cobaltstrike | 3731da3709024d140c4da819237cea71d486036899ad71ca33f20f76fa5c3dcd

Analysis

max time kernel
99s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2025, 22:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

917ce1aa5671af0f5e78881596bacce1
SHA1

9386f224e77474b7671698b8e212951058572db3
SHA256

3731da3709024d140c4da819237cea71d486036899ad71ca33f20f76fa5c3dcd
SHA512

4dc14b7d5a34f988d793241fe74c86f40338f5d6cab51b2a4fb94ffee50be84989df9a2f65fbcb33ec5779f35a09c2800acf0fa51cd889f8ed3050ecdbd03693
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUh:T+q56utgpPF8u/7h

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000b000000023b78-5.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7c-11.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7d-21.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b79-25.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7e-28.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7f-35.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b80-39.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b81-46.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b84-62.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b86-74.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b87-82.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b88-97.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8b-106.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8c-113.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b9b-160.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bb0-190.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bb9-207.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bba-211.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bb6-209.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bb4-205.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023baf-195.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023ba9-188.dat	cobalt_reflective_dll
behavioral2/files/0x0012000000023ba7-181.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b99-166.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023b91-155.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b90-149.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b8f-144.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8e-137.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8d-132.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8a-111.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b89-104.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b85-71.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b82-58.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1220-0-0x00007FF69A740000-0x00007FF69AA94000-memory.dmp	xmrig
behavioral2/memory/2176-6-0x00007FF750560000-0x00007FF7508B4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b78-5.dat	xmrig
behavioral2/files/0x000a000000023b7c-11.dat	xmrig
behavioral2/memory/3908-18-0x00007FF6F2250000-0x00007FF6F25A4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7d-21.dat	xmrig
behavioral2/memory/2168-24-0x00007FF6114F0000-0x00007FF611844000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b79-25.dat	xmrig
behavioral2/memory/4920-17-0x00007FF6B41B0000-0x00007FF6B4504000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7e-28.dat	xmrig
behavioral2/memory/3372-30-0x00007FF7CC870000-0x00007FF7CCBC4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7f-35.dat	xmrig
behavioral2/memory/2816-36-0x00007FF636F50000-0x00007FF6372A4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b80-39.dat	xmrig
behavioral2/files/0x000a000000023b81-46.dat	xmrig
behavioral2/memory/1876-48-0x00007FF7D8300000-0x00007FF7D8654000-memory.dmp	xmrig
behavioral2/memory/4480-41-0x00007FF6C2CC0000-0x00007FF6C3014000-memory.dmp	xmrig
behavioral2/memory/4920-56-0x00007FF6B41B0000-0x00007FF6B4504000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b84-62.dat	xmrig
behavioral2/files/0x000a000000023b86-74.dat	xmrig
behavioral2/files/0x000a000000023b87-82.dat	xmrig
behavioral2/files/0x000a000000023b88-97.dat	xmrig
behavioral2/files/0x000a000000023b8b-106.dat	xmrig
behavioral2/files/0x000a000000023b8c-113.dat	xmrig
behavioral2/files/0x000b000000023b9b-160.dat	xmrig
behavioral2/memory/2384-172-0x00007FF6496B0000-0x00007FF649A04000-memory.dmp	xmrig
behavioral2/files/0x0009000000023bb0-190.dat	xmrig
behavioral2/files/0x0008000000023bb9-207.dat	xmrig
behavioral2/memory/1488-807-0x00007FF61B780000-0x00007FF61BAD4000-memory.dmp	xmrig
behavioral2/memory/392-821-0x00007FF7A7DA0000-0x00007FF7A80F4000-memory.dmp	xmrig
behavioral2/memory/1012-880-0x00007FF7EB940000-0x00007FF7EBC94000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bba-211.dat	xmrig
behavioral2/files/0x0008000000023bb6-209.dat	xmrig
behavioral2/files/0x000e000000023bb4-205.dat	xmrig
behavioral2/files/0x0009000000023baf-195.dat	xmrig
behavioral2/memory/5048-194-0x00007FF60EBE0000-0x00007FF60EF34000-memory.dmp	xmrig
behavioral2/memory/4600-193-0x00007FF753510000-0x00007FF753864000-memory.dmp	xmrig
behavioral2/files/0x0008000000023ba9-188.dat	xmrig
behavioral2/memory/4272-187-0x00007FF781240000-0x00007FF781594000-memory.dmp	xmrig
behavioral2/memory/1192-186-0x00007FF6BF030000-0x00007FF6BF384000-memory.dmp	xmrig
behavioral2/files/0x0012000000023ba7-181.dat	xmrig
behavioral2/memory/4108-180-0x00007FF621500000-0x00007FF621854000-memory.dmp	xmrig
behavioral2/memory/632-179-0x00007FF783A60000-0x00007FF783DB4000-memory.dmp	xmrig
behavioral2/memory/3492-173-0x00007FF6FC0C0000-0x00007FF6FC414000-memory.dmp	xmrig
behavioral2/memory/4640-171-0x00007FF71F5E0000-0x00007FF71F934000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b99-166.dat	xmrig
behavioral2/memory/1120-165-0x00007FF60F3B0000-0x00007FF60F704000-memory.dmp	xmrig
behavioral2/memory/1348-164-0x00007FF6F3BB0000-0x00007FF6F3F04000-memory.dmp	xmrig
behavioral2/memory/4288-163-0x00007FF6162E0000-0x00007FF616634000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b91-155.dat	xmrig
behavioral2/memory/4132-154-0x00007FF766DD0000-0x00007FF767124000-memory.dmp	xmrig
behavioral2/memory/3956-153-0x00007FF68F4B0000-0x00007FF68F804000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b90-149.dat	xmrig
behavioral2/memory/1012-148-0x00007FF7EB940000-0x00007FF7EBC94000-memory.dmp	xmrig
behavioral2/memory/2904-147-0x00007FF681F00000-0x00007FF682254000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b8f-144.dat	xmrig
behavioral2/memory/392-140-0x00007FF7A7DA0000-0x00007FF7A80F4000-memory.dmp	xmrig
behavioral2/memory/2316-139-0x00007FF65DF30000-0x00007FF65E284000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8e-137.dat	xmrig
behavioral2/files/0x000a000000023b8d-132.dat	xmrig
behavioral2/memory/1488-131-0x00007FF61B780000-0x00007FF61BAD4000-memory.dmp	xmrig
behavioral2/memory/2712-130-0x00007FF7D12F0000-0x00007FF7D1644000-memory.dmp	xmrig
behavioral2/memory/4272-126-0x00007FF781240000-0x00007FF781594000-memory.dmp	xmrig
behavioral2/memory/348-125-0x00007FF613640000-0x00007FF613994000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2176	qudYzhO.exe
4920	FpXZcQL.exe
3908	GxyjCGU.exe
2168	GaIcgzA.exe
3372	IPOyQgC.exe
2816	sOqxJte.exe
4480	qyaygiN.exe
1876	loRqroh.exe
348	ynlRqgX.exe
2712	VPrtqnk.exe
2316	hFBFpKo.exe
2904	jLIqIzp.exe
4132	QXOuoQS.exe
4288	sZyQLjq.exe
1348	eRcPrtH.exe
2384	wRXLlmu.exe
632	dmGTtTJ.exe
1192	djzqvVh.exe
4272	caLAIPu.exe
1488	wPCDkAy.exe
392	AXreaFV.exe
1012	MuJvonI.exe
3956	FVgmIYX.exe
1120	PDAdnTf.exe
4640	XBQKehI.exe
3492	AcNAaBJ.exe
4108	JiYKeTz.exe
4600	UPvKWsy.exe
5048	yCCeZrO.exe
1212	ZiRBtGL.exe
4660	dSRKUFg.exe
1692	RlUzYAN.exe
1656	rXAqilH.exe
3760	NZKhjfq.exe
4948	sOpDUTF.exe
2056	wVJlLQS.exe
1972	CbzcGPn.exe
1132	ysYoefj.exe
4084	RQXuWkp.exe
2840	bqjcXeE.exe
3052	YOLJUbD.exe
3600	YlVoNcE.exe
1980	pgkNBNf.exe
4840	dypuNSn.exe
1276	uKuWXrW.exe
2656	jWIXrtt.exe
2036	vgGnVMw.exe
2884	oLSrdpc.exe
2780	WJoMQic.exe
2688	GdRHbcf.exe
2584	zfNtBda.exe
3688	fqczFAE.exe
4524	OjSHhZD.exe
3644	OnzlJTP.exe
1756	swYGzHG.exe
4832	tYYERMk.exe
3340	aEIdbvl.exe
1620	eusckyu.exe
3768	bpwYiJf.exe
2684	bdKKSDN.exe
3612	ZAkiOyB.exe
3152	bByshup.exe
2436	NQqQHEw.exe
2032	RfppBVc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1220-0-0x00007FF69A740000-0x00007FF69AA94000-memory.dmp	upx
behavioral2/memory/2176-6-0x00007FF750560000-0x00007FF7508B4000-memory.dmp	upx
behavioral2/files/0x000b000000023b78-5.dat	upx
behavioral2/files/0x000a000000023b7c-11.dat	upx
behavioral2/memory/3908-18-0x00007FF6F2250000-0x00007FF6F25A4000-memory.dmp	upx
behavioral2/files/0x000a000000023b7d-21.dat	upx
behavioral2/memory/2168-24-0x00007FF6114F0000-0x00007FF611844000-memory.dmp	upx
behavioral2/files/0x000b000000023b79-25.dat	upx
behavioral2/memory/4920-17-0x00007FF6B41B0000-0x00007FF6B4504000-memory.dmp	upx
behavioral2/files/0x000a000000023b7e-28.dat	upx
behavioral2/memory/3372-30-0x00007FF7CC870000-0x00007FF7CCBC4000-memory.dmp	upx
behavioral2/files/0x000a000000023b7f-35.dat	upx
behavioral2/memory/2816-36-0x00007FF636F50000-0x00007FF6372A4000-memory.dmp	upx
behavioral2/files/0x000a000000023b80-39.dat	upx
behavioral2/files/0x000a000000023b81-46.dat	upx
behavioral2/memory/1876-48-0x00007FF7D8300000-0x00007FF7D8654000-memory.dmp	upx
behavioral2/memory/4480-41-0x00007FF6C2CC0000-0x00007FF6C3014000-memory.dmp	upx
behavioral2/memory/4920-56-0x00007FF6B41B0000-0x00007FF6B4504000-memory.dmp	upx
behavioral2/files/0x000a000000023b84-62.dat	upx
behavioral2/files/0x000a000000023b86-74.dat	upx
behavioral2/files/0x000a000000023b87-82.dat	upx
behavioral2/files/0x000a000000023b88-97.dat	upx
behavioral2/files/0x000a000000023b8b-106.dat	upx
behavioral2/files/0x000a000000023b8c-113.dat	upx
behavioral2/files/0x000b000000023b9b-160.dat	upx
behavioral2/memory/2384-172-0x00007FF6496B0000-0x00007FF649A04000-memory.dmp	upx
behavioral2/files/0x0009000000023bb0-190.dat	upx
behavioral2/files/0x0008000000023bb9-207.dat	upx
behavioral2/memory/1488-807-0x00007FF61B780000-0x00007FF61BAD4000-memory.dmp	upx
behavioral2/memory/392-821-0x00007FF7A7DA0000-0x00007FF7A80F4000-memory.dmp	upx
behavioral2/memory/1012-880-0x00007FF7EB940000-0x00007FF7EBC94000-memory.dmp	upx
behavioral2/files/0x0008000000023bba-211.dat	upx
behavioral2/files/0x0008000000023bb6-209.dat	upx
behavioral2/files/0x000e000000023bb4-205.dat	upx
behavioral2/files/0x0009000000023baf-195.dat	upx
behavioral2/memory/5048-194-0x00007FF60EBE0000-0x00007FF60EF34000-memory.dmp	upx
behavioral2/memory/4600-193-0x00007FF753510000-0x00007FF753864000-memory.dmp	upx
behavioral2/files/0x0008000000023ba9-188.dat	upx
behavioral2/memory/4272-187-0x00007FF781240000-0x00007FF781594000-memory.dmp	upx
behavioral2/memory/1192-186-0x00007FF6BF030000-0x00007FF6BF384000-memory.dmp	upx
behavioral2/files/0x0012000000023ba7-181.dat	upx
behavioral2/memory/4108-180-0x00007FF621500000-0x00007FF621854000-memory.dmp	upx
behavioral2/memory/632-179-0x00007FF783A60000-0x00007FF783DB4000-memory.dmp	upx
behavioral2/memory/3492-173-0x00007FF6FC0C0000-0x00007FF6FC414000-memory.dmp	upx
behavioral2/memory/4640-171-0x00007FF71F5E0000-0x00007FF71F934000-memory.dmp	upx
behavioral2/files/0x000a000000023b99-166.dat	upx
behavioral2/memory/1120-165-0x00007FF60F3B0000-0x00007FF60F704000-memory.dmp	upx
behavioral2/memory/1348-164-0x00007FF6F3BB0000-0x00007FF6F3F04000-memory.dmp	upx
behavioral2/memory/4288-163-0x00007FF6162E0000-0x00007FF616634000-memory.dmp	upx
behavioral2/files/0x000c000000023b91-155.dat	upx
behavioral2/memory/4132-154-0x00007FF766DD0000-0x00007FF767124000-memory.dmp	upx
behavioral2/memory/3956-153-0x00007FF68F4B0000-0x00007FF68F804000-memory.dmp	upx
behavioral2/files/0x000a000000023b90-149.dat	upx
behavioral2/memory/1012-148-0x00007FF7EB940000-0x00007FF7EBC94000-memory.dmp	upx
behavioral2/memory/2904-147-0x00007FF681F00000-0x00007FF682254000-memory.dmp	upx
behavioral2/files/0x000b000000023b8f-144.dat	upx
behavioral2/memory/392-140-0x00007FF7A7DA0000-0x00007FF7A80F4000-memory.dmp	upx
behavioral2/memory/2316-139-0x00007FF65DF30000-0x00007FF65E284000-memory.dmp	upx
behavioral2/files/0x000a000000023b8e-137.dat	upx
behavioral2/files/0x000a000000023b8d-132.dat	upx
behavioral2/memory/1488-131-0x00007FF61B780000-0x00007FF61BAD4000-memory.dmp	upx
behavioral2/memory/2712-130-0x00007FF7D12F0000-0x00007FF7D1644000-memory.dmp	upx
behavioral2/memory/4272-126-0x00007FF781240000-0x00007FF781594000-memory.dmp	upx
behavioral2/memory/348-125-0x00007FF613640000-0x00007FF613994000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\SDmMbTG.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKBoXbr.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNjwSPn.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TDIRXym.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngqIGdY.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bByshup.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNAyvPF.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzIXIwd.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTzmCix.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\azodOuT.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEOehYl.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUcCTfS.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmZvvRP.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ulFBjxY.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SSFmBaI.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpNPlOS.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NkJesNI.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MnKcGkk.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvqOAVB.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZTYlXT.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPxPexv.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lYNxjfc.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wwoDGZs.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uciZplG.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJwHtyl.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYBZKkQ.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FlIPgIS.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpnlPBI.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFbqIpD.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRONsEU.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrOGpQx.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cSYuYCK.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MpoJmOh.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFOsMue.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICPNVXm.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Gfcudzh.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ENUoWYp.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jYfHuzk.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BnbMjTi.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MiGfCpR.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFIPDqf.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVhQFeR.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AyNTbqz.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WnyTjXN.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfYubMp.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PXfAKHX.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NHsqaMX.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZzREKqa.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTjqIUS.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVMTMPO.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cymbrXc.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrSAyxi.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RXioZZs.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TQhzsar.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZfGLMB.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqFlRTG.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEkeQEh.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WSstokm.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SSXmIwV.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gtxUyCS.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GnKySta.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSpVxvv.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABthPwM.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhSoDgI.exe	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 2176	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1220 wrote to memory of 2176	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1220 wrote to memory of 4920	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1220 wrote to memory of 4920	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1220 wrote to memory of 3908	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1220 wrote to memory of 3908	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1220 wrote to memory of 2168	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1220 wrote to memory of 2168	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1220 wrote to memory of 3372	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1220 wrote to memory of 3372	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1220 wrote to memory of 2816	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1220 wrote to memory of 2816	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1220 wrote to memory of 4480	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1220 wrote to memory of 4480	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1220 wrote to memory of 1876	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1220 wrote to memory of 1876	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1220 wrote to memory of 348	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1220 wrote to memory of 348	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1220 wrote to memory of 2712	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1220 wrote to memory of 2712	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1220 wrote to memory of 2316	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1220 wrote to memory of 2316	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1220 wrote to memory of 2904	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1220 wrote to memory of 2904	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1220 wrote to memory of 4132	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1220 wrote to memory of 4132	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1220 wrote to memory of 4288	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1220 wrote to memory of 4288	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1220 wrote to memory of 1348	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1220 wrote to memory of 1348	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1220 wrote to memory of 2384	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1220 wrote to memory of 2384	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1220 wrote to memory of 632	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1220 wrote to memory of 632	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1220 wrote to memory of 1192	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1220 wrote to memory of 1192	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1220 wrote to memory of 4272	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1220 wrote to memory of 4272	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1220 wrote to memory of 1488	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1220 wrote to memory of 1488	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1220 wrote to memory of 392	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1220 wrote to memory of 392	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1220 wrote to memory of 1012	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1220 wrote to memory of 1012	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1220 wrote to memory of 3956	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1220 wrote to memory of 3956	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1220 wrote to memory of 1120	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1220 wrote to memory of 1120	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1220 wrote to memory of 4640	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1220 wrote to memory of 4640	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1220 wrote to memory of 3492	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1220 wrote to memory of 3492	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1220 wrote to memory of 4108	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1220 wrote to memory of 4108	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1220 wrote to memory of 4600	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1220 wrote to memory of 4600	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1220 wrote to memory of 5048	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1220 wrote to memory of 5048	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1220 wrote to memory of 1212	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1220 wrote to memory of 1212	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1220 wrote to memory of 4660	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1220 wrote to memory of 4660	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1220 wrote to memory of 1692	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1220 wrote to memory of 1692	1220	2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_917ce1aa5671af0f5e78881596bacce1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Windows\System\qudYzhO.exe
  C:\Windows\System\qudYzhO.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\FpXZcQL.exe
  C:\Windows\System\FpXZcQL.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\GxyjCGU.exe
  C:\Windows\System\GxyjCGU.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\GaIcgzA.exe
  C:\Windows\System\GaIcgzA.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\IPOyQgC.exe
  C:\Windows\System\IPOyQgC.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\sOqxJte.exe
  C:\Windows\System\sOqxJte.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\qyaygiN.exe
  C:\Windows\System\qyaygiN.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\loRqroh.exe
  C:\Windows\System\loRqroh.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\ynlRqgX.exe
  C:\Windows\System\ynlRqgX.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\VPrtqnk.exe
  C:\Windows\System\VPrtqnk.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\hFBFpKo.exe
  C:\Windows\System\hFBFpKo.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\jLIqIzp.exe
  C:\Windows\System\jLIqIzp.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\QXOuoQS.exe
  C:\Windows\System\QXOuoQS.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\sZyQLjq.exe
  C:\Windows\System\sZyQLjq.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\eRcPrtH.exe
  C:\Windows\System\eRcPrtH.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\wRXLlmu.exe
  C:\Windows\System\wRXLlmu.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\dmGTtTJ.exe
  C:\Windows\System\dmGTtTJ.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\djzqvVh.exe
  C:\Windows\System\djzqvVh.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\caLAIPu.exe
  C:\Windows\System\caLAIPu.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\wPCDkAy.exe
  C:\Windows\System\wPCDkAy.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\AXreaFV.exe
  C:\Windows\System\AXreaFV.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\MuJvonI.exe
  C:\Windows\System\MuJvonI.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\FVgmIYX.exe
  C:\Windows\System\FVgmIYX.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\PDAdnTf.exe
  C:\Windows\System\PDAdnTf.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\XBQKehI.exe
  C:\Windows\System\XBQKehI.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\AcNAaBJ.exe
  C:\Windows\System\AcNAaBJ.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\JiYKeTz.exe
  C:\Windows\System\JiYKeTz.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\UPvKWsy.exe
  C:\Windows\System\UPvKWsy.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\yCCeZrO.exe
  C:\Windows\System\yCCeZrO.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\ZiRBtGL.exe
  C:\Windows\System\ZiRBtGL.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\dSRKUFg.exe
  C:\Windows\System\dSRKUFg.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\RlUzYAN.exe
  C:\Windows\System\RlUzYAN.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\rXAqilH.exe
  C:\Windows\System\rXAqilH.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\NZKhjfq.exe
  C:\Windows\System\NZKhjfq.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\sOpDUTF.exe
  C:\Windows\System\sOpDUTF.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\wVJlLQS.exe
  C:\Windows\System\wVJlLQS.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\CbzcGPn.exe
  C:\Windows\System\CbzcGPn.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\ysYoefj.exe
  C:\Windows\System\ysYoefj.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\RQXuWkp.exe
  C:\Windows\System\RQXuWkp.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\bqjcXeE.exe
  C:\Windows\System\bqjcXeE.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\YOLJUbD.exe
  C:\Windows\System\YOLJUbD.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\YlVoNcE.exe
  C:\Windows\System\YlVoNcE.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\pgkNBNf.exe
  C:\Windows\System\pgkNBNf.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\dypuNSn.exe
  C:\Windows\System\dypuNSn.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\uKuWXrW.exe
  C:\Windows\System\uKuWXrW.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\jWIXrtt.exe
  C:\Windows\System\jWIXrtt.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\vgGnVMw.exe
  C:\Windows\System\vgGnVMw.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\oLSrdpc.exe
  C:\Windows\System\oLSrdpc.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\WJoMQic.exe
  C:\Windows\System\WJoMQic.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\GdRHbcf.exe
  C:\Windows\System\GdRHbcf.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\zfNtBda.exe
  C:\Windows\System\zfNtBda.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\fqczFAE.exe
  C:\Windows\System\fqczFAE.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\OjSHhZD.exe
  C:\Windows\System\OjSHhZD.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\OnzlJTP.exe
  C:\Windows\System\OnzlJTP.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\swYGzHG.exe
  C:\Windows\System\swYGzHG.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\tYYERMk.exe
  C:\Windows\System\tYYERMk.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\aEIdbvl.exe
  C:\Windows\System\aEIdbvl.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\eusckyu.exe
  C:\Windows\System\eusckyu.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\bpwYiJf.exe
  C:\Windows\System\bpwYiJf.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\bdKKSDN.exe
  C:\Windows\System\bdKKSDN.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\ZAkiOyB.exe
  C:\Windows\System\ZAkiOyB.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\bByshup.exe
  C:\Windows\System\bByshup.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\NQqQHEw.exe
  C:\Windows\System\NQqQHEw.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\RfppBVc.exe
  C:\Windows\System\RfppBVc.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\EOiTHUR.exe
  C:\Windows\System\EOiTHUR.exe
  2⤵
  PID:2744
- C:\Windows\System\fzEYjKm.exe
  C:\Windows\System\fzEYjKm.exe
  2⤵
  PID:4484
- C:\Windows\System\ALuFixP.exe
  C:\Windows\System\ALuFixP.exe
  2⤵
  PID:4828
- C:\Windows\System\urCwUMK.exe
  C:\Windows\System\urCwUMK.exe
  2⤵
  PID:1712
- C:\Windows\System\JxNFLgr.exe
  C:\Windows\System\JxNFLgr.exe
  2⤵
  PID:4804
- C:\Windows\System\YwuqAAi.exe
  C:\Windows\System\YwuqAAi.exe
  2⤵
  PID:4552
- C:\Windows\System\CMZycBa.exe
  C:\Windows\System\CMZycBa.exe
  2⤵
  PID:2520
- C:\Windows\System\AdpqGVS.exe
  C:\Windows\System\AdpqGVS.exe
  2⤵
  PID:3920
- C:\Windows\System\WFOsMue.exe
  C:\Windows\System\WFOsMue.exe
  2⤵
  PID:3056
- C:\Windows\System\aYzGFty.exe
  C:\Windows\System\aYzGFty.exe
  2⤵
  PID:648
- C:\Windows\System\lCgfhSm.exe
  C:\Windows\System\lCgfhSm.exe
  2⤵
  PID:1764
- C:\Windows\System\QyJzGoa.exe
  C:\Windows\System\QyJzGoa.exe
  2⤵
  PID:3596
- C:\Windows\System\hwDUujX.exe
  C:\Windows\System\hwDUujX.exe
  2⤵
  PID:3408
- C:\Windows\System\FzVBJME.exe
  C:\Windows\System\FzVBJME.exe
  2⤵
  PID:5124
- C:\Windows\System\WnVesYp.exe
  C:\Windows\System\WnVesYp.exe
  2⤵
  PID:5164
- C:\Windows\System\zlgxCyb.exe
  C:\Windows\System\zlgxCyb.exe
  2⤵
  PID:5192
- C:\Windows\System\XtLxXSP.exe
  C:\Windows\System\XtLxXSP.exe
  2⤵
  PID:5208
- C:\Windows\System\mhbQmNy.exe
  C:\Windows\System\mhbQmNy.exe
  2⤵
  PID:5236
- C:\Windows\System\uuEbPlE.exe
  C:\Windows\System\uuEbPlE.exe
  2⤵
  PID:5268
- C:\Windows\System\GaqYdPx.exe
  C:\Windows\System\GaqYdPx.exe
  2⤵
  PID:5292
- C:\Windows\System\OYIUqha.exe
  C:\Windows\System\OYIUqha.exe
  2⤵
  PID:5332
- C:\Windows\System\MztHqqe.exe
  C:\Windows\System\MztHqqe.exe
  2⤵
  PID:5360
- C:\Windows\System\SnICMvI.exe
  C:\Windows\System\SnICMvI.exe
  2⤵
  PID:5388
- C:\Windows\System\RcflzNB.exe
  C:\Windows\System\RcflzNB.exe
  2⤵
  PID:5416
- C:\Windows\System\EkuhAYa.exe
  C:\Windows\System\EkuhAYa.exe
  2⤵
  PID:5440
- C:\Windows\System\lCJqKBd.exe
  C:\Windows\System\lCJqKBd.exe
  2⤵
  PID:5460
- C:\Windows\System\BJvNgsD.exe
  C:\Windows\System\BJvNgsD.exe
  2⤵
  PID:5488
- C:\Windows\System\eCSYhCy.exe
  C:\Windows\System\eCSYhCy.exe
  2⤵
  PID:5516
- C:\Windows\System\LYqwxbJ.exe
  C:\Windows\System\LYqwxbJ.exe
  2⤵
  PID:5556
- C:\Windows\System\XylFCwQ.exe
  C:\Windows\System\XylFCwQ.exe
  2⤵
  PID:5584
- C:\Windows\System\RViUUpK.exe
  C:\Windows\System\RViUUpK.exe
  2⤵
  PID:5612
- C:\Windows\System\aITQpsC.exe
  C:\Windows\System\aITQpsC.exe
  2⤵
  PID:5628
- C:\Windows\System\kYUedzW.exe
  C:\Windows\System\kYUedzW.exe
  2⤵
  PID:5656
- C:\Windows\System\DuPKqtn.exe
  C:\Windows\System\DuPKqtn.exe
  2⤵
  PID:5692
- C:\Windows\System\dTJdwyF.exe
  C:\Windows\System\dTJdwyF.exe
  2⤵
  PID:5724
- C:\Windows\System\alNtKDw.exe
  C:\Windows\System\alNtKDw.exe
  2⤵
  PID:5752
- C:\Windows\System\YhNyTke.exe
  C:\Windows\System\YhNyTke.exe
  2⤵
  PID:5768
- C:\Windows\System\VDbawtm.exe
  C:\Windows\System\VDbawtm.exe
  2⤵
  PID:5796
- C:\Windows\System\uyjcLPM.exe
  C:\Windows\System\uyjcLPM.exe
  2⤵
  PID:5824
- C:\Windows\System\NNblCvW.exe
  C:\Windows\System\NNblCvW.exe
  2⤵
  PID:5852
- C:\Windows\System\kgNygFr.exe
  C:\Windows\System\kgNygFr.exe
  2⤵
  PID:5880
- C:\Windows\System\rPzVWjR.exe
  C:\Windows\System\rPzVWjR.exe
  2⤵
  PID:5908
- C:\Windows\System\ijIKTib.exe
  C:\Windows\System\ijIKTib.exe
  2⤵
  PID:5936
- C:\Windows\System\iTbeZkF.exe
  C:\Windows\System\iTbeZkF.exe
  2⤵
  PID:5964
- C:\Windows\System\fabthvs.exe
  C:\Windows\System\fabthvs.exe
  2⤵
  PID:5992
- C:\Windows\System\kNfOanR.exe
  C:\Windows\System\kNfOanR.exe
  2⤵
  PID:6020
- C:\Windows\System\ZcyxlCC.exe
  C:\Windows\System\ZcyxlCC.exe
  2⤵
  PID:6048
- C:\Windows\System\BvYYcjY.exe
  C:\Windows\System\BvYYcjY.exe
  2⤵
  PID:6076
- C:\Windows\System\WGcvxYq.exe
  C:\Windows\System\WGcvxYq.exe
  2⤵
  PID:6104
- C:\Windows\System\anQjbvQ.exe
  C:\Windows\System\anQjbvQ.exe
  2⤵
  PID:6132
- C:\Windows\System\syqSsTN.exe
  C:\Windows\System\syqSsTN.exe
  2⤵
  PID:1284
- C:\Windows\System\bQWEAOS.exe
  C:\Windows\System\bQWEAOS.exe
  2⤵
  PID:4432
- C:\Windows\System\lRFQryC.exe
  C:\Windows\System\lRFQryC.exe
  2⤵
  PID:3068
- C:\Windows\System\sxiCitN.exe
  C:\Windows\System\sxiCitN.exe
  2⤵
  PID:2188
- C:\Windows\System\tHFlHQB.exe
  C:\Windows\System\tHFlHQB.exe
  2⤵
  PID:804
- C:\Windows\System\iAbltWy.exe
  C:\Windows\System\iAbltWy.exe
  2⤵
  PID:5140
- C:\Windows\System\ETjiucs.exe
  C:\Windows\System\ETjiucs.exe
  2⤵
  PID:5204
- C:\Windows\System\QpeBvbY.exe
  C:\Windows\System\QpeBvbY.exe
  2⤵
  PID:5276
- C:\Windows\System\ElghGVN.exe
  C:\Windows\System\ElghGVN.exe
  2⤵
  PID:5344
- C:\Windows\System\GnZWOqu.exe
  C:\Windows\System\GnZWOqu.exe
  2⤵
  PID:5408
- C:\Windows\System\QwYBJvE.exe
  C:\Windows\System\QwYBJvE.exe
  2⤵
  PID:5456
- C:\Windows\System\tpLwnBg.exe
  C:\Windows\System\tpLwnBg.exe
  2⤵
  PID:5528
- C:\Windows\System\ggKSaCR.exe
  C:\Windows\System\ggKSaCR.exe
  2⤵
  PID:5596
- C:\Windows\System\TXVNIGI.exe
  C:\Windows\System\TXVNIGI.exe
  2⤵
  PID:5648
- C:\Windows\System\eGwiVJM.exe
  C:\Windows\System\eGwiVJM.exe
  2⤵
  PID:5716
- C:\Windows\System\MDfqBkL.exe
  C:\Windows\System\MDfqBkL.exe
  2⤵
  PID:5784
- C:\Windows\System\bWqhSQs.exe
  C:\Windows\System\bWqhSQs.exe
  2⤵
  PID:5872
- C:\Windows\System\CpFsKeD.exe
  C:\Windows\System\CpFsKeD.exe
  2⤵
  PID:5948
- C:\Windows\System\PgMqTUp.exe
  C:\Windows\System\PgMqTUp.exe
  2⤵
  PID:5980
- C:\Windows\System\MEXAOQo.exe
  C:\Windows\System\MEXAOQo.exe
  2⤵
  PID:6060
- C:\Windows\System\LpqbCJq.exe
  C:\Windows\System\LpqbCJq.exe
  2⤵
  PID:6116
- C:\Windows\System\NLJNpeo.exe
  C:\Windows\System\NLJNpeo.exe
  2⤵
  PID:2148
- C:\Windows\System\STIAVBb.exe
  C:\Windows\System\STIAVBb.exe
  2⤵
  PID:60
- C:\Windows\System\WnyTjXN.exe
  C:\Windows\System\WnyTjXN.exe
  2⤵
  PID:5176
- C:\Windows\System\TGynQVM.exe
  C:\Windows\System\TGynQVM.exe
  2⤵
  PID:5308
- C:\Windows\System\BLABDLJ.exe
  C:\Windows\System\BLABDLJ.exe
  2⤵
  PID:5452
- C:\Windows\System\FrMVQLW.exe
  C:\Windows\System\FrMVQLW.exe
  2⤵
  PID:5572
- C:\Windows\System\SSFmBaI.exe
  C:\Windows\System\SSFmBaI.exe
  2⤵
  PID:5760
- C:\Windows\System\qlURThn.exe
  C:\Windows\System\qlURThn.exe
  2⤵
  PID:5920
- C:\Windows\System\desandp.exe
  C:\Windows\System\desandp.exe
  2⤵
  PID:6092
- C:\Windows\System\KouoPfM.exe
  C:\Windows\System\KouoPfM.exe
  2⤵
  PID:4228
- C:\Windows\System\FyVSRoQ.exe
  C:\Windows\System\FyVSRoQ.exe
  2⤵
  PID:5252
- C:\Windows\System\OHYZCik.exe
  C:\Windows\System\OHYZCik.exe
  2⤵
  PID:5684
- C:\Windows\System\IGgxwTG.exe
  C:\Windows\System\IGgxwTG.exe
  2⤵
  PID:6148
- C:\Windows\System\euNUJxc.exe
  C:\Windows\System\euNUJxc.exe
  2⤵
  PID:6188
- C:\Windows\System\QUfhmuv.exe
  C:\Windows\System\QUfhmuv.exe
  2⤵
  PID:6216
- C:\Windows\System\MiGfCpR.exe
  C:\Windows\System\MiGfCpR.exe
  2⤵
  PID:6240
- C:\Windows\System\YvFETOQ.exe
  C:\Windows\System\YvFETOQ.exe
  2⤵
  PID:6260
- C:\Windows\System\VfFhddg.exe
  C:\Windows\System\VfFhddg.exe
  2⤵
  PID:6300
- C:\Windows\System\cjoXDsH.exe
  C:\Windows\System\cjoXDsH.exe
  2⤵
  PID:6328
- C:\Windows\System\WiBxReg.exe
  C:\Windows\System\WiBxReg.exe
  2⤵
  PID:6356
- C:\Windows\System\xBlWVzB.exe
  C:\Windows\System\xBlWVzB.exe
  2⤵
  PID:6372
- C:\Windows\System\NXRAEUl.exe
  C:\Windows\System\NXRAEUl.exe
  2⤵
  PID:6412
- C:\Windows\System\lRKjlQl.exe
  C:\Windows\System\lRKjlQl.exe
  2⤵
  PID:6440
- C:\Windows\System\VXtmmrW.exe
  C:\Windows\System\VXtmmrW.exe
  2⤵
  PID:6464
- C:\Windows\System\lEBcaLx.exe
  C:\Windows\System\lEBcaLx.exe
  2⤵
  PID:6496
- C:\Windows\System\gqxlyaA.exe
  C:\Windows\System\gqxlyaA.exe
  2⤵
  PID:6524
- C:\Windows\System\uYOJsfY.exe
  C:\Windows\System\uYOJsfY.exe
  2⤵
  PID:6552
- C:\Windows\System\kYoXYJr.exe
  C:\Windows\System\kYoXYJr.exe
  2⤵
  PID:6568
- C:\Windows\System\YYfNkwI.exe
  C:\Windows\System\YYfNkwI.exe
  2⤵
  PID:6620
- C:\Windows\System\XpNPlOS.exe
  C:\Windows\System\XpNPlOS.exe
  2⤵
  PID:6648
- C:\Windows\System\vFjAhIE.exe
  C:\Windows\System\vFjAhIE.exe
  2⤵
  PID:6664
- C:\Windows\System\qXAjOUS.exe
  C:\Windows\System\qXAjOUS.exe
  2⤵
  PID:6688
- C:\Windows\System\VfKZpzY.exe
  C:\Windows\System\VfKZpzY.exe
  2⤵
  PID:6720
- C:\Windows\System\cSnAqqa.exe
  C:\Windows\System\cSnAqqa.exe
  2⤵
  PID:6748
- C:\Windows\System\TXnEWrS.exe
  C:\Windows\System\TXnEWrS.exe
  2⤵
  PID:6776
- C:\Windows\System\JjEWJTo.exe
  C:\Windows\System\JjEWJTo.exe
  2⤵
  PID:6804
- C:\Windows\System\rVuqDwS.exe
  C:\Windows\System\rVuqDwS.exe
  2⤵
  PID:6832
- C:\Windows\System\GQTvHKc.exe
  C:\Windows\System\GQTvHKc.exe
  2⤵
  PID:6860
- C:\Windows\System\ZLIaaGj.exe
  C:\Windows\System\ZLIaaGj.exe
  2⤵
  PID:6876
- C:\Windows\System\LEvtcSv.exe
  C:\Windows\System\LEvtcSv.exe
  2⤵
  PID:6916
- C:\Windows\System\fhSoDgI.exe
  C:\Windows\System\fhSoDgI.exe
  2⤵
  PID:6944
- C:\Windows\System\WghyJMv.exe
  C:\Windows\System\WghyJMv.exe
  2⤵
  PID:6972
- C:\Windows\System\oGuNmqb.exe
  C:\Windows\System\oGuNmqb.exe
  2⤵
  PID:7000
- C:\Windows\System\omidPkC.exe
  C:\Windows\System\omidPkC.exe
  2⤵
  PID:7028
- C:\Windows\System\PpuiLiT.exe
  C:\Windows\System\PpuiLiT.exe
  2⤵
  PID:7056
- C:\Windows\System\yMPIJQH.exe
  C:\Windows\System\yMPIJQH.exe
  2⤵
  PID:7072
- C:\Windows\System\qYunRBi.exe
  C:\Windows\System\qYunRBi.exe
  2⤵
  PID:7112
- C:\Windows\System\nVwQKCj.exe
  C:\Windows\System\nVwQKCj.exe
  2⤵
  PID:7140
- C:\Windows\System\cqFlRTG.exe
  C:\Windows\System\cqFlRTG.exe
  2⤵
  PID:6008
- C:\Windows\System\diHpYNX.exe
  C:\Windows\System\diHpYNX.exe
  2⤵
  PID:3968
- C:\Windows\System\kOqaKwI.exe
  C:\Windows\System\kOqaKwI.exe
  2⤵
  PID:5844
- C:\Windows\System\fPkJmAo.exe
  C:\Windows\System\fPkJmAo.exe
  2⤵
  PID:6200
- C:\Windows\System\wmWSzHP.exe
  C:\Windows\System\wmWSzHP.exe
  2⤵
  PID:6256
- C:\Windows\System\SuLTxfI.exe
  C:\Windows\System\SuLTxfI.exe
  2⤵
  PID:6320
- C:\Windows\System\nEcjXpa.exe
  C:\Windows\System\nEcjXpa.exe
  2⤵
  PID:6388
- C:\Windows\System\OcTJPKp.exe
  C:\Windows\System\OcTJPKp.exe
  2⤵
  PID:6456
- C:\Windows\System\DIJIrXV.exe
  C:\Windows\System\DIJIrXV.exe
  2⤵
  PID:3980
- C:\Windows\System\JhELFDN.exe
  C:\Windows\System\JhELFDN.exe
  2⤵
  PID:6580
- C:\Windows\System\yZzSkmR.exe
  C:\Windows\System\yZzSkmR.exe
  2⤵
  PID:6636
- C:\Windows\System\NmEQyuK.exe
  C:\Windows\System\NmEQyuK.exe
  2⤵
  PID:6704
- C:\Windows\System\KmhtTOz.exe
  C:\Windows\System\KmhtTOz.exe
  2⤵
  PID:6764
- C:\Windows\System\MVbmDPn.exe
  C:\Windows\System\MVbmDPn.exe
  2⤵
  PID:6852
- C:\Windows\System\NFuXCCy.exe
  C:\Windows\System\NFuXCCy.exe
  2⤵
  PID:6928
- C:\Windows\System\zOMBHOi.exe
  C:\Windows\System\zOMBHOi.exe
  2⤵
  PID:6988
- C:\Windows\System\oAruQab.exe
  C:\Windows\System\oAruQab.exe
  2⤵
  PID:7052
- C:\Windows\System\vpLkAHM.exe
  C:\Windows\System\vpLkAHM.exe
  2⤵
  PID:7104
- C:\Windows\System\TbwCSMt.exe
  C:\Windows\System\TbwCSMt.exe
  2⤵
  PID:7132
- C:\Windows\System\QDXKAoA.exe
  C:\Windows\System\QDXKAoA.exe
  2⤵
  PID:436
- C:\Windows\System\fJnUmPs.exe
  C:\Windows\System\fJnUmPs.exe
  2⤵
  PID:6232
- C:\Windows\System\AnoALRW.exe
  C:\Windows\System\AnoALRW.exe
  2⤵
  PID:6428
- C:\Windows\System\XwbkjuM.exe
  C:\Windows\System\XwbkjuM.exe
  2⤵
  PID:6612
- C:\Windows\System\WPLpwIA.exe
  C:\Windows\System\WPLpwIA.exe
  2⤵
  PID:6680
- C:\Windows\System\IZTCAQE.exe
  C:\Windows\System\IZTCAQE.exe
  2⤵
  PID:6844
- C:\Windows\System\IHuLySp.exe
  C:\Windows\System\IHuLySp.exe
  2⤵
  PID:6984
- C:\Windows\System\OLzOpGz.exe
  C:\Windows\System\OLzOpGz.exe
  2⤵
  PID:7088
- C:\Windows\System\ZivFRYt.exe
  C:\Windows\System\ZivFRYt.exe
  2⤵
  PID:6160
- C:\Windows\System\ehuTNtv.exe
  C:\Windows\System\ehuTNtv.exe
  2⤵
  PID:6424
- C:\Windows\System\ofJPpsv.exe
  C:\Windows\System\ofJPpsv.exe
  2⤵
  PID:3572
- C:\Windows\System\NkJesNI.exe
  C:\Windows\System\NkJesNI.exe
  2⤵
  PID:6796
- C:\Windows\System\tXJMNMc.exe
  C:\Windows\System\tXJMNMc.exe
  2⤵
  PID:7192
- C:\Windows\System\CsXtXbZ.exe
  C:\Windows\System\CsXtXbZ.exe
  2⤵
  PID:7220
- C:\Windows\System\ammCbAs.exe
  C:\Windows\System\ammCbAs.exe
  2⤵
  PID:7248
- C:\Windows\System\NUtGszd.exe
  C:\Windows\System\NUtGszd.exe
  2⤵
  PID:7276
- C:\Windows\System\ahulzTC.exe
  C:\Windows\System\ahulzTC.exe
  2⤵
  PID:7304
- C:\Windows\System\PLGpAgo.exe
  C:\Windows\System\PLGpAgo.exe
  2⤵
  PID:7332
- C:\Windows\System\WfQPsrO.exe
  C:\Windows\System\WfQPsrO.exe
  2⤵
  PID:7360
- C:\Windows\System\HEJNaxQ.exe
  C:\Windows\System\HEJNaxQ.exe
  2⤵
  PID:7388
- C:\Windows\System\CAhZRWh.exe
  C:\Windows\System\CAhZRWh.exe
  2⤵
  PID:7416
- C:\Windows\System\yammDuI.exe
  C:\Windows\System\yammDuI.exe
  2⤵
  PID:7444
- C:\Windows\System\pGfydXZ.exe
  C:\Windows\System\pGfydXZ.exe
  2⤵
  PID:7472
- C:\Windows\System\wFhSHBG.exe
  C:\Windows\System\wFhSHBG.exe
  2⤵
  PID:7500
- C:\Windows\System\hYancfB.exe
  C:\Windows\System\hYancfB.exe
  2⤵
  PID:7528
- C:\Windows\System\jraXEPk.exe
  C:\Windows\System\jraXEPk.exe
  2⤵
  PID:7556
- C:\Windows\System\dTBrbfU.exe
  C:\Windows\System\dTBrbfU.exe
  2⤵
  PID:7584
- C:\Windows\System\RjovYwy.exe
  C:\Windows\System\RjovYwy.exe
  2⤵
  PID:7612
- C:\Windows\System\bAOXcjv.exe
  C:\Windows\System\bAOXcjv.exe
  2⤵
  PID:7640
- C:\Windows\System\DOcElvE.exe
  C:\Windows\System\DOcElvE.exe
  2⤵
  PID:7668
- C:\Windows\System\tMbPGYk.exe
  C:\Windows\System\tMbPGYk.exe
  2⤵
  PID:7740
- C:\Windows\System\mITfnqR.exe
  C:\Windows\System\mITfnqR.exe
  2⤵
  PID:7760
- C:\Windows\System\PtzsvQC.exe
  C:\Windows\System\PtzsvQC.exe
  2⤵
  PID:7776
- C:\Windows\System\NmiXvpj.exe
  C:\Windows\System\NmiXvpj.exe
  2⤵
  PID:7804
- C:\Windows\System\HXKMqhs.exe
  C:\Windows\System\HXKMqhs.exe
  2⤵
  PID:7892
- C:\Windows\System\mpSitDc.exe
  C:\Windows\System\mpSitDc.exe
  2⤵
  PID:7932
- C:\Windows\System\eHBxwnU.exe
  C:\Windows\System\eHBxwnU.exe
  2⤵
  PID:7956
- C:\Windows\System\wVnHqYa.exe
  C:\Windows\System\wVnHqYa.exe
  2⤵
  PID:7988
- C:\Windows\System\HwzxLur.exe
  C:\Windows\System\HwzxLur.exe
  2⤵
  PID:8024
- C:\Windows\System\kiwTKRe.exe
  C:\Windows\System\kiwTKRe.exe
  2⤵
  PID:8060
- C:\Windows\System\ZcJSypX.exe
  C:\Windows\System\ZcJSypX.exe
  2⤵
  PID:8092
- C:\Windows\System\Tyzlbff.exe
  C:\Windows\System\Tyzlbff.exe
  2⤵
  PID:8120
- C:\Windows\System\RVxSLNQ.exe
  C:\Windows\System\RVxSLNQ.exe
  2⤵
  PID:8148
- C:\Windows\System\tWzpDyC.exe
  C:\Windows\System\tWzpDyC.exe
  2⤵
  PID:8176
- C:\Windows\System\QurcfqA.exe
  C:\Windows\System\QurcfqA.exe
  2⤵
  PID:2020
- C:\Windows\System\ZFGvNsj.exe
  C:\Windows\System\ZFGvNsj.exe
  2⤵
  PID:6560
- C:\Windows\System\mowIIpB.exe
  C:\Windows\System\mowIIpB.exe
  2⤵
  PID:4464
- C:\Windows\System\nhulpJa.exe
  C:\Windows\System\nhulpJa.exe
  2⤵
  PID:7208
- C:\Windows\System\oiGAmux.exe
  C:\Windows\System\oiGAmux.exe
  2⤵
  PID:7264
- C:\Windows\System\KYzovaT.exe
  C:\Windows\System\KYzovaT.exe
  2⤵
  PID:7324
- C:\Windows\System\FmNPYaK.exe
  C:\Windows\System\FmNPYaK.exe
  2⤵
  PID:3320
- C:\Windows\System\JzPIGLr.exe
  C:\Windows\System\JzPIGLr.exe
  2⤵
  PID:2556
- C:\Windows\System\MnKcGkk.exe
  C:\Windows\System\MnKcGkk.exe
  2⤵
  PID:4416
- C:\Windows\System\FLsVyTz.exe
  C:\Windows\System\FLsVyTz.exe
  2⤵
  PID:7540
- C:\Windows\System\PjIHfvi.exe
  C:\Windows\System\PjIHfvi.exe
  2⤵
  PID:7600
- C:\Windows\System\HYBZKkQ.exe
  C:\Windows\System\HYBZKkQ.exe
  2⤵
  PID:2508
- C:\Windows\System\lNSNGgQ.exe
  C:\Windows\System\lNSNGgQ.exe
  2⤵
  PID:7684
- C:\Windows\System\aHiSyLy.exe
  C:\Windows\System\aHiSyLy.exe
  2⤵
  PID:4316
- C:\Windows\System\azodOuT.exe
  C:\Windows\System\azodOuT.exe
  2⤵
  PID:7628
- C:\Windows\System\FpRyIej.exe
  C:\Windows\System\FpRyIej.exe
  2⤵
  PID:7756
- C:\Windows\System\gjHnRto.exe
  C:\Windows\System\gjHnRto.exe
  2⤵
  PID:7828
- C:\Windows\System\dSpWbmI.exe
  C:\Windows\System\dSpWbmI.exe
  2⤵
  PID:2160
- C:\Windows\System\PWItaSY.exe
  C:\Windows\System\PWItaSY.exe
  2⤵
  PID:5084
- C:\Windows\System\jFpftYr.exe
  C:\Windows\System\jFpftYr.exe
  2⤵
  PID:512
- C:\Windows\System\ambLYnM.exe
  C:\Windows\System\ambLYnM.exe
  2⤵
  PID:7908
- C:\Windows\System\MBAkcNi.exe
  C:\Windows\System\MBAkcNi.exe
  2⤵
  PID:4836
- C:\Windows\System\ohuOpAi.exe
  C:\Windows\System\ohuOpAi.exe
  2⤵
  PID:1732
- C:\Windows\System\IiNXPYT.exe
  C:\Windows\System\IiNXPYT.exe
  2⤵
  PID:2696
- C:\Windows\System\CMoRgcP.exe
  C:\Windows\System\CMoRgcP.exe
  2⤵
  PID:8040
- C:\Windows\System\SNaoFes.exe
  C:\Windows\System\SNaoFes.exe
  2⤵
  PID:1616
- C:\Windows\System\bCGHDCk.exe
  C:\Windows\System\bCGHDCk.exe
  2⤵
  PID:8112
- C:\Windows\System\ujYoptI.exe
  C:\Windows\System\ujYoptI.exe
  2⤵
  PID:8188
- C:\Windows\System\tDasloY.exe
  C:\Windows\System\tDasloY.exe
  2⤵
  PID:6824
- C:\Windows\System\BLWuYxz.exe
  C:\Windows\System\BLWuYxz.exe
  2⤵
  PID:7260
- C:\Windows\System\AkIhhuL.exe
  C:\Windows\System\AkIhhuL.exe
  2⤵
  PID:7380
- C:\Windows\System\xUlJtNv.exe
  C:\Windows\System\xUlJtNv.exe
  2⤵
  PID:4496
- C:\Windows\System\zVFDPlK.exe
  C:\Windows\System\zVFDPlK.exe
  2⤵
  PID:872
- C:\Windows\System\uaXJEwG.exe
  C:\Windows\System\uaXJEwG.exe
  2⤵
  PID:7728
- C:\Windows\System\ssMzQwg.exe
  C:\Windows\System\ssMzQwg.exe
  2⤵
  PID:4788
- C:\Windows\System\pIfZFON.exe
  C:\Windows\System\pIfZFON.exe
  2⤵
  PID:3604
- C:\Windows\System\RlqPRjp.exe
  C:\Windows\System\RlqPRjp.exe
  2⤵
  PID:3660
- C:\Windows\System\OZANtop.exe
  C:\Windows\System\OZANtop.exe
  2⤵
  PID:4244
- C:\Windows\System\QCZQnLY.exe
  C:\Windows\System\QCZQnLY.exe
  2⤵
  PID:4996
- C:\Windows\System\GLYgmMb.exe
  C:\Windows\System\GLYgmMb.exe
  2⤵
  PID:8088
- C:\Windows\System\GRORjiY.exe
  C:\Windows\System\GRORjiY.exe
  2⤵
  PID:6292
- C:\Windows\System\FCGTYwt.exe
  C:\Windows\System\FCGTYwt.exe
  2⤵
  PID:7040
- C:\Windows\System\FTuvOiZ.exe
  C:\Windows\System\FTuvOiZ.exe
  2⤵
  PID:1056
- C:\Windows\System\YiCDWGe.exe
  C:\Windows\System\YiCDWGe.exe
  2⤵
  PID:7652
- C:\Windows\System\UhAOcQY.exe
  C:\Windows\System\UhAOcQY.exe
  2⤵
  PID:5116
- C:\Windows\System\xJyNxfG.exe
  C:\Windows\System\xJyNxfG.exe
  2⤵
  PID:2040
- C:\Windows\System\ICPNVXm.exe
  C:\Windows\System\ICPNVXm.exe
  2⤵
  PID:7520
- C:\Windows\System\EFymNLu.exe
  C:\Windows\System\EFymNLu.exe
  2⤵
  PID:4720
- C:\Windows\System\DAxHHrb.exe
  C:\Windows\System\DAxHHrb.exe
  2⤵
  PID:4164
- C:\Windows\System\HrCNEaZ.exe
  C:\Windows\System\HrCNEaZ.exe
  2⤵
  PID:852
- C:\Windows\System\FlIPgIS.exe
  C:\Windows\System\FlIPgIS.exe
  2⤵
  PID:2592
- C:\Windows\System\HLivYcx.exe
  C:\Windows\System\HLivYcx.exe
  2⤵
  PID:2828
- C:\Windows\System\CdNZJsO.exe
  C:\Windows\System\CdNZJsO.exe
  2⤵
  PID:8208
- C:\Windows\System\qXYZJPK.exe
  C:\Windows\System\qXYZJPK.exe
  2⤵
  PID:8236
- C:\Windows\System\unMjJHl.exe
  C:\Windows\System\unMjJHl.exe
  2⤵
  PID:8264
- C:\Windows\System\viJDShB.exe
  C:\Windows\System\viJDShB.exe
  2⤵
  PID:8292
- C:\Windows\System\ESAyryz.exe
  C:\Windows\System\ESAyryz.exe
  2⤵
  PID:8316
- C:\Windows\System\LKbZdlM.exe
  C:\Windows\System\LKbZdlM.exe
  2⤵
  PID:8348
- C:\Windows\System\YpLBmVO.exe
  C:\Windows\System\YpLBmVO.exe
  2⤵
  PID:8380
- C:\Windows\System\KZYXyHz.exe
  C:\Windows\System\KZYXyHz.exe
  2⤵
  PID:8408
- C:\Windows\System\dUzfZKq.exe
  C:\Windows\System\dUzfZKq.exe
  2⤵
  PID:8436
- C:\Windows\System\TKtklxr.exe
  C:\Windows\System\TKtklxr.exe
  2⤵
  PID:8460
- C:\Windows\System\iQFjltT.exe
  C:\Windows\System\iQFjltT.exe
  2⤵
  PID:8488
- C:\Windows\System\TYlcKdF.exe
  C:\Windows\System\TYlcKdF.exe
  2⤵
  PID:8520
- C:\Windows\System\yocYaYc.exe
  C:\Windows\System\yocYaYc.exe
  2⤵
  PID:8564
- C:\Windows\System\UyuASMh.exe
  C:\Windows\System\UyuASMh.exe
  2⤵
  PID:8592
- C:\Windows\System\QSezRmj.exe
  C:\Windows\System\QSezRmj.exe
  2⤵
  PID:8620
- C:\Windows\System\fdgmEKU.exe
  C:\Windows\System\fdgmEKU.exe
  2⤵
  PID:8648
- C:\Windows\System\LfkKKFC.exe
  C:\Windows\System\LfkKKFC.exe
  2⤵
  PID:8676
- C:\Windows\System\FRmlFeG.exe
  C:\Windows\System\FRmlFeG.exe
  2⤵
  PID:8704
- C:\Windows\System\rvqOAVB.exe
  C:\Windows\System\rvqOAVB.exe
  2⤵
  PID:8732
- C:\Windows\System\EdsVqjA.exe
  C:\Windows\System\EdsVqjA.exe
  2⤵
  PID:8760
- C:\Windows\System\Tapczku.exe
  C:\Windows\System\Tapczku.exe
  2⤵
  PID:8788
- C:\Windows\System\ZMVSFba.exe
  C:\Windows\System\ZMVSFba.exe
  2⤵
  PID:8816
- C:\Windows\System\aOGFDFW.exe
  C:\Windows\System\aOGFDFW.exe
  2⤵
  PID:8844
- C:\Windows\System\CIWfNRY.exe
  C:\Windows\System\CIWfNRY.exe
  2⤵
  PID:8872
- C:\Windows\System\EpnlPBI.exe
  C:\Windows\System\EpnlPBI.exe
  2⤵
  PID:8900
- C:\Windows\System\XHRhqWU.exe
  C:\Windows\System\XHRhqWU.exe
  2⤵
  PID:8928
- C:\Windows\System\jDsrugI.exe
  C:\Windows\System\jDsrugI.exe
  2⤵
  PID:8956
- C:\Windows\System\GIOhgzb.exe
  C:\Windows\System\GIOhgzb.exe
  2⤵
  PID:8984
- C:\Windows\System\BPKhWiG.exe
  C:\Windows\System\BPKhWiG.exe
  2⤵
  PID:9012
- C:\Windows\System\RFidnxp.exe
  C:\Windows\System\RFidnxp.exe
  2⤵
  PID:9040
- C:\Windows\System\THRTdiz.exe
  C:\Windows\System\THRTdiz.exe
  2⤵
  PID:9068
- C:\Windows\System\RlSDYZZ.exe
  C:\Windows\System\RlSDYZZ.exe
  2⤵
  PID:9096
- C:\Windows\System\fuvQgNm.exe
  C:\Windows\System\fuvQgNm.exe
  2⤵
  PID:9124
- C:\Windows\System\meOQLsX.exe
  C:\Windows\System\meOQLsX.exe
  2⤵
  PID:9156
- C:\Windows\System\WBYLEeI.exe
  C:\Windows\System\WBYLEeI.exe
  2⤵
  PID:9192
- C:\Windows\System\Gfcudzh.exe
  C:\Windows\System\Gfcudzh.exe
  2⤵
  PID:8196
- C:\Windows\System\XRemlee.exe
  C:\Windows\System\XRemlee.exe
  2⤵
  PID:8248
- C:\Windows\System\CTPJKoa.exe
  C:\Windows\System\CTPJKoa.exe
  2⤵
  PID:8324
- C:\Windows\System\qwwkqcf.exe
  C:\Windows\System\qwwkqcf.exe
  2⤵
  PID:8376
- C:\Windows\System\PwwNRPB.exe
  C:\Windows\System\PwwNRPB.exe
  2⤵
  PID:8452
- C:\Windows\System\AFbqIpD.exe
  C:\Windows\System\AFbqIpD.exe
  2⤵
  PID:8512
- C:\Windows\System\ruaNJHC.exe
  C:\Windows\System\ruaNJHC.exe
  2⤵
  PID:8560
- C:\Windows\System\ykqBddl.exe
  C:\Windows\System\ykqBddl.exe
  2⤵
  PID:8632
- C:\Windows\System\GoqQcyy.exe
  C:\Windows\System\GoqQcyy.exe
  2⤵
  PID:8696
- C:\Windows\System\ZeLdfTs.exe
  C:\Windows\System\ZeLdfTs.exe
  2⤵
  PID:8756
- C:\Windows\System\kKfzYsp.exe
  C:\Windows\System\kKfzYsp.exe
  2⤵
  PID:8856
- C:\Windows\System\heTxDuG.exe
  C:\Windows\System\heTxDuG.exe
  2⤵
  PID:8892
- C:\Windows\System\ipLNqsq.exe
  C:\Windows\System\ipLNqsq.exe
  2⤵
  PID:8952
- C:\Windows\System\VORQLft.exe
  C:\Windows\System\VORQLft.exe
  2⤵
  PID:9028
- C:\Windows\System\kKzVDQO.exe
  C:\Windows\System\kKzVDQO.exe
  2⤵
  PID:9088
- C:\Windows\System\pNmBXWT.exe
  C:\Windows\System\pNmBXWT.exe
  2⤵
  PID:9152
- C:\Windows\System\EdFHokB.exe
  C:\Windows\System\EdFHokB.exe
  2⤵
  PID:9212
- C:\Windows\System\PqwJHZy.exe
  C:\Windows\System\PqwJHZy.exe
  2⤵
  PID:8344
- C:\Windows\System\qgWmJSG.exe
  C:\Windows\System\qgWmJSG.exe
  2⤵
  PID:8544
- C:\Windows\System\ejuZiax.exe
  C:\Windows\System\ejuZiax.exe
  2⤵
  PID:8688
- C:\Windows\System\OevdZrS.exe
  C:\Windows\System\OevdZrS.exe
  2⤵
  PID:8840
- C:\Windows\System\FkwfhSl.exe
  C:\Windows\System\FkwfhSl.exe
  2⤵
  PID:9004
- C:\Windows\System\jAzjtlE.exe
  C:\Windows\System\jAzjtlE.exe
  2⤵
  PID:9116
- C:\Windows\System\izpafUW.exe
  C:\Windows\System\izpafUW.exe
  2⤵
  PID:8480
- C:\Windows\System\nDBTUHt.exe
  C:\Windows\System\nDBTUHt.exe
  2⤵
  PID:8748
- C:\Windows\System\wUGQRUe.exe
  C:\Windows\System\wUGQRUe.exe
  2⤵
  PID:9064
- C:\Windows\System\WZmJvqD.exe
  C:\Windows\System\WZmJvqD.exe
  2⤵
  PID:8616
- C:\Windows\System\axzfsJC.exe
  C:\Windows\System\axzfsJC.exe
  2⤵
  PID:9228
- C:\Windows\System\yAkTFmG.exe
  C:\Windows\System\yAkTFmG.exe
  2⤵
  PID:9272
- C:\Windows\System\IqaoDou.exe
  C:\Windows\System\IqaoDou.exe
  2⤵
  PID:9300
- C:\Windows\System\MPuThsY.exe
  C:\Windows\System\MPuThsY.exe
  2⤵
  PID:9328
- C:\Windows\System\YKOloVc.exe
  C:\Windows\System\YKOloVc.exe
  2⤵
  PID:9356
- C:\Windows\System\BApwehR.exe
  C:\Windows\System\BApwehR.exe
  2⤵
  PID:9384
- C:\Windows\System\HhBLvPB.exe
  C:\Windows\System\HhBLvPB.exe
  2⤵
  PID:9412
- C:\Windows\System\sRONsEU.exe
  C:\Windows\System\sRONsEU.exe
  2⤵
  PID:9440
- C:\Windows\System\odDaAJQ.exe
  C:\Windows\System\odDaAJQ.exe
  2⤵
  PID:9468
- C:\Windows\System\bNIpxBt.exe
  C:\Windows\System\bNIpxBt.exe
  2⤵
  PID:9496
- C:\Windows\System\rdcyhyy.exe
  C:\Windows\System\rdcyhyy.exe
  2⤵
  PID:9524
- C:\Windows\System\QqJTRyS.exe
  C:\Windows\System\QqJTRyS.exe
  2⤵
  PID:9552
- C:\Windows\System\ZcpmXdz.exe
  C:\Windows\System\ZcpmXdz.exe
  2⤵
  PID:9580
- C:\Windows\System\itQXUFj.exe
  C:\Windows\System\itQXUFj.exe
  2⤵
  PID:9608
- C:\Windows\System\IImezPH.exe
  C:\Windows\System\IImezPH.exe
  2⤵
  PID:9640
- C:\Windows\System\BFZoGEp.exe
  C:\Windows\System\BFZoGEp.exe
  2⤵
  PID:9668
- C:\Windows\System\tkqPxdX.exe
  C:\Windows\System\tkqPxdX.exe
  2⤵
  PID:9696
- C:\Windows\System\eDyubyP.exe
  C:\Windows\System\eDyubyP.exe
  2⤵
  PID:9724
- C:\Windows\System\dOtKGLx.exe
  C:\Windows\System\dOtKGLx.exe
  2⤵
  PID:9752
- C:\Windows\System\sXBwxoJ.exe
  C:\Windows\System\sXBwxoJ.exe
  2⤵
  PID:9780
- C:\Windows\System\XmCAYMM.exe
  C:\Windows\System\XmCAYMM.exe
  2⤵
  PID:9824
- C:\Windows\System\efFedUH.exe
  C:\Windows\System\efFedUH.exe
  2⤵
  PID:9868
- C:\Windows\System\dlyYGtr.exe
  C:\Windows\System\dlyYGtr.exe
  2⤵
  PID:9936
- C:\Windows\System\oOigAbK.exe
  C:\Windows\System\oOigAbK.exe
  2⤵
  PID:9988
- C:\Windows\System\NPRHmkp.exe
  C:\Windows\System\NPRHmkp.exe
  2⤵
  PID:10048
- C:\Windows\System\vjGDAux.exe
  C:\Windows\System\vjGDAux.exe
  2⤵
  PID:10136
- C:\Windows\System\YWjkzmS.exe
  C:\Windows\System\YWjkzmS.exe
  2⤵
  PID:10192
- C:\Windows\System\bHYkBna.exe
  C:\Windows\System\bHYkBna.exe
  2⤵
  PID:10228
- C:\Windows\System\aFIPDqf.exe
  C:\Windows\System\aFIPDqf.exe
  2⤵
  PID:9292
- C:\Windows\System\SoXuKCm.exe
  C:\Windows\System\SoXuKCm.exe
  2⤵
  PID:9352
- C:\Windows\System\urYlURD.exe
  C:\Windows\System\urYlURD.exe
  2⤵
  PID:9424
- C:\Windows\System\Caeeqgj.exe
  C:\Windows\System\Caeeqgj.exe
  2⤵
  PID:9492
- C:\Windows\System\woIBKIV.exe
  C:\Windows\System\woIBKIV.exe
  2⤵
  PID:9572
- C:\Windows\System\FCdurJZ.exe
  C:\Windows\System\FCdurJZ.exe
  2⤵
  PID:9636
- C:\Windows\System\KMFmlfh.exe
  C:\Windows\System\KMFmlfh.exe
  2⤵
  PID:9740
- C:\Windows\System\IOFgkFv.exe
  C:\Windows\System\IOFgkFv.exe
  2⤵
  PID:9860
- C:\Windows\System\PWNSHoA.exe
  C:\Windows\System\PWNSHoA.exe
  2⤵
  PID:9984
- C:\Windows\System\jchudbf.exe
  C:\Windows\System\jchudbf.exe
  2⤵
  PID:2972
- C:\Windows\System\QKxMxJE.exe
  C:\Windows\System\QKxMxJE.exe
  2⤵
  PID:10236
- C:\Windows\System\gPoMXCA.exe
  C:\Windows\System\gPoMXCA.exe
  2⤵
  PID:9340
- C:\Windows\System\kqvRbwp.exe
  C:\Windows\System\kqvRbwp.exe
  2⤵
  PID:9520
- C:\Windows\System\DLbpURb.exe
  C:\Windows\System\DLbpURb.exe
  2⤵
  PID:9628
- C:\Windows\System\lNAGstH.exe
  C:\Windows\System\lNAGstH.exe
  2⤵
  PID:9836
- C:\Windows\System\RkoVJSQ.exe
  C:\Windows\System\RkoVJSQ.exe
  2⤵
  PID:10160
- C:\Windows\System\TZTYlXT.exe
  C:\Windows\System\TZTYlXT.exe
  2⤵
  PID:9956
- C:\Windows\System\rrAHYJU.exe
  C:\Windows\System\rrAHYJU.exe
  2⤵
  PID:764
- C:\Windows\System\bvBlSDZ.exe
  C:\Windows\System\bvBlSDZ.exe
  2⤵
  PID:9980
- C:\Windows\System\XAeABYp.exe
  C:\Windows\System\XAeABYp.exe
  2⤵
  PID:10208
- C:\Windows\System\nEHPcqI.exe
  C:\Windows\System\nEHPcqI.exe
  2⤵
  PID:9968
- C:\Windows\System\WMmNHWU.exe
  C:\Windows\System\WMmNHWU.exe
  2⤵
  PID:10256
- C:\Windows\System\Xqrrafy.exe
  C:\Windows\System\Xqrrafy.exe
  2⤵
  PID:10284
- C:\Windows\System\vbjmYHa.exe
  C:\Windows\System\vbjmYHa.exe
  2⤵
  PID:10316
- C:\Windows\System\IrakHBI.exe
  C:\Windows\System\IrakHBI.exe
  2⤵
  PID:10344
- C:\Windows\System\TPrPTny.exe
  C:\Windows\System\TPrPTny.exe
  2⤵
  PID:10372
- C:\Windows\System\nbTlywq.exe
  C:\Windows\System\nbTlywq.exe
  2⤵
  PID:10400
- C:\Windows\System\iPowuHp.exe
  C:\Windows\System\iPowuHp.exe
  2⤵
  PID:10428
- C:\Windows\System\zDLfHQr.exe
  C:\Windows\System\zDLfHQr.exe
  2⤵
  PID:10456
- C:\Windows\System\mXrLzAg.exe
  C:\Windows\System\mXrLzAg.exe
  2⤵
  PID:10484
- C:\Windows\System\EgTTxnz.exe
  C:\Windows\System\EgTTxnz.exe
  2⤵
  PID:10512
- C:\Windows\System\mdNazcd.exe
  C:\Windows\System\mdNazcd.exe
  2⤵
  PID:10540
- C:\Windows\System\GhyBtwL.exe
  C:\Windows\System\GhyBtwL.exe
  2⤵
  PID:10568
- C:\Windows\System\hElzRME.exe
  C:\Windows\System\hElzRME.exe
  2⤵
  PID:10596
- C:\Windows\System\ZEkeQEh.exe
  C:\Windows\System\ZEkeQEh.exe
  2⤵
  PID:10624
- C:\Windows\System\iVyovMW.exe
  C:\Windows\System\iVyovMW.exe
  2⤵
  PID:10652
- C:\Windows\System\SuOPvcW.exe
  C:\Windows\System\SuOPvcW.exe
  2⤵
  PID:10680
- C:\Windows\System\LGVFbsJ.exe
  C:\Windows\System\LGVFbsJ.exe
  2⤵
  PID:10708
- C:\Windows\System\opeCVQY.exe
  C:\Windows\System\opeCVQY.exe
  2⤵
  PID:10736
- C:\Windows\System\WrNeICK.exe
  C:\Windows\System\WrNeICK.exe
  2⤵
  PID:10768
- C:\Windows\System\vaLxzPY.exe
  C:\Windows\System\vaLxzPY.exe
  2⤵
  PID:10800
- C:\Windows\System\eYyOvyH.exe
  C:\Windows\System\eYyOvyH.exe
  2⤵
  PID:10828
- C:\Windows\System\uXKRmNz.exe
  C:\Windows\System\uXKRmNz.exe
  2⤵
  PID:10856
- C:\Windows\System\vBEzPsV.exe
  C:\Windows\System\vBEzPsV.exe
  2⤵
  PID:10884
- C:\Windows\System\lUlAUYp.exe
  C:\Windows\System\lUlAUYp.exe
  2⤵
  PID:10912
- C:\Windows\System\qmrWmag.exe
  C:\Windows\System\qmrWmag.exe
  2⤵
  PID:10940
- C:\Windows\System\XvwsMaj.exe
  C:\Windows\System\XvwsMaj.exe
  2⤵
  PID:10968
- C:\Windows\System\oqBIsEP.exe
  C:\Windows\System\oqBIsEP.exe
  2⤵
  PID:10996
- C:\Windows\System\bCgNRBo.exe
  C:\Windows\System\bCgNRBo.exe
  2⤵
  PID:11024
- C:\Windows\System\tiRvoXN.exe
  C:\Windows\System\tiRvoXN.exe
  2⤵
  PID:11052
- C:\Windows\System\upBnyHx.exe
  C:\Windows\System\upBnyHx.exe
  2⤵
  PID:11080
- C:\Windows\System\AawSrkF.exe
  C:\Windows\System\AawSrkF.exe
  2⤵
  PID:11108
- C:\Windows\System\HRaELFW.exe
  C:\Windows\System\HRaELFW.exe
  2⤵
  PID:11136
- C:\Windows\System\CbbxGVw.exe
  C:\Windows\System\CbbxGVw.exe
  2⤵
  PID:11164
- C:\Windows\System\sGZxaEd.exe
  C:\Windows\System\sGZxaEd.exe
  2⤵
  PID:11180
- C:\Windows\System\PwWvvja.exe
  C:\Windows\System\PwWvvja.exe
  2⤵
  PID:11204
- C:\Windows\System\RWCUobd.exe
  C:\Windows\System\RWCUobd.exe
  2⤵
  PID:11236
- C:\Windows\System\lBDICnW.exe
  C:\Windows\System\lBDICnW.exe
  2⤵
  PID:11252
- C:\Windows\System\AfYVXLH.exe
  C:\Windows\System\AfYVXLH.exe
  2⤵
  PID:3276
- C:\Windows\System\QuOKonj.exe
  C:\Windows\System\QuOKonj.exe
  2⤵
  PID:10336
- C:\Windows\System\YFdhOtH.exe
  C:\Windows\System\YFdhOtH.exe
  2⤵
  PID:10452
- C:\Windows\System\GreqLis.exe
  C:\Windows\System\GreqLis.exe
  2⤵
  PID:372
- C:\Windows\System\itCdYzc.exe
  C:\Windows\System\itCdYzc.exe
  2⤵
  PID:10636
- C:\Windows\System\Unhnypq.exe
  C:\Windows\System\Unhnypq.exe
  2⤵
  PID:10704
- C:\Windows\System\bkSGPcC.exe
  C:\Windows\System\bkSGPcC.exe
  2⤵
  PID:10788
- C:\Windows\System\vXyPais.exe
  C:\Windows\System\vXyPais.exe
  2⤵
  PID:10868
- C:\Windows\System\feCkxxX.exe
  C:\Windows\System\feCkxxX.exe
  2⤵
  PID:10928
- C:\Windows\System\ORtyWTz.exe
  C:\Windows\System\ORtyWTz.exe
  2⤵
  PID:10988
- C:\Windows\System\pEsAiYC.exe
  C:\Windows\System\pEsAiYC.exe
  2⤵
  PID:11048
- C:\Windows\System\vRcnzkq.exe
  C:\Windows\System\vRcnzkq.exe
  2⤵
  PID:11120
- C:\Windows\System\TwfcVUC.exe
  C:\Windows\System\TwfcVUC.exe
  2⤵
  PID:11188
- C:\Windows\System\iatqgke.exe
  C:\Windows\System\iatqgke.exe
  2⤵
  PID:10168
- C:\Windows\System\RBOgSds.exe
  C:\Windows\System\RBOgSds.exe
  2⤵
  PID:9244
- C:\Windows\System\FNTmveD.exe
  C:\Windows\System\FNTmveD.exe
  2⤵
  PID:10148
- C:\Windows\System\sGZOTHp.exe
  C:\Windows\System\sGZOTHp.exe
  2⤵
  PID:10444
- C:\Windows\System\sEsidTg.exe
  C:\Windows\System\sEsidTg.exe
  2⤵
  PID:10616
- C:\Windows\System\HfcPWpd.exe
  C:\Windows\System\HfcPWpd.exe
  2⤵
  PID:10752
- C:\Windows\System\AbyYFyb.exe
  C:\Windows\System\AbyYFyb.exe
  2⤵
  PID:10904
- C:\Windows\System\YHslbAV.exe
  C:\Windows\System\YHslbAV.exe
  2⤵
  PID:11044
- C:\Windows\System\YVDmOnC.exe
  C:\Windows\System\YVDmOnC.exe
  2⤵
  PID:10592
- C:\Windows\System\uYHZSQP.exe
  C:\Windows\System\uYHZSQP.exe
  2⤵
  PID:10896
- C:\Windows\System\ICzHLiB.exe
  C:\Windows\System\ICzHLiB.exe
  2⤵
  PID:1080
- C:\Windows\System\NHgtmok.exe
  C:\Windows\System\NHgtmok.exe
  2⤵
  PID:10392
- C:\Windows\System\erUsNoS.exe
  C:\Windows\System\erUsNoS.exe
  2⤵
  PID:10700
- C:\Windows\System\NNAyvPF.exe
  C:\Windows\System\NNAyvPF.exe
  2⤵
  PID:2096
- C:\Windows\System\TAFfkrD.exe
  C:\Windows\System\TAFfkrD.exe
  2⤵
  PID:10532
- C:\Windows\System\wThJQmd.exe
  C:\Windows\System\wThJQmd.exe
  2⤵
  PID:9264
- C:\Windows\System\OgVPHPh.exe
  C:\Windows\System\OgVPHPh.exe
  2⤵
  PID:11040
- C:\Windows\System\VKJRXTt.exe
  C:\Windows\System\VKJRXTt.exe
  2⤵
  PID:10880
- C:\Windows\System\RoWHJWy.exe
  C:\Windows\System\RoWHJWy.exe
  2⤵
  PID:10852
- C:\Windows\System\oDAPeaW.exe
  C:\Windows\System\oDAPeaW.exe
  2⤵
  PID:11284
- C:\Windows\System\HvelYZh.exe
  C:\Windows\System\HvelYZh.exe
  2⤵
  PID:11312
- C:\Windows\System\sWyGPwp.exe
  C:\Windows\System\sWyGPwp.exe
  2⤵
  PID:11340
- C:\Windows\System\MaqHTUb.exe
  C:\Windows\System\MaqHTUb.exe
  2⤵
  PID:11368
- C:\Windows\System\mqyuWLt.exe
  C:\Windows\System\mqyuWLt.exe
  2⤵
  PID:11400
- C:\Windows\System\tHgaLJJ.exe
  C:\Windows\System\tHgaLJJ.exe
  2⤵
  PID:11428
- C:\Windows\System\gpTbbLF.exe
  C:\Windows\System\gpTbbLF.exe
  2⤵
  PID:11456
- C:\Windows\System\IsepdsO.exe
  C:\Windows\System\IsepdsO.exe
  2⤵
  PID:11484
- C:\Windows\System\yrSAyxi.exe
  C:\Windows\System\yrSAyxi.exe
  2⤵
  PID:11512
- C:\Windows\System\RnwNnnW.exe
  C:\Windows\System\RnwNnnW.exe
  2⤵
  PID:11540
- C:\Windows\System\DOSpIQh.exe
  C:\Windows\System\DOSpIQh.exe
  2⤵
  PID:11568
- C:\Windows\System\uhiysNo.exe
  C:\Windows\System\uhiysNo.exe
  2⤵
  PID:11596
- C:\Windows\System\uVtHwvT.exe
  C:\Windows\System\uVtHwvT.exe
  2⤵
  PID:11624
- C:\Windows\System\ofuSJRL.exe
  C:\Windows\System\ofuSJRL.exe
  2⤵
  PID:11652
- C:\Windows\System\BvShCwA.exe
  C:\Windows\System\BvShCwA.exe
  2⤵
  PID:11680
- C:\Windows\System\MpoJmOh.exe
  C:\Windows\System\MpoJmOh.exe
  2⤵
  PID:11720
- C:\Windows\System\YFZPLdg.exe
  C:\Windows\System\YFZPLdg.exe
  2⤵
  PID:11736
- C:\Windows\System\ALeprTr.exe
  C:\Windows\System\ALeprTr.exe
  2⤵
  PID:11764
- C:\Windows\System\jfYubMp.exe
  C:\Windows\System\jfYubMp.exe
  2⤵
  PID:11792
- C:\Windows\System\uaBiGnA.exe
  C:\Windows\System\uaBiGnA.exe
  2⤵
  PID:11820
- C:\Windows\System\tgMoAld.exe
  C:\Windows\System\tgMoAld.exe
  2⤵
  PID:11848
- C:\Windows\System\RVfNhPI.exe
  C:\Windows\System\RVfNhPI.exe
  2⤵
  PID:11876
- C:\Windows\System\XaGNzdG.exe
  C:\Windows\System\XaGNzdG.exe
  2⤵
  PID:11904
- C:\Windows\System\UznEWHd.exe
  C:\Windows\System\UznEWHd.exe
  2⤵
  PID:11932
- C:\Windows\System\shtKYuW.exe
  C:\Windows\System\shtKYuW.exe
  2⤵
  PID:11960
- C:\Windows\System\xgxXcLL.exe
  C:\Windows\System\xgxXcLL.exe
  2⤵
  PID:11988
- C:\Windows\System\FCMygHd.exe
  C:\Windows\System\FCMygHd.exe
  2⤵
  PID:12020
- C:\Windows\System\xwHCyxR.exe
  C:\Windows\System\xwHCyxR.exe
  2⤵
  PID:12048
- C:\Windows\System\aAomrBS.exe
  C:\Windows\System\aAomrBS.exe
  2⤵
  PID:12076
- C:\Windows\System\CQAHbIH.exe
  C:\Windows\System\CQAHbIH.exe
  2⤵
  PID:12104
- C:\Windows\System\xUQDcNP.exe
  C:\Windows\System\xUQDcNP.exe
  2⤵
  PID:12132
- C:\Windows\System\UOvHRkf.exe
  C:\Windows\System\UOvHRkf.exe
  2⤵
  PID:12160
- C:\Windows\System\bFrLGYf.exe
  C:\Windows\System\bFrLGYf.exe
  2⤵
  PID:12192
- C:\Windows\System\rnuazmu.exe
  C:\Windows\System\rnuazmu.exe
  2⤵
  PID:12220
- C:\Windows\System\PSORhHk.exe
  C:\Windows\System\PSORhHk.exe
  2⤵
  PID:12260
- C:\Windows\System\MUJvien.exe
  C:\Windows\System\MUJvien.exe
  2⤵
  PID:12284
- C:\Windows\System\DeIlsDP.exe
  C:\Windows\System\DeIlsDP.exe
  2⤵
  PID:11420
- C:\Windows\System\FOjfWBW.exe
  C:\Windows\System\FOjfWBW.exe
  2⤵
  PID:11532
- C:\Windows\System\aFcbztj.exe
  C:\Windows\System\aFcbztj.exe
  2⤵
  PID:4980
- C:\Windows\System\oVSNNgm.exe
  C:\Windows\System\oVSNNgm.exe
  2⤵
  PID:11732
- C:\Windows\System\ExBRsDW.exe
  C:\Windows\System\ExBRsDW.exe
  2⤵
  PID:11784
- C:\Windows\System\TFEpONQ.exe
  C:\Windows\System\TFEpONQ.exe
  2⤵
  PID:11872
- C:\Windows\System\WUZwENK.exe
  C:\Windows\System\WUZwENK.exe
  2⤵
  PID:11928
- C:\Windows\System\YOKjSrr.exe
  C:\Windows\System\YOKjSrr.exe
  2⤵
  PID:11388
- C:\Windows\System\yZcktRH.exe
  C:\Windows\System\yZcktRH.exe
  2⤵
  PID:12096
- C:\Windows\System\QBqAeNQ.exe
  C:\Windows\System\QBqAeNQ.exe
  2⤵
  PID:12156
- C:\Windows\System\GVhQFeR.exe
  C:\Windows\System\GVhQFeR.exe
  2⤵
  PID:12244
- C:\Windows\System\rRCrIub.exe
  C:\Windows\System\rRCrIub.exe
  2⤵
  PID:11448
- C:\Windows\System\dlyxeBe.exe
  C:\Windows\System\dlyxeBe.exe
  2⤵
  PID:11704
- C:\Windows\System\qPTnSkA.exe
  C:\Windows\System\qPTnSkA.exe
  2⤵
  PID:11832
- C:\Windows\System\PEphbAF.exe
  C:\Windows\System\PEphbAF.exe
  2⤵
  PID:11984
- C:\Windows\System\gFHZBHk.exe
  C:\Windows\System\gFHZBHk.exe
  2⤵
  PID:12188
- C:\Windows\System\BmzfHQD.exe
  C:\Windows\System\BmzfHQD.exe
  2⤵
  PID:12044
- C:\Windows\System\TCrDetO.exe
  C:\Windows\System\TCrDetO.exe
  2⤵
  PID:11304
- C:\Windows\System\mAvtGuX.exe
  C:\Windows\System\mAvtGuX.exe
  2⤵
  PID:11900
- C:\Windows\System\hMDAAJl.exe
  C:\Windows\System\hMDAAJl.exe
  2⤵
  PID:2976
- C:\Windows\System\PLJakMH.exe
  C:\Windows\System\PLJakMH.exe
  2⤵
  PID:12272
- C:\Windows\System\mcdGyjo.exe
  C:\Windows\System\mcdGyjo.exe
  2⤵
  PID:11580
- C:\Windows\System\rBqGomN.exe
  C:\Windows\System\rBqGomN.exe
  2⤵
  PID:3444
- C:\Windows\System\zeCDWRv.exe
  C:\Windows\System\zeCDWRv.exe
  2⤵
  PID:12316
- C:\Windows\System\eplqflo.exe
  C:\Windows\System\eplqflo.exe
  2⤵
  PID:12344
- C:\Windows\System\NkHaplj.exe
  C:\Windows\System\NkHaplj.exe
  2⤵
  PID:12376
- C:\Windows\System\FzLlHhU.exe
  C:\Windows\System\FzLlHhU.exe
  2⤵
  PID:12404
- C:\Windows\System\omGsdkx.exe
  C:\Windows\System\omGsdkx.exe
  2⤵
  PID:12432
- C:\Windows\System\piJdkpV.exe
  C:\Windows\System\piJdkpV.exe
  2⤵
  PID:12460
- C:\Windows\System\bRaUtWK.exe
  C:\Windows\System\bRaUtWK.exe
  2⤵
  PID:12488
- C:\Windows\System\pFtexlh.exe
  C:\Windows\System\pFtexlh.exe
  2⤵
  PID:12516
- C:\Windows\System\ouFCCUP.exe
  C:\Windows\System\ouFCCUP.exe
  2⤵
  PID:12544
- C:\Windows\System\yFcfzbV.exe
  C:\Windows\System\yFcfzbV.exe
  2⤵
  PID:12572
- C:\Windows\System\wgQKuIo.exe
  C:\Windows\System\wgQKuIo.exe
  2⤵
  PID:12600
- C:\Windows\System\FrGUamc.exe
  C:\Windows\System\FrGUamc.exe
  2⤵
  PID:12628
- C:\Windows\System\DpRTOIb.exe
  C:\Windows\System\DpRTOIb.exe
  2⤵
  PID:12656
- C:\Windows\System\jeGnyLz.exe
  C:\Windows\System\jeGnyLz.exe
  2⤵
  PID:12684
- C:\Windows\System\CWaZHdE.exe
  C:\Windows\System\CWaZHdE.exe
  2⤵
  PID:12712
- C:\Windows\System\IGMLCHP.exe
  C:\Windows\System\IGMLCHP.exe
  2⤵
  PID:12740
- C:\Windows\System\oLxhdWQ.exe
  C:\Windows\System\oLxhdWQ.exe
  2⤵
  PID:12768
- C:\Windows\System\eLACuqm.exe
  C:\Windows\System\eLACuqm.exe
  2⤵
  PID:12796
- C:\Windows\System\uuESTyf.exe
  C:\Windows\System\uuESTyf.exe
  2⤵
  PID:12824
- C:\Windows\System\sypqtFC.exe
  C:\Windows\System\sypqtFC.exe
  2⤵
  PID:12852
- C:\Windows\System\OZPQcqO.exe
  C:\Windows\System\OZPQcqO.exe
  2⤵
  PID:12880
- C:\Windows\System\zvpeKDX.exe
  C:\Windows\System\zvpeKDX.exe
  2⤵
  PID:12908
- C:\Windows\System\DfyFCar.exe
  C:\Windows\System\DfyFCar.exe
  2⤵
  PID:12940
- C:\Windows\System\oGgdDKV.exe
  C:\Windows\System\oGgdDKV.exe
  2⤵
  PID:12968
- C:\Windows\System\VqKQOYS.exe
  C:\Windows\System\VqKQOYS.exe
  2⤵
  PID:12996
- C:\Windows\System\BCmrEkQ.exe
  C:\Windows\System\BCmrEkQ.exe
  2⤵
  PID:13024
- C:\Windows\System\ecBqzAw.exe
  C:\Windows\System\ecBqzAw.exe
  2⤵
  PID:13052
- C:\Windows\System\YfDVmga.exe
  C:\Windows\System\YfDVmga.exe
  2⤵
  PID:13080
- C:\Windows\System\jjlBest.exe
  C:\Windows\System\jjlBest.exe
  2⤵
  PID:13116
- C:\Windows\System\aNahjKj.exe
  C:\Windows\System\aNahjKj.exe
  2⤵
  PID:13144
- C:\Windows\System\IDGHQmp.exe
  C:\Windows\System\IDGHQmp.exe
  2⤵
  PID:13172
- C:\Windows\System\PXfAKHX.exe
  C:\Windows\System\PXfAKHX.exe
  2⤵
  PID:13200
- C:\Windows\System\GLCqFHs.exe
  C:\Windows\System\GLCqFHs.exe
  2⤵
  PID:13228
- C:\Windows\System\ZLCCzeQ.exe
  C:\Windows\System\ZLCCzeQ.exe
  2⤵
  PID:13256
- C:\Windows\System\FcHDpmC.exe
  C:\Windows\System\FcHDpmC.exe
  2⤵
  PID:13284
- C:\Windows\System\UPykUXz.exe
  C:\Windows\System\UPykUXz.exe
  2⤵
  PID:11844
- C:\Windows\System\SzoreOo.exe
  C:\Windows\System\SzoreOo.exe
  2⤵
  PID:12388
- C:\Windows\System\CifxUyu.exe
  C:\Windows\System\CifxUyu.exe
  2⤵
  PID:12400
- C:\Windows\System\MKkUfgF.exe
  C:\Windows\System\MKkUfgF.exe
  2⤵
  PID:12456
- C:\Windows\System\yHcBSXl.exe
  C:\Windows\System\yHcBSXl.exe
  2⤵
  PID:12528
- C:\Windows\System\TMzPtys.exe
  C:\Windows\System\TMzPtys.exe
  2⤵
  PID:12584
- C:\Windows\System\CEVURLE.exe
  C:\Windows\System\CEVURLE.exe
  2⤵
  PID:12648
- C:\Windows\System\xFxonHN.exe
  C:\Windows\System\xFxonHN.exe
  2⤵
  PID:12708
- C:\Windows\System\ccNfsac.exe
  C:\Windows\System\ccNfsac.exe
  2⤵
  PID:12780
- C:\Windows\System\hTXLSUa.exe
  C:\Windows\System\hTXLSUa.exe
  2⤵
  PID:12864
- C:\Windows\System\ZoaKdmg.exe
  C:\Windows\System\ZoaKdmg.exe
  2⤵
  PID:12904
- C:\Windows\System\vzxGtjq.exe
  C:\Windows\System\vzxGtjq.exe
  2⤵
  PID:12980
- C:\Windows\System\LTPsMoS.exe
  C:\Windows\System\LTPsMoS.exe
  2⤵
  PID:13044
- C:\Windows\System\GQbaeWi.exe
  C:\Windows\System\GQbaeWi.exe
  2⤵
  PID:13104
- C:\Windows\System\rEIumKp.exe
  C:\Windows\System\rEIumKp.exe
  2⤵
  PID:13184
- C:\Windows\System\yRsymvK.exe
  C:\Windows\System\yRsymvK.exe
  2⤵
  PID:13220
- C:\Windows\System\hLLzRXA.exe
  C:\Windows\System\hLLzRXA.exe
  2⤵
  PID:13296
- C:\Windows\System\tFNZind.exe
  C:\Windows\System\tFNZind.exe
  2⤵
  PID:1096
- C:\Windows\System\OJpUJaB.exe
  C:\Windows\System\OJpUJaB.exe
  2⤵
  PID:12512
- C:\Windows\System\zfpycFG.exe
  C:\Windows\System\zfpycFG.exe
  2⤵
  PID:12696
- C:\Windows\System\WNAUmEk.exe
  C:\Windows\System\WNAUmEk.exe
  2⤵
  PID:12836
- C:\Windows\System\iZcZtTi.exe
  C:\Windows\System\iZcZtTi.exe
  2⤵
  PID:12964
- C:\Windows\System\QjFvDXX.exe
  C:\Windows\System\QjFvDXX.exe
  2⤵
  PID:13072
- C:\Windows\System\yjoFYxG.exe
  C:\Windows\System\yjoFYxG.exe
  2⤵
  PID:8468
- C:\Windows\System\ZWywebh.exe
  C:\Windows\System\ZWywebh.exe
  2⤵
  PID:9236
- C:\Windows\System\GGdSHRp.exe
  C:\Windows\System\GGdSHRp.exe
  2⤵
  PID:13168
- C:\Windows\System\VfrrNEt.exe
  C:\Windows\System\VfrrNEt.exe
  2⤵
  PID:12312
- C:\Windows\System\AyNTbqz.exe
  C:\Windows\System\AyNTbqz.exe
  2⤵
  PID:12640
- C:\Windows\System\NOlesal.exe
  C:\Windows\System\NOlesal.exe
  2⤵
  PID:5148
- C:\Windows\System\JKPTjlw.exe
  C:\Windows\System\JKPTjlw.exe
  2⤵
  PID:8948
- C:\Windows\System\LSJBNgR.exe
  C:\Windows\System\LSJBNgR.exe
  2⤵
  PID:1992
- C:\Windows\System\oUDIIUQ.exe
  C:\Windows\System\oUDIIUQ.exe
  2⤵
  PID:12508
- C:\Windows\System\upcgcHY.exe
  C:\Windows\System\upcgcHY.exe
  2⤵
  PID:9804
- C:\Windows\System\raninXA.exe
  C:\Windows\System\raninXA.exe
  2⤵
  PID:12444
- C:\Windows\System\SqwclWE.exe
  C:\Windows\System\SqwclWE.exe
  2⤵
  PID:13036
- C:\Windows\System\JJaCbCw.exe
  C:\Windows\System\JJaCbCw.exe
  2⤵
  PID:13340
- C:\Windows\System\LEOehYl.exe
  C:\Windows\System\LEOehYl.exe
  2⤵
  PID:13368
- C:\Windows\System\jsWvZXk.exe
  C:\Windows\System\jsWvZXk.exe
  2⤵
  PID:13396
- C:\Windows\System\nfZjQLi.exe
  C:\Windows\System\nfZjQLi.exe
  2⤵
  PID:13424
- C:\Windows\System\aJKPmJT.exe
  C:\Windows\System\aJKPmJT.exe
  2⤵
  PID:13452
- C:\Windows\System\XOQvxVw.exe
  C:\Windows\System\XOQvxVw.exe
  2⤵
  PID:13480
- C:\Windows\System\qNpdOnL.exe
  C:\Windows\System\qNpdOnL.exe
  2⤵
  PID:13540
- C:\Windows\System\pYPuUQT.exe
  C:\Windows\System\pYPuUQT.exe
  2⤵
  PID:13568
- C:\Windows\System\wLXIeKe.exe
  C:\Windows\System\wLXIeKe.exe
  2⤵
  PID:13600
- C:\Windows\System\tpmVHyM.exe
  C:\Windows\System\tpmVHyM.exe
  2⤵
  PID:13624
- C:\Windows\System\fWvHnPG.exe
  C:\Windows\System\fWvHnPG.exe
  2⤵
  PID:13652
- C:\Windows\System\pHxYxtn.exe
  C:\Windows\System\pHxYxtn.exe
  2⤵
  PID:13668
- C:\Windows\System\ABrPEtC.exe
  C:\Windows\System\ABrPEtC.exe
  2⤵
  PID:13688
- C:\Windows\System\mHTzslp.exe
  C:\Windows\System\mHTzslp.exe
  2⤵
  PID:13744
- C:\Windows\System\MwcgINH.exe
  C:\Windows\System\MwcgINH.exe
  2⤵
  PID:13772
- C:\Windows\System\CIqeTqu.exe
  C:\Windows\System\CIqeTqu.exe
  2⤵
  PID:13800
- C:\Windows\System\tIGfukn.exe
  C:\Windows\System\tIGfukn.exe
  2⤵
  PID:13836
- C:\Windows\System\FtBsBNc.exe
  C:\Windows\System\FtBsBNc.exe
  2⤵
  PID:13864
- C:\Windows\System\ONaFGQA.exe
  C:\Windows\System\ONaFGQA.exe
  2⤵
  PID:13892
- C:\Windows\System\PJAUwvJ.exe
  C:\Windows\System\PJAUwvJ.exe
  2⤵
  PID:13920
- C:\Windows\System\nnJAArX.exe
  C:\Windows\System\nnJAArX.exe
  2⤵
  PID:13948
- C:\Windows\System\AibTAOG.exe
  C:\Windows\System\AibTAOG.exe
  2⤵
  PID:13976
- C:\Windows\System\CXJnEHk.exe
  C:\Windows\System\CXJnEHk.exe
  2⤵
  PID:14004
- C:\Windows\System\RIAolXC.exe
  C:\Windows\System\RIAolXC.exe
  2⤵
  PID:14032
- C:\Windows\System\GMCVVJR.exe
  C:\Windows\System\GMCVVJR.exe
  2⤵
  PID:14060
- C:\Windows\System\dDiWyEk.exe
  C:\Windows\System\dDiWyEk.exe
  2⤵
  PID:14088
- C:\Windows\System\lDtNFWY.exe
  C:\Windows\System\lDtNFWY.exe
  2⤵
  PID:14116
- C:\Windows\System\zIXIUCT.exe
  C:\Windows\System\zIXIUCT.exe
  2⤵
  PID:14156
- C:\Windows\System\oofgqDF.exe
  C:\Windows\System\oofgqDF.exe
  2⤵
  PID:14172
- C:\Windows\System\wRTcxkn.exe
  C:\Windows\System\wRTcxkn.exe
  2⤵
  PID:14200
- C:\Windows\System\JYtnZOY.exe
  C:\Windows\System\JYtnZOY.exe
  2⤵
  PID:14228
- C:\Windows\System\RMwQIFT.exe
  C:\Windows\System\RMwQIFT.exe
  2⤵
  PID:14256
- C:\Windows\System\vjByufG.exe
  C:\Windows\System\vjByufG.exe
  2⤵
  PID:14284
- C:\Windows\System\CLchJNw.exe
  C:\Windows\System\CLchJNw.exe
  2⤵
  PID:14312
- C:\Windows\System\RhfuddR.exe
  C:\Windows\System\RhfuddR.exe
  2⤵
  PID:5260
- C:\Windows\System\PkmZiXt.exe
  C:\Windows\System\PkmZiXt.exe
  2⤵
  PID:13388
- C:\Windows\System\uHtVOuL.exe
  C:\Windows\System\uHtVOuL.exe
  2⤵
  PID:13448
- C:\Windows\System\vsNSEfT.exe
  C:\Windows\System\vsNSEfT.exe
  2⤵
  PID:13476
- C:\Windows\System\XNlGkdy.exe
  C:\Windows\System\XNlGkdy.exe
  2⤵
  PID:13588
- C:\Windows\System\KOrsgDq.exe
  C:\Windows\System\KOrsgDq.exe
  2⤵
  PID:13648
- C:\Windows\System\xrOGpQx.exe
  C:\Windows\System\xrOGpQx.exe
  2⤵
  PID:13700
- C:\Windows\System\YymRxxY.exe
  C:\Windows\System\YymRxxY.exe
  2⤵
  PID:13784
- C:\Windows\System\TIDflxH.exe
  C:\Windows\System\TIDflxH.exe
  2⤵
  PID:13832
- C:\Windows\System\HoLIfad.exe
  C:\Windows\System\HoLIfad.exe
  2⤵
  PID:13904
- C:\Windows\System\ULUprSe.exe
  C:\Windows\System\ULUprSe.exe
  2⤵
  PID:13968
- C:\Windows\System\WrJlwTX.exe
  C:\Windows\System\WrJlwTX.exe
  2⤵
  PID:14028
- C:\Windows\System\HQrvvbH.exe
  C:\Windows\System\HQrvvbH.exe
  2⤵
  PID:14100
- C:\Windows\System\UYgcZsw.exe
  C:\Windows\System\UYgcZsw.exe
  2⤵
  PID:14164
- C:\Windows\System\NJicixh.exe
  C:\Windows\System\NJicixh.exe
  2⤵
  PID:14224
- C:\Windows\System\VRzMobD.exe
  C:\Windows\System\VRzMobD.exe
  2⤵
  PID:14296
- C:\Windows\System\ueALaXt.exe
  C:\Windows\System\ueALaXt.exe
  2⤵
  PID:13380
- C:\Windows\System\JhWGzJc.exe
  C:\Windows\System\JhWGzJc.exe
  2⤵
  PID:13416
- C:\Windows\System\xLnokPZ.exe
  C:\Windows\System\xLnokPZ.exe
  2⤵
  PID:13620
- C:\Windows\System\SCntzjc.exe
  C:\Windows\System\SCntzjc.exe
  2⤵
  PID:13812
- C:\Windows\System\DUTUhWz.exe
  C:\Windows\System\DUTUhWz.exe
  2⤵
  PID:13932
- C:\Windows\System\YeKJwfW.exe
  C:\Windows\System\YeKJwfW.exe
  2⤵
  PID:14152
- C:\Windows\System\hWEickr.exe
  C:\Windows\System\hWEickr.exe
  2⤵
  PID:14248
- C:\Windows\System\vSeHVEn.exe
  C:\Windows\System\vSeHVEn.exe
  2⤵
  PID:10024
- C:\Windows\System\BHTFBGj.exe
  C:\Windows\System\BHTFBGj.exe
  2⤵
  PID:13616
- C:\Windows\System\SkgHsGz.exe
  C:\Windows\System\SkgHsGz.exe
  2⤵
  PID:13828
- C:\Windows\System\skIQqlV.exe
  C:\Windows\System\skIQqlV.exe
  2⤵
  PID:14324
- C:\Windows\System\iRRlUop.exe
  C:\Windows\System\iRRlUop.exe
  2⤵
  PID:13564
- C:\Windows\System\CbSFEfp.exe
  C:\Windows\System\CbSFEfp.exe
  2⤵
  PID:13644
- C:\Windows\System\rELXosR.exe
  C:\Windows\System\rELXosR.exe
  2⤵
  PID:14352
- C:\Windows\System\BvNnFmT.exe
  C:\Windows\System\BvNnFmT.exe
  2⤵
  PID:14388
- C:\Windows\System\UWonLBk.exe
  C:\Windows\System\UWonLBk.exe
  2⤵
  PID:14416
- C:\Windows\System\UMzXhyn.exe
  C:\Windows\System\UMzXhyn.exe
  2⤵
  PID:14448
- C:\Windows\System\zyNxFnd.exe
  C:\Windows\System\zyNxFnd.exe
  2⤵
  PID:14476
- C:\Windows\System\CRQpYjo.exe
  C:\Windows\System\CRQpYjo.exe
  2⤵
  PID:14504
- C:\Windows\System\APGFHIt.exe
  C:\Windows\System\APGFHIt.exe
  2⤵
  PID:14532
- C:\Windows\System\qIlBAPS.exe
  C:\Windows\System\qIlBAPS.exe
  2⤵
  PID:14560
- C:\Windows\System\COhPlpC.exe
  C:\Windows\System\COhPlpC.exe
  2⤵
  PID:14588
- C:\Windows\System\JhfBTkW.exe
  C:\Windows\System\JhfBTkW.exe
  2⤵
  PID:14616
- C:\Windows\System\uwmQWEg.exe
  C:\Windows\System\uwmQWEg.exe
  2⤵
  PID:14644
- C:\Windows\System\FetjhHB.exe
  C:\Windows\System\FetjhHB.exe
  2⤵
  PID:14672
- C:\Windows\System\JcWFIHZ.exe
  C:\Windows\System\JcWFIHZ.exe
  2⤵
  PID:14700
- C:\Windows\System\WvrhTSY.exe
  C:\Windows\System\WvrhTSY.exe
  2⤵
  PID:14728
- C:\Windows\System\WWligJx.exe
  C:\Windows\System\WWligJx.exe
  2⤵
  PID:14756
- C:\Windows\System\uciZplG.exe
  C:\Windows\System\uciZplG.exe
  2⤵
  PID:14784
- C:\Windows\System\ilMvibN.exe
  C:\Windows\System\ilMvibN.exe
  2⤵
  PID:14812
- C:\Windows\System\ALFlSWh.exe
  C:\Windows\System\ALFlSWh.exe
  2⤵
  PID:14840
- C:\Windows\System\rrrMymW.exe
  C:\Windows\System\rrrMymW.exe
  2⤵
  PID:14868
- C:\Windows\System\tpZtPkw.exe
  C:\Windows\System\tpZtPkw.exe
  2⤵
  PID:14896
- C:\Windows\System\LPxMgNW.exe
  C:\Windows\System\LPxMgNW.exe
  2⤵
  PID:14924
- C:\Windows\System\stufbne.exe
  C:\Windows\System\stufbne.exe
  2⤵
  PID:14952
- C:\Windows\System\GGybzhI.exe
  C:\Windows\System\GGybzhI.exe
  2⤵
  PID:14980
- C:\Windows\System\tyuJhTm.exe
  C:\Windows\System\tyuJhTm.exe
  2⤵
  PID:15008
- C:\Windows\System\jncVdTF.exe
  C:\Windows\System\jncVdTF.exe
  2⤵
  PID:15036
- C:\Windows\System\hbNWPLC.exe
  C:\Windows\System\hbNWPLC.exe
  2⤵
  PID:15064
- C:\Windows\System\zzUyBvv.exe
  C:\Windows\System\zzUyBvv.exe
  2⤵
  PID:15092
- C:\Windows\System\YnJYvRd.exe
  C:\Windows\System\YnJYvRd.exe
  2⤵
  PID:15352
- C:\Windows\System\NmZvvRP.exe
  C:\Windows\System\NmZvvRP.exe
  2⤵
  PID:14340
- C:\Windows\System\DhevGzb.exe
  C:\Windows\System\DhevGzb.exe
  2⤵
  PID:13820
- C:\Windows\System\NpkkUGc.exe
  C:\Windows\System\NpkkUGc.exe
  2⤵
  PID:14524
- C:\Windows\System\cPGweFH.exe
  C:\Windows\System\cPGweFH.exe
  2⤵
  PID:14628
- C:\Windows\System\RNiSjJG.exe
  C:\Windows\System\RNiSjJG.exe
  2⤵
  PID:14740
- C:\Windows\System\AqHyUMZ.exe
  C:\Windows\System\AqHyUMZ.exe
  2⤵
  PID:14776
- C:\Windows\System\asVZIhn.exe
  C:\Windows\System\asVZIhn.exe
  2⤵
  PID:6296
- C:\Windows\System\VmHsefr.exe
  C:\Windows\System\VmHsefr.exe
  2⤵
  PID:15028
- C:\Windows\System\bHjinrW.exe
  C:\Windows\System\bHjinrW.exe
  2⤵
  PID:15060
- C:\Windows\System\HtZJpkf.exe
  C:\Windows\System\HtZJpkf.exe
  2⤵
  PID:15312
- C:\Windows\System\tuaEgZN.exe
  C:\Windows\System\tuaEgZN.exe
  2⤵
  PID:10020
- C:\Windows\System\tGZxvCf.exe
  C:\Windows\System\tGZxvCf.exe
  2⤵
  PID:1124
- C:\Windows\System\pbczIeC.exe
  C:\Windows\System\pbczIeC.exe
  2⤵
  PID:3464
- C:\Windows\System\MUtzNDQ.exe
  C:\Windows\System\MUtzNDQ.exe
  2⤵
  PID:14836
- C:\Windows\System\tcKPrEb.exe
  C:\Windows\System\tcKPrEb.exe
  2⤵
  PID:14864
- C:\Windows\System\ESYRJcc.exe
  C:\Windows\System\ESYRJcc.exe
  2⤵
  PID:6540
- C:\Windows\System\zkGBaMx.exe
  C:\Windows\System\zkGBaMx.exe
  2⤵
  PID:14824
- C:\Windows\System\fuoPtPK.exe
  C:\Windows\System\fuoPtPK.exe
  2⤵
  PID:15272
- C:\Windows\System\ZgFBTkf.exe
  C:\Windows\System\ZgFBTkf.exe
  2⤵
  PID:7128
- C:\Windows\System\IrSLxXj.exe
  C:\Windows\System\IrSLxXj.exe
  2⤵
  PID:1464
- C:\Windows\System\rsNEEtv.exe
  C:\Windows\System\rsNEEtv.exe
  2⤵
  PID:2332
- C:\Windows\System\PcnOskc.exe
  C:\Windows\System\PcnOskc.exe
  2⤵
  PID:15004
- C:\Windows\System\SVmbfBS.exe
  C:\Windows\System\SVmbfBS.exe
  2⤵
  PID:15332
- C:\Windows\System\QsWPdXs.exe
  C:\Windows\System\QsWPdXs.exe
  2⤵
  PID:14436
- C:\Windows\System\lYRwwkW.exe
  C:\Windows\System\lYRwwkW.exe
  2⤵
  PID:6800
- C:\Windows\System\QdBTjTX.exe
  C:\Windows\System\QdBTjTX.exe
  2⤵
  PID:6788
- C:\Windows\System\JIvzgPV.exe
  C:\Windows\System\JIvzgPV.exe
  2⤵
  PID:14488
- C:\Windows\System\nKcKuts.exe
  C:\Windows\System\nKcKuts.exe
  2⤵
  PID:2624
- C:\Windows\System\EXzRJCh.exe
  C:\Windows\System\EXzRJCh.exe
  2⤵
  PID:6172
- C:\Windows\System\wfccKFW.exe
  C:\Windows\System\wfccKFW.exe
  2⤵
  PID:4456
- C:\Windows\System\IcvxwyH.exe
  C:\Windows\System\IcvxwyH.exe
  2⤵
  PID:4776
- C:\Windows\System\XDyzFWL.exe
  C:\Windows\System\XDyzFWL.exe
  2⤵
  PID:1496
- C:\Windows\System\VxnGMZp.exe
  C:\Windows\System\VxnGMZp.exe
  2⤵
  PID:1596
- C:\Windows\System\hrntHPu.exe
  C:\Windows\System\hrntHPu.exe
  2⤵
  PID:15048
- C:\Windows\System\vNwldgy.exe
  C:\Windows\System\vNwldgy.exe
  2⤵
  PID:2544
- C:\Windows\System\djKwHYU.exe
  C:\Windows\System\djKwHYU.exe
  2⤵
  PID:5072
- C:\Windows\System\NoLSJDd.exe
  C:\Windows\System\NoLSJDd.exe
  2⤵
  PID:3392
- C:\Windows\System\cTPYsiS.exe
  C:\Windows\System\cTPYsiS.exe
  2⤵
  PID:15328
- C:\Windows\System\PtMWVje.exe
  C:\Windows\System\PtMWVje.exe
  2⤵
  PID:15340
- C:\Windows\System\mTjqIUS.exe
  C:\Windows\System\mTjqIUS.exe
  2⤵
  PID:14396
- C:\Windows\System\OFUWMhO.exe
  C:\Windows\System\OFUWMhO.exe
  2⤵
  PID:2324
- C:\Windows\System\fpalQWK.exe
  C:\Windows\System\fpalQWK.exe
  2⤵
  PID:14492
- C:\Windows\System\ILYZfMT.exe
  C:\Windows\System\ILYZfMT.exe
  2⤵
  PID:6848
- C:\Windows\System\YcdfkAt.exe
  C:\Windows\System\YcdfkAt.exe
  2⤵
  PID:4820
- C:\Windows\System\ecViECP.exe
  C:\Windows\System\ecViECP.exe
  2⤵
  PID:2052
- C:\Windows\System\SKOlGNL.exe
  C:\Windows\System\SKOlGNL.exe
  2⤵
  PID:4800
- C:\Windows\System\WDpJGUh.exe
  C:\Windows\System\WDpJGUh.exe
  2⤵
  PID:2108
- C:\Windows\System\RrYKPSl.exe
  C:\Windows\System\RrYKPSl.exe
  2⤵
  PID:15268
- C:\Windows\System\OAXbtAA.exe
  C:\Windows\System\OAXbtAA.exe
  2⤵
  PID:4944
- C:\Windows\System\fLzCoUG.exe
  C:\Windows\System\fLzCoUG.exe
  2⤵
  PID:3640
- C:\Windows\System\gtxUyCS.exe
  C:\Windows\System\gtxUyCS.exe
  2⤵
  PID:1600
- C:\Windows\System\WRlAVNr.exe
  C:\Windows\System\WRlAVNr.exe
  2⤵
  PID:3032
- C:\Windows\System\ABthPwM.exe
  C:\Windows\System\ABthPwM.exe
  2⤵
  PID:14696
- C:\Windows\System\uAWaKBA.exe
  C:\Windows\System\uAWaKBA.exe
  2⤵
  PID:4816
- C:\Windows\System\eFHgfAE.exe
  C:\Windows\System\eFHgfAE.exe
  2⤵
  PID:2872
- C:\Windows\System\CRblmVA.exe
  C:\Windows\System\CRblmVA.exe
  2⤵
  PID:4604
- C:\Windows\System\hsTpnKT.exe
  C:\Windows\System\hsTpnKT.exe
  2⤵
  PID:14464
- C:\Windows\System\oFADXzO.exe
  C:\Windows\System\oFADXzO.exe
  2⤵
  PID:4556
- C:\Windows\System\XLmNhis.exe
  C:\Windows\System\XLmNhis.exe
  2⤵
  PID:2068
- C:\Windows\System\TaFSuLi.exe
  C:\Windows\System\TaFSuLi.exe
  2⤵
  PID:6364
- C:\Windows\System\FtUpStr.exe
  C:\Windows\System\FtUpStr.exe
  2⤵
  PID:15320
- C:\Windows\System\HgLuNfl.exe
  C:\Windows\System\HgLuNfl.exe
  2⤵
  PID:1952
- C:\Windows\System\SUrYBks.exe
  C:\Windows\System\SUrYBks.exe
  2⤵
  PID:3616
- C:\Windows\System\JRrhwpy.exe
  C:\Windows\System\JRrhwpy.exe
  2⤵
  PID:7812
- C:\Windows\System\DgLLlug.exe
  C:\Windows\System\DgLLlug.exe
  2⤵
  PID:5132
- C:\Windows\System\xVrzQTn.exe
  C:\Windows\System\xVrzQTn.exe
  2⤵
  PID:4028
- C:\Windows\System\HhqgZSB.exe
  C:\Windows\System\HhqgZSB.exe
  2⤵
  PID:15056
- C:\Windows\System\kxlBSBC.exe
  C:\Windows\System\kxlBSBC.exe
  2⤵
  PID:5376
- C:\Windows\System\fWvzJQR.exe
  C:\Windows\System\fWvzJQR.exe
  2⤵
  PID:5012
- C:\Windows\System\GFbrium.exe
  C:\Windows\System\GFbrium.exe
  2⤵
  PID:4424
- C:\Windows\System\daWYcpe.exe
  C:\Windows\System\daWYcpe.exe
  2⤵
  PID:5144
- C:\Windows\System\nfAdJbb.exe
  C:\Windows\System\nfAdJbb.exe
  2⤵
  PID:5512
- C:\Windows\System\FkjjHZQ.exe
  C:\Windows\System\FkjjHZQ.exe
  2⤵
  PID:5328
- C:\Windows\System\CWoVvuE.exe
  C:\Windows\System\CWoVvuE.exe
  2⤵
  PID:5524
- C:\Windows\System\DumbEzI.exe
  C:\Windows\System\DumbEzI.exe
  2⤵
  PID:5536
- C:\Windows\System\IdGiohm.exe
  C:\Windows\System\IdGiohm.exe
  2⤵
  PID:15400
- C:\Windows\System\gmWqiyY.exe
  C:\Windows\System\gmWqiyY.exe
  2⤵
  PID:15424
- C:\Windows\System\JzyhGbH.exe
  C:\Windows\System\JzyhGbH.exe
  2⤵
  PID:15484
- C:\Windows\System\GnKySta.exe
  C:\Windows\System\GnKySta.exe
  2⤵
  PID:15504
- C:\Windows\System\KWeSohI.exe
  C:\Windows\System\KWeSohI.exe
  2⤵
  PID:15532
- C:\Windows\System\gfzsKRS.exe
  C:\Windows\System\gfzsKRS.exe
  2⤵
  PID:15560
- C:\Windows\System\GxJgLeW.exe
  C:\Windows\System\GxJgLeW.exe
  2⤵
  PID:15648
- C:\Windows\System\aJDyfzf.exe
  C:\Windows\System\aJDyfzf.exe
  2⤵
  PID:15664
- C:\Windows\System\fGlnefy.exe
  C:\Windows\System\fGlnefy.exe
  2⤵
  PID:15692
- C:\Windows\System\XRjoBjw.exe
  C:\Windows\System\XRjoBjw.exe
  2⤵
  PID:15764
- C:\Windows\System\bFYOCTf.exe
  C:\Windows\System\bFYOCTf.exe
  2⤵
  PID:15788
- C:\Windows\System\CogYBcw.exe
  C:\Windows\System\CogYBcw.exe
  2⤵
  PID:15816
- C:\Windows\System\fyweYAQ.exe
  C:\Windows\System\fyweYAQ.exe
  2⤵
  PID:15844
- C:\Windows\System\DpGNsbZ.exe
  C:\Windows\System\DpGNsbZ.exe
  2⤵
  PID:15872
- C:\Windows\System\xEMrzES.exe
  C:\Windows\System\xEMrzES.exe
  2⤵
  PID:15900
- C:\Windows\System\nskvQAR.exe
  C:\Windows\System\nskvQAR.exe
  2⤵
  PID:15928
- C:\Windows\System\hizHBWA.exe
  C:\Windows\System\hizHBWA.exe
  2⤵
  PID:15956
- C:\Windows\System\xHWTfvx.exe
  C:\Windows\System\xHWTfvx.exe
  2⤵
  PID:15984
- C:\Windows\System\rpsEXUU.exe
  C:\Windows\System\rpsEXUU.exe
  2⤵
  PID:16012
- C:\Windows\System\twwAVDo.exe
  C:\Windows\System\twwAVDo.exe
  2⤵
  PID:16040
- C:\Windows\System\KPkcAYS.exe
  C:\Windows\System\KPkcAYS.exe
  2⤵
  PID:16068
- C:\Windows\System\YEsuqZp.exe
  C:\Windows\System\YEsuqZp.exe
  2⤵
  PID:16096
- C:\Windows\System\NMfBQcY.exe
  C:\Windows\System\NMfBQcY.exe
  2⤵
  PID:16124
- C:\Windows\System\MNmBScT.exe
  C:\Windows\System\MNmBScT.exe
  2⤵
  PID:16152
- C:\Windows\System\jHmkziw.exe
  C:\Windows\System\jHmkziw.exe
  2⤵
  PID:16180
- C:\Windows\System\oQupdZw.exe
  C:\Windows\System\oQupdZw.exe
  2⤵
  PID:16212
- C:\Windows\System\jEOLriO.exe
  C:\Windows\System\jEOLriO.exe
  2⤵
  PID:16240
- C:\Windows\System\GBARwHL.exe
  C:\Windows\System\GBARwHL.exe
  2⤵
  PID:16312
- C:\Windows\System\bYcqVvo.exe
  C:\Windows\System\bYcqVvo.exe
  2⤵
  PID:16328
- C:\Windows\System\UDBzFvC.exe
  C:\Windows\System\UDBzFvC.exe
  2⤵
  PID:16356
- C:\Windows\System\rFZMKyq.exe
  C:\Windows\System\rFZMKyq.exe
  2⤵
  PID:15368
- C:\Windows\System\obwbGpG.exe
  C:\Windows\System\obwbGpG.exe
  2⤵
  PID:15448
- C:\Windows\System\oIvFKVr.exe
  C:\Windows\System\oIvFKVr.exe
  2⤵
  PID:5704
- C:\Windows\System\hENHsFf.exe
  C:\Windows\System\hENHsFf.exe
  2⤵
  PID:5748
- C:\Windows\System\ascjnLE.exe
  C:\Windows\System\ascjnLE.exe
  2⤵
  PID:5792
- C:\Windows\System\hRPZuYz.exe
  C:\Windows\System\hRPZuYz.exe
  2⤵
  PID:15580
- C:\Windows\System\osnDXEa.exe
  C:\Windows\System\osnDXEa.exe
  2⤵
  PID:15632
- C:\Windows\System\WOPcbyZ.exe
  C:\Windows\System\WOPcbyZ.exe
  2⤵
  PID:5876
- C:\Windows\System\PHCeCat.exe
  C:\Windows\System\PHCeCat.exe
  2⤵
  PID:15676
- C:\Windows\System\sOGBZed.exe
  C:\Windows\System\sOGBZed.exe
  2⤵
  PID:15716
- C:\Windows\System\VPxPexv.exe
  C:\Windows\System\VPxPexv.exe
  2⤵
  PID:15728
- C:\Windows\System\GvFPpYx.exe
  C:\Windows\System\GvFPpYx.exe
  2⤵
  PID:6016
- C:\Windows\System\DAiirYN.exe
  C:\Windows\System\DAiirYN.exe
  2⤵
  PID:5960
- C:\Windows\System\MUcCTfS.exe
  C:\Windows\System\MUcCTfS.exe
  2⤵
  PID:15800
- C:\Windows\System\DLJmLKC.exe
  C:\Windows\System\DLJmLKC.exe
  2⤵
  PID:16092
- C:\Windows\System\vWsmdOg.exe
  C:\Windows\System\vWsmdOg.exe
  2⤵
  PID:16136
- C:\Windows\System\MxWbEiL.exe
  C:\Windows\System\MxWbEiL.exe
  2⤵
  PID:3656
- C:\Windows\System\roxzXNO.exe
  C:\Windows\System\roxzXNO.exe
  2⤵
  PID:16224
- C:\Windows\System\TDIRXym.exe
  C:\Windows\System\TDIRXym.exe
  2⤵
  PID:16284
- C:\Windows\System\elLKYLl.exe
  C:\Windows\System\elLKYLl.exe
  2⤵
  PID:5544
- C:\Windows\System\FZThIgF.exe
  C:\Windows\System\FZThIgF.exe
  2⤵
  PID:5604
- C:\Windows\System\iDMIByn.exe
  C:\Windows\System\iDMIByn.exe
  2⤵
  PID:4352
- C:\Windows\System\sDnJNsE.exe
  C:\Windows\System\sDnJNsE.exe
  2⤵
  PID:7884
- C:\Windows\System\ztiJKFo.exe
  C:\Windows\System\ztiJKFo.exe
  2⤵
  PID:15412
- C:\Windows\System\wwoDGZs.exe
  C:\Windows\System\wwoDGZs.exe
  2⤵
  PID:1624
- C:\Windows\System\byTBONM.exe
  C:\Windows\System\byTBONM.exe
  2⤵
  PID:15584
- C:\Windows\System\vyAgGxg.exe
  C:\Windows\System\vyAgGxg.exe
  2⤵
  PID:5848
- C:\Windows\System\HIlmxfu.exe
  C:\Windows\System\HIlmxfu.exe
  2⤵
  PID:7928
- C:\Windows\System\rmGmITa.exe
  C:\Windows\System\rmGmITa.exe
  2⤵
  PID:6312
- C:\Windows\System\NzREbON.exe
  C:\Windows\System\NzREbON.exe
  2⤵
  PID:8020
- C:\Windows\System\LVMTMPO.exe
  C:\Windows\System\LVMTMPO.exe
  2⤵
  PID:5500
- C:\Windows\System\YDeyjdf.exe
  C:\Windows\System\YDeyjdf.exe
  2⤵
  PID:5640
- C:\Windows\System\XeISWah.exe
  C:\Windows\System\XeISWah.exe
  2⤵
  PID:15756
- C:\Windows\System\JCOUbFS.exe
  C:\Windows\System\JCOUbFS.exe
  2⤵
  PID:5956
- C:\Windows\System\DeVucNS.exe
  C:\Windows\System\DeVucNS.exe
  2⤵
  PID:7432
- C:\Windows\System\ojhyPCf.exe
  C:\Windows\System\ojhyPCf.exe
  2⤵
  PID:15812
- C:\Windows\System\nKMpGFz.exe
  C:\Windows\System\nKMpGFz.exe
  2⤵
  PID:7236
- C:\Windows\System\tHXjIJC.exe
  C:\Windows\System\tHXjIJC.exe
  2⤵
  PID:3544
- C:\Windows\System\KFYTjxP.exe
  C:\Windows\System\KFYTjxP.exe
  2⤵
  PID:5040
- C:\Windows\System\NUooauL.exe
  C:\Windows\System\NUooauL.exe
  2⤵
  PID:15920
- C:\Windows\System\MCVHxIH.exe
  C:\Windows\System\MCVHxIH.exe
  2⤵
  PID:3156
- C:\Windows\System\rWSOAbb.exe
  C:\Windows\System\rWSOAbb.exe
  2⤵
  PID:1548
- C:\Windows\System\dVGAdWz.exe
  C:\Windows\System\dVGAdWz.exe
  2⤵
  PID:4884
- C:\Windows\System\VtsOddx.exe
  C:\Windows\System\VtsOddx.exe
  2⤵
  PID:7552
- C:\Windows\System\AciVuGF.exe
  C:\Windows\System\AciVuGF.exe
  2⤵
  PID:16060
- C:\Windows\System\WmnpLDG.exe
  C:\Windows\System\WmnpLDG.exe
  2⤵
  PID:16088
- C:\Windows\System\XuahrlM.exe
  C:\Windows\System\XuahrlM.exe
  2⤵
  PID:15252
- C:\Windows\System\RPreJML.exe
  C:\Windows\System\RPreJML.exe
  2⤵
  PID:6184
- C:\Windows\System\NWTejgP.exe
  C:\Windows\System\NWTejgP.exe
  2⤵
  PID:16116
- C:\Windows\System\elsBxrc.exe
  C:\Windows\System\elsBxrc.exe
  2⤵
  PID:4128
- C:\Windows\System\xEjbfcj.exe
  C:\Windows\System\xEjbfcj.exe
  2⤵
  PID:16260
- C:\Windows\System\skUzmYa.exe
  C:\Windows\System\skUzmYa.exe
  2⤵
  PID:6324
- C:\Windows\System\pcFBNnd.exe
  C:\Windows\System\pcFBNnd.exe
  2⤵
  PID:16268
- C:\Windows\System\eIGEvlk.exe
  C:\Windows\System\eIGEvlk.exe
  2⤵
  PID:448
- C:\Windows\System\IKOHdFz.exe
  C:\Windows\System\IKOHdFz.exe
  2⤵
  PID:16320
- C:\Windows\System\WZfGLMB.exe
  C:\Windows\System\WZfGLMB.exe
  2⤵
  PID:4192
- C:\Windows\System\nbdcjfY.exe
  C:\Windows\System\nbdcjfY.exe
  2⤵
  PID:7488
- C:\Windows\System\xzzeIVm.exe
  C:\Windows\System\xzzeIVm.exe
  2⤵
  PID:5664
- C:\Windows\System\ngqIGdY.exe
  C:\Windows\System\ngqIGdY.exe
  2⤵
  PID:15452
- C:\Windows\System\fbKMZNe.exe
  C:\Windows\System\fbKMZNe.exe
  2⤵
  PID:6492
- C:\Windows\System\ftshsny.exe
  C:\Windows\System\ftshsny.exe
  2⤵
  PID:4380
- C:\Windows\System\tctZIro.exe
  C:\Windows\System\tctZIro.exe
  2⤵
  PID:8224
- C:\Windows\System\nDgpyYT.exe
  C:\Windows\System\nDgpyYT.exe
  2⤵
  PID:15980
- C:\Windows\System\ymyDvAX.exe
  C:\Windows\System\ymyDvAX.exe
  2⤵
  PID:14936
- C:\Windows\System\jYfHuzk.exe
  C:\Windows\System\jYfHuzk.exe
  2⤵
  PID:15208
- C:\Windows\System\ILTalvL.exe
  C:\Windows\System\ILTalvL.exe
  2⤵
  PID:6480
- C:\Windows\System\qHqxRaw.exe
  C:\Windows\System\qHqxRaw.exe
  2⤵
  PID:15128
- C:\Windows\System\LwLthHA.exe
  C:\Windows\System\LwLthHA.exe
  2⤵
  PID:6124
- C:\Windows\System\RHzxXwR.exe
  C:\Windows\System\RHzxXwR.exe
  2⤵
  PID:15120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AXreaFV.exe

Filesize
6.0MB

MD5
4ffff22d2fd2436ffe07e1de86f23cc8

SHA1
1ecbd8e88d020ea1fa5c642aa879f57bdfcfd690

SHA256
11882520666f87783c03e11c35c4d721a682113c7d379bff331234863bbd5a68

SHA512
1fec2055eac7f32d1ae4b33e2561c5f1fea5f357998a8d57447d98eb3ac9d4cb959ec99500dfbce07b4ede64a16537c48492a133976ec595b659d835118ccb5a

Download Submit
C:\Windows\System\AcNAaBJ.exe

Filesize
6.0MB

MD5
e3cfa2d0e43b4b04d8af827fc2cb2011

SHA1
7b61669d809faee0f961931ef7accdf1369a0d54

SHA256
dbfce1b050bf992f44eda0eb9d1c038830388dfc0d5ce2ad931cd1e5610d8f2c

SHA512
1904b32821994b1440d49917866200fa192854aed1fff2bd5a5960b99d753cb94e6c9b8a28432b19e371989674c0b516694f4872a468a4e5e4f640a132a504c4

Download Submit
C:\Windows\System\FVgmIYX.exe

Filesize
6.0MB

MD5
dc54afa007f4650c40cd2179933803ba

SHA1
f326bd691f2951732dea0a989f8db113443688b2

SHA256
d8345cf108be6bd1ae3fd1edb0fdb0a9183f29807872a8c9ecbcb35beeeef750

SHA512
b0d4b1a0019143ccfba57e1ffc1f9418b0218b21322def1f801fa829f45cfbda79a003683635117cc1dea291a853b13ba48a3e478edfef3e19ad224166f1fa95

Download Submit
C:\Windows\System\FpXZcQL.exe

Filesize
6.0MB

MD5
d37a16a40ae00a9b2135ba0e779ddc2f

SHA1
9e96bf0f4f736802674d6bae782c5f2bc555b022

SHA256
0390b07d56b763d2585aba339b4408a11fbc3528267fdcfdd03d1e0bc8d971ac

SHA512
2182d8f6a3295aec1e872f2f31ba1b52283404797fa17547f0bc8037dada588e1b27a7b13fbee7d78bf6f8eddcb3584861daab694d61346ba6c234f5208526df

Download Submit
C:\Windows\System\GaIcgzA.exe

Filesize
6.0MB

MD5
de1849ca952e3ed18915986f4f668a35

SHA1
d4e2c987be99cd498aafda9f0c1730f5cda7bcfa

SHA256
1be8925e56b053c07324ebb67a7880afb932b994f78eeeb26aaa61ee54024037

SHA512
8486285049462ddf0a331bdf772e739ed5a5fbc8c78adba347ccf87943de158af3baf1aec5b32fedafe68ef616af1edbe2add3cfd1caf6b0d081a219132a79e1

Download Submit
C:\Windows\System\GxyjCGU.exe

Filesize
6.0MB

MD5
90d52392361210d9ae1285c925504892

SHA1
1d9e7c07d3751c5f5256433564a5dfa84204de7b

SHA256
6509340607bfdbb7182a6319a59a65193d7fda1a8144748da978eceb67a30e2c

SHA512
1dee8ca7e13e172e929a3d49cc7799965c3d19741cdde4bfd3dc50d544d3323a67d9c373e8c53d0869786fab84ea58fb82ecda074db1c58f8333e880cd950c64

Download Submit
C:\Windows\System\IPOyQgC.exe

Filesize
6.0MB

MD5
dcf22e7fccb87c0a32fcf45b16615751

SHA1
8f0b7ec154b8d44a613d376f6c95e35b781bcb82

SHA256
2b77657f1016f79017cf49708963f4ac4e3855c215042c31c140cef3c7839d76

SHA512
76b0b2c18be729ee0bf178704b5f536fe2446f0d954276e2caf535ca86a6b0ce3d3a17909b05f7183de9597f05b193937b2db1a92a28afee703a79f3a092ec2d

Download Submit
C:\Windows\System\JiYKeTz.exe

Filesize
6.0MB

MD5
834d58d02f84ab05aac0bc98df86808b

SHA1
98ea4853fce56c2a276f883b152b1f79a29c0f4b

SHA256
5d498049a012f0ee22e5675ea884ff763cdc0521a70ba132021818399ec34ba0

SHA512
628cab8054a27d7a707a3c545cc983fb80b4f638feeb8a931b47f9644c15df5ae24186041b2df4b61658683829f6442dc2a7a74132bb8bc9e33aff5b23ac6187

Download Submit
C:\Windows\System\MuJvonI.exe

Filesize
6.0MB

MD5
2354d0bd78ef10074855dbdb78d3a228

SHA1
3bfa41f5acb1659e85e67944d101b40300cd9e19

SHA256
32294b49c673a0d2722ba9474951fd5fac9fae770be6c446969521a4382916a5

SHA512
a0dd476a697be1e3cdb7f207675c83e576371668255fc47f9b52869094f1e049a668b7e67f2d9c0d88ad8b12456178cfb5b5b1baf41f0837ccc4682b9b23a226

Download Submit
C:\Windows\System\PDAdnTf.exe

Filesize
6.0MB

MD5
71b78854f350fc267145d1ca53f8ed14

SHA1
2620796c29b228dc5f24af9a7975038c978d424f

SHA256
741ad777caba0be16d9cbb35af0c012ef6c8617d7d8bb792b7da2c4ef8e70847

SHA512
958521a9b075a4630e45a0ee43de81f7828dc7c7d7b69f9e045efd5f7195c6be1e928363a97b995193391efbd204ebe7f1b746f189243d36617b10170c7be2da

Download Submit
C:\Windows\System\QXOuoQS.exe

Filesize
6.0MB

MD5
5d226df939486e55f9cdfd09548910c7

SHA1
c9ec848628aa70b2ee50ef21970ad3c20d02656b

SHA256
fcd202c606a00331a20bc1141a04bb51479a64c08cf05ddaa620821ac42f4858

SHA512
2bbc00668b2584e067142baa0c9809281a338e46b479367ca80bd3169dd23bed0e7891a5f2f7d3392298fd45641abcb2c16657f1e4d949f8d883074b602093b6

Download Submit
C:\Windows\System\RlUzYAN.exe

Filesize
6.0MB

MD5
b826fe431deb650f262e3c6020a2c3d7

SHA1
7cba23f77411c61915d0df8a4bc7dbbae9dfd108

SHA256
03d8aa883cc1914c706eb0c3c30e6d438564cfaca189f8ca5c5af81e0f181888

SHA512
66a2a037da3cdf1c65e601764107c596237bdb56baabd34e1703c779562fd4735ee1853aad50bcebb8773d3121e8137d9ef3d42571275bd122c40861b470ff21

Download Submit
C:\Windows\System\UPvKWsy.exe

Filesize
6.0MB

MD5
f7e3809974694eaa55858b9e69dfe51e

SHA1
4420ae112af17a6333521366eda2d79baedfd250

SHA256
99f35ffcb695acd07f8e0f5d0e93083d23d6bd431dff73135c41a88a266dc4a4

SHA512
0516d26ba203703d8e13bbd0fae837f2e4fbdf8c12e464df8d0b968f1ba2c3abb758b235892ba3a7c2923ffd4e1cac1e315c9486d1cc314f0fc07a0dfaba8938

Download Submit
C:\Windows\System\VPrtqnk.exe

Filesize
6.0MB

MD5
3a6f0e6ecca8e00ef898880374a42a7b

SHA1
a47dd90880acb1453701d2ffbb09caa38270bf95

SHA256
fd944975b23dedb26d39ab220095ae10bfd609546b6b15831017d030416ca04e

SHA512
a567d433cc0ff4d7abee408c009a66ea0bb6aae03dd759079c44f1a129b2c4ad0029d1ecbdc67921299322fc24aff1727b42ad4351c0c5ff28dafc0ea0d1e7b8

Download Submit
C:\Windows\System\XBQKehI.exe

Filesize
6.0MB

MD5
eee52716b9499be44807de878005f6f4

SHA1
28bb9a8dec049933a53c700817b9580fbbd3a8aa

SHA256
be62492f710a385d213fbf83e17048342e90ab3bb7a566b1d1b2223f73e3a225

SHA512
6d617d1218a5570e4277fe61f77b0d4158199b785574fbdef32c4775bd43176b6fead22f080dc1392b3537286dc1613897f3154b33f0d611e928573eaa20b111

Download Submit
C:\Windows\System\ZiRBtGL.exe

Filesize
6.0MB

MD5
684371708bad67dd5bff2cb90d983979

SHA1
90473557712d804b9ae12155dba67f404c577391

SHA256
06dce1fd13bd63822f4e36bf6874a00f2a8226cb0012b53af458b7487b851c59

SHA512
11f502963920b280502eae837030633952e68ab5e355c01509510ff732cc1b157067991f2c1e4f45ccc63011233892cf8c85b9a6cd08ee03353ccc7b62c97986

Download Submit
C:\Windows\System\caLAIPu.exe

Filesize
6.0MB

MD5
a680cdbbab695a2c99295b34b7d7513e

SHA1
9ebd28eaf4cb76ad7ef0a8856c49a5ac10f0d4aa

SHA256
92aa19b05e23af9113b62d56bcabc9bc48ac8d5e16ca11063d2c7391917b588e

SHA512
a8d421d799387ed38fb43311c971c86ab99f4100364197cbd6aa625136078467522cf67f75b4df1a3b0ac10b9283afe19a9934cc89d53fc6e649206ed355db32

Download Submit
C:\Windows\System\dSRKUFg.exe

Filesize
6.0MB

MD5
b715035d09854f18229a2b66b617ecc7

SHA1
08f1d349faee46f93941c5e7482ee263fdc44202

SHA256
26974bfbf3dad6cf65520f79ed1b28ee45cb8e3e0881a839233f5ff50dde991f

SHA512
39647eb5056127d5e46a0b6385d8f9f585bd511ba770a7a7ab86b3d145032ab0ac5b3a0b86ef976907d8724a1a0ab796938a7078d3fa86cfb1e77723d6553c1b

Download Submit
C:\Windows\System\djzqvVh.exe

Filesize
6.0MB

MD5
dc9d2da3d2fbfef2bc704b642aba66fa

SHA1
7ed3c18a3205c1d7f75d258a814bfbb2346cd9cb

SHA256
c5c9a61bc62ba0437dd18d2556f8da044cd5f36432ffa6639d30a05053dc5b2d

SHA512
6a94c02d3e3c21a1d4ec89e851ad6be7d119b51aae1ca5f879617945926ecb8bd0e53a9239b4e1b94bd1946095e001302df5e7a2670bdfdb72eec5bd21c9f3e5

Download Submit
C:\Windows\System\dmGTtTJ.exe

Filesize
6.0MB

MD5
cf994f58e613a037adfd4010da56a496

SHA1
a27e0ff981481fcf296cf06b31dcbfdda3cfdafa

SHA256
0335c47573606720f3798409c5a7b05408bf99da03b14e2b008604e728c626a7

SHA512
f57fbef4d78fe53f9feb1449dfe4b5bbd96cf99e4e3cac706927550d7834fb0b18d243a0ff98bcc5bc2725960bb35ac2abeef538255e44f1a596ccc3d8b7e60f

Download Submit
C:\Windows\System\eRcPrtH.exe

Filesize
6.0MB

MD5
193ce6b21f8ae522ce50061a50268d2a

SHA1
9dbec6b9a9f0b10d0c9422d097ea0d73fbf08539

SHA256
10adc517a51b15ce02be06d9b79b754b1fc4b86a2149e2aeb125c38c1402d8ca

SHA512
a33ed874cfa3c122855461dad5ece32de83ee01f826dfb0d5cf48393bb90435bc6ec6dd0a081bbbf82152fd37ba50ef266e9d887435c178b144c2039c01841c4

Download Submit
C:\Windows\System\hFBFpKo.exe

Filesize
6.0MB

MD5
784a663c5537ecebfeb89f7b5df8cf0b

SHA1
bd6e9f4a6bb9cf357bb00a6f63ca5c31d030da39

SHA256
02bb25867fee8e0d6114d87bd33a29dc7f6bdbb0284d8021b43eff5e1841e6e4

SHA512
fe228e3250ef31c37713f903f3c92358b2f83e35421c145c8a9e1986b45cad284e5e5098bc910228b47efc95c879c201c86bceafb52cc4fd2c1510c1c00e9b04

Download Submit
C:\Windows\System\jLIqIzp.exe

Filesize
6.0MB

MD5
8758c4e0eb588396b51ecc1edcb6721c

SHA1
83cdb882482cf798c3d7c6f48d6aec942f24bf58

SHA256
5b0f6b0fd95ccc3bc08cb785e25aa320ea9a8defdbc3f389404b2e2ee2a7b1b4

SHA512
1799391fb5a7b01bf491d83c8da08ce2684d1b20b7c5504f30768a014d1870004f025bd8218770f74b97fced1bcdafaeedf4c178d516b4b3efeef1536daf0925

Download Submit
C:\Windows\System\loRqroh.exe

Filesize
6.0MB

MD5
e2a7d5c386a7b443c1b9528d4c16c5ad

SHA1
f87799571d9a54fffdea15984b157fcf465045b9

SHA256
a2e6938a632f78266efcc69f4778877ca8fed5f88649f1ceac23c6c790779bdb

SHA512
f3fcc0b135e46d02df69fdd0cc6e3be7e4dd87345008892c56e97a9cb108245be7b56e6e763582370ac709af38f2e5a1b20f8299343b6d9bf07bd0f2a8dadbbf

Download Submit
C:\Windows\System\qudYzhO.exe

Filesize
6.0MB

MD5
8a84332d66aecea7b789219542f5d4bc

SHA1
99cf15f1442e459502492233fb47f36718a4229f

SHA256
57848a4eacacc75f25cc0dabcdc081cfdaf55a189e58bc64adaa3b061a1ac69d

SHA512
147119cedfaab0a6a6fdb13201003d85f5ea1eed41915e516d7b9af912791db63ba0eeeae34ac1974ccca75a7b6121e1c390be5b09add3477a6b9c7bada56e4e

Download Submit
C:\Windows\System\qyaygiN.exe

Filesize
6.0MB

MD5
baf2a2e26af4603a7f89fbefb099ed81

SHA1
fde164f09d96e59cc4c4cbb7e8c6d2647f563ebe

SHA256
dbf8aa206cb0fe77573674904665a518aeb922fbd5f3354fa97e5967dc1c6412

SHA512
9c72aff7d55b4917f64ef3ccd1c7e03c045ff198ec6f4645056b2f12ad7274091d3774cffb6c85a5a426d154e59ba073baa4b8da5d221c144d8fa7a2014b0212

Download Submit
C:\Windows\System\rXAqilH.exe

Filesize
6.0MB

MD5
dac24f7c879880000b7289b0aacdb019

SHA1
77b54eb9477573de106d95e172a1323562d3977c

SHA256
fc1d5ea46fc32e9eb22358aebac5e8698a2ce345d408881eb6f0af9750c55159

SHA512
6e218af80cf9ffe40e80ecd89b7d4472f5e35912953340a81e377b3088d495f2036ded61911c5e66f47d97208f1d08d136201cd450e19aa53555beeb9507ba01

Download Submit
C:\Windows\System\sOqxJte.exe

Filesize
6.0MB

MD5
c581919a67f733f56a648bc90d7d062f

SHA1
bd7a9397e920d953b2093c2a2753f9484ba256e8

SHA256
b18af5ee01282236af6038845082aacbdb149a84d2d3905ef1e81191203356b5

SHA512
c6c58c7d966c2fd99402272cee224e2c535b458db2ee92c0f435f535c7128d9d03ade888f574ce93a23496d10a59435558c116802546f0b756dbb87bb5815cf9

Download Submit
C:\Windows\System\sZyQLjq.exe

Filesize
6.0MB

MD5
6ecefeb35753f568b0ef450c4bdf058b

SHA1
dbbd731566a85dc4fbc9bc7e77580ae2215bb774

SHA256
907e5d1f4eeb73a0353d251bc0a5094e8899aed7e09554fd57534048485e29b4

SHA512
10c72c78a6296319e56417fbad7b07a0297beb32ab75090f88968ac79e07d65bc012dd48fe8431ac951bf1221cd4f5a164f6940c06a7426b942775a9d4d69550

Download Submit
C:\Windows\System\wPCDkAy.exe

Filesize
6.0MB

MD5
25a09d2fd85612a9f24749f9cbdcf8cb

SHA1
9f2065401a701bf1297fca58f4f875471a1f7501

SHA256
091f2a0de4c3fe9bbfd1c14e953a680bd55315bf063f22679888e413fe3b0bc7

SHA512
fd2013abb8e50a71be93f5dbd69aa36a7257093df707464fe2cea57d61a1cf1e85e5088ec2719c85b4e2b0e268207f08e6a1a4348229a38674ffd1c4e8152854

Download Submit
C:\Windows\System\wRXLlmu.exe

Filesize
6.0MB

MD5
049ee1bbb961215c92fcc5c784e7de55

SHA1
55ea4a26c46ef9e701702eb4899aa8380dcc4b68

SHA256
a46e0d9c27c0077ba9e2c470af50a09a2279a88dc4f67dccfc601acf486f2960

SHA512
86cecdff6799efaff0db239d2bc4f0a1d590238a067025d71551e512eb256147349fe07598069d21385552fdf5c63cbb77b56fe283db930d312b92fde013593f

Download Submit
C:\Windows\System\yCCeZrO.exe

Filesize
6.0MB

MD5
a4c6afee36adc47cacfbfd4868d3b1c4

SHA1
8d17c58f1c50cbf2c32cff86fee656df84075920

SHA256
0d9ea29a2dced6fd043b24caa328a320fd76cd030e25e938da0216cc8f29398b

SHA512
2dc1d7365500de40800487072be87fbac0b7daa12431b6bedc42e87abddbb9d7581b420ed9e7b13e642ef68d25e6bdd4cd1eacb7a9ccacee7fadd04e09835b48

Download Submit
C:\Windows\System\ynlRqgX.exe

Filesize
6.0MB

MD5
998870bffae06dba911b284ed92260ba

SHA1
d76d51108f2525f72e2c59d511ee19c1350a537b

SHA256
6d186c1565c53b4d8ff582cb75c99f10e740dc9206bcd79be6b5bcbc99da85cc

SHA512
fdcdc79c117a047506a45855d19799d2f061128cbb8fd1e903b8a8914cb08f7aa87c822fa7588db3108ad44c28b2acf2a93e69c9b38392d4282b5bf02d8eb74e

Download Submit
memory/348-125-0x00007FF613640000-0x00007FF613994000-memory.dmp

Filesize
3.3MB

Download
memory/348-57-0x00007FF613640000-0x00007FF613994000-memory.dmp

Filesize
3.3MB

Download
memory/392-821-0x00007FF7A7DA0000-0x00007FF7A80F4000-memory.dmp

Filesize
3.3MB

Download
memory/392-2440-0x00007FF7A7DA0000-0x00007FF7A80F4000-memory.dmp

Filesize
3.3MB

Download
memory/392-140-0x00007FF7A7DA0000-0x00007FF7A80F4000-memory.dmp

Filesize
3.3MB

Download
memory/632-110-0x00007FF783A60000-0x00007FF783DB4000-memory.dmp

Filesize
3.3MB

Download
memory/632-179-0x00007FF783A60000-0x00007FF783DB4000-memory.dmp

Filesize
3.3MB

Download
memory/1012-148-0x00007FF7EB940000-0x00007FF7EBC94000-memory.dmp

Filesize
3.3MB

Download
memory/1012-880-0x00007FF7EB940000-0x00007FF7EBC94000-memory.dmp

Filesize
3.3MB

Download
memory/1120-991-0x00007FF60F3B0000-0x00007FF60F704000-memory.dmp

Filesize
3.3MB

Download
memory/1120-165-0x00007FF60F3B0000-0x00007FF60F704000-memory.dmp

Filesize
3.3MB

Download
memory/1192-2432-0x00007FF6BF030000-0x00007FF6BF384000-memory.dmp

Filesize
3.3MB

Download
memory/1192-117-0x00007FF6BF030000-0x00007FF6BF384000-memory.dmp

Filesize
3.3MB

Download
memory/1192-186-0x00007FF6BF030000-0x00007FF6BF384000-memory.dmp

Filesize
3.3MB

Download
memory/1220-52-0x00007FF69A740000-0x00007FF69AA94000-memory.dmp

Filesize
3.3MB

Download
memory/1220-0-0x00007FF69A740000-0x00007FF69AA94000-memory.dmp

Filesize
3.3MB

Download
memory/1220-1-0x0000026B66F70000-0x0000026B66F80000-memory.dmp

Filesize
64KB

Download
memory/1348-164-0x00007FF6F3BB0000-0x00007FF6F3F04000-memory.dmp

Filesize
3.3MB

Download
memory/1348-96-0x00007FF6F3BB0000-0x00007FF6F3F04000-memory.dmp

Filesize
3.3MB

Download
memory/1488-131-0x00007FF61B780000-0x00007FF61BAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1488-2437-0x00007FF61B780000-0x00007FF61BAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1488-807-0x00007FF61B780000-0x00007FF61BAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-48-0x00007FF7D8300000-0x00007FF7D8654000-memory.dmp

Filesize
3.3MB

Download
memory/1876-116-0x00007FF7D8300000-0x00007FF7D8654000-memory.dmp

Filesize
3.3MB

Download
memory/2168-76-0x00007FF6114F0000-0x00007FF611844000-memory.dmp

Filesize
3.3MB

Download
memory/2168-24-0x00007FF6114F0000-0x00007FF611844000-memory.dmp

Filesize
3.3MB

Download
memory/2168-2123-0x00007FF6114F0000-0x00007FF611844000-memory.dmp

Filesize
3.3MB

Download
memory/2176-6-0x00007FF750560000-0x00007FF7508B4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-2050-0x00007FF750560000-0x00007FF7508B4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-55-0x00007FF750560000-0x00007FF7508B4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-139-0x00007FF65DF30000-0x00007FF65E284000-memory.dmp

Filesize
3.3MB

Download
memory/2316-70-0x00007FF65DF30000-0x00007FF65E284000-memory.dmp

Filesize
3.3MB

Download
memory/2384-103-0x00007FF6496B0000-0x00007FF649A04000-memory.dmp

Filesize
3.3MB

Download
memory/2384-172-0x00007FF6496B0000-0x00007FF649A04000-memory.dmp

Filesize
3.3MB

Download
memory/2712-63-0x00007FF7D12F0000-0x00007FF7D1644000-memory.dmp

Filesize
3.3MB

Download
memory/2712-130-0x00007FF7D12F0000-0x00007FF7D1644000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2278-0x00007FF636F50000-0x00007FF6372A4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-102-0x00007FF636F50000-0x00007FF6372A4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-36-0x00007FF636F50000-0x00007FF6372A4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-79-0x00007FF681F00000-0x00007FF682254000-memory.dmp

Filesize
3.3MB

Download
memory/2904-147-0x00007FF681F00000-0x00007FF682254000-memory.dmp

Filesize
3.3MB

Download
memory/3372-30-0x00007FF7CC870000-0x00007FF7CCBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3372-94-0x00007FF7CC870000-0x00007FF7CCBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3492-1115-0x00007FF6FC0C0000-0x00007FF6FC414000-memory.dmp

Filesize
3.3MB

Download
memory/3492-2471-0x00007FF6FC0C0000-0x00007FF6FC414000-memory.dmp

Filesize
3.3MB

Download
memory/3492-173-0x00007FF6FC0C0000-0x00007FF6FC414000-memory.dmp

Filesize
3.3MB

Download
memory/3908-2119-0x00007FF6F2250000-0x00007FF6F25A4000-memory.dmp

Filesize
3.3MB

Download
memory/3908-18-0x00007FF6F2250000-0x00007FF6F25A4000-memory.dmp

Filesize
3.3MB

Download
memory/3908-69-0x00007FF6F2250000-0x00007FF6F25A4000-memory.dmp

Filesize
3.3MB

Download
memory/3956-153-0x00007FF68F4B0000-0x00007FF68F804000-memory.dmp

Filesize
3.3MB

Download
memory/3956-937-0x00007FF68F4B0000-0x00007FF68F804000-memory.dmp

Filesize
3.3MB

Download
memory/3956-2447-0x00007FF68F4B0000-0x00007FF68F804000-memory.dmp

Filesize
3.3MB

Download
memory/4108-1167-0x00007FF621500000-0x00007FF621854000-memory.dmp

Filesize
3.3MB

Download
memory/4108-180-0x00007FF621500000-0x00007FF621854000-memory.dmp

Filesize
3.3MB

Download
memory/4132-154-0x00007FF766DD0000-0x00007FF767124000-memory.dmp

Filesize
3.3MB

Download
memory/4132-85-0x00007FF766DD0000-0x00007FF767124000-memory.dmp

Filesize
3.3MB

Download
memory/4272-126-0x00007FF781240000-0x00007FF781594000-memory.dmp

Filesize
3.3MB

Download
memory/4272-187-0x00007FF781240000-0x00007FF781594000-memory.dmp

Filesize
3.3MB

Download
memory/4288-163-0x00007FF6162E0000-0x00007FF616634000-memory.dmp

Filesize
3.3MB

Download
memory/4288-95-0x00007FF6162E0000-0x00007FF616634000-memory.dmp

Filesize
3.3MB

Download
memory/4480-41-0x00007FF6C2CC0000-0x00007FF6C3014000-memory.dmp

Filesize
3.3MB

Download
memory/4480-109-0x00007FF6C2CC0000-0x00007FF6C3014000-memory.dmp

Filesize
3.3MB

Download
memory/4600-193-0x00007FF753510000-0x00007FF753864000-memory.dmp

Filesize
3.3MB

Download
memory/4600-1169-0x00007FF753510000-0x00007FF753864000-memory.dmp

Filesize
3.3MB

Download
memory/4640-938-0x00007FF71F5E0000-0x00007FF71F934000-memory.dmp

Filesize
3.3MB

Download
memory/4640-171-0x00007FF71F5E0000-0x00007FF71F934000-memory.dmp

Filesize
3.3MB

Download
memory/4640-2466-0x00007FF71F5E0000-0x00007FF71F934000-memory.dmp

Filesize
3.3MB

Download
memory/4920-2109-0x00007FF6B41B0000-0x00007FF6B4504000-memory.dmp

Filesize
3.3MB

Download
memory/4920-17-0x00007FF6B41B0000-0x00007FF6B4504000-memory.dmp

Filesize
3.3MB

Download
memory/4920-56-0x00007FF6B41B0000-0x00007FF6B4504000-memory.dmp

Filesize
3.3MB

Download
memory/5048-194-0x00007FF60EBE0000-0x00007FF60EF34000-memory.dmp

Filesize
3.3MB

Download
memory/5048-1286-0x00007FF60EBE0000-0x00007FF60EF34000-memory.dmp

Filesize
3.3MB

Download
memory/5048-2544-0x00007FF60EBE0000-0x00007FF60EF34000-memory.dmp

Filesize
3.3MB

Download