cobaltstrike | 200609c7e8786863aba10aee0defa9f2d0180e049f110bee6d08f515830addb6

Analysis

max time kernel
98s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/12/2024, 07:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ff7d08a765cc7043f61942138f8dadf1
SHA1

cef4e47516c33c32ceb908071eba45edf27e8250
SHA256

200609c7e8786863aba10aee0defa9f2d0180e049f110bee6d08f515830addb6
SHA512

df74394638e674c3e9376c71aa43dec0fbae1e2233fa89c3989d0331237db5717c3f94345c2d92e8d6b7b2329187b4f98f2f6593255e0af705b29b9980d0060f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023cce-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd6-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd8-25.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd9-34.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdb-43.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cda-49.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdc-53.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdf-73.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023cd2-85.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ceb-153.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cf0-170.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cf1-189.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cf3-195.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cf2-194.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cef-185.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cee-183.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ced-181.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cec-175.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce9-165.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cea-163.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce8-147.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce6-145.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce7-146.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce5-132.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce4-124.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce3-122.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce2-111.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce1-96.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ce0-92.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cde-68.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cdd-66.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd7-29.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cd5-12.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4376-0-0x00007FF7EAD20000-0x00007FF7EB074000-memory.dmp	xmrig
behavioral2/files/0x0008000000023cce-4.dat	xmrig
behavioral2/memory/2104-7-0x00007FF696E70000-0x00007FF6971C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cd6-11.dat	xmrig
behavioral2/files/0x0007000000023cd8-25.dat	xmrig
behavioral2/files/0x0007000000023cd9-34.dat	xmrig
behavioral2/memory/2776-37-0x00007FF7327C0000-0x00007FF732B14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cdb-43.dat	xmrig
behavioral2/files/0x0007000000023cda-49.dat	xmrig
behavioral2/files/0x0007000000023cdc-53.dat	xmrig
behavioral2/memory/4812-64-0x00007FF71C530000-0x00007FF71C884000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cdf-73.dat	xmrig
behavioral2/files/0x0008000000023cd2-85.dat	xmrig
behavioral2/memory/2776-98-0x00007FF7327C0000-0x00007FF732B14000-memory.dmp	xmrig
behavioral2/memory/1740-126-0x00007FF71AC30000-0x00007FF71AF84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ceb-153.dat	xmrig
behavioral2/files/0x0007000000023cf0-170.dat	xmrig
behavioral2/files/0x0007000000023cf1-189.dat	xmrig
behavioral2/memory/4072-386-0x00007FF674190000-0x00007FF6744E4000-memory.dmp	xmrig
behavioral2/memory/3008-487-0x00007FF7F7550000-0x00007FF7F78A4000-memory.dmp	xmrig
behavioral2/memory/1748-600-0x00007FF71DA60000-0x00007FF71DDB4000-memory.dmp	xmrig
behavioral2/memory/4812-385-0x00007FF71C530000-0x00007FF71C884000-memory.dmp	xmrig
behavioral2/memory/3604-680-0x00007FF6F8A50000-0x00007FF6F8DA4000-memory.dmp	xmrig
behavioral2/memory/2424-679-0x00007FF61D2C0000-0x00007FF61D614000-memory.dmp	xmrig
behavioral2/memory/4088-211-0x00007FF7CADA0000-0x00007FF7CB0F4000-memory.dmp	xmrig
behavioral2/memory/2752-205-0x00007FF79FE40000-0x00007FF7A0194000-memory.dmp	xmrig
behavioral2/memory/464-204-0x00007FF7F64A0000-0x00007FF7F67F4000-memory.dmp	xmrig
behavioral2/memory/912-203-0x00007FF6597E0000-0x00007FF659B34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cf3-195.dat	xmrig
behavioral2/files/0x0007000000023cf2-194.dat	xmrig
behavioral2/memory/4544-193-0x00007FF68D680000-0x00007FF68D9D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cef-185.dat	xmrig
behavioral2/files/0x0007000000023cee-183.dat	xmrig
behavioral2/files/0x0007000000023ced-181.dat	xmrig
behavioral2/memory/2156-180-0x00007FF7E9900000-0x00007FF7E9C54000-memory.dmp	xmrig
behavioral2/memory/1772-179-0x00007FF6D0C30000-0x00007FF6D0F84000-memory.dmp	xmrig
behavioral2/memory/2732-744-0x00007FF647100000-0x00007FF647454000-memory.dmp	xmrig
behavioral2/memory/1740-745-0x00007FF71AC30000-0x00007FF71AF84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cec-175.dat	xmrig
behavioral2/memory/4476-172-0x00007FF7D8B70000-0x00007FF7D8EC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce9-165.dat	xmrig
behavioral2/files/0x0007000000023cea-163.dat	xmrig
behavioral2/memory/4564-162-0x00007FF6DADA0000-0x00007FF6DB0F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce8-147.dat	xmrig
behavioral2/files/0x0007000000023ce6-145.dat	xmrig
behavioral2/files/0x0007000000023ce7-146.dat	xmrig
behavioral2/memory/796-144-0x00007FF6FD380000-0x00007FF6FD6D4000-memory.dmp	xmrig
behavioral2/memory/1812-143-0x00007FF6543E0000-0x00007FF654734000-memory.dmp	xmrig
behavioral2/memory/3160-134-0x00007FF648220000-0x00007FF648574000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce5-132.dat	xmrig
behavioral2/memory/4224-127-0x00007FF745460000-0x00007FF7457B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce4-124.dat	xmrig
behavioral2/files/0x0007000000023ce3-122.dat	xmrig
behavioral2/memory/3640-114-0x00007FF7A7A80000-0x00007FF7A7DD4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce2-111.dat	xmrig
behavioral2/memory/2732-110-0x00007FF647100000-0x00007FF647454000-memory.dmp	xmrig
behavioral2/memory/3604-109-0x00007FF6F8A50000-0x00007FF6F8DA4000-memory.dmp	xmrig
behavioral2/memory/4168-104-0x00007FF6DA500000-0x00007FF6DA854000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce1-96.dat	xmrig
behavioral2/memory/2424-95-0x00007FF61D2C0000-0x00007FF61D614000-memory.dmp	xmrig
behavioral2/memory/2092-94-0x00007FF72E700000-0x00007FF72EA54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ce0-92.dat	xmrig
behavioral2/memory/1408-91-0x00007FF789490000-0x00007FF7897E4000-memory.dmp	xmrig
behavioral2/memory/2316-90-0x00007FF681FD0000-0x00007FF682324000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2104	kKsziRr.exe
4900	DIohcZu.exe
2316	FTvCtXS.exe
1408	BkzPYAp.exe
2776	EEfPfXA.exe
4168	MDnFRlt.exe
3640	vmGrlao.exe
3160	bneDDVY.exe
464	YNpThVo.exe
4812	YnnPuVy.exe
4072	MuvtWic.exe
3008	mXSjiKm.exe
2092	WXApogc.exe
1748	sIWUlCD.exe
2424	LERiRPT.exe
3604	MYlVaRa.exe
1740	FnVhGQk.exe
2732	plItnFX.exe
4224	hYHMakQ.exe
1812	quMVBUA.exe
796	WRugimI.exe
4564	DgMtDDL.exe
2752	FQComUp.exe
4476	ageVncq.exe
1772	YFNebqX.exe
2156	YiNDfaW.exe
4088	BUKeyFT.exe
4544	LMVVlzO.exe
912	EUITNfg.exe
1172	ddCqzSU.exe
3488	TiWhYMh.exe
1800	wCUrKWy.exe
2648	mhKjBEj.exe
3588	LvdIznN.exe
3404	fhQQQRN.exe
404	hNxBiQC.exe
3864	jjVYiNX.exe
3772	CpdWIMO.exe
2716	hTbmRfd.exe
1288	YnvrYPx.exe
848	YqDIIun.exe
2996	UxTESON.exe
3452	SUlntPN.exe
3968	AJTXxCM.exe
208	qgDhsBy.exe
2412	mLSoNjZ.exe
4876	hNoHgJK.exe
4540	KZoQlcK.exe
3472	VReUDIG.exe
3732	XfebhRO.exe
1712	KmuNoAf.exe
4288	YTfCLTz.exe
4412	dynQVSd.exe
2844	faiAPgt.exe
224	ztQBTEv.exe
1632	NaswjMT.exe
2540	aTnDRsF.exe
2456	CpevlUp.exe
876	SLKPcCR.exe
428	nBpOCbK.exe
348	JwRWXhC.exe
3528	oIkprTG.exe
4568	jucopct.exe
1796	WYhkAmX.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4376-0-0x00007FF7EAD20000-0x00007FF7EB074000-memory.dmp	upx
behavioral2/files/0x0008000000023cce-4.dat	upx
behavioral2/memory/2104-7-0x00007FF696E70000-0x00007FF6971C4000-memory.dmp	upx
behavioral2/files/0x0007000000023cd6-11.dat	upx
behavioral2/files/0x0007000000023cd8-25.dat	upx
behavioral2/files/0x0007000000023cd9-34.dat	upx
behavioral2/memory/2776-37-0x00007FF7327C0000-0x00007FF732B14000-memory.dmp	upx
behavioral2/files/0x0007000000023cdb-43.dat	upx
behavioral2/files/0x0007000000023cda-49.dat	upx
behavioral2/files/0x0007000000023cdc-53.dat	upx
behavioral2/memory/4812-64-0x00007FF71C530000-0x00007FF71C884000-memory.dmp	upx
behavioral2/files/0x0007000000023cdf-73.dat	upx
behavioral2/files/0x0008000000023cd2-85.dat	upx
behavioral2/memory/2776-98-0x00007FF7327C0000-0x00007FF732B14000-memory.dmp	upx
behavioral2/memory/1740-126-0x00007FF71AC30000-0x00007FF71AF84000-memory.dmp	upx
behavioral2/files/0x0007000000023ceb-153.dat	upx
behavioral2/files/0x0007000000023cf0-170.dat	upx
behavioral2/files/0x0007000000023cf1-189.dat	upx
behavioral2/memory/4072-386-0x00007FF674190000-0x00007FF6744E4000-memory.dmp	upx
behavioral2/memory/3008-487-0x00007FF7F7550000-0x00007FF7F78A4000-memory.dmp	upx
behavioral2/memory/1748-600-0x00007FF71DA60000-0x00007FF71DDB4000-memory.dmp	upx
behavioral2/memory/4812-385-0x00007FF71C530000-0x00007FF71C884000-memory.dmp	upx
behavioral2/memory/3604-680-0x00007FF6F8A50000-0x00007FF6F8DA4000-memory.dmp	upx
behavioral2/memory/2424-679-0x00007FF61D2C0000-0x00007FF61D614000-memory.dmp	upx
behavioral2/memory/4088-211-0x00007FF7CADA0000-0x00007FF7CB0F4000-memory.dmp	upx
behavioral2/memory/2752-205-0x00007FF79FE40000-0x00007FF7A0194000-memory.dmp	upx
behavioral2/memory/464-204-0x00007FF7F64A0000-0x00007FF7F67F4000-memory.dmp	upx
behavioral2/memory/912-203-0x00007FF6597E0000-0x00007FF659B34000-memory.dmp	upx
behavioral2/files/0x0007000000023cf3-195.dat	upx
behavioral2/files/0x0007000000023cf2-194.dat	upx
behavioral2/memory/4544-193-0x00007FF68D680000-0x00007FF68D9D4000-memory.dmp	upx
behavioral2/files/0x0007000000023cef-185.dat	upx
behavioral2/files/0x0007000000023cee-183.dat	upx
behavioral2/files/0x0007000000023ced-181.dat	upx
behavioral2/memory/2156-180-0x00007FF7E9900000-0x00007FF7E9C54000-memory.dmp	upx
behavioral2/memory/1772-179-0x00007FF6D0C30000-0x00007FF6D0F84000-memory.dmp	upx
behavioral2/memory/2732-744-0x00007FF647100000-0x00007FF647454000-memory.dmp	upx
behavioral2/memory/1740-745-0x00007FF71AC30000-0x00007FF71AF84000-memory.dmp	upx
behavioral2/files/0x0007000000023cec-175.dat	upx
behavioral2/memory/4476-172-0x00007FF7D8B70000-0x00007FF7D8EC4000-memory.dmp	upx
behavioral2/files/0x0007000000023ce9-165.dat	upx
behavioral2/files/0x0007000000023cea-163.dat	upx
behavioral2/memory/4564-162-0x00007FF6DADA0000-0x00007FF6DB0F4000-memory.dmp	upx
behavioral2/files/0x0007000000023ce8-147.dat	upx
behavioral2/files/0x0007000000023ce6-145.dat	upx
behavioral2/files/0x0007000000023ce7-146.dat	upx
behavioral2/memory/796-144-0x00007FF6FD380000-0x00007FF6FD6D4000-memory.dmp	upx
behavioral2/memory/1812-143-0x00007FF6543E0000-0x00007FF654734000-memory.dmp	upx
behavioral2/memory/3160-134-0x00007FF648220000-0x00007FF648574000-memory.dmp	upx
behavioral2/files/0x0007000000023ce5-132.dat	upx
behavioral2/memory/4224-127-0x00007FF745460000-0x00007FF7457B4000-memory.dmp	upx
behavioral2/files/0x0007000000023ce4-124.dat	upx
behavioral2/files/0x0007000000023ce3-122.dat	upx
behavioral2/memory/3640-114-0x00007FF7A7A80000-0x00007FF7A7DD4000-memory.dmp	upx
behavioral2/files/0x0007000000023ce2-111.dat	upx
behavioral2/memory/2732-110-0x00007FF647100000-0x00007FF647454000-memory.dmp	upx
behavioral2/memory/3604-109-0x00007FF6F8A50000-0x00007FF6F8DA4000-memory.dmp	upx
behavioral2/memory/4168-104-0x00007FF6DA500000-0x00007FF6DA854000-memory.dmp	upx
behavioral2/files/0x0007000000023ce1-96.dat	upx
behavioral2/memory/2424-95-0x00007FF61D2C0000-0x00007FF61D614000-memory.dmp	upx
behavioral2/memory/2092-94-0x00007FF72E700000-0x00007FF72EA54000-memory.dmp	upx
behavioral2/files/0x0007000000023ce0-92.dat	upx
behavioral2/memory/1408-91-0x00007FF789490000-0x00007FF7897E4000-memory.dmp	upx
behavioral2/memory/2316-90-0x00007FF681FD0000-0x00007FF682324000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qvqjRmg.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\deDeNTp.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITDXQjv.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VJdiJWV.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LZPBvgS.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SnJakiE.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhlPTqk.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uoxldCg.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egNTYVd.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\auuRcEA.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JJDYaCv.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IcuNGQj.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\juRODul.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qOwXQxE.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfnImGL.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ObDdpRs.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YeaLlMb.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BuIUeVc.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdxfQxn.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNpThVo.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ocjiuZI.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hoQutwp.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOJFxwA.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nyJlwej.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAELHlM.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hIvEAEs.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\veVQmui.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfKCwgi.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XgtcbJO.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tcnynEz.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSuppuG.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GwmXauk.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExVTcJI.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nBtdCDZ.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUlntPN.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGXfeKD.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPyNAic.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbSOmTF.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YcTcKGo.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ozEcQlU.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nMVYoos.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOqLZny.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oPErMiX.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CejsCOy.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGgfUmj.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TQXgANF.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dOCSmqD.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKFShxv.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sUlwcnv.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lsjeJTZ.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmVGexW.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCBlKwz.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtkUBoG.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qgDhsBy.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnYjSWQ.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZwJCMg.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FnVhGQk.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\prlTucA.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ViWiFtM.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IxgNakq.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HISzADs.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NIySYTN.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTHcMTW.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\quMVBUA.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 2104	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4376 wrote to memory of 2104	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4376 wrote to memory of 4900	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4376 wrote to memory of 4900	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4376 wrote to memory of 2316	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4376 wrote to memory of 2316	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4376 wrote to memory of 1408	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4376 wrote to memory of 1408	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4376 wrote to memory of 2776	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4376 wrote to memory of 2776	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4376 wrote to memory of 4168	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4376 wrote to memory of 4168	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4376 wrote to memory of 3640	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4376 wrote to memory of 3640	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4376 wrote to memory of 3160	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4376 wrote to memory of 3160	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4376 wrote to memory of 464	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4376 wrote to memory of 464	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4376 wrote to memory of 4812	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4376 wrote to memory of 4812	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4376 wrote to memory of 4072	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4376 wrote to memory of 4072	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4376 wrote to memory of 3008	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4376 wrote to memory of 3008	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4376 wrote to memory of 2092	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4376 wrote to memory of 2092	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4376 wrote to memory of 1748	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4376 wrote to memory of 1748	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4376 wrote to memory of 2424	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4376 wrote to memory of 2424	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4376 wrote to memory of 3604	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4376 wrote to memory of 3604	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4376 wrote to memory of 1740	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4376 wrote to memory of 1740	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4376 wrote to memory of 2732	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4376 wrote to memory of 2732	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4376 wrote to memory of 4224	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4376 wrote to memory of 4224	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4376 wrote to memory of 1812	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4376 wrote to memory of 1812	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4376 wrote to memory of 796	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4376 wrote to memory of 796	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4376 wrote to memory of 4564	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4376 wrote to memory of 4564	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4376 wrote to memory of 2752	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4376 wrote to memory of 2752	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4376 wrote to memory of 4476	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4376 wrote to memory of 4476	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4376 wrote to memory of 1772	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4376 wrote to memory of 1772	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4376 wrote to memory of 2156	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4376 wrote to memory of 2156	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4376 wrote to memory of 4088	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4376 wrote to memory of 4088	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4376 wrote to memory of 4544	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4376 wrote to memory of 4544	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4376 wrote to memory of 912	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4376 wrote to memory of 912	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4376 wrote to memory of 1172	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4376 wrote to memory of 1172	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4376 wrote to memory of 3488	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4376 wrote to memory of 3488	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4376 wrote to memory of 1800	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4376 wrote to memory of 1800	4376	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	117

C:\Users\Admin\AppData\Local\Temp\2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Windows\System\kKsziRr.exe
  C:\Windows\System\kKsziRr.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\DIohcZu.exe
  C:\Windows\System\DIohcZu.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\FTvCtXS.exe
  C:\Windows\System\FTvCtXS.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\BkzPYAp.exe
  C:\Windows\System\BkzPYAp.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\EEfPfXA.exe
  C:\Windows\System\EEfPfXA.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\MDnFRlt.exe
  C:\Windows\System\MDnFRlt.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\vmGrlao.exe
  C:\Windows\System\vmGrlao.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\bneDDVY.exe
  C:\Windows\System\bneDDVY.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\YNpThVo.exe
  C:\Windows\System\YNpThVo.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\YnnPuVy.exe
  C:\Windows\System\YnnPuVy.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\MuvtWic.exe
  C:\Windows\System\MuvtWic.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\mXSjiKm.exe
  C:\Windows\System\mXSjiKm.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\WXApogc.exe
  C:\Windows\System\WXApogc.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\sIWUlCD.exe
  C:\Windows\System\sIWUlCD.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\LERiRPT.exe
  C:\Windows\System\LERiRPT.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\MYlVaRa.exe
  C:\Windows\System\MYlVaRa.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\FnVhGQk.exe
  C:\Windows\System\FnVhGQk.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\plItnFX.exe
  C:\Windows\System\plItnFX.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\hYHMakQ.exe
  C:\Windows\System\hYHMakQ.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\quMVBUA.exe
  C:\Windows\System\quMVBUA.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\WRugimI.exe
  C:\Windows\System\WRugimI.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\DgMtDDL.exe
  C:\Windows\System\DgMtDDL.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\FQComUp.exe
  C:\Windows\System\FQComUp.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\ageVncq.exe
  C:\Windows\System\ageVncq.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\YFNebqX.exe
  C:\Windows\System\YFNebqX.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\YiNDfaW.exe
  C:\Windows\System\YiNDfaW.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\BUKeyFT.exe
  C:\Windows\System\BUKeyFT.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\LMVVlzO.exe
  C:\Windows\System\LMVVlzO.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\EUITNfg.exe
  C:\Windows\System\EUITNfg.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\ddCqzSU.exe
  C:\Windows\System\ddCqzSU.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\TiWhYMh.exe
  C:\Windows\System\TiWhYMh.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\wCUrKWy.exe
  C:\Windows\System\wCUrKWy.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\mhKjBEj.exe
  C:\Windows\System\mhKjBEj.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\LvdIznN.exe
  C:\Windows\System\LvdIznN.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\fhQQQRN.exe
  C:\Windows\System\fhQQQRN.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\hNxBiQC.exe
  C:\Windows\System\hNxBiQC.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\jjVYiNX.exe
  C:\Windows\System\jjVYiNX.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\CpdWIMO.exe
  C:\Windows\System\CpdWIMO.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\hTbmRfd.exe
  C:\Windows\System\hTbmRfd.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\YnvrYPx.exe
  C:\Windows\System\YnvrYPx.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\YqDIIun.exe
  C:\Windows\System\YqDIIun.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\UxTESON.exe
  C:\Windows\System\UxTESON.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\SUlntPN.exe
  C:\Windows\System\SUlntPN.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\AJTXxCM.exe
  C:\Windows\System\AJTXxCM.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\qgDhsBy.exe
  C:\Windows\System\qgDhsBy.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\mLSoNjZ.exe
  C:\Windows\System\mLSoNjZ.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\hNoHgJK.exe
  C:\Windows\System\hNoHgJK.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\KZoQlcK.exe
  C:\Windows\System\KZoQlcK.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\VReUDIG.exe
  C:\Windows\System\VReUDIG.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\XfebhRO.exe
  C:\Windows\System\XfebhRO.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\KmuNoAf.exe
  C:\Windows\System\KmuNoAf.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\YTfCLTz.exe
  C:\Windows\System\YTfCLTz.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\dynQVSd.exe
  C:\Windows\System\dynQVSd.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\faiAPgt.exe
  C:\Windows\System\faiAPgt.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\ztQBTEv.exe
  C:\Windows\System\ztQBTEv.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\NaswjMT.exe
  C:\Windows\System\NaswjMT.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\aTnDRsF.exe
  C:\Windows\System\aTnDRsF.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\CpevlUp.exe
  C:\Windows\System\CpevlUp.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\SLKPcCR.exe
  C:\Windows\System\SLKPcCR.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\nBpOCbK.exe
  C:\Windows\System\nBpOCbK.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\JwRWXhC.exe
  C:\Windows\System\JwRWXhC.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\oIkprTG.exe
  C:\Windows\System\oIkprTG.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\jucopct.exe
  C:\Windows\System\jucopct.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\WYhkAmX.exe
  C:\Windows\System\WYhkAmX.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\AjUxtrn.exe
  C:\Windows\System\AjUxtrn.exe
  2⤵
  PID:2784
- C:\Windows\System\PglHkyw.exe
  C:\Windows\System\PglHkyw.exe
  2⤵
  PID:4620
- C:\Windows\System\zudVYDd.exe
  C:\Windows\System\zudVYDd.exe
  2⤵
  PID:1736
- C:\Windows\System\dQAnalg.exe
  C:\Windows\System\dQAnalg.exe
  2⤵
  PID:4600
- C:\Windows\System\OjOnGvS.exe
  C:\Windows\System\OjOnGvS.exe
  2⤵
  PID:512
- C:\Windows\System\pTTUHVj.exe
  C:\Windows\System\pTTUHVj.exe
  2⤵
  PID:3956
- C:\Windows\System\yHGQGIi.exe
  C:\Windows\System\yHGQGIi.exe
  2⤵
  PID:4748
- C:\Windows\System\ouhlSks.exe
  C:\Windows\System\ouhlSks.exe
  2⤵
  PID:1036
- C:\Windows\System\dOCSmqD.exe
  C:\Windows\System\dOCSmqD.exe
  2⤵
  PID:1268
- C:\Windows\System\iyTOQIR.exe
  C:\Windows\System\iyTOQIR.exe
  2⤵
  PID:1668
- C:\Windows\System\RTCxMIS.exe
  C:\Windows\System\RTCxMIS.exe
  2⤵
  PID:3044
- C:\Windows\System\JuGLUux.exe
  C:\Windows\System\JuGLUux.exe
  2⤵
  PID:3700
- C:\Windows\System\ObDdpRs.exe
  C:\Windows\System\ObDdpRs.exe
  2⤵
  PID:4300
- C:\Windows\System\CfqKbDH.exe
  C:\Windows\System\CfqKbDH.exe
  2⤵
  PID:4996
- C:\Windows\System\xDYaVrj.exe
  C:\Windows\System\xDYaVrj.exe
  2⤵
  PID:4604
- C:\Windows\System\qwHHTHQ.exe
  C:\Windows\System\qwHHTHQ.exe
  2⤵
  PID:2804
- C:\Windows\System\zENaDYO.exe
  C:\Windows\System\zENaDYO.exe
  2⤵
  PID:824
- C:\Windows\System\nnmPuvT.exe
  C:\Windows\System\nnmPuvT.exe
  2⤵
  PID:5128
- C:\Windows\System\DfgpKyS.exe
  C:\Windows\System\DfgpKyS.exe
  2⤵
  PID:5168
- C:\Windows\System\xsQZUiR.exe
  C:\Windows\System\xsQZUiR.exe
  2⤵
  PID:5188
- C:\Windows\System\lhBkiOn.exe
  C:\Windows\System\lhBkiOn.exe
  2⤵
  PID:5208
- C:\Windows\System\iYBdOde.exe
  C:\Windows\System\iYBdOde.exe
  2⤵
  PID:5224
- C:\Windows\System\CejsCOy.exe
  C:\Windows\System\CejsCOy.exe
  2⤵
  PID:5240
- C:\Windows\System\xtqXoYQ.exe
  C:\Windows\System\xtqXoYQ.exe
  2⤵
  PID:5256
- C:\Windows\System\MzrEXiZ.exe
  C:\Windows\System\MzrEXiZ.exe
  2⤵
  PID:5272
- C:\Windows\System\tQzEZDs.exe
  C:\Windows\System\tQzEZDs.exe
  2⤵
  PID:5296
- C:\Windows\System\hIvEAEs.exe
  C:\Windows\System\hIvEAEs.exe
  2⤵
  PID:5312
- C:\Windows\System\YcTcKGo.exe
  C:\Windows\System\YcTcKGo.exe
  2⤵
  PID:5340
- C:\Windows\System\GbIkgce.exe
  C:\Windows\System\GbIkgce.exe
  2⤵
  PID:5356
- C:\Windows\System\FFYvzIS.exe
  C:\Windows\System\FFYvzIS.exe
  2⤵
  PID:5372
- C:\Windows\System\jklniCu.exe
  C:\Windows\System\jklniCu.exe
  2⤵
  PID:5388
- C:\Windows\System\PPOAvlw.exe
  C:\Windows\System\PPOAvlw.exe
  2⤵
  PID:5404
- C:\Windows\System\jIBELAA.exe
  C:\Windows\System\jIBELAA.exe
  2⤵
  PID:5420
- C:\Windows\System\QWeBvMo.exe
  C:\Windows\System\QWeBvMo.exe
  2⤵
  PID:5436
- C:\Windows\System\bjmpqtN.exe
  C:\Windows\System\bjmpqtN.exe
  2⤵
  PID:5452
- C:\Windows\System\ZSqLqod.exe
  C:\Windows\System\ZSqLqod.exe
  2⤵
  PID:5468
- C:\Windows\System\tPWRaDV.exe
  C:\Windows\System\tPWRaDV.exe
  2⤵
  PID:5540
- C:\Windows\System\wbJLrXM.exe
  C:\Windows\System\wbJLrXM.exe
  2⤵
  PID:5560
- C:\Windows\System\GcQSSyH.exe
  C:\Windows\System\GcQSSyH.exe
  2⤵
  PID:5576
- C:\Windows\System\rdeNumG.exe
  C:\Windows\System\rdeNumG.exe
  2⤵
  PID:5592
- C:\Windows\System\gqdHNMZ.exe
  C:\Windows\System\gqdHNMZ.exe
  2⤵
  PID:5608
- C:\Windows\System\ZpJthbY.exe
  C:\Windows\System\ZpJthbY.exe
  2⤵
  PID:5688
- C:\Windows\System\nOmIoTr.exe
  C:\Windows\System\nOmIoTr.exe
  2⤵
  PID:5704
- C:\Windows\System\ywEvKuF.exe
  C:\Windows\System\ywEvKuF.exe
  2⤵
  PID:5720
- C:\Windows\System\YaWhgFb.exe
  C:\Windows\System\YaWhgFb.exe
  2⤵
  PID:5736
- C:\Windows\System\XGXfeKD.exe
  C:\Windows\System\XGXfeKD.exe
  2⤵
  PID:5840
- C:\Windows\System\bBeYWfa.exe
  C:\Windows\System\bBeYWfa.exe
  2⤵
  PID:5860
- C:\Windows\System\sSEGSYr.exe
  C:\Windows\System\sSEGSYr.exe
  2⤵
  PID:5944
- C:\Windows\System\PcineHo.exe
  C:\Windows\System\PcineHo.exe
  2⤵
  PID:5960
- C:\Windows\System\akIdDuz.exe
  C:\Windows\System\akIdDuz.exe
  2⤵
  PID:5976
- C:\Windows\System\SUUGqOH.exe
  C:\Windows\System\SUUGqOH.exe
  2⤵
  PID:5992
- C:\Windows\System\IuPfXTF.exe
  C:\Windows\System\IuPfXTF.exe
  2⤵
  PID:6084
- C:\Windows\System\rqZUOoz.exe
  C:\Windows\System\rqZUOoz.exe
  2⤵
  PID:6100
- C:\Windows\System\LneGgJo.exe
  C:\Windows\System\LneGgJo.exe
  2⤵
  PID:4176
- C:\Windows\System\TWrFKmz.exe
  C:\Windows\System\TWrFKmz.exe
  2⤵
  PID:3460
- C:\Windows\System\qGomzLK.exe
  C:\Windows\System\qGomzLK.exe
  2⤵
  PID:2240
- C:\Windows\System\BAmZxcx.exe
  C:\Windows\System\BAmZxcx.exe
  2⤵
  PID:5216
- C:\Windows\System\zYrJUCT.exe
  C:\Windows\System\zYrJUCT.exe
  2⤵
  PID:5124
- C:\Windows\System\WMFiaXM.exe
  C:\Windows\System\WMFiaXM.exe
  2⤵
  PID:1620
- C:\Windows\System\bEsJnSi.exe
  C:\Windows\System\bEsJnSi.exe
  2⤵
  PID:3900
- C:\Windows\System\VJdiJWV.exe
  C:\Windows\System\VJdiJWV.exe
  2⤵
  PID:436
- C:\Windows\System\KgrOUdi.exe
  C:\Windows\System\KgrOUdi.exe
  2⤵
  PID:4296
- C:\Windows\System\DmPDxEn.exe
  C:\Windows\System\DmPDxEn.exe
  2⤵
  PID:5252
- C:\Windows\System\JChTDWA.exe
  C:\Windows\System\JChTDWA.exe
  2⤵
  PID:5332
- C:\Windows\System\qvqjRmg.exe
  C:\Windows\System\qvqjRmg.exe
  2⤵
  PID:5384
- C:\Windows\System\atefruR.exe
  C:\Windows\System\atefruR.exe
  2⤵
  PID:5644
- C:\Windows\System\kKTZhyW.exe
  C:\Windows\System\kKTZhyW.exe
  2⤵
  PID:5680
- C:\Windows\System\mjYnXYK.exe
  C:\Windows\System\mjYnXYK.exe
  2⤵
  PID:5752
- C:\Windows\System\ALhpaOP.exe
  C:\Windows\System\ALhpaOP.exe
  2⤵
  PID:5792
- C:\Windows\System\vHOXPiB.exe
  C:\Windows\System\vHOXPiB.exe
  2⤵
  PID:5904
- C:\Windows\System\qnEVKYy.exe
  C:\Windows\System\qnEVKYy.exe
  2⤵
  PID:5940
- C:\Windows\System\tjRiCOf.exe
  C:\Windows\System\tjRiCOf.exe
  2⤵
  PID:5972
- C:\Windows\System\suRGzsI.exe
  C:\Windows\System\suRGzsI.exe
  2⤵
  PID:6056
- C:\Windows\System\XKAwxeE.exe
  C:\Windows\System\XKAwxeE.exe
  2⤵
  PID:6092
- C:\Windows\System\uZqjoMv.exe
  C:\Windows\System\uZqjoMv.exe
  2⤵
  PID:5012
- C:\Windows\System\WUBLUSE.exe
  C:\Windows\System\WUBLUSE.exe
  2⤵
  PID:1368
- C:\Windows\System\iIiMgdD.exe
  C:\Windows\System\iIiMgdD.exe
  2⤵
  PID:5196
- C:\Windows\System\dBplQiw.exe
  C:\Windows\System\dBplQiw.exe
  2⤵
  PID:4612
- C:\Windows\System\scOJVnQ.exe
  C:\Windows\System\scOJVnQ.exe
  2⤵
  PID:3076
- C:\Windows\System\wxaDwBc.exe
  C:\Windows\System\wxaDwBc.exe
  2⤵
  PID:5364
- C:\Windows\System\RscWwiI.exe
  C:\Windows\System\RscWwiI.exe
  2⤵
  PID:5532
- C:\Windows\System\wXMUHop.exe
  C:\Windows\System\wXMUHop.exe
  2⤵
  PID:5664
- C:\Windows\System\sIesHcb.exe
  C:\Windows\System\sIesHcb.exe
  2⤵
  PID:3692
- C:\Windows\System\WpTlZsf.exe
  C:\Windows\System\WpTlZsf.exe
  2⤵
  PID:5868
- C:\Windows\System\DmhlgdQ.exe
  C:\Windows\System\DmhlgdQ.exe
  2⤵
  PID:6000
- C:\Windows\System\yYtCRER.exe
  C:\Windows\System\yYtCRER.exe
  2⤵
  PID:6076
- C:\Windows\System\BGwIRRw.exe
  C:\Windows\System\BGwIRRw.exe
  2⤵
  PID:1412
- C:\Windows\System\MsLobTc.exe
  C:\Windows\System\MsLobTc.exe
  2⤵
  PID:5148
- C:\Windows\System\hXkuuzI.exe
  C:\Windows\System\hXkuuzI.exe
  2⤵
  PID:6160
- C:\Windows\System\FkqEcUx.exe
  C:\Windows\System\FkqEcUx.exe
  2⤵
  PID:6176
- C:\Windows\System\UydojOb.exe
  C:\Windows\System\UydojOb.exe
  2⤵
  PID:6192
- C:\Windows\System\LYzkpdK.exe
  C:\Windows\System\LYzkpdK.exe
  2⤵
  PID:6224
- C:\Windows\System\HehruZO.exe
  C:\Windows\System\HehruZO.exe
  2⤵
  PID:6244
- C:\Windows\System\fINlEaV.exe
  C:\Windows\System\fINlEaV.exe
  2⤵
  PID:6280
- C:\Windows\System\gSEYwJI.exe
  C:\Windows\System\gSEYwJI.exe
  2⤵
  PID:6296
- C:\Windows\System\qJAEnTE.exe
  C:\Windows\System\qJAEnTE.exe
  2⤵
  PID:6312
- C:\Windows\System\BmukjGF.exe
  C:\Windows\System\BmukjGF.exe
  2⤵
  PID:6360
- C:\Windows\System\dujosQi.exe
  C:\Windows\System\dujosQi.exe
  2⤵
  PID:6476
- C:\Windows\System\WBxRhYE.exe
  C:\Windows\System\WBxRhYE.exe
  2⤵
  PID:6496
- C:\Windows\System\MPNRSpU.exe
  C:\Windows\System\MPNRSpU.exe
  2⤵
  PID:6512
- C:\Windows\System\vHQEvAc.exe
  C:\Windows\System\vHQEvAc.exe
  2⤵
  PID:6620
- C:\Windows\System\DdLklWi.exe
  C:\Windows\System\DdLklWi.exe
  2⤵
  PID:6636
- C:\Windows\System\tnYjSWQ.exe
  C:\Windows\System\tnYjSWQ.exe
  2⤵
  PID:6652
- C:\Windows\System\CEOsRUq.exe
  C:\Windows\System\CEOsRUq.exe
  2⤵
  PID:6716
- C:\Windows\System\GJlOyCD.exe
  C:\Windows\System\GJlOyCD.exe
  2⤵
  PID:6732
- C:\Windows\System\WyIAaXp.exe
  C:\Windows\System\WyIAaXp.exe
  2⤵
  PID:6768
- C:\Windows\System\QNAMdlW.exe
  C:\Windows\System\QNAMdlW.exe
  2⤵
  PID:6904
- C:\Windows\System\pWYTvPL.exe
  C:\Windows\System\pWYTvPL.exe
  2⤵
  PID:6964
- C:\Windows\System\VWmOmpz.exe
  C:\Windows\System\VWmOmpz.exe
  2⤵
  PID:7000
- C:\Windows\System\xIQhkRa.exe
  C:\Windows\System\xIQhkRa.exe
  2⤵
  PID:7028
- C:\Windows\System\YUbKQms.exe
  C:\Windows\System\YUbKQms.exe
  2⤵
  PID:7056
- C:\Windows\System\eztnpfK.exe
  C:\Windows\System\eztnpfK.exe
  2⤵
  PID:7092
- C:\Windows\System\eBsRFby.exe
  C:\Windows\System\eBsRFby.exe
  2⤵
  PID:7112
- C:\Windows\System\xCWkOru.exe
  C:\Windows\System\xCWkOru.exe
  2⤵
  PID:7144
- C:\Windows\System\tvaUqcy.exe
  C:\Windows\System\tvaUqcy.exe
  2⤵
  PID:4312
- C:\Windows\System\yNkpOsX.exe
  C:\Windows\System\yNkpOsX.exe
  2⤵
  PID:5628
- C:\Windows\System\OUSfssD.exe
  C:\Windows\System\OUSfssD.exe
  2⤵
  PID:5928
- C:\Windows\System\EsNVNjo.exe
  C:\Windows\System\EsNVNjo.exe
  2⤵
  PID:1108
- C:\Windows\System\MjZBFGz.exe
  C:\Windows\System\MjZBFGz.exe
  2⤵
  PID:6184
- C:\Windows\System\rEaKMWI.exe
  C:\Windows\System\rEaKMWI.exe
  2⤵
  PID:5080
- C:\Windows\System\JQADEqm.exe
  C:\Windows\System\JQADEqm.exe
  2⤵
  PID:6392
- C:\Windows\System\WscZlAT.exe
  C:\Windows\System\WscZlAT.exe
  2⤵
  PID:6332
- C:\Windows\System\ZGhqXHb.exe
  C:\Windows\System\ZGhqXHb.exe
  2⤵
  PID:6368
- C:\Windows\System\tfawGTe.exe
  C:\Windows\System\tfawGTe.exe
  2⤵
  PID:6448
- C:\Windows\System\ZSuppuG.exe
  C:\Windows\System\ZSuppuG.exe
  2⤵
  PID:6536
- C:\Windows\System\DWJckPb.exe
  C:\Windows\System\DWJckPb.exe
  2⤵
  PID:6628
- C:\Windows\System\NNEzoGx.exe
  C:\Windows\System\NNEzoGx.exe
  2⤵
  PID:6696
- C:\Windows\System\MNWbLaI.exe
  C:\Windows\System\MNWbLaI.exe
  2⤵
  PID:6764
- C:\Windows\System\xruWrvO.exe
  C:\Windows\System\xruWrvO.exe
  2⤵
  PID:4032
- C:\Windows\System\ZgckPqg.exe
  C:\Windows\System\ZgckPqg.exe
  2⤵
  PID:3668
- C:\Windows\System\VffUfoq.exe
  C:\Windows\System\VffUfoq.exe
  2⤵
  PID:3872
- C:\Windows\System\tOqLZny.exe
  C:\Windows\System\tOqLZny.exe
  2⤵
  PID:3376
- C:\Windows\System\VjpxcxC.exe
  C:\Windows\System\VjpxcxC.exe
  2⤵
  PID:1376
- C:\Windows\System\gREqkwg.exe
  C:\Windows\System\gREqkwg.exe
  2⤵
  PID:3960
- C:\Windows\System\UOieyBK.exe
  C:\Windows\System\UOieyBK.exe
  2⤵
  PID:3152
- C:\Windows\System\yEJwMDg.exe
  C:\Windows\System\yEJwMDg.exe
  2⤵
  PID:2968
- C:\Windows\System\thudLvs.exe
  C:\Windows\System\thudLvs.exe
  2⤵
  PID:916
- C:\Windows\System\UEtEzUc.exe
  C:\Windows\System\UEtEzUc.exe
  2⤵
  PID:6884
- C:\Windows\System\ihaPGYe.exe
  C:\Windows\System\ihaPGYe.exe
  2⤵
  PID:6924
- C:\Windows\System\wOaTBol.exe
  C:\Windows\System\wOaTBol.exe
  2⤵
  PID:6996
- C:\Windows\System\Kueghgc.exe
  C:\Windows\System\Kueghgc.exe
  2⤵
  PID:7024
- C:\Windows\System\qOHcxPB.exe
  C:\Windows\System\qOHcxPB.exe
  2⤵
  PID:7068
- C:\Windows\System\SxuNlxV.exe
  C:\Windows\System\SxuNlxV.exe
  2⤵
  PID:7100
- C:\Windows\System\yzNlcOW.exe
  C:\Windows\System\yzNlcOW.exe
  2⤵
  PID:4768
- C:\Windows\System\yPZjRMD.exe
  C:\Windows\System\yPZjRMD.exe
  2⤵
  PID:7156
- C:\Windows\System\lQHORIO.exe
  C:\Windows\System\lQHORIO.exe
  2⤵
  PID:4968
- C:\Windows\System\VRMhZZv.exe
  C:\Windows\System\VRMhZZv.exe
  2⤵
  PID:4156
- C:\Windows\System\IxgNakq.exe
  C:\Windows\System\IxgNakq.exe
  2⤵
  PID:6072
- C:\Windows\System\WoRtvgY.exe
  C:\Windows\System\WoRtvgY.exe
  2⤵
  PID:6216
- C:\Windows\System\oajLTtZ.exe
  C:\Windows\System\oajLTtZ.exe
  2⤵
  PID:6356
- C:\Windows\System\JaOocly.exe
  C:\Windows\System\JaOocly.exe
  2⤵
  PID:6572
- C:\Windows\System\qckXLtU.exe
  C:\Windows\System\qckXLtU.exe
  2⤵
  PID:6728
- C:\Windows\System\AfnImGL.exe
  C:\Windows\System\AfnImGL.exe
  2⤵
  PID:1280
- C:\Windows\System\MVtNGbI.exe
  C:\Windows\System\MVtNGbI.exe
  2⤵
  PID:2340
- C:\Windows\System\QgjhMMV.exe
  C:\Windows\System\QgjhMMV.exe
  2⤵
  PID:2140
- C:\Windows\System\rqdnlOI.exe
  C:\Windows\System\rqdnlOI.exe
  2⤵
  PID:2580
- C:\Windows\System\leeYElV.exe
  C:\Windows\System\leeYElV.exe
  2⤵
  PID:6880
- C:\Windows\System\qOwXQxE.exe
  C:\Windows\System\qOwXQxE.exe
  2⤵
  PID:6992
- C:\Windows\System\aKFShxv.exe
  C:\Windows\System\aKFShxv.exe
  2⤵
  PID:7104
- C:\Windows\System\hwwtYHE.exe
  C:\Windows\System\hwwtYHE.exe
  2⤵
  PID:5832
- C:\Windows\System\RCyNUdH.exe
  C:\Windows\System\RCyNUdH.exe
  2⤵
  PID:6168
- C:\Windows\System\SDlxPTi.exe
  C:\Windows\System\SDlxPTi.exe
  2⤵
  PID:5460
- C:\Windows\System\ZhYDOtp.exe
  C:\Windows\System\ZhYDOtp.exe
  2⤵
  PID:2100
- C:\Windows\System\zfbDtTE.exe
  C:\Windows\System\zfbDtTE.exe
  2⤵
  PID:3820
- C:\Windows\System\IcuNGQj.exe
  C:\Windows\System\IcuNGQj.exe
  2⤵
  PID:7076
- C:\Windows\System\chYRjHp.exe
  C:\Windows\System\chYRjHp.exe
  2⤵
  PID:6724
- C:\Windows\System\auqkqIH.exe
  C:\Windows\System\auqkqIH.exe
  2⤵
  PID:3248
- C:\Windows\System\EsbSOht.exe
  C:\Windows\System\EsbSOht.exe
  2⤵
  PID:5508
- C:\Windows\System\xYgKiqn.exe
  C:\Windows\System\xYgKiqn.exe
  2⤵
  PID:1244
- C:\Windows\System\vYvlFKh.exe
  C:\Windows\System\vYvlFKh.exe
  2⤵
  PID:1100
- C:\Windows\System\IFexHaR.exe
  C:\Windows\System\IFexHaR.exe
  2⤵
  PID:1480
- C:\Windows\System\uHmTnRS.exe
  C:\Windows\System\uHmTnRS.exe
  2⤵
  PID:4060
- C:\Windows\System\XXeCJrK.exe
  C:\Windows\System\XXeCJrK.exe
  2⤵
  PID:4284
- C:\Windows\System\IpmEJaB.exe
  C:\Windows\System\IpmEJaB.exe
  2⤵
  PID:1592
- C:\Windows\System\KaTfZnt.exe
  C:\Windows\System\KaTfZnt.exe
  2⤵
  PID:7180
- C:\Windows\System\cKKmRiE.exe
  C:\Windows\System\cKKmRiE.exe
  2⤵
  PID:7208
- C:\Windows\System\EyYkHdl.exe
  C:\Windows\System\EyYkHdl.exe
  2⤵
  PID:7236
- C:\Windows\System\gxuNbfY.exe
  C:\Windows\System\gxuNbfY.exe
  2⤵
  PID:7264
- C:\Windows\System\wHBgXcL.exe
  C:\Windows\System\wHBgXcL.exe
  2⤵
  PID:7292
- C:\Windows\System\hCRMRbC.exe
  C:\Windows\System\hCRMRbC.exe
  2⤵
  PID:7324
- C:\Windows\System\IehwlAX.exe
  C:\Windows\System\IehwlAX.exe
  2⤵
  PID:7352
- C:\Windows\System\KETdZyw.exe
  C:\Windows\System\KETdZyw.exe
  2⤵
  PID:7372
- C:\Windows\System\nyJlwej.exe
  C:\Windows\System\nyJlwej.exe
  2⤵
  PID:7404
- C:\Windows\System\vKfIoEc.exe
  C:\Windows\System\vKfIoEc.exe
  2⤵
  PID:7436
- C:\Windows\System\vURuHlP.exe
  C:\Windows\System\vURuHlP.exe
  2⤵
  PID:7468
- C:\Windows\System\CGisXxp.exe
  C:\Windows\System\CGisXxp.exe
  2⤵
  PID:7496
- C:\Windows\System\wNyJgOA.exe
  C:\Windows\System\wNyJgOA.exe
  2⤵
  PID:7528
- C:\Windows\System\gdasSUb.exe
  C:\Windows\System\gdasSUb.exe
  2⤵
  PID:7572
- C:\Windows\System\oKHVXar.exe
  C:\Windows\System\oKHVXar.exe
  2⤵
  PID:7600
- C:\Windows\System\NIySYTN.exe
  C:\Windows\System\NIySYTN.exe
  2⤵
  PID:7628
- C:\Windows\System\YrZqIUI.exe
  C:\Windows\System\YrZqIUI.exe
  2⤵
  PID:7648
- C:\Windows\System\GFwuxwT.exe
  C:\Windows\System\GFwuxwT.exe
  2⤵
  PID:7684
- C:\Windows\System\JRKRyQI.exe
  C:\Windows\System\JRKRyQI.exe
  2⤵
  PID:7712
- C:\Windows\System\gLfIlYZ.exe
  C:\Windows\System\gLfIlYZ.exe
  2⤵
  PID:7780
- C:\Windows\System\mhmdDqd.exe
  C:\Windows\System\mhmdDqd.exe
  2⤵
  PID:7812
- C:\Windows\System\qrjnyzG.exe
  C:\Windows\System\qrjnyzG.exe
  2⤵
  PID:7840
- C:\Windows\System\GdevQaM.exe
  C:\Windows\System\GdevQaM.exe
  2⤵
  PID:7872
- C:\Windows\System\tHUNsgv.exe
  C:\Windows\System\tHUNsgv.exe
  2⤵
  PID:7896
- C:\Windows\System\zsuHpDP.exe
  C:\Windows\System\zsuHpDP.exe
  2⤵
  PID:7924
- C:\Windows\System\CDWZIEE.exe
  C:\Windows\System\CDWZIEE.exe
  2⤵
  PID:7952
- C:\Windows\System\LDrVLDa.exe
  C:\Windows\System\LDrVLDa.exe
  2⤵
  PID:7984
- C:\Windows\System\cqDiCBg.exe
  C:\Windows\System\cqDiCBg.exe
  2⤵
  PID:8016
- C:\Windows\System\aVeCpDv.exe
  C:\Windows\System\aVeCpDv.exe
  2⤵
  PID:8048
- C:\Windows\System\rypoJHS.exe
  C:\Windows\System\rypoJHS.exe
  2⤵
  PID:8076
- C:\Windows\System\xRyHLmY.exe
  C:\Windows\System\xRyHLmY.exe
  2⤵
  PID:8112
- C:\Windows\System\IbDrGsz.exe
  C:\Windows\System\IbDrGsz.exe
  2⤵
  PID:8140
- C:\Windows\System\xxNpckL.exe
  C:\Windows\System\xxNpckL.exe
  2⤵
  PID:7204
- C:\Windows\System\QnpJJiX.exe
  C:\Windows\System\QnpJJiX.exe
  2⤵
  PID:7420
- C:\Windows\System\YRJUVgq.exe
  C:\Windows\System\YRJUVgq.exe
  2⤵
  PID:7488
- C:\Windows\System\deDeNTp.exe
  C:\Windows\System\deDeNTp.exe
  2⤵
  PID:7552
- C:\Windows\System\aXDlRFx.exe
  C:\Windows\System\aXDlRFx.exe
  2⤵
  PID:7640
- C:\Windows\System\IIgtbZp.exe
  C:\Windows\System\IIgtbZp.exe
  2⤵
  PID:7824
- C:\Windows\System\XPGHctD.exe
  C:\Windows\System\XPGHctD.exe
  2⤵
  PID:7892
- C:\Windows\System\zIQBVmi.exe
  C:\Windows\System\zIQBVmi.exe
  2⤵
  PID:7976
- C:\Windows\System\TdcIyOZ.exe
  C:\Windows\System\TdcIyOZ.exe
  2⤵
  PID:8096
- C:\Windows\System\hZnUFqB.exe
  C:\Windows\System\hZnUFqB.exe
  2⤵
  PID:8136
- C:\Windows\System\BaxbRRK.exe
  C:\Windows\System\BaxbRRK.exe
  2⤵
  PID:7400
- C:\Windows\System\PPJRFWC.exe
  C:\Windows\System\PPJRFWC.exe
  2⤵
  PID:7620
- C:\Windows\System\foSJXdZ.exe
  C:\Windows\System\foSJXdZ.exe
  2⤵
  PID:7776
- C:\Windows\System\yfvKoZP.exe
  C:\Windows\System\yfvKoZP.exe
  2⤵
  PID:7964
- C:\Windows\System\aQjrNIT.exe
  C:\Windows\System\aQjrNIT.exe
  2⤵
  PID:7860
- C:\Windows\System\rPyNAic.exe
  C:\Windows\System\rPyNAic.exe
  2⤵
  PID:7172
- C:\Windows\System\zuYIreK.exe
  C:\Windows\System\zuYIreK.exe
  2⤵
  PID:8212
- C:\Windows\System\TBMNqHt.exe
  C:\Windows\System\TBMNqHt.exe
  2⤵
  PID:8244
- C:\Windows\System\CGVaIJe.exe
  C:\Windows\System\CGVaIJe.exe
  2⤵
  PID:8280
- C:\Windows\System\ThscbtF.exe
  C:\Windows\System\ThscbtF.exe
  2⤵
  PID:8300
- C:\Windows\System\wiVzNil.exe
  C:\Windows\System\wiVzNil.exe
  2⤵
  PID:8328
- C:\Windows\System\JiXJseI.exe
  C:\Windows\System\JiXJseI.exe
  2⤵
  PID:8356
- C:\Windows\System\IXhcSjU.exe
  C:\Windows\System\IXhcSjU.exe
  2⤵
  PID:8380
- C:\Windows\System\XgPaNxZ.exe
  C:\Windows\System\XgPaNxZ.exe
  2⤵
  PID:8412
- C:\Windows\System\YUHdhGq.exe
  C:\Windows\System\YUHdhGq.exe
  2⤵
  PID:8440
- C:\Windows\System\mSgtBpK.exe
  C:\Windows\System\mSgtBpK.exe
  2⤵
  PID:8484
- C:\Windows\System\qKyxqbv.exe
  C:\Windows\System\qKyxqbv.exe
  2⤵
  PID:8500
- C:\Windows\System\DjHsKYk.exe
  C:\Windows\System\DjHsKYk.exe
  2⤵
  PID:8528
- C:\Windows\System\cylFrXu.exe
  C:\Windows\System\cylFrXu.exe
  2⤵
  PID:8556
- C:\Windows\System\kLrEjNV.exe
  C:\Windows\System\kLrEjNV.exe
  2⤵
  PID:8584
- C:\Windows\System\MVrMKpD.exe
  C:\Windows\System\MVrMKpD.exe
  2⤵
  PID:8612
- C:\Windows\System\hJUnhAR.exe
  C:\Windows\System\hJUnhAR.exe
  2⤵
  PID:8632
- C:\Windows\System\uYJVaME.exe
  C:\Windows\System\uYJVaME.exe
  2⤵
  PID:8672
- C:\Windows\System\RyEIHUo.exe
  C:\Windows\System\RyEIHUo.exe
  2⤵
  PID:8688
- C:\Windows\System\nBzziPB.exe
  C:\Windows\System\nBzziPB.exe
  2⤵
  PID:8728
- C:\Windows\System\GWyBiuR.exe
  C:\Windows\System\GWyBiuR.exe
  2⤵
  PID:8756
- C:\Windows\System\WAkjaIG.exe
  C:\Windows\System\WAkjaIG.exe
  2⤵
  PID:8784
- C:\Windows\System\KXEyoaS.exe
  C:\Windows\System\KXEyoaS.exe
  2⤵
  PID:8816
- C:\Windows\System\dOESqbg.exe
  C:\Windows\System\dOESqbg.exe
  2⤵
  PID:8844
- C:\Windows\System\WnvEJml.exe
  C:\Windows\System\WnvEJml.exe
  2⤵
  PID:8880
- C:\Windows\System\wZwJCMg.exe
  C:\Windows\System\wZwJCMg.exe
  2⤵
  PID:8916
- C:\Windows\System\XGOgRAT.exe
  C:\Windows\System\XGOgRAT.exe
  2⤵
  PID:8944
- C:\Windows\System\iywUaZV.exe
  C:\Windows\System\iywUaZV.exe
  2⤵
  PID:8972
- C:\Windows\System\BocQHdb.exe
  C:\Windows\System\BocQHdb.exe
  2⤵
  PID:9000
- C:\Windows\System\LWDWsMU.exe
  C:\Windows\System\LWDWsMU.exe
  2⤵
  PID:9028
- C:\Windows\System\ZqYvgfY.exe
  C:\Windows\System\ZqYvgfY.exe
  2⤵
  PID:9056
- C:\Windows\System\HaerSQa.exe
  C:\Windows\System\HaerSQa.exe
  2⤵
  PID:9088
- C:\Windows\System\MpBAbtv.exe
  C:\Windows\System\MpBAbtv.exe
  2⤵
  PID:9116
- C:\Windows\System\xYXynsQ.exe
  C:\Windows\System\xYXynsQ.exe
  2⤵
  PID:9144
- C:\Windows\System\kuGyYZA.exe
  C:\Windows\System\kuGyYZA.exe
  2⤵
  PID:9180
- C:\Windows\System\ITDXQjv.exe
  C:\Windows\System\ITDXQjv.exe
  2⤵
  PID:9208
- C:\Windows\System\iYeHIui.exe
  C:\Windows\System\iYeHIui.exe
  2⤵
  PID:8224
- C:\Windows\System\bUDIEWK.exe
  C:\Windows\System\bUDIEWK.exe
  2⤵
  PID:8312
- C:\Windows\System\wUHzytr.exe
  C:\Windows\System\wUHzytr.exe
  2⤵
  PID:8368
- C:\Windows\System\mUcEhTk.exe
  C:\Windows\System\mUcEhTk.exe
  2⤵
  PID:8436
- C:\Windows\System\dYaEQEX.exe
  C:\Windows\System\dYaEQEX.exe
  2⤵
  PID:8512
- C:\Windows\System\MFwoVGQ.exe
  C:\Windows\System\MFwoVGQ.exe
  2⤵
  PID:8576
- C:\Windows\System\KncDpDz.exe
  C:\Windows\System\KncDpDz.exe
  2⤵
  PID:8640
- C:\Windows\System\LkOMPls.exe
  C:\Windows\System\LkOMPls.exe
  2⤵
  PID:8712
- C:\Windows\System\gipOTpR.exe
  C:\Windows\System\gipOTpR.exe
  2⤵
  PID:8748
- C:\Windows\System\RroCets.exe
  C:\Windows\System\RroCets.exe
  2⤵
  PID:8772
- C:\Windows\System\MiYMhXH.exe
  C:\Windows\System\MiYMhXH.exe
  2⤵
  PID:8828
- C:\Windows\System\fCcAbwj.exe
  C:\Windows\System\fCcAbwj.exe
  2⤵
  PID:8876
- C:\Windows\System\kSeyaWV.exe
  C:\Windows\System\kSeyaWV.exe
  2⤵
  PID:8956
- C:\Windows\System\BUbpHoW.exe
  C:\Windows\System\BUbpHoW.exe
  2⤵
  PID:9040
- C:\Windows\System\pLJboiv.exe
  C:\Windows\System\pLJboiv.exe
  2⤵
  PID:9196
- C:\Windows\System\ceXBBBu.exe
  C:\Windows\System\ceXBBBu.exe
  2⤵
  PID:8344
- C:\Windows\System\WtPxHqX.exe
  C:\Windows\System\WtPxHqX.exe
  2⤵
  PID:8464
- C:\Windows\System\STruzUW.exe
  C:\Windows\System\STruzUW.exe
  2⤵
  PID:8628
- C:\Windows\System\GTiVYuJ.exe
  C:\Windows\System\GTiVYuJ.exe
  2⤵
  PID:7276
- C:\Windows\System\JfUbbto.exe
  C:\Windows\System\JfUbbto.exe
  2⤵
  PID:8840
- C:\Windows\System\UELOXlb.exe
  C:\Windows\System\UELOXlb.exe
  2⤵
  PID:9020
- C:\Windows\System\mXwQUwZ.exe
  C:\Windows\System\mXwQUwZ.exe
  2⤵
  PID:8680
- C:\Windows\System\uctUBSy.exe
  C:\Windows\System\uctUBSy.exe
  2⤵
  PID:8932
- C:\Windows\System\fwayHir.exe
  C:\Windows\System\fwayHir.exe
  2⤵
  PID:4012
- C:\Windows\System\CmCWpDn.exe
  C:\Windows\System\CmCWpDn.exe
  2⤵
  PID:2440
- C:\Windows\System\xBhYTdQ.exe
  C:\Windows\System\xBhYTdQ.exe
  2⤵
  PID:9232
- C:\Windows\System\tcnynEz.exe
  C:\Windows\System\tcnynEz.exe
  2⤵
  PID:9260
- C:\Windows\System\SXmZLav.exe
  C:\Windows\System\SXmZLav.exe
  2⤵
  PID:9288
- C:\Windows\System\pcvHDft.exe
  C:\Windows\System\pcvHDft.exe
  2⤵
  PID:9316
- C:\Windows\System\QZGCrIS.exe
  C:\Windows\System\QZGCrIS.exe
  2⤵
  PID:9344
- C:\Windows\System\xTknKqC.exe
  C:\Windows\System\xTknKqC.exe
  2⤵
  PID:9376
- C:\Windows\System\RqWqsah.exe
  C:\Windows\System\RqWqsah.exe
  2⤵
  PID:9420
- C:\Windows\System\rJwBCSn.exe
  C:\Windows\System\rJwBCSn.exe
  2⤵
  PID:9444
- C:\Windows\System\uoxldCg.exe
  C:\Windows\System\uoxldCg.exe
  2⤵
  PID:9468
- C:\Windows\System\AkSviyp.exe
  C:\Windows\System\AkSviyp.exe
  2⤵
  PID:9496
- C:\Windows\System\xytSQBM.exe
  C:\Windows\System\xytSQBM.exe
  2⤵
  PID:9528
- C:\Windows\System\DLJzrcZ.exe
  C:\Windows\System\DLJzrcZ.exe
  2⤵
  PID:9556
- C:\Windows\System\UBzKAWK.exe
  C:\Windows\System\UBzKAWK.exe
  2⤵
  PID:9588
- C:\Windows\System\owCrhMH.exe
  C:\Windows\System\owCrhMH.exe
  2⤵
  PID:9620
- C:\Windows\System\RmeVWRL.exe
  C:\Windows\System\RmeVWRL.exe
  2⤵
  PID:9652
- C:\Windows\System\rDIdYKJ.exe
  C:\Windows\System\rDIdYKJ.exe
  2⤵
  PID:9680
- C:\Windows\System\nsZelWR.exe
  C:\Windows\System\nsZelWR.exe
  2⤵
  PID:9708
- C:\Windows\System\EqXkzhZ.exe
  C:\Windows\System\EqXkzhZ.exe
  2⤵
  PID:9736
- C:\Windows\System\AkcYlOD.exe
  C:\Windows\System\AkcYlOD.exe
  2⤵
  PID:9764
- C:\Windows\System\IEwutzi.exe
  C:\Windows\System\IEwutzi.exe
  2⤵
  PID:9796
- C:\Windows\System\rQeTHqj.exe
  C:\Windows\System\rQeTHqj.exe
  2⤵
  PID:9828
- C:\Windows\System\SSLDXAA.exe
  C:\Windows\System\SSLDXAA.exe
  2⤵
  PID:9856
- C:\Windows\System\HwRevOR.exe
  C:\Windows\System\HwRevOR.exe
  2⤵
  PID:9884
- C:\Windows\System\IrGDnww.exe
  C:\Windows\System\IrGDnww.exe
  2⤵
  PID:9912
- C:\Windows\System\VyAjLLU.exe
  C:\Windows\System\VyAjLLU.exe
  2⤵
  PID:9940
- C:\Windows\System\cDSIzaq.exe
  C:\Windows\System\cDSIzaq.exe
  2⤵
  PID:9968
- C:\Windows\System\OLcvaBd.exe
  C:\Windows\System\OLcvaBd.exe
  2⤵
  PID:9996
- C:\Windows\System\YOxnQPD.exe
  C:\Windows\System\YOxnQPD.exe
  2⤵
  PID:10024
- C:\Windows\System\eihFALm.exe
  C:\Windows\System\eihFALm.exe
  2⤵
  PID:10052
- C:\Windows\System\jTdzbYl.exe
  C:\Windows\System\jTdzbYl.exe
  2⤵
  PID:10080
- C:\Windows\System\HISzADs.exe
  C:\Windows\System\HISzADs.exe
  2⤵
  PID:10108
- C:\Windows\System\svrHMYS.exe
  C:\Windows\System\svrHMYS.exe
  2⤵
  PID:10136
- C:\Windows\System\dXFlpiK.exe
  C:\Windows\System\dXFlpiK.exe
  2⤵
  PID:10164
- C:\Windows\System\DuqHnzv.exe
  C:\Windows\System\DuqHnzv.exe
  2⤵
  PID:10192
- C:\Windows\System\BrgMXyT.exe
  C:\Windows\System\BrgMXyT.exe
  2⤵
  PID:10236
- C:\Windows\System\ppHmOHm.exe
  C:\Windows\System\ppHmOHm.exe
  2⤵
  PID:9244
- C:\Windows\System\MYFKxJE.exe
  C:\Windows\System\MYFKxJE.exe
  2⤵
  PID:9304
- C:\Windows\System\yQVZJmQ.exe
  C:\Windows\System\yQVZJmQ.exe
  2⤵
  PID:9372
- C:\Windows\System\kTcqBif.exe
  C:\Windows\System\kTcqBif.exe
  2⤵
  PID:9404
- C:\Windows\System\cSabpfJ.exe
  C:\Windows\System\cSabpfJ.exe
  2⤵
  PID:9488
- C:\Windows\System\TtQFTWO.exe
  C:\Windows\System\TtQFTWO.exe
  2⤵
  PID:9552
- C:\Windows\System\kTNEjQM.exe
  C:\Windows\System\kTNEjQM.exe
  2⤵
  PID:9608
- C:\Windows\System\jYmyMTr.exe
  C:\Windows\System\jYmyMTr.exe
  2⤵
  PID:9164
- C:\Windows\System\KMEkXaU.exe
  C:\Windows\System\KMEkXaU.exe
  2⤵
  PID:9516
- C:\Windows\System\XOtxzCm.exe
  C:\Windows\System\XOtxzCm.exe
  2⤵
  PID:9732
- C:\Windows\System\JYCIAmN.exe
  C:\Windows\System\JYCIAmN.exe
  2⤵
  PID:9808
- C:\Windows\System\cgLQGXr.exe
  C:\Windows\System\cgLQGXr.exe
  2⤵
  PID:9876
- C:\Windows\System\DvkYycy.exe
  C:\Windows\System\DvkYycy.exe
  2⤵
  PID:2112
- C:\Windows\System\VySJkmf.exe
  C:\Windows\System\VySJkmf.exe
  2⤵
  PID:9964
- C:\Windows\System\vZtVdce.exe
  C:\Windows\System\vZtVdce.exe
  2⤵
  PID:10048
- C:\Windows\System\CPJfsMM.exe
  C:\Windows\System\CPJfsMM.exe
  2⤵
  PID:10160
- C:\Windows\System\StDtSmM.exe
  C:\Windows\System\StDtSmM.exe
  2⤵
  PID:9308
- C:\Windows\System\ruHNOFx.exe
  C:\Windows\System\ruHNOFx.exe
  2⤵
  PID:9480
- C:\Windows\System\lwmrMkC.exe
  C:\Windows\System\lwmrMkC.exe
  2⤵
  PID:9612
- C:\Windows\System\NrZOEbv.exe
  C:\Windows\System\NrZOEbv.exe
  2⤵
  PID:1944
- C:\Windows\System\VBIeeco.exe
  C:\Windows\System\VBIeeco.exe
  2⤵
  PID:10216
- C:\Windows\System\OQPqKfp.exe
  C:\Windows\System\OQPqKfp.exe
  2⤵
  PID:9540
- C:\Windows\System\pwLiQhl.exe
  C:\Windows\System\pwLiQhl.exe
  2⤵
  PID:10188
- C:\Windows\System\mputPNw.exe
  C:\Windows\System\mputPNw.exe
  2⤵
  PID:10264
- C:\Windows\System\egNTYVd.exe
  C:\Windows\System\egNTYVd.exe
  2⤵
  PID:10304
- C:\Windows\System\zpnQyYJ.exe
  C:\Windows\System\zpnQyYJ.exe
  2⤵
  PID:10332
- C:\Windows\System\YfZtPKJ.exe
  C:\Windows\System\YfZtPKJ.exe
  2⤵
  PID:10348
- C:\Windows\System\bhdwJEM.exe
  C:\Windows\System\bhdwJEM.exe
  2⤵
  PID:10388
- C:\Windows\System\ZSzessq.exe
  C:\Windows\System\ZSzessq.exe
  2⤵
  PID:10436
- C:\Windows\System\PwZcJXe.exe
  C:\Windows\System\PwZcJXe.exe
  2⤵
  PID:10464
- C:\Windows\System\yrZuNsX.exe
  C:\Windows\System\yrZuNsX.exe
  2⤵
  PID:10496
- C:\Windows\System\LfBYfLm.exe
  C:\Windows\System\LfBYfLm.exe
  2⤵
  PID:10540
- C:\Windows\System\ZPuRieC.exe
  C:\Windows\System\ZPuRieC.exe
  2⤵
  PID:10560
- C:\Windows\System\cTHcMTW.exe
  C:\Windows\System\cTHcMTW.exe
  2⤵
  PID:10576
- C:\Windows\System\vppnAEt.exe
  C:\Windows\System\vppnAEt.exe
  2⤵
  PID:10600
- C:\Windows\System\ugyjnEN.exe
  C:\Windows\System\ugyjnEN.exe
  2⤵
  PID:10640
- C:\Windows\System\GdoIRTv.exe
  C:\Windows\System\GdoIRTv.exe
  2⤵
  PID:10664
- C:\Windows\System\YvDRnZx.exe
  C:\Windows\System\YvDRnZx.exe
  2⤵
  PID:10688
- C:\Windows\System\ZxcmUfX.exe
  C:\Windows\System\ZxcmUfX.exe
  2⤵
  PID:10716
- C:\Windows\System\EnFlQDO.exe
  C:\Windows\System\EnFlQDO.exe
  2⤵
  PID:10748
- C:\Windows\System\JsKFgwq.exe
  C:\Windows\System\JsKFgwq.exe
  2⤵
  PID:10784
- C:\Windows\System\OJyUTqu.exe
  C:\Windows\System\OJyUTqu.exe
  2⤵
  PID:10824
- C:\Windows\System\dgIvSqZ.exe
  C:\Windows\System\dgIvSqZ.exe
  2⤵
  PID:10872
- C:\Windows\System\xCNZtEQ.exe
  C:\Windows\System\xCNZtEQ.exe
  2⤵
  PID:10916
- C:\Windows\System\SpaQbSJ.exe
  C:\Windows\System\SpaQbSJ.exe
  2⤵
  PID:10948
- C:\Windows\System\mcZqYhg.exe
  C:\Windows\System\mcZqYhg.exe
  2⤵
  PID:10976
- C:\Windows\System\eFdNifF.exe
  C:\Windows\System\eFdNifF.exe
  2⤵
  PID:11004
- C:\Windows\System\McjWNiB.exe
  C:\Windows\System\McjWNiB.exe
  2⤵
  PID:11044
- C:\Windows\System\xmrxJLb.exe
  C:\Windows\System\xmrxJLb.exe
  2⤵
  PID:11060
- C:\Windows\System\SohFPuO.exe
  C:\Windows\System\SohFPuO.exe
  2⤵
  PID:11088
- C:\Windows\System\ihqUIsx.exe
  C:\Windows\System\ihqUIsx.exe
  2⤵
  PID:11116
- C:\Windows\System\BKuhZPm.exe
  C:\Windows\System\BKuhZPm.exe
  2⤵
  PID:11144
- C:\Windows\System\CSUehZe.exe
  C:\Windows\System\CSUehZe.exe
  2⤵
  PID:11172
- C:\Windows\System\WBlyBRd.exe
  C:\Windows\System\WBlyBRd.exe
  2⤵
  PID:11200
- C:\Windows\System\YeaLlMb.exe
  C:\Windows\System\YeaLlMb.exe
  2⤵
  PID:11228
- C:\Windows\System\zhlPTqk.exe
  C:\Windows\System\zhlPTqk.exe
  2⤵
  PID:11256
- C:\Windows\System\rbjXnex.exe
  C:\Windows\System\rbjXnex.exe
  2⤵
  PID:10244
- C:\Windows\System\eHBFtbN.exe
  C:\Windows\System\eHBFtbN.exe
  2⤵
  PID:10320
- C:\Windows\System\mFlvLzR.exe
  C:\Windows\System\mFlvLzR.exe
  2⤵
  PID:10384
- C:\Windows\System\WUeqiZz.exe
  C:\Windows\System\WUeqiZz.exe
  2⤵
  PID:10476
- C:\Windows\System\mseszjB.exe
  C:\Windows\System\mseszjB.exe
  2⤵
  PID:10552
- C:\Windows\System\XmfbEyP.exe
  C:\Windows\System\XmfbEyP.exe
  2⤵
  PID:10588
- C:\Windows\System\bJmDlEN.exe
  C:\Windows\System\bJmDlEN.exe
  2⤵
  PID:10684
- C:\Windows\System\DBXueLL.exe
  C:\Windows\System\DBXueLL.exe
  2⤵
  PID:10736
- C:\Windows\System\EwzgFSR.exe
  C:\Windows\System\EwzgFSR.exe
  2⤵
  PID:10820
- C:\Windows\System\UgdqHDh.exe
  C:\Windows\System\UgdqHDh.exe
  2⤵
  PID:10928
- C:\Windows\System\jrliwWm.exe
  C:\Windows\System\jrliwWm.exe
  2⤵
  PID:8940
- C:\Windows\System\dzLSajv.exe
  C:\Windows\System\dzLSajv.exe
  2⤵
  PID:9364
- C:\Windows\System\uNmxjrW.exe
  C:\Windows\System\uNmxjrW.exe
  2⤵
  PID:10420
- C:\Windows\System\auuRcEA.exe
  C:\Windows\System\auuRcEA.exe
  2⤵
  PID:11016
- C:\Windows\System\yqCofcG.exe
  C:\Windows\System\yqCofcG.exe
  2⤵
  PID:9228
- C:\Windows\System\WCIbVCV.exe
  C:\Windows\System\WCIbVCV.exe
  2⤵
  PID:11108
- C:\Windows\System\Jrozasp.exe
  C:\Windows\System\Jrozasp.exe
  2⤵
  PID:11184
- C:\Windows\System\vVlOqzp.exe
  C:\Windows\System\vVlOqzp.exe
  2⤵
  PID:11248
- C:\Windows\System\sLJTUUR.exe
  C:\Windows\System\sLJTUUR.exe
  2⤵
  PID:10300
- C:\Windows\System\HwIMhbj.exe
  C:\Windows\System\HwIMhbj.exe
  2⤵
  PID:10456
- C:\Windows\System\HVshvut.exe
  C:\Windows\System\HVshvut.exe
  2⤵
  PID:10660
- C:\Windows\System\QCsKgeM.exe
  C:\Windows\System\QCsKgeM.exe
  2⤵
  PID:10796
- C:\Windows\System\kPYiQGU.exe
  C:\Windows\System\kPYiQGU.exe
  2⤵
  PID:8604
- C:\Windows\System\Uawsrcg.exe
  C:\Windows\System\Uawsrcg.exe
  2⤵
  PID:10416
- C:\Windows\System\BXDkSeo.exe
  C:\Windows\System\BXDkSeo.exe
  2⤵
  PID:11072
- C:\Windows\System\HDyxADZ.exe
  C:\Windows\System\HDyxADZ.exe
  2⤵
  PID:1284
- C:\Windows\System\unICypf.exe
  C:\Windows\System\unICypf.exe
  2⤵
  PID:10568
- C:\Windows\System\EScvoCE.exe
  C:\Windows\System\EScvoCE.exe
  2⤵
  PID:10904
- C:\Windows\System\ZOhJrcH.exe
  C:\Windows\System\ZOhJrcH.exe
  2⤵
  PID:1540
- C:\Windows\System\ZegErAM.exe
  C:\Windows\System\ZegErAM.exe
  2⤵
  PID:9584
- C:\Windows\System\ipvqoOr.exe
  C:\Windows\System\ipvqoOr.exe
  2⤵
  PID:10988
- C:\Windows\System\ubZtpMi.exe
  C:\Windows\System\ubZtpMi.exe
  2⤵
  PID:10936
- C:\Windows\System\DDeNBmP.exe
  C:\Windows\System\DDeNBmP.exe
  2⤵
  PID:11272
- C:\Windows\System\iZwprUO.exe
  C:\Windows\System\iZwprUO.exe
  2⤵
  PID:11300
- C:\Windows\System\JjBRZRu.exe
  C:\Windows\System\JjBRZRu.exe
  2⤵
  PID:11328
- C:\Windows\System\IFrPzXt.exe
  C:\Windows\System\IFrPzXt.exe
  2⤵
  PID:11368
- C:\Windows\System\DXtAEkE.exe
  C:\Windows\System\DXtAEkE.exe
  2⤵
  PID:11404
- C:\Windows\System\JbaOEKa.exe
  C:\Windows\System\JbaOEKa.exe
  2⤵
  PID:11448
- C:\Windows\System\BKyerWs.exe
  C:\Windows\System\BKyerWs.exe
  2⤵
  PID:11476
- C:\Windows\System\aPMuIQL.exe
  C:\Windows\System\aPMuIQL.exe
  2⤵
  PID:11504
- C:\Windows\System\LqHPMiA.exe
  C:\Windows\System\LqHPMiA.exe
  2⤵
  PID:11532
- C:\Windows\System\pkPeUMH.exe
  C:\Windows\System\pkPeUMH.exe
  2⤵
  PID:11564
- C:\Windows\System\oNvpbGr.exe
  C:\Windows\System\oNvpbGr.exe
  2⤵
  PID:11588
- C:\Windows\System\RxkZafN.exe
  C:\Windows\System\RxkZafN.exe
  2⤵
  PID:11616
- C:\Windows\System\KjoCDaW.exe
  C:\Windows\System\KjoCDaW.exe
  2⤵
  PID:11644
- C:\Windows\System\Zbpwart.exe
  C:\Windows\System\Zbpwart.exe
  2⤵
  PID:11660
- C:\Windows\System\PKEsKVt.exe
  C:\Windows\System\PKEsKVt.exe
  2⤵
  PID:11676
- C:\Windows\System\EZWLpDr.exe
  C:\Windows\System\EZWLpDr.exe
  2⤵
  PID:11692
- C:\Windows\System\NtZStmo.exe
  C:\Windows\System\NtZStmo.exe
  2⤵
  PID:11732
- C:\Windows\System\VEHxtsf.exe
  C:\Windows\System\VEHxtsf.exe
  2⤵
  PID:11760
- C:\Windows\System\ihwZufb.exe
  C:\Windows\System\ihwZufb.exe
  2⤵
  PID:11812
- C:\Windows\System\LZPBvgS.exe
  C:\Windows\System\LZPBvgS.exe
  2⤵
  PID:11840
- C:\Windows\System\dTIupqv.exe
  C:\Windows\System\dTIupqv.exe
  2⤵
  PID:11868
- C:\Windows\System\JYqgJDZ.exe
  C:\Windows\System\JYqgJDZ.exe
  2⤵
  PID:11896
- C:\Windows\System\peayZef.exe
  C:\Windows\System\peayZef.exe
  2⤵
  PID:11932
- C:\Windows\System\MJBWqNT.exe
  C:\Windows\System\MJBWqNT.exe
  2⤵
  PID:11960
- C:\Windows\System\XrYplEV.exe
  C:\Windows\System\XrYplEV.exe
  2⤵
  PID:11992
- C:\Windows\System\GrcPvHj.exe
  C:\Windows\System\GrcPvHj.exe
  2⤵
  PID:12020
- C:\Windows\System\XcCwzHq.exe
  C:\Windows\System\XcCwzHq.exe
  2⤵
  PID:12048
- C:\Windows\System\dbJwVMI.exe
  C:\Windows\System\dbJwVMI.exe
  2⤵
  PID:12076
- C:\Windows\System\PWBYxNX.exe
  C:\Windows\System\PWBYxNX.exe
  2⤵
  PID:12104
- C:\Windows\System\EWyfRil.exe
  C:\Windows\System\EWyfRil.exe
  2⤵
  PID:12132
- C:\Windows\System\yYtxGDA.exe
  C:\Windows\System\yYtxGDA.exe
  2⤵
  PID:12160
- C:\Windows\System\cQCIiKm.exe
  C:\Windows\System\cQCIiKm.exe
  2⤵
  PID:12188
- C:\Windows\System\ocjiuZI.exe
  C:\Windows\System\ocjiuZI.exe
  2⤵
  PID:12216
- C:\Windows\System\PHcqDog.exe
  C:\Windows\System\PHcqDog.exe
  2⤵
  PID:12252
- C:\Windows\System\hAtiFSE.exe
  C:\Windows\System\hAtiFSE.exe
  2⤵
  PID:12280
- C:\Windows\System\GIyZcdj.exe
  C:\Windows\System\GIyZcdj.exe
  2⤵
  PID:11284
- C:\Windows\System\keXPckm.exe
  C:\Windows\System\keXPckm.exe
  2⤵
  PID:11352
- C:\Windows\System\xCeWMem.exe
  C:\Windows\System\xCeWMem.exe
  2⤵
  PID:7800
- C:\Windows\System\dDcjDmx.exe
  C:\Windows\System\dDcjDmx.exe
  2⤵
  PID:7764
- C:\Windows\System\RtPjeKC.exe
  C:\Windows\System\RtPjeKC.exe
  2⤵
  PID:1556
- C:\Windows\System\VWSrLbp.exe
  C:\Windows\System\VWSrLbp.exe
  2⤵
  PID:11516
- C:\Windows\System\CyQTlqa.exe
  C:\Windows\System\CyQTlqa.exe
  2⤵
  PID:11584
- C:\Windows\System\gcZlAgr.exe
  C:\Windows\System\gcZlAgr.exe
  2⤵
  PID:11640
- C:\Windows\System\kildrNb.exe
  C:\Windows\System\kildrNb.exe
  2⤵
  PID:11668
- C:\Windows\System\PFHGrWj.exe
  C:\Windows\System\PFHGrWj.exe
  2⤵
  PID:11784
- C:\Windows\System\OdMayqq.exe
  C:\Windows\System\OdMayqq.exe
  2⤵
  PID:11836
- C:\Windows\System\VkahyhN.exe
  C:\Windows\System\VkahyhN.exe
  2⤵
  PID:11888
- C:\Windows\System\uUjODEd.exe
  C:\Windows\System\uUjODEd.exe
  2⤵
  PID:11928
- C:\Windows\System\JOSPUwz.exe
  C:\Windows\System\JOSPUwz.exe
  2⤵
  PID:12004
- C:\Windows\System\ZcLQEmg.exe
  C:\Windows\System\ZcLQEmg.exe
  2⤵
  PID:12068
- C:\Windows\System\fOkAvdD.exe
  C:\Windows\System\fOkAvdD.exe
  2⤵
  PID:12128
- C:\Windows\System\IyOwYUb.exe
  C:\Windows\System\IyOwYUb.exe
  2⤵
  PID:12200
- C:\Windows\System\VwkDJXr.exe
  C:\Windows\System\VwkDJXr.exe
  2⤵
  PID:12272
- C:\Windows\System\OfHteCV.exe
  C:\Windows\System\OfHteCV.exe
  2⤵
  PID:11364
- C:\Windows\System\GwmXauk.exe
  C:\Windows\System\GwmXauk.exe
  2⤵
  PID:7756
- C:\Windows\System\VavsjOy.exe
  C:\Windows\System\VavsjOy.exe
  2⤵
  PID:11572
- C:\Windows\System\agiIVYE.exe
  C:\Windows\System\agiIVYE.exe
  2⤵
  PID:11672
- C:\Windows\System\QIPZpqi.exe
  C:\Windows\System\QIPZpqi.exe
  2⤵
  PID:11824
- C:\Windows\System\Bnamiee.exe
  C:\Windows\System\Bnamiee.exe
  2⤵
  PID:11956
- C:\Windows\System\BpnQuai.exe
  C:\Windows\System\BpnQuai.exe
  2⤵
  PID:12116
- C:\Windows\System\QdEmtkR.exe
  C:\Windows\System\QdEmtkR.exe
  2⤵
  PID:2288
- C:\Windows\System\BJGoahA.exe
  C:\Windows\System\BJGoahA.exe
  2⤵
  PID:11472
- C:\Windows\System\dJFTPXs.exe
  C:\Windows\System\dJFTPXs.exe
  2⤵
  PID:11808
- C:\Windows\System\fvsDVyb.exe
  C:\Windows\System\fvsDVyb.exe
  2⤵
  PID:12096
- C:\Windows\System\MRdDhwm.exe
  C:\Windows\System\MRdDhwm.exe
  2⤵
  PID:11612
- C:\Windows\System\mpolQWr.exe
  C:\Windows\System\mpolQWr.exe
  2⤵
  PID:8168
- C:\Windows\System\hdJKeyn.exe
  C:\Windows\System\hdJKeyn.exe
  2⤵
  PID:12300
- C:\Windows\System\vFLKJXk.exe
  C:\Windows\System\vFLKJXk.exe
  2⤵
  PID:12316
- C:\Windows\System\ZNUQxfg.exe
  C:\Windows\System\ZNUQxfg.exe
  2⤵
  PID:12344
- C:\Windows\System\KPfbyLZ.exe
  C:\Windows\System\KPfbyLZ.exe
  2⤵
  PID:12372
- C:\Windows\System\asSutcS.exe
  C:\Windows\System\asSutcS.exe
  2⤵
  PID:12400
- C:\Windows\System\ieZqHnX.exe
  C:\Windows\System\ieZqHnX.exe
  2⤵
  PID:12428
- C:\Windows\System\GHkuyTe.exe
  C:\Windows\System\GHkuyTe.exe
  2⤵
  PID:12456
- C:\Windows\System\EgZITJV.exe
  C:\Windows\System\EgZITJV.exe
  2⤵
  PID:12484
- C:\Windows\System\tWqhxaP.exe
  C:\Windows\System\tWqhxaP.exe
  2⤵
  PID:12512
- C:\Windows\System\pKZCRQq.exe
  C:\Windows\System\pKZCRQq.exe
  2⤵
  PID:12540
- C:\Windows\System\NBiZdZo.exe
  C:\Windows\System\NBiZdZo.exe
  2⤵
  PID:12568
- C:\Windows\System\mIwQvhb.exe
  C:\Windows\System\mIwQvhb.exe
  2⤵
  PID:12596
- C:\Windows\System\bpTXnhQ.exe
  C:\Windows\System\bpTXnhQ.exe
  2⤵
  PID:12624
- C:\Windows\System\PwAfUff.exe
  C:\Windows\System\PwAfUff.exe
  2⤵
  PID:12652
- C:\Windows\System\mRPshkC.exe
  C:\Windows\System\mRPshkC.exe
  2⤵
  PID:12684
- C:\Windows\System\pCyPbTo.exe
  C:\Windows\System\pCyPbTo.exe
  2⤵
  PID:12712
- C:\Windows\System\DqPFTYa.exe
  C:\Windows\System\DqPFTYa.exe
  2⤵
  PID:12740
- C:\Windows\System\KzDheqc.exe
  C:\Windows\System\KzDheqc.exe
  2⤵
  PID:12768
- C:\Windows\System\AfiZbZI.exe
  C:\Windows\System\AfiZbZI.exe
  2⤵
  PID:12796
- C:\Windows\System\raosEgA.exe
  C:\Windows\System\raosEgA.exe
  2⤵
  PID:12824
- C:\Windows\System\uXJbESw.exe
  C:\Windows\System\uXJbESw.exe
  2⤵
  PID:12852
- C:\Windows\System\njtZezS.exe
  C:\Windows\System\njtZezS.exe
  2⤵
  PID:12880
- C:\Windows\System\mwIooqs.exe
  C:\Windows\System\mwIooqs.exe
  2⤵
  PID:12920
- C:\Windows\System\RhIufdz.exe
  C:\Windows\System\RhIufdz.exe
  2⤵
  PID:12936
- C:\Windows\System\iYvGDud.exe
  C:\Windows\System\iYvGDud.exe
  2⤵
  PID:12964
- C:\Windows\System\PsTfSDe.exe
  C:\Windows\System\PsTfSDe.exe
  2⤵
  PID:12992
- C:\Windows\System\MzwsKpa.exe
  C:\Windows\System\MzwsKpa.exe
  2⤵
  PID:13020
- C:\Windows\System\xXEyOKv.exe
  C:\Windows\System\xXEyOKv.exe
  2⤵
  PID:13048
- C:\Windows\System\eGfAnSy.exe
  C:\Windows\System\eGfAnSy.exe
  2⤵
  PID:13076
- C:\Windows\System\MIzvmKu.exe
  C:\Windows\System\MIzvmKu.exe
  2⤵
  PID:13104
- C:\Windows\System\rPxScWT.exe
  C:\Windows\System\rPxScWT.exe
  2⤵
  PID:13132
- C:\Windows\System\eCdeXmE.exe
  C:\Windows\System\eCdeXmE.exe
  2⤵
  PID:13160
- C:\Windows\System\zwOuAvS.exe
  C:\Windows\System\zwOuAvS.exe
  2⤵
  PID:13188
- C:\Windows\System\wDLIxlf.exe
  C:\Windows\System\wDLIxlf.exe
  2⤵
  PID:13216
- C:\Windows\System\pJjwyZS.exe
  C:\Windows\System\pJjwyZS.exe
  2⤵
  PID:13244
- C:\Windows\System\mbeAedx.exe
  C:\Windows\System\mbeAedx.exe
  2⤵
  PID:13272
- C:\Windows\System\ExVTcJI.exe
  C:\Windows\System\ExVTcJI.exe
  2⤵
  PID:13300
- C:\Windows\System\CSoWwtL.exe
  C:\Windows\System\CSoWwtL.exe
  2⤵
  PID:12328
- C:\Windows\System\LbgBtMe.exe
  C:\Windows\System\LbgBtMe.exe
  2⤵
  PID:12396
- C:\Windows\System\WwRvnCk.exe
  C:\Windows\System\WwRvnCk.exe
  2⤵
  PID:12452
- C:\Windows\System\JdGDmyr.exe
  C:\Windows\System\JdGDmyr.exe
  2⤵
  PID:12524
- C:\Windows\System\pcFEQYh.exe
  C:\Windows\System\pcFEQYh.exe
  2⤵
  PID:12588
- C:\Windows\System\vDxctUx.exe
  C:\Windows\System\vDxctUx.exe
  2⤵
  PID:12648
- C:\Windows\System\ARPSyrl.exe
  C:\Windows\System\ARPSyrl.exe
  2⤵
  PID:12724
- C:\Windows\System\alEWxTI.exe
  C:\Windows\System\alEWxTI.exe
  2⤵
  PID:12788
- C:\Windows\System\ZYDrqdk.exe
  C:\Windows\System\ZYDrqdk.exe
  2⤵
  PID:12848
- C:\Windows\System\PbEPbpe.exe
  C:\Windows\System\PbEPbpe.exe
  2⤵
  PID:12904
- C:\Windows\System\RaEqlRA.exe
  C:\Windows\System\RaEqlRA.exe
  2⤵
  PID:12984
- C:\Windows\System\BuIUeVc.exe
  C:\Windows\System\BuIUeVc.exe
  2⤵
  PID:13044
- C:\Windows\System\WMscGqL.exe
  C:\Windows\System\WMscGqL.exe
  2⤵
  PID:13116
- C:\Windows\System\sUlwcnv.exe
  C:\Windows\System\sUlwcnv.exe
  2⤵
  PID:13172
- C:\Windows\System\YhnmdYH.exe
  C:\Windows\System\YhnmdYH.exe
  2⤵
  PID:13236
- C:\Windows\System\ywfIhSQ.exe
  C:\Windows\System\ywfIhSQ.exe
  2⤵
  PID:13296
- C:\Windows\System\ubnZyQT.exe
  C:\Windows\System\ubnZyQT.exe
  2⤵
  PID:12424
- C:\Windows\System\ckTHorB.exe
  C:\Windows\System\ckTHorB.exe
  2⤵
  PID:12564
- C:\Windows\System\rjrlfLj.exe
  C:\Windows\System\rjrlfLj.exe
  2⤵
  PID:12752
- C:\Windows\System\dwNdned.exe
  C:\Windows\System\dwNdned.exe
  2⤵
  PID:12916
- C:\Windows\System\HPQhlbg.exe
  C:\Windows\System\HPQhlbg.exe
  2⤵
  PID:13032
- C:\Windows\System\acGNqvd.exe
  C:\Windows\System\acGNqvd.exe
  2⤵
  PID:12308
- C:\Windows\System\nZEWCsI.exe
  C:\Windows\System\nZEWCsI.exe
  2⤵
  PID:12644
- C:\Windows\System\NcSkaNH.exe
  C:\Windows\System\NcSkaNH.exe
  2⤵
  PID:12900
- C:\Windows\System\TowAibP.exe
  C:\Windows\System\TowAibP.exe
  2⤵
  PID:12368
- C:\Windows\System\QqTAtTG.exe
  C:\Windows\System\QqTAtTG.exe
  2⤵
  PID:12508
- C:\Windows\System\IbDaEdV.exe
  C:\Windows\System\IbDaEdV.exe
  2⤵
  PID:12816
- C:\Windows\System\igbawHu.exe
  C:\Windows\System\igbawHu.exe
  2⤵
  PID:13100
- C:\Windows\System\UvaBCgu.exe
  C:\Windows\System\UvaBCgu.exe
  2⤵
  PID:3416
- C:\Windows\System\utvaIFH.exe
  C:\Windows\System\utvaIFH.exe
  2⤵
  PID:6320
- C:\Windows\System\nFFtUnu.exe
  C:\Windows\System\nFFtUnu.exe
  2⤵
  PID:6532
- C:\Windows\System\otFGqck.exe
  C:\Windows\System\otFGqck.exe
  2⤵
  PID:6548
- C:\Windows\System\JxBkwGG.exe
  C:\Windows\System\JxBkwGG.exe
  2⤵
  PID:6424
- C:\Windows\System\TQXgANF.exe
  C:\Windows\System\TQXgANF.exe
  2⤵
  PID:6676
- C:\Windows\System\EnBPPAo.exe
  C:\Windows\System\EnBPPAo.exe
  2⤵
  PID:6700
- C:\Windows\System\ZoFrzFu.exe
  C:\Windows\System\ZoFrzFu.exe
  2⤵
  PID:6816
- C:\Windows\System\GlhnPGE.exe
  C:\Windows\System\GlhnPGE.exe
  2⤵
  PID:3396
- C:\Windows\System\vlYTuro.exe
  C:\Windows\System\vlYTuro.exe
  2⤵
  PID:3504
- C:\Windows\System\nDnbiRE.exe
  C:\Windows\System\nDnbiRE.exe
  2⤵
  PID:6688
- C:\Windows\System\hEpeQuY.exe
  C:\Windows\System\hEpeQuY.exe
  2⤵
  PID:2436
- C:\Windows\System\OQixhyx.exe
  C:\Windows\System\OQixhyx.exe
  2⤵
  PID:4044
- C:\Windows\System\hoQutwp.exe
  C:\Windows\System\hoQutwp.exe
  2⤵
  PID:4364
- C:\Windows\System\QwlAIjz.exe
  C:\Windows\System\QwlAIjz.exe
  2⤵
  PID:6336
- C:\Windows\System\LyIbxIZ.exe
  C:\Windows\System\LyIbxIZ.exe
  2⤵
  PID:1248
- C:\Windows\System\LJytUsH.exe
  C:\Windows\System\LJytUsH.exe
  2⤵
  PID:3240
- C:\Windows\System\OXOjAzs.exe
  C:\Windows\System\OXOjAzs.exe
  2⤵
  PID:3292
- C:\Windows\System\dtyOEgi.exe
  C:\Windows\System\dtyOEgi.exe
  2⤵
  PID:4424
- C:\Windows\System\NDUkODL.exe
  C:\Windows\System\NDUkODL.exe
  2⤵
  PID:3252
- C:\Windows\System\CjFxXJB.exe
  C:\Windows\System\CjFxXJB.exe
  2⤵
  PID:3628
- C:\Windows\System\QnrcaWH.exe
  C:\Windows\System\QnrcaWH.exe
  2⤵
  PID:2744
- C:\Windows\System\gGUgqYJ.exe
  C:\Windows\System\gGUgqYJ.exe
  2⤵
  PID:2688
- C:\Windows\System\ylYtVPO.exe
  C:\Windows\System\ylYtVPO.exe
  2⤵
  PID:6412
- C:\Windows\System\ObnPiTt.exe
  C:\Windows\System\ObnPiTt.exe
  2⤵
  PID:3916
- C:\Windows\System\gFnLBbo.exe
  C:\Windows\System\gFnLBbo.exe
  2⤵
  PID:6328
- C:\Windows\System\NOKfidU.exe
  C:\Windows\System\NOKfidU.exe
  2⤵
  PID:4356
- C:\Windows\System\naXTcjl.exe
  C:\Windows\System\naXTcjl.exe
  2⤵
  PID:6684
- C:\Windows\System\biqxQEh.exe
  C:\Windows\System\biqxQEh.exe
  2⤵
  PID:4344
- C:\Windows\System\LOqiyUT.exe
  C:\Windows\System\LOqiyUT.exe
  2⤵
  PID:2508
- C:\Windows\System\bAdjAyg.exe
  C:\Windows\System\bAdjAyg.exe
  2⤵
  PID:2692
- C:\Windows\System\BxPNtXu.exe
  C:\Windows\System\BxPNtXu.exe
  2⤵
  PID:1096
- C:\Windows\System\LVgXuXd.exe
  C:\Windows\System\LVgXuXd.exe
  2⤵
  PID:4036
- C:\Windows\System\mxFLGQo.exe
  C:\Windows\System\mxFLGQo.exe
  2⤵
  PID:13152
- C:\Windows\System\nlyXRup.exe
  C:\Windows\System\nlyXRup.exe
  2⤵
  PID:2872
- C:\Windows\System\NlFraFx.exe
  C:\Windows\System\NlFraFx.exe
  2⤵
  PID:5152
- C:\Windows\System\DvBzboj.exe
  C:\Windows\System\DvBzboj.exe
  2⤵
  PID:1876
- C:\Windows\System\LLEIzfg.exe
  C:\Windows\System\LLEIzfg.exe
  2⤵
  PID:4700
- C:\Windows\System\HJxXIbf.exe
  C:\Windows\System\HJxXIbf.exe
  2⤵
  PID:3352
- C:\Windows\System\lsjeJTZ.exe
  C:\Windows\System\lsjeJTZ.exe
  2⤵
  PID:4948
- C:\Windows\System\MFEYQcz.exe
  C:\Windows\System\MFEYQcz.exe
  2⤵
  PID:5204
- C:\Windows\System\kpbdgZv.exe
  C:\Windows\System\kpbdgZv.exe
  2⤵
  PID:4744
- C:\Windows\System\nubPvXs.exe
  C:\Windows\System\nubPvXs.exe
  2⤵
  PID:5324
- C:\Windows\System\UmlTUak.exe
  C:\Windows\System\UmlTUak.exe
  2⤵
  PID:6780
- C:\Windows\System\rEwOctm.exe
  C:\Windows\System\rEwOctm.exe
  2⤵
  PID:4572
- C:\Windows\System\nLUCQrd.exe
  C:\Windows\System\nLUCQrd.exe
  2⤵
  PID:2344
- C:\Windows\System\OvgTjKo.exe
  C:\Windows\System\OvgTjKo.exe
  2⤵
  PID:6848
- C:\Windows\System\XkNhIQc.exe
  C:\Windows\System\XkNhIQc.exe
  2⤵
  PID:1920
- C:\Windows\System\CxUAAFV.exe
  C:\Windows\System\CxUAAFV.exe
  2⤵
  PID:4992
- C:\Windows\System\mRjOWvm.exe
  C:\Windows\System\mRjOWvm.exe
  2⤵
  PID:3600
- C:\Windows\System\yhEJiOh.exe
  C:\Windows\System\yhEJiOh.exe
  2⤵
  PID:4128
- C:\Windows\System\LPXpLop.exe
  C:\Windows\System\LPXpLop.exe
  2⤵
  PID:13200
- C:\Windows\System\bFDNSFf.exe
  C:\Windows\System\bFDNSFf.exe
  2⤵
  PID:2888
- C:\Windows\System\QzrzTDT.exe
  C:\Windows\System\QzrzTDT.exe
  2⤵
  PID:4516
- C:\Windows\System\YamecsB.exe
  C:\Windows\System\YamecsB.exe
  2⤵
  PID:5796
- C:\Windows\System\YmVGexW.exe
  C:\Windows\System\YmVGexW.exe
  2⤵
  PID:5808
- C:\Windows\System\LsgPTuI.exe
  C:\Windows\System\LsgPTuI.exe
  2⤵
  PID:1836
- C:\Windows\System\pxaqXZY.exe
  C:\Windows\System\pxaqXZY.exe
  2⤵
  PID:5684
- C:\Windows\System\WybuYPq.exe
  C:\Windows\System\WybuYPq.exe
  2⤵
  PID:5776
- C:\Windows\System\LiZphxi.exe
  C:\Windows\System\LiZphxi.exe
  2⤵
  PID:5884
- C:\Windows\System\COludnN.exe
  C:\Windows\System\COludnN.exe
  2⤵
  PID:5820
- C:\Windows\System\NLEKxUf.exe
  C:\Windows\System\NLEKxUf.exe
  2⤵
  PID:5812
- C:\Windows\System\gtQmRVg.exe
  C:\Windows\System\gtQmRVg.exe
  2⤵
  PID:6032
- C:\Windows\System\NQYkMfj.exe
  C:\Windows\System\NQYkMfj.exe
  2⤵
  PID:5800
- C:\Windows\System\OdwxzaC.exe
  C:\Windows\System\OdwxzaC.exe
  2⤵
  PID:6048
- C:\Windows\System\rNyGtOl.exe
  C:\Windows\System\rNyGtOl.exe
  2⤵
  PID:5624
- C:\Windows\System\AHYyNDa.exe
  C:\Windows\System\AHYyNDa.exe
  2⤵
  PID:13328
- C:\Windows\System\wRGiTtj.exe
  C:\Windows\System\wRGiTtj.exe
  2⤵
  PID:13356
- C:\Windows\System\MVngibD.exe
  C:\Windows\System\MVngibD.exe
  2⤵
  PID:13384
- C:\Windows\System\xIEzChN.exe
  C:\Windows\System\xIEzChN.exe
  2⤵
  PID:13412
- C:\Windows\System\SCBlKwz.exe
  C:\Windows\System\SCBlKwz.exe
  2⤵
  PID:13440
- C:\Windows\System\VAQHDcE.exe
  C:\Windows\System\VAQHDcE.exe
  2⤵
  PID:13468
- C:\Windows\System\FQDJlUy.exe
  C:\Windows\System\FQDJlUy.exe
  2⤵
  PID:13496
- C:\Windows\System\VumiUIP.exe
  C:\Windows\System\VumiUIP.exe
  2⤵
  PID:13524
- C:\Windows\System\IqLzaxc.exe
  C:\Windows\System\IqLzaxc.exe
  2⤵
  PID:13552
- C:\Windows\System\YyhpJnA.exe
  C:\Windows\System\YyhpJnA.exe
  2⤵
  PID:13584
- C:\Windows\System\kxRtvLa.exe
  C:\Windows\System\kxRtvLa.exe
  2⤵
  PID:13612
- C:\Windows\System\FmXQRUV.exe
  C:\Windows\System\FmXQRUV.exe
  2⤵
  PID:13640
- C:\Windows\System\ootGpFZ.exe
  C:\Windows\System\ootGpFZ.exe
  2⤵
  PID:13668
- C:\Windows\System\veVQmui.exe
  C:\Windows\System\veVQmui.exe
  2⤵
  PID:13696
- C:\Windows\System\OxrBNYz.exe
  C:\Windows\System\OxrBNYz.exe
  2⤵
  PID:13724
- C:\Windows\System\whifKkm.exe
  C:\Windows\System\whifKkm.exe
  2⤵
  PID:13764
- C:\Windows\System\jttiVDD.exe
  C:\Windows\System\jttiVDD.exe
  2⤵
  PID:13780
- C:\Windows\System\hygtYJa.exe
  C:\Windows\System\hygtYJa.exe
  2⤵
  PID:13808
- C:\Windows\System\hctAKVu.exe
  C:\Windows\System\hctAKVu.exe
  2⤵
  PID:13836
- C:\Windows\System\WigEZKj.exe
  C:\Windows\System\WigEZKj.exe
  2⤵
  PID:13864
- C:\Windows\System\mKyDtgn.exe
  C:\Windows\System\mKyDtgn.exe
  2⤵
  PID:13892
- C:\Windows\System\NMCbFnf.exe
  C:\Windows\System\NMCbFnf.exe
  2⤵
  PID:13920
- C:\Windows\System\iqOauoY.exe
  C:\Windows\System\iqOauoY.exe
  2⤵
  PID:13948
- C:\Windows\System\ggbXRhE.exe
  C:\Windows\System\ggbXRhE.exe
  2⤵
  PID:13976
- C:\Windows\System\ROJaWTv.exe
  C:\Windows\System\ROJaWTv.exe
  2⤵
  PID:14004
- C:\Windows\System\pSqShxd.exe
  C:\Windows\System\pSqShxd.exe
  2⤵
  PID:14032
- C:\Windows\System\TclosOq.exe
  C:\Windows\System\TclosOq.exe
  2⤵
  PID:14060
- C:\Windows\System\lUyGbLM.exe
  C:\Windows\System\lUyGbLM.exe
  2⤵
  PID:14088
- C:\Windows\System\SCoUYqR.exe
  C:\Windows\System\SCoUYqR.exe
  2⤵
  PID:14116
- C:\Windows\System\zwyOQDt.exe
  C:\Windows\System\zwyOQDt.exe
  2⤵
  PID:14144
- C:\Windows\System\YSLCPaO.exe
  C:\Windows\System\YSLCPaO.exe
  2⤵
  PID:14172
- C:\Windows\System\PCrcEnV.exe
  C:\Windows\System\PCrcEnV.exe
  2⤵
  PID:14200
- C:\Windows\System\jUHFqXl.exe
  C:\Windows\System\jUHFqXl.exe
  2⤵
  PID:14228
- C:\Windows\System\oZTrOXW.exe
  C:\Windows\System\oZTrOXW.exe
  2⤵
  PID:14260
- C:\Windows\System\rGfCIhW.exe
  C:\Windows\System\rGfCIhW.exe
  2⤵
  PID:14288
- C:\Windows\System\czrjQzu.exe
  C:\Windows\System\czrjQzu.exe
  2⤵
  PID:14316
- C:\Windows\System\qBkAsqC.exe
  C:\Windows\System\qBkAsqC.exe
  2⤵
  PID:6012
- C:\Windows\System\lcZDusS.exe
  C:\Windows\System\lcZDusS.exe
  2⤵
  PID:6124
- C:\Windows\System\gBaHweh.exe
  C:\Windows\System\gBaHweh.exe
  2⤵
  PID:13348
- C:\Windows\System\IFyQVaX.exe
  C:\Windows\System\IFyQVaX.exe
  2⤵
  PID:13404
- C:\Windows\System\VYbrqKp.exe
  C:\Windows\System\VYbrqKp.exe
  2⤵
  PID:628
- C:\Windows\System\YVhoSit.exe
  C:\Windows\System\YVhoSit.exe
  2⤵
  PID:13480
- C:\Windows\System\JupLnxq.exe
  C:\Windows\System\JupLnxq.exe
  2⤵
  PID:13488
- C:\Windows\System\YPSuumd.exe
  C:\Windows\System\YPSuumd.exe
  2⤵
  PID:2964
- C:\Windows\System\BjatkAu.exe
  C:\Windows\System\BjatkAu.exe
  2⤵
  PID:5140
- C:\Windows\System\xPWofGv.exe
  C:\Windows\System\xPWofGv.exe
  2⤵
  PID:13608
- C:\Windows\System\YNDQltz.exe
  C:\Windows\System\YNDQltz.exe
  2⤵
  PID:13680
- C:\Windows\System\kQVDdZw.exe
  C:\Windows\System\kQVDdZw.exe
  2⤵
  PID:13744
- C:\Windows\System\nBZaVvh.exe
  C:\Windows\System\nBZaVvh.exe
  2⤵
  PID:5428
- C:\Windows\System\WyhWsSu.exe
  C:\Windows\System\WyhWsSu.exe
  2⤵
  PID:13800
- C:\Windows\System\sQkuHlZ.exe
  C:\Windows\System\sQkuHlZ.exe
  2⤵
  PID:5548
- C:\Windows\System\edWLFUp.exe
  C:\Windows\System\edWLFUp.exe
  2⤵
  PID:13876
- C:\Windows\System\yDLqMzv.exe
  C:\Windows\System\yDLqMzv.exe
  2⤵
  PID:5728
- C:\Windows\System\nBtdCDZ.exe
  C:\Windows\System\nBtdCDZ.exe
  2⤵
  PID:5620
- C:\Windows\System\EgqEsBj.exe
  C:\Windows\System\EgqEsBj.exe
  2⤵
  PID:13944
- C:\Windows\System\fTCZXPG.exe
  C:\Windows\System\fTCZXPG.exe
  2⤵
  PID:7072
- C:\Windows\System\woOIYFj.exe
  C:\Windows\System\woOIYFj.exe
  2⤵
  PID:14024
- C:\Windows\System\WPAmvtR.exe
  C:\Windows\System\WPAmvtR.exe
  2⤵
  PID:7160
- C:\Windows\System\pVuzdmq.exe
  C:\Windows\System\pVuzdmq.exe
  2⤵
  PID:5836
- C:\Windows\System\UabwUFv.exe
  C:\Windows\System\UabwUFv.exe
  2⤵
  PID:14112
- C:\Windows\System\BGgfUmj.exe
  C:\Windows\System\BGgfUmj.exe
  2⤵
  PID:5852
- C:\Windows\System\JJDYaCv.exe
  C:\Windows\System\JJDYaCv.exe
  2⤵
  PID:14184
- C:\Windows\System\GZIAvSG.exe
  C:\Windows\System\GZIAvSG.exe
  2⤵
  PID:4872
- C:\Windows\System\HzrhXXV.exe
  C:\Windows\System\HzrhXXV.exe
  2⤵
  PID:14256
- C:\Windows\System\IvzBHVV.exe
  C:\Windows\System\IvzBHVV.exe
  2⤵
  PID:14280
- C:\Windows\System\VIaqDbH.exe
  C:\Windows\System\VIaqDbH.exe
  2⤵
  PID:5908
- C:\Windows\System\yvduawv.exe
  C:\Windows\System\yvduawv.exe
  2⤵
  PID:6120
- C:\Windows\System\eHUOLFZ.exe
  C:\Windows\System\eHUOLFZ.exe
  2⤵
  PID:6616
- C:\Windows\System\erzwsRG.exe
  C:\Windows\System\erzwsRG.exe
  2⤵
  PID:1364
- C:\Windows\System\JEdSVSM.exe
  C:\Windows\System\JEdSVSM.exe
  2⤵
  PID:13464
- C:\Windows\System\CKkSXEl.exe
  C:\Windows\System\CKkSXEl.exe
  2⤵
  PID:1460
- C:\Windows\System\nMVYoos.exe
  C:\Windows\System\nMVYoos.exe
  2⤵
  PID:1984
- C:\Windows\System\HPXisse.exe
  C:\Windows\System\HPXisse.exe
  2⤵
  PID:2296
- C:\Windows\System\xvMAJCd.exe
  C:\Windows\System\xvMAJCd.exe
  2⤵
  PID:1456
- C:\Windows\System\uLgPTcq.exe
  C:\Windows\System\uLgPTcq.exe
  2⤵
  PID:13720
- C:\Windows\System\AbFugit.exe
  C:\Windows\System\AbFugit.exe
  2⤵
  PID:5412
- C:\Windows\System\tclQyrF.exe
  C:\Windows\System\tclQyrF.exe
  2⤵
  PID:13820
- C:\Windows\System\SfKCwgi.exe
  C:\Windows\System\SfKCwgi.exe
  2⤵
  PID:6948
- C:\Windows\System\OwHKTlD.exe
  C:\Windows\System\OwHKTlD.exe
  2⤵
  PID:5572
- C:\Windows\System\VEmUSIH.exe
  C:\Windows\System\VEmUSIH.exe
  2⤵
  PID:13940
- C:\Windows\System\UioNNKb.exe
  C:\Windows\System\UioNNKb.exe
  2⤵
  PID:7084
- C:\Windows\System\LkErFsJ.exe
  C:\Windows\System\LkErFsJ.exe
  2⤵
  PID:14052
- C:\Windows\System\TNXkSld.exe
  C:\Windows\System\TNXkSld.exe
  2⤵
  PID:14108
- C:\Windows\System\XsYnroQ.exe
  C:\Windows\System\XsYnroQ.exe
  2⤵
  PID:6016
- C:\Windows\System\tdWlTFi.exe
  C:\Windows\System\tdWlTFi.exe
  2⤵
  PID:14212
- C:\Windows\System\nYxLCTR.exe
  C:\Windows\System\nYxLCTR.exe
  2⤵
  PID:14272
- C:\Windows\System\RXruSWA.exe
  C:\Windows\System\RXruSWA.exe
  2⤵
  PID:6456
- C:\Windows\System\AFXxoir.exe
  C:\Windows\System\AFXxoir.exe
  2⤵
  PID:13340
- C:\Windows\System\FCBQVRN.exe
  C:\Windows\System\FCBQVRN.exe
  2⤵
  PID:6840
- C:\Windows\System\OADZtNl.exe
  C:\Windows\System\OADZtNl.exe
  2⤵
  PID:3724
- C:\Windows\System\OAkKxDj.exe
  C:\Windows\System\OAkKxDj.exe
  2⤵
  PID:4852
- C:\Windows\System\VllqIrd.exe
  C:\Windows\System\VllqIrd.exe
  2⤵
  PID:6932
- C:\Windows\System\WuJdPgC.exe
  C:\Windows\System\WuJdPgC.exe
  2⤵
  PID:7040
- C:\Windows\System\cnEdkui.exe
  C:\Windows\System\cnEdkui.exe
  2⤵
  PID:2548
- C:\Windows\System\juRODul.exe
  C:\Windows\System\juRODul.exe
  2⤵
  PID:6900
- C:\Windows\System\AcKADlJ.exe
  C:\Windows\System\AcKADlJ.exe
  2⤵
  PID:13988
- C:\Windows\System\PAQFhQH.exe
  C:\Windows\System\PAQFhQH.exe
  2⤵
  PID:6288
- C:\Windows\System\kAELHlM.exe
  C:\Windows\System\kAELHlM.exe
  2⤵
  PID:5248
- C:\Windows\System\cWFzjtP.exe
  C:\Windows\System\cWFzjtP.exe
  2⤵
  PID:6108
- C:\Windows\System\nOJFxwA.exe
  C:\Windows\System\nOJFxwA.exe
  2⤵
  PID:14312
- C:\Windows\System\mEBhhdq.exe
  C:\Windows\System\mEBhhdq.exe
  2⤵
  PID:6564
- C:\Windows\System\RNUXFfx.exe
  C:\Windows\System\RNUXFfx.exe
  2⤵
  PID:4472
- C:\Windows\System\xRaDXQl.exe
  C:\Windows\System\xRaDXQl.exe
  2⤵
  PID:3844
- C:\Windows\System\nNZBopK.exe
  C:\Windows\System\nNZBopK.exe
  2⤵
  PID:13660
- C:\Windows\System\jjYJfRY.exe
  C:\Windows\System\jjYJfRY.exe
  2⤵
  PID:13860
- C:\Windows\System\qzTBQQG.exe
  C:\Windows\System\qzTBQQG.exe
  2⤵
  PID:7008
- C:\Windows\System\nlDWozZ.exe
  C:\Windows\System\nlDWozZ.exe
  2⤵
  PID:7176
- C:\Windows\System\TGzrbjF.exe
  C:\Windows\System\TGzrbjF.exe
  2⤵
  PID:3428
- C:\Windows\System\FuDDMnb.exe
  C:\Windows\System\FuDDMnb.exe
  2⤵
  PID:7244
- C:\Windows\System\uHkaUos.exe
  C:\Windows\System\uHkaUos.exe
  2⤵
  PID:3144
- C:\Windows\System\TEQxyOR.exe
  C:\Windows\System\TEQxyOR.exe
  2⤵
  PID:1420
- C:\Windows\System\lfUyRDw.exe
  C:\Windows\System\lfUyRDw.exe
  2⤵
  PID:4268
- C:\Windows\System\YTCBtTY.exe
  C:\Windows\System\YTCBtTY.exe
  2⤵
  PID:7392
- C:\Windows\System\jfREKSw.exe
  C:\Windows\System\jfREKSw.exe
  2⤵
  PID:6936
- C:\Windows\System\AktuqYe.exe
  C:\Windows\System\AktuqYe.exe
  2⤵
  PID:7080
- C:\Windows\System\RTfSeio.exe
  C:\Windows\System\RTfSeio.exe
  2⤵
  PID:5848
- C:\Windows\System\asHHtbL.exe
  C:\Windows\System\asHHtbL.exe
  2⤵
  PID:7588
- C:\Windows\System\txdSdEH.exe
  C:\Windows\System\txdSdEH.exe
  2⤵
  PID:1704
- C:\Windows\System\PXLGWGQ.exe
  C:\Windows\System\PXLGWGQ.exe
  2⤵
  PID:7608
- C:\Windows\System\syHbgbz.exe
  C:\Windows\System\syHbgbz.exe
  2⤵
  PID:7660
- C:\Windows\System\SQSRJiW.exe
  C:\Windows\System\SQSRJiW.exe
  2⤵
  PID:7312
- C:\Windows\System\zfgbhjW.exe
  C:\Windows\System\zfgbhjW.exe
  2⤵
  PID:7108
- C:\Windows\System\MBcSfst.exe
  C:\Windows\System\MBcSfst.exe
  2⤵
  PID:6740
- C:\Windows\System\MBZnrYp.exe
  C:\Windows\System\MBZnrYp.exe
  2⤵
  PID:7788
- C:\Windows\System\gCKgIov.exe
  C:\Windows\System\gCKgIov.exe
  2⤵
  PID:7388
- C:\Windows\System\MLqiJNm.exe
  C:\Windows\System\MLqiJNm.exe
  2⤵
  PID:7868
- C:\Windows\System\UVLDHan.exe
  C:\Windows\System\UVLDHan.exe
  2⤵
  PID:14352
- C:\Windows\System\EGUZvGI.exe
  C:\Windows\System\EGUZvGI.exe
  2⤵
  PID:14380
- C:\Windows\System\McrWOba.exe
  C:\Windows\System\McrWOba.exe
  2⤵
  PID:14408
- C:\Windows\System\oPErMiX.exe
  C:\Windows\System\oPErMiX.exe
  2⤵
  PID:14436
- C:\Windows\System\AFMyMQy.exe
  C:\Windows\System\AFMyMQy.exe
  2⤵
  PID:14464
- C:\Windows\System\LKnlDWm.exe
  C:\Windows\System\LKnlDWm.exe
  2⤵
  PID:14492
- C:\Windows\System\PAzfmLi.exe
  C:\Windows\System\PAzfmLi.exe
  2⤵
  PID:14520
- C:\Windows\System\IWGLBjf.exe
  C:\Windows\System\IWGLBjf.exe
  2⤵
  PID:14548
- C:\Windows\System\xPwsMps.exe
  C:\Windows\System\xPwsMps.exe
  2⤵
  PID:14576
- C:\Windows\System\tbdcyvI.exe
  C:\Windows\System\tbdcyvI.exe
  2⤵
  PID:14604
- C:\Windows\System\LdxfQxn.exe
  C:\Windows\System\LdxfQxn.exe
  2⤵
  PID:14632
- C:\Windows\System\rLZndCm.exe
  C:\Windows\System\rLZndCm.exe
  2⤵
  PID:14660
- C:\Windows\System\ozEcQlU.exe
  C:\Windows\System\ozEcQlU.exe
  2⤵
  PID:14688
- C:\Windows\System\XgtcbJO.exe
  C:\Windows\System\XgtcbJO.exe
  2⤵
  PID:14716
- C:\Windows\System\JWvCSON.exe
  C:\Windows\System\JWvCSON.exe
  2⤵
  PID:14744
- C:\Windows\System\xFdjnVg.exe
  C:\Windows\System\xFdjnVg.exe
  2⤵
  PID:14772
- C:\Windows\System\kXKyUys.exe
  C:\Windows\System\kXKyUys.exe
  2⤵
  PID:14800
- C:\Windows\System\ywnAzjj.exe
  C:\Windows\System\ywnAzjj.exe
  2⤵
  PID:14828
- C:\Windows\System\QYklqPR.exe
  C:\Windows\System\QYklqPR.exe
  2⤵
  PID:14856
- C:\Windows\System\qRegKxG.exe
  C:\Windows\System\qRegKxG.exe
  2⤵
  PID:14888
- C:\Windows\System\tEsngcD.exe
  C:\Windows\System\tEsngcD.exe
  2⤵
  PID:14916
- C:\Windows\System\hduTELF.exe
  C:\Windows\System\hduTELF.exe
  2⤵
  PID:14944
- C:\Windows\System\mwNERXx.exe
  C:\Windows\System\mwNERXx.exe
  2⤵
  PID:14972
- C:\Windows\System\ZsEOpRD.exe
  C:\Windows\System\ZsEOpRD.exe
  2⤵
  PID:15000
- C:\Windows\System\AMYqBpt.exe
  C:\Windows\System\AMYqBpt.exe
  2⤵
  PID:15028
- C:\Windows\System\XeMOMSt.exe
  C:\Windows\System\XeMOMSt.exe
  2⤵
  PID:15056
- C:\Windows\System\lpVfFZC.exe
  C:\Windows\System\lpVfFZC.exe
  2⤵
  PID:15084
- C:\Windows\System\nuvERhN.exe
  C:\Windows\System\nuvERhN.exe
  2⤵
  PID:15112
- C:\Windows\System\whgeMbx.exe
  C:\Windows\System\whgeMbx.exe
  2⤵
  PID:15140
- C:\Windows\System\KpGmFAX.exe
  C:\Windows\System\KpGmFAX.exe
  2⤵
  PID:15168
- C:\Windows\System\balOWjd.exe
  C:\Windows\System\balOWjd.exe
  2⤵
  PID:15196
- C:\Windows\System\tAoumHC.exe
  C:\Windows\System\tAoumHC.exe
  2⤵
  PID:15224
- C:\Windows\System\MCpZvnk.exe
  C:\Windows\System\MCpZvnk.exe
  2⤵
  PID:15252
- C:\Windows\System\QMJlAiz.exe
  C:\Windows\System\QMJlAiz.exe
  2⤵
  PID:15280
- C:\Windows\System\zGfLynI.exe
  C:\Windows\System\zGfLynI.exe
  2⤵
  PID:15308
- C:\Windows\System\aCoYKdW.exe
  C:\Windows\System\aCoYKdW.exe
  2⤵
  PID:15336
- C:\Windows\System\LDILnpv.exe
  C:\Windows\System\LDILnpv.exe
  2⤵
  PID:14344
- C:\Windows\System\jHBsKmr.exe
  C:\Windows\System\jHBsKmr.exe
  2⤵
  PID:14372
- C:\Windows\System\dGtiNyn.exe
  C:\Windows\System\dGtiNyn.exe
  2⤵
  PID:14448
- C:\Windows\System\QbXJVJo.exe
  C:\Windows\System\QbXJVJo.exe
  2⤵
  PID:14460
- C:\Windows\System\prlTucA.exe
  C:\Windows\System\prlTucA.exe
  2⤵
  PID:14532
- C:\Windows\System\LHloAon.exe
  C:\Windows\System\LHloAon.exe
  2⤵
  PID:8124
- C:\Windows\System\YTZVNGT.exe
  C:\Windows\System\YTZVNGT.exe
  2⤵
  PID:14628
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 14628 -s 248
    3⤵
    PID:15236
- C:\Windows\System\VtDqWuj.exe
  C:\Windows\System\VtDqWuj.exe
  2⤵
  PID:6200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BUKeyFT.exe

Filesize
6.0MB

MD5
c2c52632f38de6130bd9060314e63047

SHA1
63bc1173ebc513f53a1c904cf6548f0cd33589bf

SHA256
9ad32ab88b6298cda78684306986e6d46dfbc1fc0d3b4ee92408c93ca5a229df

SHA512
27e04ecb72c146560c518c3dc68f0687c91dbea3cb8d14aadc90b1705678329eefa88fc0c25d1997307eaa2487a073df2eeceb77be7ce0cd20debc4dfff63c92

Download Submit
C:\Windows\System\BkzPYAp.exe

Filesize
6.0MB

MD5
7f262fc425e515c11c1d28d2d2c22fed

SHA1
90983b90606c4512c12490dbec33de1bd4c513b6

SHA256
c777fcb269751cb295eb76fcb76796c3e060e4f48eb5ebd3cc6e565875e3f46f

SHA512
bf95efa031967d0d3e561ac422b3b8d072153c765327e43a7020e2c2ae6256b57c2e8825bf157774d515a1aff7aaf9cf6a08f742f8605dcc0c84b5ef9c7b7289

Download Submit
C:\Windows\System\DIohcZu.exe

Filesize
6.0MB

MD5
10e4c60f3dee3a9f5b165928c6e1aa16

SHA1
b887d03039ad7755a61ccebc1359c319d934e423

SHA256
b84c2fb4995c70789aba1e00e8d91a33a92b4899425043002c09597548d58697

SHA512
ec1366ce79cda96fc3cf14c0a9c36de77f5bc26f58f91b09ce16e729f3324f2c9465721ef5ff5192b06ee8c8f7b361edb6fcc548d4e5c2e536cd4d0da6d64a67

Download Submit
C:\Windows\System\DgMtDDL.exe

Filesize
6.0MB

MD5
906353a4e093b7cbe49b61fd19658890

SHA1
239f5b5969d379851a7e588f9a46851591c2a170

SHA256
bdf684c7b853a6d043b5a64e770f2df545caf28ec2333d92eec66790c23e4646

SHA512
7f7835f0edfaddec9144bd27b63ba4b0054fa4434adbecf71f326263113b2a33ea384ad39c77fe0b1e7280814dd1f56db320d6f2241cc1b84c48f10296a2a76f

Download Submit
C:\Windows\System\EEfPfXA.exe

Filesize
6.0MB

MD5
7aaf57fdf62195eaa172bb9da4b7985d

SHA1
3a07803a2c8617d5d6000f0f253626e77cceaab1

SHA256
41ddfe82658768b3ac8eee7d77a6bd5ae32ff443f9b19275d1e478f711df7002

SHA512
e6f9f74ef1a162f363e59f4ef9e4f448f5d0e84522af5d6a77efbf7dbf22f4386240fa1844983b92f330d3446d8f6c579bb108015d15447b09871fd0161eb6fb

Download Submit
C:\Windows\System\EUITNfg.exe

Filesize
6.0MB

MD5
de1a9391fd8fc77e4d7dea70c635a586

SHA1
b1719bb434a016f14ed23e47ba9cd0827eaa4178

SHA256
4f2ac605d7d060e6def65227688859bb778a610bd01b80270adbe2478ac77827

SHA512
362a80a692b2a02ae14adc1a017e6d94cd0d50cf764ba22205c3aaedcff0a9a914f5e63c53b815122a720e2cb926cdd4367baa609e847b643d531f332d62ba4b

Download Submit
C:\Windows\System\FQComUp.exe

Filesize
6.0MB

MD5
1843e835f44d48409e9ad516b22844b6

SHA1
74658ee0ade9448b166fb65e4aba15eb65895977

SHA256
2b78eb2bf059810270d9dc562aca0a51b8d04dc6b4b22dc63d4f53dd6b86f953

SHA512
64a35ac8374bcc0e44d5406c49e3196ec5ac27baec0544bc4954bb0cf45f166465066ace0d69afa2e10d8fa67a5da595c1acc3dfd710c70ab29f5826d88a5204

Download Submit
C:\Windows\System\FTvCtXS.exe

Filesize
6.0MB

MD5
3b6b16e346b8e04f3b6916e596f435dd

SHA1
20ed8af1ec9b069b3a9d1f7dd6d5d0bc78af25b4

SHA256
093a367455665b2c27d7f804fec1798925426893b781a2e1a205acd9e349e3b5

SHA512
1ce29301a265f325f2a9a656cd51ec0c4b6e268f637d6c4cc0b6818fd90aad2f95d96b558a00a43a3af235b717cedf4171c5614c797011c96908055f401a5a10

Download Submit
C:\Windows\System\FnVhGQk.exe

Filesize
6.0MB

MD5
1378ef88f2dc4207563c34df59f2b462

SHA1
d177b82fbd2d53489ad8b893f88e6f36010b3984

SHA256
9676ce597603c0ceb8d647a9125661bbd8d76db3c05073b4a3fba61ab588c9d7

SHA512
9ae31cfdf02df615607baf71b54581e22bb49bf1511d980aef4a3000bab9fd34e00e91eea30d078409e7209716bdb9f3800795f3e96382f9e5b6ef8e7bad26bf

Download Submit
C:\Windows\System\LERiRPT.exe

Filesize
6.0MB

MD5
3a14d572f1dd7d45063df8a1dcaa4810

SHA1
f3cf9a9e23f9c21caafe18cbbcb4735df7c4e548

SHA256
0f62d1ea25169fb2506e08e875b152fd85991092d39e529bd3faad90be6905d8

SHA512
f20935391fb6629cecf4f124cc02584b2ec0769cf0c1243594fa5687b9d0554207f209bc941a392953c9ddb5ffcaf8c3fe0a9cfb786d388f863b260272a08824

Download Submit
C:\Windows\System\LMVVlzO.exe

Filesize
6.0MB

MD5
bd2e8cffc0867f56a5bc58db78383d08

SHA1
498c1d475030af39748c9863f5bd9a6b9f6bce81

SHA256
18e7a907d5e590822d9094769ddb0bb4df16bc1d15d3ce47200cf9d9d20631f8

SHA512
4b346412847b424e843fcf0a857a126c3af2a14ac6ca32cc89d262eb5ea2c966c9b603800b1de76cada6515cb414f00ab4e9149eb6a6d0d9fad846097c230517

Download Submit
C:\Windows\System\MDnFRlt.exe

Filesize
6.0MB

MD5
1280c0cccb70cb05f84fc3d57ecd7045

SHA1
50fed909cbcb2acafe343c74677fcbd03b6f71cf

SHA256
afef81bd7ddc22dba55e054d50201a3aaf4d9aac918c59171e7535c61412bc00

SHA512
f34afd219b83fec5400e1caa148984aec66125a639502fe1c6ecdb978fa04c502ee959e7afef4097de07077e8446e3ef1c301ef8c8bceecc7617d146b2bbfcce

Download Submit
C:\Windows\System\MYlVaRa.exe

Filesize
6.0MB

MD5
c08a1ab354c9563443f0dc640b020019

SHA1
19e59eb05d4e4025b76d0c4201bc38a6227ace55

SHA256
263ce75b3416b16ed3a056220fb53c6661594bd7bfee5db436d532d0c7423c8b

SHA512
674b3172e4b7f45eba22b20fbe6d9ef64a6ffd2a782b2f88caadf9600e5e9738ff548649307fe1db567e04ed8038e964ec159804138dd43196a22d8ec9b39a11

Download Submit
C:\Windows\System\MuvtWic.exe

Filesize
6.0MB

MD5
733cd6e453a6656fb927209add62e79e

SHA1
2090d9598afbafee3bd645fbeb353af5c68437de

SHA256
a0bdbcd8bba1d69a7e3eab7101e5f59b02041774454da1f1ed70c839789ddccf

SHA512
f56864ad48b714fd562bc02a0f2914bf116dea346754526ad9c33932805162e76e0902a66e7210b4c832cd4aefff0add6da9ed3b975b869d0745438ab52b5dec

Download Submit
C:\Windows\System\TiWhYMh.exe

Filesize
6.0MB

MD5
29fdc114f1f5ec91b04dab7c9700d677

SHA1
533df4fab906a11080a589e6f45f77f353e08a4b

SHA256
7ca522632b8832a3ba728cc1d7d804c0015fb9c52cc03a966b83845f4b702689

SHA512
82fdbcd524b1b6d59e90bcc323fe3b0fd3960dd3e51db296914511caae19f6a54ffec26d39c86bdf6b4ed456e588b45ba61e67135a1574658e88a6d0dbfcb93c

Download Submit
C:\Windows\System\WRugimI.exe

Filesize
6.0MB

MD5
af6deed7f892b27acac46275899c33d1

SHA1
205c6bc2bcda99ced5f320b410e7f3842d401e57

SHA256
7ab6eabd26de9dda9054d03adfe6b14ef9cccd0e0ecd929b3cf85d2da4cd3bbb

SHA512
96bf48aebecc5231d5d488ac9e032153e0369faa44abf59a66ff527195a0e8edf2f50e5e6465c0ea2e65b01d1b7736ed0c240e71577f01b02fd2883a0671cf68

Download Submit
C:\Windows\System\WXApogc.exe

Filesize
6.0MB

MD5
2cac82ccced6e51db5703b6365a7eb42

SHA1
00a19548d4c6d383e055b213561ac1c523876873

SHA256
76fa125ccac9b5158023586503e04bf728bd7df544be30b3ea5c851137ae649a

SHA512
71ffa0234438ff4d0e9a1882012075b68a2cb6d05fa22aa78bac5f3c24f45d0ab934ce34c5fe788a25202925e655f44abbe42e075d160617bd3624c5cdc29d97

Download Submit
C:\Windows\System\YFNebqX.exe

Filesize
6.0MB

MD5
ccd7e004991ee080366303e08f75cb45

SHA1
286d9da80c658a0260f6f9923a08479124b8b38a

SHA256
a7ab6da5f7baca494bf020ae3dceda6cdecf22aefb9585f53e848fe8883f63a5

SHA512
492057c89ed3425ac5ebfd81e0c37eef07d49688327ef3bf7498bb580f4ab89593b3b4b964fa0fa85268cdc31aa97729fb9a0e3d30f0a69fd758fcb91af5bdf6

Download Submit
C:\Windows\System\YNpThVo.exe

Filesize
6.0MB

MD5
a85c70facd622bc591d41c580b7b78c2

SHA1
924b8f016cba655ffbb8706961a213dad6f15575

SHA256
3e661067108be295521575d8c6891952bcf35cacc9d030bb668219c5a6fdd102

SHA512
0f87766d11c34ab372e0d6965b14bba49894e161d0f7edd91b939b6666bbb338d75d97ba940b94814e51f904db2f1b88b9ceb2e4be3addd19e4db9f0a48d007f

Download Submit
C:\Windows\System\YiNDfaW.exe

Filesize
6.0MB

MD5
ba8d51858ad214b1d3c0a55640bef973

SHA1
9fd58a90c9095f8de5eeebaa342b000c1ce67b7b

SHA256
007f4a50371094b89fe233cb702747d0f9e45acf908b84d1269542a1560dad6e

SHA512
81366256b32e447d0477cf3a55e7fca93103d0e95b39144781366680941609cba09dd270feebf0079606510c61873193be6fb0b3867cab78f353c19405bbcb7f

Download Submit
C:\Windows\System\YnnPuVy.exe

Filesize
6.0MB

MD5
a9a5f4cabb5bd0e94e020f34a187e152

SHA1
71e98ec84ade221b6f7f162d34a7a502f6dde05b

SHA256
bb9423ab89845678d5ac0dd51d7f8176d83d2c1e3427f937b761ddcb4fed9cab

SHA512
1ef18b3846d2b2feab1fcef6557b09d4f4af59fcf385e1e1fe263ed14dab56a08ca0d38633b209e9842882671b2f2a79b7b748cc61760fd052b3f4ba9f2b0ae3

Download Submit
C:\Windows\System\ageVncq.exe

Filesize
6.0MB

MD5
47528618ed4d453be83fe5f235f496ec

SHA1
e1437967e5c0007cc405013a2f5bfe0f841053e0

SHA256
fb571f0dfb227efd9baf45ce02f0b1544dd38125d3e0e79494c3fe7eed549226

SHA512
4f1c85812fefbb896d573fe08d08e7c31e260bc4a4d1a3f8c1fc8c90b766ef5cfb2f77df266a874d4372f208f3dd13e3db55babbec23e4eaa950c514f49c152d

Download Submit
C:\Windows\System\bneDDVY.exe

Filesize
6.0MB

MD5
035483284792e533132eec78037f17ae

SHA1
aaa3a717be5dd47ce213ec68f73b48c4d50a86be

SHA256
1286a14a449a05d22ce56b500d5d8fbc72870f6139c13d385f82e4f79b83ee01

SHA512
4337095e1acf60854b8a1076a5f23c8eaae28cf359713dce958a6c6970f601590797b7bf2f7f652c6faa56362fe60218e4c4686b46135e376a60adb6211153e1

Download Submit
C:\Windows\System\ddCqzSU.exe

Filesize
6.0MB

MD5
9571f64f64011c08abf3538b19a935b6

SHA1
4683b0a09e42f68de3761f840e59b3b9be147905

SHA256
cf6820ba42baa709d33496f854f82748869da02a0ffb645312aa92199f9c2b19

SHA512
3f8e2f8ec5b14f60876350d7710b611d47ab2bb75e5c9d7981c880c6cd7c0cf8378ac779acab182112e502568ad87a664bf0e4d3dfc078f11797fa888ea8e763

Download Submit
C:\Windows\System\hYHMakQ.exe

Filesize
6.0MB

MD5
d91e4bb20f9f0d48623d911106cb1b3f

SHA1
4fe00c3b2f5a1c5e942c0b6a0987be77c5cabd8a

SHA256
a1ed521357eaaeb0bfafd469feb1dcc4f5492d94ce94b00ddf81b82c2c54d75c

SHA512
08873a376aefffbc0ee8bb7dc2f97b5fbe749d7e1ebe5941e0d2dc9eb72278f5f71f7b250876ae8c248353ef159ad46f4e6d6bd37150e39964a9e22d6628c75f

Download Submit
C:\Windows\System\kKsziRr.exe

Filesize
6.0MB

MD5
d6c5a0075609197f473d2b788ffac82b

SHA1
6bd2622cbc7477efc1ecc46074afddedcdcfe891

SHA256
ccd3be555b208cd93aad95c5cc74b5d44a696805142d91e59abef5de4cf2d961

SHA512
7c96046a9c0a86001691c269ccc75d0cdaa9c77aefc39802cd669cfd213a002228220033cad0a5618b286a9adbefcce7fd2d1a9e71ac31418f77b41483dc7815

Download Submit
C:\Windows\System\mXSjiKm.exe

Filesize
6.0MB

MD5
01e8743dcdfd57a81c796d206de63054

SHA1
2cd7b5a5872a3b123581e5118a24b8ca690feb96

SHA256
653cf75102f9197399a263b183953803434c95a175ec74c4773b4a16c46c058e

SHA512
79d01159d35618ad95300fd7204a18ae64e3b506c57ae4fe56e054fc34fa4ad8b5921e90dabcd8d91cad5e9ecd7d211b0b7c19826888fe07d3213342ef6668a3

Download Submit
C:\Windows\System\mhKjBEj.exe

Filesize
6.0MB

MD5
cdbd4b1f479f204a14dc16fefd3b14ef

SHA1
f77b0a2ff2b6fc765f0adfb8d5f6be4a95000ee3

SHA256
9e6d5470ea6854fa8c7004af47a1e16914b217d69f99ebbcc7caec67ba808ead

SHA512
6e430e9896c3a863b36e42f5085de9a2acd251de3aefbbbffa1e0d8a76d493e839d866c837fd1c44d9664c7391f035eb590838f9f4d04d12438dd815e6d671b2

Download Submit
C:\Windows\System\plItnFX.exe

Filesize
6.0MB

MD5
3c087430620f51871d5a6a80b0128ef5

SHA1
49d1f3093e7ff061c5902379d8de0f8173f20b36

SHA256
edea789bdbac59eacc69b3efa9b102af92f16bfe3901fa1b047f8f8401b4266e

SHA512
ae8eb2a6ecac8bbf87392e092612821fdb4aeeb0cdc594c9a33b99161bde077f1da0ff50baa13092ef96cfd01e2bf3a171215577049016d6daacd95ab01adb5f

Download Submit
C:\Windows\System\quMVBUA.exe

Filesize
6.0MB

MD5
cdc55b0c934f8e25607b664eb6892cbc

SHA1
c08e102bb2007988d70f6ad064ab5f3f07b2b7e8

SHA256
4f8444c38b969a456eb350437d25e16a91936f35e5bf265afe1301a31f51b643

SHA512
b1f57283615d0edfd29d5f2486cc2f540813a00b8b1be2e023aedc6ea1e30aec8879d83a25bf6151b8855bc301fdd047fd9d0ba44f548e720327aab64d2cba1d

Download Submit
C:\Windows\System\sIWUlCD.exe

Filesize
6.0MB

MD5
6474a5d76085b8cf7ba6d33d6aaf9bab

SHA1
08a20cdfe1942d14c4436a416891f46b59bb0c17

SHA256
28fec0211d56859604e281de51947e5a3f3132de34de78a52057589b92b601c5

SHA512
7ba312ca3ddff6419a95488cecbe4bf7a1c9be93b24cb96e98116b65bf065632e67d687d1a90cb17291c80095cbfc57e49ad03a878af867e257936e0fef6fcf8

Download Submit
C:\Windows\System\vmGrlao.exe

Filesize
6.0MB

MD5
501f25791d077f016f3d51f46f440059

SHA1
c2235cc4d0da76601fe35784da97c9f5c84f6bc5

SHA256
5e5912c15356a9c5d386e411577c87856427024f273a90a424fd7f392425fb3b

SHA512
a842cd6167b3bfd91df958f78c4cda5bf8714a45207a0d2f392adbdcac9f4c8a2ec1ca06029ca77c29cd590ab4351437678dfb66eda1997f9990fa9c84854aec

Download Submit
C:\Windows\System\wCUrKWy.exe

Filesize
6.0MB

MD5
d765db5cd433d53cf9256e5c5be55700

SHA1
6261f43dd0efd5b327563f1abd8ca95ab82d1c4b

SHA256
0dceca70b87fa2d463fdc22c985968e24585e9dbba8d391c2e280181122e616c

SHA512
6e09b5c202b53f2ca14e7a5eef1281000dec654043acc12613bb0cbca4dbc675300aeaec712785b83c52b18fae4765f0565d5a92a57c18e2d82e30a104cec71f

Download Submit
memory/464-204-0x00007FF7F64A0000-0x00007FF7F67F4000-memory.dmp

Filesize
3.3MB

Download
memory/464-1914-0x00007FF7F64A0000-0x00007FF7F67F4000-memory.dmp

Filesize
3.3MB

Download
memory/464-56-0x00007FF7F64A0000-0x00007FF7F67F4000-memory.dmp

Filesize
3.3MB

Download
memory/796-914-0x00007FF6FD380000-0x00007FF6FD6D4000-memory.dmp

Filesize
3.3MB

Download
memory/796-144-0x00007FF6FD380000-0x00007FF6FD6D4000-memory.dmp

Filesize
3.3MB

Download
memory/796-1941-0x00007FF6FD380000-0x00007FF6FD6D4000-memory.dmp

Filesize
3.3MB

Download
memory/912-1943-0x00007FF6597E0000-0x00007FF659B34000-memory.dmp

Filesize
3.3MB

Download
memory/912-203-0x00007FF6597E0000-0x00007FF659B34000-memory.dmp

Filesize
3.3MB

Download
memory/1408-27-0x00007FF789490000-0x00007FF7897E4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-91-0x00007FF789490000-0x00007FF7897E4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-1901-0x00007FF789490000-0x00007FF7897E4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-1937-0x00007FF71AC30000-0x00007FF71AF84000-memory.dmp

Filesize
3.3MB

Download
memory/1740-745-0x00007FF71AC30000-0x00007FF71AF84000-memory.dmp

Filesize
3.3MB

Download
memory/1740-126-0x00007FF71AC30000-0x00007FF71AF84000-memory.dmp

Filesize
3.3MB

Download
memory/1748-1930-0x00007FF71DA60000-0x00007FF71DDB4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-600-0x00007FF71DA60000-0x00007FF71DDB4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-84-0x00007FF71DA60000-0x00007FF71DDB4000-memory.dmp

Filesize
3.3MB

Download
memory/1772-1945-0x00007FF6D0C30000-0x00007FF6D0F84000-memory.dmp

Filesize
3.3MB

Download
memory/1772-915-0x00007FF6D0C30000-0x00007FF6D0F84000-memory.dmp

Filesize
3.3MB

Download
memory/1772-179-0x00007FF6D0C30000-0x00007FF6D0F84000-memory.dmp

Filesize
3.3MB

Download
memory/1812-143-0x00007FF6543E0000-0x00007FF654734000-memory.dmp

Filesize
3.3MB

Download
memory/1812-1940-0x00007FF6543E0000-0x00007FF654734000-memory.dmp

Filesize
3.3MB

Download
memory/1812-911-0x00007FF6543E0000-0x00007FF654734000-memory.dmp

Filesize
3.3MB

Download
memory/2092-1927-0x00007FF72E700000-0x00007FF72EA54000-memory.dmp

Filesize
3.3MB

Download
memory/2092-94-0x00007FF72E700000-0x00007FF72EA54000-memory.dmp

Filesize
3.3MB

Download
memory/2104-1888-0x00007FF696E70000-0x00007FF6971C4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-7-0x00007FF696E70000-0x00007FF6971C4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-70-0x00007FF696E70000-0x00007FF6971C4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-1944-0x00007FF7E9900000-0x00007FF7E9C54000-memory.dmp

Filesize
3.3MB

Download
memory/2156-180-0x00007FF7E9900000-0x00007FF7E9C54000-memory.dmp

Filesize
3.3MB

Download
memory/2316-20-0x00007FF681FD0000-0x00007FF682324000-memory.dmp

Filesize
3.3MB

Download
memory/2316-90-0x00007FF681FD0000-0x00007FF682324000-memory.dmp

Filesize
3.3MB

Download
memory/2316-1899-0x00007FF681FD0000-0x00007FF682324000-memory.dmp

Filesize
3.3MB

Download
memory/2424-1925-0x00007FF61D2C0000-0x00007FF61D614000-memory.dmp

Filesize
3.3MB

Download
memory/2424-95-0x00007FF61D2C0000-0x00007FF61D614000-memory.dmp

Filesize
3.3MB

Download
memory/2424-679-0x00007FF61D2C0000-0x00007FF61D614000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1934-0x00007FF647100000-0x00007FF647454000-memory.dmp

Filesize
3.3MB

Download
memory/2732-744-0x00007FF647100000-0x00007FF647454000-memory.dmp

Filesize
3.3MB

Download
memory/2732-110-0x00007FF647100000-0x00007FF647454000-memory.dmp

Filesize
3.3MB

Download
memory/2752-205-0x00007FF79FE40000-0x00007FF7A0194000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1938-0x00007FF79FE40000-0x00007FF7A0194000-memory.dmp

Filesize
3.3MB

Download
memory/2776-98-0x00007FF7327C0000-0x00007FF732B14000-memory.dmp

Filesize
3.3MB

Download
memory/2776-37-0x00007FF7327C0000-0x00007FF732B14000-memory.dmp

Filesize
3.3MB

Download
memory/2776-1900-0x00007FF7327C0000-0x00007FF732B14000-memory.dmp

Filesize
3.3MB

Download
memory/3008-83-0x00007FF7F7550000-0x00007FF7F78A4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-487-0x00007FF7F7550000-0x00007FF7F78A4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-1926-0x00007FF7F7550000-0x00007FF7F78A4000-memory.dmp

Filesize
3.3MB

Download
memory/3160-134-0x00007FF648220000-0x00007FF648574000-memory.dmp

Filesize
3.3MB

Download
memory/3160-1906-0x00007FF648220000-0x00007FF648574000-memory.dmp

Filesize
3.3MB

Download
memory/3160-46-0x00007FF648220000-0x00007FF648574000-memory.dmp

Filesize
3.3MB

Download
memory/3604-1935-0x00007FF6F8A50000-0x00007FF6F8DA4000-memory.dmp

Filesize
3.3MB

Download
memory/3604-109-0x00007FF6F8A50000-0x00007FF6F8DA4000-memory.dmp

Filesize
3.3MB

Download
memory/3604-680-0x00007FF6F8A50000-0x00007FF6F8DA4000-memory.dmp

Filesize
3.3MB

Download
memory/3640-114-0x00007FF7A7A80000-0x00007FF7A7DD4000-memory.dmp

Filesize
3.3MB

Download
memory/3640-1907-0x00007FF7A7A80000-0x00007FF7A7DD4000-memory.dmp

Filesize
3.3MB

Download
memory/3640-45-0x00007FF7A7A80000-0x00007FF7A7DD4000-memory.dmp

Filesize
3.3MB

Download
memory/4072-65-0x00007FF674190000-0x00007FF6744E4000-memory.dmp

Filesize
3.3MB

Download
memory/4072-386-0x00007FF674190000-0x00007FF6744E4000-memory.dmp

Filesize
3.3MB

Download
memory/4072-1918-0x00007FF674190000-0x00007FF6744E4000-memory.dmp

Filesize
3.3MB

Download
memory/4088-1949-0x00007FF7CADA0000-0x00007FF7CB0F4000-memory.dmp

Filesize
3.3MB

Download
memory/4088-211-0x00007FF7CADA0000-0x00007FF7CB0F4000-memory.dmp

Filesize
3.3MB

Download
memory/4168-104-0x00007FF6DA500000-0x00007FF6DA854000-memory.dmp

Filesize
3.3MB

Download
memory/4168-40-0x00007FF6DA500000-0x00007FF6DA854000-memory.dmp

Filesize
3.3MB

Download
memory/4168-1910-0x00007FF6DA500000-0x00007FF6DA854000-memory.dmp

Filesize
3.3MB

Download
memory/4224-1936-0x00007FF745460000-0x00007FF7457B4000-memory.dmp

Filesize
3.3MB

Download
memory/4224-861-0x00007FF745460000-0x00007FF7457B4000-memory.dmp

Filesize
3.3MB

Download
memory/4224-127-0x00007FF745460000-0x00007FF7457B4000-memory.dmp

Filesize
3.3MB

Download
memory/4376-63-0x00007FF7EAD20000-0x00007FF7EB074000-memory.dmp

Filesize
3.3MB

Download
memory/4376-0-0x00007FF7EAD20000-0x00007FF7EB074000-memory.dmp

Filesize
3.3MB

Download
memory/4376-1-0x000001E94D060000-0x000001E94D070000-memory.dmp

Filesize
64KB

Download
memory/4476-864-0x00007FF7D8B70000-0x00007FF7D8EC4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-172-0x00007FF7D8B70000-0x00007FF7D8EC4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-1939-0x00007FF7D8B70000-0x00007FF7D8EC4000-memory.dmp

Filesize
3.3MB

Download
memory/4544-193-0x00007FF68D680000-0x00007FF68D9D4000-memory.dmp

Filesize
3.3MB

Download
memory/4544-919-0x00007FF68D680000-0x00007FF68D9D4000-memory.dmp

Filesize
3.3MB

Download
memory/4544-1948-0x00007FF68D680000-0x00007FF68D9D4000-memory.dmp

Filesize
3.3MB

Download
memory/4564-1942-0x00007FF6DADA0000-0x00007FF6DB0F4000-memory.dmp

Filesize
3.3MB

Download
memory/4564-162-0x00007FF6DADA0000-0x00007FF6DB0F4000-memory.dmp

Filesize
3.3MB

Download
memory/4812-64-0x00007FF71C530000-0x00007FF71C884000-memory.dmp

Filesize
3.3MB

Download
memory/4812-1919-0x00007FF71C530000-0x00007FF71C884000-memory.dmp

Filesize
3.3MB

Download
memory/4812-385-0x00007FF71C530000-0x00007FF71C884000-memory.dmp

Filesize
3.3MB

Download
memory/4900-14-0x00007FF6F4310000-0x00007FF6F4664000-memory.dmp

Filesize
3.3MB

Download
memory/4900-78-0x00007FF6F4310000-0x00007FF6F4664000-memory.dmp

Filesize
3.3MB

Download
memory/4900-1892-0x00007FF6F4310000-0x00007FF6F4664000-memory.dmp

Filesize
3.3MB

Download