cobaltstrike | 35d60e6d7d9bd6e01bfe7767e4ca48a68e46869f4dd4f5b2170ee5e8a8c01177

Analysis

max time kernel
94s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-12-2024 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8cb71d91cc2fb71be4f599d34cf1fe0c
SHA1

f15bc30ca2a7456c9ca1fdcc7d287b5f5a8ad714
SHA256

35d60e6d7d9bd6e01bfe7767e4ca48a68e46869f4dd4f5b2170ee5e8a8c01177
SHA512

123d3abf5f414f50b8de50c1b79130aa540cb7aac36531e277bcd43a60274f9675aeb9c618555ecdffe02a5250b5e8b8c41827291c7a70c61df43e1cecfe822f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUq:T+q56utgpPF8u/7q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000b000000023b56-6.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b5a-10.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b5b-11.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b5c-23.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b5d-29.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b5e-35.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b57-40.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b5f-45.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b60-52.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b62-61.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b66-82.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b69-103.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6e-130.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b75-157.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b78-172.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b76-170.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b77-167.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b74-160.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b73-155.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b72-150.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b71-145.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b70-140.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6f-135.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6d-125.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6c-120.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6b-115.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6a-107.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b68-100.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b67-95.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b65-85.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b64-80.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b63-75.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b61-65.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4460-0-0x00007FF6D5100000-0x00007FF6D5454000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b56-6.dat	xmrig
behavioral2/memory/4168-8-0x00007FF74D900000-0x00007FF74DC54000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b5a-10.dat	xmrig
behavioral2/files/0x0031000000023b5b-11.dat	xmrig
behavioral2/memory/1444-13-0x00007FF794080000-0x00007FF7943D4000-memory.dmp	xmrig
behavioral2/memory/4016-18-0x00007FF76C5E0000-0x00007FF76C934000-memory.dmp	xmrig
behavioral2/files/0x0031000000023b5c-23.dat	xmrig
behavioral2/memory/1396-24-0x00007FF694990000-0x00007FF694CE4000-memory.dmp	xmrig
behavioral2/files/0x0031000000023b5d-29.dat	xmrig
behavioral2/memory/4584-30-0x00007FF6DF240000-0x00007FF6DF594000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b5e-35.dat	xmrig
behavioral2/memory/2904-38-0x00007FF6FD5D0000-0x00007FF6FD924000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b57-40.dat	xmrig
behavioral2/files/0x000a000000023b5f-45.dat	xmrig
behavioral2/memory/2944-42-0x00007FF7E44E0000-0x00007FF7E4834000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b60-52.dat	xmrig
behavioral2/memory/4460-58-0x00007FF6D5100000-0x00007FF6D5454000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b62-61.dat	xmrig
behavioral2/files/0x000a000000023b66-82.dat	xmrig
behavioral2/files/0x000a000000023b69-103.dat	xmrig
behavioral2/files/0x000a000000023b6e-130.dat	xmrig
behavioral2/files/0x000a000000023b75-157.dat	xmrig
behavioral2/memory/3968-565-0x00007FF72ED10000-0x00007FF72F064000-memory.dmp	xmrig
behavioral2/memory/4832-573-0x00007FF6261A0000-0x00007FF6264F4000-memory.dmp	xmrig
behavioral2/memory/4944-572-0x00007FF7B2F30000-0x00007FF7B3284000-memory.dmp	xmrig
behavioral2/memory/1916-567-0x00007FF7E51A0000-0x00007FF7E54F4000-memory.dmp	xmrig
behavioral2/memory/2452-564-0x00007FF70D010000-0x00007FF70D364000-memory.dmp	xmrig
behavioral2/memory/1432-563-0x00007FF776920000-0x00007FF776C74000-memory.dmp	xmrig
behavioral2/memory/2112-579-0x00007FF6DA280000-0x00007FF6DA5D4000-memory.dmp	xmrig
behavioral2/memory/3472-581-0x00007FF628180000-0x00007FF6284D4000-memory.dmp	xmrig
behavioral2/memory/2376-588-0x00007FF7B2230000-0x00007FF7B2584000-memory.dmp	xmrig
behavioral2/memory/2732-591-0x00007FF6BF510000-0x00007FF6BF864000-memory.dmp	xmrig
behavioral2/memory/4468-594-0x00007FF7DFC30000-0x00007FF7DFF84000-memory.dmp	xmrig
behavioral2/memory/4800-605-0x00007FF745360000-0x00007FF7456B4000-memory.dmp	xmrig
behavioral2/memory/4168-604-0x00007FF74D900000-0x00007FF74DC54000-memory.dmp	xmrig
behavioral2/memory/5020-600-0x00007FF699EB0000-0x00007FF69A204000-memory.dmp	xmrig
behavioral2/memory/2528-599-0x00007FF739020000-0x00007FF739374000-memory.dmp	xmrig
behavioral2/memory/2564-595-0x00007FF71CE50000-0x00007FF71D1A4000-memory.dmp	xmrig
behavioral2/memory/2684-590-0x00007FF6C3990000-0x00007FF6C3CE4000-memory.dmp	xmrig
behavioral2/memory/60-589-0x00007FF737CB0000-0x00007FF738004000-memory.dmp	xmrig
behavioral2/memory/4448-587-0x00007FF6FD490000-0x00007FF6FD7E4000-memory.dmp	xmrig
behavioral2/memory/4820-586-0x00007FF6CE200000-0x00007FF6CE554000-memory.dmp	xmrig
behavioral2/memory/3888-585-0x00007FF70E2F0000-0x00007FF70E644000-memory.dmp	xmrig
behavioral2/memory/2596-580-0x00007FF6CAC40000-0x00007FF6CAF94000-memory.dmp	xmrig
behavioral2/memory/1444-619-0x00007FF794080000-0x00007FF7943D4000-memory.dmp	xmrig
behavioral2/memory/4016-669-0x00007FF76C5E0000-0x00007FF76C934000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b78-172.dat	xmrig
behavioral2/memory/1396-710-0x00007FF694990000-0x00007FF694CE4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b76-170.dat	xmrig
behavioral2/memory/4584-775-0x00007FF6DF240000-0x00007FF6DF594000-memory.dmp	xmrig
behavioral2/memory/2816-1005-0x00007FF611B70000-0x00007FF611EC4000-memory.dmp	xmrig
behavioral2/memory/2944-1003-0x00007FF7E44E0000-0x00007FF7E4834000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b77-167.dat	xmrig
behavioral2/files/0x000a000000023b74-160.dat	xmrig
behavioral2/files/0x000a000000023b73-155.dat	xmrig
behavioral2/files/0x000a000000023b72-150.dat	xmrig
behavioral2/files/0x000a000000023b71-145.dat	xmrig
behavioral2/files/0x000a000000023b70-140.dat	xmrig
behavioral2/files/0x000a000000023b6f-135.dat	xmrig
behavioral2/files/0x000a000000023b6d-125.dat	xmrig
behavioral2/files/0x000a000000023b6c-120.dat	xmrig
behavioral2/files/0x000a000000023b6b-115.dat	xmrig
behavioral2/files/0x000a000000023b6a-107.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4168	amMYqGO.exe
1444	POVxIOt.exe
4016	QvXMteo.exe
1396	PqbvAIR.exe
4584	CnbUvwa.exe
2904	wRFXIbT.exe
2944	ZHPJXyG.exe
2816	eEEAuqd.exe
1432	JOTNEIG.exe
4800	pIzxQhx.exe
2452	MLvGMzi.exe
3968	vqgjSks.exe
1916	dBxPxFu.exe
4944	fFsJXqr.exe
4832	wMOpmoH.exe
2112	LYCiKBX.exe
2596	JhZYwIP.exe
3472	dLcOwJQ.exe
3888	Lzvuogr.exe
4820	GQzyQDz.exe
4448	lXyBlhX.exe
2376	aTfNEkm.exe
60	GExGwRO.exe
2684	BOvgokS.exe
2732	YroNWqt.exe
4468	WoYMwff.exe
2564	jzlMgoJ.exe
2528	biQvFaE.exe
5020	SwVBXEr.exe
5112	pLVOwlA.exe
3380	VIxBaAz.exe
3740	NuvnVoh.exe
1732	LrHoIcm.exe
2096	CxozWpX.exe
512	wJLYvqq.exe
3792	qrGwePt.exe
2860	AJUmhKe.exe
4428	iLQmJHZ.exe
1468	QAZtzOE.exe
1964	iQqeTAG.exe
2748	XSeOrRo.exe
4788	cqlkSKL.exe
1412	ErPUmCB.exe
4024	jyUvfkY.exe
4516	DXTyPjV.exe
4724	VKsJleZ.exe
800	byttXCq.exe
2036	IHNAnBT.exe
1652	XwzETqM.exe
4356	uGEKIdI.exe
3764	FvxJMWl.exe
4844	KvhcXEU.exe
1908	uleGOvP.exe
4264	BHVxBOI.exe
2292	MMIHzer.exe
4548	lUeoKrO.exe
4748	wjyxhbs.exe
716	EjDPgAI.exe
1016	MqqAQgo.exe
3760	AukzIix.exe
764	ZzQfymU.exe
4904	lGyHprZ.exe
2940	kcCGQsv.exe
4960	QKJKdtp.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4460-0-0x00007FF6D5100000-0x00007FF6D5454000-memory.dmp	upx
behavioral2/files/0x000b000000023b56-6.dat	upx
behavioral2/memory/4168-8-0x00007FF74D900000-0x00007FF74DC54000-memory.dmp	upx
behavioral2/files/0x000a000000023b5a-10.dat	upx
behavioral2/files/0x0031000000023b5b-11.dat	upx
behavioral2/memory/1444-13-0x00007FF794080000-0x00007FF7943D4000-memory.dmp	upx
behavioral2/memory/4016-18-0x00007FF76C5E0000-0x00007FF76C934000-memory.dmp	upx
behavioral2/files/0x0031000000023b5c-23.dat	upx
behavioral2/memory/1396-24-0x00007FF694990000-0x00007FF694CE4000-memory.dmp	upx
behavioral2/files/0x0031000000023b5d-29.dat	upx
behavioral2/memory/4584-30-0x00007FF6DF240000-0x00007FF6DF594000-memory.dmp	upx
behavioral2/files/0x000a000000023b5e-35.dat	upx
behavioral2/memory/2904-38-0x00007FF6FD5D0000-0x00007FF6FD924000-memory.dmp	upx
behavioral2/files/0x000b000000023b57-40.dat	upx
behavioral2/files/0x000a000000023b5f-45.dat	upx
behavioral2/memory/2944-42-0x00007FF7E44E0000-0x00007FF7E4834000-memory.dmp	upx
behavioral2/files/0x000a000000023b60-52.dat	upx
behavioral2/memory/4460-58-0x00007FF6D5100000-0x00007FF6D5454000-memory.dmp	upx
behavioral2/files/0x000a000000023b62-61.dat	upx
behavioral2/files/0x000a000000023b66-82.dat	upx
behavioral2/files/0x000a000000023b69-103.dat	upx
behavioral2/files/0x000a000000023b6e-130.dat	upx
behavioral2/files/0x000a000000023b75-157.dat	upx
behavioral2/memory/3968-565-0x00007FF72ED10000-0x00007FF72F064000-memory.dmp	upx
behavioral2/memory/4832-573-0x00007FF6261A0000-0x00007FF6264F4000-memory.dmp	upx
behavioral2/memory/4944-572-0x00007FF7B2F30000-0x00007FF7B3284000-memory.dmp	upx
behavioral2/memory/1916-567-0x00007FF7E51A0000-0x00007FF7E54F4000-memory.dmp	upx
behavioral2/memory/2452-564-0x00007FF70D010000-0x00007FF70D364000-memory.dmp	upx
behavioral2/memory/1432-563-0x00007FF776920000-0x00007FF776C74000-memory.dmp	upx
behavioral2/memory/2112-579-0x00007FF6DA280000-0x00007FF6DA5D4000-memory.dmp	upx
behavioral2/memory/3472-581-0x00007FF628180000-0x00007FF6284D4000-memory.dmp	upx
behavioral2/memory/2376-588-0x00007FF7B2230000-0x00007FF7B2584000-memory.dmp	upx
behavioral2/memory/2732-591-0x00007FF6BF510000-0x00007FF6BF864000-memory.dmp	upx
behavioral2/memory/4468-594-0x00007FF7DFC30000-0x00007FF7DFF84000-memory.dmp	upx
behavioral2/memory/4800-605-0x00007FF745360000-0x00007FF7456B4000-memory.dmp	upx
behavioral2/memory/4168-604-0x00007FF74D900000-0x00007FF74DC54000-memory.dmp	upx
behavioral2/memory/5020-600-0x00007FF699EB0000-0x00007FF69A204000-memory.dmp	upx
behavioral2/memory/2528-599-0x00007FF739020000-0x00007FF739374000-memory.dmp	upx
behavioral2/memory/2564-595-0x00007FF71CE50000-0x00007FF71D1A4000-memory.dmp	upx
behavioral2/memory/2684-590-0x00007FF6C3990000-0x00007FF6C3CE4000-memory.dmp	upx
behavioral2/memory/60-589-0x00007FF737CB0000-0x00007FF738004000-memory.dmp	upx
behavioral2/memory/4448-587-0x00007FF6FD490000-0x00007FF6FD7E4000-memory.dmp	upx
behavioral2/memory/4820-586-0x00007FF6CE200000-0x00007FF6CE554000-memory.dmp	upx
behavioral2/memory/3888-585-0x00007FF70E2F0000-0x00007FF70E644000-memory.dmp	upx
behavioral2/memory/2596-580-0x00007FF6CAC40000-0x00007FF6CAF94000-memory.dmp	upx
behavioral2/memory/1444-619-0x00007FF794080000-0x00007FF7943D4000-memory.dmp	upx
behavioral2/memory/4016-669-0x00007FF76C5E0000-0x00007FF76C934000-memory.dmp	upx
behavioral2/files/0x000a000000023b78-172.dat	upx
behavioral2/memory/1396-710-0x00007FF694990000-0x00007FF694CE4000-memory.dmp	upx
behavioral2/files/0x000a000000023b76-170.dat	upx
behavioral2/memory/4584-775-0x00007FF6DF240000-0x00007FF6DF594000-memory.dmp	upx
behavioral2/memory/2816-1005-0x00007FF611B70000-0x00007FF611EC4000-memory.dmp	upx
behavioral2/memory/2944-1003-0x00007FF7E44E0000-0x00007FF7E4834000-memory.dmp	upx
behavioral2/files/0x000a000000023b77-167.dat	upx
behavioral2/files/0x000a000000023b74-160.dat	upx
behavioral2/files/0x000a000000023b73-155.dat	upx
behavioral2/files/0x000a000000023b72-150.dat	upx
behavioral2/files/0x000a000000023b71-145.dat	upx
behavioral2/files/0x000a000000023b70-140.dat	upx
behavioral2/files/0x000a000000023b6f-135.dat	upx
behavioral2/files/0x000a000000023b6d-125.dat	upx
behavioral2/files/0x000a000000023b6c-120.dat	upx
behavioral2/files/0x000a000000023b6b-115.dat	upx
behavioral2/files/0x000a000000023b6a-107.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TDMuwUC.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JOTNEIG.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kwRmIhT.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vubHpzr.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tJDIKMU.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWQCgPE.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfxdOHL.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGPTdUF.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\droGbus.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbfbXnN.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fzEobVo.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TyQlUqg.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egZeWLW.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcPtkMc.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PezclNw.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UzVJIBz.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Vahhndg.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEKSKvF.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPcLlPq.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EabCWxM.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yaJBAsT.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VVSLQoM.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eYOZeTr.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iEDGXfV.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ksTDLMU.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oGLjvSp.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkbKHOD.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPnVTXv.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFAhcjx.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLrAebc.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jyUvfkY.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABuMjPN.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPaRSXZ.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLHlcXv.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRhsExZ.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbEHUiV.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrOYquD.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fyYUPHu.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SSgcwSE.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPZWNNA.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZmoTWi.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdWbncx.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhFJSQP.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPWRBHK.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMpJHtl.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqENhzg.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lCAvkQa.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lKltfly.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jusfMYb.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uNIoQPM.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwzETqM.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PlmyXnj.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EKorkMF.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VKgKidX.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ENeRQEa.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhJAPek.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phIunNf.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDjtNmN.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JaeezWw.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QeddQuu.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QuyPsKt.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJFuMEd.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMeKbaI.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txqPCfT.exe	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 4168	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4460 wrote to memory of 4168	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4460 wrote to memory of 1444	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4460 wrote to memory of 1444	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4460 wrote to memory of 4016	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4460 wrote to memory of 4016	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4460 wrote to memory of 1396	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4460 wrote to memory of 1396	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4460 wrote to memory of 4584	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4460 wrote to memory of 4584	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4460 wrote to memory of 2904	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4460 wrote to memory of 2904	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4460 wrote to memory of 2944	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4460 wrote to memory of 2944	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4460 wrote to memory of 2816	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4460 wrote to memory of 2816	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4460 wrote to memory of 1432	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4460 wrote to memory of 1432	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4460 wrote to memory of 2452	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4460 wrote to memory of 2452	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4460 wrote to memory of 4800	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4460 wrote to memory of 4800	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4460 wrote to memory of 3968	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4460 wrote to memory of 3968	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4460 wrote to memory of 1916	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4460 wrote to memory of 1916	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4460 wrote to memory of 4944	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4460 wrote to memory of 4944	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4460 wrote to memory of 4832	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4460 wrote to memory of 4832	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4460 wrote to memory of 2112	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4460 wrote to memory of 2112	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4460 wrote to memory of 2596	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4460 wrote to memory of 2596	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4460 wrote to memory of 3472	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4460 wrote to memory of 3472	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4460 wrote to memory of 3888	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4460 wrote to memory of 3888	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4460 wrote to memory of 4820	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4460 wrote to memory of 4820	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4460 wrote to memory of 4448	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4460 wrote to memory of 4448	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4460 wrote to memory of 2376	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4460 wrote to memory of 2376	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4460 wrote to memory of 60	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4460 wrote to memory of 60	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4460 wrote to memory of 2684	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4460 wrote to memory of 2684	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4460 wrote to memory of 2732	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4460 wrote to memory of 2732	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4460 wrote to memory of 4468	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4460 wrote to memory of 4468	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4460 wrote to memory of 2564	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4460 wrote to memory of 2564	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4460 wrote to memory of 2528	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4460 wrote to memory of 2528	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4460 wrote to memory of 5020	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4460 wrote to memory of 5020	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4460 wrote to memory of 5112	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4460 wrote to memory of 5112	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4460 wrote to memory of 3380	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4460 wrote to memory of 3380	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4460 wrote to memory of 3740	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4460 wrote to memory of 3740	4460	2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-28_8cb71d91cc2fb71be4f599d34cf1fe0c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Windows\System\amMYqGO.exe
  C:\Windows\System\amMYqGO.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\POVxIOt.exe
  C:\Windows\System\POVxIOt.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\QvXMteo.exe
  C:\Windows\System\QvXMteo.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\PqbvAIR.exe
  C:\Windows\System\PqbvAIR.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\CnbUvwa.exe
  C:\Windows\System\CnbUvwa.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\wRFXIbT.exe
  C:\Windows\System\wRFXIbT.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\ZHPJXyG.exe
  C:\Windows\System\ZHPJXyG.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\eEEAuqd.exe
  C:\Windows\System\eEEAuqd.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\JOTNEIG.exe
  C:\Windows\System\JOTNEIG.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\MLvGMzi.exe
  C:\Windows\System\MLvGMzi.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\pIzxQhx.exe
  C:\Windows\System\pIzxQhx.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\vqgjSks.exe
  C:\Windows\System\vqgjSks.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\dBxPxFu.exe
  C:\Windows\System\dBxPxFu.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\fFsJXqr.exe
  C:\Windows\System\fFsJXqr.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\wMOpmoH.exe
  C:\Windows\System\wMOpmoH.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\LYCiKBX.exe
  C:\Windows\System\LYCiKBX.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\JhZYwIP.exe
  C:\Windows\System\JhZYwIP.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\dLcOwJQ.exe
  C:\Windows\System\dLcOwJQ.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\Lzvuogr.exe
  C:\Windows\System\Lzvuogr.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\GQzyQDz.exe
  C:\Windows\System\GQzyQDz.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\lXyBlhX.exe
  C:\Windows\System\lXyBlhX.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\aTfNEkm.exe
  C:\Windows\System\aTfNEkm.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\GExGwRO.exe
  C:\Windows\System\GExGwRO.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\BOvgokS.exe
  C:\Windows\System\BOvgokS.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\YroNWqt.exe
  C:\Windows\System\YroNWqt.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\WoYMwff.exe
  C:\Windows\System\WoYMwff.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\jzlMgoJ.exe
  C:\Windows\System\jzlMgoJ.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\biQvFaE.exe
  C:\Windows\System\biQvFaE.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\SwVBXEr.exe
  C:\Windows\System\SwVBXEr.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\pLVOwlA.exe
  C:\Windows\System\pLVOwlA.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\VIxBaAz.exe
  C:\Windows\System\VIxBaAz.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\NuvnVoh.exe
  C:\Windows\System\NuvnVoh.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\LrHoIcm.exe
  C:\Windows\System\LrHoIcm.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\CxozWpX.exe
  C:\Windows\System\CxozWpX.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\wJLYvqq.exe
  C:\Windows\System\wJLYvqq.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\qrGwePt.exe
  C:\Windows\System\qrGwePt.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\AJUmhKe.exe
  C:\Windows\System\AJUmhKe.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\iLQmJHZ.exe
  C:\Windows\System\iLQmJHZ.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\QAZtzOE.exe
  C:\Windows\System\QAZtzOE.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\iQqeTAG.exe
  C:\Windows\System\iQqeTAG.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\XSeOrRo.exe
  C:\Windows\System\XSeOrRo.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\cqlkSKL.exe
  C:\Windows\System\cqlkSKL.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\ErPUmCB.exe
  C:\Windows\System\ErPUmCB.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\jyUvfkY.exe
  C:\Windows\System\jyUvfkY.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\DXTyPjV.exe
  C:\Windows\System\DXTyPjV.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\VKsJleZ.exe
  C:\Windows\System\VKsJleZ.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\byttXCq.exe
  C:\Windows\System\byttXCq.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\IHNAnBT.exe
  C:\Windows\System\IHNAnBT.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\XwzETqM.exe
  C:\Windows\System\XwzETqM.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\uGEKIdI.exe
  C:\Windows\System\uGEKIdI.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\FvxJMWl.exe
  C:\Windows\System\FvxJMWl.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\KvhcXEU.exe
  C:\Windows\System\KvhcXEU.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\uleGOvP.exe
  C:\Windows\System\uleGOvP.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\BHVxBOI.exe
  C:\Windows\System\BHVxBOI.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\MMIHzer.exe
  C:\Windows\System\MMIHzer.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\lUeoKrO.exe
  C:\Windows\System\lUeoKrO.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\wjyxhbs.exe
  C:\Windows\System\wjyxhbs.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\EjDPgAI.exe
  C:\Windows\System\EjDPgAI.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\MqqAQgo.exe
  C:\Windows\System\MqqAQgo.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\AukzIix.exe
  C:\Windows\System\AukzIix.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\ZzQfymU.exe
  C:\Windows\System\ZzQfymU.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\lGyHprZ.exe
  C:\Windows\System\lGyHprZ.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\kcCGQsv.exe
  C:\Windows\System\kcCGQsv.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\QKJKdtp.exe
  C:\Windows\System\QKJKdtp.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\ntsSKQf.exe
  C:\Windows\System\ntsSKQf.exe
  2⤵
  PID:4656
- C:\Windows\System\BPmvkVj.exe
  C:\Windows\System\BPmvkVj.exe
  2⤵
  PID:1100
- C:\Windows\System\XWVqdvS.exe
  C:\Windows\System\XWVqdvS.exe
  2⤵
  PID:3488
- C:\Windows\System\bsajGNm.exe
  C:\Windows\System\bsajGNm.exe
  2⤵
  PID:3168
- C:\Windows\System\sZXVBJI.exe
  C:\Windows\System\sZXVBJI.exe
  2⤵
  PID:2652
- C:\Windows\System\LqdgQvc.exe
  C:\Windows\System\LqdgQvc.exe
  2⤵
  PID:2956
- C:\Windows\System\tJLrUIA.exe
  C:\Windows\System\tJLrUIA.exe
  2⤵
  PID:3520
- C:\Windows\System\rSdwsTs.exe
  C:\Windows\System\rSdwsTs.exe
  2⤵
  PID:3548
- C:\Windows\System\WYwbJLx.exe
  C:\Windows\System\WYwbJLx.exe
  2⤵
  PID:4348
- C:\Windows\System\XSCVNQc.exe
  C:\Windows\System\XSCVNQc.exe
  2⤵
  PID:1020
- C:\Windows\System\KUdwGbC.exe
  C:\Windows\System\KUdwGbC.exe
  2⤵
  PID:1992
- C:\Windows\System\QSNeDrB.exe
  C:\Windows\System\QSNeDrB.exe
  2⤵
  PID:5052
- C:\Windows\System\xgAzBaO.exe
  C:\Windows\System\xgAzBaO.exe
  2⤵
  PID:3240
- C:\Windows\System\WlngCHC.exe
  C:\Windows\System\WlngCHC.exe
  2⤵
  PID:696
- C:\Windows\System\qDjtNmN.exe
  C:\Windows\System\qDjtNmN.exe
  2⤵
  PID:3152
- C:\Windows\System\gbNwlMa.exe
  C:\Windows\System\gbNwlMa.exe
  2⤵
  PID:2412
- C:\Windows\System\BKhGvCw.exe
  C:\Windows\System\BKhGvCw.exe
  2⤵
  PID:1464
- C:\Windows\System\TDMuwUC.exe
  C:\Windows\System\TDMuwUC.exe
  2⤵
  PID:3988
- C:\Windows\System\IoGtanf.exe
  C:\Windows\System\IoGtanf.exe
  2⤵
  PID:4600
- C:\Windows\System\iJDQkbt.exe
  C:\Windows\System\iJDQkbt.exe
  2⤵
  PID:5124
- C:\Windows\System\KkIUjAg.exe
  C:\Windows\System\KkIUjAg.exe
  2⤵
  PID:5152
- C:\Windows\System\pjayDNq.exe
  C:\Windows\System\pjayDNq.exe
  2⤵
  PID:5180
- C:\Windows\System\OBJdSsA.exe
  C:\Windows\System\OBJdSsA.exe
  2⤵
  PID:5208
- C:\Windows\System\NdnmTos.exe
  C:\Windows\System\NdnmTos.exe
  2⤵
  PID:5236
- C:\Windows\System\mfMErHF.exe
  C:\Windows\System\mfMErHF.exe
  2⤵
  PID:5264
- C:\Windows\System\eIbeOXP.exe
  C:\Windows\System\eIbeOXP.exe
  2⤵
  PID:5292
- C:\Windows\System\RBnzLmH.exe
  C:\Windows\System\RBnzLmH.exe
  2⤵
  PID:5320
- C:\Windows\System\lkGrWyi.exe
  C:\Windows\System\lkGrWyi.exe
  2⤵
  PID:5348
- C:\Windows\System\BnTJDjm.exe
  C:\Windows\System\BnTJDjm.exe
  2⤵
  PID:5376
- C:\Windows\System\ApgqJbz.exe
  C:\Windows\System\ApgqJbz.exe
  2⤵
  PID:5404
- C:\Windows\System\aFVxeOJ.exe
  C:\Windows\System\aFVxeOJ.exe
  2⤵
  PID:5432
- C:\Windows\System\ssArfuu.exe
  C:\Windows\System\ssArfuu.exe
  2⤵
  PID:5460
- C:\Windows\System\oAvgugf.exe
  C:\Windows\System\oAvgugf.exe
  2⤵
  PID:5488
- C:\Windows\System\fgpklAS.exe
  C:\Windows\System\fgpklAS.exe
  2⤵
  PID:5516
- C:\Windows\System\ZKKdOzB.exe
  C:\Windows\System\ZKKdOzB.exe
  2⤵
  PID:5544
- C:\Windows\System\qKBumvi.exe
  C:\Windows\System\qKBumvi.exe
  2⤵
  PID:5572
- C:\Windows\System\ysStcJA.exe
  C:\Windows\System\ysStcJA.exe
  2⤵
  PID:5600
- C:\Windows\System\WvDJnqi.exe
  C:\Windows\System\WvDJnqi.exe
  2⤵
  PID:5628
- C:\Windows\System\PmlfTAU.exe
  C:\Windows\System\PmlfTAU.exe
  2⤵
  PID:5656
- C:\Windows\System\IuUlUlK.exe
  C:\Windows\System\IuUlUlK.exe
  2⤵
  PID:5684
- C:\Windows\System\LLQYzqq.exe
  C:\Windows\System\LLQYzqq.exe
  2⤵
  PID:5712
- C:\Windows\System\PpSgksF.exe
  C:\Windows\System\PpSgksF.exe
  2⤵
  PID:5740
- C:\Windows\System\WfrQVRw.exe
  C:\Windows\System\WfrQVRw.exe
  2⤵
  PID:5768
- C:\Windows\System\HVHnAXw.exe
  C:\Windows\System\HVHnAXw.exe
  2⤵
  PID:5796
- C:\Windows\System\ZEKSKvF.exe
  C:\Windows\System\ZEKSKvF.exe
  2⤵
  PID:5836
- C:\Windows\System\iRcwELG.exe
  C:\Windows\System\iRcwELG.exe
  2⤵
  PID:5864
- C:\Windows\System\dOGaJeB.exe
  C:\Windows\System\dOGaJeB.exe
  2⤵
  PID:5892
- C:\Windows\System\oGLjvSp.exe
  C:\Windows\System\oGLjvSp.exe
  2⤵
  PID:5908
- C:\Windows\System\UnSRInc.exe
  C:\Windows\System\UnSRInc.exe
  2⤵
  PID:5936
- C:\Windows\System\WxkWfXD.exe
  C:\Windows\System\WxkWfXD.exe
  2⤵
  PID:5964
- C:\Windows\System\gPcLlPq.exe
  C:\Windows\System\gPcLlPq.exe
  2⤵
  PID:5992
- C:\Windows\System\nehUZKz.exe
  C:\Windows\System\nehUZKz.exe
  2⤵
  PID:6020
- C:\Windows\System\PjSSAos.exe
  C:\Windows\System\PjSSAos.exe
  2⤵
  PID:6048
- C:\Windows\System\NBesaBB.exe
  C:\Windows\System\NBesaBB.exe
  2⤵
  PID:6076
- C:\Windows\System\XIMWluY.exe
  C:\Windows\System\XIMWluY.exe
  2⤵
  PID:6104
- C:\Windows\System\HmLaruy.exe
  C:\Windows\System\HmLaruy.exe
  2⤵
  PID:6132
- C:\Windows\System\IDDtOdP.exe
  C:\Windows\System\IDDtOdP.exe
  2⤵
  PID:4644
- C:\Windows\System\vHJqvvb.exe
  C:\Windows\System\vHJqvvb.exe
  2⤵
  PID:4004
- C:\Windows\System\eMLQYvt.exe
  C:\Windows\System\eMLQYvt.exe
  2⤵
  PID:2792
- C:\Windows\System\ZQenwSh.exe
  C:\Windows\System\ZQenwSh.exe
  2⤵
  PID:1348
- C:\Windows\System\ixumJBw.exe
  C:\Windows\System\ixumJBw.exe
  2⤵
  PID:5136
- C:\Windows\System\HMaYWeu.exe
  C:\Windows\System\HMaYWeu.exe
  2⤵
  PID:5196
- C:\Windows\System\GOiXiAV.exe
  C:\Windows\System\GOiXiAV.exe
  2⤵
  PID:5256
- C:\Windows\System\ToELoHp.exe
  C:\Windows\System\ToELoHp.exe
  2⤵
  PID:5332
- C:\Windows\System\VokFlXN.exe
  C:\Windows\System\VokFlXN.exe
  2⤵
  PID:2424
- C:\Windows\System\jUTHdAs.exe
  C:\Windows\System\jUTHdAs.exe
  2⤵
  PID:5448
- C:\Windows\System\GCkqycj.exe
  C:\Windows\System\GCkqycj.exe
  2⤵
  PID:5504
- C:\Windows\System\nZJnsgc.exe
  C:\Windows\System\nZJnsgc.exe
  2⤵
  PID:5564
- C:\Windows\System\SBvpdOp.exe
  C:\Windows\System\SBvpdOp.exe
  2⤵
  PID:5668
- C:\Windows\System\YwHdYoz.exe
  C:\Windows\System\YwHdYoz.exe
  2⤵
  PID:5756
- C:\Windows\System\iaBpVXC.exe
  C:\Windows\System\iaBpVXC.exe
  2⤵
  PID:5788
- C:\Windows\System\bCPKEzK.exe
  C:\Windows\System\bCPKEzK.exe
  2⤵
  PID:5856
- C:\Windows\System\QlzxlcZ.exe
  C:\Windows\System\QlzxlcZ.exe
  2⤵
  PID:5924
- C:\Windows\System\qpRurQG.exe
  C:\Windows\System\qpRurQG.exe
  2⤵
  PID:5956
- C:\Windows\System\PBbdmAR.exe
  C:\Windows\System\PBbdmAR.exe
  2⤵
  PID:6032
- C:\Windows\System\TlJBymX.exe
  C:\Windows\System\TlJBymX.exe
  2⤵
  PID:6092
- C:\Windows\System\fYrziug.exe
  C:\Windows\System\fYrziug.exe
  2⤵
  PID:2164
- C:\Windows\System\WcskuNt.exe
  C:\Windows\System\WcskuNt.exe
  2⤵
  PID:3440
- C:\Windows\System\NBIllkY.exe
  C:\Windows\System\NBIllkY.exe
  2⤵
  PID:5168
- C:\Windows\System\sqENhzg.exe
  C:\Windows\System\sqENhzg.exe
  2⤵
  PID:5308
- C:\Windows\System\iOfZuBx.exe
  C:\Windows\System\iOfZuBx.exe
  2⤵
  PID:1168
- C:\Windows\System\JNYRKZW.exe
  C:\Windows\System\JNYRKZW.exe
  2⤵
  PID:5612
- C:\Windows\System\BDCGSQK.exe
  C:\Windows\System\BDCGSQK.exe
  2⤵
  PID:5780
- C:\Windows\System\sGmGrDN.exe
  C:\Windows\System\sGmGrDN.exe
  2⤵
  PID:5900
- C:\Windows\System\TTPFSmL.exe
  C:\Windows\System\TTPFSmL.exe
  2⤵
  PID:6060
- C:\Windows\System\JaeezWw.exe
  C:\Windows\System\JaeezWw.exe
  2⤵
  PID:1136
- C:\Windows\System\XBPUDUL.exe
  C:\Windows\System\XBPUDUL.exe
  2⤵
  PID:6164
- C:\Windows\System\VZMPbvq.exe
  C:\Windows\System\VZMPbvq.exe
  2⤵
  PID:6192
- C:\Windows\System\NDjDwRN.exe
  C:\Windows\System\NDjDwRN.exe
  2⤵
  PID:6220
- C:\Windows\System\SEfnKTJ.exe
  C:\Windows\System\SEfnKTJ.exe
  2⤵
  PID:6248
- C:\Windows\System\DvOjJje.exe
  C:\Windows\System\DvOjJje.exe
  2⤵
  PID:6276
- C:\Windows\System\YmtPPDA.exe
  C:\Windows\System\YmtPPDA.exe
  2⤵
  PID:6304
- C:\Windows\System\MbhKFyb.exe
  C:\Windows\System\MbhKFyb.exe
  2⤵
  PID:6332
- C:\Windows\System\MjRvlHX.exe
  C:\Windows\System\MjRvlHX.exe
  2⤵
  PID:6360
- C:\Windows\System\NoQBllH.exe
  C:\Windows\System\NoQBllH.exe
  2⤵
  PID:6388
- C:\Windows\System\jGyVfay.exe
  C:\Windows\System\jGyVfay.exe
  2⤵
  PID:6416
- C:\Windows\System\TsatnNJ.exe
  C:\Windows\System\TsatnNJ.exe
  2⤵
  PID:6444
- C:\Windows\System\yETnFeM.exe
  C:\Windows\System\yETnFeM.exe
  2⤵
  PID:6472
- C:\Windows\System\atlJWfs.exe
  C:\Windows\System\atlJWfs.exe
  2⤵
  PID:6500
- C:\Windows\System\MhHgBwB.exe
  C:\Windows\System\MhHgBwB.exe
  2⤵
  PID:6532
- C:\Windows\System\HMlJBDo.exe
  C:\Windows\System\HMlJBDo.exe
  2⤵
  PID:6580
- C:\Windows\System\EpRzQBp.exe
  C:\Windows\System\EpRzQBp.exe
  2⤵
  PID:6620
- C:\Windows\System\SPBpYLx.exe
  C:\Windows\System\SPBpYLx.exe
  2⤵
  PID:6676
- C:\Windows\System\igSCCIp.exe
  C:\Windows\System\igSCCIp.exe
  2⤵
  PID:6716
- C:\Windows\System\EIhKybQ.exe
  C:\Windows\System\EIhKybQ.exe
  2⤵
  PID:6764
- C:\Windows\System\pVYSXWS.exe
  C:\Windows\System\pVYSXWS.exe
  2⤵
  PID:6800
- C:\Windows\System\rlYSJoT.exe
  C:\Windows\System\rlYSJoT.exe
  2⤵
  PID:6904
- C:\Windows\System\NMYKXkQ.exe
  C:\Windows\System\NMYKXkQ.exe
  2⤵
  PID:6940
- C:\Windows\System\hyCgSbd.exe
  C:\Windows\System\hyCgSbd.exe
  2⤵
  PID:6968
- C:\Windows\System\qUXrnug.exe
  C:\Windows\System\qUXrnug.exe
  2⤵
  PID:7000
- C:\Windows\System\taFQCjg.exe
  C:\Windows\System\taFQCjg.exe
  2⤵
  PID:7028
- C:\Windows\System\QeddQuu.exe
  C:\Windows\System\QeddQuu.exe
  2⤵
  PID:7052
- C:\Windows\System\GhfVthy.exe
  C:\Windows\System\GhfVthy.exe
  2⤵
  PID:7092
- C:\Windows\System\FaxznMd.exe
  C:\Windows\System\FaxznMd.exe
  2⤵
  PID:7124
- C:\Windows\System\issjUwi.exe
  C:\Windows\System\issjUwi.exe
  2⤵
  PID:7152
- C:\Windows\System\GpvsPaC.exe
  C:\Windows\System\GpvsPaC.exe
  2⤵
  PID:4148
- C:\Windows\System\frDUIrL.exe
  C:\Windows\System\frDUIrL.exe
  2⤵
  PID:5556
- C:\Windows\System\WpOaoVH.exe
  C:\Windows\System\WpOaoVH.exe
  2⤵
  PID:6004
- C:\Windows\System\XsXtaWZ.exe
  C:\Windows\System\XsXtaWZ.exe
  2⤵
  PID:6180
- C:\Windows\System\VMMJqpM.exe
  C:\Windows\System\VMMJqpM.exe
  2⤵
  PID:6236
- C:\Windows\System\CDkMLPd.exe
  C:\Windows\System\CDkMLPd.exe
  2⤵
  PID:6316
- C:\Windows\System\TwXQgUk.exe
  C:\Windows\System\TwXQgUk.exe
  2⤵
  PID:6376
- C:\Windows\System\QLYtOKk.exe
  C:\Windows\System\QLYtOKk.exe
  2⤵
  PID:4040
- C:\Windows\System\PifMdMh.exe
  C:\Windows\System\PifMdMh.exe
  2⤵
  PID:6484
- C:\Windows\System\jfhfafH.exe
  C:\Windows\System\jfhfafH.exe
  2⤵
  PID:4464
- C:\Windows\System\jhgIdKs.exe
  C:\Windows\System\jhgIdKs.exe
  2⤵
  PID:1948
- C:\Windows\System\GDgljhb.exe
  C:\Windows\System\GDgljhb.exe
  2⤵
  PID:2024
- C:\Windows\System\mnNiQFd.exe
  C:\Windows\System\mnNiQFd.exe
  2⤵
  PID:876
- C:\Windows\System\cdWLwfI.exe
  C:\Windows\System\cdWLwfI.exe
  2⤵
  PID:4728
- C:\Windows\System\NTFZAyr.exe
  C:\Windows\System\NTFZAyr.exe
  2⤵
  PID:6488
- C:\Windows\System\QjDxhrr.exe
  C:\Windows\System\QjDxhrr.exe
  2⤵
  PID:6596
- C:\Windows\System\yFSLhkv.exe
  C:\Windows\System\yFSLhkv.exe
  2⤵
  PID:2804
- C:\Windows\System\PVErvVs.exe
  C:\Windows\System\PVErvVs.exe
  2⤵
  PID:1084
- C:\Windows\System\yYwdfOV.exe
  C:\Windows\System\yYwdfOV.exe
  2⤵
  PID:3372
- C:\Windows\System\MTKHFyx.exe
  C:\Windows\System\MTKHFyx.exe
  2⤵
  PID:6708
- C:\Windows\System\mThueOi.exe
  C:\Windows\System\mThueOi.exe
  2⤵
  PID:636
- C:\Windows\System\AJJscay.exe
  C:\Windows\System\AJJscay.exe
  2⤵
  PID:6788
- C:\Windows\System\ZluxHrW.exe
  C:\Windows\System\ZluxHrW.exe
  2⤵
  PID:2016
- C:\Windows\System\cIykHgi.exe
  C:\Windows\System\cIykHgi.exe
  2⤵
  PID:4572
- C:\Windows\System\MvowSXG.exe
  C:\Windows\System\MvowSXG.exe
  2⤵
  PID:1740
- C:\Windows\System\WADgBSA.exe
  C:\Windows\System\WADgBSA.exe
  2⤵
  PID:1504
- C:\Windows\System\EKorkMF.exe
  C:\Windows\System\EKorkMF.exe
  2⤵
  PID:3176
- C:\Windows\System\aiPFYkI.exe
  C:\Windows\System\aiPFYkI.exe
  2⤵
  PID:3436
- C:\Windows\System\IGpLbBE.exe
  C:\Windows\System\IGpLbBE.exe
  2⤵
  PID:6932
- C:\Windows\System\uSEnBla.exe
  C:\Windows\System\uSEnBla.exe
  2⤵
  PID:6992
- C:\Windows\System\LkZuOih.exe
  C:\Windows\System\LkZuOih.exe
  2⤵
  PID:7136
- C:\Windows\System\xyPlLYn.exe
  C:\Windows\System\xyPlLYn.exe
  2⤵
  PID:7164
- C:\Windows\System\wmoELZI.exe
  C:\Windows\System\wmoELZI.exe
  2⤵
  PID:6260
- C:\Windows\System\HfCpzLy.exe
  C:\Windows\System\HfCpzLy.exe
  2⤵
  PID:6372
- C:\Windows\System\DgmPOBO.exe
  C:\Windows\System\DgmPOBO.exe
  2⤵
  PID:6512
- C:\Windows\System\WJjzgtC.exe
  C:\Windows\System\WJjzgtC.exe
  2⤵
  PID:4964
- C:\Windows\System\kDexFxl.exe
  C:\Windows\System\kDexFxl.exe
  2⤵
  PID:6704
- C:\Windows\System\xONfYsy.exe
  C:\Windows\System\xONfYsy.exe
  2⤵
  PID:6524
- C:\Windows\System\dSbuomF.exe
  C:\Windows\System\dSbuomF.exe
  2⤵
  PID:708
- C:\Windows\System\MLpWcHB.exe
  C:\Windows\System\MLpWcHB.exe
  2⤵
  PID:6812
- C:\Windows\System\VfUYTdC.exe
  C:\Windows\System\VfUYTdC.exe
  2⤵
  PID:968
- C:\Windows\System\PIUSJUM.exe
  C:\Windows\System\PIUSJUM.exe
  2⤵
  PID:6828
- C:\Windows\System\rzUHUbf.exe
  C:\Windows\System\rzUHUbf.exe
  2⤵
  PID:3404
- C:\Windows\System\GXhJYNO.exe
  C:\Windows\System\GXhJYNO.exe
  2⤵
  PID:4840
- C:\Windows\System\eGAVkWd.exe
  C:\Windows\System\eGAVkWd.exe
  2⤵
  PID:7020
- C:\Windows\System\EHjZLUM.exe
  C:\Windows\System\EHjZLUM.exe
  2⤵
  PID:7072
- C:\Windows\System\qJddLsR.exe
  C:\Windows\System\qJddLsR.exe
  2⤵
  PID:4380
- C:\Windows\System\mQkaHCV.exe
  C:\Windows\System\mQkaHCV.exe
  2⤵
  PID:6324
- C:\Windows\System\zWbqcyk.exe
  C:\Windows\System\zWbqcyk.exe
  2⤵
  PID:3840
- C:\Windows\System\xBEsHgn.exe
  C:\Windows\System\xBEsHgn.exe
  2⤵
  PID:5416
- C:\Windows\System\jjxidWk.exe
  C:\Windows\System\jjxidWk.exe
  2⤵
  PID:1552
- C:\Windows\System\MDTDoAv.exe
  C:\Windows\System\MDTDoAv.exe
  2⤵
  PID:6664
- C:\Windows\System\vQFtHHX.exe
  C:\Windows\System\vQFtHHX.exe
  2⤵
  PID:652
- C:\Windows\System\rHYlqpD.exe
  C:\Windows\System\rHYlqpD.exe
  2⤵
  PID:6684
- C:\Windows\System\MauuMKB.exe
  C:\Windows\System\MauuMKB.exe
  2⤵
  PID:3688
- C:\Windows\System\rEuGsaI.exe
  C:\Windows\System\rEuGsaI.exe
  2⤵
  PID:6204
- C:\Windows\System\QmYdvhV.exe
  C:\Windows\System\QmYdvhV.exe
  2⤵
  PID:4472
- C:\Windows\System\eiiZgun.exe
  C:\Windows\System\eiiZgun.exe
  2⤵
  PID:4956
- C:\Windows\System\GFcfmuK.exe
  C:\Windows\System\GFcfmuK.exe
  2⤵
  PID:3172
- C:\Windows\System\LlUqGiE.exe
  C:\Windows\System\LlUqGiE.exe
  2⤵
  PID:2808
- C:\Windows\System\TDHkbah.exe
  C:\Windows\System\TDHkbah.exe
  2⤵
  PID:2572
- C:\Windows\System\GZbmmDn.exe
  C:\Windows\System\GZbmmDn.exe
  2⤵
  PID:6736
- C:\Windows\System\JPSbegu.exe
  C:\Windows\System\JPSbegu.exe
  2⤵
  PID:7188
- C:\Windows\System\cilhUkR.exe
  C:\Windows\System\cilhUkR.exe
  2⤵
  PID:7216
- C:\Windows\System\TCRMEuz.exe
  C:\Windows\System\TCRMEuz.exe
  2⤵
  PID:7244
- C:\Windows\System\PvQkOKE.exe
  C:\Windows\System\PvQkOKE.exe
  2⤵
  PID:7272
- C:\Windows\System\shxlwSx.exe
  C:\Windows\System\shxlwSx.exe
  2⤵
  PID:7300
- C:\Windows\System\Rrlcjkb.exe
  C:\Windows\System\Rrlcjkb.exe
  2⤵
  PID:7328
- C:\Windows\System\SIOPDGV.exe
  C:\Windows\System\SIOPDGV.exe
  2⤵
  PID:7356
- C:\Windows\System\pBHjfXk.exe
  C:\Windows\System\pBHjfXk.exe
  2⤵
  PID:7384
- C:\Windows\System\iqhYyhE.exe
  C:\Windows\System\iqhYyhE.exe
  2⤵
  PID:7412
- C:\Windows\System\RHRlOXV.exe
  C:\Windows\System\RHRlOXV.exe
  2⤵
  PID:7440
- C:\Windows\System\imrEVPy.exe
  C:\Windows\System\imrEVPy.exe
  2⤵
  PID:7484
- C:\Windows\System\zrMRQlp.exe
  C:\Windows\System\zrMRQlp.exe
  2⤵
  PID:7500
- C:\Windows\System\YpdtBTL.exe
  C:\Windows\System\YpdtBTL.exe
  2⤵
  PID:7528
- C:\Windows\System\DwFXTsu.exe
  C:\Windows\System\DwFXTsu.exe
  2⤵
  PID:7556
- C:\Windows\System\oPRnynP.exe
  C:\Windows\System\oPRnynP.exe
  2⤵
  PID:7584
- C:\Windows\System\GGumukD.exe
  C:\Windows\System\GGumukD.exe
  2⤵
  PID:7612
- C:\Windows\System\Gybitry.exe
  C:\Windows\System\Gybitry.exe
  2⤵
  PID:7640
- C:\Windows\System\epztBmB.exe
  C:\Windows\System\epztBmB.exe
  2⤵
  PID:7668
- C:\Windows\System\WxCTaEK.exe
  C:\Windows\System\WxCTaEK.exe
  2⤵
  PID:7696
- C:\Windows\System\szCqGov.exe
  C:\Windows\System\szCqGov.exe
  2⤵
  PID:7724
- C:\Windows\System\eXEuFad.exe
  C:\Windows\System\eXEuFad.exe
  2⤵
  PID:7752
- C:\Windows\System\JPhRFLB.exe
  C:\Windows\System\JPhRFLB.exe
  2⤵
  PID:7780
- C:\Windows\System\VhccZIM.exe
  C:\Windows\System\VhccZIM.exe
  2⤵
  PID:7808
- C:\Windows\System\KEWqTRc.exe
  C:\Windows\System\KEWqTRc.exe
  2⤵
  PID:7836
- C:\Windows\System\zHOOFZt.exe
  C:\Windows\System\zHOOFZt.exe
  2⤵
  PID:7864
- C:\Windows\System\sDKpmIf.exe
  C:\Windows\System\sDKpmIf.exe
  2⤵
  PID:7900
- C:\Windows\System\ycVsFyB.exe
  C:\Windows\System\ycVsFyB.exe
  2⤵
  PID:7924
- C:\Windows\System\sKPjKcD.exe
  C:\Windows\System\sKPjKcD.exe
  2⤵
  PID:7956
- C:\Windows\System\kWDvXgW.exe
  C:\Windows\System\kWDvXgW.exe
  2⤵
  PID:7984
- C:\Windows\System\FyUZWZA.exe
  C:\Windows\System\FyUZWZA.exe
  2⤵
  PID:8012
- C:\Windows\System\nQagjmH.exe
  C:\Windows\System\nQagjmH.exe
  2⤵
  PID:8040
- C:\Windows\System\iEDGXfV.exe
  C:\Windows\System\iEDGXfV.exe
  2⤵
  PID:8068
- C:\Windows\System\IkbIPyz.exe
  C:\Windows\System\IkbIPyz.exe
  2⤵
  PID:8096
- C:\Windows\System\tmkKSgX.exe
  C:\Windows\System\tmkKSgX.exe
  2⤵
  PID:8124
- C:\Windows\System\iBNGhAJ.exe
  C:\Windows\System\iBNGhAJ.exe
  2⤵
  PID:8156
- C:\Windows\System\jIaKuEK.exe
  C:\Windows\System\jIaKuEK.exe
  2⤵
  PID:8180
- C:\Windows\System\KxAAMck.exe
  C:\Windows\System\KxAAMck.exe
  2⤵
  PID:7184
- C:\Windows\System\HTiOlPW.exe
  C:\Windows\System\HTiOlPW.exe
  2⤵
  PID:7352
- C:\Windows\System\zlwqkys.exe
  C:\Windows\System\zlwqkys.exe
  2⤵
  PID:7436
- C:\Windows\System\rQliQAQ.exe
  C:\Windows\System\rQliQAQ.exe
  2⤵
  PID:7516
- C:\Windows\System\spAuTYh.exe
  C:\Windows\System\spAuTYh.exe
  2⤵
  PID:7604
- C:\Windows\System\actWAOe.exe
  C:\Windows\System\actWAOe.exe
  2⤵
  PID:7636
- C:\Windows\System\jHVUfVe.exe
  C:\Windows\System\jHVUfVe.exe
  2⤵
  PID:7712
- C:\Windows\System\NDYUCqL.exe
  C:\Windows\System\NDYUCqL.exe
  2⤵
  PID:7768
- C:\Windows\System\eTPkERw.exe
  C:\Windows\System\eTPkERw.exe
  2⤵
  PID:7828
- C:\Windows\System\MlmNiyl.exe
  C:\Windows\System\MlmNiyl.exe
  2⤵
  PID:7892
- C:\Windows\System\QfQvrYP.exe
  C:\Windows\System\QfQvrYP.exe
  2⤵
  PID:7952
- C:\Windows\System\SNTGAEI.exe
  C:\Windows\System\SNTGAEI.exe
  2⤵
  PID:8024
- C:\Windows\System\xzkcXZl.exe
  C:\Windows\System\xzkcXZl.exe
  2⤵
  PID:8064
- C:\Windows\System\mZguHwk.exe
  C:\Windows\System\mZguHwk.exe
  2⤵
  PID:8148
- C:\Windows\System\oDOoLSf.exe
  C:\Windows\System\oDOoLSf.exe
  2⤵
  PID:7212
- C:\Windows\System\JzYtfdY.exe
  C:\Windows\System\JzYtfdY.exe
  2⤵
  PID:7432
- C:\Windows\System\IoUZJow.exe
  C:\Windows\System\IoUZJow.exe
  2⤵
  PID:7568
- C:\Windows\System\zuMtsJR.exe
  C:\Windows\System\zuMtsJR.exe
  2⤵
  PID:7744
- C:\Windows\System\gwMKIZn.exe
  C:\Windows\System\gwMKIZn.exe
  2⤵
  PID:7888
- C:\Windows\System\oWKPlxH.exe
  C:\Windows\System\oWKPlxH.exe
  2⤵
  PID:8056
- C:\Windows\System\RoRZemL.exe
  C:\Windows\System\RoRZemL.exe
  2⤵
  PID:6728
- C:\Windows\System\LlgYwDz.exe
  C:\Windows\System\LlgYwDz.exe
  2⤵
  PID:7600
- C:\Windows\System\hDrNhwm.exe
  C:\Windows\System\hDrNhwm.exe
  2⤵
  PID:7948
- C:\Windows\System\mmDTkYv.exe
  C:\Windows\System\mmDTkYv.exe
  2⤵
  PID:7496
- C:\Windows\System\NegvkrB.exe
  C:\Windows\System\NegvkrB.exe
  2⤵
  PID:7856
- C:\Windows\System\fzEobVo.exe
  C:\Windows\System\fzEobVo.exe
  2⤵
  PID:8240
- C:\Windows\System\PdTOXMz.exe
  C:\Windows\System\PdTOXMz.exe
  2⤵
  PID:8292
- C:\Windows\System\nVSvSLm.exe
  C:\Windows\System\nVSvSLm.exe
  2⤵
  PID:8328
- C:\Windows\System\EOkZWkN.exe
  C:\Windows\System\EOkZWkN.exe
  2⤵
  PID:8408
- C:\Windows\System\iNXqirm.exe
  C:\Windows\System\iNXqirm.exe
  2⤵
  PID:8512
- C:\Windows\System\pPAFAsX.exe
  C:\Windows\System\pPAFAsX.exe
  2⤵
  PID:8544
- C:\Windows\System\PIyCacw.exe
  C:\Windows\System\PIyCacw.exe
  2⤵
  PID:8584
- C:\Windows\System\UjzARck.exe
  C:\Windows\System\UjzARck.exe
  2⤵
  PID:8648
- C:\Windows\System\ABuMjPN.exe
  C:\Windows\System\ABuMjPN.exe
  2⤵
  PID:8668
- C:\Windows\System\rhIqNHR.exe
  C:\Windows\System\rhIqNHR.exe
  2⤵
  PID:8708
- C:\Windows\System\ivYnzws.exe
  C:\Windows\System\ivYnzws.exe
  2⤵
  PID:8728
- C:\Windows\System\xKUOOAT.exe
  C:\Windows\System\xKUOOAT.exe
  2⤵
  PID:8756
- C:\Windows\System\iRIfnwa.exe
  C:\Windows\System\iRIfnwa.exe
  2⤵
  PID:8788
- C:\Windows\System\cGRpNbE.exe
  C:\Windows\System\cGRpNbE.exe
  2⤵
  PID:8816
- C:\Windows\System\jcEqoCt.exe
  C:\Windows\System\jcEqoCt.exe
  2⤵
  PID:8856
- C:\Windows\System\LJJycZm.exe
  C:\Windows\System\LJJycZm.exe
  2⤵
  PID:8872
- C:\Windows\System\KAANAPS.exe
  C:\Windows\System\KAANAPS.exe
  2⤵
  PID:8900
- C:\Windows\System\CQfPaXY.exe
  C:\Windows\System\CQfPaXY.exe
  2⤵
  PID:8928
- C:\Windows\System\FdWRwyS.exe
  C:\Windows\System\FdWRwyS.exe
  2⤵
  PID:8956
- C:\Windows\System\PvGMLAK.exe
  C:\Windows\System\PvGMLAK.exe
  2⤵
  PID:8984
- C:\Windows\System\oMUEUsK.exe
  C:\Windows\System\oMUEUsK.exe
  2⤵
  PID:9012
- C:\Windows\System\cTUsjqS.exe
  C:\Windows\System\cTUsjqS.exe
  2⤵
  PID:9040
- C:\Windows\System\FGUovyH.exe
  C:\Windows\System\FGUovyH.exe
  2⤵
  PID:9068
- C:\Windows\System\QuyPsKt.exe
  C:\Windows\System\QuyPsKt.exe
  2⤵
  PID:9096
- C:\Windows\System\rNbLsNq.exe
  C:\Windows\System\rNbLsNq.exe
  2⤵
  PID:9128
- C:\Windows\System\MNYEWFq.exe
  C:\Windows\System\MNYEWFq.exe
  2⤵
  PID:9156
- C:\Windows\System\RWNdGdS.exe
  C:\Windows\System\RWNdGdS.exe
  2⤵
  PID:9188
- C:\Windows\System\oyQmkuK.exe
  C:\Windows\System\oyQmkuK.exe
  2⤵
  PID:8116
- C:\Windows\System\cobYDmq.exe
  C:\Windows\System\cobYDmq.exe
  2⤵
  PID:8264
- C:\Windows\System\RRhsExZ.exe
  C:\Windows\System\RRhsExZ.exe
  2⤵
  PID:8436
- C:\Windows\System\KSwUwWh.exe
  C:\Windows\System\KSwUwWh.exe
  2⤵
  PID:8556
- C:\Windows\System\djkrtFH.exe
  C:\Windows\System\djkrtFH.exe
  2⤵
  PID:8656
- C:\Windows\System\xOwVkPx.exe
  C:\Windows\System\xOwVkPx.exe
  2⤵
  PID:8720
- C:\Windows\System\aOTncek.exe
  C:\Windows\System\aOTncek.exe
  2⤵
  PID:8784
- C:\Windows\System\NilJNFc.exe
  C:\Windows\System\NilJNFc.exe
  2⤵
  PID:8384
- C:\Windows\System\FFhxaBn.exe
  C:\Windows\System\FFhxaBn.exe
  2⤵
  PID:8380
- C:\Windows\System\ZAWVTKG.exe
  C:\Windows\System\ZAWVTKG.exe
  2⤵
  PID:8896
- C:\Windows\System\tXcwEEO.exe
  C:\Windows\System\tXcwEEO.exe
  2⤵
  PID:8952
- C:\Windows\System\jCOxCUy.exe
  C:\Windows\System\jCOxCUy.exe
  2⤵
  PID:9024
- C:\Windows\System\jBFZmlr.exe
  C:\Windows\System\jBFZmlr.exe
  2⤵
  PID:9088
- C:\Windows\System\hRYVeSr.exe
  C:\Windows\System\hRYVeSr.exe
  2⤵
  PID:9152
- C:\Windows\System\eBzxpyZ.exe
  C:\Windows\System\eBzxpyZ.exe
  2⤵
  PID:8260
- C:\Windows\System\vVAKkGa.exe
  C:\Windows\System\vVAKkGa.exe
  2⤵
  PID:8540
- C:\Windows\System\fNWtwVP.exe
  C:\Windows\System\fNWtwVP.exe
  2⤵
  PID:8748
- C:\Windows\System\vSudSdN.exe
  C:\Windows\System\vSudSdN.exe
  2⤵
  PID:8852
- C:\Windows\System\rfQpPhe.exe
  C:\Windows\System\rfQpPhe.exe
  2⤵
  PID:8940
- C:\Windows\System\SSgcwSE.exe
  C:\Windows\System\SSgcwSE.exe
  2⤵
  PID:9080
- C:\Windows\System\wOjxXfp.exe
  C:\Windows\System\wOjxXfp.exe
  2⤵
  PID:8400
- C:\Windows\System\vXMFUkd.exe
  C:\Windows\System\vXMFUkd.exe
  2⤵
  PID:8604
- C:\Windows\System\apjzEGX.exe
  C:\Windows\System\apjzEGX.exe
  2⤵
  PID:8924
- C:\Windows\System\eiyfIMI.exe
  C:\Windows\System\eiyfIMI.exe
  2⤵
  PID:9208
- C:\Windows\System\kHLJEMf.exe
  C:\Windows\System\kHLJEMf.exe
  2⤵
  PID:9220
- C:\Windows\System\FrNwQOm.exe
  C:\Windows\System\FrNwQOm.exe
  2⤵
  PID:9252
- C:\Windows\System\qToCtSH.exe
  C:\Windows\System\qToCtSH.exe
  2⤵
  PID:9280
- C:\Windows\System\CjFcFAc.exe
  C:\Windows\System\CjFcFAc.exe
  2⤵
  PID:9320
- C:\Windows\System\OgRslfA.exe
  C:\Windows\System\OgRslfA.exe
  2⤵
  PID:9348
- C:\Windows\System\ApHXvwg.exe
  C:\Windows\System\ApHXvwg.exe
  2⤵
  PID:9380
- C:\Windows\System\RqgaAiK.exe
  C:\Windows\System\RqgaAiK.exe
  2⤵
  PID:9408
- C:\Windows\System\GkbKHOD.exe
  C:\Windows\System\GkbKHOD.exe
  2⤵
  PID:9436
- C:\Windows\System\rkRJjxs.exe
  C:\Windows\System\rkRJjxs.exe
  2⤵
  PID:9464
- C:\Windows\System\bWCFlTO.exe
  C:\Windows\System\bWCFlTO.exe
  2⤵
  PID:9492
- C:\Windows\System\XLMEcYs.exe
  C:\Windows\System\XLMEcYs.exe
  2⤵
  PID:9520
- C:\Windows\System\BwYzlJa.exe
  C:\Windows\System\BwYzlJa.exe
  2⤵
  PID:9548
- C:\Windows\System\JBbTShB.exe
  C:\Windows\System\JBbTShB.exe
  2⤵
  PID:9576
- C:\Windows\System\IAgiHRC.exe
  C:\Windows\System\IAgiHRC.exe
  2⤵
  PID:9604
- C:\Windows\System\FYTuVqk.exe
  C:\Windows\System\FYTuVqk.exe
  2⤵
  PID:9632
- C:\Windows\System\OJXQOkF.exe
  C:\Windows\System\OJXQOkF.exe
  2⤵
  PID:9660
- C:\Windows\System\CtCNDef.exe
  C:\Windows\System\CtCNDef.exe
  2⤵
  PID:9688
- C:\Windows\System\QRtQBhy.exe
  C:\Windows\System\QRtQBhy.exe
  2⤵
  PID:9716
- C:\Windows\System\pufFMOZ.exe
  C:\Windows\System\pufFMOZ.exe
  2⤵
  PID:9744
- C:\Windows\System\iDxvXav.exe
  C:\Windows\System\iDxvXav.exe
  2⤵
  PID:9772
- C:\Windows\System\mdbDxzr.exe
  C:\Windows\System\mdbDxzr.exe
  2⤵
  PID:9800
- C:\Windows\System\FWlXseA.exe
  C:\Windows\System\FWlXseA.exe
  2⤵
  PID:9828
- C:\Windows\System\YPIwVWv.exe
  C:\Windows\System\YPIwVWv.exe
  2⤵
  PID:9856
- C:\Windows\System\xgxuPOR.exe
  C:\Windows\System\xgxuPOR.exe
  2⤵
  PID:9884
- C:\Windows\System\HWQCgPE.exe
  C:\Windows\System\HWQCgPE.exe
  2⤵
  PID:9912
- C:\Windows\System\DnLWiUg.exe
  C:\Windows\System\DnLWiUg.exe
  2⤵
  PID:10004
- C:\Windows\System\DRiVNge.exe
  C:\Windows\System\DRiVNge.exe
  2⤵
  PID:10052
- C:\Windows\System\PeEBKqw.exe
  C:\Windows\System\PeEBKqw.exe
  2⤵
  PID:10068
- C:\Windows\System\XrjqvsG.exe
  C:\Windows\System\XrjqvsG.exe
  2⤵
  PID:10100
- C:\Windows\System\fvaXMkK.exe
  C:\Windows\System\fvaXMkK.exe
  2⤵
  PID:10128
- C:\Windows\System\kjBYXKw.exe
  C:\Windows\System\kjBYXKw.exe
  2⤵
  PID:10156
- C:\Windows\System\tYXkumv.exe
  C:\Windows\System\tYXkumv.exe
  2⤵
  PID:10188
- C:\Windows\System\jViAoLm.exe
  C:\Windows\System\jViAoLm.exe
  2⤵
  PID:10216
- C:\Windows\System\xNdJblN.exe
  C:\Windows\System\xNdJblN.exe
  2⤵
  PID:9064
- C:\Windows\System\bYRgnJD.exe
  C:\Windows\System\bYRgnJD.exe
  2⤵
  PID:9228
- C:\Windows\System\VSPsVPv.exe
  C:\Windows\System\VSPsVPv.exe
  2⤵
  PID:9316
- C:\Windows\System\zjOxSMt.exe
  C:\Windows\System\zjOxSMt.exe
  2⤵
  PID:9396
- C:\Windows\System\WnoCLIP.exe
  C:\Windows\System\WnoCLIP.exe
  2⤵
  PID:9456
- C:\Windows\System\KRxeYCy.exe
  C:\Windows\System\KRxeYCy.exe
  2⤵
  PID:9516
- C:\Windows\System\uIbjEHA.exe
  C:\Windows\System\uIbjEHA.exe
  2⤵
  PID:9588
- C:\Windows\System\pqWndfa.exe
  C:\Windows\System\pqWndfa.exe
  2⤵
  PID:9652
- C:\Windows\System\MakqRwr.exe
  C:\Windows\System\MakqRwr.exe
  2⤵
  PID:9712
- C:\Windows\System\TVoHqVV.exe
  C:\Windows\System\TVoHqVV.exe
  2⤵
  PID:9788
- C:\Windows\System\raKkwKy.exe
  C:\Windows\System\raKkwKy.exe
  2⤵
  PID:9848
- C:\Windows\System\sOMLWAx.exe
  C:\Windows\System\sOMLWAx.exe
  2⤵
  PID:9908
- C:\Windows\System\XgnxCai.exe
  C:\Windows\System\XgnxCai.exe
  2⤵
  PID:10044
- C:\Windows\System\dWRLLpE.exe
  C:\Windows\System\dWRLLpE.exe
  2⤵
  PID:10088
- C:\Windows\System\cexEDNH.exe
  C:\Windows\System\cexEDNH.exe
  2⤵
  PID:9976
- C:\Windows\System\Vjoomrj.exe
  C:\Windows\System\Vjoomrj.exe
  2⤵
  PID:10140
- C:\Windows\System\cnYahUn.exe
  C:\Windows\System\cnYahUn.exe
  2⤵
  PID:10208
- C:\Windows\System\ishrGKY.exe
  C:\Windows\System\ishrGKY.exe
  2⤵
  PID:9232
- C:\Windows\System\mtvTEzU.exe
  C:\Windows\System\mtvTEzU.exe
  2⤵
  PID:9420
- C:\Windows\System\GkguEjb.exe
  C:\Windows\System\GkguEjb.exe
  2⤵
  PID:9568
- C:\Windows\System\VCUxObs.exe
  C:\Windows\System\VCUxObs.exe
  2⤵
  PID:9708
- C:\Windows\System\wxaOgdZ.exe
  C:\Windows\System\wxaOgdZ.exe
  2⤵
  PID:9900
- C:\Windows\System\ESatLAV.exe
  C:\Windows\System\ESatLAV.exe
  2⤵
  PID:10060
- C:\Windows\System\VKgKidX.exe
  C:\Windows\System\VKgKidX.exe
  2⤵
  PID:10120
- C:\Windows\System\fBDyGuD.exe
  C:\Windows\System\fBDyGuD.exe
  2⤵
  PID:9248
- C:\Windows\System\pZHeWne.exe
  C:\Windows\System\pZHeWne.exe
  2⤵
  PID:9544
- C:\Windows\System\IPZWNNA.exe
  C:\Windows\System\IPZWNNA.exe
  2⤵
  PID:9996
- C:\Windows\System\rMDqJXL.exe
  C:\Windows\System\rMDqJXL.exe
  2⤵
  PID:10200
- C:\Windows\System\JPaRSXZ.exe
  C:\Windows\System\JPaRSXZ.exe
  2⤵
  PID:9824
- C:\Windows\System\bQweqvm.exe
  C:\Windows\System\bQweqvm.exe
  2⤵
  PID:9768
- C:\Windows\System\HXXUrSM.exe
  C:\Windows\System\HXXUrSM.exe
  2⤵
  PID:10256
- C:\Windows\System\WPnVTXv.exe
  C:\Windows\System\WPnVTXv.exe
  2⤵
  PID:10288
- C:\Windows\System\EKnECeL.exe
  C:\Windows\System\EKnECeL.exe
  2⤵
  PID:10316
- C:\Windows\System\uiIhfsQ.exe
  C:\Windows\System\uiIhfsQ.exe
  2⤵
  PID:10344
- C:\Windows\System\yjuloTX.exe
  C:\Windows\System\yjuloTX.exe
  2⤵
  PID:10372
- C:\Windows\System\zvFcdXJ.exe
  C:\Windows\System\zvFcdXJ.exe
  2⤵
  PID:10400
- C:\Windows\System\aidCCjr.exe
  C:\Windows\System\aidCCjr.exe
  2⤵
  PID:10428
- C:\Windows\System\RxhPpCX.exe
  C:\Windows\System\RxhPpCX.exe
  2⤵
  PID:10456
- C:\Windows\System\yBGNNgc.exe
  C:\Windows\System\yBGNNgc.exe
  2⤵
  PID:10484
- C:\Windows\System\QcNcAfj.exe
  C:\Windows\System\QcNcAfj.exe
  2⤵
  PID:10512
- C:\Windows\System\CAePYWi.exe
  C:\Windows\System\CAePYWi.exe
  2⤵
  PID:10540
- C:\Windows\System\LuYIiBf.exe
  C:\Windows\System\LuYIiBf.exe
  2⤵
  PID:10568
- C:\Windows\System\cbyKnJc.exe
  C:\Windows\System\cbyKnJc.exe
  2⤵
  PID:10628
- C:\Windows\System\CYsPLAt.exe
  C:\Windows\System\CYsPLAt.exe
  2⤵
  PID:10664
- C:\Windows\System\vgGRmrv.exe
  C:\Windows\System\vgGRmrv.exe
  2⤵
  PID:10684
- C:\Windows\System\MpXkZyY.exe
  C:\Windows\System\MpXkZyY.exe
  2⤵
  PID:10720
- C:\Windows\System\zbrFJTN.exe
  C:\Windows\System\zbrFJTN.exe
  2⤵
  PID:10756
- C:\Windows\System\NqKLvAr.exe
  C:\Windows\System\NqKLvAr.exe
  2⤵
  PID:10804
- C:\Windows\System\VSHYWrg.exe
  C:\Windows\System\VSHYWrg.exe
  2⤵
  PID:10848
- C:\Windows\System\XxQakiT.exe
  C:\Windows\System\XxQakiT.exe
  2⤵
  PID:10872
- C:\Windows\System\NbAlmWk.exe
  C:\Windows\System\NbAlmWk.exe
  2⤵
  PID:10900
- C:\Windows\System\eKiThsP.exe
  C:\Windows\System\eKiThsP.exe
  2⤵
  PID:10928
- C:\Windows\System\ULmnQHX.exe
  C:\Windows\System\ULmnQHX.exe
  2⤵
  PID:10956
- C:\Windows\System\cOHYbxg.exe
  C:\Windows\System\cOHYbxg.exe
  2⤵
  PID:10984
- C:\Windows\System\REwCyNS.exe
  C:\Windows\System\REwCyNS.exe
  2⤵
  PID:11012
- C:\Windows\System\FAtUjxI.exe
  C:\Windows\System\FAtUjxI.exe
  2⤵
  PID:11044
- C:\Windows\System\njyQyrq.exe
  C:\Windows\System\njyQyrq.exe
  2⤵
  PID:11072
- C:\Windows\System\nniegOV.exe
  C:\Windows\System\nniegOV.exe
  2⤵
  PID:11100
- C:\Windows\System\aVFaJVV.exe
  C:\Windows\System\aVFaJVV.exe
  2⤵
  PID:11132
- C:\Windows\System\BJoodwG.exe
  C:\Windows\System\BJoodwG.exe
  2⤵
  PID:11160
- C:\Windows\System\RALezKr.exe
  C:\Windows\System\RALezKr.exe
  2⤵
  PID:11188
- C:\Windows\System\JPYoKxu.exe
  C:\Windows\System\JPYoKxu.exe
  2⤵
  PID:10304
- C:\Windows\System\DqMvjCc.exe
  C:\Windows\System\DqMvjCc.exe
  2⤵
  PID:10388
- C:\Windows\System\HEyvFRU.exe
  C:\Windows\System\HEyvFRU.exe
  2⤵
  PID:3852
- C:\Windows\System\qOrEdNA.exe
  C:\Windows\System\qOrEdNA.exe
  2⤵
  PID:212
- C:\Windows\System\UJxJfJY.exe
  C:\Windows\System\UJxJfJY.exe
  2⤵
  PID:10652
- C:\Windows\System\ZvGmpLR.exe
  C:\Windows\System\ZvGmpLR.exe
  2⤵
  PID:10800
- C:\Windows\System\AoyarOn.exe
  C:\Windows\System\AoyarOn.exe
  2⤵
  PID:10792
- C:\Windows\System\vMLkqZk.exe
  C:\Windows\System\vMLkqZk.exe
  2⤵
  PID:10920
- C:\Windows\System\YjCzsxJ.exe
  C:\Windows\System\YjCzsxJ.exe
  2⤵
  PID:10972
- C:\Windows\System\VxUmyFg.exe
  C:\Windows\System\VxUmyFg.exe
  2⤵
  PID:11064
- C:\Windows\System\SbEHUiV.exe
  C:\Windows\System\SbEHUiV.exe
  2⤵
  PID:11112
- C:\Windows\System\DldRxZD.exe
  C:\Windows\System\DldRxZD.exe
  2⤵
  PID:8140
- C:\Windows\System\WfVLEvu.exe
  C:\Windows\System\WfVLEvu.exe
  2⤵
  PID:10332
- C:\Windows\System\sLcBuqp.exe
  C:\Windows\System\sLcBuqp.exe
  2⤵
  PID:10504
- C:\Windows\System\UUbngoA.exe
  C:\Windows\System\UUbngoA.exe
  2⤵
  PID:10648
- C:\Windows\System\TyQlUqg.exe
  C:\Windows\System\TyQlUqg.exe
  2⤵
  PID:10784
- C:\Windows\System\TTQvfbz.exe
  C:\Windows\System\TTQvfbz.exe
  2⤵
  PID:10952
- C:\Windows\System\eesPsKv.exe
  C:\Windows\System\eesPsKv.exe
  2⤵
  PID:1868
- C:\Windows\System\tuTJwok.exe
  C:\Windows\System\tuTJwok.exe
  2⤵
  PID:11236
- C:\Windows\System\fTbGJdv.exe
  C:\Windows\System\fTbGJdv.exe
  2⤵
  PID:11156
- C:\Windows\System\ENeRQEa.exe
  C:\Windows\System\ENeRQEa.exe
  2⤵
  PID:10448
- C:\Windows\System\YJFuMEd.exe
  C:\Windows\System\YJFuMEd.exe
  2⤵
  PID:10868
- C:\Windows\System\yrOYquD.exe
  C:\Windows\System\yrOYquD.exe
  2⤵
  PID:11036
- C:\Windows\System\vpTwJcS.exe
  C:\Windows\System\vpTwJcS.exe
  2⤵
  PID:10796
- C:\Windows\System\yLHlcXv.exe
  C:\Windows\System\yLHlcXv.exe
  2⤵
  PID:4436
- C:\Windows\System\rlKZCAI.exe
  C:\Windows\System\rlKZCAI.exe
  2⤵
  PID:10788
- C:\Windows\System\TwzBCVL.exe
  C:\Windows\System\TwzBCVL.exe
  2⤵
  PID:11296
- C:\Windows\System\rhZNfTs.exe
  C:\Windows\System\rhZNfTs.exe
  2⤵
  PID:11312
- C:\Windows\System\kLrXFav.exe
  C:\Windows\System\kLrXFav.exe
  2⤵
  PID:11340
- C:\Windows\System\ZImqzAb.exe
  C:\Windows\System\ZImqzAb.exe
  2⤵
  PID:11368
- C:\Windows\System\chRPbkO.exe
  C:\Windows\System\chRPbkO.exe
  2⤵
  PID:11396
- C:\Windows\System\snuVfkX.exe
  C:\Windows\System\snuVfkX.exe
  2⤵
  PID:11424
- C:\Windows\System\wMhGCPv.exe
  C:\Windows\System\wMhGCPv.exe
  2⤵
  PID:11452
- C:\Windows\System\SvHtKBt.exe
  C:\Windows\System\SvHtKBt.exe
  2⤵
  PID:11480
- C:\Windows\System\YBQffFX.exe
  C:\Windows\System\YBQffFX.exe
  2⤵
  PID:11508
- C:\Windows\System\HGdmraz.exe
  C:\Windows\System\HGdmraz.exe
  2⤵
  PID:11536
- C:\Windows\System\AofwRqO.exe
  C:\Windows\System\AofwRqO.exe
  2⤵
  PID:11564
- C:\Windows\System\BFcEdwU.exe
  C:\Windows\System\BFcEdwU.exe
  2⤵
  PID:11592
- C:\Windows\System\kFozMhq.exe
  C:\Windows\System\kFozMhq.exe
  2⤵
  PID:11620
- C:\Windows\System\ezWpgED.exe
  C:\Windows\System\ezWpgED.exe
  2⤵
  PID:11648
- C:\Windows\System\FZCnANP.exe
  C:\Windows\System\FZCnANP.exe
  2⤵
  PID:11676
- C:\Windows\System\fyYUPHu.exe
  C:\Windows\System\fyYUPHu.exe
  2⤵
  PID:11704
- C:\Windows\System\IBqkQEZ.exe
  C:\Windows\System\IBqkQEZ.exe
  2⤵
  PID:11732
- C:\Windows\System\toGkRoG.exe
  C:\Windows\System\toGkRoG.exe
  2⤵
  PID:11760
- C:\Windows\System\VMzQQve.exe
  C:\Windows\System\VMzQQve.exe
  2⤵
  PID:11788
- C:\Windows\System\rDMbYNV.exe
  C:\Windows\System\rDMbYNV.exe
  2⤵
  PID:11816
- C:\Windows\System\lCAvkQa.exe
  C:\Windows\System\lCAvkQa.exe
  2⤵
  PID:11844
- C:\Windows\System\rPTjyKe.exe
  C:\Windows\System\rPTjyKe.exe
  2⤵
  PID:11872
- C:\Windows\System\KWcIaOq.exe
  C:\Windows\System\KWcIaOq.exe
  2⤵
  PID:11900
- C:\Windows\System\twpSUaB.exe
  C:\Windows\System\twpSUaB.exe
  2⤵
  PID:11928
- C:\Windows\System\WItTMBu.exe
  C:\Windows\System\WItTMBu.exe
  2⤵
  PID:11956
- C:\Windows\System\GgjDNfR.exe
  C:\Windows\System\GgjDNfR.exe
  2⤵
  PID:11984
- C:\Windows\System\KDbysXB.exe
  C:\Windows\System\KDbysXB.exe
  2⤵
  PID:12012
- C:\Windows\System\wkAimqF.exe
  C:\Windows\System\wkAimqF.exe
  2⤵
  PID:12040
- C:\Windows\System\XqbCMtE.exe
  C:\Windows\System\XqbCMtE.exe
  2⤵
  PID:12068
- C:\Windows\System\JqPmDhg.exe
  C:\Windows\System\JqPmDhg.exe
  2⤵
  PID:12096
- C:\Windows\System\fvIOazg.exe
  C:\Windows\System\fvIOazg.exe
  2⤵
  PID:12124
- C:\Windows\System\DmViUpI.exe
  C:\Windows\System\DmViUpI.exe
  2⤵
  PID:12152
- C:\Windows\System\WfSUciH.exe
  C:\Windows\System\WfSUciH.exe
  2⤵
  PID:12188
- C:\Windows\System\bkWUgZu.exe
  C:\Windows\System\bkWUgZu.exe
  2⤵
  PID:12220
- C:\Windows\System\VQovOuV.exe
  C:\Windows\System\VQovOuV.exe
  2⤵
  PID:12256
- C:\Windows\System\RljFGny.exe
  C:\Windows\System\RljFGny.exe
  2⤵
  PID:12276
- C:\Windows\System\ABLxrar.exe
  C:\Windows\System\ABLxrar.exe
  2⤵
  PID:11304
- C:\Windows\System\JdykidN.exe
  C:\Windows\System\JdykidN.exe
  2⤵
  PID:11364
- C:\Windows\System\ObHxLSG.exe
  C:\Windows\System\ObHxLSG.exe
  2⤵
  PID:11436
- C:\Windows\System\zrzqEEB.exe
  C:\Windows\System\zrzqEEB.exe
  2⤵
  PID:11476
- C:\Windows\System\PhbYwDs.exe
  C:\Windows\System\PhbYwDs.exe
  2⤵
  PID:11532
- C:\Windows\System\zRRJYMs.exe
  C:\Windows\System\zRRJYMs.exe
  2⤵
  PID:11612
- C:\Windows\System\PNfRuSu.exe
  C:\Windows\System\PNfRuSu.exe
  2⤵
  PID:11672
- C:\Windows\System\QZSPPOa.exe
  C:\Windows\System\QZSPPOa.exe
  2⤵
  PID:11840
- C:\Windows\System\Lscndqk.exe
  C:\Windows\System\Lscndqk.exe
  2⤵
  PID:11896
- C:\Windows\System\SFZnJan.exe
  C:\Windows\System\SFZnJan.exe
  2⤵
  PID:11968
- C:\Windows\System\GVDCVQG.exe
  C:\Windows\System\GVDCVQG.exe
  2⤵
  PID:12032
- C:\Windows\System\pcPtkMc.exe
  C:\Windows\System\pcPtkMc.exe
  2⤵
  PID:12112
- C:\Windows\System\DRYNola.exe
  C:\Windows\System\DRYNola.exe
  2⤵
  PID:12184
- C:\Windows\System\SdHfjle.exe
  C:\Windows\System\SdHfjle.exe
  2⤵
  PID:12244
- C:\Windows\System\GZRPCpg.exe
  C:\Windows\System\GZRPCpg.exe
  2⤵
  PID:11276
- C:\Windows\System\NejBFJH.exe
  C:\Windows\System\NejBFJH.exe
  2⤵
  PID:892
- C:\Windows\System\SKYjtYT.exe
  C:\Windows\System\SKYjtYT.exe
  2⤵
  PID:11580
- C:\Windows\System\YzAOBTL.exe
  C:\Windows\System\YzAOBTL.exe
  2⤵
  PID:11836
- C:\Windows\System\lRAMlkQ.exe
  C:\Windows\System\lRAMlkQ.exe
  2⤵
  PID:10528
- C:\Windows\System\lRqatEI.exe
  C:\Windows\System\lRqatEI.exe
  2⤵
  PID:10588
- C:\Windows\System\lnURwpk.exe
  C:\Windows\System\lnURwpk.exe
  2⤵
  PID:12088
- C:\Windows\System\xgPQKZN.exe
  C:\Windows\System\xgPQKZN.exe
  2⤵
  PID:8220
- C:\Windows\System\AYFgRER.exe
  C:\Windows\System\AYFgRER.exe
  2⤵
  PID:12172
- C:\Windows\System\PezclNw.exe
  C:\Windows\System\PezclNw.exe
  2⤵
  PID:11420
- C:\Windows\System\IILFvOs.exe
  C:\Windows\System\IILFvOs.exe
  2⤵
  PID:12168
- C:\Windows\System\uMNkxbE.exe
  C:\Windows\System\uMNkxbE.exe
  2⤵
  PID:10592
- C:\Windows\System\EabCWxM.exe
  C:\Windows\System\EabCWxM.exe
  2⤵
  PID:7348
- C:\Windows\System\sIFVVhM.exe
  C:\Windows\System\sIFVVhM.exe
  2⤵
  PID:11392
- C:\Windows\System\oIWTYjp.exe
  C:\Windows\System\oIWTYjp.exe
  2⤵
  PID:11292
- C:\Windows\System\HTbKCqQ.exe
  C:\Windows\System\HTbKCqQ.exe
  2⤵
  PID:7296
- C:\Windows\System\FzncoKZ.exe
  C:\Windows\System\FzncoKZ.exe
  2⤵
  PID:12308
- C:\Windows\System\xngIeaV.exe
  C:\Windows\System\xngIeaV.exe
  2⤵
  PID:12336
- C:\Windows\System\WhyEBKh.exe
  C:\Windows\System\WhyEBKh.exe
  2⤵
  PID:12364
- C:\Windows\System\oFMuMJF.exe
  C:\Windows\System\oFMuMJF.exe
  2⤵
  PID:12392
- C:\Windows\System\dViVvKX.exe
  C:\Windows\System\dViVvKX.exe
  2⤵
  PID:12420
- C:\Windows\System\LhRKRmj.exe
  C:\Windows\System\LhRKRmj.exe
  2⤵
  PID:12452
- C:\Windows\System\BgJOVHF.exe
  C:\Windows\System\BgJOVHF.exe
  2⤵
  PID:12480
- C:\Windows\System\SvkelJV.exe
  C:\Windows\System\SvkelJV.exe
  2⤵
  PID:12508
- C:\Windows\System\cOlmuGg.exe
  C:\Windows\System\cOlmuGg.exe
  2⤵
  PID:12536
- C:\Windows\System\JLmRLZY.exe
  C:\Windows\System\JLmRLZY.exe
  2⤵
  PID:12564
- C:\Windows\System\obpfkXt.exe
  C:\Windows\System\obpfkXt.exe
  2⤵
  PID:12592
- C:\Windows\System\AWBTHaE.exe
  C:\Windows\System\AWBTHaE.exe
  2⤵
  PID:12620
- C:\Windows\System\ciAMkDR.exe
  C:\Windows\System\ciAMkDR.exe
  2⤵
  PID:12648
- C:\Windows\System\eVZXJbk.exe
  C:\Windows\System\eVZXJbk.exe
  2⤵
  PID:12676
- C:\Windows\System\BEwrppm.exe
  C:\Windows\System\BEwrppm.exe
  2⤵
  PID:12704
- C:\Windows\System\YMeKbaI.exe
  C:\Windows\System\YMeKbaI.exe
  2⤵
  PID:12732
- C:\Windows\System\EasIZmW.exe
  C:\Windows\System\EasIZmW.exe
  2⤵
  PID:12760
- C:\Windows\System\uUIhaLs.exe
  C:\Windows\System\uUIhaLs.exe
  2⤵
  PID:12788
- C:\Windows\System\CLWfBtX.exe
  C:\Windows\System\CLWfBtX.exe
  2⤵
  PID:12816
- C:\Windows\System\hqSSdeh.exe
  C:\Windows\System\hqSSdeh.exe
  2⤵
  PID:12844
- C:\Windows\System\zFWGBBS.exe
  C:\Windows\System\zFWGBBS.exe
  2⤵
  PID:12872
- C:\Windows\System\BtyLLrm.exe
  C:\Windows\System\BtyLLrm.exe
  2⤵
  PID:12900
- C:\Windows\System\gTeCOFU.exe
  C:\Windows\System\gTeCOFU.exe
  2⤵
  PID:12928
- C:\Windows\System\KUPQNPl.exe
  C:\Windows\System\KUPQNPl.exe
  2⤵
  PID:12956
- C:\Windows\System\nAqPrpd.exe
  C:\Windows\System\nAqPrpd.exe
  2⤵
  PID:12988
- C:\Windows\System\yaJBAsT.exe
  C:\Windows\System\yaJBAsT.exe
  2⤵
  PID:13016
- C:\Windows\System\uNviPIx.exe
  C:\Windows\System\uNviPIx.exe
  2⤵
  PID:13044
- C:\Windows\System\vJteylc.exe
  C:\Windows\System\vJteylc.exe
  2⤵
  PID:13084
- C:\Windows\System\vsVDHIq.exe
  C:\Windows\System\vsVDHIq.exe
  2⤵
  PID:13100
- C:\Windows\System\WdBazjW.exe
  C:\Windows\System\WdBazjW.exe
  2⤵
  PID:13128
- C:\Windows\System\kvweeCo.exe
  C:\Windows\System\kvweeCo.exe
  2⤵
  PID:13156
- C:\Windows\System\XyXTYWN.exe
  C:\Windows\System\XyXTYWN.exe
  2⤵
  PID:13184
- C:\Windows\System\ZchcdqF.exe
  C:\Windows\System\ZchcdqF.exe
  2⤵
  PID:13212
- C:\Windows\System\jreTUMg.exe
  C:\Windows\System\jreTUMg.exe
  2⤵
  PID:13240
- C:\Windows\System\qVdOBot.exe
  C:\Windows\System\qVdOBot.exe
  2⤵
  PID:13268
- C:\Windows\System\uWEHBdr.exe
  C:\Windows\System\uWEHBdr.exe
  2⤵
  PID:13296
- C:\Windows\System\CJbhZDa.exe
  C:\Windows\System\CJbhZDa.exe
  2⤵
  PID:12324
- C:\Windows\System\IEdJpPI.exe
  C:\Windows\System\IEdJpPI.exe
  2⤵
  PID:12384
- C:\Windows\System\reRbdss.exe
  C:\Windows\System\reRbdss.exe
  2⤵
  PID:12448
- C:\Windows\System\PhUQtTQ.exe
  C:\Windows\System\PhUQtTQ.exe
  2⤵
  PID:12520
- C:\Windows\System\zYQOFtE.exe
  C:\Windows\System\zYQOFtE.exe
  2⤵
  PID:12584
- C:\Windows\System\bkXBiFt.exe
  C:\Windows\System\bkXBiFt.exe
  2⤵
  PID:12632
- C:\Windows\System\jPpJlXn.exe
  C:\Windows\System\jPpJlXn.exe
  2⤵
  PID:12688
- C:\Windows\System\isGuXUi.exe
  C:\Windows\System\isGuXUi.exe
  2⤵
  PID:12272
- C:\Windows\System\vBBKJGu.exe
  C:\Windows\System\vBBKJGu.exe
  2⤵
  PID:12808
- C:\Windows\System\TLRQlZg.exe
  C:\Windows\System\TLRQlZg.exe
  2⤵
  PID:12868
- C:\Windows\System\vkrQyXO.exe
  C:\Windows\System\vkrQyXO.exe
  2⤵
  PID:12940
- C:\Windows\System\wOeDuQY.exe
  C:\Windows\System\wOeDuQY.exe
  2⤵
  PID:13008
- C:\Windows\System\wmvbLRe.exe
  C:\Windows\System\wmvbLRe.exe
  2⤵
  PID:13076
- C:\Windows\System\txqPCfT.exe
  C:\Windows\System\txqPCfT.exe
  2⤵
  PID:13140
- C:\Windows\System\OmvnZSL.exe
  C:\Windows\System\OmvnZSL.exe
  2⤵
  PID:4496
- C:\Windows\System\bTHqlxu.exe
  C:\Windows\System\bTHqlxu.exe
  2⤵
  PID:13260
- C:\Windows\System\ygwDdJU.exe
  C:\Windows\System\ygwDdJU.exe
  2⤵
  PID:12304
- C:\Windows\System\KvqBCfB.exe
  C:\Windows\System\KvqBCfB.exe
  2⤵
  PID:12476
- C:\Windows\System\EIMqRsD.exe
  C:\Windows\System\EIMqRsD.exe
  2⤵
  PID:12612
- C:\Windows\System\zqPPdgC.exe
  C:\Windows\System\zqPPdgC.exe
  2⤵
  PID:12780
- C:\Windows\System\qLyvSIY.exe
  C:\Windows\System\qLyvSIY.exe
  2⤵
  PID:12920
- C:\Windows\System\dZmoTWi.exe
  C:\Windows\System\dZmoTWi.exe
  2⤵
  PID:13056
- C:\Windows\System\cZGjgDS.exe
  C:\Windows\System\cZGjgDS.exe
  2⤵
  PID:13196
- C:\Windows\System\TepwnrX.exe
  C:\Windows\System\TepwnrX.exe
  2⤵
  PID:12300
- C:\Windows\System\pupteef.exe
  C:\Windows\System\pupteef.exe
  2⤵
  PID:12608
- C:\Windows\System\SViNDfV.exe
  C:\Windows\System\SViNDfV.exe
  2⤵
  PID:13000
- C:\Windows\System\VoSynpx.exe
  C:\Windows\System\VoSynpx.exe
  2⤵
  PID:8448
- C:\Windows\System\eBqCvxq.exe
  C:\Windows\System\eBqCvxq.exe
  2⤵
  PID:12916
- C:\Windows\System\EfxdOHL.exe
  C:\Windows\System\EfxdOHL.exe
  2⤵
  PID:12576
- C:\Windows\System\BvXFkmF.exe
  C:\Windows\System\BvXFkmF.exe
  2⤵
  PID:13332
- C:\Windows\System\mVtyndN.exe
  C:\Windows\System\mVtyndN.exe
  2⤵
  PID:13368
- C:\Windows\System\bnqqBsv.exe
  C:\Windows\System\bnqqBsv.exe
  2⤵
  PID:13388
- C:\Windows\System\CDEmKwC.exe
  C:\Windows\System\CDEmKwC.exe
  2⤵
  PID:13416
- C:\Windows\System\hrynjve.exe
  C:\Windows\System\hrynjve.exe
  2⤵
  PID:13444
- C:\Windows\System\rTDgpHB.exe
  C:\Windows\System\rTDgpHB.exe
  2⤵
  PID:13472
- C:\Windows\System\ceHQIPt.exe
  C:\Windows\System\ceHQIPt.exe
  2⤵
  PID:13500
- C:\Windows\System\VGltzXH.exe
  C:\Windows\System\VGltzXH.exe
  2⤵
  PID:13528
- C:\Windows\System\UzVJIBz.exe
  C:\Windows\System\UzVJIBz.exe
  2⤵
  PID:13556
- C:\Windows\System\pTxWyrb.exe
  C:\Windows\System\pTxWyrb.exe
  2⤵
  PID:13584
- C:\Windows\System\bdXCoZp.exe
  C:\Windows\System\bdXCoZp.exe
  2⤵
  PID:13612
- C:\Windows\System\vxvYGxP.exe
  C:\Windows\System\vxvYGxP.exe
  2⤵
  PID:13640
- C:\Windows\System\zXECmQv.exe
  C:\Windows\System\zXECmQv.exe
  2⤵
  PID:13668
- C:\Windows\System\pkikIIB.exe
  C:\Windows\System\pkikIIB.exe
  2⤵
  PID:13696
- C:\Windows\System\WaMLnud.exe
  C:\Windows\System\WaMLnud.exe
  2⤵
  PID:13724
- C:\Windows\System\ZSoUfqL.exe
  C:\Windows\System\ZSoUfqL.exe
  2⤵
  PID:13752
- C:\Windows\System\ImPyell.exe
  C:\Windows\System\ImPyell.exe
  2⤵
  PID:13780
- C:\Windows\System\lDTMVIB.exe
  C:\Windows\System\lDTMVIB.exe
  2⤵
  PID:13808
- C:\Windows\System\tDkQjnw.exe
  C:\Windows\System\tDkQjnw.exe
  2⤵
  PID:13836
- C:\Windows\System\VcEeZnG.exe
  C:\Windows\System\VcEeZnG.exe
  2⤵
  PID:13864
- C:\Windows\System\DoeYtII.exe
  C:\Windows\System\DoeYtII.exe
  2⤵
  PID:13896
- C:\Windows\System\dXniCMo.exe
  C:\Windows\System\dXniCMo.exe
  2⤵
  PID:13924
- C:\Windows\System\adTnbmL.exe
  C:\Windows\System\adTnbmL.exe
  2⤵
  PID:13952
- C:\Windows\System\RdOsmso.exe
  C:\Windows\System\RdOsmso.exe
  2⤵
  PID:13980
- C:\Windows\System\QpGiTmE.exe
  C:\Windows\System\QpGiTmE.exe
  2⤵
  PID:14008
- C:\Windows\System\OkSxREX.exe
  C:\Windows\System\OkSxREX.exe
  2⤵
  PID:14036
- C:\Windows\System\uajSthO.exe
  C:\Windows\System\uajSthO.exe
  2⤵
  PID:14064
- C:\Windows\System\WXHJxZr.exe
  C:\Windows\System\WXHJxZr.exe
  2⤵
  PID:14092
- C:\Windows\System\YaEWBZJ.exe
  C:\Windows\System\YaEWBZJ.exe
  2⤵
  PID:14120
- C:\Windows\System\gEejelA.exe
  C:\Windows\System\gEejelA.exe
  2⤵
  PID:14148
- C:\Windows\System\ylsrpje.exe
  C:\Windows\System\ylsrpje.exe
  2⤵
  PID:14176
- C:\Windows\System\iEQNzgp.exe
  C:\Windows\System\iEQNzgp.exe
  2⤵
  PID:14204
- C:\Windows\System\JxFSsAq.exe
  C:\Windows\System\JxFSsAq.exe
  2⤵
  PID:14232
- C:\Windows\System\poObOgH.exe
  C:\Windows\System\poObOgH.exe
  2⤵
  PID:14260
- C:\Windows\System\xtNVQmd.exe
  C:\Windows\System\xtNVQmd.exe
  2⤵
  PID:14288
- C:\Windows\System\DYXzNvk.exe
  C:\Windows\System\DYXzNvk.exe
  2⤵
  PID:14316
- C:\Windows\System\UnFdBHy.exe
  C:\Windows\System\UnFdBHy.exe
  2⤵
  PID:13328
- C:\Windows\System\CcLUMAu.exe
  C:\Windows\System\CcLUMAu.exe
  2⤵
  PID:13400
- C:\Windows\System\vykiPsy.exe
  C:\Windows\System\vykiPsy.exe
  2⤵
  PID:13464
- C:\Windows\System\FWMTUMH.exe
  C:\Windows\System\FWMTUMH.exe
  2⤵
  PID:13524
- C:\Windows\System\uwoZnuf.exe
  C:\Windows\System\uwoZnuf.exe
  2⤵
  PID:13596
- C:\Windows\System\xlEPOFy.exe
  C:\Windows\System\xlEPOFy.exe
  2⤵
  PID:13636
- C:\Windows\System\YCVtQMh.exe
  C:\Windows\System\YCVtQMh.exe
  2⤵
  PID:13692
- C:\Windows\System\UKANtbw.exe
  C:\Windows\System\UKANtbw.exe
  2⤵
  PID:13764
- C:\Windows\System\qtlDCHB.exe
  C:\Windows\System\qtlDCHB.exe
  2⤵
  PID:13828
- C:\Windows\System\iwEaWEQ.exe
  C:\Windows\System\iwEaWEQ.exe
  2⤵
  PID:13892
- C:\Windows\System\OgmBDKo.exe
  C:\Windows\System\OgmBDKo.exe
  2⤵
  PID:13964
- C:\Windows\System\EukHcCx.exe
  C:\Windows\System\EukHcCx.exe
  2⤵
  PID:14004
- C:\Windows\System\ZyXHwQG.exe
  C:\Windows\System\ZyXHwQG.exe
  2⤵
  PID:14088
- C:\Windows\System\rqakRFP.exe
  C:\Windows\System\rqakRFP.exe
  2⤵
  PID:14160
- C:\Windows\System\HeoziRm.exe
  C:\Windows\System\HeoziRm.exe
  2⤵
  PID:14200
- C:\Windows\System\rRcMWAv.exe
  C:\Windows\System\rRcMWAv.exe
  2⤵
  PID:14300
- C:\Windows\System\BkBFKXX.exe
  C:\Windows\System\BkBFKXX.exe
  2⤵
  PID:13380
- C:\Windows\System\bnOOUTZ.exe
  C:\Windows\System\bnOOUTZ.exe
  2⤵
  PID:13456
- C:\Windows\System\lRExKLy.exe
  C:\Windows\System\lRExKLy.exe
  2⤵
  PID:13664
- C:\Windows\System\VBeKbaR.exe
  C:\Windows\System\VBeKbaR.exe
  2⤵
  PID:13884
- C:\Windows\System\WBlGUxr.exe
  C:\Windows\System\WBlGUxr.exe
  2⤵
  PID:13944
- C:\Windows\System\lJktgqY.exe
  C:\Windows\System\lJktgqY.exe
  2⤵
  PID:13948
- C:\Windows\System\hEksyYD.exe
  C:\Windows\System\hEksyYD.exe
  2⤵
  PID:14116
- C:\Windows\System\WLbSXZN.exe
  C:\Windows\System\WLbSXZN.exe
  2⤵
  PID:14188
- C:\Windows\System\yaqNJmC.exe
  C:\Windows\System\yaqNJmC.exe
  2⤵
  PID:13432
- C:\Windows\System\WyjwAqo.exe
  C:\Windows\System\WyjwAqo.exe
  2⤵
  PID:13792
- C:\Windows\System\llGfFTD.exe
  C:\Windows\System\llGfFTD.exe
  2⤵
  PID:5676
- C:\Windows\System\wyqiAZS.exe
  C:\Windows\System\wyqiAZS.exe
  2⤵
  PID:14272
- C:\Windows\System\xUSvSKz.exe
  C:\Windows\System\xUSvSKz.exe
  2⤵
  PID:13888
- C:\Windows\System\kbDTodi.exe
  C:\Windows\System\kbDTodi.exe
  2⤵
  PID:13720
- C:\Windows\System\voWbBcO.exe
  C:\Windows\System\voWbBcO.exe
  2⤵
  PID:14144
- C:\Windows\System\ynbdrWf.exe
  C:\Windows\System\ynbdrWf.exe
  2⤵
  PID:14368
- C:\Windows\System\dEmVNdF.exe
  C:\Windows\System\dEmVNdF.exe
  2⤵
  PID:14396
- C:\Windows\System\EUFwaqI.exe
  C:\Windows\System\EUFwaqI.exe
  2⤵
  PID:14424
- C:\Windows\System\phDVxgx.exe
  C:\Windows\System\phDVxgx.exe
  2⤵
  PID:14444
- C:\Windows\System\XeAITRS.exe
  C:\Windows\System\XeAITRS.exe
  2⤵
  PID:14480
- C:\Windows\System\aUVqBYY.exe
  C:\Windows\System\aUVqBYY.exe
  2⤵
  PID:14508
- C:\Windows\System\nDEqIrH.exe
  C:\Windows\System\nDEqIrH.exe
  2⤵
  PID:14536
- C:\Windows\System\oLTxCtj.exe
  C:\Windows\System\oLTxCtj.exe
  2⤵
  PID:14564
- C:\Windows\System\mEiyyhK.exe
  C:\Windows\System\mEiyyhK.exe
  2⤵
  PID:14596
- C:\Windows\System\FdydjKn.exe
  C:\Windows\System\FdydjKn.exe
  2⤵
  PID:14624
- C:\Windows\System\wtNTIDT.exe
  C:\Windows\System\wtNTIDT.exe
  2⤵
  PID:14652
- C:\Windows\System\wJZepiM.exe
  C:\Windows\System\wJZepiM.exe
  2⤵
  PID:14680
- C:\Windows\System\YKOYDIY.exe
  C:\Windows\System\YKOYDIY.exe
  2⤵
  PID:14708
- C:\Windows\System\GyIlrNm.exe
  C:\Windows\System\GyIlrNm.exe
  2⤵
  PID:14728
- C:\Windows\System\NargFLo.exe
  C:\Windows\System\NargFLo.exe
  2⤵
  PID:14756
- C:\Windows\System\KgwbpxE.exe
  C:\Windows\System\KgwbpxE.exe
  2⤵
  PID:14800
- C:\Windows\System\tJDNLgg.exe
  C:\Windows\System\tJDNLgg.exe
  2⤵
  PID:14824
- C:\Windows\System\qjsqPLK.exe
  C:\Windows\System\qjsqPLK.exe
  2⤵
  PID:14864
- C:\Windows\System\iQARYSb.exe
  C:\Windows\System\iQARYSb.exe
  2⤵
  PID:14892
- C:\Windows\System\ROQUaXA.exe
  C:\Windows\System\ROQUaXA.exe
  2⤵
  PID:14920
- C:\Windows\System\NImNYpN.exe
  C:\Windows\System\NImNYpN.exe
  2⤵
  PID:14936
- C:\Windows\System\tBAdJTI.exe
  C:\Windows\System\tBAdJTI.exe
  2⤵
  PID:14976
- C:\Windows\System\cVnNoZa.exe
  C:\Windows\System\cVnNoZa.exe
  2⤵
  PID:15004
- C:\Windows\System\PbfGXrk.exe
  C:\Windows\System\PbfGXrk.exe
  2⤵
  PID:15032
- C:\Windows\System\GLgoyhx.exe
  C:\Windows\System\GLgoyhx.exe
  2⤵
  PID:15108
- C:\Windows\System\OkIfXuQ.exe
  C:\Windows\System\OkIfXuQ.exe
  2⤵
  PID:15124
- C:\Windows\System\eGRzDMZ.exe
  C:\Windows\System\eGRzDMZ.exe
  2⤵
  PID:15192
- C:\Windows\System\lwDIBYi.exe
  C:\Windows\System\lwDIBYi.exe
  2⤵
  PID:15248
- C:\Windows\System\InsPFVa.exe
  C:\Windows\System\InsPFVa.exe
  2⤵
  PID:15348
- C:\Windows\System\gGPTdUF.exe
  C:\Windows\System\gGPTdUF.exe
  2⤵
  PID:14964
- C:\Windows\System\zqFQHyz.exe
  C:\Windows\System\zqFQHyz.exe
  2⤵
  PID:15068
- C:\Windows\System\uuHwccH.exe
  C:\Windows\System\uuHwccH.exe
  2⤵
  PID:15168
- C:\Windows\System\OmFVygB.exe
  C:\Windows\System\OmFVygB.exe
  2⤵
  PID:1120
- C:\Windows\System\agFnERw.exe
  C:\Windows\System\agFnERw.exe
  2⤵
  PID:15228
- C:\Windows\System\UOqiJhJ.exe
  C:\Windows\System\UOqiJhJ.exe
  2⤵
  PID:15324
- C:\Windows\System\xMpJHtl.exe
  C:\Windows\System\xMpJHtl.exe
  2⤵
  PID:15336
- C:\Windows\System\isKoXBf.exe
  C:\Windows\System\isKoXBf.exe
  2⤵
  PID:14380
- C:\Windows\System\gWxzlGL.exe
  C:\Windows\System\gWxzlGL.exe
  2⤵
  PID:14284
- C:\Windows\System\kuhYJbj.exe
  C:\Windows\System\kuhYJbj.exe
  2⤵
  PID:14616
- C:\Windows\System\wlOGzyA.exe
  C:\Windows\System\wlOGzyA.exe
  2⤵
  PID:14716
- C:\Windows\System\cntfyJA.exe
  C:\Windows\System\cntfyJA.exe
  2⤵
  PID:14764
- C:\Windows\System\PSGqLDo.exe
  C:\Windows\System\PSGqLDo.exe
  2⤵
  PID:3700
- C:\Windows\System\vwJxOSf.exe
  C:\Windows\System\vwJxOSf.exe
  2⤵
  PID:14904
- C:\Windows\System\uSwvrjI.exe
  C:\Windows\System\uSwvrjI.exe
  2⤵
  PID:820
- C:\Windows\System\BSDZMfZ.exe
  C:\Windows\System\BSDZMfZ.exe
  2⤵
  PID:15000
- C:\Windows\System\PLncqGj.exe
  C:\Windows\System\PLncqGj.exe
  2⤵
  PID:15044
- C:\Windows\System\skZqMZQ.exe
  C:\Windows\System\skZqMZQ.exe
  2⤵
  PID:15088
- C:\Windows\System\HSASEmi.exe
  C:\Windows\System\HSASEmi.exe
  2⤵
  PID:4532
- C:\Windows\System\YsexUSy.exe
  C:\Windows\System\YsexUSy.exe
  2⤵
  PID:15164
- C:\Windows\System\mOuoEyB.exe
  C:\Windows\System\mOuoEyB.exe
  2⤵
  PID:15208
- C:\Windows\System\RmhlHSB.exe
  C:\Windows\System\RmhlHSB.exe
  2⤵
  PID:15232
- C:\Windows\System\ktqIOkY.exe
  C:\Windows\System\ktqIOkY.exe
  2⤵
  PID:15264
- C:\Windows\System\gJHIaOV.exe
  C:\Windows\System\gJHIaOV.exe
  2⤵
  PID:15296
- C:\Windows\System\VKHxDGs.exe
  C:\Windows\System\VKHxDGs.exe
  2⤵
  PID:15292
- C:\Windows\System\mnuGnQb.exe
  C:\Windows\System\mnuGnQb.exe
  2⤵
  PID:2512
- C:\Windows\System\yeodXhq.exe
  C:\Windows\System\yeodXhq.exe
  2⤵
  PID:14340
- C:\Windows\System\udFbFbs.exe
  C:\Windows\System\udFbFbs.exe
  2⤵
  PID:2588
- C:\Windows\System\ArKnkGq.exe
  C:\Windows\System\ArKnkGq.exe
  2⤵
  PID:14476
- C:\Windows\System\xFAhcjx.exe
  C:\Windows\System\xFAhcjx.exe
  2⤵
  PID:14584
- C:\Windows\System\YqtMFkw.exe
  C:\Windows\System\YqtMFkw.exe
  2⤵
  PID:3992
- C:\Windows\System\SCIqPCn.exe
  C:\Windows\System\SCIqPCn.exe
  2⤵
  PID:14704
- C:\Windows\System\SSEIxpX.exe
  C:\Windows\System\SSEIxpX.exe
  2⤵
  PID:4672
- C:\Windows\System\nhdcVRf.exe
  C:\Windows\System\nhdcVRf.exe
  2⤵
  PID:14796
- C:\Windows\System\MBxKwuv.exe
  C:\Windows\System\MBxKwuv.exe
  2⤵
  PID:4564
- C:\Windows\System\LcwGnRu.exe
  C:\Windows\System\LcwGnRu.exe
  2⤵
  PID:14928
- C:\Windows\System\iytKREy.exe
  C:\Windows\System\iytKREy.exe
  2⤵
  PID:14996
- C:\Windows\System\AiEVsHm.exe
  C:\Windows\System\AiEVsHm.exe
  2⤵
  PID:1096
- C:\Windows\System\EOLjrea.exe
  C:\Windows\System\EOLjrea.exe
  2⤵
  PID:4776
- C:\Windows\System\droGbus.exe
  C:\Windows\System\droGbus.exe
  2⤵
  PID:15188
- C:\Windows\System\LaPcFMg.exe
  C:\Windows\System\LaPcFMg.exe
  2⤵
  PID:3736
- C:\Windows\System\RJDqJQV.exe
  C:\Windows\System\RJDqJQV.exe
  2⤵
  PID:15332
- C:\Windows\System\UsFTsZc.exe
  C:\Windows\System\UsFTsZc.exe
  2⤵
  PID:4780
- C:\Windows\System\QBHxPqG.exe
  C:\Windows\System\QBHxPqG.exe
  2⤵
  PID:15312
- C:\Windows\System\WsPgiQB.exe
  C:\Windows\System\WsPgiQB.exe
  2⤵
  PID:4196
- C:\Windows\System\Vahhndg.exe
  C:\Windows\System\Vahhndg.exe
  2⤵
  PID:4304
- C:\Windows\System\TYLknkq.exe
  C:\Windows\System\TYLknkq.exe
  2⤵
  PID:14640
- C:\Windows\System\aYdKLzH.exe
  C:\Windows\System\aYdKLzH.exe
  2⤵
  PID:14520
- C:\Windows\System\IOFHwOy.exe
  C:\Windows\System\IOFHwOy.exe
  2⤵
  PID:1684
- C:\Windows\System\XDSSvds.exe
  C:\Windows\System\XDSSvds.exe
  2⤵
  PID:4212
- C:\Windows\System\YYmcdON.exe
  C:\Windows\System\YYmcdON.exe
  2⤵
  PID:2568
- C:\Windows\System\ySwtvbB.exe
  C:\Windows\System\ySwtvbB.exe
  2⤵
  PID:3984
- C:\Windows\System\emrTrep.exe
  C:\Windows\System\emrTrep.exe
  2⤵
  PID:15084
- C:\Windows\System\aztBTjj.exe
  C:\Windows\System\aztBTjj.exe
  2⤵
  PID:2800
- C:\Windows\System\SSIPDMz.exe
  C:\Windows\System\SSIPDMz.exe
  2⤵
  PID:2848
- C:\Windows\System\jFoxNZy.exe
  C:\Windows\System\jFoxNZy.exe
  2⤵
  PID:15272
- C:\Windows\System\XcJjCIU.exe
  C:\Windows\System\XcJjCIU.exe
  2⤵
  PID:4936
- C:\Windows\System\UEilwXJ.exe
  C:\Windows\System\UEilwXJ.exe
  2⤵
  PID:468
- C:\Windows\System\RYXHQGe.exe
  C:\Windows\System\RYXHQGe.exe
  2⤵
  PID:1088
- C:\Windows\System\CNoUXxZ.exe
  C:\Windows\System\CNoUXxZ.exe
  2⤵
  PID:400
- C:\Windows\System\oyhoder.exe
  C:\Windows\System\oyhoder.exe
  2⤵
  PID:788
- C:\Windows\System\AfxCnVV.exe
  C:\Windows\System\AfxCnVV.exe
  2⤵
  PID:14876
- C:\Windows\System\bUASPLu.exe
  C:\Windows\System\bUASPLu.exe
  2⤵
  PID:3400
- C:\Windows\System\cAkbLpW.exe
  C:\Windows\System\cAkbLpW.exe
  2⤵
  PID:2488
- C:\Windows\System\pyXuhdN.exe
  C:\Windows\System\pyXuhdN.exe
  2⤵
  PID:2896
- C:\Windows\System\IzjujqS.exe
  C:\Windows\System\IzjujqS.exe
  2⤵
  PID:3768
- C:\Windows\System\yteVZHv.exe
  C:\Windows\System\yteVZHv.exe
  2⤵
  PID:2840
- C:\Windows\System\wXwQpFy.exe
  C:\Windows\System\wXwQpFy.exe
  2⤵
  PID:4932
- C:\Windows\System\wwVUyhc.exe
  C:\Windows\System\wwVUyhc.exe
  2⤵
  PID:14724
- C:\Windows\System\eFyxyyv.exe
  C:\Windows\System\eFyxyyv.exe
  2⤵
  PID:5132
- C:\Windows\System\PdJldys.exe
  C:\Windows\System\PdJldys.exe
  2⤵
  PID:5204
- C:\Windows\System\wtoYLCu.exe
  C:\Windows\System\wtoYLCu.exe
  2⤵
  PID:8440
- C:\Windows\System\ZRsZYwB.exe
  C:\Windows\System\ZRsZYwB.exe
  2⤵
  PID:6884
- C:\Windows\System\ssrjoNV.exe
  C:\Windows\System\ssrjoNV.exe
  2⤵
  PID:5316
- C:\Windows\System\JfUGLmu.exe
  C:\Windows\System\JfUGLmu.exe
  2⤵
  PID:5356
- C:\Windows\System\EBquBaB.exe
  C:\Windows\System\EBquBaB.exe
  2⤵
  PID:5428
- C:\Windows\System\tFdVSpU.exe
  C:\Windows\System\tFdVSpU.exe
  2⤵
  PID:5440
- C:\Windows\System\uNIoQPM.exe
  C:\Windows\System\uNIoQPM.exe
  2⤵
  PID:5484
- C:\Windows\System\TJyVGWO.exe
  C:\Windows\System\TJyVGWO.exe
  2⤵
  PID:6936
- C:\Windows\System\fazdwNK.exe
  C:\Windows\System\fazdwNK.exe
  2⤵
  PID:5524
- C:\Windows\System\BxiYGkQ.exe
  C:\Windows\System\BxiYGkQ.exe
  2⤵
  PID:5552
- C:\Windows\System\sEJzKZH.exe
  C:\Windows\System\sEJzKZH.exe
  2⤵
  PID:4204
- C:\Windows\System\GuwvPak.exe
  C:\Windows\System\GuwvPak.exe
  2⤵
  PID:1924
- C:\Windows\System\IZNjLaf.exe
  C:\Windows\System\IZNjLaf.exe
  2⤵
  PID:5496
- C:\Windows\System\DEoEGTZ.exe
  C:\Windows\System\DEoEGTZ.exe
  2⤵
  PID:5680
- C:\Windows\System\DxBJIlR.exe
  C:\Windows\System\DxBJIlR.exe
  2⤵
  PID:5372
- C:\Windows\System\khxuJfu.exe
  C:\Windows\System\khxuJfu.exe
  2⤵
  PID:1776
- C:\Windows\System\yHpzZMo.exe
  C:\Windows\System\yHpzZMo.exe
  2⤵
  PID:5636
- C:\Windows\System\tjBgShz.exe
  C:\Windows\System\tjBgShz.exe
  2⤵
  PID:5532
- C:\Windows\System\aEOdqrU.exe
  C:\Windows\System\aEOdqrU.exe
  2⤵
  PID:7068
- C:\Windows\System\jUpNcfg.exe
  C:\Windows\System\jUpNcfg.exe
  2⤵
  PID:6148
- C:\Windows\System\dbJBVYo.exe
  C:\Windows\System\dbJBVYo.exe
  2⤵
  PID:7116
- C:\Windows\System\iNZcklK.exe
  C:\Windows\System\iNZcklK.exe
  2⤵
  PID:5776
- C:\Windows\System\QDQDIYz.exe
  C:\Windows\System\QDQDIYz.exe
  2⤵
  PID:5984
- C:\Windows\System\JmvWauc.exe
  C:\Windows\System\JmvWauc.exe
  2⤵
  PID:5944
- C:\Windows\System\xpvEvBh.exe
  C:\Windows\System\xpvEvBh.exe
  2⤵
  PID:6408
- C:\Windows\System\FQSjClI.exe
  C:\Windows\System\FQSjClI.exe
  2⤵
  PID:6016
- C:\Windows\System\XQtmoGr.exe
  C:\Windows\System\XQtmoGr.exe
  2⤵
  PID:7088
- C:\Windows\System\SKgjCGB.exe
  C:\Windows\System\SKgjCGB.exe
  2⤵
  PID:5988
- C:\Windows\System\egZeWLW.exe
  C:\Windows\System\egZeWLW.exe
  2⤵
  PID:3756
- C:\Windows\System\QLrAebc.exe
  C:\Windows\System\QLrAebc.exe
  2⤵
  PID:4008
- C:\Windows\System\XkRmUjn.exe
  C:\Windows\System\XkRmUjn.exe
  2⤵
  PID:5732
- C:\Windows\System\YueoOTo.exe
  C:\Windows\System\YueoOTo.exe
  2⤵
  PID:6112
- C:\Windows\System\KvlhSwa.exe
  C:\Windows\System\KvlhSwa.exe
  2⤵
  PID:2228
- C:\Windows\System\sbmeBwX.exe
  C:\Windows\System\sbmeBwX.exe
  2⤵
  PID:5192
- C:\Windows\System\yFBeaBP.exe
  C:\Windows\System\yFBeaBP.exe
  2⤵
  PID:6520
- C:\Windows\System\zTMrABF.exe
  C:\Windows\System\zTMrABF.exe
  2⤵
  PID:1640
- C:\Windows\System\dFJDFLs.exe
  C:\Windows\System\dFJDFLs.exe
  2⤵
  PID:3096
- C:\Windows\System\zHPvGjn.exe
  C:\Windows\System\zHPvGjn.exe
  2⤵
  PID:5220
- C:\Windows\System\noGRhIc.exe
  C:\Windows\System\noGRhIc.exe
  2⤵
  PID:6560
- C:\Windows\System\ksTDLMU.exe
  C:\Windows\System\ksTDLMU.exe
  2⤵
  PID:2948
- C:\Windows\System\vYKjutv.exe
  C:\Windows\System\vYKjutv.exe
  2⤵
  PID:5444
- C:\Windows\System\pmIvIcJ.exe
  C:\Windows\System\pmIvIcJ.exe
  2⤵
  PID:5252
- C:\Windows\System\tXwrthl.exe
  C:\Windows\System\tXwrthl.exe
  2⤵
  PID:6072
- C:\Windows\System\caNPqAk.exe
  C:\Windows\System\caNPqAk.exe
  2⤵
  PID:6872
- C:\Windows\System\JwOIABt.exe
  C:\Windows\System\JwOIABt.exe
  2⤵
  PID:2764
- C:\Windows\System\QNgFLhu.exe
  C:\Windows\System\QNgFLhu.exe
  2⤵
  PID:6088
- C:\Windows\System\BhJAPek.exe
  C:\Windows\System\BhJAPek.exe
  2⤵
  PID:4076
- C:\Windows\System\gZftpKC.exe
  C:\Windows\System\gZftpKC.exe
  2⤵
  PID:6988
- C:\Windows\System\uEOeeNp.exe
  C:\Windows\System\uEOeeNp.exe
  2⤵
  PID:7112
- C:\Windows\System\zBhzuiK.exe
  C:\Windows\System\zBhzuiK.exe
  2⤵
  PID:6820
- C:\Windows\System\BWmxdQm.exe
  C:\Windows\System\BWmxdQm.exe
  2⤵
  PID:5424
- C:\Windows\System\ltarRkq.exe
  C:\Windows\System\ltarRkq.exe
  2⤵
  PID:5164
- C:\Windows\System\fhFJSQP.exe
  C:\Windows\System\fhFJSQP.exe
  2⤵
  PID:5644
- C:\Windows\System\lrxlxqF.exe
  C:\Windows\System\lrxlxqF.exe
  2⤵
  PID:5960
- C:\Windows\System\bSHRzEG.exe
  C:\Windows\System\bSHRzEG.exe
  2⤵
  PID:1200
- C:\Windows\System\IhNZtjF.exe
  C:\Windows\System\IhNZtjF.exe
  2⤵
  PID:6068
- C:\Windows\System\SDlVvQq.exe
  C:\Windows\System\SDlVvQq.exe
  2⤵
  PID:6160
- C:\Windows\System\NCJgddw.exe
  C:\Windows\System\NCJgddw.exe
  2⤵
  PID:6172
- C:\Windows\System\LilQjoo.exe
  C:\Windows\System\LilQjoo.exe
  2⤵
  PID:6200
- C:\Windows\System\FcbFKxl.exe
  C:\Windows\System\FcbFKxl.exe
  2⤵
  PID:6244
- C:\Windows\System\iQnMZxd.exe
  C:\Windows\System\iQnMZxd.exe
  2⤵
  PID:3712
- C:\Windows\System\fDmMEPK.exe
  C:\Windows\System\fDmMEPK.exe
  2⤵
  PID:7080
- C:\Windows\System\fpDgpeS.exe
  C:\Windows\System\fpDgpeS.exe
  2⤵
  PID:3524
- C:\Windows\System\NzMpvfj.exe
  C:\Windows\System\NzMpvfj.exe
  2⤵
  PID:6268
- C:\Windows\System\KuZSQHs.exe
  C:\Windows\System\KuZSQHs.exe
  2⤵
  PID:1336
- C:\Windows\System\GDAQtlw.exe
  C:\Windows\System\GDAQtlw.exe
  2⤵
  PID:1532
- C:\Windows\System\Oychipz.exe
  C:\Windows\System\Oychipz.exe
  2⤵
  PID:6700
- C:\Windows\System\nCUFrjl.exe
  C:\Windows\System\nCUFrjl.exe
  2⤵
  PID:6396
- C:\Windows\System\TDMkCPU.exe
  C:\Windows\System\TDMkCPU.exe
  2⤵
  PID:4480
- C:\Windows\System\UWrtRRY.exe
  C:\Windows\System\UWrtRRY.exe
  2⤵
  PID:6400
- C:\Windows\System\DnYwDws.exe
  C:\Windows\System\DnYwDws.exe
  2⤵
  PID:5012
- C:\Windows\System\bpxCzPn.exe
  C:\Windows\System\bpxCzPn.exe
  2⤵
  PID:6776
- C:\Windows\System\OazkRPB.exe
  C:\Windows\System\OazkRPB.exe
  2⤵
  PID:7420
- C:\Windows\System\tMinxzl.exe
  C:\Windows\System\tMinxzl.exe
  2⤵
  PID:6300
- C:\Windows\System\sSMCqPb.exe
  C:\Windows\System\sSMCqPb.exe
  2⤵
  PID:6916
- C:\Windows\System\kMINdTJ.exe
  C:\Windows\System\kMINdTJ.exe
  2⤵
  PID:6328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BOvgokS.exe

Filesize
6.0MB

MD5
5d3e7a67375de53c4a92c966bfa0e7bc

SHA1
863b59f797aa1a950d4fff91efbe5288a58ce19b

SHA256
812e3e707ec204d855948163378a3354e5271b1f3cfe45cfefd9e23dc9194cf3

SHA512
ca72231f22868501f822455fb797ddab009c072a2b65f8e6c7adfd043e25f942b11a9193eda5f51cdcc457a0bf4e97c568679f9d5c776c2f098133c100b7f418

Download Submit
C:\Windows\System\CnbUvwa.exe

Filesize
6.0MB

MD5
188cd7f745602ff970c0289ac62b48a8

SHA1
bf8211229c3c9757a6588d18411bf234bf89a031

SHA256
03776734b2a00edc7cad32da3e95d4e8dba7f0cbf72002995399d318be868f96

SHA512
06865fb068342df5182b07e965fce3962f7d3f9ad447837ef3d101bc737ba1bae8a82f609f591ec106a65184bfdaf5882abda7a5403abb5d9e0d4e0cc46a1fcf

Download Submit
C:\Windows\System\GExGwRO.exe

Filesize
6.0MB

MD5
1045a9f6af41a8256003eb29d351652f

SHA1
9ac4134ec8f79a0125bf7136eb1be21d0902fda6

SHA256
786c32d836fdb4e7ec2b7f1589a268a01414fff1d778fa9465c624eadc40c6ac

SHA512
072444fa8fe2d9a5deb1a2807ec0165f4167d1c85e6c05e5b86e22f83e378085c0eaef1d9ce7c10a5df2a44cfb465c5d2bf7b8ade9cccec8fd77ad3a574f0ce9

Download Submit
C:\Windows\System\GQzyQDz.exe

Filesize
6.0MB

MD5
3089e652507bdfb77e1062d24bab0dc8

SHA1
1a25604bec3282f388f0bcf8e7e3df79163772e7

SHA256
a79a243c831e4ca03982a9f44f04dbec5c93bf61bb6037668a0cf19684b63d40

SHA512
c1c78780c97d79d2744ddc7c3071b6d50366e46905ce0c6afcc87efd205f81f8cc778eb0ec7e130cf8ec8d38ad5313eae89457f6a7da522f1924e61910e4ef43

Download Submit
C:\Windows\System\JOTNEIG.exe

Filesize
6.0MB

MD5
51962bc3ffab740e1a51b4eba5c83760

SHA1
47131f0ed95db075134201ebd3ade67318be2723

SHA256
ec2aa8075d9b6949d9d11d320f27eb2fe6281b9b2e16f02af315e3719b0afed0

SHA512
d1544b684e4dd6c7ffd2e7af22dc57f37cd0136d8248db005399fa3eb0f5d96a412b9628ad5b81724f02ebc1b3354c7d3dbc5be934532406605b845fcc8b84b7

Download Submit
C:\Windows\System\JhZYwIP.exe

Filesize
6.0MB

MD5
7cbda1d4109c368a4850a389fafb1a38

SHA1
6eb9f02d7cef5040ea68f9cb9c11b868c4754215

SHA256
99d83e381270e5dace46b70d3bcc3f06133acba03e1b7118ac49a727cf5a5945

SHA512
93eae930c83ef13d6c44a4001d61842d25abdef03643132e6e19bd1e3aa3aa83ddb2d3241e7e32bc3c3e76a6caf64401c80858258b074312338e33736254c258

Download Submit
C:\Windows\System\LYCiKBX.exe

Filesize
6.0MB

MD5
99ebea60593e05cc17a934d258023d82

SHA1
3ac46e28eee48de0bc5375f26f6d1d31b8e1ef8d

SHA256
8efb9381381e6bb2bf4dbb97b0fd395cf045cf40d3286a5806623dbb7b4c5721

SHA512
123314e2e549c10297496d1b7938788d51b9c3683d04bbc53a44f3c4a548bca5d7ec2e2f5f5f6ffbf9d866e9548553658e3dc0a2985661783e1681c34fcfa857

Download Submit
C:\Windows\System\LrHoIcm.exe

Filesize
6.0MB

MD5
04c235751dbb027040dc20b5d12a4e5e

SHA1
88980be930fae87d199911e39b7e0f3b688729f5

SHA256
5d70ecd1aa65f8728d9f975ee5e6d2cabce6d353c2a72e5565048e46e15acd63

SHA512
6af5beef0a1dc069677b5fff2a9af23bc022ea14490a7dd2914db93214f74d4b375a3976923796d51416f2505ecd1033747a26a80e5a22c7990e7aa743fbcc06

Download Submit
C:\Windows\System\Lzvuogr.exe

Filesize
6.0MB

MD5
0fc2bd684ef11922b45d8e9d91e41322

SHA1
a2e3d9dcef97547e0915fa12d1555ae8319db5ec

SHA256
32632d65270d3797417545619e79266dc059e5900f82ac441041a188ffa1c279

SHA512
7f5b9b7cf2e0c1ead1b1347591a25c9d8b1330424411ef8d19341e6d026066fb5feac6bbb3b1106a84416c17c88c5772585633a6bd2302c3ce8cabfa85780f30

Download Submit
C:\Windows\System\MLvGMzi.exe

Filesize
6.0MB

MD5
8a926e0a05d7a17b519753ba40fb8c85

SHA1
fe1b9e5d0d0bad2948060fdb810adeaf9d3a6fde

SHA256
1e43f32a0a1ec96fa087edfeb0bbd202af4cc7440d6c0fdef89ea2d750fbba59

SHA512
4cfa3af9da82ed2df8db80725ab4fde40d3fe432c0f91246e140afb0161a808f16c573460420ac817670c456b8840e8d27d6c2bb2651179361cca4c2ffcf1d80

Download Submit
C:\Windows\System\NuvnVoh.exe

Filesize
6.0MB

MD5
04c72cfd7e9cdf6454db939127c172dd

SHA1
649b8dc387806ee6200a8f32cf0405a84805ff25

SHA256
33d0dd5f86e0b7b413973e871f7fc6801c376ca55609cc765c1b7bf15ff86550

SHA512
88be527664e4ba4cac0b0724786d882e47a738066a467d8de3b662f30648fee04d2afbdd165f908aa42634f96bb1c42d78948aaca7535812954e64566ba0a888

Download Submit
C:\Windows\System\POVxIOt.exe

Filesize
6.0MB

MD5
da98c588fdf5734f89ca1c1d87a6b2f5

SHA1
a891d4b6bd1bdf8224b317487aa6106bc6cfb519

SHA256
e0ae2dc19f173f535a2fd92c7711f4f6dd443798ae1654c41797dfd91a72a700

SHA512
4fec185663ac6bfdd93b3e7187c802006c38b644ad71d5c38f7baa9dbce7183fa5285b9fa718dd345503b2b3fb6e9b23714f4af89828337901930dcc54086b19

Download Submit
C:\Windows\System\PqbvAIR.exe

Filesize
6.0MB

MD5
b8ba3f475941c641f6cfef6ec2279d2f

SHA1
81bf7287e5b20996dce59e1bd6673a12bfe3f715

SHA256
1a48aa7668f060053f4477e2d23f8144f0a5750b42f4fd4ca63ee72d993304ad

SHA512
ca1a5a97bce0b54ec1d64191fc14a3492a1e4ea270ad9970cdc613fa2a2c3dcda3172382d98e398eabe01d2c6b644d2460e41462cba8d76b10845ef0fb6c48ef

Download Submit
C:\Windows\System\QvXMteo.exe

Filesize
6.0MB

MD5
f903edea7a0c2dffb7b535e1ff86c24f

SHA1
60f7774559b465e84b26272d50f8a2081a96df0c

SHA256
d3bebde3b9ebfcbe8c296185fd2fb9013b750bbdb7e3ac46dc595f205a9511e6

SHA512
4d77d66246ed1b62341ffa00fbbfadba2c04a2f3c7efd1154080d8ff947f1b4070c65806771a3cbc11298b6523d578cbeca435c8f4fa7915d23c6db1672a198b

Download Submit
C:\Windows\System\SwVBXEr.exe

Filesize
6.0MB

MD5
24f4591f34b262ac20feeb9e95a69f66

SHA1
153a6035916f068aad6636c9151557b71bf2f3eb

SHA256
df303e8fcb77a6fc23579d00ebdf487fdc8b93c76a845ac2621c2437cbdcbcc6

SHA512
f1c4881feb66c28384d391018bffe9d831301224fbc9df5cae7e01d1c5a416cf0775669479954279bb74f1ac895a576b4f6f436cb3795fb9f88a8795daf43955

Download Submit
C:\Windows\System\VIxBaAz.exe

Filesize
6.0MB

MD5
074a27dca99387f074a09d784c09d7d4

SHA1
a532b49a42e0bf41d21fd5e7465f54fb73625ce4

SHA256
6a858b5097d61e1a1d73fc412e2b3d3c5639a8cb371a9dd9d7ae8f72dfa757c3

SHA512
3ee7b39a5c8b2bfec180256a3b5017969e2e11d4e912452bb61880804f6953c399b57d5a142c041dcd56eca370a106cab41a5d74c3f74a6efe9ddb7c141363bb

Download Submit
C:\Windows\System\WoYMwff.exe

Filesize
6.0MB

MD5
0866f76f5ffdd7ef3b4cbd43857da8d9

SHA1
ae1e56044974cf80065eb2c12441e1ba9973807e

SHA256
8c2b23535ab78404e94c9271fc8cfded10feef5a1f7d1970ea5b6b617e174329

SHA512
41ea8b1f84213c6a5db67a30b6ffa390d40034c6f92d39c4ebc88ffcf3a91e26b7d97db911a623552d62ba4a788ae29f5b3acc5f84faa2648c79d93052519d3d

Download Submit
C:\Windows\System\YroNWqt.exe

Filesize
6.0MB

MD5
bd47da94a53248969b458976a31589ac

SHA1
b0ef3610f42e8dadffadfec43d3af14f4e833e8b

SHA256
6e5fe20b0d891f55bd93c554c6d5e9f5ff283009ea9461c80ebaf6756a6e0282

SHA512
689281991357f6813c44193adb628bbe6fa6890be4ebb66e6b66e9b5b93829fd9c04cdab5fa98747061bf24ea92621e1a2f709f480670c68b5ac672862b18a6f

Download Submit
C:\Windows\System\ZHPJXyG.exe

Filesize
6.0MB

MD5
e90202a9614e772b98240d1787492ce7

SHA1
ee4e39f1343858a7a645da49699d6cc29b0b84de

SHA256
602f229e573869f05c1249f6c679aaa96b76f6cdf6be9b705dd5eaf2f51f6618

SHA512
c7c93a368e8362bebbd2325d1bce0f174105dd8cfe9663d86cc3e9fd749da1bce3bcecc67c4f13f7bf1d474d75db9e571f4495c088fc42be95128ffd143a2752

Download Submit
C:\Windows\System\aTfNEkm.exe

Filesize
6.0MB

MD5
ee5297424c3bed1a38d2c7e445f75139

SHA1
c33f66370dfce1d17927425f725e1a3bb93dbb9d

SHA256
3ded3b3b5a30e93d02f19455c486bdf94da4bd2182a10190e833fcdd495b48d6

SHA512
eefde435bfafbfc0c9c4107f9edd765bda51812105fc78b7892a6627248c3a8ee3355584372e4bedcb5357405d85187341fb0866e577d7e532f8dc85a1e46766

Download Submit
C:\Windows\System\amMYqGO.exe

Filesize
6.0MB

MD5
d7f605c6dd73970bf96a02b8a1164138

SHA1
dc583f66372a081da749921fb85af5c00a051d6f

SHA256
3f7dfb8811583f59d6610cb8ace2b2771c9c2a51d3b775b2ba64ab3c6014f75e

SHA512
5303a6e2f82c65cc54fb01d25489845b0e13d80e31e3a89bae81949bc3bd1532fb6908559c5b96ba4cefd226d21f5d78a1339b0c81ca38bdeec978928af4070b

Download Submit
C:\Windows\System\biQvFaE.exe

Filesize
6.0MB

MD5
65b7aebe0ac06bb77fbef5a1f8f85590

SHA1
9d09e09bc9afc40c0a37da11fb772d176228e785

SHA256
7bbe7b9df905e93aa6abf1e1f4fafb50de80c7a3e8085ee0e8366b77167552a4

SHA512
87088edbea8802abb3bec0dd3cdb4027d9f024353134cd4d1491615e0d67e0e77fab6b0330ecf1215ce2b0f7e4e3afc3b875be55870bf02b89503f8e64925894

Download Submit
C:\Windows\System\dBxPxFu.exe

Filesize
6.0MB

MD5
24e870de6751cbc3545d7a40629edb59

SHA1
15ffc23d41c257cca2f572af1e57b7ac6e84397b

SHA256
b6501fa0fe573ac34460aedbc0dcef4e34aabd90ec465b541a362d7325c8e9d1

SHA512
d44bd864f4ce68e1a70624f876908ad003057016296c380db6389b67217ef0d44b8667c036f9b905fb8be0f97b42da89c5c9039c9d90e29813272a643c004139

Download Submit
C:\Windows\System\dLcOwJQ.exe

Filesize
6.0MB

MD5
d78195c1d6749fa44e4bd6351f15e76e

SHA1
0721362b4619fefc9f910b8dc62265f64131da32

SHA256
7afb84f9616a921c907659adee69d7b5d4a58e674bea6c55746ac0acccc3c8a8

SHA512
22a40c71e0c822c8c92b5607bb54866f9cef786eb8e47405afaaf2f5efc5f3c58d712e285e4e6c5aaa4e8ca9460eaec57a9595466560ffda12490cb5d7205875

Download Submit
C:\Windows\System\eEEAuqd.exe

Filesize
6.0MB

MD5
f21f6426c9555bdb0cdfb7563d319f81

SHA1
d9501f8aacacedc157d07ed5d0c9844bedc1adf8

SHA256
e6ec4a5905f89f69d6b57f242390ab9dd9104e62451f4957005780e62a6d7487

SHA512
ddf41c55f17e5b340d99fcc88a60445979e5553cf08c02f5dd34157814cada32ad45d39efea622fbd16e501853ad81dea8e707bdf1dbcba24e0fc11d5e33c6d2

Download Submit
C:\Windows\System\fFsJXqr.exe

Filesize
6.0MB

MD5
ad47ea5ea2d98c53551c38b531ab62b2

SHA1
db7a564c1d823c353bc877da83b5115118f2140a

SHA256
d6b62d4aaf31606371f11b6eaf8d4a388be3073c5909a33a913a0c138f44f68f

SHA512
d5d02e2d54a8402dfa127dd3c25774c5a72cf46ab23e80387330de2d3167fb86cda659e4c1883f12870ce7d601628c120d1302971400dbc7e1820b0811801224

Download Submit
C:\Windows\System\jzlMgoJ.exe

Filesize
6.0MB

MD5
eb053acbddba17dc25c1d9090f1683ed

SHA1
a8f66a1bbade16067a37159f452b0a1933e70203

SHA256
57d394b1a2e1685e1ee4c56d7902bad8b46587cefe4436e5e034b65b83fe7c9f

SHA512
4588d5593910ba9d2b3681e11f8550f070a33977f7e8f8a6861b0e3bc0c9e1ef578e081171661b0669b76d62b2087732f132879d6324d681a1a475d7e0c9572e

Download Submit
C:\Windows\System\lXyBlhX.exe

Filesize
6.0MB

MD5
46854625cc06adaf3fe7d7cbd3cd7151

SHA1
9f0b8a6547be1b472676939a872e914f8d90050a

SHA256
793ba39399ca4b7342bdf09f0bddc77530752c57d08faf224a187043d07568d8

SHA512
a3098be230ddd2221c4b7a13695e9227594af8d41d8115ebbdc52343ae7184c6f4c1f42fbea6fc806da96c4bfcd316031badcc8516036b0864131d1f7de5472e

Download Submit
C:\Windows\System\pIzxQhx.exe

Filesize
6.0MB

MD5
6ef6dc31f1f00b563ef7041f0fb98bca

SHA1
c41ac1e1731b341e94115f261b11b37f39ad2e4b

SHA256
53f7db1f871d1ba5699b3d996c5d54dd2fd148b95c0211acc3181a8c837d64f6

SHA512
1d777a12f0e6d0b45918c30c0976a33e1f8845dde9ef660152000ac359ae001da52a77ba082c1c9104056f972101ac9c87f22f810b3d3a4fe4e9503663edc658

Download Submit
C:\Windows\System\pLVOwlA.exe

Filesize
6.0MB

MD5
5290fd49b6cc281f3e96b526df81ddf8

SHA1
823e2d028d88abbc01a3ea9d0e2c337295d53d02

SHA256
489c4983140e112a01ab368e26f3fbeb101addf3b3629f6ab2f0893e48106695

SHA512
9d8ecaa5cc0203a9315449177d5242b6bbcf4f2e0c7b33b761266811f7bcc6e5b2653530da609315fa3fc60d8e1bbe9324367d9ce11853ff83134184c2f945f2

Download Submit
C:\Windows\System\vqgjSks.exe

Filesize
6.0MB

MD5
dfa17cbf39f30f072fc13596a5c68fdc

SHA1
98dc6db91dd61c642b99efbf0d03809d51ef26fc

SHA256
be46dcf503622027ca698722b8718e3fdffecfd4cabc463563997d93767757f4

SHA512
dc5db7309e40d601d017340ed49dbf3a47272a7158d08f5833f55fba6affdee35a875e9fbb24f6e077e2968281dfbcfeff303c31904384914031de7bd520e349

Download Submit
C:\Windows\System\wMOpmoH.exe

Filesize
6.0MB

MD5
30b0dfa2ddc3d0aa90a6542e57b45377

SHA1
0596c3ba16a5c548fb09b79da1580bd1338360ad

SHA256
7cc6eca071b5d56b1fdb70c9bd61e633f2af2dedd107d16b82f3d51b94a9bc2e

SHA512
6f245e2719a44bf91b581d928b7072860ad69098018b79734d402ce9d80a813ae989869d6b9478252d0473fb9f5bf30c426b49538521cbb4d29e2d4a60522fba

Download Submit
C:\Windows\System\wRFXIbT.exe

Filesize
6.0MB

MD5
bff9bc1fbb48ab546de3e8a1a9381919

SHA1
724b6ef32f511ac63ad4e11c4c030fce1a497c0b

SHA256
da00d48d5da129dca8c8fa74d87f091e5302970c4d84627aa760dd7687031e6d

SHA512
2dcf73ccabb014986de2aba1a8dedd909a58761729a084ae39709f4d99bb1495cba6f6e7f35d4bb31de58ee560d5495e9aab5a168fbbee36717b12f72acc11b9

Download Submit
memory/60-2399-0x00007FF737CB0000-0x00007FF738004000-memory.dmp

Filesize
3.3MB

Download
memory/60-589-0x00007FF737CB0000-0x00007FF738004000-memory.dmp

Filesize
3.3MB

Download
memory/1396-24-0x00007FF694990000-0x00007FF694CE4000-memory.dmp

Filesize
3.3MB

Download
memory/1396-2228-0x00007FF694990000-0x00007FF694CE4000-memory.dmp

Filesize
3.3MB

Download
memory/1396-710-0x00007FF694990000-0x00007FF694CE4000-memory.dmp

Filesize
3.3MB

Download
memory/1432-563-0x00007FF776920000-0x00007FF776C74000-memory.dmp

Filesize
3.3MB

Download
memory/1444-13-0x00007FF794080000-0x00007FF7943D4000-memory.dmp

Filesize
3.3MB

Download
memory/1444-619-0x00007FF794080000-0x00007FF7943D4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-567-0x00007FF7E51A0000-0x00007FF7E54F4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-579-0x00007FF6DA280000-0x00007FF6DA5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-2379-0x00007FF6DA280000-0x00007FF6DA5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-2395-0x00007FF7B2230000-0x00007FF7B2584000-memory.dmp

Filesize
3.3MB

Download
memory/2376-588-0x00007FF7B2230000-0x00007FF7B2584000-memory.dmp

Filesize
3.3MB

Download
memory/2452-564-0x00007FF70D010000-0x00007FF70D364000-memory.dmp

Filesize
3.3MB

Download
memory/2528-599-0x00007FF739020000-0x00007FF739374000-memory.dmp

Filesize
3.3MB

Download
memory/2528-2414-0x00007FF739020000-0x00007FF739374000-memory.dmp

Filesize
3.3MB

Download
memory/2564-595-0x00007FF71CE50000-0x00007FF71D1A4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-2412-0x00007FF71CE50000-0x00007FF71D1A4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-580-0x00007FF6CAC40000-0x00007FF6CAF94000-memory.dmp

Filesize
3.3MB

Download
memory/2684-590-0x00007FF6C3990000-0x00007FF6C3CE4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-591-0x00007FF6BF510000-0x00007FF6BF864000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1005-0x00007FF611B70000-0x00007FF611EC4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-56-0x00007FF611B70000-0x00007FF611EC4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-38-0x00007FF6FD5D0000-0x00007FF6FD924000-memory.dmp

Filesize
3.3MB

Download
memory/2944-1003-0x00007FF7E44E0000-0x00007FF7E4834000-memory.dmp

Filesize
3.3MB

Download
memory/2944-42-0x00007FF7E44E0000-0x00007FF7E4834000-memory.dmp

Filesize
3.3MB

Download
memory/3472-581-0x00007FF628180000-0x00007FF6284D4000-memory.dmp

Filesize
3.3MB

Download
memory/3888-585-0x00007FF70E2F0000-0x00007FF70E644000-memory.dmp

Filesize
3.3MB

Download
memory/3968-565-0x00007FF72ED10000-0x00007FF72F064000-memory.dmp

Filesize
3.3MB

Download
memory/4016-669-0x00007FF76C5E0000-0x00007FF76C934000-memory.dmp

Filesize
3.3MB

Download
memory/4016-18-0x00007FF76C5E0000-0x00007FF76C934000-memory.dmp

Filesize
3.3MB

Download
memory/4168-604-0x00007FF74D900000-0x00007FF74DC54000-memory.dmp

Filesize
3.3MB

Download
memory/4168-8-0x00007FF74D900000-0x00007FF74DC54000-memory.dmp

Filesize
3.3MB

Download
memory/4448-587-0x00007FF6FD490000-0x00007FF6FD7E4000-memory.dmp

Filesize
3.3MB

Download
memory/4448-2393-0x00007FF6FD490000-0x00007FF6FD7E4000-memory.dmp

Filesize
3.3MB

Download
memory/4460-58-0x00007FF6D5100000-0x00007FF6D5454000-memory.dmp

Filesize
3.3MB

Download
memory/4460-0-0x00007FF6D5100000-0x00007FF6D5454000-memory.dmp

Filesize
3.3MB

Download
memory/4460-1-0x000001F4F30C0000-0x000001F4F30D0000-memory.dmp

Filesize
64KB

Download
memory/4468-2407-0x00007FF7DFC30000-0x00007FF7DFF84000-memory.dmp

Filesize
3.3MB

Download
memory/4468-594-0x00007FF7DFC30000-0x00007FF7DFF84000-memory.dmp

Filesize
3.3MB

Download
memory/4584-30-0x00007FF6DF240000-0x00007FF6DF594000-memory.dmp

Filesize
3.3MB

Download
memory/4584-775-0x00007FF6DF240000-0x00007FF6DF594000-memory.dmp

Filesize
3.3MB

Download
memory/4800-2360-0x00007FF745360000-0x00007FF7456B4000-memory.dmp

Filesize
3.3MB

Download
memory/4800-605-0x00007FF745360000-0x00007FF7456B4000-memory.dmp

Filesize
3.3MB

Download
memory/4820-2390-0x00007FF6CE200000-0x00007FF6CE554000-memory.dmp

Filesize
3.3MB

Download
memory/4820-586-0x00007FF6CE200000-0x00007FF6CE554000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2373-0x00007FF6261A0000-0x00007FF6264F4000-memory.dmp

Filesize
3.3MB

Download
memory/4832-573-0x00007FF6261A0000-0x00007FF6264F4000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2372-0x00007FF7B2F30000-0x00007FF7B3284000-memory.dmp

Filesize
3.3MB

Download
memory/4944-572-0x00007FF7B2F30000-0x00007FF7B3284000-memory.dmp

Filesize
3.3MB

Download
memory/5020-600-0x00007FF699EB0000-0x00007FF69A204000-memory.dmp

Filesize
3.3MB

Download
memory/5020-2413-0x00007FF699EB0000-0x00007FF69A204000-memory.dmp

Filesize
3.3MB

Download