cobaltstrike | 8b1449caefaad091a8bd8983bdbf79987e5aaa78c72e71f6d807b27c226b30ef

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-12-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

4cac4bdcbc4e4a849ee68058599ae732
SHA1

215e926d4cb2651fec3e67a1d59a7d24674a3a67
SHA256

8b1449caefaad091a8bd8983bdbf79987e5aaa78c72e71f6d807b27c226b30ef
SHA512

a7174c8d4d4063c696ea786817a44c62e47e4c58213680c5ffe5e72b53b2d8b0c5ccf7d5cd317c8f33bf59c918ba7218f3f67e216e0eb7e0e32a8cb4ffa37311
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b2f-6.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b84-16.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b85-22.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b86-28.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8b-59.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b80-71.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8d-77.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b8f-89.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b90-101.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b99-114.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bb0-146.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bbd-182.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bed-191.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bef-193.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bee-192.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bba-179.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bbc-177.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bbb-175.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bb4-172.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bb6-160.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bb9-159.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023baf-141.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023ba9-138.dat	cobalt_reflective_dll
behavioral2/files/0x0012000000023ba7-131.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b9b-119.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023b91-111.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8e-88.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8c-67.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8a-54.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b89-48.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b88-41.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b87-36.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b83-12.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3944-0-0x00007FF74C980000-0x00007FF74CCD4000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b2f-6.dat	xmrig
behavioral2/memory/5008-8-0x00007FF6FD250000-0x00007FF6FD5A4000-memory.dmp	xmrig
behavioral2/memory/4540-14-0x00007FF73C970000-0x00007FF73CCC4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b84-16.dat	xmrig
behavioral2/memory/2640-20-0x00007FF69D220000-0x00007FF69D574000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b85-22.dat	xmrig
behavioral2/files/0x000a000000023b86-28.dat	xmrig
behavioral2/memory/3016-31-0x00007FF63B1C0000-0x00007FF63B514000-memory.dmp	xmrig
behavioral2/memory/4048-63-0x00007FF684D70000-0x00007FF6850C4000-memory.dmp	xmrig
behavioral2/memory/3944-62-0x00007FF74C980000-0x00007FF74CCD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8b-59.dat	xmrig
behavioral2/files/0x000b000000023b80-71.dat	xmrig
behavioral2/files/0x000a000000023b8d-77.dat	xmrig
behavioral2/files/0x000b000000023b8f-89.dat	xmrig
behavioral2/memory/4592-91-0x00007FF7D65A0000-0x00007FF7D68F4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b90-101.dat	xmrig
behavioral2/memory/5108-105-0x00007FF7C3840000-0x00007FF7C3B94000-memory.dmp	xmrig
behavioral2/memory/4456-108-0x00007FF6EFE50000-0x00007FF6F01A4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b99-114.dat	xmrig
behavioral2/memory/2936-121-0x00007FF621980000-0x00007FF621CD4000-memory.dmp	xmrig
behavioral2/memory/2896-125-0x00007FF642620000-0x00007FF642974000-memory.dmp	xmrig
behavioral2/memory/4556-135-0x00007FF688770000-0x00007FF688AC4000-memory.dmp	xmrig
behavioral2/memory/2108-139-0x00007FF75D250000-0x00007FF75D5A4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023bb0-146.dat	xmrig
behavioral2/memory/1856-157-0x00007FF61A770000-0x00007FF61AAC4000-memory.dmp	xmrig
behavioral2/memory/1820-167-0x00007FF7F7A70000-0x00007FF7F7DC4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023bbd-182.dat	xmrig
behavioral2/files/0x0008000000023bed-191.dat	xmrig
behavioral2/memory/836-236-0x00007FF79BE20000-0x00007FF79C174000-memory.dmp	xmrig
behavioral2/memory/4592-240-0x00007FF7D65A0000-0x00007FF7D68F4000-memory.dmp	xmrig
behavioral2/memory/3828-239-0x00007FF7176D0000-0x00007FF717A24000-memory.dmp	xmrig
behavioral2/memory/224-238-0x00007FF713DC0000-0x00007FF714114000-memory.dmp	xmrig
behavioral2/memory/4584-237-0x00007FF725CD0000-0x00007FF726024000-memory.dmp	xmrig
behavioral2/memory/2396-235-0x00007FF71D370000-0x00007FF71D6C4000-memory.dmp	xmrig
behavioral2/memory/4308-234-0x00007FF601530000-0x00007FF601884000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bef-193.dat	xmrig
behavioral2/files/0x0008000000023bee-192.dat	xmrig
behavioral2/files/0x0008000000023bba-179.dat	xmrig
behavioral2/files/0x0008000000023bbc-177.dat	xmrig
behavioral2/files/0x0008000000023bbb-175.dat	xmrig
behavioral2/files/0x000e000000023bb4-172.dat	xmrig
behavioral2/files/0x0008000000023bb6-160.dat	xmrig
behavioral2/files/0x0008000000023bb9-159.dat	xmrig
behavioral2/memory/1140-153-0x00007FF7020F0000-0x00007FF702444000-memory.dmp	xmrig
behavioral2/memory/4224-325-0x00007FF7963C0000-0x00007FF796714000-memory.dmp	xmrig
behavioral2/memory/4332-369-0x00007FF70C6C0000-0x00007FF70CA14000-memory.dmp	xmrig
behavioral2/memory/2936-368-0x00007FF621980000-0x00007FF621CD4000-memory.dmp	xmrig
behavioral2/memory/2108-377-0x00007FF75D250000-0x00007FF75D5A4000-memory.dmp	xmrig
behavioral2/memory/4556-395-0x00007FF688770000-0x00007FF688AC4000-memory.dmp	xmrig
behavioral2/memory/1820-417-0x00007FF7F7A70000-0x00007FF7F7DC4000-memory.dmp	xmrig
behavioral2/memory/4308-436-0x00007FF601530000-0x00007FF601884000-memory.dmp	xmrig
behavioral2/memory/3752-1670-0x00007FF6A7C20000-0x00007FF6A7F74000-memory.dmp	xmrig
behavioral2/memory/3568-1685-0x00007FF6689C0000-0x00007FF668D14000-memory.dmp	xmrig
behavioral2/memory/2484-1695-0x00007FF7E15C0000-0x00007FF7E1914000-memory.dmp	xmrig
behavioral2/memory/4048-1698-0x00007FF684D70000-0x00007FF6850C4000-memory.dmp	xmrig
behavioral2/memory/3836-1707-0x00007FF743AF0000-0x00007FF743E44000-memory.dmp	xmrig
behavioral2/memory/1856-1714-0x00007FF61A770000-0x00007FF61AAC4000-memory.dmp	xmrig
behavioral2/memory/2396-1718-0x00007FF71D370000-0x00007FF71D6C4000-memory.dmp	xmrig
behavioral2/memory/5108-1735-0x00007FF7C3840000-0x00007FF7C3B94000-memory.dmp	xmrig
behavioral2/memory/2896-1754-0x00007FF642620000-0x00007FF642974000-memory.dmp	xmrig
behavioral2/memory/4332-1767-0x00007FF70C6C0000-0x00007FF70CA14000-memory.dmp	xmrig
behavioral2/memory/1140-1779-0x00007FF7020F0000-0x00007FF702444000-memory.dmp	xmrig
behavioral2/memory/4556-1777-0x00007FF688770000-0x00007FF688AC4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
5008	AvYvqGF.exe
4540	VYpzJMe.exe
2640	mTIunqQ.exe
3752	GyrMvbv.exe
3016	dHKewkK.exe
4456	WbxSBsZ.exe
3568	YZjMouX.exe
4000	RFtEiJr.exe
2484	HuMxqAM.exe
4048	TeemLSr.exe
3836	zZmlmoh.exe
1856	XJQOKnT.exe
2396	YccQTFi.exe
4264	dLlpRPz.exe
4592	YtBIWzF.exe
5108	hwGBxIf.exe
4224	wKjNKKE.exe
2936	ZBIFfyT.exe
2896	YPYYuLS.exe
4332	qKzGRhr.exe
4556	zRKuuEq.exe
2108	jkArIZg.exe
1140	aapBbEs.exe
1820	ZRmAAds.exe
4308	AftfKQv.exe
836	BlKTQLs.exe
3828	ZebHjAy.exe
4584	ZDAFTSz.exe
224	EgRYbsn.exe
4296	OUPKEIz.exe
3388	ZYBrkYK.exe
2808	gtdGaqb.exe
2564	uSffOFN.exe
3320	pflYIhv.exe
4700	daNWVlP.exe
4936	ovXAenx.exe
4396	ugRzsbp.exe
888	hRUEmkd.exe
640	FgJHVDm.exe
3224	xdqzLAp.exe
1860	xXrlOQM.exe
3020	nuXxwyj.exe
1520	TCjmKoS.exe
4524	PSieiYY.exe
752	cXEkEhG.exe
3372	gRLoiIs.exe
4864	cEgJdjS.exe
4704	PPvfhhz.exe
4484	WpQeiwX.exe
1088	dUXTxwI.exe
2868	MGJTZpO.exe
3596	YGYKhZd.exe
3728	DFittVA.exe
2412	rPZppcw.exe
4820	FXJEVvD.exe
2508	NmpMLcZ.exe
2268	bzeuzPu.exe
4808	MQBosUD.exe
636	zxAgKhn.exe
3904	wcmpmRZ.exe
4080	KtYqYKo.exe
3068	GVrklbT.exe
4888	CXeRIDj.exe
3832	dMawqtg.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3944-0-0x00007FF74C980000-0x00007FF74CCD4000-memory.dmp	upx
behavioral2/files/0x000c000000023b2f-6.dat	upx
behavioral2/memory/5008-8-0x00007FF6FD250000-0x00007FF6FD5A4000-memory.dmp	upx
behavioral2/memory/4540-14-0x00007FF73C970000-0x00007FF73CCC4000-memory.dmp	upx
behavioral2/files/0x000a000000023b84-16.dat	upx
behavioral2/memory/2640-20-0x00007FF69D220000-0x00007FF69D574000-memory.dmp	upx
behavioral2/files/0x000a000000023b85-22.dat	upx
behavioral2/files/0x000a000000023b86-28.dat	upx
behavioral2/memory/3016-31-0x00007FF63B1C0000-0x00007FF63B514000-memory.dmp	upx
behavioral2/memory/4048-63-0x00007FF684D70000-0x00007FF6850C4000-memory.dmp	upx
behavioral2/memory/3944-62-0x00007FF74C980000-0x00007FF74CCD4000-memory.dmp	upx
behavioral2/files/0x000a000000023b8b-59.dat	upx
behavioral2/files/0x000b000000023b80-71.dat	upx
behavioral2/files/0x000a000000023b8d-77.dat	upx
behavioral2/files/0x000b000000023b8f-89.dat	upx
behavioral2/memory/4592-91-0x00007FF7D65A0000-0x00007FF7D68F4000-memory.dmp	upx
behavioral2/files/0x000a000000023b90-101.dat	upx
behavioral2/memory/5108-105-0x00007FF7C3840000-0x00007FF7C3B94000-memory.dmp	upx
behavioral2/memory/4456-108-0x00007FF6EFE50000-0x00007FF6F01A4000-memory.dmp	upx
behavioral2/files/0x000a000000023b99-114.dat	upx
behavioral2/memory/2936-121-0x00007FF621980000-0x00007FF621CD4000-memory.dmp	upx
behavioral2/memory/2896-125-0x00007FF642620000-0x00007FF642974000-memory.dmp	upx
behavioral2/memory/4556-135-0x00007FF688770000-0x00007FF688AC4000-memory.dmp	upx
behavioral2/memory/2108-139-0x00007FF75D250000-0x00007FF75D5A4000-memory.dmp	upx
behavioral2/files/0x0009000000023bb0-146.dat	upx
behavioral2/memory/1856-157-0x00007FF61A770000-0x00007FF61AAC4000-memory.dmp	upx
behavioral2/memory/1820-167-0x00007FF7F7A70000-0x00007FF7F7DC4000-memory.dmp	upx
behavioral2/files/0x0009000000023bbd-182.dat	upx
behavioral2/files/0x0008000000023bed-191.dat	upx
behavioral2/memory/836-236-0x00007FF79BE20000-0x00007FF79C174000-memory.dmp	upx
behavioral2/memory/4592-240-0x00007FF7D65A0000-0x00007FF7D68F4000-memory.dmp	upx
behavioral2/memory/3828-239-0x00007FF7176D0000-0x00007FF717A24000-memory.dmp	upx
behavioral2/memory/224-238-0x00007FF713DC0000-0x00007FF714114000-memory.dmp	upx
behavioral2/memory/4584-237-0x00007FF725CD0000-0x00007FF726024000-memory.dmp	upx
behavioral2/memory/2396-235-0x00007FF71D370000-0x00007FF71D6C4000-memory.dmp	upx
behavioral2/memory/4308-234-0x00007FF601530000-0x00007FF601884000-memory.dmp	upx
behavioral2/files/0x0008000000023bef-193.dat	upx
behavioral2/files/0x0008000000023bee-192.dat	upx
behavioral2/files/0x0008000000023bba-179.dat	upx
behavioral2/files/0x0008000000023bbc-177.dat	upx
behavioral2/files/0x0008000000023bbb-175.dat	upx
behavioral2/files/0x000e000000023bb4-172.dat	upx
behavioral2/files/0x0008000000023bb6-160.dat	upx
behavioral2/files/0x0008000000023bb9-159.dat	upx
behavioral2/memory/1140-153-0x00007FF7020F0000-0x00007FF702444000-memory.dmp	upx
behavioral2/memory/4224-325-0x00007FF7963C0000-0x00007FF796714000-memory.dmp	upx
behavioral2/memory/4332-369-0x00007FF70C6C0000-0x00007FF70CA14000-memory.dmp	upx
behavioral2/memory/2936-368-0x00007FF621980000-0x00007FF621CD4000-memory.dmp	upx
behavioral2/memory/2108-377-0x00007FF75D250000-0x00007FF75D5A4000-memory.dmp	upx
behavioral2/memory/4556-395-0x00007FF688770000-0x00007FF688AC4000-memory.dmp	upx
behavioral2/memory/1820-417-0x00007FF7F7A70000-0x00007FF7F7DC4000-memory.dmp	upx
behavioral2/memory/4308-436-0x00007FF601530000-0x00007FF601884000-memory.dmp	upx
behavioral2/memory/3752-1670-0x00007FF6A7C20000-0x00007FF6A7F74000-memory.dmp	upx
behavioral2/memory/3568-1685-0x00007FF6689C0000-0x00007FF668D14000-memory.dmp	upx
behavioral2/memory/2484-1695-0x00007FF7E15C0000-0x00007FF7E1914000-memory.dmp	upx
behavioral2/memory/4048-1698-0x00007FF684D70000-0x00007FF6850C4000-memory.dmp	upx
behavioral2/memory/3836-1707-0x00007FF743AF0000-0x00007FF743E44000-memory.dmp	upx
behavioral2/memory/1856-1714-0x00007FF61A770000-0x00007FF61AAC4000-memory.dmp	upx
behavioral2/memory/2396-1718-0x00007FF71D370000-0x00007FF71D6C4000-memory.dmp	upx
behavioral2/memory/5108-1735-0x00007FF7C3840000-0x00007FF7C3B94000-memory.dmp	upx
behavioral2/memory/2896-1754-0x00007FF642620000-0x00007FF642974000-memory.dmp	upx
behavioral2/memory/4332-1767-0x00007FF70C6C0000-0x00007FF70CA14000-memory.dmp	upx
behavioral2/memory/1140-1779-0x00007FF7020F0000-0x00007FF702444000-memory.dmp	upx
behavioral2/memory/4556-1777-0x00007FF688770000-0x00007FF688AC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bIzxMdv.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwtuwqI.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BclfWaQ.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZGrAdg.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUWWafu.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NhvpJDB.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQAQLiO.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hdYZXgW.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOVkoMf.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rxNqvHz.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XOHyygQ.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAISiFF.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uZRfExP.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uICDTfZ.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bstelcw.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bBZPVMM.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZjGbnK.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvxHaDi.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOobwex.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWGisev.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMfUiIy.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqxvAhJ.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dLCoXIE.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOaWQAw.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cFecZne.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hzbDuHd.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyrSBKy.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNpbpYs.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AnSEpVF.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TytQxwN.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LakmFox.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WftvocM.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHIPAcv.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\raPjgHv.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLOgrhF.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZcqIJmN.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMwCZjQ.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QObxKhQ.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBWdSeG.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qwjwEzS.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBsMpyE.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmPHIGL.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pgjarPb.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPiedxq.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\okmrdwW.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjbBEWY.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UyESwrV.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gBYhChT.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sourcak.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKNVyDZ.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xfdFtlF.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UytWOsD.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkqnfiX.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohMVDIN.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDZzZjK.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YtKbxVx.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFKvjKq.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ryyldHM.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJrIgua.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PORxQHM.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHrZnYP.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKvoZgf.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CeeITTt.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hzrlxNH.exe	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3944 wrote to memory of 5008	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3944 wrote to memory of 5008	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3944 wrote to memory of 4540	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3944 wrote to memory of 4540	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3944 wrote to memory of 2640	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3944 wrote to memory of 2640	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3944 wrote to memory of 3752	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3944 wrote to memory of 3752	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3944 wrote to memory of 3016	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3944 wrote to memory of 3016	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3944 wrote to memory of 4456	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3944 wrote to memory of 4456	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3944 wrote to memory of 3568	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3944 wrote to memory of 3568	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3944 wrote to memory of 4000	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3944 wrote to memory of 4000	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3944 wrote to memory of 2484	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3944 wrote to memory of 2484	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3944 wrote to memory of 4048	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3944 wrote to memory of 4048	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3944 wrote to memory of 3836	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3944 wrote to memory of 3836	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3944 wrote to memory of 1856	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3944 wrote to memory of 1856	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3944 wrote to memory of 2396	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3944 wrote to memory of 2396	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3944 wrote to memory of 4264	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3944 wrote to memory of 4264	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3944 wrote to memory of 4592	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3944 wrote to memory of 4592	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3944 wrote to memory of 5108	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3944 wrote to memory of 5108	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3944 wrote to memory of 4224	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3944 wrote to memory of 4224	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3944 wrote to memory of 2936	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3944 wrote to memory of 2936	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3944 wrote to memory of 2896	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3944 wrote to memory of 2896	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3944 wrote to memory of 4332	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3944 wrote to memory of 4332	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3944 wrote to memory of 4556	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3944 wrote to memory of 4556	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3944 wrote to memory of 2108	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3944 wrote to memory of 2108	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3944 wrote to memory of 1140	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3944 wrote to memory of 1140	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3944 wrote to memory of 4308	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3944 wrote to memory of 4308	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3944 wrote to memory of 1820	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3944 wrote to memory of 1820	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3944 wrote to memory of 836	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3944 wrote to memory of 836	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3944 wrote to memory of 224	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3944 wrote to memory of 224	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3944 wrote to memory of 3828	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3944 wrote to memory of 3828	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3944 wrote to memory of 4584	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3944 wrote to memory of 4584	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3944 wrote to memory of 4296	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3944 wrote to memory of 4296	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3944 wrote to memory of 3388	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3944 wrote to memory of 3388	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3944 wrote to memory of 2808	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3944 wrote to memory of 2808	3944	2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-28_4cac4bdcbc4e4a849ee68058599ae732_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Windows\System\AvYvqGF.exe
  C:\Windows\System\AvYvqGF.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\VYpzJMe.exe
  C:\Windows\System\VYpzJMe.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\mTIunqQ.exe
  C:\Windows\System\mTIunqQ.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\GyrMvbv.exe
  C:\Windows\System\GyrMvbv.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\dHKewkK.exe
  C:\Windows\System\dHKewkK.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\WbxSBsZ.exe
  C:\Windows\System\WbxSBsZ.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\YZjMouX.exe
  C:\Windows\System\YZjMouX.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\RFtEiJr.exe
  C:\Windows\System\RFtEiJr.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\HuMxqAM.exe
  C:\Windows\System\HuMxqAM.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\TeemLSr.exe
  C:\Windows\System\TeemLSr.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\zZmlmoh.exe
  C:\Windows\System\zZmlmoh.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\XJQOKnT.exe
  C:\Windows\System\XJQOKnT.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\YccQTFi.exe
  C:\Windows\System\YccQTFi.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\dLlpRPz.exe
  C:\Windows\System\dLlpRPz.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\YtBIWzF.exe
  C:\Windows\System\YtBIWzF.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\hwGBxIf.exe
  C:\Windows\System\hwGBxIf.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\wKjNKKE.exe
  C:\Windows\System\wKjNKKE.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\ZBIFfyT.exe
  C:\Windows\System\ZBIFfyT.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\YPYYuLS.exe
  C:\Windows\System\YPYYuLS.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\qKzGRhr.exe
  C:\Windows\System\qKzGRhr.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\zRKuuEq.exe
  C:\Windows\System\zRKuuEq.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\jkArIZg.exe
  C:\Windows\System\jkArIZg.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\aapBbEs.exe
  C:\Windows\System\aapBbEs.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\AftfKQv.exe
  C:\Windows\System\AftfKQv.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\ZRmAAds.exe
  C:\Windows\System\ZRmAAds.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\BlKTQLs.exe
  C:\Windows\System\BlKTQLs.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\EgRYbsn.exe
  C:\Windows\System\EgRYbsn.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\ZebHjAy.exe
  C:\Windows\System\ZebHjAy.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\ZDAFTSz.exe
  C:\Windows\System\ZDAFTSz.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\OUPKEIz.exe
  C:\Windows\System\OUPKEIz.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\ZYBrkYK.exe
  C:\Windows\System\ZYBrkYK.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\gtdGaqb.exe
  C:\Windows\System\gtdGaqb.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\uSffOFN.exe
  C:\Windows\System\uSffOFN.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\pflYIhv.exe
  C:\Windows\System\pflYIhv.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\daNWVlP.exe
  C:\Windows\System\daNWVlP.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\ovXAenx.exe
  C:\Windows\System\ovXAenx.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\ugRzsbp.exe
  C:\Windows\System\ugRzsbp.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\hRUEmkd.exe
  C:\Windows\System\hRUEmkd.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\FgJHVDm.exe
  C:\Windows\System\FgJHVDm.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\xdqzLAp.exe
  C:\Windows\System\xdqzLAp.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\xXrlOQM.exe
  C:\Windows\System\xXrlOQM.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\nuXxwyj.exe
  C:\Windows\System\nuXxwyj.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\TCjmKoS.exe
  C:\Windows\System\TCjmKoS.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\PSieiYY.exe
  C:\Windows\System\PSieiYY.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\cXEkEhG.exe
  C:\Windows\System\cXEkEhG.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\gRLoiIs.exe
  C:\Windows\System\gRLoiIs.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\cEgJdjS.exe
  C:\Windows\System\cEgJdjS.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\PPvfhhz.exe
  C:\Windows\System\PPvfhhz.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\WpQeiwX.exe
  C:\Windows\System\WpQeiwX.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\dUXTxwI.exe
  C:\Windows\System\dUXTxwI.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\MGJTZpO.exe
  C:\Windows\System\MGJTZpO.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\DFittVA.exe
  C:\Windows\System\DFittVA.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\YGYKhZd.exe
  C:\Windows\System\YGYKhZd.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\rPZppcw.exe
  C:\Windows\System\rPZppcw.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\FXJEVvD.exe
  C:\Windows\System\FXJEVvD.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\NmpMLcZ.exe
  C:\Windows\System\NmpMLcZ.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\bzeuzPu.exe
  C:\Windows\System\bzeuzPu.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\MQBosUD.exe
  C:\Windows\System\MQBosUD.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\zxAgKhn.exe
  C:\Windows\System\zxAgKhn.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\wcmpmRZ.exe
  C:\Windows\System\wcmpmRZ.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\KtYqYKo.exe
  C:\Windows\System\KtYqYKo.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\GVrklbT.exe
  C:\Windows\System\GVrklbT.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\CXeRIDj.exe
  C:\Windows\System\CXeRIDj.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\dMawqtg.exe
  C:\Windows\System\dMawqtg.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\yyfPknJ.exe
  C:\Windows\System\yyfPknJ.exe
  2⤵
  PID:1756
- C:\Windows\System\OSlhLRH.exe
  C:\Windows\System\OSlhLRH.exe
  2⤵
  PID:740
- C:\Windows\System\uNuevTo.exe
  C:\Windows\System\uNuevTo.exe
  2⤵
  PID:1796
- C:\Windows\System\uGYofym.exe
  C:\Windows\System\uGYofym.exe
  2⤵
  PID:5028
- C:\Windows\System\LvKXsDC.exe
  C:\Windows\System\LvKXsDC.exe
  2⤵
  PID:3636
- C:\Windows\System\nRjlgHJ.exe
  C:\Windows\System\nRjlgHJ.exe
  2⤵
  PID:2860
- C:\Windows\System\dHDcLrA.exe
  C:\Windows\System\dHDcLrA.exe
  2⤵
  PID:4960
- C:\Windows\System\VqxdKsT.exe
  C:\Windows\System\VqxdKsT.exe
  2⤵
  PID:2012
- C:\Windows\System\LbJqoOy.exe
  C:\Windows\System\LbJqoOy.exe
  2⤵
  PID:2836
- C:\Windows\System\FhcpbKW.exe
  C:\Windows\System\FhcpbKW.exe
  2⤵
  PID:4616
- C:\Windows\System\olKnmik.exe
  C:\Windows\System\olKnmik.exe
  2⤵
  PID:2356
- C:\Windows\System\VVxdeQz.exe
  C:\Windows\System\VVxdeQz.exe
  2⤵
  PID:3100
- C:\Windows\System\iJFfmvk.exe
  C:\Windows\System\iJFfmvk.exe
  2⤵
  PID:2072
- C:\Windows\System\vGnolhx.exe
  C:\Windows\System\vGnolhx.exe
  2⤵
  PID:2800
- C:\Windows\System\sXnvYDC.exe
  C:\Windows\System\sXnvYDC.exe
  2⤵
  PID:2380
- C:\Windows\System\kpiHuZr.exe
  C:\Windows\System\kpiHuZr.exe
  2⤵
  PID:3580
- C:\Windows\System\yQFduHc.exe
  C:\Windows\System\yQFduHc.exe
  2⤵
  PID:1352
- C:\Windows\System\JAdPLLv.exe
  C:\Windows\System\JAdPLLv.exe
  2⤵
  PID:4432
- C:\Windows\System\Jrxjenf.exe
  C:\Windows\System\Jrxjenf.exe
  2⤵
  PID:5136
- C:\Windows\System\NrQFJSw.exe
  C:\Windows\System\NrQFJSw.exe
  2⤵
  PID:5160
- C:\Windows\System\nvGXuWM.exe
  C:\Windows\System\nvGXuWM.exe
  2⤵
  PID:5188
- C:\Windows\System\kVJaqLd.exe
  C:\Windows\System\kVJaqLd.exe
  2⤵
  PID:5212
- C:\Windows\System\bEPTtmL.exe
  C:\Windows\System\bEPTtmL.exe
  2⤵
  PID:5252
- C:\Windows\System\bQSBvfy.exe
  C:\Windows\System\bQSBvfy.exe
  2⤵
  PID:5280
- C:\Windows\System\XOHyygQ.exe
  C:\Windows\System\XOHyygQ.exe
  2⤵
  PID:5316
- C:\Windows\System\bxeAqkE.exe
  C:\Windows\System\bxeAqkE.exe
  2⤵
  PID:5360
- C:\Windows\System\NdvlanL.exe
  C:\Windows\System\NdvlanL.exe
  2⤵
  PID:5380
- C:\Windows\System\gtfTnGI.exe
  C:\Windows\System\gtfTnGI.exe
  2⤵
  PID:5404
- C:\Windows\System\GwmFngJ.exe
  C:\Windows\System\GwmFngJ.exe
  2⤵
  PID:5448
- C:\Windows\System\JDleQba.exe
  C:\Windows\System\JDleQba.exe
  2⤵
  PID:5468
- C:\Windows\System\ZNpbpYs.exe
  C:\Windows\System\ZNpbpYs.exe
  2⤵
  PID:5492
- C:\Windows\System\YNRwsqm.exe
  C:\Windows\System\YNRwsqm.exe
  2⤵
  PID:5528
- C:\Windows\System\PJFCPIl.exe
  C:\Windows\System\PJFCPIl.exe
  2⤵
  PID:5556
- C:\Windows\System\OjlhzUt.exe
  C:\Windows\System\OjlhzUt.exe
  2⤵
  PID:5576
- C:\Windows\System\ViIaCVI.exe
  C:\Windows\System\ViIaCVI.exe
  2⤵
  PID:5616
- C:\Windows\System\oDePRbb.exe
  C:\Windows\System\oDePRbb.exe
  2⤵
  PID:5696
- C:\Windows\System\mXnCDKQ.exe
  C:\Windows\System\mXnCDKQ.exe
  2⤵
  PID:5720
- C:\Windows\System\ZHNptsl.exe
  C:\Windows\System\ZHNptsl.exe
  2⤵
  PID:5748
- C:\Windows\System\WIZsGEF.exe
  C:\Windows\System\WIZsGEF.exe
  2⤵
  PID:5792
- C:\Windows\System\RLOgrhF.exe
  C:\Windows\System\RLOgrhF.exe
  2⤵
  PID:5820
- C:\Windows\System\uPZjylU.exe
  C:\Windows\System\uPZjylU.exe
  2⤵
  PID:5836
- C:\Windows\System\WwzWeXq.exe
  C:\Windows\System\WwzWeXq.exe
  2⤵
  PID:5872
- C:\Windows\System\pyBvBqI.exe
  C:\Windows\System\pyBvBqI.exe
  2⤵
  PID:5908
- C:\Windows\System\FssJopK.exe
  C:\Windows\System\FssJopK.exe
  2⤵
  PID:5924
- C:\Windows\System\RqxvAhJ.exe
  C:\Windows\System\RqxvAhJ.exe
  2⤵
  PID:5940
- C:\Windows\System\niGbrFn.exe
  C:\Windows\System\niGbrFn.exe
  2⤵
  PID:6020
- C:\Windows\System\CXeTHYX.exe
  C:\Windows\System\CXeTHYX.exe
  2⤵
  PID:6056
- C:\Windows\System\bbtHpKD.exe
  C:\Windows\System\bbtHpKD.exe
  2⤵
  PID:6076
- C:\Windows\System\sHdJSig.exe
  C:\Windows\System\sHdJSig.exe
  2⤵
  PID:6124
- C:\Windows\System\FwEVyLh.exe
  C:\Windows\System\FwEVyLh.exe
  2⤵
  PID:512
- C:\Windows\System\NYamFfh.exe
  C:\Windows\System\NYamFfh.exe
  2⤵
  PID:3496
- C:\Windows\System\duKeNPK.exe
  C:\Windows\System\duKeNPK.exe
  2⤵
  PID:3656
- C:\Windows\System\lAmdIzj.exe
  C:\Windows\System\lAmdIzj.exe
  2⤵
  PID:5484
- C:\Windows\System\bUdLvTl.exe
  C:\Windows\System\bUdLvTl.exe
  2⤵
  PID:5548
- C:\Windows\System\nrNrlcT.exe
  C:\Windows\System\nrNrlcT.exe
  2⤵
  PID:3012
- C:\Windows\System\XErmAxx.exe
  C:\Windows\System\XErmAxx.exe
  2⤵
  PID:5712
- C:\Windows\System\ZTjVnBU.exe
  C:\Windows\System\ZTjVnBU.exe
  2⤵
  PID:5784
- C:\Windows\System\DXvaQtr.exe
  C:\Windows\System\DXvaQtr.exe
  2⤵
  PID:5832
- C:\Windows\System\BFoPjIm.exe
  C:\Windows\System\BFoPjIm.exe
  2⤵
  PID:3780
- C:\Windows\System\sujifuB.exe
  C:\Windows\System\sujifuB.exe
  2⤵
  PID:6092
- C:\Windows\System\WXWyRfP.exe
  C:\Windows\System\WXWyRfP.exe
  2⤵
  PID:5204
- C:\Windows\System\eDyJfdB.exe
  C:\Windows\System\eDyJfdB.exe
  2⤵
  PID:6132
- C:\Windows\System\NhqwwEx.exe
  C:\Windows\System\NhqwwEx.exe
  2⤵
  PID:5504
- C:\Windows\System\QvYXaFC.exe
  C:\Windows\System\QvYXaFC.exe
  2⤵
  PID:5608
- C:\Windows\System\KOVQEUV.exe
  C:\Windows\System\KOVQEUV.exe
  2⤵
  PID:4448
- C:\Windows\System\DDVifHd.exe
  C:\Windows\System\DDVifHd.exe
  2⤵
  PID:5224
- C:\Windows\System\xZVmcSa.exe
  C:\Windows\System\xZVmcSa.exe
  2⤵
  PID:5512
- C:\Windows\System\UWXKpjU.exe
  C:\Windows\System\UWXKpjU.exe
  2⤵
  PID:5460
- C:\Windows\System\FaTkBzI.exe
  C:\Windows\System\FaTkBzI.exe
  2⤵
  PID:5244
- C:\Windows\System\SfQxzci.exe
  C:\Windows\System\SfQxzci.exe
  2⤵
  PID:5864
- C:\Windows\System\GxwGFvp.exe
  C:\Windows\System\GxwGFvp.exe
  2⤵
  PID:5596
- C:\Windows\System\UaBafHs.exe
  C:\Windows\System\UaBafHs.exe
  2⤵
  PID:6172
- C:\Windows\System\tJTIyLg.exe
  C:\Windows\System\tJTIyLg.exe
  2⤵
  PID:6208
- C:\Windows\System\GbjLnXQ.exe
  C:\Windows\System\GbjLnXQ.exe
  2⤵
  PID:6228
- C:\Windows\System\csWSLcp.exe
  C:\Windows\System\csWSLcp.exe
  2⤵
  PID:6268
- C:\Windows\System\UBUBOwM.exe
  C:\Windows\System\UBUBOwM.exe
  2⤵
  PID:6296
- C:\Windows\System\rpCWGCB.exe
  C:\Windows\System\rpCWGCB.exe
  2⤵
  PID:6316
- C:\Windows\System\fCgAIFK.exe
  C:\Windows\System\fCgAIFK.exe
  2⤵
  PID:6344
- C:\Windows\System\uOckmuz.exe
  C:\Windows\System\uOckmuz.exe
  2⤵
  PID:6372
- C:\Windows\System\iROIxHy.exe
  C:\Windows\System\iROIxHy.exe
  2⤵
  PID:6400
- C:\Windows\System\qvtaCzJ.exe
  C:\Windows\System\qvtaCzJ.exe
  2⤵
  PID:6424
- C:\Windows\System\oUCRUJc.exe
  C:\Windows\System\oUCRUJc.exe
  2⤵
  PID:6464
- C:\Windows\System\thKOfLH.exe
  C:\Windows\System\thKOfLH.exe
  2⤵
  PID:6492
- C:\Windows\System\BdbxFhq.exe
  C:\Windows\System\BdbxFhq.exe
  2⤵
  PID:6524
- C:\Windows\System\mBTYfBR.exe
  C:\Windows\System\mBTYfBR.exe
  2⤵
  PID:6568
- C:\Windows\System\XnAaocu.exe
  C:\Windows\System\XnAaocu.exe
  2⤵
  PID:6612
- C:\Windows\System\amIfLCJ.exe
  C:\Windows\System\amIfLCJ.exe
  2⤵
  PID:6656
- C:\Windows\System\ZrXTNaP.exe
  C:\Windows\System\ZrXTNaP.exe
  2⤵
  PID:6700
- C:\Windows\System\ywNWkhA.exe
  C:\Windows\System\ywNWkhA.exe
  2⤵
  PID:6724
- C:\Windows\System\orbYFdX.exe
  C:\Windows\System\orbYFdX.exe
  2⤵
  PID:6756
- C:\Windows\System\ckFdSiI.exe
  C:\Windows\System\ckFdSiI.exe
  2⤵
  PID:6792
- C:\Windows\System\MqmUOSS.exe
  C:\Windows\System\MqmUOSS.exe
  2⤵
  PID:6820
- C:\Windows\System\evwFRrB.exe
  C:\Windows\System\evwFRrB.exe
  2⤵
  PID:6848
- C:\Windows\System\ebtvWAS.exe
  C:\Windows\System\ebtvWAS.exe
  2⤵
  PID:6872
- C:\Windows\System\HfAchKy.exe
  C:\Windows\System\HfAchKy.exe
  2⤵
  PID:6904
- C:\Windows\System\wzBmvnX.exe
  C:\Windows\System\wzBmvnX.exe
  2⤵
  PID:6932
- C:\Windows\System\JxGyciZ.exe
  C:\Windows\System\JxGyciZ.exe
  2⤵
  PID:6960
- C:\Windows\System\JiiiUcM.exe
  C:\Windows\System\JiiiUcM.exe
  2⤵
  PID:6988
- C:\Windows\System\rMCasZv.exe
  C:\Windows\System\rMCasZv.exe
  2⤵
  PID:7016
- C:\Windows\System\QvokbKt.exe
  C:\Windows\System\QvokbKt.exe
  2⤵
  PID:7044
- C:\Windows\System\ZFtJKWJ.exe
  C:\Windows\System\ZFtJKWJ.exe
  2⤵
  PID:7072
- C:\Windows\System\WWEsvDm.exe
  C:\Windows\System\WWEsvDm.exe
  2⤵
  PID:7104
- C:\Windows\System\IoMHBHQ.exe
  C:\Windows\System\IoMHBHQ.exe
  2⤵
  PID:7124
- C:\Windows\System\cleNZak.exe
  C:\Windows\System\cleNZak.exe
  2⤵
  PID:7148
- C:\Windows\System\IbBSNVp.exe
  C:\Windows\System\IbBSNVp.exe
  2⤵
  PID:6088
- C:\Windows\System\NxzSdrO.exe
  C:\Windows\System\NxzSdrO.exe
  2⤵
  PID:5916
- C:\Windows\System\PwDHxoA.exe
  C:\Windows\System\PwDHxoA.exe
  2⤵
  PID:6220
- C:\Windows\System\RGtSwos.exe
  C:\Windows\System\RGtSwos.exe
  2⤵
  PID:6288
- C:\Windows\System\GjHVASH.exe
  C:\Windows\System\GjHVASH.exe
  2⤵
  PID:6312
- C:\Windows\System\LskUIRj.exe
  C:\Windows\System\LskUIRj.exe
  2⤵
  PID:6396
- C:\Windows\System\GWdbwMo.exe
  C:\Windows\System\GWdbwMo.exe
  2⤵
  PID:6448
- C:\Windows\System\PebrWIk.exe
  C:\Windows\System\PebrWIk.exe
  2⤵
  PID:6500
- C:\Windows\System\SyNBJYx.exe
  C:\Windows\System\SyNBJYx.exe
  2⤵
  PID:6604
- C:\Windows\System\zOVTcHE.exe
  C:\Windows\System\zOVTcHE.exe
  2⤵
  PID:6696
- C:\Windows\System\gDgkGJh.exe
  C:\Windows\System\gDgkGJh.exe
  2⤵
  PID:6768
- C:\Windows\System\rIEdAEX.exe
  C:\Windows\System\rIEdAEX.exe
  2⤵
  PID:6252
- C:\Windows\System\KVlYoOj.exe
  C:\Windows\System\KVlYoOj.exe
  2⤵
  PID:6828
- C:\Windows\System\UiXvwtW.exe
  C:\Windows\System\UiXvwtW.exe
  2⤵
  PID:6888
- C:\Windows\System\yETLhkw.exe
  C:\Windows\System\yETLhkw.exe
  2⤵
  PID:6940
- C:\Windows\System\dxoUvfw.exe
  C:\Windows\System\dxoUvfw.exe
  2⤵
  PID:7000
- C:\Windows\System\RjPpOSD.exe
  C:\Windows\System\RjPpOSD.exe
  2⤵
  PID:7060
- C:\Windows\System\qBpwFTg.exe
  C:\Windows\System\qBpwFTg.exe
  2⤵
  PID:7116
- C:\Windows\System\uEEdpYe.exe
  C:\Windows\System\uEEdpYe.exe
  2⤵
  PID:5352
- C:\Windows\System\ZwTQgCZ.exe
  C:\Windows\System\ZwTQgCZ.exe
  2⤵
  PID:6240
- C:\Windows\System\lUwNnAs.exe
  C:\Windows\System\lUwNnAs.exe
  2⤵
  PID:6336
- C:\Windows\System\TRrUzJi.exe
  C:\Windows\System\TRrUzJi.exe
  2⤵
  PID:3716
- C:\Windows\System\pfcEwLz.exe
  C:\Windows\System\pfcEwLz.exe
  2⤵
  PID:6716
- C:\Windows\System\BFKvjKq.exe
  C:\Windows\System\BFKvjKq.exe
  2⤵
  PID:6596
- C:\Windows\System\zSpXoOZ.exe
  C:\Windows\System\zSpXoOZ.exe
  2⤵
  PID:6916
- C:\Windows\System\eHeLEFa.exe
  C:\Windows\System\eHeLEFa.exe
  2⤵
  PID:7084
- C:\Windows\System\DFTZTYy.exe
  C:\Windows\System\DFTZTYy.exe
  2⤵
  PID:6156
- C:\Windows\System\zHrZnYP.exe
  C:\Windows\System\zHrZnYP.exe
  2⤵
  PID:6472
- C:\Windows\System\RXbZrjc.exe
  C:\Windows\System\RXbZrjc.exe
  2⤵
  PID:7088
- C:\Windows\System\dCWLhAm.exe
  C:\Windows\System\dCWLhAm.exe
  2⤵
  PID:7200
- C:\Windows\System\FsYavdm.exe
  C:\Windows\System\FsYavdm.exe
  2⤵
  PID:7280
- C:\Windows\System\jAtSpXU.exe
  C:\Windows\System\jAtSpXU.exe
  2⤵
  PID:7308
- C:\Windows\System\sIIgvXe.exe
  C:\Windows\System\sIIgvXe.exe
  2⤵
  PID:7332
- C:\Windows\System\LTttYMQ.exe
  C:\Windows\System\LTttYMQ.exe
  2⤵
  PID:7360
- C:\Windows\System\nxjQGnc.exe
  C:\Windows\System\nxjQGnc.exe
  2⤵
  PID:7416
- C:\Windows\System\YxhyQOk.exe
  C:\Windows\System\YxhyQOk.exe
  2⤵
  PID:7440
- C:\Windows\System\zjLRTBD.exe
  C:\Windows\System\zjLRTBD.exe
  2⤵
  PID:7480
- C:\Windows\System\fiSKaVg.exe
  C:\Windows\System\fiSKaVg.exe
  2⤵
  PID:7508
- C:\Windows\System\oRTzqDo.exe
  C:\Windows\System\oRTzqDo.exe
  2⤵
  PID:7532
- C:\Windows\System\vveGxdP.exe
  C:\Windows\System\vveGxdP.exe
  2⤵
  PID:7564
- C:\Windows\System\zKQKZhz.exe
  C:\Windows\System\zKQKZhz.exe
  2⤵
  PID:7588
- C:\Windows\System\uYPbarQ.exe
  C:\Windows\System\uYPbarQ.exe
  2⤵
  PID:7632
- C:\Windows\System\QabQRAk.exe
  C:\Windows\System\QabQRAk.exe
  2⤵
  PID:7652
- C:\Windows\System\yLBWznj.exe
  C:\Windows\System\yLBWznj.exe
  2⤵
  PID:7684
- C:\Windows\System\MdopmkI.exe
  C:\Windows\System\MdopmkI.exe
  2⤵
  PID:7708
- C:\Windows\System\nlhRBnM.exe
  C:\Windows\System\nlhRBnM.exe
  2⤵
  PID:7740
- C:\Windows\System\mBsMpyE.exe
  C:\Windows\System\mBsMpyE.exe
  2⤵
  PID:7768
- C:\Windows\System\rFRocuD.exe
  C:\Windows\System\rFRocuD.exe
  2⤵
  PID:7792
- C:\Windows\System\mbJrRBI.exe
  C:\Windows\System\mbJrRBI.exe
  2⤵
  PID:7816
- C:\Windows\System\cIHEMsD.exe
  C:\Windows\System\cIHEMsD.exe
  2⤵
  PID:7852
- C:\Windows\System\PeftiKM.exe
  C:\Windows\System\PeftiKM.exe
  2⤵
  PID:7888
- C:\Windows\System\aDjcUJR.exe
  C:\Windows\System\aDjcUJR.exe
  2⤵
  PID:7916
- C:\Windows\System\UxiIPOn.exe
  C:\Windows\System\UxiIPOn.exe
  2⤵
  PID:7936
- C:\Windows\System\bcvqEQe.exe
  C:\Windows\System\bcvqEQe.exe
  2⤵
  PID:7976
- C:\Windows\System\GxuLArg.exe
  C:\Windows\System\GxuLArg.exe
  2⤵
  PID:7996
- C:\Windows\System\TdxrTAT.exe
  C:\Windows\System\TdxrTAT.exe
  2⤵
  PID:8024
- C:\Windows\System\cZxcbyd.exe
  C:\Windows\System\cZxcbyd.exe
  2⤵
  PID:8052
- C:\Windows\System\gzeXddG.exe
  C:\Windows\System\gzeXddG.exe
  2⤵
  PID:8088
- C:\Windows\System\BgEBPvY.exe
  C:\Windows\System\BgEBPvY.exe
  2⤵
  PID:8116
- C:\Windows\System\pJoCBoA.exe
  C:\Windows\System\pJoCBoA.exe
  2⤵
  PID:8132
- C:\Windows\System\jSooPKd.exe
  C:\Windows\System\jSooPKd.exe
  2⤵
  PID:8172
- C:\Windows\System\kdmJZUm.exe
  C:\Windows\System\kdmJZUm.exe
  2⤵
  PID:7184
- C:\Windows\System\HWIwoxj.exe
  C:\Windows\System\HWIwoxj.exe
  2⤵
  PID:7300
- C:\Windows\System\eQLhXJl.exe
  C:\Windows\System\eQLhXJl.exe
  2⤵
  PID:7368
- C:\Windows\System\HsKykgJ.exe
  C:\Windows\System\HsKykgJ.exe
  2⤵
  PID:7436
- C:\Windows\System\PxAWxpC.exe
  C:\Windows\System\PxAWxpC.exe
  2⤵
  PID:7500
- C:\Windows\System\DdpbuMm.exe
  C:\Windows\System\DdpbuMm.exe
  2⤵
  PID:7580
- C:\Windows\System\qlrJEun.exe
  C:\Windows\System\qlrJEun.exe
  2⤵
  PID:7392
- C:\Windows\System\JjQoaQS.exe
  C:\Windows\System\JjQoaQS.exe
  2⤵
  PID:7640
- C:\Windows\System\wvPTfYa.exe
  C:\Windows\System\wvPTfYa.exe
  2⤵
  PID:7696
- C:\Windows\System\XBzJguW.exe
  C:\Windows\System\XBzJguW.exe
  2⤵
  PID:7764
- C:\Windows\System\pUVusvw.exe
  C:\Windows\System\pUVusvw.exe
  2⤵
  PID:7808
- C:\Windows\System\Simnofm.exe
  C:\Windows\System\Simnofm.exe
  2⤵
  PID:7868
- C:\Windows\System\lmTtjsx.exe
  C:\Windows\System\lmTtjsx.exe
  2⤵
  PID:7972
- C:\Windows\System\zWtidpc.exe
  C:\Windows\System\zWtidpc.exe
  2⤵
  PID:4772
- C:\Windows\System\nKNVyDZ.exe
  C:\Windows\System\nKNVyDZ.exe
  2⤵
  PID:8096
- C:\Windows\System\KorPBep.exe
  C:\Windows\System\KorPBep.exe
  2⤵
  PID:8128
- C:\Windows\System\norwFyY.exe
  C:\Windows\System\norwFyY.exe
  2⤵
  PID:7212
- C:\Windows\System\edHhTDt.exe
  C:\Windows\System\edHhTDt.exe
  2⤵
  PID:7400
- C:\Windows\System\GkZBGtg.exe
  C:\Windows\System\GkZBGtg.exe
  2⤵
  PID:7572
- C:\Windows\System\xsYXBxx.exe
  C:\Windows\System\xsYXBxx.exe
  2⤵
  PID:7520
- C:\Windows\System\cxkmjGU.exe
  C:\Windows\System\cxkmjGU.exe
  2⤵
  PID:7748
- C:\Windows\System\LFwrBhJ.exe
  C:\Windows\System\LFwrBhJ.exe
  2⤵
  PID:7860
- C:\Windows\System\voJUXkJ.exe
  C:\Windows\System\voJUXkJ.exe
  2⤵
  PID:8004
- C:\Windows\System\EcDgKen.exe
  C:\Windows\System\EcDgKen.exe
  2⤵
  PID:8124
- C:\Windows\System\qITgqgo.exe
  C:\Windows\System\qITgqgo.exe
  2⤵
  PID:7024
- C:\Windows\System\GKsizNq.exe
  C:\Windows\System\GKsizNq.exe
  2⤵
  PID:1468
- C:\Windows\System\pGMiKgR.exe
  C:\Windows\System\pGMiKgR.exe
  2⤵
  PID:8084
- C:\Windows\System\JDLbLEV.exe
  C:\Windows\System\JDLbLEV.exe
  2⤵
  PID:7344
- C:\Windows\System\YpazTcs.exe
  C:\Windows\System\YpazTcs.exe
  2⤵
  PID:5640
- C:\Windows\System\dLCoXIE.exe
  C:\Windows\System\dLCoXIE.exe
  2⤵
  PID:5652
- C:\Windows\System\TMGOMrV.exe
  C:\Windows\System\TMGOMrV.exe
  2⤵
  PID:7928
- C:\Windows\System\BTcGCLT.exe
  C:\Windows\System\BTcGCLT.exe
  2⤵
  PID:5988
- C:\Windows\System\OWDimCr.exe
  C:\Windows\System\OWDimCr.exe
  2⤵
  PID:7328
- C:\Windows\System\IERfbuz.exe
  C:\Windows\System\IERfbuz.exe
  2⤵
  PID:3128
- C:\Windows\System\UVqmgjK.exe
  C:\Windows\System\UVqmgjK.exe
  2⤵
  PID:8212
- C:\Windows\System\XbvZPJJ.exe
  C:\Windows\System\XbvZPJJ.exe
  2⤵
  PID:8240
- C:\Windows\System\KSsHPee.exe
  C:\Windows\System\KSsHPee.exe
  2⤵
  PID:8268
- C:\Windows\System\NhvpJDB.exe
  C:\Windows\System\NhvpJDB.exe
  2⤵
  PID:8296
- C:\Windows\System\mHZyNrg.exe
  C:\Windows\System\mHZyNrg.exe
  2⤵
  PID:8324
- C:\Windows\System\CNtrdVQ.exe
  C:\Windows\System\CNtrdVQ.exe
  2⤵
  PID:8352
- C:\Windows\System\cfrZbjy.exe
  C:\Windows\System\cfrZbjy.exe
  2⤵
  PID:8380
- C:\Windows\System\EdzDayV.exe
  C:\Windows\System\EdzDayV.exe
  2⤵
  PID:8408
- C:\Windows\System\vkCWiwh.exe
  C:\Windows\System\vkCWiwh.exe
  2⤵
  PID:8436
- C:\Windows\System\CewmeyA.exe
  C:\Windows\System\CewmeyA.exe
  2⤵
  PID:8476
- C:\Windows\System\regEKKj.exe
  C:\Windows\System\regEKKj.exe
  2⤵
  PID:8492
- C:\Windows\System\qyBKciI.exe
  C:\Windows\System\qyBKciI.exe
  2⤵
  PID:8520
- C:\Windows\System\xdcChEF.exe
  C:\Windows\System\xdcChEF.exe
  2⤵
  PID:8548
- C:\Windows\System\abQZxId.exe
  C:\Windows\System\abQZxId.exe
  2⤵
  PID:8584
- C:\Windows\System\UMQgkVV.exe
  C:\Windows\System\UMQgkVV.exe
  2⤵
  PID:8608
- C:\Windows\System\rpdjxrg.exe
  C:\Windows\System\rpdjxrg.exe
  2⤵
  PID:8636
- C:\Windows\System\ryyldHM.exe
  C:\Windows\System\ryyldHM.exe
  2⤵
  PID:8664
- C:\Windows\System\rSEKJYl.exe
  C:\Windows\System\rSEKJYl.exe
  2⤵
  PID:8692
- C:\Windows\System\UcQLxTy.exe
  C:\Windows\System\UcQLxTy.exe
  2⤵
  PID:8720
- C:\Windows\System\BHSNQjK.exe
  C:\Windows\System\BHSNQjK.exe
  2⤵
  PID:8752
- C:\Windows\System\FwqAiLn.exe
  C:\Windows\System\FwqAiLn.exe
  2⤵
  PID:8780
- C:\Windows\System\SiBbyaf.exe
  C:\Windows\System\SiBbyaf.exe
  2⤵
  PID:8804
- C:\Windows\System\uRzPRDS.exe
  C:\Windows\System\uRzPRDS.exe
  2⤵
  PID:8832
- C:\Windows\System\tMlAjeX.exe
  C:\Windows\System\tMlAjeX.exe
  2⤵
  PID:8868
- C:\Windows\System\sourcak.exe
  C:\Windows\System\sourcak.exe
  2⤵
  PID:8888
- C:\Windows\System\VrOHqpW.exe
  C:\Windows\System\VrOHqpW.exe
  2⤵
  PID:8916
- C:\Windows\System\SjerAuV.exe
  C:\Windows\System\SjerAuV.exe
  2⤵
  PID:8948
- C:\Windows\System\ioLYvkn.exe
  C:\Windows\System\ioLYvkn.exe
  2⤵
  PID:8976
- C:\Windows\System\gyWqxsL.exe
  C:\Windows\System\gyWqxsL.exe
  2⤵
  PID:9004
- C:\Windows\System\EhDiFvy.exe
  C:\Windows\System\EhDiFvy.exe
  2⤵
  PID:9032
- C:\Windows\System\fVKrGzf.exe
  C:\Windows\System\fVKrGzf.exe
  2⤵
  PID:9060
- C:\Windows\System\XwveWNi.exe
  C:\Windows\System\XwveWNi.exe
  2⤵
  PID:9088
- C:\Windows\System\LDflrDQ.exe
  C:\Windows\System\LDflrDQ.exe
  2⤵
  PID:9116
- C:\Windows\System\ENvYilO.exe
  C:\Windows\System\ENvYilO.exe
  2⤵
  PID:9148
- C:\Windows\System\QLtFubX.exe
  C:\Windows\System\QLtFubX.exe
  2⤵
  PID:9184
- C:\Windows\System\XowuscK.exe
  C:\Windows\System\XowuscK.exe
  2⤵
  PID:9200
- C:\Windows\System\kFHpnOJ.exe
  C:\Windows\System\kFHpnOJ.exe
  2⤵
  PID:8220
- C:\Windows\System\wFdqEWo.exe
  C:\Windows\System\wFdqEWo.exe
  2⤵
  PID:8288
- C:\Windows\System\eulzGhK.exe
  C:\Windows\System\eulzGhK.exe
  2⤵
  PID:8348
- C:\Windows\System\lOncTXb.exe
  C:\Windows\System\lOncTXb.exe
  2⤵
  PID:8420
- C:\Windows\System\vwwsACe.exe
  C:\Windows\System\vwwsACe.exe
  2⤵
  PID:8516
- C:\Windows\System\bCGDdKb.exe
  C:\Windows\System\bCGDdKb.exe
  2⤵
  PID:8628
- C:\Windows\System\FSgenCs.exe
  C:\Windows\System\FSgenCs.exe
  2⤵
  PID:8684
- C:\Windows\System\RTPowEJ.exe
  C:\Windows\System\RTPowEJ.exe
  2⤵
  PID:8768
- C:\Windows\System\ApjPrlP.exe
  C:\Windows\System\ApjPrlP.exe
  2⤵
  PID:1676
- C:\Windows\System\JyKBbmV.exe
  C:\Windows\System\JyKBbmV.exe
  2⤵
  PID:8912
- C:\Windows\System\unxKgZV.exe
  C:\Windows\System\unxKgZV.exe
  2⤵
  PID:9028
- C:\Windows\System\ADlppkP.exe
  C:\Windows\System\ADlppkP.exe
  2⤵
  PID:9100
- C:\Windows\System\WOjeHsy.exe
  C:\Windows\System\WOjeHsy.exe
  2⤵
  PID:9192
- C:\Windows\System\LOAzijg.exe
  C:\Windows\System\LOAzijg.exe
  2⤵
  PID:8264
- C:\Windows\System\BkDzelR.exe
  C:\Windows\System\BkDzelR.exe
  2⤵
  PID:8400
- C:\Windows\System\WlMEdCi.exe
  C:\Windows\System\WlMEdCi.exe
  2⤵
  PID:4480
- C:\Windows\System\CghBqpC.exe
  C:\Windows\System\CghBqpC.exe
  2⤵
  PID:8660
- C:\Windows\System\lpdfSUI.exe
  C:\Windows\System\lpdfSUI.exe
  2⤵
  PID:8760
- C:\Windows\System\hLgJhmS.exe
  C:\Windows\System\hLgJhmS.exe
  2⤵
  PID:8936
- C:\Windows\System\UtfeNCQ.exe
  C:\Windows\System\UtfeNCQ.exe
  2⤵
  PID:9128
- C:\Windows\System\FZOUyeF.exe
  C:\Windows\System\FZOUyeF.exe
  2⤵
  PID:4552
- C:\Windows\System\oAPquce.exe
  C:\Windows\System\oAPquce.exe
  2⤵
  PID:8972
- C:\Windows\System\SOrriot.exe
  C:\Windows\System\SOrriot.exe
  2⤵
  PID:8448
- C:\Windows\System\azsfDIN.exe
  C:\Windows\System\azsfDIN.exe
  2⤵
  PID:3884
- C:\Windows\System\gDjIAIs.exe
  C:\Windows\System\gDjIAIs.exe
  2⤵
  PID:8712
- C:\Windows\System\HVFqfRQ.exe
  C:\Windows\System\HVFqfRQ.exe
  2⤵
  PID:9084
- C:\Windows\System\gOWruPD.exe
  C:\Windows\System\gOWruPD.exe
  2⤵
  PID:2864
- C:\Windows\System\JwZCTSc.exe
  C:\Windows\System\JwZCTSc.exe
  2⤵
  PID:8988
- C:\Windows\System\xZyCMZK.exe
  C:\Windows\System\xZyCMZK.exe
  2⤵
  PID:8856
- C:\Windows\System\kboAjFX.exe
  C:\Windows\System\kboAjFX.exe
  2⤵
  PID:8844
- C:\Windows\System\RgmALIP.exe
  C:\Windows\System\RgmALIP.exe
  2⤵
  PID:9212
- C:\Windows\System\OcXbWXJ.exe
  C:\Windows\System\OcXbWXJ.exe
  2⤵
  PID:1180
- C:\Windows\System\oFWvCDZ.exe
  C:\Windows\System\oFWvCDZ.exe
  2⤵
  PID:5516
- C:\Windows\System\kMSMcim.exe
  C:\Windows\System\kMSMcim.exe
  2⤵
  PID:9232
- C:\Windows\System\TceOIXc.exe
  C:\Windows\System\TceOIXc.exe
  2⤵
  PID:9260
- C:\Windows\System\EySNAxr.exe
  C:\Windows\System\EySNAxr.exe
  2⤵
  PID:9288
- C:\Windows\System\KkOvYgu.exe
  C:\Windows\System\KkOvYgu.exe
  2⤵
  PID:9316
- C:\Windows\System\RDndnqx.exe
  C:\Windows\System\RDndnqx.exe
  2⤵
  PID:9344
- C:\Windows\System\Pjytmqj.exe
  C:\Windows\System\Pjytmqj.exe
  2⤵
  PID:9372
- C:\Windows\System\EgXbccK.exe
  C:\Windows\System\EgXbccK.exe
  2⤵
  PID:9404
- C:\Windows\System\oNaWyHz.exe
  C:\Windows\System\oNaWyHz.exe
  2⤵
  PID:9448
- C:\Windows\System\qYVJqQg.exe
  C:\Windows\System\qYVJqQg.exe
  2⤵
  PID:9464
- C:\Windows\System\izyWPir.exe
  C:\Windows\System\izyWPir.exe
  2⤵
  PID:9492
- C:\Windows\System\dNMXksj.exe
  C:\Windows\System\dNMXksj.exe
  2⤵
  PID:9520
- C:\Windows\System\GxwqGsj.exe
  C:\Windows\System\GxwqGsj.exe
  2⤵
  PID:9548
- C:\Windows\System\hmsuwVl.exe
  C:\Windows\System\hmsuwVl.exe
  2⤵
  PID:9580
- C:\Windows\System\SWhDfyn.exe
  C:\Windows\System\SWhDfyn.exe
  2⤵
  PID:9612
- C:\Windows\System\yfocTFW.exe
  C:\Windows\System\yfocTFW.exe
  2⤵
  PID:9632
- C:\Windows\System\Iunfmrq.exe
  C:\Windows\System\Iunfmrq.exe
  2⤵
  PID:9684
- C:\Windows\System\rdnmHXh.exe
  C:\Windows\System\rdnmHXh.exe
  2⤵
  PID:9708
- C:\Windows\System\KCRqtgS.exe
  C:\Windows\System\KCRqtgS.exe
  2⤵
  PID:9728
- C:\Windows\System\CYiCsgF.exe
  C:\Windows\System\CYiCsgF.exe
  2⤵
  PID:9756
- C:\Windows\System\pnGcbds.exe
  C:\Windows\System\pnGcbds.exe
  2⤵
  PID:9792
- C:\Windows\System\WsWsfGu.exe
  C:\Windows\System\WsWsfGu.exe
  2⤵
  PID:9820
- C:\Windows\System\TljXcUj.exe
  C:\Windows\System\TljXcUj.exe
  2⤵
  PID:9848
- C:\Windows\System\rmqGgrZ.exe
  C:\Windows\System\rmqGgrZ.exe
  2⤵
  PID:9876
- C:\Windows\System\spaHkTu.exe
  C:\Windows\System\spaHkTu.exe
  2⤵
  PID:9904
- C:\Windows\System\EzakQYW.exe
  C:\Windows\System\EzakQYW.exe
  2⤵
  PID:9932
- C:\Windows\System\PCcPRpU.exe
  C:\Windows\System\PCcPRpU.exe
  2⤵
  PID:9960
- C:\Windows\System\BKAekgJ.exe
  C:\Windows\System\BKAekgJ.exe
  2⤵
  PID:9992
- C:\Windows\System\rIwtfTJ.exe
  C:\Windows\System\rIwtfTJ.exe
  2⤵
  PID:10020
- C:\Windows\System\BTdIrVq.exe
  C:\Windows\System\BTdIrVq.exe
  2⤵
  PID:10048
- C:\Windows\System\IYlEUqC.exe
  C:\Windows\System\IYlEUqC.exe
  2⤵
  PID:10076
- C:\Windows\System\OmCKjpJ.exe
  C:\Windows\System\OmCKjpJ.exe
  2⤵
  PID:10104
- C:\Windows\System\blqvllI.exe
  C:\Windows\System\blqvllI.exe
  2⤵
  PID:10132
- C:\Windows\System\KaXrsJn.exe
  C:\Windows\System\KaXrsJn.exe
  2⤵
  PID:10160
- C:\Windows\System\JGFFoJO.exe
  C:\Windows\System\JGFFoJO.exe
  2⤵
  PID:10188
- C:\Windows\System\MaRkRbx.exe
  C:\Windows\System\MaRkRbx.exe
  2⤵
  PID:10216
- C:\Windows\System\kwevsea.exe
  C:\Windows\System\kwevsea.exe
  2⤵
  PID:3456
- C:\Windows\System\wHoYeXh.exe
  C:\Windows\System\wHoYeXh.exe
  2⤵
  PID:2728
- C:\Windows\System\lUCzsMC.exe
  C:\Windows\System\lUCzsMC.exe
  2⤵
  PID:9336
- C:\Windows\System\CmZNJJc.exe
  C:\Windows\System\CmZNJJc.exe
  2⤵
  PID:9392
- C:\Windows\System\WtQnYGN.exe
  C:\Windows\System\WtQnYGN.exe
  2⤵
  PID:9420
- C:\Windows\System\rCNrimn.exe
  C:\Windows\System\rCNrimn.exe
  2⤵
  PID:9476
- C:\Windows\System\DHybTDH.exe
  C:\Windows\System\DHybTDH.exe
  2⤵
  PID:9536
- C:\Windows\System\qGqmmIM.exe
  C:\Windows\System\qGqmmIM.exe
  2⤵
  PID:9620
- C:\Windows\System\tbAiBIn.exe
  C:\Windows\System\tbAiBIn.exe
  2⤵
  PID:9720
- C:\Windows\System\dIOcLIO.exe
  C:\Windows\System\dIOcLIO.exe
  2⤵
  PID:9784
- C:\Windows\System\pehEDxR.exe
  C:\Windows\System\pehEDxR.exe
  2⤵
  PID:9872
- C:\Windows\System\NcpdjwZ.exe
  C:\Windows\System\NcpdjwZ.exe
  2⤵
  PID:9916
- C:\Windows\System\bIzxMdv.exe
  C:\Windows\System\bIzxMdv.exe
  2⤵
  PID:9980
- C:\Windows\System\SqMCrLD.exe
  C:\Windows\System\SqMCrLD.exe
  2⤵
  PID:10044
- C:\Windows\System\yPHNyfo.exe
  C:\Windows\System\yPHNyfo.exe
  2⤵
  PID:10072
- C:\Windows\System\cRnDKtP.exe
  C:\Windows\System\cRnDKtP.exe
  2⤵
  PID:10096
- C:\Windows\System\jGVGjJE.exe
  C:\Windows\System\jGVGjJE.exe
  2⤵
  PID:10156
- C:\Windows\System\gqBlnTq.exe
  C:\Windows\System\gqBlnTq.exe
  2⤵
  PID:10228
- C:\Windows\System\WSXPmwE.exe
  C:\Windows\System\WSXPmwE.exe
  2⤵
  PID:10236
- C:\Windows\System\hzrlxNH.exe
  C:\Windows\System\hzrlxNH.exe
  2⤵
  PID:9308
- C:\Windows\System\qJSBrgP.exe
  C:\Windows\System\qJSBrgP.exe
  2⤵
  PID:9416
- C:\Windows\System\hzuhEau.exe
  C:\Windows\System\hzuhEau.exe
  2⤵
  PID:9512
- C:\Windows\System\CvXmCrY.exe
  C:\Windows\System\CvXmCrY.exe
  2⤵
  PID:9716
- C:\Windows\System\XhbDFcJ.exe
  C:\Windows\System\XhbDFcJ.exe
  2⤵
  PID:9400
- C:\Windows\System\JDbqZaI.exe
  C:\Windows\System\JDbqZaI.exe
  2⤵
  PID:8536
- C:\Windows\System\ujsVNVO.exe
  C:\Windows\System\ujsVNVO.exe
  2⤵
  PID:9840
- C:\Windows\System\bktNnzh.exe
  C:\Windows\System\bktNnzh.exe
  2⤵
  PID:10032
- C:\Windows\System\HFgXwEi.exe
  C:\Windows\System\HFgXwEi.exe
  2⤵
  PID:748
- C:\Windows\System\cbONmtC.exe
  C:\Windows\System\cbONmtC.exe
  2⤵
  PID:10208
- C:\Windows\System\NGwmxvT.exe
  C:\Windows\System\NGwmxvT.exe
  2⤵
  PID:2228
- C:\Windows\System\rrLNXmC.exe
  C:\Windows\System\rrLNXmC.exe
  2⤵
  PID:9284
- C:\Windows\System\GzPduSJ.exe
  C:\Windows\System\GzPduSJ.exe
  2⤵
  PID:9432
- C:\Windows\System\xPPnrMe.exe
  C:\Windows\System\xPPnrMe.exe
  2⤵
  PID:9752
- C:\Windows\System\xEklDwn.exe
  C:\Windows\System\xEklDwn.exe
  2⤵
  PID:9832
- C:\Windows\System\TqMqcSV.exe
  C:\Windows\System\TqMqcSV.exe
  2⤵
  PID:4952
- C:\Windows\System\QVYItDO.exe
  C:\Windows\System\QVYItDO.exe
  2⤵
  PID:9972
- C:\Windows\System\BpBtWNl.exe
  C:\Windows\System\BpBtWNl.exe
  2⤵
  PID:4912
- C:\Windows\System\GAeVkZW.exe
  C:\Windows\System\GAeVkZW.exe
  2⤵
  PID:5104
- C:\Windows\System\xfdFtlF.exe
  C:\Windows\System\xfdFtlF.exe
  2⤵
  PID:1692
- C:\Windows\System\gOCpTTe.exe
  C:\Windows\System\gOCpTTe.exe
  2⤵
  PID:1776
- C:\Windows\System\djtGkKN.exe
  C:\Windows\System\djtGkKN.exe
  2⤵
  PID:10248
- C:\Windows\System\MXLdeZa.exe
  C:\Windows\System\MXLdeZa.exe
  2⤵
  PID:10280
- C:\Windows\System\UHRhOSR.exe
  C:\Windows\System\UHRhOSR.exe
  2⤵
  PID:10308
- C:\Windows\System\GlHvnvo.exe
  C:\Windows\System\GlHvnvo.exe
  2⤵
  PID:10336
- C:\Windows\System\FtefBWt.exe
  C:\Windows\System\FtefBWt.exe
  2⤵
  PID:10364
- C:\Windows\System\AnSEpVF.exe
  C:\Windows\System\AnSEpVF.exe
  2⤵
  PID:10392
- C:\Windows\System\LFmKUYa.exe
  C:\Windows\System\LFmKUYa.exe
  2⤵
  PID:10420
- C:\Windows\System\ksyadlA.exe
  C:\Windows\System\ksyadlA.exe
  2⤵
  PID:10448
- C:\Windows\System\qMqYmct.exe
  C:\Windows\System\qMqYmct.exe
  2⤵
  PID:10476
- C:\Windows\System\ZDfyAuW.exe
  C:\Windows\System\ZDfyAuW.exe
  2⤵
  PID:10504
- C:\Windows\System\vWrrtLn.exe
  C:\Windows\System\vWrrtLn.exe
  2⤵
  PID:10532
- C:\Windows\System\qGUMLmQ.exe
  C:\Windows\System\qGUMLmQ.exe
  2⤵
  PID:10560
- C:\Windows\System\cUUWrUZ.exe
  C:\Windows\System\cUUWrUZ.exe
  2⤵
  PID:10588
- C:\Windows\System\jQdZkvY.exe
  C:\Windows\System\jQdZkvY.exe
  2⤵
  PID:10616
- C:\Windows\System\dPMgQas.exe
  C:\Windows\System\dPMgQas.exe
  2⤵
  PID:10644
- C:\Windows\System\TpjrESQ.exe
  C:\Windows\System\TpjrESQ.exe
  2⤵
  PID:10672
- C:\Windows\System\CLJodXI.exe
  C:\Windows\System\CLJodXI.exe
  2⤵
  PID:10700
- C:\Windows\System\UytWOsD.exe
  C:\Windows\System\UytWOsD.exe
  2⤵
  PID:10728
- C:\Windows\System\UkCTUFz.exe
  C:\Windows\System\UkCTUFz.exe
  2⤵
  PID:10768
- C:\Windows\System\oLpwQCF.exe
  C:\Windows\System\oLpwQCF.exe
  2⤵
  PID:10800
- C:\Windows\System\HqneDfH.exe
  C:\Windows\System\HqneDfH.exe
  2⤵
  PID:10836
- C:\Windows\System\TytQxwN.exe
  C:\Windows\System\TytQxwN.exe
  2⤵
  PID:10876
- C:\Windows\System\RCrFxDe.exe
  C:\Windows\System\RCrFxDe.exe
  2⤵
  PID:10904
- C:\Windows\System\hwNDXxW.exe
  C:\Windows\System\hwNDXxW.exe
  2⤵
  PID:10936
- C:\Windows\System\cVRRSKE.exe
  C:\Windows\System\cVRRSKE.exe
  2⤵
  PID:10956
- C:\Windows\System\rdPPNuO.exe
  C:\Windows\System\rdPPNuO.exe
  2⤵
  PID:10980
- C:\Windows\System\IknHqGl.exe
  C:\Windows\System\IknHqGl.exe
  2⤵
  PID:11008
- C:\Windows\System\uUmifWN.exe
  C:\Windows\System\uUmifWN.exe
  2⤵
  PID:11036
- C:\Windows\System\dpqcLZL.exe
  C:\Windows\System\dpqcLZL.exe
  2⤵
  PID:11064
- C:\Windows\System\gaQIvME.exe
  C:\Windows\System\gaQIvME.exe
  2⤵
  PID:11092
- C:\Windows\System\InkRYLR.exe
  C:\Windows\System\InkRYLR.exe
  2⤵
  PID:11128
- C:\Windows\System\KJItqSd.exe
  C:\Windows\System\KJItqSd.exe
  2⤵
  PID:11156
- C:\Windows\System\fGKqwQm.exe
  C:\Windows\System\fGKqwQm.exe
  2⤵
  PID:11184
- C:\Windows\System\tjFbaHR.exe
  C:\Windows\System\tjFbaHR.exe
  2⤵
  PID:11212
- C:\Windows\System\ECcZdeb.exe
  C:\Windows\System\ECcZdeb.exe
  2⤵
  PID:11240
- C:\Windows\System\fZFyZKe.exe
  C:\Windows\System\fZFyZKe.exe
  2⤵
  PID:10244
- C:\Windows\System\Mdflxrb.exe
  C:\Windows\System\Mdflxrb.exe
  2⤵
  PID:10324
- C:\Windows\System\lNbElDY.exe
  C:\Windows\System\lNbElDY.exe
  2⤵
  PID:10376
- C:\Windows\System\PwZizua.exe
  C:\Windows\System\PwZizua.exe
  2⤵
  PID:1284
- C:\Windows\System\omGRmzV.exe
  C:\Windows\System\omGRmzV.exe
  2⤵
  PID:10524
- C:\Windows\System\dDzgplg.exe
  C:\Windows\System\dDzgplg.exe
  2⤵
  PID:10556
- C:\Windows\System\FlCXHwD.exe
  C:\Windows\System\FlCXHwD.exe
  2⤵
  PID:10640
- C:\Windows\System\OMoCYtp.exe
  C:\Windows\System\OMoCYtp.exe
  2⤵
  PID:10684
- C:\Windows\System\IRKbRCo.exe
  C:\Windows\System\IRKbRCo.exe
  2⤵
  PID:10740
- C:\Windows\System\ClMmJra.exe
  C:\Windows\System\ClMmJra.exe
  2⤵
  PID:10780
- C:\Windows\System\CyHRHlz.exe
  C:\Windows\System\CyHRHlz.exe
  2⤵
  PID:10884
- C:\Windows\System\ilOeMNF.exe
  C:\Windows\System\ilOeMNF.exe
  2⤵
  PID:10920
- C:\Windows\System\eTHxnZb.exe
  C:\Windows\System\eTHxnZb.exe
  2⤵
  PID:11000
- C:\Windows\System\AUolbds.exe
  C:\Windows\System\AUolbds.exe
  2⤵
  PID:11060
- C:\Windows\System\BIFjHCl.exe
  C:\Windows\System\BIFjHCl.exe
  2⤵
  PID:11116
- C:\Windows\System\onAelPd.exe
  C:\Windows\System\onAelPd.exe
  2⤵
  PID:11176
- C:\Windows\System\ihYsXya.exe
  C:\Windows\System\ihYsXya.exe
  2⤵
  PID:11236
- C:\Windows\System\gnMeNiX.exe
  C:\Windows\System\gnMeNiX.exe
  2⤵
  PID:3472
- C:\Windows\System\efiTGVC.exe
  C:\Windows\System\efiTGVC.exe
  2⤵
  PID:10432
- C:\Windows\System\whCxOQU.exe
  C:\Windows\System\whCxOQU.exe
  2⤵
  PID:10544
- C:\Windows\System\xJCOPJO.exe
  C:\Windows\System\xJCOPJO.exe
  2⤵
  PID:10696
- C:\Windows\System\SwTjHMT.exe
  C:\Windows\System\SwTjHMT.exe
  2⤵
  PID:10860
- C:\Windows\System\HWvbfpw.exe
  C:\Windows\System\HWvbfpw.exe
  2⤵
  PID:10976
- C:\Windows\System\RwpeTDm.exe
  C:\Windows\System\RwpeTDm.exe
  2⤵
  PID:11112
- C:\Windows\System\kEGxfyA.exe
  C:\Windows\System\kEGxfyA.exe
  2⤵
  PID:8800
- C:\Windows\System\uVTpZBv.exe
  C:\Windows\System\uVTpZBv.exe
  2⤵
  PID:4904
- C:\Windows\System\cfbkrLB.exe
  C:\Windows\System\cfbkrLB.exe
  2⤵
  PID:10776
- C:\Windows\System\pgjarPb.exe
  C:\Windows\System\pgjarPb.exe
  2⤵
  PID:7288
- C:\Windows\System\UgppUVa.exe
  C:\Windows\System\UgppUVa.exe
  2⤵
  PID:2872
- C:\Windows\System\eYTKAlZ.exe
  C:\Windows\System\eYTKAlZ.exe
  2⤵
  PID:2888
- C:\Windows\System\dcgQkXP.exe
  C:\Windows\System\dcgQkXP.exe
  2⤵
  PID:11232
- C:\Windows\System\IyiIqDy.exe
  C:\Windows\System\IyiIqDy.exe
  2⤵
  PID:11280
- C:\Windows\System\SdxlQqU.exe
  C:\Windows\System\SdxlQqU.exe
  2⤵
  PID:11312
- C:\Windows\System\nEXcwIL.exe
  C:\Windows\System\nEXcwIL.exe
  2⤵
  PID:11340
- C:\Windows\System\LsVmjLo.exe
  C:\Windows\System\LsVmjLo.exe
  2⤵
  PID:11368
- C:\Windows\System\FQAQLiO.exe
  C:\Windows\System\FQAQLiO.exe
  2⤵
  PID:11396
- C:\Windows\System\MpTcZsX.exe
  C:\Windows\System\MpTcZsX.exe
  2⤵
  PID:11424
- C:\Windows\System\FDHArkt.exe
  C:\Windows\System\FDHArkt.exe
  2⤵
  PID:11452
- C:\Windows\System\FyyuEdP.exe
  C:\Windows\System\FyyuEdP.exe
  2⤵
  PID:11480
- C:\Windows\System\nRsWPax.exe
  C:\Windows\System\nRsWPax.exe
  2⤵
  PID:11508
- C:\Windows\System\YtrqSJm.exe
  C:\Windows\System\YtrqSJm.exe
  2⤵
  PID:11536
- C:\Windows\System\iAUeJZE.exe
  C:\Windows\System\iAUeJZE.exe
  2⤵
  PID:11564
- C:\Windows\System\OLkrpmY.exe
  C:\Windows\System\OLkrpmY.exe
  2⤵
  PID:11592
- C:\Windows\System\XxqsaCl.exe
  C:\Windows\System\XxqsaCl.exe
  2⤵
  PID:11620
- C:\Windows\System\LBUqLqE.exe
  C:\Windows\System\LBUqLqE.exe
  2⤵
  PID:11656
- C:\Windows\System\NVZfcEp.exe
  C:\Windows\System\NVZfcEp.exe
  2⤵
  PID:11684
- C:\Windows\System\fFsRWpY.exe
  C:\Windows\System\fFsRWpY.exe
  2⤵
  PID:11712
- C:\Windows\System\mevJYJn.exe
  C:\Windows\System\mevJYJn.exe
  2⤵
  PID:11740
- C:\Windows\System\dSbfBMM.exe
  C:\Windows\System\dSbfBMM.exe
  2⤵
  PID:11768
- C:\Windows\System\wgFHjHZ.exe
  C:\Windows\System\wgFHjHZ.exe
  2⤵
  PID:11796
- C:\Windows\System\zonZHxB.exe
  C:\Windows\System\zonZHxB.exe
  2⤵
  PID:11824
- C:\Windows\System\jbzahQX.exe
  C:\Windows\System\jbzahQX.exe
  2⤵
  PID:11852
- C:\Windows\System\qWXLvCo.exe
  C:\Windows\System\qWXLvCo.exe
  2⤵
  PID:11880
- C:\Windows\System\DVbuJbB.exe
  C:\Windows\System\DVbuJbB.exe
  2⤵
  PID:11908
- C:\Windows\System\QLxkQVY.exe
  C:\Windows\System\QLxkQVY.exe
  2⤵
  PID:11936
- C:\Windows\System\WAVLKyn.exe
  C:\Windows\System\WAVLKyn.exe
  2⤵
  PID:11964
- C:\Windows\System\BBQCuow.exe
  C:\Windows\System\BBQCuow.exe
  2⤵
  PID:12000
- C:\Windows\System\ZWrriaF.exe
  C:\Windows\System\ZWrriaF.exe
  2⤵
  PID:12020
- C:\Windows\System\wHzxYiy.exe
  C:\Windows\System\wHzxYiy.exe
  2⤵
  PID:12064
- C:\Windows\System\LcVMVPf.exe
  C:\Windows\System\LcVMVPf.exe
  2⤵
  PID:12092
- C:\Windows\System\LBNFpjr.exe
  C:\Windows\System\LBNFpjr.exe
  2⤵
  PID:12108
- C:\Windows\System\kkgewVb.exe
  C:\Windows\System\kkgewVb.exe
  2⤵
  PID:12136
- C:\Windows\System\GznsxlU.exe
  C:\Windows\System\GznsxlU.exe
  2⤵
  PID:12164
- C:\Windows\System\qxYtnDT.exe
  C:\Windows\System\qxYtnDT.exe
  2⤵
  PID:12204
- C:\Windows\System\oZuKtpR.exe
  C:\Windows\System\oZuKtpR.exe
  2⤵
  PID:12220
- C:\Windows\System\TPOsiog.exe
  C:\Windows\System\TPOsiog.exe
  2⤵
  PID:12248
- C:\Windows\System\ULKSQHM.exe
  C:\Windows\System\ULKSQHM.exe
  2⤵
  PID:12276
- C:\Windows\System\adMUHUt.exe
  C:\Windows\System\adMUHUt.exe
  2⤵
  PID:11304
- C:\Windows\System\iPHKFzw.exe
  C:\Windows\System\iPHKFzw.exe
  2⤵
  PID:11364
- C:\Windows\System\iOqaktb.exe
  C:\Windows\System\iOqaktb.exe
  2⤵
  PID:11436
- C:\Windows\System\wwkSvUH.exe
  C:\Windows\System\wwkSvUH.exe
  2⤵
  PID:11464
- C:\Windows\System\tVRJTWY.exe
  C:\Windows\System\tVRJTWY.exe
  2⤵
  PID:11528
- C:\Windows\System\WNlopAn.exe
  C:\Windows\System\WNlopAn.exe
  2⤵
  PID:11588
- C:\Windows\System\CBzOSNJ.exe
  C:\Windows\System\CBzOSNJ.exe
  2⤵
  PID:11644
- C:\Windows\System\GdUrDEi.exe
  C:\Windows\System\GdUrDEi.exe
  2⤵
  PID:11696
- C:\Windows\System\UrXMKSu.exe
  C:\Windows\System\UrXMKSu.exe
  2⤵
  PID:11760
- C:\Windows\System\atdRgpM.exe
  C:\Windows\System\atdRgpM.exe
  2⤵
  PID:11820
- C:\Windows\System\GTVDXcf.exe
  C:\Windows\System\GTVDXcf.exe
  2⤵
  PID:1524
- C:\Windows\System\GOJbjHg.exe
  C:\Windows\System\GOJbjHg.exe
  2⤵
  PID:2364
- C:\Windows\System\YBLmEno.exe
  C:\Windows\System\YBLmEno.exe
  2⤵
  PID:12008
- C:\Windows\System\VYdczwI.exe
  C:\Windows\System\VYdczwI.exe
  2⤵
  PID:12056
- C:\Windows\System\SKwvLNX.exe
  C:\Windows\System\SKwvLNX.exe
  2⤵
  PID:12120
- C:\Windows\System\iXQDlnn.exe
  C:\Windows\System\iXQDlnn.exe
  2⤵
  PID:12160
- C:\Windows\System\aJnffQC.exe
  C:\Windows\System\aJnffQC.exe
  2⤵
  PID:12240
- C:\Windows\System\pHbxTUU.exe
  C:\Windows\System\pHbxTUU.exe
  2⤵
  PID:100
- C:\Windows\System\PfcSUua.exe
  C:\Windows\System\PfcSUua.exe
  2⤵
  PID:11296
- C:\Windows\System\xssaVxG.exe
  C:\Windows\System\xssaVxG.exe
  2⤵
  PID:11360
- C:\Windows\System\DgTiTZY.exe
  C:\Windows\System\DgTiTZY.exe
  2⤵
  PID:11492
- C:\Windows\System\DPUdviR.exe
  C:\Windows\System\DPUdviR.exe
  2⤵
  PID:11520
- C:\Windows\System\FWjvnMh.exe
  C:\Windows\System\FWjvnMh.exe
  2⤵
  PID:4020
- C:\Windows\System\mYQbXlT.exe
  C:\Windows\System\mYQbXlT.exe
  2⤵
  PID:624
- C:\Windows\System\vZDsrfR.exe
  C:\Windows\System\vZDsrfR.exe
  2⤵
  PID:4444
- C:\Windows\System\SyXSttJ.exe
  C:\Windows\System\SyXSttJ.exe
  2⤵
  PID:2056
- C:\Windows\System\vjhuRAD.exe
  C:\Windows\System\vjhuRAD.exe
  2⤵
  PID:1836
- C:\Windows\System\Sevmolo.exe
  C:\Windows\System\Sevmolo.exe
  2⤵
  PID:11932
- C:\Windows\System\wwYKwha.exe
  C:\Windows\System\wwYKwha.exe
  2⤵
  PID:3576
- C:\Windows\System\sgUPXhW.exe
  C:\Windows\System\sgUPXhW.exe
  2⤵
  PID:12040
- C:\Windows\System\SMfUiIy.exe
  C:\Windows\System\SMfUiIy.exe
  2⤵
  PID:12188
- C:\Windows\System\RjMnbhN.exe
  C:\Windows\System\RjMnbhN.exe
  2⤵
  PID:1096
- C:\Windows\System\VXdPETS.exe
  C:\Windows\System\VXdPETS.exe
  2⤵
  PID:11088
- C:\Windows\System\QLnjTie.exe
  C:\Windows\System\QLnjTie.exe
  2⤵
  PID:2280
- C:\Windows\System\zaEPEQf.exe
  C:\Windows\System\zaEPEQf.exe
  2⤵
  PID:2664
- C:\Windows\System\iNYAnig.exe
  C:\Windows\System\iNYAnig.exe
  2⤵
  PID:1176
- C:\Windows\System\tQRoyit.exe
  C:\Windows\System\tQRoyit.exe
  2⤵
  PID:3564
- C:\Windows\System\uHmnHZK.exe
  C:\Windows\System\uHmnHZK.exe
  2⤵
  PID:3692
- C:\Windows\System\xAvxqvr.exe
  C:\Windows\System\xAvxqvr.exe
  2⤵
  PID:412
- C:\Windows\System\rdDnvty.exe
  C:\Windows\System\rdDnvty.exe
  2⤵
  PID:5228
- C:\Windows\System\Tbqsbob.exe
  C:\Windows\System\Tbqsbob.exe
  2⤵
  PID:4520
- C:\Windows\System\zdrzWRA.exe
  C:\Windows\System\zdrzWRA.exe
  2⤵
  PID:4764
- C:\Windows\System\WymiIdp.exe
  C:\Windows\System\WymiIdp.exe
  2⤵
  PID:4780
- C:\Windows\System\whAKsJF.exe
  C:\Windows\System\whAKsJF.exe
  2⤵
  PID:3664
- C:\Windows\System\MblbaKp.exe
  C:\Windows\System\MblbaKp.exe
  2⤵
  PID:3156
- C:\Windows\System\hIatcOV.exe
  C:\Windows\System\hIatcOV.exe
  2⤵
  PID:11332
- C:\Windows\System\XqaODaU.exe
  C:\Windows\System\XqaODaU.exe
  2⤵
  PID:5268
- C:\Windows\System\GhJefhj.exe
  C:\Windows\System\GhJefhj.exe
  2⤵
  PID:736
- C:\Windows\System\FBdVAYz.exe
  C:\Windows\System\FBdVAYz.exe
  2⤵
  PID:2212
- C:\Windows\System\ZtTMHaa.exe
  C:\Windows\System\ZtTMHaa.exe
  2⤵
  PID:1528
- C:\Windows\System\xoqjxtj.exe
  C:\Windows\System\xoqjxtj.exe
  2⤵
  PID:3936
- C:\Windows\System\NKBumWG.exe
  C:\Windows\System\NKBumWG.exe
  2⤵
  PID:9780
- C:\Windows\System\vyvXCye.exe
  C:\Windows\System\vyvXCye.exe
  2⤵
  PID:5464
- C:\Windows\System\sBnyyGG.exe
  C:\Windows\System\sBnyyGG.exe
  2⤵
  PID:5600
- C:\Windows\System\uDmAzTn.exe
  C:\Windows\System\uDmAzTn.exe
  2⤵
  PID:5332
- C:\Windows\System\DUfeTsb.exe
  C:\Windows\System\DUfeTsb.exe
  2⤵
  PID:680
- C:\Windows\System\LakmFox.exe
  C:\Windows\System\LakmFox.exe
  2⤵
  PID:4736
- C:\Windows\System\NOobwex.exe
  C:\Windows\System\NOobwex.exe
  2⤵
  PID:1120
- C:\Windows\System\AkaGmKW.exe
  C:\Windows\System\AkaGmKW.exe
  2⤵
  PID:11984
- C:\Windows\System\srUSLWr.exe
  C:\Windows\System\srUSLWr.exe
  2⤵
  PID:5780
- C:\Windows\System\jeLNDlx.exe
  C:\Windows\System\jeLNDlx.exe
  2⤵
  PID:5808
- C:\Windows\System\vzHimhP.exe
  C:\Windows\System\vzHimhP.exe
  2⤵
  PID:2776
- C:\Windows\System\aFacFsh.exe
  C:\Windows\System\aFacFsh.exe
  2⤵
  PID:5480
- C:\Windows\System\qYNvlcu.exe
  C:\Windows\System\qYNvlcu.exe
  2⤵
  PID:772
- C:\Windows\System\mXeAKQL.exe
  C:\Windows\System\mXeAKQL.exe
  2⤵
  PID:3964
- C:\Windows\System\JBZUsjn.exe
  C:\Windows\System\JBZUsjn.exe
  2⤵
  PID:5788
- C:\Windows\System\SjFHAek.exe
  C:\Windows\System\SjFHAek.exe
  2⤵
  PID:1588
- C:\Windows\System\PYhuBKk.exe
  C:\Windows\System\PYhuBKk.exe
  2⤵
  PID:5568
- C:\Windows\System\LhWUCYd.exe
  C:\Windows\System\LhWUCYd.exe
  2⤵
  PID:5436
- C:\Windows\System\TYMlues.exe
  C:\Windows\System\TYMlues.exe
  2⤵
  PID:4996
- C:\Windows\System\gqUHrVp.exe
  C:\Windows\System\gqUHrVp.exe
  2⤵
  PID:12292
- C:\Windows\System\FOlaQIP.exe
  C:\Windows\System\FOlaQIP.exe
  2⤵
  PID:12320
- C:\Windows\System\KRmouVb.exe
  C:\Windows\System\KRmouVb.exe
  2⤵
  PID:12348
- C:\Windows\System\nPGjgPm.exe
  C:\Windows\System\nPGjgPm.exe
  2⤵
  PID:12376
- C:\Windows\System\PCOiTAH.exe
  C:\Windows\System\PCOiTAH.exe
  2⤵
  PID:12404
- C:\Windows\System\bwmJjmP.exe
  C:\Windows\System\bwmJjmP.exe
  2⤵
  PID:12432
- C:\Windows\System\bRDyloV.exe
  C:\Windows\System\bRDyloV.exe
  2⤵
  PID:12460
- C:\Windows\System\qlOgwrU.exe
  C:\Windows\System\qlOgwrU.exe
  2⤵
  PID:12488
- C:\Windows\System\JzGvckp.exe
  C:\Windows\System\JzGvckp.exe
  2⤵
  PID:12516
- C:\Windows\System\sNykxPu.exe
  C:\Windows\System\sNykxPu.exe
  2⤵
  PID:12544
- C:\Windows\System\lRyPwTl.exe
  C:\Windows\System\lRyPwTl.exe
  2⤵
  PID:12572
- C:\Windows\System\KGfdDoq.exe
  C:\Windows\System\KGfdDoq.exe
  2⤵
  PID:12600
- C:\Windows\System\ilhVrEc.exe
  C:\Windows\System\ilhVrEc.exe
  2⤵
  PID:12628
- C:\Windows\System\BDTDGXU.exe
  C:\Windows\System\BDTDGXU.exe
  2⤵
  PID:12660
- C:\Windows\System\YbVdUrN.exe
  C:\Windows\System\YbVdUrN.exe
  2⤵
  PID:12692
- C:\Windows\System\pPDlfnv.exe
  C:\Windows\System\pPDlfnv.exe
  2⤵
  PID:12712
- C:\Windows\System\lAdmUGb.exe
  C:\Windows\System\lAdmUGb.exe
  2⤵
  PID:12740
- C:\Windows\System\TrKJYIC.exe
  C:\Windows\System\TrKJYIC.exe
  2⤵
  PID:12768
- C:\Windows\System\dPAcvCX.exe
  C:\Windows\System\dPAcvCX.exe
  2⤵
  PID:12796
- C:\Windows\System\gxPVJgV.exe
  C:\Windows\System\gxPVJgV.exe
  2⤵
  PID:12824
- C:\Windows\System\jdLhDUT.exe
  C:\Windows\System\jdLhDUT.exe
  2⤵
  PID:12852
- C:\Windows\System\VUEdMwt.exe
  C:\Windows\System\VUEdMwt.exe
  2⤵
  PID:12880
- C:\Windows\System\XBdXSPD.exe
  C:\Windows\System\XBdXSPD.exe
  2⤵
  PID:12908
- C:\Windows\System\GaXluVz.exe
  C:\Windows\System\GaXluVz.exe
  2⤵
  PID:12936
- C:\Windows\System\PRcMXLp.exe
  C:\Windows\System\PRcMXLp.exe
  2⤵
  PID:12968
- C:\Windows\System\PZXwphP.exe
  C:\Windows\System\PZXwphP.exe
  2⤵
  PID:12996
- C:\Windows\System\JUQUpbr.exe
  C:\Windows\System\JUQUpbr.exe
  2⤵
  PID:13024
- C:\Windows\System\NZZwtap.exe
  C:\Windows\System\NZZwtap.exe
  2⤵
  PID:13052
- C:\Windows\System\deZqrGz.exe
  C:\Windows\System\deZqrGz.exe
  2⤵
  PID:13080
- C:\Windows\System\cywQpmZ.exe
  C:\Windows\System\cywQpmZ.exe
  2⤵
  PID:13108
- C:\Windows\System\zkqnfiX.exe
  C:\Windows\System\zkqnfiX.exe
  2⤵
  PID:13136
- C:\Windows\System\jsWEJGw.exe
  C:\Windows\System\jsWEJGw.exe
  2⤵
  PID:13164
- C:\Windows\System\RlvAqlS.exe
  C:\Windows\System\RlvAqlS.exe
  2⤵
  PID:13192
- C:\Windows\System\QtrIPZC.exe
  C:\Windows\System\QtrIPZC.exe
  2⤵
  PID:13220
- C:\Windows\System\QakbnJk.exe
  C:\Windows\System\QakbnJk.exe
  2⤵
  PID:13248
- C:\Windows\System\teNpnjr.exe
  C:\Windows\System\teNpnjr.exe
  2⤵
  PID:13280
- C:\Windows\System\jiYkpHK.exe
  C:\Windows\System\jiYkpHK.exe
  2⤵
  PID:13304
- C:\Windows\System\iWTspDG.exe
  C:\Windows\System\iWTspDG.exe
  2⤵
  PID:5972
- C:\Windows\System\dKqhdfg.exe
  C:\Windows\System\dKqhdfg.exe
  2⤵
  PID:12372
- C:\Windows\System\FwtuwqI.exe
  C:\Windows\System\FwtuwqI.exe
  2⤵
  PID:12444
- C:\Windows\System\CdZKxrE.exe
  C:\Windows\System\CdZKxrE.exe
  2⤵
  PID:12500
- C:\Windows\System\IgvWvnH.exe
  C:\Windows\System\IgvWvnH.exe
  2⤵
  PID:12564
- C:\Windows\System\ZMWBjiv.exe
  C:\Windows\System\ZMWBjiv.exe
  2⤵
  PID:12620
- C:\Windows\System\BAmgGQs.exe
  C:\Windows\System\BAmgGQs.exe
  2⤵
  PID:12676
- C:\Windows\System\LeVMCvI.exe
  C:\Windows\System\LeVMCvI.exe
  2⤵
  PID:5144
- C:\Windows\System\XRYyLtw.exe
  C:\Windows\System\XRYyLtw.exe
  2⤵
  PID:12780
- C:\Windows\System\kOpakac.exe
  C:\Windows\System\kOpakac.exe
  2⤵
  PID:12844
- C:\Windows\System\VvdCHNB.exe
  C:\Windows\System\VvdCHNB.exe
  2⤵
  PID:12904
- C:\Windows\System\lBzOYah.exe
  C:\Windows\System\lBzOYah.exe
  2⤵
  PID:12960
- C:\Windows\System\GjqmbwR.exe
  C:\Windows\System\GjqmbwR.exe
  2⤵
  PID:13020
- C:\Windows\System\YEVowlD.exe
  C:\Windows\System\YEVowlD.exe
  2⤵
  PID:5416
- C:\Windows\System\sjhntJD.exe
  C:\Windows\System\sjhntJD.exe
  2⤵
  PID:5584
- C:\Windows\System\YcEtEVD.exe
  C:\Windows\System\YcEtEVD.exe
  2⤵
  PID:13128
- C:\Windows\System\EPWmkFy.exe
  C:\Windows\System\EPWmkFy.exe
  2⤵
  PID:13156
- C:\Windows\System\MqytErK.exe
  C:\Windows\System\MqytErK.exe
  2⤵
  PID:6016
- C:\Windows\System\rhYFcRW.exe
  C:\Windows\System\rhYFcRW.exe
  2⤵
  PID:6068
- C:\Windows\System\rURJbyr.exe
  C:\Windows\System\rURJbyr.exe
  2⤵
  PID:5816
- C:\Windows\System\brIAuGF.exe
  C:\Windows\System\brIAuGF.exe
  2⤵
  PID:12368
- C:\Windows\System\ntCSUPR.exe
  C:\Windows\System\ntCSUPR.exe
  2⤵
  PID:5844
- C:\Windows\System\pHWkFIm.exe
  C:\Windows\System\pHWkFIm.exe
  2⤵
  PID:12528
- C:\Windows\System\VfQwZXf.exe
  C:\Windows\System\VfQwZXf.exe
  2⤵
  PID:11556
- C:\Windows\System\ohMVDIN.exe
  C:\Windows\System\ohMVDIN.exe
  2⤵
  PID:12708
- C:\Windows\System\cbTGrbg.exe
  C:\Windows\System\cbTGrbg.exe
  2⤵
  PID:12808
- C:\Windows\System\IKXiAxH.exe
  C:\Windows\System\IKXiAxH.exe
  2⤵
  PID:12900
- C:\Windows\System\aLIlnbc.exe
  C:\Windows\System\aLIlnbc.exe
  2⤵
  PID:12992
- C:\Windows\System\fSLMuAP.exe
  C:\Windows\System\fSLMuAP.exe
  2⤵
  PID:13092
- C:\Windows\System\FxYVqLU.exe
  C:\Windows\System\FxYVqLU.exe
  2⤵
  PID:12016
- C:\Windows\System\CzwOzIQ.exe
  C:\Windows\System\CzwOzIQ.exe
  2⤵
  PID:13232
- C:\Windows\System\DeDUFQi.exe
  C:\Windows\System\DeDUFQi.exe
  2⤵
  PID:12340
- C:\Windows\System\GLOgCMe.exe
  C:\Windows\System\GLOgCMe.exe
  2⤵
  PID:12424
- C:\Windows\System\FnatKWg.exe
  C:\Windows\System\FnatKWg.exe
  2⤵
  PID:12556
- C:\Windows\System\nNvfLSO.exe
  C:\Windows\System\nNvfLSO.exe
  2⤵
  PID:6352
- C:\Windows\System\VQOMcUC.exe
  C:\Windows\System\VQOMcUC.exe
  2⤵
  PID:12872
- C:\Windows\System\KmEwyaP.exe
  C:\Windows\System\KmEwyaP.exe
  2⤵
  PID:5428
- C:\Windows\System\ROQMsJn.exe
  C:\Windows\System\ROQMsJn.exe
  2⤵
  PID:6420
- C:\Windows\System\IGwjFAU.exe
  C:\Windows\System\IGwjFAU.exe
  2⤵
  PID:6452
- C:\Windows\System\ZCaQyOb.exe
  C:\Windows\System\ZCaQyOb.exe
  2⤵
  PID:6484
- C:\Windows\System\GvwKjgS.exe
  C:\Windows\System\GvwKjgS.exe
  2⤵
  PID:6508
- C:\Windows\System\QNTpKCc.exe
  C:\Windows\System\QNTpKCc.exe
  2⤵
  PID:6380
- C:\Windows\System\SXBhhsI.exe
  C:\Windows\System\SXBhhsI.exe
  2⤵
  PID:5888
- C:\Windows\System\ivJvMSK.exe
  C:\Windows\System\ivJvMSK.exe
  2⤵
  PID:12312
- C:\Windows\System\DuLXGcs.exe
  C:\Windows\System\DuLXGcs.exe
  2⤵
  PID:6712
- C:\Windows\System\VREqhMC.exe
  C:\Windows\System\VREqhMC.exe
  2⤵
  PID:6628
- C:\Windows\System\QxJlQVB.exe
  C:\Windows\System\QxJlQVB.exe
  2⤵
  PID:2940
- C:\Windows\System\WFBoKUh.exe
  C:\Windows\System\WFBoKUh.exe
  2⤵
  PID:4220
- C:\Windows\System\JIsFeXe.exe
  C:\Windows\System\JIsFeXe.exe
  2⤵
  PID:2796
- C:\Windows\System\tFWdWFq.exe
  C:\Windows\System\tFWdWFq.exe
  2⤵
  PID:12132
- C:\Windows\System\qjCyrSF.exe
  C:\Windows\System\qjCyrSF.exe
  2⤵
  PID:6920
- C:\Windows\System\oqczLUp.exe
  C:\Windows\System\oqczLUp.exe
  2⤵
  PID:2060
- C:\Windows\System\EtmFzcU.exe
  C:\Windows\System\EtmFzcU.exe
  2⤵
  PID:6976
- C:\Windows\System\PkVWBFP.exe
  C:\Windows\System\PkVWBFP.exe
  2⤵
  PID:6928
- C:\Windows\System\cwpiLJc.exe
  C:\Windows\System\cwpiLJc.exe
  2⤵
  PID:3732
- C:\Windows\System\iCCIvPZ.exe
  C:\Windows\System\iCCIvPZ.exe
  2⤵
  PID:6840
- C:\Windows\System\zbNxzoC.exe
  C:\Windows\System\zbNxzoC.exe
  2⤵
  PID:6984
- C:\Windows\System\jMjVgDE.exe
  C:\Windows\System\jMjVgDE.exe
  2⤵
  PID:7164
- C:\Windows\System\irVMQMA.exe
  C:\Windows\System\irVMQMA.exe
  2⤵
  PID:11844
- C:\Windows\System\zPiedxq.exe
  C:\Windows\System\zPiedxq.exe
  2⤵
  PID:13340
- C:\Windows\System\UYGswGx.exe
  C:\Windows\System\UYGswGx.exe
  2⤵
  PID:13368
- C:\Windows\System\WOZPngN.exe
  C:\Windows\System\WOZPngN.exe
  2⤵
  PID:13396
- C:\Windows\System\MQUNgrv.exe
  C:\Windows\System\MQUNgrv.exe
  2⤵
  PID:13424
- C:\Windows\System\HgRNvCe.exe
  C:\Windows\System\HgRNvCe.exe
  2⤵
  PID:13452
- C:\Windows\System\lvsEuQX.exe
  C:\Windows\System\lvsEuQX.exe
  2⤵
  PID:13480
- C:\Windows\System\gkjuVdi.exe
  C:\Windows\System\gkjuVdi.exe
  2⤵
  PID:13508
- C:\Windows\System\rTgnpNF.exe
  C:\Windows\System\rTgnpNF.exe
  2⤵
  PID:13536
- C:\Windows\System\jYjcrvb.exe
  C:\Windows\System\jYjcrvb.exe
  2⤵
  PID:13564
- C:\Windows\System\mCNBgZe.exe
  C:\Windows\System\mCNBgZe.exe
  2⤵
  PID:13592
- C:\Windows\System\iPQPkrs.exe
  C:\Windows\System\iPQPkrs.exe
  2⤵
  PID:13620
- C:\Windows\System\lcuEItW.exe
  C:\Windows\System\lcuEItW.exe
  2⤵
  PID:13648
- C:\Windows\System\LOodwWj.exe
  C:\Windows\System\LOodwWj.exe
  2⤵
  PID:13676
- C:\Windows\System\bZMffbq.exe
  C:\Windows\System\bZMffbq.exe
  2⤵
  PID:13704
- C:\Windows\System\fJnRjTs.exe
  C:\Windows\System\fJnRjTs.exe
  2⤵
  PID:13732
- C:\Windows\System\mnTaVxz.exe
  C:\Windows\System\mnTaVxz.exe
  2⤵
  PID:13760
- C:\Windows\System\scryIkY.exe
  C:\Windows\System\scryIkY.exe
  2⤵
  PID:13776
- C:\Windows\System\LIGOvIK.exe
  C:\Windows\System\LIGOvIK.exe
  2⤵
  PID:13816
- C:\Windows\System\vHwdWAm.exe
  C:\Windows\System\vHwdWAm.exe
  2⤵
  PID:13844
- C:\Windows\System\IxYcSmk.exe
  C:\Windows\System\IxYcSmk.exe
  2⤵
  PID:13872
- C:\Windows\System\eVfXULe.exe
  C:\Windows\System\eVfXULe.exe
  2⤵
  PID:13900
- C:\Windows\System\AxuDZKu.exe
  C:\Windows\System\AxuDZKu.exe
  2⤵
  PID:13928
- C:\Windows\System\DZicbew.exe
  C:\Windows\System\DZicbew.exe
  2⤵
  PID:13956
- C:\Windows\System\VkpwHSM.exe
  C:\Windows\System\VkpwHSM.exe
  2⤵
  PID:13984
- C:\Windows\System\hcWFBSg.exe
  C:\Windows\System\hcWFBSg.exe
  2⤵
  PID:14028
- C:\Windows\System\kcvYhcP.exe
  C:\Windows\System\kcvYhcP.exe
  2⤵
  PID:14044
- C:\Windows\System\RpMhOlM.exe
  C:\Windows\System\RpMhOlM.exe
  2⤵
  PID:14072
- C:\Windows\System\OKFdKVF.exe
  C:\Windows\System\OKFdKVF.exe
  2⤵
  PID:14100
- C:\Windows\System\DuTIgKJ.exe
  C:\Windows\System\DuTIgKJ.exe
  2⤵
  PID:14128
- C:\Windows\System\GuREkfG.exe
  C:\Windows\System\GuREkfG.exe
  2⤵
  PID:14156
- C:\Windows\System\IMwEFGC.exe
  C:\Windows\System\IMwEFGC.exe
  2⤵
  PID:14184
- C:\Windows\System\XqjqwdQ.exe
  C:\Windows\System\XqjqwdQ.exe
  2⤵
  PID:14212
- C:\Windows\System\ClWqphw.exe
  C:\Windows\System\ClWqphw.exe
  2⤵
  PID:14240
- C:\Windows\System\lwoGNhc.exe
  C:\Windows\System\lwoGNhc.exe
  2⤵
  PID:14268
- C:\Windows\System\OlPUdgW.exe
  C:\Windows\System\OlPUdgW.exe
  2⤵
  PID:14288
- C:\Windows\System\ZnFGGEG.exe
  C:\Windows\System\ZnFGGEG.exe
  2⤵
  PID:14324
- C:\Windows\System\mGQpgFW.exe
  C:\Windows\System\mGQpgFW.exe
  2⤵
  PID:13332
- C:\Windows\System\NjQBUYi.exe
  C:\Windows\System\NjQBUYi.exe
  2⤵
  PID:13380
- C:\Windows\System\utecIwJ.exe
  C:\Windows\System\utecIwJ.exe
  2⤵
  PID:13420
- C:\Windows\System\vvoGqnK.exe
  C:\Windows\System\vvoGqnK.exe
  2⤵
  PID:13492
- C:\Windows\System\DmAPbIn.exe
  C:\Windows\System\DmAPbIn.exe
  2⤵
  PID:13532
- C:\Windows\System\fxOLkLL.exe
  C:\Windows\System\fxOLkLL.exe
  2⤵
  PID:13584
- C:\Windows\System\ffPSvJa.exe
  C:\Windows\System\ffPSvJa.exe
  2⤵
  PID:6640
- C:\Windows\System\AaIrSuj.exe
  C:\Windows\System\AaIrSuj.exe
  2⤵
  PID:6680
- C:\Windows\System\vmjODCV.exe
  C:\Windows\System\vmjODCV.exe
  2⤵
  PID:6740
- C:\Windows\System\AUvCbXo.exe
  C:\Windows\System\AUvCbXo.exe
  2⤵
  PID:6772
- C:\Windows\System\HyCTNCl.exe
  C:\Windows\System\HyCTNCl.exe
  2⤵
  PID:13756
- C:\Windows\System\eJrIgua.exe
  C:\Windows\System\eJrIgua.exe
  2⤵
  PID:13796
- C:\Windows\System\ISHGoxo.exe
  C:\Windows\System\ISHGoxo.exe
  2⤵
  PID:13828
- C:\Windows\System\SPRlewU.exe
  C:\Windows\System\SPRlewU.exe
  2⤵
  PID:6972
- C:\Windows\System\akKdrAg.exe
  C:\Windows\System\akKdrAg.exe
  2⤵
  PID:13912
- C:\Windows\System\hFJnGhN.exe
  C:\Windows\System\hFJnGhN.exe
  2⤵
  PID:13968
- C:\Windows\System\AAISiFF.exe
  C:\Windows\System\AAISiFF.exe
  2⤵
  PID:5392
- C:\Windows\System\WftvocM.exe
  C:\Windows\System\WftvocM.exe
  2⤵
  PID:5156
- C:\Windows\System\erQCrZk.exe
  C:\Windows\System\erQCrZk.exe
  2⤵
  PID:14040
- C:\Windows\System\KWFjpHa.exe
  C:\Windows\System\KWFjpHa.exe
  2⤵
  PID:6632
- C:\Windows\System\vYqbeEQ.exe
  C:\Windows\System\vYqbeEQ.exe
  2⤵
  PID:6912
- C:\Windows\System\zseGyxr.exe
  C:\Windows\System\zseGyxr.exe
  2⤵
  PID:7052
- C:\Windows\System\tqMjQWY.exe
  C:\Windows\System\tqMjQWY.exe
  2⤵
  PID:14204
- C:\Windows\System\wDTfvfH.exe
  C:\Windows\System\wDTfvfH.exe
  2⤵
  PID:6676
- C:\Windows\System\JkXuwKu.exe
  C:\Windows\System\JkXuwKu.exe
  2⤵
  PID:14308
- C:\Windows\System\vctzfFv.exe
  C:\Windows\System\vctzfFv.exe
  2⤵
  PID:13360
- C:\Windows\System\XyFCbxW.exe
  C:\Windows\System\XyFCbxW.exe
  2⤵
  PID:13416
- C:\Windows\System\FcEwEyW.exe
  C:\Windows\System\FcEwEyW.exe
  2⤵
  PID:6384
- C:\Windows\System\hRrNzTZ.exe
  C:\Windows\System\hRrNzTZ.exe
  2⤵
  PID:13612
- C:\Windows\System\jiiHBzV.exe
  C:\Windows\System\jiiHBzV.exe
  2⤵
  PID:13644
- C:\Windows\System\JGTBROv.exe
  C:\Windows\System\JGTBROv.exe
  2⤵
  PID:13688
- C:\Windows\System\IWGisev.exe
  C:\Windows\System\IWGisev.exe
  2⤵
  PID:13744
- C:\Windows\System\eUunnVs.exe
  C:\Windows\System\eUunnVs.exe
  2⤵
  PID:11632
- C:\Windows\System\OdXatwx.exe
  C:\Windows\System\OdXatwx.exe
  2⤵
  PID:13864
- C:\Windows\System\fNZLCDm.exe
  C:\Windows\System\fNZLCDm.exe
  2⤵
  PID:7576
- C:\Windows\System\tZkozOk.exe
  C:\Windows\System\tZkozOk.exe
  2⤵
  PID:2804
- C:\Windows\System\VYOAsaq.exe
  C:\Windows\System\VYOAsaq.exe
  2⤵
  PID:3800
- C:\Windows\System\TDIBTQW.exe
  C:\Windows\System\TDIBTQW.exe
  2⤵
  PID:7676
- C:\Windows\System\getHJHN.exe
  C:\Windows\System\getHJHN.exe
  2⤵
  PID:7736
- C:\Windows\System\DxJHtsF.exe
  C:\Windows\System\DxJHtsF.exe
  2⤵
  PID:14168
- C:\Windows\System\zdTprtz.exe
  C:\Windows\System\zdTprtz.exe
  2⤵
  PID:6164
- C:\Windows\System\vOOiGEI.exe
  C:\Windows\System\vOOiGEI.exe
  2⤵
  PID:14264
- C:\Windows\System\iDqYChe.exe
  C:\Windows\System\iDqYChe.exe
  2⤵
  PID:6152
- C:\Windows\System\ZzapBpP.exe
  C:\Windows\System\ZzapBpP.exe
  2⤵
  PID:7908
- C:\Windows\System\dkUYzIT.exe
  C:\Windows\System\dkUYzIT.exe
  2⤵
  PID:13576
- C:\Windows\System\sFBpBcN.exe
  C:\Windows\System\sFBpBcN.exe
  2⤵
  PID:6688
- C:\Windows\System\mqlLnpU.exe
  C:\Windows\System\mqlLnpU.exe
  2⤵
  PID:13724
- C:\Windows\System\iHxTpBr.exe
  C:\Windows\System\iHxTpBr.exe
  2⤵
  PID:7496
- C:\Windows\System\AapOUXz.exe
  C:\Windows\System\AapOUXz.exe
  2⤵
  PID:8072
- C:\Windows\System\KPFagLt.exe
  C:\Windows\System\KPFagLt.exe
  2⤵
  PID:13952
- C:\Windows\System\SyBbuqB.exe
  C:\Windows\System\SyBbuqB.exe
  2⤵
  PID:6552
- C:\Windows\System\KbKPnIY.exe
  C:\Windows\System\KbKPnIY.exe
  2⤵
  PID:14124
- C:\Windows\System\gkYqCex.exe
  C:\Windows\System\gkYqCex.exe
  2⤵
  PID:7788
- C:\Windows\System\TNSRhnr.exe
  C:\Windows\System\TNSRhnr.exe
  2⤵
  PID:7404
- C:\Windows\System\AAoWiVv.exe
  C:\Windows\System\AAoWiVv.exe
  2⤵
  PID:13408
- C:\Windows\System\UGjYmEx.exe
  C:\Windows\System\UGjYmEx.exe
  2⤵
  PID:7600
- C:\Windows\System\ogmszAk.exe
  C:\Windows\System\ogmszAk.exe
  2⤵
  PID:6968
- C:\Windows\System\cQQKQyr.exe
  C:\Windows\System\cQQKQyr.exe
  2⤵
  PID:8020
- C:\Windows\System\ELhlpih.exe
  C:\Windows\System\ELhlpih.exe
  2⤵
  PID:5776
- C:\Windows\System\JNquRGL.exe
  C:\Windows\System\JNquRGL.exe
  2⤵
  PID:7880
- C:\Windows\System\jTuMPJr.exe
  C:\Windows\System\jTuMPJr.exe
  2⤵
  PID:7704
- C:\Windows\System\dtajpDs.exe
  C:\Windows\System\dtajpDs.exe
  2⤵
  PID:14236
- C:\Windows\System\nBBhTDf.exe
  C:\Windows\System\nBBhTDf.exe
  2⤵
  PID:8160
- C:\Windows\System\mvcNzCU.exe
  C:\Windows\System\mvcNzCU.exe
  2⤵
  PID:6644
- C:\Windows\System\dgOeUKR.exe
  C:\Windows\System\dgOeUKR.exe
  2⤵
  PID:7412
- C:\Windows\System\aHQPRvt.exe
  C:\Windows\System\aHQPRvt.exe
  2⤵
  PID:7604
- C:\Windows\System\jdBHADI.exe
  C:\Windows\System\jdBHADI.exe
  2⤵
  PID:7780
- C:\Windows\System\vUytXjA.exe
  C:\Windows\System\vUytXjA.exe
  2⤵
  PID:7804
- C:\Windows\System\FcQTySE.exe
  C:\Windows\System\FcQTySE.exe
  2⤵
  PID:7316
- C:\Windows\System\EbBSXcs.exe
  C:\Windows\System\EbBSXcs.exe
  2⤵
  PID:7464
- C:\Windows\System\tBBXJgx.exe
  C:\Windows\System\tBBXJgx.exe
  2⤵
  PID:5292
- C:\Windows\System\QzeUbnx.exe
  C:\Windows\System\QzeUbnx.exe
  2⤵
  PID:7960
- C:\Windows\System\xIkkZNV.exe
  C:\Windows\System\xIkkZNV.exe
  2⤵
  PID:5984
- C:\Windows\System\zNhsxtq.exe
  C:\Windows\System\zNhsxtq.exe
  2⤵
  PID:7432
- C:\Windows\System\hFwaOuI.exe
  C:\Windows\System\hFwaOuI.exe
  2⤵
  PID:8180
- C:\Windows\System\tRKnURf.exe
  C:\Windows\System\tRKnURf.exe
  2⤵
  PID:5656
- C:\Windows\System\rukCSTL.exe
  C:\Windows\System\rukCSTL.exe
  2⤵
  PID:8108
- C:\Windows\System\VOPaKpq.exe
  C:\Windows\System\VOPaKpq.exe
  2⤵
  PID:8252
- C:\Windows\System\EwzmcLP.exe
  C:\Windows\System\EwzmcLP.exe
  2⤵
  PID:5868
- C:\Windows\System\HpnPLwl.exe
  C:\Windows\System\HpnPLwl.exe
  2⤵
  PID:14252
- C:\Windows\System\aaSxfjk.exe
  C:\Windows\System\aaSxfjk.exe
  2⤵
  PID:8360
- C:\Windows\System\IkVDBAR.exe
  C:\Windows\System\IkVDBAR.exe
  2⤵
  PID:5884
- C:\Windows\System\LvxCgtD.exe
  C:\Windows\System\LvxCgtD.exe
  2⤵
  PID:8452
- C:\Windows\System\JEBkcJB.exe
  C:\Windows\System\JEBkcJB.exe
  2⤵
  PID:8388
- C:\Windows\System\mTGRgHP.exe
  C:\Windows\System\mTGRgHP.exe
  2⤵
  PID:14356
- C:\Windows\System\CqZOPGw.exe
  C:\Windows\System\CqZOPGw.exe
  2⤵
  PID:14388
- C:\Windows\System\lQtRxat.exe
  C:\Windows\System\lQtRxat.exe
  2⤵
  PID:14416
- C:\Windows\System\wDvoyLz.exe
  C:\Windows\System\wDvoyLz.exe
  2⤵
  PID:14444
- C:\Windows\System\ABEEGpQ.exe
  C:\Windows\System\ABEEGpQ.exe
  2⤵
  PID:14472
- C:\Windows\System\NWToPpw.exe
  C:\Windows\System\NWToPpw.exe
  2⤵
  PID:14500
- C:\Windows\System\iXaAjzr.exe
  C:\Windows\System\iXaAjzr.exe
  2⤵
  PID:14528
- C:\Windows\System\PyoQFJS.exe
  C:\Windows\System\PyoQFJS.exe
  2⤵
  PID:14616
- C:\Windows\System\SiwfMmX.exe
  C:\Windows\System\SiwfMmX.exe
  2⤵
  PID:14676
- C:\Windows\System\waQsATB.exe
  C:\Windows\System\waQsATB.exe
  2⤵
  PID:14692
- C:\Windows\System\NhYjSDP.exe
  C:\Windows\System\NhYjSDP.exe
  2⤵
  PID:14720
- C:\Windows\System\QBFTbrZ.exe
  C:\Windows\System\QBFTbrZ.exe
  2⤵
  PID:14928
- C:\Windows\System\bECXeub.exe
  C:\Windows\System\bECXeub.exe
  2⤵
  PID:14952
- C:\Windows\System\jXRtBoR.exe
  C:\Windows\System\jXRtBoR.exe
  2⤵
  PID:14976
- C:\Windows\System\aNqpdaE.exe
  C:\Windows\System\aNqpdaE.exe
  2⤵
  PID:15004
- C:\Windows\System\gPtUTMn.exe
  C:\Windows\System\gPtUTMn.exe
  2⤵
  PID:15032
- C:\Windows\System\JzQZvNz.exe
  C:\Windows\System\JzQZvNz.exe
  2⤵
  PID:15060
- C:\Windows\System\lypGxde.exe
  C:\Windows\System\lypGxde.exe
  2⤵
  PID:15088
- C:\Windows\System\ZFjzkLb.exe
  C:\Windows\System\ZFjzkLb.exe
  2⤵
  PID:15116
- C:\Windows\System\yDesSVL.exe
  C:\Windows\System\yDesSVL.exe
  2⤵
  PID:15144
- C:\Windows\System\BRbyyBG.exe
  C:\Windows\System\BRbyyBG.exe
  2⤵
  PID:15172
- C:\Windows\System\qxzwpEi.exe
  C:\Windows\System\qxzwpEi.exe
  2⤵
  PID:15200
- C:\Windows\System\BSUnIVY.exe
  C:\Windows\System\BSUnIVY.exe
  2⤵
  PID:15228
- C:\Windows\System\nCMZFOv.exe
  C:\Windows\System\nCMZFOv.exe
  2⤵
  PID:15256
- C:\Windows\System\dRHQKEZ.exe
  C:\Windows\System\dRHQKEZ.exe
  2⤵
  PID:15284
- C:\Windows\System\TyvpagG.exe
  C:\Windows\System\TyvpagG.exe
  2⤵
  PID:15312
- C:\Windows\System\VSdIwyp.exe
  C:\Windows\System\VSdIwyp.exe
  2⤵
  PID:15340
- C:\Windows\System\AAZFQxP.exe
  C:\Windows\System\AAZFQxP.exe
  2⤵
  PID:14348
- C:\Windows\System\ROoDVOT.exe
  C:\Windows\System\ROoDVOT.exe
  2⤵
  PID:8556
- C:\Windows\System\EnyeOZp.exe
  C:\Windows\System\EnyeOZp.exe
  2⤵
  PID:8652
- C:\Windows\System\nygGsel.exe
  C:\Windows\System\nygGsel.exe
  2⤵
  PID:14440
- C:\Windows\System\QXgXrua.exe
  C:\Windows\System\QXgXrua.exe
  2⤵
  PID:14484
- C:\Windows\System\nXBlQAl.exe
  C:\Windows\System\nXBlQAl.exe
  2⤵
  PID:14596
- C:\Windows\System\sURtCHQ.exe
  C:\Windows\System\sURtCHQ.exe
  2⤵
  PID:8904
- C:\Windows\System\YIEXHnu.exe
  C:\Windows\System\YIEXHnu.exe
  2⤵
  PID:14628
- C:\Windows\System\jOnCpUQ.exe
  C:\Windows\System\jOnCpUQ.exe
  2⤵
  PID:14648
- C:\Windows\System\bAptSWC.exe
  C:\Windows\System\bAptSWC.exe
  2⤵
  PID:6112
- C:\Windows\System\mITzvcE.exe
  C:\Windows\System\mITzvcE.exe
  2⤵
  PID:14688
- C:\Windows\System\UYMYpAU.exe
  C:\Windows\System\UYMYpAU.exe
  2⤵
  PID:9104
- C:\Windows\System\OVgLGGS.exe
  C:\Windows\System\OVgLGGS.exe
  2⤵
  PID:14760
- C:\Windows\System\VkpVKuJ.exe
  C:\Windows\System\VkpVKuJ.exe
  2⤵
  PID:9172
- C:\Windows\System\gsZhhCg.exe
  C:\Windows\System\gsZhhCg.exe
  2⤵
  PID:14780
- C:\Windows\System\JYOEmma.exe
  C:\Windows\System\JYOEmma.exe
  2⤵
  PID:14800
- C:\Windows\System\IrDQmMH.exe
  C:\Windows\System\IrDQmMH.exe
  2⤵
  PID:8320
- C:\Windows\System\WdWtcCI.exe
  C:\Windows\System\WdWtcCI.exe
  2⤵
  PID:448
- C:\Windows\System\SbMFGTe.exe
  C:\Windows\System\SbMFGTe.exe
  2⤵
  PID:14916
- C:\Windows\System\uICDTfZ.exe
  C:\Windows\System\uICDTfZ.exe
  2⤵
  PID:9072
- C:\Windows\System\bbcsNTN.exe
  C:\Windows\System\bbcsNTN.exe
  2⤵
  PID:14940
- C:\Windows\System\UnelRmD.exe
  C:\Windows\System\UnelRmD.exe
  2⤵
  PID:14968
- C:\Windows\System\ZvWNVWL.exe
  C:\Windows\System\ZvWNVWL.exe
  2⤵
  PID:15028
- C:\Windows\System\Cncdfci.exe
  C:\Windows\System\Cncdfci.exe
  2⤵
  PID:8336
- C:\Windows\System\SxFyLzL.exe
  C:\Windows\System\SxFyLzL.exe
  2⤵
  PID:15108
- C:\Windows\System\OIKRFmw.exe
  C:\Windows\System\OIKRFmw.exe
  2⤵
  PID:15136
- C:\Windows\System\ODcVxRU.exe
  C:\Windows\System\ODcVxRU.exe
  2⤵
  PID:8604
- C:\Windows\System\KndHanj.exe
  C:\Windows\System\KndHanj.exe
  2⤵
  PID:15224
- C:\Windows\System\uVNqhdd.exe
  C:\Windows\System\uVNqhdd.exe
  2⤵
  PID:1372
- C:\Windows\System\TSNIGBy.exe
  C:\Windows\System\TSNIGBy.exe
  2⤵
  PID:15304
- C:\Windows\System\GORLOrz.exe
  C:\Windows\System\GORLOrz.exe
  2⤵
  PID:15332
- C:\Windows\System\luSapDX.exe
  C:\Windows\System\luSapDX.exe
  2⤵
  PID:7660
- C:\Windows\System\AedEtmi.exe
  C:\Windows\System\AedEtmi.exe
  2⤵
  PID:4568
- C:\Windows\System\xcXDTxU.exe
  C:\Windows\System\xcXDTxU.exe
  2⤵
  PID:5948
- C:\Windows\System\JOpjUed.exe
  C:\Windows\System\JOpjUed.exe
  2⤵
  PID:4564
- C:\Windows\System\fqLrQhf.exe
  C:\Windows\System\fqLrQhf.exe
  2⤵
  PID:9220
- C:\Windows\System\FjWHTNf.exe
  C:\Windows\System\FjWHTNf.exe
  2⤵
  PID:8848
- C:\Windows\System\hNYYAjC.exe
  C:\Windows\System\hNYYAjC.exe
  2⤵
  PID:9248
- C:\Windows\System\yawuNdT.exe
  C:\Windows\System\yawuNdT.exe
  2⤵
  PID:14456
- C:\Windows\System\jIpeRjg.exe
  C:\Windows\System\jIpeRjg.exe
  2⤵
  PID:9332
- C:\Windows\System\MnaGjfq.exe
  C:\Windows\System\MnaGjfq.exe
  2⤵
  PID:14624
- C:\Windows\System\HmIsEME.exe
  C:\Windows\System\HmIsEME.exe
  2⤵
  PID:9020
- C:\Windows\System\PORxQHM.exe
  C:\Windows\System\PORxQHM.exe
  2⤵
  PID:9436
- C:\Windows\System\RQjIvun.exe
  C:\Windows\System\RQjIvun.exe
  2⤵
  PID:14748
- C:\Windows\System\zkzyTmc.exe
  C:\Windows\System\zkzyTmc.exe
  2⤵
  PID:14768
- C:\Windows\System\PQCqBss.exe
  C:\Windows\System\PQCqBss.exe
  2⤵
  PID:14776
- C:\Windows\System\cOzoSvY.exe
  C:\Windows\System\cOzoSvY.exe
  2⤵
  PID:9564
- C:\Windows\System\BoudGoz.exe
  C:\Windows\System\BoudGoz.exe
  2⤵
  PID:9576
- C:\Windows\System\UusVPpH.exe
  C:\Windows\System\UusVPpH.exe
  2⤵
  PID:14832
- C:\Windows\System\kkbfQri.exe
  C:\Windows\System\kkbfQri.exe
  2⤵
  PID:6564
- C:\Windows\System\ovIXiMR.exe
  C:\Windows\System\ovIXiMR.exe
  2⤵
  PID:8620
- C:\Windows\System\cRrgMCc.exe
  C:\Windows\System\cRrgMCc.exe
  2⤵
  PID:14896
- C:\Windows\System\WdZjXNj.exe
  C:\Windows\System\WdZjXNj.exe
  2⤵
  PID:14912
- C:\Windows\System\OPzlRbB.exe
  C:\Windows\System\OPzlRbB.exe
  2⤵
  PID:5664
- C:\Windows\System\ohdbukK.exe
  C:\Windows\System\ohdbukK.exe
  2⤵
  PID:14924
- C:\Windows\System\RIlgSYg.exe
  C:\Windows\System\RIlgSYg.exe
  2⤵
  PID:9892
- C:\Windows\System\fFYLFWS.exe
  C:\Windows\System\fFYLFWS.exe
  2⤵
  PID:15084
- C:\Windows\System\SpzshXe.exe
  C:\Windows\System\SpzshXe.exe
  2⤵
  PID:5744
- C:\Windows\System\vhFybZW.exe
  C:\Windows\System\vhFybZW.exe
  2⤵
  PID:8656
- C:\Windows\System\aIWMtye.exe
  C:\Windows\System\aIWMtye.exe
  2⤵
  PID:10064
- C:\Windows\System\xOjpWjD.exe
  C:\Windows\System\xOjpWjD.exe
  2⤵
  PID:15280
- C:\Windows\System\KTmrFCf.exe
  C:\Windows\System\KTmrFCf.exe
  2⤵
  PID:880
- C:\Windows\System\AJOAaaT.exe
  C:\Windows\System\AJOAaaT.exe
  2⤵
  PID:8940
- C:\Windows\System\qIaYipl.exe
  C:\Windows\System\qIaYipl.exe
  2⤵
  PID:8764
- C:\Windows\System\PfZVzfV.exe
  C:\Windows\System\PfZVzfV.exe
  2⤵
  PID:2440
- C:\Windows\System\rBOVzHO.exe
  C:\Windows\System\rBOVzHO.exe
  2⤵
  PID:14580
- C:\Windows\System\dzTpiKl.exe
  C:\Windows\System\dzTpiKl.exe
  2⤵
  PID:14608
- C:\Windows\System\zLyyvYv.exe
  C:\Windows\System\zLyyvYv.exe
  2⤵
  PID:14632
- C:\Windows\System\YnsKPrY.exe
  C:\Windows\System\YnsKPrY.exe
  2⤵
  PID:8672
- C:\Windows\System\gYmFtJS.exe
  C:\Windows\System\gYmFtJS.exe
  2⤵
  PID:9812
- C:\Windows\System\IHBcnVZ.exe
  C:\Windows\System\IHBcnVZ.exe
  2⤵
  PID:3640
- C:\Windows\System\hcVDSFT.exe
  C:\Windows\System\hcVDSFT.exe
  2⤵
  PID:9676
- C:\Windows\System\laaQesn.exe
  C:\Windows\System\laaQesn.exe
  2⤵
  PID:9748
- C:\Windows\System\QyolYPa.exe
  C:\Windows\System\QyolYPa.exe
  2⤵
  PID:8512
- C:\Windows\System\InVspru.exe
  C:\Windows\System\InVspru.exe
  2⤵
  PID:10012
- C:\Windows\System\hdqNTXo.exe
  C:\Windows\System\hdqNTXo.exe
  2⤵
  PID:10152
- C:\Windows\System\TWDlVmQ.exe
  C:\Windows\System\TWDlVmQ.exe
  2⤵
  PID:9968
- C:\Windows\System\gWuPJfO.exe
  C:\Windows\System\gWuPJfO.exe
  2⤵
  PID:15220
- C:\Windows\System\slsXORQ.exe
  C:\Windows\System\slsXORQ.exe
  2⤵
  PID:8504
- C:\Windows\System\kGfJxvb.exe
  C:\Windows\System\kGfJxvb.exe
  2⤵
  PID:9504
- C:\Windows\System\rsuMRsq.exe
  C:\Windows\System\rsuMRsq.exe
  2⤵
  PID:10224
- C:\Windows\System\bstelcw.exe
  C:\Windows\System\bstelcw.exe
  2⤵
  PID:3812
- C:\Windows\System\XzNPdue.exe
  C:\Windows\System\XzNPdue.exe
  2⤵
  PID:8812
- C:\Windows\System\CMwCZjQ.exe
  C:\Windows\System\CMwCZjQ.exe
  2⤵
  PID:2424
- C:\Windows\System\uJkRBBA.exe
  C:\Windows\System\uJkRBBA.exe
  2⤵
  PID:2080
- C:\Windows\System\pXNsanQ.exe
  C:\Windows\System\pXNsanQ.exe
  2⤵
  PID:9296
- C:\Windows\System\dVcHsOQ.exe
  C:\Windows\System\dVcHsOQ.exe
  2⤵
  PID:10264
- C:\Windows\System\adqHRIk.exe
  C:\Windows\System\adqHRIk.exe
  2⤵
  PID:9544
- C:\Windows\System\BJZyAkO.exe
  C:\Windows\System\BJZyAkO.exe
  2⤵
  PID:9596
- C:\Windows\System\XZKVMGt.exe
  C:\Windows\System\XZKVMGt.exe
  2⤵
  PID:10380
- C:\Windows\System\bBZPVMM.exe
  C:\Windows\System\bBZPVMM.exe
  2⤵
  PID:14732
- C:\Windows\System\pnEWZqr.exe
  C:\Windows\System\pnEWZqr.exe
  2⤵
  PID:10428
- C:\Windows\System\LBBPOXe.exe
  C:\Windows\System\LBBPOXe.exe
  2⤵
  PID:10016
- C:\Windows\System\DIKlLrV.exe
  C:\Windows\System\DIKlLrV.exe
  2⤵
  PID:14812
- C:\Windows\System\jJeAiBN.exe
  C:\Windows\System\jJeAiBN.exe
  2⤵
  PID:10548
- C:\Windows\System\QObxKhQ.exe
  C:\Windows\System\QObxKhQ.exe
  2⤵
  PID:10604
- C:\Windows\System\RiQIOGB.exe
  C:\Windows\System\RiQIOGB.exe
  2⤵
  PID:1456
- C:\Windows\System\JMOJxno.exe
  C:\Windows\System\JMOJxno.exe
  2⤵
  PID:10180
- C:\Windows\System\bsMYUHy.exe
  C:\Windows\System\bsMYUHy.exe
  2⤵
  PID:8796
- C:\Windows\System\YhedDRh.exe
  C:\Windows\System\YhedDRh.exe
  2⤵
  PID:10708
- C:\Windows\System\ZwsAjCp.exe
  C:\Windows\System\ZwsAjCp.exe
  2⤵
  PID:9764
- C:\Windows\System\JIkONDE.exe
  C:\Windows\System\JIkONDE.exe
  2⤵
  PID:9772
- C:\Windows\System\kTvVvLM.exe
  C:\Windows\System\kTvVvLM.exe
  2⤵
  PID:9836
- C:\Windows\System\vLdSTdm.exe
  C:\Windows\System\vLdSTdm.exe
  2⤵
  PID:10872
- C:\Windows\System\GBbaRTz.exe
  C:\Windows\System\GBbaRTz.exe
  2⤵
  PID:3428
- C:\Windows\System\gFvoKLd.exe
  C:\Windows\System\gFvoKLd.exe
  2⤵
  PID:10968
- C:\Windows\System\BpHiLRk.exe
  C:\Windows\System\BpHiLRk.exe
  2⤵
  PID:10168
- C:\Windows\System\zOaWQAw.exe
  C:\Windows\System\zOaWQAw.exe
  2⤵
  PID:11024
- C:\Windows\System\sjUBpce.exe
  C:\Windows\System\sjUBpce.exe
  2⤵
  PID:10184
- C:\Windows\System\ekBbEiJ.exe
  C:\Windows\System\ekBbEiJ.exe
  2⤵
  PID:11108
- C:\Windows\System\cyIBGGQ.exe
  C:\Windows\System\cyIBGGQ.exe
  2⤵
  PID:14512
- C:\Windows\System\BclfWaQ.exe
  C:\Windows\System\BclfWaQ.exe
  2⤵
  PID:1048
- C:\Windows\System\JkJbfRy.exe
  C:\Windows\System\JkJbfRy.exe
  2⤵
  PID:10288
- C:\Windows\System\FhpztIY.exe
  C:\Windows\System\FhpztIY.exe
  2⤵
  PID:1028
- C:\Windows\System\wQnSEgm.exe
  C:\Windows\System\wQnSEgm.exe
  2⤵
  PID:9132
- C:\Windows\System\HqBRBur.exe
  C:\Windows\System\HqBRBur.exe
  2⤵
  PID:10412
- C:\Windows\System\PJsCFht.exe
  C:\Windows\System\PJsCFht.exe
  2⤵
  PID:10492
- C:\Windows\System\eEYzdgd.exe
  C:\Windows\System\eEYzdgd.exe
  2⤵
  PID:10576
- C:\Windows\System\MqeWAaK.exe
  C:\Windows\System\MqeWAaK.exe
  2⤵
  PID:10584
- C:\Windows\System\kHPxOSC.exe
  C:\Windows\System\kHPxOSC.exe
  2⤵
  PID:10652
- C:\Windows\System\PGUnzmc.exe
  C:\Windows\System\PGUnzmc.exe
  2⤵
  PID:9700
- C:\Windows\System\iQrrTEW.exe
  C:\Windows\System\iQrrTEW.exe
  2⤵
  PID:14900
- C:\Windows\System\KuQWEWW.exe
  C:\Windows\System\KuQWEWW.exe
  2⤵
  PID:10948
- C:\Windows\System\IDtiZPH.exe
  C:\Windows\System\IDtiZPH.exe
  2⤵
  PID:11020
- C:\Windows\System\UEVyNVn.exe
  C:\Windows\System\UEVyNVn.exe
  2⤵
  PID:15184
- C:\Windows\System\exPWBdm.exe
  C:\Windows\System\exPWBdm.exe
  2⤵
  PID:11208
- C:\Windows\System\OzgztFz.exe
  C:\Windows\System\OzgztFz.exe
  2⤵
  PID:10272
- C:\Windows\System\AbfasgK.exe
  C:\Windows\System\AbfasgK.exe
  2⤵
  PID:10356
- C:\Windows\System\IYlrqOv.exe
  C:\Windows\System\IYlrqOv.exe
  2⤵
  PID:9668
- C:\Windows\System\cZGrAdg.exe
  C:\Windows\System\cZGrAdg.exe
  2⤵
  PID:10724
- C:\Windows\System\GsocUlY.exe
  C:\Windows\System\GsocUlY.exe
  2⤵
  PID:11248
- C:\Windows\System\HtOnsHL.exe
  C:\Windows\System\HtOnsHL.exe
  2⤵
  PID:11152
- C:\Windows\System\oGwjqBm.exe
  C:\Windows\System\oGwjqBm.exe
  2⤵
  PID:10468
- C:\Windows\System\nuCIYvw.exe
  C:\Windows\System\nuCIYvw.exe
  2⤵
  PID:14844
- C:\Windows\System\cyFOqvh.exe
  C:\Windows\System\cyFOqvh.exe
  2⤵
  PID:2032
- C:\Windows\System\TeqkMRV.exe
  C:\Windows\System\TeqkMRV.exe
  2⤵
  PID:10764
- C:\Windows\System\MZORWWm.exe
  C:\Windows\System\MZORWWm.exe
  2⤵
  PID:11268
- C:\Windows\System\mgCobWd.exe
  C:\Windows\System\mgCobWd.exe
  2⤵
  PID:10844
- C:\Windows\System\kmjqQxP.exe
  C:\Windows\System\kmjqQxP.exe
  2⤵
  PID:11356
- C:\Windows\System\izuFmwp.exe
  C:\Windows\System\izuFmwp.exe
  2⤵
  PID:11052
- C:\Windows\System\gQirFVR.exe
  C:\Windows\System\gQirFVR.exe
  2⤵
  PID:11440
- C:\Windows\System\jKhLfSx.exe
  C:\Windows\System\jKhLfSx.exe
  2⤵
  PID:11164
- C:\Windows\System\QmetsVy.exe
  C:\Windows\System\QmetsVy.exe
  2⤵
  PID:11524
- C:\Windows\System\XvOXLsq.exe
  C:\Windows\System\XvOXLsq.exe
  2⤵
  PID:14744
- C:\Windows\System\PbhdFwN.exe
  C:\Windows\System\PbhdFwN.exe
  2⤵
  PID:11608
- C:\Windows\System\jKVuQAq.exe
  C:\Windows\System\jKVuQAq.exe
  2⤵
  PID:11628
- C:\Windows\System\RoXAwkU.exe
  C:\Windows\System\RoXAwkU.exe
  2⤵
  PID:10932
- C:\Windows\System\vDSihuj.exe
  C:\Windows\System\vDSihuj.exe
  2⤵
  PID:10736
- C:\Windows\System\yZjGbnK.exe
  C:\Windows\System\yZjGbnK.exe
  2⤵
  PID:11776
- C:\Windows\System\YtKbxVx.exe
  C:\Windows\System\YtKbxVx.exe
  2⤵
  PID:11404
- C:\Windows\System\eRUXGXY.exe
  C:\Windows\System\eRUXGXY.exe
  2⤵
  PID:11860
- C:\Windows\System\qXQQHTl.exe
  C:\Windows\System\qXQQHTl.exe
  2⤵
  PID:8540
- C:\Windows\System\okmrdwW.exe
  C:\Windows\System\okmrdwW.exe
  2⤵
  PID:11952
- C:\Windows\System\txFoXOF.exe
  C:\Windows\System\txFoXOF.exe
  2⤵
  PID:11996
- C:\Windows\System\PzNFJnD.exe
  C:\Windows\System\PzNFJnD.exe
  2⤵
  PID:11728
- C:\Windows\System\RwZozgc.exe
  C:\Windows\System\RwZozgc.exe
  2⤵
  PID:12052
- C:\Windows\System\iXoBCBz.exe
  C:\Windows\System\iXoBCBz.exe
  2⤵
  PID:11376
- C:\Windows\System\rofuDMX.exe
  C:\Windows\System\rofuDMX.exe
  2⤵
  PID:11200
- C:\Windows\System\IGmqLDu.exe
  C:\Windows\System\IGmqLDu.exe
  2⤵
  PID:10304
- C:\Windows\System\iEQsZOU.exe
  C:\Windows\System\iEQsZOU.exe
  2⤵
  PID:11664
- C:\Windows\System\EUoARSh.exe
  C:\Windows\System\EUoARSh.exe
  2⤵
  PID:12236
- C:\Windows\System\dYwoBQw.exe
  C:\Windows\System\dYwoBQw.exe
  2⤵
  PID:12264
- C:\Windows\System\iGkZKbq.exe
  C:\Windows\System\iGkZKbq.exe
  2⤵
  PID:12124
- C:\Windows\System\nqwLeoM.exe
  C:\Windows\System\nqwLeoM.exe
  2⤵
  PID:11408
- C:\Windows\System\zueBHwS.exe
  C:\Windows\System\zueBHwS.exe
  2⤵
  PID:1324
- C:\Windows\System\BrtmLtB.exe
  C:\Windows\System\BrtmLtB.exe
  2⤵
  PID:11544
- C:\Windows\System\cjbBEWY.exe
  C:\Windows\System\cjbBEWY.exe
  2⤵
  PID:11616
- C:\Windows\System\BVyOYvH.exe
  C:\Windows\System\BVyOYvH.exe
  2⤵
  PID:5032
- C:\Windows\System\jKvoZgf.exe
  C:\Windows\System\jKvoZgf.exe
  2⤵
  PID:11476
- C:\Windows\System\rQtTXcF.exe
  C:\Windows\System\rQtTXcF.exe
  2⤵
  PID:11992
- C:\Windows\System\XFiBZdm.exe
  C:\Windows\System\XFiBZdm.exe
  2⤵
  PID:11848
- C:\Windows\System\cblVUJo.exe
  C:\Windows\System\cblVUJo.exe
  2⤵
  PID:11780
- C:\Windows\System\FyHzAVp.exe
  C:\Windows\System\FyHzAVp.exe
  2⤵
  PID:15428
- C:\Windows\System\MVnaAUg.exe
  C:\Windows\System\MVnaAUg.exe
  2⤵
  PID:15448
- C:\Windows\System\mEoGtaD.exe
  C:\Windows\System\mEoGtaD.exe
  2⤵
  PID:15476
- C:\Windows\System\iOgPtzc.exe
  C:\Windows\System\iOgPtzc.exe
  2⤵
  PID:15504
- C:\Windows\System\IszrNrf.exe
  C:\Windows\System\IszrNrf.exe
  2⤵
  PID:15532
- C:\Windows\System\efGTMAX.exe
  C:\Windows\System\efGTMAX.exe
  2⤵
  PID:15560
- C:\Windows\System\pAkMjld.exe
  C:\Windows\System\pAkMjld.exe
  2⤵
  PID:15588
- C:\Windows\System\nHiwEUZ.exe
  C:\Windows\System\nHiwEUZ.exe
  2⤵
  PID:15616
- C:\Windows\System\lpilTcO.exe
  C:\Windows\System\lpilTcO.exe
  2⤵
  PID:15644
- C:\Windows\System\VcdEUAH.exe
  C:\Windows\System\VcdEUAH.exe
  2⤵
  PID:15672
- C:\Windows\System\hdYZXgW.exe
  C:\Windows\System\hdYZXgW.exe
  2⤵
  PID:15700
- C:\Windows\System\kjYZkZM.exe
  C:\Windows\System\kjYZkZM.exe
  2⤵
  PID:15728
- C:\Windows\System\mdCnZaz.exe
  C:\Windows\System\mdCnZaz.exe
  2⤵
  PID:15756
- C:\Windows\System\HZbHOLc.exe
  C:\Windows\System\HZbHOLc.exe
  2⤵
  PID:15788
- C:\Windows\System\oQxhAfh.exe
  C:\Windows\System\oQxhAfh.exe
  2⤵
  PID:15816
- C:\Windows\System\XFkFlmX.exe
  C:\Windows\System\XFkFlmX.exe
  2⤵
  PID:15844
- C:\Windows\System\HlEOTPr.exe
  C:\Windows\System\HlEOTPr.exe
  2⤵
  PID:15872
- C:\Windows\System\IvdEwtz.exe
  C:\Windows\System\IvdEwtz.exe
  2⤵
  PID:15900
- C:\Windows\System\FNoZWyU.exe
  C:\Windows\System\FNoZWyU.exe
  2⤵
  PID:15928
- C:\Windows\System\IqNDeEQ.exe
  C:\Windows\System\IqNDeEQ.exe
  2⤵
  PID:15956
- C:\Windows\System\dEGdyCp.exe
  C:\Windows\System\dEGdyCp.exe
  2⤵
  PID:16076
- C:\Windows\System\OJAYDDl.exe
  C:\Windows\System\OJAYDDl.exe
  2⤵
  PID:16092
- C:\Windows\System\FCzYZZl.exe
  C:\Windows\System\FCzYZZl.exe
  2⤵
  PID:16120
- C:\Windows\System\ARhJmMT.exe
  C:\Windows\System\ARhJmMT.exe
  2⤵
  PID:16148
- C:\Windows\System\UFtqhBy.exe
  C:\Windows\System\UFtqhBy.exe
  2⤵
  PID:16176
- C:\Windows\System\plotHfr.exe
  C:\Windows\System\plotHfr.exe
  2⤵
  PID:16204
- C:\Windows\System\oPVWfPN.exe
  C:\Windows\System\oPVWfPN.exe
  2⤵
  PID:16232
- C:\Windows\System\nWewOpw.exe
  C:\Windows\System\nWewOpw.exe
  2⤵
  PID:16340

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:6968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AftfKQv.exe

Filesize
6.0MB

MD5
932146ccc84908e82085a847f120390c

SHA1
0d7c886985c909a2a1b7bbecec067017bd0ed78d

SHA256
cdefc801393e590b6c8508d285eb559cd07a22981fe8d2faf9b9d091a9391157

SHA512
a89357331cd598d78ac0ca47ad2a6625ff5a3291a1f4cc30b9b551ee7651260c774513f50123589efbb572614d1e152a0488ab0a8ec201a6e6f1ba2c116f1917

Download Submit
C:\Windows\System\AvYvqGF.exe

Filesize
6.0MB

MD5
18366e2adcd7810343f144d262770a91

SHA1
8d3869f254339ee3eaa090bfa5bc7d08853c475d

SHA256
35d40b410dd6b65e7962a461057765eb8a7098a98890780f11acfee1ad0a92d8

SHA512
daaa036156a9188e1203e460b0174dc3139155bbccd57a7a0795738e6064a59a023f8f3ee3b40e33955fc4764c8fc50798cec186028698bb23ea46574a0d88e4

Download Submit
C:\Windows\System\BlKTQLs.exe

Filesize
6.0MB

MD5
41fd869ee0f34ac0764a40704feef593

SHA1
b8038a67321e58502d1bf0ae6dcfa28430bab184

SHA256
6e9f3b23ca9756a70a4ba30c4ea66c28cc530ddf2ea885197ca8599ad53a3f1e

SHA512
1cf977789079b1d75c6966a7718e6221e609d5d3a4cb27c409a2a012a26d0f0b3b52652ef03e54e6e9cf56ff35bb489644cc25958d0bee6dee49c5dba9b72ec4

Download Submit
C:\Windows\System\EgRYbsn.exe

Filesize
6.0MB

MD5
70c633ed6250be21c9075aefb7761814

SHA1
2553e0c84697b011f10e3e16a83c578c38f42f75

SHA256
6435b37dc2aaf1643c70d02574261120aef38dfecd49fd7a65a35adfce10d2a4

SHA512
b326ee9888aa4e7f4fbe3417af67261c0f3ba6d5d7e2a159b09e69c74eb2913ca547dabe7bff00d7d07fd37b7648d4bc8aa809a5a253713e497cc0960a2f8f5f

Download Submit
C:\Windows\System\GyrMvbv.exe

Filesize
6.0MB

MD5
52b716a20cc932bc632d52746a0d5b33

SHA1
847c21738cb41d12a0d9cc30f051db1ddc1f9aea

SHA256
83445650d652f131a731ba67048dbe55ef02d628209e2493cec77909e6a4f938

SHA512
a419c2055fb0422a357df133f91fcdefb2c88b3477431a0bfaefcda91b8af70ee088da80562f2cf9d0fe1f795df491012b643fcd3a4bcf4ef7fa82422c435472

Download Submit
C:\Windows\System\HuMxqAM.exe

Filesize
6.0MB

MD5
ffda5d36e16cf0726893a8196dd27311

SHA1
bda081fb7227aecd07336b03b0e6f47223e92913

SHA256
68b778567efc6df9dbe0ccf4f1d9894ceeaf0756c6ee10254a29489a776f0289

SHA512
8bf83de4bc7538f87feb5fae345ae3d34cacbadf8287fe715f1eff5d65d3ad87e94b92235dbfa418353654ff68bc20fb15f14d435ea5bcff663abcc56d8819e2

Download Submit
C:\Windows\System\OUPKEIz.exe

Filesize
6.0MB

MD5
9311cdd230c73ced188c3713768aee40

SHA1
2ee3dcf70f82e54edca7c31ccd098238c3dbbfcd

SHA256
78c6e32265c7b7a8c545cf12327791ddd4d7866060fcb5b36bdedee2130b9fb7

SHA512
76147588ddd6fceeb6692fdaade11bbb414453a61fb431fd355e0a9370520548cafa7c4c9f5508fc88b58f55ce1c37709ac5b437d014dd0c6608f09203aae58b

Download Submit
C:\Windows\System\RFtEiJr.exe

Filesize
6.0MB

MD5
1d61d1d253a39902a2daf8a328709bb6

SHA1
bfdb7bef2fe612a0d545ea68a10433aeab4eb85d

SHA256
9a94db68b6b50a73386087822407ef9751c1f801ec19a3db6345333929642d03

SHA512
2e396c79ff844c164f8e2c553aea5763227134745d577163a27f007ab01520d8c370fc2832c90ea0576aaf1245a57a135c1309278ad3dd7aef6c37c690a68cbb

Download Submit
C:\Windows\System\TeemLSr.exe

Filesize
6.0MB

MD5
d1de5f004f07f23bab35f2e4b15cb57a

SHA1
02029efc8c0090e4147d0d2f55befb59c0a7ae65

SHA256
c9497bff229cf92aaf6de193c5b96882f428c60c9d75f0bff69be5d23371ce11

SHA512
1f1d613fcff63fb3d2e8d2bbecec741210b7c15c04da08b960c4cc0807bd24740026a55a131abd1734ad9652a859e143b5a69e43e978dd59cb944824cffb7300

Download Submit
C:\Windows\System\VYpzJMe.exe

Filesize
6.0MB

MD5
67522f05bdb53e50ebb1f9fc2e319df4

SHA1
b9108d379d7cace35f43a14755c0756de733d915

SHA256
911362b944f7391a223ddd41e14f0d390c9759376afac6ff328d76792f640a78

SHA512
adadc1a5924f6a24e28a6766789d49cc30437db1994bc3b7b93b51eabdd30f6d8d6151e860575e74b8a64ca618944862b1f2eaf38eab98f3f40d9191f7f03a62

Download Submit
C:\Windows\System\WbxSBsZ.exe

Filesize
6.0MB

MD5
8cecb8911a57a453d8828edd3a66fd6e

SHA1
41c656f95d84d68f3de9bd821b976f13885ec924

SHA256
ced47f63236438cab48212fff7e230eadaf6fc65923c818cc256d1df4252d0e1

SHA512
64d7102eb064ae17fa06c4a86d0a34b6598fc1629951ccb25c542ba318ce239112cb1bd91899a7c9b57624a8c505426ce8a7fd5745817bb85a12b3c6edface92

Download Submit
C:\Windows\System\XJQOKnT.exe

Filesize
6.0MB

MD5
6098674985b8ec69012f22f831448aa6

SHA1
4f5abf80c20334917353d85f9cb530726b7b0691

SHA256
f062e2df3182017204d21fad433fd7b48edaaa8d718c4867eea1453b93d20e0c

SHA512
3d74eff680eb4fb19f720f39ba41a7b127b5e8257edd978a1be44aa21db72097d8603d0d3c78c84e2476012fda951fe6e5057dad07cf0174c1291163eccc12f5

Download Submit
C:\Windows\System\YPYYuLS.exe

Filesize
6.0MB

MD5
14e09a6e3b0af44fd377578bd684e094

SHA1
d68e28becc368d1fe96ca865e44296e2b9e004f7

SHA256
04e2e64129bed946cdbbe11362e733c4e488ec1187129b7e12766be67c5c5880

SHA512
9552d8ffb6fb79e3ec4f53f6762ba067a1735812c93d15eec60316fd2bac19dd899198b253b22eb1edb0ac9c5f71efe26c83efc5f5c59385dc5a618a9f61d4cd

Download Submit
C:\Windows\System\YZjMouX.exe

Filesize
6.0MB

MD5
1fa2edc9231befd4f5693d4e0aa9c84b

SHA1
045c6b4ff43c06a721d23f5b19cc5dc8f0a51319

SHA256
a4e0736427627e18120174292decbea6da5a700000d1994edeb6f4d59c1208bf

SHA512
a5d7b05596bd774338d1c9c0053378e73174ca6b7077bfa9990e85ed52af5186a0ca3e577b069e855ac32be39c98580074e1466c28828b1d1bde4417a34c73df

Download Submit
C:\Windows\System\YccQTFi.exe

Filesize
6.0MB

MD5
a72fba78af9cb4f2d3e4331ab1143040

SHA1
533ed9e7b9f7628d39753283112087a49df09cc9

SHA256
902102561ef3e3112bbae6c600e559837b4c92ffd576643369b0e81a149a4f79

SHA512
8a04dc0744f2fca92bb1618554987873199c6071ef881f389a773263037640684123e680bd62e3e9968bc3d9c0a56d9b7b5462876d89377b882b506f9452422e

Download Submit
C:\Windows\System\YtBIWzF.exe

Filesize
6.0MB

MD5
3c70e780ba1bc251722e7c65676b9f6e

SHA1
4e4834acc1fadd89d461042c411520b0965c9067

SHA256
6a306ad7aa485a86da5caef895f7abd99b4ddf659d9fc39b96725e876a7a52c2

SHA512
e7a8ae9c1892beb50766323672138bb8208428af9e3651750061218ff3a6279a71f4a22d1b2ccbc6e6670f315ff97c3bee7b07cd453a55f9c36db126247f2fa6

Download Submit
C:\Windows\System\ZBIFfyT.exe

Filesize
6.0MB

MD5
7c9a6decc67ab8b1e75c3e17781ac1f8

SHA1
a055eadb0966de4b5a090fd8065851075848a0af

SHA256
bd36237113f6285aab3301bf0f0f2d171c5ad4a66afe509fd06abca6d805795e

SHA512
3930fe5c434de38441e9ad4c3ab8d2b5735921e6f9f418ecc768706c49da39fdc86cbd4042d4f4c98d203512c5dcbec35296f755caa91aa9944b86d4c087a357

Download Submit
C:\Windows\System\ZDAFTSz.exe

Filesize
6.0MB

MD5
cce9a689481f9f94cac9066592d6adf6

SHA1
489651d7de7a691c5ae661d14a4799816173d6e1

SHA256
b0b7f2bf029c031c696cf5ec6035655e7be64374deee03b0bd646ad2a8c5bfed

SHA512
790c9ca0f2d8b4adfbb93b534b65db3867067b2e28a6830cf0de55f98924988948234c3f25804ad18624478127bf4a0e92c16ef407b788d80dfeb269eeeb70ee

Download Submit
C:\Windows\System\ZRmAAds.exe

Filesize
6.0MB

MD5
ba3a255aebc9bdb2be751c9de2927e42

SHA1
48fb71f91efa191d456887cafa8463dc30c9122e

SHA256
0f29335fd74a433ba1497599693f8a7c680e831769247d91171d0f81761c2990

SHA512
e9b493437e655ff4debdd96167cff09eacd47c4ace80588fe40c17bc243ce41a9fc86f36921f4ed035074b36c3905be7e9ebe4607c88425d0b124d56cd977f72

Download Submit
C:\Windows\System\ZYBrkYK.exe

Filesize
6.0MB

MD5
7d30db39da8c79c324ac9c41b765d8d6

SHA1
0288f8bbc47014aeba17bd1d8a57458e7f1c6510

SHA256
6cdbbe59702f762795242e6a45780de5aa3406c0884e81f3185512563253acc9

SHA512
d12b9f5ae6bee381eb4ae0ef359a4bae593ae1bac2cf8168680ad4206b3ca41b1769e26cd4de9298bdd89665b3776b8ac845057e6893c25f02877816bc85e938

Download Submit
C:\Windows\System\ZebHjAy.exe

Filesize
6.0MB

MD5
eed747fc7aa2e89d3834f001f34429e3

SHA1
b83efaa7667640c2ad557333c586de51d3965122

SHA256
3a119ce63af869bcd30123ac77972cc1ce0b4364788bb0401fcb75199bf13773

SHA512
d00948a8b7e3355c9b4c4adeec72bbdf12e99d649fa102413e773203aa9bca56aa49acee8caa89dd650120c616be1c74503f508a75f087774637c2f43ad2ade8

Download Submit
C:\Windows\System\aapBbEs.exe

Filesize
6.0MB

MD5
fe7e1e16ca1f13513b0a658631e1feea

SHA1
fccb4277cd5ce5c12963480d2c3f63a1d08c11b5

SHA256
2af1f92a3b54c1da662ad969ac5da097d86b8f21d24412b1edd41c017b2b20fe

SHA512
4be9db88ba41022ed7990fdbc1c3232d4ec9a4bade5900efc489226c26789761ad9cfc675aa995d40d3b5487341e9215c2579518803966f07d20cea3a999530e

Download Submit
C:\Windows\System\dHKewkK.exe

Filesize
6.0MB

MD5
5e45dbb0f0aaba532893580d5f906650

SHA1
ba21837c40198a3fb6cf6dbb6a52d28ece990659

SHA256
635ae69772536cfad17e89af86c4044dbd19c17b78a4cc9bb420edb18504c4fd

SHA512
f9729004695766f1f717bff566186c7dc5adeddb2c04c6e4db9be8f303839732c21f2ad63f2a3b2d537ee3408f79764271253a7faf76f25e8309a2c412ec4862

Download Submit
C:\Windows\System\dLlpRPz.exe

Filesize
6.0MB

MD5
d4e12a53e357228907d8184873cee001

SHA1
a337f0292ba69020bf82d40f58dcb95c92cd7125

SHA256
2f31824e4615dbedd405b6578cc9adf17e0a2b58e5e9bd9b31afcfdd8e3060f6

SHA512
1e058e26c82359ee7a8913d43a44ad2fa5f97ec43f703af56c94323ea5e427c822839c031c8f5da8bd652f53ce1e4016854c6fc7aedf00d48da45f8751ba7b0b

Download Submit
C:\Windows\System\gtdGaqb.exe

Filesize
6.0MB

MD5
dd96b87dafa0823e8e19c020d188cd75

SHA1
c65528a979247cc0fb6ccfc27ea9c2497423d5ba

SHA256
8bd78d9a4306115a13aa5428b205baf4d8c22a695ed87c5392d3e6e1c424c88b

SHA512
3cd820f030256a61b299e7f3243cf3e29bae29f73ceb321f6c52b757f18119f59e52797f63cc2c3c5e53f4c93b759bf8827f7195af4186e810c57a6d88f745e4

Download Submit
C:\Windows\System\hwGBxIf.exe

Filesize
6.0MB

MD5
d10dfd5f289ab9ddf6dfaac5d8cd05ae

SHA1
139a81ee6b604ce79ea3c50f3bf1838282e6c27a

SHA256
1b43c8ac90fd983edc6f0b8ca8133cfcdff0305851a1a68c079769481816810f

SHA512
a4d92dca358b218ae3a1aec3ef156f852145cf82f25fcca7b5f66c738d2aa6998f92066e4ce585cac80bab2a9e868f5370dfd89b4d90e085863fe1029d76103b

Download Submit
C:\Windows\System\jkArIZg.exe

Filesize
6.0MB

MD5
1149ab4da3a464300dcc1ee4df98e3f7

SHA1
6c5b13c4fe7ab9c3bddb89b27271b6a796e1dec4

SHA256
4fafcbb01207079e0dbf59f1682093ff80d7f3df3f6591be923fbcdc2d297ba8

SHA512
eb05d8cba4b2aeafc411c30d194639b77c9ab81fd2ed865092bd8f4dc2e76b84bc7a4984cf53f9fe1d6d8d290ade3fee668781657fd50d265ab6184e5df70e30

Download Submit
C:\Windows\System\mTIunqQ.exe

Filesize
6.0MB

MD5
64d1838ad2e032ebb00eb0ae3db46159

SHA1
6c54303691c3dd2c32677eb7f6d1f79c62f8a8ef

SHA256
2fc32ee4ee1157d437a8a0e370cb7dc2e60209ee1b78c0ed859b9f939e703d7c

SHA512
84d11708e30cebade61accf5592a088ac042e9af1c31a853bf8f89f74c452d91a8740f2f4c80ba8e39e9dce75eba0141e66e8f7337497bc142046c16a06162c1

Download Submit
C:\Windows\System\qKzGRhr.exe

Filesize
6.0MB

MD5
d07463668ea189b4dd2beb33f8b42da3

SHA1
9551b0f12bf947dd210bb7f753e694b8d66b606b

SHA256
931bb73cd92eaf398de6502b59cb8a46bbf1e5a7c2c02467330d580519cf5489

SHA512
42c5c565d3cbbf45dc45ce6aa6da25102c809e7f202a8dc8a138b54c1540997479e49d9dad7ecec8b56c728440a391ae8f7bada03926d63181b373b55754f989

Download Submit
C:\Windows\System\uSffOFN.exe

Filesize
6.0MB

MD5
650ff1b8953f0f978a2f59952f84d5b5

SHA1
440765666e8049d38c8bfe9e8adc7d4bffdfd28f

SHA256
a8a24515a94bc6cbaf92cbb1fc8e1d31309d5b7abe52ccf89e266f8b7591f3c3

SHA512
a9c64b03587212579f74bdf7410b5703fd22b374725c45e48da7dab3205ce678cb9a31f63123533d8a4f590d4eea705d91438e3164c523816eb8454b6812e76d

Download Submit
C:\Windows\System\wKjNKKE.exe

Filesize
6.0MB

MD5
72f4bcd61f75b1855fda20b45b9e5061

SHA1
ec4f58fd88f60a285d18143539ddf0e22678206b

SHA256
56cbfc05f73bd03270afe907b85007e90ba467460327f9c822bb1f24a6eddbcc

SHA512
14110b34f2b76cb46b1e95dfed7e70590416fa46678285b54aad4b16f953edfcd0e1d6673dfc8201c4658a3bf3fe01c5f62060fe1dd5d779fee6b4011ea2a7fe

Download Submit
C:\Windows\System\zRKuuEq.exe

Filesize
6.0MB

MD5
1df4dce0d9f0cccb1e397f0ee364434e

SHA1
5e7cec423abb28d1cec1c02a5607efb64ed3e9da

SHA256
2d90c67e094b68db20b7966e6329be41eb5e1742ba327bd8db855700e598236e

SHA512
21ec7d5201d8a639e8088e6f6d619ad905847b1a58139c1f2ffe2a58e77fa3d65f92e46fbb8d8031a1ed89079f9d9e3986084b92927dbf6c04f5728fbb4eaff0

Download Submit
C:\Windows\System\zZmlmoh.exe

Filesize
6.0MB

MD5
257c0e83081343d51e81e2933b15b2d3

SHA1
5c31c469afc33961e3db2380efb20aa7257a6077

SHA256
dee8b9080a3c96888156b3d85e92d55c18eac970adc0b48a5f94d0b423666f37

SHA512
a587934577506468b761a824926a2d01110aa4f9ab517c2d73ad7db8f57767a28a62bd8cdbc0c376fdb4ceec67179d151d2277544b1cb4121ae2e3343786e0a2

Download Submit
memory/224-238-0x00007FF713DC0000-0x00007FF714114000-memory.dmp

Filesize
3.3MB

Download
memory/224-1783-0x00007FF713DC0000-0x00007FF714114000-memory.dmp

Filesize
3.3MB

Download
memory/836-236-0x00007FF79BE20000-0x00007FF79C174000-memory.dmp

Filesize
3.3MB

Download
memory/836-1788-0x00007FF79BE20000-0x00007FF79C174000-memory.dmp

Filesize
3.3MB

Download
memory/1140-153-0x00007FF7020F0000-0x00007FF702444000-memory.dmp

Filesize
3.3MB

Download
memory/1140-1779-0x00007FF7020F0000-0x00007FF702444000-memory.dmp

Filesize
3.3MB

Download
memory/1820-167-0x00007FF7F7A70000-0x00007FF7F7DC4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-1792-0x00007FF7F7A70000-0x00007FF7F7DC4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-417-0x00007FF7F7A70000-0x00007FF7F7DC4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-1714-0x00007FF61A770000-0x00007FF61AAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-80-0x00007FF61A770000-0x00007FF61AAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-157-0x00007FF61A770000-0x00007FF61AAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-377-0x00007FF75D250000-0x00007FF75D5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-139-0x00007FF75D250000-0x00007FF75D5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-1775-0x00007FF75D250000-0x00007FF75D5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-90-0x00007FF71D370000-0x00007FF71D6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-235-0x00007FF71D370000-0x00007FF71D6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1718-0x00007FF71D370000-0x00007FF71D6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-137-0x00007FF7E15C0000-0x00007FF7E1914000-memory.dmp

Filesize
3.3MB

Download
memory/2484-56-0x00007FF7E15C0000-0x00007FF7E1914000-memory.dmp

Filesize
3.3MB

Download
memory/2484-1695-0x00007FF7E15C0000-0x00007FF7E1914000-memory.dmp

Filesize
3.3MB

Download
memory/2640-20-0x00007FF69D220000-0x00007FF69D574000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1666-0x00007FF69D220000-0x00007FF69D574000-memory.dmp

Filesize
3.3MB

Download
memory/2896-125-0x00007FF642620000-0x00007FF642974000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1754-0x00007FF642620000-0x00007FF642974000-memory.dmp

Filesize
3.3MB

Download
memory/2936-368-0x00007FF621980000-0x00007FF621CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-121-0x00007FF621980000-0x00007FF621CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1751-0x00007FF621980000-0x00007FF621CD4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-100-0x00007FF63B1C0000-0x00007FF63B514000-memory.dmp

Filesize
3.3MB

Download
memory/3016-1677-0x00007FF63B1C0000-0x00007FF63B514000-memory.dmp

Filesize
3.3MB

Download
memory/3016-31-0x00007FF63B1C0000-0x00007FF63B514000-memory.dmp

Filesize
3.3MB

Download
memory/3568-44-0x00007FF6689C0000-0x00007FF668D14000-memory.dmp

Filesize
3.3MB

Download
memory/3568-1685-0x00007FF6689C0000-0x00007FF668D14000-memory.dmp

Filesize
3.3MB

Download
memory/3752-26-0x00007FF6A7C20000-0x00007FF6A7F74000-memory.dmp

Filesize
3.3MB

Download
memory/3752-1670-0x00007FF6A7C20000-0x00007FF6A7F74000-memory.dmp

Filesize
3.3MB

Download
memory/3752-95-0x00007FF6A7C20000-0x00007FF6A7F74000-memory.dmp

Filesize
3.3MB

Download
memory/3828-239-0x00007FF7176D0000-0x00007FF717A24000-memory.dmp

Filesize
3.3MB

Download
memory/3828-1786-0x00007FF7176D0000-0x00007FF717A24000-memory.dmp

Filesize
3.3MB

Download
memory/3836-1707-0x00007FF743AF0000-0x00007FF743E44000-memory.dmp

Filesize
3.3MB

Download
memory/3836-73-0x00007FF743AF0000-0x00007FF743E44000-memory.dmp

Filesize
3.3MB

Download
memory/3944-62-0x00007FF74C980000-0x00007FF74CCD4000-memory.dmp

Filesize
3.3MB

Download
memory/3944-0-0x00007FF74C980000-0x00007FF74CCD4000-memory.dmp

Filesize
3.3MB

Download
memory/3944-1-0x000002073EA90000-0x000002073EAA0000-memory.dmp

Filesize
64KB

Download
memory/4000-1689-0x00007FF67FEF0000-0x00007FF680244000-memory.dmp

Filesize
3.3MB

Download
memory/4000-129-0x00007FF67FEF0000-0x00007FF680244000-memory.dmp

Filesize
3.3MB

Download
memory/4000-50-0x00007FF67FEF0000-0x00007FF680244000-memory.dmp

Filesize
3.3MB

Download
memory/4048-63-0x00007FF684D70000-0x00007FF6850C4000-memory.dmp

Filesize
3.3MB

Download
memory/4048-1698-0x00007FF684D70000-0x00007FF6850C4000-memory.dmp

Filesize
3.3MB

Download
memory/4224-109-0x00007FF7963C0000-0x00007FF796714000-memory.dmp

Filesize
3.3MB

Download
memory/4224-1746-0x00007FF7963C0000-0x00007FF796714000-memory.dmp

Filesize
3.3MB

Download
memory/4224-325-0x00007FF7963C0000-0x00007FF796714000-memory.dmp

Filesize
3.3MB

Download
memory/4264-1728-0x00007FF6FB840000-0x00007FF6FBB94000-memory.dmp

Filesize
3.3MB

Download
memory/4264-99-0x00007FF6FB840000-0x00007FF6FBB94000-memory.dmp

Filesize
3.3MB

Download
memory/4308-234-0x00007FF601530000-0x00007FF601884000-memory.dmp

Filesize
3.3MB

Download
memory/4308-1784-0x00007FF601530000-0x00007FF601884000-memory.dmp

Filesize
3.3MB

Download
memory/4308-436-0x00007FF601530000-0x00007FF601884000-memory.dmp

Filesize
3.3MB

Download
memory/4332-1767-0x00007FF70C6C0000-0x00007FF70CA14000-memory.dmp

Filesize
3.3MB

Download
memory/4332-369-0x00007FF70C6C0000-0x00007FF70CA14000-memory.dmp

Filesize
3.3MB

Download
memory/4332-134-0x00007FF70C6C0000-0x00007FF70CA14000-memory.dmp

Filesize
3.3MB

Download
memory/4456-1681-0x00007FF6EFE50000-0x00007FF6F01A4000-memory.dmp

Filesize
3.3MB

Download
memory/4456-38-0x00007FF6EFE50000-0x00007FF6F01A4000-memory.dmp

Filesize
3.3MB

Download
memory/4456-108-0x00007FF6EFE50000-0x00007FF6F01A4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-1662-0x00007FF73C970000-0x00007FF73CCC4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-74-0x00007FF73C970000-0x00007FF73CCC4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-14-0x00007FF73C970000-0x00007FF73CCC4000-memory.dmp

Filesize
3.3MB

Download
memory/4556-395-0x00007FF688770000-0x00007FF688AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4556-135-0x00007FF688770000-0x00007FF688AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4556-1777-0x00007FF688770000-0x00007FF688AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4584-237-0x00007FF725CD0000-0x00007FF726024000-memory.dmp

Filesize
3.3MB

Download
memory/4584-1785-0x00007FF725CD0000-0x00007FF726024000-memory.dmp

Filesize
3.3MB

Download
memory/4592-91-0x00007FF7D65A0000-0x00007FF7D68F4000-memory.dmp

Filesize
3.3MB

Download
memory/4592-240-0x00007FF7D65A0000-0x00007FF7D68F4000-memory.dmp

Filesize
3.3MB

Download
memory/4592-1729-0x00007FF7D65A0000-0x00007FF7D68F4000-memory.dmp

Filesize
3.3MB

Download
memory/5008-69-0x00007FF6FD250000-0x00007FF6FD5A4000-memory.dmp

Filesize
3.3MB

Download
memory/5008-1658-0x00007FF6FD250000-0x00007FF6FD5A4000-memory.dmp

Filesize
3.3MB

Download
memory/5008-8-0x00007FF6FD250000-0x00007FF6FD5A4000-memory.dmp

Filesize
3.3MB

Download
memory/5108-105-0x00007FF7C3840000-0x00007FF7C3B94000-memory.dmp

Filesize
3.3MB

Download
memory/5108-1735-0x00007FF7C3840000-0x00007FF7C3B94000-memory.dmp

Filesize
3.3MB

Download