cobaltstrike | e6f42c4c405a4738a1e4c91147d124498db7d46f5f21ceb5d8488bae5594dfad

Analysis

max time kernel
116s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/01/2025, 11:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a3a5b28e8a47ac60ea1120ccc90dcccb
SHA1

70ab1ef3ec09a74dd8bb533aeac12dd7c7827f75
SHA256

e6f42c4c405a4738a1e4c91147d124498db7d46f5f21ceb5d8488bae5594dfad
SHA512

693c761bb33beaff6ebb134a45a84fd8e07c3ad8dc617ea860e8e7942339333c91f00176db5b332922257067c17c99a63ef9e01dfd8969df246b099e64c9cfad
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUz:T+q56utgpPF8u/7z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023ca0-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca5-9.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca6-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca8-31.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca7-34.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca9-41.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caa-43.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cab-53.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023ca1-58.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cad-66.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-71.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-88.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb2-93.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-98.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-82.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-109.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb4-114.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb5-121.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb6-127.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb7-134.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb8-139.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb9-148.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbb-160.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbc-171.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbd-170.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbe-181.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cba-161.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbf-187.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc3-199.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc2-197.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc4-204.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/336-0-0x00007FF782FE0000-0x00007FF783334000-memory.dmp	xmrig
behavioral2/files/0x0008000000023ca0-4.dat	xmrig
behavioral2/files/0x0007000000023ca5-9.dat	xmrig
behavioral2/memory/4800-14-0x00007FF6C20F0000-0x00007FF6C2444000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca6-23.dat	xmrig
behavioral2/memory/852-26-0x00007FF64A5D0000-0x00007FF64A924000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca8-31.dat	xmrig
behavioral2/files/0x0007000000023ca7-34.dat	xmrig
behavioral2/files/0x0007000000023ca9-41.dat	xmrig
behavioral2/files/0x0007000000023caa-43.dat	xmrig
behavioral2/memory/3632-49-0x00007FF6B10E0000-0x00007FF6B1434000-memory.dmp	xmrig
behavioral2/memory/688-44-0x00007FF622F10000-0x00007FF623264000-memory.dmp	xmrig
behavioral2/memory/4844-42-0x00007FF709380000-0x00007FF7096D4000-memory.dmp	xmrig
behavioral2/memory/3624-33-0x00007FF756CC0000-0x00007FF757014000-memory.dmp	xmrig
behavioral2/memory/2296-21-0x00007FF684E50000-0x00007FF6851A4000-memory.dmp	xmrig
behavioral2/memory/3420-13-0x00007FF77CE80000-0x00007FF77D1D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca4-11.dat	xmrig
behavioral2/files/0x0007000000023cab-53.dat	xmrig
behavioral2/memory/884-54-0x00007FF7AF5F0000-0x00007FF7AF944000-memory.dmp	xmrig
behavioral2/files/0x0008000000023ca1-58.dat	xmrig
behavioral2/memory/2944-62-0x00007FF77A740000-0x00007FF77AA94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cad-66.dat	xmrig
behavioral2/files/0x0007000000023cae-71.dat	xmrig
behavioral2/memory/336-70-0x00007FF782FE0000-0x00007FF783334000-memory.dmp	xmrig
behavioral2/memory/2964-79-0x00007FF629180000-0x00007FF6294D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023caf-88.dat	xmrig
behavioral2/memory/1096-90-0x00007FF6288E0000-0x00007FF628C34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb2-93.dat	xmrig
behavioral2/memory/2636-95-0x00007FF612B30000-0x00007FF612E84000-memory.dmp	xmrig
behavioral2/memory/2296-97-0x00007FF684E50000-0x00007FF6851A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb1-98.dat	xmrig
behavioral2/memory/316-96-0x00007FF7E0EC0000-0x00007FF7E1214000-memory.dmp	xmrig
behavioral2/memory/1428-94-0x00007FF713110000-0x00007FF713464000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb0-82.dat	xmrig
behavioral2/memory/3500-75-0x00007FF70E6E0000-0x00007FF70EA34000-memory.dmp	xmrig
behavioral2/memory/3420-74-0x00007FF77CE80000-0x00007FF77D1D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb3-109.dat	xmrig
behavioral2/memory/688-108-0x00007FF622F10000-0x00007FF623264000-memory.dmp	xmrig
behavioral2/memory/400-111-0x00007FF794DB0000-0x00007FF795104000-memory.dmp	xmrig
behavioral2/memory/3624-107-0x00007FF756CC0000-0x00007FF757014000-memory.dmp	xmrig
behavioral2/memory/4844-103-0x00007FF709380000-0x00007FF7096D4000-memory.dmp	xmrig
behavioral2/memory/852-102-0x00007FF64A5D0000-0x00007FF64A924000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb4-114.dat	xmrig
behavioral2/memory/1876-115-0x00007FF68D7A0000-0x00007FF68DAF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb5-121.dat	xmrig
behavioral2/memory/884-123-0x00007FF7AF5F0000-0x00007FF7AF944000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb6-127.dat	xmrig
behavioral2/files/0x0007000000023cb7-134.dat	xmrig
behavioral2/files/0x0007000000023cb8-139.dat	xmrig
behavioral2/memory/1096-141-0x00007FF6288E0000-0x00007FF628C34000-memory.dmp	xmrig
behavioral2/memory/3604-143-0x00007FF71FB50000-0x00007FF71FEA4000-memory.dmp	xmrig
behavioral2/memory/3864-142-0x00007FF6C90B0000-0x00007FF6C9404000-memory.dmp	xmrig
behavioral2/memory/1028-140-0x00007FF6FFCC0000-0x00007FF700014000-memory.dmp	xmrig
behavioral2/memory/2964-137-0x00007FF629180000-0x00007FF6294D4000-memory.dmp	xmrig
behavioral2/memory/2944-130-0x00007FF77A740000-0x00007FF77AA94000-memory.dmp	xmrig
behavioral2/memory/2772-126-0x00007FF7EDE40000-0x00007FF7EE194000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb9-148.dat	xmrig
behavioral2/memory/5100-157-0x00007FF7237A0000-0x00007FF723AF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbb-160.dat	xmrig
behavioral2/memory/3916-162-0x00007FF6C7310000-0x00007FF6C7664000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbc-171.dat	xmrig
behavioral2/files/0x0007000000023cbd-170.dat	xmrig
behavioral2/memory/920-177-0x00007FF7D47E0000-0x00007FF7D4B34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbe-181.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3420	VCaSqBL.exe
4800	UZGohJj.exe
2296	ahQCwQI.exe
852	DaVSYwg.exe
3624	GBfqfbn.exe
4844	KKSnpAI.exe
3632	gQsfSEJ.exe
688	kTVdodx.exe
884	nminUJw.exe
2944	NSPfown.exe
3500	sDtjDMz.exe
2964	jCDKntA.exe
1428	Bokcucf.exe
1096	Zouzchz.exe
2636	KGtjDRb.exe
316	lykeBMJ.exe
400	TpbCxXX.exe
1876	jskdSFN.exe
2772	btMnyzU.exe
1028	zOyMIIG.exe
3864	ctMLCrF.exe
3604	fClxqGJ.exe
2760	RNJepLI.exe
5100	ydAtncf.exe
3916	epyTyyj.exe
3208	xohypGT.exe
920	qvvZznq.exe
3912	bOfYTia.exe
2780	GYXoqqq.exe
1136	ZMDLZCL.exe
2140	pqUZtxA.exe
2384	vpVDIRT.exe
4840	oqIGJCp.exe
1320	KSoJgbG.exe
464	MFdfnjC.exe
4344	tGyksMJ.exe
4420	bzDYHLh.exe
4816	HmuzHXE.exe
4092	llXHwPk.exe
4856	rDZYYDt.exe
3748	QZriBNB.exe
4664	UvwsKBg.exe
4584	ExMoGEv.exe
1536	YuaxFXX.exe
3472	GhNCAGM.exe
3388	zsRmXWj.exe
2836	jYywwec.exe
2564	XlPmhEX.exe
3784	yvlAszG.exe
2644	YMHYDVu.exe
1408	tFcHotW.exe
3256	NcaQUVO.exe
3148	WgBEjLZ.exe
2320	gfurjBH.exe
3928	SbKqaIa.exe
4080	gZqxZzm.exe
3516	yuGjZyd.exe
1700	rIFlduw.exe
668	qeBBtEo.exe
2444	hsSRKou.exe
3952	WwKoyta.exe
3532	bAXLsph.exe
724	iNRrxJT.exe
4076	HJeumYE.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/336-0-0x00007FF782FE0000-0x00007FF783334000-memory.dmp	upx
behavioral2/files/0x0008000000023ca0-4.dat	upx
behavioral2/files/0x0007000000023ca5-9.dat	upx
behavioral2/memory/4800-14-0x00007FF6C20F0000-0x00007FF6C2444000-memory.dmp	upx
behavioral2/files/0x0007000000023ca6-23.dat	upx
behavioral2/memory/852-26-0x00007FF64A5D0000-0x00007FF64A924000-memory.dmp	upx
behavioral2/files/0x0007000000023ca8-31.dat	upx
behavioral2/files/0x0007000000023ca7-34.dat	upx
behavioral2/files/0x0007000000023ca9-41.dat	upx
behavioral2/files/0x0007000000023caa-43.dat	upx
behavioral2/memory/3632-49-0x00007FF6B10E0000-0x00007FF6B1434000-memory.dmp	upx
behavioral2/memory/688-44-0x00007FF622F10000-0x00007FF623264000-memory.dmp	upx
behavioral2/memory/4844-42-0x00007FF709380000-0x00007FF7096D4000-memory.dmp	upx
behavioral2/memory/3624-33-0x00007FF756CC0000-0x00007FF757014000-memory.dmp	upx
behavioral2/memory/2296-21-0x00007FF684E50000-0x00007FF6851A4000-memory.dmp	upx
behavioral2/memory/3420-13-0x00007FF77CE80000-0x00007FF77D1D4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca4-11.dat	upx
behavioral2/files/0x0007000000023cab-53.dat	upx
behavioral2/memory/884-54-0x00007FF7AF5F0000-0x00007FF7AF944000-memory.dmp	upx
behavioral2/files/0x0008000000023ca1-58.dat	upx
behavioral2/memory/2944-62-0x00007FF77A740000-0x00007FF77AA94000-memory.dmp	upx
behavioral2/files/0x0007000000023cad-66.dat	upx
behavioral2/files/0x0007000000023cae-71.dat	upx
behavioral2/memory/336-70-0x00007FF782FE0000-0x00007FF783334000-memory.dmp	upx
behavioral2/memory/2964-79-0x00007FF629180000-0x00007FF6294D4000-memory.dmp	upx
behavioral2/files/0x0007000000023caf-88.dat	upx
behavioral2/memory/1096-90-0x00007FF6288E0000-0x00007FF628C34000-memory.dmp	upx
behavioral2/files/0x0007000000023cb2-93.dat	upx
behavioral2/memory/2636-95-0x00007FF612B30000-0x00007FF612E84000-memory.dmp	upx
behavioral2/memory/2296-97-0x00007FF684E50000-0x00007FF6851A4000-memory.dmp	upx
behavioral2/files/0x0007000000023cb1-98.dat	upx
behavioral2/memory/316-96-0x00007FF7E0EC0000-0x00007FF7E1214000-memory.dmp	upx
behavioral2/memory/1428-94-0x00007FF713110000-0x00007FF713464000-memory.dmp	upx
behavioral2/files/0x0007000000023cb0-82.dat	upx
behavioral2/memory/3500-75-0x00007FF70E6E0000-0x00007FF70EA34000-memory.dmp	upx
behavioral2/memory/3420-74-0x00007FF77CE80000-0x00007FF77D1D4000-memory.dmp	upx
behavioral2/files/0x0007000000023cb3-109.dat	upx
behavioral2/memory/688-108-0x00007FF622F10000-0x00007FF623264000-memory.dmp	upx
behavioral2/memory/400-111-0x00007FF794DB0000-0x00007FF795104000-memory.dmp	upx
behavioral2/memory/3624-107-0x00007FF756CC0000-0x00007FF757014000-memory.dmp	upx
behavioral2/memory/4844-103-0x00007FF709380000-0x00007FF7096D4000-memory.dmp	upx
behavioral2/memory/852-102-0x00007FF64A5D0000-0x00007FF64A924000-memory.dmp	upx
behavioral2/files/0x0007000000023cb4-114.dat	upx
behavioral2/memory/1876-115-0x00007FF68D7A0000-0x00007FF68DAF4000-memory.dmp	upx
behavioral2/files/0x0007000000023cb5-121.dat	upx
behavioral2/memory/884-123-0x00007FF7AF5F0000-0x00007FF7AF944000-memory.dmp	upx
behavioral2/files/0x0007000000023cb6-127.dat	upx
behavioral2/files/0x0007000000023cb7-134.dat	upx
behavioral2/files/0x0007000000023cb8-139.dat	upx
behavioral2/memory/1096-141-0x00007FF6288E0000-0x00007FF628C34000-memory.dmp	upx
behavioral2/memory/3604-143-0x00007FF71FB50000-0x00007FF71FEA4000-memory.dmp	upx
behavioral2/memory/3864-142-0x00007FF6C90B0000-0x00007FF6C9404000-memory.dmp	upx
behavioral2/memory/1028-140-0x00007FF6FFCC0000-0x00007FF700014000-memory.dmp	upx
behavioral2/memory/2964-137-0x00007FF629180000-0x00007FF6294D4000-memory.dmp	upx
behavioral2/memory/2944-130-0x00007FF77A740000-0x00007FF77AA94000-memory.dmp	upx
behavioral2/memory/2772-126-0x00007FF7EDE40000-0x00007FF7EE194000-memory.dmp	upx
behavioral2/files/0x0007000000023cb9-148.dat	upx
behavioral2/memory/5100-157-0x00007FF7237A0000-0x00007FF723AF4000-memory.dmp	upx
behavioral2/files/0x0007000000023cbb-160.dat	upx
behavioral2/memory/3916-162-0x00007FF6C7310000-0x00007FF6C7664000-memory.dmp	upx
behavioral2/files/0x0007000000023cbc-171.dat	upx
behavioral2/files/0x0007000000023cbd-170.dat	upx
behavioral2/memory/920-177-0x00007FF7D47E0000-0x00007FF7D4B34000-memory.dmp	upx
behavioral2/files/0x0007000000023cbe-181.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\sEurTBo.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbveXxE.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yuhckfo.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKiMFFt.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbVVUAS.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EvgdrTj.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnWsxYR.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XIDimmZ.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MJcsaMX.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JsvPTmb.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wHLguQX.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAcExma.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\itkheqh.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyfJUcl.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVVvNbG.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IFIijHB.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cWpndGf.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\upAKjnr.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmfUuLa.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xcfapmc.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLaykOT.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPaQRJB.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bptbdFB.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XCfgzJh.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOSsjIP.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HJeumYE.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qnZszvr.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovjsFze.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ShlTqmn.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xSIlURW.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BlqfUHN.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IdraKzi.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBMjvDA.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWfNqvo.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBXNCVx.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TpbCxXX.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfqOSzq.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LOEjUvo.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzIPKGm.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ReKxiPw.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDoybpt.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nQewHsO.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQyagPh.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Zwibooj.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkuBNGC.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBqIxVN.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQFqSog.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SmULlMq.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXXDUYM.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQHFrib.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Zouzchz.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDAlTWd.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hkYIhnk.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLtYaZZ.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\drbTKjj.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkNXUcm.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LARfsJn.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hdXdegX.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GKFMZLz.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZxUvoO.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWlktzq.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oazryGC.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rlkIbiy.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPJzfPn.exe	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 336 wrote to memory of 3420	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 336 wrote to memory of 3420	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 336 wrote to memory of 4800	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 336 wrote to memory of 4800	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 336 wrote to memory of 2296	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 336 wrote to memory of 2296	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 336 wrote to memory of 852	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 336 wrote to memory of 852	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 336 wrote to memory of 3624	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 336 wrote to memory of 3624	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 336 wrote to memory of 4844	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 336 wrote to memory of 4844	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 336 wrote to memory of 3632	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 336 wrote to memory of 3632	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 336 wrote to memory of 688	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 336 wrote to memory of 688	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 336 wrote to memory of 884	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 336 wrote to memory of 884	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 336 wrote to memory of 2944	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 336 wrote to memory of 2944	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 336 wrote to memory of 3500	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 336 wrote to memory of 3500	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 336 wrote to memory of 2964	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 336 wrote to memory of 2964	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 336 wrote to memory of 1428	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 336 wrote to memory of 1428	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 336 wrote to memory of 1096	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 336 wrote to memory of 1096	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 336 wrote to memory of 2636	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 336 wrote to memory of 2636	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 336 wrote to memory of 316	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 336 wrote to memory of 316	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 336 wrote to memory of 400	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 336 wrote to memory of 400	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 336 wrote to memory of 1876	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 336 wrote to memory of 1876	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 336 wrote to memory of 2772	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 336 wrote to memory of 2772	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 336 wrote to memory of 1028	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 336 wrote to memory of 1028	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 336 wrote to memory of 3864	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 336 wrote to memory of 3864	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 336 wrote to memory of 3604	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 336 wrote to memory of 3604	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 336 wrote to memory of 2760	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 336 wrote to memory of 2760	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 336 wrote to memory of 5100	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 336 wrote to memory of 5100	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 336 wrote to memory of 3916	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 336 wrote to memory of 3916	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 336 wrote to memory of 920	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 336 wrote to memory of 920	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 336 wrote to memory of 3208	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 336 wrote to memory of 3208	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 336 wrote to memory of 3912	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 336 wrote to memory of 3912	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 336 wrote to memory of 2780	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 336 wrote to memory of 2780	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 336 wrote to memory of 1136	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 336 wrote to memory of 1136	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 336 wrote to memory of 2140	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 336 wrote to memory of 2140	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 336 wrote to memory of 2384	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 336 wrote to memory of 2384	336	2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_a3a5b28e8a47ac60ea1120ccc90dcccb_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:336
- C:\Windows\System\VCaSqBL.exe
  C:\Windows\System\VCaSqBL.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\UZGohJj.exe
  C:\Windows\System\UZGohJj.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\ahQCwQI.exe
  C:\Windows\System\ahQCwQI.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\DaVSYwg.exe
  C:\Windows\System\DaVSYwg.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\GBfqfbn.exe
  C:\Windows\System\GBfqfbn.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\KKSnpAI.exe
  C:\Windows\System\KKSnpAI.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\gQsfSEJ.exe
  C:\Windows\System\gQsfSEJ.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\kTVdodx.exe
  C:\Windows\System\kTVdodx.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\nminUJw.exe
  C:\Windows\System\nminUJw.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\NSPfown.exe
  C:\Windows\System\NSPfown.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\sDtjDMz.exe
  C:\Windows\System\sDtjDMz.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\jCDKntA.exe
  C:\Windows\System\jCDKntA.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\Bokcucf.exe
  C:\Windows\System\Bokcucf.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\Zouzchz.exe
  C:\Windows\System\Zouzchz.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\KGtjDRb.exe
  C:\Windows\System\KGtjDRb.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\lykeBMJ.exe
  C:\Windows\System\lykeBMJ.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\TpbCxXX.exe
  C:\Windows\System\TpbCxXX.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\jskdSFN.exe
  C:\Windows\System\jskdSFN.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\btMnyzU.exe
  C:\Windows\System\btMnyzU.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\zOyMIIG.exe
  C:\Windows\System\zOyMIIG.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\ctMLCrF.exe
  C:\Windows\System\ctMLCrF.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\fClxqGJ.exe
  C:\Windows\System\fClxqGJ.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\RNJepLI.exe
  C:\Windows\System\RNJepLI.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\ydAtncf.exe
  C:\Windows\System\ydAtncf.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\epyTyyj.exe
  C:\Windows\System\epyTyyj.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\qvvZznq.exe
  C:\Windows\System\qvvZznq.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\xohypGT.exe
  C:\Windows\System\xohypGT.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\bOfYTia.exe
  C:\Windows\System\bOfYTia.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\GYXoqqq.exe
  C:\Windows\System\GYXoqqq.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\ZMDLZCL.exe
  C:\Windows\System\ZMDLZCL.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\pqUZtxA.exe
  C:\Windows\System\pqUZtxA.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\vpVDIRT.exe
  C:\Windows\System\vpVDIRT.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\oqIGJCp.exe
  C:\Windows\System\oqIGJCp.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\KSoJgbG.exe
  C:\Windows\System\KSoJgbG.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\MFdfnjC.exe
  C:\Windows\System\MFdfnjC.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\tGyksMJ.exe
  C:\Windows\System\tGyksMJ.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\bzDYHLh.exe
  C:\Windows\System\bzDYHLh.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\HmuzHXE.exe
  C:\Windows\System\HmuzHXE.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\llXHwPk.exe
  C:\Windows\System\llXHwPk.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\rDZYYDt.exe
  C:\Windows\System\rDZYYDt.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\QZriBNB.exe
  C:\Windows\System\QZriBNB.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\UvwsKBg.exe
  C:\Windows\System\UvwsKBg.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\ExMoGEv.exe
  C:\Windows\System\ExMoGEv.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\YuaxFXX.exe
  C:\Windows\System\YuaxFXX.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\GhNCAGM.exe
  C:\Windows\System\GhNCAGM.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\zsRmXWj.exe
  C:\Windows\System\zsRmXWj.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\jYywwec.exe
  C:\Windows\System\jYywwec.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\XlPmhEX.exe
  C:\Windows\System\XlPmhEX.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\yvlAszG.exe
  C:\Windows\System\yvlAszG.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\YMHYDVu.exe
  C:\Windows\System\YMHYDVu.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\tFcHotW.exe
  C:\Windows\System\tFcHotW.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\NcaQUVO.exe
  C:\Windows\System\NcaQUVO.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\WgBEjLZ.exe
  C:\Windows\System\WgBEjLZ.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\gfurjBH.exe
  C:\Windows\System\gfurjBH.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\SbKqaIa.exe
  C:\Windows\System\SbKqaIa.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\gZqxZzm.exe
  C:\Windows\System\gZqxZzm.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\yuGjZyd.exe
  C:\Windows\System\yuGjZyd.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\rIFlduw.exe
  C:\Windows\System\rIFlduw.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\qeBBtEo.exe
  C:\Windows\System\qeBBtEo.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\hsSRKou.exe
  C:\Windows\System\hsSRKou.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\WwKoyta.exe
  C:\Windows\System\WwKoyta.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\bAXLsph.exe
  C:\Windows\System\bAXLsph.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\iNRrxJT.exe
  C:\Windows\System\iNRrxJT.exe
  2⤵
  - Executes dropped EXE
  PID:724
- C:\Windows\System\HJeumYE.exe
  C:\Windows\System\HJeumYE.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\ANEHsaD.exe
  C:\Windows\System\ANEHsaD.exe
  2⤵
  PID:4448
- C:\Windows\System\PDSjcVk.exe
  C:\Windows\System\PDSjcVk.exe
  2⤵
  PID:1908
- C:\Windows\System\Asjxgzb.exe
  C:\Windows\System\Asjxgzb.exe
  2⤵
  PID:1272
- C:\Windows\System\XJHdbQz.exe
  C:\Windows\System\XJHdbQz.exe
  2⤵
  PID:732
- C:\Windows\System\hEDZjHs.exe
  C:\Windows\System\hEDZjHs.exe
  2⤵
  PID:3592
- C:\Windows\System\EBNjdLJ.exe
  C:\Windows\System\EBNjdLJ.exe
  2⤵
  PID:1572
- C:\Windows\System\llNXAVj.exe
  C:\Windows\System\llNXAVj.exe
  2⤵
  PID:1724
- C:\Windows\System\nNEVLzL.exe
  C:\Windows\System\nNEVLzL.exe
  2⤵
  PID:2572
- C:\Windows\System\XIDimmZ.exe
  C:\Windows\System\XIDimmZ.exe
  2⤵
  PID:3196
- C:\Windows\System\TNvXmXO.exe
  C:\Windows\System\TNvXmXO.exe
  2⤵
  PID:4364
- C:\Windows\System\yRQtJkU.exe
  C:\Windows\System\yRQtJkU.exe
  2⤵
  PID:2516
- C:\Windows\System\HNQohYr.exe
  C:\Windows\System\HNQohYr.exe
  2⤵
  PID:1652
- C:\Windows\System\uZHNfMF.exe
  C:\Windows\System\uZHNfMF.exe
  2⤵
  PID:4456
- C:\Windows\System\WoIzCMB.exe
  C:\Windows\System\WoIzCMB.exe
  2⤵
  PID:2244
- C:\Windows\System\CAoqGZQ.exe
  C:\Windows\System\CAoqGZQ.exe
  2⤵
  PID:4676
- C:\Windows\System\gRhIYhS.exe
  C:\Windows\System\gRhIYhS.exe
  2⤵
  PID:1820
- C:\Windows\System\ElIsPMs.exe
  C:\Windows\System\ElIsPMs.exe
  2⤵
  PID:4792
- C:\Windows\System\xWJinSu.exe
  C:\Windows\System\xWJinSu.exe
  2⤵
  PID:2172
- C:\Windows\System\DXPyOJm.exe
  C:\Windows\System\DXPyOJm.exe
  2⤵
  PID:3016
- C:\Windows\System\VvOadDJ.exe
  C:\Windows\System\VvOadDJ.exe
  2⤵
  PID:848
- C:\Windows\System\ZcJDnzV.exe
  C:\Windows\System\ZcJDnzV.exe
  2⤵
  PID:2328
- C:\Windows\System\ClDXpmd.exe
  C:\Windows\System\ClDXpmd.exe
  2⤵
  PID:2704
- C:\Windows\System\ZAakIKV.exe
  C:\Windows\System\ZAakIKV.exe
  2⤵
  PID:5108
- C:\Windows\System\EUuzcPN.exe
  C:\Windows\System\EUuzcPN.exe
  2⤵
  PID:2160
- C:\Windows\System\QNvPJlC.exe
  C:\Windows\System\QNvPJlC.exe
  2⤵
  PID:1948
- C:\Windows\System\dLjpsoS.exe
  C:\Windows\System\dLjpsoS.exe
  2⤵
  PID:1468
- C:\Windows\System\HULfvEu.exe
  C:\Windows\System\HULfvEu.exe
  2⤵
  PID:4264
- C:\Windows\System\Vqsoarg.exe
  C:\Windows\System\Vqsoarg.exe
  2⤵
  PID:1008
- C:\Windows\System\LZUDOnY.exe
  C:\Windows\System\LZUDOnY.exe
  2⤵
  PID:4204
- C:\Windows\System\QelOcHQ.exe
  C:\Windows\System\QelOcHQ.exe
  2⤵
  PID:4700
- C:\Windows\System\iwGFUBT.exe
  C:\Windows\System\iwGFUBT.exe
  2⤵
  PID:2972
- C:\Windows\System\VgjtkqH.exe
  C:\Windows\System\VgjtkqH.exe
  2⤵
  PID:3944
- C:\Windows\System\NQjMJdW.exe
  C:\Windows\System\NQjMJdW.exe
  2⤵
  PID:4008
- C:\Windows\System\bfFaxbd.exe
  C:\Windows\System\bfFaxbd.exe
  2⤵
  PID:4024
- C:\Windows\System\UPqIduM.exe
  C:\Windows\System\UPqIduM.exe
  2⤵
  PID:1688
- C:\Windows\System\xcGjcYu.exe
  C:\Windows\System\xcGjcYu.exe
  2⤵
  PID:3244
- C:\Windows\System\djuyrJH.exe
  C:\Windows\System\djuyrJH.exe
  2⤵
  PID:2452
- C:\Windows\System\BXOrYiE.exe
  C:\Windows\System\BXOrYiE.exe
  2⤵
  PID:4988
- C:\Windows\System\pToSeVK.exe
  C:\Windows\System\pToSeVK.exe
  2⤵
  PID:3580
- C:\Windows\System\vJyWVWO.exe
  C:\Windows\System\vJyWVWO.exe
  2⤵
  PID:2416
- C:\Windows\System\nbXHKke.exe
  C:\Windows\System\nbXHKke.exe
  2⤵
  PID:1588
- C:\Windows\System\CrUkEzo.exe
  C:\Windows\System\CrUkEzo.exe
  2⤵
  PID:4396
- C:\Windows\System\JMbKZaB.exe
  C:\Windows\System\JMbKZaB.exe
  2⤵
  PID:4352
- C:\Windows\System\FuHybrC.exe
  C:\Windows\System\FuHybrC.exe
  2⤵
  PID:3384
- C:\Windows\System\sZWBAmx.exe
  C:\Windows\System\sZWBAmx.exe
  2⤵
  PID:1064
- C:\Windows\System\HtWqFbB.exe
  C:\Windows\System\HtWqFbB.exe
  2⤵
  PID:4832
- C:\Windows\System\whSLhqq.exe
  C:\Windows\System\whSLhqq.exe
  2⤵
  PID:3680
- C:\Windows\System\muxnhvN.exe
  C:\Windows\System\muxnhvN.exe
  2⤵
  PID:2680
- C:\Windows\System\gxMvjPF.exe
  C:\Windows\System\gxMvjPF.exe
  2⤵
  PID:1880
- C:\Windows\System\ExTePuP.exe
  C:\Windows\System\ExTePuP.exe
  2⤵
  PID:5128
- C:\Windows\System\CmUsbXL.exe
  C:\Windows\System\CmUsbXL.exe
  2⤵
  PID:5156
- C:\Windows\System\UsOTiTv.exe
  C:\Windows\System\UsOTiTv.exe
  2⤵
  PID:5184
- C:\Windows\System\rkmIxZS.exe
  C:\Windows\System\rkmIxZS.exe
  2⤵
  PID:5216
- C:\Windows\System\EItRgAx.exe
  C:\Windows\System\EItRgAx.exe
  2⤵
  PID:5236
- C:\Windows\System\tJWfJYK.exe
  C:\Windows\System\tJWfJYK.exe
  2⤵
  PID:5252
- C:\Windows\System\gouZwDz.exe
  C:\Windows\System\gouZwDz.exe
  2⤵
  PID:5300
- C:\Windows\System\SenPrOc.exe
  C:\Windows\System\SenPrOc.exe
  2⤵
  PID:5332
- C:\Windows\System\iFEQHJy.exe
  C:\Windows\System\iFEQHJy.exe
  2⤵
  PID:5360
- C:\Windows\System\IaDabok.exe
  C:\Windows\System\IaDabok.exe
  2⤵
  PID:5388
- C:\Windows\System\ZZCcxaE.exe
  C:\Windows\System\ZZCcxaE.exe
  2⤵
  PID:5412
- C:\Windows\System\IQpNUSX.exe
  C:\Windows\System\IQpNUSX.exe
  2⤵
  PID:5444
- C:\Windows\System\huQUKnq.exe
  C:\Windows\System\huQUKnq.exe
  2⤵
  PID:5476
- C:\Windows\System\UeRQOFc.exe
  C:\Windows\System\UeRQOFc.exe
  2⤵
  PID:5500
- C:\Windows\System\JqoxTDh.exe
  C:\Windows\System\JqoxTDh.exe
  2⤵
  PID:5544
- C:\Windows\System\pOItdZa.exe
  C:\Windows\System\pOItdZa.exe
  2⤵
  PID:5588
- C:\Windows\System\xDOlwte.exe
  C:\Windows\System\xDOlwte.exe
  2⤵
  PID:5616
- C:\Windows\System\yWGrxOF.exe
  C:\Windows\System\yWGrxOF.exe
  2⤵
  PID:5712
- C:\Windows\System\PNHWVDu.exe
  C:\Windows\System\PNHWVDu.exe
  2⤵
  PID:5760
- C:\Windows\System\zZyIzbX.exe
  C:\Windows\System\zZyIzbX.exe
  2⤵
  PID:5796
- C:\Windows\System\TsCQzhz.exe
  C:\Windows\System\TsCQzhz.exe
  2⤵
  PID:5840
- C:\Windows\System\ADMsNxN.exe
  C:\Windows\System\ADMsNxN.exe
  2⤵
  PID:5864
- C:\Windows\System\AvLRuWW.exe
  C:\Windows\System\AvLRuWW.exe
  2⤵
  PID:5900
- C:\Windows\System\YrvdHaR.exe
  C:\Windows\System\YrvdHaR.exe
  2⤵
  PID:5940
- C:\Windows\System\xuLPNrn.exe
  C:\Windows\System\xuLPNrn.exe
  2⤵
  PID:5956
- C:\Windows\System\WhHHUsA.exe
  C:\Windows\System\WhHHUsA.exe
  2⤵
  PID:5996
- C:\Windows\System\ftfDzFW.exe
  C:\Windows\System\ftfDzFW.exe
  2⤵
  PID:6036
- C:\Windows\System\RYGSdoU.exe
  C:\Windows\System\RYGSdoU.exe
  2⤵
  PID:6072
- C:\Windows\System\NJrKzuG.exe
  C:\Windows\System\NJrKzuG.exe
  2⤵
  PID:6108
- C:\Windows\System\fHYTBAA.exe
  C:\Windows\System\fHYTBAA.exe
  2⤵
  PID:3300
- C:\Windows\System\HTnxsyt.exe
  C:\Windows\System\HTnxsyt.exe
  2⤵
  PID:5176
- C:\Windows\System\WxMcUIe.exe
  C:\Windows\System\WxMcUIe.exe
  2⤵
  PID:5264
- C:\Windows\System\fGXCWvt.exe
  C:\Windows\System\fGXCWvt.exe
  2⤵
  PID:5328
- C:\Windows\System\KAtYvUO.exe
  C:\Windows\System\KAtYvUO.exe
  2⤵
  PID:5376
- C:\Windows\System\ZFoiphg.exe
  C:\Windows\System\ZFoiphg.exe
  2⤵
  PID:5432
- C:\Windows\System\NhGSZgs.exe
  C:\Windows\System\NhGSZgs.exe
  2⤵
  PID:5520
- C:\Windows\System\XBsmEwh.exe
  C:\Windows\System\XBsmEwh.exe
  2⤵
  PID:1344
- C:\Windows\System\uDmcdne.exe
  C:\Windows\System\uDmcdne.exe
  2⤵
  PID:5600
- C:\Windows\System\CCfpmTw.exe
  C:\Windows\System\CCfpmTw.exe
  2⤵
  PID:5788
- C:\Windows\System\IFIijHB.exe
  C:\Windows\System\IFIijHB.exe
  2⤵
  PID:3212
- C:\Windows\System\UmWUfiE.exe
  C:\Windows\System\UmWUfiE.exe
  2⤵
  PID:5908
- C:\Windows\System\cWpndGf.exe
  C:\Windows\System\cWpndGf.exe
  2⤵
  PID:5976
- C:\Windows\System\bwkOsqG.exe
  C:\Windows\System\bwkOsqG.exe
  2⤵
  PID:6064
- C:\Windows\System\KNtOekg.exe
  C:\Windows\System\KNtOekg.exe
  2⤵
  PID:6132
- C:\Windows\System\xIRKirc.exe
  C:\Windows\System\xIRKirc.exe
  2⤵
  PID:6080
- C:\Windows\System\djqjfZh.exe
  C:\Windows\System\djqjfZh.exe
  2⤵
  PID:5464
- C:\Windows\System\eipYREC.exe
  C:\Windows\System\eipYREC.exe
  2⤵
  PID:5596
- C:\Windows\System\KuYDQoQ.exe
  C:\Windows\System\KuYDQoQ.exe
  2⤵
  PID:5852
- C:\Windows\System\qGrGMnb.exe
  C:\Windows\System\qGrGMnb.exe
  2⤵
  PID:6032
- C:\Windows\System\DcfkVKV.exe
  C:\Windows\System\DcfkVKV.exe
  2⤵
  PID:6048
- C:\Windows\System\CqLsAuT.exe
  C:\Windows\System\CqLsAuT.exe
  2⤵
  PID:5532
- C:\Windows\System\SKepEEf.exe
  C:\Windows\System\SKepEEf.exe
  2⤵
  PID:5736
- C:\Windows\System\BtFOJDw.exe
  C:\Windows\System\BtFOJDw.exe
  2⤵
  PID:5340
- C:\Windows\System\XdeWqGj.exe
  C:\Windows\System\XdeWqGj.exe
  2⤵
  PID:5680
- C:\Windows\System\uuvQrBU.exe
  C:\Windows\System\uuvQrBU.exe
  2⤵
  PID:6152
- C:\Windows\System\GjqhLpG.exe
  C:\Windows\System\GjqhLpG.exe
  2⤵
  PID:6180
- C:\Windows\System\bJVMkMO.exe
  C:\Windows\System\bJVMkMO.exe
  2⤵
  PID:6216
- C:\Windows\System\hKiMFFt.exe
  C:\Windows\System\hKiMFFt.exe
  2⤵
  PID:6244
- C:\Windows\System\ZaloMWx.exe
  C:\Windows\System\ZaloMWx.exe
  2⤵
  PID:6272
- C:\Windows\System\uXbPknv.exe
  C:\Windows\System\uXbPknv.exe
  2⤵
  PID:6300
- C:\Windows\System\dexLqSy.exe
  C:\Windows\System\dexLqSy.exe
  2⤵
  PID:6348
- C:\Windows\System\WaDFpkd.exe
  C:\Windows\System\WaDFpkd.exe
  2⤵
  PID:6392
- C:\Windows\System\EdyMhLR.exe
  C:\Windows\System\EdyMhLR.exe
  2⤵
  PID:6472
- C:\Windows\System\yPMgxWV.exe
  C:\Windows\System\yPMgxWV.exe
  2⤵
  PID:6492
- C:\Windows\System\nZCQcPh.exe
  C:\Windows\System\nZCQcPh.exe
  2⤵
  PID:6528
- C:\Windows\System\zKBIKvW.exe
  C:\Windows\System\zKBIKvW.exe
  2⤵
  PID:6560
- C:\Windows\System\BcVvEgE.exe
  C:\Windows\System\BcVvEgE.exe
  2⤵
  PID:6628
- C:\Windows\System\HqLvXwi.exe
  C:\Windows\System\HqLvXwi.exe
  2⤵
  PID:6664
- C:\Windows\System\ROfRcer.exe
  C:\Windows\System\ROfRcer.exe
  2⤵
  PID:6692
- C:\Windows\System\cIRtyCH.exe
  C:\Windows\System\cIRtyCH.exe
  2⤵
  PID:6724
- C:\Windows\System\uNRhkLa.exe
  C:\Windows\System\uNRhkLa.exe
  2⤵
  PID:6752
- C:\Windows\System\ceaQUFz.exe
  C:\Windows\System\ceaQUFz.exe
  2⤵
  PID:6772
- C:\Windows\System\XVQvetF.exe
  C:\Windows\System\XVQvetF.exe
  2⤵
  PID:6812
- C:\Windows\System\lyxSWFm.exe
  C:\Windows\System\lyxSWFm.exe
  2⤵
  PID:6848
- C:\Windows\System\zmRBnGS.exe
  C:\Windows\System\zmRBnGS.exe
  2⤵
  PID:6864
- C:\Windows\System\VjAirQy.exe
  C:\Windows\System\VjAirQy.exe
  2⤵
  PID:6892
- C:\Windows\System\xtggYIL.exe
  C:\Windows\System\xtggYIL.exe
  2⤵
  PID:6920
- C:\Windows\System\zvmnSAQ.exe
  C:\Windows\System\zvmnSAQ.exe
  2⤵
  PID:6956
- C:\Windows\System\RJzuwbh.exe
  C:\Windows\System\RJzuwbh.exe
  2⤵
  PID:6984
- C:\Windows\System\zWuxJmy.exe
  C:\Windows\System\zWuxJmy.exe
  2⤵
  PID:7020
- C:\Windows\System\ShlTqmn.exe
  C:\Windows\System\ShlTqmn.exe
  2⤵
  PID:7048
- C:\Windows\System\bDAlTWd.exe
  C:\Windows\System\bDAlTWd.exe
  2⤵
  PID:7072
- C:\Windows\System\xOekmQN.exe
  C:\Windows\System\xOekmQN.exe
  2⤵
  PID:7104
- C:\Windows\System\jOrOdYd.exe
  C:\Windows\System\jOrOdYd.exe
  2⤵
  PID:7128
- C:\Windows\System\cBqIxVN.exe
  C:\Windows\System\cBqIxVN.exe
  2⤵
  PID:7156
- C:\Windows\System\stBnFza.exe
  C:\Windows\System\stBnFza.exe
  2⤵
  PID:5952
- C:\Windows\System\ILSBHdr.exe
  C:\Windows\System\ILSBHdr.exe
  2⤵
  PID:6240
- C:\Windows\System\amoDXdN.exe
  C:\Windows\System\amoDXdN.exe
  2⤵
  PID:6332
- C:\Windows\System\dtsziPB.exe
  C:\Windows\System\dtsziPB.exe
  2⤵
  PID:6480
- C:\Windows\System\qleVFBd.exe
  C:\Windows\System\qleVFBd.exe
  2⤵
  PID:4232
- C:\Windows\System\JStcbtp.exe
  C:\Windows\System\JStcbtp.exe
  2⤵
  PID:6660
- C:\Windows\System\suSmZFu.exe
  C:\Windows\System\suSmZFu.exe
  2⤵
  PID:6712
- C:\Windows\System\VrdxcmE.exe
  C:\Windows\System\VrdxcmE.exe
  2⤵
  PID:6784
- C:\Windows\System\GGHtrtB.exe
  C:\Windows\System\GGHtrtB.exe
  2⤵
  PID:6596
- C:\Windows\System\pgECZkW.exe
  C:\Windows\System\pgECZkW.exe
  2⤵
  PID:6828
- C:\Windows\System\daCmIWb.exe
  C:\Windows\System\daCmIWb.exe
  2⤵
  PID:6908
- C:\Windows\System\MtNGKOS.exe
  C:\Windows\System\MtNGKOS.exe
  2⤵
  PID:5540
- C:\Windows\System\JDsqNbM.exe
  C:\Windows\System\JDsqNbM.exe
  2⤵
  PID:5528
- C:\Windows\System\mUYHcxH.exe
  C:\Windows\System\mUYHcxH.exe
  2⤵
  PID:6968
- C:\Windows\System\phvSkRl.exe
  C:\Windows\System\phvSkRl.exe
  2⤵
  PID:7112
- C:\Windows\System\xZXvdxh.exe
  C:\Windows\System\xZXvdxh.exe
  2⤵
  PID:6412
- C:\Windows\System\wqkNOnX.exe
  C:\Windows\System\wqkNOnX.exe
  2⤵
  PID:6612
- C:\Windows\System\GPsCpzn.exe
  C:\Windows\System\GPsCpzn.exe
  2⤵
  PID:6636
- C:\Windows\System\IuWtTjx.exe
  C:\Windows\System\IuWtTjx.exe
  2⤵
  PID:6876
- C:\Windows\System\ZPaSykU.exe
  C:\Windows\System\ZPaSykU.exe
  2⤵
  PID:6944
- C:\Windows\System\JrzwRSx.exe
  C:\Windows\System\JrzwRSx.exe
  2⤵
  PID:6468
- C:\Windows\System\HZOhVDN.exe
  C:\Windows\System\HZOhVDN.exe
  2⤵
  PID:6172
- C:\Windows\System\RfCEnay.exe
  C:\Windows\System\RfCEnay.exe
  2⤵
  PID:7080
- C:\Windows\System\gjEojZJ.exe
  C:\Windows\System\gjEojZJ.exe
  2⤵
  PID:5516
- C:\Windows\System\VuMbETw.exe
  C:\Windows\System\VuMbETw.exe
  2⤵
  PID:6572
- C:\Windows\System\DuoxQWu.exe
  C:\Windows\System\DuoxQWu.exe
  2⤵
  PID:6732
- C:\Windows\System\AxvAOxN.exe
  C:\Windows\System\AxvAOxN.exe
  2⤵
  PID:6204
- C:\Windows\System\ZAlOpdb.exe
  C:\Windows\System\ZAlOpdb.exe
  2⤵
  PID:7176
- C:\Windows\System\NILUSPU.exe
  C:\Windows\System\NILUSPU.exe
  2⤵
  PID:7212
- C:\Windows\System\QgPbDug.exe
  C:\Windows\System\QgPbDug.exe
  2⤵
  PID:7232
- C:\Windows\System\rEzXSQt.exe
  C:\Windows\System\rEzXSQt.exe
  2⤵
  PID:7264
- C:\Windows\System\ujNaIHw.exe
  C:\Windows\System\ujNaIHw.exe
  2⤵
  PID:7296
- C:\Windows\System\NYePaOZ.exe
  C:\Windows\System\NYePaOZ.exe
  2⤵
  PID:7316
- C:\Windows\System\EdMNWcU.exe
  C:\Windows\System\EdMNWcU.exe
  2⤵
  PID:7344
- C:\Windows\System\njGSmxi.exe
  C:\Windows\System\njGSmxi.exe
  2⤵
  PID:7384
- C:\Windows\System\nWlktzq.exe
  C:\Windows\System\nWlktzq.exe
  2⤵
  PID:7404
- C:\Windows\System\pqtJCEn.exe
  C:\Windows\System\pqtJCEn.exe
  2⤵
  PID:7432
- C:\Windows\System\tnCgsrt.exe
  C:\Windows\System\tnCgsrt.exe
  2⤵
  PID:7464
- C:\Windows\System\OQFqSog.exe
  C:\Windows\System\OQFqSog.exe
  2⤵
  PID:7488
- C:\Windows\System\LIeRVws.exe
  C:\Windows\System\LIeRVws.exe
  2⤵
  PID:7520
- C:\Windows\System\VLHstAw.exe
  C:\Windows\System\VLHstAw.exe
  2⤵
  PID:7544
- C:\Windows\System\NzUhnnn.exe
  C:\Windows\System\NzUhnnn.exe
  2⤵
  PID:7572
- C:\Windows\System\KqnujkN.exe
  C:\Windows\System\KqnujkN.exe
  2⤵
  PID:7600
- C:\Windows\System\prKCXWN.exe
  C:\Windows\System\prKCXWN.exe
  2⤵
  PID:7636
- C:\Windows\System\vVuETGQ.exe
  C:\Windows\System\vVuETGQ.exe
  2⤵
  PID:7664
- C:\Windows\System\aRyewnV.exe
  C:\Windows\System\aRyewnV.exe
  2⤵
  PID:7688
- C:\Windows\System\SToqzgM.exe
  C:\Windows\System\SToqzgM.exe
  2⤵
  PID:7716
- C:\Windows\System\ztPGnyh.exe
  C:\Windows\System\ztPGnyh.exe
  2⤵
  PID:7740
- C:\Windows\System\JYSaWAU.exe
  C:\Windows\System\JYSaWAU.exe
  2⤵
  PID:7776
- C:\Windows\System\MJcsaMX.exe
  C:\Windows\System\MJcsaMX.exe
  2⤵
  PID:7804
- C:\Windows\System\IzPrMDO.exe
  C:\Windows\System\IzPrMDO.exe
  2⤵
  PID:7832
- C:\Windows\System\MgEFLCi.exe
  C:\Windows\System\MgEFLCi.exe
  2⤵
  PID:7868
- C:\Windows\System\NsXHyvG.exe
  C:\Windows\System\NsXHyvG.exe
  2⤵
  PID:7888
- C:\Windows\System\NRrvfNh.exe
  C:\Windows\System\NRrvfNh.exe
  2⤵
  PID:7912
- C:\Windows\System\upAKjnr.exe
  C:\Windows\System\upAKjnr.exe
  2⤵
  PID:7948
- C:\Windows\System\WYhwIEg.exe
  C:\Windows\System\WYhwIEg.exe
  2⤵
  PID:7968
- C:\Windows\System\bptbdFB.exe
  C:\Windows\System\bptbdFB.exe
  2⤵
  PID:7996
- C:\Windows\System\hyNQfQK.exe
  C:\Windows\System\hyNQfQK.exe
  2⤵
  PID:8024
- C:\Windows\System\WYCnZre.exe
  C:\Windows\System\WYCnZre.exe
  2⤵
  PID:8052
- C:\Windows\System\uqlZUHu.exe
  C:\Windows\System\uqlZUHu.exe
  2⤵
  PID:8080
- C:\Windows\System\SGvTOrn.exe
  C:\Windows\System\SGvTOrn.exe
  2⤵
  PID:8108
- C:\Windows\System\EiGLzkc.exe
  C:\Windows\System\EiGLzkc.exe
  2⤵
  PID:8136
- C:\Windows\System\vILIsyk.exe
  C:\Windows\System\vILIsyk.exe
  2⤵
  PID:8164
- C:\Windows\System\hdXdegX.exe
  C:\Windows\System\hdXdegX.exe
  2⤵
  PID:7036
- C:\Windows\System\GowflEg.exe
  C:\Windows\System\GowflEg.exe
  2⤵
  PID:7228
- C:\Windows\System\kSewBRD.exe
  C:\Windows\System\kSewBRD.exe
  2⤵
  PID:7304
- C:\Windows\System\iDkmCWG.exe
  C:\Windows\System\iDkmCWG.exe
  2⤵
  PID:7336
- C:\Windows\System\VUtWPEu.exe
  C:\Windows\System\VUtWPEu.exe
  2⤵
  PID:7400
- C:\Windows\System\lutKeLg.exe
  C:\Windows\System\lutKeLg.exe
  2⤵
  PID:7472
- C:\Windows\System\EXIDXcs.exe
  C:\Windows\System\EXIDXcs.exe
  2⤵
  PID:7564
- C:\Windows\System\OyZaFTW.exe
  C:\Windows\System\OyZaFTW.exe
  2⤵
  PID:7596
- C:\Windows\System\WShbbaC.exe
  C:\Windows\System\WShbbaC.exe
  2⤵
  PID:7676
- C:\Windows\System\xSIlURW.exe
  C:\Windows\System\xSIlURW.exe
  2⤵
  PID:7724
- C:\Windows\System\tPWyLDx.exe
  C:\Windows\System\tPWyLDx.exe
  2⤵
  PID:7852
- C:\Windows\System\ZchJbzl.exe
  C:\Windows\System\ZchJbzl.exe
  2⤵
  PID:7980
- C:\Windows\System\MXzBPAy.exe
  C:\Windows\System\MXzBPAy.exe
  2⤵
  PID:8132
- C:\Windows\System\CBnoRTJ.exe
  C:\Windows\System\CBnoRTJ.exe
  2⤵
  PID:7272
- C:\Windows\System\cfqOSzq.exe
  C:\Windows\System\cfqOSzq.exe
  2⤵
  PID:7456
- C:\Windows\System\Yvocgzs.exe
  C:\Windows\System\Yvocgzs.exe
  2⤵
  PID:7592
- C:\Windows\System\QOEtiRB.exe
  C:\Windows\System\QOEtiRB.exe
  2⤵
  PID:7816
- C:\Windows\System\gXfAOpg.exe
  C:\Windows\System\gXfAOpg.exe
  2⤵
  PID:8076
- C:\Windows\System\dPSThgX.exe
  C:\Windows\System\dPSThgX.exe
  2⤵
  PID:8072
- C:\Windows\System\CvybTec.exe
  C:\Windows\System\CvybTec.exe
  2⤵
  PID:7960
- C:\Windows\System\qnZszvr.exe
  C:\Windows\System\qnZszvr.exe
  2⤵
  PID:8228
- C:\Windows\System\BitjGFG.exe
  C:\Windows\System\BitjGFG.exe
  2⤵
  PID:8272
- C:\Windows\System\QIqKtwH.exe
  C:\Windows\System\QIqKtwH.exe
  2⤵
  PID:8300
- C:\Windows\System\DEEKWtu.exe
  C:\Windows\System\DEEKWtu.exe
  2⤵
  PID:8356
- C:\Windows\System\LHkozmS.exe
  C:\Windows\System\LHkozmS.exe
  2⤵
  PID:8380
- C:\Windows\System\GKFMZLz.exe
  C:\Windows\System\GKFMZLz.exe
  2⤵
  PID:8412
- C:\Windows\System\StPrnNl.exe
  C:\Windows\System\StPrnNl.exe
  2⤵
  PID:8440
- C:\Windows\System\EJgqTMf.exe
  C:\Windows\System\EJgqTMf.exe
  2⤵
  PID:8468
- C:\Windows\System\mIHhmul.exe
  C:\Windows\System\mIHhmul.exe
  2⤵
  PID:8496
- C:\Windows\System\KfofjMJ.exe
  C:\Windows\System\KfofjMJ.exe
  2⤵
  PID:8524
- C:\Windows\System\gYEopSx.exe
  C:\Windows\System\gYEopSx.exe
  2⤵
  PID:8552
- C:\Windows\System\aEPZWoZ.exe
  C:\Windows\System\aEPZWoZ.exe
  2⤵
  PID:8580
- C:\Windows\System\licAydQ.exe
  C:\Windows\System\licAydQ.exe
  2⤵
  PID:8608
- C:\Windows\System\RzAWNYf.exe
  C:\Windows\System\RzAWNYf.exe
  2⤵
  PID:8640
- C:\Windows\System\NXSejhr.exe
  C:\Windows\System\NXSejhr.exe
  2⤵
  PID:8664
- C:\Windows\System\xvVoZkf.exe
  C:\Windows\System\xvVoZkf.exe
  2⤵
  PID:8692
- C:\Windows\System\buWLHSw.exe
  C:\Windows\System\buWLHSw.exe
  2⤵
  PID:8720
- C:\Windows\System\zJsWYUQ.exe
  C:\Windows\System\zJsWYUQ.exe
  2⤵
  PID:8748
- C:\Windows\System\GRExTPw.exe
  C:\Windows\System\GRExTPw.exe
  2⤵
  PID:8776
- C:\Windows\System\uMyDxar.exe
  C:\Windows\System\uMyDxar.exe
  2⤵
  PID:8804
- C:\Windows\System\XbVVUAS.exe
  C:\Windows\System\XbVVUAS.exe
  2⤵
  PID:8844
- C:\Windows\System\tVhFvPe.exe
  C:\Windows\System\tVhFvPe.exe
  2⤵
  PID:8864
- C:\Windows\System\NMCdqsv.exe
  C:\Windows\System\NMCdqsv.exe
  2⤵
  PID:8888
- C:\Windows\System\rOUekcM.exe
  C:\Windows\System\rOUekcM.exe
  2⤵
  PID:8916
- C:\Windows\System\PtGrilo.exe
  C:\Windows\System\PtGrilo.exe
  2⤵
  PID:8944
- C:\Windows\System\WKLbFDb.exe
  C:\Windows\System\WKLbFDb.exe
  2⤵
  PID:8972
- C:\Windows\System\FuGRclO.exe
  C:\Windows\System\FuGRclO.exe
  2⤵
  PID:9000
- C:\Windows\System\lnCZUQM.exe
  C:\Windows\System\lnCZUQM.exe
  2⤵
  PID:9044
- C:\Windows\System\rglGdhw.exe
  C:\Windows\System\rglGdhw.exe
  2⤵
  PID:9076
- C:\Windows\System\rdhXmHp.exe
  C:\Windows\System\rdhXmHp.exe
  2⤵
  PID:9100
- C:\Windows\System\ZIcbpxa.exe
  C:\Windows\System\ZIcbpxa.exe
  2⤵
  PID:9132
- C:\Windows\System\QJqzQTm.exe
  C:\Windows\System\QJqzQTm.exe
  2⤵
  PID:9160
- C:\Windows\System\kVPPknm.exe
  C:\Windows\System\kVPPknm.exe
  2⤵
  PID:9188
- C:\Windows\System\MNqOohk.exe
  C:\Windows\System\MNqOohk.exe
  2⤵
  PID:9212
- C:\Windows\System\RrCfTbH.exe
  C:\Windows\System\RrCfTbH.exe
  2⤵
  PID:7396
- C:\Windows\System\RhnuweD.exe
  C:\Windows\System\RhnuweD.exe
  2⤵
  PID:764
- C:\Windows\System\boVzgSR.exe
  C:\Windows\System\boVzgSR.exe
  2⤵
  PID:8340
- C:\Windows\System\ELHBEVu.exe
  C:\Windows\System\ELHBEVu.exe
  2⤵
  PID:8452
- C:\Windows\System\RWUlbtm.exe
  C:\Windows\System\RWUlbtm.exe
  2⤵
  PID:8328
- C:\Windows\System\KShWLNV.exe
  C:\Windows\System\KShWLNV.exe
  2⤵
  PID:8548
- C:\Windows\System\JWmSYGX.exe
  C:\Windows\System\JWmSYGX.exe
  2⤵
  PID:8620
- C:\Windows\System\NsGZelP.exe
  C:\Windows\System\NsGZelP.exe
  2⤵
  PID:8660
- C:\Windows\System\kwFxWPr.exe
  C:\Windows\System\kwFxWPr.exe
  2⤵
  PID:8732
- C:\Windows\System\CGXVckV.exe
  C:\Windows\System\CGXVckV.exe
  2⤵
  PID:8796
- C:\Windows\System\oazryGC.exe
  C:\Windows\System\oazryGC.exe
  2⤵
  PID:8900
- C:\Windows\System\EAqljDH.exe
  C:\Windows\System\EAqljDH.exe
  2⤵
  PID:8940
- C:\Windows\System\PHxrESB.exe
  C:\Windows\System\PHxrESB.exe
  2⤵
  PID:9016
- C:\Windows\System\GwyvQqK.exe
  C:\Windows\System\GwyvQqK.exe
  2⤵
  PID:2976
- C:\Windows\System\cdiJWNO.exe
  C:\Windows\System\cdiJWNO.exe
  2⤵
  PID:9148
- C:\Windows\System\XnsOJlC.exe
  C:\Windows\System\XnsOJlC.exe
  2⤵
  PID:9176
- C:\Windows\System\EdqrtZY.exe
  C:\Windows\System\EdqrtZY.exe
  2⤵
  PID:9196
- C:\Windows\System\gpFKqNw.exe
  C:\Windows\System\gpFKqNw.exe
  2⤵
  PID:7924
- C:\Windows\System\cxoyuAU.exe
  C:\Windows\System\cxoyuAU.exe
  2⤵
  PID:4880
- C:\Windows\System\GWfWcDa.exe
  C:\Windows\System\GWfWcDa.exe
  2⤵
  PID:1032
- C:\Windows\System\ZtUmCHi.exe
  C:\Windows\System\ZtUmCHi.exe
  2⤵
  PID:6312
- C:\Windows\System\nqLNVzv.exe
  C:\Windows\System\nqLNVzv.exe
  2⤵
  PID:5044
- C:\Windows\System\jwRQRfX.exe
  C:\Windows\System\jwRQRfX.exe
  2⤵
  PID:5772
- C:\Windows\System\rFCdxkD.exe
  C:\Windows\System\rFCdxkD.exe
  2⤵
  PID:8464
- C:\Windows\System\AvSfPZZ.exe
  C:\Windows\System\AvSfPZZ.exe
  2⤵
  PID:8688
- C:\Windows\System\eMNzlyU.exe
  C:\Windows\System\eMNzlyU.exe
  2⤵
  PID:8788
- C:\Windows\System\IvLNJjx.exe
  C:\Windows\System\IvLNJjx.exe
  2⤵
  PID:8984
- C:\Windows\System\EzFgtyx.exe
  C:\Windows\System\EzFgtyx.exe
  2⤵
  PID:9072
- C:\Windows\System\cMnYeqx.exe
  C:\Windows\System\cMnYeqx.exe
  2⤵
  PID:9124
- C:\Windows\System\lxEaeMk.exe
  C:\Windows\System\lxEaeMk.exe
  2⤵
  PID:8240
- C:\Windows\System\JqZqtfT.exe
  C:\Windows\System\JqZqtfT.exe
  2⤵
  PID:3460
- C:\Windows\System\rAsTMaK.exe
  C:\Windows\System\rAsTMaK.exe
  2⤵
  PID:5228
- C:\Windows\System\yfJVxnm.exe
  C:\Windows\System\yfJVxnm.exe
  2⤵
  PID:5776
- C:\Windows\System\QQpgWkp.exe
  C:\Windows\System\QQpgWkp.exe
  2⤵
  PID:2080
- C:\Windows\System\fnzpLFD.exe
  C:\Windows\System\fnzpLFD.exe
  2⤵
  PID:4464
- C:\Windows\System\TPfHtyO.exe
  C:\Windows\System\TPfHtyO.exe
  2⤵
  PID:9172
- C:\Windows\System\xKKQwIm.exe
  C:\Windows\System\xKKQwIm.exe
  2⤵
  PID:8160
- C:\Windows\System\hukazeJ.exe
  C:\Windows\System\hukazeJ.exe
  2⤵
  PID:8592
- C:\Windows\System\vUpYghd.exe
  C:\Windows\System\vUpYghd.exe
  2⤵
  PID:9088
- C:\Windows\System\TARTqGk.exe
  C:\Windows\System\TARTqGk.exe
  2⤵
  PID:6320
- C:\Windows\System\gMYymML.exe
  C:\Windows\System\gMYymML.exe
  2⤵
  PID:9224
- C:\Windows\System\JavmWgs.exe
  C:\Windows\System\JavmWgs.exe
  2⤵
  PID:9240
- C:\Windows\System\ICRzgiA.exe
  C:\Windows\System\ICRzgiA.exe
  2⤵
  PID:9268
- C:\Windows\System\CrZHrVy.exe
  C:\Windows\System\CrZHrVy.exe
  2⤵
  PID:9296
- C:\Windows\System\dczbgOk.exe
  C:\Windows\System\dczbgOk.exe
  2⤵
  PID:9324
- C:\Windows\System\sEurTBo.exe
  C:\Windows\System\sEurTBo.exe
  2⤵
  PID:9352
- C:\Windows\System\pkbBzSw.exe
  C:\Windows\System\pkbBzSw.exe
  2⤵
  PID:9380
- C:\Windows\System\BzYiLNO.exe
  C:\Windows\System\BzYiLNO.exe
  2⤵
  PID:9408
- C:\Windows\System\MzZpFaU.exe
  C:\Windows\System\MzZpFaU.exe
  2⤵
  PID:9436
- C:\Windows\System\gmUZdQU.exe
  C:\Windows\System\gmUZdQU.exe
  2⤵
  PID:9464
- C:\Windows\System\HrWTbHs.exe
  C:\Windows\System\HrWTbHs.exe
  2⤵
  PID:9492
- C:\Windows\System\iMRjBdh.exe
  C:\Windows\System\iMRjBdh.exe
  2⤵
  PID:9524
- C:\Windows\System\VHQxdSm.exe
  C:\Windows\System\VHQxdSm.exe
  2⤵
  PID:9548
- C:\Windows\System\tPbLknY.exe
  C:\Windows\System\tPbLknY.exe
  2⤵
  PID:9576
- C:\Windows\System\HMvMfYM.exe
  C:\Windows\System\HMvMfYM.exe
  2⤵
  PID:9608
- C:\Windows\System\UKMSlId.exe
  C:\Windows\System\UKMSlId.exe
  2⤵
  PID:9636
- C:\Windows\System\JsvPTmb.exe
  C:\Windows\System\JsvPTmb.exe
  2⤵
  PID:9664
- C:\Windows\System\mVPPOBa.exe
  C:\Windows\System\mVPPOBa.exe
  2⤵
  PID:9692
- C:\Windows\System\nPCOLbG.exe
  C:\Windows\System\nPCOLbG.exe
  2⤵
  PID:9720
- C:\Windows\System\myOuROK.exe
  C:\Windows\System\myOuROK.exe
  2⤵
  PID:9748
- C:\Windows\System\NpTCUDT.exe
  C:\Windows\System\NpTCUDT.exe
  2⤵
  PID:9780
- C:\Windows\System\trIpauu.exe
  C:\Windows\System\trIpauu.exe
  2⤵
  PID:9804
- C:\Windows\System\QhLxzxE.exe
  C:\Windows\System\QhLxzxE.exe
  2⤵
  PID:9832
- C:\Windows\System\SocKqAY.exe
  C:\Windows\System\SocKqAY.exe
  2⤵
  PID:9864
- C:\Windows\System\tPXsePi.exe
  C:\Windows\System\tPXsePi.exe
  2⤵
  PID:9896
- C:\Windows\System\IQHJzdE.exe
  C:\Windows\System\IQHJzdE.exe
  2⤵
  PID:9920
- C:\Windows\System\uIrLrvm.exe
  C:\Windows\System\uIrLrvm.exe
  2⤵
  PID:9944
- C:\Windows\System\jOWZBHz.exe
  C:\Windows\System\jOWZBHz.exe
  2⤵
  PID:9972
- C:\Windows\System\vBjedXo.exe
  C:\Windows\System\vBjedXo.exe
  2⤵
  PID:10000
- C:\Windows\System\bUVrRLZ.exe
  C:\Windows\System\bUVrRLZ.exe
  2⤵
  PID:10028
- C:\Windows\System\UBqTBIC.exe
  C:\Windows\System\UBqTBIC.exe
  2⤵
  PID:10056
- C:\Windows\System\bQyagPh.exe
  C:\Windows\System\bQyagPh.exe
  2⤵
  PID:10084
- C:\Windows\System\RGOoVYr.exe
  C:\Windows\System\RGOoVYr.exe
  2⤵
  PID:10112
- C:\Windows\System\pqAepPx.exe
  C:\Windows\System\pqAepPx.exe
  2⤵
  PID:10140
- C:\Windows\System\EgpLlqU.exe
  C:\Windows\System\EgpLlqU.exe
  2⤵
  PID:10168
- C:\Windows\System\LsClwJp.exe
  C:\Windows\System\LsClwJp.exe
  2⤵
  PID:10196
- C:\Windows\System\NTdpUPR.exe
  C:\Windows\System\NTdpUPR.exe
  2⤵
  PID:10224
- C:\Windows\System\AVOFZtT.exe
  C:\Windows\System\AVOFZtT.exe
  2⤵
  PID:9236
- C:\Windows\System\WcDsSgD.exe
  C:\Windows\System\WcDsSgD.exe
  2⤵
  PID:9308
- C:\Windows\System\kacSxMy.exe
  C:\Windows\System\kacSxMy.exe
  2⤵
  PID:9376
- C:\Windows\System\xDChzdM.exe
  C:\Windows\System\xDChzdM.exe
  2⤵
  PID:9428
- C:\Windows\System\UTUhxUw.exe
  C:\Windows\System\UTUhxUw.exe
  2⤵
  PID:9488
- C:\Windows\System\oNsabgu.exe
  C:\Windows\System\oNsabgu.exe
  2⤵
  PID:9588
- C:\Windows\System\oPYynBr.exe
  C:\Windows\System\oPYynBr.exe
  2⤵
  PID:9628
- C:\Windows\System\wteaTTi.exe
  C:\Windows\System\wteaTTi.exe
  2⤵
  PID:9688
- C:\Windows\System\JFrUPNp.exe
  C:\Windows\System\JFrUPNp.exe
  2⤵
  PID:9760
- C:\Windows\System\JvzjALv.exe
  C:\Windows\System\JvzjALv.exe
  2⤵
  PID:9824
- C:\Windows\System\bcBSTpU.exe
  C:\Windows\System\bcBSTpU.exe
  2⤵
  PID:9884
- C:\Windows\System\gvUBoJZ.exe
  C:\Windows\System\gvUBoJZ.exe
  2⤵
  PID:9956
- C:\Windows\System\SEfpwJE.exe
  C:\Windows\System\SEfpwJE.exe
  2⤵
  PID:10020
- C:\Windows\System\tNdiQsq.exe
  C:\Windows\System\tNdiQsq.exe
  2⤵
  PID:10076
- C:\Windows\System\OhayUuq.exe
  C:\Windows\System\OhayUuq.exe
  2⤵
  PID:10132
- C:\Windows\System\NVRlcpl.exe
  C:\Windows\System\NVRlcpl.exe
  2⤵
  PID:10208
- C:\Windows\System\FgBfgIs.exe
  C:\Windows\System\FgBfgIs.exe
  2⤵
  PID:5644
- C:\Windows\System\QrtocPS.exe
  C:\Windows\System\QrtocPS.exe
  2⤵
  PID:9372
- C:\Windows\System\NRWWTHb.exe
  C:\Windows\System\NRWWTHb.exe
  2⤵
  PID:9476
- C:\Windows\System\eTFZQYA.exe
  C:\Windows\System\eTFZQYA.exe
  2⤵
  PID:9540
- C:\Windows\System\EGDhLIl.exe
  C:\Windows\System\EGDhLIl.exe
  2⤵
  PID:9684
- C:\Windows\System\hkYIhnk.exe
  C:\Windows\System\hkYIhnk.exe
  2⤵
  PID:9872
- C:\Windows\System\nYcMoAB.exe
  C:\Windows\System\nYcMoAB.exe
  2⤵
  PID:9996
- C:\Windows\System\DLtYaZZ.exe
  C:\Windows\System\DLtYaZZ.exe
  2⤵
  PID:10124
- C:\Windows\System\vjNgiLP.exe
  C:\Windows\System\vjNgiLP.exe
  2⤵
  PID:5652
- C:\Windows\System\zNrPEQr.exe
  C:\Windows\System\zNrPEQr.exe
  2⤵
  PID:392
- C:\Windows\System\mkvlqId.exe
  C:\Windows\System\mkvlqId.exe
  2⤵
  PID:9940
- C:\Windows\System\CsuGzJU.exe
  C:\Windows\System\CsuGzJU.exe
  2⤵
  PID:10236
- C:\Windows\System\KwErIWA.exe
  C:\Windows\System\KwErIWA.exe
  2⤵
  PID:9800
- C:\Windows\System\wGHgMiZ.exe
  C:\Windows\System\wGHgMiZ.exe
  2⤵
  PID:4404
- C:\Windows\System\EokmYcY.exe
  C:\Windows\System\EokmYcY.exe
  2⤵
  PID:10248
- C:\Windows\System\hrVHnHT.exe
  C:\Windows\System\hrVHnHT.exe
  2⤵
  PID:10276
- C:\Windows\System\RCVlvVE.exe
  C:\Windows\System\RCVlvVE.exe
  2⤵
  PID:10304
- C:\Windows\System\rlkIbiy.exe
  C:\Windows\System\rlkIbiy.exe
  2⤵
  PID:10336
- C:\Windows\System\RPPODOT.exe
  C:\Windows\System\RPPODOT.exe
  2⤵
  PID:10364
- C:\Windows\System\oSoRvPc.exe
  C:\Windows\System\oSoRvPc.exe
  2⤵
  PID:10392
- C:\Windows\System\KfeKukn.exe
  C:\Windows\System\KfeKukn.exe
  2⤵
  PID:10420
- C:\Windows\System\NbRXIpi.exe
  C:\Windows\System\NbRXIpi.exe
  2⤵
  PID:10452
- C:\Windows\System\EInLtSU.exe
  C:\Windows\System\EInLtSU.exe
  2⤵
  PID:10488
- C:\Windows\System\bVuYnAO.exe
  C:\Windows\System\bVuYnAO.exe
  2⤵
  PID:10508
- C:\Windows\System\sEgnLsw.exe
  C:\Windows\System\sEgnLsw.exe
  2⤵
  PID:10536
- C:\Windows\System\bbXdklv.exe
  C:\Windows\System\bbXdklv.exe
  2⤵
  PID:10584
- C:\Windows\System\KMpRRtd.exe
  C:\Windows\System\KMpRRtd.exe
  2⤵
  PID:10612
- C:\Windows\System\iruCdZd.exe
  C:\Windows\System\iruCdZd.exe
  2⤵
  PID:10640
- C:\Windows\System\DalhBOm.exe
  C:\Windows\System\DalhBOm.exe
  2⤵
  PID:10668
- C:\Windows\System\ZQoBnnU.exe
  C:\Windows\System\ZQoBnnU.exe
  2⤵
  PID:10696
- C:\Windows\System\LIRLqLM.exe
  C:\Windows\System\LIRLqLM.exe
  2⤵
  PID:10724
- C:\Windows\System\EJvUZSX.exe
  C:\Windows\System\EJvUZSX.exe
  2⤵
  PID:10752
- C:\Windows\System\IGkIQQW.exe
  C:\Windows\System\IGkIQQW.exe
  2⤵
  PID:10780
- C:\Windows\System\SkTOaUj.exe
  C:\Windows\System\SkTOaUj.exe
  2⤵
  PID:10808
- C:\Windows\System\kSaAazu.exe
  C:\Windows\System\kSaAazu.exe
  2⤵
  PID:10836
- C:\Windows\System\fvHrhyF.exe
  C:\Windows\System\fvHrhyF.exe
  2⤵
  PID:10864
- C:\Windows\System\xCHkimE.exe
  C:\Windows\System\xCHkimE.exe
  2⤵
  PID:10892
- C:\Windows\System\vGbxten.exe
  C:\Windows\System\vGbxten.exe
  2⤵
  PID:10920
- C:\Windows\System\qyEzJRY.exe
  C:\Windows\System\qyEzJRY.exe
  2⤵
  PID:10948
- C:\Windows\System\IXuSrGs.exe
  C:\Windows\System\IXuSrGs.exe
  2⤵
  PID:10976
- C:\Windows\System\icwCyjl.exe
  C:\Windows\System\icwCyjl.exe
  2⤵
  PID:11004
- C:\Windows\System\JWKcXQg.exe
  C:\Windows\System\JWKcXQg.exe
  2⤵
  PID:11032
- C:\Windows\System\kvRyCKJ.exe
  C:\Windows\System\kvRyCKJ.exe
  2⤵
  PID:11060
- C:\Windows\System\bZxUvoO.exe
  C:\Windows\System\bZxUvoO.exe
  2⤵
  PID:11088
- C:\Windows\System\SYsDzTa.exe
  C:\Windows\System\SYsDzTa.exe
  2⤵
  PID:11116
- C:\Windows\System\NfpVbNX.exe
  C:\Windows\System\NfpVbNX.exe
  2⤵
  PID:11144
- C:\Windows\System\gdvmtWD.exe
  C:\Windows\System\gdvmtWD.exe
  2⤵
  PID:11172
- C:\Windows\System\aZJLRVf.exe
  C:\Windows\System\aZJLRVf.exe
  2⤵
  PID:11204
- C:\Windows\System\TnwNySg.exe
  C:\Windows\System\TnwNySg.exe
  2⤵
  PID:11232
- C:\Windows\System\bSUqnCW.exe
  C:\Windows\System\bSUqnCW.exe
  2⤵
  PID:11260
- C:\Windows\System\MLjuqor.exe
  C:\Windows\System\MLjuqor.exe
  2⤵
  PID:10300
- C:\Windows\System\PPkhoEj.exe
  C:\Windows\System\PPkhoEj.exe
  2⤵
  PID:10348
- C:\Windows\System\fboIlTS.exe
  C:\Windows\System\fboIlTS.exe
  2⤵
  PID:10404
- C:\Windows\System\UJSwkvt.exe
  C:\Windows\System\UJSwkvt.exe
  2⤵
  PID:1284
- C:\Windows\System\jNnipsZ.exe
  C:\Windows\System\jNnipsZ.exe
  2⤵
  PID:10460
- C:\Windows\System\ykgtQPj.exe
  C:\Windows\System\ykgtQPj.exe
  2⤵
  PID:10532
- C:\Windows\System\JECAfOz.exe
  C:\Windows\System\JECAfOz.exe
  2⤵
  PID:10576
- C:\Windows\System\ekWCkAB.exe
  C:\Windows\System\ekWCkAB.exe
  2⤵
  PID:10636
- C:\Windows\System\mWpjKXn.exe
  C:\Windows\System\mWpjKXn.exe
  2⤵
  PID:10708
- C:\Windows\System\CUJBjrg.exe
  C:\Windows\System\CUJBjrg.exe
  2⤵
  PID:10772
- C:\Windows\System\HylmTZl.exe
  C:\Windows\System\HylmTZl.exe
  2⤵
  PID:10832
- C:\Windows\System\PMImiAK.exe
  C:\Windows\System\PMImiAK.exe
  2⤵
  PID:10904
- C:\Windows\System\NHAetQT.exe
  C:\Windows\System\NHAetQT.exe
  2⤵
  PID:3452
- C:\Windows\System\WofNUIM.exe
  C:\Windows\System\WofNUIM.exe
  2⤵
  PID:10996
- C:\Windows\System\OXEJFrs.exe
  C:\Windows\System\OXEJFrs.exe
  2⤵
  PID:11052
- C:\Windows\System\yTZZlsb.exe
  C:\Windows\System\yTZZlsb.exe
  2⤵
  PID:11112
- C:\Windows\System\yUFdfFi.exe
  C:\Windows\System\yUFdfFi.exe
  2⤵
  PID:11184
- C:\Windows\System\CXYTJNf.exe
  C:\Windows\System\CXYTJNf.exe
  2⤵
  PID:11252
- C:\Windows\System\XLlaRFw.exe
  C:\Windows\System\XLlaRFw.exe
  2⤵
  PID:10328
- C:\Windows\System\gtjRLoW.exe
  C:\Windows\System\gtjRLoW.exe
  2⤵
  PID:10440
- C:\Windows\System\jOniChQ.exe
  C:\Windows\System\jOniChQ.exe
  2⤵
  PID:9264
- C:\Windows\System\rNsQdlS.exe
  C:\Windows\System\rNsQdlS.exe
  2⤵
  PID:10692
- C:\Windows\System\hgdvMbJ.exe
  C:\Windows\System\hgdvMbJ.exe
  2⤵
  PID:10860
- C:\Windows\System\uOmtEog.exe
  C:\Windows\System\uOmtEog.exe
  2⤵
  PID:10988
- C:\Windows\System\laQkPHZ.exe
  C:\Windows\System\laQkPHZ.exe
  2⤵
  PID:11140
- C:\Windows\System\NtmveEu.exe
  C:\Windows\System\NtmveEu.exe
  2⤵
  PID:10272
- C:\Windows\System\vUtbHLb.exe
  C:\Windows\System\vUtbHLb.exe
  2⤵
  PID:10528
- C:\Windows\System\azATYky.exe
  C:\Windows\System\azATYky.exe
  2⤵
  PID:10828
- C:\Windows\System\nRIScGi.exe
  C:\Windows\System\nRIScGi.exe
  2⤵
  PID:11168
- C:\Windows\System\zFLHHtU.exe
  C:\Windows\System\zFLHHtU.exe
  2⤵
  PID:10764
- C:\Windows\System\KMnDLQN.exe
  C:\Windows\System\KMnDLQN.exe
  2⤵
  PID:10664
- C:\Windows\System\TwVaRzP.exe
  C:\Windows\System\TwVaRzP.exe
  2⤵
  PID:11280
- C:\Windows\System\ZKjGhcG.exe
  C:\Windows\System\ZKjGhcG.exe
  2⤵
  PID:11308
- C:\Windows\System\VhNcnPz.exe
  C:\Windows\System\VhNcnPz.exe
  2⤵
  PID:11336
- C:\Windows\System\LOEjUvo.exe
  C:\Windows\System\LOEjUvo.exe
  2⤵
  PID:11364
- C:\Windows\System\IXbEcSx.exe
  C:\Windows\System\IXbEcSx.exe
  2⤵
  PID:11408
- C:\Windows\System\MkgURhU.exe
  C:\Windows\System\MkgURhU.exe
  2⤵
  PID:11424
- C:\Windows\System\hpIkxPJ.exe
  C:\Windows\System\hpIkxPJ.exe
  2⤵
  PID:11452
- C:\Windows\System\ISvHpdt.exe
  C:\Windows\System\ISvHpdt.exe
  2⤵
  PID:11480
- C:\Windows\System\qUPRzlo.exe
  C:\Windows\System\qUPRzlo.exe
  2⤵
  PID:11508
- C:\Windows\System\ORvHCbm.exe
  C:\Windows\System\ORvHCbm.exe
  2⤵
  PID:11548
- C:\Windows\System\guknqzL.exe
  C:\Windows\System\guknqzL.exe
  2⤵
  PID:11568
- C:\Windows\System\iOOKVko.exe
  C:\Windows\System\iOOKVko.exe
  2⤵
  PID:11596
- C:\Windows\System\sFllKyP.exe
  C:\Windows\System\sFllKyP.exe
  2⤵
  PID:11624
- C:\Windows\System\EaqWPfR.exe
  C:\Windows\System\EaqWPfR.exe
  2⤵
  PID:11652
- C:\Windows\System\HbveXxE.exe
  C:\Windows\System\HbveXxE.exe
  2⤵
  PID:11680
- C:\Windows\System\riBmZEe.exe
  C:\Windows\System\riBmZEe.exe
  2⤵
  PID:11708
- C:\Windows\System\bhgHHrF.exe
  C:\Windows\System\bhgHHrF.exe
  2⤵
  PID:11740
- C:\Windows\System\tPJzfPn.exe
  C:\Windows\System\tPJzfPn.exe
  2⤵
  PID:11768
- C:\Windows\System\KvcEucw.exe
  C:\Windows\System\KvcEucw.exe
  2⤵
  PID:11796
- C:\Windows\System\qaHTCPu.exe
  C:\Windows\System\qaHTCPu.exe
  2⤵
  PID:11824
- C:\Windows\System\wHZpqkc.exe
  C:\Windows\System\wHZpqkc.exe
  2⤵
  PID:11852
- C:\Windows\System\XmoeZct.exe
  C:\Windows\System\XmoeZct.exe
  2⤵
  PID:11880
- C:\Windows\System\xDJymBK.exe
  C:\Windows\System\xDJymBK.exe
  2⤵
  PID:11908
- C:\Windows\System\Jspqumi.exe
  C:\Windows\System\Jspqumi.exe
  2⤵
  PID:11936
- C:\Windows\System\CtfEqoT.exe
  C:\Windows\System\CtfEqoT.exe
  2⤵
  PID:11964
- C:\Windows\System\tNYKyhQ.exe
  C:\Windows\System\tNYKyhQ.exe
  2⤵
  PID:11992
- C:\Windows\System\qduSwTC.exe
  C:\Windows\System\qduSwTC.exe
  2⤵
  PID:12020
- C:\Windows\System\OuBzPPS.exe
  C:\Windows\System\OuBzPPS.exe
  2⤵
  PID:12056
- C:\Windows\System\DKzoMLR.exe
  C:\Windows\System\DKzoMLR.exe
  2⤵
  PID:12076
- C:\Windows\System\RznhRVa.exe
  C:\Windows\System\RznhRVa.exe
  2⤵
  PID:12104
- C:\Windows\System\aTdFcIr.exe
  C:\Windows\System\aTdFcIr.exe
  2⤵
  PID:12132
- C:\Windows\System\jSJjZuJ.exe
  C:\Windows\System\jSJjZuJ.exe
  2⤵
  PID:12160
- C:\Windows\System\njFclKE.exe
  C:\Windows\System\njFclKE.exe
  2⤵
  PID:12188
- C:\Windows\System\cIvqoAn.exe
  C:\Windows\System\cIvqoAn.exe
  2⤵
  PID:12216
- C:\Windows\System\uSkmERH.exe
  C:\Windows\System\uSkmERH.exe
  2⤵
  PID:12244
- C:\Windows\System\auQLVnO.exe
  C:\Windows\System\auQLVnO.exe
  2⤵
  PID:12272
- C:\Windows\System\tCzsEFr.exe
  C:\Windows\System\tCzsEFr.exe
  2⤵
  PID:11292
- C:\Windows\System\fUMJuDC.exe
  C:\Windows\System\fUMJuDC.exe
  2⤵
  PID:11356
- C:\Windows\System\QqiwrJT.exe
  C:\Windows\System\QqiwrJT.exe
  2⤵
  PID:11420
- C:\Windows\System\WQmxrFB.exe
  C:\Windows\System\WQmxrFB.exe
  2⤵
  PID:11492
- C:\Windows\System\qFcUCxp.exe
  C:\Windows\System\qFcUCxp.exe
  2⤵
  PID:1952
- C:\Windows\System\EakLGiM.exe
  C:\Windows\System\EakLGiM.exe
  2⤵
  PID:11588
- C:\Windows\System\YusHydM.exe
  C:\Windows\System\YusHydM.exe
  2⤵
  PID:11648
- C:\Windows\System\izqokVk.exe
  C:\Windows\System\izqokVk.exe
  2⤵
  PID:11732
- C:\Windows\System\PrimzaX.exe
  C:\Windows\System\PrimzaX.exe
  2⤵
  PID:4728
- C:\Windows\System\FCcHedF.exe
  C:\Windows\System\FCcHedF.exe
  2⤵
  PID:11848
- C:\Windows\System\yuhckfo.exe
  C:\Windows\System\yuhckfo.exe
  2⤵
  PID:11920
- C:\Windows\System\Aztpqks.exe
  C:\Windows\System\Aztpqks.exe
  2⤵
  PID:1800
- C:\Windows\System\XZSaKxO.exe
  C:\Windows\System\XZSaKxO.exe
  2⤵
  PID:12032
- C:\Windows\System\DiITVzg.exe
  C:\Windows\System\DiITVzg.exe
  2⤵
  PID:12096
- C:\Windows\System\rYsayDK.exe
  C:\Windows\System\rYsayDK.exe
  2⤵
  PID:12144
- C:\Windows\System\qKPHEOJ.exe
  C:\Windows\System\qKPHEOJ.exe
  2⤵
  PID:12208
- C:\Windows\System\XAwXYHT.exe
  C:\Windows\System\XAwXYHT.exe
  2⤵
  PID:12256
- C:\Windows\System\otfOHEP.exe
  C:\Windows\System\otfOHEP.exe
  2⤵
  PID:11272
- C:\Windows\System\LPTkhrd.exe
  C:\Windows\System\LPTkhrd.exe
  2⤵
  PID:11736
- C:\Windows\System\GGXkqpz.exe
  C:\Windows\System\GGXkqpz.exe
  2⤵
  PID:11524
- C:\Windows\System\ElMfSUm.exe
  C:\Windows\System\ElMfSUm.exe
  2⤵
  PID:11556
- C:\Windows\System\DPumiri.exe
  C:\Windows\System\DPumiri.exe
  2⤵
  PID:11644
- C:\Windows\System\hXYWRSr.exe
  C:\Windows\System\hXYWRSr.exe
  2⤵
  PID:11820
- C:\Windows\System\bKJnHKI.exe
  C:\Windows\System\bKJnHKI.exe
  2⤵
  PID:11900
- C:\Windows\System\RoMrTli.exe
  C:\Windows\System\RoMrTli.exe
  2⤵
  PID:12016
- C:\Windows\System\THTADfF.exe
  C:\Windows\System\THTADfF.exe
  2⤵
  PID:12072
- C:\Windows\System\VGBaQoz.exe
  C:\Windows\System\VGBaQoz.exe
  2⤵
  PID:3672
- C:\Windows\System\YgesvNC.exe
  C:\Windows\System\YgesvNC.exe
  2⤵
  PID:3564
- C:\Windows\System\XCfgzJh.exe
  C:\Windows\System\XCfgzJh.exe
  2⤵
  PID:3808
- C:\Windows\System\cgzhgTj.exe
  C:\Windows\System\cgzhgTj.exe
  2⤵
  PID:2864
- C:\Windows\System\iWYLbpv.exe
  C:\Windows\System\iWYLbpv.exe
  2⤵
  PID:4952
- C:\Windows\System\vRirEwY.exe
  C:\Windows\System\vRirEwY.exe
  2⤵
  PID:11636
- C:\Windows\System\kNGKsFf.exe
  C:\Windows\System\kNGKsFf.exe
  2⤵
  PID:2592
- C:\Windows\System\IYiMkLz.exe
  C:\Windows\System\IYiMkLz.exe
  2⤵
  PID:452
- C:\Windows\System\OYSCcDJ.exe
  C:\Windows\System\OYSCcDJ.exe
  2⤵
  PID:5012
- C:\Windows\System\KwlyabF.exe
  C:\Windows\System\KwlyabF.exe
  2⤵
  PID:4356
- C:\Windows\System\EvgdrTj.exe
  C:\Windows\System\EvgdrTj.exe
  2⤵
  PID:12200
- C:\Windows\System\yRIxReS.exe
  C:\Windows\System\yRIxReS.exe
  2⤵
  PID:1372
- C:\Windows\System\zmIpHcM.exe
  C:\Windows\System\zmIpHcM.exe
  2⤵
  PID:3248
- C:\Windows\System\dQsXSfA.exe
  C:\Windows\System\dQsXSfA.exe
  2⤵
  PID:4472
- C:\Windows\System\AmHuVAe.exe
  C:\Windows\System\AmHuVAe.exe
  2⤵
  PID:3120
- C:\Windows\System\GBOefhD.exe
  C:\Windows\System\GBOefhD.exe
  2⤵
  PID:4436
- C:\Windows\System\oBvTPds.exe
  C:\Windows\System\oBvTPds.exe
  2⤵
  PID:11720
- C:\Windows\System\YCdJQrK.exe
  C:\Windows\System\YCdJQrK.exe
  2⤵
  PID:11472
- C:\Windows\System\gIcgxnF.exe
  C:\Windows\System\gIcgxnF.exe
  2⤵
  PID:4228
- C:\Windows\System\cKApNYd.exe
  C:\Windows\System\cKApNYd.exe
  2⤵
  PID:12064
- C:\Windows\System\uBYaeQL.exe
  C:\Windows\System\uBYaeQL.exe
  2⤵
  PID:612
- C:\Windows\System\CNrlsAZ.exe
  C:\Windows\System\CNrlsAZ.exe
  2⤵
  PID:11816
- C:\Windows\System\yWpeDxq.exe
  C:\Windows\System\yWpeDxq.exe
  2⤵
  PID:12124
- C:\Windows\System\BfmCgby.exe
  C:\Windows\System\BfmCgby.exe
  2⤵
  PID:2840
- C:\Windows\System\USBaPku.exe
  C:\Windows\System\USBaPku.exe
  2⤵
  PID:1364
- C:\Windows\System\KsMkFXu.exe
  C:\Windows\System\KsMkFXu.exe
  2⤵
  PID:3140
- C:\Windows\System\eojrzER.exe
  C:\Windows\System\eojrzER.exe
  2⤵
  PID:12128
- C:\Windows\System\YNEWrFA.exe
  C:\Windows\System\YNEWrFA.exe
  2⤵
  PID:12312
- C:\Windows\System\XpxWQAe.exe
  C:\Windows\System\XpxWQAe.exe
  2⤵
  PID:12340
- C:\Windows\System\aKSTfAM.exe
  C:\Windows\System\aKSTfAM.exe
  2⤵
  PID:12380
- C:\Windows\System\GiLdsDE.exe
  C:\Windows\System\GiLdsDE.exe
  2⤵
  PID:12396
- C:\Windows\System\UJhmQrA.exe
  C:\Windows\System\UJhmQrA.exe
  2⤵
  PID:12424
- C:\Windows\System\tKJXTbh.exe
  C:\Windows\System\tKJXTbh.exe
  2⤵
  PID:12452
- C:\Windows\System\sZzSAIK.exe
  C:\Windows\System\sZzSAIK.exe
  2⤵
  PID:12480
- C:\Windows\System\TKGxsaf.exe
  C:\Windows\System\TKGxsaf.exe
  2⤵
  PID:12512
- C:\Windows\System\GLnlTZx.exe
  C:\Windows\System\GLnlTZx.exe
  2⤵
  PID:12540
- C:\Windows\System\uLmJYVr.exe
  C:\Windows\System\uLmJYVr.exe
  2⤵
  PID:12576
- C:\Windows\System\gDwBjgZ.exe
  C:\Windows\System\gDwBjgZ.exe
  2⤵
  PID:12604
- C:\Windows\System\QoquzVm.exe
  C:\Windows\System\QoquzVm.exe
  2⤵
  PID:12640
- C:\Windows\System\MTUVfsD.exe
  C:\Windows\System\MTUVfsD.exe
  2⤵
  PID:12668
- C:\Windows\System\ATACnXY.exe
  C:\Windows\System\ATACnXY.exe
  2⤵
  PID:12716
- C:\Windows\System\sFgRGzw.exe
  C:\Windows\System\sFgRGzw.exe
  2⤵
  PID:12736
- C:\Windows\System\qEXBQDT.exe
  C:\Windows\System\qEXBQDT.exe
  2⤵
  PID:12760
- C:\Windows\System\NdQvblb.exe
  C:\Windows\System\NdQvblb.exe
  2⤵
  PID:12788
- C:\Windows\System\coQWktc.exe
  C:\Windows\System\coQWktc.exe
  2⤵
  PID:12816
- C:\Windows\System\wWkdeul.exe
  C:\Windows\System\wWkdeul.exe
  2⤵
  PID:12844
- C:\Windows\System\XbJBcbE.exe
  C:\Windows\System\XbJBcbE.exe
  2⤵
  PID:12872
- C:\Windows\System\qNXKZVD.exe
  C:\Windows\System\qNXKZVD.exe
  2⤵
  PID:12900
- C:\Windows\System\drbTKjj.exe
  C:\Windows\System\drbTKjj.exe
  2⤵
  PID:12928
- C:\Windows\System\vTTnlcU.exe
  C:\Windows\System\vTTnlcU.exe
  2⤵
  PID:12956
- C:\Windows\System\XeKOgIr.exe
  C:\Windows\System\XeKOgIr.exe
  2⤵
  PID:12984
- C:\Windows\System\OXSNXGj.exe
  C:\Windows\System\OXSNXGj.exe
  2⤵
  PID:13012
- C:\Windows\System\OSbImVN.exe
  C:\Windows\System\OSbImVN.exe
  2⤵
  PID:13040
- C:\Windows\System\vVJTkIU.exe
  C:\Windows\System\vVJTkIU.exe
  2⤵
  PID:13068
- C:\Windows\System\EqLjvxx.exe
  C:\Windows\System\EqLjvxx.exe
  2⤵
  PID:13096
- C:\Windows\System\qQmvbhb.exe
  C:\Windows\System\qQmvbhb.exe
  2⤵
  PID:13124
- C:\Windows\System\TfiMSFK.exe
  C:\Windows\System\TfiMSFK.exe
  2⤵
  PID:13152
- C:\Windows\System\ndrbeJq.exe
  C:\Windows\System\ndrbeJq.exe
  2⤵
  PID:13180
- C:\Windows\System\uKfxpdn.exe
  C:\Windows\System\uKfxpdn.exe
  2⤵
  PID:13208
- C:\Windows\System\ovjsFze.exe
  C:\Windows\System\ovjsFze.exe
  2⤵
  PID:13236
- C:\Windows\System\edRHyiJ.exe
  C:\Windows\System\edRHyiJ.exe
  2⤵
  PID:13264
- C:\Windows\System\KvqTUJz.exe
  C:\Windows\System\KvqTUJz.exe
  2⤵
  PID:13292
- C:\Windows\System\gWBJJlv.exe
  C:\Windows\System\gWBJJlv.exe
  2⤵
  PID:3468
- C:\Windows\System\ANYbSCc.exe
  C:\Windows\System\ANYbSCc.exe
  2⤵
  PID:12336
- C:\Windows\System\GVXmSbM.exe
  C:\Windows\System\GVXmSbM.exe
  2⤵
  PID:12388
- C:\Windows\System\UDTiJRr.exe
  C:\Windows\System\UDTiJRr.exe
  2⤵
  PID:12436
- C:\Windows\System\mnIFjfC.exe
  C:\Windows\System\mnIFjfC.exe
  2⤵
  PID:4412
- C:\Windows\System\qYXkLai.exe
  C:\Windows\System\qYXkLai.exe
  2⤵
  PID:4684
- C:\Windows\System\pqWFmSw.exe
  C:\Windows\System\pqWFmSw.exe
  2⤵
  PID:3872
- C:\Windows\System\vpUvwxh.exe
  C:\Windows\System\vpUvwxh.exe
  2⤵
  PID:2364
- C:\Windows\System\JzIPKGm.exe
  C:\Windows\System\JzIPKGm.exe
  2⤵
  PID:1912
- C:\Windows\System\WmfUuLa.exe
  C:\Windows\System\WmfUuLa.exe
  2⤵
  PID:12616
- C:\Windows\System\WGcBkbw.exe
  C:\Windows\System\WGcBkbw.exe
  2⤵
  PID:2424
- C:\Windows\System\IHoWmlN.exe
  C:\Windows\System\IHoWmlN.exe
  2⤵
  PID:12692
- C:\Windows\System\RidYsZc.exe
  C:\Windows\System\RidYsZc.exe
  2⤵
  PID:3512
- C:\Windows\System\hvSXRCx.exe
  C:\Windows\System\hvSXRCx.exe
  2⤵
  PID:12712
- C:\Windows\System\LDVpSDa.exe
  C:\Windows\System\LDVpSDa.exe
  2⤵
  PID:12752
- C:\Windows\System\HpOsIar.exe
  C:\Windows\System\HpOsIar.exe
  2⤵
  PID:12784
- C:\Windows\System\ddgazYV.exe
  C:\Windows\System\ddgazYV.exe
  2⤵
  PID:1960
- C:\Windows\System\WxXUPyZ.exe
  C:\Windows\System\WxXUPyZ.exe
  2⤵
  PID:5064
- C:\Windows\System\JQjsDyi.exe
  C:\Windows\System\JQjsDyi.exe
  2⤵
  PID:4084
- C:\Windows\System\urXtIom.exe
  C:\Windows\System\urXtIom.exe
  2⤵
  PID:12952
- C:\Windows\System\wvocUfA.exe
  C:\Windows\System\wvocUfA.exe
  2⤵
  PID:13004
- C:\Windows\System\zULbABe.exe
  C:\Windows\System\zULbABe.exe
  2⤵
  PID:13052
- C:\Windows\System\TLmeyLq.exe
  C:\Windows\System\TLmeyLq.exe
  2⤵
  PID:13092
- C:\Windows\System\lSfXbuf.exe
  C:\Windows\System\lSfXbuf.exe
  2⤵
  PID:13144
- C:\Windows\System\SBLgegY.exe
  C:\Windows\System\SBLgegY.exe
  2⤵
  PID:13192
- C:\Windows\System\osGANsU.exe
  C:\Windows\System\osGANsU.exe
  2⤵
  PID:5280
- C:\Windows\System\DPMxlNA.exe
  C:\Windows\System\DPMxlNA.exe
  2⤵
  PID:13288
- C:\Windows\System\YlVTvTy.exe
  C:\Windows\System\YlVTvTy.exe
  2⤵
  PID:2852
- C:\Windows\System\AZUnoiY.exe
  C:\Windows\System\AZUnoiY.exe
  2⤵
  PID:5024
- C:\Windows\System\TczaRKX.exe
  C:\Windows\System\TczaRKX.exe
  2⤵
  PID:12472
- C:\Windows\System\gJnYnIW.exe
  C:\Windows\System\gJnYnIW.exe
  2⤵
  PID:12528
- C:\Windows\System\MgrPpGU.exe
  C:\Windows\System\MgrPpGU.exe
  2⤵
  PID:4152
- C:\Windows\System\jeNIIGf.exe
  C:\Windows\System\jeNIIGf.exe
  2⤵
  PID:12600
- C:\Windows\System\gkZcOQD.exe
  C:\Windows\System\gkZcOQD.exe
  2⤵
  PID:12656
- C:\Windows\System\nJhsAeJ.exe
  C:\Windows\System\nJhsAeJ.exe
  2⤵
  PID:1632
- C:\Windows\System\SJPvOef.exe
  C:\Windows\System\SJPvOef.exe
  2⤵
  PID:5584
- C:\Windows\System\BgkKsWh.exe
  C:\Windows\System\BgkKsWh.exe
  2⤵
  PID:5604
- C:\Windows\System\MsnTUWy.exe
  C:\Windows\System\MsnTUWy.exe
  2⤵
  PID:5688
- C:\Windows\System\oofxWTM.exe
  C:\Windows\System\oofxWTM.exe
  2⤵
  PID:2608
- C:\Windows\System\sfdriNd.exe
  C:\Windows\System\sfdriNd.exe
  2⤵
  PID:900
- C:\Windows\System\MCWptoI.exe
  C:\Windows\System\MCWptoI.exe
  2⤵
  PID:13080
- C:\Windows\System\yyuOmsp.exe
  C:\Windows\System\yyuOmsp.exe
  2⤵
  PID:13172
- C:\Windows\System\HOjpkpg.exe
  C:\Windows\System\HOjpkpg.exe
  2⤵
  PID:13260
- C:\Windows\System\rmtBwIC.exe
  C:\Windows\System\rmtBwIC.exe
  2⤵
  PID:2388
- C:\Windows\System\FxRyYtr.exe
  C:\Windows\System\FxRyYtr.exe
  2⤵
  PID:12444
- C:\Windows\System\JTnuJpQ.exe
  C:\Windows\System\JTnuJpQ.exe
  2⤵
  PID:5968
- C:\Windows\System\BLfTJDc.exe
  C:\Windows\System\BLfTJDc.exe
  2⤵
  PID:5440
- C:\Windows\System\mtyhxEt.exe
  C:\Windows\System\mtyhxEt.exe
  2⤵
  PID:6068
- C:\Windows\System\dAjdzzt.exe
  C:\Windows\System\dAjdzzt.exe
  2⤵
  PID:4060
- C:\Windows\System\kBvrQbs.exe
  C:\Windows\System\kBvrQbs.exe
  2⤵
  PID:6128
- C:\Windows\System\jCByJkw.exe
  C:\Windows\System\jCByJkw.exe
  2⤵
  PID:12912
- C:\Windows\System\QFNCInQ.exe
  C:\Windows\System\QFNCInQ.exe
  2⤵
  PID:5820
- C:\Windows\System\mmruQiK.exe
  C:\Windows\System\mmruQiK.exe
  2⤵
  PID:13232
- C:\Windows\System\YKFbPGp.exe
  C:\Windows\System\YKFbPGp.exe
  2⤵
  PID:5292
- C:\Windows\System\iIEidJI.exe
  C:\Windows\System\iIEidJI.exe
  2⤵
  PID:5380
- C:\Windows\System\QJwuRnJ.exe
  C:\Windows\System\QJwuRnJ.exe
  2⤵
  PID:1092
- C:\Windows\System\CuEJmue.exe
  C:\Windows\System\CuEJmue.exe
  2⤵
  PID:5624
- C:\Windows\System\SgYOHyK.exe
  C:\Windows\System\SgYOHyK.exe
  2⤵
  PID:6092
- C:\Windows\System\tmijEMJ.exe
  C:\Windows\System\tmijEMJ.exe
  2⤵
  PID:5164
- C:\Windows\System\JVFPiRY.exe
  C:\Windows\System\JVFPiRY.exe
  2⤵
  PID:5288
- C:\Windows\System\KXSyVbO.exe
  C:\Windows\System\KXSyVbO.exe
  2⤵
  PID:12300
- C:\Windows\System\MthJOwb.exe
  C:\Windows\System\MthJOwb.exe
  2⤵
  PID:6024
- C:\Windows\System\AAHtPuf.exe
  C:\Windows\System\AAHtPuf.exe
  2⤵
  PID:5888
- C:\Windows\System\AvbDaFg.exe
  C:\Windows\System\AvbDaFg.exe
  2⤵
  PID:1404
- C:\Windows\System\phkMmPU.exe
  C:\Windows\System\phkMmPU.exe
  2⤵
  PID:5244
- C:\Windows\System\nIswHIq.exe
  C:\Windows\System\nIswHIq.exe
  2⤵
  PID:6044
- C:\Windows\System\WTxcxDc.exe
  C:\Windows\System\WTxcxDc.exe
  2⤵
  PID:5384
- C:\Windows\System\pYjCarx.exe
  C:\Windows\System\pYjCarx.exe
  2⤵
  PID:5700
- C:\Windows\System\kWiiESR.exe
  C:\Windows\System\kWiiESR.exe
  2⤵
  PID:5984
- C:\Windows\System\AbLnwFr.exe
  C:\Windows\System\AbLnwFr.exe
  2⤵
  PID:5928
- C:\Windows\System\JsJooCc.exe
  C:\Windows\System\JsJooCc.exe
  2⤵
  PID:13324
- C:\Windows\System\NBuHail.exe
  C:\Windows\System\NBuHail.exe
  2⤵
  PID:13340
- C:\Windows\System\MNcpcOB.exe
  C:\Windows\System\MNcpcOB.exe
  2⤵
  PID:13368
- C:\Windows\System\BYFnjGq.exe
  C:\Windows\System\BYFnjGq.exe
  2⤵
  PID:13396
- C:\Windows\System\JqzbiAd.exe
  C:\Windows\System\JqzbiAd.exe
  2⤵
  PID:13424
- C:\Windows\System\InOjeVC.exe
  C:\Windows\System\InOjeVC.exe
  2⤵
  PID:13452
- C:\Windows\System\VbtDTos.exe
  C:\Windows\System\VbtDTos.exe
  2⤵
  PID:13480
- C:\Windows\System\vgAgNmh.exe
  C:\Windows\System\vgAgNmh.exe
  2⤵
  PID:13508
- C:\Windows\System\FAtvBhQ.exe
  C:\Windows\System\FAtvBhQ.exe
  2⤵
  PID:13536
- C:\Windows\System\kxUYwKY.exe
  C:\Windows\System\kxUYwKY.exe
  2⤵
  PID:13564
- C:\Windows\System\ngLeknY.exe
  C:\Windows\System\ngLeknY.exe
  2⤵
  PID:13592
- C:\Windows\System\LxrvpZK.exe
  C:\Windows\System\LxrvpZK.exe
  2⤵
  PID:13620
- C:\Windows\System\MbINoXm.exe
  C:\Windows\System\MbINoXm.exe
  2⤵
  PID:13648
- C:\Windows\System\RUvXOYK.exe
  C:\Windows\System\RUvXOYK.exe
  2⤵
  PID:13676
- C:\Windows\System\HEVkQsA.exe
  C:\Windows\System\HEVkQsA.exe
  2⤵
  PID:13704
- C:\Windows\System\pASkgTx.exe
  C:\Windows\System\pASkgTx.exe
  2⤵
  PID:13732
- C:\Windows\System\WpWkpsR.exe
  C:\Windows\System\WpWkpsR.exe
  2⤵
  PID:13760
- C:\Windows\System\jyjlvZw.exe
  C:\Windows\System\jyjlvZw.exe
  2⤵
  PID:13788
- C:\Windows\System\ixnhdix.exe
  C:\Windows\System\ixnhdix.exe
  2⤵
  PID:13816
- C:\Windows\System\MCoUeDq.exe
  C:\Windows\System\MCoUeDq.exe
  2⤵
  PID:13844
- C:\Windows\System\FPzIkyR.exe
  C:\Windows\System\FPzIkyR.exe
  2⤵
  PID:13872
- C:\Windows\System\PXkIYSD.exe
  C:\Windows\System\PXkIYSD.exe
  2⤵
  PID:13900
- C:\Windows\System\eoBSHUO.exe
  C:\Windows\System\eoBSHUO.exe
  2⤵
  PID:13932
- C:\Windows\System\gejhkLU.exe
  C:\Windows\System\gejhkLU.exe
  2⤵
  PID:13960
- C:\Windows\System\PziHqTe.exe
  C:\Windows\System\PziHqTe.exe
  2⤵
  PID:13988
- C:\Windows\System\GFsagQG.exe
  C:\Windows\System\GFsagQG.exe
  2⤵
  PID:14016
- C:\Windows\System\cDeIvgK.exe
  C:\Windows\System\cDeIvgK.exe
  2⤵
  PID:14044
- C:\Windows\System\hXPEPLS.exe
  C:\Windows\System\hXPEPLS.exe
  2⤵
  PID:14072
- C:\Windows\System\hWVcZPI.exe
  C:\Windows\System\hWVcZPI.exe
  2⤵
  PID:14100
- C:\Windows\System\hKOGDNM.exe
  C:\Windows\System\hKOGDNM.exe
  2⤵
  PID:14128
- C:\Windows\System\fJpLGHV.exe
  C:\Windows\System\fJpLGHV.exe
  2⤵
  PID:14156
- C:\Windows\System\RIvqxcM.exe
  C:\Windows\System\RIvqxcM.exe
  2⤵
  PID:14184
- C:\Windows\System\imhXjEw.exe
  C:\Windows\System\imhXjEw.exe
  2⤵
  PID:14212
- C:\Windows\System\wmFQHjQ.exe
  C:\Windows\System\wmFQHjQ.exe
  2⤵
  PID:14240
- C:\Windows\System\JhdubWb.exe
  C:\Windows\System\JhdubWb.exe
  2⤵
  PID:14280
- C:\Windows\System\OuxGZqq.exe
  C:\Windows\System\OuxGZqq.exe
  2⤵
  PID:14296
- C:\Windows\System\ifheagq.exe
  C:\Windows\System\ifheagq.exe
  2⤵
  PID:14324
- C:\Windows\System\XQzwpDN.exe
  C:\Windows\System\XQzwpDN.exe
  2⤵
  PID:13332
- C:\Windows\System\SmULlMq.exe
  C:\Windows\System\SmULlMq.exe
  2⤵
  PID:13380
- C:\Windows\System\hLbRxdn.exe
  C:\Windows\System\hLbRxdn.exe
  2⤵
  PID:13420
- C:\Windows\System\LiIpBAY.exe
  C:\Windows\System\LiIpBAY.exe
  2⤵
  PID:13472
- C:\Windows\System\mpURtab.exe
  C:\Windows\System\mpURtab.exe
  2⤵
  PID:6256
- C:\Windows\System\sDTtBqj.exe
  C:\Windows\System\sDTtBqj.exe
  2⤵
  PID:13604
- C:\Windows\System\HhWKgqA.exe
  C:\Windows\System\HhWKgqA.exe
  2⤵
  PID:13688
- C:\Windows\System\Uwcrohz.exe
  C:\Windows\System\Uwcrohz.exe
  2⤵
  PID:14064
- C:\Windows\System\dOqGLvh.exe
  C:\Windows\System\dOqGLvh.exe
  2⤵
  PID:6808
- C:\Windows\System\yvdubka.exe
  C:\Windows\System\yvdubka.exe
  2⤵
  PID:14260
- C:\Windows\System\dOfKJLQ.exe
  C:\Windows\System\dOfKJLQ.exe
  2⤵
  PID:14308
- C:\Windows\System\aZWbudl.exe
  C:\Windows\System\aZWbudl.exe
  2⤵
  PID:13504
- C:\Windows\System\xMmejXk.exe
  C:\Windows\System\xMmejXk.exe
  2⤵
  PID:6408
- C:\Windows\System\queILph.exe
  C:\Windows\System\queILph.exe
  2⤵
  PID:13752
- C:\Windows\System\hHErzZM.exe
  C:\Windows\System\hHErzZM.exe
  2⤵
  PID:6936
- C:\Windows\System\NucRHwJ.exe
  C:\Windows\System\NucRHwJ.exe
  2⤵
  PID:4324
- C:\Windows\System\HlfOOzl.exe
  C:\Windows\System\HlfOOzl.exe
  2⤵
  PID:13956
- C:\Windows\System\LNzeMHs.exe
  C:\Windows\System\LNzeMHs.exe
  2⤵
  PID:14112
- C:\Windows\System\HjlyjXm.exe
  C:\Windows\System\HjlyjXm.exe
  2⤵
  PID:6780
- C:\Windows\System\DIvEzgH.exe
  C:\Windows\System\DIvEzgH.exe
  2⤵
  PID:14168
- C:\Windows\System\mKUPPyS.exe
  C:\Windows\System\mKUPPyS.exe
  2⤵
  PID:6836
- C:\Windows\System\PoSYffX.exe
  C:\Windows\System\PoSYffX.exe
  2⤵
  PID:14288
- C:\Windows\System\RdWCWsD.exe
  C:\Windows\System\RdWCWsD.exe
  2⤵
  PID:6200
- C:\Windows\System\KEkaUFo.exe
  C:\Windows\System\KEkaUFo.exe
  2⤵
  PID:13612
- C:\Windows\System\rUTOEnn.exe
  C:\Windows\System\rUTOEnn.exe
  2⤵
  PID:6448
- C:\Windows\System\omdHXqf.exe
  C:\Windows\System\omdHXqf.exe
  2⤵
  PID:6872
- C:\Windows\System\vEHSSUi.exe
  C:\Windows\System\vEHSSUi.exe
  2⤵
  PID:13896
- C:\Windows\System\YYoMxep.exe
  C:\Windows\System\YYoMxep.exe
  2⤵
  PID:6948
- C:\Windows\System\qkNXUcm.exe
  C:\Windows\System\qkNXUcm.exe
  2⤵
  PID:13980
- C:\Windows\System\EQEDIBU.exe
  C:\Windows\System\EQEDIBU.exe
  2⤵
  PID:14012
- C:\Windows\System\UqVmidY.exe
  C:\Windows\System\UqVmidY.exe
  2⤵
  PID:6932
- C:\Windows\System\UWCKAOd.exe
  C:\Windows\System\UWCKAOd.exe
  2⤵
  PID:5632
- C:\Windows\System\OFFccPb.exe
  C:\Windows\System\OFFccPb.exe
  2⤵
  PID:6964
- C:\Windows\System\doUdFOu.exe
  C:\Windows\System\doUdFOu.exe
  2⤵
  PID:14224
- C:\Windows\System\AQFpxaE.exe
  C:\Windows\System\AQFpxaE.exe
  2⤵
  PID:6268
- C:\Windows\System\CzYPHeH.exe
  C:\Windows\System\CzYPHeH.exe
  2⤵
  PID:13364
- C:\Windows\System\hPcmmJW.exe
  C:\Windows\System\hPcmmJW.exe
  2⤵
  PID:13500
- C:\Windows\System\AIYhdVu.exe
  C:\Windows\System\AIYhdVu.exe
  2⤵
  PID:6880
- C:\Windows\System\hoHQaHi.exe
  C:\Windows\System\hoHQaHi.exe
  2⤵
  PID:13668
- C:\Windows\System\KOulqMn.exe
  C:\Windows\System\KOulqMn.exe
  2⤵
  PID:13724
- C:\Windows\System\obWXKVr.exe
  C:\Windows\System\obWXKVr.exe
  2⤵
  PID:13784
- C:\Windows\System\PsnMmFY.exe
  C:\Windows\System\PsnMmFY.exe
  2⤵
  PID:6688
- C:\Windows\System\YptVJVm.exe
  C:\Windows\System\YptVJVm.exe
  2⤵
  PID:13836
- C:\Windows\System\zgPJUpp.exe
  C:\Windows\System\zgPJUpp.exe
  2⤵
  PID:6516
- C:\Windows\System\vKvVTlT.exe
  C:\Windows\System\vKvVTlT.exe
  2⤵
  PID:7192
- C:\Windows\System\ceIlzDE.exe
  C:\Windows\System\ceIlzDE.exe
  2⤵
  PID:6768
- C:\Windows\System\xsMfaxT.exe
  C:\Windows\System\xsMfaxT.exe
  2⤵
  PID:6608
- C:\Windows\System\UzmaIuu.exe
  C:\Windows\System\UzmaIuu.exe
  2⤵
  PID:7420
- C:\Windows\System\UbksPuO.exe
  C:\Windows\System\UbksPuO.exe
  2⤵
  PID:14152
- C:\Windows\System\KuVxRei.exe
  C:\Windows\System\KuVxRei.exe
  2⤵
  PID:7124
- C:\Windows\System\bxgBAJE.exe
  C:\Windows\System\bxgBAJE.exe
  2⤵
  PID:7580
- C:\Windows\System\GmiXroH.exe
  C:\Windows\System\GmiXroH.exe
  2⤵
  PID:7632
- C:\Windows\System\BzHEdBX.exe
  C:\Windows\System\BzHEdBX.exe
  2⤵
  PID:7660
- C:\Windows\System\rTFjxGE.exe
  C:\Windows\System\rTFjxGE.exe
  2⤵
  PID:7684
- C:\Windows\System\qLydxiY.exe
  C:\Windows\System\qLydxiY.exe
  2⤵
  PID:6736
- C:\Windows\System\yyetqZZ.exe
  C:\Windows\System\yyetqZZ.exe
  2⤵
  PID:7772
- C:\Windows\System\XrTZzjR.exe
  C:\Windows\System\XrTZzjR.exe
  2⤵
  PID:6620
- C:\Windows\System\VnBFicX.exe
  C:\Windows\System\VnBFicX.exe
  2⤵
  PID:7360
- C:\Windows\System\JOXRFAs.exe
  C:\Windows\System\JOXRFAs.exe
  2⤵
  PID:14056
- C:\Windows\System\KzvOIcs.exe
  C:\Windows\System\KzvOIcs.exe
  2⤵
  PID:7944
- C:\Windows\System\dOBCfjv.exe
  C:\Windows\System\dOBCfjv.exe
  2⤵
  PID:7496
- C:\Windows\System\wYuvRTv.exe
  C:\Windows\System\wYuvRTv.exe
  2⤵
  PID:7560
- C:\Windows\System\kFUdzPg.exe
  C:\Windows\System\kFUdzPg.exe
  2⤵
  PID:13716
- C:\Windows\System\iCEatYU.exe
  C:\Windows\System\iCEatYU.exe
  2⤵
  PID:13864
- C:\Windows\System\wHyZFiK.exe
  C:\Windows\System\wHyZFiK.exe
  2⤵
  PID:3496
- C:\Windows\System\CCchubd.exe
  C:\Windows\System\CCchubd.exe
  2⤵
  PID:7380
- C:\Windows\System\qGEXGUJ.exe
  C:\Windows\System\qGEXGUJ.exe
  2⤵
  PID:7884
- C:\Windows\System\qiRQDng.exe
  C:\Windows\System\qiRQDng.exe
  2⤵
  PID:14092
- C:\Windows\System\tnWsxYR.exe
  C:\Windows\System\tnWsxYR.exe
  2⤵
  PID:1712
- C:\Windows\System\KwstvpA.exe
  C:\Windows\System\KwstvpA.exe
  2⤵
  PID:1956
- C:\Windows\System\SehRNQL.exe
  C:\Windows\System\SehRNQL.exe
  2⤵
  PID:6616
- C:\Windows\System\vujDkPE.exe
  C:\Windows\System\vujDkPE.exe
  2⤵
  PID:13464
- C:\Windows\System\HBMjvDA.exe
  C:\Windows\System\HBMjvDA.exe
  2⤵
  PID:13556
- C:\Windows\System\aSFZtSC.exe
  C:\Windows\System\aSFZtSC.exe
  2⤵
  PID:8020
- C:\Windows\System\UtDutCx.exe
  C:\Windows\System\UtDutCx.exe
  2⤵
  PID:8176
- C:\Windows\System\kIFJClt.exe
  C:\Windows\System\kIFJClt.exe
  2⤵
  PID:7696
- C:\Windows\System\ytDPdOF.exe
  C:\Windows\System\ytDPdOF.exe
  2⤵
  PID:7704
- C:\Windows\System\vjwzcYV.exe
  C:\Windows\System\vjwzcYV.exe
  2⤵
  PID:8004
- C:\Windows\System\LYJSfpg.exe
  C:\Windows\System\LYJSfpg.exe
  2⤵
  PID:7616
- C:\Windows\System\SkTfUbO.exe
  C:\Windows\System\SkTfUbO.exe
  2⤵
  PID:8144
- C:\Windows\System\BoRxYmK.exe
  C:\Windows\System\BoRxYmK.exe
  2⤵
  PID:8256
- C:\Windows\System\YrUyQbC.exe
  C:\Windows\System\YrUyQbC.exe
  2⤵
  PID:7792
- C:\Windows\System\MItoINR.exe
  C:\Windows\System\MItoINR.exe
  2⤵
  PID:7288
- C:\Windows\System\jgNtXpI.exe
  C:\Windows\System\jgNtXpI.exe
  2⤵
  PID:7900
- C:\Windows\System\IPtgNUx.exe
  C:\Windows\System\IPtgNUx.exe
  2⤵
  PID:7424
- C:\Windows\System\VPWoGaG.exe
  C:\Windows\System\VPWoGaG.exe
  2⤵
  PID:8420
- C:\Windows\System\FwZgzqJ.exe
  C:\Windows\System\FwZgzqJ.exe
  2⤵
  PID:8448
- C:\Windows\System\RXUaQRU.exe
  C:\Windows\System\RXUaQRU.exe
  2⤵
  PID:7196
- C:\Windows\System\pJbHHnQ.exe
  C:\Windows\System\pJbHHnQ.exe
  2⤵
  PID:8512
- C:\Windows\System\FUEfKVm.exe
  C:\Windows\System\FUEfKVm.exe
  2⤵
  PID:7672
- C:\Windows\System\GeJngpv.exe
  C:\Windows\System\GeJngpv.exe
  2⤵
  PID:8596
- C:\Windows\System\xEQJLGc.exe
  C:\Windows\System\xEQJLGc.exe
  2⤵
  PID:8624
- C:\Windows\System\reljyny.exe
  C:\Windows\System\reljyny.exe
  2⤵
  PID:8428
- C:\Windows\System\cUALFru.exe
  C:\Windows\System\cUALFru.exe
  2⤵
  PID:8672
- C:\Windows\System\dNKnXRn.exe
  C:\Windows\System\dNKnXRn.exe
  2⤵
  PID:8904
- C:\Windows\System\BwFkoiL.exe
  C:\Windows\System\BwFkoiL.exe
  2⤵
  PID:8504
- C:\Windows\System\eaKNXDE.exe
  C:\Windows\System\eaKNXDE.exe
  2⤵
  PID:6624
- C:\Windows\System\RzqMnFh.exe
  C:\Windows\System\RzqMnFh.exe
  2⤵
  PID:8320
- C:\Windows\System\puzIlcm.exe
  C:\Windows\System\puzIlcm.exe
  2⤵
  PID:2576
- C:\Windows\System\smtGhfq.exe
  C:\Windows\System\smtGhfq.exe
  2⤵
  PID:8088
- C:\Windows\System\JoprLWk.exe
  C:\Windows\System\JoprLWk.exe
  2⤵
  PID:8456
- C:\Windows\System\tvaZYAM.exe
  C:\Windows\System\tvaZYAM.exe
  2⤵
  PID:9096
- C:\Windows\System\enzxvqA.exe
  C:\Windows\System\enzxvqA.exe
  2⤵
  PID:8764
- C:\Windows\System\ClTeHUO.exe
  C:\Windows\System\ClTeHUO.exe
  2⤵
  PID:8568
- C:\Windows\System\usMgxwC.exe
  C:\Windows\System\usMgxwC.exe
  2⤵
  PID:8812
- C:\Windows\System\hqnUQAS.exe
  C:\Windows\System\hqnUQAS.exe
  2⤵
  PID:8092
- C:\Windows\System\ojJxQpc.exe
  C:\Windows\System\ojJxQpc.exe
  2⤵
  PID:8560
- C:\Windows\System\dUgllSa.exe
  C:\Windows\System\dUgllSa.exe
  2⤵
  PID:9120
- C:\Windows\System\itkheqh.exe
  C:\Windows\System\itkheqh.exe
  2⤵
  PID:13924
- C:\Windows\System\FnSLeDN.exe
  C:\Windows\System\FnSLeDN.exe
  2⤵
  PID:8348
- C:\Windows\System\YdDpkcP.exe
  C:\Windows\System\YdDpkcP.exe
  2⤵
  PID:8980
- C:\Windows\System\BJZWGDC.exe
  C:\Windows\System\BJZWGDC.exe
  2⤵
  PID:8336
- C:\Windows\System\VzAiOEt.exe
  C:\Windows\System\VzAiOEt.exe
  2⤵
  PID:7260
- C:\Windows\System\VHqAQIo.exe
  C:\Windows\System\VHqAQIo.exe
  2⤵
  PID:14360
- C:\Windows\System\cVZULqL.exe
  C:\Windows\System\cVZULqL.exe
  2⤵
  PID:14388
- C:\Windows\System\HqdirJu.exe
  C:\Windows\System\HqdirJu.exe
  2⤵
  PID:14440
- C:\Windows\System\WyfJUcl.exe
  C:\Windows\System\WyfJUcl.exe
  2⤵
  PID:14460
- C:\Windows\System\DkDvdTv.exe
  C:\Windows\System\DkDvdTv.exe
  2⤵
  PID:14552
- C:\Windows\System\uYkNrSf.exe
  C:\Windows\System\uYkNrSf.exe
  2⤵
  PID:14708
- C:\Windows\System\gxxefoW.exe
  C:\Windows\System\gxxefoW.exe
  2⤵
  PID:14724
- C:\Windows\System\zWbUfPo.exe
  C:\Windows\System\zWbUfPo.exe
  2⤵
  PID:14756
- C:\Windows\System\lXZWJgM.exe
  C:\Windows\System\lXZWJgM.exe
  2⤵
  PID:14784
- C:\Windows\System\uaNVfFh.exe
  C:\Windows\System\uaNVfFh.exe
  2⤵
  PID:14812
- C:\Windows\System\pksDfKW.exe
  C:\Windows\System\pksDfKW.exe
  2⤵
  PID:14840
- C:\Windows\System\ahfDONQ.exe
  C:\Windows\System\ahfDONQ.exe
  2⤵
  PID:14868
- C:\Windows\System\EgUWQRu.exe
  C:\Windows\System\EgUWQRu.exe
  2⤵
  PID:14896
- C:\Windows\System\ElFsVYX.exe
  C:\Windows\System\ElFsVYX.exe
  2⤵
  PID:14924
- C:\Windows\System\YrUEgEk.exe
  C:\Windows\System\YrUEgEk.exe
  2⤵
  PID:14952
- C:\Windows\System\bbkjwtp.exe
  C:\Windows\System\bbkjwtp.exe
  2⤵
  PID:14980
- C:\Windows\System\rYHkJqL.exe
  C:\Windows\System\rYHkJqL.exe
  2⤵
  PID:15008
- C:\Windows\System\kDWzPSM.exe
  C:\Windows\System\kDWzPSM.exe
  2⤵
  PID:15036
- C:\Windows\System\PLaHLBl.exe
  C:\Windows\System\PLaHLBl.exe
  2⤵
  PID:15064
- C:\Windows\System\IxdVxxn.exe
  C:\Windows\System\IxdVxxn.exe
  2⤵
  PID:15096
- C:\Windows\System\dIWJzkw.exe
  C:\Windows\System\dIWJzkw.exe
  2⤵
  PID:15120
- C:\Windows\System\bBAxWkT.exe
  C:\Windows\System\bBAxWkT.exe
  2⤵
  PID:15164
- C:\Windows\System\UHneaYq.exe
  C:\Windows\System\UHneaYq.exe
  2⤵
  PID:15180
- C:\Windows\System\uwQKEZd.exe
  C:\Windows\System\uwQKEZd.exe
  2⤵
  PID:15208
- C:\Windows\System\ZxpDXVM.exe
  C:\Windows\System\ZxpDXVM.exe
  2⤵
  PID:15240
- C:\Windows\System\qQyglhD.exe
  C:\Windows\System\qQyglhD.exe
  2⤵
  PID:15296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\Bokcucf.exe

Filesize
6.0MB

MD5
771632a3ca9b30a135e3c77bcf7b53c0

SHA1
720a0037ed4e5bbcd6701690ce6214ad7b2d5324

SHA256
6cbe97d19bd36916dc07eabbb28655d1fc1f4fef0a85e146fcb74515c5cd5b7b

SHA512
3ffe9675f469d2b42194254660f5e533b5f7b44d09bcbe9799b581945c7c53613c0aa481b82a3d5171570b333fbbd3edf846d5821138170f5fc1ec03cf89fa87

Download Submit
C:\Windows\System\DaVSYwg.exe

Filesize
6.0MB

MD5
1b0b8e8be88d3f94acce3717e230e61c

SHA1
ca3d2200221572d3e03b1e26d5321233bcfa7d90

SHA256
73283286c08c9d8a6a3e7c1c7c15fdc236a36d13b1a6c561eea2779b0160f798

SHA512
241df382978f25970de49d90717ff8ae579c7d58c14b8cdb144f9741a285a5d64087831cc862e00db1bd1be02a72c2b0c5302b6c2985e2d45ef201a3315413ff

Download Submit
C:\Windows\System\GBfqfbn.exe

Filesize
6.0MB

MD5
c5f1608a99842c23cf2d89f1e218dae2

SHA1
de483702b3d413511970ede9d3f6269d520a0920

SHA256
6a9d4acd670e7e95c85d937fa3bd6a3917d445a1b01397aebc16af1d44727fd6

SHA512
ac636ec88fe97d0ef7e3a062210de444cc65c815adfb1f80c8a904260996d8e985eb3d004cce93dd9e5747bdb3993063abc39fea588eb9ac33f8a0f590c07e00

Download Submit
C:\Windows\System\GYXoqqq.exe

Filesize
6.0MB

MD5
c9ea10914ae3c092e5e745efeaa79786

SHA1
0c4dda1c6f0e0e82482ec13c592f3e5d37d0605e

SHA256
2182ee34bdffdaa7ad297fd9538e2ade5651e12603d45943bc7f18ffb460b70b

SHA512
d1458553f6897459881e4d315786d9d6dabf9f49b03f54eca44bc72e39eab0b45bdd7be17756d6c3db9112db01cd8d4ecce56321796c2b34bcfacef3175f2325

Download Submit
C:\Windows\System\KGtjDRb.exe

Filesize
6.0MB

MD5
2a16f97189f4ec2ae93729f954c2d404

SHA1
bf6ebb43cc2afd8addf082b19b2bb6c397e5578d

SHA256
f61db56247bd2d7088e305c0a0a45be32367a8b56e529f09afaccf5220b97be1

SHA512
cb382ed418af73b82be01d953648423cd1c60e5d6ab429fac784d33f034033131539a53c9493a8faa33c872c2b1a997c3cf7ccc903d4f3de2e4e9c588b8a1e12

Download Submit
C:\Windows\System\KKSnpAI.exe

Filesize
6.0MB

MD5
e05310287965ddceb00e7df27b62b911

SHA1
93de04e3657405cfed65bc98da9dd9593fd43f75

SHA256
a9045b85eacf72442232bf6c80ca9f94be68a9a676bacf4913f6bba242c7802e

SHA512
88bc4d77d34fde94314c81040f781270353f9cc6466b9a327eb45f49d794fe189d69436a0478b9b94b4d6c5da35417b087c542900421bfb0b13222615efd8a16

Download Submit
C:\Windows\System\NSPfown.exe

Filesize
6.0MB

MD5
cb422a052f856b52e6fe4b345c4255e7

SHA1
96de6e761021b0959e8655c07c50623e0d3f0f2d

SHA256
306d05d26eff205f3d36a0c7828c6cdee786641ea1592cafcb1613cac0a9834a

SHA512
4fd483ccef8ee2e5e5187637443be9e9a391c8250895221f79ac62c92ea2551ce565b279448619dfdef34a5da75be65cfe2e7332e5424a6bb63b7d06e5888c75

Download Submit
C:\Windows\System\RNJepLI.exe

Filesize
6.0MB

MD5
bcc83f1f8cf6458d1a6638f8b85fa7e6

SHA1
632d63135217e92c3d443847def98f46ddade873

SHA256
9869e97cc4ea9a73e0da7f17f065e9dc279e05e1b9f56d225ed2a2a9a4c8c777

SHA512
9b4f80be51ded9defbc67ad77c9b4b9d5c721c15e4ad4cda07bf1ac4f8ccd8a2d6ffd0965f9330729b2c3572530c97510155f0029c416232027cb7a99b4f0979

Download Submit
C:\Windows\System\TpbCxXX.exe

Filesize
6.0MB

MD5
63a3594eefc383526e6aedb2a22d9844

SHA1
46cb80d7df23c7bb0ec96c50f7fc63e98363912b

SHA256
147de9058ca1a7479a48b08ba7bf5faa2d0c81968bcdf652a5e316fd1fd6580b

SHA512
cfcf730b8467d4f0f18e6f32caca03552db7fae57f2edf3b5fffbd0456f77e03a8de0c2245f2a50658c7a130455fe320b48fccab63c7de1e90ec9496ff7f07ba

Download Submit
C:\Windows\System\UZGohJj.exe

Filesize
6.0MB

MD5
050d78cf6fcccabfaacf224d8cdbcc9e

SHA1
891cad8efd2730f27b966ffabd54e6de0b49bf31

SHA256
fe8d3f0c0099d33fd6e300b95970ee6a38bd16b9ca2c00f6d1b7f950e2dd60a5

SHA512
69497c969e47546b088b1ca2cd7e6e0c6f4b64f4bbef41bab39cc5bd19d7003f57900430efc5814899d8409cfeb1c21add8ba29b4df0d7e42f45123177ad40aa

Download Submit
C:\Windows\System\VCaSqBL.exe

Filesize
6.0MB

MD5
890a2788520ac2eea9dd53aa9eb1c8bf

SHA1
98b8cdc22639d922f76536e2a1a6d2c4df6a4c79

SHA256
8ff8ba5a9b42894223fb81841f81a73dfb37b88af1e6299d128e91fbed06bc0a

SHA512
7353fba436629db4404aec3a749cbf229a604945c457a7724dd678266ce97ba0b859022599b7247b98b6cd5568031591c6f78ff87af101a7c77fd5c42ae88d4c

Download Submit
C:\Windows\System\ZMDLZCL.exe

Filesize
6.0MB

MD5
954d2d4b07480bf0a33d6a306a316e66

SHA1
fe2a571a40f8f4ddfc1d960b9f589d60a2da5345

SHA256
642f4ff3f83314a72358c57a0f58d8e2d25eaca7b68d9f8c7f143b1ae78bed3c

SHA512
5c33201b0b7116f847b6481971cf60b3eb3c74ef420cde4b76f2dfe64b6586e64de842e5528106efb2dcaac059206cdda284d9311a8e518483a05d16429fec4b

Download Submit
C:\Windows\System\Zouzchz.exe

Filesize
6.0MB

MD5
665b2f65a451fe70bdcc27ecdba0a72b

SHA1
813e41d7561da692b646ad606dfb2f8eddb340ed

SHA256
24c2bba3fadd8c61b5247aff70d3abe7a3a9505226d38ef2d3d1942c9f5e3779

SHA512
3a57787201635dc9bd2c0227c68f1754bfaf83d82796d4c5beb571a49ba146965c41545b4b1c14084e659d06ba63f36c073d4213377ac332eb699dc85419e933

Download Submit
C:\Windows\System\ahQCwQI.exe

Filesize
6.0MB

MD5
6cb8537e3874a2928bdfe5e84a0f0b1a

SHA1
eca0a2fec0b6e0dfea01ef4a1d798041ad2f6583

SHA256
556f4cecd8dbd8527ed98097f169a9e926092b84243c3e2f404ce8fd71183856

SHA512
83b50f7aefbaf3fd8e879ea6e962ee511df27c3fe560b419d5315b28035c8a02d370fb82399e281d8ee8bde52d3e6b8bb762c4db6ba7c63ae6dd85905580f466

Download Submit
C:\Windows\System\bOfYTia.exe

Filesize
6.0MB

MD5
10bf06a648ef550e53dcdad03ac0f7fa

SHA1
c66da0b1dc5964ba1d2481289b3920b58083edcc

SHA256
0fcd9affb5e53f43b068b34c4cc52cad5ea22d2fa69b229707d54e63669ba1a0

SHA512
53f2659a51b683675d3c0e1f99f5dcf9bd48dabad507167cad61d501f24a33e64671bba3249bb4a012b7a63d34e23a621b7c8d639325edb142975e5dc1d94961

Download Submit
C:\Windows\System\btMnyzU.exe

Filesize
6.0MB

MD5
be16ec02123c83b58664fdbd029dac92

SHA1
94654debc022d43bb4c1cf102295e08426e7effa

SHA256
c6d0e2039567113eb542966cf95f9ffe90829d5fa39d459307189e0afa273bb3

SHA512
8e09712f421285679264dfd0c5236df020d3b3ccd0a709c1dc16faf0fa7d66f806abefc7eb6ce352ff3fe5fb1aa88cc2c0574c2909dd82a68a3f2a3cbd7aa77e

Download Submit
C:\Windows\System\ctMLCrF.exe

Filesize
6.0MB

MD5
e5fe7c8e3ccefbecfc9f217f523c275c

SHA1
d827d6eac74e1334d09e7bdba2e8ab153b1c40fd

SHA256
508bc60415d2efd56973bd52b3e41bbccd0bd691633642afb4cb4e71738f1e06

SHA512
eb0842a90d2f0ee38aa4cebdaaf8e0ac3be460559447eea3b4fc02d97fb3284f2e04ecf45fea0471d43fc58e31573e2ce411a75cbb567f24c62f7a29f8f2702f

Download Submit
C:\Windows\System\epyTyyj.exe

Filesize
6.0MB

MD5
5085a6dc1323a92fbeaeda31fb276dd0

SHA1
5566164a51415af1a4422a740ca1d1aa20a26797

SHA256
1f1f4d4ec6abaa3acade4ee7860b10a6258252493779149c2bbf3dd8eda7184a

SHA512
46b95fbcb10dbd7e2bdd1ac845c93ba9dd1b22c2cfab3fd586cd4c6776d0894431e9806d83b29886c910cbbbb7dcc7fbe52ddca6d538138b1dc4992a2a3c2669

Download Submit
C:\Windows\System\fClxqGJ.exe

Filesize
6.0MB

MD5
f44669d900abb08d0181a55f8671e38a

SHA1
fabbde2db9377ab1b1c7176ee312bee0c631ddab

SHA256
63168d26eed505239ae6f67631572124020ad24e458a40ece237688c6b4c4e9d

SHA512
111f85fe3ef6223ab21ed7b56dfcc6b65671564dee2be407f8389858f21fe55714003f65f5077806c720224ee5802f983080919c4db21c1d8fcae0c3652be780

Download Submit
C:\Windows\System\gQsfSEJ.exe

Filesize
6.0MB

MD5
ee301b39f0095b33c9d42a6183222cf4

SHA1
245a343a234e9dacac92eb8971a5306ffd0213d4

SHA256
32a4dfdb9f0b5827240e861afb5b77df9d72dcaafbf446e4ef4a79b557f1fa5e

SHA512
8d64ae917fe0f8543e954281eea4a3c2a4f99973528453b10025e717352618f1cb35307c172ee6ad9cb0a352b2ddef410b7af6fe89ac2fcecd9ee55cc862c51d

Download Submit
C:\Windows\System\jCDKntA.exe

Filesize
6.0MB

MD5
bb8b4794f9ecbf6fb3161310a7cb7927

SHA1
091022e79e025930a70009ae029b0ec7ac04206f

SHA256
975cf934208686f0ac27099077271e209c883674a16cf31eb0f64c10a3d99538

SHA512
f8cb0ed1cb735205c6c4dd7fa443ffedf6ca9bb1387d2d5b47e3452faf8058940c98b46ac6605afb2307d6eaa1f4b05d912214e0c0d832ec5109d48bad0cd943

Download Submit
C:\Windows\System\jskdSFN.exe

Filesize
6.0MB

MD5
c6a91ebe2e65ad1128ff9f06ebfe93bb

SHA1
411351467de9c691c95a1150bfc7992c8ac23306

SHA256
92185c79fbea5c2bd238e0421b1826381fac9efe88bc6abbed077a313df01f6b

SHA512
0d160b08c947032533b276267ebb587b2c9e9263fd0e02b8a9dc24910bcbee42bafdbc8294540378c4acf023d0272b546dbacef8ad4c43d5d8c84ce4d876cd02

Download Submit
C:\Windows\System\kTVdodx.exe

Filesize
6.0MB

MD5
e0fb0e65d4f29b57d0f8e9a94517601a

SHA1
bf9095b0eca20dbd01d4ec40baaead811bc90751

SHA256
c5057bd578dc998dd36098135d81a27e41af7aa35e51b95a32966030fe528b5e

SHA512
95c3bb709e88e5466b9b54b9368201ee552cced49d06c42ba195c859b824b6d05ce32e4d0fc89201f4846a60da74781fb2d80c1ed91a57bb6f3fbe344abfca6f

Download Submit
C:\Windows\System\lykeBMJ.exe

Filesize
6.0MB

MD5
8ea919a5fe3210d517fe1f70679c19ce

SHA1
912528402b49dee86ef1582bc9fb77c97b1c4103

SHA256
8e5591b006291ff2d202d58020bd573d7a77938617630290964f0e9b0ae6f060

SHA512
e7116899b5cf1e4fc0320e2104b8d2ca7d44589e8f3e3370bb9656c9f6062537a06aa1dead1bbdb808723664c8a1635ce79ca49a410637bd55b51a10435bca86

Download Submit
C:\Windows\System\nminUJw.exe

Filesize
6.0MB

MD5
7eb60cc1c97e76b5aa9cebbb572d68fe

SHA1
72fbdd4104043d3625d1be9f71d049fe133b9343

SHA256
b8336f9c7ba674a6907a970f196a82b39834eb13db5011ff96dc6aa5c94814eb

SHA512
c4839859ee7614b3538f13ac8259903ae36f6dee22635f8da08815cf31b15869cb3fb2f12f6c35ad139c8580dec880b190f55b020ed58456baf5c95ce1515fe9

Download Submit
C:\Windows\System\pqUZtxA.exe

Filesize
6.0MB

MD5
0fe0d8b5f6da8ad1772e602a4cd2ffc6

SHA1
d2562d11dee46869229f89b800a7db1a292fe7b7

SHA256
dfd21ee86c73cfbb795e2c051b15f508ea88f5c33efd89ace3db65525151dabd

SHA512
adb8278e76a9ba21953bd5cd7de72986d14c381a508018ffdaaf56404e6ce07629f600e0e75cfd4240a15c836e1460ad7c69711ee08170f363b66cf8baa0c0a3

Download Submit
C:\Windows\System\qvvZznq.exe

Filesize
6.0MB

MD5
ff27370bbadd738115fd1cdc7c811ac8

SHA1
a6eb7fbc541d53692c830385445c67aafde89f03

SHA256
5e09b61a58c930b7c44791e1eecff6f921c4ade9d1fae0ac895bac1e43070853

SHA512
02f57e3268ff60f55a1a0674ded1dd4382227b36b2346fcf2d0b8b4fc921cf72eb99e5a0974b4e4e89cf70844cfa53c9b671ab21ec0b762f13c33daec2033dfa

Download Submit
C:\Windows\System\sDtjDMz.exe

Filesize
6.0MB

MD5
e137cc2cfb15704b8627629a0a171806

SHA1
a6a9e406814826ffb3997f2093045b91466ba2cb

SHA256
0a2bfee98a32e0b71bcc09a6aec305c743136d7d718d72a04e08317afc5d2ffe

SHA512
0a2142cfdd05c911ecb51a25462a58ab8528d1f34bad2d3121f6fd187a7673fb9eb3a8920dbd7dd338081324b6049227a1e1a0c3db10d91058bfc361e0ab8af5

Download Submit
C:\Windows\System\vpVDIRT.exe

Filesize
6.0MB

MD5
c6557908f2eeb9e574c03179ce1e4435

SHA1
88c5e8d676faf6f768186a3bd0f54d125edac19f

SHA256
0febface1152e8d45bb0b8c92a4477af620a4dfd6169844d046263507d751e85

SHA512
fe491e21e3626593afc4cfaf9ce3cda67144f612595adad806a2ac9c9cf6c3cc60157f32a4b33c39a4ebb0906deacb6d512fd0b0d67a08ebb1b8db17f7557782

Download Submit
C:\Windows\System\xohypGT.exe

Filesize
6.0MB

MD5
da0bb002e9ac420ed5908b93cb37e015

SHA1
abe6495e0ea91d7007c261db44c2fe828dcc868c

SHA256
3b41fca49ab6a8d2af0a1eb2326d3f077082951eb76e88da36f7b3e1c8b45243

SHA512
fff633f18cf85f8659e87d42e437c2b9424c148a303bbe31d73e48eba88b1400ce77fa67f06a3031d31b21d29949d254a186b53d577124d7fbb46a240d30566f

Download Submit
C:\Windows\System\ydAtncf.exe

Filesize
6.0MB

MD5
db6e363e21f1a94740756ea4a6e410f7

SHA1
73461dcfa56ca742740bf6f4bc4ab7dae9b617f4

SHA256
8f31cb4d306386472835365d4f30d3d48863a9be4d8c14a159a6ebbc7f86d342

SHA512
50b0b2905f79c52f97edf5d79427ae7e41047186ec072ef06e9f2fbfd076e2e74b60a04105b265e2c3d88cab1163f45fa007f0ba53a48bec0510a19471153aa4

Download Submit
C:\Windows\System\zOyMIIG.exe

Filesize
6.0MB

MD5
285a8c66aa1794f88b6d6aad5f1fac5f

SHA1
9d99ea38b0c2b7e49e04eba7a17887dc45729d53

SHA256
0659731715e9c6f6853b17440657ef7bae7b2a0165f7736369cef2a5f167c28c

SHA512
ba59c5ffa86ebb6ef634001a8cf56794735215b010e8d34a63441ef0769fad58f42f7360836dcf23c319b8e94b5dec9dd96374ba3d61a04a5ada0fc2b70f19d9

Download Submit
memory/316-156-0x00007FF7E0EC0000-0x00007FF7E1214000-memory.dmp

Filesize
3.3MB

Download
memory/316-96-0x00007FF7E0EC0000-0x00007FF7E1214000-memory.dmp

Filesize
3.3MB

Download
memory/316-1427-0x00007FF7E0EC0000-0x00007FF7E1214000-memory.dmp

Filesize
3.3MB

Download
memory/336-70-0x00007FF782FE0000-0x00007FF783334000-memory.dmp

Filesize
3.3MB

Download
memory/336-0-0x00007FF782FE0000-0x00007FF783334000-memory.dmp

Filesize
3.3MB

Download
memory/336-1-0x0000024BB6010000-0x0000024BB6020000-memory.dmp

Filesize
64KB

Download
memory/400-1624-0x00007FF794DB0000-0x00007FF795104000-memory.dmp

Filesize
3.3MB

Download
memory/400-111-0x00007FF794DB0000-0x00007FF795104000-memory.dmp

Filesize
3.3MB

Download
memory/688-44-0x00007FF622F10000-0x00007FF623264000-memory.dmp

Filesize
3.3MB

Download
memory/688-108-0x00007FF622F10000-0x00007FF623264000-memory.dmp

Filesize
3.3MB

Download
memory/688-1077-0x00007FF622F10000-0x00007FF623264000-memory.dmp

Filesize
3.3MB

Download
memory/852-26-0x00007FF64A5D0000-0x00007FF64A924000-memory.dmp

Filesize
3.3MB

Download
memory/852-102-0x00007FF64A5D0000-0x00007FF64A924000-memory.dmp

Filesize
3.3MB

Download
memory/852-1061-0x00007FF64A5D0000-0x00007FF64A924000-memory.dmp

Filesize
3.3MB

Download
memory/884-1371-0x00007FF7AF5F0000-0x00007FF7AF944000-memory.dmp

Filesize
3.3MB

Download
memory/884-123-0x00007FF7AF5F0000-0x00007FF7AF944000-memory.dmp

Filesize
3.3MB

Download
memory/884-54-0x00007FF7AF5F0000-0x00007FF7AF944000-memory.dmp

Filesize
3.3MB

Download
memory/920-177-0x00007FF7D47E0000-0x00007FF7D4B34000-memory.dmp

Filesize
3.3MB

Download
memory/920-416-0x00007FF7D47E0000-0x00007FF7D4B34000-memory.dmp

Filesize
3.3MB

Download
memory/920-1910-0x00007FF7D47E0000-0x00007FF7D4B34000-memory.dmp

Filesize
3.3MB

Download
memory/1028-1768-0x00007FF6FFCC0000-0x00007FF700014000-memory.dmp

Filesize
3.3MB

Download
memory/1028-140-0x00007FF6FFCC0000-0x00007FF700014000-memory.dmp

Filesize
3.3MB

Download
memory/1096-141-0x00007FF6288E0000-0x00007FF628C34000-memory.dmp

Filesize
3.3MB

Download
memory/1096-90-0x00007FF6288E0000-0x00007FF628C34000-memory.dmp

Filesize
3.3MB

Download
memory/1096-1413-0x00007FF6288E0000-0x00007FF628C34000-memory.dmp

Filesize
3.3MB

Download
memory/1428-1420-0x00007FF713110000-0x00007FF713464000-memory.dmp

Filesize
3.3MB

Download
memory/1428-94-0x00007FF713110000-0x00007FF713464000-memory.dmp

Filesize
3.3MB

Download
memory/1876-1733-0x00007FF68D7A0000-0x00007FF68DAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-184-0x00007FF68D7A0000-0x00007FF68DAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-115-0x00007FF68D7A0000-0x00007FF68DAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-97-0x00007FF684E50000-0x00007FF6851A4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-1055-0x00007FF684E50000-0x00007FF6851A4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-21-0x00007FF684E50000-0x00007FF6851A4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-95-0x00007FF612B30000-0x00007FF612E84000-memory.dmp

Filesize
3.3MB

Download
memory/2636-1424-0x00007FF612B30000-0x00007FF612E84000-memory.dmp

Filesize
3.3MB

Download
memory/2636-149-0x00007FF612B30000-0x00007FF612E84000-memory.dmp

Filesize
3.3MB

Download
memory/2760-315-0x00007FF6A5D60000-0x00007FF6A60B4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-1891-0x00007FF6A5D60000-0x00007FF6A60B4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-150-0x00007FF6A5D60000-0x00007FF6A60B4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-126-0x00007FF7EDE40000-0x00007FF7EE194000-memory.dmp

Filesize
3.3MB

Download
memory/2772-1761-0x00007FF7EDE40000-0x00007FF7EE194000-memory.dmp

Filesize
3.3MB

Download
memory/2780-2114-0x00007FF732860000-0x00007FF732BB4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-196-0x00007FF732860000-0x00007FF732BB4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-606-0x00007FF732860000-0x00007FF732BB4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-1378-0x00007FF77A740000-0x00007FF77AA94000-memory.dmp

Filesize
3.3MB

Download
memory/2944-62-0x00007FF77A740000-0x00007FF77AA94000-memory.dmp

Filesize
3.3MB

Download
memory/2944-130-0x00007FF77A740000-0x00007FF77AA94000-memory.dmp

Filesize
3.3MB

Download
memory/2964-1416-0x00007FF629180000-0x00007FF6294D4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-79-0x00007FF629180000-0x00007FF6294D4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-137-0x00007FF629180000-0x00007FF6294D4000-memory.dmp

Filesize
3.3MB

Download
memory/3208-464-0x00007FF6932F0000-0x00007FF693644000-memory.dmp

Filesize
3.3MB

Download
memory/3208-173-0x00007FF6932F0000-0x00007FF693644000-memory.dmp

Filesize
3.3MB

Download
memory/3208-1907-0x00007FF6932F0000-0x00007FF693644000-memory.dmp

Filesize
3.3MB

Download
memory/3420-13-0x00007FF77CE80000-0x00007FF77D1D4000-memory.dmp

Filesize
3.3MB

Download
memory/3420-1038-0x00007FF77CE80000-0x00007FF77D1D4000-memory.dmp

Filesize
3.3MB

Download
memory/3420-74-0x00007FF77CE80000-0x00007FF77D1D4000-memory.dmp

Filesize
3.3MB

Download
memory/3500-75-0x00007FF70E6E0000-0x00007FF70EA34000-memory.dmp

Filesize
3.3MB

Download
memory/3500-1402-0x00007FF70E6E0000-0x00007FF70EA34000-memory.dmp

Filesize
3.3MB

Download
memory/3604-226-0x00007FF71FB50000-0x00007FF71FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/3604-1780-0x00007FF71FB50000-0x00007FF71FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/3604-143-0x00007FF71FB50000-0x00007FF71FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/3624-33-0x00007FF756CC0000-0x00007FF757014000-memory.dmp

Filesize
3.3MB

Download
memory/3624-1067-0x00007FF756CC0000-0x00007FF757014000-memory.dmp

Filesize
3.3MB

Download
memory/3624-107-0x00007FF756CC0000-0x00007FF757014000-memory.dmp

Filesize
3.3MB

Download
memory/3632-1078-0x00007FF6B10E0000-0x00007FF6B1434000-memory.dmp

Filesize
3.3MB

Download
memory/3632-49-0x00007FF6B10E0000-0x00007FF6B1434000-memory.dmp

Filesize
3.3MB

Download
memory/3864-142-0x00007FF6C90B0000-0x00007FF6C9404000-memory.dmp

Filesize
3.3MB

Download
memory/3864-1775-0x00007FF6C90B0000-0x00007FF6C9404000-memory.dmp

Filesize
3.3MB

Download
memory/3912-1911-0x00007FF653B10000-0x00007FF653E64000-memory.dmp

Filesize
3.3MB

Download
memory/3912-178-0x00007FF653B10000-0x00007FF653E64000-memory.dmp

Filesize
3.3MB

Download
memory/3912-509-0x00007FF653B10000-0x00007FF653E64000-memory.dmp

Filesize
3.3MB

Download
memory/3916-162-0x00007FF6C7310000-0x00007FF6C7664000-memory.dmp

Filesize
3.3MB

Download
memory/3916-413-0x00007FF6C7310000-0x00007FF6C7664000-memory.dmp

Filesize
3.3MB

Download
memory/3916-1899-0x00007FF6C7310000-0x00007FF6C7664000-memory.dmp

Filesize
3.3MB

Download
memory/4800-1043-0x00007FF6C20F0000-0x00007FF6C2444000-memory.dmp

Filesize
3.3MB

Download
memory/4800-14-0x00007FF6C20F0000-0x00007FF6C2444000-memory.dmp

Filesize
3.3MB

Download
memory/4844-42-0x00007FF709380000-0x00007FF7096D4000-memory.dmp

Filesize
3.3MB

Download
memory/4844-1073-0x00007FF709380000-0x00007FF7096D4000-memory.dmp

Filesize
3.3MB

Download
memory/4844-103-0x00007FF709380000-0x00007FF7096D4000-memory.dmp

Filesize
3.3MB

Download
memory/5100-1900-0x00007FF7237A0000-0x00007FF723AF4000-memory.dmp

Filesize
3.3MB

Download
memory/5100-157-0x00007FF7237A0000-0x00007FF723AF4000-memory.dmp

Filesize
3.3MB

Download
memory/5100-364-0x00007FF7237A0000-0x00007FF723AF4000-memory.dmp

Filesize
3.3MB

Download