cobaltstrike | ca1d0382921985524551bd472d6a36584c62b4c148106971d3a728f2d6730c4d

Analysis

max time kernel
109s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-01-2025 01:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

abd75930b6b9eb532f07c7596b1b11be
SHA1

54bc90b329a9553f7cc9c66c64bf45c16647ef71
SHA256

ca1d0382921985524551bd472d6a36584c62b4c148106971d3a728f2d6730c4d
SHA512

cee089134d3c6899488ce4759c82298357455e4bd27cef1a979ee996dcae0071819da681bfdd12cb05f8d6e49baf60d785a26ee514b185628dcde9cc44a10b3c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023bac-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca9-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca8-12.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caa-23.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023ca5-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cad-40.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-73.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb5-94.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb6-98.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb9-119.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbc-143.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc4-203.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc7-212.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc5-208.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc6-207.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc3-197.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc2-193.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc1-186.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc0-177.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbf-168.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbe-162.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbd-157.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbb-141.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cba-134.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb8-124.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb7-117.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb4-92.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-83.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb2-77.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-55.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cac-37.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4688-0-0x00007FF750220000-0x00007FF750574000-memory.dmp	xmrig
behavioral2/files/0x000c000000023bac-4.dat	xmrig
behavioral2/memory/2276-6-0x00007FF64E3B0000-0x00007FF64E704000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca9-10.dat	xmrig
behavioral2/files/0x0007000000023ca8-12.dat	xmrig
behavioral2/memory/452-18-0x00007FF7C0F30000-0x00007FF7C1284000-memory.dmp	xmrig
behavioral2/memory/2488-14-0x00007FF64F6F0000-0x00007FF64FA44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023caa-23.dat	xmrig
behavioral2/memory/1900-24-0x00007FF63E4C0000-0x00007FF63E814000-memory.dmp	xmrig
behavioral2/files/0x0008000000023ca5-28.dat	xmrig
behavioral2/files/0x0007000000023cad-40.dat	xmrig
behavioral2/files/0x0007000000023cae-47.dat	xmrig
behavioral2/memory/4688-60-0x00007FF750220000-0x00007FF750574000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb0-64.dat	xmrig
behavioral2/memory/2276-68-0x00007FF64E3B0000-0x00007FF64E704000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb1-73.dat	xmrig
behavioral2/memory/452-81-0x00007FF7C0F30000-0x00007FF7C1284000-memory.dmp	xmrig
behavioral2/memory/1900-88-0x00007FF63E4C0000-0x00007FF63E814000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb5-94.dat	xmrig
behavioral2/files/0x0007000000023cb6-98.dat	xmrig
behavioral2/memory/976-109-0x00007FF75E010000-0x00007FF75E364000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb9-119.dat	xmrig
behavioral2/files/0x0007000000023cbc-143.dat	xmrig
behavioral2/memory/2252-167-0x00007FF79B570000-0x00007FF79B8C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc4-203.dat	xmrig
behavioral2/files/0x0007000000023cc7-212.dat	xmrig
behavioral2/files/0x0007000000023cc5-208.dat	xmrig
behavioral2/files/0x0007000000023cc6-207.dat	xmrig
behavioral2/files/0x0007000000023cc3-197.dat	xmrig
behavioral2/files/0x0007000000023cc2-193.dat	xmrig
behavioral2/memory/4252-192-0x00007FF7CBB20000-0x00007FF7CBE74000-memory.dmp	xmrig
behavioral2/memory/3600-191-0x00007FF6AE6A0000-0x00007FF6AE9F4000-memory.dmp	xmrig
behavioral2/memory/2968-188-0x00007FF7162F0000-0x00007FF716644000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc1-186.dat	xmrig
behavioral2/memory/1652-183-0x00007FF7A49E0000-0x00007FF7A4D34000-memory.dmp	xmrig
behavioral2/memory/4220-182-0x00007FF7A31C0000-0x00007FF7A3514000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc0-177.dat	xmrig
behavioral2/memory/3108-176-0x00007FF617540000-0x00007FF617894000-memory.dmp	xmrig
behavioral2/memory/4704-173-0x00007FF670070000-0x00007FF6703C4000-memory.dmp	xmrig
behavioral2/memory/1264-172-0x00007FF7FE200000-0x00007FF7FE554000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbf-168.dat	xmrig
behavioral2/memory/2456-166-0x00007FF666820000-0x00007FF666B74000-memory.dmp	xmrig
behavioral2/memory/3920-165-0x00007FF64B730000-0x00007FF64BA84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbe-162.dat	xmrig
behavioral2/memory/3836-161-0x00007FF751E80000-0x00007FF7521D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbd-157.dat	xmrig
behavioral2/memory/4228-156-0x00007FF7CC150000-0x00007FF7CC4A4000-memory.dmp	xmrig
behavioral2/memory/4292-155-0x00007FF7F35D0000-0x00007FF7F3924000-memory.dmp	xmrig
behavioral2/memory/2280-147-0x00007FF6904B0000-0x00007FF690804000-memory.dmp	xmrig
behavioral2/memory/3220-146-0x00007FF64F350000-0x00007FF64F6A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbb-141.dat	xmrig
behavioral2/memory/3652-140-0x00007FF6FE110000-0x00007FF6FE464000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cba-134.dat	xmrig
behavioral2/memory/2036-133-0x00007FF6D4650000-0x00007FF6D49A4000-memory.dmp	xmrig
behavioral2/memory/3792-132-0x00007FF665350000-0x00007FF6656A4000-memory.dmp	xmrig
behavioral2/memory/2292-128-0x00007FF610120000-0x00007FF610474000-memory.dmp	xmrig
behavioral2/memory/2968-127-0x00007FF7162F0000-0x00007FF716644000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb8-124.dat	xmrig
behavioral2/memory/1136-123-0x00007FF6999F0000-0x00007FF699D44000-memory.dmp	xmrig
behavioral2/memory/4220-122-0x00007FF7A31C0000-0x00007FF7A3514000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb7-117.dat	xmrig
behavioral2/memory/1168-116-0x00007FF730890000-0x00007FF730BE4000-memory.dmp	xmrig
behavioral2/memory/3108-115-0x00007FF617540000-0x00007FF617894000-memory.dmp	xmrig
behavioral2/memory/1264-108-0x00007FF7FE200000-0x00007FF7FE554000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2276	gtkCoCT.exe
2488	MaYRVfm.exe
452	YCIeLlh.exe
1900	ZVwOoWN.exe
4300	rdATNQm.exe
3452	kTpPUYG.exe
976	MxXLzoX.exe
1168	CuseoAI.exe
1136	eMOKDTp.exe
2292	BRrURKt.exe
3792	IgnXAHv.exe
3220	LMOXKxj.exe
4292	uHEvmlF.exe
3920	TIHINwH.exe
2456	KcjsOWv.exe
1264	RGpznBn.exe
3108	zUJxAnF.exe
4220	sCpKUEi.exe
2968	pYqNOpp.exe
2036	lGbfTza.exe
3652	JjIkVnC.exe
2280	rsUsnBO.exe
4228	ZzVpSbX.exe
3836	zsldKAt.exe
2252	vbumSdI.exe
4704	VfBFCVi.exe
1652	uFQgwHU.exe
3600	LdfgsRf.exe
4252	PJxvOJR.exe
1576	ysJRdRE.exe
4796	QggtRkx.exe
1692	izllaWV.exe
1732	pBwwoHw.exe
3840	QmXbUVs.exe
4420	Wcvsdjy.exe
4004	SxCJoLv.exe
620	nOKqFOb.exe
5068	ffEfkqK.exe
4052	aXEbFiY.exe
3440	XkKrUpU.exe
1184	uACidfW.exe
312	dQbEUli.exe
4948	ljZamUa.exe
4256	WZVbgmz.exe
2136	IABCjYk.exe
4620	HgTtpaF.exe
4084	uBxYJqf.exe
3860	FlzfsyV.exe
2628	LgPhfIS.exe
3104	XmhDepn.exe
2320	sjqbfUW.exe
2764	Cvspidi.exe
1052	tcIuBEP.exe
1988	sBFOhXv.exe
948	MTWbGmT.exe
5072	uyQNRpv.exe
1004	eaYWHty.exe
1928	fhqvNlO.exe
3396	zxTVRem.exe
4068	SsJtiZM.exe
4128	YyHdJzi.exe
2364	uchlGbp.exe
4900	qZFbDJa.exe
1660	GCNyXBw.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4688-0-0x00007FF750220000-0x00007FF750574000-memory.dmp	upx
behavioral2/files/0x000c000000023bac-4.dat	upx
behavioral2/memory/2276-6-0x00007FF64E3B0000-0x00007FF64E704000-memory.dmp	upx
behavioral2/files/0x0007000000023ca9-10.dat	upx
behavioral2/files/0x0007000000023ca8-12.dat	upx
behavioral2/memory/452-18-0x00007FF7C0F30000-0x00007FF7C1284000-memory.dmp	upx
behavioral2/memory/2488-14-0x00007FF64F6F0000-0x00007FF64FA44000-memory.dmp	upx
behavioral2/files/0x0007000000023caa-23.dat	upx
behavioral2/memory/1900-24-0x00007FF63E4C0000-0x00007FF63E814000-memory.dmp	upx
behavioral2/files/0x0008000000023ca5-28.dat	upx
behavioral2/files/0x0007000000023cad-40.dat	upx
behavioral2/files/0x0007000000023cae-47.dat	upx
behavioral2/memory/4688-60-0x00007FF750220000-0x00007FF750574000-memory.dmp	upx
behavioral2/files/0x0007000000023cb0-64.dat	upx
behavioral2/memory/2276-68-0x00007FF64E3B0000-0x00007FF64E704000-memory.dmp	upx
behavioral2/files/0x0007000000023cb1-73.dat	upx
behavioral2/memory/452-81-0x00007FF7C0F30000-0x00007FF7C1284000-memory.dmp	upx
behavioral2/memory/1900-88-0x00007FF63E4C0000-0x00007FF63E814000-memory.dmp	upx
behavioral2/files/0x0007000000023cb5-94.dat	upx
behavioral2/files/0x0007000000023cb6-98.dat	upx
behavioral2/memory/976-109-0x00007FF75E010000-0x00007FF75E364000-memory.dmp	upx
behavioral2/files/0x0007000000023cb9-119.dat	upx
behavioral2/files/0x0007000000023cbc-143.dat	upx
behavioral2/memory/2252-167-0x00007FF79B570000-0x00007FF79B8C4000-memory.dmp	upx
behavioral2/files/0x0007000000023cc4-203.dat	upx
behavioral2/files/0x0007000000023cc7-212.dat	upx
behavioral2/files/0x0007000000023cc5-208.dat	upx
behavioral2/files/0x0007000000023cc6-207.dat	upx
behavioral2/files/0x0007000000023cc3-197.dat	upx
behavioral2/files/0x0007000000023cc2-193.dat	upx
behavioral2/memory/4252-192-0x00007FF7CBB20000-0x00007FF7CBE74000-memory.dmp	upx
behavioral2/memory/3600-191-0x00007FF6AE6A0000-0x00007FF6AE9F4000-memory.dmp	upx
behavioral2/memory/2968-188-0x00007FF7162F0000-0x00007FF716644000-memory.dmp	upx
behavioral2/files/0x0007000000023cc1-186.dat	upx
behavioral2/memory/1652-183-0x00007FF7A49E0000-0x00007FF7A4D34000-memory.dmp	upx
behavioral2/memory/4220-182-0x00007FF7A31C0000-0x00007FF7A3514000-memory.dmp	upx
behavioral2/files/0x0007000000023cc0-177.dat	upx
behavioral2/memory/3108-176-0x00007FF617540000-0x00007FF617894000-memory.dmp	upx
behavioral2/memory/4704-173-0x00007FF670070000-0x00007FF6703C4000-memory.dmp	upx
behavioral2/memory/1264-172-0x00007FF7FE200000-0x00007FF7FE554000-memory.dmp	upx
behavioral2/files/0x0007000000023cbf-168.dat	upx
behavioral2/memory/2456-166-0x00007FF666820000-0x00007FF666B74000-memory.dmp	upx
behavioral2/memory/3920-165-0x00007FF64B730000-0x00007FF64BA84000-memory.dmp	upx
behavioral2/files/0x0007000000023cbe-162.dat	upx
behavioral2/memory/3836-161-0x00007FF751E80000-0x00007FF7521D4000-memory.dmp	upx
behavioral2/files/0x0007000000023cbd-157.dat	upx
behavioral2/memory/4228-156-0x00007FF7CC150000-0x00007FF7CC4A4000-memory.dmp	upx
behavioral2/memory/4292-155-0x00007FF7F35D0000-0x00007FF7F3924000-memory.dmp	upx
behavioral2/memory/2280-147-0x00007FF6904B0000-0x00007FF690804000-memory.dmp	upx
behavioral2/memory/3220-146-0x00007FF64F350000-0x00007FF64F6A4000-memory.dmp	upx
behavioral2/files/0x0007000000023cbb-141.dat	upx
behavioral2/memory/3652-140-0x00007FF6FE110000-0x00007FF6FE464000-memory.dmp	upx
behavioral2/files/0x0007000000023cba-134.dat	upx
behavioral2/memory/2036-133-0x00007FF6D4650000-0x00007FF6D49A4000-memory.dmp	upx
behavioral2/memory/3792-132-0x00007FF665350000-0x00007FF6656A4000-memory.dmp	upx
behavioral2/memory/2292-128-0x00007FF610120000-0x00007FF610474000-memory.dmp	upx
behavioral2/memory/2968-127-0x00007FF7162F0000-0x00007FF716644000-memory.dmp	upx
behavioral2/files/0x0007000000023cb8-124.dat	upx
behavioral2/memory/1136-123-0x00007FF6999F0000-0x00007FF699D44000-memory.dmp	upx
behavioral2/memory/4220-122-0x00007FF7A31C0000-0x00007FF7A3514000-memory.dmp	upx
behavioral2/files/0x0007000000023cb7-117.dat	upx
behavioral2/memory/1168-116-0x00007FF730890000-0x00007FF730BE4000-memory.dmp	upx
behavioral2/memory/3108-115-0x00007FF617540000-0x00007FF617894000-memory.dmp	upx
behavioral2/memory/1264-108-0x00007FF7FE200000-0x00007FF7FE554000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KMDpUPw.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yuJaquu.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LgPhfIS.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecEhJoa.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACXpIRN.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLgZdLF.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvANXXE.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcUTPmZ.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQfrTaN.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQbEUli.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTreGKA.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlGKVwt.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaLTRih.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKsNbZi.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RSSZnHk.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzJnrln.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rnvizNK.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pHYzzPP.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wszRWCx.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSiHDLL.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EYzlTIv.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ppIcbQS.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADJGzVC.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjzQLRU.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUGaQGX.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmkCsnK.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pBwwoHw.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sicrYVK.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFQAyfk.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVrGZXq.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNYOauY.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Vcexlpm.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXYMnHk.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAMqevk.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SguRckI.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NytYJMb.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Gebpryo.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vOlujdr.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcVFBWM.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbdPhwv.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\giJCCcU.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xQzQBTK.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdfgsRf.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YyHdJzi.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTbqlxe.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvUqAmY.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TzJTGxJ.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ErtUblg.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iparwfw.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGbfTza.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cMmLVtf.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZrjoOTm.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OmzOjkd.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxRuOzz.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jDSXfAW.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TiCvPfO.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AoqHSNU.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gysaIAm.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWJgOuH.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYidfCT.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkHwUyl.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KFGpVhw.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xxoygcq.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwGrINj.exe	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 2276	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 4688 wrote to memory of 2276	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 4688 wrote to memory of 2488	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4688 wrote to memory of 2488	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4688 wrote to memory of 452	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4688 wrote to memory of 452	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4688 wrote to memory of 1900	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4688 wrote to memory of 1900	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4688 wrote to memory of 4300	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4688 wrote to memory of 4300	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4688 wrote to memory of 3452	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4688 wrote to memory of 3452	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4688 wrote to memory of 976	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4688 wrote to memory of 976	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4688 wrote to memory of 1168	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4688 wrote to memory of 1168	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4688 wrote to memory of 1136	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4688 wrote to memory of 1136	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4688 wrote to memory of 2292	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4688 wrote to memory of 2292	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4688 wrote to memory of 3792	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4688 wrote to memory of 3792	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4688 wrote to memory of 3220	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4688 wrote to memory of 3220	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4688 wrote to memory of 4292	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4688 wrote to memory of 4292	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4688 wrote to memory of 3920	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4688 wrote to memory of 3920	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4688 wrote to memory of 2456	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4688 wrote to memory of 2456	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4688 wrote to memory of 1264	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4688 wrote to memory of 1264	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4688 wrote to memory of 3108	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4688 wrote to memory of 3108	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4688 wrote to memory of 4220	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4688 wrote to memory of 4220	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4688 wrote to memory of 2968	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4688 wrote to memory of 2968	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4688 wrote to memory of 2036	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4688 wrote to memory of 2036	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4688 wrote to memory of 3652	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4688 wrote to memory of 3652	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4688 wrote to memory of 2280	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4688 wrote to memory of 2280	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4688 wrote to memory of 4228	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4688 wrote to memory of 4228	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4688 wrote to memory of 3836	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4688 wrote to memory of 3836	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4688 wrote to memory of 2252	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4688 wrote to memory of 2252	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4688 wrote to memory of 4704	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4688 wrote to memory of 4704	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4688 wrote to memory of 1652	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4688 wrote to memory of 1652	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4688 wrote to memory of 3600	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4688 wrote to memory of 3600	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4688 wrote to memory of 4252	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4688 wrote to memory of 4252	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4688 wrote to memory of 1576	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4688 wrote to memory of 1576	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4688 wrote to memory of 4796	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4688 wrote to memory of 4796	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4688 wrote to memory of 1692	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4688 wrote to memory of 1692	4688	2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_abd75930b6b9eb532f07c7596b1b11be_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Windows\System\gtkCoCT.exe
  C:\Windows\System\gtkCoCT.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\MaYRVfm.exe
  C:\Windows\System\MaYRVfm.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\YCIeLlh.exe
  C:\Windows\System\YCIeLlh.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\ZVwOoWN.exe
  C:\Windows\System\ZVwOoWN.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\rdATNQm.exe
  C:\Windows\System\rdATNQm.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\kTpPUYG.exe
  C:\Windows\System\kTpPUYG.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\MxXLzoX.exe
  C:\Windows\System\MxXLzoX.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\CuseoAI.exe
  C:\Windows\System\CuseoAI.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\eMOKDTp.exe
  C:\Windows\System\eMOKDTp.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\BRrURKt.exe
  C:\Windows\System\BRrURKt.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\IgnXAHv.exe
  C:\Windows\System\IgnXAHv.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\LMOXKxj.exe
  C:\Windows\System\LMOXKxj.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\uHEvmlF.exe
  C:\Windows\System\uHEvmlF.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\TIHINwH.exe
  C:\Windows\System\TIHINwH.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\KcjsOWv.exe
  C:\Windows\System\KcjsOWv.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\RGpznBn.exe
  C:\Windows\System\RGpznBn.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\zUJxAnF.exe
  C:\Windows\System\zUJxAnF.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\sCpKUEi.exe
  C:\Windows\System\sCpKUEi.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\pYqNOpp.exe
  C:\Windows\System\pYqNOpp.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\lGbfTza.exe
  C:\Windows\System\lGbfTza.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\JjIkVnC.exe
  C:\Windows\System\JjIkVnC.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\rsUsnBO.exe
  C:\Windows\System\rsUsnBO.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\ZzVpSbX.exe
  C:\Windows\System\ZzVpSbX.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\zsldKAt.exe
  C:\Windows\System\zsldKAt.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\vbumSdI.exe
  C:\Windows\System\vbumSdI.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\VfBFCVi.exe
  C:\Windows\System\VfBFCVi.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\uFQgwHU.exe
  C:\Windows\System\uFQgwHU.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\LdfgsRf.exe
  C:\Windows\System\LdfgsRf.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\PJxvOJR.exe
  C:\Windows\System\PJxvOJR.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\ysJRdRE.exe
  C:\Windows\System\ysJRdRE.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\QggtRkx.exe
  C:\Windows\System\QggtRkx.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\izllaWV.exe
  C:\Windows\System\izllaWV.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\pBwwoHw.exe
  C:\Windows\System\pBwwoHw.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\QmXbUVs.exe
  C:\Windows\System\QmXbUVs.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\Wcvsdjy.exe
  C:\Windows\System\Wcvsdjy.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\SxCJoLv.exe
  C:\Windows\System\SxCJoLv.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\nOKqFOb.exe
  C:\Windows\System\nOKqFOb.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\ffEfkqK.exe
  C:\Windows\System\ffEfkqK.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\aXEbFiY.exe
  C:\Windows\System\aXEbFiY.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\XkKrUpU.exe
  C:\Windows\System\XkKrUpU.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\uACidfW.exe
  C:\Windows\System\uACidfW.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\dQbEUli.exe
  C:\Windows\System\dQbEUli.exe
  2⤵
  - Executes dropped EXE
  PID:312
- C:\Windows\System\ljZamUa.exe
  C:\Windows\System\ljZamUa.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\WZVbgmz.exe
  C:\Windows\System\WZVbgmz.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\IABCjYk.exe
  C:\Windows\System\IABCjYk.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\HgTtpaF.exe
  C:\Windows\System\HgTtpaF.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\uBxYJqf.exe
  C:\Windows\System\uBxYJqf.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\FlzfsyV.exe
  C:\Windows\System\FlzfsyV.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\LgPhfIS.exe
  C:\Windows\System\LgPhfIS.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\XmhDepn.exe
  C:\Windows\System\XmhDepn.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\sjqbfUW.exe
  C:\Windows\System\sjqbfUW.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\Cvspidi.exe
  C:\Windows\System\Cvspidi.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\tcIuBEP.exe
  C:\Windows\System\tcIuBEP.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\sBFOhXv.exe
  C:\Windows\System\sBFOhXv.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\MTWbGmT.exe
  C:\Windows\System\MTWbGmT.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\uyQNRpv.exe
  C:\Windows\System\uyQNRpv.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\eaYWHty.exe
  C:\Windows\System\eaYWHty.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\fhqvNlO.exe
  C:\Windows\System\fhqvNlO.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\zxTVRem.exe
  C:\Windows\System\zxTVRem.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\SsJtiZM.exe
  C:\Windows\System\SsJtiZM.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\YyHdJzi.exe
  C:\Windows\System\YyHdJzi.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\uchlGbp.exe
  C:\Windows\System\uchlGbp.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\qZFbDJa.exe
  C:\Windows\System\qZFbDJa.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\GCNyXBw.exe
  C:\Windows\System\GCNyXBw.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\pHaemtC.exe
  C:\Windows\System\pHaemtC.exe
  2⤵
  PID:1956
- C:\Windows\System\zjMUKlQ.exe
  C:\Windows\System\zjMUKlQ.exe
  2⤵
  PID:4100
- C:\Windows\System\IjwthdS.exe
  C:\Windows\System\IjwthdS.exe
  2⤵
  PID:2296
- C:\Windows\System\OalqmkD.exe
  C:\Windows\System\OalqmkD.exe
  2⤵
  PID:380
- C:\Windows\System\MMdrGmV.exe
  C:\Windows\System\MMdrGmV.exe
  2⤵
  PID:4356
- C:\Windows\System\EhLsuRk.exe
  C:\Windows\System\EhLsuRk.exe
  2⤵
  PID:1332
- C:\Windows\System\KzSntFO.exe
  C:\Windows\System\KzSntFO.exe
  2⤵
  PID:3520
- C:\Windows\System\UFRhAIw.exe
  C:\Windows\System\UFRhAIw.exe
  2⤵
  PID:2028
- C:\Windows\System\BbTLrmO.exe
  C:\Windows\System\BbTLrmO.exe
  2⤵
  PID:832
- C:\Windows\System\QCpJYJP.exe
  C:\Windows\System\QCpJYJP.exe
  2⤵
  PID:2936
- C:\Windows\System\sdPrBXm.exe
  C:\Windows\System\sdPrBXm.exe
  2⤵
  PID:4344
- C:\Windows\System\fDhTDHw.exe
  C:\Windows\System\fDhTDHw.exe
  2⤵
  PID:2572
- C:\Windows\System\FRDseiR.exe
  C:\Windows\System\FRDseiR.exe
  2⤵
  PID:2908
- C:\Windows\System\RDIxllO.exe
  C:\Windows\System\RDIxllO.exe
  2⤵
  PID:5080
- C:\Windows\System\JyfPBVG.exe
  C:\Windows\System\JyfPBVG.exe
  2⤵
  PID:4112
- C:\Windows\System\hHnWofj.exe
  C:\Windows\System\hHnWofj.exe
  2⤵
  PID:628
- C:\Windows\System\XpNfGLq.exe
  C:\Windows\System\XpNfGLq.exe
  2⤵
  PID:1704
- C:\Windows\System\rFExtnb.exe
  C:\Windows\System\rFExtnb.exe
  2⤵
  PID:4408
- C:\Windows\System\fkbqegP.exe
  C:\Windows\System\fkbqegP.exe
  2⤵
  PID:4772
- C:\Windows\System\HxAaKZh.exe
  C:\Windows\System\HxAaKZh.exe
  2⤵
  PID:5136
- C:\Windows\System\cDLkUhr.exe
  C:\Windows\System\cDLkUhr.exe
  2⤵
  PID:5164
- C:\Windows\System\GykfUoz.exe
  C:\Windows\System\GykfUoz.exe
  2⤵
  PID:5180
- C:\Windows\System\WOfbxrF.exe
  C:\Windows\System\WOfbxrF.exe
  2⤵
  PID:5208
- C:\Windows\System\gxJACJI.exe
  C:\Windows\System\gxJACJI.exe
  2⤵
  PID:5236
- C:\Windows\System\ySSlaTV.exe
  C:\Windows\System\ySSlaTV.exe
  2⤵
  PID:5264
- C:\Windows\System\LfffaME.exe
  C:\Windows\System\LfffaME.exe
  2⤵
  PID:5292
- C:\Windows\System\mcExfIT.exe
  C:\Windows\System\mcExfIT.exe
  2⤵
  PID:5320
- C:\Windows\System\PrtzWeI.exe
  C:\Windows\System\PrtzWeI.exe
  2⤵
  PID:5348
- C:\Windows\System\yxEkJeM.exe
  C:\Windows\System\yxEkJeM.exe
  2⤵
  PID:5376
- C:\Windows\System\nzloVRf.exe
  C:\Windows\System\nzloVRf.exe
  2⤵
  PID:5404
- C:\Windows\System\NZvxfmX.exe
  C:\Windows\System\NZvxfmX.exe
  2⤵
  PID:5432
- C:\Windows\System\oROeLzn.exe
  C:\Windows\System\oROeLzn.exe
  2⤵
  PID:5460
- C:\Windows\System\abkVDra.exe
  C:\Windows\System\abkVDra.exe
  2⤵
  PID:5488
- C:\Windows\System\BITVSWL.exe
  C:\Windows\System\BITVSWL.exe
  2⤵
  PID:5516
- C:\Windows\System\jLTBQLH.exe
  C:\Windows\System\jLTBQLH.exe
  2⤵
  PID:5544
- C:\Windows\System\rDuqPTc.exe
  C:\Windows\System\rDuqPTc.exe
  2⤵
  PID:5572
- C:\Windows\System\qVZnVFE.exe
  C:\Windows\System\qVZnVFE.exe
  2⤵
  PID:5600
- C:\Windows\System\HuwJXFE.exe
  C:\Windows\System\HuwJXFE.exe
  2⤵
  PID:5628
- C:\Windows\System\eAAOWjJ.exe
  C:\Windows\System\eAAOWjJ.exe
  2⤵
  PID:5644
- C:\Windows\System\ZoLcJQc.exe
  C:\Windows\System\ZoLcJQc.exe
  2⤵
  PID:5672
- C:\Windows\System\DRbaoOE.exe
  C:\Windows\System\DRbaoOE.exe
  2⤵
  PID:5712
- C:\Windows\System\SdqFTsT.exe
  C:\Windows\System\SdqFTsT.exe
  2⤵
  PID:5740
- C:\Windows\System\gvOKrVf.exe
  C:\Windows\System\gvOKrVf.exe
  2⤵
  PID:5768
- C:\Windows\System\gysaIAm.exe
  C:\Windows\System\gysaIAm.exe
  2⤵
  PID:5796
- C:\Windows\System\ZrkJUog.exe
  C:\Windows\System\ZrkJUog.exe
  2⤵
  PID:5824
- C:\Windows\System\GisdIid.exe
  C:\Windows\System\GisdIid.exe
  2⤵
  PID:5852
- C:\Windows\System\cfsEVgx.exe
  C:\Windows\System\cfsEVgx.exe
  2⤵
  PID:5880
- C:\Windows\System\YqzhxJM.exe
  C:\Windows\System\YqzhxJM.exe
  2⤵
  PID:5908
- C:\Windows\System\PCFQVCL.exe
  C:\Windows\System\PCFQVCL.exe
  2⤵
  PID:5936
- C:\Windows\System\XWPYIyg.exe
  C:\Windows\System\XWPYIyg.exe
  2⤵
  PID:5964
- C:\Windows\System\qpPyIVc.exe
  C:\Windows\System\qpPyIVc.exe
  2⤵
  PID:5992
- C:\Windows\System\bfbiGEn.exe
  C:\Windows\System\bfbiGEn.exe
  2⤵
  PID:6020
- C:\Windows\System\qMEGcCX.exe
  C:\Windows\System\qMEGcCX.exe
  2⤵
  PID:6048
- C:\Windows\System\cDvmYwz.exe
  C:\Windows\System\cDvmYwz.exe
  2⤵
  PID:6064
- C:\Windows\System\QkJFYCj.exe
  C:\Windows\System\QkJFYCj.exe
  2⤵
  PID:6092
- C:\Windows\System\UAvvOQf.exe
  C:\Windows\System\UAvvOQf.exe
  2⤵
  PID:6120
- C:\Windows\System\jIxknuw.exe
  C:\Windows\System\jIxknuw.exe
  2⤵
  PID:1484
- C:\Windows\System\RstRdmn.exe
  C:\Windows\System\RstRdmn.exe
  2⤵
  PID:640
- C:\Windows\System\KdgiYTr.exe
  C:\Windows\System\KdgiYTr.exe
  2⤵
  PID:4664
- C:\Windows\System\EWranyL.exe
  C:\Windows\System\EWranyL.exe
  2⤵
  PID:4656
- C:\Windows\System\MfoIjWF.exe
  C:\Windows\System\MfoIjWF.exe
  2⤵
  PID:2684
- C:\Windows\System\lChHxuG.exe
  C:\Windows\System\lChHxuG.exe
  2⤵
  PID:5152
- C:\Windows\System\XDSYakb.exe
  C:\Windows\System\XDSYakb.exe
  2⤵
  PID:5220
- C:\Windows\System\jTvYszQ.exe
  C:\Windows\System\jTvYszQ.exe
  2⤵
  PID:5252
- C:\Windows\System\NKYIeXP.exe
  C:\Windows\System\NKYIeXP.exe
  2⤵
  PID:5312
- C:\Windows\System\xmrkCNX.exe
  C:\Windows\System\xmrkCNX.exe
  2⤵
  PID:5416
- C:\Windows\System\dLkECXT.exe
  C:\Windows\System\dLkECXT.exe
  2⤵
  PID:5476
- C:\Windows\System\aJTYpCb.exe
  C:\Windows\System\aJTYpCb.exe
  2⤵
  PID:5536
- C:\Windows\System\eSRYmWI.exe
  C:\Windows\System\eSRYmWI.exe
  2⤵
  PID:5612
- C:\Windows\System\IJSPCpx.exe
  C:\Windows\System\IJSPCpx.exe
  2⤵
  PID:5664
- C:\Windows\System\fPJdFlE.exe
  C:\Windows\System\fPJdFlE.exe
  2⤵
  PID:5732
- C:\Windows\System\vCZoTmV.exe
  C:\Windows\System\vCZoTmV.exe
  2⤵
  PID:5808
- C:\Windows\System\gbFKNcp.exe
  C:\Windows\System\gbFKNcp.exe
  2⤵
  PID:5868
- C:\Windows\System\LKiOHIu.exe
  C:\Windows\System\LKiOHIu.exe
  2⤵
  PID:5928
- C:\Windows\System\xdqUaYR.exe
  C:\Windows\System\xdqUaYR.exe
  2⤵
  PID:6032
- C:\Windows\System\PespvFo.exe
  C:\Windows\System\PespvFo.exe
  2⤵
  PID:6060
- C:\Windows\System\uLidFEl.exe
  C:\Windows\System\uLidFEl.exe
  2⤵
  PID:6132
- C:\Windows\System\WTuvyhE.exe
  C:\Windows\System\WTuvyhE.exe
  2⤵
  PID:4716
- C:\Windows\System\GJFHlsM.exe
  C:\Windows\System\GJFHlsM.exe
  2⤵
  PID:4892
- C:\Windows\System\qXBBWaE.exe
  C:\Windows\System\qXBBWaE.exe
  2⤵
  PID:5280
- C:\Windows\System\LbljZTG.exe
  C:\Windows\System\LbljZTG.exe
  2⤵
  PID:5444
- C:\Windows\System\syGAVfp.exe
  C:\Windows\System\syGAVfp.exe
  2⤵
  PID:5508
- C:\Windows\System\CwrXksG.exe
  C:\Windows\System\CwrXksG.exe
  2⤵
  PID:5640
- C:\Windows\System\MFKUiHe.exe
  C:\Windows\System\MFKUiHe.exe
  2⤵
  PID:5784
- C:\Windows\System\EeMkUQJ.exe
  C:\Windows\System\EeMkUQJ.exe
  2⤵
  PID:5956
- C:\Windows\System\ZVlEjyi.exe
  C:\Windows\System\ZVlEjyi.exe
  2⤵
  PID:6148
- C:\Windows\System\EWJgOuH.exe
  C:\Windows\System\EWJgOuH.exe
  2⤵
  PID:6176
- C:\Windows\System\WscoxzE.exe
  C:\Windows\System\WscoxzE.exe
  2⤵
  PID:6204
- C:\Windows\System\hDHnZZM.exe
  C:\Windows\System\hDHnZZM.exe
  2⤵
  PID:6232
- C:\Windows\System\cakdCFL.exe
  C:\Windows\System\cakdCFL.exe
  2⤵
  PID:6272
- C:\Windows\System\gjGHxvC.exe
  C:\Windows\System\gjGHxvC.exe
  2⤵
  PID:6300
- C:\Windows\System\rfjvKLE.exe
  C:\Windows\System\rfjvKLE.exe
  2⤵
  PID:6316
- C:\Windows\System\WABBNgf.exe
  C:\Windows\System\WABBNgf.exe
  2⤵
  PID:6344
- C:\Windows\System\kPqdXAl.exe
  C:\Windows\System\kPqdXAl.exe
  2⤵
  PID:6372
- C:\Windows\System\SHrbLLY.exe
  C:\Windows\System\SHrbLLY.exe
  2⤵
  PID:6400
- C:\Windows\System\MWREntm.exe
  C:\Windows\System\MWREntm.exe
  2⤵
  PID:6428
- C:\Windows\System\SKAAnPH.exe
  C:\Windows\System\SKAAnPH.exe
  2⤵
  PID:6468
- C:\Windows\System\LVFeEMh.exe
  C:\Windows\System\LVFeEMh.exe
  2⤵
  PID:6496
- C:\Windows\System\GsCCSLt.exe
  C:\Windows\System\GsCCSLt.exe
  2⤵
  PID:6524
- C:\Windows\System\jSqxLiU.exe
  C:\Windows\System\jSqxLiU.exe
  2⤵
  PID:6552
- C:\Windows\System\bbebRBq.exe
  C:\Windows\System\bbebRBq.exe
  2⤵
  PID:6568
- C:\Windows\System\HmRqMSU.exe
  C:\Windows\System\HmRqMSU.exe
  2⤵
  PID:6608
- C:\Windows\System\JzzPdbA.exe
  C:\Windows\System\JzzPdbA.exe
  2⤵
  PID:6636
- C:\Windows\System\FDOezJF.exe
  C:\Windows\System\FDOezJF.exe
  2⤵
  PID:6664
- C:\Windows\System\IQFgFcx.exe
  C:\Windows\System\IQFgFcx.exe
  2⤵
  PID:6680
- C:\Windows\System\QlkCqYI.exe
  C:\Windows\System\QlkCqYI.exe
  2⤵
  PID:6708
- C:\Windows\System\ceSbEuM.exe
  C:\Windows\System\ceSbEuM.exe
  2⤵
  PID:6736
- C:\Windows\System\OQskaOX.exe
  C:\Windows\System\OQskaOX.exe
  2⤵
  PID:6764
- C:\Windows\System\fKCAZwc.exe
  C:\Windows\System\fKCAZwc.exe
  2⤵
  PID:6792
- C:\Windows\System\lwmfUhJ.exe
  C:\Windows\System\lwmfUhJ.exe
  2⤵
  PID:6832
- C:\Windows\System\BjslGsi.exe
  C:\Windows\System\BjslGsi.exe
  2⤵
  PID:6860
- C:\Windows\System\EpCIXIn.exe
  C:\Windows\System\EpCIXIn.exe
  2⤵
  PID:6876
- C:\Windows\System\CcgJFTe.exe
  C:\Windows\System\CcgJFTe.exe
  2⤵
  PID:6904
- C:\Windows\System\ZVgRuFy.exe
  C:\Windows\System\ZVgRuFy.exe
  2⤵
  PID:6932
- C:\Windows\System\iWeNFYr.exe
  C:\Windows\System\iWeNFYr.exe
  2⤵
  PID:6960
- C:\Windows\System\tXYMnHk.exe
  C:\Windows\System\tXYMnHk.exe
  2⤵
  PID:6988
- C:\Windows\System\yivSnqi.exe
  C:\Windows\System\yivSnqi.exe
  2⤵
  PID:7016
- C:\Windows\System\aHOoEIm.exe
  C:\Windows\System\aHOoEIm.exe
  2⤵
  PID:7044
- C:\Windows\System\XrwwDMG.exe
  C:\Windows\System\XrwwDMG.exe
  2⤵
  PID:7072
- C:\Windows\System\XZFkHBD.exe
  C:\Windows\System\XZFkHBD.exe
  2⤵
  PID:7112
- C:\Windows\System\ULSZwno.exe
  C:\Windows\System\ULSZwno.exe
  2⤵
  PID:7140
- C:\Windows\System\UDLzprI.exe
  C:\Windows\System\UDLzprI.exe
  2⤵
  PID:7156
- C:\Windows\System\KPcsVWU.exe
  C:\Windows\System\KPcsVWU.exe
  2⤵
  PID:4376
- C:\Windows\System\akSexOo.exe
  C:\Windows\System\akSexOo.exe
  2⤵
  PID:5228
- C:\Windows\System\tMFHkrR.exe
  C:\Windows\System\tMFHkrR.exe
  2⤵
  PID:5588
- C:\Windows\System\QBLrGhU.exe
  C:\Windows\System\QBLrGhU.exe
  2⤵
  PID:5900
- C:\Windows\System\LSovDeO.exe
  C:\Windows\System\LSovDeO.exe
  2⤵
  PID:6188
- C:\Windows\System\OIgeQdB.exe
  C:\Windows\System\OIgeQdB.exe
  2⤵
  PID:6248
- C:\Windows\System\BVOlDbb.exe
  C:\Windows\System\BVOlDbb.exe
  2⤵
  PID:6312
- C:\Windows\System\IVsrpKu.exe
  C:\Windows\System\IVsrpKu.exe
  2⤵
  PID:6384
- C:\Windows\System\kqhcKih.exe
  C:\Windows\System\kqhcKih.exe
  2⤵
  PID:6444
- C:\Windows\System\aVOYmvS.exe
  C:\Windows\System\aVOYmvS.exe
  2⤵
  PID:6512
- C:\Windows\System\VjQJCPY.exe
  C:\Windows\System\VjQJCPY.exe
  2⤵
  PID:4860
- C:\Windows\System\kqZZEMs.exe
  C:\Windows\System\kqZZEMs.exe
  2⤵
  PID:6656
- C:\Windows\System\owWRXAk.exe
  C:\Windows\System\owWRXAk.exe
  2⤵
  PID:6696
- C:\Windows\System\IHYYudK.exe
  C:\Windows\System\IHYYudK.exe
  2⤵
  PID:6756
- C:\Windows\System\mssnROj.exe
  C:\Windows\System\mssnROj.exe
  2⤵
  PID:6824
- C:\Windows\System\FBeHxFG.exe
  C:\Windows\System\FBeHxFG.exe
  2⤵
  PID:6868
- C:\Windows\System\lwfIDrw.exe
  C:\Windows\System\lwfIDrw.exe
  2⤵
  PID:6952
- C:\Windows\System\bzAJjSn.exe
  C:\Windows\System\bzAJjSn.exe
  2⤵
  PID:7028
- C:\Windows\System\NjXGosy.exe
  C:\Windows\System\NjXGosy.exe
  2⤵
  PID:7088
- C:\Windows\System\HYoMVAo.exe
  C:\Windows\System\HYoMVAo.exe
  2⤵
  PID:7152
- C:\Windows\System\gBnGQWc.exe
  C:\Windows\System\gBnGQWc.exe
  2⤵
  PID:5196
- C:\Windows\System\lKFTzix.exe
  C:\Windows\System\lKFTzix.exe
  2⤵
  PID:6084
- C:\Windows\System\OGuNVFN.exe
  C:\Windows\System\OGuNVFN.exe
  2⤵
  PID:6292
- C:\Windows\System\WqGDEIk.exe
  C:\Windows\System\WqGDEIk.exe
  2⤵
  PID:6416
- C:\Windows\System\WzFprlt.exe
  C:\Windows\System\WzFprlt.exe
  2⤵
  PID:6580
- C:\Windows\System\FOZXRnd.exe
  C:\Windows\System\FOZXRnd.exe
  2⤵
  PID:6724
- C:\Windows\System\CEwAaoT.exe
  C:\Windows\System\CEwAaoT.exe
  2⤵
  PID:6856
- C:\Windows\System\LBjfgoE.exe
  C:\Windows\System\LBjfgoE.exe
  2⤵
  PID:7192
- C:\Windows\System\trYbYgH.exe
  C:\Windows\System\trYbYgH.exe
  2⤵
  PID:7220
- C:\Windows\System\vnZfsOp.exe
  C:\Windows\System\vnZfsOp.exe
  2⤵
  PID:7248
- C:\Windows\System\boJWdtZ.exe
  C:\Windows\System\boJWdtZ.exe
  2⤵
  PID:7276
- C:\Windows\System\JIjrtLf.exe
  C:\Windows\System\JIjrtLf.exe
  2⤵
  PID:7304
- C:\Windows\System\YtzESyW.exe
  C:\Windows\System\YtzESyW.exe
  2⤵
  PID:7332
- C:\Windows\System\zIOevPy.exe
  C:\Windows\System\zIOevPy.exe
  2⤵
  PID:7360
- C:\Windows\System\QKlmUob.exe
  C:\Windows\System\QKlmUob.exe
  2⤵
  PID:7388
- C:\Windows\System\hsfhWJt.exe
  C:\Windows\System\hsfhWJt.exe
  2⤵
  PID:7416
- C:\Windows\System\qjbgBCn.exe
  C:\Windows\System\qjbgBCn.exe
  2⤵
  PID:7444
- C:\Windows\System\lRDmrwR.exe
  C:\Windows\System\lRDmrwR.exe
  2⤵
  PID:7472
- C:\Windows\System\OHdKZRG.exe
  C:\Windows\System\OHdKZRG.exe
  2⤵
  PID:7500
- C:\Windows\System\vKKnRXZ.exe
  C:\Windows\System\vKKnRXZ.exe
  2⤵
  PID:7528
- C:\Windows\System\GYLYZob.exe
  C:\Windows\System\GYLYZob.exe
  2⤵
  PID:7556
- C:\Windows\System\jySTggi.exe
  C:\Windows\System\jySTggi.exe
  2⤵
  PID:7584
- C:\Windows\System\tomAlfE.exe
  C:\Windows\System\tomAlfE.exe
  2⤵
  PID:7612
- C:\Windows\System\afjkmDu.exe
  C:\Windows\System\afjkmDu.exe
  2⤵
  PID:7640
- C:\Windows\System\MyQTGul.exe
  C:\Windows\System\MyQTGul.exe
  2⤵
  PID:7668
- C:\Windows\System\LeIvDmr.exe
  C:\Windows\System\LeIvDmr.exe
  2⤵
  PID:7696
- C:\Windows\System\wYwwAtZ.exe
  C:\Windows\System\wYwwAtZ.exe
  2⤵
  PID:7720
- C:\Windows\System\MolrUim.exe
  C:\Windows\System\MolrUim.exe
  2⤵
  PID:7752
- C:\Windows\System\uxlsQJe.exe
  C:\Windows\System\uxlsQJe.exe
  2⤵
  PID:7780
- C:\Windows\System\gDkrOCL.exe
  C:\Windows\System\gDkrOCL.exe
  2⤵
  PID:7808
- C:\Windows\System\OgefuqJ.exe
  C:\Windows\System\OgefuqJ.exe
  2⤵
  PID:7836
- C:\Windows\System\IooftwS.exe
  C:\Windows\System\IooftwS.exe
  2⤵
  PID:7864
- C:\Windows\System\ecEhJoa.exe
  C:\Windows\System\ecEhJoa.exe
  2⤵
  PID:7892
- C:\Windows\System\FUjTsZS.exe
  C:\Windows\System\FUjTsZS.exe
  2⤵
  PID:7924
- C:\Windows\System\FIzkyzw.exe
  C:\Windows\System\FIzkyzw.exe
  2⤵
  PID:7948
- C:\Windows\System\wjvXjIt.exe
  C:\Windows\System\wjvXjIt.exe
  2⤵
  PID:7988
- C:\Windows\System\DiUpBDu.exe
  C:\Windows\System\DiUpBDu.exe
  2⤵
  PID:8004
- C:\Windows\System\FJJtTCP.exe
  C:\Windows\System\FJJtTCP.exe
  2⤵
  PID:8032
- C:\Windows\System\zUIKCSL.exe
  C:\Windows\System\zUIKCSL.exe
  2⤵
  PID:8060
- C:\Windows\System\pLqoVaT.exe
  C:\Windows\System\pLqoVaT.exe
  2⤵
  PID:8088
- C:\Windows\System\uKXeMGP.exe
  C:\Windows\System\uKXeMGP.exe
  2⤵
  PID:8116
- C:\Windows\System\omaOAWA.exe
  C:\Windows\System\omaOAWA.exe
  2⤵
  PID:8148
- C:\Windows\System\kfIzLfz.exe
  C:\Windows\System\kfIzLfz.exe
  2⤵
  PID:8172
- C:\Windows\System\EZvRcdi.exe
  C:\Windows\System\EZvRcdi.exe
  2⤵
  PID:6980
- C:\Windows\System\NYidfCT.exe
  C:\Windows\System\NYidfCT.exe
  2⤵
  PID:7124
- C:\Windows\System\nXJshZH.exe
  C:\Windows\System\nXJshZH.exe
  2⤵
  PID:5780
- C:\Windows\System\EQQCpJx.exe
  C:\Windows\System\EQQCpJx.exe
  2⤵
  PID:6364
- C:\Windows\System\vxwScCi.exe
  C:\Windows\System\vxwScCi.exe
  2⤵
  PID:6676
- C:\Windows\System\DuDlRXR.exe
  C:\Windows\System\DuDlRXR.exe
  2⤵
  PID:7204
- C:\Windows\System\uHTwIFH.exe
  C:\Windows\System\uHTwIFH.exe
  2⤵
  PID:7232
- C:\Windows\System\xKqDqvG.exe
  C:\Windows\System\xKqDqvG.exe
  2⤵
  PID:7288
- C:\Windows\System\sLZuUoG.exe
  C:\Windows\System\sLZuUoG.exe
  2⤵
  PID:7352
- C:\Windows\System\BAmPSuE.exe
  C:\Windows\System\BAmPSuE.exe
  2⤵
  PID:7436
- C:\Windows\System\KiNeRvA.exe
  C:\Windows\System\KiNeRvA.exe
  2⤵
  PID:7512
- C:\Windows\System\LwNmeRh.exe
  C:\Windows\System\LwNmeRh.exe
  2⤵
  PID:2072
- C:\Windows\System\HHdYPLa.exe
  C:\Windows\System\HHdYPLa.exe
  2⤵
  PID:7624
- C:\Windows\System\tWCIirX.exe
  C:\Windows\System\tWCIirX.exe
  2⤵
  PID:7684
- C:\Windows\System\GTRMJwY.exe
  C:\Windows\System\GTRMJwY.exe
  2⤵
  PID:7744
- C:\Windows\System\kTreGKA.exe
  C:\Windows\System\kTreGKA.exe
  2⤵
  PID:7820
- C:\Windows\System\IQEkrne.exe
  C:\Windows\System\IQEkrne.exe
  2⤵
  PID:7880
- C:\Windows\System\xqrlLCJ.exe
  C:\Windows\System\xqrlLCJ.exe
  2⤵
  PID:7936
- C:\Windows\System\CcYwqGM.exe
  C:\Windows\System\CcYwqGM.exe
  2⤵
  PID:7996
- C:\Windows\System\tnvPrAH.exe
  C:\Windows\System\tnvPrAH.exe
  2⤵
  PID:8052
- C:\Windows\System\XeTnxWj.exe
  C:\Windows\System\XeTnxWj.exe
  2⤵
  PID:3528
- C:\Windows\System\taVXDgH.exe
  C:\Windows\System\taVXDgH.exe
  2⤵
  PID:8168
- C:\Windows\System\hQMGwcP.exe
  C:\Windows\System\hQMGwcP.exe
  2⤵
  PID:7068
- C:\Windows\System\BmjRnTK.exe
  C:\Windows\System\BmjRnTK.exe
  2⤵
  PID:5036
- C:\Windows\System\qKgPPaH.exe
  C:\Windows\System\qKgPPaH.exe
  2⤵
  PID:7180
- C:\Windows\System\lZGuJjs.exe
  C:\Windows\System\lZGuJjs.exe
  2⤵
  PID:2636
- C:\Windows\System\tAMNxDk.exe
  C:\Windows\System\tAMNxDk.exe
  2⤵
  PID:7408
- C:\Windows\System\OhrAFhW.exe
  C:\Windows\System\OhrAFhW.exe
  2⤵
  PID:7544
- C:\Windows\System\SSBUvEp.exe
  C:\Windows\System\SSBUvEp.exe
  2⤵
  PID:7656
- C:\Windows\System\iBAMsWi.exe
  C:\Windows\System\iBAMsWi.exe
  2⤵
  PID:7796
- C:\Windows\System\xVNbiyi.exe
  C:\Windows\System\xVNbiyi.exe
  2⤵
  PID:7916
- C:\Windows\System\ZzHADkq.exe
  C:\Windows\System\ZzHADkq.exe
  2⤵
  PID:7980
- C:\Windows\System\FVhJYin.exe
  C:\Windows\System\FVhJYin.exe
  2⤵
  PID:8104
- C:\Windows\System\pubmXjK.exe
  C:\Windows\System\pubmXjK.exe
  2⤵
  PID:4792
- C:\Windows\System\CiSTCVT.exe
  C:\Windows\System\CiSTCVT.exe
  2⤵
  PID:6652
- C:\Windows\System\kAHMWEg.exe
  C:\Windows\System\kAHMWEg.exe
  2⤵
  PID:4340
- C:\Windows\System\tTZejCf.exe
  C:\Windows\System\tTZejCf.exe
  2⤵
  PID:7652
- C:\Windows\System\GvfmchJ.exe
  C:\Windows\System\GvfmchJ.exe
  2⤵
  PID:8220
- C:\Windows\System\McrwHNF.exe
  C:\Windows\System\McrwHNF.exe
  2⤵
  PID:8248
- C:\Windows\System\WsbJVqM.exe
  C:\Windows\System\WsbJVqM.exe
  2⤵
  PID:8276
- C:\Windows\System\INlNKgR.exe
  C:\Windows\System\INlNKgR.exe
  2⤵
  PID:8304
- C:\Windows\System\zYuVrLu.exe
  C:\Windows\System\zYuVrLu.exe
  2⤵
  PID:8332
- C:\Windows\System\ivkKkqf.exe
  C:\Windows\System\ivkKkqf.exe
  2⤵
  PID:8360
- C:\Windows\System\SUsBQNj.exe
  C:\Windows\System\SUsBQNj.exe
  2⤵
  PID:8388
- C:\Windows\System\Vidhqzs.exe
  C:\Windows\System\Vidhqzs.exe
  2⤵
  PID:8416
- C:\Windows\System\HOxssoa.exe
  C:\Windows\System\HOxssoa.exe
  2⤵
  PID:8440
- C:\Windows\System\uodNMsV.exe
  C:\Windows\System\uodNMsV.exe
  2⤵
  PID:8472
- C:\Windows\System\sloeIlv.exe
  C:\Windows\System\sloeIlv.exe
  2⤵
  PID:8500
- C:\Windows\System\aOlVmcZ.exe
  C:\Windows\System\aOlVmcZ.exe
  2⤵
  PID:8528
- C:\Windows\System\GnasJZR.exe
  C:\Windows\System\GnasJZR.exe
  2⤵
  PID:8552
- C:\Windows\System\hHAMveS.exe
  C:\Windows\System\hHAMveS.exe
  2⤵
  PID:8580
- C:\Windows\System\vOlujdr.exe
  C:\Windows\System\vOlujdr.exe
  2⤵
  PID:8612
- C:\Windows\System\iFQJdyr.exe
  C:\Windows\System\iFQJdyr.exe
  2⤵
  PID:8640
- C:\Windows\System\fKZnGeA.exe
  C:\Windows\System\fKZnGeA.exe
  2⤵
  PID:8668
- C:\Windows\System\BmkyAnC.exe
  C:\Windows\System\BmkyAnC.exe
  2⤵
  PID:8696
- C:\Windows\System\YVXdNeJ.exe
  C:\Windows\System\YVXdNeJ.exe
  2⤵
  PID:8724
- C:\Windows\System\xYhIkJE.exe
  C:\Windows\System\xYhIkJE.exe
  2⤵
  PID:8752
- C:\Windows\System\aWksZgm.exe
  C:\Windows\System\aWksZgm.exe
  2⤵
  PID:8780
- C:\Windows\System\RHCojjQ.exe
  C:\Windows\System\RHCojjQ.exe
  2⤵
  PID:8808
- C:\Windows\System\lVNmwEU.exe
  C:\Windows\System\lVNmwEU.exe
  2⤵
  PID:8860
- C:\Windows\System\aRLOEQL.exe
  C:\Windows\System\aRLOEQL.exe
  2⤵
  PID:8876
- C:\Windows\System\tPnSHjr.exe
  C:\Windows\System\tPnSHjr.exe
  2⤵
  PID:8896
- C:\Windows\System\jFhXwdq.exe
  C:\Windows\System\jFhXwdq.exe
  2⤵
  PID:8920
- C:\Windows\System\XkHwUyl.exe
  C:\Windows\System\XkHwUyl.exe
  2⤵
  PID:8948
- C:\Windows\System\jGKHqFB.exe
  C:\Windows\System\jGKHqFB.exe
  2⤵
  PID:8976
- C:\Windows\System\hJjTAwJ.exe
  C:\Windows\System\hJjTAwJ.exe
  2⤵
  PID:9004
- C:\Windows\System\cwFHDMm.exe
  C:\Windows\System\cwFHDMm.exe
  2⤵
  PID:9032
- C:\Windows\System\Qfiehxy.exe
  C:\Windows\System\Qfiehxy.exe
  2⤵
  PID:9060
- C:\Windows\System\dOaujWi.exe
  C:\Windows\System\dOaujWi.exe
  2⤵
  PID:9088
- C:\Windows\System\fbKEhYi.exe
  C:\Windows\System\fbKEhYi.exe
  2⤵
  PID:9116
- C:\Windows\System\jCNiXGp.exe
  C:\Windows\System\jCNiXGp.exe
  2⤵
  PID:9144
- C:\Windows\System\hpqAaKT.exe
  C:\Windows\System\hpqAaKT.exe
  2⤵
  PID:9172
- C:\Windows\System\qQzOjPO.exe
  C:\Windows\System\qQzOjPO.exe
  2⤵
  PID:9200
- C:\Windows\System\cJBPqLf.exe
  C:\Windows\System\cJBPqLf.exe
  2⤵
  PID:7792
- C:\Windows\System\hXgLVqE.exe
  C:\Windows\System\hXgLVqE.exe
  2⤵
  PID:8044
- C:\Windows\System\Gbgvlgm.exe
  C:\Windows\System\Gbgvlgm.exe
  2⤵
  PID:3116
- C:\Windows\System\GaOenlf.exe
  C:\Windows\System\GaOenlf.exe
  2⤵
  PID:7260
- C:\Windows\System\ChMYTQd.exe
  C:\Windows\System\ChMYTQd.exe
  2⤵
  PID:3964
- C:\Windows\System\HzJnrln.exe
  C:\Windows\System\HzJnrln.exe
  2⤵
  PID:8240
- C:\Windows\System\aKvHNik.exe
  C:\Windows\System\aKvHNik.exe
  2⤵
  PID:8296
- C:\Windows\System\ERkRoqn.exe
  C:\Windows\System\ERkRoqn.exe
  2⤵
  PID:8344
- C:\Windows\System\oPauPSy.exe
  C:\Windows\System\oPauPSy.exe
  2⤵
  PID:8404
- C:\Windows\System\lHFgaxc.exe
  C:\Windows\System\lHFgaxc.exe
  2⤵
  PID:8456
- C:\Windows\System\bJtRadl.exe
  C:\Windows\System\bJtRadl.exe
  2⤵
  PID:4440
- C:\Windows\System\TuyUrrl.exe
  C:\Windows\System\TuyUrrl.exe
  2⤵
  PID:8548
- C:\Windows\System\GNMeZAB.exe
  C:\Windows\System\GNMeZAB.exe
  2⤵
  PID:8604
- C:\Windows\System\ThCVYuJ.exe
  C:\Windows\System\ThCVYuJ.exe
  2⤵
  PID:8632
- C:\Windows\System\LomHXYq.exe
  C:\Windows\System\LomHXYq.exe
  2⤵
  PID:8708
- C:\Windows\System\cteOqFe.exe
  C:\Windows\System\cteOqFe.exe
  2⤵
  PID:8768
- C:\Windows\System\sKGsnnV.exe
  C:\Windows\System\sKGsnnV.exe
  2⤵
  PID:8840
- C:\Windows\System\pjIViOx.exe
  C:\Windows\System\pjIViOx.exe
  2⤵
  PID:8904
- C:\Windows\System\wytsDXV.exe
  C:\Windows\System\wytsDXV.exe
  2⤵
  PID:8960
- C:\Windows\System\jIcTvzc.exe
  C:\Windows\System\jIcTvzc.exe
  2⤵
  PID:9024
- C:\Windows\System\mkpzdOX.exe
  C:\Windows\System\mkpzdOX.exe
  2⤵
  PID:9084
- C:\Windows\System\Eifrpfg.exe
  C:\Windows\System\Eifrpfg.exe
  2⤵
  PID:9160
- C:\Windows\System\vTugKTp.exe
  C:\Windows\System\vTugKTp.exe
  2⤵
  PID:7772
- C:\Windows\System\qKpbueE.exe
  C:\Windows\System\qKpbueE.exe
  2⤵
  PID:4636
- C:\Windows\System\MCFwEVL.exe
  C:\Windows\System\MCFwEVL.exe
  2⤵
  PID:8216
- C:\Windows\System\FFmGXrj.exe
  C:\Windows\System\FFmGXrj.exe
  2⤵
  PID:2084
- C:\Windows\System\FEAlVuN.exe
  C:\Windows\System\FEAlVuN.exe
  2⤵
  PID:8432
- C:\Windows\System\VqQOxSF.exe
  C:\Windows\System\VqQOxSF.exe
  2⤵
  PID:8572
- C:\Windows\System\utxjJjh.exe
  C:\Windows\System\utxjJjh.exe
  2⤵
  PID:8680
- C:\Windows\System\EzmCaKO.exe
  C:\Windows\System\EzmCaKO.exe
  2⤵
  PID:8800
- C:\Windows\System\ZPpPuPs.exe
  C:\Windows\System\ZPpPuPs.exe
  2⤵
  PID:8940
- C:\Windows\System\rnvizNK.exe
  C:\Windows\System\rnvizNK.exe
  2⤵
  PID:9128
- C:\Windows\System\qXpLIKV.exe
  C:\Windows\System\qXpLIKV.exe
  2⤵
  PID:2176
- C:\Windows\System\JCyMpWD.exe
  C:\Windows\System\JCyMpWD.exe
  2⤵
  PID:3648
- C:\Windows\System\LDpPDNW.exe
  C:\Windows\System\LDpPDNW.exe
  2⤵
  PID:8492
- C:\Windows\System\gFEfzjc.exe
  C:\Windows\System\gFEfzjc.exe
  2⤵
  PID:932
- C:\Windows\System\pIyIUpp.exe
  C:\Windows\System\pIyIUpp.exe
  2⤵
  PID:9016
- C:\Windows\System\jIQPcYE.exe
  C:\Windows\System\jIQPcYE.exe
  2⤵
  PID:9244
- C:\Windows\System\XzcayMf.exe
  C:\Windows\System\XzcayMf.exe
  2⤵
  PID:9272
- C:\Windows\System\ezLOTbo.exe
  C:\Windows\System\ezLOTbo.exe
  2⤵
  PID:9300
- C:\Windows\System\XAmdoes.exe
  C:\Windows\System\XAmdoes.exe
  2⤵
  PID:9316
- C:\Windows\System\ChuUqNj.exe
  C:\Windows\System\ChuUqNj.exe
  2⤵
  PID:9344
- C:\Windows\System\uaXqblx.exe
  C:\Windows\System\uaXqblx.exe
  2⤵
  PID:9384
- C:\Windows\System\AqflaHK.exe
  C:\Windows\System\AqflaHK.exe
  2⤵
  PID:9412
- C:\Windows\System\AdDDAYh.exe
  C:\Windows\System\AdDDAYh.exe
  2⤵
  PID:9440
- C:\Windows\System\lTatwRr.exe
  C:\Windows\System\lTatwRr.exe
  2⤵
  PID:9468
- C:\Windows\System\qrvwmsc.exe
  C:\Windows\System\qrvwmsc.exe
  2⤵
  PID:9496
- C:\Windows\System\fcaKJDM.exe
  C:\Windows\System\fcaKJDM.exe
  2⤵
  PID:9524
- C:\Windows\System\LkboFmr.exe
  C:\Windows\System\LkboFmr.exe
  2⤵
  PID:9552
- C:\Windows\System\dfMpWDV.exe
  C:\Windows\System\dfMpWDV.exe
  2⤵
  PID:9580
- C:\Windows\System\RNPWezK.exe
  C:\Windows\System\RNPWezK.exe
  2⤵
  PID:9608
- C:\Windows\System\MEEWldB.exe
  C:\Windows\System\MEEWldB.exe
  2⤵
  PID:9636
- C:\Windows\System\PZQcnft.exe
  C:\Windows\System\PZQcnft.exe
  2⤵
  PID:9664
- C:\Windows\System\nnLlgho.exe
  C:\Windows\System\nnLlgho.exe
  2⤵
  PID:9692
- C:\Windows\System\fHKvWcR.exe
  C:\Windows\System\fHKvWcR.exe
  2⤵
  PID:9720
- C:\Windows\System\XxsaVeU.exe
  C:\Windows\System\XxsaVeU.exe
  2⤵
  PID:9748
- C:\Windows\System\WhyxdOp.exe
  C:\Windows\System\WhyxdOp.exe
  2⤵
  PID:9776
- C:\Windows\System\xKRyaVL.exe
  C:\Windows\System\xKRyaVL.exe
  2⤵
  PID:9804
- C:\Windows\System\KFGpVhw.exe
  C:\Windows\System\KFGpVhw.exe
  2⤵
  PID:9832
- C:\Windows\System\LcVFBWM.exe
  C:\Windows\System\LcVFBWM.exe
  2⤵
  PID:9860
- C:\Windows\System\flVafkq.exe
  C:\Windows\System\flVafkq.exe
  2⤵
  PID:9888
- C:\Windows\System\zPBEXhc.exe
  C:\Windows\System\zPBEXhc.exe
  2⤵
  PID:9916
- C:\Windows\System\cMmLVtf.exe
  C:\Windows\System\cMmLVtf.exe
  2⤵
  PID:9944
- C:\Windows\System\GAMqevk.exe
  C:\Windows\System\GAMqevk.exe
  2⤵
  PID:9972
- C:\Windows\System\cROSxFq.exe
  C:\Windows\System\cROSxFq.exe
  2⤵
  PID:10000
- C:\Windows\System\kztRDgT.exe
  C:\Windows\System\kztRDgT.exe
  2⤵
  PID:10028
- C:\Windows\System\CuHYvsk.exe
  C:\Windows\System\CuHYvsk.exe
  2⤵
  PID:10120
- C:\Windows\System\gWbppZm.exe
  C:\Windows\System\gWbppZm.exe
  2⤵
  PID:10144
- C:\Windows\System\OliHCFJ.exe
  C:\Windows\System\OliHCFJ.exe
  2⤵
  PID:10184
- C:\Windows\System\oFrnNDG.exe
  C:\Windows\System\oFrnNDG.exe
  2⤵
  PID:10212
- C:\Windows\System\rTbqlxe.exe
  C:\Windows\System\rTbqlxe.exe
  2⤵
  PID:9052
- C:\Windows\System\risnuio.exe
  C:\Windows\System\risnuio.exe
  2⤵
  PID:4724
- C:\Windows\System\kQfzLEf.exe
  C:\Windows\System\kQfzLEf.exe
  2⤵
  PID:4336
- C:\Windows\System\vDTbowz.exe
  C:\Windows\System\vDTbowz.exe
  2⤵
  PID:9264
- C:\Windows\System\jbGafIc.exe
  C:\Windows\System\jbGafIc.exe
  2⤵
  PID:9292
- C:\Windows\System\DiqYjYt.exe
  C:\Windows\System\DiqYjYt.exe
  2⤵
  PID:9400
- C:\Windows\System\GIwTAjx.exe
  C:\Windows\System\GIwTAjx.exe
  2⤵
  PID:9452
- C:\Windows\System\Hqacsdw.exe
  C:\Windows\System\Hqacsdw.exe
  2⤵
  PID:9516
- C:\Windows\System\JvsLFQt.exe
  C:\Windows\System\JvsLFQt.exe
  2⤵
  PID:9592
- C:\Windows\System\DXKasiq.exe
  C:\Windows\System\DXKasiq.exe
  2⤵
  PID:9632
- C:\Windows\System\aicRYHp.exe
  C:\Windows\System\aicRYHp.exe
  2⤵
  PID:9680
- C:\Windows\System\FbUXBgQ.exe
  C:\Windows\System\FbUXBgQ.exe
  2⤵
  PID:9732
- C:\Windows\System\HhtwhjF.exe
  C:\Windows\System\HhtwhjF.exe
  2⤵
  PID:9792
- C:\Windows\System\FoLUYKe.exe
  C:\Windows\System\FoLUYKe.exe
  2⤵
  PID:9824
- C:\Windows\System\yZKcQRv.exe
  C:\Windows\System\yZKcQRv.exe
  2⤵
  PID:9880
- C:\Windows\System\BWNjKxy.exe
  C:\Windows\System\BWNjKxy.exe
  2⤵
  PID:9928
- C:\Windows\System\kwCRncb.exe
  C:\Windows\System\kwCRncb.exe
  2⤵
  PID:9960
- C:\Windows\System\xxoygcq.exe
  C:\Windows\System\xxoygcq.exe
  2⤵
  PID:10012
- C:\Windows\System\YlGKVwt.exe
  C:\Windows\System\YlGKVwt.exe
  2⤵
  PID:9988
- C:\Windows\System\vZnvJlB.exe
  C:\Windows\System\vZnvJlB.exe
  2⤵
  PID:4996
- C:\Windows\System\cgMfPxr.exe
  C:\Windows\System\cgMfPxr.exe
  2⤵
  PID:1528
- C:\Windows\System\xbzodmd.exe
  C:\Windows\System\xbzodmd.exe
  2⤵
  PID:1516
- C:\Windows\System\tIzlPRc.exe
  C:\Windows\System\tIzlPRc.exe
  2⤵
  PID:10108
- C:\Windows\System\uYwAldr.exe
  C:\Windows\System\uYwAldr.exe
  2⤵
  PID:10232
- C:\Windows\System\cjAXtPc.exe
  C:\Windows\System\cjAXtPc.exe
  2⤵
  PID:9232
- C:\Windows\System\clkwnAT.exe
  C:\Windows\System\clkwnAT.exe
  2⤵
  PID:9396
- C:\Windows\System\fdlpuzK.exe
  C:\Windows\System\fdlpuzK.exe
  2⤵
  PID:9544
- C:\Windows\System\stEPrKR.exe
  C:\Windows\System\stEPrKR.exe
  2⤵
  PID:9676
- C:\Windows\System\vBFYuuv.exe
  C:\Windows\System\vBFYuuv.exe
  2⤵
  PID:396
- C:\Windows\System\yCkYiRC.exe
  C:\Windows\System\yCkYiRC.exe
  2⤵
  PID:9936
- C:\Windows\System\HrFlBdO.exe
  C:\Windows\System\HrFlBdO.exe
  2⤵
  PID:4952
- C:\Windows\System\OMKVLcQ.exe
  C:\Windows\System\OMKVLcQ.exe
  2⤵
  PID:10156
- C:\Windows\System\iSocJXP.exe
  C:\Windows\System\iSocJXP.exe
  2⤵
  PID:1092
- C:\Windows\System\jDPYgcs.exe
  C:\Windows\System\jDPYgcs.exe
  2⤵
  PID:3096
- C:\Windows\System\SwNeYoA.exe
  C:\Windows\System\SwNeYoA.exe
  2⤵
  PID:10020
- C:\Windows\System\CXsFDHz.exe
  C:\Windows\System\CXsFDHz.exe
  2⤵
  PID:552
- C:\Windows\System\KZnxHWw.exe
  C:\Windows\System\KZnxHWw.exe
  2⤵
  PID:1028
- C:\Windows\System\FRkYQGj.exe
  C:\Windows\System\FRkYQGj.exe
  2⤵
  PID:2088
- C:\Windows\System\sVdWUVp.exe
  C:\Windows\System\sVdWUVp.exe
  2⤵
  PID:4904
- C:\Windows\System\YPkYUdp.exe
  C:\Windows\System\YPkYUdp.exe
  2⤵
  PID:9376
- C:\Windows\System\wOERkCC.exe
  C:\Windows\System\wOERkCC.exe
  2⤵
  PID:10248
- C:\Windows\System\DopchOF.exe
  C:\Windows\System\DopchOF.exe
  2⤵
  PID:10292
- C:\Windows\System\RucoEVQ.exe
  C:\Windows\System\RucoEVQ.exe
  2⤵
  PID:10308
- C:\Windows\System\hwvAyjM.exe
  C:\Windows\System\hwvAyjM.exe
  2⤵
  PID:10348
- C:\Windows\System\nwZuHrA.exe
  C:\Windows\System\nwZuHrA.exe
  2⤵
  PID:10384
- C:\Windows\System\xEhMoRj.exe
  C:\Windows\System\xEhMoRj.exe
  2⤵
  PID:10404
- C:\Windows\System\xIiNxiT.exe
  C:\Windows\System\xIiNxiT.exe
  2⤵
  PID:10432
- C:\Windows\System\xFkvDqD.exe
  C:\Windows\System\xFkvDqD.exe
  2⤵
  PID:10460
- C:\Windows\System\eGCQuJw.exe
  C:\Windows\System\eGCQuJw.exe
  2⤵
  PID:10492
- C:\Windows\System\IoEwqEE.exe
  C:\Windows\System\IoEwqEE.exe
  2⤵
  PID:10520
- C:\Windows\System\SzoPNmZ.exe
  C:\Windows\System\SzoPNmZ.exe
  2⤵
  PID:10548
- C:\Windows\System\FsOirim.exe
  C:\Windows\System\FsOirim.exe
  2⤵
  PID:10580
- C:\Windows\System\ymVpdme.exe
  C:\Windows\System\ymVpdme.exe
  2⤵
  PID:10596
- C:\Windows\System\gIJqkVm.exe
  C:\Windows\System\gIJqkVm.exe
  2⤵
  PID:10636
- C:\Windows\System\SFtpSiY.exe
  C:\Windows\System\SFtpSiY.exe
  2⤵
  PID:10668
- C:\Windows\System\rAUSpUg.exe
  C:\Windows\System\rAUSpUg.exe
  2⤵
  PID:10696
- C:\Windows\System\SQzIoiW.exe
  C:\Windows\System\SQzIoiW.exe
  2⤵
  PID:10724
- C:\Windows\System\EbcRIsJ.exe
  C:\Windows\System\EbcRIsJ.exe
  2⤵
  PID:10752
- C:\Windows\System\VZGShFb.exe
  C:\Windows\System\VZGShFb.exe
  2⤵
  PID:10780
- C:\Windows\System\ufuamhV.exe
  C:\Windows\System\ufuamhV.exe
  2⤵
  PID:10808
- C:\Windows\System\dYIuKZq.exe
  C:\Windows\System\dYIuKZq.exe
  2⤵
  PID:10840
- C:\Windows\System\GIlLlBo.exe
  C:\Windows\System\GIlLlBo.exe
  2⤵
  PID:10868
- C:\Windows\System\GOQTyVU.exe
  C:\Windows\System\GOQTyVU.exe
  2⤵
  PID:10904
- C:\Windows\System\QKBnyLm.exe
  C:\Windows\System\QKBnyLm.exe
  2⤵
  PID:10932
- C:\Windows\System\AlAgovK.exe
  C:\Windows\System\AlAgovK.exe
  2⤵
  PID:10964
- C:\Windows\System\CuCwynq.exe
  C:\Windows\System\CuCwynq.exe
  2⤵
  PID:10992
- C:\Windows\System\ZrjoOTm.exe
  C:\Windows\System\ZrjoOTm.exe
  2⤵
  PID:11020
- C:\Windows\System\dklXPNI.exe
  C:\Windows\System\dklXPNI.exe
  2⤵
  PID:11048
- C:\Windows\System\cUWwJQj.exe
  C:\Windows\System\cUWwJQj.exe
  2⤵
  PID:11076
- C:\Windows\System\KMDpUPw.exe
  C:\Windows\System\KMDpUPw.exe
  2⤵
  PID:11104
- C:\Windows\System\ORgKpuE.exe
  C:\Windows\System\ORgKpuE.exe
  2⤵
  PID:11132
- C:\Windows\System\QZlkoSc.exe
  C:\Windows\System\QZlkoSc.exe
  2⤵
  PID:11164
- C:\Windows\System\OiQicDy.exe
  C:\Windows\System\OiQicDy.exe
  2⤵
  PID:11192
- C:\Windows\System\oYUimTX.exe
  C:\Windows\System\oYUimTX.exe
  2⤵
  PID:11220
- C:\Windows\System\JxJjBZD.exe
  C:\Windows\System\JxJjBZD.exe
  2⤵
  PID:11248
- C:\Windows\System\xxVcyhz.exe
  C:\Windows\System\xxVcyhz.exe
  2⤵
  PID:3320
- C:\Windows\System\zEbpKra.exe
  C:\Windows\System\zEbpKra.exe
  2⤵
  PID:10320
- C:\Windows\System\GUzXkTT.exe
  C:\Windows\System\GUzXkTT.exe
  2⤵
  PID:10392
- C:\Windows\System\CrwvxMB.exe
  C:\Windows\System\CrwvxMB.exe
  2⤵
  PID:10444
- C:\Windows\System\ExsvEVN.exe
  C:\Windows\System\ExsvEVN.exe
  2⤵
  PID:10472
- C:\Windows\System\dauRCxj.exe
  C:\Windows\System\dauRCxj.exe
  2⤵
  PID:10568
- C:\Windows\System\tUSYeeI.exe
  C:\Windows\System\tUSYeeI.exe
  2⤵
  PID:10616
- C:\Windows\System\irpAhUc.exe
  C:\Windows\System\irpAhUc.exe
  2⤵
  PID:10680
- C:\Windows\System\pbImlFm.exe
  C:\Windows\System\pbImlFm.exe
  2⤵
  PID:10744
- C:\Windows\System\JrGoIFx.exe
  C:\Windows\System\JrGoIFx.exe
  2⤵
  PID:10792
- C:\Windows\System\gNbkjsr.exe
  C:\Windows\System\gNbkjsr.exe
  2⤵
  PID:4492
- C:\Windows\System\McNWzBi.exe
  C:\Windows\System\McNWzBi.exe
  2⤵
  PID:4400
- C:\Windows\System\mwNKUlh.exe
  C:\Windows\System\mwNKUlh.exe
  2⤵
  PID:10920
- C:\Windows\System\ngshiCG.exe
  C:\Windows\System\ngshiCG.exe
  2⤵
  PID:528
- C:\Windows\System\OmzOjkd.exe
  C:\Windows\System\OmzOjkd.exe
  2⤵
  PID:3664
- C:\Windows\System\OSNLeBa.exe
  C:\Windows\System\OSNLeBa.exe
  2⤵
  PID:11088
- C:\Windows\System\yWQlHtm.exe
  C:\Windows\System\yWQlHtm.exe
  2⤵
  PID:11144
- C:\Windows\System\gijxoLz.exe
  C:\Windows\System\gijxoLz.exe
  2⤵
  PID:11204
- C:\Windows\System\wIAzLOT.exe
  C:\Windows\System\wIAzLOT.exe
  2⤵
  PID:11260
- C:\Windows\System\pPwVwRW.exe
  C:\Windows\System\pPwVwRW.exe
  2⤵
  PID:10360
- C:\Windows\System\GDDPOeU.exe
  C:\Windows\System\GDDPOeU.exe
  2⤵
  PID:10532
- C:\Windows\System\NPCJiQx.exe
  C:\Windows\System\NPCJiQx.exe
  2⤵
  PID:10708
- C:\Windows\System\GSbxtug.exe
  C:\Windows\System\GSbxtug.exe
  2⤵
  PID:10820
- C:\Windows\System\ufujnYs.exe
  C:\Windows\System\ufujnYs.exe
  2⤵
  PID:10888
- C:\Windows\System\qLmtxQJ.exe
  C:\Windows\System\qLmtxQJ.exe
  2⤵
  PID:4660
- C:\Windows\System\YAmpGZk.exe
  C:\Windows\System\YAmpGZk.exe
  2⤵
  PID:11184
- C:\Windows\System\miBkoaX.exe
  C:\Windows\System\miBkoaX.exe
  2⤵
  PID:10300
- C:\Windows\System\wermRJf.exe
  C:\Windows\System\wermRJf.exe
  2⤵
  PID:4388
- C:\Windows\System\EWAjQbb.exe
  C:\Windows\System\EWAjQbb.exe
  2⤵
  PID:2616
- C:\Windows\System\xiypkbS.exe
  C:\Windows\System\xiypkbS.exe
  2⤵
  PID:1512
- C:\Windows\System\FaLaBqy.exe
  C:\Windows\System\FaLaBqy.exe
  2⤵
  PID:1256
- C:\Windows\System\FnJonmC.exe
  C:\Windows\System\FnJonmC.exe
  2⤵
  PID:10828
- C:\Windows\System\YKzOnRB.exe
  C:\Windows\System\YKzOnRB.exe
  2⤵
  PID:10168
- C:\Windows\System\fCdfUYP.exe
  C:\Windows\System\fCdfUYP.exe
  2⤵
  PID:10428
- C:\Windows\System\CtUpMUC.exe
  C:\Windows\System\CtUpMUC.exe
  2⤵
  PID:10488
- C:\Windows\System\eIMTUQi.exe
  C:\Windows\System\eIMTUQi.exe
  2⤵
  PID:10228
- C:\Windows\System\hiLtfsu.exe
  C:\Windows\System\hiLtfsu.exe
  2⤵
  PID:11292
- C:\Windows\System\Ezafjxa.exe
  C:\Windows\System\Ezafjxa.exe
  2⤵
  PID:11320
- C:\Windows\System\jDLHULx.exe
  C:\Windows\System\jDLHULx.exe
  2⤵
  PID:11348
- C:\Windows\System\XpZtdym.exe
  C:\Windows\System\XpZtdym.exe
  2⤵
  PID:11376
- C:\Windows\System\BkoUGOE.exe
  C:\Windows\System\BkoUGOE.exe
  2⤵
  PID:11408
- C:\Windows\System\ACXpIRN.exe
  C:\Windows\System\ACXpIRN.exe
  2⤵
  PID:11436
- C:\Windows\System\VEpNAfp.exe
  C:\Windows\System\VEpNAfp.exe
  2⤵
  PID:11464
- C:\Windows\System\QVSTDot.exe
  C:\Windows\System\QVSTDot.exe
  2⤵
  PID:11496
- C:\Windows\System\SguRckI.exe
  C:\Windows\System\SguRckI.exe
  2⤵
  PID:11524
- C:\Windows\System\RGxvyWD.exe
  C:\Windows\System\RGxvyWD.exe
  2⤵
  PID:11552
- C:\Windows\System\vhXpRuw.exe
  C:\Windows\System\vhXpRuw.exe
  2⤵
  PID:11580
- C:\Windows\System\pjBmDls.exe
  C:\Windows\System\pjBmDls.exe
  2⤵
  PID:11608
- C:\Windows\System\sALVnCl.exe
  C:\Windows\System\sALVnCl.exe
  2⤵
  PID:11636
- C:\Windows\System\sJIXoMK.exe
  C:\Windows\System\sJIXoMK.exe
  2⤵
  PID:11664
- C:\Windows\System\gagXHkA.exe
  C:\Windows\System\gagXHkA.exe
  2⤵
  PID:11692
- C:\Windows\System\VNfiQQJ.exe
  C:\Windows\System\VNfiQQJ.exe
  2⤵
  PID:11720
- C:\Windows\System\pHYzzPP.exe
  C:\Windows\System\pHYzzPP.exe
  2⤵
  PID:11748
- C:\Windows\System\ZoWnPcR.exe
  C:\Windows\System\ZoWnPcR.exe
  2⤵
  PID:11776
- C:\Windows\System\cZSSbFB.exe
  C:\Windows\System\cZSSbFB.exe
  2⤵
  PID:11804
- C:\Windows\System\lOlJFHY.exe
  C:\Windows\System\lOlJFHY.exe
  2⤵
  PID:11832
- C:\Windows\System\TvUqAmY.exe
  C:\Windows\System\TvUqAmY.exe
  2⤵
  PID:11860
- C:\Windows\System\zIYlyhf.exe
  C:\Windows\System\zIYlyhf.exe
  2⤵
  PID:11888
- C:\Windows\System\RrhRfSe.exe
  C:\Windows\System\RrhRfSe.exe
  2⤵
  PID:11916
- C:\Windows\System\tXVkzfm.exe
  C:\Windows\System\tXVkzfm.exe
  2⤵
  PID:11944
- C:\Windows\System\fsebbox.exe
  C:\Windows\System\fsebbox.exe
  2⤵
  PID:11972
- C:\Windows\System\QzkiBtS.exe
  C:\Windows\System\QzkiBtS.exe
  2⤵
  PID:12000
- C:\Windows\System\OApGkmp.exe
  C:\Windows\System\OApGkmp.exe
  2⤵
  PID:12036
- C:\Windows\System\ijYJRwB.exe
  C:\Windows\System\ijYJRwB.exe
  2⤵
  PID:12064
- C:\Windows\System\zcXKxFH.exe
  C:\Windows\System\zcXKxFH.exe
  2⤵
  PID:12092
- C:\Windows\System\luhhfxj.exe
  C:\Windows\System\luhhfxj.exe
  2⤵
  PID:12120
- C:\Windows\System\WWcJwAy.exe
  C:\Windows\System\WWcJwAy.exe
  2⤵
  PID:12152
- C:\Windows\System\hpChPuC.exe
  C:\Windows\System\hpChPuC.exe
  2⤵
  PID:12180
- C:\Windows\System\ckvTtOd.exe
  C:\Windows\System\ckvTtOd.exe
  2⤵
  PID:12208
- C:\Windows\System\JpjEepO.exe
  C:\Windows\System\JpjEepO.exe
  2⤵
  PID:12236
- C:\Windows\System\vVWnYtv.exe
  C:\Windows\System\vVWnYtv.exe
  2⤵
  PID:12264
- C:\Windows\System\KlUqFRX.exe
  C:\Windows\System\KlUqFRX.exe
  2⤵
  PID:11280
- C:\Windows\System\rlKDuAd.exe
  C:\Windows\System\rlKDuAd.exe
  2⤵
  PID:11332
- C:\Windows\System\nALaFyQ.exe
  C:\Windows\System\nALaFyQ.exe
  2⤵
  PID:11368
- C:\Windows\System\jETKXFA.exe
  C:\Windows\System\jETKXFA.exe
  2⤵
  PID:11428
- C:\Windows\System\WFEtJsC.exe
  C:\Windows\System\WFEtJsC.exe
  2⤵
  PID:11492
- C:\Windows\System\HoYVCyg.exe
  C:\Windows\System\HoYVCyg.exe
  2⤵
  PID:11564
- C:\Windows\System\FusZgoC.exe
  C:\Windows\System\FusZgoC.exe
  2⤵
  PID:11628
- C:\Windows\System\Selkjlw.exe
  C:\Windows\System\Selkjlw.exe
  2⤵
  PID:11656
- C:\Windows\System\KWvBjIs.exe
  C:\Windows\System\KWvBjIs.exe
  2⤵
  PID:11716
- C:\Windows\System\owAJVjS.exe
  C:\Windows\System\owAJVjS.exe
  2⤵
  PID:11772
- C:\Windows\System\SfkHeGt.exe
  C:\Windows\System\SfkHeGt.exe
  2⤵
  PID:11848
- C:\Windows\System\KfRQBjX.exe
  C:\Windows\System\KfRQBjX.exe
  2⤵
  PID:11908
- C:\Windows\System\aUPfVnh.exe
  C:\Windows\System\aUPfVnh.exe
  2⤵
  PID:11968
- C:\Windows\System\kFuBdNV.exe
  C:\Windows\System\kFuBdNV.exe
  2⤵
  PID:12020
- C:\Windows\System\ncgLotJ.exe
  C:\Windows\System\ncgLotJ.exe
  2⤵
  PID:5104
- C:\Windows\System\ahprxVR.exe
  C:\Windows\System\ahprxVR.exe
  2⤵
  PID:12084
- C:\Windows\System\olCxFky.exe
  C:\Windows\System\olCxFky.exe
  2⤵
  PID:12148
- C:\Windows\System\ZcdTJci.exe
  C:\Windows\System\ZcdTJci.exe
  2⤵
  PID:12220
- C:\Windows\System\ItsxxIM.exe
  C:\Windows\System\ItsxxIM.exe
  2⤵
  PID:12284
- C:\Windows\System\jnyXisu.exe
  C:\Windows\System\jnyXisu.exe
  2⤵
  PID:11344
- C:\Windows\System\HgTIxcQ.exe
  C:\Windows\System\HgTIxcQ.exe
  2⤵
  PID:11488
- C:\Windows\System\eoDfnJl.exe
  C:\Windows\System\eoDfnJl.exe
  2⤵
  PID:1072
- C:\Windows\System\WckLiaF.exe
  C:\Windows\System\WckLiaF.exe
  2⤵
  PID:11760
- C:\Windows\System\UkfIknI.exe
  C:\Windows\System\UkfIknI.exe
  2⤵
  PID:11940
- C:\Windows\System\TeEgJnt.exe
  C:\Windows\System\TeEgJnt.exe
  2⤵
  PID:4720
- C:\Windows\System\LRbBHbx.exe
  C:\Windows\System\LRbBHbx.exe
  2⤵
  PID:12144
- C:\Windows\System\kvXrdiT.exe
  C:\Windows\System\kvXrdiT.exe
  2⤵
  PID:12280
- C:\Windows\System\uzDAlXd.exe
  C:\Windows\System\uzDAlXd.exe
  2⤵
  PID:11548
- C:\Windows\System\riWEhyl.exe
  C:\Windows\System\riWEhyl.exe
  2⤵
  PID:5012
- C:\Windows\System\aiIYFfC.exe
  C:\Windows\System\aiIYFfC.exe
  2⤵
  PID:12076
- C:\Windows\System\ThnAyUm.exe
  C:\Windows\System\ThnAyUm.exe
  2⤵
  PID:11460
- C:\Windows\System\ooBWhPy.exe
  C:\Windows\System\ooBWhPy.exe
  2⤵
  PID:2688
- C:\Windows\System\NytYJMb.exe
  C:\Windows\System\NytYJMb.exe
  2⤵
  PID:11884
- C:\Windows\System\oZXUGsB.exe
  C:\Windows\System\oZXUGsB.exe
  2⤵
  PID:12324
- C:\Windows\System\zarcXlY.exe
  C:\Windows\System\zarcXlY.exe
  2⤵
  PID:12340
- C:\Windows\System\SaaKqIo.exe
  C:\Windows\System\SaaKqIo.exe
  2⤵
  PID:12368
- C:\Windows\System\bbkzVJk.exe
  C:\Windows\System\bbkzVJk.exe
  2⤵
  PID:12396
- C:\Windows\System\SLOHGuB.exe
  C:\Windows\System\SLOHGuB.exe
  2⤵
  PID:12424
- C:\Windows\System\XFoMliD.exe
  C:\Windows\System\XFoMliD.exe
  2⤵
  PID:12452
- C:\Windows\System\PTopLCf.exe
  C:\Windows\System\PTopLCf.exe
  2⤵
  PID:12484
- C:\Windows\System\WdfOpXO.exe
  C:\Windows\System\WdfOpXO.exe
  2⤵
  PID:12520
- C:\Windows\System\CeVGShg.exe
  C:\Windows\System\CeVGShg.exe
  2⤵
  PID:12548
- C:\Windows\System\GJGhlLB.exe
  C:\Windows\System\GJGhlLB.exe
  2⤵
  PID:12576
- C:\Windows\System\xhPZmuj.exe
  C:\Windows\System\xhPZmuj.exe
  2⤵
  PID:12604
- C:\Windows\System\sATHLqJ.exe
  C:\Windows\System\sATHLqJ.exe
  2⤵
  PID:12632
- C:\Windows\System\TbbkgUk.exe
  C:\Windows\System\TbbkgUk.exe
  2⤵
  PID:12660
- C:\Windows\System\hMIVBcP.exe
  C:\Windows\System\hMIVBcP.exe
  2⤵
  PID:12688
- C:\Windows\System\THmwLMM.exe
  C:\Windows\System\THmwLMM.exe
  2⤵
  PID:12720
- C:\Windows\System\qUGesAI.exe
  C:\Windows\System\qUGesAI.exe
  2⤵
  PID:12748
- C:\Windows\System\JKXHjOO.exe
  C:\Windows\System\JKXHjOO.exe
  2⤵
  PID:12776
- C:\Windows\System\bHZTXbY.exe
  C:\Windows\System\bHZTXbY.exe
  2⤵
  PID:12804
- C:\Windows\System\IyKqowW.exe
  C:\Windows\System\IyKqowW.exe
  2⤵
  PID:12832
- C:\Windows\System\tiPrPsW.exe
  C:\Windows\System\tiPrPsW.exe
  2⤵
  PID:12860
- C:\Windows\System\YWGLeOC.exe
  C:\Windows\System\YWGLeOC.exe
  2⤵
  PID:12888
- C:\Windows\System\tNQtHDs.exe
  C:\Windows\System\tNQtHDs.exe
  2⤵
  PID:12916
- C:\Windows\System\abJudmH.exe
  C:\Windows\System\abJudmH.exe
  2⤵
  PID:12944
- C:\Windows\System\Ilufijc.exe
  C:\Windows\System\Ilufijc.exe
  2⤵
  PID:12972
- C:\Windows\System\KbdPhwv.exe
  C:\Windows\System\KbdPhwv.exe
  2⤵
  PID:13000
- C:\Windows\System\lyZuXMd.exe
  C:\Windows\System\lyZuXMd.exe
  2⤵
  PID:13040
- C:\Windows\System\PlRtPcU.exe
  C:\Windows\System\PlRtPcU.exe
  2⤵
  PID:13056
- C:\Windows\System\IpFQvbG.exe
  C:\Windows\System\IpFQvbG.exe
  2⤵
  PID:13084
- C:\Windows\System\aBcnZnJ.exe
  C:\Windows\System\aBcnZnJ.exe
  2⤵
  PID:13112
- C:\Windows\System\ZKwUQQP.exe
  C:\Windows\System\ZKwUQQP.exe
  2⤵
  PID:13140
- C:\Windows\System\OqZWQGG.exe
  C:\Windows\System\OqZWQGG.exe
  2⤵
  PID:13168
- C:\Windows\System\DBolkry.exe
  C:\Windows\System\DBolkry.exe
  2⤵
  PID:13196
- C:\Windows\System\EhNfpvn.exe
  C:\Windows\System\EhNfpvn.exe
  2⤵
  PID:13224
- C:\Windows\System\DxmMSUQ.exe
  C:\Windows\System\DxmMSUQ.exe
  2⤵
  PID:13252
- C:\Windows\System\pcFSkiw.exe
  C:\Windows\System\pcFSkiw.exe
  2⤵
  PID:13280
- C:\Windows\System\ZjkSEvJ.exe
  C:\Windows\System\ZjkSEvJ.exe
  2⤵
  PID:13308
- C:\Windows\System\yuJbwUT.exe
  C:\Windows\System\yuJbwUT.exe
  2⤵
  PID:12332
- C:\Windows\System\aVJzslx.exe
  C:\Windows\System\aVJzslx.exe
  2⤵
  PID:12392
- C:\Windows\System\PxRuOzz.exe
  C:\Windows\System\PxRuOzz.exe
  2⤵
  PID:12468
- C:\Windows\System\QNMDXgS.exe
  C:\Windows\System\QNMDXgS.exe
  2⤵
  PID:12512
- C:\Windows\System\RnArdUc.exe
  C:\Windows\System\RnArdUc.exe
  2⤵
  PID:12568
- C:\Windows\System\HasxnbD.exe
  C:\Windows\System\HasxnbD.exe
  2⤵
  PID:12628
- C:\Windows\System\nbOztXy.exe
  C:\Windows\System\nbOztXy.exe
  2⤵
  PID:12684
- C:\Windows\System\fubDXVL.exe
  C:\Windows\System\fubDXVL.exe
  2⤵
  PID:12760
- C:\Windows\System\DzXrstH.exe
  C:\Windows\System\DzXrstH.exe
  2⤵
  PID:12828
- C:\Windows\System\VnGsRZw.exe
  C:\Windows\System\VnGsRZw.exe
  2⤵
  PID:12900
- C:\Windows\System\ILRdFBn.exe
  C:\Windows\System\ILRdFBn.exe
  2⤵
  PID:12964
- C:\Windows\System\wGMKgiD.exe
  C:\Windows\System\wGMKgiD.exe
  2⤵
  PID:13036
- C:\Windows\System\ttFfifG.exe
  C:\Windows\System\ttFfifG.exe
  2⤵
  PID:13096
- C:\Windows\System\RmMdswV.exe
  C:\Windows\System\RmMdswV.exe
  2⤵
  PID:13160
- C:\Windows\System\DNlnFpk.exe
  C:\Windows\System\DNlnFpk.exe
  2⤵
  PID:13220
- C:\Windows\System\qkbdpDg.exe
  C:\Windows\System\qkbdpDg.exe
  2⤵
  PID:13272
- C:\Windows\System\Fycjtox.exe
  C:\Windows\System\Fycjtox.exe
  2⤵
  PID:2416
- C:\Windows\System\fqDmtNv.exe
  C:\Windows\System\fqDmtNv.exe
  2⤵
  PID:12420
- C:\Windows\System\lJaWXlq.exe
  C:\Windows\System\lJaWXlq.exe
  2⤵
  PID:12544
- C:\Windows\System\uqZQLRo.exe
  C:\Windows\System\uqZQLRo.exe
  2⤵
  PID:12680
- C:\Windows\System\lGvzHgY.exe
  C:\Windows\System\lGvzHgY.exe
  2⤵
  PID:12872
- C:\Windows\System\WktotiX.exe
  C:\Windows\System\WktotiX.exe
  2⤵
  PID:13012
- C:\Windows\System\LOGcFIq.exe
  C:\Windows\System\LOGcFIq.exe
  2⤵
  PID:13124
- C:\Windows\System\AUOmcqm.exe
  C:\Windows\System\AUOmcqm.exe
  2⤵
  PID:4940
- C:\Windows\System\dpJKUbb.exe
  C:\Windows\System\dpJKUbb.exe
  2⤵
  PID:12956
- C:\Windows\System\kMdjXfV.exe
  C:\Windows\System\kMdjXfV.exe
  2⤵
  PID:13292
- C:\Windows\System\GAxVeUI.exe
  C:\Windows\System\GAxVeUI.exe
  2⤵
  PID:13192
- C:\Windows\System\NyHOUPJ.exe
  C:\Windows\System\NyHOUPJ.exe
  2⤵
  PID:13320
- C:\Windows\System\rTdrcWw.exe
  C:\Windows\System\rTdrcWw.exe
  2⤵
  PID:13348
- C:\Windows\System\LoysyxI.exe
  C:\Windows\System\LoysyxI.exe
  2⤵
  PID:13376
- C:\Windows\System\uIPhOMt.exe
  C:\Windows\System\uIPhOMt.exe
  2⤵
  PID:13404
- C:\Windows\System\EyahdZn.exe
  C:\Windows\System\EyahdZn.exe
  2⤵
  PID:13432
- C:\Windows\System\kpVSHxO.exe
  C:\Windows\System\kpVSHxO.exe
  2⤵
  PID:13460
- C:\Windows\System\AsXnFRV.exe
  C:\Windows\System\AsXnFRV.exe
  2⤵
  PID:13488
- C:\Windows\System\SLEewjm.exe
  C:\Windows\System\SLEewjm.exe
  2⤵
  PID:13520
- C:\Windows\System\YqzmfFE.exe
  C:\Windows\System\YqzmfFE.exe
  2⤵
  PID:13548
- C:\Windows\System\rmgJGYd.exe
  C:\Windows\System\rmgJGYd.exe
  2⤵
  PID:13576
- C:\Windows\System\pMzPnAa.exe
  C:\Windows\System\pMzPnAa.exe
  2⤵
  PID:13604
- C:\Windows\System\ySCerox.exe
  C:\Windows\System\ySCerox.exe
  2⤵
  PID:13632
- C:\Windows\System\bNcKcnM.exe
  C:\Windows\System\bNcKcnM.exe
  2⤵
  PID:13660
- C:\Windows\System\DtsEYLe.exe
  C:\Windows\System\DtsEYLe.exe
  2⤵
  PID:13688
- C:\Windows\System\FRnJoXQ.exe
  C:\Windows\System\FRnJoXQ.exe
  2⤵
  PID:13720
- C:\Windows\System\IoLmSpI.exe
  C:\Windows\System\IoLmSpI.exe
  2⤵
  PID:13756
- C:\Windows\System\sZOsGOo.exe
  C:\Windows\System\sZOsGOo.exe
  2⤵
  PID:13800
- C:\Windows\System\mynSjYf.exe
  C:\Windows\System\mynSjYf.exe
  2⤵
  PID:13844
- C:\Windows\System\ZOERQyZ.exe
  C:\Windows\System\ZOERQyZ.exe
  2⤵
  PID:13884
- C:\Windows\System\CDdqSEt.exe
  C:\Windows\System\CDdqSEt.exe
  2⤵
  PID:13944
- C:\Windows\System\rGJBkMp.exe
  C:\Windows\System\rGJBkMp.exe
  2⤵
  PID:13976
- C:\Windows\System\SbdGtWj.exe
  C:\Windows\System\SbdGtWj.exe
  2⤵
  PID:14012
- C:\Windows\System\RcxaDfK.exe
  C:\Windows\System\RcxaDfK.exe
  2⤵
  PID:14028
- C:\Windows\System\YlHWefi.exe
  C:\Windows\System\YlHWefi.exe
  2⤵
  PID:14048
- C:\Windows\System\sFnSVkP.exe
  C:\Windows\System\sFnSVkP.exe
  2⤵
  PID:14100
- C:\Windows\System\AcYByDh.exe
  C:\Windows\System\AcYByDh.exe
  2⤵
  PID:14172
- C:\Windows\System\HqfeMcI.exe
  C:\Windows\System\HqfeMcI.exe
  2⤵
  PID:14204
- C:\Windows\System\uUvSrLc.exe
  C:\Windows\System\uUvSrLc.exe
  2⤵
  PID:14248
- C:\Windows\System\PitWAzB.exe
  C:\Windows\System\PitWAzB.exe
  2⤵
  PID:14276
- C:\Windows\System\KOQYJuy.exe
  C:\Windows\System\KOQYJuy.exe
  2⤵
  PID:14320
- C:\Windows\System\RDKCTmb.exe
  C:\Windows\System\RDKCTmb.exe
  2⤵
  PID:13360
- C:\Windows\System\zOiNVcW.exe
  C:\Windows\System\zOiNVcW.exe
  2⤵
  PID:13444
- C:\Windows\System\StwvXLC.exe
  C:\Windows\System\StwvXLC.exe
  2⤵
  PID:13504
- C:\Windows\System\lpIpSwk.exe
  C:\Windows\System\lpIpSwk.exe
  2⤵
  PID:13540
- C:\Windows\System\giJCCcU.exe
  C:\Windows\System\giJCCcU.exe
  2⤵
  PID:13596
- C:\Windows\System\URWEWGv.exe
  C:\Windows\System\URWEWGv.exe
  2⤵
  PID:6212
- C:\Windows\System\KONlJkG.exe
  C:\Windows\System\KONlJkG.exe
  2⤵
  PID:6280
- C:\Windows\System\TUyCJPf.exe
  C:\Windows\System\TUyCJPf.exe
  2⤵
  PID:13940
- C:\Windows\System\YaOYhpn.exe
  C:\Windows\System\YaOYhpn.exe
  2⤵
  PID:6464
- C:\Windows\System\OvYgFaX.exe
  C:\Windows\System\OvYgFaX.exe
  2⤵
  PID:14040
- C:\Windows\System\zLHpzCI.exe
  C:\Windows\System\zLHpzCI.exe
  2⤵
  PID:760
- C:\Windows\System\rHhvKwl.exe
  C:\Windows\System\rHhvKwl.exe
  2⤵
  PID:6592
- C:\Windows\System\dlKmMwa.exe
  C:\Windows\System\dlKmMwa.exe
  2⤵
  PID:14148
- C:\Windows\System\QAcVzhj.exe
  C:\Windows\System\QAcVzhj.exe
  2⤵
  PID:6828
- C:\Windows\System\bdshDCD.exe
  C:\Windows\System\bdshDCD.exe
  2⤵
  PID:232
- C:\Windows\System\YzEiuqt.exe
  C:\Windows\System\YzEiuqt.exe
  2⤵
  PID:14160
- C:\Windows\System\jDSXfAW.exe
  C:\Windows\System\jDSXfAW.exe
  2⤵
  PID:6912
- C:\Windows\System\jnozAKZ.exe
  C:\Windows\System\jnozAKZ.exe
  2⤵
  PID:7040
- C:\Windows\System\JnlIeAW.exe
  C:\Windows\System\JnlIeAW.exe
  2⤵
  PID:7096
- C:\Windows\System\rkGpJVd.exe
  C:\Windows\System\rkGpJVd.exe
  2⤵
  PID:1520
- C:\Windows\System\kWrxCiH.exe
  C:\Windows\System\kWrxCiH.exe
  2⤵
  PID:4276
- C:\Windows\System\TVYOeOE.exe
  C:\Windows\System\TVYOeOE.exe
  2⤵
  PID:13340
- C:\Windows\System\lcnAsUe.exe
  C:\Windows\System\lcnAsUe.exe
  2⤵
  PID:6308
- C:\Windows\System\uiciUlh.exe
  C:\Windows\System\uiciUlh.exe
  2⤵
  PID:6056
- C:\Windows\System\XeHACTI.exe
  C:\Windows\System\XeHACTI.exe
  2⤵
  PID:2676
- C:\Windows\System\fpQIKtN.exe
  C:\Windows\System\fpQIKtN.exe
  2⤵
  PID:13400
- C:\Windows\System\TYZIxBz.exe
  C:\Windows\System\TYZIxBz.exe
  2⤵
  PID:4028
- C:\Windows\System\LPAeegS.exe
  C:\Windows\System\LPAeegS.exe
  2⤵
  PID:3500
- C:\Windows\System\PTQNhKQ.exe
  C:\Windows\System\PTQNhKQ.exe
  2⤵
  PID:3100
- C:\Windows\System\uTDrKtC.exe
  C:\Windows\System\uTDrKtC.exe
  2⤵
  PID:13680
- C:\Windows\System\cPyPACK.exe
  C:\Windows\System\cPyPACK.exe
  2⤵
  PID:13332
- C:\Windows\System\VbkgOYk.exe
  C:\Windows\System\VbkgOYk.exe
  2⤵
  PID:13512
- C:\Windows\System\OUrltZO.exe
  C:\Windows\System\OUrltZO.exe
  2⤵
  PID:7008
- C:\Windows\System\KUYIWeC.exe
  C:\Windows\System\KUYIWeC.exe
  2⤵
  PID:5728
- C:\Windows\System\zSDlvHj.exe
  C:\Windows\System\zSDlvHj.exe
  2⤵
  PID:6480
- C:\Windows\System\KrVQvIa.exe
  C:\Windows\System\KrVQvIa.exe
  2⤵
  PID:7216
- C:\Windows\System\KuDZsnh.exe
  C:\Windows\System\KuDZsnh.exe
  2⤵
  PID:7284
- C:\Windows\System\CIFzEfF.exe
  C:\Windows\System\CIFzEfF.exe
  2⤵
  PID:7412
- C:\Windows\System\umReLIT.exe
  C:\Windows\System\umReLIT.exe
  2⤵
  PID:3092
- C:\Windows\System\rHzYBAc.exe
  C:\Windows\System\rHzYBAc.exe
  2⤵
  PID:4352
- C:\Windows\System\pBuozOG.exe
  C:\Windows\System\pBuozOG.exe
  2⤵
  PID:3960
- C:\Windows\System\mHmGcsD.exe
  C:\Windows\System\mHmGcsD.exe
  2⤵
  PID:3740
- C:\Windows\System\AyazBFP.exe
  C:\Windows\System\AyazBFP.exe
  2⤵
  PID:4500
- C:\Windows\System\IbQaMKa.exe
  C:\Windows\System\IbQaMKa.exe
  2⤵
  PID:2420
- C:\Windows\System\SSqkcWP.exe
  C:\Windows\System\SSqkcWP.exe
  2⤵
  PID:6380
- C:\Windows\System\LcHYNYK.exe
  C:\Windows\System\LcHYNYK.exe
  2⤵
  PID:14000
- C:\Windows\System\xzxYXoq.exe
  C:\Windows\System\xzxYXoq.exe
  2⤵
  PID:14096
- C:\Windows\System\hTTxwjg.exe
  C:\Windows\System\hTTxwjg.exe
  2⤵
  PID:14108
- C:\Windows\System\YfavJGn.exe
  C:\Windows\System\YfavJGn.exe
  2⤵
  PID:14164
- C:\Windows\System\ysgYanh.exe
  C:\Windows\System\ysgYanh.exe
  2⤵
  PID:848
- C:\Windows\System\ANUxItZ.exe
  C:\Windows\System\ANUxItZ.exe
  2⤵
  PID:1852
- C:\Windows\System\SggsNyf.exe
  C:\Windows\System\SggsNyf.exe
  2⤵
  PID:3152
- C:\Windows\System\prPXoSP.exe
  C:\Windows\System\prPXoSP.exe
  2⤵
  PID:4448
- C:\Windows\System\EecsaxC.exe
  C:\Windows\System\EecsaxC.exe
  2⤵
  PID:6440
- C:\Windows\System\GngBvjC.exe
  C:\Windows\System\GngBvjC.exe
  2⤵
  PID:2076
- C:\Windows\System\SvyGXLN.exe
  C:\Windows\System\SvyGXLN.exe
  2⤵
  PID:2708
- C:\Windows\System\xoHBBTp.exe
  C:\Windows\System\xoHBBTp.exe
  2⤵
  PID:5060
- C:\Windows\System\TzJTGxJ.exe
  C:\Windows\System\TzJTGxJ.exe
  2⤵
  PID:13532
- C:\Windows\System\ypLoBzr.exe
  C:\Windows\System\ypLoBzr.exe
  2⤵
  PID:7984
- C:\Windows\System\WSQyWMi.exe
  C:\Windows\System\WSQyWMi.exe
  2⤵
  PID:13484
- C:\Windows\System\GJMrHpH.exe
  C:\Windows\System\GJMrHpH.exe
  2⤵
  PID:7036
- C:\Windows\System\aFdeJVH.exe
  C:\Windows\System\aFdeJVH.exe
  2⤵
  PID:6548
- C:\Windows\System\FklKzGW.exe
  C:\Windows\System\FklKzGW.exe
  2⤵
  PID:7256
- C:\Windows\System\PJGQxmI.exe
  C:\Windows\System\PJGQxmI.exe
  2⤵
  PID:8144
- C:\Windows\System\cixPgrC.exe
  C:\Windows\System\cixPgrC.exe
  2⤵
  PID:4484
- C:\Windows\System\yBeQhfX.exe
  C:\Windows\System\yBeQhfX.exe
  2⤵
  PID:3748
- C:\Windows\System\vcWWqHX.exe
  C:\Windows\System\vcWWqHX.exe
  2⤵
  PID:364
- C:\Windows\System\OPEAUFL.exe
  C:\Windows\System\OPEAUFL.exe
  2⤵
  PID:13796
- C:\Windows\System\HtBUKwt.exe
  C:\Windows\System\HtBUKwt.exe
  2⤵
  PID:14024
- C:\Windows\System\hERVSMo.exe
  C:\Windows\System\hERVSMo.exe
  2⤵
  PID:6660
- C:\Windows\System\wvivUVu.exe
  C:\Windows\System\wvivUVu.exe
  2⤵
  PID:14188
- C:\Windows\System\pdIdOQb.exe
  C:\Windows\System\pdIdOQb.exe
  2⤵
  PID:7108
- C:\Windows\System\FXwWkoP.exe
  C:\Windows\System\FXwWkoP.exe
  2⤵
  PID:2884
- C:\Windows\System\TEObrys.exe
  C:\Windows\System\TEObrys.exe
  2⤵
  PID:5020
- C:\Windows\System\cVtrOUX.exe
  C:\Windows\System\cVtrOUX.exe
  2⤵
  PID:5344
- C:\Windows\System\vYjVtwI.exe
  C:\Windows\System\vYjVtwI.exe
  2⤵
  PID:6164
- C:\Windows\System\UHnYpyZ.exe
  C:\Windows\System\UHnYpyZ.exe
  2⤵
  PID:732
- C:\Windows\System\cqfkyry.exe
  C:\Windows\System\cqfkyry.exe
  2⤵
  PID:5496
- C:\Windows\System\fpdmoyR.exe
  C:\Windows\System\fpdmoyR.exe
  2⤵
  PID:5540
- C:\Windows\System\veXcEMr.exe
  C:\Windows\System\veXcEMr.exe
  2⤵
  PID:5580
- C:\Windows\System\cnZIyqD.exe
  C:\Windows\System\cnZIyqD.exe
  2⤵
  PID:6996
- C:\Windows\System\hbChXoI.exe
  C:\Windows\System\hbChXoI.exe
  2⤵
  PID:6196
- C:\Windows\System\AfAVnAx.exe
  C:\Windows\System\AfAVnAx.exe
  2⤵
  PID:5112
- C:\Windows\System\GBzGOHm.exe
  C:\Windows\System\GBzGOHm.exe
  2⤵
  PID:5428
- C:\Windows\System\xNUFkpt.exe
  C:\Windows\System\xNUFkpt.exe
  2⤵
  PID:5512
- C:\Windows\System\vGLrNpX.exe
  C:\Windows\System\vGLrNpX.exe
  2⤵
  PID:6604
- C:\Windows\System\HyApsdn.exe
  C:\Windows\System\HyApsdn.exe
  2⤵
  PID:4524
- C:\Windows\System\laiKmup.exe
  C:\Windows\System\laiKmup.exe
  2⤵
  PID:5888
- C:\Windows\System\zfXcEpL.exe
  C:\Windows\System\zfXcEpL.exe
  2⤵
  PID:5288
- C:\Windows\System\MIducWJ.exe
  C:\Windows\System\MIducWJ.exe
  2⤵
  PID:5596
- C:\Windows\System\VtYxmeU.exe
  C:\Windows\System\VtYxmeU.exe
  2⤵
  PID:5216
- C:\Windows\System\tZOwmLi.exe
  C:\Windows\System\tZOwmLi.exe
  2⤵
  PID:6016
- C:\Windows\System\dOXelUF.exe
  C:\Windows\System\dOXelUF.exe
  2⤵
  PID:7052
- C:\Windows\System\CkrosBc.exe
  C:\Windows\System\CkrosBc.exe
  2⤵
  PID:5016
- C:\Windows\System\goSueoI.exe
  C:\Windows\System\goSueoI.exe
  2⤵
  PID:6100
- C:\Windows\System\sUGHYXa.exe
  C:\Windows\System\sUGHYXa.exe
  2⤵
  PID:5944
- C:\Windows\System\HNqwtOf.exe
  C:\Windows\System\HNqwtOf.exe
  2⤵
  PID:14356
- C:\Windows\System\MfdnCmJ.exe
  C:\Windows\System\MfdnCmJ.exe
  2⤵
  PID:14384
- C:\Windows\System\mYPvdAf.exe
  C:\Windows\System\mYPvdAf.exe
  2⤵
  PID:14412
- C:\Windows\System\wzRzkAv.exe
  C:\Windows\System\wzRzkAv.exe
  2⤵
  PID:14440
- C:\Windows\System\xLnleue.exe
  C:\Windows\System\xLnleue.exe
  2⤵
  PID:14468
- C:\Windows\System\VtYynBT.exe
  C:\Windows\System\VtYynBT.exe
  2⤵
  PID:14496
- C:\Windows\System\vnYsnnD.exe
  C:\Windows\System\vnYsnnD.exe
  2⤵
  PID:14524
- C:\Windows\System\cvnLNpb.exe
  C:\Windows\System\cvnLNpb.exe
  2⤵
  PID:14552
- C:\Windows\System\enDwvLy.exe
  C:\Windows\System\enDwvLy.exe
  2⤵
  PID:14580
- C:\Windows\System\DOPyMXD.exe
  C:\Windows\System\DOPyMXD.exe
  2⤵
  PID:14608
- C:\Windows\System\mZHraCu.exe
  C:\Windows\System\mZHraCu.exe
  2⤵
  PID:14636
- C:\Windows\System\ZJEZELQ.exe
  C:\Windows\System\ZJEZELQ.exe
  2⤵
  PID:14664
- C:\Windows\System\IIZeclI.exe
  C:\Windows\System\IIZeclI.exe
  2⤵
  PID:14692
- C:\Windows\System\bXURtgw.exe
  C:\Windows\System\bXURtgw.exe
  2⤵
  PID:14720
- C:\Windows\System\TiCvPfO.exe
  C:\Windows\System\TiCvPfO.exe
  2⤵
  PID:14748
- C:\Windows\System\lMmREHD.exe
  C:\Windows\System\lMmREHD.exe
  2⤵
  PID:14776
- C:\Windows\System\HHvDTfZ.exe
  C:\Windows\System\HHvDTfZ.exe
  2⤵
  PID:14804
- C:\Windows\System\yMjqZpu.exe
  C:\Windows\System\yMjqZpu.exe
  2⤵
  PID:14832
- C:\Windows\System\aYlbltq.exe
  C:\Windows\System\aYlbltq.exe
  2⤵
  PID:14864
- C:\Windows\System\WDRbALJ.exe
  C:\Windows\System\WDRbALJ.exe
  2⤵
  PID:14892
- C:\Windows\System\SYHmHTB.exe
  C:\Windows\System\SYHmHTB.exe
  2⤵
  PID:14920
- C:\Windows\System\ppIcbQS.exe
  C:\Windows\System\ppIcbQS.exe
  2⤵
  PID:14948
- C:\Windows\System\sicrYVK.exe
  C:\Windows\System\sicrYVK.exe
  2⤵
  PID:14976
- C:\Windows\System\jmaWJuU.exe
  C:\Windows\System\jmaWJuU.exe
  2⤵
  PID:15004
- C:\Windows\System\teOKotY.exe
  C:\Windows\System\teOKotY.exe
  2⤵
  PID:15032
- C:\Windows\System\wnMvHwt.exe
  C:\Windows\System\wnMvHwt.exe
  2⤵
  PID:15060
- C:\Windows\System\hgFugKc.exe
  C:\Windows\System\hgFugKc.exe
  2⤵
  PID:15088
- C:\Windows\System\MVUBrpx.exe
  C:\Windows\System\MVUBrpx.exe
  2⤵
  PID:15116
- C:\Windows\System\fwcMXjH.exe
  C:\Windows\System\fwcMXjH.exe
  2⤵
  PID:15156
- C:\Windows\System\JoVsUrF.exe
  C:\Windows\System\JoVsUrF.exe
  2⤵
  PID:15172
- C:\Windows\System\qLyrMkF.exe
  C:\Windows\System\qLyrMkF.exe
  2⤵
  PID:15200
- C:\Windows\System\iwHNZHC.exe
  C:\Windows\System\iwHNZHC.exe
  2⤵
  PID:15236
- C:\Windows\System\DRYVzkM.exe
  C:\Windows\System\DRYVzkM.exe
  2⤵
  PID:15256
- C:\Windows\System\vsNPFHo.exe
  C:\Windows\System\vsNPFHo.exe
  2⤵
  PID:15284
- C:\Windows\System\ZuKFodN.exe
  C:\Windows\System\ZuKFodN.exe
  2⤵
  PID:15312
- C:\Windows\System\iahOIVh.exe
  C:\Windows\System\iahOIVh.exe
  2⤵
  PID:15340
- C:\Windows\System\ozleWmz.exe
  C:\Windows\System\ozleWmz.exe
  2⤵
  PID:400
- C:\Windows\System\rvErAGr.exe
  C:\Windows\System\rvErAGr.exe
  2⤵
  PID:14396
- C:\Windows\System\BZnaAZN.exe
  C:\Windows\System\BZnaAZN.exe
  2⤵
  PID:14436
- C:\Windows\System\JpGcrdg.exe
  C:\Windows\System\JpGcrdg.exe
  2⤵
  PID:14488
- C:\Windows\System\ZmjLNXG.exe
  C:\Windows\System\ZmjLNXG.exe
  2⤵
  PID:14536
- C:\Windows\System\uRSxhAV.exe
  C:\Windows\System\uRSxhAV.exe
  2⤵
  PID:14576
- C:\Windows\System\DFaGNEv.exe
  C:\Windows\System\DFaGNEv.exe
  2⤵
  PID:5364
- C:\Windows\System\kTBexiS.exe
  C:\Windows\System\kTBexiS.exe
  2⤵
  PID:5424
- C:\Windows\System\RMbmNCl.exe
  C:\Windows\System\RMbmNCl.exe
  2⤵
  PID:14716
- C:\Windows\System\sxyenlQ.exe
  C:\Windows\System\sxyenlQ.exe
  2⤵
  PID:14744
- C:\Windows\System\rzfMQVr.exe
  C:\Windows\System\rzfMQVr.exe
  2⤵
  PID:14816
- C:\Windows\System\LhoHxMz.exe
  C:\Windows\System\LhoHxMz.exe
  2⤵
  PID:14860
- C:\Windows\System\VBWDLHG.exe
  C:\Windows\System\VBWDLHG.exe
  2⤵
  PID:14912
- C:\Windows\System\fqmjyrT.exe
  C:\Windows\System\fqmjyrT.exe
  2⤵
  PID:14960
- C:\Windows\System\pRvXIpU.exe
  C:\Windows\System\pRvXIpU.exe
  2⤵
  PID:15000
- C:\Windows\System\EOcgQMF.exe
  C:\Windows\System\EOcgQMF.exe
  2⤵
  PID:8848
- C:\Windows\System\LXEtitI.exe
  C:\Windows\System\LXEtitI.exe
  2⤵
  PID:15072
- C:\Windows\System\iTvqFEU.exe
  C:\Windows\System\iTvqFEU.exe
  2⤵
  PID:15108
- C:\Windows\System\FRewFAu.exe
  C:\Windows\System\FRewFAu.exe
  2⤵
  PID:4596
- C:\Windows\System\NkgWzlH.exe
  C:\Windows\System\NkgWzlH.exe
  2⤵
  PID:15192
- C:\Windows\System\HhkGoNE.exe
  C:\Windows\System\HhkGoNE.exe
  2⤵
  PID:5304
- C:\Windows\System\xeYNWzd.exe
  C:\Windows\System\xeYNWzd.exe
  2⤵
  PID:15296
- C:\Windows\System\ddBlbPB.exe
  C:\Windows\System\ddBlbPB.exe
  2⤵
  PID:15336
- C:\Windows\System\qJJQAiw.exe
  C:\Windows\System\qJJQAiw.exe
  2⤵
  PID:14852
- C:\Windows\System\IXMHsbb.exe
  C:\Windows\System\IXMHsbb.exe
  2⤵
  PID:14432
- C:\Windows\System\kjFLxsV.exe
  C:\Windows\System\kjFLxsV.exe
  2⤵
  PID:14520
- C:\Windows\System\UaLTRih.exe
  C:\Windows\System\UaLTRih.exe
  2⤵
  PID:5276
- C:\Windows\System\DtSGNHN.exe
  C:\Windows\System\DtSGNHN.exe
  2⤵
  PID:14704
- C:\Windows\System\EjaGydt.exe
  C:\Windows\System\EjaGydt.exe
  2⤵
  PID:5560
- C:\Windows\System\bIVKSaF.exe
  C:\Windows\System\bIVKSaF.exe
  2⤵
  PID:12388
- C:\Windows\System\fqMKfyC.exe
  C:\Windows\System\fqMKfyC.exe
  2⤵
  PID:13216
- C:\Windows\System\qtCHDrO.exe
  C:\Windows\System\qtCHDrO.exe
  2⤵
  PID:14844
- C:\Windows\System\nfuRvLM.exe
  C:\Windows\System\nfuRvLM.exe
  2⤵
  PID:6324
- C:\Windows\System\lzHozvk.exe
  C:\Windows\System\lzHozvk.exe
  2⤵
  PID:14996
- C:\Windows\System\shQZAgJ.exe
  C:\Windows\System\shQZAgJ.exe
  2⤵
  PID:15056
- C:\Windows\System\vnuqeXf.exe
  C:\Windows\System\vnuqeXf.exe
  2⤵
  PID:15152
- C:\Windows\System\TLQKZzA.exe
  C:\Windows\System\TLQKZzA.exe
  2⤵
  PID:9012
- C:\Windows\System\eQjDYHt.exe
  C:\Windows\System\eQjDYHt.exe
  2⤵
  PID:15280
- C:\Windows\System\GbnQXwe.exe
  C:\Windows\System\GbnQXwe.exe
  2⤵
  PID:14340
- C:\Windows\System\RXYPlLC.exe
  C:\Windows\System\RXYPlLC.exe
  2⤵
  PID:14480
- C:\Windows\System\osRocdn.exe
  C:\Windows\System\osRocdn.exe
  2⤵
  PID:12824
- C:\Windows\System\HvdTLeW.exe
  C:\Windows\System\HvdTLeW.exe
  2⤵
  PID:3660
- C:\Windows\System\sKVNpiw.exe
  C:\Windows\System\sKVNpiw.exe
  2⤵
  PID:8856
- C:\Windows\System\ipPmvNT.exe
  C:\Windows\System\ipPmvNT.exe
  2⤵
  PID:2888
- C:\Windows\System\CrbRDQp.exe
  C:\Windows\System\CrbRDQp.exe
  2⤵
  PID:15276
- C:\Windows\System\ErtUblg.exe
  C:\Windows\System\ErtUblg.exe
  2⤵
  PID:6840
- C:\Windows\System\JWJhCHY.exe
  C:\Windows\System\JWJhCHY.exe
  2⤵
  PID:5592
- C:\Windows\System\KirQhcG.exe
  C:\Windows\System\KirQhcG.exe
  2⤵
  PID:6080
- C:\Windows\System\VzfQnOw.exe
  C:\Windows\System\VzfQnOw.exe
  2⤵
  PID:6848
- C:\Windows\System\ypFmHux.exe
  C:\Windows\System\ypFmHux.exe
  2⤵
  PID:14968
- C:\Windows\System\SJIPvGR.exe
  C:\Windows\System\SJIPvGR.exe
  2⤵
  PID:13984
- C:\Windows\System\KhUeCNE.exe
  C:\Windows\System\KhUeCNE.exe
  2⤵
  PID:14352
- C:\Windows\System\EkZJZHV.exe
  C:\Windows\System\EkZJZHV.exe
  2⤵
  PID:15376
- C:\Windows\System\nDrgGwG.exe
  C:\Windows\System\nDrgGwG.exe
  2⤵
  PID:15408
- C:\Windows\System\aqVBPGp.exe
  C:\Windows\System\aqVBPGp.exe
  2⤵
  PID:15436
- C:\Windows\System\RBZmVRX.exe
  C:\Windows\System\RBZmVRX.exe
  2⤵
  PID:15464
- C:\Windows\System\ZxTmyrX.exe
  C:\Windows\System\ZxTmyrX.exe
  2⤵
  PID:15492
- C:\Windows\System\sfcIpXh.exe
  C:\Windows\System\sfcIpXh.exe
  2⤵
  PID:15520
- C:\Windows\System\UYzjaag.exe
  C:\Windows\System\UYzjaag.exe
  2⤵
  PID:15548
- C:\Windows\System\nGuaUlh.exe
  C:\Windows\System\nGuaUlh.exe
  2⤵
  PID:15580
- C:\Windows\System\JuAivvo.exe
  C:\Windows\System\JuAivvo.exe
  2⤵
  PID:15608
- C:\Windows\System\lljvMMm.exe
  C:\Windows\System\lljvMMm.exe
  2⤵
  PID:15636
- C:\Windows\System\ZHVjqEn.exe
  C:\Windows\System\ZHVjqEn.exe
  2⤵
  PID:15664
- C:\Windows\System\SCuydce.exe
  C:\Windows\System\SCuydce.exe
  2⤵
  PID:15692
- C:\Windows\System\yhjNpth.exe
  C:\Windows\System\yhjNpth.exe
  2⤵
  PID:15720
- C:\Windows\System\kEnIEPS.exe
  C:\Windows\System\kEnIEPS.exe
  2⤵
  PID:15748
- C:\Windows\System\RLKUiUu.exe
  C:\Windows\System\RLKUiUu.exe
  2⤵
  PID:15776
- C:\Windows\System\CwyPvcu.exe
  C:\Windows\System\CwyPvcu.exe
  2⤵
  PID:15808
- C:\Windows\System\GKmtfVU.exe
  C:\Windows\System\GKmtfVU.exe
  2⤵
  PID:15836
- C:\Windows\System\WslQDCT.exe
  C:\Windows\System\WslQDCT.exe
  2⤵
  PID:15864
- C:\Windows\System\zBpJYAc.exe
  C:\Windows\System\zBpJYAc.exe
  2⤵
  PID:15892
- C:\Windows\System\tlzAqTv.exe
  C:\Windows\System\tlzAqTv.exe
  2⤵
  PID:15948
- C:\Windows\System\AZSeQsP.exe
  C:\Windows\System\AZSeQsP.exe
  2⤵
  PID:15968
- C:\Windows\System\zLgZdLF.exe
  C:\Windows\System\zLgZdLF.exe
  2⤵
  PID:15996
- C:\Windows\System\aIbkwzL.exe
  C:\Windows\System\aIbkwzL.exe
  2⤵
  PID:16032
- C:\Windows\System\uRNZMbU.exe
  C:\Windows\System\uRNZMbU.exe
  2⤵
  PID:16068
- C:\Windows\System\benyMhw.exe
  C:\Windows\System\benyMhw.exe
  2⤵
  PID:16096
- C:\Windows\System\SQJziUw.exe
  C:\Windows\System\SQJziUw.exe
  2⤵
  PID:16112
- C:\Windows\System\xnxssmG.exe
  C:\Windows\System\xnxssmG.exe
  2⤵
  PID:16140
- C:\Windows\System\rpNKjmO.exe
  C:\Windows\System\rpNKjmO.exe
  2⤵
  PID:16168
- C:\Windows\System\HigqPfK.exe
  C:\Windows\System\HigqPfK.exe
  2⤵
  PID:16196
- C:\Windows\System\ZUMwzTa.exe
  C:\Windows\System\ZUMwzTa.exe
  2⤵
  PID:16224
- C:\Windows\System\AfsbTak.exe
  C:\Windows\System\AfsbTak.exe
  2⤵
  PID:16300
- C:\Windows\System\TbZKszh.exe
  C:\Windows\System\TbZKszh.exe
  2⤵
  PID:16344
- C:\Windows\System\vBFkEAj.exe
  C:\Windows\System\vBFkEAj.exe
  2⤵
  PID:16360
- C:\Windows\System\rQKAzYL.exe
  C:\Windows\System\rQKAzYL.exe
  2⤵
  PID:4248
- C:\Windows\System\xIueHWS.exe
  C:\Windows\System\xIueHWS.exe
  2⤵
  PID:15420
- C:\Windows\System\mMJzgmm.exe
  C:\Windows\System\mMJzgmm.exe
  2⤵
  PID:15476
- C:\Windows\System\OockqYu.exe
  C:\Windows\System\OockqYu.exe
  2⤵
  PID:2492
- C:\Windows\System\aszLHSP.exe
  C:\Windows\System\aszLHSP.exe
  2⤵
  PID:15656
- C:\Windows\System\qDSskDx.exe
  C:\Windows\System\qDSskDx.exe
  2⤵
  PID:15688
- C:\Windows\System\yKpfKVE.exe
  C:\Windows\System\yKpfKVE.exe
  2⤵
  PID:15760
- C:\Windows\System\bjaqXPW.exe
  C:\Windows\System\bjaqXPW.exe
  2⤵
  PID:15820
- C:\Windows\System\DWBiLNA.exe
  C:\Windows\System\DWBiLNA.exe
  2⤵
  PID:15904
- C:\Windows\System\GXFfILc.exe
  C:\Windows\System\GXFfILc.exe
  2⤵
  PID:15980
- C:\Windows\System\tRpOueE.exe
  C:\Windows\System\tRpOueE.exe
  2⤵
  PID:6752
- C:\Windows\System\ZfRXXBI.exe
  C:\Windows\System\ZfRXXBI.exe
  2⤵
  PID:16056
- C:\Windows\System\YUZBNGy.exe
  C:\Windows\System\YUZBNGy.exe
  2⤵
  PID:15576
- C:\Windows\System\gmjmQah.exe
  C:\Windows\System\gmjmQah.exe
  2⤵
  PID:16160
- C:\Windows\System\SboKlCl.exe
  C:\Windows\System\SboKlCl.exe
  2⤵
  PID:16288
- C:\Windows\System\gTZxjvi.exe
  C:\Windows\System\gTZxjvi.exe
  2⤵
  PID:16316
- C:\Windows\System\XHQvHNN.exe
  C:\Windows\System\XHQvHNN.exe
  2⤵
  PID:16380
- C:\Windows\System\UJLKCst.exe
  C:\Windows\System\UJLKCst.exe
  2⤵
  PID:15432
- C:\Windows\System\ndZhmYH.exe
  C:\Windows\System\ndZhmYH.exe
  2⤵
  PID:15544
- C:\Windows\System\WCDFggQ.exe
  C:\Windows\System\WCDFggQ.exe
  2⤵
  PID:15600
- C:\Windows\System\FoKWHUT.exe
  C:\Windows\System\FoKWHUT.exe
  2⤵
  PID:15744
- C:\Windows\System\YOblxmH.exe
  C:\Windows\System\YOblxmH.exe
  2⤵
  PID:15936
- C:\Windows\System\SfhOHaM.exe
  C:\Windows\System\SfhOHaM.exe
  2⤵
  PID:15956
- C:\Windows\System\gzkrVIT.exe
  C:\Windows\System\gzkrVIT.exe
  2⤵
  PID:16008
- C:\Windows\System\kAMtpSf.exe
  C:\Windows\System\kAMtpSf.exe
  2⤵
  PID:16108
- C:\Windows\System\waCPdTa.exe
  C:\Windows\System\waCPdTa.exe
  2⤵
  PID:16188
- C:\Windows\System\ocdiUay.exe
  C:\Windows\System\ocdiUay.exe
  2⤵
  PID:16264
- C:\Windows\System\dxQWXUI.exe
  C:\Windows\System\dxQWXUI.exe
  2⤵
  PID:16340
- C:\Windows\System\UCXJVuY.exe
  C:\Windows\System\UCXJVuY.exe
  2⤵
  PID:15572
- C:\Windows\System\KTkQerA.exe
  C:\Windows\System\KTkQerA.exe
  2⤵
  PID:15684
- C:\Windows\System\fzIdMau.exe
  C:\Windows\System\fzIdMau.exe
  2⤵
  PID:7648
- C:\Windows\System\dkkHgev.exe
  C:\Windows\System\dkkHgev.exe
  2⤵
  PID:6560
- C:\Windows\System\iparwfw.exe
  C:\Windows\System\iparwfw.exe
  2⤵
  PID:16048
- C:\Windows\System\eLzPcvy.exe
  C:\Windows\System\eLzPcvy.exe
  2⤵
  PID:7760
- C:\Windows\System\jajyWHt.exe
  C:\Windows\System\jajyWHt.exe
  2⤵
  PID:16252
- C:\Windows\System\QWxhspQ.exe
  C:\Windows\System\QWxhspQ.exe
  2⤵
  PID:7524
- C:\Windows\System\oNUUzNV.exe
  C:\Windows\System\oNUUzNV.exe
  2⤵
  PID:10160
- C:\Windows\System\dhfvfsh.exe
  C:\Windows\System\dhfvfsh.exe
  2⤵
  PID:8872
- C:\Windows\System\sdqOXcM.exe
  C:\Windows\System\sdqOXcM.exe
  2⤵
  PID:7940
- C:\Windows\System\aFQAyfk.exe
  C:\Windows\System\aFQAyfk.exe
  2⤵
  PID:15532
- C:\Windows\System\UTxMbPw.exe
  C:\Windows\System\UTxMbPw.exe
  2⤵
  PID:7908
- C:\Windows\System\TEbtAvo.exe
  C:\Windows\System\TEbtAvo.exe
  2⤵
  PID:8028
- C:\Windows\System\oiJuKAi.exe
  C:\Windows\System\oiJuKAi.exe
  2⤵
  PID:8068
- C:\Windows\System\SRittwD.exe
  C:\Windows\System\SRittwD.exe
  2⤵
  PID:7676
- C:\Windows\System\IEmiZOd.exe
  C:\Windows\System\IEmiZOd.exe
  2⤵
  PID:16076
- C:\Windows\System\YkqBPDb.exe
  C:\Windows\System\YkqBPDb.exe
  2⤵
  PID:16136
- C:\Windows\System\xmbWxYf.exe
  C:\Windows\System\xmbWxYf.exe
  2⤵
  PID:7452
- C:\Windows\System\zskznYL.exe
  C:\Windows\System\zskznYL.exe
  2⤵
  PID:9708
- C:\Windows\System\uqMslYC.exe
  C:\Windows\System\uqMslYC.exe
  2⤵
  PID:10180
- C:\Windows\System\UgeyALq.exe
  C:\Windows\System\UgeyALq.exe
  2⤵
  PID:9820
- C:\Windows\System\mUdEOMB.exe
  C:\Windows\System\mUdEOMB.exe
  2⤵
  PID:6216
- C:\Windows\System\KIABGgB.exe
  C:\Windows\System\KIABGgB.exe
  2⤵
  PID:1752
- C:\Windows\System\DMWJbjr.exe
  C:\Windows\System\DMWJbjr.exe
  2⤵
  PID:15964
- C:\Windows\System\eStFZUh.exe
  C:\Windows\System\eStFZUh.exe
  2⤵
  PID:7344
- C:\Windows\System\oSVINtN.exe
  C:\Windows\System\oSVINtN.exe
  2⤵
  PID:1464
- C:\Windows\System\CSKPpJO.exe
  C:\Windows\System\CSKPpJO.exe
  2⤵
  PID:7460
- C:\Windows\System\EPiSFvx.exe
  C:\Windows\System\EPiSFvx.exe
  2⤵
  PID:460
- C:\Windows\System\WsnNEZL.exe
  C:\Windows\System\WsnNEZL.exe
  2⤵
  PID:4856
- C:\Windows\System\HJdMfXg.exe
  C:\Windows\System\HJdMfXg.exe
  2⤵
  PID:10152
- C:\Windows\System\apPDtYD.exe
  C:\Windows\System\apPDtYD.exe
  2⤵
  PID:8056
- C:\Windows\System\zVqHKFn.exe
  C:\Windows\System\zVqHKFn.exe
  2⤵
  PID:4980
- C:\Windows\System\KUAKyCF.exe
  C:\Windows\System\KUAKyCF.exe
  2⤵
  PID:8112
- C:\Windows\System\FMqDeHd.exe
  C:\Windows\System\FMqDeHd.exe
  2⤵
  PID:8096
- C:\Windows\System\RMhiYKm.exe
  C:\Windows\System\RMhiYKm.exe
  2⤵
  PID:7828
- C:\Windows\System\lJqtXzV.exe
  C:\Windows\System\lJqtXzV.exe
  2⤵
  PID:7384
- C:\Windows\System\KZkrPeg.exe
  C:\Windows\System\KZkrPeg.exe
  2⤵
  PID:7492
- C:\Windows\System\GqYDWOk.exe
  C:\Windows\System\GqYDWOk.exe
  2⤵
  PID:7860
- C:\Windows\System\UUIUlhH.exe
  C:\Windows\System\UUIUlhH.exe
  2⤵
  PID:4512
- C:\Windows\System\kGIauLz.exe
  C:\Windows\System\kGIauLz.exe
  2⤵
  PID:10196
- C:\Windows\System\iMmKWIL.exe
  C:\Windows\System\iMmKWIL.exe
  2⤵
  PID:10040
- C:\Windows\System\MvPzBrZ.exe
  C:\Windows\System\MvPzBrZ.exe
  2⤵
  PID:4280
- C:\Windows\System\KVPIIww.exe
  C:\Windows\System\KVPIIww.exe
  2⤵
  PID:7372
- C:\Windows\System\uwGrINj.exe
  C:\Windows\System\uwGrINj.exe
  2⤵
  PID:10272
- C:\Windows\System\hIOsIvk.exe
  C:\Windows\System\hIOsIvk.exe
  2⤵
  PID:7488
- C:\Windows\System\xcCBrNE.exe
  C:\Windows\System\xcCBrNE.exe
  2⤵
  PID:8076
- C:\Windows\System\OGMaYhG.exe
  C:\Windows\System\OGMaYhG.exe
  2⤵
  PID:7632
- C:\Windows\System\glpGqmy.exe
  C:\Windows\System\glpGqmy.exe
  2⤵
  PID:9284
- C:\Windows\System\oxMmiyI.exe
  C:\Windows\System\oxMmiyI.exe
  2⤵
  PID:10440
- C:\Windows\System\QjWIsjo.exe
  C:\Windows\System\QjWIsjo.exe
  2⤵
  PID:2056
- C:\Windows\System\JwIjnVt.exe
  C:\Windows\System\JwIjnVt.exe
  2⤵
  PID:10528
- C:\Windows\System\GrFpXaJ.exe
  C:\Windows\System\GrFpXaJ.exe
  2⤵
  PID:10656
- C:\Windows\System\CSLwHGO.exe
  C:\Windows\System\CSLwHGO.exe
  2⤵
  PID:10260
- C:\Windows\System\kcHWjYP.exe
  C:\Windows\System\kcHWjYP.exe
  2⤵
  PID:10288
- C:\Windows\System\bpUZndX.exe
  C:\Windows\System\bpUZndX.exe
  2⤵
  PID:8208
- C:\Windows\System\xQzQBTK.exe
  C:\Windows\System\xQzQBTK.exe
  2⤵
  PID:10768
- C:\Windows\System\bUNqLII.exe
  C:\Windows\System\bUNqLII.exe
  2⤵
  PID:10788
- C:\Windows\System\nAtjcQW.exe
  C:\Windows\System\nAtjcQW.exe
  2⤵
  PID:1524
- C:\Windows\System\MBEnmzp.exe
  C:\Windows\System\MBEnmzp.exe
  2⤵
  PID:8100
- C:\Windows\System\nPTUaXa.exe
  C:\Windows\System\nPTUaXa.exe
  2⤵
  PID:10556
- C:\Windows\System\GKseHZf.exe
  C:\Windows\System\GKseHZf.exe
  2⤵
  PID:8384
- C:\Windows\System\lvCFPFA.exe
  C:\Windows\System\lvCFPFA.exe
  2⤵
  PID:8156
- C:\Windows\System\AoqHSNU.exe
  C:\Windows\System\AoqHSNU.exe
  2⤵
  PID:10420
- C:\Windows\System\ipQdfib.exe
  C:\Windows\System\ipQdfib.exe
  2⤵
  PID:10944
- C:\Windows\System\iuWXRls.exe
  C:\Windows\System\iuWXRls.exe
  2⤵
  PID:10500
- C:\Windows\System\HnpeYIu.exe
  C:\Windows\System\HnpeYIu.exe
  2⤵
  PID:8312
- C:\Windows\System\KyLLOzW.exe
  C:\Windows\System\KyLLOzW.exe
  2⤵
  PID:7268
- C:\Windows\System\yIQFWMM.exe
  C:\Windows\System\yIQFWMM.exe
  2⤵
  PID:3008
- C:\Windows\System\jSiHDLL.exe
  C:\Windows\System\jSiHDLL.exe
  2⤵
  PID:11092
- C:\Windows\System\vHuzZKQ.exe
  C:\Windows\System\vHuzZKQ.exe
  2⤵
  PID:2836
- C:\Windows\System\EyaSTaq.exe
  C:\Windows\System\EyaSTaq.exe
  2⤵
  PID:11180
- C:\Windows\System\jGsWLGe.exe
  C:\Windows\System\jGsWLGe.exe
  2⤵
  PID:10952
- C:\Windows\System\VHFgXje.exe
  C:\Windows\System\VHFgXje.exe
  2⤵
  PID:10824
- C:\Windows\System\HvGwJQZ.exe
  C:\Windows\System\HvGwJQZ.exe
  2⤵
  PID:11256
- C:\Windows\System\jspSakd.exe
  C:\Windows\System\jspSakd.exe
  2⤵
  PID:10876
- C:\Windows\System\EYzlTIv.exe
  C:\Windows\System\EYzlTIv.exe
  2⤵
  PID:10344
- C:\Windows\System\FPhjzpw.exe
  C:\Windows\System\FPhjzpw.exe
  2⤵
  PID:10676
- C:\Windows\System\UelabrN.exe
  C:\Windows\System\UelabrN.exe
  2⤵
  PID:8396
- C:\Windows\System\eHqcngU.exe
  C:\Windows\System\eHqcngU.exe
  2⤵
  PID:10928
- C:\Windows\System\BPnQxCX.exe
  C:\Windows\System\BPnQxCX.exe
  2⤵
  PID:8984
- C:\Windows\System\BAQWmsE.exe
  C:\Windows\System\BAQWmsE.exe
  2⤵
  PID:9028
- C:\Windows\System\hpEuRyt.exe
  C:\Windows\System\hpEuRyt.exe
  2⤵
  PID:8788
- C:\Windows\System\rMoKMHm.exe
  C:\Windows\System\rMoKMHm.exe
  2⤵
  PID:10416
- C:\Windows\System\vdvnWPF.exe
  C:\Windows\System\vdvnWPF.exe
  2⤵
  PID:4424
- C:\Windows\System\ifAxliV.exe
  C:\Windows\System\ifAxliV.exe
  2⤵
  PID:9488
- C:\Windows\System\fdjCCqh.exe
  C:\Windows\System\fdjCCqh.exe
  2⤵
  PID:10652
- C:\Windows\System\pacOHLc.exe
  C:\Windows\System\pacOHLc.exe
  2⤵
  PID:8448
- C:\Windows\System\kkQgEkI.exe
  C:\Windows\System\kkQgEkI.exe
  2⤵
  PID:10424
- C:\Windows\System\riSPuzs.exe
  C:\Windows\System\riSPuzs.exe
  2⤵
  PID:8928
- C:\Windows\System\RfGVyQs.exe
  C:\Windows\System\RfGVyQs.exe
  2⤵
  PID:10800
- C:\Windows\System\MemcFVk.exe
  C:\Windows\System\MemcFVk.exe
  2⤵
  PID:10448
- C:\Windows\System\mPuwdyB.exe
  C:\Windows\System\mPuwdyB.exe
  2⤵
  PID:2760
- C:\Windows\System\fnQiMuq.exe
  C:\Windows\System\fnQiMuq.exe
  2⤵
  PID:10536
- C:\Windows\System\tFDgQHF.exe
  C:\Windows\System\tFDgQHF.exe
  2⤵
  PID:10740
- C:\Windows\System\ZwWkmEK.exe
  C:\Windows\System\ZwWkmEK.exe
  2⤵
  PID:7324
- C:\Windows\System\SDaDbYO.exe
  C:\Windows\System\SDaDbYO.exe
  2⤵
  PID:10940
- C:\Windows\System\gXemNas.exe
  C:\Windows\System\gXemNas.exe
  2⤵
  PID:10516
- C:\Windows\System\cSbPwjv.exe
  C:\Windows\System\cSbPwjv.exe
  2⤵
  PID:11152
- C:\Windows\System\ffHNxaQ.exe
  C:\Windows\System\ffHNxaQ.exe
  2⤵
  PID:8648
- C:\Windows\System\MNYOauY.exe
  C:\Windows\System\MNYOauY.exe
  2⤵
  PID:10664
- C:\Windows\System\PvwkRja.exe
  C:\Windows\System\PvwkRja.exe
  2⤵
  PID:9180
- C:\Windows\System\SUZsJdP.exe
  C:\Windows\System\SUZsJdP.exe
  2⤵
  PID:10504
- C:\Windows\System\ZIcgVfg.exe
  C:\Windows\System\ZIcgVfg.exe
  2⤵
  PID:8512
- C:\Windows\System\pdZbxke.exe
  C:\Windows\System\pdZbxke.exe
  2⤵
  PID:10832
- C:\Windows\System\VceWjwZ.exe
  C:\Windows\System\VceWjwZ.exe
  2⤵
  PID:2264
- C:\Windows\System\MrlBIRd.exe
  C:\Windows\System\MrlBIRd.exe
  2⤵
  PID:1116
- C:\Windows\System\RZFkoHN.exe
  C:\Windows\System\RZFkoHN.exe
  2⤵
  PID:8716
- C:\Windows\System\Gebpryo.exe
  C:\Windows\System\Gebpryo.exe
  2⤵
  PID:11396
- C:\Windows\System\TsuoaBT.exe
  C:\Windows\System\TsuoaBT.exe
  2⤵
  PID:11068
- C:\Windows\System\vJKlQvl.exe
  C:\Windows\System\vJKlQvl.exe
  2⤵
  PID:9152
- C:\Windows\System\wYXxQUU.exe
  C:\Windows\System\wYXxQUU.exe
  2⤵
  PID:8400
- C:\Windows\System\puLjwaw.exe
  C:\Windows\System\puLjwaw.exe
  2⤵
  PID:8692
- C:\Windows\System\yudEuTK.exe
  C:\Windows\System\yudEuTK.exe
  2⤵
  PID:11532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BRrURKt.exe

Filesize
6.0MB

MD5
1ba3bc77a0278128d90eef21a6c46209

SHA1
71a360fe0f026d4381f59d9beab767049d732362

SHA256
71a45b02f4a963320749c84a540871ea3eaab3d7ea7c0bda9a312e9a6c0aff0e

SHA512
a3409cc470f19cdafeecb1bd4e4199c41c28574092bd65dc8adc123af1b5f085f93179ad4eaacb115f4dc58037553e5dc7f3fa5ab91a82d0e8459caa633e5f59

Download Submit
C:\Windows\System\CuseoAI.exe

Filesize
6.0MB

MD5
9d6bc5aeb1129083c809a95d1fe8feff

SHA1
96e5e815bc26c8c5e312f09de57fdba5b21abea7

SHA256
b5299e62f750bd9e16e26dc2356e027e94b6564792be118884ee49b5537e877e

SHA512
c3f9d54e1cd779f63683f144e53226a7f31e13cc05c298ac172a93bf7555e6a5dfbe716dceae55ea4bfe119fa16ce109fdf37637fa2d75f44056c10f62a778cc

Download Submit
C:\Windows\System\IgnXAHv.exe

Filesize
6.0MB

MD5
d3f4d34397546680823b1628147e2e58

SHA1
3ed3ac7439df13849508537d820456b184d4a684

SHA256
9f9621ba594deb209d68ad9ff6c59e5c811538993edc28e67bab19b3c3c9842d

SHA512
4b4cffa7e8a01f55ffac2fb545a3d5d529d640bee351df562d4a5a0ad0f989053b78696a885b7381699be98fcd4af1bf50c3eccad8c55a0f2e96131d9c8336cb

Download Submit
C:\Windows\System\JjIkVnC.exe

Filesize
6.0MB

MD5
89a39cdc27429ef5eed1935d5721d3af

SHA1
4bb204ca0773edd9ec4930d74fddab39e4b2c59d

SHA256
046745b0447564ed0c872ca39b66eb1c23effbf6ca119e41bfb1c6e9cf517e19

SHA512
7cbe47d843831aacee3d8aef13c117b6649960b08bc73ea0a29e2ae4f1b92dddf52792fb675cb907e0f6616730b2bdd67bb5f750c9e3b30d7be1508360d90f74

Download Submit
C:\Windows\System\KcjsOWv.exe

Filesize
6.0MB

MD5
6fdd05a044d8e2bf745cc41ffce79631

SHA1
ee3785aa913bbfecc1788ece307a466a80ceb632

SHA256
3d25ca4c63264081ec1476b9086b091994e9b2b659101cffc157ce15359624df

SHA512
d9e82f3d26f806eaa1f3eaedd14be77ee554b70dc99e918b191166ce31ef34ddaca668f262405cc02faf6a4f93852dd0550650b15a5a5b42d15b30e926821786

Download Submit
C:\Windows\System\LMOXKxj.exe

Filesize
6.0MB

MD5
df9e7944f584cab52194c92dbd49c0ed

SHA1
02e4f6f2f74f5c36369802d48d65e33f79ba26c6

SHA256
61a08b40bc254f8ae124fd2229fe0fc1b6643132b05ca63443de54d36ca16cf5

SHA512
a3dab744ccc89e163a7dd0cf4b4d4c0c60d374afbe841d39079b7b4ae5bc9464c72acd4b04fa11ddcccc145942596c23861c212f79e2fe3dc38d750ec0e0b5e2

Download Submit
C:\Windows\System\LdfgsRf.exe

Filesize
6.0MB

MD5
538fcf176d5fc726a598efd6ab1a4d27

SHA1
b841d8a6fd713972d74d04345505a61d3b7fc5e5

SHA256
dfb07302e4b9094e0fc478e443a93b7d4e0ac367a3504a69400d16fa23078fb2

SHA512
f112d3c521e1e9ba858a2293d72bf8efae28cc37e0d24d65788b03a8353a88b3e044fbbbe76d743c508911b61958b4dd9f427c2a7402d2030b3a53ed9f5a5002

Download Submit
C:\Windows\System\MaYRVfm.exe

Filesize
6.0MB

MD5
4c5771acaca3b0e4b7f67d8434b76120

SHA1
b4acffc426027f5b1eba8779520a24c7388595a5

SHA256
bd81b265bd24f7c42b8c7e42c9918eaa2e8b11fd90309ba819939e4bded60fca

SHA512
6942c74fa4752b63357c9fabacc3a7b01947644dd721a04d61aae5cc6558436b01e71aa8e86a276c291ed3fd0f0fb4a64a8e003a59710257e5b4192977523859

Download Submit
C:\Windows\System\MxXLzoX.exe

Filesize
6.0MB

MD5
b4164881663538cf2ca96e63984a180f

SHA1
49dbe7d16457e8e29eca1fe49c33e082b9af10dd

SHA256
632ac9934e4c21ec0de6383057f4341a83e8b10458e699bdbe0ef132a7a6275a

SHA512
e02801135f9300cd5410b8f42a82cae70f1c741e20defbe18fc5a0858060238aa80a9c721e832195a366279c5357900d4d338c1668dfe3c2055b8ab06dc96c00

Download Submit
C:\Windows\System\PJxvOJR.exe

Filesize
6.0MB

MD5
b3d254ca0d37a8ddc8826e5372c063f4

SHA1
0ad09326c508d7b814bc74aa07d2cb02c504259e

SHA256
2b2a26ab83fd143325801e9f26291947961b1cc0a27f87b5bf0ed83bce6cb882

SHA512
557b0863de5114b032707fe23d5163d8459ec80840667c896682fb1a89be3573c1a57dad541b3988b6c81bd32eb25f3238a6d31c9cb6dcb282f86461466b3400

Download Submit
C:\Windows\System\QggtRkx.exe

Filesize
6.0MB

MD5
87c47589488a66ad6e7c943c2a365235

SHA1
bb441bc28dfc29881363f8aa937db88bbbf51b54

SHA256
364416ab479f8bb12a379419a9c7a5c94a842c865cb202707d0ade2b81fdb9f9

SHA512
a894b712722ac13ad4ac34a7dd7eb4fd099d10ad2f1a62825efc2336ae7219c37671297101515f293db1c117e76bc5327d52d95b8e319e1d7c9579f665f0b9e7

Download Submit
C:\Windows\System\RGpznBn.exe

Filesize
6.0MB

MD5
5059e3256c004d7a4dc8268a06703409

SHA1
20fbfdec8ca76272f3d485fa3ca2370f787d10cf

SHA256
da4b999c7b1416d315e9ab2d670ca1aa13b0021cd36bc88a067b18f05356a427

SHA512
159cb6db8a107afa8dd4d5043b44ee471d1c922bcef12018cdb426815e14b0f574bdec70fefe1bfc4a2aea6ab745723697ef5aa49e06b3ece607dbf16e93c692

Download Submit
C:\Windows\System\TIHINwH.exe

Filesize
6.0MB

MD5
5bd162779d5f2e25d44f9e7fbb1907ac

SHA1
6d701ae3f7a5ec860db2b6e19b8cc40323e1cbbb

SHA256
121cf0c0fd93f5a4a83697b1a34c651e27e94cffda0931b94743287eebb29ac6

SHA512
252017c0b9f1af751ad2d54419d6c23af643d7f833494cb5dfa76985de1e7596d83569be35303a463c6ee95b304785b1ed27b870fe045d890758135868acf87d

Download Submit
C:\Windows\System\VfBFCVi.exe

Filesize
6.0MB

MD5
d5ea6319dfe2a145638dd5dd9c69de75

SHA1
184b5f7a1981f07540e69798a51349b7ce7bd1bf

SHA256
8372e86f78b3b4f6bda50565ea00d55e9566f38394528af897cb4d9b155f3526

SHA512
fe95fe6e521c7f523f65452230a95d709892ff4ad28183ca23e2f392627f03bd5c1dd9e5c9154132e52df9ea7053821d6434009b2e756ec08201635fe82bb4cf

Download Submit
C:\Windows\System\YCIeLlh.exe

Filesize
6.0MB

MD5
bd03ad28c3fad0a1f5f26843c8d6047f

SHA1
a2965b7b87f20129c52bf2f0e2e9b79001c5e5f9

SHA256
291b3c4f942822367acbe04592f92b79ac642f5f42a17bab06e38fc37052db8a

SHA512
c4ea336d9dc2e6d3b00ef5333f6ddee10a5ee30365ed8e8059307ac1fd5e61f53c0df04c61a0481ca45542fd94a4e0eb2ee72d7d2d4b4094d12d373945485a4a

Download Submit
C:\Windows\System\ZVwOoWN.exe

Filesize
6.0MB

MD5
39ef8776b46432f9e34a36d2891e4b2e

SHA1
1de3b2329254b499e2e8aa006ce48473f7d4ce23

SHA256
882dcb5e71b13e10ff291678715b34336bf67c20e3772cba8178bb334e4cdc99

SHA512
df9c3010ec2db48dae8f32ad170d1c7d177bd6e6cf7afe26f713b3de2d16ec5f95e75b750d94ec0d6dd847e6c06a10ac8a32f28759b8c2f275a9a39068192967

Download Submit
C:\Windows\System\ZzVpSbX.exe

Filesize
6.0MB

MD5
c16bdf9096d0775c303ec40640fab8f0

SHA1
7c780c306a2b65473f31d614d03f1f4ffae2d69e

SHA256
a60f54a848c0a925887422f8fbd6f12ee30a551dae16dde4f3a3c16598e79460

SHA512
53b3958fe01d8f98c3cf7694ce7b15746583b743e3c47c4d7763d22e790f9d600a60997dbe8ea16eeb401bf2614505f1722f8afecb4447aafe28d14221503091

Download Submit
C:\Windows\System\eMOKDTp.exe

Filesize
6.0MB

MD5
c8e12456e4ab59b3c277a3b95152a264

SHA1
4175cea871007d7aa9392cbb80d972c775e3ddfb

SHA256
ff22feafde9c2758522ffe3845a52d4be231d69a151ccc28f9d0934bebbb20b2

SHA512
26cfce04c7618bdada6be4c0238b59276ddddbddf29c91d1206e36ba2ff08888406ae21de061336f41d952f56019855ec36de45e8965d2f051bf3779eb3a97f4

Download Submit
C:\Windows\System\gtkCoCT.exe

Filesize
6.0MB

MD5
cbc2c5fcfd97ec49da6de89f2780bbc8

SHA1
6a779fa69a258ffa1462126f1f2aac2338bb2730

SHA256
4a1d41badb89a6d70a8abdc3a0066ed529acf24987d9e58be742cf3ffc467b42

SHA512
e4c579485e7e9eadcdff3a635ece7c93f2916781f456b950633dc32429320c685624c7f4e7e323511e2c539e4ad7c7f823e4480be5ca762b5dd8e7b2b81ca2e6

Download Submit
C:\Windows\System\izllaWV.exe

Filesize
6.0MB

MD5
886a52ea402bd6d0ae29824caf4c8cc1

SHA1
44b8ceacbe1166b33fba2901cd50c03cf857a0ab

SHA256
a57d9ebdd43d48d9cca97b3a39b621036e2ed233e7a1d0bc434c622d802066f6

SHA512
2aa51f05e7a77e33c03bc2c7e0bf90082e506e9486873338b8e7a3b17695d21b1263a656e0d98d229b01d91fb841882cd69f67a075a89f76359d6e7a3c76aea5

Download Submit
C:\Windows\System\kTpPUYG.exe

Filesize
6.0MB

MD5
523490cbeb25b5286a25301e5776380e

SHA1
a19441e761796bc571ebc7e9e999453df25b2b8a

SHA256
39559e98aca095cbbcd4837808655a6887cb06824e797474285efec0d32271e6

SHA512
2cfe78d3d1aa57c220b1fe8d77a0d018692e14bd0aff9d0054cf0aee8975e9f6c457ee623f75616b0364f5034891a4de14f9b37137fe0cf14837f7ec1ef2c15e

Download Submit
C:\Windows\System\lGbfTza.exe

Filesize
6.0MB

MD5
298c073d834290555f8d9fc8c2d08616

SHA1
4a5b74cf183643903822b1d399d7266e2e46483b

SHA256
7befd3239770bdc983de38da5dc9c1c9d8535b9016495a8efc684a984f035e70

SHA512
eb3d55e0cc0bdc4a05c24d3641b17156c3097f059d71de06a7be606ca92519cb378eb97eef1cfa2d9bc27b6256fde477308b5d5487449f4ace15da483ac1fd20

Download Submit
C:\Windows\System\pBwwoHw.exe

Filesize
6.0MB

MD5
11d68a26ac31e5c67b76dbbeeed68962

SHA1
b28bc922f850421f634e1a9bfec663d102edb89b

SHA256
a4c21e1bb4f173f87e38152e039fee2b08f59fc9734281b1271c03d13e5fb357

SHA512
945ec2ebbc636d98f279334f81aaf0ed1b5b4250cb5c0e1731cabe58b62f4d46f9067df0bc823b7356556d4f001af557bb887603553f4ff2c31486a2d8b88aba

Download Submit
C:\Windows\System\pYqNOpp.exe

Filesize
6.0MB

MD5
68b3e524a0dbdd71f9def5c59d0abd7d

SHA1
c98ea59c47586c689f14f5d5716cdbfbb6568f4d

SHA256
242d6f3ffe292b80a2b11a8f3e8ddce634313138c6d989ccd7d4fcd056f1edc2

SHA512
c5d8aad984fd2d1c61c6176419faa5fa6e00649c323e720ed574a6e86143fd96a9a64a90467773fdc98e5d363a9696f8c91d8aebdcb943bd8eceb7d7fc313857

Download Submit
C:\Windows\System\rdATNQm.exe

Filesize
6.0MB

MD5
bcea47ee4fda9118e4cd1b0c8e1c2b40

SHA1
f469c80aabe2ad0ce8aaaa28283cb65b28f65eda

SHA256
e1ba0aa99f9c7dea5e5c16251377d4ceaaa15751ffb1ebfd45e2e15f3168e62e

SHA512
cc6b47e702b981cc27cab336f215f8f0d128a5f8430a402a813ade32c13a25980fd6e2a5b66fe59453ae01ecd2f96070bdd00f36a7222bcdb2159c05b70f78fb

Download Submit
C:\Windows\System\rsUsnBO.exe

Filesize
6.0MB

MD5
9b86034d77691487fd328ded1d04b87b

SHA1
aab784f5bb5658388c817ebb867883215db175ed

SHA256
9302f707732d310b6bb74413204c708320dbf359f20b9031df19bd74d9c07840

SHA512
36f71966551be206b53598133d3d846eff4e433db8a28eb942bf89f928b319333f93a0c6256829f7e51f3ce7081f9b4dd8ad84afee8a8a57289329a2af3d74bb

Download Submit
C:\Windows\System\sCpKUEi.exe

Filesize
6.0MB

MD5
1e70c11aa83cbb2500d72cacb6ac29b4

SHA1
db3077bbe47481a380f4fc7d7732a3684c4a8f59

SHA256
11a51c551791f22b859d960a6378b254394110591e05f11f0e588b8a284f074d

SHA512
2765c115f37c3c912363801b6ff4d69e85600f0d8aa682c2fa8052d6d143230e3479fad00599a228b23dcd0edebf72d81c5e85c5c05d986982dea2eb1cf7b201

Download Submit
C:\Windows\System\uFQgwHU.exe

Filesize
6.0MB

MD5
48a26bf319ac8ff49e232134f582d8da

SHA1
a0fc401f97ee4b9c6a9de4904a12cc7ada65a1f5

SHA256
f1d400f0c07ca23386cffc2a259b3d88d4eb653dbccf63e839957a73a597e43f

SHA512
a16eb3cf0f855f600a1ed14bb5c21e89480bac295803061c05ab7fa4f3ed4e98f69058f79560e6cd09f10b4efe852ea5b1e7dccc0ea013c9597ee6882917e9da

Download Submit
C:\Windows\System\uHEvmlF.exe

Filesize
6.0MB

MD5
aecc50855dbcd4e1a6d14ccdbb3084fe

SHA1
8bfb103be185f6b609a7f3410b71ab6f8911d42b

SHA256
59a97a4402323d8d89a4380e057313bcb92d208ca6bd5fed99ad760b27cc9f78

SHA512
2e8be9f125b37b93470c7aa0655d130f26106f9ec51412bf32a8de6a114dacc84e7ba42b41dc3302355099bf683eb95653814f343565478db38919489fa41095

Download Submit
C:\Windows\System\vbumSdI.exe

Filesize
6.0MB

MD5
a1cb499d156c4ce9835caa6fecd42fa2

SHA1
85a410d1fd13165d5c2a6f815fab493f4a354995

SHA256
96f7b9040dae22c783f78f8127af49c119a419d3ecffab7a412bd059ec59ba55

SHA512
3e920a8bd94479011e2b71507480e869717d1c4abba87b9425d8611bd7c6eccddb32ebc478b8e0412d2a5dd4c998b79272485f3308a00aed642e5bbe18a9e4f8

Download Submit
C:\Windows\System\ysJRdRE.exe

Filesize
6.0MB

MD5
30bd0c8d00fd4d4732f1989d0ec9a627

SHA1
b939915491fd3bf428a85184b918c2a700f489da

SHA256
f501af5102796691912ea87ba0e2573a0ebf6244dcd630289cf0557589c084cf

SHA512
80938ee3b510b9623c7446bcafdf1d87feab1ffccf3c574d2e48db1b9bbca34a17e26f95d6151820ba867a71538548fabf1f6826c04ab7dd93c68e886c0658b1

Download Submit
C:\Windows\System\zUJxAnF.exe

Filesize
6.0MB

MD5
994549114b9c23f3c567d8e92b4d593f

SHA1
6e55af60f3a1d9463fbb0ddfb566df97ca7642e7

SHA256
e110631f4f11f11f3c6d1c944e7918da78d2cc7052e699939cf4e5470c4e80b7

SHA512
13e7c5b1679a110c9d94e10a3fd67dfc3b18a215a2aeb79bb3055576e1d0f6305e5fce29ec81d724e0905e464ab063607c09bb58a7ad5e8c3e6918ddf55cded8

Download Submit
C:\Windows\System\zsldKAt.exe

Filesize
6.0MB

MD5
82c54dc66bd87e86f3cf93b12e2cab7a

SHA1
5884e09ea84d1b05fd4c59ff5affdf0e8d2fd960

SHA256
74cef007dcea5dd3720a6e2f4a54435b231f2a163fa3f05dcbeeb5e667ed87db

SHA512
86849f0c1d1d27ca7cae971373a02e77d9077792a348b839c60ac750136b967249a99eddc584a42abfeb3772888deee146e8280d82c846ed39dd1404cb3c6251

Download Submit
memory/452-81-0x00007FF7C0F30000-0x00007FF7C1284000-memory.dmp

Filesize
3.3MB

Download
memory/452-18-0x00007FF7C0F30000-0x00007FF7C1284000-memory.dmp

Filesize
3.3MB

Download
memory/452-2072-0x00007FF7C0F30000-0x00007FF7C1284000-memory.dmp

Filesize
3.3MB

Download
memory/976-109-0x00007FF75E010000-0x00007FF75E364000-memory.dmp

Filesize
3.3MB

Download
memory/976-42-0x00007FF75E010000-0x00007FF75E364000-memory.dmp

Filesize
3.3MB

Download
memory/976-2107-0x00007FF75E010000-0x00007FF75E364000-memory.dmp

Filesize
3.3MB

Download
memory/1136-123-0x00007FF6999F0000-0x00007FF699D44000-memory.dmp

Filesize
3.3MB

Download
memory/1136-54-0x00007FF6999F0000-0x00007FF699D44000-memory.dmp

Filesize
3.3MB

Download
memory/1136-2105-0x00007FF6999F0000-0x00007FF699D44000-memory.dmp

Filesize
3.3MB

Download
memory/1168-48-0x00007FF730890000-0x00007FF730BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-116-0x00007FF730890000-0x00007FF730BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-2106-0x00007FF730890000-0x00007FF730BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1264-2125-0x00007FF7FE200000-0x00007FF7FE554000-memory.dmp

Filesize
3.3MB

Download
memory/1264-172-0x00007FF7FE200000-0x00007FF7FE554000-memory.dmp

Filesize
3.3MB

Download
memory/1264-108-0x00007FF7FE200000-0x00007FF7FE554000-memory.dmp

Filesize
3.3MB

Download
memory/1652-183-0x00007FF7A49E0000-0x00007FF7A4D34000-memory.dmp

Filesize
3.3MB

Download
memory/1652-2148-0x00007FF7A49E0000-0x00007FF7A4D34000-memory.dmp

Filesize
3.3MB

Download
memory/1652-1705-0x00007FF7A49E0000-0x00007FF7A4D34000-memory.dmp

Filesize
3.3MB

Download
memory/1900-24-0x00007FF63E4C0000-0x00007FF63E814000-memory.dmp

Filesize
3.3MB

Download
memory/1900-88-0x00007FF63E4C0000-0x00007FF63E814000-memory.dmp

Filesize
3.3MB

Download
memory/1900-2086-0x00007FF63E4C0000-0x00007FF63E814000-memory.dmp

Filesize
3.3MB

Download
memory/2036-1290-0x00007FF6D4650000-0x00007FF6D49A4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-2130-0x00007FF6D4650000-0x00007FF6D49A4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-133-0x00007FF6D4650000-0x00007FF6D49A4000-memory.dmp

Filesize
3.3MB

Download
memory/2252-2141-0x00007FF79B570000-0x00007FF79B8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2252-1582-0x00007FF79B570000-0x00007FF79B8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2252-167-0x00007FF79B570000-0x00007FF79B8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-68-0x00007FF64E3B0000-0x00007FF64E704000-memory.dmp

Filesize
3.3MB

Download
memory/2276-6-0x00007FF64E3B0000-0x00007FF64E704000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2066-0x00007FF64E3B0000-0x00007FF64E704000-memory.dmp

Filesize
3.3MB

Download
memory/2280-1411-0x00007FF6904B0000-0x00007FF690804000-memory.dmp

Filesize
3.3MB

Download
memory/2280-2138-0x00007FF6904B0000-0x00007FF690804000-memory.dmp

Filesize
3.3MB

Download
memory/2280-147-0x00007FF6904B0000-0x00007FF690804000-memory.dmp

Filesize
3.3MB

Download
memory/2292-128-0x00007FF610120000-0x00007FF610474000-memory.dmp

Filesize
3.3MB

Download
memory/2292-2110-0x00007FF610120000-0x00007FF610474000-memory.dmp

Filesize
3.3MB

Download
memory/2292-63-0x00007FF610120000-0x00007FF610474000-memory.dmp

Filesize
3.3MB

Download
memory/2456-2124-0x00007FF666820000-0x00007FF666B74000-memory.dmp

Filesize
3.3MB

Download
memory/2456-101-0x00007FF666820000-0x00007FF666B74000-memory.dmp

Filesize
3.3MB

Download
memory/2456-166-0x00007FF666820000-0x00007FF666B74000-memory.dmp

Filesize
3.3MB

Download
memory/2488-14-0x00007FF64F6F0000-0x00007FF64FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2488-2069-0x00007FF64F6F0000-0x00007FF64FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2488-72-0x00007FF64F6F0000-0x00007FF64FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2968-127-0x00007FF7162F0000-0x00007FF716644000-memory.dmp

Filesize
3.3MB

Download
memory/2968-2120-0x00007FF7162F0000-0x00007FF716644000-memory.dmp

Filesize
3.3MB

Download
memory/2968-188-0x00007FF7162F0000-0x00007FF716644000-memory.dmp

Filesize
3.3MB

Download
memory/3108-176-0x00007FF617540000-0x00007FF617894000-memory.dmp

Filesize
3.3MB

Download
memory/3108-115-0x00007FF617540000-0x00007FF617894000-memory.dmp

Filesize
3.3MB

Download
memory/3108-2129-0x00007FF617540000-0x00007FF617894000-memory.dmp

Filesize
3.3MB

Download
memory/3220-76-0x00007FF64F350000-0x00007FF64F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/3220-2112-0x00007FF64F350000-0x00007FF64F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/3220-146-0x00007FF64F350000-0x00007FF64F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/3452-2102-0x00007FF7FAAD0000-0x00007FF7FAE24000-memory.dmp

Filesize
3.3MB

Download
memory/3452-102-0x00007FF7FAAD0000-0x00007FF7FAE24000-memory.dmp

Filesize
3.3MB

Download
memory/3452-33-0x00007FF7FAAD0000-0x00007FF7FAE24000-memory.dmp

Filesize
3.3MB

Download
memory/3600-2147-0x00007FF6AE6A0000-0x00007FF6AE9F4000-memory.dmp

Filesize
3.3MB

Download
memory/3600-191-0x00007FF6AE6A0000-0x00007FF6AE9F4000-memory.dmp

Filesize
3.3MB

Download
memory/3600-1707-0x00007FF6AE6A0000-0x00007FF6AE9F4000-memory.dmp

Filesize
3.3MB

Download
memory/3652-2134-0x00007FF6FE110000-0x00007FF6FE464000-memory.dmp

Filesize
3.3MB

Download
memory/3652-140-0x00007FF6FE110000-0x00007FF6FE464000-memory.dmp

Filesize
3.3MB

Download
memory/3652-1348-0x00007FF6FE110000-0x00007FF6FE464000-memory.dmp

Filesize
3.3MB

Download
memory/3792-2111-0x00007FF665350000-0x00007FF6656A4000-memory.dmp

Filesize
3.3MB

Download
memory/3792-132-0x00007FF665350000-0x00007FF6656A4000-memory.dmp

Filesize
3.3MB

Download
memory/3792-71-0x00007FF665350000-0x00007FF6656A4000-memory.dmp

Filesize
3.3MB

Download
memory/3836-2144-0x00007FF751E80000-0x00007FF7521D4000-memory.dmp

Filesize
3.3MB

Download
memory/3836-161-0x00007FF751E80000-0x00007FF7521D4000-memory.dmp

Filesize
3.3MB

Download
memory/3836-1478-0x00007FF751E80000-0x00007FF7521D4000-memory.dmp

Filesize
3.3MB

Download
memory/3920-89-0x00007FF64B730000-0x00007FF64BA84000-memory.dmp

Filesize
3.3MB

Download
memory/3920-165-0x00007FF64B730000-0x00007FF64BA84000-memory.dmp

Filesize
3.3MB

Download
memory/3920-2127-0x00007FF64B730000-0x00007FF64BA84000-memory.dmp

Filesize
3.3MB

Download
memory/4220-182-0x00007FF7A31C0000-0x00007FF7A3514000-memory.dmp

Filesize
3.3MB

Download
memory/4220-2128-0x00007FF7A31C0000-0x00007FF7A3514000-memory.dmp

Filesize
3.3MB

Download
memory/4220-122-0x00007FF7A31C0000-0x00007FF7A3514000-memory.dmp

Filesize
3.3MB

Download
memory/4228-1477-0x00007FF7CC150000-0x00007FF7CC4A4000-memory.dmp

Filesize
3.3MB

Download
memory/4228-156-0x00007FF7CC150000-0x00007FF7CC4A4000-memory.dmp

Filesize
3.3MB

Download
memory/4228-2146-0x00007FF7CC150000-0x00007FF7CC4A4000-memory.dmp

Filesize
3.3MB

Download
memory/4252-1830-0x00007FF7CBB20000-0x00007FF7CBE74000-memory.dmp

Filesize
3.3MB

Download
memory/4252-2153-0x00007FF7CBB20000-0x00007FF7CBE74000-memory.dmp

Filesize
3.3MB

Download
memory/4252-192-0x00007FF7CBB20000-0x00007FF7CBE74000-memory.dmp

Filesize
3.3MB

Download
memory/4292-2115-0x00007FF7F35D0000-0x00007FF7F3924000-memory.dmp

Filesize
3.3MB

Download
memory/4292-82-0x00007FF7F35D0000-0x00007FF7F3924000-memory.dmp

Filesize
3.3MB

Download
memory/4292-155-0x00007FF7F35D0000-0x00007FF7F3924000-memory.dmp

Filesize
3.3MB

Download
memory/4300-97-0x00007FF7583E0000-0x00007FF758734000-memory.dmp

Filesize
3.3MB

Download
memory/4300-2103-0x00007FF7583E0000-0x00007FF758734000-memory.dmp

Filesize
3.3MB

Download
memory/4300-30-0x00007FF7583E0000-0x00007FF758734000-memory.dmp

Filesize
3.3MB

Download
memory/4688-1-0x0000027A23210000-0x0000027A23220000-memory.dmp

Filesize
64KB

Download
memory/4688-60-0x00007FF750220000-0x00007FF750574000-memory.dmp

Filesize
3.3MB

Download
memory/4688-0-0x00007FF750220000-0x00007FF750574000-memory.dmp

Filesize
3.3MB

Download
memory/4704-1639-0x00007FF670070000-0x00007FF6703C4000-memory.dmp

Filesize
3.3MB

Download
memory/4704-2142-0x00007FF670070000-0x00007FF6703C4000-memory.dmp

Filesize
3.3MB

Download
memory/4704-173-0x00007FF670070000-0x00007FF6703C4000-memory.dmp

Filesize
3.3MB

Download