cobaltstrike | cc432faa9f1413bc75f291f8a98a65ffbb82848d1e0b4cfe0e829fe2db5c4cfe

Analysis

max time kernel
111s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11/12/2024, 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

47ebbc81fad3721e11aa54bbd5f8c4b4
SHA1

cabe5ea98e70f4e652c660ab019221208bbd43c0
SHA256

cc432faa9f1413bc75f291f8a98a65ffbb82848d1e0b4cfe0e829fe2db5c4cfe
SHA512

d80d75de0e53c5b3b23863ce91f46f894f9c088ddd238a4c5fbb53f1e23dbe8185215339815d3d31be4b3c2e2cbf343fa823d139b88446a2a6c38996a7f9da4c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUy:T+q56utgpPF8u/7y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0009000000023c68-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc4-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc5-19.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc6-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cca-46.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccb-50.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd0-76.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd1-83.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd3-93.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdc-133.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce0-161.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce3-168.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce1-166.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce2-163.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdf-156.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cde-151.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdd-146.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdb-134.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cda-131.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd9-123.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd8-119.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd7-115.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd6-106.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd5-103.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd4-99.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd2-89.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccf-71.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cce-69.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccd-63.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ccc-58.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc9-43.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc8-41.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc7-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3208-0-0x00007FF63B5C0000-0x00007FF63B914000-memory.dmp	xmrig
behavioral2/files/0x0009000000023c68-5.dat	xmrig
behavioral2/memory/2620-6-0x00007FF7ACD60000-0x00007FF7AD0B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc4-11.dat	xmrig
behavioral2/files/0x0007000000023cc5-19.dat	xmrig
behavioral2/files/0x0007000000023cc6-23.dat	xmrig
behavioral2/memory/3744-30-0x00007FF6239E0000-0x00007FF623D34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cca-46.dat	xmrig
behavioral2/files/0x0007000000023ccb-50.dat	xmrig
behavioral2/files/0x0007000000023cd0-76.dat	xmrig
behavioral2/files/0x0007000000023cd1-83.dat	xmrig
behavioral2/files/0x0007000000023cd3-93.dat	xmrig
behavioral2/files/0x0007000000023cdc-133.dat	xmrig
behavioral2/files/0x0007000000023ce0-161.dat	xmrig
behavioral2/memory/1800-1214-0x00007FF6250D0000-0x00007FF625424000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce3-168.dat	xmrig
behavioral2/files/0x0007000000023ce1-166.dat	xmrig
behavioral2/files/0x0007000000023ce2-163.dat	xmrig
behavioral2/files/0x0007000000023cdf-156.dat	xmrig
behavioral2/files/0x0007000000023cde-151.dat	xmrig
behavioral2/files/0x0007000000023cdd-146.dat	xmrig
behavioral2/files/0x0007000000023cdb-134.dat	xmrig
behavioral2/files/0x0007000000023cda-131.dat	xmrig
behavioral2/files/0x0007000000023cd9-123.dat	xmrig
behavioral2/files/0x0007000000023cd8-119.dat	xmrig
behavioral2/files/0x0007000000023cd7-115.dat	xmrig
behavioral2/files/0x0007000000023cd6-106.dat	xmrig
behavioral2/files/0x0007000000023cd5-103.dat	xmrig
behavioral2/files/0x0007000000023cd4-99.dat	xmrig
behavioral2/files/0x0007000000023cd2-89.dat	xmrig
behavioral2/files/0x0007000000023ccf-71.dat	xmrig
behavioral2/files/0x0007000000023cce-69.dat	xmrig
behavioral2/files/0x0007000000023ccd-63.dat	xmrig
behavioral2/files/0x0007000000023ccc-58.dat	xmrig
behavioral2/files/0x0007000000023cc9-43.dat	xmrig
behavioral2/files/0x0007000000023cc8-41.dat	xmrig
behavioral2/files/0x0007000000023cc7-33.dat	xmrig
behavioral2/memory/2136-24-0x00007FF6C5FD0000-0x00007FF6C6324000-memory.dmp	xmrig
behavioral2/memory/4564-18-0x00007FF688E80000-0x00007FF6891D4000-memory.dmp	xmrig
behavioral2/memory/4172-12-0x00007FF754240000-0x00007FF754594000-memory.dmp	xmrig
behavioral2/memory/3284-1222-0x00007FF7CC0F0000-0x00007FF7CC444000-memory.dmp	xmrig
behavioral2/memory/4288-1228-0x00007FF7FDF10000-0x00007FF7FE264000-memory.dmp	xmrig
behavioral2/memory/2392-1234-0x00007FF71A560000-0x00007FF71A8B4000-memory.dmp	xmrig
behavioral2/memory/1344-1238-0x00007FF795B00000-0x00007FF795E54000-memory.dmp	xmrig
behavioral2/memory/4964-1244-0x00007FF725F50000-0x00007FF7262A4000-memory.dmp	xmrig
behavioral2/memory/2792-1256-0x00007FF6E15E0000-0x00007FF6E1934000-memory.dmp	xmrig
behavioral2/memory/1640-1253-0x00007FF67F8F0000-0x00007FF67FC44000-memory.dmp	xmrig
behavioral2/memory/2116-1275-0x00007FF7B59C0000-0x00007FF7B5D14000-memory.dmp	xmrig
behavioral2/memory/4212-1281-0x00007FF6D1CC0000-0x00007FF6D2014000-memory.dmp	xmrig
behavioral2/memory/2664-1280-0x00007FF7E54C0000-0x00007FF7E5814000-memory.dmp	xmrig
behavioral2/memory/1728-1279-0x00007FF64C060000-0x00007FF64C3B4000-memory.dmp	xmrig
behavioral2/memory/2844-1274-0x00007FF6D2380000-0x00007FF6D26D4000-memory.dmp	xmrig
behavioral2/memory/1604-1259-0x00007FF62D0A0000-0x00007FF62D3F4000-memory.dmp	xmrig
behavioral2/memory/3360-1258-0x00007FF61FFC0000-0x00007FF620314000-memory.dmp	xmrig
behavioral2/memory/4036-1257-0x00007FF6F5E70000-0x00007FF6F61C4000-memory.dmp	xmrig
behavioral2/memory/232-1252-0x00007FF703FE0000-0x00007FF704334000-memory.dmp	xmrig
behavioral2/memory/236-1249-0x00007FF74C150000-0x00007FF74C4A4000-memory.dmp	xmrig
behavioral2/memory/3888-1248-0x00007FF7B25E0000-0x00007FF7B2934000-memory.dmp	xmrig
behavioral2/memory/244-1243-0x00007FF6A5BF0000-0x00007FF6A5F44000-memory.dmp	xmrig
behavioral2/memory/396-1239-0x00007FF6307A0000-0x00007FF630AF4000-memory.dmp	xmrig
behavioral2/memory/4692-1231-0x00007FF74CB80000-0x00007FF74CED4000-memory.dmp	xmrig
behavioral2/memory/2064-1230-0x00007FF7F1D90000-0x00007FF7F20E4000-memory.dmp	xmrig
behavioral2/memory/3324-1227-0x00007FF630DE0000-0x00007FF631134000-memory.dmp	xmrig
behavioral2/memory/3208-1401-0x00007FF63B5C0000-0x00007FF63B914000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2620	zwUXiaz.exe
4172	mAFjyVC.exe
4564	Jruixtp.exe
2136	pTVDAfw.exe
3744	EwAlSSU.exe
1800	FeiOsCW.exe
4212	sNhChWw.exe
3284	UdOBgfd.exe
3324	fzbijHF.exe
4288	Cpaycxq.exe
2064	YxJkoip.exe
4692	AOalyQs.exe
2392	yZDSTnu.exe
1344	KKYaimV.exe
396	Vejaecy.exe
244	fAbxBzg.exe
4964	OmwBsPW.exe
3888	adYpoQn.exe
236	VFJmwGu.exe
232	ckXsqNE.exe
1640	MvUPYWN.exe
2792	PUbGbGY.exe
4036	WBSHBvF.exe
3360	FUkWIBs.exe
1604	pToXGmt.exe
2844	iVYGNkz.exe
2116	XrWmjUh.exe
1728	VxvOAPz.exe
2664	kVgSXrk.exe
4956	RTdsLFl.exe
2420	WPiVecH.exe
3568	QAmDYBG.exe
4452	OuzpKNh.exe
3840	yTJOFWv.exe
1888	dnMgBiL.exe
2436	slghDbA.exe
1512	YMrtAlE.exe
2688	xAXLFlZ.exe
1784	GZTzZhT.exe
2072	CuliKfu.exe
1056	Bjqmdmp.exe
1908	rQZKtEi.exe
2968	NorqWDo.exe
644	rauDSUN.exe
3524	UMzAbHb.exe
4988	WllYKbA.exe
1384	BNnQNMG.exe
2368	gGnitrf.exe
4028	OMEdoRj.exe
4732	RDRoEnC.exe
3516	CYtVCmn.exe
4116	lCNlutu.exe
336	KeNqYid.exe
4420	PeSSsDL.exe
4316	qUtXIRK.exe
4304	EzLCGnn.exe
4792	BlsshSe.exe
4352	gkTJXPi.exe
4664	VgZeydL.exe
2952	wTdJAIo.exe
4760	qiYkgeQ.exe
8	BKrWKdP.exe
564	FaEFqvb.exe
4916	fPYXizk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3208-0-0x00007FF63B5C0000-0x00007FF63B914000-memory.dmp	upx
behavioral2/files/0x0009000000023c68-5.dat	upx
behavioral2/memory/2620-6-0x00007FF7ACD60000-0x00007FF7AD0B4000-memory.dmp	upx
behavioral2/files/0x0007000000023cc4-11.dat	upx
behavioral2/files/0x0007000000023cc5-19.dat	upx
behavioral2/files/0x0007000000023cc6-23.dat	upx
behavioral2/memory/3744-30-0x00007FF6239E0000-0x00007FF623D34000-memory.dmp	upx
behavioral2/files/0x0007000000023cca-46.dat	upx
behavioral2/files/0x0007000000023ccb-50.dat	upx
behavioral2/files/0x0007000000023cd0-76.dat	upx
behavioral2/files/0x0007000000023cd1-83.dat	upx
behavioral2/files/0x0007000000023cd3-93.dat	upx
behavioral2/files/0x0007000000023cdc-133.dat	upx
behavioral2/files/0x0007000000023ce0-161.dat	upx
behavioral2/memory/1800-1214-0x00007FF6250D0000-0x00007FF625424000-memory.dmp	upx
behavioral2/files/0x0007000000023ce3-168.dat	upx
behavioral2/files/0x0007000000023ce1-166.dat	upx
behavioral2/files/0x0007000000023ce2-163.dat	upx
behavioral2/files/0x0007000000023cdf-156.dat	upx
behavioral2/files/0x0007000000023cde-151.dat	upx
behavioral2/files/0x0007000000023cdd-146.dat	upx
behavioral2/files/0x0007000000023cdb-134.dat	upx
behavioral2/files/0x0007000000023cda-131.dat	upx
behavioral2/files/0x0007000000023cd9-123.dat	upx
behavioral2/files/0x0007000000023cd8-119.dat	upx
behavioral2/files/0x0007000000023cd7-115.dat	upx
behavioral2/files/0x0007000000023cd6-106.dat	upx
behavioral2/files/0x0007000000023cd5-103.dat	upx
behavioral2/files/0x0007000000023cd4-99.dat	upx
behavioral2/files/0x0007000000023cd2-89.dat	upx
behavioral2/files/0x0007000000023ccf-71.dat	upx
behavioral2/files/0x0007000000023cce-69.dat	upx
behavioral2/files/0x0007000000023ccd-63.dat	upx
behavioral2/files/0x0007000000023ccc-58.dat	upx
behavioral2/files/0x0007000000023cc9-43.dat	upx
behavioral2/files/0x0007000000023cc8-41.dat	upx
behavioral2/files/0x0007000000023cc7-33.dat	upx
behavioral2/memory/2136-24-0x00007FF6C5FD0000-0x00007FF6C6324000-memory.dmp	upx
behavioral2/memory/4564-18-0x00007FF688E80000-0x00007FF6891D4000-memory.dmp	upx
behavioral2/memory/4172-12-0x00007FF754240000-0x00007FF754594000-memory.dmp	upx
behavioral2/memory/3284-1222-0x00007FF7CC0F0000-0x00007FF7CC444000-memory.dmp	upx
behavioral2/memory/4288-1228-0x00007FF7FDF10000-0x00007FF7FE264000-memory.dmp	upx
behavioral2/memory/2392-1234-0x00007FF71A560000-0x00007FF71A8B4000-memory.dmp	upx
behavioral2/memory/1344-1238-0x00007FF795B00000-0x00007FF795E54000-memory.dmp	upx
behavioral2/memory/4964-1244-0x00007FF725F50000-0x00007FF7262A4000-memory.dmp	upx
behavioral2/memory/2792-1256-0x00007FF6E15E0000-0x00007FF6E1934000-memory.dmp	upx
behavioral2/memory/1640-1253-0x00007FF67F8F0000-0x00007FF67FC44000-memory.dmp	upx
behavioral2/memory/2116-1275-0x00007FF7B59C0000-0x00007FF7B5D14000-memory.dmp	upx
behavioral2/memory/4212-1281-0x00007FF6D1CC0000-0x00007FF6D2014000-memory.dmp	upx
behavioral2/memory/2664-1280-0x00007FF7E54C0000-0x00007FF7E5814000-memory.dmp	upx
behavioral2/memory/1728-1279-0x00007FF64C060000-0x00007FF64C3B4000-memory.dmp	upx
behavioral2/memory/2844-1274-0x00007FF6D2380000-0x00007FF6D26D4000-memory.dmp	upx
behavioral2/memory/1604-1259-0x00007FF62D0A0000-0x00007FF62D3F4000-memory.dmp	upx
behavioral2/memory/3360-1258-0x00007FF61FFC0000-0x00007FF620314000-memory.dmp	upx
behavioral2/memory/4036-1257-0x00007FF6F5E70000-0x00007FF6F61C4000-memory.dmp	upx
behavioral2/memory/232-1252-0x00007FF703FE0000-0x00007FF704334000-memory.dmp	upx
behavioral2/memory/236-1249-0x00007FF74C150000-0x00007FF74C4A4000-memory.dmp	upx
behavioral2/memory/3888-1248-0x00007FF7B25E0000-0x00007FF7B2934000-memory.dmp	upx
behavioral2/memory/244-1243-0x00007FF6A5BF0000-0x00007FF6A5F44000-memory.dmp	upx
behavioral2/memory/396-1239-0x00007FF6307A0000-0x00007FF630AF4000-memory.dmp	upx
behavioral2/memory/4692-1231-0x00007FF74CB80000-0x00007FF74CED4000-memory.dmp	upx
behavioral2/memory/2064-1230-0x00007FF7F1D90000-0x00007FF7F20E4000-memory.dmp	upx
behavioral2/memory/3324-1227-0x00007FF630DE0000-0x00007FF631134000-memory.dmp	upx
behavioral2/memory/3208-1401-0x00007FF63B5C0000-0x00007FF63B914000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CgiLbmI.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWWiBGV.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPoYZlR.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aoZiFdM.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJUOfoZ.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMvDQiW.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UlxefZK.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LCDbKwh.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pkYtBRs.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZespas.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JwdISyc.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCRnOle.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\feOPIDl.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZKcwao.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EyjFgLZ.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EOOMsJD.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctfCHIx.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmunUld.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFMAXld.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSMpCyH.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GsAGrbI.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzEjRYW.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPqgIeb.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdVqbZo.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WvpzAzK.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEcnoXd.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Vejaecy.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vaZyGJD.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBgiEig.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcDPARr.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBXiHrI.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILPPNtc.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlqXPSO.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pyohJih.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMuZFfZ.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vftkBTX.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\syJRtAc.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\miCSkxp.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INphgRF.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJeHkGH.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OknYybP.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXwXwKR.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhMKdOr.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIhjWSR.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wMYenqm.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\idjdGcn.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dRBYJZF.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aIzrNpZ.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btKGlfl.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mroPhPf.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTjSqPf.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJhRERC.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sXvVDcO.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMfGFeX.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eSFjksm.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeNqYid.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtcZBZl.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZXAuxy.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXpbpER.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzoDHcE.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dtwEWnv.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YxJkoip.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\imYQeCK.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XuESsAt.exe	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 2620	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 3208 wrote to memory of 2620	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 3208 wrote to memory of 4172	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3208 wrote to memory of 4172	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3208 wrote to memory of 4564	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3208 wrote to memory of 4564	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3208 wrote to memory of 2136	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3208 wrote to memory of 2136	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3208 wrote to memory of 3744	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3208 wrote to memory of 3744	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3208 wrote to memory of 1800	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3208 wrote to memory of 1800	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3208 wrote to memory of 4212	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3208 wrote to memory of 4212	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3208 wrote to memory of 3284	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3208 wrote to memory of 3284	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3208 wrote to memory of 3324	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3208 wrote to memory of 3324	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3208 wrote to memory of 4288	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3208 wrote to memory of 4288	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3208 wrote to memory of 2064	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3208 wrote to memory of 2064	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3208 wrote to memory of 4692	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3208 wrote to memory of 4692	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3208 wrote to memory of 2392	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3208 wrote to memory of 2392	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3208 wrote to memory of 1344	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3208 wrote to memory of 1344	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3208 wrote to memory of 396	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3208 wrote to memory of 396	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3208 wrote to memory of 244	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3208 wrote to memory of 244	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3208 wrote to memory of 4964	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3208 wrote to memory of 4964	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3208 wrote to memory of 3888	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3208 wrote to memory of 3888	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3208 wrote to memory of 236	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3208 wrote to memory of 236	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3208 wrote to memory of 232	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3208 wrote to memory of 232	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3208 wrote to memory of 1640	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3208 wrote to memory of 1640	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3208 wrote to memory of 2792	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3208 wrote to memory of 2792	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3208 wrote to memory of 4036	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3208 wrote to memory of 4036	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3208 wrote to memory of 3360	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3208 wrote to memory of 3360	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3208 wrote to memory of 1604	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3208 wrote to memory of 1604	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3208 wrote to memory of 2844	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3208 wrote to memory of 2844	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3208 wrote to memory of 2116	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3208 wrote to memory of 2116	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3208 wrote to memory of 1728	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3208 wrote to memory of 1728	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3208 wrote to memory of 2664	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3208 wrote to memory of 2664	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3208 wrote to memory of 4956	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3208 wrote to memory of 4956	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3208 wrote to memory of 2420	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3208 wrote to memory of 2420	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3208 wrote to memory of 3568	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3208 wrote to memory of 3568	3208	2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-11_47ebbc81fad3721e11aa54bbd5f8c4b4_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Windows\System\zwUXiaz.exe
  C:\Windows\System\zwUXiaz.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\mAFjyVC.exe
  C:\Windows\System\mAFjyVC.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\Jruixtp.exe
  C:\Windows\System\Jruixtp.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\pTVDAfw.exe
  C:\Windows\System\pTVDAfw.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\EwAlSSU.exe
  C:\Windows\System\EwAlSSU.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\FeiOsCW.exe
  C:\Windows\System\FeiOsCW.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\sNhChWw.exe
  C:\Windows\System\sNhChWw.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\UdOBgfd.exe
  C:\Windows\System\UdOBgfd.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\fzbijHF.exe
  C:\Windows\System\fzbijHF.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\Cpaycxq.exe
  C:\Windows\System\Cpaycxq.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\YxJkoip.exe
  C:\Windows\System\YxJkoip.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\AOalyQs.exe
  C:\Windows\System\AOalyQs.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\yZDSTnu.exe
  C:\Windows\System\yZDSTnu.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\KKYaimV.exe
  C:\Windows\System\KKYaimV.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\Vejaecy.exe
  C:\Windows\System\Vejaecy.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\fAbxBzg.exe
  C:\Windows\System\fAbxBzg.exe
  2⤵
  - Executes dropped EXE
  PID:244
- C:\Windows\System\OmwBsPW.exe
  C:\Windows\System\OmwBsPW.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\adYpoQn.exe
  C:\Windows\System\adYpoQn.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\VFJmwGu.exe
  C:\Windows\System\VFJmwGu.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\ckXsqNE.exe
  C:\Windows\System\ckXsqNE.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\MvUPYWN.exe
  C:\Windows\System\MvUPYWN.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\PUbGbGY.exe
  C:\Windows\System\PUbGbGY.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\WBSHBvF.exe
  C:\Windows\System\WBSHBvF.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\FUkWIBs.exe
  C:\Windows\System\FUkWIBs.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\pToXGmt.exe
  C:\Windows\System\pToXGmt.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\iVYGNkz.exe
  C:\Windows\System\iVYGNkz.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\XrWmjUh.exe
  C:\Windows\System\XrWmjUh.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\VxvOAPz.exe
  C:\Windows\System\VxvOAPz.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\kVgSXrk.exe
  C:\Windows\System\kVgSXrk.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\RTdsLFl.exe
  C:\Windows\System\RTdsLFl.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\WPiVecH.exe
  C:\Windows\System\WPiVecH.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\QAmDYBG.exe
  C:\Windows\System\QAmDYBG.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\OuzpKNh.exe
  C:\Windows\System\OuzpKNh.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\yTJOFWv.exe
  C:\Windows\System\yTJOFWv.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\dnMgBiL.exe
  C:\Windows\System\dnMgBiL.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\slghDbA.exe
  C:\Windows\System\slghDbA.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\YMrtAlE.exe
  C:\Windows\System\YMrtAlE.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\xAXLFlZ.exe
  C:\Windows\System\xAXLFlZ.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\GZTzZhT.exe
  C:\Windows\System\GZTzZhT.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\CuliKfu.exe
  C:\Windows\System\CuliKfu.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\Bjqmdmp.exe
  C:\Windows\System\Bjqmdmp.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\rQZKtEi.exe
  C:\Windows\System\rQZKtEi.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\NorqWDo.exe
  C:\Windows\System\NorqWDo.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\rauDSUN.exe
  C:\Windows\System\rauDSUN.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\UMzAbHb.exe
  C:\Windows\System\UMzAbHb.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\WllYKbA.exe
  C:\Windows\System\WllYKbA.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\BNnQNMG.exe
  C:\Windows\System\BNnQNMG.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\gGnitrf.exe
  C:\Windows\System\gGnitrf.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\OMEdoRj.exe
  C:\Windows\System\OMEdoRj.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\RDRoEnC.exe
  C:\Windows\System\RDRoEnC.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\CYtVCmn.exe
  C:\Windows\System\CYtVCmn.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\lCNlutu.exe
  C:\Windows\System\lCNlutu.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\KeNqYid.exe
  C:\Windows\System\KeNqYid.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\PeSSsDL.exe
  C:\Windows\System\PeSSsDL.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\qUtXIRK.exe
  C:\Windows\System\qUtXIRK.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\EzLCGnn.exe
  C:\Windows\System\EzLCGnn.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\BlsshSe.exe
  C:\Windows\System\BlsshSe.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\gkTJXPi.exe
  C:\Windows\System\gkTJXPi.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\VgZeydL.exe
  C:\Windows\System\VgZeydL.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\wTdJAIo.exe
  C:\Windows\System\wTdJAIo.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\qiYkgeQ.exe
  C:\Windows\System\qiYkgeQ.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\BKrWKdP.exe
  C:\Windows\System\BKrWKdP.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\FaEFqvb.exe
  C:\Windows\System\FaEFqvb.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\fPYXizk.exe
  C:\Windows\System\fPYXizk.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\PhyIheM.exe
  C:\Windows\System\PhyIheM.exe
  2⤵
  PID:216
- C:\Windows\System\LNquCAS.exe
  C:\Windows\System\LNquCAS.exe
  2⤵
  PID:4428
- C:\Windows\System\mRTvgku.exe
  C:\Windows\System\mRTvgku.exe
  2⤵
  PID:4584
- C:\Windows\System\tHzIjNO.exe
  C:\Windows\System\tHzIjNO.exe
  2⤵
  PID:2508
- C:\Windows\System\peTcofQ.exe
  C:\Windows\System\peTcofQ.exe
  2⤵
  PID:2560
- C:\Windows\System\vVgOQuO.exe
  C:\Windows\System\vVgOQuO.exe
  2⤵
  PID:1292
- C:\Windows\System\tbtJFea.exe
  C:\Windows\System\tbtJFea.exe
  2⤵
  PID:736
- C:\Windows\System\FSAdfGy.exe
  C:\Windows\System\FSAdfGy.exe
  2⤵
  PID:4924
- C:\Windows\System\ecpJWjj.exe
  C:\Windows\System\ecpJWjj.exe
  2⤵
  PID:4424
- C:\Windows\System\rOiDRGZ.exe
  C:\Windows\System\rOiDRGZ.exe
  2⤵
  PID:5100
- C:\Windows\System\KpdfxfU.exe
  C:\Windows\System\KpdfxfU.exe
  2⤵
  PID:900
- C:\Windows\System\mZpnDKB.exe
  C:\Windows\System\mZpnDKB.exe
  2⤵
  PID:2416
- C:\Windows\System\IgoWJxq.exe
  C:\Windows\System\IgoWJxq.exe
  2⤵
  PID:5056
- C:\Windows\System\WJUaBgO.exe
  C:\Windows\System\WJUaBgO.exe
  2⤵
  PID:4020
- C:\Windows\System\QiRlYdd.exe
  C:\Windows\System\QiRlYdd.exe
  2⤵
  PID:4128
- C:\Windows\System\AaVUsVZ.exe
  C:\Windows\System\AaVUsVZ.exe
  2⤵
  PID:3016
- C:\Windows\System\hYoyhXM.exe
  C:\Windows\System\hYoyhXM.exe
  2⤵
  PID:4008
- C:\Windows\System\RRIuowN.exe
  C:\Windows\System\RRIuowN.exe
  2⤵
  PID:2608
- C:\Windows\System\nInDcZk.exe
  C:\Windows\System\nInDcZk.exe
  2⤵
  PID:4688
- C:\Windows\System\Vfxmhxb.exe
  C:\Windows\System\Vfxmhxb.exe
  2⤵
  PID:1156
- C:\Windows\System\XfFnDwS.exe
  C:\Windows\System\XfFnDwS.exe
  2⤵
  PID:2612
- C:\Windows\System\npzuaIK.exe
  C:\Windows\System\npzuaIK.exe
  2⤵
  PID:532
- C:\Windows\System\WQlGpPO.exe
  C:\Windows\System\WQlGpPO.exe
  2⤵
  PID:3788
- C:\Windows\System\oZDHWxE.exe
  C:\Windows\System\oZDHWxE.exe
  2⤵
  PID:4660
- C:\Windows\System\guAVRTr.exe
  C:\Windows\System\guAVRTr.exe
  2⤵
  PID:1904
- C:\Windows\System\LuvyPjS.exe
  C:\Windows\System\LuvyPjS.exe
  2⤵
  PID:3232
- C:\Windows\System\yYygwYo.exe
  C:\Windows\System\yYygwYo.exe
  2⤵
  PID:4312
- C:\Windows\System\RmtXQVX.exe
  C:\Windows\System\RmtXQVX.exe
  2⤵
  PID:5136
- C:\Windows\System\NggMFzX.exe
  C:\Windows\System\NggMFzX.exe
  2⤵
  PID:5164
- C:\Windows\System\ZwVBTOh.exe
  C:\Windows\System\ZwVBTOh.exe
  2⤵
  PID:5192
- C:\Windows\System\fgCLXNj.exe
  C:\Windows\System\fgCLXNj.exe
  2⤵
  PID:5220
- C:\Windows\System\LkGTlJk.exe
  C:\Windows\System\LkGTlJk.exe
  2⤵
  PID:5260
- C:\Windows\System\pjzeJyg.exe
  C:\Windows\System\pjzeJyg.exe
  2⤵
  PID:5300
- C:\Windows\System\epBmeKe.exe
  C:\Windows\System\epBmeKe.exe
  2⤵
  PID:5316
- C:\Windows\System\BhMKdOr.exe
  C:\Windows\System\BhMKdOr.exe
  2⤵
  PID:5344
- C:\Windows\System\nZvWySt.exe
  C:\Windows\System\nZvWySt.exe
  2⤵
  PID:5372
- C:\Windows\System\fkbngFN.exe
  C:\Windows\System\fkbngFN.exe
  2⤵
  PID:5400
- C:\Windows\System\VXqXdYY.exe
  C:\Windows\System\VXqXdYY.exe
  2⤵
  PID:5416
- C:\Windows\System\AtzMXnu.exe
  C:\Windows\System\AtzMXnu.exe
  2⤵
  PID:5444
- C:\Windows\System\XLNiNfn.exe
  C:\Windows\System\XLNiNfn.exe
  2⤵
  PID:5472
- C:\Windows\System\amTrOws.exe
  C:\Windows\System\amTrOws.exe
  2⤵
  PID:5512
- C:\Windows\System\yXMadxD.exe
  C:\Windows\System\yXMadxD.exe
  2⤵
  PID:5540
- C:\Windows\System\JgsImPo.exe
  C:\Windows\System\JgsImPo.exe
  2⤵
  PID:5568
- C:\Windows\System\pLFjZkS.exe
  C:\Windows\System\pLFjZkS.exe
  2⤵
  PID:5596
- C:\Windows\System\JbbhKHG.exe
  C:\Windows\System\JbbhKHG.exe
  2⤵
  PID:5624
- C:\Windows\System\ISJHXne.exe
  C:\Windows\System\ISJHXne.exe
  2⤵
  PID:5664
- C:\Windows\System\OtufzWr.exe
  C:\Windows\System\OtufzWr.exe
  2⤵
  PID:5680
- C:\Windows\System\ePyEeGJ.exe
  C:\Windows\System\ePyEeGJ.exe
  2⤵
  PID:5720
- C:\Windows\System\DSuiexQ.exe
  C:\Windows\System\DSuiexQ.exe
  2⤵
  PID:5736
- C:\Windows\System\pIHiwgD.exe
  C:\Windows\System\pIHiwgD.exe
  2⤵
  PID:5776
- C:\Windows\System\UUMnffV.exe
  C:\Windows\System\UUMnffV.exe
  2⤵
  PID:5804
- C:\Windows\System\UkcnNtK.exe
  C:\Windows\System\UkcnNtK.exe
  2⤵
  PID:5820
- C:\Windows\System\XzKhifj.exe
  C:\Windows\System\XzKhifj.exe
  2⤵
  PID:5848
- C:\Windows\System\yurejWw.exe
  C:\Windows\System\yurejWw.exe
  2⤵
  PID:5876
- C:\Windows\System\vxvJmgA.exe
  C:\Windows\System\vxvJmgA.exe
  2⤵
  PID:5904
- C:\Windows\System\TUNwlly.exe
  C:\Windows\System\TUNwlly.exe
  2⤵
  PID:5932
- C:\Windows\System\lmkgZtg.exe
  C:\Windows\System\lmkgZtg.exe
  2⤵
  PID:5960
- C:\Windows\System\CMuUbqn.exe
  C:\Windows\System\CMuUbqn.exe
  2⤵
  PID:5988
- C:\Windows\System\mrtjmpz.exe
  C:\Windows\System\mrtjmpz.exe
  2⤵
  PID:6016
- C:\Windows\System\ZZalzAR.exe
  C:\Windows\System\ZZalzAR.exe
  2⤵
  PID:6044
- C:\Windows\System\TJSKufq.exe
  C:\Windows\System\TJSKufq.exe
  2⤵
  PID:6072
- C:\Windows\System\mxuhwpE.exe
  C:\Windows\System\mxuhwpE.exe
  2⤵
  PID:6088
- C:\Windows\System\xiBPvsV.exe
  C:\Windows\System\xiBPvsV.exe
  2⤵
  PID:6116
- C:\Windows\System\THwqeeY.exe
  C:\Windows\System\THwqeeY.exe
  2⤵
  PID:3680
- C:\Windows\System\ctfCHIx.exe
  C:\Windows\System\ctfCHIx.exe
  2⤵
  PID:3352
- C:\Windows\System\bXgzgZw.exe
  C:\Windows\System\bXgzgZw.exe
  2⤵
  PID:2632
- C:\Windows\System\PYNGlyy.exe
  C:\Windows\System\PYNGlyy.exe
  2⤵
  PID:756
- C:\Windows\System\mGUhedR.exe
  C:\Windows\System\mGUhedR.exe
  2⤵
  PID:432
- C:\Windows\System\qkDymva.exe
  C:\Windows\System\qkDymva.exe
  2⤵
  PID:5180
- C:\Windows\System\dMhDsCT.exe
  C:\Windows\System\dMhDsCT.exe
  2⤵
  PID:5248
- C:\Windows\System\wtUldHS.exe
  C:\Windows\System\wtUldHS.exe
  2⤵
  PID:5312
- C:\Windows\System\RVWGQka.exe
  C:\Windows\System\RVWGQka.exe
  2⤵
  PID:5408
- C:\Windows\System\IFWDtsy.exe
  C:\Windows\System\IFWDtsy.exe
  2⤵
  PID:5464
- C:\Windows\System\fAuPUpH.exe
  C:\Windows\System\fAuPUpH.exe
  2⤵
  PID:5532
- C:\Windows\System\ZfiEYEl.exe
  C:\Windows\System\ZfiEYEl.exe
  2⤵
  PID:5580
- C:\Windows\System\pIjMDkX.exe
  C:\Windows\System\pIjMDkX.exe
  2⤵
  PID:5648
- C:\Windows\System\BUqpVqF.exe
  C:\Windows\System\BUqpVqF.exe
  2⤵
  PID:5676
- C:\Windows\System\EXwzMCE.exe
  C:\Windows\System\EXwzMCE.exe
  2⤵
  PID:5748
- C:\Windows\System\QutgCME.exe
  C:\Windows\System\QutgCME.exe
  2⤵
  PID:5836
- C:\Windows\System\gCRigrM.exe
  C:\Windows\System\gCRigrM.exe
  2⤵
  PID:5900
- C:\Windows\System\MSSmmkI.exe
  C:\Windows\System\MSSmmkI.exe
  2⤵
  PID:5972
- C:\Windows\System\UzENhzV.exe
  C:\Windows\System\UzENhzV.exe
  2⤵
  PID:6004
- C:\Windows\System\sIliDzJ.exe
  C:\Windows\System\sIliDzJ.exe
  2⤵
  PID:6064
- C:\Windows\System\LAqsNeR.exe
  C:\Windows\System\LAqsNeR.exe
  2⤵
  PID:6132
- C:\Windows\System\yLlEhBq.exe
  C:\Windows\System\yLlEhBq.exe
  2⤵
  PID:1756
- C:\Windows\System\YMuZFfZ.exe
  C:\Windows\System\YMuZFfZ.exe
  2⤵
  PID:5156
- C:\Windows\System\sXreZcN.exe
  C:\Windows\System\sXreZcN.exe
  2⤵
  PID:5336
- C:\Windows\System\omzyilW.exe
  C:\Windows\System\omzyilW.exe
  2⤵
  PID:5488
- C:\Windows\System\Rknsvgd.exe
  C:\Windows\System\Rknsvgd.exe
  2⤵
  PID:5560
- C:\Windows\System\LwaMuuE.exe
  C:\Windows\System\LwaMuuE.exe
  2⤵
  PID:5788
- C:\Windows\System\ICuzjnJ.exe
  C:\Windows\System\ICuzjnJ.exe
  2⤵
  PID:6000
- C:\Windows\System\setJQLQ.exe
  C:\Windows\System\setJQLQ.exe
  2⤵
  PID:6100
- C:\Windows\System\ljwnkCI.exe
  C:\Windows\System\ljwnkCI.exe
  2⤵
  PID:6168
- C:\Windows\System\CgrlppO.exe
  C:\Windows\System\CgrlppO.exe
  2⤵
  PID:6184
- C:\Windows\System\aAIgIep.exe
  C:\Windows\System\aAIgIep.exe
  2⤵
  PID:6212
- C:\Windows\System\tOPNUfx.exe
  C:\Windows\System\tOPNUfx.exe
  2⤵
  PID:6240
- C:\Windows\System\BLljHdz.exe
  C:\Windows\System\BLljHdz.exe
  2⤵
  PID:6268
- C:\Windows\System\asxAZML.exe
  C:\Windows\System\asxAZML.exe
  2⤵
  PID:6296
- C:\Windows\System\yNYWjWG.exe
  C:\Windows\System\yNYWjWG.exe
  2⤵
  PID:6336
- C:\Windows\System\TrWjMWy.exe
  C:\Windows\System\TrWjMWy.exe
  2⤵
  PID:6364
- C:\Windows\System\CJHnmlI.exe
  C:\Windows\System\CJHnmlI.exe
  2⤵
  PID:6392
- C:\Windows\System\vdhMFpT.exe
  C:\Windows\System\vdhMFpT.exe
  2⤵
  PID:6408
- C:\Windows\System\brpaQDB.exe
  C:\Windows\System\brpaQDB.exe
  2⤵
  PID:6436
- C:\Windows\System\jPNZPfC.exe
  C:\Windows\System\jPNZPfC.exe
  2⤵
  PID:6464
- C:\Windows\System\QALLGoL.exe
  C:\Windows\System\QALLGoL.exe
  2⤵
  PID:6492
- C:\Windows\System\oIFVeIm.exe
  C:\Windows\System\oIFVeIm.exe
  2⤵
  PID:6532
- C:\Windows\System\xcpYzbD.exe
  C:\Windows\System\xcpYzbD.exe
  2⤵
  PID:6572
- C:\Windows\System\BvCbHBp.exe
  C:\Windows\System\BvCbHBp.exe
  2⤵
  PID:6600
- C:\Windows\System\vszFbSU.exe
  C:\Windows\System\vszFbSU.exe
  2⤵
  PID:6616
- C:\Windows\System\uhseQps.exe
  C:\Windows\System\uhseQps.exe
  2⤵
  PID:6644
- C:\Windows\System\pkYtBRs.exe
  C:\Windows\System\pkYtBRs.exe
  2⤵
  PID:6672
- C:\Windows\System\MwuZeTe.exe
  C:\Windows\System\MwuZeTe.exe
  2⤵
  PID:6688
- C:\Windows\System\NfSSbvm.exe
  C:\Windows\System\NfSSbvm.exe
  2⤵
  PID:6716
- C:\Windows\System\QqZyflD.exe
  C:\Windows\System\QqZyflD.exe
  2⤵
  PID:6756
- C:\Windows\System\Fhgfayo.exe
  C:\Windows\System\Fhgfayo.exe
  2⤵
  PID:6784
- C:\Windows\System\tmSVRKn.exe
  C:\Windows\System\tmSVRKn.exe
  2⤵
  PID:6812
- C:\Windows\System\XDXqCUE.exe
  C:\Windows\System\XDXqCUE.exe
  2⤵
  PID:6828
- C:\Windows\System\epblGaK.exe
  C:\Windows\System\epblGaK.exe
  2⤵
  PID:6856
- C:\Windows\System\WiASHAz.exe
  C:\Windows\System\WiASHAz.exe
  2⤵
  PID:6896
- C:\Windows\System\ObLkiGw.exe
  C:\Windows\System\ObLkiGw.exe
  2⤵
  PID:6924
- C:\Windows\System\GOfRFhz.exe
  C:\Windows\System\GOfRFhz.exe
  2⤵
  PID:6952
- C:\Windows\System\BtBVdBe.exe
  C:\Windows\System\BtBVdBe.exe
  2⤵
  PID:6968
- C:\Windows\System\VcZqEnp.exe
  C:\Windows\System\VcZqEnp.exe
  2⤵
  PID:7008
- C:\Windows\System\xTeVROq.exe
  C:\Windows\System\xTeVROq.exe
  2⤵
  PID:7036
- C:\Windows\System\bJxnKYK.exe
  C:\Windows\System\bJxnKYK.exe
  2⤵
  PID:7052
- C:\Windows\System\IqAnkTZ.exe
  C:\Windows\System\IqAnkTZ.exe
  2⤵
  PID:7080
- C:\Windows\System\DagUnDV.exe
  C:\Windows\System\DagUnDV.exe
  2⤵
  PID:7108
- C:\Windows\System\jvhIkkX.exe
  C:\Windows\System\jvhIkkX.exe
  2⤵
  PID:7136
- C:\Windows\System\nRDfNvD.exe
  C:\Windows\System\nRDfNvD.exe
  2⤵
  PID:7164
- C:\Windows\System\zznusJg.exe
  C:\Windows\System\zznusJg.exe
  2⤵
  PID:5148
- C:\Windows\System\HkIvzjA.exe
  C:\Windows\System\HkIvzjA.exe
  2⤵
  PID:5436
- C:\Windows\System\lQwmYaM.exe
  C:\Windows\System\lQwmYaM.exe
  2⤵
  PID:5864
- C:\Windows\System\ejbBXXj.exe
  C:\Windows\System\ejbBXXj.exe
  2⤵
  PID:6156
- C:\Windows\System\OOlfMvB.exe
  C:\Windows\System\OOlfMvB.exe
  2⤵
  PID:6224
- C:\Windows\System\IVasRFJ.exe
  C:\Windows\System\IVasRFJ.exe
  2⤵
  PID:6284
- C:\Windows\System\hlweGRt.exe
  C:\Windows\System\hlweGRt.exe
  2⤵
  PID:6352
- C:\Windows\System\qRJiHzG.exe
  C:\Windows\System\qRJiHzG.exe
  2⤵
  PID:6404
- C:\Windows\System\IruVEkI.exe
  C:\Windows\System\IruVEkI.exe
  2⤵
  PID:6476
- C:\Windows\System\byMcAjB.exe
  C:\Windows\System\byMcAjB.exe
  2⤵
  PID:6544
- C:\Windows\System\taYOzQy.exe
  C:\Windows\System\taYOzQy.exe
  2⤵
  PID:6636
- C:\Windows\System\umJturq.exe
  C:\Windows\System\umJturq.exe
  2⤵
  PID:4376
- C:\Windows\System\ToWIDSO.exe
  C:\Windows\System\ToWIDSO.exe
  2⤵
  PID:6748
- C:\Windows\System\mAtDkzr.exe
  C:\Windows\System\mAtDkzr.exe
  2⤵
  PID:6820
- C:\Windows\System\gexOClW.exe
  C:\Windows\System\gexOClW.exe
  2⤵
  PID:6876
- C:\Windows\System\WqAbTak.exe
  C:\Windows\System\WqAbTak.exe
  2⤵
  PID:6940
- C:\Windows\System\rylRoFl.exe
  C:\Windows\System\rylRoFl.exe
  2⤵
  PID:7000
- C:\Windows\System\pOXXCAA.exe
  C:\Windows\System\pOXXCAA.exe
  2⤵
  PID:7068
- C:\Windows\System\SpZyIcV.exe
  C:\Windows\System\SpZyIcV.exe
  2⤵
  PID:7128
- C:\Windows\System\wVLYjxZ.exe
  C:\Windows\System\wVLYjxZ.exe
  2⤵
  PID:5272
- C:\Windows\System\fXDJXUJ.exe
  C:\Windows\System\fXDJXUJ.exe
  2⤵
  PID:5948
- C:\Windows\System\zBPWwbQ.exe
  C:\Windows\System\zBPWwbQ.exe
  2⤵
  PID:6252
- C:\Windows\System\jNAjYEX.exe
  C:\Windows\System\jNAjYEX.exe
  2⤵
  PID:6324
- C:\Windows\System\PONjlyk.exe
  C:\Windows\System\PONjlyk.exe
  2⤵
  PID:6452
- C:\Windows\System\fXhJqfw.exe
  C:\Windows\System\fXhJqfw.exe
  2⤵
  PID:6612
- C:\Windows\System\WtXFYaJ.exe
  C:\Windows\System\WtXFYaJ.exe
  2⤵
  PID:6844
- C:\Windows\System\QRlPwfW.exe
  C:\Windows\System\QRlPwfW.exe
  2⤵
  PID:6980
- C:\Windows\System\VgtBJgo.exe
  C:\Windows\System\VgtBJgo.exe
  2⤵
  PID:7120
- C:\Windows\System\drkekFE.exe
  C:\Windows\System\drkekFE.exe
  2⤵
  PID:7180
- C:\Windows\System\WEVGZty.exe
  C:\Windows\System\WEVGZty.exe
  2⤵
  PID:7196
- C:\Windows\System\WtcZBZl.exe
  C:\Windows\System\WtcZBZl.exe
  2⤵
  PID:7224
- C:\Windows\System\TzuxEUr.exe
  C:\Windows\System\TzuxEUr.exe
  2⤵
  PID:7252
- C:\Windows\System\SUKsCGf.exe
  C:\Windows\System\SUKsCGf.exe
  2⤵
  PID:7280
- C:\Windows\System\WxNNKpI.exe
  C:\Windows\System\WxNNKpI.exe
  2⤵
  PID:7308
- C:\Windows\System\NdawWYX.exe
  C:\Windows\System\NdawWYX.exe
  2⤵
  PID:7336
- C:\Windows\System\ILfahMK.exe
  C:\Windows\System\ILfahMK.exe
  2⤵
  PID:7364
- C:\Windows\System\qHSpYvT.exe
  C:\Windows\System\qHSpYvT.exe
  2⤵
  PID:7380
- C:\Windows\System\clKsCQd.exe
  C:\Windows\System\clKsCQd.exe
  2⤵
  PID:7408
- C:\Windows\System\zvqeCtw.exe
  C:\Windows\System\zvqeCtw.exe
  2⤵
  PID:7436
- C:\Windows\System\Qapoqhf.exe
  C:\Windows\System\Qapoqhf.exe
  2⤵
  PID:7464
- C:\Windows\System\OpqKxCh.exe
  C:\Windows\System\OpqKxCh.exe
  2⤵
  PID:7480
- C:\Windows\System\thbLiyc.exe
  C:\Windows\System\thbLiyc.exe
  2⤵
  PID:7516
- C:\Windows\System\GzCLtYn.exe
  C:\Windows\System\GzCLtYn.exe
  2⤵
  PID:7560
- C:\Windows\System\AiwOdcZ.exe
  C:\Windows\System\AiwOdcZ.exe
  2⤵
  PID:7600
- C:\Windows\System\ekydsPv.exe
  C:\Windows\System\ekydsPv.exe
  2⤵
  PID:7616
- C:\Windows\System\imYQeCK.exe
  C:\Windows\System\imYQeCK.exe
  2⤵
  PID:7644
- C:\Windows\System\akiMrgB.exe
  C:\Windows\System\akiMrgB.exe
  2⤵
  PID:7660
- C:\Windows\System\BrUffJp.exe
  C:\Windows\System\BrUffJp.exe
  2⤵
  PID:7688
- C:\Windows\System\TykIbIC.exe
  C:\Windows\System\TykIbIC.exe
  2⤵
  PID:7716
- C:\Windows\System\mPFRvhj.exe
  C:\Windows\System\mPFRvhj.exe
  2⤵
  PID:7744
- C:\Windows\System\LmunUld.exe
  C:\Windows\System\LmunUld.exe
  2⤵
  PID:7772
- C:\Windows\System\PHtYYno.exe
  C:\Windows\System\PHtYYno.exe
  2⤵
  PID:7800
- C:\Windows\System\MvVZoTE.exe
  C:\Windows\System\MvVZoTE.exe
  2⤵
  PID:7828
- C:\Windows\System\GGHYoVC.exe
  C:\Windows\System\GGHYoVC.exe
  2⤵
  PID:7856
- C:\Windows\System\tOafgTx.exe
  C:\Windows\System\tOafgTx.exe
  2⤵
  PID:7884
- C:\Windows\System\VhoWJCK.exe
  C:\Windows\System\VhoWJCK.exe
  2⤵
  PID:7912
- C:\Windows\System\HudMxyo.exe
  C:\Windows\System\HudMxyo.exe
  2⤵
  PID:7940
- C:\Windows\System\VKLDIRy.exe
  C:\Windows\System\VKLDIRy.exe
  2⤵
  PID:7968
- C:\Windows\System\tMVIyAQ.exe
  C:\Windows\System\tMVIyAQ.exe
  2⤵
  PID:8008
- C:\Windows\System\XuESsAt.exe
  C:\Windows\System\XuESsAt.exe
  2⤵
  PID:8036
- C:\Windows\System\racHNFn.exe
  C:\Windows\System\racHNFn.exe
  2⤵
  PID:8052
- C:\Windows\System\iJeLsiV.exe
  C:\Windows\System\iJeLsiV.exe
  2⤵
  PID:8080
- C:\Windows\System\CgiLbmI.exe
  C:\Windows\System\CgiLbmI.exe
  2⤵
  PID:8120
- C:\Windows\System\QsVJKDp.exe
  C:\Windows\System\QsVJKDp.exe
  2⤵
  PID:8148
- C:\Windows\System\TwGTaQI.exe
  C:\Windows\System\TwGTaQI.exe
  2⤵
  PID:8176
- C:\Windows\System\zBTDrMt.exe
  C:\Windows\System\zBTDrMt.exe
  2⤵
  PID:6312
- C:\Windows\System\uVSYSog.exe
  C:\Windows\System\uVSYSog.exe
  2⤵
  PID:6680
- C:\Windows\System\mMguBFK.exe
  C:\Windows\System\mMguBFK.exe
  2⤵
  PID:6936
- C:\Windows\System\sLfwbBX.exe
  C:\Windows\System\sLfwbBX.exe
  2⤵
  PID:7188
- C:\Windows\System\NQOMEYO.exe
  C:\Windows\System\NQOMEYO.exe
  2⤵
  PID:7248
- C:\Windows\System\MZXAuxy.exe
  C:\Windows\System\MZXAuxy.exe
  2⤵
  PID:7320
- C:\Windows\System\LLrhdqC.exe
  C:\Windows\System\LLrhdqC.exe
  2⤵
  PID:7376
- C:\Windows\System\HDLZCCY.exe
  C:\Windows\System\HDLZCCY.exe
  2⤵
  PID:7448
- C:\Windows\System\AaLhKqw.exe
  C:\Windows\System\AaLhKqw.exe
  2⤵
  PID:7504
- C:\Windows\System\fmnQLdB.exe
  C:\Windows\System\fmnQLdB.exe
  2⤵
  PID:7576
- C:\Windows\System\jsMExmm.exe
  C:\Windows\System\jsMExmm.exe
  2⤵
  PID:7636
- C:\Windows\System\McThhPu.exe
  C:\Windows\System\McThhPu.exe
  2⤵
  PID:7704
- C:\Windows\System\KOWyJwb.exe
  C:\Windows\System\KOWyJwb.exe
  2⤵
  PID:7764
- C:\Windows\System\XcJQWtr.exe
  C:\Windows\System\XcJQWtr.exe
  2⤵
  PID:7840
- C:\Windows\System\BisLHts.exe
  C:\Windows\System\BisLHts.exe
  2⤵
  PID:7872
- C:\Windows\System\yOboJin.exe
  C:\Windows\System\yOboJin.exe
  2⤵
  PID:7932
- C:\Windows\System\mIeqcRt.exe
  C:\Windows\System\mIeqcRt.exe
  2⤵
  PID:8000
- C:\Windows\System\nxmwHvt.exe
  C:\Windows\System\nxmwHvt.exe
  2⤵
  PID:8068
- C:\Windows\System\GIhmMAS.exe
  C:\Windows\System\GIhmMAS.exe
  2⤵
  PID:8140
- C:\Windows\System\AFjdJWe.exe
  C:\Windows\System\AFjdJWe.exe
  2⤵
  PID:6196
- C:\Windows\System\QzCaHjT.exe
  C:\Windows\System\QzCaHjT.exe
  2⤵
  PID:6180
- C:\Windows\System\thZXXeD.exe
  C:\Windows\System\thZXXeD.exe
  2⤵
  PID:7348
- C:\Windows\System\zmuWzCs.exe
  C:\Windows\System\zmuWzCs.exe
  2⤵
  PID:7492
- C:\Windows\System\bXKrUsL.exe
  C:\Windows\System\bXKrUsL.exe
  2⤵
  PID:7632
- C:\Windows\System\nqExnXL.exe
  C:\Windows\System\nqExnXL.exe
  2⤵
  PID:7792
- C:\Windows\System\ZcexMcM.exe
  C:\Windows\System\ZcexMcM.exe
  2⤵
  PID:7924
- C:\Windows\System\ZBOxvmn.exe
  C:\Windows\System\ZBOxvmn.exe
  2⤵
  PID:8028
- C:\Windows\System\WNgYiOW.exe
  C:\Windows\System\WNgYiOW.exe
  2⤵
  PID:8164
- C:\Windows\System\cagltNB.exe
  C:\Windows\System\cagltNB.exe
  2⤵
  PID:8224
- C:\Windows\System\bFlsPeL.exe
  C:\Windows\System\bFlsPeL.exe
  2⤵
  PID:8252
- C:\Windows\System\ClFXeJk.exe
  C:\Windows\System\ClFXeJk.exe
  2⤵
  PID:8280
- C:\Windows\System\adcrUDS.exe
  C:\Windows\System\adcrUDS.exe
  2⤵
  PID:8316
- C:\Windows\System\NDKVTfU.exe
  C:\Windows\System\NDKVTfU.exe
  2⤵
  PID:8336
- C:\Windows\System\ZNKZIGd.exe
  C:\Windows\System\ZNKZIGd.exe
  2⤵
  PID:8364
- C:\Windows\System\qWleyqf.exe
  C:\Windows\System\qWleyqf.exe
  2⤵
  PID:8388
- C:\Windows\System\DnBWXig.exe
  C:\Windows\System\DnBWXig.exe
  2⤵
  PID:8420
- C:\Windows\System\DiymaKS.exe
  C:\Windows\System\DiymaKS.exe
  2⤵
  PID:8444
- C:\Windows\System\ScUFWzM.exe
  C:\Windows\System\ScUFWzM.exe
  2⤵
  PID:8472
- C:\Windows\System\tuTVKDA.exe
  C:\Windows\System\tuTVKDA.exe
  2⤵
  PID:8504
- C:\Windows\System\kkrBeIh.exe
  C:\Windows\System\kkrBeIh.exe
  2⤵
  PID:8528
- C:\Windows\System\YwmXrxQ.exe
  C:\Windows\System\YwmXrxQ.exe
  2⤵
  PID:8560
- C:\Windows\System\hJAfCnj.exe
  C:\Windows\System\hJAfCnj.exe
  2⤵
  PID:8584
- C:\Windows\System\UleydFY.exe
  C:\Windows\System\UleydFY.exe
  2⤵
  PID:8612
- C:\Windows\System\YmaMoGu.exe
  C:\Windows\System\YmaMoGu.exe
  2⤵
  PID:8644
- C:\Windows\System\NXrwfPY.exe
  C:\Windows\System\NXrwfPY.exe
  2⤵
  PID:8672
- C:\Windows\System\DEzlZEr.exe
  C:\Windows\System\DEzlZEr.exe
  2⤵
  PID:8700
- C:\Windows\System\DOmgMFX.exe
  C:\Windows\System\DOmgMFX.exe
  2⤵
  PID:8728
- C:\Windows\System\taUPMjD.exe
  C:\Windows\System\taUPMjD.exe
  2⤵
  PID:8756
- C:\Windows\System\miPhRLs.exe
  C:\Windows\System\miPhRLs.exe
  2⤵
  PID:8780
- C:\Windows\System\vaZyGJD.exe
  C:\Windows\System\vaZyGJD.exe
  2⤵
  PID:8808
- C:\Windows\System\PcziDWG.exe
  C:\Windows\System\PcziDWG.exe
  2⤵
  PID:8836
- C:\Windows\System\HZXViVf.exe
  C:\Windows\System\HZXViVf.exe
  2⤵
  PID:8864
- C:\Windows\System\AcyKNbe.exe
  C:\Windows\System\AcyKNbe.exe
  2⤵
  PID:8892
- C:\Windows\System\TjCHgek.exe
  C:\Windows\System\TjCHgek.exe
  2⤵
  PID:8920
- C:\Windows\System\qzEjRYW.exe
  C:\Windows\System\qzEjRYW.exe
  2⤵
  PID:8948
- C:\Windows\System\oRiSGOY.exe
  C:\Windows\System\oRiSGOY.exe
  2⤵
  PID:8976
- C:\Windows\System\MtkKleq.exe
  C:\Windows\System\MtkKleq.exe
  2⤵
  PID:9004
- C:\Windows\System\UoaBMsj.exe
  C:\Windows\System\UoaBMsj.exe
  2⤵
  PID:9032
- C:\Windows\System\mhQjPLL.exe
  C:\Windows\System\mhQjPLL.exe
  2⤵
  PID:9060
- C:\Windows\System\tCbGZle.exe
  C:\Windows\System\tCbGZle.exe
  2⤵
  PID:9088
- C:\Windows\System\rzbRwPe.exe
  C:\Windows\System\rzbRwPe.exe
  2⤵
  PID:9120
- C:\Windows\System\lrYowGb.exe
  C:\Windows\System\lrYowGb.exe
  2⤵
  PID:9144
- C:\Windows\System\GiSHrYs.exe
  C:\Windows\System\GiSHrYs.exe
  2⤵
  PID:9172
- C:\Windows\System\imaPNzm.exe
  C:\Windows\System\imaPNzm.exe
  2⤵
  PID:9200
- C:\Windows\System\ijKotbF.exe
  C:\Windows\System\ijKotbF.exe
  2⤵
  PID:7240
- C:\Windows\System\ZxfdnDM.exe
  C:\Windows\System\ZxfdnDM.exe
  2⤵
  PID:7572
- C:\Windows\System\KVWSUnk.exe
  C:\Windows\System\KVWSUnk.exe
  2⤵
  PID:7900
- C:\Windows\System\gLsxJNq.exe
  C:\Windows\System\gLsxJNq.exe
  2⤵
  PID:8212
- C:\Windows\System\NTlIitn.exe
  C:\Windows\System\NTlIitn.exe
  2⤵
  PID:8304
- C:\Windows\System\gXzwPUm.exe
  C:\Windows\System\gXzwPUm.exe
  2⤵
  PID:8348
- C:\Windows\System\hKYAuTj.exe
  C:\Windows\System\hKYAuTj.exe
  2⤵
  PID:8408
- C:\Windows\System\TQVbRzq.exe
  C:\Windows\System\TQVbRzq.exe
  2⤵
  PID:8440
- C:\Windows\System\tvBlCjR.exe
  C:\Windows\System\tvBlCjR.exe
  2⤵
  PID:8516
- C:\Windows\System\fiZWiWx.exe
  C:\Windows\System\fiZWiWx.exe
  2⤵
  PID:8548
- C:\Windows\System\XUocKtk.exe
  C:\Windows\System\XUocKtk.exe
  2⤵
  PID:8660
- C:\Windows\System\PAOOXFR.exe
  C:\Windows\System\PAOOXFR.exe
  2⤵
  PID:8720
- C:\Windows\System\bSzheOI.exe
  C:\Windows\System\bSzheOI.exe
  2⤵
  PID:8768
- C:\Windows\System\WnCIvou.exe
  C:\Windows\System\WnCIvou.exe
  2⤵
  PID:8856
- C:\Windows\System\NQSAEay.exe
  C:\Windows\System\NQSAEay.exe
  2⤵
  PID:8916
- C:\Windows\System\oHpZoTz.exe
  C:\Windows\System\oHpZoTz.exe
  2⤵
  PID:8964
- C:\Windows\System\uEufzwi.exe
  C:\Windows\System\uEufzwi.exe
  2⤵
  PID:9024
- C:\Windows\System\OkrDhDJ.exe
  C:\Windows\System\OkrDhDJ.exe
  2⤵
  PID:9112
- C:\Windows\System\fEsumyJ.exe
  C:\Windows\System\fEsumyJ.exe
  2⤵
  PID:9188
- C:\Windows\System\iaVpGkv.exe
  C:\Windows\System\iaVpGkv.exe
  2⤵
  PID:6908
- C:\Windows\System\HTjSqPf.exe
  C:\Windows\System\HTjSqPf.exe
  2⤵
  PID:7848
- C:\Windows\System\vrDssru.exe
  C:\Windows\System\vrDssru.exe
  2⤵
  PID:8272
- C:\Windows\System\dOZdIrM.exe
  C:\Windows\System\dOZdIrM.exe
  2⤵
  PID:8432
- C:\Windows\System\eRTwccF.exe
  C:\Windows\System\eRTwccF.exe
  2⤵
  PID:8544
- C:\Windows\System\MvXcvHg.exe
  C:\Windows\System\MvXcvHg.exe
  2⤵
  PID:8688
- C:\Windows\System\tmLjLmL.exe
  C:\Windows\System\tmLjLmL.exe
  2⤵
  PID:8828
- C:\Windows\System\sgMXfGw.exe
  C:\Windows\System\sgMXfGw.exe
  2⤵
  PID:8992
- C:\Windows\System\sKOdAMh.exe
  C:\Windows\System\sKOdAMh.exe
  2⤵
  PID:9084
- C:\Windows\System\QjuPhiQ.exe
  C:\Windows\System\QjuPhiQ.exe
  2⤵
  PID:7428
- C:\Windows\System\gaoxLmU.exe
  C:\Windows\System\gaoxLmU.exe
  2⤵
  PID:8332
- C:\Windows\System\reAdbGO.exe
  C:\Windows\System\reAdbGO.exe
  2⤵
  PID:9244
- C:\Windows\System\VIuPwjX.exe
  C:\Windows\System\VIuPwjX.exe
  2⤵
  PID:9272
- C:\Windows\System\EeQQtIv.exe
  C:\Windows\System\EeQQtIv.exe
  2⤵
  PID:9300
- C:\Windows\System\adgvlGE.exe
  C:\Windows\System\adgvlGE.exe
  2⤵
  PID:9328
- C:\Windows\System\PuHJYja.exe
  C:\Windows\System\PuHJYja.exe
  2⤵
  PID:9356
- C:\Windows\System\WzrriSF.exe
  C:\Windows\System\WzrriSF.exe
  2⤵
  PID:9384
- C:\Windows\System\fmYkbVH.exe
  C:\Windows\System\fmYkbVH.exe
  2⤵
  PID:9412
- C:\Windows\System\pXGSVET.exe
  C:\Windows\System\pXGSVET.exe
  2⤵
  PID:9440
- C:\Windows\System\EWWiBGV.exe
  C:\Windows\System\EWWiBGV.exe
  2⤵
  PID:9468
- C:\Windows\System\Rkpikll.exe
  C:\Windows\System\Rkpikll.exe
  2⤵
  PID:9496
- C:\Windows\System\ngpehGr.exe
  C:\Windows\System\ngpehGr.exe
  2⤵
  PID:9524
- C:\Windows\System\SuBzrjT.exe
  C:\Windows\System\SuBzrjT.exe
  2⤵
  PID:9552
- C:\Windows\System\gtMvihG.exe
  C:\Windows\System\gtMvihG.exe
  2⤵
  PID:9580
- C:\Windows\System\sXFQIvu.exe
  C:\Windows\System\sXFQIvu.exe
  2⤵
  PID:9608
- C:\Windows\System\hfpXspT.exe
  C:\Windows\System\hfpXspT.exe
  2⤵
  PID:9636
- C:\Windows\System\oNoARnQ.exe
  C:\Windows\System\oNoARnQ.exe
  2⤵
  PID:9676
- C:\Windows\System\zQBJHSD.exe
  C:\Windows\System\zQBJHSD.exe
  2⤵
  PID:9704
- C:\Windows\System\HAlSLlr.exe
  C:\Windows\System\HAlSLlr.exe
  2⤵
  PID:9732
- C:\Windows\System\aWFLZcv.exe
  C:\Windows\System\aWFLZcv.exe
  2⤵
  PID:9756
- C:\Windows\System\hYHMYym.exe
  C:\Windows\System\hYHMYym.exe
  2⤵
  PID:9788
- C:\Windows\System\eLPBQcv.exe
  C:\Windows\System\eLPBQcv.exe
  2⤵
  PID:9816
- C:\Windows\System\wdWpvQK.exe
  C:\Windows\System\wdWpvQK.exe
  2⤵
  PID:9832
- C:\Windows\System\cKOYRvv.exe
  C:\Windows\System\cKOYRvv.exe
  2⤵
  PID:9860
- C:\Windows\System\ptGWydN.exe
  C:\Windows\System\ptGWydN.exe
  2⤵
  PID:9888
- C:\Windows\System\EQKMIzi.exe
  C:\Windows\System\EQKMIzi.exe
  2⤵
  PID:9916
- C:\Windows\System\xNDhoyz.exe
  C:\Windows\System\xNDhoyz.exe
  2⤵
  PID:9944
- C:\Windows\System\vhbnoWY.exe
  C:\Windows\System\vhbnoWY.exe
  2⤵
  PID:9972
- C:\Windows\System\ccmVxkW.exe
  C:\Windows\System\ccmVxkW.exe
  2⤵
  PID:10000
- C:\Windows\System\RYUWgRk.exe
  C:\Windows\System\RYUWgRk.exe
  2⤵
  PID:10040
- C:\Windows\System\nlApwqt.exe
  C:\Windows\System\nlApwqt.exe
  2⤵
  PID:10068
- C:\Windows\System\qsinzIr.exe
  C:\Windows\System\qsinzIr.exe
  2⤵
  PID:10168
- C:\Windows\System\sSnQLGC.exe
  C:\Windows\System\sSnQLGC.exe
  2⤵
  PID:10188
- C:\Windows\System\aHuZsCM.exe
  C:\Windows\System\aHuZsCM.exe
  2⤵
  PID:10208
- C:\Windows\System\hFjAlIm.exe
  C:\Windows\System\hFjAlIm.exe
  2⤵
  PID:8492
- C:\Windows\System\lPqgIeb.exe
  C:\Windows\System\lPqgIeb.exe
  2⤵
  PID:2796
- C:\Windows\System\JpKCZvh.exe
  C:\Windows\System\JpKCZvh.exe
  2⤵
  PID:3808
- C:\Windows\System\ZMUUirR.exe
  C:\Windows\System\ZMUUirR.exe
  2⤵
  PID:9284
- C:\Windows\System\FnDWkJK.exe
  C:\Windows\System\FnDWkJK.exe
  2⤵
  PID:9340
- C:\Windows\System\aZespas.exe
  C:\Windows\System\aZespas.exe
  2⤵
  PID:9508
- C:\Windows\System\niUWGOk.exe
  C:\Windows\System\niUWGOk.exe
  2⤵
  PID:9544
- C:\Windows\System\RfvHDwV.exe
  C:\Windows\System\RfvHDwV.exe
  2⤵
  PID:9620
- C:\Windows\System\KrkDzci.exe
  C:\Windows\System\KrkDzci.exe
  2⤵
  PID:4200
- C:\Windows\System\aeZvrgt.exe
  C:\Windows\System\aeZvrgt.exe
  2⤵
  PID:9696
- C:\Windows\System\dRBYJZF.exe
  C:\Windows\System\dRBYJZF.exe
  2⤵
  PID:9744
- C:\Windows\System\nkprsqG.exe
  C:\Windows\System\nkprsqG.exe
  2⤵
  PID:2728
- C:\Windows\System\XORYYIC.exe
  C:\Windows\System\XORYYIC.exe
  2⤵
  PID:10024
- C:\Windows\System\mGapidq.exe
  C:\Windows\System\mGapidq.exe
  2⤵
  PID:10032
- C:\Windows\System\wjcueHQ.exe
  C:\Windows\System\wjcueHQ.exe
  2⤵
  PID:3688
- C:\Windows\System\gynpjTQ.exe
  C:\Windows\System\gynpjTQ.exe
  2⤵
  PID:9960
- C:\Windows\System\WBAAMSn.exe
  C:\Windows\System\WBAAMSn.exe
  2⤵
  PID:3800
- C:\Windows\System\qYzyvbl.exe
  C:\Windows\System\qYzyvbl.exe
  2⤵
  PID:4540
- C:\Windows\System\nuGBDwX.exe
  C:\Windows\System\nuGBDwX.exe
  2⤵
  PID:2452
- C:\Windows\System\ElDhqzX.exe
  C:\Windows\System\ElDhqzX.exe
  2⤵
  PID:2976
- C:\Windows\System\WOOxQoh.exe
  C:\Windows\System\WOOxQoh.exe
  2⤵
  PID:10176
- C:\Windows\System\fCzeoxo.exe
  C:\Windows\System\fCzeoxo.exe
  2⤵
  PID:9160
- C:\Windows\System\xpWgCTX.exe
  C:\Windows\System\xpWgCTX.exe
  2⤵
  PID:9268
- C:\Windows\System\MdLQNhU.exe
  C:\Windows\System\MdLQNhU.exe
  2⤵
  PID:9424
- C:\Windows\System\hHkeyft.exe
  C:\Windows\System\hHkeyft.exe
  2⤵
  PID:9724
- C:\Windows\System\ViFgMHT.exe
  C:\Windows\System\ViFgMHT.exe
  2⤵
  PID:4708
- C:\Windows\System\iGOZOCn.exe
  C:\Windows\System\iGOZOCn.exe
  2⤵
  PID:252
- C:\Windows\System\nsLkdSU.exe
  C:\Windows\System\nsLkdSU.exe
  2⤵
  PID:4204
- C:\Windows\System\MyyidsF.exe
  C:\Windows\System\MyyidsF.exe
  2⤵
  PID:4716
- C:\Windows\System\NwvZMZP.exe
  C:\Windows\System\NwvZMZP.exe
  2⤵
  PID:936
- C:\Windows\System\FkPTMew.exe
  C:\Windows\System\FkPTMew.exe
  2⤵
  PID:1884
- C:\Windows\System\WLxLLZA.exe
  C:\Windows\System\WLxLLZA.exe
  2⤵
  PID:2800
- C:\Windows\System\HntGhqb.exe
  C:\Windows\System\HntGhqb.exe
  2⤵
  PID:3768
- C:\Windows\System\fCmpRRl.exe
  C:\Windows\System\fCmpRRl.exe
  2⤵
  PID:4480
- C:\Windows\System\JwdISyc.exe
  C:\Windows\System\JwdISyc.exe
  2⤵
  PID:4248
- C:\Windows\System\wLFWczo.exe
  C:\Windows\System\wLFWczo.exe
  2⤵
  PID:4948
- C:\Windows\System\qScUcPz.exe
  C:\Windows\System\qScUcPz.exe
  2⤵
  PID:2192
- C:\Windows\System\tCBybxR.exe
  C:\Windows\System\tCBybxR.exe
  2⤵
  PID:10052
- C:\Windows\System\MuFhwcx.exe
  C:\Windows\System\MuFhwcx.exe
  2⤵
  PID:2032
- C:\Windows\System\wwdHoCn.exe
  C:\Windows\System\wwdHoCn.exe
  2⤵
  PID:4932
- C:\Windows\System\qJcZMIH.exe
  C:\Windows\System\qJcZMIH.exe
  2⤵
  PID:3540
- C:\Windows\System\qxNHtes.exe
  C:\Windows\System\qxNHtes.exe
  2⤵
  PID:2924
- C:\Windows\System\sfhDMBA.exe
  C:\Windows\System\sfhDMBA.exe
  2⤵
  PID:9572
- C:\Windows\System\UunftVH.exe
  C:\Windows\System\UunftVH.exe
  2⤵
  PID:9784
- C:\Windows\System\hHerLEn.exe
  C:\Windows\System\hHerLEn.exe
  2⤵
  PID:8796
- C:\Windows\System\ePNSMFj.exe
  C:\Windows\System\ePNSMFj.exe
  2⤵
  PID:9428
- C:\Windows\System\ooSBPVj.exe
  C:\Windows\System\ooSBPVj.exe
  2⤵
  PID:3496
- C:\Windows\System\EaoSTgr.exe
  C:\Windows\System\EaoSTgr.exe
  2⤵
  PID:5028
- C:\Windows\System\wHqykuW.exe
  C:\Windows\System\wHqykuW.exe
  2⤵
  PID:3652
- C:\Windows\System\SzrkekK.exe
  C:\Windows\System\SzrkekK.exe
  2⤵
  PID:3988
- C:\Windows\System\gOnGmsG.exe
  C:\Windows\System\gOnGmsG.exe
  2⤵
  PID:820
- C:\Windows\System\pGCOPpz.exe
  C:\Windows\System\pGCOPpz.exe
  2⤵
  PID:9780
- C:\Windows\System\TRJxcVm.exe
  C:\Windows\System\TRJxcVm.exe
  2⤵
  PID:4324
- C:\Windows\System\dDWChHc.exe
  C:\Windows\System\dDWChHc.exe
  2⤵
  PID:1616
- C:\Windows\System\HbXjNWq.exe
  C:\Windows\System\HbXjNWq.exe
  2⤵
  PID:10056
- C:\Windows\System\EZvlKsz.exe
  C:\Windows\System\EZvlKsz.exe
  2⤵
  PID:5020
- C:\Windows\System\KXpbpER.exe
  C:\Windows\System\KXpbpER.exe
  2⤵
  PID:3304
- C:\Windows\System\GiuWweF.exe
  C:\Windows\System\GiuWweF.exe
  2⤵
  PID:4048
- C:\Windows\System\amwJJCK.exe
  C:\Windows\System\amwJJCK.exe
  2⤵
  PID:8940
- C:\Windows\System\YMZQKaH.exe
  C:\Windows\System\YMZQKaH.exe
  2⤵
  PID:10264
- C:\Windows\System\YGAYbHB.exe
  C:\Windows\System\YGAYbHB.exe
  2⤵
  PID:10292
- C:\Windows\System\KQYdTbt.exe
  C:\Windows\System\KQYdTbt.exe
  2⤵
  PID:10308
- C:\Windows\System\uPmWzdS.exe
  C:\Windows\System\uPmWzdS.exe
  2⤵
  PID:10336
- C:\Windows\System\rbIXISd.exe
  C:\Windows\System\rbIXISd.exe
  2⤵
  PID:10376
- C:\Windows\System\rFMAXld.exe
  C:\Windows\System\rFMAXld.exe
  2⤵
  PID:10396
- C:\Windows\System\srLWBwM.exe
  C:\Windows\System\srLWBwM.exe
  2⤵
  PID:10432
- C:\Windows\System\yHsEhsb.exe
  C:\Windows\System\yHsEhsb.exe
  2⤵
  PID:10464
- C:\Windows\System\QIrQRvQ.exe
  C:\Windows\System\QIrQRvQ.exe
  2⤵
  PID:10496
- C:\Windows\System\IlZvqHO.exe
  C:\Windows\System\IlZvqHO.exe
  2⤵
  PID:10524
- C:\Windows\System\kJmMGRn.exe
  C:\Windows\System\kJmMGRn.exe
  2⤵
  PID:10544
- C:\Windows\System\taVmzQN.exe
  C:\Windows\System\taVmzQN.exe
  2⤵
  PID:10572
- C:\Windows\System\azAnvjT.exe
  C:\Windows\System\azAnvjT.exe
  2⤵
  PID:10596
- C:\Windows\System\wiXltfy.exe
  C:\Windows\System\wiXltfy.exe
  2⤵
  PID:10648
- C:\Windows\System\ipdWygI.exe
  C:\Windows\System\ipdWygI.exe
  2⤵
  PID:10680
- C:\Windows\System\UbwLPWe.exe
  C:\Windows\System\UbwLPWe.exe
  2⤵
  PID:10712
- C:\Windows\System\niqYInd.exe
  C:\Windows\System\niqYInd.exe
  2⤵
  PID:10740
- C:\Windows\System\RkdZtQf.exe
  C:\Windows\System\RkdZtQf.exe
  2⤵
  PID:10768
- C:\Windows\System\qtwoCpg.exe
  C:\Windows\System\qtwoCpg.exe
  2⤵
  PID:10800
- C:\Windows\System\SQXGbwB.exe
  C:\Windows\System\SQXGbwB.exe
  2⤵
  PID:10836
- C:\Windows\System\DDfGeKO.exe
  C:\Windows\System\DDfGeKO.exe
  2⤵
  PID:10864
- C:\Windows\System\XFrCRpJ.exe
  C:\Windows\System\XFrCRpJ.exe
  2⤵
  PID:10892
- C:\Windows\System\OCQcqke.exe
  C:\Windows\System\OCQcqke.exe
  2⤵
  PID:10920
- C:\Windows\System\pffApXt.exe
  C:\Windows\System\pffApXt.exe
  2⤵
  PID:10936
- C:\Windows\System\NbTpbcA.exe
  C:\Windows\System\NbTpbcA.exe
  2⤵
  PID:10972
- C:\Windows\System\zJShsFb.exe
  C:\Windows\System\zJShsFb.exe
  2⤵
  PID:11008
- C:\Windows\System\VByaOke.exe
  C:\Windows\System\VByaOke.exe
  2⤵
  PID:11040
- C:\Windows\System\GYFKCSq.exe
  C:\Windows\System\GYFKCSq.exe
  2⤵
  PID:11068
- C:\Windows\System\pnrIhYa.exe
  C:\Windows\System\pnrIhYa.exe
  2⤵
  PID:11096
- C:\Windows\System\ILPPNtc.exe
  C:\Windows\System\ILPPNtc.exe
  2⤵
  PID:11136
- C:\Windows\System\JtVGjCh.exe
  C:\Windows\System\JtVGjCh.exe
  2⤵
  PID:11156
- C:\Windows\System\oyMgQiD.exe
  C:\Windows\System\oyMgQiD.exe
  2⤵
  PID:11184
- C:\Windows\System\VNCeMsm.exe
  C:\Windows\System\VNCeMsm.exe
  2⤵
  PID:11212
- C:\Windows\System\RiGgiEh.exe
  C:\Windows\System\RiGgiEh.exe
  2⤵
  PID:11240
- C:\Windows\System\ccOYjMw.exe
  C:\Windows\System\ccOYjMw.exe
  2⤵
  PID:10256
- C:\Windows\System\ZDOYPoa.exe
  C:\Windows\System\ZDOYPoa.exe
  2⤵
  PID:10304
- C:\Windows\System\CfIpDhT.exe
  C:\Windows\System\CfIpDhT.exe
  2⤵
  PID:10412
- C:\Windows\System\mMFDQle.exe
  C:\Windows\System\mMFDQle.exe
  2⤵
  PID:10456
- C:\Windows\System\ynSsfQV.exe
  C:\Windows\System\ynSsfQV.exe
  2⤵
  PID:10504
- C:\Windows\System\lqoSPEw.exe
  C:\Windows\System\lqoSPEw.exe
  2⤵
  PID:10584
- C:\Windows\System\FaUpurY.exe
  C:\Windows\System\FaUpurY.exe
  2⤵
  PID:10668
- C:\Windows\System\kIIddei.exe
  C:\Windows\System\kIIddei.exe
  2⤵
  PID:10692
- C:\Windows\System\MMcIPOk.exe
  C:\Windows\System\MMcIPOk.exe
  2⤵
  PID:2496
- C:\Windows\System\WzEymDh.exe
  C:\Windows\System\WzEymDh.exe
  2⤵
  PID:10852
- C:\Windows\System\HSCVynx.exe
  C:\Windows\System\HSCVynx.exe
  2⤵
  PID:10912
- C:\Windows\System\ynjuOTb.exe
  C:\Windows\System\ynjuOTb.exe
  2⤵
  PID:10956
- C:\Windows\System\YvSGjGk.exe
  C:\Windows\System\YvSGjGk.exe
  2⤵
  PID:11004
- C:\Windows\System\ADrrIEJ.exe
  C:\Windows\System\ADrrIEJ.exe
  2⤵
  PID:11080
- C:\Windows\System\rYLpyjS.exe
  C:\Windows\System\rYLpyjS.exe
  2⤵
  PID:5200
- C:\Windows\System\QGWqmnU.exe
  C:\Windows\System\QGWqmnU.exe
  2⤵
  PID:11152
- C:\Windows\System\CBgiEig.exe
  C:\Windows\System\CBgiEig.exe
  2⤵
  PID:11200
- C:\Windows\System\kXddvCd.exe
  C:\Windows\System\kXddvCd.exe
  2⤵
  PID:10288
- C:\Windows\System\CeNPWYc.exe
  C:\Windows\System\CeNPWYc.exe
  2⤵
  PID:10488
- C:\Windows\System\yLkIjmv.exe
  C:\Windows\System\yLkIjmv.exe
  2⤵
  PID:10636
- C:\Windows\System\hhHiKPy.exe
  C:\Windows\System\hhHiKPy.exe
  2⤵
  PID:10728
- C:\Windows\System\ZDWlgvO.exe
  C:\Windows\System\ZDWlgvO.exe
  2⤵
  PID:1172
- C:\Windows\System\ILjOvtB.exe
  C:\Windows\System\ILjOvtB.exe
  2⤵
  PID:10992
- C:\Windows\System\LoCNNyj.exe
  C:\Windows\System\LoCNNyj.exe
  2⤵
  PID:5632
- C:\Windows\System\EPoYZlR.exe
  C:\Windows\System\EPoYZlR.exe
  2⤵
  PID:11144
- C:\Windows\System\IHwqujZ.exe
  C:\Windows\System\IHwqujZ.exe
  2⤵
  PID:11176
- C:\Windows\System\aIzrNpZ.exe
  C:\Windows\System\aIzrNpZ.exe
  2⤵
  PID:10284
- C:\Windows\System\KdIbaeZ.exe
  C:\Windows\System\KdIbaeZ.exe
  2⤵
  PID:9232
- C:\Windows\System\kQSMeck.exe
  C:\Windows\System\kQSMeck.exe
  2⤵
  PID:5496
- C:\Windows\System\pYBplJW.exe
  C:\Windows\System\pYBplJW.exe
  2⤵
  PID:5564
- C:\Windows\System\GCzbWih.exe
  C:\Windows\System\GCzbWih.exe
  2⤵
  PID:5760
- C:\Windows\System\CbPsKyp.exe
  C:\Windows\System\CbPsKyp.exe
  2⤵
  PID:4944
- C:\Windows\System\vftkBTX.exe
  C:\Windows\System\vftkBTX.exe
  2⤵
  PID:4320
- C:\Windows\System\QRCORjW.exe
  C:\Windows\System\QRCORjW.exe
  2⤵
  PID:10948
- C:\Windows\System\KCFtEOW.exe
  C:\Windows\System\KCFtEOW.exe
  2⤵
  PID:10060
- C:\Windows\System\uSqmnVH.exe
  C:\Windows\System\uSqmnVH.exe
  2⤵
  PID:11128
- C:\Windows\System\GdVqbZo.exe
  C:\Windows\System\GdVqbZo.exe
  2⤵
  PID:4060
- C:\Windows\System\SNsayGu.exe
  C:\Windows\System\SNsayGu.exe
  2⤵
  PID:11284
- C:\Windows\System\jtqGFee.exe
  C:\Windows\System\jtqGFee.exe
  2⤵
  PID:11320
- C:\Windows\System\Rbepbir.exe
  C:\Windows\System\Rbepbir.exe
  2⤵
  PID:11348
- C:\Windows\System\UJhRERC.exe
  C:\Windows\System\UJhRERC.exe
  2⤵
  PID:11376
- C:\Windows\System\ngihFxJ.exe
  C:\Windows\System\ngihFxJ.exe
  2⤵
  PID:11408
- C:\Windows\System\JeVusPW.exe
  C:\Windows\System\JeVusPW.exe
  2⤵
  PID:11436
- C:\Windows\System\zzeFuyA.exe
  C:\Windows\System\zzeFuyA.exe
  2⤵
  PID:11488
- C:\Windows\System\WeuUmnZ.exe
  C:\Windows\System\WeuUmnZ.exe
  2⤵
  PID:11516
- C:\Windows\System\llahyXU.exe
  C:\Windows\System\llahyXU.exe
  2⤵
  PID:11544
- C:\Windows\System\ehoryzU.exe
  C:\Windows\System\ehoryzU.exe
  2⤵
  PID:11572
- C:\Windows\System\FlIriJw.exe
  C:\Windows\System\FlIriJw.exe
  2⤵
  PID:11600
- C:\Windows\System\hbMoSOT.exe
  C:\Windows\System\hbMoSOT.exe
  2⤵
  PID:11628
- C:\Windows\System\UGSFVdY.exe
  C:\Windows\System\UGSFVdY.exe
  2⤵
  PID:11644
- C:\Windows\System\BPWnFSx.exe
  C:\Windows\System\BPWnFSx.exe
  2⤵
  PID:11684
- C:\Windows\System\AdXlgCN.exe
  C:\Windows\System\AdXlgCN.exe
  2⤵
  PID:11712
- C:\Windows\System\xBRvmxS.exe
  C:\Windows\System\xBRvmxS.exe
  2⤵
  PID:11740
- C:\Windows\System\lUYLyTz.exe
  C:\Windows\System\lUYLyTz.exe
  2⤵
  PID:11760
- C:\Windows\System\OeogOYw.exe
  C:\Windows\System\OeogOYw.exe
  2⤵
  PID:11796
- C:\Windows\System\uwpSZQe.exe
  C:\Windows\System\uwpSZQe.exe
  2⤵
  PID:11820
- C:\Windows\System\lXbarVg.exe
  C:\Windows\System\lXbarVg.exe
  2⤵
  PID:11836
- C:\Windows\System\TttOIBg.exe
  C:\Windows\System\TttOIBg.exe
  2⤵
  PID:11868
- C:\Windows\System\TEGzpIc.exe
  C:\Windows\System\TEGzpIc.exe
  2⤵
  PID:11884
- C:\Windows\System\iEBqGnG.exe
  C:\Windows\System\iEBqGnG.exe
  2⤵
  PID:11924
- C:\Windows\System\FyZPcAO.exe
  C:\Windows\System\FyZPcAO.exe
  2⤵
  PID:11956
- C:\Windows\System\shkuSIQ.exe
  C:\Windows\System\shkuSIQ.exe
  2⤵
  PID:11980
- C:\Windows\System\HzqXVKr.exe
  C:\Windows\System\HzqXVKr.exe
  2⤵
  PID:12004
- C:\Windows\System\MQApzGK.exe
  C:\Windows\System\MQApzGK.exe
  2⤵
  PID:12036
- C:\Windows\System\sWsWGxY.exe
  C:\Windows\System\sWsWGxY.exe
  2⤵
  PID:12052
- C:\Windows\System\goiTYif.exe
  C:\Windows\System\goiTYif.exe
  2⤵
  PID:12076
- C:\Windows\System\YlqXPSO.exe
  C:\Windows\System\YlqXPSO.exe
  2⤵
  PID:12108
- C:\Windows\System\Ealepyf.exe
  C:\Windows\System\Ealepyf.exe
  2⤵
  PID:12136
- C:\Windows\System\ktFNqnI.exe
  C:\Windows\System\ktFNqnI.exe
  2⤵
  PID:12164
- C:\Windows\System\vLqQTbc.exe
  C:\Windows\System\vLqQTbc.exe
  2⤵
  PID:12208
- C:\Windows\System\lVAyatE.exe
  C:\Windows\System\lVAyatE.exe
  2⤵
  PID:12236
- C:\Windows\System\rdGCnNN.exe
  C:\Windows\System\rdGCnNN.exe
  2⤵
  PID:12276
- C:\Windows\System\FZSGqhP.exe
  C:\Windows\System\FZSGqhP.exe
  2⤵
  PID:5276
- C:\Windows\System\glMCNls.exe
  C:\Windows\System\glMCNls.exe
  2⤵
  PID:11340
- C:\Windows\System\XvZmcCd.exe
  C:\Windows\System\XvZmcCd.exe
  2⤵
  PID:5460
- C:\Windows\System\eOvuVWS.exe
  C:\Windows\System\eOvuVWS.exe
  2⤵
  PID:11444
- C:\Windows\System\iCfHaVy.exe
  C:\Windows\System\iCfHaVy.exe
  2⤵
  PID:5764
- C:\Windows\System\mtgkUPj.exe
  C:\Windows\System\mtgkUPj.exe
  2⤵
  PID:11396
- C:\Windows\System\WwbZsdM.exe
  C:\Windows\System\WwbZsdM.exe
  2⤵
  PID:11536
- C:\Windows\System\IIBWpXK.exe
  C:\Windows\System\IIBWpXK.exe
  2⤵
  PID:11596
- C:\Windows\System\nzuNInZ.exe
  C:\Windows\System\nzuNInZ.exe
  2⤵
  PID:11636
- C:\Windows\System\fUIisyW.exe
  C:\Windows\System\fUIisyW.exe
  2⤵
  PID:11708
- C:\Windows\System\rqlMxUC.exe
  C:\Windows\System\rqlMxUC.exe
  2⤵
  PID:11748
- C:\Windows\System\yUSNLRT.exe
  C:\Windows\System\yUSNLRT.exe
  2⤵
  PID:11808
- C:\Windows\System\EVHLKKe.exe
  C:\Windows\System\EVHLKKe.exe
  2⤵
  PID:11876
- C:\Windows\System\LPcURfL.exe
  C:\Windows\System\LPcURfL.exe
  2⤵
  PID:12072
- C:\Windows\System\uJEDBQi.exe
  C:\Windows\System\uJEDBQi.exe
  2⤵
  PID:12196
- C:\Windows\System\pSSStxc.exe
  C:\Windows\System\pSSStxc.exe
  2⤵
  PID:12260
- C:\Windows\System\obpHYck.exe
  C:\Windows\System\obpHYck.exe
  2⤵
  PID:11332
- C:\Windows\System\hhDfwHC.exe
  C:\Windows\System\hhDfwHC.exe
  2⤵
  PID:11428
- C:\Windows\System\xDJADwj.exe
  C:\Windows\System\xDJADwj.exe
  2⤵
  PID:11484
- C:\Windows\System\CIzhqXY.exe
  C:\Windows\System\CIzhqXY.exe
  2⤵
  PID:11528
- C:\Windows\System\lkqDSxz.exe
  C:\Windows\System\lkqDSxz.exe
  2⤵
  PID:11588
- C:\Windows\System\aoZiFdM.exe
  C:\Windows\System\aoZiFdM.exe
  2⤵
  PID:5772
- C:\Windows\System\INphgRF.exe
  C:\Windows\System\INphgRF.exe
  2⤵
  PID:6904
- C:\Windows\System\OHUstrW.exe
  C:\Windows\System\OHUstrW.exe
  2⤵
  PID:6976
- C:\Windows\System\nuszIcz.exe
  C:\Windows\System\nuszIcz.exe
  2⤵
  PID:7016
- C:\Windows\System\ZUjIgIA.exe
  C:\Windows\System\ZUjIgIA.exe
  2⤵
  PID:7088
- C:\Windows\System\DYgTQoD.exe
  C:\Windows\System\DYgTQoD.exe
  2⤵
  PID:5728
- C:\Windows\System\zkdytkU.exe
  C:\Windows\System\zkdytkU.exe
  2⤵
  PID:6280
- C:\Windows\System\MUvETdC.exe
  C:\Windows\System\MUvETdC.exe
  2⤵
  PID:2076
- C:\Windows\System\uScXKqJ.exe
  C:\Windows\System\uScXKqJ.exe
  2⤵
  PID:3104
- C:\Windows\System\RjyqXwO.exe
  C:\Windows\System\RjyqXwO.exe
  2⤵
  PID:6704
- C:\Windows\System\HcOiIyU.exe
  C:\Windows\System\HcOiIyU.exe
  2⤵
  PID:6776
- C:\Windows\System\aorxlal.exe
  C:\Windows\System\aorxlal.exe
  2⤵
  PID:11504
- C:\Windows\System\xalBBUH.exe
  C:\Windows\System\xalBBUH.exe
  2⤵
  PID:6668
- C:\Windows\System\CJUOfoZ.exe
  C:\Windows\System\CJUOfoZ.exe
  2⤵
  PID:11680
- C:\Windows\System\RoLQwPw.exe
  C:\Windows\System\RoLQwPw.exe
  2⤵
  PID:12152
- C:\Windows\System\GHQZMqQ.exe
  C:\Windows\System\GHQZMqQ.exe
  2⤵
  PID:12272
- C:\Windows\System\LhKEPxS.exe
  C:\Windows\System\LhKEPxS.exe
  2⤵
  PID:7124
- C:\Windows\System\tRyIVDp.exe
  C:\Windows\System\tRyIVDp.exe
  2⤵
  PID:6380
- C:\Windows\System\ScmcTwL.exe
  C:\Windows\System\ScmcTwL.exe
  2⤵
  PID:6800
- C:\Windows\System\cADvBFu.exe
  C:\Windows\System\cADvBFu.exe
  2⤵
  PID:7176
- C:\Windows\System\aRpFNBi.exe
  C:\Windows\System\aRpFNBi.exe
  2⤵
  PID:7344
- C:\Windows\System\EyjFgLZ.exe
  C:\Windows\System\EyjFgLZ.exe
  2⤵
  PID:7488
- C:\Windows\System\JDkblfA.exe
  C:\Windows\System\JDkblfA.exe
  2⤵
  PID:7580
- C:\Windows\System\IBDpzhF.exe
  C:\Windows\System\IBDpzhF.exe
  2⤵
  PID:7724
- C:\Windows\System\KHXpXPG.exe
  C:\Windows\System\KHXpXPG.exe
  2⤵
  PID:7880
- C:\Windows\System\uTxgDCi.exe
  C:\Windows\System\uTxgDCi.exe
  2⤵
  PID:7936
- C:\Windows\System\btKGlfl.exe
  C:\Windows\System\btKGlfl.exe
  2⤵
  PID:7984
- C:\Windows\System\KUTjsSW.exe
  C:\Windows\System\KUTjsSW.exe
  2⤵
  PID:8032
- C:\Windows\System\gPVkrad.exe
  C:\Windows\System\gPVkrad.exe
  2⤵
  PID:6892
- C:\Windows\System\UdYrJdW.exe
  C:\Windows\System\UdYrJdW.exe
  2⤵
  PID:5044
- C:\Windows\System\gqBTsHG.exe
  C:\Windows\System\gqBTsHG.exe
  2⤵
  PID:2344
- C:\Windows\System\hcZyPNq.exe
  C:\Windows\System\hcZyPNq.exe
  2⤵
  PID:1128
- C:\Windows\System\OonFLuR.exe
  C:\Windows\System\OonFLuR.exe
  2⤵
  PID:2940
- C:\Windows\System\xHHNXTL.exe
  C:\Windows\System\xHHNXTL.exe
  2⤵
  PID:2244
- C:\Windows\System\likzTtf.exe
  C:\Windows\System\likzTtf.exe
  2⤵
  PID:1212
- C:\Windows\System\fcpBMmu.exe
  C:\Windows\System\fcpBMmu.exe
  2⤵
  PID:240
- C:\Windows\System\sBTcWOi.exe
  C:\Windows\System\sBTcWOi.exe
  2⤵
  PID:2256
- C:\Windows\System\sXvVDcO.exe
  C:\Windows\System\sXvVDcO.exe
  2⤵
  PID:720
- C:\Windows\System\JZSnjve.exe
  C:\Windows\System\JZSnjve.exe
  2⤵
  PID:2200
- C:\Windows\System\GFegjgN.exe
  C:\Windows\System\GFegjgN.exe
  2⤵
  PID:5944
- C:\Windows\System\XYKxfjC.exe
  C:\Windows\System\XYKxfjC.exe
  2⤵
  PID:2036
- C:\Windows\System\pKJpznV.exe
  C:\Windows\System\pKJpznV.exe
  2⤵
  PID:5240
- C:\Windows\System\UaOccSl.exe
  C:\Windows\System\UaOccSl.exe
  2⤵
  PID:5268
- C:\Windows\System\kqTxlEP.exe
  C:\Windows\System\kqTxlEP.exe
  2⤵
  PID:880
- C:\Windows\System\pIhjWSR.exe
  C:\Windows\System\pIhjWSR.exe
  2⤵
  PID:5324
- C:\Windows\System\YbkEOpE.exe
  C:\Windows\System\YbkEOpE.exe
  2⤵
  PID:6596
- C:\Windows\System\KGUfWDo.exe
  C:\Windows\System\KGUfWDo.exe
  2⤵
  PID:7328
- C:\Windows\System\vegyDib.exe
  C:\Windows\System\vegyDib.exe
  2⤵
  PID:7024
- C:\Windows\System\hjEZfkC.exe
  C:\Windows\System\hjEZfkC.exe
  2⤵
  PID:6728
- C:\Windows\System\FoDzolE.exe
  C:\Windows\System\FoDzolE.exe
  2⤵
  PID:7244
- C:\Windows\System\aqqOrAx.exe
  C:\Windows\System\aqqOrAx.exe
  2⤵
  PID:7260
- C:\Windows\System\JIOpfaa.exe
  C:\Windows\System\JIOpfaa.exe
  2⤵
  PID:7696
- C:\Windows\System\DOwaWuZ.exe
  C:\Windows\System\DOwaWuZ.exe
  2⤵
  PID:7808
- C:\Windows\System\tEbtTpI.exe
  C:\Windows\System\tEbtTpI.exe
  2⤵
  PID:8100
- C:\Windows\System\bCRzIsd.exe
  C:\Windows\System\bCRzIsd.exe
  2⤵
  PID:6988
- C:\Windows\System\nazBJvI.exe
  C:\Windows\System\nazBJvI.exe
  2⤵
  PID:4672
- C:\Windows\System\wiwvJcN.exe
  C:\Windows\System\wiwvJcN.exe
  2⤵
  PID:5700
- C:\Windows\System\AgNTorJ.exe
  C:\Windows\System\AgNTorJ.exe
  2⤵
  PID:932
- C:\Windows\System\czgSxdK.exe
  C:\Windows\System\czgSxdK.exe
  2⤵
  PID:5784
- C:\Windows\System\ihUZXrX.exe
  C:\Windows\System\ihUZXrX.exe
  2⤵
  PID:5884
- C:\Windows\System\xHZiUGW.exe
  C:\Windows\System\xHZiUGW.exe
  2⤵
  PID:2008
- C:\Windows\System\edayAkO.exe
  C:\Windows\System\edayAkO.exe
  2⤵
  PID:5968
- C:\Windows\System\WtHRfvp.exe
  C:\Windows\System\WtHRfvp.exe
  2⤵
  PID:5996
- C:\Windows\System\LMbVXyf.exe
  C:\Windows\System\LMbVXyf.exe
  2⤵
  PID:11472
- C:\Windows\System\Fgrvlbx.exe
  C:\Windows\System\Fgrvlbx.exe
  2⤵
  PID:5256
- C:\Windows\System\KhUcDYM.exe
  C:\Windows\System\KhUcDYM.exe
  2⤵
  PID:11420
- C:\Windows\System\vzoDHcE.exe
  C:\Windows\System\vzoDHcE.exe
  2⤵
  PID:5396
- C:\Windows\System\IfKhWzC.exe
  C:\Windows\System\IfKhWzC.exe
  2⤵
  PID:7048
- C:\Windows\System\jkkEVwh.exe
  C:\Windows\System\jkkEVwh.exe
  2⤵
  PID:7028
- C:\Windows\System\yuOhDfB.exe
  C:\Windows\System\yuOhDfB.exe
  2⤵
  PID:5592
- C:\Windows\System\ZUwMoOL.exe
  C:\Windows\System\ZUwMoOL.exe
  2⤵
  PID:5604
- C:\Windows\System\pQegZkX.exe
  C:\Windows\System\pQegZkX.exe
  2⤵
  PID:5132
- C:\Windows\System\BRxRhOQ.exe
  C:\Windows\System\BRxRhOQ.exe
  2⤵
  PID:5236
- C:\Windows\System\DyfMrFp.exe
  C:\Windows\System\DyfMrFp.exe
  2⤵
  PID:3780
- C:\Windows\System\zvkclve.exe
  C:\Windows\System\zvkclve.exe
  2⤵
  PID:3040
- C:\Windows\System\eWnueQN.exe
  C:\Windows\System\eWnueQN.exe
  2⤵
  PID:7680
- C:\Windows\System\eagkvzs.exe
  C:\Windows\System\eagkvzs.exe
  2⤵
  PID:6068
- C:\Windows\System\IyZZTqR.exe
  C:\Windows\System\IyZZTqR.exe
  2⤵
  PID:7096
- C:\Windows\System\CjEBLsD.exe
  C:\Windows\System\CjEBLsD.exe
  2⤵
  PID:1668
- C:\Windows\System\xWGbgXj.exe
  C:\Windows\System\xWGbgXj.exe
  2⤵
  PID:5716
- C:\Windows\System\PZhDJJN.exe
  C:\Windows\System\PZhDJJN.exe
  2⤵
  PID:968
- C:\Windows\System\ziqjGdl.exe
  C:\Windows\System\ziqjGdl.exe
  2⤵
  PID:6084
- C:\Windows\System\FfHervR.exe
  C:\Windows\System\FfHervR.exe
  2⤵
  PID:7556
- C:\Windows\System\WtwHMAq.exe
  C:\Windows\System\WtwHMAq.exe
  2⤵
  PID:544
- C:\Windows\System\rWBoTUi.exe
  C:\Windows\System\rWBoTUi.exe
  2⤵
  PID:5456
- C:\Windows\System\NoamKJe.exe
  C:\Windows\System\NoamKJe.exe
  2⤵
  PID:1204
- C:\Windows\System\puFaknG.exe
  C:\Windows\System\puFaknG.exe
  2⤵
  PID:7276
- C:\Windows\System\WKydSAL.exe
  C:\Windows\System\WKydSAL.exe
  2⤵
  PID:5816
- C:\Windows\System\JqgkYle.exe
  C:\Windows\System\JqgkYle.exe
  2⤵
  PID:5888
- C:\Windows\System\JYbDBsD.exe
  C:\Windows\System\JYbDBsD.exe
  2⤵
  PID:12312
- C:\Windows\System\NSdvFTi.exe
  C:\Windows\System\NSdvFTi.exe
  2⤵
  PID:12340
- C:\Windows\System\doGHNAS.exe
  C:\Windows\System\doGHNAS.exe
  2⤵
  PID:12368
- C:\Windows\System\cVfAYfB.exe
  C:\Windows\System\cVfAYfB.exe
  2⤵
  PID:12396
- C:\Windows\System\tUkWAMG.exe
  C:\Windows\System\tUkWAMG.exe
  2⤵
  PID:12424
- C:\Windows\System\xtJasvV.exe
  C:\Windows\System\xtJasvV.exe
  2⤵
  PID:12452
- C:\Windows\System\IfOODdM.exe
  C:\Windows\System\IfOODdM.exe
  2⤵
  PID:12480
- C:\Windows\System\FNxwliv.exe
  C:\Windows\System\FNxwliv.exe
  2⤵
  PID:12508
- C:\Windows\System\ejAanfR.exe
  C:\Windows\System\ejAanfR.exe
  2⤵
  PID:12536
- C:\Windows\System\TqDZTUZ.exe
  C:\Windows\System\TqDZTUZ.exe
  2⤵
  PID:12564
- C:\Windows\System\WmYUmVA.exe
  C:\Windows\System\WmYUmVA.exe
  2⤵
  PID:12592
- C:\Windows\System\nsNjCGE.exe
  C:\Windows\System\nsNjCGE.exe
  2⤵
  PID:12620
- C:\Windows\System\NoKASAC.exe
  C:\Windows\System\NoKASAC.exe
  2⤵
  PID:12648
- C:\Windows\System\itHOjeN.exe
  C:\Windows\System\itHOjeN.exe
  2⤵
  PID:12680
- C:\Windows\System\ztXRKJW.exe
  C:\Windows\System\ztXRKJW.exe
  2⤵
  PID:12708
- C:\Windows\System\sLNreQY.exe
  C:\Windows\System\sLNreQY.exe
  2⤵
  PID:12740
- C:\Windows\System\RUqOpPm.exe
  C:\Windows\System\RUqOpPm.exe
  2⤵
  PID:12768
- C:\Windows\System\rBxSgTJ.exe
  C:\Windows\System\rBxSgTJ.exe
  2⤵
  PID:12796
- C:\Windows\System\EOOMsJD.exe
  C:\Windows\System\EOOMsJD.exe
  2⤵
  PID:12824
- C:\Windows\System\jkSXIXG.exe
  C:\Windows\System\jkSXIXG.exe
  2⤵
  PID:12852
- C:\Windows\System\fWJujit.exe
  C:\Windows\System\fWJujit.exe
  2⤵
  PID:12880
- C:\Windows\System\FEhrYHx.exe
  C:\Windows\System\FEhrYHx.exe
  2⤵
  PID:12908
- C:\Windows\System\Ajbjqrr.exe
  C:\Windows\System\Ajbjqrr.exe
  2⤵
  PID:12936
- C:\Windows\System\eZqFTmp.exe
  C:\Windows\System\eZqFTmp.exe
  2⤵
  PID:12964
- C:\Windows\System\DKlYeVX.exe
  C:\Windows\System\DKlYeVX.exe
  2⤵
  PID:12992
- C:\Windows\System\aWmOpWs.exe
  C:\Windows\System\aWmOpWs.exe
  2⤵
  PID:13020
- C:\Windows\System\pPFNuPl.exe
  C:\Windows\System\pPFNuPl.exe
  2⤵
  PID:13048
- C:\Windows\System\eBlAHMi.exe
  C:\Windows\System\eBlAHMi.exe
  2⤵
  PID:13076
- C:\Windows\System\sCEPNwK.exe
  C:\Windows\System\sCEPNwK.exe
  2⤵
  PID:13104
- C:\Windows\System\vFYQQFO.exe
  C:\Windows\System\vFYQQFO.exe
  2⤵
  PID:13132
- C:\Windows\System\ZjBiVod.exe
  C:\Windows\System\ZjBiVod.exe
  2⤵
  PID:13160
- C:\Windows\System\ZInSCTz.exe
  C:\Windows\System\ZInSCTz.exe
  2⤵
  PID:13188
- C:\Windows\System\ZwLxRIH.exe
  C:\Windows\System\ZwLxRIH.exe
  2⤵
  PID:13216
- C:\Windows\System\pDBrsaJ.exe
  C:\Windows\System\pDBrsaJ.exe
  2⤵
  PID:13244
- C:\Windows\System\yDmkuoC.exe
  C:\Windows\System\yDmkuoC.exe
  2⤵
  PID:13272
- C:\Windows\System\hmRveAR.exe
  C:\Windows\System\hmRveAR.exe
  2⤵
  PID:13300
- C:\Windows\System\FKakZtd.exe
  C:\Windows\System\FKakZtd.exe
  2⤵
  PID:12308
- C:\Windows\System\xrXDeCJ.exe
  C:\Windows\System\xrXDeCJ.exe
  2⤵
  PID:12380
- C:\Windows\System\wSMpCyH.exe
  C:\Windows\System\wSMpCyH.exe
  2⤵
  PID:6220
- C:\Windows\System\NvYgQtY.exe
  C:\Windows\System\NvYgQtY.exe
  2⤵
  PID:6264
- C:\Windows\System\zWQikde.exe
  C:\Windows\System\zWQikde.exe
  2⤵
  PID:12500
- C:\Windows\System\fRGLgOz.exe
  C:\Windows\System\fRGLgOz.exe
  2⤵
  PID:12548
- C:\Windows\System\ecDocGf.exe
  C:\Windows\System\ecDocGf.exe
  2⤵
  PID:12588
- C:\Windows\System\rtuKIUk.exe
  C:\Windows\System\rtuKIUk.exe
  2⤵
  PID:6388
- C:\Windows\System\ymnQSbQ.exe
  C:\Windows\System\ymnQSbQ.exe
  2⤵
  PID:8236
- C:\Windows\System\WIoEdEV.exe
  C:\Windows\System\WIoEdEV.exe
  2⤵
  PID:12728
- C:\Windows\System\StpjVHm.exe
  C:\Windows\System\StpjVHm.exe
  2⤵
  PID:12780
- C:\Windows\System\FQaHJIU.exe
  C:\Windows\System\FQaHJIU.exe
  2⤵
  PID:12808
- C:\Windows\System\MvxoJRL.exe
  C:\Windows\System\MvxoJRL.exe
  2⤵
  PID:12844
- C:\Windows\System\pyohJih.exe
  C:\Windows\System\pyohJih.exe
  2⤵
  PID:12896
- C:\Windows\System\TEZeWbK.exe
  C:\Windows\System\TEZeWbK.exe
  2⤵
  PID:12956
- C:\Windows\System\razxehD.exe
  C:\Windows\System\razxehD.exe
  2⤵
  PID:13016
- C:\Windows\System\AnGNapS.exe
  C:\Windows\System\AnGNapS.exe
  2⤵
  PID:13072
- C:\Windows\System\rfxncUd.exe
  C:\Windows\System\rfxncUd.exe
  2⤵
  PID:6712
- C:\Windows\System\wGszpEc.exe
  C:\Windows\System\wGszpEc.exe
  2⤵
  PID:6724
- C:\Windows\System\NjTBKJl.exe
  C:\Windows\System\NjTBKJl.exe
  2⤵
  PID:6780
- C:\Windows\System\BQRZsWP.exe
  C:\Windows\System\BQRZsWP.exe
  2⤵
  PID:6792
- C:\Windows\System\ZeyEWUR.exe
  C:\Windows\System\ZeyEWUR.exe
  2⤵
  PID:12360
- C:\Windows\System\JoZTHda.exe
  C:\Windows\System\JoZTHda.exe
  2⤵
  PID:6276
- C:\Windows\System\nfilaKx.exe
  C:\Windows\System\nfilaKx.exe
  2⤵
  PID:12632
- C:\Windows\System\DOJgAYz.exe
  C:\Windows\System\DOJgAYz.exe
  2⤵
  PID:6460
- C:\Windows\System\xVbwkmO.exe
  C:\Windows\System\xVbwkmO.exe
  2⤵
  PID:13044
- C:\Windows\System\whmSzSH.exe
  C:\Windows\System\whmSzSH.exe
  2⤵
  PID:13152
- C:\Windows\System\FYEoYMy.exe
  C:\Windows\System\FYEoYMy.exe
  2⤵
  PID:6292
- C:\Windows\System\NLGAhBa.exe
  C:\Windows\System\NLGAhBa.exe
  2⤵
  PID:6444
- C:\Windows\System\RiTHIJr.exe
  C:\Windows\System\RiTHIJr.exe
  2⤵
  PID:12924
- C:\Windows\System\BPzgNQd.exe
  C:\Windows\System\BPzgNQd.exe
  2⤵
  PID:6344
- C:\Windows\System\AdICHHX.exe
  C:\Windows\System\AdICHHX.exe
  2⤵
  PID:6484
- C:\Windows\System\tjrqDjx.exe
  C:\Windows\System\tjrqDjx.exe
  2⤵
  PID:6628
- C:\Windows\System\qpyEFda.exe
  C:\Windows\System\qpyEFda.exe
  2⤵
  PID:6456
- C:\Windows\System\icAVBMg.exe
  C:\Windows\System\icAVBMg.exe
  2⤵
  PID:6744
- C:\Windows\System\yBxzGrG.exe
  C:\Windows\System\yBxzGrG.exe
  2⤵
  PID:13352
- C:\Windows\System\HlqtpmS.exe
  C:\Windows\System\HlqtpmS.exe
  2⤵
  PID:13368
- C:\Windows\System\rGBbbxk.exe
  C:\Windows\System\rGBbbxk.exe
  2⤵
  PID:13396
- C:\Windows\System\oqKDXRf.exe
  C:\Windows\System\oqKDXRf.exe
  2⤵
  PID:13424
- C:\Windows\System\dAjpfFp.exe
  C:\Windows\System\dAjpfFp.exe
  2⤵
  PID:13452
- C:\Windows\System\oMgyEQY.exe
  C:\Windows\System\oMgyEQY.exe
  2⤵
  PID:13480
- C:\Windows\System\vCxrxFG.exe
  C:\Windows\System\vCxrxFG.exe
  2⤵
  PID:13508
- C:\Windows\System\YjFFeJg.exe
  C:\Windows\System\YjFFeJg.exe
  2⤵
  PID:13536
- C:\Windows\System\niXWFTu.exe
  C:\Windows\System\niXWFTu.exe
  2⤵
  PID:13564
- C:\Windows\System\gfviRzh.exe
  C:\Windows\System\gfviRzh.exe
  2⤵
  PID:13592
- C:\Windows\System\PzbnIOG.exe
  C:\Windows\System\PzbnIOG.exe
  2⤵
  PID:13620
- C:\Windows\System\KpkOaDJ.exe
  C:\Windows\System\KpkOaDJ.exe
  2⤵
  PID:13648
- C:\Windows\System\HFcBsak.exe
  C:\Windows\System\HFcBsak.exe
  2⤵
  PID:13676
- C:\Windows\System\MFgwswS.exe
  C:\Windows\System\MFgwswS.exe
  2⤵
  PID:13704
- C:\Windows\System\kWbZYvs.exe
  C:\Windows\System\kWbZYvs.exe
  2⤵
  PID:13732
- C:\Windows\System\JKSryXd.exe
  C:\Windows\System\JKSryXd.exe
  2⤵
  PID:13760
- C:\Windows\System\wdbWNGF.exe
  C:\Windows\System\wdbWNGF.exe
  2⤵
  PID:13788
- C:\Windows\System\BVfCVAF.exe
  C:\Windows\System\BVfCVAF.exe
  2⤵
  PID:13816
- C:\Windows\System\zCMyqhM.exe
  C:\Windows\System\zCMyqhM.exe
  2⤵
  PID:13832
- C:\Windows\System\DartsYH.exe
  C:\Windows\System\DartsYH.exe
  2⤵
  PID:13872
- C:\Windows\System\YJeHkGH.exe
  C:\Windows\System\YJeHkGH.exe
  2⤵
  PID:13900
- C:\Windows\System\tPssjsy.exe
  C:\Windows\System\tPssjsy.exe
  2⤵
  PID:13928
- C:\Windows\System\beJnRSG.exe
  C:\Windows\System\beJnRSG.exe
  2⤵
  PID:13956
- C:\Windows\System\nyuVOLo.exe
  C:\Windows\System\nyuVOLo.exe
  2⤵
  PID:13984
- C:\Windows\System\xpoROSR.exe
  C:\Windows\System\xpoROSR.exe
  2⤵
  PID:14012
- C:\Windows\System\rVeRgJQ.exe
  C:\Windows\System\rVeRgJQ.exe
  2⤵
  PID:14040
- C:\Windows\System\cGRkzoQ.exe
  C:\Windows\System\cGRkzoQ.exe
  2⤵
  PID:14076
- C:\Windows\System\TPeHYCj.exe
  C:\Windows\System\TPeHYCj.exe
  2⤵
  PID:14108
- C:\Windows\System\BHJiyGH.exe
  C:\Windows\System\BHJiyGH.exe
  2⤵
  PID:14136
- C:\Windows\System\FugWyvS.exe
  C:\Windows\System\FugWyvS.exe
  2⤵
  PID:14164
- C:\Windows\System\QWgUSsA.exe
  C:\Windows\System\QWgUSsA.exe
  2⤵
  PID:14208
- C:\Windows\System\UVvvLBF.exe
  C:\Windows\System\UVvvLBF.exe
  2⤵
  PID:14224
- C:\Windows\System\vFjFuhv.exe
  C:\Windows\System\vFjFuhv.exe
  2⤵
  PID:14252
- C:\Windows\System\wMYenqm.exe
  C:\Windows\System\wMYenqm.exe
  2⤵
  PID:14280
- C:\Windows\System\naQbiGG.exe
  C:\Windows\System\naQbiGG.exe
  2⤵
  PID:14308
- C:\Windows\System\TgeTBiM.exe
  C:\Windows\System\TgeTBiM.exe
  2⤵
  PID:6560
- C:\Windows\System\IQcDAGq.exe
  C:\Windows\System\IQcDAGq.exe
  2⤵
  PID:13364
- C:\Windows\System\jqSnZIE.exe
  C:\Windows\System\jqSnZIE.exe
  2⤵
  PID:13416
- C:\Windows\System\ymMjvsN.exe
  C:\Windows\System\ymMjvsN.exe
  2⤵
  PID:13476
- C:\Windows\System\DzxLuAc.exe
  C:\Windows\System\DzxLuAc.exe
  2⤵
  PID:13548
- C:\Windows\System\HvlyrTF.exe
  C:\Windows\System\HvlyrTF.exe
  2⤵
  PID:13616
- C:\Windows\System\NcDPARr.exe
  C:\Windows\System\NcDPARr.exe
  2⤵
  PID:13644
- C:\Windows\System\wYDvNxk.exe
  C:\Windows\System\wYDvNxk.exe
  2⤵
  PID:13716
- C:\Windows\System\pEKXKUz.exe
  C:\Windows\System\pEKXKUz.exe
  2⤵
  PID:13780
- C:\Windows\System\QAbMHah.exe
  C:\Windows\System\QAbMHah.exe
  2⤵
  PID:13844
- C:\Windows\System\OPwlpGU.exe
  C:\Windows\System\OPwlpGU.exe
  2⤵
  PID:13896
- C:\Windows\System\YwXAzDF.exe
  C:\Windows\System\YwXAzDF.exe
  2⤵
  PID:10020
- C:\Windows\System\ivUiQXv.exe
  C:\Windows\System\ivUiQXv.exe
  2⤵
  PID:13968
- C:\Windows\System\MFnEGfN.exe
  C:\Windows\System\MFnEGfN.exe
  2⤵
  PID:14024
- C:\Windows\System\zgCQAHM.exe
  C:\Windows\System\zgCQAHM.exe
  2⤵
  PID:14072
- C:\Windows\System\bnwetKh.exe
  C:\Windows\System\bnwetKh.exe
  2⤵
  PID:14148
- C:\Windows\System\ZLvXtvQ.exe
  C:\Windows\System\ZLvXtvQ.exe
  2⤵
  PID:14244
- C:\Windows\System\UmcEnUT.exe
  C:\Windows\System\UmcEnUT.exe
  2⤵
  PID:14276
- C:\Windows\System\POutdAg.exe
  C:\Windows\System\POutdAg.exe
  2⤵
  PID:14332
- C:\Windows\System\QeJIygJ.exe
  C:\Windows\System\QeJIygJ.exe
  2⤵
  PID:13464
- C:\Windows\System\mMSjaTx.exe
  C:\Windows\System\mMSjaTx.exe
  2⤵
  PID:640
- C:\Windows\System\klzXQtr.exe
  C:\Windows\System\klzXQtr.exe
  2⤵
  PID:13700
- C:\Windows\System\DLNbyiY.exe
  C:\Windows\System\DLNbyiY.exe
  2⤵
  PID:13868
- C:\Windows\System\blAEzgw.exe
  C:\Windows\System\blAEzgw.exe
  2⤵
  PID:13948
- C:\Windows\System\PhXJpYO.exe
  C:\Windows\System\PhXJpYO.exe
  2⤵
  PID:10216
- C:\Windows\System\HGHvjuA.exe
  C:\Windows\System\HGHvjuA.exe
  2⤵
  PID:14176
- C:\Windows\System\tEYOiYy.exe
  C:\Windows\System\tEYOiYy.exe
  2⤵
  PID:12148
- C:\Windows\System\HzzbtDq.exe
  C:\Windows\System\HzzbtDq.exe
  2⤵
  PID:13408
- C:\Windows\System\VxveIrk.exe
  C:\Windows\System\VxveIrk.exe
  2⤵
  PID:13756
- C:\Windows\System\VdEiOBK.exe
  C:\Windows\System\VdEiOBK.exe
  2⤵
  PID:12096
- C:\Windows\System\AvJSVti.exe
  C:\Windows\System\AvJSVti.exe
  2⤵
  PID:11948
- C:\Windows\System\cJOBSrL.exe
  C:\Windows\System\cJOBSrL.exe
  2⤵
  PID:4880
- C:\Windows\System\jFnqxeC.exe
  C:\Windows\System\jFnqxeC.exe
  2⤵
  PID:10232
- C:\Windows\System\TRVkvDw.exe
  C:\Windows\System\TRVkvDw.exe
  2⤵
  PID:6840
- C:\Windows\System\UUlJvGV.exe
  C:\Windows\System\UUlJvGV.exe
  2⤵
  PID:12020
- C:\Windows\System\joonsXu.exe
  C:\Windows\System\joonsXu.exe
  2⤵
  PID:2016
- C:\Windows\System\ItDmkoe.exe
  C:\Windows\System\ItDmkoe.exe
  2⤵
  PID:14320
- C:\Windows\System\QPcUkeZ.exe
  C:\Windows\System\QPcUkeZ.exe
  2⤵
  PID:4500
- C:\Windows\System\nTCnHuH.exe
  C:\Windows\System\nTCnHuH.exe
  2⤵
  PID:14340
- C:\Windows\System\hFIJcac.exe
  C:\Windows\System\hFIJcac.exe
  2⤵
  PID:14368
- C:\Windows\System\pvIJMCi.exe
  C:\Windows\System\pvIJMCi.exe
  2⤵
  PID:14408
- C:\Windows\System\kvmhiBC.exe
  C:\Windows\System\kvmhiBC.exe
  2⤵
  PID:14452
- C:\Windows\System\aOmukDX.exe
  C:\Windows\System\aOmukDX.exe
  2⤵
  PID:14480
- C:\Windows\System\HWWNONS.exe
  C:\Windows\System\HWWNONS.exe
  2⤵
  PID:14508
- C:\Windows\System\lCWUsTm.exe
  C:\Windows\System\lCWUsTm.exe
  2⤵
  PID:14536
- C:\Windows\System\IMvDQiW.exe
  C:\Windows\System\IMvDQiW.exe
  2⤵
  PID:14564
- C:\Windows\System\rFKHdOR.exe
  C:\Windows\System\rFKHdOR.exe
  2⤵
  PID:14596
- C:\Windows\System\GFpmbNQ.exe
  C:\Windows\System\GFpmbNQ.exe
  2⤵
  PID:14624
- C:\Windows\System\zJfVaab.exe
  C:\Windows\System\zJfVaab.exe
  2⤵
  PID:14652
- C:\Windows\System\CKAVkjm.exe
  C:\Windows\System\CKAVkjm.exe
  2⤵
  PID:14668
- C:\Windows\System\cXOagZa.exe
  C:\Windows\System\cXOagZa.exe
  2⤵
  PID:14700
- C:\Windows\System\SHpIjBk.exe
  C:\Windows\System\SHpIjBk.exe
  2⤵
  PID:14724
- C:\Windows\System\VeZCFaK.exe
  C:\Windows\System\VeZCFaK.exe
  2⤵
  PID:14748
- C:\Windows\System\qGggZjl.exe
  C:\Windows\System\qGggZjl.exe
  2⤵
  PID:14772
- C:\Windows\System\LXqHcQX.exe
  C:\Windows\System\LXqHcQX.exe
  2⤵
  PID:14824
- C:\Windows\System\oRjNejb.exe
  C:\Windows\System\oRjNejb.exe
  2⤵
  PID:14848
- C:\Windows\System\yjiOKWY.exe
  C:\Windows\System\yjiOKWY.exe
  2⤵
  PID:14876
- C:\Windows\System\MEuMXaX.exe
  C:\Windows\System\MEuMXaX.exe
  2⤵
  PID:14900
- C:\Windows\System\TJZIPyS.exe
  C:\Windows\System\TJZIPyS.exe
  2⤵
  PID:14940
- C:\Windows\System\bduaQuh.exe
  C:\Windows\System\bduaQuh.exe
  2⤵
  PID:14968
- C:\Windows\System\MkxfxHt.exe
  C:\Windows\System\MkxfxHt.exe
  2⤵
  PID:14996
- C:\Windows\System\iqZqlpm.exe
  C:\Windows\System\iqZqlpm.exe
  2⤵
  PID:15032
- C:\Windows\System\UPRUfuB.exe
  C:\Windows\System\UPRUfuB.exe
  2⤵
  PID:15060
- C:\Windows\System\mfrgjiN.exe
  C:\Windows\System\mfrgjiN.exe
  2⤵
  PID:15088
- C:\Windows\System\ZaYzWAe.exe
  C:\Windows\System\ZaYzWAe.exe
  2⤵
  PID:15116
- C:\Windows\System\UznhKUr.exe
  C:\Windows\System\UznhKUr.exe
  2⤵
  PID:15144
- C:\Windows\System\qdkNLyw.exe
  C:\Windows\System\qdkNLyw.exe
  2⤵
  PID:15172
- C:\Windows\System\mpJXnXU.exe
  C:\Windows\System\mpJXnXU.exe
  2⤵
  PID:15200
- C:\Windows\System\YqeWIRp.exe
  C:\Windows\System\YqeWIRp.exe
  2⤵
  PID:15228
- C:\Windows\System\OknYybP.exe
  C:\Windows\System\OknYybP.exe
  2⤵
  PID:15256
- C:\Windows\System\WvpzAzK.exe
  C:\Windows\System\WvpzAzK.exe
  2⤵
  PID:15284
- C:\Windows\System\QaZRpeI.exe
  C:\Windows\System\QaZRpeI.exe
  2⤵
  PID:15312
- C:\Windows\System\iAqsyVt.exe
  C:\Windows\System\iAqsyVt.exe
  2⤵
  PID:15340
- C:\Windows\System\EfgJZTO.exe
  C:\Windows\System\EfgJZTO.exe
  2⤵
  PID:9872
- C:\Windows\System\tuWFjXN.exe
  C:\Windows\System\tuWFjXN.exe
  2⤵
  PID:14404
- C:\Windows\System\pCCLAxs.exe
  C:\Windows\System\pCCLAxs.exe
  2⤵
  PID:14464
- C:\Windows\System\INcexea.exe
  C:\Windows\System\INcexea.exe
  2⤵
  PID:14500
- C:\Windows\System\hCqTSaO.exe
  C:\Windows\System\hCqTSaO.exe
  2⤵
  PID:8184
- C:\Windows\System\IMfGFeX.exe
  C:\Windows\System\IMfGFeX.exe
  2⤵
  PID:14592
- C:\Windows\System\nfAtERG.exe
  C:\Windows\System\nfAtERG.exe
  2⤵
  PID:14644
- C:\Windows\System\QoVfPCd.exe
  C:\Windows\System\QoVfPCd.exe
  2⤵
  PID:14708
- C:\Windows\System\cmCBZYf.exe
  C:\Windows\System\cmCBZYf.exe
  2⤵
  PID:14736
- C:\Windows\System\FCRnOle.exe
  C:\Windows\System\FCRnOle.exe
  2⤵
  PID:14816
- C:\Windows\System\LdZaZWD.exe
  C:\Windows\System\LdZaZWD.exe
  2⤵
  PID:14856
- C:\Windows\System\rtjNeQP.exe
  C:\Windows\System\rtjNeQP.exe
  2⤵
  PID:7396
- C:\Windows\System\zRImTCV.exe
  C:\Windows\System\zRImTCV.exe
  2⤵
  PID:14936
- C:\Windows\System\iztkVtF.exe
  C:\Windows\System\iztkVtF.exe
  2⤵
  PID:14988
- C:\Windows\System\Cnwpxzy.exe
  C:\Windows\System\Cnwpxzy.exe
  2⤵
  PID:15028
- C:\Windows\System\POmORST.exe
  C:\Windows\System\POmORST.exe
  2⤵
  PID:15084
- C:\Windows\System\XEKxNMn.exe
  C:\Windows\System\XEKxNMn.exe
  2⤵
  PID:15128
- C:\Windows\System\INFaQqH.exe
  C:\Windows\System\INFaQqH.exe
  2⤵
  PID:15168
- C:\Windows\System\DtlhykV.exe
  C:\Windows\System\DtlhykV.exe
  2⤵
  PID:15220
- C:\Windows\System\THGlRMh.exe
  C:\Windows\System\THGlRMh.exe
  2⤵
  PID:15280
- C:\Windows\System\pYpNOIq.exe
  C:\Windows\System\pYpNOIq.exe
  2⤵
  PID:14584
- C:\Windows\System\svUpqaA.exe
  C:\Windows\System\svUpqaA.exe
  2⤵
  PID:12044
- C:\Windows\System\bTNPpvn.exe
  C:\Windows\System\bTNPpvn.exe
  2⤵
  PID:8132
- C:\Windows\System\UUWpVQy.exe
  C:\Windows\System\UUWpVQy.exe
  2⤵
  PID:14528
- C:\Windows\System\RXhyrwK.exe
  C:\Windows\System\RXhyrwK.exe
  2⤵
  PID:14588
- C:\Windows\System\ieIUhkU.exe
  C:\Windows\System\ieIUhkU.exe
  2⤵
  PID:7100
- C:\Windows\System\vEXglIo.exe
  C:\Windows\System\vEXglIo.exe
  2⤵
  PID:7268
- C:\Windows\System\xdOmXSy.exe
  C:\Windows\System\xdOmXSy.exe
  2⤵
  PID:14812
- C:\Windows\System\uknuWfF.exe
  C:\Windows\System\uknuWfF.exe
  2⤵
  PID:7456
- C:\Windows\System\pIFjDYX.exe
  C:\Windows\System\pIFjDYX.exe
  2⤵
  PID:13124
- C:\Windows\System\tinLoPm.exe
  C:\Windows\System\tinLoPm.exe
  2⤵
  PID:7760
- C:\Windows\System\qYQstuN.exe
  C:\Windows\System\qYQstuN.exe
  2⤵
  PID:15164
- C:\Windows\System\kXlblTy.exe
  C:\Windows\System\kXlblTy.exe
  2⤵
  PID:8048
- C:\Windows\System\eXXcpTe.exe
  C:\Windows\System\eXXcpTe.exe
  2⤵
  PID:15324
- C:\Windows\System\ZztbRLO.exe
  C:\Windows\System\ZztbRLO.exe
  2⤵
  PID:8024
- C:\Windows\System\ByisTBC.exe
  C:\Windows\System\ByisTBC.exe
  2⤵
  PID:8128
- C:\Windows\System\WLFVuTb.exe
  C:\Windows\System\WLFVuTb.exe
  2⤵
  PID:8324
- C:\Windows\System\ESttAfs.exe
  C:\Windows\System\ESttAfs.exe
  2⤵
  PID:7236
- C:\Windows\System\XKdCwjy.exe
  C:\Windows\System\XKdCwjy.exe
  2⤵
  PID:8344
- C:\Windows\System\kyuuslX.exe
  C:\Windows\System\kyuuslX.exe
  2⤵
  PID:7676
- C:\Windows\System\UYOxZzT.exe
  C:\Windows\System\UYOxZzT.exe
  2⤵
  PID:15248
- C:\Windows\System\lyzQFnK.exe
  C:\Windows\System\lyzQFnK.exe
  2⤵
  PID:8220
- C:\Windows\System\henroAB.exe
  C:\Windows\System\henroAB.exe
  2⤵
  PID:14576
- C:\Windows\System\WPYaiUj.exe
  C:\Windows\System\WPYaiUj.exe
  2⤵
  PID:14836
- C:\Windows\System\chzcVRp.exe
  C:\Windows\System\chzcVRp.exe
  2⤵
  PID:8556
- C:\Windows\System\wvmXyzp.exe
  C:\Windows\System\wvmXyzp.exe
  2⤵
  PID:6428
- C:\Windows\System\SysClAU.exe
  C:\Windows\System\SysClAU.exe
  2⤵
  PID:4940
- C:\Windows\System\zarNnix.exe
  C:\Windows\System\zarNnix.exe
  2⤵
  PID:7216
- C:\Windows\System\THrndCN.exe
  C:\Windows\System\THrndCN.exe
  2⤵
  PID:8632
- C:\Windows\System\GsAGrbI.exe
  C:\Windows\System\GsAGrbI.exe
  2⤵
  PID:8668
- C:\Windows\System\NXwXwKR.exe
  C:\Windows\System\NXwXwKR.exe
  2⤵
  PID:8288
- C:\Windows\System\syJRtAc.exe
  C:\Windows\System\syJRtAc.exe
  2⤵
  PID:8568
- C:\Windows\System\baynjvv.exe
  C:\Windows\System\baynjvv.exe
  2⤵
  PID:8708
- C:\Windows\System\UPmdVhr.exe
  C:\Windows\System\UPmdVhr.exe
  2⤵
  PID:8764
- C:\Windows\System\hreQrgN.exe
  C:\Windows\System\hreQrgN.exe
  2⤵
  PID:8480
- C:\Windows\System\EFIazPg.exe
  C:\Windows\System\EFIazPg.exe
  2⤵
  PID:15156
- C:\Windows\System\PIXSiRy.exe
  C:\Windows\System\PIXSiRy.exe
  2⤵
  PID:15388
- C:\Windows\System\fXdwZFF.exe
  C:\Windows\System\fXdwZFF.exe
  2⤵
  PID:15416
- C:\Windows\System\mxPCZqF.exe
  C:\Windows\System\mxPCZqF.exe
  2⤵
  PID:15444
- C:\Windows\System\kDXncJw.exe
  C:\Windows\System\kDXncJw.exe
  2⤵
  PID:15476
- C:\Windows\System\PQvWUMV.exe
  C:\Windows\System\PQvWUMV.exe
  2⤵
  PID:15504
- C:\Windows\System\ufAOTBU.exe
  C:\Windows\System\ufAOTBU.exe
  2⤵
  PID:15532
- C:\Windows\System\feOPIDl.exe
  C:\Windows\System\feOPIDl.exe
  2⤵
  PID:15560
- C:\Windows\System\kGRFRoA.exe
  C:\Windows\System\kGRFRoA.exe
  2⤵
  PID:15588
- C:\Windows\System\cHuoBut.exe
  C:\Windows\System\cHuoBut.exe
  2⤵
  PID:15616
- C:\Windows\System\mYCtdeg.exe
  C:\Windows\System\mYCtdeg.exe
  2⤵
  PID:15644
- C:\Windows\System\xWuYSGK.exe
  C:\Windows\System\xWuYSGK.exe
  2⤵
  PID:15672
- C:\Windows\System\upcJLAH.exe
  C:\Windows\System\upcJLAH.exe
  2⤵
  PID:15700
- C:\Windows\System\DKzzOan.exe
  C:\Windows\System\DKzzOan.exe
  2⤵
  PID:15728
- C:\Windows\System\tSESZhG.exe
  C:\Windows\System\tSESZhG.exe
  2⤵
  PID:15756
- C:\Windows\System\QDnTXVD.exe
  C:\Windows\System\QDnTXVD.exe
  2⤵
  PID:15784
- C:\Windows\System\kFBoNeY.exe
  C:\Windows\System\kFBoNeY.exe
  2⤵
  PID:15812
- C:\Windows\System\DWhklny.exe
  C:\Windows\System\DWhklny.exe
  2⤵
  PID:15840
- C:\Windows\System\IxbxHcl.exe
  C:\Windows\System\IxbxHcl.exe
  2⤵
  PID:15868
- C:\Windows\System\asYOuiX.exe
  C:\Windows\System\asYOuiX.exe
  2⤵
  PID:15896
- C:\Windows\System\ICwBbXX.exe
  C:\Windows\System\ICwBbXX.exe
  2⤵
  PID:15924
- C:\Windows\System\pgMiOgr.exe
  C:\Windows\System\pgMiOgr.exe
  2⤵
  PID:15952
- C:\Windows\System\YJVzaXo.exe
  C:\Windows\System\YJVzaXo.exe
  2⤵
  PID:15980
- C:\Windows\System\bYSesMJ.exe
  C:\Windows\System\bYSesMJ.exe
  2⤵
  PID:16008
- C:\Windows\System\Vrzfwxl.exe
  C:\Windows\System\Vrzfwxl.exe
  2⤵
  PID:16036
- C:\Windows\System\NkNOYhp.exe
  C:\Windows\System\NkNOYhp.exe
  2⤵
  PID:16064
- C:\Windows\System\AFLjyhN.exe
  C:\Windows\System\AFLjyhN.exe
  2⤵
  PID:16092
- C:\Windows\System\nRYIQAi.exe
  C:\Windows\System\nRYIQAi.exe
  2⤵
  PID:16120
- C:\Windows\System\QjebMhW.exe
  C:\Windows\System\QjebMhW.exe
  2⤵
  PID:16148
- C:\Windows\System\XtBsWtG.exe
  C:\Windows\System\XtBsWtG.exe
  2⤵
  PID:16176
- C:\Windows\System\AEcnoXd.exe
  C:\Windows\System\AEcnoXd.exe
  2⤵
  PID:16204
- C:\Windows\System\MFaCTvI.exe
  C:\Windows\System\MFaCTvI.exe
  2⤵
  PID:16232
- C:\Windows\System\idjdGcn.exe
  C:\Windows\System\idjdGcn.exe
  2⤵
  PID:16264
- C:\Windows\System\XulNGNr.exe
  C:\Windows\System\XulNGNr.exe
  2⤵
  PID:16292
- C:\Windows\System\aMGHaMv.exe
  C:\Windows\System\aMGHaMv.exe
  2⤵
  PID:16320
- C:\Windows\System\DQjcPJJ.exe
  C:\Windows\System\DQjcPJJ.exe
  2⤵
  PID:16348
- C:\Windows\System\VupAcsQ.exe
  C:\Windows\System\VupAcsQ.exe
  2⤵
  PID:16376
- C:\Windows\System\WcoJEAa.exe
  C:\Windows\System\WcoJEAa.exe
  2⤵
  PID:8876
- C:\Windows\System\PKUxchS.exe
  C:\Windows\System\PKUxchS.exe
  2⤵
  PID:15412
- C:\Windows\System\ieZJDBF.exe
  C:\Windows\System\ieZJDBF.exe
  2⤵
  PID:8932
- C:\Windows\System\loJXGrc.exe
  C:\Windows\System\loJXGrc.exe
  2⤵
  PID:8984
- C:\Windows\System\jvpvaUY.exe
  C:\Windows\System\jvpvaUY.exe
  2⤵
  PID:15552
- C:\Windows\System\MCLmYsF.exe
  C:\Windows\System\MCLmYsF.exe
  2⤵
  PID:3816
- C:\Windows\System\fUFnKQJ.exe
  C:\Windows\System\fUFnKQJ.exe
  2⤵
  PID:15628
- C:\Windows\System\ocDikeA.exe
  C:\Windows\System\ocDikeA.exe
  2⤵
  PID:15664
- C:\Windows\System\NQdKnaY.exe
  C:\Windows\System\NQdKnaY.exe
  2⤵
  PID:15712
- C:\Windows\System\VsFiwQd.exe
  C:\Windows\System\VsFiwQd.exe
  2⤵
  PID:15748
- C:\Windows\System\hgzvQtL.exe
  C:\Windows\System\hgzvQtL.exe
  2⤵
  PID:15780
- C:\Windows\System\LCLidmo.exe
  C:\Windows\System\LCLidmo.exe
  2⤵
  PID:9536
- C:\Windows\System\dAZYcCU.exe
  C:\Windows\System\dAZYcCU.exe
  2⤵
  PID:15836
- C:\Windows\System\ftSmJWw.exe
  C:\Windows\System\ftSmJWw.exe
  2⤵
  PID:8628
- C:\Windows\System\DKFElal.exe
  C:\Windows\System\DKFElal.exe
  2⤵
  PID:7700
- C:\Windows\System\aeUzNBW.exe
  C:\Windows\System\aeUzNBW.exe
  2⤵
  PID:15944
- C:\Windows\System\pwUjjYl.exe
  C:\Windows\System\pwUjjYl.exe
  2⤵
  PID:15972
- C:\Windows\System\YzPllhe.exe
  C:\Windows\System\YzPllhe.exe
  2⤵
  PID:16000
- C:\Windows\System\GjTzPpp.exe
  C:\Windows\System\GjTzPpp.exe
  2⤵
  PID:16032
- C:\Windows\System\hccocrf.exe
  C:\Windows\System\hccocrf.exe
  2⤵
  PID:3656
- C:\Windows\System\SnRdtxH.exe
  C:\Windows\System\SnRdtxH.exe
  2⤵
  PID:8356
- C:\Windows\System\fhukCUW.exe
  C:\Windows\System\fhukCUW.exe
  2⤵
  PID:8464
- C:\Windows\System\TdrRdyI.exe
  C:\Windows\System\TdrRdyI.exe
  2⤵
  PID:16196
- C:\Windows\System\UkluqcC.exe
  C:\Windows\System\UkluqcC.exe
  2⤵
  PID:16248
- C:\Windows\System\WZKcwao.exe
  C:\Windows\System\WZKcwao.exe
  2⤵
  PID:8576
- C:\Windows\System\cZorQPv.exe
  C:\Windows\System\cZorQPv.exe
  2⤵
  PID:3552
- C:\Windows\System\rCXAHjm.exe
  C:\Windows\System\rCXAHjm.exe
  2⤵
  PID:16316
- C:\Windows\System\JanFDzP.exe
  C:\Windows\System\JanFDzP.exe
  2⤵
  PID:16340
- C:\Windows\System\XivkTRQ.exe
  C:\Windows\System\XivkTRQ.exe
  2⤵
  PID:9628
- C:\Windows\System\qQYfyty.exe
  C:\Windows\System\qQYfyty.exe
  2⤵
  PID:15408
- C:\Windows\System\eSFjksm.exe
  C:\Windows\System\eSFjksm.exe
  2⤵
  PID:3636
- C:\Windows\System\TgpOOzW.exe
  C:\Windows\System\TgpOOzW.exe
  2⤵
  PID:4392
- C:\Windows\System\GMydKyE.exe
  C:\Windows\System\GMydKyE.exe
  2⤵
  PID:9056
- C:\Windows\System\mfYLSms.exe
  C:\Windows\System\mfYLSms.exe
  2⤵
  PID:2084
- C:\Windows\System\jltuvGO.exe
  C:\Windows\System\jltuvGO.exe
  2⤵
  PID:9136
- C:\Windows\System\TYaCgYX.exe
  C:\Windows\System\TYaCgYX.exe
  2⤵
  PID:9128
- C:\Windows\System\TMABndf.exe
  C:\Windows\System\TMABndf.exe
  2⤵
  PID:3672
- C:\Windows\System\UtBijmL.exe
  C:\Windows\System\UtBijmL.exe
  2⤵
  PID:8524
- C:\Windows\System\YCWIJXq.exe
  C:\Windows\System\YCWIJXq.exe
  2⤵
  PID:15860
- C:\Windows\System\UlxefZK.exe
  C:\Windows\System\UlxefZK.exe
  2⤵
  PID:9312
- C:\Windows\System\bVvWKDS.exe
  C:\Windows\System\bVvWKDS.exe
  2⤵
  PID:9480
- C:\Windows\System\KJGnOvK.exe
  C:\Windows\System\KJGnOvK.exe
  2⤵
  PID:8884
- C:\Windows\System\PRBpBKt.exe
  C:\Windows\System\PRBpBKt.exe
  2⤵
  PID:9000
- C:\Windows\System\dtwEWnv.exe
  C:\Windows\System\dtwEWnv.exe
  2⤵
  PID:16028
- C:\Windows\System\eZQxnig.exe
  C:\Windows\System\eZQxnig.exe
  2⤵
  PID:16076
- C:\Windows\System\NDoDHot.exe
  C:\Windows\System\NDoDHot.exe
  2⤵
  PID:10316
- C:\Windows\System\RUdMtVG.exe
  C:\Windows\System\RUdMtVG.exe
  2⤵
  PID:10344
- C:\Windows\System\NtGzDqB.exe
  C:\Windows\System\NtGzDqB.exe
  2⤵
  PID:9252
- C:\Windows\System\guHtJYO.exe
  C:\Windows\System\guHtJYO.exe
  2⤵
  PID:8572
- C:\Windows\System\WRuJcFG.exe
  C:\Windows\System\WRuJcFG.exe
  2⤵
  PID:16288
- C:\Windows\System\lcXIdms.exe
  C:\Windows\System\lcXIdms.exe
  2⤵
  PID:16312
- C:\Windows\System\cCrMndD.exe
  C:\Windows\System\cCrMndD.exe
  2⤵
  PID:16368
- C:\Windows\System\kghNNZy.exe
  C:\Windows\System\kghNNZy.exe
  2⤵
  PID:9364
- C:\Windows\System\GsVzDRD.exe
  C:\Windows\System\GsVzDRD.exe
  2⤵
  PID:15500
- C:\Windows\System\TebyQva.exe
  C:\Windows\System\TebyQva.exe
  2⤵
  PID:9436
- C:\Windows\System\yQGyklN.exe
  C:\Windows\System\yQGyklN.exe
  2⤵
  PID:15608
- C:\Windows\System\jGInlef.exe
  C:\Windows\System\jGInlef.exe
  2⤵
  PID:9464
- C:\Windows\System\vCseBCA.exe
  C:\Windows\System\vCseBCA.exe
  2⤵
  PID:10156
- C:\Windows\System\aJbAloh.exe
  C:\Windows\System\aJbAloh.exe
  2⤵
  PID:10708
- C:\Windows\System\eCUIOAc.exe
  C:\Windows\System\eCUIOAc.exe
  2⤵
  PID:9156
- C:\Windows\System\IydjWYy.exe
  C:\Windows\System\IydjWYy.exe
  2⤵
  PID:10756
- C:\Windows\System\LMKuHBT.exe
  C:\Windows\System\LMKuHBT.exe
  2⤵
  PID:1980
- C:\Windows\System\CWsenoI.exe
  C:\Windows\System\CWsenoI.exe
  2⤵
  PID:9604
- C:\Windows\System\ocuQfMl.exe
  C:\Windows\System\ocuQfMl.exe
  2⤵
  PID:4876
- C:\Windows\System\MvhDKzX.exe
  C:\Windows\System\MvhDKzX.exe
  2⤵
  PID:10876
- C:\Windows\System\NaYRLWz.exe
  C:\Windows\System\NaYRLWz.exe
  2⤵
  PID:10276
- C:\Windows\System\thFgqBE.exe
  C:\Windows\System\thFgqBE.exe
  2⤵
  PID:9224
- C:\Windows\System\GPyLTVn.exe
  C:\Windows\System\GPyLTVn.exe
  2⤵
  PID:10960
- C:\Windows\System\jZquMYK.exe
  C:\Windows\System\jZquMYK.exe
  2⤵
  PID:9764
- C:\Windows\System\bNNYkiQ.exe
  C:\Windows\System\bNNYkiQ.exe
  2⤵
  PID:10448
- C:\Windows\System\NLRWYIf.exe
  C:\Windows\System\NLRWYIf.exe
  2⤵
  PID:11084
- C:\Windows\System\MPUufnJ.exe
  C:\Windows\System\MPUufnJ.exe
  2⤵
  PID:9236
- C:\Windows\System\GNVTVuz.exe
  C:\Windows\System\GNVTVuz.exe
  2⤵
  PID:9840
- C:\Windows\System\tLZtCXx.exe
  C:\Windows\System\tLZtCXx.exe
  2⤵
  PID:9884
- C:\Windows\System\Nkgjcdq.exe
  C:\Windows\System\Nkgjcdq.exe
  2⤵
  PID:9896
- C:\Windows\System\LCDbKwh.exe
  C:\Windows\System\LCDbKwh.exe
  2⤵
  PID:9924
- C:\Windows\System\WIVEsIW.exe
  C:\Windows\System\WIVEsIW.exe
  2⤵
  PID:11192
- C:\Windows\System\iWxsRyp.exe
  C:\Windows\System\iWxsRyp.exe
  2⤵
  PID:11224
- C:\Windows\System\mroPhPf.exe
  C:\Windows\System\mroPhPf.exe
  2⤵
  PID:9560
- C:\Windows\System\bhgSRFI.exe
  C:\Windows\System\bhgSRFI.exe
  2⤵
  PID:7732
- C:\Windows\System\nSsDioG.exe
  C:\Windows\System\nSsDioG.exe
  2⤵
  PID:2980
- C:\Windows\System\zdEmqKN.exe
  C:\Windows\System\zdEmqKN.exe
  2⤵
  PID:10408
- C:\Windows\System\fzlkMgH.exe
  C:\Windows\System\fzlkMgH.exe
  2⤵
  PID:10356
- C:\Windows\System\dJvfNqS.exe
  C:\Windows\System\dJvfNqS.exe
  2⤵
  PID:16160
- C:\Windows\System\AYjZbfj.exe
  C:\Windows\System\AYjZbfj.exe
  2⤵
  PID:16228
- C:\Windows\System\OajjGfR.exe
  C:\Windows\System\OajjGfR.exe
  2⤵
  PID:10816
- C:\Windows\System\EsjyEBJ.exe
  C:\Windows\System\EsjyEBJ.exe
  2⤵
  PID:10888
- C:\Windows\System\DDBYNLf.exe
  C:\Windows\System\DDBYNLf.exe
  2⤵
  PID:9072
- C:\Windows\System\OocetGt.exe
  C:\Windows\System\OocetGt.exe
  2⤵
  PID:11164
- C:\Windows\System\PjDbFkm.exe
  C:\Windows\System\PjDbFkm.exe
  2⤵
  PID:7292
- C:\Windows\System\yTGRfzE.exe
  C:\Windows\System\yTGRfzE.exe
  2⤵
  PID:10844
- C:\Windows\System\YSdZXkG.exe
  C:\Windows\System\YSdZXkG.exe
  2⤵
  PID:10556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AOalyQs.exe

Filesize
6.0MB

MD5
51ba13daad6dcb6d7751ee4c44010004

SHA1
7cdedf57b90e77cec057a044f0665f6603990d83

SHA256
0227d6ea8a386c1f42b18bfe032ee30d04a30841be53897efa99137b6f4fe5d3

SHA512
a2961a1e2424228431b15b132c9c37879be86afa50c16a20e1d4b37ab5e4c955db8dcc0a4ccf0bb6d6125da5cc928cd1daddc538505502b910146cdb2e0e5cef

Download Submit
C:\Windows\System\Cpaycxq.exe

Filesize
6.0MB

MD5
26cdf5e3e0eba180971a795a569de077

SHA1
333000f944ceca306a3decf08f773cfda3c4ef0c

SHA256
0cf3b3e192f2eb1fce23f66b65a42b120e1f816dc2d354b294c0d4717b0923bd

SHA512
e65b1175dbbd2868c855349d55ad4b51885f9f9b2a5c446d5b874c66809163d2425f7f76bc0160a9bfb1e3f00343841501ce401db315ac3114c52d35a61420fd

Download Submit
C:\Windows\System\EwAlSSU.exe

Filesize
6.0MB

MD5
1c13b6676e08ceeff56f99fa46bb7066

SHA1
1c62b7f649d518f27c719d370eeb769f37219f6c

SHA256
fb135ba2cb6cee2902874d566a10a905310c69bc397a146fe252e6cee4135a60

SHA512
bd61ae918f37e656b07ef00626fbcbacef1532d08fa6097473ae53ae8cbd942b8c34975694cb9fc55de97ffbb21911ca5972973129c14af8c24674b4946436fd

Download Submit
C:\Windows\System\FUkWIBs.exe

Filesize
6.0MB

MD5
c065e0869d66cc276546459cc83571fa

SHA1
704aa61b54397bdd9f440bbeca8b1ea454fa6feb

SHA256
9de07631737b4275e1f93799129a086db239bfef31dcfa8fe5ac197bdbe316ff

SHA512
db54e47fd26ad37ab6777785492913d739e24a2c91469724a829d7076f43dec22aca5e3fdb4fd9af4c85c763a6a378d9627dc7c40dc591107f57d98a7b799a28

Download Submit
C:\Windows\System\FeiOsCW.exe

Filesize
6.0MB

MD5
0265edc44d1f07930ff156496be86c78

SHA1
fb811df775234f80e0d675dc40a8ce1743da921c

SHA256
ccdc49d58e1653d9673698d805f5d8786d9acf7b75a612df9fe3e5be247d4f44

SHA512
a4413d22e04b557771121822bac5d7b89f5e86d673f028941eaa2c994316dcafddb9e1ae58854a0b98447d630bde605bc3a0c8232a7c34810b41f5a2ef999ece

Download Submit
C:\Windows\System\Jruixtp.exe

Filesize
6.0MB

MD5
6271a3b6a124e8ee95f9272104cf298c

SHA1
e3576411db7d3360e054753b9d382571e6a5cbd5

SHA256
150ef480dd14c466a8dfd0f87c042df5c36390329868909cc128b3cad19d510b

SHA512
2b76c1bb377b095248e7de0180be5fc412223d2a44f2b8abeb6604ae24a57cfedec4eb22e92ba8e9888d38747ff660874db5e41036b9a82b04639048b03bd1fb

Download Submit
C:\Windows\System\KKYaimV.exe

Filesize
6.0MB

MD5
3e454be9dd07253f4ce6989cee5a1ad8

SHA1
48a92236864337fc35a7c5f56931a6db40743ad2

SHA256
77006fe029b5b6d644ce4ce882a01b43e42e508dcfafb2ddd9e11de7961a8f0c

SHA512
2fd5b5dca8284f6d6420384aba38b42dc0281392467b230225317eff6571a3f63627635efe9c4645043ceaf28891957dc4b85692d41dc05db7e21974c2477a8a

Download Submit
C:\Windows\System\MvUPYWN.exe

Filesize
6.0MB

MD5
c4a6d5c2343e690d9c7a069f80714a7e

SHA1
47d8b0658ece102bc6820e0c3050e9b0ffa0faa4

SHA256
52b0c1d1fafe73ea8885868dace199fa9ffe77a3eb54c16071b4ccfe3409fa91

SHA512
321f1fe447cb1ba0cff485d42fda75205a767c5daaa6d6ffd83c92ed98f6824c70dfbfec2604436404415cecb93679c018dffd5272b87e06ad26d3b57baf8580

Download Submit
C:\Windows\System\OmwBsPW.exe

Filesize
6.0MB

MD5
255b17cc138bf88d23798b5f44f94204

SHA1
078c93609d190323bfc5b651d801aeb6ed7f53ac

SHA256
448356940c4b185955a46eee59fb13aceeddde36a13627c07071cfae8c762a52

SHA512
5e7efff70c68aa742b1f0b648032a2564f7385c8f82aa752fbd0993841b26174ca4de41157b74d57163f66908e0876ff3258f1f04ed3629ae1e78c6f2b1173ed

Download Submit
C:\Windows\System\OuzpKNh.exe

Filesize
6.0MB

MD5
648d8abaf84e858bb8800bc8a90b989d

SHA1
59df28219cd65e81ba6977cfd4be961af9819a5b

SHA256
8d66b5021381ae9bb8dda8a511f7e9599973a6b27c9c2de8b84d238b3c94eb04

SHA512
22485a25eb8935f1acab6b7496a0ada868d453126c2b877e10d1ea89268d31125b9140089a3360dd35d2185f173258e35d3cfdda882dd682406a771c110d6e08

Download Submit
C:\Windows\System\PUbGbGY.exe

Filesize
6.0MB

MD5
2f77765ee694afc3855fbfb85643d74f

SHA1
0ccc1be6f8d560b66540a28997a6bb3977a9cb20

SHA256
61f0d2fa02262c8c4d7c28a40d2ef64183a9efab357e8912e319f7d09e886135

SHA512
7265c2d018cfb0052958e0b7a6d4d08e0d218f38b114c28e964416ec073bbada2720c26e7e7e6cd30e3e0423b223148a689941ab4912ec60a99c9c91b004e545

Download Submit
C:\Windows\System\QAmDYBG.exe

Filesize
6.0MB

MD5
0b2f611919bc251e35ec48de6d3cf7fb

SHA1
1a16e27bfa182186b981f40fc6b2191c184d0568

SHA256
5fd2a045fcee30dfcf0b0b3b315aec295486d6476d5187506444ec9dd75ff70f

SHA512
76ef328588f9a9cd91f51d4936f11151596c87287ef5aed7e36b6d0641ac049a1d27ec8ad6fda76c422d5481a32d8eb0d0567fdba26606f5966342244e3c029d

Download Submit
C:\Windows\System\RTdsLFl.exe

Filesize
6.0MB

MD5
40b91e3b90b55b579bcc936cc9ad2aeb

SHA1
be50c3fad67846bd8ab2f1167a0a3902942ab63a

SHA256
c5256f677849948b3e7c4ce9008ae258e1c660524c3a5115fdb1d5df7a2ff3f0

SHA512
9d9b75f66834a613826c67aee2602420c1f6f068c148692c896384543fbf76ff72b7b55b329258f1d43106263f4e6e36e8a93d6aadb6b6585e594b852624beba

Download Submit
C:\Windows\System\UdOBgfd.exe

Filesize
6.0MB

MD5
b19f80ecd98d1a5616ef6399ae4ffa4b

SHA1
c2f5d5099f3a9bc69a49097340121efa474adaea

SHA256
573ebdc1833b9008afcd6681925b17cdc6fb2504b6d9099dca4eb54e79440162

SHA512
3d76ac6e4b081fe4f46d024881334552f00934e3db20a098240ca3ae5b3318f50281d6ae22aa3d92af4fa88627ca90c78cbed451165601783d6053983da34a02

Download Submit
C:\Windows\System\VFJmwGu.exe

Filesize
6.0MB

MD5
f158fade5458f1eb9879e747a3021fd6

SHA1
67643ddddd7495e3a4f4474da4766264729b0768

SHA256
f75c69d7f348945493f4d39d7614d143c71595747907481f39d6232b1f114dce

SHA512
bb2694bd23a93d31fe501daa6a6739244f068fc551df246610a708be3c4faf5c8756f9f32dd3fb53b7754b5df4a5e267862ec15c3922b02c50d1303ad2e574e4

Download Submit
C:\Windows\System\Vejaecy.exe

Filesize
6.0MB

MD5
34fa0745dff585b8d1022481c48b58f2

SHA1
5129a95296ac555dcc712e1053ead1e3339bc546

SHA256
99b824197f233940f9d5b40247de814dad20b1a864d7468bc975b1ce2017a4b0

SHA512
43553d0dda8ca5462e4da5982b492b21a422f33885599fa5632fbbbab89aeb431259124a215eb81c8a9e559a1672595860bdb79a89d4de7b0d57650293611a90

Download Submit
C:\Windows\System\VxvOAPz.exe

Filesize
6.0MB

MD5
14d7805a504e9d0fa40752286dd31552

SHA1
57b580b46b4b129aef142d549d649ec2f0d3e0ee

SHA256
68c856796792c2060021f175715a4d869f21496cd398100fd45f1c18a524faa7

SHA512
cc5c976f5c112a67bb73ba07eff17d073ec0509021d1c19e1df9af9f9da04b79b8aca4bfaab724a5bc49c75c830776d60491293f25f4c7964b4e6b3b088c0db8

Download Submit
C:\Windows\System\WBSHBvF.exe

Filesize
6.0MB

MD5
fb4b4762463a6529f6d2ed5dc948a075

SHA1
bfb89cf0ed98b108806a5b9a5dca178fac7a6b5f

SHA256
6647ba85e2ecc421cdd0fe9cc9c615d0934dfbd46a1ecfb64d6c357f39a42500

SHA512
b4ef378a2cb6fe1fc7c6308703e5d23ef55ef37694fea6329fb79a0a94a2d402e9e7da3d6e844713e4f3ed88514fea81ef6ec31468d5a33209a3dd5fca83221c

Download Submit
C:\Windows\System\WPiVecH.exe

Filesize
6.0MB

MD5
3a73fddb334e2c803e680df67677cf01

SHA1
633140c39cf262fffced17c88a85c947eb6fd808

SHA256
19bfb7da3f3100ff8c28c30ee882d670373802b4d4ea25483b794eccdb0f2d5d

SHA512
4208dd65846ac4a2c0a5f70889cd21a5928d3878ca111ab10e99e3d23d3a7e85e38318644a44763a9a5cb0cb95ee89471b1b996c0e253e0e9e72643517232249

Download Submit
C:\Windows\System\XrWmjUh.exe

Filesize
6.0MB

MD5
dc6b1f39735fc2aa4d046625c09ecb9f

SHA1
892e226e35c8a47b96c8c27b0575b4103b5b4d48

SHA256
ccf5004cdb1476fee87319d7c1b03a9fefe87a630e4d15951a8f7d5ee08ecffd

SHA512
1d4fe9cffd43d869db1b87af3fc866496c40b0301c8585bea63e6400f920bd9ab7fd1f938b7e389f2312afd0de33ed8328803348e20cca7dcf29e95314a99065

Download Submit
C:\Windows\System\YxJkoip.exe

Filesize
6.0MB

MD5
e738fb679c73c9c24e3185d4179e9204

SHA1
b76e181d8e482c19c53cf8de47ef57a18d7c21c8

SHA256
1dd0ea4232c3fb0fb988228f4438c12a0fc0eae7ef321d65d5b6258863b67e6b

SHA512
5b98217efaad7fe1bea68b1a8eb0af04c9f86ecaf8b01d76d440a763e140e68cd827dae5c2b045b420885bba1c8037b8993a36247ac4f000766eb0650e840c66

Download Submit
C:\Windows\System\adYpoQn.exe

Filesize
6.0MB

MD5
4b317d5624cc2f7137867417738d9bb5

SHA1
966707c64416f0e8a19cb67471adbfb0cf161aa0

SHA256
45c6279c6b4090be70ab81c27728ac8396328fd99ff36f86822db5d22152e4d4

SHA512
f812ce0481dc2eac2a0d7bcdcd157a552580ae5449214617e0d1923c6cdff9f18ed7c0776f30f7f21f042f4bcce499f69c3887425e4a3bc6d9b67333762efca4

Download Submit
C:\Windows\System\ckXsqNE.exe

Filesize
6.0MB

MD5
56764576b1de71641a7cbcc740a9a7ca

SHA1
cbd37db41a1e539c96fd1c211daf3a46cb86cec8

SHA256
3f186d6fbed6161774224d7f1ecf2422a880b20b606bc983cc7ce7b0a74317ae

SHA512
5d10cd0e2a6e548b18b75ebfb987de776b8bdc872a346d1a48fa3ca14a52e7afac5cd690f41e107aef60d7338a5a52a96ba4e950cf6bb82d9deed6f6eace6268

Download Submit
C:\Windows\System\fAbxBzg.exe

Filesize
6.0MB

MD5
b16a0ea735908d8b4e6e8a1d9dff47f7

SHA1
e21f6073eb3521601edd62fa67dca269d88027af

SHA256
db8bfe8b7a642e85c3244371598fcd57ee18b8bcc60c3d0ba5a5bfc89874110d

SHA512
07bf7b041a2d9631eafe092237d13210aeeee2bdc86cac16200cc651bca9b4836a60c595db976967e572b6816548fb351866fe07d0fe4ec78c382654f02ee2cf

Download Submit
C:\Windows\System\fzbijHF.exe

Filesize
6.0MB

MD5
569eef67e608005d47a05224312071d3

SHA1
694ef70d11f315d33423034e20896773fed71d27

SHA256
e63aa5a9b02b10af318a06c5b0934cfd3013e990f50f6fc8182e57e4b61224b1

SHA512
f3a1cc7065b56c3a111f8cf50f3515b9d3599c0759fad512b0fd99c3c2fc1999633db2deaa6103005602fd42fac92f1cb38657a31ace104d8011d2e7b095f142

Download Submit
C:\Windows\System\iVYGNkz.exe

Filesize
6.0MB

MD5
7ff67a040ae00cc3491c93a93f5fa444

SHA1
b7eb9d940b9fd1fed4395ba528675be10a383e03

SHA256
c0b5ce28a72b420d8adff7aad050c55d1c86b72ebbf3c35dc62197c89760ba50

SHA512
ef6086062a1040d90437d1dbf826e4a8c3a4ac87325bf982165c300142173bc781c99f6ac67172fe6370c8012ab74d6a2c784c032dc0a58670c4bdd69bb5a3c3

Download Submit
C:\Windows\System\kVgSXrk.exe

Filesize
6.0MB

MD5
c457c953e6e38689ac44d9c7c6c69e19

SHA1
e551d1689d36aa391f7239d975a82d007f82fa7f

SHA256
9b47b4546805d7fef086ad2723105bd34e1e9ca9070d1d622a1eac267a4c5cbf

SHA512
853e81e3b70ac03447bfe675ad37622cece5db4c2b897480c30b27d516919494b6a8da3693e3a2e8f19815a31bb012066a8c807fab31fe9643017bd5a166a4c4

Download Submit
C:\Windows\System\mAFjyVC.exe

Filesize
6.0MB

MD5
952a7e3d42d1e6ccd46c5f809522dccc

SHA1
5315c24d80f848cae04a8eabf65d82650f43a9dd

SHA256
9dced7dc99c83699b1bffff1666ab61271d85c579124b08d00ec218335290d98

SHA512
598cc058f8052f37e36f567c411dac024e8ac5ab935a00d140448fcbd780397f9421c8aaeff8d93c0d03452836ca864dd826745690bfff894f39a59fc344228a

Download Submit
C:\Windows\System\pTVDAfw.exe

Filesize
6.0MB

MD5
c2f96542262009425b59123a4f18890d

SHA1
08dbfd327ebb6276a30dc1237d887275c7bfd127

SHA256
55197c1b3fde22344538924eba7b6ed1b317a9c94cb546cbbf9881443dfec45a

SHA512
71a57663770dcea9b3946719e86712600e99d429fb430eaa6502a4b5bb37a54be9b069d20de53b0d71dff7952bb1720787675dd953c0127b410f08f2b65f9a8e

Download Submit
C:\Windows\System\pToXGmt.exe

Filesize
6.0MB

MD5
9a584ae1174eea8bf2386f3f31ac7669

SHA1
9539c0a0163f689031162d855ac592ee97efed72

SHA256
69501c72025417ea31c77dbad38c826f509b4c9f0bffd7578a45da8f1a55cde6

SHA512
e6568e940e01b4f9228ce01e0075ccd20148c26bd94e3834942b78f980073450a9b6d8005793fcbf5998b75e598d40af2117bff48134981af1a403d49d621ebf

Download Submit
C:\Windows\System\sNhChWw.exe

Filesize
6.0MB

MD5
d0aa236c6c2733e0dab75a6a8cb356e1

SHA1
84063bc22e0acddf7a799cfa4e2a745d1f07bca9

SHA256
b648946e21ec92b285a394891c58a410d3c1c6992a822392b383777729009a28

SHA512
d69f83d3c7572a17c7ded1882b47a54eb7857dd34d19a34b88f5a79669e52bc7230e8a7294785c4c39c768185e673f8ad968075c8723716dd9d23ba7057196e9

Download Submit
C:\Windows\System\yZDSTnu.exe

Filesize
6.0MB

MD5
3343ea16960d8eecc93648ba241bf63b

SHA1
0154534fb436a079a988d59e60e75ee34e61cd94

SHA256
1c7194f472d6f4336367bd45d459e480bde34f8f66e5bc5a04f4c48e0e981c63

SHA512
7474187425cc6c5ded26b4903211df86f281f19dd68bd2fb143ee6204a305062ada8da5067bd468987220dd1e21194980fbf96cb5754bf961e1db8ff5d378cfd

Download Submit
C:\Windows\System\zwUXiaz.exe

Filesize
6.0MB

MD5
5a172371b363f47fd4ee586ecd5bbb25

SHA1
7510d30ab38f8db0255313b9764df8787baadd34

SHA256
b0cc5cfee176389a86ececab70b07d8044dd572172995b1868db53c496f1ad0a

SHA512
99be82d46c5b985be2e9fd645020d8252dcfdc229e5566ec9e8230462b1010572e2db8dbc877ae1dd3659dbc77ecc7c34fadfc5cb0361cd0f7cb81bbb66273d6

Download Submit
memory/232-1252-0x00007FF703FE0000-0x00007FF704334000-memory.dmp

Filesize
3.3MB

Download
memory/232-1810-0x00007FF703FE0000-0x00007FF704334000-memory.dmp

Filesize
3.3MB

Download
memory/236-1249-0x00007FF74C150000-0x00007FF74C4A4000-memory.dmp

Filesize
3.3MB

Download
memory/236-1811-0x00007FF74C150000-0x00007FF74C4A4000-memory.dmp

Filesize
3.3MB

Download
memory/244-1808-0x00007FF6A5BF0000-0x00007FF6A5F44000-memory.dmp

Filesize
3.3MB

Download
memory/244-1243-0x00007FF6A5BF0000-0x00007FF6A5F44000-memory.dmp

Filesize
3.3MB

Download
memory/396-1239-0x00007FF6307A0000-0x00007FF630AF4000-memory.dmp

Filesize
3.3MB

Download
memory/396-1804-0x00007FF6307A0000-0x00007FF630AF4000-memory.dmp

Filesize
3.3MB

Download
memory/1344-1809-0x00007FF795B00000-0x00007FF795E54000-memory.dmp

Filesize
3.3MB

Download
memory/1344-1238-0x00007FF795B00000-0x00007FF795E54000-memory.dmp

Filesize
3.3MB

Download
memory/1604-1259-0x00007FF62D0A0000-0x00007FF62D3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1604-1821-0x00007FF62D0A0000-0x00007FF62D3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1640-1253-0x00007FF67F8F0000-0x00007FF67FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1640-1824-0x00007FF67F8F0000-0x00007FF67FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1728-1279-0x00007FF64C060000-0x00007FF64C3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1728-1814-0x00007FF64C060000-0x00007FF64C3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-1787-0x00007FF6250D0000-0x00007FF625424000-memory.dmp

Filesize
3.3MB

Download
memory/1800-1658-0x00007FF6250D0000-0x00007FF625424000-memory.dmp

Filesize
3.3MB

Download
memory/1800-1214-0x00007FF6250D0000-0x00007FF625424000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1799-0x00007FF7F1D90000-0x00007FF7F20E4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1230-0x00007FF7F1D90000-0x00007FF7F20E4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1275-0x00007FF7B59C0000-0x00007FF7B5D14000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1817-0x00007FF7B59C0000-0x00007FF7B5D14000-memory.dmp

Filesize
3.3MB

Download
memory/2136-1781-0x00007FF6C5FD0000-0x00007FF6C6324000-memory.dmp

Filesize
3.3MB

Download
memory/2136-1607-0x00007FF6C5FD0000-0x00007FF6C6324000-memory.dmp

Filesize
3.3MB

Download
memory/2136-24-0x00007FF6C5FD0000-0x00007FF6C6324000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1234-0x00007FF71A560000-0x00007FF71A8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1805-0x00007FF71A560000-0x00007FF71A8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-1455-0x00007FF7ACD60000-0x00007FF7AD0B4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-6-0x00007FF7ACD60000-0x00007FF7AD0B4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-1772-0x00007FF7ACD60000-0x00007FF7AD0B4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-1825-0x00007FF7E54C0000-0x00007FF7E5814000-memory.dmp

Filesize
3.3MB

Download
memory/2664-1280-0x00007FF7E54C0000-0x00007FF7E5814000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1826-0x00007FF6E15E0000-0x00007FF6E1934000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1256-0x00007FF6E15E0000-0x00007FF6E1934000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1274-0x00007FF6D2380000-0x00007FF6D26D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1815-0x00007FF6D2380000-0x00007FF6D26D4000-memory.dmp

Filesize
3.3MB

Download
memory/3208-0-0x00007FF63B5C0000-0x00007FF63B914000-memory.dmp

Filesize
3.3MB

Download
memory/3208-1-0x0000019881370000-0x0000019881380000-memory.dmp

Filesize
64KB

Download
memory/3208-1401-0x00007FF63B5C0000-0x00007FF63B914000-memory.dmp

Filesize
3.3MB

Download
memory/3284-1789-0x00007FF7CC0F0000-0x00007FF7CC444000-memory.dmp

Filesize
3.3MB

Download
memory/3284-1222-0x00007FF7CC0F0000-0x00007FF7CC444000-memory.dmp

Filesize
3.3MB

Download
memory/3324-1227-0x00007FF630DE0000-0x00007FF631134000-memory.dmp

Filesize
3.3MB

Download
memory/3324-1796-0x00007FF630DE0000-0x00007FF631134000-memory.dmp

Filesize
3.3MB

Download
memory/3360-1820-0x00007FF61FFC0000-0x00007FF620314000-memory.dmp

Filesize
3.3MB

Download
memory/3360-1258-0x00007FF61FFC0000-0x00007FF620314000-memory.dmp

Filesize
3.3MB

Download
memory/3744-30-0x00007FF6239E0000-0x00007FF623D34000-memory.dmp

Filesize
3.3MB

Download
memory/3744-1786-0x00007FF6239E0000-0x00007FF623D34000-memory.dmp

Filesize
3.3MB

Download
memory/3744-1655-0x00007FF6239E0000-0x00007FF623D34000-memory.dmp

Filesize
3.3MB

Download
memory/3888-1806-0x00007FF7B25E0000-0x00007FF7B2934000-memory.dmp

Filesize
3.3MB

Download
memory/3888-1248-0x00007FF7B25E0000-0x00007FF7B2934000-memory.dmp

Filesize
3.3MB

Download
memory/4036-1257-0x00007FF6F5E70000-0x00007FF6F61C4000-memory.dmp

Filesize
3.3MB

Download
memory/4036-1819-0x00007FF6F5E70000-0x00007FF6F61C4000-memory.dmp

Filesize
3.3MB

Download
memory/4172-1513-0x00007FF754240000-0x00007FF754594000-memory.dmp

Filesize
3.3MB

Download
memory/4172-12-0x00007FF754240000-0x00007FF754594000-memory.dmp

Filesize
3.3MB

Download
memory/4172-1776-0x00007FF754240000-0x00007FF754594000-memory.dmp

Filesize
3.3MB

Download
memory/4212-1790-0x00007FF6D1CC0000-0x00007FF6D2014000-memory.dmp

Filesize
3.3MB

Download
memory/4212-1281-0x00007FF6D1CC0000-0x00007FF6D2014000-memory.dmp

Filesize
3.3MB

Download
memory/4288-1228-0x00007FF7FDF10000-0x00007FF7FE264000-memory.dmp

Filesize
3.3MB

Download
memory/4288-1798-0x00007FF7FDF10000-0x00007FF7FE264000-memory.dmp

Filesize
3.3MB

Download
memory/4564-18-0x00007FF688E80000-0x00007FF6891D4000-memory.dmp

Filesize
3.3MB

Download
memory/4564-1778-0x00007FF688E80000-0x00007FF6891D4000-memory.dmp

Filesize
3.3MB

Download
memory/4564-1565-0x00007FF688E80000-0x00007FF6891D4000-memory.dmp

Filesize
3.3MB

Download
memory/4692-1802-0x00007FF74CB80000-0x00007FF74CED4000-memory.dmp

Filesize
3.3MB

Download
memory/4692-1231-0x00007FF74CB80000-0x00007FF74CED4000-memory.dmp

Filesize
3.3MB

Download
memory/4964-1807-0x00007FF725F50000-0x00007FF7262A4000-memory.dmp

Filesize
3.3MB

Download
memory/4964-1244-0x00007FF725F50000-0x00007FF7262A4000-memory.dmp

Filesize
3.3MB

Download