cobaltstrike | 87cb9f2ccfd4cee524ac3809b81d1bbd971f57700b76d9de8a99fdd8b066bc26

Analysis

max time kernel
146s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/01/2025, 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

6a01ca4961e477a0e3acd59c84e5a5b1
SHA1

073ae230f3bddccd35bfd85ebb634d8a31fcb123
SHA256

87cb9f2ccfd4cee524ac3809b81d1bbd971f57700b76d9de8a99fdd8b066bc26
SHA512

4b0a6618729855156e1298e27d943ef17665385216de780a65f90cb5aa2234d7a644ff5176a62213a7ec15cb409b875103b76a39871ed5eaae40f120f9e23fd4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUH:T+q56utgpPF8u/7H

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000d000000023b6c-4.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b76-12.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b77-11.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b78-28.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7a-32.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7e-56.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7f-61.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b80-66.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b81-70.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b82-76.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b84-86.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b89-111.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8b-121.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8c-125.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8f-146.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b91-157.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b95-170.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b94-165.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b93-163.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b92-161.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b90-152.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8e-142.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8d-136.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8a-116.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b88-106.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b87-101.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b86-96.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b85-91.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b83-81.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7d-51.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7c-46.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7b-41.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b79-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3872-0-0x00007FF6A5890000-0x00007FF6A5BE4000-memory.dmp	xmrig
behavioral2/files/0x000d000000023b6c-4.dat	xmrig
behavioral2/memory/3976-8-0x00007FF6574F0000-0x00007FF657844000-memory.dmp	xmrig
behavioral2/files/0x0031000000023b76-12.dat	xmrig
behavioral2/files/0x0031000000023b77-11.dat	xmrig
behavioral2/memory/3708-14-0x00007FF796590000-0x00007FF7968E4000-memory.dmp	xmrig
behavioral2/memory/3588-18-0x00007FF666710000-0x00007FF666A64000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b78-28.dat	xmrig
behavioral2/files/0x000a000000023b7a-32.dat	xmrig
behavioral2/files/0x000a000000023b7e-56.dat	xmrig
behavioral2/files/0x000a000000023b7f-61.dat	xmrig
behavioral2/files/0x000a000000023b80-66.dat	xmrig
behavioral2/files/0x000a000000023b81-70.dat	xmrig
behavioral2/files/0x000a000000023b82-76.dat	xmrig
behavioral2/files/0x000a000000023b84-86.dat	xmrig
behavioral2/files/0x000a000000023b89-111.dat	xmrig
behavioral2/files/0x000a000000023b8b-121.dat	xmrig
behavioral2/files/0x000a000000023b8c-125.dat	xmrig
behavioral2/files/0x000a000000023b8f-146.dat	xmrig
behavioral2/files/0x000a000000023b91-157.dat	xmrig
behavioral2/memory/1560-833-0x00007FF7C5210000-0x00007FF7C5564000-memory.dmp	xmrig
behavioral2/memory/4904-834-0x00007FF790E10000-0x00007FF791164000-memory.dmp	xmrig
behavioral2/memory/2476-848-0x00007FF6DCCA0000-0x00007FF6DCFF4000-memory.dmp	xmrig
behavioral2/memory/3372-859-0x00007FF6463E0000-0x00007FF646734000-memory.dmp	xmrig
behavioral2/memory/400-863-0x00007FF79D230000-0x00007FF79D584000-memory.dmp	xmrig
behavioral2/memory/688-862-0x00007FF762E20000-0x00007FF763174000-memory.dmp	xmrig
behavioral2/memory/912-861-0x00007FF6BF460000-0x00007FF6BF7B4000-memory.dmp	xmrig
behavioral2/memory/2948-860-0x00007FF6D0880000-0x00007FF6D0BD4000-memory.dmp	xmrig
behavioral2/memory/3776-858-0x00007FF7632D0000-0x00007FF763624000-memory.dmp	xmrig
behavioral2/memory/4012-857-0x00007FF65C0F0000-0x00007FF65C444000-memory.dmp	xmrig
behavioral2/memory/1916-856-0x00007FF673F10000-0x00007FF674264000-memory.dmp	xmrig
behavioral2/memory/4248-855-0x00007FF787740000-0x00007FF787A94000-memory.dmp	xmrig
behavioral2/memory/428-854-0x00007FF69CC00000-0x00007FF69CF54000-memory.dmp	xmrig
behavioral2/memory/816-853-0x00007FF738410000-0x00007FF738764000-memory.dmp	xmrig
behavioral2/memory/2032-852-0x00007FF695AD0000-0x00007FF695E24000-memory.dmp	xmrig
behavioral2/memory/3380-851-0x00007FF7C8C20000-0x00007FF7C8F74000-memory.dmp	xmrig
behavioral2/memory/4324-850-0x00007FF623ED0000-0x00007FF624224000-memory.dmp	xmrig
behavioral2/memory/2756-849-0x00007FF72C550000-0x00007FF72C8A4000-memory.dmp	xmrig
behavioral2/memory/1588-847-0x00007FF64E350000-0x00007FF64E6A4000-memory.dmp	xmrig
behavioral2/memory/2788-846-0x00007FF63F1B0000-0x00007FF63F504000-memory.dmp	xmrig
behavioral2/memory/8-845-0x00007FF6ED9E0000-0x00007FF6EDD34000-memory.dmp	xmrig
behavioral2/memory/4644-844-0x00007FF61FA00000-0x00007FF61FD54000-memory.dmp	xmrig
behavioral2/memory/1632-843-0x00007FF6E9530000-0x00007FF6E9884000-memory.dmp	xmrig
behavioral2/memory/2880-842-0x00007FF6955A0000-0x00007FF6958F4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b95-170.dat	xmrig
behavioral2/files/0x000a000000023b94-165.dat	xmrig
behavioral2/files/0x000a000000023b93-163.dat	xmrig
behavioral2/files/0x000a000000023b92-161.dat	xmrig
behavioral2/files/0x000a000000023b90-152.dat	xmrig
behavioral2/files/0x000a000000023b8e-142.dat	xmrig
behavioral2/files/0x000a000000023b8d-136.dat	xmrig
behavioral2/files/0x000a000000023b8a-116.dat	xmrig
behavioral2/files/0x000a000000023b88-106.dat	xmrig
behavioral2/files/0x000a000000023b87-101.dat	xmrig
behavioral2/files/0x000a000000023b86-96.dat	xmrig
behavioral2/files/0x000a000000023b85-91.dat	xmrig
behavioral2/files/0x000a000000023b83-81.dat	xmrig
behavioral2/files/0x000a000000023b7d-51.dat	xmrig
behavioral2/files/0x000a000000023b7c-46.dat	xmrig
behavioral2/files/0x000a000000023b7b-41.dat	xmrig
behavioral2/files/0x000a000000023b79-34.dat	xmrig
behavioral2/memory/4824-31-0x00007FF6E50F0000-0x00007FF6E5444000-memory.dmp	xmrig
behavioral2/memory/4480-26-0x00007FF6F0CD0000-0x00007FF6F1024000-memory.dmp	xmrig
behavioral2/memory/3872-975-0x00007FF6A5890000-0x00007FF6A5BE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3976	ndYtfxt.exe
3708	agtIHFW.exe
3588	EqKyNjX.exe
4480	WdyfKjH.exe
4824	DazKeMr.exe
1560	qzvajRN.exe
400	EWUBYPB.exe
4904	pHMxBQi.exe
2880	cyyLRjB.exe
1632	KUktjlP.exe
4644	pdloari.exe
8	vmoQqsZ.exe
2788	GfoEPat.exe
1588	xvaZyAV.exe
2476	LLhTNBH.exe
2756	hJMkvOG.exe
4324	baXaZTx.exe
3380	pSDNqNv.exe
2032	zeuPyvn.exe
816	QmkgtHU.exe
428	sKFmqCR.exe
4248	FQBhoyL.exe
1916	NSszTgL.exe
4012	JAwinGh.exe
3776	cADReOd.exe
3372	XjZcqQL.exe
2948	NJJSwXu.exe
912	oISdWQG.exe
688	SYVJWAB.exe
2164	jOyovFP.exe
5000	xgCumte.exe
2388	HGbOSXZ.exe
4532	aEoGYRG.exe
4660	Uwcnjuc.exe
3404	xOhtwTw.exe
4856	FrvoTfI.exe
1112	QWtNTiP.exe
940	OdQDvXr.exe
868	lppKxpx.exe
4804	BezVSLd.exe
4668	pyxVgtb.exe
4308	VmsEUcg.exe
220	WXjNiOj.exe
4356	lpWFbKW.exe
624	UJeEAtO.exe
4816	hxbeoBv.exe
4164	tMfvUbi.exe
552	ToDQecT.exe
4312	kPrPVHU.exe
4292	VuAeZGq.exe
960	rDRNRsJ.exe
992	PGKfWlR.exe
2228	VmviXov.exe
4540	jINaqGL.exe
1036	jOctsnX.exe
112	YDtoLFc.exe
4284	AYuLgjy.exe
2772	thofmOJ.exe
3832	pnOzzgU.exe
2468	wjMJbSx.exe
716	bONCOve.exe
384	ISmeSyp.exe
1304	FnLyHTb.exe
4384	QdybmmY.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3872-0-0x00007FF6A5890000-0x00007FF6A5BE4000-memory.dmp	upx
behavioral2/files/0x000d000000023b6c-4.dat	upx
behavioral2/memory/3976-8-0x00007FF6574F0000-0x00007FF657844000-memory.dmp	upx
behavioral2/files/0x0031000000023b76-12.dat	upx
behavioral2/files/0x0031000000023b77-11.dat	upx
behavioral2/memory/3708-14-0x00007FF796590000-0x00007FF7968E4000-memory.dmp	upx
behavioral2/memory/3588-18-0x00007FF666710000-0x00007FF666A64000-memory.dmp	upx
behavioral2/files/0x000a000000023b78-28.dat	upx
behavioral2/files/0x000a000000023b7a-32.dat	upx
behavioral2/files/0x000a000000023b7e-56.dat	upx
behavioral2/files/0x000a000000023b7f-61.dat	upx
behavioral2/files/0x000a000000023b80-66.dat	upx
behavioral2/files/0x000a000000023b81-70.dat	upx
behavioral2/files/0x000a000000023b82-76.dat	upx
behavioral2/files/0x000a000000023b84-86.dat	upx
behavioral2/files/0x000a000000023b89-111.dat	upx
behavioral2/files/0x000a000000023b8b-121.dat	upx
behavioral2/files/0x000a000000023b8c-125.dat	upx
behavioral2/files/0x000a000000023b8f-146.dat	upx
behavioral2/files/0x000a000000023b91-157.dat	upx
behavioral2/memory/1560-833-0x00007FF7C5210000-0x00007FF7C5564000-memory.dmp	upx
behavioral2/memory/4904-834-0x00007FF790E10000-0x00007FF791164000-memory.dmp	upx
behavioral2/memory/2476-848-0x00007FF6DCCA0000-0x00007FF6DCFF4000-memory.dmp	upx
behavioral2/memory/3372-859-0x00007FF6463E0000-0x00007FF646734000-memory.dmp	upx
behavioral2/memory/400-863-0x00007FF79D230000-0x00007FF79D584000-memory.dmp	upx
behavioral2/memory/688-862-0x00007FF762E20000-0x00007FF763174000-memory.dmp	upx
behavioral2/memory/912-861-0x00007FF6BF460000-0x00007FF6BF7B4000-memory.dmp	upx
behavioral2/memory/2948-860-0x00007FF6D0880000-0x00007FF6D0BD4000-memory.dmp	upx
behavioral2/memory/3776-858-0x00007FF7632D0000-0x00007FF763624000-memory.dmp	upx
behavioral2/memory/4012-857-0x00007FF65C0F0000-0x00007FF65C444000-memory.dmp	upx
behavioral2/memory/1916-856-0x00007FF673F10000-0x00007FF674264000-memory.dmp	upx
behavioral2/memory/4248-855-0x00007FF787740000-0x00007FF787A94000-memory.dmp	upx
behavioral2/memory/428-854-0x00007FF69CC00000-0x00007FF69CF54000-memory.dmp	upx
behavioral2/memory/816-853-0x00007FF738410000-0x00007FF738764000-memory.dmp	upx
behavioral2/memory/2032-852-0x00007FF695AD0000-0x00007FF695E24000-memory.dmp	upx
behavioral2/memory/3380-851-0x00007FF7C8C20000-0x00007FF7C8F74000-memory.dmp	upx
behavioral2/memory/4324-850-0x00007FF623ED0000-0x00007FF624224000-memory.dmp	upx
behavioral2/memory/2756-849-0x00007FF72C550000-0x00007FF72C8A4000-memory.dmp	upx
behavioral2/memory/1588-847-0x00007FF64E350000-0x00007FF64E6A4000-memory.dmp	upx
behavioral2/memory/2788-846-0x00007FF63F1B0000-0x00007FF63F504000-memory.dmp	upx
behavioral2/memory/8-845-0x00007FF6ED9E0000-0x00007FF6EDD34000-memory.dmp	upx
behavioral2/memory/4644-844-0x00007FF61FA00000-0x00007FF61FD54000-memory.dmp	upx
behavioral2/memory/1632-843-0x00007FF6E9530000-0x00007FF6E9884000-memory.dmp	upx
behavioral2/memory/2880-842-0x00007FF6955A0000-0x00007FF6958F4000-memory.dmp	upx
behavioral2/files/0x000a000000023b95-170.dat	upx
behavioral2/files/0x000a000000023b94-165.dat	upx
behavioral2/files/0x000a000000023b93-163.dat	upx
behavioral2/files/0x000a000000023b92-161.dat	upx
behavioral2/files/0x000a000000023b90-152.dat	upx
behavioral2/files/0x000a000000023b8e-142.dat	upx
behavioral2/files/0x000a000000023b8d-136.dat	upx
behavioral2/files/0x000a000000023b8a-116.dat	upx
behavioral2/files/0x000a000000023b88-106.dat	upx
behavioral2/files/0x000a000000023b87-101.dat	upx
behavioral2/files/0x000a000000023b86-96.dat	upx
behavioral2/files/0x000a000000023b85-91.dat	upx
behavioral2/files/0x000a000000023b83-81.dat	upx
behavioral2/files/0x000a000000023b7d-51.dat	upx
behavioral2/files/0x000a000000023b7c-46.dat	upx
behavioral2/files/0x000a000000023b7b-41.dat	upx
behavioral2/files/0x000a000000023b79-34.dat	upx
behavioral2/memory/4824-31-0x00007FF6E50F0000-0x00007FF6E5444000-memory.dmp	upx
behavioral2/memory/4480-26-0x00007FF6F0CD0000-0x00007FF6F1024000-memory.dmp	upx
behavioral2/memory/3872-975-0x00007FF6A5890000-0x00007FF6A5BE4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NPjSYch.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xQxItZk.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ASNkfSq.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lQcoLHP.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\perwwXD.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpjWTGF.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDmoDJN.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yUqNqQG.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnTnYPC.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wyDIgbo.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmUdjWU.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GATPhXI.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nihVDup.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PYawjAJ.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eekrJCV.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCqFrHm.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tsCNfyV.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlWfZbJ.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbnAVrl.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnOwsbi.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jjTvpak.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVtAHRB.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQHDPxM.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMeccNi.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WroNoik.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UvwSveS.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VkZmqhS.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RpyxyMh.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xQsvIdK.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHulOdy.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPZgGAF.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIeegSx.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmKYxBj.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNxZOxz.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DJhkOZi.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xvaZyAV.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GwhAHNr.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FisEftT.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNPvsPl.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dkQEBJj.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AgZUDrZ.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jINaqGL.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omllNxH.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPbVsTU.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fyYjIvD.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtVmWhG.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KfsBDVQ.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btDLEfl.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RdjWTYS.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TwLqoxr.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oBOWfPM.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJCwXhH.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nQUOBdJ.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLXtFbn.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVNoEPl.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZiGDQd.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LGCiyqR.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZPonibX.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLLruWe.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxegmFO.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\boCxrhI.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZEvTOF.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYgJcox.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xIOAtNU.exe	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 3976	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3872 wrote to memory of 3976	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3872 wrote to memory of 3708	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3872 wrote to memory of 3708	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3872 wrote to memory of 3588	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3872 wrote to memory of 3588	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3872 wrote to memory of 4480	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3872 wrote to memory of 4480	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3872 wrote to memory of 4824	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3872 wrote to memory of 4824	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3872 wrote to memory of 1560	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3872 wrote to memory of 1560	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3872 wrote to memory of 400	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3872 wrote to memory of 400	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3872 wrote to memory of 4904	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3872 wrote to memory of 4904	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3872 wrote to memory of 2880	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3872 wrote to memory of 2880	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3872 wrote to memory of 1632	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3872 wrote to memory of 1632	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3872 wrote to memory of 4644	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3872 wrote to memory of 4644	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3872 wrote to memory of 8	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3872 wrote to memory of 8	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3872 wrote to memory of 2788	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3872 wrote to memory of 2788	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3872 wrote to memory of 1588	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3872 wrote to memory of 1588	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3872 wrote to memory of 2476	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3872 wrote to memory of 2476	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3872 wrote to memory of 2756	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3872 wrote to memory of 2756	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3872 wrote to memory of 4324	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3872 wrote to memory of 4324	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3872 wrote to memory of 3380	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3872 wrote to memory of 3380	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3872 wrote to memory of 2032	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3872 wrote to memory of 2032	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3872 wrote to memory of 816	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3872 wrote to memory of 816	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3872 wrote to memory of 428	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3872 wrote to memory of 428	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3872 wrote to memory of 4248	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3872 wrote to memory of 4248	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3872 wrote to memory of 1916	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3872 wrote to memory of 1916	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3872 wrote to memory of 4012	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3872 wrote to memory of 4012	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3872 wrote to memory of 3776	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3872 wrote to memory of 3776	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3872 wrote to memory of 3372	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3872 wrote to memory of 3372	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3872 wrote to memory of 2948	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3872 wrote to memory of 2948	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3872 wrote to memory of 912	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3872 wrote to memory of 912	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3872 wrote to memory of 688	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3872 wrote to memory of 688	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3872 wrote to memory of 2164	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3872 wrote to memory of 2164	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3872 wrote to memory of 5000	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3872 wrote to memory of 5000	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3872 wrote to memory of 2388	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3872 wrote to memory of 2388	3872	2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_6a01ca4961e477a0e3acd59c84e5a5b1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Windows\System\ndYtfxt.exe
  C:\Windows\System\ndYtfxt.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\agtIHFW.exe
  C:\Windows\System\agtIHFW.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\EqKyNjX.exe
  C:\Windows\System\EqKyNjX.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\WdyfKjH.exe
  C:\Windows\System\WdyfKjH.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\DazKeMr.exe
  C:\Windows\System\DazKeMr.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\qzvajRN.exe
  C:\Windows\System\qzvajRN.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\EWUBYPB.exe
  C:\Windows\System\EWUBYPB.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\pHMxBQi.exe
  C:\Windows\System\pHMxBQi.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\cyyLRjB.exe
  C:\Windows\System\cyyLRjB.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\KUktjlP.exe
  C:\Windows\System\KUktjlP.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\pdloari.exe
  C:\Windows\System\pdloari.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\vmoQqsZ.exe
  C:\Windows\System\vmoQqsZ.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\GfoEPat.exe
  C:\Windows\System\GfoEPat.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\xvaZyAV.exe
  C:\Windows\System\xvaZyAV.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\LLhTNBH.exe
  C:\Windows\System\LLhTNBH.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\hJMkvOG.exe
  C:\Windows\System\hJMkvOG.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\baXaZTx.exe
  C:\Windows\System\baXaZTx.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\pSDNqNv.exe
  C:\Windows\System\pSDNqNv.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\zeuPyvn.exe
  C:\Windows\System\zeuPyvn.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\QmkgtHU.exe
  C:\Windows\System\QmkgtHU.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\sKFmqCR.exe
  C:\Windows\System\sKFmqCR.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\FQBhoyL.exe
  C:\Windows\System\FQBhoyL.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\NSszTgL.exe
  C:\Windows\System\NSszTgL.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\JAwinGh.exe
  C:\Windows\System\JAwinGh.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\cADReOd.exe
  C:\Windows\System\cADReOd.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\XjZcqQL.exe
  C:\Windows\System\XjZcqQL.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\NJJSwXu.exe
  C:\Windows\System\NJJSwXu.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\oISdWQG.exe
  C:\Windows\System\oISdWQG.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\SYVJWAB.exe
  C:\Windows\System\SYVJWAB.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\jOyovFP.exe
  C:\Windows\System\jOyovFP.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\xgCumte.exe
  C:\Windows\System\xgCumte.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\HGbOSXZ.exe
  C:\Windows\System\HGbOSXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\aEoGYRG.exe
  C:\Windows\System\aEoGYRG.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\Uwcnjuc.exe
  C:\Windows\System\Uwcnjuc.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\xOhtwTw.exe
  C:\Windows\System\xOhtwTw.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\FrvoTfI.exe
  C:\Windows\System\FrvoTfI.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\QWtNTiP.exe
  C:\Windows\System\QWtNTiP.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\OdQDvXr.exe
  C:\Windows\System\OdQDvXr.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\lppKxpx.exe
  C:\Windows\System\lppKxpx.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\BezVSLd.exe
  C:\Windows\System\BezVSLd.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\pyxVgtb.exe
  C:\Windows\System\pyxVgtb.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\VmsEUcg.exe
  C:\Windows\System\VmsEUcg.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\WXjNiOj.exe
  C:\Windows\System\WXjNiOj.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\lpWFbKW.exe
  C:\Windows\System\lpWFbKW.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\UJeEAtO.exe
  C:\Windows\System\UJeEAtO.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\hxbeoBv.exe
  C:\Windows\System\hxbeoBv.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\tMfvUbi.exe
  C:\Windows\System\tMfvUbi.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\ToDQecT.exe
  C:\Windows\System\ToDQecT.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\kPrPVHU.exe
  C:\Windows\System\kPrPVHU.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\VuAeZGq.exe
  C:\Windows\System\VuAeZGq.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\rDRNRsJ.exe
  C:\Windows\System\rDRNRsJ.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\PGKfWlR.exe
  C:\Windows\System\PGKfWlR.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\VmviXov.exe
  C:\Windows\System\VmviXov.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\jINaqGL.exe
  C:\Windows\System\jINaqGL.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\jOctsnX.exe
  C:\Windows\System\jOctsnX.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\YDtoLFc.exe
  C:\Windows\System\YDtoLFc.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\AYuLgjy.exe
  C:\Windows\System\AYuLgjy.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\thofmOJ.exe
  C:\Windows\System\thofmOJ.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\pnOzzgU.exe
  C:\Windows\System\pnOzzgU.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\wjMJbSx.exe
  C:\Windows\System\wjMJbSx.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\bONCOve.exe
  C:\Windows\System\bONCOve.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\ISmeSyp.exe
  C:\Windows\System\ISmeSyp.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\FnLyHTb.exe
  C:\Windows\System\FnLyHTb.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\QdybmmY.exe
  C:\Windows\System\QdybmmY.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\vMdScar.exe
  C:\Windows\System\vMdScar.exe
  2⤵
  PID:948
- C:\Windows\System\omkmmNQ.exe
  C:\Windows\System\omkmmNQ.exe
  2⤵
  PID:3076
- C:\Windows\System\oTucyEm.exe
  C:\Windows\System\oTucyEm.exe
  2⤵
  PID:5084
- C:\Windows\System\GwhAHNr.exe
  C:\Windows\System\GwhAHNr.exe
  2⤵
  PID:3032
- C:\Windows\System\OQQAtEY.exe
  C:\Windows\System\OQQAtEY.exe
  2⤵
  PID:2656
- C:\Windows\System\TfGhREv.exe
  C:\Windows\System\TfGhREv.exe
  2⤵
  PID:4928
- C:\Windows\System\DDloaYA.exe
  C:\Windows\System\DDloaYA.exe
  2⤵
  PID:4948
- C:\Windows\System\xKacYtg.exe
  C:\Windows\System\xKacYtg.exe
  2⤵
  PID:3908
- C:\Windows\System\hvFWJOU.exe
  C:\Windows\System\hvFWJOU.exe
  2⤵
  PID:1716
- C:\Windows\System\mgOQwRw.exe
  C:\Windows\System\mgOQwRw.exe
  2⤵
  PID:4424
- C:\Windows\System\gTudjtN.exe
  C:\Windows\System\gTudjtN.exe
  2⤵
  PID:116
- C:\Windows\System\XavoqeW.exe
  C:\Windows\System\XavoqeW.exe
  2⤵
  PID:1972
- C:\Windows\System\EJOkoFQ.exe
  C:\Windows\System\EJOkoFQ.exe
  2⤵
  PID:2148
- C:\Windows\System\jUGGFIy.exe
  C:\Windows\System\jUGGFIy.exe
  2⤵
  PID:3940
- C:\Windows\System\qEvsOOI.exe
  C:\Windows\System\qEvsOOI.exe
  2⤵
  PID:516
- C:\Windows\System\fbQxsRW.exe
  C:\Windows\System\fbQxsRW.exe
  2⤵
  PID:4616
- C:\Windows\System\QSGpNXK.exe
  C:\Windows\System\QSGpNXK.exe
  2⤵
  PID:780
- C:\Windows\System\WroNoik.exe
  C:\Windows\System\WroNoik.exe
  2⤵
  PID:1220
- C:\Windows\System\sVWxRMG.exe
  C:\Windows\System\sVWxRMG.exe
  2⤵
  PID:5132
- C:\Windows\System\tXbPHKQ.exe
  C:\Windows\System\tXbPHKQ.exe
  2⤵
  PID:5160
- C:\Windows\System\lCjIzTH.exe
  C:\Windows\System\lCjIzTH.exe
  2⤵
  PID:5176
- C:\Windows\System\UdNTIeP.exe
  C:\Windows\System\UdNTIeP.exe
  2⤵
  PID:5204
- C:\Windows\System\XgtWMdl.exe
  C:\Windows\System\XgtWMdl.exe
  2⤵
  PID:5244
- C:\Windows\System\NaAzFBC.exe
  C:\Windows\System\NaAzFBC.exe
  2⤵
  PID:5260
- C:\Windows\System\FvFVGtX.exe
  C:\Windows\System\FvFVGtX.exe
  2⤵
  PID:5308
- C:\Windows\System\bvTBwXP.exe
  C:\Windows\System\bvTBwXP.exe
  2⤵
  PID:5328
- C:\Windows\System\RcVyajI.exe
  C:\Windows\System\RcVyajI.exe
  2⤵
  PID:5372
- C:\Windows\System\XKfFaTj.exe
  C:\Windows\System\XKfFaTj.exe
  2⤵
  PID:5396
- C:\Windows\System\PpIPvWP.exe
  C:\Windows\System\PpIPvWP.exe
  2⤵
  PID:5424
- C:\Windows\System\pNxZOxz.exe
  C:\Windows\System\pNxZOxz.exe
  2⤵
  PID:5452
- C:\Windows\System\eRNlyUN.exe
  C:\Windows\System\eRNlyUN.exe
  2⤵
  PID:5492
- C:\Windows\System\HSlAOPj.exe
  C:\Windows\System\HSlAOPj.exe
  2⤵
  PID:5508
- C:\Windows\System\MXXbZKb.exe
  C:\Windows\System\MXXbZKb.exe
  2⤵
  PID:5536
- C:\Windows\System\ObuefAF.exe
  C:\Windows\System\ObuefAF.exe
  2⤵
  PID:5552
- C:\Windows\System\VjLLWWq.exe
  C:\Windows\System\VjLLWWq.exe
  2⤵
  PID:5596
- C:\Windows\System\ZAMOsBn.exe
  C:\Windows\System\ZAMOsBn.exe
  2⤵
  PID:5620
- C:\Windows\System\pTeCUSt.exe
  C:\Windows\System\pTeCUSt.exe
  2⤵
  PID:5660
- C:\Windows\System\CowKkQE.exe
  C:\Windows\System\CowKkQE.exe
  2⤵
  PID:5688
- C:\Windows\System\JPyHcRo.exe
  C:\Windows\System\JPyHcRo.exe
  2⤵
  PID:5704
- C:\Windows\System\hFzCmSL.exe
  C:\Windows\System\hFzCmSL.exe
  2⤵
  PID:5732
- C:\Windows\System\LtrHdma.exe
  C:\Windows\System\LtrHdma.exe
  2⤵
  PID:5748
- C:\Windows\System\iovqMsm.exe
  C:\Windows\System\iovqMsm.exe
  2⤵
  PID:5784
- C:\Windows\System\TgQCSff.exe
  C:\Windows\System\TgQCSff.exe
  2⤵
  PID:5800
- C:\Windows\System\aaTICYT.exe
  C:\Windows\System\aaTICYT.exe
  2⤵
  PID:5832
- C:\Windows\System\SLaJjOk.exe
  C:\Windows\System\SLaJjOk.exe
  2⤵
  PID:5860
- C:\Windows\System\QPWVMfw.exe
  C:\Windows\System\QPWVMfw.exe
  2⤵
  PID:5876
- C:\Windows\System\SMNsttx.exe
  C:\Windows\System\SMNsttx.exe
  2⤵
  PID:5924
- C:\Windows\System\ucwoWvg.exe
  C:\Windows\System\ucwoWvg.exe
  2⤵
  PID:5944
- C:\Windows\System\ELHnZgr.exe
  C:\Windows\System\ELHnZgr.exe
  2⤵
  PID:5960
- C:\Windows\System\qkEHwVW.exe
  C:\Windows\System\qkEHwVW.exe
  2⤵
  PID:5980
- C:\Windows\System\sCnHxCb.exe
  C:\Windows\System\sCnHxCb.exe
  2⤵
  PID:6020
- C:\Windows\System\jCSKLYT.exe
  C:\Windows\System\jCSKLYT.exe
  2⤵
  PID:6040
- C:\Windows\System\UVOzWJC.exe
  C:\Windows\System\UVOzWJC.exe
  2⤵
  PID:6084
- C:\Windows\System\hDrUmyi.exe
  C:\Windows\System\hDrUmyi.exe
  2⤵
  PID:6100
- C:\Windows\System\CuwOfjx.exe
  C:\Windows\System\CuwOfjx.exe
  2⤵
  PID:6128
- C:\Windows\System\HCrujls.exe
  C:\Windows\System\HCrujls.exe
  2⤵
  PID:1884
- C:\Windows\System\dkXQVgY.exe
  C:\Windows\System\dkXQVgY.exe
  2⤵
  PID:2056
- C:\Windows\System\DjeTeBS.exe
  C:\Windows\System\DjeTeBS.exe
  2⤵
  PID:5172
- C:\Windows\System\vYuLQgn.exe
  C:\Windows\System\vYuLQgn.exe
  2⤵
  PID:5216
- C:\Windows\System\oWowxce.exe
  C:\Windows\System\oWowxce.exe
  2⤵
  PID:5268
- C:\Windows\System\YIThQPv.exe
  C:\Windows\System\YIThQPv.exe
  2⤵
  PID:5340
- C:\Windows\System\qOPuWVJ.exe
  C:\Windows\System\qOPuWVJ.exe
  2⤵
  PID:5412
- C:\Windows\System\dPXqbsw.exe
  C:\Windows\System\dPXqbsw.exe
  2⤵
  PID:5448
- C:\Windows\System\GEEwoVy.exe
  C:\Windows\System\GEEwoVy.exe
  2⤵
  PID:5516
- C:\Windows\System\vOFeUJj.exe
  C:\Windows\System\vOFeUJj.exe
  2⤵
  PID:5576
- C:\Windows\System\pZkDiIA.exe
  C:\Windows\System\pZkDiIA.exe
  2⤵
  PID:928
- C:\Windows\System\nxmQRJD.exe
  C:\Windows\System\nxmQRJD.exe
  2⤵
  PID:5760
- C:\Windows\System\UlLyLQI.exe
  C:\Windows\System\UlLyLQI.exe
  2⤵
  PID:5792
- C:\Windows\System\evhbpAn.exe
  C:\Windows\System\evhbpAn.exe
  2⤵
  PID:5852
- C:\Windows\System\atnwBxB.exe
  C:\Windows\System\atnwBxB.exe
  2⤵
  PID:5912
- C:\Windows\System\rCajWiw.exe
  C:\Windows\System\rCajWiw.exe
  2⤵
  PID:5968
- C:\Windows\System\VVcmFhR.exe
  C:\Windows\System\VVcmFhR.exe
  2⤵
  PID:6016
- C:\Windows\System\DrTykdj.exe
  C:\Windows\System\DrTykdj.exe
  2⤵
  PID:6096
- C:\Windows\System\CcOJnNu.exe
  C:\Windows\System\CcOJnNu.exe
  2⤵
  PID:344
- C:\Windows\System\wOXxydx.exe
  C:\Windows\System\wOXxydx.exe
  2⤵
  PID:5100
- C:\Windows\System\RxsNmaU.exe
  C:\Windows\System\RxsNmaU.exe
  2⤵
  PID:5252
- C:\Windows\System\egAuIgS.exe
  C:\Windows\System\egAuIgS.exe
  2⤵
  PID:5392
- C:\Windows\System\HYAfPWo.exe
  C:\Windows\System\HYAfPWo.exe
  2⤵
  PID:5644
- C:\Windows\System\WbncXQu.exe
  C:\Windows\System\WbncXQu.exe
  2⤵
  PID:5772
- C:\Windows\System\xputAfl.exe
  C:\Windows\System\xputAfl.exe
  2⤵
  PID:5900
- C:\Windows\System\UxvplFj.exe
  C:\Windows\System\UxvplFj.exe
  2⤵
  PID:6068
- C:\Windows\System\SKOrUzv.exe
  C:\Windows\System\SKOrUzv.exe
  2⤵
  PID:5192
- C:\Windows\System\AYmkhEY.exe
  C:\Windows\System\AYmkhEY.exe
  2⤵
  PID:6180
- C:\Windows\System\sLQusPB.exe
  C:\Windows\System\sLQusPB.exe
  2⤵
  PID:6196
- C:\Windows\System\mPWwRMQ.exe
  C:\Windows\System\mPWwRMQ.exe
  2⤵
  PID:6212
- C:\Windows\System\ussFYWE.exe
  C:\Windows\System\ussFYWE.exe
  2⤵
  PID:6264
- C:\Windows\System\HdQBJQH.exe
  C:\Windows\System\HdQBJQH.exe
  2⤵
  PID:6292
- C:\Windows\System\DpUCyTZ.exe
  C:\Windows\System\DpUCyTZ.exe
  2⤵
  PID:6308
- C:\Windows\System\zhVtYhd.exe
  C:\Windows\System\zhVtYhd.exe
  2⤵
  PID:6336
- C:\Windows\System\XIhJziF.exe
  C:\Windows\System\XIhJziF.exe
  2⤵
  PID:6364
- C:\Windows\System\crhBxnE.exe
  C:\Windows\System\crhBxnE.exe
  2⤵
  PID:6392
- C:\Windows\System\sHrSaDI.exe
  C:\Windows\System\sHrSaDI.exe
  2⤵
  PID:6408
- C:\Windows\System\IrhXmKz.exe
  C:\Windows\System\IrhXmKz.exe
  2⤵
  PID:6436
- C:\Windows\System\QOZLfLM.exe
  C:\Windows\System\QOZLfLM.exe
  2⤵
  PID:6476
- C:\Windows\System\RdLEKZh.exe
  C:\Windows\System\RdLEKZh.exe
  2⤵
  PID:6492
- C:\Windows\System\qLQcsfj.exe
  C:\Windows\System\qLQcsfj.exe
  2⤵
  PID:6520
- C:\Windows\System\cJUUytA.exe
  C:\Windows\System\cJUUytA.exe
  2⤵
  PID:6556
- C:\Windows\System\nCkgUkJ.exe
  C:\Windows\System\nCkgUkJ.exe
  2⤵
  PID:6576
- C:\Windows\System\smaEagG.exe
  C:\Windows\System\smaEagG.exe
  2⤵
  PID:6616
- C:\Windows\System\qVrkcxi.exe
  C:\Windows\System\qVrkcxi.exe
  2⤵
  PID:6632
- C:\Windows\System\KscMjSB.exe
  C:\Windows\System\KscMjSB.exe
  2⤵
  PID:6672
- C:\Windows\System\EuzdNNM.exe
  C:\Windows\System\EuzdNNM.exe
  2⤵
  PID:6688
- C:\Windows\System\WkqpKKE.exe
  C:\Windows\System\WkqpKKE.exe
  2⤵
  PID:6716
- C:\Windows\System\perwwXD.exe
  C:\Windows\System\perwwXD.exe
  2⤵
  PID:6732
- C:\Windows\System\CyslRIV.exe
  C:\Windows\System\CyslRIV.exe
  2⤵
  PID:6760
- C:\Windows\System\ccfulrW.exe
  C:\Windows\System\ccfulrW.exe
  2⤵
  PID:6800
- C:\Windows\System\wxKRvDF.exe
  C:\Windows\System\wxKRvDF.exe
  2⤵
  PID:6836
- C:\Windows\System\UvwSveS.exe
  C:\Windows\System\UvwSveS.exe
  2⤵
  PID:6856
- C:\Windows\System\cHqIvPl.exe
  C:\Windows\System\cHqIvPl.exe
  2⤵
  PID:6884
- C:\Windows\System\xhMQsri.exe
  C:\Windows\System\xhMQsri.exe
  2⤵
  PID:6912
- C:\Windows\System\RbnAVrl.exe
  C:\Windows\System\RbnAVrl.exe
  2⤵
  PID:6940
- C:\Windows\System\eiCLENQ.exe
  C:\Windows\System\eiCLENQ.exe
  2⤵
  PID:6960
- C:\Windows\System\OhKLZSb.exe
  C:\Windows\System\OhKLZSb.exe
  2⤵
  PID:6976
- C:\Windows\System\eLUqAIU.exe
  C:\Windows\System\eLUqAIU.exe
  2⤵
  PID:6992
- C:\Windows\System\cSNAucw.exe
  C:\Windows\System\cSNAucw.exe
  2⤵
  PID:7016
- C:\Windows\System\UGBVgZC.exe
  C:\Windows\System\UGBVgZC.exe
  2⤵
  PID:7056
- C:\Windows\System\jVpWkdU.exe
  C:\Windows\System\jVpWkdU.exe
  2⤵
  PID:7104
- C:\Windows\System\RiISdWN.exe
  C:\Windows\System\RiISdWN.exe
  2⤵
  PID:7136
- C:\Windows\System\XAintQU.exe
  C:\Windows\System\XAintQU.exe
  2⤵
  PID:7164
- C:\Windows\System\WiyGUdf.exe
  C:\Windows\System\WiyGUdf.exe
  2⤵
  PID:5560
- C:\Windows\System\gcDudva.exe
  C:\Windows\System\gcDudva.exe
  2⤵
  PID:5952
- C:\Windows\System\QzZawqe.exe
  C:\Windows\System\QzZawqe.exe
  2⤵
  PID:2864
- C:\Windows\System\sVPUdXY.exe
  C:\Windows\System\sVPUdXY.exe
  2⤵
  PID:6204
- C:\Windows\System\ywHCqqg.exe
  C:\Windows\System\ywHCqqg.exe
  2⤵
  PID:6256
- C:\Windows\System\IaxmjlP.exe
  C:\Windows\System\IaxmjlP.exe
  2⤵
  PID:6324
- C:\Windows\System\idvZSVm.exe
  C:\Windows\System\idvZSVm.exe
  2⤵
  PID:6384
- C:\Windows\System\GnuJGVa.exe
  C:\Windows\System\GnuJGVa.exe
  2⤵
  PID:6484
- C:\Windows\System\jLXbVkc.exe
  C:\Windows\System\jLXbVkc.exe
  2⤵
  PID:6544
- C:\Windows\System\OfILtUm.exe
  C:\Windows\System\OfILtUm.exe
  2⤵
  PID:6604
- C:\Windows\System\KGMFEKc.exe
  C:\Windows\System\KGMFEKc.exe
  2⤵
  PID:6660
- C:\Windows\System\aFnqpAr.exe
  C:\Windows\System\aFnqpAr.exe
  2⤵
  PID:6740
- C:\Windows\System\wlsILoN.exe
  C:\Windows\System\wlsILoN.exe
  2⤵
  PID:6776
- C:\Windows\System\ozclfPx.exe
  C:\Windows\System\ozclfPx.exe
  2⤵
  PID:6844
- C:\Windows\System\XjnzGQR.exe
  C:\Windows\System\XjnzGQR.exe
  2⤵
  PID:6936
- C:\Windows\System\ZUhbLOQ.exe
  C:\Windows\System\ZUhbLOQ.exe
  2⤵
  PID:6972
- C:\Windows\System\JGaBwRx.exe
  C:\Windows\System\JGaBwRx.exe
  2⤵
  PID:7008
- C:\Windows\System\AzbiKWS.exe
  C:\Windows\System\AzbiKWS.exe
  2⤵
  PID:7040
- C:\Windows\System\RyaQjMQ.exe
  C:\Windows\System\RyaQjMQ.exe
  2⤵
  PID:7128
- C:\Windows\System\eyBDKdt.exe
  C:\Windows\System\eyBDKdt.exe
  2⤵
  PID:5724
- C:\Windows\System\gLXtFbn.exe
  C:\Windows\System\gLXtFbn.exe
  2⤵
  PID:6276
- C:\Windows\System\HISzoaW.exe
  C:\Windows\System\HISzoaW.exe
  2⤵
  PID:6356
- C:\Windows\System\hLFYVUq.exe
  C:\Windows\System\hLFYVUq.exe
  2⤵
  PID:6456
- C:\Windows\System\QChJgOk.exe
  C:\Windows\System\QChJgOk.exe
  2⤵
  PID:6644
- C:\Windows\System\WBMqoVO.exe
  C:\Windows\System\WBMqoVO.exe
  2⤵
  PID:6708
- C:\Windows\System\YHzdckF.exe
  C:\Windows\System\YHzdckF.exe
  2⤵
  PID:6900
- C:\Windows\System\mxRTRTh.exe
  C:\Windows\System\mxRTRTh.exe
  2⤵
  PID:7028
- C:\Windows\System\MRPObvI.exe
  C:\Windows\System\MRPObvI.exe
  2⤵
  PID:7092
- C:\Windows\System\YiEwcUL.exe
  C:\Windows\System\YiEwcUL.exe
  2⤵
  PID:4152
- C:\Windows\System\nBySyAb.exe
  C:\Windows\System\nBySyAb.exe
  2⤵
  PID:7176
- C:\Windows\System\xLubTPZ.exe
  C:\Windows\System\xLubTPZ.exe
  2⤵
  PID:7192
- C:\Windows\System\UZeVhUv.exe
  C:\Windows\System\UZeVhUv.exe
  2⤵
  PID:7220
- C:\Windows\System\axdHUYn.exe
  C:\Windows\System\axdHUYn.exe
  2⤵
  PID:7268
- C:\Windows\System\vmUdjWU.exe
  C:\Windows\System\vmUdjWU.exe
  2⤵
  PID:7288
- C:\Windows\System\meJGbfO.exe
  C:\Windows\System\meJGbfO.exe
  2⤵
  PID:7336
- C:\Windows\System\qPrppZr.exe
  C:\Windows\System\qPrppZr.exe
  2⤵
  PID:7368
- C:\Windows\System\TmpeKZG.exe
  C:\Windows\System\TmpeKZG.exe
  2⤵
  PID:7404
- C:\Windows\System\tmZdCuW.exe
  C:\Windows\System\tmZdCuW.exe
  2⤵
  PID:7424
- C:\Windows\System\BvBkphd.exe
  C:\Windows\System\BvBkphd.exe
  2⤵
  PID:7444
- C:\Windows\System\VhvQhIB.exe
  C:\Windows\System\VhvQhIB.exe
  2⤵
  PID:7468
- C:\Windows\System\xlLavRe.exe
  C:\Windows\System\xlLavRe.exe
  2⤵
  PID:7500
- C:\Windows\System\VqowSOq.exe
  C:\Windows\System\VqowSOq.exe
  2⤵
  PID:7548
- C:\Windows\System\gTKzCEs.exe
  C:\Windows\System\gTKzCEs.exe
  2⤵
  PID:7564
- C:\Windows\System\vOpszli.exe
  C:\Windows\System\vOpszli.exe
  2⤵
  PID:7592
- C:\Windows\System\gdhKrpl.exe
  C:\Windows\System\gdhKrpl.exe
  2⤵
  PID:7620
- C:\Windows\System\rnDZoQA.exe
  C:\Windows\System\rnDZoQA.exe
  2⤵
  PID:7648
- C:\Windows\System\zckkdIO.exe
  C:\Windows\System\zckkdIO.exe
  2⤵
  PID:7676
- C:\Windows\System\VkYuoQk.exe
  C:\Windows\System\VkYuoQk.exe
  2⤵
  PID:7704
- C:\Windows\System\oTcNIkS.exe
  C:\Windows\System\oTcNIkS.exe
  2⤵
  PID:7720
- C:\Windows\System\XDoTWwx.exe
  C:\Windows\System\XDoTWwx.exe
  2⤵
  PID:7740
- C:\Windows\System\ZIbAAuo.exe
  C:\Windows\System\ZIbAAuo.exe
  2⤵
  PID:7764
- C:\Windows\System\NsRKijO.exe
  C:\Windows\System\NsRKijO.exe
  2⤵
  PID:7804
- C:\Windows\System\cGbVVWN.exe
  C:\Windows\System\cGbVVWN.exe
  2⤵
  PID:7820
- C:\Windows\System\pDXeYrk.exe
  C:\Windows\System\pDXeYrk.exe
  2⤵
  PID:7860
- C:\Windows\System\jZUTcUc.exe
  C:\Windows\System\jZUTcUc.exe
  2⤵
  PID:7896
- C:\Windows\System\iGbtuKl.exe
  C:\Windows\System\iGbtuKl.exe
  2⤵
  PID:7940
- C:\Windows\System\xUojYmG.exe
  C:\Windows\System\xUojYmG.exe
  2⤵
  PID:7956
- C:\Windows\System\ebcrkuH.exe
  C:\Windows\System\ebcrkuH.exe
  2⤵
  PID:7972
- C:\Windows\System\KMkXatW.exe
  C:\Windows\System\KMkXatW.exe
  2⤵
  PID:8000
- C:\Windows\System\ArRqQJk.exe
  C:\Windows\System\ArRqQJk.exe
  2⤵
  PID:8044
- C:\Windows\System\vsnMhnC.exe
  C:\Windows\System\vsnMhnC.exe
  2⤵
  PID:8080
- C:\Windows\System\CFAPPsR.exe
  C:\Windows\System\CFAPPsR.exe
  2⤵
  PID:8096
- C:\Windows\System\vBfcloY.exe
  C:\Windows\System\vBfcloY.exe
  2⤵
  PID:8124
- C:\Windows\System\FWDJUfY.exe
  C:\Windows\System\FWDJUfY.exe
  2⤵
  PID:8140
- C:\Windows\System\QLVsjUd.exe
  C:\Windows\System\QLVsjUd.exe
  2⤵
  PID:8156
- C:\Windows\System\RbFQxXN.exe
  C:\Windows\System\RbFQxXN.exe
  2⤵
  PID:8172
- C:\Windows\System\lDViwQg.exe
  C:\Windows\System\lDViwQg.exe
  2⤵
  PID:6768
- C:\Windows\System\gMBopVd.exe
  C:\Windows\System\gMBopVd.exe
  2⤵
  PID:6448
- C:\Windows\System\SxFNwmy.exe
  C:\Windows\System\SxFNwmy.exe
  2⤵
  PID:7228
- C:\Windows\System\RCVKYmh.exe
  C:\Windows\System\RCVKYmh.exe
  2⤵
  PID:7296
- C:\Windows\System\gECIdro.exe
  C:\Windows\System\gECIdro.exe
  2⤵
  PID:7344
- C:\Windows\System\qystKwl.exe
  C:\Windows\System\qystKwl.exe
  2⤵
  PID:7380
- C:\Windows\System\ssvomqY.exe
  C:\Windows\System\ssvomqY.exe
  2⤵
  PID:7412
- C:\Windows\System\aQNwBNn.exe
  C:\Windows\System\aQNwBNn.exe
  2⤵
  PID:7452
- C:\Windows\System\DXlKLPm.exe
  C:\Windows\System\DXlKLPm.exe
  2⤵
  PID:7964
- C:\Windows\System\xNUOfXC.exe
  C:\Windows\System\xNUOfXC.exe
  2⤵
  PID:8032
- C:\Windows\System\pkjaiFP.exe
  C:\Windows\System\pkjaiFP.exe
  2⤵
  PID:8092
- C:\Windows\System\fkLQHtZ.exe
  C:\Windows\System\fkLQHtZ.exe
  2⤵
  PID:8148
- C:\Windows\System\lsGyezx.exe
  C:\Windows\System\lsGyezx.exe
  2⤵
  PID:3736
- C:\Windows\System\ZyzCPOB.exe
  C:\Windows\System\ZyzCPOB.exe
  2⤵
  PID:4228
- C:\Windows\System\UEFbMrX.exe
  C:\Windows\System\UEFbMrX.exe
  2⤵
  PID:5040
- C:\Windows\System\CNiGIkT.exe
  C:\Windows\System\CNiGIkT.exe
  2⤵
  PID:696
- C:\Windows\System\gdrZRtc.exe
  C:\Windows\System\gdrZRtc.exe
  2⤵
  PID:1708
- C:\Windows\System\BzEUsoX.exe
  C:\Windows\System\BzEUsoX.exe
  2⤵
  PID:3564
- C:\Windows\System\NAKmJNy.exe
  C:\Windows\System\NAKmJNy.exe
  2⤵
  PID:5028
- C:\Windows\System\wZiGDQd.exe
  C:\Windows\System\wZiGDQd.exe
  2⤵
  PID:5360
- C:\Windows\System\YJMJysI.exe
  C:\Windows\System\YJMJysI.exe
  2⤵
  PID:7256
- C:\Windows\System\UbaKYye.exe
  C:\Windows\System\UbaKYye.exe
  2⤵
  PID:7604
- C:\Windows\System\PqCmzNy.exe
  C:\Windows\System\PqCmzNy.exe
  2⤵
  PID:380
- C:\Windows\System\fxitjgw.exe
  C:\Windows\System\fxitjgw.exe
  2⤵
  PID:7844
- C:\Windows\System\iSstgWi.exe
  C:\Windows\System\iSstgWi.exe
  2⤵
  PID:7712
- C:\Windows\System\UylySyw.exe
  C:\Windows\System\UylySyw.exe
  2⤵
  PID:7772
- C:\Windows\System\RUPwBrt.exe
  C:\Windows\System\RUPwBrt.exe
  2⤵
  PID:4352
- C:\Windows\System\fNOuEWd.exe
  C:\Windows\System\fNOuEWd.exe
  2⤵
  PID:2832
- C:\Windows\System\pgDVWmD.exe
  C:\Windows\System\pgDVWmD.exe
  2⤵
  PID:1256
- C:\Windows\System\PsaMNxb.exe
  C:\Windows\System\PsaMNxb.exe
  2⤵
  PID:4848
- C:\Windows\System\cyaWEIM.exe
  C:\Windows\System\cyaWEIM.exe
  2⤵
  PID:4760
- C:\Windows\System\omllNxH.exe
  C:\Windows\System\omllNxH.exe
  2⤵
  PID:8008
- C:\Windows\System\NdpamUe.exe
  C:\Windows\System\NdpamUe.exe
  2⤵
  PID:2064
- C:\Windows\System\BVNoEPl.exe
  C:\Windows\System\BVNoEPl.exe
  2⤵
  PID:4556
- C:\Windows\System\fROnRDA.exe
  C:\Windows\System\fROnRDA.exe
  2⤵
  PID:3892
- C:\Windows\System\VeTJgJY.exe
  C:\Windows\System\VeTJgJY.exe
  2⤵
  PID:4792
- C:\Windows\System\kPTFaZv.exe
  C:\Windows\System\kPTFaZv.exe
  2⤵
  PID:3948
- C:\Windows\System\vnOwsbi.exe
  C:\Windows\System\vnOwsbi.exe
  2⤵
  PID:2708
- C:\Windows\System\gACavGD.exe
  C:\Windows\System\gACavGD.exe
  2⤵
  PID:7836
- C:\Windows\System\cSKJRzx.exe
  C:\Windows\System\cSKJRzx.exe
  2⤵
  PID:7756
- C:\Windows\System\UFaJufl.exe
  C:\Windows\System\UFaJufl.exe
  2⤵
  PID:372
- C:\Windows\System\NjpBaNz.exe
  C:\Windows\System\NjpBaNz.exe
  2⤵
  PID:7920
- C:\Windows\System\cARADTe.exe
  C:\Windows\System\cARADTe.exe
  2⤵
  PID:8072
- C:\Windows\System\LqqTSuq.exe
  C:\Windows\System\LqqTSuq.exe
  2⤵
  PID:2564
- C:\Windows\System\EElDpAQ.exe
  C:\Windows\System\EElDpAQ.exe
  2⤵
  PID:4968
- C:\Windows\System\VXZYqnF.exe
  C:\Windows\System\VXZYqnF.exe
  2⤵
  PID:7728
- C:\Windows\System\LySAxQU.exe
  C:\Windows\System\LySAxQU.exe
  2⤵
  PID:4988
- C:\Windows\System\yUqNqQG.exe
  C:\Windows\System\yUqNqQG.exe
  2⤵
  PID:2104
- C:\Windows\System\CZokJDC.exe
  C:\Windows\System\CZokJDC.exe
  2⤵
  PID:2400
- C:\Windows\System\VEoRLZN.exe
  C:\Windows\System\VEoRLZN.exe
  2⤵
  PID:3772
- C:\Windows\System\SlQgVaA.exe
  C:\Windows\System\SlQgVaA.exe
  2⤵
  PID:3600
- C:\Windows\System\WFtKsdz.exe
  C:\Windows\System\WFtKsdz.exe
  2⤵
  PID:7948
- C:\Windows\System\jNqDfez.exe
  C:\Windows\System\jNqDfez.exe
  2⤵
  PID:8200
- C:\Windows\System\QHNayfa.exe
  C:\Windows\System\QHNayfa.exe
  2⤵
  PID:8232
- C:\Windows\System\fAHyRqX.exe
  C:\Windows\System\fAHyRqX.exe
  2⤵
  PID:8256
- C:\Windows\System\jQkTaOQ.exe
  C:\Windows\System\jQkTaOQ.exe
  2⤵
  PID:8288
- C:\Windows\System\JVqCOSS.exe
  C:\Windows\System\JVqCOSS.exe
  2⤵
  PID:8312
- C:\Windows\System\reknABf.exe
  C:\Windows\System\reknABf.exe
  2⤵
  PID:8340
- C:\Windows\System\jqDXhGj.exe
  C:\Windows\System\jqDXhGj.exe
  2⤵
  PID:8376
- C:\Windows\System\sPVnYnY.exe
  C:\Windows\System\sPVnYnY.exe
  2⤵
  PID:8396
- C:\Windows\System\jSJijjV.exe
  C:\Windows\System\jSJijjV.exe
  2⤵
  PID:8416
- C:\Windows\System\FvzSpmI.exe
  C:\Windows\System\FvzSpmI.exe
  2⤵
  PID:8476
- C:\Windows\System\qMsBPBJ.exe
  C:\Windows\System\qMsBPBJ.exe
  2⤵
  PID:8508
- C:\Windows\System\bBeLpUl.exe
  C:\Windows\System\bBeLpUl.exe
  2⤵
  PID:8536
- C:\Windows\System\ZRxNBQx.exe
  C:\Windows\System\ZRxNBQx.exe
  2⤵
  PID:8568
- C:\Windows\System\wMfCOaQ.exe
  C:\Windows\System\wMfCOaQ.exe
  2⤵
  PID:8596
- C:\Windows\System\HSlINrA.exe
  C:\Windows\System\HSlINrA.exe
  2⤵
  PID:8624
- C:\Windows\System\ZLIXrzO.exe
  C:\Windows\System\ZLIXrzO.exe
  2⤵
  PID:8660
- C:\Windows\System\PpDQsxa.exe
  C:\Windows\System\PpDQsxa.exe
  2⤵
  PID:8684
- C:\Windows\System\eMcZxAs.exe
  C:\Windows\System\eMcZxAs.exe
  2⤵
  PID:8720
- C:\Windows\System\FCbIenP.exe
  C:\Windows\System\FCbIenP.exe
  2⤵
  PID:8744
- C:\Windows\System\rrNRIbM.exe
  C:\Windows\System\rrNRIbM.exe
  2⤵
  PID:8772
- C:\Windows\System\bavxwPG.exe
  C:\Windows\System\bavxwPG.exe
  2⤵
  PID:8816
- C:\Windows\System\TOSsDJn.exe
  C:\Windows\System\TOSsDJn.exe
  2⤵
  PID:8840
- C:\Windows\System\ojZcxnB.exe
  C:\Windows\System\ojZcxnB.exe
  2⤵
  PID:8860
- C:\Windows\System\ZOGGECM.exe
  C:\Windows\System\ZOGGECM.exe
  2⤵
  PID:8888
- C:\Windows\System\VsoGWHd.exe
  C:\Windows\System\VsoGWHd.exe
  2⤵
  PID:8916
- C:\Windows\System\WDPqWIG.exe
  C:\Windows\System\WDPqWIG.exe
  2⤵
  PID:8944
- C:\Windows\System\HkFPqVM.exe
  C:\Windows\System\HkFPqVM.exe
  2⤵
  PID:8972
- C:\Windows\System\hXPnqoL.exe
  C:\Windows\System\hXPnqoL.exe
  2⤵
  PID:9004
- C:\Windows\System\iJwRMWi.exe
  C:\Windows\System\iJwRMWi.exe
  2⤵
  PID:9028
- C:\Windows\System\zawqHeQ.exe
  C:\Windows\System\zawqHeQ.exe
  2⤵
  PID:9056
- C:\Windows\System\DIabTRC.exe
  C:\Windows\System\DIabTRC.exe
  2⤵
  PID:9084
- C:\Windows\System\dLSGzIi.exe
  C:\Windows\System\dLSGzIi.exe
  2⤵
  PID:9112
- C:\Windows\System\ZKmDbYc.exe
  C:\Windows\System\ZKmDbYc.exe
  2⤵
  PID:9156
- C:\Windows\System\dcSusHa.exe
  C:\Windows\System\dcSusHa.exe
  2⤵
  PID:9188
- C:\Windows\System\fsFcGZc.exe
  C:\Windows\System\fsFcGZc.exe
  2⤵
  PID:4388
- C:\Windows\System\PlApOxP.exe
  C:\Windows\System\PlApOxP.exe
  2⤵
  PID:8240
- C:\Windows\System\xkHaowd.exe
  C:\Windows\System\xkHaowd.exe
  2⤵
  PID:8308
- C:\Windows\System\TdnTfHF.exe
  C:\Windows\System\TdnTfHF.exe
  2⤵
  PID:8364
- C:\Windows\System\JmBLxWQ.exe
  C:\Windows\System\JmBLxWQ.exe
  2⤵
  PID:8456
- C:\Windows\System\nBWdDQm.exe
  C:\Windows\System\nBWdDQm.exe
  2⤵
  PID:4536
- C:\Windows\System\jdqnBdW.exe
  C:\Windows\System\jdqnBdW.exe
  2⤵
  PID:2888
- C:\Windows\System\MnJgoPn.exe
  C:\Windows\System\MnJgoPn.exe
  2⤵
  PID:8552
- C:\Windows\System\SxYwlPQ.exe
  C:\Windows\System\SxYwlPQ.exe
  2⤵
  PID:8608
- C:\Windows\System\fudlHcL.exe
  C:\Windows\System\fudlHcL.exe
  2⤵
  PID:8676
- C:\Windows\System\TuJMyfY.exe
  C:\Windows\System\TuJMyfY.exe
  2⤵
  PID:8736
- C:\Windows\System\fzTJAvV.exe
  C:\Windows\System\fzTJAvV.exe
  2⤵
  PID:8796
- C:\Windows\System\VviIfOr.exe
  C:\Windows\System\VviIfOr.exe
  2⤵
  PID:8880
- C:\Windows\System\gUtLTXs.exe
  C:\Windows\System\gUtLTXs.exe
  2⤵
  PID:8940
- C:\Windows\System\omPrHyh.exe
  C:\Windows\System\omPrHyh.exe
  2⤵
  PID:9012
- C:\Windows\System\nRjAnLz.exe
  C:\Windows\System\nRjAnLz.exe
  2⤵
  PID:9068
- C:\Windows\System\SpjlyLj.exe
  C:\Windows\System\SpjlyLj.exe
  2⤵
  PID:9124
- C:\Windows\System\cRwKRxM.exe
  C:\Windows\System\cRwKRxM.exe
  2⤵
  PID:9208
- C:\Windows\System\klpFYpV.exe
  C:\Windows\System\klpFYpV.exe
  2⤵
  PID:8296
- C:\Windows\System\DdxomhI.exe
  C:\Windows\System\DdxomhI.exe
  2⤵
  PID:2392
- C:\Windows\System\KyEOJqO.exe
  C:\Windows\System\KyEOJqO.exe
  2⤵
  PID:3480
- C:\Windows\System\XnCsefy.exe
  C:\Windows\System\XnCsefy.exe
  2⤵
  PID:7068
- C:\Windows\System\TwLqoxr.exe
  C:\Windows\System\TwLqoxr.exe
  2⤵
  PID:8532
- C:\Windows\System\DtsBrvj.exe
  C:\Windows\System\DtsBrvj.exe
  2⤵
  PID:8704
- C:\Windows\System\KGIRYQI.exe
  C:\Windows\System\KGIRYQI.exe
  2⤵
  PID:8908
- C:\Windows\System\zbqHVGj.exe
  C:\Windows\System\zbqHVGj.exe
  2⤵
  PID:8644
- C:\Windows\System\Soyrvky.exe
  C:\Windows\System\Soyrvky.exe
  2⤵
  PID:9184
- C:\Windows\System\NFvClyj.exe
  C:\Windows\System\NFvClyj.exe
  2⤵
  PID:3260
- C:\Windows\System\VaUTyMQ.exe
  C:\Windows\System\VaUTyMQ.exe
  2⤵
  PID:2644
- C:\Windows\System\KkfwEXT.exe
  C:\Windows\System\KkfwEXT.exe
  2⤵
  PID:8668
- C:\Windows\System\xDkSquX.exe
  C:\Windows\System\xDkSquX.exe
  2⤵
  PID:8848
- C:\Windows\System\QLOrJUU.exe
  C:\Windows\System\QLOrJUU.exe
  2⤵
  PID:4896
- C:\Windows\System\CYyHMhT.exe
  C:\Windows\System\CYyHMhT.exe
  2⤵
  PID:2284
- C:\Windows\System\qwrTBgi.exe
  C:\Windows\System\qwrTBgi.exe
  2⤵
  PID:2120
- C:\Windows\System\cksDvdk.exe
  C:\Windows\System\cksDvdk.exe
  2⤵
  PID:8220
- C:\Windows\System\GJduqsg.exe
  C:\Windows\System\GJduqsg.exe
  2⤵
  PID:9080
- C:\Windows\System\GLNuFWM.exe
  C:\Windows\System\GLNuFWM.exe
  2⤵
  PID:9244
- C:\Windows\System\SLywCAa.exe
  C:\Windows\System\SLywCAa.exe
  2⤵
  PID:9260
- C:\Windows\System\oKFhuAu.exe
  C:\Windows\System\oKFhuAu.exe
  2⤵
  PID:9288
- C:\Windows\System\KblwLPl.exe
  C:\Windows\System\KblwLPl.exe
  2⤵
  PID:9316
- C:\Windows\System\TLNbaOQ.exe
  C:\Windows\System\TLNbaOQ.exe
  2⤵
  PID:9344
- C:\Windows\System\jWhRVia.exe
  C:\Windows\System\jWhRVia.exe
  2⤵
  PID:9380
- C:\Windows\System\eEueEvI.exe
  C:\Windows\System\eEueEvI.exe
  2⤵
  PID:9404
- C:\Windows\System\gGGatOW.exe
  C:\Windows\System\gGGatOW.exe
  2⤵
  PID:9428
- C:\Windows\System\xdcXZZQ.exe
  C:\Windows\System\xdcXZZQ.exe
  2⤵
  PID:9456
- C:\Windows\System\EFVCfrt.exe
  C:\Windows\System\EFVCfrt.exe
  2⤵
  PID:9484
- C:\Windows\System\IRHXbdh.exe
  C:\Windows\System\IRHXbdh.exe
  2⤵
  PID:9504
- C:\Windows\System\RtPNPNo.exe
  C:\Windows\System\RtPNPNo.exe
  2⤵
  PID:9540
- C:\Windows\System\JhnFrfE.exe
  C:\Windows\System\JhnFrfE.exe
  2⤵
  PID:9568
- C:\Windows\System\nyHaHaq.exe
  C:\Windows\System\nyHaHaq.exe
  2⤵
  PID:9600
- C:\Windows\System\rCJWHnd.exe
  C:\Windows\System\rCJWHnd.exe
  2⤵
  PID:9620
- C:\Windows\System\VthtwyS.exe
  C:\Windows\System\VthtwyS.exe
  2⤵
  PID:9656
- C:\Windows\System\dNpmUvl.exe
  C:\Windows\System\dNpmUvl.exe
  2⤵
  PID:9684
- C:\Windows\System\vuyeCXV.exe
  C:\Windows\System\vuyeCXV.exe
  2⤵
  PID:9716
- C:\Windows\System\ePcJRdS.exe
  C:\Windows\System\ePcJRdS.exe
  2⤵
  PID:9744
- C:\Windows\System\pfOSpbg.exe
  C:\Windows\System\pfOSpbg.exe
  2⤵
  PID:9772
- C:\Windows\System\RkGVCpn.exe
  C:\Windows\System\RkGVCpn.exe
  2⤵
  PID:9800
- C:\Windows\System\qYXHLIZ.exe
  C:\Windows\System\qYXHLIZ.exe
  2⤵
  PID:9832
- C:\Windows\System\QOaKdOf.exe
  C:\Windows\System\QOaKdOf.exe
  2⤵
  PID:9860
- C:\Windows\System\cZAWcbn.exe
  C:\Windows\System\cZAWcbn.exe
  2⤵
  PID:9888
- C:\Windows\System\nUyseBn.exe
  C:\Windows\System\nUyseBn.exe
  2⤵
  PID:9916
- C:\Windows\System\aCSJkPa.exe
  C:\Windows\System\aCSJkPa.exe
  2⤵
  PID:9944
- C:\Windows\System\jGXpnys.exe
  C:\Windows\System\jGXpnys.exe
  2⤵
  PID:9972
- C:\Windows\System\YgFjPad.exe
  C:\Windows\System\YgFjPad.exe
  2⤵
  PID:10000
- C:\Windows\System\boJAYQp.exe
  C:\Windows\System\boJAYQp.exe
  2⤵
  PID:10028
- C:\Windows\System\JQURAnP.exe
  C:\Windows\System\JQURAnP.exe
  2⤵
  PID:10060
- C:\Windows\System\MzsAadz.exe
  C:\Windows\System\MzsAadz.exe
  2⤵
  PID:10088
- C:\Windows\System\eReHZoy.exe
  C:\Windows\System\eReHZoy.exe
  2⤵
  PID:10140
- C:\Windows\System\KqZqsnz.exe
  C:\Windows\System\KqZqsnz.exe
  2⤵
  PID:10188
- C:\Windows\System\zvUREFl.exe
  C:\Windows\System\zvUREFl.exe
  2⤵
  PID:10220
- C:\Windows\System\jpjWTGF.exe
  C:\Windows\System\jpjWTGF.exe
  2⤵
  PID:9224
- C:\Windows\System\ilWIcSR.exe
  C:\Windows\System\ilWIcSR.exe
  2⤵
  PID:9280
- C:\Windows\System\rULXoWO.exe
  C:\Windows\System\rULXoWO.exe
  2⤵
  PID:9340
- C:\Windows\System\MVMSQhY.exe
  C:\Windows\System\MVMSQhY.exe
  2⤵
  PID:9412
- C:\Windows\System\pjCcDyN.exe
  C:\Windows\System\pjCcDyN.exe
  2⤵
  PID:4056
- C:\Windows\System\UXSMdLE.exe
  C:\Windows\System\UXSMdLE.exe
  2⤵
  PID:9532
- C:\Windows\System\AwgdWfr.exe
  C:\Windows\System\AwgdWfr.exe
  2⤵
  PID:9612
- C:\Windows\System\AmcQkNL.exe
  C:\Windows\System\AmcQkNL.exe
  2⤵
  PID:9676
- C:\Windows\System\eIjpMFM.exe
  C:\Windows\System\eIjpMFM.exe
  2⤵
  PID:9736
- C:\Windows\System\UKvkNRx.exe
  C:\Windows\System\UKvkNRx.exe
  2⤵
  PID:9784
- C:\Windows\System\ICQlySK.exe
  C:\Windows\System\ICQlySK.exe
  2⤵
  PID:9852
- C:\Windows\System\WXzjYZY.exe
  C:\Windows\System\WXzjYZY.exe
  2⤵
  PID:9984
- C:\Windows\System\wBuzwKb.exe
  C:\Windows\System\wBuzwKb.exe
  2⤵
  PID:10020
- C:\Windows\System\BEiuIPn.exe
  C:\Windows\System\BEiuIPn.exe
  2⤵
  PID:10124
- C:\Windows\System\pjChQWw.exe
  C:\Windows\System\pjChQWw.exe
  2⤵
  PID:9336
- C:\Windows\System\btDLEfl.exe
  C:\Windows\System\btDLEfl.exe
  2⤵
  PID:9556
- C:\Windows\System\zCdaUDi.exe
  C:\Windows\System\zCdaUDi.exe
  2⤵
  PID:9764
- C:\Windows\System\jnjjMwt.exe
  C:\Windows\System\jnjjMwt.exe
  2⤵
  PID:9900
- C:\Windows\System\oHjwAeK.exe
  C:\Windows\System\oHjwAeK.exe
  2⤵
  PID:10100
- C:\Windows\System\pFqushV.exe
  C:\Windows\System\pFqushV.exe
  2⤵
  PID:9708
- C:\Windows\System\iIdzPXg.exe
  C:\Windows\System\iIdzPXg.exe
  2⤵
  PID:5356
- C:\Windows\System\VPAShHz.exe
  C:\Windows\System\VPAShHz.exe
  2⤵
  PID:10280
- C:\Windows\System\KLzquHB.exe
  C:\Windows\System\KLzquHB.exe
  2⤵
  PID:10300
- C:\Windows\System\DfuAnAX.exe
  C:\Windows\System\DfuAnAX.exe
  2⤵
  PID:10332
- C:\Windows\System\QNwSYKj.exe
  C:\Windows\System\QNwSYKj.exe
  2⤵
  PID:10360
- C:\Windows\System\KzqINru.exe
  C:\Windows\System\KzqINru.exe
  2⤵
  PID:10392
- C:\Windows\System\IuSyAkd.exe
  C:\Windows\System\IuSyAkd.exe
  2⤵
  PID:10420
- C:\Windows\System\XjUXjrw.exe
  C:\Windows\System\XjUXjrw.exe
  2⤵
  PID:10460
- C:\Windows\System\rzfXqEt.exe
  C:\Windows\System\rzfXqEt.exe
  2⤵
  PID:10496
- C:\Windows\System\lZazZbL.exe
  C:\Windows\System\lZazZbL.exe
  2⤵
  PID:10528
- C:\Windows\System\NPjSYch.exe
  C:\Windows\System\NPjSYch.exe
  2⤵
  PID:10568
- C:\Windows\System\jzEkSRr.exe
  C:\Windows\System\jzEkSRr.exe
  2⤵
  PID:10596
- C:\Windows\System\KuMXcBz.exe
  C:\Windows\System\KuMXcBz.exe
  2⤵
  PID:10616
- C:\Windows\System\RraKYUG.exe
  C:\Windows\System\RraKYUG.exe
  2⤵
  PID:10668
- C:\Windows\System\MMKYRqJ.exe
  C:\Windows\System\MMKYRqJ.exe
  2⤵
  PID:10704
- C:\Windows\System\cavzoNr.exe
  C:\Windows\System\cavzoNr.exe
  2⤵
  PID:10748
- C:\Windows\System\tIbFUdX.exe
  C:\Windows\System\tIbFUdX.exe
  2⤵
  PID:10792
- C:\Windows\System\vghotSm.exe
  C:\Windows\System\vghotSm.exe
  2⤵
  PID:10820
- C:\Windows\System\xgVOdMA.exe
  C:\Windows\System\xgVOdMA.exe
  2⤵
  PID:10904
- C:\Windows\System\fAiIddj.exe
  C:\Windows\System\fAiIddj.exe
  2⤵
  PID:10940
- C:\Windows\System\bxiDtdM.exe
  C:\Windows\System\bxiDtdM.exe
  2⤵
  PID:10976
- C:\Windows\System\VOkdZDw.exe
  C:\Windows\System\VOkdZDw.exe
  2⤵
  PID:11004
- C:\Windows\System\JFhpuCY.exe
  C:\Windows\System\JFhpuCY.exe
  2⤵
  PID:11036
- C:\Windows\System\wIkDKqw.exe
  C:\Windows\System\wIkDKqw.exe
  2⤵
  PID:11060
- C:\Windows\System\bTIJblH.exe
  C:\Windows\System\bTIJblH.exe
  2⤵
  PID:11112
- C:\Windows\System\vZEvTOF.exe
  C:\Windows\System\vZEvTOF.exe
  2⤵
  PID:11164
- C:\Windows\System\jOsZGjc.exe
  C:\Windows\System\jOsZGjc.exe
  2⤵
  PID:11208
- C:\Windows\System\wOHIbCy.exe
  C:\Windows\System\wOHIbCy.exe
  2⤵
  PID:11236
- C:\Windows\System\JVuIAzM.exe
  C:\Windows\System\JVuIAzM.exe
  2⤵
  PID:10264
- C:\Windows\System\dqLqIXH.exe
  C:\Windows\System\dqLqIXH.exe
  2⤵
  PID:10328
- C:\Windows\System\bhrRXFJ.exe
  C:\Windows\System\bhrRXFJ.exe
  2⤵
  PID:10384
- C:\Windows\System\RgGTcFP.exe
  C:\Windows\System\RgGTcFP.exe
  2⤵
  PID:10320
- C:\Windows\System\CIpicez.exe
  C:\Windows\System\CIpicez.exe
  2⤵
  PID:9496
- C:\Windows\System\KaQFPvN.exe
  C:\Windows\System\KaQFPvN.exe
  2⤵
  PID:10524
- C:\Windows\System\FCglIiY.exe
  C:\Windows\System\FCglIiY.exe
  2⤵
  PID:10588
- C:\Windows\System\OPfyAeF.exe
  C:\Windows\System\OPfyAeF.exe
  2⤵
  PID:2212
- C:\Windows\System\DtSygRY.exe
  C:\Windows\System\DtSygRY.exe
  2⤵
  PID:10652
- C:\Windows\System\AnOZCVO.exe
  C:\Windows\System\AnOZCVO.exe
  2⤵
  PID:2296
- C:\Windows\System\DwquPmN.exe
  C:\Windows\System\DwquPmN.exe
  2⤵
  PID:5824
- C:\Windows\System\cHTdxrQ.exe
  C:\Windows\System\cHTdxrQ.exe
  2⤵
  PID:6176
- C:\Windows\System\KPNJCeL.exe
  C:\Windows\System\KPNJCeL.exe
  2⤵
  PID:6280
- C:\Windows\System\gmRpKUd.exe
  C:\Windows\System\gmRpKUd.exe
  2⤵
  PID:3580
- C:\Windows\System\IqLxkpH.exe
  C:\Windows\System\IqLxkpH.exe
  2⤵
  PID:3560
- C:\Windows\System\KiGUPmf.exe
  C:\Windows\System\KiGUPmf.exe
  2⤵
  PID:2692
- C:\Windows\System\tcAAlkN.exe
  C:\Windows\System\tcAAlkN.exe
  2⤵
  PID:10808
- C:\Windows\System\SNDjiKi.exe
  C:\Windows\System\SNDjiKi.exe
  2⤵
  PID:10712
- C:\Windows\System\EFmBtMy.exe
  C:\Windows\System\EFmBtMy.exe
  2⤵
  PID:10788
- C:\Windows\System\WKhyZfB.exe
  C:\Windows\System\WKhyZfB.exe
  2⤵
  PID:4612
- C:\Windows\System\XaYOGkN.exe
  C:\Windows\System\XaYOGkN.exe
  2⤵
  PID:6564
- C:\Windows\System\tUKZcmO.exe
  C:\Windows\System\tUKZcmO.exe
  2⤵
  PID:6664
- C:\Windows\System\RNJqEJD.exe
  C:\Windows\System\RNJqEJD.exe
  2⤵
  PID:6744
- C:\Windows\System\PSfaXZU.exe
  C:\Windows\System\PSfaXZU.exe
  2⤵
  PID:6852
- C:\Windows\System\lZxGsIw.exe
  C:\Windows\System\lZxGsIw.exe
  2⤵
  PID:6908
- C:\Windows\System\faasXvc.exe
  C:\Windows\System\faasXvc.exe
  2⤵
  PID:7096
- C:\Windows\System\aJlUnhn.exe
  C:\Windows\System\aJlUnhn.exe
  2⤵
  PID:5324
- C:\Windows\System\CEWVmBF.exe
  C:\Windows\System\CEWVmBF.exe
  2⤵
  PID:6288
- C:\Windows\System\bqbLhyU.exe
  C:\Windows\System\bqbLhyU.exe
  2⤵
  PID:10880
- C:\Windows\System\HowxIVg.exe
  C:\Windows\System\HowxIVg.exe
  2⤵
  PID:3828
- C:\Windows\System\fUzDSTK.exe
  C:\Windows\System\fUzDSTK.exe
  2⤵
  PID:2640
- C:\Windows\System\ekAwnOL.exe
  C:\Windows\System\ekAwnOL.exe
  2⤵
  PID:1848
- C:\Windows\System\pohdqWP.exe
  C:\Windows\System\pohdqWP.exe
  2⤵
  PID:2292
- C:\Windows\System\cPwVFrx.exe
  C:\Windows\System\cPwVFrx.exe
  2⤵
  PID:3512
- C:\Windows\System\yhWparA.exe
  C:\Windows\System\yhWparA.exe
  2⤵
  PID:1228
- C:\Windows\System\EnEUHBj.exe
  C:\Windows\System\EnEUHBj.exe
  2⤵
  PID:10936
- C:\Windows\System\xprylep.exe
  C:\Windows\System\xprylep.exe
  2⤵
  PID:4368
- C:\Windows\System\suNYjDT.exe
  C:\Windows\System\suNYjDT.exe
  2⤵
  PID:11092
- C:\Windows\System\wDxlyXn.exe
  C:\Windows\System\wDxlyXn.exe
  2⤵
  PID:11132
- C:\Windows\System\TlBmjkZ.exe
  C:\Windows\System\TlBmjkZ.exe
  2⤵
  PID:7124
- C:\Windows\System\pWKimwA.exe
  C:\Windows\System\pWKimwA.exe
  2⤵
  PID:5844
- C:\Windows\System\hGAlULJ.exe
  C:\Windows\System\hGAlULJ.exe
  2⤵
  PID:6812
- C:\Windows\System\ZxfviZu.exe
  C:\Windows\System\ZxfviZu.exe
  2⤵
  PID:4444
- C:\Windows\System\NBYHsrz.exe
  C:\Windows\System\NBYHsrz.exe
  2⤵
  PID:11200
- C:\Windows\System\tsCNfyV.exe
  C:\Windows\System\tsCNfyV.exe
  2⤵
  PID:1104
- C:\Windows\System\jfcmeMW.exe
  C:\Windows\System\jfcmeMW.exe
  2⤵
  PID:4820
- C:\Windows\System\PGDBHyI.exe
  C:\Windows\System\PGDBHyI.exe
  2⤵
  PID:11260
- C:\Windows\System\IsatbsS.exe
  C:\Windows\System\IsatbsS.exe
  2⤵
  PID:10412
- C:\Windows\System\rcSqejO.exe
  C:\Windows\System\rcSqejO.exe
  2⤵
  PID:5156
- C:\Windows\System\OxZcYLZ.exe
  C:\Windows\System\OxZcYLZ.exe
  2⤵
  PID:10732
- C:\Windows\System\ZNDOzFV.exe
  C:\Windows\System\ZNDOzFV.exe
  2⤵
  PID:5236
- C:\Windows\System\cZgyPhw.exe
  C:\Windows\System\cZgyPhw.exe
  2⤵
  PID:10604
- C:\Windows\System\JhZmSXD.exe
  C:\Windows\System\JhZmSXD.exe
  2⤵
  PID:5272
- C:\Windows\System\iLdYbkF.exe
  C:\Windows\System\iLdYbkF.exe
  2⤵
  PID:1940
- C:\Windows\System\DKhuhJU.exe
  C:\Windows\System\DKhuhJU.exe
  2⤵
  PID:5344
- C:\Windows\System\GATPhXI.exe
  C:\Windows\System\GATPhXI.exe
  2⤵
  PID:6248
- C:\Windows\System\bkPzTbA.exe
  C:\Windows\System\bkPzTbA.exe
  2⤵
  PID:10780
- C:\Windows\System\bZFdHit.exe
  C:\Windows\System\bZFdHit.exe
  2⤵
  PID:10612
- C:\Windows\System\YWbSWAP.exe
  C:\Windows\System\YWbSWAP.exe
  2⤵
  PID:10784
- C:\Windows\System\mdkExnj.exe
  C:\Windows\System\mdkExnj.exe
  2⤵
  PID:10736
- C:\Windows\System\aZfulLb.exe
  C:\Windows\System\aZfulLb.exe
  2⤵
  PID:10828
- C:\Windows\System\gWMMHhu.exe
  C:\Windows\System\gWMMHhu.exe
  2⤵
  PID:6612
- C:\Windows\System\XCiDcVV.exe
  C:\Windows\System\XCiDcVV.exe
  2⤵
  PID:6796
- C:\Windows\System\xQxItZk.exe
  C:\Windows\System\xQxItZk.exe
  2⤵
  PID:7656
- C:\Windows\System\OncozrK.exe
  C:\Windows\System\OncozrK.exe
  2⤵
  PID:5652
- C:\Windows\System\DEjSLQS.exe
  C:\Windows\System\DEjSLQS.exe
  2⤵
  PID:6316
- C:\Windows\System\tcJHugm.exe
  C:\Windows\System\tcJHugm.exe
  2⤵
  PID:4100
- C:\Windows\System\GTDgRsG.exe
  C:\Windows\System\GTDgRsG.exe
  2⤵
  PID:10900
- C:\Windows\System\ccYkRIm.exe
  C:\Windows\System\ccYkRIm.exe
  2⤵
  PID:3152
- C:\Windows\System\rAtiEup.exe
  C:\Windows\System\rAtiEup.exe
  2⤵
  PID:3084
- C:\Windows\System\MkZGVdW.exe
  C:\Windows\System\MkZGVdW.exe
  2⤵
  PID:10996
- C:\Windows\System\FINKxEa.exe
  C:\Windows\System\FINKxEa.exe
  2⤵
  PID:11124
- C:\Windows\System\JMIMPJB.exe
  C:\Windows\System\JMIMPJB.exe
  2⤵
  PID:6404
- C:\Windows\System\SmiehRX.exe
  C:\Windows\System\SmiehRX.exe
  2⤵
  PID:3168
- C:\Windows\System\qZDiojP.exe
  C:\Windows\System\qZDiojP.exe
  2⤵
  PID:1000
- C:\Windows\System\FVwZfLl.exe
  C:\Windows\System\FVwZfLl.exe
  2⤵
  PID:6052
- C:\Windows\System\IVirDVe.exe
  C:\Windows\System\IVirDVe.exe
  2⤵
  PID:11088
- C:\Windows\System\mgSugDG.exe
  C:\Windows\System\mgSugDG.exe
  2⤵
  PID:10640
- C:\Windows\System\FlVheoH.exe
  C:\Windows\System\FlVheoH.exe
  2⤵
  PID:10508
- C:\Windows\System\FisEftT.exe
  C:\Windows\System\FisEftT.exe
  2⤵
  PID:3148
- C:\Windows\System\kazPybF.exe
  C:\Windows\System\kazPybF.exe
  2⤵
  PID:6120
- C:\Windows\System\MlWfZbJ.exe
  C:\Windows\System\MlWfZbJ.exe
  2⤵
  PID:5300
- C:\Windows\System\gfeIvwi.exe
  C:\Windows\System\gfeIvwi.exe
  2⤵
  PID:5380
- C:\Windows\System\iTJvdZT.exe
  C:\Windows\System\iTJvdZT.exe
  2⤵
  PID:10684
- C:\Windows\System\IOHWrln.exe
  C:\Windows\System\IOHWrln.exe
  2⤵
  PID:5364
- C:\Windows\System\OiDMpMq.exe
  C:\Windows\System\OiDMpMq.exe
  2⤵
  PID:10852
- C:\Windows\System\EcwklQM.exe
  C:\Windows\System\EcwklQM.exe
  2⤵
  PID:6608
- C:\Windows\System\djTHXkY.exe
  C:\Windows\System\djTHXkY.exe
  2⤵
  PID:6832
- C:\Windows\System\CNZkLgI.exe
  C:\Windows\System\CNZkLgI.exe
  2⤵
  PID:7072
- C:\Windows\System\stYUFrb.exe
  C:\Windows\System\stYUFrb.exe
  2⤵
  PID:7116
- C:\Windows\System\jsgtvTv.exe
  C:\Windows\System\jsgtvTv.exe
  2⤵
  PID:10740
- C:\Windows\System\zRLmdfi.exe
  C:\Windows\System\zRLmdfi.exe
  2⤵
  PID:2440
- C:\Windows\System\elhFQNQ.exe
  C:\Windows\System\elhFQNQ.exe
  2⤵
  PID:9756
- C:\Windows\System\QGOTlCx.exe
  C:\Windows\System\QGOTlCx.exe
  2⤵
  PID:5956
- C:\Windows\System\lrxKAhF.exe
  C:\Windows\System\lrxKAhF.exe
  2⤵
  PID:5976
- C:\Windows\System\VdyAAgP.exe
  C:\Windows\System\VdyAAgP.exe
  2⤵
  PID:8060
- C:\Windows\System\ZtfZxeL.exe
  C:\Windows\System\ZtfZxeL.exe
  2⤵
  PID:10040
- C:\Windows\System\jjTvpak.exe
  C:\Windows\System\jjTvpak.exe
  2⤵
  PID:10252
- C:\Windows\System\fYKQmsk.exe
  C:\Windows\System\fYKQmsk.exe
  2⤵
  PID:3348
- C:\Windows\System\OnkDSeD.exe
  C:\Windows\System\OnkDSeD.exe
  2⤵
  PID:2992
- C:\Windows\System\RmHzwMx.exe
  C:\Windows\System\RmHzwMx.exe
  2⤵
  PID:5128
- C:\Windows\System\CCWPOix.exe
  C:\Windows\System\CCWPOix.exe
  2⤵
  PID:9940
- C:\Windows\System\cXFNSEp.exe
  C:\Windows\System\cXFNSEp.exe
  2⤵
  PID:10132
- C:\Windows\System\inmuJgq.exe
  C:\Windows\System\inmuJgq.exe
  2⤵
  PID:5228
- C:\Windows\System\nyXWguR.exe
  C:\Windows\System\nyXWguR.exe
  2⤵
  PID:6228
- C:\Windows\System\urynqcA.exe
  C:\Windows\System\urynqcA.exe
  2⤵
  PID:5564
- C:\Windows\System\mdtXpSy.exe
  C:\Windows\System\mdtXpSy.exe
  2⤵
  PID:6160
- C:\Windows\System\oOzgxUa.exe
  C:\Windows\System\oOzgxUa.exe
  2⤵
  PID:11016
- C:\Windows\System\XqaIJLb.exe
  C:\Windows\System\XqaIJLb.exe
  2⤵
  PID:5420
- C:\Windows\System\tWiAlgL.exe
  C:\Windows\System\tWiAlgL.exe
  2⤵
  PID:11220
- C:\Windows\System\CZpVmGX.exe
  C:\Windows\System\CZpVmGX.exe
  2⤵
  PID:6388
- C:\Windows\System\NjFRrPv.exe
  C:\Windows\System\NjFRrPv.exe
  2⤵
  PID:5220
- C:\Windows\System\RyGwDDY.exe
  C:\Windows\System\RyGwDDY.exe
  2⤵
  PID:9912
- C:\Windows\System\QKfSQjX.exe
  C:\Windows\System\QKfSQjX.exe
  2⤵
  PID:10108
- C:\Windows\System\xbWfeUc.exe
  C:\Windows\System\xbWfeUc.exe
  2⤵
  PID:4288
- C:\Windows\System\kQzFNji.exe
  C:\Windows\System\kQzFNji.exe
  2⤵
  PID:5808
- C:\Windows\System\MXouGgL.exe
  C:\Windows\System\MXouGgL.exe
  2⤵
  PID:6360
- C:\Windows\System\ZYayPCu.exe
  C:\Windows\System\ZYayPCu.exe
  2⤵
  PID:9928
- C:\Windows\System\bXsdUKW.exe
  C:\Windows\System\bXsdUKW.exe
  2⤵
  PID:5648
- C:\Windows\System\sOuBKYI.exe
  C:\Windows\System\sOuBKYI.exe
  2⤵
  PID:1740
- C:\Windows\System\ROPntGd.exe
  C:\Windows\System\ROPntGd.exe
  2⤵
  PID:5716
- C:\Windows\System\KcnGIKn.exe
  C:\Windows\System\KcnGIKn.exe
  2⤵
  PID:5528
- C:\Windows\System\DgBaouo.exe
  C:\Windows\System\DgBaouo.exe
  2⤵
  PID:11288
- C:\Windows\System\ipiWLZn.exe
  C:\Windows\System\ipiWLZn.exe
  2⤵
  PID:11316
- C:\Windows\System\RYzlFoq.exe
  C:\Windows\System\RYzlFoq.exe
  2⤵
  PID:11344
- C:\Windows\System\pEpvpPx.exe
  C:\Windows\System\pEpvpPx.exe
  2⤵
  PID:11372
- C:\Windows\System\JNaWGwe.exe
  C:\Windows\System\JNaWGwe.exe
  2⤵
  PID:11400
- C:\Windows\System\pnTnYPC.exe
  C:\Windows\System\pnTnYPC.exe
  2⤵
  PID:11428
- C:\Windows\System\QzggxwR.exe
  C:\Windows\System\QzggxwR.exe
  2⤵
  PID:11456
- C:\Windows\System\XdqSVGm.exe
  C:\Windows\System\XdqSVGm.exe
  2⤵
  PID:11496
- C:\Windows\System\SonHieJ.exe
  C:\Windows\System\SonHieJ.exe
  2⤵
  PID:11524
- C:\Windows\System\kRTxZQl.exe
  C:\Windows\System\kRTxZQl.exe
  2⤵
  PID:11544
- C:\Windows\System\pIYfrNP.exe
  C:\Windows\System\pIYfrNP.exe
  2⤵
  PID:11584
- C:\Windows\System\fzbVyld.exe
  C:\Windows\System\fzbVyld.exe
  2⤵
  PID:11600
- C:\Windows\System\lUkgjdg.exe
  C:\Windows\System\lUkgjdg.exe
  2⤵
  PID:11640
- C:\Windows\System\RzjLvZq.exe
  C:\Windows\System\RzjLvZq.exe
  2⤵
  PID:11664
- C:\Windows\System\cWcqDXn.exe
  C:\Windows\System\cWcqDXn.exe
  2⤵
  PID:11692
- C:\Windows\System\GHYTznV.exe
  C:\Windows\System\GHYTznV.exe
  2⤵
  PID:11724
- C:\Windows\System\lslpazM.exe
  C:\Windows\System\lslpazM.exe
  2⤵
  PID:11748
- C:\Windows\System\XZcmgVi.exe
  C:\Windows\System\XZcmgVi.exe
  2⤵
  PID:11780
- C:\Windows\System\iPwUKMU.exe
  C:\Windows\System\iPwUKMU.exe
  2⤵
  PID:11808
- C:\Windows\System\MbWcnFP.exe
  C:\Windows\System\MbWcnFP.exe
  2⤵
  PID:11836
- C:\Windows\System\LaRZpMt.exe
  C:\Windows\System\LaRZpMt.exe
  2⤵
  PID:11856
- C:\Windows\System\bjbPpgK.exe
  C:\Windows\System\bjbPpgK.exe
  2⤵
  PID:11888
- C:\Windows\System\FcoiDjz.exe
  C:\Windows\System\FcoiDjz.exe
  2⤵
  PID:11912
- C:\Windows\System\fczcrCA.exe
  C:\Windows\System\fczcrCA.exe
  2⤵
  PID:11952
- C:\Windows\System\RKiOXME.exe
  C:\Windows\System\RKiOXME.exe
  2⤵
  PID:11976
- C:\Windows\System\fbEktVe.exe
  C:\Windows\System\fbEktVe.exe
  2⤵
  PID:12008
- C:\Windows\System\VGyZxeo.exe
  C:\Windows\System\VGyZxeo.exe
  2⤵
  PID:12036
- C:\Windows\System\nxgqwuF.exe
  C:\Windows\System\nxgqwuF.exe
  2⤵
  PID:12064
- C:\Windows\System\oiadWsJ.exe
  C:\Windows\System\oiadWsJ.exe
  2⤵
  PID:12084
- C:\Windows\System\bFryZTv.exe
  C:\Windows\System\bFryZTv.exe
  2⤵
  PID:12120
- C:\Windows\System\dZwWXel.exe
  C:\Windows\System\dZwWXel.exe
  2⤵
  PID:12148
- C:\Windows\System\WTIxiMn.exe
  C:\Windows\System\WTIxiMn.exe
  2⤵
  PID:12176
- C:\Windows\System\wJbzHYV.exe
  C:\Windows\System\wJbzHYV.exe
  2⤵
  PID:12204
- C:\Windows\System\mdygTqk.exe
  C:\Windows\System\mdygTqk.exe
  2⤵
  PID:12228
- C:\Windows\System\FdbqIPO.exe
  C:\Windows\System\FdbqIPO.exe
  2⤵
  PID:12260
- C:\Windows\System\scFjMNc.exe
  C:\Windows\System\scFjMNc.exe
  2⤵
  PID:12280
- C:\Windows\System\BGjcpxw.exe
  C:\Windows\System\BGjcpxw.exe
  2⤵
  PID:11328
- C:\Windows\System\fKklKdt.exe
  C:\Windows\System\fKklKdt.exe
  2⤵
  PID:11396
- C:\Windows\System\mNEhHTp.exe
  C:\Windows\System\mNEhHTp.exe
  2⤵
  PID:11476
- C:\Windows\System\wedFFnU.exe
  C:\Windows\System\wedFFnU.exe
  2⤵
  PID:11536
- C:\Windows\System\RUPJTrq.exe
  C:\Windows\System\RUPJTrq.exe
  2⤵
  PID:11596
- C:\Windows\System\xXgKUAa.exe
  C:\Windows\System\xXgKUAa.exe
  2⤵
  PID:11672
- C:\Windows\System\PqnOBVr.exe
  C:\Windows\System\PqnOBVr.exe
  2⤵
  PID:11736
- C:\Windows\System\NYRdjgd.exe
  C:\Windows\System\NYRdjgd.exe
  2⤵
  PID:11796
- C:\Windows\System\adnItGb.exe
  C:\Windows\System\adnItGb.exe
  2⤵
  PID:11852
- C:\Windows\System\VWawkSp.exe
  C:\Windows\System\VWawkSp.exe
  2⤵
  PID:11932
- C:\Windows\System\nyDeNyT.exe
  C:\Windows\System\nyDeNyT.exe
  2⤵
  PID:11984
- C:\Windows\System\ZYhUgml.exe
  C:\Windows\System\ZYhUgml.exe
  2⤵
  PID:12048
- C:\Windows\System\DOLATaE.exe
  C:\Windows\System\DOLATaE.exe
  2⤵
  PID:12108
- C:\Windows\System\aXgMWGq.exe
  C:\Windows\System\aXgMWGq.exe
  2⤵
  PID:11684
- C:\Windows\System\cZqKAbQ.exe
  C:\Windows\System\cZqKAbQ.exe
  2⤵
  PID:6628
- C:\Windows\System\nxBvpAG.exe
  C:\Windows\System\nxBvpAG.exe
  2⤵
  PID:6684
- C:\Windows\System\fOPtkaK.exe
  C:\Windows\System\fOPtkaK.exe
  2⤵
  PID:11300
- C:\Windows\System\JKcXHRw.exe
  C:\Windows\System\JKcXHRw.exe
  2⤵
  PID:11424
- C:\Windows\System\UTBzokI.exe
  C:\Windows\System\UTBzokI.exe
  2⤵
  PID:6896
- C:\Windows\System\MDsgwkj.exe
  C:\Windows\System\MDsgwkj.exe
  2⤵
  PID:11636
- C:\Windows\System\hfUKnFN.exe
  C:\Windows\System\hfUKnFN.exe
  2⤵
  PID:11788
- C:\Windows\System\bVtAHRB.exe
  C:\Windows\System\bVtAHRB.exe
  2⤵
  PID:11960
- C:\Windows\System\DHrnDAl.exe
  C:\Windows\System\DHrnDAl.exe
  2⤵
  PID:12104
- C:\Windows\System\DWTHwzi.exe
  C:\Windows\System\DWTHwzi.exe
  2⤵
  PID:12236
- C:\Windows\System\InyMncH.exe
  C:\Windows\System\InyMncH.exe
  2⤵
  PID:11312
- C:\Windows\System\iMklpUB.exe
  C:\Windows\System\iMklpUB.exe
  2⤵
  PID:6924
- C:\Windows\System\FrJjKaW.exe
  C:\Windows\System\FrJjKaW.exe
  2⤵
  PID:11756
- C:\Windows\System\jOlWlsp.exe
  C:\Windows\System\jOlWlsp.exe
  2⤵
  PID:12096
- C:\Windows\System\GMQUMWM.exe
  C:\Windows\System\GMQUMWM.exe
  2⤵
  PID:6704
- C:\Windows\System\scHIMJb.exe
  C:\Windows\System\scHIMJb.exe
  2⤵
  PID:11620
- C:\Windows\System\foEPygE.exe
  C:\Windows\System\foEPygE.exe
  2⤵
  PID:12076
- C:\Windows\System\tTyMpNg.exe
  C:\Windows\System\tTyMpNg.exe
  2⤵
  PID:12188
- C:\Windows\System\EnJdzwk.exe
  C:\Windows\System\EnJdzwk.exe
  2⤵
  PID:7240
- C:\Windows\System\iHxvKnm.exe
  C:\Windows\System\iHxvKnm.exe
  2⤵
  PID:7204
- C:\Windows\System\wfiIrOJ.exe
  C:\Windows\System\wfiIrOJ.exe
  2⤵
  PID:7232
- C:\Windows\System\UVcOXtr.exe
  C:\Windows\System\UVcOXtr.exe
  2⤵
  PID:8112
- C:\Windows\System\fQWyUjr.exe
  C:\Windows\System\fQWyUjr.exe
  2⤵
  PID:1952
- C:\Windows\System\YaGKhdZ.exe
  C:\Windows\System\YaGKhdZ.exe
  2⤵
  PID:1932
- C:\Windows\System\ZSBJuKH.exe
  C:\Windows\System\ZSBJuKH.exe
  2⤵
  PID:7384
- C:\Windows\System\HqGOhyK.exe
  C:\Windows\System\HqGOhyK.exe
  2⤵
  PID:1580
- C:\Windows\System\gUuZIhT.exe
  C:\Windows\System\gUuZIhT.exe
  2⤵
  PID:7308
- C:\Windows\System\vryeXVl.exe
  C:\Windows\System\vryeXVl.exe
  2⤵
  PID:2748
- C:\Windows\System\tGfEqJq.exe
  C:\Windows\System\tGfEqJq.exe
  2⤵
  PID:1284
- C:\Windows\System\XURxJOb.exe
  C:\Windows\System\XURxJOb.exe
  2⤵
  PID:7484
- C:\Windows\System\QsfduOL.exe
  C:\Windows\System\QsfduOL.exe
  2⤵
  PID:7788
- C:\Windows\System\MJHqEzZ.exe
  C:\Windows\System\MJHqEzZ.exe
  2⤵
  PID:7516
- C:\Windows\System\jDLzzFg.exe
  C:\Windows\System\jDLzzFg.exe
  2⤵
  PID:7528
- C:\Windows\System\JMYEMSp.exe
  C:\Windows\System\JMYEMSp.exe
  2⤵
  PID:7616
- C:\Windows\System\WnnQbVP.exe
  C:\Windows\System\WnnQbVP.exe
  2⤵
  PID:4468
- C:\Windows\System\hhPUlRA.exe
  C:\Windows\System\hhPUlRA.exe
  2⤵
  PID:4432
- C:\Windows\System\TEYJwsQ.exe
  C:\Windows\System\TEYJwsQ.exe
  2⤵
  PID:7508
- C:\Windows\System\oiPQsJU.exe
  C:\Windows\System\oiPQsJU.exe
  2⤵
  PID:636
- C:\Windows\System\IOsuJvw.exe
  C:\Windows\System\IOsuJvw.exe
  2⤵
  PID:7476
- C:\Windows\System\SehBNHt.exe
  C:\Windows\System\SehBNHt.exe
  2⤵
  PID:5076
- C:\Windows\System\doJJuFz.exe
  C:\Windows\System\doJJuFz.exe
  2⤵
  PID:2944
- C:\Windows\System\TmdFQCa.exe
  C:\Windows\System\TmdFQCa.exe
  2⤵
  PID:7796
- C:\Windows\System\SQHDPxM.exe
  C:\Windows\System\SQHDPxM.exe
  2⤵
  PID:7784
- C:\Windows\System\BwFPZBs.exe
  C:\Windows\System\BwFPZBs.exe
  2⤵
  PID:2172
- C:\Windows\System\dPKZOMf.exe
  C:\Windows\System\dPKZOMf.exe
  2⤵
  PID:7736
- C:\Windows\System\hweRnes.exe
  C:\Windows\System\hweRnes.exe
  2⤵
  PID:7636
- C:\Windows\System\hrCgyom.exe
  C:\Windows\System\hrCgyom.exe
  2⤵
  PID:7868
- C:\Windows\System\rjhxQKL.exe
  C:\Windows\System\rjhxQKL.exe
  2⤵
  PID:1280
- C:\Windows\System\HWiMmlf.exe
  C:\Windows\System\HWiMmlf.exe
  2⤵
  PID:7916
- C:\Windows\System\NYgJcox.exe
  C:\Windows\System\NYgJcox.exe
  2⤵
  PID:7932
- C:\Windows\System\fkjfSNg.exe
  C:\Windows\System\fkjfSNg.exe
  2⤵
  PID:3424
- C:\Windows\System\txDFiFf.exe
  C:\Windows\System\txDFiFf.exe
  2⤵
  PID:1340
- C:\Windows\System\EZoFRGu.exe
  C:\Windows\System\EZoFRGu.exe
  2⤵
  PID:1376
- C:\Windows\System\OgGgxxl.exe
  C:\Windows\System\OgGgxxl.exe
  2⤵
  PID:12308
- C:\Windows\System\thMhOeA.exe
  C:\Windows\System\thMhOeA.exe
  2⤵
  PID:12336
- C:\Windows\System\pqiROYj.exe
  C:\Windows\System\pqiROYj.exe
  2⤵
  PID:12360
- C:\Windows\System\qqkHXZY.exe
  C:\Windows\System\qqkHXZY.exe
  2⤵
  PID:12388
- C:\Windows\System\DSjxJZE.exe
  C:\Windows\System\DSjxJZE.exe
  2⤵
  PID:12416
- C:\Windows\System\JiBAfaL.exe
  C:\Windows\System\JiBAfaL.exe
  2⤵
  PID:12444
- C:\Windows\System\wCcJJkD.exe
  C:\Windows\System\wCcJJkD.exe
  2⤵
  PID:12472
- C:\Windows\System\JkZKSne.exe
  C:\Windows\System\JkZKSne.exe
  2⤵
  PID:12500
- C:\Windows\System\ZYkSull.exe
  C:\Windows\System\ZYkSull.exe
  2⤵
  PID:12528
- C:\Windows\System\vcFoeNx.exe
  C:\Windows\System\vcFoeNx.exe
  2⤵
  PID:12556
- C:\Windows\System\ViclqZL.exe
  C:\Windows\System\ViclqZL.exe
  2⤵
  PID:12588
- C:\Windows\System\itHauqc.exe
  C:\Windows\System\itHauqc.exe
  2⤵
  PID:12612
- C:\Windows\System\sWBFPfQ.exe
  C:\Windows\System\sWBFPfQ.exe
  2⤵
  PID:12644
- C:\Windows\System\FHjceEK.exe
  C:\Windows\System\FHjceEK.exe
  2⤵
  PID:12668
- C:\Windows\System\ZPonibX.exe
  C:\Windows\System\ZPonibX.exe
  2⤵
  PID:12696
- C:\Windows\System\VXeygNo.exe
  C:\Windows\System\VXeygNo.exe
  2⤵
  PID:12724
- C:\Windows\System\CvsLUqr.exe
  C:\Windows\System\CvsLUqr.exe
  2⤵
  PID:12752
- C:\Windows\System\tMIDNKB.exe
  C:\Windows\System\tMIDNKB.exe
  2⤵
  PID:12784
- C:\Windows\System\jmNLAhZ.exe
  C:\Windows\System\jmNLAhZ.exe
  2⤵
  PID:12816
- C:\Windows\System\tLLruWe.exe
  C:\Windows\System\tLLruWe.exe
  2⤵
  PID:12844
- C:\Windows\System\BlphXzp.exe
  C:\Windows\System\BlphXzp.exe
  2⤵
  PID:12880
- C:\Windows\System\bqRgKsy.exe
  C:\Windows\System\bqRgKsy.exe
  2⤵
  PID:12900
- C:\Windows\System\kwondUG.exe
  C:\Windows\System\kwondUG.exe
  2⤵
  PID:12928
- C:\Windows\System\SrmLSQw.exe
  C:\Windows\System\SrmLSQw.exe
  2⤵
  PID:12956
- C:\Windows\System\BWNrmSs.exe
  C:\Windows\System\BWNrmSs.exe
  2⤵
  PID:12984
- C:\Windows\System\MUgcley.exe
  C:\Windows\System\MUgcley.exe
  2⤵
  PID:13012
- C:\Windows\System\TyXxyhY.exe
  C:\Windows\System\TyXxyhY.exe
  2⤵
  PID:13040
- C:\Windows\System\dFJalvE.exe
  C:\Windows\System\dFJalvE.exe
  2⤵
  PID:13080
- C:\Windows\System\OfADqhw.exe
  C:\Windows\System\OfADqhw.exe
  2⤵
  PID:13096
- C:\Windows\System\EMeccNi.exe
  C:\Windows\System\EMeccNi.exe
  2⤵
  PID:13124
- C:\Windows\System\xoJaQPM.exe
  C:\Windows\System\xoJaQPM.exe
  2⤵
  PID:13152
- C:\Windows\System\eKbosRZ.exe
  C:\Windows\System\eKbosRZ.exe
  2⤵
  PID:13180
- C:\Windows\System\vNIWASo.exe
  C:\Windows\System\vNIWASo.exe
  2⤵
  PID:13220
- C:\Windows\System\zyWmQAE.exe
  C:\Windows\System\zyWmQAE.exe
  2⤵
  PID:13236
- C:\Windows\System\JDXHJSq.exe
  C:\Windows\System\JDXHJSq.exe
  2⤵
  PID:13264
- C:\Windows\System\RpuZIyV.exe
  C:\Windows\System\RpuZIyV.exe
  2⤵
  PID:13296
- C:\Windows\System\XgJJuzn.exe
  C:\Windows\System\XgJJuzn.exe
  2⤵
  PID:8020
- C:\Windows\System\MnHrYbP.exe
  C:\Windows\System\MnHrYbP.exe
  2⤵
  PID:4192
- C:\Windows\System\qUGcBMC.exe
  C:\Windows\System\qUGcBMC.exe
  2⤵
  PID:3464
- C:\Windows\System\ESZTAUV.exe
  C:\Windows\System\ESZTAUV.exe
  2⤵
  PID:8120
- C:\Windows\System\irJmPVO.exe
  C:\Windows\System\irJmPVO.exe
  2⤵
  PID:12436
- C:\Windows\System\yUqIQVZ.exe
  C:\Windows\System\yUqIQVZ.exe
  2⤵
  PID:12484
- C:\Windows\System\pcgThPw.exe
  C:\Windows\System\pcgThPw.exe
  2⤵
  PID:8180
- C:\Windows\System\YfLUBqz.exe
  C:\Windows\System\YfLUBqz.exe
  2⤵
  PID:12552
- C:\Windows\System\WdOXnuf.exe
  C:\Windows\System\WdOXnuf.exe
  2⤵
  PID:6968
- C:\Windows\System\nIwoxbJ.exe
  C:\Windows\System\nIwoxbJ.exe
  2⤵
  PID:3432
- C:\Windows\System\LtkvuaU.exe
  C:\Windows\System\LtkvuaU.exe
  2⤵
  PID:12664
- C:\Windows\System\PofYBLX.exe
  C:\Windows\System\PofYBLX.exe
  2⤵
  PID:8464
- C:\Windows\System\CQKgGmI.exe
  C:\Windows\System\CQKgGmI.exe
  2⤵
  PID:12736
- C:\Windows\System\MjFUERn.exe
  C:\Windows\System\MjFUERn.exe
  2⤵
  PID:12776
- C:\Windows\System\bAByhlF.exe
  C:\Windows\System\bAByhlF.exe
  2⤵
  PID:8584
- C:\Windows\System\yXmoDgd.exe
  C:\Windows\System\yXmoDgd.exe
  2⤵
  PID:8656
- C:\Windows\System\OHoTVxP.exe
  C:\Windows\System\OHoTVxP.exe
  2⤵
  PID:8700
- C:\Windows\System\ytaUHzO.exe
  C:\Windows\System\ytaUHzO.exe
  2⤵
  PID:12920
- C:\Windows\System\TUmGaac.exe
  C:\Windows\System\TUmGaac.exe
  2⤵
  PID:12968
- C:\Windows\System\XZerYgl.exe
  C:\Windows\System\XZerYgl.exe
  2⤵
  PID:8800
- C:\Windows\System\jcrarhB.exe
  C:\Windows\System\jcrarhB.exe
  2⤵
  PID:13052
- C:\Windows\System\hXiYWTW.exe
  C:\Windows\System\hXiYWTW.exe
  2⤵
  PID:13092
- C:\Windows\System\RhODhnS.exe
  C:\Windows\System\RhODhnS.exe
  2⤵
  PID:8896
- C:\Windows\System\dvSRyZz.exe
  C:\Windows\System\dvSRyZz.exe
  2⤵
  PID:13172
- C:\Windows\System\QxMtXXB.exe
  C:\Windows\System\QxMtXXB.exe
  2⤵
  PID:13204
- C:\Windows\System\vIeezHV.exe
  C:\Windows\System\vIeezHV.exe
  2⤵
  PID:9000
- C:\Windows\System\nkXqstP.exe
  C:\Windows\System\nkXqstP.exe
  2⤵
  PID:13292
- C:\Windows\System\xTXBuWl.exe
  C:\Windows\System\xTXBuWl.exe
  2⤵
  PID:7584
- C:\Windows\System\WtdGEEP.exe
  C:\Windows\System\WtdGEEP.exe
  2⤵
  PID:8040
- C:\Windows\System\aciDnIj.exe
  C:\Windows\System\aciDnIj.exe
  2⤵
  PID:8028
- C:\Windows\System\bISgLYI.exe
  C:\Windows\System\bISgLYI.exe
  2⤵
  PID:12372
- C:\Windows\System\EHqePoQ.exe
  C:\Windows\System\EHqePoQ.exe
  2⤵
  PID:9144
- C:\Windows\System\MKzDtBS.exe
  C:\Windows\System\MKzDtBS.exe
  2⤵
  PID:8264
- C:\Windows\System\qTxTCqj.exe
  C:\Windows\System\qTxTCqj.exe
  2⤵
  PID:8212
- C:\Windows\System\GIqwIgn.exe
  C:\Windows\System\GIqwIgn.exe
  2⤵
  PID:12596
- C:\Windows\System\UCHOmtq.exe
  C:\Windows\System\UCHOmtq.exe
  2⤵
  PID:7280
- C:\Windows\System\zQojLCD.exe
  C:\Windows\System\zQojLCD.exe
  2⤵
  PID:12716
- C:\Windows\System\ModBOTg.exe
  C:\Windows\System\ModBOTg.exe
  2⤵
  PID:3660
- C:\Windows\System\tpDWqio.exe
  C:\Windows\System\tpDWqio.exe
  2⤵
  PID:12836
- C:\Windows\System\WSBBhlW.exe
  C:\Windows\System\WSBBhlW.exe
  2⤵
  PID:8712
- C:\Windows\System\popgPRB.exe
  C:\Windows\System\popgPRB.exe
  2⤵
  PID:12996
- C:\Windows\System\tiNUHDv.exe
  C:\Windows\System\tiNUHDv.exe
  2⤵
  PID:8696
- C:\Windows\System\kdphuTY.exe
  C:\Windows\System\kdphuTY.exe
  2⤵
  PID:8764
- C:\Windows\System\wmzhpMN.exe
  C:\Windows\System\wmzhpMN.exe
  2⤵
  PID:8924
- C:\Windows\System\JFWJPBM.exe
  C:\Windows\System\JFWJPBM.exe
  2⤵
  PID:13248
- C:\Windows\System\cFoippz.exe
  C:\Windows\System\cFoippz.exe
  2⤵
  PID:9040
- C:\Windows\System\ceEKiOx.exe
  C:\Windows\System\ceEKiOx.exe
  2⤵
  PID:9096
- C:\Windows\System\DZMEiYR.exe
  C:\Windows\System\DZMEiYR.exe
  2⤵
  PID:9152
- C:\Windows\System\nJMOfeL.exe
  C:\Windows\System\nJMOfeL.exe
  2⤵
  PID:8224
- C:\Windows\System\TssoctB.exe
  C:\Windows\System\TssoctB.exe
  2⤵
  PID:2496
- C:\Windows\System\NpMTzml.exe
  C:\Windows\System\NpMTzml.exe
  2⤵
  PID:12660
- C:\Windows\System\wKSYDWH.exe
  C:\Windows\System\wKSYDWH.exe
  2⤵
  PID:8636
- C:\Windows\System\KynPKiz.exe
  C:\Windows\System\KynPKiz.exe
  2⤵
  PID:8520
- C:\Windows\System\SCsaoxL.exe
  C:\Windows\System\SCsaoxL.exe
  2⤵
  PID:9104
- C:\Windows\System\IwlXTnt.exe
  C:\Windows\System\IwlXTnt.exe
  2⤵
  PID:13032
- C:\Windows\System\jAPgRZv.exe
  C:\Windows\System\jAPgRZv.exe
  2⤵
  PID:8280
- C:\Windows\System\xIOAtNU.exe
  C:\Windows\System\xIOAtNU.exe
  2⤵
  PID:13228
- C:\Windows\System\TNPvsPl.exe
  C:\Windows\System\TNPvsPl.exe
  2⤵
  PID:8812
- C:\Windows\System\hKRaZCi.exe
  C:\Windows\System\hKRaZCi.exe
  2⤵
  PID:9120
- C:\Windows\System\lcXkVBa.exe
  C:\Windows\System\lcXkVBa.exe
  2⤵
  PID:9140
- C:\Windows\System\UPGLFXi.exe
  C:\Windows\System\UPGLFXi.exe
  2⤵
  PID:12636
- C:\Windows\System\guSpiDj.exe
  C:\Windows\System\guSpiDj.exe
  2⤵
  PID:8868
- C:\Windows\System\kqLQgSr.exe
  C:\Windows\System\kqLQgSr.exe
  2⤵
  PID:8804
- C:\Windows\System\ddPwWFe.exe
  C:\Windows\System\ddPwWFe.exe
  2⤵
  PID:9276
- C:\Windows\System\HKNqNzu.exe
  C:\Windows\System\HKNqNzu.exe
  2⤵
  PID:8424
- C:\Windows\System\OVqRwKH.exe
  C:\Windows\System\OVqRwKH.exe
  2⤵
  PID:7532
- C:\Windows\System\EmqQFmW.exe
  C:\Windows\System\EmqQFmW.exe
  2⤵
  PID:12604
- C:\Windows\System\klaRnpc.exe
  C:\Windows\System\klaRnpc.exe
  2⤵
  PID:9376
- C:\Windows\System\fqPYEeW.exe
  C:\Windows\System\fqPYEeW.exe
  2⤵
  PID:9296
- C:\Windows\System\ASNkfSq.exe
  C:\Windows\System\ASNkfSq.exe
  2⤵
  PID:9352
- C:\Windows\System\dbsgMoL.exe
  C:\Windows\System\dbsgMoL.exe
  2⤵
  PID:8564
- C:\Windows\System\BxfTdah.exe
  C:\Windows\System\BxfTdah.exe
  2⤵
  PID:9436
- C:\Windows\System\DMckvCz.exe
  C:\Windows\System\DMckvCz.exe
  2⤵
  PID:8652
- C:\Windows\System\mLMMmTQ.exe
  C:\Windows\System\mLMMmTQ.exe
  2⤵
  PID:7000
- C:\Windows\System\ANZEhiL.exe
  C:\Windows\System\ANZEhiL.exe
  2⤵
  PID:13344
- C:\Windows\System\BiNLpKq.exe
  C:\Windows\System\BiNLpKq.exe
  2⤵
  PID:13368
- C:\Windows\System\eILNXYF.exe
  C:\Windows\System\eILNXYF.exe
  2⤵
  PID:13396
- C:\Windows\System\HqEtEqR.exe
  C:\Windows\System\HqEtEqR.exe
  2⤵
  PID:13424
- C:\Windows\System\xOzbQYF.exe
  C:\Windows\System\xOzbQYF.exe
  2⤵
  PID:13452
- C:\Windows\System\xIToCVm.exe
  C:\Windows\System\xIToCVm.exe
  2⤵
  PID:13480
- C:\Windows\System\GtXHRoZ.exe
  C:\Windows\System\GtXHRoZ.exe
  2⤵
  PID:13508
- C:\Windows\System\HdYucqG.exe
  C:\Windows\System\HdYucqG.exe
  2⤵
  PID:13536
- C:\Windows\System\IShvNSe.exe
  C:\Windows\System\IShvNSe.exe
  2⤵
  PID:13564
- C:\Windows\System\Cqtdqdg.exe
  C:\Windows\System\Cqtdqdg.exe
  2⤵
  PID:13592
- C:\Windows\System\KUXTDpv.exe
  C:\Windows\System\KUXTDpv.exe
  2⤵
  PID:13620
- C:\Windows\System\wbXlwad.exe
  C:\Windows\System\wbXlwad.exe
  2⤵
  PID:13648
- C:\Windows\System\lKdByZJ.exe
  C:\Windows\System\lKdByZJ.exe
  2⤵
  PID:13676
- C:\Windows\System\qDmoDJN.exe
  C:\Windows\System\qDmoDJN.exe
  2⤵
  PID:13708
- C:\Windows\System\cOBjmkI.exe
  C:\Windows\System\cOBjmkI.exe
  2⤵
  PID:13736
- C:\Windows\System\oQkhDya.exe
  C:\Windows\System\oQkhDya.exe
  2⤵
  PID:13772
- C:\Windows\System\MBnmTcJ.exe
  C:\Windows\System\MBnmTcJ.exe
  2⤵
  PID:13792
- C:\Windows\System\jwQFnaQ.exe
  C:\Windows\System\jwQFnaQ.exe
  2⤵
  PID:13820
- C:\Windows\System\vNDdPIp.exe
  C:\Windows\System\vNDdPIp.exe
  2⤵
  PID:13848
- C:\Windows\System\lfJaNdO.exe
  C:\Windows\System\lfJaNdO.exe
  2⤵
  PID:13876
- C:\Windows\System\XJZHIuB.exe
  C:\Windows\System\XJZHIuB.exe
  2⤵
  PID:13904
- C:\Windows\System\ueoTdPa.exe
  C:\Windows\System\ueoTdPa.exe
  2⤵
  PID:13932
- C:\Windows\System\OjrcfUu.exe
  C:\Windows\System\OjrcfUu.exe
  2⤵
  PID:13960
- C:\Windows\System\devbkkD.exe
  C:\Windows\System\devbkkD.exe
  2⤵
  PID:13988
- C:\Windows\System\UmsIQwX.exe
  C:\Windows\System\UmsIQwX.exe
  2⤵
  PID:14016
- C:\Windows\System\ZmyLysK.exe
  C:\Windows\System\ZmyLysK.exe
  2⤵
  PID:14048
- C:\Windows\System\CaUtkbB.exe
  C:\Windows\System\CaUtkbB.exe
  2⤵
  PID:14072
- C:\Windows\System\LwEZYsO.exe
  C:\Windows\System\LwEZYsO.exe
  2⤵
  PID:14100
- C:\Windows\System\kagneDu.exe
  C:\Windows\System\kagneDu.exe
  2⤵
  PID:14128
- C:\Windows\System\LtIZKuX.exe
  C:\Windows\System\LtIZKuX.exe
  2⤵
  PID:14156
- C:\Windows\System\pIeegSx.exe
  C:\Windows\System\pIeegSx.exe
  2⤵
  PID:14184
- C:\Windows\System\jRaNJbc.exe
  C:\Windows\System\jRaNJbc.exe
  2⤵
  PID:14212
- C:\Windows\System\HcPJYGd.exe
  C:\Windows\System\HcPJYGd.exe
  2⤵
  PID:14240
- C:\Windows\System\IsVxIMC.exe
  C:\Windows\System\IsVxIMC.exe
  2⤵
  PID:14268
- C:\Windows\System\STuAFaF.exe
  C:\Windows\System\STuAFaF.exe
  2⤵
  PID:14296
- C:\Windows\System\nkBsecU.exe
  C:\Windows\System\nkBsecU.exe
  2⤵
  PID:14328
- C:\Windows\System\XVqRLgq.exe
  C:\Windows\System\XVqRLgq.exe
  2⤵
  PID:9680
- C:\Windows\System\dENgEmj.exe
  C:\Windows\System\dENgEmj.exe
  2⤵
  PID:13388
- C:\Windows\System\cmPZFkP.exe
  C:\Windows\System\cmPZFkP.exe
  2⤵
  PID:13420
- C:\Windows\System\JWZwuLh.exe
  C:\Windows\System\JWZwuLh.exe
  2⤵
  PID:13476
- C:\Windows\System\OTxarIv.exe
  C:\Windows\System\OTxarIv.exe
  2⤵
  PID:13504
- C:\Windows\System\ltgYrxa.exe
  C:\Windows\System\ltgYrxa.exe
  2⤵
  PID:13548
- C:\Windows\System\TpcMWHD.exe
  C:\Windows\System\TpcMWHD.exe
  2⤵
  PID:13588
- C:\Windows\System\sRSrhWf.exe
  C:\Windows\System\sRSrhWf.exe
  2⤵
  PID:9988
- C:\Windows\System\TEuJjKz.exe
  C:\Windows\System\TEuJjKz.exe
  2⤵
  PID:10016
- C:\Windows\System\sEmYnOJ.exe
  C:\Windows\System\sEmYnOJ.exe
  2⤵
  PID:13720
- C:\Windows\System\tPdPKAO.exe
  C:\Windows\System\tPdPKAO.exe
  2⤵
  PID:10068
- C:\Windows\System\PIxOoWc.exe
  C:\Windows\System\PIxOoWc.exe
  2⤵
  PID:13784
- C:\Windows\System\oNhZXxS.exe
  C:\Windows\System\oNhZXxS.exe
  2⤵
  PID:13860
- C:\Windows\System\aJNEGWk.exe
  C:\Windows\System\aJNEGWk.exe
  2⤵
  PID:13872
- C:\Windows\System\apgMOWg.exe
  C:\Windows\System\apgMOWg.exe
  2⤵
  PID:9252
- C:\Windows\System\PSDGVaN.exe
  C:\Windows\System\PSDGVaN.exe
  2⤵
  PID:9312
- C:\Windows\System\dptRzGt.exe
  C:\Windows\System\dptRzGt.exe
  2⤵
  PID:14008
- C:\Windows\System\Byegnni.exe
  C:\Windows\System\Byegnni.exe
  2⤵
  PID:14056
- C:\Windows\System\WNlBuuz.exe
  C:\Windows\System\WNlBuuz.exe
  2⤵
  PID:9576
- C:\Windows\System\hyQDwng.exe
  C:\Windows\System\hyQDwng.exe
  2⤵
  PID:14124
- C:\Windows\System\yNzqerB.exe
  C:\Windows\System\yNzqerB.exe
  2⤵
  PID:14176
- C:\Windows\System\hshMJrt.exe
  C:\Windows\System\hshMJrt.exe
  2⤵
  PID:9712
- C:\Windows\System\NQgKBxO.exe
  C:\Windows\System\NQgKBxO.exe
  2⤵
  PID:14260
- C:\Windows\System\lSivwrB.exe
  C:\Windows\System\lSivwrB.exe
  2⤵
  PID:14308
- C:\Windows\System\qkaBAWw.exe
  C:\Windows\System\qkaBAWw.exe
  2⤵
  PID:13332
- C:\Windows\System\NoEJmdx.exe
  C:\Windows\System\NoEJmdx.exe
  2⤵
  PID:13380
- C:\Windows\System\fsbLxwW.exe
  C:\Windows\System\fsbLxwW.exe
  2⤵
  PID:9640
- C:\Windows\System\GRjtzPE.exe
  C:\Windows\System\GRjtzPE.exe
  2⤵
  PID:9840
- C:\Windows\System\drHIWxl.exe
  C:\Windows\System\drHIWxl.exe
  2⤵
  PID:1444
- C:\Windows\System\kQpisfx.exe
  C:\Windows\System\kQpisfx.exe
  2⤵
  PID:9924
- C:\Windows\System\UMvCLvL.exe
  C:\Windows\System\UMvCLvL.exe
  2⤵
  PID:13688
- C:\Windows\System\VZLLrDi.exe
  C:\Windows\System\VZLLrDi.exe
  2⤵
  PID:13704
- C:\Windows\System\lapQWBS.exe
  C:\Windows\System\lapQWBS.exe
  2⤵
  PID:13760
- C:\Windows\System\dtcLjKJ.exe
  C:\Windows\System\dtcLjKJ.exe
  2⤵
  PID:13844
- C:\Windows\System\ltGUSCT.exe
  C:\Windows\System\ltGUSCT.exe
  2⤵
  PID:10448
- C:\Windows\System\iwQQDze.exe
  C:\Windows\System\iwQQDze.exe
  2⤵
  PID:3336
- C:\Windows\System\YkYblNA.exe
  C:\Windows\System\YkYblNA.exe
  2⤵
  PID:13944
- C:\Windows\System\wyDIgbo.exe
  C:\Windows\System\wyDIgbo.exe
  2⤵
  PID:9388
- C:\Windows\System\aXSofWV.exe
  C:\Windows\System\aXSofWV.exe
  2⤵
  PID:14092
- C:\Windows\System\QcgEXDW.exe
  C:\Windows\System\QcgEXDW.exe
  2⤵
  PID:14152
- C:\Windows\System\jGjzmpa.exe
  C:\Windows\System\jGjzmpa.exe
  2⤵
  PID:14208
- C:\Windows\System\gLzEacy.exe
  C:\Windows\System\gLzEacy.exe
  2⤵
  PID:14292
- C:\Windows\System\fBmkwAm.exe
  C:\Windows\System\fBmkwAm.exe
  2⤵
  PID:10184
- C:\Windows\System\PAMsbNw.exe
  C:\Windows\System\PAMsbNw.exe
  2⤵
  PID:6112
- C:\Windows\System\xbAUYVv.exe
  C:\Windows\System\xbAUYVv.exe
  2⤵
  PID:9952
- C:\Windows\System\KpsVjYM.exe
  C:\Windows\System\KpsVjYM.exe
  2⤵
  PID:13732
- C:\Windows\System\Ogsbtpc.exe
  C:\Windows\System\Ogsbtpc.exe
  2⤵
  PID:2316
- C:\Windows\System\dkQEBJj.exe
  C:\Windows\System\dkQEBJj.exe
  2⤵
  PID:10536
- C:\Windows\System\AlTmUxz.exe
  C:\Windows\System\AlTmUxz.exe
  2⤵
  PID:14064
- C:\Windows\System\PVWWIcD.exe
  C:\Windows\System\PVWWIcD.exe
  2⤵
  PID:10664
- C:\Windows\System\vRcOOHF.exe
  C:\Windows\System\vRcOOHF.exe
  2⤵
  PID:9752
- C:\Windows\System\dNwDxfI.exe
  C:\Windows\System\dNwDxfI.exe
  2⤵
  PID:13584
- C:\Windows\System\GKHvifI.exe
  C:\Windows\System\GKHvifI.exe
  2⤵
  PID:8336
- C:\Windows\System\MuFvWwG.exe
  C:\Windows\System\MuFvWwG.exe
  2⤵
  PID:10200
- C:\Windows\System\XPKfhKH.exe
  C:\Windows\System\XPKfhKH.exe
  2⤵
  PID:8460
- C:\Windows\System\eWJHQYn.exe
  C:\Windows\System\eWJHQYn.exe
  2⤵
  PID:9964
- C:\Windows\System\zbggNmM.exe
  C:\Windows\System\zbggNmM.exe
  2⤵
  PID:4420
- C:\Windows\System\TUDnEPK.exe
  C:\Windows\System\TUDnEPK.exe
  2⤵
  PID:13364
- C:\Windows\System\twwGDCP.exe
  C:\Windows\System\twwGDCP.exe
  2⤵
  PID:10272
- C:\Windows\System\GXqttEi.exe
  C:\Windows\System\GXqttEi.exe
  2⤵
  PID:14356
- C:\Windows\System\WMRYHBo.exe
  C:\Windows\System\WMRYHBo.exe
  2⤵
  PID:14384
- C:\Windows\System\CWvcoBw.exe
  C:\Windows\System\CWvcoBw.exe
  2⤵
  PID:14412
- C:\Windows\System\sApaQrn.exe
  C:\Windows\System\sApaQrn.exe
  2⤵
  PID:14440
- C:\Windows\System\KMmvOWQ.exe
  C:\Windows\System\KMmvOWQ.exe
  2⤵
  PID:14468
- C:\Windows\System\cTzgTLf.exe
  C:\Windows\System\cTzgTLf.exe
  2⤵
  PID:14496
- C:\Windows\System\mDPSYiz.exe
  C:\Windows\System\mDPSYiz.exe
  2⤵
  PID:14524
- C:\Windows\System\RIzadhp.exe
  C:\Windows\System\RIzadhp.exe
  2⤵
  PID:14552
- C:\Windows\System\ZWtsjKF.exe
  C:\Windows\System\ZWtsjKF.exe
  2⤵
  PID:14580
- C:\Windows\System\yqiSQEg.exe
  C:\Windows\System\yqiSQEg.exe
  2⤵
  PID:14608
- C:\Windows\System\nihVDup.exe
  C:\Windows\System\nihVDup.exe
  2⤵
  PID:14636
- C:\Windows\System\TokFWhc.exe
  C:\Windows\System\TokFWhc.exe
  2⤵
  PID:14668
- C:\Windows\System\dBXlfEN.exe
  C:\Windows\System\dBXlfEN.exe
  2⤵
  PID:14692
- C:\Windows\System\LIJfzau.exe
  C:\Windows\System\LIJfzau.exe
  2⤵
  PID:14720
- C:\Windows\System\FAZurvZ.exe
  C:\Windows\System\FAZurvZ.exe
  2⤵
  PID:14748
- C:\Windows\System\IGptwdD.exe
  C:\Windows\System\IGptwdD.exe
  2⤵
  PID:14776
- C:\Windows\System\wLnBALZ.exe
  C:\Windows\System\wLnBALZ.exe
  2⤵
  PID:14812
- C:\Windows\System\TauGvqI.exe
  C:\Windows\System\TauGvqI.exe
  2⤵
  PID:14836
- C:\Windows\System\wxegmFO.exe
  C:\Windows\System\wxegmFO.exe
  2⤵
  PID:14864
- C:\Windows\System\iewweGX.exe
  C:\Windows\System\iewweGX.exe
  2⤵
  PID:14892
- C:\Windows\System\LLwldrB.exe
  C:\Windows\System\LLwldrB.exe
  2⤵
  PID:14920
- C:\Windows\System\LjaWdHc.exe
  C:\Windows\System\LjaWdHc.exe
  2⤵
  PID:14948
- C:\Windows\System\QAhWpUQ.exe
  C:\Windows\System\QAhWpUQ.exe
  2⤵
  PID:14976
- C:\Windows\System\wmqzQkY.exe
  C:\Windows\System\wmqzQkY.exe
  2⤵
  PID:15004
- C:\Windows\System\yDElTsN.exe
  C:\Windows\System\yDElTsN.exe
  2⤵
  PID:15032
- C:\Windows\System\PuFxkka.exe
  C:\Windows\System\PuFxkka.exe
  2⤵
  PID:15060
- C:\Windows\System\tFKiuOK.exe
  C:\Windows\System\tFKiuOK.exe
  2⤵
  PID:15088
- C:\Windows\System\JFzctwf.exe
  C:\Windows\System\JFzctwf.exe
  2⤵
  PID:15116
- C:\Windows\System\uCjovrj.exe
  C:\Windows\System\uCjovrj.exe
  2⤵
  PID:15144
- C:\Windows\System\NkDarVk.exe
  C:\Windows\System\NkDarVk.exe
  2⤵
  PID:15172
- C:\Windows\System\dktYiwg.exe
  C:\Windows\System\dktYiwg.exe
  2⤵
  PID:15200
- C:\Windows\System\jsnIBiL.exe
  C:\Windows\System\jsnIBiL.exe
  2⤵
  PID:15228
- C:\Windows\System\cnUJAhI.exe
  C:\Windows\System\cnUJAhI.exe
  2⤵
  PID:15256
- C:\Windows\System\WZRtYXZ.exe
  C:\Windows\System\WZRtYXZ.exe
  2⤵
  PID:15284
- C:\Windows\System\RdjWTYS.exe
  C:\Windows\System\RdjWTYS.exe
  2⤵
  PID:15312
- C:\Windows\System\HqKqrDx.exe
  C:\Windows\System\HqKqrDx.exe
  2⤵
  PID:15340
- C:\Windows\System\oKLUbuN.exe
  C:\Windows\System\oKLUbuN.exe
  2⤵
  PID:14352
- C:\Windows\System\fuYBFqo.exe
  C:\Windows\System\fuYBFqo.exe
  2⤵
  PID:14460
- C:\Windows\System\crKUKWX.exe
  C:\Windows\System\crKUKWX.exe
  2⤵
  PID:14492
- C:\Windows\System\jGmYUrb.exe
  C:\Windows\System\jGmYUrb.exe
  2⤵
  PID:14572
- C:\Windows\System\ymkqSkT.exe
  C:\Windows\System\ymkqSkT.exe
  2⤵
  PID:14628
- C:\Windows\System\lQcoLHP.exe
  C:\Windows\System\lQcoLHP.exe
  2⤵
  PID:14684
- C:\Windows\System\OhnXSes.exe
  C:\Windows\System\OhnXSes.exe
  2⤵
  PID:14744
- C:\Windows\System\tEvxOds.exe
  C:\Windows\System\tEvxOds.exe
  2⤵
  PID:14820
- C:\Windows\System\jfKiIQt.exe
  C:\Windows\System\jfKiIQt.exe
  2⤵
  PID:14904
- C:\Windows\System\OtwdSJz.exe
  C:\Windows\System\OtwdSJz.exe
  2⤵
  PID:14944
- C:\Windows\System\Uswvimh.exe
  C:\Windows\System\Uswvimh.exe
  2⤵
  PID:15016
- C:\Windows\System\aOYebwy.exe
  C:\Windows\System\aOYebwy.exe
  2⤵
  PID:15056
- C:\Windows\System\TqOMiGG.exe
  C:\Windows\System\TqOMiGG.exe
  2⤵
  PID:15128
- C:\Windows\System\ZulYruG.exe
  C:\Windows\System\ZulYruG.exe
  2⤵
  PID:15192
- C:\Windows\System\oBOWfPM.exe
  C:\Windows\System\oBOWfPM.exe
  2⤵
  PID:15252
- C:\Windows\System\njvCHoD.exe
  C:\Windows\System\njvCHoD.exe
  2⤵
  PID:15308
- C:\Windows\System\YCAUGcb.exe
  C:\Windows\System\YCAUGcb.exe
  2⤵
  PID:14380
- C:\Windows\System\QZLSRBu.exe
  C:\Windows\System\QZLSRBu.exe
  2⤵
  PID:14564
- C:\Windows\System\gmKYxBj.exe
  C:\Windows\System\gmKYxBj.exe
  2⤵
  PID:8352
- C:\Windows\System\rYFjfBb.exe
  C:\Windows\System\rYFjfBb.exe
  2⤵
  PID:11176
- C:\Windows\System\fjInOzm.exe
  C:\Windows\System\fjInOzm.exe
  2⤵
  PID:14848
- C:\Windows\System\fTrspxx.exe
  C:\Windows\System\fTrspxx.exe
  2⤵
  PID:14996
- C:\Windows\System\slhkpOn.exe
  C:\Windows\System\slhkpOn.exe
  2⤵
  PID:15112
- C:\Windows\System\ikDFhqm.exe
  C:\Windows\System\ikDFhqm.exe
  2⤵
  PID:15248
- C:\Windows\System\RFyrtwG.exe
  C:\Windows\System\RFyrtwG.exe
  2⤵
  PID:14408
- C:\Windows\System\JTeVMhs.exe
  C:\Windows\System\JTeVMhs.exe
  2⤵
  PID:11152
- C:\Windows\System\uZGUojR.exe
  C:\Windows\System\uZGUojR.exe
  2⤵
  PID:14972
- C:\Windows\System\FJCwXhH.exe
  C:\Windows\System\FJCwXhH.exe
  2⤵
  PID:11244
- C:\Windows\System\TIUxqix.exe
  C:\Windows\System\TIUxqix.exe
  2⤵
  PID:2352
- C:\Windows\System\RKDcIzV.exe
  C:\Windows\System\RKDcIzV.exe
  2⤵
  PID:9172
- C:\Windows\System\iKTjDIv.exe
  C:\Windows\System\iKTjDIv.exe
  2⤵
  PID:10416
- C:\Windows\System\MZPxayF.exe
  C:\Windows\System\MZPxayF.exe
  2⤵
  PID:9668
- C:\Windows\System\sCYVqvf.exe
  C:\Windows\System\sCYVqvf.exe
  2⤵
  PID:10324
- C:\Windows\System\vgGAvXJ.exe
  C:\Windows\System\vgGAvXJ.exe
  2⤵
  PID:15240
- C:\Windows\System\vkWqphj.exe
  C:\Windows\System\vkWqphj.exe
  2⤵
  PID:14940
- C:\Windows\System\VXoBTOa.exe
  C:\Windows\System\VXoBTOa.exe
  2⤵
  PID:10648
- C:\Windows\System\CGowxWq.exe
  C:\Windows\System\CGowxWq.exe
  2⤵
  PID:6092
- C:\Windows\System\vaAVzgz.exe
  C:\Windows\System\vaAVzgz.exe
  2⤵
  PID:4588
- C:\Windows\System\ePdhGMu.exe
  C:\Windows\System\ePdhGMu.exe
  2⤵
  PID:15380
- C:\Windows\System\YtDCRYx.exe
  C:\Windows\System\YtDCRYx.exe
  2⤵
  PID:15408
- C:\Windows\System\aqGerge.exe
  C:\Windows\System\aqGerge.exe
  2⤵
  PID:15440
- C:\Windows\System\hbPFHDN.exe
  C:\Windows\System\hbPFHDN.exe
  2⤵
  PID:15468
- C:\Windows\System\ZiNaYKI.exe
  C:\Windows\System\ZiNaYKI.exe
  2⤵
  PID:15496
- C:\Windows\System\WjlksTm.exe
  C:\Windows\System\WjlksTm.exe
  2⤵
  PID:15524
- C:\Windows\System\gZPpfkh.exe
  C:\Windows\System\gZPpfkh.exe
  2⤵
  PID:15552
- C:\Windows\System\NXUhMmF.exe
  C:\Windows\System\NXUhMmF.exe
  2⤵
  PID:15580
- C:\Windows\System\AkGlKQU.exe
  C:\Windows\System\AkGlKQU.exe
  2⤵
  PID:15608
- C:\Windows\System\EymlmTr.exe
  C:\Windows\System\EymlmTr.exe
  2⤵
  PID:15636
- C:\Windows\System\qivOvMM.exe
  C:\Windows\System\qivOvMM.exe
  2⤵
  PID:15664
- C:\Windows\System\HsKEPeD.exe
  C:\Windows\System\HsKEPeD.exe
  2⤵
  PID:15692
- C:\Windows\System\zvpHlEd.exe
  C:\Windows\System\zvpHlEd.exe
  2⤵
  PID:15720
- C:\Windows\System\nvoOcVj.exe
  C:\Windows\System\nvoOcVj.exe
  2⤵
  PID:15748
- C:\Windows\System\FOXnWuT.exe
  C:\Windows\System\FOXnWuT.exe
  2⤵
  PID:15776
- C:\Windows\System\UbzcJbp.exe
  C:\Windows\System\UbzcJbp.exe
  2⤵
  PID:15804
- C:\Windows\System\GleRLSH.exe
  C:\Windows\System\GleRLSH.exe
  2⤵
  PID:15832
- C:\Windows\System\KdBCxAF.exe
  C:\Windows\System\KdBCxAF.exe
  2⤵
  PID:15860
- C:\Windows\System\vfEzXWk.exe
  C:\Windows\System\vfEzXWk.exe
  2⤵
  PID:15888
- C:\Windows\System\FszMWWC.exe
  C:\Windows\System\FszMWWC.exe
  2⤵
  PID:15916
- C:\Windows\System\sBjWOdB.exe
  C:\Windows\System\sBjWOdB.exe
  2⤵
  PID:15944
- C:\Windows\System\zjQrarT.exe
  C:\Windows\System\zjQrarT.exe
  2⤵
  PID:15972
- C:\Windows\System\MbHtYIV.exe
  C:\Windows\System\MbHtYIV.exe
  2⤵
  PID:16000
- C:\Windows\System\uZAJzQk.exe
  C:\Windows\System\uZAJzQk.exe
  2⤵
  PID:16028
- C:\Windows\System\vlZZibT.exe
  C:\Windows\System\vlZZibT.exe
  2⤵
  PID:16060
- C:\Windows\System\skvTjok.exe
  C:\Windows\System\skvTjok.exe
  2⤵
  PID:16088
- C:\Windows\System\SwHWAdC.exe
  C:\Windows\System\SwHWAdC.exe
  2⤵
  PID:16116
- C:\Windows\System\WlTHvBW.exe
  C:\Windows\System\WlTHvBW.exe
  2⤵
  PID:16144
- C:\Windows\System\CThvWdn.exe
  C:\Windows\System\CThvWdn.exe
  2⤵
  PID:16176
- C:\Windows\System\NQjzQmt.exe
  C:\Windows\System\NQjzQmt.exe
  2⤵
  PID:16212
- C:\Windows\System\oLpIhbg.exe
  C:\Windows\System\oLpIhbg.exe
  2⤵
  PID:16236
- C:\Windows\System\cpIcrsO.exe
  C:\Windows\System\cpIcrsO.exe
  2⤵
  PID:16256
- C:\Windows\System\jrapHyA.exe
  C:\Windows\System\jrapHyA.exe
  2⤵
  PID:16284
- C:\Windows\System\MxnqVhI.exe
  C:\Windows\System\MxnqVhI.exe
  2⤵
  PID:16320
- C:\Windows\System\xylpbTI.exe
  C:\Windows\System\xylpbTI.exe
  2⤵
  PID:16340
- C:\Windows\System\OwEYWLY.exe
  C:\Windows\System\OwEYWLY.exe
  2⤵
  PID:16368
- C:\Windows\System\VHPlkHk.exe
  C:\Windows\System\VHPlkHk.exe
  2⤵
  PID:6172
- C:\Windows\System\gfrDzSw.exe
  C:\Windows\System\gfrDzSw.exe
  2⤵
  PID:6320
- C:\Windows\System\lnkTChW.exe
  C:\Windows\System\lnkTChW.exe
  2⤵
  PID:9536
- C:\Windows\System\VWjCPOl.exe
  C:\Windows\System\VWjCPOl.exe
  2⤵
  PID:1072
- C:\Windows\System\HrXqzzu.exe
  C:\Windows\System\HrXqzzu.exe
  2⤵
  PID:1700
- C:\Windows\System\lIJJdPT.exe
  C:\Windows\System\lIJJdPT.exe
  2⤵
  PID:15564
- C:\Windows\System\DRsSdfB.exe
  C:\Windows\System\DRsSdfB.exe
  2⤵
  PID:15592
- C:\Windows\System\UrWhkiC.exe
  C:\Windows\System\UrWhkiC.exe
  2⤵
  PID:6516
- C:\Windows\System\ooWAUBR.exe
  C:\Windows\System\ooWAUBR.exe
  2⤵
  PID:15656
- C:\Windows\System\rMrtKRD.exe
  C:\Windows\System\rMrtKRD.exe
  2⤵
  PID:15688
- C:\Windows\System\PYawjAJ.exe
  C:\Windows\System\PYawjAJ.exe
  2⤵
  PID:15732
- C:\Windows\System\sBQzSSg.exe
  C:\Windows\System\sBQzSSg.exe
  2⤵
  PID:6956
- C:\Windows\System\qvFxsIB.exe
  C:\Windows\System\qvFxsIB.exe
  2⤵
  PID:15816
- C:\Windows\System\eISrJHC.exe
  C:\Windows\System\eISrJHC.exe
  2⤵
  PID:15856
- C:\Windows\System\olIFMaA.exe
  C:\Windows\System\olIFMaA.exe
  2⤵
  PID:15884
- C:\Windows\System\IPDuHiP.exe
  C:\Windows\System\IPDuHiP.exe
  2⤵
  PID:15928
- C:\Windows\System\uKfqhuF.exe
  C:\Windows\System\uKfqhuF.exe
  2⤵
  PID:3572
- C:\Windows\System\YEJgNIv.exe
  C:\Windows\System\YEJgNIv.exe
  2⤵
  PID:2088
- C:\Windows\System\ZYNyGmk.exe
  C:\Windows\System\ZYNyGmk.exe
  2⤵
  PID:2096
- C:\Windows\System\LUTLmLJ.exe
  C:\Windows\System\LUTLmLJ.exe
  2⤵
  PID:16084
- C:\Windows\System\vuhHuXu.exe
  C:\Windows\System\vuhHuXu.exe
  2⤵
  PID:2076
- C:\Windows\System\SsYwbOA.exe
  C:\Windows\System\SsYwbOA.exe
  2⤵
  PID:11180
- C:\Windows\System\lAzIRTw.exe
  C:\Windows\System\lAzIRTw.exe
  2⤵
  PID:16208
- C:\Windows\System\XITfHcA.exe
  C:\Windows\System\XITfHcA.exe
  2⤵
  PID:16220
- C:\Windows\System\XzRswgE.exe
  C:\Windows\System\XzRswgE.exe
  2⤵
  PID:16252
- C:\Windows\System\VkZmqhS.exe
  C:\Windows\System\VkZmqhS.exe
  2⤵
  PID:16280
- C:\Windows\System\ZVdIlnA.exe
  C:\Windows\System\ZVdIlnA.exe
  2⤵
  PID:16332
- C:\Windows\System\KPbVsTU.exe
  C:\Windows\System\KPbVsTU.exe
  2⤵
  PID:16380
- C:\Windows\System\gSfOFGj.exe
  C:\Windows\System\gSfOFGj.exe
  2⤵
  PID:5200
- C:\Windows\System\fVkYkon.exe
  C:\Windows\System\fVkYkon.exe
  2⤵
  PID:1816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DazKeMr.exe

Filesize
6.0MB

MD5
c5d3f6d7f75c9d1a49802be085c1db98

SHA1
9f44f7b4e3d1e4f80773385e0305dacd0967a57a

SHA256
c84bbb5505af6fabcdbc0bfd5902b64812b37110fdf1c4fa8255039937d1c2fc

SHA512
af185113cda18649ddbdd2a288a4f4cffa5b75380282abee22217c05df40bdb545b9fd26ae3b9a8bf45ea5217e210a751446bb829f5f67afb588d0339ff7f05a

Download Submit
C:\Windows\System\EWUBYPB.exe

Filesize
6.0MB

MD5
7a90301c1d942a5a08f722510e10eb34

SHA1
975c34a16693648a5e634f0e1aa5992176360b1b

SHA256
8f8d29a58b177fed377ed406f9d9b561ca3a78aa616c4b0fb04636e61dae0038

SHA512
799c4ab3b0937d84ef1958ec4906d0546c3fd99299c7613b10618646367980d1fddf5ab189366d27ada3e2c2ad01c095ec8038477f43412f5018d12e5f57e155

Download Submit
C:\Windows\System\EqKyNjX.exe

Filesize
6.0MB

MD5
c1e2ca2bebb9804b75622d6ec59bbc28

SHA1
3b403eaac533076fd0a084561e0ff89aac84bd88

SHA256
7fde43833765ab0b47f58de3116561f78ee80b598eba6da02a2b1fb093e34843

SHA512
5af7ff4d79ddf3d12f61262fe1630de37787dd5a8afdec24d1b7e68a06a86bd1d9ab003c352498382c88736c433627d4fef92bfe826ba7f6c7fb91a4b6010b5e

Download Submit
C:\Windows\System\FQBhoyL.exe

Filesize
6.0MB

MD5
73de6201557efea4c20fb2da931bf5ad

SHA1
3aa4842d813ef10467f0a4c262513c40f0b92a3f

SHA256
8bbf14f3d9c961a3002cc7b94a3cc1973a0ec69286869382a5ae38c644a72605

SHA512
6dbb586506cf05eeb8ec4c57197816f615715eed62b1e69940bba82804208c1f62545e9abded9d271e630766398ea4bd8ad3310bf32292872291bc91adf249c1

Download Submit
C:\Windows\System\GfoEPat.exe

Filesize
6.0MB

MD5
9bc425533b0b2cb083c1f42ce97ead9d

SHA1
da529bf3434c039da0496565a759d3945f0f3e8f

SHA256
9e6b7b870c53907d52e6fb736fdba67485cb04d68cf47e456c8ea3079aa09aac

SHA512
75723c9dcbb4ebb20fe927dd1f0126d4c1e45d149a479f82a65fce39599694e61ccb202ddc26820795b68a0fed2543fe8f5a359bab039c1a427a2f47d1075d50

Download Submit
C:\Windows\System\HGbOSXZ.exe

Filesize
6.0MB

MD5
29f7026323072caa4cd281f1a106016a

SHA1
975f08a1ac21913dfd637be9ab28235fd9f23146

SHA256
56130bf692402f71e288a0130a5fd323a0f95f20e230ee5a4d849d2ab95a0ad3

SHA512
6871cfb9e0f54d6a9beb764ed807ed5006f540af2f757b04fd37d9210025fae2b294ed03caf4e9fddcdcba3f7345cb76eb7449686a73ed1ef54dcad515deae16

Download Submit
C:\Windows\System\JAwinGh.exe

Filesize
6.0MB

MD5
20a9445a97b543ae49f8a63530f4f25a

SHA1
a878258d9bcab12aa985bebdd1134e6882abbeea

SHA256
51af170aa108a94f0b73e7100c29b1b761f8c7fc97dcb430bed72d4d6ff91bcc

SHA512
ccffbe94863c5653cbb7759721a747a343ecd19b6d0251703194a3cb37f119ef8c765ce0d655d9c5e36d298e03b6ac4a3206760f177b8de4b34eec6fe7637e44

Download Submit
C:\Windows\System\KUktjlP.exe

Filesize
6.0MB

MD5
88218c371caacfc89e488943994bd2af

SHA1
13c58a9e5b7dc8076635d7eb2b3e276b8e853f1e

SHA256
fc76e4fa76ac719f513c5919a91521f9bf3ebb94f4b7a3f552075b62b9facd1c

SHA512
3c2f296c4f1f59b0d72c56c91b646a347c172b71808dabedbbd7ab9e3eea1dfd573a59707d1e4551dfcf529845b0795f8818cfad26558d4d2da41918146be281

Download Submit
C:\Windows\System\LLhTNBH.exe

Filesize
6.0MB

MD5
8e0fcf24c27579f170dfd58025c7d443

SHA1
04d10b307bd0c2189648df183e0e4bbc80ea94eb

SHA256
f3ba4d14c4e26cb6dd9831a2ea03bfd4435d46c61299ad243f30c557561bd897

SHA512
487a0d0df7c9335518d8025fa9bd795a10274ad4f6bfa01e3a88dcc5e54ab25290cedd819b0dcee75889db65f2ad1766785561cf0191f582f70af321dd0a9155

Download Submit
C:\Windows\System\NJJSwXu.exe

Filesize
6.0MB

MD5
06790696fd90d87553d999ecb2d6aa7b

SHA1
15b0621eccc42f576b4125c5446cdb8b9db97079

SHA256
f58b67eb9f0f832534c64dab53af49f6040efda229081b1f797fff222d7b1750

SHA512
01570f0c75f6fd21ec4a47cf5946b867c53393333e483afae0ef50c146928b8074231f4aefed53e76516e85b13ed216e8984c5e59d26cbb7edf184feb4b0001a

Download Submit
C:\Windows\System\NSszTgL.exe

Filesize
6.0MB

MD5
eb8bdfec15aadd53b1351d66589bf9ac

SHA1
be0d8ad289cd54d8cd0d300476c9e02dd0ead11b

SHA256
433117863eb7605ca13963806029a2d54382bf4cb59f242521926939ffb97ca4

SHA512
90e89745ff7b8dbd923217d7179ebdf85631854ba88577a4839b1d2adb1548b36d9022556feae6b8757cf090347d689823eebbe46d132cdb4e71308db1765056

Download Submit
C:\Windows\System\QmkgtHU.exe

Filesize
6.0MB

MD5
2134396ca784f1af1292d5418dc95a07

SHA1
ba3ddcecdab1e8b6f523ee9d8365505f13c5bf53

SHA256
a1b7ecf5c8d7526ed9e1a4b7b973db4ca13c7eb013cfc3892225c471e7a3d45c

SHA512
451e689632ba0a08b2ec927e5b43fa424bcf49adc0b2e57998318e5f6d88a2debbf51ade5e79f86d92c93878afcf2b8f24768da28a2fb95a9e5c76585d260fd2

Download Submit
C:\Windows\System\SYVJWAB.exe

Filesize
6.0MB

MD5
547c08a4976a562433ede84128840c8d

SHA1
0e0a98417310dca2bb4240299c275377c280f84b

SHA256
8ef9266e92c66e47c60d06cfd03f6876b86bb41805beba033d613be7477ad76a

SHA512
92bc7d54478ae2a72ac0cd18ffca0caf8254f2bf9bbaf57f346b08ea8b5f6c8036065be9de28b081a8d00c592d9ac5fcf0a893e18ca330566b66efddfa1007bc

Download Submit
C:\Windows\System\WdyfKjH.exe

Filesize
6.0MB

MD5
a3afbb38dbd5a3e86424e809baf1b6be

SHA1
bf49f9c936771cf5a230a3448b2e0c02c46eef71

SHA256
7871b736a917708524cc1f28c7ef1244249968135055ecf0083f8345dea218ab

SHA512
e87b6d92ecdc0be5ce43c6c292a857c5994e27aecd5390c16e0bcbf3c488a277ae5a10778ea6461a9ba4aacdc814856ea7cb865e9b983dd5b41fd073765923c9

Download Submit
C:\Windows\System\XjZcqQL.exe

Filesize
6.0MB

MD5
27ed41b64db41e28195654fa24ff0b39

SHA1
b387eb978d56424d82a0bb7c2eb6b2d4a789573b

SHA256
a03edd31724424e1d2d32e802c92f546e7eea12ae444d4fa4faf56a3dd710c8a

SHA512
4585f92574ba9a177dea064eee1774752eea6a3d03f169364e0a96b2eadd321b7f55aca7ce480cf58c4a95e3676d85f5c1d81deaa149d297a7100b8627463e2a

Download Submit
C:\Windows\System\aEoGYRG.exe

Filesize
6.0MB

MD5
487798f69659a8305a228476c574d8e2

SHA1
fe9dee3d61e99a6b6937ba34f7c28fbe1dc2711f

SHA256
c6afa8ea7d2975c4d35d82fff731f455d82fadfcd50b94be2a27150612a18728

SHA512
48092636ef75c6ec00618ea3ac32afc114ae2fa63a9cb20329631ab9e2244b845a2ac5b3470af99e805e3686659932df39893d49bb3ce730b5eac36a58c582f1

Download Submit
C:\Windows\System\agtIHFW.exe

Filesize
6.0MB

MD5
9c7be43bb644223b6f8bd08386197b85

SHA1
cadda725afc25fc381ff88864b070e99178cb75d

SHA256
c6864971df5ae592d143386b70531e819d0eb8501cec0a9f3a8a18e155802354

SHA512
3cbc7a279d7abb1019eecfc18214e49d40af09c7b2ca86add456f2910ce393f440262b14c060382068acc2272e997f2c6dafb34fee0e2e30a7eaaae2daf0c629

Download Submit
C:\Windows\System\baXaZTx.exe

Filesize
6.0MB

MD5
b3fb6a1b7a0035eab7e9ce09aa0229a9

SHA1
4f84381f65679fc0e511793245fe61c8a788dcc8

SHA256
ddae21d82097ac734b2f2ffc2e6aa733b90a23040f0aca33cc12787f0b58f7a8

SHA512
b47d821ee1a960fb3145bf1f3d0d51815a8ee3fdaecdccc5d9f8293e2c2e94a7656dd01114ef09ed65fcf4a00e7b122730aa63856888e5a4a9857ad0fe4884c2

Download Submit
C:\Windows\System\cADReOd.exe

Filesize
6.0MB

MD5
3f91fac0577f55b27cbe2a3dcac8c987

SHA1
b41fea02a4c59c6600e60f09b654b8cf143bd6db

SHA256
f34e3618b50f3886d9b23179e4e322463d906234c9436146faa5f636cf284997

SHA512
00ee5753888ea5f478234ec13d07bf51307930d292c912c17aa02327e572777e0c8ce2bedf104203757f04d8ef3cf1885ef31428201d58dd809d967671be51cf

Download Submit
C:\Windows\System\cyyLRjB.exe

Filesize
6.0MB

MD5
69adfb8d9f9642b3d1d31ec2fa6ad883

SHA1
735e91b24b0d633dc90e8b2cda27080fe313f1a9

SHA256
ba5764f32ae1cc4ece95989ccf76ed81ccae0bed12f53bb1663ab70b64bb92a3

SHA512
8c4c539de5ec0e863410a312b7eda8930502297952a44dd26e274ced28f02d7692e92cf0072ef0e6c0dda7ff38efe5a5711e35505bc8a2e15d221441c9ce12ce

Download Submit
C:\Windows\System\hJMkvOG.exe

Filesize
6.0MB

MD5
b5d2315f0fa10782589dfc564156c64d

SHA1
2c5a1ef818e719dc08b406a431b1367d882d170c

SHA256
9b39ee5bcdc5a7cd074144f32f467b5a613a9008a22d2a94c6484bbae3d053c8

SHA512
afee7f7d871b6dd8d3a3213851395f95004fcf3817e7e8480c1c28c7aa7b13e5834fd71cf54a3d3599765b2d045cf70eb32fa064509571c9ac897f067bf7272a

Download Submit
C:\Windows\System\jOyovFP.exe

Filesize
6.0MB

MD5
1b4054d0785de90862b19e66688aee6b

SHA1
dec8ff16594aa34de21747c405da180a95372bf4

SHA256
dffc6d6664993b2473e24e3a3ebe3174062e776cf60019b753d6bc6d60bfc9a3

SHA512
e3169bb6d66804970316ecc61242e08d145b66802c672fce29229ca454b04c2f9bf0177e1b1c26c1803f8a4eaf4ddac539b5d35deb5e1a44226a94a473b5d4a0

Download Submit
C:\Windows\System\ndYtfxt.exe

Filesize
6.0MB

MD5
0899aae7953b4840e23d6b141a2ee57b

SHA1
0b2ea0f0041ede26fd332f1171ac5ab6bf6bdd67

SHA256
8583ca02e28690abf6330dbb7cb752484e9e4bd7be1444337d0643099a53bfd3

SHA512
7c1c314a9c59c7e5ec9c14447ec4c8bcb5cd5ddc511481de8fa0a9f22ad5fc2def431d06f59c1296bc0fe3c8e6a79302f8af147144b58d1ff8e34eb5a04008d5

Download Submit
C:\Windows\System\oISdWQG.exe

Filesize
6.0MB

MD5
35a100ffb0db14df0da1db98401c59ae

SHA1
d238c70bdbeca9f26fe972abce4fe1a079330e2f

SHA256
7d814bc73f9801c7696eb99b1e59327f6b7ee38e4911833a38928e8c9ebc5af3

SHA512
fe93eaee344546e4b3691637b0558639c12cac0288a4bf121dde626b1fd789dd1ef823aea4cf33adff75e5a38875999cd500e176562e155a277d8ef2f0884d0d

Download Submit
C:\Windows\System\pHMxBQi.exe

Filesize
6.0MB

MD5
ac8c93f6d475d49fb17b5614e26fc150

SHA1
65d680dd23671f8da4a6748ac2e1bc40846421c3

SHA256
13b8985bb77b2ea4d8a567eaf66c793384145d2044be15c83c54d3292c21ed26

SHA512
03c4f92f92bb4e908900e1a8a77a6f76ecedf2a904a1e18f6242d113f3d3a141415de6c129461bdfa728cc03211046f35cae40a1af8fa1721b0b000b765f4427

Download Submit
C:\Windows\System\pSDNqNv.exe

Filesize
6.0MB

MD5
0fa960b4b2531022d68ee70d8e2f96d7

SHA1
3b0295afebbe7214d98b5268d0bc32a1b47ee634

SHA256
96b064374cccbc842cbf48edbaa630739a6e20fe73db093b2193309faa007a77

SHA512
ad11d6024eda0285966dfdf5359dba3e38d7cf906b626451d449f3ba266fabb6925510293240ed9d2c6eac5f243350ae5ba4bb2384378c45df36e157748f0472

Download Submit
C:\Windows\System\pdloari.exe

Filesize
6.0MB

MD5
b5172f880da529bcf7b9fc23eebd761f

SHA1
1998f4eb0b3f6810e033331b77060af1d9027657

SHA256
6ab091c2d55a1459dd5e2e541ca10f832d67caee045ed62b79478b6a8f2e367a

SHA512
18c6a0542a42557e781ae3fbd77ae0103b8584ee1d452c5aad1b504a58c51a2f6c880f2c20655b48c565a279f144e61dd59e75b5dc50f12e6c05138351c5cbc6

Download Submit
C:\Windows\System\qzvajRN.exe

Filesize
6.0MB

MD5
7d6fc7f074ffdd6e4959a8ef502cf0ea

SHA1
96ed910b03e5ef016e2091f9727132aa91810efe

SHA256
ce8d51debe424960b4a81cf8a38a35a5ec0929cc06ec7783ed00134e0ac4baa4

SHA512
510523d18c18d588ff5fbda0baa02ab4864f9e5eca853e259b32ab33fe8cccfb59e9e13b7be17601bdee2c8c3e0a4c7a1997813e47e7503c11bec9ab929dcfc1

Download Submit
C:\Windows\System\sKFmqCR.exe

Filesize
6.0MB

MD5
5694a953a09346b4f49af8bb83dfe02f

SHA1
cf7166d1197022ee872b600bce2667cff73db27a

SHA256
64a7e90f2dd23e4399c912b81067b34a6de0c685b08a23f4489eeb4b84813691

SHA512
9fe238657888db78e1d45dabd1918886903219cd1df4859791e353427459c8c545eadb91316a43689aef55135ceab4f8cbcf2c192038b9aafbcd6abfa385123e

Download Submit
C:\Windows\System\vmoQqsZ.exe

Filesize
6.0MB

MD5
1e81391f98480eb0c54b624225dd3906

SHA1
c33dcbde57cbaf8a91b86c575d42abca08748db6

SHA256
786291f6c1ffa79c8156a083b1f0a231c1280035c65b4d3e438c8203f9f060ff

SHA512
2be692b356fe224d4fae2d6bd2e5c00f78a92f5ed427db03b8f8c3613841ed2bfc8aefb4bb4a07a032ccac538c8a5aec3b54d4acc87d0b25572b2a4c343c16f1

Download Submit
C:\Windows\System\xgCumte.exe

Filesize
6.0MB

MD5
47755b75b9d62b1befbea75ddfbeecc9

SHA1
6431fcb1353afb2ef96ed9d82000caa51e0ef287

SHA256
e67135f65d268bfb3099faef1386be22f236770fc633db8bfb9ba4bdf39854b6

SHA512
57311e1da19e6b16427c73a63ece5a5f5b8ba9a9b001722f1e91fb2fd9b382d599904a68d62efc46eafd3ef45771c15d9b99a178dfc7d0a91d5df82a17f3b2e0

Download Submit
C:\Windows\System\xvaZyAV.exe

Filesize
6.0MB

MD5
a8a2948cb59cdee042afbcf48b0e1456

SHA1
c3930d520730793ee41f9561fef599f30e35618f

SHA256
a31fb1fdf64d8249e17bb810749316452efb1195a33b80e280a5c9031343f8ee

SHA512
413d9458cb7c90cf758df75fc5239a1b6f324c80a083836ed4be8ad84f090797ca08d62192d1fc33af09115ee57b64156aaad62aeff114b9ee8b9f98f306227f

Download Submit
C:\Windows\System\zeuPyvn.exe

Filesize
6.0MB

MD5
6d63dc4979e73c3dc8cb5c2d07dd6fb3

SHA1
87aed1e6a84fb347b51b1bb36fb76a2c266a7f14

SHA256
822591650ed297e62d977187cb51025af3107eec4d7728842b554c24c3ccf819

SHA512
80738882ba2d66e5928689f89cac92e874882d99923429f4b73ae191c3ba81a51a47588a07b8318de06652cb260dd81d16ae93be2655521c916f2cddb5cd26b3

Download Submit
memory/8-845-0x00007FF6ED9E0000-0x00007FF6EDD34000-memory.dmp

Filesize
3.3MB

Download
memory/8-1439-0x00007FF6ED9E0000-0x00007FF6EDD34000-memory.dmp

Filesize
3.3MB

Download
memory/400-1419-0x00007FF79D230000-0x00007FF79D584000-memory.dmp

Filesize
3.3MB

Download
memory/400-863-0x00007FF79D230000-0x00007FF79D584000-memory.dmp

Filesize
3.3MB

Download
memory/428-854-0x00007FF69CC00000-0x00007FF69CF54000-memory.dmp

Filesize
3.3MB

Download
memory/428-1444-0x00007FF69CC00000-0x00007FF69CF54000-memory.dmp

Filesize
3.3MB

Download
memory/688-1459-0x00007FF762E20000-0x00007FF763174000-memory.dmp

Filesize
3.3MB

Download
memory/688-862-0x00007FF762E20000-0x00007FF763174000-memory.dmp

Filesize
3.3MB

Download
memory/816-853-0x00007FF738410000-0x00007FF738764000-memory.dmp

Filesize
3.3MB

Download
memory/816-1443-0x00007FF738410000-0x00007FF738764000-memory.dmp

Filesize
3.3MB

Download
memory/912-861-0x00007FF6BF460000-0x00007FF6BF7B4000-memory.dmp

Filesize
3.3MB

Download
memory/912-1452-0x00007FF6BF460000-0x00007FF6BF7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-1420-0x00007FF7C5210000-0x00007FF7C5564000-memory.dmp

Filesize
3.3MB

Download
memory/1560-833-0x00007FF7C5210000-0x00007FF7C5564000-memory.dmp

Filesize
3.3MB

Download
memory/1560-1203-0x00007FF7C5210000-0x00007FF7C5564000-memory.dmp

Filesize
3.3MB

Download
memory/1588-847-0x00007FF64E350000-0x00007FF64E6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1588-1434-0x00007FF64E350000-0x00007FF64E6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1632-843-0x00007FF6E9530000-0x00007FF6E9884000-memory.dmp

Filesize
3.3MB

Download
memory/1632-1430-0x00007FF6E9530000-0x00007FF6E9884000-memory.dmp

Filesize
3.3MB

Download
memory/1916-1446-0x00007FF673F10000-0x00007FF674264000-memory.dmp

Filesize
3.3MB

Download
memory/1916-856-0x00007FF673F10000-0x00007FF674264000-memory.dmp

Filesize
3.3MB

Download
memory/2032-1427-0x00007FF695AD0000-0x00007FF695E24000-memory.dmp

Filesize
3.3MB

Download
memory/2032-852-0x00007FF695AD0000-0x00007FF695E24000-memory.dmp

Filesize
3.3MB

Download
memory/2476-848-0x00007FF6DCCA0000-0x00007FF6DCFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-1440-0x00007FF6DCCA0000-0x00007FF6DCFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-849-0x00007FF72C550000-0x00007FF72C8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1433-0x00007FF72C550000-0x00007FF72C8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-846-0x00007FF63F1B0000-0x00007FF63F504000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1426-0x00007FF63F1B0000-0x00007FF63F504000-memory.dmp

Filesize
3.3MB

Download
memory/2880-842-0x00007FF6955A0000-0x00007FF6958F4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-1432-0x00007FF6955A0000-0x00007FF6958F4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-1453-0x00007FF6D0880000-0x00007FF6D0BD4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-860-0x00007FF6D0880000-0x00007FF6D0BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3372-1454-0x00007FF6463E0000-0x00007FF646734000-memory.dmp

Filesize
3.3MB

Download
memory/3372-859-0x00007FF6463E0000-0x00007FF646734000-memory.dmp

Filesize
3.3MB

Download
memory/3380-1438-0x00007FF7C8C20000-0x00007FF7C8F74000-memory.dmp

Filesize
3.3MB

Download
memory/3380-851-0x00007FF7C8C20000-0x00007FF7C8F74000-memory.dmp

Filesize
3.3MB

Download
memory/3588-1412-0x00007FF666710000-0x00007FF666A64000-memory.dmp

Filesize
3.3MB

Download
memory/3588-18-0x00007FF666710000-0x00007FF666A64000-memory.dmp

Filesize
3.3MB

Download
memory/3588-1113-0x00007FF666710000-0x00007FF666A64000-memory.dmp

Filesize
3.3MB

Download
memory/3708-1406-0x00007FF796590000-0x00007FF7968E4000-memory.dmp

Filesize
3.3MB

Download
memory/3708-14-0x00007FF796590000-0x00007FF7968E4000-memory.dmp

Filesize
3.3MB

Download
memory/3776-858-0x00007FF7632D0000-0x00007FF763624000-memory.dmp

Filesize
3.3MB

Download
memory/3776-1455-0x00007FF7632D0000-0x00007FF763624000-memory.dmp

Filesize
3.3MB

Download
memory/3872-1-0x00000212EB920000-0x00000212EB930000-memory.dmp

Filesize
64KB

Download
memory/3872-975-0x00007FF6A5890000-0x00007FF6A5BE4000-memory.dmp

Filesize
3.3MB

Download
memory/3872-0-0x00007FF6A5890000-0x00007FF6A5BE4000-memory.dmp

Filesize
3.3MB

Download
memory/3976-8-0x00007FF6574F0000-0x00007FF657844000-memory.dmp

Filesize
3.3MB

Download
memory/3976-1400-0x00007FF6574F0000-0x00007FF657844000-memory.dmp

Filesize
3.3MB

Download
memory/4012-857-0x00007FF65C0F0000-0x00007FF65C444000-memory.dmp

Filesize
3.3MB

Download
memory/4012-1458-0x00007FF65C0F0000-0x00007FF65C444000-memory.dmp

Filesize
3.3MB

Download
memory/4248-1445-0x00007FF787740000-0x00007FF787A94000-memory.dmp

Filesize
3.3MB

Download
memory/4248-855-0x00007FF787740000-0x00007FF787A94000-memory.dmp

Filesize
3.3MB

Download
memory/4324-850-0x00007FF623ED0000-0x00007FF624224000-memory.dmp

Filesize
3.3MB

Download
memory/4324-1435-0x00007FF623ED0000-0x00007FF624224000-memory.dmp

Filesize
3.3MB

Download
memory/4480-1153-0x00007FF6F0CD0000-0x00007FF6F1024000-memory.dmp

Filesize
3.3MB

Download
memory/4480-1414-0x00007FF6F0CD0000-0x00007FF6F1024000-memory.dmp

Filesize
3.3MB

Download
memory/4480-26-0x00007FF6F0CD0000-0x00007FF6F1024000-memory.dmp

Filesize
3.3MB

Download
memory/4644-1431-0x00007FF61FA00000-0x00007FF61FD54000-memory.dmp

Filesize
3.3MB

Download
memory/4644-844-0x00007FF61FA00000-0x00007FF61FD54000-memory.dmp

Filesize
3.3MB

Download
memory/4824-1200-0x00007FF6E50F0000-0x00007FF6E5444000-memory.dmp

Filesize
3.3MB

Download
memory/4824-31-0x00007FF6E50F0000-0x00007FF6E5444000-memory.dmp

Filesize
3.3MB

Download
memory/4824-1423-0x00007FF6E50F0000-0x00007FF6E5444000-memory.dmp

Filesize
3.3MB

Download
memory/4904-834-0x00007FF790E10000-0x00007FF791164000-memory.dmp

Filesize
3.3MB

Download
memory/4904-1424-0x00007FF790E10000-0x00007FF791164000-memory.dmp

Filesize
3.3MB

Download