cobaltstrike | cc6d7f2a68e21ad2f3f30dabfe294155da510dea93eb56a5657fd29ebea18b4a

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2024 14:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a48e02009303bfa4973289bb604792b5
SHA1

a2b953d8764e54f0f9ba007d0aa66f14b9bd342b
SHA256

cc6d7f2a68e21ad2f3f30dabfe294155da510dea93eb56a5657fd29ebea18b4a
SHA512

fcbaa503701215fe0591b2139bc2c3af85573103c0cabb54f36ce56f6d941b558ff754c337937ce67674766079d137360753d3c0968dac61567fa525448edfb3
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0007000000023c8d-14.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8c-17.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c88-8.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8e-25.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8f-28.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c89-34.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c90-38.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c91-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c93-54.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c94-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c95-67.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c96-76.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c98-86.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9b-108.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9d-127.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca8-198.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caa-209.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca9-206.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca7-196.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca6-189.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca5-179.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-175.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca3-165.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca2-161.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca1-151.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca0-144.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9f-142.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9e-132.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9c-122.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9a-106.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c99-97.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c97-84.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3636-0-0x00007FF6116F0000-0x00007FF611A44000-memory.dmp	xmrig
behavioral2/memory/1716-9-0x00007FF70E330000-0x00007FF70E684000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8d-14.dat	xmrig
behavioral2/memory/1236-15-0x00007FF6F2780000-0x00007FF6F2AD4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8c-17.dat	xmrig
behavioral2/memory/3428-16-0x00007FF76CDB0000-0x00007FF76D104000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c88-8.dat	xmrig
behavioral2/files/0x0007000000023c8e-25.dat	xmrig
behavioral2/memory/4048-24-0x00007FF6D43A0000-0x00007FF6D46F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8f-28.dat	xmrig
behavioral2/files/0x0008000000023c89-34.dat	xmrig
behavioral2/files/0x0007000000023c90-38.dat	xmrig
behavioral2/memory/2432-40-0x00007FF760DD0000-0x00007FF761124000-memory.dmp	xmrig
behavioral2/memory/4972-36-0x00007FF7FFA60000-0x00007FF7FFDB4000-memory.dmp	xmrig
behavioral2/memory/3040-32-0x00007FF6DB0E0000-0x00007FF6DB434000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c91-47.dat	xmrig
behavioral2/files/0x0007000000023c93-54.dat	xmrig
behavioral2/memory/3636-55-0x00007FF6116F0000-0x00007FF611A44000-memory.dmp	xmrig
behavioral2/memory/648-57-0x00007FF66F5A0000-0x00007FF66F8F4000-memory.dmp	xmrig
behavioral2/memory/1236-62-0x00007FF6F2780000-0x00007FF6F2AD4000-memory.dmp	xmrig
behavioral2/memory/1716-61-0x00007FF70E330000-0x00007FF70E684000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c94-64.dat	xmrig
behavioral2/files/0x0007000000023c95-67.dat	xmrig
behavioral2/memory/3428-74-0x00007FF76CDB0000-0x00007FF76D104000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c96-76.dat	xmrig
behavioral2/memory/4048-80-0x00007FF6D43A0000-0x00007FF6D46F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c98-86.dat	xmrig
behavioral2/memory/3432-96-0x00007FF627C00000-0x00007FF627F54000-memory.dmp	xmrig
behavioral2/memory/2432-102-0x00007FF760DD0000-0x00007FF761124000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9b-108.dat	xmrig
behavioral2/memory/2416-117-0x00007FF683240000-0x00007FF683594000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9d-127.dat	xmrig
behavioral2/memory/4264-139-0x00007FF7E1AB0000-0x00007FF7E1E04000-memory.dmp	xmrig
behavioral2/memory/2840-150-0x00007FF7F1590000-0x00007FF7F18E4000-memory.dmp	xmrig
behavioral2/memory/3432-163-0x00007FF627C00000-0x00007FF627F54000-memory.dmp	xmrig
behavioral2/memory/1772-185-0x00007FF6B4890000-0x00007FF6B4BE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca8-198.dat	xmrig
behavioral2/memory/4264-766-0x00007FF7E1AB0000-0x00007FF7E1E04000-memory.dmp	xmrig
behavioral2/memory/2616-764-0x00007FF61DF50000-0x00007FF61E2A4000-memory.dmp	xmrig
behavioral2/memory/1456-875-0x00007FF783D90000-0x00007FF7840E4000-memory.dmp	xmrig
behavioral2/memory/2840-925-0x00007FF7F1590000-0x00007FF7F18E4000-memory.dmp	xmrig
behavioral2/memory/5096-989-0x00007FF76BC30000-0x00007FF76BF84000-memory.dmp	xmrig
behavioral2/memory/4536-1030-0x00007FF7B2DF0000-0x00007FF7B3144000-memory.dmp	xmrig
behavioral2/memory/3008-1028-0x00007FF6D1E80000-0x00007FF6D21D4000-memory.dmp	xmrig
behavioral2/memory/2936-1144-0x00007FF7C1940000-0x00007FF7C1C94000-memory.dmp	xmrig
behavioral2/memory/1600-1200-0x00007FF6F2E00000-0x00007FF6F3154000-memory.dmp	xmrig
behavioral2/memory/4312-1258-0x00007FF627FE0000-0x00007FF628334000-memory.dmp	xmrig
behavioral2/memory/1236-1710-0x00007FF6F2780000-0x00007FF6F2AD4000-memory.dmp	xmrig
behavioral2/memory/3428-1709-0x00007FF76CDB0000-0x00007FF76D104000-memory.dmp	xmrig
behavioral2/memory/3040-1733-0x00007FF6DB0E0000-0x00007FF6DB434000-memory.dmp	xmrig
behavioral2/memory/4972-1740-0x00007FF7FFA60000-0x00007FF7FFDB4000-memory.dmp	xmrig
behavioral2/memory/2432-1743-0x00007FF760DD0000-0x00007FF761124000-memory.dmp	xmrig
behavioral2/memory/4048-1729-0x00007FF6D43A0000-0x00007FF6D46F4000-memory.dmp	xmrig
behavioral2/memory/648-1840-0x00007FF66F5A0000-0x00007FF66F8F4000-memory.dmp	xmrig
behavioral2/memory/2912-1881-0x00007FF68E500000-0x00007FF68E854000-memory.dmp	xmrig
behavioral2/memory/440-1902-0x00007FF74F490000-0x00007FF74F7E4000-memory.dmp	xmrig
behavioral2/memory/2640-1909-0x00007FF6FED90000-0x00007FF6FF0E4000-memory.dmp	xmrig
behavioral2/memory/2616-1916-0x00007FF61DF50000-0x00007FF61E2A4000-memory.dmp	xmrig
behavioral2/memory/3008-1933-0x00007FF6D1E80000-0x00007FF6D21D4000-memory.dmp	xmrig
behavioral2/memory/5096-1938-0x00007FF76BC30000-0x00007FF76BF84000-memory.dmp	xmrig
behavioral2/memory/2840-1931-0x00007FF7F1590000-0x00007FF7F18E4000-memory.dmp	xmrig
behavioral2/memory/4536-1944-0x00007FF7B2DF0000-0x00007FF7B3144000-memory.dmp	xmrig
behavioral2/memory/4312-1950-0x00007FF627FE0000-0x00007FF628334000-memory.dmp	xmrig
behavioral2/memory/3940-2769-0x00007FF6AA600000-0x00007FF6AA954000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1716	RWEnbOc.exe
1236	sYMDYcp.exe
3428	OtCvlFa.exe
4048	xuemOqX.exe
3040	BokVvhO.exe
4972	yQfRALU.exe
2432	uuEJSGX.exe
2416	jtkUiXJ.exe
648	CIPXkbR.exe
212	lHvVhnf.exe
4500	omzoZSd.exe
3940	RtdNzbU.exe
2912	jGFsoHH.exe
5060	PFJfhWU.exe
3432	sDttzOT.exe
440	GRINjnG.exe
2640	DNDLVSl.exe
4168	JJozola.exe
1772	CxjNibT.exe
2616	hHhyxDu.exe
4264	wDUgFYf.exe
1456	eSNpHPy.exe
2840	ACHbIgA.exe
5096	taRRSYh.exe
3008	asgBtRt.exe
4536	RKOoQUx.exe
2936	YzdUMNf.exe
1600	GAXQrMK.exe
4312	UQLNYRt.exe
4936	YGTsaee.exe
1560	tvuevlI.exe
392	FkHKqNf.exe
2608	KfRohld.exe
3280	RxoQUnM.exe
1396	ADmkuVY.exe
2000	grOqPSs.exe
3992	KAHsoPx.exe
1724	hCeEzdy.exe
2700	cIRIDDA.exe
1972	UuPVHWI.exe
3848	XTrqKWU.exe
1476	yXoPYuz.exe
3816	IwdnvtR.exe
3612	XrGMuOg.exe
4184	VZIuRNa.exe
2644	qynEUlG.exe
3996	fgbqigw.exe
4388	aviOPvG.exe
644	KvvOJWu.exe
4236	tSeAYRT.exe
1008	AAnzQgs.exe
4140	amRlygv.exe
3520	LwJdVIX.exe
4508	itQtoqX.exe
1820	jrcqgzd.exe
1832	EEbznAl.exe
64	mrqGUJm.exe
4720	gjQuCMp.exe
2796	iRYshZg.exe
2132	nfxuMEa.exe
812	ADxvBQC.exe
3248	wOFCoJs.exe
4480	qFgVtbg.exe
1720	fbkUJPh.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3636-0-0x00007FF6116F0000-0x00007FF611A44000-memory.dmp	upx
behavioral2/memory/1716-9-0x00007FF70E330000-0x00007FF70E684000-memory.dmp	upx
behavioral2/files/0x0007000000023c8d-14.dat	upx
behavioral2/memory/1236-15-0x00007FF6F2780000-0x00007FF6F2AD4000-memory.dmp	upx
behavioral2/files/0x0007000000023c8c-17.dat	upx
behavioral2/memory/3428-16-0x00007FF76CDB0000-0x00007FF76D104000-memory.dmp	upx
behavioral2/files/0x0008000000023c88-8.dat	upx
behavioral2/files/0x0007000000023c8e-25.dat	upx
behavioral2/memory/4048-24-0x00007FF6D43A0000-0x00007FF6D46F4000-memory.dmp	upx
behavioral2/files/0x0007000000023c8f-28.dat	upx
behavioral2/files/0x0008000000023c89-34.dat	upx
behavioral2/files/0x0007000000023c90-38.dat	upx
behavioral2/memory/2432-40-0x00007FF760DD0000-0x00007FF761124000-memory.dmp	upx
behavioral2/memory/4972-36-0x00007FF7FFA60000-0x00007FF7FFDB4000-memory.dmp	upx
behavioral2/memory/3040-32-0x00007FF6DB0E0000-0x00007FF6DB434000-memory.dmp	upx
behavioral2/files/0x0007000000023c91-47.dat	upx
behavioral2/files/0x0007000000023c93-54.dat	upx
behavioral2/memory/3636-55-0x00007FF6116F0000-0x00007FF611A44000-memory.dmp	upx
behavioral2/memory/648-57-0x00007FF66F5A0000-0x00007FF66F8F4000-memory.dmp	upx
behavioral2/memory/1236-62-0x00007FF6F2780000-0x00007FF6F2AD4000-memory.dmp	upx
behavioral2/memory/1716-61-0x00007FF70E330000-0x00007FF70E684000-memory.dmp	upx
behavioral2/files/0x0007000000023c94-64.dat	upx
behavioral2/files/0x0007000000023c95-67.dat	upx
behavioral2/memory/3428-74-0x00007FF76CDB0000-0x00007FF76D104000-memory.dmp	upx
behavioral2/files/0x0007000000023c96-76.dat	upx
behavioral2/memory/4048-80-0x00007FF6D43A0000-0x00007FF6D46F4000-memory.dmp	upx
behavioral2/files/0x0007000000023c98-86.dat	upx
behavioral2/memory/3432-96-0x00007FF627C00000-0x00007FF627F54000-memory.dmp	upx
behavioral2/memory/2432-102-0x00007FF760DD0000-0x00007FF761124000-memory.dmp	upx
behavioral2/files/0x0007000000023c9b-108.dat	upx
behavioral2/memory/2416-117-0x00007FF683240000-0x00007FF683594000-memory.dmp	upx
behavioral2/files/0x0007000000023c9d-127.dat	upx
behavioral2/memory/4264-139-0x00007FF7E1AB0000-0x00007FF7E1E04000-memory.dmp	upx
behavioral2/memory/2840-150-0x00007FF7F1590000-0x00007FF7F18E4000-memory.dmp	upx
behavioral2/memory/3432-163-0x00007FF627C00000-0x00007FF627F54000-memory.dmp	upx
behavioral2/memory/1772-185-0x00007FF6B4890000-0x00007FF6B4BE4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca8-198.dat	upx
behavioral2/memory/4264-766-0x00007FF7E1AB0000-0x00007FF7E1E04000-memory.dmp	upx
behavioral2/memory/2616-764-0x00007FF61DF50000-0x00007FF61E2A4000-memory.dmp	upx
behavioral2/memory/1456-875-0x00007FF783D90000-0x00007FF7840E4000-memory.dmp	upx
behavioral2/memory/2840-925-0x00007FF7F1590000-0x00007FF7F18E4000-memory.dmp	upx
behavioral2/memory/5096-989-0x00007FF76BC30000-0x00007FF76BF84000-memory.dmp	upx
behavioral2/memory/4536-1030-0x00007FF7B2DF0000-0x00007FF7B3144000-memory.dmp	upx
behavioral2/memory/3008-1028-0x00007FF6D1E80000-0x00007FF6D21D4000-memory.dmp	upx
behavioral2/memory/2936-1144-0x00007FF7C1940000-0x00007FF7C1C94000-memory.dmp	upx
behavioral2/memory/1600-1200-0x00007FF6F2E00000-0x00007FF6F3154000-memory.dmp	upx
behavioral2/memory/4312-1258-0x00007FF627FE0000-0x00007FF628334000-memory.dmp	upx
behavioral2/memory/1236-1710-0x00007FF6F2780000-0x00007FF6F2AD4000-memory.dmp	upx
behavioral2/memory/3428-1709-0x00007FF76CDB0000-0x00007FF76D104000-memory.dmp	upx
behavioral2/memory/3040-1733-0x00007FF6DB0E0000-0x00007FF6DB434000-memory.dmp	upx
behavioral2/memory/4972-1740-0x00007FF7FFA60000-0x00007FF7FFDB4000-memory.dmp	upx
behavioral2/memory/2432-1743-0x00007FF760DD0000-0x00007FF761124000-memory.dmp	upx
behavioral2/memory/4048-1729-0x00007FF6D43A0000-0x00007FF6D46F4000-memory.dmp	upx
behavioral2/memory/648-1840-0x00007FF66F5A0000-0x00007FF66F8F4000-memory.dmp	upx
behavioral2/memory/2912-1881-0x00007FF68E500000-0x00007FF68E854000-memory.dmp	upx
behavioral2/memory/440-1902-0x00007FF74F490000-0x00007FF74F7E4000-memory.dmp	upx
behavioral2/memory/2640-1909-0x00007FF6FED90000-0x00007FF6FF0E4000-memory.dmp	upx
behavioral2/memory/2616-1916-0x00007FF61DF50000-0x00007FF61E2A4000-memory.dmp	upx
behavioral2/memory/3008-1933-0x00007FF6D1E80000-0x00007FF6D21D4000-memory.dmp	upx
behavioral2/memory/5096-1938-0x00007FF76BC30000-0x00007FF76BF84000-memory.dmp	upx
behavioral2/memory/2840-1931-0x00007FF7F1590000-0x00007FF7F18E4000-memory.dmp	upx
behavioral2/memory/4536-1944-0x00007FF7B2DF0000-0x00007FF7B3144000-memory.dmp	upx
behavioral2/memory/4312-1950-0x00007FF627FE0000-0x00007FF628334000-memory.dmp	upx
behavioral2/memory/3940-2769-0x00007FF6AA600000-0x00007FF6AA954000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bIytlPC.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogfoVHH.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwnxxxH.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hzlmPgX.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFuRTev.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fiExpzq.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNmEcsG.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ytUjXSi.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tfDqzkJ.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXcJNUP.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBDoHGW.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdjMPDm.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VyaQAYv.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GRTxtqg.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFRasoI.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkiaQsJ.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFAzyWD.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KpdUfkg.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frlHtPS.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCqnHbz.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wXWVBLj.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NecZnuv.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xkZFtvl.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbtcvbC.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AizswBt.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nIYIQtK.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLiepts.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irCiySt.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvVGaEf.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDoMdCG.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKILtIK.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNHmzrj.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWEnbOc.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YKYyOdh.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJVuTqa.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TRddvhS.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nSCoBtG.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\agagOLU.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hzgvCmu.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IevnVUE.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjCBoBS.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgzTNmv.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oaQNkjc.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uuEJSGX.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNDLVSl.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPAJZfr.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkTraSq.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqYEPtX.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amRlygv.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRXVLfL.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHRlhnw.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnGTAgY.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xlvWePW.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzZyqFy.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWEbnzy.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrWOQYA.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUAXeyV.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UuPVHWI.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RAmeucO.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpwqBCJ.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtvDkqk.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rfzMXNl.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sVzURDs.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVTFmgT.exe	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3636 wrote to memory of 1716	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3636 wrote to memory of 1716	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3636 wrote to memory of 1236	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3636 wrote to memory of 1236	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3636 wrote to memory of 3428	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3636 wrote to memory of 3428	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3636 wrote to memory of 4048	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3636 wrote to memory of 4048	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3636 wrote to memory of 3040	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3636 wrote to memory of 3040	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3636 wrote to memory of 4972	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3636 wrote to memory of 4972	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3636 wrote to memory of 2432	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3636 wrote to memory of 2432	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3636 wrote to memory of 2416	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3636 wrote to memory of 2416	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3636 wrote to memory of 648	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3636 wrote to memory of 648	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3636 wrote to memory of 212	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3636 wrote to memory of 212	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3636 wrote to memory of 4500	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3636 wrote to memory of 4500	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3636 wrote to memory of 3940	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3636 wrote to memory of 3940	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3636 wrote to memory of 2912	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3636 wrote to memory of 2912	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3636 wrote to memory of 5060	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3636 wrote to memory of 5060	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3636 wrote to memory of 3432	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3636 wrote to memory of 3432	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3636 wrote to memory of 440	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3636 wrote to memory of 440	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3636 wrote to memory of 2640	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3636 wrote to memory of 2640	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3636 wrote to memory of 4168	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3636 wrote to memory of 4168	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3636 wrote to memory of 1772	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3636 wrote to memory of 1772	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3636 wrote to memory of 2616	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3636 wrote to memory of 2616	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3636 wrote to memory of 4264	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3636 wrote to memory of 4264	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3636 wrote to memory of 1456	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3636 wrote to memory of 1456	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3636 wrote to memory of 2840	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3636 wrote to memory of 2840	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3636 wrote to memory of 5096	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3636 wrote to memory of 5096	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3636 wrote to memory of 3008	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3636 wrote to memory of 3008	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3636 wrote to memory of 4536	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3636 wrote to memory of 4536	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3636 wrote to memory of 2936	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3636 wrote to memory of 2936	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3636 wrote to memory of 1600	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3636 wrote to memory of 1600	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3636 wrote to memory of 4312	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3636 wrote to memory of 4312	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3636 wrote to memory of 4936	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3636 wrote to memory of 4936	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3636 wrote to memory of 1560	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3636 wrote to memory of 1560	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3636 wrote to memory of 392	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3636 wrote to memory of 392	3636	2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-06_a48e02009303bfa4973289bb604792b5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Windows\System\RWEnbOc.exe
  C:\Windows\System\RWEnbOc.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\sYMDYcp.exe
  C:\Windows\System\sYMDYcp.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\OtCvlFa.exe
  C:\Windows\System\OtCvlFa.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\xuemOqX.exe
  C:\Windows\System\xuemOqX.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\BokVvhO.exe
  C:\Windows\System\BokVvhO.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\yQfRALU.exe
  C:\Windows\System\yQfRALU.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\uuEJSGX.exe
  C:\Windows\System\uuEJSGX.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\jtkUiXJ.exe
  C:\Windows\System\jtkUiXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\CIPXkbR.exe
  C:\Windows\System\CIPXkbR.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\lHvVhnf.exe
  C:\Windows\System\lHvVhnf.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\omzoZSd.exe
  C:\Windows\System\omzoZSd.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\RtdNzbU.exe
  C:\Windows\System\RtdNzbU.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\jGFsoHH.exe
  C:\Windows\System\jGFsoHH.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\PFJfhWU.exe
  C:\Windows\System\PFJfhWU.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\sDttzOT.exe
  C:\Windows\System\sDttzOT.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\GRINjnG.exe
  C:\Windows\System\GRINjnG.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\DNDLVSl.exe
  C:\Windows\System\DNDLVSl.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\JJozola.exe
  C:\Windows\System\JJozola.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\CxjNibT.exe
  C:\Windows\System\CxjNibT.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\hHhyxDu.exe
  C:\Windows\System\hHhyxDu.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\wDUgFYf.exe
  C:\Windows\System\wDUgFYf.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\eSNpHPy.exe
  C:\Windows\System\eSNpHPy.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\ACHbIgA.exe
  C:\Windows\System\ACHbIgA.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\taRRSYh.exe
  C:\Windows\System\taRRSYh.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\asgBtRt.exe
  C:\Windows\System\asgBtRt.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\RKOoQUx.exe
  C:\Windows\System\RKOoQUx.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\YzdUMNf.exe
  C:\Windows\System\YzdUMNf.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\GAXQrMK.exe
  C:\Windows\System\GAXQrMK.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\UQLNYRt.exe
  C:\Windows\System\UQLNYRt.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\YGTsaee.exe
  C:\Windows\System\YGTsaee.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\tvuevlI.exe
  C:\Windows\System\tvuevlI.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\FkHKqNf.exe
  C:\Windows\System\FkHKqNf.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\KfRohld.exe
  C:\Windows\System\KfRohld.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\RxoQUnM.exe
  C:\Windows\System\RxoQUnM.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\ADmkuVY.exe
  C:\Windows\System\ADmkuVY.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\grOqPSs.exe
  C:\Windows\System\grOqPSs.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\KAHsoPx.exe
  C:\Windows\System\KAHsoPx.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\hCeEzdy.exe
  C:\Windows\System\hCeEzdy.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\cIRIDDA.exe
  C:\Windows\System\cIRIDDA.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\UuPVHWI.exe
  C:\Windows\System\UuPVHWI.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\XTrqKWU.exe
  C:\Windows\System\XTrqKWU.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\yXoPYuz.exe
  C:\Windows\System\yXoPYuz.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\IwdnvtR.exe
  C:\Windows\System\IwdnvtR.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System\XrGMuOg.exe
  C:\Windows\System\XrGMuOg.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\VZIuRNa.exe
  C:\Windows\System\VZIuRNa.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\qynEUlG.exe
  C:\Windows\System\qynEUlG.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\fgbqigw.exe
  C:\Windows\System\fgbqigw.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\aviOPvG.exe
  C:\Windows\System\aviOPvG.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\KvvOJWu.exe
  C:\Windows\System\KvvOJWu.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\tSeAYRT.exe
  C:\Windows\System\tSeAYRT.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\AAnzQgs.exe
  C:\Windows\System\AAnzQgs.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\amRlygv.exe
  C:\Windows\System\amRlygv.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\LwJdVIX.exe
  C:\Windows\System\LwJdVIX.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\itQtoqX.exe
  C:\Windows\System\itQtoqX.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\jrcqgzd.exe
  C:\Windows\System\jrcqgzd.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\EEbznAl.exe
  C:\Windows\System\EEbznAl.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\mrqGUJm.exe
  C:\Windows\System\mrqGUJm.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\gjQuCMp.exe
  C:\Windows\System\gjQuCMp.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\iRYshZg.exe
  C:\Windows\System\iRYshZg.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\nfxuMEa.exe
  C:\Windows\System\nfxuMEa.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\ADxvBQC.exe
  C:\Windows\System\ADxvBQC.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\wOFCoJs.exe
  C:\Windows\System\wOFCoJs.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\qFgVtbg.exe
  C:\Windows\System\qFgVtbg.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\fbkUJPh.exe
  C:\Windows\System\fbkUJPh.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\rGlmNSi.exe
  C:\Windows\System\rGlmNSi.exe
  2⤵
  PID:3108
- C:\Windows\System\lrVTdFc.exe
  C:\Windows\System\lrVTdFc.exe
  2⤵
  PID:2904
- C:\Windows\System\kfkCDbz.exe
  C:\Windows\System\kfkCDbz.exe
  2⤵
  PID:3696
- C:\Windows\System\npmbSLD.exe
  C:\Windows\System\npmbSLD.exe
  2⤵
  PID:3944
- C:\Windows\System\ncfTtrT.exe
  C:\Windows\System\ncfTtrT.exe
  2⤵
  PID:2056
- C:\Windows\System\YuMAxiH.exe
  C:\Windows\System\YuMAxiH.exe
  2⤵
  PID:3984
- C:\Windows\System\ceReVIf.exe
  C:\Windows\System\ceReVIf.exe
  2⤵
  PID:3804
- C:\Windows\System\kjnGLhl.exe
  C:\Windows\System\kjnGLhl.exe
  2⤵
  PID:1780
- C:\Windows\System\QEcebMK.exe
  C:\Windows\System\QEcebMK.exe
  2⤵
  PID:1276
- C:\Windows\System\fDXrFld.exe
  C:\Windows\System\fDXrFld.exe
  2⤵
  PID:828
- C:\Windows\System\CGIeCKk.exe
  C:\Windows\System\CGIeCKk.exe
  2⤵
  PID:1180
- C:\Windows\System\zStvUxc.exe
  C:\Windows\System\zStvUxc.exe
  2⤵
  PID:4280
- C:\Windows\System\RiuNnSJ.exe
  C:\Windows\System\RiuNnSJ.exe
  2⤵
  PID:764
- C:\Windows\System\hWOUekU.exe
  C:\Windows\System\hWOUekU.exe
  2⤵
  PID:5012
- C:\Windows\System\AhfrJaF.exe
  C:\Windows\System\AhfrJaF.exe
  2⤵
  PID:3624
- C:\Windows\System\lIwtACt.exe
  C:\Windows\System\lIwtACt.exe
  2⤵
  PID:4384
- C:\Windows\System\OzZkuKj.exe
  C:\Windows\System\OzZkuKj.exe
  2⤵
  PID:2008
- C:\Windows\System\BbAcLSj.exe
  C:\Windows\System\BbAcLSj.exe
  2⤵
  PID:5004
- C:\Windows\System\RcnoIGN.exe
  C:\Windows\System\RcnoIGN.exe
  2⤵
  PID:704
- C:\Windows\System\xLQLHVc.exe
  C:\Windows\System\xLQLHVc.exe
  2⤵
  PID:5148
- C:\Windows\System\dYtzngQ.exe
  C:\Windows\System\dYtzngQ.exe
  2⤵
  PID:5164
- C:\Windows\System\dLzkCZo.exe
  C:\Windows\System\dLzkCZo.exe
  2⤵
  PID:5192
- C:\Windows\System\LCKuDlx.exe
  C:\Windows\System\LCKuDlx.exe
  2⤵
  PID:5220
- C:\Windows\System\RMQqESy.exe
  C:\Windows\System\RMQqESy.exe
  2⤵
  PID:5248
- C:\Windows\System\WrTuUCX.exe
  C:\Windows\System\WrTuUCX.exe
  2⤵
  PID:5276
- C:\Windows\System\zBDoHGW.exe
  C:\Windows\System\zBDoHGW.exe
  2⤵
  PID:5304
- C:\Windows\System\HTvOcli.exe
  C:\Windows\System\HTvOcli.exe
  2⤵
  PID:5332
- C:\Windows\System\pFVxkji.exe
  C:\Windows\System\pFVxkji.exe
  2⤵
  PID:5356
- C:\Windows\System\xDfcgnN.exe
  C:\Windows\System\xDfcgnN.exe
  2⤵
  PID:5388
- C:\Windows\System\rednHUH.exe
  C:\Windows\System\rednHUH.exe
  2⤵
  PID:5416
- C:\Windows\System\CwOyYXJ.exe
  C:\Windows\System\CwOyYXJ.exe
  2⤵
  PID:5440
- C:\Windows\System\rUSPPuD.exe
  C:\Windows\System\rUSPPuD.exe
  2⤵
  PID:5472
- C:\Windows\System\PSxBreU.exe
  C:\Windows\System\PSxBreU.exe
  2⤵
  PID:5500
- C:\Windows\System\ukZueVZ.exe
  C:\Windows\System\ukZueVZ.exe
  2⤵
  PID:5528
- C:\Windows\System\awNKVkz.exe
  C:\Windows\System\awNKVkz.exe
  2⤵
  PID:5568
- C:\Windows\System\pJedXKh.exe
  C:\Windows\System\pJedXKh.exe
  2⤵
  PID:5584
- C:\Windows\System\eZACdvV.exe
  C:\Windows\System\eZACdvV.exe
  2⤵
  PID:5612
- C:\Windows\System\ynDsoUt.exe
  C:\Windows\System\ynDsoUt.exe
  2⤵
  PID:5640
- C:\Windows\System\vtvDkqk.exe
  C:\Windows\System\vtvDkqk.exe
  2⤵
  PID:5668
- C:\Windows\System\dgAmZJM.exe
  C:\Windows\System\dgAmZJM.exe
  2⤵
  PID:5696
- C:\Windows\System\mjCoTJw.exe
  C:\Windows\System\mjCoTJw.exe
  2⤵
  PID:5724
- C:\Windows\System\CluQDfB.exe
  C:\Windows\System\CluQDfB.exe
  2⤵
  PID:5764
- C:\Windows\System\ktJWvIg.exe
  C:\Windows\System\ktJWvIg.exe
  2⤵
  PID:5780
- C:\Windows\System\xhzJqKm.exe
  C:\Windows\System\xhzJqKm.exe
  2⤵
  PID:5808
- C:\Windows\System\XlqRFsx.exe
  C:\Windows\System\XlqRFsx.exe
  2⤵
  PID:5836
- C:\Windows\System\ggBljtW.exe
  C:\Windows\System\ggBljtW.exe
  2⤵
  PID:5852
- C:\Windows\System\GFtyEnq.exe
  C:\Windows\System\GFtyEnq.exe
  2⤵
  PID:5880
- C:\Windows\System\cbGOfst.exe
  C:\Windows\System\cbGOfst.exe
  2⤵
  PID:5920
- C:\Windows\System\wccdaVw.exe
  C:\Windows\System\wccdaVw.exe
  2⤵
  PID:5948
- C:\Windows\System\ZwTwgrm.exe
  C:\Windows\System\ZwTwgrm.exe
  2⤵
  PID:5976
- C:\Windows\System\mzTALhn.exe
  C:\Windows\System\mzTALhn.exe
  2⤵
  PID:6004
- C:\Windows\System\ylETfpG.exe
  C:\Windows\System\ylETfpG.exe
  2⤵
  PID:6032
- C:\Windows\System\WrEYyTY.exe
  C:\Windows\System\WrEYyTY.exe
  2⤵
  PID:6056
- C:\Windows\System\EcdCsIx.exe
  C:\Windows\System\EcdCsIx.exe
  2⤵
  PID:6084
- C:\Windows\System\wLsodKF.exe
  C:\Windows\System\wLsodKF.exe
  2⤵
  PID:6116
- C:\Windows\System\IxzqaDA.exe
  C:\Windows\System\IxzqaDA.exe
  2⤵
  PID:6132
- C:\Windows\System\jXiTBce.exe
  C:\Windows\System\jXiTBce.exe
  2⤵
  PID:1520
- C:\Windows\System\sQPWvtK.exe
  C:\Windows\System\sQPWvtK.exe
  2⤵
  PID:748
- C:\Windows\System\mHpKUhi.exe
  C:\Windows\System\mHpKUhi.exe
  2⤵
  PID:352
- C:\Windows\System\DlRijkR.exe
  C:\Windows\System\DlRijkR.exe
  2⤵
  PID:5184
- C:\Windows\System\meVcaif.exe
  C:\Windows\System\meVcaif.exe
  2⤵
  PID:5232
- C:\Windows\System\EzgkfJj.exe
  C:\Windows\System\EzgkfJj.exe
  2⤵
  PID:5296
- C:\Windows\System\mAbKuRV.exe
  C:\Windows\System\mAbKuRV.exe
  2⤵
  PID:5352
- C:\Windows\System\TBhphXN.exe
  C:\Windows\System\TBhphXN.exe
  2⤵
  PID:5428
- C:\Windows\System\bPZVPLl.exe
  C:\Windows\System\bPZVPLl.exe
  2⤵
  PID:5492
- C:\Windows\System\BbnXgMO.exe
  C:\Windows\System\BbnXgMO.exe
  2⤵
  PID:5560
- C:\Windows\System\iMQSkbo.exe
  C:\Windows\System\iMQSkbo.exe
  2⤵
  PID:5624
- C:\Windows\System\DXprCHt.exe
  C:\Windows\System\DXprCHt.exe
  2⤵
  PID:5712
- C:\Windows\System\GnHqlez.exe
  C:\Windows\System\GnHqlez.exe
  2⤵
  PID:5752
- C:\Windows\System\tiBNaIS.exe
  C:\Windows\System\tiBNaIS.exe
  2⤵
  PID:5820
- C:\Windows\System\cAtJwRR.exe
  C:\Windows\System\cAtJwRR.exe
  2⤵
  PID:5908
- C:\Windows\System\dCgtGSb.exe
  C:\Windows\System\dCgtGSb.exe
  2⤵
  PID:5940
- C:\Windows\System\JBFAOVx.exe
  C:\Windows\System\JBFAOVx.exe
  2⤵
  PID:6016
- C:\Windows\System\tuhQzku.exe
  C:\Windows\System\tuhQzku.exe
  2⤵
  PID:6076
- C:\Windows\System\IByFIEr.exe
  C:\Windows\System\IByFIEr.exe
  2⤵
  PID:460
- C:\Windows\System\qlcEZHZ.exe
  C:\Windows\System\qlcEZHZ.exe
  2⤵
  PID:1216
- C:\Windows\System\bKwqYKK.exe
  C:\Windows\System\bKwqYKK.exe
  2⤵
  PID:5176
- C:\Windows\System\QJZvLGm.exe
  C:\Windows\System\QJZvLGm.exe
  2⤵
  PID:5340
- C:\Windows\System\KcxfXBo.exe
  C:\Windows\System\KcxfXBo.exe
  2⤵
  PID:5468
- C:\Windows\System\lFuRTev.exe
  C:\Windows\System\lFuRTev.exe
  2⤵
  PID:5688
- C:\Windows\System\DnmkrZl.exe
  C:\Windows\System\DnmkrZl.exe
  2⤵
  PID:5868
- C:\Windows\System\xJumYkf.exe
  C:\Windows\System\xJumYkf.exe
  2⤵
  PID:5936
- C:\Windows\System\PKbgQst.exe
  C:\Windows\System\PKbgQst.exe
  2⤵
  PID:6104
- C:\Windows\System\wViqYmQ.exe
  C:\Windows\System\wViqYmQ.exe
  2⤵
  PID:5140
- C:\Windows\System\NRLTPlB.exe
  C:\Windows\System\NRLTPlB.exe
  2⤵
  PID:6164
- C:\Windows\System\iFAzyWD.exe
  C:\Windows\System\iFAzyWD.exe
  2⤵
  PID:6192
- C:\Windows\System\RfPYKSv.exe
  C:\Windows\System\RfPYKSv.exe
  2⤵
  PID:6232
- C:\Windows\System\ttQrZmS.exe
  C:\Windows\System\ttQrZmS.exe
  2⤵
  PID:6252
- C:\Windows\System\TIJzfDS.exe
  C:\Windows\System\TIJzfDS.exe
  2⤵
  PID:6288
- C:\Windows\System\NFElTmO.exe
  C:\Windows\System\NFElTmO.exe
  2⤵
  PID:6304
- C:\Windows\System\ZmuxpcE.exe
  C:\Windows\System\ZmuxpcE.exe
  2⤵
  PID:6332
- C:\Windows\System\GXBoFpT.exe
  C:\Windows\System\GXBoFpT.exe
  2⤵
  PID:6368
- C:\Windows\System\edYXjuU.exe
  C:\Windows\System\edYXjuU.exe
  2⤵
  PID:6388
- C:\Windows\System\kBWtQux.exe
  C:\Windows\System\kBWtQux.exe
  2⤵
  PID:6416
- C:\Windows\System\VWxguRU.exe
  C:\Windows\System\VWxguRU.exe
  2⤵
  PID:6444
- C:\Windows\System\UQyIXNa.exe
  C:\Windows\System\UQyIXNa.exe
  2⤵
  PID:6484
- C:\Windows\System\zSlRVKA.exe
  C:\Windows\System\zSlRVKA.exe
  2⤵
  PID:6500
- C:\Windows\System\rfzMXNl.exe
  C:\Windows\System\rfzMXNl.exe
  2⤵
  PID:6528
- C:\Windows\System\jyJszsG.exe
  C:\Windows\System\jyJszsG.exe
  2⤵
  PID:6556
- C:\Windows\System\YKFScuI.exe
  C:\Windows\System\YKFScuI.exe
  2⤵
  PID:6584
- C:\Windows\System\LtfqQpc.exe
  C:\Windows\System\LtfqQpc.exe
  2⤵
  PID:6612
- C:\Windows\System\CuKCxnC.exe
  C:\Windows\System\CuKCxnC.exe
  2⤵
  PID:6628
- C:\Windows\System\MzRStkk.exe
  C:\Windows\System\MzRStkk.exe
  2⤵
  PID:6656
- C:\Windows\System\qOdTxTc.exe
  C:\Windows\System\qOdTxTc.exe
  2⤵
  PID:6692
- C:\Windows\System\cakZJbO.exe
  C:\Windows\System\cakZJbO.exe
  2⤵
  PID:6724
- C:\Windows\System\aGmHgNt.exe
  C:\Windows\System\aGmHgNt.exe
  2⤵
  PID:6740
- C:\Windows\System\JyOBVdf.exe
  C:\Windows\System\JyOBVdf.exe
  2⤵
  PID:6776
- C:\Windows\System\WBQxVqV.exe
  C:\Windows\System\WBQxVqV.exe
  2⤵
  PID:6816
- C:\Windows\System\ZoMIrFf.exe
  C:\Windows\System\ZoMIrFf.exe
  2⤵
  PID:6848
- C:\Windows\System\twafidG.exe
  C:\Windows\System\twafidG.exe
  2⤵
  PID:6876
- C:\Windows\System\czDkvuS.exe
  C:\Windows\System\czDkvuS.exe
  2⤵
  PID:6892
- C:\Windows\System\ebauNvL.exe
  C:\Windows\System\ebauNvL.exe
  2⤵
  PID:6920
- C:\Windows\System\wCpirMD.exe
  C:\Windows\System\wCpirMD.exe
  2⤵
  PID:6948
- C:\Windows\System\ZSFoaiU.exe
  C:\Windows\System\ZSFoaiU.exe
  2⤵
  PID:6976
- C:\Windows\System\ZZgPUbm.exe
  C:\Windows\System\ZZgPUbm.exe
  2⤵
  PID:7004
- C:\Windows\System\vhNMlTC.exe
  C:\Windows\System\vhNMlTC.exe
  2⤵
  PID:7032
- C:\Windows\System\wVFtejU.exe
  C:\Windows\System\wVFtejU.exe
  2⤵
  PID:7048
- C:\Windows\System\gtKqUZN.exe
  C:\Windows\System\gtKqUZN.exe
  2⤵
  PID:7076
- C:\Windows\System\DdjamUB.exe
  C:\Windows\System\DdjamUB.exe
  2⤵
  PID:7104
- C:\Windows\System\gOgxkLe.exe
  C:\Windows\System\gOgxkLe.exe
  2⤵
  PID:7132
- C:\Windows\System\SxuKfOA.exe
  C:\Windows\System\SxuKfOA.exe
  2⤵
  PID:5288
- C:\Windows\System\YGjELgB.exe
  C:\Windows\System\YGjELgB.exe
  2⤵
  PID:5652
- C:\Windows\System\DoiJQqj.exe
  C:\Windows\System\DoiJQqj.exe
  2⤵
  PID:6000
- C:\Windows\System\VsHdSAQ.exe
  C:\Windows\System\VsHdSAQ.exe
  2⤵
  PID:6180
- C:\Windows\System\TQrxyPz.exe
  C:\Windows\System\TQrxyPz.exe
  2⤵
  PID:6220
- C:\Windows\System\KezqKkI.exe
  C:\Windows\System\KezqKkI.exe
  2⤵
  PID:6316
- C:\Windows\System\sBieMXQ.exe
  C:\Windows\System\sBieMXQ.exe
  2⤵
  PID:6328
- C:\Windows\System\DnwrgAU.exe
  C:\Windows\System\DnwrgAU.exe
  2⤵
  PID:6404
- C:\Windows\System\CyZttXi.exe
  C:\Windows\System\CyZttXi.exe
  2⤵
  PID:6456
- C:\Windows\System\alSvqhU.exe
  C:\Windows\System\alSvqhU.exe
  2⤵
  PID:6512
- C:\Windows\System\zCMnLIY.exe
  C:\Windows\System\zCMnLIY.exe
  2⤵
  PID:6568
- C:\Windows\System\dewVLsJ.exe
  C:\Windows\System\dewVLsJ.exe
  2⤵
  PID:6624
- C:\Windows\System\FFwNfOy.exe
  C:\Windows\System\FFwNfOy.exe
  2⤵
  PID:244
- C:\Windows\System\vfsQjvz.exe
  C:\Windows\System\vfsQjvz.exe
  2⤵
  PID:6736
- C:\Windows\System\PfInDNo.exe
  C:\Windows\System\PfInDNo.exe
  2⤵
  PID:6796
- C:\Windows\System\qvKwjkE.exe
  C:\Windows\System\qvKwjkE.exe
  2⤵
  PID:6836
- C:\Windows\System\bEYkOBt.exe
  C:\Windows\System\bEYkOBt.exe
  2⤵
  PID:6888
- C:\Windows\System\jpjrnhy.exe
  C:\Windows\System\jpjrnhy.exe
  2⤵
  PID:6956
- C:\Windows\System\bIytlPC.exe
  C:\Windows\System\bIytlPC.exe
  2⤵
  PID:7016
- C:\Windows\System\cNebOBr.exe
  C:\Windows\System\cNebOBr.exe
  2⤵
  PID:7064
- C:\Windows\System\KdjMPDm.exe
  C:\Windows\System\KdjMPDm.exe
  2⤵
  PID:3448
- C:\Windows\System\KFQFQzV.exe
  C:\Windows\System\KFQFQzV.exe
  2⤵
  PID:7164
- C:\Windows\System\HmyLqcg.exe
  C:\Windows\System\HmyLqcg.exe
  2⤵
  PID:5804
- C:\Windows\System\tThagsh.exe
  C:\Windows\System\tThagsh.exe
  2⤵
  PID:6216
- C:\Windows\System\OVGWwkd.exe
  C:\Windows\System\OVGWwkd.exe
  2⤵
  PID:4560
- C:\Windows\System\ZrctDsH.exe
  C:\Windows\System\ZrctDsH.exe
  2⤵
  PID:6380
- C:\Windows\System\uYNRrnF.exe
  C:\Windows\System\uYNRrnF.exe
  2⤵
  PID:1960
- C:\Windows\System\sVzURDs.exe
  C:\Windows\System\sVzURDs.exe
  2⤵
  PID:4524
- C:\Windows\System\CZekGQY.exe
  C:\Windows\System\CZekGQY.exe
  2⤵
  PID:6680
- C:\Windows\System\BsMUTQH.exe
  C:\Windows\System\BsMUTQH.exe
  2⤵
  PID:6812
- C:\Windows\System\dxURZqS.exe
  C:\Windows\System\dxURZqS.exe
  2⤵
  PID:6916
- C:\Windows\System\NhKkobS.exe
  C:\Windows\System\NhKkobS.exe
  2⤵
  PID:6992
- C:\Windows\System\DeKujXm.exe
  C:\Windows\System\DeKujXm.exe
  2⤵
  PID:3396
- C:\Windows\System\fsjTSHJ.exe
  C:\Windows\System\fsjTSHJ.exe
  2⤵
  PID:6648
- C:\Windows\System\opFgBrd.exe
  C:\Windows\System\opFgBrd.exe
  2⤵
  PID:4812
- C:\Windows\System\VLhCLXp.exe
  C:\Windows\System\VLhCLXp.exe
  2⤵
  PID:6872
- C:\Windows\System\obCzvvd.exe
  C:\Windows\System\obCzvvd.exe
  2⤵
  PID:1340
- C:\Windows\System\fQKeSTs.exe
  C:\Windows\System\fQKeSTs.exe
  2⤵
  PID:6936
- C:\Windows\System\uRXVLfL.exe
  C:\Windows\System\uRXVLfL.exe
  2⤵
  PID:6296
- C:\Windows\System\WvzCoBd.exe
  C:\Windows\System\WvzCoBd.exe
  2⤵
  PID:3052
- C:\Windows\System\ccYvgWp.exe
  C:\Windows\System\ccYvgWp.exe
  2⤵
  PID:6840
- C:\Windows\System\wyrjGvs.exe
  C:\Windows\System\wyrjGvs.exe
  2⤵
  PID:688
- C:\Windows\System\RTSfbLH.exe
  C:\Windows\System\RTSfbLH.exe
  2⤵
  PID:5008
- C:\Windows\System\lHDBcOz.exe
  C:\Windows\System\lHDBcOz.exe
  2⤵
  PID:1620
- C:\Windows\System\PWGlBYz.exe
  C:\Windows\System\PWGlBYz.exe
  2⤵
  PID:2476
- C:\Windows\System\QKBjyNb.exe
  C:\Windows\System\QKBjyNb.exe
  2⤵
  PID:984
- C:\Windows\System\MzJzOPd.exe
  C:\Windows\System\MzJzOPd.exe
  2⤵
  PID:2312
- C:\Windows\System\TIQtnlX.exe
  C:\Windows\System\TIQtnlX.exe
  2⤵
  PID:7184
- C:\Windows\System\LKRxGBQ.exe
  C:\Windows\System\LKRxGBQ.exe
  2⤵
  PID:7216
- C:\Windows\System\abLtcNd.exe
  C:\Windows\System\abLtcNd.exe
  2⤵
  PID:7248
- C:\Windows\System\hzMJBjE.exe
  C:\Windows\System\hzMJBjE.exe
  2⤵
  PID:7276
- C:\Windows\System\cOfgEWu.exe
  C:\Windows\System\cOfgEWu.exe
  2⤵
  PID:7304
- C:\Windows\System\AzjwbXZ.exe
  C:\Windows\System\AzjwbXZ.exe
  2⤵
  PID:7336
- C:\Windows\System\YpyVhkY.exe
  C:\Windows\System\YpyVhkY.exe
  2⤵
  PID:7372
- C:\Windows\System\TXcgttf.exe
  C:\Windows\System\TXcgttf.exe
  2⤵
  PID:7392
- C:\Windows\System\IevnVUE.exe
  C:\Windows\System\IevnVUE.exe
  2⤵
  PID:7424
- C:\Windows\System\WPAJZfr.exe
  C:\Windows\System\WPAJZfr.exe
  2⤵
  PID:7452
- C:\Windows\System\hojVyzB.exe
  C:\Windows\System\hojVyzB.exe
  2⤵
  PID:7484
- C:\Windows\System\wHvCAnf.exe
  C:\Windows\System\wHvCAnf.exe
  2⤵
  PID:7516
- C:\Windows\System\nLWXODr.exe
  C:\Windows\System\nLWXODr.exe
  2⤵
  PID:7540
- C:\Windows\System\jgXynYb.exe
  C:\Windows\System\jgXynYb.exe
  2⤵
  PID:7568
- C:\Windows\System\PfhlxSZ.exe
  C:\Windows\System\PfhlxSZ.exe
  2⤵
  PID:7596
- C:\Windows\System\oENdEHv.exe
  C:\Windows\System\oENdEHv.exe
  2⤵
  PID:7624
- C:\Windows\System\VfiVQqG.exe
  C:\Windows\System\VfiVQqG.exe
  2⤵
  PID:7652
- C:\Windows\System\vAtFoQC.exe
  C:\Windows\System\vAtFoQC.exe
  2⤵
  PID:7680
- C:\Windows\System\wugyRcM.exe
  C:\Windows\System\wugyRcM.exe
  2⤵
  PID:7708
- C:\Windows\System\IZkEjRQ.exe
  C:\Windows\System\IZkEjRQ.exe
  2⤵
  PID:7740
- C:\Windows\System\VgUGqcJ.exe
  C:\Windows\System\VgUGqcJ.exe
  2⤵
  PID:7768
- C:\Windows\System\hihcfQP.exe
  C:\Windows\System\hihcfQP.exe
  2⤵
  PID:7808
- C:\Windows\System\uzNOOri.exe
  C:\Windows\System\uzNOOri.exe
  2⤵
  PID:7824
- C:\Windows\System\EPvkVpp.exe
  C:\Windows\System\EPvkVpp.exe
  2⤵
  PID:7856
- C:\Windows\System\LMYJQQB.exe
  C:\Windows\System\LMYJQQB.exe
  2⤵
  PID:7892
- C:\Windows\System\Cnnxsab.exe
  C:\Windows\System\Cnnxsab.exe
  2⤵
  PID:7912
- C:\Windows\System\jMyNuPF.exe
  C:\Windows\System\jMyNuPF.exe
  2⤵
  PID:7940
- C:\Windows\System\VyaQAYv.exe
  C:\Windows\System\VyaQAYv.exe
  2⤵
  PID:7968
- C:\Windows\System\BuVKHfF.exe
  C:\Windows\System\BuVKHfF.exe
  2⤵
  PID:7996
- C:\Windows\System\jnSWToQ.exe
  C:\Windows\System\jnSWToQ.exe
  2⤵
  PID:8056
- C:\Windows\System\oGjSURx.exe
  C:\Windows\System\oGjSURx.exe
  2⤵
  PID:8080
- C:\Windows\System\DAirnFs.exe
  C:\Windows\System\DAirnFs.exe
  2⤵
  PID:8132
- C:\Windows\System\cRBUmsx.exe
  C:\Windows\System\cRBUmsx.exe
  2⤵
  PID:8172
- C:\Windows\System\UdmzFRi.exe
  C:\Windows\System\UdmzFRi.exe
  2⤵
  PID:4896
- C:\Windows\System\RAmeucO.exe
  C:\Windows\System\RAmeucO.exe
  2⤵
  PID:7236
- C:\Windows\System\trDqJNP.exe
  C:\Windows\System\trDqJNP.exe
  2⤵
  PID:7268
- C:\Windows\System\ALTRLHu.exe
  C:\Windows\System\ALTRLHu.exe
  2⤵
  PID:7332
- C:\Windows\System\gUDOoyd.exe
  C:\Windows\System\gUDOoyd.exe
  2⤵
  PID:7388
- C:\Windows\System\ajRGmAd.exe
  C:\Windows\System\ajRGmAd.exe
  2⤵
  PID:7464
- C:\Windows\System\twTdpem.exe
  C:\Windows\System\twTdpem.exe
  2⤵
  PID:7536
- C:\Windows\System\ZAtnoQK.exe
  C:\Windows\System\ZAtnoQK.exe
  2⤵
  PID:7608
- C:\Windows\System\zIpnhGm.exe
  C:\Windows\System\zIpnhGm.exe
  2⤵
  PID:7672
- C:\Windows\System\RQTggCp.exe
  C:\Windows\System\RQTggCp.exe
  2⤵
  PID:7732
- C:\Windows\System\JOoOkHA.exe
  C:\Windows\System\JOoOkHA.exe
  2⤵
  PID:7800
- C:\Windows\System\beXJfoC.exe
  C:\Windows\System\beXJfoC.exe
  2⤵
  PID:7872
- C:\Windows\System\nVTFmgT.exe
  C:\Windows\System\nVTFmgT.exe
  2⤵
  PID:7924
- C:\Windows\System\CuEMTYg.exe
  C:\Windows\System\CuEMTYg.exe
  2⤵
  PID:7980
- C:\Windows\System\LeAIdev.exe
  C:\Windows\System\LeAIdev.exe
  2⤵
  PID:220
- C:\Windows\System\WOkOdGw.exe
  C:\Windows\System\WOkOdGw.exe
  2⤵
  PID:8036
- C:\Windows\System\yGqbqyY.exe
  C:\Windows\System\yGqbqyY.exe
  2⤵
  PID:8092
- C:\Windows\System\qibNrer.exe
  C:\Windows\System\qibNrer.exe
  2⤵
  PID:8188
- C:\Windows\System\yrCbadR.exe
  C:\Windows\System\yrCbadR.exe
  2⤵
  PID:8108
- C:\Windows\System\OgUPwsd.exe
  C:\Windows\System\OgUPwsd.exe
  2⤵
  PID:8072
- C:\Windows\System\JhxMGCa.exe
  C:\Windows\System\JhxMGCa.exe
  2⤵
  PID:7360
- C:\Windows\System\gOytfkJ.exe
  C:\Windows\System\gOytfkJ.exe
  2⤵
  PID:2660
- C:\Windows\System\xWnopAo.exe
  C:\Windows\System\xWnopAo.exe
  2⤵
  PID:7664
- C:\Windows\System\NGFwcbe.exe
  C:\Windows\System\NGFwcbe.exe
  2⤵
  PID:660
- C:\Windows\System\EsKvKBb.exe
  C:\Windows\System\EsKvKBb.exe
  2⤵
  PID:2992
- C:\Windows\System\FkTraSq.exe
  C:\Windows\System\FkTraSq.exe
  2⤵
  PID:8024
- C:\Windows\System\bgdKuXg.exe
  C:\Windows\System\bgdKuXg.exe
  2⤵
  PID:1360
- C:\Windows\System\tXAMdmI.exe
  C:\Windows\System\tXAMdmI.exe
  2⤵
  PID:7208
- C:\Windows\System\gKXykFA.exe
  C:\Windows\System\gKXykFA.exe
  2⤵
  PID:7328
- C:\Windows\System\oAHSsCl.exe
  C:\Windows\System\oAHSsCl.exe
  2⤵
  PID:7644
- C:\Windows\System\NRdvspI.exe
  C:\Windows\System\NRdvspI.exe
  2⤵
  PID:3188
- C:\Windows\System\oFzHsqh.exe
  C:\Windows\System\oFzHsqh.exe
  2⤵
  PID:8156
- C:\Windows\System\NrtvkfA.exe
  C:\Windows\System\NrtvkfA.exe
  2⤵
  PID:7588
- C:\Windows\System\bcBdhuI.exe
  C:\Windows\System\bcBdhuI.exe
  2⤵
  PID:1640
- C:\Windows\System\ivbCfjl.exe
  C:\Windows\System\ivbCfjl.exe
  2⤵
  PID:7528
- C:\Windows\System\xteOzdc.exe
  C:\Windows\System\xteOzdc.exe
  2⤵
  PID:7316
- C:\Windows\System\fiExpzq.exe
  C:\Windows\System\fiExpzq.exe
  2⤵
  PID:8208
- C:\Windows\System\xMBhRTq.exe
  C:\Windows\System\xMBhRTq.exe
  2⤵
  PID:8240
- C:\Windows\System\VtLAQDx.exe
  C:\Windows\System\VtLAQDx.exe
  2⤵
  PID:8268
- C:\Windows\System\atKBYut.exe
  C:\Windows\System\atKBYut.exe
  2⤵
  PID:8304
- C:\Windows\System\uBHEaNZ.exe
  C:\Windows\System\uBHEaNZ.exe
  2⤵
  PID:8332
- C:\Windows\System\BZHjJtd.exe
  C:\Windows\System\BZHjJtd.exe
  2⤵
  PID:8360
- C:\Windows\System\blOpmQz.exe
  C:\Windows\System\blOpmQz.exe
  2⤵
  PID:8388
- C:\Windows\System\xTqhEwB.exe
  C:\Windows\System\xTqhEwB.exe
  2⤵
  PID:8416
- C:\Windows\System\exarDYx.exe
  C:\Windows\System\exarDYx.exe
  2⤵
  PID:8444
- C:\Windows\System\HEMSFfv.exe
  C:\Windows\System\HEMSFfv.exe
  2⤵
  PID:8472
- C:\Windows\System\zVHEdZm.exe
  C:\Windows\System\zVHEdZm.exe
  2⤵
  PID:8500
- C:\Windows\System\FDVdSGO.exe
  C:\Windows\System\FDVdSGO.exe
  2⤵
  PID:8528
- C:\Windows\System\WVPeCGa.exe
  C:\Windows\System\WVPeCGa.exe
  2⤵
  PID:8556
- C:\Windows\System\gfaMVqq.exe
  C:\Windows\System\gfaMVqq.exe
  2⤵
  PID:8584
- C:\Windows\System\ANgErdv.exe
  C:\Windows\System\ANgErdv.exe
  2⤵
  PID:8612
- C:\Windows\System\QTVSZDH.exe
  C:\Windows\System\QTVSZDH.exe
  2⤵
  PID:8640
- C:\Windows\System\qwtLzYB.exe
  C:\Windows\System\qwtLzYB.exe
  2⤵
  PID:8668
- C:\Windows\System\lFqgtSl.exe
  C:\Windows\System\lFqgtSl.exe
  2⤵
  PID:8696
- C:\Windows\System\ODwZbOC.exe
  C:\Windows\System\ODwZbOC.exe
  2⤵
  PID:8740
- C:\Windows\System\LppwHYq.exe
  C:\Windows\System\LppwHYq.exe
  2⤵
  PID:8768
- C:\Windows\System\RNVjqGe.exe
  C:\Windows\System\RNVjqGe.exe
  2⤵
  PID:8796
- C:\Windows\System\IOPugnd.exe
  C:\Windows\System\IOPugnd.exe
  2⤵
  PID:8824
- C:\Windows\System\jbFaEYa.exe
  C:\Windows\System\jbFaEYa.exe
  2⤵
  PID:8852
- C:\Windows\System\shWCUfO.exe
  C:\Windows\System\shWCUfO.exe
  2⤵
  PID:8880
- C:\Windows\System\mRBmJMd.exe
  C:\Windows\System\mRBmJMd.exe
  2⤵
  PID:8908
- C:\Windows\System\rnQndmw.exe
  C:\Windows\System\rnQndmw.exe
  2⤵
  PID:8936
- C:\Windows\System\KKDCmRZ.exe
  C:\Windows\System\KKDCmRZ.exe
  2⤵
  PID:8964
- C:\Windows\System\xuWBIFU.exe
  C:\Windows\System\xuWBIFU.exe
  2⤵
  PID:9004
- C:\Windows\System\brAhpMI.exe
  C:\Windows\System\brAhpMI.exe
  2⤵
  PID:9060
- C:\Windows\System\Hybausg.exe
  C:\Windows\System\Hybausg.exe
  2⤵
  PID:9088
- C:\Windows\System\ENlHyDH.exe
  C:\Windows\System\ENlHyDH.exe
  2⤵
  PID:9116
- C:\Windows\System\dbguBkH.exe
  C:\Windows\System\dbguBkH.exe
  2⤵
  PID:9200
- C:\Windows\System\PGwxPnD.exe
  C:\Windows\System\PGwxPnD.exe
  2⤵
  PID:8328
- C:\Windows\System\kvatHBz.exe
  C:\Windows\System\kvatHBz.exe
  2⤵
  PID:8464
- C:\Windows\System\uxeJIcE.exe
  C:\Windows\System\uxeJIcE.exe
  2⤵
  PID:8524
- C:\Windows\System\uNuBJBp.exe
  C:\Windows\System\uNuBJBp.exe
  2⤵
  PID:1184
- C:\Windows\System\uhXrjQg.exe
  C:\Windows\System\uhXrjQg.exe
  2⤵
  PID:8664
- C:\Windows\System\FtAAIlD.exe
  C:\Windows\System\FtAAIlD.exe
  2⤵
  PID:8760
- C:\Windows\System\csxsuNS.exe
  C:\Windows\System\csxsuNS.exe
  2⤵
  PID:8864
- C:\Windows\System\wUbApoU.exe
  C:\Windows\System\wUbApoU.exe
  2⤵
  PID:8928
- C:\Windows\System\UdkHtbB.exe
  C:\Windows\System\UdkHtbB.exe
  2⤵
  PID:8988
- C:\Windows\System\ilSOTpm.exe
  C:\Windows\System\ilSOTpm.exe
  2⤵
  PID:3168
- C:\Windows\System\AbrlMGw.exe
  C:\Windows\System\AbrlMGw.exe
  2⤵
  PID:9108
- C:\Windows\System\iKcZvLJ.exe
  C:\Windows\System\iKcZvLJ.exe
  2⤵
  PID:8488
- C:\Windows\System\uYmQuiS.exe
  C:\Windows\System\uYmQuiS.exe
  2⤵
  PID:8624
- C:\Windows\System\UAjAKbs.exe
  C:\Windows\System\UAjAKbs.exe
  2⤵
  PID:8688
- C:\Windows\System\xlNvCkc.exe
  C:\Windows\System\xlNvCkc.exe
  2⤵
  PID:8712
- C:\Windows\System\mIOaFRh.exe
  C:\Windows\System\mIOaFRh.exe
  2⤵
  PID:8756
- C:\Windows\System\rayhPKC.exe
  C:\Windows\System\rayhPKC.exe
  2⤵
  PID:8960
- C:\Windows\System\MxcHdVi.exe
  C:\Windows\System\MxcHdVi.exe
  2⤵
  PID:9072
- C:\Windows\System\WRoPPhW.exe
  C:\Windows\System\WRoPPhW.exe
  2⤵
  PID:8956
- C:\Windows\System\HRBkqLv.exe
  C:\Windows\System\HRBkqLv.exe
  2⤵
  PID:8736
- C:\Windows\System\eFLbwgH.exe
  C:\Windows\System\eFLbwgH.exe
  2⤵
  PID:8656
- C:\Windows\System\CSxrdCY.exe
  C:\Windows\System\CSxrdCY.exe
  2⤵
  PID:5116
- C:\Windows\System\FocWmsg.exe
  C:\Windows\System\FocWmsg.exe
  2⤵
  PID:3588
- C:\Windows\System\qIcVWtq.exe
  C:\Windows\System\qIcVWtq.exe
  2⤵
  PID:184
- C:\Windows\System\xtRnSAx.exe
  C:\Windows\System\xtRnSAx.exe
  2⤵
  PID:2808
- C:\Windows\System\aDJoxIJ.exe
  C:\Windows\System\aDJoxIJ.exe
  2⤵
  PID:8324
- C:\Windows\System\pIsNeew.exe
  C:\Windows\System\pIsNeew.exe
  2⤵
  PID:1860
- C:\Windows\System\yKgqqQu.exe
  C:\Windows\System\yKgqqQu.exe
  2⤵
  PID:9224
- C:\Windows\System\duUQpAw.exe
  C:\Windows\System\duUQpAw.exe
  2⤵
  PID:9256
- C:\Windows\System\PkkJUFG.exe
  C:\Windows\System\PkkJUFG.exe
  2⤵
  PID:9284
- C:\Windows\System\nMHYklx.exe
  C:\Windows\System\nMHYklx.exe
  2⤵
  PID:9312
- C:\Windows\System\QKgeDIf.exe
  C:\Windows\System\QKgeDIf.exe
  2⤵
  PID:9340
- C:\Windows\System\lsaKxFd.exe
  C:\Windows\System\lsaKxFd.exe
  2⤵
  PID:9368
- C:\Windows\System\ksDfpCK.exe
  C:\Windows\System\ksDfpCK.exe
  2⤵
  PID:9396
- C:\Windows\System\hEapftc.exe
  C:\Windows\System\hEapftc.exe
  2⤵
  PID:9424
- C:\Windows\System\AcWDUrQ.exe
  C:\Windows\System\AcWDUrQ.exe
  2⤵
  PID:9444
- C:\Windows\System\kkFtobb.exe
  C:\Windows\System\kkFtobb.exe
  2⤵
  PID:9468
- C:\Windows\System\RCkNJBQ.exe
  C:\Windows\System\RCkNJBQ.exe
  2⤵
  PID:9508
- C:\Windows\System\uCDaajb.exe
  C:\Windows\System\uCDaajb.exe
  2⤵
  PID:9540
- C:\Windows\System\lNJVKYI.exe
  C:\Windows\System\lNJVKYI.exe
  2⤵
  PID:9572
- C:\Windows\System\VPKZtZb.exe
  C:\Windows\System\VPKZtZb.exe
  2⤵
  PID:9600
- C:\Windows\System\qmuxBnW.exe
  C:\Windows\System\qmuxBnW.exe
  2⤵
  PID:9644
- C:\Windows\System\RQHQDqq.exe
  C:\Windows\System\RQHQDqq.exe
  2⤵
  PID:9676
- C:\Windows\System\SjhKSDV.exe
  C:\Windows\System\SjhKSDV.exe
  2⤵
  PID:9728
- C:\Windows\System\oIktoTP.exe
  C:\Windows\System\oIktoTP.exe
  2⤵
  PID:9760
- C:\Windows\System\hLqXnKH.exe
  C:\Windows\System\hLqXnKH.exe
  2⤵
  PID:9788
- C:\Windows\System\FBERqzu.exe
  C:\Windows\System\FBERqzu.exe
  2⤵
  PID:9820
- C:\Windows\System\cHsNhuO.exe
  C:\Windows\System\cHsNhuO.exe
  2⤵
  PID:9848
- C:\Windows\System\glyOJRz.exe
  C:\Windows\System\glyOJRz.exe
  2⤵
  PID:9876
- C:\Windows\System\tdaaZBR.exe
  C:\Windows\System\tdaaZBR.exe
  2⤵
  PID:9904
- C:\Windows\System\GRTxtqg.exe
  C:\Windows\System\GRTxtqg.exe
  2⤵
  PID:9932
- C:\Windows\System\slbDAPn.exe
  C:\Windows\System\slbDAPn.exe
  2⤵
  PID:9960
- C:\Windows\System\GtJXhRW.exe
  C:\Windows\System\GtJXhRW.exe
  2⤵
  PID:9988
- C:\Windows\System\GAetMAg.exe
  C:\Windows\System\GAetMAg.exe
  2⤵
  PID:10016
- C:\Windows\System\NbFMFnr.exe
  C:\Windows\System\NbFMFnr.exe
  2⤵
  PID:10052
- C:\Windows\System\gdGoFCN.exe
  C:\Windows\System\gdGoFCN.exe
  2⤵
  PID:10080
- C:\Windows\System\peCUmdt.exe
  C:\Windows\System\peCUmdt.exe
  2⤵
  PID:10112
- C:\Windows\System\Itxavzg.exe
  C:\Windows\System\Itxavzg.exe
  2⤵
  PID:10136
- C:\Windows\System\XSXYuND.exe
  C:\Windows\System\XSXYuND.exe
  2⤵
  PID:10200
- C:\Windows\System\Pbfyfcj.exe
  C:\Windows\System\Pbfyfcj.exe
  2⤵
  PID:10216
- C:\Windows\System\XHRlhnw.exe
  C:\Windows\System\XHRlhnw.exe
  2⤵
  PID:9276
- C:\Windows\System\aIFatOG.exe
  C:\Windows\System\aIFatOG.exe
  2⤵
  PID:8284
- C:\Windows\System\zfXwJcj.exe
  C:\Windows\System\zfXwJcj.exe
  2⤵
  PID:9584
- C:\Windows\System\xYbJGZk.exe
  C:\Windows\System\xYbJGZk.exe
  2⤵
  PID:9620
- C:\Windows\System\isKNgJt.exe
  C:\Windows\System\isKNgJt.exe
  2⤵
  PID:9664
- C:\Windows\System\wUaDJmV.exe
  C:\Windows\System\wUaDJmV.exe
  2⤵
  PID:9772
- C:\Windows\System\tDgsSqs.exe
  C:\Windows\System\tDgsSqs.exe
  2⤵
  PID:9840
- C:\Windows\System\uRxQdUI.exe
  C:\Windows\System\uRxQdUI.exe
  2⤵
  PID:9928
- C:\Windows\System\gHEVIKX.exe
  C:\Windows\System\gHEVIKX.exe
  2⤵
  PID:10008
- C:\Windows\System\NSVlBWE.exe
  C:\Windows\System\NSVlBWE.exe
  2⤵
  PID:10076
- C:\Windows\System\zhaqTFz.exe
  C:\Windows\System\zhaqTFz.exe
  2⤵
  PID:816
- C:\Windows\System\TBtuXMg.exe
  C:\Windows\System\TBtuXMg.exe
  2⤵
  PID:9324
- C:\Windows\System\RsjmWGG.exe
  C:\Windows\System\RsjmWGG.exe
  2⤵
  PID:9240
- C:\Windows\System\zewDYpt.exe
  C:\Windows\System\zewDYpt.exe
  2⤵
  PID:9812
- C:\Windows\System\GPBVoVr.exe
  C:\Windows\System\GPBVoVr.exe
  2⤵
  PID:9956
- C:\Windows\System\ndIpRhy.exe
  C:\Windows\System\ndIpRhy.exe
  2⤵
  PID:4400
- C:\Windows\System\sTQviJq.exe
  C:\Windows\System\sTQviJq.exe
  2⤵
  PID:10212
- C:\Windows\System\nGZbzaV.exe
  C:\Windows\System\nGZbzaV.exe
  2⤵
  PID:9724
- C:\Windows\System\gXoksBC.exe
  C:\Windows\System\gXoksBC.exe
  2⤵
  PID:4024
- C:\Windows\System\LEHYTKT.exe
  C:\Windows\System\LEHYTKT.exe
  2⤵
  PID:10072
- C:\Windows\System\VXLTeMe.exe
  C:\Windows\System\VXLTeMe.exe
  2⤵
  PID:9532
- C:\Windows\System\OhiEbRd.exe
  C:\Windows\System\OhiEbRd.exe
  2⤵
  PID:9488
- C:\Windows\System\eSTEhGl.exe
  C:\Windows\System\eSTEhGl.exe
  2⤵
  PID:9888
- C:\Windows\System\NDFDiQm.exe
  C:\Windows\System\NDFDiQm.exe
  2⤵
  PID:10256
- C:\Windows\System\ysnRHnb.exe
  C:\Windows\System\ysnRHnb.exe
  2⤵
  PID:10284
- C:\Windows\System\PrssylQ.exe
  C:\Windows\System\PrssylQ.exe
  2⤵
  PID:10312
- C:\Windows\System\vstvMbX.exe
  C:\Windows\System\vstvMbX.exe
  2⤵
  PID:10348
- C:\Windows\System\efDwekF.exe
  C:\Windows\System\efDwekF.exe
  2⤵
  PID:10376
- C:\Windows\System\uowtZMh.exe
  C:\Windows\System\uowtZMh.exe
  2⤵
  PID:10400
- C:\Windows\System\GMZFult.exe
  C:\Windows\System\GMZFult.exe
  2⤵
  PID:10428
- C:\Windows\System\rhlqHoI.exe
  C:\Windows\System\rhlqHoI.exe
  2⤵
  PID:10456
- C:\Windows\System\sbqmPUv.exe
  C:\Windows\System\sbqmPUv.exe
  2⤵
  PID:10484
- C:\Windows\System\fnqUfhu.exe
  C:\Windows\System\fnqUfhu.exe
  2⤵
  PID:10512
- C:\Windows\System\MXBVWCn.exe
  C:\Windows\System\MXBVWCn.exe
  2⤵
  PID:10540
- C:\Windows\System\UXZeeYI.exe
  C:\Windows\System\UXZeeYI.exe
  2⤵
  PID:10568
- C:\Windows\System\pQxcPSH.exe
  C:\Windows\System\pQxcPSH.exe
  2⤵
  PID:10596
- C:\Windows\System\cqNEkQU.exe
  C:\Windows\System\cqNEkQU.exe
  2⤵
  PID:10628
- C:\Windows\System\JShNgYf.exe
  C:\Windows\System\JShNgYf.exe
  2⤵
  PID:10656
- C:\Windows\System\eZEOiak.exe
  C:\Windows\System\eZEOiak.exe
  2⤵
  PID:10684
- C:\Windows\System\faHiXki.exe
  C:\Windows\System\faHiXki.exe
  2⤵
  PID:10716
- C:\Windows\System\dBiEBxT.exe
  C:\Windows\System\dBiEBxT.exe
  2⤵
  PID:10740
- C:\Windows\System\NCPIoTG.exe
  C:\Windows\System\NCPIoTG.exe
  2⤵
  PID:10768
- C:\Windows\System\NLpSoUe.exe
  C:\Windows\System\NLpSoUe.exe
  2⤵
  PID:10796
- C:\Windows\System\LknBUYw.exe
  C:\Windows\System\LknBUYw.exe
  2⤵
  PID:10824
- C:\Windows\System\ogfoVHH.exe
  C:\Windows\System\ogfoVHH.exe
  2⤵
  PID:10852
- C:\Windows\System\GtrcOLt.exe
  C:\Windows\System\GtrcOLt.exe
  2⤵
  PID:10880
- C:\Windows\System\gMnEJLD.exe
  C:\Windows\System\gMnEJLD.exe
  2⤵
  PID:10908
- C:\Windows\System\eKiQAuz.exe
  C:\Windows\System\eKiQAuz.exe
  2⤵
  PID:10940
- C:\Windows\System\zwgHVQl.exe
  C:\Windows\System\zwgHVQl.exe
  2⤵
  PID:10964
- C:\Windows\System\yCqnHbz.exe
  C:\Windows\System\yCqnHbz.exe
  2⤵
  PID:10992
- C:\Windows\System\KQeavqk.exe
  C:\Windows\System\KQeavqk.exe
  2⤵
  PID:11024
- C:\Windows\System\DkfeMkr.exe
  C:\Windows\System\DkfeMkr.exe
  2⤵
  PID:11048
- C:\Windows\System\uaYWNrj.exe
  C:\Windows\System\uaYWNrj.exe
  2⤵
  PID:11076
- C:\Windows\System\kyZGxPi.exe
  C:\Windows\System\kyZGxPi.exe
  2⤵
  PID:11104
- C:\Windows\System\NAyjHLc.exe
  C:\Windows\System\NAyjHLc.exe
  2⤵
  PID:11132
- C:\Windows\System\gyKXrHG.exe
  C:\Windows\System\gyKXrHG.exe
  2⤵
  PID:11200
- C:\Windows\System\lHtPnXr.exe
  C:\Windows\System\lHtPnXr.exe
  2⤵
  PID:11256
- C:\Windows\System\vxdgeAK.exe
  C:\Windows\System\vxdgeAK.exe
  2⤵
  PID:10308
- C:\Windows\System\kPqrcDn.exe
  C:\Windows\System\kPqrcDn.exe
  2⤵
  PID:10364
- C:\Windows\System\fqQdSkQ.exe
  C:\Windows\System\fqQdSkQ.exe
  2⤵
  PID:10412
- C:\Windows\System\cvruscQ.exe
  C:\Windows\System\cvruscQ.exe
  2⤵
  PID:9860
- C:\Windows\System\vddMEEJ.exe
  C:\Windows\System\vddMEEJ.exe
  2⤵
  PID:10532
- C:\Windows\System\uozcWkf.exe
  C:\Windows\System\uozcWkf.exe
  2⤵
  PID:10588
- C:\Windows\System\IXCghcp.exe
  C:\Windows\System\IXCghcp.exe
  2⤵
  PID:10652
- C:\Windows\System\ypRwROo.exe
  C:\Windows\System\ypRwROo.exe
  2⤵
  PID:10728
- C:\Windows\System\ZuoLxOr.exe
  C:\Windows\System\ZuoLxOr.exe
  2⤵
  PID:10788
- C:\Windows\System\CoUzDqJ.exe
  C:\Windows\System\CoUzDqJ.exe
  2⤵
  PID:10848
- C:\Windows\System\EXaTwZW.exe
  C:\Windows\System\EXaTwZW.exe
  2⤵
  PID:10928
- C:\Windows\System\lGVFIJB.exe
  C:\Windows\System\lGVFIJB.exe
  2⤵
  PID:10980
- C:\Windows\System\GztIzqd.exe
  C:\Windows\System\GztIzqd.exe
  2⤵
  PID:11032
- C:\Windows\System\SmmqiPR.exe
  C:\Windows\System\SmmqiPR.exe
  2⤵
  PID:10604
- C:\Windows\System\zdIHOwS.exe
  C:\Windows\System\zdIHOwS.exe
  2⤵
  PID:11148
- C:\Windows\System\rvVGaEf.exe
  C:\Windows\System\rvVGaEf.exe
  2⤵
  PID:11244
- C:\Windows\System\lqQOJBM.exe
  C:\Windows\System\lqQOJBM.exe
  2⤵
  PID:10356
- C:\Windows\System\jloWCOX.exe
  C:\Windows\System\jloWCOX.exe
  2⤵
  PID:11252
- C:\Windows\System\krbyhjx.exe
  C:\Windows\System\krbyhjx.exe
  2⤵
  PID:10440
- C:\Windows\System\OjHJpEa.exe
  C:\Windows\System\OjHJpEa.exe
  2⤵
  PID:10524
- C:\Windows\System\vkcbYBu.exe
  C:\Windows\System\vkcbYBu.exe
  2⤵
  PID:10648
- C:\Windows\System\CQCAEYW.exe
  C:\Windows\System\CQCAEYW.exe
  2⤵
  PID:10816
- C:\Windows\System\sRyBMtR.exe
  C:\Windows\System\sRyBMtR.exe
  2⤵
  PID:10956
- C:\Windows\System\VIyYGzi.exe
  C:\Windows\System\VIyYGzi.exe
  2⤵
  PID:11088
- C:\Windows\System\tspfCZs.exe
  C:\Windows\System\tspfCZs.exe
  2⤵
  PID:10324
- C:\Windows\System\ndEaIvM.exe
  C:\Windows\System\ndEaIvM.exe
  2⤵
  PID:10276
- C:\Windows\System\PjcpVam.exe
  C:\Windows\System\PjcpVam.exe
  2⤵
  PID:10640
- C:\Windows\System\vsipzHw.exe
  C:\Windows\System\vsipzHw.exe
  2⤵
  PID:11072
- C:\Windows\System\hQDnAtN.exe
  C:\Windows\System\hQDnAtN.exe
  2⤵
  PID:11176
- C:\Windows\System\jwRbXKx.exe
  C:\Windows\System\jwRbXKx.exe
  2⤵
  PID:10952
- C:\Windows\System\gRDUInx.exe
  C:\Windows\System\gRDUInx.exe
  2⤵
  PID:11180
- C:\Windows\System\okyNeZR.exe
  C:\Windows\System\okyNeZR.exe
  2⤵
  PID:11284
- C:\Windows\System\BlItepI.exe
  C:\Windows\System\BlItepI.exe
  2⤵
  PID:11312
- C:\Windows\System\WEmERgp.exe
  C:\Windows\System\WEmERgp.exe
  2⤵
  PID:11340
- C:\Windows\System\nfKCfWm.exe
  C:\Windows\System\nfKCfWm.exe
  2⤵
  PID:11384
- C:\Windows\System\ELcXzeU.exe
  C:\Windows\System\ELcXzeU.exe
  2⤵
  PID:11400
- C:\Windows\System\gzYAcdP.exe
  C:\Windows\System\gzYAcdP.exe
  2⤵
  PID:11428
- C:\Windows\System\vfKFpMG.exe
  C:\Windows\System\vfKFpMG.exe
  2⤵
  PID:11456
- C:\Windows\System\JPNquRG.exe
  C:\Windows\System\JPNquRG.exe
  2⤵
  PID:11484
- C:\Windows\System\HpwqBCJ.exe
  C:\Windows\System\HpwqBCJ.exe
  2⤵
  PID:11512
- C:\Windows\System\dDqzqhI.exe
  C:\Windows\System\dDqzqhI.exe
  2⤵
  PID:11540
- C:\Windows\System\lKPEnNe.exe
  C:\Windows\System\lKPEnNe.exe
  2⤵
  PID:11572
- C:\Windows\System\hMxpWIM.exe
  C:\Windows\System\hMxpWIM.exe
  2⤵
  PID:11600
- C:\Windows\System\LEUDQxG.exe
  C:\Windows\System\LEUDQxG.exe
  2⤵
  PID:11628
- C:\Windows\System\kKdscyh.exe
  C:\Windows\System\kKdscyh.exe
  2⤵
  PID:11656
- C:\Windows\System\KPpNxDt.exe
  C:\Windows\System\KPpNxDt.exe
  2⤵
  PID:11684
- C:\Windows\System\JkxOzUM.exe
  C:\Windows\System\JkxOzUM.exe
  2⤵
  PID:11716
- C:\Windows\System\rEOvHWo.exe
  C:\Windows\System\rEOvHWo.exe
  2⤵
  PID:11744
- C:\Windows\System\GeuYhWM.exe
  C:\Windows\System\GeuYhWM.exe
  2⤵
  PID:11772
- C:\Windows\System\sfcIweU.exe
  C:\Windows\System\sfcIweU.exe
  2⤵
  PID:11800
- C:\Windows\System\LhIGmLe.exe
  C:\Windows\System\LhIGmLe.exe
  2⤵
  PID:11828
- C:\Windows\System\zlSgXEb.exe
  C:\Windows\System\zlSgXEb.exe
  2⤵
  PID:11856
- C:\Windows\System\ZanRnaG.exe
  C:\Windows\System\ZanRnaG.exe
  2⤵
  PID:11900
- C:\Windows\System\pqmajgd.exe
  C:\Windows\System\pqmajgd.exe
  2⤵
  PID:11960
- C:\Windows\System\HlEfkzE.exe
  C:\Windows\System\HlEfkzE.exe
  2⤵
  PID:12012
- C:\Windows\System\hizUvcV.exe
  C:\Windows\System\hizUvcV.exe
  2⤵
  PID:12096
- C:\Windows\System\mqwUhOa.exe
  C:\Windows\System\mqwUhOa.exe
  2⤵
  PID:12140
- C:\Windows\System\TMNYmnt.exe
  C:\Windows\System\TMNYmnt.exe
  2⤵
  PID:12168
- C:\Windows\System\kMZWcek.exe
  C:\Windows\System\kMZWcek.exe
  2⤵
  PID:12196
- C:\Windows\System\AycXHDf.exe
  C:\Windows\System\AycXHDf.exe
  2⤵
  PID:12232
- C:\Windows\System\BxboRgR.exe
  C:\Windows\System\BxboRgR.exe
  2⤵
  PID:12260
- C:\Windows\System\Fpsclvw.exe
  C:\Windows\System\Fpsclvw.exe
  2⤵
  PID:11276
- C:\Windows\System\JlyAdFg.exe
  C:\Windows\System\JlyAdFg.exe
  2⤵
  PID:11356
- C:\Windows\System\SCEBWRN.exe
  C:\Windows\System\SCEBWRN.exe
  2⤵
  PID:11412
- C:\Windows\System\ZiOsicD.exe
  C:\Windows\System\ZiOsicD.exe
  2⤵
  PID:11476
- C:\Windows\System\KaVviEz.exe
  C:\Windows\System\KaVviEz.exe
  2⤵
  PID:11532
- C:\Windows\System\MhmQHfJ.exe
  C:\Windows\System\MhmQHfJ.exe
  2⤵
  PID:11640
- C:\Windows\System\csSspdf.exe
  C:\Windows\System\csSspdf.exe
  2⤵
  PID:11676
- C:\Windows\System\hCExekT.exe
  C:\Windows\System\hCExekT.exe
  2⤵
  PID:11740
- C:\Windows\System\THxTOiL.exe
  C:\Windows\System\THxTOiL.exe
  2⤵
  PID:11812
- C:\Windows\System\aTZDhiq.exe
  C:\Windows\System\aTZDhiq.exe
  2⤵
  PID:11852
- C:\Windows\System\QgwyRkx.exe
  C:\Windows\System\QgwyRkx.exe
  2⤵
  PID:11976
- C:\Windows\System\DfUFIDX.exe
  C:\Windows\System\DfUFIDX.exe
  2⤵
  PID:5128
- C:\Windows\System\lhxKWhT.exe
  C:\Windows\System\lhxKWhT.exe
  2⤵
  PID:12164
- C:\Windows\System\gcXwWxS.exe
  C:\Windows\System\gcXwWxS.exe
  2⤵
  PID:12216
- C:\Windows\System\gnSihrl.exe
  C:\Windows\System\gnSihrl.exe
  2⤵
  PID:11268
- C:\Windows\System\SjnjFRF.exe
  C:\Windows\System\SjnjFRF.exe
  2⤵
  PID:11396
- C:\Windows\System\ZIzbVUX.exe
  C:\Windows\System\ZIzbVUX.exe
  2⤵
  PID:11564
- C:\Windows\System\jFhfmyn.exe
  C:\Windows\System\jFhfmyn.exe
  2⤵
  PID:11624
- C:\Windows\System\ltpSkZl.exe
  C:\Windows\System\ltpSkZl.exe
  2⤵
  PID:11652
- C:\Windows\System\SqYEPtX.exe
  C:\Windows\System\SqYEPtX.exe
  2⤵
  PID:11792
- C:\Windows\System\SOoVYxb.exe
  C:\Windows\System\SOoVYxb.exe
  2⤵
  PID:11948
- C:\Windows\System\MWQRDvn.exe
  C:\Windows\System\MWQRDvn.exe
  2⤵
  PID:12208
- C:\Windows\System\ntkBmXe.exe
  C:\Windows\System\ntkBmXe.exe
  2⤵
  PID:11392
- C:\Windows\System\BIklNUv.exe
  C:\Windows\System\BIklNUv.exe
  2⤵
  PID:2316
- C:\Windows\System\hDyesHL.exe
  C:\Windows\System\hDyesHL.exe
  2⤵
  PID:11736
- C:\Windows\System\dsFWNjk.exe
  C:\Windows\System\dsFWNjk.exe
  2⤵
  PID:12184
- C:\Windows\System\TLnYemA.exe
  C:\Windows\System\TLnYemA.exe
  2⤵
  PID:11324
- C:\Windows\System\EVhcjfH.exe
  C:\Windows\System\EVhcjfH.exe
  2⤵
  PID:12132
- C:\Windows\System\emmUqHM.exe
  C:\Windows\System\emmUqHM.exe
  2⤵
  PID:12056
- C:\Windows\System\drPkbKe.exe
  C:\Windows\System\drPkbKe.exe
  2⤵
  PID:12308
- C:\Windows\System\VoycSMt.exe
  C:\Windows\System\VoycSMt.exe
  2⤵
  PID:12348
- C:\Windows\System\HvLlqVe.exe
  C:\Windows\System\HvLlqVe.exe
  2⤵
  PID:12384
- C:\Windows\System\vTvZdKW.exe
  C:\Windows\System\vTvZdKW.exe
  2⤵
  PID:12404
- C:\Windows\System\unqhhkf.exe
  C:\Windows\System\unqhhkf.exe
  2⤵
  PID:12432
- C:\Windows\System\wyFtVfr.exe
  C:\Windows\System\wyFtVfr.exe
  2⤵
  PID:12460
- C:\Windows\System\iVpDTSH.exe
  C:\Windows\System\iVpDTSH.exe
  2⤵
  PID:12488
- C:\Windows\System\MzxOoLe.exe
  C:\Windows\System\MzxOoLe.exe
  2⤵
  PID:12516
- C:\Windows\System\DNbnFAb.exe
  C:\Windows\System\DNbnFAb.exe
  2⤵
  PID:12544
- C:\Windows\System\pylCCue.exe
  C:\Windows\System\pylCCue.exe
  2⤵
  PID:12584
- C:\Windows\System\NHHSeVK.exe
  C:\Windows\System\NHHSeVK.exe
  2⤵
  PID:12608
- C:\Windows\System\ZEDfbxR.exe
  C:\Windows\System\ZEDfbxR.exe
  2⤵
  PID:12628
- C:\Windows\System\vbdjuUF.exe
  C:\Windows\System\vbdjuUF.exe
  2⤵
  PID:12664
- C:\Windows\System\JRQfvaV.exe
  C:\Windows\System\JRQfvaV.exe
  2⤵
  PID:12696
- C:\Windows\System\dioVodD.exe
  C:\Windows\System\dioVodD.exe
  2⤵
  PID:12724
- C:\Windows\System\ylfrFHc.exe
  C:\Windows\System\ylfrFHc.exe
  2⤵
  PID:12752
- C:\Windows\System\GpcpCSq.exe
  C:\Windows\System\GpcpCSq.exe
  2⤵
  PID:12780
- C:\Windows\System\epGOjPM.exe
  C:\Windows\System\epGOjPM.exe
  2⤵
  PID:12808
- C:\Windows\System\RvZToHN.exe
  C:\Windows\System\RvZToHN.exe
  2⤵
  PID:12836
- C:\Windows\System\pnGTAgY.exe
  C:\Windows\System\pnGTAgY.exe
  2⤵
  PID:12864
- C:\Windows\System\kxUOWIF.exe
  C:\Windows\System\kxUOWIF.exe
  2⤵
  PID:12892
- C:\Windows\System\EhlnVPq.exe
  C:\Windows\System\EhlnVPq.exe
  2⤵
  PID:12920
- C:\Windows\System\aySsXjw.exe
  C:\Windows\System\aySsXjw.exe
  2⤵
  PID:12948
- C:\Windows\System\csgqiSV.exe
  C:\Windows\System\csgqiSV.exe
  2⤵
  PID:12976
- C:\Windows\System\mjRfcOI.exe
  C:\Windows\System\mjRfcOI.exe
  2⤵
  PID:13004
- C:\Windows\System\jRhITaG.exe
  C:\Windows\System\jRhITaG.exe
  2⤵
  PID:13032
- C:\Windows\System\ahrAndh.exe
  C:\Windows\System\ahrAndh.exe
  2⤵
  PID:13060
- C:\Windows\System\pCIDFwk.exe
  C:\Windows\System\pCIDFwk.exe
  2⤵
  PID:13088
- C:\Windows\System\AogyyZB.exe
  C:\Windows\System\AogyyZB.exe
  2⤵
  PID:13116
- C:\Windows\System\JhBUeoh.exe
  C:\Windows\System\JhBUeoh.exe
  2⤵
  PID:13148
- C:\Windows\System\PpvBpqU.exe
  C:\Windows\System\PpvBpqU.exe
  2⤵
  PID:13176
- C:\Windows\System\IqZCMKF.exe
  C:\Windows\System\IqZCMKF.exe
  2⤵
  PID:13208
- C:\Windows\System\bMmsEki.exe
  C:\Windows\System\bMmsEki.exe
  2⤵
  PID:13236
- C:\Windows\System\iScxnVy.exe
  C:\Windows\System\iScxnVy.exe
  2⤵
  PID:13264
- C:\Windows\System\MqVlVac.exe
  C:\Windows\System\MqVlVac.exe
  2⤵
  PID:13292
- C:\Windows\System\UnRjwKe.exe
  C:\Windows\System\UnRjwKe.exe
  2⤵
  PID:12320
- C:\Windows\System\VdDSwYe.exe
  C:\Windows\System\VdDSwYe.exe
  2⤵
  PID:12360
- C:\Windows\System\JnOdFLI.exe
  C:\Windows\System\JnOdFLI.exe
  2⤵
  PID:12428
- C:\Windows\System\qLvcwXo.exe
  C:\Windows\System\qLvcwXo.exe
  2⤵
  PID:12484
- C:\Windows\System\oBwXKAy.exe
  C:\Windows\System\oBwXKAy.exe
  2⤵
  PID:12532
- C:\Windows\System\HqEqUMb.exe
  C:\Windows\System\HqEqUMb.exe
  2⤵
  PID:12616
- C:\Windows\System\zceYDXh.exe
  C:\Windows\System\zceYDXh.exe
  2⤵
  PID:12660
- C:\Windows\System\cNmEcsG.exe
  C:\Windows\System\cNmEcsG.exe
  2⤵
  PID:12716
- C:\Windows\System\WQzwWBV.exe
  C:\Windows\System\WQzwWBV.exe
  2⤵
  PID:9660
- C:\Windows\System\EOyOrCW.exe
  C:\Windows\System\EOyOrCW.exe
  2⤵
  PID:12744
- C:\Windows\System\ndeylas.exe
  C:\Windows\System\ndeylas.exe
  2⤵
  PID:12800
- C:\Windows\System\OIJvFyS.exe
  C:\Windows\System\OIJvFyS.exe
  2⤵
  PID:9652
- C:\Windows\System\UyjBYWQ.exe
  C:\Windows\System\UyjBYWQ.exe
  2⤵
  PID:12888
- C:\Windows\System\uuoDAgP.exe
  C:\Windows\System\uuoDAgP.exe
  2⤵
  PID:12960
- C:\Windows\System\ToMotqz.exe
  C:\Windows\System\ToMotqz.exe
  2⤵
  PID:13024
- C:\Windows\System\ZJwFXsD.exe
  C:\Windows\System\ZJwFXsD.exe
  2⤵
  PID:13072
- C:\Windows\System\enuSosW.exe
  C:\Windows\System\enuSosW.exe
  2⤵
  PID:444
- C:\Windows\System\AcSrIqQ.exe
  C:\Windows\System\AcSrIqQ.exe
  2⤵
  PID:4996
- C:\Windows\System\gIvoqZH.exe
  C:\Windows\System\gIvoqZH.exe
  2⤵
  PID:11940
- C:\Windows\System\bGBbbiB.exe
  C:\Windows\System\bGBbbiB.exe
  2⤵
  PID:13304
- C:\Windows\System\GaNeHWJ.exe
  C:\Windows\System\GaNeHWJ.exe
  2⤵
  PID:3480
- C:\Windows\System\JzYvBJO.exe
  C:\Windows\System\JzYvBJO.exe
  2⤵
  PID:12452
- C:\Windows\System\tgSZRYQ.exe
  C:\Windows\System\tgSZRYQ.exe
  2⤵
  PID:12536
- C:\Windows\System\xlvWePW.exe
  C:\Windows\System\xlvWePW.exe
  2⤵
  PID:9708
- C:\Windows\System\GrueoVx.exe
  C:\Windows\System\GrueoVx.exe
  2⤵
  PID:12860
- C:\Windows\System\eaFXkGi.exe
  C:\Windows\System\eaFXkGi.exe
  2⤵
  PID:13000
- C:\Windows\System\InfbmfT.exe
  C:\Windows\System\InfbmfT.exe
  2⤵
  PID:13100
- C:\Windows\System\HZaFjid.exe
  C:\Windows\System\HZaFjid.exe
  2⤵
  PID:6184
- C:\Windows\System\yKwjHpU.exe
  C:\Windows\System\yKwjHpU.exe
  2⤵
  PID:3312
- C:\Windows\System\NcqexFf.exe
  C:\Windows\System\NcqexFf.exe
  2⤵
  PID:5664
- C:\Windows\System\fUvgTPW.exe
  C:\Windows\System\fUvgTPW.exe
  2⤵
  PID:3656
- C:\Windows\System\XFSVNIs.exe
  C:\Windows\System\XFSVNIs.exe
  2⤵
  PID:12300
- C:\Windows\System\YlvCEtM.exe
  C:\Windows\System\YlvCEtM.exe
  2⤵
  PID:3956
- C:\Windows\System\xwenHqU.exe
  C:\Windows\System\xwenHqU.exe
  2⤵
  PID:6480
- C:\Windows\System\qKqqEpb.exe
  C:\Windows\System\qKqqEpb.exe
  2⤵
  PID:6536
- C:\Windows\System\YKYyOdh.exe
  C:\Windows\System\YKYyOdh.exe
  2⤵
  PID:1080
- C:\Windows\System\fSJhEHe.exe
  C:\Windows\System\fSJhEHe.exe
  2⤵
  PID:12988
- C:\Windows\System\xtASGeB.exe
  C:\Windows\System\xtASGeB.exe
  2⤵
  PID:6764
- C:\Windows\System\SUndMHb.exe
  C:\Windows\System\SUndMHb.exe
  2⤵
  PID:2276
- C:\Windows\System\nlobopi.exe
  C:\Windows\System\nlobopi.exe
  2⤵
  PID:4632
- C:\Windows\System\ldmAZhK.exe
  C:\Windows\System\ldmAZhK.exe
  2⤵
  PID:12392
- C:\Windows\System\hSrYZZy.exe
  C:\Windows\System\hSrYZZy.exe
  2⤵
  PID:4108
- C:\Windows\System\JTYSCKe.exe
  C:\Windows\System\JTYSCKe.exe
  2⤵
  PID:3368
- C:\Windows\System\OQsvQei.exe
  C:\Windows\System\OQsvQei.exe
  2⤵
  PID:6516
- C:\Windows\System\MIELKPk.exe
  C:\Windows\System\MIELKPk.exe
  2⤵
  PID:2560
- C:\Windows\System\BwqEmUR.exe
  C:\Windows\System\BwqEmUR.exe
  2⤵
  PID:3056
- C:\Windows\System\qOAOQXU.exe
  C:\Windows\System\qOAOQXU.exe
  2⤵
  PID:3808
- C:\Windows\System\BSAYwIx.exe
  C:\Windows\System\BSAYwIx.exe
  2⤵
  PID:2340
- C:\Windows\System\BxxXwwj.exe
  C:\Windows\System\BxxXwwj.exe
  2⤵
  PID:4604
- C:\Windows\System\vqonjjM.exe
  C:\Windows\System\vqonjjM.exe
  2⤵
  PID:4484
- C:\Windows\System\DLHfbUV.exe
  C:\Windows\System\DLHfbUV.exe
  2⤵
  PID:2632
- C:\Windows\System\bNQVUaM.exe
  C:\Windows\System\bNQVUaM.exe
  2⤵
  PID:112
- C:\Windows\System\nXBxqHR.exe
  C:\Windows\System\nXBxqHR.exe
  2⤵
  PID:4464
- C:\Windows\System\abUuedw.exe
  C:\Windows\System\abUuedw.exe
  2⤵
  PID:13140
- C:\Windows\System\qtaNhpQ.exe
  C:\Windows\System\qtaNhpQ.exe
  2⤵
  PID:1220
- C:\Windows\System\BFRasoI.exe
  C:\Windows\System\BFRasoI.exe
  2⤵
  PID:808
- C:\Windows\System\HbNnToR.exe
  C:\Windows\System\HbNnToR.exe
  2⤵
  PID:780
- C:\Windows\System\ZCAdnls.exe
  C:\Windows\System\ZCAdnls.exe
  2⤵
  PID:12296
- C:\Windows\System\OWzKAMm.exe
  C:\Windows\System\OWzKAMm.exe
  2⤵
  PID:2568
- C:\Windows\System\sTvKgoV.exe
  C:\Windows\System\sTvKgoV.exe
  2⤵
  PID:3124
- C:\Windows\System\OtKZnbk.exe
  C:\Windows\System\OtKZnbk.exe
  2⤵
  PID:13248
- C:\Windows\System\MjCBoBS.exe
  C:\Windows\System\MjCBoBS.exe
  2⤵
  PID:2320
- C:\Windows\System\EiZneJE.exe
  C:\Windows\System\EiZneJE.exe
  2⤵
  PID:5608
- C:\Windows\System\xkZFtvl.exe
  C:\Windows\System\xkZFtvl.exe
  2⤵
  PID:2484
- C:\Windows\System\lrZhmmV.exe
  C:\Windows\System\lrZhmmV.exe
  2⤵
  PID:12932
- C:\Windows\System\qgaIWNK.exe
  C:\Windows\System\qgaIWNK.exe
  2⤵
  PID:1592
- C:\Windows\System\ravsskB.exe
  C:\Windows\System\ravsskB.exe
  2⤵
  PID:3016
- C:\Windows\System\wXWVBLj.exe
  C:\Windows\System\wXWVBLj.exe
  2⤵
  PID:1376
- C:\Windows\System\vUtwsII.exe
  C:\Windows\System\vUtwsII.exe
  2⤵
  PID:4504
- C:\Windows\System\ghAniOu.exe
  C:\Windows\System\ghAniOu.exe
  2⤵
  PID:4888
- C:\Windows\System\zQPbELx.exe
  C:\Windows\System\zQPbELx.exe
  2⤵
  PID:7120
- C:\Windows\System\yyvSaoj.exe
  C:\Windows\System\yyvSaoj.exe
  2⤵
  PID:13328
- C:\Windows\System\jrAAGWU.exe
  C:\Windows\System\jrAAGWU.exe
  2⤵
  PID:13356
- C:\Windows\System\KaUynId.exe
  C:\Windows\System\KaUynId.exe
  2⤵
  PID:13384
- C:\Windows\System\cTnshwk.exe
  C:\Windows\System\cTnshwk.exe
  2⤵
  PID:13412
- C:\Windows\System\dknysCg.exe
  C:\Windows\System\dknysCg.exe
  2⤵
  PID:13440
- C:\Windows\System\YXGGgxQ.exe
  C:\Windows\System\YXGGgxQ.exe
  2⤵
  PID:13468
- C:\Windows\System\nawAakx.exe
  C:\Windows\System\nawAakx.exe
  2⤵
  PID:13496
- C:\Windows\System\ixSafXl.exe
  C:\Windows\System\ixSafXl.exe
  2⤵
  PID:13524
- C:\Windows\System\CRQpJXC.exe
  C:\Windows\System\CRQpJXC.exe
  2⤵
  PID:13560
- C:\Windows\System\tDZHgQy.exe
  C:\Windows\System\tDZHgQy.exe
  2⤵
  PID:13596
- C:\Windows\System\RPxUQbD.exe
  C:\Windows\System\RPxUQbD.exe
  2⤵
  PID:13624
- C:\Windows\System\uJBdkeT.exe
  C:\Windows\System\uJBdkeT.exe
  2⤵
  PID:13652
- C:\Windows\System\jxjqJSK.exe
  C:\Windows\System\jxjqJSK.exe
  2⤵
  PID:13684
- C:\Windows\System\BpqjcMz.exe
  C:\Windows\System\BpqjcMz.exe
  2⤵
  PID:13712
- C:\Windows\System\tCzLTMO.exe
  C:\Windows\System\tCzLTMO.exe
  2⤵
  PID:13740
- C:\Windows\System\yJVuTqa.exe
  C:\Windows\System\yJVuTqa.exe
  2⤵
  PID:13768
- C:\Windows\System\TRddvhS.exe
  C:\Windows\System\TRddvhS.exe
  2⤵
  PID:13796
- C:\Windows\System\FZYpYrU.exe
  C:\Windows\System\FZYpYrU.exe
  2⤵
  PID:13824
- C:\Windows\System\LgaFeDn.exe
  C:\Windows\System\LgaFeDn.exe
  2⤵
  PID:13848
- C:\Windows\System\PxmInlr.exe
  C:\Windows\System\PxmInlr.exe
  2⤵
  PID:13880
- C:\Windows\System\GuVPwXi.exe
  C:\Windows\System\GuVPwXi.exe
  2⤵
  PID:13908
- C:\Windows\System\liQylQf.exe
  C:\Windows\System\liQylQf.exe
  2⤵
  PID:13936
- C:\Windows\System\LkXmHoZ.exe
  C:\Windows\System\LkXmHoZ.exe
  2⤵
  PID:13964
- C:\Windows\System\mbtcvbC.exe
  C:\Windows\System\mbtcvbC.exe
  2⤵
  PID:13992
- C:\Windows\System\xsAkrbb.exe
  C:\Windows\System\xsAkrbb.exe
  2⤵
  PID:14020
- C:\Windows\System\IELtmEQ.exe
  C:\Windows\System\IELtmEQ.exe
  2⤵
  PID:14048
- C:\Windows\System\QFPRAew.exe
  C:\Windows\System\QFPRAew.exe
  2⤵
  PID:14076
- C:\Windows\System\nPDPPOk.exe
  C:\Windows\System\nPDPPOk.exe
  2⤵
  PID:14104
- C:\Windows\System\KCzVMiu.exe
  C:\Windows\System\KCzVMiu.exe
  2⤵
  PID:14132
- C:\Windows\System\lkqQrsa.exe
  C:\Windows\System\lkqQrsa.exe
  2⤵
  PID:14160
- C:\Windows\System\xOoQzTp.exe
  C:\Windows\System\xOoQzTp.exe
  2⤵
  PID:14188
- C:\Windows\System\wtLKgRP.exe
  C:\Windows\System\wtLKgRP.exe
  2⤵
  PID:14216
- C:\Windows\System\IdJKyVT.exe
  C:\Windows\System\IdJKyVT.exe
  2⤵
  PID:14256
- C:\Windows\System\IpwYYxH.exe
  C:\Windows\System\IpwYYxH.exe
  2⤵
  PID:14272
- C:\Windows\System\kVZGyXr.exe
  C:\Windows\System\kVZGyXr.exe
  2⤵
  PID:14304
- C:\Windows\System\AizswBt.exe
  C:\Windows\System\AizswBt.exe
  2⤵
  PID:14324
- C:\Windows\System\fDJCWyH.exe
  C:\Windows\System\fDJCWyH.exe
  2⤵
  PID:13324
- C:\Windows\System\JWSoVpY.exe
  C:\Windows\System\JWSoVpY.exe
  2⤵
  PID:13404
- C:\Windows\System\bxctuFe.exe
  C:\Windows\System\bxctuFe.exe
  2⤵
  PID:1032
- C:\Windows\System\VGvrvRn.exe
  C:\Windows\System\VGvrvRn.exe
  2⤵
  PID:4176
- C:\Windows\System\nSCoBtG.exe
  C:\Windows\System\nSCoBtG.exe
  2⤵
  PID:13616
- C:\Windows\System\jwLyzgU.exe
  C:\Windows\System\jwLyzgU.exe
  2⤵
  PID:13676
- C:\Windows\System\GnRAqzf.exe
  C:\Windows\System\GnRAqzf.exe
  2⤵
  PID:4932
- C:\Windows\System\QSthhgJ.exe
  C:\Windows\System\QSthhgJ.exe
  2⤵
  PID:13788
- C:\Windows\System\MAKSLKT.exe
  C:\Windows\System\MAKSLKT.exe
  2⤵
  PID:13860
- C:\Windows\System\rfcIleU.exe
  C:\Windows\System\rfcIleU.exe
  2⤵
  PID:13892
- C:\Windows\System\FVHgtbp.exe
  C:\Windows\System\FVHgtbp.exe
  2⤵
  PID:13932
- C:\Windows\System\mBrGKyl.exe
  C:\Windows\System\mBrGKyl.exe
  2⤵
  PID:13984
- C:\Windows\System\uvDjxvo.exe
  C:\Windows\System\uvDjxvo.exe
  2⤵
  PID:14032
- C:\Windows\System\bqBlNwm.exe
  C:\Windows\System\bqBlNwm.exe
  2⤵
  PID:14072
- C:\Windows\System\WkiyWXH.exe
  C:\Windows\System\WkiyWXH.exe
  2⤵
  PID:14124
- C:\Windows\System\yNPLKjd.exe
  C:\Windows\System\yNPLKjd.exe
  2⤵
  PID:13668
- C:\Windows\System\ZdotEMC.exe
  C:\Windows\System\ZdotEMC.exe
  2⤵
  PID:5408
- C:\Windows\System\HPVZQhj.exe
  C:\Windows\System\HPVZQhj.exe
  2⤵
  PID:14248
- C:\Windows\System\PbhxQib.exe
  C:\Windows\System\PbhxQib.exe
  2⤵
  PID:5460
- C:\Windows\System\TZIpSau.exe
  C:\Windows\System\TZIpSau.exe
  2⤵
  PID:5480
- C:\Windows\System\sgZbFzb.exe
  C:\Windows\System\sgZbFzb.exe
  2⤵
  PID:5508
- C:\Windows\System\sxcmUYp.exe
  C:\Windows\System\sxcmUYp.exe
  2⤵
  PID:4576
- C:\Windows\System\PCZqZMa.exe
  C:\Windows\System\PCZqZMa.exe
  2⤵
  PID:2860
- C:\Windows\System\Wezyrhq.exe
  C:\Windows\System\Wezyrhq.exe
  2⤵
  PID:13704
- C:\Windows\System\OjizQIW.exe
  C:\Windows\System\OjizQIW.exe
  2⤵
  PID:2144
- C:\Windows\System\COiBgnp.exe
  C:\Windows\System\COiBgnp.exe
  2⤵
  PID:13780
- C:\Windows\System\XZfqjzi.exe
  C:\Windows\System\XZfqjzi.exe
  2⤵
  PID:13836
- C:\Windows\System\mwBADRR.exe
  C:\Windows\System\mwBADRR.exe
  2⤵
  PID:13928
- C:\Windows\System\dpfuUzl.exe
  C:\Windows\System\dpfuUzl.exe
  2⤵
  PID:14012
- C:\Windows\System\PLkPOYM.exe
  C:\Windows\System\PLkPOYM.exe
  2⤵
  PID:14088
- C:\Windows\System\ZoPCJfg.exe
  C:\Windows\System\ZoPCJfg.exe
  2⤵
  PID:5344
- C:\Windows\System\kvvWKJN.exe
  C:\Windows\System\kvvWKJN.exe
  2⤵
  PID:14236
- C:\Windows\System\swyNpQx.exe
  C:\Windows\System\swyNpQx.exe
  2⤵
  PID:14292
- C:\Windows\System\fbXmqeb.exe
  C:\Windows\System\fbXmqeb.exe
  2⤵
  PID:6732
- C:\Windows\System\KQzRkik.exe
  C:\Windows\System\KQzRkik.exe
  2⤵
  PID:2752
- C:\Windows\System\KJqZHui.exe
  C:\Windows\System\KJqZHui.exe
  2⤵
  PID:1644
- C:\Windows\System\gaAYHKq.exe
  C:\Windows\System\gaAYHKq.exe
  2⤵
  PID:5916
- C:\Windows\System\zVLsrkD.exe
  C:\Windows\System\zVLsrkD.exe
  2⤵
  PID:5928
- C:\Windows\System\aWNSWKi.exe
  C:\Windows\System\aWNSWKi.exe
  2⤵
  PID:5956
- C:\Windows\System\GHKAGeQ.exe
  C:\Windows\System\GHKAGeQ.exe
  2⤵
  PID:13920
- C:\Windows\System\QoauJfL.exe
  C:\Windows\System\QoauJfL.exe
  2⤵
  PID:13976
- C:\Windows\System\NMZsAAk.exe
  C:\Windows\System\NMZsAAk.exe
  2⤵
  PID:14068
- C:\Windows\System\KbpOGOA.exe
  C:\Windows\System\KbpOGOA.exe
  2⤵
  PID:14200
- C:\Windows\System\sbNEOiy.exe
  C:\Windows\System\sbNEOiy.exe
  2⤵
  PID:6792
- C:\Windows\System\TlqYoUL.exe
  C:\Windows\System\TlqYoUL.exe
  2⤵
  PID:7196
- C:\Windows\System\mRmKFoE.exe
  C:\Windows\System\mRmKFoE.exe
  2⤵
  PID:7224
- C:\Windows\System\IScouBP.exe
  C:\Windows\System\IScouBP.exe
  2⤵
  PID:5488
- C:\Windows\System\sgwozSY.exe
  C:\Windows\System\sgwozSY.exe
  2⤵
  PID:7284
- C:\Windows\System\dykWIqa.exe
  C:\Windows\System\dykWIqa.exe
  2⤵
  PID:5552
- C:\Windows\System\YCleahw.exe
  C:\Windows\System\YCleahw.exe
  2⤵
  PID:7344
- C:\Windows\System\rBYKtHo.exe
  C:\Windows\System\rBYKtHo.exe
  2⤵
  PID:3048
- C:\Windows\System\srIFQRM.exe
  C:\Windows\System\srIFQRM.exe
  2⤵
  PID:5636
- C:\Windows\System\WRJWpFj.exe
  C:\Windows\System\WRJWpFj.exe
  2⤵
  PID:7468
- C:\Windows\System\qAefNHQ.exe
  C:\Windows\System\qAefNHQ.exe
  2⤵
  PID:6012
- C:\Windows\System\bpJMiDw.exe
  C:\Windows\System\bpJMiDw.exe
  2⤵
  PID:5324
- C:\Windows\System\pOLuSja.exe
  C:\Windows\System\pOLuSja.exe
  2⤵
  PID:7548
- C:\Windows\System\AZrpYRu.exe
  C:\Windows\System\AZrpYRu.exe
  2⤵
  PID:7580
- C:\Windows\System\oahQYUU.exe
  C:\Windows\System\oahQYUU.exe
  2⤵
  PID:5484
- C:\Windows\System\MBXlpgK.exe
  C:\Windows\System\MBXlpgK.exe
  2⤵
  PID:7660
- C:\Windows\System\afveWOn.exe
  C:\Windows\System\afveWOn.exe
  2⤵
  PID:7688
- C:\Windows\System\zCNQIYJ.exe
  C:\Windows\System\zCNQIYJ.exe
  2⤵
  PID:7720
- C:\Windows\System\kGuCKQh.exe
  C:\Windows\System\kGuCKQh.exe
  2⤵
  PID:7368
- C:\Windows\System\SgZdSHr.exe
  C:\Windows\System\SgZdSHr.exe
  2⤵
  PID:7408
- C:\Windows\System\wPBJDEU.exe
  C:\Windows\System\wPBJDEU.exe
  2⤵
  PID:13900
- C:\Windows\System\ZYPmmOg.exe
  C:\Windows\System\ZYPmmOg.exe
  2⤵
  PID:7840
- C:\Windows\System\rkdtuQy.exe
  C:\Windows\System\rkdtuQy.exe
  2⤵
  PID:5828
- C:\Windows\System\DrRJrlH.exe
  C:\Windows\System\DrRJrlH.exe
  2⤵
  PID:5364
- C:\Windows\System\EeYwsoW.exe
  C:\Windows\System\EeYwsoW.exe
  2⤵
  PID:5964
- C:\Windows\System\KAXyVdN.exe
  C:\Windows\System\KAXyVdN.exe
  2⤵
  PID:8004
- C:\Windows\System\URhQTgm.exe
  C:\Windows\System\URhQTgm.exe
  2⤵
  PID:7632
- C:\Windows\System\FTEmoZu.exe
  C:\Windows\System\FTEmoZu.exe
  2⤵
  PID:4456
- C:\Windows\System\XcBWzfu.exe
  C:\Windows\System\XcBWzfu.exe
  2⤵
  PID:960
- C:\Windows\System\hXeotAF.exe
  C:\Windows\System\hXeotAF.exe
  2⤵
  PID:7748
- C:\Windows\System\jaDoNbK.exe
  C:\Windows\System\jaDoNbK.exe
  2⤵
  PID:7776
- C:\Windows\System\yoksHlj.exe
  C:\Windows\System\yoksHlj.exe
  2⤵
  PID:5524
- C:\Windows\System\OoaEYRF.exe
  C:\Windows\System\OoaEYRF.exe
  2⤵
  PID:7232
- C:\Windows\System\WPDjitC.exe
  C:\Windows\System\WPDjitC.exe
  2⤵
  PID:7300
- C:\Windows\System\VSghPbd.exe
  C:\Windows\System\VSghPbd.exe
  2⤵
  PID:7576
- C:\Windows\System\kalTmep.exe
  C:\Windows\System\kalTmep.exe
  2⤵
  PID:7476
- C:\Windows\System\oVDOpON.exe
  C:\Windows\System\oVDOpON.exe
  2⤵
  PID:6128
- C:\Windows\System\vfOUHRx.exe
  C:\Windows\System\vfOUHRx.exe
  2⤵
  PID:5520
- C:\Windows\System\VdwFwEU.exe
  C:\Windows\System\VdwFwEU.exe
  2⤵
  PID:7752
- C:\Windows\System\EZYwBDZ.exe
  C:\Windows\System\EZYwBDZ.exe
  2⤵
  PID:2192
- C:\Windows\System\tQklVAK.exe
  C:\Windows\System\tQklVAK.exe
  2⤵
  PID:5600
- C:\Windows\System\ZmctufN.exe
  C:\Windows\System\ZmctufN.exe
  2⤵
  PID:7884
- C:\Windows\System\JBDBbfm.exe
  C:\Windows\System\JBDBbfm.exe
  2⤵
  PID:6264
- C:\Windows\System\AheZfIV.exe
  C:\Windows\System\AheZfIV.exe
  2⤵
  PID:5564
- C:\Windows\System\YPqujWl.exe
  C:\Windows\System\YPqujWl.exe
  2⤵
  PID:7212
- C:\Windows\System\gmXxIzz.exe
  C:\Windows\System\gmXxIzz.exe
  2⤵
  PID:8116
- C:\Windows\System\NgNvqrx.exe
  C:\Windows\System\NgNvqrx.exe
  2⤵
  PID:5596
- C:\Windows\System\IOWItEL.exe
  C:\Windows\System\IOWItEL.exe
  2⤵
  PID:7900
- C:\Windows\System\SXktosA.exe
  C:\Windows\System\SXktosA.exe
  2⤵
  PID:13872
- C:\Windows\System\XZrFKub.exe
  C:\Windows\System\XZrFKub.exe
  2⤵
  PID:8032
- C:\Windows\System\wBncLZh.exe
  C:\Windows\System\wBncLZh.exe
  2⤵
  PID:7356
- C:\Windows\System\DbPzBnB.exe
  C:\Windows\System\DbPzBnB.exe
  2⤵
  PID:8052
- C:\Windows\System\FNDKSmv.exe
  C:\Windows\System\FNDKSmv.exe
  2⤵
  PID:6460
- C:\Windows\System\UsDxYUR.exe
  C:\Windows\System\UsDxYUR.exe
  2⤵
  PID:6312
- C:\Windows\System\HWxMGYl.exe
  C:\Windows\System\HWxMGYl.exe
  2⤵
  PID:7496
- C:\Windows\System\WnVYWRE.exe
  C:\Windows\System\WnVYWRE.exe
  2⤵
  PID:6412
- C:\Windows\System\hdvUFCb.exe
  C:\Windows\System\hdvUFCb.exe
  2⤵
  PID:8044
- C:\Windows\System\lVjaWsv.exe
  C:\Windows\System\lVjaWsv.exe
  2⤵
  PID:3064
- C:\Windows\System\CRlfLXJ.exe
  C:\Windows\System\CRlfLXJ.exe
  2⤵
  PID:2620
- C:\Windows\System\fweRGTz.exe
  C:\Windows\System\fweRGTz.exe
  2⤵
  PID:6608
- C:\Windows\System\gLiugVO.exe
  C:\Windows\System\gLiugVO.exe
  2⤵
  PID:2564
- C:\Windows\System\JqbyPuK.exe
  C:\Windows\System\JqbyPuK.exe
  2⤵
  PID:4460
- C:\Windows\System\ZLBndin.exe
  C:\Windows\System\ZLBndin.exe
  2⤵
  PID:6704
- C:\Windows\System\KdWMhXu.exe
  C:\Windows\System\KdWMhXu.exe
  2⤵
  PID:6800
- C:\Windows\System\mAKykXK.exe
  C:\Windows\System\mAKykXK.exe
  2⤵
  PID:4116
- C:\Windows\System\eUysVVd.exe
  C:\Windows\System\eUysVVd.exe
  2⤵
  PID:6844
- C:\Windows\System\NCHmRxB.exe
  C:\Windows\System\NCHmRxB.exe
  2⤵
  PID:8340
- C:\Windows\System\NXoLoZL.exe
  C:\Windows\System\NXoLoZL.exe
  2⤵
  PID:6700
- C:\Windows\System\DuhbgLv.exe
  C:\Windows\System\DuhbgLv.exe
  2⤵
  PID:8316
- C:\Windows\System\JZthCKN.exe
  C:\Windows\System\JZthCKN.exe
  2⤵
  PID:264
- C:\Windows\System\AeLrsvF.exe
  C:\Windows\System\AeLrsvF.exe
  2⤵
  PID:8376
- C:\Windows\System\pjojHRt.exe
  C:\Windows\System\pjojHRt.exe
  2⤵
  PID:6900
- C:\Windows\System\DJQfAcS.exe
  C:\Windows\System\DJQfAcS.exe
  2⤵
  PID:6960
- C:\Windows\System\kTtOIHl.exe
  C:\Windows\System\kTtOIHl.exe
  2⤵
  PID:8564
- C:\Windows\System\yaYEQBW.exe
  C:\Windows\System\yaYEQBW.exe
  2⤵
  PID:8508
- C:\Windows\System\ytUjXSi.exe
  C:\Windows\System\ytUjXSi.exe
  2⤵
  PID:4820
- C:\Windows\System\WGSUpHp.exe
  C:\Windows\System\WGSUpHp.exe
  2⤵
  PID:8396
- C:\Windows\System\WFZiqZa.exe
  C:\Windows\System\WFZiqZa.exe
  2⤵
  PID:7084
- C:\Windows\System\nIYIQtK.exe
  C:\Windows\System\nIYIQtK.exe
  2⤵
  PID:8748
- C:\Windows\System\sVtoKRX.exe
  C:\Windows\System\sVtoKRX.exe
  2⤵
  PID:8592
- C:\Windows\System\wsxkmIx.exe
  C:\Windows\System\wsxkmIx.exe
  2⤵
  PID:7140
- C:\Windows\System\ztcUyLM.exe
  C:\Windows\System\ztcUyLM.exe
  2⤵
  PID:5544
- C:\Windows\System\TwmCcDZ.exe
  C:\Windows\System\TwmCcDZ.exe
  2⤵
  PID:7432
- C:\Windows\System\EaxpPsm.exe
  C:\Windows\System\EaxpPsm.exe
  2⤵
  PID:5892
- C:\Windows\System\bxmshDt.exe
  C:\Windows\System\bxmshDt.exe
  2⤵
  PID:8868
- C:\Windows\System\WWOKIpM.exe
  C:\Windows\System\WWOKIpM.exe
  2⤵
  PID:8812
- C:\Windows\System\odlXGhU.exe
  C:\Windows\System\odlXGhU.exe
  2⤵
  PID:8944
- C:\Windows\System\RboPflC.exe
  C:\Windows\System\RboPflC.exe
  2⤵
  PID:8972
- C:\Windows\System\UKBOjhk.exe
  C:\Windows\System\UKBOjhk.exe
  2⤵
  PID:6072
- C:\Windows\System\AIvTmpR.exe
  C:\Windows\System\AIvTmpR.exe
  2⤵
  PID:9100
- C:\Windows\System\ywKorDZ.exe
  C:\Windows\System\ywKorDZ.exe
  2⤵
  PID:6240
- C:\Windows\System\InLBHIj.exe
  C:\Windows\System\InLBHIj.exe
  2⤵
  PID:2940
- C:\Windows\System\knpxeLB.exe
  C:\Windows\System\knpxeLB.exe
  2⤵
  PID:6472
- C:\Windows\System\mxbPUfG.exe
  C:\Windows\System\mxbPUfG.exe
  2⤵
  PID:2116
- C:\Windows\System\rAQNUtg.exe
  C:\Windows\System\rAQNUtg.exe
  2⤵
  PID:8608
- C:\Windows\System\YhVzGaK.exe
  C:\Windows\System\YhVzGaK.exe
  2⤵
  PID:6644
- C:\Windows\System\NXOzxZx.exe
  C:\Windows\System\NXOzxZx.exe
  2⤵
  PID:6708
- C:\Windows\System\LwDJkOg.exe
  C:\Windows\System\LwDJkOg.exe
  2⤵
  PID:6712
- C:\Windows\System\FcqdCCl.exe
  C:\Windows\System\FcqdCCl.exe
  2⤵
  PID:8780
- C:\Windows\System\xDdwhjR.exe
  C:\Windows\System\xDdwhjR.exe
  2⤵
  PID:8876
- C:\Windows\System\dfeUPEi.exe
  C:\Windows\System\dfeUPEi.exe
  2⤵
  PID:14360
- C:\Windows\System\MAtbcIw.exe
  C:\Windows\System\MAtbcIw.exe
  2⤵
  PID:14388
- C:\Windows\System\rWdeCKh.exe
  C:\Windows\System\rWdeCKh.exe
  2⤵
  PID:14416
- C:\Windows\System\DgttVLk.exe
  C:\Windows\System\DgttVLk.exe
  2⤵
  PID:14444
- C:\Windows\System\UTlZJpF.exe
  C:\Windows\System\UTlZJpF.exe
  2⤵
  PID:14472
- C:\Windows\System\ZtysSvN.exe
  C:\Windows\System\ZtysSvN.exe
  2⤵
  PID:14500
- C:\Windows\System\EiAbGFM.exe
  C:\Windows\System\EiAbGFM.exe
  2⤵
  PID:14528
- C:\Windows\System\NecZnuv.exe
  C:\Windows\System\NecZnuv.exe
  2⤵
  PID:14556
- C:\Windows\System\fnFZaik.exe
  C:\Windows\System\fnFZaik.exe
  2⤵
  PID:14588
- C:\Windows\System\KpdUfkg.exe
  C:\Windows\System\KpdUfkg.exe
  2⤵
  PID:14616
- C:\Windows\System\wOdGKNw.exe
  C:\Windows\System\wOdGKNw.exe
  2⤵
  PID:14644
- C:\Windows\System\baTNiIi.exe
  C:\Windows\System\baTNiIi.exe
  2⤵
  PID:14676
- C:\Windows\System\OdUHYlG.exe
  C:\Windows\System\OdUHYlG.exe
  2⤵
  PID:14700
- C:\Windows\System\TaRPodP.exe
  C:\Windows\System\TaRPodP.exe
  2⤵
  PID:14728
- C:\Windows\System\UYRAXmv.exe
  C:\Windows\System\UYRAXmv.exe
  2⤵
  PID:14756
- C:\Windows\System\FFoZUKC.exe
  C:\Windows\System\FFoZUKC.exe
  2⤵
  PID:14808
- C:\Windows\System\hIakfyy.exe
  C:\Windows\System\hIakfyy.exe
  2⤵
  PID:14824
- C:\Windows\System\zjoCKFV.exe
  C:\Windows\System\zjoCKFV.exe
  2⤵
  PID:14852
- C:\Windows\System\jZbeMrr.exe
  C:\Windows\System\jZbeMrr.exe
  2⤵
  PID:14880
- C:\Windows\System\pkqeBrZ.exe
  C:\Windows\System\pkqeBrZ.exe
  2⤵
  PID:14912
- C:\Windows\System\VEVgpzm.exe
  C:\Windows\System\VEVgpzm.exe
  2⤵
  PID:14940
- C:\Windows\System\kOgeIal.exe
  C:\Windows\System\kOgeIal.exe
  2⤵
  PID:14968
- C:\Windows\System\YatsPCx.exe
  C:\Windows\System\YatsPCx.exe
  2⤵
  PID:14996
- C:\Windows\System\IGYsBBU.exe
  C:\Windows\System\IGYsBBU.exe
  2⤵
  PID:15040
- C:\Windows\System\BFKXjkl.exe
  C:\Windows\System\BFKXjkl.exe
  2⤵
  PID:15056
- C:\Windows\System\zEkjcut.exe
  C:\Windows\System\zEkjcut.exe
  2⤵
  PID:15084
- C:\Windows\System\hSbaZhe.exe
  C:\Windows\System\hSbaZhe.exe
  2⤵
  PID:15112
- C:\Windows\System\YAykvhu.exe
  C:\Windows\System\YAykvhu.exe
  2⤵
  PID:15140
- C:\Windows\System\EAZZEzt.exe
  C:\Windows\System\EAZZEzt.exe
  2⤵
  PID:15168
- C:\Windows\System\agagOLU.exe
  C:\Windows\System\agagOLU.exe
  2⤵
  PID:15196
- C:\Windows\System\WZXFyOE.exe
  C:\Windows\System\WZXFyOE.exe
  2⤵
  PID:15228
- C:\Windows\System\LAEPnvp.exe
  C:\Windows\System\LAEPnvp.exe
  2⤵
  PID:15256
- C:\Windows\System\sIZcUTK.exe
  C:\Windows\System\sIZcUTK.exe
  2⤵
  PID:15284
- C:\Windows\System\UcvpeAv.exe
  C:\Windows\System\UcvpeAv.exe
  2⤵
  PID:15312
- C:\Windows\System\cBmkRvi.exe
  C:\Windows\System\cBmkRvi.exe
  2⤵
  PID:15340
- C:\Windows\System\CjfQCvq.exe
  C:\Windows\System\CjfQCvq.exe
  2⤵
  PID:8948
- C:\Windows\System\VAKdCaX.exe
  C:\Windows\System\VAKdCaX.exe
  2⤵
  PID:6860
- C:\Windows\System\QrtxCNX.exe
  C:\Windows\System\QrtxCNX.exe
  2⤵
  PID:6940
- C:\Windows\System\VGVXKnh.exe
  C:\Windows\System\VGVXKnh.exe
  2⤵
  PID:14436
- C:\Windows\System\upJPSzU.exe
  C:\Windows\System\upJPSzU.exe
  2⤵
  PID:14468
- C:\Windows\System\VoMAhvm.exe
  C:\Windows\System\VoMAhvm.exe
  2⤵
  PID:14496
- C:\Windows\System\MgQTNqg.exe
  C:\Windows\System\MgQTNqg.exe
  2⤵
  PID:14544
- C:\Windows\System\WpABFjX.exe
  C:\Windows\System\WpABFjX.exe
  2⤵
  PID:14568
- C:\Windows\System\yXaSQRi.exe
  C:\Windows\System\yXaSQRi.exe
  2⤵
  PID:1404
- C:\Windows\System\CEIGITP.exe
  C:\Windows\System\CEIGITP.exe
  2⤵
  PID:14636
- C:\Windows\System\SVuTtlZ.exe
  C:\Windows\System\SVuTtlZ.exe
  2⤵
  PID:8400
- C:\Windows\System\AZqGfau.exe
  C:\Windows\System\AZqGfau.exe
  2⤵
  PID:8920
- C:\Windows\System\nYrBrbU.exe
  C:\Windows\System\nYrBrbU.exe
  2⤵
  PID:14724
- C:\Windows\System\otyCshG.exe
  C:\Windows\System\otyCshG.exe
  2⤵
  PID:14752
- C:\Windows\System\PTeLxhb.exe
  C:\Windows\System\PTeLxhb.exe
  2⤵
  PID:4600
- C:\Windows\System\amXtzPp.exe
  C:\Windows\System\amXtzPp.exe
  2⤵
  PID:9244
- C:\Windows\System\xhbsUxm.exe
  C:\Windows\System\xhbsUxm.exe
  2⤵
  PID:9320
- C:\Windows\System\cxEoQUZ.exe
  C:\Windows\System\cxEoQUZ.exe
  2⤵
  PID:3528
- C:\Windows\System\gmebGde.exe
  C:\Windows\System\gmebGde.exe
  2⤵
  PID:9412
- C:\Windows\System\TQuXHWN.exe
  C:\Windows\System\TQuXHWN.exe
  2⤵
  PID:14872
- C:\Windows\System\PzQQctj.exe
  C:\Windows\System\PzQQctj.exe
  2⤵
  PID:14900
- C:\Windows\System\TTkbQil.exe
  C:\Windows\System\TTkbQil.exe
  2⤵
  PID:14952
- C:\Windows\System\HzZyqFy.exe
  C:\Windows\System\HzZyqFy.exe
  2⤵
  PID:14988
- C:\Windows\System\zLiepts.exe
  C:\Windows\System\zLiepts.exe
  2⤵
  PID:15032
- C:\Windows\System\pbNANDq.exe
  C:\Windows\System\pbNANDq.exe
  2⤵
  PID:15048
- C:\Windows\System\dFrCETr.exe
  C:\Windows\System\dFrCETr.exe
  2⤵
  PID:9740
- C:\Windows\System\SddTSFj.exe
  C:\Windows\System\SddTSFj.exe
  2⤵
  PID:15268
- C:\Windows\System\irCiySt.exe
  C:\Windows\System\irCiySt.exe
  2⤵
  PID:15276
- C:\Windows\System\aPNxkzL.exe
  C:\Windows\System\aPNxkzL.exe
  2⤵
  PID:15324
- C:\Windows\System\xacxhFf.exe
  C:\Windows\System\xacxhFf.exe
  2⤵
  PID:10000
- C:\Windows\System\wFjXfBF.exe
  C:\Windows\System\wFjXfBF.exe
  2⤵
  PID:10024
- C:\Windows\System\pAVkWWm.exe
  C:\Windows\System\pAVkWWm.exe
  2⤵
  PID:10096
- C:\Windows\System\aqnnFLO.exe
  C:\Windows\System\aqnnFLO.exe
  2⤵
  PID:10144
- C:\Windows\System\vnGqWQf.exe
  C:\Windows\System\vnGqWQf.exe
  2⤵
  PID:10164
- C:\Windows\System\xBJqXdS.exe
  C:\Windows\System\xBJqXdS.exe
  2⤵
  PID:14628
- C:\Windows\System\aFpYheS.exe
  C:\Windows\System\aFpYheS.exe
  2⤵
  PID:14712
- C:\Windows\System\HaXdUlE.exe
  C:\Windows\System\HaXdUlE.exe
  2⤵
  PID:736
- C:\Windows\System\pJNaLEt.exe
  C:\Windows\System\pJNaLEt.exe
  2⤵
  PID:6160
- C:\Windows\System\fwnxxxH.exe
  C:\Windows\System\fwnxxxH.exe
  2⤵
  PID:9292
- C:\Windows\System\CzCaAbY.exe
  C:\Windows\System\CzCaAbY.exe
  2⤵
  PID:9332
- C:\Windows\System\BZvhBgK.exe
  C:\Windows\System\BZvhBgK.exe
  2⤵
  PID:9484
- C:\Windows\System\lrSFjve.exe
  C:\Windows\System\lrSFjve.exe
  2⤵
  PID:14924
- C:\Windows\System\jZufWRQ.exe
  C:\Windows\System\jZufWRQ.exe
  2⤵
  PID:14980
- C:\Windows\System\JuzNtRM.exe
  C:\Windows\System\JuzNtRM.exe
  2⤵
  PID:9636
- C:\Windows\System\YqvxTQH.exe
  C:\Windows\System\YqvxTQH.exe
  2⤵
  PID:4396
- C:\Windows\System\yIvpYzL.exe
  C:\Windows\System\yIvpYzL.exe
  2⤵
  PID:10100
- C:\Windows\System\WueLVjJ.exe
  C:\Windows\System\WueLVjJ.exe
  2⤵
  PID:15160
- C:\Windows\System\KKVIfGn.exe
  C:\Windows\System\KKVIfGn.exe
  2⤵
  PID:9464
- C:\Windows\System\YVdAWEn.exe
  C:\Windows\System\YVdAWEn.exe
  2⤵
  PID:15304
- C:\Windows\System\otfQxGT.exe
  C:\Windows\System\otfQxGT.exe
  2⤵
  PID:15352
- C:\Windows\System\TaktyqY.exe
  C:\Windows\System\TaktyqY.exe
  2⤵
  PID:9924
- C:\Windows\System\bVSGDrY.exe
  C:\Windows\System\bVSGDrY.exe
  2⤵
  PID:3968
- C:\Windows\System\JiIgsKj.exe
  C:\Windows\System\JiIgsKj.exe
  2⤵
  PID:14492
- C:\Windows\System\dYXWsRQ.exe
  C:\Windows\System\dYXWsRQ.exe
  2⤵
  PID:10148
- C:\Windows\System\eaDbdIr.exe
  C:\Windows\System\eaDbdIr.exe
  2⤵
  PID:10264
- C:\Windows\System\hACpgzk.exe
  C:\Windows\System\hACpgzk.exe
  2⤵
  PID:14656
- C:\Windows\System\wRChopH.exe
  C:\Windows\System\wRChopH.exe
  2⤵
  PID:4468
- C:\Windows\System\SVwCCai.exe
  C:\Windows\System\SVwCCai.exe
  2⤵
  PID:14792
- C:\Windows\System\bUqKVwP.exe
  C:\Windows\System\bUqKVwP.exe
  2⤵
  PID:10408
- C:\Windows\System\TEbvLSd.exe
  C:\Windows\System\TEbvLSd.exe
  2⤵
  PID:9556
- C:\Windows\System\mzVNIZq.exe
  C:\Windows\System\mzVNIZq.exe
  2⤵
  PID:10464
- C:\Windows\System\kERRXmr.exe
  C:\Windows\System\kERRXmr.exe
  2⤵
  PID:9628
- C:\Windows\System\QHAbObE.exe
  C:\Windows\System\QHAbObE.exe
  2⤵
  PID:10556
- C:\Windows\System\HANJswF.exe
  C:\Windows\System\HANJswF.exe
  2⤵
  PID:10616
- C:\Windows\System\Pjmdhah.exe
  C:\Windows\System\Pjmdhah.exe
  2⤵
  PID:15224
- C:\Windows\System\cuFMZVF.exe
  C:\Windows\System\cuFMZVF.exe
  2⤵
  PID:10692
- C:\Windows\System\WWfOnba.exe
  C:\Windows\System\WWfOnba.exe
  2⤵
  PID:9912
- C:\Windows\System\WdOVXWH.exe
  C:\Windows\System\WdOVXWH.exe
  2⤵
  PID:10044
- C:\Windows\System\pTcVVFb.exe
  C:\Windows\System\pTcVVFb.exe
  2⤵
  PID:14352
- C:\Windows\System\GfeHQmn.exe
  C:\Windows\System\GfeHQmn.exe
  2⤵
  PID:14464
- C:\Windows\System\NjuIDmZ.exe
  C:\Windows\System\NjuIDmZ.exe
  2⤵
  PID:10832
- C:\Windows\System\qTjcbOB.exe
  C:\Windows\System\qTjcbOB.exe
  2⤵
  PID:10860
- C:\Windows\System\KxIlSzv.exe
  C:\Windows\System\KxIlSzv.exe
  2⤵
  PID:6400
- C:\Windows\System\dWJPBoO.exe
  C:\Windows\System\dWJPBoO.exe
  2⤵
  PID:10948
- C:\Windows\System\jyRAxMK.exe
  C:\Windows\System\jyRAxMK.exe
  2⤵
  PID:10976
- C:\Windows\System\aqfBhKr.exe
  C:\Windows\System\aqfBhKr.exe
  2⤵
  PID:11060
- C:\Windows\System\tTOyCEv.exe
  C:\Windows\System\tTOyCEv.exe
  2⤵
  PID:11144
- C:\Windows\System\GADUoPQ.exe
  C:\Windows\System\GADUoPQ.exe
  2⤵
  PID:10296
- C:\Windows\System\OyfatxY.exe
  C:\Windows\System\OyfatxY.exe
  2⤵
  PID:9528
- C:\Windows\System\dvnavUE.exe
  C:\Windows\System\dvnavUE.exe
  2⤵
  PID:10496
- C:\Windows\System\ZyjUAPA.exe
  C:\Windows\System\ZyjUAPA.exe
  2⤵
  PID:14668
- C:\Windows\System\VzIMpnl.exe
  C:\Windows\System\VzIMpnl.exe
  2⤵
  PID:10700
- C:\Windows\System\Oskazee.exe
  C:\Windows\System\Oskazee.exe
  2⤵
  PID:10672
- C:\Windows\System\WyabVrc.exe
  C:\Windows\System\WyabVrc.exe
  2⤵
  PID:10872
- C:\Windows\System\WcUmcJV.exe
  C:\Windows\System\WcUmcJV.exe
  2⤵
  PID:10988
- C:\Windows\System\SDoMdCG.exe
  C:\Windows\System\SDoMdCG.exe
  2⤵
  PID:10804
- C:\Windows\System\nIKgQSm.exe
  C:\Windows\System\nIKgQSm.exe
  2⤵
  PID:4420
- C:\Windows\System\KCLfslD.exe
  C:\Windows\System\KCLfslD.exe
  2⤵
  PID:10328
- C:\Windows\System\SVzFqQa.exe
  C:\Windows\System\SVzFqQa.exe
  2⤵
  PID:10392
- C:\Windows\System\cyYjnBk.exe
  C:\Windows\System\cyYjnBk.exe
  2⤵
  PID:11036
- C:\Windows\System\aRHKbJT.exe
  C:\Windows\System\aRHKbJT.exe
  2⤵
  PID:11208
- C:\Windows\System\cQAVCRl.exe
  C:\Windows\System\cQAVCRl.exe
  2⤵
  PID:14908
- C:\Windows\System\RSYgmbR.exe
  C:\Windows\System\RSYgmbR.exe
  2⤵
  PID:11016
- C:\Windows\System\vpoiNuQ.exe
  C:\Windows\System\vpoiNuQ.exe
  2⤵
  PID:10612
- C:\Windows\System\zXCHRDO.exe
  C:\Windows\System\zXCHRDO.exe
  2⤵
  PID:10664
- C:\Windows\System\rzUbUAJ.exe
  C:\Windows\System\rzUbUAJ.exe
  2⤵
  PID:10784
- C:\Windows\System\OpUnzLx.exe
  C:\Windows\System\OpUnzLx.exe
  2⤵
  PID:14412
- C:\Windows\System\uiBYbkW.exe
  C:\Windows\System\uiBYbkW.exe
  2⤵
  PID:11192
- C:\Windows\System\yZmGWNm.exe
  C:\Windows\System\yZmGWNm.exe
  2⤵
  PID:10904
- C:\Windows\System\tERbSzG.exe
  C:\Windows\System\tERbSzG.exe
  2⤵
  PID:10504
- C:\Windows\System\kfxHcyh.exe
  C:\Windows\System\kfxHcyh.exe
  2⤵
  PID:10244
- C:\Windows\System\QSrwQrx.exe
  C:\Windows\System\QSrwQrx.exe
  2⤵
  PID:11368
- C:\Windows\System\KCBHkZh.exe
  C:\Windows\System\KCBHkZh.exe
  2⤵
  PID:10252
- C:\Windows\System\dMAGePf.exe
  C:\Windows\System\dMAGePf.exe
  2⤵
  PID:2020
- C:\Windows\System\dXfizlo.exe
  C:\Windows\System\dXfizlo.exe
  2⤵
  PID:11012
- C:\Windows\System\KtJXbpx.exe
  C:\Windows\System\KtJXbpx.exe
  2⤵
  PID:11548
- C:\Windows\System\QnuSjCK.exe
  C:\Windows\System\QnuSjCK.exe
  2⤵
  PID:9376
- C:\Windows\System\wvRwOiA.exe
  C:\Windows\System\wvRwOiA.exe
  2⤵
  PID:11140
- C:\Windows\System\jyCWUmW.exe
  C:\Windows\System\jyCWUmW.exe
  2⤵
  PID:11664
- C:\Windows\System\fXNeBQm.exe
  C:\Windows\System\fXNeBQm.exe
  2⤵
  PID:11408
- C:\Windows\System\JFdcHIG.exe
  C:\Windows\System\JFdcHIG.exe
  2⤵
  PID:11492
- C:\Windows\System\nuWiBRy.exe
  C:\Windows\System\nuWiBRy.exe
  2⤵
  PID:11556
- C:\Windows\System\hiybEAp.exe
  C:\Windows\System\hiybEAp.exe
  2⤵
  PID:11844
- C:\Windows\System\cFIgGWI.exe
  C:\Windows\System\cFIgGWI.exe
  2⤵
  PID:11872
- C:\Windows\System\iAhhXla.exe
  C:\Windows\System\iAhhXla.exe
  2⤵
  PID:11724
- C:\Windows\System\vNIxkNc.exe
  C:\Windows\System\vNIxkNc.exe
  2⤵
  PID:10620
- C:\Windows\System\UiqDXUQ.exe
  C:\Windows\System\UiqDXUQ.exe
  2⤵
  PID:6884
- C:\Windows\System\WCoCwYH.exe
  C:\Windows\System\WCoCwYH.exe
  2⤵
  PID:12188
- C:\Windows\System\cMWCHqy.exe
  C:\Windows\System\cMWCHqy.exe
  2⤵
  PID:11112
- C:\Windows\System\uZysajT.exe
  C:\Windows\System\uZysajT.exe
  2⤵
  PID:11780
- C:\Windows\System\FSBmwoq.exe
  C:\Windows\System\FSBmwoq.exe
  2⤵
  PID:12240
- C:\Windows\System\lInxVxp.exe
  C:\Windows\System\lInxVxp.exe
  2⤵
  PID:15384
- C:\Windows\System\tfDqzkJ.exe
  C:\Windows\System\tfDqzkJ.exe
  2⤵
  PID:15412
- C:\Windows\System\uwyoMJF.exe
  C:\Windows\System\uwyoMJF.exe
  2⤵
  PID:15452
- C:\Windows\System\XCOGypN.exe
  C:\Windows\System\XCOGypN.exe
  2⤵
  PID:15468
- C:\Windows\System\jWNOrqs.exe
  C:\Windows\System\jWNOrqs.exe
  2⤵
  PID:15496
- C:\Windows\System\hHLSsTP.exe
  C:\Windows\System\hHLSsTP.exe
  2⤵
  PID:15528
- C:\Windows\System\ttBEgIU.exe
  C:\Windows\System\ttBEgIU.exe
  2⤵
  PID:15556
- C:\Windows\System\wtgBnji.exe
  C:\Windows\System\wtgBnji.exe
  2⤵
  PID:15584
- C:\Windows\System\IbZxcuB.exe
  C:\Windows\System\IbZxcuB.exe
  2⤵
  PID:15612
- C:\Windows\System\IqMSKYD.exe
  C:\Windows\System\IqMSKYD.exe
  2⤵
  PID:15640
- C:\Windows\System\QjlsItH.exe
  C:\Windows\System\QjlsItH.exe
  2⤵
  PID:15668
- C:\Windows\System\jYNopJN.exe
  C:\Windows\System\jYNopJN.exe
  2⤵
  PID:15696
- C:\Windows\System\YWQKYuh.exe
  C:\Windows\System\YWQKYuh.exe
  2⤵
  PID:15724
- C:\Windows\System\OZkLXkK.exe
  C:\Windows\System\OZkLXkK.exe
  2⤵
  PID:15752
- C:\Windows\System\ZfKGhiJ.exe
  C:\Windows\System\ZfKGhiJ.exe
  2⤵
  PID:15780
- C:\Windows\System\gkuSapv.exe
  C:\Windows\System\gkuSapv.exe
  2⤵
  PID:15808
- C:\Windows\System\IcYzECs.exe
  C:\Windows\System\IcYzECs.exe
  2⤵
  PID:15836
- C:\Windows\System\IhNjIUZ.exe
  C:\Windows\System\IhNjIUZ.exe
  2⤵
  PID:15864
- C:\Windows\System\dialJBT.exe
  C:\Windows\System\dialJBT.exe
  2⤵
  PID:15892
- C:\Windows\System\SjfYuCQ.exe
  C:\Windows\System\SjfYuCQ.exe
  2⤵
  PID:15920
- C:\Windows\System\CYWfwYe.exe
  C:\Windows\System\CYWfwYe.exe
  2⤵
  PID:15960
- C:\Windows\System\lRGYFpl.exe
  C:\Windows\System\lRGYFpl.exe
  2⤵
  PID:15976
- C:\Windows\System\frlHtPS.exe
  C:\Windows\System\frlHtPS.exe
  2⤵
  PID:16004
- C:\Windows\System\hzlmPgX.exe
  C:\Windows\System\hzlmPgX.exe
  2⤵
  PID:16032
- C:\Windows\System\OviDjph.exe
  C:\Windows\System\OviDjph.exe
  2⤵
  PID:16060
- C:\Windows\System\SrnNevy.exe
  C:\Windows\System\SrnNevy.exe
  2⤵
  PID:16088
- C:\Windows\System\WuEBvaO.exe
  C:\Windows\System\WuEBvaO.exe
  2⤵
  PID:16116
- C:\Windows\System\MAOPDPH.exe
  C:\Windows\System\MAOPDPH.exe
  2⤵
  PID:16144
- C:\Windows\System\vhhanaK.exe
  C:\Windows\System\vhhanaK.exe
  2⤵
  PID:16172
- C:\Windows\System\yoLAVLo.exe
  C:\Windows\System\yoLAVLo.exe
  2⤵
  PID:16204
- C:\Windows\System\pwFNgfh.exe
  C:\Windows\System\pwFNgfh.exe
  2⤵
  PID:16232
- C:\Windows\System\BTJSNel.exe
  C:\Windows\System\BTJSNel.exe
  2⤵
  PID:16260
- C:\Windows\System\BPVXKzD.exe
  C:\Windows\System\BPVXKzD.exe
  2⤵
  PID:16288
- C:\Windows\System\oWzCyNt.exe
  C:\Windows\System\oWzCyNt.exe
  2⤵
  PID:16328
- C:\Windows\System\VGZGuah.exe
  C:\Windows\System\VGZGuah.exe
  2⤵
  PID:16344
- C:\Windows\System\LKCciFa.exe
  C:\Windows\System\LKCciFa.exe
  2⤵
  PID:16372
- C:\Windows\System\HRfTYoR.exe
  C:\Windows\System\HRfTYoR.exe
  2⤵
  PID:11300
- C:\Windows\System\PzylgIO.exe
  C:\Windows\System\PzylgIO.exe
  2⤵
  PID:15408
- C:\Windows\System\sHpXvcQ.exe
  C:\Windows\System\sHpXvcQ.exe
  2⤵
  PID:15432
- C:\Windows\System\IHfkqhk.exe
  C:\Windows\System\IHfkqhk.exe
  2⤵
  PID:15492
- C:\Windows\System\fonzUvA.exe
  C:\Windows\System\fonzUvA.exe
  2⤵
  PID:11784
- C:\Windows\System\pywaTMF.exe
  C:\Windows\System\pywaTMF.exe
  2⤵
  PID:15552
- C:\Windows\System\GVNNUsL.exe
  C:\Windows\System\GVNNUsL.exe
  2⤵
  PID:936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ACHbIgA.exe

Filesize
6.0MB

MD5
15bb83a102271301a4999e8fe9afa3e5

SHA1
9f3b76853700c198831614e1a96c59b7b69493c0

SHA256
b33da7c0bf4311e9cdd646e5c58d713da9c0ce5d7e427777a0707333bbf68090

SHA512
7977180c4f3108758227d4805e4d0610697a6240bd7de92d3aa7df0fb039a7b535990d60f7c8258570e8794efed84798009d4557fb8e6243dc1d00d541f89a05

Download Submit
C:\Windows\System\BokVvhO.exe

Filesize
6.0MB

MD5
9dee643070ca8afbee02b77d9e89876f

SHA1
bb15bc30daceb873ed2dddae4dad324aac3a01e9

SHA256
6c1caf308676d6b8d58b1a4404f12ccc251a6b963d0251e36f8a91f6742a9604

SHA512
fb56ea9685d893dca1af316a61953138e907aa3873a646d74a1e23344a0427bbdf1191da423e3fbbd95aa249c4ed8377d4560d13c334ac2e0eb10f4efcc9d196

Download Submit
C:\Windows\System\CIPXkbR.exe

Filesize
6.0MB

MD5
a6aceb9baa59f3f99dc3443327dcf069

SHA1
54348a0bed3085d5efa346235fee2e9f1a29a403

SHA256
83ca6def0fa54a64ee839d82a6bea7d5f257729622639c4c7d98e0157ef1c6ac

SHA512
76b52a66cda2967829c04f8ff1af18e4c02639b770e0844eda67052f68122868f7a4f75d4f5f0e500e2e0376fe8f8a339d389afb9bd4b85ded868f664247de2f

Download Submit
C:\Windows\System\CxjNibT.exe

Filesize
6.0MB

MD5
8b464168e5c9e052a20f2bea31d31555

SHA1
0ac2ae43f48c2c0712a064ce1f1937c46f6978e1

SHA256
4ced8e7438a8ffccdfc7caa4155c1084fb1127d2b04f73353a44cd2b9d1120e3

SHA512
8033f80e1594acca5a50aa2f3ca219cde3b57cf9018b507646c06adae57de03ea853788e779e4bf21a72d73237bcb54be202aba4d959d64b025be03f6b852b23

Download Submit
C:\Windows\System\DNDLVSl.exe

Filesize
6.0MB

MD5
e71ca715bd9c202bd875e00bea16621c

SHA1
8be937b862ad287acb0a025882fbbbff70eae7de

SHA256
896eac1cb620824946819d56adc8453d299a49bd80036ca132f675a32632035a

SHA512
d21b4909958ea4946a0a64aedc01cdb8160f6de16e7bbacc4a55739e2dd75225b8837cd3df30a27738b266b7e6ffe4a40430349b301481eb5db4130af7de7cc9

Download Submit
C:\Windows\System\FkHKqNf.exe

Filesize
6.0MB

MD5
7f64255e484c30bef1724f0f1d2b5c26

SHA1
d5f07935db478d67ea2c0acbfe2a3fffe2ea37b7

SHA256
77426ede74f4669ffbe27a6db1bbf871039346eef92e4ed5c884c3d518926f0a

SHA512
dd47d8f8784e1f567d7d99840a64a05a4c9cc253206dc8915d41bdef0fd0e2575f3382fb43bfbf68b44725b6a440e31723831d7ad5a11b4f37b83b1354c1ae8f

Download Submit
C:\Windows\System\GAXQrMK.exe

Filesize
6.0MB

MD5
83b39505d9e639072bd12e97988d7412

SHA1
e05810e396b20b8386510449c8580ed52e987daa

SHA256
2bdd4eeb37e0a9069db080c3bcf57479334c2633274eaa00903dd55e29d87429

SHA512
e5a07ecf73c10fd10b309848d12bd00e0f5f086efd0b979c07e4b97b457ed0c95cc422de2c25027f78707aca5754ddaef3da30183cafff21a2db1de9c174c68d

Download Submit
C:\Windows\System\GRINjnG.exe

Filesize
6.0MB

MD5
a962cf2bdfe5973613e09920b6e76325

SHA1
dea0f0a625c6407ca3266a5dd0b034195a7ffb59

SHA256
cd10c07660ae73478175e6e4539468f3110b74146b63e27213088d3e7040e716

SHA512
e044df31adcc4a04b8a30bb5d372ae15c75291e6039266fa9dc6b08ba2d555c622db27a4e8ca54ab52c75f8870df8dd8b8376bdf01270def749fafdba9225835

Download Submit
C:\Windows\System\JJozola.exe

Filesize
6.0MB

MD5
45d64d616cbfb60a501585e0fb5adcfa

SHA1
5bc3d573fe406915830838ab3fe56c03e181d906

SHA256
6f5c170421f3776e8d26d608e489b85331872efd226044751920fbe168ab1446

SHA512
f7eb90c9c8e80e5bb47fd7331e7e680062ba7e645c1e1d8fbfb002cf229908344df5ca56047e3faf043a9e603c00b2458c7e55a94ae5779d2c29628c49b71b66

Download Submit
C:\Windows\System\OtCvlFa.exe

Filesize
6.0MB

MD5
d70a0992b90535cd78abbd1c8a04bfbf

SHA1
35eb984b7c90a729b036b7012432975df54fb6bd

SHA256
cf7b47f741a484a77103dd6374b6fd21da6b7c4a52172257582f1d5264b4e510

SHA512
2bbf2afce61726c87b6999f9fd20947b27675f9741954fde6ac255e7537e9a3ef48f2489671231cbad629d934690d30a0c9a3d8ec46a1253cb60b0c3fc1aecc7

Download Submit
C:\Windows\System\PFJfhWU.exe

Filesize
6.0MB

MD5
5444d6e603b13f26a99e8a94f675919b

SHA1
bf268430286ab771f849beae5f07e5a0e3a0ab49

SHA256
50426df5757f08446d0f5a0bd20387402eac8e58b2d3100468c7fa9132d40f5e

SHA512
432a1df98c09e9d0dedf348608ac3af15c4ca1626a5b63a8c0da69efd8dd7586a197eac382864a2788e7de8488f82a2648aa138fd4fbe9028f960b8851b14473

Download Submit
C:\Windows\System\RKOoQUx.exe

Filesize
6.0MB

MD5
caed0e51127969488537193493c3cf38

SHA1
e12daba9691937fe29a1617f0ec7fe1a27ca2e49

SHA256
0597339103d08a63089a9436a8e15ff68a50b226437cb3aecc04923bec73bff1

SHA512
26810749c0312d0a1486e102babba4b53ddb102f558edf8aefd90ac1acc587c343b529b9f85778d6630cfaee3fddbea4c15815c7a347942aaafb740ff7e2c3a6

Download Submit
C:\Windows\System\RWEnbOc.exe

Filesize
6.0MB

MD5
22bc59c4f4f23534b7f17298b3c95fd5

SHA1
212de63135b5f565fb586437bf87341611f8f227

SHA256
85f4ce94465f5e6dca9d3c6871c146ba0aefa66f6ffe1ab4b2f98530c894c8f3

SHA512
d78504399bb92c55fb615c1341325cfcdf2e2b43dc446968d01aa8e7335bb2c2e26aa509c655937c1b8b7d2d830734c1117f1a48fd32ce4d33448885ed66f6be

Download Submit
C:\Windows\System\RtdNzbU.exe

Filesize
6.0MB

MD5
be1c4b9d83876bcaa0e5a447e272cae2

SHA1
2fc86b88dd7cf95bfc4834fb4564b7529b389703

SHA256
9b5d2c8a3bbfc96528c83b9b0340f17d5893c10344bc52252aa1e5a12ee37626

SHA512
ed21c80260d810151b711c97f28874f30c25aac5732a62731cf24ddc30947fc0651144a2e576ee0ae0be7ba1956f2cfc2dcfaf80c7da794788a4c078bdf990cc

Download Submit
C:\Windows\System\UQLNYRt.exe

Filesize
6.0MB

MD5
77a8d5e1fdbe9ea42d315e05fa44188d

SHA1
3956c52a8e7058eddc0ab605fcec04b78d9336be

SHA256
0d187f1f2fc49e39fee5e35250c2e050c757be4380378892e3940f2de7e5053d

SHA512
772a50d2df190574bec5706efffccf365fee7231d849192fc6e9f965aaa6d574ec6ddf369aa92731ab2f6d3834024a3dbb439d7782b06ed70871da83c8f2a540

Download Submit
C:\Windows\System\YGTsaee.exe

Filesize
6.0MB

MD5
33a301e14f4760faf13003d2c07b63c2

SHA1
bb6845616fdc06881b0970a787309ef87011016e

SHA256
c1ba61212685fbaf63ff435dfbc8e9227584f9bb4a91cd776e76ceb39c364b72

SHA512
fc9d4ca511944bff595da6fb9a0a61aaee5d893ed9d5cbea81b8b3182bc46aec7eb38c76d8f40462489444faea0f6a979c7f9c3521b3a827ab1e4ffa2eab8fa3

Download Submit
C:\Windows\System\YzdUMNf.exe

Filesize
6.0MB

MD5
ebde4306cc6473ae5661acee55f81c0e

SHA1
e1654bbd72cb45d17277215f4f98ce05ec5b6eb0

SHA256
7987fec0a74b8eef67f6c6ba93514b566fd9ab28424aaf7d2fea8bb4ae4bb21e

SHA512
9c7995682a09c0bcda22ef198808b512c259cf78530f30b70a091243206d2734a33560d78606a8a7110b8f63c0f5243ac92b4597971d1ac6110cc0d10790f5e5

Download Submit
C:\Windows\System\asgBtRt.exe

Filesize
6.0MB

MD5
c4bca9403455cc99936ca98cd2ba1c13

SHA1
5d0cb63ce3212c431d5e9404d3094bc145797b57

SHA256
984580f34fbb6500210441b1ecc6bcee830835b39040972075b57a77d8a11924

SHA512
b375cc3f7013873b10187d8e76c58201790c6d6cba21a2d5ddd509712d27b92e4b015d5ce2fd121ec397b22aa9e97cfe40149e3460e3e7cd14c7b5703f92041d

Download Submit
C:\Windows\System\eSNpHPy.exe

Filesize
6.0MB

MD5
923d782d9dabbbdc9cd016763d201054

SHA1
633383bbd1e7bdf631414187abc5e63067888cac

SHA256
87c7ea2586c80aa954f9b624b470882e51cd35b297d13f6a36596572928b9b12

SHA512
4cf920c55f7590995dd84960ba1ddb83b46f73dc5b7a1e08db0420c3943e1f3ca72414d6b401735e5589dbc6e026ec134d83e0de3603babff7b9b56172d97a49

Download Submit
C:\Windows\System\hHhyxDu.exe

Filesize
6.0MB

MD5
d74ae11a46b736f5764bf65dca6987c1

SHA1
cb1e380ed35f768771c32e12bb592c863fdad2aa

SHA256
c37db68f28b25c04ab00aae40b05ab2d4b94260547e1b2186e97f0342e666421

SHA512
bde9df54012869406267f1fb6bfb07568657166e5bfb193b5c7906225d1fdcb358f1385153a1c5607ee3ceca04d0137c072df6a12bd5e6ab4001afa557633146

Download Submit
C:\Windows\System\jGFsoHH.exe

Filesize
6.0MB

MD5
9ef2bba70e9f40597bdd3b827dc3c191

SHA1
e2fa5a4d72cf4b13c355b70816c2d68c6a649768

SHA256
dbebe4426f30596917e0af5f9881061344e260444ddd9ccaa4ae4428da0a7c47

SHA512
fe8a501691d3ab91717eea93a60b638b18a8922f8b5de945c2f4646d79809ba21317ff52efa121e69c27c745919e041b3703a5745cfa5781523ebd74f6fbb82c

Download Submit
C:\Windows\System\jtkUiXJ.exe

Filesize
6.0MB

MD5
2325cd2dcfe000abfaf58b9c980dbe0f

SHA1
d01c9d301ffb76d7b6367362de7838fa2fc9926a

SHA256
4f4093b7880f1f0953e7e7866705305de4968cdceaf23f884542d2a56dd49d99

SHA512
df265968e17a5f7d4d53775ed12de91359611911b38f2c1df741b6038639a223ec7bda4233250ad77ebe1c6aa0d52c0528c5bf03d1c40c0e321f487db2f37f1a

Download Submit
C:\Windows\System\lHvVhnf.exe

Filesize
6.0MB

MD5
b57987b4d5282e97cfd1a46906814cb8

SHA1
d86a7549f8cfb943fa47d4d0231d47ed06d005c2

SHA256
79b5f9b8d8e40fe0d4d28f61582e18c38fff2e9f24b6f98174bc9a9f0f1d6217

SHA512
09388bf95765b28b6a127f693a33598aa57392d1b0d74018addb37eeb251031d1876ac6ecae516b4d236e013855c4fe7f381c6a301c7f1f62e5c4e5244e0d9ef

Download Submit
C:\Windows\System\omzoZSd.exe

Filesize
6.0MB

MD5
c9fb412cf6cba378de2465edc721ac30

SHA1
f0443f66ca0963f8552b845d6e15519e5373277a

SHA256
411d476e24604ca733d17a9569b54e7b8fb82f1c8a2496fbf32453c9381a40bb

SHA512
f232d9dca8e39dbb75572b60e28be0d82dd315680be3ad2cdc32eb5e4b285f0766806617a4d0d190fee434d2b3527a1bc3d70892191e9f95a16c3ab2465edd50

Download Submit
C:\Windows\System\sDttzOT.exe

Filesize
6.0MB

MD5
0b5be9d9201aacdfe69e22196582a95d

SHA1
d97fbae470e8f1d7f27daa9056b05412c177619a

SHA256
cbe57d1e3acf2c1e29fe1afc6d8b54661b8e2c2eb4c92d30e2ac54f742ebeb1b

SHA512
85886f99d42b91697e5fa85134becfbc5a6b86df30bf1facad55fa7a4d8c373295586e93d8aa1e529b312e07c827f8c8dd7b7871773c49027bc57881dcebe61d

Download Submit
C:\Windows\System\sYMDYcp.exe

Filesize
6.0MB

MD5
09fc7ea32d0cd8bf0e9dab9c5575f673

SHA1
97cd0d002cc88f2c1a41e2d59475bae77a1a3d98

SHA256
44c71a34c25194ff625b41f5ff42cd8cdb9b28f77232ccbd9d674ece2be57e78

SHA512
8c2b8ce9c2c94005ef100c38c5232d1df870090306b81b255eb03e744cd4853ed76fe64176a76176307b808f61395949002c10b94dee01130cc15319bbc26a30

Download Submit
C:\Windows\System\taRRSYh.exe

Filesize
6.0MB

MD5
8b66570debd59e0b0633db2d127ac053

SHA1
6755c3b318f21b1e38e01c69e3216a061d14157c

SHA256
9332b1c5aca6e889fb6a0c95230bccc3d5f99320b6604ab28b262dd298fa9cf1

SHA512
9578059fd8d6a787580ab00b6ebe8014be339ab422e2b4f9c3748862069915be0d3777505ff471982061f3e9efd2fec2128a39c75796d469168ce4a96a6799f8

Download Submit
C:\Windows\System\tvuevlI.exe

Filesize
6.0MB

MD5
87023c8aebde25e1547f356f16566adc

SHA1
8cb8281ebeee6dcacb136a389eb72d3fb8982277

SHA256
759ca9f4dbedaa355a06252de76e5b18e11d89e93214267af2a822f14f3e73e7

SHA512
4f0ec3958b813aa21a026bfa163d9cebffbabfe06ad8655dcdd2547032cb5783bf7ebde51101cde62e16b47fc4f1c4929c7eb88128793dd19384a198d6d29de2

Download Submit
C:\Windows\System\uuEJSGX.exe

Filesize
6.0MB

MD5
c738fca2b22c10c622feee2d72fe8658

SHA1
523acfd7f4e6fad9906cfca8dad16ce5717312b5

SHA256
4d813a100a5787d80b5972802cb64b05f01491318a406bec9c4e85e1b6158bf4

SHA512
8dd920d96863d45a71faa24d4102fe950987899f596b28404eee7c7f39a2ac0629529290f1d24ab88c9561c6a69b93a594b39eb6b342b5a51ffd70a6ba2cafb5

Download Submit
C:\Windows\System\wDUgFYf.exe

Filesize
6.0MB

MD5
894a23b3d9fc21b66aa7f4a16cf6e2b1

SHA1
660ad432d4d5c9ea7360fc09014ece28c0e60bd6

SHA256
5df42d31235b6b0999e266d41b8affa42e2ac5b50185dd798e3b5744b10b3333

SHA512
a3735ed3d57b3139ce60cf52d88af451a53e90b52343653edde5e746d87c69f0d6394ca445ce498eb2bdcc40c534c0c74f6cca8ca304e2e7de5bc26ab8bf2565

Download Submit
C:\Windows\System\xuemOqX.exe

Filesize
6.0MB

MD5
fc9070b5b2dfcf5745aead8af5f2ffca

SHA1
b0bb70e2984298198ca6df7237be2752eaffdc10

SHA256
13f5055ac0212164e5de80bcc946de85506031e20ab38f7b8e09a7cc58714000

SHA512
1281257e090717cc035c5d492ad2c40469da0627e2ce411d0936ae7fcf34206fddbe0b432462f07c43b0ccb12bb81aa97fef9217b2ac4828211b261e8bf5ce43

Download Submit
C:\Windows\System\yQfRALU.exe

Filesize
6.0MB

MD5
a225fdf1402d2d7610d4553254defdcb

SHA1
7f5bf5a4ecee966c12546b5bd59ce310e2fda5ef

SHA256
532bd7acdb4995beb254ed33273fafd4a18e381d2cfa3fe403221f3b26c7cb22

SHA512
87acc9e0f84155a7f5598895d1d16ad02e7c2457428dce7fc52c7d6d23e31d4b60f36e665154dcbb335d8af7e2102900c826adcacf9778ce5165aaf308617889

Download Submit
memory/212-63-0x00007FF7BCDA0000-0x00007FF7BD0F4000-memory.dmp

Filesize
3.3MB

Download
memory/212-126-0x00007FF7BCDA0000-0x00007FF7BD0F4000-memory.dmp

Filesize
3.3MB

Download
memory/212-1877-0x00007FF7BCDA0000-0x00007FF7BD0F4000-memory.dmp

Filesize
3.3MB

Download
memory/440-171-0x00007FF74F490000-0x00007FF74F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/440-105-0x00007FF74F490000-0x00007FF74F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/440-1902-0x00007FF74F490000-0x00007FF74F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/648-57-0x00007FF66F5A0000-0x00007FF66F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/648-1840-0x00007FF66F5A0000-0x00007FF66F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-1710-0x00007FF6F2780000-0x00007FF6F2AD4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-15-0x00007FF6F2780000-0x00007FF6F2AD4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-62-0x00007FF6F2780000-0x00007FF6F2AD4000-memory.dmp

Filesize
3.3MB

Download
memory/1456-141-0x00007FF783D90000-0x00007FF7840E4000-memory.dmp

Filesize
3.3MB

Download
memory/1456-875-0x00007FF783D90000-0x00007FF7840E4000-memory.dmp

Filesize
3.3MB

Download
memory/1456-1923-0x00007FF783D90000-0x00007FF7840E4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-1200-0x00007FF6F2E00000-0x00007FF6F3154000-memory.dmp

Filesize
3.3MB

Download
memory/1600-1943-0x00007FF6F2E00000-0x00007FF6F3154000-memory.dmp

Filesize
3.3MB

Download
memory/1600-188-0x00007FF6F2E00000-0x00007FF6F3154000-memory.dmp

Filesize
3.3MB

Download
memory/1716-9-0x00007FF70E330000-0x00007FF70E684000-memory.dmp

Filesize
3.3MB

Download
memory/1716-61-0x00007FF70E330000-0x00007FF70E684000-memory.dmp

Filesize
3.3MB

Download
memory/1716-1703-0x00007FF70E330000-0x00007FF70E684000-memory.dmp

Filesize
3.3MB

Download
memory/1772-125-0x00007FF6B4890000-0x00007FF6B4BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1772-185-0x00007FF6B4890000-0x00007FF6B4BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1772-1914-0x00007FF6B4890000-0x00007FF6B4BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-117-0x00007FF683240000-0x00007FF683594000-memory.dmp

Filesize
3.3MB

Download
memory/2416-1833-0x00007FF683240000-0x00007FF683594000-memory.dmp

Filesize
3.3MB

Download
memory/2416-48-0x00007FF683240000-0x00007FF683594000-memory.dmp

Filesize
3.3MB

Download
memory/2432-40-0x00007FF760DD0000-0x00007FF761124000-memory.dmp

Filesize
3.3MB

Download
memory/2432-102-0x00007FF760DD0000-0x00007FF761124000-memory.dmp

Filesize
3.3MB

Download
memory/2432-1743-0x00007FF760DD0000-0x00007FF761124000-memory.dmp

Filesize
3.3MB

Download
memory/2616-1916-0x00007FF61DF50000-0x00007FF61E2A4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-131-0x00007FF61DF50000-0x00007FF61E2A4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-764-0x00007FF61DF50000-0x00007FF61E2A4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-109-0x00007FF6FED90000-0x00007FF6FF0E4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1909-0x00007FF6FED90000-0x00007FF6FF0E4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-177-0x00007FF6FED90000-0x00007FF6FF0E4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-925-0x00007FF7F1590000-0x00007FF7F18E4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-150-0x00007FF7F1590000-0x00007FF7F18E4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-1931-0x00007FF7F1590000-0x00007FF7F18E4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-1881-0x00007FF68E500000-0x00007FF68E854000-memory.dmp

Filesize
3.3MB

Download
memory/2912-83-0x00007FF68E500000-0x00007FF68E854000-memory.dmp

Filesize
3.3MB

Download
memory/2912-149-0x00007FF68E500000-0x00007FF68E854000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1942-0x00007FF7C1940000-0x00007FF7C1C94000-memory.dmp

Filesize
3.3MB

Download
memory/2936-183-0x00007FF7C1940000-0x00007FF7C1C94000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1144-0x00007FF7C1940000-0x00007FF7C1C94000-memory.dmp

Filesize
3.3MB

Download
memory/3008-1028-0x00007FF6D1E80000-0x00007FF6D21D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-164-0x00007FF6D1E80000-0x00007FF6D21D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-1933-0x00007FF6D1E80000-0x00007FF6D21D4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-32-0x00007FF6DB0E0000-0x00007FF6DB434000-memory.dmp

Filesize
3.3MB

Download
memory/3040-1733-0x00007FF6DB0E0000-0x00007FF6DB434000-memory.dmp

Filesize
3.3MB

Download
memory/3040-88-0x00007FF6DB0E0000-0x00007FF6DB434000-memory.dmp

Filesize
3.3MB

Download
memory/3428-16-0x00007FF76CDB0000-0x00007FF76D104000-memory.dmp

Filesize
3.3MB

Download
memory/3428-1709-0x00007FF76CDB0000-0x00007FF76D104000-memory.dmp

Filesize
3.3MB

Download
memory/3428-74-0x00007FF76CDB0000-0x00007FF76D104000-memory.dmp

Filesize
3.3MB

Download
memory/3432-1895-0x00007FF627C00000-0x00007FF627F54000-memory.dmp

Filesize
3.3MB

Download
memory/3432-163-0x00007FF627C00000-0x00007FF627F54000-memory.dmp

Filesize
3.3MB

Download
memory/3432-96-0x00007FF627C00000-0x00007FF627F54000-memory.dmp

Filesize
3.3MB

Download
memory/3636-0-0x00007FF6116F0000-0x00007FF611A44000-memory.dmp

Filesize
3.3MB

Download
memory/3636-1-0x000002088BD60000-0x000002088BD70000-memory.dmp

Filesize
64KB

Download
memory/3636-55-0x00007FF6116F0000-0x00007FF611A44000-memory.dmp

Filesize
3.3MB

Download
memory/3940-75-0x00007FF6AA600000-0x00007FF6AA954000-memory.dmp

Filesize
3.3MB

Download
memory/3940-2769-0x00007FF6AA600000-0x00007FF6AA954000-memory.dmp

Filesize
3.3MB

Download
memory/3940-140-0x00007FF6AA600000-0x00007FF6AA954000-memory.dmp

Filesize
3.3MB

Download
memory/4048-1729-0x00007FF6D43A0000-0x00007FF6D46F4000-memory.dmp

Filesize
3.3MB

Download
memory/4048-24-0x00007FF6D43A0000-0x00007FF6D46F4000-memory.dmp

Filesize
3.3MB

Download
memory/4048-80-0x00007FF6D43A0000-0x00007FF6D46F4000-memory.dmp

Filesize
3.3MB

Download
memory/4168-121-0x00007FF79DB40000-0x00007FF79DE94000-memory.dmp

Filesize
3.3MB

Download
memory/4168-178-0x00007FF79DB40000-0x00007FF79DE94000-memory.dmp

Filesize
3.3MB

Download
memory/4168-1912-0x00007FF79DB40000-0x00007FF79DE94000-memory.dmp

Filesize
3.3MB

Download
memory/4264-766-0x00007FF7E1AB0000-0x00007FF7E1E04000-memory.dmp

Filesize
3.3MB

Download
memory/4264-139-0x00007FF7E1AB0000-0x00007FF7E1E04000-memory.dmp

Filesize
3.3MB

Download
memory/4264-1920-0x00007FF7E1AB0000-0x00007FF7E1E04000-memory.dmp

Filesize
3.3MB

Download
memory/4312-1258-0x00007FF627FE0000-0x00007FF628334000-memory.dmp

Filesize
3.3MB

Download
memory/4312-1950-0x00007FF627FE0000-0x00007FF628334000-memory.dmp

Filesize
3.3MB

Download
memory/4312-195-0x00007FF627FE0000-0x00007FF628334000-memory.dmp

Filesize
3.3MB

Download
memory/4500-136-0x00007FF6E6850000-0x00007FF6E6BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4500-68-0x00007FF6E6850000-0x00007FF6E6BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4500-1858-0x00007FF6E6850000-0x00007FF6E6BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4536-1944-0x00007FF7B2DF0000-0x00007FF7B3144000-memory.dmp

Filesize
3.3MB

Download
memory/4536-1030-0x00007FF7B2DF0000-0x00007FF7B3144000-memory.dmp

Filesize
3.3MB

Download
memory/4536-174-0x00007FF7B2DF0000-0x00007FF7B3144000-memory.dmp

Filesize
3.3MB

Download
memory/4972-36-0x00007FF7FFA60000-0x00007FF7FFDB4000-memory.dmp

Filesize
3.3MB

Download
memory/4972-1740-0x00007FF7FFA60000-0x00007FF7FFDB4000-memory.dmp

Filesize
3.3MB

Download
memory/4972-95-0x00007FF7FFA60000-0x00007FF7FFDB4000-memory.dmp

Filesize
3.3MB

Download
memory/5060-1885-0x00007FF7BC340000-0x00007FF7BC694000-memory.dmp

Filesize
3.3MB

Download
memory/5060-156-0x00007FF7BC340000-0x00007FF7BC694000-memory.dmp

Filesize
3.3MB

Download
memory/5060-89-0x00007FF7BC340000-0x00007FF7BC694000-memory.dmp

Filesize
3.3MB

Download
memory/5096-157-0x00007FF76BC30000-0x00007FF76BF84000-memory.dmp

Filesize
3.3MB

Download
memory/5096-989-0x00007FF76BC30000-0x00007FF76BF84000-memory.dmp

Filesize
3.3MB

Download
memory/5096-1938-0x00007FF76BC30000-0x00007FF76BF84000-memory.dmp

Filesize
3.3MB

Download