cobaltstrike | 0448939f66d7dbf5c6ed7ae27049623cae8ded1172ba2c1382efcfa3f0971d06

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2024 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

dc3958322836c61461821b783c09794a
SHA1

a1a98cfab70e07f96f35144b5b2678bfccf220a4
SHA256

0448939f66d7dbf5c6ed7ae27049623cae8ded1172ba2c1382efcfa3f0971d06
SHA512

29d4cddcdb868dc27f491bddac9481465a2aa70cdb9d1b7fb21e0aa953e5a42ca389ce1b5bc4eb71380f41b3137448892546e8bb97a12256d56621ff7b3f2fc8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU9:T+q56utgpPF8u/79

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\ZFpamoW.exe	cobalt_reflective_dll
C:\Windows\System\WvxSZgA.exe	cobalt_reflective_dll
C:\Windows\System\ZpHnbyy.exe	cobalt_reflective_dll
C:\Windows\System\YnCcgHw.exe	cobalt_reflective_dll
C:\Windows\System\cdKChsT.exe	cobalt_reflective_dll
C:\Windows\System\TJOmEfu.exe	cobalt_reflective_dll
C:\Windows\System\EeoZVZi.exe	cobalt_reflective_dll
C:\Windows\System\FPYKFao.exe	cobalt_reflective_dll
C:\Windows\System\kErlcIZ.exe	cobalt_reflective_dll
C:\Windows\System\aiEBWRg.exe	cobalt_reflective_dll
C:\Windows\System\UvAWdZK.exe	cobalt_reflective_dll
C:\Windows\System\PmhSPrk.exe	cobalt_reflective_dll
C:\Windows\System\ssgqFCU.exe	cobalt_reflective_dll
C:\Windows\System\mlvwchw.exe	cobalt_reflective_dll
C:\Windows\System\WANYpKi.exe	cobalt_reflective_dll
C:\Windows\System\nUZNvVI.exe	cobalt_reflective_dll
C:\Windows\System\ckcImRN.exe	cobalt_reflective_dll
C:\Windows\System\aOawaGY.exe	cobalt_reflective_dll
C:\Windows\System\dWXyfTS.exe	cobalt_reflective_dll
C:\Windows\System\hmuDNUs.exe	cobalt_reflective_dll
C:\Windows\System\KcQDdeY.exe	cobalt_reflective_dll
C:\Windows\System\UYXveae.exe	cobalt_reflective_dll
C:\Windows\System\MxzKvxa.exe	cobalt_reflective_dll
C:\Windows\System\juIoWlx.exe	cobalt_reflective_dll
C:\Windows\System\TaQOsqZ.exe	cobalt_reflective_dll
C:\Windows\System\XxvRoNE.exe	cobalt_reflective_dll
C:\Windows\System\uTbkivg.exe	cobalt_reflective_dll
C:\Windows\System\sDOOSoA.exe	cobalt_reflective_dll
C:\Windows\System\agFZVNb.exe	cobalt_reflective_dll
C:\Windows\System\xNPUfQy.exe	cobalt_reflective_dll
C:\Windows\System\ZQcdNIo.exe	cobalt_reflective_dll
C:\Windows\System\iOZvLEW.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/1320-0-0x00007FF69FED0000-0x00007FF6A0224000-memory.dmp	xmrig
C:\Windows\System\ZFpamoW.exe	xmrig
behavioral2/memory/4600-7-0x00007FF797290000-0x00007FF7975E4000-memory.dmp	xmrig
C:\Windows\System\WvxSZgA.exe	xmrig
behavioral2/memory/4624-12-0x00007FF6B9430000-0x00007FF6B9784000-memory.dmp	xmrig
C:\Windows\System\ZpHnbyy.exe	xmrig
behavioral2/memory/3640-24-0x00007FF6D6D00000-0x00007FF6D7054000-memory.dmp	xmrig
C:\Windows\System\YnCcgHw.exe	xmrig
C:\Windows\System\cdKChsT.exe	xmrig
behavioral2/memory/548-32-0x00007FF715170000-0x00007FF7154C4000-memory.dmp	xmrig
C:\Windows\System\TJOmEfu.exe	xmrig
behavioral2/memory/4292-36-0x00007FF731390000-0x00007FF7316E4000-memory.dmp	xmrig
behavioral2/memory/328-18-0x00007FF603DA0000-0x00007FF6040F4000-memory.dmp	xmrig
C:\Windows\System\EeoZVZi.exe	xmrig
behavioral2/memory/4176-42-0x00007FF7AF320000-0x00007FF7AF674000-memory.dmp	xmrig
behavioral2/memory/2264-48-0x00007FF74DEC0000-0x00007FF74E214000-memory.dmp	xmrig
C:\Windows\System\FPYKFao.exe	xmrig
behavioral2/memory/4068-54-0x00007FF6E6F10000-0x00007FF6E7264000-memory.dmp	xmrig
C:\Windows\System\kErlcIZ.exe	xmrig
C:\Windows\System\aiEBWRg.exe	xmrig
behavioral2/memory/3852-61-0x00007FF61BD90000-0x00007FF61C0E4000-memory.dmp	xmrig
behavioral2/memory/1320-60-0x00007FF69FED0000-0x00007FF6A0224000-memory.dmp	xmrig
C:\Windows\System\UvAWdZK.exe	xmrig
behavioral2/memory/2056-71-0x00007FF76F520000-0x00007FF76F874000-memory.dmp	xmrig
behavioral2/memory/4624-68-0x00007FF6B9430000-0x00007FF6B9784000-memory.dmp	xmrig
behavioral2/memory/4600-64-0x00007FF797290000-0x00007FF7975E4000-memory.dmp	xmrig
behavioral2/memory/328-74-0x00007FF603DA0000-0x00007FF6040F4000-memory.dmp	xmrig
C:\Windows\System\PmhSPrk.exe	xmrig
behavioral2/memory/1336-81-0x00007FF7FE3A0000-0x00007FF7FE6F4000-memory.dmp	xmrig
C:\Windows\System\ssgqFCU.exe	xmrig
behavioral2/memory/548-84-0x00007FF715170000-0x00007FF7154C4000-memory.dmp	xmrig
behavioral2/memory/1560-82-0x00007FF72CD60000-0x00007FF72D0B4000-memory.dmp	xmrig
behavioral2/memory/3640-79-0x00007FF6D6D00000-0x00007FF6D7054000-memory.dmp	xmrig
behavioral2/memory/4292-89-0x00007FF731390000-0x00007FF7316E4000-memory.dmp	xmrig
behavioral2/memory/4176-91-0x00007FF7AF320000-0x00007FF7AF674000-memory.dmp	xmrig
C:\Windows\System\mlvwchw.exe	xmrig
behavioral2/memory/3668-92-0x00007FF72A0D0000-0x00007FF72A424000-memory.dmp	xmrig
behavioral2/memory/2264-97-0x00007FF74DEC0000-0x00007FF74E214000-memory.dmp	xmrig
behavioral2/memory/3892-100-0x00007FF60FBD0000-0x00007FF60FF24000-memory.dmp	xmrig
C:\Windows\System\WANYpKi.exe	xmrig
C:\Windows\System\nUZNvVI.exe	xmrig
behavioral2/memory/4812-115-0x00007FF7FB6A0000-0x00007FF7FB9F4000-memory.dmp	xmrig
C:\Windows\System\ckcImRN.exe	xmrig
behavioral2/memory/4164-128-0x00007FF695B90000-0x00007FF695EE4000-memory.dmp	xmrig
C:\Windows\System\aOawaGY.exe	xmrig
C:\Windows\System\dWXyfTS.exe	xmrig
behavioral2/memory/1656-133-0x00007FF6BAE80000-0x00007FF6BB1D4000-memory.dmp	xmrig
C:\Windows\System\hmuDNUs.exe	xmrig
behavioral2/memory/2056-125-0x00007FF76F520000-0x00007FF76F874000-memory.dmp	xmrig
C:\Windows\System\KcQDdeY.exe	xmrig
behavioral2/memory/3696-112-0x00007FF723120000-0x00007FF723474000-memory.dmp	xmrig
behavioral2/memory/3852-106-0x00007FF61BD90000-0x00007FF61C0E4000-memory.dmp	xmrig
behavioral2/memory/4068-104-0x00007FF6E6F10000-0x00007FF6E7264000-memory.dmp	xmrig
behavioral2/memory/1336-142-0x00007FF7FE3A0000-0x00007FF7FE6F4000-memory.dmp	xmrig
behavioral2/memory/4464-148-0x00007FF74AC40000-0x00007FF74AF94000-memory.dmp	xmrig
behavioral2/memory/2116-159-0x00007FF609160000-0x00007FF6094B4000-memory.dmp	xmrig
C:\Windows\System\UYXveae.exe	xmrig
behavioral2/memory/3668-158-0x00007FF72A0D0000-0x00007FF72A424000-memory.dmp	xmrig
C:\Windows\System\MxzKvxa.exe	xmrig
behavioral2/memory/4044-152-0x00007FF65BFD0000-0x00007FF65C324000-memory.dmp	xmrig
C:\Windows\System\juIoWlx.exe	xmrig
behavioral2/memory/4524-145-0x00007FF6B44A0000-0x00007FF6B47F4000-memory.dmp	xmrig
behavioral2/memory/1560-144-0x00007FF72CD60000-0x00007FF72D0B4000-memory.dmp	xmrig
behavioral2/memory/1584-139-0x00007FF646E00000-0x00007FF647154000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

ZFpamoW.exeWvxSZgA.exeZpHnbyy.exeYnCcgHw.execdKChsT.exeTJOmEfu.exeEeoZVZi.exekErlcIZ.exeFPYKFao.exeaiEBWRg.exeUvAWdZK.exePmhSPrk.exessgqFCU.exemlvwchw.exeWANYpKi.exenUZNvVI.exeKcQDdeY.execkcImRN.exehmuDNUs.exeaOawaGY.exedWXyfTS.exejuIoWlx.exeMxzKvxa.exeUYXveae.exeuTbkivg.exeTaQOsqZ.exeXxvRoNE.exesDOOSoA.exeagFZVNb.exexNPUfQy.exeZQcdNIo.exeiOZvLEW.exeIzjqttT.exeLhLirYs.exevlMmLAI.exetHWqkJu.exeuGcsxIf.exekFagvPg.exeYulOzIG.exeNpsAjav.exeFbuANAH.exekNkFjKu.exeCcjMsgu.exePJOAHty.exewCnsHbN.exeLOLJDbv.exeKlEBHEB.exeVaiRysO.exexgGaRGS.exelhzmxsV.exeBqlhQTf.exeLNwXYor.exePvZEhHR.exeYkSeJoD.exeBaVQPqe.exeRARszzg.exeUaZrVUa.exeEsklNGl.exesVxuvUn.exeywzAhpY.exeWNRZURM.exeuTJwvXG.exeIbcyfFM.exeMsrKOMa.exe

pid	process
4600	ZFpamoW.exe
4624	WvxSZgA.exe
328	ZpHnbyy.exe
3640	YnCcgHw.exe
548	cdKChsT.exe
4292	TJOmEfu.exe
4176	EeoZVZi.exe
2264	kErlcIZ.exe
4068	FPYKFao.exe
3852	aiEBWRg.exe
2056	UvAWdZK.exe
1336	PmhSPrk.exe
1560	ssgqFCU.exe
3668	mlvwchw.exe
3892	WANYpKi.exe
3696	nUZNvVI.exe
4812	KcQDdeY.exe
4164	ckcImRN.exe
1656	hmuDNUs.exe
1584	aOawaGY.exe
4524	dWXyfTS.exe
4464	juIoWlx.exe
4044	MxzKvxa.exe
2116	UYXveae.exe
4304	uTbkivg.exe
5036	TaQOsqZ.exe
4644	XxvRoNE.exe
1284	sDOOSoA.exe
1192	agFZVNb.exe
4904	xNPUfQy.exe
1660	ZQcdNIo.exe
2484	iOZvLEW.exe
2456	IzjqttT.exe
4740	LhLirYs.exe
1844	vlMmLAI.exe
2200	tHWqkJu.exe
1224	uGcsxIf.exe
4064	kFagvPg.exe
2012	YulOzIG.exe
3328	NpsAjav.exe
1380	FbuANAH.exe
3552	kNkFjKu.exe
3160	CcjMsgu.exe
1204	PJOAHty.exe
2500	wCnsHbN.exe
3700	LOLJDbv.exe
2660	KlEBHEB.exe
3900	VaiRysO.exe
1980	xgGaRGS.exe
680	lhzmxsV.exe
984	BqlhQTf.exe
4528	LNwXYor.exe
2772	PvZEhHR.exe
2260	YkSeJoD.exe
3440	BaVQPqe.exe
1692	RARszzg.exe
3000	UaZrVUa.exe
752	EsklNGl.exe
4208	sVxuvUn.exe
3984	ywzAhpY.exe
456	WNRZURM.exe
3684	uTJwvXG.exe
1220	IbcyfFM.exe
3548	MsrKOMa.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1320-0-0x00007FF69FED0000-0x00007FF6A0224000-memory.dmp	upx
C:\Windows\System\ZFpamoW.exe	upx
behavioral2/memory/4600-7-0x00007FF797290000-0x00007FF7975E4000-memory.dmp	upx
C:\Windows\System\WvxSZgA.exe	upx
behavioral2/memory/4624-12-0x00007FF6B9430000-0x00007FF6B9784000-memory.dmp	upx
C:\Windows\System\ZpHnbyy.exe	upx
behavioral2/memory/3640-24-0x00007FF6D6D00000-0x00007FF6D7054000-memory.dmp	upx
C:\Windows\System\YnCcgHw.exe	upx
C:\Windows\System\cdKChsT.exe	upx
behavioral2/memory/548-32-0x00007FF715170000-0x00007FF7154C4000-memory.dmp	upx
C:\Windows\System\TJOmEfu.exe	upx
behavioral2/memory/4292-36-0x00007FF731390000-0x00007FF7316E4000-memory.dmp	upx
behavioral2/memory/328-18-0x00007FF603DA0000-0x00007FF6040F4000-memory.dmp	upx
C:\Windows\System\EeoZVZi.exe	upx
behavioral2/memory/4176-42-0x00007FF7AF320000-0x00007FF7AF674000-memory.dmp	upx
behavioral2/memory/2264-48-0x00007FF74DEC0000-0x00007FF74E214000-memory.dmp	upx
C:\Windows\System\FPYKFao.exe	upx
behavioral2/memory/4068-54-0x00007FF6E6F10000-0x00007FF6E7264000-memory.dmp	upx
C:\Windows\System\kErlcIZ.exe	upx
C:\Windows\System\aiEBWRg.exe	upx
behavioral2/memory/3852-61-0x00007FF61BD90000-0x00007FF61C0E4000-memory.dmp	upx
behavioral2/memory/1320-60-0x00007FF69FED0000-0x00007FF6A0224000-memory.dmp	upx
C:\Windows\System\UvAWdZK.exe	upx
behavioral2/memory/2056-71-0x00007FF76F520000-0x00007FF76F874000-memory.dmp	upx
behavioral2/memory/4624-68-0x00007FF6B9430000-0x00007FF6B9784000-memory.dmp	upx
behavioral2/memory/4600-64-0x00007FF797290000-0x00007FF7975E4000-memory.dmp	upx
behavioral2/memory/328-74-0x00007FF603DA0000-0x00007FF6040F4000-memory.dmp	upx
C:\Windows\System\PmhSPrk.exe	upx
behavioral2/memory/1336-81-0x00007FF7FE3A0000-0x00007FF7FE6F4000-memory.dmp	upx
C:\Windows\System\ssgqFCU.exe	upx
behavioral2/memory/548-84-0x00007FF715170000-0x00007FF7154C4000-memory.dmp	upx
behavioral2/memory/1560-82-0x00007FF72CD60000-0x00007FF72D0B4000-memory.dmp	upx
behavioral2/memory/3640-79-0x00007FF6D6D00000-0x00007FF6D7054000-memory.dmp	upx
behavioral2/memory/4292-89-0x00007FF731390000-0x00007FF7316E4000-memory.dmp	upx
behavioral2/memory/4176-91-0x00007FF7AF320000-0x00007FF7AF674000-memory.dmp	upx
C:\Windows\System\mlvwchw.exe	upx
behavioral2/memory/3668-92-0x00007FF72A0D0000-0x00007FF72A424000-memory.dmp	upx
behavioral2/memory/2264-97-0x00007FF74DEC0000-0x00007FF74E214000-memory.dmp	upx
behavioral2/memory/3892-100-0x00007FF60FBD0000-0x00007FF60FF24000-memory.dmp	upx
C:\Windows\System\WANYpKi.exe	upx
C:\Windows\System\nUZNvVI.exe	upx
behavioral2/memory/4812-115-0x00007FF7FB6A0000-0x00007FF7FB9F4000-memory.dmp	upx
C:\Windows\System\ckcImRN.exe	upx
behavioral2/memory/4164-128-0x00007FF695B90000-0x00007FF695EE4000-memory.dmp	upx
C:\Windows\System\aOawaGY.exe	upx
C:\Windows\System\dWXyfTS.exe	upx
behavioral2/memory/1656-133-0x00007FF6BAE80000-0x00007FF6BB1D4000-memory.dmp	upx
C:\Windows\System\hmuDNUs.exe	upx
behavioral2/memory/2056-125-0x00007FF76F520000-0x00007FF76F874000-memory.dmp	upx
C:\Windows\System\KcQDdeY.exe	upx
behavioral2/memory/3696-112-0x00007FF723120000-0x00007FF723474000-memory.dmp	upx
behavioral2/memory/3852-106-0x00007FF61BD90000-0x00007FF61C0E4000-memory.dmp	upx
behavioral2/memory/4068-104-0x00007FF6E6F10000-0x00007FF6E7264000-memory.dmp	upx
behavioral2/memory/1336-142-0x00007FF7FE3A0000-0x00007FF7FE6F4000-memory.dmp	upx
behavioral2/memory/4464-148-0x00007FF74AC40000-0x00007FF74AF94000-memory.dmp	upx
behavioral2/memory/2116-159-0x00007FF609160000-0x00007FF6094B4000-memory.dmp	upx
C:\Windows\System\UYXveae.exe	upx
behavioral2/memory/3668-158-0x00007FF72A0D0000-0x00007FF72A424000-memory.dmp	upx
C:\Windows\System\MxzKvxa.exe	upx
behavioral2/memory/4044-152-0x00007FF65BFD0000-0x00007FF65C324000-memory.dmp	upx
C:\Windows\System\juIoWlx.exe	upx
behavioral2/memory/4524-145-0x00007FF6B44A0000-0x00007FF6B47F4000-memory.dmp	upx
behavioral2/memory/1560-144-0x00007FF72CD60000-0x00007FF72D0B4000-memory.dmp	upx
behavioral2/memory/1584-139-0x00007FF646E00000-0x00007FF647154000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\WdkNOHY.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLVFchC.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtEvEdg.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJODDfq.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPtVOsd.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qlUfstc.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrNtSvH.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOiMABy.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InnrDry.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YhTkmQy.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DzIasJy.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IgUKiPw.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZpjybVS.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLUmooj.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pATVQpE.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WnxodTv.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sVOfFnd.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rKXKMnE.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzMcLAT.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYeXQNH.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTxBIFD.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHhaSyq.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yXCqnKt.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\syMhJMY.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EuPTEOE.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cDheWGf.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwheRRC.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJXAUKK.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pBXYDNJ.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\deiJlHX.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\quFyaVg.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zsFGwvi.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IUeVvav.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcAoLcI.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lePEVyG.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmclWrz.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IxuePTu.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpIbIds.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywdfDwC.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EbedVeJ.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVoruIM.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PvCVgOq.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\asYdQUO.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTEDFYR.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WnMJbuU.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdhymES.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxPHMss.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DaqNQaZ.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPXVXyV.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jEvWGgq.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNNVTLI.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGAAgMm.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EtlESVE.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIOplSR.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yUlTeaX.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bKIEDFt.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nAyiAvi.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGrHIHX.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGOlrCu.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yiFeIQF.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyjDhxM.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaZrVUa.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBmlBqG.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rEePZBK.exe	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 1320 wrote to memory of 4600	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	ZFpamoW.exe
PID 1320 wrote to memory of 4600	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	ZFpamoW.exe
PID 1320 wrote to memory of 4624	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	WvxSZgA.exe
PID 1320 wrote to memory of 4624	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	WvxSZgA.exe
PID 1320 wrote to memory of 328	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	ZpHnbyy.exe
PID 1320 wrote to memory of 328	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	ZpHnbyy.exe
PID 1320 wrote to memory of 3640	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	YnCcgHw.exe
PID 1320 wrote to memory of 3640	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	YnCcgHw.exe
PID 1320 wrote to memory of 548	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	cdKChsT.exe
PID 1320 wrote to memory of 548	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	cdKChsT.exe
PID 1320 wrote to memory of 4292	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	TJOmEfu.exe
PID 1320 wrote to memory of 4292	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	TJOmEfu.exe
PID 1320 wrote to memory of 4176	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	EeoZVZi.exe
PID 1320 wrote to memory of 4176	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	EeoZVZi.exe
PID 1320 wrote to memory of 2264	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	kErlcIZ.exe
PID 1320 wrote to memory of 2264	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	kErlcIZ.exe
PID 1320 wrote to memory of 4068	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	FPYKFao.exe
PID 1320 wrote to memory of 4068	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	FPYKFao.exe
PID 1320 wrote to memory of 3852	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	aiEBWRg.exe
PID 1320 wrote to memory of 3852	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	aiEBWRg.exe
PID 1320 wrote to memory of 2056	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	UvAWdZK.exe
PID 1320 wrote to memory of 2056	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	UvAWdZK.exe
PID 1320 wrote to memory of 1336	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	PmhSPrk.exe
PID 1320 wrote to memory of 1336	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	PmhSPrk.exe
PID 1320 wrote to memory of 1560	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	ssgqFCU.exe
PID 1320 wrote to memory of 1560	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	ssgqFCU.exe
PID 1320 wrote to memory of 3668	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	mlvwchw.exe
PID 1320 wrote to memory of 3668	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	mlvwchw.exe
PID 1320 wrote to memory of 3892	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	WANYpKi.exe
PID 1320 wrote to memory of 3892	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	WANYpKi.exe
PID 1320 wrote to memory of 3696	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	nUZNvVI.exe
PID 1320 wrote to memory of 3696	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	nUZNvVI.exe
PID 1320 wrote to memory of 4812	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	KcQDdeY.exe
PID 1320 wrote to memory of 4812	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	KcQDdeY.exe
PID 1320 wrote to memory of 4164	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	ckcImRN.exe
PID 1320 wrote to memory of 4164	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	ckcImRN.exe
PID 1320 wrote to memory of 1656	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	hmuDNUs.exe
PID 1320 wrote to memory of 1656	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	hmuDNUs.exe
PID 1320 wrote to memory of 1584	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	aOawaGY.exe
PID 1320 wrote to memory of 1584	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	aOawaGY.exe
PID 1320 wrote to memory of 4524	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	dWXyfTS.exe
PID 1320 wrote to memory of 4524	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	dWXyfTS.exe
PID 1320 wrote to memory of 4464	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	juIoWlx.exe
PID 1320 wrote to memory of 4464	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	juIoWlx.exe
PID 1320 wrote to memory of 4044	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	MxzKvxa.exe
PID 1320 wrote to memory of 4044	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	MxzKvxa.exe
PID 1320 wrote to memory of 2116	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	UYXveae.exe
PID 1320 wrote to memory of 2116	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	UYXveae.exe
PID 1320 wrote to memory of 4304	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	uTbkivg.exe
PID 1320 wrote to memory of 4304	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	uTbkivg.exe
PID 1320 wrote to memory of 5036	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	TaQOsqZ.exe
PID 1320 wrote to memory of 5036	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	TaQOsqZ.exe
PID 1320 wrote to memory of 4644	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	XxvRoNE.exe
PID 1320 wrote to memory of 4644	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	XxvRoNE.exe
PID 1320 wrote to memory of 1284	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	sDOOSoA.exe
PID 1320 wrote to memory of 1284	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	sDOOSoA.exe
PID 1320 wrote to memory of 1192	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	agFZVNb.exe
PID 1320 wrote to memory of 1192	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	agFZVNb.exe
PID 1320 wrote to memory of 4904	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	xNPUfQy.exe
PID 1320 wrote to memory of 4904	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	xNPUfQy.exe
PID 1320 wrote to memory of 1660	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	ZQcdNIo.exe
PID 1320 wrote to memory of 1660	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	ZQcdNIo.exe
PID 1320 wrote to memory of 2484	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	iOZvLEW.exe
PID 1320 wrote to memory of 2484	1320	2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe	iOZvLEW.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-22_dc3958322836c61461821b783c09794a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Windows\System\ZFpamoW.exe
  C:\Windows\System\ZFpamoW.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\WvxSZgA.exe
  C:\Windows\System\WvxSZgA.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\ZpHnbyy.exe
  C:\Windows\System\ZpHnbyy.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\YnCcgHw.exe
  C:\Windows\System\YnCcgHw.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\cdKChsT.exe
  C:\Windows\System\cdKChsT.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\TJOmEfu.exe
  C:\Windows\System\TJOmEfu.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\EeoZVZi.exe
  C:\Windows\System\EeoZVZi.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\kErlcIZ.exe
  C:\Windows\System\kErlcIZ.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\FPYKFao.exe
  C:\Windows\System\FPYKFao.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\aiEBWRg.exe
  C:\Windows\System\aiEBWRg.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\UvAWdZK.exe
  C:\Windows\System\UvAWdZK.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\PmhSPrk.exe
  C:\Windows\System\PmhSPrk.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\ssgqFCU.exe
  C:\Windows\System\ssgqFCU.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\mlvwchw.exe
  C:\Windows\System\mlvwchw.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\WANYpKi.exe
  C:\Windows\System\WANYpKi.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\nUZNvVI.exe
  C:\Windows\System\nUZNvVI.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\KcQDdeY.exe
  C:\Windows\System\KcQDdeY.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\ckcImRN.exe
  C:\Windows\System\ckcImRN.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\hmuDNUs.exe
  C:\Windows\System\hmuDNUs.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\aOawaGY.exe
  C:\Windows\System\aOawaGY.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\dWXyfTS.exe
  C:\Windows\System\dWXyfTS.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\juIoWlx.exe
  C:\Windows\System\juIoWlx.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\MxzKvxa.exe
  C:\Windows\System\MxzKvxa.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\UYXveae.exe
  C:\Windows\System\UYXveae.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\uTbkivg.exe
  C:\Windows\System\uTbkivg.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\TaQOsqZ.exe
  C:\Windows\System\TaQOsqZ.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\XxvRoNE.exe
  C:\Windows\System\XxvRoNE.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\sDOOSoA.exe
  C:\Windows\System\sDOOSoA.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\agFZVNb.exe
  C:\Windows\System\agFZVNb.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\xNPUfQy.exe
  C:\Windows\System\xNPUfQy.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\ZQcdNIo.exe
  C:\Windows\System\ZQcdNIo.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\iOZvLEW.exe
  C:\Windows\System\iOZvLEW.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\IzjqttT.exe
  C:\Windows\System\IzjqttT.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\LhLirYs.exe
  C:\Windows\System\LhLirYs.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\vlMmLAI.exe
  C:\Windows\System\vlMmLAI.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\tHWqkJu.exe
  C:\Windows\System\tHWqkJu.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\uGcsxIf.exe
  C:\Windows\System\uGcsxIf.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\kFagvPg.exe
  C:\Windows\System\kFagvPg.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\YulOzIG.exe
  C:\Windows\System\YulOzIG.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\NpsAjav.exe
  C:\Windows\System\NpsAjav.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\FbuANAH.exe
  C:\Windows\System\FbuANAH.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\kNkFjKu.exe
  C:\Windows\System\kNkFjKu.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\CcjMsgu.exe
  C:\Windows\System\CcjMsgu.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\PJOAHty.exe
  C:\Windows\System\PJOAHty.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\wCnsHbN.exe
  C:\Windows\System\wCnsHbN.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\LOLJDbv.exe
  C:\Windows\System\LOLJDbv.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\KlEBHEB.exe
  C:\Windows\System\KlEBHEB.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\VaiRysO.exe
  C:\Windows\System\VaiRysO.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\xgGaRGS.exe
  C:\Windows\System\xgGaRGS.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\lhzmxsV.exe
  C:\Windows\System\lhzmxsV.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\BqlhQTf.exe
  C:\Windows\System\BqlhQTf.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\LNwXYor.exe
  C:\Windows\System\LNwXYor.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\PvZEhHR.exe
  C:\Windows\System\PvZEhHR.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\YkSeJoD.exe
  C:\Windows\System\YkSeJoD.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\BaVQPqe.exe
  C:\Windows\System\BaVQPqe.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\RARszzg.exe
  C:\Windows\System\RARszzg.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\UaZrVUa.exe
  C:\Windows\System\UaZrVUa.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\EsklNGl.exe
  C:\Windows\System\EsklNGl.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\sVxuvUn.exe
  C:\Windows\System\sVxuvUn.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\ywzAhpY.exe
  C:\Windows\System\ywzAhpY.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\WNRZURM.exe
  C:\Windows\System\WNRZURM.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\uTJwvXG.exe
  C:\Windows\System\uTJwvXG.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\IbcyfFM.exe
  C:\Windows\System\IbcyfFM.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\MsrKOMa.exe
  C:\Windows\System\MsrKOMa.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\kDDieMK.exe
  C:\Windows\System\kDDieMK.exe
  2⤵
  PID:4612
- C:\Windows\System\RGEaYvd.exe
  C:\Windows\System\RGEaYvd.exe
  2⤵
  PID:1100
- C:\Windows\System\MgraceW.exe
  C:\Windows\System\MgraceW.exe
  2⤵
  PID:2136
- C:\Windows\System\RghRKxf.exe
  C:\Windows\System\RghRKxf.exe
  2⤵
  PID:3116
- C:\Windows\System\QErqtBn.exe
  C:\Windows\System\QErqtBn.exe
  2⤵
  PID:1972
- C:\Windows\System\pjeeUtL.exe
  C:\Windows\System\pjeeUtL.exe
  2⤵
  PID:3324
- C:\Windows\System\UrIGbVa.exe
  C:\Windows\System\UrIGbVa.exe
  2⤵
  PID:3404
- C:\Windows\System\eZObkFL.exe
  C:\Windows\System\eZObkFL.exe
  2⤵
  PID:3784
- C:\Windows\System\ujJEohy.exe
  C:\Windows\System\ujJEohy.exe
  2⤵
  PID:3932
- C:\Windows\System\BzEEGnO.exe
  C:\Windows\System\BzEEGnO.exe
  2⤵
  PID:5068
- C:\Windows\System\NJIiqVe.exe
  C:\Windows\System\NJIiqVe.exe
  2⤵
  PID:2796
- C:\Windows\System\mXZBFws.exe
  C:\Windows\System\mXZBFws.exe
  2⤵
  PID:1232
- C:\Windows\System\SxFDNra.exe
  C:\Windows\System\SxFDNra.exe
  2⤵
  PID:4792
- C:\Windows\System\tVwBKcK.exe
  C:\Windows\System\tVwBKcK.exe
  2⤵
  PID:428
- C:\Windows\System\aWsZVyx.exe
  C:\Windows\System\aWsZVyx.exe
  2⤵
  PID:3480
- C:\Windows\System\dTXjeXl.exe
  C:\Windows\System\dTXjeXl.exe
  2⤵
  PID:3448
- C:\Windows\System\pATVQpE.exe
  C:\Windows\System\pATVQpE.exe
  2⤵
  PID:1064
- C:\Windows\System\PSrSiUf.exe
  C:\Windows\System\PSrSiUf.exe
  2⤵
  PID:3188
- C:\Windows\System\QlQeeyg.exe
  C:\Windows\System\QlQeeyg.exe
  2⤵
  PID:4664
- C:\Windows\System\SXooGFw.exe
  C:\Windows\System\SXooGFw.exe
  2⤵
  PID:5140
- C:\Windows\System\XeOrYnH.exe
  C:\Windows\System\XeOrYnH.exe
  2⤵
  PID:5168
- C:\Windows\System\GvauJvi.exe
  C:\Windows\System\GvauJvi.exe
  2⤵
  PID:5204
- C:\Windows\System\yykVqpy.exe
  C:\Windows\System\yykVqpy.exe
  2⤵
  PID:5232
- C:\Windows\System\wFaLcOu.exe
  C:\Windows\System\wFaLcOu.exe
  2⤵
  PID:5264
- C:\Windows\System\gmldNRi.exe
  C:\Windows\System\gmldNRi.exe
  2⤵
  PID:5292
- C:\Windows\System\KPtVOsd.exe
  C:\Windows\System\KPtVOsd.exe
  2⤵
  PID:5316
- C:\Windows\System\krwkAGD.exe
  C:\Windows\System\krwkAGD.exe
  2⤵
  PID:5348
- C:\Windows\System\ZoUYDJo.exe
  C:\Windows\System\ZoUYDJo.exe
  2⤵
  PID:5376
- C:\Windows\System\qtBLaZT.exe
  C:\Windows\System\qtBLaZT.exe
  2⤵
  PID:5404
- C:\Windows\System\eECPxfA.exe
  C:\Windows\System\eECPxfA.exe
  2⤵
  PID:5432
- C:\Windows\System\esATjgb.exe
  C:\Windows\System\esATjgb.exe
  2⤵
  PID:5464
- C:\Windows\System\GviuqBH.exe
  C:\Windows\System\GviuqBH.exe
  2⤵
  PID:5484
- C:\Windows\System\WUEgAlo.exe
  C:\Windows\System\WUEgAlo.exe
  2⤵
  PID:5516
- C:\Windows\System\aMPEbBG.exe
  C:\Windows\System\aMPEbBG.exe
  2⤵
  PID:5544
- C:\Windows\System\KsRvNdp.exe
  C:\Windows\System\KsRvNdp.exe
  2⤵
  PID:5572
- C:\Windows\System\VXMMbCy.exe
  C:\Windows\System\VXMMbCy.exe
  2⤵
  PID:5616
- C:\Windows\System\sXfUYEH.exe
  C:\Windows\System\sXfUYEH.exe
  2⤵
  PID:5636
- C:\Windows\System\VXilLFV.exe
  C:\Windows\System\VXilLFV.exe
  2⤵
  PID:5676
- C:\Windows\System\yRCaQyc.exe
  C:\Windows\System\yRCaQyc.exe
  2⤵
  PID:5704
- C:\Windows\System\OSpdsAS.exe
  C:\Windows\System\OSpdsAS.exe
  2⤵
  PID:5736
- C:\Windows\System\zgIxywc.exe
  C:\Windows\System\zgIxywc.exe
  2⤵
  PID:5756
- C:\Windows\System\dQPaOTP.exe
  C:\Windows\System\dQPaOTP.exe
  2⤵
  PID:5788
- C:\Windows\System\hMfEIzq.exe
  C:\Windows\System\hMfEIzq.exe
  2⤵
  PID:5816
- C:\Windows\System\jiIGbos.exe
  C:\Windows\System\jiIGbos.exe
  2⤵
  PID:5848
- C:\Windows\System\uTcvzZB.exe
  C:\Windows\System\uTcvzZB.exe
  2⤵
  PID:5872
- C:\Windows\System\QqmtPYL.exe
  C:\Windows\System\QqmtPYL.exe
  2⤵
  PID:5900
- C:\Windows\System\VVSDrIW.exe
  C:\Windows\System\VVSDrIW.exe
  2⤵
  PID:5920
- C:\Windows\System\RvjDfOt.exe
  C:\Windows\System\RvjDfOt.exe
  2⤵
  PID:5948
- C:\Windows\System\nIJmntW.exe
  C:\Windows\System\nIJmntW.exe
  2⤵
  PID:5976
- C:\Windows\System\UPKaLwt.exe
  C:\Windows\System\UPKaLwt.exe
  2⤵
  PID:6008
- C:\Windows\System\otTGilR.exe
  C:\Windows\System\otTGilR.exe
  2⤵
  PID:6032
- C:\Windows\System\KmKAkKE.exe
  C:\Windows\System\KmKAkKE.exe
  2⤵
  PID:6064
- C:\Windows\System\DBmlBqG.exe
  C:\Windows\System\DBmlBqG.exe
  2⤵
  PID:6104
- C:\Windows\System\moLZsZA.exe
  C:\Windows\System\moLZsZA.exe
  2⤵
  PID:6132
- C:\Windows\System\govLTMh.exe
  C:\Windows\System\govLTMh.exe
  2⤵
  PID:5136
- C:\Windows\System\pwVfGAR.exe
  C:\Windows\System\pwVfGAR.exe
  2⤵
  PID:5260
- C:\Windows\System\vfNzuUH.exe
  C:\Windows\System\vfNzuUH.exe
  2⤵
  PID:2328
- C:\Windows\System\puQFvsh.exe
  C:\Windows\System\puQFvsh.exe
  2⤵
  PID:5368
- C:\Windows\System\jtFhSPW.exe
  C:\Windows\System\jtFhSPW.exe
  2⤵
  PID:5416
- C:\Windows\System\YBfqoUP.exe
  C:\Windows\System\YBfqoUP.exe
  2⤵
  PID:5472
- C:\Windows\System\jRxdquK.exe
  C:\Windows\System\jRxdquK.exe
  2⤵
  PID:5504
- C:\Windows\System\cOGSjgG.exe
  C:\Windows\System\cOGSjgG.exe
  2⤵
  PID:3120
- C:\Windows\System\syMhJMY.exe
  C:\Windows\System\syMhJMY.exe
  2⤵
  PID:5536
- C:\Windows\System\iSeacIT.exe
  C:\Windows\System\iSeacIT.exe
  2⤵
  PID:5628
- C:\Windows\System\sqdRdXo.exe
  C:\Windows\System\sqdRdXo.exe
  2⤵
  PID:5692
- C:\Windows\System\lMAHugA.exe
  C:\Windows\System\lMAHugA.exe
  2⤵
  PID:5744
- C:\Windows\System\GukVPLm.exe
  C:\Windows\System\GukVPLm.exe
  2⤵
  PID:5824
- C:\Windows\System\NkTnduv.exe
  C:\Windows\System\NkTnduv.exe
  2⤵
  PID:5884
- C:\Windows\System\AapHDhm.exe
  C:\Windows\System\AapHDhm.exe
  2⤵
  PID:5916
- C:\Windows\System\dTGZELZ.exe
  C:\Windows\System\dTGZELZ.exe
  2⤵
  PID:5968
- C:\Windows\System\WTOhdxw.exe
  C:\Windows\System\WTOhdxw.exe
  2⤵
  PID:6028
- C:\Windows\System\fyzKKbU.exe
  C:\Windows\System\fyzKKbU.exe
  2⤵
  PID:6092
- C:\Windows\System\JEIYfmZ.exe
  C:\Windows\System\JEIYfmZ.exe
  2⤵
  PID:5128
- C:\Windows\System\UkGJMOy.exe
  C:\Windows\System\UkGJMOy.exe
  2⤵
  PID:5360
- C:\Windows\System\WXGqlTS.exe
  C:\Windows\System\WXGqlTS.exe
  2⤵
  PID:5460
- C:\Windows\System\jiNzyRt.exe
  C:\Windows\System\jiNzyRt.exe
  2⤵
  PID:760
- C:\Windows\System\YWmkalA.exe
  C:\Windows\System\YWmkalA.exe
  2⤵
  PID:5564
- C:\Windows\System\Lttwkzs.exe
  C:\Windows\System\Lttwkzs.exe
  2⤵
  PID:5716
- C:\Windows\System\BdbEciG.exe
  C:\Windows\System\BdbEciG.exe
  2⤵
  PID:5868
- C:\Windows\System\sRrJKTw.exe
  C:\Windows\System\sRrJKTw.exe
  2⤵
  PID:5988
- C:\Windows\System\rfxdvwR.exe
  C:\Windows\System\rfxdvwR.exe
  2⤵
  PID:1596
- C:\Windows\System\xbmdpUV.exe
  C:\Windows\System\xbmdpUV.exe
  2⤵
  PID:5304
- C:\Windows\System\UxupYhI.exe
  C:\Windows\System\UxupYhI.exe
  2⤵
  PID:4648
- C:\Windows\System\cvtfyfZ.exe
  C:\Windows\System\cvtfyfZ.exe
  2⤵
  PID:5796
- C:\Windows\System\SiqhjRK.exe
  C:\Windows\System\SiqhjRK.exe
  2⤵
  PID:5240
- C:\Windows\System\npqSUvT.exe
  C:\Windows\System\npqSUvT.exe
  2⤵
  PID:5648
- C:\Windows\System\qlUfstc.exe
  C:\Windows\System\qlUfstc.exe
  2⤵
  PID:6128
- C:\Windows\System\doSsoop.exe
  C:\Windows\System\doSsoop.exe
  2⤵
  PID:1548
- C:\Windows\System\oEHAAHV.exe
  C:\Windows\System\oEHAAHV.exe
  2⤵
  PID:6168
- C:\Windows\System\JPzhXoU.exe
  C:\Windows\System\JPzhXoU.exe
  2⤵
  PID:6200
- C:\Windows\System\OJSshsa.exe
  C:\Windows\System\OJSshsa.exe
  2⤵
  PID:6224
- C:\Windows\System\fmuJJqh.exe
  C:\Windows\System\fmuJJqh.exe
  2⤵
  PID:6252
- C:\Windows\System\fwmnFLj.exe
  C:\Windows\System\fwmnFLj.exe
  2⤵
  PID:6284
- C:\Windows\System\tgFNDWy.exe
  C:\Windows\System\tgFNDWy.exe
  2⤵
  PID:6316
- C:\Windows\System\ZWckCCr.exe
  C:\Windows\System\ZWckCCr.exe
  2⤵
  PID:6340
- C:\Windows\System\DfIxHEH.exe
  C:\Windows\System\DfIxHEH.exe
  2⤵
  PID:6368
- C:\Windows\System\OGVYkIy.exe
  C:\Windows\System\OGVYkIy.exe
  2⤵
  PID:6396
- C:\Windows\System\OOYrpqA.exe
  C:\Windows\System\OOYrpqA.exe
  2⤵
  PID:6436
- C:\Windows\System\tGuwZwu.exe
  C:\Windows\System\tGuwZwu.exe
  2⤵
  PID:6460
- C:\Windows\System\MhyciHS.exe
  C:\Windows\System\MhyciHS.exe
  2⤵
  PID:6492
- C:\Windows\System\iDolKCh.exe
  C:\Windows\System\iDolKCh.exe
  2⤵
  PID:6512
- C:\Windows\System\pFWBPrI.exe
  C:\Windows\System\pFWBPrI.exe
  2⤵
  PID:6544
- C:\Windows\System\NtZcEcs.exe
  C:\Windows\System\NtZcEcs.exe
  2⤵
  PID:6572
- C:\Windows\System\YimKfWt.exe
  C:\Windows\System\YimKfWt.exe
  2⤵
  PID:6608
- C:\Windows\System\PTpVLIx.exe
  C:\Windows\System\PTpVLIx.exe
  2⤵
  PID:6624
- C:\Windows\System\yPozTBr.exe
  C:\Windows\System\yPozTBr.exe
  2⤵
  PID:6660
- C:\Windows\System\pEDBuIt.exe
  C:\Windows\System\pEDBuIt.exe
  2⤵
  PID:6692
- C:\Windows\System\RmFYzXH.exe
  C:\Windows\System\RmFYzXH.exe
  2⤵
  PID:6724
- C:\Windows\System\YMvqVUU.exe
  C:\Windows\System\YMvqVUU.exe
  2⤵
  PID:6752
- C:\Windows\System\SkdsXBg.exe
  C:\Windows\System\SkdsXBg.exe
  2⤵
  PID:6784
- C:\Windows\System\WIBXKMb.exe
  C:\Windows\System\WIBXKMb.exe
  2⤵
  PID:6800
- C:\Windows\System\tvaGDQE.exe
  C:\Windows\System\tvaGDQE.exe
  2⤵
  PID:6836
- C:\Windows\System\gJSkaXs.exe
  C:\Windows\System\gJSkaXs.exe
  2⤵
  PID:6856
- C:\Windows\System\LMafLxI.exe
  C:\Windows\System\LMafLxI.exe
  2⤵
  PID:6892
- C:\Windows\System\QkGfVld.exe
  C:\Windows\System\QkGfVld.exe
  2⤵
  PID:6920
- C:\Windows\System\XMaMkQa.exe
  C:\Windows\System\XMaMkQa.exe
  2⤵
  PID:6948
- C:\Windows\System\bDhHbfZ.exe
  C:\Windows\System\bDhHbfZ.exe
  2⤵
  PID:6976
- C:\Windows\System\iFbyvCa.exe
  C:\Windows\System\iFbyvCa.exe
  2⤵
  PID:7004
- C:\Windows\System\pQVlbZu.exe
  C:\Windows\System\pQVlbZu.exe
  2⤵
  PID:7036
- C:\Windows\System\eXxjviO.exe
  C:\Windows\System\eXxjviO.exe
  2⤵
  PID:7060
- C:\Windows\System\UZrZnPh.exe
  C:\Windows\System\UZrZnPh.exe
  2⤵
  PID:7088
- C:\Windows\System\WdkNOHY.exe
  C:\Windows\System\WdkNOHY.exe
  2⤵
  PID:7116
- C:\Windows\System\bhyheIT.exe
  C:\Windows\System\bhyheIT.exe
  2⤵
  PID:7148
- C:\Windows\System\zkWqIuT.exe
  C:\Windows\System\zkWqIuT.exe
  2⤵
  PID:6148
- C:\Windows\System\YMzLKgH.exe
  C:\Windows\System\YMzLKgH.exe
  2⤵
  PID:6208
- C:\Windows\System\lzSIkRw.exe
  C:\Windows\System\lzSIkRw.exe
  2⤵
  PID:1028
- C:\Windows\System\CPbXcfo.exe
  C:\Windows\System\CPbXcfo.exe
  2⤵
  PID:6300
- C:\Windows\System\IJTlwVi.exe
  C:\Windows\System\IJTlwVi.exe
  2⤵
  PID:6380
- C:\Windows\System\fcBPJXC.exe
  C:\Windows\System\fcBPJXC.exe
  2⤵
  PID:6452
- C:\Windows\System\FmSQdLw.exe
  C:\Windows\System\FmSQdLw.exe
  2⤵
  PID:6500
- C:\Windows\System\BorpQDw.exe
  C:\Windows\System\BorpQDw.exe
  2⤵
  PID:6580
- C:\Windows\System\uoJJknY.exe
  C:\Windows\System\uoJJknY.exe
  2⤵
  PID:6588
- C:\Windows\System\MEgssCw.exe
  C:\Windows\System\MEgssCw.exe
  2⤵
  PID:6676
- C:\Windows\System\EpBqEoE.exe
  C:\Windows\System\EpBqEoE.exe
  2⤵
  PID:6740
- C:\Windows\System\bwkrYkG.exe
  C:\Windows\System\bwkrYkG.exe
  2⤵
  PID:6796
- C:\Windows\System\tjFuPOl.exe
  C:\Windows\System\tjFuPOl.exe
  2⤵
  PID:6868
- C:\Windows\System\uwaPWgB.exe
  C:\Windows\System\uwaPWgB.exe
  2⤵
  PID:6932
- C:\Windows\System\zsFGwvi.exe
  C:\Windows\System\zsFGwvi.exe
  2⤵
  PID:6988
- C:\Windows\System\AhWbWuM.exe
  C:\Windows\System\AhWbWuM.exe
  2⤵
  PID:7048
- C:\Windows\System\imwwguL.exe
  C:\Windows\System\imwwguL.exe
  2⤵
  PID:7108
- C:\Windows\System\uHJFKFB.exe
  C:\Windows\System\uHJFKFB.exe
  2⤵
  PID:7160
- C:\Windows\System\SopNGqb.exe
  C:\Windows\System\SopNGqb.exe
  2⤵
  PID:2148
- C:\Windows\System\dqAVwWI.exe
  C:\Windows\System\dqAVwWI.exe
  2⤵
  PID:6360
- C:\Windows\System\ewYElxW.exe
  C:\Windows\System\ewYElxW.exe
  2⤵
  PID:6524
- C:\Windows\System\GumtlSf.exe
  C:\Windows\System\GumtlSf.exe
  2⤵
  PID:6668
- C:\Windows\System\wMzdavK.exe
  C:\Windows\System\wMzdavK.exe
  2⤵
  PID:6820
- C:\Windows\System\wQJhxKm.exe
  C:\Windows\System\wQJhxKm.exe
  2⤵
  PID:6916
- C:\Windows\System\UsVEmJH.exe
  C:\Windows\System\UsVEmJH.exe
  2⤵
  PID:7032
- C:\Windows\System\sKPAkkx.exe
  C:\Windows\System\sKPAkkx.exe
  2⤵
  PID:6180
- C:\Windows\System\aFqFXgJ.exe
  C:\Windows\System\aFqFXgJ.exe
  2⤵
  PID:6416
- C:\Windows\System\oNDsKED.exe
  C:\Windows\System\oNDsKED.exe
  2⤵
  PID:6736
- C:\Windows\System\lwvWmLn.exe
  C:\Windows\System\lwvWmLn.exe
  2⤵
  PID:7072
- C:\Windows\System\vWHeDQd.exe
  C:\Windows\System\vWHeDQd.exe
  2⤵
  PID:6292
- C:\Windows\System\gLihZyb.exe
  C:\Windows\System\gLihZyb.exe
  2⤵
  PID:7128
- C:\Windows\System\rLdcJbT.exe
  C:\Windows\System\rLdcJbT.exe
  2⤵
  PID:7172
- C:\Windows\System\UtLAyCj.exe
  C:\Windows\System\UtLAyCj.exe
  2⤵
  PID:7200
- C:\Windows\System\owUmWmG.exe
  C:\Windows\System\owUmWmG.exe
  2⤵
  PID:7232
- C:\Windows\System\yizitha.exe
  C:\Windows\System\yizitha.exe
  2⤵
  PID:7256
- C:\Windows\System\KNmrglk.exe
  C:\Windows\System\KNmrglk.exe
  2⤵
  PID:7284
- C:\Windows\System\rHbuGkG.exe
  C:\Windows\System\rHbuGkG.exe
  2⤵
  PID:7312
- C:\Windows\System\kbZjYbt.exe
  C:\Windows\System\kbZjYbt.exe
  2⤵
  PID:7340
- C:\Windows\System\qkyfGms.exe
  C:\Windows\System\qkyfGms.exe
  2⤵
  PID:7400
- C:\Windows\System\ssFyrEv.exe
  C:\Windows\System\ssFyrEv.exe
  2⤵
  PID:7428
- C:\Windows\System\cxPHMss.exe
  C:\Windows\System\cxPHMss.exe
  2⤵
  PID:7456
- C:\Windows\System\IelPBWq.exe
  C:\Windows\System\IelPBWq.exe
  2⤵
  PID:7496
- C:\Windows\System\vOcDLQr.exe
  C:\Windows\System\vOcDLQr.exe
  2⤵
  PID:7556
- C:\Windows\System\XPgCEVp.exe
  C:\Windows\System\XPgCEVp.exe
  2⤵
  PID:7596
- C:\Windows\System\WnxodTv.exe
  C:\Windows\System\WnxodTv.exe
  2⤵
  PID:7616
- C:\Windows\System\NvlzUPs.exe
  C:\Windows\System\NvlzUPs.exe
  2⤵
  PID:7644
- C:\Windows\System\nxlgSRL.exe
  C:\Windows\System\nxlgSRL.exe
  2⤵
  PID:7672
- C:\Windows\System\cDheWGf.exe
  C:\Windows\System\cDheWGf.exe
  2⤵
  PID:7708
- C:\Windows\System\NLqACNc.exe
  C:\Windows\System\NLqACNc.exe
  2⤵
  PID:7728
- C:\Windows\System\uIOCisf.exe
  C:\Windows\System\uIOCisf.exe
  2⤵
  PID:7756
- C:\Windows\System\PvCVgOq.exe
  C:\Windows\System\PvCVgOq.exe
  2⤵
  PID:7784
- C:\Windows\System\uDWOeQx.exe
  C:\Windows\System\uDWOeQx.exe
  2⤵
  PID:7812
- C:\Windows\System\qLVFchC.exe
  C:\Windows\System\qLVFchC.exe
  2⤵
  PID:7844
- C:\Windows\System\mHfotJy.exe
  C:\Windows\System\mHfotJy.exe
  2⤵
  PID:7872
- C:\Windows\System\yFwppkb.exe
  C:\Windows\System\yFwppkb.exe
  2⤵
  PID:7900
- C:\Windows\System\YTGunTJ.exe
  C:\Windows\System\YTGunTJ.exe
  2⤵
  PID:7928
- C:\Windows\System\bUGLoFF.exe
  C:\Windows\System\bUGLoFF.exe
  2⤵
  PID:7960
- C:\Windows\System\MoBCXVb.exe
  C:\Windows\System\MoBCXVb.exe
  2⤵
  PID:7992
- C:\Windows\System\sQSeayp.exe
  C:\Windows\System\sQSeayp.exe
  2⤵
  PID:8020
- C:\Windows\System\YRKdYeT.exe
  C:\Windows\System\YRKdYeT.exe
  2⤵
  PID:8048
- C:\Windows\System\reXDmya.exe
  C:\Windows\System\reXDmya.exe
  2⤵
  PID:8076
- C:\Windows\System\AYpmUzf.exe
  C:\Windows\System\AYpmUzf.exe
  2⤵
  PID:8112
- C:\Windows\System\HnWxYbi.exe
  C:\Windows\System\HnWxYbi.exe
  2⤵
  PID:8132
- C:\Windows\System\aAQuJaN.exe
  C:\Windows\System\aAQuJaN.exe
  2⤵
  PID:8160
- C:\Windows\System\JxgoYxj.exe
  C:\Windows\System\JxgoYxj.exe
  2⤵
  PID:8188
- C:\Windows\System\dbGxcUE.exe
  C:\Windows\System\dbGxcUE.exe
  2⤵
  PID:7228
- C:\Windows\System\XqKncuq.exe
  C:\Windows\System\XqKncuq.exe
  2⤵
  PID:7296
- C:\Windows\System\eZFjvVu.exe
  C:\Windows\System\eZFjvVu.exe
  2⤵
  PID:1156
- C:\Windows\System\LHIWTIR.exe
  C:\Windows\System\LHIWTIR.exe
  2⤵
  PID:7408
- C:\Windows\System\ZvULVyq.exe
  C:\Windows\System\ZvULVyq.exe
  2⤵
  PID:7492
- C:\Windows\System\tkkerou.exe
  C:\Windows\System\tkkerou.exe
  2⤵
  PID:7576
- C:\Windows\System\MaypzoC.exe
  C:\Windows\System\MaypzoC.exe
  2⤵
  PID:7592
- C:\Windows\System\iPZdLDm.exe
  C:\Windows\System\iPZdLDm.exe
  2⤵
  PID:7640
- C:\Windows\System\hxguPoF.exe
  C:\Windows\System\hxguPoF.exe
  2⤵
  PID:7716
- C:\Windows\System\FIzWEtA.exe
  C:\Windows\System\FIzWEtA.exe
  2⤵
  PID:6564
- C:\Windows\System\ZGckiPO.exe
  C:\Windows\System\ZGckiPO.exe
  2⤵
  PID:7836
- C:\Windows\System\jDMWKsw.exe
  C:\Windows\System\jDMWKsw.exe
  2⤵
  PID:7884
- C:\Windows\System\lNIRtNW.exe
  C:\Windows\System\lNIRtNW.exe
  2⤵
  PID:7924
- C:\Windows\System\zYlwaqR.exe
  C:\Windows\System\zYlwaqR.exe
  2⤵
  PID:2508
- C:\Windows\System\SHGdVfu.exe
  C:\Windows\System\SHGdVfu.exe
  2⤵
  PID:3792
- C:\Windows\System\PQaPWaq.exe
  C:\Windows\System\PQaPWaq.exe
  2⤵
  PID:8088
- C:\Windows\System\sLWoXSG.exe
  C:\Windows\System\sLWoXSG.exe
  2⤵
  PID:8152
- C:\Windows\System\IMwCVkY.exe
  C:\Windows\System\IMwCVkY.exe
  2⤵
  PID:7212
- C:\Windows\System\goVeQxj.exe
  C:\Windows\System\goVeQxj.exe
  2⤵
  PID:2032
- C:\Windows\System\JJGwKgo.exe
  C:\Windows\System\JJGwKgo.exe
  2⤵
  PID:7544
- C:\Windows\System\IEmmUAy.exe
  C:\Windows\System\IEmmUAy.exe
  2⤵
  PID:7608
- C:\Windows\System\vVxxiCC.exe
  C:\Windows\System\vVxxiCC.exe
  2⤵
  PID:7752
- C:\Windows\System\QiSWAsv.exe
  C:\Windows\System\QiSWAsv.exe
  2⤵
  PID:4856
- C:\Windows\System\GfsIeOv.exe
  C:\Windows\System\GfsIeOv.exe
  2⤵
  PID:4976
- C:\Windows\System\uKufzVz.exe
  C:\Windows\System\uKufzVz.exe
  2⤵
  PID:8120
- C:\Windows\System\cvYiWUZ.exe
  C:\Windows\System\cvYiWUZ.exe
  2⤵
  PID:7348
- C:\Windows\System\krZPBLS.exe
  C:\Windows\System\krZPBLS.exe
  2⤵
  PID:7568
- C:\Windows\System\WjZxWIR.exe
  C:\Windows\System\WjZxWIR.exe
  2⤵
  PID:7976
- C:\Windows\System\YDGqCVr.exe
  C:\Windows\System\YDGqCVr.exe
  2⤵
  PID:7184
- C:\Windows\System\HvWWCdQ.exe
  C:\Windows\System\HvWWCdQ.exe
  2⤵
  PID:7748
- C:\Windows\System\VYmNDZE.exe
  C:\Windows\System\VYmNDZE.exe
  2⤵
  PID:3112
- C:\Windows\System\SyjmkCL.exe
  C:\Windows\System\SyjmkCL.exe
  2⤵
  PID:8208
- C:\Windows\System\Ojwzljc.exe
  C:\Windows\System\Ojwzljc.exe
  2⤵
  PID:8236
- C:\Windows\System\uysJUvr.exe
  C:\Windows\System\uysJUvr.exe
  2⤵
  PID:8264
- C:\Windows\System\dGcNrHG.exe
  C:\Windows\System\dGcNrHG.exe
  2⤵
  PID:8292
- C:\Windows\System\YvTWLBk.exe
  C:\Windows\System\YvTWLBk.exe
  2⤵
  PID:8320
- C:\Windows\System\ZgIAQaF.exe
  C:\Windows\System\ZgIAQaF.exe
  2⤵
  PID:8348
- C:\Windows\System\CCJXpDs.exe
  C:\Windows\System\CCJXpDs.exe
  2⤵
  PID:8380
- C:\Windows\System\juBBYaq.exe
  C:\Windows\System\juBBYaq.exe
  2⤵
  PID:8404
- C:\Windows\System\jOXcUYv.exe
  C:\Windows\System\jOXcUYv.exe
  2⤵
  PID:8432
- C:\Windows\System\uFMhvLP.exe
  C:\Windows\System\uFMhvLP.exe
  2⤵
  PID:8460
- C:\Windows\System\TUFJvlY.exe
  C:\Windows\System\TUFJvlY.exe
  2⤵
  PID:8488
- C:\Windows\System\qKDSROX.exe
  C:\Windows\System\qKDSROX.exe
  2⤵
  PID:8516
- C:\Windows\System\oTkjVJU.exe
  C:\Windows\System\oTkjVJU.exe
  2⤵
  PID:8548
- C:\Windows\System\txAMhKH.exe
  C:\Windows\System\txAMhKH.exe
  2⤵
  PID:8576
- C:\Windows\System\xarCEDZ.exe
  C:\Windows\System\xarCEDZ.exe
  2⤵
  PID:8604
- C:\Windows\System\YXEIQhN.exe
  C:\Windows\System\YXEIQhN.exe
  2⤵
  PID:8632
- C:\Windows\System\LZNKKHl.exe
  C:\Windows\System\LZNKKHl.exe
  2⤵
  PID:8660
- C:\Windows\System\cYvLhSR.exe
  C:\Windows\System\cYvLhSR.exe
  2⤵
  PID:8688
- C:\Windows\System\KonoUax.exe
  C:\Windows\System\KonoUax.exe
  2⤵
  PID:8716
- C:\Windows\System\oJCoCDR.exe
  C:\Windows\System\oJCoCDR.exe
  2⤵
  PID:8744
- C:\Windows\System\mHiZIPb.exe
  C:\Windows\System\mHiZIPb.exe
  2⤵
  PID:8772
- C:\Windows\System\HgbbQfl.exe
  C:\Windows\System\HgbbQfl.exe
  2⤵
  PID:8800
- C:\Windows\System\NNWsxtk.exe
  C:\Windows\System\NNWsxtk.exe
  2⤵
  PID:8828
- C:\Windows\System\ASPlzeM.exe
  C:\Windows\System\ASPlzeM.exe
  2⤵
  PID:8856
- C:\Windows\System\IZlocrt.exe
  C:\Windows\System\IZlocrt.exe
  2⤵
  PID:8884
- C:\Windows\System\sOKdFYw.exe
  C:\Windows\System\sOKdFYw.exe
  2⤵
  PID:8912
- C:\Windows\System\IUoJRid.exe
  C:\Windows\System\IUoJRid.exe
  2⤵
  PID:8940
- C:\Windows\System\hESHBDB.exe
  C:\Windows\System\hESHBDB.exe
  2⤵
  PID:8968
- C:\Windows\System\cJWobAk.exe
  C:\Windows\System\cJWobAk.exe
  2⤵
  PID:8996
- C:\Windows\System\axamFZr.exe
  C:\Windows\System\axamFZr.exe
  2⤵
  PID:9024
- C:\Windows\System\AAkHQxv.exe
  C:\Windows\System\AAkHQxv.exe
  2⤵
  PID:9052
- C:\Windows\System\iLHPyHJ.exe
  C:\Windows\System\iLHPyHJ.exe
  2⤵
  PID:9080
- C:\Windows\System\trapPyZ.exe
  C:\Windows\System\trapPyZ.exe
  2⤵
  PID:9108
- C:\Windows\System\mCqMRmX.exe
  C:\Windows\System\mCqMRmX.exe
  2⤵
  PID:9136
- C:\Windows\System\TqYepuh.exe
  C:\Windows\System\TqYepuh.exe
  2⤵
  PID:9168
- C:\Windows\System\sVOfFnd.exe
  C:\Windows\System\sVOfFnd.exe
  2⤵
  PID:9196
- C:\Windows\System\OsDzrAb.exe
  C:\Windows\System\OsDzrAb.exe
  2⤵
  PID:8200
- C:\Windows\System\oQXqVYz.exe
  C:\Windows\System\oQXqVYz.exe
  2⤵
  PID:7552
- C:\Windows\System\BVYtPGL.exe
  C:\Windows\System\BVYtPGL.exe
  2⤵
  PID:8392
- C:\Windows\System\bLHOICf.exe
  C:\Windows\System\bLHOICf.exe
  2⤵
  PID:8444
- C:\Windows\System\EThIqLJ.exe
  C:\Windows\System\EThIqLJ.exe
  2⤵
  PID:8508
- C:\Windows\System\FWukzkV.exe
  C:\Windows\System\FWukzkV.exe
  2⤵
  PID:8572
- C:\Windows\System\MlQMgSe.exe
  C:\Windows\System\MlQMgSe.exe
  2⤵
  PID:8628
- C:\Windows\System\WXIzJai.exe
  C:\Windows\System\WXIzJai.exe
  2⤵
  PID:8700
- C:\Windows\System\QuMfrHf.exe
  C:\Windows\System\QuMfrHf.exe
  2⤵
  PID:8764
- C:\Windows\System\GbtVQKw.exe
  C:\Windows\System\GbtVQKw.exe
  2⤵
  PID:8824
- C:\Windows\System\qXqyDjz.exe
  C:\Windows\System\qXqyDjz.exe
  2⤵
  PID:8880
- C:\Windows\System\fUzvXtz.exe
  C:\Windows\System\fUzvXtz.exe
  2⤵
  PID:8956
- C:\Windows\System\qbbtwpG.exe
  C:\Windows\System\qbbtwpG.exe
  2⤵
  PID:9016
- C:\Windows\System\erLjPZV.exe
  C:\Windows\System\erLjPZV.exe
  2⤵
  PID:1652
- C:\Windows\System\IGOlrCu.exe
  C:\Windows\System\IGOlrCu.exe
  2⤵
  PID:9128
- C:\Windows\System\tlhlUwv.exe
  C:\Windows\System\tlhlUwv.exe
  2⤵
  PID:9184
- C:\Windows\System\PrhwkpF.exe
  C:\Windows\System\PrhwkpF.exe
  2⤵
  PID:8256
- C:\Windows\System\obhHrJq.exe
  C:\Windows\System\obhHrJq.exe
  2⤵
  PID:7268
- C:\Windows\System\mtfZbMV.exe
  C:\Windows\System\mtfZbMV.exe
  2⤵
  PID:8368
- C:\Windows\System\EhMvUUQ.exe
  C:\Windows\System\EhMvUUQ.exe
  2⤵
  PID:8484
- C:\Windows\System\nHbeuvn.exe
  C:\Windows\System\nHbeuvn.exe
  2⤵
  PID:264
- C:\Windows\System\poJyUjM.exe
  C:\Windows\System\poJyUjM.exe
  2⤵
  PID:8756
- C:\Windows\System\TeOyJnN.exe
  C:\Windows\System\TeOyJnN.exe
  2⤵
  PID:8932
- C:\Windows\System\bbftDeD.exe
  C:\Windows\System\bbftDeD.exe
  2⤵
  PID:9100
- C:\Windows\System\TKtgtOh.exe
  C:\Windows\System\TKtgtOh.exe
  2⤵
  PID:9160
- C:\Windows\System\jxZBxKd.exe
  C:\Windows\System\jxZBxKd.exe
  2⤵
  PID:7448
- C:\Windows\System\qeEkByN.exe
  C:\Windows\System\qeEkByN.exe
  2⤵
  PID:8624
- C:\Windows\System\ftAHKoL.exe
  C:\Windows\System\ftAHKoL.exe
  2⤵
  PID:8908
- C:\Windows\System\DBemSiz.exe
  C:\Windows\System\DBemSiz.exe
  2⤵
  PID:8344
- C:\Windows\System\bKIEDFt.exe
  C:\Windows\System\bKIEDFt.exe
  2⤵
  PID:8600
- C:\Windows\System\brzeGhR.exe
  C:\Windows\System\brzeGhR.exe
  2⤵
  PID:7364
- C:\Windows\System\jxgxmNt.exe
  C:\Windows\System\jxgxmNt.exe
  2⤵
  PID:9156
- C:\Windows\System\JWwYeBe.exe
  C:\Windows\System\JWwYeBe.exe
  2⤵
  PID:9232
- C:\Windows\System\PUyMIYP.exe
  C:\Windows\System\PUyMIYP.exe
  2⤵
  PID:9260
- C:\Windows\System\uDFImaz.exe
  C:\Windows\System\uDFImaz.exe
  2⤵
  PID:9288
- C:\Windows\System\KjWMStc.exe
  C:\Windows\System\KjWMStc.exe
  2⤵
  PID:9316
- C:\Windows\System\QpygLAq.exe
  C:\Windows\System\QpygLAq.exe
  2⤵
  PID:9344
- C:\Windows\System\lIAIPOX.exe
  C:\Windows\System\lIAIPOX.exe
  2⤵
  PID:9372
- C:\Windows\System\JXqsTtK.exe
  C:\Windows\System\JXqsTtK.exe
  2⤵
  PID:9400
- C:\Windows\System\MvEQaia.exe
  C:\Windows\System\MvEQaia.exe
  2⤵
  PID:9428
- C:\Windows\System\pWNaXtY.exe
  C:\Windows\System\pWNaXtY.exe
  2⤵
  PID:9456
- C:\Windows\System\EcOsmpI.exe
  C:\Windows\System\EcOsmpI.exe
  2⤵
  PID:9484
- C:\Windows\System\OYLBbaz.exe
  C:\Windows\System\OYLBbaz.exe
  2⤵
  PID:9512
- C:\Windows\System\kCkPlvN.exe
  C:\Windows\System\kCkPlvN.exe
  2⤵
  PID:9540
- C:\Windows\System\EiIHiNE.exe
  C:\Windows\System\EiIHiNE.exe
  2⤵
  PID:9568
- C:\Windows\System\SvpAeyS.exe
  C:\Windows\System\SvpAeyS.exe
  2⤵
  PID:9596
- C:\Windows\System\fyizZKi.exe
  C:\Windows\System\fyizZKi.exe
  2⤵
  PID:9624
- C:\Windows\System\fQScaBt.exe
  C:\Windows\System\fQScaBt.exe
  2⤵
  PID:9652
- C:\Windows\System\zWLpirU.exe
  C:\Windows\System\zWLpirU.exe
  2⤵
  PID:9680
- C:\Windows\System\mxCFjoa.exe
  C:\Windows\System\mxCFjoa.exe
  2⤵
  PID:9708
- C:\Windows\System\gBNLzLB.exe
  C:\Windows\System\gBNLzLB.exe
  2⤵
  PID:9736
- C:\Windows\System\skFEtLS.exe
  C:\Windows\System\skFEtLS.exe
  2⤵
  PID:9764
- C:\Windows\System\nFSDsLa.exe
  C:\Windows\System\nFSDsLa.exe
  2⤵
  PID:9808
- C:\Windows\System\xKUBZqR.exe
  C:\Windows\System\xKUBZqR.exe
  2⤵
  PID:9824
- C:\Windows\System\HaiyRhi.exe
  C:\Windows\System\HaiyRhi.exe
  2⤵
  PID:9852
- C:\Windows\System\RIhwhHd.exe
  C:\Windows\System\RIhwhHd.exe
  2⤵
  PID:9880
- C:\Windows\System\VISdTrq.exe
  C:\Windows\System\VISdTrq.exe
  2⤵
  PID:9908
- C:\Windows\System\msCoHQY.exe
  C:\Windows\System\msCoHQY.exe
  2⤵
  PID:9940
- C:\Windows\System\yxsFyxf.exe
  C:\Windows\System\yxsFyxf.exe
  2⤵
  PID:9968
- C:\Windows\System\mePVpcM.exe
  C:\Windows\System\mePVpcM.exe
  2⤵
  PID:9996
- C:\Windows\System\TyaVTUY.exe
  C:\Windows\System\TyaVTUY.exe
  2⤵
  PID:10024
- C:\Windows\System\gpHDDpi.exe
  C:\Windows\System\gpHDDpi.exe
  2⤵
  PID:10052
- C:\Windows\System\KAqvppa.exe
  C:\Windows\System\KAqvppa.exe
  2⤵
  PID:10080
- C:\Windows\System\hCyQAAU.exe
  C:\Windows\System\hCyQAAU.exe
  2⤵
  PID:10108
- C:\Windows\System\EpnBxLQ.exe
  C:\Windows\System\EpnBxLQ.exe
  2⤵
  PID:10136
- C:\Windows\System\duhUlyl.exe
  C:\Windows\System\duhUlyl.exe
  2⤵
  PID:10164
- C:\Windows\System\tilMJRI.exe
  C:\Windows\System\tilMJRI.exe
  2⤵
  PID:10192
- C:\Windows\System\ickMYOa.exe
  C:\Windows\System\ickMYOa.exe
  2⤵
  PID:10220
- C:\Windows\System\wIDlpjO.exe
  C:\Windows\System\wIDlpjO.exe
  2⤵
  PID:9228
- C:\Windows\System\qrcIOWo.exe
  C:\Windows\System\qrcIOWo.exe
  2⤵
  PID:9300
- C:\Windows\System\tbwpYvE.exe
  C:\Windows\System\tbwpYvE.exe
  2⤵
  PID:9364
- C:\Windows\System\xRfFEgw.exe
  C:\Windows\System\xRfFEgw.exe
  2⤵
  PID:9448
- C:\Windows\System\POesWLI.exe
  C:\Windows\System\POesWLI.exe
  2⤵
  PID:9496
- C:\Windows\System\iYdNLST.exe
  C:\Windows\System\iYdNLST.exe
  2⤵
  PID:9560
- C:\Windows\System\FbsNhxU.exe
  C:\Windows\System\FbsNhxU.exe
  2⤵
  PID:9668
- C:\Windows\System\pEuKuun.exe
  C:\Windows\System\pEuKuun.exe
  2⤵
  PID:9700
- C:\Windows\System\UgslCpf.exe
  C:\Windows\System\UgslCpf.exe
  2⤵
  PID:9760
- C:\Windows\System\BupKlqP.exe
  C:\Windows\System\BupKlqP.exe
  2⤵
  PID:9820
- C:\Windows\System\qdzqicZ.exe
  C:\Windows\System\qdzqicZ.exe
  2⤵
  PID:9872
- C:\Windows\System\cKseAuE.exe
  C:\Windows\System\cKseAuE.exe
  2⤵
  PID:9932
- C:\Windows\System\KMRVBQp.exe
  C:\Windows\System\KMRVBQp.exe
  2⤵
  PID:9984
- C:\Windows\System\GzAWSeD.exe
  C:\Windows\System\GzAWSeD.exe
  2⤵
  PID:10044
- C:\Windows\System\KVQbuXH.exe
  C:\Windows\System\KVQbuXH.exe
  2⤵
  PID:10100
- C:\Windows\System\cDTNnmU.exe
  C:\Windows\System\cDTNnmU.exe
  2⤵
  PID:10180
- C:\Windows\System\JlkfGoV.exe
  C:\Windows\System\JlkfGoV.exe
  2⤵
  PID:9152
- C:\Windows\System\zDKfErA.exe
  C:\Windows\System\zDKfErA.exe
  2⤵
  PID:9392
- C:\Windows\System\FDPFVrb.exe
  C:\Windows\System\FDPFVrb.exe
  2⤵
  PID:9536
- C:\Windows\System\jEvWGgq.exe
  C:\Windows\System\jEvWGgq.exe
  2⤵
  PID:9696
- C:\Windows\System\McmLBKE.exe
  C:\Windows\System\McmLBKE.exe
  2⤵
  PID:9816
- C:\Windows\System\bgWTNyZ.exe
  C:\Windows\System\bgWTNyZ.exe
  2⤵
  PID:3192
- C:\Windows\System\mNWyiBB.exe
  C:\Windows\System\mNWyiBB.exe
  2⤵
  PID:10096
- C:\Windows\System\ByeZIci.exe
  C:\Windows\System\ByeZIci.exe
  2⤵
  PID:10236
- C:\Windows\System\mGomANR.exe
  C:\Windows\System\mGomANR.exe
  2⤵
  PID:9612
- C:\Windows\System\IouWCVF.exe
  C:\Windows\System\IouWCVF.exe
  2⤵
  PID:1888
- C:\Windows\System\buDvtKA.exe
  C:\Windows\System\buDvtKA.exe
  2⤵
  PID:10216
- C:\Windows\System\qZkMpGu.exe
  C:\Windows\System\qZkMpGu.exe
  2⤵
  PID:10040
- C:\Windows\System\RNbCkuC.exe
  C:\Windows\System\RNbCkuC.exe
  2⤵
  PID:9868
- C:\Windows\System\vxfvkeJ.exe
  C:\Windows\System\vxfvkeJ.exe
  2⤵
  PID:10264
- C:\Windows\System\KrexJDR.exe
  C:\Windows\System\KrexJDR.exe
  2⤵
  PID:10292
- C:\Windows\System\tQQQqiu.exe
  C:\Windows\System\tQQQqiu.exe
  2⤵
  PID:10320
- C:\Windows\System\HRwzajn.exe
  C:\Windows\System\HRwzajn.exe
  2⤵
  PID:10364
- C:\Windows\System\kfZPhbu.exe
  C:\Windows\System\kfZPhbu.exe
  2⤵
  PID:10392
- C:\Windows\System\lhazsaF.exe
  C:\Windows\System\lhazsaF.exe
  2⤵
  PID:10420
- C:\Windows\System\wuoCbqj.exe
  C:\Windows\System\wuoCbqj.exe
  2⤵
  PID:10448
- C:\Windows\System\cJXObuE.exe
  C:\Windows\System\cJXObuE.exe
  2⤵
  PID:10476
- C:\Windows\System\ARQjcra.exe
  C:\Windows\System\ARQjcra.exe
  2⤵
  PID:10504
- C:\Windows\System\cAQAtzL.exe
  C:\Windows\System\cAQAtzL.exe
  2⤵
  PID:10532
- C:\Windows\System\kYtuvSp.exe
  C:\Windows\System\kYtuvSp.exe
  2⤵
  PID:10560
- C:\Windows\System\WUCDWys.exe
  C:\Windows\System\WUCDWys.exe
  2⤵
  PID:10588
- C:\Windows\System\VPASFUK.exe
  C:\Windows\System\VPASFUK.exe
  2⤵
  PID:10616
- C:\Windows\System\KrxwGxz.exe
  C:\Windows\System\KrxwGxz.exe
  2⤵
  PID:10644
- C:\Windows\System\tIMjOfP.exe
  C:\Windows\System\tIMjOfP.exe
  2⤵
  PID:10672
- C:\Windows\System\ItKeioD.exe
  C:\Windows\System\ItKeioD.exe
  2⤵
  PID:10700
- C:\Windows\System\TRQGWtM.exe
  C:\Windows\System\TRQGWtM.exe
  2⤵
  PID:10728
- C:\Windows\System\XhuKAPl.exe
  C:\Windows\System\XhuKAPl.exe
  2⤵
  PID:10760
- C:\Windows\System\UVlgRBc.exe
  C:\Windows\System\UVlgRBc.exe
  2⤵
  PID:10788
- C:\Windows\System\pFQWYYs.exe
  C:\Windows\System\pFQWYYs.exe
  2⤵
  PID:10816
- C:\Windows\System\lPDagVV.exe
  C:\Windows\System\lPDagVV.exe
  2⤵
  PID:10844
- C:\Windows\System\EqiqYAc.exe
  C:\Windows\System\EqiqYAc.exe
  2⤵
  PID:10872
- C:\Windows\System\eiDAqTF.exe
  C:\Windows\System\eiDAqTF.exe
  2⤵
  PID:10900
- C:\Windows\System\GOHnAcT.exe
  C:\Windows\System\GOHnAcT.exe
  2⤵
  PID:10928
- C:\Windows\System\shphQeH.exe
  C:\Windows\System\shphQeH.exe
  2⤵
  PID:10960
- C:\Windows\System\jqlfuGD.exe
  C:\Windows\System\jqlfuGD.exe
  2⤵
  PID:10988
- C:\Windows\System\isdPWES.exe
  C:\Windows\System\isdPWES.exe
  2⤵
  PID:11016
- C:\Windows\System\vUSgkFt.exe
  C:\Windows\System\vUSgkFt.exe
  2⤵
  PID:11044
- C:\Windows\System\Zjdzoas.exe
  C:\Windows\System\Zjdzoas.exe
  2⤵
  PID:11072
- C:\Windows\System\GIOyKEQ.exe
  C:\Windows\System\GIOyKEQ.exe
  2⤵
  PID:11100
- C:\Windows\System\nxqpkyh.exe
  C:\Windows\System\nxqpkyh.exe
  2⤵
  PID:11128
- C:\Windows\System\rCsLuqc.exe
  C:\Windows\System\rCsLuqc.exe
  2⤵
  PID:11156
- C:\Windows\System\BalUZcw.exe
  C:\Windows\System\BalUZcw.exe
  2⤵
  PID:11184
- C:\Windows\System\JfvQtrn.exe
  C:\Windows\System\JfvQtrn.exe
  2⤵
  PID:11212
- C:\Windows\System\aRPaRQG.exe
  C:\Windows\System\aRPaRQG.exe
  2⤵
  PID:11240
- C:\Windows\System\mvhFlWz.exe
  C:\Windows\System\mvhFlWz.exe
  2⤵
  PID:10256
- C:\Windows\System\DbcfvdL.exe
  C:\Windows\System\DbcfvdL.exe
  2⤵
  PID:10316
- C:\Windows\System\EjvJZTo.exe
  C:\Windows\System\EjvJZTo.exe
  2⤵
  PID:3844
- C:\Windows\System\uMhqyyP.exe
  C:\Windows\System\uMhqyyP.exe
  2⤵
  PID:10464
- C:\Windows\System\llgufit.exe
  C:\Windows\System\llgufit.exe
  2⤵
  PID:10500
- C:\Windows\System\PNjyruk.exe
  C:\Windows\System\PNjyruk.exe
  2⤵
  PID:10556
- C:\Windows\System\FNHtqdA.exe
  C:\Windows\System\FNHtqdA.exe
  2⤵
  PID:10608
- C:\Windows\System\TFBOYzq.exe
  C:\Windows\System\TFBOYzq.exe
  2⤵
  PID:10668
- C:\Windows\System\DrzVIUW.exe
  C:\Windows\System\DrzVIUW.exe
  2⤵
  PID:10744
- C:\Windows\System\LpoGVwZ.exe
  C:\Windows\System\LpoGVwZ.exe
  2⤵
  PID:10808
- C:\Windows\System\OWcrwNd.exe
  C:\Windows\System\OWcrwNd.exe
  2⤵
  PID:10868
- C:\Windows\System\pCuuwUu.exe
  C:\Windows\System\pCuuwUu.exe
  2⤵
  PID:10952
- C:\Windows\System\VtmCwkk.exe
  C:\Windows\System\VtmCwkk.exe
  2⤵
  PID:11012
- C:\Windows\System\eiJICPh.exe
  C:\Windows\System\eiJICPh.exe
  2⤵
  PID:11088
- C:\Windows\System\lcFRcYZ.exe
  C:\Windows\System\lcFRcYZ.exe
  2⤵
  PID:11148
- C:\Windows\System\RMvnYBr.exe
  C:\Windows\System\RMvnYBr.exe
  2⤵
  PID:11208
- C:\Windows\System\OxdnLYc.exe
  C:\Windows\System\OxdnLYc.exe
  2⤵
  PID:10288
- C:\Windows\System\yxcgttL.exe
  C:\Windows\System\yxcgttL.exe
  2⤵
  PID:10440
- C:\Windows\System\AVXiIxC.exe
  C:\Windows\System\AVXiIxC.exe
  2⤵
  PID:10544
- C:\Windows\System\mPHdJhp.exe
  C:\Windows\System\mPHdJhp.exe
  2⤵
  PID:10664
- C:\Windows\System\BajwgMb.exe
  C:\Windows\System\BajwgMb.exe
  2⤵
  PID:10836
- C:\Windows\System\PavvYOi.exe
  C:\Windows\System\PavvYOi.exe
  2⤵
  PID:11004
- C:\Windows\System\tkSgppA.exe
  C:\Windows\System\tkSgppA.exe
  2⤵
  PID:11140
- C:\Windows\System\vKyYYeE.exe
  C:\Windows\System\vKyYYeE.exe
  2⤵
  PID:10380
- C:\Windows\System\EAdjKYU.exe
  C:\Windows\System\EAdjKYU.exe
  2⤵
  PID:10528
- C:\Windows\System\iSxMgPt.exe
  C:\Windows\System\iSxMgPt.exe
  2⤵
  PID:10804
- C:\Windows\System\sOVdwzs.exe
  C:\Windows\System\sOVdwzs.exe
  2⤵
  PID:11256
- C:\Windows\System\sTvacbT.exe
  C:\Windows\System\sTvacbT.exe
  2⤵
  PID:10724
- C:\Windows\System\KISwjAa.exe
  C:\Windows\System\KISwjAa.exe
  2⤵
  PID:10636
- C:\Windows\System\msPlAAx.exe
  C:\Windows\System\msPlAAx.exe
  2⤵
  PID:11280
- C:\Windows\System\bIdYixS.exe
  C:\Windows\System\bIdYixS.exe
  2⤵
  PID:11308
- C:\Windows\System\sMUxFFq.exe
  C:\Windows\System\sMUxFFq.exe
  2⤵
  PID:11336
- C:\Windows\System\UjWMOzC.exe
  C:\Windows\System\UjWMOzC.exe
  2⤵
  PID:11364
- C:\Windows\System\KdLoNdc.exe
  C:\Windows\System\KdLoNdc.exe
  2⤵
  PID:11392
- C:\Windows\System\XoZwMNF.exe
  C:\Windows\System\XoZwMNF.exe
  2⤵
  PID:11420
- C:\Windows\System\iOUhTGU.exe
  C:\Windows\System\iOUhTGU.exe
  2⤵
  PID:11448
- C:\Windows\System\OYKaJBu.exe
  C:\Windows\System\OYKaJBu.exe
  2⤵
  PID:11480
- C:\Windows\System\HAcQpBB.exe
  C:\Windows\System\HAcQpBB.exe
  2⤵
  PID:11512
- C:\Windows\System\NByYIaP.exe
  C:\Windows\System\NByYIaP.exe
  2⤵
  PID:11540
- C:\Windows\System\EmrKsio.exe
  C:\Windows\System\EmrKsio.exe
  2⤵
  PID:11572
- C:\Windows\System\jbPamTd.exe
  C:\Windows\System\jbPamTd.exe
  2⤵
  PID:11600
- C:\Windows\System\fNUcGHR.exe
  C:\Windows\System\fNUcGHR.exe
  2⤵
  PID:11628
- C:\Windows\System\nsjPuoJ.exe
  C:\Windows\System\nsjPuoJ.exe
  2⤵
  PID:11660
- C:\Windows\System\tPyQmZW.exe
  C:\Windows\System\tPyQmZW.exe
  2⤵
  PID:11688
- C:\Windows\System\NHWsEfG.exe
  C:\Windows\System\NHWsEfG.exe
  2⤵
  PID:11716
- C:\Windows\System\quxZFlj.exe
  C:\Windows\System\quxZFlj.exe
  2⤵
  PID:11736
- C:\Windows\System\noIHDNs.exe
  C:\Windows\System\noIHDNs.exe
  2⤵
  PID:11792
- C:\Windows\System\JfJZDdA.exe
  C:\Windows\System\JfJZDdA.exe
  2⤵
  PID:11816
- C:\Windows\System\RsonpoY.exe
  C:\Windows\System\RsonpoY.exe
  2⤵
  PID:11856
- C:\Windows\System\WzIDRtf.exe
  C:\Windows\System\WzIDRtf.exe
  2⤵
  PID:11872
- C:\Windows\System\GHehgzA.exe
  C:\Windows\System\GHehgzA.exe
  2⤵
  PID:11900
- C:\Windows\System\eCYrLzr.exe
  C:\Windows\System\eCYrLzr.exe
  2⤵
  PID:11928
- C:\Windows\System\TwySMWr.exe
  C:\Windows\System\TwySMWr.exe
  2⤵
  PID:11956
- C:\Windows\System\kjbxmUq.exe
  C:\Windows\System\kjbxmUq.exe
  2⤵
  PID:11992
- C:\Windows\System\tvjyAdV.exe
  C:\Windows\System\tvjyAdV.exe
  2⤵
  PID:12012
- C:\Windows\System\qCTCpNc.exe
  C:\Windows\System\qCTCpNc.exe
  2⤵
  PID:12044
- C:\Windows\System\pWJVwWu.exe
  C:\Windows\System\pWJVwWu.exe
  2⤵
  PID:12072
- C:\Windows\System\rZAgGYU.exe
  C:\Windows\System\rZAgGYU.exe
  2⤵
  PID:12100
- C:\Windows\System\pNGojvO.exe
  C:\Windows\System\pNGojvO.exe
  2⤵
  PID:12132
- C:\Windows\System\EiQAfak.exe
  C:\Windows\System\EiQAfak.exe
  2⤵
  PID:12160
- C:\Windows\System\aPCypsA.exe
  C:\Windows\System\aPCypsA.exe
  2⤵
  PID:12188
- C:\Windows\System\DblmFqg.exe
  C:\Windows\System\DblmFqg.exe
  2⤵
  PID:12216
- C:\Windows\System\CjmIDSC.exe
  C:\Windows\System\CjmIDSC.exe
  2⤵
  PID:12244
- C:\Windows\System\VRDpBow.exe
  C:\Windows\System\VRDpBow.exe
  2⤵
  PID:12272
- C:\Windows\System\GMiQkla.exe
  C:\Windows\System\GMiQkla.exe
  2⤵
  PID:11292
- C:\Windows\System\PfkMCKA.exe
  C:\Windows\System\PfkMCKA.exe
  2⤵
  PID:11356
- C:\Windows\System\JxqXaGl.exe
  C:\Windows\System\JxqXaGl.exe
  2⤵
  PID:11412
- C:\Windows\System\hBORdrH.exe
  C:\Windows\System\hBORdrH.exe
  2⤵
  PID:11476
- C:\Windows\System\fDkpyWB.exe
  C:\Windows\System\fDkpyWB.exe
  2⤵
  PID:11560
- C:\Windows\System\XNmaWaN.exe
  C:\Windows\System\XNmaWaN.exe
  2⤵
  PID:11644
- C:\Windows\System\JEMRkic.exe
  C:\Windows\System\JEMRkic.exe
  2⤵
  PID:2380
- C:\Windows\System\epKOzvJ.exe
  C:\Windows\System\epKOzvJ.exe
  2⤵
  PID:1668
- C:\Windows\System\tzCeubt.exe
  C:\Windows\System\tzCeubt.exe
  2⤵
  PID:11800
- C:\Windows\System\ywdfDwC.exe
  C:\Windows\System\ywdfDwC.exe
  2⤵
  PID:11868
- C:\Windows\System\FNzpzWe.exe
  C:\Windows\System\FNzpzWe.exe
  2⤵
  PID:11940
- C:\Windows\System\gbTFYai.exe
  C:\Windows\System\gbTFYai.exe
  2⤵
  PID:12004
- C:\Windows\System\kRBMemu.exe
  C:\Windows\System\kRBMemu.exe
  2⤵
  PID:12036
- C:\Windows\System\IKeYdXR.exe
  C:\Windows\System\IKeYdXR.exe
  2⤵
  PID:12092
- C:\Windows\System\kvXLIOt.exe
  C:\Windows\System\kvXLIOt.exe
  2⤵
  PID:12156
- C:\Windows\System\BdIeMaU.exe
  C:\Windows\System\BdIeMaU.exe
  2⤵
  PID:12228
- C:\Windows\System\hyERzAk.exe
  C:\Windows\System\hyERzAk.exe
  2⤵
  PID:11276
- C:\Windows\System\lznNZlt.exe
  C:\Windows\System\lznNZlt.exe
  2⤵
  PID:11384
- C:\Windows\System\yNWmoEW.exe
  C:\Windows\System\yNWmoEW.exe
  2⤵
  PID:11656
- C:\Windows\System\CoWzQrl.exe
  C:\Windows\System\CoWzQrl.exe
  2⤵
  PID:11712
- C:\Windows\System\rvWxZfB.exe
  C:\Windows\System\rvWxZfB.exe
  2⤵
  PID:11864
- C:\Windows\System\gczuouH.exe
  C:\Windows\System\gczuouH.exe
  2⤵
  PID:11980
- C:\Windows\System\FemwWzi.exe
  C:\Windows\System\FemwWzi.exe
  2⤵
  PID:12064
- C:\Windows\System\xqHvXeN.exe
  C:\Windows\System\xqHvXeN.exe
  2⤵
  PID:12208
- C:\Windows\System\brhMByP.exe
  C:\Windows\System\brhMByP.exe
  2⤵
  PID:11532
- C:\Windows\System\PzgzTuz.exe
  C:\Windows\System\PzgzTuz.exe
  2⤵
  PID:11700
- C:\Windows\System\gQWzrEi.exe
  C:\Windows\System\gQWzrEi.exe
  2⤵
  PID:11652
- C:\Windows\System\rCtTDcS.exe
  C:\Windows\System\rCtTDcS.exe
  2⤵
  PID:12200
- C:\Windows\System\zePHdlx.exe
  C:\Windows\System\zePHdlx.exe
  2⤵
  PID:11556
- C:\Windows\System\DAfxRpl.exe
  C:\Windows\System\DAfxRpl.exe
  2⤵
  PID:11724
- C:\Windows\System\XwheRRC.exe
  C:\Windows\System\XwheRRC.exe
  2⤵
  PID:12124
- C:\Windows\System\cMEiOpm.exe
  C:\Windows\System\cMEiOpm.exe
  2⤵
  PID:12316
- C:\Windows\System\wPaYFJZ.exe
  C:\Windows\System\wPaYFJZ.exe
  2⤵
  PID:12344
- C:\Windows\System\RjKwXxd.exe
  C:\Windows\System\RjKwXxd.exe
  2⤵
  PID:12372
- C:\Windows\System\jcTbldm.exe
  C:\Windows\System\jcTbldm.exe
  2⤵
  PID:12400
- C:\Windows\System\OEDoxhz.exe
  C:\Windows\System\OEDoxhz.exe
  2⤵
  PID:12428
- C:\Windows\System\AXKzNKb.exe
  C:\Windows\System\AXKzNKb.exe
  2⤵
  PID:12456
- C:\Windows\System\HgQjDuJ.exe
  C:\Windows\System\HgQjDuJ.exe
  2⤵
  PID:12484
- C:\Windows\System\zdddaSy.exe
  C:\Windows\System\zdddaSy.exe
  2⤵
  PID:12512
- C:\Windows\System\EIuHmJp.exe
  C:\Windows\System\EIuHmJp.exe
  2⤵
  PID:12540
- C:\Windows\System\OAXnXnH.exe
  C:\Windows\System\OAXnXnH.exe
  2⤵
  PID:12568
- C:\Windows\System\mUlnFsH.exe
  C:\Windows\System\mUlnFsH.exe
  2⤵
  PID:12600
- C:\Windows\System\HgoBjjx.exe
  C:\Windows\System\HgoBjjx.exe
  2⤵
  PID:12628
- C:\Windows\System\IDDkqfe.exe
  C:\Windows\System\IDDkqfe.exe
  2⤵
  PID:12656
- C:\Windows\System\WqbfFgH.exe
  C:\Windows\System\WqbfFgH.exe
  2⤵
  PID:12684
- C:\Windows\System\ftFGtef.exe
  C:\Windows\System\ftFGtef.exe
  2⤵
  PID:12712
- C:\Windows\System\yrPPrQm.exe
  C:\Windows\System\yrPPrQm.exe
  2⤵
  PID:12740
- C:\Windows\System\ZwHinHc.exe
  C:\Windows\System\ZwHinHc.exe
  2⤵
  PID:12768
- C:\Windows\System\aIbOGTs.exe
  C:\Windows\System\aIbOGTs.exe
  2⤵
  PID:12796
- C:\Windows\System\PCpVPHJ.exe
  C:\Windows\System\PCpVPHJ.exe
  2⤵
  PID:12824
- C:\Windows\System\rCBykRE.exe
  C:\Windows\System\rCBykRE.exe
  2⤵
  PID:12852
- C:\Windows\System\XvJIYCa.exe
  C:\Windows\System\XvJIYCa.exe
  2⤵
  PID:12880
- C:\Windows\System\VhtNiaf.exe
  C:\Windows\System\VhtNiaf.exe
  2⤵
  PID:12908
- C:\Windows\System\eTJbDJi.exe
  C:\Windows\System\eTJbDJi.exe
  2⤵
  PID:12936
- C:\Windows\System\zXLScun.exe
  C:\Windows\System\zXLScun.exe
  2⤵
  PID:12964
- C:\Windows\System\vwPeyvR.exe
  C:\Windows\System\vwPeyvR.exe
  2⤵
  PID:12992
- C:\Windows\System\FDjUomg.exe
  C:\Windows\System\FDjUomg.exe
  2⤵
  PID:13020
- C:\Windows\System\weZFbFJ.exe
  C:\Windows\System\weZFbFJ.exe
  2⤵
  PID:13044
- C:\Windows\System\KQBFgOW.exe
  C:\Windows\System\KQBFgOW.exe
  2⤵
  PID:13076
- C:\Windows\System\ScKeGHj.exe
  C:\Windows\System\ScKeGHj.exe
  2⤵
  PID:13104
- C:\Windows\System\VTiJZPC.exe
  C:\Windows\System\VTiJZPC.exe
  2⤵
  PID:13132
- C:\Windows\System\SeEAefx.exe
  C:\Windows\System\SeEAefx.exe
  2⤵
  PID:13160
- C:\Windows\System\qnONvWk.exe
  C:\Windows\System\qnONvWk.exe
  2⤵
  PID:13188
- C:\Windows\System\lpcRnZJ.exe
  C:\Windows\System\lpcRnZJ.exe
  2⤵
  PID:13204
- C:\Windows\System\IHqJsQq.exe
  C:\Windows\System\IHqJsQq.exe
  2⤵
  PID:13236
- C:\Windows\System\UDiRktl.exe
  C:\Windows\System\UDiRktl.exe
  2⤵
  PID:13272
- C:\Windows\System\JwXMGdu.exe
  C:\Windows\System\JwXMGdu.exe
  2⤵
  PID:13304
- C:\Windows\System\qkCrdEQ.exe
  C:\Windows\System\qkCrdEQ.exe
  2⤵
  PID:12312
- C:\Windows\System\pqBBPrs.exe
  C:\Windows\System\pqBBPrs.exe
  2⤵
  PID:12416
- C:\Windows\System\NeHhqFI.exe
  C:\Windows\System\NeHhqFI.exe
  2⤵
  PID:11504
- C:\Windows\System\QWJChRS.exe
  C:\Windows\System\QWJChRS.exe
  2⤵
  PID:12532
- C:\Windows\System\gIUDpku.exe
  C:\Windows\System\gIUDpku.exe
  2⤵
  PID:12596
- C:\Windows\System\VpbXYty.exe
  C:\Windows\System\VpbXYty.exe
  2⤵
  PID:12652
- C:\Windows\System\sOHsMCq.exe
  C:\Windows\System\sOHsMCq.exe
  2⤵
  PID:12700
- C:\Windows\System\ldWnSyQ.exe
  C:\Windows\System\ldWnSyQ.exe
  2⤵
  PID:12788
- C:\Windows\System\VGEuBfi.exe
  C:\Windows\System\VGEuBfi.exe
  2⤵
  PID:2760
- C:\Windows\System\XdcHtlD.exe
  C:\Windows\System\XdcHtlD.exe
  2⤵
  PID:5040
- C:\Windows\System\EbOrlDt.exe
  C:\Windows\System\EbOrlDt.exe
  2⤵
  PID:12920
- C:\Windows\System\kmaLOiR.exe
  C:\Windows\System\kmaLOiR.exe
  2⤵
  PID:7476
- C:\Windows\System\CSSmJsW.exe
  C:\Windows\System\CSSmJsW.exe
  2⤵
  PID:13032
- C:\Windows\System\itzaULN.exe
  C:\Windows\System\itzaULN.exe
  2⤵
  PID:13088
- C:\Windows\System\MBHYnWn.exe
  C:\Windows\System\MBHYnWn.exe
  2⤵
  PID:13152
- C:\Windows\System\uTVhoGL.exe
  C:\Windows\System\uTVhoGL.exe
  2⤵
  PID:32
- C:\Windows\System\xyUzHIX.exe
  C:\Windows\System\xyUzHIX.exe
  2⤵
  PID:4972
- C:\Windows\System\QQOKrkW.exe
  C:\Windows\System\QQOKrkW.exe
  2⤵
  PID:12308
- C:\Windows\System\PZOkcNK.exe
  C:\Windows\System\PZOkcNK.exe
  2⤵
  PID:12440
- C:\Windows\System\BUgMCKH.exe
  C:\Windows\System\BUgMCKH.exe
  2⤵
  PID:12592
- C:\Windows\System\rFpzLIK.exe
  C:\Windows\System\rFpzLIK.exe
  2⤵
  PID:12676
- C:\Windows\System\wtlzbJM.exe
  C:\Windows\System\wtlzbJM.exe
  2⤵
  PID:12840
- C:\Windows\System\FNZSprh.exe
  C:\Windows\System\FNZSprh.exe
  2⤵
  PID:12904
- C:\Windows\System\msHXqUY.exe
  C:\Windows\System\msHXqUY.exe
  2⤵
  PID:2272
- C:\Windows\System\drimrYa.exe
  C:\Windows\System\drimrYa.exe
  2⤵
  PID:13116
- C:\Windows\System\hYNvRqf.exe
  C:\Windows\System\hYNvRqf.exe
  2⤵
  PID:13296
- C:\Windows\System\NeWvFmz.exe
  C:\Windows\System\NeWvFmz.exe
  2⤵
  PID:3500
- C:\Windows\System\QHhaSyq.exe
  C:\Windows\System\QHhaSyq.exe
  2⤵
  PID:3104
- C:\Windows\System\zYmItTF.exe
  C:\Windows\System\zYmItTF.exe
  2⤵
  PID:12560
- C:\Windows\System\RkyLVUF.exe
  C:\Windows\System\RkyLVUF.exe
  2⤵
  PID:12760
- C:\Windows\System\IsjWUKB.exe
  C:\Windows\System\IsjWUKB.exe
  2⤵
  PID:12976
- C:\Windows\System\iiUlqwJ.exe
  C:\Windows\System\iiUlqwJ.exe
  2⤵
  PID:13200
- C:\Windows\System\JgQNOQr.exe
  C:\Windows\System\JgQNOQr.exe
  2⤵
  PID:4400
- C:\Windows\System\XNDlIMc.exe
  C:\Windows\System\XNDlIMc.exe
  2⤵
  PID:3912
- C:\Windows\System\aGulpDi.exe
  C:\Windows\System\aGulpDi.exe
  2⤵
  PID:2932
- C:\Windows\System\tRdmOEo.exe
  C:\Windows\System\tRdmOEo.exe
  2⤵
  PID:452
- C:\Windows\System\NNnYzcK.exe
  C:\Windows\System\NNnYzcK.exe
  2⤵
  PID:1860
- C:\Windows\System\frWqXra.exe
  C:\Windows\System\frWqXra.exe
  2⤵
  PID:2764
- C:\Windows\System\Nqbvbqh.exe
  C:\Windows\System\Nqbvbqh.exe
  2⤵
  PID:2004
- C:\Windows\System\AppaIxW.exe
  C:\Windows\System\AppaIxW.exe
  2⤵
  PID:3048
- C:\Windows\System\gsrjzAb.exe
  C:\Windows\System\gsrjzAb.exe
  2⤵
  PID:12508
- C:\Windows\System\bzBCPuE.exe
  C:\Windows\System\bzBCPuE.exe
  2⤵
  PID:1556
- C:\Windows\System\LtEvEdg.exe
  C:\Windows\System\LtEvEdg.exe
  2⤵
  PID:372
- C:\Windows\System\uJLVKxv.exe
  C:\Windows\System\uJLVKxv.exe
  2⤵
  PID:4964
- C:\Windows\System\aAuBlGG.exe
  C:\Windows\System\aAuBlGG.exe
  2⤵
  PID:4636
- C:\Windows\System\WqRViHO.exe
  C:\Windows\System\WqRViHO.exe
  2⤵
  PID:1504
- C:\Windows\System\UWgUwXO.exe
  C:\Windows\System\UWgUwXO.exe
  2⤵
  PID:13340
- C:\Windows\System\yTLOHrK.exe
  C:\Windows\System\yTLOHrK.exe
  2⤵
  PID:13384
- C:\Windows\System\HuoARZa.exe
  C:\Windows\System\HuoARZa.exe
  2⤵
  PID:13424
- C:\Windows\System\memNmMp.exe
  C:\Windows\System\memNmMp.exe
  2⤵
  PID:13448
- C:\Windows\System\XshEFOk.exe
  C:\Windows\System\XshEFOk.exe
  2⤵
  PID:13492
- C:\Windows\System\pXHuLsA.exe
  C:\Windows\System\pXHuLsA.exe
  2⤵
  PID:13508
- C:\Windows\System\DJbiqXg.exe
  C:\Windows\System\DJbiqXg.exe
  2⤵
  PID:13540
- C:\Windows\System\sFczZWA.exe
  C:\Windows\System\sFczZWA.exe
  2⤵
  PID:13580
- C:\Windows\System\iruHiCU.exe
  C:\Windows\System\iruHiCU.exe
  2⤵
  PID:13600
- C:\Windows\System\lhHxpAv.exe
  C:\Windows\System\lhHxpAv.exe
  2⤵
  PID:13636
- C:\Windows\System\fImCqnf.exe
  C:\Windows\System\fImCqnf.exe
  2⤵
  PID:13664
- C:\Windows\System\NOKeknQ.exe
  C:\Windows\System\NOKeknQ.exe
  2⤵
  PID:13692
- C:\Windows\System\kbrkbPM.exe
  C:\Windows\System\kbrkbPM.exe
  2⤵
  PID:13720
- C:\Windows\System\TOHDKUp.exe
  C:\Windows\System\TOHDKUp.exe
  2⤵
  PID:13748
- C:\Windows\System\IQapjnB.exe
  C:\Windows\System\IQapjnB.exe
  2⤵
  PID:13776
- C:\Windows\System\RHxxQCX.exe
  C:\Windows\System\RHxxQCX.exe
  2⤵
  PID:13804
- C:\Windows\System\SCxHHVF.exe
  C:\Windows\System\SCxHHVF.exe
  2⤵
  PID:13832
- C:\Windows\System\qNAojMJ.exe
  C:\Windows\System\qNAojMJ.exe
  2⤵
  PID:13860
- C:\Windows\System\OcVTUlz.exe
  C:\Windows\System\OcVTUlz.exe
  2⤵
  PID:13888
- C:\Windows\System\IUeVvav.exe
  C:\Windows\System\IUeVvav.exe
  2⤵
  PID:13916
- C:\Windows\System\QRvnyAI.exe
  C:\Windows\System\QRvnyAI.exe
  2⤵
  PID:13944
- C:\Windows\System\kTAoMWo.exe
  C:\Windows\System\kTAoMWo.exe
  2⤵
  PID:13972
- C:\Windows\System\KrzRpKD.exe
  C:\Windows\System\KrzRpKD.exe
  2⤵
  PID:14000
- C:\Windows\System\bRcuTzk.exe
  C:\Windows\System\bRcuTzk.exe
  2⤵
  PID:14028
- C:\Windows\System\bIeGOVN.exe
  C:\Windows\System\bIeGOVN.exe
  2⤵
  PID:14056
- C:\Windows\System\oDcDGGP.exe
  C:\Windows\System\oDcDGGP.exe
  2⤵
  PID:14092
- C:\Windows\System\QOLWpgA.exe
  C:\Windows\System\QOLWpgA.exe
  2⤵
  PID:14128
- C:\Windows\System\OhJCrKH.exe
  C:\Windows\System\OhJCrKH.exe
  2⤵
  PID:14156
- C:\Windows\System\DqhtATf.exe
  C:\Windows\System\DqhtATf.exe
  2⤵
  PID:14192
- C:\Windows\System\UIbOKAE.exe
  C:\Windows\System\UIbOKAE.exe
  2⤵
  PID:14212
- C:\Windows\System\KaxugsC.exe
  C:\Windows\System\KaxugsC.exe
  2⤵
  PID:14240
- C:\Windows\System\FeNCFmf.exe
  C:\Windows\System\FeNCFmf.exe
  2⤵
  PID:14268
- C:\Windows\System\bKEaDUM.exe
  C:\Windows\System\bKEaDUM.exe
  2⤵
  PID:14296
- C:\Windows\System\USSGTkF.exe
  C:\Windows\System\USSGTkF.exe
  2⤵
  PID:14320
- C:\Windows\System\ORpyzYF.exe
  C:\Windows\System\ORpyzYF.exe
  2⤵
  PID:888
- C:\Windows\System\WJXAUKK.exe
  C:\Windows\System\WJXAUKK.exe
  2⤵
  PID:3936
- C:\Windows\System\BjcYwMX.exe
  C:\Windows\System\BjcYwMX.exe
  2⤵
  PID:13440
- C:\Windows\System\dqrRTHs.exe
  C:\Windows\System\dqrRTHs.exe
  2⤵
  PID:3856
- C:\Windows\System\KIVEmrV.exe
  C:\Windows\System\KIVEmrV.exe
  2⤵
  PID:4652
- C:\Windows\System\gAXIayC.exe
  C:\Windows\System\gAXIayC.exe
  2⤵
  PID:13556
- C:\Windows\System\DFbuJmR.exe
  C:\Windows\System\DFbuJmR.exe
  2⤵
  PID:13328
- C:\Windows\System\CtaSBsc.exe
  C:\Windows\System\CtaSBsc.exe
  2⤵
  PID:4844
- C:\Windows\System\luKviwn.exe
  C:\Windows\System\luKviwn.exe
  2⤵
  PID:2176
- C:\Windows\System\CSEITeI.exe
  C:\Windows\System\CSEITeI.exe
  2⤵
  PID:4996
- C:\Windows\System\SWrdCje.exe
  C:\Windows\System\SWrdCje.exe
  2⤵
  PID:3972
- C:\Windows\System\Zvbyqlw.exe
  C:\Windows\System\Zvbyqlw.exe
  2⤵
  PID:13732
- C:\Windows\System\LrAjKGL.exe
  C:\Windows\System\LrAjKGL.exe
  2⤵
  PID:4380
- C:\Windows\System\YHdQpaf.exe
  C:\Windows\System\YHdQpaf.exe
  2⤵
  PID:1996
- C:\Windows\System\YRgUCRh.exe
  C:\Windows\System\YRgUCRh.exe
  2⤵
  PID:13852
- C:\Windows\System\WiwuXWU.exe
  C:\Windows\System\WiwuXWU.exe
  2⤵
  PID:5192
- C:\Windows\System\xNNVTLI.exe
  C:\Windows\System\xNNVTLI.exe
  2⤵
  PID:5220
- C:\Windows\System\VySTUcM.exe
  C:\Windows\System\VySTUcM.exe
  2⤵
  PID:13964
- C:\Windows\System\fCgGLUh.exe
  C:\Windows\System\fCgGLUh.exe
  2⤵
  PID:14012
- C:\Windows\System\LwGcgrx.exe
  C:\Windows\System\LwGcgrx.exe
  2⤵
  PID:5372
- C:\Windows\System\dKYqmaL.exe
  C:\Windows\System\dKYqmaL.exe
  2⤵
  PID:5428
- C:\Windows\System\ajZxAbf.exe
  C:\Windows\System\ajZxAbf.exe
  2⤵
  PID:14040
- C:\Windows\System\wAOfqGB.exe
  C:\Windows\System\wAOfqGB.exe
  2⤵
  PID:14088
- C:\Windows\System\IgUKiPw.exe
  C:\Windows\System\IgUKiPw.exe
  2⤵
  PID:5608
- C:\Windows\System\WvesfxJ.exe
  C:\Windows\System\WvesfxJ.exe
  2⤵
  PID:5668
- C:\Windows\System\dRkpsaM.exe
  C:\Windows\System\dRkpsaM.exe
  2⤵
  PID:14168
- C:\Windows\System\IffqgtC.exe
  C:\Windows\System\IffqgtC.exe
  2⤵
  PID:14076
- C:\Windows\System\efofXnP.exe
  C:\Windows\System\efofXnP.exe
  2⤵
  PID:5780
- C:\Windows\System\PcaTWrI.exe
  C:\Windows\System\PcaTWrI.exe
  2⤵
  PID:5812
- C:\Windows\System\oVHWvux.exe
  C:\Windows\System\oVHWvux.exe
  2⤵
  PID:3392
- C:\Windows\System\RZYfDRG.exe
  C:\Windows\System\RZYfDRG.exe
  2⤵
  PID:13364
- C:\Windows\System\jRcFrVZ.exe
  C:\Windows\System\jRcFrVZ.exe
  2⤵
  PID:4016
- C:\Windows\System\VzTGLDv.exe
  C:\Windows\System\VzTGLDv.exe
  2⤵
  PID:5984
- C:\Windows\System\YLztwrj.exe
  C:\Windows\System\YLztwrj.exe
  2⤵
  PID:4484
- C:\Windows\System\VHNYLDn.exe
  C:\Windows\System\VHNYLDn.exe
  2⤵
  PID:6080
- C:\Windows\System\DiBnrgA.exe
  C:\Windows\System\DiBnrgA.exe
  2⤵
  PID:6088
- C:\Windows\System\oGVvPdX.exe
  C:\Windows\System\oGVvPdX.exe
  2⤵
  PID:13704
- C:\Windows\System\wFQEtiw.exe
  C:\Windows\System\wFQEtiw.exe
  2⤵
  PID:13760
- C:\Windows\System\QEpZnae.exe
  C:\Windows\System\QEpZnae.exe
  2⤵
  PID:5288
- C:\Windows\System\ynwfSGK.exe
  C:\Windows\System\ynwfSGK.exe
  2⤵
  PID:13844
- C:\Windows\System\qNOBxaV.exe
  C:\Windows\System\qNOBxaV.exe
  2⤵
  PID:5412
- C:\Windows\System\AqkqVCI.exe
  C:\Windows\System\AqkqVCI.exe
  2⤵
  PID:1760
- C:\Windows\System\gewyDkP.exe
  C:\Windows\System\gewyDkP.exe
  2⤵
  PID:920
- C:\Windows\System\AZBtiQZ.exe
  C:\Windows\System\AZBtiQZ.exe
  2⤵
  PID:5396
- C:\Windows\System\UAVOhQZ.exe
  C:\Windows\System\UAVOhQZ.exe
  2⤵
  PID:5496
- C:\Windows\System\UtoMkoV.exe
  C:\Windows\System\UtoMkoV.exe
  2⤵
  PID:14120
- C:\Windows\System\ztBNFHE.exe
  C:\Windows\System\ztBNFHE.exe
  2⤵
  PID:5644
- C:\Windows\System\ucEKkDJ.exe
  C:\Windows\System\ucEKkDJ.exe
  2⤵
  PID:14176
- C:\Windows\System\jyAGDdm.exe
  C:\Windows\System\jyAGDdm.exe
  2⤵
  PID:5752
- C:\Windows\System\TtRRMbU.exe
  C:\Windows\System\TtRRMbU.exe
  2⤵
  PID:4252
- C:\Windows\System\jFKjavJ.exe
  C:\Windows\System\jFKjavJ.exe
  2⤵
  PID:2416
- C:\Windows\System\FVjedUo.exe
  C:\Windows\System\FVjedUo.exe
  2⤵
  PID:14316
- C:\Windows\System\ZqnnvvS.exe
  C:\Windows\System\ZqnnvvS.exe
  2⤵
  PID:5940
- C:\Windows\System\jmIbKgf.exe
  C:\Windows\System\jmIbKgf.exe
  2⤵
  PID:14080
- C:\Windows\System\ORmVXuv.exe
  C:\Windows\System\ORmVXuv.exe
  2⤵
  PID:5956
- C:\Windows\System\YrZOlKw.exe
  C:\Windows\System\YrZOlKw.exe
  2⤵
  PID:5772
- C:\Windows\System\ikaxGZn.exe
  C:\Windows\System\ikaxGZn.exe
  2⤵
  PID:6100
- C:\Windows\System\ycrueNT.exe
  C:\Windows\System\ycrueNT.exe
  2⤵
  PID:6120
- C:\Windows\System\znPpMiO.exe
  C:\Windows\System\znPpMiO.exe
  2⤵
  PID:14072
- C:\Windows\System\cOFPMfB.exe
  C:\Windows\System\cOFPMfB.exe
  2⤵
  PID:6192
- C:\Windows\System\LCWDSKB.exe
  C:\Windows\System\LCWDSKB.exe
  2⤵
  PID:5276
- C:\Windows\System\uMOImJj.exe
  C:\Windows\System\uMOImJj.exe
  2⤵
  PID:316
- C:\Windows\System\eWfipYv.exe
  C:\Windows\System\eWfipYv.exe
  2⤵
  PID:6280
- C:\Windows\System\QjLCDlF.exe
  C:\Windows\System\QjLCDlF.exe
  2⤵
  PID:5728
- C:\Windows\System\dLuMCpZ.exe
  C:\Windows\System\dLuMCpZ.exe
  2⤵
  PID:14148
- C:\Windows\System\InnrDry.exe
  C:\Windows\System\InnrDry.exe
  2⤵
  PID:6040
- C:\Windows\System\XkouhYJ.exe
  C:\Windows\System\XkouhYJ.exe
  2⤵
  PID:6336
- C:\Windows\System\ubGoACU.exe
  C:\Windows\System\ubGoACU.exe
  2⤵
  PID:14152
- C:\Windows\System\DXnStVp.exe
  C:\Windows\System\DXnStVp.exe
  2⤵
  PID:5944
- C:\Windows\System\iZDAwhv.exe
  C:\Windows\System\iZDAwhv.exe
  2⤵
  PID:5088
- C:\Windows\System\VtLUSid.exe
  C:\Windows\System\VtLUSid.exe
  2⤵
  PID:6872
- C:\Windows\System\EdvkfWq.exe
  C:\Windows\System\EdvkfWq.exe
  2⤵
  PID:6156
- C:\Windows\System\xDXmFhm.exe
  C:\Windows\System\xDXmFhm.exe
  2⤵
  PID:6936
- C:\Windows\System\WkmPdog.exe
  C:\Windows\System\WkmPdog.exe
  2⤵
  PID:5688
- C:\Windows\System\VflsOOb.exe
  C:\Windows\System\VflsOOb.exe
  2⤵
  PID:6364
- C:\Windows\System\hAVkkPf.exe
  C:\Windows\System\hAVkkPf.exe
  2⤵
  PID:7052
- C:\Windows\System\GTppWqU.exe
  C:\Windows\System\GTppWqU.exe
  2⤵
  PID:1784
- C:\Windows\System\guwioBu.exe
  C:\Windows\System\guwioBu.exe
  2⤵
  PID:400
- C:\Windows\System\JxLhyrp.exe
  C:\Windows\System\JxLhyrp.exe
  2⤵
  PID:6472
- C:\Windows\System\feqFjkV.exe
  C:\Windows\System\feqFjkV.exe
  2⤵
  PID:6568
- C:\Windows\System\okEzwPf.exe
  C:\Windows\System\okEzwPf.exe
  2⤵
  PID:6636
- C:\Windows\System\pLuKUYm.exe
  C:\Windows\System\pLuKUYm.exe
  2⤵
  PID:596
- C:\Windows\System\nzMcLAT.exe
  C:\Windows\System\nzMcLAT.exe
  2⤵
  PID:6592
- C:\Windows\System\HMYahpk.exe
  C:\Windows\System\HMYahpk.exe
  2⤵
  PID:6772
- C:\Windows\System\jYtLtvn.exe
  C:\Windows\System\jYtLtvn.exe
  2⤵
  PID:2784
- C:\Windows\System\Klekoxj.exe
  C:\Windows\System\Klekoxj.exe
  2⤵
  PID:6960
- C:\Windows\System\jUgyUlo.exe
  C:\Windows\System\jUgyUlo.exe
  2⤵
  PID:14048
- C:\Windows\System\vzuabjm.exe
  C:\Windows\System\vzuabjm.exe
  2⤵
  PID:6000
- C:\Windows\System\hbvPSYA.exe
  C:\Windows\System\hbvPSYA.exe
  2⤵
  PID:6444
- C:\Windows\System\ttZPcSQ.exe
  C:\Windows\System\ttZPcSQ.exe
  2⤵
  PID:5392
- C:\Windows\System\MHjgvet.exe
  C:\Windows\System\MHjgvet.exe
  2⤵
  PID:2112
- C:\Windows\System\PcbBBoh.exe
  C:\Windows\System\PcbBBoh.exe
  2⤵
  PID:7012
- C:\Windows\System\vQTYpvX.exe
  C:\Windows\System\vQTYpvX.exe
  2⤵
  PID:6508
- C:\Windows\System\ZCwjUpp.exe
  C:\Windows\System\ZCwjUpp.exe
  2⤵
  PID:6780
- C:\Windows\System\NfsAkGI.exe
  C:\Windows\System\NfsAkGI.exe
  2⤵
  PID:6488
- C:\Windows\System\xiOxkcv.exe
  C:\Windows\System\xiOxkcv.exe
  2⤵
  PID:6560
- C:\Windows\System\ayPEezC.exe
  C:\Windows\System\ayPEezC.exe
  2⤵
  PID:6768
- C:\Windows\System\OjYEQHn.exe
  C:\Windows\System\OjYEQHn.exe
  2⤵
  PID:3964
- C:\Windows\System\unzpJac.exe
  C:\Windows\System\unzpJac.exe
  2⤵
  PID:7308
- C:\Windows\System\qsncLtN.exe
  C:\Windows\System\qsncLtN.exe
  2⤵
  PID:7336
- C:\Windows\System\lGBmroc.exe
  C:\Windows\System\lGBmroc.exe
  2⤵
  PID:3520
- C:\Windows\System\CqAprUR.exe
  C:\Windows\System\CqAprUR.exe
  2⤵
  PID:6904
- C:\Windows\System\DRlQbpf.exe
  C:\Windows\System\DRlQbpf.exe
  2⤵
  PID:7044
- C:\Windows\System\eUCqlBU.exe
  C:\Windows\System\eUCqlBU.exe
  2⤵
  PID:7624
- C:\Windows\System\kudgoZk.exe
  C:\Windows\System\kudgoZk.exe
  2⤵
  PID:7156
- C:\Windows\System\sOOUPoK.exe
  C:\Windows\System\sOOUPoK.exe
  2⤵
  PID:8092
- C:\Windows\System\kXworqu.exe
  C:\Windows\System\kXworqu.exe
  2⤵
  PID:7196
- C:\Windows\System\bzyRduq.exe
  C:\Windows\System\bzyRduq.exe
  2⤵
  PID:6004
- C:\Windows\System\hSawuZZ.exe
  C:\Windows\System\hSawuZZ.exe
  2⤵
  PID:7504
- C:\Windows\System\ChIsHFB.exe
  C:\Windows\System\ChIsHFB.exe
  2⤵
  PID:7540
- C:\Windows\System\AoLBoEj.exe
  C:\Windows\System\AoLBoEj.exe
  2⤵
  PID:4984
- C:\Windows\System\HzbQHRj.exe
  C:\Windows\System\HzbQHRj.exe
  2⤵
  PID:7104
- C:\Windows\System\hxDeRnA.exe
  C:\Windows\System\hxDeRnA.exe
  2⤵
  PID:1408
- C:\Windows\System\sUhJUDP.exe
  C:\Windows\System\sUhJUDP.exe
  2⤵
  PID:2304
- C:\Windows\System\CFtiuOz.exe
  C:\Windows\System\CFtiuOz.exe
  2⤵
  PID:7892
- C:\Windows\System\sYmbQNm.exe
  C:\Windows\System\sYmbQNm.exe
  2⤵
  PID:6604
- C:\Windows\System\spqiPPw.exe
  C:\Windows\System\spqiPPw.exe
  2⤵
  PID:7136
- C:\Windows\System\KIzgNkI.exe
  C:\Windows\System\KIzgNkI.exe
  2⤵
  PID:4196
- C:\Windows\System\HgGkmrC.exe
  C:\Windows\System\HgGkmrC.exe
  2⤵
  PID:6552
- C:\Windows\System\CjSZwUE.exe
  C:\Windows\System\CjSZwUE.exe
  2⤵
  PID:1356
- C:\Windows\System\ngOBaVu.exe
  C:\Windows\System\ngOBaVu.exe
  2⤵
  PID:7392
- C:\Windows\System\vlgLLgl.exe
  C:\Windows\System\vlgLLgl.exe
  2⤵
  PID:7908
- C:\Windows\System\ynXmvfb.exe
  C:\Windows\System\ynXmvfb.exe
  2⤵
  PID:5808
- C:\Windows\System\QqwsYdx.exe
  C:\Windows\System\QqwsYdx.exe
  2⤵
  PID:7828
- C:\Windows\System\fOthfzl.exe
  C:\Windows\System\fOthfzl.exe
  2⤵
  PID:8004
- C:\Windows\System\ZDjmGzL.exe
  C:\Windows\System\ZDjmGzL.exe
  2⤵
  PID:8036
- C:\Windows\System\EtkJtdQ.exe
  C:\Windows\System\EtkJtdQ.exe
  2⤵
  PID:8184
- C:\Windows\System\zScgaEz.exe
  C:\Windows\System\zScgaEz.exe
  2⤵
  PID:7224
- C:\Windows\System\MEfHBob.exe
  C:\Windows\System\MEfHBob.exe
  2⤵
  PID:7868
- C:\Windows\System\bYmFinH.exe
  C:\Windows\System\bYmFinH.exe
  2⤵
  PID:7972
- C:\Windows\System\QofOoby.exe
  C:\Windows\System\QofOoby.exe
  2⤵
  PID:7208
- C:\Windows\System\TEsIWKk.exe
  C:\Windows\System\TEsIWKk.exe
  2⤵
  PID:7444
- C:\Windows\System\EfQGiKl.exe
  C:\Windows\System\EfQGiKl.exe
  2⤵
  PID:7584
- C:\Windows\System\nxKjNQc.exe
  C:\Windows\System\nxKjNQc.exe
  2⤵
  PID:7632
- C:\Windows\System\TkJZcsI.exe
  C:\Windows\System\TkJZcsI.exe
  2⤵
  PID:3200
- C:\Windows\System\JldLDbq.exe
  C:\Windows\System\JldLDbq.exe
  2⤵
  PID:7680
- C:\Windows\System\SMLNpww.exe
  C:\Windows\System\SMLNpww.exe
  2⤵
  PID:7744
- C:\Windows\System\yyOIcFH.exe
  C:\Windows\System\yyOIcFH.exe
  2⤵
  PID:8448
- C:\Windows\System\OGTnbll.exe
  C:\Windows\System\OGTnbll.exe
  2⤵
  PID:8468
- C:\Windows\System\JIAdmqt.exe
  C:\Windows\System\JIAdmqt.exe
  2⤵
  PID:7988
- C:\Windows\System\UZUxjQk.exe
  C:\Windows\System\UZUxjQk.exe
  2⤵
  PID:8100
- C:\Windows\System\FxpPPcC.exe
  C:\Windows\System\FxpPPcC.exe
  2⤵
  PID:7852
- C:\Windows\System\TpsapRQ.exe
  C:\Windows\System\TpsapRQ.exe
  2⤵
  PID:8644
- C:\Windows\System\ymRmHsX.exe
  C:\Windows\System\ymRmHsX.exe
  2⤵
  PID:8952
- C:\Windows\System\IIQcKeF.exe
  C:\Windows\System\IIQcKeF.exe
  2⤵
  PID:8272
- C:\Windows\System\SBcKJpD.exe
  C:\Windows\System\SBcKJpD.exe
  2⤵
  PID:7524
- C:\Windows\System\HJGlFNY.exe
  C:\Windows\System\HJGlFNY.exe
  2⤵
  PID:9060
- C:\Windows\System\tvweBJP.exe
  C:\Windows\System\tvweBJP.exe
  2⤵
  PID:7780
- C:\Windows\System\GnWgfML.exe
  C:\Windows\System\GnWgfML.exe
  2⤵
  PID:7016
- C:\Windows\System\SRXVRYV.exe
  C:\Windows\System\SRXVRYV.exe
  2⤵
  PID:8248
- C:\Windows\System\cBmhCfW.exe
  C:\Windows\System\cBmhCfW.exe
  2⤵
  PID:5840
- C:\Windows\System\UbEOuLb.exe
  C:\Windows\System\UbEOuLb.exe
  2⤵
  PID:7436
- C:\Windows\System\DsjhHGI.exe
  C:\Windows\System\DsjhHGI.exe
  2⤵
  PID:8668
- C:\Windows\System\brwWpGV.exe
  C:\Windows\System\brwWpGV.exe
  2⤵
  PID:8724
- C:\Windows\System\zjwyVDw.exe
  C:\Windows\System\zjwyVDw.exe
  2⤵
  PID:2340
- C:\Windows\System\vRvPfuK.exe
  C:\Windows\System\vRvPfuK.exe
  2⤵
  PID:3636
- C:\Windows\System\TFNFhAs.exe
  C:\Windows\System\TFNFhAs.exe
  2⤵
  PID:8060
- C:\Windows\System\weUEYLB.exe
  C:\Windows\System\weUEYLB.exe
  2⤵
  PID:8868
- C:\Windows\System\sFRgemu.exe
  C:\Windows\System\sFRgemu.exe
  2⤵
  PID:1684
- C:\Windows\System\zWvLELt.exe
  C:\Windows\System\zWvLELt.exe
  2⤵
  PID:1920
- C:\Windows\System\YNdUZzX.exe
  C:\Windows\System\YNdUZzX.exe
  2⤵
  PID:7464
- C:\Windows\System\yiFeIQF.exe
  C:\Windows\System\yiFeIQF.exe
  2⤵
  PID:8712
- C:\Windows\System\dDOBCPJ.exe
  C:\Windows\System\dDOBCPJ.exe
  2⤵
  PID:7724
- C:\Windows\System\ZXNRzRp.exe
  C:\Windows\System\ZXNRzRp.exe
  2⤵
  PID:9116
- C:\Windows\System\ILQkvzO.exe
  C:\Windows\System\ILQkvzO.exe
  2⤵
  PID:4424
- C:\Windows\System\aWjdEYD.exe
  C:\Windows\System\aWjdEYD.exe
  2⤵
  PID:9076
- C:\Windows\System\CzBlVsV.exe
  C:\Windows\System\CzBlVsV.exe
  2⤵
  PID:7936
- C:\Windows\System\MwESuMe.exe
  C:\Windows\System\MwESuMe.exe
  2⤵
  PID:9180
- C:\Windows\System\WQpyaHZ.exe
  C:\Windows\System\WQpyaHZ.exe
  2⤵
  PID:8784
- C:\Windows\System\qmMfMXq.exe
  C:\Windows\System\qmMfMXq.exe
  2⤵
  PID:8844
- C:\Windows\System\xaLfDXr.exe
  C:\Windows\System\xaLfDXr.exe
  2⤵
  PID:7332
- C:\Windows\System\nfjcypI.exe
  C:\Windows\System\nfjcypI.exe
  2⤵
  PID:8816
- C:\Windows\System\XVwOQZL.exe
  C:\Windows\System\XVwOQZL.exe
  2⤵
  PID:9008
- C:\Windows\System\skcJRSD.exe
  C:\Windows\System\skcJRSD.exe
  2⤵
  PID:9032
- C:\Windows\System\EtlESVE.exe
  C:\Windows\System\EtlESVE.exe
  2⤵
  PID:8924
- C:\Windows\System\SWzvYjj.exe
  C:\Windows\System\SWzvYjj.exe
  2⤵
  PID:4704
- C:\Windows\System\dtWsPcW.exe
  C:\Windows\System\dtWsPcW.exe
  2⤵
  PID:7916
- C:\Windows\System\fiOLJaW.exe
  C:\Windows\System\fiOLJaW.exe
  2⤵
  PID:9220
- C:\Windows\System\nxKmABq.exe
  C:\Windows\System\nxKmABq.exe
  2⤵
  PID:8416
- C:\Windows\System\ehKVvkH.exe
  C:\Windows\System\ehKVvkH.exe
  2⤵
  PID:3436
- C:\Windows\System\rmCmRZu.exe
  C:\Windows\System\rmCmRZu.exe
  2⤵
  PID:9360
- C:\Windows\System\CkIkAQD.exe
  C:\Windows\System\CkIkAQD.exe
  2⤵
  PID:9380
- C:\Windows\System\rDcSYuF.exe
  C:\Windows\System\rDcSYuF.exe
  2⤵
  PID:9436
- C:\Windows\System\foIkjSA.exe
  C:\Windows\System\foIkjSA.exe
  2⤵
  PID:8836
- C:\Windows\System\gMysqzn.exe
  C:\Windows\System\gMysqzn.exe
  2⤵
  PID:7652
- C:\Windows\System\nRyJpAp.exe
  C:\Windows\System\nRyJpAp.exe
  2⤵
  PID:9444
- C:\Windows\System\CaDlLMJ.exe
  C:\Windows\System\CaDlLMJ.exe
  2⤵
  PID:9916
- C:\Windows\System\WJqOCDv.exe
  C:\Windows\System\WJqOCDv.exe
  2⤵
  PID:10088
- C:\Windows\System\WjRvNFc.exe
  C:\Windows\System\WjRvNFc.exe
  2⤵
  PID:10232
- C:\Windows\System\IGrHIHX.exe
  C:\Windows\System\IGrHIHX.exe
  2⤵
  PID:9252
- C:\Windows\System\aqqJGmS.exe
  C:\Windows\System\aqqJGmS.exe
  2⤵
  PID:9440
- C:\Windows\System\SFnPoso.exe
  C:\Windows\System\SFnPoso.exe
  2⤵
  PID:9660
- C:\Windows\System\sQfTZHs.exe
  C:\Windows\System\sQfTZHs.exe
  2⤵
  PID:10036
- C:\Windows\System\QFrIZwJ.exe
  C:\Windows\System\QFrIZwJ.exe
  2⤵
  PID:10120
- C:\Windows\System\PwZtcEY.exe
  C:\Windows\System\PwZtcEY.exe
  2⤵
  PID:9840
- C:\Windows\System\CPyyITV.exe
  C:\Windows\System\CPyyITV.exe
  2⤵
  PID:9896
- C:\Windows\System\QAUxgMR.exe
  C:\Windows\System\QAUxgMR.exe
  2⤵
  PID:3488
- C:\Windows\System\OaFUUwU.exe
  C:\Windows\System\OaFUUwU.exe
  2⤵
  PID:9608
- C:\Windows\System\CKTyIXU.exe
  C:\Windows\System\CKTyIXU.exe
  2⤵
  PID:10188
- C:\Windows\System\EZUKfPR.exe
  C:\Windows\System\EZUKfPR.exe
  2⤵
  PID:9328
- C:\Windows\System\DaqNQaZ.exe
  C:\Windows\System\DaqNQaZ.exe
  2⤵
  PID:9648
- C:\Windows\System\bGWFXAw.exe
  C:\Windows\System\bGWFXAw.exe
  2⤵
  PID:8612
- C:\Windows\System\ezKlAGC.exe
  C:\Windows\System\ezKlAGC.exe
  2⤵
  PID:9800
- C:\Windows\System\sdBdzps.exe
  C:\Windows\System\sdBdzps.exe
  2⤵
  PID:9952
- C:\Windows\System\LzmzGyX.exe
  C:\Windows\System\LzmzGyX.exe
  2⤵
  PID:9340
- C:\Windows\System\uUceiZj.exe
  C:\Windows\System\uUceiZj.exe
  2⤵
  PID:10060
- C:\Windows\System\otHbPca.exe
  C:\Windows\System\otHbPca.exe
  2⤵
  PID:10076
- C:\Windows\System\olcUrMs.exe
  C:\Windows\System\olcUrMs.exe
  2⤵
  PID:10132
- C:\Windows\System\eQuThVQ.exe
  C:\Windows\System\eQuThVQ.exe
  2⤵
  PID:10248
- C:\Windows\System\DOCGJDi.exe
  C:\Windows\System\DOCGJDi.exe
  2⤵
  PID:10272
- C:\Windows\System\rqDWlln.exe
  C:\Windows\System\rqDWlln.exe
  2⤵
  PID:9836
- C:\Windows\System\rKVpItx.exe
  C:\Windows\System\rKVpItx.exe
  2⤵
  PID:10372
- C:\Windows\System\rwamtee.exe
  C:\Windows\System\rwamtee.exe
  2⤵
  PID:9324
- C:\Windows\System\GFORynR.exe
  C:\Windows\System\GFORynR.exe
  2⤵
  PID:10460
- C:\Windows\System\jQDXaWX.exe
  C:\Windows\System\jQDXaWX.exe
  2⤵
  PID:10152
- C:\Windows\System\mZsyNkw.exe
  C:\Windows\System\mZsyNkw.exe
  2⤵
  PID:10628
- C:\Windows\System\HrMluYw.exe
  C:\Windows\System\HrMluYw.exe
  2⤵
  PID:9584
- C:\Windows\System\bZmzVaz.exe
  C:\Windows\System\bZmzVaz.exe
  2⤵
  PID:10308
- C:\Windows\System\HFyddas.exe
  C:\Windows\System\HFyddas.exe
  2⤵
  PID:10576
- C:\Windows\System\SgGxhTh.exe
  C:\Windows\System\SgGxhTh.exe
  2⤵
  PID:10624
- C:\Windows\System\bzHkDYx.exe
  C:\Windows\System\bzHkDYx.exe
  2⤵
  PID:10916
- C:\Windows\System\FmyFJUh.exe
  C:\Windows\System\FmyFJUh.exe
  2⤵
  PID:10940
- C:\Windows\System\JNeDLbH.exe
  C:\Windows\System\JNeDLbH.exe
  2⤵
  PID:10968
- C:\Windows\System\BypLEKN.exe
  C:\Windows\System\BypLEKN.exe
  2⤵
  PID:10768
- C:\Windows\System\akyfLsY.exe
  C:\Windows\System\akyfLsY.exe
  2⤵
  PID:10824
- C:\Windows\System\pdYwicq.exe
  C:\Windows\System\pdYwicq.exe
  2⤵
  PID:10880
- C:\Windows\System\RwMMZkH.exe
  C:\Windows\System\RwMMZkH.exe
  2⤵
  PID:10680
- C:\Windows\System\XaQYesJ.exe
  C:\Windows\System\XaQYesJ.exe
  2⤵
  PID:11172
- C:\Windows\System\sPlAUqq.exe
  C:\Windows\System\sPlAUqq.exe
  2⤵
  PID:10540
- C:\Windows\System\HtPveIH.exe
  C:\Windows\System\HtPveIH.exe
  2⤵
  PID:11252
- C:\Windows\System\OSYcxur.exe
  C:\Windows\System\OSYcxur.exe
  2⤵
  PID:11116
- C:\Windows\System\bHMQtKt.exe
  C:\Windows\System\bHMQtKt.exe
  2⤵
  PID:10416
- C:\Windows\System\DOOFBfv.exe
  C:\Windows\System\DOOFBfv.exe
  2⤵
  PID:10568
- C:\Windows\System\SYKhCPq.exe
  C:\Windows\System\SYKhCPq.exe
  2⤵
  PID:10580
- C:\Windows\System\qxZjyJX.exe
  C:\Windows\System\qxZjyJX.exe
  2⤵
  PID:10708
- C:\Windows\System\VnzNaWw.exe
  C:\Windows\System\VnzNaWw.exe
  2⤵
  PID:11108
- C:\Windows\System\mVLPZdq.exe
  C:\Windows\System\mVLPZdq.exe
  2⤵
  PID:10912
- C:\Windows\System\RCPrZSG.exe
  C:\Windows\System\RCPrZSG.exe
  2⤵
  PID:10584
- C:\Windows\System\QEPAkxS.exe
  C:\Windows\System\QEPAkxS.exe
  2⤵
  PID:10692
- C:\Windows\System\iEbFxsB.exe
  C:\Windows\System\iEbFxsB.exe
  2⤵
  PID:3132
- C:\Windows\System\WFovwUp.exe
  C:\Windows\System\WFovwUp.exe
  2⤵
  PID:11040
- C:\Windows\System\LwEeQbc.exe
  C:\Windows\System\LwEeQbc.exe
  2⤵
  PID:5212
- C:\Windows\System\GoxgWDQ.exe
  C:\Windows\System\GoxgWDQ.exe
  2⤵
  PID:10492
- C:\Windows\System\rwetrQl.exe
  C:\Windows\System\rwetrQl.exe
  2⤵
  PID:9520
- C:\Windows\System\SGtbOCi.exe
  C:\Windows\System\SGtbOCi.exe
  2⤵
  PID:10864
- C:\Windows\System\IXHgNFF.exe
  C:\Windows\System\IXHgNFF.exe
  2⤵
  PID:14364
- C:\Windows\System\igrAnNq.exe
  C:\Windows\System\igrAnNq.exe
  2⤵
  PID:14380
- C:\Windows\System\qFlIbMF.exe
  C:\Windows\System\qFlIbMF.exe
  2⤵
  PID:14396
- C:\Windows\System\VdcUSvq.exe
  C:\Windows\System\VdcUSvq.exe
  2⤵
  PID:14432
- C:\Windows\System\yInMeLK.exe
  C:\Windows\System\yInMeLK.exe
  2⤵
  PID:14464
- C:\Windows\System\sfAbUeG.exe
  C:\Windows\System\sfAbUeG.exe
  2⤵
  PID:14492
- C:\Windows\System\Wdobbmv.exe
  C:\Windows\System\Wdobbmv.exe
  2⤵
  PID:14520
- C:\Windows\System\PUYeodf.exe
  C:\Windows\System\PUYeodf.exe
  2⤵
  PID:14548
- C:\Windows\System\hKRQdph.exe
  C:\Windows\System\hKRQdph.exe
  2⤵
  PID:14576
- C:\Windows\System\JwFauzL.exe
  C:\Windows\System\JwFauzL.exe
  2⤵
  PID:14604
- C:\Windows\System\AautWQc.exe
  C:\Windows\System\AautWQc.exe
  2⤵
  PID:14632
- C:\Windows\System\eKKBegp.exe
  C:\Windows\System\eKKBegp.exe
  2⤵
  PID:14672
- C:\Windows\System\wKwtSiI.exe
  C:\Windows\System\wKwtSiI.exe
  2⤵
  PID:14688
- C:\Windows\System\edzIiCs.exe
  C:\Windows\System\edzIiCs.exe
  2⤵
  PID:14716
- C:\Windows\System\DKsAZpZ.exe
  C:\Windows\System\DKsAZpZ.exe
  2⤵
  PID:14744
- C:\Windows\System\BqKfoDn.exe
  C:\Windows\System\BqKfoDn.exe
  2⤵
  PID:14772
- C:\Windows\System\OIpwfLS.exe
  C:\Windows\System\OIpwfLS.exe
  2⤵
  PID:14800
- C:\Windows\System\wwgeoGt.exe
  C:\Windows\System\wwgeoGt.exe
  2⤵
  PID:14828
- C:\Windows\System\HqRcJsz.exe
  C:\Windows\System\HqRcJsz.exe
  2⤵
  PID:14856
- C:\Windows\System\GYsNqjS.exe
  C:\Windows\System\GYsNqjS.exe
  2⤵
  PID:14888
- C:\Windows\System\PHdBRZI.exe
  C:\Windows\System\PHdBRZI.exe
  2⤵
  PID:14916
- C:\Windows\System\hiYJYuD.exe
  C:\Windows\System\hiYJYuD.exe
  2⤵
  PID:14944
- C:\Windows\System\eZZQXKs.exe
  C:\Windows\System\eZZQXKs.exe
  2⤵
  PID:14972
- C:\Windows\System\hlihMZv.exe
  C:\Windows\System\hlihMZv.exe
  2⤵
  PID:15000
- C:\Windows\System\IAgGPrU.exe
  C:\Windows\System\IAgGPrU.exe
  2⤵
  PID:15028
- C:\Windows\System\AbwWsuT.exe
  C:\Windows\System\AbwWsuT.exe
  2⤵
  PID:15056
- C:\Windows\System\XhIJjBk.exe
  C:\Windows\System\XhIJjBk.exe
  2⤵
  PID:15084
- C:\Windows\System\ngKbbTV.exe
  C:\Windows\System\ngKbbTV.exe
  2⤵
  PID:15112
- C:\Windows\System\uJRoWHI.exe
  C:\Windows\System\uJRoWHI.exe
  2⤵
  PID:15140
- C:\Windows\System\QlCpcEO.exe
  C:\Windows\System\QlCpcEO.exe
  2⤵
  PID:15168
- C:\Windows\System\eArStvr.exe
  C:\Windows\System\eArStvr.exe
  2⤵
  PID:15196
- C:\Windows\System\gEiyClt.exe
  C:\Windows\System\gEiyClt.exe
  2⤵
  PID:15224
- C:\Windows\System\wSNGyMG.exe
  C:\Windows\System\wSNGyMG.exe
  2⤵
  PID:15252
- C:\Windows\System\WnMJbuU.exe
  C:\Windows\System\WnMJbuU.exe
  2⤵
  PID:15280
- C:\Windows\System\XCdVvSO.exe
  C:\Windows\System\XCdVvSO.exe
  2⤵
  PID:15308
- C:\Windows\System\MaFUcbU.exe
  C:\Windows\System\MaFUcbU.exe
  2⤵
  PID:15336
- C:\Windows\System\QwIfklO.exe
  C:\Windows\System\QwIfklO.exe
  2⤵
  PID:14340
- C:\Windows\System\mYTSzjF.exe
  C:\Windows\System\mYTSzjF.exe
  2⤵
  PID:14356
- C:\Windows\System\ReHDZAC.exe
  C:\Windows\System\ReHDZAC.exe
  2⤵
  PID:14376
- C:\Windows\System\JPXVXyV.exe
  C:\Windows\System\JPXVXyV.exe
  2⤵
  PID:14412
- C:\Windows\System\XBjWrRC.exe
  C:\Windows\System\XBjWrRC.exe
  2⤵
  PID:10748
- C:\Windows\System\IWvkGSM.exe
  C:\Windows\System\IWvkGSM.exe
  2⤵
  PID:9528
- C:\Windows\System\HBkOGGX.exe
  C:\Windows\System\HBkOGGX.exe
  2⤵
  PID:11320
- C:\Windows\System\SfqvLdC.exe
  C:\Windows\System\SfqvLdC.exe
  2⤵
  PID:14512
- C:\Windows\System\PhLVUKc.exe
  C:\Windows\System\PhLVUKc.exe
  2⤵
  PID:11404
- C:\Windows\System\sZesieG.exe
  C:\Windows\System\sZesieG.exe
  2⤵
  PID:14588
- C:\Windows\System\oGrdiYu.exe
  C:\Windows\System\oGrdiYu.exe
  2⤵
  PID:14644
- C:\Windows\System\rVFJTKB.exe
  C:\Windows\System\rVFJTKB.exe
  2⤵
  PID:11548
- C:\Windows\System\lePEVyG.exe
  C:\Windows\System\lePEVyG.exe
  2⤵
  PID:11640
- C:\Windows\System\ZpjybVS.exe
  C:\Windows\System\ZpjybVS.exe
  2⤵
  PID:14712
- C:\Windows\System\sXFdiWf.exe
  C:\Windows\System\sXFdiWf.exe
  2⤵
  PID:10980
- C:\Windows\System\dpTQoTb.exe
  C:\Windows\System\dpTQoTb.exe
  2⤵
  PID:14796
- C:\Windows\System\UNbMTOB.exe
  C:\Windows\System\UNbMTOB.exe
  2⤵
  PID:14852
- C:\Windows\System\qsBNmbX.exe
  C:\Windows\System\qsBNmbX.exe
  2⤵
  PID:14928
- C:\Windows\System\kKDXmlp.exe
  C:\Windows\System\kKDXmlp.exe
  2⤵
  PID:11804
- C:\Windows\System\CUegeyE.exe
  C:\Windows\System\CUegeyE.exe
  2⤵
  PID:15040
- C:\Windows\System\DyPyUxV.exe
  C:\Windows\System\DyPyUxV.exe
  2⤵
  PID:15052
- C:\Windows\System\oqpiiRL.exe
  C:\Windows\System\oqpiiRL.exe
  2⤵
  PID:15108
- C:\Windows\System\rqnseWa.exe
  C:\Windows\System\rqnseWa.exe
  2⤵
  PID:11944
- C:\Windows\System\AfcTfFL.exe
  C:\Windows\System\AfcTfFL.exe
  2⤵
  PID:15188
- C:\Windows\System\QsVOYLc.exe
  C:\Windows\System\QsVOYLc.exe
  2⤵
  PID:15236
- C:\Windows\System\nKOAjhV.exe
  C:\Windows\System\nKOAjhV.exe
  2⤵
  PID:12068
- C:\Windows\System\BheFlsb.exe
  C:\Windows\System\BheFlsb.exe
  2⤵
  PID:15304
- C:\Windows\System\xwmUOqD.exe
  C:\Windows\System\xwmUOqD.exe
  2⤵
  PID:15348
- C:\Windows\System\dqtoLhz.exe
  C:\Windows\System\dqtoLhz.exe
  2⤵
  PID:12168
- C:\Windows\System\gGgNVEE.exe
  C:\Windows\System\gGgNVEE.exe
  2⤵
  PID:11124
- C:\Windows\System\lZrzWdX.exe
  C:\Windows\System\lZrzWdX.exe
  2⤵
  PID:12232
- C:\Windows\System\YeCWtPO.exe
  C:\Windows\System\YeCWtPO.exe
  2⤵
  PID:8428
- C:\Windows\System\kHiEJgK.exe
  C:\Windows\System\kHiEJgK.exe
  2⤵
  PID:14488
- C:\Windows\System\KwwrSWU.exe
  C:\Windows\System\KwwrSWU.exe
  2⤵
  PID:11376
- C:\Windows\System\wxERXxh.exe
  C:\Windows\System\wxERXxh.exe
  2⤵
  PID:11468
- C:\Windows\System\KbNofVY.exe
  C:\Windows\System\KbNofVY.exe
  2⤵
  PID:11528
- C:\Windows\System\mkeQgJF.exe
  C:\Windows\System\mkeQgJF.exe
  2⤵
  PID:11636
- C:\Windows\System\eStLkij.exe
  C:\Windows\System\eStLkij.exe
  2⤵
  PID:14740
- C:\Windows\System\dGUkgvm.exe
  C:\Windows\System\dGUkgvm.exe
  2⤵
  PID:14840
- C:\Windows\System\MfpAdNh.exe
  C:\Windows\System\MfpAdNh.exe
  2⤵
  PID:14908
- C:\Windows\System\yqOKhEv.exe
  C:\Windows\System\yqOKhEv.exe
  2⤵
  PID:14996
- C:\Windows\System\NRkdkEW.exe
  C:\Windows\System\NRkdkEW.exe
  2⤵
  PID:15068
- C:\Windows\System\iYcJjXD.exe
  C:\Windows\System\iYcJjXD.exe
  2⤵
  PID:15136
- C:\Windows\System\GHBlSBQ.exe
  C:\Windows\System\GHBlSBQ.exe
  2⤵
  PID:11984
- C:\Windows\System\LLUmooj.exe
  C:\Windows\System\LLUmooj.exe
  2⤵
  PID:12180
- C:\Windows\System\ZfsQYvV.exe
  C:\Windows\System\ZfsQYvV.exe
  2⤵
  PID:11272
- C:\Windows\System\wcVIxLK.exe
  C:\Windows\System\wcVIxLK.exe
  2⤵
  PID:11472
- C:\Windows\System\RYRpLyo.exe
  C:\Windows\System\RYRpLyo.exe
  2⤵
  PID:11620
- C:\Windows\System\xgFvjlE.exe
  C:\Windows\System\xgFvjlE.exe
  2⤵
  PID:14428
- C:\Windows\System\njDwsVu.exe
  C:\Windows\System\njDwsVu.exe
  2⤵
  PID:12284
- C:\Windows\System\JkfNbhT.exe
  C:\Windows\System\JkfNbhT.exe
  2⤵
  PID:12128
- C:\Windows\System\jQWZXBY.exe
  C:\Windows\System\jQWZXBY.exe
  2⤵
  PID:11436
- C:\Windows\System\cdgcgCi.exe
  C:\Windows\System\cdgcgCi.exe
  2⤵
  PID:11588
- C:\Windows\System\ZfsoEAm.exe
  C:\Windows\System\ZfsoEAm.exe
  2⤵
  PID:11680
- C:\Windows\System\rXGfHMX.exe
  C:\Windows\System\rXGfHMX.exe
  2⤵
  PID:11456
- C:\Windows\System\vDzXndh.exe
  C:\Windows\System\vDzXndh.exe
  2⤵
  PID:11812
- C:\Windows\System\ADwOkgF.exe
  C:\Windows\System\ADwOkgF.exe
  2⤵
  PID:12332
- C:\Windows\System\aIDQGrT.exe
  C:\Windows\System\aIDQGrT.exe
  2⤵
  PID:15104
- C:\Windows\System\PjSSzai.exe
  C:\Windows\System\PjSSzai.exe
  2⤵
  PID:11964
- C:\Windows\System\hbqODVF.exe
  C:\Windows\System\hbqODVF.exe
  2⤵
  PID:12184
- C:\Windows\System\zPuWrkI.exe
  C:\Windows\System\zPuWrkI.exe
  2⤵
  PID:12464
- C:\Windows\System\IhClLOU.exe
  C:\Windows\System\IhClLOU.exe
  2⤵
  PID:11612
- C:\Windows\System\oFOkJtM.exe
  C:\Windows\System\oFOkJtM.exe
  2⤵
  PID:12548
- C:\Windows\System\sHXYJcS.exe
  C:\Windows\System\sHXYJcS.exe
  2⤵
  PID:12612
- C:\Windows\System\uhKkqiP.exe
  C:\Windows\System\uhKkqiP.exe
  2⤵
  PID:12636
- C:\Windows\System\NifWyPL.exe
  C:\Windows\System\NifWyPL.exe
  2⤵
  PID:968
- C:\Windows\System\UiVJXxH.exe
  C:\Windows\System\UiVJXxH.exe
  2⤵
  PID:12060
- C:\Windows\System\CUOSxcU.exe
  C:\Windows\System\CUOSxcU.exe
  2⤵
  PID:11772
- C:\Windows\System\oLMpjef.exe
  C:\Windows\System\oLMpjef.exe
  2⤵
  PID:9176
- C:\Windows\System\HPqfzYU.exe
  C:\Windows\System\HPqfzYU.exe
  2⤵
  PID:11836
- C:\Windows\System\ksHwZia.exe
  C:\Windows\System\ksHwZia.exe
  2⤵
  PID:12860
- C:\Windows\System\KKnLFgK.exe
  C:\Windows\System\KKnLFgK.exe
  2⤵
  PID:12924
- C:\Windows\System\GGnJpiV.exe
  C:\Windows\System\GGnJpiV.exe
  2⤵
  PID:12944
- C:\Windows\System\ofddcjw.exe
  C:\Windows\System\ofddcjw.exe
  2⤵
  PID:14460
- C:\Windows\System\NLffniR.exe
  C:\Windows\System\NLffniR.exe
  2⤵
  PID:11596
- C:\Windows\System\qgnYZXm.exe
  C:\Windows\System\qgnYZXm.exe
  2⤵
  PID:1148
- C:\Windows\System\onsXAty.exe
  C:\Windows\System\onsXAty.exe
  2⤵
  PID:13120
- C:\Windows\System\LchvUzc.exe
  C:\Windows\System\LchvUzc.exe
  2⤵
  PID:13140
- C:\Windows\System\bQIJJTK.exe
  C:\Windows\System\bQIJJTK.exe
  2⤵
  PID:12896
- C:\Windows\System\HZtSOYi.exe
  C:\Windows\System\HZtSOYi.exe
  2⤵
  PID:14360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\EeoZVZi.exe

Filesize
6.0MB

MD5
5520e705bf2d2c1c96eb1da6a4f81ae3

SHA1
e230d2e4791f8276b05e883624d77fba65e90e21

SHA256
e61cdf66767855e47219a3a2dbbdf3d2f8d47f2f4fc72dc8ea9aa4402f0eda60

SHA512
9889935eb2e004384c86baaa38dc7f0cb17ae70276363ca484c2cc7e528487b8fb18b6a55fa9a25258f180a834592af3f965146c4e266c50e3ebdde5aa566b00

Download Submit
C:\Windows\System\FPYKFao.exe

Filesize
6.0MB

MD5
b57ff1b1fb5e2d8a6cb0728c716fdfa2

SHA1
f9b4ca91b07dc7b04547e543e52ad2ebf1859b39

SHA256
b7f711c523b677fd4eb5eff71e14b3d4ceeb64d6802da29ce5a7cf8a8efd8d97

SHA512
bc8cefe1c35e160040e257bd20804517fb69dbfade02385c4e1be52457722f2d477720da4361f73256da69b242d3b164648420d3dd7ec1730f54a58f6d849bb9

Download Submit
C:\Windows\System\KcQDdeY.exe

Filesize
6.0MB

MD5
4e8fe8a12bfdf368ae36d548cec631e6

SHA1
3ba53768f4e35b22819dbc2e4e1b6a4c7b26c563

SHA256
daf50f8acb82a42cd4c942f40faaf3d7d2ea3ea7b5e282b888a123be76542d92

SHA512
15b1edc21a68025ab743e804bdc696ebc842632a7a92730b2428e81acc497374beea9ffca58827c3f3589dc471f662ddb565341289297c00632782e44da1f072

Download Submit
C:\Windows\System\MxzKvxa.exe

Filesize
6.0MB

MD5
e2bdba5be72de0c10962eac8e31dc4d5

SHA1
08b57286bd3f28110a6899349b21211b80b24d63

SHA256
8277dd919f76b69cc65b66dab8c873458398a0c327a8ae65e17d45bb19715130

SHA512
46150412b2388502ec38aea9ec2d8ffbc3e4ab44025e3f64bcc2e7706a052c98faa734d4d0b3d7741a4f485070fc3a21c2161cf026f47824e81b559b66b06056

Download Submit
C:\Windows\System\PmhSPrk.exe

Filesize
6.0MB

MD5
77a200439f0f617a7bd9f3c97e240f8c

SHA1
46bab2414ce82a4d9999d3c78113ae2d81b6e9cf

SHA256
9699c45f70dbe40d7a109374a3f82efa343c2eda5d30ad534de97958d4cc7349

SHA512
5b456b4c74370528c74a2504f25cef86b749e9babfb80e059dc14e0b49dd142d54d2d263bef2770483031130cdb6c216567a8e73e17b8e6646c8f3fb988c1392

Download Submit
C:\Windows\System\TJOmEfu.exe

Filesize
6.0MB

MD5
ec821d289ac88842c952a38bbeca437f

SHA1
fabc0f682d518df049137c5a76e98daf64f80063

SHA256
c39d6a89ba45bd8b8b873634ae01f91fd3619eb9b6334b65b4b35374462c75cc

SHA512
fa0400ce61e960fb9c9eeeec98465a1d619d4ee127c281c5d375eb595704ac933fc12834a3487d7cc6a2e3e0469d1c9a446afe302ff335a8bc698393cdb0f73e

Download Submit
C:\Windows\System\TaQOsqZ.exe

Filesize
6.0MB

MD5
b449fc35115d48316de8b84e3d4c105e

SHA1
0eed26cde2fa2e492d18316aa79b82f3633f657f

SHA256
02b6c722876e46129308265830123524663f267ff0aee3de7a48a87427ba15ec

SHA512
e5a8e23397bece117044143abebb91499c117cfe4c9b340cd50608cc1acc0bbce718f265eb05ba49529f82466d9ba2a8a949a537074a50322e79b412118f2339

Download Submit
C:\Windows\System\UYXveae.exe

Filesize
6.0MB

MD5
4b202e92f151197cba25a2d8c60553f3

SHA1
c2959ec26da0ed3dd44a641dc175e40e2ce4a47c

SHA256
bc385fa6f785b760d3d9ae0cce8c62889fe0210183e4406fa20f7187868a900a

SHA512
e52d02dadb4e709aa022f89babd2710931680cacc007cd1901e4fcfe67587e1847f225a78a2868f55fd1aa26af704bf85233ce7369d943f7b7e13941ef17d6c3

Download Submit
C:\Windows\System\UvAWdZK.exe

Filesize
6.0MB

MD5
fbb80a756084f281c4ac6b99e510479e

SHA1
4c65b8467fed70376b159735f93f93c670f36c4f

SHA256
2e039dfbe9235a61fc4b4438de67f0fb8ec75f5543db506c0833831867dd3c00

SHA512
83549bb2d022403d5eea2f7d2182af7c32e4dd446b09c88da59fb766485b80b2eb6026d9852c5edbd730bc1885d1a2aea65838b34ff3f8317898be5a86e418b9

Download Submit
C:\Windows\System\WANYpKi.exe

Filesize
6.0MB

MD5
9a47d8f4418a34fa59e30221ce9cf21f

SHA1
3285837e4e5d341805e5496c3a0cf2e1c7a462f5

SHA256
9d26841a53c9379a2ffc56ff0b50f986246740d1831184ba8d1ecff43838b381

SHA512
594bf2471d4f53dfe81f6f49970eaf3d51b4c5ee123d93dc45861bf87c26e500d4f3245d100cc9fe9c343a656a998c75ceca7ff383fc321b38303c531c68fc98

Download Submit
C:\Windows\System\WvxSZgA.exe

Filesize
6.0MB

MD5
db36e30bd51dc16f8b44e11dc8e6df66

SHA1
7815de6c6320dc61e7a82c12c49e302bebd9e854

SHA256
c98882ba597a7c5ea99e5fa5f9b864de117c8b8960b42f8b9f29994284eb9282

SHA512
266148eb3c689b5b18cd6cf3e93ccc73dd0ab79e04001a956d9f349106aabf36b55c2473277e996e2819c324fd521c824f24f69cf04281df84d789bf905a265d

Download Submit
C:\Windows\System\XxvRoNE.exe

Filesize
6.0MB

MD5
aa43f9dc61d6150f139f519d87e62bf3

SHA1
019693b11ecc602ec60362d9b474d2bbf60ea112

SHA256
be2817380fa414bacf90d50e42294665e5b2eed04fdf7992acce36e1c0632919

SHA512
0cb1702cc5ea67eaf6489fc04548bb0068b2d654bd3e013c29701527b4eddaf21edac5f0f8811a83cdf6a4ddb56443f6187f3a4449df61bea5088be4ff828829

Download Submit
C:\Windows\System\YnCcgHw.exe

Filesize
6.0MB

MD5
61aefcf56391cade313971e4e835d559

SHA1
ad45e537d10a72127e5d12133cd93c942f99d588

SHA256
db9804c1d46561812eae9b40f7e90716b3ce3b00a3ce4793fed9ef885fd4ae78

SHA512
2d014a2079c26c03282e7ec6a36ce01a25365455647a0a576df8491148633272585872caa2c5b8e5935b18d1bd6e2e650858335817d7c28fccb0b5535012cf9e

Download Submit
C:\Windows\System\ZFpamoW.exe

Filesize
6.0MB

MD5
7a94f5f767fd587443639adb3cd1725a

SHA1
d93d3dcc8a8c396b4e3c317b123a544a5063adeb

SHA256
bc0d5cac8eadc2ffc1deed8ea8b9e1f325078a24d2815e2600e5e760c14f4618

SHA512
44714a33165c910ee93d31bcf1e5437ef9b529042d25523ec7ecc5835a5d5792bcd5511c8f5106f4a653092daeb77594e694136c809cd350c3dacda335434039

Download Submit
C:\Windows\System\ZQcdNIo.exe

Filesize
6.0MB

MD5
a7f11f3f5cf043baa3df83069e721be0

SHA1
d454d20b26a6f46fc1dfd2312244ab2a8700e944

SHA256
40ec183ee40cad939f995005fff522f7d8e1855d5423bf62ea41b867a2dfad2b

SHA512
188633230aef2ccd6f1cb8a7d9a6a9edc6be6b291998bbe98be199921f4a115f5d83a92ab7830a696c3fcb1bbcfa7fd2eae4e06eb1ffabc3f9a1dd51acbb42dd

Download Submit
C:\Windows\System\ZpHnbyy.exe

Filesize
6.0MB

MD5
c7d03aeaa685bb1a4448c42823f16d1c

SHA1
7b0f1ae9708244c287562327310fcf46efca8159

SHA256
9937aa9587f56c964a30b12c650287257b2ea713abc7ce3ed59003f51859dcfe

SHA512
1f3bd70d3c43e88028ea344327acab182d166f7b579bb71cfa18a6f7d0341b3eb5bf8413eaf73341e696dc02722c89f9361a42853752cbf8b9faddadda568a66

Download Submit
C:\Windows\System\aOawaGY.exe

Filesize
6.0MB

MD5
43b82fb777b2b422cc4c00ce99c0e34b

SHA1
235f724b005397b404a6999722d1d7de71302ebe

SHA256
537cd94e5d43a0f5c30f7dbc5d17e24db99f0178b8cab012e7eff2710a4f6306

SHA512
cfd880e741655d5e2a610d10ee303cddfc0e8bb386cddde795653f7f2eccffdc175fe986bfcc1ecaeaaff4b5875927fae18427fb78188d5ffcf254b1d14efecc

Download Submit
C:\Windows\System\agFZVNb.exe

Filesize
6.0MB

MD5
026f38152f55bba740b44344a5d37f64

SHA1
a31a65a1d225badb9497f265397e986088668217

SHA256
e17e1eac69935a4271e3eec7ac243f412cb38702886118729f2614b71097c397

SHA512
6afbae4000f46e1921ad9705739fd460e67fb55ac76d2a8b9623edc346d845a16b5c5d9258d084c66eff6885b7e86e9a518145ca34bb03395427b9ee68e72c63

Download Submit
C:\Windows\System\aiEBWRg.exe

Filesize
6.0MB

MD5
93483f6f55ac5b3618f765d60a9853e5

SHA1
77c6ab073bab360930988432a1eae345eb9c5993

SHA256
7143438a94654fc44e7074f940639371c8b821eb44b1a29661a849ae74613636

SHA512
a24eab6ac6264b6d49b162ec63919be229033e98687ace2f2a40a0e5ba5f42b1f0c5f0097f15fbf5b28236ec12ec21a87fe92ae1635b03bd675c74c468bfb332

Download Submit
C:\Windows\System\cdKChsT.exe

Filesize
6.0MB

MD5
434b6a06a823a474eacfefc01d634c00

SHA1
01730f6c854f62fc0a2513f43f7ac51688b0b7fb

SHA256
72b5c54a66544d77c295b085c676ee64877fff89cc9bf67cd495cb58476f32cb

SHA512
115d03c9fcdc15f42b74acf56f8a50b5b911d7f80ae717cb96fcf8ad6a027311639833996bd287262639bf85bc2be83aed6236c96676ca9c30a2bfd89df430bd

Download Submit
C:\Windows\System\ckcImRN.exe

Filesize
6.0MB

MD5
eeeefb9415c9c161975a8950b35cded8

SHA1
81c271da04efc372acb821084451e9add5c17116

SHA256
86d7338aeba62ce9efd363faf406ef041112145e3ac73bd20b1648aa9055cdf5

SHA512
71d08e44340d4034f2180f7fccc274471a733f9662595b0ecf7d363ecbbb851be6308a5a89c7b1660029847362110dfe4c0bce9d271f202e9b9ed54ff754560d

Download Submit
C:\Windows\System\dWXyfTS.exe

Filesize
6.0MB

MD5
e9f5de79dc4021332b1bc875aad97b11

SHA1
3ce8c0bb746d4c8bb90ea1c8e0f6aba1a55e88cd

SHA256
56ae3fb214256e6ba1a70f95b973575e8129d46db0cbc04e5d5dc318b6aac2fa

SHA512
27c71b72a1ea35224373bf71341ef4ae5b3f52a5a9899d2ac5c81dbe2bf12b93dfe69ea0b3c431981c6a959f71a8f3fb2a072231eaa6300f5982a66e24d86bad

Download Submit
C:\Windows\System\hmuDNUs.exe

Filesize
6.0MB

MD5
87ca3413d92ef102aa760a69d3d63535

SHA1
60e4c2043a46148e60ff0f21e9ef188aa906521f

SHA256
425638a6c81cbfb8d2ee61e9dea1f1e737891557c5b961a8576866b30728e686

SHA512
c1215a70259987286e95983e53be3a39434bafdd2b93caa70f8bdb34f40328cf70fd0f0cb2c1e1fbace85a684b7d2fa0501ae25c9087e0f40b9acc657087a08f

Download Submit
C:\Windows\System\iOZvLEW.exe

Filesize
6.0MB

MD5
91b742cafeca15b611a23dbbcb8ecb97

SHA1
14c4254e10c53fb6c2f6fe1b0950a18a8573d75c

SHA256
5a4ebf3377e9c3da8292efe4fe7e2c4dd202cd75584cad5de99857ed3c87c18c

SHA512
36eff1f8d28b0f56983cd06927c33555ab98ff7630cbf73bbb4eee6f50ea488a377adfbfcccb69f07cd22d61c7a7ce8e21c8c1352ec83ac0b320c6df9e3d952d

Download Submit
C:\Windows\System\juIoWlx.exe

Filesize
6.0MB

MD5
004ab31f00943a5a68aec07320ce7635

SHA1
96d5803cd9affe0dd4ce88a2990c0db380b8e8e4

SHA256
fc78ca5b0bdbc6066dd1a28d7cefdea9d1569e63e8629a5f9284843b8cab97d5

SHA512
c86372e22b06658d178221ccbf81d8ca0e30ecde315094a9aac6dd3fdff2fa861dfb9c0a6979d028b00c923df47a1268b9875d2682dd462efdad2dd65420b0d3

Download Submit
C:\Windows\System\kErlcIZ.exe

Filesize
6.0MB

MD5
dc70015ae46c9b35ffc2f519856c3d20

SHA1
26f0a1c4df4840af3116a9fa5a28a2db233a7c0f

SHA256
bcf228f898ec5892a98b6d9782158966226d0288f6a0022fbeb00e5af719cfc0

SHA512
f3ce71bdbc4397c35359585133c28e3ff0875412246cca71eccaf222edcf7b9f5d494b23b3cc04415ff8c90e1b766e4afdda445035aaac52510eb984f936f6e8

Download Submit
C:\Windows\System\mlvwchw.exe

Filesize
6.0MB

MD5
df93e1b906702f795f7fbda538a01b09

SHA1
95cc1dd9e24ec28b1cc53ce7af81ef0ac5cc96fb

SHA256
252d816fe19e9dea4f0d12ff335a396bcc2fc239fac494dd5ecb5a6d3efe084d

SHA512
7213fd2443200afcbc3ca2409924cfede2a0a4db21b70d0031a1ac747d5fdc41e3eeb9731e5758d4d42ee9406529e13f490424cb34f26072304f844b5d71c4ef

Download Submit
C:\Windows\System\nUZNvVI.exe

Filesize
6.0MB

MD5
543d63ecffb5d9e44e37419ddc978172

SHA1
eb31e2c0b50019b235d6d5a45edca65a246bfd3c

SHA256
c0e51af88d62ab830b7415c8e3c2a5ed8eacdf2e58e860045f26ea927a0b0b67

SHA512
35070331ca1876e1e8fd9845b1a6c0cdb4b2604d128615580ad3a0ed7bed8987c3a2ecee7e59bcc724020e8634d9ed1b38e5f7777657edcedb1d36deedacecee

Download Submit
C:\Windows\System\sDOOSoA.exe

Filesize
6.0MB

MD5
94b222a6c8a68bcfd70e4a7ff7f15459

SHA1
630176c216e0d30de73ea1064db40807de42d839

SHA256
8cef73d6ddc711fa5638c39e86567f2acb49ba65c1ec938395907ee088be9f02

SHA512
1afb0eddee744de5dc232ba2fbc3a9c64d62e79f0d03081ef26950d2676f37ec47229f30e285733405336973d0a3342a55963fd5548b77105089de0ef92539a1

Download Submit
C:\Windows\System\ssgqFCU.exe

Filesize
6.0MB

MD5
842560c402ef11a360f2082703c0b8ad

SHA1
505b5e76f5cf663b78f6d7cf61c7ca881a2c6b98

SHA256
1f3945009450d841d36b21b75a980268fb2dd280d7660f1c3cd01e7a908a8fd6

SHA512
84fab544e7c56af13382be0a3ea93f8d9afcd92cd954f537ba7406a93031929533f13b77e959d15e65752fc0dbd78b99e10725bf6ba605c6304ed9b5f6ce4c91

Download Submit
C:\Windows\System\uTbkivg.exe

Filesize
6.0MB

MD5
8156864e21ce67f5032f2eb860961290

SHA1
37f2f3c1bba2126b3fac9a873348077b67604592

SHA256
c1290a5cc09e6ed8f20a43b7aa838f0a9ae931c98cf52a089942f8c2f29084cb

SHA512
efa96fa87e476c59da564bde025d4fe16136367451172ae5b9062a81026134d4054516b614bae37f294cfba7c0d90f3b7ce107f9bac54dc6f188cb58ce03109a

Download Submit
C:\Windows\System\xNPUfQy.exe

Filesize
6.0MB

MD5
d6bb5538ac1e1f07eb2023eca6845b45

SHA1
01f582c97f63124bfb389012816318dec1bcbda5

SHA256
e350cd9f9bc87be0cae26022fb99238bfd4c0ef2a2e7ebdf69187aaa9cf52d09

SHA512
fe491cbca24620fd25ca76f7eb56d8fdf2c25ebcf36d9af4ec6b80e015654ee1c4fd6e96ab891ee48fead70029a0c8872b54baa17db59ed35d286436482ace9d

Download Submit
memory/328-74-0x00007FF603DA0000-0x00007FF6040F4000-memory.dmp

Filesize
3.3MB

Download
memory/328-1603-0x00007FF603DA0000-0x00007FF6040F4000-memory.dmp

Filesize
3.3MB

Download
memory/328-18-0x00007FF603DA0000-0x00007FF6040F4000-memory.dmp

Filesize
3.3MB

Download
memory/548-84-0x00007FF715170000-0x00007FF7154C4000-memory.dmp

Filesize
3.3MB

Download
memory/548-1616-0x00007FF715170000-0x00007FF7154C4000-memory.dmp

Filesize
3.3MB

Download
memory/548-32-0x00007FF715170000-0x00007FF7154C4000-memory.dmp

Filesize
3.3MB

Download
memory/1192-624-0x00007FF6FA1E0000-0x00007FF6FA534000-memory.dmp

Filesize
3.3MB

Download
memory/1192-198-0x00007FF6FA1E0000-0x00007FF6FA534000-memory.dmp

Filesize
3.3MB

Download
memory/1284-591-0x00007FF6628F0000-0x00007FF662C44000-memory.dmp

Filesize
3.3MB

Download
memory/1284-191-0x00007FF6628F0000-0x00007FF662C44000-memory.dmp

Filesize
3.3MB

Download
memory/1320-1-0x000002318ACA0000-0x000002318ACB0000-memory.dmp

Filesize
64KB

Download
memory/1320-0-0x00007FF69FED0000-0x00007FF6A0224000-memory.dmp

Filesize
3.3MB

Download
memory/1320-60-0x00007FF69FED0000-0x00007FF6A0224000-memory.dmp

Filesize
3.3MB

Download
memory/1336-81-0x00007FF7FE3A0000-0x00007FF7FE6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1336-1867-0x00007FF7FE3A0000-0x00007FF7FE6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1336-142-0x00007FF7FE3A0000-0x00007FF7FE6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-144-0x00007FF72CD60000-0x00007FF72D0B4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-82-0x00007FF72CD60000-0x00007FF72D0B4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-1871-0x00007FF72CD60000-0x00007FF72D0B4000-memory.dmp

Filesize
3.3MB

Download
memory/1584-139-0x00007FF646E00000-0x00007FF647154000-memory.dmp

Filesize
3.3MB

Download
memory/1584-183-0x00007FF646E00000-0x00007FF647154000-memory.dmp

Filesize
3.3MB

Download
memory/1584-2037-0x00007FF646E00000-0x00007FF647154000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2031-0x00007FF6BAE80000-0x00007FF6BB1D4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-133-0x00007FF6BAE80000-0x00007FF6BB1D4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-187-0x00007FF6BAE80000-0x00007FF6BB1D4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-71-0x00007FF76F520000-0x00007FF76F874000-memory.dmp

Filesize
3.3MB

Download
memory/2056-1768-0x00007FF76F520000-0x00007FF76F874000-memory.dmp

Filesize
3.3MB

Download
memory/2056-125-0x00007FF76F520000-0x00007FF76F874000-memory.dmp

Filesize
3.3MB

Download
memory/2116-159-0x00007FF609160000-0x00007FF6094B4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2102-0x00007FF609160000-0x00007FF6094B4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-284-0x00007FF609160000-0x00007FF6094B4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-1684-0x00007FF74DEC0000-0x00007FF74E214000-memory.dmp

Filesize
3.3MB

Download
memory/2264-97-0x00007FF74DEC0000-0x00007FF74E214000-memory.dmp

Filesize
3.3MB

Download
memory/2264-48-0x00007FF74DEC0000-0x00007FF74E214000-memory.dmp

Filesize
3.3MB

Download
memory/3640-79-0x00007FF6D6D00000-0x00007FF6D7054000-memory.dmp

Filesize
3.3MB

Download
memory/3640-24-0x00007FF6D6D00000-0x00007FF6D7054000-memory.dmp

Filesize
3.3MB

Download
memory/3640-1611-0x00007FF6D6D00000-0x00007FF6D7054000-memory.dmp

Filesize
3.3MB

Download
memory/3668-92-0x00007FF72A0D0000-0x00007FF72A424000-memory.dmp

Filesize
3.3MB

Download
memory/3668-1927-0x00007FF72A0D0000-0x00007FF72A424000-memory.dmp

Filesize
3.3MB

Download
memory/3668-158-0x00007FF72A0D0000-0x00007FF72A424000-memory.dmp

Filesize
3.3MB

Download
memory/3696-2012-0x00007FF723120000-0x00007FF723474000-memory.dmp

Filesize
3.3MB

Download
memory/3696-167-0x00007FF723120000-0x00007FF723474000-memory.dmp

Filesize
3.3MB

Download
memory/3696-112-0x00007FF723120000-0x00007FF723474000-memory.dmp

Filesize
3.3MB

Download
memory/3852-106-0x00007FF61BD90000-0x00007FF61C0E4000-memory.dmp

Filesize
3.3MB

Download
memory/3852-1703-0x00007FF61BD90000-0x00007FF61C0E4000-memory.dmp

Filesize
3.3MB

Download
memory/3852-61-0x00007FF61BD90000-0x00007FF61C0E4000-memory.dmp

Filesize
3.3MB

Download
memory/3892-100-0x00007FF60FBD0000-0x00007FF60FF24000-memory.dmp

Filesize
3.3MB

Download
memory/3892-162-0x00007FF60FBD0000-0x00007FF60FF24000-memory.dmp

Filesize
3.3MB

Download
memory/3892-1933-0x00007FF60FBD0000-0x00007FF60FF24000-memory.dmp

Filesize
3.3MB

Download
memory/4044-239-0x00007FF65BFD0000-0x00007FF65C324000-memory.dmp

Filesize
3.3MB

Download
memory/4044-2098-0x00007FF65BFD0000-0x00007FF65C324000-memory.dmp

Filesize
3.3MB

Download
memory/4044-152-0x00007FF65BFD0000-0x00007FF65C324000-memory.dmp

Filesize
3.3MB

Download
memory/4068-104-0x00007FF6E6F10000-0x00007FF6E7264000-memory.dmp

Filesize
3.3MB

Download
memory/4068-1688-0x00007FF6E6F10000-0x00007FF6E7264000-memory.dmp

Filesize
3.3MB

Download
memory/4068-54-0x00007FF6E6F10000-0x00007FF6E7264000-memory.dmp

Filesize
3.3MB

Download
memory/4164-2025-0x00007FF695B90000-0x00007FF695EE4000-memory.dmp

Filesize
3.3MB

Download
memory/4164-128-0x00007FF695B90000-0x00007FF695EE4000-memory.dmp

Filesize
3.3MB

Download
memory/4176-1644-0x00007FF7AF320000-0x00007FF7AF674000-memory.dmp

Filesize
3.3MB

Download
memory/4176-91-0x00007FF7AF320000-0x00007FF7AF674000-memory.dmp

Filesize
3.3MB

Download
memory/4176-42-0x00007FF7AF320000-0x00007FF7AF674000-memory.dmp

Filesize
3.3MB

Download
memory/4292-36-0x00007FF731390000-0x00007FF7316E4000-memory.dmp

Filesize
3.3MB

Download
memory/4292-89-0x00007FF731390000-0x00007FF7316E4000-memory.dmp

Filesize
3.3MB

Download
memory/4292-1617-0x00007FF731390000-0x00007FF7316E4000-memory.dmp

Filesize
3.3MB

Download
memory/4304-356-0x00007FF602F20000-0x00007FF603274000-memory.dmp

Filesize
3.3MB

Download
memory/4304-2193-0x00007FF602F20000-0x00007FF603274000-memory.dmp

Filesize
3.3MB

Download
memory/4304-169-0x00007FF602F20000-0x00007FF603274000-memory.dmp

Filesize
3.3MB

Download
memory/4464-148-0x00007FF74AC40000-0x00007FF74AF94000-memory.dmp

Filesize
3.3MB

Download
memory/4464-194-0x00007FF74AC40000-0x00007FF74AF94000-memory.dmp

Filesize
3.3MB

Download
memory/4464-2097-0x00007FF74AC40000-0x00007FF74AF94000-memory.dmp

Filesize
3.3MB

Download
memory/4524-145-0x00007FF6B44A0000-0x00007FF6B47F4000-memory.dmp

Filesize
3.3MB

Download
memory/4524-2034-0x00007FF6B44A0000-0x00007FF6B47F4000-memory.dmp

Filesize
3.3MB

Download
memory/4600-64-0x00007FF797290000-0x00007FF7975E4000-memory.dmp

Filesize
3.3MB

Download
memory/4600-7-0x00007FF797290000-0x00007FF7975E4000-memory.dmp

Filesize
3.3MB

Download
memory/4600-1581-0x00007FF797290000-0x00007FF7975E4000-memory.dmp

Filesize
3.3MB

Download
memory/4624-68-0x00007FF6B9430000-0x00007FF6B9784000-memory.dmp

Filesize
3.3MB

Download
memory/4624-1586-0x00007FF6B9430000-0x00007FF6B9784000-memory.dmp

Filesize
3.3MB

Download
memory/4624-12-0x00007FF6B9430000-0x00007FF6B9784000-memory.dmp

Filesize
3.3MB

Download
memory/4644-414-0x00007FF7EEBE0000-0x00007FF7EEF34000-memory.dmp

Filesize
3.3MB

Download
memory/4644-178-0x00007FF7EEBE0000-0x00007FF7EEF34000-memory.dmp

Filesize
3.3MB

Download
memory/4644-2199-0x00007FF7EEBE0000-0x00007FF7EEF34000-memory.dmp

Filesize
3.3MB

Download
memory/4812-176-0x00007FF7FB6A0000-0x00007FF7FB9F4000-memory.dmp

Filesize
3.3MB

Download
memory/4812-115-0x00007FF7FB6A0000-0x00007FF7FB9F4000-memory.dmp

Filesize
3.3MB

Download
memory/4812-2020-0x00007FF7FB6A0000-0x00007FF7FB9F4000-memory.dmp

Filesize
3.3MB

Download
memory/5036-413-0x00007FF6113D0000-0x00007FF611724000-memory.dmp

Filesize
3.3MB

Download
memory/5036-177-0x00007FF6113D0000-0x00007FF611724000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2200-0x00007FF6113D0000-0x00007FF611724000-memory.dmp

Filesize
3.3MB

Download