cobaltstrike | 01c9152cc3fa2adf7e7b16d8039eff9be5024f26f7c2a033f379ae6804d6d5bb

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2024, 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7f35d77180514f276a5cf0d2d03be71e
SHA1

f857801c51f63dde17a12af659fb8cdd648a28ea
SHA256

01c9152cc3fa2adf7e7b16d8039eff9be5024f26f7c2a033f379ae6804d6d5bb
SHA512

77400dd96576df730f645e69b12dcd04e70d285bf64301f52a1c04dd5d4b1d58a3a8878b1fced73e50812da61120f1e0d9734755078b36a1fdbe630de6bb6725
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUn:T+q56utgpPF8u/7n

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b6c-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c66-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c65-12.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c67-22.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c68-31.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c69-34.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6b-45.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023c5a-58.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6f-78.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c70-88.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c76-126.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7a-155.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c81-201.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c83-209.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c82-207.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c80-199.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7f-196.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7e-192.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7d-180.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7c-173.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7b-169.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c79-151.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c78-144.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c77-137.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c75-124.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c74-121.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c73-111.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c72-103.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c71-96.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6e-76.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6d-68.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6c-56.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6a-44.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1364-0-0x00007FF60A110000-0x00007FF60A464000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b6c-4.dat	xmrig
behavioral2/files/0x0007000000023c66-11.dat	xmrig
behavioral2/files/0x0007000000023c65-12.dat	xmrig
behavioral2/files/0x0007000000023c67-22.dat	xmrig
behavioral2/memory/4920-23-0x00007FF65FA70000-0x00007FF65FDC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c68-31.dat	xmrig
behavioral2/files/0x0007000000023c69-34.dat	xmrig
behavioral2/memory/4776-36-0x00007FF7EFAA0000-0x00007FF7EFDF4000-memory.dmp	xmrig
behavioral2/memory/1336-42-0x00007FF732910000-0x00007FF732C64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c6b-45.dat	xmrig
behavioral2/files/0x0009000000023c5a-58.dat	xmrig
behavioral2/files/0x0007000000023c6f-78.dat	xmrig
behavioral2/files/0x0007000000023c70-88.dat	xmrig
behavioral2/memory/1336-107-0x00007FF732910000-0x00007FF732C64000-memory.dmp	xmrig
behavioral2/memory/968-115-0x00007FF624FD0000-0x00007FF625324000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c76-126.dat	xmrig
behavioral2/files/0x0007000000023c7a-155.dat	xmrig
behavioral2/memory/1252-168-0x00007FF610A30000-0x00007FF610D84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c81-201.dat	xmrig
behavioral2/files/0x0007000000023c83-209.dat	xmrig
behavioral2/files/0x0007000000023c82-207.dat	xmrig
behavioral2/files/0x0007000000023c80-199.dat	xmrig
behavioral2/files/0x0007000000023c7f-196.dat	xmrig
behavioral2/files/0x0007000000023c7e-192.dat	xmrig
behavioral2/memory/3596-191-0x00007FF676760000-0x00007FF676AB4000-memory.dmp	xmrig
behavioral2/memory/1536-190-0x00007FF6A8710000-0x00007FF6A8A64000-memory.dmp	xmrig
behavioral2/memory/1168-189-0x00007FF67DF80000-0x00007FF67E2D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c7d-180.dat	xmrig
behavioral2/memory/4068-179-0x00007FF634CA0000-0x00007FF634FF4000-memory.dmp	xmrig
behavioral2/memory/1328-178-0x00007FF719520000-0x00007FF719874000-memory.dmp	xmrig
behavioral2/memory/3000-177-0x00007FF774800000-0x00007FF774B54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c7c-173.dat	xmrig
behavioral2/memory/1712-172-0x00007FF77B720000-0x00007FF77BA74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c7b-169.dat	xmrig
behavioral2/memory/3396-167-0x00007FF62EFD0000-0x00007FF62F324000-memory.dmp	xmrig
behavioral2/memory/852-163-0x00007FF624A60000-0x00007FF624DB4000-memory.dmp	xmrig
behavioral2/memory/4780-162-0x00007FF6D4770000-0x00007FF6D4AC4000-memory.dmp	xmrig
behavioral2/memory/4960-158-0x00007FF7CE520000-0x00007FF7CE874000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c79-151.dat	xmrig
behavioral2/memory/4428-150-0x00007FF62F290000-0x00007FF62F5E4000-memory.dmp	xmrig
behavioral2/memory/1792-149-0x00007FF6A3720000-0x00007FF6A3A74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c78-144.dat	xmrig
behavioral2/memory/2920-143-0x00007FF7310C0000-0x00007FF731414000-memory.dmp	xmrig
behavioral2/memory/2972-142-0x00007FF65D450000-0x00007FF65D7A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c77-137.dat	xmrig
behavioral2/memory/3488-136-0x00007FF725C20000-0x00007FF725F74000-memory.dmp	xmrig
behavioral2/memory/1668-135-0x00007FF63CE30000-0x00007FF63D184000-memory.dmp	xmrig
behavioral2/memory/2224-129-0x00007FF74AF80000-0x00007FF74B2D4000-memory.dmp	xmrig
behavioral2/memory/2600-128-0x00007FF72CF10000-0x00007FF72D264000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c75-124.dat	xmrig
behavioral2/files/0x0007000000023c74-121.dat	xmrig
behavioral2/memory/1536-120-0x00007FF6A8710000-0x00007FF6A8A64000-memory.dmp	xmrig
behavioral2/memory/4700-119-0x00007FF6B3490000-0x00007FF6B37E4000-memory.dmp	xmrig
behavioral2/memory/1328-116-0x00007FF719520000-0x00007FF719874000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c73-111.dat	xmrig
behavioral2/memory/3000-110-0x00007FF774800000-0x00007FF774B54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c72-103.dat	xmrig
behavioral2/memory/1252-101-0x00007FF610A30000-0x00007FF610D84000-memory.dmp	xmrig
behavioral2/memory/4776-100-0x00007FF7EFAA0000-0x00007FF7EFDF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c71-96.dat	xmrig
behavioral2/memory/852-94-0x00007FF624A60000-0x00007FF624DB4000-memory.dmp	xmrig
behavioral2/memory/3184-93-0x00007FF70D7F0000-0x00007FF70DB44000-memory.dmp	xmrig
behavioral2/memory/4960-87-0x00007FF7CE520000-0x00007FF7CE874000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4888	nDtPOzC.exe
4672	XtRpuJL.exe
4424	nUkbKwT.exe
4920	DvVkXQt.exe
3184	pFfZnid.exe
4776	WYpZWII.exe
1336	oTuNDjj.exe
968	pJxhKqt.exe
4700	KpqRaQB.exe
2600	CRTxRWU.exe
1668	tAvYlrW.exe
2972	KBrooXB.exe
1792	IfqrvHa.exe
4960	qoIbnJk.exe
852	PSlhoKz.exe
1252	gxVQADf.exe
3000	KXDhggN.exe
1328	TssxWxK.exe
1536	ckhiYJQ.exe
2224	nhdohuC.exe
3488	dbogaRD.exe
2920	HQxLKCG.exe
4428	uekVLfE.exe
4780	kSCwCxq.exe
3396	qMECxoO.exe
1712	PAPDZvO.exe
4068	COpgDyA.exe
1168	QTiEIES.exe
3596	upjTlsE.exe
4244	wplmzLI.exe
2044	gxrJqSK.exe
4028	YYWMFwa.exe
4924	RkXUQtf.exe
1004	yjtjTDh.exe
4204	mLncKuK.exe
1424	NQvcZQo.exe
1400	TXGyKPZ.exe
2236	QpiYUPS.exe
3720	smDvpvE.exe
2944	lhcCyFp.exe
3496	BIpIHIy.exe
2448	XavMCZf.exe
4892	ynoZAtD.exe
5080	lYQNySZ.exe
3892	VQLClZJ.exe
2360	KRVGumA.exe
4352	hgpufnR.exe
3552	kxSdJiH.exe
3688	oPqwlzO.exe
2860	JsXLPLF.exe
2196	zWdzNlR.exe
5112	VNBHdgF.exe
5028	kvYferC.exe
2312	oLMmsWj.exe
2948	vEAxHNG.exe
3532	jDMgeBk.exe
4696	VgXEfNK.exe
2580	xNTLmev.exe
4448	fZehTbT.exe
912	HTPJdme.exe
4952	znjICgs.exe
880	mcUbEHh.exe
4432	WFkMUJM.exe
396	lBMgTMJ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1364-0-0x00007FF60A110000-0x00007FF60A464000-memory.dmp	upx
behavioral2/files/0x000c000000023b6c-4.dat	upx
behavioral2/files/0x0007000000023c66-11.dat	upx
behavioral2/files/0x0007000000023c65-12.dat	upx
behavioral2/files/0x0007000000023c67-22.dat	upx
behavioral2/memory/4920-23-0x00007FF65FA70000-0x00007FF65FDC4000-memory.dmp	upx
behavioral2/files/0x0007000000023c68-31.dat	upx
behavioral2/files/0x0007000000023c69-34.dat	upx
behavioral2/memory/4776-36-0x00007FF7EFAA0000-0x00007FF7EFDF4000-memory.dmp	upx
behavioral2/memory/1336-42-0x00007FF732910000-0x00007FF732C64000-memory.dmp	upx
behavioral2/files/0x0007000000023c6b-45.dat	upx
behavioral2/files/0x0009000000023c5a-58.dat	upx
behavioral2/files/0x0007000000023c6f-78.dat	upx
behavioral2/files/0x0007000000023c70-88.dat	upx
behavioral2/memory/1336-107-0x00007FF732910000-0x00007FF732C64000-memory.dmp	upx
behavioral2/memory/968-115-0x00007FF624FD0000-0x00007FF625324000-memory.dmp	upx
behavioral2/files/0x0007000000023c76-126.dat	upx
behavioral2/files/0x0007000000023c7a-155.dat	upx
behavioral2/memory/1252-168-0x00007FF610A30000-0x00007FF610D84000-memory.dmp	upx
behavioral2/files/0x0007000000023c81-201.dat	upx
behavioral2/files/0x0007000000023c83-209.dat	upx
behavioral2/files/0x0007000000023c82-207.dat	upx
behavioral2/files/0x0007000000023c80-199.dat	upx
behavioral2/files/0x0007000000023c7f-196.dat	upx
behavioral2/files/0x0007000000023c7e-192.dat	upx
behavioral2/memory/3596-191-0x00007FF676760000-0x00007FF676AB4000-memory.dmp	upx
behavioral2/memory/1536-190-0x00007FF6A8710000-0x00007FF6A8A64000-memory.dmp	upx
behavioral2/memory/1168-189-0x00007FF67DF80000-0x00007FF67E2D4000-memory.dmp	upx
behavioral2/files/0x0007000000023c7d-180.dat	upx
behavioral2/memory/4068-179-0x00007FF634CA0000-0x00007FF634FF4000-memory.dmp	upx
behavioral2/memory/1328-178-0x00007FF719520000-0x00007FF719874000-memory.dmp	upx
behavioral2/memory/3000-177-0x00007FF774800000-0x00007FF774B54000-memory.dmp	upx
behavioral2/files/0x0007000000023c7c-173.dat	upx
behavioral2/memory/1712-172-0x00007FF77B720000-0x00007FF77BA74000-memory.dmp	upx
behavioral2/files/0x0007000000023c7b-169.dat	upx
behavioral2/memory/3396-167-0x00007FF62EFD0000-0x00007FF62F324000-memory.dmp	upx
behavioral2/memory/852-163-0x00007FF624A60000-0x00007FF624DB4000-memory.dmp	upx
behavioral2/memory/4780-162-0x00007FF6D4770000-0x00007FF6D4AC4000-memory.dmp	upx
behavioral2/memory/4960-158-0x00007FF7CE520000-0x00007FF7CE874000-memory.dmp	upx
behavioral2/files/0x0007000000023c79-151.dat	upx
behavioral2/memory/4428-150-0x00007FF62F290000-0x00007FF62F5E4000-memory.dmp	upx
behavioral2/memory/1792-149-0x00007FF6A3720000-0x00007FF6A3A74000-memory.dmp	upx
behavioral2/files/0x0007000000023c78-144.dat	upx
behavioral2/memory/2920-143-0x00007FF7310C0000-0x00007FF731414000-memory.dmp	upx
behavioral2/memory/2972-142-0x00007FF65D450000-0x00007FF65D7A4000-memory.dmp	upx
behavioral2/files/0x0007000000023c77-137.dat	upx
behavioral2/memory/3488-136-0x00007FF725C20000-0x00007FF725F74000-memory.dmp	upx
behavioral2/memory/1668-135-0x00007FF63CE30000-0x00007FF63D184000-memory.dmp	upx
behavioral2/memory/2224-129-0x00007FF74AF80000-0x00007FF74B2D4000-memory.dmp	upx
behavioral2/memory/2600-128-0x00007FF72CF10000-0x00007FF72D264000-memory.dmp	upx
behavioral2/files/0x0007000000023c75-124.dat	upx
behavioral2/files/0x0007000000023c74-121.dat	upx
behavioral2/memory/1536-120-0x00007FF6A8710000-0x00007FF6A8A64000-memory.dmp	upx
behavioral2/memory/4700-119-0x00007FF6B3490000-0x00007FF6B37E4000-memory.dmp	upx
behavioral2/memory/1328-116-0x00007FF719520000-0x00007FF719874000-memory.dmp	upx
behavioral2/files/0x0007000000023c73-111.dat	upx
behavioral2/memory/3000-110-0x00007FF774800000-0x00007FF774B54000-memory.dmp	upx
behavioral2/files/0x0007000000023c72-103.dat	upx
behavioral2/memory/1252-101-0x00007FF610A30000-0x00007FF610D84000-memory.dmp	upx
behavioral2/memory/4776-100-0x00007FF7EFAA0000-0x00007FF7EFDF4000-memory.dmp	upx
behavioral2/files/0x0007000000023c71-96.dat	upx
behavioral2/memory/852-94-0x00007FF624A60000-0x00007FF624DB4000-memory.dmp	upx
behavioral2/memory/3184-93-0x00007FF70D7F0000-0x00007FF70DB44000-memory.dmp	upx
behavioral2/memory/4960-87-0x00007FF7CE520000-0x00007FF7CE874000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XXZExRf.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LJDkGNv.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\damywXH.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ujELEwo.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gtonwXL.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPklnzQ.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ujxrREN.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DinZEWv.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mcPDLws.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZisPDiC.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uznWdeK.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnwxvyz.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oAkDcGK.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JsqurNu.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bfGNzdE.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Tknblqg.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCEfNwC.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMtHnWD.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TQZlLkM.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwyuCXf.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMHJFuT.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFWsMMu.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWBHhyO.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fqDsuln.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTiEIES.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PCkOcGd.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pjgwsRL.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eutzRtM.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\telavrp.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gduAToD.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wteEtXv.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJaglug.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HVGgXMM.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\geditKy.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yKUPlEU.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMQfHLh.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NEcCFRz.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCpuLVY.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGohsqr.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqUZXOr.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYMPNQP.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Lapoair.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XnBKFce.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HFAlFHL.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzdpCSw.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CIhjWhj.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXWQtsY.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGzPyJu.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DQZSCsJ.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\upQHXSi.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdUTLHs.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGeytic.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWDzbHZ.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKXMpIU.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYICVLv.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQLClZJ.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WfyMIIa.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pVXnmVK.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gJgIwLx.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dGIDnmu.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kEplXjM.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VanNVou.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFKHpZd.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkXUQtf.exe	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 4888	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1364 wrote to memory of 4888	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1364 wrote to memory of 4672	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1364 wrote to memory of 4672	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1364 wrote to memory of 4424	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1364 wrote to memory of 4424	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1364 wrote to memory of 4920	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1364 wrote to memory of 4920	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1364 wrote to memory of 3184	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1364 wrote to memory of 3184	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1364 wrote to memory of 4776	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1364 wrote to memory of 4776	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1364 wrote to memory of 1336	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1364 wrote to memory of 1336	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1364 wrote to memory of 968	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1364 wrote to memory of 968	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1364 wrote to memory of 4700	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1364 wrote to memory of 4700	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1364 wrote to memory of 2600	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1364 wrote to memory of 2600	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1364 wrote to memory of 1668	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1364 wrote to memory of 1668	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1364 wrote to memory of 2972	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1364 wrote to memory of 2972	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1364 wrote to memory of 1792	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1364 wrote to memory of 1792	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1364 wrote to memory of 4960	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1364 wrote to memory of 4960	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1364 wrote to memory of 852	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1364 wrote to memory of 852	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1364 wrote to memory of 1252	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1364 wrote to memory of 1252	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1364 wrote to memory of 3000	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1364 wrote to memory of 3000	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1364 wrote to memory of 1328	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1364 wrote to memory of 1328	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1364 wrote to memory of 1536	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1364 wrote to memory of 1536	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1364 wrote to memory of 2224	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1364 wrote to memory of 2224	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1364 wrote to memory of 3488	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1364 wrote to memory of 3488	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1364 wrote to memory of 2920	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1364 wrote to memory of 2920	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1364 wrote to memory of 4428	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1364 wrote to memory of 4428	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1364 wrote to memory of 4780	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1364 wrote to memory of 4780	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1364 wrote to memory of 3396	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1364 wrote to memory of 3396	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1364 wrote to memory of 1712	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1364 wrote to memory of 1712	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1364 wrote to memory of 4068	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1364 wrote to memory of 4068	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1364 wrote to memory of 1168	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1364 wrote to memory of 1168	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1364 wrote to memory of 3596	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1364 wrote to memory of 3596	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1364 wrote to memory of 4244	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1364 wrote to memory of 4244	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1364 wrote to memory of 2044	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1364 wrote to memory of 2044	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1364 wrote to memory of 4028	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1364 wrote to memory of 4028	1364	2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe	116

C:\Users\Admin\AppData\Local\Temp\2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_7f35d77180514f276a5cf0d2d03be71e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\System\nDtPOzC.exe
  C:\Windows\System\nDtPOzC.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\XtRpuJL.exe
  C:\Windows\System\XtRpuJL.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\nUkbKwT.exe
  C:\Windows\System\nUkbKwT.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\DvVkXQt.exe
  C:\Windows\System\DvVkXQt.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\pFfZnid.exe
  C:\Windows\System\pFfZnid.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\WYpZWII.exe
  C:\Windows\System\WYpZWII.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\oTuNDjj.exe
  C:\Windows\System\oTuNDjj.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\pJxhKqt.exe
  C:\Windows\System\pJxhKqt.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\KpqRaQB.exe
  C:\Windows\System\KpqRaQB.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\CRTxRWU.exe
  C:\Windows\System\CRTxRWU.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\tAvYlrW.exe
  C:\Windows\System\tAvYlrW.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\KBrooXB.exe
  C:\Windows\System\KBrooXB.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\IfqrvHa.exe
  C:\Windows\System\IfqrvHa.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\qoIbnJk.exe
  C:\Windows\System\qoIbnJk.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\PSlhoKz.exe
  C:\Windows\System\PSlhoKz.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\gxVQADf.exe
  C:\Windows\System\gxVQADf.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\KXDhggN.exe
  C:\Windows\System\KXDhggN.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\TssxWxK.exe
  C:\Windows\System\TssxWxK.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\ckhiYJQ.exe
  C:\Windows\System\ckhiYJQ.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\nhdohuC.exe
  C:\Windows\System\nhdohuC.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\dbogaRD.exe
  C:\Windows\System\dbogaRD.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\HQxLKCG.exe
  C:\Windows\System\HQxLKCG.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\uekVLfE.exe
  C:\Windows\System\uekVLfE.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\kSCwCxq.exe
  C:\Windows\System\kSCwCxq.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\qMECxoO.exe
  C:\Windows\System\qMECxoO.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\PAPDZvO.exe
  C:\Windows\System\PAPDZvO.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\COpgDyA.exe
  C:\Windows\System\COpgDyA.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\QTiEIES.exe
  C:\Windows\System\QTiEIES.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\upjTlsE.exe
  C:\Windows\System\upjTlsE.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\wplmzLI.exe
  C:\Windows\System\wplmzLI.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\gxrJqSK.exe
  C:\Windows\System\gxrJqSK.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\YYWMFwa.exe
  C:\Windows\System\YYWMFwa.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\RkXUQtf.exe
  C:\Windows\System\RkXUQtf.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\yjtjTDh.exe
  C:\Windows\System\yjtjTDh.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\mLncKuK.exe
  C:\Windows\System\mLncKuK.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\NQvcZQo.exe
  C:\Windows\System\NQvcZQo.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\TXGyKPZ.exe
  C:\Windows\System\TXGyKPZ.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\QpiYUPS.exe
  C:\Windows\System\QpiYUPS.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\smDvpvE.exe
  C:\Windows\System\smDvpvE.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\lhcCyFp.exe
  C:\Windows\System\lhcCyFp.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\BIpIHIy.exe
  C:\Windows\System\BIpIHIy.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\XavMCZf.exe
  C:\Windows\System\XavMCZf.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\ynoZAtD.exe
  C:\Windows\System\ynoZAtD.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\lYQNySZ.exe
  C:\Windows\System\lYQNySZ.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\VQLClZJ.exe
  C:\Windows\System\VQLClZJ.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\KRVGumA.exe
  C:\Windows\System\KRVGumA.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\hgpufnR.exe
  C:\Windows\System\hgpufnR.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\kxSdJiH.exe
  C:\Windows\System\kxSdJiH.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\oPqwlzO.exe
  C:\Windows\System\oPqwlzO.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\JsXLPLF.exe
  C:\Windows\System\JsXLPLF.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\zWdzNlR.exe
  C:\Windows\System\zWdzNlR.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\VNBHdgF.exe
  C:\Windows\System\VNBHdgF.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\kvYferC.exe
  C:\Windows\System\kvYferC.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\oLMmsWj.exe
  C:\Windows\System\oLMmsWj.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\vEAxHNG.exe
  C:\Windows\System\vEAxHNG.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\jDMgeBk.exe
  C:\Windows\System\jDMgeBk.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\VgXEfNK.exe
  C:\Windows\System\VgXEfNK.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\xNTLmev.exe
  C:\Windows\System\xNTLmev.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\fZehTbT.exe
  C:\Windows\System\fZehTbT.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\HTPJdme.exe
  C:\Windows\System\HTPJdme.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\znjICgs.exe
  C:\Windows\System\znjICgs.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\mcUbEHh.exe
  C:\Windows\System\mcUbEHh.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\WFkMUJM.exe
  C:\Windows\System\WFkMUJM.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\lBMgTMJ.exe
  C:\Windows\System\lBMgTMJ.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\KMTdmXf.exe
  C:\Windows\System\KMTdmXf.exe
  2⤵
  PID:2616
- C:\Windows\System\YqpMFHA.exe
  C:\Windows\System\YqpMFHA.exe
  2⤵
  PID:2348
- C:\Windows\System\gzOATHj.exe
  C:\Windows\System\gzOATHj.exe
  2⤵
  PID:4256
- C:\Windows\System\aCXkcrG.exe
  C:\Windows\System\aCXkcrG.exe
  2⤵
  PID:1260
- C:\Windows\System\YBbZoSn.exe
  C:\Windows\System\YBbZoSn.exe
  2⤵
  PID:5008
- C:\Windows\System\FHTyGaf.exe
  C:\Windows\System\FHTyGaf.exe
  2⤵
  PID:3716
- C:\Windows\System\aueoaqO.exe
  C:\Windows\System\aueoaqO.exe
  2⤵
  PID:5108
- C:\Windows\System\jCEfNwC.exe
  C:\Windows\System\jCEfNwC.exe
  2⤵
  PID:2980
- C:\Windows\System\ZKLkqCQ.exe
  C:\Windows\System\ZKLkqCQ.exe
  2⤵
  PID:3040
- C:\Windows\System\KIYOoho.exe
  C:\Windows\System\KIYOoho.exe
  2⤵
  PID:4220
- C:\Windows\System\fpUeCEG.exe
  C:\Windows\System\fpUeCEG.exe
  2⤵
  PID:4644
- C:\Windows\System\PDCEnIk.exe
  C:\Windows\System\PDCEnIk.exe
  2⤵
  PID:3116
- C:\Windows\System\iFHvzHb.exe
  C:\Windows\System\iFHvzHb.exe
  2⤵
  PID:3444
- C:\Windows\System\GVseCcD.exe
  C:\Windows\System\GVseCcD.exe
  2⤵
  PID:5156
- C:\Windows\System\eOpBUWh.exe
  C:\Windows\System\eOpBUWh.exe
  2⤵
  PID:5184
- C:\Windows\System\JGApmkE.exe
  C:\Windows\System\JGApmkE.exe
  2⤵
  PID:5200
- C:\Windows\System\XXZExRf.exe
  C:\Windows\System\XXZExRf.exe
  2⤵
  PID:5240
- C:\Windows\System\RuggXfb.exe
  C:\Windows\System\RuggXfb.exe
  2⤵
  PID:5268
- C:\Windows\System\DKussyD.exe
  C:\Windows\System\DKussyD.exe
  2⤵
  PID:5284
- C:\Windows\System\hyyjqUJ.exe
  C:\Windows\System\hyyjqUJ.exe
  2⤵
  PID:5312
- C:\Windows\System\PMUqnIp.exe
  C:\Windows\System\PMUqnIp.exe
  2⤵
  PID:5340
- C:\Windows\System\OmzojpN.exe
  C:\Windows\System\OmzojpN.exe
  2⤵
  PID:5368
- C:\Windows\System\ZoMiMxE.exe
  C:\Windows\System\ZoMiMxE.exe
  2⤵
  PID:5396
- C:\Windows\System\DQZSCsJ.exe
  C:\Windows\System\DQZSCsJ.exe
  2⤵
  PID:5436
- C:\Windows\System\atBajJV.exe
  C:\Windows\System\atBajJV.exe
  2⤵
  PID:5464
- C:\Windows\System\xxBBefT.exe
  C:\Windows\System\xxBBefT.exe
  2⤵
  PID:5492
- C:\Windows\System\dRfCDfP.exe
  C:\Windows\System\dRfCDfP.exe
  2⤵
  PID:5508
- C:\Windows\System\exJyAjT.exe
  C:\Windows\System\exJyAjT.exe
  2⤵
  PID:5536
- C:\Windows\System\KnAOOZO.exe
  C:\Windows\System\KnAOOZO.exe
  2⤵
  PID:5564
- C:\Windows\System\rZhzkVg.exe
  C:\Windows\System\rZhzkVg.exe
  2⤵
  PID:5592
- C:\Windows\System\gXXfbwc.exe
  C:\Windows\System\gXXfbwc.exe
  2⤵
  PID:5620
- C:\Windows\System\ldtoHZy.exe
  C:\Windows\System\ldtoHZy.exe
  2⤵
  PID:5648
- C:\Windows\System\vhSCguT.exe
  C:\Windows\System\vhSCguT.exe
  2⤵
  PID:5676
- C:\Windows\System\uEngXKx.exe
  C:\Windows\System\uEngXKx.exe
  2⤵
  PID:5704
- C:\Windows\System\WXASPrR.exe
  C:\Windows\System\WXASPrR.exe
  2⤵
  PID:5732
- C:\Windows\System\cbiMDff.exe
  C:\Windows\System\cbiMDff.exe
  2⤵
  PID:5760
- C:\Windows\System\bzqpxrw.exe
  C:\Windows\System\bzqpxrw.exe
  2⤵
  PID:5800
- C:\Windows\System\qnqIkuD.exe
  C:\Windows\System\qnqIkuD.exe
  2⤵
  PID:5828
- C:\Windows\System\XaKgJNf.exe
  C:\Windows\System\XaKgJNf.exe
  2⤵
  PID:5856
- C:\Windows\System\zGmxyRG.exe
  C:\Windows\System\zGmxyRG.exe
  2⤵
  PID:5872
- C:\Windows\System\NGZIBaB.exe
  C:\Windows\System\NGZIBaB.exe
  2⤵
  PID:5900
- C:\Windows\System\JgtUMIo.exe
  C:\Windows\System\JgtUMIo.exe
  2⤵
  PID:5940
- C:\Windows\System\uGxFAZJ.exe
  C:\Windows\System\uGxFAZJ.exe
  2⤵
  PID:5956
- C:\Windows\System\OXOCexw.exe
  C:\Windows\System\OXOCexw.exe
  2⤵
  PID:5984
- C:\Windows\System\DCvCabm.exe
  C:\Windows\System\DCvCabm.exe
  2⤵
  PID:6012
- C:\Windows\System\kHUEukn.exe
  C:\Windows\System\kHUEukn.exe
  2⤵
  PID:6052
- C:\Windows\System\DrWvPwR.exe
  C:\Windows\System\DrWvPwR.exe
  2⤵
  PID:6068
- C:\Windows\System\bgqdpHt.exe
  C:\Windows\System\bgqdpHt.exe
  2⤵
  PID:6096
- C:\Windows\System\fTZPSNm.exe
  C:\Windows\System\fTZPSNm.exe
  2⤵
  PID:6124
- C:\Windows\System\ziSTRGC.exe
  C:\Windows\System\ziSTRGC.exe
  2⤵
  PID:2752
- C:\Windows\System\qQgCaUr.exe
  C:\Windows\System\qQgCaUr.exe
  2⤵
  PID:1000
- C:\Windows\System\TVbWZfG.exe
  C:\Windows\System\TVbWZfG.exe
  2⤵
  PID:5036
- C:\Windows\System\UXYANJh.exe
  C:\Windows\System\UXYANJh.exe
  2⤵
  PID:1640
- C:\Windows\System\yUrQxSp.exe
  C:\Windows\System\yUrQxSp.exe
  2⤵
  PID:5128
- C:\Windows\System\TofEumn.exe
  C:\Windows\System\TofEumn.exe
  2⤵
  PID:5192
- C:\Windows\System\mVRTrBR.exe
  C:\Windows\System\mVRTrBR.exe
  2⤵
  PID:5228
- C:\Windows\System\KConekS.exe
  C:\Windows\System\KConekS.exe
  2⤵
  PID:5296
- C:\Windows\System\ZkRUeWy.exe
  C:\Windows\System\ZkRUeWy.exe
  2⤵
  PID:5384
- C:\Windows\System\sDUzVcH.exe
  C:\Windows\System\sDUzVcH.exe
  2⤵
  PID:5452
- C:\Windows\System\JqWlTYv.exe
  C:\Windows\System\JqWlTYv.exe
  2⤵
  PID:5484
- C:\Windows\System\mWrdlWK.exe
  C:\Windows\System\mWrdlWK.exe
  2⤵
  PID:5552
- C:\Windows\System\yeAzOfZ.exe
  C:\Windows\System\yeAzOfZ.exe
  2⤵
  PID:5616
- C:\Windows\System\kDFKVLY.exe
  C:\Windows\System\kDFKVLY.exe
  2⤵
  PID:5688
- C:\Windows\System\TEfaEkS.exe
  C:\Windows\System\TEfaEkS.exe
  2⤵
  PID:5748
- C:\Windows\System\QRwzuca.exe
  C:\Windows\System\QRwzuca.exe
  2⤵
  PID:5816
- C:\Windows\System\VbxaOcb.exe
  C:\Windows\System\VbxaOcb.exe
  2⤵
  PID:5884
- C:\Windows\System\wHtzxqO.exe
  C:\Windows\System\wHtzxqO.exe
  2⤵
  PID:5948
- C:\Windows\System\QdQAtDf.exe
  C:\Windows\System\QdQAtDf.exe
  2⤵
  PID:5976
- C:\Windows\System\qnIKNlQ.exe
  C:\Windows\System\qnIKNlQ.exe
  2⤵
  PID:6044
- C:\Windows\System\GkcCmyW.exe
  C:\Windows\System\GkcCmyW.exe
  2⤵
  PID:6140
- C:\Windows\System\WPYLcne.exe
  C:\Windows\System\WPYLcne.exe
  2⤵
  PID:4792
- C:\Windows\System\ZQQEVWv.exe
  C:\Windows\System\ZQQEVWv.exe
  2⤵
  PID:5180
- C:\Windows\System\RBKicmL.exe
  C:\Windows\System\RBKicmL.exe
  2⤵
  PID:5328
- C:\Windows\System\acFhZzu.exe
  C:\Windows\System\acFhZzu.exe
  2⤵
  PID:5424
- C:\Windows\System\XnBKFce.exe
  C:\Windows\System\XnBKFce.exe
  2⤵
  PID:5644
- C:\Windows\System\dpXgYen.exe
  C:\Windows\System\dpXgYen.exe
  2⤵
  PID:5720
- C:\Windows\System\cXuwpSw.exe
  C:\Windows\System\cXuwpSw.exe
  2⤵
  PID:5864
- C:\Windows\System\lIjqgJn.exe
  C:\Windows\System\lIjqgJn.exe
  2⤵
  PID:5968
- C:\Windows\System\SpzqsHP.exe
  C:\Windows\System\SpzqsHP.exe
  2⤵
  PID:6164
- C:\Windows\System\WHsJalm.exe
  C:\Windows\System\WHsJalm.exe
  2⤵
  PID:6204
- C:\Windows\System\kPRwNUu.exe
  C:\Windows\System\kPRwNUu.exe
  2⤵
  PID:6244
- C:\Windows\System\GdFJFzW.exe
  C:\Windows\System\GdFJFzW.exe
  2⤵
  PID:6272
- C:\Windows\System\mxfIWWQ.exe
  C:\Windows\System\mxfIWWQ.exe
  2⤵
  PID:6288
- C:\Windows\System\VVYiSgk.exe
  C:\Windows\System\VVYiSgk.exe
  2⤵
  PID:6316
- C:\Windows\System\trIypOy.exe
  C:\Windows\System\trIypOy.exe
  2⤵
  PID:6344
- C:\Windows\System\PCkOcGd.exe
  C:\Windows\System\PCkOcGd.exe
  2⤵
  PID:6372
- C:\Windows\System\ymiiQAx.exe
  C:\Windows\System\ymiiQAx.exe
  2⤵
  PID:6400
- C:\Windows\System\SntKQVt.exe
  C:\Windows\System\SntKQVt.exe
  2⤵
  PID:6428
- C:\Windows\System\ksZTXfq.exe
  C:\Windows\System\ksZTXfq.exe
  2⤵
  PID:6456
- C:\Windows\System\DXkcVWT.exe
  C:\Windows\System\DXkcVWT.exe
  2⤵
  PID:6484
- C:\Windows\System\IhKfcYA.exe
  C:\Windows\System\IhKfcYA.exe
  2⤵
  PID:6512
- C:\Windows\System\leTkDnP.exe
  C:\Windows\System\leTkDnP.exe
  2⤵
  PID:6552
- C:\Windows\System\wnbnOoj.exe
  C:\Windows\System\wnbnOoj.exe
  2⤵
  PID:6580
- C:\Windows\System\PAlhEEo.exe
  C:\Windows\System\PAlhEEo.exe
  2⤵
  PID:6608
- C:\Windows\System\JZNtTif.exe
  C:\Windows\System\JZNtTif.exe
  2⤵
  PID:6624
- C:\Windows\System\hjUyrVJ.exe
  C:\Windows\System\hjUyrVJ.exe
  2⤵
  PID:6652
- C:\Windows\System\jaUcDgA.exe
  C:\Windows\System\jaUcDgA.exe
  2⤵
  PID:6680
- C:\Windows\System\DjyOBgU.exe
  C:\Windows\System\DjyOBgU.exe
  2⤵
  PID:6708
- C:\Windows\System\SXSKukv.exe
  C:\Windows\System\SXSKukv.exe
  2⤵
  PID:6744
- C:\Windows\System\klFEAUn.exe
  C:\Windows\System\klFEAUn.exe
  2⤵
  PID:6776
- C:\Windows\System\fzkKVGH.exe
  C:\Windows\System\fzkKVGH.exe
  2⤵
  PID:6792
- C:\Windows\System\JYgRUup.exe
  C:\Windows\System\JYgRUup.exe
  2⤵
  PID:6832
- C:\Windows\System\LJDkGNv.exe
  C:\Windows\System\LJDkGNv.exe
  2⤵
  PID:6848
- C:\Windows\System\dUUzfwF.exe
  C:\Windows\System\dUUzfwF.exe
  2⤵
  PID:6888
- C:\Windows\System\KPTVFEl.exe
  C:\Windows\System\KPTVFEl.exe
  2⤵
  PID:6904
- C:\Windows\System\LueqPCA.exe
  C:\Windows\System\LueqPCA.exe
  2⤵
  PID:6932
- C:\Windows\System\UujoJYZ.exe
  C:\Windows\System\UujoJYZ.exe
  2⤵
  PID:6960
- C:\Windows\System\ZaSECGl.exe
  C:\Windows\System\ZaSECGl.exe
  2⤵
  PID:6988
- C:\Windows\System\RpDRAka.exe
  C:\Windows\System\RpDRAka.exe
  2⤵
  PID:7016
- C:\Windows\System\fouWOby.exe
  C:\Windows\System\fouWOby.exe
  2⤵
  PID:7056
- C:\Windows\System\biqoLiK.exe
  C:\Windows\System\biqoLiK.exe
  2⤵
  PID:7084
- C:\Windows\System\lkOMcsd.exe
  C:\Windows\System\lkOMcsd.exe
  2⤵
  PID:7112
- C:\Windows\System\vGHOCkb.exe
  C:\Windows\System\vGHOCkb.exe
  2⤵
  PID:7128
- C:\Windows\System\cWFxodp.exe
  C:\Windows\System\cWFxodp.exe
  2⤵
  PID:7156
- C:\Windows\System\JULTUGY.exe
  C:\Windows\System\JULTUGY.exe
  2⤵
  PID:6116
- C:\Windows\System\lVjBhLA.exe
  C:\Windows\System\lVjBhLA.exe
  2⤵
  PID:692
- C:\Windows\System\sgoTKLf.exe
  C:\Windows\System\sgoTKLf.exe
  2⤵
  PID:5480
- C:\Windows\System\SEhVyzf.exe
  C:\Windows\System\SEhVyzf.exe
  2⤵
  PID:5792
- C:\Windows\System\JvxmAQc.exe
  C:\Windows\System\JvxmAQc.exe
  2⤵
  PID:6196
- C:\Windows\System\RRYwGgd.exe
  C:\Windows\System\RRYwGgd.exe
  2⤵
  PID:6236
- C:\Windows\System\wDLRcJH.exe
  C:\Windows\System\wDLRcJH.exe
  2⤵
  PID:6328
- C:\Windows\System\MRsCQIL.exe
  C:\Windows\System\MRsCQIL.exe
  2⤵
  PID:6392
- C:\Windows\System\dVnapwN.exe
  C:\Windows\System\dVnapwN.exe
  2⤵
  PID:6468
- C:\Windows\System\ChPspDw.exe
  C:\Windows\System\ChPspDw.exe
  2⤵
  PID:6524
- C:\Windows\System\NPwXlCq.exe
  C:\Windows\System\NPwXlCq.exe
  2⤵
  PID:6592
- C:\Windows\System\yznKwJe.exe
  C:\Windows\System\yznKwJe.exe
  2⤵
  PID:6644
- C:\Windows\System\kQwcBqB.exe
  C:\Windows\System\kQwcBqB.exe
  2⤵
  PID:6692
- C:\Windows\System\OFrzmru.exe
  C:\Windows\System\OFrzmru.exe
  2⤵
  PID:6760
- C:\Windows\System\Csjuxbl.exe
  C:\Windows\System\Csjuxbl.exe
  2⤵
  PID:6820
- C:\Windows\System\NOGpUEA.exe
  C:\Windows\System\NOGpUEA.exe
  2⤵
  PID:6876
- C:\Windows\System\IXVQkcw.exe
  C:\Windows\System\IXVQkcw.exe
  2⤵
  PID:6944
- C:\Windows\System\XnEMuBV.exe
  C:\Windows\System\XnEMuBV.exe
  2⤵
  PID:7032
- C:\Windows\System\wihSdwo.exe
  C:\Windows\System\wihSdwo.exe
  2⤵
  PID:7100
- C:\Windows\System\ElsfqCb.exe
  C:\Windows\System\ElsfqCb.exe
  2⤵
  PID:7140
- C:\Windows\System\HkURaOm.exe
  C:\Windows\System\HkURaOm.exe
  2⤵
  PID:820
- C:\Windows\System\CLMWbDh.exe
  C:\Windows\System\CLMWbDh.exe
  2⤵
  PID:5668
- C:\Windows\System\TocVzfL.exe
  C:\Windows\System\TocVzfL.exe
  2⤵
  PID:6232
- C:\Windows\System\xJQSvpH.exe
  C:\Windows\System\xJQSvpH.exe
  2⤵
  PID:6388
- C:\Windows\System\IBnAxms.exe
  C:\Windows\System\IBnAxms.exe
  2⤵
  PID:6544
- C:\Windows\System\IxLECxo.exe
  C:\Windows\System\IxLECxo.exe
  2⤵
  PID:6672
- C:\Windows\System\pjgwsRL.exe
  C:\Windows\System\pjgwsRL.exe
  2⤵
  PID:6860
- C:\Windows\System\BfoGaXP.exe
  C:\Windows\System\BfoGaXP.exe
  2⤵
  PID:6976
- C:\Windows\System\ZisPDiC.exe
  C:\Windows\System\ZisPDiC.exe
  2⤵
  PID:7180
- C:\Windows\System\eCpuLVY.exe
  C:\Windows\System\eCpuLVY.exe
  2⤵
  PID:7208
- C:\Windows\System\oxAfNPB.exe
  C:\Windows\System\oxAfNPB.exe
  2⤵
  PID:7236
- C:\Windows\System\wtGtpfp.exe
  C:\Windows\System\wtGtpfp.exe
  2⤵
  PID:7268
- C:\Windows\System\ZthDpGI.exe
  C:\Windows\System\ZthDpGI.exe
  2⤵
  PID:7292
- C:\Windows\System\rIiCZUN.exe
  C:\Windows\System\rIiCZUN.exe
  2⤵
  PID:7320
- C:\Windows\System\bSkAZDV.exe
  C:\Windows\System\bSkAZDV.exe
  2⤵
  PID:7348
- C:\Windows\System\OxPXlvx.exe
  C:\Windows\System\OxPXlvx.exe
  2⤵
  PID:7376
- C:\Windows\System\FikvoUK.exe
  C:\Windows\System\FikvoUK.exe
  2⤵
  PID:7404
- C:\Windows\System\gzFggCB.exe
  C:\Windows\System\gzFggCB.exe
  2⤵
  PID:7432
- C:\Windows\System\jHcLMGn.exe
  C:\Windows\System\jHcLMGn.exe
  2⤵
  PID:7464
- C:\Windows\System\EvHGWRB.exe
  C:\Windows\System\EvHGWRB.exe
  2⤵
  PID:7488
- C:\Windows\System\zCZNPQn.exe
  C:\Windows\System\zCZNPQn.exe
  2⤵
  PID:7516
- C:\Windows\System\uSHGzsR.exe
  C:\Windows\System\uSHGzsR.exe
  2⤵
  PID:7536
- C:\Windows\System\rBWfGuz.exe
  C:\Windows\System\rBWfGuz.exe
  2⤵
  PID:7560
- C:\Windows\System\srTHAwt.exe
  C:\Windows\System\srTHAwt.exe
  2⤵
  PID:7588
- C:\Windows\System\HFijkWS.exe
  C:\Windows\System\HFijkWS.exe
  2⤵
  PID:7616
- C:\Windows\System\piEaxsW.exe
  C:\Windows\System\piEaxsW.exe
  2⤵
  PID:7644
- C:\Windows\System\hdpTqPh.exe
  C:\Windows\System\hdpTqPh.exe
  2⤵
  PID:7672
- C:\Windows\System\DOqTwmh.exe
  C:\Windows\System\DOqTwmh.exe
  2⤵
  PID:7700
- C:\Windows\System\ygAwzXg.exe
  C:\Windows\System\ygAwzXg.exe
  2⤵
  PID:7728
- C:\Windows\System\OzKsUaP.exe
  C:\Windows\System\OzKsUaP.exe
  2⤵
  PID:7756
- C:\Windows\System\nBasLzH.exe
  C:\Windows\System\nBasLzH.exe
  2⤵
  PID:7784
- C:\Windows\System\PsNFcrv.exe
  C:\Windows\System\PsNFcrv.exe
  2⤵
  PID:7824
- C:\Windows\System\JjnxqJQ.exe
  C:\Windows\System\JjnxqJQ.exe
  2⤵
  PID:7856
- C:\Windows\System\OoGOynf.exe
  C:\Windows\System\OoGOynf.exe
  2⤵
  PID:7880
- C:\Windows\System\EAUeaLd.exe
  C:\Windows\System\EAUeaLd.exe
  2⤵
  PID:7908
- C:\Windows\System\omtSQDS.exe
  C:\Windows\System\omtSQDS.exe
  2⤵
  PID:7936
- C:\Windows\System\nEKdpzF.exe
  C:\Windows\System\nEKdpzF.exe
  2⤵
  PID:7968
- C:\Windows\System\OFBWxQl.exe
  C:\Windows\System\OFBWxQl.exe
  2⤵
  PID:7992
- C:\Windows\System\CqlqsAg.exe
  C:\Windows\System\CqlqsAg.exe
  2⤵
  PID:8020
- C:\Windows\System\kVOnWQr.exe
  C:\Windows\System\kVOnWQr.exe
  2⤵
  PID:8048
- C:\Windows\System\oDMlqVw.exe
  C:\Windows\System\oDMlqVw.exe
  2⤵
  PID:8080
- C:\Windows\System\DaLkgvD.exe
  C:\Windows\System\DaLkgvD.exe
  2⤵
  PID:8104
- C:\Windows\System\tgnGGtU.exe
  C:\Windows\System\tgnGGtU.exe
  2⤵
  PID:8132
- C:\Windows\System\ZuEBVSr.exe
  C:\Windows\System\ZuEBVSr.exe
  2⤵
  PID:8160
- C:\Windows\System\gtonwXL.exe
  C:\Windows\System\gtonwXL.exe
  2⤵
  PID:8188
- C:\Windows\System\WfyMIIa.exe
  C:\Windows\System\WfyMIIa.exe
  2⤵
  PID:6036
- C:\Windows\System\LNxpljf.exe
  C:\Windows\System\LNxpljf.exe
  2⤵
  PID:6300
- C:\Windows\System\nDKHyut.exe
  C:\Windows\System\nDKHyut.exe
  2⤵
  PID:6620
- C:\Windows\System\NseNCGR.exe
  C:\Windows\System\NseNCGR.exe
  2⤵
  PID:6972
- C:\Windows\System\jiSjyHU.exe
  C:\Windows\System\jiSjyHU.exe
  2⤵
  PID:7220
- C:\Windows\System\tvBUXbV.exe
  C:\Windows\System\tvBUXbV.exe
  2⤵
  PID:7276
- C:\Windows\System\ETkDjiX.exe
  C:\Windows\System\ETkDjiX.exe
  2⤵
  PID:7336
- C:\Windows\System\xxLQPvu.exe
  C:\Windows\System\xxLQPvu.exe
  2⤵
  PID:7392
- C:\Windows\System\nXbliHe.exe
  C:\Windows\System\nXbliHe.exe
  2⤵
  PID:7448
- C:\Windows\System\TxVXCqJ.exe
  C:\Windows\System\TxVXCqJ.exe
  2⤵
  PID:7508
- C:\Windows\System\tjYSGfX.exe
  C:\Windows\System\tjYSGfX.exe
  2⤵
  PID:7572
- C:\Windows\System\KsCeePO.exe
  C:\Windows\System\KsCeePO.exe
  2⤵
  PID:7632
- C:\Windows\System\svXmPuw.exe
  C:\Windows\System\svXmPuw.exe
  2⤵
  PID:7720
- C:\Windows\System\HvhQAfl.exe
  C:\Windows\System\HvhQAfl.exe
  2⤵
  PID:7748
- C:\Windows\System\NaQrtjp.exe
  C:\Windows\System\NaQrtjp.exe
  2⤵
  PID:7816
- C:\Windows\System\cWePBtU.exe
  C:\Windows\System\cWePBtU.exe
  2⤵
  PID:7892
- C:\Windows\System\IwGpfHE.exe
  C:\Windows\System\IwGpfHE.exe
  2⤵
  PID:7952
- C:\Windows\System\Bucoulm.exe
  C:\Windows\System\Bucoulm.exe
  2⤵
  PID:8008
- C:\Windows\System\wteEtXv.exe
  C:\Windows\System\wteEtXv.exe
  2⤵
  PID:8072
- C:\Windows\System\qrjEcNT.exe
  C:\Windows\System\qrjEcNT.exe
  2⤵
  PID:8144
- C:\Windows\System\LfRDfjv.exe
  C:\Windows\System\LfRDfjv.exe
  2⤵
  PID:7124
- C:\Windows\System\eutzRtM.exe
  C:\Windows\System\eutzRtM.exe
  2⤵
  PID:6508
- C:\Windows\System\IweRmuW.exe
  C:\Windows\System\IweRmuW.exe
  2⤵
  PID:7228
- C:\Windows\System\ghCIAwk.exe
  C:\Windows\System\ghCIAwk.exe
  2⤵
  PID:7368
- C:\Windows\System\NBhMfhB.exe
  C:\Windows\System\NBhMfhB.exe
  2⤵
  PID:7500
- C:\Windows\System\uEUuJCx.exe
  C:\Windows\System\uEUuJCx.exe
  2⤵
  PID:7660
- C:\Windows\System\rJUWrCH.exe
  C:\Windows\System\rJUWrCH.exe
  2⤵
  PID:7776
- C:\Windows\System\YrQYKuW.exe
  C:\Windows\System\YrQYKuW.exe
  2⤵
  PID:7920
- C:\Windows\System\amKyepQ.exe
  C:\Windows\System\amKyepQ.exe
  2⤵
  PID:8220
- C:\Windows\System\ZvePVoh.exe
  C:\Windows\System\ZvePVoh.exe
  2⤵
  PID:8248
- C:\Windows\System\YSMejiG.exe
  C:\Windows\System\YSMejiG.exe
  2⤵
  PID:8276
- C:\Windows\System\QqcYpMD.exe
  C:\Windows\System\QqcYpMD.exe
  2⤵
  PID:8304
- C:\Windows\System\ySCtBGJ.exe
  C:\Windows\System\ySCtBGJ.exe
  2⤵
  PID:8332
- C:\Windows\System\RqaRezT.exe
  C:\Windows\System\RqaRezT.exe
  2⤵
  PID:8360
- C:\Windows\System\iYplNWe.exe
  C:\Windows\System\iYplNWe.exe
  2⤵
  PID:8388
- C:\Windows\System\pWLMwag.exe
  C:\Windows\System\pWLMwag.exe
  2⤵
  PID:8416
- C:\Windows\System\mpHEBSn.exe
  C:\Windows\System\mpHEBSn.exe
  2⤵
  PID:8444
- C:\Windows\System\IRlIQyZ.exe
  C:\Windows\System\IRlIQyZ.exe
  2⤵
  PID:8472
- C:\Windows\System\FvvqkCi.exe
  C:\Windows\System\FvvqkCi.exe
  2⤵
  PID:8500
- C:\Windows\System\xgpuMGd.exe
  C:\Windows\System\xgpuMGd.exe
  2⤵
  PID:8524
- C:\Windows\System\pKeQqDP.exe
  C:\Windows\System\pKeQqDP.exe
  2⤵
  PID:8552
- C:\Windows\System\tDuIFvF.exe
  C:\Windows\System\tDuIFvF.exe
  2⤵
  PID:8580
- C:\Windows\System\Ikzpnyv.exe
  C:\Windows\System\Ikzpnyv.exe
  2⤵
  PID:8612
- C:\Windows\System\DVVZHre.exe
  C:\Windows\System\DVVZHre.exe
  2⤵
  PID:8640
- C:\Windows\System\lygwkON.exe
  C:\Windows\System\lygwkON.exe
  2⤵
  PID:8664
- C:\Windows\System\sHMBdHv.exe
  C:\Windows\System\sHMBdHv.exe
  2⤵
  PID:8692
- C:\Windows\System\neGeRHU.exe
  C:\Windows\System\neGeRHU.exe
  2⤵
  PID:8724
- C:\Windows\System\VvDsRZz.exe
  C:\Windows\System\VvDsRZz.exe
  2⤵
  PID:8752
- C:\Windows\System\aTCVtMM.exe
  C:\Windows\System\aTCVtMM.exe
  2⤵
  PID:8780
- C:\Windows\System\WrUZfpf.exe
  C:\Windows\System\WrUZfpf.exe
  2⤵
  PID:8808
- C:\Windows\System\pjRuzVn.exe
  C:\Windows\System\pjRuzVn.exe
  2⤵
  PID:8836
- C:\Windows\System\hVNqhDt.exe
  C:\Windows\System\hVNqhDt.exe
  2⤵
  PID:8864
- C:\Windows\System\PhiQHgk.exe
  C:\Windows\System\PhiQHgk.exe
  2⤵
  PID:8892
- C:\Windows\System\VboGywm.exe
  C:\Windows\System\VboGywm.exe
  2⤵
  PID:8920
- C:\Windows\System\ZbQkOkn.exe
  C:\Windows\System\ZbQkOkn.exe
  2⤵
  PID:8948
- C:\Windows\System\NCZkisn.exe
  C:\Windows\System\NCZkisn.exe
  2⤵
  PID:8976
- C:\Windows\System\cqnNIia.exe
  C:\Windows\System\cqnNIia.exe
  2⤵
  PID:9004
- C:\Windows\System\zvbcOLF.exe
  C:\Windows\System\zvbcOLF.exe
  2⤵
  PID:9032
- C:\Windows\System\fYRmFxo.exe
  C:\Windows\System\fYRmFxo.exe
  2⤵
  PID:9060
- C:\Windows\System\eLpKlVC.exe
  C:\Windows\System\eLpKlVC.exe
  2⤵
  PID:9088
- C:\Windows\System\JMpPVOQ.exe
  C:\Windows\System\JMpPVOQ.exe
  2⤵
  PID:9116
- C:\Windows\System\RNGxqOf.exe
  C:\Windows\System\RNGxqOf.exe
  2⤵
  PID:9144
- C:\Windows\System\uMtHnWD.exe
  C:\Windows\System\uMtHnWD.exe
  2⤵
  PID:9172
- C:\Windows\System\WiNFZrh.exe
  C:\Windows\System\WiNFZrh.exe
  2⤵
  PID:9200
- C:\Windows\System\oEHwfqt.exe
  C:\Windows\System\oEHwfqt.exe
  2⤵
  PID:4652
- C:\Windows\System\rUvYVXe.exe
  C:\Windows\System\rUvYVXe.exe
  2⤵
  PID:1196
- C:\Windows\System\eVFxWNt.exe
  C:\Windows\System\eVFxWNt.exe
  2⤵
  PID:6148
- C:\Windows\System\CqhALbM.exe
  C:\Windows\System\CqhALbM.exe
  2⤵
  PID:7308
- C:\Windows\System\hsikIYd.exe
  C:\Windows\System\hsikIYd.exe
  2⤵
  PID:7600
- C:\Windows\System\ODCrwlH.exe
  C:\Windows\System\ODCrwlH.exe
  2⤵
  PID:7864
- C:\Windows\System\OGgeMHx.exe
  C:\Windows\System\OGgeMHx.exe
  2⤵
  PID:8240
- C:\Windows\System\pVXnmVK.exe
  C:\Windows\System\pVXnmVK.exe
  2⤵
  PID:8296
- C:\Windows\System\TQZlLkM.exe
  C:\Windows\System\TQZlLkM.exe
  2⤵
  PID:8372
- C:\Windows\System\NXfxlFz.exe
  C:\Windows\System\NXfxlFz.exe
  2⤵
  PID:4324
- C:\Windows\System\dWwOfzd.exe
  C:\Windows\System\dWwOfzd.exe
  2⤵
  PID:8460
- C:\Windows\System\hATUdwt.exe
  C:\Windows\System\hATUdwt.exe
  2⤵
  PID:4524
- C:\Windows\System\BtMHFHl.exe
  C:\Windows\System\BtMHFHl.exe
  2⤵
  PID:8548
- C:\Windows\System\ZlezTjN.exe
  C:\Windows\System\ZlezTjN.exe
  2⤵
  PID:8604
- C:\Windows\System\MbbfCxY.exe
  C:\Windows\System\MbbfCxY.exe
  2⤵
  PID:1696
- C:\Windows\System\LVPMMJy.exe
  C:\Windows\System\LVPMMJy.exe
  2⤵
  PID:8708
- C:\Windows\System\LEnhLWP.exe
  C:\Windows\System\LEnhLWP.exe
  2⤵
  PID:3924
- C:\Windows\System\qcfsYWq.exe
  C:\Windows\System\qcfsYWq.exe
  2⤵
  PID:8820
- C:\Windows\System\GXHEIKR.exe
  C:\Windows\System\GXHEIKR.exe
  2⤵
  PID:8856
- C:\Windows\System\XmtHFVJ.exe
  C:\Windows\System\XmtHFVJ.exe
  2⤵
  PID:8912
- C:\Windows\System\YMHJFuT.exe
  C:\Windows\System\YMHJFuT.exe
  2⤵
  PID:8968
- C:\Windows\System\vLsGnIZ.exe
  C:\Windows\System\vLsGnIZ.exe
  2⤵
  PID:9024
- C:\Windows\System\PLijPKs.exe
  C:\Windows\System\PLijPKs.exe
  2⤵
  PID:9100
- C:\Windows\System\MaSOrOw.exe
  C:\Windows\System\MaSOrOw.exe
  2⤵
  PID:9132
- C:\Windows\System\oQiQcvy.exe
  C:\Windows\System\oQiQcvy.exe
  2⤵
  PID:9188
- C:\Windows\System\naUqnvV.exe
  C:\Windows\System\naUqnvV.exe
  2⤵
  PID:8040
- C:\Windows\System\XiaeQeN.exe
  C:\Windows\System\XiaeQeN.exe
  2⤵
  PID:7192
- C:\Windows\System\uznWdeK.exe
  C:\Windows\System\uznWdeK.exe
  2⤵
  PID:2152
- C:\Windows\System\BEcjWrK.exe
  C:\Windows\System\BEcjWrK.exe
  2⤵
  PID:8268
- C:\Windows\System\DHKWBaV.exe
  C:\Windows\System\DHKWBaV.exe
  2⤵
  PID:8400
- C:\Windows\System\horJiwy.exe
  C:\Windows\System\horJiwy.exe
  2⤵
  PID:8512
- C:\Windows\System\GZHOfOY.exe
  C:\Windows\System\GZHOfOY.exe
  2⤵
  PID:2768
- C:\Windows\System\jzhIUYn.exe
  C:\Windows\System\jzhIUYn.exe
  2⤵
  PID:8736
- C:\Windows\System\OsErBHf.exe
  C:\Windows\System\OsErBHf.exe
  2⤵
  PID:8828
- C:\Windows\System\EtGPhSU.exe
  C:\Windows\System\EtGPhSU.exe
  2⤵
  PID:1140
- C:\Windows\System\jIitvcP.exe
  C:\Windows\System\jIitvcP.exe
  2⤵
  PID:9076
- C:\Windows\System\cXomUtL.exe
  C:\Windows\System\cXomUtL.exe
  2⤵
  PID:9184
- C:\Windows\System\bSRJcwL.exe
  C:\Windows\System\bSRJcwL.exe
  2⤵
  PID:7480
- C:\Windows\System\qhbsTPu.exe
  C:\Windows\System\qhbsTPu.exe
  2⤵
  PID:4544
- C:\Windows\System\vAtVyse.exe
  C:\Windows\System\vAtVyse.exe
  2⤵
  PID:3412
- C:\Windows\System\ZBwqwmy.exe
  C:\Windows\System\ZBwqwmy.exe
  2⤵
  PID:8800
- C:\Windows\System\bqmEVci.exe
  C:\Windows\System\bqmEVci.exe
  2⤵
  PID:9056
- C:\Windows\System\NJmjuQi.exe
  C:\Windows\System\NJmjuQi.exe
  2⤵
  PID:9236
- C:\Windows\System\ZofYXRW.exe
  C:\Windows\System\ZofYXRW.exe
  2⤵
  PID:9264
- C:\Windows\System\sQtwJjv.exe
  C:\Windows\System\sQtwJjv.exe
  2⤵
  PID:9292
- C:\Windows\System\NFWsMMu.exe
  C:\Windows\System\NFWsMMu.exe
  2⤵
  PID:9320
- C:\Windows\System\OwDLoWD.exe
  C:\Windows\System\OwDLoWD.exe
  2⤵
  PID:9348
- C:\Windows\System\sfuvonl.exe
  C:\Windows\System\sfuvonl.exe
  2⤵
  PID:9376
- C:\Windows\System\brkJcgG.exe
  C:\Windows\System\brkJcgG.exe
  2⤵
  PID:9404
- C:\Windows\System\VzvgFlR.exe
  C:\Windows\System\VzvgFlR.exe
  2⤵
  PID:9432
- C:\Windows\System\GabnhEa.exe
  C:\Windows\System\GabnhEa.exe
  2⤵
  PID:9460
- C:\Windows\System\vBSjkan.exe
  C:\Windows\System\vBSjkan.exe
  2⤵
  PID:9488
- C:\Windows\System\LPZwxxH.exe
  C:\Windows\System\LPZwxxH.exe
  2⤵
  PID:9516
- C:\Windows\System\PKvXhBc.exe
  C:\Windows\System\PKvXhBc.exe
  2⤵
  PID:9540
- C:\Windows\System\OlchyXy.exe
  C:\Windows\System\OlchyXy.exe
  2⤵
  PID:9568
- C:\Windows\System\ymouARv.exe
  C:\Windows\System\ymouARv.exe
  2⤵
  PID:9600
- C:\Windows\System\ryfXCSg.exe
  C:\Windows\System\ryfXCSg.exe
  2⤵
  PID:9628
- C:\Windows\System\MSlRhuQ.exe
  C:\Windows\System\MSlRhuQ.exe
  2⤵
  PID:9656
- C:\Windows\System\PvXsUkZ.exe
  C:\Windows\System\PvXsUkZ.exe
  2⤵
  PID:9684
- C:\Windows\System\PnZDvmM.exe
  C:\Windows\System\PnZDvmM.exe
  2⤵
  PID:9712
- C:\Windows\System\eUTsUog.exe
  C:\Windows\System\eUTsUog.exe
  2⤵
  PID:9740
- C:\Windows\System\DpHBBph.exe
  C:\Windows\System\DpHBBph.exe
  2⤵
  PID:9768
- C:\Windows\System\CHyAfmi.exe
  C:\Windows\System\CHyAfmi.exe
  2⤵
  PID:9796
- C:\Windows\System\ApKoomG.exe
  C:\Windows\System\ApKoomG.exe
  2⤵
  PID:9824
- C:\Windows\System\QpXLuBp.exe
  C:\Windows\System\QpXLuBp.exe
  2⤵
  PID:9852
- C:\Windows\System\lcFSbGs.exe
  C:\Windows\System\lcFSbGs.exe
  2⤵
  PID:9876
- C:\Windows\System\bqnjOGR.exe
  C:\Windows\System\bqnjOGR.exe
  2⤵
  PID:9908
- C:\Windows\System\RmvDYMv.exe
  C:\Windows\System\RmvDYMv.exe
  2⤵
  PID:9932
- C:\Windows\System\iXmLQZd.exe
  C:\Windows\System\iXmLQZd.exe
  2⤵
  PID:9960
- C:\Windows\System\uNVCmpx.exe
  C:\Windows\System\uNVCmpx.exe
  2⤵
  PID:9988
- C:\Windows\System\VfpvWEK.exe
  C:\Windows\System\VfpvWEK.exe
  2⤵
  PID:10020
- C:\Windows\System\BPklnzQ.exe
  C:\Windows\System\BPklnzQ.exe
  2⤵
  PID:10048
- C:\Windows\System\AAuFDuv.exe
  C:\Windows\System\AAuFDuv.exe
  2⤵
  PID:10072
- C:\Windows\System\aHeOSbP.exe
  C:\Windows\System\aHeOSbP.exe
  2⤵
  PID:10100
- C:\Windows\System\HxiDQsQ.exe
  C:\Windows\System\HxiDQsQ.exe
  2⤵
  PID:10136
- C:\Windows\System\ZaeDBrr.exe
  C:\Windows\System\ZaeDBrr.exe
  2⤵
  PID:10160
- C:\Windows\System\amRvkcs.exe
  C:\Windows\System\amRvkcs.exe
  2⤵
  PID:10188
- C:\Windows\System\dCtqlBe.exe
  C:\Windows\System\dCtqlBe.exe
  2⤵
  PID:10216
- C:\Windows\System\Pdmduep.exe
  C:\Windows\System\Pdmduep.exe
  2⤵
  PID:7988
- C:\Windows\System\FhhUVoX.exe
  C:\Windows\System\FhhUVoX.exe
  2⤵
  PID:8436
- C:\Windows\System\PErKanT.exe
  C:\Windows\System\PErKanT.exe
  2⤵
  PID:1660
- C:\Windows\System\HOyGJZe.exe
  C:\Windows\System\HOyGJZe.exe
  2⤵
  PID:9248
- C:\Windows\System\NNaBnmL.exe
  C:\Windows\System\NNaBnmL.exe
  2⤵
  PID:9276
- C:\Windows\System\RwyuCXf.exe
  C:\Windows\System\RwyuCXf.exe
  2⤵
  PID:9332
- C:\Windows\System\dzVmwdV.exe
  C:\Windows\System\dzVmwdV.exe
  2⤵
  PID:9416
- C:\Windows\System\OMClEcT.exe
  C:\Windows\System\OMClEcT.exe
  2⤵
  PID:9472
- C:\Windows\System\ZLuCiAJ.exe
  C:\Windows\System\ZLuCiAJ.exe
  2⤵
  PID:9504
- C:\Windows\System\gUOPlmp.exe
  C:\Windows\System\gUOPlmp.exe
  2⤵
  PID:9556
- C:\Windows\System\RGahMpV.exe
  C:\Windows\System\RGahMpV.exe
  2⤵
  PID:9700
- C:\Windows\System\YGdckng.exe
  C:\Windows\System\YGdckng.exe
  2⤵
  PID:1816
- C:\Windows\System\IywGFbC.exe
  C:\Windows\System\IywGFbC.exe
  2⤵
  PID:3964
- C:\Windows\System\FigvPov.exe
  C:\Windows\System\FigvPov.exe
  2⤵
  PID:9900
- C:\Windows\System\oiznoMz.exe
  C:\Windows\System\oiznoMz.exe
  2⤵
  PID:1172
- C:\Windows\System\PbleolD.exe
  C:\Windows\System\PbleolD.exe
  2⤵
  PID:10012
- C:\Windows\System\lYObnds.exe
  C:\Windows\System\lYObnds.exe
  2⤵
  PID:10060
- C:\Windows\System\fgzTnLA.exe
  C:\Windows\System\fgzTnLA.exe
  2⤵
  PID:10152
- C:\Windows\System\JDmkiAh.exe
  C:\Windows\System\JDmkiAh.exe
  2⤵
  PID:2932
- C:\Windows\System\KGbYCRG.exe
  C:\Windows\System\KGbYCRG.exe
  2⤵
  PID:3840
- C:\Windows\System\IyVhprS.exe
  C:\Windows\System\IyVhprS.exe
  2⤵
  PID:4120
- C:\Windows\System\LSXmusa.exe
  C:\Windows\System\LSXmusa.exe
  2⤵
  PID:2872
- C:\Windows\System\ZvPeMnL.exe
  C:\Windows\System\ZvPeMnL.exe
  2⤵
  PID:4880
- C:\Windows\System\DiTarma.exe
  C:\Windows\System\DiTarma.exe
  2⤵
  PID:3088
- C:\Windows\System\GokwNGt.exe
  C:\Windows\System\GokwNGt.exe
  2⤵
  PID:5040
- C:\Windows\System\gAveedy.exe
  C:\Windows\System\gAveedy.exe
  2⤵
  PID:5084
- C:\Windows\System\PeAFTjV.exe
  C:\Windows\System\PeAFTjV.exe
  2⤵
  PID:9480
- C:\Windows\System\kHDNmjS.exe
  C:\Windows\System\kHDNmjS.exe
  2⤵
  PID:5072
- C:\Windows\System\DZkddDN.exe
  C:\Windows\System\DZkddDN.exe
  2⤵
  PID:4956
- C:\Windows\System\haUyWIT.exe
  C:\Windows\System\haUyWIT.exe
  2⤵
  PID:2940
- C:\Windows\System\jqXvbTU.exe
  C:\Windows\System\jqXvbTU.exe
  2⤵
  PID:9752
- C:\Windows\System\kdjvGKh.exe
  C:\Windows\System\kdjvGKh.exe
  2⤵
  PID:9872
- C:\Windows\System\BfIuMlI.exe
  C:\Windows\System\BfIuMlI.exe
  2⤵
  PID:9952
- C:\Windows\System\zbOHqbC.exe
  C:\Windows\System\zbOHqbC.exe
  2⤵
  PID:10092
- C:\Windows\System\CWVCkhk.exe
  C:\Windows\System\CWVCkhk.exe
  2⤵
  PID:1088
- C:\Windows\System\EgrhkMB.exe
  C:\Windows\System\EgrhkMB.exe
  2⤵
  PID:2660
- C:\Windows\System\oHYsoYL.exe
  C:\Windows\System\oHYsoYL.exe
  2⤵
  PID:9308
- C:\Windows\System\ilmpvmt.exe
  C:\Windows\System\ilmpvmt.exe
  2⤵
  PID:4656
- C:\Windows\System\IqOVFdp.exe
  C:\Windows\System\IqOVFdp.exe
  2⤵
  PID:1164
- C:\Windows\System\qkEUoEu.exe
  C:\Windows\System\qkEUoEu.exe
  2⤵
  PID:992
- C:\Windows\System\OAsnoeE.exe
  C:\Windows\System\OAsnoeE.exe
  2⤵
  PID:2868
- C:\Windows\System\oWZFVtu.exe
  C:\Windows\System\oWZFVtu.exe
  2⤵
  PID:10176
- C:\Windows\System\dmGlNTD.exe
  C:\Windows\System\dmGlNTD.exe
  2⤵
  PID:3104
- C:\Windows\System\IygxqXn.exe
  C:\Windows\System\IygxqXn.exe
  2⤵
  PID:3224
- C:\Windows\System\VgwKnkg.exe
  C:\Windows\System\VgwKnkg.exe
  2⤵
  PID:9844
- C:\Windows\System\JCLtdMn.exe
  C:\Windows\System\JCLtdMn.exe
  2⤵
  PID:2124
- C:\Windows\System\jBWLlRj.exe
  C:\Windows\System\jBWLlRj.exe
  2⤵
  PID:1612
- C:\Windows\System\iJMBEYd.exe
  C:\Windows\System\iJMBEYd.exe
  2⤵
  PID:10256
- C:\Windows\System\uLXvBgL.exe
  C:\Windows\System\uLXvBgL.exe
  2⤵
  PID:10292
- C:\Windows\System\Rqsalkt.exe
  C:\Windows\System\Rqsalkt.exe
  2⤵
  PID:10320
- C:\Windows\System\NYVbsuG.exe
  C:\Windows\System\NYVbsuG.exe
  2⤵
  PID:10360
- C:\Windows\System\IeEJmoE.exe
  C:\Windows\System\IeEJmoE.exe
  2⤵
  PID:10400
- C:\Windows\System\yGQNFXJ.exe
  C:\Windows\System\yGQNFXJ.exe
  2⤵
  PID:10428
- C:\Windows\System\VlTvlSG.exe
  C:\Windows\System\VlTvlSG.exe
  2⤵
  PID:10444
- C:\Windows\System\wvbARoU.exe
  C:\Windows\System\wvbARoU.exe
  2⤵
  PID:10496
- C:\Windows\System\vzfZXOh.exe
  C:\Windows\System\vzfZXOh.exe
  2⤵
  PID:10532
- C:\Windows\System\nsqyqfS.exe
  C:\Windows\System\nsqyqfS.exe
  2⤵
  PID:10556
- C:\Windows\System\oyKRCPE.exe
  C:\Windows\System\oyKRCPE.exe
  2⤵
  PID:10580
- C:\Windows\System\XPeeTlf.exe
  C:\Windows\System\XPeeTlf.exe
  2⤵
  PID:10660
- C:\Windows\System\UMVptAm.exe
  C:\Windows\System\UMVptAm.exe
  2⤵
  PID:10696
- C:\Windows\System\CCHzAKA.exe
  C:\Windows\System\CCHzAKA.exe
  2⤵
  PID:10732
- C:\Windows\System\EfYVHKb.exe
  C:\Windows\System\EfYVHKb.exe
  2⤵
  PID:10756
- C:\Windows\System\jbPEyEb.exe
  C:\Windows\System\jbPEyEb.exe
  2⤵
  PID:10792
- C:\Windows\System\CGfYzME.exe
  C:\Windows\System\CGfYzME.exe
  2⤵
  PID:10824
- C:\Windows\System\GUaZvHi.exe
  C:\Windows\System\GUaZvHi.exe
  2⤵
  PID:10840
- C:\Windows\System\MObxbqr.exe
  C:\Windows\System\MObxbqr.exe
  2⤵
  PID:10880
- C:\Windows\System\MeVOZoo.exe
  C:\Windows\System\MeVOZoo.exe
  2⤵
  PID:10896
- C:\Windows\System\XRSqyow.exe
  C:\Windows\System\XRSqyow.exe
  2⤵
  PID:10936
- C:\Windows\System\aDoztzO.exe
  C:\Windows\System\aDoztzO.exe
  2⤵
  PID:10964
- C:\Windows\System\RCRGbZB.exe
  C:\Windows\System\RCRGbZB.exe
  2⤵
  PID:10992
- C:\Windows\System\kGohsqr.exe
  C:\Windows\System\kGohsqr.exe
  2⤵
  PID:11016
- C:\Windows\System\jnmRdiB.exe
  C:\Windows\System\jnmRdiB.exe
  2⤵
  PID:11036
- C:\Windows\System\fpqYrKs.exe
  C:\Windows\System\fpqYrKs.exe
  2⤵
  PID:11076
- C:\Windows\System\PIiFMdy.exe
  C:\Windows\System\PIiFMdy.exe
  2⤵
  PID:11108
- C:\Windows\System\DfslkFj.exe
  C:\Windows\System\DfslkFj.exe
  2⤵
  PID:11136
- C:\Windows\System\kWmYeSF.exe
  C:\Windows\System\kWmYeSF.exe
  2⤵
  PID:11164
- C:\Windows\System\XZXrexJ.exe
  C:\Windows\System\XZXrexJ.exe
  2⤵
  PID:11184
- C:\Windows\System\aRXpdrt.exe
  C:\Windows\System\aRXpdrt.exe
  2⤵
  PID:11228
- C:\Windows\System\btCJUBT.exe
  C:\Windows\System\btCJUBT.exe
  2⤵
  PID:10272
- C:\Windows\System\RuvuPqk.exe
  C:\Windows\System\RuvuPqk.exe
  2⤵
  PID:10348
- C:\Windows\System\VwqTlVt.exe
  C:\Windows\System\VwqTlVt.exe
  2⤵
  PID:10388
- C:\Windows\System\VdHWdHj.exe
  C:\Windows\System\VdHWdHj.exe
  2⤵
  PID:10424
- C:\Windows\System\WOOIMhI.exe
  C:\Windows\System\WOOIMhI.exe
  2⤵
  PID:10516
- C:\Windows\System\uWGzYbQ.exe
  C:\Windows\System\uWGzYbQ.exe
  2⤵
  PID:10620
- C:\Windows\System\BizXIKx.exe
  C:\Windows\System\BizXIKx.exe
  2⤵
  PID:10740
- C:\Windows\System\cDzcddS.exe
  C:\Windows\System\cDzcddS.exe
  2⤵
  PID:10804
- C:\Windows\System\KsWZCMJ.exe
  C:\Windows\System\KsWZCMJ.exe
  2⤵
  PID:10876
- C:\Windows\System\hdgjiCZ.exe
  C:\Windows\System\hdgjiCZ.exe
  2⤵
  PID:10928
- C:\Windows\System\uESKPhu.exe
  C:\Windows\System\uESKPhu.exe
  2⤵
  PID:780
- C:\Windows\System\hmIxoxU.exe
  C:\Windows\System\hmIxoxU.exe
  2⤵
  PID:11024
- C:\Windows\System\TTHrFxl.exe
  C:\Windows\System\TTHrFxl.exe
  2⤵
  PID:11100
- C:\Windows\System\JIIJemM.exe
  C:\Windows\System\JIIJemM.exe
  2⤵
  PID:11160
- C:\Windows\System\DwAoHAJ.exe
  C:\Windows\System\DwAoHAJ.exe
  2⤵
  PID:11244
- C:\Windows\System\ufrpRlF.exe
  C:\Windows\System\ufrpRlF.exe
  2⤵
  PID:632
- C:\Windows\System\Gupvnus.exe
  C:\Windows\System\Gupvnus.exe
  2⤵
  PID:10420
- C:\Windows\System\cxmSLGJ.exe
  C:\Windows\System\cxmSLGJ.exe
  2⤵
  PID:2132
- C:\Windows\System\HqOjqLv.exe
  C:\Windows\System\HqOjqLv.exe
  2⤵
  PID:10776
- C:\Windows\System\FhzGELR.exe
  C:\Windows\System\FhzGELR.exe
  2⤵
  PID:4684
- C:\Windows\System\GgIPDkX.exe
  C:\Windows\System\GgIPDkX.exe
  2⤵
  PID:11028
- C:\Windows\System\iGXhcGB.exe
  C:\Windows\System\iGXhcGB.exe
  2⤵
  PID:11148
- C:\Windows\System\rojtOao.exe
  C:\Windows\System\rojtOao.exe
  2⤵
  PID:11200
- C:\Windows\System\uvlWCzE.exe
  C:\Windows\System\uvlWCzE.exe
  2⤵
  PID:10520
- C:\Windows\System\HKzZKcC.exe
  C:\Windows\System\HKzZKcC.exe
  2⤵
  PID:2264
- C:\Windows\System\DRQSPEs.exe
  C:\Windows\System\DRQSPEs.exe
  2⤵
  PID:11132
- C:\Windows\System\OolQPbd.exe
  C:\Windows\System\OolQPbd.exe
  2⤵
  PID:10572
- C:\Windows\System\UsirmXY.exe
  C:\Windows\System\UsirmXY.exe
  2⤵
  PID:11092
- C:\Windows\System\QMAkmVW.exe
  C:\Windows\System\QMAkmVW.exe
  2⤵
  PID:11084
- C:\Windows\System\QKwyFAj.exe
  C:\Windows\System\QKwyFAj.exe
  2⤵
  PID:11272
- C:\Windows\System\xhrUxEj.exe
  C:\Windows\System\xhrUxEj.exe
  2⤵
  PID:11308
- C:\Windows\System\UIsDbwH.exe
  C:\Windows\System\UIsDbwH.exe
  2⤵
  PID:11336
- C:\Windows\System\grOMIRk.exe
  C:\Windows\System\grOMIRk.exe
  2⤵
  PID:11364
- C:\Windows\System\iPvtTdp.exe
  C:\Windows\System\iPvtTdp.exe
  2⤵
  PID:11392
- C:\Windows\System\NEWPQqw.exe
  C:\Windows\System\NEWPQqw.exe
  2⤵
  PID:11420
- C:\Windows\System\iffOzaP.exe
  C:\Windows\System\iffOzaP.exe
  2⤵
  PID:11452
- C:\Windows\System\EnDzafP.exe
  C:\Windows\System\EnDzafP.exe
  2⤵
  PID:11480
- C:\Windows\System\ycMfoJb.exe
  C:\Windows\System\ycMfoJb.exe
  2⤵
  PID:11528
- C:\Windows\System\yaPXMKm.exe
  C:\Windows\System\yaPXMKm.exe
  2⤵
  PID:11580
- C:\Windows\System\fkqCBVW.exe
  C:\Windows\System\fkqCBVW.exe
  2⤵
  PID:11612
- C:\Windows\System\gJgIwLx.exe
  C:\Windows\System\gJgIwLx.exe
  2⤵
  PID:11640
- C:\Windows\System\FbbcMtU.exe
  C:\Windows\System\FbbcMtU.exe
  2⤵
  PID:11668
- C:\Windows\System\MasHUhU.exe
  C:\Windows\System\MasHUhU.exe
  2⤵
  PID:11696
- C:\Windows\System\PSQDmzU.exe
  C:\Windows\System\PSQDmzU.exe
  2⤵
  PID:11724
- C:\Windows\System\XaIKTuw.exe
  C:\Windows\System\XaIKTuw.exe
  2⤵
  PID:11752
- C:\Windows\System\wXFCplI.exe
  C:\Windows\System\wXFCplI.exe
  2⤵
  PID:11780
- C:\Windows\System\DnDDIRk.exe
  C:\Windows\System\DnDDIRk.exe
  2⤵
  PID:11808
- C:\Windows\System\ckVIafj.exe
  C:\Windows\System\ckVIafj.exe
  2⤵
  PID:11836
- C:\Windows\System\shKEhjT.exe
  C:\Windows\System\shKEhjT.exe
  2⤵
  PID:11864
- C:\Windows\System\uOnPoEu.exe
  C:\Windows\System\uOnPoEu.exe
  2⤵
  PID:11892
- C:\Windows\System\RJaglug.exe
  C:\Windows\System\RJaglug.exe
  2⤵
  PID:11920
- C:\Windows\System\SJeZiLO.exe
  C:\Windows\System\SJeZiLO.exe
  2⤵
  PID:11948
- C:\Windows\System\cPOjcbd.exe
  C:\Windows\System\cPOjcbd.exe
  2⤵
  PID:11976
- C:\Windows\System\jGbBSmY.exe
  C:\Windows\System\jGbBSmY.exe
  2⤵
  PID:12004
- C:\Windows\System\IThMPBh.exe
  C:\Windows\System\IThMPBh.exe
  2⤵
  PID:12032
- C:\Windows\System\ySqpDJp.exe
  C:\Windows\System\ySqpDJp.exe
  2⤵
  PID:12060
- C:\Windows\System\QLvyvLO.exe
  C:\Windows\System\QLvyvLO.exe
  2⤵
  PID:12092
- C:\Windows\System\RZVUaww.exe
  C:\Windows\System\RZVUaww.exe
  2⤵
  PID:12124
- C:\Windows\System\pkTUBAq.exe
  C:\Windows\System\pkTUBAq.exe
  2⤵
  PID:12156
- C:\Windows\System\NAImJMd.exe
  C:\Windows\System\NAImJMd.exe
  2⤵
  PID:12184
- C:\Windows\System\LnVOwlb.exe
  C:\Windows\System\LnVOwlb.exe
  2⤵
  PID:12212
- C:\Windows\System\PXoOFsR.exe
  C:\Windows\System\PXoOFsR.exe
  2⤵
  PID:12232
- C:\Windows\System\zMejWFo.exe
  C:\Windows\System\zMejWFo.exe
  2⤵
  PID:12264
- C:\Windows\System\seWeCTP.exe
  C:\Windows\System\seWeCTP.exe
  2⤵
  PID:12280
- C:\Windows\System\ZSKRRNy.exe
  C:\Windows\System\ZSKRRNy.exe
  2⤵
  PID:11404
- C:\Windows\System\VEbutzr.exe
  C:\Windows\System\VEbutzr.exe
  2⤵
  PID:11516
- C:\Windows\System\IGbAVMU.exe
  C:\Windows\System\IGbAVMU.exe
  2⤵
  PID:11572
- C:\Windows\System\ujAnEqo.exe
  C:\Windows\System\ujAnEqo.exe
  2⤵
  PID:11688
- C:\Windows\System\bIQAyvv.exe
  C:\Windows\System\bIQAyvv.exe
  2⤵
  PID:11776
- C:\Windows\System\yruzYco.exe
  C:\Windows\System\yruzYco.exe
  2⤵
  PID:11880
- C:\Windows\System\khrFCRt.exe
  C:\Windows\System\khrFCRt.exe
  2⤵
  PID:11916
- C:\Windows\System\PTdxvHr.exe
  C:\Windows\System\PTdxvHr.exe
  2⤵
  PID:12000
- C:\Windows\System\umJOWYF.exe
  C:\Windows\System\umJOWYF.exe
  2⤵
  PID:12028
- C:\Windows\System\YbQhBXq.exe
  C:\Windows\System\YbQhBXq.exe
  2⤵
  PID:12104
- C:\Windows\System\elByITp.exe
  C:\Windows\System\elByITp.exe
  2⤵
  PID:12148
- C:\Windows\System\WEjuflt.exe
  C:\Windows\System\WEjuflt.exe
  2⤵
  PID:12224
- C:\Windows\System\YzpCCQu.exe
  C:\Windows\System\YzpCCQu.exe
  2⤵
  PID:11300
- C:\Windows\System\qfDXCYF.exe
  C:\Windows\System\qfDXCYF.exe
  2⤵
  PID:4420
- C:\Windows\System\ByPiRix.exe
  C:\Windows\System\ByPiRix.exe
  2⤵
  PID:10372
- C:\Windows\System\RrFTrqE.exe
  C:\Windows\System\RrFTrqE.exe
  2⤵
  PID:11684
- C:\Windows\System\UjQShVS.exe
  C:\Windows\System\UjQShVS.exe
  2⤵
  PID:11860
- C:\Windows\System\mMcNZPa.exe
  C:\Windows\System\mMcNZPa.exe
  2⤵
  PID:4940
- C:\Windows\System\ujxrREN.exe
  C:\Windows\System\ujxrREN.exe
  2⤵
  PID:3280
- C:\Windows\System\PUwipub.exe
  C:\Windows\System\PUwipub.exe
  2⤵
  PID:4260
- C:\Windows\System\UJPIqnu.exe
  C:\Windows\System\UJPIqnu.exe
  2⤵
  PID:11512
- C:\Windows\System\YhYifkn.exe
  C:\Windows\System\YhYifkn.exe
  2⤵
  PID:1596
- C:\Windows\System\kARCDkC.exe
  C:\Windows\System\kARCDkC.exe
  2⤵
  PID:11996
- C:\Windows\System\QdyHIGA.exe
  C:\Windows\System\QdyHIGA.exe
  2⤵
  PID:1944
- C:\Windows\System\DLBsueZ.exe
  C:\Windows\System\DLBsueZ.exe
  2⤵
  PID:2096
- C:\Windows\System\eZKPSFs.exe
  C:\Windows\System\eZKPSFs.exe
  2⤵
  PID:11544
- C:\Windows\System\NZGrMAs.exe
  C:\Windows\System\NZGrMAs.exe
  2⤵
  PID:12276
- C:\Windows\System\lfbqeBY.exe
  C:\Windows\System\lfbqeBY.exe
  2⤵
  PID:10340
- C:\Windows\System\MSMvEYS.exe
  C:\Windows\System\MSMvEYS.exe
  2⤵
  PID:11912
- C:\Windows\System\HFAlFHL.exe
  C:\Windows\System\HFAlFHL.exe
  2⤵
  PID:4784
- C:\Windows\System\upQHXSi.exe
  C:\Windows\System\upQHXSi.exe
  2⤵
  PID:12312
- C:\Windows\System\FxIowNQ.exe
  C:\Windows\System\FxIowNQ.exe
  2⤵
  PID:12340
- C:\Windows\System\kuGXwcI.exe
  C:\Windows\System\kuGXwcI.exe
  2⤵
  PID:12368
- C:\Windows\System\QhYFFHq.exe
  C:\Windows\System\QhYFFHq.exe
  2⤵
  PID:12396
- C:\Windows\System\EGNWlfm.exe
  C:\Windows\System\EGNWlfm.exe
  2⤵
  PID:12424
- C:\Windows\System\jZblDfP.exe
  C:\Windows\System\jZblDfP.exe
  2⤵
  PID:12452
- C:\Windows\System\YNibgOw.exe
  C:\Windows\System\YNibgOw.exe
  2⤵
  PID:12480
- C:\Windows\System\IHkbuOR.exe
  C:\Windows\System\IHkbuOR.exe
  2⤵
  PID:12508
- C:\Windows\System\nkMyPOw.exe
  C:\Windows\System\nkMyPOw.exe
  2⤵
  PID:12536
- C:\Windows\System\DBwdBGH.exe
  C:\Windows\System\DBwdBGH.exe
  2⤵
  PID:12564
- C:\Windows\System\BbmOhFt.exe
  C:\Windows\System\BbmOhFt.exe
  2⤵
  PID:12592
- C:\Windows\System\BLeEgox.exe
  C:\Windows\System\BLeEgox.exe
  2⤵
  PID:12620
- C:\Windows\System\CWDzbHZ.exe
  C:\Windows\System\CWDzbHZ.exe
  2⤵
  PID:12648
- C:\Windows\System\VoykUKC.exe
  C:\Windows\System\VoykUKC.exe
  2⤵
  PID:12676
- C:\Windows\System\dTFjGDg.exe
  C:\Windows\System\dTFjGDg.exe
  2⤵
  PID:12704
- C:\Windows\System\tqKdaUg.exe
  C:\Windows\System\tqKdaUg.exe
  2⤵
  PID:12732
- C:\Windows\System\irVMMuU.exe
  C:\Windows\System\irVMMuU.exe
  2⤵
  PID:12760
- C:\Windows\System\tokLgJX.exe
  C:\Windows\System\tokLgJX.exe
  2⤵
  PID:12788
- C:\Windows\System\QABpBJv.exe
  C:\Windows\System\QABpBJv.exe
  2⤵
  PID:12816
- C:\Windows\System\iUjzpBJ.exe
  C:\Windows\System\iUjzpBJ.exe
  2⤵
  PID:12844
- C:\Windows\System\POXYete.exe
  C:\Windows\System\POXYete.exe
  2⤵
  PID:12876
- C:\Windows\System\zcmOUwL.exe
  C:\Windows\System\zcmOUwL.exe
  2⤵
  PID:12904
- C:\Windows\System\ZwyMfTH.exe
  C:\Windows\System\ZwyMfTH.exe
  2⤵
  PID:12932
- C:\Windows\System\vUoxTvn.exe
  C:\Windows\System\vUoxTvn.exe
  2⤵
  PID:12964
- C:\Windows\System\MuIhwcd.exe
  C:\Windows\System\MuIhwcd.exe
  2⤵
  PID:12996
- C:\Windows\System\FVLRbWF.exe
  C:\Windows\System\FVLRbWF.exe
  2⤵
  PID:13024
- C:\Windows\System\TdoJnmR.exe
  C:\Windows\System\TdoJnmR.exe
  2⤵
  PID:13052
- C:\Windows\System\APrPmsU.exe
  C:\Windows\System\APrPmsU.exe
  2⤵
  PID:13080
- C:\Windows\System\WMpGpsL.exe
  C:\Windows\System\WMpGpsL.exe
  2⤵
  PID:13108
- C:\Windows\System\geVtjln.exe
  C:\Windows\System\geVtjln.exe
  2⤵
  PID:13148
- C:\Windows\System\UWxbzPn.exe
  C:\Windows\System\UWxbzPn.exe
  2⤵
  PID:13168
- C:\Windows\System\fWPbydg.exe
  C:\Windows\System\fWPbydg.exe
  2⤵
  PID:13196
- C:\Windows\System\xJzUtxQ.exe
  C:\Windows\System\xJzUtxQ.exe
  2⤵
  PID:13224
- C:\Windows\System\cTewvsK.exe
  C:\Windows\System\cTewvsK.exe
  2⤵
  PID:13252
- C:\Windows\System\DImEkvD.exe
  C:\Windows\System\DImEkvD.exe
  2⤵
  PID:12324
- C:\Windows\System\WayWTCS.exe
  C:\Windows\System\WayWTCS.exe
  2⤵
  PID:12416
- C:\Windows\System\ngQAPTS.exe
  C:\Windows\System\ngQAPTS.exe
  2⤵
  PID:12492
- C:\Windows\System\aCiPZEQ.exe
  C:\Windows\System\aCiPZEQ.exe
  2⤵
  PID:12556
- C:\Windows\System\vGVwsej.exe
  C:\Windows\System\vGVwsej.exe
  2⤵
  PID:5152
- C:\Windows\System\ypuyKrj.exe
  C:\Windows\System\ypuyKrj.exe
  2⤵
  PID:12672
- C:\Windows\System\YfGEpZd.exe
  C:\Windows\System\YfGEpZd.exe
  2⤵
  PID:12728
- C:\Windows\System\PyGnRyk.exe
  C:\Windows\System\PyGnRyk.exe
  2⤵
  PID:12780
- C:\Windows\System\HVGgXMM.exe
  C:\Windows\System\HVGgXMM.exe
  2⤵
  PID:12840
- C:\Windows\System\JsqurNu.exe
  C:\Windows\System\JsqurNu.exe
  2⤵
  PID:12916
- C:\Windows\System\djgJKsf.exe
  C:\Windows\System\djgJKsf.exe
  2⤵
  PID:12988
- C:\Windows\System\SoWtvXo.exe
  C:\Windows\System\SoWtvXo.exe
  2⤵
  PID:13036
- C:\Windows\System\TmBFjMn.exe
  C:\Windows\System\TmBFjMn.exe
  2⤵
  PID:13100
- C:\Windows\System\WXqbNxg.exe
  C:\Windows\System\WXqbNxg.exe
  2⤵
  PID:13164
- C:\Windows\System\EENBKBC.exe
  C:\Windows\System\EENBKBC.exe
  2⤵
  PID:13236
- C:\Windows\System\tWiGBoj.exe
  C:\Windows\System\tWiGBoj.exe
  2⤵
  PID:12388
- C:\Windows\System\CFMHoGT.exe
  C:\Windows\System\CFMHoGT.exe
  2⤵
  PID:12532
- C:\Windows\System\WyQQaYL.exe
  C:\Windows\System\WyQQaYL.exe
  2⤵
  PID:12444
- C:\Windows\System\DJdImse.exe
  C:\Windows\System\DJdImse.exe
  2⤵
  PID:13296
- C:\Windows\System\khexHAj.exe
  C:\Windows\System\khexHAj.exe
  2⤵
  PID:5224
- C:\Windows\System\kVTpYDG.exe
  C:\Windows\System\kVTpYDG.exe
  2⤵
  PID:12868
- C:\Windows\System\hFqyfdX.exe
  C:\Windows\System\hFqyfdX.exe
  2⤵
  PID:13016
- C:\Windows\System\PeqcxwY.exe
  C:\Windows\System\PeqcxwY.exe
  2⤵
  PID:13160
- C:\Windows\System\YupZdNQ.exe
  C:\Windows\System\YupZdNQ.exe
  2⤵
  PID:3588
- C:\Windows\System\CtHQKXH.exe
  C:\Windows\System\CtHQKXH.exe
  2⤵
  PID:12872
- C:\Windows\System\TAHkYjA.exe
  C:\Windows\System\TAHkYjA.exe
  2⤵
  PID:12944
- C:\Windows\System\kYEIXMO.exe
  C:\Windows\System\kYEIXMO.exe
  2⤵
  PID:13128
- C:\Windows\System\BXuYTbD.exe
  C:\Windows\System\BXuYTbD.exe
  2⤵
  PID:12612
- C:\Windows\System\fvnpBxK.exe
  C:\Windows\System\fvnpBxK.exe
  2⤵
  PID:13076
- C:\Windows\System\yoRrfiF.exe
  C:\Windows\System\yoRrfiF.exe
  2⤵
  PID:12476
- C:\Windows\System\FURicWq.exe
  C:\Windows\System\FURicWq.exe
  2⤵
  PID:13340
- C:\Windows\System\QdSWRqh.exe
  C:\Windows\System\QdSWRqh.exe
  2⤵
  PID:13360
- C:\Windows\System\juCMmCC.exe
  C:\Windows\System\juCMmCC.exe
  2⤵
  PID:13388
- C:\Windows\System\EqUZXOr.exe
  C:\Windows\System\EqUZXOr.exe
  2⤵
  PID:13416
- C:\Windows\System\DdUTLHs.exe
  C:\Windows\System\DdUTLHs.exe
  2⤵
  PID:13444
- C:\Windows\System\PJzdZjy.exe
  C:\Windows\System\PJzdZjy.exe
  2⤵
  PID:13472
- C:\Windows\System\qWBHhyO.exe
  C:\Windows\System\qWBHhyO.exe
  2⤵
  PID:13500
- C:\Windows\System\tYZFnBh.exe
  C:\Windows\System\tYZFnBh.exe
  2⤵
  PID:13528
- C:\Windows\System\OidAFDf.exe
  C:\Windows\System\OidAFDf.exe
  2⤵
  PID:13556
- C:\Windows\System\weIFJEZ.exe
  C:\Windows\System\weIFJEZ.exe
  2⤵
  PID:13588
- C:\Windows\System\hnwxvyz.exe
  C:\Windows\System\hnwxvyz.exe
  2⤵
  PID:13616
- C:\Windows\System\LKIXUkO.exe
  C:\Windows\System\LKIXUkO.exe
  2⤵
  PID:13644
- C:\Windows\System\DHWgwDI.exe
  C:\Windows\System\DHWgwDI.exe
  2⤵
  PID:13672
- C:\Windows\System\nCGmIQX.exe
  C:\Windows\System\nCGmIQX.exe
  2⤵
  PID:13700
- C:\Windows\System\RwhgRGG.exe
  C:\Windows\System\RwhgRGG.exe
  2⤵
  PID:13728
- C:\Windows\System\ZmXmKvv.exe
  C:\Windows\System\ZmXmKvv.exe
  2⤵
  PID:13756
- C:\Windows\System\yCWNcvC.exe
  C:\Windows\System\yCWNcvC.exe
  2⤵
  PID:13784
- C:\Windows\System\FrueeUh.exe
  C:\Windows\System\FrueeUh.exe
  2⤵
  PID:13812
- C:\Windows\System\HlhZjCV.exe
  C:\Windows\System\HlhZjCV.exe
  2⤵
  PID:13840
- C:\Windows\System\MigaWkc.exe
  C:\Windows\System\MigaWkc.exe
  2⤵
  PID:13868
- C:\Windows\System\YpNvgfi.exe
  C:\Windows\System\YpNvgfi.exe
  2⤵
  PID:13896
- C:\Windows\System\hlOifvD.exe
  C:\Windows\System\hlOifvD.exe
  2⤵
  PID:13924
- C:\Windows\System\fkQdpsB.exe
  C:\Windows\System\fkQdpsB.exe
  2⤵
  PID:13952
- C:\Windows\System\aLycGQR.exe
  C:\Windows\System\aLycGQR.exe
  2⤵
  PID:13980
- C:\Windows\System\mpmzVcK.exe
  C:\Windows\System\mpmzVcK.exe
  2⤵
  PID:14008
- C:\Windows\System\WIKgPop.exe
  C:\Windows\System\WIKgPop.exe
  2⤵
  PID:14036
- C:\Windows\System\CMEvspu.exe
  C:\Windows\System\CMEvspu.exe
  2⤵
  PID:14064
- C:\Windows\System\CsTbisw.exe
  C:\Windows\System\CsTbisw.exe
  2⤵
  PID:14092
- C:\Windows\System\bFIKCXa.exe
  C:\Windows\System\bFIKCXa.exe
  2⤵
  PID:14120
- C:\Windows\System\aIQFrWj.exe
  C:\Windows\System\aIQFrWj.exe
  2⤵
  PID:14148
- C:\Windows\System\vZnHKOs.exe
  C:\Windows\System\vZnHKOs.exe
  2⤵
  PID:14176
- C:\Windows\System\SCeNRKK.exe
  C:\Windows\System\SCeNRKK.exe
  2⤵
  PID:14204
- C:\Windows\System\BqqlYTQ.exe
  C:\Windows\System\BqqlYTQ.exe
  2⤵
  PID:14232
- C:\Windows\System\SuiqcTp.exe
  C:\Windows\System\SuiqcTp.exe
  2⤵
  PID:14260
- C:\Windows\System\dmToZpC.exe
  C:\Windows\System\dmToZpC.exe
  2⤵
  PID:14288
- C:\Windows\System\cinmlJZ.exe
  C:\Windows\System\cinmlJZ.exe
  2⤵
  PID:14316
- C:\Windows\System\psyemYr.exe
  C:\Windows\System\psyemYr.exe
  2⤵
  PID:13332
- C:\Windows\System\SyJgTSG.exe
  C:\Windows\System\SyJgTSG.exe
  2⤵
  PID:13404
- C:\Windows\System\YqdEhnr.exe
  C:\Windows\System\YqdEhnr.exe
  2⤵
  PID:13440
- C:\Windows\System\NUfTlGk.exe
  C:\Windows\System\NUfTlGk.exe
  2⤵
  PID:13492
- C:\Windows\System\SlcKjvO.exe
  C:\Windows\System\SlcKjvO.exe
  2⤵
  PID:13628
- C:\Windows\System\ltaoiOy.exe
  C:\Windows\System\ltaoiOy.exe
  2⤵
  PID:13748
- C:\Windows\System\eByFaSK.exe
  C:\Windows\System\eByFaSK.exe
  2⤵
  PID:13908
- C:\Windows\System\wNzEtoQ.exe
  C:\Windows\System\wNzEtoQ.exe
  2⤵
  PID:14004
- C:\Windows\System\QevtusI.exe
  C:\Windows\System\QevtusI.exe
  2⤵
  PID:14056
- C:\Windows\System\WZOCCYq.exe
  C:\Windows\System\WZOCCYq.exe
  2⤵
  PID:14140
- C:\Windows\System\vwEAsRF.exe
  C:\Windows\System\vwEAsRF.exe
  2⤵
  PID:14216
- C:\Windows\System\SwBVVZS.exe
  C:\Windows\System\SwBVVZS.exe
  2⤵
  PID:3420
- C:\Windows\System\dghQQVj.exe
  C:\Windows\System\dghQQVj.exe
  2⤵
  PID:4288
- C:\Windows\System\PhZFHEC.exe
  C:\Windows\System\PhZFHEC.exe
  2⤵
  PID:13584
- C:\Windows\System\TAsBtDm.exe
  C:\Windows\System\TAsBtDm.exe
  2⤵
  PID:13936
- C:\Windows\System\zTDXyrx.exe
  C:\Windows\System\zTDXyrx.exe
  2⤵
  PID:14032
- C:\Windows\System\ZBRkVoa.exe
  C:\Windows\System\ZBRkVoa.exe
  2⤵
  PID:5176
- C:\Windows\System\FWNuPxe.exe
  C:\Windows\System\FWNuPxe.exe
  2⤵
  PID:13468
- C:\Windows\System\FgLOyBP.exe
  C:\Windows\System\FgLOyBP.exe
  2⤵
  PID:5000
- C:\Windows\System\yTwHEcC.exe
  C:\Windows\System\yTwHEcC.exe
  2⤵
  PID:6108
- C:\Windows\System\cFxRaBn.exe
  C:\Windows\System\cFxRaBn.exe
  2⤵
  PID:13836
- C:\Windows\System\mWIfDuR.exe
  C:\Windows\System\mWIfDuR.exe
  2⤵
  PID:13520
- C:\Windows\System\UZiGtUj.exe
  C:\Windows\System\UZiGtUj.exe
  2⤵
  PID:13688
- C:\Windows\System\tWTeeLQ.exe
  C:\Windows\System\tWTeeLQ.exe
  2⤵
  PID:2204
- C:\Windows\System\XnffPzG.exe
  C:\Windows\System\XnffPzG.exe
  2⤵
  PID:6548
- C:\Windows\System\tohIavV.exe
  C:\Windows\System\tohIavV.exe
  2⤵
  PID:14384
- C:\Windows\System\GfBgmSb.exe
  C:\Windows\System\GfBgmSb.exe
  2⤵
  PID:14416
- C:\Windows\System\lonPPcq.exe
  C:\Windows\System\lonPPcq.exe
  2⤵
  PID:14456
- C:\Windows\System\VKjldiH.exe
  C:\Windows\System\VKjldiH.exe
  2⤵
  PID:14496
- C:\Windows\System\doDoVJf.exe
  C:\Windows\System\doDoVJf.exe
  2⤵
  PID:14528
- C:\Windows\System\rYMPNQP.exe
  C:\Windows\System\rYMPNQP.exe
  2⤵
  PID:14548
- C:\Windows\System\qyfWEmN.exe
  C:\Windows\System\qyfWEmN.exe
  2⤵
  PID:14564
- C:\Windows\System\ZmwqfqE.exe
  C:\Windows\System\ZmwqfqE.exe
  2⤵
  PID:14592
- C:\Windows\System\LdfDchE.exe
  C:\Windows\System\LdfDchE.exe
  2⤵
  PID:14636
- C:\Windows\System\WeCPOWt.exe
  C:\Windows\System\WeCPOWt.exe
  2⤵
  PID:14652
- C:\Windows\System\DinZEWv.exe
  C:\Windows\System\DinZEWv.exe
  2⤵
  PID:14720
- C:\Windows\System\XQkTAes.exe
  C:\Windows\System\XQkTAes.exe
  2⤵
  PID:14756
- C:\Windows\System\YwGyTpH.exe
  C:\Windows\System\YwGyTpH.exe
  2⤵
  PID:14892
- C:\Windows\System\tpjNPAn.exe
  C:\Windows\System\tpjNPAn.exe
  2⤵
  PID:14948
- C:\Windows\System\WTOnrim.exe
  C:\Windows\System\WTOnrim.exe
  2⤵
  PID:14972
- C:\Windows\System\sitFyLM.exe
  C:\Windows\System\sitFyLM.exe
  2⤵
  PID:14992
- C:\Windows\System\NtXTvkV.exe
  C:\Windows\System\NtXTvkV.exe
  2⤵
  PID:15020
- C:\Windows\System\ibbUjex.exe
  C:\Windows\System\ibbUjex.exe
  2⤵
  PID:15044
- C:\Windows\System\jrYDrCM.exe
  C:\Windows\System\jrYDrCM.exe
  2⤵
  PID:15080
- C:\Windows\System\ZSJUGHS.exe
  C:\Windows\System\ZSJUGHS.exe
  2⤵
  PID:15140
- C:\Windows\System\ZazISSf.exe
  C:\Windows\System\ZazISSf.exe
  2⤵
  PID:15200
- C:\Windows\System\sljsCfj.exe
  C:\Windows\System\sljsCfj.exe
  2⤵
  PID:15268
- C:\Windows\System\NUWekDq.exe
  C:\Windows\System\NUWekDq.exe
  2⤵
  PID:15300
- C:\Windows\System\oUWymqh.exe
  C:\Windows\System\oUWymqh.exe
  2⤵
  PID:15320
- C:\Windows\System\zLDAJas.exe
  C:\Windows\System\zLDAJas.exe
  2⤵
  PID:15336
- C:\Windows\System\jArwIyC.exe
  C:\Windows\System\jArwIyC.exe
  2⤵
  PID:6464
- C:\Windows\System\sWEwUGd.exe
  C:\Windows\System\sWEwUGd.exe
  2⤵
  PID:4648
- C:\Windows\System\gLSehtG.exe
  C:\Windows\System\gLSehtG.exe
  2⤵
  PID:13608
- C:\Windows\System\KKYFHGd.exe
  C:\Windows\System\KKYFHGd.exe
  2⤵
  PID:14408
- C:\Windows\System\BBswgOp.exe
  C:\Windows\System\BBswgOp.exe
  2⤵
  PID:14444
- C:\Windows\System\yulabWB.exe
  C:\Windows\System\yulabWB.exe
  2⤵
  PID:13580
- C:\Windows\System\ZqLbSCq.exe
  C:\Windows\System\ZqLbSCq.exe
  2⤵
  PID:14584
- C:\Windows\System\vJMnLhX.exe
  C:\Windows\System\vJMnLhX.exe
  2⤵
  PID:14688
- C:\Windows\System\mHQXfSv.exe
  C:\Windows\System\mHQXfSv.exe
  2⤵
  PID:14776
- C:\Windows\System\SKokxsw.exe
  C:\Windows\System\SKokxsw.exe
  2⤵
  PID:14784
- C:\Windows\System\soBTOdY.exe
  C:\Windows\System\soBTOdY.exe
  2⤵
  PID:6940
- C:\Windows\System\utwBUuP.exe
  C:\Windows\System\utwBUuP.exe
  2⤵
  PID:14912
- C:\Windows\System\Vaouzww.exe
  C:\Windows\System\Vaouzww.exe
  2⤵
  PID:14308
- C:\Windows\System\mzEwPgr.exe
  C:\Windows\System\mzEwPgr.exe
  2⤵
  PID:4340
- C:\Windows\System\otzNGAW.exe
  C:\Windows\System\otzNGAW.exe
  2⤵
  PID:7052
- C:\Windows\System\uKIofcs.exe
  C:\Windows\System\uKIofcs.exe
  2⤵
  PID:7136
- C:\Windows\System\trCaqJD.exe
  C:\Windows\System\trCaqJD.exe
  2⤵
  PID:5256
- C:\Windows\System\RWijgvU.exe
  C:\Windows\System\RWijgvU.exe
  2⤵
  PID:14936
- C:\Windows\System\JKlNDRn.exe
  C:\Windows\System\JKlNDRn.exe
  2⤵
  PID:1276
- C:\Windows\System\oAkDcGK.exe
  C:\Windows\System\oAkDcGK.exe
  2⤵
  PID:5048
- C:\Windows\System\bOvYEpO.exe
  C:\Windows\System\bOvYEpO.exe
  2⤵
  PID:14964
- C:\Windows\System\kIlyYHk.exe
  C:\Windows\System\kIlyYHk.exe
  2⤵
  PID:15060
- C:\Windows\System\SrpvOrD.exe
  C:\Windows\System\SrpvOrD.exe
  2⤵
  PID:15128
- C:\Windows\System\ixZBGOw.exe
  C:\Windows\System\ixZBGOw.exe
  2⤵
  PID:6896
- C:\Windows\System\accFIFI.exe
  C:\Windows\System\accFIFI.exe
  2⤵
  PID:7000
- C:\Windows\System\NPZfQAk.exe
  C:\Windows\System\NPZfQAk.exe
  2⤵
  PID:6308
- C:\Windows\System\bRbHEPk.exe
  C:\Windows\System\bRbHEPk.exe
  2⤵
  PID:6724
- C:\Windows\System\CurbCvS.exe
  C:\Windows\System\CurbCvS.exe
  2⤵
  PID:3036
- C:\Windows\System\hJIZgvW.exe
  C:\Windows\System\hJIZgvW.exe
  2⤵
  PID:14960
- C:\Windows\System\Ldyzdzm.exe
  C:\Windows\System\Ldyzdzm.exe
  2⤵
  PID:15332
- C:\Windows\System\UIlUrfm.exe
  C:\Windows\System\UIlUrfm.exe
  2⤵
  PID:3360
- C:\Windows\System\ZIbogFl.exe
  C:\Windows\System\ZIbogFl.exe
  2⤵
  PID:7328
- C:\Windows\System\krcmyWJ.exe
  C:\Windows\System\krcmyWJ.exe
  2⤵
  PID:3256
- C:\Windows\System\AydbmFB.exe
  C:\Windows\System\AydbmFB.exe
  2⤵
  PID:3148
- C:\Windows\System\XNpEctl.exe
  C:\Windows\System\XNpEctl.exe
  2⤵
  PID:14464
- C:\Windows\System\TItHavk.exe
  C:\Windows\System\TItHavk.exe
  2⤵
  PID:14536
- C:\Windows\System\zKSGWld.exe
  C:\Windows\System\zKSGWld.exe
  2⤵
  PID:4520
- C:\Windows\System\ayKVqVr.exe
  C:\Windows\System\ayKVqVr.exe
  2⤵
  PID:14612
- C:\Windows\System\llIKNYv.exe
  C:\Windows\System\llIKNYv.exe
  2⤵
  PID:14740
- C:\Windows\System\vXZEdMz.exe
  C:\Windows\System\vXZEdMz.exe
  2⤵
  PID:3600
- C:\Windows\System\vHJwRHU.exe
  C:\Windows\System\vHJwRHU.exe
  2⤵
  PID:1948
- C:\Windows\System\QtWzXQd.exe
  C:\Windows\System\QtWzXQd.exe
  2⤵
  PID:14572
- C:\Windows\System\acQYUZB.exe
  C:\Windows\System\acQYUZB.exe
  2⤵
  PID:7024
- C:\Windows\System\CPZBwkZ.exe
  C:\Windows\System\CPZBwkZ.exe
  2⤵
  PID:4976
- C:\Windows\System\PtQxDeJ.exe
  C:\Windows\System\PtQxDeJ.exe
  2⤵
  PID:2808
- C:\Windows\System\nWHvoBw.exe
  C:\Windows\System\nWHvoBw.exe
  2⤵
  PID:7804
- C:\Windows\System\UeLnrhG.exe
  C:\Windows\System\UeLnrhG.exe
  2⤵
  PID:15036
- C:\Windows\System\fwDmHaz.exe
  C:\Windows\System\fwDmHaz.exe
  2⤵
  PID:15160
- C:\Windows\System\GWmdoJQ.exe
  C:\Windows\System\GWmdoJQ.exe
  2⤵
  PID:11448
- C:\Windows\System\RjwiemT.exe
  C:\Windows\System\RjwiemT.exe
  2⤵
  PID:6772
- C:\Windows\System\gPbSlNI.exe
  C:\Windows\System\gPbSlNI.exe
  2⤵
  PID:11508
- C:\Windows\System\PBcflVi.exe
  C:\Windows\System\PBcflVi.exe
  2⤵
  PID:7888
- C:\Windows\System\weOItyN.exe
  C:\Windows\System\weOItyN.exe
  2⤵
  PID:6220
- C:\Windows\System\ltDLYZZ.exe
  C:\Windows\System\ltDLYZZ.exe
  2⤵
  PID:4164
- C:\Windows\System\yeYxWwZ.exe
  C:\Windows\System\yeYxWwZ.exe
  2⤵
  PID:14880
- C:\Windows\System\aJGagIq.exe
  C:\Windows\System\aJGagIq.exe
  2⤵
  PID:3816
- C:\Windows\System\SSwsGke.exe
  C:\Windows\System\SSwsGke.exe
  2⤵
  PID:10528
- C:\Windows\System\JlwAQSc.exe
  C:\Windows\System\JlwAQSc.exe
  2⤵
  PID:4356
- C:\Windows\System\PokPclx.exe
  C:\Windows\System\PokPclx.exe
  2⤵
  PID:6564
- C:\Windows\System\KrOmCcZ.exe
  C:\Windows\System\KrOmCcZ.exe
  2⤵
  PID:15348
- C:\Windows\System\EGnUBLs.exe
  C:\Windows\System\EGnUBLs.exe
  2⤵
  PID:2296
- C:\Windows\System\fxIcYYo.exe
  C:\Windows\System\fxIcYYo.exe
  2⤵
  PID:7460
- C:\Windows\System\RPQqxBj.exe
  C:\Windows\System\RPQqxBj.exe
  2⤵
  PID:2744
- C:\Windows\System\sKXMpIU.exe
  C:\Windows\System\sKXMpIU.exe
  2⤵
  PID:3916
- C:\Windows\System\AlTmPZA.exe
  C:\Windows\System\AlTmPZA.exe
  2⤵
  PID:14804
- C:\Windows\System\WzgeGPr.exe
  C:\Windows\System\WzgeGPr.exe
  2⤵
  PID:5136
- C:\Windows\System\ihbtHIU.exe
  C:\Windows\System\ihbtHIU.exe
  2⤵
  PID:3788
- C:\Windows\System\ldxGGGH.exe
  C:\Windows\System\ldxGGGH.exe
  2⤵
  PID:7820
- C:\Windows\System\KnlKUHG.exe
  C:\Windows\System\KnlKUHG.exe
  2⤵
  PID:5220
- C:\Windows\System\YEYtiOa.exe
  C:\Windows\System\YEYtiOa.exe
  2⤵
  PID:5304
- C:\Windows\System\kyPPLZK.exe
  C:\Windows\System\kyPPLZK.exe
  2⤵
  PID:15212
- C:\Windows\System\damywXH.exe
  C:\Windows\System\damywXH.exe
  2⤵
  PID:14744
- C:\Windows\System\ABGMSPG.exe
  C:\Windows\System\ABGMSPG.exe
  2⤵
  PID:7680
- C:\Windows\System\pWCdcSJ.exe
  C:\Windows\System\pWCdcSJ.exe
  2⤵
  PID:1968
- C:\Windows\System\yXxXCZG.exe
  C:\Windows\System\yXxXCZG.exe
  2⤵
  PID:3608
- C:\Windows\System\bWGxLwQ.exe
  C:\Windows\System\bWGxLwQ.exe
  2⤵
  PID:2032
- C:\Windows\System\eWQdKKa.exe
  C:\Windows\System\eWQdKKa.exe
  2⤵
  PID:3048
- C:\Windows\System\aUSiExI.exe
  C:\Windows\System\aUSiExI.exe
  2⤵
  PID:7064
- C:\Windows\System\byLwcqn.exe
  C:\Windows\System\byLwcqn.exe
  2⤵
  PID:5572
- C:\Windows\System\evgnOmz.exe
  C:\Windows\System\evgnOmz.exe
  2⤵
  PID:7416
- C:\Windows\System\SJUibQL.exe
  C:\Windows\System\SJUibQL.exe
  2⤵
  PID:15260
- C:\Windows\System\nihGGpZ.exe
  C:\Windows\System\nihGGpZ.exe
  2⤵
  PID:5728
- C:\Windows\System\PccCVwv.exe
  C:\Windows\System\PccCVwv.exe
  2⤵
  PID:15276
- C:\Windows\System\rsYycoM.exe
  C:\Windows\System\rsYycoM.exe
  2⤵
  PID:5376
- C:\Windows\System\xBrXcon.exe
  C:\Windows\System\xBrXcon.exe
  2⤵
  PID:5444
- C:\Windows\System\OfqqlxH.exe
  C:\Windows\System\OfqqlxH.exe
  2⤵
  PID:5820
- C:\Windows\System\IZNEXuh.exe
  C:\Windows\System\IZNEXuh.exe
  2⤵
  PID:5836
- C:\Windows\System\ldVoKqG.exe
  C:\Windows\System\ldVoKqG.exe
  2⤵
  PID:5892
- C:\Windows\System\XbKTTbG.exe
  C:\Windows\System\XbKTTbG.exe
  2⤵
  PID:11524
- C:\Windows\System\xvflwTo.exe
  C:\Windows\System\xvflwTo.exe
  2⤵
  PID:7696
- C:\Windows\System\qfZfamE.exe
  C:\Windows\System\qfZfamE.exe
  2⤵
  PID:5516
- C:\Windows\System\JOMGIGL.exe
  C:\Windows\System\JOMGIGL.exe
  2⤵
  PID:7668
- C:\Windows\System\TNNIFJz.exe
  C:\Windows\System\TNNIFJz.exe
  2⤵
  PID:7288
- C:\Windows\System\uwhPeAA.exe
  C:\Windows\System\uwhPeAA.exe
  2⤵
  PID:5992
- C:\Windows\System\UVgONnO.exe
  C:\Windows\System\UVgONnO.exe
  2⤵
  PID:1236
- C:\Windows\System\qyHyenk.exe
  C:\Windows\System\qyHyenk.exe
  2⤵
  PID:2884
- C:\Windows\System\NUlcVHy.exe
  C:\Windows\System\NUlcVHy.exe
  2⤵
  PID:5168
- C:\Windows\System\GfVlYbG.exe
  C:\Windows\System\GfVlYbG.exe
  2⤵
  PID:11292
- C:\Windows\System\XPkGVzi.exe
  C:\Windows\System\XPkGVzi.exe
  2⤵
  PID:5332
- C:\Windows\System\MkPTOKC.exe
  C:\Windows\System\MkPTOKC.exe
  2⤵
  PID:8760
- C:\Windows\System\aJCDQmI.exe
  C:\Windows\System\aJCDQmI.exe
  2⤵
  PID:6076
- C:\Windows\System\gokLyCD.exe
  C:\Windows\System\gokLyCD.exe
  2⤵
  PID:5600
- C:\Windows\System\OGrfCEZ.exe
  C:\Windows\System\OGrfCEZ.exe
  2⤵
  PID:5020
- C:\Windows\System\fYfVChE.exe
  C:\Windows\System\fYfVChE.exe
  2⤵
  PID:5276
- C:\Windows\System\LleODMf.exe
  C:\Windows\System\LleODMf.exe
  2⤵
  PID:5664
- C:\Windows\System\YzbxLDq.exe
  C:\Windows\System\YzbxLDq.exe
  2⤵
  PID:2112
- C:\Windows\System\ETvYUmY.exe
  C:\Windows\System\ETvYUmY.exe
  2⤵
  PID:404
- C:\Windows\System\HRUjFSm.exe
  C:\Windows\System\HRUjFSm.exe
  2⤵
  PID:8844
- C:\Windows\System\EEvOFTM.exe
  C:\Windows\System\EEvOFTM.exe
  2⤵
  PID:6572
- C:\Windows\System\Tegtxtq.exe
  C:\Windows\System\Tegtxtq.exe
  2⤵
  PID:2368
- C:\Windows\System\ZsflXqc.exe
  C:\Windows\System\ZsflXqc.exe
  2⤵
  PID:5320
- C:\Windows\System\SUreZhW.exe
  C:\Windows\System\SUreZhW.exe
  2⤵
  PID:4804
- C:\Windows\System\bTCeIii.exe
  C:\Windows\System\bTCeIii.exe
  2⤵
  PID:5216
- C:\Windows\System\HMLvcNS.exe
  C:\Windows\System\HMLvcNS.exe
  2⤵
  PID:6368
- C:\Windows\System\mrZnKpZ.exe
  C:\Windows\System\mrZnKpZ.exe
  2⤵
  PID:5476
- C:\Windows\System\OORhsry.exe
  C:\Windows\System\OORhsry.exe
  2⤵
  PID:5848
- C:\Windows\System\nzdpCSw.exe
  C:\Windows\System\nzdpCSw.exe
  2⤵
  PID:6008
- C:\Windows\System\fsktUgc.exe
  C:\Windows\System\fsktUgc.exe
  2⤵
  PID:628
- C:\Windows\System\hQMOnFG.exe
  C:\Windows\System\hQMOnFG.exe
  2⤵
  PID:6200
- C:\Windows\System\MpIACGD.exe
  C:\Windows\System\MpIACGD.exe
  2⤵
  PID:5684
- C:\Windows\System\TPnMMOH.exe
  C:\Windows\System\TPnMMOH.exe
  2⤵
  PID:15376
- C:\Windows\System\zTUGtoR.exe
  C:\Windows\System\zTUGtoR.exe
  2⤵
  PID:15404
- C:\Windows\System\XSvEeyn.exe
  C:\Windows\System\XSvEeyn.exe
  2⤵
  PID:15468
- C:\Windows\System\JgUPrYh.exe
  C:\Windows\System\JgUPrYh.exe
  2⤵
  PID:15484
- C:\Windows\System\uemITSB.exe
  C:\Windows\System\uemITSB.exe
  2⤵
  PID:15572
- C:\Windows\System\afORjXx.exe
  C:\Windows\System\afORjXx.exe
  2⤵
  PID:15588
- C:\Windows\System\JjDUvhF.exe
  C:\Windows\System\JjDUvhF.exe
  2⤵
  PID:15628
- C:\Windows\System\JpeitSF.exe
  C:\Windows\System\JpeitSF.exe
  2⤵
  PID:15744
- C:\Windows\System\WqCzqZP.exe
  C:\Windows\System\WqCzqZP.exe
  2⤵
  PID:15760
- C:\Windows\System\TfLtSWV.exe
  C:\Windows\System\TfLtSWV.exe
  2⤵
  PID:15792
- C:\Windows\System\SknfMKd.exe
  C:\Windows\System\SknfMKd.exe
  2⤵
  PID:15820
- C:\Windows\System\mJAfojB.exe
  C:\Windows\System\mJAfojB.exe
  2⤵
  PID:15848
- C:\Windows\System\TqDPkkt.exe
  C:\Windows\System\TqDPkkt.exe
  2⤵
  PID:15912
- C:\Windows\System\LyTVhQR.exe
  C:\Windows\System\LyTVhQR.exe
  2⤵
  PID:15928
- C:\Windows\System\erMljMt.exe
  C:\Windows\System\erMljMt.exe
  2⤵
  PID:15988
- C:\Windows\System\cpwqqPw.exe
  C:\Windows\System\cpwqqPw.exe
  2⤵
  PID:16012
- C:\Windows\System\wZYokBk.exe
  C:\Windows\System\wZYokBk.exe
  2⤵
  PID:16048
- C:\Windows\System\GMEjVBA.exe
  C:\Windows\System\GMEjVBA.exe
  2⤵
  PID:16144
- C:\Windows\System\pnHuawh.exe
  C:\Windows\System\pnHuawh.exe
  2⤵
  PID:16188
- C:\Windows\System\wnBGWrR.exe
  C:\Windows\System\wnBGWrR.exe
  2⤵
  PID:16228
- C:\Windows\System\BMBqvpk.exe
  C:\Windows\System\BMBqvpk.exe
  2⤵
  PID:16248
- C:\Windows\System\hWfxqhH.exe
  C:\Windows\System\hWfxqhH.exe
  2⤵
  PID:16268
- C:\Windows\System\psphNfO.exe
  C:\Windows\System\psphNfO.exe
  2⤵
  PID:16300
- C:\Windows\System\aFWdBKa.exe
  C:\Windows\System\aFWdBKa.exe
  2⤵
  PID:16348
- C:\Windows\System\VXFdCWk.exe
  C:\Windows\System\VXFdCWk.exe
  2⤵
  PID:16376
- C:\Windows\System\YFpfRaa.exe
  C:\Windows\System\YFpfRaa.exe
  2⤵
  PID:15388
- C:\Windows\System\fqDsuln.exe
  C:\Windows\System\fqDsuln.exe
  2⤵
  PID:15436
- C:\Windows\System\AtcoyKu.exe
  C:\Windows\System\AtcoyKu.exe
  2⤵
  PID:15460
- C:\Windows\System\kVpbEkk.exe
  C:\Windows\System\kVpbEkk.exe
  2⤵
  PID:15476
- C:\Windows\System\NEcCFRz.exe
  C:\Windows\System\NEcCFRz.exe
  2⤵
  PID:6352
- C:\Windows\System\YxTNrUS.exe
  C:\Windows\System\YxTNrUS.exe
  2⤵
  PID:15548
- C:\Windows\System\PRcBYNh.exe
  C:\Windows\System\PRcBYNh.exe
  2⤵
  PID:6424
- C:\Windows\System\dJwtbYO.exe
  C:\Windows\System\dJwtbYO.exe
  2⤵
  PID:15612
- C:\Windows\System\cVefQoN.exe
  C:\Windows\System\cVefQoN.exe
  2⤵
  PID:15648
- C:\Windows\System\VxdDcDq.exe
  C:\Windows\System\VxdDcDq.exe
  2⤵
  PID:15672
- C:\Windows\System\AxBZSUG.exe
  C:\Windows\System\AxBZSUG.exe
  2⤵
  PID:15700
- C:\Windows\System\iOhWOpH.exe
  C:\Windows\System\iOhWOpH.exe
  2⤵
  PID:15716
- C:\Windows\System\ESqhcxG.exe
  C:\Windows\System\ESqhcxG.exe
  2⤵
  PID:6520
- C:\Windows\System\EYdsCfh.exe
  C:\Windows\System\EYdsCfh.exe
  2⤵
  PID:15804
- C:\Windows\System\nhELTkC.exe
  C:\Windows\System\nhELTkC.exe
  2⤵
  PID:15880
- C:\Windows\System\ALdwTXW.exe
  C:\Windows\System\ALdwTXW.exe
  2⤵
  PID:15904
- C:\Windows\System\EgqsGHu.exe
  C:\Windows\System\EgqsGHu.exe
  2⤵
  PID:15948
- C:\Windows\System\TMwgpGf.exe
  C:\Windows\System\TMwgpGf.exe
  2⤵
  PID:6764
- C:\Windows\System\MmVPHoc.exe
  C:\Windows\System\MmVPHoc.exe
  2⤵
  PID:16124
- C:\Windows\System\ItMZfSX.exe
  C:\Windows\System\ItMZfSX.exe
  2⤵
  PID:15780
- C:\Windows\System\dzcDnbu.exe
  C:\Windows\System\dzcDnbu.exe
  2⤵
  PID:16240
- C:\Windows\System\LiAWcJl.exe
  C:\Windows\System\LiAWcJl.exe
  2⤵
  PID:16208
- C:\Windows\System\WfVoYGb.exe
  C:\Windows\System\WfVoYGb.exe
  2⤵
  PID:16372
- C:\Windows\System\ujELEwo.exe
  C:\Windows\System\ujELEwo.exe
  2⤵
  PID:15428
- C:\Windows\System\jZGpRGw.exe
  C:\Windows\System\jZGpRGw.exe
  2⤵
  PID:15544
- C:\Windows\System\ZAuLnAw.exe
  C:\Windows\System\ZAuLnAw.exe
  2⤵
  PID:6284
- C:\Windows\System\PsFUDLV.exe
  C:\Windows\System\PsFUDLV.exe
  2⤵
  PID:6356
- C:\Windows\System\NvOxgZs.exe
  C:\Windows\System\NvOxgZs.exe
  2⤵
  PID:15756
- C:\Windows\System\kfoqOQE.exe
  C:\Windows\System\kfoqOQE.exe
  2⤵
  PID:6640
- C:\Windows\System\bfhgPqE.exe
  C:\Windows\System\bfhgPqE.exe
  2⤵
  PID:16060
- C:\Windows\System\IKaSDpN.exe
  C:\Windows\System\IKaSDpN.exe
  2⤵
  PID:16104
- C:\Windows\System\jaCTnuq.exe
  C:\Windows\System\jaCTnuq.exe
  2⤵
  PID:10132
- C:\Windows\System\yVxfUNL.exe
  C:\Windows\System\yVxfUNL.exe
  2⤵
  PID:6864
- C:\Windows\System\oPoGWHM.exe
  C:\Windows\System\oPoGWHM.exe
  2⤵
  PID:16184
- C:\Windows\System\gwsoQUY.exe
  C:\Windows\System\gwsoQUY.exe
  2⤵
  PID:16224
- C:\Windows\System\tglOgbu.exe
  C:\Windows\System\tglOgbu.exe
  2⤵
  PID:16312
- C:\Windows\System\MvxEIce.exe
  C:\Windows\System\MvxEIce.exe
  2⤵
  PID:15452
- C:\Windows\System\HfnQoYJ.exe
  C:\Windows\System\HfnQoYJ.exe
  2⤵
  PID:15516
- C:\Windows\System\kEplXjM.exe
  C:\Windows\System\kEplXjM.exe
  2⤵
  PID:15624
- C:\Windows\System\JkPnyKw.exe
  C:\Windows\System\JkPnyKw.exe
  2⤵
  PID:15696
- C:\Windows\System\edofHHr.exe
  C:\Windows\System\edofHHr.exe
  2⤵
  PID:15788
- C:\Windows\System\WZuSJCM.exe
  C:\Windows\System\WZuSJCM.exe
  2⤵
  PID:6540
- C:\Windows\System\brRKRFU.exe
  C:\Windows\System\brRKRFU.exe
  2⤵
  PID:616
- C:\Windows\System\CrnGntq.exe
  C:\Windows\System\CrnGntq.exe
  2⤵
  PID:15964
- C:\Windows\System\PKYXxbM.exe
  C:\Windows\System\PKYXxbM.exe
  2⤵
  PID:16004
- C:\Windows\System\wOtvOgG.exe
  C:\Windows\System\wOtvOgG.exe
  2⤵
  PID:16032
- C:\Windows\System\CCgpoZj.exe
  C:\Windows\System\CCgpoZj.exe
  2⤵
  PID:7244
- C:\Windows\System\JrdUIdV.exe
  C:\Windows\System\JrdUIdV.exe
  2⤵
  PID:7300
- C:\Windows\System\jvgtxYC.exe
  C:\Windows\System\jvgtxYC.exe
  2⤵
  PID:7428
- C:\Windows\System\TBQEOcw.exe
  C:\Windows\System\TBQEOcw.exe
  2⤵
  PID:16180
- C:\Windows\System\dfrFvbU.exe
  C:\Windows\System\dfrFvbU.exe
  2⤵
  PID:7496
- C:\Windows\System\KVXovEX.exe
  C:\Windows\System\KVXovEX.exe
  2⤵
  PID:7548
- C:\Windows\System\zvykukT.exe
  C:\Windows\System\zvykukT.exe
  2⤵
  PID:15608
- C:\Windows\System\randfbE.exe
  C:\Windows\System\randfbE.exe
  2⤵
  PID:7640
- C:\Windows\System\vDmvmLi.exe
  C:\Windows\System\vDmvmLi.exe
  2⤵
  PID:7684
- C:\Windows\System\bEbgOAN.exe
  C:\Windows\System\bEbgOAN.exe
  2⤵
  PID:7176
- C:\Windows\System\EDUcJhD.exe
  C:\Windows\System\EDUcJhD.exe
  2⤵
  PID:6728
- C:\Windows\System\VanNVou.exe
  C:\Windows\System\VanNVou.exe
  2⤵
  PID:7252
- C:\Windows\System\Bkucfvc.exe
  C:\Windows\System\Bkucfvc.exe
  2⤵
  PID:7400
- C:\Windows\System\JPAySCH.exe
  C:\Windows\System\JPAySCH.exe
  2⤵
  PID:15464
- C:\Windows\System\jJXqprC.exe
  C:\Windows\System\jJXqprC.exe
  2⤵
  PID:15584
- C:\Windows\System\zZqTFRi.exe
  C:\Windows\System\zZqTFRi.exe
  2⤵
  PID:15868
- C:\Windows\System\LKnhZyJ.exe
  C:\Windows\System\LKnhZyJ.exe
  2⤵
  PID:8016
- C:\Windows\System\ItYqHEH.exe
  C:\Windows\System\ItYqHEH.exe
  2⤵
  PID:8044
- C:\Windows\System\RzKteUH.exe
  C:\Windows\System\RzKteUH.exe
  2⤵
  PID:16204
- C:\Windows\System\PBKnZOv.exe
  C:\Windows\System\PBKnZOv.exe
  2⤵
  PID:8056
- C:\Windows\System\AARItse.exe
  C:\Windows\System\AARItse.exe
  2⤵
  PID:7904
- C:\Windows\System\htYHfWF.exe
  C:\Windows\System\htYHfWF.exe
  2⤵
  PID:8156
- C:\Windows\System\BYCNWLT.exe
  C:\Windows\System\BYCNWLT.exe
  2⤵
  PID:16008
- C:\Windows\System\lVKOmol.exe
  C:\Windows\System\lVKOmol.exe
  2⤵
  PID:3132
- C:\Windows\System\qgXdLcA.exe
  C:\Windows\System\qgXdLcA.exe
  2⤵
  PID:9532
- C:\Windows\System\sSdlVmx.exe
  C:\Windows\System\sSdlVmx.exe
  2⤵
  PID:5364
- C:\Windows\System\wPFxgxb.exe
  C:\Windows\System\wPFxgxb.exe
  2⤵
  PID:8904
- C:\Windows\System\eSNGRNe.exe
  C:\Windows\System\eSNGRNe.exe
  2⤵
  PID:9388
- C:\Windows\System\hnaBXCy.exe
  C:\Windows\System\hnaBXCy.exe
  2⤵
  PID:3348
- C:\Windows\System\zSIIgEm.exe
  C:\Windows\System\zSIIgEm.exe
  2⤵
  PID:7332
- C:\Windows\System\kPimZQa.exe
  C:\Windows\System\kPimZQa.exe
  2⤵
  PID:6024
- C:\Windows\System\vUDlhdR.exe
  C:\Windows\System\vUDlhdR.exe
  2⤵
  PID:6180
- C:\Windows\System\OTTBcHm.exe
  C:\Windows\System\OTTBcHm.exe
  2⤵
  PID:7556
- C:\Windows\System\CaXfodI.exe
  C:\Windows\System\CaXfodI.exe
  2⤵
  PID:3988
- C:\Windows\System\xKrkEXb.exe
  C:\Windows\System\xKrkEXb.exe
  2⤵
  PID:7260
- C:\Windows\System\RqXOTpL.exe
  C:\Windows\System\RqXOTpL.exe
  2⤵
  PID:1676
- C:\Windows\System\HZFwrfA.exe
  C:\Windows\System\HZFwrfA.exe
  2⤵
  PID:4548
- C:\Windows\System\MKVuwAc.exe
  C:\Windows\System\MKVuwAc.exe
  2⤵
  PID:6532
- C:\Windows\System\wBvXkWz.exe
  C:\Windows\System\wBvXkWz.exe
  2⤵
  PID:8032
- C:\Windows\System\QmWQGIi.exe
  C:\Windows\System\QmWQGIi.exe
  2⤵
  PID:7688
- C:\Windows\System\OYAawFK.exe
  C:\Windows\System\OYAawFK.exe
  2⤵
  PID:7360
- C:\Windows\System\XLGtwtG.exe
  C:\Windows\System\XLGtwtG.exe
  2⤵
  PID:4584
- C:\Windows\System\telavrp.exe
  C:\Windows\System\telavrp.exe
  2⤵
  PID:10328
- C:\Windows\System\rCllWlA.exe
  C:\Windows\System\rCllWlA.exe
  2⤵
  PID:8128
- C:\Windows\System\HwAcygS.exe
  C:\Windows\System\HwAcygS.exe
  2⤵
  PID:7196
- C:\Windows\System\iXcKdeY.exe
  C:\Windows\System\iXcKdeY.exe
  2⤵
  PID:6604
- C:\Windows\System\ayAuSzA.exe
  C:\Windows\System\ayAuSzA.exe
  2⤵
  PID:4800
- C:\Windows\System\GEIpStB.exe
  C:\Windows\System\GEIpStB.exe
  2⤵
  PID:7656
- C:\Windows\System\rDVpsMg.exe
  C:\Windows\System\rDVpsMg.exe
  2⤵
  PID:7796
- C:\Windows\System\zxzvXoi.exe
  C:\Windows\System\zxzvXoi.exe
  2⤵
  PID:8272
- C:\Windows\System\bZcCaiJ.exe
  C:\Windows\System\bZcCaiJ.exe
  2⤵
  PID:7580
- C:\Windows\System\ahwFHsJ.exe
  C:\Windows\System\ahwFHsJ.exe
  2⤵
  PID:7420
- C:\Windows\System\kTBKAHB.exe
  C:\Windows\System\kTBKAHB.exe
  2⤵
  PID:8328
- C:\Windows\System\PqxymvB.exe
  C:\Windows\System\PqxymvB.exe
  2⤵
  PID:8340
- C:\Windows\System\uMonBRg.exe
  C:\Windows\System\uMonBRg.exe
  2⤵
  PID:10612
- C:\Windows\System\TrFvXCY.exe
  C:\Windows\System\TrFvXCY.exe
  2⤵
  PID:10628
- C:\Windows\System\NxBgbtm.exe
  C:\Windows\System\NxBgbtm.exe
  2⤵
  PID:8396
- C:\Windows\System\JUFeOQK.exe
  C:\Windows\System\JUFeOQK.exe
  2⤵
  PID:8496
- C:\Windows\System\SXngIaK.exe
  C:\Windows\System\SXngIaK.exe
  2⤵
  PID:7364
- C:\Windows\System\vFgTPfA.exe
  C:\Windows\System\vFgTPfA.exe
  2⤵
  PID:10264
- C:\Windows\System\klzKTrb.exe
  C:\Windows\System\klzKTrb.exe
  2⤵
  PID:8356
- C:\Windows\System\WotxMnS.exe
  C:\Windows\System\WotxMnS.exe
  2⤵
  PID:11144
- C:\Windows\System\MOYDATJ.exe
  C:\Windows\System\MOYDATJ.exe
  2⤵
  PID:11008
- C:\Windows\System\gndgoue.exe
  C:\Windows\System\gndgoue.exe
  2⤵
  PID:10768
- C:\Windows\System\EwRGIFp.exe
  C:\Windows\System\EwRGIFp.exe
  2⤵
  PID:8720
- C:\Windows\System\cGAqLrB.exe
  C:\Windows\System\cGAqLrB.exe
  2⤵
  PID:8872
- C:\Windows\System\BFTtPxU.exe
  C:\Windows\System\BFTtPxU.exe
  2⤵
  PID:8796
- C:\Windows\System\gthDZyW.exe
  C:\Windows\System\gthDZyW.exe
  2⤵
  PID:8944
- C:\Windows\System\qkkUCzY.exe
  C:\Windows\System\qkkUCzY.exe
  2⤵
  PID:8676
- C:\Windows\System\YfmMBqX.exe
  C:\Windows\System\YfmMBqX.exe
  2⤵
  PID:8560
- C:\Windows\System\cATJqJI.exe
  C:\Windows\System\cATJqJI.exe
  2⤵
  PID:9028
- C:\Windows\System\lkZEyKm.exe
  C:\Windows\System\lkZEyKm.exe
  2⤵
  PID:9040
- C:\Windows\System\YHtSShL.exe
  C:\Windows\System\YHtSShL.exe
  2⤵
  PID:9084
- C:\Windows\System\fGoxBuz.exe
  C:\Windows\System\fGoxBuz.exe
  2⤵
  PID:11128
- C:\Windows\System\meCPlsj.exe
  C:\Windows\System\meCPlsj.exe
  2⤵
  PID:9168
- C:\Windows\System\zHroiPR.exe
  C:\Windows\System\zHroiPR.exe
  2⤵
  PID:8536
- C:\Windows\System\Lapoair.exe
  C:\Windows\System\Lapoair.exe
  2⤵
  PID:10316
- C:\Windows\System\ewjuDdB.exe
  C:\Windows\System\ewjuDdB.exe
  2⤵
  PID:8916
- C:\Windows\System\AefKywr.exe
  C:\Windows\System\AefKywr.exe
  2⤵
  PID:11120
- C:\Windows\System\hOeDgsX.exe
  C:\Windows\System\hOeDgsX.exe
  2⤵
  PID:8972
- C:\Windows\System\oMCnlyM.exe
  C:\Windows\System\oMCnlyM.exe
  2⤵
  PID:9180
- C:\Windows\System\DhIokZE.exe
  C:\Windows\System\DhIokZE.exe
  2⤵
  PID:10836
- C:\Windows\System\TIUnzur.exe
  C:\Windows\System\TIUnzur.exe
  2⤵
  PID:10252
- C:\Windows\System\SeoDlet.exe
  C:\Windows\System\SeoDlet.exe
  2⤵
  PID:8320
- C:\Windows\System\QMyXvZq.exe
  C:\Windows\System\QMyXvZq.exe
  2⤵
  PID:11064
- C:\Windows\System\aEPlFOR.exe
  C:\Windows\System\aEPlFOR.exe
  2⤵
  PID:4572
- C:\Windows\System\MoOKdWF.exe
  C:\Windows\System\MoOKdWF.exe
  2⤵
  PID:7712
- C:\Windows\System\FwMXWUJ.exe
  C:\Windows\System\FwMXWUJ.exe
  2⤵
  PID:10440
- C:\Windows\System\jjoXJMn.exe
  C:\Windows\System\jjoXJMn.exe
  2⤵
  PID:11288
- C:\Windows\System\xJSlFPh.exe
  C:\Windows\System\xJSlFPh.exe
  2⤵
  PID:8572
- C:\Windows\System\DtbwXmM.exe
  C:\Windows\System\DtbwXmM.exe
  2⤵
  PID:11348
- C:\Windows\System\neYeocx.exe
  C:\Windows\System\neYeocx.exe
  2⤵
  PID:2636
- C:\Windows\System\fMBlkOF.exe
  C:\Windows\System\fMBlkOF.exe
  2⤵
  PID:11408
- C:\Windows\System\BavIGze.exe
  C:\Windows\System\BavIGze.exe
  2⤵
  PID:11296
- C:\Windows\System\KwvIVTO.exe
  C:\Windows\System\KwvIVTO.exe
  2⤵
  PID:8852
- C:\Windows\System\GPRxYVV.exe
  C:\Windows\System\GPRxYVV.exe
  2⤵
  PID:10672
- C:\Windows\System\vdibNFm.exe
  C:\Windows\System\vdibNFm.exe
  2⤵
  PID:8716
- C:\Windows\System\CNzCIsR.exe
  C:\Windows\System\CNzCIsR.exe
  2⤵
  PID:8992
- C:\Windows\System\BVSpWKX.exe
  C:\Windows\System\BVSpWKX.exe
  2⤵
  PID:11620
- C:\Windows\System\UihDAKB.exe
  C:\Windows\System\UihDAKB.exe
  2⤵
  PID:11652
- C:\Windows\System\UICKXJR.exe
  C:\Windows\System\UICKXJR.exe
  2⤵
  PID:11588
- C:\Windows\System\MrimJDu.exe
  C:\Windows\System\MrimJDu.exe
  2⤵
  PID:11428
- C:\Windows\System\MzlHlLS.exe
  C:\Windows\System\MzlHlLS.exe
  2⤵
  PID:11648
- C:\Windows\System\neEAWEL.exe
  C:\Windows\System\neEAWEL.exe
  2⤵
  PID:7848
- C:\Windows\System\uhDEDUh.exe
  C:\Windows\System\uhDEDUh.exe
  2⤵
  PID:11740
- C:\Windows\System\qcPjTEu.exe
  C:\Windows\System\qcPjTEu.exe
  2⤵
  PID:8292
- C:\Windows\System\fKYatLs.exe
  C:\Windows\System\fKYatLs.exe
  2⤵
  PID:8120
- C:\Windows\System\tuOmuUr.exe
  C:\Windows\System\tuOmuUr.exe
  2⤵
  PID:11964
- C:\Windows\System\zeJMynE.exe
  C:\Windows\System\zeJMynE.exe
  2⤵
  PID:3656
- C:\Windows\System\RcCZYSS.exe
  C:\Windows\System\RcCZYSS.exe
  2⤵
  PID:8688
- C:\Windows\System\UCfDKcm.exe
  C:\Windows\System\UCfDKcm.exe
  2⤵
  PID:12068
- C:\Windows\System\XJBNgBK.exe
  C:\Windows\System\XJBNgBK.exe
  2⤵
  PID:12144
- C:\Windows\System\ierTffs.exe
  C:\Windows\System\ierTffs.exe
  2⤵
  PID:8432
- C:\Windows\System\GtBKOdH.exe
  C:\Windows\System\GtBKOdH.exe
  2⤵
  PID:9048
- C:\Windows\System\WMjjhPD.exe
  C:\Windows\System\WMjjhPD.exe
  2⤵
  PID:8596
- C:\Windows\System\hIAFJxQ.exe
  C:\Windows\System\hIAFJxQ.exe
  2⤵
  PID:4156
- C:\Windows\System\SQeiDLO.exe
  C:\Windows\System\SQeiDLO.exe
  2⤵
  PID:8792
- C:\Windows\System\yVRsLng.exe
  C:\Windows\System\yVRsLng.exe
  2⤵
  PID:2816
- C:\Windows\System\TDTSmWY.exe
  C:\Windows\System\TDTSmWY.exe
  2⤵
  PID:8344
- C:\Windows\System\sPRLFuh.exe
  C:\Windows\System\sPRLFuh.exe
  2⤵
  PID:3032
- C:\Windows\System\nCDRNKU.exe
  C:\Windows\System\nCDRNKU.exe
  2⤵
  PID:11708
- C:\Windows\System\FnghGFT.exe
  C:\Windows\System\FnghGFT.exe
  2⤵
  PID:8880
- C:\Windows\System\TVgdtRl.exe
  C:\Windows\System\TVgdtRl.exe
  2⤵
  PID:4152
- C:\Windows\System\lsUOKPv.exe
  C:\Windows\System\lsUOKPv.exe
  2⤵
  PID:9400
- C:\Windows\System\JdCWzbH.exe
  C:\Windows\System\JdCWzbH.exe
  2⤵
  PID:9260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\COpgDyA.exe

Filesize
6.0MB

MD5
078a953d2a08663f25714ebed90db198

SHA1
421f180da579132aad5d1764839d544c98ccb33f

SHA256
9ae7c48bba97087bc4f345d984896f7ff7afd6276e88a024cde5489ccc36a5a8

SHA512
330f645600d359c557a50ffc482d3b6c46dd89473ba0ca4738721208501799d6eba2179206bc28a8568c549c23dcd16277c22094e2529b10e16e4c087f6f81d0

Download Submit
C:\Windows\System\CRTxRWU.exe

Filesize
6.0MB

MD5
b977a203e3882c2f37ce89dbf8290714

SHA1
68e161863f0839fc3a7ccc4baa9e8a149f925211

SHA256
7bb71c55c59702002438084d2a97a59d8b5defbfb7038d91e52f995768c3ea7c

SHA512
24a660fe4ee6905f686aed864bb4023eb0720b8d900c1b79250b4b23188715d6bec016bad2e9d1b87f86cf4ec387b1c6c9cc29f2dfbbd1e61c707d95881abc49

Download Submit
C:\Windows\System\DvVkXQt.exe

Filesize
6.0MB

MD5
1924a69323c9c40534db0ef5aa2cb0d1

SHA1
f2d67a211aa9849bfc3b55dad55f171e8018ff31

SHA256
0617a5eae26ff89e184df46be41fe6a8080330372aa5c707b20d7f5e530e51d5

SHA512
799117319f6db622f36833bf97f5a9231657e788943f1f68dc331c40f080c1919f4a66e7f511292d0bf8f85290d87cda93cbaf5703f571311e2db10df5ddd93a

Download Submit
C:\Windows\System\HQxLKCG.exe

Filesize
6.0MB

MD5
edf6a1581a6d0829ef208acd8c3fc213

SHA1
7f4f7d53d196bf07ba6db0e821c76a4d98b6c1fa

SHA256
379141746559fbe4e2a09a05fe3d71d72decba92e7da5756fea75f1df48758fc

SHA512
dfd940d9cf8fc006e898b6584d5cf1c44f91dda6843b3244f59c6365e03e44197f9d596df9b74fbdb7a0d75e49c05986e5a6bc0e82d907b4a96e732c9479497d

Download Submit
C:\Windows\System\IfqrvHa.exe

Filesize
6.0MB

MD5
4673cce461906ec3a079d5a240cc949f

SHA1
28b663c867b9eb6422ff5bffcee42f187366f39c

SHA256
0ce3a64461047f56b1703703817879c9c552bc1cd6bca3caf06a0d4f0016e54b

SHA512
81f357aae4576671e77a6384f6f88bffb263a5d0527aa5db913ce7342d7fa22df4ba4d77c0ad284ba9d3a68c969176af58b1413727a6aed33906da69b536deaa

Download Submit
C:\Windows\System\KBrooXB.exe

Filesize
6.0MB

MD5
d6b66daa5f82f92c25fa820b011bcd88

SHA1
ea77d92c0a700077fda748d6a06d0122ccda003c

SHA256
4146ec4388ab69636e97cc6c7ebcbbdc1288a8eccc8ea8feff15a0aa9678c232

SHA512
85d9c7ba69480ed6bfea093903e1b315ef431b4e9674bce3f94540750c9cb5de30126aa1a4dbe79723bf18c97fcc6488adff2de77dd47305a593807e3c1f99cb

Download Submit
C:\Windows\System\KXDhggN.exe

Filesize
6.0MB

MD5
1d485b9e169b51ceb95079d0b698b0f7

SHA1
1162ef4816661f7aac448a3ddae92884d2358053

SHA256
65351690a19c96d14a0d1c32bd11e9810b56fda237fcd43869c8e7859ef3781d

SHA512
4ae2f8461618c273a56aabcdbdbcce6dcdd44425373c5df92cdbd0af341500e9cb25596bca94ce4211fd527ae70af168512634e4a0ee95d6b6bd894f0da8c17c

Download Submit
C:\Windows\System\KpqRaQB.exe

Filesize
6.0MB

MD5
6fe65baeb4a554caca329390608db2af

SHA1
7c399de85e3730ec765c3a22ee5af932e243d21b

SHA256
98d345b73aaee5c98b06e9100c1d86c8443cf65a0d74fcab825ac845dc223f3e

SHA512
f9dd6529602819d04f94461b9a6a1b9bdd5ee76c5f7dfe06cc2f54b34dc26344e2b556ab54d3bb267e536a07461d65ab34c3fd8aea67079e2a0f18926e05c6fe

Download Submit
C:\Windows\System\PAPDZvO.exe

Filesize
6.0MB

MD5
3710249f456b8d4bd8a84c5d5a259dfe

SHA1
59873a939cc078b58c0ef6cfe979fdd21d46ee68

SHA256
74848e4e1d832f8ef4a37955f89e01d3a656308b634072baa7dcf35e98fe94d8

SHA512
0a078ebd4bc8cd5580f82586a8f6b007295353e3aa435b55bc6bb5a268dd94a8bac6898add67c3ba91dfba12fda2831c800d359f4c9d6c6f2828d2c4a0eb0328

Download Submit
C:\Windows\System\PSlhoKz.exe

Filesize
6.0MB

MD5
a1ef93b8bd7ba51e29e67de50f47c99c

SHA1
1825fccee09c0bfaf7aa684d03f4880595b6ca1e

SHA256
23a7073bf809db94355013c76850567397f61d079dbc26eef3fc8b8b501ef55a

SHA512
4ef773d1a2ce6088e8214cd37f357dbaa9c7302c19355bc21f54563e0a42609da05286b7a79ea6229b9effed47605fc86fc0e9ea27f8d8b06581efbf07a2acc4

Download Submit
C:\Windows\System\QTiEIES.exe

Filesize
6.0MB

MD5
0db752a76da52a7c53136a771460ac07

SHA1
c5e78655115a9337ec607d7cd25358b9770e308d

SHA256
64be31c9ddae77c8f47147780bd176d494da3f704de80d86cc7d96cadfb0e451

SHA512
229cf551ce87be4bcbdb8526d8385ac3ff7f6c37779a60a61c8b5d7c4c4a02af0832ed565f386fa476e6417794e8b6b851fb75e814db9eb1f084f2c6bce7efdb

Download Submit
C:\Windows\System\RkXUQtf.exe

Filesize
6.0MB

MD5
cc33b896e33542a893e1680f02d11045

SHA1
c66ee22af4d2ea2a2f8ab0df69047eedcccfe424

SHA256
5789dc1d2c386ffecbd2110b4779c08e541ff551d63afae74c85cb7345abb60d

SHA512
f583004c92d4b92bd72a6d3d39a03679059d9fdc7cef2d7462927ff5a41e163f64adc8bb4d7766d286570986e70b342c22f016a40076c814ed1f9b43d02cd3f8

Download Submit
C:\Windows\System\TssxWxK.exe

Filesize
6.0MB

MD5
a0b295b480321fd95b8cc6dc14123203

SHA1
52240defdcceb765bb70e82d9b05b761f7a9c841

SHA256
2cca21d52cb6209b797c03f96b3f12c4537610778824e954b197c096573c9052

SHA512
db917508d0971551f33c96e6ebaa89acc9dbecf9c31110b63e19e3b35891f6d1e9633d02f19b25ffcf8370b706e23aa15135aa227c53b60fc7e30d97fc5f3c6a

Download Submit
C:\Windows\System\WYpZWII.exe

Filesize
6.0MB

MD5
11b99732c7a23d3c14d24e333d1c584c

SHA1
1d6a2dee83fa9416deb11aeca8bd225c08b5456d

SHA256
4267932b219d5427cc511342129df25ad759eb415d567ad8f6ecd345b80baee4

SHA512
025052a00a845d649bcb5c4faecd117c2c2fc66fd48de1151eba8fc901c2e763cdbb1257a3d9c83f9a1ed330156c67c38e2c525d0774140bd9a8b284e70c8ed9

Download Submit
C:\Windows\System\XtRpuJL.exe

Filesize
6.0MB

MD5
28a7076dd873aa245d2938ed4c8bf926

SHA1
230b613898f235c9fd15e34a2b4fa0b931fe2275

SHA256
eab88f595388b05abd8c628a7e7a73b92b1bd675680a6272099b7b0398acbf87

SHA512
5deb3f75360a489f3538e24160099183bcd0b739f8c0a7a170fab1818cef284c27ab192294738406ca8b3e42c29aa1fd7b39eb787af51eea0c829932692940ab

Download Submit
C:\Windows\System\YYWMFwa.exe

Filesize
6.0MB

MD5
38272aa4ae60025c59debfc622cb35f8

SHA1
533de21b95f9c320d73be508a2a8df2391e8c092

SHA256
910238e0df5483d8dee875b5e137669ba5a7c8b18698912c464b8304643b0c93

SHA512
7271bdd2c4dc48ec72b1740abdaf0f371874c52c9f5f63282c6bed15d7ae84fc8f74f18b0ce03646c231263ad90af00a461015cb4a4548d680c5a3dd35dbc664

Download Submit
C:\Windows\System\ckhiYJQ.exe

Filesize
6.0MB

MD5
c608b12748143dafa115a21c060bd64a

SHA1
e294815ad1b5c19aee99a8861c89029ffc6c0896

SHA256
de1c0618fb0e7525ce6a302b7536db3771acb8d559fbab3ce594068a29afd239

SHA512
34874b4816e61f78b2cd38ab7345dfe1a64ae4329fa347f456545a8a998ebf8ff614782b0c10e7e5c9faa30314e520df78772634bd8579df2da33ae609f9c426

Download Submit
C:\Windows\System\dbogaRD.exe

Filesize
6.0MB

MD5
8f6ce566704ed3b5e60e59633cf5d18a

SHA1
6344d74b3699abfeba3d1c9bf3608fcaf097da48

SHA256
ef5945a582e3492e09a68ae50ea45d67f2264f3b39669c78b664d522d6e15bf8

SHA512
fea88f2cac68a1166957a92d28840d58f22c11c83aeb8dd202f1f1149820b09483049f8e74a3debf2fb4f2c78f17d429794cbecf4915f2b9246ed40ea6899210

Download Submit
C:\Windows\System\gxVQADf.exe

Filesize
6.0MB

MD5
dec0860819d0b27c1586cfea55df3f5a

SHA1
a3cc67a9ea0f2ca81929775e5b7c8a0bc54bc9bc

SHA256
d2cb24f35695e64ac5a9eb7f8d571a93256065b0a1ee37e92e54243b3597f324

SHA512
2829d9c95efcfabb1d744abccc185572870afda8910d44212aa385694eedfbbd07148d11adc74ecc8a9bdaa279bdb9f9025334f864ac7f55fe15f3e993c2ccb4

Download Submit
C:\Windows\System\gxrJqSK.exe

Filesize
6.0MB

MD5
aa364fbb56fec8935a3b2ae336f7766b

SHA1
b84e1bc4f64f567d370174614632958b02fb5565

SHA256
3e85d8d9e17729d395ec9603fed50f07babf4aac69259b11564afb1fb6b5c550

SHA512
13a361925d893eaa171c97684c0a9fef2215b4f4a0e07eb89566a32804cdca9fdab0df0b625214658b649a4151ac90fcdf653e007313a33b7fe3aa6dcf4d776e

Download Submit
C:\Windows\System\kSCwCxq.exe

Filesize
6.0MB

MD5
5cea76ccbe321827aa2adf9218e01336

SHA1
87aae6f113352d405f66679437b89fe2ecb0e37f

SHA256
3dd7b6b922861084db12c5910e5ab6902a983cf359020cac4e99868de6ee367a

SHA512
c429c7397e71c25145d11238d29ce0e7d7a51209cad3154e945a604ac4e2a6e939fa285791bd3e73f1e3ba1963a6e7a58a246426f327bf70a679ba88c5bf193e

Download Submit
C:\Windows\System\nDtPOzC.exe

Filesize
6.0MB

MD5
d70446c973b9d3f5c168ab83aa05408a

SHA1
e6cc1df35098074e8a4e498707b382bac6fb12f1

SHA256
8cd727a1a535e50514919127c51f7c47747003a790d01909e5429cffa7b04ce2

SHA512
4da7efb1a25e874b43b7abd96fee7d12985f5d88e378542c30fc3a4d8e9560f50ede7c03c3c779e467368b8b441647ee13b31d45cba6f959a3914e34e2963686

Download Submit
C:\Windows\System\nUkbKwT.exe

Filesize
6.0MB

MD5
9d5a0d57490abf9cbf5d33d574ffac6f

SHA1
75a0b2e504d10362449bdec9cfb62c60a40e70e2

SHA256
2ae597d0abd07490425f0c78fcafd168d70f2f0e6e8cfe73c8e471e0891e0d67

SHA512
4d0cbd0256f4096843e36f53f118ca8eb1aae8dc14e5d4131dfe33dee8533c20f194e6271315bc1b5aa14e429dd3145b74094b257f9f4d044c234a9c80395286

Download Submit
C:\Windows\System\nhdohuC.exe

Filesize
6.0MB

MD5
d89d1121e89904c0a8839a8d60bd5e02

SHA1
3553ee220edd32ea88feff3ca756106bb9d11f40

SHA256
84469ab2c6a7b997134c52d998210ff5ee98f1eaba7a1ea587701ce415419a7b

SHA512
f4c628330468be433435b8762497d7a846bc4ce4ea01268c7a89f952fce3fdd19c5a9eb5b744f3e2753c3e992a8d8eefe6d771787ad7d0de1286614c10224368

Download Submit
C:\Windows\System\oTuNDjj.exe

Filesize
6.0MB

MD5
479d4f85a8dabc28541323f782c2be73

SHA1
218cf5dd4c29dead58f653ee6746e9d7c1a6dc24

SHA256
cd6a18643cf58d88d7ac7a4a01a299d36bec946ff598e0cfcb0190bf8c9f3eac

SHA512
87d136a98d5bf377948aa1281fc6defd90862aca536ac403770051d1223ea65bdacf5743df2e0f57726e44a31660834708ff9db6757fe5098738f0050b6a4f7b

Download Submit
C:\Windows\System\pFfZnid.exe

Filesize
6.0MB

MD5
0540f02771a0240f01400412589a11dd

SHA1
799cb4648655e34268de7a9050bcbe3e7caa249a

SHA256
3376b4d5b8cbd4bb5f27291133d2e95bb861dcdafa37c55f0c5b649a38ba94f9

SHA512
55899a1367895f3e1130cddfb61112ca8bf46943e830d4dceb2d74c97152c3fb4b076038bcd4247429ead6315e6f5a66c67b1110738e49638ab2fe93caf0f1e1

Download Submit
C:\Windows\System\pJxhKqt.exe

Filesize
6.0MB

MD5
a64b4e00a2be39049ffb610a9ef464bd

SHA1
92261b866144c24c2f0f560121a3d5786123f52f

SHA256
ec125877dcdc554bcf207aecd6a937e538f8e1ba95f7921c31c0f04439a05eed

SHA512
50b661aa4056b71cb327faa1a781beecedf128dfbcf320ff8f483b36be7e7532ce9935a3f1ce1bbcfedd53e03ff8f34d6af1188cec95a4fb819809e22c491cba

Download Submit
C:\Windows\System\qMECxoO.exe

Filesize
6.0MB

MD5
7aa1c901f01212bfa0692fddba75ff09

SHA1
76223d816e80dd92a67a0707166cfd98257e154b

SHA256
daff843075a8ab6a9b82cd2340f1b5468637a2af53213757b9c348601a549a44

SHA512
2765bbeeb6fba4422df666c047d4e74a0a60edc397dacddec7f3291971f2b34f9998053cdeaec0bd0339a0f910d3350e06328f2a9c3c35c1b914934fc9c1700c

Download Submit
C:\Windows\System\qoIbnJk.exe

Filesize
6.0MB

MD5
c6de53ed4740353e274cf2234f2e037f

SHA1
8aabae72764dba4f7632447519b3eb6d28e88da1

SHA256
efe977e888065a70f7105ce6761a578bfeb736be98062cebcc660cb541d952ae

SHA512
06083e53bd1b20915f29168fd5f1e13ddb12e9f658cf955e137680ad074490ce83912f6de627594ac5fa491fb01af7ca951e5edcbbc1e3e606a4f4f29afa6e81

Download Submit
C:\Windows\System\tAvYlrW.exe

Filesize
6.0MB

MD5
e5fbfa99d714d926684b865ff9741086

SHA1
91e5b9e421125281d7beb1d90c83bb33cdebe13e

SHA256
9bc14f3cde353d7334ef8dcc41dd4f1dc41b6121b38be40207b029f25d787c5c

SHA512
99493bc9414ab95b638606ee7217b022b725994b22ffbeaebb5ebf6290946f44eccd0673fa976b465dc27826b45d5b08f3236431cfb23015b773a721f4ad4b14

Download Submit
C:\Windows\System\uekVLfE.exe

Filesize
6.0MB

MD5
925e7e5b2b79a15c5c11d6f6335f8dec

SHA1
d1a14b198113f68becb89ee523b53475868b42f0

SHA256
798cf43339f5fd85af0796dfe2cf92c19ed1c2269ae0f4246cfe29c5d66cca58

SHA512
d0f043453368e7c10642c4e78dfd1e83ef80fe93fe2afd97cc09e162936d54da4b483fd82470fe35a4fe2e7b51722ab2bf9e2613a1e466a3ca51b1d915bd6948

Download Submit
C:\Windows\System\upjTlsE.exe

Filesize
6.0MB

MD5
10b1208ec3ff1ccdf3ecdc1950260ad2

SHA1
19aa7fd7f9f78178154a2f1fea70b3b9c550a097

SHA256
3787f251db17fe33147c37830e8492f7b2358f7866dd3d6378b2f1c3f8c588f9

SHA512
3c7babd38060f4a2f57bb6635a1d1aa8fcfaa0051233d713c342246746b06ecf038e28f1135afbbd9c8714983b475bf68ac7adc8f99338ccb618d7690f84cc13

Download Submit
C:\Windows\System\wplmzLI.exe

Filesize
6.0MB

MD5
fb0bf2c6206b5a2ce77972378f82cde0

SHA1
e0824a8e78638d19a44324efa35fa7b3a2589230

SHA256
3379804ec7b63dcba106a9a571ed45d0c080d343cca41ae694e0cc1aebdfd5bd

SHA512
8eb750b781d7316b543e58a874039b572480453313949a7a8a70204c694922f2fa9c6580ec97c7891a56776471e3c93a852034aeb14a813118eef7bdd5c68310

Download Submit
memory/852-163-0x00007FF624A60000-0x00007FF624DB4000-memory.dmp

Filesize
3.3MB

Download
memory/852-94-0x00007FF624A60000-0x00007FF624DB4000-memory.dmp

Filesize
3.3MB

Download
memory/968-48-0x00007FF624FD0000-0x00007FF625324000-memory.dmp

Filesize
3.3MB

Download
memory/968-115-0x00007FF624FD0000-0x00007FF625324000-memory.dmp

Filesize
3.3MB

Download
memory/968-2172-0x00007FF624FD0000-0x00007FF625324000-memory.dmp

Filesize
3.3MB

Download
memory/1168-1740-0x00007FF67DF80000-0x00007FF67E2D4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-2262-0x00007FF67DF80000-0x00007FF67E2D4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-189-0x00007FF67DF80000-0x00007FF67E2D4000-memory.dmp

Filesize
3.3MB

Download
memory/1252-101-0x00007FF610A30000-0x00007FF610D84000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2226-0x00007FF610A30000-0x00007FF610D84000-memory.dmp

Filesize
3.3MB

Download
memory/1252-168-0x00007FF610A30000-0x00007FF610D84000-memory.dmp

Filesize
3.3MB

Download
memory/1328-116-0x00007FF719520000-0x00007FF719874000-memory.dmp

Filesize
3.3MB

Download
memory/1328-2239-0x00007FF719520000-0x00007FF719874000-memory.dmp

Filesize
3.3MB

Download
memory/1328-178-0x00007FF719520000-0x00007FF719874000-memory.dmp

Filesize
3.3MB

Download
memory/1336-2167-0x00007FF732910000-0x00007FF732C64000-memory.dmp

Filesize
3.3MB

Download
memory/1336-42-0x00007FF732910000-0x00007FF732C64000-memory.dmp

Filesize
3.3MB

Download
memory/1336-107-0x00007FF732910000-0x00007FF732C64000-memory.dmp

Filesize
3.3MB

Download
memory/1364-60-0x00007FF60A110000-0x00007FF60A464000-memory.dmp

Filesize
3.3MB

Download
memory/1364-1-0x00000114BDB50000-0x00000114BDB60000-memory.dmp

Filesize
64KB

Download
memory/1364-0-0x00007FF60A110000-0x00007FF60A464000-memory.dmp

Filesize
3.3MB

Download
memory/1536-120-0x00007FF6A8710000-0x00007FF6A8A64000-memory.dmp

Filesize
3.3MB

Download
memory/1536-190-0x00007FF6A8710000-0x00007FF6A8A64000-memory.dmp

Filesize
3.3MB

Download
memory/1536-2237-0x00007FF6A8710000-0x00007FF6A8A64000-memory.dmp

Filesize
3.3MB

Download
memory/1668-2193-0x00007FF63CE30000-0x00007FF63D184000-memory.dmp

Filesize
3.3MB

Download
memory/1668-135-0x00007FF63CE30000-0x00007FF63D184000-memory.dmp

Filesize
3.3MB

Download
memory/1668-67-0x00007FF63CE30000-0x00007FF63D184000-memory.dmp

Filesize
3.3MB

Download
memory/1712-172-0x00007FF77B720000-0x00007FF77BA74000-memory.dmp

Filesize
3.3MB

Download
memory/1712-1678-0x00007FF77B720000-0x00007FF77BA74000-memory.dmp

Filesize
3.3MB

Download
memory/1712-2248-0x00007FF77B720000-0x00007FF77BA74000-memory.dmp

Filesize
3.3MB

Download
memory/1792-2208-0x00007FF6A3720000-0x00007FF6A3A74000-memory.dmp

Filesize
3.3MB

Download
memory/1792-149-0x00007FF6A3720000-0x00007FF6A3A74000-memory.dmp

Filesize
3.3MB

Download
memory/1792-80-0x00007FF6A3720000-0x00007FF6A3A74000-memory.dmp

Filesize
3.3MB

Download
memory/2224-1298-0x00007FF74AF80000-0x00007FF74B2D4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-129-0x00007FF74AF80000-0x00007FF74B2D4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-2236-0x00007FF74AF80000-0x00007FF74B2D4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-61-0x00007FF72CF10000-0x00007FF72D264000-memory.dmp

Filesize
3.3MB

Download
memory/2600-128-0x00007FF72CF10000-0x00007FF72D264000-memory.dmp

Filesize
3.3MB

Download
memory/2600-2188-0x00007FF72CF10000-0x00007FF72D264000-memory.dmp

Filesize
3.3MB

Download
memory/2920-143-0x00007FF7310C0000-0x00007FF731414000-memory.dmp

Filesize
3.3MB

Download
memory/2920-1427-0x00007FF7310C0000-0x00007FF731414000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2230-0x00007FF7310C0000-0x00007FF731414000-memory.dmp

Filesize
3.3MB

Download
memory/2972-142-0x00007FF65D450000-0x00007FF65D7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-2205-0x00007FF65D450000-0x00007FF65D7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-73-0x00007FF65D450000-0x00007FF65D7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-177-0x00007FF774800000-0x00007FF774B54000-memory.dmp

Filesize
3.3MB

Download
memory/3000-110-0x00007FF774800000-0x00007FF774B54000-memory.dmp

Filesize
3.3MB

Download
memory/3000-2227-0x00007FF774800000-0x00007FF774B54000-memory.dmp

Filesize
3.3MB

Download
memory/3184-93-0x00007FF70D7F0000-0x00007FF70DB44000-memory.dmp

Filesize
3.3MB

Download
memory/3184-2150-0x00007FF70D7F0000-0x00007FF70DB44000-memory.dmp

Filesize
3.3MB

Download
memory/3184-30-0x00007FF70D7F0000-0x00007FF70DB44000-memory.dmp

Filesize
3.3MB

Download
memory/3396-1548-0x00007FF62EFD0000-0x00007FF62F324000-memory.dmp

Filesize
3.3MB

Download
memory/3396-2245-0x00007FF62EFD0000-0x00007FF62F324000-memory.dmp

Filesize
3.3MB

Download
memory/3396-167-0x00007FF62EFD0000-0x00007FF62F324000-memory.dmp

Filesize
3.3MB

Download
memory/3488-2234-0x00007FF725C20000-0x00007FF725F74000-memory.dmp

Filesize
3.3MB

Download
memory/3488-1367-0x00007FF725C20000-0x00007FF725F74000-memory.dmp

Filesize
3.3MB

Download
memory/3488-136-0x00007FF725C20000-0x00007FF725F74000-memory.dmp

Filesize
3.3MB

Download
memory/3596-191-0x00007FF676760000-0x00007FF676AB4000-memory.dmp

Filesize
3.3MB

Download
memory/3596-2272-0x00007FF676760000-0x00007FF676AB4000-memory.dmp

Filesize
3.3MB

Download
memory/3596-1860-0x00007FF676760000-0x00007FF676AB4000-memory.dmp

Filesize
3.3MB

Download
memory/4068-179-0x00007FF634CA0000-0x00007FF634FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4068-2254-0x00007FF634CA0000-0x00007FF634FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4068-1737-0x00007FF634CA0000-0x00007FF634FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-2144-0x00007FF738CF0000-0x00007FF739044000-memory.dmp

Filesize
3.3MB

Download
memory/4424-79-0x00007FF738CF0000-0x00007FF739044000-memory.dmp

Filesize
3.3MB

Download
memory/4424-18-0x00007FF738CF0000-0x00007FF739044000-memory.dmp

Filesize
3.3MB

Download
memory/4428-150-0x00007FF62F290000-0x00007FF62F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/4428-2241-0x00007FF62F290000-0x00007FF62F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/4428-1495-0x00007FF62F290000-0x00007FF62F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/4672-17-0x00007FF79FE30000-0x00007FF7A0184000-memory.dmp

Filesize
3.3MB

Download
memory/4672-2135-0x00007FF79FE30000-0x00007FF7A0184000-memory.dmp

Filesize
3.3MB

Download
memory/4700-2183-0x00007FF6B3490000-0x00007FF6B37E4000-memory.dmp

Filesize
3.3MB

Download
memory/4700-119-0x00007FF6B3490000-0x00007FF6B37E4000-memory.dmp

Filesize
3.3MB

Download
memory/4700-54-0x00007FF6B3490000-0x00007FF6B37E4000-memory.dmp

Filesize
3.3MB

Download
memory/4776-100-0x00007FF7EFAA0000-0x00007FF7EFDF4000-memory.dmp

Filesize
3.3MB

Download
memory/4776-2157-0x00007FF7EFAA0000-0x00007FF7EFDF4000-memory.dmp

Filesize
3.3MB

Download
memory/4776-36-0x00007FF7EFAA0000-0x00007FF7EFDF4000-memory.dmp

Filesize
3.3MB

Download
memory/4780-2242-0x00007FF6D4770000-0x00007FF6D4AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4780-1499-0x00007FF6D4770000-0x00007FF6D4AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4780-162-0x00007FF6D4770000-0x00007FF6D4AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4888-8-0x00007FF634CB0000-0x00007FF635004000-memory.dmp

Filesize
3.3MB

Download
memory/4888-2132-0x00007FF634CB0000-0x00007FF635004000-memory.dmp

Filesize
3.3MB

Download
memory/4920-86-0x00007FF65FA70000-0x00007FF65FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/4920-23-0x00007FF65FA70000-0x00007FF65FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/4920-2146-0x00007FF65FA70000-0x00007FF65FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/4960-87-0x00007FF7CE520000-0x00007FF7CE874000-memory.dmp

Filesize
3.3MB

Download
memory/4960-158-0x00007FF7CE520000-0x00007FF7CE874000-memory.dmp

Filesize
3.3MB

Download