cobaltstrike | f97d55fb08db907fe58c917a124d7fd352903b499dfda8d6a7ebada7472c1f35

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/01/2025, 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

94a178d4b111afe03ec594b84783e8ce
SHA1

1a297359fe495306242b0992bc44cfa215fb7c3f
SHA256

f97d55fb08db907fe58c917a124d7fd352903b499dfda8d6a7ebada7472c1f35
SHA512

9e0eeb450859abe541f3b7309486a5e50962f157bf09561d7317468ee109dfe68d638eb23a3eeddf10e0d3ab2b081e2e3fb42b45c9c88ed2c0e93f28cfe228e2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b4f-5.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b54-10.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b50-21.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b53-15.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b55-28.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b56-34.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b57-39.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b58-47.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b59-54.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b5b-59.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b5c-64.dat	cobalt_reflective_dll
behavioral2/files/0x0031000000023b5d-77.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b60-94.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b62-101.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b63-112.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b65-122.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6f-174.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b72-181.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b70-179.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b71-176.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6e-166.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6d-162.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6c-158.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6b-151.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b6a-147.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b69-141.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b68-137.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b67-131.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b66-127.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b64-116.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b61-102.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b5f-92.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b5e-84.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3040-0-0x00007FF74C660000-0x00007FF74C9B4000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b4f-5.dat	xmrig
behavioral2/memory/3544-6-0x00007FF6F6DC0000-0x00007FF6F7114000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b54-10.dat	xmrig
behavioral2/files/0x000b000000023b50-21.dat	xmrig
behavioral2/memory/2028-24-0x00007FF638060000-0x00007FF6383B4000-memory.dmp	xmrig
behavioral2/memory/3608-22-0x00007FF74B010000-0x00007FF74B364000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b53-15.dat	xmrig
behavioral2/memory/3480-14-0x00007FF6337E0000-0x00007FF633B34000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b55-28.dat	xmrig
behavioral2/memory/2128-30-0x00007FF619BD0000-0x00007FF619F24000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b56-34.dat	xmrig
behavioral2/files/0x000a000000023b57-39.dat	xmrig
behavioral2/files/0x000a000000023b58-47.dat	xmrig
behavioral2/memory/1592-48-0x00007FF6F11E0000-0x00007FF6F1534000-memory.dmp	xmrig
behavioral2/memory/4580-44-0x00007FF6DB5D0000-0x00007FF6DB924000-memory.dmp	xmrig
behavioral2/memory/2024-36-0x00007FF6A8A00000-0x00007FF6A8D54000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b59-54.dat	xmrig
behavioral2/memory/2708-56-0x00007FF7DBAB0000-0x00007FF7DBE04000-memory.dmp	xmrig
behavioral2/files/0x0031000000023b5b-59.dat	xmrig
behavioral2/files/0x0031000000023b5c-64.dat	xmrig
behavioral2/memory/3608-74-0x00007FF74B010000-0x00007FF74B364000-memory.dmp	xmrig
behavioral2/memory/3004-75-0x00007FF620B20000-0x00007FF620E74000-memory.dmp	xmrig
behavioral2/files/0x0031000000023b5d-77.dat	xmrig
behavioral2/memory/3480-73-0x00007FF6337E0000-0x00007FF633B34000-memory.dmp	xmrig
behavioral2/memory/4380-82-0x00007FF7BC120000-0x00007FF7BC474000-memory.dmp	xmrig
behavioral2/memory/2028-88-0x00007FF638060000-0x00007FF6383B4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b60-94.dat	xmrig
behavioral2/files/0x000a000000023b62-101.dat	xmrig
behavioral2/files/0x000a000000023b63-112.dat	xmrig
behavioral2/files/0x000a000000023b65-122.dat	xmrig
behavioral2/files/0x000a000000023b6f-174.dat	xmrig
behavioral2/memory/3696-552-0x00007FF7F1D20000-0x00007FF7F2074000-memory.dmp	xmrig
behavioral2/memory/2056-557-0x00007FF7D2A20000-0x00007FF7D2D74000-memory.dmp	xmrig
behavioral2/memory/4680-561-0x00007FF64E820000-0x00007FF64EB74000-memory.dmp	xmrig
behavioral2/memory/1524-564-0x00007FF7A5C50000-0x00007FF7A5FA4000-memory.dmp	xmrig
behavioral2/memory/2724-569-0x00007FF790600000-0x00007FF790954000-memory.dmp	xmrig
behavioral2/memory/2312-572-0x00007FF748DA0000-0x00007FF7490F4000-memory.dmp	xmrig
behavioral2/memory/2124-577-0x00007FF6BEAF0000-0x00007FF6BEE44000-memory.dmp	xmrig
behavioral2/memory/2128-576-0x00007FF619BD0000-0x00007FF619F24000-memory.dmp	xmrig
behavioral2/memory/1232-575-0x00007FF7487C0000-0x00007FF748B14000-memory.dmp	xmrig
behavioral2/memory/692-574-0x00007FF767440000-0x00007FF767794000-memory.dmp	xmrig
behavioral2/memory/4648-573-0x00007FF719220000-0x00007FF719574000-memory.dmp	xmrig
behavioral2/memory/1416-571-0x00007FF732B30000-0x00007FF732E84000-memory.dmp	xmrig
behavioral2/memory/1944-568-0x00007FF730E50000-0x00007FF7311A4000-memory.dmp	xmrig
behavioral2/memory/2876-566-0x00007FF79C0A0000-0x00007FF79C3F4000-memory.dmp	xmrig
behavioral2/memory/3648-563-0x00007FF639700000-0x00007FF639A54000-memory.dmp	xmrig
behavioral2/memory/1236-558-0x00007FF715820000-0x00007FF715B74000-memory.dmp	xmrig
behavioral2/memory/4256-556-0x00007FF74B240000-0x00007FF74B594000-memory.dmp	xmrig
behavioral2/memory/2024-581-0x00007FF6A8A00000-0x00007FF6A8D54000-memory.dmp	xmrig
behavioral2/memory/4580-643-0x00007FF6DB5D0000-0x00007FF6DB924000-memory.dmp	xmrig
behavioral2/memory/1592-703-0x00007FF6F11E0000-0x00007FF6F1534000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b72-181.dat	xmrig
behavioral2/files/0x000a000000023b70-179.dat	xmrig
behavioral2/memory/2708-759-0x00007FF7DBAB0000-0x00007FF7DBE04000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b71-176.dat	xmrig
behavioral2/files/0x000a000000023b6e-166.dat	xmrig
behavioral2/files/0x000a000000023b6d-162.dat	xmrig
behavioral2/files/0x000a000000023b6c-158.dat	xmrig
behavioral2/memory/4660-823-0x00007FF7273C0000-0x00007FF727714000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b6b-151.dat	xmrig
behavioral2/files/0x000a000000023b6a-147.dat	xmrig
behavioral2/files/0x000a000000023b69-141.dat	xmrig
behavioral2/files/0x000a000000023b68-137.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3544	pVJORbJ.exe
3480	vVyxpfP.exe
3608	qufyAst.exe
2028	bDvhPrD.exe
2128	rWThaOh.exe
2024	khoEYSy.exe
4580	LPiaKrn.exe
1592	khshcQc.exe
2708	LkpZFNG.exe
4660	QoRPAYP.exe
4708	UIgyufe.exe
3004	iiueYCD.exe
4380	GFANfcb.exe
3696	mXUdloV.exe
2124	fVamkDp.exe
4256	xAfKjlD.exe
2056	MjoRkOL.exe
1236	GBJSKMS.exe
4680	CKiKYSi.exe
3648	mzCDWdn.exe
1524	RvnZiYE.exe
2876	RLLuXRU.exe
1944	DMYQXtX.exe
2724	seyyDoA.exe
1416	jmEzPYS.exe
2312	lEGGsLn.exe
4648	OQpQEUe.exe
692	MZTYYXp.exe
1232	gKIXelj.exe
2368	HnstYtt.exe
2584	UyumzGA.exe
3884	WJaGvIJ.exe
1456	cUxPRHh.exe
1540	IgsCQYe.exe
4792	iJpFeTC.exe
3936	kETCwYz.exe
3800	fLNKIih.exe
4144	FjVplCK.exe
3652	CjWjvVQ.exe
5040	kErvHOr.exe
2828	xmjVqBk.exe
5056	iXaCANB.exe
2516	hwBeqDc.exe
2132	quTtdFj.exe
1552	HaSKuYD.exe
4596	IEVKcXM.exe
2052	HFLgtvl.exe
5084	PGqzEFX.exe
3508	GUsXgTS.exe
4492	amzxEuf.exe
432	GQwhwam.exe
536	TSwePJn.exe
1536	SYtokkK.exe
3660	JPNtDLn.exe
1072	TKoDKcB.exe
4992	krbXOvM.exe
4588	FtXHgBk.exe
640	ngWvBov.exe
4472	TEORgTC.exe
2796	fSlcaKh.exe
5096	EAhTBWZ.exe
4704	ayokCXm.exe
2000	vYkCcUo.exe
3596	ZMiYphA.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3040-0-0x00007FF74C660000-0x00007FF74C9B4000-memory.dmp	upx
behavioral2/files/0x000c000000023b4f-5.dat	upx
behavioral2/memory/3544-6-0x00007FF6F6DC0000-0x00007FF6F7114000-memory.dmp	upx
behavioral2/files/0x000a000000023b54-10.dat	upx
behavioral2/files/0x000b000000023b50-21.dat	upx
behavioral2/memory/2028-24-0x00007FF638060000-0x00007FF6383B4000-memory.dmp	upx
behavioral2/memory/3608-22-0x00007FF74B010000-0x00007FF74B364000-memory.dmp	upx
behavioral2/files/0x000a000000023b53-15.dat	upx
behavioral2/memory/3480-14-0x00007FF6337E0000-0x00007FF633B34000-memory.dmp	upx
behavioral2/files/0x000a000000023b55-28.dat	upx
behavioral2/memory/2128-30-0x00007FF619BD0000-0x00007FF619F24000-memory.dmp	upx
behavioral2/files/0x000a000000023b56-34.dat	upx
behavioral2/files/0x000a000000023b57-39.dat	upx
behavioral2/files/0x000a000000023b58-47.dat	upx
behavioral2/memory/1592-48-0x00007FF6F11E0000-0x00007FF6F1534000-memory.dmp	upx
behavioral2/memory/4580-44-0x00007FF6DB5D0000-0x00007FF6DB924000-memory.dmp	upx
behavioral2/memory/2024-36-0x00007FF6A8A00000-0x00007FF6A8D54000-memory.dmp	upx
behavioral2/files/0x000a000000023b59-54.dat	upx
behavioral2/memory/2708-56-0x00007FF7DBAB0000-0x00007FF7DBE04000-memory.dmp	upx
behavioral2/files/0x0031000000023b5b-59.dat	upx
behavioral2/files/0x0031000000023b5c-64.dat	upx
behavioral2/memory/3608-74-0x00007FF74B010000-0x00007FF74B364000-memory.dmp	upx
behavioral2/memory/3004-75-0x00007FF620B20000-0x00007FF620E74000-memory.dmp	upx
behavioral2/files/0x0031000000023b5d-77.dat	upx
behavioral2/memory/3480-73-0x00007FF6337E0000-0x00007FF633B34000-memory.dmp	upx
behavioral2/memory/4380-82-0x00007FF7BC120000-0x00007FF7BC474000-memory.dmp	upx
behavioral2/memory/2028-88-0x00007FF638060000-0x00007FF6383B4000-memory.dmp	upx
behavioral2/files/0x000a000000023b60-94.dat	upx
behavioral2/files/0x000a000000023b62-101.dat	upx
behavioral2/files/0x000a000000023b63-112.dat	upx
behavioral2/files/0x000a000000023b65-122.dat	upx
behavioral2/files/0x000a000000023b6f-174.dat	upx
behavioral2/memory/3696-552-0x00007FF7F1D20000-0x00007FF7F2074000-memory.dmp	upx
behavioral2/memory/2056-557-0x00007FF7D2A20000-0x00007FF7D2D74000-memory.dmp	upx
behavioral2/memory/4680-561-0x00007FF64E820000-0x00007FF64EB74000-memory.dmp	upx
behavioral2/memory/1524-564-0x00007FF7A5C50000-0x00007FF7A5FA4000-memory.dmp	upx
behavioral2/memory/2724-569-0x00007FF790600000-0x00007FF790954000-memory.dmp	upx
behavioral2/memory/2312-572-0x00007FF748DA0000-0x00007FF7490F4000-memory.dmp	upx
behavioral2/memory/2124-577-0x00007FF6BEAF0000-0x00007FF6BEE44000-memory.dmp	upx
behavioral2/memory/2128-576-0x00007FF619BD0000-0x00007FF619F24000-memory.dmp	upx
behavioral2/memory/1232-575-0x00007FF7487C0000-0x00007FF748B14000-memory.dmp	upx
behavioral2/memory/692-574-0x00007FF767440000-0x00007FF767794000-memory.dmp	upx
behavioral2/memory/4648-573-0x00007FF719220000-0x00007FF719574000-memory.dmp	upx
behavioral2/memory/1416-571-0x00007FF732B30000-0x00007FF732E84000-memory.dmp	upx
behavioral2/memory/1944-568-0x00007FF730E50000-0x00007FF7311A4000-memory.dmp	upx
behavioral2/memory/2876-566-0x00007FF79C0A0000-0x00007FF79C3F4000-memory.dmp	upx
behavioral2/memory/3648-563-0x00007FF639700000-0x00007FF639A54000-memory.dmp	upx
behavioral2/memory/1236-558-0x00007FF715820000-0x00007FF715B74000-memory.dmp	upx
behavioral2/memory/4256-556-0x00007FF74B240000-0x00007FF74B594000-memory.dmp	upx
behavioral2/memory/2024-581-0x00007FF6A8A00000-0x00007FF6A8D54000-memory.dmp	upx
behavioral2/memory/4580-643-0x00007FF6DB5D0000-0x00007FF6DB924000-memory.dmp	upx
behavioral2/memory/1592-703-0x00007FF6F11E0000-0x00007FF6F1534000-memory.dmp	upx
behavioral2/files/0x000a000000023b72-181.dat	upx
behavioral2/files/0x000a000000023b70-179.dat	upx
behavioral2/memory/2708-759-0x00007FF7DBAB0000-0x00007FF7DBE04000-memory.dmp	upx
behavioral2/files/0x000a000000023b71-176.dat	upx
behavioral2/files/0x000a000000023b6e-166.dat	upx
behavioral2/files/0x000a000000023b6d-162.dat	upx
behavioral2/files/0x000a000000023b6c-158.dat	upx
behavioral2/memory/4660-823-0x00007FF7273C0000-0x00007FF727714000-memory.dmp	upx
behavioral2/files/0x000a000000023b6b-151.dat	upx
behavioral2/files/0x000a000000023b6a-147.dat	upx
behavioral2/files/0x000a000000023b69-141.dat	upx
behavioral2/files/0x000a000000023b68-137.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YLEBgfo.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IiFemBo.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVZWAfQ.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZrSOzN.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owQDRiY.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DOjuPMc.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dyIUWmm.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezYRLGS.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zevgMsd.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkUEaOD.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HjJVGpx.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mRyVMTB.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtQSFBq.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\smTQgBR.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vFvYiGG.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rXHwkkx.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDHQNIr.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UanBkIB.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjCXBlq.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WQzKNTs.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNIdhko.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omHMSqR.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbupHIJ.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vInxjMs.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMFdkiB.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kETCwYz.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\riWirtD.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfDgGiN.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NANMkyJ.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqqOmTg.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XEgdwlh.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gtQzCRn.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kizBsga.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekDwRyF.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RHmHZyl.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuIeIUS.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYvBgYg.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mupNAqu.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XeSkPwI.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yUqXxyf.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmgPPvt.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RlGqxPl.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLUPfjH.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JZAFvuu.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EbUuioY.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vOMnjwA.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sMZpvpG.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ljuifoV.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNIJKVr.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DCosoHp.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ncTSUAC.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aqSRshM.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\baMHphY.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cUxPRHh.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PGqzEFX.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhWRIfe.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKGyQVT.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClqDxVS.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uicoPQL.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xBZGuFh.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TeHapVk.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HJuOVti.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xlxfFmh.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMiYphA.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 3544	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3040 wrote to memory of 3544	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3040 wrote to memory of 3480	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3040 wrote to memory of 3480	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3040 wrote to memory of 3608	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3040 wrote to memory of 3608	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3040 wrote to memory of 2028	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3040 wrote to memory of 2028	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3040 wrote to memory of 2128	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3040 wrote to memory of 2128	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3040 wrote to memory of 2024	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3040 wrote to memory of 2024	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3040 wrote to memory of 4580	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3040 wrote to memory of 4580	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3040 wrote to memory of 1592	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3040 wrote to memory of 1592	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3040 wrote to memory of 2708	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3040 wrote to memory of 2708	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3040 wrote to memory of 4660	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3040 wrote to memory of 4660	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3040 wrote to memory of 4708	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3040 wrote to memory of 4708	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3040 wrote to memory of 3004	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3040 wrote to memory of 3004	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3040 wrote to memory of 4380	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3040 wrote to memory of 4380	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3040 wrote to memory of 3696	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3040 wrote to memory of 3696	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3040 wrote to memory of 2124	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3040 wrote to memory of 2124	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3040 wrote to memory of 4256	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3040 wrote to memory of 4256	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3040 wrote to memory of 2056	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3040 wrote to memory of 2056	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3040 wrote to memory of 1236	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3040 wrote to memory of 1236	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3040 wrote to memory of 4680	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3040 wrote to memory of 4680	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3040 wrote to memory of 3648	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3040 wrote to memory of 3648	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3040 wrote to memory of 1524	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3040 wrote to memory of 1524	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3040 wrote to memory of 2876	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3040 wrote to memory of 2876	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3040 wrote to memory of 1944	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3040 wrote to memory of 1944	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3040 wrote to memory of 2724	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3040 wrote to memory of 2724	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3040 wrote to memory of 1416	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3040 wrote to memory of 1416	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3040 wrote to memory of 2312	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3040 wrote to memory of 2312	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3040 wrote to memory of 4648	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3040 wrote to memory of 4648	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3040 wrote to memory of 692	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3040 wrote to memory of 692	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3040 wrote to memory of 1232	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3040 wrote to memory of 1232	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3040 wrote to memory of 2368	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3040 wrote to memory of 2368	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3040 wrote to memory of 2584	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3040 wrote to memory of 2584	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3040 wrote to memory of 3884	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3040 wrote to memory of 3884	3040	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\System\pVJORbJ.exe
  C:\Windows\System\pVJORbJ.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\vVyxpfP.exe
  C:\Windows\System\vVyxpfP.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\qufyAst.exe
  C:\Windows\System\qufyAst.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\bDvhPrD.exe
  C:\Windows\System\bDvhPrD.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\rWThaOh.exe
  C:\Windows\System\rWThaOh.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\khoEYSy.exe
  C:\Windows\System\khoEYSy.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\LPiaKrn.exe
  C:\Windows\System\LPiaKrn.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\khshcQc.exe
  C:\Windows\System\khshcQc.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\LkpZFNG.exe
  C:\Windows\System\LkpZFNG.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\QoRPAYP.exe
  C:\Windows\System\QoRPAYP.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\UIgyufe.exe
  C:\Windows\System\UIgyufe.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\iiueYCD.exe
  C:\Windows\System\iiueYCD.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\GFANfcb.exe
  C:\Windows\System\GFANfcb.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\mXUdloV.exe
  C:\Windows\System\mXUdloV.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\fVamkDp.exe
  C:\Windows\System\fVamkDp.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\xAfKjlD.exe
  C:\Windows\System\xAfKjlD.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\MjoRkOL.exe
  C:\Windows\System\MjoRkOL.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\GBJSKMS.exe
  C:\Windows\System\GBJSKMS.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\CKiKYSi.exe
  C:\Windows\System\CKiKYSi.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\mzCDWdn.exe
  C:\Windows\System\mzCDWdn.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\RvnZiYE.exe
  C:\Windows\System\RvnZiYE.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\RLLuXRU.exe
  C:\Windows\System\RLLuXRU.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\DMYQXtX.exe
  C:\Windows\System\DMYQXtX.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\seyyDoA.exe
  C:\Windows\System\seyyDoA.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\jmEzPYS.exe
  C:\Windows\System\jmEzPYS.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\lEGGsLn.exe
  C:\Windows\System\lEGGsLn.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\OQpQEUe.exe
  C:\Windows\System\OQpQEUe.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\MZTYYXp.exe
  C:\Windows\System\MZTYYXp.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\gKIXelj.exe
  C:\Windows\System\gKIXelj.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\HnstYtt.exe
  C:\Windows\System\HnstYtt.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\UyumzGA.exe
  C:\Windows\System\UyumzGA.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\WJaGvIJ.exe
  C:\Windows\System\WJaGvIJ.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\cUxPRHh.exe
  C:\Windows\System\cUxPRHh.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\IgsCQYe.exe
  C:\Windows\System\IgsCQYe.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\iJpFeTC.exe
  C:\Windows\System\iJpFeTC.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\kETCwYz.exe
  C:\Windows\System\kETCwYz.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\fLNKIih.exe
  C:\Windows\System\fLNKIih.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\FjVplCK.exe
  C:\Windows\System\FjVplCK.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\CjWjvVQ.exe
  C:\Windows\System\CjWjvVQ.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\kErvHOr.exe
  C:\Windows\System\kErvHOr.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\xmjVqBk.exe
  C:\Windows\System\xmjVqBk.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\iXaCANB.exe
  C:\Windows\System\iXaCANB.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\hwBeqDc.exe
  C:\Windows\System\hwBeqDc.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\quTtdFj.exe
  C:\Windows\System\quTtdFj.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\HaSKuYD.exe
  C:\Windows\System\HaSKuYD.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\IEVKcXM.exe
  C:\Windows\System\IEVKcXM.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\HFLgtvl.exe
  C:\Windows\System\HFLgtvl.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\PGqzEFX.exe
  C:\Windows\System\PGqzEFX.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\GUsXgTS.exe
  C:\Windows\System\GUsXgTS.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\amzxEuf.exe
  C:\Windows\System\amzxEuf.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\GQwhwam.exe
  C:\Windows\System\GQwhwam.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\TSwePJn.exe
  C:\Windows\System\TSwePJn.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\SYtokkK.exe
  C:\Windows\System\SYtokkK.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\JPNtDLn.exe
  C:\Windows\System\JPNtDLn.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\TKoDKcB.exe
  C:\Windows\System\TKoDKcB.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\krbXOvM.exe
  C:\Windows\System\krbXOvM.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\FtXHgBk.exe
  C:\Windows\System\FtXHgBk.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\ngWvBov.exe
  C:\Windows\System\ngWvBov.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\TEORgTC.exe
  C:\Windows\System\TEORgTC.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\fSlcaKh.exe
  C:\Windows\System\fSlcaKh.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\EAhTBWZ.exe
  C:\Windows\System\EAhTBWZ.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\ayokCXm.exe
  C:\Windows\System\ayokCXm.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\vYkCcUo.exe
  C:\Windows\System\vYkCcUo.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\ZMiYphA.exe
  C:\Windows\System\ZMiYphA.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\ygnzdPc.exe
  C:\Windows\System\ygnzdPc.exe
  2⤵
  PID:4224
- C:\Windows\System\hPKFUct.exe
  C:\Windows\System\hPKFUct.exe
  2⤵
  PID:1804
- C:\Windows\System\avemxAD.exe
  C:\Windows\System\avemxAD.exe
  2⤵
  PID:3192
- C:\Windows\System\YSqHdSe.exe
  C:\Windows\System\YSqHdSe.exe
  2⤵
  PID:2424
- C:\Windows\System\CntFpUz.exe
  C:\Windows\System\CntFpUz.exe
  2⤵
  PID:5100
- C:\Windows\System\ODcqxiN.exe
  C:\Windows\System\ODcqxiN.exe
  2⤵
  PID:1940
- C:\Windows\System\aicOgCG.exe
  C:\Windows\System\aicOgCG.exe
  2⤵
  PID:1060
- C:\Windows\System\yCWSFBz.exe
  C:\Windows\System\yCWSFBz.exe
  2⤵
  PID:4328
- C:\Windows\System\rzpiEnW.exe
  C:\Windows\System\rzpiEnW.exe
  2⤵
  PID:216
- C:\Windows\System\hAuFNGg.exe
  C:\Windows\System\hAuFNGg.exe
  2⤵
  PID:3632
- C:\Windows\System\lnxTRtt.exe
  C:\Windows\System\lnxTRtt.exe
  2⤵
  PID:884
- C:\Windows\System\AqBPCXN.exe
  C:\Windows\System\AqBPCXN.exe
  2⤵
  PID:2816
- C:\Windows\System\MWfJlKo.exe
  C:\Windows\System\MWfJlKo.exe
  2⤵
  PID:3960
- C:\Windows\System\GvyjdRQ.exe
  C:\Windows\System\GvyjdRQ.exe
  2⤵
  PID:2076
- C:\Windows\System\EJkFbez.exe
  C:\Windows\System\EJkFbez.exe
  2⤵
  PID:2924
- C:\Windows\System\JxlfDJI.exe
  C:\Windows\System\JxlfDJI.exe
  2⤵
  PID:996
- C:\Windows\System\WFgPOHq.exe
  C:\Windows\System\WFgPOHq.exe
  2⤵
  PID:1888
- C:\Windows\System\EYthBtV.exe
  C:\Windows\System\EYthBtV.exe
  2⤵
  PID:2188
- C:\Windows\System\BrrYBTD.exe
  C:\Windows\System\BrrYBTD.exe
  2⤵
  PID:2776
- C:\Windows\System\OpjjOLp.exe
  C:\Windows\System\OpjjOLp.exe
  2⤵
  PID:4164
- C:\Windows\System\IvkXEYF.exe
  C:\Windows\System\IvkXEYF.exe
  2⤵
  PID:4248
- C:\Windows\System\vbTRhiL.exe
  C:\Windows\System\vbTRhiL.exe
  2⤵
  PID:1556
- C:\Windows\System\riWirtD.exe
  C:\Windows\System\riWirtD.exe
  2⤵
  PID:3912
- C:\Windows\System\PlkrJRX.exe
  C:\Windows\System\PlkrJRX.exe
  2⤵
  PID:880
- C:\Windows\System\WcoKQRX.exe
  C:\Windows\System\WcoKQRX.exe
  2⤵
  PID:5160
- C:\Windows\System\gXkEkGq.exe
  C:\Windows\System\gXkEkGq.exe
  2⤵
  PID:5188
- C:\Windows\System\odbaZqL.exe
  C:\Windows\System\odbaZqL.exe
  2⤵
  PID:5216
- C:\Windows\System\bGfUkqw.exe
  C:\Windows\System\bGfUkqw.exe
  2⤵
  PID:5232
- C:\Windows\System\TILDCzR.exe
  C:\Windows\System\TILDCzR.exe
  2⤵
  PID:5256
- C:\Windows\System\sSaRaYV.exe
  C:\Windows\System\sSaRaYV.exe
  2⤵
  PID:5288
- C:\Windows\System\tFMCcOy.exe
  C:\Windows\System\tFMCcOy.exe
  2⤵
  PID:5316
- C:\Windows\System\DnoJvza.exe
  C:\Windows\System\DnoJvza.exe
  2⤵
  PID:5344
- C:\Windows\System\YHbPBUS.exe
  C:\Windows\System\YHbPBUS.exe
  2⤵
  PID:5372
- C:\Windows\System\uaHvbvU.exe
  C:\Windows\System\uaHvbvU.exe
  2⤵
  PID:5400
- C:\Windows\System\lGGWtgA.exe
  C:\Windows\System\lGGWtgA.exe
  2⤵
  PID:5428
- C:\Windows\System\cNQHdgZ.exe
  C:\Windows\System\cNQHdgZ.exe
  2⤵
  PID:5456
- C:\Windows\System\IiHBJkL.exe
  C:\Windows\System\IiHBJkL.exe
  2⤵
  PID:5484
- C:\Windows\System\mQCoCqX.exe
  C:\Windows\System\mQCoCqX.exe
  2⤵
  PID:5508
- C:\Windows\System\ZXLtvev.exe
  C:\Windows\System\ZXLtvev.exe
  2⤵
  PID:5540
- C:\Windows\System\iWXaVEk.exe
  C:\Windows\System\iWXaVEk.exe
  2⤵
  PID:5568
- C:\Windows\System\iSmkveY.exe
  C:\Windows\System\iSmkveY.exe
  2⤵
  PID:5596
- C:\Windows\System\BabmkbU.exe
  C:\Windows\System\BabmkbU.exe
  2⤵
  PID:5624
- C:\Windows\System\DOjuPMc.exe
  C:\Windows\System\DOjuPMc.exe
  2⤵
  PID:5652
- C:\Windows\System\BYxgpgJ.exe
  C:\Windows\System\BYxgpgJ.exe
  2⤵
  PID:5680
- C:\Windows\System\hvrrRvQ.exe
  C:\Windows\System\hvrrRvQ.exe
  2⤵
  PID:5708
- C:\Windows\System\pNGmejP.exe
  C:\Windows\System\pNGmejP.exe
  2⤵
  PID:5736
- C:\Windows\System\iBSnoPO.exe
  C:\Windows\System\iBSnoPO.exe
  2⤵
  PID:5764
- C:\Windows\System\JKZLHRp.exe
  C:\Windows\System\JKZLHRp.exe
  2⤵
  PID:5792
- C:\Windows\System\DSyZdRv.exe
  C:\Windows\System\DSyZdRv.exe
  2⤵
  PID:5820
- C:\Windows\System\tFVONwt.exe
  C:\Windows\System\tFVONwt.exe
  2⤵
  PID:5860
- C:\Windows\System\dNroxCy.exe
  C:\Windows\System\dNroxCy.exe
  2⤵
  PID:5900
- C:\Windows\System\ewzLXgP.exe
  C:\Windows\System\ewzLXgP.exe
  2⤵
  PID:5916
- C:\Windows\System\LIOaesp.exe
  C:\Windows\System\LIOaesp.exe
  2⤵
  PID:5932
- C:\Windows\System\WfuIVAo.exe
  C:\Windows\System\WfuIVAo.exe
  2⤵
  PID:5968
- C:\Windows\System\sWFHccZ.exe
  C:\Windows\System\sWFHccZ.exe
  2⤵
  PID:6000
- C:\Windows\System\SawBBxC.exe
  C:\Windows\System\SawBBxC.exe
  2⤵
  PID:6028
- C:\Windows\System\AYvoPct.exe
  C:\Windows\System\AYvoPct.exe
  2⤵
  PID:6056
- C:\Windows\System\ABMrMDY.exe
  C:\Windows\System\ABMrMDY.exe
  2⤵
  PID:6084
- C:\Windows\System\jsFyUZs.exe
  C:\Windows\System\jsFyUZs.exe
  2⤵
  PID:6108
- C:\Windows\System\QEFJjYM.exe
  C:\Windows\System\QEFJjYM.exe
  2⤵
  PID:6140
- C:\Windows\System\AjCXBlq.exe
  C:\Windows\System\AjCXBlq.exe
  2⤵
  PID:1720
- C:\Windows\System\MXGOtgS.exe
  C:\Windows\System\MXGOtgS.exe
  2⤵
  PID:2360
- C:\Windows\System\aXnKvlg.exe
  C:\Windows\System\aXnKvlg.exe
  2⤵
  PID:2616
- C:\Windows\System\swwKwDa.exe
  C:\Windows\System\swwKwDa.exe
  2⤵
  PID:5148
- C:\Windows\System\CnrwVAI.exe
  C:\Windows\System\CnrwVAI.exe
  2⤵
  PID:5208
- C:\Windows\System\XSGDXJK.exe
  C:\Windows\System\XSGDXJK.exe
  2⤵
  PID:5276
- C:\Windows\System\tqJFEvg.exe
  C:\Windows\System\tqJFEvg.exe
  2⤵
  PID:5336
- C:\Windows\System\MDxwCrK.exe
  C:\Windows\System\MDxwCrK.exe
  2⤵
  PID:5412
- C:\Windows\System\Bgffotr.exe
  C:\Windows\System\Bgffotr.exe
  2⤵
  PID:5472
- C:\Windows\System\BvzxSLg.exe
  C:\Windows\System\BvzxSLg.exe
  2⤵
  PID:5528
- C:\Windows\System\XRYfVxe.exe
  C:\Windows\System\XRYfVxe.exe
  2⤵
  PID:5588
- C:\Windows\System\QktOHZI.exe
  C:\Windows\System\QktOHZI.exe
  2⤵
  PID:5692
- C:\Windows\System\GYDrTaf.exe
  C:\Windows\System\GYDrTaf.exe
  2⤵
  PID:5752
- C:\Windows\System\yxLUxYI.exe
  C:\Windows\System\yxLUxYI.exe
  2⤵
  PID:5812
- C:\Windows\System\FQjeJBb.exe
  C:\Windows\System\FQjeJBb.exe
  2⤵
  PID:5888
- C:\Windows\System\UKvAYZD.exe
  C:\Windows\System\UKvAYZD.exe
  2⤵
  PID:5924
- C:\Windows\System\SNuXVjT.exe
  C:\Windows\System\SNuXVjT.exe
  2⤵
  PID:4772
- C:\Windows\System\LaedMbP.exe
  C:\Windows\System\LaedMbP.exe
  2⤵
  PID:6044
- C:\Windows\System\xMZbGut.exe
  C:\Windows\System\xMZbGut.exe
  2⤵
  PID:6096
- C:\Windows\System\ikAWYkH.exe
  C:\Windows\System\ikAWYkH.exe
  2⤵
  PID:4876
- C:\Windows\System\GectytO.exe
  C:\Windows\System\GectytO.exe
  2⤵
  PID:4324
- C:\Windows\System\HRGXGJD.exe
  C:\Windows\System\HRGXGJD.exe
  2⤵
  PID:5252
- C:\Windows\System\PxVgQsT.exe
  C:\Windows\System\PxVgQsT.exe
  2⤵
  PID:5440
- C:\Windows\System\wPzMunT.exe
  C:\Windows\System\wPzMunT.exe
  2⤵
  PID:5560
- C:\Windows\System\KZNMtsd.exe
  C:\Windows\System\KZNMtsd.exe
  2⤵
  PID:5724
- C:\Windows\System\zLahbgH.exe
  C:\Windows\System\zLahbgH.exe
  2⤵
  PID:5872
- C:\Windows\System\WUbpGbY.exe
  C:\Windows\System\WUbpGbY.exe
  2⤵
  PID:6016
- C:\Windows\System\OIimlNt.exe
  C:\Windows\System\OIimlNt.exe
  2⤵
  PID:6128
- C:\Windows\System\dxXdNqh.exe
  C:\Windows\System\dxXdNqh.exe
  2⤵
  PID:5364
- C:\Windows\System\yHLYWls.exe
  C:\Windows\System\yHLYWls.exe
  2⤵
  PID:5664
- C:\Windows\System\WsSuwHi.exe
  C:\Windows\System\WsSuwHi.exe
  2⤵
  PID:5960
- C:\Windows\System\ttWrcPY.exe
  C:\Windows\System\ttWrcPY.exe
  2⤵
  PID:3488
- C:\Windows\System\OoLUzUp.exe
  C:\Windows\System\OoLUzUp.exe
  2⤵
  PID:6152
- C:\Windows\System\HxbuzEe.exe
  C:\Windows\System\HxbuzEe.exe
  2⤵
  PID:6200
- C:\Windows\System\LrIJTzR.exe
  C:\Windows\System\LrIJTzR.exe
  2⤵
  PID:6240
- C:\Windows\System\nhyOFVJ.exe
  C:\Windows\System\nhyOFVJ.exe
  2⤵
  PID:6320
- C:\Windows\System\rcdsgdc.exe
  C:\Windows\System\rcdsgdc.exe
  2⤵
  PID:6380
- C:\Windows\System\zeVeohs.exe
  C:\Windows\System\zeVeohs.exe
  2⤵
  PID:6420
- C:\Windows\System\UNwGVJg.exe
  C:\Windows\System\UNwGVJg.exe
  2⤵
  PID:6460
- C:\Windows\System\vWHRutX.exe
  C:\Windows\System\vWHRutX.exe
  2⤵
  PID:6504
- C:\Windows\System\YKRfvAY.exe
  C:\Windows\System\YKRfvAY.exe
  2⤵
  PID:6524
- C:\Windows\System\IwTbSjJ.exe
  C:\Windows\System\IwTbSjJ.exe
  2⤵
  PID:6556
- C:\Windows\System\bjyjeov.exe
  C:\Windows\System\bjyjeov.exe
  2⤵
  PID:6588
- C:\Windows\System\IVkvEWV.exe
  C:\Windows\System\IVkvEWV.exe
  2⤵
  PID:6620
- C:\Windows\System\udUTogp.exe
  C:\Windows\System\udUTogp.exe
  2⤵
  PID:6648
- C:\Windows\System\UaEFOBx.exe
  C:\Windows\System\UaEFOBx.exe
  2⤵
  PID:6676
- C:\Windows\System\RBFoSsT.exe
  C:\Windows\System\RBFoSsT.exe
  2⤵
  PID:6708
- C:\Windows\System\KljoFtk.exe
  C:\Windows\System\KljoFtk.exe
  2⤵
  PID:6744
- C:\Windows\System\ridiFyb.exe
  C:\Windows\System\ridiFyb.exe
  2⤵
  PID:6772
- C:\Windows\System\LWCyXgL.exe
  C:\Windows\System\LWCyXgL.exe
  2⤵
  PID:6800
- C:\Windows\System\aUMturO.exe
  C:\Windows\System\aUMturO.exe
  2⤵
  PID:6832
- C:\Windows\System\TfQgTva.exe
  C:\Windows\System\TfQgTva.exe
  2⤵
  PID:6860
- C:\Windows\System\iynzeoV.exe
  C:\Windows\System\iynzeoV.exe
  2⤵
  PID:6892
- C:\Windows\System\DyEUHCS.exe
  C:\Windows\System\DyEUHCS.exe
  2⤵
  PID:6920
- C:\Windows\System\zbbRhot.exe
  C:\Windows\System\zbbRhot.exe
  2⤵
  PID:6948
- C:\Windows\System\vOMnjwA.exe
  C:\Windows\System\vOMnjwA.exe
  2⤵
  PID:6980
- C:\Windows\System\zIMCRHS.exe
  C:\Windows\System\zIMCRHS.exe
  2⤵
  PID:7000
- C:\Windows\System\NmGgmfa.exe
  C:\Windows\System\NmGgmfa.exe
  2⤵
  PID:7032
- C:\Windows\System\jqxLBAH.exe
  C:\Windows\System\jqxLBAH.exe
  2⤵
  PID:7068
- C:\Windows\System\VutJtfP.exe
  C:\Windows\System\VutJtfP.exe
  2⤵
  PID:7100
- C:\Windows\System\hjZliQT.exe
  C:\Windows\System\hjZliQT.exe
  2⤵
  PID:7128
- C:\Windows\System\IHPvIVP.exe
  C:\Windows\System\IHPvIVP.exe
  2⤵
  PID:7156
- C:\Windows\System\rFEFBCc.exe
  C:\Windows\System\rFEFBCc.exe
  2⤵
  PID:5808
- C:\Windows\System\OZzSBnA.exe
  C:\Windows\System\OZzSBnA.exe
  2⤵
  PID:6076
- C:\Windows\System\GjoaLrp.exe
  C:\Windows\System\GjoaLrp.exe
  2⤵
  PID:1820
- C:\Windows\System\UYmIcPD.exe
  C:\Windows\System\UYmIcPD.exe
  2⤵
  PID:3872
- C:\Windows\System\bxkJnGt.exe
  C:\Windows\System\bxkJnGt.exe
  2⤵
  PID:5500
- C:\Windows\System\ClqDxVS.exe
  C:\Windows\System\ClqDxVS.exe
  2⤵
  PID:2760
- C:\Windows\System\jchpEec.exe
  C:\Windows\System\jchpEec.exe
  2⤵
  PID:6228
- C:\Windows\System\AKYntcB.exe
  C:\Windows\System\AKYntcB.exe
  2⤵
  PID:6352
- C:\Windows\System\shdZZhn.exe
  C:\Windows\System\shdZZhn.exe
  2⤵
  PID:212
- C:\Windows\System\FrhGzAf.exe
  C:\Windows\System\FrhGzAf.exe
  2⤵
  PID:1288
- C:\Windows\System\SHxLalV.exe
  C:\Windows\System\SHxLalV.exe
  2⤵
  PID:4944
- C:\Windows\System\eHJcfwg.exe
  C:\Windows\System\eHJcfwg.exe
  2⤵
  PID:4488
- C:\Windows\System\ZqXXiyW.exe
  C:\Windows\System\ZqXXiyW.exe
  2⤵
  PID:1548
- C:\Windows\System\tHUEHUn.exe
  C:\Windows\System\tHUEHUn.exe
  2⤵
  PID:6404
- C:\Windows\System\KQZkmPg.exe
  C:\Windows\System\KQZkmPg.exe
  2⤵
  PID:3688
- C:\Windows\System\qIdJJBb.exe
  C:\Windows\System\qIdJJBb.exe
  2⤵
  PID:1192
- C:\Windows\System\AlJoSVn.exe
  C:\Windows\System\AlJoSVn.exe
  2⤵
  PID:6476
- C:\Windows\System\KtQSFBq.exe
  C:\Windows\System\KtQSFBq.exe
  2⤵
  PID:3916
- C:\Windows\System\komXevt.exe
  C:\Windows\System\komXevt.exe
  2⤵
  PID:6272
- C:\Windows\System\LoNHymH.exe
  C:\Windows\System\LoNHymH.exe
  2⤵
  PID:6480
- C:\Windows\System\NzQyNnV.exe
  C:\Windows\System\NzQyNnV.exe
  2⤵
  PID:6336
- C:\Windows\System\KroPXih.exe
  C:\Windows\System\KroPXih.exe
  2⤵
  PID:6756
- C:\Windows\System\QiiTnle.exe
  C:\Windows\System\QiiTnle.exe
  2⤵
  PID:6816
- C:\Windows\System\hyPKFkT.exe
  C:\Windows\System\hyPKFkT.exe
  2⤵
  PID:6888
- C:\Windows\System\lfzecFp.exe
  C:\Windows\System\lfzecFp.exe
  2⤵
  PID:6940
- C:\Windows\System\bMpAyAm.exe
  C:\Windows\System\bMpAyAm.exe
  2⤵
  PID:6972
- C:\Windows\System\McnnbDT.exe
  C:\Windows\System\McnnbDT.exe
  2⤵
  PID:7024
- C:\Windows\System\BabhkLn.exe
  C:\Windows\System\BabhkLn.exe
  2⤵
  PID:7088
- C:\Windows\System\JNLnpKh.exe
  C:\Windows\System\JNLnpKh.exe
  2⤵
  PID:7164
- C:\Windows\System\gVuXmkp.exe
  C:\Windows\System\gVuXmkp.exe
  2⤵
  PID:4988
- C:\Windows\System\zWdEWdL.exe
  C:\Windows\System\zWdEWdL.exe
  2⤵
  PID:3276
- C:\Windows\System\RfuWteI.exe
  C:\Windows\System\RfuWteI.exe
  2⤵
  PID:6196
- C:\Windows\System\AAiYYYI.exe
  C:\Windows\System\AAiYYYI.exe
  2⤵
  PID:1600
- C:\Windows\System\HQvOXls.exe
  C:\Windows\System\HQvOXls.exe
  2⤵
  PID:1108
- C:\Windows\System\tZXMefI.exe
  C:\Windows\System\tZXMefI.exe
  2⤵
  PID:6224
- C:\Windows\System\fbLiPGH.exe
  C:\Windows\System\fbLiPGH.exe
  2⤵
  PID:2580
- C:\Windows\System\nUjJXms.exe
  C:\Windows\System\nUjJXms.exe
  2⤵
  PID:1920
- C:\Windows\System\btsdAur.exe
  C:\Windows\System\btsdAur.exe
  2⤵
  PID:6388
- C:\Windows\System\zRgxAQv.exe
  C:\Windows\System\zRgxAQv.exe
  2⤵
  PID:6584
- C:\Windows\System\QbVrGmb.exe
  C:\Windows\System\QbVrGmb.exe
  2⤵
  PID:6760
- C:\Windows\System\vtefixT.exe
  C:\Windows\System\vtefixT.exe
  2⤵
  PID:6844
- C:\Windows\System\DOFHnbn.exe
  C:\Windows\System\DOFHnbn.exe
  2⤵
  PID:6580
- C:\Windows\System\EvsqkzI.exe
  C:\Windows\System\EvsqkzI.exe
  2⤵
  PID:6364
- C:\Windows\System\gAmufuH.exe
  C:\Windows\System\gAmufuH.exe
  2⤵
  PID:7080
- C:\Windows\System\uCoaxXw.exe
  C:\Windows\System\uCoaxXw.exe
  2⤵
  PID:6072
- C:\Windows\System\hFZmlHU.exe
  C:\Windows\System\hFZmlHU.exe
  2⤵
  PID:1580
- C:\Windows\System\SbxiJbf.exe
  C:\Windows\System\SbxiJbf.exe
  2⤵
  PID:6436
- C:\Windows\System\ijjKKJt.exe
  C:\Windows\System\ijjKKJt.exe
  2⤵
  PID:2512
- C:\Windows\System\Xpfhyjd.exe
  C:\Windows\System\Xpfhyjd.exe
  2⤵
  PID:6664
- C:\Windows\System\IuHHcnX.exe
  C:\Windows\System\IuHHcnX.exe
  2⤵
  PID:2728
- C:\Windows\System\NSLfUrk.exe
  C:\Windows\System\NSLfUrk.exe
  2⤵
  PID:2644
- C:\Windows\System\fyMaXNT.exe
  C:\Windows\System\fyMaXNT.exe
  2⤵
  PID:1856
- C:\Windows\System\gyhcBhM.exe
  C:\Windows\System\gyhcBhM.exe
  2⤵
  PID:7016
- C:\Windows\System\FlMAhZe.exe
  C:\Windows\System\FlMAhZe.exe
  2⤵
  PID:3476
- C:\Windows\System\WuKtCEI.exe
  C:\Windows\System\WuKtCEI.exe
  2⤵
  PID:6872
- C:\Windows\System\pYEhmOa.exe
  C:\Windows\System\pYEhmOa.exe
  2⤵
  PID:7184
- C:\Windows\System\dyIUWmm.exe
  C:\Windows\System\dyIUWmm.exe
  2⤵
  PID:7212
- C:\Windows\System\lDvYHGO.exe
  C:\Windows\System\lDvYHGO.exe
  2⤵
  PID:7240
- C:\Windows\System\ClyzSCx.exe
  C:\Windows\System\ClyzSCx.exe
  2⤵
  PID:7268
- C:\Windows\System\mtlcUWp.exe
  C:\Windows\System\mtlcUWp.exe
  2⤵
  PID:7296
- C:\Windows\System\MQswyWc.exe
  C:\Windows\System\MQswyWc.exe
  2⤵
  PID:7328
- C:\Windows\System\rQCwYnH.exe
  C:\Windows\System\rQCwYnH.exe
  2⤵
  PID:7356
- C:\Windows\System\XxOSttl.exe
  C:\Windows\System\XxOSttl.exe
  2⤵
  PID:7384
- C:\Windows\System\QfDgGiN.exe
  C:\Windows\System\QfDgGiN.exe
  2⤵
  PID:7416
- C:\Windows\System\azMHEWD.exe
  C:\Windows\System\azMHEWD.exe
  2⤵
  PID:7440
- C:\Windows\System\Ciwgibp.exe
  C:\Windows\System\Ciwgibp.exe
  2⤵
  PID:7468
- C:\Windows\System\BAznHxf.exe
  C:\Windows\System\BAznHxf.exe
  2⤵
  PID:7496
- C:\Windows\System\lzuvino.exe
  C:\Windows\System\lzuvino.exe
  2⤵
  PID:7524
- C:\Windows\System\CNIJKVr.exe
  C:\Windows\System\CNIJKVr.exe
  2⤵
  PID:7552
- C:\Windows\System\AUZJDhu.exe
  C:\Windows\System\AUZJDhu.exe
  2⤵
  PID:7580
- C:\Windows\System\GwSCnal.exe
  C:\Windows\System\GwSCnal.exe
  2⤵
  PID:7612
- C:\Windows\System\pzlNoWM.exe
  C:\Windows\System\pzlNoWM.exe
  2⤵
  PID:7656
- C:\Windows\System\OaOcsTe.exe
  C:\Windows\System\OaOcsTe.exe
  2⤵
  PID:7676
- C:\Windows\System\wWMbjjp.exe
  C:\Windows\System\wWMbjjp.exe
  2⤵
  PID:7700
- C:\Windows\System\cytKlEC.exe
  C:\Windows\System\cytKlEC.exe
  2⤵
  PID:7728
- C:\Windows\System\FXxvnDV.exe
  C:\Windows\System\FXxvnDV.exe
  2⤵
  PID:7756
- C:\Windows\System\uicoPQL.exe
  C:\Windows\System\uicoPQL.exe
  2⤵
  PID:7788
- C:\Windows\System\Gkogdvm.exe
  C:\Windows\System\Gkogdvm.exe
  2⤵
  PID:7816
- C:\Windows\System\XEgdwlh.exe
  C:\Windows\System\XEgdwlh.exe
  2⤵
  PID:7844
- C:\Windows\System\aTIpEBA.exe
  C:\Windows\System\aTIpEBA.exe
  2⤵
  PID:7872
- C:\Windows\System\kQccKbx.exe
  C:\Windows\System\kQccKbx.exe
  2⤵
  PID:7900
- C:\Windows\System\NvHLuly.exe
  C:\Windows\System\NvHLuly.exe
  2⤵
  PID:7928
- C:\Windows\System\VRrCpWC.exe
  C:\Windows\System\VRrCpWC.exe
  2⤵
  PID:7964
- C:\Windows\System\LWXWhSz.exe
  C:\Windows\System\LWXWhSz.exe
  2⤵
  PID:7988
- C:\Windows\System\GgWtzVA.exe
  C:\Windows\System\GgWtzVA.exe
  2⤵
  PID:8016
- C:\Windows\System\yvsFsES.exe
  C:\Windows\System\yvsFsES.exe
  2⤵
  PID:8044
- C:\Windows\System\TRDtvtb.exe
  C:\Windows\System\TRDtvtb.exe
  2⤵
  PID:8072
- C:\Windows\System\DZJcaKe.exe
  C:\Windows\System\DZJcaKe.exe
  2⤵
  PID:8108
- C:\Windows\System\WXeuCoW.exe
  C:\Windows\System\WXeuCoW.exe
  2⤵
  PID:8128
- C:\Windows\System\IFWtleW.exe
  C:\Windows\System\IFWtleW.exe
  2⤵
  PID:8156
- C:\Windows\System\uIJgSFg.exe
  C:\Windows\System\uIJgSFg.exe
  2⤵
  PID:8188
- C:\Windows\System\AoHFRkw.exe
  C:\Windows\System\AoHFRkw.exe
  2⤵
  PID:6440
- C:\Windows\System\DWcCwWs.exe
  C:\Windows\System\DWcCwWs.exe
  2⤵
  PID:7284
- C:\Windows\System\SXynNms.exe
  C:\Windows\System\SXynNms.exe
  2⤵
  PID:7348
- C:\Windows\System\uxZciJS.exe
  C:\Windows\System\uxZciJS.exe
  2⤵
  PID:6236
- C:\Windows\System\WZyXqvf.exe
  C:\Windows\System\WZyXqvf.exe
  2⤵
  PID:7464
- C:\Windows\System\tBaAxDI.exe
  C:\Windows\System\tBaAxDI.exe
  2⤵
  PID:7536
- C:\Windows\System\cyvyuwd.exe
  C:\Windows\System\cyvyuwd.exe
  2⤵
  PID:7608
- C:\Windows\System\TiEmXzJ.exe
  C:\Windows\System\TiEmXzJ.exe
  2⤵
  PID:7684
- C:\Windows\System\CcKCIoo.exe
  C:\Windows\System\CcKCIoo.exe
  2⤵
  PID:7752
- C:\Windows\System\oYkFmFw.exe
  C:\Windows\System\oYkFmFw.exe
  2⤵
  PID:7836
- C:\Windows\System\Ticbtjv.exe
  C:\Windows\System\Ticbtjv.exe
  2⤵
  PID:7892
- C:\Windows\System\cBjTTMm.exe
  C:\Windows\System\cBjTTMm.exe
  2⤵
  PID:7952
- C:\Windows\System\NwhKOSY.exe
  C:\Windows\System\NwhKOSY.exe
  2⤵
  PID:8028
- C:\Windows\System\eLxrJYE.exe
  C:\Windows\System\eLxrJYE.exe
  2⤵
  PID:8092
- C:\Windows\System\MZGsLbK.exe
  C:\Windows\System\MZGsLbK.exe
  2⤵
  PID:8152
- C:\Windows\System\zFcDGaX.exe
  C:\Windows\System\zFcDGaX.exe
  2⤵
  PID:7208
- C:\Windows\System\SzPhjha.exe
  C:\Windows\System\SzPhjha.exe
  2⤵
  PID:7380
- C:\Windows\System\LMVEkMh.exe
  C:\Windows\System\LMVEkMh.exe
  2⤵
  PID:7592
- C:\Windows\System\uKQDsHB.exe
  C:\Windows\System\uKQDsHB.exe
  2⤵
  PID:7668
- C:\Windows\System\NoIWVHk.exe
  C:\Windows\System\NoIWVHk.exe
  2⤵
  PID:7864
- C:\Windows\System\TxWkHtE.exe
  C:\Windows\System\TxWkHtE.exe
  2⤵
  PID:1616
- C:\Windows\System\smTQgBR.exe
  C:\Windows\System\smTQgBR.exe
  2⤵
  PID:8140
- C:\Windows\System\sltLnCX.exe
  C:\Windows\System\sltLnCX.exe
  2⤵
  PID:7340
- C:\Windows\System\CkCrnAU.exe
  C:\Windows\System\CkCrnAU.exe
  2⤵
  PID:7748
- C:\Windows\System\oItLTUM.exe
  C:\Windows\System\oItLTUM.exe
  2⤵
  PID:8088
- C:\Windows\System\MLErLwG.exe
  C:\Windows\System\MLErLwG.exe
  2⤵
  PID:7664
- C:\Windows\System\fEsyMmc.exe
  C:\Windows\System\fEsyMmc.exe
  2⤵
  PID:7636
- C:\Windows\System\gtQzCRn.exe
  C:\Windows\System\gtQzCRn.exe
  2⤵
  PID:8208
- C:\Windows\System\yXYMXeY.exe
  C:\Windows\System\yXYMXeY.exe
  2⤵
  PID:8236
- C:\Windows\System\CrtZAzf.exe
  C:\Windows\System\CrtZAzf.exe
  2⤵
  PID:8264
- C:\Windows\System\FyOROYg.exe
  C:\Windows\System\FyOROYg.exe
  2⤵
  PID:8296
- C:\Windows\System\mMxAUnD.exe
  C:\Windows\System\mMxAUnD.exe
  2⤵
  PID:8324
- C:\Windows\System\weypxfA.exe
  C:\Windows\System\weypxfA.exe
  2⤵
  PID:8360
- C:\Windows\System\metVnsH.exe
  C:\Windows\System\metVnsH.exe
  2⤵
  PID:8380
- C:\Windows\System\pqFobrV.exe
  C:\Windows\System\pqFobrV.exe
  2⤵
  PID:8408
- C:\Windows\System\XeSkPwI.exe
  C:\Windows\System\XeSkPwI.exe
  2⤵
  PID:8436
- C:\Windows\System\QLbTKGZ.exe
  C:\Windows\System\QLbTKGZ.exe
  2⤵
  PID:8464
- C:\Windows\System\xfkusAB.exe
  C:\Windows\System\xfkusAB.exe
  2⤵
  PID:8492
- C:\Windows\System\bNftPlO.exe
  C:\Windows\System\bNftPlO.exe
  2⤵
  PID:8520
- C:\Windows\System\bfuuQxI.exe
  C:\Windows\System\bfuuQxI.exe
  2⤵
  PID:8548
- C:\Windows\System\kizBsga.exe
  C:\Windows\System\kizBsga.exe
  2⤵
  PID:8576
- C:\Windows\System\OZbRlhx.exe
  C:\Windows\System\OZbRlhx.exe
  2⤵
  PID:8604
- C:\Windows\System\NXtCXNv.exe
  C:\Windows\System\NXtCXNv.exe
  2⤵
  PID:8632
- C:\Windows\System\qMyDeSy.exe
  C:\Windows\System\qMyDeSy.exe
  2⤵
  PID:8660
- C:\Windows\System\ZWgNksx.exe
  C:\Windows\System\ZWgNksx.exe
  2⤵
  PID:8688
- C:\Windows\System\hMHZMoW.exe
  C:\Windows\System\hMHZMoW.exe
  2⤵
  PID:8716
- C:\Windows\System\wRChHPD.exe
  C:\Windows\System\wRChHPD.exe
  2⤵
  PID:8744
- C:\Windows\System\xXpeCie.exe
  C:\Windows\System\xXpeCie.exe
  2⤵
  PID:8772
- C:\Windows\System\eJEDfHa.exe
  C:\Windows\System\eJEDfHa.exe
  2⤵
  PID:8800
- C:\Windows\System\DCosoHp.exe
  C:\Windows\System\DCosoHp.exe
  2⤵
  PID:8824
- C:\Windows\System\HuIeIUS.exe
  C:\Windows\System\HuIeIUS.exe
  2⤵
  PID:8844
- C:\Windows\System\TfXzqvY.exe
  C:\Windows\System\TfXzqvY.exe
  2⤵
  PID:8884
- C:\Windows\System\OMLzQwc.exe
  C:\Windows\System\OMLzQwc.exe
  2⤵
  PID:8904
- C:\Windows\System\HfjynRL.exe
  C:\Windows\System\HfjynRL.exe
  2⤵
  PID:8940
- C:\Windows\System\mMhZjXf.exe
  C:\Windows\System\mMhZjXf.exe
  2⤵
  PID:8968
- C:\Windows\System\qroPmBm.exe
  C:\Windows\System\qroPmBm.exe
  2⤵
  PID:8996
- C:\Windows\System\GubwfwZ.exe
  C:\Windows\System\GubwfwZ.exe
  2⤵
  PID:9028
- C:\Windows\System\shiwEcx.exe
  C:\Windows\System\shiwEcx.exe
  2⤵
  PID:9056
- C:\Windows\System\lFRDOti.exe
  C:\Windows\System\lFRDOti.exe
  2⤵
  PID:9084
- C:\Windows\System\DAGrGXt.exe
  C:\Windows\System\DAGrGXt.exe
  2⤵
  PID:9112
- C:\Windows\System\YQIsMPo.exe
  C:\Windows\System\YQIsMPo.exe
  2⤵
  PID:9140
- C:\Windows\System\zQRxliJ.exe
  C:\Windows\System\zQRxliJ.exe
  2⤵
  PID:9168
- C:\Windows\System\XYKGEBO.exe
  C:\Windows\System\XYKGEBO.exe
  2⤵
  PID:9196
- C:\Windows\System\TpYHreH.exe
  C:\Windows\System\TpYHreH.exe
  2⤵
  PID:8204
- C:\Windows\System\xBZGuFh.exe
  C:\Windows\System\xBZGuFh.exe
  2⤵
  PID:8276
- C:\Windows\System\ehlIHcm.exe
  C:\Windows\System\ehlIHcm.exe
  2⤵
  PID:8344
- C:\Windows\System\DerUyDh.exe
  C:\Windows\System\DerUyDh.exe
  2⤵
  PID:8404
- C:\Windows\System\DzQPSGF.exe
  C:\Windows\System\DzQPSGF.exe
  2⤵
  PID:8460
- C:\Windows\System\cQSNpvJ.exe
  C:\Windows\System\cQSNpvJ.exe
  2⤵
  PID:8536
- C:\Windows\System\aqynBqX.exe
  C:\Windows\System\aqynBqX.exe
  2⤵
  PID:8596
- C:\Windows\System\WLGCwXz.exe
  C:\Windows\System\WLGCwXz.exe
  2⤵
  PID:8656
- C:\Windows\System\pRtaRJl.exe
  C:\Windows\System\pRtaRJl.exe
  2⤵
  PID:8728
- C:\Windows\System\lYPHwMj.exe
  C:\Windows\System\lYPHwMj.exe
  2⤵
  PID:8792
- C:\Windows\System\HMFdkiB.exe
  C:\Windows\System\HMFdkiB.exe
  2⤵
  PID:8876
- C:\Windows\System\Czkqsui.exe
  C:\Windows\System\Czkqsui.exe
  2⤵
  PID:8892
- C:\Windows\System\rQMMJxK.exe
  C:\Windows\System\rQMMJxK.exe
  2⤵
  PID:8980
- C:\Windows\System\ZHibHBp.exe
  C:\Windows\System\ZHibHBp.exe
  2⤵
  PID:9044
- C:\Windows\System\YBsBGOo.exe
  C:\Windows\System\YBsBGOo.exe
  2⤵
  PID:9100
- C:\Windows\System\LXJmnPf.exe
  C:\Windows\System\LXJmnPf.exe
  2⤵
  PID:9160
- C:\Windows\System\acQPVYk.exe
  C:\Windows\System\acQPVYk.exe
  2⤵
  PID:8200
- C:\Windows\System\VxfUKie.exe
  C:\Windows\System\VxfUKie.exe
  2⤵
  PID:8372
- C:\Windows\System\GlwXSZj.exe
  C:\Windows\System\GlwXSZj.exe
  2⤵
  PID:8512
- C:\Windows\System\qgqagql.exe
  C:\Windows\System\qgqagql.exe
  2⤵
  PID:8652
- C:\Windows\System\pIFNtdr.exe
  C:\Windows\System\pIFNtdr.exe
  2⤵
  PID:8820
- C:\Windows\System\ZAJZGQd.exe
  C:\Windows\System\ZAJZGQd.exe
  2⤵
  PID:8960
- C:\Windows\System\NECxkef.exe
  C:\Windows\System\NECxkef.exe
  2⤵
  PID:9080
- C:\Windows\System\WQzKNTs.exe
  C:\Windows\System\WQzKNTs.exe
  2⤵
  PID:8316
- C:\Windows\System\yGipJMT.exe
  C:\Windows\System\yGipJMT.exe
  2⤵
  PID:8628
- C:\Windows\System\ECtHLot.exe
  C:\Windows\System\ECtHLot.exe
  2⤵
  PID:8964
- C:\Windows\System\GbKKEbN.exe
  C:\Windows\System\GbKKEbN.exe
  2⤵
  PID:8504
- C:\Windows\System\cYJyRrQ.exe
  C:\Windows\System\cYJyRrQ.exe
  2⤵
  PID:8768
- C:\Windows\System\kLdiBPX.exe
  C:\Windows\System\kLdiBPX.exe
  2⤵
  PID:9232
- C:\Windows\System\HjJVGpx.exe
  C:\Windows\System\HjJVGpx.exe
  2⤵
  PID:9260
- C:\Windows\System\XsqRseV.exe
  C:\Windows\System\XsqRseV.exe
  2⤵
  PID:9288
- C:\Windows\System\uFyGIAK.exe
  C:\Windows\System\uFyGIAK.exe
  2⤵
  PID:9324
- C:\Windows\System\ZoASoIU.exe
  C:\Windows\System\ZoASoIU.exe
  2⤵
  PID:9376
- C:\Windows\System\DHhdNRc.exe
  C:\Windows\System\DHhdNRc.exe
  2⤵
  PID:9416
- C:\Windows\System\GTFBLMK.exe
  C:\Windows\System\GTFBLMK.exe
  2⤵
  PID:9492
- C:\Windows\System\KOQfJGm.exe
  C:\Windows\System\KOQfJGm.exe
  2⤵
  PID:9572
- C:\Windows\System\smUqAjA.exe
  C:\Windows\System\smUqAjA.exe
  2⤵
  PID:9612
- C:\Windows\System\TNbITyk.exe
  C:\Windows\System\TNbITyk.exe
  2⤵
  PID:9652
- C:\Windows\System\kjZbXzB.exe
  C:\Windows\System\kjZbXzB.exe
  2⤵
  PID:9680
- C:\Windows\System\ucJrPng.exe
  C:\Windows\System\ucJrPng.exe
  2⤵
  PID:9712
- C:\Windows\System\QGmHvdM.exe
  C:\Windows\System\QGmHvdM.exe
  2⤵
  PID:9744
- C:\Windows\System\ZbAsOrJ.exe
  C:\Windows\System\ZbAsOrJ.exe
  2⤵
  PID:9776
- C:\Windows\System\AcxtXLU.exe
  C:\Windows\System\AcxtXLU.exe
  2⤵
  PID:9804
- C:\Windows\System\abtIpEs.exe
  C:\Windows\System\abtIpEs.exe
  2⤵
  PID:9836
- C:\Windows\System\YLEBgfo.exe
  C:\Windows\System\YLEBgfo.exe
  2⤵
  PID:9864
- C:\Windows\System\NNLYrAA.exe
  C:\Windows\System\NNLYrAA.exe
  2⤵
  PID:9892
- C:\Windows\System\faVcJDq.exe
  C:\Windows\System\faVcJDq.exe
  2⤵
  PID:9920
- C:\Windows\System\WzrXWYC.exe
  C:\Windows\System\WzrXWYC.exe
  2⤵
  PID:9948
- C:\Windows\System\GNFRkfF.exe
  C:\Windows\System\GNFRkfF.exe
  2⤵
  PID:9992
- C:\Windows\System\IiFemBo.exe
  C:\Windows\System\IiFemBo.exe
  2⤵
  PID:10016
- C:\Windows\System\aUelsnT.exe
  C:\Windows\System\aUelsnT.exe
  2⤵
  PID:10044
- C:\Windows\System\HkGiZtS.exe
  C:\Windows\System\HkGiZtS.exe
  2⤵
  PID:10072
- C:\Windows\System\cdANQbH.exe
  C:\Windows\System\cdANQbH.exe
  2⤵
  PID:10100
- C:\Windows\System\NGbjinz.exe
  C:\Windows\System\NGbjinz.exe
  2⤵
  PID:10128
- C:\Windows\System\NskWlGn.exe
  C:\Windows\System\NskWlGn.exe
  2⤵
  PID:10156
- C:\Windows\System\UZqDHmE.exe
  C:\Windows\System\UZqDHmE.exe
  2⤵
  PID:10192
- C:\Windows\System\jNKlkSg.exe
  C:\Windows\System\jNKlkSg.exe
  2⤵
  PID:10212
- C:\Windows\System\mSGnwmy.exe
  C:\Windows\System\mSGnwmy.exe
  2⤵
  PID:9224
- C:\Windows\System\BBOLKJu.exe
  C:\Windows\System\BBOLKJu.exe
  2⤵
  PID:9280
- C:\Windows\System\UYquKBs.exe
  C:\Windows\System\UYquKBs.exe
  2⤵
  PID:2304
- C:\Windows\System\eBcuaSz.exe
  C:\Windows\System\eBcuaSz.exe
  2⤵
  PID:9396
- C:\Windows\System\JBjaTks.exe
  C:\Windows\System\JBjaTks.exe
  2⤵
  PID:9604
- C:\Windows\System\cnNtOUP.exe
  C:\Windows\System\cnNtOUP.exe
  2⤵
  PID:9672
- C:\Windows\System\DiAPuhf.exe
  C:\Windows\System\DiAPuhf.exe
  2⤵
  PID:9740
- C:\Windows\System\bTMwmCq.exe
  C:\Windows\System\bTMwmCq.exe
  2⤵
  PID:9796
- C:\Windows\System\zdGSarf.exe
  C:\Windows\System\zdGSarf.exe
  2⤵
  PID:9860
- C:\Windows\System\TzYjtay.exe
  C:\Windows\System\TzYjtay.exe
  2⤵
  PID:9916
- C:\Windows\System\lSsAQoW.exe
  C:\Windows\System\lSsAQoW.exe
  2⤵
  PID:9600
- C:\Windows\System\RdSzpcV.exe
  C:\Windows\System\RdSzpcV.exe
  2⤵
  PID:9536
- C:\Windows\System\NIPxFKl.exe
  C:\Windows\System\NIPxFKl.exe
  2⤵
  PID:10028
- C:\Windows\System\zekvSnZ.exe
  C:\Windows\System\zekvSnZ.exe
  2⤵
  PID:10092
- C:\Windows\System\uHzdjtZ.exe
  C:\Windows\System\uHzdjtZ.exe
  2⤵
  PID:10152
- C:\Windows\System\WCnlgCI.exe
  C:\Windows\System\WCnlgCI.exe
  2⤵
  PID:10204
- C:\Windows\System\zryvrZS.exe
  C:\Windows\System\zryvrZS.exe
  2⤵
  PID:9340
- C:\Windows\System\cyXdbwK.exe
  C:\Windows\System\cyXdbwK.exe
  2⤵
  PID:9824
- C:\Windows\System\pqsYEhI.exe
  C:\Windows\System\pqsYEhI.exe
  2⤵
  PID:9724
- C:\Windows\System\UnrBPna.exe
  C:\Windows\System\UnrBPna.exe
  2⤵
  PID:2964
- C:\Windows\System\xjjjeHD.exe
  C:\Windows\System\xjjjeHD.exe
  2⤵
  PID:9960
- C:\Windows\System\NgVtVHX.exe
  C:\Windows\System\NgVtVHX.exe
  2⤵
  PID:10008
- C:\Windows\System\gUrgKAk.exe
  C:\Windows\System\gUrgKAk.exe
  2⤵
  PID:10148
- C:\Windows\System\VVZFrVk.exe
  C:\Windows\System\VVZFrVk.exe
  2⤵
  PID:9516
- C:\Windows\System\exSsyUC.exe
  C:\Windows\System\exSsyUC.exe
  2⤵
  PID:3956
- C:\Windows\System\upiOYYd.exe
  C:\Windows\System\upiOYYd.exe
  2⤵
  PID:10140
- C:\Windows\System\qnWTiwo.exe
  C:\Windows\System\qnWTiwo.exe
  2⤵
  PID:9700
- C:\Windows\System\vMBJYHO.exe
  C:\Windows\System\vMBJYHO.exe
  2⤵
  PID:5116
- C:\Windows\System\SNFkbyp.exe
  C:\Windows\System\SNFkbyp.exe
  2⤵
  PID:10260
- C:\Windows\System\FXjQiPh.exe
  C:\Windows\System\FXjQiPh.exe
  2⤵
  PID:10288
- C:\Windows\System\BGneXIG.exe
  C:\Windows\System\BGneXIG.exe
  2⤵
  PID:10316
- C:\Windows\System\jBugsrY.exe
  C:\Windows\System\jBugsrY.exe
  2⤵
  PID:10344
- C:\Windows\System\kkvEfxI.exe
  C:\Windows\System\kkvEfxI.exe
  2⤵
  PID:10372
- C:\Windows\System\RWaRNpI.exe
  C:\Windows\System\RWaRNpI.exe
  2⤵
  PID:10408
- C:\Windows\System\NlHZQOM.exe
  C:\Windows\System\NlHZQOM.exe
  2⤵
  PID:10468
- C:\Windows\System\ZcsUUuY.exe
  C:\Windows\System\ZcsUUuY.exe
  2⤵
  PID:10500
- C:\Windows\System\opysjHF.exe
  C:\Windows\System\opysjHF.exe
  2⤵
  PID:10528
- C:\Windows\System\MvBKSOD.exe
  C:\Windows\System\MvBKSOD.exe
  2⤵
  PID:10560
- C:\Windows\System\qHCreVh.exe
  C:\Windows\System\qHCreVh.exe
  2⤵
  PID:10588
- C:\Windows\System\nsMqePQ.exe
  C:\Windows\System\nsMqePQ.exe
  2⤵
  PID:10616
- C:\Windows\System\ovYppYg.exe
  C:\Windows\System\ovYppYg.exe
  2⤵
  PID:10644
- C:\Windows\System\YvHefVq.exe
  C:\Windows\System\YvHefVq.exe
  2⤵
  PID:10672
- C:\Windows\System\zevgMsd.exe
  C:\Windows\System\zevgMsd.exe
  2⤵
  PID:10700
- C:\Windows\System\YVdbCMd.exe
  C:\Windows\System\YVdbCMd.exe
  2⤵
  PID:10728
- C:\Windows\System\CfNgWdd.exe
  C:\Windows\System\CfNgWdd.exe
  2⤵
  PID:10756
- C:\Windows\System\idPzyYU.exe
  C:\Windows\System\idPzyYU.exe
  2⤵
  PID:10784
- C:\Windows\System\rlNpHPv.exe
  C:\Windows\System\rlNpHPv.exe
  2⤵
  PID:10812
- C:\Windows\System\KLafcUq.exe
  C:\Windows\System\KLafcUq.exe
  2⤵
  PID:10840
- C:\Windows\System\TsCSDCY.exe
  C:\Windows\System\TsCSDCY.exe
  2⤵
  PID:10868
- C:\Windows\System\zWZdepg.exe
  C:\Windows\System\zWZdepg.exe
  2⤵
  PID:10912
- C:\Windows\System\LladAXH.exe
  C:\Windows\System\LladAXH.exe
  2⤵
  PID:10944
- C:\Windows\System\PBhOSmT.exe
  C:\Windows\System\PBhOSmT.exe
  2⤵
  PID:10992
- C:\Windows\System\hiCYLse.exe
  C:\Windows\System\hiCYLse.exe
  2⤵
  PID:11028
- C:\Windows\System\QGnlIOw.exe
  C:\Windows\System\QGnlIOw.exe
  2⤵
  PID:11092
- C:\Windows\System\dbyFJKx.exe
  C:\Windows\System\dbyFJKx.exe
  2⤵
  PID:11136
- C:\Windows\System\ncTSUAC.exe
  C:\Windows\System\ncTSUAC.exe
  2⤵
  PID:11168
- C:\Windows\System\TbhVpPX.exe
  C:\Windows\System\TbhVpPX.exe
  2⤵
  PID:11196
- C:\Windows\System\jSkWkoq.exe
  C:\Windows\System\jSkWkoq.exe
  2⤵
  PID:11228
- C:\Windows\System\jMLMMNE.exe
  C:\Windows\System\jMLMMNE.exe
  2⤵
  PID:11252
- C:\Windows\System\CKHOZkS.exe
  C:\Windows\System\CKHOZkS.exe
  2⤵
  PID:10284
- C:\Windows\System\cNIdhko.exe
  C:\Windows\System\cNIdhko.exe
  2⤵
  PID:10340
- C:\Windows\System\LKIYJeJ.exe
  C:\Windows\System\LKIYJeJ.exe
  2⤵
  PID:10432
- C:\Windows\System\sMZpvpG.exe
  C:\Windows\System\sMZpvpG.exe
  2⤵
  PID:10540
- C:\Windows\System\nVZWAfQ.exe
  C:\Windows\System\nVZWAfQ.exe
  2⤵
  PID:10612
- C:\Windows\System\nAICCOF.exe
  C:\Windows\System\nAICCOF.exe
  2⤵
  PID:10664
- C:\Windows\System\ecvSnWE.exe
  C:\Windows\System\ecvSnWE.exe
  2⤵
  PID:10748
- C:\Windows\System\CPIvzzF.exe
  C:\Windows\System\CPIvzzF.exe
  2⤵
  PID:10836
- C:\Windows\System\mqJIISO.exe
  C:\Windows\System\mqJIISO.exe
  2⤵
  PID:10880
- C:\Windows\System\xjbaVHn.exe
  C:\Windows\System\xjbaVHn.exe
  2⤵
  PID:10548
- C:\Windows\System\JKKIpoM.exe
  C:\Windows\System\JKKIpoM.exe
  2⤵
  PID:11020
- C:\Windows\System\NANMkyJ.exe
  C:\Windows\System\NANMkyJ.exe
  2⤵
  PID:11152
- C:\Windows\System\MLYHHhK.exe
  C:\Windows\System\MLYHHhK.exe
  2⤵
  PID:1956
- C:\Windows\System\rkKLCLy.exe
  C:\Windows\System\rkKLCLy.exe
  2⤵
  PID:11220
- C:\Windows\System\htqmWeK.exe
  C:\Windows\System\htqmWeK.exe
  2⤵
  PID:10312
- C:\Windows\System\JvemMTU.exe
  C:\Windows\System\JvemMTU.exe
  2⤵
  PID:10524
- C:\Windows\System\FaWzJny.exe
  C:\Windows\System\FaWzJny.exe
  2⤵
  PID:3820
- C:\Windows\System\SSVUHFo.exe
  C:\Windows\System\SSVUHFo.exe
  2⤵
  PID:10808
- C:\Windows\System\XWeickl.exe
  C:\Windows\System\XWeickl.exe
  2⤵
  PID:10940
- C:\Windows\System\LqHdMjo.exe
  C:\Windows\System\LqHdMjo.exe
  2⤵
  PID:11164
- C:\Windows\System\DfmZmGx.exe
  C:\Windows\System\DfmZmGx.exe
  2⤵
  PID:11216
- C:\Windows\System\yuwMyPp.exe
  C:\Windows\System\yuwMyPp.exe
  2⤵
  PID:10584
- C:\Windows\System\GgZZAfg.exe
  C:\Windows\System\GgZZAfg.exe
  2⤵
  PID:1412
- C:\Windows\System\rqiQamc.exe
  C:\Windows\System\rqiQamc.exe
  2⤵
  PID:4672
- C:\Windows\System\yUqXxyf.exe
  C:\Windows\System\yUqXxyf.exe
  2⤵
  PID:10804
- C:\Windows\System\QgpMnsV.exe
  C:\Windows\System\QgpMnsV.exe
  2⤵
  PID:10768
- C:\Windows\System\DdxDJEo.exe
  C:\Windows\System\DdxDJEo.exe
  2⤵
  PID:2328
- C:\Windows\System\isrfxHu.exe
  C:\Windows\System\isrfxHu.exe
  2⤵
  PID:11284
- C:\Windows\System\nPudBFu.exe
  C:\Windows\System\nPudBFu.exe
  2⤵
  PID:11312
- C:\Windows\System\gunLNGT.exe
  C:\Windows\System\gunLNGT.exe
  2⤵
  PID:11336
- C:\Windows\System\PkjRWHR.exe
  C:\Windows\System\PkjRWHR.exe
  2⤵
  PID:11368
- C:\Windows\System\CUeGluK.exe
  C:\Windows\System\CUeGluK.exe
  2⤵
  PID:11400
- C:\Windows\System\uKwhjzq.exe
  C:\Windows\System\uKwhjzq.exe
  2⤵
  PID:11428
- C:\Windows\System\femNBzw.exe
  C:\Windows\System\femNBzw.exe
  2⤵
  PID:11456
- C:\Windows\System\ZIoBdeJ.exe
  C:\Windows\System\ZIoBdeJ.exe
  2⤵
  PID:11484
- C:\Windows\System\enJWpeI.exe
  C:\Windows\System\enJWpeI.exe
  2⤵
  PID:11512
- C:\Windows\System\TeHapVk.exe
  C:\Windows\System\TeHapVk.exe
  2⤵
  PID:11556
- C:\Windows\System\rAwtSQG.exe
  C:\Windows\System\rAwtSQG.exe
  2⤵
  PID:11572
- C:\Windows\System\RhBYKPI.exe
  C:\Windows\System\RhBYKPI.exe
  2⤵
  PID:11600
- C:\Windows\System\JzRhExq.exe
  C:\Windows\System\JzRhExq.exe
  2⤵
  PID:11628
- C:\Windows\System\UAObjDp.exe
  C:\Windows\System\UAObjDp.exe
  2⤵
  PID:11664
- C:\Windows\System\UfYlpcX.exe
  C:\Windows\System\UfYlpcX.exe
  2⤵
  PID:11712
- C:\Windows\System\EjAuacL.exe
  C:\Windows\System\EjAuacL.exe
  2⤵
  PID:11764
- C:\Windows\System\uAwocTl.exe
  C:\Windows\System\uAwocTl.exe
  2⤵
  PID:11804
- C:\Windows\System\FqVERuG.exe
  C:\Windows\System\FqVERuG.exe
  2⤵
  PID:11832
- C:\Windows\System\rVRKNIh.exe
  C:\Windows\System\rVRKNIh.exe
  2⤵
  PID:11864
- C:\Windows\System\TmFTOTG.exe
  C:\Windows\System\TmFTOTG.exe
  2⤵
  PID:11896
- C:\Windows\System\cQzTdJX.exe
  C:\Windows\System\cQzTdJX.exe
  2⤵
  PID:11924
- C:\Windows\System\UPBxSiW.exe
  C:\Windows\System\UPBxSiW.exe
  2⤵
  PID:11952
- C:\Windows\System\FPLJLqy.exe
  C:\Windows\System\FPLJLqy.exe
  2⤵
  PID:11980
- C:\Windows\System\EQhJUUm.exe
  C:\Windows\System\EQhJUUm.exe
  2⤵
  PID:12024
- C:\Windows\System\NeZPjYm.exe
  C:\Windows\System\NeZPjYm.exe
  2⤵
  PID:12044
- C:\Windows\System\vFvYiGG.exe
  C:\Windows\System\vFvYiGG.exe
  2⤵
  PID:12072
- C:\Windows\System\bQEpUrI.exe
  C:\Windows\System\bQEpUrI.exe
  2⤵
  PID:12100
- C:\Windows\System\AsIFncI.exe
  C:\Windows\System\AsIFncI.exe
  2⤵
  PID:12132
- C:\Windows\System\rXHwkkx.exe
  C:\Windows\System\rXHwkkx.exe
  2⤵
  PID:12164
- C:\Windows\System\xytsouG.exe
  C:\Windows\System\xytsouG.exe
  2⤵
  PID:12192
- C:\Windows\System\YQDnsLD.exe
  C:\Windows\System\YQDnsLD.exe
  2⤵
  PID:12220
- C:\Windows\System\RUWIdUM.exe
  C:\Windows\System\RUWIdUM.exe
  2⤵
  PID:12248
- C:\Windows\System\XPkIMxJ.exe
  C:\Windows\System\XPkIMxJ.exe
  2⤵
  PID:12276
- C:\Windows\System\PccFGAd.exe
  C:\Windows\System\PccFGAd.exe
  2⤵
  PID:11308
- C:\Windows\System\FSENMeC.exe
  C:\Windows\System\FSENMeC.exe
  2⤵
  PID:11360
- C:\Windows\System\uHbfnWl.exe
  C:\Windows\System\uHbfnWl.exe
  2⤵
  PID:9428
- C:\Windows\System\mRyVMTB.exe
  C:\Windows\System\mRyVMTB.exe
  2⤵
  PID:10404
- C:\Windows\System\yClMuOi.exe
  C:\Windows\System\yClMuOi.exe
  2⤵
  PID:11468
- C:\Windows\System\ixdRmVw.exe
  C:\Windows\System\ixdRmVw.exe
  2⤵
  PID:10780
- C:\Windows\System\ZpmUTxe.exe
  C:\Windows\System\ZpmUTxe.exe
  2⤵
  PID:11532
- C:\Windows\System\yHHHWDs.exe
  C:\Windows\System\yHHHWDs.exe
  2⤵
  PID:11564
- C:\Windows\System\vzcRmGQ.exe
  C:\Windows\System\vzcRmGQ.exe
  2⤵
  PID:11620
- C:\Windows\System\nGERjXM.exe
  C:\Windows\System\nGERjXM.exe
  2⤵
  PID:11704
- C:\Windows\System\yWUBTVu.exe
  C:\Windows\System\yWUBTVu.exe
  2⤵
  PID:1128
- C:\Windows\System\dMfHCSY.exe
  C:\Windows\System\dMfHCSY.exe
  2⤵
  PID:11844
- C:\Windows\System\HmgPPvt.exe
  C:\Windows\System\HmgPPvt.exe
  2⤵
  PID:4400
- C:\Windows\System\pCXAcOw.exe
  C:\Windows\System\pCXAcOw.exe
  2⤵
  PID:11968
- C:\Windows\System\tyzdhgn.exe
  C:\Windows\System\tyzdhgn.exe
  2⤵
  PID:12020
- C:\Windows\System\xZQSGlv.exe
  C:\Windows\System\xZQSGlv.exe
  2⤵
  PID:12064
- C:\Windows\System\ovVxtnq.exe
  C:\Windows\System\ovVxtnq.exe
  2⤵
  PID:12112
- C:\Windows\System\JbwPaEa.exe
  C:\Windows\System\JbwPaEa.exe
  2⤵
  PID:11748
- C:\Windows\System\tqTZQiC.exe
  C:\Windows\System\tqTZQiC.exe
  2⤵
  PID:12160
- C:\Windows\System\aRQCqau.exe
  C:\Windows\System\aRQCqau.exe
  2⤵
  PID:12232
- C:\Windows\System\yiRPrgn.exe
  C:\Windows\System\yiRPrgn.exe
  2⤵
  PID:11280
- C:\Windows\System\OcPNCyu.exe
  C:\Windows\System\OcPNCyu.exe
  2⤵
  PID:9424
- C:\Windows\System\iHErkQQ.exe
  C:\Windows\System\iHErkQQ.exe
  2⤵
  PID:11448
- C:\Windows\System\zZixSyQ.exe
  C:\Windows\System\zZixSyQ.exe
  2⤵
  PID:4624
- C:\Windows\System\YptsxyN.exe
  C:\Windows\System\YptsxyN.exe
  2⤵
  PID:1216
- C:\Windows\System\aXJtNWF.exe
  C:\Windows\System\aXJtNWF.exe
  2⤵
  PID:5144
- C:\Windows\System\yVZxSPL.exe
  C:\Windows\System\yVZxSPL.exe
  2⤵
  PID:11920
- C:\Windows\System\CgLuCzb.exe
  C:\Windows\System\CgLuCzb.exe
  2⤵
  PID:3100
- C:\Windows\System\CZnxnmJ.exe
  C:\Windows\System\CZnxnmJ.exe
  2⤵
  PID:11784
- C:\Windows\System\LHEIStN.exe
  C:\Windows\System\LHEIStN.exe
  2⤵
  PID:12260
- C:\Windows\System\UnDbKXQ.exe
  C:\Windows\System\UnDbKXQ.exe
  2⤵
  PID:11396
- C:\Windows\System\WgjZXjs.exe
  C:\Windows\System\WgjZXjs.exe
  2⤵
  PID:2820
- C:\Windows\System\plhziwr.exe
  C:\Windows\System\plhziwr.exe
  2⤵
  PID:12000
- C:\Windows\System\IlTzjqo.exe
  C:\Windows\System\IlTzjqo.exe
  2⤵
  PID:12212
- C:\Windows\System\DjiwXsY.exe
  C:\Windows\System\DjiwXsY.exe
  2⤵
  PID:11612
- C:\Windows\System\ZlHwCiu.exe
  C:\Windows\System\ZlHwCiu.exe
  2⤵
  PID:11536
- C:\Windows\System\HYyBtzT.exe
  C:\Windows\System\HYyBtzT.exe
  2⤵
  PID:12368
- C:\Windows\System\PBwEtfp.exe
  C:\Windows\System\PBwEtfp.exe
  2⤵
  PID:12452
- C:\Windows\System\lVKYdJj.exe
  C:\Windows\System\lVKYdJj.exe
  2⤵
  PID:12472
- C:\Windows\System\krKuGGS.exe
  C:\Windows\System\krKuGGS.exe
  2⤵
  PID:12516
- C:\Windows\System\usAWrib.exe
  C:\Windows\System\usAWrib.exe
  2⤵
  PID:12560
- C:\Windows\System\bTIugPi.exe
  C:\Windows\System\bTIugPi.exe
  2⤵
  PID:12600
- C:\Windows\System\omHMSqR.exe
  C:\Windows\System\omHMSqR.exe
  2⤵
  PID:12632
- C:\Windows\System\FjwYSuz.exe
  C:\Windows\System\FjwYSuz.exe
  2⤵
  PID:12664
- C:\Windows\System\knbNBMf.exe
  C:\Windows\System\knbNBMf.exe
  2⤵
  PID:12704
- C:\Windows\System\QDHQNIr.exe
  C:\Windows\System\QDHQNIr.exe
  2⤵
  PID:12724
- C:\Windows\System\IgfATRV.exe
  C:\Windows\System\IgfATRV.exe
  2⤵
  PID:12752
- C:\Windows\System\Rxlpeeq.exe
  C:\Windows\System\Rxlpeeq.exe
  2⤵
  PID:12780
- C:\Windows\System\vJahesy.exe
  C:\Windows\System\vJahesy.exe
  2⤵
  PID:12808
- C:\Windows\System\AzgPYlD.exe
  C:\Windows\System\AzgPYlD.exe
  2⤵
  PID:12848
- C:\Windows\System\nkUEaOD.exe
  C:\Windows\System\nkUEaOD.exe
  2⤵
  PID:12864
- C:\Windows\System\kLkEXBg.exe
  C:\Windows\System\kLkEXBg.exe
  2⤵
  PID:12892
- C:\Windows\System\nNrPfBr.exe
  C:\Windows\System\nNrPfBr.exe
  2⤵
  PID:12920
- C:\Windows\System\vkxNJnw.exe
  C:\Windows\System\vkxNJnw.exe
  2⤵
  PID:12948
- C:\Windows\System\WAMYTju.exe
  C:\Windows\System\WAMYTju.exe
  2⤵
  PID:12976
- C:\Windows\System\ZSSZGei.exe
  C:\Windows\System\ZSSZGei.exe
  2⤵
  PID:13004
- C:\Windows\System\jUJciLF.exe
  C:\Windows\System\jUJciLF.exe
  2⤵
  PID:13032
- C:\Windows\System\wDoENYZ.exe
  C:\Windows\System\wDoENYZ.exe
  2⤵
  PID:13060
- C:\Windows\System\bUtCJFY.exe
  C:\Windows\System\bUtCJFY.exe
  2⤵
  PID:13088
- C:\Windows\System\XbupHIJ.exe
  C:\Windows\System\XbupHIJ.exe
  2⤵
  PID:13116
- C:\Windows\System\bKnSFvu.exe
  C:\Windows\System\bKnSFvu.exe
  2⤵
  PID:13144
- C:\Windows\System\zOQUjhG.exe
  C:\Windows\System\zOQUjhG.exe
  2⤵
  PID:13172
- C:\Windows\System\aqSRshM.exe
  C:\Windows\System\aqSRshM.exe
  2⤵
  PID:13204
- C:\Windows\System\xGAmzdW.exe
  C:\Windows\System\xGAmzdW.exe
  2⤵
  PID:13232
- C:\Windows\System\KWrKRao.exe
  C:\Windows\System\KWrKRao.exe
  2⤵
  PID:13260
- C:\Windows\System\AddRSra.exe
  C:\Windows\System\AddRSra.exe
  2⤵
  PID:13288
- C:\Windows\System\GXiESOq.exe
  C:\Windows\System\GXiESOq.exe
  2⤵
  PID:12304
- C:\Windows\System\xEtjyBs.exe
  C:\Windows\System\xEtjyBs.exe
  2⤵
  PID:12468
- C:\Windows\System\gRCuCNT.exe
  C:\Windows\System\gRCuCNT.exe
  2⤵
  PID:12552
- C:\Windows\System\kKaPRsO.exe
  C:\Windows\System\kKaPRsO.exe
  2⤵
  PID:12624
- C:\Windows\System\nVsiLTW.exe
  C:\Windows\System\nVsiLTW.exe
  2⤵
  PID:5952
- C:\Windows\System\hgrZNln.exe
  C:\Windows\System\hgrZNln.exe
  2⤵
  PID:12744
- C:\Windows\System\iVAaFxx.exe
  C:\Windows\System\iVAaFxx.exe
  2⤵
  PID:6080
- C:\Windows\System\LLjsDZU.exe
  C:\Windows\System\LLjsDZU.exe
  2⤵
  PID:12320
- C:\Windows\System\rvTZMBN.exe
  C:\Windows\System\rvTZMBN.exe
  2⤵
  PID:12324
- C:\Windows\System\CGucDjm.exe
  C:\Windows\System\CGucDjm.exe
  2⤵
  PID:12888
- C:\Windows\System\OdaqhxN.exe
  C:\Windows\System\OdaqhxN.exe
  2⤵
  PID:12960
- C:\Windows\System\RioooEs.exe
  C:\Windows\System\RioooEs.exe
  2⤵
  PID:13024
- C:\Windows\System\cYBIXbR.exe
  C:\Windows\System\cYBIXbR.exe
  2⤵
  PID:13084
- C:\Windows\System\qMiXPUS.exe
  C:\Windows\System\qMiXPUS.exe
  2⤵
  PID:13140
- C:\Windows\System\vhjRgdI.exe
  C:\Windows\System\vhjRgdI.exe
  2⤵
  PID:13216
- C:\Windows\System\cMJolZa.exe
  C:\Windows\System\cMJolZa.exe
  2⤵
  PID:13280
- C:\Windows\System\iNiJgQo.exe
  C:\Windows\System\iNiJgQo.exe
  2⤵
  PID:12448
- C:\Windows\System\apLwdUe.exe
  C:\Windows\System\apLwdUe.exe
  2⤵
  PID:12656
- C:\Windows\System\NdyPOFx.exe
  C:\Windows\System\NdyPOFx.exe
  2⤵
  PID:12720
- C:\Windows\System\yImHnme.exe
  C:\Windows\System\yImHnme.exe
  2⤵
  PID:12824
- C:\Windows\System\qZrSOzN.exe
  C:\Windows\System\qZrSOzN.exe
  2⤵
  PID:12988
- C:\Windows\System\TuvxfHc.exe
  C:\Windows\System\TuvxfHc.exe
  2⤵
  PID:13244
- C:\Windows\System\QhxgVgf.exe
  C:\Windows\System\QhxgVgf.exe
  2⤵
  PID:5880
- C:\Windows\System\xINWwWO.exe
  C:\Windows\System\xINWwWO.exe
  2⤵
  PID:12876
- C:\Windows\System\vdkyDgq.exe
  C:\Windows\System\vdkyDgq.exe
  2⤵
  PID:5328
- C:\Windows\System\bmGmLLJ.exe
  C:\Windows\System\bmGmLLJ.exe
  2⤵
  PID:6012
- C:\Windows\System\AwOvkvL.exe
  C:\Windows\System\AwOvkvL.exe
  2⤵
  PID:13192
- C:\Windows\System\CufiSkL.exe
  C:\Windows\System\CufiSkL.exe
  2⤵
  PID:9456
- C:\Windows\System\sZReKSn.exe
  C:\Windows\System\sZReKSn.exe
  2⤵
  PID:5180
- C:\Windows\System\MvUnugP.exe
  C:\Windows\System\MvUnugP.exe
  2⤵
  PID:1608
- C:\Windows\System\jRPHsKX.exe
  C:\Windows\System\jRPHsKX.exe
  2⤵
  PID:2332
- C:\Windows\System\yvOHNsX.exe
  C:\Windows\System\yvOHNsX.exe
  2⤵
  PID:13320
- C:\Windows\System\gUcfoKB.exe
  C:\Windows\System\gUcfoKB.exe
  2⤵
  PID:13356
- C:\Windows\System\owQDRiY.exe
  C:\Windows\System\owQDRiY.exe
  2⤵
  PID:13384
- C:\Windows\System\lFmpYNQ.exe
  C:\Windows\System\lFmpYNQ.exe
  2⤵
  PID:13416
- C:\Windows\System\nxKeWeV.exe
  C:\Windows\System\nxKeWeV.exe
  2⤵
  PID:13444
- C:\Windows\System\AYAanHE.exe
  C:\Windows\System\AYAanHE.exe
  2⤵
  PID:13472
- C:\Windows\System\Eaeezve.exe
  C:\Windows\System\Eaeezve.exe
  2⤵
  PID:13504
- C:\Windows\System\OyiMnDU.exe
  C:\Windows\System\OyiMnDU.exe
  2⤵
  PID:13532
- C:\Windows\System\QxKnHDK.exe
  C:\Windows\System\QxKnHDK.exe
  2⤵
  PID:13560
- C:\Windows\System\MDjfnmq.exe
  C:\Windows\System\MDjfnmq.exe
  2⤵
  PID:13588
- C:\Windows\System\dLIMWHK.exe
  C:\Windows\System\dLIMWHK.exe
  2⤵
  PID:13616
- C:\Windows\System\mqegXnZ.exe
  C:\Windows\System\mqegXnZ.exe
  2⤵
  PID:13648
- C:\Windows\System\gwWdOcT.exe
  C:\Windows\System\gwWdOcT.exe
  2⤵
  PID:13664
- C:\Windows\System\zCTMFhK.exe
  C:\Windows\System\zCTMFhK.exe
  2⤵
  PID:13700
- C:\Windows\System\pkQvnWP.exe
  C:\Windows\System\pkQvnWP.exe
  2⤵
  PID:13744
- C:\Windows\System\ByoIodG.exe
  C:\Windows\System\ByoIodG.exe
  2⤵
  PID:13776
- C:\Windows\System\eMrjPUV.exe
  C:\Windows\System\eMrjPUV.exe
  2⤵
  PID:13816
- C:\Windows\System\yNjiYDR.exe
  C:\Windows\System\yNjiYDR.exe
  2⤵
  PID:13848
- C:\Windows\System\orujjVT.exe
  C:\Windows\System\orujjVT.exe
  2⤵
  PID:13888
- C:\Windows\System\fxwZbNR.exe
  C:\Windows\System\fxwZbNR.exe
  2⤵
  PID:13920
- C:\Windows\System\wmQLBDK.exe
  C:\Windows\System\wmQLBDK.exe
  2⤵
  PID:13952
- C:\Windows\System\DhXebKB.exe
  C:\Windows\System\DhXebKB.exe
  2⤵
  PID:13988
- C:\Windows\System\KpPXFZa.exe
  C:\Windows\System\KpPXFZa.exe
  2⤵
  PID:14004
- C:\Windows\System\LIXlDnn.exe
  C:\Windows\System\LIXlDnn.exe
  2⤵
  PID:14060
- C:\Windows\System\XWnDZXu.exe
  C:\Windows\System\XWnDZXu.exe
  2⤵
  PID:14112
- C:\Windows\System\zjZORLq.exe
  C:\Windows\System\zjZORLq.exe
  2⤵
  PID:14128
- C:\Windows\System\GEUkHww.exe
  C:\Windows\System\GEUkHww.exe
  2⤵
  PID:14156
- C:\Windows\System\IdAvOEj.exe
  C:\Windows\System\IdAvOEj.exe
  2⤵
  PID:14184
- C:\Windows\System\tuVnMCQ.exe
  C:\Windows\System\tuVnMCQ.exe
  2⤵
  PID:14212
- C:\Windows\System\uRfREZa.exe
  C:\Windows\System\uRfREZa.exe
  2⤵
  PID:14240
- C:\Windows\System\yBbxJCH.exe
  C:\Windows\System\yBbxJCH.exe
  2⤵
  PID:14268
- C:\Windows\System\mwGFiMd.exe
  C:\Windows\System\mwGFiMd.exe
  2⤵
  PID:14296
- C:\Windows\System\QjJFQlS.exe
  C:\Windows\System\QjJFQlS.exe
  2⤵
  PID:12548
- C:\Windows\System\kyDVRqi.exe
  C:\Windows\System\kyDVRqi.exe
  2⤵
  PID:12772
- C:\Windows\System\wrsARfG.exe
  C:\Windows\System\wrsARfG.exe
  2⤵
  PID:13368
- C:\Windows\System\bzCEmiN.exe
  C:\Windows\System\bzCEmiN.exe
  2⤵
  PID:13428
- C:\Windows\System\CxZEdXr.exe
  C:\Windows\System\CxZEdXr.exe
  2⤵
  PID:4048
- C:\Windows\System\gyzDosJ.exe
  C:\Windows\System\gyzDosJ.exe
  2⤵
  PID:13552
- C:\Windows\System\ylaPQkv.exe
  C:\Windows\System\ylaPQkv.exe
  2⤵
  PID:13600
- C:\Windows\System\JMUdqPK.exe
  C:\Windows\System\JMUdqPK.exe
  2⤵
  PID:13656
- C:\Windows\System\eXovzEw.exe
  C:\Windows\System\eXovzEw.exe
  2⤵
  PID:13712
- C:\Windows\System\eHIgfyc.exe
  C:\Windows\System\eHIgfyc.exe
  2⤵
  PID:13772
- C:\Windows\System\AmCISLC.exe
  C:\Windows\System\AmCISLC.exe
  2⤵
  PID:4628
- C:\Windows\System\raDRzYC.exe
  C:\Windows\System\raDRzYC.exe
  2⤵
  PID:1420
- C:\Windows\System\NvqfCRP.exe
  C:\Windows\System\NvqfCRP.exe
  2⤵
  PID:3868
- C:\Windows\System\wXzheZW.exe
  C:\Windows\System\wXzheZW.exe
  2⤵
  PID:13928
- C:\Windows\System\VzPYwdJ.exe
  C:\Windows\System\VzPYwdJ.exe
  2⤵
  PID:4040
- C:\Windows\System\vkNGuxI.exe
  C:\Windows\System\vkNGuxI.exe
  2⤵
  PID:14020
- C:\Windows\System\RttBMMe.exe
  C:\Windows\System\RttBMMe.exe
  2⤵
  PID:4068
- C:\Windows\System\qcPUNji.exe
  C:\Windows\System\qcPUNji.exe
  2⤵
  PID:4996
- C:\Windows\System\ZJbkKhU.exe
  C:\Windows\System\ZJbkKhU.exe
  2⤵
  PID:14096
- C:\Windows\System\SDmrfoQ.exe
  C:\Windows\System\SDmrfoQ.exe
  2⤵
  PID:4664
- C:\Windows\System\yYBUWew.exe
  C:\Windows\System\yYBUWew.exe
  2⤵
  PID:4724
- C:\Windows\System\JJHzSRt.exe
  C:\Windows\System\JJHzSRt.exe
  2⤵
  PID:4980
- C:\Windows\System\ljuifoV.exe
  C:\Windows\System\ljuifoV.exe
  2⤵
  PID:4516
- C:\Windows\System\IVGjEyp.exe
  C:\Windows\System\IVGjEyp.exe
  2⤵
  PID:208
- C:\Windows\System\hQzfOzM.exe
  C:\Windows\System\hQzfOzM.exe
  2⤵
  PID:14208
- C:\Windows\System\LcVDsqJ.exe
  C:\Windows\System\LcVDsqJ.exe
  2⤵
  PID:14252
- C:\Windows\System\paFMmmp.exe
  C:\Windows\System\paFMmmp.exe
  2⤵
  PID:14292
- C:\Windows\System\LroQIaK.exe
  C:\Windows\System\LroQIaK.exe
  2⤵
  PID:4696
- C:\Windows\System\wzzOPbh.exe
  C:\Windows\System\wzzOPbh.exe
  2⤵
  PID:13800
- C:\Windows\System\ARHWmoI.exe
  C:\Windows\System\ARHWmoI.exe
  2⤵
  PID:4720
- C:\Windows\System\vQtGYyz.exe
  C:\Windows\System\vQtGYyz.exe
  2⤵
  PID:4428
- C:\Windows\System\UanBkIB.exe
  C:\Windows\System\UanBkIB.exe
  2⤵
  PID:1636
- C:\Windows\System\CUjvHmV.exe
  C:\Windows\System\CUjvHmV.exe
  2⤵
  PID:9440
- C:\Windows\System\qJAPIOm.exe
  C:\Windows\System\qJAPIOm.exe
  2⤵
  PID:2336
- C:\Windows\System\qECdVkG.exe
  C:\Windows\System\qECdVkG.exe
  2⤵
  PID:14032
- C:\Windows\System\yRBBeUS.exe
  C:\Windows\System\yRBBeUS.exe
  2⤵
  PID:13840
- C:\Windows\System\uWgdpwX.exe
  C:\Windows\System\uWgdpwX.exe
  2⤵
  PID:4544
- C:\Windows\System\vInxjMs.exe
  C:\Windows\System\vInxjMs.exe
  2⤵
  PID:13672
- C:\Windows\System\Oxsjkpi.exe
  C:\Windows\System\Oxsjkpi.exe
  2⤵
  PID:4020
- C:\Windows\System\hmRhBWA.exe
  C:\Windows\System\hmRhBWA.exe
  2⤵
  PID:14068
- C:\Windows\System\YnXgldO.exe
  C:\Windows\System\YnXgldO.exe
  2⤵
  PID:1972
- C:\Windows\System\trmjiok.exe
  C:\Windows\System\trmjiok.exe
  2⤵
  PID:3424
- C:\Windows\System\odojXPQ.exe
  C:\Windows\System\odojXPQ.exe
  2⤵
  PID:1076
- C:\Windows\System\mzwTBLM.exe
  C:\Windows\System\mzwTBLM.exe
  2⤵
  PID:4252
- C:\Windows\System\XBalZWt.exe
  C:\Windows\System\XBalZWt.exe
  2⤵
  PID:3484
- C:\Windows\System\mZkGaJq.exe
  C:\Windows\System\mZkGaJq.exe
  2⤵
  PID:3376
- C:\Windows\System\SLWowPR.exe
  C:\Windows\System\SLWowPR.exe
  2⤵
  PID:6412
- C:\Windows\System\uTzgMZQ.exe
  C:\Windows\System\uTzgMZQ.exe
  2⤵
  PID:372
- C:\Windows\System\KFPsGDA.exe
  C:\Windows\System\KFPsGDA.exe
  2⤵
  PID:6500
- C:\Windows\System\mKMTzgj.exe
  C:\Windows\System\mKMTzgj.exe
  2⤵
  PID:13468
- C:\Windows\System\LIQERvV.exe
  C:\Windows\System\LIQERvV.exe
  2⤵
  PID:13524
- C:\Windows\System\wpzobqg.exe
  C:\Windows\System\wpzobqg.exe
  2⤵
  PID:9444
- C:\Windows\System\WeUvuiq.exe
  C:\Windows\System\WeUvuiq.exe
  2⤵
  PID:6632
- C:\Windows\System\ADbqmQO.exe
  C:\Windows\System\ADbqmQO.exe
  2⤵
  PID:13696
- C:\Windows\System\pTWRnZX.exe
  C:\Windows\System\pTWRnZX.exe
  2⤵
  PID:4136
- C:\Windows\System\TVmhuCg.exe
  C:\Windows\System\TVmhuCg.exe
  2⤵
  PID:5140
- C:\Windows\System\gPkOhro.exe
  C:\Windows\System\gPkOhro.exe
  2⤵
  PID:13404
- C:\Windows\System\lyYryWY.exe
  C:\Windows\System\lyYryWY.exe
  2⤵
  PID:5184
- C:\Windows\System\CmkCcqJ.exe
  C:\Windows\System\CmkCcqJ.exe
  2⤵
  PID:13676
- C:\Windows\System\evUtysE.exe
  C:\Windows\System\evUtysE.exe
  2⤵
  PID:6876
- C:\Windows\System\vrXsGft.exe
  C:\Windows\System\vrXsGft.exe
  2⤵
  PID:5284
- C:\Windows\System\aeLSGhK.exe
  C:\Windows\System\aeLSGhK.exe
  2⤵
  PID:5296
- C:\Windows\System\sqdnqVh.exe
  C:\Windows\System\sqdnqVh.exe
  2⤵
  PID:6976
- C:\Windows\System\FwKzIpg.exe
  C:\Windows\System\FwKzIpg.exe
  2⤵
  PID:7008
- C:\Windows\System\msLtyvD.exe
  C:\Windows\System\msLtyvD.exe
  2⤵
  PID:14196
- C:\Windows\System\PRzDjUc.exe
  C:\Windows\System\PRzDjUc.exe
  2⤵
  PID:14280
- C:\Windows\System\nLUPfjH.exe
  C:\Windows\System\nLUPfjH.exe
  2⤵
  PID:6416
- C:\Windows\System\oxofyrD.exe
  C:\Windows\System\oxofyrD.exe
  2⤵
  PID:4756
- C:\Windows\System\PooWbFH.exe
  C:\Windows\System\PooWbFH.exe
  2⤵
  PID:4340
- C:\Windows\System\JJWFahe.exe
  C:\Windows\System\JJWFahe.exe
  2⤵
  PID:5492
- C:\Windows\System\ZtApCEL.exe
  C:\Windows\System\ZtApCEL.exe
  2⤵
  PID:5520
- C:\Windows\System\UhpPssZ.exe
  C:\Windows\System\UhpPssZ.exe
  2⤵
  PID:5548
- C:\Windows\System\mGRSnEd.exe
  C:\Windows\System\mGRSnEd.exe
  2⤵
  PID:4448
- C:\Windows\System\WHBATwx.exe
  C:\Windows\System\WHBATwx.exe
  2⤵
  PID:13492
- C:\Windows\System\BWXyiGq.exe
  C:\Windows\System\BWXyiGq.exe
  2⤵
  PID:13876
- C:\Windows\System\mEyMIEY.exe
  C:\Windows\System\mEyMIEY.exe
  2⤵
  PID:6704
- C:\Windows\System\sOkHKFM.exe
  C:\Windows\System\sOkHKFM.exe
  2⤵
  PID:3032
- C:\Windows\System\fKOkLeJ.exe
  C:\Windows\System\fKOkLeJ.exe
  2⤵
  PID:2192
- C:\Windows\System\RlGqxPl.exe
  C:\Windows\System\RlGqxPl.exe
  2⤵
  PID:2208
- C:\Windows\System\GgkSUxP.exe
  C:\Windows\System\GgkSUxP.exe
  2⤵
  PID:6828
- C:\Windows\System\wMjGmAX.exe
  C:\Windows\System\wMjGmAX.exe
  2⤵
  PID:14028
- C:\Windows\System\OecHJng.exe
  C:\Windows\System\OecHJng.exe
  2⤵
  PID:6908
- C:\Windows\System\NLrvRJO.exe
  C:\Windows\System\NLrvRJO.exe
  2⤵
  PID:6452
- C:\Windows\System\JURjVgv.exe
  C:\Windows\System\JURjVgv.exe
  2⤵
  PID:5896
- C:\Windows\System\JiZTiRK.exe
  C:\Windows\System\JiZTiRK.exe
  2⤵
  PID:2280
- C:\Windows\System\nmAGvas.exe
  C:\Windows\System\nmAGvas.exe
  2⤵
  PID:6552
- C:\Windows\System\tWhGwHO.exe
  C:\Windows\System\tWhGwHO.exe
  2⤵
  PID:5408
- C:\Windows\System\YzvUAPo.exe
  C:\Windows\System\YzvUAPo.exe
  2⤵
  PID:7144
- C:\Windows\System\ezYRLGS.exe
  C:\Windows\System\ezYRLGS.exe
  2⤵
  PID:6052
- C:\Windows\System\LKlHEFu.exe
  C:\Windows\System\LKlHEFu.exe
  2⤵
  PID:6728
- C:\Windows\System\uWhpuwM.exe
  C:\Windows\System\uWhpuwM.exe
  2⤵
  PID:1960
- C:\Windows\System\sxxXoSl.exe
  C:\Windows\System\sxxXoSl.exe
  2⤵
  PID:4532
- C:\Windows\System\OAzAuZp.exe
  C:\Windows\System\OAzAuZp.exe
  2⤵
  PID:5632
- C:\Windows\System\AaHpVUE.exe
  C:\Windows\System\AaHpVUE.exe
  2⤵
  PID:6960
- C:\Windows\System\UhXBFVb.exe
  C:\Windows\System\UhXBFVb.exe
  2⤵
  PID:3568
- C:\Windows\System\lNLOVEO.exe
  C:\Windows\System\lNLOVEO.exe
  2⤵
  PID:7112
- C:\Windows\System\zFDDYZd.exe
  C:\Windows\System\zFDDYZd.exe
  2⤵
  PID:6764
- C:\Windows\System\bRbelWo.exe
  C:\Windows\System\bRbelWo.exe
  2⤵
  PID:3984
- C:\Windows\System\JZAFvuu.exe
  C:\Windows\System\JZAFvuu.exe
  2⤵
  PID:1472
- C:\Windows\System\jgKlLsw.exe
  C:\Windows\System\jgKlLsw.exe
  2⤵
  PID:2740
- C:\Windows\System\tYwLCKg.exe
  C:\Windows\System\tYwLCKg.exe
  2⤵
  PID:4860
- C:\Windows\System\ZRjXNIy.exe
  C:\Windows\System\ZRjXNIy.exe
  2⤵
  PID:5420
- C:\Windows\System\lWlXkYC.exe
  C:\Windows\System\lWlXkYC.exe
  2⤵
  PID:6308
- C:\Windows\System\vzwzIpO.exe
  C:\Windows\System\vzwzIpO.exe
  2⤵
  PID:6700
- C:\Windows\System\JUuBmAT.exe
  C:\Windows\System\JUuBmAT.exe
  2⤵
  PID:14232
- C:\Windows\System\AWsDFva.exe
  C:\Windows\System\AWsDFva.exe
  2⤵
  PID:5948
- C:\Windows\System\DcpQSCE.exe
  C:\Windows\System\DcpQSCE.exe
  2⤵
  PID:6344
- C:\Windows\System\XAAiSoU.exe
  C:\Windows\System\XAAiSoU.exe
  2⤵
  PID:5784
- C:\Windows\System\WYjWGAN.exe
  C:\Windows\System\WYjWGAN.exe
  2⤵
  PID:1432
- C:\Windows\System\Rmyqwsh.exe
  C:\Windows\System\Rmyqwsh.exe
  2⤵
  PID:5516
- C:\Windows\System\aMvOwVL.exe
  C:\Windows\System\aMvOwVL.exe
  2⤵
  PID:6788
- C:\Windows\System\GVGfmtc.exe
  C:\Windows\System\GVGfmtc.exe
  2⤵
  PID:6040
- C:\Windows\System\rYvBgYg.exe
  C:\Windows\System\rYvBgYg.exe
  2⤵
  PID:6104
- C:\Windows\System\DWTxFji.exe
  C:\Windows\System\DWTxFji.exe
  2⤵
  PID:2980
- C:\Windows\System\qeWUoNy.exe
  C:\Windows\System\qeWUoNy.exe
  2⤵
  PID:1796
- C:\Windows\System\XIteyZI.exe
  C:\Windows\System\XIteyZI.exe
  2⤵
  PID:1532
- C:\Windows\System\budhJts.exe
  C:\Windows\System\budhJts.exe
  2⤵
  PID:5388
- C:\Windows\System\YucZGhK.exe
  C:\Windows\System\YucZGhK.exe
  2⤵
  PID:5716
- C:\Windows\System\ekDwRyF.exe
  C:\Windows\System\ekDwRyF.exe
  2⤵
  PID:1604
- C:\Windows\System\WDyDXJX.exe
  C:\Windows\System\WDyDXJX.exe
  2⤵
  PID:7192
- C:\Windows\System\OvwiNkG.exe
  C:\Windows\System\OvwiNkG.exe
  2⤵
  PID:5852
- C:\Windows\System\lgRMGND.exe
  C:\Windows\System\lgRMGND.exe
  2⤵
  PID:5912
- C:\Windows\System\AZclsoZ.exe
  C:\Windows\System\AZclsoZ.exe
  2⤵
  PID:3412
- C:\Windows\System\GFiwCIK.exe
  C:\Windows\System\GFiwCIK.exe
  2⤵
  PID:5020
- C:\Windows\System\pSujvys.exe
  C:\Windows\System\pSujvys.exe
  2⤵
  PID:7364
- C:\Windows\System\yLtGJnh.exe
  C:\Windows\System\yLtGJnh.exe
  2⤵
  PID:7428
- C:\Windows\System\UCJGIBI.exe
  C:\Windows\System\UCJGIBI.exe
  2⤵
  PID:6840
- C:\Windows\System\HJuOVti.exe
  C:\Windows\System\HJuOVti.exe
  2⤵
  PID:6992
- C:\Windows\System\CUQlffB.exe
  C:\Windows\System\CUQlffB.exe
  2⤵
  PID:6672
- C:\Windows\System\oqNINfu.exe
  C:\Windows\System\oqNINfu.exe
  2⤵
  PID:7568
- C:\Windows\System\FpJQFiC.exe
  C:\Windows\System\FpJQFiC.exe
  2⤵
  PID:7588
- C:\Windows\System\rNghVaJ.exe
  C:\Windows\System\rNghVaJ.exe
  2⤵
  PID:4684
- C:\Windows\System\stbDCql.exe
  C:\Windows\System\stbDCql.exe
  2⤵
  PID:1052
- C:\Windows\System\tMKCbIa.exe
  C:\Windows\System\tMKCbIa.exe
  2⤵
  PID:4080
- C:\Windows\System\doIIIak.exe
  C:\Windows\System\doIIIak.exe
  2⤵
  PID:7744
- C:\Windows\System\uqzGldj.exe
  C:\Windows\System\uqzGldj.exe
  2⤵
  PID:2064
- C:\Windows\System\wIjNOFK.exe
  C:\Windows\System\wIjNOFK.exe
  2⤵
  PID:7824
- C:\Windows\System\gZUQaDF.exe
  C:\Windows\System\gZUQaDF.exe
  2⤵
  PID:7852
- C:\Windows\System\SrkSnhn.exe
  C:\Windows\System\SrkSnhn.exe
  2⤵
  PID:5840
- C:\Windows\System\eQwjdyu.exe
  C:\Windows\System\eQwjdyu.exe
  2⤵
  PID:7944
- C:\Windows\System\atnGAwA.exe
  C:\Windows\System\atnGAwA.exe
  2⤵
  PID:7960
- C:\Windows\System\pPyxeeu.exe
  C:\Windows\System\pPyxeeu.exe
  2⤵
  PID:6264
- C:\Windows\System\vrMUZqO.exe
  C:\Windows\System\vrMUZqO.exe
  2⤵
  PID:5980
- C:\Windows\System\cJoUNIN.exe
  C:\Windows\System\cJoUNIN.exe
  2⤵
  PID:7532
- C:\Windows\System\UzMvQal.exe
  C:\Windows\System\UzMvQal.exe
  2⤵
  PID:6220
- C:\Windows\System\lgTzFYr.exe
  C:\Windows\System\lgTzFYr.exe
  2⤵
  PID:6724
- C:\Windows\System\raYjVAe.exe
  C:\Windows\System\raYjVAe.exe
  2⤵
  PID:7688
- C:\Windows\System\tonkWBP.exe
  C:\Windows\System\tonkWBP.exe
  2⤵
  PID:7252
- C:\Windows\System\IhWRIfe.exe
  C:\Windows\System\IhWRIfe.exe
  2⤵
  PID:5448
- C:\Windows\System\mXtXmnB.exe
  C:\Windows\System\mXtXmnB.exe
  2⤵
  PID:7828
- C:\Windows\System\vpernjs.exe
  C:\Windows\System\vpernjs.exe
  2⤵
  PID:7860
- C:\Windows\System\TixfdXP.exe
  C:\Windows\System\TixfdXP.exe
  2⤵
  PID:5868
- C:\Windows\System\BdTSNWV.exe
  C:\Windows\System\BdTSNWV.exe
  2⤵
  PID:7372
- C:\Windows\System\mXXMYiT.exe
  C:\Windows\System\mXXMYiT.exe
  2⤵
  PID:8060
- C:\Windows\System\CMFXIOm.exe
  C:\Windows\System\CMFXIOm.exe
  2⤵
  PID:7916
- C:\Windows\System\mupNAqu.exe
  C:\Windows\System\mupNAqu.exe
  2⤵
  PID:8064
- C:\Windows\System\EbEQLqr.exe
  C:\Windows\System\EbEQLqr.exe
  2⤵
  PID:6316
- C:\Windows\System\EZvSZIO.exe
  C:\Windows\System\EZvSZIO.exe
  2⤵
  PID:7292
- C:\Windows\System\PRpbqRA.exe
  C:\Windows\System\PRpbqRA.exe
  2⤵
  PID:14088
- C:\Windows\System\VEHksgV.exe
  C:\Windows\System\VEHksgV.exe
  2⤵
  PID:7548
- C:\Windows\System\xlxfFmh.exe
  C:\Windows\System\xlxfFmh.exe
  2⤵
  PID:7956
- C:\Windows\System\UohKALW.exe
  C:\Windows\System\UohKALW.exe
  2⤵
  PID:7884
- C:\Windows\System\KfvbOvc.exe
  C:\Windows\System\KfvbOvc.exe
  2⤵
  PID:7920
- C:\Windows\System\jKGyQVT.exe
  C:\Windows\System\jKGyQVT.exe
  2⤵
  PID:7324
- C:\Windows\System\IvzzwyQ.exe
  C:\Windows\System\IvzzwyQ.exe
  2⤵
  PID:8124
- C:\Windows\System\XnbnAHD.exe
  C:\Windows\System\XnbnAHD.exe
  2⤵
  PID:8220
- C:\Windows\System\ejZgEEj.exe
  C:\Windows\System\ejZgEEj.exe
  2⤵
  PID:8244
- C:\Windows\System\JBoIlTj.exe
  C:\Windows\System\JBoIlTj.exe
  2⤵
  PID:8312
- C:\Windows\System\ToguwEt.exe
  C:\Windows\System\ToguwEt.exe
  2⤵
  PID:7784
- C:\Windows\System\hkwLoeC.exe
  C:\Windows\System\hkwLoeC.exe
  2⤵
  PID:8100
- C:\Windows\System\lMnzSAX.exe
  C:\Windows\System\lMnzSAX.exe
  2⤵
  PID:8184
- C:\Windows\System\CkLqfeY.exe
  C:\Windows\System\CkLqfeY.exe
  2⤵
  PID:7488
- C:\Windows\System\dQoWIFg.exe
  C:\Windows\System\dQoWIFg.exe
  2⤵
  PID:8528
- C:\Windows\System\fLMwPxW.exe
  C:\Windows\System\fLMwPxW.exe
  2⤵
  PID:8180
- C:\Windows\System\DFKYcle.exe
  C:\Windows\System\DFKYcle.exe
  2⤵
  PID:8420
- C:\Windows\System\ztuopzT.exe
  C:\Windows\System\ztuopzT.exe
  2⤵
  PID:8480
- C:\Windows\System\iaBHCmk.exe
  C:\Windows\System\iaBHCmk.exe
  2⤵
  PID:8556
- C:\Windows\System\HYGWGud.exe
  C:\Windows\System\HYGWGud.exe
  2⤵
  PID:8588
- C:\Windows\System\FOyJtmp.exe
  C:\Windows\System\FOyJtmp.exe
  2⤵
  PID:8640
- C:\Windows\System\wOmkZkU.exe
  C:\Windows\System\wOmkZkU.exe
  2⤵
  PID:8732
- C:\Windows\System\QfuKuSW.exe
  C:\Windows\System\QfuKuSW.exe
  2⤵
  PID:8780
- C:\Windows\System\ImmpDRh.exe
  C:\Windows\System\ImmpDRh.exe
  2⤵
  PID:8860
- C:\Windows\System\UNAunED.exe
  C:\Windows\System\UNAunED.exe
  2⤵
  PID:14360
- C:\Windows\System\RHmHZyl.exe
  C:\Windows\System\RHmHZyl.exe
  2⤵
  PID:14388
- C:\Windows\System\irjBsuB.exe
  C:\Windows\System\irjBsuB.exe
  2⤵
  PID:14416
- C:\Windows\System\OZVNifu.exe
  C:\Windows\System\OZVNifu.exe
  2⤵
  PID:14444
- C:\Windows\System\baMHphY.exe
  C:\Windows\System\baMHphY.exe
  2⤵
  PID:14472
- C:\Windows\System\zhuSydE.exe
  C:\Windows\System\zhuSydE.exe
  2⤵
  PID:14504
- C:\Windows\System\zBCksFi.exe
  C:\Windows\System\zBCksFi.exe
  2⤵
  PID:14532
- C:\Windows\System\xKPoqBr.exe
  C:\Windows\System\xKPoqBr.exe
  2⤵
  PID:14560
- C:\Windows\System\tWEdMdn.exe
  C:\Windows\System\tWEdMdn.exe
  2⤵
  PID:14588
- C:\Windows\System\CKXkKoP.exe
  C:\Windows\System\CKXkKoP.exe
  2⤵
  PID:14616
- C:\Windows\System\gvQVokb.exe
  C:\Windows\System\gvQVokb.exe
  2⤵
  PID:14644
- C:\Windows\System\jqqOmTg.exe
  C:\Windows\System\jqqOmTg.exe
  2⤵
  PID:14672
- C:\Windows\System\qsHrCdU.exe
  C:\Windows\System\qsHrCdU.exe
  2⤵
  PID:14700
- C:\Windows\System\LVgkkKR.exe
  C:\Windows\System\LVgkkKR.exe
  2⤵
  PID:14728
- C:\Windows\System\lHwaLOG.exe
  C:\Windows\System\lHwaLOG.exe
  2⤵
  PID:14756
- C:\Windows\System\pxOBxfU.exe
  C:\Windows\System\pxOBxfU.exe
  2⤵
  PID:14784
- C:\Windows\System\GePyulB.exe
  C:\Windows\System\GePyulB.exe
  2⤵
  PID:14812
- C:\Windows\System\ExZcGob.exe
  C:\Windows\System\ExZcGob.exe
  2⤵
  PID:14840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CKiKYSi.exe

Filesize
6.0MB

MD5
89ce90e94b54094dcfef464067c2621a

SHA1
adb86a674ada1dcec46d0d0e87e2f685ed8db3ff

SHA256
3446b2a7392f4099545f57e9ce273be0ad49e6ff6d867e7dd23a03d19c0d977e

SHA512
b2bd6f46d98c331da26ead81daf73a50513bdd5193945392b59eda70120d02d645ffe29c4c8a6c3043a805b29e018b0ea874c7bb78c001ffd5e1c0bb72a5be95

Download Submit
C:\Windows\System\DMYQXtX.exe

Filesize
6.0MB

MD5
75187b4d7776a108c04bbeee04670904

SHA1
d4f4101a598341490a996c0a7eb5eb7a0f73ea56

SHA256
9db2f0f411171f025866e291c34c3a55bf7be94f3dc856735efb6c6fb57352f8

SHA512
2d1f1dfacc22e0e6f58df06c9ed7d94d40a966e6fcb6dd1f27614042c45a195f068696cad3364b4780c6fdce61b56ebd986aad032466b20b55330e8fb7055be1

Download Submit
C:\Windows\System\GBJSKMS.exe

Filesize
6.0MB

MD5
85228b859d4bf0465a3978f101aa70e6

SHA1
d3799fb261870f191c078e2f2ab28cdc28d7aab8

SHA256
cc4a7162127e733b4b200de12dba5f1f7eec68f50cbdf7ab42ae879f9a586461

SHA512
6fd20c82abcffd641835648684f29ad8efd1b52a297e7f122e9d6c8d6b3c063748d857116522f17a6acfd5d9e87916b1a6cb7d0b77e8b364cc6f113ba6cd8442

Download Submit
C:\Windows\System\GFANfcb.exe

Filesize
6.0MB

MD5
1db3b7e784ac3e3cc81658d3c329d3ad

SHA1
dbf106e20a867c04003a8995a7734d3773ab23b9

SHA256
309f713f3ea2279b81542e1b3b6ff47e9cffd5cb40fe4a53c0e01bbbca57234b

SHA512
7d07353b7aff19d9c1ff5e400be4144e2c8025195e37ab5b230e15ab3a738e813c5b3c68099f77275f29671f3ca29834c53161f48259de77e70314884c1b5683

Download Submit
C:\Windows\System\HnstYtt.exe

Filesize
6.0MB

MD5
9adc1b12bffadbea642ad70457800874

SHA1
45b95c27cad472cfc442b145e321f61a63cacf98

SHA256
66b8c1dc81e1bcb30d0cf902ed0c6d6e6dd7e32954746c81ebd3db320a38bae4

SHA512
cda82ced773cd3928903498cbb80eca834eb9c3c210dc277196b3f0d3318a6fe5f1475d5217ec1b5afccc35f796d3b9fbd4fedec733874c91b05640f918b9cbd

Download Submit
C:\Windows\System\LPiaKrn.exe

Filesize
6.0MB

MD5
47bffaaf7db06bf122a252797b90f51d

SHA1
c86455309c3af86e48088402780a7ef5416685d2

SHA256
7732157794ff9323833ea83ba480de5780202dcaaaa4c95c2b217682d3b9fe57

SHA512
2348c318553530a2e74dcbd109dfac303245a78e32572803e611c6a948d2ff5fc7d92f0feae9bae898855039053d480b6267c0695f9ff8c8cd92f71170d23f77

Download Submit
C:\Windows\System\LkpZFNG.exe

Filesize
6.0MB

MD5
98fb93ae88657052e493147da292dcc4

SHA1
7aae9474d37c30ccd753b21ec9290782d1e35dfe

SHA256
18721097ea4909c2a3f0e48f85ae089cbf06039e2117ececd5c866490a6dfaaf

SHA512
cced2dcf30b84cfebacf3838fcc24ca97bac506dddf28ce56e31a84fa1e0f92006b92695b3406094fb7cba00f6c0816e706513f01921b7314e0feb281a04ae36

Download Submit
C:\Windows\System\MZTYYXp.exe

Filesize
6.0MB

MD5
bc767648f5664176e9761b0ffefaa42d

SHA1
5cd16c5b598bbcf32d28551798e10c8e2e39c5bc

SHA256
8467f45f4b08ad8062686d100833f065eec88a488674315a97aad050a8630908

SHA512
87f9466e3804b4dad999c09bc39685074cf1ecdf707fa1bedfc0840e0cd0430a7a961408a548fdf6c4f67cd34c0bbb7bee5388fbad5c15205c0b5396f5fa4959

Download Submit
C:\Windows\System\MjoRkOL.exe

Filesize
6.0MB

MD5
25ad9c4e402630dfb7da70fc5850e38b

SHA1
8f03136ee78b3090fe31ad35cbfe23292c746811

SHA256
770a880a213eecb59b84b6e5dfa1099191841504e959559da24500103d13250e

SHA512
bccc0752810314ca694f0700db981c2a7a62f0bc36a4c0bfc0516eea5cc46bcdfb33399953dcbe2acaf72369126019fd2d59d0c0149587213cf180510d6d2033

Download Submit
C:\Windows\System\OQpQEUe.exe

Filesize
6.0MB

MD5
19731a8f72db1c5d5f648e74ec1b8d48

SHA1
6c1c0fc97b328fff30d9b290a613e1ba616c0ef6

SHA256
b927013d7dfc5da6f73e88ebc52e179d9b9c45af37600fb8cec70a30d06c2dc1

SHA512
edb9bcca12b1cf2cfd0f63faffbb7baccf557d941a43c97fc6bab71de32ba66d27ce6e2161f564b30ffcbde5259fc0f47ecfc125b79163a9dd53f5f848b757b0

Download Submit
C:\Windows\System\QoRPAYP.exe

Filesize
6.0MB

MD5
6e314116d7d54d125a9ef62313fd885c

SHA1
cde510af125671ff08f75b07a4d4a25db0e3f21c

SHA256
f756d47a80e8da70f30f94a02ddb6011045a26e47622012f7c8c66f4966f6794

SHA512
4e821dca9c84510ff2bfed3297eff37d053acd972c2d7595f59aa7297945a40a29a222df142b5291b0f186aebca34ae3a247a1ff78293e0479bd0e135aadf627

Download Submit
C:\Windows\System\RLLuXRU.exe

Filesize
6.0MB

MD5
8ef254e7f9e1896b17ea693bb53495e0

SHA1
dd8b603a9ee140a0f8c14e0aa9337994ab798ac0

SHA256
a12b12b1dc27e96d74fddbc1435834021ae931a332845bf721886814f6359e93

SHA512
b4873080de5f42906ecf9602133b4e71b3b14f410e2b132ee3f60070d56eb16c771e61d7aa0d56f60eca71e5d1316854adbb2e10b7d72d128043c7dc196ba6b0

Download Submit
C:\Windows\System\RvnZiYE.exe

Filesize
6.0MB

MD5
61c23516bbedfeb2ee5b9cb5063ff2a4

SHA1
0d96965b959ceab0c1bf92821066e39005a7128f

SHA256
f527ab48f5b17a692f181d54d11eda392894b36914180a928297f2ee452cda82

SHA512
5e6c543477961134259d27588308454d33216f436694fa5505dfa9fc438b0ecec3b38e4866c606307db2adacd086b94a57a3472a5515645713e9648f18eef49d

Download Submit
C:\Windows\System\UIgyufe.exe

Filesize
6.0MB

MD5
22e890902fb789184da6d094224eaebc

SHA1
b0fb820b8dbd5cff5314ed8ecf1938ece76b9243

SHA256
58cbd277ec7da164da257027f05cca2939f3894cabc8b469991df71a59bc2b01

SHA512
9a7cb637ae241ae880c97e248f5d95ff6ebf87f881d23bc6b6535fbe01054685ed0b155eac93c9a316c6c7d82daf17912b2266e95b2929365af5e50ee6f637f1

Download Submit
C:\Windows\System\UyumzGA.exe

Filesize
6.0MB

MD5
5da6901f2ba829811ecf60b29408cc38

SHA1
7dbd20dc485dd0d94a790eb3be305973c2e59574

SHA256
39ebc531ea846179f9b8aa317188afab22193668298798ed17c12bfbccd3d1d6

SHA512
53e18f5551901e197acf340e37d22c9f3c9a2f29a096efae4b75c04ae52779e5d47fca9e9623ca728a9360ba988047aa7a6099cfd6e93b4d20e7f0177c0be638

Download Submit
C:\Windows\System\WJaGvIJ.exe

Filesize
6.0MB

MD5
00af1e778bfd137f1a812c1b53eacfdc

SHA1
6ee3b3c54c2f252043d96eee6bfc39b6e61faa79

SHA256
785d0b835109825d107285673816c0bb87c50adb7592c170998b8f87c016b7da

SHA512
f4e4e0bed5cea0db7a3d0cf12163e2f2bf18784ded8c89942e02f5433b4ec53f49a1c697eb2b841c44f8832c2a9a717539760a4b9169d0976dbedbdb81c0a623

Download Submit
C:\Windows\System\bDvhPrD.exe

Filesize
6.0MB

MD5
9a947bf0af6497bcb0e72d86d98a82ce

SHA1
438e7f279a31a567f5667f5ce44c93a0f2bfb265

SHA256
7e127f251da31c2a7373c76bebe81ce0f35c0cd7e7a6e89ae1da0e0f3b3ce9cb

SHA512
04e3f5f1273ff892d290f6ea0cf86315cce3427dc2933adaeb4585edba0dc968c3a01a3e1b044d22ea609fa521925ce13afd98178595d21d266fbc817c244457

Download Submit
C:\Windows\System\cUxPRHh.exe

Filesize
6.0MB

MD5
8b30997d689e0f00492f98fed463da4c

SHA1
6490065c1a2d70b37c59f4d8af699e94483ff26f

SHA256
b5598593897f80a58178c209974db0759fa0d24b61753b1d4c53b5b687cf1a0d

SHA512
2e588c902509c136ec2f772f06b239fb735400f66327b5dd233b3c154aa06588a4b1d307c406de5d2be30784d1acf12b53752791d68f29abc02eb0e2085402c0

Download Submit
C:\Windows\System\fVamkDp.exe

Filesize
6.0MB

MD5
45dfd2b7550ff4f0d495fe5f8d863f99

SHA1
8709f837cc903c702831a41695cadb631c8998ab

SHA256
d790a6e5515333813ff2ea66b9a79a3ac10782d81950f7f30dd47417cc0b64ce

SHA512
d2fc64845125670c4894a1259279b795ffddd5d06806df3acaf06ea4bb5223e01a0d6621e3e57c5f0167eecd809bdcdf71a9b3908fb5da0f58df3d74922ad11b

Download Submit
C:\Windows\System\gKIXelj.exe

Filesize
6.0MB

MD5
5880760641fa1a2a646fd43738635de0

SHA1
5bd21d643e9b45df5a56326723e3583f855c8938

SHA256
b3a77b548aa8cf12aaee31256a9d34ab131cedf3f61b666ece4979b5bf64bfa1

SHA512
6f6b4e1fbdfd2a8d479c636fa42665550445639f02d2b24c9317444572d76db5261b1ae5ed4beb37df3e2c29bdd551fc79d59369532e209c7da861077eef28f4

Download Submit
C:\Windows\System\iiueYCD.exe

Filesize
6.0MB

MD5
c01972d98f8cb61f9e70dca2e9de470d

SHA1
0fc0269e54a7e5c1c8cd965c44fbe96a43aec33b

SHA256
4ab421446228bb9fd85dd81c919e2c8a5adefc8ee9c19933ce198344a01bd3db

SHA512
e84f4ebf3109c891ad6fde028b6802f7697f4f01480bd2bc483b7228a5a1054fe7d46aa74acfc2a75f6e4c81cbba39f9345921a3506fb8a030fd23968507ca17

Download Submit
C:\Windows\System\jmEzPYS.exe

Filesize
6.0MB

MD5
6d05114edc81900714676b44ad866fc9

SHA1
55e080fe6b1c9eb4fa21c8e77856c12a129b4723

SHA256
91c14a098ff4222942f61bbf569bca24a0aa531ba3b2a9fa6c240fba1ca06534

SHA512
9d32cf5c48c742efd2990f625932ef92b9b0393103e7b481b1098c252635a211c50c46cee4809e5550df71b52d7bde9078132cf8e08ffce671ee7cd2ac62a95a

Download Submit
C:\Windows\System\khoEYSy.exe

Filesize
6.0MB

MD5
65acb5733fd3e55ce01a0e3daecfe45f

SHA1
ad83eeb075996dd491d2cdc2273c9ab087bad112

SHA256
fbd42c8b6666541f0cb0c6a445acdc523e373e43ce9a5b03c6374e1c712286d7

SHA512
a6cbb6d646675a1a617f557fcea98ddb7ae7d60f7187b8187845557d1d15dd72e8f2b69faf0fe6fa3ed2ff81d6050e5323bd8da50142c31fff40946c0e0882b2

Download Submit
C:\Windows\System\khshcQc.exe

Filesize
6.0MB

MD5
91c560f956fb49d40c2805b472e2a7b2

SHA1
78e69a5ee8473a5f4714384cc66fc1d119cc81e2

SHA256
daf2921b479f13088c8f1f17da9e6fa12ceb53deaa7454bf147e652eedbc8bad

SHA512
71adfcce6e9c40cd4f0111600185a4dfb12fe09559f387235bf93167b99f2e5e22393576a7f31c9a883338b238bab05c7a7cc37f2558e6e8505a1bf2972a8e6d

Download Submit
C:\Windows\System\lEGGsLn.exe

Filesize
6.0MB

MD5
9fc3a4d4e396063d86626f051c259682

SHA1
0a1b9f470cfe0b018b0ca6aef60ef1dba4fbf9e0

SHA256
7aebd933ee1445c9f01ac40370485e3f70970983fb35e31afc0880f9223a93e2

SHA512
de30d50c4883d5c5e4792bb9339650f2c07ca6b7b63acf5c191e5a3aea77281082aaa6f6c99ad0b2c173c44d2da160408ac417fc617f766a57d8b0530be5335c

Download Submit
C:\Windows\System\mXUdloV.exe

Filesize
6.0MB

MD5
c9b95cd66f4bdf2c37a01ed0ee1a3b38

SHA1
d558375bf913f4efb8de2f7fedacbc7aa622220b

SHA256
a846e8317acc77bc571fcb38cf8e7514b91a2e392071cd9f40d2b2b89d1901a8

SHA512
6be7b843c3cf38baeaa02c0303dc8978f33eb52acf37561ab9ccff5d0817858500c850616bbfb12125258df4d42cc6b2864f943da42c92c024cae2df7108e182

Download Submit
C:\Windows\System\mzCDWdn.exe

Filesize
6.0MB

MD5
d5fa1ff0696d2b1a814c513201e40a04

SHA1
c2c11ad929d6f0cead3941b2112e81cd58110435

SHA256
c3c69a9ccac2d86a9b26e0a3003c2daa94d7dd1bb4213325da05b6e1616aa6f3

SHA512
84df4cf821c9e4d9e006eb1cd5be0efd5bc5607f933d8970367a95d5b2b7d2195725788be4aeb554f1aa34824d92af7881a5acf8b436cb3531a22b857c1a28d8

Download Submit
C:\Windows\System\pVJORbJ.exe

Filesize
6.0MB

MD5
00b850034e2cae4a844876234624c41b

SHA1
5363cffe300d9a393fdb6bf5040dfc5f56b2ee21

SHA256
add602101314eb2d2b54551a5b3892c9bb0a8acdcf8808fdc30dc47365c28db7

SHA512
f2e6857a470f1effd2c1d95d821777fd87a2d9ad3c46b9c4353399501328bdf1442b08f2d4c0318f9e0a896b5b613391469115a7b946b642c8512554f99ff905

Download Submit
C:\Windows\System\qufyAst.exe

Filesize
6.0MB

MD5
8340e326959e8bac909d3aa72057357b

SHA1
b59591d58e74293474f9e89484446c1b142ae5e4

SHA256
321e68904db42441c690f0d7c87bba7b9420a32501a1df3748798de0bf8e5399

SHA512
08b3ca21356a7ed2fda8027591a1b540689e1237171203980d5816f5e10f07b55dcfb614266fe8528e132fa8ddd9d9c1d07953202818f10b10813106ac623119

Download Submit
C:\Windows\System\rWThaOh.exe

Filesize
6.0MB

MD5
c7e9904638ab9f1191f6de1bea008602

SHA1
e6a44fc30dd5e8bfba247a85f4de3c771e47ddf0

SHA256
b612e7fa2d285fb2ab78a455b24630ef78654c0c5fe5c6fb5edbd127caa69cfb

SHA512
3e524c77279115eb130c01d3b396e410e549007654bfceae5601bbd3ae2b1284a3d3b72db0648623c08f581463e05a4783ea6714946c877b3e2b2f9da1d2fc33

Download Submit
C:\Windows\System\seyyDoA.exe

Filesize
6.0MB

MD5
4b0e4ebdce5358b6462d1eeae2b56ce5

SHA1
ea59f0af286cf9dad293b40220dbef4fb0fa8a31

SHA256
a4f30c75df979eabb2f6e83abf59609168561004fd322067171ab504d93ac98a

SHA512
7c35f78ccc06d7f0d64eda6118924ad69dcd9fc85d57597f9ed83b4b36ec6b17cdeb96d50b65467cab474888e4923440cf69c34a3d904e31a21e7b48f11d7c48

Download Submit
C:\Windows\System\vVyxpfP.exe

Filesize
6.0MB

MD5
df332866298372f2a89f2de39dbd89c8

SHA1
3f6ac6119b80a415d371afeb708c8c41ae6dc152

SHA256
a6e6bee09acfa486b7c9bf4550c018ba7e39577f998b735d3307992ed670ff24

SHA512
4f121d3af142f4edc05c5a56e648acf2686cf33214f1e85d3bd4e7828d3886d49fa301be01a0a383912a6eebac79d6c3e8c8d4cdc9b80f88a1a25a1e5405af8d

Download Submit
C:\Windows\System\xAfKjlD.exe

Filesize
6.0MB

MD5
cfa33a7d617952ab91f836f39283f748

SHA1
0d0de0d41473cd08c957510f4a0eb61d37f1d365

SHA256
bed1f4ac8ebe404ef52006d8e03d50086470003995a8161d2be01cf4b9482ea0

SHA512
cdd36b1a05a933c60a7bef378ed8a7283d10caa70362747a033fba21b2ecc7655abcaab0976637cb6a4c116ca8415501ca12a6916668bd07b956a61927b307aa

Download Submit
memory/692-574-0x00007FF767440000-0x00007FF767794000-memory.dmp

Filesize
3.3MB

Download
memory/692-2047-0x00007FF767440000-0x00007FF767794000-memory.dmp

Filesize
3.3MB

Download
memory/1232-575-0x00007FF7487C0000-0x00007FF748B14000-memory.dmp

Filesize
3.3MB

Download
memory/1232-2046-0x00007FF7487C0000-0x00007FF748B14000-memory.dmp

Filesize
3.3MB

Download
memory/1236-2016-0x00007FF715820000-0x00007FF715B74000-memory.dmp

Filesize
3.3MB

Download
memory/1236-558-0x00007FF715820000-0x00007FF715B74000-memory.dmp

Filesize
3.3MB

Download
memory/1416-2045-0x00007FF732B30000-0x00007FF732E84000-memory.dmp

Filesize
3.3MB

Download
memory/1416-571-0x00007FF732B30000-0x00007FF732E84000-memory.dmp

Filesize
3.3MB

Download
memory/1524-564-0x00007FF7A5C50000-0x00007FF7A5FA4000-memory.dmp

Filesize
3.3MB

Download
memory/1524-2020-0x00007FF7A5C50000-0x00007FF7A5FA4000-memory.dmp

Filesize
3.3MB

Download
memory/1592-703-0x00007FF6F11E0000-0x00007FF6F1534000-memory.dmp

Filesize
3.3MB

Download
memory/1592-1946-0x00007FF6F11E0000-0x00007FF6F1534000-memory.dmp

Filesize
3.3MB

Download
memory/1592-48-0x00007FF6F11E0000-0x00007FF6F1534000-memory.dmp

Filesize
3.3MB

Download
memory/1944-2030-0x00007FF730E50000-0x00007FF7311A4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-568-0x00007FF730E50000-0x00007FF7311A4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-581-0x00007FF6A8A00000-0x00007FF6A8D54000-memory.dmp

Filesize
3.3MB

Download
memory/2024-36-0x00007FF6A8A00000-0x00007FF6A8D54000-memory.dmp

Filesize
3.3MB

Download
memory/2024-1942-0x00007FF6A8A00000-0x00007FF6A8D54000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1914-0x00007FF638060000-0x00007FF6383B4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-88-0x00007FF638060000-0x00007FF6383B4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-24-0x00007FF638060000-0x00007FF6383B4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-2012-0x00007FF7D2A20000-0x00007FF7D2D74000-memory.dmp

Filesize
3.3MB

Download
memory/2056-557-0x00007FF7D2A20000-0x00007FF7D2D74000-memory.dmp

Filesize
3.3MB

Download
memory/2124-577-0x00007FF6BEAF0000-0x00007FF6BEE44000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2004-0x00007FF6BEAF0000-0x00007FF6BEE44000-memory.dmp

Filesize
3.3MB

Download
memory/2128-1929-0x00007FF619BD0000-0x00007FF619F24000-memory.dmp

Filesize
3.3MB

Download
memory/2128-30-0x00007FF619BD0000-0x00007FF619F24000-memory.dmp

Filesize
3.3MB

Download
memory/2128-576-0x00007FF619BD0000-0x00007FF619F24000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2040-0x00007FF748DA0000-0x00007FF7490F4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-572-0x00007FF748DA0000-0x00007FF7490F4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-759-0x00007FF7DBAB0000-0x00007FF7DBE04000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1972-0x00007FF7DBAB0000-0x00007FF7DBE04000-memory.dmp

Filesize
3.3MB

Download
memory/2708-56-0x00007FF7DBAB0000-0x00007FF7DBE04000-memory.dmp

Filesize
3.3MB

Download
memory/2724-2031-0x00007FF790600000-0x00007FF790954000-memory.dmp

Filesize
3.3MB

Download
memory/2724-569-0x00007FF790600000-0x00007FF790954000-memory.dmp

Filesize
3.3MB

Download
memory/2876-566-0x00007FF79C0A0000-0x00007FF79C3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-2023-0x00007FF79C0A0000-0x00007FF79C3F4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-961-0x00007FF620B20000-0x00007FF620E74000-memory.dmp

Filesize
3.3MB

Download
memory/3004-75-0x00007FF620B20000-0x00007FF620E74000-memory.dmp

Filesize
3.3MB

Download
memory/3004-1993-0x00007FF620B20000-0x00007FF620E74000-memory.dmp

Filesize
3.3MB

Download
memory/3040-0-0x00007FF74C660000-0x00007FF74C9B4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-1-0x000001753A8D0000-0x000001753A8E0000-memory.dmp

Filesize
64KB

Download
memory/3040-60-0x00007FF74C660000-0x00007FF74C9B4000-memory.dmp

Filesize
3.3MB

Download
memory/3480-73-0x00007FF6337E0000-0x00007FF633B34000-memory.dmp

Filesize
3.3MB

Download
memory/3480-1907-0x00007FF6337E0000-0x00007FF633B34000-memory.dmp

Filesize
3.3MB

Download
memory/3480-14-0x00007FF6337E0000-0x00007FF633B34000-memory.dmp

Filesize
3.3MB

Download
memory/3544-1842-0x00007FF6F6DC0000-0x00007FF6F7114000-memory.dmp

Filesize
3.3MB

Download
memory/3544-65-0x00007FF6F6DC0000-0x00007FF6F7114000-memory.dmp

Filesize
3.3MB

Download
memory/3544-6-0x00007FF6F6DC0000-0x00007FF6F7114000-memory.dmp

Filesize
3.3MB

Download
memory/3608-1911-0x00007FF74B010000-0x00007FF74B364000-memory.dmp

Filesize
3.3MB

Download
memory/3608-22-0x00007FF74B010000-0x00007FF74B364000-memory.dmp

Filesize
3.3MB

Download
memory/3608-74-0x00007FF74B010000-0x00007FF74B364000-memory.dmp

Filesize
3.3MB

Download
memory/3648-2022-0x00007FF639700000-0x00007FF639A54000-memory.dmp

Filesize
3.3MB

Download
memory/3648-563-0x00007FF639700000-0x00007FF639A54000-memory.dmp

Filesize
3.3MB

Download
memory/3696-2008-0x00007FF7F1D20000-0x00007FF7F2074000-memory.dmp

Filesize
3.3MB

Download
memory/3696-552-0x00007FF7F1D20000-0x00007FF7F2074000-memory.dmp

Filesize
3.3MB

Download
memory/4256-556-0x00007FF74B240000-0x00007FF74B594000-memory.dmp

Filesize
3.3MB

Download
memory/4256-2011-0x00007FF74B240000-0x00007FF74B594000-memory.dmp

Filesize
3.3MB

Download
memory/4380-963-0x00007FF7BC120000-0x00007FF7BC474000-memory.dmp

Filesize
3.3MB

Download
memory/4380-2000-0x00007FF7BC120000-0x00007FF7BC474000-memory.dmp

Filesize
3.3MB

Download
memory/4380-82-0x00007FF7BC120000-0x00007FF7BC474000-memory.dmp

Filesize
3.3MB

Download
memory/4580-44-0x00007FF6DB5D0000-0x00007FF6DB924000-memory.dmp

Filesize
3.3MB

Download
memory/4580-643-0x00007FF6DB5D0000-0x00007FF6DB924000-memory.dmp

Filesize
3.3MB

Download
memory/4580-1939-0x00007FF6DB5D0000-0x00007FF6DB924000-memory.dmp

Filesize
3.3MB

Download
memory/4648-573-0x00007FF719220000-0x00007FF719574000-memory.dmp

Filesize
3.3MB

Download
memory/4648-2043-0x00007FF719220000-0x00007FF719574000-memory.dmp

Filesize
3.3MB

Download
memory/4660-1987-0x00007FF7273C0000-0x00007FF727714000-memory.dmp

Filesize
3.3MB

Download
memory/4660-823-0x00007FF7273C0000-0x00007FF727714000-memory.dmp

Filesize
3.3MB

Download
memory/4660-61-0x00007FF7273C0000-0x00007FF727714000-memory.dmp

Filesize
3.3MB

Download
memory/4680-2019-0x00007FF64E820000-0x00007FF64EB74000-memory.dmp

Filesize
3.3MB

Download
memory/4680-561-0x00007FF64E820000-0x00007FF64EB74000-memory.dmp

Filesize
3.3MB

Download
memory/4708-1994-0x00007FF7E61C0000-0x00007FF7E6514000-memory.dmp

Filesize
3.3MB

Download
memory/4708-890-0x00007FF7E61C0000-0x00007FF7E6514000-memory.dmp

Filesize
3.3MB

Download
memory/4708-66-0x00007FF7E61C0000-0x00007FF7E6514000-memory.dmp

Filesize
3.3MB

Download