cobaltstrike | 5ba6e0fa81437a389f289227080bdf6edefdca11e809c96f955506e36207bbdc

Analysis

max time kernel
127s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9f83fbc84dc067e79bd3fb9697d11457
SHA1

59d0769fe3fc649c1358182fb2cf9d794b030948
SHA256

5ba6e0fa81437a389f289227080bdf6edefdca11e809c96f955506e36207bbdc
SHA512

cc655ca8ada538901e0626f145d33cb841bc849c5165d29425de0e1e3ad5d63d872a772fb4e6744a256956b5ba7b64cc92bdb70f8d11d517cc908bf292a3158b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUD:T+q56utgpPF8u/7D

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000e000000023b6a-5.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6e-10.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b70-19.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6f-21.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b71-28.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b6b-33.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b72-41.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b73-45.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b74-51.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b75-64.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b76-70.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7c-99.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b77-104.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b81-129.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b83-134.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b84-147.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8a-174.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8c-179.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8b-173.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b89-171.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b88-164.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b87-160.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b86-156.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b85-151.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b82-132.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b80-123.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7f-116.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7e-114.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7d-108.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7b-93.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7a-88.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b79-83.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b78-78.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2888-0-0x00007FF795D30000-0x00007FF796084000-memory.dmp	xmrig
behavioral2/files/0x000e000000023b6a-5.dat	xmrig
behavioral2/files/0x000a000000023b6e-10.dat	xmrig
behavioral2/files/0x0031000000023b70-19.dat	xmrig
behavioral2/memory/4880-23-0x00007FF7E9560000-0x00007FF7E98B4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b6f-21.dat	xmrig
behavioral2/memory/4140-15-0x00007FF76C950000-0x00007FF76CCA4000-memory.dmp	xmrig
behavioral2/memory/5088-18-0x00007FF795B80000-0x00007FF795ED4000-memory.dmp	xmrig
behavioral2/memory/4492-8-0x00007FF6065E0000-0x00007FF606934000-memory.dmp	xmrig
behavioral2/files/0x0031000000023b71-28.dat	xmrig
behavioral2/files/0x000b000000023b6b-33.dat	xmrig
behavioral2/memory/3516-31-0x00007FF68D840000-0x00007FF68DB94000-memory.dmp	xmrig
behavioral2/files/0x0031000000023b72-41.dat	xmrig
behavioral2/memory/4420-38-0x00007FF77E180000-0x00007FF77E4D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b73-45.dat	xmrig
behavioral2/memory/1048-47-0x00007FF750800000-0x00007FF750B54000-memory.dmp	xmrig
behavioral2/memory/3028-48-0x00007FF79F410000-0x00007FF79F764000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b74-51.dat	xmrig
behavioral2/memory/4492-60-0x00007FF6065E0000-0x00007FF606934000-memory.dmp	xmrig
behavioral2/memory/996-61-0x00007FF6FAE50000-0x00007FF6FB1A4000-memory.dmp	xmrig
behavioral2/memory/3032-62-0x00007FF67A180000-0x00007FF67A4D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b75-64.dat	xmrig
behavioral2/memory/4140-63-0x00007FF76C950000-0x00007FF76CCA4000-memory.dmp	xmrig
behavioral2/memory/2888-55-0x00007FF795D30000-0x00007FF796084000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b76-70.dat	xmrig
behavioral2/files/0x000a000000023b7c-99.dat	xmrig
behavioral2/files/0x000a000000023b77-104.dat	xmrig
behavioral2/files/0x000a000000023b81-129.dat	xmrig
behavioral2/files/0x000a000000023b83-134.dat	xmrig
behavioral2/files/0x000a000000023b84-147.dat	xmrig
behavioral2/files/0x000a000000023b8a-174.dat	xmrig
behavioral2/memory/1464-245-0x00007FF70BFD0000-0x00007FF70C324000-memory.dmp	xmrig
behavioral2/memory/1916-249-0x00007FF7461A0000-0x00007FF7464F4000-memory.dmp	xmrig
behavioral2/memory/2896-273-0x00007FF730540000-0x00007FF730894000-memory.dmp	xmrig
behavioral2/memory/5036-279-0x00007FF7CD680000-0x00007FF7CD9D4000-memory.dmp	xmrig
behavioral2/memory/2424-302-0x00007FF622760000-0x00007FF622AB4000-memory.dmp	xmrig
behavioral2/memory/4880-299-0x00007FF7E9560000-0x00007FF7E98B4000-memory.dmp	xmrig
behavioral2/memory/4872-288-0x00007FF7E4860000-0x00007FF7E4BB4000-memory.dmp	xmrig
behavioral2/memory/4412-287-0x00007FF73FC90000-0x00007FF73FFE4000-memory.dmp	xmrig
behavioral2/memory/4760-269-0x00007FF6AA780000-0x00007FF6AAAD4000-memory.dmp	xmrig
behavioral2/memory/848-268-0x00007FF7D5040000-0x00007FF7D5394000-memory.dmp	xmrig
behavioral2/memory/4656-256-0x00007FF73C8F0000-0x00007FF73CC44000-memory.dmp	xmrig
behavioral2/memory/3636-244-0x00007FF6B1880000-0x00007FF6B1BD4000-memory.dmp	xmrig
behavioral2/memory/1036-239-0x00007FF649DC0000-0x00007FF64A114000-memory.dmp	xmrig
behavioral2/memory/4012-235-0x00007FF7ED340000-0x00007FF7ED694000-memory.dmp	xmrig
behavioral2/memory/3620-234-0x00007FF7E1970000-0x00007FF7E1CC4000-memory.dmp	xmrig
behavioral2/memory/5012-232-0x00007FF6E45B0000-0x00007FF6E4904000-memory.dmp	xmrig
behavioral2/memory/2056-222-0x00007FF7D36A0000-0x00007FF7D39F4000-memory.dmp	xmrig
behavioral2/memory/796-215-0x00007FF7CE1A0000-0x00007FF7CE4F4000-memory.dmp	xmrig
behavioral2/memory/1220-214-0x00007FF76CDD0000-0x00007FF76D124000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8c-179.dat	xmrig
behavioral2/files/0x000a000000023b8b-173.dat	xmrig
behavioral2/files/0x000a000000023b89-171.dat	xmrig
behavioral2/files/0x000a000000023b88-164.dat	xmrig
behavioral2/files/0x000a000000023b87-160.dat	xmrig
behavioral2/files/0x000a000000023b86-156.dat	xmrig
behavioral2/files/0x000a000000023b85-151.dat	xmrig
behavioral2/files/0x000a000000023b82-132.dat	xmrig
behavioral2/files/0x000a000000023b80-123.dat	xmrig
behavioral2/files/0x000a000000023b7f-116.dat	xmrig
behavioral2/files/0x000a000000023b7e-114.dat	xmrig
behavioral2/files/0x000a000000023b7d-108.dat	xmrig
behavioral2/files/0x000a000000023b7b-93.dat	xmrig
behavioral2/files/0x000a000000023b7a-88.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4492	acGKkKQ.exe
4140	xkyQkkl.exe
5088	GITjFUf.exe
4880	tPBCcXm.exe
3516	pamKgrh.exe
4420	NwRyeWj.exe
1048	CLhRMEt.exe
3028	hkMLVTb.exe
996	tOgNzbo.exe
3032	RdivFgH.exe
784	qepNxKV.exe
2424	LUWlXuk.exe
1220	CHTeEbA.exe
796	RAHuzwK.exe
2056	QhhBfaJ.exe
5012	FOYmTxq.exe
3620	DEruWga.exe
4012	Wvmweav.exe
1036	yltXyox.exe
3636	rRfGDMl.exe
1464	unGnNMm.exe
1916	cctVOmk.exe
4656	kvPYwEv.exe
848	uNxcHuW.exe
4760	krQXuNi.exe
2896	KcBFRYy.exe
5036	Vxfveow.exe
4412	VCCDQUN.exe
4872	VYQZhuz.exe
4684	KEyDaQU.exe
1884	mAEbERB.exe
2656	tUSILMU.exe
3512	sVQulVM.exe
908	TDEyCGX.exe
904	VCFFIuG.exe
1820	LEqTQSm.exe
3488	qmkWPpq.exe
1392	tRSgkqb.exe
552	otzXjJV.exe
2728	vYpJVqe.exe
4460	xqwYcxR.exe
4268	ncRTsZG.exe
1972	FYCDYAg.exe
4516	HvhNSkN.exe
3996	jWHIyDm.exe
3168	yqxGjSK.exe
1360	oWhFlOJ.exe
4892	HeaMwum.exe
2892	wAJJZnI.exe
956	KtFivyX.exe
4388	vIJvkSJ.exe
2416	jTUgOAX.exe
5076	BNvIzhk.exe
224	FiWnGxg.exe
3832	inOnzZu.exe
3844	WkAfIQB.exe
3404	dyfoRap.exe
4596	uNukuyO.exe
2140	mqVUyoj.exe
3424	XYaXOKl.exe
1864	TOmNbGY.exe
4016	BAYvNnO.exe
4112	GDJmjfl.exe
4264	nwdDIGq.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2888-0-0x00007FF795D30000-0x00007FF796084000-memory.dmp	upx
behavioral2/files/0x000e000000023b6a-5.dat	upx
behavioral2/files/0x000a000000023b6e-10.dat	upx
behavioral2/files/0x0031000000023b70-19.dat	upx
behavioral2/memory/4880-23-0x00007FF7E9560000-0x00007FF7E98B4000-memory.dmp	upx
behavioral2/files/0x000a000000023b6f-21.dat	upx
behavioral2/memory/4140-15-0x00007FF76C950000-0x00007FF76CCA4000-memory.dmp	upx
behavioral2/memory/5088-18-0x00007FF795B80000-0x00007FF795ED4000-memory.dmp	upx
behavioral2/memory/4492-8-0x00007FF6065E0000-0x00007FF606934000-memory.dmp	upx
behavioral2/files/0x0031000000023b71-28.dat	upx
behavioral2/files/0x000b000000023b6b-33.dat	upx
behavioral2/memory/3516-31-0x00007FF68D840000-0x00007FF68DB94000-memory.dmp	upx
behavioral2/files/0x0031000000023b72-41.dat	upx
behavioral2/memory/4420-38-0x00007FF77E180000-0x00007FF77E4D4000-memory.dmp	upx
behavioral2/files/0x000a000000023b73-45.dat	upx
behavioral2/memory/1048-47-0x00007FF750800000-0x00007FF750B54000-memory.dmp	upx
behavioral2/memory/3028-48-0x00007FF79F410000-0x00007FF79F764000-memory.dmp	upx
behavioral2/files/0x000a000000023b74-51.dat	upx
behavioral2/memory/4492-60-0x00007FF6065E0000-0x00007FF606934000-memory.dmp	upx
behavioral2/memory/996-61-0x00007FF6FAE50000-0x00007FF6FB1A4000-memory.dmp	upx
behavioral2/memory/3032-62-0x00007FF67A180000-0x00007FF67A4D4000-memory.dmp	upx
behavioral2/files/0x000a000000023b75-64.dat	upx
behavioral2/memory/4140-63-0x00007FF76C950000-0x00007FF76CCA4000-memory.dmp	upx
behavioral2/memory/2888-55-0x00007FF795D30000-0x00007FF796084000-memory.dmp	upx
behavioral2/files/0x000a000000023b76-70.dat	upx
behavioral2/files/0x000a000000023b7c-99.dat	upx
behavioral2/files/0x000a000000023b77-104.dat	upx
behavioral2/files/0x000a000000023b81-129.dat	upx
behavioral2/files/0x000a000000023b83-134.dat	upx
behavioral2/files/0x000a000000023b84-147.dat	upx
behavioral2/files/0x000a000000023b8a-174.dat	upx
behavioral2/memory/1464-245-0x00007FF70BFD0000-0x00007FF70C324000-memory.dmp	upx
behavioral2/memory/1916-249-0x00007FF7461A0000-0x00007FF7464F4000-memory.dmp	upx
behavioral2/memory/2896-273-0x00007FF730540000-0x00007FF730894000-memory.dmp	upx
behavioral2/memory/5036-279-0x00007FF7CD680000-0x00007FF7CD9D4000-memory.dmp	upx
behavioral2/memory/2424-302-0x00007FF622760000-0x00007FF622AB4000-memory.dmp	upx
behavioral2/memory/4880-299-0x00007FF7E9560000-0x00007FF7E98B4000-memory.dmp	upx
behavioral2/memory/4872-288-0x00007FF7E4860000-0x00007FF7E4BB4000-memory.dmp	upx
behavioral2/memory/4412-287-0x00007FF73FC90000-0x00007FF73FFE4000-memory.dmp	upx
behavioral2/memory/4760-269-0x00007FF6AA780000-0x00007FF6AAAD4000-memory.dmp	upx
behavioral2/memory/848-268-0x00007FF7D5040000-0x00007FF7D5394000-memory.dmp	upx
behavioral2/memory/4656-256-0x00007FF73C8F0000-0x00007FF73CC44000-memory.dmp	upx
behavioral2/memory/3636-244-0x00007FF6B1880000-0x00007FF6B1BD4000-memory.dmp	upx
behavioral2/memory/1036-239-0x00007FF649DC0000-0x00007FF64A114000-memory.dmp	upx
behavioral2/memory/4012-235-0x00007FF7ED340000-0x00007FF7ED694000-memory.dmp	upx
behavioral2/memory/3620-234-0x00007FF7E1970000-0x00007FF7E1CC4000-memory.dmp	upx
behavioral2/memory/5012-232-0x00007FF6E45B0000-0x00007FF6E4904000-memory.dmp	upx
behavioral2/memory/2056-222-0x00007FF7D36A0000-0x00007FF7D39F4000-memory.dmp	upx
behavioral2/memory/796-215-0x00007FF7CE1A0000-0x00007FF7CE4F4000-memory.dmp	upx
behavioral2/memory/1220-214-0x00007FF76CDD0000-0x00007FF76D124000-memory.dmp	upx
behavioral2/files/0x000a000000023b8c-179.dat	upx
behavioral2/files/0x000a000000023b8b-173.dat	upx
behavioral2/files/0x000a000000023b89-171.dat	upx
behavioral2/files/0x000a000000023b88-164.dat	upx
behavioral2/files/0x000a000000023b87-160.dat	upx
behavioral2/files/0x000a000000023b86-156.dat	upx
behavioral2/files/0x000a000000023b85-151.dat	upx
behavioral2/files/0x000a000000023b82-132.dat	upx
behavioral2/files/0x000a000000023b80-123.dat	upx
behavioral2/files/0x000a000000023b7f-116.dat	upx
behavioral2/files/0x000a000000023b7e-114.dat	upx
behavioral2/files/0x000a000000023b7d-108.dat	upx
behavioral2/files/0x000a000000023b7b-93.dat	upx
behavioral2/files/0x000a000000023b7a-88.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dgjgFar.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjugQNw.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\olXeeer.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cymdNYQ.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqXJAkC.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MuvetDv.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\joQjjmt.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXJgPLX.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fyOlFiE.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmRuqBY.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eYtTCMJ.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBatrfP.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\djjRClK.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQmmDSK.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mPIUvCH.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJWkPPk.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FiWnGxg.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpfatNC.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hkWbzZO.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wLOwgCL.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEdmaxV.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbBHWVl.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYXEGGf.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jOnvtVr.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwxEQQY.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaPHDrR.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQlnIGX.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EulrqTi.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wAJJZnI.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AucxFjc.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xUTmNMr.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RAtvWqh.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wgjZFQY.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HVtFnen.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJOrGNr.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPVCdvr.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yIKwLhs.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzhcbKr.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJdwQEo.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\inbcLwu.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySqMzvq.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRrNZRY.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wAfoVub.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCAdszP.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGwLtsf.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqgTtwJ.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yatNPXZ.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTnSPwn.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YoKiYjb.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EUnbuUk.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jdalPvh.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqVCWQr.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\atTYLvI.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zeAAdNJ.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTFyMVi.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qepNxKV.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWHIyDm.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mHnyQbH.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjWeWCs.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBdwUyb.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zEdindU.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFcAKho.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\diVMkxT.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXFxqCs.exe	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 4492	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 2888 wrote to memory of 4492	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 2888 wrote to memory of 4140	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 2888 wrote to memory of 4140	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 2888 wrote to memory of 5088	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2888 wrote to memory of 5088	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2888 wrote to memory of 4880	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2888 wrote to memory of 4880	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2888 wrote to memory of 3516	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2888 wrote to memory of 3516	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2888 wrote to memory of 4420	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2888 wrote to memory of 4420	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2888 wrote to memory of 1048	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2888 wrote to memory of 1048	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2888 wrote to memory of 3028	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2888 wrote to memory of 3028	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2888 wrote to memory of 996	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2888 wrote to memory of 996	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2888 wrote to memory of 3032	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2888 wrote to memory of 3032	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2888 wrote to memory of 784	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2888 wrote to memory of 784	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2888 wrote to memory of 3620	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2888 wrote to memory of 3620	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2888 wrote to memory of 2424	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2888 wrote to memory of 2424	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2888 wrote to memory of 1220	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2888 wrote to memory of 1220	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2888 wrote to memory of 796	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2888 wrote to memory of 796	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2888 wrote to memory of 2056	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2888 wrote to memory of 2056	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2888 wrote to memory of 5012	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2888 wrote to memory of 5012	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2888 wrote to memory of 4012	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2888 wrote to memory of 4012	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2888 wrote to memory of 1036	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2888 wrote to memory of 1036	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2888 wrote to memory of 3636	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2888 wrote to memory of 3636	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2888 wrote to memory of 1464	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2888 wrote to memory of 1464	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2888 wrote to memory of 1916	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2888 wrote to memory of 1916	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2888 wrote to memory of 4656	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2888 wrote to memory of 4656	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2888 wrote to memory of 848	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2888 wrote to memory of 848	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2888 wrote to memory of 4760	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2888 wrote to memory of 4760	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2888 wrote to memory of 2896	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2888 wrote to memory of 2896	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2888 wrote to memory of 5036	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2888 wrote to memory of 5036	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2888 wrote to memory of 4412	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2888 wrote to memory of 4412	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2888 wrote to memory of 4872	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2888 wrote to memory of 4872	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2888 wrote to memory of 4684	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2888 wrote to memory of 4684	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2888 wrote to memory of 1884	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2888 wrote to memory of 1884	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2888 wrote to memory of 2656	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2888 wrote to memory of 2656	2888	2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-05_9f83fbc84dc067e79bd3fb9697d11457_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\System\acGKkKQ.exe
  C:\Windows\System\acGKkKQ.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\xkyQkkl.exe
  C:\Windows\System\xkyQkkl.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\GITjFUf.exe
  C:\Windows\System\GITjFUf.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\tPBCcXm.exe
  C:\Windows\System\tPBCcXm.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\pamKgrh.exe
  C:\Windows\System\pamKgrh.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\NwRyeWj.exe
  C:\Windows\System\NwRyeWj.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\CLhRMEt.exe
  C:\Windows\System\CLhRMEt.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\hkMLVTb.exe
  C:\Windows\System\hkMLVTb.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\tOgNzbo.exe
  C:\Windows\System\tOgNzbo.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\RdivFgH.exe
  C:\Windows\System\RdivFgH.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\qepNxKV.exe
  C:\Windows\System\qepNxKV.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\DEruWga.exe
  C:\Windows\System\DEruWga.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\LUWlXuk.exe
  C:\Windows\System\LUWlXuk.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\CHTeEbA.exe
  C:\Windows\System\CHTeEbA.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\RAHuzwK.exe
  C:\Windows\System\RAHuzwK.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\QhhBfaJ.exe
  C:\Windows\System\QhhBfaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\FOYmTxq.exe
  C:\Windows\System\FOYmTxq.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\Wvmweav.exe
  C:\Windows\System\Wvmweav.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\yltXyox.exe
  C:\Windows\System\yltXyox.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\rRfGDMl.exe
  C:\Windows\System\rRfGDMl.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\unGnNMm.exe
  C:\Windows\System\unGnNMm.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\cctVOmk.exe
  C:\Windows\System\cctVOmk.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\kvPYwEv.exe
  C:\Windows\System\kvPYwEv.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\uNxcHuW.exe
  C:\Windows\System\uNxcHuW.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\krQXuNi.exe
  C:\Windows\System\krQXuNi.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\KcBFRYy.exe
  C:\Windows\System\KcBFRYy.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\Vxfveow.exe
  C:\Windows\System\Vxfveow.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\VCCDQUN.exe
  C:\Windows\System\VCCDQUN.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\VYQZhuz.exe
  C:\Windows\System\VYQZhuz.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\KEyDaQU.exe
  C:\Windows\System\KEyDaQU.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\mAEbERB.exe
  C:\Windows\System\mAEbERB.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\tUSILMU.exe
  C:\Windows\System\tUSILMU.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\sVQulVM.exe
  C:\Windows\System\sVQulVM.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\TDEyCGX.exe
  C:\Windows\System\TDEyCGX.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\VCFFIuG.exe
  C:\Windows\System\VCFFIuG.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\LEqTQSm.exe
  C:\Windows\System\LEqTQSm.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\qmkWPpq.exe
  C:\Windows\System\qmkWPpq.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\tRSgkqb.exe
  C:\Windows\System\tRSgkqb.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\otzXjJV.exe
  C:\Windows\System\otzXjJV.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\vYpJVqe.exe
  C:\Windows\System\vYpJVqe.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\xqwYcxR.exe
  C:\Windows\System\xqwYcxR.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\ncRTsZG.exe
  C:\Windows\System\ncRTsZG.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\FYCDYAg.exe
  C:\Windows\System\FYCDYAg.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\HvhNSkN.exe
  C:\Windows\System\HvhNSkN.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\jWHIyDm.exe
  C:\Windows\System\jWHIyDm.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\yqxGjSK.exe
  C:\Windows\System\yqxGjSK.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\oWhFlOJ.exe
  C:\Windows\System\oWhFlOJ.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\HeaMwum.exe
  C:\Windows\System\HeaMwum.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\wAJJZnI.exe
  C:\Windows\System\wAJJZnI.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\KtFivyX.exe
  C:\Windows\System\KtFivyX.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\vIJvkSJ.exe
  C:\Windows\System\vIJvkSJ.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\jTUgOAX.exe
  C:\Windows\System\jTUgOAX.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\BNvIzhk.exe
  C:\Windows\System\BNvIzhk.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\FiWnGxg.exe
  C:\Windows\System\FiWnGxg.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\inOnzZu.exe
  C:\Windows\System\inOnzZu.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\WkAfIQB.exe
  C:\Windows\System\WkAfIQB.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\dyfoRap.exe
  C:\Windows\System\dyfoRap.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\uNukuyO.exe
  C:\Windows\System\uNukuyO.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\mqVUyoj.exe
  C:\Windows\System\mqVUyoj.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\XYaXOKl.exe
  C:\Windows\System\XYaXOKl.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\TOmNbGY.exe
  C:\Windows\System\TOmNbGY.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\BAYvNnO.exe
  C:\Windows\System\BAYvNnO.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\GDJmjfl.exe
  C:\Windows\System\GDJmjfl.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\nwdDIGq.exe
  C:\Windows\System\nwdDIGq.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\JVVDVPT.exe
  C:\Windows\System\JVVDVPT.exe
  2⤵
  PID:536
- C:\Windows\System\BuBOJTs.exe
  C:\Windows\System\BuBOJTs.exe
  2⤵
  PID:4316
- C:\Windows\System\jdalPvh.exe
  C:\Windows\System\jdalPvh.exe
  2⤵
  PID:4320
- C:\Windows\System\VvnosxC.exe
  C:\Windows\System\VvnosxC.exe
  2⤵
  PID:4532
- C:\Windows\System\ZscoeJC.exe
  C:\Windows\System\ZscoeJC.exe
  2⤵
  PID:3984
- C:\Windows\System\pxHvOeN.exe
  C:\Windows\System\pxHvOeN.exe
  2⤵
  PID:3308
- C:\Windows\System\tdnNRVL.exe
  C:\Windows\System\tdnNRVL.exe
  2⤵
  PID:4992
- C:\Windows\System\oOMwoFM.exe
  C:\Windows\System\oOMwoFM.exe
  2⤵
  PID:5092
- C:\Windows\System\mYEASsT.exe
  C:\Windows\System\mYEASsT.exe
  2⤵
  PID:4904
- C:\Windows\System\GwYZIuT.exe
  C:\Windows\System\GwYZIuT.exe
  2⤵
  PID:2028
- C:\Windows\System\yylmikW.exe
  C:\Windows\System\yylmikW.exe
  2⤵
  PID:1128
- C:\Windows\System\awHOFKe.exe
  C:\Windows\System\awHOFKe.exe
  2⤵
  PID:4336
- C:\Windows\System\AhjxXSj.exe
  C:\Windows\System\AhjxXSj.exe
  2⤵
  PID:4988
- C:\Windows\System\mgFocyA.exe
  C:\Windows\System\mgFocyA.exe
  2⤵
  PID:2320
- C:\Windows\System\gpfaEnF.exe
  C:\Windows\System\gpfaEnF.exe
  2⤵
  PID:1124
- C:\Windows\System\IxHvfeb.exe
  C:\Windows\System\IxHvfeb.exe
  2⤵
  PID:3900
- C:\Windows\System\JiCrtnu.exe
  C:\Windows\System\JiCrtnu.exe
  2⤵
  PID:1196
- C:\Windows\System\ICJOlAe.exe
  C:\Windows\System\ICJOlAe.exe
  2⤵
  PID:3932
- C:\Windows\System\CRKyUAC.exe
  C:\Windows\System\CRKyUAC.exe
  2⤵
  PID:4216
- C:\Windows\System\hlmvmJz.exe
  C:\Windows\System\hlmvmJz.exe
  2⤵
  PID:2160
- C:\Windows\System\FRABXdG.exe
  C:\Windows\System\FRABXdG.exe
  2⤵
  PID:3112
- C:\Windows\System\QMTeDLy.exe
  C:\Windows\System\QMTeDLy.exe
  2⤵
  PID:4700
- C:\Windows\System\NFJvnqa.exe
  C:\Windows\System\NFJvnqa.exe
  2⤵
  PID:1700
- C:\Windows\System\aYltvsH.exe
  C:\Windows\System\aYltvsH.exe
  2⤵
  PID:748
- C:\Windows\System\OdscWxN.exe
  C:\Windows\System\OdscWxN.exe
  2⤵
  PID:852
- C:\Windows\System\Whwwjuw.exe
  C:\Windows\System\Whwwjuw.exe
  2⤵
  PID:3312
- C:\Windows\System\jYYcpzb.exe
  C:\Windows\System\jYYcpzb.exe
  2⤵
  PID:5148
- C:\Windows\System\diukFVJ.exe
  C:\Windows\System\diukFVJ.exe
  2⤵
  PID:5164
- C:\Windows\System\jymRXGO.exe
  C:\Windows\System\jymRXGO.exe
  2⤵
  PID:5180
- C:\Windows\System\nxgvged.exe
  C:\Windows\System\nxgvged.exe
  2⤵
  PID:5200
- C:\Windows\System\NQgwlho.exe
  C:\Windows\System\NQgwlho.exe
  2⤵
  PID:5216
- C:\Windows\System\QETAkXJ.exe
  C:\Windows\System\QETAkXJ.exe
  2⤵
  PID:5400
- C:\Windows\System\KqwPKCu.exe
  C:\Windows\System\KqwPKCu.exe
  2⤵
  PID:5420
- C:\Windows\System\fyOlFiE.exe
  C:\Windows\System\fyOlFiE.exe
  2⤵
  PID:5452
- C:\Windows\System\WoLvXaT.exe
  C:\Windows\System\WoLvXaT.exe
  2⤵
  PID:5476
- C:\Windows\System\ODCtVEo.exe
  C:\Windows\System\ODCtVEo.exe
  2⤵
  PID:5504
- C:\Windows\System\bumQIvU.exe
  C:\Windows\System\bumQIvU.exe
  2⤵
  PID:5540
- C:\Windows\System\AWilUXj.exe
  C:\Windows\System\AWilUXj.exe
  2⤵
  PID:5564
- C:\Windows\System\ZtMmiQL.exe
  C:\Windows\System\ZtMmiQL.exe
  2⤵
  PID:5588
- C:\Windows\System\qvjbJqD.exe
  C:\Windows\System\qvjbJqD.exe
  2⤵
  PID:5624
- C:\Windows\System\HazJMxQ.exe
  C:\Windows\System\HazJMxQ.exe
  2⤵
  PID:5644
- C:\Windows\System\bdvMKHD.exe
  C:\Windows\System\bdvMKHD.exe
  2⤵
  PID:5680
- C:\Windows\System\OkCWsJz.exe
  C:\Windows\System\OkCWsJz.exe
  2⤵
  PID:5700
- C:\Windows\System\eCAOHsx.exe
  C:\Windows\System\eCAOHsx.exe
  2⤵
  PID:5732
- C:\Windows\System\IXqiXgj.exe
  C:\Windows\System\IXqiXgj.exe
  2⤵
  PID:5768
- C:\Windows\System\exquBsm.exe
  C:\Windows\System\exquBsm.exe
  2⤵
  PID:5784
- C:\Windows\System\RPWiBaW.exe
  C:\Windows\System\RPWiBaW.exe
  2⤵
  PID:5820
- C:\Windows\System\BZQpLGZ.exe
  C:\Windows\System\BZQpLGZ.exe
  2⤵
  PID:5860
- C:\Windows\System\TjQfHGJ.exe
  C:\Windows\System\TjQfHGJ.exe
  2⤵
  PID:5896
- C:\Windows\System\DtymCyW.exe
  C:\Windows\System\DtymCyW.exe
  2⤵
  PID:5916
- C:\Windows\System\nppnOEB.exe
  C:\Windows\System\nppnOEB.exe
  2⤵
  PID:5940
- C:\Windows\System\YvxNtZv.exe
  C:\Windows\System\YvxNtZv.exe
  2⤵
  PID:5972
- C:\Windows\System\uVURRpt.exe
  C:\Windows\System\uVURRpt.exe
  2⤵
  PID:6024
- C:\Windows\System\AmJEenh.exe
  C:\Windows\System\AmJEenh.exe
  2⤵
  PID:6060
- C:\Windows\System\UKXDFxK.exe
  C:\Windows\System\UKXDFxK.exe
  2⤵
  PID:6076
- C:\Windows\System\KsmlSYW.exe
  C:\Windows\System\KsmlSYW.exe
  2⤵
  PID:6116
- C:\Windows\System\oeiPPAE.exe
  C:\Windows\System\oeiPPAE.exe
  2⤵
  PID:6132
- C:\Windows\System\ksxmbYo.exe
  C:\Windows\System\ksxmbYo.exe
  2⤵
  PID:2628
- C:\Windows\System\dgjgFar.exe
  C:\Windows\System\dgjgFar.exe
  2⤵
  PID:4968
- C:\Windows\System\EOmHNpm.exe
  C:\Windows\System\EOmHNpm.exe
  2⤵
  PID:4588
- C:\Windows\System\VUmqpjy.exe
  C:\Windows\System\VUmqpjy.exe
  2⤵
  PID:2436
- C:\Windows\System\rGWpdvr.exe
  C:\Windows\System\rGWpdvr.exe
  2⤵
  PID:2368
- C:\Windows\System\LCaXMnn.exe
  C:\Windows\System\LCaXMnn.exe
  2⤵
  PID:316
- C:\Windows\System\drDDjhQ.exe
  C:\Windows\System\drDDjhQ.exe
  2⤵
  PID:5160
- C:\Windows\System\ftOvmNz.exe
  C:\Windows\System\ftOvmNz.exe
  2⤵
  PID:5240
- C:\Windows\System\leZnJQx.exe
  C:\Windows\System\leZnJQx.exe
  2⤵
  PID:5312
- C:\Windows\System\AjiULga.exe
  C:\Windows\System\AjiULga.exe
  2⤵
  PID:3720
- C:\Windows\System\qSHOxcO.exe
  C:\Windows\System\qSHOxcO.exe
  2⤵
  PID:4832
- C:\Windows\System\gLLZyuZ.exe
  C:\Windows\System\gLLZyuZ.exe
  2⤵
  PID:3816
- C:\Windows\System\uZgXWHA.exe
  C:\Windows\System\uZgXWHA.exe
  2⤵
  PID:4300
- C:\Windows\System\vBvZimV.exe
  C:\Windows\System\vBvZimV.exe
  2⤵
  PID:1076
- C:\Windows\System\WKYXwTL.exe
  C:\Windows\System\WKYXwTL.exe
  2⤵
  PID:4784
- C:\Windows\System\giFCALZ.exe
  C:\Windows\System\giFCALZ.exe
  2⤵
  PID:1188
- C:\Windows\System\ALjaFzF.exe
  C:\Windows\System\ALjaFzF.exe
  2⤵
  PID:800
- C:\Windows\System\mYiERNK.exe
  C:\Windows\System\mYiERNK.exe
  2⤵
  PID:3056
- C:\Windows\System\ugWJURy.exe
  C:\Windows\System\ugWJURy.exe
  2⤵
  PID:3384
- C:\Windows\System\ByFYAtI.exe
  C:\Windows\System\ByFYAtI.exe
  2⤵
  PID:5372
- C:\Windows\System\fgWKDPA.exe
  C:\Windows\System\fgWKDPA.exe
  2⤵
  PID:5444
- C:\Windows\System\UtmnEKh.exe
  C:\Windows\System\UtmnEKh.exe
  2⤵
  PID:5500
- C:\Windows\System\fOafMdX.exe
  C:\Windows\System\fOafMdX.exe
  2⤵
  PID:5556
- C:\Windows\System\vNrVCuG.exe
  C:\Windows\System\vNrVCuG.exe
  2⤵
  PID:5636
- C:\Windows\System\JPBieFk.exe
  C:\Windows\System\JPBieFk.exe
  2⤵
  PID:5708
- C:\Windows\System\CrVkioK.exe
  C:\Windows\System\CrVkioK.exe
  2⤵
  PID:5764
- C:\Windows\System\FpJwFsd.exe
  C:\Windows\System\FpJwFsd.exe
  2⤵
  PID:5828
- C:\Windows\System\JYZQUlR.exe
  C:\Windows\System\JYZQUlR.exe
  2⤵
  PID:5232
- C:\Windows\System\eLDkvxl.exe
  C:\Windows\System\eLDkvxl.exe
  2⤵
  PID:5948
- C:\Windows\System\ExiFeGe.exe
  C:\Windows\System\ExiFeGe.exe
  2⤵
  PID:6032
- C:\Windows\System\uwVbpWX.exe
  C:\Windows\System\uwVbpWX.exe
  2⤵
  PID:6112
- C:\Windows\System\lfChumN.exe
  C:\Windows\System\lfChumN.exe
  2⤵
  PID:64
- C:\Windows\System\RPsVWEz.exe
  C:\Windows\System\RPsVWEz.exe
  2⤵
  PID:1668
- C:\Windows\System\xRmrqBo.exe
  C:\Windows\System\xRmrqBo.exe
  2⤵
  PID:2776
- C:\Windows\System\WFBuGCf.exe
  C:\Windows\System\WFBuGCf.exe
  2⤵
  PID:5224
- C:\Windows\System\BtcXKpA.exe
  C:\Windows\System\BtcXKpA.exe
  2⤵
  PID:1072
- C:\Windows\System\tBKvtsD.exe
  C:\Windows\System\tBKvtsD.exe
  2⤵
  PID:4908
- C:\Windows\System\FjWeWCs.exe
  C:\Windows\System\FjWeWCs.exe
  2⤵
  PID:2636
- C:\Windows\System\YZZXGZV.exe
  C:\Windows\System\YZZXGZV.exe
  2⤵
  PID:3348
- C:\Windows\System\rOXouFc.exe
  C:\Windows\System\rOXouFc.exe
  2⤵
  PID:3136
- C:\Windows\System\nCLfRxd.exe
  C:\Windows\System\nCLfRxd.exe
  2⤵
  PID:5412
- C:\Windows\System\rzhcbKr.exe
  C:\Windows\System\rzhcbKr.exe
  2⤵
  PID:5580
- C:\Windows\System\uuzfccC.exe
  C:\Windows\System\uuzfccC.exe
  2⤵
  PID:5740
- C:\Windows\System\QPNwDYd.exe
  C:\Windows\System\QPNwDYd.exe
  2⤵
  PID:5904
- C:\Windows\System\wuAuTQw.exe
  C:\Windows\System\wuAuTQw.exe
  2⤵
  PID:6000
- C:\Windows\System\vvzoZbG.exe
  C:\Windows\System\vvzoZbG.exe
  2⤵
  PID:2760
- C:\Windows\System\RzqfqeW.exe
  C:\Windows\System\RzqfqeW.exe
  2⤵
  PID:5124
- C:\Windows\System\WZEFEiT.exe
  C:\Windows\System\WZEFEiT.exe
  2⤵
  PID:2440
- C:\Windows\System\WryTpwj.exe
  C:\Windows\System\WryTpwj.exe
  2⤵
  PID:5064
- C:\Windows\System\wAfoVub.exe
  C:\Windows\System\wAfoVub.exe
  2⤵
  PID:5528
- C:\Windows\System\rzekkSJ.exe
  C:\Windows\System\rzekkSJ.exe
  2⤵
  PID:6096
- C:\Windows\System\NiHeqxD.exe
  C:\Windows\System\NiHeqxD.exe
  2⤵
  PID:5980
- C:\Windows\System\YTCGHnj.exe
  C:\Windows\System\YTCGHnj.exe
  2⤵
  PID:4176
- C:\Windows\System\ceaiVeU.exe
  C:\Windows\System\ceaiVeU.exe
  2⤵
  PID:5960
- C:\Windows\System\ywPATVe.exe
  C:\Windows\System\ywPATVe.exe
  2⤵
  PID:2220
- C:\Windows\System\omjxUqc.exe
  C:\Windows\System\omjxUqc.exe
  2⤵
  PID:6168
- C:\Windows\System\snAXchz.exe
  C:\Windows\System\snAXchz.exe
  2⤵
  PID:6196
- C:\Windows\System\vXGlSFo.exe
  C:\Windows\System\vXGlSFo.exe
  2⤵
  PID:6224
- C:\Windows\System\vjdpIJL.exe
  C:\Windows\System\vjdpIJL.exe
  2⤵
  PID:6260
- C:\Windows\System\nvGfUtW.exe
  C:\Windows\System\nvGfUtW.exe
  2⤵
  PID:6288
- C:\Windows\System\EUPmKGq.exe
  C:\Windows\System\EUPmKGq.exe
  2⤵
  PID:6320
- C:\Windows\System\UMrwRoC.exe
  C:\Windows\System\UMrwRoC.exe
  2⤵
  PID:6348
- C:\Windows\System\KlMkojd.exe
  C:\Windows\System\KlMkojd.exe
  2⤵
  PID:6376
- C:\Windows\System\NFsKQjJ.exe
  C:\Windows\System\NFsKQjJ.exe
  2⤵
  PID:6400
- C:\Windows\System\tBxpZCV.exe
  C:\Windows\System\tBxpZCV.exe
  2⤵
  PID:6436
- C:\Windows\System\dnxWojl.exe
  C:\Windows\System\dnxWojl.exe
  2⤵
  PID:6464
- C:\Windows\System\ejJygls.exe
  C:\Windows\System\ejJygls.exe
  2⤵
  PID:6496
- C:\Windows\System\zrytNYj.exe
  C:\Windows\System\zrytNYj.exe
  2⤵
  PID:6524
- C:\Windows\System\ewjDEQh.exe
  C:\Windows\System\ewjDEQh.exe
  2⤵
  PID:6556
- C:\Windows\System\HlJJFUV.exe
  C:\Windows\System\HlJJFUV.exe
  2⤵
  PID:6584
- C:\Windows\System\uTFgMGd.exe
  C:\Windows\System\uTFgMGd.exe
  2⤵
  PID:6616
- C:\Windows\System\WVuALFA.exe
  C:\Windows\System\WVuALFA.exe
  2⤵
  PID:6668
- C:\Windows\System\lmRuqBY.exe
  C:\Windows\System\lmRuqBY.exe
  2⤵
  PID:6712
- C:\Windows\System\dibygpF.exe
  C:\Windows\System\dibygpF.exe
  2⤵
  PID:6752
- C:\Windows\System\VACUsMy.exe
  C:\Windows\System\VACUsMy.exe
  2⤵
  PID:6788
- C:\Windows\System\DSSsHrP.exe
  C:\Windows\System\DSSsHrP.exe
  2⤵
  PID:6872
- C:\Windows\System\VgvsZBT.exe
  C:\Windows\System\VgvsZBT.exe
  2⤵
  PID:6908
- C:\Windows\System\plRGnkd.exe
  C:\Windows\System\plRGnkd.exe
  2⤵
  PID:6932
- C:\Windows\System\dypoqFy.exe
  C:\Windows\System\dypoqFy.exe
  2⤵
  PID:6968
- C:\Windows\System\kSmJZGR.exe
  C:\Windows\System\kSmJZGR.exe
  2⤵
  PID:6996
- C:\Windows\System\xcqADkN.exe
  C:\Windows\System\xcqADkN.exe
  2⤵
  PID:7024
- C:\Windows\System\VgrNBZg.exe
  C:\Windows\System\VgrNBZg.exe
  2⤵
  PID:7052
- C:\Windows\System\zyHtLyb.exe
  C:\Windows\System\zyHtLyb.exe
  2⤵
  PID:7080
- C:\Windows\System\KVDFQMf.exe
  C:\Windows\System\KVDFQMf.exe
  2⤵
  PID:7108
- C:\Windows\System\RcVEfMR.exe
  C:\Windows\System\RcVEfMR.exe
  2⤵
  PID:7136
- C:\Windows\System\OIvUkvp.exe
  C:\Windows\System\OIvUkvp.exe
  2⤵
  PID:7160
- C:\Windows\System\OoxtTcC.exe
  C:\Windows\System\OoxtTcC.exe
  2⤵
  PID:6184
- C:\Windows\System\mHnyQbH.exe
  C:\Windows\System\mHnyQbH.exe
  2⤵
  PID:6236
- C:\Windows\System\BNxgMdw.exe
  C:\Windows\System\BNxgMdw.exe
  2⤵
  PID:6152
- C:\Windows\System\BJQXnjo.exe
  C:\Windows\System\BJQXnjo.exe
  2⤵
  PID:6308
- C:\Windows\System\uwutcHT.exe
  C:\Windows\System\uwutcHT.exe
  2⤵
  PID:6368
- C:\Windows\System\fgIeNYz.exe
  C:\Windows\System\fgIeNYz.exe
  2⤵
  PID:6408
- C:\Windows\System\JVPmrVo.exe
  C:\Windows\System\JVPmrVo.exe
  2⤵
  PID:6492
- C:\Windows\System\AJpkFTC.exe
  C:\Windows\System\AJpkFTC.exe
  2⤵
  PID:6576
- C:\Windows\System\pWSAEfq.exe
  C:\Windows\System\pWSAEfq.exe
  2⤵
  PID:4088
- C:\Windows\System\LXsaKQG.exe
  C:\Windows\System\LXsaKQG.exe
  2⤵
  PID:6652
- C:\Windows\System\oSYwXtS.exe
  C:\Windows\System\oSYwXtS.exe
  2⤵
  PID:6780
- C:\Windows\System\aOQsMuX.exe
  C:\Windows\System\aOQsMuX.exe
  2⤵
  PID:6940
- C:\Windows\System\hsLAagh.exe
  C:\Windows\System\hsLAagh.exe
  2⤵
  PID:6992
- C:\Windows\System\upWoPXg.exe
  C:\Windows\System\upWoPXg.exe
  2⤵
  PID:7048
- C:\Windows\System\eYtTCMJ.exe
  C:\Windows\System\eYtTCMJ.exe
  2⤵
  PID:6548
- C:\Windows\System\EtXQXUY.exe
  C:\Windows\System\EtXQXUY.exe
  2⤵
  PID:7144
- C:\Windows\System\nYrXZio.exe
  C:\Windows\System\nYrXZio.exe
  2⤵
  PID:6296
- C:\Windows\System\EtoczdD.exe
  C:\Windows\System\EtoczdD.exe
  2⤵
  PID:6444
- C:\Windows\System\PTOnHzc.exe
  C:\Windows\System\PTOnHzc.exe
  2⤵
  PID:3132
- C:\Windows\System\reFLdAS.exe
  C:\Windows\System\reFLdAS.exe
  2⤵
  PID:6680
- C:\Windows\System\EzQVYxp.exe
  C:\Windows\System\EzQVYxp.exe
  2⤵
  PID:6964
- C:\Windows\System\xZoqjrY.exe
  C:\Windows\System\xZoqjrY.exe
  2⤵
  PID:7072
- C:\Windows\System\FJRyqrN.exe
  C:\Windows\System\FJRyqrN.exe
  2⤵
  PID:6268
- C:\Windows\System\fNFzgAy.exe
  C:\Windows\System\fNFzgAy.exe
  2⤵
  PID:6316
- C:\Windows\System\TfJlhEf.exe
  C:\Windows\System\TfJlhEf.exe
  2⤵
  PID:6904
- C:\Windows\System\nrkezcT.exe
  C:\Windows\System\nrkezcT.exe
  2⤵
  PID:6300
- C:\Windows\System\kaxxebV.exe
  C:\Windows\System\kaxxebV.exe
  2⤵
  PID:7132
- C:\Windows\System\diVMkxT.exe
  C:\Windows\System\diVMkxT.exe
  2⤵
  PID:7016
- C:\Windows\System\GXqqotv.exe
  C:\Windows\System\GXqqotv.exe
  2⤵
  PID:7208
- C:\Windows\System\uxrkWdO.exe
  C:\Windows\System\uxrkWdO.exe
  2⤵
  PID:7236
- C:\Windows\System\joEeAjo.exe
  C:\Windows\System\joEeAjo.exe
  2⤵
  PID:7272
- C:\Windows\System\NZNLNPn.exe
  C:\Windows\System\NZNLNPn.exe
  2⤵
  PID:7300
- C:\Windows\System\jdeZBSi.exe
  C:\Windows\System\jdeZBSi.exe
  2⤵
  PID:7320
- C:\Windows\System\GQcaVPz.exe
  C:\Windows\System\GQcaVPz.exe
  2⤵
  PID:7348
- C:\Windows\System\klnyHPX.exe
  C:\Windows\System\klnyHPX.exe
  2⤵
  PID:7376
- C:\Windows\System\KCPZLRd.exe
  C:\Windows\System\KCPZLRd.exe
  2⤵
  PID:7416
- C:\Windows\System\DxzWWNI.exe
  C:\Windows\System\DxzWWNI.exe
  2⤵
  PID:7436
- C:\Windows\System\MiNwUHZ.exe
  C:\Windows\System\MiNwUHZ.exe
  2⤵
  PID:7472
- C:\Windows\System\qGDYSiz.exe
  C:\Windows\System\qGDYSiz.exe
  2⤵
  PID:7500
- C:\Windows\System\pduFSTb.exe
  C:\Windows\System\pduFSTb.exe
  2⤵
  PID:7528
- C:\Windows\System\tPTOBWT.exe
  C:\Windows\System\tPTOBWT.exe
  2⤵
  PID:7556
- C:\Windows\System\nbVNmQe.exe
  C:\Windows\System\nbVNmQe.exe
  2⤵
  PID:7580
- C:\Windows\System\ZeBTEGp.exe
  C:\Windows\System\ZeBTEGp.exe
  2⤵
  PID:7604
- C:\Windows\System\crDGGMi.exe
  C:\Windows\System\crDGGMi.exe
  2⤵
  PID:7640
- C:\Windows\System\JzmGaqW.exe
  C:\Windows\System\JzmGaqW.exe
  2⤵
  PID:7660
- C:\Windows\System\swzPbnj.exe
  C:\Windows\System\swzPbnj.exe
  2⤵
  PID:7704
- C:\Windows\System\PBatrfP.exe
  C:\Windows\System\PBatrfP.exe
  2⤵
  PID:7720
- C:\Windows\System\IKITKzX.exe
  C:\Windows\System\IKITKzX.exe
  2⤵
  PID:7756
- C:\Windows\System\fAPoiPx.exe
  C:\Windows\System\fAPoiPx.exe
  2⤵
  PID:7780
- C:\Windows\System\KkwtPpV.exe
  C:\Windows\System\KkwtPpV.exe
  2⤵
  PID:7808
- C:\Windows\System\MoercYv.exe
  C:\Windows\System\MoercYv.exe
  2⤵
  PID:7836
- C:\Windows\System\JnZyTqj.exe
  C:\Windows\System\JnZyTqj.exe
  2⤵
  PID:7864
- C:\Windows\System\eNAegGb.exe
  C:\Windows\System\eNAegGb.exe
  2⤵
  PID:7892
- C:\Windows\System\SXFxqCs.exe
  C:\Windows\System\SXFxqCs.exe
  2⤵
  PID:7924
- C:\Windows\System\lTWlgxL.exe
  C:\Windows\System\lTWlgxL.exe
  2⤵
  PID:7948
- C:\Windows\System\OtXLPsZ.exe
  C:\Windows\System\OtXLPsZ.exe
  2⤵
  PID:7976
- C:\Windows\System\jfCHqVy.exe
  C:\Windows\System\jfCHqVy.exe
  2⤵
  PID:8004
- C:\Windows\System\yatNPXZ.exe
  C:\Windows\System\yatNPXZ.exe
  2⤵
  PID:8032
- C:\Windows\System\VudlPfp.exe
  C:\Windows\System\VudlPfp.exe
  2⤵
  PID:8060
- C:\Windows\System\ogBgXso.exe
  C:\Windows\System\ogBgXso.exe
  2⤵
  PID:8092
- C:\Windows\System\qsvBJTk.exe
  C:\Windows\System\qsvBJTk.exe
  2⤵
  PID:8116
- C:\Windows\System\epblFdt.exe
  C:\Windows\System\epblFdt.exe
  2⤵
  PID:8144
- C:\Windows\System\Kivmmrv.exe
  C:\Windows\System\Kivmmrv.exe
  2⤵
  PID:8184
- C:\Windows\System\RKrdwxi.exe
  C:\Windows\System\RKrdwxi.exe
  2⤵
  PID:7184
- C:\Windows\System\xjEtERv.exe
  C:\Windows\System\xjEtERv.exe
  2⤵
  PID:7232
- C:\Windows\System\DFlAxNU.exe
  C:\Windows\System\DFlAxNU.exe
  2⤵
  PID:7312
- C:\Windows\System\ZTCRclb.exe
  C:\Windows\System\ZTCRclb.exe
  2⤵
  PID:7388
- C:\Windows\System\gpwMhZV.exe
  C:\Windows\System\gpwMhZV.exe
  2⤵
  PID:7448
- C:\Windows\System\xqVCWQr.exe
  C:\Windows\System\xqVCWQr.exe
  2⤵
  PID:7508
- C:\Windows\System\mpCtJyL.exe
  C:\Windows\System\mpCtJyL.exe
  2⤵
  PID:7596
- C:\Windows\System\ZygMLho.exe
  C:\Windows\System\ZygMLho.exe
  2⤵
  PID:7652
- C:\Windows\System\aEXzrgn.exe
  C:\Windows\System\aEXzrgn.exe
  2⤵
  PID:7716
- C:\Windows\System\sJcLxPo.exe
  C:\Windows\System\sJcLxPo.exe
  2⤵
  PID:404
- C:\Windows\System\GzfPRTP.exe
  C:\Windows\System\GzfPRTP.exe
  2⤵
  PID:7832
- C:\Windows\System\aSRJpZP.exe
  C:\Windows\System\aSRJpZP.exe
  2⤵
  PID:1508
- C:\Windows\System\OprQgqC.exe
  C:\Windows\System\OprQgqC.exe
  2⤵
  PID:7944
- C:\Windows\System\CKAuWof.exe
  C:\Windows\System\CKAuWof.exe
  2⤵
  PID:8016
- C:\Windows\System\weavNIH.exe
  C:\Windows\System\weavNIH.exe
  2⤵
  PID:8100
- C:\Windows\System\bCkHDtU.exe
  C:\Windows\System\bCkHDtU.exe
  2⤵
  PID:8156
- C:\Windows\System\EeLCsfF.exe
  C:\Windows\System\EeLCsfF.exe
  2⤵
  PID:2648
- C:\Windows\System\NDquymB.exe
  C:\Windows\System\NDquymB.exe
  2⤵
  PID:7292
- C:\Windows\System\UcAxaOv.exe
  C:\Windows\System\UcAxaOv.exe
  2⤵
  PID:7428
- C:\Windows\System\WpxhiQV.exe
  C:\Windows\System\WpxhiQV.exe
  2⤵
  PID:7544
- C:\Windows\System\PnwgpCo.exe
  C:\Windows\System\PnwgpCo.exe
  2⤵
  PID:7700
- C:\Windows\System\nkLbnzA.exe
  C:\Windows\System\nkLbnzA.exe
  2⤵
  PID:7800
- C:\Windows\System\ZpFalSK.exe
  C:\Windows\System\ZpFalSK.exe
  2⤵
  PID:7916
- C:\Windows\System\AvJLtjn.exe
  C:\Windows\System\AvJLtjn.exe
  2⤵
  PID:8128
- C:\Windows\System\wVGqaCC.exe
  C:\Windows\System\wVGqaCC.exe
  2⤵
  PID:7360
- C:\Windows\System\hRkiySD.exe
  C:\Windows\System\hRkiySD.exe
  2⤵
  PID:7564
- C:\Windows\System\NgmAXcj.exe
  C:\Windows\System\NgmAXcj.exe
  2⤵
  PID:7860
- C:\Windows\System\TfZINuR.exe
  C:\Windows\System\TfZINuR.exe
  2⤵
  PID:7400
- C:\Windows\System\hNPmJQd.exe
  C:\Windows\System\hNPmJQd.exe
  2⤵
  PID:1512
- C:\Windows\System\KOirUho.exe
  C:\Windows\System\KOirUho.exe
  2⤵
  PID:8200
- C:\Windows\System\eJdwQEo.exe
  C:\Windows\System\eJdwQEo.exe
  2⤵
  PID:8228
- C:\Windows\System\YYBHJEe.exe
  C:\Windows\System\YYBHJEe.exe
  2⤵
  PID:8256
- C:\Windows\System\HfOcMCq.exe
  C:\Windows\System\HfOcMCq.exe
  2⤵
  PID:8284
- C:\Windows\System\YvPVEvJ.exe
  C:\Windows\System\YvPVEvJ.exe
  2⤵
  PID:8312
- C:\Windows\System\iFvEyJH.exe
  C:\Windows\System\iFvEyJH.exe
  2⤵
  PID:8348
- C:\Windows\System\kAOIwEV.exe
  C:\Windows\System\kAOIwEV.exe
  2⤵
  PID:8388
- C:\Windows\System\VeRcWpF.exe
  C:\Windows\System\VeRcWpF.exe
  2⤵
  PID:8408
- C:\Windows\System\lTIocSW.exe
  C:\Windows\System\lTIocSW.exe
  2⤵
  PID:8432
- C:\Windows\System\sxoCvRm.exe
  C:\Windows\System\sxoCvRm.exe
  2⤵
  PID:8460
- C:\Windows\System\ijmOCnK.exe
  C:\Windows\System\ijmOCnK.exe
  2⤵
  PID:8492
- C:\Windows\System\PazFWLw.exe
  C:\Windows\System\PazFWLw.exe
  2⤵
  PID:8520
- C:\Windows\System\QazqXns.exe
  C:\Windows\System\QazqXns.exe
  2⤵
  PID:8544
- C:\Windows\System\fEcsLhH.exe
  C:\Windows\System\fEcsLhH.exe
  2⤵
  PID:8572
- C:\Windows\System\Cpibmmn.exe
  C:\Windows\System\Cpibmmn.exe
  2⤵
  PID:8600
- C:\Windows\System\yADBFjO.exe
  C:\Windows\System\yADBFjO.exe
  2⤵
  PID:8628
- C:\Windows\System\jTGOYYR.exe
  C:\Windows\System\jTGOYYR.exe
  2⤵
  PID:8656
- C:\Windows\System\FmdfaaN.exe
  C:\Windows\System\FmdfaaN.exe
  2⤵
  PID:8684
- C:\Windows\System\iJogSim.exe
  C:\Windows\System\iJogSim.exe
  2⤵
  PID:8712
- C:\Windows\System\jPsduPe.exe
  C:\Windows\System\jPsduPe.exe
  2⤵
  PID:8740
- C:\Windows\System\zqqKefv.exe
  C:\Windows\System\zqqKefv.exe
  2⤵
  PID:8768
- C:\Windows\System\lluOOLr.exe
  C:\Windows\System\lluOOLr.exe
  2⤵
  PID:8796
- C:\Windows\System\reviMnk.exe
  C:\Windows\System\reviMnk.exe
  2⤵
  PID:8824
- C:\Windows\System\AALwnxk.exe
  C:\Windows\System\AALwnxk.exe
  2⤵
  PID:8852
- C:\Windows\System\MhRUvlN.exe
  C:\Windows\System\MhRUvlN.exe
  2⤵
  PID:8880
- C:\Windows\System\UFKZHoT.exe
  C:\Windows\System\UFKZHoT.exe
  2⤵
  PID:8908
- C:\Windows\System\DMqCyVr.exe
  C:\Windows\System\DMqCyVr.exe
  2⤵
  PID:8936
- C:\Windows\System\UPzwbsN.exe
  C:\Windows\System\UPzwbsN.exe
  2⤵
  PID:8964
- C:\Windows\System\RSsNgci.exe
  C:\Windows\System\RSsNgci.exe
  2⤵
  PID:8992
- C:\Windows\System\BBXsbBu.exe
  C:\Windows\System\BBXsbBu.exe
  2⤵
  PID:9024
- C:\Windows\System\pxCnFNH.exe
  C:\Windows\System\pxCnFNH.exe
  2⤵
  PID:9052
- C:\Windows\System\yhrtaCn.exe
  C:\Windows\System\yhrtaCn.exe
  2⤵
  PID:9080
- C:\Windows\System\vhyVyBG.exe
  C:\Windows\System\vhyVyBG.exe
  2⤵
  PID:9108
- C:\Windows\System\myOyQqa.exe
  C:\Windows\System\myOyQqa.exe
  2⤵
  PID:9136
- C:\Windows\System\MQbAUul.exe
  C:\Windows\System\MQbAUul.exe
  2⤵
  PID:9168
- C:\Windows\System\STVizcD.exe
  C:\Windows\System\STVizcD.exe
  2⤵
  PID:9192
- C:\Windows\System\HzhwOlD.exe
  C:\Windows\System\HzhwOlD.exe
  2⤵
  PID:8212
- C:\Windows\System\GBemxUG.exe
  C:\Windows\System\GBemxUG.exe
  2⤵
  PID:8252
- C:\Windows\System\hLcEeDA.exe
  C:\Windows\System\hLcEeDA.exe
  2⤵
  PID:2020
- C:\Windows\System\fVUUxmI.exe
  C:\Windows\System\fVUUxmI.exe
  2⤵
  PID:8364
- C:\Windows\System\WTLbwqO.exe
  C:\Windows\System\WTLbwqO.exe
  2⤵
  PID:8428
- C:\Windows\System\AHirqHG.exe
  C:\Windows\System\AHirqHG.exe
  2⤵
  PID:8500
- C:\Windows\System\ofxyeDc.exe
  C:\Windows\System\ofxyeDc.exe
  2⤵
  PID:8564
- C:\Windows\System\xibRJDR.exe
  C:\Windows\System\xibRJDR.exe
  2⤵
  PID:4416
- C:\Windows\System\XYuIICM.exe
  C:\Windows\System\XYuIICM.exe
  2⤵
  PID:8652
- C:\Windows\System\SNCwrnB.exe
  C:\Windows\System\SNCwrnB.exe
  2⤵
  PID:8724
- C:\Windows\System\cbiIBdG.exe
  C:\Windows\System\cbiIBdG.exe
  2⤵
  PID:8760
- C:\Windows\System\fcTtmxz.exe
  C:\Windows\System\fcTtmxz.exe
  2⤵
  PID:8836
- C:\Windows\System\Iynoyxe.exe
  C:\Windows\System\Iynoyxe.exe
  2⤵
  PID:8876
- C:\Windows\System\QkJfVRY.exe
  C:\Windows\System\QkJfVRY.exe
  2⤵
  PID:8948
- C:\Windows\System\PkdPUXT.exe
  C:\Windows\System\PkdPUXT.exe
  2⤵
  PID:9012
- C:\Windows\System\BaZEkPj.exe
  C:\Windows\System\BaZEkPj.exe
  2⤵
  PID:9076
- C:\Windows\System\UABXRtg.exe
  C:\Windows\System\UABXRtg.exe
  2⤵
  PID:9148
- C:\Windows\System\tJqCWwb.exe
  C:\Windows\System\tJqCWwb.exe
  2⤵
  PID:4716
- C:\Windows\System\RkxRrtW.exe
  C:\Windows\System\RkxRrtW.exe
  2⤵
  PID:8336
- C:\Windows\System\GBVfCzw.exe
  C:\Windows\System\GBVfCzw.exe
  2⤵
  PID:8480
- C:\Windows\System\tAxxumI.exe
  C:\Windows\System\tAxxumI.exe
  2⤵
  PID:1480
- C:\Windows\System\pdZxgwr.exe
  C:\Windows\System\pdZxgwr.exe
  2⤵
  PID:8732
- C:\Windows\System\xYjdbse.exe
  C:\Windows\System\xYjdbse.exe
  2⤵
  PID:8848
- C:\Windows\System\HVtFnen.exe
  C:\Windows\System\HVtFnen.exe
  2⤵
  PID:9004
- C:\Windows\System\qgBcsLi.exe
  C:\Windows\System\qgBcsLi.exe
  2⤵
  PID:9132
- C:\Windows\System\pxnZNUo.exe
  C:\Windows\System\pxnZNUo.exe
  2⤵
  PID:8384
- C:\Windows\System\ZZeiGYF.exe
  C:\Windows\System\ZZeiGYF.exe
  2⤵
  PID:8640
- C:\Windows\System\NFymDWl.exe
  C:\Windows\System\NFymDWl.exe
  2⤵
  PID:8928
- C:\Windows\System\TtXFDKr.exe
  C:\Windows\System\TtXFDKr.exe
  2⤵
  PID:8416
- C:\Windows\System\BPHefms.exe
  C:\Windows\System\BPHefms.exe
  2⤵
  PID:4932
- C:\Windows\System\LDJXJaV.exe
  C:\Windows\System\LDJXJaV.exe
  2⤵
  PID:8540
- C:\Windows\System\LsqRDRx.exe
  C:\Windows\System\LsqRDRx.exe
  2⤵
  PID:9236
- C:\Windows\System\oerCFbi.exe
  C:\Windows\System\oerCFbi.exe
  2⤵
  PID:9264
- C:\Windows\System\IFtaGQj.exe
  C:\Windows\System\IFtaGQj.exe
  2⤵
  PID:9292
- C:\Windows\System\cxqoKEu.exe
  C:\Windows\System\cxqoKEu.exe
  2⤵
  PID:9320
- C:\Windows\System\DXoRzrM.exe
  C:\Windows\System\DXoRzrM.exe
  2⤵
  PID:9348
- C:\Windows\System\loXReMA.exe
  C:\Windows\System\loXReMA.exe
  2⤵
  PID:9384
- C:\Windows\System\QegnfdX.exe
  C:\Windows\System\QegnfdX.exe
  2⤵
  PID:9412
- C:\Windows\System\nOYkZpY.exe
  C:\Windows\System\nOYkZpY.exe
  2⤵
  PID:9448
- C:\Windows\System\wpfatNC.exe
  C:\Windows\System\wpfatNC.exe
  2⤵
  PID:9480
- C:\Windows\System\CDkkKsz.exe
  C:\Windows\System\CDkkKsz.exe
  2⤵
  PID:9512
- C:\Windows\System\AIdHHQJ.exe
  C:\Windows\System\AIdHHQJ.exe
  2⤵
  PID:9540
- C:\Windows\System\lFISlxo.exe
  C:\Windows\System\lFISlxo.exe
  2⤵
  PID:9568
- C:\Windows\System\kafapWk.exe
  C:\Windows\System\kafapWk.exe
  2⤵
  PID:9588
- C:\Windows\System\uxIuNvU.exe
  C:\Windows\System\uxIuNvU.exe
  2⤵
  PID:9624
- C:\Windows\System\qMjZfsO.exe
  C:\Windows\System\qMjZfsO.exe
  2⤵
  PID:9644
- C:\Windows\System\CYgKQnO.exe
  C:\Windows\System\CYgKQnO.exe
  2⤵
  PID:9680
- C:\Windows\System\juwbyMO.exe
  C:\Windows\System\juwbyMO.exe
  2⤵
  PID:9708
- C:\Windows\System\bNCevdg.exe
  C:\Windows\System\bNCevdg.exe
  2⤵
  PID:9736
- C:\Windows\System\xCpnVtS.exe
  C:\Windows\System\xCpnVtS.exe
  2⤵
  PID:9764
- C:\Windows\System\GCuXKZz.exe
  C:\Windows\System\GCuXKZz.exe
  2⤵
  PID:9796
- C:\Windows\System\YniYRvD.exe
  C:\Windows\System\YniYRvD.exe
  2⤵
  PID:9820
- C:\Windows\System\sxgGZEf.exe
  C:\Windows\System\sxgGZEf.exe
  2⤵
  PID:9840
- C:\Windows\System\iAjadyR.exe
  C:\Windows\System\iAjadyR.exe
  2⤵
  PID:9872
- C:\Windows\System\jBKDEug.exe
  C:\Windows\System\jBKDEug.exe
  2⤵
  PID:9900
- C:\Windows\System\sQRprme.exe
  C:\Windows\System\sQRprme.exe
  2⤵
  PID:9924
- C:\Windows\System\atTYLvI.exe
  C:\Windows\System\atTYLvI.exe
  2⤵
  PID:9956
- C:\Windows\System\arPbwUv.exe
  C:\Windows\System\arPbwUv.exe
  2⤵
  PID:9984
- C:\Windows\System\lZfIELv.exe
  C:\Windows\System\lZfIELv.exe
  2⤵
  PID:10012
- C:\Windows\System\gsDQnIJ.exe
  C:\Windows\System\gsDQnIJ.exe
  2⤵
  PID:10040
- C:\Windows\System\KBjVIVB.exe
  C:\Windows\System\KBjVIVB.exe
  2⤵
  PID:10064
- C:\Windows\System\hgDFYhG.exe
  C:\Windows\System\hgDFYhG.exe
  2⤵
  PID:10096
- C:\Windows\System\jVGzDnk.exe
  C:\Windows\System\jVGzDnk.exe
  2⤵
  PID:10124
- C:\Windows\System\FAbfWch.exe
  C:\Windows\System\FAbfWch.exe
  2⤵
  PID:10160
- C:\Windows\System\dhyYaxm.exe
  C:\Windows\System\dhyYaxm.exe
  2⤵
  PID:10180
- C:\Windows\System\adBglvt.exe
  C:\Windows\System\adBglvt.exe
  2⤵
  PID:10208
- C:\Windows\System\NkigtdZ.exe
  C:\Windows\System\NkigtdZ.exe
  2⤵
  PID:9228
- C:\Windows\System\FvNqKaS.exe
  C:\Windows\System\FvNqKaS.exe
  2⤵
  PID:3180
- C:\Windows\System\tAwZuVD.exe
  C:\Windows\System\tAwZuVD.exe
  2⤵
  PID:9332
- C:\Windows\System\SbiDZco.exe
  C:\Windows\System\SbiDZco.exe
  2⤵
  PID:9404
- C:\Windows\System\ECkMhim.exe
  C:\Windows\System\ECkMhim.exe
  2⤵
  PID:9468
- C:\Windows\System\aresLbz.exe
  C:\Windows\System\aresLbz.exe
  2⤵
  PID:9548
- C:\Windows\System\xdRXFYb.exe
  C:\Windows\System\xdRXFYb.exe
  2⤵
  PID:9632
- C:\Windows\System\NjPxaAk.exe
  C:\Windows\System\NjPxaAk.exe
  2⤵
  PID:9668
- C:\Windows\System\CmcZLDt.exe
  C:\Windows\System\CmcZLDt.exe
  2⤵
  PID:9720
- C:\Windows\System\TpTtifW.exe
  C:\Windows\System\TpTtifW.exe
  2⤵
  PID:9776
- C:\Windows\System\gSpKdPi.exe
  C:\Windows\System\gSpKdPi.exe
  2⤵
  PID:9852
- C:\Windows\System\hTSSLUV.exe
  C:\Windows\System\hTSSLUV.exe
  2⤵
  PID:9888
- C:\Windows\System\cwZQgmv.exe
  C:\Windows\System\cwZQgmv.exe
  2⤵
  PID:9944
- C:\Windows\System\MxhGvJB.exe
  C:\Windows\System\MxhGvJB.exe
  2⤵
  PID:10004
- C:\Windows\System\yupyhsz.exe
  C:\Windows\System\yupyhsz.exe
  2⤵
  PID:10084
- C:\Windows\System\UFTjlTQ.exe
  C:\Windows\System\UFTjlTQ.exe
  2⤵
  PID:10120
- C:\Windows\System\LsxUiEg.exe
  C:\Windows\System\LsxUiEg.exe
  2⤵
  PID:10228
- C:\Windows\System\tQuoNbK.exe
  C:\Windows\System\tQuoNbK.exe
  2⤵
  PID:9316
- C:\Windows\System\LTBPMPd.exe
  C:\Windows\System\LTBPMPd.exe
  2⤵
  PID:9496
- C:\Windows\System\djjRClK.exe
  C:\Windows\System\djjRClK.exe
  2⤵
  PID:9664
- C:\Windows\System\nUcqhiJ.exe
  C:\Windows\System\nUcqhiJ.exe
  2⤵
  PID:9804
- C:\Windows\System\fkPEVGM.exe
  C:\Windows\System\fkPEVGM.exe
  2⤵
  PID:9880
- C:\Windows\System\Lsytcrf.exe
  C:\Windows\System\Lsytcrf.exe
  2⤵
  PID:10056
- C:\Windows\System\XMHijOq.exe
  C:\Windows\System\XMHijOq.exe
  2⤵
  PID:1532
- C:\Windows\System\efbWcWz.exe
  C:\Windows\System\efbWcWz.exe
  2⤵
  PID:5308
- C:\Windows\System\teFoLzo.exe
  C:\Windows\System\teFoLzo.exe
  2⤵
  PID:9640
- C:\Windows\System\DnocDgS.exe
  C:\Windows\System\DnocDgS.exe
  2⤵
  PID:4780
- C:\Windows\System\VhiXprn.exe
  C:\Windows\System\VhiXprn.exe
  2⤵
  PID:10032
- C:\Windows\System\shfXlSg.exe
  C:\Windows\System\shfXlSg.exe
  2⤵
  PID:5300
- C:\Windows\System\kQsfqCS.exe
  C:\Windows\System\kQsfqCS.exe
  2⤵
  PID:9836
- C:\Windows\System\UyVeQyu.exe
  C:\Windows\System\UyVeQyu.exe
  2⤵
  PID:9260
- C:\Windows\System\vkKMWBA.exe
  C:\Windows\System\vkKMWBA.exe
  2⤵
  PID:10244
- C:\Windows\System\PuXlLvJ.exe
  C:\Windows\System\PuXlLvJ.exe
  2⤵
  PID:10272
- C:\Windows\System\RWfvxVZ.exe
  C:\Windows\System\RWfvxVZ.exe
  2⤵
  PID:10292
- C:\Windows\System\OXtezUv.exe
  C:\Windows\System\OXtezUv.exe
  2⤵
  PID:10328
- C:\Windows\System\YkNiEFt.exe
  C:\Windows\System\YkNiEFt.exe
  2⤵
  PID:10352
- C:\Windows\System\WxZqEFA.exe
  C:\Windows\System\WxZqEFA.exe
  2⤵
  PID:10376
- C:\Windows\System\SEiYJHJ.exe
  C:\Windows\System\SEiYJHJ.exe
  2⤵
  PID:10404
- C:\Windows\System\oUxIPol.exe
  C:\Windows\System\oUxIPol.exe
  2⤵
  PID:10432
- C:\Windows\System\LHaTroI.exe
  C:\Windows\System\LHaTroI.exe
  2⤵
  PID:10468
- C:\Windows\System\VaaaFjc.exe
  C:\Windows\System\VaaaFjc.exe
  2⤵
  PID:10500
- C:\Windows\System\mVvonEV.exe
  C:\Windows\System\mVvonEV.exe
  2⤵
  PID:10528
- C:\Windows\System\LOJCaUE.exe
  C:\Windows\System\LOJCaUE.exe
  2⤵
  PID:10552
- C:\Windows\System\yEuRZlN.exe
  C:\Windows\System\yEuRZlN.exe
  2⤵
  PID:10596
- C:\Windows\System\QeXZGdy.exe
  C:\Windows\System\QeXZGdy.exe
  2⤵
  PID:10636
- C:\Windows\System\dVSCJiv.exe
  C:\Windows\System\dVSCJiv.exe
  2⤵
  PID:10668
- C:\Windows\System\XGvovDQ.exe
  C:\Windows\System\XGvovDQ.exe
  2⤵
  PID:10708
- C:\Windows\System\OiooYZB.exe
  C:\Windows\System\OiooYZB.exe
  2⤵
  PID:10760
- C:\Windows\System\grAmqip.exe
  C:\Windows\System\grAmqip.exe
  2⤵
  PID:10804
- C:\Windows\System\baJnVxF.exe
  C:\Windows\System\baJnVxF.exe
  2⤵
  PID:10832
- C:\Windows\System\yTZJjZS.exe
  C:\Windows\System\yTZJjZS.exe
  2⤵
  PID:10860
- C:\Windows\System\TxdyBqO.exe
  C:\Windows\System\TxdyBqO.exe
  2⤵
  PID:10876
- C:\Windows\System\gJMcGBm.exe
  C:\Windows\System\gJMcGBm.exe
  2⤵
  PID:10904
- C:\Windows\System\VVymexE.exe
  C:\Windows\System\VVymexE.exe
  2⤵
  PID:10936
- C:\Windows\System\bGWmDcp.exe
  C:\Windows\System\bGWmDcp.exe
  2⤵
  PID:10972
- C:\Windows\System\MkGXEoN.exe
  C:\Windows\System\MkGXEoN.exe
  2⤵
  PID:11008
- C:\Windows\System\MzQzVgn.exe
  C:\Windows\System\MzQzVgn.exe
  2⤵
  PID:11052
- C:\Windows\System\GzGNqZi.exe
  C:\Windows\System\GzGNqZi.exe
  2⤵
  PID:11088
- C:\Windows\System\qVnpJaw.exe
  C:\Windows\System\qVnpJaw.exe
  2⤵
  PID:11112
- C:\Windows\System\oHgzOsk.exe
  C:\Windows\System\oHgzOsk.exe
  2⤵
  PID:11136
- C:\Windows\System\QtIFARU.exe
  C:\Windows\System\QtIFARU.exe
  2⤵
  PID:11168
- C:\Windows\System\ljWdgGM.exe
  C:\Windows\System\ljWdgGM.exe
  2⤵
  PID:11196
- C:\Windows\System\DQrLgoj.exe
  C:\Windows\System\DQrLgoj.exe
  2⤵
  PID:11240
- C:\Windows\System\gYbnlJg.exe
  C:\Windows\System\gYbnlJg.exe
  2⤵
  PID:10256
- C:\Windows\System\UHJDmir.exe
  C:\Windows\System\UHJDmir.exe
  2⤵
  PID:10316
- C:\Windows\System\vGCdKVn.exe
  C:\Windows\System\vGCdKVn.exe
  2⤵
  PID:10388
- C:\Windows\System\ZXXyblY.exe
  C:\Windows\System\ZXXyblY.exe
  2⤵
  PID:10444
- C:\Windows\System\rnPJhvI.exe
  C:\Windows\System\rnPJhvI.exe
  2⤵
  PID:10512
- C:\Windows\System\ixeXQWj.exe
  C:\Windows\System\ixeXQWj.exe
  2⤵
  PID:10608
- C:\Windows\System\VrUsYpS.exe
  C:\Windows\System\VrUsYpS.exe
  2⤵
  PID:10688
- C:\Windows\System\jPUEzGY.exe
  C:\Windows\System\jPUEzGY.exe
  2⤵
  PID:10788
- C:\Windows\System\IgrHYTH.exe
  C:\Windows\System\IgrHYTH.exe
  2⤵
  PID:10848
- C:\Windows\System\rpLoeNS.exe
  C:\Windows\System\rpLoeNS.exe
  2⤵
  PID:6704
- C:\Windows\System\OzIfjtU.exe
  C:\Windows\System\OzIfjtU.exe
  2⤵
  PID:6628
- C:\Windows\System\OBdwUyb.exe
  C:\Windows\System\OBdwUyb.exe
  2⤵
  PID:10956
- C:\Windows\System\tELXWnn.exe
  C:\Windows\System\tELXWnn.exe
  2⤵
  PID:11076
- C:\Windows\System\qQDIEaU.exe
  C:\Windows\System\qQDIEaU.exe
  2⤵
  PID:11148
- C:\Windows\System\RTtFHnU.exe
  C:\Windows\System\RTtFHnU.exe
  2⤵
  PID:11192
- C:\Windows\System\HNSjPJQ.exe
  C:\Windows\System\HNSjPJQ.exe
  2⤵
  PID:11156
- C:\Windows\System\INrxwrh.exe
  C:\Windows\System\INrxwrh.exe
  2⤵
  PID:10344
- C:\Windows\System\pmKIuTO.exe
  C:\Windows\System\pmKIuTO.exe
  2⤵
  PID:10476
- C:\Windows\System\IxYnFOX.exe
  C:\Windows\System\IxYnFOX.exe
  2⤵
  PID:10660
- C:\Windows\System\EZoOKke.exe
  C:\Windows\System\EZoOKke.exe
  2⤵
  PID:10740
- C:\Windows\System\MadoARA.exe
  C:\Windows\System\MadoARA.exe
  2⤵
  PID:8072
- C:\Windows\System\wTnTmtV.exe
  C:\Windows\System\wTnTmtV.exe
  2⤵
  PID:10948
- C:\Windows\System\VCLTeDW.exe
  C:\Windows\System\VCLTeDW.exe
  2⤵
  PID:11128
- C:\Windows\System\YSvfdGT.exe
  C:\Windows\System\YSvfdGT.exe
  2⤵
  PID:11256
- C:\Windows\System\iXBcBoI.exe
  C:\Windows\System\iXBcBoI.exe
  2⤵
  PID:10592
- C:\Windows\System\fHZPAaX.exe
  C:\Windows\System\fHZPAaX.exe
  2⤵
  PID:7228
- C:\Windows\System\VYFkkwK.exe
  C:\Windows\System\VYFkkwK.exe
  2⤵
  PID:11100
- C:\Windows\System\HHfyRHx.exe
  C:\Windows\System\HHfyRHx.exe
  2⤵
  PID:2016
- C:\Windows\System\ABdpDQM.exe
  C:\Windows\System\ABdpDQM.exe
  2⤵
  PID:10428
- C:\Windows\System\GPIItmM.exe
  C:\Windows\System\GPIItmM.exe
  2⤵
  PID:11280
- C:\Windows\System\XrZwsQD.exe
  C:\Windows\System\XrZwsQD.exe
  2⤵
  PID:11320
- C:\Windows\System\jDKrBNh.exe
  C:\Windows\System\jDKrBNh.exe
  2⤵
  PID:11368
- C:\Windows\System\HfdPWOO.exe
  C:\Windows\System\HfdPWOO.exe
  2⤵
  PID:11396
- C:\Windows\System\axwVwmH.exe
  C:\Windows\System\axwVwmH.exe
  2⤵
  PID:11424
- C:\Windows\System\vhDcZaN.exe
  C:\Windows\System\vhDcZaN.exe
  2⤵
  PID:11468
- C:\Windows\System\JGmModm.exe
  C:\Windows\System\JGmModm.exe
  2⤵
  PID:11496
- C:\Windows\System\vnivjwn.exe
  C:\Windows\System\vnivjwn.exe
  2⤵
  PID:11528
- C:\Windows\System\SMYhupk.exe
  C:\Windows\System\SMYhupk.exe
  2⤵
  PID:11564
- C:\Windows\System\FmPVIPw.exe
  C:\Windows\System\FmPVIPw.exe
  2⤵
  PID:11596
- C:\Windows\System\qDHGiTS.exe
  C:\Windows\System\qDHGiTS.exe
  2⤵
  PID:11632
- C:\Windows\System\UyxaPJQ.exe
  C:\Windows\System\UyxaPJQ.exe
  2⤵
  PID:11648
- C:\Windows\System\AUtAnwu.exe
  C:\Windows\System\AUtAnwu.exe
  2⤵
  PID:11708
- C:\Windows\System\fedlvZF.exe
  C:\Windows\System\fedlvZF.exe
  2⤵
  PID:11768
- C:\Windows\System\VbhDXxR.exe
  C:\Windows\System\VbhDXxR.exe
  2⤵
  PID:11792
- C:\Windows\System\eFNbJxb.exe
  C:\Windows\System\eFNbJxb.exe
  2⤵
  PID:11832
- C:\Windows\System\bbUXILb.exe
  C:\Windows\System\bbUXILb.exe
  2⤵
  PID:11872
- C:\Windows\System\sjugQNw.exe
  C:\Windows\System\sjugQNw.exe
  2⤵
  PID:11916
- C:\Windows\System\qjUsDYe.exe
  C:\Windows\System\qjUsDYe.exe
  2⤵
  PID:11964
- C:\Windows\System\phRVvel.exe
  C:\Windows\System\phRVvel.exe
  2⤵
  PID:12012
- C:\Windows\System\qtccLjG.exe
  C:\Windows\System\qtccLjG.exe
  2⤵
  PID:12060
- C:\Windows\System\FDlzCZW.exe
  C:\Windows\System\FDlzCZW.exe
  2⤵
  PID:12096
- C:\Windows\System\htabZbe.exe
  C:\Windows\System\htabZbe.exe
  2⤵
  PID:12128
- C:\Windows\System\EOrnfal.exe
  C:\Windows\System\EOrnfal.exe
  2⤵
  PID:12144
- C:\Windows\System\zEdindU.exe
  C:\Windows\System\zEdindU.exe
  2⤵
  PID:12176
- C:\Windows\System\QQGDdNP.exe
  C:\Windows\System\QQGDdNP.exe
  2⤵
  PID:12220
- C:\Windows\System\PoqFyBY.exe
  C:\Windows\System\PoqFyBY.exe
  2⤵
  PID:12260
- C:\Windows\System\AFEGYmw.exe
  C:\Windows\System\AFEGYmw.exe
  2⤵
  PID:12280
- C:\Windows\System\TxGAcYp.exe
  C:\Windows\System\TxGAcYp.exe
  2⤵
  PID:1984
- C:\Windows\System\TAbhCIx.exe
  C:\Windows\System\TAbhCIx.exe
  2⤵
  PID:11388
- C:\Windows\System\QHhptYk.exe
  C:\Windows\System\QHhptYk.exe
  2⤵
  PID:2548
- C:\Windows\System\fLNaBqw.exe
  C:\Windows\System\fLNaBqw.exe
  2⤵
  PID:11348
- C:\Windows\System\Dcscekc.exe
  C:\Windows\System\Dcscekc.exe
  2⤵
  PID:11516
- C:\Windows\System\ruBKasP.exe
  C:\Windows\System\ruBKasP.exe
  2⤵
  PID:3428
- C:\Windows\System\MvGQnOv.exe
  C:\Windows\System\MvGQnOv.exe
  2⤵
  PID:11584
- C:\Windows\System\AucxFjc.exe
  C:\Windows\System\AucxFjc.exe
  2⤵
  PID:11640
- C:\Windows\System\vSAEBmJ.exe
  C:\Windows\System\vSAEBmJ.exe
  2⤵
  PID:11688
- C:\Windows\System\taRLGYa.exe
  C:\Windows\System\taRLGYa.exe
  2⤵
  PID:3520
- C:\Windows\System\epRcHuO.exe
  C:\Windows\System\epRcHuO.exe
  2⤵
  PID:900
- C:\Windows\System\INBhvqj.exe
  C:\Windows\System\INBhvqj.exe
  2⤵
  PID:11556
- C:\Windows\System\Nimhqzm.exe
  C:\Windows\System\Nimhqzm.exe
  2⤵
  PID:11692
- C:\Windows\System\aDRjcfi.exe
  C:\Windows\System\aDRjcfi.exe
  2⤵
  PID:3504
- C:\Windows\System\weoDqyA.exe
  C:\Windows\System\weoDqyA.exe
  2⤵
  PID:2272
- C:\Windows\System\KsVsVLb.exe
  C:\Windows\System\KsVsVLb.exe
  2⤵
  PID:4448
- C:\Windows\System\wqWWfJV.exe
  C:\Windows\System\wqWWfJV.exe
  2⤵
  PID:3624
- C:\Windows\System\NyRXBZJ.exe
  C:\Windows\System\NyRXBZJ.exe
  2⤵
  PID:3024
- C:\Windows\System\pzsaiyA.exe
  C:\Windows\System\pzsaiyA.exe
  2⤵
  PID:1396
- C:\Windows\System\ItNLfkp.exe
  C:\Windows\System\ItNLfkp.exe
  2⤵
  PID:2840
- C:\Windows\System\CHsxDsx.exe
  C:\Windows\System\CHsxDsx.exe
  2⤵
  PID:11860
- C:\Windows\System\flbnGLz.exe
  C:\Windows\System\flbnGLz.exe
  2⤵
  PID:11932
- C:\Windows\System\cNwPPSD.exe
  C:\Windows\System\cNwPPSD.exe
  2⤵
  PID:11984
- C:\Windows\System\aoFKytb.exe
  C:\Windows\System\aoFKytb.exe
  2⤵
  PID:5032
- C:\Windows\System\zlMGEFy.exe
  C:\Windows\System\zlMGEFy.exe
  2⤵
  PID:12048
- C:\Windows\System\aeCpTsn.exe
  C:\Windows\System\aeCpTsn.exe
  2⤵
  PID:3560
- C:\Windows\System\KTqZouQ.exe
  C:\Windows\System\KTqZouQ.exe
  2⤵
  PID:12216
- C:\Windows\System\fefAxhs.exe
  C:\Windows\System\fefAxhs.exe
  2⤵
  PID:12268
- C:\Windows\System\xCVJrtm.exe
  C:\Windows\System\xCVJrtm.exe
  2⤵
  PID:11316
- C:\Windows\System\ZTOyWeZ.exe
  C:\Windows\System\ZTOyWeZ.exe
  2⤵
  PID:1316
- C:\Windows\System\RAiooUy.exe
  C:\Windows\System\RAiooUy.exe
  2⤵
  PID:8
- C:\Windows\System\HtulPEn.exe
  C:\Windows\System\HtulPEn.exe
  2⤵
  PID:2664
- C:\Windows\System\EIIQVhj.exe
  C:\Windows\System\EIIQVhj.exe
  2⤵
  PID:11552
- C:\Windows\System\sDKLTHX.exe
  C:\Windows\System\sDKLTHX.exe
  2⤵
  PID:11624
- C:\Windows\System\yXdQgjl.exe
  C:\Windows\System\yXdQgjl.exe
  2⤵
  PID:2988
- C:\Windows\System\CSBicHY.exe
  C:\Windows\System\CSBicHY.exe
  2⤵
  PID:11756
- C:\Windows\System\pAoFIsQ.exe
  C:\Windows\System\pAoFIsQ.exe
  2⤵
  PID:4284
- C:\Windows\System\UVlyGLw.exe
  C:\Windows\System\UVlyGLw.exe
  2⤵
  PID:4008
- C:\Windows\System\SFBzjyW.exe
  C:\Windows\System\SFBzjyW.exe
  2⤵
  PID:3420
- C:\Windows\System\yArhlxE.exe
  C:\Windows\System\yArhlxE.exe
  2⤵
  PID:3008
- C:\Windows\System\htKTzno.exe
  C:\Windows\System\htKTzno.exe
  2⤵
  PID:1172
- C:\Windows\System\girvKqw.exe
  C:\Windows\System\girvKqw.exe
  2⤵
  PID:11820
- C:\Windows\System\VwRNlne.exe
  C:\Windows\System\VwRNlne.exe
  2⤵
  PID:11616
- C:\Windows\System\WYDPgGX.exe
  C:\Windows\System\WYDPgGX.exe
  2⤵
  PID:5144
- C:\Windows\System\lBZzIrF.exe
  C:\Windows\System\lBZzIrF.exe
  2⤵
  PID:12168
- C:\Windows\System\enOOyss.exe
  C:\Windows\System\enOOyss.exe
  2⤵
  PID:11484
- C:\Windows\System\fSZqbNt.exe
  C:\Windows\System\fSZqbNt.exe
  2⤵
  PID:380
- C:\Windows\System\KjGinrs.exe
  C:\Windows\System\KjGinrs.exe
  2⤵
  PID:5272
- C:\Windows\System\TTxRnEj.exe
  C:\Windows\System\TTxRnEj.exe
  2⤵
  PID:5280
- C:\Windows\System\QzuQpBD.exe
  C:\Windows\System\QzuQpBD.exe
  2⤵
  PID:216
- C:\Windows\System\ZTfjXkv.exe
  C:\Windows\System\ZTfjXkv.exe
  2⤵
  PID:2476
- C:\Windows\System\FvqPPIE.exe
  C:\Windows\System\FvqPPIE.exe
  2⤵
  PID:1108
- C:\Windows\System\wYVeRDl.exe
  C:\Windows\System\wYVeRDl.exe
  2⤵
  PID:628
- C:\Windows\System\hkWbzZO.exe
  C:\Windows\System\hkWbzZO.exe
  2⤵
  PID:1520
- C:\Windows\System\ZWKTepn.exe
  C:\Windows\System\ZWKTepn.exe
  2⤵
  PID:12232
- C:\Windows\System\ScZrxMV.exe
  C:\Windows\System\ScZrxMV.exe
  2⤵
  PID:5268
- C:\Windows\System\nQsAiOq.exe
  C:\Windows\System\nQsAiOq.exe
  2⤵
  PID:5484
- C:\Windows\System\TJKVVVR.exe
  C:\Windows\System\TJKVVVR.exe
  2⤵
  PID:4084
- C:\Windows\System\KKRGjOG.exe
  C:\Windows\System\KKRGjOG.exe
  2⤵
  PID:10116
- C:\Windows\System\ZJOrGNr.exe
  C:\Windows\System\ZJOrGNr.exe
  2⤵
  PID:11748
- C:\Windows\System\bykvMCf.exe
  C:\Windows\System\bykvMCf.exe
  2⤵
  PID:11592
- C:\Windows\System\ZfogzKi.exe
  C:\Windows\System\ZfogzKi.exe
  2⤵
  PID:4452
- C:\Windows\System\wPyrxZG.exe
  C:\Windows\System\wPyrxZG.exe
  2⤵
  PID:5676
- C:\Windows\System\mYoeXQb.exe
  C:\Windows\System\mYoeXQb.exe
  2⤵
  PID:1688
- C:\Windows\System\ShxvAzJ.exe
  C:\Windows\System\ShxvAzJ.exe
  2⤵
  PID:5752
- C:\Windows\System\QWUqgHL.exe
  C:\Windows\System\QWUqgHL.exe
  2⤵
  PID:10580
- C:\Windows\System\fByepHh.exe
  C:\Windows\System\fByepHh.exe
  2⤵
  PID:5596
- C:\Windows\System\JpcwCzQ.exe
  C:\Windows\System\JpcwCzQ.exe
  2⤵
  PID:5660
- C:\Windows\System\kGbLDVU.exe
  C:\Windows\System\kGbLDVU.exe
  2⤵
  PID:2388
- C:\Windows\System\nIOYQUD.exe
  C:\Windows\System\nIOYQUD.exe
  2⤵
  PID:2512
- C:\Windows\System\tkRWkvq.exe
  C:\Windows\System\tkRWkvq.exe
  2⤵
  PID:5620
- C:\Windows\System\FXPHMeF.exe
  C:\Windows\System\FXPHMeF.exe
  2⤵
  PID:6044
- C:\Windows\System\JWwTtJF.exe
  C:\Windows\System\JWwTtJF.exe
  2⤵
  PID:6104
- C:\Windows\System\WcXnRdE.exe
  C:\Windows\System\WcXnRdE.exe
  2⤵
  PID:5968
- C:\Windows\System\mbGFEVk.exe
  C:\Windows\System\mbGFEVk.exe
  2⤵
  PID:3716
- C:\Windows\System\QArgbbU.exe
  C:\Windows\System\QArgbbU.exe
  2⤵
  PID:12312
- C:\Windows\System\qndIUVx.exe
  C:\Windows\System\qndIUVx.exe
  2⤵
  PID:12340
- C:\Windows\System\sZcelam.exe
  C:\Windows\System\sZcelam.exe
  2⤵
  PID:12368
- C:\Windows\System\SXFUEev.exe
  C:\Windows\System\SXFUEev.exe
  2⤵
  PID:12396
- C:\Windows\System\pfOWPfP.exe
  C:\Windows\System\pfOWPfP.exe
  2⤵
  PID:12424
- C:\Windows\System\tEGqidf.exe
  C:\Windows\System\tEGqidf.exe
  2⤵
  PID:12452
- C:\Windows\System\sGvRlZZ.exe
  C:\Windows\System\sGvRlZZ.exe
  2⤵
  PID:12484
- C:\Windows\System\phedIPW.exe
  C:\Windows\System\phedIPW.exe
  2⤵
  PID:12512
- C:\Windows\System\QofoyRF.exe
  C:\Windows\System\QofoyRF.exe
  2⤵
  PID:12540
- C:\Windows\System\olXeeer.exe
  C:\Windows\System\olXeeer.exe
  2⤵
  PID:12568
- C:\Windows\System\bJfqIAn.exe
  C:\Windows\System\bJfqIAn.exe
  2⤵
  PID:12596
- C:\Windows\System\peSsgBp.exe
  C:\Windows\System\peSsgBp.exe
  2⤵
  PID:12624
- C:\Windows\System\dxWUIky.exe
  C:\Windows\System\dxWUIky.exe
  2⤵
  PID:12652
- C:\Windows\System\gsqfsOh.exe
  C:\Windows\System\gsqfsOh.exe
  2⤵
  PID:12680
- C:\Windows\System\EJVVPZS.exe
  C:\Windows\System\EJVVPZS.exe
  2⤵
  PID:12708
- C:\Windows\System\ubmHpan.exe
  C:\Windows\System\ubmHpan.exe
  2⤵
  PID:12736
- C:\Windows\System\lrarjLE.exe
  C:\Windows\System\lrarjLE.exe
  2⤵
  PID:12764
- C:\Windows\System\tAaSAuj.exe
  C:\Windows\System\tAaSAuj.exe
  2⤵
  PID:12792
- C:\Windows\System\fLINjqI.exe
  C:\Windows\System\fLINjqI.exe
  2⤵
  PID:12828
- C:\Windows\System\QAATpWn.exe
  C:\Windows\System\QAATpWn.exe
  2⤵
  PID:12848
- C:\Windows\System\GGivARP.exe
  C:\Windows\System\GGivARP.exe
  2⤵
  PID:12876
- C:\Windows\System\JmbSEkE.exe
  C:\Windows\System\JmbSEkE.exe
  2⤵
  PID:12904
- C:\Windows\System\rDfwARG.exe
  C:\Windows\System\rDfwARG.exe
  2⤵
  PID:12932
- C:\Windows\System\CeFHGJC.exe
  C:\Windows\System\CeFHGJC.exe
  2⤵
  PID:12960
- C:\Windows\System\YMFJKGz.exe
  C:\Windows\System\YMFJKGz.exe
  2⤵
  PID:12988
- C:\Windows\System\inyabPt.exe
  C:\Windows\System\inyabPt.exe
  2⤵
  PID:13016
- C:\Windows\System\uaHvsbu.exe
  C:\Windows\System\uaHvsbu.exe
  2⤵
  PID:13044
- C:\Windows\System\FFAVurS.exe
  C:\Windows\System\FFAVurS.exe
  2⤵
  PID:13072
- C:\Windows\System\aRIsgdL.exe
  C:\Windows\System\aRIsgdL.exe
  2⤵
  PID:13112
- C:\Windows\System\DCcwcog.exe
  C:\Windows\System\DCcwcog.exe
  2⤵
  PID:13128
- C:\Windows\System\dUAQpFl.exe
  C:\Windows\System\dUAQpFl.exe
  2⤵
  PID:13160
- C:\Windows\System\jOnvtVr.exe
  C:\Windows\System\jOnvtVr.exe
  2⤵
  PID:13188
- C:\Windows\System\ENygPcW.exe
  C:\Windows\System\ENygPcW.exe
  2⤵
  PID:13216
- C:\Windows\System\AhqqpFG.exe
  C:\Windows\System\AhqqpFG.exe
  2⤵
  PID:13244
- C:\Windows\System\BzZHQek.exe
  C:\Windows\System\BzZHQek.exe
  2⤵
  PID:13272
- C:\Windows\System\ETQBxGT.exe
  C:\Windows\System\ETQBxGT.exe
  2⤵
  PID:13300
- C:\Windows\System\mMPSqCZ.exe
  C:\Windows\System\mMPSqCZ.exe
  2⤵
  PID:3444
- C:\Windows\System\xglEgEe.exe
  C:\Windows\System\xglEgEe.exe
  2⤵
  PID:1616
- C:\Windows\System\xOBRkYr.exe
  C:\Windows\System\xOBRkYr.exe
  2⤵
  PID:12388
- C:\Windows\System\GBYDjUp.exe
  C:\Windows\System\GBYDjUp.exe
  2⤵
  PID:12448
- C:\Windows\System\QvaVXvf.exe
  C:\Windows\System\QvaVXvf.exe
  2⤵
  PID:12504
- C:\Windows\System\nPghCBD.exe
  C:\Windows\System\nPghCBD.exe
  2⤵
  PID:12552
- C:\Windows\System\IwwJZrE.exe
  C:\Windows\System\IwwJZrE.exe
  2⤵
  PID:12592
- C:\Windows\System\gREbmgC.exe
  C:\Windows\System\gREbmgC.exe
  2⤵
  PID:5296
- C:\Windows\System\wVbMrje.exe
  C:\Windows\System\wVbMrje.exe
  2⤵
  PID:12672
- C:\Windows\System\otAtyYc.exe
  C:\Windows\System\otAtyYc.exe
  2⤵
  PID:12720
- C:\Windows\System\xUTmNMr.exe
  C:\Windows\System\xUTmNMr.exe
  2⤵
  PID:12760
- C:\Windows\System\ZyqxkKj.exe
  C:\Windows\System\ZyqxkKj.exe
  2⤵
  PID:12812
- C:\Windows\System\JAhpXLn.exe
  C:\Windows\System\JAhpXLn.exe
  2⤵
  PID:12872
- C:\Windows\System\trGFUAH.exe
  C:\Windows\System\trGFUAH.exe
  2⤵
  PID:12916
- C:\Windows\System\jxBKRtN.exe
  C:\Windows\System\jxBKRtN.exe
  2⤵
  PID:4564
- C:\Windows\System\vLgTnge.exe
  C:\Windows\System\vLgTnge.exe
  2⤵
  PID:4108
- C:\Windows\System\FPXuGYr.exe
  C:\Windows\System\FPXuGYr.exe
  2⤵
  PID:13012
- C:\Windows\System\sRVceFE.exe
  C:\Windows\System\sRVceFE.exe
  2⤵
  PID:13056
- C:\Windows\System\cptKvtn.exe
  C:\Windows\System\cptKvtn.exe
  2⤵
  PID:13108
- C:\Windows\System\AVaKlLK.exe
  C:\Windows\System\AVaKlLK.exe
  2⤵
  PID:13124
- C:\Windows\System\LbaYdfW.exe
  C:\Windows\System\LbaYdfW.exe
  2⤵
  PID:5672
- C:\Windows\System\ivFCQOe.exe
  C:\Windows\System\ivFCQOe.exe
  2⤵
  PID:13236
- C:\Windows\System\YtdppEr.exe
  C:\Windows\System\YtdppEr.exe
  2⤵
  PID:13292
- C:\Windows\System\SOEXSXH.exe
  C:\Windows\System\SOEXSXH.exe
  2⤵
  PID:5876
- C:\Windows\System\ozBKuOi.exe
  C:\Windows\System\ozBKuOi.exe
  2⤵
  PID:12364
- C:\Windows\System\nsVVTIc.exe
  C:\Windows\System\nsVVTIc.exe
  2⤵
  PID:6016
- C:\Windows\System\ymrSkag.exe
  C:\Windows\System\ymrSkag.exe
  2⤵
  PID:12532
- C:\Windows\System\PcNDMcX.exe
  C:\Windows\System\PcNDMcX.exe
  2⤵
  PID:12636
- C:\Windows\System\pwxEQQY.exe
  C:\Windows\System\pwxEQQY.exe
  2⤵
  PID:4488
- C:\Windows\System\EDDihoh.exe
  C:\Windows\System\EDDihoh.exe
  2⤵
  PID:5188
- C:\Windows\System\zPVCdvr.exe
  C:\Windows\System\zPVCdvr.exe
  2⤵
  PID:5304
- C:\Windows\System\yIKwLhs.exe
  C:\Windows\System\yIKwLhs.exe
  2⤵
  PID:12900
- C:\Windows\System\iaxEUhc.exe
  C:\Windows\System\iaxEUhc.exe
  2⤵
  PID:13148
- C:\Windows\System\RXDvuMg.exe
  C:\Windows\System\RXDvuMg.exe
  2⤵
  PID:13008
- C:\Windows\System\SDCNTMz.exe
  C:\Windows\System\SDCNTMz.exe
  2⤵
  PID:5440
- C:\Windows\System\YZmzmik.exe
  C:\Windows\System\YZmzmik.exe
  2⤵
  PID:13152
- C:\Windows\System\Kkazqhz.exe
  C:\Windows\System\Kkazqhz.exe
  2⤵
  PID:13228
- C:\Windows\System\oGyfxmJ.exe
  C:\Windows\System\oGyfxmJ.exe
  2⤵
  PID:5868
- C:\Windows\System\ppvZCCE.exe
  C:\Windows\System\ppvZCCE.exe
  2⤵
  PID:12444
- C:\Windows\System\ewggDMm.exe
  C:\Windows\System\ewggDMm.exe
  2⤵
  PID:3116
- C:\Windows\System\fGClCbd.exe
  C:\Windows\System\fGClCbd.exe
  2⤵
  PID:12620
- C:\Windows\System\BRZaluC.exe
  C:\Windows\System\BRZaluC.exe
  2⤵
  PID:2800
- C:\Windows\System\OYJOIOX.exe
  C:\Windows\System\OYJOIOX.exe
  2⤵
  PID:448
- C:\Windows\System\TjpuaPu.exe
  C:\Windows\System\TjpuaPu.exe
  2⤵
  PID:624
- C:\Windows\System\rpSsShJ.exe
  C:\Windows\System\rpSsShJ.exe
  2⤵
  PID:6056
- C:\Windows\System\JQpQwFV.exe
  C:\Windows\System\JQpQwFV.exe
  2⤵
  PID:5548
- C:\Windows\System\ifABHrA.exe
  C:\Windows\System\ifABHrA.exe
  2⤵
  PID:5492
- C:\Windows\System\IEcwLub.exe
  C:\Windows\System\IEcwLub.exe
  2⤵
  PID:5140
- C:\Windows\System\SKUVhbv.exe
  C:\Windows\System\SKUVhbv.exe
  2⤵
  PID:6212
- C:\Windows\System\dmzShuV.exe
  C:\Windows\System\dmzShuV.exe
  2⤵
  PID:3448
- C:\Windows\System\JNVmGfD.exe
  C:\Windows\System\JNVmGfD.exe
  2⤵
  PID:6100
- C:\Windows\System\YhgtHMw.exe
  C:\Windows\System\YhgtHMw.exe
  2⤵
  PID:12336
- C:\Windows\System\GnnaBDk.exe
  C:\Windows\System\GnnaBDk.exe
  2⤵
  PID:6340
- C:\Windows\System\JKTbtXj.exe
  C:\Windows\System\JKTbtXj.exe
  2⤵
  PID:6360
- C:\Windows\System\CnYJhoh.exe
  C:\Windows\System\CnYJhoh.exe
  2⤵
  PID:13284
- C:\Windows\System\jpUxEWA.exe
  C:\Windows\System\jpUxEWA.exe
  2⤵
  PID:6180
- C:\Windows\System\XhHCTye.exe
  C:\Windows\System\XhHCTye.exe
  2⤵
  PID:6484
- C:\Windows\System\FkvSvES.exe
  C:\Windows\System\FkvSvES.exe
  2⤵
  PID:6508
- C:\Windows\System\myyEuzd.exe
  C:\Windows\System\myyEuzd.exe
  2⤵
  PID:6536
- C:\Windows\System\XiMJFeI.exe
  C:\Windows\System\XiMJFeI.exe
  2⤵
  PID:6544
- C:\Windows\System\eTRLTgr.exe
  C:\Windows\System\eTRLTgr.exe
  2⤵
  PID:6284
- C:\Windows\System\yhRdnJA.exe
  C:\Windows\System\yhRdnJA.exe
  2⤵
  PID:13340
- C:\Windows\System\qmStCFl.exe
  C:\Windows\System\qmStCFl.exe
  2⤵
  PID:13368
- C:\Windows\System\gVYZNWQ.exe
  C:\Windows\System\gVYZNWQ.exe
  2⤵
  PID:13396
- C:\Windows\System\YUWSYTa.exe
  C:\Windows\System\YUWSYTa.exe
  2⤵
  PID:13424
- C:\Windows\System\XZeZHml.exe
  C:\Windows\System\XZeZHml.exe
  2⤵
  PID:13452
- C:\Windows\System\ZCAdszP.exe
  C:\Windows\System\ZCAdszP.exe
  2⤵
  PID:13480
- C:\Windows\System\GDEkqZb.exe
  C:\Windows\System\GDEkqZb.exe
  2⤵
  PID:13508
- C:\Windows\System\fTAGsoV.exe
  C:\Windows\System\fTAGsoV.exe
  2⤵
  PID:13536
- C:\Windows\System\vyZAKzS.exe
  C:\Windows\System\vyZAKzS.exe
  2⤵
  PID:13564
- C:\Windows\System\ZYMgPRP.exe
  C:\Windows\System\ZYMgPRP.exe
  2⤵
  PID:13592
- C:\Windows\System\imbOIid.exe
  C:\Windows\System\imbOIid.exe
  2⤵
  PID:13620
- C:\Windows\System\QaESkQs.exe
  C:\Windows\System\QaESkQs.exe
  2⤵
  PID:13648
- C:\Windows\System\hWxVEik.exe
  C:\Windows\System\hWxVEik.exe
  2⤵
  PID:13680
- C:\Windows\System\TotxQWD.exe
  C:\Windows\System\TotxQWD.exe
  2⤵
  PID:13708
- C:\Windows\System\dhmgVEk.exe
  C:\Windows\System\dhmgVEk.exe
  2⤵
  PID:13736
- C:\Windows\System\hhZFtQm.exe
  C:\Windows\System\hhZFtQm.exe
  2⤵
  PID:13764
- C:\Windows\System\pzCbIfj.exe
  C:\Windows\System\pzCbIfj.exe
  2⤵
  PID:13792
- C:\Windows\System\TKlbbkW.exe
  C:\Windows\System\TKlbbkW.exe
  2⤵
  PID:13820
- C:\Windows\System\PkphSWG.exe
  C:\Windows\System\PkphSWG.exe
  2⤵
  PID:13848
- C:\Windows\System\ScRupUL.exe
  C:\Windows\System\ScRupUL.exe
  2⤵
  PID:13876
- C:\Windows\System\inFDRaa.exe
  C:\Windows\System\inFDRaa.exe
  2⤵
  PID:13904
- C:\Windows\System\slzogiC.exe
  C:\Windows\System\slzogiC.exe
  2⤵
  PID:13932
- C:\Windows\System\SxorYcY.exe
  C:\Windows\System\SxorYcY.exe
  2⤵
  PID:13960
- C:\Windows\System\NvSmaii.exe
  C:\Windows\System\NvSmaii.exe
  2⤵
  PID:13988
- C:\Windows\System\VkBBQhA.exe
  C:\Windows\System\VkBBQhA.exe
  2⤵
  PID:14016
- C:\Windows\System\HJDvuis.exe
  C:\Windows\System\HJDvuis.exe
  2⤵
  PID:14044
- C:\Windows\System\ulknyCK.exe
  C:\Windows\System\ulknyCK.exe
  2⤵
  PID:14072
- C:\Windows\System\cymdNYQ.exe
  C:\Windows\System\cymdNYQ.exe
  2⤵
  PID:14100
- C:\Windows\System\UPCoipp.exe
  C:\Windows\System\UPCoipp.exe
  2⤵
  PID:14128
- C:\Windows\System\HBTmeOz.exe
  C:\Windows\System\HBTmeOz.exe
  2⤵
  PID:14156
- C:\Windows\System\dIDBTBL.exe
  C:\Windows\System\dIDBTBL.exe
  2⤵
  PID:14184
- C:\Windows\System\AlJTzYf.exe
  C:\Windows\System\AlJTzYf.exe
  2⤵
  PID:14212
- C:\Windows\System\UKHNawl.exe
  C:\Windows\System\UKHNawl.exe
  2⤵
  PID:14240
- C:\Windows\System\sMGlkFo.exe
  C:\Windows\System\sMGlkFo.exe
  2⤵
  PID:14268
- C:\Windows\System\bXoCHTw.exe
  C:\Windows\System\bXoCHTw.exe
  2⤵
  PID:14304
- C:\Windows\System\sHfGMMi.exe
  C:\Windows\System\sHfGMMi.exe
  2⤵
  PID:14328
- C:\Windows\System\lzkLMqk.exe
  C:\Windows\System\lzkLMqk.exe
  2⤵
  PID:13360
- C:\Windows\System\IimMzab.exe
  C:\Windows\System\IimMzab.exe
  2⤵
  PID:13416
- C:\Windows\System\YxBWLdv.exe
  C:\Windows\System\YxBWLdv.exe
  2⤵
  PID:13476
- C:\Windows\System\dReBYcl.exe
  C:\Windows\System\dReBYcl.exe
  2⤵
  PID:6868
- C:\Windows\System\FeqsjPx.exe
  C:\Windows\System\FeqsjPx.exe
  2⤵
  PID:13532
- C:\Windows\System\kMVEgVN.exe
  C:\Windows\System\kMVEgVN.exe
  2⤵
  PID:13584
- C:\Windows\System\OcUZTKS.exe
  C:\Windows\System\OcUZTKS.exe
  2⤵
  PID:1448
- C:\Windows\System\BOEbbId.exe
  C:\Windows\System\BOEbbId.exe
  2⤵
  PID:13660
- C:\Windows\System\lrlDjJS.exe
  C:\Windows\System\lrlDjJS.exe
  2⤵
  PID:13704
- C:\Windows\System\vtFmbZH.exe
  C:\Windows\System\vtFmbZH.exe
  2⤵
  PID:7076
- C:\Windows\System\eRihTdS.exe
  C:\Windows\System\eRihTdS.exe
  2⤵
  PID:13804
- C:\Windows\System\FEnbgCW.exe
  C:\Windows\System\FEnbgCW.exe
  2⤵
  PID:7120
- C:\Windows\System\YMzGshI.exe
  C:\Windows\System\YMzGshI.exe
  2⤵
  PID:7148
- C:\Windows\System\yhLdadp.exe
  C:\Windows\System\yhLdadp.exe
  2⤵
  PID:13924
- C:\Windows\System\rGsPPey.exe
  C:\Windows\System\rGsPPey.exe
  2⤵
  PID:13984
- C:\Windows\System\jdZnJbw.exe
  C:\Windows\System\jdZnJbw.exe
  2⤵
  PID:14036
- C:\Windows\System\xqLknGY.exe
  C:\Windows\System\xqLknGY.exe
  2⤵
  PID:6520
- C:\Windows\System\TEcfCsg.exe
  C:\Windows\System\TEcfCsg.exe
  2⤵
  PID:14148
- C:\Windows\System\jKiEVXS.exe
  C:\Windows\System\jKiEVXS.exe
  2⤵
  PID:14196
- C:\Windows\System\AfoRSYw.exe
  C:\Windows\System\AfoRSYw.exe
  2⤵
  PID:14208
- C:\Windows\System\awaAPUN.exe
  C:\Windows\System\awaAPUN.exe
  2⤵
  PID:14264
- C:\Windows\System\wTXLVqZ.exe
  C:\Windows\System\wTXLVqZ.exe
  2⤵
  PID:14292
- C:\Windows\System\dvMzWBF.exe
  C:\Windows\System\dvMzWBF.exe
  2⤵
  PID:6336
- C:\Windows\System\mztRBcL.exe
  C:\Windows\System\mztRBcL.exe
  2⤵
  PID:13324
- C:\Windows\System\GgXefvi.exe
  C:\Windows\System\GgXefvi.exe
  2⤵
  PID:7004
- C:\Windows\System\uHZFstj.exe
  C:\Windows\System\uHZFstj.exe
  2⤵
  PID:12416
- C:\Windows\System\BpnzYDe.exe
  C:\Windows\System\BpnzYDe.exe
  2⤵
  PID:6916
- C:\Windows\System\oPcpAEn.exe
  C:\Windows\System\oPcpAEn.exe
  2⤵
  PID:6176
- C:\Windows\System\wLOwgCL.exe
  C:\Windows\System\wLOwgCL.exe
  2⤵
  PID:13640
- C:\Windows\System\kMdzchT.exe
  C:\Windows\System\kMdzchT.exe
  2⤵
  PID:7044
- C:\Windows\System\xUAcOmb.exe
  C:\Windows\System\xUAcOmb.exe
  2⤵
  PID:13788
- C:\Windows\System\DfTKPEM.exe
  C:\Windows\System\DfTKPEM.exe
  2⤵
  PID:7268
- C:\Windows\System\JwMEkEt.exe
  C:\Windows\System\JwMEkEt.exe
  2⤵
  PID:6148
- C:\Windows\System\djgKnwx.exe
  C:\Windows\System\djgKnwx.exe
  2⤵
  PID:7328
- C:\Windows\System\eBWNNve.exe
  C:\Windows\System\eBWNNve.exe
  2⤵
  PID:5796
- C:\Windows\System\ZdCBCly.exe
  C:\Windows\System\ZdCBCly.exe
  2⤵
  PID:7412
- C:\Windows\System\RAtvWqh.exe
  C:\Windows\System\RAtvWqh.exe
  2⤵
  PID:14180
- C:\Windows\System\jSTvddW.exe
  C:\Windows\System\jSTvddW.exe
  2⤵
  PID:14236
- C:\Windows\System\UQKiTsN.exe
  C:\Windows\System\UQKiTsN.exe
  2⤵
  PID:7124
- C:\Windows\System\itTwNdW.exe
  C:\Windows\System\itTwNdW.exe
  2⤵
  PID:6220
- C:\Windows\System\ZZfjbvI.exe
  C:\Windows\System\ZZfjbvI.exe
  2⤵
  PID:7632
- C:\Windows\System\MyIiXzC.exe
  C:\Windows\System\MyIiXzC.exe
  2⤵
  PID:13472
- C:\Windows\System\KrdjJKy.exe
  C:\Windows\System\KrdjJKy.exe
  2⤵
  PID:7692
- C:\Windows\System\wHKTRFU.exe
  C:\Windows\System\wHKTRFU.exe
  2⤵
  PID:6684
- C:\Windows\System\eDSlwXr.exe
  C:\Windows\System\eDSlwXr.exe
  2⤵
  PID:7736
- C:\Windows\System\IqXJAkC.exe
  C:\Windows\System\IqXJAkC.exe
  2⤵
  PID:7156
- C:\Windows\System\KzIGDzn.exe
  C:\Windows\System\KzIGDzn.exe
  2⤵
  PID:7816
- C:\Windows\System\NdFKPew.exe
  C:\Windows\System\NdFKPew.exe
  2⤵
  PID:7392
- C:\Windows\System\QOZFWey.exe
  C:\Windows\System\QOZFWey.exe
  2⤵
  PID:7900
- C:\Windows\System\cKeIrfo.exe
  C:\Windows\System\cKeIrfo.exe
  2⤵
  PID:7464
- C:\Windows\System\fcREviy.exe
  C:\Windows\System\fcREviy.exe
  2⤵
  PID:7992
- C:\Windows\System\eYKqsdy.exe
  C:\Windows\System\eYKqsdy.exe
  2⤵
  PID:7620
- C:\Windows\System\PbgcwEG.exe
  C:\Windows\System\PbgcwEG.exe
  2⤵
  PID:3452
- C:\Windows\System\XUctLxq.exe
  C:\Windows\System\XUctLxq.exe
  2⤵
  PID:8104
- C:\Windows\System\hadkcYd.exe
  C:\Windows\System\hadkcYd.exe
  2⤵
  PID:13760
- C:\Windows\System\uEdorTC.exe
  C:\Windows\System\uEdorTC.exe
  2⤵
  PID:7796
- C:\Windows\System\qPsVjtZ.exe
  C:\Windows\System\qPsVjtZ.exe
  2⤵
  PID:7188
- C:\Windows\System\zeAAdNJ.exe
  C:\Windows\System\zeAAdNJ.exe
  2⤵
  PID:6736
- C:\Windows\System\ljPTbrP.exe
  C:\Windows\System\ljPTbrP.exe
  2⤵
  PID:7956
- C:\Windows\System\UzRHrfk.exe
  C:\Windows\System\UzRHrfk.exe
  2⤵
  PID:5384
- C:\Windows\System\Kgqcnum.exe
  C:\Windows\System\Kgqcnum.exe
  2⤵
  PID:7648
- C:\Windows\System\bLNloLC.exe
  C:\Windows\System\bLNloLC.exe
  2⤵
  PID:8124
- C:\Windows\System\jmfddYC.exe
  C:\Windows\System\jmfddYC.exe
  2⤵
  PID:7828
- C:\Windows\System\sQUIMIA.exe
  C:\Windows\System\sQUIMIA.exe
  2⤵
  PID:7204
- C:\Windows\System\UISRrfK.exe
  C:\Windows\System\UISRrfK.exe
  2⤵
  PID:7872
- C:\Windows\System\eVqkAfT.exe
  C:\Windows\System\eVqkAfT.exe
  2⤵
  PID:8080
- C:\Windows\System\dLnhEmO.exe
  C:\Windows\System\dLnhEmO.exe
  2⤵
  PID:8136
- C:\Windows\System\nPGVjfI.exe
  C:\Windows\System\nPGVjfI.exe
  2⤵
  PID:7220
- C:\Windows\System\TqGppZg.exe
  C:\Windows\System\TqGppZg.exe
  2⤵
  PID:13972
- C:\Windows\System\xOdDShb.exe
  C:\Windows\System\xOdDShb.exe
  2⤵
  PID:7932
- C:\Windows\System\JMTVqEo.exe
  C:\Windows\System\JMTVqEo.exe
  2⤵
  PID:5392
- C:\Windows\System\KOlJMiC.exe
  C:\Windows\System\KOlJMiC.exe
  2⤵
  PID:7876
- C:\Windows\System\BedyIfR.exe
  C:\Windows\System\BedyIfR.exe
  2⤵
  PID:8160
- C:\Windows\System\EvicEAB.exe
  C:\Windows\System\EvicEAB.exe
  2⤵
  PID:3372
- C:\Windows\System\inbcLwu.exe
  C:\Windows\System\inbcLwu.exe
  2⤵
  PID:7628
- C:\Windows\System\aFcAKho.exe
  C:\Windows\System\aFcAKho.exe
  2⤵
  PID:7764
- C:\Windows\System\EnbMcGv.exe
  C:\Windows\System\EnbMcGv.exe
  2⤵
  PID:7200
- C:\Windows\System\JrFwBkC.exe
  C:\Windows\System\JrFwBkC.exe
  2⤵
  PID:5936
- C:\Windows\System\qdNtVtv.exe
  C:\Windows\System\qdNtVtv.exe
  2⤵
  PID:5560
- C:\Windows\System\TwMxBzN.exe
  C:\Windows\System\TwMxBzN.exe
  2⤵
  PID:8300
- C:\Windows\System\kngVTOG.exe
  C:\Windows\System\kngVTOG.exe
  2⤵
  PID:7256
- C:\Windows\System\oTnSPwn.exe
  C:\Windows\System\oTnSPwn.exe
  2⤵
  PID:8372
- C:\Windows\System\UKKvNYx.exe
  C:\Windows\System\UKKvNYx.exe
  2⤵
  PID:8328
- C:\Windows\System\NAnSNsL.exe
  C:\Windows\System\NAnSNsL.exe
  2⤵
  PID:8404
- C:\Windows\System\MRctNOM.exe
  C:\Windows\System\MRctNOM.exe
  2⤵
  PID:1624
- C:\Windows\System\zBKdqqN.exe
  C:\Windows\System\zBKdqqN.exe
  2⤵
  PID:8440
- C:\Windows\System\zCmwHvJ.exe
  C:\Windows\System\zCmwHvJ.exe
  2⤵
  PID:8028
- C:\Windows\System\rBeUfbn.exe
  C:\Windows\System\rBeUfbn.exe
  2⤵
  PID:8552
- C:\Windows\System\rfItKJh.exe
  C:\Windows\System\rfItKJh.exe
  2⤵
  PID:14412
- C:\Windows\System\wgjZFQY.exe
  C:\Windows\System\wgjZFQY.exe
  2⤵
  PID:14468
- C:\Windows\System\GdbmJCV.exe
  C:\Windows\System\GdbmJCV.exe
  2⤵
  PID:14484
- C:\Windows\System\YKMnnQs.exe
  C:\Windows\System\YKMnnQs.exe
  2⤵
  PID:14512
- C:\Windows\System\rKjBPqf.exe
  C:\Windows\System\rKjBPqf.exe
  2⤵
  PID:14588
- C:\Windows\System\eqBLklW.exe
  C:\Windows\System\eqBLklW.exe
  2⤵
  PID:14604
- C:\Windows\System\NGsHTVw.exe
  C:\Windows\System\NGsHTVw.exe
  2⤵
  PID:14644
- C:\Windows\System\xTmjnWG.exe
  C:\Windows\System\xTmjnWG.exe
  2⤵
  PID:14660
- C:\Windows\System\qKzPcbl.exe
  C:\Windows\System\qKzPcbl.exe
  2⤵
  PID:14688
- C:\Windows\System\XIPtNZo.exe
  C:\Windows\System\XIPtNZo.exe
  2⤵
  PID:14716
- C:\Windows\System\acpdiLB.exe
  C:\Windows\System\acpdiLB.exe
  2⤵
  PID:14744
- C:\Windows\System\jdiFKqg.exe
  C:\Windows\System\jdiFKqg.exe
  2⤵
  PID:14772
- C:\Windows\System\PexOxBM.exe
  C:\Windows\System\PexOxBM.exe
  2⤵
  PID:14800
- C:\Windows\System\FWjvbxn.exe
  C:\Windows\System\FWjvbxn.exe
  2⤵
  PID:14828
- C:\Windows\System\oiyhCTZ.exe
  C:\Windows\System\oiyhCTZ.exe
  2⤵
  PID:14856
- C:\Windows\System\uPqnBUv.exe
  C:\Windows\System\uPqnBUv.exe
  2⤵
  PID:14888
- C:\Windows\System\aHESctv.exe
  C:\Windows\System\aHESctv.exe
  2⤵
  PID:14916
- C:\Windows\System\XzYJRPS.exe
  C:\Windows\System\XzYJRPS.exe
  2⤵
  PID:14952
- C:\Windows\System\jyGfzDB.exe
  C:\Windows\System\jyGfzDB.exe
  2⤵
  PID:14972
- C:\Windows\System\NVjghLr.exe
  C:\Windows\System\NVjghLr.exe
  2⤵
  PID:15000
- C:\Windows\System\NOTjcUT.exe
  C:\Windows\System\NOTjcUT.exe
  2⤵
  PID:15028
- C:\Windows\System\coceqwJ.exe
  C:\Windows\System\coceqwJ.exe
  2⤵
  PID:15068
- C:\Windows\System\TTMSDuB.exe
  C:\Windows\System\TTMSDuB.exe
  2⤵
  PID:15084
- C:\Windows\System\QiAHRoE.exe
  C:\Windows\System\QiAHRoE.exe
  2⤵
  PID:15112
- C:\Windows\System\Qoljcpr.exe
  C:\Windows\System\Qoljcpr.exe
  2⤵
  PID:15140
- C:\Windows\System\BmiDGJy.exe
  C:\Windows\System\BmiDGJy.exe
  2⤵
  PID:15168
- C:\Windows\System\hCzgKmC.exe
  C:\Windows\System\hCzgKmC.exe
  2⤵
  PID:15196
- C:\Windows\System\ZIZTXUn.exe
  C:\Windows\System\ZIZTXUn.exe
  2⤵
  PID:15224
- C:\Windows\System\jqywjgO.exe
  C:\Windows\System\jqywjgO.exe
  2⤵
  PID:15252
- C:\Windows\System\OBGuTfe.exe
  C:\Windows\System\OBGuTfe.exe
  2⤵
  PID:15280
- C:\Windows\System\cUlUMEo.exe
  C:\Windows\System\cUlUMEo.exe
  2⤵
  PID:15308
- C:\Windows\System\tFWAULG.exe
  C:\Windows\System\tFWAULG.exe
  2⤵
  PID:15336
- C:\Windows\System\IViENgr.exe
  C:\Windows\System\IViENgr.exe
  2⤵
  PID:8588
- C:\Windows\System\rmdQsBC.exe
  C:\Windows\System\rmdQsBC.exe
  2⤵
  PID:14356
- C:\Windows\System\xTOOyTg.exe
  C:\Windows\System\xTOOyTg.exe
  2⤵
  PID:8692
- C:\Windows\System\MydmbFr.exe
  C:\Windows\System\MydmbFr.exe
  2⤵
  PID:8728
- C:\Windows\System\QXGXGKp.exe
  C:\Windows\System\QXGXGKp.exe
  2⤵
  PID:14444
- C:\Windows\System\guTGZIb.exe
  C:\Windows\System\guTGZIb.exe
  2⤵
  PID:8812
- C:\Windows\System\WqFPgQl.exe
  C:\Windows\System\WqFPgQl.exe
  2⤵
  PID:8832
- C:\Windows\System\QhMegiT.exe
  C:\Windows\System\QhMegiT.exe
  2⤵
  PID:14540
- C:\Windows\System\dyXSuVc.exe
  C:\Windows\System\dyXSuVc.exe
  2⤵
  PID:14564
- C:\Windows\System\cqpwmsg.exe
  C:\Windows\System\cqpwmsg.exe
  2⤵
  PID:14584
- C:\Windows\System\uGmjYkX.exe
  C:\Windows\System\uGmjYkX.exe
  2⤵
  PID:14616
- C:\Windows\System\FqUGFth.exe
  C:\Windows\System\FqUGFth.exe
  2⤵
  PID:9096
- C:\Windows\System\VRhlQWK.exe
  C:\Windows\System\VRhlQWK.exe
  2⤵
  PID:14684
- C:\Windows\System\hQnqkPA.exe
  C:\Windows\System\hQnqkPA.exe
  2⤵
  PID:8276
- C:\Windows\System\jFPJsXc.exe
  C:\Windows\System\jFPJsXc.exe
  2⤵
  PID:8332
- C:\Windows\System\vhkFgLY.exe
  C:\Windows\System\vhkFgLY.exe
  2⤵
  PID:5008
- C:\Windows\System\mbHLXNf.exe
  C:\Windows\System\mbHLXNf.exe
  2⤵
  PID:15052
- C:\Windows\System\IugcVxU.exe
  C:\Windows\System\IugcVxU.exe
  2⤵
  PID:15096
- C:\Windows\System\uXwFQzs.exe
  C:\Windows\System\uXwFQzs.exe
  2⤵
  PID:15160
- C:\Windows\System\zJKjlFG.exe
  C:\Windows\System\zJKjlFG.exe
  2⤵
  PID:15188
- C:\Windows\System\MRaBQKT.exe
  C:\Windows\System\MRaBQKT.exe
  2⤵
  PID:15248
- C:\Windows\System\uZReiUS.exe
  C:\Windows\System\uZReiUS.exe
  2⤵
  PID:15356
- C:\Windows\System\qbvIgbZ.exe
  C:\Windows\System\qbvIgbZ.exe
  2⤵
  PID:8636
- C:\Windows\System\vvyVCTC.exe
  C:\Windows\System\vvyVCTC.exe
  2⤵
  PID:14384
- C:\Windows\System\nUwcDYr.exe
  C:\Windows\System\nUwcDYr.exe
  2⤵
  PID:1496
- C:\Windows\System\LIPfNba.exe
  C:\Windows\System\LIPfNba.exe
  2⤵
  PID:8748
- C:\Windows\System\vWgYGxw.exe
  C:\Windows\System\vWgYGxw.exe
  2⤵
  PID:14464
- C:\Windows\System\IVYChEo.exe
  C:\Windows\System\IVYChEo.exe
  2⤵
  PID:14532
- C:\Windows\System\GGVpCeI.exe
  C:\Windows\System\GGVpCeI.exe
  2⤵
  PID:14568
- C:\Windows\System\CYkpyCZ.exe
  C:\Windows\System\CYkpyCZ.exe
  2⤵
  PID:9280
- C:\Windows\System\SvnlNdb.exe
  C:\Windows\System\SvnlNdb.exe
  2⤵
  PID:9336
- C:\Windows\System\LtfNOyJ.exe
  C:\Windows\System\LtfNOyJ.exe
  2⤵
  PID:9124
- C:\Windows\System\hGsUdYm.exe
  C:\Windows\System\hGsUdYm.exe
  2⤵
  PID:14656
- C:\Windows\System\BbBHWVl.exe
  C:\Windows\System\BbBHWVl.exe
  2⤵
  PID:14672
- C:\Windows\System\ljQbXAm.exe
  C:\Windows\System\ljQbXAm.exe
  2⤵
  PID:14708
- C:\Windows\System\KMpYfmE.exe
  C:\Windows\System\KMpYfmE.exe
  2⤵
  PID:9508
- C:\Windows\System\DHRhfFL.exe
  C:\Windows\System\DHRhfFL.exe
  2⤵
  PID:9532
- C:\Windows\System\yuOHuax.exe
  C:\Windows\System\yuOHuax.exe
  2⤵
  PID:14844
- C:\Windows\System\XNAMJgV.exe
  C:\Windows\System\XNAMJgV.exe
  2⤵
  PID:14824
- C:\Windows\System\fXhUqVK.exe
  C:\Windows\System\fXhUqVK.exe
  2⤵
  PID:8624
- C:\Windows\System\pGyNXCW.exe
  C:\Windows\System\pGyNXCW.exe
  2⤵
  PID:14992
- C:\Windows\System\GvhTZKo.exe
  C:\Windows\System\GvhTZKo.exe
  2⤵
  PID:8820
- C:\Windows\System\XTtkRxM.exe
  C:\Windows\System\XTtkRxM.exe
  2⤵
  PID:14996
- C:\Windows\System\cyXwznr.exe
  C:\Windows\System\cyXwznr.exe
  2⤵
  PID:9704
- C:\Windows\System\FHdMPWu.exe
  C:\Windows\System\FHdMPWu.exe
  2⤵
  PID:15076
- C:\Windows\System\FJMPyZK.exe
  C:\Windows\System\FJMPyZK.exe
  2⤵
  PID:9756
- C:\Windows\System\UjYwpvt.exe
  C:\Windows\System\UjYwpvt.exe
  2⤵
  PID:9848
- C:\Windows\System\LaTRCuj.exe
  C:\Windows\System\LaTRCuj.exe
  2⤵
  PID:8976
- C:\Windows\System\uXWUtqR.exe
  C:\Windows\System\uXWUtqR.exe
  2⤵
  PID:8240
- C:\Windows\System\VBRUGee.exe
  C:\Windows\System\VBRUGee.exe
  2⤵
  PID:2328
- C:\Windows\System\vDSVARz.exe
  C:\Windows\System\vDSVARz.exe
  2⤵
  PID:8980
- C:\Windows\System\SnewVeK.exe
  C:\Windows\System\SnewVeK.exe
  2⤵
  PID:10224
- C:\Windows\System\TCKGgSW.exe
  C:\Windows\System\TCKGgSW.exe
  2⤵
  PID:6696
- C:\Windows\System\fOloTvX.exe
  C:\Windows\System\fOloTvX.exe
  2⤵
  PID:9356
- C:\Windows\System\BUGjbTN.exe
  C:\Windows\System\BUGjbTN.exe
  2⤵
  PID:9420
- C:\Windows\System\fGmQNSY.exe
  C:\Windows\System\fGmQNSY.exe
  2⤵
  PID:9580
- C:\Windows\System\IezGxcd.exe
  C:\Windows\System\IezGxcd.exe
  2⤵
  PID:8400
- C:\Windows\System\HiPOjRy.exe
  C:\Windows\System\HiPOjRy.exe
  2⤵
  PID:8512
- C:\Windows\System\tugCMaQ.exe
  C:\Windows\System\tugCMaQ.exe
  2⤵
  PID:2952
- C:\Windows\System\gODnbBV.exe
  C:\Windows\System\gODnbBV.exe
  2⤵
  PID:9976
- C:\Windows\System\MuvetDv.exe
  C:\Windows\System\MuvetDv.exe
  2⤵
  PID:15048
- C:\Windows\System\BNkrDPt.exe
  C:\Windows\System\BNkrDPt.exe
  2⤵
  PID:14460
- C:\Windows\System\WtPhoRV.exe
  C:\Windows\System\WtPhoRV.exe
  2⤵
  PID:15236
- C:\Windows\System\pVGpLZv.exe
  C:\Windows\System\pVGpLZv.exe
  2⤵
  PID:9812
- C:\Windows\System\CsmPhDv.exe
  C:\Windows\System\CsmPhDv.exe
  2⤵
  PID:9584
- C:\Windows\System\VjuOYiH.exe
  C:\Windows\System\VjuOYiH.exe
  2⤵
  PID:14864
- C:\Windows\System\RZSKTVi.exe
  C:\Windows\System\RZSKTVi.exe
  2⤵
  PID:5852
- C:\Windows\System\MfAivdv.exe
  C:\Windows\System\MfAivdv.exe
  2⤵
  PID:6540
- C:\Windows\System\XYDfMnt.exe
  C:\Windows\System\XYDfMnt.exe
  2⤵
  PID:8872
- C:\Windows\System\eXEyduF.exe
  C:\Windows\System\eXEyduF.exe
  2⤵
  PID:9104
- C:\Windows\System\GZkOMRB.exe
  C:\Windows\System\GZkOMRB.exe
  2⤵
  PID:9184
- C:\Windows\System\rHUAUIY.exe
  C:\Windows\System\rHUAUIY.exe
  2⤵
  PID:4044
- C:\Windows\System\wSGajeZ.exe
  C:\Windows\System\wSGajeZ.exe
  2⤵
  PID:5236
- C:\Windows\System\DqDyWJr.exe
  C:\Windows\System\DqDyWJr.exe
  2⤵
  PID:10104
- C:\Windows\System\zMspubb.exe
  C:\Windows\System\zMspubb.exe
  2⤵
  PID:10188
- C:\Windows\System\hRoUEGw.exe
  C:\Windows\System\hRoUEGw.exe
  2⤵
  PID:4540
- C:\Windows\System\ZcDzoqd.exe
  C:\Windows\System\ZcDzoqd.exe
  2⤵
  PID:14652
- C:\Windows\System\ujwoLFo.exe
  C:\Windows\System\ujwoLFo.exe
  2⤵
  PID:9576
- C:\Windows\System\zEMNaFZ.exe
  C:\Windows\System\zEMNaFZ.exe
  2⤵
  PID:3352
- C:\Windows\System\RecpkUu.exe
  C:\Windows\System\RecpkUu.exe
  2⤵
  PID:2432
- C:\Windows\System\StAkmZr.exe
  C:\Windows\System\StAkmZr.exe
  2⤵
  PID:10308
- C:\Windows\System\BJAunrr.exe
  C:\Windows\System\BJAunrr.exe
  2⤵
  PID:9676
- C:\Windows\System\nsOlpXq.exe
  C:\Windows\System\nsOlpXq.exe
  2⤵
  PID:9760
- C:\Windows\System\CLbFqwx.exe
  C:\Windows\System\CLbFqwx.exe
  2⤵
  PID:15292
- C:\Windows\System\ySqMzvq.exe
  C:\Windows\System\ySqMzvq.exe
  2⤵
  PID:10464
- C:\Windows\System\MFjoCch.exe
  C:\Windows\System\MFjoCch.exe
  2⤵
  PID:6420
- C:\Windows\System\zXdSNAQ.exe
  C:\Windows\System\zXdSNAQ.exe
  2⤵
  PID:10548
- C:\Windows\System\bTFyMVi.exe
  C:\Windows\System\bTFyMVi.exe
  2⤵
  PID:8612
- C:\Windows\System\HpJSNQk.exe
  C:\Windows\System\HpJSNQk.exe
  2⤵
  PID:8860
- C:\Windows\System\emcZQNk.exe
  C:\Windows\System\emcZQNk.exe
  2⤵
  PID:6660
- C:\Windows\System\oHkzhYN.exe
  C:\Windows\System\oHkzhYN.exe
  2⤵
  PID:5880
- C:\Windows\System\HABdKnx.exe
  C:\Windows\System\HABdKnx.exe
  2⤵
  PID:6864
- C:\Windows\System\PdXClBi.exe
  C:\Windows\System\PdXClBi.exe
  2⤵
  PID:9428
- C:\Windows\System\WqraTJk.exe
  C:\Windows\System\WqraTJk.exe
  2⤵
  PID:10192
- C:\Windows\System\hRrNZRY.exe
  C:\Windows\System\hRrNZRY.exe
  2⤵
  PID:8792
- C:\Windows\System\kdtDsOP.exe
  C:\Windows\System\kdtDsOP.exe
  2⤵
  PID:10348
- C:\Windows\System\lmKsBVW.exe
  C:\Windows\System\lmKsBVW.exe
  2⤵
  PID:9784
- C:\Windows\System\IvmIwED.exe
  C:\Windows\System\IvmIwED.exe
  2⤵
  PID:15300
- C:\Windows\System\nLLcibW.exe
  C:\Windows\System\nLLcibW.exe
  2⤵
  PID:11108
- C:\Windows\System\ccbURZb.exe
  C:\Windows\System\ccbURZb.exe
  2⤵
  PID:9968
- C:\Windows\System\IYeIAzx.exe
  C:\Windows\System\IYeIAzx.exe
  2⤵
  PID:4896
- C:\Windows\System\KuAGMKg.exe
  C:\Windows\System\KuAGMKg.exe
  2⤵
  PID:320
- C:\Windows\System\dgGcAKd.exe
  C:\Windows\System\dgGcAKd.exe
  2⤵
  PID:8788
- C:\Windows\System\JUMrgNC.exe
  C:\Windows\System\JUMrgNC.exe
  2⤵
  PID:10820
- C:\Windows\System\zYvZjzO.exe
  C:\Windows\System\zYvZjzO.exe
  2⤵
  PID:11252
- C:\Windows\System\dcQGnbY.exe
  C:\Windows\System\dcQGnbY.exe
  2⤵
  PID:10980
- C:\Windows\System\wGEAAOH.exe
  C:\Windows\System\wGEAAOH.exe
  2⤵
  PID:11040
- C:\Windows\System\WxjUmOb.exe
  C:\Windows\System\WxjUmOb.exe
  2⤵
  PID:9972
- C:\Windows\System\CCoGHAj.exe
  C:\Windows\System\CCoGHAj.exe
  2⤵
  PID:9952
- C:\Windows\System\jqrGvhK.exe
  C:\Windows\System\jqrGvhK.exe
  2⤵
  PID:4212
- C:\Windows\System\bGSHpQl.exe
  C:\Windows\System\bGSHpQl.exe
  2⤵
  PID:7340
- C:\Windows\System\joQjjmt.exe
  C:\Windows\System\joQjjmt.exe
  2⤵
  PID:7368
- C:\Windows\System\QOOmNmm.exe
  C:\Windows\System\QOOmNmm.exe
  2⤵
  PID:10952
- C:\Windows\System\oxYvOwS.exe
  C:\Windows\System\oxYvOwS.exe
  2⤵
  PID:10488
- C:\Windows\System\YoKiYjb.exe
  C:\Windows\System\YoKiYjb.exe
  2⤵
  PID:10536
- C:\Windows\System\QnBqyiH.exe
  C:\Windows\System\QnBqyiH.exe
  2⤵
  PID:10924
- C:\Windows\System\jsmvgaP.exe
  C:\Windows\System\jsmvgaP.exe
  2⤵
  PID:11000
- C:\Windows\System\vmCPDNL.exe
  C:\Windows\System\vmCPDNL.exe
  2⤵
  PID:4740
- C:\Windows\System\wwmUzGi.exe
  C:\Windows\System\wwmUzGi.exe
  2⤵
  PID:4324
- C:\Windows\System\PMkyKeQ.exe
  C:\Windows\System\PMkyKeQ.exe
  2⤵
  PID:11236
- C:\Windows\System\tcrSgOR.exe
  C:\Windows\System\tcrSgOR.exe
  2⤵
  PID:10872
- C:\Windows\System\WVlWXzz.exe
  C:\Windows\System\WVlWXzz.exe
  2⤵
  PID:4500
- C:\Windows\System\ncCmBcR.exe
  C:\Windows\System\ncCmBcR.exe
  2⤵
  PID:10284
- C:\Windows\System\xjWXoub.exe
  C:\Windows\System\xjWXoub.exe
  2⤵
  PID:10772
- C:\Windows\System\muPSGEm.exe
  C:\Windows\System\muPSGEm.exe
  2⤵
  PID:2732
- C:\Windows\System\rvgDGOs.exe
  C:\Windows\System\rvgDGOs.exe
  2⤵
  PID:10372
- C:\Windows\System\wQmmDSK.exe
  C:\Windows\System\wQmmDSK.exe
  2⤵
  PID:3552
- C:\Windows\System\kGURfDX.exe
  C:\Windows\System\kGURfDX.exe
  2⤵
  PID:11228
- C:\Windows\System\lZKlCPl.exe
  C:\Windows\System\lZKlCPl.exe
  2⤵
  PID:11288
- C:\Windows\System\NWRXiSY.exe
  C:\Windows\System\NWRXiSY.exe
  2⤵
  PID:11328
- C:\Windows\System\pxMtKsC.exe
  C:\Windows\System\pxMtKsC.exe
  2⤵
  PID:11404
- C:\Windows\System\FwuUIyu.exe
  C:\Windows\System\FwuUIyu.exe
  2⤵
  PID:15376
- C:\Windows\System\gZXtxot.exe
  C:\Windows\System\gZXtxot.exe
  2⤵
  PID:15404
- C:\Windows\System\SMPAGnK.exe
  C:\Windows\System\SMPAGnK.exe
  2⤵
  PID:15432
- C:\Windows\System\enonRFa.exe
  C:\Windows\System\enonRFa.exe
  2⤵
  PID:15460
- C:\Windows\System\tvyyiYB.exe
  C:\Windows\System\tvyyiYB.exe
  2⤵
  PID:15488
- C:\Windows\System\eFfmoPj.exe
  C:\Windows\System\eFfmoPj.exe
  2⤵
  PID:15516
- C:\Windows\System\WkpnrAJ.exe
  C:\Windows\System\WkpnrAJ.exe
  2⤵
  PID:15544
- C:\Windows\System\SKJokog.exe
  C:\Windows\System\SKJokog.exe
  2⤵
  PID:15572
- C:\Windows\System\GZGWZpW.exe
  C:\Windows\System\GZGWZpW.exe
  2⤵
  PID:15600
- C:\Windows\System\laaohsv.exe
  C:\Windows\System\laaohsv.exe
  2⤵
  PID:15628
- C:\Windows\System\boOpZFq.exe
  C:\Windows\System\boOpZFq.exe
  2⤵
  PID:15656
- C:\Windows\System\iOjIHdD.exe
  C:\Windows\System\iOjIHdD.exe
  2⤵
  PID:15684
- C:\Windows\System\HBfGTqH.exe
  C:\Windows\System\HBfGTqH.exe
  2⤵
  PID:15712
- C:\Windows\System\xPLVIoR.exe
  C:\Windows\System\xPLVIoR.exe
  2⤵
  PID:15744
- C:\Windows\System\pCSzdPn.exe
  C:\Windows\System\pCSzdPn.exe
  2⤵
  PID:15776
- C:\Windows\System\YNgLFLy.exe
  C:\Windows\System\YNgLFLy.exe
  2⤵
  PID:15796
- C:\Windows\System\EohJlXi.exe
  C:\Windows\System\EohJlXi.exe
  2⤵
  PID:15824
- C:\Windows\System\mjLALjU.exe
  C:\Windows\System\mjLALjU.exe
  2⤵
  PID:15856
- C:\Windows\System\yoMOKBL.exe
  C:\Windows\System\yoMOKBL.exe
  2⤵
  PID:15884
- C:\Windows\System\dSyqdsz.exe
  C:\Windows\System\dSyqdsz.exe
  2⤵
  PID:15912
- C:\Windows\System\fqBCSOm.exe
  C:\Windows\System\fqBCSOm.exe
  2⤵
  PID:15940
- C:\Windows\System\EUnbuUk.exe
  C:\Windows\System\EUnbuUk.exe
  2⤵
  PID:15968
- C:\Windows\System\HBsBkjz.exe
  C:\Windows\System\HBsBkjz.exe
  2⤵
  PID:16000
- C:\Windows\System\hfrDdRU.exe
  C:\Windows\System\hfrDdRU.exe
  2⤵
  PID:16024
- C:\Windows\System\eIdpGhQ.exe
  C:\Windows\System\eIdpGhQ.exe
  2⤵
  PID:16052
- C:\Windows\System\tLGEwBZ.exe
  C:\Windows\System\tLGEwBZ.exe
  2⤵
  PID:16080
- C:\Windows\System\DMZKndf.exe
  C:\Windows\System\DMZKndf.exe
  2⤵
  PID:16112
- C:\Windows\System\MZkEzVN.exe
  C:\Windows\System\MZkEzVN.exe
  2⤵
  PID:16136
- C:\Windows\System\pRYCsEX.exe
  C:\Windows\System\pRYCsEX.exe
  2⤵
  PID:16164
- C:\Windows\System\luWhRtO.exe
  C:\Windows\System\luWhRtO.exe
  2⤵
  PID:16192
- C:\Windows\System\ZcInceI.exe
  C:\Windows\System\ZcInceI.exe
  2⤵
  PID:16220
- C:\Windows\System\TgPcyZV.exe
  C:\Windows\System\TgPcyZV.exe
  2⤵
  PID:16260
- C:\Windows\System\GLAgUUW.exe
  C:\Windows\System\GLAgUUW.exe
  2⤵
  PID:16276
- C:\Windows\System\wcqSSsA.exe
  C:\Windows\System\wcqSSsA.exe
  2⤵
  PID:16304
- C:\Windows\System\chQrQBy.exe
  C:\Windows\System\chQrQBy.exe
  2⤵
  PID:16332
- C:\Windows\System\POSBlXg.exe
  C:\Windows\System\POSBlXg.exe
  2⤵
  PID:16360
- C:\Windows\System\SJMaDLC.exe
  C:\Windows\System\SJMaDLC.exe
  2⤵
  PID:11452
- C:\Windows\System\xvGdBmP.exe
  C:\Windows\System\xvGdBmP.exe
  2⤵
  PID:15396
- C:\Windows\System\LGAscqw.exe
  C:\Windows\System\LGAscqw.exe
  2⤵
  PID:15456
- C:\Windows\System\IefXoWy.exe
  C:\Windows\System\IefXoWy.exe
  2⤵
  PID:15528
- C:\Windows\System\Coqlzmb.exe
  C:\Windows\System\Coqlzmb.exe
  2⤵
  PID:15592
- C:\Windows\System\bXSlSYx.exe
  C:\Windows\System\bXSlSYx.exe
  2⤵
  PID:15668
- C:\Windows\System\UYXEGGf.exe
  C:\Windows\System\UYXEGGf.exe
  2⤵
  PID:15724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CHTeEbA.exe

Filesize
6.0MB

MD5
07f4132714189ec3ecc43d6096cffbfd

SHA1
571d2d3f2f5b3f23906261c335dc7bccd8b65e21

SHA256
877cfa187b7162ed4d46ebfd08e812b4d6e2ce7d2c0d17f7df47781fcd9e1a1c

SHA512
e0bc6fe3240605018dc654176ce0f89c6bed9e47505d58b36beaca014cb650e8b220b1f0b272e7f533c7eebc42ecff4f8db70cb51d1834b81277f1a74d4c1711

Download Submit
C:\Windows\System\CLhRMEt.exe

Filesize
6.0MB

MD5
ee4e9d330c207fb2269fd59a3de7778d

SHA1
f209f25f258fcbe3ec0cb269e06b9792cf415112

SHA256
01cd8315899cc350be1edfa64818179647a6a86daf52971b7475cbc61cc15ed0

SHA512
3449f5ee0940e5724a423e07a1ae23d06b5b64f43b88e563c0cbc8cb1a49c62c99fa1b7f936d0b9a4f9ec0f5f849dc7e21654c9cc30f3c213a812dc1bea2835a

Download Submit
C:\Windows\System\DEruWga.exe

Filesize
6.0MB

MD5
bc319501350e3bc99619bfe552a3112a

SHA1
7b6162dfc490dd88f00c32835180bd2a43176ae6

SHA256
dd53b60dc56af8b0301213709f53f79008271f96de99e1031aca8324b1613647

SHA512
52dbfd4179c12bdf72ae9079261c5010f3477de254b0fc7b444bc848a60747c72346710ca1b5ef572e8f36b258d416ffb05f561b1222b3a390fecf74beb97299

Download Submit
C:\Windows\System\FOYmTxq.exe

Filesize
6.0MB

MD5
aa6b2981de31bce4382f40a3097e9dc5

SHA1
e6cf76f87c570fcd660cf32506d5650e45e97129

SHA256
530e5e24ace43b20acf80639957c347f6aa83a6f7020fa752a586f2c7eeb6955

SHA512
0f8dc4f4f125e9c4a95ae111397da4e366572df489f144d31fba6edf960125ad3aaf44394d435af10ff0c8823b18ee18b8e90f06b2e5ff4957656c6703b2008d

Download Submit
C:\Windows\System\GITjFUf.exe

Filesize
6.0MB

MD5
dc560a45f1a1130f16118f0dca72d7de

SHA1
679d4716a166e309fda604e1d0a04e515652a4ff

SHA256
e63579acb0c993f3bc8a9c37bc811bcfd60293318b9540532236a6acf43a6e97

SHA512
8302e5ac94a0ee159ebc19f9a3e1508720d5de7b7a95f9f7afe9a73e03fc410e19b18d1845081fda9d9ef66672b5e882368cd9b7f8a744af6d822647bcab1a45

Download Submit
C:\Windows\System\KEyDaQU.exe

Filesize
6.0MB

MD5
c371c9b02830d06e983d09b839456922

SHA1
9fb9ca88da8b2d589056f87d6c40ceef4d3b756c

SHA256
56ff2579fd531fc45ded08c8e4c8d2296e271ec0fbdd7a55da9366287384f629

SHA512
8b4269e7cecfdf719e5e545328a04832fff38e0643d055a600a23a6c04c1516dc32de34e0ea11db374ea4aa3b53e3ecf7addf562e6e36c8002d1f6bd187aee4a

Download Submit
C:\Windows\System\KcBFRYy.exe

Filesize
6.0MB

MD5
902f1230fae6565aa36fcac8eb8dea0b

SHA1
eb6e52447e143a76ee53d154119436dae17e5465

SHA256
a14b1e8393adcd176c379ba2825c9554989fab52e2930f15417e727cc502b473

SHA512
225844b92b94acc9443faf17e457c7e1a17d821126cddcaaaf9a2a1b308bdb891efca29062ec6f98ee51c4cd348a7d73abfabe5fb443479c1fe90c77d1a843e1

Download Submit
C:\Windows\System\LUWlXuk.exe

Filesize
6.0MB

MD5
10c527c48176275ca906296dd378ae04

SHA1
76ef1f3ccb608fc069047efc653b200bf70c7ba7

SHA256
04bf8fc599367398e1c43c0cd429c0a4f1fe65c5adb74ce5b6052499c0374fce

SHA512
b38880c23b36160b005d987ceb15212849705ced9de6c650019254eec612e9b0b5046fea9812bd2dd31151662c8ccd0e0773385da4073b05d2d74a830f7ce219

Download Submit
C:\Windows\System\NwRyeWj.exe

Filesize
6.0MB

MD5
42be8681f492ce688ee843498f98527d

SHA1
82bf8a75e473f49daa9fff2fe11581395dde1631

SHA256
8222ad767f46f25630f17b4c31b3427d98099076fac41c67e64b85074a016356

SHA512
ce0c82ce2782b2a7ef5227e86b648c444d801c39c9f3d15a3e0495f7a7fae35e426482e8cc3b1efde620e9dbe872cf0e40784878eb4573059eeedb436a3505bd

Download Submit
C:\Windows\System\QhhBfaJ.exe

Filesize
6.0MB

MD5
50717b353d9f8cff2e1908fef1ea7b65

SHA1
cb6712c28e240e453673caa469f87119a94e73a7

SHA256
a055e33df30196c52ece83fb07a9512b2f74d11b9f97e4588108762b4631ca81

SHA512
2d0c2aae70d687b993ff6bbc060368398eb0aaf0784f1075566fefc81c66e73f195a347084af8b4a3d35a27266f735262110860bb6f3c26e29de493a40cfe81b

Download Submit
C:\Windows\System\RAHuzwK.exe

Filesize
6.0MB

MD5
2020f75aeaf3ecef44283561a33e08d6

SHA1
d40526bd4e81469e96bf2327ad740d6ff8507fc0

SHA256
220d3ebc8f9e17a027d262c0038b2328d46148918b97b68f5178f0272f5e7386

SHA512
c2f5f789b77a2db0c2887300b41ee5d7cb8afcddea34f87f35b0106b5f54553416686e746b5684912214a3add1ca9cafd459f64f9ff0c7131db6bb8c5284e599

Download Submit
C:\Windows\System\RdivFgH.exe

Filesize
6.0MB

MD5
d0118d936dada2386f4471cd0fdd4633

SHA1
7be4760743ca0349881dd3d32a9d3e04f8b29425

SHA256
f92839bb7aa222838a336e2dbe02ac7a03c210244fac9c730f88ac92ea819e3e

SHA512
5448c751948991a7133409f9cc53f49b8adcd19e542862991a54d0b0062dd09bacd1e11d9616a005df604a78ea06e67cca75675d945e40ef2ed88f0f9ecad040

Download Submit
C:\Windows\System\VCCDQUN.exe

Filesize
6.0MB

MD5
13f3b639874331b638231e264e97c7c2

SHA1
ba09793b6c0cdc7b4b37946f979acd23bbbf3fa5

SHA256
f650a557829897cf785d160664fae8b094c8a01838ac81331f1ff0c2053b624c

SHA512
7a5bc30097630465c45002bd700e94954d6c3567a5014c7e505b05da62ab0eb377fb76a4d4b036649bbeba3975f602027f284d5e5750228d77dc884279d61805

Download Submit
C:\Windows\System\VYQZhuz.exe

Filesize
6.0MB

MD5
9d47573fcd0c0f969fec42ae3a3e348e

SHA1
0cfd34d1a99c23c59b89e7ebd0f3b5e6f5f2e945

SHA256
4ce91a9d3641cad4367ddc3b64929901b41783b94c9c562b96dade3fbeee7509

SHA512
668d9af3e24cd4e716ff4c31539fd46042cfe0e1a215a994e7603ee1d8dc43dfb10d1cd6aa40064da8771080ffb14cca9973affc2d5208a8dabdaa8ac3872890

Download Submit
C:\Windows\System\Vxfveow.exe

Filesize
6.0MB

MD5
6973038bb2ffe9002f4bfca0efd81c3e

SHA1
b707c8e084971afc9fa597c05ba2ca31246a7413

SHA256
f0b887a6c2ca9b9b94cb4b33994da9758dce8b2da361522bfb2b5090af6a8be4

SHA512
81b1018d5e2d37bbef1f73b90ea004c5645726c18e1c67bbb8a99c4b6c64769b3a89ea78de49d54886bebac0077f5dedb796535d4bf46da3d07bbfb9332c7bb1

Download Submit
C:\Windows\System\Wvmweav.exe

Filesize
6.0MB

MD5
ce91243c8e45cc3f666d155764007484

SHA1
86f1db97da7cdb4f552fcf630b388aa0f1be7c18

SHA256
0e839196691217a9400ed18c93c51801e72df1db8e45a5b77bbe9068c50a9b7c

SHA512
9b166c07f741382e88ba929a5b65506488502e9001bb708c21e8f66d4660fd7166058aa04aede5bdebcbf73c91dbc3d81abf2851916ef504b5146c13f7f6953d

Download Submit
C:\Windows\System\acGKkKQ.exe

Filesize
6.0MB

MD5
286ba87505a61bbd1190a685b8392b26

SHA1
f3c88c059d15bfafaec61e4027e0b6e7cfcd5e6b

SHA256
9540e8a00ef57c226992dacf7c0fe4838962c9c1ea1f55a2fa5d9837b8e254d1

SHA512
e7ec4145c04456d0a15b0766d8685f289804a1b7ade4d34c9baaa0cd073c5283861622fe04b9c3d73d59e35414cbb983eafb9adecc5c70a754d28bf43b472698

Download Submit
C:\Windows\System\cctVOmk.exe

Filesize
6.0MB

MD5
1121f5dc0817d16e5e637dd29138ef5e

SHA1
b7266336cadc76099592b4b7d093bbc3d0ef6e76

SHA256
8210a9026b637eeb48d894b4f057670a3ba9c3fe481e83a1663a802532e80529

SHA512
dbc488e2f20a809c025cbac805e6cd35279eaf84f05c3b6a787a6ee9455f916cfadd31938c24fdf7c41e3bb64b25e01141ce14ff867693adf4f6ed8e4a9e9679

Download Submit
C:\Windows\System\hkMLVTb.exe

Filesize
6.0MB

MD5
b5f3f7f91b994bfa215e1e6c19c42790

SHA1
87d32edd4dc4d68c5f0a180873741a3736837737

SHA256
ab7d2322032b6e739ebcf2e2da449e5e997641559364a4a9bd6774dcbeb50296

SHA512
2e0d29ff4b1d72d7a39928765c530bb6bc49b1165bfb3b6e488d9cf840dc7d3d06d4839e044a926e9600aad44056b4af7364482ce5a6e162ecebe0198684c270

Download Submit
C:\Windows\System\krQXuNi.exe

Filesize
6.0MB

MD5
a7a039c94a7ec32aede70230b15a8b05

SHA1
667cf4add7e4ada01ae2a50f23e5c9b8dff6d1d2

SHA256
bf1aec218573c9f71c5482b332597c3415fce8cb29463c52542b52d8e9ec6ae2

SHA512
89b74d7edbc24323ccb18fbcc66d8226975437c071f5fa10a694a8962b5114c1fc4f777741e545ae3da4a6a18c43167a3ebfa9e87a6457cd76b159eb173548f8

Download Submit
C:\Windows\System\kvPYwEv.exe

Filesize
6.0MB

MD5
bfc19606efe53b2677c05be76123b07e

SHA1
3cca22a488356563d9e875c23d2456a34258fb55

SHA256
f552c95c89289411ce76810e13a6bb5d7545ed5bf66465fa00b5e1e18ae0c2be

SHA512
a54bbd13c382d4250c79370254cdf96e6c0826d3b46ea89e8ed7310d3e1b3f8173b836aef462b43d2e4a97a1692be09ce510aa7c52de8d509fe6987ad998e7cb

Download Submit
C:\Windows\System\mAEbERB.exe

Filesize
6.0MB

MD5
1cf5c15b3c8f5bf7d3828677e5714416

SHA1
52c9e2f5582dec107bd961f216142a4ba06f7740

SHA256
6173b74228985240318251fd1972e7de443fe74bc336f3f1152f13d5ef13f185

SHA512
385808cabcd025f69cf869a9c414e61de51562cb77e411357306b4ef7d7314ae8c6dde215bc319d571c6556dea0ca248ff4757d2526db1252adea5376ffbab79

Download Submit
C:\Windows\System\pamKgrh.exe

Filesize
6.0MB

MD5
0bbbccfb35a4077e0f5de335eb8b63f1

SHA1
7f927208949c246a145d2b60d4d74747deee6f56

SHA256
49ef53c736f632236e2b5bde39074bc7a3e049e9efdaea9bf144012e4e29b290

SHA512
18aeac5ee3d4bb1f8e22ad60d6e45590bde498e7e82e659ca7a7bc79cfb893240e9470317d917bb2507a3f71a50ed28ee94087f0166d9d5f6f89cab00edeb831

Download Submit
C:\Windows\System\qepNxKV.exe

Filesize
6.0MB

MD5
00b4f51c5fa92f05ec5da5468b8157ef

SHA1
06deda3bd3f13009153e1dafb23edab8a97cd2cb

SHA256
74f4ee9a1e57825c50fe3a6195b617c88fb7b71d07a2c01384e04a2966f9062e

SHA512
ae41fdb2cc804f3576ddc97688ce97bdbd3d4281df9691dd7354da4113bb5f56018e249282e08a88426a751b29c9a315a15c80b7d925291207b8e84f4b3d558a

Download Submit
C:\Windows\System\rRfGDMl.exe

Filesize
6.0MB

MD5
b580597badb801f6477ef84eedfc3bb5

SHA1
8365d85509dc09f36a8c89218f8f6fad9a139bf4

SHA256
d4b2c45f1d0a57f85d9675f05cf8889126b073b73e6641ec95463efbb5468af0

SHA512
e97fc9951a1f2ea63f5b13ae78dc3b02d16e85b353e210d2a8cae8a7a61a9d9bdf6f74bb9d49b07147c63440f83edcfc124e3d8ea9eaadce73cd5a8b08d42282

Download Submit
C:\Windows\System\sVQulVM.exe

Filesize
6.0MB

MD5
bd26d1f4482430d4d0d3f006370d56af

SHA1
ba823896f74725ce7c7a518def1ae1d20721860e

SHA256
f293c077fdd88b6873c513ed77d9b7ec5758665c22037df83a79e9463fe0317a

SHA512
4f671c289b100eec8263dc48a0cefc794199e07561dd57e175e6b35e251da2bfbef8de2cdd16d1b23dc0c2cb143e1f21dfb1b68576bc0e6c82d82b1a100ae426

Download Submit
C:\Windows\System\tOgNzbo.exe

Filesize
6.0MB

MD5
d177431d09b80cb7c594f47973a8b31c

SHA1
63afe69b625c33d448581bab31a1fb4b24fbc1a3

SHA256
843a8425b95063acdef50846a8e3784b2b7aacf6c0104752d30de7129804903e

SHA512
bf48924467cd47a5cf9ab12ac6b3abdb813cb79e664191d0baaa046a193c35162c268d8c55e5ba7c205aede70990a6a8e0ad674a084f9aef6cd2b8b4a674ffce

Download Submit
C:\Windows\System\tPBCcXm.exe

Filesize
6.0MB

MD5
9af1a95aa90b07e9578baa99e0f8a786

SHA1
65097d39f46ad87fedc2cbe008ae1976446b6360

SHA256
18b201a7bf58440fc4802f4109b26bd555405d173f20b7d90f6b594184fbc326

SHA512
06839070d76ae2757fad368dff1f0daffee21911d1e84fc9026551105bf3426994f4e5ce6e1c5f0ab0d5cb5e2a9afa0e8a681b2939c082c0ba8b23fa05712e25

Download Submit
C:\Windows\System\tUSILMU.exe

Filesize
6.0MB

MD5
85009eca6a7132de535404888678888c

SHA1
84be76864341cfe73df5f1c7a3b5d53c2a7ce097

SHA256
8937dc3ce8ced67a61732cb371f1cea747473f8a4ec88d616d52afc8d6076c1a

SHA512
0c87ec5295031e1384fa228b6157eef562a92dfbd65cc3269616bca32512e499ecc65e1311a73ee0c215956ecb37d213f7ba26a800b4224b769113bbb2eb2e83

Download Submit
C:\Windows\System\uNxcHuW.exe

Filesize
6.0MB

MD5
fc3b58e5c64aadd89b2a9d0f3691d680

SHA1
1f8e6214ec3efaa64cec2fc83d79fadbc56aa903

SHA256
459c7d7133047b0335fb1b86fa031ad7937d423aa1829964607874a60b98a63a

SHA512
2e174e8df0c17de3704db2751b786f5a8d4f5ea4b644d38c8285b502ecb747542ad2d9e89a78a925e8f373f92a8db0a4fa9e48d59ea5956560a80348d38c4b1d

Download Submit
C:\Windows\System\unGnNMm.exe

Filesize
6.0MB

MD5
19e5f7f243953d83ab11a74f817b53dc

SHA1
6ea63970cab05b3c718c5471fbbbc44f53f23d2a

SHA256
affb7c877dd3bedc4b2af0721d16bb33dfca4f7081b7f475e3de3170ace035a8

SHA512
65306248d2a9f42893ef65072d6dda0db0a9578e72be4a0ce6c2e06c7936d73e351ec00855aa1f022a660580afc9e1cbf4a84a5afb00dd62904eb52982ce2841

Download Submit
C:\Windows\System\xkyQkkl.exe

Filesize
6.0MB

MD5
a8adf9b0c9b6c61890a69f67361503b2

SHA1
cc98ea4aec5714ca36b6a1687820075cfa2823e3

SHA256
17748c967a890ef1c2b907c81076b8b067d12276305f742484815cd4ae71c1ec

SHA512
91205ec23c6fbd6cd030841afe21fd441535e28aa8d95f27ce875f5acd893cfd5646091ebe977e64d05852efd5eeebb4b6c8f96a4c265370d20b9df371adef89

Download Submit
C:\Windows\System\yltXyox.exe

Filesize
6.0MB

MD5
81668a5482c114653b114e28637b3837

SHA1
39919b2a8ba316bdd6a52b85373f0f57bdecc3d6

SHA256
ae196b45dd2d25fa2767e1bac469bff8a403f918700d7998ad071f678d72f84f

SHA512
0294d0c1e67b3224c411536cdd6e66a9d7554fc0ba3d2edda485314cb87d567c932800fd24af1f9ab122d974c33f9de1e2e2b0f1bbcc60d31328fb2cba165d48

Download Submit
memory/784-1598-0x00007FF7839F0000-0x00007FF783D44000-memory.dmp

Filesize
3.3MB

Download
memory/784-74-0x00007FF7839F0000-0x00007FF783D44000-memory.dmp

Filesize
3.3MB

Download
memory/784-682-0x00007FF7839F0000-0x00007FF783D44000-memory.dmp

Filesize
3.3MB

Download
memory/796-215-0x00007FF7CE1A0000-0x00007FF7CE4F4000-memory.dmp

Filesize
3.3MB

Download
memory/796-1613-0x00007FF7CE1A0000-0x00007FF7CE4F4000-memory.dmp

Filesize
3.3MB

Download
memory/848-268-0x00007FF7D5040000-0x00007FF7D5394000-memory.dmp

Filesize
3.3MB

Download
memory/848-1644-0x00007FF7D5040000-0x00007FF7D5394000-memory.dmp

Filesize
3.3MB

Download
memory/996-1522-0x00007FF6FAE50000-0x00007FF6FB1A4000-memory.dmp

Filesize
3.3MB

Download
memory/996-61-0x00007FF6FAE50000-0x00007FF6FB1A4000-memory.dmp

Filesize
3.3MB

Download
memory/1036-239-0x00007FF649DC0000-0x00007FF64A114000-memory.dmp

Filesize
3.3MB

Download
memory/1036-1630-0x00007FF649DC0000-0x00007FF64A114000-memory.dmp

Filesize
3.3MB

Download
memory/1048-440-0x00007FF750800000-0x00007FF750B54000-memory.dmp

Filesize
3.3MB

Download
memory/1048-47-0x00007FF750800000-0x00007FF750B54000-memory.dmp

Filesize
3.3MB

Download
memory/1048-1500-0x00007FF750800000-0x00007FF750B54000-memory.dmp

Filesize
3.3MB

Download
memory/1220-214-0x00007FF76CDD0000-0x00007FF76D124000-memory.dmp

Filesize
3.3MB

Download
memory/1220-1611-0x00007FF76CDD0000-0x00007FF76D124000-memory.dmp

Filesize
3.3MB

Download
memory/1464-245-0x00007FF70BFD0000-0x00007FF70C324000-memory.dmp

Filesize
3.3MB

Download
memory/1464-1631-0x00007FF70BFD0000-0x00007FF70C324000-memory.dmp

Filesize
3.3MB

Download
memory/1916-1635-0x00007FF7461A0000-0x00007FF7464F4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-249-0x00007FF7461A0000-0x00007FF7464F4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-222-0x00007FF7D36A0000-0x00007FF7D39F4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-1616-0x00007FF7D36A0000-0x00007FF7D39F4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-1608-0x00007FF622760000-0x00007FF622AB4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-302-0x00007FF622760000-0x00007FF622AB4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-55-0x00007FF795D30000-0x00007FF796084000-memory.dmp

Filesize
3.3MB

Download
memory/2888-1-0x0000013589F10000-0x0000013589F20000-memory.dmp

Filesize
64KB

Download
memory/2888-0-0x00007FF795D30000-0x00007FF796084000-memory.dmp

Filesize
3.3MB

Download
memory/2896-273-0x00007FF730540000-0x00007FF730894000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1647-0x00007FF730540000-0x00007FF730894000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1517-0x00007FF79F410000-0x00007FF79F764000-memory.dmp

Filesize
3.3MB

Download
memory/3028-535-0x00007FF79F410000-0x00007FF79F764000-memory.dmp

Filesize
3.3MB

Download
memory/3028-48-0x00007FF79F410000-0x00007FF79F764000-memory.dmp

Filesize
3.3MB

Download
memory/3032-1527-0x00007FF67A180000-0x00007FF67A4D4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-629-0x00007FF67A180000-0x00007FF67A4D4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-62-0x00007FF67A180000-0x00007FF67A4D4000-memory.dmp

Filesize
3.3MB

Download
memory/3516-386-0x00007FF68D840000-0x00007FF68DB94000-memory.dmp

Filesize
3.3MB

Download
memory/3516-31-0x00007FF68D840000-0x00007FF68DB94000-memory.dmp

Filesize
3.3MB

Download
memory/3516-1491-0x00007FF68D840000-0x00007FF68DB94000-memory.dmp

Filesize
3.3MB

Download
memory/3620-234-0x00007FF7E1970000-0x00007FF7E1CC4000-memory.dmp

Filesize
3.3MB

Download
memory/3620-1623-0x00007FF7E1970000-0x00007FF7E1CC4000-memory.dmp

Filesize
3.3MB

Download
memory/3636-244-0x00007FF6B1880000-0x00007FF6B1BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3636-1626-0x00007FF6B1880000-0x00007FF6B1BD4000-memory.dmp

Filesize
3.3MB

Download
memory/4012-235-0x00007FF7ED340000-0x00007FF7ED694000-memory.dmp

Filesize
3.3MB

Download
memory/4012-1625-0x00007FF7ED340000-0x00007FF7ED694000-memory.dmp

Filesize
3.3MB

Download
memory/4140-15-0x00007FF76C950000-0x00007FF76CCA4000-memory.dmp

Filesize
3.3MB

Download
memory/4140-1356-0x00007FF76C950000-0x00007FF76CCA4000-memory.dmp

Filesize
3.3MB

Download
memory/4140-63-0x00007FF76C950000-0x00007FF76CCA4000-memory.dmp

Filesize
3.3MB

Download
memory/4412-1648-0x00007FF73FC90000-0x00007FF73FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/4412-287-0x00007FF73FC90000-0x00007FF73FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/4420-1493-0x00007FF77E180000-0x00007FF77E4D4000-memory.dmp

Filesize
3.3MB

Download
memory/4420-38-0x00007FF77E180000-0x00007FF77E4D4000-memory.dmp

Filesize
3.3MB

Download
memory/4492-8-0x00007FF6065E0000-0x00007FF606934000-memory.dmp

Filesize
3.3MB

Download
memory/4492-60-0x00007FF6065E0000-0x00007FF606934000-memory.dmp

Filesize
3.3MB

Download
memory/4492-1340-0x00007FF6065E0000-0x00007FF606934000-memory.dmp

Filesize
3.3MB

Download
memory/4656-1632-0x00007FF73C8F0000-0x00007FF73CC44000-memory.dmp

Filesize
3.3MB

Download
memory/4656-256-0x00007FF73C8F0000-0x00007FF73CC44000-memory.dmp

Filesize
3.3MB

Download
memory/4760-269-0x00007FF6AA780000-0x00007FF6AAAD4000-memory.dmp

Filesize
3.3MB

Download
memory/4760-1642-0x00007FF6AA780000-0x00007FF6AAAD4000-memory.dmp

Filesize
3.3MB

Download
memory/4872-288-0x00007FF7E4860000-0x00007FF7E4BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4872-1649-0x00007FF7E4860000-0x00007FF7E4BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4880-1355-0x00007FF7E9560000-0x00007FF7E98B4000-memory.dmp

Filesize
3.3MB

Download
memory/4880-299-0x00007FF7E9560000-0x00007FF7E98B4000-memory.dmp

Filesize
3.3MB

Download
memory/4880-23-0x00007FF7E9560000-0x00007FF7E98B4000-memory.dmp

Filesize
3.3MB

Download
memory/5012-1617-0x00007FF6E45B0000-0x00007FF6E4904000-memory.dmp

Filesize
3.3MB

Download
memory/5012-232-0x00007FF6E45B0000-0x00007FF6E4904000-memory.dmp

Filesize
3.3MB

Download
memory/5036-279-0x00007FF7CD680000-0x00007FF7CD9D4000-memory.dmp

Filesize
3.3MB

Download
memory/5036-1646-0x00007FF7CD680000-0x00007FF7CD9D4000-memory.dmp

Filesize
3.3MB

Download
memory/5088-69-0x00007FF795B80000-0x00007FF795ED4000-memory.dmp

Filesize
3.3MB

Download
memory/5088-18-0x00007FF795B80000-0x00007FF795ED4000-memory.dmp

Filesize
3.3MB

Download
memory/5088-1351-0x00007FF795B80000-0x00007FF795ED4000-memory.dmp

Filesize
3.3MB

Download