cobaltstrike | 3a5dc8f265881f5bfcf82cce84a878ad409e3db4ef63c83aca780e177d51a60a

Analysis

max time kernel
5s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2024 01:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

02da89af99be38f8a4f757584d48deb2
SHA1

33b12f7ed84225dc193b8d2f8806f73e309cb19b
SHA256

3a5dc8f265881f5bfcf82cce84a878ad409e3db4ef63c83aca780e177d51a60a
SHA512

87cec186a04141646a7d99161d0161d372ec36698b681a8b9e172ad7f5b05ac3127b13d3d74625a7322f16415f67cbbe3639a98580b18badb2d54ca66b1b8984
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUo:T+q56utgpPF8u/7o

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023ca4-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca9-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caa-22.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cad-40.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-53.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-51.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cac-36.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cab-29.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca8-12.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023ca5-61.dat	cobalt_reflective_dll
behavioral2/files/0x0002000000022ae8-67.dat	cobalt_reflective_dll
behavioral2/files/0x0002000000022af2-73.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023b5d-82.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023b62-87.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb2-114.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb5-130.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb8-149.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbf-181.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc1-188.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc0-185.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbe-177.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbd-172.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbc-169.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbb-163.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cba-158.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb9-152.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb7-143.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb6-138.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb4-126.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-121.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-106.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-100.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000023b63-93.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1028-0-0x00007FF64FD50000-0x00007FF6500A4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023ca4-4.dat	xmrig
behavioral2/files/0x0007000000023ca9-11.dat	xmrig
behavioral2/files/0x0007000000023caa-22.dat	xmrig
behavioral2/memory/4492-32-0x00007FF76BB20000-0x00007FF76BE74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cad-40.dat	xmrig
behavioral2/memory/5036-42-0x00007FF744F30000-0x00007FF745284000-memory.dmp	xmrig
behavioral2/memory/1100-39-0x00007FF675C80000-0x00007FF675FD4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023caf-53.dat	xmrig
behavioral2/memory/2380-56-0x00007FF7D2F70000-0x00007FF7D32C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cae-51.dat	xmrig
behavioral2/memory/212-48-0x00007FF7316D0000-0x00007FF731A24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cac-36.dat	xmrig
behavioral2/files/0x0007000000023cab-29.dat	xmrig
behavioral2/memory/976-24-0x00007FF731B50000-0x00007FF731EA4000-memory.dmp	xmrig
behavioral2/memory/4108-18-0x00007FF61E9A0000-0x00007FF61ECF4000-memory.dmp	xmrig
behavioral2/memory/1664-14-0x00007FF7A8A00000-0x00007FF7A8D54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca8-12.dat	xmrig
behavioral2/memory/3016-8-0x00007FF7F2F10000-0x00007FF7F3264000-memory.dmp	xmrig
behavioral2/files/0x0008000000023ca5-61.dat	xmrig
behavioral2/files/0x0002000000022ae8-67.dat	xmrig
behavioral2/memory/4720-69-0x00007FF7A25A0000-0x00007FF7A28F4000-memory.dmp	xmrig
behavioral2/files/0x0002000000022af2-73.dat	xmrig
behavioral2/files/0x000e000000023b5d-82.dat	xmrig
behavioral2/files/0x000c000000023b62-87.dat	xmrig
behavioral2/memory/776-98-0x00007FF7FBC50000-0x00007FF7FBFA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb2-114.dat	xmrig
behavioral2/files/0x0007000000023cb5-130.dat	xmrig
behavioral2/files/0x0007000000023cb8-149.dat	xmrig
behavioral2/files/0x0007000000023cbf-181.dat	xmrig
behavioral2/memory/1704-333-0x00007FF745D00000-0x00007FF746054000-memory.dmp	xmrig
behavioral2/memory/1856-335-0x00007FF64BB00000-0x00007FF64BE54000-memory.dmp	xmrig
behavioral2/memory/4540-338-0x00007FF697E80000-0x00007FF6981D4000-memory.dmp	xmrig
behavioral2/memory/3532-341-0x00007FF773B20000-0x00007FF773E74000-memory.dmp	xmrig
behavioral2/memory/3888-343-0x00007FF779D10000-0x00007FF77A064000-memory.dmp	xmrig
behavioral2/memory/212-342-0x00007FF7316D0000-0x00007FF731A24000-memory.dmp	xmrig
behavioral2/memory/2380-699-0x00007FF7D2F70000-0x00007FF7D32C4000-memory.dmp	xmrig
behavioral2/memory/4720-813-0x00007FF7A25A0000-0x00007FF7A28F4000-memory.dmp	xmrig
behavioral2/memory/2748-875-0x00007FF74D4E0000-0x00007FF74D834000-memory.dmp	xmrig
behavioral2/memory/404-340-0x00007FF614C60000-0x00007FF614FB4000-memory.dmp	xmrig
behavioral2/memory/4408-339-0x00007FF628D30000-0x00007FF629084000-memory.dmp	xmrig
behavioral2/memory/1144-337-0x00007FF6AFE50000-0x00007FF6B01A4000-memory.dmp	xmrig
behavioral2/memory/608-336-0x00007FF664A40000-0x00007FF664D94000-memory.dmp	xmrig
behavioral2/memory/4072-334-0x00007FF669E10000-0x00007FF66A164000-memory.dmp	xmrig
behavioral2/memory/1956-332-0x00007FF667040000-0x00007FF667394000-memory.dmp	xmrig
behavioral2/memory/4284-1042-0x00007FF635690000-0x00007FF6359E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc1-188.dat	xmrig
behavioral2/files/0x0007000000023cc0-185.dat	xmrig
behavioral2/files/0x0007000000023cbe-177.dat	xmrig
behavioral2/files/0x0007000000023cbd-172.dat	xmrig
behavioral2/files/0x0007000000023cbc-169.dat	xmrig
behavioral2/files/0x0007000000023cbb-163.dat	xmrig
behavioral2/files/0x0007000000023cba-158.dat	xmrig
behavioral2/files/0x0007000000023cb9-152.dat	xmrig
behavioral2/files/0x0007000000023cb7-143.dat	xmrig
behavioral2/files/0x0007000000023cb6-138.dat	xmrig
behavioral2/files/0x0007000000023cb4-126.dat	xmrig
behavioral2/files/0x0007000000023cb3-121.dat	xmrig
behavioral2/memory/4284-116-0x00007FF635690000-0x00007FF6359E4000-memory.dmp	xmrig
behavioral2/memory/3180-113-0x00007FF723D10000-0x00007FF724064000-memory.dmp	xmrig
behavioral2/memory/5036-112-0x00007FF744F30000-0x00007FF745284000-memory.dmp	xmrig
behavioral2/memory/1100-109-0x00007FF675C80000-0x00007FF675FD4000-memory.dmp	xmrig
behavioral2/memory/1464-108-0x00007FF6C9900000-0x00007FF6C9C54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb1-106.dat	xmrig

Executes dropped EXE 44 IoCs

pid	Process
3016	fbmqogF.exe
1664	wLSGxMU.exe
4108	jVnAIPd.exe
976	ctjcXKS.exe
4492	iOqBdxz.exe
1100	gTeKUfb.exe
5036	wQGyTFC.exe
212	wFWWCYf.exe
2380	zhNltaL.exe
4076	UArcFJo.exe
4720	MFHGlCO.exe
2748	EGrFROa.exe
776	mFfWiMk.exe
4596	fBeSVMG.exe
628	FokZcGy.exe
1464	ISRaPga.exe
3180	cbCLVCA.exe
4284	YqQPqyF.exe
3888	eiKCcwE.exe
1956	nnQtNON.exe
1704	ZTPuJhc.exe
4072	KBWMpRB.exe
1856	NOHjejA.exe
608	fLAkJPa.exe
1144	jcAPgLW.exe
4540	uWKUfnc.exe
4408	LJHELQG.exe
404	aNBAnWy.exe
3532	SjcCwUi.exe
5020	hjgoRIz.exe
3132	qjTPCcY.exe
3440	TLAmgYC.exe
1172	CYRruDl.exe
4104	VyFPiFn.exe
4948	EHIeVUs.exe
4256	hRqJXwn.exe
1484	pnlBIMK.exe
428	hofBtPR.exe
2816	cGUOicA.exe
2628	wKQvMqg.exe
5076	MOoRHsF.exe
4376	InVhATj.exe
1628	EwepBsf.exe
3452	egtzMZM.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1028-0-0x00007FF64FD50000-0x00007FF6500A4000-memory.dmp	upx
behavioral2/files/0x0008000000023ca4-4.dat	upx
behavioral2/files/0x0007000000023ca9-11.dat	upx
behavioral2/files/0x0007000000023caa-22.dat	upx
behavioral2/memory/4492-32-0x00007FF76BB20000-0x00007FF76BE74000-memory.dmp	upx
behavioral2/files/0x0007000000023cad-40.dat	upx
behavioral2/memory/5036-42-0x00007FF744F30000-0x00007FF745284000-memory.dmp	upx
behavioral2/memory/1100-39-0x00007FF675C80000-0x00007FF675FD4000-memory.dmp	upx
behavioral2/files/0x0007000000023caf-53.dat	upx
behavioral2/memory/2380-56-0x00007FF7D2F70000-0x00007FF7D32C4000-memory.dmp	upx
behavioral2/files/0x0007000000023cae-51.dat	upx
behavioral2/memory/212-48-0x00007FF7316D0000-0x00007FF731A24000-memory.dmp	upx
behavioral2/files/0x0007000000023cac-36.dat	upx
behavioral2/files/0x0007000000023cab-29.dat	upx
behavioral2/memory/976-24-0x00007FF731B50000-0x00007FF731EA4000-memory.dmp	upx
behavioral2/memory/4108-18-0x00007FF61E9A0000-0x00007FF61ECF4000-memory.dmp	upx
behavioral2/memory/1664-14-0x00007FF7A8A00000-0x00007FF7A8D54000-memory.dmp	upx
behavioral2/files/0x0007000000023ca8-12.dat	upx
behavioral2/memory/3016-8-0x00007FF7F2F10000-0x00007FF7F3264000-memory.dmp	upx
behavioral2/files/0x0008000000023ca5-61.dat	upx
behavioral2/files/0x0002000000022ae8-67.dat	upx
behavioral2/memory/4720-69-0x00007FF7A25A0000-0x00007FF7A28F4000-memory.dmp	upx
behavioral2/files/0x0002000000022af2-73.dat	upx
behavioral2/files/0x000e000000023b5d-82.dat	upx
behavioral2/files/0x000c000000023b62-87.dat	upx
behavioral2/memory/776-98-0x00007FF7FBC50000-0x00007FF7FBFA4000-memory.dmp	upx
behavioral2/files/0x0007000000023cb2-114.dat	upx
behavioral2/files/0x0007000000023cb5-130.dat	upx
behavioral2/files/0x0007000000023cb8-149.dat	upx
behavioral2/files/0x0007000000023cbf-181.dat	upx
behavioral2/memory/1704-333-0x00007FF745D00000-0x00007FF746054000-memory.dmp	upx
behavioral2/memory/1856-335-0x00007FF64BB00000-0x00007FF64BE54000-memory.dmp	upx
behavioral2/memory/4540-338-0x00007FF697E80000-0x00007FF6981D4000-memory.dmp	upx
behavioral2/memory/3532-341-0x00007FF773B20000-0x00007FF773E74000-memory.dmp	upx
behavioral2/memory/3888-343-0x00007FF779D10000-0x00007FF77A064000-memory.dmp	upx
behavioral2/memory/212-342-0x00007FF7316D0000-0x00007FF731A24000-memory.dmp	upx
behavioral2/memory/2380-699-0x00007FF7D2F70000-0x00007FF7D32C4000-memory.dmp	upx
behavioral2/memory/4720-813-0x00007FF7A25A0000-0x00007FF7A28F4000-memory.dmp	upx
behavioral2/memory/2748-875-0x00007FF74D4E0000-0x00007FF74D834000-memory.dmp	upx
behavioral2/memory/404-340-0x00007FF614C60000-0x00007FF614FB4000-memory.dmp	upx
behavioral2/memory/4408-339-0x00007FF628D30000-0x00007FF629084000-memory.dmp	upx
behavioral2/memory/1144-337-0x00007FF6AFE50000-0x00007FF6B01A4000-memory.dmp	upx
behavioral2/memory/608-336-0x00007FF664A40000-0x00007FF664D94000-memory.dmp	upx
behavioral2/memory/4072-334-0x00007FF669E10000-0x00007FF66A164000-memory.dmp	upx
behavioral2/memory/1956-332-0x00007FF667040000-0x00007FF667394000-memory.dmp	upx
behavioral2/memory/4284-1042-0x00007FF635690000-0x00007FF6359E4000-memory.dmp	upx
behavioral2/files/0x0007000000023cc1-188.dat	upx
behavioral2/files/0x0007000000023cc0-185.dat	upx
behavioral2/files/0x0007000000023cbe-177.dat	upx
behavioral2/files/0x0007000000023cbd-172.dat	upx
behavioral2/files/0x0007000000023cbc-169.dat	upx
behavioral2/files/0x0007000000023cbb-163.dat	upx
behavioral2/files/0x0007000000023cba-158.dat	upx
behavioral2/files/0x0007000000023cb9-152.dat	upx
behavioral2/files/0x0007000000023cb7-143.dat	upx
behavioral2/files/0x0007000000023cb6-138.dat	upx
behavioral2/files/0x0007000000023cb4-126.dat	upx
behavioral2/files/0x0007000000023cb3-121.dat	upx
behavioral2/memory/4284-116-0x00007FF635690000-0x00007FF6359E4000-memory.dmp	upx
behavioral2/memory/3180-113-0x00007FF723D10000-0x00007FF724064000-memory.dmp	upx
behavioral2/memory/5036-112-0x00007FF744F30000-0x00007FF745284000-memory.dmp	upx
behavioral2/memory/1100-109-0x00007FF675C80000-0x00007FF675FD4000-memory.dmp	upx
behavioral2/memory/1464-108-0x00007FF6C9900000-0x00007FF6C9C54000-memory.dmp	upx
behavioral2/files/0x0007000000023cb1-106.dat	upx

Drops file in Windows directory 46 IoCs

description	ioc	Process
File created	C:\Windows\System\zhNltaL.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FokZcGy.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YqQPqyF.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jcAPgLW.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wLSGxMU.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jVnAIPd.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SjcCwUi.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYRruDl.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHIeVUs.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hofBtPR.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOoRHsF.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nnQtNON.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KBWMpRB.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UArcFJo.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mFfWiMk.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fBeSVMG.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISRaPga.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aNBAnWy.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VyFPiFn.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iOqBdxz.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQGyTFC.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InVhATj.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctjcXKS.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwepBsf.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TLAmgYC.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnlBIMK.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cGUOicA.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eiKCcwE.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTPuJhc.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKQvMqg.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egtzMZM.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFHGlCO.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uWKUfnc.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EGrFROa.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOHjejA.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLAkJPa.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjgoRIz.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjTPCcY.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wzlMCZb.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbmqogF.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFWWCYf.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUyzZMZ.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LJHELQG.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRqJXwn.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gTeKUfb.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cbCLVCA.exe	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 3016	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1028 wrote to memory of 3016	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1028 wrote to memory of 1664	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1028 wrote to memory of 1664	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1028 wrote to memory of 4108	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1028 wrote to memory of 4108	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1028 wrote to memory of 976	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1028 wrote to memory of 976	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1028 wrote to memory of 4492	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1028 wrote to memory of 4492	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1028 wrote to memory of 1100	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1028 wrote to memory of 1100	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1028 wrote to memory of 5036	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1028 wrote to memory of 5036	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1028 wrote to memory of 212	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1028 wrote to memory of 212	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1028 wrote to memory of 2380	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1028 wrote to memory of 2380	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1028 wrote to memory of 4076	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1028 wrote to memory of 4076	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1028 wrote to memory of 4720	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1028 wrote to memory of 4720	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1028 wrote to memory of 2748	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1028 wrote to memory of 2748	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1028 wrote to memory of 776	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1028 wrote to memory of 776	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1028 wrote to memory of 4596	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1028 wrote to memory of 4596	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1028 wrote to memory of 628	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1028 wrote to memory of 628	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1028 wrote to memory of 1464	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1028 wrote to memory of 1464	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1028 wrote to memory of 3180	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1028 wrote to memory of 3180	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1028 wrote to memory of 4284	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1028 wrote to memory of 4284	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1028 wrote to memory of 3888	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1028 wrote to memory of 3888	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1028 wrote to memory of 1956	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1028 wrote to memory of 1956	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1028 wrote to memory of 1704	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1028 wrote to memory of 1704	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1028 wrote to memory of 4072	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1028 wrote to memory of 4072	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1028 wrote to memory of 1856	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1028 wrote to memory of 1856	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1028 wrote to memory of 608	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1028 wrote to memory of 608	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1028 wrote to memory of 1144	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1028 wrote to memory of 1144	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1028 wrote to memory of 4540	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1028 wrote to memory of 4540	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1028 wrote to memory of 4408	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1028 wrote to memory of 4408	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1028 wrote to memory of 404	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1028 wrote to memory of 404	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1028 wrote to memory of 3532	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1028 wrote to memory of 3532	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1028 wrote to memory of 5020	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1028 wrote to memory of 5020	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1028 wrote to memory of 3132	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 1028 wrote to memory of 3132	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 1028 wrote to memory of 3440	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 1028 wrote to memory of 3440	1028	2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-16_02da89af99be38f8a4f757584d48deb2_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\System\fbmqogF.exe
  C:\Windows\System\fbmqogF.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\wLSGxMU.exe
  C:\Windows\System\wLSGxMU.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\jVnAIPd.exe
  C:\Windows\System\jVnAIPd.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\ctjcXKS.exe
  C:\Windows\System\ctjcXKS.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\iOqBdxz.exe
  C:\Windows\System\iOqBdxz.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\gTeKUfb.exe
  C:\Windows\System\gTeKUfb.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\wQGyTFC.exe
  C:\Windows\System\wQGyTFC.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\wFWWCYf.exe
  C:\Windows\System\wFWWCYf.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\zhNltaL.exe
  C:\Windows\System\zhNltaL.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\UArcFJo.exe
  C:\Windows\System\UArcFJo.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\MFHGlCO.exe
  C:\Windows\System\MFHGlCO.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\EGrFROa.exe
  C:\Windows\System\EGrFROa.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\mFfWiMk.exe
  C:\Windows\System\mFfWiMk.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\fBeSVMG.exe
  C:\Windows\System\fBeSVMG.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\FokZcGy.exe
  C:\Windows\System\FokZcGy.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\ISRaPga.exe
  C:\Windows\System\ISRaPga.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\cbCLVCA.exe
  C:\Windows\System\cbCLVCA.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\YqQPqyF.exe
  C:\Windows\System\YqQPqyF.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\eiKCcwE.exe
  C:\Windows\System\eiKCcwE.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\nnQtNON.exe
  C:\Windows\System\nnQtNON.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\ZTPuJhc.exe
  C:\Windows\System\ZTPuJhc.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\KBWMpRB.exe
  C:\Windows\System\KBWMpRB.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\NOHjejA.exe
  C:\Windows\System\NOHjejA.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\fLAkJPa.exe
  C:\Windows\System\fLAkJPa.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\jcAPgLW.exe
  C:\Windows\System\jcAPgLW.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\uWKUfnc.exe
  C:\Windows\System\uWKUfnc.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\LJHELQG.exe
  C:\Windows\System\LJHELQG.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\aNBAnWy.exe
  C:\Windows\System\aNBAnWy.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\SjcCwUi.exe
  C:\Windows\System\SjcCwUi.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\hjgoRIz.exe
  C:\Windows\System\hjgoRIz.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\qjTPCcY.exe
  C:\Windows\System\qjTPCcY.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\TLAmgYC.exe
  C:\Windows\System\TLAmgYC.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\CYRruDl.exe
  C:\Windows\System\CYRruDl.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\VyFPiFn.exe
  C:\Windows\System\VyFPiFn.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\EHIeVUs.exe
  C:\Windows\System\EHIeVUs.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\hRqJXwn.exe
  C:\Windows\System\hRqJXwn.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\pnlBIMK.exe
  C:\Windows\System\pnlBIMK.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\hofBtPR.exe
  C:\Windows\System\hofBtPR.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\cGUOicA.exe
  C:\Windows\System\cGUOicA.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\wKQvMqg.exe
  C:\Windows\System\wKQvMqg.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\MOoRHsF.exe
  C:\Windows\System\MOoRHsF.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\InVhATj.exe
  C:\Windows\System\InVhATj.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\EwepBsf.exe
  C:\Windows\System\EwepBsf.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\egtzMZM.exe
  C:\Windows\System\egtzMZM.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\wzlMCZb.exe
  C:\Windows\System\wzlMCZb.exe
  2⤵
  PID:1596
- C:\Windows\System\wUyzZMZ.exe
  C:\Windows\System\wUyzZMZ.exe
  2⤵
  PID:4920
- C:\Windows\System\wzgDoOJ.exe
  C:\Windows\System\wzgDoOJ.exe
  2⤵
  PID:4888
- C:\Windows\System\UaWjKIW.exe
  C:\Windows\System\UaWjKIW.exe
  2⤵
  PID:2760
- C:\Windows\System\uwLZBbP.exe
  C:\Windows\System\uwLZBbP.exe
  2⤵
  PID:3012
- C:\Windows\System\ICeysnR.exe
  C:\Windows\System\ICeysnR.exe
  2⤵
  PID:1876
- C:\Windows\System\ODUcudh.exe
  C:\Windows\System\ODUcudh.exe
  2⤵
  PID:3116
- C:\Windows\System\zXuGcjC.exe
  C:\Windows\System\zXuGcjC.exe
  2⤵
  PID:4436
- C:\Windows\System\qjIqhlD.exe
  C:\Windows\System\qjIqhlD.exe
  2⤵
  PID:2884
- C:\Windows\System\KWIVoiF.exe
  C:\Windows\System\KWIVoiF.exe
  2⤵
  PID:432
- C:\Windows\System\gmcDwfn.exe
  C:\Windows\System\gmcDwfn.exe
  2⤵
  PID:4512
- C:\Windows\System\VumjdMv.exe
  C:\Windows\System\VumjdMv.exe
  2⤵
  PID:740
- C:\Windows\System\FFvGCQS.exe
  C:\Windows\System\FFvGCQS.exe
  2⤵
  PID:3568
- C:\Windows\System\HuVLCJS.exe
  C:\Windows\System\HuVLCJS.exe
  2⤵
  PID:3908
- C:\Windows\System\MmQRrCK.exe
  C:\Windows\System\MmQRrCK.exe
  2⤵
  PID:3420
- C:\Windows\System\hLXwPat.exe
  C:\Windows\System\hLXwPat.exe
  2⤵
  PID:5060
- C:\Windows\System\ezeZqta.exe
  C:\Windows\System\ezeZqta.exe
  2⤵
  PID:1892
- C:\Windows\System\OLySjZK.exe
  C:\Windows\System\OLySjZK.exe
  2⤵
  PID:3904
- C:\Windows\System\EWxzUqz.exe
  C:\Windows\System\EWxzUqz.exe
  2⤵
  PID:2152
- C:\Windows\System\NZnwoGK.exe
  C:\Windows\System\NZnwoGK.exe
  2⤵
  PID:2932
- C:\Windows\System\oZVcuCl.exe
  C:\Windows\System\oZVcuCl.exe
  2⤵
  PID:4904
- C:\Windows\System\oBTgCbJ.exe
  C:\Windows\System\oBTgCbJ.exe
  2⤵
  PID:3860
- C:\Windows\System\HGyVBJG.exe
  C:\Windows\System\HGyVBJG.exe
  2⤵
  PID:2764
- C:\Windows\System\UUiQHWr.exe
  C:\Windows\System\UUiQHWr.exe
  2⤵
  PID:4068
- C:\Windows\System\JvvaSqa.exe
  C:\Windows\System\JvvaSqa.exe
  2⤵
  PID:2364
- C:\Windows\System\AAtAkmt.exe
  C:\Windows\System\AAtAkmt.exe
  2⤵
  PID:3084
- C:\Windows\System\FGLhqWS.exe
  C:\Windows\System\FGLhqWS.exe
  2⤵
  PID:3100
- C:\Windows\System\fmnvYCh.exe
  C:\Windows\System\fmnvYCh.exe
  2⤵
  PID:3520
- C:\Windows\System\ccQojgd.exe
  C:\Windows\System\ccQojgd.exe
  2⤵
  PID:2560
- C:\Windows\System\GamkUiB.exe
  C:\Windows\System\GamkUiB.exe
  2⤵
  PID:4260
- C:\Windows\System\tiEvfit.exe
  C:\Windows\System\tiEvfit.exe
  2⤵
  PID:2160
- C:\Windows\System\HoqkgzU.exe
  C:\Windows\System\HoqkgzU.exe
  2⤵
  PID:4280
- C:\Windows\System\PmwGLvp.exe
  C:\Windows\System\PmwGLvp.exe
  2⤵
  PID:3484
- C:\Windows\System\RrwdPuR.exe
  C:\Windows\System\RrwdPuR.exe
  2⤵
  PID:4688
- C:\Windows\System\EBIoXUy.exe
  C:\Windows\System\EBIoXUy.exe
  2⤵
  PID:3064
- C:\Windows\System\DyirNrt.exe
  C:\Windows\System\DyirNrt.exe
  2⤵
  PID:5148
- C:\Windows\System\tGjjBGY.exe
  C:\Windows\System\tGjjBGY.exe
  2⤵
  PID:5176
- C:\Windows\System\qZlcwft.exe
  C:\Windows\System\qZlcwft.exe
  2⤵
  PID:5268
- C:\Windows\System\JWgUbVi.exe
  C:\Windows\System\JWgUbVi.exe
  2⤵
  PID:5296
- C:\Windows\System\QpjByZc.exe
  C:\Windows\System\QpjByZc.exe
  2⤵
  PID:5312
- C:\Windows\System\RwXRRSV.exe
  C:\Windows\System\RwXRRSV.exe
  2⤵
  PID:5340
- C:\Windows\System\OkKIPdD.exe
  C:\Windows\System\OkKIPdD.exe
  2⤵
  PID:5368
- C:\Windows\System\nWvRYvC.exe
  C:\Windows\System\nWvRYvC.exe
  2⤵
  PID:5396
- C:\Windows\System\kdPzQuH.exe
  C:\Windows\System\kdPzQuH.exe
  2⤵
  PID:5424
- C:\Windows\System\BZbWxkF.exe
  C:\Windows\System\BZbWxkF.exe
  2⤵
  PID:5452
- C:\Windows\System\YhGbgKh.exe
  C:\Windows\System\YhGbgKh.exe
  2⤵
  PID:5480
- C:\Windows\System\sodYXTd.exe
  C:\Windows\System\sodYXTd.exe
  2⤵
  PID:5508
- C:\Windows\System\pgPGRsN.exe
  C:\Windows\System\pgPGRsN.exe
  2⤵
  PID:5536
- C:\Windows\System\VtVUyAC.exe
  C:\Windows\System\VtVUyAC.exe
  2⤵
  PID:5564
- C:\Windows\System\UXRTKck.exe
  C:\Windows\System\UXRTKck.exe
  2⤵
  PID:5604
- C:\Windows\System\tllAYUN.exe
  C:\Windows\System\tllAYUN.exe
  2⤵
  PID:5620
- C:\Windows\System\EbxKCTL.exe
  C:\Windows\System\EbxKCTL.exe
  2⤵
  PID:5648
- C:\Windows\System\Jhqnrio.exe
  C:\Windows\System\Jhqnrio.exe
  2⤵
  PID:5676
- C:\Windows\System\AgZYyOB.exe
  C:\Windows\System\AgZYyOB.exe
  2⤵
  PID:5700
- C:\Windows\System\ewXKEOV.exe
  C:\Windows\System\ewXKEOV.exe
  2⤵
  PID:5732
- C:\Windows\System\mHYHyIa.exe
  C:\Windows\System\mHYHyIa.exe
  2⤵
  PID:5760
- C:\Windows\System\hjXrWLL.exe
  C:\Windows\System\hjXrWLL.exe
  2⤵
  PID:5788
- C:\Windows\System\Gxblrqe.exe
  C:\Windows\System\Gxblrqe.exe
  2⤵
  PID:5816
- C:\Windows\System\VJWlqAy.exe
  C:\Windows\System\VJWlqAy.exe
  2⤵
  PID:5844
- C:\Windows\System\OfdiaFa.exe
  C:\Windows\System\OfdiaFa.exe
  2⤵
  PID:5872
- C:\Windows\System\MKTtxBU.exe
  C:\Windows\System\MKTtxBU.exe
  2⤵
  PID:5900
- C:\Windows\System\nuFScDy.exe
  C:\Windows\System\nuFScDy.exe
  2⤵
  PID:5928
- C:\Windows\System\LEsGNkt.exe
  C:\Windows\System\LEsGNkt.exe
  2⤵
  PID:5968
- C:\Windows\System\NeYJYMn.exe
  C:\Windows\System\NeYJYMn.exe
  2⤵
  PID:5984
- C:\Windows\System\jFZGDhE.exe
  C:\Windows\System\jFZGDhE.exe
  2⤵
  PID:6024
- C:\Windows\System\WjICvIN.exe
  C:\Windows\System\WjICvIN.exe
  2⤵
  PID:6040
- C:\Windows\System\QISgahN.exe
  C:\Windows\System\QISgahN.exe
  2⤵
  PID:6068
- C:\Windows\System\onsaBnb.exe
  C:\Windows\System\onsaBnb.exe
  2⤵
  PID:6108
- C:\Windows\System\BOubBMD.exe
  C:\Windows\System\BOubBMD.exe
  2⤵
  PID:6124
- C:\Windows\System\wOyKpiB.exe
  C:\Windows\System\wOyKpiB.exe
  2⤵
  PID:1960
- C:\Windows\System\ETRwFzv.exe
  C:\Windows\System\ETRwFzv.exe
  2⤵
  PID:2620
- C:\Windows\System\ugHXjCA.exe
  C:\Windows\System\ugHXjCA.exe
  2⤵
  PID:6160
- C:\Windows\System\HfZyXpy.exe
  C:\Windows\System\HfZyXpy.exe
  2⤵
  PID:6188
- C:\Windows\System\zQzzMaX.exe
  C:\Windows\System\zQzzMaX.exe
  2⤵
  PID:6228
- C:\Windows\System\CbIVbYu.exe
  C:\Windows\System\CbIVbYu.exe
  2⤵
  PID:6244
- C:\Windows\System\xMHckNN.exe
  C:\Windows\System\xMHckNN.exe
  2⤵
  PID:6272
- C:\Windows\System\TrKtIHv.exe
  C:\Windows\System\TrKtIHv.exe
  2⤵
  PID:6300
- C:\Windows\System\hseopMh.exe
  C:\Windows\System\hseopMh.exe
  2⤵
  PID:6328
- C:\Windows\System\SPfKMFb.exe
  C:\Windows\System\SPfKMFb.exe
  2⤵
  PID:6356
- C:\Windows\System\JHZVibJ.exe
  C:\Windows\System\JHZVibJ.exe
  2⤵
  PID:6396
- C:\Windows\System\fdSaciC.exe
  C:\Windows\System\fdSaciC.exe
  2⤵
  PID:6424
- C:\Windows\System\RIkgouY.exe
  C:\Windows\System\RIkgouY.exe
  2⤵
  PID:6452
- C:\Windows\System\YzZalaf.exe
  C:\Windows\System\YzZalaf.exe
  2⤵
  PID:6468
- C:\Windows\System\fzlsoYN.exe
  C:\Windows\System\fzlsoYN.exe
  2⤵
  PID:6496
- C:\Windows\System\FVQiKKT.exe
  C:\Windows\System\FVQiKKT.exe
  2⤵
  PID:6524
- C:\Windows\System\RsWQmpj.exe
  C:\Windows\System\RsWQmpj.exe
  2⤵
  PID:6564
- C:\Windows\System\XvbYYhr.exe
  C:\Windows\System\XvbYYhr.exe
  2⤵
  PID:6580
- C:\Windows\System\rdaXhiR.exe
  C:\Windows\System\rdaXhiR.exe
  2⤵
  PID:6608
- C:\Windows\System\xhdNlJR.exe
  C:\Windows\System\xhdNlJR.exe
  2⤵
  PID:6648
- C:\Windows\System\XVnnUOO.exe
  C:\Windows\System\XVnnUOO.exe
  2⤵
  PID:6676
- C:\Windows\System\GXgoKUg.exe
  C:\Windows\System\GXgoKUg.exe
  2⤵
  PID:6692
- C:\Windows\System\TfrdCGA.exe
  C:\Windows\System\TfrdCGA.exe
  2⤵
  PID:6732
- C:\Windows\System\IVUYpHp.exe
  C:\Windows\System\IVUYpHp.exe
  2⤵
  PID:6760
- C:\Windows\System\uokyWqS.exe
  C:\Windows\System\uokyWqS.exe
  2⤵
  PID:6788
- C:\Windows\System\YMyyxFR.exe
  C:\Windows\System\YMyyxFR.exe
  2⤵
  PID:6804
- C:\Windows\System\AwqTsAQ.exe
  C:\Windows\System\AwqTsAQ.exe
  2⤵
  PID:6832
- C:\Windows\System\UEPDrgu.exe
  C:\Windows\System\UEPDrgu.exe
  2⤵
  PID:6868
- C:\Windows\System\TPCwNIS.exe
  C:\Windows\System\TPCwNIS.exe
  2⤵
  PID:6900
- C:\Windows\System\ylgiNgh.exe
  C:\Windows\System\ylgiNgh.exe
  2⤵
  PID:6928
- C:\Windows\System\AayDWAo.exe
  C:\Windows\System\AayDWAo.exe
  2⤵
  PID:6944
- C:\Windows\System\JnceHzP.exe
  C:\Windows\System\JnceHzP.exe
  2⤵
  PID:6972
- C:\Windows\System\OdNapDi.exe
  C:\Windows\System\OdNapDi.exe
  2⤵
  PID:6988
- C:\Windows\System\uSokdcw.exe
  C:\Windows\System\uSokdcw.exe
  2⤵
  PID:7028
- C:\Windows\System\sRPAAJR.exe
  C:\Windows\System\sRPAAJR.exe
  2⤵
  PID:7068
- C:\Windows\System\TuFpZyv.exe
  C:\Windows\System\TuFpZyv.exe
  2⤵
  PID:7096
- C:\Windows\System\ZFblJuc.exe
  C:\Windows\System\ZFblJuc.exe
  2⤵
  PID:7112
- C:\Windows\System\FBDCYnG.exe
  C:\Windows\System\FBDCYnG.exe
  2⤵
  PID:7152
- C:\Windows\System\PzDDnAt.exe
  C:\Windows\System\PzDDnAt.exe
  2⤵
  PID:7172
- C:\Windows\System\iIGgzxT.exe
  C:\Windows\System\iIGgzxT.exe
  2⤵
  PID:7212
- C:\Windows\System\rFNYAgK.exe
  C:\Windows\System\rFNYAgK.exe
  2⤵
  PID:7228
- C:\Windows\System\eIhaKQp.exe
  C:\Windows\System\eIhaKQp.exe
  2⤵
  PID:7256
- C:\Windows\System\EamXtEa.exe
  C:\Windows\System\EamXtEa.exe
  2⤵
  PID:7284
- C:\Windows\System\pMZHMfe.exe
  C:\Windows\System\pMZHMfe.exe
  2⤵
  PID:7312
- C:\Windows\System\jBitrYr.exe
  C:\Windows\System\jBitrYr.exe
  2⤵
  PID:7352
- C:\Windows\System\LmPEzJc.exe
  C:\Windows\System\LmPEzJc.exe
  2⤵
  PID:7380
- C:\Windows\System\iHASYhU.exe
  C:\Windows\System\iHASYhU.exe
  2⤵
  PID:7408
- C:\Windows\System\zBDaOuC.exe
  C:\Windows\System\zBDaOuC.exe
  2⤵
  PID:7436
- C:\Windows\System\jTPiWpj.exe
  C:\Windows\System\jTPiWpj.exe
  2⤵
  PID:7464
- C:\Windows\System\NSvQUAi.exe
  C:\Windows\System\NSvQUAi.exe
  2⤵
  PID:7480
- C:\Windows\System\GcdcKsb.exe
  C:\Windows\System\GcdcKsb.exe
  2⤵
  PID:7508
- C:\Windows\System\GnGjYeV.exe
  C:\Windows\System\GnGjYeV.exe
  2⤵
  PID:7536
- C:\Windows\System\PowFimx.exe
  C:\Windows\System\PowFimx.exe
  2⤵
  PID:7564
- C:\Windows\System\JEnjOMJ.exe
  C:\Windows\System\JEnjOMJ.exe
  2⤵
  PID:7580
- C:\Windows\System\kVMPwOx.exe
  C:\Windows\System\kVMPwOx.exe
  2⤵
  PID:7608
- C:\Windows\System\sZvEAuu.exe
  C:\Windows\System\sZvEAuu.exe
  2⤵
  PID:7636
- C:\Windows\System\YDnhoWt.exe
  C:\Windows\System\YDnhoWt.exe
  2⤵
  PID:7676
- C:\Windows\System\SgshLWK.exe
  C:\Windows\System\SgshLWK.exe
  2⤵
  PID:7704
- C:\Windows\System\SrkcYjM.exe
  C:\Windows\System\SrkcYjM.exe
  2⤵
  PID:7732
- C:\Windows\System\LTrWznN.exe
  C:\Windows\System\LTrWznN.exe
  2⤵
  PID:7760
- C:\Windows\System\nlmxegM.exe
  C:\Windows\System\nlmxegM.exe
  2⤵
  PID:7788
- C:\Windows\System\IAcIade.exe
  C:\Windows\System\IAcIade.exe
  2⤵
  PID:7816
- C:\Windows\System\ROwKIjl.exe
  C:\Windows\System\ROwKIjl.exe
  2⤵
  PID:7844
- C:\Windows\System\nWlYpJg.exe
  C:\Windows\System\nWlYpJg.exe
  2⤵
  PID:7868
- C:\Windows\System\aeBvBzq.exe
  C:\Windows\System\aeBvBzq.exe
  2⤵
  PID:7900
- C:\Windows\System\LvQmHQN.exe
  C:\Windows\System\LvQmHQN.exe
  2⤵
  PID:7928
- C:\Windows\System\kHBMYOU.exe
  C:\Windows\System\kHBMYOU.exe
  2⤵
  PID:7956
- C:\Windows\System\xTVrMdy.exe
  C:\Windows\System\xTVrMdy.exe
  2⤵
  PID:7984
- C:\Windows\System\jkxtOnX.exe
  C:\Windows\System\jkxtOnX.exe
  2⤵
  PID:8012
- C:\Windows\System\XLAGrDn.exe
  C:\Windows\System\XLAGrDn.exe
  2⤵
  PID:8040
- C:\Windows\System\yTCjWUi.exe
  C:\Windows\System\yTCjWUi.exe
  2⤵
  PID:8068
- C:\Windows\System\DTBnyyV.exe
  C:\Windows\System\DTBnyyV.exe
  2⤵
  PID:8096
- C:\Windows\System\BiiSKpk.exe
  C:\Windows\System\BiiSKpk.exe
  2⤵
  PID:8124
- C:\Windows\System\IOUVJOh.exe
  C:\Windows\System\IOUVJOh.exe
  2⤵
  PID:8152
- C:\Windows\System\nmYvupQ.exe
  C:\Windows\System\nmYvupQ.exe
  2⤵
  PID:8180
- C:\Windows\System\KlRkxWe.exe
  C:\Windows\System\KlRkxWe.exe
  2⤵
  PID:7296
- C:\Windows\System\TsBFnBM.exe
  C:\Windows\System\TsBFnBM.exe
  2⤵
  PID:7224
- C:\Windows\System\IvREbTp.exe
  C:\Windows\System\IvREbTp.exe
  2⤵
  PID:7164
- C:\Windows\System\BaJNiiQ.exe
  C:\Windows\System\BaJNiiQ.exe
  2⤵
  PID:7104
- C:\Windows\System\xVjPrST.exe
  C:\Windows\System\xVjPrST.exe
  2⤵
  PID:7040
- C:\Windows\System\XjwmtCg.exe
  C:\Windows\System\XjwmtCg.exe
  2⤵
  PID:6964
- C:\Windows\System\xRGVXbI.exe
  C:\Windows\System\xRGVXbI.exe
  2⤵
  PID:6912
- C:\Windows\System\BtVyorJ.exe
  C:\Windows\System\BtVyorJ.exe
  2⤵
  PID:4660
- C:\Windows\System\rMiKwXh.exe
  C:\Windows\System\rMiKwXh.exe
  2⤵
  PID:6796
- C:\Windows\System\xcSxOKo.exe
  C:\Windows\System\xcSxOKo.exe
  2⤵
  PID:6724
- C:\Windows\System\pfGuHrx.exe
  C:\Windows\System\pfGuHrx.exe
  2⤵
  PID:6636
- C:\Windows\System\NFtQrFu.exe
  C:\Windows\System\NFtQrFu.exe
  2⤵
  PID:6576
- C:\Windows\System\MRcyhSD.exe
  C:\Windows\System\MRcyhSD.exe
  2⤵
  PID:6352
- C:\Windows\System\zvHevgr.exe
  C:\Windows\System\zvHevgr.exe
  2⤵
  PID:6288
- C:\Windows\System\MHvCFvJ.exe
  C:\Windows\System\MHvCFvJ.exe
  2⤵
  PID:6212
- C:\Windows\System\RKyxJuO.exe
  C:\Windows\System\RKyxJuO.exe
  2⤵
  PID:6156
- C:\Windows\System\XeEKbQD.exe
  C:\Windows\System\XeEKbQD.exe
  2⤵
  PID:6140
- C:\Windows\System\kuAHNaS.exe
  C:\Windows\System\kuAHNaS.exe
  2⤵
  PID:6096
- C:\Windows\System\jkgsnwR.exe
  C:\Windows\System\jkgsnwR.exe
  2⤵
  PID:6032
- C:\Windows\System\tHfArUc.exe
  C:\Windows\System\tHfArUc.exe
  2⤵
  PID:5960
- C:\Windows\System\FjtJGgr.exe
  C:\Windows\System\FjtJGgr.exe
  2⤵
  PID:5924
- C:\Windows\System\ShDSIJK.exe
  C:\Windows\System\ShDSIJK.exe
  2⤵
  PID:2036
- C:\Windows\System\gTJxvGO.exe
  C:\Windows\System\gTJxvGO.exe
  2⤵
  PID:5836
- C:\Windows\System\wnObTJU.exe
  C:\Windows\System\wnObTJU.exe
  2⤵
  PID:5772
- C:\Windows\System\ZddbYhg.exe
  C:\Windows\System\ZddbYhg.exe
  2⤵
  PID:5664
- C:\Windows\System\vJvABrn.exe
  C:\Windows\System\vJvABrn.exe
  2⤵
  PID:5616
- C:\Windows\System\huAoEUs.exe
  C:\Windows\System\huAoEUs.exe
  2⤵
  PID:5548
- C:\Windows\System\ieyRMpy.exe
  C:\Windows\System\ieyRMpy.exe
  2⤵
  PID:5492
- C:\Windows\System\ySwmCCP.exe
  C:\Windows\System\ySwmCCP.exe
  2⤵
  PID:5436
- C:\Windows\System\vGiLrBv.exe
  C:\Windows\System\vGiLrBv.exe
  2⤵
  PID:5352
- C:\Windows\System\htkWkIM.exe
  C:\Windows\System\htkWkIM.exe
  2⤵
  PID:5164
- C:\Windows\System\aKdIdca.exe
  C:\Windows\System\aKdIdca.exe
  2⤵
  PID:7404
- C:\Windows\System\iYWtUQu.exe
  C:\Windows\System\iYWtUQu.exe
  2⤵
  PID:7472
- C:\Windows\System\ApcmyRc.exe
  C:\Windows\System\ApcmyRc.exe
  2⤵
  PID:7532
- C:\Windows\System\QhhwUSV.exe
  C:\Windows\System\QhhwUSV.exe
  2⤵
  PID:7596
- C:\Windows\System\gEJtgCt.exe
  C:\Windows\System\gEJtgCt.exe
  2⤵
  PID:7664
- C:\Windows\System\RgwdBCB.exe
  C:\Windows\System\RgwdBCB.exe
  2⤵
  PID:7724
- C:\Windows\System\oDjzEPU.exe
  C:\Windows\System\oDjzEPU.exe
  2⤵
  PID:7784
- C:\Windows\System\BEVTmPH.exe
  C:\Windows\System\BEVTmPH.exe
  2⤵
  PID:7812
- C:\Windows\System\iDrhrOr.exe
  C:\Windows\System\iDrhrOr.exe
  2⤵
  PID:7864
- C:\Windows\System\UcggQTG.exe
  C:\Windows\System\UcggQTG.exe
  2⤵
  PID:7948
- C:\Windows\System\TnolHPL.exe
  C:\Windows\System\TnolHPL.exe
  2⤵
  PID:8000
- C:\Windows\System\sZkpEdT.exe
  C:\Windows\System\sZkpEdT.exe
  2⤵
  PID:8060
- C:\Windows\System\EHRxsLr.exe
  C:\Windows\System\EHRxsLr.exe
  2⤵
  PID:8108
- C:\Windows\System\vbLTgUZ.exe
  C:\Windows\System\vbLTgUZ.exe
  2⤵
  PID:8148
- C:\Windows\System\NsvZOQg.exe
  C:\Windows\System\NsvZOQg.exe
  2⤵
  PID:7324
- C:\Windows\System\nhlmdnQ.exe
  C:\Windows\System\nhlmdnQ.exe
  2⤵
  PID:7124
- C:\Windows\System\bHMWaYz.exe
  C:\Windows\System\bHMWaYz.exe
  2⤵
  PID:6984
- C:\Windows\System\oFUgeVy.exe
  C:\Windows\System\oFUgeVy.exe
  2⤵
  PID:6864
- C:\Windows\System\oBJPKBZ.exe
  C:\Windows\System\oBJPKBZ.exe
  2⤵
  PID:6748
- C:\Windows\System\vOiEvdW.exe
  C:\Windows\System\vOiEvdW.exe
  2⤵
  PID:5084
- C:\Windows\System\gxDwWfu.exe
  C:\Windows\System\gxDwWfu.exe
  2⤵
  PID:5236
- C:\Windows\System\wdNtfuQ.exe
  C:\Windows\System\wdNtfuQ.exe
  2⤵
  PID:460
- C:\Windows\System\RnCJtaj.exe
  C:\Windows\System\RnCJtaj.exe
  2⤵
  PID:3396
- C:\Windows\System\UJlGgLX.exe
  C:\Windows\System\UJlGgLX.exe
  2⤵
  PID:2176
- C:\Windows\System\BhyFJSq.exe
  C:\Windows\System\BhyFJSq.exe
  2⤵
  PID:772
- C:\Windows\System\QUKqEGV.exe
  C:\Windows\System\QUKqEGV.exe
  2⤵
  PID:5728
- C:\Windows\System\fHEDcxx.exe
  C:\Windows\System\fHEDcxx.exe
  2⤵
  PID:5640
- C:\Windows\System\Tutfwym.exe
  C:\Windows\System\Tutfwym.exe
  2⤵
  PID:5500
- C:\Windows\System\AmgErqw.exe
  C:\Windows\System\AmgErqw.exe
  2⤵
  PID:5192
- C:\Windows\System\PLEImyW.exe
  C:\Windows\System\PLEImyW.exe
  2⤵
  PID:4556
- C:\Windows\System\ONMtWtT.exe
  C:\Windows\System\ONMtWtT.exe
  2⤵
  PID:4448
- C:\Windows\System\EhwZgFH.exe
  C:\Windows\System\EhwZgFH.exe
  2⤵
  PID:7572
- C:\Windows\System\wXzLzzQ.exe
  C:\Windows\System\wXzLzzQ.exe
  2⤵
  PID:7696
- C:\Windows\System\lNOBBZW.exe
  C:\Windows\System\lNOBBZW.exe
  2⤵
  PID:2252
- C:\Windows\System\UKurKMy.exe
  C:\Windows\System\UKurKMy.exe
  2⤵
  PID:7920
- C:\Windows\System\aeieeUB.exe
  C:\Windows\System\aeieeUB.exe
  2⤵
  PID:8052
- C:\Windows\System\MxzpgyX.exe
  C:\Windows\System\MxzpgyX.exe
  2⤵
  PID:8144
- C:\Windows\System\vaispjK.exe
  C:\Windows\System\vaispjK.exe
  2⤵
  PID:7140
- C:\Windows\System\SjrBDhG.exe
  C:\Windows\System\SjrBDhG.exe
  2⤵
  PID:4988
- C:\Windows\System\zfoTpcB.exe
  C:\Windows\System\zfoTpcB.exe
  2⤵
  PID:6512
- C:\Windows\System\motMwpw.exe
  C:\Windows\System\motMwpw.exe
  2⤵
  PID:4132
- C:\Windows\System\VrlUmTc.exe
  C:\Windows\System\VrlUmTc.exe
  2⤵
  PID:6012
- C:\Windows\System\jhkOdjd.exe
  C:\Windows\System\jhkOdjd.exe
  2⤵
  PID:5552
- C:\Windows\System\gprAmCQ.exe
  C:\Windows\System\gprAmCQ.exe
  2⤵
  PID:5332
- C:\Windows\System\PXRlbzV.exe
  C:\Windows\System\PXRlbzV.exe
  2⤵
  PID:7552
- C:\Windows\System\OkINWGf.exe
  C:\Windows\System\OkINWGf.exe
  2⤵
  PID:3288
- C:\Windows\System\hOcPPZI.exe
  C:\Windows\System\hOcPPZI.exe
  2⤵
  PID:8084
- C:\Windows\System\xaOHAXU.exe
  C:\Windows\System\xaOHAXU.exe
  2⤵
  PID:7204
- C:\Windows\System\GjKqnsC.exe
  C:\Windows\System\GjKqnsC.exe
  2⤵
  PID:3608
- C:\Windows\System\TlzLqOE.exe
  C:\Windows\System\TlzLqOE.exe
  2⤵
  PID:7004
- C:\Windows\System\QsbBmas.exe
  C:\Windows\System\QsbBmas.exe
  2⤵
  PID:7344
- C:\Windows\System\DRweWMs.exe
  C:\Windows\System\DRweWMs.exe
  2⤵
  PID:5244
- C:\Windows\System\EMjOrnX.exe
  C:\Windows\System\EMjOrnX.exe
  2⤵
  PID:5808
- C:\Windows\System\kxbQTeG.exe
  C:\Windows\System\kxbQTeG.exe
  2⤵
  PID:7688
- C:\Windows\System\XLfULaf.exe
  C:\Windows\System\XLfULaf.exe
  2⤵
  PID:8136
- C:\Windows\System\rENbzvk.exe
  C:\Windows\System\rENbzvk.exe
  2⤵
  PID:448
- C:\Windows\System\DhWFDiV.exe
  C:\Windows\System\DhWFDiV.exe
  2⤵
  PID:4940
- C:\Windows\System\pNzbliV.exe
  C:\Windows\System\pNzbliV.exe
  2⤵
  PID:7980
- C:\Windows\System\EfsUTZN.exe
  C:\Windows\System\EfsUTZN.exe
  2⤵
  PID:4056
- C:\Windows\System\NSIxyRd.exe
  C:\Windows\System\NSIxyRd.exe
  2⤵
  PID:5380
- C:\Windows\System\LiKAZIM.exe
  C:\Windows\System\LiKAZIM.exe
  2⤵
  PID:8212
- C:\Windows\System\mynzeUc.exe
  C:\Windows\System\mynzeUc.exe
  2⤵
  PID:8236
- C:\Windows\System\MsRIBdw.exe
  C:\Windows\System\MsRIBdw.exe
  2⤵
  PID:8264
- C:\Windows\System\GqArlvM.exe
  C:\Windows\System\GqArlvM.exe
  2⤵
  PID:8300
- C:\Windows\System\WZEFTAn.exe
  C:\Windows\System\WZEFTAn.exe
  2⤵
  PID:8320
- C:\Windows\System\gciEjEG.exe
  C:\Windows\System\gciEjEG.exe
  2⤵
  PID:8348
- C:\Windows\System\xVdvWGD.exe
  C:\Windows\System\xVdvWGD.exe
  2⤵
  PID:8376
- C:\Windows\System\oPTcdPt.exe
  C:\Windows\System\oPTcdPt.exe
  2⤵
  PID:8404
- C:\Windows\System\slsZnVb.exe
  C:\Windows\System\slsZnVb.exe
  2⤵
  PID:8436
- C:\Windows\System\BtuUpvC.exe
  C:\Windows\System\BtuUpvC.exe
  2⤵
  PID:8464
- C:\Windows\System\VzSxWUi.exe
  C:\Windows\System\VzSxWUi.exe
  2⤵
  PID:8492
- C:\Windows\System\TSGErys.exe
  C:\Windows\System\TSGErys.exe
  2⤵
  PID:8520
- C:\Windows\System\UNANOMZ.exe
  C:\Windows\System\UNANOMZ.exe
  2⤵
  PID:8548
- C:\Windows\System\TFQLAfH.exe
  C:\Windows\System\TFQLAfH.exe
  2⤵
  PID:8576
- C:\Windows\System\lcpUoYT.exe
  C:\Windows\System\lcpUoYT.exe
  2⤵
  PID:8624
- C:\Windows\System\mROjjvP.exe
  C:\Windows\System\mROjjvP.exe
  2⤵
  PID:8668
- C:\Windows\System\dekFXiO.exe
  C:\Windows\System\dekFXiO.exe
  2⤵
  PID:8700
- C:\Windows\System\pzrJGSu.exe
  C:\Windows\System\pzrJGSu.exe
  2⤵
  PID:8724
- C:\Windows\System\cpyzIoD.exe
  C:\Windows\System\cpyzIoD.exe
  2⤵
  PID:8756
- C:\Windows\System\UiNNavS.exe
  C:\Windows\System\UiNNavS.exe
  2⤵
  PID:8788
- C:\Windows\System\CmMDZIc.exe
  C:\Windows\System\CmMDZIc.exe
  2⤵
  PID:8820
- C:\Windows\System\bJOPdgs.exe
  C:\Windows\System\bJOPdgs.exe
  2⤵
  PID:8840
- C:\Windows\System\DcztfDj.exe
  C:\Windows\System\DcztfDj.exe
  2⤵
  PID:8868
- C:\Windows\System\hTFXBWc.exe
  C:\Windows\System\hTFXBWc.exe
  2⤵
  PID:8896
- C:\Windows\System\zEIzYNX.exe
  C:\Windows\System\zEIzYNX.exe
  2⤵
  PID:8924
- C:\Windows\System\UPwaysG.exe
  C:\Windows\System\UPwaysG.exe
  2⤵
  PID:8952
- C:\Windows\System\FwhKHsw.exe
  C:\Windows\System\FwhKHsw.exe
  2⤵
  PID:8980
- C:\Windows\System\pSMUsOV.exe
  C:\Windows\System\pSMUsOV.exe
  2⤵
  PID:9020
- C:\Windows\System\RmUJcXC.exe
  C:\Windows\System\RmUJcXC.exe
  2⤵
  PID:9036
- C:\Windows\System\oGtCYDV.exe
  C:\Windows\System\oGtCYDV.exe
  2⤵
  PID:9064
- C:\Windows\System\KgfcoMi.exe
  C:\Windows\System\KgfcoMi.exe
  2⤵
  PID:9096
- C:\Windows\System\qjtkCCg.exe
  C:\Windows\System\qjtkCCg.exe
  2⤵
  PID:9120
- C:\Windows\System\riUiLbS.exe
  C:\Windows\System\riUiLbS.exe
  2⤵
  PID:9148
- C:\Windows\System\GkrSaex.exe
  C:\Windows\System\GkrSaex.exe
  2⤵
  PID:9176
- C:\Windows\System\TlEnuYy.exe
  C:\Windows\System\TlEnuYy.exe
  2⤵
  PID:9208
- C:\Windows\System\dlJjzfh.exe
  C:\Windows\System\dlJjzfh.exe
  2⤵
  PID:8248
- C:\Windows\System\tLugxqT.exe
  C:\Windows\System\tLugxqT.exe
  2⤵
  PID:4044
- C:\Windows\System\adZCYyv.exe
  C:\Windows\System\adZCYyv.exe
  2⤵
  PID:8368
- C:\Windows\System\MKIQTgb.exe
  C:\Windows\System\MKIQTgb.exe
  2⤵
  PID:8452
- C:\Windows\System\cAibqTP.exe
  C:\Windows\System\cAibqTP.exe
  2⤵
  PID:8504
- C:\Windows\System\lRrZNwf.exe
  C:\Windows\System\lRrZNwf.exe
  2⤵
  PID:8572
- C:\Windows\System\yXixgoG.exe
  C:\Windows\System\yXixgoG.exe
  2⤵
  PID:8660
- C:\Windows\System\qkJeQPc.exe
  C:\Windows\System\qkJeQPc.exe
  2⤵
  PID:8720
- C:\Windows\System\jqnzJca.exe
  C:\Windows\System\jqnzJca.exe
  2⤵
  PID:8796
- C:\Windows\System\OJpShDB.exe
  C:\Windows\System\OJpShDB.exe
  2⤵
  PID:8864
- C:\Windows\System\ErGcMqU.exe
  C:\Windows\System\ErGcMqU.exe
  2⤵
  PID:8940
- C:\Windows\System\berHhVg.exe
  C:\Windows\System\berHhVg.exe
  2⤵
  PID:8992
- C:\Windows\System\CSRKhmd.exe
  C:\Windows\System\CSRKhmd.exe
  2⤵
  PID:8480
- C:\Windows\System\SGQQKfQ.exe
  C:\Windows\System\SGQQKfQ.exe
  2⤵
  PID:9116
- C:\Windows\System\sSInMLe.exe
  C:\Windows\System\sSInMLe.exe
  2⤵
  PID:9172
- C:\Windows\System\MqkBKot.exe
  C:\Windows\System\MqkBKot.exe
  2⤵
  PID:8288
- C:\Windows\System\YavfzqI.exe
  C:\Windows\System\YavfzqI.exe
  2⤵
  PID:8416
- C:\Windows\System\xnKgfUY.exe
  C:\Windows\System\xnKgfUY.exe
  2⤵
  PID:8560
- C:\Windows\System\UBMFTbl.exe
  C:\Windows\System\UBMFTbl.exe
  2⤵
  PID:8748
- C:\Windows\System\zYVHDef.exe
  C:\Windows\System\zYVHDef.exe
  2⤵
  PID:8912
- C:\Windows\System\HJsfmdZ.exe
  C:\Windows\System\HJsfmdZ.exe
  2⤵
  PID:9048
- C:\Windows\System\oCVLNML.exe
  C:\Windows\System\oCVLNML.exe
  2⤵
  PID:9144
- C:\Windows\System\deMjMRD.exe
  C:\Windows\System\deMjMRD.exe
  2⤵
  PID:8532
- C:\Windows\System\CcpPRdc.exe
  C:\Windows\System\CcpPRdc.exe
  2⤵
  PID:8220
- C:\Windows\System\TPzgTbS.exe
  C:\Windows\System\TPzgTbS.exe
  2⤵
  PID:9104
- C:\Windows\System\RNeLwvA.exe
  C:\Windows\System\RNeLwvA.exe
  2⤵
  PID:1408
- C:\Windows\System\WBEoyFX.exe
  C:\Windows\System\WBEoyFX.exe
  2⤵
  PID:9088
- C:\Windows\System\kARTRMU.exe
  C:\Windows\System\kARTRMU.exe
  2⤵
  PID:9236
- C:\Windows\System\vpFtdfX.exe
  C:\Windows\System\vpFtdfX.exe
  2⤵
  PID:9264
- C:\Windows\System\xCNypmq.exe
  C:\Windows\System\xCNypmq.exe
  2⤵
  PID:9292
- C:\Windows\System\AdPIPbE.exe
  C:\Windows\System\AdPIPbE.exe
  2⤵
  PID:9320
- C:\Windows\System\bGyyevd.exe
  C:\Windows\System\bGyyevd.exe
  2⤵
  PID:9352
- C:\Windows\System\PMrxWxk.exe
  C:\Windows\System\PMrxWxk.exe
  2⤵
  PID:9380
- C:\Windows\System\uODBKmD.exe
  C:\Windows\System\uODBKmD.exe
  2⤵
  PID:9404
- C:\Windows\System\jxcwijX.exe
  C:\Windows\System\jxcwijX.exe
  2⤵
  PID:9432
- C:\Windows\System\xTXscEs.exe
  C:\Windows\System\xTXscEs.exe
  2⤵
  PID:9464
- C:\Windows\System\rAqXgCe.exe
  C:\Windows\System\rAqXgCe.exe
  2⤵
  PID:9488
- C:\Windows\System\ezBWKHg.exe
  C:\Windows\System\ezBWKHg.exe
  2⤵
  PID:9524
- C:\Windows\System\pkXCPFa.exe
  C:\Windows\System\pkXCPFa.exe
  2⤵
  PID:9552
- C:\Windows\System\AsnYWTE.exe
  C:\Windows\System\AsnYWTE.exe
  2⤵
  PID:9576
- C:\Windows\System\hOYPwXN.exe
  C:\Windows\System\hOYPwXN.exe
  2⤵
  PID:9604
- C:\Windows\System\udSFmmA.exe
  C:\Windows\System\udSFmmA.exe
  2⤵
  PID:9648
- C:\Windows\System\LQmAGFt.exe
  C:\Windows\System\LQmAGFt.exe
  2⤵
  PID:9716
- C:\Windows\System\bXmLHCo.exe
  C:\Windows\System\bXmLHCo.exe
  2⤵
  PID:9792
- C:\Windows\System\fzbxbNV.exe
  C:\Windows\System\fzbxbNV.exe
  2⤵
  PID:9824
- C:\Windows\System\jlBrOTJ.exe
  C:\Windows\System\jlBrOTJ.exe
  2⤵
  PID:9864
- C:\Windows\System\ndPbQRO.exe
  C:\Windows\System\ndPbQRO.exe
  2⤵
  PID:9900
- C:\Windows\System\nUTaZSu.exe
  C:\Windows\System\nUTaZSu.exe
  2⤵
  PID:9932
- C:\Windows\System\PRLVGxo.exe
  C:\Windows\System\PRLVGxo.exe
  2⤵
  PID:9956
- C:\Windows\System\pPEoJSv.exe
  C:\Windows\System\pPEoJSv.exe
  2⤵
  PID:9984
- C:\Windows\System\KFqlSnh.exe
  C:\Windows\System\KFqlSnh.exe
  2⤵
  PID:10008
- C:\Windows\System\GqmzWhk.exe
  C:\Windows\System\GqmzWhk.exe
  2⤵
  PID:10036
- C:\Windows\System\WevLETY.exe
  C:\Windows\System\WevLETY.exe
  2⤵
  PID:10064
- C:\Windows\System\jVeQQtR.exe
  C:\Windows\System\jVeQQtR.exe
  2⤵
  PID:10092
- C:\Windows\System\sbriiTK.exe
  C:\Windows\System\sbriiTK.exe
  2⤵
  PID:10128
- C:\Windows\System\CumsFJR.exe
  C:\Windows\System\CumsFJR.exe
  2⤵
  PID:10160
- C:\Windows\System\whJDLGj.exe
  C:\Windows\System\whJDLGj.exe
  2⤵
  PID:10188
- C:\Windows\System\hFetURE.exe
  C:\Windows\System\hFetURE.exe
  2⤵
  PID:10208
- C:\Windows\System\OAHkyVk.exe
  C:\Windows\System\OAHkyVk.exe
  2⤵
  PID:10236
- C:\Windows\System\bNFZVbA.exe
  C:\Windows\System\bNFZVbA.exe
  2⤵
  PID:9276
- C:\Windows\System\ELWgCCj.exe
  C:\Windows\System\ELWgCCj.exe
  2⤵
  PID:9364
- C:\Windows\System\rbCaDmc.exe
  C:\Windows\System\rbCaDmc.exe
  2⤵
  PID:9424
- C:\Windows\System\IdSXcDa.exe
  C:\Windows\System\IdSXcDa.exe
  2⤵
  PID:9500
- C:\Windows\System\HyWeJNF.exe
  C:\Windows\System\HyWeJNF.exe
  2⤵
  PID:9536
- C:\Windows\System\fRJiJYL.exe
  C:\Windows\System\fRJiJYL.exe
  2⤵
  PID:9596
- C:\Windows\System\wGRAouU.exe
  C:\Windows\System\wGRAouU.exe
  2⤵
  PID:9712
- C:\Windows\System\gGGCWyr.exe
  C:\Windows\System\gGGCWyr.exe
  2⤵
  PID:9836
- C:\Windows\System\MqZEpUV.exe
  C:\Windows\System\MqZEpUV.exe
  2⤵
  PID:9908
- C:\Windows\System\dMeYvxs.exe
  C:\Windows\System\dMeYvxs.exe
  2⤵
  PID:9964
- C:\Windows\System\zJOwNir.exe
  C:\Windows\System\zJOwNir.exe
  2⤵
  PID:10020
- C:\Windows\System\rKRlACZ.exe
  C:\Windows\System\rKRlACZ.exe
  2⤵
  PID:10108
- C:\Windows\System\AdkkZbu.exe
  C:\Windows\System\AdkkZbu.exe
  2⤵
  PID:10176
- C:\Windows\System\ISBEOmH.exe
  C:\Windows\System\ISBEOmH.exe
  2⤵
  PID:10232
- C:\Windows\System\hhBYzGc.exe
  C:\Windows\System\hhBYzGc.exe
  2⤵
  PID:9332
- C:\Windows\System\RPVRszs.exe
  C:\Windows\System\RPVRszs.exe
  2⤵
  PID:9512
- C:\Windows\System\XEOEajt.exe
  C:\Windows\System\XEOEajt.exe
  2⤵
  PID:9708
- C:\Windows\System\zKKHeDo.exe
  C:\Windows\System\zKKHeDo.exe
  2⤵
  PID:1828
- C:\Windows\System\LyMNMub.exe
  C:\Windows\System\LyMNMub.exe
  2⤵
  PID:10060
- C:\Windows\System\JWoJHsm.exe
  C:\Windows\System\JWoJHsm.exe
  2⤵
  PID:9256
- C:\Windows\System\pfGGtmP.exe
  C:\Windows\System\pfGGtmP.exe
  2⤵
  PID:9452
- C:\Windows\System\zyyEdEV.exe
  C:\Windows\System\zyyEdEV.exe
  2⤵
  PID:9888
- C:\Windows\System\jGeRTnR.exe
  C:\Windows\System\jGeRTnR.exe
  2⤵
  PID:9312
- C:\Windows\System\GNEJgzf.exe
  C:\Windows\System\GNEJgzf.exe
  2⤵
  PID:3028
- C:\Windows\System\prItqyp.exe
  C:\Windows\System\prItqyp.exe
  2⤵
  PID:10260
- C:\Windows\System\SQNIoro.exe
  C:\Windows\System\SQNIoro.exe
  2⤵
  PID:10284
- C:\Windows\System\ZklALoy.exe
  C:\Windows\System\ZklALoy.exe
  2⤵
  PID:10320
- C:\Windows\System\ieuRagq.exe
  C:\Windows\System\ieuRagq.exe
  2⤵
  PID:10348
- C:\Windows\System\qHdceot.exe
  C:\Windows\System\qHdceot.exe
  2⤵
  PID:10380
- C:\Windows\System\IdsxeNA.exe
  C:\Windows\System\IdsxeNA.exe
  2⤵
  PID:10412
- C:\Windows\System\GnSRbte.exe
  C:\Windows\System\GnSRbte.exe
  2⤵
  PID:10444
- C:\Windows\System\opqvand.exe
  C:\Windows\System\opqvand.exe
  2⤵
  PID:10468
- C:\Windows\System\nLlOcrZ.exe
  C:\Windows\System\nLlOcrZ.exe
  2⤵
  PID:10500
- C:\Windows\System\VaSJxOo.exe
  C:\Windows\System\VaSJxOo.exe
  2⤵
  PID:10536
- C:\Windows\System\nrmgcTI.exe
  C:\Windows\System\nrmgcTI.exe
  2⤵
  PID:10556
- C:\Windows\System\OrWVRnW.exe
  C:\Windows\System\OrWVRnW.exe
  2⤵
  PID:10588
- C:\Windows\System\KpBmuom.exe
  C:\Windows\System\KpBmuom.exe
  2⤵
  PID:10624
- C:\Windows\System\CnLGJxI.exe
  C:\Windows\System\CnLGJxI.exe
  2⤵
  PID:10652
- C:\Windows\System\GradGDh.exe
  C:\Windows\System\GradGDh.exe
  2⤵
  PID:10676
- C:\Windows\System\zOQvEEz.exe
  C:\Windows\System\zOQvEEz.exe
  2⤵
  PID:10712
- C:\Windows\System\YjMBuLM.exe
  C:\Windows\System\YjMBuLM.exe
  2⤵
  PID:10736
- C:\Windows\System\tfQCMhK.exe
  C:\Windows\System\tfQCMhK.exe
  2⤵
  PID:10772
- C:\Windows\System\wCpejsu.exe
  C:\Windows\System\wCpejsu.exe
  2⤵
  PID:10808
- C:\Windows\System\PLNgKzb.exe
  C:\Windows\System\PLNgKzb.exe
  2⤵
  PID:10836
- C:\Windows\System\YaxFCle.exe
  C:\Windows\System\YaxFCle.exe
  2⤵
  PID:10872
- C:\Windows\System\xudbXDr.exe
  C:\Windows\System\xudbXDr.exe
  2⤵
  PID:10888
- C:\Windows\System\DZQMWNK.exe
  C:\Windows\System\DZQMWNK.exe
  2⤵
  PID:10920
- C:\Windows\System\cqyOkyv.exe
  C:\Windows\System\cqyOkyv.exe
  2⤵
  PID:10956
- C:\Windows\System\olnmSsU.exe
  C:\Windows\System\olnmSsU.exe
  2⤵
  PID:10984
- C:\Windows\System\sMxetEV.exe
  C:\Windows\System\sMxetEV.exe
  2⤵
  PID:11008
- C:\Windows\System\OFAaAnI.exe
  C:\Windows\System\OFAaAnI.exe
  2⤵
  PID:11044
- C:\Windows\System\rDrxUhP.exe
  C:\Windows\System\rDrxUhP.exe
  2⤵
  PID:11072
- C:\Windows\System\wHVkdQC.exe
  C:\Windows\System\wHVkdQC.exe
  2⤵
  PID:11092
- C:\Windows\System\LrIveGi.exe
  C:\Windows\System\LrIveGi.exe
  2⤵
  PID:11120
- C:\Windows\System\DroNqUR.exe
  C:\Windows\System\DroNqUR.exe
  2⤵
  PID:11148
- C:\Windows\System\rKRTbwj.exe
  C:\Windows\System\rKRTbwj.exe
  2⤵
  PID:11176
- C:\Windows\System\YWcUVgH.exe
  C:\Windows\System\YWcUVgH.exe
  2⤵
  PID:11204
- C:\Windows\System\yIOdAde.exe
  C:\Windows\System\yIOdAde.exe
  2⤵
  PID:11236
- C:\Windows\System\FprHntH.exe
  C:\Windows\System\FprHntH.exe
  2⤵
  PID:10244
- C:\Windows\System\iaPCDTw.exe
  C:\Windows\System\iaPCDTw.exe
  2⤵
  PID:10340
- C:\Windows\System\wRuzRFy.exe
  C:\Windows\System\wRuzRFy.exe
  2⤵
  PID:10400
- C:\Windows\System\YosnaKy.exe
  C:\Windows\System\YosnaKy.exe
  2⤵
  PID:10464
- C:\Windows\System\TzYwVEt.exe
  C:\Windows\System\TzYwVEt.exe
  2⤵
  PID:10548
- C:\Windows\System\AzGkojU.exe
  C:\Windows\System\AzGkojU.exe
  2⤵
  PID:3740
- C:\Windows\System\sHwNDyY.exe
  C:\Windows\System\sHwNDyY.exe
  2⤵
  PID:10636
- C:\Windows\System\NKngKLR.exe
  C:\Windows\System\NKngKLR.exe
  2⤵
  PID:10700
- C:\Windows\System\hEOkhwS.exe
  C:\Windows\System\hEOkhwS.exe
  2⤵
  PID:3356
- C:\Windows\System\JgiHXRx.exe
  C:\Windows\System\JgiHXRx.exe
  2⤵
  PID:10844
- C:\Windows\System\HvjWext.exe
  C:\Windows\System\HvjWext.exe
  2⤵
  PID:10900
- C:\Windows\System\mSDwKwd.exe
  C:\Windows\System\mSDwKwd.exe
  2⤵
  PID:10972
- C:\Windows\System\jklUJqT.exe
  C:\Windows\System\jklUJqT.exe
  2⤵
  PID:5308
- C:\Windows\System\CoZrzVc.exe
  C:\Windows\System\CoZrzVc.exe
  2⤵
  PID:5264
- C:\Windows\System\OcjdHRN.exe
  C:\Windows\System\OcjdHRN.exe
  2⤵
  PID:11020
- C:\Windows\System\ROPpeQH.exe
  C:\Windows\System\ROPpeQH.exe
  2⤵
  PID:11060
- C:\Windows\System\ZWaoMem.exe
  C:\Windows\System\ZWaoMem.exe
  2⤵
  PID:11132
- C:\Windows\System\jLpkZtF.exe
  C:\Windows\System\jLpkZtF.exe
  2⤵
  PID:11196
- C:\Windows\System\OzaQIOI.exe
  C:\Windows\System\OzaQIOI.exe
  2⤵
  PID:11228
- C:\Windows\System\OyZIZjo.exe
  C:\Windows\System\OyZIZjo.exe
  2⤵
  PID:10332
- C:\Windows\System\HsZODdh.exe
  C:\Windows\System\HsZODdh.exe
  2⤵
  PID:10460
- C:\Windows\System\bVqMbsv.exe
  C:\Windows\System\bVqMbsv.exe
  2⤵
  PID:10632
- C:\Windows\System\puFRQWE.exe
  C:\Windows\System\puFRQWE.exe
  2⤵
  PID:10748
- C:\Windows\System\zQwwAMN.exe
  C:\Windows\System\zQwwAMN.exe
  2⤵
  PID:10848
- C:\Windows\System\VumHVXa.exe
  C:\Windows\System\VumHVXa.exe
  2⤵
  PID:32
- C:\Windows\System\RdZWvOp.exe
  C:\Windows\System\RdZWvOp.exe
  2⤵
  PID:5172
- C:\Windows\System\WEKgafQ.exe
  C:\Windows\System\WEKgafQ.exe
  2⤵
  PID:11108
- C:\Windows\System\fnwmpQt.exe
  C:\Windows\System\fnwmpQt.exe
  2⤵
  PID:9184
- C:\Windows\System\JDCZxoz.exe
  C:\Windows\System\JDCZxoz.exe
  2⤵
  PID:4876
- C:\Windows\System\ZueLwVt.exe
  C:\Windows\System\ZueLwVt.exe
  2⤵
  PID:10612
- C:\Windows\System\qpTmrrx.exe
  C:\Windows\System\qpTmrrx.exe
  2⤵
  PID:4360
- C:\Windows\System\XFCBLep.exe
  C:\Windows\System\XFCBLep.exe
  2⤵
  PID:11052
- C:\Windows\System\DEjwEXO.exe
  C:\Windows\System\DEjwEXO.exe
  2⤵
  PID:4276
- C:\Windows\System\HMfWWUz.exe
  C:\Windows\System\HMfWWUz.exe
  2⤵
  PID:10824
- C:\Windows\System\WyoCyAD.exe
  C:\Windows\System\WyoCyAD.exe
  2⤵
  PID:10672
- C:\Windows\System\HVWVodX.exe
  C:\Windows\System\HVWVodX.exe
  2⤵
  PID:11272
- C:\Windows\System\SUGiawV.exe
  C:\Windows\System\SUGiawV.exe
  2⤵
  PID:11296
- C:\Windows\System\TfDjuof.exe
  C:\Windows\System\TfDjuof.exe
  2⤵
  PID:11352
- C:\Windows\System\KVzYpbV.exe
  C:\Windows\System\KVzYpbV.exe
  2⤵
  PID:11404
- C:\Windows\System\imSBKJS.exe
  C:\Windows\System\imSBKJS.exe
  2⤵
  PID:11444
- C:\Windows\System\bZNRKeO.exe
  C:\Windows\System\bZNRKeO.exe
  2⤵
  PID:11476
- C:\Windows\System\WvdplTD.exe
  C:\Windows\System\WvdplTD.exe
  2⤵
  PID:11500
- C:\Windows\System\fsPzuzk.exe
  C:\Windows\System\fsPzuzk.exe
  2⤵
  PID:11528
- C:\Windows\System\FWuEEYB.exe
  C:\Windows\System\FWuEEYB.exe
  2⤵
  PID:11556
- C:\Windows\System\oFJUfCp.exe
  C:\Windows\System\oFJUfCp.exe
  2⤵
  PID:11576
- C:\Windows\System\VwvnZkY.exe
  C:\Windows\System\VwvnZkY.exe
  2⤵
  PID:11604
- C:\Windows\System\WmetdON.exe
  C:\Windows\System\WmetdON.exe
  2⤵
  PID:11632
- C:\Windows\System\vFzllwX.exe
  C:\Windows\System\vFzllwX.exe
  2⤵
  PID:11668
- C:\Windows\System\TNafcjA.exe
  C:\Windows\System\TNafcjA.exe
  2⤵
  PID:11688
- C:\Windows\System\FESGuOD.exe
  C:\Windows\System\FESGuOD.exe
  2⤵
  PID:11724
- C:\Windows\System\ZQuQJVl.exe
  C:\Windows\System\ZQuQJVl.exe
  2⤵
  PID:11748
- C:\Windows\System\lyghONo.exe
  C:\Windows\System\lyghONo.exe
  2⤵
  PID:11776
- C:\Windows\System\HmOkQle.exe
  C:\Windows\System\HmOkQle.exe
  2⤵
  PID:11800
- C:\Windows\System\CeUSlZJ.exe
  C:\Windows\System\CeUSlZJ.exe
  2⤵
  PID:11828
- C:\Windows\System\FicIvbS.exe
  C:\Windows\System\FicIvbS.exe
  2⤵
  PID:11856
- C:\Windows\System\sHjvLTT.exe
  C:\Windows\System\sHjvLTT.exe
  2⤵
  PID:11884
- C:\Windows\System\maubtKj.exe
  C:\Windows\System\maubtKj.exe
  2⤵
  PID:11912
- C:\Windows\System\evIuttz.exe
  C:\Windows\System\evIuttz.exe
  2⤵
  PID:11940
- C:\Windows\System\muuCEUx.exe
  C:\Windows\System\muuCEUx.exe
  2⤵
  PID:11984
- C:\Windows\System\gbuisBE.exe
  C:\Windows\System\gbuisBE.exe
  2⤵
  PID:12000
- C:\Windows\System\khNekWo.exe
  C:\Windows\System\khNekWo.exe
  2⤵
  PID:12028
- C:\Windows\System\BXqXKLc.exe
  C:\Windows\System\BXqXKLc.exe
  2⤵
  PID:12056
- C:\Windows\System\QhfNaYY.exe
  C:\Windows\System\QhfNaYY.exe
  2⤵
  PID:12084
- C:\Windows\System\FFQAZEi.exe
  C:\Windows\System\FFQAZEi.exe
  2⤵
  PID:12112
- C:\Windows\System\sfGzmap.exe
  C:\Windows\System\sfGzmap.exe
  2⤵
  PID:12140
- C:\Windows\System\kwKlxLo.exe
  C:\Windows\System\kwKlxLo.exe
  2⤵
  PID:12168
- C:\Windows\System\glvNtXT.exe
  C:\Windows\System\glvNtXT.exe
  2⤵
  PID:12212
- C:\Windows\System\pwRWzkk.exe
  C:\Windows\System\pwRWzkk.exe
  2⤵
  PID:12228
- C:\Windows\System\FjCTHDL.exe
  C:\Windows\System\FjCTHDL.exe
  2⤵
  PID:12256
- C:\Windows\System\gHExYbE.exe
  C:\Windows\System\gHExYbE.exe
  2⤵
  PID:12284
- C:\Windows\System\AFQtyLf.exe
  C:\Windows\System\AFQtyLf.exe
  2⤵
  PID:11284
- C:\Windows\System\OLkwAtg.exe
  C:\Windows\System\OLkwAtg.exe
  2⤵
  PID:11364
- C:\Windows\System\PiQLPUw.exe
  C:\Windows\System\PiQLPUw.exe
  2⤵
  PID:10724
- C:\Windows\System\pKxbPUb.exe
  C:\Windows\System\pKxbPUb.exe
  2⤵
  PID:9876
- C:\Windows\System\wIFgTEg.exe
  C:\Windows\System\wIFgTEg.exe
  2⤵
  PID:11484
- C:\Windows\System\nfDqeST.exe
  C:\Windows\System\nfDqeST.exe
  2⤵
  PID:11536
- C:\Windows\System\RoQHijo.exe
  C:\Windows\System\RoQHijo.exe
  2⤵
  PID:3076
- C:\Windows\System\nCOOIGc.exe
  C:\Windows\System\nCOOIGc.exe
  2⤵
  PID:11616
- C:\Windows\System\QIJwnbM.exe
  C:\Windows\System\QIJwnbM.exe
  2⤵
  PID:880
- C:\Windows\System\wDYlxAP.exe
  C:\Windows\System\wDYlxAP.exe
  2⤵
  PID:11736
- C:\Windows\System\hMxSXcO.exe
  C:\Windows\System\hMxSXcO.exe
  2⤵
  PID:5048
- C:\Windows\System\OIVsQwI.exe
  C:\Windows\System\OIVsQwI.exe
  2⤵
  PID:11844
- C:\Windows\System\WRiOroH.exe
  C:\Windows\System\WRiOroH.exe
  2⤵
  PID:11904
- C:\Windows\System\pfrkLXm.exe
  C:\Windows\System\pfrkLXm.exe
  2⤵
  PID:11980
- C:\Windows\System\hxdrvRE.exe
  C:\Windows\System\hxdrvRE.exe
  2⤵
  PID:3960
- C:\Windows\System\aiNBOTP.exe
  C:\Windows\System\aiNBOTP.exe
  2⤵
  PID:1184
- C:\Windows\System\fmYpzxx.exe
  C:\Windows\System\fmYpzxx.exe
  2⤵
  PID:12124
- C:\Windows\System\mRKhSWk.exe
  C:\Windows\System\mRKhSWk.exe
  2⤵
  PID:12188
- C:\Windows\System\UbHmqIB.exe
  C:\Windows\System\UbHmqIB.exe
  2⤵
  PID:12252
- C:\Windows\System\UiRsQJa.exe
  C:\Windows\System\UiRsQJa.exe
  2⤵
  PID:11320
- C:\Windows\System\xKMLPGm.exe
  C:\Windows\System\xKMLPGm.exe
  2⤵
  PID:10756
- C:\Windows\System\JdzqBWV.exe
  C:\Windows\System\JdzqBWV.exe
  2⤵
  PID:11516
- C:\Windows\System\VunuAhM.exe
  C:\Windows\System\VunuAhM.exe
  2⤵
  PID:11600
- C:\Windows\System\xghWUSG.exe
  C:\Windows\System\xghWUSG.exe
  2⤵
  PID:11764
- C:\Windows\System\vFOrkNA.exe
  C:\Windows\System\vFOrkNA.exe
  2⤵
  PID:11880
- C:\Windows\System\URixeNk.exe
  C:\Windows\System\URixeNk.exe
  2⤵
  PID:5068
- C:\Windows\System\eLnFoUy.exe
  C:\Windows\System\eLnFoUy.exe
  2⤵
  PID:12156
- C:\Windows\System\ehNrnQP.exe
  C:\Windows\System\ehNrnQP.exe
  2⤵
  PID:12248
- C:\Windows\System\UBMGasU.exe
  C:\Windows\System\UBMGasU.exe
  2⤵
  PID:11472
- C:\Windows\System\qxqmNhJ.exe
  C:\Windows\System\qxqmNhJ.exe
  2⤵
  PID:4636
- C:\Windows\System\xwazfff.exe
  C:\Windows\System\xwazfff.exe
  2⤵
  PID:11956
- C:\Windows\System\XwCZEUV.exe
  C:\Windows\System\XwCZEUV.exe
  2⤵
  PID:1252
- C:\Windows\System\XqEaWYb.exe
  C:\Windows\System\XqEaWYb.exe
  2⤵
  PID:3588
- C:\Windows\System\uRAVYND.exe
  C:\Windows\System\uRAVYND.exe
  2⤵
  PID:12080
- C:\Windows\System\BryzbrI.exe
  C:\Windows\System\BryzbrI.exe
  2⤵
  PID:9588
- C:\Windows\System\qWJFpgR.exe
  C:\Windows\System\qWJFpgR.exe
  2⤵
  PID:1052
- C:\Windows\System\xkyacpG.exe
  C:\Windows\System\xkyacpG.exe
  2⤵
  PID:12304
- C:\Windows\System\GujzFdd.exe
  C:\Windows\System\GujzFdd.exe
  2⤵
  PID:12332
- C:\Windows\System\FHhfNxn.exe
  C:\Windows\System\FHhfNxn.exe
  2⤵
  PID:12360
- C:\Windows\System\DHLcRPl.exe
  C:\Windows\System\DHLcRPl.exe
  2⤵
  PID:12388
- C:\Windows\System\TUgMyOB.exe
  C:\Windows\System\TUgMyOB.exe
  2⤵
  PID:12416
- C:\Windows\System\ECqbDtf.exe
  C:\Windows\System\ECqbDtf.exe
  2⤵
  PID:12444
- C:\Windows\System\olmFcJi.exe
  C:\Windows\System\olmFcJi.exe
  2⤵
  PID:12476
- C:\Windows\System\WPEDfGp.exe
  C:\Windows\System\WPEDfGp.exe
  2⤵
  PID:12504
- C:\Windows\System\ErFZkwH.exe
  C:\Windows\System\ErFZkwH.exe
  2⤵
  PID:12532
- C:\Windows\System\jXZdoKq.exe
  C:\Windows\System\jXZdoKq.exe
  2⤵
  PID:12560
- C:\Windows\System\uvFXfCZ.exe
  C:\Windows\System\uvFXfCZ.exe
  2⤵
  PID:12588
- C:\Windows\System\auxIBbP.exe
  C:\Windows\System\auxIBbP.exe
  2⤵
  PID:12616
- C:\Windows\System\cuJOdPL.exe
  C:\Windows\System\cuJOdPL.exe
  2⤵
  PID:12644
- C:\Windows\System\WJxDGXv.exe
  C:\Windows\System\WJxDGXv.exe
  2⤵
  PID:12672
- C:\Windows\System\wLKJlAa.exe
  C:\Windows\System\wLKJlAa.exe
  2⤵
  PID:12700
- C:\Windows\System\ZKsbfqV.exe
  C:\Windows\System\ZKsbfqV.exe
  2⤵
  PID:12728
- C:\Windows\System\xKJvrqt.exe
  C:\Windows\System\xKJvrqt.exe
  2⤵
  PID:12756
- C:\Windows\System\SXHTtfv.exe
  C:\Windows\System\SXHTtfv.exe
  2⤵
  PID:12784
- C:\Windows\System\MSRKYqK.exe
  C:\Windows\System\MSRKYqK.exe
  2⤵
  PID:12812
- C:\Windows\System\HVFpZFW.exe
  C:\Windows\System\HVFpZFW.exe
  2⤵
  PID:12840
- C:\Windows\System\seymMkL.exe
  C:\Windows\System\seymMkL.exe
  2⤵
  PID:12868
- C:\Windows\System\IgrOjLc.exe
  C:\Windows\System\IgrOjLc.exe
  2⤵
  PID:12912
- C:\Windows\System\XpwBLjn.exe
  C:\Windows\System\XpwBLjn.exe
  2⤵
  PID:12928
- C:\Windows\System\swWAMQb.exe
  C:\Windows\System\swWAMQb.exe
  2⤵
  PID:12956
- C:\Windows\System\YtjHobV.exe
  C:\Windows\System\YtjHobV.exe
  2⤵
  PID:12984
- C:\Windows\System\TctaUkL.exe
  C:\Windows\System\TctaUkL.exe
  2⤵
  PID:13012
- C:\Windows\System\GSNCyGg.exe
  C:\Windows\System\GSNCyGg.exe
  2⤵
  PID:13040
- C:\Windows\System\RfkAoCU.exe
  C:\Windows\System\RfkAoCU.exe
  2⤵
  PID:13068
- C:\Windows\System\HxHlSvA.exe
  C:\Windows\System\HxHlSvA.exe
  2⤵
  PID:13096
- C:\Windows\System\ZrNXTbm.exe
  C:\Windows\System\ZrNXTbm.exe
  2⤵
  PID:13124
- C:\Windows\System\HgcUkLO.exe
  C:\Windows\System\HgcUkLO.exe
  2⤵
  PID:13152
- C:\Windows\System\RCxLULe.exe
  C:\Windows\System\RCxLULe.exe
  2⤵
  PID:13180
- C:\Windows\System\uTeEYJM.exe
  C:\Windows\System\uTeEYJM.exe
  2⤵
  PID:13208
- C:\Windows\System\ghNHVOy.exe
  C:\Windows\System\ghNHVOy.exe
  2⤵
  PID:13240
- C:\Windows\System\OyDKxAX.exe
  C:\Windows\System\OyDKxAX.exe
  2⤵
  PID:13268
- C:\Windows\System\Udhijil.exe
  C:\Windows\System\Udhijil.exe
  2⤵
  PID:13296
- C:\Windows\System\JvLQMFl.exe
  C:\Windows\System\JvLQMFl.exe
  2⤵
  PID:12320
- C:\Windows\System\mzJZqRe.exe
  C:\Windows\System\mzJZqRe.exe
  2⤵
  PID:12380
- C:\Windows\System\OOhNQZm.exe
  C:\Windows\System\OOhNQZm.exe
  2⤵
  PID:12440
- C:\Windows\System\pSwPzkJ.exe
  C:\Windows\System\pSwPzkJ.exe
  2⤵
  PID:12516
- C:\Windows\System\nRIRINl.exe
  C:\Windows\System\nRIRINl.exe
  2⤵
  PID:12580
- C:\Windows\System\asvLUNo.exe
  C:\Windows\System\asvLUNo.exe
  2⤵
  PID:12640
- C:\Windows\System\FNJPZyB.exe
  C:\Windows\System\FNJPZyB.exe
  2⤵
  PID:12696
- C:\Windows\System\SRqfAwT.exe
  C:\Windows\System\SRqfAwT.exe
  2⤵
  PID:12752
- C:\Windows\System\slDkQts.exe
  C:\Windows\System\slDkQts.exe
  2⤵
  PID:12824
- C:\Windows\System\MMwRnUR.exe
  C:\Windows\System\MMwRnUR.exe
  2⤵
  PID:12864
- C:\Windows\System\cBmQuCU.exe
  C:\Windows\System\cBmQuCU.exe
  2⤵
  PID:12944
- C:\Windows\System\OySUzAd.exe
  C:\Windows\System\OySUzAd.exe
  2⤵
  PID:13004
- C:\Windows\System\wMUtDMv.exe
  C:\Windows\System\wMUtDMv.exe
  2⤵
  PID:13060
- C:\Windows\System\MvFYEwl.exe
  C:\Windows\System\MvFYEwl.exe
  2⤵
  PID:13120
- C:\Windows\System\FtLhwCy.exe
  C:\Windows\System\FtLhwCy.exe
  2⤵
  PID:13220
- C:\Windows\System\HKLCSaU.exe
  C:\Windows\System\HKLCSaU.exe
  2⤵
  PID:13252
- C:\Windows\System\KYFTmDU.exe
  C:\Windows\System\KYFTmDU.exe
  2⤵
  PID:12296
- C:\Windows\System\AMzdTcK.exe
  C:\Windows\System\AMzdTcK.exe
  2⤵
  PID:12436
- C:\Windows\System\vYdUjse.exe
  C:\Windows\System\vYdUjse.exe
  2⤵
  PID:12612
- C:\Windows\System\IBzgMxQ.exe
  C:\Windows\System\IBzgMxQ.exe
  2⤵
  PID:12748
- C:\Windows\System\bSPsouV.exe
  C:\Windows\System\bSPsouV.exe
  2⤵
  PID:12892
- C:\Windows\System\fRlZFfE.exe
  C:\Windows\System\fRlZFfE.exe
  2⤵
  PID:13052
- C:\Windows\System\rSWolnP.exe
  C:\Windows\System\rSWolnP.exe
  2⤵
  PID:13204
- C:\Windows\System\kfXBRiL.exe
  C:\Windows\System\kfXBRiL.exe
  2⤵
  PID:13308
- C:\Windows\System\EmVMtBO.exe
  C:\Windows\System\EmVMtBO.exe
  2⤵
  PID:12684
- C:\Windows\System\FKxIXKy.exe
  C:\Windows\System\FKxIXKy.exe
  2⤵
  PID:13000
- C:\Windows\System\nVJPsIi.exe
  C:\Windows\System\nVJPsIi.exe
  2⤵
  PID:13288
- C:\Windows\System\tIYpXVl.exe
  C:\Windows\System\tIYpXVl.exe
  2⤵
  PID:12976
- C:\Windows\System\IBYrWVj.exe
  C:\Windows\System\IBYrWVj.exe
  2⤵
  PID:12572
- C:\Windows\System\weSZypF.exe
  C:\Windows\System\weSZypF.exe
  2⤵
  PID:13332
- C:\Windows\System\KTYqkVT.exe
  C:\Windows\System\KTYqkVT.exe
  2⤵
  PID:13360
- C:\Windows\System\LKJHssW.exe
  C:\Windows\System\LKJHssW.exe
  2⤵
  PID:13388
- C:\Windows\System\klWgDbj.exe
  C:\Windows\System\klWgDbj.exe
  2⤵
  PID:13416
- C:\Windows\System\zdZdaxt.exe
  C:\Windows\System\zdZdaxt.exe
  2⤵
  PID:13444
- C:\Windows\System\dmElTxU.exe
  C:\Windows\System\dmElTxU.exe
  2⤵
  PID:13472
- C:\Windows\System\SBKklih.exe
  C:\Windows\System\SBKklih.exe
  2⤵
  PID:13500
- C:\Windows\System\jeenpqu.exe
  C:\Windows\System\jeenpqu.exe
  2⤵
  PID:13528
- C:\Windows\System\uxAGltY.exe
  C:\Windows\System\uxAGltY.exe
  2⤵
  PID:13568
- C:\Windows\System\EazVvDF.exe
  C:\Windows\System\EazVvDF.exe
  2⤵
  PID:13584
- C:\Windows\System\GfbDpQl.exe
  C:\Windows\System\GfbDpQl.exe
  2⤵
  PID:13612
- C:\Windows\System\bkqPkoB.exe
  C:\Windows\System\bkqPkoB.exe
  2⤵
  PID:13640
- C:\Windows\System\MOTvDke.exe
  C:\Windows\System\MOTvDke.exe
  2⤵
  PID:13668
- C:\Windows\System\WprxAQi.exe
  C:\Windows\System\WprxAQi.exe
  2⤵
  PID:13696
- C:\Windows\System\nnRbGHl.exe
  C:\Windows\System\nnRbGHl.exe
  2⤵
  PID:13724
- C:\Windows\System\eXqZUMh.exe
  C:\Windows\System\eXqZUMh.exe
  2⤵
  PID:13752
- C:\Windows\System\ivpayYx.exe
  C:\Windows\System\ivpayYx.exe
  2⤵
  PID:13784
- C:\Windows\System\jCyFcOO.exe
  C:\Windows\System\jCyFcOO.exe
  2⤵
  PID:13812
- C:\Windows\System\rjCRTmY.exe
  C:\Windows\System\rjCRTmY.exe
  2⤵
  PID:13840
- C:\Windows\System\UiVqnYR.exe
  C:\Windows\System\UiVqnYR.exe
  2⤵
  PID:13868
- C:\Windows\System\BOWzngp.exe
  C:\Windows\System\BOWzngp.exe
  2⤵
  PID:13896
- C:\Windows\System\wYrdYeZ.exe
  C:\Windows\System\wYrdYeZ.exe
  2⤵
  PID:13924
- C:\Windows\System\crefUxH.exe
  C:\Windows\System\crefUxH.exe
  2⤵
  PID:13952
- C:\Windows\System\OZEQqLK.exe
  C:\Windows\System\OZEQqLK.exe
  2⤵
  PID:13980
- C:\Windows\System\ShHngIm.exe
  C:\Windows\System\ShHngIm.exe
  2⤵
  PID:14008
- C:\Windows\System\qwfcHOX.exe
  C:\Windows\System\qwfcHOX.exe
  2⤵
  PID:14036
- C:\Windows\System\OoSczrw.exe
  C:\Windows\System\OoSczrw.exe
  2⤵
  PID:14064
- C:\Windows\System\WAmJLtP.exe
  C:\Windows\System\WAmJLtP.exe
  2⤵
  PID:14092
- C:\Windows\System\ERSObCi.exe
  C:\Windows\System\ERSObCi.exe
  2⤵
  PID:14124
- C:\Windows\System\EDCTQJM.exe
  C:\Windows\System\EDCTQJM.exe
  2⤵
  PID:14156
- C:\Windows\System\DNMuiGL.exe
  C:\Windows\System\DNMuiGL.exe
  2⤵
  PID:14184
- C:\Windows\System\SiIqHJs.exe
  C:\Windows\System\SiIqHJs.exe
  2⤵
  PID:14212
- C:\Windows\System\vkJhsiw.exe
  C:\Windows\System\vkJhsiw.exe
  2⤵
  PID:14244
- C:\Windows\System\eozkNic.exe
  C:\Windows\System\eozkNic.exe
  2⤵
  PID:14280
- C:\Windows\System\mRHwepm.exe
  C:\Windows\System\mRHwepm.exe
  2⤵
  PID:14308
- C:\Windows\System\UVJnbIY.exe
  C:\Windows\System\UVJnbIY.exe
  2⤵
  PID:13316
- C:\Windows\System\XqeBLKn.exe
  C:\Windows\System\XqeBLKn.exe
  2⤵
  PID:13404
- C:\Windows\System\ZZsOxBm.exe
  C:\Windows\System\ZZsOxBm.exe
  2⤵
  PID:13456
- C:\Windows\System\TEwlgoI.exe
  C:\Windows\System\TEwlgoI.exe
  2⤵
  PID:13520
- C:\Windows\System\hAASFXI.exe
  C:\Windows\System\hAASFXI.exe
  2⤵
  PID:12832
- C:\Windows\System\DKtnZKy.exe
  C:\Windows\System\DKtnZKy.exe
  2⤵
  PID:13660
- C:\Windows\System\xrWcTQo.exe
  C:\Windows\System\xrWcTQo.exe
  2⤵
  PID:13720
- C:\Windows\System\DcWTMgs.exe
  C:\Windows\System\DcWTMgs.exe
  2⤵
  PID:13800
- C:\Windows\System\IezkqSN.exe
  C:\Windows\System\IezkqSN.exe
  2⤵
  PID:13864
- C:\Windows\System\yTXxcPp.exe
  C:\Windows\System\yTXxcPp.exe
  2⤵
  PID:13944
- C:\Windows\System\JPjakgv.exe
  C:\Windows\System\JPjakgv.exe
  2⤵
  PID:14004
- C:\Windows\System\nQmJawG.exe
  C:\Windows\System\nQmJawG.exe
  2⤵
  PID:14056
- C:\Windows\System\VreLmtt.exe
  C:\Windows\System\VreLmtt.exe
  2⤵
  PID:4860
- C:\Windows\System\cKMgDky.exe
  C:\Windows\System\cKMgDky.exe
  2⤵
  PID:14152
- C:\Windows\System\oCYJxkj.exe
  C:\Windows\System\oCYJxkj.exe
  2⤵
  PID:3592
- C:\Windows\System\JVDxHIq.exe
  C:\Windows\System\JVDxHIq.exe
  2⤵
  PID:4400
- C:\Windows\System\JZAHSCi.exe
  C:\Windows\System\JZAHSCi.exe
  2⤵
  PID:14332
- C:\Windows\System\HFERtph.exe
  C:\Windows\System\HFERtph.exe
  2⤵
  PID:13436
- C:\Windows\System\oxtUOuS.exe
  C:\Windows\System\oxtUOuS.exe
  2⤵
  PID:13552
- C:\Windows\System\BvBVbnI.exe
  C:\Windows\System\BvBVbnI.exe
  2⤵
  PID:13716
- C:\Windows\System\kfrvWKD.exe
  C:\Windows\System\kfrvWKD.exe
  2⤵
  PID:13860
- C:\Windows\System\FniFEPH.exe
  C:\Windows\System\FniFEPH.exe
  2⤵
  PID:13996
- C:\Windows\System\hMTcUsN.exe
  C:\Windows\System\hMTcUsN.exe
  2⤵
  PID:14104
- C:\Windows\System\XmaGSnl.exe
  C:\Windows\System\XmaGSnl.exe
  2⤵
  PID:14208
- C:\Windows\System\gMKdNDk.exe
  C:\Windows\System\gMKdNDk.exe
  2⤵
  PID:13772
- C:\Windows\System\zJiWwPL.exe
  C:\Windows\System\zJiWwPL.exe
  2⤵
  PID:13564
- C:\Windows\System\CdDgnDh.exe
  C:\Windows\System\CdDgnDh.exe
  2⤵
  PID:13832
- C:\Windows\System\nYgEuXI.exe
  C:\Windows\System\nYgEuXI.exe
  2⤵
  PID:14084
- C:\Windows\System\cugFeVJ.exe
  C:\Windows\System\cugFeVJ.exe
  2⤵
  PID:14200
- C:\Windows\System\orUbmwW.exe
  C:\Windows\System\orUbmwW.exe
  2⤵
  PID:13516
- C:\Windows\System\FlwswZm.exe
  C:\Windows\System\FlwswZm.exe
  2⤵
  PID:6644
- C:\Windows\System\AqWMSwP.exe
  C:\Windows\System\AqWMSwP.exe
  2⤵
  PID:13936
- C:\Windows\System\jUoimkf.exe
  C:\Windows\System\jUoimkf.exe
  2⤵
  PID:6728
- C:\Windows\System\uPMuqjl.exe
  C:\Windows\System\uPMuqjl.exe
  2⤵
  PID:14356
- C:\Windows\System\YznrZZW.exe
  C:\Windows\System\YznrZZW.exe
  2⤵
  PID:14384
- C:\Windows\System\OCsAIzP.exe
  C:\Windows\System\OCsAIzP.exe
  2⤵
  PID:14412
- C:\Windows\System\vriKVCk.exe
  C:\Windows\System\vriKVCk.exe
  2⤵
  PID:14440
- C:\Windows\System\qoxxpQB.exe
  C:\Windows\System\qoxxpQB.exe
  2⤵
  PID:14468
- C:\Windows\System\RchDton.exe
  C:\Windows\System\RchDton.exe
  2⤵
  PID:14500
- C:\Windows\System\UgEXDIn.exe
  C:\Windows\System\UgEXDIn.exe
  2⤵
  PID:14528
- C:\Windows\System\kcQtkBx.exe
  C:\Windows\System\kcQtkBx.exe
  2⤵
  PID:14556
- C:\Windows\System\dWGGZVC.exe
  C:\Windows\System\dWGGZVC.exe
  2⤵
  PID:14588
- C:\Windows\System\GQDXeKl.exe
  C:\Windows\System\GQDXeKl.exe
  2⤵
  PID:14620
- C:\Windows\System\sHCcqOj.exe
  C:\Windows\System\sHCcqOj.exe
  2⤵
  PID:14652
- C:\Windows\System\PIiwhTp.exe
  C:\Windows\System\PIiwhTp.exe
  2⤵
  PID:14680
- C:\Windows\System\yNiOGTs.exe
  C:\Windows\System\yNiOGTs.exe
  2⤵
  PID:14708
- C:\Windows\System\GUSVGuX.exe
  C:\Windows\System\GUSVGuX.exe
  2⤵
  PID:14744
- C:\Windows\System\JWJGwSa.exe
  C:\Windows\System\JWJGwSa.exe
  2⤵
  PID:14776
- C:\Windows\System\SlxSDKM.exe
  C:\Windows\System\SlxSDKM.exe
  2⤵
  PID:14816
- C:\Windows\System\iqxhnwH.exe
  C:\Windows\System\iqxhnwH.exe
  2⤵
  PID:14836
- C:\Windows\System\iDQCAcP.exe
  C:\Windows\System\iDQCAcP.exe
  2⤵
  PID:14864
- C:\Windows\System\rUatCPm.exe
  C:\Windows\System\rUatCPm.exe
  2⤵
  PID:14892
- C:\Windows\System\BegqPJk.exe
  C:\Windows\System\BegqPJk.exe
  2⤵
  PID:14928
- C:\Windows\System\qKGLGNI.exe
  C:\Windows\System\qKGLGNI.exe
  2⤵
  PID:14956
- C:\Windows\System\JgdSkPQ.exe
  C:\Windows\System\JgdSkPQ.exe
  2⤵
  PID:14988
- C:\Windows\System\dlWDqnt.exe
  C:\Windows\System\dlWDqnt.exe
  2⤵
  PID:15016
- C:\Windows\System\DxSgeXA.exe
  C:\Windows\System\DxSgeXA.exe
  2⤵
  PID:15048
- C:\Windows\System\SqYJIZI.exe
  C:\Windows\System\SqYJIZI.exe
  2⤵
  PID:15076
- C:\Windows\System\yPDLTVT.exe
  C:\Windows\System\yPDLTVT.exe
  2⤵
  PID:15096
- C:\Windows\System\RKkqGDr.exe
  C:\Windows\System\RKkqGDr.exe
  2⤵
  PID:15144
- C:\Windows\System\OpplFYE.exe
  C:\Windows\System\OpplFYE.exe
  2⤵
  PID:15176
- C:\Windows\System\aYrplcL.exe
  C:\Windows\System\aYrplcL.exe
  2⤵
  PID:15208
- C:\Windows\System\BLjTqho.exe
  C:\Windows\System\BLjTqho.exe
  2⤵
  PID:15236
- C:\Windows\System\BXpRkPc.exe
  C:\Windows\System\BXpRkPc.exe
  2⤵
  PID:15288
- C:\Windows\System\pwFUVLX.exe
  C:\Windows\System\pwFUVLX.exe
  2⤵
  PID:15340
- C:\Windows\System\OebJaGA.exe
  C:\Windows\System\OebJaGA.exe
  2⤵
  PID:14380
- C:\Windows\System\HMdElUi.exe
  C:\Windows\System\HMdElUi.exe
  2⤵
  PID:14452
- C:\Windows\System\MYohqFs.exe
  C:\Windows\System\MYohqFs.exe
  2⤵
  PID:14488
- C:\Windows\System\MLknprn.exe
  C:\Windows\System\MLknprn.exe
  2⤵
  PID:1520
- C:\Windows\System\VcJeJMc.exe
  C:\Windows\System\VcJeJMc.exe
  2⤵
  PID:1480
- C:\Windows\System\XfAxFHa.exe
  C:\Windows\System\XfAxFHa.exe
  2⤵
  PID:14616
- C:\Windows\System\rXqsysy.exe
  C:\Windows\System\rXqsysy.exe
  2⤵
  PID:14676
- C:\Windows\System\uhYvsyA.exe
  C:\Windows\System\uhYvsyA.exe
  2⤵
  PID:4572
- C:\Windows\System\OybFZLy.exe
  C:\Windows\System\OybFZLy.exe
  2⤵
  PID:3444
- C:\Windows\System\hWmKuFS.exe
  C:\Windows\System\hWmKuFS.exe
  2⤵
  PID:14796
- C:\Windows\System\DIlkPUo.exe
  C:\Windows\System\DIlkPUo.exe
  2⤵
  PID:14972
- C:\Windows\System\IqLEJIC.exe
  C:\Windows\System\IqLEJIC.exe
  2⤵
  PID:15012
- C:\Windows\System\LGyrcSs.exe
  C:\Windows\System\LGyrcSs.exe
  2⤵
  PID:14224
- C:\Windows\System\DqbglDt.exe
  C:\Windows\System\DqbglDt.exe
  2⤵
  PID:15108
- C:\Windows\System\xGIgroW.exe
  C:\Windows\System\xGIgroW.exe
  2⤵
  PID:15132
- C:\Windows\System\doOkZVi.exe
  C:\Windows\System\doOkZVi.exe
  2⤵
  PID:4420
- C:\Windows\System\mspqWBL.exe
  C:\Windows\System\mspqWBL.exe
  2⤵
  PID:15232
- C:\Windows\System\DZjddDm.exe
  C:\Windows\System\DZjddDm.exe
  2⤵
  PID:15284
- C:\Windows\System\gnTWbiE.exe
  C:\Windows\System\gnTWbiE.exe
  2⤵
  PID:4528
- C:\Windows\System\EEltEJq.exe
  C:\Windows\System\EEltEJq.exe
  2⤵
  PID:15332
- C:\Windows\System\WBTfbUZ.exe
  C:\Windows\System\WBTfbUZ.exe
  2⤵
  PID:14368
- C:\Windows\System\StslttK.exe
  C:\Windows\System\StslttK.exe
  2⤵
  PID:14432
- C:\Windows\System\sSoEqEk.exe
  C:\Windows\System\sSoEqEk.exe
  2⤵
  PID:1552
- C:\Windows\System\KpCniZn.exe
  C:\Windows\System\KpCniZn.exe
  2⤵
  PID:2640
- C:\Windows\System\UShyPPc.exe
  C:\Windows\System\UShyPPc.exe
  2⤵
  PID:14612
- C:\Windows\System\gOvRwGs.exe
  C:\Windows\System\gOvRwGs.exe
  2⤵
  PID:14704
- C:\Windows\System\tilexoO.exe
  C:\Windows\System\tilexoO.exe
  2⤵
  PID:392
- C:\Windows\System\HMxSySI.exe
  C:\Windows\System\HMxSySI.exe
  2⤵
  PID:4936
- C:\Windows\System\TWySOWn.exe
  C:\Windows\System\TWySOWn.exe
  2⤵
  PID:14904
- C:\Windows\System\taPhZua.exe
  C:\Windows\System\taPhZua.exe
  2⤵
  PID:14948
- C:\Windows\System\ZJAyaZV.exe
  C:\Windows\System\ZJAyaZV.exe
  2⤵
  PID:13356
- C:\Windows\System\UfCunAf.exe
  C:\Windows\System\UfCunAf.exe
  2⤵
  PID:2188
- C:\Windows\System\wNYsnhJ.exe
  C:\Windows\System\wNYsnhJ.exe
  2⤵
  PID:3664
- C:\Windows\System\tiNQxJG.exe
  C:\Windows\System\tiNQxJG.exe
  2⤵
  PID:2296
- C:\Windows\System\hVBrnDF.exe
  C:\Windows\System\hVBrnDF.exe
  2⤵
  PID:15228
- C:\Windows\System\wSxRcmK.exe
  C:\Windows\System\wSxRcmK.exe
  2⤵
  PID:2920
- C:\Windows\System\PZHwmHH.exe
  C:\Windows\System\PZHwmHH.exe
  2⤵
  PID:15348
- C:\Windows\System\YQzSrrV.exe
  C:\Windows\System\YQzSrrV.exe
  2⤵
  PID:14424
- C:\Windows\System\VWaLESW.exe
  C:\Windows\System\VWaLESW.exe
  2⤵
  PID:512
- C:\Windows\System\SifrIXi.exe
  C:\Windows\System\SifrIXi.exe
  2⤵
  PID:14604
- C:\Windows\System\IAZXmrw.exe
  C:\Windows\System\IAZXmrw.exe
  2⤵
  PID:7132
- C:\Windows\System\jmyIBap.exe
  C:\Windows\System\jmyIBap.exe
  2⤵
  PID:14824
- C:\Windows\System\NzHeFgM.exe
  C:\Windows\System\NzHeFgM.exe
  2⤵
  PID:14912
- C:\Windows\System\whdPKge.exe
  C:\Windows\System\whdPKge.exe
  2⤵
  PID:15092
- C:\Windows\System\xMxWxjd.exe
  C:\Windows\System\xMxWxjd.exe
  2⤵
  PID:3668
- C:\Windows\System\FSkOYYw.exe
  C:\Windows\System\FSkOYYw.exe
  2⤵
  PID:2604
- C:\Windows\System\IYannXI.exe
  C:\Windows\System\IYannXI.exe
  2⤵
  PID:4824
- C:\Windows\System\PVUiYEN.exe
  C:\Windows\System\PVUiYEN.exe
  2⤵
  PID:15356
- C:\Windows\System\ibLqMss.exe
  C:\Windows\System\ibLqMss.exe
  2⤵
  PID:14752
- C:\Windows\System\wnQdwLM.exe
  C:\Windows\System\wnQdwLM.exe
  2⤵
  PID:1092
- C:\Windows\System\zxJuQzS.exe
  C:\Windows\System\zxJuQzS.exe
  2⤵
  PID:1824
- C:\Windows\System\SNYNBPu.exe
  C:\Windows\System\SNYNBPu.exe
  2⤵
  PID:14696
- C:\Windows\System\hvykWMT.exe
  C:\Windows\System\hvykWMT.exe
  2⤵
  PID:14716
- C:\Windows\System\pfkeEPl.exe
  C:\Windows\System\pfkeEPl.exe
  2⤵
  PID:932
- C:\Windows\System\CRtTldC.exe
  C:\Windows\System\CRtTldC.exe
  2⤵
  PID:4520
- C:\Windows\System\bQcydTw.exe
  C:\Windows\System\bQcydTw.exe
  2⤵
  PID:3992
- C:\Windows\System\moPAlzi.exe
  C:\Windows\System\moPAlzi.exe
  2⤵
  PID:15320
- C:\Windows\System\FwFFkmp.exe
  C:\Windows\System\FwFFkmp.exe
  2⤵
  PID:15124
- C:\Windows\System\HbBPOBd.exe
  C:\Windows\System\HbBPOBd.exe
  2⤵
  PID:15152
- C:\Windows\System\hZKZNGO.exe
  C:\Windows\System\hZKZNGO.exe
  2⤵
  PID:14596
- C:\Windows\System\HPFQrXF.exe
  C:\Windows\System\HPFQrXF.exe
  2⤵
  PID:6000
- C:\Windows\System\GcWxqzq.exe
  C:\Windows\System\GcWxqzq.exe
  2⤵
  PID:5168
- C:\Windows\System\yLoeBdw.exe
  C:\Windows\System\yLoeBdw.exe
  2⤵
  PID:15204
- C:\Windows\System\IvndxTO.exe
  C:\Windows\System\IvndxTO.exe
  2⤵
  PID:6216
- C:\Windows\System\exXiEmB.exe
  C:\Windows\System\exXiEmB.exe
  2⤵
  PID:6480
- C:\Windows\System\DJTJRZa.exe
  C:\Windows\System\DJTJRZa.exe
  2⤵
  PID:5348
- C:\Windows\System\VobwWIP.exe
  C:\Windows\System\VobwWIP.exe
  2⤵
  PID:3384
- C:\Windows\System\PlJVZaz.exe
  C:\Windows\System\PlJVZaz.exe
  2⤵
  PID:6064
- C:\Windows\System\wkJCXey.exe
  C:\Windows\System\wkJCXey.exe
  2⤵
  PID:5292
- C:\Windows\System\FHLOWfP.exe
  C:\Windows\System\FHLOWfP.exe
  2⤵
  PID:5460
- C:\Windows\System\BkwxFcO.exe
  C:\Windows\System\BkwxFcO.exe
  2⤵
  PID:5828
- C:\Windows\System\uJNezyR.exe
  C:\Windows\System\uJNezyR.exe
  2⤵
  PID:5524
- C:\Windows\System\Yewtxjb.exe
  C:\Windows\System\Yewtxjb.exe
  2⤵
  PID:5360
- C:\Windows\System\eacRQRf.exe
  C:\Windows\System\eacRQRf.exe
  2⤵
  PID:4680
- C:\Windows\System\KeqZjSG.exe
  C:\Windows\System\KeqZjSG.exe
  2⤵
  PID:5556
- C:\Windows\System\NCwxuja.exe
  C:\Windows\System\NCwxuja.exe
  2⤵
  PID:7648
- C:\Windows\System\rcJyvOI.exe
  C:\Windows\System\rcJyvOI.exe
  2⤵
  PID:5528
- C:\Windows\System\tANfPgC.exe
  C:\Windows\System\tANfPgC.exe
  2⤵
  PID:7780
- C:\Windows\System\XCWdnpH.exe
  C:\Windows\System\XCWdnpH.exe
  2⤵
  PID:5356
- C:\Windows\System\VceRVdW.exe
  C:\Windows\System\VceRVdW.exe
  2⤵
  PID:7360
- C:\Windows\System\yJgwlnH.exe
  C:\Windows\System\yJgwlnH.exe
  2⤵
  PID:7424
- C:\Windows\System\yQTznjN.exe
  C:\Windows\System\yQTznjN.exe
  2⤵
  PID:232
- C:\Windows\System\XUqKTce.exe
  C:\Windows\System\XUqKTce.exe
  2⤵
  PID:5712
- C:\Windows\System\HYlkZnw.exe
  C:\Windows\System\HYlkZnw.exe
  2⤵
  PID:5740
- C:\Windows\System\JptoOxg.exe
  C:\Windows\System\JptoOxg.exe
  2⤵
  PID:6884
- C:\Windows\System\GMzVcYP.exe
  C:\Windows\System\GMzVcYP.exe
  2⤵
  PID:5584
- C:\Windows\System\BTixWuG.exe
  C:\Windows\System\BTixWuG.exe
  2⤵
  PID:5448
- C:\Windows\System\EzEesoC.exe
  C:\Windows\System\EzEesoC.exe
  2⤵
  PID:7892
- C:\Windows\System\TmcNGBp.exe
  C:\Windows\System\TmcNGBp.exe
  2⤵
  PID:5636
- C:\Windows\System\AjCbvXk.exe
  C:\Windows\System\AjCbvXk.exe
  2⤵
  PID:3168
- C:\Windows\System\PlacxeA.exe
  C:\Windows\System\PlacxeA.exe
  2⤵
  PID:6220
- C:\Windows\System\VFKJumX.exe
  C:\Windows\System\VFKJumX.exe
  2⤵
  PID:15036
- C:\Windows\System\vgiaIse.exe
  C:\Windows\System\vgiaIse.exe
  2⤵
  PID:7252
- C:\Windows\System\ZgKgTWR.exe
  C:\Windows\System\ZgKgTWR.exe
  2⤵
  PID:5944
- C:\Windows\System\KGeKLgX.exe
  C:\Windows\System\KGeKLgX.exe
  2⤵
  PID:6704
- C:\Windows\System\RRdJRIV.exe
  C:\Windows\System\RRdJRIV.exe
  2⤵
  PID:7668
- C:\Windows\System\WAHTxao.exe
  C:\Windows\System\WAHTxao.exe
  2⤵
  PID:5796
- C:\Windows\System\gIrBFZR.exe
  C:\Windows\System\gIrBFZR.exe
  2⤵
  PID:2592
- C:\Windows\System\DliXbEW.exe
  C:\Windows\System\DliXbEW.exe
  2⤵
  PID:5628
- C:\Windows\System\zeiBuZb.exe
  C:\Windows\System\zeiBuZb.exe
  2⤵
  PID:3624
- C:\Windows\System\trHSNhG.exe
  C:\Windows\System\trHSNhG.exe
  2⤵
  PID:2264
- C:\Windows\System\WQeGUzf.exe
  C:\Windows\System\WQeGUzf.exe
  2⤵
  PID:5136
- C:\Windows\System\qyvpXuR.exe
  C:\Windows\System\qyvpXuR.exe
  2⤵
  PID:5964
- C:\Windows\System\QNNkTlI.exe
  C:\Windows\System\QNNkTlI.exe
  2⤵
  PID:4388
- C:\Windows\System\JHSeUCh.exe
  C:\Windows\System\JHSeUCh.exe
  2⤵
  PID:2268
- C:\Windows\System\lNNmGVV.exe
  C:\Windows\System\lNNmGVV.exe
  2⤵
  PID:6048
- C:\Windows\System\DfnWzRZ.exe
  C:\Windows\System\DfnWzRZ.exe
  2⤵
  PID:6084
- C:\Windows\System\WjfcNWy.exe
  C:\Windows\System\WjfcNWy.exe
  2⤵
  PID:6280
- C:\Windows\System\FFEcfOM.exe
  C:\Windows\System\FFEcfOM.exe
  2⤵
  PID:7184
- C:\Windows\System\DoKglly.exe
  C:\Windows\System\DoKglly.exe
  2⤵
  PID:4980
- C:\Windows\System\MfaqImU.exe
  C:\Windows\System\MfaqImU.exe
  2⤵
  PID:2904
- C:\Windows\System\tFgYwjL.exe
  C:\Windows\System\tFgYwjL.exe
  2⤵
  PID:2420
- C:\Windows\System\oMFbfcP.exe
  C:\Windows\System\oMFbfcP.exe
  2⤵
  PID:6916
- C:\Windows\System\gBWmoZf.exe
  C:\Windows\System\gBWmoZf.exe
  2⤵
  PID:6660
- C:\Windows\System\PhJQrXh.exe
  C:\Windows\System\PhJQrXh.exe
  2⤵
  PID:2020
- C:\Windows\System\mXClbag.exe
  C:\Windows\System\mXClbag.exe
  2⤵
  PID:1672
- C:\Windows\System\QenFfTJ.exe
  C:\Windows\System\QenFfTJ.exe
  2⤵
  PID:6252
- C:\Windows\System\QOscEZK.exe
  C:\Windows\System\QOscEZK.exe
  2⤵
  PID:7968
- C:\Windows\System\zbYnWaM.exe
  C:\Windows\System\zbYnWaM.exe
  2⤵
  PID:3980
- C:\Windows\System\ZUOOsqo.exe
  C:\Windows\System\ZUOOsqo.exe
  2⤵
  PID:2616
- C:\Windows\System\zWXlpsL.exe
  C:\Windows\System\zWXlpsL.exe
  2⤵
  PID:5888
- C:\Windows\System\OleEcyi.exe
  C:\Windows\System\OleEcyi.exe
  2⤵
  PID:2428
- C:\Windows\System\wMaVJTw.exe
  C:\Windows\System\wMaVJTw.exe
  2⤵
  PID:6700
- C:\Windows\System\twySZXF.exe
  C:\Windows\System\twySZXF.exe
  2⤵
  PID:6740
- C:\Windows\System\PEbMGpQ.exe
  C:\Windows\System\PEbMGpQ.exe
  2⤵
  PID:6448
- C:\Windows\System\ZUzXecD.exe
  C:\Windows\System\ZUzXecD.exe
  2⤵
  PID:2300
- C:\Windows\System\NnOyYnx.exe
  C:\Windows\System\NnOyYnx.exe
  2⤵
  PID:8508
- C:\Windows\System\XKBYGvb.exe
  C:\Windows\System\XKBYGvb.exe
  2⤵
  PID:3972
- C:\Windows\System\isjgAou.exe
  C:\Windows\System\isjgAou.exe
  2⤵
  PID:3024
- C:\Windows\System\TqXnYdy.exe
  C:\Windows\System\TqXnYdy.exe
  2⤵
  PID:6556
- C:\Windows\System\smpwgKr.exe
  C:\Windows\System\smpwgKr.exe
  2⤵
  PID:1376
- C:\Windows\System\fIWTLsz.exe
  C:\Windows\System\fIWTLsz.exe
  2⤵
  PID:6336
- C:\Windows\System\pSRYFhB.exe
  C:\Windows\System\pSRYFhB.exe
  2⤵
  PID:7996
- C:\Windows\System\rSTfCax.exe
  C:\Windows\System\rSTfCax.exe
  2⤵
  PID:8244
- C:\Windows\System\iaiESQH.exe
  C:\Windows\System\iaiESQH.exe
  2⤵
  PID:8736
- C:\Windows\System\fMrIvns.exe
  C:\Windows\System\fMrIvns.exe
  2⤵
  PID:8272
- C:\Windows\System\LoUgEOM.exe
  C:\Windows\System\LoUgEOM.exe
  2⤵
  PID:6148
- C:\Windows\System\vAGhbmX.exe
  C:\Windows\System\vAGhbmX.exe
  2⤵
  PID:1168
- C:\Windows\System\OAIXvxI.exe
  C:\Windows\System\OAIXvxI.exe
  2⤵
  PID:7048
- C:\Windows\System\wmtxzOj.exe
  C:\Windows\System\wmtxzOj.exe
  2⤵
  PID:6752
- C:\Windows\System\iGDYZtM.exe
  C:\Windows\System\iGDYZtM.exe
  2⤵
  PID:8356
- C:\Windows\System\ivuvAmt.exe
  C:\Windows\System\ivuvAmt.exe
  2⤵
  PID:8988
- C:\Windows\System\oEWtstG.exe
  C:\Windows\System\oEWtstG.exe
  2⤵
  PID:3892
- C:\Windows\System\FNfoNIe.exe
  C:\Windows\System\FNfoNIe.exe
  2⤵
  PID:9044
- C:\Windows\System\jGXlDZf.exe
  C:\Windows\System\jGXlDZf.exe
  2⤵
  PID:9160
- C:\Windows\System\jPxPgDR.exe
  C:\Windows\System\jPxPgDR.exe
  2⤵
  PID:8260
- C:\Windows\System\rYpWaJO.exe
  C:\Windows\System\rYpWaJO.exe
  2⤵
  PID:7188
- C:\Windows\System\FhlyPtf.exe
  C:\Windows\System\FhlyPtf.exe
  2⤵
  PID:8388
- C:\Windows\System\XNBGhJP.exe
  C:\Windows\System\XNBGhJP.exe
  2⤵
  PID:2896
- C:\Windows\System\AxFvJTA.exe
  C:\Windows\System\AxFvJTA.exe
  2⤵
  PID:7504
- C:\Windows\System\wcAMvJN.exe
  C:\Windows\System\wcAMvJN.exe
  2⤵
  PID:8252
- C:\Windows\System\fusnYCr.exe
  C:\Windows\System\fusnYCr.exe
  2⤵
  PID:8804
- C:\Windows\System\uzxuxHB.exe
  C:\Windows\System\uzxuxHB.exe
  2⤵
  PID:6088
- C:\Windows\System\KQsXHon.exe
  C:\Windows\System\KQsXHon.exe
  2⤵
  PID:8964
- C:\Windows\System\YKatrLF.exe
  C:\Windows\System\YKatrLF.exe
  2⤵
  PID:7052
- C:\Windows\System\cubPnDb.exe
  C:\Windows\System\cubPnDb.exe
  2⤵
  PID:6784
- C:\Windows\System\VVfeJAl.exe
  C:\Windows\System\VVfeJAl.exe
  2⤵
  PID:8692
- C:\Windows\System\nMPzXhh.exe
  C:\Windows\System\nMPzXhh.exe
  2⤵
  PID:7672
- C:\Windows\System\dfdtACP.exe
  C:\Windows\System\dfdtACP.exe
  2⤵
  PID:7308
- C:\Windows\System\WhRNlTw.exe
  C:\Windows\System\WhRNlTw.exe
  2⤵
  PID:8336
- C:\Windows\System\Vdnvvug.exe
  C:\Windows\System\Vdnvvug.exe
  2⤵
  PID:7748
- C:\Windows\System\plkUpDN.exe
  C:\Windows\System\plkUpDN.exe
  2⤵
  PID:7768
- C:\Windows\System\FRGKcdG.exe
  C:\Windows\System\FRGKcdG.exe
  2⤵
  PID:9252
- C:\Windows\System\ZcyHoca.exe
  C:\Windows\System\ZcyHoca.exe
  2⤵
  PID:9280
- C:\Windows\System\XrhsHSh.exe
  C:\Windows\System\XrhsHSh.exe
  2⤵
  PID:5560
- C:\Windows\System\XeSFhgQ.exe
  C:\Windows\System\XeSFhgQ.exe
  2⤵
  PID:7824
- C:\Windows\System\bsMsrqd.exe
  C:\Windows\System\bsMsrqd.exe
  2⤵
  PID:6968
- C:\Windows\System\AtalJle.exe
  C:\Windows\System\AtalJle.exe
  2⤵
  PID:7444
- C:\Windows\System\zfxJnLr.exe
  C:\Windows\System\zfxJnLr.exe
  2⤵
  PID:7496
- C:\Windows\System\OiQXBEt.exe
  C:\Windows\System\OiQXBEt.exe
  2⤵
  PID:7008
- C:\Windows\System\yYrZwxp.exe
  C:\Windows\System\yYrZwxp.exe
  2⤵
  PID:9504
- C:\Windows\System\cXUTnoY.exe
  C:\Windows\System\cXUTnoY.exe
  2⤵
  PID:7944
- C:\Windows\System\kEqnHkL.exe
  C:\Windows\System\kEqnHkL.exe
  2⤵
  PID:7972
- C:\Windows\System\shhxcvM.exe
  C:\Windows\System\shhxcvM.exe
  2⤵
  PID:8448
- C:\Windows\System\xajvsOW.exe
  C:\Windows\System\xajvsOW.exe
  2⤵
  PID:7992
- C:\Windows\System\upwFtCP.exe
  C:\Windows\System\upwFtCP.exe
  2⤵
  PID:7248
- C:\Windows\System\USEIAAO.exe
  C:\Windows\System\USEIAAO.exe
  2⤵
  PID:6504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CYRruDl.exe

Filesize
6.0MB

MD5
5c73296c88d6c0e38f1422f32e731faf

SHA1
6a9994530c21df66270a01dabb426979e264b292

SHA256
55f4e81caaf70f22e05d52b3a083ba7e4bb5a408d717dbdd46b780991dea907f

SHA512
83759fba4869c1fba9997f249b94e56bef42159edfd1375d169f949d1df11571425de74be03631d565b17037242dc2426947bb096f9e153ddac772593984b24f

Download Submit
C:\Windows\System\EGrFROa.exe

Filesize
6.0MB

MD5
fcadc51eb2fba06dc2cb8df13424e923

SHA1
98fa2ee0b0a7d23a72bea9863e81244bcea6f317

SHA256
7c12f840a33de272b4ebcbd773908f5c39c003703b5ecac3e0fcbe58911d60d6

SHA512
217a84ca06f0c9826420d90891c732f92c28c0be69a5d8cfde400029887e92ac30f0f69cd0c1d7c95189b829273793e7b3a95ebdf98c30fb7593bd6ed3c773e2

Download Submit
C:\Windows\System\FokZcGy.exe

Filesize
6.0MB

MD5
5b75824b640ef4d3d22a6bc8c68c8136

SHA1
4153dc8ca7f429984e03b8255f45c69682a453d1

SHA256
9792e5a23a40f0039fb042cc44a541915663966bfb5a031e4682198af7485bd3

SHA512
2539f53d07fb8d1e9ec31b0320e34ccca8dd14de8174ef68a547bcf7bf46d32f22b357ff8a7547d35d192086f003e254e16038445cccae44a56a9d1946d12162

Download Submit
C:\Windows\System\ISRaPga.exe

Filesize
6.0MB

MD5
490315bd11787e0ab3c04c7d019a1e38

SHA1
4b238d75876ef31bc0c77ef9f3a1f536cbd8259f

SHA256
1767e7f87e7075a75551ee8397171d30a35d7249b885a0094f3abb3d99393e5c

SHA512
726ad1368d64fb057f38e3503cfb40bddb5f94b6998354ee073a14429d31496104aed62545642a29a742da91113859847fd95ab50428b2c8bb33db62909bcdae

Download Submit
C:\Windows\System\KBWMpRB.exe

Filesize
6.0MB

MD5
faf72f7699c9cbcd5d8d718c06d4503c

SHA1
cc42ff08819c17ef4f45e5f2eee6aea777db4ddd

SHA256
734d30e942ebf59b8ac2b4e76c9465e2067d4f1709bf519f6223c8add93c6b6c

SHA512
e581149eafcb0416f2cdddfc008d1ca8a366b8123be9bb6236e1e0732871d2ea7545c53a84c9f2d27b1e1ba942dd6ba4a0c87968ffd88bf70f7f6b1dcdba515c

Download Submit
C:\Windows\System\LJHELQG.exe

Filesize
6.0MB

MD5
e9b80cffda5861dd080ea16d52ae429b

SHA1
9581a7334ec6954ca7d56df9d84e8d024b1e2ade

SHA256
6f51479f36fd32abf61e3c1dfde00559caab59a84445950fd50152201b0f72ad

SHA512
0a0f4276a3285a965f352894d4eb3ed9579e1209b6e91589df602c8df9abbcd8b361e90c97c5d942590096f3b3730ce2393c7321a8770314400268d71343d021

Download Submit
C:\Windows\System\MFHGlCO.exe

Filesize
6.0MB

MD5
3cfd2736d594c0e09834657660e0fce2

SHA1
86c526fef8e96d2e2dcff1960ebf10ecf382aa57

SHA256
dbfad65a2a4d7679a42a11f205f4a9dd432fc0ba28596f6153862226aaecf973

SHA512
ccfbdb5101a2489f9059319f66d6403bac3ccc508545dbcb3518ace6222c3f995ca7ac3b2066d394e0bdf78461f4386a24878cd95b143128875785b6a9d0cd0c

Download Submit
C:\Windows\System\NOHjejA.exe

Filesize
6.0MB

MD5
ab331fa6686ea952ca08947f8401512d

SHA1
be242717f26436800d764f8e033ba5382e5aee45

SHA256
066bef3670a681014ab3f9cd1577349838bc8e4036e1c2901fcd93c13b218da5

SHA512
400516f26ff98bd8b7736a92fbf08368d45b2a9c72d47f03bf469844db30e841f073c62d2e7d3743d4c7396cdd7076f9da59e56101dd28c341db5cd240621053

Download Submit
C:\Windows\System\SjcCwUi.exe

Filesize
6.0MB

MD5
c2db1a46e3e5e1949e20e1a59e13692a

SHA1
37f439c270fd65a8d1845889af379be49a9d65a3

SHA256
d994d2e074ef5ad555ec69cb8aae0781adb193329f7dc984c76acaa9d96c27ef

SHA512
6b9b7783f04b07b729c9d8d2f2f3bee4acca5886f3900a909ce0930ce49dd1c0acc942bd164081141b83b36a3c09e878223f04597661682db1a1a3998c6d733b

Download Submit
C:\Windows\System\TLAmgYC.exe

Filesize
6.0MB

MD5
113c5776750e12abf366063a3a604688

SHA1
efc997d77806a47938c17bf38edecbecad77f513

SHA256
4cdba36d8c4ca60d58c19c9add9b87f591735fc7e41607c2be41c54591e778ad

SHA512
fca1d7bccf6bff75d4532e5640b560d3e6c6755f69bc4c9a7443ec07acb0fb52426e4f1089abc2d4295e4e6635005a370de005d5f9b8d611eb7c79bf5a4d8bc0

Download Submit
C:\Windows\System\UArcFJo.exe

Filesize
6.0MB

MD5
30cc0663ba3dda593436b7e34c090649

SHA1
075fc7a50a72194b5239353205b91aefca784052

SHA256
dfe8ce5f0a5c807f9632886dd6c1e8603fdc5225f1403354d766a206804bb0ba

SHA512
d9b270b2d5b1685e386cb965b5d5169af6bbbb82f5500828b32a82d7adb25df0fc6f0ede93d95021653fb929b938314ceacb4a5fa5bc30b4cb2820d32d6b4479

Download Submit
C:\Windows\System\YqQPqyF.exe

Filesize
6.0MB

MD5
4bd2cddbb52b5cd06fd767cf92031fc8

SHA1
404ffd841da16d99f003fa6b5cfdc252c3048315

SHA256
93e61944b6487a297548be30dfb0c0c54fbeb8a85efc14645a4b83b91fc9e62c

SHA512
8f11f77c336f29b41c43234346edc75f5d38db982345a9d0d0d6789bc9fadde589210996291bbbb6c2889c89c30fd78b2b6604aeafb713259a444f8c32cf0c2d

Download Submit
C:\Windows\System\ZTPuJhc.exe

Filesize
6.0MB

MD5
6ce8baaea384bd5d923d755f10fa187f

SHA1
1b25b8773ad71a5029bce995bb6a4e8920abe73a

SHA256
86575bfd158d5f49a22ca1e74ee6707f1ffc83d7d168e26706311f850f36154e

SHA512
5114f4ed2f565ce0e84bcadcdf102fe2d5ed6f2b44d833d4ac86b282a5fc456e066a4c265e9f8e76b72aa79a4144f064d1008122f9b06ff9833db505c8e51599

Download Submit
C:\Windows\System\aNBAnWy.exe

Filesize
6.0MB

MD5
e8f0d915ba7e8a20a2a00cfd4a9b94db

SHA1
4d00e8d740dfb7e4e6242812d58d70a0e989ecfa

SHA256
3618407eacd5a476d1e8779576dec37a84bc483d35b2e22431c410618f280c25

SHA512
95c46ff16fea45e1293c03cbf9e3296f0af78ea9a543cb59b79b69488a62f6d44c0d6f49adb635685de1aef5a3ffb09d7b2a43c321630480b750bbb46d55ea1b

Download Submit
C:\Windows\System\cbCLVCA.exe

Filesize
6.0MB

MD5
814484d0eedb0a08cfaae362aa4c01a4

SHA1
e7af0b611f512cdd231015834446553f98c7d14f

SHA256
127c3849539d2c13cbeac62d879964fb57f967781527717aa46ff667edac223f

SHA512
6c333209a32b278957f8225b495241d65b7d0d8be93dbddff0230a0ed9dd0f456041172ffa39fdf2845c47bf6cad4f6e2387a74516ce9363144d9a2768f0b25f

Download Submit
C:\Windows\System\ctjcXKS.exe

Filesize
6.0MB

MD5
b135c25e81e7d79708b839e2d9ed91e8

SHA1
155a7a02879bf807374bfc0f78bd58ed78d7ad5e

SHA256
6097acafc003490aabf12e11f6b29f47d02018cec5ef37702bef6b23aa99b8a0

SHA512
ca804b910d317c6c9f0ca2ab62e7d5ec5b6fc335a4041a806fa8a7dd251e90ebb09729bcbe53f5f5e82703a4fee9655c91e6f5891225fea50d0bc715066d187c

Download Submit
C:\Windows\System\eiKCcwE.exe

Filesize
6.0MB

MD5
18ea69b856345ca1c9f33631477c9325

SHA1
b9e9a780d0031d461683e9bcf417e55480798e11

SHA256
9ae3a1e4947296b91fc1aad2c850db410c93c7305abc56b6b86d92f165328110

SHA512
afb5468a3457190593118914f5bd998f86403f83349531674a02bea74b2d0dfe6d65205f13487f70393ce156f2692324a3cf07cb2e64ed83c33990787a8b496f

Download Submit
C:\Windows\System\fBeSVMG.exe

Filesize
6.0MB

MD5
5e0cc8f2591ec7d2e7754bf8b6d7c7be

SHA1
4c9515f818a496f30a6ef63e510133b871b8d411

SHA256
a3fa76fdbe5191f9836bf5d17fa55da738f4ecd5ec2b0611d723c181a997e147

SHA512
4d799d584b01ec74cda6c1ea4a4026fdecb25cfb94065d89f11e57eefeb40091d4879fab9a51a4cd6c372db98d0dfd7fb1fca3bedd4c2a21b6ef3a2bf8c9be1e

Download Submit
C:\Windows\System\fLAkJPa.exe

Filesize
6.0MB

MD5
8a2dc1de016000608dfd372b5bc29d6c

SHA1
a3bf57c0a42c91df9c3c0fc91076a09a90b5a8c5

SHA256
9dfe715d35848b4dc7e33a28ade8306a9b97d9c126f71a08e70353db502e85e0

SHA512
f13e499b2a7a1d46122b528599eadfd9db50a53f14a097cb21b76849ddc3a2d80d248cc6c2848d320c80899a234c3b3dbc2070d3507f266ca9377e558dfbc1f8

Download Submit
C:\Windows\System\fbmqogF.exe

Filesize
6.0MB

MD5
e43c8432a9831a879af92e0037479461

SHA1
15f5a9e095fc6cdc71a4f54361a7547b28327177

SHA256
2e428bed19e8530c1b68ca2ca567d9fbc2d92100618cef00e4e91219cd696d84

SHA512
89a11893ccccef2fedf12ec7a8fd7f19d27208819ce808837e15d456ee9be3fb9d39240ef383d6aac4aaaf1b6e94ee6c5c1f26f36d95cc7d45f960b4a454afd6

Download Submit
C:\Windows\System\gTeKUfb.exe

Filesize
6.0MB

MD5
05a6a8e3c260827f5ff6ce39acb52210

SHA1
30ae9caeb79d3f4db9422b8a87921d4080498758

SHA256
363ed22a65673ef70b29f99fcf310d47fd5e6f6c559b3dd3c3437e41aabb18ea

SHA512
267d058922b42ca4112c51fb35c1520a96613fb440c36feff09be22873ada6950f3e84fcdf151a7db74258f84999f02073cba7439d1f068400792f8e0c4b810a

Download Submit
C:\Windows\System\hjgoRIz.exe

Filesize
6.0MB

MD5
ddd008f09ec032a0cbf88898b248978b

SHA1
45731284b6c1aa86dee198d2f6a0970206cf3491

SHA256
2d14bd3f4437b75854e85502b71210a64e1646ecb4bcd556d2462cd2a2fa5a10

SHA512
29a913b0a8e1facbdcf16df261f4b3f520997e622a4f0c308dc5de291afe77beb3399261ec501d4bafb37cc2e3f860ef372e67fe7b19dbcb4fe34386ab42ee0d

Download Submit
C:\Windows\System\iOqBdxz.exe

Filesize
6.0MB

MD5
3df00d2b77b2b78ddb858af4680820b9

SHA1
211ded3ea4f49814e2152d6dbcea37c07063af6f

SHA256
780f71a5c435c0f39c7adcd2703a16e5bb662955f29ccac920fc1bef87052c13

SHA512
ea3c29e1ff2ea13889e82f6b3bee57231a716dc012459fe259dd884347f1f8aec191245786bdc6539dd5cc22b5873ce80e814e4d3a6c6a4be3d64a7cdc38c474

Download Submit
C:\Windows\System\jVnAIPd.exe

Filesize
6.0MB

MD5
ea8717d02253a2a44679e72617fd1b75

SHA1
49d55f1f59dd30e75c9f7c7b3997fe7773e55e9b

SHA256
b7d2df0ed624424cd3b2565ecb320ae23eb35903f8b55fd005fd9a82121243fb

SHA512
f503495955eed1bff26068bc523570e08bdf510aa305143c625d82dbb719362abc4fbf7aa86a086d8d149a55507943e1fb25411f103ca3634d397d4c9c2ac9cb

Download Submit
C:\Windows\System\jcAPgLW.exe

Filesize
6.0MB

MD5
ec686efa4dd01871c982b5e855c0f8af

SHA1
914d8d5acc42dbfe17eb6157f47118c82314bc9e

SHA256
e9e530f09bb272e9de7f00410dfee1565ff0fe8ce728c0a0b303fdb72567bd6c

SHA512
a7feaba4aa427f4f50b46c2d3ae0f670c3a17ad0e9dc67a753c43dd1a801eacd933bc15d4ff9433239e64e190e3b9f3bec115ea4c6a0746a41ed2c8ac8c0cff8

Download Submit
C:\Windows\System\mFfWiMk.exe

Filesize
6.0MB

MD5
533801cfb7317e88cc789b415a850293

SHA1
92a5f3af3f1c5a87f67a223a0a1033341fd00204

SHA256
a06f5cc8f7b78d7798147089d4b07048a5d323eb00c9428ef563a1c1bc7d00d3

SHA512
c46a9adb9d929184f1fa01aeec7175bdf72e48f4ccc3d596347a2be0b5baf33b06eafdd07c2d0b2dc617013c725b66a6d20203fa82cd56e426e56751187ae470

Download Submit
C:\Windows\System\nnQtNON.exe

Filesize
6.0MB

MD5
677fb94a1bb94f7da115cdf08010cd73

SHA1
e2bf397f02642d07f7da8b92f44105629840ebd3

SHA256
b95a3170e7d6d407d7c9a96b5529db535b342cb58e360badcf586c2f7463befe

SHA512
1104327a83fe0294e340f46026a83950c5bc12bc13f3369c8ef0a1f146611bd51dc6d6cc5a49f351bf3507c5189db9269467a9350d730235a24e7e060c29ce0a

Download Submit
C:\Windows\System\qjTPCcY.exe

Filesize
6.0MB

MD5
dba99a62dd1ce37ba332bb463676c345

SHA1
c519fdfb3ec6635e9ebcaf38038921149921e0e6

SHA256
bef4c564a9af50528b6e5e1d5b106bcb525cf974d90efd7a6b401c8956719d9a

SHA512
d0c0d24182187a9886479204bca64b0aa45fc41991aaa64f53a5aef4967cded0a8a077f815361b6cff8b0420226f229b029d15eb53cce0e7a487baf5566124f7

Download Submit
C:\Windows\System\uWKUfnc.exe

Filesize
6.0MB

MD5
787fa0c07bf7c567ef841f9591d25b57

SHA1
a3c0d45c571b0eaf0461e17e8bb1076d475f127f

SHA256
53de120e7ab64255bfb20e3e5304e1455cd50d928a000bce7fb6e47b638d3b23

SHA512
1232a4ac3b90b9e04bec85f2acea0c958429695c58ca54785599433e362f033e36ebaf0ba5865bc46bc187d2d5262a74f1ea01b6acd86585dfa92c24a768cf81

Download Submit
C:\Windows\System\wFWWCYf.exe

Filesize
6.0MB

MD5
f69ed010c006dff30f7a562cd1413176

SHA1
d04eeaa29b0d5e19217c9902a87058e994e96d29

SHA256
e12e6a58ee91e73fe48d2ee2ae34025c7e3bdf8bd11d307593bb157acbf92138

SHA512
b1a34b5755767a81c54de7dfbbc22fab9a769e7b1e92982ef0d3ae4b6d04436a304c06db21fa582aec9b5df17d9c7ef871b231085a2846df52977586caf2e75b

Download Submit
C:\Windows\System\wLSGxMU.exe

Filesize
6.0MB

MD5
501ad00d8a776623c633c8b3db954f45

SHA1
cb96c1b2498b654a377f87e9348a196172c20984

SHA256
dc0a048e020052926a9fdec55db04b4b4350f5a23f6c9a01fb61550f6014418a

SHA512
c48c2f253ef559e4f84dbe38ac175b748354d4219fd05c39243d6a95cf6292f6f076a7cc7bf91b80fea1467d94cd4a822367b5be53ced76bf7b366a14ea6a3aa

Download Submit
C:\Windows\System\wQGyTFC.exe

Filesize
6.0MB

MD5
47b555af8bd637ad6f1136bdb0fd5f39

SHA1
eab32268435f1ee023722440a262075511a96d1d

SHA256
6b7f29214c727fceb48b06b45765559dcab35c36a84e9a3f2113546086453476

SHA512
fbb17b97a7d5ff1290e551c4d641acb011afc3d615de2a6015c4c8f4621e16fddaffcac85537cb3ecef32faf75ed29c8a5a166aa96be87ac8bc1a2473e316ad9

Download Submit
C:\Windows\System\zhNltaL.exe

Filesize
6.0MB

MD5
e3ab09dbb2f941f3f0d0f6e091f3847e

SHA1
0407a692584eba691dd7d307a2f67c007f45a2bb

SHA256
1792f77c20a9e5091c23332b541c79da4acd6e93e74308f2e7ae30252598fa13

SHA512
fa9c123ba77f610815367115faac7a4df1d060d8457ff2d4b58e32b7ecb8fbad9b803f79ea7a1aa2afb8320c670fd8600b376d3d3b5a2673b16bc10072d3e3f8

Download Submit
memory/212-2046-0x00007FF7316D0000-0x00007FF731A24000-memory.dmp

Filesize
3.3MB

Download
memory/212-342-0x00007FF7316D0000-0x00007FF731A24000-memory.dmp

Filesize
3.3MB

Download
memory/212-48-0x00007FF7316D0000-0x00007FF731A24000-memory.dmp

Filesize
3.3MB

Download
memory/404-340-0x00007FF614C60000-0x00007FF614FB4000-memory.dmp

Filesize
3.3MB

Download
memory/404-2240-0x00007FF614C60000-0x00007FF614FB4000-memory.dmp

Filesize
3.3MB

Download
memory/608-2217-0x00007FF664A40000-0x00007FF664D94000-memory.dmp

Filesize
3.3MB

Download
memory/608-336-0x00007FF664A40000-0x00007FF664D94000-memory.dmp

Filesize
3.3MB

Download
memory/628-99-0x00007FF75ADD0000-0x00007FF75B124000-memory.dmp

Filesize
3.3MB

Download
memory/628-2167-0x00007FF75ADD0000-0x00007FF75B124000-memory.dmp

Filesize
3.3MB

Download
memory/776-2153-0x00007FF7FBC50000-0x00007FF7FBFA4000-memory.dmp

Filesize
3.3MB

Download
memory/776-98-0x00007FF7FBC50000-0x00007FF7FBFA4000-memory.dmp

Filesize
3.3MB

Download
memory/976-2013-0x00007FF731B50000-0x00007FF731EA4000-memory.dmp

Filesize
3.3MB

Download
memory/976-94-0x00007FF731B50000-0x00007FF731EA4000-memory.dmp

Filesize
3.3MB

Download
memory/976-24-0x00007FF731B50000-0x00007FF731EA4000-memory.dmp

Filesize
3.3MB

Download
memory/1028-1-0x00000172127D0000-0x00000172127E0000-memory.dmp

Filesize
64KB

Download
memory/1028-57-0x00007FF64FD50000-0x00007FF6500A4000-memory.dmp

Filesize
3.3MB

Download
memory/1028-0-0x00007FF64FD50000-0x00007FF6500A4000-memory.dmp

Filesize
3.3MB

Download
memory/1100-2024-0x00007FF675C80000-0x00007FF675FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1100-109-0x00007FF675C80000-0x00007FF675FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1100-39-0x00007FF675C80000-0x00007FF675FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1144-2219-0x00007FF6AFE50000-0x00007FF6B01A4000-memory.dmp

Filesize
3.3MB

Download
memory/1144-337-0x00007FF6AFE50000-0x00007FF6B01A4000-memory.dmp

Filesize
3.3MB

Download
memory/1464-2171-0x00007FF6C9900000-0x00007FF6C9C54000-memory.dmp

Filesize
3.3MB

Download
memory/1464-108-0x00007FF6C9900000-0x00007FF6C9C54000-memory.dmp

Filesize
3.3MB

Download
memory/1664-1999-0x00007FF7A8A00000-0x00007FF7A8D54000-memory.dmp

Filesize
3.3MB

Download
memory/1664-14-0x00007FF7A8A00000-0x00007FF7A8D54000-memory.dmp

Filesize
3.3MB

Download
memory/1664-68-0x00007FF7A8A00000-0x00007FF7A8D54000-memory.dmp

Filesize
3.3MB

Download
memory/1704-2205-0x00007FF745D00000-0x00007FF746054000-memory.dmp

Filesize
3.3MB

Download
memory/1704-333-0x00007FF745D00000-0x00007FF746054000-memory.dmp

Filesize
3.3MB

Download
memory/1856-335-0x00007FF64BB00000-0x00007FF64BE54000-memory.dmp

Filesize
3.3MB

Download
memory/1856-2215-0x00007FF64BB00000-0x00007FF64BE54000-memory.dmp

Filesize
3.3MB

Download
memory/1956-332-0x00007FF667040000-0x00007FF667394000-memory.dmp

Filesize
3.3MB

Download
memory/1956-2196-0x00007FF667040000-0x00007FF667394000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2051-0x00007FF7D2F70000-0x00007FF7D32C4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-699-0x00007FF7D2F70000-0x00007FF7D32C4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-56-0x00007FF7D2F70000-0x00007FF7D32C4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-875-0x00007FF74D4E0000-0x00007FF74D834000-memory.dmp

Filesize
3.3MB

Download
memory/2748-2149-0x00007FF74D4E0000-0x00007FF74D834000-memory.dmp

Filesize
3.3MB

Download
memory/2748-80-0x00007FF74D4E0000-0x00007FF74D834000-memory.dmp

Filesize
3.3MB

Download
memory/3016-63-0x00007FF7F2F10000-0x00007FF7F3264000-memory.dmp

Filesize
3.3MB

Download
memory/3016-1995-0x00007FF7F2F10000-0x00007FF7F3264000-memory.dmp

Filesize
3.3MB

Download
memory/3016-8-0x00007FF7F2F10000-0x00007FF7F3264000-memory.dmp

Filesize
3.3MB

Download
memory/3180-113-0x00007FF723D10000-0x00007FF724064000-memory.dmp

Filesize
3.3MB

Download
memory/3180-2175-0x00007FF723D10000-0x00007FF724064000-memory.dmp

Filesize
3.3MB

Download
memory/3532-341-0x00007FF773B20000-0x00007FF773E74000-memory.dmp

Filesize
3.3MB

Download
memory/3532-2246-0x00007FF773B20000-0x00007FF773E74000-memory.dmp

Filesize
3.3MB

Download
memory/3888-2189-0x00007FF779D10000-0x00007FF77A064000-memory.dmp

Filesize
3.3MB

Download
memory/3888-343-0x00007FF779D10000-0x00007FF77A064000-memory.dmp

Filesize
3.3MB

Download
memory/4072-2210-0x00007FF669E10000-0x00007FF66A164000-memory.dmp

Filesize
3.3MB

Download
memory/4072-334-0x00007FF669E10000-0x00007FF66A164000-memory.dmp

Filesize
3.3MB

Download
memory/4076-2123-0x00007FF65CA60000-0x00007FF65CDB4000-memory.dmp

Filesize
3.3MB

Download
memory/4076-64-0x00007FF65CA60000-0x00007FF65CDB4000-memory.dmp

Filesize
3.3MB

Download
memory/4108-75-0x00007FF61E9A0000-0x00007FF61ECF4000-memory.dmp

Filesize
3.3MB

Download
memory/4108-2008-0x00007FF61E9A0000-0x00007FF61ECF4000-memory.dmp

Filesize
3.3MB

Download
memory/4108-18-0x00007FF61E9A0000-0x00007FF61ECF4000-memory.dmp

Filesize
3.3MB

Download
memory/4284-1042-0x00007FF635690000-0x00007FF6359E4000-memory.dmp

Filesize
3.3MB

Download
memory/4284-2192-0x00007FF635690000-0x00007FF6359E4000-memory.dmp

Filesize
3.3MB

Download
memory/4284-116-0x00007FF635690000-0x00007FF6359E4000-memory.dmp

Filesize
3.3MB

Download
memory/4408-339-0x00007FF628D30000-0x00007FF629084000-memory.dmp

Filesize
3.3MB

Download
memory/4492-2014-0x00007FF76BB20000-0x00007FF76BE74000-memory.dmp

Filesize
3.3MB

Download
memory/4492-32-0x00007FF76BB20000-0x00007FF76BE74000-memory.dmp

Filesize
3.3MB

Download
memory/4540-2226-0x00007FF697E80000-0x00007FF6981D4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-338-0x00007FF697E80000-0x00007FF6981D4000-memory.dmp

Filesize
3.3MB

Download
memory/4596-103-0x00007FF67FAC0000-0x00007FF67FE14000-memory.dmp

Filesize
3.3MB

Download
memory/4596-2158-0x00007FF67FAC0000-0x00007FF67FE14000-memory.dmp

Filesize
3.3MB

Download
memory/4720-813-0x00007FF7A25A0000-0x00007FF7A28F4000-memory.dmp

Filesize
3.3MB

Download
memory/4720-69-0x00007FF7A25A0000-0x00007FF7A28F4000-memory.dmp

Filesize
3.3MB

Download
memory/4720-2142-0x00007FF7A25A0000-0x00007FF7A28F4000-memory.dmp

Filesize
3.3MB

Download
memory/5036-42-0x00007FF744F30000-0x00007FF745284000-memory.dmp

Filesize
3.3MB

Download
memory/5036-112-0x00007FF744F30000-0x00007FF745284000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2036-0x00007FF744F30000-0x00007FF745284000-memory.dmp

Filesize
3.3MB

Download