cobaltstrike | ee5fdaa8c9eb5165b9f3e85cfae7b79af6c92d97633381f01dc1678fea2d2837

Analysis

max time kernel
125s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7e173926369b3ec20af2a5d9cf170c24
SHA1

0ac9495bde954630ae82985b9bae76c1332e049d
SHA256

ee5fdaa8c9eb5165b9f3e85cfae7b79af6c92d97633381f01dc1678fea2d2837
SHA512

205f37758ffe866f235b8f61d890e9cf77f0a5193b7c453944642287c73a17fd9903eecb90c6f1e864cc8d0feab010a28a71c897330b0e9d97087e1735cbcbc0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUs:T+q56utgpPF8u/7s

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023c84-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c89-7.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8b-26.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8d-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8f-49.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c85-58.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c96-90.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c99-120.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c98-118.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c97-116.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c94-114.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c95-94.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c93-93.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c92-88.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c90-74.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c91-72.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8e-55.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8c-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8a-27.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c88-20.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9b-136.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9c-137.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9d-143.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9e-151.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9f-167.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9a-131.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca0-174.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca2-190.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca3-195.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-198.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca5-200.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca6-205.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca7-212.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2468-0-0x00007FF628DF0000-0x00007FF629144000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c84-4.dat	xmrig
behavioral2/files/0x0007000000023c89-7.dat	xmrig
behavioral2/memory/2232-19-0x00007FF6F4080000-0x00007FF6F43D4000-memory.dmp	xmrig
behavioral2/memory/4524-22-0x00007FF7389C0000-0x00007FF738D14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8b-26.dat	xmrig
behavioral2/files/0x0007000000023c8d-35.dat	xmrig
behavioral2/files/0x0007000000023c8f-49.dat	xmrig
behavioral2/files/0x0008000000023c85-58.dat	xmrig
behavioral2/memory/3952-64-0x00007FF7A1E60000-0x00007FF7A21B4000-memory.dmp	xmrig
behavioral2/memory/1840-80-0x00007FF6DEDF0000-0x00007FF6DF144000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c96-90.dat	xmrig
behavioral2/memory/2332-113-0x00007FF650380000-0x00007FF6506D4000-memory.dmp	xmrig
behavioral2/memory/4120-125-0x00007FF754BD0000-0x00007FF754F24000-memory.dmp	xmrig
behavioral2/memory/1228-124-0x00007FF7497E0000-0x00007FF749B34000-memory.dmp	xmrig
behavioral2/memory/3676-123-0x00007FF637580000-0x00007FF6378D4000-memory.dmp	xmrig
behavioral2/memory/2232-122-0x00007FF6F4080000-0x00007FF6F43D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c99-120.dat	xmrig
behavioral2/files/0x0007000000023c98-118.dat	xmrig
behavioral2/files/0x0007000000023c97-116.dat	xmrig
behavioral2/files/0x0007000000023c94-114.dat	xmrig
behavioral2/memory/3856-112-0x00007FF7635E0000-0x00007FF763934000-memory.dmp	xmrig
behavioral2/memory/3656-107-0x00007FF7AF610000-0x00007FF7AF964000-memory.dmp	xmrig
behavioral2/memory/2468-96-0x00007FF628DF0000-0x00007FF629144000-memory.dmp	xmrig
behavioral2/memory/3276-95-0x00007FF6D34D0000-0x00007FF6D3824000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c95-94.dat	xmrig
behavioral2/files/0x0007000000023c93-93.dat	xmrig
behavioral2/memory/2188-92-0x00007FF7E7BA0000-0x00007FF7E7EF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c92-88.dat	xmrig
behavioral2/memory/4836-83-0x00007FF64F830000-0x00007FF64FB84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c90-74.dat	xmrig
behavioral2/files/0x0007000000023c91-72.dat	xmrig
behavioral2/memory/2676-65-0x00007FF70DFC0000-0x00007FF70E314000-memory.dmp	xmrig
behavioral2/memory/1564-59-0x00007FF6E34B0000-0x00007FF6E3804000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8e-55.dat	xmrig
behavioral2/memory/3940-53-0x00007FF6D30F0000-0x00007FF6D3444000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8c-47.dat	xmrig
behavioral2/memory/2176-44-0x00007FF7B2400000-0x00007FF7B2754000-memory.dmp	xmrig
behavioral2/memory/3092-39-0x00007FF6C8BF0000-0x00007FF6C8F44000-memory.dmp	xmrig
behavioral2/memory/3992-37-0x00007FF7AFDE0000-0x00007FF7B0134000-memory.dmp	xmrig
behavioral2/memory/2504-30-0x00007FF62BD10000-0x00007FF62C064000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8a-27.dat	xmrig
behavioral2/files/0x0007000000023c88-20.dat	xmrig
behavioral2/memory/3856-9-0x00007FF7635E0000-0x00007FF763934000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9b-136.dat	xmrig
behavioral2/files/0x0007000000023c9c-137.dat	xmrig
behavioral2/files/0x0007000000023c9d-143.dat	xmrig
behavioral2/files/0x0007000000023c9e-151.dat	xmrig
behavioral2/memory/392-156-0x00007FF7CAD10000-0x00007FF7CB064000-memory.dmp	xmrig
behavioral2/memory/2176-159-0x00007FF7B2400000-0x00007FF7B2754000-memory.dmp	xmrig
behavioral2/memory/3952-162-0x00007FF7A1E60000-0x00007FF7A21B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9f-167.dat	xmrig
behavioral2/memory/1564-161-0x00007FF6E34B0000-0x00007FF6E3804000-memory.dmp	xmrig
behavioral2/memory/5060-160-0x00007FF7F8710000-0x00007FF7F8A64000-memory.dmp	xmrig
behavioral2/memory/3640-158-0x00007FF7A88B0000-0x00007FF7A8C04000-memory.dmp	xmrig
behavioral2/memory/3940-149-0x00007FF6D30F0000-0x00007FF6D3444000-memory.dmp	xmrig
behavioral2/memory/2456-148-0x00007FF71FFF0000-0x00007FF720344000-memory.dmp	xmrig
behavioral2/memory/3040-145-0x00007FF7611A0000-0x00007FF7614F4000-memory.dmp	xmrig
behavioral2/memory/3092-142-0x00007FF6C8BF0000-0x00007FF6C8F44000-memory.dmp	xmrig
behavioral2/memory/3992-139-0x00007FF7AFDE0000-0x00007FF7B0134000-memory.dmp	xmrig
behavioral2/memory/5088-138-0x00007FF775FD0000-0x00007FF776324000-memory.dmp	xmrig
behavioral2/memory/2504-133-0x00007FF62BD10000-0x00007FF62C064000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9a-131.dat	xmrig
behavioral2/memory/2676-169-0x00007FF70DFC0000-0x00007FF70E314000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3856	bcHdpfk.exe
2232	eXKVSTe.exe
4524	fzekGvi.exe
2504	ktaKdJU.exe
3992	xwzVVsH.exe
2176	SNkRuJE.exe
3092	bQTDQxe.exe
3940	bUvlgFM.exe
1564	pMtFgFd.exe
1840	nntopcO.exe
3952	TfvZmaq.exe
2676	dNWCtku.exe
2188	BWIUwvr.exe
4836	DjfXAeK.exe
3276	byjDKCp.exe
3656	YiMUaeF.exe
2332	FlCnYNa.exe
4120	FkyIyqH.exe
3676	pmaYaPy.exe
1228	TPiFUOf.exe
5088	TRCOFeV.exe
3040	vgQnYoU.exe
2456	eYerpJs.exe
392	BDEhcza.exe
5060	jbvPcLc.exe
3640	gfJxgtU.exe
1500	dUupfOH.exe
32	lLdTlnS.exe
3988	lYAZfyy.exe
3528	oKmAYOG.exe
1108	HTYjrwn.exe
4476	pDBoIXY.exe
2192	tNScIoQ.exe
2444	pLImskw.exe
4084	EazCdiR.exe
4552	xnYNVUb.exe
1620	LQfeWcr.exe
1644	WsdUTfN.exe
4652	rQcMiFM.exe
4920	RYETPBk.exe
4912	qdzsHUB.exe
2172	hpZFnxV.exe
1324	ckjWkVG.exe
4284	wvrbOhi.exe
872	cBEwNel.exe
2788	iMKADkP.exe
3848	BYUqHiq.exe
1448	slKwbGj.exe
1076	WAIGJVF.exe
4424	oecTSBy.exe
2044	HNxVgpi.exe
5080	BgqBOMY.exe
4432	dxbDEHU.exe
740	fFiCqQJ.exe
4944	SFqaIGz.exe
1428	DBtxBKp.exe
4140	mnUmJFU.exe
1120	VlzHhUF.exe
2152	aYTurit.exe
3904	BUiACXC.exe
2716	cBpWpEs.exe
2412	SgXINhX.exe
4160	DcvOPHk.exe
4940	aSUceWY.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2468-0-0x00007FF628DF0000-0x00007FF629144000-memory.dmp	upx
behavioral2/files/0x0008000000023c84-4.dat	upx
behavioral2/files/0x0007000000023c89-7.dat	upx
behavioral2/memory/2232-19-0x00007FF6F4080000-0x00007FF6F43D4000-memory.dmp	upx
behavioral2/memory/4524-22-0x00007FF7389C0000-0x00007FF738D14000-memory.dmp	upx
behavioral2/files/0x0007000000023c8b-26.dat	upx
behavioral2/files/0x0007000000023c8d-35.dat	upx
behavioral2/files/0x0007000000023c8f-49.dat	upx
behavioral2/files/0x0008000000023c85-58.dat	upx
behavioral2/memory/3952-64-0x00007FF7A1E60000-0x00007FF7A21B4000-memory.dmp	upx
behavioral2/memory/1840-80-0x00007FF6DEDF0000-0x00007FF6DF144000-memory.dmp	upx
behavioral2/files/0x0007000000023c96-90.dat	upx
behavioral2/memory/2332-113-0x00007FF650380000-0x00007FF6506D4000-memory.dmp	upx
behavioral2/memory/4120-125-0x00007FF754BD0000-0x00007FF754F24000-memory.dmp	upx
behavioral2/memory/1228-124-0x00007FF7497E0000-0x00007FF749B34000-memory.dmp	upx
behavioral2/memory/3676-123-0x00007FF637580000-0x00007FF6378D4000-memory.dmp	upx
behavioral2/memory/2232-122-0x00007FF6F4080000-0x00007FF6F43D4000-memory.dmp	upx
behavioral2/files/0x0007000000023c99-120.dat	upx
behavioral2/files/0x0007000000023c98-118.dat	upx
behavioral2/files/0x0007000000023c97-116.dat	upx
behavioral2/files/0x0007000000023c94-114.dat	upx
behavioral2/memory/3856-112-0x00007FF7635E0000-0x00007FF763934000-memory.dmp	upx
behavioral2/memory/3656-107-0x00007FF7AF610000-0x00007FF7AF964000-memory.dmp	upx
behavioral2/memory/2468-96-0x00007FF628DF0000-0x00007FF629144000-memory.dmp	upx
behavioral2/memory/3276-95-0x00007FF6D34D0000-0x00007FF6D3824000-memory.dmp	upx
behavioral2/files/0x0007000000023c95-94.dat	upx
behavioral2/files/0x0007000000023c93-93.dat	upx
behavioral2/memory/2188-92-0x00007FF7E7BA0000-0x00007FF7E7EF4000-memory.dmp	upx
behavioral2/files/0x0007000000023c92-88.dat	upx
behavioral2/memory/4836-83-0x00007FF64F830000-0x00007FF64FB84000-memory.dmp	upx
behavioral2/files/0x0007000000023c90-74.dat	upx
behavioral2/files/0x0007000000023c91-72.dat	upx
behavioral2/memory/2676-65-0x00007FF70DFC0000-0x00007FF70E314000-memory.dmp	upx
behavioral2/memory/1564-59-0x00007FF6E34B0000-0x00007FF6E3804000-memory.dmp	upx
behavioral2/files/0x0007000000023c8e-55.dat	upx
behavioral2/memory/3940-53-0x00007FF6D30F0000-0x00007FF6D3444000-memory.dmp	upx
behavioral2/files/0x0007000000023c8c-47.dat	upx
behavioral2/memory/2176-44-0x00007FF7B2400000-0x00007FF7B2754000-memory.dmp	upx
behavioral2/memory/3092-39-0x00007FF6C8BF0000-0x00007FF6C8F44000-memory.dmp	upx
behavioral2/memory/3992-37-0x00007FF7AFDE0000-0x00007FF7B0134000-memory.dmp	upx
behavioral2/memory/2504-30-0x00007FF62BD10000-0x00007FF62C064000-memory.dmp	upx
behavioral2/files/0x0007000000023c8a-27.dat	upx
behavioral2/files/0x0007000000023c88-20.dat	upx
behavioral2/memory/3856-9-0x00007FF7635E0000-0x00007FF763934000-memory.dmp	upx
behavioral2/files/0x0007000000023c9b-136.dat	upx
behavioral2/files/0x0007000000023c9c-137.dat	upx
behavioral2/files/0x0007000000023c9d-143.dat	upx
behavioral2/files/0x0007000000023c9e-151.dat	upx
behavioral2/memory/392-156-0x00007FF7CAD10000-0x00007FF7CB064000-memory.dmp	upx
behavioral2/memory/2176-159-0x00007FF7B2400000-0x00007FF7B2754000-memory.dmp	upx
behavioral2/memory/3952-162-0x00007FF7A1E60000-0x00007FF7A21B4000-memory.dmp	upx
behavioral2/files/0x0007000000023c9f-167.dat	upx
behavioral2/memory/1564-161-0x00007FF6E34B0000-0x00007FF6E3804000-memory.dmp	upx
behavioral2/memory/5060-160-0x00007FF7F8710000-0x00007FF7F8A64000-memory.dmp	upx
behavioral2/memory/3640-158-0x00007FF7A88B0000-0x00007FF7A8C04000-memory.dmp	upx
behavioral2/memory/3940-149-0x00007FF6D30F0000-0x00007FF6D3444000-memory.dmp	upx
behavioral2/memory/2456-148-0x00007FF71FFF0000-0x00007FF720344000-memory.dmp	upx
behavioral2/memory/3040-145-0x00007FF7611A0000-0x00007FF7614F4000-memory.dmp	upx
behavioral2/memory/3092-142-0x00007FF6C8BF0000-0x00007FF6C8F44000-memory.dmp	upx
behavioral2/memory/3992-139-0x00007FF7AFDE0000-0x00007FF7B0134000-memory.dmp	upx
behavioral2/memory/5088-138-0x00007FF775FD0000-0x00007FF776324000-memory.dmp	upx
behavioral2/memory/2504-133-0x00007FF62BD10000-0x00007FF62C064000-memory.dmp	upx
behavioral2/files/0x0007000000023c9a-131.dat	upx
behavioral2/memory/2676-169-0x00007FF70DFC0000-0x00007FF70E314000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mbWxrca.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NnzsNHR.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtARtos.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vqfFMjy.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpxKPBo.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LISmKEj.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SAmUXMJ.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YOoKuNs.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pKSdKLN.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DeqafTw.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Uznxosp.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PDkUZia.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRDiddm.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJEpAKt.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YOfgWBL.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKmAYOG.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BgqBOMY.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bbJPDuF.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\smqcMjX.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cpdgwfk.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wsCiZAi.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRxdsgl.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLImskw.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irqxrrO.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ombFTMW.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBwKshD.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jOlmsne.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\knYiLFc.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jIDmjqN.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNoDrfp.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNEYolU.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZjQmAG.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZljCDjb.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYXXBuS.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lBrEIkF.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jwFPDzU.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKCyrrN.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqcJFJr.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sIwYhvx.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWTmlcC.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QslaOqg.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XSrMQgL.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isYsYGA.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGXAGHL.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGztKpU.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UUPnjnd.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Wydezva.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtXlDfG.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwMWVil.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RYehFdE.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjSYzrm.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxREyfN.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMKuLeZ.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnyknfS.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXmFgKX.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSuYiKF.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDLkdhP.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sTgOzns.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsqzhKo.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Yezonjx.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtUkCKw.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fGcVXhW.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVJNlot.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aHmoxEs.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 3856	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 2468 wrote to memory of 3856	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 2468 wrote to memory of 2232	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 2468 wrote to memory of 2232	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 2468 wrote to memory of 4524	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2468 wrote to memory of 4524	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2468 wrote to memory of 2504	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2468 wrote to memory of 2504	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2468 wrote to memory of 3992	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2468 wrote to memory of 3992	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2468 wrote to memory of 2176	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2468 wrote to memory of 2176	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2468 wrote to memory of 3092	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2468 wrote to memory of 3092	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2468 wrote to memory of 3940	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2468 wrote to memory of 3940	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2468 wrote to memory of 1564	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2468 wrote to memory of 1564	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2468 wrote to memory of 3952	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2468 wrote to memory of 3952	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2468 wrote to memory of 1840	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2468 wrote to memory of 1840	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2468 wrote to memory of 2676	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2468 wrote to memory of 2676	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2468 wrote to memory of 2188	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2468 wrote to memory of 2188	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2468 wrote to memory of 4836	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2468 wrote to memory of 4836	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2468 wrote to memory of 2332	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2468 wrote to memory of 2332	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2468 wrote to memory of 3276	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2468 wrote to memory of 3276	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2468 wrote to memory of 3656	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2468 wrote to memory of 3656	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2468 wrote to memory of 4120	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2468 wrote to memory of 4120	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2468 wrote to memory of 3676	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2468 wrote to memory of 3676	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2468 wrote to memory of 1228	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2468 wrote to memory of 1228	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2468 wrote to memory of 5088	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2468 wrote to memory of 5088	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2468 wrote to memory of 3040	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2468 wrote to memory of 3040	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2468 wrote to memory of 2456	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2468 wrote to memory of 2456	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2468 wrote to memory of 392	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2468 wrote to memory of 392	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2468 wrote to memory of 5060	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2468 wrote to memory of 5060	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2468 wrote to memory of 3640	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2468 wrote to memory of 3640	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2468 wrote to memory of 1500	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2468 wrote to memory of 1500	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2468 wrote to memory of 32	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2468 wrote to memory of 32	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2468 wrote to memory of 3988	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2468 wrote to memory of 3988	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2468 wrote to memory of 3528	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2468 wrote to memory of 3528	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2468 wrote to memory of 1108	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2468 wrote to memory of 1108	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2468 wrote to memory of 4476	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2468 wrote to memory of 4476	2468	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Windows\System\bcHdpfk.exe
  C:\Windows\System\bcHdpfk.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\eXKVSTe.exe
  C:\Windows\System\eXKVSTe.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\fzekGvi.exe
  C:\Windows\System\fzekGvi.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\ktaKdJU.exe
  C:\Windows\System\ktaKdJU.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\xwzVVsH.exe
  C:\Windows\System\xwzVVsH.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\SNkRuJE.exe
  C:\Windows\System\SNkRuJE.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\bQTDQxe.exe
  C:\Windows\System\bQTDQxe.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\bUvlgFM.exe
  C:\Windows\System\bUvlgFM.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\pMtFgFd.exe
  C:\Windows\System\pMtFgFd.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\TfvZmaq.exe
  C:\Windows\System\TfvZmaq.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\nntopcO.exe
  C:\Windows\System\nntopcO.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\dNWCtku.exe
  C:\Windows\System\dNWCtku.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\BWIUwvr.exe
  C:\Windows\System\BWIUwvr.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\DjfXAeK.exe
  C:\Windows\System\DjfXAeK.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\FlCnYNa.exe
  C:\Windows\System\FlCnYNa.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\byjDKCp.exe
  C:\Windows\System\byjDKCp.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\YiMUaeF.exe
  C:\Windows\System\YiMUaeF.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\FkyIyqH.exe
  C:\Windows\System\FkyIyqH.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\pmaYaPy.exe
  C:\Windows\System\pmaYaPy.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\TPiFUOf.exe
  C:\Windows\System\TPiFUOf.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\TRCOFeV.exe
  C:\Windows\System\TRCOFeV.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\vgQnYoU.exe
  C:\Windows\System\vgQnYoU.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\eYerpJs.exe
  C:\Windows\System\eYerpJs.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\BDEhcza.exe
  C:\Windows\System\BDEhcza.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\jbvPcLc.exe
  C:\Windows\System\jbvPcLc.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\gfJxgtU.exe
  C:\Windows\System\gfJxgtU.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\dUupfOH.exe
  C:\Windows\System\dUupfOH.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\lLdTlnS.exe
  C:\Windows\System\lLdTlnS.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System\lYAZfyy.exe
  C:\Windows\System\lYAZfyy.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\oKmAYOG.exe
  C:\Windows\System\oKmAYOG.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\HTYjrwn.exe
  C:\Windows\System\HTYjrwn.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\pDBoIXY.exe
  C:\Windows\System\pDBoIXY.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\tNScIoQ.exe
  C:\Windows\System\tNScIoQ.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\pLImskw.exe
  C:\Windows\System\pLImskw.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\EazCdiR.exe
  C:\Windows\System\EazCdiR.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\xnYNVUb.exe
  C:\Windows\System\xnYNVUb.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\LQfeWcr.exe
  C:\Windows\System\LQfeWcr.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\WsdUTfN.exe
  C:\Windows\System\WsdUTfN.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\rQcMiFM.exe
  C:\Windows\System\rQcMiFM.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\RYETPBk.exe
  C:\Windows\System\RYETPBk.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\qdzsHUB.exe
  C:\Windows\System\qdzsHUB.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\hpZFnxV.exe
  C:\Windows\System\hpZFnxV.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\ckjWkVG.exe
  C:\Windows\System\ckjWkVG.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\wvrbOhi.exe
  C:\Windows\System\wvrbOhi.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\cBEwNel.exe
  C:\Windows\System\cBEwNel.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\iMKADkP.exe
  C:\Windows\System\iMKADkP.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\BYUqHiq.exe
  C:\Windows\System\BYUqHiq.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\slKwbGj.exe
  C:\Windows\System\slKwbGj.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\WAIGJVF.exe
  C:\Windows\System\WAIGJVF.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\oecTSBy.exe
  C:\Windows\System\oecTSBy.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\HNxVgpi.exe
  C:\Windows\System\HNxVgpi.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\BgqBOMY.exe
  C:\Windows\System\BgqBOMY.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\dxbDEHU.exe
  C:\Windows\System\dxbDEHU.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\fFiCqQJ.exe
  C:\Windows\System\fFiCqQJ.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\SFqaIGz.exe
  C:\Windows\System\SFqaIGz.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\DBtxBKp.exe
  C:\Windows\System\DBtxBKp.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\mnUmJFU.exe
  C:\Windows\System\mnUmJFU.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\VlzHhUF.exe
  C:\Windows\System\VlzHhUF.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\aYTurit.exe
  C:\Windows\System\aYTurit.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\BUiACXC.exe
  C:\Windows\System\BUiACXC.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\cBpWpEs.exe
  C:\Windows\System\cBpWpEs.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\SgXINhX.exe
  C:\Windows\System\SgXINhX.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\DcvOPHk.exe
  C:\Windows\System\DcvOPHk.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\aSUceWY.exe
  C:\Windows\System\aSUceWY.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\wvZPFOO.exe
  C:\Windows\System\wvZPFOO.exe
  2⤵
  PID:448
- C:\Windows\System\atQzvIE.exe
  C:\Windows\System\atQzvIE.exe
  2⤵
  PID:3548
- C:\Windows\System\aPTpgmt.exe
  C:\Windows\System\aPTpgmt.exe
  2⤵
  PID:4460
- C:\Windows\System\mKZlnEV.exe
  C:\Windows\System\mKZlnEV.exe
  2⤵
  PID:4656
- C:\Windows\System\RRNMImC.exe
  C:\Windows\System\RRNMImC.exe
  2⤵
  PID:1252
- C:\Windows\System\GMiUKOc.exe
  C:\Windows\System\GMiUKOc.exe
  2⤵
  PID:3616
- C:\Windows\System\NtZYqKL.exe
  C:\Windows\System\NtZYqKL.exe
  2⤵
  PID:3212
- C:\Windows\System\oLZoJpD.exe
  C:\Windows\System\oLZoJpD.exe
  2⤵
  PID:4148
- C:\Windows\System\IEVsExM.exe
  C:\Windows\System\IEVsExM.exe
  2⤵
  PID:1400
- C:\Windows\System\WnXHsEp.exe
  C:\Windows\System\WnXHsEp.exe
  2⤵
  PID:4948
- C:\Windows\System\PKCyrrN.exe
  C:\Windows\System\PKCyrrN.exe
  2⤵
  PID:2864
- C:\Windows\System\lynIZfY.exe
  C:\Windows\System\lynIZfY.exe
  2⤵
  PID:2052
- C:\Windows\System\wdSUCPd.exe
  C:\Windows\System\wdSUCPd.exe
  2⤵
  PID:376
- C:\Windows\System\JXirCsH.exe
  C:\Windows\System\JXirCsH.exe
  2⤵
  PID:4992
- C:\Windows\System\Xqwbrab.exe
  C:\Windows\System\Xqwbrab.exe
  2⤵
  PID:3920
- C:\Windows\System\cLkOuIW.exe
  C:\Windows\System\cLkOuIW.exe
  2⤵
  PID:1852
- C:\Windows\System\OuerBgi.exe
  C:\Windows\System\OuerBgi.exe
  2⤵
  PID:2264
- C:\Windows\System\wlrBZqj.exe
  C:\Windows\System\wlrBZqj.exe
  2⤵
  PID:3396
- C:\Windows\System\UHglYPt.exe
  C:\Windows\System\UHglYPt.exe
  2⤵
  PID:3484
- C:\Windows\System\ddIAraZ.exe
  C:\Windows\System\ddIAraZ.exe
  2⤵
  PID:860
- C:\Windows\System\KADycbl.exe
  C:\Windows\System\KADycbl.exe
  2⤵
  PID:828
- C:\Windows\System\cpfIbkH.exe
  C:\Windows\System\cpfIbkH.exe
  2⤵
  PID:4244
- C:\Windows\System\aMKuLeZ.exe
  C:\Windows\System\aMKuLeZ.exe
  2⤵
  PID:1064
- C:\Windows\System\YtFLHva.exe
  C:\Windows\System\YtFLHva.exe
  2⤵
  PID:444
- C:\Windows\System\AnJIHkk.exe
  C:\Windows\System\AnJIHkk.exe
  2⤵
  PID:4324
- C:\Windows\System\TzRidlq.exe
  C:\Windows\System\TzRidlq.exe
  2⤵
  PID:3420
- C:\Windows\System\yQQCcNx.exe
  C:\Windows\System\yQQCcNx.exe
  2⤵
  PID:4392
- C:\Windows\System\CfwsFSY.exe
  C:\Windows\System\CfwsFSY.exe
  2⤵
  PID:4356
- C:\Windows\System\WOOiOSC.exe
  C:\Windows\System\WOOiOSC.exe
  2⤵
  PID:4484
- C:\Windows\System\nyfrWIK.exe
  C:\Windows\System\nyfrWIK.exe
  2⤵
  PID:324
- C:\Windows\System\aqDVdMf.exe
  C:\Windows\System\aqDVdMf.exe
  2⤵
  PID:4880
- C:\Windows\System\wqgUEnB.exe
  C:\Windows\System\wqgUEnB.exe
  2⤵
  PID:1232
- C:\Windows\System\WSzbkye.exe
  C:\Windows\System\WSzbkye.exe
  2⤵
  PID:5012
- C:\Windows\System\hQnmftc.exe
  C:\Windows\System\hQnmftc.exe
  2⤵
  PID:3780
- C:\Windows\System\mCgNcuB.exe
  C:\Windows\System\mCgNcuB.exe
  2⤵
  PID:4892
- C:\Windows\System\XHvdDjp.exe
  C:\Windows\System\XHvdDjp.exe
  2⤵
  PID:4840
- C:\Windows\System\ZDYqctS.exe
  C:\Windows\System\ZDYqctS.exe
  2⤵
  PID:2344
- C:\Windows\System\iezBzAV.exe
  C:\Windows\System\iezBzAV.exe
  2⤵
  PID:2480
- C:\Windows\System\OagQSsj.exe
  C:\Windows\System\OagQSsj.exe
  2⤵
  PID:2668
- C:\Windows\System\iLawaKM.exe
  C:\Windows\System\iLawaKM.exe
  2⤵
  PID:3684
- C:\Windows\System\vKgywSD.exe
  C:\Windows\System\vKgywSD.exe
  2⤵
  PID:2964
- C:\Windows\System\GvbnIfP.exe
  C:\Windows\System\GvbnIfP.exe
  2⤵
  PID:2248
- C:\Windows\System\TaLtmnU.exe
  C:\Windows\System\TaLtmnU.exe
  2⤵
  PID:2180
- C:\Windows\System\BxiVpCj.exe
  C:\Windows\System\BxiVpCj.exe
  2⤵
  PID:3936
- C:\Windows\System\ysWywzh.exe
  C:\Windows\System\ysWywzh.exe
  2⤵
  PID:3268
- C:\Windows\System\VRLEoUa.exe
  C:\Windows\System\VRLEoUa.exe
  2⤵
  PID:4236
- C:\Windows\System\qUFEWbv.exe
  C:\Windows\System\qUFEWbv.exe
  2⤵
  PID:1196
- C:\Windows\System\IkVaizn.exe
  C:\Windows\System\IkVaizn.exe
  2⤵
  PID:2780
- C:\Windows\System\nwODgSn.exe
  C:\Windows\System\nwODgSn.exe
  2⤵
  PID:2076
- C:\Windows\System\LXvteaX.exe
  C:\Windows\System\LXvteaX.exe
  2⤵
  PID:2876
- C:\Windows\System\GJHAfaG.exe
  C:\Windows\System\GJHAfaG.exe
  2⤵
  PID:832
- C:\Windows\System\xVkmBET.exe
  C:\Windows\System\xVkmBET.exe
  2⤵
  PID:5144
- C:\Windows\System\yVijCGQ.exe
  C:\Windows\System\yVijCGQ.exe
  2⤵
  PID:5172
- C:\Windows\System\DVJNlot.exe
  C:\Windows\System\DVJNlot.exe
  2⤵
  PID:5204
- C:\Windows\System\WmPEYpu.exe
  C:\Windows\System\WmPEYpu.exe
  2⤵
  PID:5232
- C:\Windows\System\zvThxib.exe
  C:\Windows\System\zvThxib.exe
  2⤵
  PID:5256
- C:\Windows\System\EfwfbLa.exe
  C:\Windows\System\EfwfbLa.exe
  2⤵
  PID:5292
- C:\Windows\System\yihUFCq.exe
  C:\Windows\System\yihUFCq.exe
  2⤵
  PID:5316
- C:\Windows\System\RGXszYH.exe
  C:\Windows\System\RGXszYH.exe
  2⤵
  PID:5352
- C:\Windows\System\YlatoAi.exe
  C:\Windows\System\YlatoAi.exe
  2⤵
  PID:5376
- C:\Windows\System\ZrjGGNe.exe
  C:\Windows\System\ZrjGGNe.exe
  2⤵
  PID:5408
- C:\Windows\System\XItqJlf.exe
  C:\Windows\System\XItqJlf.exe
  2⤵
  PID:5440
- C:\Windows\System\gOSphLk.exe
  C:\Windows\System\gOSphLk.exe
  2⤵
  PID:5468
- C:\Windows\System\EPJcBux.exe
  C:\Windows\System\EPJcBux.exe
  2⤵
  PID:5492
- C:\Windows\System\bSibyrF.exe
  C:\Windows\System\bSibyrF.exe
  2⤵
  PID:5524
- C:\Windows\System\aqgWLSt.exe
  C:\Windows\System\aqgWLSt.exe
  2⤵
  PID:5552
- C:\Windows\System\ovoaNLL.exe
  C:\Windows\System\ovoaNLL.exe
  2⤵
  PID:5576
- C:\Windows\System\jNYOJLX.exe
  C:\Windows\System\jNYOJLX.exe
  2⤵
  PID:5604
- C:\Windows\System\GFBQphR.exe
  C:\Windows\System\GFBQphR.exe
  2⤵
  PID:5672
- C:\Windows\System\RZXnHLV.exe
  C:\Windows\System\RZXnHLV.exe
  2⤵
  PID:5700
- C:\Windows\System\pzWLjjN.exe
  C:\Windows\System\pzWLjjN.exe
  2⤵
  PID:5724
- C:\Windows\System\RCQsZTU.exe
  C:\Windows\System\RCQsZTU.exe
  2⤵
  PID:5756
- C:\Windows\System\musenRp.exe
  C:\Windows\System\musenRp.exe
  2⤵
  PID:5780
- C:\Windows\System\xqcJFJr.exe
  C:\Windows\System\xqcJFJr.exe
  2⤵
  PID:5812
- C:\Windows\System\hWtgogv.exe
  C:\Windows\System\hWtgogv.exe
  2⤵
  PID:5836
- C:\Windows\System\fgUtaWv.exe
  C:\Windows\System\fgUtaWv.exe
  2⤵
  PID:5868
- C:\Windows\System\OIRYqqr.exe
  C:\Windows\System\OIRYqqr.exe
  2⤵
  PID:5896
- C:\Windows\System\lxgmxmc.exe
  C:\Windows\System\lxgmxmc.exe
  2⤵
  PID:5924
- C:\Windows\System\vYZaSvc.exe
  C:\Windows\System\vYZaSvc.exe
  2⤵
  PID:5952
- C:\Windows\System\mbWxrca.exe
  C:\Windows\System\mbWxrca.exe
  2⤵
  PID:5980
- C:\Windows\System\KhYNEQk.exe
  C:\Windows\System\KhYNEQk.exe
  2⤵
  PID:6012
- C:\Windows\System\fxWFaLq.exe
  C:\Windows\System\fxWFaLq.exe
  2⤵
  PID:6040
- C:\Windows\System\YrXzoWW.exe
  C:\Windows\System\YrXzoWW.exe
  2⤵
  PID:6068
- C:\Windows\System\EkqybWR.exe
  C:\Windows\System\EkqybWR.exe
  2⤵
  PID:6092
- C:\Windows\System\RaAjWck.exe
  C:\Windows\System\RaAjWck.exe
  2⤵
  PID:6124
- C:\Windows\System\QcFUHbI.exe
  C:\Windows\System\QcFUHbI.exe
  2⤵
  PID:5152
- C:\Windows\System\zatMJfb.exe
  C:\Windows\System\zatMJfb.exe
  2⤵
  PID:5212
- C:\Windows\System\Uznxosp.exe
  C:\Windows\System\Uznxosp.exe
  2⤵
  PID:5288
- C:\Windows\System\jsVBDwV.exe
  C:\Windows\System\jsVBDwV.exe
  2⤵
  PID:5336
- C:\Windows\System\fyDvAhO.exe
  C:\Windows\System\fyDvAhO.exe
  2⤵
  PID:5384
- C:\Windows\System\vnyknfS.exe
  C:\Windows\System\vnyknfS.exe
  2⤵
  PID:5540
- C:\Windows\System\mdObGFc.exe
  C:\Windows\System\mdObGFc.exe
  2⤵
  PID:5664
- C:\Windows\System\EUwhwgB.exe
  C:\Windows\System\EUwhwgB.exe
  2⤵
  PID:5772
- C:\Windows\System\VPfBVKI.exe
  C:\Windows\System\VPfBVKI.exe
  2⤵
  PID:5828
- C:\Windows\System\arUubQk.exe
  C:\Windows\System\arUubQk.exe
  2⤵
  PID:6076
- C:\Windows\System\MdwpaGd.exe
  C:\Windows\System\MdwpaGd.exe
  2⤵
  PID:6140
- C:\Windows\System\dwwUFPC.exe
  C:\Windows\System\dwwUFPC.exe
  2⤵
  PID:5484
- C:\Windows\System\BafPskn.exe
  C:\Windows\System\BafPskn.exe
  2⤵
  PID:5852
- C:\Windows\System\clfoujd.exe
  C:\Windows\System\clfoujd.exe
  2⤵
  PID:5448
- C:\Windows\System\XFtINeQ.exe
  C:\Windows\System\XFtINeQ.exe
  2⤵
  PID:5748
- C:\Windows\System\ERPOpPA.exe
  C:\Windows\System\ERPOpPA.exe
  2⤵
  PID:6120
- C:\Windows\System\IZrlIcr.exe
  C:\Windows\System\IZrlIcr.exe
  2⤵
  PID:5908
- C:\Windows\System\vJKvWDX.exe
  C:\Windows\System\vJKvWDX.exe
  2⤵
  PID:5708
- C:\Windows\System\PVGzHFT.exe
  C:\Windows\System\PVGzHFT.exe
  2⤵
  PID:5692
- C:\Windows\System\lNAfysG.exe
  C:\Windows\System\lNAfysG.exe
  2⤵
  PID:6168
- C:\Windows\System\jIDmjqN.exe
  C:\Windows\System\jIDmjqN.exe
  2⤵
  PID:6204
- C:\Windows\System\PDkUZia.exe
  C:\Windows\System\PDkUZia.exe
  2⤵
  PID:6240
- C:\Windows\System\kIkxMHZ.exe
  C:\Windows\System\kIkxMHZ.exe
  2⤵
  PID:6264
- C:\Windows\System\NnzsNHR.exe
  C:\Windows\System\NnzsNHR.exe
  2⤵
  PID:6304
- C:\Windows\System\urjKUcW.exe
  C:\Windows\System\urjKUcW.exe
  2⤵
  PID:6336
- C:\Windows\System\ldqstAZ.exe
  C:\Windows\System\ldqstAZ.exe
  2⤵
  PID:6364
- C:\Windows\System\DWCeThS.exe
  C:\Windows\System\DWCeThS.exe
  2⤵
  PID:6392
- C:\Windows\System\XdPeAna.exe
  C:\Windows\System\XdPeAna.exe
  2⤵
  PID:6412
- C:\Windows\System\aHmoxEs.exe
  C:\Windows\System\aHmoxEs.exe
  2⤵
  PID:6444
- C:\Windows\System\ByLcIBG.exe
  C:\Windows\System\ByLcIBG.exe
  2⤵
  PID:6476
- C:\Windows\System\MzBYwor.exe
  C:\Windows\System\MzBYwor.exe
  2⤵
  PID:6504
- C:\Windows\System\DZKNLmS.exe
  C:\Windows\System\DZKNLmS.exe
  2⤵
  PID:6536
- C:\Windows\System\qXKGwfD.exe
  C:\Windows\System\qXKGwfD.exe
  2⤵
  PID:6564
- C:\Windows\System\lxHqcEX.exe
  C:\Windows\System\lxHqcEX.exe
  2⤵
  PID:6592
- C:\Windows\System\ftidgII.exe
  C:\Windows\System\ftidgII.exe
  2⤵
  PID:6612
- C:\Windows\System\MKqmQhx.exe
  C:\Windows\System\MKqmQhx.exe
  2⤵
  PID:6640
- C:\Windows\System\UPdWrCi.exe
  C:\Windows\System\UPdWrCi.exe
  2⤵
  PID:6680
- C:\Windows\System\grRyRsD.exe
  C:\Windows\System\grRyRsD.exe
  2⤵
  PID:6704
- C:\Windows\System\BbWnvdx.exe
  C:\Windows\System\BbWnvdx.exe
  2⤵
  PID:6736
- C:\Windows\System\PlOPUvf.exe
  C:\Windows\System\PlOPUvf.exe
  2⤵
  PID:6760
- C:\Windows\System\lOXveMH.exe
  C:\Windows\System\lOXveMH.exe
  2⤵
  PID:6792
- C:\Windows\System\shTnjbh.exe
  C:\Windows\System\shTnjbh.exe
  2⤵
  PID:6820
- C:\Windows\System\VbkdLbt.exe
  C:\Windows\System\VbkdLbt.exe
  2⤵
  PID:6848
- C:\Windows\System\ZwyuSNp.exe
  C:\Windows\System\ZwyuSNp.exe
  2⤵
  PID:6872
- C:\Windows\System\CXlJRZW.exe
  C:\Windows\System\CXlJRZW.exe
  2⤵
  PID:6904
- C:\Windows\System\CejQbOo.exe
  C:\Windows\System\CejQbOo.exe
  2⤵
  PID:6932
- C:\Windows\System\WSSTPav.exe
  C:\Windows\System\WSSTPav.exe
  2⤵
  PID:6956
- C:\Windows\System\XRSkwKi.exe
  C:\Windows\System\XRSkwKi.exe
  2⤵
  PID:6988
- C:\Windows\System\eLPkzcY.exe
  C:\Windows\System\eLPkzcY.exe
  2⤵
  PID:7016
- C:\Windows\System\DvauRYk.exe
  C:\Windows\System\DvauRYk.exe
  2⤵
  PID:7044
- C:\Windows\System\yQttTXt.exe
  C:\Windows\System\yQttTXt.exe
  2⤵
  PID:7068
- C:\Windows\System\puaWfVO.exe
  C:\Windows\System\puaWfVO.exe
  2⤵
  PID:7096
- C:\Windows\System\JNaArHM.exe
  C:\Windows\System\JNaArHM.exe
  2⤵
  PID:7124
- C:\Windows\System\WZgHKup.exe
  C:\Windows\System\WZgHKup.exe
  2⤵
  PID:7152
- C:\Windows\System\cgXoTYX.exe
  C:\Windows\System\cgXoTYX.exe
  2⤵
  PID:6196
- C:\Windows\System\BXmFgKX.exe
  C:\Windows\System\BXmFgKX.exe
  2⤵
  PID:6224
- C:\Windows\System\jsOgnYf.exe
  C:\Windows\System\jsOgnYf.exe
  2⤵
  PID:6292
- C:\Windows\System\JdpYlEi.exe
  C:\Windows\System\JdpYlEi.exe
  2⤵
  PID:6352
- C:\Windows\System\UIRlXqM.exe
  C:\Windows\System\UIRlXqM.exe
  2⤵
  PID:6420
- C:\Windows\System\YsESoZA.exe
  C:\Windows\System\YsESoZA.exe
  2⤵
  PID:5876
- C:\Windows\System\mpqfOGx.exe
  C:\Windows\System\mpqfOGx.exe
  2⤵
  PID:6492
- C:\Windows\System\bwThveH.exe
  C:\Windows\System\bwThveH.exe
  2⤵
  PID:6576
- C:\Windows\System\VNamWmK.exe
  C:\Windows\System\VNamWmK.exe
  2⤵
  PID:2040
- C:\Windows\System\wwLNukW.exe
  C:\Windows\System\wwLNukW.exe
  2⤵
  PID:1508
- C:\Windows\System\ZhtfCTC.exe
  C:\Windows\System\ZhtfCTC.exe
  2⤵
  PID:6632
- C:\Windows\System\bNbNnXO.exe
  C:\Windows\System\bNbNnXO.exe
  2⤵
  PID:6696
- C:\Windows\System\wUDDELI.exe
  C:\Windows\System\wUDDELI.exe
  2⤵
  PID:6788
- C:\Windows\System\wflYyXv.exe
  C:\Windows\System\wflYyXv.exe
  2⤵
  PID:6884
- C:\Windows\System\yhlpxYC.exe
  C:\Windows\System\yhlpxYC.exe
  2⤵
  PID:6980
- C:\Windows\System\UyWOIxy.exe
  C:\Windows\System\UyWOIxy.exe
  2⤵
  PID:7052
- C:\Windows\System\kojJTbw.exe
  C:\Windows\System\kojJTbw.exe
  2⤵
  PID:7108
- C:\Windows\System\OWsQzXU.exe
  C:\Windows\System\OWsQzXU.exe
  2⤵
  PID:7160
- C:\Windows\System\UiqJkXI.exe
  C:\Windows\System\UiqJkXI.exe
  2⤵
  PID:964
- C:\Windows\System\VxNuhHJ.exe
  C:\Windows\System\VxNuhHJ.exe
  2⤵
  PID:6344
- C:\Windows\System\kjyiLyV.exe
  C:\Windows\System\kjyiLyV.exe
  2⤵
  PID:6532
- C:\Windows\System\ZtTIxgr.exe
  C:\Windows\System\ZtTIxgr.exe
  2⤵
  PID:6608
- C:\Windows\System\xCwQXdJ.exe
  C:\Windows\System\xCwQXdJ.exe
  2⤵
  PID:6816
- C:\Windows\System\nYSUVak.exe
  C:\Windows\System\nYSUVak.exe
  2⤵
  PID:6544
- C:\Windows\System\xYqCLYI.exe
  C:\Windows\System\xYqCLYI.exe
  2⤵
  PID:7144
- C:\Windows\System\vWOjnDR.exe
  C:\Windows\System\vWOjnDR.exe
  2⤵
  PID:6400
- C:\Windows\System\cWfDopm.exe
  C:\Windows\System\cWfDopm.exe
  2⤵
  PID:4792
- C:\Windows\System\WmgMqtp.exe
  C:\Windows\System\WmgMqtp.exe
  2⤵
  PID:6744
- C:\Windows\System\IznyydJ.exe
  C:\Windows\System\IznyydJ.exe
  2⤵
  PID:7076
- C:\Windows\System\CdgCrBi.exe
  C:\Windows\System\CdgCrBi.exe
  2⤵
  PID:2784
- C:\Windows\System\lBghxPR.exe
  C:\Windows\System\lBghxPR.exe
  2⤵
  PID:7136
- C:\Windows\System\GPyrzYv.exe
  C:\Windows\System\GPyrzYv.exe
  2⤵
  PID:7008
- C:\Windows\System\mtdEPnT.exe
  C:\Windows\System\mtdEPnT.exe
  2⤵
  PID:7180
- C:\Windows\System\PFkLAjT.exe
  C:\Windows\System\PFkLAjT.exe
  2⤵
  PID:7208
- C:\Windows\System\tvuvlPP.exe
  C:\Windows\System\tvuvlPP.exe
  2⤵
  PID:7244
- C:\Windows\System\qYqDFMY.exe
  C:\Windows\System\qYqDFMY.exe
  2⤵
  PID:7280
- C:\Windows\System\jkkqKiN.exe
  C:\Windows\System\jkkqKiN.exe
  2⤵
  PID:7308
- C:\Windows\System\EgjYjHy.exe
  C:\Windows\System\EgjYjHy.exe
  2⤵
  PID:7336
- C:\Windows\System\aaDMZEE.exe
  C:\Windows\System\aaDMZEE.exe
  2⤵
  PID:7356
- C:\Windows\System\RVIxnio.exe
  C:\Windows\System\RVIxnio.exe
  2⤵
  PID:7384
- C:\Windows\System\sfhGYnR.exe
  C:\Windows\System\sfhGYnR.exe
  2⤵
  PID:7412
- C:\Windows\System\ERUDygc.exe
  C:\Windows\System\ERUDygc.exe
  2⤵
  PID:7440
- C:\Windows\System\yLDmACh.exe
  C:\Windows\System\yLDmACh.exe
  2⤵
  PID:7468
- C:\Windows\System\WNfeAGB.exe
  C:\Windows\System\WNfeAGB.exe
  2⤵
  PID:7496
- C:\Windows\System\LaqacQU.exe
  C:\Windows\System\LaqacQU.exe
  2⤵
  PID:7524
- C:\Windows\System\nBXVKOB.exe
  C:\Windows\System\nBXVKOB.exe
  2⤵
  PID:7568
- C:\Windows\System\ZEylfvS.exe
  C:\Windows\System\ZEylfvS.exe
  2⤵
  PID:7584
- C:\Windows\System\jrDlNGD.exe
  C:\Windows\System\jrDlNGD.exe
  2⤵
  PID:7612
- C:\Windows\System\wsQFvRc.exe
  C:\Windows\System\wsQFvRc.exe
  2⤵
  PID:7640
- C:\Windows\System\MWHUJrj.exe
  C:\Windows\System\MWHUJrj.exe
  2⤵
  PID:7668
- C:\Windows\System\yqcPyLx.exe
  C:\Windows\System\yqcPyLx.exe
  2⤵
  PID:7696
- C:\Windows\System\SHAEhus.exe
  C:\Windows\System\SHAEhus.exe
  2⤵
  PID:7724
- C:\Windows\System\njUmaGw.exe
  C:\Windows\System\njUmaGw.exe
  2⤵
  PID:7752
- C:\Windows\System\tblPaGi.exe
  C:\Windows\System\tblPaGi.exe
  2⤵
  PID:7780
- C:\Windows\System\jcGJFLJ.exe
  C:\Windows\System\jcGJFLJ.exe
  2⤵
  PID:7808
- C:\Windows\System\xtHGgeQ.exe
  C:\Windows\System\xtHGgeQ.exe
  2⤵
  PID:7848
- C:\Windows\System\LISmKEj.exe
  C:\Windows\System\LISmKEj.exe
  2⤵
  PID:7868
- C:\Windows\System\QNvJthj.exe
  C:\Windows\System\QNvJthj.exe
  2⤵
  PID:7896
- C:\Windows\System\SLfvzoD.exe
  C:\Windows\System\SLfvzoD.exe
  2⤵
  PID:7924
- C:\Windows\System\blBesoY.exe
  C:\Windows\System\blBesoY.exe
  2⤵
  PID:7952
- C:\Windows\System\Dqaabol.exe
  C:\Windows\System\Dqaabol.exe
  2⤵
  PID:7980
- C:\Windows\System\XjHJvsF.exe
  C:\Windows\System\XjHJvsF.exe
  2⤵
  PID:8008
- C:\Windows\System\golIEzk.exe
  C:\Windows\System\golIEzk.exe
  2⤵
  PID:8036
- C:\Windows\System\bbJPDuF.exe
  C:\Windows\System\bbJPDuF.exe
  2⤵
  PID:8064
- C:\Windows\System\PiVioOR.exe
  C:\Windows\System\PiVioOR.exe
  2⤵
  PID:8092
- C:\Windows\System\wFgmhTT.exe
  C:\Windows\System\wFgmhTT.exe
  2⤵
  PID:8120
- C:\Windows\System\XBKkqNf.exe
  C:\Windows\System\XBKkqNf.exe
  2⤵
  PID:8148
- C:\Windows\System\BOMxIQi.exe
  C:\Windows\System\BOMxIQi.exe
  2⤵
  PID:8176
- C:\Windows\System\avZleZS.exe
  C:\Windows\System\avZleZS.exe
  2⤵
  PID:7200
- C:\Windows\System\FOsEvlY.exe
  C:\Windows\System\FOsEvlY.exe
  2⤵
  PID:7260
- C:\Windows\System\dsghrTa.exe
  C:\Windows\System\dsghrTa.exe
  2⤵
  PID:7324
- C:\Windows\System\PHYnPvA.exe
  C:\Windows\System\PHYnPvA.exe
  2⤵
  PID:4816
- C:\Windows\System\VYSMhZU.exe
  C:\Windows\System\VYSMhZU.exe
  2⤵
  PID:7432
- C:\Windows\System\XhbLPBg.exe
  C:\Windows\System\XhbLPBg.exe
  2⤵
  PID:7492
- C:\Windows\System\hAhImVc.exe
  C:\Windows\System\hAhImVc.exe
  2⤵
  PID:7536
- C:\Windows\System\VnEdFLD.exe
  C:\Windows\System\VnEdFLD.exe
  2⤵
  PID:7604
- C:\Windows\System\tlQnhQd.exe
  C:\Windows\System\tlQnhQd.exe
  2⤵
  PID:7652
- C:\Windows\System\gYABKKW.exe
  C:\Windows\System\gYABKKW.exe
  2⤵
  PID:7716
- C:\Windows\System\acNkEAl.exe
  C:\Windows\System\acNkEAl.exe
  2⤵
  PID:7792
- C:\Windows\System\BMoNkOh.exe
  C:\Windows\System\BMoNkOh.exe
  2⤵
  PID:7856
- C:\Windows\System\RRDiddm.exe
  C:\Windows\System\RRDiddm.exe
  2⤵
  PID:7920
- C:\Windows\System\PfJPFIF.exe
  C:\Windows\System\PfJPFIF.exe
  2⤵
  PID:7972
- C:\Windows\System\ySwsyIo.exe
  C:\Windows\System\ySwsyIo.exe
  2⤵
  PID:8032
- C:\Windows\System\ueiQvPA.exe
  C:\Windows\System\ueiQvPA.exe
  2⤵
  PID:8104
- C:\Windows\System\gkovdbw.exe
  C:\Windows\System\gkovdbw.exe
  2⤵
  PID:8168
- C:\Windows\System\knurORU.exe
  C:\Windows\System\knurORU.exe
  2⤵
  PID:7228
- C:\Windows\System\eLDWUPa.exe
  C:\Windows\System\eLDWUPa.exe
  2⤵
  PID:7408
- C:\Windows\System\ZfvlXfu.exe
  C:\Windows\System\ZfvlXfu.exe
  2⤵
  PID:2336
- C:\Windows\System\thXKSON.exe
  C:\Windows\System\thXKSON.exe
  2⤵
  PID:7632
- C:\Windows\System\SAmUXMJ.exe
  C:\Windows\System\SAmUXMJ.exe
  2⤵
  PID:7772
- C:\Windows\System\yVCUtMT.exe
  C:\Windows\System\yVCUtMT.exe
  2⤵
  PID:7944
- C:\Windows\System\XNRAWnM.exe
  C:\Windows\System\XNRAWnM.exe
  2⤵
  PID:8084
- C:\Windows\System\SBJlfvL.exe
  C:\Windows\System\SBJlfvL.exe
  2⤵
  PID:7220
- C:\Windows\System\dLfVVGr.exe
  C:\Windows\System\dLfVVGr.exe
  2⤵
  PID:7548
- C:\Windows\System\myeZASt.exe
  C:\Windows\System\myeZASt.exe
  2⤵
  PID:7888
- C:\Windows\System\tomMLiz.exe
  C:\Windows\System\tomMLiz.exe
  2⤵
  PID:7192
- C:\Windows\System\KvdtLPL.exe
  C:\Windows\System\KvdtLPL.exe
  2⤵
  PID:8056
- C:\Windows\System\unKfhGA.exe
  C:\Windows\System\unKfhGA.exe
  2⤵
  PID:7188
- C:\Windows\System\apEHeGG.exe
  C:\Windows\System\apEHeGG.exe
  2⤵
  PID:8212
- C:\Windows\System\dkdtEcE.exe
  C:\Windows\System\dkdtEcE.exe
  2⤵
  PID:8240
- C:\Windows\System\DFDrjMa.exe
  C:\Windows\System\DFDrjMa.exe
  2⤵
  PID:8268
- C:\Windows\System\LYXEHev.exe
  C:\Windows\System\LYXEHev.exe
  2⤵
  PID:8296
- C:\Windows\System\pqNUoCP.exe
  C:\Windows\System\pqNUoCP.exe
  2⤵
  PID:8328
- C:\Windows\System\URhWJwy.exe
  C:\Windows\System\URhWJwy.exe
  2⤵
  PID:8356
- C:\Windows\System\LAkGzmX.exe
  C:\Windows\System\LAkGzmX.exe
  2⤵
  PID:8384
- C:\Windows\System\FkCdPUV.exe
  C:\Windows\System\FkCdPUV.exe
  2⤵
  PID:8412
- C:\Windows\System\pEaZHBU.exe
  C:\Windows\System\pEaZHBU.exe
  2⤵
  PID:8440
- C:\Windows\System\ZLddlwY.exe
  C:\Windows\System\ZLddlwY.exe
  2⤵
  PID:8468
- C:\Windows\System\QWkgPab.exe
  C:\Windows\System\QWkgPab.exe
  2⤵
  PID:8496
- C:\Windows\System\vLQiIvv.exe
  C:\Windows\System\vLQiIvv.exe
  2⤵
  PID:8524
- C:\Windows\System\fFYcpiM.exe
  C:\Windows\System\fFYcpiM.exe
  2⤵
  PID:8552
- C:\Windows\System\OcXochW.exe
  C:\Windows\System\OcXochW.exe
  2⤵
  PID:8580
- C:\Windows\System\JZGNqxw.exe
  C:\Windows\System\JZGNqxw.exe
  2⤵
  PID:8608
- C:\Windows\System\ajouIVO.exe
  C:\Windows\System\ajouIVO.exe
  2⤵
  PID:8636
- C:\Windows\System\BLrBvyU.exe
  C:\Windows\System\BLrBvyU.exe
  2⤵
  PID:8664
- C:\Windows\System\GKHgQBT.exe
  C:\Windows\System\GKHgQBT.exe
  2⤵
  PID:8692
- C:\Windows\System\RaiwsCf.exe
  C:\Windows\System\RaiwsCf.exe
  2⤵
  PID:8720
- C:\Windows\System\DELHfPl.exe
  C:\Windows\System\DELHfPl.exe
  2⤵
  PID:8748
- C:\Windows\System\XYFJrCs.exe
  C:\Windows\System\XYFJrCs.exe
  2⤵
  PID:8776
- C:\Windows\System\sTgOzns.exe
  C:\Windows\System\sTgOzns.exe
  2⤵
  PID:8804
- C:\Windows\System\TgWwAil.exe
  C:\Windows\System\TgWwAil.exe
  2⤵
  PID:8832
- C:\Windows\System\JsSXhRv.exe
  C:\Windows\System\JsSXhRv.exe
  2⤵
  PID:8860
- C:\Windows\System\fFJmMXE.exe
  C:\Windows\System\fFJmMXE.exe
  2⤵
  PID:8888
- C:\Windows\System\mZLmist.exe
  C:\Windows\System\mZLmist.exe
  2⤵
  PID:8920
- C:\Windows\System\UwVfinw.exe
  C:\Windows\System\UwVfinw.exe
  2⤵
  PID:8948
- C:\Windows\System\zpDeffR.exe
  C:\Windows\System\zpDeffR.exe
  2⤵
  PID:8980
- C:\Windows\System\IbNcOYg.exe
  C:\Windows\System\IbNcOYg.exe
  2⤵
  PID:9008
- C:\Windows\System\MhXImQB.exe
  C:\Windows\System\MhXImQB.exe
  2⤵
  PID:9036
- C:\Windows\System\bBnnuwX.exe
  C:\Windows\System\bBnnuwX.exe
  2⤵
  PID:9064
- C:\Windows\System\ezOgvuW.exe
  C:\Windows\System\ezOgvuW.exe
  2⤵
  PID:9092
- C:\Windows\System\xsqzhKo.exe
  C:\Windows\System\xsqzhKo.exe
  2⤵
  PID:9120
- C:\Windows\System\XSrMQgL.exe
  C:\Windows\System\XSrMQgL.exe
  2⤵
  PID:9148
- C:\Windows\System\EbDaWOf.exe
  C:\Windows\System\EbDaWOf.exe
  2⤵
  PID:9176
- C:\Windows\System\PpzyPcu.exe
  C:\Windows\System\PpzyPcu.exe
  2⤵
  PID:9204
- C:\Windows\System\hTybLda.exe
  C:\Windows\System\hTybLda.exe
  2⤵
  PID:8232
- C:\Windows\System\KXDXJCT.exe
  C:\Windows\System\KXDXJCT.exe
  2⤵
  PID:8292
- C:\Windows\System\jYNuBYL.exe
  C:\Windows\System\jYNuBYL.exe
  2⤵
  PID:8368
- C:\Windows\System\eqFSbPR.exe
  C:\Windows\System\eqFSbPR.exe
  2⤵
  PID:8432
- C:\Windows\System\zMVwBQM.exe
  C:\Windows\System\zMVwBQM.exe
  2⤵
  PID:8492
- C:\Windows\System\tpUjDPw.exe
  C:\Windows\System\tpUjDPw.exe
  2⤵
  PID:8564
- C:\Windows\System\ZemzNOq.exe
  C:\Windows\System\ZemzNOq.exe
  2⤵
  PID:8632
- C:\Windows\System\ROCNqZu.exe
  C:\Windows\System\ROCNqZu.exe
  2⤵
  PID:8688
- C:\Windows\System\xWxARuP.exe
  C:\Windows\System\xWxARuP.exe
  2⤵
  PID:8760
- C:\Windows\System\nqWBtEQ.exe
  C:\Windows\System\nqWBtEQ.exe
  2⤵
  PID:8824
- C:\Windows\System\TcKZWjB.exe
  C:\Windows\System\TcKZWjB.exe
  2⤵
  PID:8884
- C:\Windows\System\BYXXBuS.exe
  C:\Windows\System\BYXXBuS.exe
  2⤵
  PID:8944
- C:\Windows\System\CEhKBFx.exe
  C:\Windows\System\CEhKBFx.exe
  2⤵
  PID:9020
- C:\Windows\System\pLNgmdM.exe
  C:\Windows\System\pLNgmdM.exe
  2⤵
  PID:9084
- C:\Windows\System\spUBKmy.exe
  C:\Windows\System\spUBKmy.exe
  2⤵
  PID:9144
- C:\Windows\System\dCMACmn.exe
  C:\Windows\System\dCMACmn.exe
  2⤵
  PID:8208
- C:\Windows\System\irqxrrO.exe
  C:\Windows\System\irqxrrO.exe
  2⤵
  PID:8352
- C:\Windows\System\EBIDfGz.exe
  C:\Windows\System\EBIDfGz.exe
  2⤵
  PID:8520
- C:\Windows\System\vUmxUoj.exe
  C:\Windows\System\vUmxUoj.exe
  2⤵
  PID:8676
- C:\Windows\System\RxwCCbp.exe
  C:\Windows\System\RxwCCbp.exe
  2⤵
  PID:8800
- C:\Windows\System\ziMQxIA.exe
  C:\Windows\System\ziMQxIA.exe
  2⤵
  PID:8940
- C:\Windows\System\nptjzVo.exe
  C:\Windows\System\nptjzVo.exe
  2⤵
  PID:9112
- C:\Windows\System\nvEJjXD.exe
  C:\Windows\System\nvEJjXD.exe
  2⤵
  PID:8324
- C:\Windows\System\Wydezva.exe
  C:\Windows\System\Wydezva.exe
  2⤵
  PID:8656
- C:\Windows\System\EGdlmas.exe
  C:\Windows\System\EGdlmas.exe
  2⤵
  PID:9004
- C:\Windows\System\JoOUxnq.exe
  C:\Windows\System\JoOUxnq.exe
  2⤵
  PID:8796
- C:\Windows\System\jjAViSJ.exe
  C:\Windows\System\jjAViSJ.exe
  2⤵
  PID:8480
- C:\Windows\System\plBTpuV.exe
  C:\Windows\System\plBTpuV.exe
  2⤵
  PID:9232
- C:\Windows\System\BBhNbdm.exe
  C:\Windows\System\BBhNbdm.exe
  2⤵
  PID:9260
- C:\Windows\System\zeHREEJ.exe
  C:\Windows\System\zeHREEJ.exe
  2⤵
  PID:9288
- C:\Windows\System\HnvwCbf.exe
  C:\Windows\System\HnvwCbf.exe
  2⤵
  PID:9316
- C:\Windows\System\ZetrfuF.exe
  C:\Windows\System\ZetrfuF.exe
  2⤵
  PID:9344
- C:\Windows\System\AdnNxhJ.exe
  C:\Windows\System\AdnNxhJ.exe
  2⤵
  PID:9372
- C:\Windows\System\YMEngIf.exe
  C:\Windows\System\YMEngIf.exe
  2⤵
  PID:9400
- C:\Windows\System\AMnozNb.exe
  C:\Windows\System\AMnozNb.exe
  2⤵
  PID:9428
- C:\Windows\System\KrGAmWy.exe
  C:\Windows\System\KrGAmWy.exe
  2⤵
  PID:9456
- C:\Windows\System\CDpyTPB.exe
  C:\Windows\System\CDpyTPB.exe
  2⤵
  PID:9484
- C:\Windows\System\CSLatZw.exe
  C:\Windows\System\CSLatZw.exe
  2⤵
  PID:9512
- C:\Windows\System\QfCecVp.exe
  C:\Windows\System\QfCecVp.exe
  2⤵
  PID:9540
- C:\Windows\System\qJPZqkW.exe
  C:\Windows\System\qJPZqkW.exe
  2⤵
  PID:9572
- C:\Windows\System\RREopbG.exe
  C:\Windows\System\RREopbG.exe
  2⤵
  PID:9600
- C:\Windows\System\isYsYGA.exe
  C:\Windows\System\isYsYGA.exe
  2⤵
  PID:9628
- C:\Windows\System\BdXUhcx.exe
  C:\Windows\System\BdXUhcx.exe
  2⤵
  PID:9656
- C:\Windows\System\EsHIlYt.exe
  C:\Windows\System\EsHIlYt.exe
  2⤵
  PID:9684
- C:\Windows\System\GKSqARw.exe
  C:\Windows\System\GKSqARw.exe
  2⤵
  PID:9712
- C:\Windows\System\LyCpqYQ.exe
  C:\Windows\System\LyCpqYQ.exe
  2⤵
  PID:9740
- C:\Windows\System\DNwDscc.exe
  C:\Windows\System\DNwDscc.exe
  2⤵
  PID:9768
- C:\Windows\System\HOgGMPM.exe
  C:\Windows\System\HOgGMPM.exe
  2⤵
  PID:9796
- C:\Windows\System\UzOSAGC.exe
  C:\Windows\System\UzOSAGC.exe
  2⤵
  PID:9824
- C:\Windows\System\GRzJUbu.exe
  C:\Windows\System\GRzJUbu.exe
  2⤵
  PID:9852
- C:\Windows\System\MJJYrYw.exe
  C:\Windows\System\MJJYrYw.exe
  2⤵
  PID:9880
- C:\Windows\System\uPSBSHy.exe
  C:\Windows\System\uPSBSHy.exe
  2⤵
  PID:9908
- C:\Windows\System\OYSTtqa.exe
  C:\Windows\System\OYSTtqa.exe
  2⤵
  PID:9936
- C:\Windows\System\mGBQIXX.exe
  C:\Windows\System\mGBQIXX.exe
  2⤵
  PID:9964
- C:\Windows\System\mJgyyLO.exe
  C:\Windows\System\mJgyyLO.exe
  2⤵
  PID:9992
- C:\Windows\System\BqPKbye.exe
  C:\Windows\System\BqPKbye.exe
  2⤵
  PID:10020
- C:\Windows\System\wtXlDfG.exe
  C:\Windows\System\wtXlDfG.exe
  2⤵
  PID:10048
- C:\Windows\System\ajmRvDD.exe
  C:\Windows\System\ajmRvDD.exe
  2⤵
  PID:10076
- C:\Windows\System\CeQfDlv.exe
  C:\Windows\System\CeQfDlv.exe
  2⤵
  PID:10104
- C:\Windows\System\pVijQXM.exe
  C:\Windows\System\pVijQXM.exe
  2⤵
  PID:10132
- C:\Windows\System\KsolQCK.exe
  C:\Windows\System\KsolQCK.exe
  2⤵
  PID:10172
- C:\Windows\System\YrltIII.exe
  C:\Windows\System\YrltIII.exe
  2⤵
  PID:10188
- C:\Windows\System\OWOIUQA.exe
  C:\Windows\System\OWOIUQA.exe
  2⤵
  PID:10216
- C:\Windows\System\omdmWLl.exe
  C:\Windows\System\omdmWLl.exe
  2⤵
  PID:9224
- C:\Windows\System\EiFGVVS.exe
  C:\Windows\System\EiFGVVS.exe
  2⤵
  PID:9300
- C:\Windows\System\myyfyrB.exe
  C:\Windows\System\myyfyrB.exe
  2⤵
  PID:9364
- C:\Windows\System\XyqaISH.exe
  C:\Windows\System\XyqaISH.exe
  2⤵
  PID:9420
- C:\Windows\System\RXXhGMw.exe
  C:\Windows\System\RXXhGMw.exe
  2⤵
  PID:9480
- C:\Windows\System\GyXHlyh.exe
  C:\Windows\System\GyXHlyh.exe
  2⤵
  PID:9552
- C:\Windows\System\HizneGH.exe
  C:\Windows\System\HizneGH.exe
  2⤵
  PID:9620
- C:\Windows\System\FaxrLKm.exe
  C:\Windows\System\FaxrLKm.exe
  2⤵
  PID:9680
- C:\Windows\System\pGXAGHL.exe
  C:\Windows\System\pGXAGHL.exe
  2⤵
  PID:9752
- C:\Windows\System\xcbgBpJ.exe
  C:\Windows\System\xcbgBpJ.exe
  2⤵
  PID:9816
- C:\Windows\System\osFtlst.exe
  C:\Windows\System\osFtlst.exe
  2⤵
  PID:9876
- C:\Windows\System\DUVrLMd.exe
  C:\Windows\System\DUVrLMd.exe
  2⤵
  PID:9948
- C:\Windows\System\nsHkvvi.exe
  C:\Windows\System\nsHkvvi.exe
  2⤵
  PID:3912
- C:\Windows\System\QAWmYRM.exe
  C:\Windows\System\QAWmYRM.exe
  2⤵
  PID:10060
- C:\Windows\System\CHTvtMF.exe
  C:\Windows\System\CHTvtMF.exe
  2⤵
  PID:10128
- C:\Windows\System\UWVctfX.exe
  C:\Windows\System\UWVctfX.exe
  2⤵
  PID:2308
- C:\Windows\System\wQpgrGE.exe
  C:\Windows\System\wQpgrGE.exe
  2⤵
  PID:10200
- C:\Windows\System\PGXgdIy.exe
  C:\Windows\System\PGXgdIy.exe
  2⤵
  PID:9284
- C:\Windows\System\PXntpyv.exe
  C:\Windows\System\PXntpyv.exe
  2⤵
  PID:9412
- C:\Windows\System\scVbfJD.exe
  C:\Windows\System\scVbfJD.exe
  2⤵
  PID:9584
- C:\Windows\System\phiZaEj.exe
  C:\Windows\System\phiZaEj.exe
  2⤵
  PID:9732
- C:\Windows\System\JAViGDa.exe
  C:\Windows\System\JAViGDa.exe
  2⤵
  PID:9872
- C:\Windows\System\szQEzqB.exe
  C:\Windows\System\szQEzqB.exe
  2⤵
  PID:10016
- C:\Windows\System\AYpGQwr.exe
  C:\Windows\System\AYpGQwr.exe
  2⤵
  PID:10152
- C:\Windows\System\RkSNxDZ.exe
  C:\Windows\System\RkSNxDZ.exe
  2⤵
  PID:9252
- C:\Windows\System\CydDiES.exe
  C:\Windows\System\CydDiES.exe
  2⤵
  PID:9648
- C:\Windows\System\ojECxpk.exe
  C:\Windows\System\ojECxpk.exe
  2⤵
  PID:9988
- C:\Windows\System\zpekNFD.exe
  C:\Windows\System\zpekNFD.exe
  2⤵
  PID:10228
- C:\Windows\System\IeqAnvo.exe
  C:\Windows\System\IeqAnvo.exe
  2⤵
  PID:9932
- C:\Windows\System\jOlmsne.exe
  C:\Windows\System\jOlmsne.exe
  2⤵
  PID:9864
- C:\Windows\System\OGEAzso.exe
  C:\Windows\System\OGEAzso.exe
  2⤵
  PID:10268
- C:\Windows\System\zPgqcde.exe
  C:\Windows\System\zPgqcde.exe
  2⤵
  PID:10296
- C:\Windows\System\ExzkuVt.exe
  C:\Windows\System\ExzkuVt.exe
  2⤵
  PID:10324
- C:\Windows\System\UbvjHOq.exe
  C:\Windows\System\UbvjHOq.exe
  2⤵
  PID:10352
- C:\Windows\System\UvYBqeG.exe
  C:\Windows\System\UvYBqeG.exe
  2⤵
  PID:10380
- C:\Windows\System\HooCSfj.exe
  C:\Windows\System\HooCSfj.exe
  2⤵
  PID:10408
- C:\Windows\System\zyXQbVd.exe
  C:\Windows\System\zyXQbVd.exe
  2⤵
  PID:10436
- C:\Windows\System\BUXerpa.exe
  C:\Windows\System\BUXerpa.exe
  2⤵
  PID:10464
- C:\Windows\System\hwMWVil.exe
  C:\Windows\System\hwMWVil.exe
  2⤵
  PID:10492
- C:\Windows\System\NbutTlL.exe
  C:\Windows\System\NbutTlL.exe
  2⤵
  PID:10520
- C:\Windows\System\miKvkkd.exe
  C:\Windows\System\miKvkkd.exe
  2⤵
  PID:10548
- C:\Windows\System\fkAkwRr.exe
  C:\Windows\System\fkAkwRr.exe
  2⤵
  PID:10576
- C:\Windows\System\KHixPhB.exe
  C:\Windows\System\KHixPhB.exe
  2⤵
  PID:10604
- C:\Windows\System\yifxJTQ.exe
  C:\Windows\System\yifxJTQ.exe
  2⤵
  PID:10632
- C:\Windows\System\GUvzMtm.exe
  C:\Windows\System\GUvzMtm.exe
  2⤵
  PID:10660
- C:\Windows\System\JmkNNzt.exe
  C:\Windows\System\JmkNNzt.exe
  2⤵
  PID:10688
- C:\Windows\System\QowKdmZ.exe
  C:\Windows\System\QowKdmZ.exe
  2⤵
  PID:10716
- C:\Windows\System\WYHeOYp.exe
  C:\Windows\System\WYHeOYp.exe
  2⤵
  PID:10744
- C:\Windows\System\ZipTdfF.exe
  C:\Windows\System\ZipTdfF.exe
  2⤵
  PID:10772
- C:\Windows\System\YLPQasb.exe
  C:\Windows\System\YLPQasb.exe
  2⤵
  PID:10800
- C:\Windows\System\pDeKDIE.exe
  C:\Windows\System\pDeKDIE.exe
  2⤵
  PID:10828
- C:\Windows\System\rkUTKpo.exe
  C:\Windows\System\rkUTKpo.exe
  2⤵
  PID:10856
- C:\Windows\System\AtUkCKw.exe
  C:\Windows\System\AtUkCKw.exe
  2⤵
  PID:10884
- C:\Windows\System\spnGWFp.exe
  C:\Windows\System\spnGWFp.exe
  2⤵
  PID:10912
- C:\Windows\System\tUVVnSf.exe
  C:\Windows\System\tUVVnSf.exe
  2⤵
  PID:10940
- C:\Windows\System\jmttsBv.exe
  C:\Windows\System\jmttsBv.exe
  2⤵
  PID:10968
- C:\Windows\System\dQxlfoE.exe
  C:\Windows\System\dQxlfoE.exe
  2⤵
  PID:10996
- C:\Windows\System\sqqGaAc.exe
  C:\Windows\System\sqqGaAc.exe
  2⤵
  PID:11040
- C:\Windows\System\EMDfmkh.exe
  C:\Windows\System\EMDfmkh.exe
  2⤵
  PID:11056
- C:\Windows\System\btTJJaY.exe
  C:\Windows\System\btTJJaY.exe
  2⤵
  PID:11084
- C:\Windows\System\lGvKmCR.exe
  C:\Windows\System\lGvKmCR.exe
  2⤵
  PID:11112
- C:\Windows\System\sOGlPee.exe
  C:\Windows\System\sOGlPee.exe
  2⤵
  PID:11140
- C:\Windows\System\bpRBDnj.exe
  C:\Windows\System\bpRBDnj.exe
  2⤵
  PID:11168
- C:\Windows\System\YMpjdEz.exe
  C:\Windows\System\YMpjdEz.exe
  2⤵
  PID:11196
- C:\Windows\System\OoahySN.exe
  C:\Windows\System\OoahySN.exe
  2⤵
  PID:11224
- C:\Windows\System\wwiGBDh.exe
  C:\Windows\System\wwiGBDh.exe
  2⤵
  PID:11252
- C:\Windows\System\yoHjRBH.exe
  C:\Windows\System\yoHjRBH.exe
  2⤵
  PID:10280
- C:\Windows\System\JSjMgcQ.exe
  C:\Windows\System\JSjMgcQ.exe
  2⤵
  PID:10344
- C:\Windows\System\kHepWZD.exe
  C:\Windows\System\kHepWZD.exe
  2⤵
  PID:10404
- C:\Windows\System\hZUYVIw.exe
  C:\Windows\System\hZUYVIw.exe
  2⤵
  PID:10476
- C:\Windows\System\LcSLwpT.exe
  C:\Windows\System\LcSLwpT.exe
  2⤵
  PID:10540
- C:\Windows\System\uClEjrp.exe
  C:\Windows\System\uClEjrp.exe
  2⤵
  PID:10600
- C:\Windows\System\WPsmCGR.exe
  C:\Windows\System\WPsmCGR.exe
  2⤵
  PID:10680
- C:\Windows\System\lSuYiKF.exe
  C:\Windows\System\lSuYiKF.exe
  2⤵
  PID:10740
- C:\Windows\System\GNueDpu.exe
  C:\Windows\System\GNueDpu.exe
  2⤵
  PID:10792
- C:\Windows\System\uyeYNhy.exe
  C:\Windows\System\uyeYNhy.exe
  2⤵
  PID:9792
- C:\Windows\System\RMHyDNR.exe
  C:\Windows\System\RMHyDNR.exe
  2⤵
  PID:10936
- C:\Windows\System\YxlRrhz.exe
  C:\Windows\System\YxlRrhz.exe
  2⤵
  PID:11032
- C:\Windows\System\hMptoyn.exe
  C:\Windows\System\hMptoyn.exe
  2⤵
  PID:11132
- C:\Windows\System\oLTkaGL.exe
  C:\Windows\System\oLTkaGL.exe
  2⤵
  PID:11236
- C:\Windows\System\BeRmomJ.exe
  C:\Windows\System\BeRmomJ.exe
  2⤵
  PID:10320
- C:\Windows\System\cpdgwfk.exe
  C:\Windows\System\cpdgwfk.exe
  2⤵
  PID:10460
- C:\Windows\System\KZjQmAG.exe
  C:\Windows\System\KZjQmAG.exe
  2⤵
  PID:10628
- C:\Windows\System\uqGrOCz.exe
  C:\Windows\System\uqGrOCz.exe
  2⤵
  PID:4452
- C:\Windows\System\YiuUtSx.exe
  C:\Windows\System\YiuUtSx.exe
  2⤵
  PID:10924
- C:\Windows\System\CkVvjly.exe
  C:\Windows\System\CkVvjly.exe
  2⤵
  PID:10992
- C:\Windows\System\smqcMjX.exe
  C:\Windows\System\smqcMjX.exe
  2⤵
  PID:10652
- C:\Windows\System\mtibzvG.exe
  C:\Windows\System\mtibzvG.exe
  2⤵
  PID:11104
- C:\Windows\System\WmOXPXi.exe
  C:\Windows\System\WmOXPXi.exe
  2⤵
  PID:2616
- C:\Windows\System\MBqgUzz.exe
  C:\Windows\System\MBqgUzz.exe
  2⤵
  PID:10392
- C:\Windows\System\Ebbkfxi.exe
  C:\Windows\System\Ebbkfxi.exe
  2⤵
  PID:10656
- C:\Windows\System\VNotVom.exe
  C:\Windows\System\VNotVom.exe
  2⤵
  PID:1344
- C:\Windows\System\fHnaifr.exe
  C:\Windows\System\fHnaifr.exe
  2⤵
  PID:10764
- C:\Windows\System\WgQxJNg.exe
  C:\Windows\System\WgQxJNg.exe
  2⤵
  PID:10264
- C:\Windows\System\MgMZbbP.exe
  C:\Windows\System\MgMZbbP.exe
  2⤵
  PID:4360
- C:\Windows\System\wQaFTUZ.exe
  C:\Windows\System\wQaFTUZ.exe
  2⤵
  PID:10596
- C:\Windows\System\SzoJGsZ.exe
  C:\Windows\System\SzoJGsZ.exe
  2⤵
  PID:2992
- C:\Windows\System\IFpZIoa.exe
  C:\Windows\System\IFpZIoa.exe
  2⤵
  PID:11292
- C:\Windows\System\YdicmJN.exe
  C:\Windows\System\YdicmJN.exe
  2⤵
  PID:11320
- C:\Windows\System\YXAVOxx.exe
  C:\Windows\System\YXAVOxx.exe
  2⤵
  PID:11348
- C:\Windows\System\VwZpKJv.exe
  C:\Windows\System\VwZpKJv.exe
  2⤵
  PID:11380
- C:\Windows\System\OWQgXzt.exe
  C:\Windows\System\OWQgXzt.exe
  2⤵
  PID:11408
- C:\Windows\System\SPMpSHo.exe
  C:\Windows\System\SPMpSHo.exe
  2⤵
  PID:11436
- C:\Windows\System\VuiFQwr.exe
  C:\Windows\System\VuiFQwr.exe
  2⤵
  PID:11464
- C:\Windows\System\RkIkOAu.exe
  C:\Windows\System\RkIkOAu.exe
  2⤵
  PID:11492
- C:\Windows\System\xwJBQJD.exe
  C:\Windows\System\xwJBQJD.exe
  2⤵
  PID:11520
- C:\Windows\System\tmxGMJF.exe
  C:\Windows\System\tmxGMJF.exe
  2⤵
  PID:11548
- C:\Windows\System\yZSdUBA.exe
  C:\Windows\System\yZSdUBA.exe
  2⤵
  PID:11576
- C:\Windows\System\QYsrxMD.exe
  C:\Windows\System\QYsrxMD.exe
  2⤵
  PID:11604
- C:\Windows\System\ScZvTpX.exe
  C:\Windows\System\ScZvTpX.exe
  2⤵
  PID:11632
- C:\Windows\System\SgxNgEo.exe
  C:\Windows\System\SgxNgEo.exe
  2⤵
  PID:11660
- C:\Windows\System\YOoKuNs.exe
  C:\Windows\System\YOoKuNs.exe
  2⤵
  PID:11688
- C:\Windows\System\dskLuSz.exe
  C:\Windows\System\dskLuSz.exe
  2⤵
  PID:11720
- C:\Windows\System\hmVCnMj.exe
  C:\Windows\System\hmVCnMj.exe
  2⤵
  PID:11748
- C:\Windows\System\IguXlCd.exe
  C:\Windows\System\IguXlCd.exe
  2⤵
  PID:11776
- C:\Windows\System\xNhMIaB.exe
  C:\Windows\System\xNhMIaB.exe
  2⤵
  PID:11804
- C:\Windows\System\hjiIMYx.exe
  C:\Windows\System\hjiIMYx.exe
  2⤵
  PID:11832
- C:\Windows\System\XcXwzMl.exe
  C:\Windows\System\XcXwzMl.exe
  2⤵
  PID:11860
- C:\Windows\System\ywNkdRY.exe
  C:\Windows\System\ywNkdRY.exe
  2⤵
  PID:11888
- C:\Windows\System\BDLkdhP.exe
  C:\Windows\System\BDLkdhP.exe
  2⤵
  PID:11916
- C:\Windows\System\EPLPTyH.exe
  C:\Windows\System\EPLPTyH.exe
  2⤵
  PID:11944
- C:\Windows\System\kXdBPSo.exe
  C:\Windows\System\kXdBPSo.exe
  2⤵
  PID:11972
- C:\Windows\System\qCYNsrC.exe
  C:\Windows\System\qCYNsrC.exe
  2⤵
  PID:12000
- C:\Windows\System\OhipWLm.exe
  C:\Windows\System\OhipWLm.exe
  2⤵
  PID:12028
- C:\Windows\System\wLaeXeu.exe
  C:\Windows\System\wLaeXeu.exe
  2⤵
  PID:12056
- C:\Windows\System\tZPXWmm.exe
  C:\Windows\System\tZPXWmm.exe
  2⤵
  PID:12084
- C:\Windows\System\TRxgrOj.exe
  C:\Windows\System\TRxgrOj.exe
  2⤵
  PID:12112
- C:\Windows\System\jCemzKp.exe
  C:\Windows\System\jCemzKp.exe
  2⤵
  PID:12140
- C:\Windows\System\jsfLGpq.exe
  C:\Windows\System\jsfLGpq.exe
  2⤵
  PID:12168
- C:\Windows\System\wuwTzKT.exe
  C:\Windows\System\wuwTzKT.exe
  2⤵
  PID:12196
- C:\Windows\System\OeBhdBD.exe
  C:\Windows\System\OeBhdBD.exe
  2⤵
  PID:12224
- C:\Windows\System\xDfVsie.exe
  C:\Windows\System\xDfVsie.exe
  2⤵
  PID:12252
- C:\Windows\System\MHXmkVF.exe
  C:\Windows\System\MHXmkVF.exe
  2⤵
  PID:12280
- C:\Windows\System\BOZspJT.exe
  C:\Windows\System\BOZspJT.exe
  2⤵
  PID:11312
- C:\Windows\System\pkDBHoo.exe
  C:\Windows\System\pkDBHoo.exe
  2⤵
  PID:11376
- C:\Windows\System\jJSWxDT.exe
  C:\Windows\System\jJSWxDT.exe
  2⤵
  PID:11428
- C:\Windows\System\qqrCPzd.exe
  C:\Windows\System\qqrCPzd.exe
  2⤵
  PID:11488
- C:\Windows\System\xvaaqJE.exe
  C:\Windows\System\xvaaqJE.exe
  2⤵
  PID:11544
- C:\Windows\System\QuTYrcm.exe
  C:\Windows\System\QuTYrcm.exe
  2⤵
  PID:3632
- C:\Windows\System\mmnHnJQ.exe
  C:\Windows\System\mmnHnJQ.exe
  2⤵
  PID:3312
- C:\Windows\System\YEYEigP.exe
  C:\Windows\System\YEYEigP.exe
  2⤵
  PID:64
- C:\Windows\System\GQouTZk.exe
  C:\Windows\System\GQouTZk.exe
  2⤵
  PID:4304
- C:\Windows\System\eeeeyAL.exe
  C:\Windows\System\eeeeyAL.exe
  2⤵
  PID:3508
- C:\Windows\System\lTuwVmu.exe
  C:\Windows\System\lTuwVmu.exe
  2⤵
  PID:11768
- C:\Windows\System\dToMFRf.exe
  C:\Windows\System\dToMFRf.exe
  2⤵
  PID:11816
- C:\Windows\System\dYsFKsu.exe
  C:\Windows\System\dYsFKsu.exe
  2⤵
  PID:11856
- C:\Windows\System\RyIbozY.exe
  C:\Windows\System\RyIbozY.exe
  2⤵
  PID:3300
- C:\Windows\System\rFHehjx.exe
  C:\Windows\System\rFHehjx.exe
  2⤵
  PID:11936
- C:\Windows\System\zOXMiyp.exe
  C:\Windows\System\zOXMiyp.exe
  2⤵
  PID:11984
- C:\Windows\System\oFkWIMG.exe
  C:\Windows\System\oFkWIMG.exe
  2⤵
  PID:2548
- C:\Windows\System\KTbPsjW.exe
  C:\Windows\System\KTbPsjW.exe
  2⤵
  PID:12068
- C:\Windows\System\UtARtos.exe
  C:\Windows\System\UtARtos.exe
  2⤵
  PID:12108
- C:\Windows\System\inBQOjk.exe
  C:\Windows\System\inBQOjk.exe
  2⤵
  PID:400
- C:\Windows\System\KwUHMcn.exe
  C:\Windows\System\KwUHMcn.exe
  2⤵
  PID:12208
- C:\Windows\System\ohLvgGe.exe
  C:\Windows\System\ohLvgGe.exe
  2⤵
  PID:12272
- C:\Windows\System\eWwVtWf.exe
  C:\Windows\System\eWwVtWf.exe
  2⤵
  PID:11304
- C:\Windows\System\OoKEknh.exe
  C:\Windows\System\OoKEknh.exe
  2⤵
  PID:4560
- C:\Windows\System\IBDDfmv.exe
  C:\Windows\System\IBDDfmv.exe
  2⤵
  PID:11476
- C:\Windows\System\knYiLFc.exe
  C:\Windows\System\knYiLFc.exe
  2⤵
  PID:11572
- C:\Windows\System\sUpcZgL.exe
  C:\Windows\System\sUpcZgL.exe
  2⤵
  PID:4864
- C:\Windows\System\KegzGSP.exe
  C:\Windows\System\KegzGSP.exe
  2⤵
  PID:1332
- C:\Windows\System\QnPUMgy.exe
  C:\Windows\System\QnPUMgy.exe
  2⤵
  PID:11700
- C:\Windows\System\QbAEcuU.exe
  C:\Windows\System\QbAEcuU.exe
  2⤵
  PID:4540
- C:\Windows\System\fKIYajY.exe
  C:\Windows\System\fKIYajY.exe
  2⤵
  PID:4292
- C:\Windows\System\CugyAcp.exe
  C:\Windows\System\CugyAcp.exe
  2⤵
  PID:11884
- C:\Windows\System\dmkJrIl.exe
  C:\Windows\System\dmkJrIl.exe
  2⤵
  PID:11964
- C:\Windows\System\RDHyTfP.exe
  C:\Windows\System\RDHyTfP.exe
  2⤵
  PID:12044
- C:\Windows\System\iCgpHoj.exe
  C:\Windows\System\iCgpHoj.exe
  2⤵
  PID:216
- C:\Windows\System\mMpfofE.exe
  C:\Windows\System\mMpfofE.exe
  2⤵
  PID:12236
- C:\Windows\System\LfYfnfW.exe
  C:\Windows\System\LfYfnfW.exe
  2⤵
  PID:11364
- C:\Windows\System\lJRMPCU.exe
  C:\Windows\System\lJRMPCU.exe
  2⤵
  PID:4024
- C:\Windows\System\bVlXgIM.exe
  C:\Windows\System\bVlXgIM.exe
  2⤵
  PID:3728
- C:\Windows\System\bzKLhQq.exe
  C:\Windows\System\bzKLhQq.exe
  2⤵
  PID:532
- C:\Windows\System\tQGMoGe.exe
  C:\Windows\System\tQGMoGe.exe
  2⤵
  PID:528
- C:\Windows\System\eaOLPlo.exe
  C:\Windows\System\eaOLPlo.exe
  2⤵
  PID:2584
- C:\Windows\System\bAWOscv.exe
  C:\Windows\System\bAWOscv.exe
  2⤵
  PID:2692
- C:\Windows\System\grvVnGm.exe
  C:\Windows\System\grvVnGm.exe
  2⤵
  PID:2848
- C:\Windows\System\iRdtNSu.exe
  C:\Windows\System\iRdtNSu.exe
  2⤵
  PID:3176
- C:\Windows\System\kJEpAKt.exe
  C:\Windows\System\kJEpAKt.exe
  2⤵
  PID:3500
- C:\Windows\System\dXFkPqz.exe
  C:\Windows\System\dXFkPqz.exe
  2⤵
  PID:2032
- C:\Windows\System\DxJMoiG.exe
  C:\Windows\System\DxJMoiG.exe
  2⤵
  PID:3760
- C:\Windows\System\JkahAOi.exe
  C:\Windows\System\JkahAOi.exe
  2⤵
  PID:1292
- C:\Windows\System\NKIGYrK.exe
  C:\Windows\System\NKIGYrK.exe
  2⤵
  PID:12024
- C:\Windows\System\vnKdIzP.exe
  C:\Windows\System\vnKdIzP.exe
  2⤵
  PID:3560
- C:\Windows\System\UJgTPPb.exe
  C:\Windows\System\UJgTPPb.exe
  2⤵
  PID:11672
- C:\Windows\System\sgCrzyg.exe
  C:\Windows\System\sgCrzyg.exe
  2⤵
  PID:11996
- C:\Windows\System\MaXozjy.exe
  C:\Windows\System\MaXozjy.exe
  2⤵
  PID:4064
- C:\Windows\System\bnBMcXR.exe
  C:\Windows\System\bnBMcXR.exe
  2⤵
  PID:2476
- C:\Windows\System\XDNLajV.exe
  C:\Windows\System\XDNLajV.exe
  2⤵
  PID:4436
- C:\Windows\System\kPLpihQ.exe
  C:\Windows\System\kPLpihQ.exe
  2⤵
  PID:4208
- C:\Windows\System\eToqfUp.exe
  C:\Windows\System\eToqfUp.exe
  2⤵
  PID:4092
- C:\Windows\System\NMQdoRD.exe
  C:\Windows\System\NMQdoRD.exe
  2⤵
  PID:12296
- C:\Windows\System\OeePKnc.exe
  C:\Windows\System\OeePKnc.exe
  2⤵
  PID:12328
- C:\Windows\System\IYGcbjM.exe
  C:\Windows\System\IYGcbjM.exe
  2⤵
  PID:12356
- C:\Windows\System\SIYmAPv.exe
  C:\Windows\System\SIYmAPv.exe
  2⤵
  PID:12384
- C:\Windows\System\vqfFMjy.exe
  C:\Windows\System\vqfFMjy.exe
  2⤵
  PID:12412
- C:\Windows\System\QbJnBWK.exe
  C:\Windows\System\QbJnBWK.exe
  2⤵
  PID:12440
- C:\Windows\System\fRxiVao.exe
  C:\Windows\System\fRxiVao.exe
  2⤵
  PID:12480
- C:\Windows\System\qtENOqi.exe
  C:\Windows\System\qtENOqi.exe
  2⤵
  PID:12496
- C:\Windows\System\XMoVBbo.exe
  C:\Windows\System\XMoVBbo.exe
  2⤵
  PID:12524
- C:\Windows\System\EvWBnQp.exe
  C:\Windows\System\EvWBnQp.exe
  2⤵
  PID:12552
- C:\Windows\System\aUDIQtj.exe
  C:\Windows\System\aUDIQtj.exe
  2⤵
  PID:12580
- C:\Windows\System\OTWGpsQ.exe
  C:\Windows\System\OTWGpsQ.exe
  2⤵
  PID:12608
- C:\Windows\System\pjLNslg.exe
  C:\Windows\System\pjLNslg.exe
  2⤵
  PID:12636
- C:\Windows\System\qXLOitc.exe
  C:\Windows\System\qXLOitc.exe
  2⤵
  PID:12664
- C:\Windows\System\WxiWagi.exe
  C:\Windows\System\WxiWagi.exe
  2⤵
  PID:12692
- C:\Windows\System\qzNdFNL.exe
  C:\Windows\System\qzNdFNL.exe
  2⤵
  PID:12720
- C:\Windows\System\lXSNuMA.exe
  C:\Windows\System\lXSNuMA.exe
  2⤵
  PID:12748
- C:\Windows\System\WReviET.exe
  C:\Windows\System\WReviET.exe
  2⤵
  PID:12780
- C:\Windows\System\KrsCRSP.exe
  C:\Windows\System\KrsCRSP.exe
  2⤵
  PID:12812
- C:\Windows\System\ULyTNYK.exe
  C:\Windows\System\ULyTNYK.exe
  2⤵
  PID:12832
- C:\Windows\System\eXrokDM.exe
  C:\Windows\System\eXrokDM.exe
  2⤵
  PID:12864
- C:\Windows\System\rphQdQt.exe
  C:\Windows\System\rphQdQt.exe
  2⤵
  PID:12900
- C:\Windows\System\pQflhiU.exe
  C:\Windows\System\pQflhiU.exe
  2⤵
  PID:12932
- C:\Windows\System\miwgNDS.exe
  C:\Windows\System\miwgNDS.exe
  2⤵
  PID:12952
- C:\Windows\System\OVwYhaJ.exe
  C:\Windows\System\OVwYhaJ.exe
  2⤵
  PID:12988
- C:\Windows\System\HtYfsmr.exe
  C:\Windows\System\HtYfsmr.exe
  2⤵
  PID:13016
- C:\Windows\System\RnAOebD.exe
  C:\Windows\System\RnAOebD.exe
  2⤵
  PID:13044
- C:\Windows\System\sgomyJO.exe
  C:\Windows\System\sgomyJO.exe
  2⤵
  PID:13072
- C:\Windows\System\QEEUdwI.exe
  C:\Windows\System\QEEUdwI.exe
  2⤵
  PID:13100
- C:\Windows\System\aIKTsWm.exe
  C:\Windows\System\aIKTsWm.exe
  2⤵
  PID:13128
- C:\Windows\System\YrAAAfI.exe
  C:\Windows\System\YrAAAfI.exe
  2⤵
  PID:13156
- C:\Windows\System\CjSYzrm.exe
  C:\Windows\System\CjSYzrm.exe
  2⤵
  PID:13184
- C:\Windows\System\NHqcpGZ.exe
  C:\Windows\System\NHqcpGZ.exe
  2⤵
  PID:13212
- C:\Windows\System\ombFTMW.exe
  C:\Windows\System\ombFTMW.exe
  2⤵
  PID:13240
- C:\Windows\System\Qsmndic.exe
  C:\Windows\System\Qsmndic.exe
  2⤵
  PID:13268
- C:\Windows\System\lBrEIkF.exe
  C:\Windows\System\lBrEIkF.exe
  2⤵
  PID:13296
- C:\Windows\System\owXZuMw.exe
  C:\Windows\System\owXZuMw.exe
  2⤵
  PID:1956
- C:\Windows\System\UPRvzoB.exe
  C:\Windows\System\UPRvzoB.exe
  2⤵
  PID:12368
- C:\Windows\System\SvLdrxO.exe
  C:\Windows\System\SvLdrxO.exe
  2⤵
  PID:1384
- C:\Windows\System\PhtmwXA.exe
  C:\Windows\System\PhtmwXA.exe
  2⤵
  PID:12460
- C:\Windows\System\jUTBEJK.exe
  C:\Windows\System\jUTBEJK.exe
  2⤵
  PID:12488
- C:\Windows\System\VqFtTuc.exe
  C:\Windows\System\VqFtTuc.exe
  2⤵
  PID:12536
- C:\Windows\System\dVUxgKM.exe
  C:\Windows\System\dVUxgKM.exe
  2⤵
  PID:5024
- C:\Windows\System\hXbKQGy.exe
  C:\Windows\System\hXbKQGy.exe
  2⤵
  PID:12628
- C:\Windows\System\zvGBUqe.exe
  C:\Windows\System\zvGBUqe.exe
  2⤵
  PID:4456
- C:\Windows\System\NSVMaSJ.exe
  C:\Windows\System\NSVMaSJ.exe
  2⤵
  PID:3496
- C:\Windows\System\iOFPxjP.exe
  C:\Windows\System\iOFPxjP.exe
  2⤵
  PID:12740
- C:\Windows\System\FxREyfN.exe
  C:\Windows\System\FxREyfN.exe
  2⤵
  PID:3612
- C:\Windows\System\BOwXoNd.exe
  C:\Windows\System\BOwXoNd.exe
  2⤵
  PID:5224
- C:\Windows\System\wQNSoYu.exe
  C:\Windows\System\wQNSoYu.exe
  2⤵
  PID:12844
- C:\Windows\System\vHVpStQ.exe
  C:\Windows\System\vHVpStQ.exe
  2⤵
  PID:5284
- C:\Windows\System\fiTLWkw.exe
  C:\Windows\System\fiTLWkw.exe
  2⤵
  PID:5404
- C:\Windows\System\OHFzvKG.exe
  C:\Windows\System\OHFzvKG.exe
  2⤵
  PID:5464
- C:\Windows\System\pKSdKLN.exe
  C:\Windows\System\pKSdKLN.exe
  2⤵
  PID:5488
- C:\Windows\System\hWEBtrI.exe
  C:\Windows\System\hWEBtrI.exe
  2⤵
  PID:13000
- C:\Windows\System\SqmKrZk.exe
  C:\Windows\System\SqmKrZk.exe
  2⤵
  PID:13012
- C:\Windows\System\pDWmdFB.exe
  C:\Windows\System\pDWmdFB.exe
  2⤵
  PID:13064
- C:\Windows\System\bbIBwYd.exe
  C:\Windows\System\bbIBwYd.exe
  2⤵
  PID:13096
- C:\Windows\System\IxEbAUL.exe
  C:\Windows\System\IxEbAUL.exe
  2⤵
  PID:5684
- C:\Windows\System\iCygVkp.exe
  C:\Windows\System\iCygVkp.exe
  2⤵
  PID:5720
- C:\Windows\System\fmGmGvV.exe
  C:\Windows\System\fmGmGvV.exe
  2⤵
  PID:13224
- C:\Windows\System\XbpErnE.exe
  C:\Windows\System\XbpErnE.exe
  2⤵
  PID:13264
- C:\Windows\System\ltqJlED.exe
  C:\Windows\System\ltqJlED.exe
  2⤵
  PID:5824
- C:\Windows\System\Djaafij.exe
  C:\Windows\System\Djaafij.exe
  2⤵
  PID:12320
- C:\Windows\System\gqXRbmk.exe
  C:\Windows\System\gqXRbmk.exe
  2⤵
  PID:4692
- C:\Windows\System\fpxKPBo.exe
  C:\Windows\System\fpxKPBo.exe
  2⤵
  PID:12464
- C:\Windows\System\ARSmRdk.exe
  C:\Windows\System\ARSmRdk.exe
  2⤵
  PID:5976
- C:\Windows\System\bSsRmui.exe
  C:\Windows\System\bSsRmui.exe
  2⤵
  PID:12600
- C:\Windows\System\rqFcwIO.exe
  C:\Windows\System\rqFcwIO.exe
  2⤵
  PID:12660
- C:\Windows\System\fGcVXhW.exe
  C:\Windows\System\fGcVXhW.exe
  2⤵
  PID:12732
- C:\Windows\System\jxDTVXZ.exe
  C:\Windows\System\jxDTVXZ.exe
  2⤵
  PID:6104
- C:\Windows\System\sIwYhvx.exe
  C:\Windows\System\sIwYhvx.exe
  2⤵
  PID:12872
- C:\Windows\System\ozUgomE.exe
  C:\Windows\System\ozUgomE.exe
  2⤵
  PID:12892
- C:\Windows\System\QBwKshD.exe
  C:\Windows\System\QBwKshD.exe
  2⤵
  PID:5124
- C:\Windows\System\qkqKXbp.exe
  C:\Windows\System\qkqKXbp.exe
  2⤵
  PID:13040
- C:\Windows\System\YTGdRvS.exe
  C:\Windows\System\YTGdRvS.exe
  2⤵
  PID:13124
- C:\Windows\System\qKGaSZg.exe
  C:\Windows\System\qKGaSZg.exe
  2⤵
  PID:5740
- C:\Windows\System\FuvaxgB.exe
  C:\Windows\System\FuvaxgB.exe
  2⤵
  PID:12308
- C:\Windows\System\FDTdOLp.exe
  C:\Windows\System\FDTdOLp.exe
  2⤵
  PID:4488
- C:\Windows\System\nQUPxqd.exe
  C:\Windows\System\nQUPxqd.exe
  2⤵
  PID:3636
- C:\Windows\System\KWwmWjC.exe
  C:\Windows\System\KWwmWjC.exe
  2⤵
  PID:4472
- C:\Windows\System\KlTOMTj.exe
  C:\Windows\System\KlTOMTj.exe
  2⤵
  PID:5348
- C:\Windows\System\LJJgbSL.exe
  C:\Windows\System\LJJgbSL.exe
  2⤵
  PID:5592
- C:\Windows\System\sPGkfnu.exe
  C:\Windows\System\sPGkfnu.exe
  2⤵
  PID:13204
- C:\Windows\System\XZWsbPX.exe
  C:\Windows\System\XZWsbPX.exe
  2⤵
  PID:12436
- C:\Windows\System\fIYBGnk.exe
  C:\Windows\System\fIYBGnk.exe
  2⤵
  PID:6112
- C:\Windows\System\EVBpfXn.exe
  C:\Windows\System\EVBpfXn.exe
  2⤵
  PID:13112
- C:\Windows\System\suLQajM.exe
  C:\Windows\System\suLQajM.exe
  2⤵
  PID:6060
- C:\Windows\System\kkdvXeB.exe
  C:\Windows\System\kkdvXeB.exe
  2⤵
  PID:12968
- C:\Windows\System\jYFVjZf.exe
  C:\Windows\System\jYFVjZf.exe
  2⤵
  PID:13332
- C:\Windows\System\fpQejXZ.exe
  C:\Windows\System\fpQejXZ.exe
  2⤵
  PID:13360
- C:\Windows\System\gaWezlN.exe
  C:\Windows\System\gaWezlN.exe
  2⤵
  PID:13388
- C:\Windows\System\MUftpyj.exe
  C:\Windows\System\MUftpyj.exe
  2⤵
  PID:13416
- C:\Windows\System\xAniyCm.exe
  C:\Windows\System\xAniyCm.exe
  2⤵
  PID:13444
- C:\Windows\System\GiVvmUR.exe
  C:\Windows\System\GiVvmUR.exe
  2⤵
  PID:13472
- C:\Windows\System\CpIardU.exe
  C:\Windows\System\CpIardU.exe
  2⤵
  PID:13500
- C:\Windows\System\GTIRvOt.exe
  C:\Windows\System\GTIRvOt.exe
  2⤵
  PID:13528
- C:\Windows\System\kslJblm.exe
  C:\Windows\System\kslJblm.exe
  2⤵
  PID:13556
- C:\Windows\System\YdbzARW.exe
  C:\Windows\System\YdbzARW.exe
  2⤵
  PID:13584
- C:\Windows\System\tCIliEF.exe
  C:\Windows\System\tCIliEF.exe
  2⤵
  PID:13616
- C:\Windows\System\gTxhvxJ.exe
  C:\Windows\System\gTxhvxJ.exe
  2⤵
  PID:13644
- C:\Windows\System\mUqqxVF.exe
  C:\Windows\System\mUqqxVF.exe
  2⤵
  PID:13672
- C:\Windows\System\SayUsRw.exe
  C:\Windows\System\SayUsRw.exe
  2⤵
  PID:13700
- C:\Windows\System\WhXBZvm.exe
  C:\Windows\System\WhXBZvm.exe
  2⤵
  PID:13728
- C:\Windows\System\IDzzwtM.exe
  C:\Windows\System\IDzzwtM.exe
  2⤵
  PID:13756
- C:\Windows\System\CxdKxFg.exe
  C:\Windows\System\CxdKxFg.exe
  2⤵
  PID:13784
- C:\Windows\System\QbtYzaB.exe
  C:\Windows\System\QbtYzaB.exe
  2⤵
  PID:13812
- C:\Windows\System\OZVVDbg.exe
  C:\Windows\System\OZVVDbg.exe
  2⤵
  PID:13840
- C:\Windows\System\BHPFQDd.exe
  C:\Windows\System\BHPFQDd.exe
  2⤵
  PID:13880
- C:\Windows\System\ExdSSmT.exe
  C:\Windows\System\ExdSSmT.exe
  2⤵
  PID:13896
- C:\Windows\System\uFYdPkU.exe
  C:\Windows\System\uFYdPkU.exe
  2⤵
  PID:13924
- C:\Windows\System\lxTvBvH.exe
  C:\Windows\System\lxTvBvH.exe
  2⤵
  PID:13952
- C:\Windows\System\YPMNjnq.exe
  C:\Windows\System\YPMNjnq.exe
  2⤵
  PID:13980
- C:\Windows\System\XvyeJnz.exe
  C:\Windows\System\XvyeJnz.exe
  2⤵
  PID:14008
- C:\Windows\System\EFbZBdG.exe
  C:\Windows\System\EFbZBdG.exe
  2⤵
  PID:14036
- C:\Windows\System\WWTmlcC.exe
  C:\Windows\System\WWTmlcC.exe
  2⤵
  PID:14064
- C:\Windows\System\idwhaiX.exe
  C:\Windows\System\idwhaiX.exe
  2⤵
  PID:14092
- C:\Windows\System\KfAOupQ.exe
  C:\Windows\System\KfAOupQ.exe
  2⤵
  PID:14120
- C:\Windows\System\rlBnytE.exe
  C:\Windows\System\rlBnytE.exe
  2⤵
  PID:14148
- C:\Windows\System\pnLVGOp.exe
  C:\Windows\System\pnLVGOp.exe
  2⤵
  PID:14176
- C:\Windows\System\baIDcev.exe
  C:\Windows\System\baIDcev.exe
  2⤵
  PID:14204
- C:\Windows\System\HkLLMlj.exe
  C:\Windows\System\HkLLMlj.exe
  2⤵
  PID:14232
- C:\Windows\System\pNoDrfp.exe
  C:\Windows\System\pNoDrfp.exe
  2⤵
  PID:14260
- C:\Windows\System\kyXYgsA.exe
  C:\Windows\System\kyXYgsA.exe
  2⤵
  PID:14288
- C:\Windows\System\cbKbsGe.exe
  C:\Windows\System\cbKbsGe.exe
  2⤵
  PID:14320
- C:\Windows\System\mnTKSYh.exe
  C:\Windows\System\mnTKSYh.exe
  2⤵
  PID:13344
- C:\Windows\System\ICpzRLu.exe
  C:\Windows\System\ICpzRLu.exe
  2⤵
  PID:13384
- C:\Windows\System\WsINwQu.exe
  C:\Windows\System\WsINwQu.exe
  2⤵
  PID:5988
- C:\Windows\System\znLCAVs.exe
  C:\Windows\System\znLCAVs.exe
  2⤵
  PID:13468
- C:\Windows\System\zWGbbeA.exe
  C:\Windows\System\zWGbbeA.exe
  2⤵
  PID:13540
- C:\Windows\System\YOfgWBL.exe
  C:\Windows\System\YOfgWBL.exe
  2⤵
  PID:13608
- C:\Windows\System\LHhkFHA.exe
  C:\Windows\System\LHhkFHA.exe
  2⤵
  PID:13668
- C:\Windows\System\eAGVBlE.exe
  C:\Windows\System\eAGVBlE.exe
  2⤵
  PID:13720
- C:\Windows\System\TFwowNq.exe
  C:\Windows\System\TFwowNq.exe
  2⤵
  PID:13804
- C:\Windows\System\ajdbGHE.exe
  C:\Windows\System\ajdbGHE.exe
  2⤵
  PID:13876
- C:\Windows\System\ZIGecte.exe
  C:\Windows\System\ZIGecte.exe
  2⤵
  PID:13936
- C:\Windows\System\hZMDAGg.exe
  C:\Windows\System\hZMDAGg.exe
  2⤵
  PID:14000
- C:\Windows\System\iZQWQWy.exe
  C:\Windows\System\iZQWQWy.exe
  2⤵
  PID:14060
- C:\Windows\System\jsRFBze.exe
  C:\Windows\System\jsRFBze.exe
  2⤵
  PID:14132
- C:\Windows\System\OLTEPWb.exe
  C:\Windows\System\OLTEPWb.exe
  2⤵
  PID:14188
- C:\Windows\System\xmQtEEa.exe
  C:\Windows\System\xmQtEEa.exe
  2⤵
  PID:14252
- C:\Windows\System\bwQeKYU.exe
  C:\Windows\System\bwQeKYU.exe
  2⤵
  PID:14332
- C:\Windows\System\lDDqleJ.exe
  C:\Windows\System\lDDqleJ.exe
  2⤵
  PID:13412
- C:\Windows\System\PEWXsno.exe
  C:\Windows\System\PEWXsno.exe
  2⤵
  PID:13524
- C:\Windows\System\LZyIzwK.exe
  C:\Windows\System\LZyIzwK.exe
  2⤵
  PID:13740
- C:\Windows\System\IygDhNx.exe
  C:\Windows\System\IygDhNx.exe
  2⤵
  PID:13852
- C:\Windows\System\MvALTzu.exe
  C:\Windows\System\MvALTzu.exe
  2⤵
  PID:13992
- C:\Windows\System\HryRobe.exe
  C:\Windows\System\HryRobe.exe
  2⤵
  PID:14140
- C:\Windows\System\SKJWjHQ.exe
  C:\Windows\System\SKJWjHQ.exe
  2⤵
  PID:14312
- C:\Windows\System\PXoXdQG.exe
  C:\Windows\System\PXoXdQG.exe
  2⤵
  PID:13520
- C:\Windows\System\ZHRtscL.exe
  C:\Windows\System\ZHRtscL.exe
  2⤵
  PID:13916
- C:\Windows\System\sEijfOK.exe
  C:\Windows\System\sEijfOK.exe
  2⤵
  PID:5396
- C:\Windows\System\qYbLHnw.exe
  C:\Windows\System\qYbLHnw.exe
  2⤵
  PID:13372
- C:\Windows\System\ESiOdbM.exe
  C:\Windows\System\ESiOdbM.exe
  2⤵
  PID:13456
- C:\Windows\System\SHOWRND.exe
  C:\Windows\System\SHOWRND.exe
  2⤵
  PID:4856
- C:\Windows\System\ssVSmQv.exe
  C:\Windows\System\ssVSmQv.exe
  2⤵
  PID:5332
- C:\Windows\System\nuAcZfj.exe
  C:\Windows\System\nuAcZfj.exe
  2⤵
  PID:5972
- C:\Windows\System\pvpCfcB.exe
  C:\Windows\System\pvpCfcB.exe
  2⤵
  PID:6192
- C:\Windows\System\qYFVPAf.exe
  C:\Windows\System\qYFVPAf.exe
  2⤵
  PID:6156
- C:\Windows\System\AppuYbc.exe
  C:\Windows\System\AppuYbc.exe
  2⤵
  PID:5300
- C:\Windows\System\DeqafTw.exe
  C:\Windows\System\DeqafTw.exe
  2⤵
  PID:6212
- C:\Windows\System\qAuwDWL.exe
  C:\Windows\System\qAuwDWL.exe
  2⤵
  PID:452
- C:\Windows\System\sqkYuCf.exe
  C:\Windows\System\sqkYuCf.exe
  2⤵
  PID:6296
- C:\Windows\System\xTCGWep.exe
  C:\Windows\System\xTCGWep.exe
  2⤵
  PID:14352
- C:\Windows\System\JAurTJn.exe
  C:\Windows\System\JAurTJn.exe
  2⤵
  PID:14380
- C:\Windows\System\UNEYolU.exe
  C:\Windows\System\UNEYolU.exe
  2⤵
  PID:14408
- C:\Windows\System\QrPhIZE.exe
  C:\Windows\System\QrPhIZE.exe
  2⤵
  PID:14436
- C:\Windows\System\MiTyeSx.exe
  C:\Windows\System\MiTyeSx.exe
  2⤵
  PID:14464
- C:\Windows\System\pFghNZF.exe
  C:\Windows\System\pFghNZF.exe
  2⤵
  PID:14492
- C:\Windows\System\xFrdkEd.exe
  C:\Windows\System\xFrdkEd.exe
  2⤵
  PID:14520
- C:\Windows\System\iZvrIBe.exe
  C:\Windows\System\iZvrIBe.exe
  2⤵
  PID:14548
- C:\Windows\System\OPRpQph.exe
  C:\Windows\System\OPRpQph.exe
  2⤵
  PID:14576
- C:\Windows\System\ZYSHQMG.exe
  C:\Windows\System\ZYSHQMG.exe
  2⤵
  PID:14604
- C:\Windows\System\LwqEofs.exe
  C:\Windows\System\LwqEofs.exe
  2⤵
  PID:14632
- C:\Windows\System\TlRqlMT.exe
  C:\Windows\System\TlRqlMT.exe
  2⤵
  PID:14660
- C:\Windows\System\AwhcZQO.exe
  C:\Windows\System\AwhcZQO.exe
  2⤵
  PID:14680
- C:\Windows\System\jYdTjue.exe
  C:\Windows\System\jYdTjue.exe
  2⤵
  PID:14720
- C:\Windows\System\IDWwzZF.exe
  C:\Windows\System\IDWwzZF.exe
  2⤵
  PID:14748
- C:\Windows\System\KuiqaIS.exe
  C:\Windows\System\KuiqaIS.exe
  2⤵
  PID:14776
- C:\Windows\System\mecdzZv.exe
  C:\Windows\System\mecdzZv.exe
  2⤵
  PID:14804
- C:\Windows\System\RYehFdE.exe
  C:\Windows\System\RYehFdE.exe
  2⤵
  PID:14832
- C:\Windows\System\cYmEMkp.exe
  C:\Windows\System\cYmEMkp.exe
  2⤵
  PID:14860
- C:\Windows\System\XWxHoqs.exe
  C:\Windows\System\XWxHoqs.exe
  2⤵
  PID:14888
- C:\Windows\System\OaPHJrG.exe
  C:\Windows\System\OaPHJrG.exe
  2⤵
  PID:14916
- C:\Windows\System\caYistn.exe
  C:\Windows\System\caYistn.exe
  2⤵
  PID:14988
- C:\Windows\System\jiSNeXM.exe
  C:\Windows\System\jiSNeXM.exe
  2⤵
  PID:15044
- C:\Windows\System\wiIzvST.exe
  C:\Windows\System\wiIzvST.exe
  2⤵
  PID:15060
- C:\Windows\System\NWBUbQY.exe
  C:\Windows\System\NWBUbQY.exe
  2⤵
  PID:15104
- C:\Windows\System\SYxrrbN.exe
  C:\Windows\System\SYxrrbN.exe
  2⤵
  PID:15136
- C:\Windows\System\SDqCEiP.exe
  C:\Windows\System\SDqCEiP.exe
  2⤵
  PID:15164
- C:\Windows\System\zFXSTnc.exe
  C:\Windows\System\zFXSTnc.exe
  2⤵
  PID:15224
- C:\Windows\System\pIjqxSc.exe
  C:\Windows\System\pIjqxSc.exe
  2⤵
  PID:15252
- C:\Windows\System\LfXjzhh.exe
  C:\Windows\System\LfXjzhh.exe
  2⤵
  PID:15276
- C:\Windows\System\PAyguez.exe
  C:\Windows\System\PAyguez.exe
  2⤵
  PID:15308
- C:\Windows\System\LROePOc.exe
  C:\Windows\System\LROePOc.exe
  2⤵
  PID:15348
- C:\Windows\System\xXNrSFM.exe
  C:\Windows\System\xXNrSFM.exe
  2⤵
  PID:6376
- C:\Windows\System\CUwAMNC.exe
  C:\Windows\System\CUwAMNC.exe
  2⤵
  PID:14404
- C:\Windows\System\RLxVooa.exe
  C:\Windows\System\RLxVooa.exe
  2⤵
  PID:6488
- C:\Windows\System\oYmgJCz.exe
  C:\Windows\System\oYmgJCz.exe
  2⤵
  PID:14540
- C:\Windows\System\fTJgstP.exe
  C:\Windows\System\fTJgstP.exe
  2⤵
  PID:14692
- C:\Windows\System\lexrUGU.exe
  C:\Windows\System\lexrUGU.exe
  2⤵
  PID:14716
- C:\Windows\System\vTatjcH.exe
  C:\Windows\System\vTatjcH.exe
  2⤵
  PID:14744
- C:\Windows\System\tEypQcT.exe
  C:\Windows\System\tEypQcT.exe
  2⤵
  PID:14788
- C:\Windows\System\GgkWqkO.exe
  C:\Windows\System\GgkWqkO.exe
  2⤵
  PID:14824
- C:\Windows\System\rJBtMfh.exe
  C:\Windows\System\rJBtMfh.exe
  2⤵
  PID:6780
- C:\Windows\System\rHqXtwi.exe
  C:\Windows\System\rHqXtwi.exe
  2⤵
  PID:6812
- C:\Windows\System\iJGWXDQ.exe
  C:\Windows\System\iJGWXDQ.exe
  2⤵
  PID:14952
- C:\Windows\System\ZtmPFkD.exe
  C:\Windows\System\ZtmPFkD.exe
  2⤵
  PID:14964
- C:\Windows\System\mkenJNS.exe
  C:\Windows\System\mkenJNS.exe
  2⤵
  PID:6888
- C:\Windows\System\pNhnGyO.exe
  C:\Windows\System\pNhnGyO.exe
  2⤵
  PID:6916
- C:\Windows\System\FmjcUsU.exe
  C:\Windows\System\FmjcUsU.exe
  2⤵
  PID:6944
- C:\Windows\System\WSYwlwU.exe
  C:\Windows\System\WSYwlwU.exe
  2⤵
  PID:7036
- C:\Windows\System\aNKbjGW.exe
  C:\Windows\System\aNKbjGW.exe
  2⤵
  PID:15148
- C:\Windows\System\MTjZxzp.exe
  C:\Windows\System\MTjZxzp.exe
  2⤵
  PID:7092
- C:\Windows\System\lVsGGOb.exe
  C:\Windows\System\lVsGGOb.exe
  2⤵
  PID:15244
- C:\Windows\System\YnDGwXR.exe
  C:\Windows\System\YnDGwXR.exe
  2⤵
  PID:15236
- C:\Windows\System\LBhZizP.exe
  C:\Windows\System\LBhZizP.exe
  2⤵
  PID:15296
- C:\Windows\System\twWPxuA.exe
  C:\Windows\System\twWPxuA.exe
  2⤵
  PID:15344
- C:\Windows\System\pkBzJeM.exe
  C:\Windows\System\pkBzJeM.exe
  2⤵
  PID:14392
- C:\Windows\System\FrUglJF.exe
  C:\Windows\System\FrUglJF.exe
  2⤵
  PID:1444
- C:\Windows\System\pkUgDDs.exe
  C:\Windows\System\pkUgDDs.exe
  2⤵
  PID:208
- C:\Windows\System\WemNwgb.exe
  C:\Windows\System\WemNwgb.exe
  2⤵
  PID:14544
- C:\Windows\System\XcMnpGR.exe
  C:\Windows\System\XcMnpGR.exe
  2⤵
  PID:6648
- C:\Windows\System\DbRwMJX.exe
  C:\Windows\System\DbRwMJX.exe
  2⤵
  PID:14732
- C:\Windows\System\gRpAmsD.exe
  C:\Windows\System\gRpAmsD.exe
  2⤵
  PID:6720
- C:\Windows\System\xhPjBoi.exe
  C:\Windows\System\xhPjBoi.exe
  2⤵
  PID:5112
- C:\Windows\System\IkyYkGs.exe
  C:\Windows\System\IkyYkGs.exe
  2⤵
  PID:1968
- C:\Windows\System\bJLmJTb.exe
  C:\Windows\System\bJLmJTb.exe
  2⤵
  PID:3584
- C:\Windows\System\UQHglBR.exe
  C:\Windows\System\UQHglBR.exe
  2⤵
  PID:14976
- C:\Windows\System\IbFDaKI.exe
  C:\Windows\System\IbFDaKI.exe
  2⤵
  PID:15012
- C:\Windows\System\pzCrtcg.exe
  C:\Windows\System\pzCrtcg.exe
  2⤵
  PID:15072
- C:\Windows\System\YFZQgDk.exe
  C:\Windows\System\YFZQgDk.exe
  2⤵
  PID:15080
- C:\Windows\System\REjOvnQ.exe
  C:\Windows\System\REjOvnQ.exe
  2⤵
  PID:15132
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 15132 -s 248
    3⤵
    PID:6732
- C:\Windows\System\IIjByUh.exe
  C:\Windows\System\IIjByUh.exe
  2⤵
  PID:3588
- C:\Windows\System\ADTnrCu.exe
  C:\Windows\System\ADTnrCu.exe
  2⤵
  PID:6668
- C:\Windows\System\tuivGCq.exe
  C:\Windows\System\tuivGCq.exe
  2⤵
  PID:15264
- C:\Windows\System\RRxdsgl.exe
  C:\Windows\System\RRxdsgl.exe
  2⤵
  PID:15340
- C:\Windows\System\GhyePvh.exe
  C:\Windows\System\GhyePvh.exe
  2⤵
  PID:7264
- C:\Windows\System\FaaKpfn.exe
  C:\Windows\System\FaaKpfn.exe
  2⤵
  PID:7296
- C:\Windows\System\bvZZMhX.exe
  C:\Windows\System\bvZZMhX.exe
  2⤵
  PID:6496
- C:\Windows\System\HKamCTz.exe
  C:\Windows\System\HKamCTz.exe
  2⤵
  PID:6624
- C:\Windows\System\aeoFVAy.exe
  C:\Windows\System\aeoFVAy.exe
  2⤵
  PID:6724
- C:\Windows\System\WHosdvP.exe
  C:\Windows\System\WHosdvP.exe
  2⤵
  PID:7456
- C:\Windows\System\ThQlUsn.exe
  C:\Windows\System\ThQlUsn.exe
  2⤵
  PID:7532
- C:\Windows\System\vYzTaBr.exe
  C:\Windows\System\vYzTaBr.exe
  2⤵
  PID:7600
- C:\Windows\System\wowblUC.exe
  C:\Windows\System\wowblUC.exe
  2⤵
  PID:14844
- C:\Windows\System\zFWjppW.exe
  C:\Windows\System\zFWjppW.exe
  2⤵
  PID:7712
- C:\Windows\System\OMEdeEh.exe
  C:\Windows\System\OMEdeEh.exe
  2⤵
  PID:6332
- C:\Windows\System\sguckfJ.exe
  C:\Windows\System\sguckfJ.exe
  2⤵
  PID:2060
- C:\Windows\System\NNZPaFW.exe
  C:\Windows\System\NNZPaFW.exe
  2⤵
  PID:15240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BDEhcza.exe

Filesize
6.0MB

MD5
fbf6100a6df0c5e6e580a95c25f9bce0

SHA1
6bd0751c029a3ed54555dac7ceaf0853d1534c6c

SHA256
2eb7b26cb9f1a59aa1d6c2c806b3c7d4bf62888d228af877a915a360e67031bf

SHA512
8aac2a1b7fa1f69bad41309db525b5ec96715992c8d03082d731500c7c4f353a0925be23ceb1188be49d5acd9272a7d00238a92d029600336b7ff73ffc85e0c8

Download Submit
C:\Windows\System\BWIUwvr.exe

Filesize
6.0MB

MD5
d25e139c6c22b92f026fb5338d851730

SHA1
54b08b28778eeee34cd67e330c633886be5a9955

SHA256
43f2fc7c40421a67f8c18212571f123dfe1c08c441af48556e4e746a89b56150

SHA512
86a14854c77c2aa42e81ff65f502a589ec3d0a08640b62b607d4637fb42843f8f1bea9d4f74f46b09888b4b7f67a54353787d2099e9765e020755f56d90c0925

Download Submit
C:\Windows\System\DjfXAeK.exe

Filesize
6.0MB

MD5
46fb6f88056a823c62261ce52753c3c4

SHA1
af6e0e07085f3aeb40f78fd8f5bd0b767513da1e

SHA256
1775adcecfdd7fce771c435009b5bf7f28ff73eef07c1399ecf77c1a0dabf0d6

SHA512
19e695ed0084d03ad490b76436bc860826434f2fe527182f28890bfa48f7f7e0968d020e4f842948f4eb77948bc17f331e0705796e08b0ada1956b69006dbc43

Download Submit
C:\Windows\System\FkyIyqH.exe

Filesize
6.0MB

MD5
ae38d8b9e6351823f01511e1578bf924

SHA1
ac5308c54876de6743dec45236274bab011f5c0b

SHA256
ee62aa9b945285172a847e182611af01fbaeb2fa3839b283b8b7c1e88bd66db6

SHA512
d76e978de7648d26066710e27eb01ce4db8c4b931887eaf5c3e9fb1840cd30e1288e8668458cbfe89ba8596e69b37f2e480b9f3de7968d0e755fa606d2579b43

Download Submit
C:\Windows\System\FlCnYNa.exe

Filesize
6.0MB

MD5
45c9be5db0e30f35bea387fae50576ed

SHA1
385771af889893ef69fdb2032355112a74e0e2c0

SHA256
6c153c032f758526b21ecb65488edaf782a31b191c0ac7d27b932374bcd5d36d

SHA512
95075abeed90c49935887241b81a9e9f768f0bcf5f913f0d97d59ded9702cd9001ad1c205293ea355e4a6618a0e37ccf7f871c1902fd47ae267d42bc04b0ea9d

Download Submit
C:\Windows\System\HTYjrwn.exe

Filesize
6.0MB

MD5
57ebcaf63436b48ccdbad08287f60f92

SHA1
71c5f7eddaf2d167f7b187b9a55cfee7fd7d9060

SHA256
82073183a9d9737d4e4821a9961f07a8e3f41361a11dd543b8c9fe43c0b0b38e

SHA512
5e6df486d70526d4a597a28a334d98605b45210c878d654a3f1395669116781d4f1c2ee1b4808389955d9284aaa92766dd6191706c080086804005ed5601d117

Download Submit
C:\Windows\System\SNkRuJE.exe

Filesize
6.0MB

MD5
8d83cdc00330fd1c4cdf5ced1c2e2af3

SHA1
22fa54db864572119e9c48077d2726b3511c981b

SHA256
04da8ef2db5401ed8d8cc016a873a4ae93731e67fdd05875334866a8a72910d6

SHA512
d23ffc14d3b09d2d2e6493cb4fb462756d0b9b1df33fae24c3208e565d85983ee6b283567a41475055fe0f14cecf2b44476e7e58b26a3f603918275ee72f9f04

Download Submit
C:\Windows\System\TPiFUOf.exe

Filesize
6.0MB

MD5
1271bee3e6d7c2cf8c65b2e6f235cec9

SHA1
7b8726f7acb6a42d314c3cb8fec7b1495624352b

SHA256
e50477cf6b270a49a1fd018b90a1d1981f383a7f7fad9c6c63645d3737d4666a

SHA512
de4fec3cb4affed73f72026cbc4ea9ed22f9545ce7a6385bd1793523f842c9a296ad2c0b5689624e6181c6723b86d251432cec88888276d767fcc0751fefca16

Download Submit
C:\Windows\System\TRCOFeV.exe

Filesize
6.0MB

MD5
d2cfdf898b91d843ef08082828b956b5

SHA1
faff082d9ef99179da1256e7e555ed278014d9f9

SHA256
3fc4c8b6d6ef1e7a39736750701ec771aec4f703279678b02d5fe21f296a89e7

SHA512
5b22f1793659937a55e263350480a88570565ba94d76fd03c0d72d13b19dec208deab9fc51bb7a1eba1855099e1dcb7aeeee36d4fa55be3bfd92b2cfb2248fcc

Download Submit
C:\Windows\System\TfvZmaq.exe

Filesize
6.0MB

MD5
ae25992087275c6a62093376b34e0b0f

SHA1
5b5cacbc5a2a83c10fd9c8d0e9389228a9b17801

SHA256
5948fe224358b8501d2ad26807750dd97f2834c6e9dc13de505fd6a707d0b39a

SHA512
f9cc03373125ef830bf2e3f5844015dcf1e1d51dcc5c8755af4b4705ca1724ad2f0cd464e988bdc327dce6e11af114b184b21bf2dbfd120da87d4e5631730a7a

Download Submit
C:\Windows\System\YiMUaeF.exe

Filesize
6.0MB

MD5
b7f13a3c497e904ade1e8603b61dce28

SHA1
58f81a02e6cb74bcef78cd874df05f3b474b261f

SHA256
219c360ef590619f67b284e68e6abbd7215dc73d5b55ace926175be447d76e40

SHA512
683eff3f13c18f5df1fa9666e8ec6f7c48a21bb202c4fc30b0d6a88966a0b2b64c10cfb5fe25db8866f22370da31b0866209e46540e855c20147011552fdc0b6

Download Submit
C:\Windows\System\bQTDQxe.exe

Filesize
6.0MB

MD5
e817882b538c529a74edd26a165ab7a7

SHA1
26896f6de5456c5f28f98df8d5d568d0e6a0c83e

SHA256
33b1d6d33141ff4bd14c84113b3d42b1df98906a1a913dce81009ebd2f812890

SHA512
cdfb1d1b043b6cb744855b1fa1ce68c9b83440016283fd488b336e0a518084f3e384b22a3464511490fabf1900a8daa4ad54ea883073f61a68a4f77ca868cc1d

Download Submit
C:\Windows\System\bUvlgFM.exe

Filesize
6.0MB

MD5
ac426bf0bebb6296be72414f0349920a

SHA1
37d8ef893bb5743cdaa5ecd647d00145f5698926

SHA256
2aed87df827b44cd53a64efde8db7a23ddac4172b5dec824adc889cdd9feea60

SHA512
b0c5c0ba915b9d5ebda5b780b9e50dc1b50a13a980f466c1acf1c4f122799689939a8f26e8b0c00d619224bc481c07868bb8e98d801f30f77fd0624b1d0e5e2a

Download Submit
C:\Windows\System\bcHdpfk.exe

Filesize
6.0MB

MD5
b6d51ee6f63a0dada2fd7cbd4f61ab34

SHA1
935c51de7b7164f310ea7675d36f5268072c7bed

SHA256
c2ed363d7136366b7dd67a3ef434f021e6cfb2f33761b6027f2f5a9c51ec6686

SHA512
6f0c88e26bfc815a9249e167de20431d84104829f7f34aa9ebc704780f8b29d5d24e7a6be03ca178b5fd46bc900975535849d4975ea71db5e88d0cd7abaac189

Download Submit
C:\Windows\System\byjDKCp.exe

Filesize
6.0MB

MD5
fef2964d6598499e8a14627bd6779bfd

SHA1
69c7a2602baf9976da222db4b7f4441580643fd7

SHA256
d0d53223dfb856d84a7b2908820b50994040ee404eaad920b40efcabc7ceeb55

SHA512
7f339f37fa2c13d5968b3f74f9fe34342ecc47facdc055b9972e4d095bfcc30bd710f245a8cad45ea717297532c5b8205c289ce3bd950dca8df387d1edae8e65

Download Submit
C:\Windows\System\dNWCtku.exe

Filesize
6.0MB

MD5
6f3d76bffc7d73f9931f754127813290

SHA1
24ca604b470b5b21d8a9bd422e19332a7716b99e

SHA256
3bf4dc2aeac13334ea410804a34f4ddd970080956eeb17978757ede8e29aa926

SHA512
74f88b58f89625ec86eb7c5e3f2c57a196e2a8eab0bcf81f37d759f959520e093adcd3dac4480ba6d22ac0ffa9d9d68021a6f40b0ddc3b6705731ba78cd449db

Download Submit
C:\Windows\System\dUupfOH.exe

Filesize
6.0MB

MD5
e6487f155f46d4c863b34612b09a72bf

SHA1
c13facf9c62c9d31d7a49b61b145700ae760e99c

SHA256
8f9bbb4f82a8dca7541edf1661b1f250edd6fddb241b18e998e1ffbfdba69517

SHA512
8f2bfe84ca15d65e7d8c758fa95ded9df8af7835aa3570fcc0d1f8adadfd392c8004c9173a368b1c5a99dc00fab85031289b149ff3b777e77518f5b3d3150233

Download Submit
C:\Windows\System\eXKVSTe.exe

Filesize
6.0MB

MD5
b0b5f4d6466c63ba87d91542a1caa49d

SHA1
237cd869d1a7deb11e6515e32e2d98a228d8eefb

SHA256
3f54fbf5368b09e9a9a3e531bc53c634187d28b9d8d0659a4f4f159dc274eea4

SHA512
cf44c37dc46f524b39d948494a7e41e775af8105dcd9d7b11074aa0a882a70d4f141ecc07e31d8ba40456b6bf1540bd03dab47be06ee5c6664b4728cdb16674d

Download Submit
C:\Windows\System\eYerpJs.exe

Filesize
6.0MB

MD5
9cc72d7a2622ddb64b67c68bb9125b78

SHA1
4cc19065a384b84a52c309161ad602a455432c92

SHA256
136e02b812624d21eb5774a19a899338f41010f58129d55a7694efee75fd4a47

SHA512
da27302abee3a35daca3dc340801657bb9026131d3c596cab5a72398eab9bdfc048b0bd49f1935a5212a864c16304ecbcc58241cd38525eb884a94a5ab9b8cb0

Download Submit
C:\Windows\System\fzekGvi.exe

Filesize
6.0MB

MD5
3a48aadb3b965b6128cfa99f1649202f

SHA1
3da1c8da8f087d67062721024fb1b014c55b1261

SHA256
627e38a7e3c37f286f756d4c7a57fbff46e61630303fcf6b3815f28086afbcab

SHA512
34aec2c90c4096f39d3a696b3bdae05c79ddf82a4bebcaa2dc5950bf50d029a9ad1d739ca44bd81c48a5adbeef5cd83bcfa3e7924d66ef778d7d57ea82a88613

Download Submit
C:\Windows\System\gfJxgtU.exe

Filesize
6.0MB

MD5
f50b2cf5f2fb054a88741a6f39dd911a

SHA1
a7ce24b5b0b561e1490e5a354e671e40d7225821

SHA256
6315f8d6bb99a51797c5645f7d4864f715454ed70e4f03d1166103bb6149b1fe

SHA512
87d377f2be6638093c7865f60986c4d0482edea9eb246aff58d64c38988069ad64c39e143ec15af2e4b08296415ccb064d3ad76134657855a7842658abcd9fb2

Download Submit
C:\Windows\System\jbvPcLc.exe

Filesize
6.0MB

MD5
83de57a9af37aea8160e171ecf719f3b

SHA1
8578139f85165eb512505efb474be863d76477a1

SHA256
3b8be6e632c388465c0d792276293128bbc384f42de52c232c39c45ce40e49a4

SHA512
cc5b986fc89ed38d8b75cdd84982ec6f79c0ce6ff17a7e5ea3d109518a3de707e4a17c2cdeddd09ffb02f9fdd669f4e7899c602880c421c685390f789ed2f745

Download Submit
C:\Windows\System\ktaKdJU.exe

Filesize
6.0MB

MD5
f21cb0281dcaf4336532019a9831f47c

SHA1
2175679544dc9f5b8c76fac760b863269530e4eb

SHA256
7c8de93aa35606bda950fe73e3c38008f23cc2a56c775b062f0bf3daf71f6d4d

SHA512
000b5b833e39b59ccb53bfe77f252b458d97536a2f2cae3937ecfa1ba6a5d84ba94a6d59540022aa6086f5f70533d8b2f7f961eddeec498ece9de35553a95d47

Download Submit
C:\Windows\System\lLdTlnS.exe

Filesize
6.0MB

MD5
4a53c12c31c3d88317fcc1698163b2aa

SHA1
73ded81040e514c55832cb993846816ec6709e8e

SHA256
4a8ff79ec04f10328d24546102677735e582b4b6ce9f16d4ebbc0aa627370fac

SHA512
16601f1204985ae3d2591ff8c8c1e30708af7e685d548388d656073579615f791e1dfd53a000b0be39a679adbf42420a5017d252f3804f72e9b1722210c0de85

Download Submit
C:\Windows\System\lYAZfyy.exe

Filesize
6.0MB

MD5
4e87959402c14ed088f501a370fccb69

SHA1
e5e005cd8d7c3770144e765770cd89927caca589

SHA256
4c4278e27c9914dd08652ad7cef09928af4f2ea611d206d4512a2af8779b203b

SHA512
ee699cf6b0945aab781ba456824c715a4a3af57e3d9ab0cb6dafa67dde1688c8cbc59471439ae95cddde6b7a1f126eb0ddd6657279ca1d979b2c126af3074b37

Download Submit
C:\Windows\System\nntopcO.exe

Filesize
6.0MB

MD5
8c37f63b9a33c52d01e86b5560682a95

SHA1
214c905bc6a9e6ee6a84f9614619f1265267fe1c

SHA256
1d9a6d044d2078ad33b54eef80093c8491f5a93179c49203fbe566d0b1fbd7e5

SHA512
f08d1ae4d4c5ecfeab0097351e592de0bee90394f6cdcc4ab3a70bf04402909b17978da42bb054c8dc6caa33aef35bb7553ae8579f6bbd57064811be7fc1d175

Download Submit
C:\Windows\System\oKmAYOG.exe

Filesize
6.0MB

MD5
8f4b25987cba7ef7bd3d02205188174c

SHA1
0555e5d665faadc259ed3a2694d3747e2760c8cd

SHA256
7e8b7e6642d270034fe1d1f097d724bb2bbab289b30bef8d76a2f7099e7764da

SHA512
e0009c292a46b6ed324bb7aabbd03c92ae6180dc93ec3485c46ada0e55b40f3cdce3582b05e57d76de2413e5df740e682ac731a157e7511a8224d76ecfcce6ec

Download Submit
C:\Windows\System\pDBoIXY.exe

Filesize
6.0MB

MD5
a99a32f1bbe51c6812366a0b33e8fdea

SHA1
4c4acb34ea93f3b46cffa9e3f624372b6dfb0326

SHA256
01938f26103928667859ad3f9af7681ab49374936cd2a46b518f64d4955767e9

SHA512
1b8080b07349f98501951daad4c3d28081b39c6f2c4922f6f7076aa8624ebbea9f5af34787b128b3939568c79e3e8128e973120578ef5d1a8a7d36c9b664391b

Download Submit
C:\Windows\System\pMtFgFd.exe

Filesize
6.0MB

MD5
8a16fbe46fe171a84f31afa6157aa7b9

SHA1
075b63443b5336f6df972426fec2ed7e31b0acfb

SHA256
cb31362bc55d44347e4438b801a508820c66383b56bc220ae746a9a096274e6e

SHA512
a233da4cd6c3e8c40e695334f6ce263afb7fa8ef75d487541f2cbf0d732d090ce6a99f9ce338d9f82f82b8a2bf29e8e08d358d3668724c09c21ce4f8757bdc45

Download Submit
C:\Windows\System\pmaYaPy.exe

Filesize
6.0MB

MD5
a2dd6d7104d48306cab70f96e194c033

SHA1
9202d3434fe9971e26c15e3b5553ff4a8ce26285

SHA256
4ff3a148388c9da31a824f7ed6d6a6c1a6b8cc4b1e76de9fd6d572121cb2bf86

SHA512
3944fb59b1518d2eafed2492e314650c7c09e50d7e1905e7b66df818e3dcc5b12738d82e8fe3b798b8f84186e34c58ca3f236990c2af970593e8313e07e06b9c

Download Submit
C:\Windows\System\tNScIoQ.exe

Filesize
6.0MB

MD5
733550d8ed4bca3dc7daa93d721655ce

SHA1
f9a3fa750534146606df8d36a3ef8a1f801eaa24

SHA256
579846659ec1a4350c5ff77f6abeea164f68f20c31d6b750da10412bfb64adc9

SHA512
39bbc8b55357eb71d90c456e4882b5379d6b7dd4925ab8e1a632f709a0f62af41716e6090ccb5e0d92f84c6ece01fb33dbd46422727c1799a9e2930089007dc2

Download Submit
C:\Windows\System\vgQnYoU.exe

Filesize
6.0MB

MD5
007df7dc4689c795cd8ec09522c7758f

SHA1
dad4edaf5ed463a7a796b81f15eb7a5086a4b697

SHA256
dcdccdf49a55ae827d73aaef6b6129fbdef0f21941b3bb2c2d186563ff23f3c3

SHA512
d22b5c96eaf6755334b393c9971a0acb036a01c120f7c0f57e06d7eab18e60b2953bd56414d00d3e3243a1f1aad596b737c24167240e544107e63b96e1b14fb9

Download Submit
C:\Windows\System\xwzVVsH.exe

Filesize
6.0MB

MD5
4ad0afb4169040446221473064a5bac3

SHA1
edf35377a4b6049cd428b68e3169dbb0969ec196

SHA256
5ae8a19157cd5621d0c8fc752c9b74c0ba822ab622a02fefecc293f3344f39d8

SHA512
a0d93e1ce9b8120d861453cc7162843835ac9a442761b99e5f33fcd0df24eececf7bb5dda892ba50c8b5da4d3885355dee255e67ef9ad868db4b424b3228596d

Download Submit
memory/32-1970-0x00007FF655210000-0x00007FF655564000-memory.dmp

Filesize
3.3MB

Download
memory/32-571-0x00007FF655210000-0x00007FF655564000-memory.dmp

Filesize
3.3MB

Download
memory/32-184-0x00007FF655210000-0x00007FF655564000-memory.dmp

Filesize
3.3MB

Download
memory/392-1571-0x00007FF7CAD10000-0x00007FF7CB064000-memory.dmp

Filesize
3.3MB

Download
memory/392-156-0x00007FF7CAD10000-0x00007FF7CB064000-memory.dmp

Filesize
3.3MB

Download
memory/392-386-0x00007FF7CAD10000-0x00007FF7CB064000-memory.dmp

Filesize
3.3MB

Download
memory/1228-595-0x00007FF7497E0000-0x00007FF749B34000-memory.dmp

Filesize
3.3MB

Download
memory/1228-124-0x00007FF7497E0000-0x00007FF749B34000-memory.dmp

Filesize
3.3MB

Download
memory/1500-180-0x00007FF676F60000-0x00007FF6772B4000-memory.dmp

Filesize
3.3MB

Download
memory/1500-1965-0x00007FF676F60000-0x00007FF6772B4000-memory.dmp

Filesize
3.3MB

Download
memory/1500-479-0x00007FF676F60000-0x00007FF6772B4000-memory.dmp

Filesize
3.3MB

Download
memory/1564-59-0x00007FF6E34B0000-0x00007FF6E3804000-memory.dmp

Filesize
3.3MB

Download
memory/1564-161-0x00007FF6E34B0000-0x00007FF6E3804000-memory.dmp

Filesize
3.3MB

Download
memory/1564-575-0x00007FF6E34B0000-0x00007FF6E3804000-memory.dmp

Filesize
3.3MB

Download
memory/1840-80-0x00007FF6DEDF0000-0x00007FF6DF144000-memory.dmp

Filesize
3.3MB

Download
memory/1840-583-0x00007FF6DEDF0000-0x00007FF6DF144000-memory.dmp

Filesize
3.3MB

Download
memory/1840-172-0x00007FF6DEDF0000-0x00007FF6DF144000-memory.dmp

Filesize
3.3MB

Download
memory/2176-44-0x00007FF7B2400000-0x00007FF7B2754000-memory.dmp

Filesize
3.3MB

Download
memory/2176-159-0x00007FF7B2400000-0x00007FF7B2754000-memory.dmp

Filesize
3.3MB

Download
memory/2176-574-0x00007FF7B2400000-0x00007FF7B2754000-memory.dmp

Filesize
3.3MB

Download
memory/2188-603-0x00007FF7E7BA0000-0x00007FF7E7EF4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-175-0x00007FF7E7BA0000-0x00007FF7E7EF4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-92-0x00007FF7E7BA0000-0x00007FF7E7EF4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-562-0x00007FF6F4080000-0x00007FF6F43D4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-122-0x00007FF6F4080000-0x00007FF6F43D4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-19-0x00007FF6F4080000-0x00007FF6F43D4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-113-0x00007FF650380000-0x00007FF6506D4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-599-0x00007FF650380000-0x00007FF6506D4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-209-0x00007FF650380000-0x00007FF6506D4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-335-0x00007FF71FFF0000-0x00007FF720344000-memory.dmp

Filesize
3.3MB

Download
memory/2456-148-0x00007FF71FFF0000-0x00007FF720344000-memory.dmp

Filesize
3.3MB

Download
memory/2456-1558-0x00007FF71FFF0000-0x00007FF720344000-memory.dmp

Filesize
3.3MB

Download
memory/2468-96-0x00007FF628DF0000-0x00007FF629144000-memory.dmp

Filesize
3.3MB

Download
memory/2468-0-0x00007FF628DF0000-0x00007FF629144000-memory.dmp

Filesize
3.3MB

Download
memory/2468-1-0x00000251F59E0000-0x00000251F59F0000-memory.dmp

Filesize
64KB

Download
memory/2504-566-0x00007FF62BD10000-0x00007FF62C064000-memory.dmp

Filesize
3.3MB

Download
memory/2504-30-0x00007FF62BD10000-0x00007FF62C064000-memory.dmp

Filesize
3.3MB

Download
memory/2504-133-0x00007FF62BD10000-0x00007FF62C064000-memory.dmp

Filesize
3.3MB

Download
memory/2676-591-0x00007FF70DFC0000-0x00007FF70E314000-memory.dmp

Filesize
3.3MB

Download
memory/2676-65-0x00007FF70DFC0000-0x00007FF70E314000-memory.dmp

Filesize
3.3MB

Download
memory/2676-169-0x00007FF70DFC0000-0x00007FF70E314000-memory.dmp

Filesize
3.3MB

Download
memory/3040-145-0x00007FF7611A0000-0x00007FF7614F4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-1565-0x00007FF7611A0000-0x00007FF7614F4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-282-0x00007FF7611A0000-0x00007FF7614F4000-memory.dmp

Filesize
3.3MB

Download
memory/3092-39-0x00007FF6C8BF0000-0x00007FF6C8F44000-memory.dmp

Filesize
3.3MB

Download
memory/3092-142-0x00007FF6C8BF0000-0x00007FF6C8F44000-memory.dmp

Filesize
3.3MB

Download
memory/3092-581-0x00007FF6C8BF0000-0x00007FF6C8F44000-memory.dmp

Filesize
3.3MB

Download
memory/3276-179-0x00007FF6D34D0000-0x00007FF6D3824000-memory.dmp

Filesize
3.3MB

Download
memory/3276-600-0x00007FF6D34D0000-0x00007FF6D3824000-memory.dmp

Filesize
3.3MB

Download
memory/3276-95-0x00007FF6D34D0000-0x00007FF6D3824000-memory.dmp

Filesize
3.3MB

Download
memory/3640-1576-0x00007FF7A88B0000-0x00007FF7A8C04000-memory.dmp

Filesize
3.3MB

Download
memory/3640-389-0x00007FF7A88B0000-0x00007FF7A8C04000-memory.dmp

Filesize
3.3MB

Download
memory/3640-158-0x00007FF7A88B0000-0x00007FF7A8C04000-memory.dmp

Filesize
3.3MB

Download
memory/3656-594-0x00007FF7AF610000-0x00007FF7AF964000-memory.dmp

Filesize
3.3MB

Download
memory/3656-107-0x00007FF7AF610000-0x00007FF7AF964000-memory.dmp

Filesize
3.3MB

Download
memory/3676-123-0x00007FF637580000-0x00007FF6378D4000-memory.dmp

Filesize
3.3MB

Download
memory/3676-597-0x00007FF637580000-0x00007FF6378D4000-memory.dmp

Filesize
3.3MB

Download
memory/3856-9-0x00007FF7635E0000-0x00007FF763934000-memory.dmp

Filesize
3.3MB

Download
memory/3856-555-0x00007FF7635E0000-0x00007FF763934000-memory.dmp

Filesize
3.3MB

Download
memory/3856-112-0x00007FF7635E0000-0x00007FF763934000-memory.dmp

Filesize
3.3MB

Download
memory/3940-149-0x00007FF6D30F0000-0x00007FF6D3444000-memory.dmp

Filesize
3.3MB

Download
memory/3940-587-0x00007FF6D30F0000-0x00007FF6D3444000-memory.dmp

Filesize
3.3MB

Download
memory/3940-53-0x00007FF6D30F0000-0x00007FF6D3444000-memory.dmp

Filesize
3.3MB

Download
memory/3952-64-0x00007FF7A1E60000-0x00007FF7A21B4000-memory.dmp

Filesize
3.3MB

Download
memory/3952-162-0x00007FF7A1E60000-0x00007FF7A21B4000-memory.dmp

Filesize
3.3MB

Download
memory/3952-585-0x00007FF7A1E60000-0x00007FF7A21B4000-memory.dmp

Filesize
3.3MB

Download
memory/3988-602-0x00007FF7D0030000-0x00007FF7D0384000-memory.dmp

Filesize
3.3MB

Download
memory/3988-188-0x00007FF7D0030000-0x00007FF7D0384000-memory.dmp

Filesize
3.3MB

Download
memory/3988-1974-0x00007FF7D0030000-0x00007FF7D0384000-memory.dmp

Filesize
3.3MB

Download
memory/3992-570-0x00007FF7AFDE0000-0x00007FF7B0134000-memory.dmp

Filesize
3.3MB

Download
memory/3992-139-0x00007FF7AFDE0000-0x00007FF7B0134000-memory.dmp

Filesize
3.3MB

Download
memory/3992-37-0x00007FF7AFDE0000-0x00007FF7B0134000-memory.dmp

Filesize
3.3MB

Download
memory/4120-598-0x00007FF754BD0000-0x00007FF754F24000-memory.dmp

Filesize
3.3MB

Download
memory/4120-125-0x00007FF754BD0000-0x00007FF754F24000-memory.dmp

Filesize
3.3MB

Download
memory/4524-558-0x00007FF7389C0000-0x00007FF738D14000-memory.dmp

Filesize
3.3MB

Download
memory/4524-22-0x00007FF7389C0000-0x00007FF738D14000-memory.dmp

Filesize
3.3MB

Download
memory/4836-83-0x00007FF64F830000-0x00007FF64FB84000-memory.dmp

Filesize
3.3MB

Download
memory/4836-173-0x00007FF64F830000-0x00007FF64FB84000-memory.dmp

Filesize
3.3MB

Download
memory/4836-601-0x00007FF64F830000-0x00007FF64FB84000-memory.dmp

Filesize
3.3MB

Download
memory/5060-429-0x00007FF7F8710000-0x00007FF7F8A64000-memory.dmp

Filesize
3.3MB

Download
memory/5060-1575-0x00007FF7F8710000-0x00007FF7F8A64000-memory.dmp

Filesize
3.3MB

Download
memory/5060-160-0x00007FF7F8710000-0x00007FF7F8A64000-memory.dmp

Filesize
3.3MB

Download
memory/5088-138-0x00007FF775FD0000-0x00007FF776324000-memory.dmp

Filesize
3.3MB

Download
memory/5088-1552-0x00007FF775FD0000-0x00007FF776324000-memory.dmp

Filesize
3.3MB

Download