cobaltstrike | 8b76c677fa615325410ee8d32529cc8653ae2c5b1b0fda890d8e00b48daaca9e

Analysis

max time kernel
150s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/12/2024, 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e18888162d958355311622e74f5f0d4e
SHA1

5ed2093dd09fb120d3971c0e24ae072c8db1e457
SHA256

8b76c677fa615325410ee8d32529cc8653ae2c5b1b0fda890d8e00b48daaca9e
SHA512

509722f757032d75c3b1d0d472c0878e3ce4742b92dd295e81c94b150258862bfd867b8a65374a590bb1f8a9cf036312634c69692ca0c0fd57060d57895ecd82
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUY:T+q56utgpPF8u/7Y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0009000000023c93-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9b-12.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9c-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9e-32.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9f-39.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-61.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca1-68.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca5-74.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca3-70.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca2-66.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca9-86.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca8-95.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cad-119.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-140.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-138.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-134.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cac-107.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cab-105.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caa-103.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca6-82.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca0-50.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9d-34.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c98-30.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-153.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-152.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb4-167.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb5-172.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb6-176.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb7-183.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb9-195.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb8-189.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cba-199.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4684-0-0x00007FF7CD600000-0x00007FF7CD954000-memory.dmp	xmrig
behavioral2/files/0x0009000000023c93-5.dat	xmrig
behavioral2/memory/3116-6-0x00007FF7D1EF0000-0x00007FF7D2244000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9b-12.dat	xmrig
behavioral2/memory/1812-14-0x00007FF6CFD00000-0x00007FF6D0054000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9c-11.dat	xmrig
behavioral2/memory/2108-22-0x00007FF7ABC10000-0x00007FF7ABF64000-memory.dmp	xmrig
behavioral2/memory/1984-28-0x00007FF66F690000-0x00007FF66F9E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9e-32.dat	xmrig
behavioral2/files/0x0007000000023c9f-39.dat	xmrig
behavioral2/memory/4604-55-0x00007FF71FE60000-0x00007FF7201B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca4-61.dat	xmrig
behavioral2/files/0x0007000000023ca1-68.dat	xmrig
behavioral2/files/0x0007000000023ca5-74.dat	xmrig
behavioral2/files/0x0007000000023ca3-70.dat	xmrig
behavioral2/files/0x0007000000023ca2-66.dat	xmrig
behavioral2/files/0x0007000000023ca9-86.dat	xmrig
behavioral2/files/0x0007000000023ca8-95.dat	xmrig
behavioral2/memory/1764-109-0x00007FF7AB670000-0x00007FF7AB9C4000-memory.dmp	xmrig
behavioral2/memory/224-112-0x00007FF6152A0000-0x00007FF6155F4000-memory.dmp	xmrig
behavioral2/memory/1272-115-0x00007FF781470000-0x00007FF7817C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cad-119.dat	xmrig
behavioral2/memory/4684-120-0x00007FF7CD600000-0x00007FF7CD954000-memory.dmp	xmrig
behavioral2/memory/2108-136-0x00007FF7ABC10000-0x00007FF7ABF64000-memory.dmp	xmrig
behavioral2/memory/1812-144-0x00007FF6CFD00000-0x00007FF6D0054000-memory.dmp	xmrig
behavioral2/memory/4416-143-0x00007FF76A9A0000-0x00007FF76ACF4000-memory.dmp	xmrig
behavioral2/memory/364-142-0x00007FF6A0FA0000-0x00007FF6A12F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb0-140.dat	xmrig
behavioral2/files/0x0007000000023caf-138.dat	xmrig
behavioral2/memory/3712-137-0x00007FF796C60000-0x00007FF796FB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cae-134.dat	xmrig
behavioral2/memory/3116-133-0x00007FF7D1EF0000-0x00007FF7D2244000-memory.dmp	xmrig
behavioral2/memory/4672-127-0x00007FF63E0B0000-0x00007FF63E404000-memory.dmp	xmrig
behavioral2/memory/3244-116-0x00007FF69C0B0000-0x00007FF69C404000-memory.dmp	xmrig
behavioral2/memory/116-114-0x00007FF7B3950000-0x00007FF7B3CA4000-memory.dmp	xmrig
behavioral2/memory/4528-113-0x00007FF613EF0000-0x00007FF614244000-memory.dmp	xmrig
behavioral2/memory/3108-111-0x00007FF6A08D0000-0x00007FF6A0C24000-memory.dmp	xmrig
behavioral2/memory/4192-110-0x00007FF7DB130000-0x00007FF7DB484000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cac-107.dat	xmrig
behavioral2/files/0x0007000000023cab-105.dat	xmrig
behavioral2/files/0x0007000000023caa-103.dat	xmrig
behavioral2/memory/728-102-0x00007FF7C5BE0000-0x00007FF7C5F34000-memory.dmp	xmrig
behavioral2/memory/4116-98-0x00007FF7803B0000-0x00007FF780704000-memory.dmp	xmrig
behavioral2/memory/4880-91-0x00007FF70A870000-0x00007FF70ABC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca6-82.dat	xmrig
behavioral2/memory/4420-51-0x00007FF6714B0000-0x00007FF671804000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca0-50.dat	xmrig
behavioral2/memory/3280-41-0x00007FF691070000-0x00007FF6913C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9d-34.dat	xmrig
behavioral2/memory/1484-33-0x00007FF6D2340000-0x00007FF6D2694000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c98-30.dat	xmrig
behavioral2/files/0x0007000000023cb1-153.dat	xmrig
behavioral2/files/0x0007000000023cb3-152.dat	xmrig
behavioral2/memory/4420-158-0x00007FF6714B0000-0x00007FF671804000-memory.dmp	xmrig
behavioral2/memory/2496-163-0x00007FF711B60000-0x00007FF711EB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb4-167.dat	xmrig
behavioral2/files/0x0007000000023cb5-172.dat	xmrig
behavioral2/memory/744-171-0x00007FF7A42D0000-0x00007FF7A4624000-memory.dmp	xmrig
behavioral2/memory/4880-170-0x00007FF70A870000-0x00007FF70ABC4000-memory.dmp	xmrig
behavioral2/memory/3944-166-0x00007FF6EECB0000-0x00007FF6EF004000-memory.dmp	xmrig
behavioral2/memory/1484-157-0x00007FF6D2340000-0x00007FF6D2694000-memory.dmp	xmrig
behavioral2/memory/3280-150-0x00007FF691070000-0x00007FF6913C4000-memory.dmp	xmrig
behavioral2/memory/4360-149-0x00007FF751F50000-0x00007FF7522A4000-memory.dmp	xmrig
behavioral2/memory/1984-148-0x00007FF66F690000-0x00007FF66F9E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3116	zZfPzLI.exe
1812	lsHeZdz.exe
2108	ajUAJyo.exe
1984	RpGNORs.exe
1484	nQeNcmg.exe
3280	TIEOrAb.exe
4420	LMIGEFE.exe
4604	iDAYZmk.exe
4880	pdxKSLA.exe
1272	eVixNXj.exe
4116	XfHoHCG.exe
728	exQVPyT.exe
1764	WaZBAfo.exe
4192	ESooTlQ.exe
3108	KVLaRml.exe
224	RmQlJDP.exe
3244	MWtAWfb.exe
4528	eypzGzd.exe
116	Rqfwqzh.exe
4672	BqZIbiS.exe
3712	grDDane.exe
364	CVoFPAQ.exe
4416	bljYNeg.exe
4360	wKrzkXK.exe
2496	fABRlDA.exe
3944	HDgyFMS.exe
744	CnHqPRo.exe
1112	nLwPwkq.exe
668	pKdmYCp.exe
4540	UkqHZzu.exe
2240	hCWLhdb.exe
5108	euXtfjm.exe
1176	LwmmfnJ.exe
2588	oQyoNow.exe
1468	BusmsdW.exe
832	GGtvsUl.exe
4472	kLHdVpU.exe
1920	WNNighP.exe
4824	foMFlUm.exe
2960	aicSxpN.exe
2676	GwTDanI.exe
3720	VJnMyRd.exe
3896	lCiIUTY.exe
4564	qNUTxgU.exe
3524	OCeykCw.exe
3172	RTbkyKy.exe
2812	UaKCBPB.exe
2420	sJvCYJM.exe
1128	zDMuzeB.exe
2952	eUQXtFz.exe
4800	eRciyqg.exe
624	DtFzYwd.exe
1816	UQumlVM.exe
1108	ZAYFZDF.exe
3496	yaOPSkp.exe
2192	xDvfHmU.exe
4576	jbeBwMm.exe
4104	qTolZnB.exe
4204	CzHDFHD.exe
2424	HilIjjD.exe
3044	jMvhApt.exe
4240	cCsCEvu.exe
2296	LUqiPBH.exe
428	hvwEvcO.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4684-0-0x00007FF7CD600000-0x00007FF7CD954000-memory.dmp	upx
behavioral2/files/0x0009000000023c93-5.dat	upx
behavioral2/memory/3116-6-0x00007FF7D1EF0000-0x00007FF7D2244000-memory.dmp	upx
behavioral2/files/0x0007000000023c9b-12.dat	upx
behavioral2/memory/1812-14-0x00007FF6CFD00000-0x00007FF6D0054000-memory.dmp	upx
behavioral2/files/0x0007000000023c9c-11.dat	upx
behavioral2/memory/2108-22-0x00007FF7ABC10000-0x00007FF7ABF64000-memory.dmp	upx
behavioral2/memory/1984-28-0x00007FF66F690000-0x00007FF66F9E4000-memory.dmp	upx
behavioral2/files/0x0007000000023c9e-32.dat	upx
behavioral2/files/0x0007000000023c9f-39.dat	upx
behavioral2/memory/4604-55-0x00007FF71FE60000-0x00007FF7201B4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca4-61.dat	upx
behavioral2/files/0x0007000000023ca1-68.dat	upx
behavioral2/files/0x0007000000023ca5-74.dat	upx
behavioral2/files/0x0007000000023ca3-70.dat	upx
behavioral2/files/0x0007000000023ca2-66.dat	upx
behavioral2/files/0x0007000000023ca9-86.dat	upx
behavioral2/files/0x0007000000023ca8-95.dat	upx
behavioral2/memory/1764-109-0x00007FF7AB670000-0x00007FF7AB9C4000-memory.dmp	upx
behavioral2/memory/224-112-0x00007FF6152A0000-0x00007FF6155F4000-memory.dmp	upx
behavioral2/memory/1272-115-0x00007FF781470000-0x00007FF7817C4000-memory.dmp	upx
behavioral2/files/0x0007000000023cad-119.dat	upx
behavioral2/memory/4684-120-0x00007FF7CD600000-0x00007FF7CD954000-memory.dmp	upx
behavioral2/memory/2108-136-0x00007FF7ABC10000-0x00007FF7ABF64000-memory.dmp	upx
behavioral2/memory/1812-144-0x00007FF6CFD00000-0x00007FF6D0054000-memory.dmp	upx
behavioral2/memory/4416-143-0x00007FF76A9A0000-0x00007FF76ACF4000-memory.dmp	upx
behavioral2/memory/364-142-0x00007FF6A0FA0000-0x00007FF6A12F4000-memory.dmp	upx
behavioral2/files/0x0007000000023cb0-140.dat	upx
behavioral2/files/0x0007000000023caf-138.dat	upx
behavioral2/memory/3712-137-0x00007FF796C60000-0x00007FF796FB4000-memory.dmp	upx
behavioral2/files/0x0007000000023cae-134.dat	upx
behavioral2/memory/3116-133-0x00007FF7D1EF0000-0x00007FF7D2244000-memory.dmp	upx
behavioral2/memory/4672-127-0x00007FF63E0B0000-0x00007FF63E404000-memory.dmp	upx
behavioral2/memory/3244-116-0x00007FF69C0B0000-0x00007FF69C404000-memory.dmp	upx
behavioral2/memory/116-114-0x00007FF7B3950000-0x00007FF7B3CA4000-memory.dmp	upx
behavioral2/memory/4528-113-0x00007FF613EF0000-0x00007FF614244000-memory.dmp	upx
behavioral2/memory/3108-111-0x00007FF6A08D0000-0x00007FF6A0C24000-memory.dmp	upx
behavioral2/memory/4192-110-0x00007FF7DB130000-0x00007FF7DB484000-memory.dmp	upx
behavioral2/files/0x0007000000023cac-107.dat	upx
behavioral2/files/0x0007000000023cab-105.dat	upx
behavioral2/files/0x0007000000023caa-103.dat	upx
behavioral2/memory/728-102-0x00007FF7C5BE0000-0x00007FF7C5F34000-memory.dmp	upx
behavioral2/memory/4116-98-0x00007FF7803B0000-0x00007FF780704000-memory.dmp	upx
behavioral2/memory/4880-91-0x00007FF70A870000-0x00007FF70ABC4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca6-82.dat	upx
behavioral2/memory/4420-51-0x00007FF6714B0000-0x00007FF671804000-memory.dmp	upx
behavioral2/files/0x0007000000023ca0-50.dat	upx
behavioral2/memory/3280-41-0x00007FF691070000-0x00007FF6913C4000-memory.dmp	upx
behavioral2/files/0x0007000000023c9d-34.dat	upx
behavioral2/memory/1484-33-0x00007FF6D2340000-0x00007FF6D2694000-memory.dmp	upx
behavioral2/files/0x0008000000023c98-30.dat	upx
behavioral2/files/0x0007000000023cb1-153.dat	upx
behavioral2/files/0x0007000000023cb3-152.dat	upx
behavioral2/memory/4420-158-0x00007FF6714B0000-0x00007FF671804000-memory.dmp	upx
behavioral2/memory/2496-163-0x00007FF711B60000-0x00007FF711EB4000-memory.dmp	upx
behavioral2/files/0x0007000000023cb4-167.dat	upx
behavioral2/files/0x0007000000023cb5-172.dat	upx
behavioral2/memory/744-171-0x00007FF7A42D0000-0x00007FF7A4624000-memory.dmp	upx
behavioral2/memory/4880-170-0x00007FF70A870000-0x00007FF70ABC4000-memory.dmp	upx
behavioral2/memory/3944-166-0x00007FF6EECB0000-0x00007FF6EF004000-memory.dmp	upx
behavioral2/memory/1484-157-0x00007FF6D2340000-0x00007FF6D2694000-memory.dmp	upx
behavioral2/memory/3280-150-0x00007FF691070000-0x00007FF6913C4000-memory.dmp	upx
behavioral2/memory/4360-149-0x00007FF751F50000-0x00007FF7522A4000-memory.dmp	upx
behavioral2/memory/1984-148-0x00007FF66F690000-0x00007FF66F9E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\beErEFt.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TDjIRwZ.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnrjcIv.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ERmlsBP.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMbxWEN.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phMXfTB.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CyifZFG.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GqUyqcs.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdRPWuU.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwGMWaU.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZpQBEEv.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCWIbuM.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ewfLmkj.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SeVrEWN.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EskXAuv.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvmIezi.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qwKfbFP.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPNKTAE.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNYhuJG.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QeIdpTI.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrnoBOY.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HRTDhOP.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MHCdtcH.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mNfJJGa.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tflimOe.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmTDEWc.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XfHoHCG.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akEhuOu.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JqOZYaP.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uyhmgOW.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vUuoMyF.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\puylHYK.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wVjlXMc.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aCRkBtU.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QNMWEhL.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFcdqoC.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Mlrcgce.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\myIlMhm.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ktIWnYv.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xhERUBv.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JJrEBCX.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ulyHYSY.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUaZAlo.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMCXCZn.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMwALpB.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iersHsf.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMzsviP.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjwbBIq.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CfrDlhP.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eiSbxve.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gJHkjgY.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhQzxAY.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogOHWRw.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgcEedH.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYqZiMo.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OCeykCw.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pgycqat.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AphmKkK.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bIYJBaX.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNytpeP.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUPFHhH.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtDIQny.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCJmxon.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUtmaWR.exe	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4684 wrote to memory of 3116	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4684 wrote to memory of 3116	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4684 wrote to memory of 1812	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4684 wrote to memory of 1812	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4684 wrote to memory of 2108	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4684 wrote to memory of 2108	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4684 wrote to memory of 1984	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4684 wrote to memory of 1984	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4684 wrote to memory of 1484	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4684 wrote to memory of 1484	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4684 wrote to memory of 3280	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4684 wrote to memory of 3280	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4684 wrote to memory of 4420	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4684 wrote to memory of 4420	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4684 wrote to memory of 4604	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4684 wrote to memory of 4604	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4684 wrote to memory of 1272	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4684 wrote to memory of 1272	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4684 wrote to memory of 4880	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4684 wrote to memory of 4880	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4684 wrote to memory of 4116	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4684 wrote to memory of 4116	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4684 wrote to memory of 728	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4684 wrote to memory of 728	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4684 wrote to memory of 1764	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4684 wrote to memory of 1764	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4684 wrote to memory of 4192	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4684 wrote to memory of 4192	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4684 wrote to memory of 3108	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4684 wrote to memory of 3108	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4684 wrote to memory of 224	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4684 wrote to memory of 224	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4684 wrote to memory of 3244	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4684 wrote to memory of 3244	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4684 wrote to memory of 4528	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4684 wrote to memory of 4528	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4684 wrote to memory of 116	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4684 wrote to memory of 116	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4684 wrote to memory of 4672	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4684 wrote to memory of 4672	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4684 wrote to memory of 3712	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4684 wrote to memory of 3712	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4684 wrote to memory of 364	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4684 wrote to memory of 364	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4684 wrote to memory of 4416	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4684 wrote to memory of 4416	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4684 wrote to memory of 4360	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4684 wrote to memory of 4360	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4684 wrote to memory of 2496	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4684 wrote to memory of 2496	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4684 wrote to memory of 3944	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4684 wrote to memory of 3944	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4684 wrote to memory of 744	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4684 wrote to memory of 744	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4684 wrote to memory of 1112	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4684 wrote to memory of 1112	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4684 wrote to memory of 668	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4684 wrote to memory of 668	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4684 wrote to memory of 4540	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4684 wrote to memory of 4540	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4684 wrote to memory of 2240	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4684 wrote to memory of 2240	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4684 wrote to memory of 5108	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 4684 wrote to memory of 5108	4684	2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_e18888162d958355311622e74f5f0d4e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Windows\System\zZfPzLI.exe
  C:\Windows\System\zZfPzLI.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\lsHeZdz.exe
  C:\Windows\System\lsHeZdz.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\ajUAJyo.exe
  C:\Windows\System\ajUAJyo.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\RpGNORs.exe
  C:\Windows\System\RpGNORs.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\nQeNcmg.exe
  C:\Windows\System\nQeNcmg.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\TIEOrAb.exe
  C:\Windows\System\TIEOrAb.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\LMIGEFE.exe
  C:\Windows\System\LMIGEFE.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\iDAYZmk.exe
  C:\Windows\System\iDAYZmk.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\eVixNXj.exe
  C:\Windows\System\eVixNXj.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\pdxKSLA.exe
  C:\Windows\System\pdxKSLA.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\XfHoHCG.exe
  C:\Windows\System\XfHoHCG.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\exQVPyT.exe
  C:\Windows\System\exQVPyT.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System\WaZBAfo.exe
  C:\Windows\System\WaZBAfo.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\ESooTlQ.exe
  C:\Windows\System\ESooTlQ.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\KVLaRml.exe
  C:\Windows\System\KVLaRml.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\RmQlJDP.exe
  C:\Windows\System\RmQlJDP.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\MWtAWfb.exe
  C:\Windows\System\MWtAWfb.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\eypzGzd.exe
  C:\Windows\System\eypzGzd.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\Rqfwqzh.exe
  C:\Windows\System\Rqfwqzh.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\BqZIbiS.exe
  C:\Windows\System\BqZIbiS.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\grDDane.exe
  C:\Windows\System\grDDane.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\CVoFPAQ.exe
  C:\Windows\System\CVoFPAQ.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\bljYNeg.exe
  C:\Windows\System\bljYNeg.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\wKrzkXK.exe
  C:\Windows\System\wKrzkXK.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\fABRlDA.exe
  C:\Windows\System\fABRlDA.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\HDgyFMS.exe
  C:\Windows\System\HDgyFMS.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\CnHqPRo.exe
  C:\Windows\System\CnHqPRo.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\nLwPwkq.exe
  C:\Windows\System\nLwPwkq.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\pKdmYCp.exe
  C:\Windows\System\pKdmYCp.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\UkqHZzu.exe
  C:\Windows\System\UkqHZzu.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\hCWLhdb.exe
  C:\Windows\System\hCWLhdb.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\euXtfjm.exe
  C:\Windows\System\euXtfjm.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\LwmmfnJ.exe
  C:\Windows\System\LwmmfnJ.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\oQyoNow.exe
  C:\Windows\System\oQyoNow.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\BusmsdW.exe
  C:\Windows\System\BusmsdW.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\GGtvsUl.exe
  C:\Windows\System\GGtvsUl.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\kLHdVpU.exe
  C:\Windows\System\kLHdVpU.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\WNNighP.exe
  C:\Windows\System\WNNighP.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\foMFlUm.exe
  C:\Windows\System\foMFlUm.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\aicSxpN.exe
  C:\Windows\System\aicSxpN.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\GwTDanI.exe
  C:\Windows\System\GwTDanI.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\VJnMyRd.exe
  C:\Windows\System\VJnMyRd.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\lCiIUTY.exe
  C:\Windows\System\lCiIUTY.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\qNUTxgU.exe
  C:\Windows\System\qNUTxgU.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\OCeykCw.exe
  C:\Windows\System\OCeykCw.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\RTbkyKy.exe
  C:\Windows\System\RTbkyKy.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\UaKCBPB.exe
  C:\Windows\System\UaKCBPB.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\sJvCYJM.exe
  C:\Windows\System\sJvCYJM.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\zDMuzeB.exe
  C:\Windows\System\zDMuzeB.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\eUQXtFz.exe
  C:\Windows\System\eUQXtFz.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\eRciyqg.exe
  C:\Windows\System\eRciyqg.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\DtFzYwd.exe
  C:\Windows\System\DtFzYwd.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\UQumlVM.exe
  C:\Windows\System\UQumlVM.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\ZAYFZDF.exe
  C:\Windows\System\ZAYFZDF.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\yaOPSkp.exe
  C:\Windows\System\yaOPSkp.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\xDvfHmU.exe
  C:\Windows\System\xDvfHmU.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\jbeBwMm.exe
  C:\Windows\System\jbeBwMm.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\qTolZnB.exe
  C:\Windows\System\qTolZnB.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\CzHDFHD.exe
  C:\Windows\System\CzHDFHD.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\HilIjjD.exe
  C:\Windows\System\HilIjjD.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\jMvhApt.exe
  C:\Windows\System\jMvhApt.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\cCsCEvu.exe
  C:\Windows\System\cCsCEvu.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\LUqiPBH.exe
  C:\Windows\System\LUqiPBH.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\hvwEvcO.exe
  C:\Windows\System\hvwEvcO.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\vnKQDZs.exe
  C:\Windows\System\vnKQDZs.exe
  2⤵
  PID:4284
- C:\Windows\System\HZjzlHo.exe
  C:\Windows\System\HZjzlHo.exe
  2⤵
  PID:684
- C:\Windows\System\QoGaAVS.exe
  C:\Windows\System\QoGaAVS.exe
  2⤵
  PID:1252
- C:\Windows\System\YbSBzRF.exe
  C:\Windows\System\YbSBzRF.exe
  2⤵
  PID:2616
- C:\Windows\System\ZvJTikJ.exe
  C:\Windows\System\ZvJTikJ.exe
  2⤵
  PID:1760
- C:\Windows\System\CyifZFG.exe
  C:\Windows\System\CyifZFG.exe
  2⤵
  PID:2140
- C:\Windows\System\OqALpsV.exe
  C:\Windows\System\OqALpsV.exe
  2⤵
  PID:4464
- C:\Windows\System\YoLEvff.exe
  C:\Windows\System\YoLEvff.exe
  2⤵
  PID:2004
- C:\Windows\System\jACiMCg.exe
  C:\Windows\System\jACiMCg.exe
  2⤵
  PID:2344
- C:\Windows\System\rPxaDvC.exe
  C:\Windows\System\rPxaDvC.exe
  2⤵
  PID:2380
- C:\Windows\System\vSDCizn.exe
  C:\Windows\System\vSDCizn.exe
  2⤵
  PID:3736
- C:\Windows\System\UXdwdLC.exe
  C:\Windows\System\UXdwdLC.exe
  2⤵
  PID:1432
- C:\Windows\System\oQpipda.exe
  C:\Windows\System\oQpipda.exe
  2⤵
  PID:3996
- C:\Windows\System\UoRAYWv.exe
  C:\Windows\System\UoRAYWv.exe
  2⤵
  PID:4916
- C:\Windows\System\FFdxXgx.exe
  C:\Windows\System\FFdxXgx.exe
  2⤵
  PID:920
- C:\Windows\System\iuGadEF.exe
  C:\Windows\System\iuGadEF.exe
  2⤵
  PID:3428
- C:\Windows\System\wZPGvMf.exe
  C:\Windows\System\wZPGvMf.exe
  2⤵
  PID:4708
- C:\Windows\System\qKMrHea.exe
  C:\Windows\System\qKMrHea.exe
  2⤵
  PID:2664
- C:\Windows\System\jIKQRBc.exe
  C:\Windows\System\jIKQRBc.exe
  2⤵
  PID:5052
- C:\Windows\System\HCljAPM.exe
  C:\Windows\System\HCljAPM.exe
  2⤵
  PID:4476
- C:\Windows\System\vHYkpZd.exe
  C:\Windows\System\vHYkpZd.exe
  2⤵
  PID:1160
- C:\Windows\System\yoMjHjW.exe
  C:\Windows\System\yoMjHjW.exe
  2⤵
  PID:4964
- C:\Windows\System\VUvqYNN.exe
  C:\Windows\System\VUvqYNN.exe
  2⤵
  PID:5132
- C:\Windows\System\XysCUBs.exe
  C:\Windows\System\XysCUBs.exe
  2⤵
  PID:5164
- C:\Windows\System\WokQHGQ.exe
  C:\Windows\System\WokQHGQ.exe
  2⤵
  PID:5188
- C:\Windows\System\wRoaOWk.exe
  C:\Windows\System\wRoaOWk.exe
  2⤵
  PID:5220
- C:\Windows\System\kpeTlIV.exe
  C:\Windows\System\kpeTlIV.exe
  2⤵
  PID:5248
- C:\Windows\System\LWtNBJA.exe
  C:\Windows\System\LWtNBJA.exe
  2⤵
  PID:5276
- C:\Windows\System\oTsajmq.exe
  C:\Windows\System\oTsajmq.exe
  2⤵
  PID:5304
- C:\Windows\System\GzfFcJU.exe
  C:\Windows\System\GzfFcJU.exe
  2⤵
  PID:5332
- C:\Windows\System\VrqeNOJ.exe
  C:\Windows\System\VrqeNOJ.exe
  2⤵
  PID:5360
- C:\Windows\System\fAXAMwT.exe
  C:\Windows\System\fAXAMwT.exe
  2⤵
  PID:5388
- C:\Windows\System\vBcWPRO.exe
  C:\Windows\System\vBcWPRO.exe
  2⤵
  PID:5412
- C:\Windows\System\UYZlumC.exe
  C:\Windows\System\UYZlumC.exe
  2⤵
  PID:5448
- C:\Windows\System\ooiFCZx.exe
  C:\Windows\System\ooiFCZx.exe
  2⤵
  PID:5476
- C:\Windows\System\ePkSvRu.exe
  C:\Windows\System\ePkSvRu.exe
  2⤵
  PID:5504
- C:\Windows\System\hEAXbqc.exe
  C:\Windows\System\hEAXbqc.exe
  2⤵
  PID:5532
- C:\Windows\System\GzGLfWm.exe
  C:\Windows\System\GzGLfWm.exe
  2⤵
  PID:5556
- C:\Windows\System\BTJrMZR.exe
  C:\Windows\System\BTJrMZR.exe
  2⤵
  PID:5592
- C:\Windows\System\ZTOmxfF.exe
  C:\Windows\System\ZTOmxfF.exe
  2⤵
  PID:5624
- C:\Windows\System\NkTKgQz.exe
  C:\Windows\System\NkTKgQz.exe
  2⤵
  PID:5652
- C:\Windows\System\SthLLci.exe
  C:\Windows\System\SthLLci.exe
  2⤵
  PID:5680
- C:\Windows\System\MqAETOj.exe
  C:\Windows\System\MqAETOj.exe
  2⤵
  PID:5708
- C:\Windows\System\iDKMyzM.exe
  C:\Windows\System\iDKMyzM.exe
  2⤵
  PID:5736
- C:\Windows\System\qwKfbFP.exe
  C:\Windows\System\qwKfbFP.exe
  2⤵
  PID:5764
- C:\Windows\System\PdZmKBG.exe
  C:\Windows\System\PdZmKBG.exe
  2⤵
  PID:5792
- C:\Windows\System\rqfhkNg.exe
  C:\Windows\System\rqfhkNg.exe
  2⤵
  PID:5808
- C:\Windows\System\hiDdAVu.exe
  C:\Windows\System\hiDdAVu.exe
  2⤵
  PID:5848
- C:\Windows\System\IAdgqfs.exe
  C:\Windows\System\IAdgqfs.exe
  2⤵
  PID:5876
- C:\Windows\System\swfAVlB.exe
  C:\Windows\System\swfAVlB.exe
  2⤵
  PID:5904
- C:\Windows\System\qzzeImB.exe
  C:\Windows\System\qzzeImB.exe
  2⤵
  PID:5932
- C:\Windows\System\JZMxmeC.exe
  C:\Windows\System\JZMxmeC.exe
  2⤵
  PID:5960
- C:\Windows\System\uyhmgOW.exe
  C:\Windows\System\uyhmgOW.exe
  2⤵
  PID:5988
- C:\Windows\System\NuvmzXH.exe
  C:\Windows\System\NuvmzXH.exe
  2⤵
  PID:6016
- C:\Windows\System\yjyjgBM.exe
  C:\Windows\System\yjyjgBM.exe
  2⤵
  PID:6044
- C:\Windows\System\yHcPChX.exe
  C:\Windows\System\yHcPChX.exe
  2⤵
  PID:6064
- C:\Windows\System\UgymJJU.exe
  C:\Windows\System\UgymJJU.exe
  2⤵
  PID:6104
- C:\Windows\System\tPVUGVe.exe
  C:\Windows\System\tPVUGVe.exe
  2⤵
  PID:6136
- C:\Windows\System\kLdjvqq.exe
  C:\Windows\System\kLdjvqq.exe
  2⤵
  PID:1328
- C:\Windows\System\ZinPLaI.exe
  C:\Windows\System\ZinPLaI.exe
  2⤵
  PID:3200
- C:\Windows\System\EOmidGo.exe
  C:\Windows\System\EOmidGo.exe
  2⤵
  PID:5216
- C:\Windows\System\POxGLDO.exe
  C:\Windows\System\POxGLDO.exe
  2⤵
  PID:1796
- C:\Windows\System\bQNysKZ.exe
  C:\Windows\System\bQNysKZ.exe
  2⤵
  PID:5340
- C:\Windows\System\OzWCoIe.exe
  C:\Windows\System\OzWCoIe.exe
  2⤵
  PID:5404
- C:\Windows\System\frgcNnV.exe
  C:\Windows\System\frgcNnV.exe
  2⤵
  PID:5468
- C:\Windows\System\YOmdlOX.exe
  C:\Windows\System\YOmdlOX.exe
  2⤵
  PID:5544
- C:\Windows\System\FGQGseq.exe
  C:\Windows\System\FGQGseq.exe
  2⤵
  PID:5612
- C:\Windows\System\sDvgziN.exe
  C:\Windows\System\sDvgziN.exe
  2⤵
  PID:5704
- C:\Windows\System\yhQzxAY.exe
  C:\Windows\System\yhQzxAY.exe
  2⤵
  PID:5760
- C:\Windows\System\eHmzKas.exe
  C:\Windows\System\eHmzKas.exe
  2⤵
  PID:5828
- C:\Windows\System\vSuSYfG.exe
  C:\Windows\System\vSuSYfG.exe
  2⤵
  PID:5424
- C:\Windows\System\RBJpSWf.exe
  C:\Windows\System\RBJpSWf.exe
  2⤵
  PID:5956
- C:\Windows\System\MgvnOFU.exe
  C:\Windows\System\MgvnOFU.exe
  2⤵
  PID:6028
- C:\Windows\System\vNwnVZV.exe
  C:\Windows\System\vNwnVZV.exe
  2⤵
  PID:6088
- C:\Windows\System\FgCMdOc.exe
  C:\Windows\System\FgCMdOc.exe
  2⤵
  PID:5100
- C:\Windows\System\buILOkA.exe
  C:\Windows\System\buILOkA.exe
  2⤵
  PID:5212
- C:\Windows\System\JSQjmmK.exe
  C:\Windows\System\JSQjmmK.exe
  2⤵
  PID:5376
- C:\Windows\System\APgYDTI.exe
  C:\Windows\System\APgYDTI.exe
  2⤵
  PID:5552
- C:\Windows\System\sQkvQOs.exe
  C:\Windows\System\sQkvQOs.exe
  2⤵
  PID:3016
- C:\Windows\System\qOIgRna.exe
  C:\Windows\System\qOIgRna.exe
  2⤵
  PID:5648
- C:\Windows\System\emvHrla.exe
  C:\Windows\System\emvHrla.exe
  2⤵
  PID:5716
- C:\Windows\System\wuKhpXg.exe
  C:\Windows\System\wuKhpXg.exe
  2⤵
  PID:5804
- C:\Windows\System\zvEcRZl.exe
  C:\Windows\System\zvEcRZl.exe
  2⤵
  PID:6024
- C:\Windows\System\GdDxXYZ.exe
  C:\Windows\System\GdDxXYZ.exe
  2⤵
  PID:6076
- C:\Windows\System\gElKFlH.exe
  C:\Windows\System\gElKFlH.exe
  2⤵
  PID:5196
- C:\Windows\System\ntCgNfk.exe
  C:\Windows\System\ntCgNfk.exe
  2⤵
  PID:5564
- C:\Windows\System\TuIYqVi.exe
  C:\Windows\System\TuIYqVi.exe
  2⤵
  PID:1768
- C:\Windows\System\uKtOZug.exe
  C:\Windows\System\uKtOZug.exe
  2⤵
  PID:5872
- C:\Windows\System\OKBWbdJ.exe
  C:\Windows\System\OKBWbdJ.exe
  2⤵
  PID:5312
- C:\Windows\System\zDTYDbc.exe
  C:\Windows\System\zDTYDbc.exe
  2⤵
  PID:5732
- C:\Windows\System\FMOefdz.exe
  C:\Windows\System\FMOefdz.exe
  2⤵
  PID:1280
- C:\Windows\System\IDbFEmG.exe
  C:\Windows\System\IDbFEmG.exe
  2⤵
  PID:6152
- C:\Windows\System\vIPvTom.exe
  C:\Windows\System\vIPvTom.exe
  2⤵
  PID:6184
- C:\Windows\System\EEhyemF.exe
  C:\Windows\System\EEhyemF.exe
  2⤵
  PID:6212
- C:\Windows\System\WNIJLUL.exe
  C:\Windows\System\WNIJLUL.exe
  2⤵
  PID:6228
- C:\Windows\System\EivkpgK.exe
  C:\Windows\System\EivkpgK.exe
  2⤵
  PID:6268
- C:\Windows\System\DRxKbrS.exe
  C:\Windows\System\DRxKbrS.exe
  2⤵
  PID:6284
- C:\Windows\System\KdkXBra.exe
  C:\Windows\System\KdkXBra.exe
  2⤵
  PID:6316
- C:\Windows\System\qCjtEvh.exe
  C:\Windows\System\qCjtEvh.exe
  2⤵
  PID:6344
- C:\Windows\System\yegxwlW.exe
  C:\Windows\System\yegxwlW.exe
  2⤵
  PID:6384
- C:\Windows\System\ZARJDNG.exe
  C:\Windows\System\ZARJDNG.exe
  2⤵
  PID:6428
- C:\Windows\System\qDkjxHN.exe
  C:\Windows\System\qDkjxHN.exe
  2⤵
  PID:6460
- C:\Windows\System\vczgvqY.exe
  C:\Windows\System\vczgvqY.exe
  2⤵
  PID:6496
- C:\Windows\System\UsYAGPa.exe
  C:\Windows\System\UsYAGPa.exe
  2⤵
  PID:6524
- C:\Windows\System\sdKAVJZ.exe
  C:\Windows\System\sdKAVJZ.exe
  2⤵
  PID:6552
- C:\Windows\System\uhCLxBA.exe
  C:\Windows\System\uhCLxBA.exe
  2⤵
  PID:6580
- C:\Windows\System\tLlZXsH.exe
  C:\Windows\System\tLlZXsH.exe
  2⤵
  PID:6604
- C:\Windows\System\LQmZmvQ.exe
  C:\Windows\System\LQmZmvQ.exe
  2⤵
  PID:6632
- C:\Windows\System\kTBufXX.exe
  C:\Windows\System\kTBufXX.exe
  2⤵
  PID:6664
- C:\Windows\System\BydDhFK.exe
  C:\Windows\System\BydDhFK.exe
  2⤵
  PID:6700
- C:\Windows\System\XftGuIn.exe
  C:\Windows\System\XftGuIn.exe
  2⤵
  PID:6732
- C:\Windows\System\IkzBAnx.exe
  C:\Windows\System\IkzBAnx.exe
  2⤵
  PID:6764
- C:\Windows\System\JkMQLQD.exe
  C:\Windows\System\JkMQLQD.exe
  2⤵
  PID:6792
- C:\Windows\System\McFiVbk.exe
  C:\Windows\System\McFiVbk.exe
  2⤵
  PID:6816
- C:\Windows\System\YCiPWbX.exe
  C:\Windows\System\YCiPWbX.exe
  2⤵
  PID:6844
- C:\Windows\System\hKhnzbP.exe
  C:\Windows\System\hKhnzbP.exe
  2⤵
  PID:6876
- C:\Windows\System\vZIylqK.exe
  C:\Windows\System\vZIylqK.exe
  2⤵
  PID:6904
- C:\Windows\System\zqQzHzU.exe
  C:\Windows\System\zqQzHzU.exe
  2⤵
  PID:6932
- C:\Windows\System\CSMaVHD.exe
  C:\Windows\System\CSMaVHD.exe
  2⤵
  PID:6964
- C:\Windows\System\qHJIFfM.exe
  C:\Windows\System\qHJIFfM.exe
  2⤵
  PID:6980
- C:\Windows\System\Svklpej.exe
  C:\Windows\System\Svklpej.exe
  2⤵
  PID:7012
- C:\Windows\System\oAWwjoU.exe
  C:\Windows\System\oAWwjoU.exe
  2⤵
  PID:7044
- C:\Windows\System\sMKsKOn.exe
  C:\Windows\System\sMKsKOn.exe
  2⤵
  PID:7072
- C:\Windows\System\oYOhiNA.exe
  C:\Windows\System\oYOhiNA.exe
  2⤵
  PID:7092
- C:\Windows\System\AnAgftc.exe
  C:\Windows\System\AnAgftc.exe
  2⤵
  PID:7128
- C:\Windows\System\sEUxlie.exe
  C:\Windows\System\sEUxlie.exe
  2⤵
  PID:6180
- C:\Windows\System\AuNkvwT.exe
  C:\Windows\System\AuNkvwT.exe
  2⤵
  PID:6248
- C:\Windows\System\abMYOvv.exe
  C:\Windows\System\abMYOvv.exe
  2⤵
  PID:6312
- C:\Windows\System\XKrDSFt.exe
  C:\Windows\System\XKrDSFt.exe
  2⤵
  PID:6372
- C:\Windows\System\UntcxIc.exe
  C:\Windows\System\UntcxIc.exe
  2⤵
  PID:6476
- C:\Windows\System\tEtuhND.exe
  C:\Windows\System\tEtuhND.exe
  2⤵
  PID:6544
- C:\Windows\System\sVyaBqN.exe
  C:\Windows\System\sVyaBqN.exe
  2⤵
  PID:6620
- C:\Windows\System\JkysMyJ.exe
  C:\Windows\System\JkysMyJ.exe
  2⤵
  PID:6680
- C:\Windows\System\OeQapvT.exe
  C:\Windows\System\OeQapvT.exe
  2⤵
  PID:6724
- C:\Windows\System\HNVZlbr.exe
  C:\Windows\System\HNVZlbr.exe
  2⤵
  PID:6828
- C:\Windows\System\VKDDqTd.exe
  C:\Windows\System\VKDDqTd.exe
  2⤵
  PID:6912
- C:\Windows\System\qTKmaps.exe
  C:\Windows\System\qTKmaps.exe
  2⤵
  PID:6992
- C:\Windows\System\zITtneL.exe
  C:\Windows\System\zITtneL.exe
  2⤵
  PID:7060
- C:\Windows\System\taZgVXQ.exe
  C:\Windows\System\taZgVXQ.exe
  2⤵
  PID:7112
- C:\Windows\System\akEhuOu.exe
  C:\Windows\System\akEhuOu.exe
  2⤵
  PID:5076
- C:\Windows\System\QNMWEhL.exe
  C:\Windows\System\QNMWEhL.exe
  2⤵
  PID:6264
- C:\Windows\System\IZUWNRy.exe
  C:\Windows\System\IZUWNRy.exe
  2⤵
  PID:6508
- C:\Windows\System\skNonVz.exe
  C:\Windows\System\skNonVz.exe
  2⤵
  PID:4780
- C:\Windows\System\cCBapww.exe
  C:\Windows\System\cCBapww.exe
  2⤵
  PID:3756
- C:\Windows\System\DBcTNud.exe
  C:\Windows\System\DBcTNud.exe
  2⤵
  PID:6944
- C:\Windows\System\BmTDEWc.exe
  C:\Windows\System\BmTDEWc.exe
  2⤵
  PID:1056
- C:\Windows\System\bhzmuwU.exe
  C:\Windows\System\bhzmuwU.exe
  2⤵
  PID:4396
- C:\Windows\System\xZiPpmG.exe
  C:\Windows\System\xZiPpmG.exe
  2⤵
  PID:6516
- C:\Windows\System\AphmKkK.exe
  C:\Windows\System\AphmKkK.exe
  2⤵
  PID:6872
- C:\Windows\System\AkCsWrF.exe
  C:\Windows\System\AkCsWrF.exe
  2⤵
  PID:3680
- C:\Windows\System\OqKJCUP.exe
  C:\Windows\System\OqKJCUP.exe
  2⤵
  PID:7036
- C:\Windows\System\PzWTXMG.exe
  C:\Windows\System\PzWTXMG.exe
  2⤵
  PID:6924
- C:\Windows\System\KqnriNp.exe
  C:\Windows\System\KqnriNp.exe
  2⤵
  PID:7084
- C:\Windows\System\ZNuGcxK.exe
  C:\Windows\System\ZNuGcxK.exe
  2⤵
  PID:6472
- C:\Windows\System\EytKadL.exe
  C:\Windows\System\EytKadL.exe
  2⤵
  PID:7176
- C:\Windows\System\KynBKjI.exe
  C:\Windows\System\KynBKjI.exe
  2⤵
  PID:7208
- C:\Windows\System\wuVJTpG.exe
  C:\Windows\System\wuVJTpG.exe
  2⤵
  PID:7240
- C:\Windows\System\fzkqrbv.exe
  C:\Windows\System\fzkqrbv.exe
  2⤵
  PID:7268
- C:\Windows\System\beErEFt.exe
  C:\Windows\System\beErEFt.exe
  2⤵
  PID:7300
- C:\Windows\System\HQOxvpm.exe
  C:\Windows\System\HQOxvpm.exe
  2⤵
  PID:7328
- C:\Windows\System\kGrBFhO.exe
  C:\Windows\System\kGrBFhO.exe
  2⤵
  PID:7352
- C:\Windows\System\TaXjDRM.exe
  C:\Windows\System\TaXjDRM.exe
  2⤵
  PID:7384
- C:\Windows\System\LHYCDDA.exe
  C:\Windows\System\LHYCDDA.exe
  2⤵
  PID:7412
- C:\Windows\System\qDaTgdu.exe
  C:\Windows\System\qDaTgdu.exe
  2⤵
  PID:7440
- C:\Windows\System\gplteWx.exe
  C:\Windows\System\gplteWx.exe
  2⤵
  PID:7468
- C:\Windows\System\aEwmaMH.exe
  C:\Windows\System\aEwmaMH.exe
  2⤵
  PID:7496
- C:\Windows\System\qAzpkoa.exe
  C:\Windows\System\qAzpkoa.exe
  2⤵
  PID:7528
- C:\Windows\System\MJqesxd.exe
  C:\Windows\System\MJqesxd.exe
  2⤵
  PID:7556
- C:\Windows\System\txJllnb.exe
  C:\Windows\System\txJllnb.exe
  2⤵
  PID:7580
- C:\Windows\System\VZjcQYs.exe
  C:\Windows\System\VZjcQYs.exe
  2⤵
  PID:7612
- C:\Windows\System\ZHmnfgy.exe
  C:\Windows\System\ZHmnfgy.exe
  2⤵
  PID:7632
- C:\Windows\System\MrnoBOY.exe
  C:\Windows\System\MrnoBOY.exe
  2⤵
  PID:7668
- C:\Windows\System\FFMhPbC.exe
  C:\Windows\System\FFMhPbC.exe
  2⤵
  PID:7696
- C:\Windows\System\UBSHvkF.exe
  C:\Windows\System\UBSHvkF.exe
  2⤵
  PID:7716
- C:\Windows\System\HPtzDmG.exe
  C:\Windows\System\HPtzDmG.exe
  2⤵
  PID:7752
- C:\Windows\System\eiSbxve.exe
  C:\Windows\System\eiSbxve.exe
  2⤵
  PID:7784
- C:\Windows\System\YigwrtC.exe
  C:\Windows\System\YigwrtC.exe
  2⤵
  PID:7812
- C:\Windows\System\SsiICbB.exe
  C:\Windows\System\SsiICbB.exe
  2⤵
  PID:7844
- C:\Windows\System\UhUKtDi.exe
  C:\Windows\System\UhUKtDi.exe
  2⤵
  PID:7876
- C:\Windows\System\kWzYSZw.exe
  C:\Windows\System\kWzYSZw.exe
  2⤵
  PID:7900
- C:\Windows\System\awicSbo.exe
  C:\Windows\System\awicSbo.exe
  2⤵
  PID:7932
- C:\Windows\System\YQXyJEd.exe
  C:\Windows\System\YQXyJEd.exe
  2⤵
  PID:7960
- C:\Windows\System\TDjIRwZ.exe
  C:\Windows\System\TDjIRwZ.exe
  2⤵
  PID:7992
- C:\Windows\System\AABeReW.exe
  C:\Windows\System\AABeReW.exe
  2⤵
  PID:8020
- C:\Windows\System\dsHcTQY.exe
  C:\Windows\System\dsHcTQY.exe
  2⤵
  PID:8048
- C:\Windows\System\RMjuJmt.exe
  C:\Windows\System\RMjuJmt.exe
  2⤵
  PID:8076
- C:\Windows\System\ykGLNhS.exe
  C:\Windows\System\ykGLNhS.exe
  2⤵
  PID:8108
- C:\Windows\System\sduqkRf.exe
  C:\Windows\System\sduqkRf.exe
  2⤵
  PID:8132
- C:\Windows\System\adOGhft.exe
  C:\Windows\System\adOGhft.exe
  2⤵
  PID:8152
- C:\Windows\System\hwpmJVl.exe
  C:\Windows\System\hwpmJVl.exe
  2⤵
  PID:8188
- C:\Windows\System\CCkZSJl.exe
  C:\Windows\System\CCkZSJl.exe
  2⤵
  PID:7232
- C:\Windows\System\sDRIosy.exe
  C:\Windows\System\sDRIosy.exe
  2⤵
  PID:7288
- C:\Windows\System\FqYyhTM.exe
  C:\Windows\System\FqYyhTM.exe
  2⤵
  PID:7336
- C:\Windows\System\OgTcnUa.exe
  C:\Windows\System\OgTcnUa.exe
  2⤵
  PID:7400
- C:\Windows\System\nxqQOyW.exe
  C:\Windows\System\nxqQOyW.exe
  2⤵
  PID:7460
- C:\Windows\System\JRbsSft.exe
  C:\Windows\System\JRbsSft.exe
  2⤵
  PID:7540
- C:\Windows\System\TnQaoWr.exe
  C:\Windows\System\TnQaoWr.exe
  2⤵
  PID:7656
- C:\Windows\System\TPvNHcx.exe
  C:\Windows\System\TPvNHcx.exe
  2⤵
  PID:7740
- C:\Windows\System\tpuveir.exe
  C:\Windows\System\tpuveir.exe
  2⤵
  PID:7820
- C:\Windows\System\LUtmaWR.exe
  C:\Windows\System\LUtmaWR.exe
  2⤵
  PID:7860
- C:\Windows\System\lDLdFAU.exe
  C:\Windows\System\lDLdFAU.exe
  2⤵
  PID:7952
- C:\Windows\System\kOitDoF.exe
  C:\Windows\System\kOitDoF.exe
  2⤵
  PID:8028
- C:\Windows\System\xFsEVGp.exe
  C:\Windows\System\xFsEVGp.exe
  2⤵
  PID:8096
- C:\Windows\System\SsmCojL.exe
  C:\Windows\System\SsmCojL.exe
  2⤵
  PID:8172
- C:\Windows\System\OXiyDie.exe
  C:\Windows\System\OXiyDie.exe
  2⤵
  PID:7280
- C:\Windows\System\BdysKOX.exe
  C:\Windows\System\BdysKOX.exe
  2⤵
  PID:7424
- C:\Windows\System\VjQEdst.exe
  C:\Windows\System\VjQEdst.exe
  2⤵
  PID:7644
- C:\Windows\System\VyauLQr.exe
  C:\Windows\System\VyauLQr.exe
  2⤵
  PID:7144
- C:\Windows\System\WOnyCUT.exe
  C:\Windows\System\WOnyCUT.exe
  2⤵
  PID:7148
- C:\Windows\System\pepqrjy.exe
  C:\Windows\System\pepqrjy.exe
  2⤵
  PID:7852
- C:\Windows\System\JggtTAt.exe
  C:\Windows\System\JggtTAt.exe
  2⤵
  PID:7980
- C:\Windows\System\GwnzOLb.exe
  C:\Windows\System\GwnzOLb.exe
  2⤵
  PID:7184
- C:\Windows\System\qyVqDMO.exe
  C:\Windows\System\qyVqDMO.exe
  2⤵
  PID:7368
- C:\Windows\System\GqfviEK.exe
  C:\Windows\System\GqfviEK.exe
  2⤵
  PID:7708
- C:\Windows\System\moHQJjf.exe
  C:\Windows\System\moHQJjf.exe
  2⤵
  PID:7916
- C:\Windows\System\zvTOhld.exe
  C:\Windows\System\zvTOhld.exe
  2⤵
  PID:7504
- C:\Windows\System\zMvvQkx.exe
  C:\Windows\System\zMvvQkx.exe
  2⤵
  PID:8116
- C:\Windows\System\hIBCyaJ.exe
  C:\Windows\System\hIBCyaJ.exe
  2⤵
  PID:8196
- C:\Windows\System\yJzbSXQ.exe
  C:\Windows\System\yJzbSXQ.exe
  2⤵
  PID:8224
- C:\Windows\System\MMwALpB.exe
  C:\Windows\System\MMwALpB.exe
  2⤵
  PID:8248
- C:\Windows\System\sbLgvMh.exe
  C:\Windows\System\sbLgvMh.exe
  2⤵
  PID:8284
- C:\Windows\System\WgCmmFo.exe
  C:\Windows\System\WgCmmFo.exe
  2⤵
  PID:8308
- C:\Windows\System\BxhMQXC.exe
  C:\Windows\System\BxhMQXC.exe
  2⤵
  PID:8340
- C:\Windows\System\tWpItJQ.exe
  C:\Windows\System\tWpItJQ.exe
  2⤵
  PID:8368
- C:\Windows\System\ySGCuDx.exe
  C:\Windows\System\ySGCuDx.exe
  2⤵
  PID:8396
- C:\Windows\System\SDxfbKv.exe
  C:\Windows\System\SDxfbKv.exe
  2⤵
  PID:8428
- C:\Windows\System\nhZVmRU.exe
  C:\Windows\System\nhZVmRU.exe
  2⤵
  PID:8456
- C:\Windows\System\AvRUWGq.exe
  C:\Windows\System\AvRUWGq.exe
  2⤵
  PID:8484
- C:\Windows\System\VStZPBC.exe
  C:\Windows\System\VStZPBC.exe
  2⤵
  PID:8512
- C:\Windows\System\AoyIuuk.exe
  C:\Windows\System\AoyIuuk.exe
  2⤵
  PID:8540
- C:\Windows\System\mxhljVs.exe
  C:\Windows\System\mxhljVs.exe
  2⤵
  PID:8568
- C:\Windows\System\EnnGSJh.exe
  C:\Windows\System\EnnGSJh.exe
  2⤵
  PID:8596
- C:\Windows\System\SGfVXRB.exe
  C:\Windows\System\SGfVXRB.exe
  2⤵
  PID:8624
- C:\Windows\System\ytPafti.exe
  C:\Windows\System\ytPafti.exe
  2⤵
  PID:8652
- C:\Windows\System\gIuaQbi.exe
  C:\Windows\System\gIuaQbi.exe
  2⤵
  PID:8680
- C:\Windows\System\HUGrCVb.exe
  C:\Windows\System\HUGrCVb.exe
  2⤵
  PID:8704
- C:\Windows\System\AQPCMqO.exe
  C:\Windows\System\AQPCMqO.exe
  2⤵
  PID:8736
- C:\Windows\System\AmJKTjg.exe
  C:\Windows\System\AmJKTjg.exe
  2⤵
  PID:8764
- C:\Windows\System\ogOHWRw.exe
  C:\Windows\System\ogOHWRw.exe
  2⤵
  PID:8792
- C:\Windows\System\WNBJPus.exe
  C:\Windows\System\WNBJPus.exe
  2⤵
  PID:8820
- C:\Windows\System\yDyblKk.exe
  C:\Windows\System\yDyblKk.exe
  2⤵
  PID:8840
- C:\Windows\System\LEvcIBT.exe
  C:\Windows\System\LEvcIBT.exe
  2⤵
  PID:8876
- C:\Windows\System\fodJIhc.exe
  C:\Windows\System\fodJIhc.exe
  2⤵
  PID:8904
- C:\Windows\System\tgDQYux.exe
  C:\Windows\System\tgDQYux.exe
  2⤵
  PID:8932
- C:\Windows\System\ICkrfzk.exe
  C:\Windows\System\ICkrfzk.exe
  2⤵
  PID:8960
- C:\Windows\System\jZfJeIS.exe
  C:\Windows\System\jZfJeIS.exe
  2⤵
  PID:8988
- C:\Windows\System\dCUJfev.exe
  C:\Windows\System\dCUJfev.exe
  2⤵
  PID:9016
- C:\Windows\System\pQGdGYq.exe
  C:\Windows\System\pQGdGYq.exe
  2⤵
  PID:9048
- C:\Windows\System\IDMuIae.exe
  C:\Windows\System\IDMuIae.exe
  2⤵
  PID:9076
- C:\Windows\System\FMUowGy.exe
  C:\Windows\System\FMUowGy.exe
  2⤵
  PID:9104
- C:\Windows\System\vZbmFWG.exe
  C:\Windows\System\vZbmFWG.exe
  2⤵
  PID:9132
- C:\Windows\System\sHZbAQW.exe
  C:\Windows\System\sHZbAQW.exe
  2⤵
  PID:9160
- C:\Windows\System\bqrugTp.exe
  C:\Windows\System\bqrugTp.exe
  2⤵
  PID:9180
- C:\Windows\System\LjLvXFg.exe
  C:\Windows\System\LjLvXFg.exe
  2⤵
  PID:9208
- C:\Windows\System\QoEOTvm.exe
  C:\Windows\System\QoEOTvm.exe
  2⤵
  PID:8256
- C:\Windows\System\NzepTaT.exe
  C:\Windows\System\NzepTaT.exe
  2⤵
  PID:8296
- C:\Windows\System\bBGPbJk.exe
  C:\Windows\System\bBGPbJk.exe
  2⤵
  PID:8376
- C:\Windows\System\LBpVltW.exe
  C:\Windows\System\LBpVltW.exe
  2⤵
  PID:8440
- C:\Windows\System\gLmvcFj.exe
  C:\Windows\System\gLmvcFj.exe
  2⤵
  PID:8492
- C:\Windows\System\HMxoSDx.exe
  C:\Windows\System\HMxoSDx.exe
  2⤵
  PID:8556
- C:\Windows\System\XqqWZcD.exe
  C:\Windows\System\XqqWZcD.exe
  2⤵
  PID:8636
- C:\Windows\System\IynmoJm.exe
  C:\Windows\System\IynmoJm.exe
  2⤵
  PID:8696
- C:\Windows\System\bIYJBaX.exe
  C:\Windows\System\bIYJBaX.exe
  2⤵
  PID:8772
- C:\Windows\System\rxCyKPq.exe
  C:\Windows\System\rxCyKPq.exe
  2⤵
  PID:8832
- C:\Windows\System\EiRerYo.exe
  C:\Windows\System\EiRerYo.exe
  2⤵
  PID:8888
- C:\Windows\System\BUglaIu.exe
  C:\Windows\System\BUglaIu.exe
  2⤵
  PID:8948
- C:\Windows\System\jEKOifg.exe
  C:\Windows\System\jEKOifg.exe
  2⤵
  PID:9024
- C:\Windows\System\SeKrQgc.exe
  C:\Windows\System\SeKrQgc.exe
  2⤵
  PID:9084
- C:\Windows\System\ieVAaKH.exe
  C:\Windows\System\ieVAaKH.exe
  2⤵
  PID:9148
- C:\Windows\System\zPqZRoI.exe
  C:\Windows\System\zPqZRoI.exe
  2⤵
  PID:8204
- C:\Windows\System\uTQHdKD.exe
  C:\Windows\System\uTQHdKD.exe
  2⤵
  PID:8324
- C:\Windows\System\pKrEZlZ.exe
  C:\Windows\System\pKrEZlZ.exe
  2⤵
  PID:8520
- C:\Windows\System\ZRAhaVJ.exe
  C:\Windows\System\ZRAhaVJ.exe
  2⤵
  PID:8664
- C:\Windows\System\ImiTwiJ.exe
  C:\Windows\System\ImiTwiJ.exe
  2⤵
  PID:8800
- C:\Windows\System\lTWaRLT.exe
  C:\Windows\System\lTWaRLT.exe
  2⤵
  PID:9028
- C:\Windows\System\LNqCVtX.exe
  C:\Windows\System\LNqCVtX.exe
  2⤵
  PID:9092
- C:\Windows\System\EWpYVnM.exe
  C:\Windows\System\EWpYVnM.exe
  2⤵
  PID:8264
- C:\Windows\System\lFPJBAq.exe
  C:\Windows\System\lFPJBAq.exe
  2⤵
  PID:8604
- C:\Windows\System\GhcvrPu.exe
  C:\Windows\System\GhcvrPu.exe
  2⤵
  PID:8912
- C:\Windows\System\hfjZQEp.exe
  C:\Windows\System\hfjZQEp.exe
  2⤵
  PID:8464
- C:\Windows\System\QIJLsYY.exe
  C:\Windows\System\QIJLsYY.exe
  2⤵
  PID:9140
- C:\Windows\System\YivPFdO.exe
  C:\Windows\System\YivPFdO.exe
  2⤵
  PID:8852
- C:\Windows\System\fABNayz.exe
  C:\Windows\System\fABNayz.exe
  2⤵
  PID:9244
- C:\Windows\System\ibcSOua.exe
  C:\Windows\System\ibcSOua.exe
  2⤵
  PID:9272
- C:\Windows\System\CFsQYMp.exe
  C:\Windows\System\CFsQYMp.exe
  2⤵
  PID:9300
- C:\Windows\System\WQFUMCd.exe
  C:\Windows\System\WQFUMCd.exe
  2⤵
  PID:9336
- C:\Windows\System\fLIcONj.exe
  C:\Windows\System\fLIcONj.exe
  2⤵
  PID:9356
- C:\Windows\System\lIUfVjU.exe
  C:\Windows\System\lIUfVjU.exe
  2⤵
  PID:9392
- C:\Windows\System\gIjIBas.exe
  C:\Windows\System\gIjIBas.exe
  2⤵
  PID:9412
- C:\Windows\System\IontjZP.exe
  C:\Windows\System\IontjZP.exe
  2⤵
  PID:9452
- C:\Windows\System\ZvhUumN.exe
  C:\Windows\System\ZvhUumN.exe
  2⤵
  PID:9472
- C:\Windows\System\yIuUPvh.exe
  C:\Windows\System\yIuUPvh.exe
  2⤵
  PID:9500
- C:\Windows\System\tfQrMLl.exe
  C:\Windows\System\tfQrMLl.exe
  2⤵
  PID:9532
- C:\Windows\System\ZKOloHq.exe
  C:\Windows\System\ZKOloHq.exe
  2⤵
  PID:9568
- C:\Windows\System\uBEXuvm.exe
  C:\Windows\System\uBEXuvm.exe
  2⤵
  PID:9596
- C:\Windows\System\moMfFwX.exe
  C:\Windows\System\moMfFwX.exe
  2⤵
  PID:9616
- C:\Windows\System\zKeIUGW.exe
  C:\Windows\System\zKeIUGW.exe
  2⤵
  PID:9644
- C:\Windows\System\ZmQRbVZ.exe
  C:\Windows\System\ZmQRbVZ.exe
  2⤵
  PID:9680
- C:\Windows\System\Zpifdjz.exe
  C:\Windows\System\Zpifdjz.exe
  2⤵
  PID:9704
- C:\Windows\System\FDjBiNW.exe
  C:\Windows\System\FDjBiNW.exe
  2⤵
  PID:9736
- C:\Windows\System\ieNoxOL.exe
  C:\Windows\System\ieNoxOL.exe
  2⤵
  PID:9764
- C:\Windows\System\cJRAJzj.exe
  C:\Windows\System\cJRAJzj.exe
  2⤵
  PID:9784
- C:\Windows\System\iwqxIYe.exe
  C:\Windows\System\iwqxIYe.exe
  2⤵
  PID:9812
- C:\Windows\System\qTYhFuk.exe
  C:\Windows\System\qTYhFuk.exe
  2⤵
  PID:9848
- C:\Windows\System\CNesOYC.exe
  C:\Windows\System\CNesOYC.exe
  2⤵
  PID:9880
- C:\Windows\System\HgcJeiH.exe
  C:\Windows\System\HgcJeiH.exe
  2⤵
  PID:9904
- C:\Windows\System\xLueNUb.exe
  C:\Windows\System\xLueNUb.exe
  2⤵
  PID:9928
- C:\Windows\System\CsYbFgB.exe
  C:\Windows\System\CsYbFgB.exe
  2⤵
  PID:9956
- C:\Windows\System\lhxnhVF.exe
  C:\Windows\System\lhxnhVF.exe
  2⤵
  PID:9980
- C:\Windows\System\eDNTusO.exe
  C:\Windows\System\eDNTusO.exe
  2⤵
  PID:10016
- C:\Windows\System\nXzWUXl.exe
  C:\Windows\System\nXzWUXl.exe
  2⤵
  PID:10036
- C:\Windows\System\ZttRLwH.exe
  C:\Windows\System\ZttRLwH.exe
  2⤵
  PID:10064
- C:\Windows\System\wAHXkzT.exe
  C:\Windows\System\wAHXkzT.exe
  2⤵
  PID:10100
- C:\Windows\System\fFELXMa.exe
  C:\Windows\System\fFELXMa.exe
  2⤵
  PID:10120
- C:\Windows\System\bCHjthM.exe
  C:\Windows\System\bCHjthM.exe
  2⤵
  PID:10156
- C:\Windows\System\dcdCuAp.exe
  C:\Windows\System\dcdCuAp.exe
  2⤵
  PID:10184
- C:\Windows\System\vMBrklm.exe
  C:\Windows\System\vMBrklm.exe
  2⤵
  PID:10212
- C:\Windows\System\lDXPtZu.exe
  C:\Windows\System\lDXPtZu.exe
  2⤵
  PID:10232
- C:\Windows\System\mpxWqND.exe
  C:\Windows\System\mpxWqND.exe
  2⤵
  PID:9292
- C:\Windows\System\BLnrSrm.exe
  C:\Windows\System\BLnrSrm.exe
  2⤵
  PID:9352
- C:\Windows\System\xSSsMUr.exe
  C:\Windows\System\xSSsMUr.exe
  2⤵
  PID:9408
- C:\Windows\System\OmXLztX.exe
  C:\Windows\System\OmXLztX.exe
  2⤵
  PID:9484
- C:\Windows\System\HRSDCHq.exe
  C:\Windows\System\HRSDCHq.exe
  2⤵
  PID:9540
- C:\Windows\System\JktQAcs.exe
  C:\Windows\System\JktQAcs.exe
  2⤵
  PID:9604
- C:\Windows\System\OdcyTtQ.exe
  C:\Windows\System\OdcyTtQ.exe
  2⤵
  PID:9688
- C:\Windows\System\eLePMjf.exe
  C:\Windows\System\eLePMjf.exe
  2⤵
  PID:9748
- C:\Windows\System\xNYhuJG.exe
  C:\Windows\System\xNYhuJG.exe
  2⤵
  PID:9808
- C:\Windows\System\XriIErh.exe
  C:\Windows\System\XriIErh.exe
  2⤵
  PID:9876
- C:\Windows\System\kjpfvwz.exe
  C:\Windows\System\kjpfvwz.exe
  2⤵
  PID:9936
- C:\Windows\System\AXabfHv.exe
  C:\Windows\System\AXabfHv.exe
  2⤵
  PID:9992
- C:\Windows\System\PXkdEGU.exe
  C:\Windows\System\PXkdEGU.exe
  2⤵
  PID:9556
- C:\Windows\System\IuPSMOJ.exe
  C:\Windows\System\IuPSMOJ.exe
  2⤵
  PID:10112
- C:\Windows\System\SxbeNXi.exe
  C:\Windows\System\SxbeNXi.exe
  2⤵
  PID:10172
- C:\Windows\System\uTDsrNw.exe
  C:\Windows\System\uTDsrNw.exe
  2⤵
  PID:9228
- C:\Windows\System\AiuWdxx.exe
  C:\Windows\System\AiuWdxx.exe
  2⤵
  PID:9376
- C:\Windows\System\QnceYln.exe
  C:\Windows\System\QnceYln.exe
  2⤵
  PID:9512
- C:\Windows\System\tqfKMnv.exe
  C:\Windows\System\tqfKMnv.exe
  2⤵
  PID:9656
- C:\Windows\System\ZyqAQYm.exe
  C:\Windows\System\ZyqAQYm.exe
  2⤵
  PID:9832
- C:\Windows\System\wnrjcIv.exe
  C:\Windows\System\wnrjcIv.exe
  2⤵
  PID:9972
- C:\Windows\System\gcyhTrL.exe
  C:\Windows\System\gcyhTrL.exe
  2⤵
  PID:10108
- C:\Windows\System\PEsmIIU.exe
  C:\Windows\System\PEsmIIU.exe
  2⤵
  PID:9312
- C:\Windows\System\sfPHCVS.exe
  C:\Windows\System\sfPHCVS.exe
  2⤵
  PID:9640
- C:\Windows\System\mHEpjPS.exe
  C:\Windows\System\mHEpjPS.exe
  2⤵
  PID:10088
- C:\Windows\System\acqavNk.exe
  C:\Windows\System\acqavNk.exe
  2⤵
  PID:10032
- C:\Windows\System\uvQVHoD.exe
  C:\Windows\System\uvQVHoD.exe
  2⤵
  PID:10244
- C:\Windows\System\SgxRtSU.exe
  C:\Windows\System\SgxRtSU.exe
  2⤵
  PID:10268
- C:\Windows\System\qvXYvEI.exe
  C:\Windows\System\qvXYvEI.exe
  2⤵
  PID:10296
- C:\Windows\System\SZsfcof.exe
  C:\Windows\System\SZsfcof.exe
  2⤵
  PID:10324
- C:\Windows\System\PHFWKrz.exe
  C:\Windows\System\PHFWKrz.exe
  2⤵
  PID:10352
- C:\Windows\System\btpqRUp.exe
  C:\Windows\System\btpqRUp.exe
  2⤵
  PID:10380
- C:\Windows\System\GmETffc.exe
  C:\Windows\System\GmETffc.exe
  2⤵
  PID:10408
- C:\Windows\System\sbuwULB.exe
  C:\Windows\System\sbuwULB.exe
  2⤵
  PID:10436
- C:\Windows\System\nXCIHoj.exe
  C:\Windows\System\nXCIHoj.exe
  2⤵
  PID:10464
- C:\Windows\System\NahQsWy.exe
  C:\Windows\System\NahQsWy.exe
  2⤵
  PID:10492
- C:\Windows\System\uGFtHck.exe
  C:\Windows\System\uGFtHck.exe
  2⤵
  PID:10520
- C:\Windows\System\YsZQGcc.exe
  C:\Windows\System\YsZQGcc.exe
  2⤵
  PID:10548
- C:\Windows\System\QAEmaSt.exe
  C:\Windows\System\QAEmaSt.exe
  2⤵
  PID:10576
- C:\Windows\System\wGPZYon.exe
  C:\Windows\System\wGPZYon.exe
  2⤵
  PID:10604
- C:\Windows\System\PTZlDpT.exe
  C:\Windows\System\PTZlDpT.exe
  2⤵
  PID:10632
- C:\Windows\System\GCBphoz.exe
  C:\Windows\System\GCBphoz.exe
  2⤵
  PID:10660
- C:\Windows\System\hYzuoIn.exe
  C:\Windows\System\hYzuoIn.exe
  2⤵
  PID:10688
- C:\Windows\System\MzHpwiK.exe
  C:\Windows\System\MzHpwiK.exe
  2⤵
  PID:10716
- C:\Windows\System\ZaucLFK.exe
  C:\Windows\System\ZaucLFK.exe
  2⤵
  PID:10744
- C:\Windows\System\JgRetwR.exe
  C:\Windows\System\JgRetwR.exe
  2⤵
  PID:10772
- C:\Windows\System\aNLqPEm.exe
  C:\Windows\System\aNLqPEm.exe
  2⤵
  PID:10804
- C:\Windows\System\RyremDl.exe
  C:\Windows\System\RyremDl.exe
  2⤵
  PID:10844
- C:\Windows\System\gWizIvX.exe
  C:\Windows\System\gWizIvX.exe
  2⤵
  PID:10868
- C:\Windows\System\rFemYpq.exe
  C:\Windows\System\rFemYpq.exe
  2⤵
  PID:10892
- C:\Windows\System\OFHtCWE.exe
  C:\Windows\System\OFHtCWE.exe
  2⤵
  PID:10932
- C:\Windows\System\NYlrtZd.exe
  C:\Windows\System\NYlrtZd.exe
  2⤵
  PID:10960
- C:\Windows\System\yKHwKez.exe
  C:\Windows\System\yKHwKez.exe
  2⤵
  PID:10996
- C:\Windows\System\gOXlQix.exe
  C:\Windows\System\gOXlQix.exe
  2⤵
  PID:11024
- C:\Windows\System\ERmlsBP.exe
  C:\Windows\System\ERmlsBP.exe
  2⤵
  PID:11056
- C:\Windows\System\pwlEENC.exe
  C:\Windows\System\pwlEENC.exe
  2⤵
  PID:11088
- C:\Windows\System\nXvagxy.exe
  C:\Windows\System\nXvagxy.exe
  2⤵
  PID:11116
- C:\Windows\System\Dppmhaa.exe
  C:\Windows\System\Dppmhaa.exe
  2⤵
  PID:11140
- C:\Windows\System\oITPyhE.exe
  C:\Windows\System\oITPyhE.exe
  2⤵
  PID:11172
- C:\Windows\System\MpbUnAH.exe
  C:\Windows\System\MpbUnAH.exe
  2⤵
  PID:11196
- C:\Windows\System\aHqpfWw.exe
  C:\Windows\System\aHqpfWw.exe
  2⤵
  PID:11228
- C:\Windows\System\fimpIzc.exe
  C:\Windows\System\fimpIzc.exe
  2⤵
  PID:11256
- C:\Windows\System\BalBcVY.exe
  C:\Windows\System\BalBcVY.exe
  2⤵
  PID:10336
- C:\Windows\System\cuwDEMI.exe
  C:\Windows\System\cuwDEMI.exe
  2⤵
  PID:10400
- C:\Windows\System\KjBwYTX.exe
  C:\Windows\System\KjBwYTX.exe
  2⤵
  PID:10456
- C:\Windows\System\bAXqOfO.exe
  C:\Windows\System\bAXqOfO.exe
  2⤵
  PID:10516
- C:\Windows\System\QNUTnXN.exe
  C:\Windows\System\QNUTnXN.exe
  2⤵
  PID:10568
- C:\Windows\System\sjUneEa.exe
  C:\Windows\System\sjUneEa.exe
  2⤵
  PID:10740
- C:\Windows\System\tsOENCG.exe
  C:\Windows\System\tsOENCG.exe
  2⤵
  PID:10768
- C:\Windows\System\ErPfhFK.exe
  C:\Windows\System\ErPfhFK.exe
  2⤵
  PID:10824
- C:\Windows\System\ccVIhLb.exe
  C:\Windows\System\ccVIhLb.exe
  2⤵
  PID:4756
- C:\Windows\System\ZaFvmMs.exe
  C:\Windows\System\ZaFvmMs.exe
  2⤵
  PID:10944
- C:\Windows\System\YIuIDpl.exe
  C:\Windows\System\YIuIDpl.exe
  2⤵
  PID:2356
- C:\Windows\System\BxreadZ.exe
  C:\Windows\System\BxreadZ.exe
  2⤵
  PID:1540
- C:\Windows\System\omvbmgm.exe
  C:\Windows\System\omvbmgm.exe
  2⤵
  PID:11112
- C:\Windows\System\dpzWUjz.exe
  C:\Windows\System\dpzWUjz.exe
  2⤵
  PID:11148
- C:\Windows\System\KSVBewW.exe
  C:\Windows\System\KSVBewW.exe
  2⤵
  PID:11188
- C:\Windows\System\pMCByIV.exe
  C:\Windows\System\pMCByIV.exe
  2⤵
  PID:10292
- C:\Windows\System\kcVFWKu.exe
  C:\Windows\System\kcVFWKu.exe
  2⤵
  PID:10420
- C:\Windows\System\pRmjHLI.exe
  C:\Windows\System\pRmjHLI.exe
  2⤵
  PID:10512
- C:\Windows\System\HvSbeZW.exe
  C:\Windows\System\HvSbeZW.exe
  2⤵
  PID:2388
- C:\Windows\System\xfYFzis.exe
  C:\Windows\System\xfYFzis.exe
  2⤵
  PID:10656
- C:\Windows\System\ROnbtYt.exe
  C:\Windows\System\ROnbtYt.exe
  2⤵
  PID:1400
- C:\Windows\System\cLLzFIY.exe
  C:\Windows\System\cLLzFIY.exe
  2⤵
  PID:10764
- C:\Windows\System\WuotLvM.exe
  C:\Windows\System\WuotLvM.exe
  2⤵
  PID:2400
- C:\Windows\System\WJYeflC.exe
  C:\Windows\System\WJYeflC.exe
  2⤵
  PID:10864
- C:\Windows\System\OFbiXzK.exe
  C:\Windows\System\OFbiXzK.exe
  2⤵
  PID:2712
- C:\Windows\System\sPtvRVS.exe
  C:\Windows\System\sPtvRVS.exe
  2⤵
  PID:4224
- C:\Windows\System\cDRnCXp.exe
  C:\Windows\System\cDRnCXp.exe
  2⤵
  PID:5112
- C:\Windows\System\RRdsPck.exe
  C:\Windows\System\RRdsPck.exe
  2⤵
  PID:11152
- C:\Windows\System\RjhfJAa.exe
  C:\Windows\System\RjhfJAa.exe
  2⤵
  PID:10256
- C:\Windows\System\SvqktJA.exe
  C:\Windows\System\SvqktJA.exe
  2⤵
  PID:10432
- C:\Windows\System\QqQJIYT.exe
  C:\Windows\System\QqQJIYT.exe
  2⤵
  PID:10616
- C:\Windows\System\WgPgFqb.exe
  C:\Windows\System\WgPgFqb.exe
  2⤵
  PID:4588
- C:\Windows\System\eRulZIS.exe
  C:\Windows\System\eRulZIS.exe
  2⤵
  PID:10928
- C:\Windows\System\UVYOoyB.exe
  C:\Windows\System\UVYOoyB.exe
  2⤵
  PID:1956
- C:\Windows\System\GsChKxU.exe
  C:\Windows\System\GsChKxU.exe
  2⤵
  PID:1428
- C:\Windows\System\ahQNRlg.exe
  C:\Windows\System\ahQNRlg.exe
  2⤵
  PID:1876
- C:\Windows\System\eqyfQHh.exe
  C:\Windows\System\eqyfQHh.exe
  2⤵
  PID:10832
- C:\Windows\System\ILOQlJK.exe
  C:\Windows\System\ILOQlJK.exe
  2⤵
  PID:10916
- C:\Windows\System\lUxCoNB.exe
  C:\Windows\System\lUxCoNB.exe
  2⤵
  PID:3588
- C:\Windows\System\YVqCgtm.exe
  C:\Windows\System\YVqCgtm.exe
  2⤵
  PID:10924
- C:\Windows\System\RJmqwYn.exe
  C:\Windows\System\RJmqwYn.exe
  2⤵
  PID:10828
- C:\Windows\System\TdJAUyT.exe
  C:\Windows\System\TdJAUyT.exe
  2⤵
  PID:11284
- C:\Windows\System\BvkyuHc.exe
  C:\Windows\System\BvkyuHc.exe
  2⤵
  PID:11312
- C:\Windows\System\mXhURTA.exe
  C:\Windows\System\mXhURTA.exe
  2⤵
  PID:11340
- C:\Windows\System\wAdUOSv.exe
  C:\Windows\System\wAdUOSv.exe
  2⤵
  PID:11368
- C:\Windows\System\xfTuZuA.exe
  C:\Windows\System\xfTuZuA.exe
  2⤵
  PID:11404
- C:\Windows\System\rftzGWf.exe
  C:\Windows\System\rftzGWf.exe
  2⤵
  PID:11424
- C:\Windows\System\hHFuywv.exe
  C:\Windows\System\hHFuywv.exe
  2⤵
  PID:11452
- C:\Windows\System\dIkOWNr.exe
  C:\Windows\System\dIkOWNr.exe
  2⤵
  PID:11496
- C:\Windows\System\uNreuvS.exe
  C:\Windows\System\uNreuvS.exe
  2⤵
  PID:11512
- C:\Windows\System\zKVNfyg.exe
  C:\Windows\System\zKVNfyg.exe
  2⤵
  PID:11540
- C:\Windows\System\McQwUpB.exe
  C:\Windows\System\McQwUpB.exe
  2⤵
  PID:11568
- C:\Windows\System\WsuJIfN.exe
  C:\Windows\System\WsuJIfN.exe
  2⤵
  PID:11596
- C:\Windows\System\OpxjdJs.exe
  C:\Windows\System\OpxjdJs.exe
  2⤵
  PID:11624
- C:\Windows\System\JFAXDGW.exe
  C:\Windows\System\JFAXDGW.exe
  2⤵
  PID:11652
- C:\Windows\System\GqUyqcs.exe
  C:\Windows\System\GqUyqcs.exe
  2⤵
  PID:11680
- C:\Windows\System\tcTzYvL.exe
  C:\Windows\System\tcTzYvL.exe
  2⤵
  PID:11708
- C:\Windows\System\tHyAFVl.exe
  C:\Windows\System\tHyAFVl.exe
  2⤵
  PID:11736
- C:\Windows\System\uEhkGDX.exe
  C:\Windows\System\uEhkGDX.exe
  2⤵
  PID:11764
- C:\Windows\System\geEsDvn.exe
  C:\Windows\System\geEsDvn.exe
  2⤵
  PID:11792
- C:\Windows\System\VJsqzzY.exe
  C:\Windows\System\VJsqzzY.exe
  2⤵
  PID:11820
- C:\Windows\System\MaHqTai.exe
  C:\Windows\System\MaHqTai.exe
  2⤵
  PID:11848
- C:\Windows\System\bsJEwVZ.exe
  C:\Windows\System\bsJEwVZ.exe
  2⤵
  PID:11876
- C:\Windows\System\hjKfbDe.exe
  C:\Windows\System\hjKfbDe.exe
  2⤵
  PID:11904
- C:\Windows\System\yYKwVbN.exe
  C:\Windows\System\yYKwVbN.exe
  2⤵
  PID:11932
- C:\Windows\System\bjHxHYu.exe
  C:\Windows\System\bjHxHYu.exe
  2⤵
  PID:11960
- C:\Windows\System\ywJatJT.exe
  C:\Windows\System\ywJatJT.exe
  2⤵
  PID:11988
- C:\Windows\System\IMvCTsb.exe
  C:\Windows\System\IMvCTsb.exe
  2⤵
  PID:12016
- C:\Windows\System\YaTaNlr.exe
  C:\Windows\System\YaTaNlr.exe
  2⤵
  PID:12048
- C:\Windows\System\VFZIigX.exe
  C:\Windows\System\VFZIigX.exe
  2⤵
  PID:12076
- C:\Windows\System\SymrpEP.exe
  C:\Windows\System\SymrpEP.exe
  2⤵
  PID:12104
- C:\Windows\System\MDmBBmA.exe
  C:\Windows\System\MDmBBmA.exe
  2⤵
  PID:12132
- C:\Windows\System\BPNKTAE.exe
  C:\Windows\System\BPNKTAE.exe
  2⤵
  PID:12160
- C:\Windows\System\pbviyyt.exe
  C:\Windows\System\pbviyyt.exe
  2⤵
  PID:12188
- C:\Windows\System\YdlLlNE.exe
  C:\Windows\System\YdlLlNE.exe
  2⤵
  PID:12216
- C:\Windows\System\RCLCUkg.exe
  C:\Windows\System\RCLCUkg.exe
  2⤵
  PID:12244
- C:\Windows\System\tLayPIo.exe
  C:\Windows\System\tLayPIo.exe
  2⤵
  PID:12272
- C:\Windows\System\KItORGI.exe
  C:\Windows\System\KItORGI.exe
  2⤵
  PID:11296
- C:\Windows\System\YdKGFkB.exe
  C:\Windows\System\YdKGFkB.exe
  2⤵
  PID:11352
- C:\Windows\System\kgDuyeZ.exe
  C:\Windows\System\kgDuyeZ.exe
  2⤵
  PID:11416
- C:\Windows\System\IbCSzcL.exe
  C:\Windows\System\IbCSzcL.exe
  2⤵
  PID:11492
- C:\Windows\System\NhiOrBU.exe
  C:\Windows\System\NhiOrBU.exe
  2⤵
  PID:11552
- C:\Windows\System\iersHsf.exe
  C:\Windows\System\iersHsf.exe
  2⤵
  PID:11616
- C:\Windows\System\MwDKjqe.exe
  C:\Windows\System\MwDKjqe.exe
  2⤵
  PID:11676
- C:\Windows\System\yIUGxeu.exe
  C:\Windows\System\yIUGxeu.exe
  2⤵
  PID:11748
- C:\Windows\System\PrTLHVp.exe
  C:\Windows\System\PrTLHVp.exe
  2⤵
  PID:11812
- C:\Windows\System\alcZGAL.exe
  C:\Windows\System\alcZGAL.exe
  2⤵
  PID:11868
- C:\Windows\System\phMXfTB.exe
  C:\Windows\System\phMXfTB.exe
  2⤵
  PID:11928
- C:\Windows\System\HKGrHAl.exe
  C:\Windows\System\HKGrHAl.exe
  2⤵
  PID:12000
- C:\Windows\System\ZoFXPet.exe
  C:\Windows\System\ZoFXPet.exe
  2⤵
  PID:12068
- C:\Windows\System\qOYbImL.exe
  C:\Windows\System\qOYbImL.exe
  2⤵
  PID:12116
- C:\Windows\System\kGYjkWl.exe
  C:\Windows\System\kGYjkWl.exe
  2⤵
  PID:12180
- C:\Windows\System\wacAVEw.exe
  C:\Windows\System\wacAVEw.exe
  2⤵
  PID:12256
- C:\Windows\System\BywwmDt.exe
  C:\Windows\System\BywwmDt.exe
  2⤵
  PID:11332
- C:\Windows\System\gxhiKiD.exe
  C:\Windows\System\gxhiKiD.exe
  2⤵
  PID:2592
- C:\Windows\System\aWXvAYD.exe
  C:\Windows\System\aWXvAYD.exe
  2⤵
  PID:1600
- C:\Windows\System\YbmtgEL.exe
  C:\Windows\System\YbmtgEL.exe
  2⤵
  PID:11728
- C:\Windows\System\KjkuWUY.exe
  C:\Windows\System\KjkuWUY.exe
  2⤵
  PID:11804
- C:\Windows\System\ejKfMHc.exe
  C:\Windows\System\ejKfMHc.exe
  2⤵
  PID:11924
- C:\Windows\System\WUGUuOk.exe
  C:\Windows\System\WUGUuOk.exe
  2⤵
  PID:4308
- C:\Windows\System\OygJnOD.exe
  C:\Windows\System\OygJnOD.exe
  2⤵
  PID:12236
- C:\Windows\System\udrZgnL.exe
  C:\Windows\System\udrZgnL.exe
  2⤵
  PID:11392
- C:\Windows\System\HisdOvA.exe
  C:\Windows\System\HisdOvA.exe
  2⤵
  PID:11536
- C:\Windows\System\YlLERuA.exe
  C:\Windows\System\YlLERuA.exe
  2⤵
  PID:444
- C:\Windows\System\sfFXTnm.exe
  C:\Windows\System\sfFXTnm.exe
  2⤵
  PID:11896
- C:\Windows\System\HdiPpwE.exe
  C:\Windows\System\HdiPpwE.exe
  2⤵
  PID:12144
- C:\Windows\System\XtcSkVR.exe
  C:\Windows\System\XtcSkVR.exe
  2⤵
  PID:3228
- C:\Windows\System\DhEkqsP.exe
  C:\Windows\System\DhEkqsP.exe
  2⤵
  PID:11664
- C:\Windows\System\ISFMCkb.exe
  C:\Windows\System\ISFMCkb.exe
  2⤵
  PID:11788
- C:\Windows\System\EIiJfQQ.exe
  C:\Windows\System\EIiJfQQ.exe
  2⤵
  PID:2288
- C:\Windows\System\YAsDxdl.exe
  C:\Windows\System\YAsDxdl.exe
  2⤵
  PID:4388
- C:\Windows\System\ywitmEN.exe
  C:\Windows\System\ywitmEN.exe
  2⤵
  PID:4752
- C:\Windows\System\LXCPpoG.exe
  C:\Windows\System\LXCPpoG.exe
  2⤵
  PID:1136
- C:\Windows\System\MOAilno.exe
  C:\Windows\System\MOAilno.exe
  2⤵
  PID:4652
- C:\Windows\System\qcFJxZt.exe
  C:\Windows\System\qcFJxZt.exe
  2⤵
  PID:3744
- C:\Windows\System\CXJvkIi.exe
  C:\Windows\System\CXJvkIi.exe
  2⤵
  PID:12304
- C:\Windows\System\MRGNNhS.exe
  C:\Windows\System\MRGNNhS.exe
  2⤵
  PID:12332
- C:\Windows\System\KCELBQp.exe
  C:\Windows\System\KCELBQp.exe
  2⤵
  PID:12360
- C:\Windows\System\GhEPZll.exe
  C:\Windows\System\GhEPZll.exe
  2⤵
  PID:12388
- C:\Windows\System\lZnueWX.exe
  C:\Windows\System\lZnueWX.exe
  2⤵
  PID:12416
- C:\Windows\System\GfvigHp.exe
  C:\Windows\System\GfvigHp.exe
  2⤵
  PID:12456
- C:\Windows\System\OoIsxql.exe
  C:\Windows\System\OoIsxql.exe
  2⤵
  PID:12472
- C:\Windows\System\qshWrpD.exe
  C:\Windows\System\qshWrpD.exe
  2⤵
  PID:12500
- C:\Windows\System\wbHEGJe.exe
  C:\Windows\System\wbHEGJe.exe
  2⤵
  PID:12528
- C:\Windows\System\atoEqlE.exe
  C:\Windows\System\atoEqlE.exe
  2⤵
  PID:12556
- C:\Windows\System\yjJEsOO.exe
  C:\Windows\System\yjJEsOO.exe
  2⤵
  PID:12584
- C:\Windows\System\HlgwfqU.exe
  C:\Windows\System\HlgwfqU.exe
  2⤵
  PID:12612
- C:\Windows\System\MSWAeDT.exe
  C:\Windows\System\MSWAeDT.exe
  2⤵
  PID:12640
- C:\Windows\System\tKyxWre.exe
  C:\Windows\System\tKyxWre.exe
  2⤵
  PID:12668
- C:\Windows\System\oyceMoL.exe
  C:\Windows\System\oyceMoL.exe
  2⤵
  PID:12696
- C:\Windows\System\musDYPW.exe
  C:\Windows\System\musDYPW.exe
  2⤵
  PID:12724
- C:\Windows\System\ElyoxTT.exe
  C:\Windows\System\ElyoxTT.exe
  2⤵
  PID:12752
- C:\Windows\System\NdgkJUp.exe
  C:\Windows\System\NdgkJUp.exe
  2⤵
  PID:12780
- C:\Windows\System\AqiZuqB.exe
  C:\Windows\System\AqiZuqB.exe
  2⤵
  PID:12808
- C:\Windows\System\FtBihIq.exe
  C:\Windows\System\FtBihIq.exe
  2⤵
  PID:12836
- C:\Windows\System\QSreDUy.exe
  C:\Windows\System\QSreDUy.exe
  2⤵
  PID:12864
- C:\Windows\System\sDFqmuq.exe
  C:\Windows\System\sDFqmuq.exe
  2⤵
  PID:12892
- C:\Windows\System\BLeQdch.exe
  C:\Windows\System\BLeQdch.exe
  2⤵
  PID:12924
- C:\Windows\System\xIaVvdC.exe
  C:\Windows\System\xIaVvdC.exe
  2⤵
  PID:12952
- C:\Windows\System\soyrvqX.exe
  C:\Windows\System\soyrvqX.exe
  2⤵
  PID:12980
- C:\Windows\System\zWjcnoO.exe
  C:\Windows\System\zWjcnoO.exe
  2⤵
  PID:13008
- C:\Windows\System\ojpXnnf.exe
  C:\Windows\System\ojpXnnf.exe
  2⤵
  PID:13036
- C:\Windows\System\AIjkFlL.exe
  C:\Windows\System\AIjkFlL.exe
  2⤵
  PID:13064
- C:\Windows\System\rbpDJYB.exe
  C:\Windows\System\rbpDJYB.exe
  2⤵
  PID:13092
- C:\Windows\System\vuPjEMS.exe
  C:\Windows\System\vuPjEMS.exe
  2⤵
  PID:13120
- C:\Windows\System\BYADIfr.exe
  C:\Windows\System\BYADIfr.exe
  2⤵
  PID:13148
- C:\Windows\System\Zbiwebb.exe
  C:\Windows\System\Zbiwebb.exe
  2⤵
  PID:13188
- C:\Windows\System\iUzUzMe.exe
  C:\Windows\System\iUzUzMe.exe
  2⤵
  PID:13204
- C:\Windows\System\gbjdzIm.exe
  C:\Windows\System\gbjdzIm.exe
  2⤵
  PID:13232
- C:\Windows\System\gsCIiNS.exe
  C:\Windows\System\gsCIiNS.exe
  2⤵
  PID:13260
- C:\Windows\System\htEuDsQ.exe
  C:\Windows\System\htEuDsQ.exe
  2⤵
  PID:13288
- C:\Windows\System\AyNLsVg.exe
  C:\Windows\System\AyNLsVg.exe
  2⤵
  PID:3920
- C:\Windows\System\ffQxHQJ.exe
  C:\Windows\System\ffQxHQJ.exe
  2⤵
  PID:2116
- C:\Windows\System\mcvycHI.exe
  C:\Windows\System\mcvycHI.exe
  2⤵
  PID:4720
- C:\Windows\System\YrwSYnZ.exe
  C:\Windows\System\YrwSYnZ.exe
  2⤵
  PID:12412
- C:\Windows\System\FvvLdRk.exe
  C:\Windows\System\FvvLdRk.exe
  2⤵
  PID:2924
- C:\Windows\System\ofMkgMu.exe
  C:\Windows\System\ofMkgMu.exe
  2⤵
  PID:12512
- C:\Windows\System\ONoKnuJ.exe
  C:\Windows\System\ONoKnuJ.exe
  2⤵
  PID:916
- C:\Windows\System\HIidhPY.exe
  C:\Windows\System\HIidhPY.exe
  2⤵
  PID:12576
- C:\Windows\System\TGgCqOL.exe
  C:\Windows\System\TGgCqOL.exe
  2⤵
  PID:12624
- C:\Windows\System\lhKhMNS.exe
  C:\Windows\System\lhKhMNS.exe
  2⤵
  PID:12664
- C:\Windows\System\YThVmyb.exe
  C:\Windows\System\YThVmyb.exe
  2⤵
  PID:1116
- C:\Windows\System\HRTDhOP.exe
  C:\Windows\System\HRTDhOP.exe
  2⤵
  PID:12744
- C:\Windows\System\ZXDsHAX.exe
  C:\Windows\System\ZXDsHAX.exe
  2⤵
  PID:4516
- C:\Windows\System\jQUPhpp.exe
  C:\Windows\System\jQUPhpp.exe
  2⤵
  PID:12820
- C:\Windows\System\PWzACCS.exe
  C:\Windows\System\PWzACCS.exe
  2⤵
  PID:12860
- C:\Windows\System\gBXFpEg.exe
  C:\Windows\System\gBXFpEg.exe
  2⤵
  PID:3376
- C:\Windows\System\QTnAlPa.exe
  C:\Windows\System\QTnAlPa.exe
  2⤵
  PID:2896
- C:\Windows\System\nMTGOhr.exe
  C:\Windows\System\nMTGOhr.exe
  2⤵
  PID:12992
- C:\Windows\System\XEAhiWr.exe
  C:\Windows\System\XEAhiWr.exe
  2⤵
  PID:13032
- C:\Windows\System\hxtqJPR.exe
  C:\Windows\System\hxtqJPR.exe
  2⤵
  PID:1892
- C:\Windows\System\cTcGgbw.exe
  C:\Windows\System\cTcGgbw.exe
  2⤵
  PID:13116
- C:\Windows\System\kXHweqX.exe
  C:\Windows\System\kXHweqX.exe
  2⤵
  PID:13172
- C:\Windows\System\WFcdqoC.exe
  C:\Windows\System\WFcdqoC.exe
  2⤵
  PID:13228
- C:\Windows\System\QFHIVuN.exe
  C:\Windows\System\QFHIVuN.exe
  2⤵
  PID:828
- C:\Windows\System\LgNYcsq.exe
  C:\Windows\System\LgNYcsq.exe
  2⤵
  PID:13308
- C:\Windows\System\MHSihAS.exe
  C:\Windows\System\MHSihAS.exe
  2⤵
  PID:12352
- C:\Windows\System\fyTNCvN.exe
  C:\Windows\System\fyTNCvN.exe
  2⤵
  PID:5184
- C:\Windows\System\PsrkJdV.exe
  C:\Windows\System\PsrkJdV.exe
  2⤵
  PID:12912
- C:\Windows\System\wVLrRxZ.exe
  C:\Windows\System\wVLrRxZ.exe
  2⤵
  PID:12520
- C:\Windows\System\SAAbEvu.exe
  C:\Windows\System\SAAbEvu.exe
  2⤵
  PID:5288
- C:\Windows\System\keUVaJg.exe
  C:\Windows\System\keUVaJg.exe
  2⤵
  PID:3560
- C:\Windows\System\nNogMRL.exe
  C:\Windows\System\nNogMRL.exe
  2⤵
  PID:3628
- C:\Windows\System\lBLypFa.exe
  C:\Windows\System\lBLypFa.exe
  2⤵
  PID:5408
- C:\Windows\System\ljfDRSt.exe
  C:\Windows\System\ljfDRSt.exe
  2⤵
  PID:5444
- C:\Windows\System\UbBKbjv.exe
  C:\Windows\System\UbBKbjv.exe
  2⤵
  PID:5492
- C:\Windows\System\nmuDGvf.exe
  C:\Windows\System\nmuDGvf.exe
  2⤵
  PID:12920
- C:\Windows\System\yYpIWmW.exe
  C:\Windows\System\yYpIWmW.exe
  2⤵
  PID:5584
- C:\Windows\System\NfxKFEQ.exe
  C:\Windows\System\NfxKFEQ.exe
  2⤵
  PID:5608
- C:\Windows\System\TUMcWJg.exe
  C:\Windows\System\TUMcWJg.exe
  2⤵
  PID:2268
- C:\Windows\System\lenVGto.exe
  C:\Windows\System\lenVGto.exe
  2⤵
  PID:13168
- C:\Windows\System\UTNcznZ.exe
  C:\Windows\System\UTNcznZ.exe
  2⤵
  PID:5720
- C:\Windows\System\zUJmYFa.exe
  C:\Windows\System\zUJmYFa.exe
  2⤵
  PID:13300
- C:\Windows\System\ELWjURg.exe
  C:\Windows\System\ELWjURg.exe
  2⤵
  PID:5824
- C:\Windows\System\sjELqey.exe
  C:\Windows\System\sjELqey.exe
  2⤵
  PID:5204
- C:\Windows\System\GCRqrZw.exe
  C:\Windows\System\GCRqrZw.exe
  2⤵
  PID:12496
- C:\Windows\System\GKCNYre.exe
  C:\Windows\System\GKCNYre.exe
  2⤵
  PID:5920
- C:\Windows\System\OsukHXp.exe
  C:\Windows\System\OsukHXp.exe
  2⤵
  PID:5944
- C:\Windows\System\DjLLGxv.exe
  C:\Windows\System\DjLLGxv.exe
  2⤵
  PID:5972
- C:\Windows\System\RjlaHlk.exe
  C:\Windows\System\RjlaHlk.exe
  2⤵
  PID:12856
- C:\Windows\System\lCVLOze.exe
  C:\Windows\System\lCVLOze.exe
  2⤵
  PID:6072
- C:\Windows\System\xsDlvqc.exe
  C:\Windows\System\xsDlvqc.exe
  2⤵
  PID:6100
- C:\Windows\System\OVxpbxY.exe
  C:\Windows\System\OVxpbxY.exe
  2⤵
  PID:5696
- C:\Windows\System\euVVnyJ.exe
  C:\Windows\System\euVVnyJ.exe
  2⤵
  PID:13284
- C:\Windows\System\FXttmYn.exe
  C:\Windows\System\FXttmYn.exe
  2⤵
  PID:5244
- C:\Windows\System\iyOVOqk.exe
  C:\Windows\System\iyOVOqk.exe
  2⤵
  PID:5384
- C:\Windows\System\frjsBZO.exe
  C:\Windows\System\frjsBZO.exe
  2⤵
  PID:5428
- C:\Windows\System\TXFHzqQ.exe
  C:\Windows\System\TXFHzqQ.exe
  2⤵
  PID:5528
- C:\Windows\System\JZEOiuP.exe
  C:\Windows\System\JZEOiuP.exe
  2⤵
  PID:704
- C:\Windows\System\iIIHNOm.exe
  C:\Windows\System\iIIHNOm.exe
  2⤵
  PID:6004
- C:\Windows\System\KPrvoDr.exe
  C:\Windows\System\KPrvoDr.exe
  2⤵
  PID:5820
- C:\Windows\System\TVVegQf.exe
  C:\Windows\System\TVVegQf.exe
  2⤵
  PID:5664
- C:\Windows\System\ydIvICv.exe
  C:\Windows\System\ydIvICv.exe
  2⤵
  PID:5984
- C:\Windows\System\rVpClHO.exe
  C:\Windows\System\rVpClHO.exe
  2⤵
  PID:5172
- C:\Windows\System\zALbYBK.exe
  C:\Windows\System\zALbYBK.exe
  2⤵
  PID:5320
- C:\Windows\System\UiMyhEL.exe
  C:\Windows\System\UiMyhEL.exe
  2⤵
  PID:4312
- C:\Windows\System\VVmgoRQ.exe
  C:\Windows\System\VVmgoRQ.exe
  2⤵
  PID:5728
- C:\Windows\System\UXuIAEX.exe
  C:\Windows\System\UXuIAEX.exe
  2⤵
  PID:5860
- C:\Windows\System\MiuxvDP.exe
  C:\Windows\System\MiuxvDP.exe
  2⤵
  PID:5520
- C:\Windows\System\IkBYnHR.exe
  C:\Windows\System\IkBYnHR.exe
  2⤵
  PID:5500
- C:\Windows\System\NhufBwP.exe
  C:\Windows\System\NhufBwP.exe
  2⤵
  PID:5464
- C:\Windows\System\LIJgdfi.exe
  C:\Windows\System\LIJgdfi.exe
  2⤵
  PID:5924
- C:\Windows\System\NYCopZD.exe
  C:\Windows\System\NYCopZD.exe
  2⤵
  PID:5460
- C:\Windows\System\VscTaEa.exe
  C:\Windows\System\VscTaEa.exe
  2⤵
  PID:8
- C:\Windows\System\oUtfMUq.exe
  C:\Windows\System\oUtfMUq.exe
  2⤵
  PID:6148
- C:\Windows\System\ctYbNMW.exe
  C:\Windows\System\ctYbNMW.exe
  2⤵
  PID:6132
- C:\Windows\System\pluDEEO.exe
  C:\Windows\System\pluDEEO.exe
  2⤵
  PID:4960
- C:\Windows\System\bSMFetO.exe
  C:\Windows\System\bSMFetO.exe
  2⤵
  PID:6256
- C:\Windows\System\UQJIpUK.exe
  C:\Windows\System\UQJIpUK.exe
  2⤵
  PID:6292
- C:\Windows\System\ewfLmkj.exe
  C:\Windows\System\ewfLmkj.exe
  2⤵
  PID:6324
- C:\Windows\System\HkWKYPZ.exe
  C:\Windows\System\HkWKYPZ.exe
  2⤵
  PID:6360
- C:\Windows\System\JXkgTxf.exe
  C:\Windows\System\JXkgTxf.exe
  2⤵
  PID:6196
- C:\Windows\System\MeFJPZa.exe
  C:\Windows\System\MeFJPZa.exe
  2⤵
  PID:2352
- C:\Windows\System\AEnpxoD.exe
  C:\Windows\System\AEnpxoD.exe
  2⤵
  PID:4080
- C:\Windows\System\lkNkZtQ.exe
  C:\Windows\System\lkNkZtQ.exe
  2⤵
  PID:12568
- C:\Windows\System\fGXEWke.exe
  C:\Windows\System\fGXEWke.exe
  2⤵
  PID:12776
- C:\Windows\System\EpKDgNL.exe
  C:\Windows\System\EpKDgNL.exe
  2⤵
  PID:12604
- C:\Windows\System\PKeRJWl.exe
  C:\Windows\System\PKeRJWl.exe
  2⤵
  PID:6468
- C:\Windows\System\GXhKlwX.exe
  C:\Windows\System\GXhKlwX.exe
  2⤵
  PID:5780
- C:\Windows\System\pRKdigX.exe
  C:\Windows\System\pRKdigX.exe
  2⤵
  PID:3164
- C:\Windows\System\XmXJlrn.exe
  C:\Windows\System\XmXJlrn.exe
  2⤵
  PID:6728
- C:\Windows\System\qQXmajy.exe
  C:\Windows\System\qQXmajy.exe
  2⤵
  PID:6780
- C:\Windows\System\XTavYQd.exe
  C:\Windows\System\XTavYQd.exe
  2⤵
  PID:6832
- C:\Windows\System\MMbxWEN.exe
  C:\Windows\System\MMbxWEN.exe
  2⤵
  PID:13336
- C:\Windows\System\ocYAutz.exe
  C:\Windows\System\ocYAutz.exe
  2⤵
  PID:13364
- C:\Windows\System\JTjjLcg.exe
  C:\Windows\System\JTjjLcg.exe
  2⤵
  PID:13392
- C:\Windows\System\eMTLnPq.exe
  C:\Windows\System\eMTLnPq.exe
  2⤵
  PID:13420
- C:\Windows\System\BsAgTjg.exe
  C:\Windows\System\BsAgTjg.exe
  2⤵
  PID:13448
- C:\Windows\System\eKPFSOy.exe
  C:\Windows\System\eKPFSOy.exe
  2⤵
  PID:13476
- C:\Windows\System\SELAMUe.exe
  C:\Windows\System\SELAMUe.exe
  2⤵
  PID:13504
- C:\Windows\System\JGdXoJj.exe
  C:\Windows\System\JGdXoJj.exe
  2⤵
  PID:13532
- C:\Windows\System\rVLaSgv.exe
  C:\Windows\System\rVLaSgv.exe
  2⤵
  PID:13560
- C:\Windows\System\EbQuRmv.exe
  C:\Windows\System\EbQuRmv.exe
  2⤵
  PID:13588
- C:\Windows\System\KdOtYao.exe
  C:\Windows\System\KdOtYao.exe
  2⤵
  PID:13616
- C:\Windows\System\aopbtXO.exe
  C:\Windows\System\aopbtXO.exe
  2⤵
  PID:13644
- C:\Windows\System\sSxHvjO.exe
  C:\Windows\System\sSxHvjO.exe
  2⤵
  PID:13672
- C:\Windows\System\cPBdfqX.exe
  C:\Windows\System\cPBdfqX.exe
  2⤵
  PID:13700
- C:\Windows\System\yOifaBx.exe
  C:\Windows\System\yOifaBx.exe
  2⤵
  PID:13728
- C:\Windows\System\amiLvEw.exe
  C:\Windows\System\amiLvEw.exe
  2⤵
  PID:13756
- C:\Windows\System\brYWFoy.exe
  C:\Windows\System\brYWFoy.exe
  2⤵
  PID:13784
- C:\Windows\System\jGOaqDD.exe
  C:\Windows\System\jGOaqDD.exe
  2⤵
  PID:13812
- C:\Windows\System\baawxtL.exe
  C:\Windows\System\baawxtL.exe
  2⤵
  PID:13840
- C:\Windows\System\gCSQDRm.exe
  C:\Windows\System\gCSQDRm.exe
  2⤵
  PID:13868
- C:\Windows\System\WzFSHSR.exe
  C:\Windows\System\WzFSHSR.exe
  2⤵
  PID:13896
- C:\Windows\System\eKxhnSQ.exe
  C:\Windows\System\eKxhnSQ.exe
  2⤵
  PID:13924
- C:\Windows\System\jQFdYcz.exe
  C:\Windows\System\jQFdYcz.exe
  2⤵
  PID:13952
- C:\Windows\System\HplpGau.exe
  C:\Windows\System\HplpGau.exe
  2⤵
  PID:13980
- C:\Windows\System\fdQgsUk.exe
  C:\Windows\System\fdQgsUk.exe
  2⤵
  PID:14008
- C:\Windows\System\IXFyPRZ.exe
  C:\Windows\System\IXFyPRZ.exe
  2⤵
  PID:14040
- C:\Windows\System\WpaJubG.exe
  C:\Windows\System\WpaJubG.exe
  2⤵
  PID:14068
- C:\Windows\System\JHTISnm.exe
  C:\Windows\System\JHTISnm.exe
  2⤵
  PID:14096
- C:\Windows\System\nWnKMUn.exe
  C:\Windows\System\nWnKMUn.exe
  2⤵
  PID:14124
- C:\Windows\System\BtISJGS.exe
  C:\Windows\System\BtISJGS.exe
  2⤵
  PID:14152
- C:\Windows\System\XjhfckA.exe
  C:\Windows\System\XjhfckA.exe
  2⤵
  PID:14180
- C:\Windows\System\ybztyNR.exe
  C:\Windows\System\ybztyNR.exe
  2⤵
  PID:14256
- C:\Windows\System\CZzKyGY.exe
  C:\Windows\System\CZzKyGY.exe
  2⤵
  PID:14284
- C:\Windows\System\CqwDBuQ.exe
  C:\Windows\System\CqwDBuQ.exe
  2⤵
  PID:13328
- C:\Windows\System\XhRNPXx.exe
  C:\Windows\System\XhRNPXx.exe
  2⤵
  PID:13356
- C:\Windows\System\zgZnJQe.exe
  C:\Windows\System\zgZnJQe.exe
  2⤵
  PID:7108
- C:\Windows\System\eLsVzxO.exe
  C:\Windows\System\eLsVzxO.exe
  2⤵
  PID:13612
- C:\Windows\System\LBYydRm.exe
  C:\Windows\System\LBYydRm.exe
  2⤵
  PID:6164
- C:\Windows\System\USMADkt.exe
  C:\Windows\System\USMADkt.exe
  2⤵
  PID:13692
- C:\Windows\System\emnqGaO.exe
  C:\Windows\System\emnqGaO.exe
  2⤵
  PID:6336
- C:\Windows\System\EjUiXxJ.exe
  C:\Windows\System\EjUiXxJ.exe
  2⤵
  PID:1692
- C:\Windows\System\cfRtGnj.exe
  C:\Windows\System\cfRtGnj.exe
  2⤵
  PID:13852
- C:\Windows\System\vCIJBaz.exe
  C:\Windows\System\vCIJBaz.exe
  2⤵
  PID:6972
- C:\Windows\System\hjPcsqL.exe
  C:\Windows\System\hjPcsqL.exe
  2⤵
  PID:14080
- C:\Windows\System\chRiUKA.exe
  C:\Windows\System\chRiUKA.exe
  2⤵
  PID:14136
- C:\Windows\System\jFAXuSq.exe
  C:\Windows\System\jFAXuSq.exe
  2⤵
  PID:14176
- C:\Windows\System\EUwpfZo.exe
  C:\Windows\System\EUwpfZo.exe
  2⤵
  PID:14204
- C:\Windows\System\xSAvebs.exe
  C:\Windows\System\xSAvebs.exe
  2⤵
  PID:6656
- C:\Windows\System\eIlLxHm.exe
  C:\Windows\System\eIlLxHm.exe
  2⤵
  PID:648
- C:\Windows\System\iLNLICx.exe
  C:\Windows\System\iLNLICx.exe
  2⤵
  PID:6800
- C:\Windows\System\isBGvya.exe
  C:\Windows\System\isBGvya.exe
  2⤵
  PID:13316
- C:\Windows\System\dPyUGDL.exe
  C:\Windows\System\dPyUGDL.exe
  2⤵
  PID:6644
- C:\Windows\System\OWLwpPP.exe
  C:\Windows\System\OWLwpPP.exe
  2⤵
  PID:13388
- C:\Windows\System\vjQsjOG.exe
  C:\Windows\System\vjQsjOG.exe
  2⤵
  PID:13440
- C:\Windows\System\QumHMFe.exe
  C:\Windows\System\QumHMFe.exe
  2⤵
  PID:13468
- C:\Windows\System\dDGwOfD.exe
  C:\Windows\System\dDGwOfD.exe
  2⤵
  PID:13516
- C:\Windows\System\gXPyRxL.exe
  C:\Windows\System\gXPyRxL.exe
  2⤵
  PID:13528
- C:\Windows\System\FpyypJs.exe
  C:\Windows\System\FpyypJs.exe
  2⤵
  PID:13580
- C:\Windows\System\CEVAMVG.exe
  C:\Windows\System\CEVAMVG.exe
  2⤵
  PID:7192
- C:\Windows\System\oUvZKQt.exe
  C:\Windows\System\oUvZKQt.exe
  2⤵
  PID:7256
- C:\Windows\System\bpoYpjQ.exe
  C:\Windows\System\bpoYpjQ.exe
  2⤵
  PID:7380
- C:\Windows\System\xaCtCYA.exe
  C:\Windows\System\xaCtCYA.exe
  2⤵
  PID:13776
- C:\Windows\System\Lyynnwd.exe
  C:\Windows\System\Lyynnwd.exe
  2⤵
  PID:6504
- C:\Windows\System\VSdSVVU.exe
  C:\Windows\System\VSdSVVU.exe
  2⤵
  PID:6624
- C:\Windows\System\wHyztwm.exe
  C:\Windows\System\wHyztwm.exe
  2⤵
  PID:6600
- C:\Windows\System\WzUNUrp.exe
  C:\Windows\System\WzUNUrp.exe
  2⤵
  PID:7516
- C:\Windows\System\QPulYiD.exe
  C:\Windows\System\QPulYiD.exe
  2⤵
  PID:7548
- C:\Windows\System\gGuHyvu.exe
  C:\Windows\System\gGuHyvu.exe
  2⤵
  PID:13992
- C:\Windows\System\PKQZBBQ.exe
  C:\Windows\System\PKQZBBQ.exe
  2⤵
  PID:6892
- C:\Windows\System\dImGfee.exe
  C:\Windows\System\dImGfee.exe
  2⤵
  PID:7664
- C:\Windows\System\LCNeStL.exe
  C:\Windows\System\LCNeStL.exe
  2⤵
  PID:14116
- C:\Windows\System\gXcWFky.exe
  C:\Windows\System\gXcWFky.exe
  2⤵
  PID:7724
- C:\Windows\System\WfGfNbU.exe
  C:\Windows\System\WfGfNbU.exe
  2⤵
  PID:7776
- C:\Windows\System\IoORmXW.exe
  C:\Windows\System\IoORmXW.exe
  2⤵
  PID:4364
- C:\Windows\System\ZcTsBMs.exe
  C:\Windows\System\ZcTsBMs.exe
  2⤵
  PID:6864
- C:\Windows\System\VJEPUMr.exe
  C:\Windows\System\VJEPUMr.exe
  2⤵
  PID:7896
- C:\Windows\System\xHywscE.exe
  C:\Windows\System\xHywscE.exe
  2⤵
  PID:7956
- C:\Windows\System\Adpxcja.exe
  C:\Windows\System\Adpxcja.exe
  2⤵
  PID:13432
- C:\Windows\System\mCnXxyB.exe
  C:\Windows\System\mCnXxyB.exe
  2⤵
  PID:6588
- C:\Windows\System\mduPNsS.exe
  C:\Windows\System\mduPNsS.exe
  2⤵
  PID:8168
- C:\Windows\System\ECirnxw.exe
  C:\Windows\System\ECirnxw.exe
  2⤵
  PID:7312
- C:\Windows\System\MHCdtcH.exe
  C:\Windows\System\MHCdtcH.exe
  2⤵
  PID:7404
- C:\Windows\System\KBOFZpc.exe
  C:\Windows\System\KBOFZpc.exe
  2⤵
  PID:13808
- C:\Windows\System\BwEzNFR.exe
  C:\Windows\System\BwEzNFR.exe
  2⤵
  PID:6868
- C:\Windows\System\musyeXE.exe
  C:\Windows\System\musyeXE.exe
  2⤵
  PID:7908
- C:\Windows\System\RAmdCzo.exe
  C:\Windows\System\RAmdCzo.exe
  2⤵
  PID:8004
- C:\Windows\System\GFOWuIN.exe
  C:\Windows\System\GFOWuIN.exe
  2⤵
  PID:14092
- C:\Windows\System\RlJFtWv.exe
  C:\Windows\System\RlJFtWv.exe
  2⤵
  PID:7732
- C:\Windows\System\ejTXeQz.exe
  C:\Windows\System\ejTXeQz.exe
  2⤵
  PID:7396
- C:\Windows\System\LAufgZM.exe
  C:\Windows\System\LAufgZM.exe
  2⤵
  PID:7836
- C:\Windows\System\rAoFmwi.exe
  C:\Windows\System\rAoFmwi.exe
  2⤵
  PID:4968
- C:\Windows\System\poxgyxC.exe
  C:\Windows\System\poxgyxC.exe
  2⤵
  PID:1948
- C:\Windows\System\jeEMRcE.exe
  C:\Windows\System\jeEMRcE.exe
  2⤵
  PID:6988
- C:\Windows\System\ymDQOgb.exe
  C:\Windows\System\ymDQOgb.exe
  2⤵
  PID:7324
- C:\Windows\System\MNsccxF.exe
  C:\Windows\System\MNsccxF.exe
  2⤵
  PID:6280
- C:\Windows\System\HIrgnLB.exe
  C:\Windows\System\HIrgnLB.exe
  2⤵
  PID:3672
- C:\Windows\System\OXPQahT.exe
  C:\Windows\System\OXPQahT.exe
  2⤵
  PID:7912
- C:\Windows\System\xivcoSR.exe
  C:\Windows\System\xivcoSR.exe
  2⤵
  PID:7316
- C:\Windows\System\ycYPWta.exe
  C:\Windows\System\ycYPWta.exe
  2⤵
  PID:7484
- C:\Windows\System\MhICpxt.exe
  C:\Windows\System\MhICpxt.exe
  2⤵
  PID:8272
- C:\Windows\System\JuFmVus.exe
  C:\Windows\System\JuFmVus.exe
  2⤵
  PID:7572
- C:\Windows\System\UkdfbCr.exe
  C:\Windows\System\UkdfbCr.exe
  2⤵
  PID:8064
- C:\Windows\System\GmuKIkC.exe
  C:\Windows\System\GmuKIkC.exe
  2⤵
  PID:3536
- C:\Windows\System\kqtpXyA.exe
  C:\Windows\System\kqtpXyA.exe
  2⤵
  PID:7808
- C:\Windows\System\QBxypwJ.exe
  C:\Windows\System\QBxypwJ.exe
  2⤵
  PID:8392
- C:\Windows\System\AYIKWPB.exe
  C:\Windows\System\AYIKWPB.exe
  2⤵
  PID:5548
- C:\Windows\System\TkNPUtk.exe
  C:\Windows\System\TkNPUtk.exe
  2⤵
  PID:8476
- C:\Windows\System\CUutVbR.exe
  C:\Windows\System\CUutVbR.exe
  2⤵
  PID:14020
- C:\Windows\System\BiXaqYS.exe
  C:\Windows\System\BiXaqYS.exe
  2⤵
  PID:8044
- C:\Windows\System\vSlPMHU.exe
  C:\Windows\System\vSlPMHU.exe
  2⤵
  PID:1460
- C:\Windows\System\JedeJAR.exe
  C:\Windows\System\JedeJAR.exe
  2⤵
  PID:8056
- C:\Windows\System\gfJJUVp.exe
  C:\Windows\System\gfJJUVp.exe
  2⤵
  PID:6380
- C:\Windows\System\ziYeKAX.exe
  C:\Windows\System\ziYeKAX.exe
  2⤵
  PID:7276
- C:\Windows\System\QuIEvAi.exe
  C:\Windows\System\QuIEvAi.exe
  2⤵
  PID:8672
- C:\Windows\System\QeIdpTI.exe
  C:\Windows\System\QeIdpTI.exe
  2⤵
  PID:8732
- C:\Windows\System\uELqmuu.exe
  C:\Windows\System\uELqmuu.exe
  2⤵
  PID:8760
- C:\Windows\System\aUsQmJc.exe
  C:\Windows\System\aUsQmJc.exe
  2⤵
  PID:7828
- C:\Windows\System\cSBIpTg.exe
  C:\Windows\System\cSBIpTg.exe
  2⤵
  PID:8856
- C:\Windows\System\mOPEgdX.exe
  C:\Windows\System\mOPEgdX.exe
  2⤵
  PID:7984
- C:\Windows\System\tdYIdcQ.exe
  C:\Windows\System\tdYIdcQ.exe
  2⤵
  PID:14252
- C:\Windows\System\zkghhfn.exe
  C:\Windows\System\zkghhfn.exe
  2⤵
  PID:9004
- C:\Windows\System\GLNsHxF.exe
  C:\Windows\System\GLNsHxF.exe
  2⤵
  PID:9068
- C:\Windows\System\uHweymo.exe
  C:\Windows\System\uHweymo.exe
  2⤵
  PID:7592
- C:\Windows\System\Jhsqfvg.exe
  C:\Windows\System\Jhsqfvg.exe
  2⤵
  PID:8164
- C:\Windows\System\UYrZTsd.exe
  C:\Windows\System\UYrZTsd.exe
  2⤵
  PID:9188
- C:\Windows\System\WYEPEys.exe
  C:\Windows\System\WYEPEys.exe
  2⤵
  PID:8408
- C:\Windows\System\mAlNPUY.exe
  C:\Windows\System\mAlNPUY.exe
  2⤵
  PID:8036
- C:\Windows\System\HbunQgI.exe
  C:\Windows\System\HbunQgI.exe
  2⤵
  PID:7372
- C:\Windows\System\ENNnBuC.exe
  C:\Windows\System\ENNnBuC.exe
  2⤵
  PID:8588
- C:\Windows\System\muSYVFh.exe
  C:\Windows\System\muSYVFh.exe
  2⤵
  PID:2512
- C:\Windows\System\mQqrOgj.exe
  C:\Windows\System\mQqrOgj.exe
  2⤵
  PID:8632
- C:\Windows\System\bskqkpH.exe
  C:\Windows\System\bskqkpH.exe
  2⤵
  PID:9152
- C:\Windows\System\tLagoEm.exe
  C:\Windows\System\tLagoEm.exe
  2⤵
  PID:8808
- C:\Windows\System\YtzuqCC.exe
  C:\Windows\System\YtzuqCC.exe
  2⤵
  PID:8900
- C:\Windows\System\ZDHhibJ.exe
  C:\Windows\System\ZDHhibJ.exe
  2⤵
  PID:7284
- C:\Windows\System\wUTKEIG.exe
  C:\Windows\System\wUTKEIG.exe
  2⤵
  PID:9112
- C:\Windows\System\YZWXITv.exe
  C:\Windows\System\YZWXITv.exe
  2⤵
  PID:8676
- C:\Windows\System\fVYeXoi.exe
  C:\Windows\System\fVYeXoi.exe
  2⤵
  PID:8208
- C:\Windows\System\VHynvOw.exe
  C:\Windows\System\VHynvOw.exe
  2⤵
  PID:8916
- C:\Windows\System\sEVjesq.exe
  C:\Windows\System\sEVjesq.exe
  2⤵
  PID:9060
- C:\Windows\System\xhERUBv.exe
  C:\Windows\System\xhERUBv.exe
  2⤵
  PID:9000
- C:\Windows\System\qUylTja.exe
  C:\Windows\System\qUylTja.exe
  2⤵
  PID:8580
- C:\Windows\System\YUITYgG.exe
  C:\Windows\System\YUITYgG.exe
  2⤵
  PID:9120
- C:\Windows\System\zBbEJDt.exe
  C:\Windows\System\zBbEJDt.exe
  2⤵
  PID:8232
- C:\Windows\System\mEqBTqn.exe
  C:\Windows\System\mEqBTqn.exe
  2⤵
  PID:8864
- C:\Windows\System\DtztDDs.exe
  C:\Windows\System\DtztDDs.exe
  2⤵
  PID:9176
- C:\Windows\System\vvcxuVm.exe
  C:\Windows\System\vvcxuVm.exe
  2⤵
  PID:9036
- C:\Windows\System\qjRFoXL.exe
  C:\Windows\System\qjRFoXL.exe
  2⤵
  PID:9332
- C:\Windows\System\psQXOxi.exe
  C:\Windows\System\psQXOxi.exe
  2⤵
  PID:8784
- C:\Windows\System\ewopwcZ.exe
  C:\Windows\System\ewopwcZ.exe
  2⤵
  PID:9428
- C:\Windows\System\IlJTKuL.exe
  C:\Windows\System\IlJTKuL.exe
  2⤵
  PID:8744
- C:\Windows\System\sFWxbEI.exe
  C:\Windows\System\sFWxbEI.exe
  2⤵
  PID:9564
- C:\Windows\System\wVjlXMc.exe
  C:\Windows\System\wVjlXMc.exe
  2⤵
  PID:9420
- C:\Windows\System\lDwVydd.exe
  C:\Windows\System\lDwVydd.exe
  2⤵
  PID:1060
- C:\Windows\System\KghkYfm.exe
  C:\Windows\System\KghkYfm.exe
  2⤵
  PID:9308
- C:\Windows\System\jDngIgP.exe
  C:\Windows\System\jDngIgP.exe
  2⤵
  PID:9700
- C:\Windows\System\AKoCkQP.exe
  C:\Windows\System\AKoCkQP.exe
  2⤵
  PID:9728
- C:\Windows\System\JoLbtVO.exe
  C:\Windows\System\JoLbtVO.exe
  2⤵
  PID:9652
- C:\Windows\System\qrZRjqq.exe
  C:\Windows\System\qrZRjqq.exe
  2⤵
  PID:8780
- C:\Windows\System\MFtAONV.exe
  C:\Windows\System\MFtAONV.exe
  2⤵
  PID:6612
- C:\Windows\System\QWMbUyI.exe
  C:\Windows\System\QWMbUyI.exe
  2⤵
  PID:9940
- C:\Windows\System\mhRTQlP.exe
  C:\Windows\System\mhRTQlP.exe
  2⤵
  PID:9840
- C:\Windows\System\gJCKVRw.exe
  C:\Windows\System\gJCKVRw.exe
  2⤵
  PID:10012
- C:\Windows\System\FKKAkcn.exe
  C:\Windows\System\FKKAkcn.exe
  2⤵
  PID:9968
- C:\Windows\System\PjeFVBi.exe
  C:\Windows\System\PjeFVBi.exe
  2⤵
  PID:10072
- C:\Windows\System\mJcXjUB.exe
  C:\Windows\System\mJcXjUB.exe
  2⤵
  PID:14344
- C:\Windows\System\NegmmKy.exe
  C:\Windows\System\NegmmKy.exe
  2⤵
  PID:14376
- C:\Windows\System\bTMMhMk.exe
  C:\Windows\System\bTMMhMk.exe
  2⤵
  PID:14400
- C:\Windows\System\ciibVdg.exe
  C:\Windows\System\ciibVdg.exe
  2⤵
  PID:14428
- C:\Windows\System\cxcMCxe.exe
  C:\Windows\System\cxcMCxe.exe
  2⤵
  PID:14460
- C:\Windows\System\NsGkFIR.exe
  C:\Windows\System\NsGkFIR.exe
  2⤵
  PID:14488
- C:\Windows\System\NEasDkU.exe
  C:\Windows\System\NEasDkU.exe
  2⤵
  PID:14516
- C:\Windows\System\AGMBjTU.exe
  C:\Windows\System\AGMBjTU.exe
  2⤵
  PID:14548
- C:\Windows\System\cFdoMmw.exe
  C:\Windows\System\cFdoMmw.exe
  2⤵
  PID:14604
- C:\Windows\System\yPwsJfI.exe
  C:\Windows\System\yPwsJfI.exe
  2⤵
  PID:14660
- C:\Windows\System\cUDeMBA.exe
  C:\Windows\System\cUDeMBA.exe
  2⤵
  PID:14676
- C:\Windows\System\iLXhiiK.exe
  C:\Windows\System\iLXhiiK.exe
  2⤵
  PID:14704
- C:\Windows\System\dUDwKIr.exe
  C:\Windows\System\dUDwKIr.exe
  2⤵
  PID:14732
- C:\Windows\System\UcJzzlk.exe
  C:\Windows\System\UcJzzlk.exe
  2⤵
  PID:14760
- C:\Windows\System\WaGwnuM.exe
  C:\Windows\System\WaGwnuM.exe
  2⤵
  PID:14788
- C:\Windows\System\ilmTebD.exe
  C:\Windows\System\ilmTebD.exe
  2⤵
  PID:14816
- C:\Windows\System\GaLpEdX.exe
  C:\Windows\System\GaLpEdX.exe
  2⤵
  PID:14844
- C:\Windows\System\cAdmNkS.exe
  C:\Windows\System\cAdmNkS.exe
  2⤵
  PID:14872
- C:\Windows\System\EyzclxW.exe
  C:\Windows\System\EyzclxW.exe
  2⤵
  PID:14948
- C:\Windows\System\lgjZDZO.exe
  C:\Windows\System\lgjZDZO.exe
  2⤵
  PID:14972
- C:\Windows\System\koQqQrC.exe
  C:\Windows\System\koQqQrC.exe
  2⤵
  PID:15000
- C:\Windows\System\rPGbJMr.exe
  C:\Windows\System\rPGbJMr.exe
  2⤵
  PID:15020
- C:\Windows\System\hLnpPGi.exe
  C:\Windows\System\hLnpPGi.exe
  2⤵
  PID:15056
- C:\Windows\System\NbJTdAv.exe
  C:\Windows\System\NbJTdAv.exe
  2⤵
  PID:15092
- C:\Windows\System\aNaYQYm.exe
  C:\Windows\System\aNaYQYm.exe
  2⤵
  PID:15120
- C:\Windows\System\qSFXsso.exe
  C:\Windows\System\qSFXsso.exe
  2⤵
  PID:15148
- C:\Windows\System\ogKjpPL.exe
  C:\Windows\System\ogKjpPL.exe
  2⤵
  PID:15176
- C:\Windows\System\PngYZhQ.exe
  C:\Windows\System\PngYZhQ.exe
  2⤵
  PID:15204
- C:\Windows\System\MZamOQF.exe
  C:\Windows\System\MZamOQF.exe
  2⤵
  PID:15232
- C:\Windows\System\MmiNter.exe
  C:\Windows\System\MmiNter.exe
  2⤵
  PID:15260
- C:\Windows\System\fxBQNeQ.exe
  C:\Windows\System\fxBQNeQ.exe
  2⤵
  PID:15288
- C:\Windows\System\fhdGaAL.exe
  C:\Windows\System\fhdGaAL.exe
  2⤵
  PID:15316
- C:\Windows\System\hBPVobj.exe
  C:\Windows\System\hBPVobj.exe
  2⤵
  PID:15344
- C:\Windows\System\MKRbocT.exe
  C:\Windows\System\MKRbocT.exe
  2⤵
  PID:14340
- C:\Windows\System\LFlDjZy.exe
  C:\Windows\System\LFlDjZy.exe
  2⤵
  PID:10180
- C:\Windows\System\zvRvXdF.exe
  C:\Windows\System\zvRvXdF.exe
  2⤵
  PID:9172
- C:\Windows\System\xbEPJNg.exe
  C:\Windows\System\xbEPJNg.exe
  2⤵
  PID:9268
- C:\Windows\System\VGGRVMx.exe
  C:\Windows\System\VGGRVMx.exe
  2⤵
  PID:9400
- C:\Windows\System\oioCGqO.exe
  C:\Windows\System\oioCGqO.exe
  2⤵
  PID:14540
- C:\Windows\System\cyIGOgN.exe
  C:\Windows\System\cyIGOgN.exe
  2⤵
  PID:14580
- C:\Windows\System\vzEVrdn.exe
  C:\Windows\System\vzEVrdn.exe
  2⤵
  PID:14576
- C:\Windows\System\VbwRtCL.exe
  C:\Windows\System\VbwRtCL.exe
  2⤵
  PID:14624
- C:\Windows\System\FTPDpNK.exe
  C:\Windows\System\FTPDpNK.exe
  2⤵
  PID:9744
- C:\Windows\System\uwVrdkw.exe
  C:\Windows\System\uwVrdkw.exe
  2⤵
  PID:9804
- C:\Windows\System\tkFjApl.exe
  C:\Windows\System\tkFjApl.exe
  2⤵
  PID:14716
- C:\Windows\System\PVivsxC.exe
  C:\Windows\System\PVivsxC.exe
  2⤵
  PID:10004
- C:\Windows\System\ptwpJkv.exe
  C:\Windows\System\ptwpJkv.exe
  2⤵
  PID:14780
- C:\Windows\System\lpqCOez.exe
  C:\Windows\System\lpqCOez.exe
  2⤵
  PID:14828
- C:\Windows\System\YtfcIIN.exe
  C:\Windows\System\YtfcIIN.exe
  2⤵
  PID:9264
- C:\Windows\System\HnsHFvf.exe
  C:\Windows\System\HnsHFvf.exe
  2⤵
  PID:9552
- C:\Windows\System\yDMIbfr.exe
  C:\Windows\System\yDMIbfr.exe
  2⤵
  PID:14912
- C:\Windows\System\SeVrEWN.exe
  C:\Windows\System\SeVrEWN.exe
  2⤵
  PID:9856
- C:\Windows\System\bShQlex.exe
  C:\Windows\System\bShQlex.exe
  2⤵
  PID:10024
- C:\Windows\System\EnmmGXw.exe
  C:\Windows\System\EnmmGXw.exe
  2⤵
  PID:14992
- C:\Windows\System\EzjDKYN.exe
  C:\Windows\System\EzjDKYN.exe
  2⤵
  PID:14996
- C:\Windows\System\FHIRUWG.exe
  C:\Windows\System\FHIRUWG.exe
  2⤵
  PID:14960
- C:\Windows\System\JAJYWOw.exe
  C:\Windows\System\JAJYWOw.exe
  2⤵
  PID:8928
- C:\Windows\System\zpAxCoY.exe
  C:\Windows\System\zpAxCoY.exe
  2⤵
  PID:15104
- C:\Windows\System\AYyjsmx.exe
  C:\Windows\System\AYyjsmx.exe
  2⤵
  PID:15144
- C:\Windows\System\sVDBwHW.exe
  C:\Windows\System\sVDBwHW.exe
  2⤵
  PID:10284
- C:\Windows\System\TFefOlO.exe
  C:\Windows\System\TFefOlO.exe
  2⤵
  PID:10304
- C:\Windows\System\SRAKxlk.exe
  C:\Windows\System\SRAKxlk.exe
  2⤵
  PID:10360
- C:\Windows\System\PukiXvw.exe
  C:\Windows\System\PukiXvw.exe
  2⤵
  PID:15284
- C:\Windows\System\OtByQsL.exe
  C:\Windows\System\OtByQsL.exe
  2⤵
  PID:15312
- C:\Windows\System\EqVeTFS.exe
  C:\Windows\System\EqVeTFS.exe
  2⤵
  PID:10472
- C:\Windows\System\RWAmaDt.exe
  C:\Windows\System\RWAmaDt.exe
  2⤵
  PID:14368
- C:\Windows\System\igxhkLv.exe
  C:\Windows\System\igxhkLv.exe
  2⤵
  PID:10204
- C:\Windows\System\VEYlPMB.exe
  C:\Windows\System\VEYlPMB.exe
  2⤵
  PID:14472
- C:\Windows\System\Mlrcgce.exe
  C:\Windows\System\Mlrcgce.exe
  2⤵
  PID:10676
- C:\Windows\System\HCXTuPl.exe
  C:\Windows\System\HCXTuPl.exe
  2⤵
  PID:15068
- C:\Windows\System\PCjjCuc.exe
  C:\Windows\System\PCjjCuc.exe
  2⤵
  PID:7008
- C:\Windows\System\pJRxoJa.exe
  C:\Windows\System\pJRxoJa.exe
  2⤵
  PID:7064
- C:\Windows\System\kSQqhmg.exe
  C:\Windows\System\kSQqhmg.exe
  2⤵
  PID:14628
- C:\Windows\System\lrqskiy.exe
  C:\Windows\System\lrqskiy.exe
  2⤵
  PID:9796
- C:\Windows\System\MesGYsO.exe
  C:\Windows\System\MesGYsO.exe
  2⤵
  PID:14744
- C:\Windows\System\IIAReLv.exe
  C:\Windows\System\IIAReLv.exe
  2⤵
  PID:10144
- C:\Windows\System\GfTdoIP.exe
  C:\Windows\System\GfTdoIP.exe
  2⤵
  PID:14932
- C:\Windows\System\pCQuZxQ.exe
  C:\Windows\System\pCQuZxQ.exe
  2⤵
  PID:14928
- C:\Windows\System\RWbjhbK.exe
  C:\Windows\System\RWbjhbK.exe
  2⤵
  PID:15012
- C:\Windows\System\HJEIpLf.exe
  C:\Windows\System\HJEIpLf.exe
  2⤵
  PID:4020
- C:\Windows\System\vMzsviP.exe
  C:\Windows\System\vMzsviP.exe
  2⤵
  PID:11168
- C:\Windows\System\AKZBKzj.exe
  C:\Windows\System\AKZBKzj.exe
  2⤵
  PID:15228
- C:\Windows\System\iCqJHYf.exe
  C:\Windows\System\iCqJHYf.exe
  2⤵
  PID:10388
- C:\Windows\System\QeqPfrV.exe
  C:\Windows\System\QeqPfrV.exe
  2⤵
  PID:15340
- C:\Windows\System\iaVeqDN.exe
  C:\Windows\System\iaVeqDN.exe
  2⤵
  PID:9888
- C:\Windows\System\RZDSKeQ.exe
  C:\Windows\System\RZDSKeQ.exe
  2⤵
  PID:10612
- C:\Windows\System\lArjnSJ.exe
  C:\Windows\System\lArjnSJ.exe
  2⤵
  PID:14508
- C:\Windows\System\pgycqat.exe
  C:\Windows\System\pgycqat.exe
  2⤵
  PID:14616
- C:\Windows\System\JJrEBCX.exe
  C:\Windows\System\JJrEBCX.exe
  2⤵
  PID:10908
- C:\Windows\System\noAJDha.exe
  C:\Windows\System\noAJDha.exe
  2⤵
  PID:9320
- C:\Windows\System\snjAVrB.exe
  C:\Windows\System\snjAVrB.exe
  2⤵
  PID:6772
- C:\Windows\System\XNhgPkw.exe
  C:\Windows\System\XNhgPkw.exe
  2⤵
  PID:4512
- C:\Windows\System\iFAfvTr.exe
  C:\Windows\System\iFAfvTr.exe
  2⤵
  PID:10904
- C:\Windows\System\dnEWwRy.exe
  C:\Windows\System\dnEWwRy.exe
  2⤵
  PID:10556
- C:\Windows\System\uPVGYSs.exe
  C:\Windows\System\uPVGYSs.exe
  2⤵
  PID:14584
- C:\Windows\System\xYcUzLb.exe
  C:\Windows\System\xYcUzLb.exe
  2⤵
  PID:14836
- C:\Windows\System\mSCsmIN.exe
  C:\Windows\System\mSCsmIN.exe
  2⤵
  PID:14936
- C:\Windows\System\dJkARax.exe
  C:\Windows\System\dJkARax.exe
  2⤵
  PID:15140
- C:\Windows\System\JqZVpsn.exe
  C:\Windows\System\JqZVpsn.exe
  2⤵
  PID:10312
- C:\Windows\System\BfRFnvu.exe
  C:\Windows\System\BfRFnvu.exe
  2⤵
  PID:10396
- C:\Windows\System\RttUXTI.exe
  C:\Windows\System\RttUXTI.exe
  2⤵
  PID:11100
- C:\Windows\System\yqwWQiJ.exe
  C:\Windows\System\yqwWQiJ.exe
  2⤵
  PID:14656
- C:\Windows\System\HLpHstm.exe
  C:\Windows\System\HLpHstm.exe
  2⤵
  PID:7972
- C:\Windows\System\ylEhJeZ.exe
  C:\Windows\System\ylEhJeZ.exe
  2⤵
  PID:15132
- C:\Windows\System\qMCXCZn.exe
  C:\Windows\System\qMCXCZn.exe
  2⤵
  PID:15272
- C:\Windows\System\JgcEedH.exe
  C:\Windows\System\JgcEedH.exe
  2⤵
  PID:3556
- C:\Windows\System\SRdSEKE.exe
  C:\Windows\System\SRdSEKE.exe
  2⤵
  PID:10800
- C:\Windows\System\ptkeUlH.exe
  C:\Windows\System\ptkeUlH.exe
  2⤵
  PID:11064
- C:\Windows\System\ulyHYSY.exe
  C:\Windows\System\ulyHYSY.exe
  2⤵
  PID:10880
- C:\Windows\System\fWiDlGi.exe
  C:\Windows\System\fWiDlGi.exe
  2⤵
  PID:11020
- C:\Windows\System\RwLtYbc.exe
  C:\Windows\System\RwLtYbc.exe
  2⤵
  PID:10816
- C:\Windows\System\EWApcyH.exe
  C:\Windows\System\EWApcyH.exe
  2⤵
  PID:1720
- C:\Windows\System\eRVPCuE.exe
  C:\Windows\System\eRVPCuE.exe
  2⤵
  PID:232
- C:\Windows\System\wgfUGvw.exe
  C:\Windows\System\wgfUGvw.exe
  2⤵
  PID:11032
- C:\Windows\System\ejhdiXb.exe
  C:\Windows\System\ejhdiXb.exe
  2⤵
  PID:11244
- C:\Windows\System\wpnQBMl.exe
  C:\Windows\System\wpnQBMl.exe
  2⤵
  PID:3204
- C:\Windows\System\twdPYAu.exe
  C:\Windows\System\twdPYAu.exe
  2⤵
  PID:3576
- C:\Windows\System\DMAtLQp.exe
  C:\Windows\System\DMAtLQp.exe
  2⤵
  PID:11184
- C:\Windows\System\MSDojfd.exe
  C:\Windows\System\MSDojfd.exe
  2⤵
  PID:10708
- C:\Windows\System\CevhFsB.exe
  C:\Windows\System\CevhFsB.exe
  2⤵
  PID:10968
- C:\Windows\System\CvPuOIG.exe
  C:\Windows\System\CvPuOIG.exe
  2⤵
  PID:11300
- C:\Windows\System\DaCrdtQ.exe
  C:\Windows\System\DaCrdtQ.exe
  2⤵
  PID:11320
- C:\Windows\System\PeNJNFZ.exe
  C:\Windows\System\PeNJNFZ.exe
  2⤵
  PID:15380
- C:\Windows\System\yleojeZ.exe
  C:\Windows\System\yleojeZ.exe
  2⤵
  PID:15400
- C:\Windows\System\znpJWSN.exe
  C:\Windows\System\znpJWSN.exe
  2⤵
  PID:15428
- C:\Windows\System\mFZPQKj.exe
  C:\Windows\System\mFZPQKj.exe
  2⤵
  PID:15456
- C:\Windows\System\tHyqsuv.exe
  C:\Windows\System\tHyqsuv.exe
  2⤵
  PID:15488
- C:\Windows\System\LPkdzDL.exe
  C:\Windows\System\LPkdzDL.exe
  2⤵
  PID:15516
- C:\Windows\System\EskXAuv.exe
  C:\Windows\System\EskXAuv.exe
  2⤵
  PID:15544
- C:\Windows\System\FVUxudn.exe
  C:\Windows\System\FVUxudn.exe
  2⤵
  PID:15572
- C:\Windows\System\SkQaqVX.exe
  C:\Windows\System\SkQaqVX.exe
  2⤵
  PID:15600
- C:\Windows\System\cdRPWuU.exe
  C:\Windows\System\cdRPWuU.exe
  2⤵
  PID:15628
- C:\Windows\System\LIGKquu.exe
  C:\Windows\System\LIGKquu.exe
  2⤵
  PID:15656
- C:\Windows\System\PjwbBIq.exe
  C:\Windows\System\PjwbBIq.exe
  2⤵
  PID:15684
- C:\Windows\System\HgpQipF.exe
  C:\Windows\System\HgpQipF.exe
  2⤵
  PID:15712
- C:\Windows\System\WswblhC.exe
  C:\Windows\System\WswblhC.exe
  2⤵
  PID:15740
- C:\Windows\System\NyDAbvZ.exe
  C:\Windows\System\NyDAbvZ.exe
  2⤵
  PID:15772
- C:\Windows\System\QOXepQu.exe
  C:\Windows\System\QOXepQu.exe
  2⤵
  PID:15796
- C:\Windows\System\lVpzSDV.exe
  C:\Windows\System\lVpzSDV.exe
  2⤵
  PID:15824
- C:\Windows\System\pJAgRSY.exe
  C:\Windows\System\pJAgRSY.exe
  2⤵
  PID:15852
- C:\Windows\System\VNjncXg.exe
  C:\Windows\System\VNjncXg.exe
  2⤵
  PID:15880
- C:\Windows\System\cTffUSy.exe
  C:\Windows\System\cTffUSy.exe
  2⤵
  PID:15908
- C:\Windows\System\RiAVIqU.exe
  C:\Windows\System\RiAVIqU.exe
  2⤵
  PID:15936
- C:\Windows\System\qVceIRy.exe
  C:\Windows\System\qVceIRy.exe
  2⤵
  PID:15964
- C:\Windows\System\MbyqVWw.exe
  C:\Windows\System\MbyqVWw.exe
  2⤵
  PID:16004
- C:\Windows\System\KceqyTz.exe
  C:\Windows\System\KceqyTz.exe
  2⤵
  PID:16024
- C:\Windows\System\SNytpeP.exe
  C:\Windows\System\SNytpeP.exe
  2⤵
  PID:16064
- C:\Windows\System\ySoUgBW.exe
  C:\Windows\System\ySoUgBW.exe
  2⤵
  PID:16080
- C:\Windows\System\gejpqRn.exe
  C:\Windows\System\gejpqRn.exe
  2⤵
  PID:16108
- C:\Windows\System\SKqVkCI.exe
  C:\Windows\System\SKqVkCI.exe
  2⤵
  PID:16144
- C:\Windows\System\zkxREVC.exe
  C:\Windows\System\zkxREVC.exe
  2⤵
  PID:16164
- C:\Windows\System\eKawMpO.exe
  C:\Windows\System\eKawMpO.exe
  2⤵
  PID:16192
- C:\Windows\System\ToSjcpo.exe
  C:\Windows\System\ToSjcpo.exe
  2⤵
  PID:16220
- C:\Windows\System\fqMEfsK.exe
  C:\Windows\System\fqMEfsK.exe
  2⤵
  PID:16248
- C:\Windows\System\JboGrZB.exe
  C:\Windows\System\JboGrZB.exe
  2⤵
  PID:16280
- C:\Windows\System\SWWkvrR.exe
  C:\Windows\System\SWWkvrR.exe
  2⤵
  PID:16308
- C:\Windows\System\LYZIKNu.exe
  C:\Windows\System\LYZIKNu.exe
  2⤵
  PID:16332
- C:\Windows\System\DTDDgsI.exe
  C:\Windows\System\DTDDgsI.exe
  2⤵
  PID:16360
- C:\Windows\System\MDpkYpF.exe
  C:\Windows\System\MDpkYpF.exe
  2⤵
  PID:15364
- C:\Windows\System\DxWgejd.exe
  C:\Windows\System\DxWgejd.exe
  2⤵
  PID:15396
- C:\Windows\System\eTfylwJ.exe
  C:\Windows\System\eTfylwJ.exe
  2⤵
  PID:15448
- C:\Windows\System\jiVgoDg.exe
  C:\Windows\System\jiVgoDg.exe
  2⤵
  PID:2804
- C:\Windows\System\sdbKZRK.exe
  C:\Windows\System\sdbKZRK.exe
  2⤵
  PID:15512
- C:\Windows\System\dhRVmHA.exe
  C:\Windows\System\dhRVmHA.exe
  2⤵
  PID:15584
- C:\Windows\System\GAkauCQ.exe
  C:\Windows\System\GAkauCQ.exe
  2⤵
  PID:15624
- C:\Windows\System\aqwepbT.exe
  C:\Windows\System\aqwepbT.exe
  2⤵
  PID:15652
- C:\Windows\System\bTzibdu.exe
  C:\Windows\System\bTzibdu.exe
  2⤵
  PID:15704
- C:\Windows\System\JSOGJZa.exe
  C:\Windows\System\JSOGJZa.exe
  2⤵
  PID:11688
- C:\Windows\System\eFFsMgh.exe
  C:\Windows\System\eFFsMgh.exe
  2⤵
  PID:15788
- C:\Windows\System\IIDxsCa.exe
  C:\Windows\System\IIDxsCa.exe
  2⤵
  PID:15836
- C:\Windows\System\kPNTvMW.exe
  C:\Windows\System\kPNTvMW.exe
  2⤵
  PID:11828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BqZIbiS.exe

Filesize
6.0MB

MD5
e75e23081885183d64435f2195254af1

SHA1
6e49dcb45ecf74701cdc3c90296f3c2979dc5f3b

SHA256
1f5eb85e9075acb7c6e2cbd30bd2779653457794068d2fb43b77e91d4e84748f

SHA512
63688d6dfd77a36a1dec58e76168b7db681378835a20f54066d0ad303ed2cccead772602c9e2963e2406efe36835a12c215ae394140156c28e213323e136e5b0

Download Submit
C:\Windows\System\CVoFPAQ.exe

Filesize
6.0MB

MD5
c5da536690625a981c920961ea57abfe

SHA1
d0c8af2e7e9c4d3dc0a4795ce8360b0e797716af

SHA256
f80b3db6b0193951df778fce660bf3742598430e48f81755f75e1535b978a052

SHA512
f3c13afac5992f5967824cabadc09e7699026853fdf6f7fc5352699d7f6b6f2196fd0c31afe9ac78b3701888c8036b8bd3600c1568204a0d8860bcb8b40f1580

Download Submit
C:\Windows\System\CnHqPRo.exe

Filesize
6.0MB

MD5
4d9deb53e4aeda236672856ed75ba696

SHA1
cd1df4c6339a8dd40de05e210254a951bd35fe31

SHA256
4877c7c63c52f13b2af91d7837043a36bf1bfedaef9548aae045b8270ba0e193

SHA512
ed734da31223f60923520a7e344e4c2db98a118f951e67768a325ad0ce649f8fb4a0f3b5716d7d172b376f0ab0089b090b15861edf395edb0eff4888609c57f1

Download Submit
C:\Windows\System\ESooTlQ.exe

Filesize
6.0MB

MD5
245df7ba1725e7fb42fc7758aa488594

SHA1
c567dad10c55233923439e096db080ab664d48e1

SHA256
269c44eeb0258f1327c09cd20e75e4eb978736407063e62658315c463913fbed

SHA512
18da2f5d1437297918e7e6db6ea7bc9d1f7c633d318569fa56c7c6d2b4dcca7a03ff78f5625fd7843b0996ede05bf924112dc16eb356fda2869b9a90b9bdd386

Download Submit
C:\Windows\System\HDgyFMS.exe

Filesize
6.0MB

MD5
56fe749744b7768229eacdeef07b0386

SHA1
1cdddc1e48ce8604985a803ae8254f18fcd9dc43

SHA256
5f6e41d515293772d4a212f44535051484c09d7be926307b1e8ca9d57853a392

SHA512
8a8b327356b2d3562949df07705069f7e2159eeaeb58d3d9094b359c42e26f34ff55e43a34819ac95b8af1c69888820fbb7a40e23234d9d874d5fdf1c02e4c4b

Download Submit
C:\Windows\System\KVLaRml.exe

Filesize
6.0MB

MD5
5b404419b31c31cd794133b278e585e8

SHA1
981e24227569372e04ddeb8ebec7ddee2087818a

SHA256
69f8a4a8b858a8befa777fd18ab6bc21ffb050dc2adddb62869501392fe65c1b

SHA512
7615efa521ce6824b0aada4943c6694a97e49ea1b10a912f5973bade4e65047e423f10fbbb228da4fad37e1a79c408a58d7a4bc2bf579a8ba8e11f1034af4dc8

Download Submit
C:\Windows\System\LMIGEFE.exe

Filesize
6.0MB

MD5
3bcd9c59a4326ddf1c9ddc1ce6b52634

SHA1
9608d7287d38a96f71833f6ca36c8c59837672af

SHA256
674f1f3cb5b7cdaa4ee3cf2a8bdbb922f7689418b45086739569aceaf860887f

SHA512
c52f83704404400c5cbc0c84cc81f970cc3f77a4ecc1b63292b3e699a057bee55743740e072ca54824126bbbf171c76b7523a4b31ae207304e43ae5490b24575

Download Submit
C:\Windows\System\MWtAWfb.exe

Filesize
6.0MB

MD5
f00dc62b878f628d7687d4c3dc7662e2

SHA1
8ef2e9da877be05137567652879b31802ea1f2ed

SHA256
970666756ad4861475002cbd2f523f56575a17b1b33ad16728c3a3f4fa0378df

SHA512
94cef40eef1ce0255ad6a4c2fb738379f8eb08349df266c3c142580c1195618a92964c49977d44d76cb0069fe64b542443c1edc2c91bd73c6fc304e796277251

Download Submit
C:\Windows\System\RmQlJDP.exe

Filesize
6.0MB

MD5
bb52bc04ae0128becd1cf6ab81794ecf

SHA1
f0cc570b22471f7ea23c14265f166ff2819006d7

SHA256
54e8af228ee254fd9fdf965f436a46cdee45c722115261853bfc6a5edf629306

SHA512
d0fefcbbecdfc5f89ace898b54376e5506a5e9076cb1c46caa5482568d0e3573f130a9456865f2614d4d1bbbb423241c53103581be1b27c4b0687847a93c6817

Download Submit
C:\Windows\System\RpGNORs.exe

Filesize
6.0MB

MD5
c4705f3b84d7bccfd554d6c0f0cbbb18

SHA1
0c762fadc37769e5384ed55e7ede6b88b97c362b

SHA256
24d9ac86513713fdf91cb83c2bf1d5370b487fed3b1f68d2d01b71446cc55d4b

SHA512
cb21b3e43ef0b970cf4e2e9c0b09b3e857e851d17f2f1d404c762c1ef29859911b8f2315488b9444887b843d48c243c0975c1503ec25bf50fa2dc7b6c56f8901

Download Submit
C:\Windows\System\Rqfwqzh.exe

Filesize
6.0MB

MD5
8f681a9767064b72b494f65a420ec4e6

SHA1
c7e8ce1491f9d5e317738d33b77b1eb36e3f24d3

SHA256
1aaedb81a396bb7a7cabfd330b01940c6c1193f1ee523d9268d56a273b2f96a2

SHA512
f9c247a7a1b3d2f61b43d6861bf7a3f2436b3085226f315288ce2120ca44f73b16eb5e0b3c3146b06c83065b8d4f5e60d4a456117bf91e6552c32dbeff7699f0

Download Submit
C:\Windows\System\TIEOrAb.exe

Filesize
6.0MB

MD5
5cba5d898757f53a2d90287e9ae0cb90

SHA1
1febef9c3bf0287a899b021d886b7a9e985be73d

SHA256
abcc589f38171747b8385440485ff1fa784d681127e571f179b8d8b2811307d4

SHA512
c9a435792fe5a525e4df5890f88f4a0adb4d9bdcaba4474265b5a4bbd8e11b3a4e4004c9b0c3457b3bfa83505e9cc1a48a947afe5da1386056a89487642d7e73

Download Submit
C:\Windows\System\UkqHZzu.exe

Filesize
6.0MB

MD5
ebac3bd49b6b15a1fd1cd1c62936c900

SHA1
cdca9bc158de8d2e453e40c41b1895d2b367fa29

SHA256
77c39a3743a2042a018fdc3a4de929d51239f635af57710271aeaea7d2dd2147

SHA512
004f0d867d1960ed3072888fa7d23d63155f74408ce45a94fde09c687a8052c0b86c23387f6592568f4af96ec0b20149ea0ba5e63eb225b6b5666fa3ae152708

Download Submit
C:\Windows\System\WaZBAfo.exe

Filesize
6.0MB

MD5
ea794130537794b6d6f383efddff4ba0

SHA1
6d8f4e0716dff6587a3398c1dc44ab4a7a643820

SHA256
998ab0cb410c77e1443c2a3a44ee6aac4cf91013044d33429ed0d68e785995d1

SHA512
d3fa1af4d54d7fa6861ae95625a51cf416e6ed90699429960d2f2960b13160851f00870f3d7c783c39298255ff0ae64ebb57687654f28a3c932152690790e78a

Download Submit
C:\Windows\System\XfHoHCG.exe

Filesize
6.0MB

MD5
c97a59328d6ab4595f8e4f4e61b71651

SHA1
f002ed026360f6823f77a3bda574c5564fb8f4e7

SHA256
4b84144c7755f4c23bd40f9b6512312046b277f53c7786c025a05989afc2b755

SHA512
668d568fc27ec598cbb6df90958b4875aff617d5d1db3ee1763d41e91ec956f0c123806c77a03e9d872fbb24f115259f06a019c23e446c3de7d5e79c0f4f5f37

Download Submit
C:\Windows\System\ajUAJyo.exe

Filesize
6.0MB

MD5
f12c2c5f08b76dd630c7a0281849e585

SHA1
c74d7afc7aa5b28ed8ee6d1590c44ca606c630d5

SHA256
ddc60eb7057f59667412b92e102d61c5788a173621de0feb436b9bde9f8b81c8

SHA512
e69ef5b5944366a0bf33fd5af2e4a1dbf2c7399530f404202ef8c4d4640f9b3347f26991008045c6aa4d2949ad8affdfd70a34dd178d30c1e0b9ac24c126638e

Download Submit
C:\Windows\System\bljYNeg.exe

Filesize
6.0MB

MD5
5c417b8e4128532e48a6b831f984046e

SHA1
70475734a8117c2b24af4835a47a3ce723c5133f

SHA256
0f97e56eacf2d6ab67fedc865c5cf8c50d554be424371d613921207c1a656903

SHA512
023789c9a4c4bf1b10fb054624320cfad2895aabba4dcd7301cc849464c8658534cd00c2985f14a35934a4564749d3d5364e01f9b06bf64ccabbf53a8f682e32

Download Submit
C:\Windows\System\eVixNXj.exe

Filesize
6.0MB

MD5
4e03bec37cce8165710fbf65c078c666

SHA1
8aeb4e708ddfe5848d468910d5dfe6abf393fcd2

SHA256
38b7ec6f5feac004b93b3d92d0aa032416cd7bb4346db8de5fc572af87ba79ae

SHA512
93fbb0c5bc60580675cdd657d7ce76aaaa2f49ea7317f6a5443cf2e7be170091cb29ff5750124988204a5375141bb643e0fa40e88fd447077fd742ef15bc220d

Download Submit
C:\Windows\System\euXtfjm.exe

Filesize
6.0MB

MD5
271d8ed12dd7c15e70714aeaf46dc50c

SHA1
668187bf9d23a9c3d1df95b1a5b6a8793d2200d3

SHA256
f2d83731c79d273fd1e00a92ec23f3630a37c2fd881adb73e6c3aee95dba43ca

SHA512
fd3bee159a6ec38d6720d442fb1f0d98c01a202761c7471e55e39784d57c39180fedf5ee1e234053aeaa6dd49a676a3967b4b0c429f64fc5f1308f6777091b97

Download Submit
C:\Windows\System\exQVPyT.exe

Filesize
6.0MB

MD5
2351d378de260da809b344698c80f2f2

SHA1
5391feaef2843078d9ea4ae8864b7c82273859c2

SHA256
7a812104642796be7aa37668af3026e83ccda3fe6606c8c38b862561bb129afe

SHA512
bbcfb088ca268a2bb84fcb232e2286f8575d8c6891bf7fa832d7e14e1208a3e73a6d933b300ac2063ad2df07f659cc22d13a5a2ef41e999c4e79ca5d642867e8

Download Submit
C:\Windows\System\eypzGzd.exe

Filesize
6.0MB

MD5
76734f8d5dbc8d9e519344f1cbc1ca6c

SHA1
e0ee377bf26b1fc5852e26e8d47c23894ef62147

SHA256
0f96efad8a913378db9c3de2fd01dcf7a9d7b9a529d3f9d6f2ee4ca035d8e4af

SHA512
bac8eaa45bd2f2ee2adcc912046014ba0e95a41534efab455ddc61ac8bdcce7571c217a3b71741c67b78d4fd1328572bfffa0b3dc56b52df15181263dc120487

Download Submit
C:\Windows\System\fABRlDA.exe

Filesize
6.0MB

MD5
75e194e74cdd28386805bb9609dfd233

SHA1
51c9e347775b7ad39b1a566019344bc437988d07

SHA256
1b42ebb47a136b2e0b5d7315f1da2ef924bfb75bca95842110a3cf383b42c9df

SHA512
25afbd324286743317bff7ac0c8785237ce06f0064960b6598855499645bf886b21840c2860281e712260294648d58ce57bfc96cd268cb4a95a3478ebfe9c98e

Download Submit
C:\Windows\System\grDDane.exe

Filesize
6.0MB

MD5
d1266b99d8ffb973f93315fdc8d28b8c

SHA1
93ffcd0fb10ab27b2d87a84ec4286019e5e2a639

SHA256
54f393f33a752be6b831ebca33732c1d87376685090c4736e8ca73ec941d9fc0

SHA512
84aeb2e234cd087128b168bda95f4b4cc0eac8ef61727e0a73e9475b2f3a3aee235a52d1b03cc5e3a4eaa200851db472cbad9fcd19d4898bfe5817b5320a4751

Download Submit
C:\Windows\System\hCWLhdb.exe

Filesize
6.0MB

MD5
800e04702992a038a9f75b7c6ffb46bf

SHA1
a33fa9bee27ba2a2b7aa9ae161eff13ee448f495

SHA256
010b63fc1d9ccca65532f329106993e1f04069ef59358938b550656ebd9df835

SHA512
b83997776790b7eb9816fbc6b0397f535875d89ed0d548f3e13b081649a856e0b157a1a536576eca1e764540bbba33bd7d6d664e2dbbc45569038d41e465ea24

Download Submit
C:\Windows\System\iDAYZmk.exe

Filesize
6.0MB

MD5
b2072f486affbbf084c5fa78f7e16dbf

SHA1
b3a90c01050693ebb988883ad9411138824c581a

SHA256
c1270a2ad658733f245514b6ba124af8e8bcc8b4b1fe79cda80098e81388738e

SHA512
38f1cb8c5a3a8ba5a8f429ddddd80514da3bdee0974d04a60ea16c783e1ad42d7ae94717243678a14aaf33041bfebbd1003ff6e3e52e557525f2c252c4f92fca

Download Submit
C:\Windows\System\lsHeZdz.exe

Filesize
6.0MB

MD5
162687d7d8f7ab742d2bf8e17331f994

SHA1
5edeacb17e476d305a99bc1bce6c7471c0e6a319

SHA256
bba4a715baf17f8596beb23c4a7babb3e24e33092ca30735316cebc2143e6d47

SHA512
510480ca1e6543dab42d78d198609f7f09d10daa4db026a765c61f9943c00cb60f7f5c509551bbe9acacadc4d7edd4f85f5d7919e511a78f3c6f6ef7ba8d52f1

Download Submit
C:\Windows\System\nLwPwkq.exe

Filesize
6.0MB

MD5
c69d6eba5163944de872b43449b3aef1

SHA1
6208a372eb24444dcd7912e03c31d5f93ec71e49

SHA256
8696e09ea71ac0350211a57abd0f3a1327a4e83c81ed7281447c2800f509cba6

SHA512
9513e5bb2772fb3e6ed171a92a777b9f416f3dafe49a84c9ece08fb6ddf8da160c312a16a261fd2ae517fc4bd262e002e8293edc12887b4bcf077df9de3e6113

Download Submit
C:\Windows\System\nQeNcmg.exe

Filesize
6.0MB

MD5
38fbc61b403dba11ada2064a853d44ee

SHA1
0b9ca887d86a4d811f33065df2908b01c04d6493

SHA256
28e453581ca760930c8e35ba66412cb1a5d398ab8313b993e6fcf34837e3525e

SHA512
474ebfdddaf3a5d9c74e2ac7c8131cdb04dcd56f4c8ad3d1150a78b73a8195a3af33e41e7873e35275251bf2d73a2b5798c50913348a9f054612f410d6febff2

Download Submit
C:\Windows\System\pKdmYCp.exe

Filesize
6.0MB

MD5
22ffce1fd801cc9595a73b29b932556a

SHA1
8d63a11673314901369cdea665b72ac3f7c741e9

SHA256
cae3d5fc5df4d1ea641a1e29a5049842fb9417bb9aa67592f2510bc18d8401ea

SHA512
16c3c94699900579c26cacdaa9fde42a90834ab183a755abdff6b6a34662541214e44019280177c93bf2a27f14f9f5cc3a4218bde2cf375b1b3c0ad9ee644b76

Download Submit
C:\Windows\System\pdxKSLA.exe

Filesize
6.0MB

MD5
523172d67a4b102c01083ea56c58365a

SHA1
a2842a5cc977fffd6bca70caf1659507e90cd77d

SHA256
7a88a72f7eaef82b5337861d6bf4c62155bb7ac8985fce5a31f0a597d742d3fb

SHA512
98a6dad66a596d47c0305306048882374c7dcb28f03ebe5e698511c22268fb64690eb66aaca676c83936b2fdb89880ee24315be5a7ebc4b7b057ae31543ffd84

Download Submit
C:\Windows\System\wKrzkXK.exe

Filesize
6.0MB

MD5
a38a7555e153d639d18ef4a2cf4b5f3c

SHA1
5a9d2446eb1541626911a8efd2cf817b4d0cfa61

SHA256
db74ccac166e7fd4e3950bd753efb740da934bb6f0788bd53c251396eb4f3e6b

SHA512
b46a24638b1584a4c2bd16f982b4676e98f8138c5cf2979156f92b623922751d9a102437514240129ca9a868b55721fc62f87d7476505cbaa708aa8925da82f6

Download Submit
C:\Windows\System\zZfPzLI.exe

Filesize
6.0MB

MD5
3d98ff0f91578d8a03947309e4a4051f

SHA1
5cb004d6240b75491d0c7fcc70d0995a6947d160

SHA256
ef4ecd2c7ee56d8a3191037199193eb0414782db1260710beb9334c5531d7d3f

SHA512
33981994f639998d9b6b4d5e6f1f60b7e7cdbc4329a0847a8000b66c1e8e1d44cf250ce42687d9572ae18ed9f510d620c4d6eac7013fce24a5a11ace7f040e28

Download Submit
memory/116-1468-0x00007FF7B3950000-0x00007FF7B3CA4000-memory.dmp

Filesize
3.3MB

Download
memory/116-114-0x00007FF7B3950000-0x00007FF7B3CA4000-memory.dmp

Filesize
3.3MB

Download
memory/224-112-0x00007FF6152A0000-0x00007FF6155F4000-memory.dmp

Filesize
3.3MB

Download
memory/224-1465-0x00007FF6152A0000-0x00007FF6155F4000-memory.dmp

Filesize
3.3MB

Download
memory/364-142-0x00007FF6A0FA0000-0x00007FF6A12F4000-memory.dmp

Filesize
3.3MB

Download
memory/364-1487-0x00007FF6A0FA0000-0x00007FF6A12F4000-memory.dmp

Filesize
3.3MB

Download
memory/668-186-0x00007FF76E580000-0x00007FF76E8D4000-memory.dmp

Filesize
3.3MB

Download
memory/668-616-0x00007FF76E580000-0x00007FF76E8D4000-memory.dmp

Filesize
3.3MB

Download
memory/668-2142-0x00007FF76E580000-0x00007FF76E8D4000-memory.dmp

Filesize
3.3MB

Download
memory/728-102-0x00007FF7C5BE0000-0x00007FF7C5F34000-memory.dmp

Filesize
3.3MB

Download
memory/728-1425-0x00007FF7C5BE0000-0x00007FF7C5F34000-memory.dmp

Filesize
3.3MB

Download
memory/744-465-0x00007FF7A42D0000-0x00007FF7A4624000-memory.dmp

Filesize
3.3MB

Download
memory/744-2064-0x00007FF7A42D0000-0x00007FF7A4624000-memory.dmp

Filesize
3.3MB

Download
memory/744-171-0x00007FF7A42D0000-0x00007FF7A4624000-memory.dmp

Filesize
3.3MB

Download
memory/1112-185-0x00007FF64F390000-0x00007FF64F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1112-2137-0x00007FF64F390000-0x00007FF64F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-115-0x00007FF781470000-0x00007FF7817C4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-1428-0x00007FF781470000-0x00007FF7817C4000-memory.dmp

Filesize
3.3MB

Download
memory/1484-157-0x00007FF6D2340000-0x00007FF6D2694000-memory.dmp

Filesize
3.3MB

Download
memory/1484-33-0x00007FF6D2340000-0x00007FF6D2694000-memory.dmp

Filesize
3.3MB

Download
memory/1484-1404-0x00007FF6D2340000-0x00007FF6D2694000-memory.dmp

Filesize
3.3MB

Download
memory/1764-109-0x00007FF7AB670000-0x00007FF7AB9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-1426-0x00007FF7AB670000-0x00007FF7AB9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1812-144-0x00007FF6CFD00000-0x00007FF6D0054000-memory.dmp

Filesize
3.3MB

Download
memory/1812-14-0x00007FF6CFD00000-0x00007FF6D0054000-memory.dmp

Filesize
3.3MB

Download
memory/1812-1326-0x00007FF6CFD00000-0x00007FF6D0054000-memory.dmp

Filesize
3.3MB

Download
memory/1984-148-0x00007FF66F690000-0x00007FF66F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-1398-0x00007FF66F690000-0x00007FF66F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-28-0x00007FF66F690000-0x00007FF66F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-1394-0x00007FF7ABC10000-0x00007FF7ABF64000-memory.dmp

Filesize
3.3MB

Download
memory/2108-136-0x00007FF7ABC10000-0x00007FF7ABF64000-memory.dmp

Filesize
3.3MB

Download
memory/2108-22-0x00007FF7ABC10000-0x00007FF7ABF64000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2053-0x00007FF711B60000-0x00007FF711EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-163-0x00007FF711B60000-0x00007FF711EB4000-memory.dmp

Filesize
3.3MB

Download
memory/3108-111-0x00007FF6A08D0000-0x00007FF6A0C24000-memory.dmp

Filesize
3.3MB

Download
memory/3108-1461-0x00007FF6A08D0000-0x00007FF6A0C24000-memory.dmp

Filesize
3.3MB

Download
memory/3116-6-0x00007FF7D1EF0000-0x00007FF7D2244000-memory.dmp

Filesize
3.3MB

Download
memory/3116-133-0x00007FF7D1EF0000-0x00007FF7D2244000-memory.dmp

Filesize
3.3MB

Download
memory/3116-1322-0x00007FF7D1EF0000-0x00007FF7D2244000-memory.dmp

Filesize
3.3MB

Download
memory/3244-1471-0x00007FF69C0B0000-0x00007FF69C404000-memory.dmp

Filesize
3.3MB

Download
memory/3244-116-0x00007FF69C0B0000-0x00007FF69C404000-memory.dmp

Filesize
3.3MB

Download
memory/3280-150-0x00007FF691070000-0x00007FF6913C4000-memory.dmp

Filesize
3.3MB

Download
memory/3280-41-0x00007FF691070000-0x00007FF6913C4000-memory.dmp

Filesize
3.3MB

Download
memory/3280-1403-0x00007FF691070000-0x00007FF6913C4000-memory.dmp

Filesize
3.3MB

Download
memory/3712-137-0x00007FF796C60000-0x00007FF796FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3712-1488-0x00007FF796C60000-0x00007FF796FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3944-410-0x00007FF6EECB0000-0x00007FF6EF004000-memory.dmp

Filesize
3.3MB

Download
memory/3944-2060-0x00007FF6EECB0000-0x00007FF6EF004000-memory.dmp

Filesize
3.3MB

Download
memory/3944-166-0x00007FF6EECB0000-0x00007FF6EF004000-memory.dmp

Filesize
3.3MB

Download
memory/4116-98-0x00007FF7803B0000-0x00007FF780704000-memory.dmp

Filesize
3.3MB

Download
memory/4116-1422-0x00007FF7803B0000-0x00007FF780704000-memory.dmp

Filesize
3.3MB

Download
memory/4192-110-0x00007FF7DB130000-0x00007FF7DB484000-memory.dmp

Filesize
3.3MB

Download
memory/4192-1454-0x00007FF7DB130000-0x00007FF7DB484000-memory.dmp

Filesize
3.3MB

Download
memory/4360-149-0x00007FF751F50000-0x00007FF7522A4000-memory.dmp

Filesize
3.3MB

Download
memory/4360-2049-0x00007FF751F50000-0x00007FF7522A4000-memory.dmp

Filesize
3.3MB

Download
memory/4360-302-0x00007FF751F50000-0x00007FF7522A4000-memory.dmp

Filesize
3.3MB

Download
memory/4416-143-0x00007FF76A9A0000-0x00007FF76ACF4000-memory.dmp

Filesize
3.3MB

Download
memory/4416-1486-0x00007FF76A9A0000-0x00007FF76ACF4000-memory.dmp

Filesize
3.3MB

Download
memory/4420-51-0x00007FF6714B0000-0x00007FF671804000-memory.dmp

Filesize
3.3MB

Download
memory/4420-1411-0x00007FF6714B0000-0x00007FF671804000-memory.dmp

Filesize
3.3MB

Download
memory/4420-158-0x00007FF6714B0000-0x00007FF671804000-memory.dmp

Filesize
3.3MB

Download
memory/4528-1469-0x00007FF613EF0000-0x00007FF614244000-memory.dmp

Filesize
3.3MB

Download
memory/4528-113-0x00007FF613EF0000-0x00007FF614244000-memory.dmp

Filesize
3.3MB

Download
memory/4604-55-0x00007FF71FE60000-0x00007FF7201B4000-memory.dmp

Filesize
3.3MB

Download
memory/4604-1415-0x00007FF71FE60000-0x00007FF7201B4000-memory.dmp

Filesize
3.3MB

Download
memory/4672-127-0x00007FF63E0B0000-0x00007FF63E404000-memory.dmp

Filesize
3.3MB

Download
memory/4672-194-0x00007FF63E0B0000-0x00007FF63E404000-memory.dmp

Filesize
3.3MB

Download
memory/4672-1484-0x00007FF63E0B0000-0x00007FF63E404000-memory.dmp

Filesize
3.3MB

Download
memory/4684-120-0x00007FF7CD600000-0x00007FF7CD954000-memory.dmp

Filesize
3.3MB

Download
memory/4684-0-0x00007FF7CD600000-0x00007FF7CD954000-memory.dmp

Filesize
3.3MB

Download
memory/4684-1-0x0000025094830000-0x0000025094840000-memory.dmp

Filesize
64KB

Download
memory/4880-91-0x00007FF70A870000-0x00007FF70ABC4000-memory.dmp

Filesize
3.3MB

Download
memory/4880-1423-0x00007FF70A870000-0x00007FF70ABC4000-memory.dmp

Filesize
3.3MB

Download
memory/4880-170-0x00007FF70A870000-0x00007FF70ABC4000-memory.dmp

Filesize
3.3MB

Download