
  2⤵
  PID:3260
- C:\Windows\System\AnamxMW.exe
  C:\Windows\System\AnamxMW.exe
  2⤵
  PID:3620
- C:\Windows\System\wFaiofm.exe
  C:\Windows\System\wFaiofm.exe
  2⤵
  PID:15376
- C:\Windows\System\AFKKBWJ.exe
  C:\Windows\System\AFKKBWJ.exe
  2⤵
  PID:15404
- C:\Windows\System\lOdpIxq.exe
  C:\Windows\System\lOdpIxq.exe
  2⤵
  PID:15432
- C:\Windows\System\Gizabjb.exe
  C:\Windows\System\Gizabjb.exe
  2⤵
  PID:15460
- C:\Windows\System\Wbbpstb.exe
  C:\Windows\System\Wbbpstb.exe
  2⤵
  PID:15488
- C:\Windows\System\PxRXrri.exe
  C:\Windows\System\PxRXrri.exe
  2⤵
  PID:15516
- C:\Windows\System\SnYWZeH.exe
  C:\Windows\System\SnYWZeH.exe
  2⤵
  PID:15544
- C:\Windows\System\pYzpLkL.exe
  C:\Windows\System\pYzpLkL.exe
  2⤵
  PID:15572
- C:\Windows\System\AaWcDsp.exe
  C:\Windows\System\AaWcDsp.exe
  2⤵
  PID:15600
- C:\Windows\System\FOsoKvb.exe
  C:\Windows\System\FOsoKvb.exe
  2⤵
  PID:15640
- C:\Windows\System\wmRkOkC.exe
  C:\Windows\System\wmRkOkC.exe
  2⤵
  PID:15660
- C:\Windows\System\MwGvndf.exe
  C:\Windows\System\MwGvndf.exe
  2⤵
  PID:15688
- C:\Windows\System\AOdIHtQ.exe
  C:\Windows\System\AOdIHtQ.exe
  2⤵
  PID:15716
- C:\Windows\System\todNrnK.exe
  C:\Windows\System\todNrnK.exe
  2⤵
  PID:15744
- C:\Windows\System\wCLuOkK.exe
  C:\Windows\System\wCLuOkK.exe
  2⤵
  PID:15772
- C:\Windows\System\FANUiwG.exe
  C:\Windows\System\FANUiwG.exe
  2⤵
  PID:15800
- C:\Windows\System\HjgNvHT.exe
  C:\Windows\System\HjgNvHT.exe
  2⤵
  PID:15828
- C:\Windows\System\YzipgKF.exe
  C:\Windows\System\YzipgKF.exe
  2⤵
  PID:15856
- C:\Windows\System\CaetCkD.exe
  C:\Windows\System\CaetCkD.exe
  2⤵
  PID:15884
- C:\Windows\System\OoglsDO.exe
  C:\Windows\System\OoglsDO.exe
  2⤵
  PID:15912
- C:\Windows\System\cFVuPsF.exe
  C:\Windows\System\cFVuPsF.exe
  2⤵
  PID:15940
- C:\Windows\System\zXjAZBE.exe
  C:\Windows\System\zXjAZBE.exe
  2⤵
  PID:15968
- C:\Windows\System\dwdFgfz.exe
  C:\Windows\System\dwdFgfz.exe
  2⤵
  PID:15996
- C:\Windows\System\XztXVEC.exe
  C:\Windows\System\XztXVEC.exe
  2⤵
  PID:16024
- C:\Windows\System\vZNFBDe.exe
  C:\Windows\System\vZNFBDe.exe
  2⤵
  PID:16052
- C:\Windows\System\eWOZgis.exe
  C:\Windows\System\eWOZgis.exe
  2⤵
  PID:16080
- C:\Windows\System\RVhetJY.exe
  C:\Windows\System\RVhetJY.exe
  2⤵
  PID:16108
- C:\Windows\System\ZsYuDAy.exe
  C:\Windows\System\ZsYuDAy.exe
  2⤵
  PID:16136
- C:\Windows\System\qNfquOT.exe
  C:\Windows\System\qNfquOT.exe
  2⤵
  PID:16164
- C:\Windows\System\mQnYtwj.exe
  C:\Windows\System\mQnYtwj.exe
  2⤵
  PID:16192
- C:\Windows\System\qSnwaAb.exe
  C:\Windows\System\qSnwaAb.exe
  2⤵
  PID:16220
- C:\Windows\System\NxqpmZJ.exe
  C:\Windows\System\NxqpmZJ.exe
  2⤵
  PID:16248
- C:\Windows\System\QZRUoln.exe
  C:\Windows\System\QZRUoln.exe
  2⤵
  PID:16276
- C:\Windows\System\NmUlqZi.exe
  C:\Windows\System\NmUlqZi.exe
  2⤵
  PID:16320
- C:\Windows\System\cPgquZP.exe
  C:\Windows\System\cPgquZP.exe
  2⤵
  PID:16336
- C:\Windows\System\LnQfpMI.exe
  C:\Windows\System\LnQfpMI.exe
  2⤵
  PID:16364
- C:\Windows\System\DtrxQvk.exe
  C:\Windows\System\DtrxQvk.exe
  2⤵
  PID:15388
- C:\Windows\System\VJxKSbv.exe
  C:\Windows\System\VJxKSbv.exe
  2⤵
  PID:15444
- C:\Windows\System\qIDKpfp.exe
  C:\Windows\System\qIDKpfp.exe
  2⤵
  PID:15484
- C:\Windows\System\oOKoaQG.exe
  C:\Windows\System\oOKoaQG.exe
  2⤵
  PID:15540
- C:\Windows\System\AONWfEe.exe
  C:\Windows\System\AONWfEe.exe
  2⤵
  PID:15592
- C:\Windows\System\eitFMDd.exe
  C:\Windows\System\eitFMDd.exe
  2⤵
  PID:15636
- C:\Windows\System\tUoeGMj.exe
  C:\Windows\System\tUoeGMj.exe
  2⤵
  PID:11296
- C:\Windows\System\bdjBEDX.exe
  C:\Windows\System\bdjBEDX.exe
  2⤵
  PID:11316
- C:\Windows\System\jcNMlSr.exe
  C:\Windows\System\jcNMlSr.exe
  2⤵
  PID:11364
- C:\Windows\System\KPkQslh.exe
  C:\Windows\System\KPkQslh.exe
  2⤵
  PID:11424
- C:\Windows\System\buFWrqa.exe
  C:\Windows\System\buFWrqa.exe
  2⤵
  PID:15820
- C:\Windows\System\zNFXyWV.exe
  C:\Windows\System\zNFXyWV.exe
  2⤵
  PID:15896
- C:\Windows\System\VGTCAxQ.exe
  C:\Windows\System\VGTCAxQ.exe
  2⤵
  PID:15960
- C:\Windows\System\yjaRASk.exe
  C:\Windows\System\yjaRASk.exe
  2⤵
  PID:16020
- C:\Windows\System\nZZAsEc.exe
  C:\Windows\System\nZZAsEc.exe
  2⤵
  PID:16092
- C:\Windows\System\DVNjkNR.exe
  C:\Windows\System\DVNjkNR.exe
  2⤵
  PID:16156
- C:\Windows\System\exsKDZq.exe
  C:\Windows\System\exsKDZq.exe
  2⤵
  PID:9088
- C:\Windows\System\FniMXis.exe
  C:\Windows\System\FniMXis.exe
  2⤵
  PID:16260
- C:\Windows\System\SWwEnLO.exe
  C:\Windows\System\SWwEnLO.exe
  2⤵
  PID:11876
- C:\Windows\System\CKSSOyL.exe
  C:\Windows\System\CKSSOyL.exe
  2⤵
  PID:16332
- C:\Windows\System\iHCNLjN.exe
  C:\Windows\System\iHCNLjN.exe
  2⤵
  PID:15400
- C:\Windows\System\uiDHPuC.exe
  C:\Windows\System\uiDHPuC.exe
  2⤵
  PID:11916
- C:\Windows\System\EUtmFga.exe
  C:\Windows\System\EUtmFga.exe
  2⤵
  PID:15568
- C:\Windows\System\YHSMvBw.exe
  C:\Windows\System\YHSMvBw.exe
  2⤵
  PID:11968
- C:\Windows\System\OagnIIs.exe
  C:\Windows\System\OagnIIs.exe
  2⤵
  PID:15672
- C:\Windows\System\qWMtICl.exe
  C:\Windows\System\qWMtICl.exe
  2⤵
  PID:15736
- C:\Windows\System\vlhzSML.exe
  C:\Windows\System\vlhzSML.exe
  2⤵
  PID:15824
- C:\Windows\System\RkOtHxG.exe
  C:\Windows\System\RkOtHxG.exe
  2⤵
  PID:15880
- C:\Windows\System\SSTUQlA.exe
  C:\Windows\System\SSTUQlA.exe
  2⤵
  PID:16008
- C:\Windows\System\DIlBSZW.exe
  C:\Windows\System\DIlBSZW.exe
  2⤵
  PID:16148
- C:\Windows\System\gCkJROl.exe
  C:\Windows\System\gCkJROl.exe
  2⤵
  PID:9176
- C:\Windows\System\hdbrpEN.exe
  C:\Windows\System\hdbrpEN.exe
  2⤵
  PID:8488
- C:\Windows\System\beAxTuz.exe
  C:\Windows\System\beAxTuz.exe
  2⤵
  PID:3000
- C:\Windows\System\mNBdNJc.exe
  C:\Windows\System\mNBdNJc.exe
  2⤵
  PID:11324
- C:\Windows\System\jtHZGmd.exe
  C:\Windows\System\jtHZGmd.exe
  2⤵
  PID:15812
- C:\Windows\System\cWahhwu.exe
  C:\Windows\System\cWahhwu.exe
  2⤵
  PID:16016
- C:\Windows\System\OFznJrP.exe
  C:\Windows\System\OFznJrP.exe
  2⤵
  PID:9376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BRQAqTC.exe

Filesize
6.0MB

MD5
4aa3c65a38d4291155db13a753918a36

SHA1
b2e7a238aa13e432d0fb0a7ec23f2af9e9a8110b

SHA256
18d934765446cda43aca3d368013105df309bd4dc681b0fdf5b428301256b70c

SHA512
84699546520152365da62614f12dc5de8c4318a4302fbe70e669512dadd6933c02245fb0498087b7d73d0c926f6e4c9797b792495a4bbc6d348ce81991c3ea4b

Download Submit
C:\Windows\System\HFbCuRP.exe

Filesize
6.0MB

MD5
f86928ead5697c928970b0124f1ff0c5

SHA1
4044d94bb4d6b2accd1191080d0b2d818838f0e1

SHA256
9ec2272bace2ba85a625f5f5aa7b63387ef13b2d0457791dd738c68bb280a56a

SHA512
27343bd1e24718241fd7fe4b4764f6c5de0ee3bc132f8cc63c1b6413c5c854fa8987226f469749a0b68c8528909dd723c37c233187fc639bbc19b97ae9545377

Download Submit
C:\Windows\System\IdaQWVG.exe

Filesize
6.0MB

MD5
8ecc774c83c7ec04bdc1d0d9904c7bc5

SHA1
da8d6b0485c91a070fa43a956d0598dd13dd1f1d

SHA256
074d76bebe7bcb4700796ad811e536127c400c1eb504fd8a27ea192acefb4a9b

SHA512
3f7a2a788c54669e163cbfd57e60a7b35a8ef6fe97d3583fb3519ce55e88f3515765e123bb800fdd6ea4cc0920830dfe3eede91ad27277f69a6152514adc74c0

Download Submit
C:\Windows\System\JcIbsID.exe

Filesize
6.0MB

MD5
f8da48e16005eaaac5807a92838dd8a3

SHA1
4937967899ec67a1caf13ecee131895f42529178

SHA256
9e86a0cb48855b5e9c028cbf195bc59c39f9e655132172af76394cfea4a6dc65

SHA512
cb4855f5b425683dd14b94a0eaf0b4f67961936726636cf1ee2884023bec11137652611f583ee9585cef33525ddd908f1f00570f041ac6ee8af25a9612fecaa2

Download Submit
C:\Windows\System\MCotuzb.exe

Filesize
6.0MB

MD5
67cdb527651aa38b0aa54a278bf575a6

SHA1
99b208d556ae9fb484ee6b706eaf8f4f182fa709

SHA256
63d3b9b438d669e31a4b1268dfacb663810d072b63dbd500b4d845390fd5e299

SHA512
a8f24e7dc347dd3e94b9725b7eef800b4a2b0664aa938b7871a451a53491805be8cec02c7708890d85730281c6fc754820d95299fc3146a226b6dfc743dd1842

Download Submit
C:\Windows\System\MpBmiIE.exe

Filesize
6.0MB

MD5
2d5901f81e4b70b7baebd7a3998b8099

SHA1
08640fc87d3feb3329290b39da6306044e26f623

SHA256
533d55d5418b58283a25453d8c336a9297c57d06dd9473f25b7ff7d7ba305eab

SHA512
968b09d76f45cdbfb1118ac25fd7ae7fb91b8a61164fa897d78dbeb677399808e38fb1a04b1b8754814e51db8505c40934251246d53593608764f13a5b2cf24f

Download Submit
C:\Windows\System\OHDHiTu.exe

Filesize
6.0MB

MD5
3b1ca04bc2cf93cfa1bd9ee207bb9273

SHA1
be2eee9b41d1fef29c1836aa36c5d00144fef118

SHA256
958ab8a6a8b59e5bf774d97c06c4f9dbac5098f3d6389dfc8900cf7b50fc9b55

SHA512
0a99843d5223aa00d8cacad94020a16eed17d9c62abd7d60226d81eb44bb4df7d8f69f093201d0c7489aaa930843be66f64020a967251a555e73b12fd4b980f1

Download Submit
C:\Windows\System\PZDRpWH.exe

Filesize
6.0MB

MD5
a5ba2407b83b7938c16b1d8eada99201

SHA1
72c58788312320345d1caebef407e97685710816

SHA256
b06d432d19d157641957e32325b7c8ad6851ef55741e21376e53971aaee3f1f7

SHA512
3ca8b92b57cb51591b49881ba121184f8b3ddc40c2d831ddedce1da6c6d87d148adc2385a2d89064ae68d7c15118f843d850246be5b7eb91995c33cf9d702e8c

Download Submit
C:\Windows\System\RSAsyOJ.exe

Filesize
6.0MB

MD5
d6a0e59e0b0956542c95f9795d936705

SHA1
636bcd9d71631ca13a038c7e819635706870cdf4

SHA256
52044b953781c34c3c8478678bd375673c5dd31e873d9558d3214a15326d681c

SHA512
7ffab82693e1e6a3c4b42d245b0e01469a9225a26af060b8f0f3706eaeaf0b0bade7f5f0a89cfea33a934ddf17deead5b4ec69d02b3342a1caf230ca94581040

Download Submit
C:\Windows\System\RnTEEEb.exe

Filesize
6.0MB

MD5
8605d2035207debeb5a500fb0cd70eb0

SHA1
be41688202f2d0e4ee1bd180ddf6177be3355728

SHA256
a2a4a84a152712a3f0ea0b527d2ed4380d2a6b1f1a2a12ef2cae6aec2efa6eec

SHA512
bbf0aa6abf789cff387d17d2b41efb02b7dd898118e4386ac846a7c03c6e58e0948118eac3ae016ce6a34197c5efdbd771a297a3e73f73a2e413f25c819cefb4

Download Submit
C:\Windows\System\VxipTGg.exe

Filesize
6.0MB

MD5
2c93af764335f5ac683fa44f3f281d88

SHA1
219897c1d46b57851200fa45cfe5635772d4dbbe

SHA256
30d0d1b74eb08c5f8e1fe24c445f45a550b730e4f76e622211bb928f7119752e

SHA512
05616414a0276c33240ca79408869553309cc71d67bc010f0a35c2c662f9c65ccaba6c395097bc99da8230e90eabd03d021451f3d9c2f696e6ab9c27dd6be501

Download Submit
C:\Windows\System\XBQbWYA.exe

Filesize
6.0MB

MD5
d2bd0515a30e63c8c1d66e2d7e437a15

SHA1
e0bf49547a88604cbe3d2cc3df9699201fb432a4

SHA256
a01db61e7598201e0222ec0b4059ddaecc78c58721835f446cba3c844ffe7d3f

SHA512
c7ab18065f208094508fa9bf2a0b7de25480bda63e68c532857ea3eecd841a7023a2c73954a11bd6fc7d9e63e0af8cae5a6f85c3ea3bb132fd7036c495551514

Download Submit
C:\Windows\System\bDSFByd.exe

Filesize
6.0MB

MD5
3bea3e21954f1d07fbe10a9992b6ea09

SHA1
cab759e6e6768987927973e95f65c0c2c66d3e10

SHA256
888646e4683b126d435e4d089b81ff0cc302490981f57852334d645984947d13

SHA512
92f3668ebc9bcdafc0ca6f0c891af921f606bdbd649ab582d00d9c03808b63991145c10095227f38119304d8a44d82d974ffc321239d23545303d2be836dc5a6

Download Submit
C:\Windows\System\bISucmg.exe

Filesize
6.0MB

MD5
fe26ffd53e79825ed2384f9cd5c900d6

SHA1
372368aa9b67237658d31089294c9353b3e816fc

SHA256
6636551f9e43b36f026ce8226f9ca59433cef0f9db83512ef99e005e8083453a

SHA512
3008102cd07178fa05430c19aa04f1979ae72e10215eba4ba3f55ab872abefb853dbb9e941c77a31c5184a1926c6013b60b8f9a380dae283183fa82015f9d6c6

Download Submit
C:\Windows\System\cTHtPSe.exe

Filesize
6.0MB

MD5
2ba91a153043bb4652fb9607151e5d74

SHA1
a5f1a7e1005461e38649459238ea5dafe91d9ec7

SHA256
40e771ff5472e3badc4397d6de5b7fe7947ea34145816ff4e00b0d97fcba204c

SHA512
5f263039c760df1522853035c4488b5dd78da0076e0c87dd68930ac5c097c5bb7db9dbf52f5f7e3af6cc6b3bc83c6caf56a6f53ead9abd14e23e09f41364f199

Download Submit
C:\Windows\System\gTgnvmY.exe

Filesize
6.0MB

MD5
8237c4aa7bf142f6fc62729c05266859

SHA1
b6803d894adc5b0e55d7d8eaf21b2baa177f3aff

SHA256
fdf976a24d67aa431b52762d5ee7c1a0d5c8ba28299f53fc655cc65c03138b80

SHA512
ddf8628af883ea0c34bd6d2fb1c395d63e90d240b88c3e2b9746962eb1f46e747a8f242c1ab3600a3ec206491b11cd5ca2bd181bae2e5f29fefa7600f7dadabe

Download Submit
C:\Windows\System\hXncZyC.exe

Filesize
6.0MB

MD5
5c097e9fb259a7b9aedbe63828b994e8

SHA1
b1f67a367a21e8d75e24a079aa8b0ebf587bd3f4

SHA256
1d1647f17bd387b25860ac8a9ce39d399100d4f71f476e7044a4eca621041acc

SHA512
651876d435dd2dc9db580140618baa11faf7941624dbfbdaed7c73943336e4037d9a35692ecbc58d6c0ed6e2bac670c29d34bfd8aae4ca2f3b328cc9c142aa80

Download Submit
C:\Windows\System\oeSSOzb.exe

Filesize
6.0MB

MD5
3f8c10b9fa2ba6fe18cb8a425e2fa054

SHA1
5f593f5430b1ceb1665a622c0a58a8ba3c238420

SHA256
68f748481fd92bc3e9cc0fe11c26e1be23d4b108e6a365bc5eafeb33c24ecd31

SHA512
d793ca42840f0794318b8c14f68e4602a30809e6f9e3cc4ce3a851839b2bf4d037dc4e332f8194fc00236e008a75cb849685305a51f72e13d61c833c3b28096e

Download Submit
C:\Windows\System\pxLSTIH.exe

Filesize
6.0MB

MD5
9e9d433712a8ef4954c5c7c5bc843a22

SHA1
506bff550a392c377dfcc3ad7a736594ee06ab28

SHA256
49629f05ca7b9084af53e2f214c09a6fd011e252edc741dda4b8eaab802a103e

SHA512
02a0ac320e08f24085e8a0ce9837ceec94b9f15a540b79ee4d6cd5087a5f8c67a68fa4d7e0cbe9984f4294a334667f6050bc6b9c663a336f603a5cc923745971

Download Submit
C:\Windows\System\qdhnTXP.exe

Filesize
6.0MB

MD5
b96c550550f7b2445d1c59f25900a8f7

SHA1
ac22ce06d206e1b11b27bedde86fff60968c8a8a

SHA256
1a35bdc4448a4e3a34a8d71675d96d19d0afcb884050c6cc2aa485c75d359cb6

SHA512
dd66f08ed35588351c8feb31bb0b4e7c7c752b011a2d396178257befa589f106df146df1f018eb6a7f5c29261cc4aec08e26adb600466ac734b449e30f2857ec

Download Submit
C:\Windows\System\rfVmgDS.exe

Filesize
6.0MB

MD5
7903b9a1a668dd00c6333cd9d415da56

SHA1
a1781ac980d8626fa521c6c1774816977bc176a3

SHA256
0d791e3941b011b013fc01acd8f7d3075d21988c6541edb544f742c8eb4d57e4

SHA512
c9fd93b7f00ed2c5461b3c0b7bdcfeae0b3a6d4c04b42c92ee3a3d97d922a831d86772ce6bf3af7739b3aa5c1294e7f1456ad25af1f1c3a06d095afdeb53cbac

Download Submit
C:\Windows\System\rwpcQjZ.exe

Filesize
6.0MB

MD5
d76218c1e1667274e6322d5bebdd7991

SHA1
78e8e1a74504c1976b1fda89aa503c2af7c9f3c7

SHA256
08e1d346718c3436f0aa02aee316440dc04f6b0a94db8bcad3972c5d3431efbd

SHA512
10b0018821014ab193b5b540750c3a85dbf9b0596be0360a3a18147bf467523f11b60298311a34c15952e77b63f39885deacb7213a21ae66e33e785e43cf38b7

Download Submit
C:\Windows\System\rzOtgSD.exe

Filesize
6.0MB

MD5
ee38aae098cb0fde61aa1221bdbff913

SHA1
3b4893ea277014c8781d00540afe429386cca7dc

SHA256
a35262820f3aa3badf4afe0e6ecfc942996b253729975473b1f02ab12492f84b

SHA512
5a993e49d417751aa1611e8be2c7e48a6a3ca20ddff8bf1694db3deff301a81ebc5e690ef436a0b676be7f1e5a2d03e21d15b063ed03bb059b7c81fa9e559230

Download Submit
C:\Windows\System\sozWxEW.exe

Filesize
6.0MB

MD5
a4a7fdbeb537b2a2847d6f2e8849da0b

SHA1
56d4ab56045bc4787df5e29243060ed6d9262dab

SHA256
76cde06f56f89a21bffcb207732e7e71f8cd93b4a3f29d9aa1860105a08336a4

SHA512
dba516553b47c21064629f88d901d7f80902932e2bcf01272c897d1c34ace66a947fc4544113394c615b0049f045fb90acd29e7489942e0f926157c89fff9b98

Download Submit
C:\Windows\System\tkRZywT.exe

Filesize
6.0MB

MD5
643b4d0d66351c3ec675fc191b216246

SHA1
986fb30fc0c5afb0e51259a2c75dfbb5755a41a9

SHA256
651d2ddbe34c61a669b06bb8328d487b907a367aaf554b770dc2bcb685cfbf7d

SHA512
7c4e413afdf6ebe2d270b39a5105362e54538da7b73901e7749a3bd2e9d0297ca72f3a0c73d78db248cd94f53aaf9f40317221d5c694839b937f64a44a4e41d2

Download Submit
C:\Windows\System\uqIiOto.exe

Filesize
6.0MB

MD5
36d4c7c223f5e4d7ec3c71489d94a8dc

SHA1
37437e995efbb3e047d34409bba5b544e62d6bfd

SHA256
7b2af342eff6053dbc97537fc96a8039d5918191e81aaf2cfd395741ba7d8bec

SHA512
9b8cf8ddd4d866a5855492243e724115d980228d15a32454adbe12da0ef8cc28eb2ccaadc75c2c5454c8f765754bcc46d879301bc30fd1d73e2134f1f2bd18ac

Download Submit
C:\Windows\System\vIjFtyZ.exe

Filesize
6.0MB

MD5
2d6c5beeb19c086b94d9c0a9353c14c9

SHA1
6a0a09299cf4232efc3b7d9a92abc1a6a2c391cb

SHA256
909d6055265eb71812155cf94707919ca94afcee18f300589df4c6ebe446a6aa

SHA512
e33d045c4cece991449b95db1b992502450bd43d07e8e044f11e30a6fd071775ab97118f6717e773d8b139485dd3dc2dfbda58d06a3cbd839d4c65993b624a43

Download Submit
C:\Windows\System\wWqTZJV.exe

Filesize
6.0MB

MD5
f549f1806ae76943164c1c6f6d300c6c

SHA1
3b5b3f2cc3a11905faca531a6b15c752d2fab1fb

SHA256
73ff466bc928a484c0b78f1aabf39097bd14dd5cc97f1458c5fcaa62de080ef1

SHA512
5f6ab74b7407d7992249104619733cf2d5f08615e1a93a34deb46b10efd6e6666031baf12585ab939d7635c33a45abaeee4081d9c2ad39bfaa8ff51484993b5b

Download Submit
C:\Windows\System\ybAvYUz.exe

Filesize
6.0MB

MD5
7c0cb01ee3a2d0d8a666eee9febb1558

SHA1
374baffcc551b4f8de83815340183323ce6d7c2e

SHA256
9dc0f817310bb769ad052994768150048662c66ce2fb362d444b3386c69d1273

SHA512
521dba5824b2a5808d31a41c2d7a77a7e2c35b0ff09d04d44602c1f90ef41dd217815fcb44a8f8df15c4d9e3d48e2469a073723f5b1cd44e71dc618fa6955381

Download Submit
C:\Windows\System\ycDdRZH.exe

Filesize
6.0MB

MD5
a32ccdc791eee2103abd33e886de44f0

SHA1
e5eab52c4bdb96b3dadfc5c7297afa310d46230a

SHA256
17e4eda45df8df8a7979bb498976eb882d19ce9658e793623c38787540b2c60d

SHA512
addb1a7c6cbc2e6aa808e335bd718cb549eeb878ae48bd13d0e10533214e7f0ffb1b67d67b17f3063e2cc8921517034515adda38ed40e8b2e82b929189d59709

Download Submit
C:\Windows\System\yrslTHA.exe

Filesize
6.0MB

MD5
dcbd30fec1066b651a773fc30128c058

SHA1
4c5823567beec5a7ceee4bc093b878ed9074cbee

SHA256
54df07ebe28f09f1dc1fb011ccd12dfba62d06b6d7135c68e853072a22fdcd89

SHA512
e20b20c5a987a10236ad47e69d34cb5c52cdc53e4bad318a0d2021a214b7b59b83ec806017533b09fb8e62d18e414c35891f56d5f2c57c5a97a0eb8b0d1f244f

Download Submit
C:\Windows\System\zEdZUbl.exe

Filesize
6.0MB

MD5
80c2ebac1f3390eb6dc6cde4615d3c71

SHA1
fc635bac8e426560b95aaf921a06d95b3c452c8b

SHA256
6487e1217fcf2f6bdb4dca070496d2a86c02b83859840cc0f4d88d30de951fa9

SHA512
db42ded9845f4393072d2bc80a5bae9726085a558af685456f15b993c28e3718e0c949de8f89c61c4f87c38ddef8c7fc9e746cd00ab5024534b17df1a24861d3

Download Submit
memory/384-1581-0x00007FF6146E0000-0x00007FF614A34000-memory.dmp

Filesize
3.3MB

Download
memory/384-927-0x00007FF6146E0000-0x00007FF614A34000-memory.dmp

Filesize
3.3MB

Download
memory/640-1653-0x00007FF69E4B0000-0x00007FF69E804000-memory.dmp

Filesize
3.3MB

Download
memory/640-922-0x00007FF69E4B0000-0x00007FF69E804000-memory.dmp

Filesize
3.3MB

Download
memory/748-885-0x00007FF68B070000-0x00007FF68B3C4000-memory.dmp

Filesize
3.3MB

Download
memory/748-1597-0x00007FF68B070000-0x00007FF68B3C4000-memory.dmp

Filesize
3.3MB

Download
memory/860-1646-0x00007FF769450000-0x00007FF7697A4000-memory.dmp

Filesize
3.3MB

Download
memory/860-926-0x00007FF769450000-0x00007FF7697A4000-memory.dmp

Filesize
3.3MB

Download
memory/1016-1604-0x00007FF6A2740000-0x00007FF6A2A94000-memory.dmp

Filesize
3.3MB

Download
memory/1016-890-0x00007FF6A2740000-0x00007FF6A2A94000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1520-0x00007FF618BD0000-0x00007FF618F24000-memory.dmp

Filesize
3.3MB

Download
memory/1508-6-0x00007FF618BD0000-0x00007FF618F24000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1121-0x00007FF618BD0000-0x00007FF618F24000-memory.dmp

Filesize
3.3MB

Download
memory/1580-886-0x00007FF7A5170000-0x00007FF7A54C4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-1602-0x00007FF7A5170000-0x00007FF7A54C4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-916-0x00007FF6660A0000-0x00007FF6663F4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1650-0x00007FF6660A0000-0x00007FF6663F4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-1595-0x00007FF637810000-0x00007FF637B64000-memory.dmp

Filesize
3.3MB

Download
memory/1684-880-0x00007FF637810000-0x00007FF637B64000-memory.dmp

Filesize
3.3MB

Download
memory/1760-924-0x00007FF68D7A0000-0x00007FF68DAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-1651-0x00007FF68D7A0000-0x00007FF68DAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-901-0x00007FF64CAC0000-0x00007FF64CE14000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1624-0x00007FF64CAC0000-0x00007FF64CE14000-memory.dmp

Filesize
3.3MB

Download
memory/2360-1-0x000001EA928D0000-0x000001EA928E0000-memory.dmp

Filesize
64KB

Download
memory/2360-1118-0x00007FF7D9D20000-0x00007FF7DA074000-memory.dmp

Filesize
3.3MB

Download
memory/2360-0-0x00007FF7D9D20000-0x00007FF7DA074000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1642-0x00007FF7C18E0000-0x00007FF7C1C34000-memory.dmp

Filesize
3.3MB

Download
memory/2512-914-0x00007FF7C18E0000-0x00007FF7C1C34000-memory.dmp

Filesize
3.3MB

Download
memory/2916-1574-0x00007FF700180000-0x00007FF7004D4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-38-0x00007FF700180000-0x00007FF7004D4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-1321-0x00007FF700180000-0x00007FF7004D4000-memory.dmp

Filesize
3.3MB

Download
memory/3212-925-0x00007FF75CC20000-0x00007FF75CF74000-memory.dmp

Filesize
3.3MB

Download
memory/3212-1649-0x00007FF75CC20000-0x00007FF75CF74000-memory.dmp

Filesize
3.3MB

Download
memory/3476-1620-0x00007FF74DB00000-0x00007FF74DE54000-memory.dmp

Filesize
3.3MB

Download
memory/3476-894-0x00007FF74DB00000-0x00007FF74DE54000-memory.dmp

Filesize
3.3MB

Download
memory/3820-1625-0x00007FF71D240000-0x00007FF71D594000-memory.dmp

Filesize
3.3MB

Download
memory/3820-904-0x00007FF71D240000-0x00007FF71D594000-memory.dmp

Filesize
3.3MB

Download
memory/3872-1591-0x00007FF7D8250000-0x00007FF7D85A4000-memory.dmp

Filesize
3.3MB

Download
memory/3872-884-0x00007FF7D8250000-0x00007FF7D85A4000-memory.dmp

Filesize
3.3MB

Download
memory/4000-892-0x00007FF758470000-0x00007FF7587C4000-memory.dmp

Filesize
3.3MB

Download
memory/4000-1618-0x00007FF758470000-0x00007FF7587C4000-memory.dmp

Filesize
3.3MB

Download
memory/4060-1641-0x00007FF7D8B00000-0x00007FF7D8E54000-memory.dmp

Filesize
3.3MB

Download
memory/4060-910-0x00007FF7D8B00000-0x00007FF7D8E54000-memory.dmp

Filesize
3.3MB

Download
memory/4132-1224-0x00007FF6955A0000-0x00007FF6958F4000-memory.dmp

Filesize
3.3MB

Download
memory/4132-1532-0x00007FF6955A0000-0x00007FF6958F4000-memory.dmp

Filesize
3.3MB

Download
memory/4132-13-0x00007FF6955A0000-0x00007FF6958F4000-memory.dmp

Filesize
3.3MB

Download
memory/4232-900-0x00007FF686070000-0x00007FF6863C4000-memory.dmp

Filesize
3.3MB

Download
memory/4232-1621-0x00007FF686070000-0x00007FF6863C4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-1571-0x00007FF7ED1A0000-0x00007FF7ED4F4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-28-0x00007FF7ED1A0000-0x00007FF7ED4F4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-1320-0x00007FF7ED1A0000-0x00007FF7ED4F4000-memory.dmp

Filesize
3.3MB

Download
memory/4508-18-0x00007FF6B5020000-0x00007FF6B5374000-memory.dmp

Filesize
3.3MB

Download
memory/4508-1228-0x00007FF6B5020000-0x00007FF6B5374000-memory.dmp

Filesize
3.3MB

Download
memory/4508-1534-0x00007FF6B5020000-0x00007FF6B5374000-memory.dmp

Filesize
3.3MB

Download
memory/4700-1652-0x00007FF608200000-0x00007FF608554000-memory.dmp

Filesize
3.3MB

Download
memory/4700-923-0x00007FF608200000-0x00007FF608554000-memory.dmp

Filesize
3.3MB

Download
memory/4776-1638-0x00007FF61F880000-0x00007FF61FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/4776-913-0x00007FF61F880000-0x00007FF61FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/4856-1623-0x00007FF6AFE60000-0x00007FF6B01B4000-memory.dmp

Filesize
3.3MB

Download
memory/4856-906-0x00007FF6AFE60000-0x00007FF6B01B4000-memory.dmp

Filesize
3.3MB

Download
memory/4984-899-0x00007FF755CB0000-0x00007FF756004000-memory.dmp

Filesize
3.3MB

Download
memory/4984-1616-0x00007FF755CB0000-0x00007FF756004000-memory.dmp

Filesize
3.3MB

Download
memory/5088-928-0x00007FF651640000-0x00007FF651994000-memory.dmp

Filesize
3.3MB

Download
memory/5088-1590-0x00007FF651640000-0x00007FF651994000-memory.dmp

Filesize
3.3MB

Download
memory/5116-915-0x00007FF7D3900000-0x00007FF7D3C54000-memory.dmp

Filesize
3.3MB

Download
memory/5116-1645-0x00007FF7D3900000-0x00007FF7D3C54000-memory.dmp

Filesize
3.3MB

Download