cobaltstrike | e82ac8e7f61e60f70692843dffffaeab2c7092e397f13c1cb42809d21c39f75b

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

163ed134cd884449a5e9a79d7a05a326
SHA1

a20b31b544e62746fe6567c8439fbbde6b89e6e6
SHA256

e82ac8e7f61e60f70692843dffffaeab2c7092e397f13c1cb42809d21c39f75b
SHA512

29fdbf37fbc12846f311a24ad7d6716210004b88edc45eafc601a4c422af18a911ad7055c064f449bce835594298011a60a399bce3849e3905284ad1672e664d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUD:T+q56utgpPF8u/7D

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023c9a-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9e-16.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c9f-22.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca2-26.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca0-27.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca3-34.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c9b-40.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-44.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca7-55.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caa-66.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cab-85.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb2-111.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb4-118.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-133.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb5-148.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbe-181.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbc-179.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbd-175.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbb-173.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cba-165.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb9-163.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb8-161.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb7-157.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb6-151.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-139.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-135.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-131.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-129.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cad-127.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca9-98.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cac-90.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca8-69.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca5-53.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4816-0-0x00007FF7E3D30000-0x00007FF7E4084000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c9a-5.dat	xmrig
behavioral2/memory/4800-6-0x00007FF6ABA90000-0x00007FF6ABDE4000-memory.dmp	xmrig
behavioral2/memory/2204-14-0x00007FF63EB10000-0x00007FF63EE64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9e-16.dat	xmrig
behavioral2/files/0x0008000000023c9f-22.dat	xmrig
behavioral2/files/0x0007000000023ca2-26.dat	xmrig
behavioral2/files/0x0007000000023ca0-27.dat	xmrig
behavioral2/memory/4828-32-0x00007FF6EFA70000-0x00007FF6EFDC4000-memory.dmp	xmrig
behavioral2/memory/4488-29-0x00007FF625810000-0x00007FF625B64000-memory.dmp	xmrig
behavioral2/memory/3604-18-0x00007FF7D9BA0000-0x00007FF7D9EF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca3-34.dat	xmrig
behavioral2/memory/4540-37-0x00007FF6F0380000-0x00007FF6F06D4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c9b-40.dat	xmrig
behavioral2/files/0x0007000000023ca4-44.dat	xmrig
behavioral2/files/0x0007000000023ca7-55.dat	xmrig
behavioral2/files/0x0007000000023caa-66.dat	xmrig
behavioral2/memory/2108-65-0x00007FF71B800000-0x00007FF71BB54000-memory.dmp	xmrig
behavioral2/memory/4640-79-0x00007FF667CD0000-0x00007FF668024000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cab-85.dat	xmrig
behavioral2/memory/4300-89-0x00007FF682BC0000-0x00007FF682F14000-memory.dmp	xmrig
behavioral2/memory/4968-104-0x00007FF657310000-0x00007FF657664000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb2-111.dat	xmrig
behavioral2/files/0x0007000000023cb4-118.dat	xmrig
behavioral2/files/0x0007000000023cb0-133.dat	xmrig
behavioral2/files/0x0007000000023cb5-148.dat	xmrig
behavioral2/files/0x0007000000023cbe-181.dat	xmrig
behavioral2/memory/4180-286-0x00007FF687C10000-0x00007FF687F64000-memory.dmp	xmrig
behavioral2/memory/4816-304-0x00007FF7E3D30000-0x00007FF7E4084000-memory.dmp	xmrig
behavioral2/memory/2556-333-0x00007FF7EB170000-0x00007FF7EB4C4000-memory.dmp	xmrig
behavioral2/memory/4800-659-0x00007FF6ABA90000-0x00007FF6ABDE4000-memory.dmp	xmrig
behavioral2/memory/4476-321-0x00007FF63BC80000-0x00007FF63BFD4000-memory.dmp	xmrig
behavioral2/memory/2240-320-0x00007FF6CB650000-0x00007FF6CB9A4000-memory.dmp	xmrig
behavioral2/memory/3444-314-0x00007FF63D090000-0x00007FF63D3E4000-memory.dmp	xmrig
behavioral2/memory/2204-666-0x00007FF63EB10000-0x00007FF63EE64000-memory.dmp	xmrig
behavioral2/memory/4420-287-0x00007FF7BA3A0000-0x00007FF7BA6F4000-memory.dmp	xmrig
behavioral2/memory/3348-280-0x00007FF600A30000-0x00007FF600D84000-memory.dmp	xmrig
behavioral2/memory/3172-277-0x00007FF69ABD0000-0x00007FF69AF24000-memory.dmp	xmrig
behavioral2/memory/3740-273-0x00007FF7A8020000-0x00007FF7A8374000-memory.dmp	xmrig
behavioral2/memory/4644-272-0x00007FF66F910000-0x00007FF66FC64000-memory.dmp	xmrig
behavioral2/memory/1976-269-0x00007FF6874F0000-0x00007FF687844000-memory.dmp	xmrig
behavioral2/memory/3336-268-0x00007FF61E220000-0x00007FF61E574000-memory.dmp	xmrig
behavioral2/memory/4488-720-0x00007FF625810000-0x00007FF625B64000-memory.dmp	xmrig
behavioral2/memory/3604-719-0x00007FF7D9BA0000-0x00007FF7D9EF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbc-179.dat	xmrig
behavioral2/files/0x0007000000023cbd-175.dat	xmrig
behavioral2/files/0x0007000000023cbb-173.dat	xmrig
behavioral2/files/0x0007000000023cba-165.dat	xmrig
behavioral2/files/0x0007000000023cb9-163.dat	xmrig
behavioral2/files/0x0007000000023cb8-161.dat	xmrig
behavioral2/files/0x0007000000023cb7-157.dat	xmrig
behavioral2/files/0x0007000000023cb6-151.dat	xmrig
behavioral2/files/0x0007000000023cb3-139.dat	xmrig
behavioral2/files/0x0007000000023cb1-135.dat	xmrig
behavioral2/files/0x0007000000023caf-131.dat	xmrig
behavioral2/files/0x0007000000023cae-129.dat	xmrig
behavioral2/files/0x0007000000023cad-127.dat	xmrig
behavioral2/memory/644-116-0x00007FF7FD150000-0x00007FF7FD4A4000-memory.dmp	xmrig
behavioral2/memory/1224-109-0x00007FF6B6300000-0x00007FF6B6654000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca9-98.dat	xmrig
behavioral2/files/0x0007000000023cac-90.dat	xmrig
behavioral2/memory/4812-82-0x00007FF64C690000-0x00007FF64C9E4000-memory.dmp	xmrig
behavioral2/memory/3436-81-0x00007FF730B50000-0x00007FF730EA4000-memory.dmp	xmrig
behavioral2/memory/3096-76-0x00007FF73F820000-0x00007FF73FB74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4800	zxkvbFi.exe
2204	KdfjnDQ.exe
3604	dFPZIQE.exe
4488	TbZTPuh.exe
4828	LpZlHVE.exe
4540	PIKggOf.exe
4116	RRvzgYx.exe
4640	usohENG.exe
2108	SwieAdW.exe
4436	RusgkPT.exe
3096	MRaQxim.exe
3436	LKycCSO.exe
4812	dslPKSy.exe
3444	ccLxjkQ.exe
4300	ugapfVE.exe
2240	utRSvpd.exe
4968	GFpLtID.exe
1224	vZALOHn.exe
644	iOmmRZG.exe
4476	bbFBuYz.exe
3336	zTFJGre.exe
2556	QWjFTmM.exe
1976	PRtszht.exe
4644	tknHNYo.exe
3740	aTvoeTN.exe
3172	mMDkyCp.exe
3348	CZQGPtj.exe
4180	YEqOXjc.exe
4420	PHIZkae.exe
2064	PxybEjf.exe
4520	EXzWzkg.exe
4868	iXDWpey.exe
2776	KvMYVDy.exe
3648	mJfvxyY.exe
936	kKVBZoi.exe
3044	SPefzZO.exe
632	tUPqTtq.exe
1608	Udqikst.exe
1972	ICSOItA.exe
5048	GgDtRjZ.exe
2120	aTWvLHj.exe
1280	CViUePg.exe
4060	EvSixUS.exe
1596	VBsdTNO.exe
996	iIcemXC.exe
3916	XseOZqt.exe
2872	NnfGjjn.exe
4636	IuQbQSP.exe
3028	FYVWjmx.exe
1604	isKVVlP.exe
2792	uQShTJt.exe
4348	KgWnMzA.exe
4268	ilmXraa.exe
4560	sXIsfIX.exe
3452	NGOFaWJ.exe
4164	eSkiaJf.exe
2012	zUUcOWI.exe
1108	gFjxcsK.exe
4008	rVXdoTX.exe
2496	sYBUtEX.exe
3416	ygLlUSH.exe
1556	tyWxGdE.exe
1020	zSfYnmY.exe
5036	KHOcAZO.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4816-0-0x00007FF7E3D30000-0x00007FF7E4084000-memory.dmp	upx
behavioral2/files/0x0008000000023c9a-5.dat	upx
behavioral2/memory/4800-6-0x00007FF6ABA90000-0x00007FF6ABDE4000-memory.dmp	upx
behavioral2/memory/2204-14-0x00007FF63EB10000-0x00007FF63EE64000-memory.dmp	upx
behavioral2/files/0x0007000000023c9e-16.dat	upx
behavioral2/files/0x0008000000023c9f-22.dat	upx
behavioral2/files/0x0007000000023ca2-26.dat	upx
behavioral2/files/0x0007000000023ca0-27.dat	upx
behavioral2/memory/4828-32-0x00007FF6EFA70000-0x00007FF6EFDC4000-memory.dmp	upx
behavioral2/memory/4488-29-0x00007FF625810000-0x00007FF625B64000-memory.dmp	upx
behavioral2/memory/3604-18-0x00007FF7D9BA0000-0x00007FF7D9EF4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca3-34.dat	upx
behavioral2/memory/4540-37-0x00007FF6F0380000-0x00007FF6F06D4000-memory.dmp	upx
behavioral2/files/0x0008000000023c9b-40.dat	upx
behavioral2/files/0x0007000000023ca4-44.dat	upx
behavioral2/files/0x0007000000023ca7-55.dat	upx
behavioral2/files/0x0007000000023caa-66.dat	upx
behavioral2/memory/2108-65-0x00007FF71B800000-0x00007FF71BB54000-memory.dmp	upx
behavioral2/memory/4640-79-0x00007FF667CD0000-0x00007FF668024000-memory.dmp	upx
behavioral2/files/0x0007000000023cab-85.dat	upx
behavioral2/memory/4300-89-0x00007FF682BC0000-0x00007FF682F14000-memory.dmp	upx
behavioral2/memory/4968-104-0x00007FF657310000-0x00007FF657664000-memory.dmp	upx
behavioral2/files/0x0007000000023cb2-111.dat	upx
behavioral2/files/0x0007000000023cb4-118.dat	upx
behavioral2/files/0x0007000000023cb0-133.dat	upx
behavioral2/files/0x0007000000023cb5-148.dat	upx
behavioral2/files/0x0007000000023cbe-181.dat	upx
behavioral2/memory/4180-286-0x00007FF687C10000-0x00007FF687F64000-memory.dmp	upx
behavioral2/memory/4816-304-0x00007FF7E3D30000-0x00007FF7E4084000-memory.dmp	upx
behavioral2/memory/2556-333-0x00007FF7EB170000-0x00007FF7EB4C4000-memory.dmp	upx
behavioral2/memory/4800-659-0x00007FF6ABA90000-0x00007FF6ABDE4000-memory.dmp	upx
behavioral2/memory/4476-321-0x00007FF63BC80000-0x00007FF63BFD4000-memory.dmp	upx
behavioral2/memory/2240-320-0x00007FF6CB650000-0x00007FF6CB9A4000-memory.dmp	upx
behavioral2/memory/3444-314-0x00007FF63D090000-0x00007FF63D3E4000-memory.dmp	upx
behavioral2/memory/2204-666-0x00007FF63EB10000-0x00007FF63EE64000-memory.dmp	upx
behavioral2/memory/4420-287-0x00007FF7BA3A0000-0x00007FF7BA6F4000-memory.dmp	upx
behavioral2/memory/3348-280-0x00007FF600A30000-0x00007FF600D84000-memory.dmp	upx
behavioral2/memory/3172-277-0x00007FF69ABD0000-0x00007FF69AF24000-memory.dmp	upx
behavioral2/memory/3740-273-0x00007FF7A8020000-0x00007FF7A8374000-memory.dmp	upx
behavioral2/memory/4644-272-0x00007FF66F910000-0x00007FF66FC64000-memory.dmp	upx
behavioral2/memory/1976-269-0x00007FF6874F0000-0x00007FF687844000-memory.dmp	upx
behavioral2/memory/3336-268-0x00007FF61E220000-0x00007FF61E574000-memory.dmp	upx
behavioral2/memory/4488-720-0x00007FF625810000-0x00007FF625B64000-memory.dmp	upx
behavioral2/memory/3604-719-0x00007FF7D9BA0000-0x00007FF7D9EF4000-memory.dmp	upx
behavioral2/files/0x0007000000023cbc-179.dat	upx
behavioral2/files/0x0007000000023cbd-175.dat	upx
behavioral2/files/0x0007000000023cbb-173.dat	upx
behavioral2/files/0x0007000000023cba-165.dat	upx
behavioral2/files/0x0007000000023cb9-163.dat	upx
behavioral2/files/0x0007000000023cb8-161.dat	upx
behavioral2/files/0x0007000000023cb7-157.dat	upx
behavioral2/files/0x0007000000023cb6-151.dat	upx
behavioral2/files/0x0007000000023cb3-139.dat	upx
behavioral2/files/0x0007000000023cb1-135.dat	upx
behavioral2/files/0x0007000000023caf-131.dat	upx
behavioral2/files/0x0007000000023cae-129.dat	upx
behavioral2/files/0x0007000000023cad-127.dat	upx
behavioral2/memory/644-116-0x00007FF7FD150000-0x00007FF7FD4A4000-memory.dmp	upx
behavioral2/memory/1224-109-0x00007FF6B6300000-0x00007FF6B6654000-memory.dmp	upx
behavioral2/files/0x0007000000023ca9-98.dat	upx
behavioral2/files/0x0007000000023cac-90.dat	upx
behavioral2/memory/4812-82-0x00007FF64C690000-0x00007FF64C9E4000-memory.dmp	upx
behavioral2/memory/3436-81-0x00007FF730B50000-0x00007FF730EA4000-memory.dmp	upx
behavioral2/memory/3096-76-0x00007FF73F820000-0x00007FF73FB74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DPdwSIW.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hkHitQw.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDKOBLD.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZrqhsgF.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JZORVAE.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmVIkiF.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\czBgCoR.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etJbRqU.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bsmqfHB.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xeJxZle.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYFfmgg.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWTDoBu.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhMWBib.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fxxObTn.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZgCxyxR.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XObcYZg.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FlSpNQo.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HyGYwHR.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CViUePg.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\figeaIh.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CDcyKjW.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSxsgyK.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hvvOCva.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUXoIZZ.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bagSNHq.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMRjdZw.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqEdMUx.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pECAHxS.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aHIOKKf.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxMeViL.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdfjnDQ.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHJMvHc.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RGdkeKe.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDNLosK.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBenlEw.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qcWkzZl.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJfzDKe.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vwtkqkv.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXlfkig.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbrXHxn.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhQZYJk.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVTFhpl.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\imQKQrm.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gaMLRyC.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\umvqoAQ.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EiknkjU.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\edtiWOl.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKwnCyb.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WzTGQma.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nbAuZfV.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVhvamq.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilmXraa.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LlMhXyo.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TQiropj.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PafOWdf.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnJwqcL.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\unmmrjp.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwFeQyy.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aESuowU.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JWHlqSV.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TiieWRs.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPsDbOd.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITcollt.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEmuQVU.exe	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 4800	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4816 wrote to memory of 4800	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4816 wrote to memory of 2204	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4816 wrote to memory of 2204	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4816 wrote to memory of 3604	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4816 wrote to memory of 3604	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4816 wrote to memory of 4488	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4816 wrote to memory of 4488	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4816 wrote to memory of 4828	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4816 wrote to memory of 4828	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4816 wrote to memory of 4540	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4816 wrote to memory of 4540	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4816 wrote to memory of 4116	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4816 wrote to memory of 4116	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4816 wrote to memory of 4640	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4816 wrote to memory of 4640	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4816 wrote to memory of 2108	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4816 wrote to memory of 2108	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4816 wrote to memory of 4436	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4816 wrote to memory of 4436	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4816 wrote to memory of 3096	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4816 wrote to memory of 3096	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4816 wrote to memory of 4812	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4816 wrote to memory of 4812	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4816 wrote to memory of 3436	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4816 wrote to memory of 3436	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4816 wrote to memory of 3444	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4816 wrote to memory of 3444	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4816 wrote to memory of 4300	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4816 wrote to memory of 4300	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4816 wrote to memory of 2240	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4816 wrote to memory of 2240	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4816 wrote to memory of 4968	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4816 wrote to memory of 4968	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4816 wrote to memory of 1224	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4816 wrote to memory of 1224	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4816 wrote to memory of 644	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4816 wrote to memory of 644	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4816 wrote to memory of 4476	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4816 wrote to memory of 4476	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4816 wrote to memory of 3336	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4816 wrote to memory of 3336	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4816 wrote to memory of 2556	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4816 wrote to memory of 2556	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4816 wrote to memory of 1976	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4816 wrote to memory of 1976	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4816 wrote to memory of 4644	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4816 wrote to memory of 4644	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4816 wrote to memory of 3740	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4816 wrote to memory of 3740	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4816 wrote to memory of 3172	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4816 wrote to memory of 3172	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4816 wrote to memory of 3348	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4816 wrote to memory of 3348	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4816 wrote to memory of 4180	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4816 wrote to memory of 4180	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4816 wrote to memory of 4420	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4816 wrote to memory of 4420	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4816 wrote to memory of 2064	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4816 wrote to memory of 2064	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4816 wrote to memory of 4520	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4816 wrote to memory of 4520	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4816 wrote to memory of 4868	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4816 wrote to memory of 4868	4816	2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_163ed134cd884449a5e9a79d7a05a326_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Windows\System\zxkvbFi.exe
  C:\Windows\System\zxkvbFi.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\KdfjnDQ.exe
  C:\Windows\System\KdfjnDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\dFPZIQE.exe
  C:\Windows\System\dFPZIQE.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\TbZTPuh.exe
  C:\Windows\System\TbZTPuh.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\LpZlHVE.exe
  C:\Windows\System\LpZlHVE.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\PIKggOf.exe
  C:\Windows\System\PIKggOf.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\RRvzgYx.exe
  C:\Windows\System\RRvzgYx.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\usohENG.exe
  C:\Windows\System\usohENG.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\SwieAdW.exe
  C:\Windows\System\SwieAdW.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\RusgkPT.exe
  C:\Windows\System\RusgkPT.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\MRaQxim.exe
  C:\Windows\System\MRaQxim.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\dslPKSy.exe
  C:\Windows\System\dslPKSy.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\LKycCSO.exe
  C:\Windows\System\LKycCSO.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\ccLxjkQ.exe
  C:\Windows\System\ccLxjkQ.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\ugapfVE.exe
  C:\Windows\System\ugapfVE.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\utRSvpd.exe
  C:\Windows\System\utRSvpd.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\GFpLtID.exe
  C:\Windows\System\GFpLtID.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\vZALOHn.exe
  C:\Windows\System\vZALOHn.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\iOmmRZG.exe
  C:\Windows\System\iOmmRZG.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\bbFBuYz.exe
  C:\Windows\System\bbFBuYz.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\zTFJGre.exe
  C:\Windows\System\zTFJGre.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\QWjFTmM.exe
  C:\Windows\System\QWjFTmM.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\PRtszht.exe
  C:\Windows\System\PRtszht.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\tknHNYo.exe
  C:\Windows\System\tknHNYo.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\aTvoeTN.exe
  C:\Windows\System\aTvoeTN.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\mMDkyCp.exe
  C:\Windows\System\mMDkyCp.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\CZQGPtj.exe
  C:\Windows\System\CZQGPtj.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\YEqOXjc.exe
  C:\Windows\System\YEqOXjc.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\PHIZkae.exe
  C:\Windows\System\PHIZkae.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\PxybEjf.exe
  C:\Windows\System\PxybEjf.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\EXzWzkg.exe
  C:\Windows\System\EXzWzkg.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\iXDWpey.exe
  C:\Windows\System\iXDWpey.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\KvMYVDy.exe
  C:\Windows\System\KvMYVDy.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\mJfvxyY.exe
  C:\Windows\System\mJfvxyY.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\kKVBZoi.exe
  C:\Windows\System\kKVBZoi.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\SPefzZO.exe
  C:\Windows\System\SPefzZO.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\tUPqTtq.exe
  C:\Windows\System\tUPqTtq.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\Udqikst.exe
  C:\Windows\System\Udqikst.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\ICSOItA.exe
  C:\Windows\System\ICSOItA.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\GgDtRjZ.exe
  C:\Windows\System\GgDtRjZ.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\aTWvLHj.exe
  C:\Windows\System\aTWvLHj.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\CViUePg.exe
  C:\Windows\System\CViUePg.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\EvSixUS.exe
  C:\Windows\System\EvSixUS.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\VBsdTNO.exe
  C:\Windows\System\VBsdTNO.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\iIcemXC.exe
  C:\Windows\System\iIcemXC.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\XseOZqt.exe
  C:\Windows\System\XseOZqt.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\NnfGjjn.exe
  C:\Windows\System\NnfGjjn.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\IuQbQSP.exe
  C:\Windows\System\IuQbQSP.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\FYVWjmx.exe
  C:\Windows\System\FYVWjmx.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\isKVVlP.exe
  C:\Windows\System\isKVVlP.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\uQShTJt.exe
  C:\Windows\System\uQShTJt.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\KgWnMzA.exe
  C:\Windows\System\KgWnMzA.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\ilmXraa.exe
  C:\Windows\System\ilmXraa.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\sXIsfIX.exe
  C:\Windows\System\sXIsfIX.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\NGOFaWJ.exe
  C:\Windows\System\NGOFaWJ.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\eSkiaJf.exe
  C:\Windows\System\eSkiaJf.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\zUUcOWI.exe
  C:\Windows\System\zUUcOWI.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\gFjxcsK.exe
  C:\Windows\System\gFjxcsK.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\rVXdoTX.exe
  C:\Windows\System\rVXdoTX.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\sYBUtEX.exe
  C:\Windows\System\sYBUtEX.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\ygLlUSH.exe
  C:\Windows\System\ygLlUSH.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\tyWxGdE.exe
  C:\Windows\System\tyWxGdE.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\zSfYnmY.exe
  C:\Windows\System\zSfYnmY.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\KHOcAZO.exe
  C:\Windows\System\KHOcAZO.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\GLJpRlr.exe
  C:\Windows\System\GLJpRlr.exe
  2⤵
  PID:2600
- C:\Windows\System\XoAElcy.exe
  C:\Windows\System\XoAElcy.exe
  2⤵
  PID:1600
- C:\Windows\System\ZTfGrWV.exe
  C:\Windows\System\ZTfGrWV.exe
  2⤵
  PID:4240
- C:\Windows\System\NNbyhPl.exe
  C:\Windows\System\NNbyhPl.exe
  2⤵
  PID:1980
- C:\Windows\System\feBjonw.exe
  C:\Windows\System\feBjonw.exe
  2⤵
  PID:4452
- C:\Windows\System\NjrzpjI.exe
  C:\Windows\System\NjrzpjI.exe
  2⤵
  PID:4460
- C:\Windows\System\gjYtNNT.exe
  C:\Windows\System\gjYtNNT.exe
  2⤵
  PID:1844
- C:\Windows\System\uRhalGD.exe
  C:\Windows\System\uRhalGD.exe
  2⤵
  PID:3500
- C:\Windows\System\ZvAQVmS.exe
  C:\Windows\System\ZvAQVmS.exe
  2⤵
  PID:3528
- C:\Windows\System\FxBDHXX.exe
  C:\Windows\System\FxBDHXX.exe
  2⤵
  PID:2924
- C:\Windows\System\hvvOCva.exe
  C:\Windows\System\hvvOCva.exe
  2⤵
  PID:2896
- C:\Windows\System\IWGFljT.exe
  C:\Windows\System\IWGFljT.exe
  2⤵
  PID:4368
- C:\Windows\System\LmaqDSU.exe
  C:\Windows\System\LmaqDSU.exe
  2⤵
  PID:4724
- C:\Windows\System\wOJvuUn.exe
  C:\Windows\System\wOJvuUn.exe
  2⤵
  PID:404
- C:\Windows\System\iNalOrU.exe
  C:\Windows\System\iNalOrU.exe
  2⤵
  PID:4020
- C:\Windows\System\JvEvUiH.exe
  C:\Windows\System\JvEvUiH.exe
  2⤵
  PID:4456
- C:\Windows\System\QxnyNVa.exe
  C:\Windows\System\QxnyNVa.exe
  2⤵
  PID:448
- C:\Windows\System\RxzLPnX.exe
  C:\Windows\System\RxzLPnX.exe
  2⤵
  PID:768
- C:\Windows\System\JnJwqcL.exe
  C:\Windows\System\JnJwqcL.exe
  2⤵
  PID:4944
- C:\Windows\System\FYiipMT.exe
  C:\Windows\System\FYiipMT.exe
  2⤵
  PID:1032
- C:\Windows\System\snVtAoT.exe
  C:\Windows\System\snVtAoT.exe
  2⤵
  PID:368
- C:\Windows\System\PvmdqUW.exe
  C:\Windows\System\PvmdqUW.exe
  2⤵
  PID:1252
- C:\Windows\System\AqUTAzK.exe
  C:\Windows\System\AqUTAzK.exe
  2⤵
  PID:5156
- C:\Windows\System\XVyblMn.exe
  C:\Windows\System\XVyblMn.exe
  2⤵
  PID:5172
- C:\Windows\System\gBITGxk.exe
  C:\Windows\System\gBITGxk.exe
  2⤵
  PID:5232
- C:\Windows\System\WFKGwnE.exe
  C:\Windows\System\WFKGwnE.exe
  2⤵
  PID:5276
- C:\Windows\System\HhfDQOW.exe
  C:\Windows\System\HhfDQOW.exe
  2⤵
  PID:5320
- C:\Windows\System\CVRWyhP.exe
  C:\Windows\System\CVRWyhP.exe
  2⤵
  PID:5336
- C:\Windows\System\lwFeQyy.exe
  C:\Windows\System\lwFeQyy.exe
  2⤵
  PID:5368
- C:\Windows\System\CrGOXOt.exe
  C:\Windows\System\CrGOXOt.exe
  2⤵
  PID:5404
- C:\Windows\System\SaMWRDx.exe
  C:\Windows\System\SaMWRDx.exe
  2⤵
  PID:5420
- C:\Windows\System\fJAEAJx.exe
  C:\Windows\System\fJAEAJx.exe
  2⤵
  PID:5440
- C:\Windows\System\vkNNtXs.exe
  C:\Windows\System\vkNNtXs.exe
  2⤵
  PID:5468
- C:\Windows\System\RnNorUd.exe
  C:\Windows\System\RnNorUd.exe
  2⤵
  PID:5496
- C:\Windows\System\ScKygfh.exe
  C:\Windows\System\ScKygfh.exe
  2⤵
  PID:5512
- C:\Windows\System\ODYgsxD.exe
  C:\Windows\System\ODYgsxD.exe
  2⤵
  PID:5528
- C:\Windows\System\RfqeOua.exe
  C:\Windows\System\RfqeOua.exe
  2⤵
  PID:5572
- C:\Windows\System\TaokzGL.exe
  C:\Windows\System\TaokzGL.exe
  2⤵
  PID:5588
- C:\Windows\System\XZaReLp.exe
  C:\Windows\System\XZaReLp.exe
  2⤵
  PID:5628
- C:\Windows\System\tgxLaUw.exe
  C:\Windows\System\tgxLaUw.exe
  2⤵
  PID:5672
- C:\Windows\System\NSnChVj.exe
  C:\Windows\System\NSnChVj.exe
  2⤵
  PID:5712
- C:\Windows\System\HqhcCzM.exe
  C:\Windows\System\HqhcCzM.exe
  2⤵
  PID:5728
- C:\Windows\System\GmHmkXG.exe
  C:\Windows\System\GmHmkXG.exe
  2⤵
  PID:5768
- C:\Windows\System\YLXgUXu.exe
  C:\Windows\System\YLXgUXu.exe
  2⤵
  PID:5784
- C:\Windows\System\CohgXQr.exe
  C:\Windows\System\CohgXQr.exe
  2⤵
  PID:5804
- C:\Windows\System\jzOxisk.exe
  C:\Windows\System\jzOxisk.exe
  2⤵
  PID:5840
- C:\Windows\System\GKoxdxU.exe
  C:\Windows\System\GKoxdxU.exe
  2⤵
  PID:5888
- C:\Windows\System\UOftHqJ.exe
  C:\Windows\System\UOftHqJ.exe
  2⤵
  PID:5920
- C:\Windows\System\tazXirt.exe
  C:\Windows\System\tazXirt.exe
  2⤵
  PID:5940
- C:\Windows\System\EXSyWee.exe
  C:\Windows\System\EXSyWee.exe
  2⤵
  PID:5956
- C:\Windows\System\RlzTAQs.exe
  C:\Windows\System\RlzTAQs.exe
  2⤵
  PID:5972
- C:\Windows\System\ywHPleQ.exe
  C:\Windows\System\ywHPleQ.exe
  2⤵
  PID:5988
- C:\Windows\System\QnRFwpD.exe
  C:\Windows\System\QnRFwpD.exe
  2⤵
  PID:6028
- C:\Windows\System\FmizJev.exe
  C:\Windows\System\FmizJev.exe
  2⤵
  PID:6052
- C:\Windows\System\uYIlUJh.exe
  C:\Windows\System\uYIlUJh.exe
  2⤵
  PID:6068
- C:\Windows\System\GzwuGVc.exe
  C:\Windows\System\GzwuGVc.exe
  2⤵
  PID:6084
- C:\Windows\System\NWrVHmv.exe
  C:\Windows\System\NWrVHmv.exe
  2⤵
  PID:6132
- C:\Windows\System\IUNhMzR.exe
  C:\Windows\System\IUNhMzR.exe
  2⤵
  PID:1696
- C:\Windows\System\YCiRvjf.exe
  C:\Windows\System\YCiRvjf.exe
  2⤵
  PID:4228
- C:\Windows\System\WxaEtnl.exe
  C:\Windows\System\WxaEtnl.exe
  2⤵
  PID:4676
- C:\Windows\System\YYeeMyZ.exe
  C:\Windows\System\YYeeMyZ.exe
  2⤵
  PID:1864
- C:\Windows\System\IhJqSBx.exe
  C:\Windows\System\IhJqSBx.exe
  2⤵
  PID:5164
- C:\Windows\System\WTtLAhD.exe
  C:\Windows\System\WTtLAhD.exe
  2⤵
  PID:5256
- C:\Windows\System\gytUVbZ.exe
  C:\Windows\System\gytUVbZ.exe
  2⤵
  PID:5284
- C:\Windows\System\uKeNQJC.exe
  C:\Windows\System\uKeNQJC.exe
  2⤵
  PID:5392
- C:\Windows\System\gmvNbOt.exe
  C:\Windows\System\gmvNbOt.exe
  2⤵
  PID:5432
- C:\Windows\System\mtaPOtK.exe
  C:\Windows\System\mtaPOtK.exe
  2⤵
  PID:5524
- C:\Windows\System\DfNeNzb.exe
  C:\Windows\System\DfNeNzb.exe
  2⤵
  PID:5560
- C:\Windows\System\EaXRMeE.exe
  C:\Windows\System\EaXRMeE.exe
  2⤵
  PID:5616
- C:\Windows\System\mjdknkX.exe
  C:\Windows\System\mjdknkX.exe
  2⤵
  PID:5652
- C:\Windows\System\JCuUsYD.exe
  C:\Windows\System\JCuUsYD.exe
  2⤵
  PID:4100
- C:\Windows\System\TQgkSnE.exe
  C:\Windows\System\TQgkSnE.exe
  2⤵
  PID:5812
- C:\Windows\System\kbPckFy.exe
  C:\Windows\System\kbPckFy.exe
  2⤵
  PID:5896
- C:\Windows\System\fzkdRlD.exe
  C:\Windows\System\fzkdRlD.exe
  2⤵
  PID:5948
- C:\Windows\System\PoSQLxy.exe
  C:\Windows\System\PoSQLxy.exe
  2⤵
  PID:6016
- C:\Windows\System\fMrdjia.exe
  C:\Windows\System\fMrdjia.exe
  2⤵
  PID:6048
- C:\Windows\System\RpQAkDT.exe
  C:\Windows\System\RpQAkDT.exe
  2⤵
  PID:6116
- C:\Windows\System\AmwHcIh.exe
  C:\Windows\System\AmwHcIh.exe
  2⤵
  PID:688
- C:\Windows\System\iXHqXka.exe
  C:\Windows\System\iXHqXka.exe
  2⤵
  PID:4940
- C:\Windows\System\uYbPpFF.exe
  C:\Windows\System\uYbPpFF.exe
  2⤵
  PID:2388
- C:\Windows\System\RjNOiaP.exe
  C:\Windows\System\RjNOiaP.exe
  2⤵
  PID:5124
- C:\Windows\System\pUgootk.exe
  C:\Windows\System\pUgootk.exe
  2⤵
  PID:5220
- C:\Windows\System\LooSWFg.exe
  C:\Windows\System\LooSWFg.exe
  2⤵
  PID:5360
- C:\Windows\System\GLvBluc.exe
  C:\Windows\System\GLvBluc.exe
  2⤵
  PID:5460
- C:\Windows\System\HvwBLBx.exe
  C:\Windows\System\HvwBLBx.exe
  2⤵
  PID:5520
- C:\Windows\System\KxRKTOX.exe
  C:\Windows\System\KxRKTOX.exe
  2⤵
  PID:1148
- C:\Windows\System\dIkgKUJ.exe
  C:\Windows\System\dIkgKUJ.exe
  2⤵
  PID:6000
- C:\Windows\System\DRbIhMv.exe
  C:\Windows\System\DRbIhMv.exe
  2⤵
  PID:6180
- C:\Windows\System\xkhEJGa.exe
  C:\Windows\System\xkhEJGa.exe
  2⤵
  PID:6224
- C:\Windows\System\zBkBOhL.exe
  C:\Windows\System\zBkBOhL.exe
  2⤵
  PID:6248
- C:\Windows\System\wcCBNUa.exe
  C:\Windows\System\wcCBNUa.exe
  2⤵
  PID:6264
- C:\Windows\System\MPsDbOd.exe
  C:\Windows\System\MPsDbOd.exe
  2⤵
  PID:6280
- C:\Windows\System\ObZfEar.exe
  C:\Windows\System\ObZfEar.exe
  2⤵
  PID:6320
- C:\Windows\System\JWnooEZ.exe
  C:\Windows\System\JWnooEZ.exe
  2⤵
  PID:6340
- C:\Windows\System\YWKIsWx.exe
  C:\Windows\System\YWKIsWx.exe
  2⤵
  PID:6364
- C:\Windows\System\FmvWuyF.exe
  C:\Windows\System\FmvWuyF.exe
  2⤵
  PID:6400
- C:\Windows\System\gNHUvOx.exe
  C:\Windows\System\gNHUvOx.exe
  2⤵
  PID:6440
- C:\Windows\System\plaNgfh.exe
  C:\Windows\System\plaNgfh.exe
  2⤵
  PID:6456
- C:\Windows\System\OVqbTGQ.exe
  C:\Windows\System\OVqbTGQ.exe
  2⤵
  PID:6488
- C:\Windows\System\tAaYjET.exe
  C:\Windows\System\tAaYjET.exe
  2⤵
  PID:6516
- C:\Windows\System\AYQeUky.exe
  C:\Windows\System\AYQeUky.exe
  2⤵
  PID:6552
- C:\Windows\System\GYDAMWc.exe
  C:\Windows\System\GYDAMWc.exe
  2⤵
  PID:6584
- C:\Windows\System\koRemgp.exe
  C:\Windows\System\koRemgp.exe
  2⤵
  PID:6620
- C:\Windows\System\dPuZimL.exe
  C:\Windows\System\dPuZimL.exe
  2⤵
  PID:6640
- C:\Windows\System\gaMLRyC.exe
  C:\Windows\System\gaMLRyC.exe
  2⤵
  PID:6668
- C:\Windows\System\WVwdevQ.exe
  C:\Windows\System\WVwdevQ.exe
  2⤵
  PID:6684
- C:\Windows\System\JBVevED.exe
  C:\Windows\System\JBVevED.exe
  2⤵
  PID:6700
- C:\Windows\System\nKyBqYR.exe
  C:\Windows\System\nKyBqYR.exe
  2⤵
  PID:6728
- C:\Windows\System\SmcqkBY.exe
  C:\Windows\System\SmcqkBY.exe
  2⤵
  PID:6744
- C:\Windows\System\bbHuUFV.exe
  C:\Windows\System\bbHuUFV.exe
  2⤵
  PID:6780
- C:\Windows\System\ArFexyT.exe
  C:\Windows\System\ArFexyT.exe
  2⤵
  PID:6820
- C:\Windows\System\eYUgRjY.exe
  C:\Windows\System\eYUgRjY.exe
  2⤵
  PID:6836
- C:\Windows\System\cOGievc.exe
  C:\Windows\System\cOGievc.exe
  2⤵
  PID:6852
- C:\Windows\System\figeaIh.exe
  C:\Windows\System\figeaIh.exe
  2⤵
  PID:6900
- C:\Windows\System\FcrdYpA.exe
  C:\Windows\System\FcrdYpA.exe
  2⤵
  PID:6924
- C:\Windows\System\CNNZIwb.exe
  C:\Windows\System\CNNZIwb.exe
  2⤵
  PID:6968
- C:\Windows\System\UYHbYlh.exe
  C:\Windows\System\UYHbYlh.exe
  2⤵
  PID:6988
- C:\Windows\System\ObuTUbp.exe
  C:\Windows\System\ObuTUbp.exe
  2⤵
  PID:7020
- C:\Windows\System\OPeALUT.exe
  C:\Windows\System\OPeALUT.exe
  2⤵
  PID:7048
- C:\Windows\System\pXKnxqK.exe
  C:\Windows\System\pXKnxqK.exe
  2⤵
  PID:7072
- C:\Windows\System\qiiPOVI.exe
  C:\Windows\System\qiiPOVI.exe
  2⤵
  PID:7112
- C:\Windows\System\qhGiQcl.exe
  C:\Windows\System\qhGiQcl.exe
  2⤵
  PID:7144
- C:\Windows\System\jGPdesH.exe
  C:\Windows\System\jGPdesH.exe
  2⤵
  PID:7160
- C:\Windows\System\cgcvvij.exe
  C:\Windows\System\cgcvvij.exe
  2⤵
  PID:4380
- C:\Windows\System\DgLrQDc.exe
  C:\Windows\System\DgLrQDc.exe
  2⤵
  PID:5428
- C:\Windows\System\zocFrhR.exe
  C:\Windows\System\zocFrhR.exe
  2⤵
  PID:5584
- C:\Windows\System\OujpySk.exe
  C:\Windows\System\OujpySk.exe
  2⤵
  PID:6680
- C:\Windows\System\vYMFVuZ.exe
  C:\Windows\System\vYMFVuZ.exe
  2⤵
  PID:6796
- C:\Windows\System\MagLsMJ.exe
  C:\Windows\System\MagLsMJ.exe
  2⤵
  PID:6952
- C:\Windows\System\IXlfkig.exe
  C:\Windows\System\IXlfkig.exe
  2⤵
  PID:4136
- C:\Windows\System\kNrtVdc.exe
  C:\Windows\System\kNrtVdc.exe
  2⤵
  PID:6172
- C:\Windows\System\UiwpmOs.exe
  C:\Windows\System\UiwpmOs.exe
  2⤵
  PID:6384
- C:\Windows\System\DNoMEjd.exe
  C:\Windows\System\DNoMEjd.exe
  2⤵
  PID:2880
- C:\Windows\System\DnsbLMt.exe
  C:\Windows\System\DnsbLMt.exe
  2⤵
  PID:1920
- C:\Windows\System\zaoyBej.exe
  C:\Windows\System\zaoyBej.exe
  2⤵
  PID:1416
- C:\Windows\System\qbmtSiC.exe
  C:\Windows\System\qbmtSiC.exe
  2⤵
  PID:4672
- C:\Windows\System\aESuowU.exe
  C:\Windows\System\aESuowU.exe
  2⤵
  PID:6572
- C:\Windows\System\vJNsWQY.exe
  C:\Windows\System\vJNsWQY.exe
  2⤵
  PID:6160
- C:\Windows\System\zkcKAIs.exe
  C:\Windows\System\zkcKAIs.exe
  2⤵
  PID:4864
- C:\Windows\System\KklwmJs.exe
  C:\Windows\System\KklwmJs.exe
  2⤵
  PID:1204
- C:\Windows\System\lLVexaW.exe
  C:\Windows\System\lLVexaW.exe
  2⤵
  PID:1216
- C:\Windows\System\UvrKuPe.exe
  C:\Windows\System\UvrKuPe.exe
  2⤵
  PID:3552
- C:\Windows\System\RSFiuVz.exe
  C:\Windows\System\RSFiuVz.exe
  2⤵
  PID:3880
- C:\Windows\System\MJwzVsR.exe
  C:\Windows\System\MJwzVsR.exe
  2⤵
  PID:7152
- C:\Windows\System\hdlAptj.exe
  C:\Windows\System\hdlAptj.exe
  2⤵
  PID:6216
- C:\Windows\System\bCXcEQh.exe
  C:\Windows\System\bCXcEQh.exe
  2⤵
  PID:1580
- C:\Windows\System\CXUxBKu.exe
  C:\Windows\System\CXUxBKu.exe
  2⤵
  PID:2940
- C:\Windows\System\oPBWbYp.exe
  C:\Windows\System\oPBWbYp.exe
  2⤵
  PID:2184
- C:\Windows\System\rSthkoL.exe
  C:\Windows\System\rSthkoL.exe
  2⤵
  PID:5880
- C:\Windows\System\FoVCder.exe
  C:\Windows\System\FoVCder.exe
  2⤵
  PID:756
- C:\Windows\System\xcgkqYD.exe
  C:\Windows\System\xcgkqYD.exe
  2⤵
  PID:3708
- C:\Windows\System\QsShMST.exe
  C:\Windows\System\QsShMST.exe
  2⤵
  PID:1624
- C:\Windows\System\TQHohfG.exe
  C:\Windows\System\TQHohfG.exe
  2⤵
  PID:5504
- C:\Windows\System\GAsAnIf.exe
  C:\Windows\System\GAsAnIf.exe
  2⤵
  PID:4524
- C:\Windows\System\QqCTafO.exe
  C:\Windows\System\QqCTafO.exe
  2⤵
  PID:7172
- C:\Windows\System\aDILNnu.exe
  C:\Windows\System\aDILNnu.exe
  2⤵
  PID:7200
- C:\Windows\System\gynUMcB.exe
  C:\Windows\System\gynUMcB.exe
  2⤵
  PID:7228
- C:\Windows\System\cqAkOsk.exe
  C:\Windows\System\cqAkOsk.exe
  2⤵
  PID:7248
- C:\Windows\System\ZPVVBHQ.exe
  C:\Windows\System\ZPVVBHQ.exe
  2⤵
  PID:7284
- C:\Windows\System\BeYNgTK.exe
  C:\Windows\System\BeYNgTK.exe
  2⤵
  PID:7312
- C:\Windows\System\hculntp.exe
  C:\Windows\System\hculntp.exe
  2⤵
  PID:7340
- C:\Windows\System\oChHSfT.exe
  C:\Windows\System\oChHSfT.exe
  2⤵
  PID:7368
- C:\Windows\System\EZQwFDR.exe
  C:\Windows\System\EZQwFDR.exe
  2⤵
  PID:7396
- C:\Windows\System\FCWhvXl.exe
  C:\Windows\System\FCWhvXl.exe
  2⤵
  PID:7424
- C:\Windows\System\cpYuqDk.exe
  C:\Windows\System\cpYuqDk.exe
  2⤵
  PID:7452
- C:\Windows\System\xoqKLFT.exe
  C:\Windows\System\xoqKLFT.exe
  2⤵
  PID:7480
- C:\Windows\System\xFGtEAQ.exe
  C:\Windows\System\xFGtEAQ.exe
  2⤵
  PID:7508
- C:\Windows\System\fZZmqtc.exe
  C:\Windows\System\fZZmqtc.exe
  2⤵
  PID:7536
- C:\Windows\System\SwqGiLv.exe
  C:\Windows\System\SwqGiLv.exe
  2⤵
  PID:7568
- C:\Windows\System\eQAWBsC.exe
  C:\Windows\System\eQAWBsC.exe
  2⤵
  PID:7596
- C:\Windows\System\qGvWZRp.exe
  C:\Windows\System\qGvWZRp.exe
  2⤵
  PID:7624
- C:\Windows\System\pXLQmka.exe
  C:\Windows\System\pXLQmka.exe
  2⤵
  PID:7652
- C:\Windows\System\ljWgoIR.exe
  C:\Windows\System\ljWgoIR.exe
  2⤵
  PID:7680
- C:\Windows\System\jtQlPCh.exe
  C:\Windows\System\jtQlPCh.exe
  2⤵
  PID:7712
- C:\Windows\System\hwLdraZ.exe
  C:\Windows\System\hwLdraZ.exe
  2⤵
  PID:7736
- C:\Windows\System\FilOXBY.exe
  C:\Windows\System\FilOXBY.exe
  2⤵
  PID:7764
- C:\Windows\System\SfagAmV.exe
  C:\Windows\System\SfagAmV.exe
  2⤵
  PID:7792
- C:\Windows\System\XrZKSEQ.exe
  C:\Windows\System\XrZKSEQ.exe
  2⤵
  PID:7820
- C:\Windows\System\LHJMvHc.exe
  C:\Windows\System\LHJMvHc.exe
  2⤵
  PID:7848
- C:\Windows\System\ZAnVNNF.exe
  C:\Windows\System\ZAnVNNF.exe
  2⤵
  PID:7876
- C:\Windows\System\JxcacSn.exe
  C:\Windows\System\JxcacSn.exe
  2⤵
  PID:7904
- C:\Windows\System\PRqutPi.exe
  C:\Windows\System\PRqutPi.exe
  2⤵
  PID:7932
- C:\Windows\System\CzkggGA.exe
  C:\Windows\System\CzkggGA.exe
  2⤵
  PID:7960
- C:\Windows\System\xFbAMwc.exe
  C:\Windows\System\xFbAMwc.exe
  2⤵
  PID:7980
- C:\Windows\System\DLmMLYc.exe
  C:\Windows\System\DLmMLYc.exe
  2⤵
  PID:8004
- C:\Windows\System\Cihenhi.exe
  C:\Windows\System\Cihenhi.exe
  2⤵
  PID:8044
- C:\Windows\System\fmTNQiU.exe
  C:\Windows\System\fmTNQiU.exe
  2⤵
  PID:8092
- C:\Windows\System\RUyAOEz.exe
  C:\Windows\System\RUyAOEz.exe
  2⤵
  PID:8148
- C:\Windows\System\ISjYPVk.exe
  C:\Windows\System\ISjYPVk.exe
  2⤵
  PID:8168
- C:\Windows\System\pdXFSPz.exe
  C:\Windows\System\pdXFSPz.exe
  2⤵
  PID:6656
- C:\Windows\System\diOoarM.exe
  C:\Windows\System\diOoarM.exe
  2⤵
  PID:7240
- C:\Windows\System\DytKlSG.exe
  C:\Windows\System\DytKlSG.exe
  2⤵
  PID:7296
- C:\Windows\System\HnnDSVW.exe
  C:\Windows\System\HnnDSVW.exe
  2⤵
  PID:7364
- C:\Windows\System\RoqwdGb.exe
  C:\Windows\System\RoqwdGb.exe
  2⤵
  PID:7420
- C:\Windows\System\dFvyEzT.exe
  C:\Windows\System\dFvyEzT.exe
  2⤵
  PID:7476
- C:\Windows\System\pDUayon.exe
  C:\Windows\System\pDUayon.exe
  2⤵
  PID:7548
- C:\Windows\System\ckTqoUv.exe
  C:\Windows\System\ckTqoUv.exe
  2⤵
  PID:7588
- C:\Windows\System\jmvptbe.exe
  C:\Windows\System\jmvptbe.exe
  2⤵
  PID:7672
- C:\Windows\System\wfHuvkB.exe
  C:\Windows\System\wfHuvkB.exe
  2⤵
  PID:7732
- C:\Windows\System\rgrXKZZ.exe
  C:\Windows\System\rgrXKZZ.exe
  2⤵
  PID:7804
- C:\Windows\System\UeKiyew.exe
  C:\Windows\System\UeKiyew.exe
  2⤵
  PID:7864
- C:\Windows\System\IBFLrMm.exe
  C:\Windows\System\IBFLrMm.exe
  2⤵
  PID:7928
- C:\Windows\System\ljRIcYC.exe
  C:\Windows\System\ljRIcYC.exe
  2⤵
  PID:8016
- C:\Windows\System\YRPYeuY.exe
  C:\Windows\System\YRPYeuY.exe
  2⤵
  PID:8076
- C:\Windows\System\qEsAGtS.exe
  C:\Windows\System\qEsAGtS.exe
  2⤵
  PID:8156
- C:\Windows\System\TdKWfVB.exe
  C:\Windows\System\TdKWfVB.exe
  2⤵
  PID:7184
- C:\Windows\System\YWTRSpC.exe
  C:\Windows\System\YWTRSpC.exe
  2⤵
  PID:7336
- C:\Windows\System\oUXoIZZ.exe
  C:\Windows\System\oUXoIZZ.exe
  2⤵
  PID:7472
- C:\Windows\System\OphNCUa.exe
  C:\Windows\System\OphNCUa.exe
  2⤵
  PID:7636
- C:\Windows\System\PzeVcgP.exe
  C:\Windows\System\PzeVcgP.exe
  2⤵
  PID:7784
- C:\Windows\System\TRIvxtN.exe
  C:\Windows\System\TRIvxtN.exe
  2⤵
  PID:7924
- C:\Windows\System\kgIaPdA.exe
  C:\Windows\System\kgIaPdA.exe
  2⤵
  PID:8128
- C:\Windows\System\dctdaUC.exe
  C:\Windows\System\dctdaUC.exe
  2⤵
  PID:7280
- C:\Windows\System\fhKgNeF.exe
  C:\Windows\System\fhKgNeF.exe
  2⤵
  PID:7620
- C:\Windows\System\JUZtowc.exe
  C:\Windows\System\JUZtowc.exe
  2⤵
  PID:7992
- C:\Windows\System\jjEBbJr.exe
  C:\Windows\System\jjEBbJr.exe
  2⤵
  PID:7532
- C:\Windows\System\oydCaLZ.exe
  C:\Windows\System\oydCaLZ.exe
  2⤵
  PID:7464
- C:\Windows\System\umvqoAQ.exe
  C:\Windows\System\umvqoAQ.exe
  2⤵
  PID:8208
- C:\Windows\System\tPiyqoI.exe
  C:\Windows\System\tPiyqoI.exe
  2⤵
  PID:8236
- C:\Windows\System\zHBpFKp.exe
  C:\Windows\System\zHBpFKp.exe
  2⤵
  PID:8268
- C:\Windows\System\TsoNnTD.exe
  C:\Windows\System\TsoNnTD.exe
  2⤵
  PID:8320
- C:\Windows\System\KjiymIi.exe
  C:\Windows\System\KjiymIi.exe
  2⤵
  PID:8392
- C:\Windows\System\ZKgvwDh.exe
  C:\Windows\System\ZKgvwDh.exe
  2⤵
  PID:8432
- C:\Windows\System\Sdpjeib.exe
  C:\Windows\System\Sdpjeib.exe
  2⤵
  PID:8480
- C:\Windows\System\pIhgICL.exe
  C:\Windows\System\pIhgICL.exe
  2⤵
  PID:8524
- C:\Windows\System\EpzQCQB.exe
  C:\Windows\System\EpzQCQB.exe
  2⤵
  PID:8552
- C:\Windows\System\XAZyIJu.exe
  C:\Windows\System\XAZyIJu.exe
  2⤵
  PID:8588
- C:\Windows\System\LhKBFEu.exe
  C:\Windows\System\LhKBFEu.exe
  2⤵
  PID:8608
- C:\Windows\System\NFaODPq.exe
  C:\Windows\System\NFaODPq.exe
  2⤵
  PID:8636
- C:\Windows\System\HgZzLgh.exe
  C:\Windows\System\HgZzLgh.exe
  2⤵
  PID:8680
- C:\Windows\System\CDHOvHF.exe
  C:\Windows\System\CDHOvHF.exe
  2⤵
  PID:8696
- C:\Windows\System\yqLUelZ.exe
  C:\Windows\System\yqLUelZ.exe
  2⤵
  PID:8736
- C:\Windows\System\oTUDdKf.exe
  C:\Windows\System\oTUDdKf.exe
  2⤵
  PID:8772
- C:\Windows\System\EiknkjU.exe
  C:\Windows\System\EiknkjU.exe
  2⤵
  PID:8820
- C:\Windows\System\JHzaHAH.exe
  C:\Windows\System\JHzaHAH.exe
  2⤵
  PID:8844
- C:\Windows\System\HwLGzzq.exe
  C:\Windows\System\HwLGzzq.exe
  2⤵
  PID:8864
- C:\Windows\System\hkHitQw.exe
  C:\Windows\System\hkHitQw.exe
  2⤵
  PID:8920
- C:\Windows\System\ajWPdWf.exe
  C:\Windows\System\ajWPdWf.exe
  2⤵
  PID:8940
- C:\Windows\System\BHFimRi.exe
  C:\Windows\System\BHFimRi.exe
  2⤵
  PID:9028
- C:\Windows\System\qfUNhkg.exe
  C:\Windows\System\qfUNhkg.exe
  2⤵
  PID:9056
- C:\Windows\System\wpqQzkV.exe
  C:\Windows\System\wpqQzkV.exe
  2⤵
  PID:9096
- C:\Windows\System\SYFfmgg.exe
  C:\Windows\System\SYFfmgg.exe
  2⤵
  PID:9132
- C:\Windows\System\edtiWOl.exe
  C:\Windows\System\edtiWOl.exe
  2⤵
  PID:9172
- C:\Windows\System\XDGsniK.exe
  C:\Windows\System\XDGsniK.exe
  2⤵
  PID:8200
- C:\Windows\System\YBcEjNK.exe
  C:\Windows\System\YBcEjNK.exe
  2⤵
  PID:8248
- C:\Windows\System\ncTXELy.exe
  C:\Windows\System\ncTXELy.exe
  2⤵
  PID:8288
- C:\Windows\System\GUgjrDg.exe
  C:\Windows\System\GUgjrDg.exe
  2⤵
  PID:4036
- C:\Windows\System\nXiNHoz.exe
  C:\Windows\System\nXiNHoz.exe
  2⤵
  PID:4504
- C:\Windows\System\YxTWmNe.exe
  C:\Windows\System\YxTWmNe.exe
  2⤵
  PID:8276
- C:\Windows\System\DWcTacr.exe
  C:\Windows\System\DWcTacr.exe
  2⤵
  PID:2704
- C:\Windows\System\ZgCxyxR.exe
  C:\Windows\System\ZgCxyxR.exe
  2⤵
  PID:8512
- C:\Windows\System\aFxuHtJ.exe
  C:\Windows\System\aFxuHtJ.exe
  2⤵
  PID:8456
- C:\Windows\System\GfVpLtt.exe
  C:\Windows\System\GfVpLtt.exe
  2⤵
  PID:8548
- C:\Windows\System\DKHcjkp.exe
  C:\Windows\System\DKHcjkp.exe
  2⤵
  PID:8600
- C:\Windows\System\LLiSPju.exe
  C:\Windows\System\LLiSPju.exe
  2⤵
  PID:8628
- C:\Windows\System\WLsuIfz.exe
  C:\Windows\System\WLsuIfz.exe
  2⤵
  PID:8712
- C:\Windows\System\JWHlqSV.exe
  C:\Windows\System\JWHlqSV.exe
  2⤵
  PID:8852
- C:\Windows\System\MPlWicM.exe
  C:\Windows\System\MPlWicM.exe
  2⤵
  PID:8956
- C:\Windows\System\SzNoKxW.exe
  C:\Windows\System\SzNoKxW.exe
  2⤵
  PID:9044
- C:\Windows\System\aNoMGJx.exe
  C:\Windows\System\aNoMGJx.exe
  2⤵
  PID:8264
- C:\Windows\System\qJBgfLd.exe
  C:\Windows\System\qJBgfLd.exe
  2⤵
  PID:8260
- C:\Windows\System\oFwkEFx.exe
  C:\Windows\System\oFwkEFx.exe
  2⤵
  PID:8412
- C:\Windows\System\puuRzcN.exe
  C:\Windows\System\puuRzcN.exe
  2⤵
  PID:8452
- C:\Windows\System\JBaJKeA.exe
  C:\Windows\System\JBaJKeA.exe
  2⤵
  PID:8576
- C:\Windows\System\iBPQizT.exe
  C:\Windows\System\iBPQizT.exe
  2⤵
  PID:8796
- C:\Windows\System\egQNkZw.exe
  C:\Windows\System\egQNkZw.exe
  2⤵
  PID:8704
- C:\Windows\System\VOwmLJw.exe
  C:\Windows\System\VOwmLJw.exe
  2⤵
  PID:9208
- C:\Windows\System\SDKOBLD.exe
  C:\Windows\System\SDKOBLD.exe
  2⤵
  PID:8752
- C:\Windows\System\xMHCpum.exe
  C:\Windows\System\xMHCpum.exe
  2⤵
  PID:3860
- C:\Windows\System\WQHYpnf.exe
  C:\Windows\System\WQHYpnf.exe
  2⤵
  PID:8504
- C:\Windows\System\KnKNQjM.exe
  C:\Windows\System\KnKNQjM.exe
  2⤵
  PID:8908
- C:\Windows\System\KOKZYOJ.exe
  C:\Windows\System\KOKZYOJ.exe
  2⤵
  PID:2756
- C:\Windows\System\eJRkAKv.exe
  C:\Windows\System\eJRkAKv.exe
  2⤵
  PID:8508
- C:\Windows\System\sTjZEVZ.exe
  C:\Windows\System\sTjZEVZ.exe
  2⤵
  PID:1664
- C:\Windows\System\ZrqhsgF.exe
  C:\Windows\System\ZrqhsgF.exe
  2⤵
  PID:5100
- C:\Windows\System\BWTDoBu.exe
  C:\Windows\System\BWTDoBu.exe
  2⤵
  PID:8468
- C:\Windows\System\VmEibBN.exe
  C:\Windows\System\VmEibBN.exe
  2⤵
  PID:9232
- C:\Windows\System\haHkbxa.exe
  C:\Windows\System\haHkbxa.exe
  2⤵
  PID:9252
- C:\Windows\System\hizBcWL.exe
  C:\Windows\System\hizBcWL.exe
  2⤵
  PID:9300
- C:\Windows\System\cUNiZdN.exe
  C:\Windows\System\cUNiZdN.exe
  2⤵
  PID:9316
- C:\Windows\System\ZcoVJSz.exe
  C:\Windows\System\ZcoVJSz.exe
  2⤵
  PID:9344
- C:\Windows\System\Ikslhyx.exe
  C:\Windows\System\Ikslhyx.exe
  2⤵
  PID:9372
- C:\Windows\System\ITcollt.exe
  C:\Windows\System\ITcollt.exe
  2⤵
  PID:9408
- C:\Windows\System\nkqpzZP.exe
  C:\Windows\System\nkqpzZP.exe
  2⤵
  PID:9436
- C:\Windows\System\QkECyLG.exe
  C:\Windows\System\QkECyLG.exe
  2⤵
  PID:9464
- C:\Windows\System\sKkCwTX.exe
  C:\Windows\System\sKkCwTX.exe
  2⤵
  PID:9496
- C:\Windows\System\OZEMIbQ.exe
  C:\Windows\System\OZEMIbQ.exe
  2⤵
  PID:9524
- C:\Windows\System\dzfCbqo.exe
  C:\Windows\System\dzfCbqo.exe
  2⤵
  PID:9552
- C:\Windows\System\ZVJFyrc.exe
  C:\Windows\System\ZVJFyrc.exe
  2⤵
  PID:9568
- C:\Windows\System\JgkKPaE.exe
  C:\Windows\System\JgkKPaE.exe
  2⤵
  PID:9608
- C:\Windows\System\AGFXuMP.exe
  C:\Windows\System\AGFXuMP.exe
  2⤵
  PID:9636
- C:\Windows\System\OeyrJNZ.exe
  C:\Windows\System\OeyrJNZ.exe
  2⤵
  PID:9664
- C:\Windows\System\gAgbURs.exe
  C:\Windows\System\gAgbURs.exe
  2⤵
  PID:9692
- C:\Windows\System\teydllt.exe
  C:\Windows\System\teydllt.exe
  2⤵
  PID:9720
- C:\Windows\System\bVZdcdZ.exe
  C:\Windows\System\bVZdcdZ.exe
  2⤵
  PID:9748
- C:\Windows\System\bagSNHq.exe
  C:\Windows\System\bagSNHq.exe
  2⤵
  PID:9776
- C:\Windows\System\umjGiJR.exe
  C:\Windows\System\umjGiJR.exe
  2⤵
  PID:9792
- C:\Windows\System\fPSHXeS.exe
  C:\Windows\System\fPSHXeS.exe
  2⤵
  PID:9820
- C:\Windows\System\pDCrhwW.exe
  C:\Windows\System\pDCrhwW.exe
  2⤵
  PID:9860
- C:\Windows\System\NzdxOex.exe
  C:\Windows\System\NzdxOex.exe
  2⤵
  PID:9888
- C:\Windows\System\OULUImC.exe
  C:\Windows\System\OULUImC.exe
  2⤵
  PID:9916
- C:\Windows\System\EHtqggw.exe
  C:\Windows\System\EHtqggw.exe
  2⤵
  PID:9964
- C:\Windows\System\yjUBSsR.exe
  C:\Windows\System\yjUBSsR.exe
  2⤵
  PID:10000
- C:\Windows\System\czBgCoR.exe
  C:\Windows\System\czBgCoR.exe
  2⤵
  PID:10036
- C:\Windows\System\WcbWsdv.exe
  C:\Windows\System\WcbWsdv.exe
  2⤵
  PID:10072
- C:\Windows\System\CUvYJCN.exe
  C:\Windows\System\CUvYJCN.exe
  2⤵
  PID:10112
- C:\Windows\System\vmZZBTD.exe
  C:\Windows\System\vmZZBTD.exe
  2⤵
  PID:10136
- C:\Windows\System\qcWkzZl.exe
  C:\Windows\System\qcWkzZl.exe
  2⤵
  PID:10164
- C:\Windows\System\JPGueAG.exe
  C:\Windows\System\JPGueAG.exe
  2⤵
  PID:10188
- C:\Windows\System\fYVyZRw.exe
  C:\Windows\System\fYVyZRw.exe
  2⤵
  PID:10216
- C:\Windows\System\GazYHvT.exe
  C:\Windows\System\GazYHvT.exe
  2⤵
  PID:712
- C:\Windows\System\TVVOxdX.exe
  C:\Windows\System\TVVOxdX.exe
  2⤵
  PID:9296
- C:\Windows\System\RcQnqJU.exe
  C:\Windows\System\RcQnqJU.exe
  2⤵
  PID:9340
- C:\Windows\System\KYhcVsU.exe
  C:\Windows\System\KYhcVsU.exe
  2⤵
  PID:9384
- C:\Windows\System\JyHWPFz.exe
  C:\Windows\System\JyHWPFz.exe
  2⤵
  PID:6508
- C:\Windows\System\rTwfttu.exe
  C:\Windows\System\rTwfttu.exe
  2⤵
  PID:9456
- C:\Windows\System\GUeLhlK.exe
  C:\Windows\System\GUeLhlK.exe
  2⤵
  PID:6432
- C:\Windows\System\wpwZlds.exe
  C:\Windows\System\wpwZlds.exe
  2⤵
  PID:9520
- C:\Windows\System\BFWCmeT.exe
  C:\Windows\System\BFWCmeT.exe
  2⤵
  PID:9632
- C:\Windows\System\eSSPbOd.exe
  C:\Windows\System\eSSPbOd.exe
  2⤵
  PID:9704
- C:\Windows\System\KxjVEGr.exe
  C:\Windows\System\KxjVEGr.exe
  2⤵
  PID:228
- C:\Windows\System\UhLsGPt.exe
  C:\Windows\System\UhLsGPt.exe
  2⤵
  PID:9852
- C:\Windows\System\OFmJPVS.exe
  C:\Windows\System\OFmJPVS.exe
  2⤵
  PID:9880
- C:\Windows\System\qAVRtpW.exe
  C:\Windows\System\qAVRtpW.exe
  2⤵
  PID:9952
- C:\Windows\System\immTaTk.exe
  C:\Windows\System\immTaTk.exe
  2⤵
  PID:10012
- C:\Windows\System\XVwSNGr.exe
  C:\Windows\System\XVwSNGr.exe
  2⤵
  PID:8356
- C:\Windows\System\JZORVAE.exe
  C:\Windows\System\JZORVAE.exe
  2⤵
  PID:2580
- C:\Windows\System\dVMXNQo.exe
  C:\Windows\System\dVMXNQo.exe
  2⤵
  PID:9484
- C:\Windows\System\cqEdMUx.exe
  C:\Windows\System\cqEdMUx.exe
  2⤵
  PID:10212
- C:\Windows\System\vPyMpjj.exe
  C:\Windows\System\vPyMpjj.exe
  2⤵
  PID:9328
- C:\Windows\System\ebnwDsX.exe
  C:\Windows\System\ebnwDsX.exe
  2⤵
  PID:9428
- C:\Windows\System\zPKLJjR.exe
  C:\Windows\System\zPKLJjR.exe
  2⤵
  PID:6452
- C:\Windows\System\hPLkFYs.exe
  C:\Windows\System\hPLkFYs.exe
  2⤵
  PID:9660
- C:\Windows\System\ssgBxTH.exe
  C:\Windows\System\ssgBxTH.exe
  2⤵
  PID:9760
- C:\Windows\System\AmtHclJ.exe
  C:\Windows\System\AmtHclJ.exe
  2⤵
  PID:9912
- C:\Windows\System\FwnWbhm.exe
  C:\Windows\System\FwnWbhm.exe
  2⤵
  PID:8344
- C:\Windows\System\RfHFArT.exe
  C:\Windows\System\RfHFArT.exe
  2⤵
  PID:10172
- C:\Windows\System\juaurro.exe
  C:\Windows\System\juaurro.exe
  2⤵
  PID:1824
- C:\Windows\System\ZDGIClR.exe
  C:\Windows\System\ZDGIClR.exe
  2⤵
  PID:4516
- C:\Windows\System\thXDHAe.exe
  C:\Windows\System\thXDHAe.exe
  2⤵
  PID:9688
- C:\Windows\System\OSBekfp.exe
  C:\Windows\System\OSBekfp.exe
  2⤵
  PID:7032
- C:\Windows\System\blheurV.exe
  C:\Windows\System\blheurV.exe
  2⤵
  PID:10208
- C:\Windows\System\AVNLtIg.exe
  C:\Windows\System\AVNLtIg.exe
  2⤵
  PID:9620
- C:\Windows\System\OtFQfyT.exe
  C:\Windows\System\OtFQfyT.exe
  2⤵
  PID:9420
- C:\Windows\System\ZUXTmUY.exe
  C:\Windows\System\ZUXTmUY.exe
  2⤵
  PID:1724
- C:\Windows\System\MQEMVYf.exe
  C:\Windows\System\MQEMVYf.exe
  2⤵
  PID:10260
- C:\Windows\System\gqteUUs.exe
  C:\Windows\System\gqteUUs.exe
  2⤵
  PID:10288
- C:\Windows\System\Yvcbuez.exe
  C:\Windows\System\Yvcbuez.exe
  2⤵
  PID:10316
- C:\Windows\System\rAPXYwZ.exe
  C:\Windows\System\rAPXYwZ.exe
  2⤵
  PID:10344
- C:\Windows\System\VhnofhC.exe
  C:\Windows\System\VhnofhC.exe
  2⤵
  PID:10372
- C:\Windows\System\WKwnCyb.exe
  C:\Windows\System\WKwnCyb.exe
  2⤵
  PID:10400
- C:\Windows\System\eMpZgvv.exe
  C:\Windows\System\eMpZgvv.exe
  2⤵
  PID:10428
- C:\Windows\System\tfVpfuL.exe
  C:\Windows\System\tfVpfuL.exe
  2⤵
  PID:10456
- C:\Windows\System\ISDYzub.exe
  C:\Windows\System\ISDYzub.exe
  2⤵
  PID:10484
- C:\Windows\System\GkDVPwZ.exe
  C:\Windows\System\GkDVPwZ.exe
  2⤵
  PID:10512
- C:\Windows\System\QzjvWlX.exe
  C:\Windows\System\QzjvWlX.exe
  2⤵
  PID:10540
- C:\Windows\System\VuYUVjP.exe
  C:\Windows\System\VuYUVjP.exe
  2⤵
  PID:10568
- C:\Windows\System\OZTeBiV.exe
  C:\Windows\System\OZTeBiV.exe
  2⤵
  PID:10596
- C:\Windows\System\LlPnyqv.exe
  C:\Windows\System\LlPnyqv.exe
  2⤵
  PID:10624
- C:\Windows\System\KCvkUtM.exe
  C:\Windows\System\KCvkUtM.exe
  2⤵
  PID:10652
- C:\Windows\System\XjjgYnS.exe
  C:\Windows\System\XjjgYnS.exe
  2⤵
  PID:10680
- C:\Windows\System\QAvJljZ.exe
  C:\Windows\System\QAvJljZ.exe
  2⤵
  PID:10708
- C:\Windows\System\jWfTSZh.exe
  C:\Windows\System\jWfTSZh.exe
  2⤵
  PID:10736
- C:\Windows\System\OnvXbrm.exe
  C:\Windows\System\OnvXbrm.exe
  2⤵
  PID:10768
- C:\Windows\System\haxqokO.exe
  C:\Windows\System\haxqokO.exe
  2⤵
  PID:10796
- C:\Windows\System\ysUEYCc.exe
  C:\Windows\System\ysUEYCc.exe
  2⤵
  PID:10824
- C:\Windows\System\NEQKxdH.exe
  C:\Windows\System\NEQKxdH.exe
  2⤵
  PID:10852
- C:\Windows\System\wWNXWpK.exe
  C:\Windows\System\wWNXWpK.exe
  2⤵
  PID:10880
- C:\Windows\System\LlMhXyo.exe
  C:\Windows\System\LlMhXyo.exe
  2⤵
  PID:10908
- C:\Windows\System\DzohIEv.exe
  C:\Windows\System\DzohIEv.exe
  2⤵
  PID:10936
- C:\Windows\System\qirnXMR.exe
  C:\Windows\System\qirnXMR.exe
  2⤵
  PID:10964
- C:\Windows\System\XauPpUC.exe
  C:\Windows\System\XauPpUC.exe
  2⤵
  PID:10992
- C:\Windows\System\zZSdVJS.exe
  C:\Windows\System\zZSdVJS.exe
  2⤵
  PID:11020
- C:\Windows\System\yVbzTnt.exe
  C:\Windows\System\yVbzTnt.exe
  2⤵
  PID:11048
- C:\Windows\System\hhgyROY.exe
  C:\Windows\System\hhgyROY.exe
  2⤵
  PID:11076
- C:\Windows\System\UFVTPGn.exe
  C:\Windows\System\UFVTPGn.exe
  2⤵
  PID:11104
- C:\Windows\System\tsaOHxL.exe
  C:\Windows\System\tsaOHxL.exe
  2⤵
  PID:11132
- C:\Windows\System\SmApDtD.exe
  C:\Windows\System\SmApDtD.exe
  2⤵
  PID:11160
- C:\Windows\System\WzTGQma.exe
  C:\Windows\System\WzTGQma.exe
  2⤵
  PID:11188
- C:\Windows\System\neIbFMW.exe
  C:\Windows\System\neIbFMW.exe
  2⤵
  PID:11216
- C:\Windows\System\gfmkTjb.exe
  C:\Windows\System\gfmkTjb.exe
  2⤵
  PID:11244
- C:\Windows\System\lBCVxJv.exe
  C:\Windows\System\lBCVxJv.exe
  2⤵
  PID:10252
- C:\Windows\System\XYXgTFX.exe
  C:\Windows\System\XYXgTFX.exe
  2⤵
  PID:10312
- C:\Windows\System\nBvgWlc.exe
  C:\Windows\System\nBvgWlc.exe
  2⤵
  PID:10384
- C:\Windows\System\QinQLSc.exe
  C:\Windows\System\QinQLSc.exe
  2⤵
  PID:10448
- C:\Windows\System\CDcyKjW.exe
  C:\Windows\System\CDcyKjW.exe
  2⤵
  PID:10508
- C:\Windows\System\vqtXtpe.exe
  C:\Windows\System\vqtXtpe.exe
  2⤵
  PID:10560
- C:\Windows\System\ugaRRgJ.exe
  C:\Windows\System\ugaRRgJ.exe
  2⤵
  PID:10648
- C:\Windows\System\AqBlkQj.exe
  C:\Windows\System\AqBlkQj.exe
  2⤵
  PID:10700
- C:\Windows\System\nixtfuH.exe
  C:\Windows\System\nixtfuH.exe
  2⤵
  PID:10780
- C:\Windows\System\dKvbAnS.exe
  C:\Windows\System\dKvbAnS.exe
  2⤵
  PID:10844
- C:\Windows\System\TckuorQ.exe
  C:\Windows\System\TckuorQ.exe
  2⤵
  PID:10904
- C:\Windows\System\pvGHjLt.exe
  C:\Windows\System\pvGHjLt.exe
  2⤵
  PID:10976
- C:\Windows\System\AdqMFnu.exe
  C:\Windows\System\AdqMFnu.exe
  2⤵
  PID:11040
- C:\Windows\System\AgzDOjT.exe
  C:\Windows\System\AgzDOjT.exe
  2⤵
  PID:11100
- C:\Windows\System\MnCBmae.exe
  C:\Windows\System\MnCBmae.exe
  2⤵
  PID:11172
- C:\Windows\System\HxTPcPt.exe
  C:\Windows\System\HxTPcPt.exe
  2⤵
  PID:11236
- C:\Windows\System\ildgmWG.exe
  C:\Windows\System\ildgmWG.exe
  2⤵
  PID:10308
- C:\Windows\System\etJbRqU.exe
  C:\Windows\System\etJbRqU.exe
  2⤵
  PID:10424
- C:\Windows\System\ygGfRlU.exe
  C:\Windows\System\ygGfRlU.exe
  2⤵
  PID:10608
- C:\Windows\System\cmosFPp.exe
  C:\Windows\System\cmosFPp.exe
  2⤵
  PID:10748
- C:\Windows\System\jZALWOs.exe
  C:\Windows\System\jZALWOs.exe
  2⤵
  PID:10900
- C:\Windows\System\bveXoPB.exe
  C:\Windows\System\bveXoPB.exe
  2⤵
  PID:11072
- C:\Windows\System\FJwkXKd.exe
  C:\Windows\System\FJwkXKd.exe
  2⤵
  PID:11212
- C:\Windows\System\BCZvMGi.exe
  C:\Windows\System\BCZvMGi.exe
  2⤵
  PID:10444
- C:\Windows\System\skjyXkn.exe
  C:\Windows\System\skjyXkn.exe
  2⤵
  PID:10820
- C:\Windows\System\zRUvLcV.exe
  C:\Windows\System\zRUvLcV.exe
  2⤵
  PID:11156
- C:\Windows\System\eVTFhpl.exe
  C:\Windows\System\eVTFhpl.exe
  2⤵
  PID:10728
- C:\Windows\System\ldnrRtv.exe
  C:\Windows\System\ldnrRtv.exe
  2⤵
  PID:11128
- C:\Windows\System\hAjcVUu.exe
  C:\Windows\System\hAjcVUu.exe
  2⤵
  PID:11284
- C:\Windows\System\iwIRDMb.exe
  C:\Windows\System\iwIRDMb.exe
  2⤵
  PID:11312
- C:\Windows\System\MfSjTLa.exe
  C:\Windows\System\MfSjTLa.exe
  2⤵
  PID:11340
- C:\Windows\System\IscJaWV.exe
  C:\Windows\System\IscJaWV.exe
  2⤵
  PID:11368
- C:\Windows\System\GqjEMXL.exe
  C:\Windows\System\GqjEMXL.exe
  2⤵
  PID:11396
- C:\Windows\System\dgeouQo.exe
  C:\Windows\System\dgeouQo.exe
  2⤵
  PID:11424
- C:\Windows\System\xZtAcxK.exe
  C:\Windows\System\xZtAcxK.exe
  2⤵
  PID:11452
- C:\Windows\System\MCuiEFh.exe
  C:\Windows\System\MCuiEFh.exe
  2⤵
  PID:11480
- C:\Windows\System\RkpejGb.exe
  C:\Windows\System\RkpejGb.exe
  2⤵
  PID:11512
- C:\Windows\System\GEsHIZo.exe
  C:\Windows\System\GEsHIZo.exe
  2⤵
  PID:11552
- C:\Windows\System\xaNtlUY.exe
  C:\Windows\System\xaNtlUY.exe
  2⤵
  PID:11568
- C:\Windows\System\rEeQNzX.exe
  C:\Windows\System\rEeQNzX.exe
  2⤵
  PID:11596
- C:\Windows\System\MZMsOqe.exe
  C:\Windows\System\MZMsOqe.exe
  2⤵
  PID:11624
- C:\Windows\System\LjSuKDM.exe
  C:\Windows\System\LjSuKDM.exe
  2⤵
  PID:11652
- C:\Windows\System\eYETDhj.exe
  C:\Windows\System\eYETDhj.exe
  2⤵
  PID:11680
- C:\Windows\System\MpjPwsK.exe
  C:\Windows\System\MpjPwsK.exe
  2⤵
  PID:11708
- C:\Windows\System\PTyufph.exe
  C:\Windows\System\PTyufph.exe
  2⤵
  PID:11736
- C:\Windows\System\mQfgDXR.exe
  C:\Windows\System\mQfgDXR.exe
  2⤵
  PID:11764
- C:\Windows\System\PwtTtIp.exe
  C:\Windows\System\PwtTtIp.exe
  2⤵
  PID:11792
- C:\Windows\System\SURNLPC.exe
  C:\Windows\System\SURNLPC.exe
  2⤵
  PID:11820
- C:\Windows\System\wdEwOzm.exe
  C:\Windows\System\wdEwOzm.exe
  2⤵
  PID:11848
- C:\Windows\System\FKgGJaU.exe
  C:\Windows\System\FKgGJaU.exe
  2⤵
  PID:11876
- C:\Windows\System\mIYiLMk.exe
  C:\Windows\System\mIYiLMk.exe
  2⤵
  PID:11908
- C:\Windows\System\wGDMjhA.exe
  C:\Windows\System\wGDMjhA.exe
  2⤵
  PID:11936
- C:\Windows\System\mtjWnwF.exe
  C:\Windows\System\mtjWnwF.exe
  2⤵
  PID:11964
- C:\Windows\System\rCPCNjY.exe
  C:\Windows\System\rCPCNjY.exe
  2⤵
  PID:11984
- C:\Windows\System\lcLcEOX.exe
  C:\Windows\System\lcLcEOX.exe
  2⤵
  PID:12004
- C:\Windows\System\fDlkvDj.exe
  C:\Windows\System\fDlkvDj.exe
  2⤵
  PID:12044
- C:\Windows\System\hHWLmXc.exe
  C:\Windows\System\hHWLmXc.exe
  2⤵
  PID:12080
- C:\Windows\System\zeJHkgY.exe
  C:\Windows\System\zeJHkgY.exe
  2⤵
  PID:12100
- C:\Windows\System\ugxtNVo.exe
  C:\Windows\System\ugxtNVo.exe
  2⤵
  PID:12152
- C:\Windows\System\JGYLjgG.exe
  C:\Windows\System\JGYLjgG.exe
  2⤵
  PID:12168
- C:\Windows\System\cUCPBrS.exe
  C:\Windows\System\cUCPBrS.exe
  2⤵
  PID:12208
- C:\Windows\System\NXWPZBV.exe
  C:\Windows\System\NXWPZBV.exe
  2⤵
  PID:12228
- C:\Windows\System\rStYzLA.exe
  C:\Windows\System\rStYzLA.exe
  2⤵
  PID:12252
- C:\Windows\System\LyYphCq.exe
  C:\Windows\System\LyYphCq.exe
  2⤵
  PID:11268
- C:\Windows\System\OngGrzE.exe
  C:\Windows\System\OngGrzE.exe
  2⤵
  PID:11332
- C:\Windows\System\MpYUVSx.exe
  C:\Windows\System\MpYUVSx.exe
  2⤵
  PID:11392
- C:\Windows\System\KvnZMOr.exe
  C:\Windows\System\KvnZMOr.exe
  2⤵
  PID:11464
- C:\Windows\System\Vjxwjgc.exe
  C:\Windows\System\Vjxwjgc.exe
  2⤵
  PID:11532
- C:\Windows\System\VwXQtAx.exe
  C:\Windows\System\VwXQtAx.exe
  2⤵
  PID:11592
- C:\Windows\System\GCUFNPf.exe
  C:\Windows\System\GCUFNPf.exe
  2⤵
  PID:11664
- C:\Windows\System\pNIKDDH.exe
  C:\Windows\System\pNIKDDH.exe
  2⤵
  PID:11728
- C:\Windows\System\LdjEDqX.exe
  C:\Windows\System\LdjEDqX.exe
  2⤵
  PID:11788
- C:\Windows\System\aJfzDKe.exe
  C:\Windows\System\aJfzDKe.exe
  2⤵
  PID:11860
- C:\Windows\System\NgAMxVe.exe
  C:\Windows\System\NgAMxVe.exe
  2⤵
  PID:11932
- C:\Windows\System\COzcWDN.exe
  C:\Windows\System\COzcWDN.exe
  2⤵
  PID:5816
- C:\Windows\System\lehQHVQ.exe
  C:\Windows\System\lehQHVQ.exe
  2⤵
  PID:11992
- C:\Windows\System\YqZDUDC.exe
  C:\Windows\System\YqZDUDC.exe
  2⤵
  PID:12036
- C:\Windows\System\EDmtUAg.exe
  C:\Windows\System\EDmtUAg.exe
  2⤵
  PID:12136
- C:\Windows\System\JVPehgN.exe
  C:\Windows\System\JVPehgN.exe
  2⤵
  PID:12196
- C:\Windows\System\PbJprrQ.exe
  C:\Windows\System\PbJprrQ.exe
  2⤵
  PID:12244
- C:\Windows\System\kErsZpM.exe
  C:\Windows\System\kErsZpM.exe
  2⤵
  PID:6112
- C:\Windows\System\TKqmALC.exe
  C:\Windows\System\TKqmALC.exe
  2⤵
  PID:11972
- C:\Windows\System\tsksbWS.exe
  C:\Windows\System\tsksbWS.exe
  2⤵
  PID:11380
- C:\Windows\System\nObNcGm.exe
  C:\Windows\System\nObNcGm.exe
  2⤵
  PID:11524
- C:\Windows\System\lmVIkiF.exe
  C:\Windows\System\lmVIkiF.exe
  2⤵
  PID:11644
- C:\Windows\System\SenWCCH.exe
  C:\Windows\System\SenWCCH.exe
  2⤵
  PID:11784
- C:\Windows\System\gjpghfP.exe
  C:\Windows\System\gjpghfP.exe
  2⤵
  PID:11500
- C:\Windows\System\qEYAsTr.exe
  C:\Windows\System\qEYAsTr.exe
  2⤵
  PID:3248
- C:\Windows\System\FlSpNQo.exe
  C:\Windows\System\FlSpNQo.exe
  2⤵
  PID:12160
- C:\Windows\System\iejFDco.exe
  C:\Windows\System\iejFDco.exe
  2⤵
  PID:5688
- C:\Windows\System\oUnaHIl.exe
  C:\Windows\System\oUnaHIl.exe
  2⤵
  PID:11324
- C:\Windows\System\gDgNhlo.exe
  C:\Windows\System\gDgNhlo.exe
  2⤵
  PID:5204
- C:\Windows\System\AqJndwN.exe
  C:\Windows\System\AqJndwN.exe
  2⤵
  PID:11892
- C:\Windows\System\OqGEuxq.exe
  C:\Windows\System\OqGEuxq.exe
  2⤵
  PID:12220
- C:\Windows\System\PXllBvE.exe
  C:\Windows\System\PXllBvE.exe
  2⤵
  PID:11580
- C:\Windows\System\WibmIdZ.exe
  C:\Windows\System\WibmIdZ.exe
  2⤵
  PID:12072
- C:\Windows\System\mwouOLs.exe
  C:\Windows\System\mwouOLs.exe
  2⤵
  PID:12020
- C:\Windows\System\QbrXHxn.exe
  C:\Windows\System\QbrXHxn.exe
  2⤵
  PID:12304
- C:\Windows\System\swQXwdh.exe
  C:\Windows\System\swQXwdh.exe
  2⤵
  PID:12332
- C:\Windows\System\imQKQrm.exe
  C:\Windows\System\imQKQrm.exe
  2⤵
  PID:12364
- C:\Windows\System\vwtkqkv.exe
  C:\Windows\System\vwtkqkv.exe
  2⤵
  PID:12392
- C:\Windows\System\wYgNRLY.exe
  C:\Windows\System\wYgNRLY.exe
  2⤵
  PID:12420
- C:\Windows\System\DFDeFuT.exe
  C:\Windows\System\DFDeFuT.exe
  2⤵
  PID:12448
- C:\Windows\System\fgPplvk.exe
  C:\Windows\System\fgPplvk.exe
  2⤵
  PID:12476
- C:\Windows\System\UCmpZJn.exe
  C:\Windows\System\UCmpZJn.exe
  2⤵
  PID:12504
- C:\Windows\System\CNSwwmw.exe
  C:\Windows\System\CNSwwmw.exe
  2⤵
  PID:12532
- C:\Windows\System\MGRxNmC.exe
  C:\Windows\System\MGRxNmC.exe
  2⤵
  PID:12560
- C:\Windows\System\wdYRpEA.exe
  C:\Windows\System\wdYRpEA.exe
  2⤵
  PID:12592
- C:\Windows\System\zFQfVYJ.exe
  C:\Windows\System\zFQfVYJ.exe
  2⤵
  PID:12628
- C:\Windows\System\HtGYjyS.exe
  C:\Windows\System\HtGYjyS.exe
  2⤵
  PID:12648
- C:\Windows\System\TaoQBPg.exe
  C:\Windows\System\TaoQBPg.exe
  2⤵
  PID:12676
- C:\Windows\System\pxpjhUb.exe
  C:\Windows\System\pxpjhUb.exe
  2⤵
  PID:12712
- C:\Windows\System\ukMmeYH.exe
  C:\Windows\System\ukMmeYH.exe
  2⤵
  PID:12744
- C:\Windows\System\QJFoyNj.exe
  C:\Windows\System\QJFoyNj.exe
  2⤵
  PID:12780
- C:\Windows\System\RhCJfvT.exe
  C:\Windows\System\RhCJfvT.exe
  2⤵
  PID:12812
- C:\Windows\System\BBBkRwL.exe
  C:\Windows\System\BBBkRwL.exe
  2⤵
  PID:12836
- C:\Windows\System\fSSPNNE.exe
  C:\Windows\System\fSSPNNE.exe
  2⤵
  PID:12880
- C:\Windows\System\VYWJvOU.exe
  C:\Windows\System\VYWJvOU.exe
  2⤵
  PID:12912
- C:\Windows\System\WQVOZmK.exe
  C:\Windows\System\WQVOZmK.exe
  2⤵
  PID:12952
- C:\Windows\System\IbDXlmd.exe
  C:\Windows\System\IbDXlmd.exe
  2⤵
  PID:12992
- C:\Windows\System\gudwfHH.exe
  C:\Windows\System\gudwfHH.exe
  2⤵
  PID:13008
- C:\Windows\System\ajzvlRW.exe
  C:\Windows\System\ajzvlRW.exe
  2⤵
  PID:13044
- C:\Windows\System\HbnuSFy.exe
  C:\Windows\System\HbnuSFy.exe
  2⤵
  PID:13080
- C:\Windows\System\MsDibWq.exe
  C:\Windows\System\MsDibWq.exe
  2⤵
  PID:13124
- C:\Windows\System\cEzgWjp.exe
  C:\Windows\System\cEzgWjp.exe
  2⤵
  PID:13148
- C:\Windows\System\FijPZIV.exe
  C:\Windows\System\FijPZIV.exe
  2⤵
  PID:13180
- C:\Windows\System\OfmDKgt.exe
  C:\Windows\System\OfmDKgt.exe
  2⤵
  PID:13196
- C:\Windows\System\AMxvHBZ.exe
  C:\Windows\System\AMxvHBZ.exe
  2⤵
  PID:13236
- C:\Windows\System\fVOBqxX.exe
  C:\Windows\System\fVOBqxX.exe
  2⤵
  PID:13292
- C:\Windows\System\lGfuxzC.exe
  C:\Windows\System\lGfuxzC.exe
  2⤵
  PID:12296
- C:\Windows\System\vgJyaIL.exe
  C:\Windows\System\vgJyaIL.exe
  2⤵
  PID:12384
- C:\Windows\System\JmDzaWe.exe
  C:\Windows\System\JmDzaWe.exe
  2⤵
  PID:12440
- C:\Windows\System\XctOwaU.exe
  C:\Windows\System\XctOwaU.exe
  2⤵
  PID:12516
- C:\Windows\System\axgrqql.exe
  C:\Windows\System\axgrqql.exe
  2⤵
  PID:1276
- C:\Windows\System\RLDBaMM.exe
  C:\Windows\System\RLDBaMM.exe
  2⤵
  PID:12636
- C:\Windows\System\QPIrUBQ.exe
  C:\Windows\System\QPIrUBQ.exe
  2⤵
  PID:6372
- C:\Windows\System\cBenlEw.exe
  C:\Windows\System\cBenlEw.exe
  2⤵
  PID:12708
- C:\Windows\System\kPuavOR.exe
  C:\Windows\System\kPuavOR.exe
  2⤵
  PID:2336
- C:\Windows\System\unduEID.exe
  C:\Windows\System\unduEID.exe
  2⤵
  PID:4860
- C:\Windows\System\tKoSefW.exe
  C:\Windows\System\tKoSefW.exe
  2⤵
  PID:7012
- C:\Windows\System\lKuCMBn.exe
  C:\Windows\System\lKuCMBn.exe
  2⤵
  PID:6708
- C:\Windows\System\OGEYbqh.exe
  C:\Windows\System\OGEYbqh.exe
  2⤵
  PID:3560
- C:\Windows\System\xHpJCVW.exe
  C:\Windows\System\xHpJCVW.exe
  2⤵
  PID:12852
- C:\Windows\System\UUhUOgb.exe
  C:\Windows\System\UUhUOgb.exe
  2⤵
  PID:6912
- C:\Windows\System\xLCfuTo.exe
  C:\Windows\System\xLCfuTo.exe
  2⤵
  PID:12904
- C:\Windows\System\oPjnUOb.exe
  C:\Windows\System\oPjnUOb.exe
  2⤵
  PID:7040
- C:\Windows\System\JfVJVoh.exe
  C:\Windows\System\JfVJVoh.exe
  2⤵
  PID:2288
- C:\Windows\System\mnCsJce.exe
  C:\Windows\System\mnCsJce.exe
  2⤵
  PID:12340
- C:\Windows\System\dDBVWQC.exe
  C:\Windows\System\dDBVWQC.exe
  2⤵
  PID:3848
- C:\Windows\System\zksBoCM.exe
  C:\Windows\System\zksBoCM.exe
  2⤵
  PID:5108
- C:\Windows\System\DlLClgH.exe
  C:\Windows\System\DlLClgH.exe
  2⤵
  PID:13020
- C:\Windows\System\gOpNsAF.exe
  C:\Windows\System\gOpNsAF.exe
  2⤵
  PID:3464
- C:\Windows\System\OzaRVwo.exe
  C:\Windows\System\OzaRVwo.exe
  2⤵
  PID:13112
- C:\Windows\System\MIoBdTt.exe
  C:\Windows\System\MIoBdTt.exe
  2⤵
  PID:4836
- C:\Windows\System\XObcYZg.exe
  C:\Windows\System\XObcYZg.exe
  2⤵
  PID:6292
- C:\Windows\System\TiieWRs.exe
  C:\Windows\System\TiieWRs.exe
  2⤵
  PID:13164
- C:\Windows\System\NwZicWR.exe
  C:\Windows\System\NwZicWR.exe
  2⤵
  PID:1136
- C:\Windows\System\bbyionK.exe
  C:\Windows\System\bbyionK.exe
  2⤵
  PID:13188
- C:\Windows\System\eZVuCKU.exe
  C:\Windows\System\eZVuCKU.exe
  2⤵
  PID:3640
- C:\Windows\System\yTmceGv.exe
  C:\Windows\System\yTmceGv.exe
  2⤵
  PID:3244
- C:\Windows\System\LaVnCaT.exe
  C:\Windows\System\LaVnCaT.exe
  2⤵
  PID:13284
- C:\Windows\System\jjqsidd.exe
  C:\Windows\System\jjqsidd.exe
  2⤵
  PID:2236
- C:\Windows\System\aXNaUVB.exe
  C:\Windows\System\aXNaUVB.exe
  2⤵
  PID:12976
- C:\Windows\System\xkywxgi.exe
  C:\Windows\System\xkywxgi.exe
  2⤵
  PID:12936
- C:\Windows\System\nbAuZfV.exe
  C:\Windows\System\nbAuZfV.exe
  2⤵
  PID:4496
- C:\Windows\System\rrGzlXk.exe
  C:\Windows\System\rrGzlXk.exe
  2⤵
  PID:5004
- C:\Windows\System\HyGYwHR.exe
  C:\Windows\System\HyGYwHR.exe
  2⤵
  PID:4900
- C:\Windows\System\lkXqRpx.exe
  C:\Windows\System\lkXqRpx.exe
  2⤵
  PID:960
- C:\Windows\System\pUFIZDq.exe
  C:\Windows\System\pUFIZDq.exe
  2⤵
  PID:13132
- C:\Windows\System\pECAHxS.exe
  C:\Windows\System\pECAHxS.exe
  2⤵
  PID:12444
- C:\Windows\System\sncwPju.exe
  C:\Windows\System\sncwPju.exe
  2⤵
  PID:12556
- C:\Windows\System\wNGBgvN.exe
  C:\Windows\System\wNGBgvN.exe
  2⤵
  PID:12684
- C:\Windows\System\BXdhCgq.exe
  C:\Windows\System\BXdhCgq.exe
  2⤵
  PID:3832
- C:\Windows\System\SGLRjPM.exe
  C:\Windows\System\SGLRjPM.exe
  2⤵
  PID:12720
- C:\Windows\System\LJkwDal.exe
  C:\Windows\System\LJkwDal.exe
  2⤵
  PID:4536
- C:\Windows\System\JeCycCE.exe
  C:\Windows\System\JeCycCE.exe
  2⤵
  PID:3988
- C:\Windows\System\fxxObTn.exe
  C:\Windows\System\fxxObTn.exe
  2⤵
  PID:6864
- C:\Windows\System\npTHVYd.exe
  C:\Windows\System\npTHVYd.exe
  2⤵
  PID:7000
- C:\Windows\System\HGyoesy.exe
  C:\Windows\System\HGyoesy.exe
  2⤵
  PID:920
- C:\Windows\System\lFRyMeA.exe
  C:\Windows\System\lFRyMeA.exe
  2⤵
  PID:840
- C:\Windows\System\hiWQfjL.exe
  C:\Windows\System\hiWQfjL.exe
  2⤵
  PID:5184
- C:\Windows\System\gWYQEnk.exe
  C:\Windows\System\gWYQEnk.exe
  2⤵
  PID:5192
- C:\Windows\System\revHcWP.exe
  C:\Windows\System\revHcWP.exe
  2⤵
  PID:6416
- C:\Windows\System\PCoOKij.exe
  C:\Windows\System\PCoOKij.exe
  2⤵
  PID:5240
- C:\Windows\System\KLJQqOT.exe
  C:\Windows\System\KLJQqOT.exe
  2⤵
  PID:5248
- C:\Windows\System\Yadwcan.exe
  C:\Windows\System\Yadwcan.exe
  2⤵
  PID:5292
- C:\Windows\System\NkbgHiE.exe
  C:\Windows\System\NkbgHiE.exe
  2⤵
  PID:6392
- C:\Windows\System\nYPkeHO.exe
  C:\Windows\System\nYPkeHO.exe
  2⤵
  PID:400
- C:\Windows\System\unmmrjp.exe
  C:\Windows\System\unmmrjp.exe
  2⤵
  PID:5364
- C:\Windows\System\cIjQZVK.exe
  C:\Windows\System\cIjQZVK.exe
  2⤵
  PID:5436
- C:\Windows\System\lywZTtt.exe
  C:\Windows\System\lywZTtt.exe
  2⤵
  PID:12960
- C:\Windows\System\ihtVcaM.exe
  C:\Windows\System\ihtVcaM.exe
  2⤵
  PID:5464
- C:\Windows\System\LgKXDeK.exe
  C:\Windows\System\LgKXDeK.exe
  2⤵
  PID:3780
- C:\Windows\System\uNVKLmO.exe
  C:\Windows\System\uNVKLmO.exe
  2⤵
  PID:12432
- C:\Windows\System\udukTTE.exe
  C:\Windows\System\udukTTE.exe
  2⤵
  PID:5600
- C:\Windows\System\RGdkeKe.exe
  C:\Windows\System\RGdkeKe.exe
  2⤵
  PID:6528
- C:\Windows\System\JnNIDGX.exe
  C:\Windows\System\JnNIDGX.exe
  2⤵
  PID:12804
- C:\Windows\System\YEcNeGv.exe
  C:\Windows\System\YEcNeGv.exe
  2⤵
  PID:2968
- C:\Windows\System\PLCrzNz.exe
  C:\Windows\System\PLCrzNz.exe
  2⤵
  PID:5680
- C:\Windows\System\PkrCKeZ.exe
  C:\Windows\System\PkrCKeZ.exe
  2⤵
  PID:7080
- C:\Windows\System\OxZZQGc.exe
  C:\Windows\System\OxZZQGc.exe
  2⤵
  PID:2584
- C:\Windows\System\veZXXnr.exe
  C:\Windows\System\veZXXnr.exe
  2⤵
  PID:13004
- C:\Windows\System\tkNVKnN.exe
  C:\Windows\System\tkNVKnN.exe
  2⤵
  PID:3932
- C:\Windows\System\BHcbWEq.exe
  C:\Windows\System\BHcbWEq.exe
  2⤵
  PID:5824
- C:\Windows\System\QlSaDLI.exe
  C:\Windows\System\QlSaDLI.exe
  2⤵
  PID:5904
- C:\Windows\System\awpLstv.exe
  C:\Windows\System\awpLstv.exe
  2⤵
  PID:2300
- C:\Windows\System\lPraoab.exe
  C:\Windows\System\lPraoab.exe
  2⤵
  PID:4412
- C:\Windows\System\LrQXYqv.exe
  C:\Windows\System\LrQXYqv.exe
  2⤵
  PID:6004
- C:\Windows\System\OEelgor.exe
  C:\Windows\System\OEelgor.exe
  2⤵
  PID:13056
- C:\Windows\System\xyByyIq.exe
  C:\Windows\System\xyByyIq.exe
  2⤵
  PID:1540
- C:\Windows\System\nZEqSbF.exe
  C:\Windows\System\nZEqSbF.exe
  2⤵
  PID:1776
- C:\Windows\System\oVKajxY.exe
  C:\Windows\System\oVKajxY.exe
  2⤵
  PID:5668
- C:\Windows\System\urnPkff.exe
  C:\Windows\System\urnPkff.exe
  2⤵
  PID:4468
- C:\Windows\System\BFPYFwH.exe
  C:\Windows\System\BFPYFwH.exe
  2⤵
  PID:5740
- C:\Windows\System\OppGSvi.exe
  C:\Windows\System\OppGSvi.exe
  2⤵
  PID:972
- C:\Windows\System\kHNujTw.exe
  C:\Windows\System\kHNujTw.exe
  2⤵
  PID:13220
- C:\Windows\System\aKmQTKO.exe
  C:\Windows\System\aKmQTKO.exe
  2⤵
  PID:4628
- C:\Windows\System\yHgHlly.exe
  C:\Windows\System\yHgHlly.exe
  2⤵
  PID:13052
- C:\Windows\System\krdJgWp.exe
  C:\Windows\System\krdJgWp.exe
  2⤵
  PID:12360
- C:\Windows\System\KKcoKHT.exe
  C:\Windows\System\KKcoKHT.exe
  2⤵
  PID:5612
- C:\Windows\System\jBjaHtO.exe
  C:\Windows\System\jBjaHtO.exe
  2⤵
  PID:5708
- C:\Windows\System\WKGNeGX.exe
  C:\Windows\System\WKGNeGX.exe
  2⤵
  PID:2900
- C:\Windows\System\FEpILYP.exe
  C:\Windows\System\FEpILYP.exe
  2⤵
  PID:2444
- C:\Windows\System\bsmqfHB.exe
  C:\Windows\System\bsmqfHB.exe
  2⤵
  PID:5752
- C:\Windows\System\PWCBkdQ.exe
  C:\Windows\System\PWCBkdQ.exe
  2⤵
  PID:6036
- C:\Windows\System\GgJwmIC.exe
  C:\Windows\System\GgJwmIC.exe
  2⤵
  PID:5476
- C:\Windows\System\RxVmPzy.exe
  C:\Windows\System\RxVmPzy.exe
  2⤵
  PID:5228
- C:\Windows\System\LeRIwkU.exe
  C:\Windows\System\LeRIwkU.exe
  2⤵
  PID:6064
- C:\Windows\System\pmeUzby.exe
  C:\Windows\System\pmeUzby.exe
  2⤵
  PID:5780
- C:\Windows\System\olDtdLg.exe
  C:\Windows\System\olDtdLg.exe
  2⤵
  PID:2220
- C:\Windows\System\kwepPHG.exe
  C:\Windows\System\kwepPHG.exe
  2⤵
  PID:5908
- C:\Windows\System\YKerQsi.exe
  C:\Windows\System\YKerQsi.exe
  2⤵
  PID:6936
- C:\Windows\System\hoJxIVn.exe
  C:\Windows\System\hoJxIVn.exe
  2⤵
  PID:1780
- C:\Windows\System\khzaMfz.exe
  C:\Windows\System\khzaMfz.exe
  2⤵
  PID:4028
- C:\Windows\System\NTJChiv.exe
  C:\Windows\System\NTJChiv.exe
  2⤵
  PID:1704
- C:\Windows\System\kuITpxl.exe
  C:\Windows\System\kuITpxl.exe
  2⤵
  PID:3580
- C:\Windows\System\VkIWiWY.exe
  C:\Windows\System\VkIWiWY.exe
  2⤵
  PID:6660
- C:\Windows\System\Spbmzga.exe
  C:\Windows\System\Spbmzga.exe
  2⤵
  PID:5268
- C:\Windows\System\jJBLGUY.exe
  C:\Windows\System\jJBLGUY.exe
  2⤵
  PID:2016
- C:\Windows\System\LRHpaxa.exe
  C:\Windows\System\LRHpaxa.exe
  2⤵
  PID:6044
- C:\Windows\System\AyTkipJ.exe
  C:\Windows\System\AyTkipJ.exe
  2⤵
  PID:5800
- C:\Windows\System\FzBJeSi.exe
  C:\Windows\System\FzBJeSi.exe
  2⤵
  PID:2744
- C:\Windows\System\NdcwZeG.exe
  C:\Windows\System\NdcwZeG.exe
  2⤵
  PID:6148
- C:\Windows\System\FVpmSXv.exe
  C:\Windows\System\FVpmSXv.exe
  2⤵
  PID:6164
- C:\Windows\System\ylatoqn.exe
  C:\Windows\System\ylatoqn.exe
  2⤵
  PID:2036
- C:\Windows\System\hWRwpJB.exe
  C:\Windows\System\hWRwpJB.exe
  2⤵
  PID:6212
- C:\Windows\System\TQiropj.exe
  C:\Windows\System\TQiropj.exe
  2⤵
  PID:4004
- C:\Windows\System\ElXBLXy.exe
  C:\Windows\System\ElXBLXy.exe
  2⤵
  PID:3200
- C:\Windows\System\UFVtDor.exe
  C:\Windows\System\UFVtDor.exe
  2⤵
  PID:6312
- C:\Windows\System\deEXANK.exe
  C:\Windows\System\deEXANK.exe
  2⤵
  PID:3296
- C:\Windows\System\wdrBDgT.exe
  C:\Windows\System\wdrBDgT.exe
  2⤵
  PID:1840
- C:\Windows\System\ZsvfmjI.exe
  C:\Windows\System\ZsvfmjI.exe
  2⤵
  PID:804
- C:\Windows\System\RmMrMNe.exe
  C:\Windows\System\RmMrMNe.exe
  2⤵
  PID:6812
- C:\Windows\System\rtaRBfz.exe
  C:\Windows\System\rtaRBfz.exe
  2⤵
  PID:13344
- C:\Windows\System\kBnsqJz.exe
  C:\Windows\System\kBnsqJz.exe
  2⤵
  PID:13372
- C:\Windows\System\vhHjhkQ.exe
  C:\Windows\System\vhHjhkQ.exe
  2⤵
  PID:13400
- C:\Windows\System\GhyjlPL.exe
  C:\Windows\System\GhyjlPL.exe
  2⤵
  PID:13428
- C:\Windows\System\SIJgGBw.exe
  C:\Windows\System\SIJgGBw.exe
  2⤵
  PID:13456
- C:\Windows\System\CsFNsrx.exe
  C:\Windows\System\CsFNsrx.exe
  2⤵
  PID:13484
- C:\Windows\System\RTEnbGp.exe
  C:\Windows\System\RTEnbGp.exe
  2⤵
  PID:13512
- C:\Windows\System\GhMWBib.exe
  C:\Windows\System\GhMWBib.exe
  2⤵
  PID:13540
- C:\Windows\System\YRSjeLS.exe
  C:\Windows\System\YRSjeLS.exe
  2⤵
  PID:13568
- C:\Windows\System\OLmaBpF.exe
  C:\Windows\System\OLmaBpF.exe
  2⤵
  PID:13596
- C:\Windows\System\nwhxLPD.exe
  C:\Windows\System\nwhxLPD.exe
  2⤵
  PID:13624
- C:\Windows\System\UrlBhHn.exe
  C:\Windows\System\UrlBhHn.exe
  2⤵
  PID:13652
- C:\Windows\System\tkwuFCf.exe
  C:\Windows\System\tkwuFCf.exe
  2⤵
  PID:13680
- C:\Windows\System\BTIsjao.exe
  C:\Windows\System\BTIsjao.exe
  2⤵
  PID:13708
- C:\Windows\System\hRtqjQV.exe
  C:\Windows\System\hRtqjQV.exe
  2⤵
  PID:13736
- C:\Windows\System\UXRRNbm.exe
  C:\Windows\System\UXRRNbm.exe
  2⤵
  PID:13764
- C:\Windows\System\vRYGKFB.exe
  C:\Windows\System\vRYGKFB.exe
  2⤵
  PID:13800
- C:\Windows\System\VYmlEhK.exe
  C:\Windows\System\VYmlEhK.exe
  2⤵
  PID:13820
- C:\Windows\System\UyqGJpn.exe
  C:\Windows\System\UyqGJpn.exe
  2⤵
  PID:13848
- C:\Windows\System\DmCgEMl.exe
  C:\Windows\System\DmCgEMl.exe
  2⤵
  PID:13876
- C:\Windows\System\NOfzOCs.exe
  C:\Windows\System\NOfzOCs.exe
  2⤵
  PID:13904
- C:\Windows\System\uCWonMh.exe
  C:\Windows\System\uCWonMh.exe
  2⤵
  PID:13932
- C:\Windows\System\NZWdzmt.exe
  C:\Windows\System\NZWdzmt.exe
  2⤵
  PID:13960
- C:\Windows\System\BavMNmu.exe
  C:\Windows\System\BavMNmu.exe
  2⤵
  PID:13988
- C:\Windows\System\JJpnRaO.exe
  C:\Windows\System\JJpnRaO.exe
  2⤵
  PID:14016
- C:\Windows\System\YSYwZmc.exe
  C:\Windows\System\YSYwZmc.exe
  2⤵
  PID:14048
- C:\Windows\System\qPPjGPP.exe
  C:\Windows\System\qPPjGPP.exe
  2⤵
  PID:14076
- C:\Windows\System\iavoKAG.exe
  C:\Windows\System\iavoKAG.exe
  2⤵
  PID:14104
- C:\Windows\System\nXugqel.exe
  C:\Windows\System\nXugqel.exe
  2⤵
  PID:14132
- C:\Windows\System\WTdXENO.exe
  C:\Windows\System\WTdXENO.exe
  2⤵
  PID:14160
- C:\Windows\System\VzqRnVB.exe
  C:\Windows\System\VzqRnVB.exe
  2⤵
  PID:14188
- C:\Windows\System\DJdilhT.exe
  C:\Windows\System\DJdilhT.exe
  2⤵
  PID:14216
- C:\Windows\System\flnIvmd.exe
  C:\Windows\System\flnIvmd.exe
  2⤵
  PID:14244
- C:\Windows\System\cpmpDqF.exe
  C:\Windows\System\cpmpDqF.exe
  2⤵
  PID:14272
- C:\Windows\System\CAGwzen.exe
  C:\Windows\System\CAGwzen.exe
  2⤵
  PID:14300
- C:\Windows\System\WHYaDLB.exe
  C:\Windows\System\WHYaDLB.exe
  2⤵
  PID:14328
- C:\Windows\System\gKVZoKq.exe
  C:\Windows\System\gKVZoKq.exe
  2⤵
  PID:6464
- C:\Windows\System\GGMpChY.exe
  C:\Windows\System\GGMpChY.exe
  2⤵
  PID:13392
- C:\Windows\System\kGQOUHU.exe
  C:\Windows\System\kGQOUHU.exe
  2⤵
  PID:13420
- C:\Windows\System\kgOvdEt.exe
  C:\Windows\System\kgOvdEt.exe
  2⤵
  PID:13452
- C:\Windows\System\OWufhRO.exe
  C:\Windows\System\OWufhRO.exe
  2⤵
  PID:7348
- C:\Windows\System\srCsJjZ.exe
  C:\Windows\System\srCsJjZ.exe
  2⤵
  PID:6548
- C:\Windows\System\hkHkrEF.exe
  C:\Windows\System\hkHkrEF.exe
  2⤵
  PID:7412
- C:\Windows\System\ZstlHxc.exe
  C:\Windows\System\ZstlHxc.exe
  2⤵
  PID:7432
- C:\Windows\System\SXYSekn.exe
  C:\Windows\System\SXYSekn.exe
  2⤵
  PID:13636
- C:\Windows\System\wWOZKmU.exe
  C:\Windows\System\wWOZKmU.exe
  2⤵
  PID:13648
- C:\Windows\System\LpPbnLf.exe
  C:\Windows\System\LpPbnLf.exe
  2⤵
  PID:7584
- C:\Windows\System\mAOUvka.exe
  C:\Windows\System\mAOUvka.exe
  2⤵
  PID:13728
- C:\Windows\System\QUhrWrM.exe
  C:\Windows\System\QUhrWrM.exe
  2⤵
  PID:13756
- C:\Windows\System\aLevTln.exe
  C:\Windows\System\aLevTln.exe
  2⤵
  PID:13788
- C:\Windows\System\CXWsfdF.exe
  C:\Windows\System\CXWsfdF.exe
  2⤵
  PID:6776
- C:\Windows\System\UcyUTHy.exe
  C:\Windows\System\UcyUTHy.exe
  2⤵
  PID:13872
- C:\Windows\System\vNwJNPR.exe
  C:\Windows\System\vNwJNPR.exe
  2⤵
  PID:13900
- C:\Windows\System\JweDwpT.exe
  C:\Windows\System\JweDwpT.exe
  2⤵
  PID:13928
- C:\Windows\System\RLBJczR.exe
  C:\Windows\System\RLBJczR.exe
  2⤵
  PID:7828
- C:\Windows\System\bkEjdLg.exe
  C:\Windows\System\bkEjdLg.exe
  2⤵
  PID:14008
- C:\Windows\System\cWUDWQi.exe
  C:\Windows\System\cWUDWQi.exe
  2⤵
  PID:14068
- C:\Windows\System\DPdwSIW.exe
  C:\Windows\System\DPdwSIW.exe
  2⤵
  PID:6964
- C:\Windows\System\uSxsgyK.exe
  C:\Windows\System\uSxsgyK.exe
  2⤵
  PID:14128
- C:\Windows\System\CrTVJlE.exe
  C:\Windows\System\CrTVJlE.exe
  2⤵
  PID:8012
- C:\Windows\System\qjgVOoB.exe
  C:\Windows\System\qjgVOoB.exe
  2⤵
  PID:14212
- C:\Windows\System\FdVjXYu.exe
  C:\Windows\System\FdVjXYu.exe
  2⤵
  PID:14284
- C:\Windows\System\EOkxgyt.exe
  C:\Windows\System\EOkxgyt.exe
  2⤵
  PID:14320
- C:\Windows\System\FzNhkXM.exe
  C:\Windows\System\FzNhkXM.exe
  2⤵
  PID:7092
- C:\Windows\System\NybywVJ.exe
  C:\Windows\System\NybywVJ.exe
  2⤵
  PID:13368
- C:\Windows\System\WqWuCfs.exe
  C:\Windows\System\WqWuCfs.exe
  2⤵
  PID:7272
- C:\Windows\System\IgwZtIB.exe
  C:\Windows\System\IgwZtIB.exe
  2⤵
  PID:6124
- C:\Windows\System\WyqgpSC.exe
  C:\Windows\System\WyqgpSC.exe
  2⤵
  PID:4128
- C:\Windows\System\iltBPTx.exe
  C:\Windows\System\iltBPTx.exe
  2⤵
  PID:5212
- C:\Windows\System\znXrBcG.exe
  C:\Windows\System\znXrBcG.exe
  2⤵
  PID:7608
- C:\Windows\System\RCAgjJD.exe
  C:\Windows\System\RCAgjJD.exe
  2⤵
  PID:7488
- C:\Windows\System\QiOtTAY.exe
  C:\Windows\System\QiOtTAY.exe
  2⤵
  PID:7524
- C:\Windows\System\dSPadZu.exe
  C:\Windows\System\dSPadZu.exe
  2⤵
  PID:7612
- C:\Windows\System\sFvgdwt.exe
  C:\Windows\System\sFvgdwt.exe
  2⤵
  PID:13704
- C:\Windows\System\gLBRbia.exe
  C:\Windows\System\gLBRbia.exe
  2⤵
  PID:8060
- C:\Windows\System\GSVQPPF.exe
  C:\Windows\System\GSVQPPF.exe
  2⤵
  PID:13844
- C:\Windows\System\PuAjUtG.exe
  C:\Windows\System\PuAjUtG.exe
  2⤵
  PID:6792
- C:\Windows\System\SeuDYDE.exe
  C:\Windows\System\SeuDYDE.exe
  2⤵
  PID:13952
- C:\Windows\System\MAiHeXm.exe
  C:\Windows\System\MAiHeXm.exe
  2⤵
  PID:14012
- C:\Windows\System\CJypHIR.exe
  C:\Windows\System\CJypHIR.exe
  2⤵
  PID:14096
- C:\Windows\System\eeuJnCI.exe
  C:\Windows\System\eeuJnCI.exe
  2⤵
  PID:6940
- C:\Windows\System\gydLGYX.exe
  C:\Windows\System\gydLGYX.exe
  2⤵
  PID:14200
- C:\Windows\System\WYXhrOE.exe
  C:\Windows\System\WYXhrOE.exe
  2⤵
  PID:7416
- C:\Windows\System\rBbpxnZ.exe
  C:\Windows\System\rBbpxnZ.exe
  2⤵
  PID:8144
- C:\Windows\System\EvjGHrg.exe
  C:\Windows\System\EvjGHrg.exe
  2⤵
  PID:13356
- C:\Windows\System\vfDxQhe.exe
  C:\Windows\System\vfDxQhe.exe
  2⤵
  PID:7332
- C:\Windows\System\XBLfVid.exe
  C:\Windows\System\XBLfVid.exe
  2⤵
  PID:13508
- C:\Windows\System\ZozKuvF.exe
  C:\Windows\System\ZozKuvF.exe
  2⤵
  PID:3644
- C:\Windows\System\nVhvamq.exe
  C:\Windows\System\nVhvamq.exe
  2⤵
  PID:7644
- C:\Windows\System\OUoRyQM.exe
  C:\Windows\System\OUoRyQM.exe
  2⤵
  PID:7776
- C:\Windows\System\pGYkVgH.exe
  C:\Windows\System\pGYkVgH.exe
  2⤵
  PID:8308
- C:\Windows\System\tchbDhV.exe
  C:\Windows\System\tchbDhV.exe
  2⤵
  PID:5096
- C:\Windows\System\UhwqcXK.exe
  C:\Windows\System\UhwqcXK.exe
  2⤵
  PID:7276
- C:\Windows\System\qTVtYZs.exe
  C:\Windows\System\qTVtYZs.exe
  2⤵
  PID:7564
- C:\Windows\System\XCivBep.exe
  C:\Windows\System\XCivBep.exe
  2⤵
  PID:7976
- C:\Windows\System\cskpLLo.exe
  C:\Windows\System\cskpLLo.exe
  2⤵
  PID:7444
- C:\Windows\System\BjsHYIr.exe
  C:\Windows\System\BjsHYIr.exe
  2⤵
  PID:5144
- C:\Windows\System\iqwgQWd.exe
  C:\Windows\System\iqwgQWd.exe
  2⤵
  PID:3564
- C:\Windows\System\uagibKO.exe
  C:\Windows\System\uagibKO.exe
  2⤵
  PID:4332
- C:\Windows\System\FGrBYEb.exe
  C:\Windows\System\FGrBYEb.exe
  2⤵
  PID:13840
- C:\Windows\System\JVRFwYU.exe
  C:\Windows\System\JVRFwYU.exe
  2⤵
  PID:544
- C:\Windows\System\xeJxZle.exe
  C:\Windows\System\xeJxZle.exe
  2⤵
  PID:14000
- C:\Windows\System\aHIOKKf.exe
  C:\Windows\System\aHIOKKf.exe
  2⤵
  PID:13324
- C:\Windows\System\FJRVvWo.exe
  C:\Windows\System\FJRVvWo.exe
  2⤵
  PID:8488
- C:\Windows\System\OOQaAoQ.exe
  C:\Windows\System\OOQaAoQ.exe
  2⤵
  PID:8992
- C:\Windows\System\AMXAIdr.exe
  C:\Windows\System\AMXAIdr.exe
  2⤵
  PID:7388
- C:\Windows\System\QFHOJlg.exe
  C:\Windows\System\QFHOJlg.exe
  2⤵
  PID:3316
- C:\Windows\System\kiuCtNb.exe
  C:\Windows\System\kiuCtNb.exe
  2⤵
  PID:8652
- C:\Windows\System\sBfcmox.exe
  C:\Windows\System\sBfcmox.exe
  2⤵
  PID:8496
- C:\Windows\System\woBUTwa.exe
  C:\Windows\System\woBUTwa.exe
  2⤵
  PID:7460
- C:\Windows\System\uhqJbzY.exe
  C:\Windows\System\uhqJbzY.exe
  2⤵
  PID:2276
- C:\Windows\System\dXLeXEt.exe
  C:\Windows\System\dXLeXEt.exe
  2⤵
  PID:1584
- C:\Windows\System\wCKwxnA.exe
  C:\Windows\System\wCKwxnA.exe
  2⤵
  PID:8428
- C:\Windows\System\thTldFr.exe
  C:\Windows\System\thTldFr.exe
  2⤵
  PID:8404
- C:\Windows\System\XVsbUeU.exe
  C:\Windows\System\XVsbUeU.exe
  2⤵
  PID:14356
- C:\Windows\System\EIlXBbe.exe
  C:\Windows\System\EIlXBbe.exe
  2⤵
  PID:14384
- C:\Windows\System\dBHrBYD.exe
  C:\Windows\System\dBHrBYD.exe
  2⤵
  PID:14416
- C:\Windows\System\TKqbztw.exe
  C:\Windows\System\TKqbztw.exe
  2⤵
  PID:14444
- C:\Windows\System\MWzqtCO.exe
  C:\Windows\System\MWzqtCO.exe
  2⤵
  PID:14472
- C:\Windows\System\GFUkawd.exe
  C:\Windows\System\GFUkawd.exe
  2⤵
  PID:14500
- C:\Windows\System\RtNGqkx.exe
  C:\Windows\System\RtNGqkx.exe
  2⤵
  PID:14528
- C:\Windows\System\HMRjdZw.exe
  C:\Windows\System\HMRjdZw.exe
  2⤵
  PID:14560
- C:\Windows\System\GLpgAFC.exe
  C:\Windows\System\GLpgAFC.exe
  2⤵
  PID:14588
- C:\Windows\System\rDJvVid.exe
  C:\Windows\System\rDJvVid.exe
  2⤵
  PID:14616
- C:\Windows\System\LNQoBSR.exe
  C:\Windows\System\LNQoBSR.exe
  2⤵
  PID:14648
- C:\Windows\System\UENdbEO.exe
  C:\Windows\System\UENdbEO.exe
  2⤵
  PID:14676
- C:\Windows\System\CZCUnYt.exe
  C:\Windows\System\CZCUnYt.exe
  2⤵
  PID:14704
- C:\Windows\System\bQcHEfy.exe
  C:\Windows\System\bQcHEfy.exe
  2⤵
  PID:14732
- C:\Windows\System\ENTQXqz.exe
  C:\Windows\System\ENTQXqz.exe
  2⤵
  PID:14760
- C:\Windows\System\cEmuQVU.exe
  C:\Windows\System\cEmuQVU.exe
  2⤵
  PID:14788
- C:\Windows\System\EWDDRoa.exe
  C:\Windows\System\EWDDRoa.exe
  2⤵
  PID:14816
- C:\Windows\System\pRjUzMg.exe
  C:\Windows\System\pRjUzMg.exe
  2⤵
  PID:14844
- C:\Windows\System\yLNQagY.exe
  C:\Windows\System\yLNQagY.exe
  2⤵
  PID:14872
- C:\Windows\System\GUnApzh.exe
  C:\Windows\System\GUnApzh.exe
  2⤵
  PID:14900
- C:\Windows\System\ApdHDbU.exe
  C:\Windows\System\ApdHDbU.exe
  2⤵
  PID:14928
- C:\Windows\System\wrajNmR.exe
  C:\Windows\System\wrajNmR.exe
  2⤵
  PID:14956
- C:\Windows\System\waqwclS.exe
  C:\Windows\System\waqwclS.exe
  2⤵
  PID:14984
- C:\Windows\System\JUgwvug.exe
  C:\Windows\System\JUgwvug.exe
  2⤵
  PID:15012
- C:\Windows\System\ImsMsCZ.exe
  C:\Windows\System\ImsMsCZ.exe
  2⤵
  PID:15040
- C:\Windows\System\jyyMnSV.exe
  C:\Windows\System\jyyMnSV.exe
  2⤵
  PID:15068
- C:\Windows\System\JxMeViL.exe
  C:\Windows\System\JxMeViL.exe
  2⤵
  PID:15096
- C:\Windows\System\WoeZNpk.exe
  C:\Windows\System\WoeZNpk.exe
  2⤵
  PID:15124
- C:\Windows\System\voQLnZa.exe
  C:\Windows\System\voQLnZa.exe
  2⤵
  PID:15152
- C:\Windows\System\WlWdhmw.exe
  C:\Windows\System\WlWdhmw.exe
  2⤵
  PID:15180
- C:\Windows\System\SxaIAUX.exe
  C:\Windows\System\SxaIAUX.exe
  2⤵
  PID:15208
- C:\Windows\System\TFliBmn.exe
  C:\Windows\System\TFliBmn.exe
  2⤵
  PID:15236
- C:\Windows\System\BVWkEgG.exe
  C:\Windows\System\BVWkEgG.exe
  2⤵
  PID:15264
- C:\Windows\System\zhQZYJk.exe
  C:\Windows\System\zhQZYJk.exe
  2⤵
  PID:15292
- C:\Windows\System\AuKXOef.exe
  C:\Windows\System\AuKXOef.exe
  2⤵
  PID:15320
- C:\Windows\System\mKeDQAw.exe
  C:\Windows\System\mKeDQAw.exe
  2⤵
  PID:15348
- C:\Windows\System\gHxagwf.exe
  C:\Windows\System\gHxagwf.exe
  2⤵
  PID:14380
- C:\Windows\System\XRFTCps.exe
  C:\Windows\System\XRFTCps.exe
  2⤵
  PID:14392
- C:\Windows\System\yLcSmaK.exe
  C:\Windows\System\yLcSmaK.exe
  2⤵
  PID:8784
- C:\Windows\System\bDNLosK.exe
  C:\Windows\System\bDNLosK.exe
  2⤵
  PID:14524
- C:\Windows\System\JEsmLmv.exe
  C:\Windows\System\JEsmLmv.exe
  2⤵
  PID:9064
- C:\Windows\System\cCrEmAz.exe
  C:\Windows\System\cCrEmAz.exe
  2⤵
  PID:14612
- C:\Windows\System\gbaThuy.exe
  C:\Windows\System\gbaThuy.exe
  2⤵
  PID:14688
- C:\Windows\System\kxaPAua.exe
  C:\Windows\System\kxaPAua.exe
  2⤵
  PID:14752
- C:\Windows\System\UthQaOs.exe
  C:\Windows\System\UthQaOs.exe
  2⤵
  PID:14840
- C:\Windows\System\fvvdVdD.exe
  C:\Windows\System\fvvdVdD.exe
  2⤵
  PID:14884
- C:\Windows\System\BkfXlyW.exe
  C:\Windows\System\BkfXlyW.exe
  2⤵
  PID:8232
- C:\Windows\System\fMGVSOo.exe
  C:\Windows\System\fMGVSOo.exe
  2⤵
  PID:14976
- C:\Windows\System\FktwfXO.exe
  C:\Windows\System\FktwfXO.exe
  2⤵
  PID:8448
- C:\Windows\System\odDOOYJ.exe
  C:\Windows\System\odDOOYJ.exe
  2⤵
  PID:15052
- C:\Windows\System\bCOalIN.exe
  C:\Windows\System\bCOalIN.exe
  2⤵
  PID:15092
- C:\Windows\System\JtpNLOE.exe
  C:\Windows\System\JtpNLOE.exe
  2⤵
  PID:15120
- C:\Windows\System\fldMGXN.exe
  C:\Windows\System\fldMGXN.exe
  2⤵
  PID:15192
- C:\Windows\System\UFzMFNo.exe
  C:\Windows\System\UFzMFNo.exe
  2⤵
  PID:15228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CZQGPtj.exe

Filesize
6.0MB

MD5
d1fedbe11f08d39dda75f4cab30aa9fb

SHA1
a9ec5df986e8c911015b774c59bba710e2fd3976

SHA256
822054fcdf1f83f05ce8e1c406a11c6b3f81a3f19d3cfc1a9067c33d8f6635bb

SHA512
e6ff2fb11b67c1230699d41f33161f2e59d12b905da1951416c70fe6c3602b9bfef92dc4442c0631af364789a9b6e221cb945277d47319e3ecb3f99216418369

Download Submit
C:\Windows\System\EXzWzkg.exe

Filesize
6.0MB

MD5
79246356000116c9fecf2c581f5ca00f

SHA1
2e6aa6837fc991dbfc05e95f7c0c7436d734eed2

SHA256
cd5492dca972467f1c88bb47319f758a8cb06eb1f26b06c9c798b1ecbac4108a

SHA512
e103e40a559ce5b4e2aa026a2fd8c70a96a073913efb57b46f8d45e31ef6573e56f4d130b7ba3e83fda5ddad22626c25c73fa507597bad99b8d4c42ba0014f1a

Download Submit
C:\Windows\System\GFpLtID.exe

Filesize
6.0MB

MD5
f2f4cbd746775203c84dfade41330355

SHA1
b544b77d84d9016be500d53a0e993faf0baf559b

SHA256
631631a51827e8a8ab55136a449b216b87d2a031bb88cd7677d289b6bca7ea9e

SHA512
f81bd00cbc0fe811dec4600348bcf986c1b6f2521a7176b5a4046429d3c4a0afc24d249124f10def9c2078045dbc26bce5f3fe1745b1e4cd3fa56f4f0a5c6d11

Download Submit
C:\Windows\System\KdfjnDQ.exe

Filesize
6.0MB

MD5
e15dbdc785f61757a40fe5eb25a33a82

SHA1
45021f08ea46a2e16eec9a5f08937b5139fbf5d2

SHA256
ede430632bf9737a451047994677fcf36fe7986ea132ba34cdf37e7be59074d0

SHA512
47f8f99dd0dd36b912486a986bd7d497c51906e1b58edbb3e7e30be5d561a29614133f29d5fbb4f0c72c2f4bbc9e21a95119abce29b2a978dbb8563e9c7319c5

Download Submit
C:\Windows\System\KvMYVDy.exe

Filesize
6.0MB

MD5
08f66e27083212c65ac65c8f3ca3010f

SHA1
c1f974d0960f322d6e952128d23552589d6cf182

SHA256
3ce8d3b737c3b49473674628ac62cb32a5e0ca6ac9e056dfc81f5393761371e9

SHA512
17f21cde6c41cc49a3edbeaca64d30627c086537b650f09b049c8e09b8bc039cc0b8d066ef52b7b6e4bb8e5659b50388a3f26919d555bb3ca7c49fd039488f1a

Download Submit
C:\Windows\System\LKycCSO.exe

Filesize
6.0MB

MD5
d6eaf9aeae04276cb68e0558953289d9

SHA1
350e96bf6b2bdf73e3b39f052f5b369250a820c2

SHA256
ff8973f01ebebc62d0a53cc1de4fccc8b7051075031410ffe2a0a9bd181d5647

SHA512
31ff075af6a329c351242eb7a1bc78d9b0cf7b79c40830bb3a6961eb95cf3ba3bddd704add8aaebf3bf420c29570a2cbfbd5c52ef60f4fde8bac8546b29ab440

Download Submit
C:\Windows\System\LpZlHVE.exe

Filesize
6.0MB

MD5
1947557bec05a0ac09eaa7e18f1f31d1

SHA1
a9ddef44a400746a504c5199d9f5acaba2131779

SHA256
59de3f3abd87740f9d084223c2ff01551e84642afe46e5688aef9e74e5b16bd4

SHA512
0616ed1adb25b0109cd7c35365b380d2e7bf3c6807bde45199ddb86ee52e9a4cc7e03f6b61eb1d33f2f28a5a2adcee98e4698939a2a2d8850caeea03b8a8eb9d

Download Submit
C:\Windows\System\MRaQxim.exe

Filesize
6.0MB

MD5
0fa0781452f4be6a0d607d223cfa2a05

SHA1
6a73d8532962db91b7faf1fb8eb2e8e370468eeb

SHA256
33d4dd5cb7783a371912a7bdf3f6da4a279573d527111c75ab20014e1457c627

SHA512
d33263c73b8f3c1b9f9367f80815a1a9d0e8a2eda59af3eed7865d3f10ad090a8045de2420b21054053287731b49576418d5951664e7f1f96b25b0700627cc04

Download Submit
C:\Windows\System\PHIZkae.exe

Filesize
6.0MB

MD5
2d1159575f4c4456f724b2dab619072f

SHA1
438dbbc77a6d9a28b29d39c016ecab4193e05928

SHA256
e204e65984af3484d4958468b6f696214f58c47f67156ab2bdf1f5e8b000391e

SHA512
0d31dae30d7c3233a483d50534b2b78f08969cba28bb1a51a641cd739bc6ae9321971263cc76b917a525f8b2bd62d5654eaa3e081968f34b2439530c38d0a4db

Download Submit
C:\Windows\System\PIKggOf.exe

Filesize
6.0MB

MD5
7c54ff79f3fea94731864d0075fd8378

SHA1
7e037fe8c40abf83ce60f5fdc1d76b5428b927f5

SHA256
c0ec5121ac1c0b36dc8e432dce1cc09aa525b4ad8acc59b81ea88e753a3784f5

SHA512
51cddfddffe35ab00e7fab45cc9ca7bde44104dbb97848d263bad93c5f5cf5c28315c40cb2a2a021146cef5ca2fc78071c0561d8805a687ea178a899d636fd04

Download Submit
C:\Windows\System\PRtszht.exe

Filesize
6.0MB

MD5
1b810bd85d637b8254a9acea215666e5

SHA1
a1a09764be6dc78a2f5ad8a387b4bfa3c20d3293

SHA256
915f670e22dad974710c9332d75d8e1a097d90264088dddf98a5a61995ba8c55

SHA512
e596123c957e039e72afccecab81f4f17905f41af0d2479b960094677aee538d6455423e4a9a9fda950498065a0fc63e005c5e0a8137530755c1753ca8dabc66

Download Submit
C:\Windows\System\PxybEjf.exe

Filesize
6.0MB

MD5
d6c47695bb3b843720a55064abe62587

SHA1
8cecfe08c2356f4ca7f3896fe15a60015b907977

SHA256
151f3b9be84c2fd17792f348454a19bdf331951e3872b0c6725d841f1424bfed

SHA512
edfceeb016e1889c091e4cbbc79c173bd0174fb027b0fd46c163b04d9930f10dbf3d58a3cd6b1ebd82707cbff2ac6126061053158bd7c95870ab36b3616f9100

Download Submit
C:\Windows\System\QWjFTmM.exe

Filesize
6.0MB

MD5
179a9924b2735bdff829ded969e2d475

SHA1
117957245b03c7568076849825525b2d461e2d05

SHA256
c84e2f3da4c40a502f33d96bd4cf2349011b645ea7e7622d31fddba6dcc69446

SHA512
e1498045933a8c0a33b00882ecab62e0d7d553418d949a273f0b0813e85c4b10639c5be5ec61788e842ab25af5e4e73af3100d4dad66f840fa814c04d77ac228

Download Submit
C:\Windows\System\RRvzgYx.exe

Filesize
6.0MB

MD5
4641d9961da1417259da07d7b799c729

SHA1
f79090d39d4d365ee1afd49b37891c3e03ce538e

SHA256
249b2cca5f336eb47f6c80dc495894b9a930f22c9a604f17f97a051313c4482f

SHA512
8eb7889bd4b998d4e89d69a2c458b624cb2bbeb9108643c6e3ed68ec365dbdcb5e2a2ea6cc0c925e8d78177121aecd61391d87da6eded168dd9b3d7efd14d338

Download Submit
C:\Windows\System\RusgkPT.exe

Filesize
6.0MB

MD5
86af4def3931c6a035a378d688670075

SHA1
b95517668b6edf4daf0a94428ed14df5be4838e2

SHA256
97e06d2374d2cec5ad68a37cf9e6be0ddea000b4b2891fee4d69118126c724f9

SHA512
e4744d216a86742c2ea5a71535518fef666bdae09dc4e1320af5d82b76a1c4fefd214b7c9dec0054f601180c80474d9c0866f308695e2b29228313e21b2cf6a9

Download Submit
C:\Windows\System\SwieAdW.exe

Filesize
6.0MB

MD5
4bf68822127783589e193df335b0b8b6

SHA1
9a7cf42a69d6314580568587dd13e54f9e0af82c

SHA256
0122d90c6cf345c6088543a7eb5b19307742a4fb13f3cb0a458f1031e036d573

SHA512
a3c0adaf73e84dac774787302d60e8bf52474eadba159fe3e3b893f70fd7dbccb3ebdf8c4767aea6a164b268efcd04f8dff4eb540b1eddb9a65ccff7d83a297d

Download Submit
C:\Windows\System\TbZTPuh.exe

Filesize
6.0MB

MD5
3c44fbe2e558f071e0740a17d72dc1c9

SHA1
4c80ae3a1bd74f069a70233a206149f6d92ce5e2

SHA256
ed875d41af07e7ca48feb0e5a345247bc90c27c104652a281d76cea5c2c2003d

SHA512
5ca5bfa09474b37d3300c2f60d311e131ef9191c3c39cb0d77f567f74d72f3c9094ee4c0f0f7e268714fb307fc811427cf4efc4f3870210361ddbd3ff956bcd9

Download Submit
C:\Windows\System\YEqOXjc.exe

Filesize
6.0MB

MD5
82051b041b09b18e9a7ae9a8463360e4

SHA1
ec0390a4476507c06c35ad8c4b1eb404840eabfb

SHA256
b1cdf2fcc248eeea982d89850c10bd4989a81a508e51328881bcc6a056bb3f48

SHA512
c0396ef04f119efc9756744d3c2d7cd31cd64d3dfa7aa8a74413725ec2259393cf79f2f2b9d26d5189259d411a7b4ae99e1ccc61ffba03e8926cbeb3508103ff

Download Submit
C:\Windows\System\aTvoeTN.exe

Filesize
6.0MB

MD5
f88e1d1efcd1d7392879fb62e4537f44

SHA1
97ad20a87d1dee1b2a937788d47f1fe5d2c661a5

SHA256
7b15fae4a6c3d760ae208f3734444c92ba43e3a5e045ad3a3d826183e36bf9bd

SHA512
9280e433ef87c5082b954686abc0e3fc760e88aa9f8a225fdcf29ee60bf03b0178c96799897d2db79b6327c1209ab74840f90a99397e69ecbfcc2664256e8f0f

Download Submit
C:\Windows\System\bbFBuYz.exe

Filesize
6.0MB

MD5
a76eb603c9ec83a6985cd2d0bd1fe78f

SHA1
3d7b605224b4da7a9c5d4cf6a2297b7195f37b1a

SHA256
39e3a41844b87ce7508096d8336e793419a89c58f63b3a257a84bfaf17375624

SHA512
53af0d0665db6aac6ad5bf38e7f3260b978682b2aeb53e839651bbf8b21a0a20efae90aa2a03715b28fae86fab703a8eeff416aa742ae924aa840be94c127e00

Download Submit
C:\Windows\System\ccLxjkQ.exe

Filesize
6.0MB

MD5
07dc1ff450ec381f3c88f8cd9c9bdb8f

SHA1
b3c6f144c1278d20bb2fdc142e18d05a82d3aa9a

SHA256
f8aa5b3dbfa698b727ce770b86a3bee37fd787cba5d816a504b43dd26b73bd50

SHA512
69af38c61a2b102e70101cb9ee2e317dad80c4063da9715fc047c18ee07af7069c6f093f77f75fda7b6067354b82226fa01e8deacf5f9ba2f199cbb099f4d000

Download Submit
C:\Windows\System\dFPZIQE.exe

Filesize
6.0MB

MD5
200d4c7b86135bfe64f1c2d424032269

SHA1
a8883fb38de9eb6a73746b4412dbf0f9f296528e

SHA256
9c398034c9b1112bfada5e1194cf3a09692e69e979d7539668599a255965f3d1

SHA512
6f425d784affb4f07f29511307b62bcedf0ab6fcf51d359cdcd3b180e02acb7655950eefb2f26a08cecbc860bf89e3b784bbfc5ed09587742cc27cf29d74f05e

Download Submit
C:\Windows\System\dslPKSy.exe

Filesize
6.0MB

MD5
e2adf48941be7835820ca630b78b4203

SHA1
a1fc8b4ef1665c552abdfeaceebf7d0f44200250

SHA256
11e2adc8712c98900837457ae5402927cfc121f48bcbb0f2491c5e0cd6891b39

SHA512
884d8cb861ec75e049880d4ddb44991cfa8bf117bac09e4988d2f7127ceec35579e193d189e0a5d327eebf5a908cea51135d92afe4c83af2b031297dae443eda

Download Submit
C:\Windows\System\iOmmRZG.exe

Filesize
6.0MB

MD5
7f850b75238d7cfc6a06d16c82b2d47e

SHA1
60e4e4a49d8f3e7d811e596392d5a5fa6435f881

SHA256
47117be487540c4c43465c015424b2bb5364781856566d3b19af4fc98fca22d0

SHA512
4952761db4fb3e97e3edd8d0bbf318f2efaa6fda579d04431448c4ebccbb07cf6d804e2a7548159792a95dbc32ce1d7e5b293455f535e80c243bc16d6f477cf0

Download Submit
C:\Windows\System\iXDWpey.exe

Filesize
6.0MB

MD5
43152bdc30e22b64943bad08a4f3c8fb

SHA1
a14d6ca1042faa1e031fcca35e1a3f91a27b92e3

SHA256
b4df9f84c93660d68bab44c1134de9858cf131cf7004f1f9a30e781a214b1573

SHA512
ad34862a607cf282eadc65071bc069a9f7b04c51000c65554ec64c26d417e24c0d7a9c9fb2e4ee8ee5d975f69851d026146a8d707cf7185bc2f3c6a5f15ee50c

Download Submit
C:\Windows\System\mMDkyCp.exe

Filesize
6.0MB

MD5
9573a53d79c5899abc2864187f39d814

SHA1
cfc8737e0497545ffe1de0bf628f41d347351a67

SHA256
775a73f3e572e546d8115e038ce59e32c3a37365d57cc923749af77a34d2c0a8

SHA512
215c85ae628f69b10da3701cda05942d3bb11c4ca7db3eb12547b79081604a6479d41df44dd892d65ce7a2fa7d3b5e4a70db8da8d024c85fd1e418d1c711ed28

Download Submit
C:\Windows\System\tknHNYo.exe

Filesize
6.0MB

MD5
6d52f63045f75540af04db106f47c47e

SHA1
46821f3d9fb45781a6dbfe94a863a8332cffd35b

SHA256
d9018dd00e12107547de17203c2184b3a179e98d35bf787e79a541fa6c55bebf

SHA512
1679306471cba502291d9ba1a691a919698717c162e7dd852898a3ea9f57f0df6143452aac7c7d15f609c69ec74ab131ecbdedb02ffb96643bea8d94769a34b0

Download Submit
C:\Windows\System\ugapfVE.exe

Filesize
6.0MB

MD5
dead71ac6a4c59e8475b97597568c187

SHA1
0d6af60d63b2f8945c75a08d121cfaa7320c3d79

SHA256
a7c44397c3800e91be1d91b95a8a62c442a0b40f80cfbdfb5e52938af617993c

SHA512
a1c9a66445c58447e9f596a5115ef02162f5b00c67b3bf98426f92a30cf61cfffcc443cec5fd8a424d444e760b18e0748df15f34ca5a9dc8960fc3b04b399971

Download Submit
C:\Windows\System\usohENG.exe

Filesize
6.0MB

MD5
7b06ccf0433199e632cd7d7ee641d704

SHA1
b92f86742e8d21abe4c79e2fd2c0bb6287c129bf

SHA256
dc395592bc7e05bf7ab422f88ae4f8831b48fbdf397dd6bd155fcc4e6f29e7f2

SHA512
26150177eb51b29dd7755962c535b54508c4b60e804855487f57e0767fedaccb89cafc0cfe3a093865f6874c359f9d23ccfb387cf18c8f7da07fe6879c7c724b

Download Submit
C:\Windows\System\utRSvpd.exe

Filesize
6.0MB

MD5
cc0ffeaaa6ac54b6be0bd47f150fda3f

SHA1
e36d80be90f39f5ac6a00e6a240e0b3a62345050

SHA256
4534e654baf169dad2c196030828d09d1ee4eaeb4f02e976e9bf285e6c04c7d0

SHA512
69f1804fa70c8c911b22793b029eabb69fa7329c8df2161fcbb73d23e7386241acbcf126314ca253f1b61b7bd191abf4bcea2efcd686d0f0853d5e1be7b0d759

Download Submit
C:\Windows\System\vZALOHn.exe

Filesize
6.0MB

MD5
e6945d8778de5bfa3d6a0b22a63cf0ec

SHA1
79ae7deb409de85edaa72f75c537e2690a4ef36b

SHA256
ffae8143424aa746b67977f37184b23630194d12eb84361954630778dabab1c3

SHA512
d289336800807c66e076dbf958dfe61a175eca3bf990ee76a8d08e3acf777e6ecfaed0ff0edb2e85de920b1dd2683de682720f86cc1164332412523aa5c78351

Download Submit
C:\Windows\System\zTFJGre.exe

Filesize
6.0MB

MD5
02a3030dc549c45feec826f0f576aa6c

SHA1
f81030ef45a77eeaab72cfacf24d1747a8e87ae4

SHA256
28ca3b5dc873d3b2d256751e2e115aeb7e0fdb33cb5e05e6ec180c7ddfe7aa8a

SHA512
95a7537bf4fd12d0a68d999215fa18ab4c34e7bcb53289c2a3df335b08a436674c7885a0a320c1dbd58cfd4299eb51eac56f53097fc38c631d9bbc7a9af0a276

Download Submit
C:\Windows\System\zxkvbFi.exe

Filesize
6.0MB

MD5
c71cdbb8b41b3b120d22da0225ef8343

SHA1
d2e672703b5575887d834c93addd7b785ae8fcf9

SHA256
ac36d4a7f8c373ec69298e1ee851b4628829c7f1634dae6584d57e85517c7b4a

SHA512
f044cc4000800c3c73b509be4d0a5455e84d3634d8186bb72eba60f351548a2cdd7cfe962ce07379572a709da97c11f346f31ae6a74dc4f82ac901229ce39e4c

Download Submit
memory/644-116-0x00007FF7FD150000-0x00007FF7FD4A4000-memory.dmp

Filesize
3.3MB

Download
memory/644-1819-0x00007FF7FD150000-0x00007FF7FD4A4000-memory.dmp

Filesize
3.3MB

Download
memory/644-988-0x00007FF7FD150000-0x00007FF7FD4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1224-1820-0x00007FF6B6300000-0x00007FF6B6654000-memory.dmp

Filesize
3.3MB

Download
memory/1224-109-0x00007FF6B6300000-0x00007FF6B6654000-memory.dmp

Filesize
3.3MB

Download
memory/1224-1054-0x00007FF6B6300000-0x00007FF6B6654000-memory.dmp

Filesize
3.3MB

Download
memory/1976-1813-0x00007FF6874F0000-0x00007FF687844000-memory.dmp

Filesize
3.3MB

Download
memory/1976-269-0x00007FF6874F0000-0x00007FF687844000-memory.dmp

Filesize
3.3MB

Download
memory/2108-1787-0x00007FF71B800000-0x00007FF71BB54000-memory.dmp

Filesize
3.3MB

Download
memory/2108-65-0x00007FF71B800000-0x00007FF71BB54000-memory.dmp

Filesize
3.3MB

Download
memory/2204-1603-0x00007FF63EB10000-0x00007FF63EE64000-memory.dmp

Filesize
3.3MB

Download
memory/2204-14-0x00007FF63EB10000-0x00007FF63EE64000-memory.dmp

Filesize
3.3MB

Download
memory/2204-666-0x00007FF63EB10000-0x00007FF63EE64000-memory.dmp

Filesize
3.3MB

Download
memory/2240-1824-0x00007FF6CB650000-0x00007FF6CB9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2240-320-0x00007FF6CB650000-0x00007FF6CB9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-333-0x00007FF7EB170000-0x00007FF7EB4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-1814-0x00007FF7EB170000-0x00007FF7EB4C4000-memory.dmp

Filesize
3.3MB

Download
memory/3096-1791-0x00007FF73F820000-0x00007FF73FB74000-memory.dmp

Filesize
3.3MB

Download
memory/3096-76-0x00007FF73F820000-0x00007FF73FB74000-memory.dmp

Filesize
3.3MB

Download
memory/3172-1832-0x00007FF69ABD0000-0x00007FF69AF24000-memory.dmp

Filesize
3.3MB

Download
memory/3172-277-0x00007FF69ABD0000-0x00007FF69AF24000-memory.dmp

Filesize
3.3MB

Download
memory/3336-991-0x00007FF61E220000-0x00007FF61E574000-memory.dmp

Filesize
3.3MB

Download
memory/3336-1817-0x00007FF61E220000-0x00007FF61E574000-memory.dmp

Filesize
3.3MB

Download
memory/3336-268-0x00007FF61E220000-0x00007FF61E574000-memory.dmp

Filesize
3.3MB

Download
memory/3348-1842-0x00007FF600A30000-0x00007FF600D84000-memory.dmp

Filesize
3.3MB

Download
memory/3348-280-0x00007FF600A30000-0x00007FF600D84000-memory.dmp

Filesize
3.3MB

Download
memory/3436-1048-0x00007FF730B50000-0x00007FF730EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3436-1800-0x00007FF730B50000-0x00007FF730EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3436-81-0x00007FF730B50000-0x00007FF730EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3444-1799-0x00007FF63D090000-0x00007FF63D3E4000-memory.dmp

Filesize
3.3MB

Download
memory/3444-314-0x00007FF63D090000-0x00007FF63D3E4000-memory.dmp

Filesize
3.3MB

Download
memory/3604-1607-0x00007FF7D9BA0000-0x00007FF7D9EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3604-719-0x00007FF7D9BA0000-0x00007FF7D9EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3604-18-0x00007FF7D9BA0000-0x00007FF7D9EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3740-1829-0x00007FF7A8020000-0x00007FF7A8374000-memory.dmp

Filesize
3.3MB

Download
memory/3740-273-0x00007FF7A8020000-0x00007FF7A8374000-memory.dmp

Filesize
3.3MB

Download
memory/4116-1774-0x00007FF65CE90000-0x00007FF65D1E4000-memory.dmp

Filesize
3.3MB

Download
memory/4116-51-0x00007FF65CE90000-0x00007FF65D1E4000-memory.dmp

Filesize
3.3MB

Download
memory/4116-951-0x00007FF65CE90000-0x00007FF65D1E4000-memory.dmp

Filesize
3.3MB

Download
memory/4180-1834-0x00007FF687C10000-0x00007FF687F64000-memory.dmp

Filesize
3.3MB

Download
memory/4180-286-0x00007FF687C10000-0x00007FF687F64000-memory.dmp

Filesize
3.3MB

Download
memory/4300-986-0x00007FF682BC0000-0x00007FF682F14000-memory.dmp

Filesize
3.3MB

Download
memory/4300-1803-0x00007FF682BC0000-0x00007FF682F14000-memory.dmp

Filesize
3.3MB

Download
memory/4300-89-0x00007FF682BC0000-0x00007FF682F14000-memory.dmp

Filesize
3.3MB

Download
memory/4420-287-0x00007FF7BA3A0000-0x00007FF7BA6F4000-memory.dmp

Filesize
3.3MB

Download
memory/4420-1833-0x00007FF7BA3A0000-0x00007FF7BA6F4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-952-0x00007FF64BFA0000-0x00007FF64C2F4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-71-0x00007FF64BFA0000-0x00007FF64C2F4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-1792-0x00007FF64BFA0000-0x00007FF64C2F4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-1818-0x00007FF63BC80000-0x00007FF63BFD4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-321-0x00007FF63BC80000-0x00007FF63BFD4000-memory.dmp

Filesize
3.3MB

Download
memory/4488-1609-0x00007FF625810000-0x00007FF625B64000-memory.dmp

Filesize
3.3MB

Download
memory/4488-720-0x00007FF625810000-0x00007FF625B64000-memory.dmp

Filesize
3.3MB

Download
memory/4488-29-0x00007FF625810000-0x00007FF625B64000-memory.dmp

Filesize
3.3MB

Download
memory/4540-1770-0x00007FF6F0380000-0x00007FF6F06D4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-949-0x00007FF6F0380000-0x00007FF6F06D4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-37-0x00007FF6F0380000-0x00007FF6F06D4000-memory.dmp

Filesize
3.3MB

Download
memory/4640-79-0x00007FF667CD0000-0x00007FF668024000-memory.dmp

Filesize
3.3MB

Download
memory/4640-1777-0x00007FF667CD0000-0x00007FF668024000-memory.dmp

Filesize
3.3MB

Download
memory/4644-272-0x00007FF66F910000-0x00007FF66FC64000-memory.dmp

Filesize
3.3MB

Download
memory/4644-1828-0x00007FF66F910000-0x00007FF66FC64000-memory.dmp

Filesize
3.3MB

Download
memory/4800-1593-0x00007FF6ABA90000-0x00007FF6ABDE4000-memory.dmp

Filesize
3.3MB

Download
memory/4800-659-0x00007FF6ABA90000-0x00007FF6ABDE4000-memory.dmp

Filesize
3.3MB

Download
memory/4800-6-0x00007FF6ABA90000-0x00007FF6ABDE4000-memory.dmp

Filesize
3.3MB

Download
memory/4812-82-0x00007FF64C690000-0x00007FF64C9E4000-memory.dmp

Filesize
3.3MB

Download
memory/4812-1809-0x00007FF64C690000-0x00007FF64C9E4000-memory.dmp

Filesize
3.3MB

Download
memory/4812-1050-0x00007FF64C690000-0x00007FF64C9E4000-memory.dmp

Filesize
3.3MB

Download
memory/4816-304-0x00007FF7E3D30000-0x00007FF7E4084000-memory.dmp

Filesize
3.3MB

Download
memory/4816-0-0x00007FF7E3D30000-0x00007FF7E4084000-memory.dmp

Filesize
3.3MB

Download
memory/4816-1-0x0000028074710000-0x0000028074720000-memory.dmp

Filesize
64KB

Download
memory/4828-32-0x00007FF6EFA70000-0x00007FF6EFDC4000-memory.dmp

Filesize
3.3MB

Download
memory/4828-1614-0x00007FF6EFA70000-0x00007FF6EFDC4000-memory.dmp

Filesize
3.3MB

Download
memory/4828-838-0x00007FF6EFA70000-0x00007FF6EFDC4000-memory.dmp

Filesize
3.3MB

Download
memory/4968-104-0x00007FF657310000-0x00007FF657664000-memory.dmp

Filesize
3.3MB

Download
memory/4968-1821-0x00007FF657310000-0x00007FF657664000-memory.dmp

Filesize
3.3MB

Download
memory/4968-1052-0x00007FF657310000-0x00007FF657664000-memory.dmp

Filesize
3.3MB

Download