cobaltstrike | daabc4508f845faba5aec9b85994df933bdb5dbbfc4442ff1e15858efe95bf3f

Analysis

max time kernel
111s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
31-01-2025 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

c66c7215e9259610f0bb751e3a792d72
SHA1

a2dae6bf408ec0cce4ef478e8c9e1ba223722f30
SHA256

daabc4508f845faba5aec9b85994df933bdb5dbbfc4442ff1e15858efe95bf3f
SHA512

51efee66033503101443695eb5aa6148e43a12a9ac3583ebf37ca125ccf02f35197d025adcfe696b0c6c5f97cb5436a093346995c9cb3b9cf90b2230d3a804ea
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUz:j+R56utgpPF8u/7z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0009000000023c48-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c4f-10.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c4e-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c52-36.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c54-44.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c4c-80.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6a-182.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6c-194.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6b-188.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c69-185.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c68-179.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c67-173.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c66-164.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c65-159.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c64-154.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c63-149.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c62-140.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c61-134.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c60-129.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c5f-123.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c5e-117.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c5d-111.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c5c-105.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c5b-96.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c5a-93.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c59-83.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c58-74.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c57-69.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c56-63.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c55-57.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c53-45.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c51-30.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c50-24.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1412-0-0x00007FF700170000-0x00007FF7004BD000-memory.dmp	xmrig
behavioral2/files/0x0009000000023c48-5.dat	xmrig
behavioral2/files/0x0007000000023c4f-10.dat	xmrig
behavioral2/files/0x0008000000023c4e-11.dat	xmrig
behavioral2/memory/2140-13-0x00007FF651FA0000-0x00007FF6522ED000-memory.dmp	xmrig
behavioral2/memory/4880-25-0x00007FF7CC6D0000-0x00007FF7CCA1D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c52-36.dat	xmrig
behavioral2/files/0x0007000000023c54-44.dat	xmrig
behavioral2/memory/1628-64-0x00007FF605AB0000-0x00007FF605DFD000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c4c-80.dat	xmrig
behavioral2/memory/1696-118-0x00007FF610210000-0x00007FF61055D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c6a-182.dat	xmrig
behavioral2/files/0x0007000000023c6c-194.dat	xmrig
behavioral2/memory/2844-192-0x00007FF7612C0000-0x00007FF76160D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c6b-188.dat	xmrig
behavioral2/memory/1876-186-0x00007FF6EB670000-0x00007FF6EB9BD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c69-185.dat	xmrig
behavioral2/memory/3324-180-0x00007FF7B7AE0000-0x00007FF7B7E2D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c68-179.dat	xmrig
behavioral2/memory/2456-174-0x00007FF675130000-0x00007FF67547D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c67-173.dat	xmrig
behavioral2/memory/2976-165-0x00007FF71FCA0000-0x00007FF71FFED000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c66-164.dat	xmrig
behavioral2/memory/3132-160-0x00007FF7FBC30000-0x00007FF7FBF7D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c65-159.dat	xmrig
behavioral2/memory/2548-155-0x00007FF6D0CC0000-0x00007FF6D100D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c64-154.dat	xmrig
behavioral2/memory/708-150-0x00007FF624240000-0x00007FF62458D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c63-149.dat	xmrig
behavioral2/memory/4804-141-0x00007FF78A010000-0x00007FF78A35D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c62-140.dat	xmrig
behavioral2/memory/1868-135-0x00007FF7DE100000-0x00007FF7DE44D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c61-134.dat	xmrig
behavioral2/memory/4336-130-0x00007FF628500000-0x00007FF62884D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c60-129.dat	xmrig
behavioral2/memory/3380-124-0x00007FF6782A0000-0x00007FF6785ED000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c5f-123.dat	xmrig
behavioral2/files/0x0007000000023c5e-117.dat	xmrig
behavioral2/memory/840-112-0x00007FF666630000-0x00007FF66697D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c5d-111.dat	xmrig
behavioral2/memory/3272-106-0x00007FF6FF8A0000-0x00007FF6FFBED000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c5c-105.dat	xmrig
behavioral2/memory/2856-97-0x00007FF6B0B10000-0x00007FF6B0E5D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c5b-96.dat	xmrig
behavioral2/memory/5004-94-0x00007FF70E1E0000-0x00007FF70E52D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c5a-93.dat	xmrig
behavioral2/memory/1416-90-0x00007FF6276C0000-0x00007FF627A0D000-memory.dmp	xmrig
behavioral2/memory/3668-84-0x00007FF795180000-0x00007FF7954CD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c59-83.dat	xmrig
behavioral2/memory/4504-75-0x00007FF70D8B0000-0x00007FF70DBFD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c58-74.dat	xmrig
behavioral2/memory/3528-70-0x00007FF768810000-0x00007FF768B5D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c57-69.dat	xmrig
behavioral2/files/0x0007000000023c56-63.dat	xmrig
behavioral2/memory/3876-58-0x00007FF7F1710000-0x00007FF7F1A5D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c55-57.dat	xmrig
behavioral2/memory/3676-51-0x00007FF734D40000-0x00007FF73508D000-memory.dmp	xmrig
behavioral2/memory/3744-46-0x00007FF66E870000-0x00007FF66EBBD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c53-45.dat	xmrig
behavioral2/memory/4012-37-0x00007FF72C710000-0x00007FF72CA5D000-memory.dmp	xmrig
behavioral2/memory/4080-31-0x00007FF7318E0000-0x00007FF731C2D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c51-30.dat	xmrig
behavioral2/memory/3732-19-0x00007FF6B8150000-0x00007FF6B849D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c50-24.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3844	LKPwEUN.exe
2140	OvrtpCw.exe
3732	xxsBBnX.exe
4880	mDfKGsB.exe
4080	aQphSuK.exe
4012	ZonqMvW.exe
3744	hyNreVk.exe
3676	jaOHAfD.exe
3876	rkuwwSL.exe
1628	kygvBEL.exe
3528	CKnomoF.exe
4504	cGgvNEq.exe
3668	rbJEuVi.exe
1416	mQoTHYI.exe
5004	NrPgRil.exe
2856	hrwjPaU.exe
3272	SmUNVmB.exe
840	fVpssCQ.exe
1696	wbNNRPF.exe
3380	epTScDU.exe
4336	WLnmNhb.exe
1868	TbEiMhF.exe
4804	iAfhQxs.exe
708	IpeSSzN.exe
2548	FQDfOzW.exe
3132	hQJluRX.exe
2976	YJXROZq.exe
2456	IshBCxR.exe
3324	DSYNNre.exe
1876	yCGWzZw.exe
2844	LhBaWuU.exe
1288	GWYXKWB.exe
2628	GHNzVtH.exe
2640	CmwsLIg.exe
3544	bWyGQeA.exe
4768	bLhmDsy.exe
892	qgzJsWY.exe
2836	RxYGWQU.exe
2148	ptZdOWR.exe
3240	RNFhDwC.exe
2440	VZbzWDx.exe
1956	CFiLhNO.exe
4616	EImTJGu.exe
4772	GWzVyUV.exe
4868	dsYfalb.exe
1332	sAqQJkv.exe
2980	WlmzYNw.exe
4240	zrThIfM.exe
4372	wiuKDmd.exe
2864	cvxEUTa.exe
924	XRSgafZ.exe
2692	DpRZXLs.exe
1852	yMbkkzK.exe
2176	uvBYeNC.exe
3016	ZlDvInr.exe
3344	GLAFrUy.exe
4796	kpBljZx.exe
704	KYkeaSO.exe
632	xjAepTX.exe
3332	YnySCZp.exe
2168	dzVxTfU.exe
2508	bLwXdWa.exe
2112	WCzQBEq.exe
1404	colPTgW.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FmJkmHo.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtSCIgm.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSAmBou.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UmDQmzt.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdNQqAE.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NGKEAqB.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYnoqFa.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfKPTAv.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BrSmvCY.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YCLqJit.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVAhjEh.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FnwpgjM.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNwPWUC.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kfTzIAd.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cpmOTJv.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tiCoYZO.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dRGYlxU.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDfKGsB.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FSQtquS.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FihHohg.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnHGxic.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UeayHBz.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SrFaJSA.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWEgQIh.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RNFhDwC.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVIeqXN.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWzVyUV.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRSgafZ.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtlKdWU.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eZPyBwX.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQrxRUM.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJshlQM.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SmUNVmB.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wbNNRPF.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKglhcj.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVUwUAL.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PCcXVsr.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZzswzr.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\colPTgW.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSnpVKJ.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dAJnuKz.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ojQfQYy.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VJxCzMv.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zyinJeN.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfiERcL.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oEmseJQ.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrwjPaU.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLnmNhb.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SdLzeho.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EImTJGu.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwfAWAw.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qeGpouE.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KULvbxn.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAICldB.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KIVCEtc.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hCoBWjp.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgQkZPV.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXYbpVG.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBRkUYw.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IelXQfM.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSnSSnX.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UyMOekx.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZyRgRE.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\epTScDU.exe	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 3844	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1412 wrote to memory of 3844	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1412 wrote to memory of 2140	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1412 wrote to memory of 2140	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1412 wrote to memory of 3732	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1412 wrote to memory of 3732	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1412 wrote to memory of 4880	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1412 wrote to memory of 4880	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1412 wrote to memory of 4080	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1412 wrote to memory of 4080	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1412 wrote to memory of 4012	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1412 wrote to memory of 4012	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1412 wrote to memory of 3744	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1412 wrote to memory of 3744	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1412 wrote to memory of 3676	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1412 wrote to memory of 3676	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1412 wrote to memory of 3876	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1412 wrote to memory of 3876	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1412 wrote to memory of 1628	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1412 wrote to memory of 1628	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1412 wrote to memory of 3528	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1412 wrote to memory of 3528	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1412 wrote to memory of 4504	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1412 wrote to memory of 4504	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1412 wrote to memory of 3668	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1412 wrote to memory of 3668	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1412 wrote to memory of 1416	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1412 wrote to memory of 1416	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1412 wrote to memory of 5004	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1412 wrote to memory of 5004	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1412 wrote to memory of 2856	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1412 wrote to memory of 2856	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1412 wrote to memory of 3272	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1412 wrote to memory of 3272	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1412 wrote to memory of 840	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1412 wrote to memory of 840	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1412 wrote to memory of 1696	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1412 wrote to memory of 1696	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1412 wrote to memory of 3380	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1412 wrote to memory of 3380	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1412 wrote to memory of 4336	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1412 wrote to memory of 4336	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1412 wrote to memory of 1868	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1412 wrote to memory of 1868	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1412 wrote to memory of 4804	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1412 wrote to memory of 4804	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1412 wrote to memory of 708	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1412 wrote to memory of 708	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1412 wrote to memory of 2548	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1412 wrote to memory of 2548	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1412 wrote to memory of 3132	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1412 wrote to memory of 3132	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1412 wrote to memory of 2976	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1412 wrote to memory of 2976	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1412 wrote to memory of 2456	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1412 wrote to memory of 2456	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1412 wrote to memory of 3324	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1412 wrote to memory of 3324	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1412 wrote to memory of 1876	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1412 wrote to memory of 1876	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1412 wrote to memory of 2844	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1412 wrote to memory of 2844	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1412 wrote to memory of 1288	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1412 wrote to memory of 1288	1412	2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe	116

C:\Users\Admin\AppData\Local\Temp\2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_c66c7215e9259610f0bb751e3a792d72_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Windows\System\LKPwEUN.exe
  C:\Windows\System\LKPwEUN.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\OvrtpCw.exe
  C:\Windows\System\OvrtpCw.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\xxsBBnX.exe
  C:\Windows\System\xxsBBnX.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\mDfKGsB.exe
  C:\Windows\System\mDfKGsB.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\aQphSuK.exe
  C:\Windows\System\aQphSuK.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\ZonqMvW.exe
  C:\Windows\System\ZonqMvW.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\hyNreVk.exe
  C:\Windows\System\hyNreVk.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\jaOHAfD.exe
  C:\Windows\System\jaOHAfD.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\rkuwwSL.exe
  C:\Windows\System\rkuwwSL.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\kygvBEL.exe
  C:\Windows\System\kygvBEL.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\CKnomoF.exe
  C:\Windows\System\CKnomoF.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\cGgvNEq.exe
  C:\Windows\System\cGgvNEq.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\rbJEuVi.exe
  C:\Windows\System\rbJEuVi.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\mQoTHYI.exe
  C:\Windows\System\mQoTHYI.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\NrPgRil.exe
  C:\Windows\System\NrPgRil.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\hrwjPaU.exe
  C:\Windows\System\hrwjPaU.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\SmUNVmB.exe
  C:\Windows\System\SmUNVmB.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\fVpssCQ.exe
  C:\Windows\System\fVpssCQ.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\wbNNRPF.exe
  C:\Windows\System\wbNNRPF.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\epTScDU.exe
  C:\Windows\System\epTScDU.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\WLnmNhb.exe
  C:\Windows\System\WLnmNhb.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\TbEiMhF.exe
  C:\Windows\System\TbEiMhF.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\iAfhQxs.exe
  C:\Windows\System\iAfhQxs.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\IpeSSzN.exe
  C:\Windows\System\IpeSSzN.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\FQDfOzW.exe
  C:\Windows\System\FQDfOzW.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\hQJluRX.exe
  C:\Windows\System\hQJluRX.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\YJXROZq.exe
  C:\Windows\System\YJXROZq.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\IshBCxR.exe
  C:\Windows\System\IshBCxR.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\DSYNNre.exe
  C:\Windows\System\DSYNNre.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\yCGWzZw.exe
  C:\Windows\System\yCGWzZw.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\LhBaWuU.exe
  C:\Windows\System\LhBaWuU.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\GWYXKWB.exe
  C:\Windows\System\GWYXKWB.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\GHNzVtH.exe
  C:\Windows\System\GHNzVtH.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\CmwsLIg.exe
  C:\Windows\System\CmwsLIg.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\bWyGQeA.exe
  C:\Windows\System\bWyGQeA.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\bLhmDsy.exe
  C:\Windows\System\bLhmDsy.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\qgzJsWY.exe
  C:\Windows\System\qgzJsWY.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\RxYGWQU.exe
  C:\Windows\System\RxYGWQU.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\ptZdOWR.exe
  C:\Windows\System\ptZdOWR.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\RNFhDwC.exe
  C:\Windows\System\RNFhDwC.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\VZbzWDx.exe
  C:\Windows\System\VZbzWDx.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\CFiLhNO.exe
  C:\Windows\System\CFiLhNO.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\EImTJGu.exe
  C:\Windows\System\EImTJGu.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\GWzVyUV.exe
  C:\Windows\System\GWzVyUV.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\dsYfalb.exe
  C:\Windows\System\dsYfalb.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\sAqQJkv.exe
  C:\Windows\System\sAqQJkv.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\WlmzYNw.exe
  C:\Windows\System\WlmzYNw.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\zrThIfM.exe
  C:\Windows\System\zrThIfM.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\wiuKDmd.exe
  C:\Windows\System\wiuKDmd.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\cvxEUTa.exe
  C:\Windows\System\cvxEUTa.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\XRSgafZ.exe
  C:\Windows\System\XRSgafZ.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\DpRZXLs.exe
  C:\Windows\System\DpRZXLs.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\yMbkkzK.exe
  C:\Windows\System\yMbkkzK.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\uvBYeNC.exe
  C:\Windows\System\uvBYeNC.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\ZlDvInr.exe
  C:\Windows\System\ZlDvInr.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\GLAFrUy.exe
  C:\Windows\System\GLAFrUy.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\kpBljZx.exe
  C:\Windows\System\kpBljZx.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\KYkeaSO.exe
  C:\Windows\System\KYkeaSO.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\xjAepTX.exe
  C:\Windows\System\xjAepTX.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\YnySCZp.exe
  C:\Windows\System\YnySCZp.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\dzVxTfU.exe
  C:\Windows\System\dzVxTfU.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\bLwXdWa.exe
  C:\Windows\System\bLwXdWa.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\WCzQBEq.exe
  C:\Windows\System\WCzQBEq.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\colPTgW.exe
  C:\Windows\System\colPTgW.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\sqbQcyq.exe
  C:\Windows\System\sqbQcyq.exe
  2⤵
  PID:4856
- C:\Windows\System\toDGueJ.exe
  C:\Windows\System\toDGueJ.exe
  2⤵
  PID:3432
- C:\Windows\System\GDFdStN.exe
  C:\Windows\System\GDFdStN.exe
  2⤵
  PID:4508
- C:\Windows\System\rpmpuvd.exe
  C:\Windows\System\rpmpuvd.exe
  2⤵
  PID:2084
- C:\Windows\System\LXavgeu.exe
  C:\Windows\System\LXavgeu.exe
  2⤵
  PID:4608
- C:\Windows\System\oyBwcRh.exe
  C:\Windows\System\oyBwcRh.exe
  2⤵
  PID:4376
- C:\Windows\System\vjXbStS.exe
  C:\Windows\System\vjXbStS.exe
  2⤵
  PID:3276
- C:\Windows\System\yBRkUYw.exe
  C:\Windows\System\yBRkUYw.exe
  2⤵
  PID:1552
- C:\Windows\System\GanZXeb.exe
  C:\Windows\System\GanZXeb.exe
  2⤵
  PID:232
- C:\Windows\System\mSnSSnX.exe
  C:\Windows\System\mSnSSnX.exe
  2⤵
  PID:316
- C:\Windows\System\SRfYoWN.exe
  C:\Windows\System\SRfYoWN.exe
  2⤵
  PID:4940
- C:\Windows\System\SoVDTjV.exe
  C:\Windows\System\SoVDTjV.exe
  2⤵
  PID:3268
- C:\Windows\System\diodzJn.exe
  C:\Windows\System\diodzJn.exe
  2⤵
  PID:412
- C:\Windows\System\BAlIpsJ.exe
  C:\Windows\System\BAlIpsJ.exe
  2⤵
  PID:4484
- C:\Windows\System\zQbnGag.exe
  C:\Windows\System\zQbnGag.exe
  2⤵
  PID:5124
- C:\Windows\System\cAICldB.exe
  C:\Windows\System\cAICldB.exe
  2⤵
  PID:5152
- C:\Windows\System\fORoojV.exe
  C:\Windows\System\fORoojV.exe
  2⤵
  PID:5184
- C:\Windows\System\FSQtquS.exe
  C:\Windows\System\FSQtquS.exe
  2⤵
  PID:5216
- C:\Windows\System\lYvDdcf.exe
  C:\Windows\System\lYvDdcf.exe
  2⤵
  PID:5248
- C:\Windows\System\KdnhlMZ.exe
  C:\Windows\System\KdnhlMZ.exe
  2⤵
  PID:5280
- C:\Windows\System\UeayHBz.exe
  C:\Windows\System\UeayHBz.exe
  2⤵
  PID:5316
- C:\Windows\System\lZeyDfL.exe
  C:\Windows\System\lZeyDfL.exe
  2⤵
  PID:5344
- C:\Windows\System\JaWFzCC.exe
  C:\Windows\System\JaWFzCC.exe
  2⤵
  PID:5380
- C:\Windows\System\BIMDcUk.exe
  C:\Windows\System\BIMDcUk.exe
  2⤵
  PID:5408
- C:\Windows\System\BEFghNi.exe
  C:\Windows\System\BEFghNi.exe
  2⤵
  PID:5440
- C:\Windows\System\HGMBpCR.exe
  C:\Windows\System\HGMBpCR.exe
  2⤵
  PID:5472
- C:\Windows\System\YCLqJit.exe
  C:\Windows\System\YCLqJit.exe
  2⤵
  PID:5504
- C:\Windows\System\kPMuIpT.exe
  C:\Windows\System\kPMuIpT.exe
  2⤵
  PID:5536
- C:\Windows\System\cxWyfUI.exe
  C:\Windows\System\cxWyfUI.exe
  2⤵
  PID:5572
- C:\Windows\System\izsWsyd.exe
  C:\Windows\System\izsWsyd.exe
  2⤵
  PID:5600
- C:\Windows\System\BXtQlna.exe
  C:\Windows\System\BXtQlna.exe
  2⤵
  PID:5648
- C:\Windows\System\ODKhoBv.exe
  C:\Windows\System\ODKhoBv.exe
  2⤵
  PID:5680
- C:\Windows\System\tkpHxdX.exe
  C:\Windows\System\tkpHxdX.exe
  2⤵
  PID:5716
- C:\Windows\System\ctgfQHe.exe
  C:\Windows\System\ctgfQHe.exe
  2⤵
  PID:5748
- C:\Windows\System\HoWLVkG.exe
  C:\Windows\System\HoWLVkG.exe
  2⤵
  PID:5780
- C:\Windows\System\iimdKJK.exe
  C:\Windows\System\iimdKJK.exe
  2⤵
  PID:5808
- C:\Windows\System\wZaLQEb.exe
  C:\Windows\System\wZaLQEb.exe
  2⤵
  PID:5844
- C:\Windows\System\BpkjhFP.exe
  C:\Windows\System\BpkjhFP.exe
  2⤵
  PID:5876
- C:\Windows\System\XarDKGM.exe
  C:\Windows\System\XarDKGM.exe
  2⤵
  PID:5904
- C:\Windows\System\CbMwDZY.exe
  C:\Windows\System\CbMwDZY.exe
  2⤵
  PID:5924
- C:\Windows\System\vngaTYP.exe
  C:\Windows\System\vngaTYP.exe
  2⤵
  PID:5956
- C:\Windows\System\dqbWYNg.exe
  C:\Windows\System\dqbWYNg.exe
  2⤵
  PID:5984
- C:\Windows\System\tkvyNqo.exe
  C:\Windows\System\tkvyNqo.exe
  2⤵
  PID:6016
- C:\Windows\System\oMePFwe.exe
  C:\Windows\System\oMePFwe.exe
  2⤵
  PID:6048
- C:\Windows\System\bmLuDpk.exe
  C:\Windows\System\bmLuDpk.exe
  2⤵
  PID:6080
- C:\Windows\System\zEzbgQm.exe
  C:\Windows\System\zEzbgQm.exe
  2⤵
  PID:6116
- C:\Windows\System\FdFyYxn.exe
  C:\Windows\System\FdFyYxn.exe
  2⤵
  PID:1672
- C:\Windows\System\bBwjYcU.exe
  C:\Windows\System\bBwjYcU.exe
  2⤵
  PID:5048
- C:\Windows\System\vnGmpiR.exe
  C:\Windows\System\vnGmpiR.exe
  2⤵
  PID:1224
- C:\Windows\System\ATnymzs.exe
  C:\Windows\System\ATnymzs.exe
  2⤵
  PID:4756
- C:\Windows\System\AQriGwD.exe
  C:\Windows\System\AQriGwD.exe
  2⤵
  PID:3552
- C:\Windows\System\hCoBWjp.exe
  C:\Windows\System\hCoBWjp.exe
  2⤵
  PID:1244
- C:\Windows\System\pgoQEMR.exe
  C:\Windows\System\pgoQEMR.exe
  2⤵
  PID:5144
- C:\Windows\System\WLBAQGj.exe
  C:\Windows\System\WLBAQGj.exe
  2⤵
  PID:5208
- C:\Windows\System\geHepxH.exe
  C:\Windows\System\geHepxH.exe
  2⤵
  PID:5272
- C:\Windows\System\KBJnshS.exe
  C:\Windows\System\KBJnshS.exe
  2⤵
  PID:5336
- C:\Windows\System\XAoQzXf.exe
  C:\Windows\System\XAoQzXf.exe
  2⤵
  PID:5400
- C:\Windows\System\waVmrwa.exe
  C:\Windows\System\waVmrwa.exe
  2⤵
  PID:5468
- C:\Windows\System\pQoRuBs.exe
  C:\Windows\System\pQoRuBs.exe
  2⤵
  PID:5532
- C:\Windows\System\QGSRxSZ.exe
  C:\Windows\System\QGSRxSZ.exe
  2⤵
  PID:5592
- C:\Windows\System\KdevJvn.exe
  C:\Windows\System\KdevJvn.exe
  2⤵
  PID:5664
- C:\Windows\System\DcyGEYI.exe
  C:\Windows\System\DcyGEYI.exe
  2⤵
  PID:5728
- C:\Windows\System\uaiCToo.exe
  C:\Windows\System\uaiCToo.exe
  2⤵
  PID:5792
- C:\Windows\System\BRDcLFu.exe
  C:\Windows\System\BRDcLFu.exe
  2⤵
  PID:5856
- C:\Windows\System\RidBrgm.exe
  C:\Windows\System\RidBrgm.exe
  2⤵
  PID:5916
- C:\Windows\System\SajiflP.exe
  C:\Windows\System\SajiflP.exe
  2⤵
  PID:5980
- C:\Windows\System\qEdLMGc.exe
  C:\Windows\System\qEdLMGc.exe
  2⤵
  PID:6040
- C:\Windows\System\kqVwgvx.exe
  C:\Windows\System\kqVwgvx.exe
  2⤵
  PID:6104
- C:\Windows\System\yRHsuiM.exe
  C:\Windows\System\yRHsuiM.exe
  2⤵
  PID:3684
- C:\Windows\System\SDfByYz.exe
  C:\Windows\System\SDfByYz.exe
  2⤵
  PID:1508
- C:\Windows\System\dPuAYqH.exe
  C:\Windows\System\dPuAYqH.exe
  2⤵
  PID:2132
- C:\Windows\System\ayLcxUm.exe
  C:\Windows\System\ayLcxUm.exe
  2⤵
  PID:5204
- C:\Windows\System\xgduFPq.exe
  C:\Windows\System\xgduFPq.exe
  2⤵
  PID:5328
- C:\Windows\System\aXBkLVT.exe
  C:\Windows\System\aXBkLVT.exe
  2⤵
  PID:5456
- C:\Windows\System\AFdCFhG.exe
  C:\Windows\System\AFdCFhG.exe
  2⤵
  PID:5584
- C:\Windows\System\lWwATov.exe
  C:\Windows\System\lWwATov.exe
  2⤵
  PID:5708
- C:\Windows\System\OSPZIom.exe
  C:\Windows\System\OSPZIom.exe
  2⤵
  PID:5832
- C:\Windows\System\pHmNxNt.exe
  C:\Windows\System\pHmNxNt.exe
  2⤵
  PID:5968
- C:\Windows\System\pSAmBou.exe
  C:\Windows\System\pSAmBou.exe
  2⤵
  PID:6096
- C:\Windows\System\FzaQDMo.exe
  C:\Windows\System\FzaQDMo.exe
  2⤵
  PID:2784
- C:\Windows\System\YykIduc.exe
  C:\Windows\System\YykIduc.exe
  2⤵
  PID:5180
- C:\Windows\System\sGCsMud.exe
  C:\Windows\System\sGCsMud.exe
  2⤵
  PID:5436
- C:\Windows\System\hOEPOBF.exe
  C:\Windows\System\hOEPOBF.exe
  2⤵
  PID:5644
- C:\Windows\System\tYtKjzd.exe
  C:\Windows\System\tYtKjzd.exe
  2⤵
  PID:5896
- C:\Windows\System\BbBmWVh.exe
  C:\Windows\System\BbBmWVh.exe
  2⤵
  PID:1512
- C:\Windows\System\IelXQfM.exe
  C:\Windows\System\IelXQfM.exe
  2⤵
  PID:6164
- C:\Windows\System\APfWNkf.exe
  C:\Windows\System\APfWNkf.exe
  2⤵
  PID:6192
- C:\Windows\System\MtlKdWU.exe
  C:\Windows\System\MtlKdWU.exe
  2⤵
  PID:6224
- C:\Windows\System\oHkteUN.exe
  C:\Windows\System\oHkteUN.exe
  2⤵
  PID:6256
- C:\Windows\System\aZuQsqL.exe
  C:\Windows\System\aZuQsqL.exe
  2⤵
  PID:6288
- C:\Windows\System\lcFVIqU.exe
  C:\Windows\System\lcFVIqU.exe
  2⤵
  PID:6320
- C:\Windows\System\fFUvMLF.exe
  C:\Windows\System\fFUvMLF.exe
  2⤵
  PID:6352
- C:\Windows\System\nbTFJYU.exe
  C:\Windows\System\nbTFJYU.exe
  2⤵
  PID:6384
- C:\Windows\System\uzScgUA.exe
  C:\Windows\System\uzScgUA.exe
  2⤵
  PID:6420
- C:\Windows\System\SwHOypf.exe
  C:\Windows\System\SwHOypf.exe
  2⤵
  PID:6448
- C:\Windows\System\YueFegd.exe
  C:\Windows\System\YueFegd.exe
  2⤵
  PID:6480
- C:\Windows\System\wCdIOzL.exe
  C:\Windows\System\wCdIOzL.exe
  2⤵
  PID:6512
- C:\Windows\System\gvPbhGA.exe
  C:\Windows\System\gvPbhGA.exe
  2⤵
  PID:6544
- C:\Windows\System\GLmiTZu.exe
  C:\Windows\System\GLmiTZu.exe
  2⤵
  PID:6580
- C:\Windows\System\OVAhjEh.exe
  C:\Windows\System\OVAhjEh.exe
  2⤵
  PID:6608
- C:\Windows\System\MjczQOj.exe
  C:\Windows\System\MjczQOj.exe
  2⤵
  PID:6640
- C:\Windows\System\qRtaWLM.exe
  C:\Windows\System\qRtaWLM.exe
  2⤵
  PID:6676
- C:\Windows\System\NaTbZMD.exe
  C:\Windows\System\NaTbZMD.exe
  2⤵
  PID:6708
- C:\Windows\System\hWVlQVH.exe
  C:\Windows\System\hWVlQVH.exe
  2⤵
  PID:6736
- C:\Windows\System\mBOtGPY.exe
  C:\Windows\System\mBOtGPY.exe
  2⤵
  PID:6768
- C:\Windows\System\GVrfbZT.exe
  C:\Windows\System\GVrfbZT.exe
  2⤵
  PID:6800
- C:\Windows\System\ItkcQec.exe
  C:\Windows\System\ItkcQec.exe
  2⤵
  PID:6832
- C:\Windows\System\TWxHWSF.exe
  C:\Windows\System\TWxHWSF.exe
  2⤵
  PID:6864
- C:\Windows\System\PCcXVsr.exe
  C:\Windows\System\PCcXVsr.exe
  2⤵
  PID:6896
- C:\Windows\System\SrFaJSA.exe
  C:\Windows\System\SrFaJSA.exe
  2⤵
  PID:6932
- C:\Windows\System\hwAGdiB.exe
  C:\Windows\System\hwAGdiB.exe
  2⤵
  PID:6960
- C:\Windows\System\dxoUQtx.exe
  C:\Windows\System\dxoUQtx.exe
  2⤵
  PID:6992
- C:\Windows\System\eZPyBwX.exe
  C:\Windows\System\eZPyBwX.exe
  2⤵
  PID:7024
- C:\Windows\System\LZhTgfg.exe
  C:\Windows\System\LZhTgfg.exe
  2⤵
  PID:7056
- C:\Windows\System\DusonwK.exe
  C:\Windows\System\DusonwK.exe
  2⤵
  PID:7088
- C:\Windows\System\aLQKTYp.exe
  C:\Windows\System\aLQKTYp.exe
  2⤵
  PID:7120
- C:\Windows\System\LCArEKZ.exe
  C:\Windows\System\LCArEKZ.exe
  2⤵
  PID:7152
- C:\Windows\System\DHKqHMg.exe
  C:\Windows\System\DHKqHMg.exe
  2⤵
  PID:5308
- C:\Windows\System\XkYNXMV.exe
  C:\Windows\System\XkYNXMV.exe
  2⤵
  PID:5828
- C:\Windows\System\wxiMGCO.exe
  C:\Windows\System\wxiMGCO.exe
  2⤵
  PID:6148
- C:\Windows\System\DXrXljL.exe
  C:\Windows\System\DXrXljL.exe
  2⤵
  PID:6208
- C:\Windows\System\lOscAGo.exe
  C:\Windows\System\lOscAGo.exe
  2⤵
  PID:6252
- C:\Windows\System\wnxEoAK.exe
  C:\Windows\System\wnxEoAK.exe
  2⤵
  PID:6312
- C:\Windows\System\bAbYyhw.exe
  C:\Windows\System\bAbYyhw.exe
  2⤵
  PID:6376
- C:\Windows\System\gZzswzr.exe
  C:\Windows\System\gZzswzr.exe
  2⤵
  PID:956
- C:\Windows\System\bAZuUnW.exe
  C:\Windows\System\bAZuUnW.exe
  2⤵
  PID:6508
- C:\Windows\System\ShqhLuU.exe
  C:\Windows\System\ShqhLuU.exe
  2⤵
  PID:6572
- C:\Windows\System\QAlAXKA.exe
  C:\Windows\System\QAlAXKA.exe
  2⤵
  PID:6624
- C:\Windows\System\mJIGndd.exe
  C:\Windows\System\mJIGndd.exe
  2⤵
  PID:6656
- C:\Windows\System\FzpkcQa.exe
  C:\Windows\System\FzpkcQa.exe
  2⤵
  PID:6728
- C:\Windows\System\rdNQqAE.exe
  C:\Windows\System\rdNQqAE.exe
  2⤵
  PID:6792
- C:\Windows\System\mjWIolX.exe
  C:\Windows\System\mjWIolX.exe
  2⤵
  PID:6856
- C:\Windows\System\rcjndlW.exe
  C:\Windows\System\rcjndlW.exe
  2⤵
  PID:6920
- C:\Windows\System\thvQbVA.exe
  C:\Windows\System\thvQbVA.exe
  2⤵
  PID:6984
- C:\Windows\System\nXyyctz.exe
  C:\Windows\System\nXyyctz.exe
  2⤵
  PID:7040
- C:\Windows\System\gYYedMe.exe
  C:\Windows\System\gYYedMe.exe
  2⤵
  PID:7112
- C:\Windows\System\saUHhrk.exe
  C:\Windows\System\saUHhrk.exe
  2⤵
  PID:5140
- C:\Windows\System\MLzxQLB.exe
  C:\Windows\System\MLzxQLB.exe
  2⤵
  PID:6076
- C:\Windows\System\IDnXaDJ.exe
  C:\Windows\System\IDnXaDJ.exe
  2⤵
  PID:6184
- C:\Windows\System\sToiSio.exe
  C:\Windows\System\sToiSio.exe
  2⤵
  PID:6304
- C:\Windows\System\xpUohjd.exe
  C:\Windows\System\xpUohjd.exe
  2⤵
  PID:6416
- C:\Windows\System\MilXwHx.exe
  C:\Windows\System\MilXwHx.exe
  2⤵
  PID:6540
- C:\Windows\System\bOWyCgX.exe
  C:\Windows\System\bOWyCgX.exe
  2⤵
  PID:6632
- C:\Windows\System\AfsoGff.exe
  C:\Windows\System\AfsoGff.exe
  2⤵
  PID:6760
- C:\Windows\System\ttfQdrW.exe
  C:\Windows\System\ttfQdrW.exe
  2⤵
  PID:6888
- C:\Windows\System\uGbSuCy.exe
  C:\Windows\System\uGbSuCy.exe
  2⤵
  PID:4912
- C:\Windows\System\UzoZOpF.exe
  C:\Windows\System\UzoZOpF.exe
  2⤵
  PID:7076
- C:\Windows\System\YLMrTro.exe
  C:\Windows\System\YLMrTro.exe
  2⤵
  PID:7148
- C:\Windows\System\jNecwkb.exe
  C:\Windows\System\jNecwkb.exe
  2⤵
  PID:1212
- C:\Windows\System\PchtaUj.exe
  C:\Windows\System\PchtaUj.exe
  2⤵
  PID:6284
- C:\Windows\System\nkkwMBm.exe
  C:\Windows\System\nkkwMBm.exe
  2⤵
  PID:2768
- C:\Windows\System\VEcwnOo.exe
  C:\Windows\System\VEcwnOo.exe
  2⤵
  PID:6604
- C:\Windows\System\QltvFlP.exe
  C:\Windows\System\QltvFlP.exe
  2⤵
  PID:6828
- C:\Windows\System\opDBjir.exe
  C:\Windows\System\opDBjir.exe
  2⤵
  PID:6952
- C:\Windows\System\ZzriQGN.exe
  C:\Windows\System\ZzriQGN.exe
  2⤵
  PID:868
- C:\Windows\System\DTZxGbm.exe
  C:\Windows\System\DTZxGbm.exe
  2⤵
  PID:6248
- C:\Windows\System\cRrLYwI.exe
  C:\Windows\System\cRrLYwI.exe
  2⤵
  PID:6600
- C:\Windows\System\DDeFWAw.exe
  C:\Windows\System\DDeFWAw.exe
  2⤵
  PID:7144
- C:\Windows\System\Uoxhulf.exe
  C:\Windows\System\Uoxhulf.exe
  2⤵
  PID:7180
- C:\Windows\System\Rqpccvl.exe
  C:\Windows\System\Rqpccvl.exe
  2⤵
  PID:7200
- C:\Windows\System\ALTeqye.exe
  C:\Windows\System\ALTeqye.exe
  2⤵
  PID:7232
- C:\Windows\System\qKxbmdY.exe
  C:\Windows\System\qKxbmdY.exe
  2⤵
  PID:7260
- C:\Windows\System\XLdRlCz.exe
  C:\Windows\System\XLdRlCz.exe
  2⤵
  PID:7292
- C:\Windows\System\JEnxixb.exe
  C:\Windows\System\JEnxixb.exe
  2⤵
  PID:7324
- C:\Windows\System\iPaRRzo.exe
  C:\Windows\System\iPaRRzo.exe
  2⤵
  PID:7356
- C:\Windows\System\vEUUxiB.exe
  C:\Windows\System\vEUUxiB.exe
  2⤵
  PID:7388
- C:\Windows\System\MmkSaEs.exe
  C:\Windows\System\MmkSaEs.exe
  2⤵
  PID:7420
- C:\Windows\System\TbiAUlb.exe
  C:\Windows\System\TbiAUlb.exe
  2⤵
  PID:7452
- C:\Windows\System\FvipSvo.exe
  C:\Windows\System\FvipSvo.exe
  2⤵
  PID:7484
- C:\Windows\System\BVWvyJw.exe
  C:\Windows\System\BVWvyJw.exe
  2⤵
  PID:7516
- C:\Windows\System\hsDAgih.exe
  C:\Windows\System\hsDAgih.exe
  2⤵
  PID:7548
- C:\Windows\System\azaTqkY.exe
  C:\Windows\System\azaTqkY.exe
  2⤵
  PID:7580
- C:\Windows\System\YzprmTH.exe
  C:\Windows\System\YzprmTH.exe
  2⤵
  PID:7612
- C:\Windows\System\mywCpNt.exe
  C:\Windows\System\mywCpNt.exe
  2⤵
  PID:7644
- C:\Windows\System\paBChYm.exe
  C:\Windows\System\paBChYm.exe
  2⤵
  PID:7760
- C:\Windows\System\FuzocKb.exe
  C:\Windows\System\FuzocKb.exe
  2⤵
  PID:7792
- C:\Windows\System\CitGMIZ.exe
  C:\Windows\System\CitGMIZ.exe
  2⤵
  PID:7848
- C:\Windows\System\QpqOCje.exe
  C:\Windows\System\QpqOCje.exe
  2⤵
  PID:7884
- C:\Windows\System\INLMQIO.exe
  C:\Windows\System\INLMQIO.exe
  2⤵
  PID:7916
- C:\Windows\System\YgJXXjn.exe
  C:\Windows\System\YgJXXjn.exe
  2⤵
  PID:7948
- C:\Windows\System\XJnQBrL.exe
  C:\Windows\System\XJnQBrL.exe
  2⤵
  PID:7980
- C:\Windows\System\QadshQv.exe
  C:\Windows\System\QadshQv.exe
  2⤵
  PID:8016
- C:\Windows\System\XwutEdL.exe
  C:\Windows\System\XwutEdL.exe
  2⤵
  PID:8056
- C:\Windows\System\cSdzfzf.exe
  C:\Windows\System\cSdzfzf.exe
  2⤵
  PID:8096
- C:\Windows\System\HuQvRNf.exe
  C:\Windows\System\HuQvRNf.exe
  2⤵
  PID:8156
- C:\Windows\System\nfLRyoO.exe
  C:\Windows\System\nfLRyoO.exe
  2⤵
  PID:8172
- C:\Windows\System\MQgBhpB.exe
  C:\Windows\System\MQgBhpB.exe
  2⤵
  PID:6564
- C:\Windows\System\PuQJddC.exe
  C:\Windows\System\PuQJddC.exe
  2⤵
  PID:6244
- C:\Windows\System\wzWLSzE.exe
  C:\Windows\System\wzWLSzE.exe
  2⤵
  PID:7248
- C:\Windows\System\AjaefEu.exe
  C:\Windows\System\AjaefEu.exe
  2⤵
  PID:7280
- C:\Windows\System\eHnIaAk.exe
  C:\Windows\System\eHnIaAk.exe
  2⤵
  PID:7380
- C:\Windows\System\udauwTm.exe
  C:\Windows\System\udauwTm.exe
  2⤵
  PID:7468
- C:\Windows\System\MoxQOXM.exe
  C:\Windows\System\MoxQOXM.exe
  2⤵
  PID:7532
- C:\Windows\System\yxzJpmW.exe
  C:\Windows\System\yxzJpmW.exe
  2⤵
  PID:4020
- C:\Windows\System\LFbYYlK.exe
  C:\Windows\System\LFbYYlK.exe
  2⤵
  PID:7608
- C:\Windows\System\UoboCcV.exe
  C:\Windows\System\UoboCcV.exe
  2⤵
  PID:2436
- C:\Windows\System\mAtlPIi.exe
  C:\Windows\System\mAtlPIi.exe
  2⤵
  PID:116
- C:\Windows\System\gSYPJXk.exe
  C:\Windows\System\gSYPJXk.exe
  2⤵
  PID:1924
- C:\Windows\System\ivcIWBy.exe
  C:\Windows\System\ivcIWBy.exe
  2⤵
  PID:4920
- C:\Windows\System\NIkfusf.exe
  C:\Windows\System\NIkfusf.exe
  2⤵
  PID:3440
- C:\Windows\System\XoYtSQS.exe
  C:\Windows\System\XoYtSQS.exe
  2⤵
  PID:4416
- C:\Windows\System\IIMNFoo.exe
  C:\Windows\System\IIMNFoo.exe
  2⤵
  PID:1076
- C:\Windows\System\WTknMhU.exe
  C:\Windows\System\WTknMhU.exe
  2⤵
  PID:3496
- C:\Windows\System\ugxcWCo.exe
  C:\Windows\System\ugxcWCo.exe
  2⤵
  PID:7772
- C:\Windows\System\ONctqCd.exe
  C:\Windows\System\ONctqCd.exe
  2⤵
  PID:7816
- C:\Windows\System\sBwxcYr.exe
  C:\Windows\System\sBwxcYr.exe
  2⤵
  PID:7900
- C:\Windows\System\tbhWtOM.exe
  C:\Windows\System\tbhWtOM.exe
  2⤵
  PID:7964
- C:\Windows\System\FihHohg.exe
  C:\Windows\System\FihHohg.exe
  2⤵
  PID:8032
- C:\Windows\System\jvbZKST.exe
  C:\Windows\System\jvbZKST.exe
  2⤵
  PID:8108
- C:\Windows\System\ZRsysFv.exe
  C:\Windows\System\ZRsysFv.exe
  2⤵
  PID:3136
- C:\Windows\System\gQbCXlm.exe
  C:\Windows\System\gQbCXlm.exe
  2⤵
  PID:8132
- C:\Windows\System\UuwgaNW.exe
  C:\Windows\System\UuwgaNW.exe
  2⤵
  PID:4636
- C:\Windows\System\ERHJvHb.exe
  C:\Windows\System\ERHJvHb.exe
  2⤵
  PID:7276
- C:\Windows\System\GgSnnve.exe
  C:\Windows\System\GgSnnve.exe
  2⤵
  PID:1080
- C:\Windows\System\eFjOyeR.exe
  C:\Windows\System\eFjOyeR.exe
  2⤵
  PID:7544
- C:\Windows\System\IMnRMby.exe
  C:\Windows\System\IMnRMby.exe
  2⤵
  PID:7600
- C:\Windows\System\QomNqDU.exe
  C:\Windows\System\QomNqDU.exe
  2⤵
  PID:4488
- C:\Windows\System\UkcKTxw.exe
  C:\Windows\System\UkcKTxw.exe
  2⤵
  PID:3648
- C:\Windows\System\GYHHgia.exe
  C:\Windows\System\GYHHgia.exe
  2⤵
  PID:2192
- C:\Windows\System\fNwPWUC.exe
  C:\Windows\System\fNwPWUC.exe
  2⤵
  PID:1904
- C:\Windows\System\nuGcSoa.exe
  C:\Windows\System\nuGcSoa.exe
  2⤵
  PID:3408
- C:\Windows\System\DenIOmC.exe
  C:\Windows\System\DenIOmC.exe
  2⤵
  PID:7912
- C:\Windows\System\bJpBvTe.exe
  C:\Windows\System\bJpBvTe.exe
  2⤵
  PID:2376
- C:\Windows\System\AnoCHdG.exe
  C:\Windows\System\AnoCHdG.exe
  2⤵
  PID:3696
- C:\Windows\System\bbqEsDk.exe
  C:\Windows\System\bbqEsDk.exe
  2⤵
  PID:7320
- C:\Windows\System\zvytvPR.exe
  C:\Windows\System\zvytvPR.exe
  2⤵
  PID:7640
- C:\Windows\System\VmbFvnR.exe
  C:\Windows\System\VmbFvnR.exe
  2⤵
  PID:7704
- C:\Windows\System\BTvqDrE.exe
  C:\Windows\System\BTvqDrE.exe
  2⤵
  PID:3724
- C:\Windows\System\HUibxUO.exe
  C:\Windows\System\HUibxUO.exe
  2⤵
  PID:7944
- C:\Windows\System\UmDQmzt.exe
  C:\Windows\System\UmDQmzt.exe
  2⤵
  PID:2404
- C:\Windows\System\utmbthB.exe
  C:\Windows\System\utmbthB.exe
  2⤵
  PID:7500
- C:\Windows\System\DKuvpcs.exe
  C:\Windows\System\DKuvpcs.exe
  2⤵
  PID:4680
- C:\Windows\System\AkLFdpj.exe
  C:\Windows\System\AkLFdpj.exe
  2⤵
  PID:7992
- C:\Windows\System\uzkmepp.exe
  C:\Windows\System\uzkmepp.exe
  2⤵
  PID:3444
- C:\Windows\System\kFKHLSP.exe
  C:\Windows\System\kFKHLSP.exe
  2⤵
  PID:8188
- C:\Windows\System\VfPHbpy.exe
  C:\Windows\System\VfPHbpy.exe
  2⤵
  PID:7788
- C:\Windows\System\IGlFHhg.exe
  C:\Windows\System\IGlFHhg.exe
  2⤵
  PID:4016
- C:\Windows\System\OABzubg.exe
  C:\Windows\System\OABzubg.exe
  2⤵
  PID:8220
- C:\Windows\System\lcnfvkK.exe
  C:\Windows\System\lcnfvkK.exe
  2⤵
  PID:8252
- C:\Windows\System\jRlKBGa.exe
  C:\Windows\System\jRlKBGa.exe
  2⤵
  PID:8284
- C:\Windows\System\disgElR.exe
  C:\Windows\System\disgElR.exe
  2⤵
  PID:8324
- C:\Windows\System\umCjIWA.exe
  C:\Windows\System\umCjIWA.exe
  2⤵
  PID:8364
- C:\Windows\System\HlSStwE.exe
  C:\Windows\System\HlSStwE.exe
  2⤵
  PID:8396
- C:\Windows\System\toItBYp.exe
  C:\Windows\System\toItBYp.exe
  2⤵
  PID:8428
- C:\Windows\System\smhchgx.exe
  C:\Windows\System\smhchgx.exe
  2⤵
  PID:8460
- C:\Windows\System\pQVSdCS.exe
  C:\Windows\System\pQVSdCS.exe
  2⤵
  PID:8492
- C:\Windows\System\WhNOOUb.exe
  C:\Windows\System\WhNOOUb.exe
  2⤵
  PID:8524
- C:\Windows\System\mpMRZPy.exe
  C:\Windows\System\mpMRZPy.exe
  2⤵
  PID:8556
- C:\Windows\System\fgOQwga.exe
  C:\Windows\System\fgOQwga.exe
  2⤵
  PID:8588
- C:\Windows\System\wfdUvRK.exe
  C:\Windows\System\wfdUvRK.exe
  2⤵
  PID:8620
- C:\Windows\System\LiSsTfN.exe
  C:\Windows\System\LiSsTfN.exe
  2⤵
  PID:8652
- C:\Windows\System\LoLxqPw.exe
  C:\Windows\System\LoLxqPw.exe
  2⤵
  PID:8684
- C:\Windows\System\eCltEvu.exe
  C:\Windows\System\eCltEvu.exe
  2⤵
  PID:8716
- C:\Windows\System\pnfbsiq.exe
  C:\Windows\System\pnfbsiq.exe
  2⤵
  PID:8748
- C:\Windows\System\eBFYqhz.exe
  C:\Windows\System\eBFYqhz.exe
  2⤵
  PID:8784
- C:\Windows\System\CUWHAjR.exe
  C:\Windows\System\CUWHAjR.exe
  2⤵
  PID:8816
- C:\Windows\System\tqyDDDF.exe
  C:\Windows\System\tqyDDDF.exe
  2⤵
  PID:8848
- C:\Windows\System\pwfAWAw.exe
  C:\Windows\System\pwfAWAw.exe
  2⤵
  PID:8880
- C:\Windows\System\lGkiGNV.exe
  C:\Windows\System\lGkiGNV.exe
  2⤵
  PID:8912
- C:\Windows\System\dUCNuJZ.exe
  C:\Windows\System\dUCNuJZ.exe
  2⤵
  PID:8944
- C:\Windows\System\gWfqajG.exe
  C:\Windows\System\gWfqajG.exe
  2⤵
  PID:8960
- C:\Windows\System\zOyPBbL.exe
  C:\Windows\System\zOyPBbL.exe
  2⤵
  PID:9008
- C:\Windows\System\AWmzSnZ.exe
  C:\Windows\System\AWmzSnZ.exe
  2⤵
  PID:9032
- C:\Windows\System\chPHajM.exe
  C:\Windows\System\chPHajM.exe
  2⤵
  PID:9068
- C:\Windows\System\GxdYKqK.exe
  C:\Windows\System\GxdYKqK.exe
  2⤵
  PID:9112
- C:\Windows\System\PKwHbyU.exe
  C:\Windows\System\PKwHbyU.exe
  2⤵
  PID:9144
- C:\Windows\System\nVUtSud.exe
  C:\Windows\System\nVUtSud.exe
  2⤵
  PID:9176
- C:\Windows\System\hcnLVPM.exe
  C:\Windows\System\hcnLVPM.exe
  2⤵
  PID:9208
- C:\Windows\System\EqYAgof.exe
  C:\Windows\System\EqYAgof.exe
  2⤵
  PID:8216
- C:\Windows\System\QrBMDKJ.exe
  C:\Windows\System\QrBMDKJ.exe
  2⤵
  PID:8320
- C:\Windows\System\nPyUGNn.exe
  C:\Windows\System\nPyUGNn.exe
  2⤵
  PID:8392
- C:\Windows\System\UmtZbLR.exe
  C:\Windows\System\UmtZbLR.exe
  2⤵
  PID:8456
- C:\Windows\System\YiRbxyb.exe
  C:\Windows\System\YiRbxyb.exe
  2⤵
  PID:8520
- C:\Windows\System\XNXhaoS.exe
  C:\Windows\System\XNXhaoS.exe
  2⤵
  PID:8584
- C:\Windows\System\KIVCEtc.exe
  C:\Windows\System\KIVCEtc.exe
  2⤵
  PID:8648
- C:\Windows\System\AgljjEc.exe
  C:\Windows\System\AgljjEc.exe
  2⤵
  PID:8712
- C:\Windows\System\PDbEBVU.exe
  C:\Windows\System\PDbEBVU.exe
  2⤵
  PID:8780
- C:\Windows\System\BVIeqXN.exe
  C:\Windows\System\BVIeqXN.exe
  2⤵
  PID:8840
- C:\Windows\System\CJXhRKk.exe
  C:\Windows\System\CJXhRKk.exe
  2⤵
  PID:8860
- C:\Windows\System\heeAKHF.exe
  C:\Windows\System\heeAKHF.exe
  2⤵
  PID:8972
- C:\Windows\System\cyQEWLZ.exe
  C:\Windows\System\cyQEWLZ.exe
  2⤵
  PID:9040
- C:\Windows\System\NcQUGUb.exe
  C:\Windows\System\NcQUGUb.exe
  2⤵
  PID:9092
- C:\Windows\System\GjLuvxp.exe
  C:\Windows\System\GjLuvxp.exe
  2⤵
  PID:9192
- C:\Windows\System\DOfDAvp.exe
  C:\Windows\System\DOfDAvp.exe
  2⤵
  PID:8200
- C:\Windows\System\xEYjQPB.exe
  C:\Windows\System\xEYjQPB.exe
  2⤵
  PID:8380
- C:\Windows\System\ExlnoZv.exe
  C:\Windows\System\ExlnoZv.exe
  2⤵
  PID:8452
- C:\Windows\System\ZhlhbqF.exe
  C:\Windows\System\ZhlhbqF.exe
  2⤵
  PID:8568
- C:\Windows\System\oySuxnA.exe
  C:\Windows\System\oySuxnA.exe
  2⤵
  PID:8728
- C:\Windows\System\urZHgld.exe
  C:\Windows\System\urZHgld.exe
  2⤵
  PID:8936
- C:\Windows\System\VFyGoZb.exe
  C:\Windows\System\VFyGoZb.exe
  2⤵
  PID:9016
- C:\Windows\System\qVEVNMw.exe
  C:\Windows\System\qVEVNMw.exe
  2⤵
  PID:9132
- C:\Windows\System\RZgzuCE.exe
  C:\Windows\System\RZgzuCE.exe
  2⤵
  PID:8296
- C:\Windows\System\djNzSkm.exe
  C:\Windows\System\djNzSkm.exe
  2⤵
  PID:8612
- C:\Windows\System\VNvweeA.exe
  C:\Windows\System\VNvweeA.exe
  2⤵
  PID:8872
- C:\Windows\System\AZtAXEN.exe
  C:\Windows\System\AZtAXEN.exe
  2⤵
  PID:9136
- C:\Windows\System\oeEkOTf.exe
  C:\Windows\System\oeEkOTf.exe
  2⤵
  PID:8504
- C:\Windows\System\URQyGwJ.exe
  C:\Windows\System\URQyGwJ.exe
  2⤵
  PID:9084
- C:\Windows\System\aCWLNcH.exe
  C:\Windows\System\aCWLNcH.exe
  2⤵
  PID:9104
- C:\Windows\System\qfrArde.exe
  C:\Windows\System\qfrArde.exe
  2⤵
  PID:9168
- C:\Windows\System\kLWVzHv.exe
  C:\Windows\System\kLWVzHv.exe
  2⤵
  PID:9264
- C:\Windows\System\yeJWtna.exe
  C:\Windows\System\yeJWtna.exe
  2⤵
  PID:9280
- C:\Windows\System\RauEilc.exe
  C:\Windows\System\RauEilc.exe
  2⤵
  PID:9312
- C:\Windows\System\NGKEAqB.exe
  C:\Windows\System\NGKEAqB.exe
  2⤵
  PID:9356
- C:\Windows\System\QSLfxRC.exe
  C:\Windows\System\QSLfxRC.exe
  2⤵
  PID:9388
- C:\Windows\System\UyMOekx.exe
  C:\Windows\System\UyMOekx.exe
  2⤵
  PID:9420
- C:\Windows\System\ntZIeAX.exe
  C:\Windows\System\ntZIeAX.exe
  2⤵
  PID:9452
- C:\Windows\System\RcsHGfu.exe
  C:\Windows\System\RcsHGfu.exe
  2⤵
  PID:9484
- C:\Windows\System\vwHcEiy.exe
  C:\Windows\System\vwHcEiy.exe
  2⤵
  PID:9516
- C:\Windows\System\ssDLOop.exe
  C:\Windows\System\ssDLOop.exe
  2⤵
  PID:9548
- C:\Windows\System\aWRJLpn.exe
  C:\Windows\System\aWRJLpn.exe
  2⤵
  PID:9580
- C:\Windows\System\RdJLvYj.exe
  C:\Windows\System\RdJLvYj.exe
  2⤵
  PID:9612
- C:\Windows\System\WuRaXHl.exe
  C:\Windows\System\WuRaXHl.exe
  2⤵
  PID:9644
- C:\Windows\System\oShRYhk.exe
  C:\Windows\System\oShRYhk.exe
  2⤵
  PID:9676
- C:\Windows\System\LDjuMKb.exe
  C:\Windows\System\LDjuMKb.exe
  2⤵
  PID:9716
- C:\Windows\System\UNDrdwu.exe
  C:\Windows\System\UNDrdwu.exe
  2⤵
  PID:9748
- C:\Windows\System\rBDjBrJ.exe
  C:\Windows\System\rBDjBrJ.exe
  2⤵
  PID:9780
- C:\Windows\System\bjTCXaO.exe
  C:\Windows\System\bjTCXaO.exe
  2⤵
  PID:9808
- C:\Windows\System\CiWUHPd.exe
  C:\Windows\System\CiWUHPd.exe
  2⤵
  PID:9848
- C:\Windows\System\mjFJtDJ.exe
  C:\Windows\System\mjFJtDJ.exe
  2⤵
  PID:9880
- C:\Windows\System\nAKvdaa.exe
  C:\Windows\System\nAKvdaa.exe
  2⤵
  PID:9912
- C:\Windows\System\TwMSWsy.exe
  C:\Windows\System\TwMSWsy.exe
  2⤵
  PID:9932
- C:\Windows\System\KeryPuT.exe
  C:\Windows\System\KeryPuT.exe
  2⤵
  PID:9976
- C:\Windows\System\xApDYuo.exe
  C:\Windows\System\xApDYuo.exe
  2⤵
  PID:10008
- C:\Windows\System\XUOjcnt.exe
  C:\Windows\System\XUOjcnt.exe
  2⤵
  PID:10040
- C:\Windows\System\LSQRdNc.exe
  C:\Windows\System\LSQRdNc.exe
  2⤵
  PID:10072
- C:\Windows\System\KyBbcFK.exe
  C:\Windows\System\KyBbcFK.exe
  2⤵
  PID:10104
- C:\Windows\System\fRuKMvi.exe
  C:\Windows\System\fRuKMvi.exe
  2⤵
  PID:10136
- C:\Windows\System\hQddfaT.exe
  C:\Windows\System\hQddfaT.exe
  2⤵
  PID:10168
- C:\Windows\System\RGgAtHG.exe
  C:\Windows\System\RGgAtHG.exe
  2⤵
  PID:10200
- C:\Windows\System\fmfHYSR.exe
  C:\Windows\System\fmfHYSR.exe
  2⤵
  PID:10232
- C:\Windows\System\ZIrWIPe.exe
  C:\Windows\System\ZIrWIPe.exe
  2⤵
  PID:9236
- C:\Windows\System\xoLrGuG.exe
  C:\Windows\System\xoLrGuG.exe
  2⤵
  PID:9324
- C:\Windows\System\GmHnFyy.exe
  C:\Windows\System\GmHnFyy.exe
  2⤵
  PID:9376
- C:\Windows\System\HVnUvxB.exe
  C:\Windows\System\HVnUvxB.exe
  2⤵
  PID:9448
- C:\Windows\System\ZqHhFNu.exe
  C:\Windows\System\ZqHhFNu.exe
  2⤵
  PID:9560
- C:\Windows\System\Vvsdxxc.exe
  C:\Windows\System\Vvsdxxc.exe
  2⤵
  PID:9592
- C:\Windows\System\yoIVzIn.exe
  C:\Windows\System\yoIVzIn.exe
  2⤵
  PID:9656
- C:\Windows\System\rGuPkre.exe
  C:\Windows\System\rGuPkre.exe
  2⤵
  PID:9732
- C:\Windows\System\DpedNoX.exe
  C:\Windows\System\DpedNoX.exe
  2⤵
  PID:9796
- C:\Windows\System\cWbRdBo.exe
  C:\Windows\System\cWbRdBo.exe
  2⤵
  PID:9840
- C:\Windows\System\cepaUrq.exe
  C:\Windows\System\cepaUrq.exe
  2⤵
  PID:9920
- C:\Windows\System\otItLZe.exe
  C:\Windows\System\otItLZe.exe
  2⤵
  PID:9988
- C:\Windows\System\tRANHHF.exe
  C:\Windows\System\tRANHHF.exe
  2⤵
  PID:10052
- C:\Windows\System\JBzOIXq.exe
  C:\Windows\System\JBzOIXq.exe
  2⤵
  PID:10120
- C:\Windows\System\drQsbxA.exe
  C:\Windows\System\drQsbxA.exe
  2⤵
  PID:10184
- C:\Windows\System\hZWiivG.exe
  C:\Windows\System\hZWiivG.exe
  2⤵
  PID:9228
- C:\Windows\System\YcmPbwx.exe
  C:\Windows\System\YcmPbwx.exe
  2⤵
  PID:9344
- C:\Windows\System\bjQGRLD.exe
  C:\Windows\System\bjQGRLD.exe
  2⤵
  PID:9500
- C:\Windows\System\pXuJbOV.exe
  C:\Windows\System\pXuJbOV.exe
  2⤵
  PID:9624
- C:\Windows\System\ZkRnkSn.exe
  C:\Windows\System\ZkRnkSn.exe
  2⤵
  PID:9768
- C:\Windows\System\PkziNnO.exe
  C:\Windows\System\PkziNnO.exe
  2⤵
  PID:9844
- C:\Windows\System\rfPFowH.exe
  C:\Windows\System\rfPFowH.exe
  2⤵
  PID:10004
- C:\Windows\System\WLuSyyR.exe
  C:\Windows\System\WLuSyyR.exe
  2⤵
  PID:10096
- C:\Windows\System\tpGFGiu.exe
  C:\Windows\System\tpGFGiu.exe
  2⤵
  PID:9328
- C:\Windows\System\dToPjAx.exe
  C:\Windows\System\dToPjAx.exe
  2⤵
  PID:9532
- C:\Windows\System\tCTVwQY.exe
  C:\Windows\System\tCTVwQY.exe
  2⤵
  PID:9820
- C:\Windows\System\OIIdHAm.exe
  C:\Windows\System\OIIdHAm.exe
  2⤵
  PID:10084
- C:\Windows\System\azVsgHW.exe
  C:\Windows\System\azVsgHW.exe
  2⤵
  PID:9496
- C:\Windows\System\nDpuecc.exe
  C:\Windows\System\nDpuecc.exe
  2⤵
  PID:10020
- C:\Windows\System\gIubrOi.exe
  C:\Windows\System\gIubrOi.exe
  2⤵
  PID:9436
- C:\Windows\System\vuPsJlO.exe
  C:\Windows\System\vuPsJlO.exe
  2⤵
  PID:10224
- C:\Windows\System\TnuXNOz.exe
  C:\Windows\System\TnuXNOz.exe
  2⤵
  PID:10280
- C:\Windows\System\FjYFXQS.exe
  C:\Windows\System\FjYFXQS.exe
  2⤵
  PID:10312
- C:\Windows\System\PPqiZPn.exe
  C:\Windows\System\PPqiZPn.exe
  2⤵
  PID:10344
- C:\Windows\System\SsLaaNS.exe
  C:\Windows\System\SsLaaNS.exe
  2⤵
  PID:10376
- C:\Windows\System\BcBuzua.exe
  C:\Windows\System\BcBuzua.exe
  2⤵
  PID:10392
- C:\Windows\System\SQWCeGP.exe
  C:\Windows\System\SQWCeGP.exe
  2⤵
  PID:10428
- C:\Windows\System\KQQzKFM.exe
  C:\Windows\System\KQQzKFM.exe
  2⤵
  PID:10472
- C:\Windows\System\UmJcPdU.exe
  C:\Windows\System\UmJcPdU.exe
  2⤵
  PID:10504
- C:\Windows\System\OBbjUbk.exe
  C:\Windows\System\OBbjUbk.exe
  2⤵
  PID:10536
- C:\Windows\System\YkVvDKG.exe
  C:\Windows\System\YkVvDKG.exe
  2⤵
  PID:10568
- C:\Windows\System\xUMXeKC.exe
  C:\Windows\System\xUMXeKC.exe
  2⤵
  PID:10600
- C:\Windows\System\bIPUDUl.exe
  C:\Windows\System\bIPUDUl.exe
  2⤵
  PID:10632
- C:\Windows\System\HMXNzys.exe
  C:\Windows\System\HMXNzys.exe
  2⤵
  PID:10664
- C:\Windows\System\pAXNCGO.exe
  C:\Windows\System\pAXNCGO.exe
  2⤵
  PID:10696
- C:\Windows\System\BgaxhzK.exe
  C:\Windows\System\BgaxhzK.exe
  2⤵
  PID:10728
- C:\Windows\System\UHBbDLR.exe
  C:\Windows\System\UHBbDLR.exe
  2⤵
  PID:10760
- C:\Windows\System\waLzqbQ.exe
  C:\Windows\System\waLzqbQ.exe
  2⤵
  PID:10792
- C:\Windows\System\zLwjToZ.exe
  C:\Windows\System\zLwjToZ.exe
  2⤵
  PID:10824
- C:\Windows\System\YOspHwk.exe
  C:\Windows\System\YOspHwk.exe
  2⤵
  PID:10856
- C:\Windows\System\CRsBBke.exe
  C:\Windows\System\CRsBBke.exe
  2⤵
  PID:10888
- C:\Windows\System\jkibVlr.exe
  C:\Windows\System\jkibVlr.exe
  2⤵
  PID:10920
- C:\Windows\System\zoNyCvK.exe
  C:\Windows\System\zoNyCvK.exe
  2⤵
  PID:10956
- C:\Windows\System\LNglyeX.exe
  C:\Windows\System\LNglyeX.exe
  2⤵
  PID:10988
- C:\Windows\System\YicdDjl.exe
  C:\Windows\System\YicdDjl.exe
  2⤵
  PID:11020
- C:\Windows\System\ONibcLi.exe
  C:\Windows\System\ONibcLi.exe
  2⤵
  PID:11052
- C:\Windows\System\XFJqqOh.exe
  C:\Windows\System\XFJqqOh.exe
  2⤵
  PID:11084
- C:\Windows\System\FQrxRUM.exe
  C:\Windows\System\FQrxRUM.exe
  2⤵
  PID:11108
- C:\Windows\System\JEVjkTz.exe
  C:\Windows\System\JEVjkTz.exe
  2⤵
  PID:11148
- C:\Windows\System\NSxslQk.exe
  C:\Windows\System\NSxslQk.exe
  2⤵
  PID:11180
- C:\Windows\System\NMLuoIj.exe
  C:\Windows\System\NMLuoIj.exe
  2⤵
  PID:11212
- C:\Windows\System\slXKgUf.exe
  C:\Windows\System\slXKgUf.exe
  2⤵
  PID:11244
- C:\Windows\System\JmTQxNN.exe
  C:\Windows\System\JmTQxNN.exe
  2⤵
  PID:9708
- C:\Windows\System\mMtrabj.exe
  C:\Windows\System\mMtrabj.exe
  2⤵
  PID:10332
- C:\Windows\System\CkytaLB.exe
  C:\Windows\System\CkytaLB.exe
  2⤵
  PID:10384
- C:\Windows\System\UYzjRzE.exe
  C:\Windows\System\UYzjRzE.exe
  2⤵
  PID:10440
- C:\Windows\System\lLFwvYu.exe
  C:\Windows\System\lLFwvYu.exe
  2⤵
  PID:10552
- C:\Windows\System\jCaUGvp.exe
  C:\Windows\System\jCaUGvp.exe
  2⤵
  PID:10580
- C:\Windows\System\fuGATTo.exe
  C:\Windows\System\fuGATTo.exe
  2⤵
  PID:10656
- C:\Windows\System\dmywUeo.exe
  C:\Windows\System\dmywUeo.exe
  2⤵
  PID:10724
- C:\Windows\System\XtsYfLt.exe
  C:\Windows\System\XtsYfLt.exe
  2⤵
  PID:10776
- C:\Windows\System\BKUTnZH.exe
  C:\Windows\System\BKUTnZH.exe
  2⤵
  PID:9464
- C:\Windows\System\ZoninLP.exe
  C:\Windows\System\ZoninLP.exe
  2⤵
  PID:10880
- C:\Windows\System\UDHhakA.exe
  C:\Windows\System\UDHhakA.exe
  2⤵
  PID:10952
- C:\Windows\System\EjTaTtW.exe
  C:\Windows\System\EjTaTtW.exe
  2⤵
  PID:11012
- C:\Windows\System\TNcpTZS.exe
  C:\Windows\System\TNcpTZS.exe
  2⤵
  PID:11064
- C:\Windows\System\NwCNDuZ.exe
  C:\Windows\System\NwCNDuZ.exe
  2⤵
  PID:11144
- C:\Windows\System\umnaGSD.exe
  C:\Windows\System\umnaGSD.exe
  2⤵
  PID:11208
- C:\Windows\System\hBdgTwP.exe
  C:\Windows\System\hBdgTwP.exe
  2⤵
  PID:11260
- C:\Windows\System\MhkpNJi.exe
  C:\Windows\System\MhkpNJi.exe
  2⤵
  PID:10372
- C:\Windows\System\MmoXjOK.exe
  C:\Windows\System\MmoXjOK.exe
  2⤵
  PID:10456
- C:\Windows\System\sgNLnZI.exe
  C:\Windows\System\sgNLnZI.exe
  2⤵
  PID:10596
- C:\Windows\System\qVGeeEO.exe
  C:\Windows\System\qVGeeEO.exe
  2⤵
  PID:10720
- C:\Windows\System\auBvmhv.exe
  C:\Windows\System\auBvmhv.exe
  2⤵
  PID:10868
- C:\Windows\System\pvGAtOP.exe
  C:\Windows\System\pvGAtOP.exe
  2⤵
  PID:11000
- C:\Windows\System\sSPvnCX.exe
  C:\Windows\System\sSPvnCX.exe
  2⤵
  PID:11096
- C:\Windows\System\KXRzqHc.exe
  C:\Windows\System\KXRzqHc.exe
  2⤵
  PID:11196
- C:\Windows\System\QnwTHzz.exe
  C:\Windows\System\QnwTHzz.exe
  2⤵
  PID:10272
- C:\Windows\System\SyrcNby.exe
  C:\Windows\System\SyrcNby.exe
  2⤵
  PID:10516
- C:\Windows\System\lEOobrq.exe
  C:\Windows\System\lEOobrq.exe
  2⤵
  PID:11004
- C:\Windows\System\JGWiIkM.exe
  C:\Windows\System\JGWiIkM.exe
  2⤵
  PID:11236
- C:\Windows\System\nAYiTtH.exe
  C:\Windows\System\nAYiTtH.exe
  2⤵
  PID:10460
- C:\Windows\System\iuTkDei.exe
  C:\Windows\System\iuTkDei.exe
  2⤵
  PID:11192
- C:\Windows\System\yjkZEYD.exe
  C:\Windows\System\yjkZEYD.exe
  2⤵
  PID:10904
- C:\Windows\System\KSTrzgz.exe
  C:\Windows\System\KSTrzgz.exe
  2⤵
  PID:11284
- C:\Windows\System\DuSOFEc.exe
  C:\Windows\System\DuSOFEc.exe
  2⤵
  PID:11316
- C:\Windows\System\jkwzbSf.exe
  C:\Windows\System\jkwzbSf.exe
  2⤵
  PID:11348
- C:\Windows\System\jbDJFtS.exe
  C:\Windows\System\jbDJFtS.exe
  2⤵
  PID:11380
- C:\Windows\System\hcUksqC.exe
  C:\Windows\System\hcUksqC.exe
  2⤵
  PID:11412
- C:\Windows\System\hRkBjQL.exe
  C:\Windows\System\hRkBjQL.exe
  2⤵
  PID:11488
- C:\Windows\System\GJrZvvM.exe
  C:\Windows\System\GJrZvvM.exe
  2⤵
  PID:11504
- C:\Windows\System\CEntjcu.exe
  C:\Windows\System\CEntjcu.exe
  2⤵
  PID:11528
- C:\Windows\System\YZLEKrW.exe
  C:\Windows\System\YZLEKrW.exe
  2⤵
  PID:11572
- C:\Windows\System\zXwhrhB.exe
  C:\Windows\System\zXwhrhB.exe
  2⤵
  PID:11620
- C:\Windows\System\axlRsxa.exe
  C:\Windows\System\axlRsxa.exe
  2⤵
  PID:11640
- C:\Windows\System\rjmPija.exe
  C:\Windows\System\rjmPija.exe
  2⤵
  PID:11688
- C:\Windows\System\vmPIIHz.exe
  C:\Windows\System\vmPIIHz.exe
  2⤵
  PID:11704
- C:\Windows\System\IeOFyxw.exe
  C:\Windows\System\IeOFyxw.exe
  2⤵
  PID:11760
- C:\Windows\System\pYGsHic.exe
  C:\Windows\System\pYGsHic.exe
  2⤵
  PID:11776
- C:\Windows\System\dUiHfuY.exe
  C:\Windows\System\dUiHfuY.exe
  2⤵
  PID:11796
- C:\Windows\System\YgTucPB.exe
  C:\Windows\System\YgTucPB.exe
  2⤵
  PID:11844
- C:\Windows\System\HmuSEjT.exe
  C:\Windows\System\HmuSEjT.exe
  2⤵
  PID:11892
- C:\Windows\System\QaozJNN.exe
  C:\Windows\System\QaozJNN.exe
  2⤵
  PID:11928
- C:\Windows\System\YiPvqTr.exe
  C:\Windows\System\YiPvqTr.exe
  2⤵
  PID:11944
- C:\Windows\System\exkHsmc.exe
  C:\Windows\System\exkHsmc.exe
  2⤵
  PID:11996
- C:\Windows\System\guTxEUE.exe
  C:\Windows\System\guTxEUE.exe
  2⤵
  PID:12028
- C:\Windows\System\XdPQxJe.exe
  C:\Windows\System\XdPQxJe.exe
  2⤵
  PID:12096
- C:\Windows\System\NZySWAe.exe
  C:\Windows\System\NZySWAe.exe
  2⤵
  PID:12120
- C:\Windows\System\ebtaPXI.exe
  C:\Windows\System\ebtaPXI.exe
  2⤵
  PID:12160
- C:\Windows\System\wVAeaYz.exe
  C:\Windows\System\wVAeaYz.exe
  2⤵
  PID:12216
- C:\Windows\System\fPfYQRr.exe
  C:\Windows\System\fPfYQRr.exe
  2⤵
  PID:12244
- C:\Windows\System\DXVwPFG.exe
  C:\Windows\System\DXVwPFG.exe
  2⤵
  PID:12284
- C:\Windows\System\xLYwzgr.exe
  C:\Windows\System\xLYwzgr.exe
  2⤵
  PID:1072
- C:\Windows\System\sZyRgRE.exe
  C:\Windows\System\sZyRgRE.exe
  2⤵
  PID:11376
- C:\Windows\System\EGhLbjP.exe
  C:\Windows\System\EGhLbjP.exe
  2⤵
  PID:11456
- C:\Windows\System\JzERlKI.exe
  C:\Windows\System\JzERlKI.exe
  2⤵
  PID:11496
- C:\Windows\System\gigdHUP.exe
  C:\Windows\System\gigdHUP.exe
  2⤵
  PID:11544
- C:\Windows\System\WoKlgfq.exe
  C:\Windows\System\WoKlgfq.exe
  2⤵
  PID:11608
- C:\Windows\System\kfTzIAd.exe
  C:\Windows\System\kfTzIAd.exe
  2⤵
  PID:11652
- C:\Windows\System\brpkehg.exe
  C:\Windows\System\brpkehg.exe
  2⤵
  PID:2340
- C:\Windows\System\GlKrpxj.exe
  C:\Windows\System\GlKrpxj.exe
  2⤵
  PID:11808
- C:\Windows\System\wnHBDCI.exe
  C:\Windows\System\wnHBDCI.exe
  2⤵
  PID:11904
- C:\Windows\System\SVeHqjB.exe
  C:\Windows\System\SVeHqjB.exe
  2⤵
  PID:11940
- C:\Windows\System\LTbyHTZ.exe
  C:\Windows\System\LTbyHTZ.exe
  2⤵
  PID:11980
- C:\Windows\System\RGxoZUf.exe
  C:\Windows\System\RGxoZUf.exe
  2⤵
  PID:12056
- C:\Windows\System\tKUSxLF.exe
  C:\Windows\System\tKUSxLF.exe
  2⤵
  PID:12152
- C:\Windows\System\KUGGMdE.exe
  C:\Windows\System\KUGGMdE.exe
  2⤵
  PID:12200
- C:\Windows\System\AQHduEn.exe
  C:\Windows\System\AQHduEn.exe
  2⤵
  PID:11268
- C:\Windows\System\hlBdmPW.exe
  C:\Windows\System\hlBdmPW.exe
  2⤵
  PID:11364
- C:\Windows\System\iUCekWO.exe
  C:\Windows\System\iUCekWO.exe
  2⤵
  PID:4152
- C:\Windows\System\BLBOJeF.exe
  C:\Windows\System\BLBOJeF.exe
  2⤵
  PID:11732
- C:\Windows\System\iVnJgxR.exe
  C:\Windows\System\iVnJgxR.exe
  2⤵
  PID:11792
- C:\Windows\System\KyfZNdo.exe
  C:\Windows\System\KyfZNdo.exe
  2⤵
  PID:11924
- C:\Windows\System\AFFkFrY.exe
  C:\Windows\System\AFFkFrY.exe
  2⤵
  PID:3476
- C:\Windows\System\TmaGHAI.exe
  C:\Windows\System\TmaGHAI.exe
  2⤵
  PID:3896
- C:\Windows\System\wEoIopl.exe
  C:\Windows\System\wEoIopl.exe
  2⤵
  PID:11300
- C:\Windows\System\OMKRYGs.exe
  C:\Windows\System\OMKRYGs.exe
  2⤵
  PID:11500
- C:\Windows\System\HYnoqFa.exe
  C:\Windows\System\HYnoqFa.exe
  2⤵
  PID:11888
- C:\Windows\System\gaOqrWu.exe
  C:\Windows\System\gaOqrWu.exe
  2⤵
  PID:11960
- C:\Windows\System\zyinJeN.exe
  C:\Windows\System\zyinJeN.exe
  2⤵
  PID:12192
- C:\Windows\System\RSwDtLC.exe
  C:\Windows\System\RSwDtLC.exe
  2⤵
  PID:1520
- C:\Windows\System\VqSQdUc.exe
  C:\Windows\System\VqSQdUc.exe
  2⤵
  PID:3596
- C:\Windows\System\mHVDjnh.exe
  C:\Windows\System\mHVDjnh.exe
  2⤵
  PID:11876
- C:\Windows\System\JhTfhvw.exe
  C:\Windows\System\JhTfhvw.exe
  2⤵
  PID:12296
- C:\Windows\System\eSnudDS.exe
  C:\Windows\System\eSnudDS.exe
  2⤵
  PID:12328
- C:\Windows\System\RNIfpln.exe
  C:\Windows\System\RNIfpln.exe
  2⤵
  PID:12348
- C:\Windows\System\oIRLDKU.exe
  C:\Windows\System\oIRLDKU.exe
  2⤵
  PID:12380
- C:\Windows\System\WcMKlql.exe
  C:\Windows\System\WcMKlql.exe
  2⤵
  PID:12400
- C:\Windows\System\qGUOSwG.exe
  C:\Windows\System\qGUOSwG.exe
  2⤵
  PID:12444
- C:\Windows\System\AGBnMiV.exe
  C:\Windows\System\AGBnMiV.exe
  2⤵
  PID:12476
- C:\Windows\System\vAfBjUO.exe
  C:\Windows\System\vAfBjUO.exe
  2⤵
  PID:12516
- C:\Windows\System\WGFMrkk.exe
  C:\Windows\System\WGFMrkk.exe
  2⤵
  PID:12548
- C:\Windows\System\FBBJifP.exe
  C:\Windows\System\FBBJifP.exe
  2⤵
  PID:12580
- C:\Windows\System\mGtclsk.exe
  C:\Windows\System\mGtclsk.exe
  2⤵
  PID:12608
- C:\Windows\System\fRyotJt.exe
  C:\Windows\System\fRyotJt.exe
  2⤵
  PID:12652
- C:\Windows\System\FSWSwOG.exe
  C:\Windows\System\FSWSwOG.exe
  2⤵
  PID:12684
- C:\Windows\System\PkLoDmb.exe
  C:\Windows\System\PkLoDmb.exe
  2⤵
  PID:12720
- C:\Windows\System\vHsdlWQ.exe
  C:\Windows\System\vHsdlWQ.exe
  2⤵
  PID:12752
- C:\Windows\System\yIcOOjc.exe
  C:\Windows\System\yIcOOjc.exe
  2⤵
  PID:12784
- C:\Windows\System\ySVjgqM.exe
  C:\Windows\System\ySVjgqM.exe
  2⤵
  PID:12816
- C:\Windows\System\ppBCdLG.exe
  C:\Windows\System\ppBCdLG.exe
  2⤵
  PID:12848
- C:\Windows\System\CbbaGhn.exe
  C:\Windows\System\CbbaGhn.exe
  2⤵
  PID:12884
- C:\Windows\System\lntbSTt.exe
  C:\Windows\System\lntbSTt.exe
  2⤵
  PID:12916
- C:\Windows\System\sFNPtFz.exe
  C:\Windows\System\sFNPtFz.exe
  2⤵
  PID:12948
- C:\Windows\System\hZptTVE.exe
  C:\Windows\System\hZptTVE.exe
  2⤵
  PID:12980
- C:\Windows\System\pnRAiTb.exe
  C:\Windows\System\pnRAiTb.exe
  2⤵
  PID:13012
- C:\Windows\System\cSaJDBR.exe
  C:\Windows\System\cSaJDBR.exe
  2⤵
  PID:13044
- C:\Windows\System\ImuPsrJ.exe
  C:\Windows\System\ImuPsrJ.exe
  2⤵
  PID:13076
- C:\Windows\System\RnwQDQD.exe
  C:\Windows\System\RnwQDQD.exe
  2⤵
  PID:13108
- C:\Windows\System\tctdBpo.exe
  C:\Windows\System\tctdBpo.exe
  2⤵
  PID:13140
- C:\Windows\System\sWZOekR.exe
  C:\Windows\System\sWZOekR.exe
  2⤵
  PID:13172
- C:\Windows\System\eWuODPS.exe
  C:\Windows\System\eWuODPS.exe
  2⤵
  PID:13192
- C:\Windows\System\gAazIim.exe
  C:\Windows\System\gAazIim.exe
  2⤵
  PID:13208
- C:\Windows\System\rrZIEQl.exe
  C:\Windows\System\rrZIEQl.exe
  2⤵
  PID:13224
- C:\Windows\System\emFJvYW.exe
  C:\Windows\System\emFJvYW.exe
  2⤵
  PID:13256
- C:\Windows\System\GxIgYxL.exe
  C:\Windows\System\GxIgYxL.exe
  2⤵
  PID:13272
- C:\Windows\System\rjebKNs.exe
  C:\Windows\System\rjebKNs.exe
  2⤵
  PID:13304
- C:\Windows\System\MIZkBYE.exe
  C:\Windows\System\MIZkBYE.exe
  2⤵
  PID:12340
- C:\Windows\System\jIAcMAe.exe
  C:\Windows\System\jIAcMAe.exe
  2⤵
  PID:12420
- C:\Windows\System\QXcDnYb.exe
  C:\Windows\System\QXcDnYb.exe
  2⤵
  PID:12492
- C:\Windows\System\ophSgZw.exe
  C:\Windows\System\ophSgZw.exe
  2⤵
  PID:12500
- C:\Windows\System\NZyBGHm.exe
  C:\Windows\System\NZyBGHm.exe
  2⤵
  PID:12632
- C:\Windows\System\xnEwCja.exe
  C:\Windows\System\xnEwCja.exe
  2⤵
  PID:12700
- C:\Windows\System\jyXFRpw.exe
  C:\Windows\System\jyXFRpw.exe
  2⤵
  PID:12748
- C:\Windows\System\eNaOTmF.exe
  C:\Windows\System\eNaOTmF.exe
  2⤵
  PID:12840
- C:\Windows\System\MUYOSSe.exe
  C:\Windows\System\MUYOSSe.exe
  2⤵
  PID:12912
- C:\Windows\System\BHDioFl.exe
  C:\Windows\System\BHDioFl.exe
  2⤵
  PID:12976
- C:\Windows\System\exgOSrv.exe
  C:\Windows\System\exgOSrv.exe
  2⤵
  PID:13008
- C:\Windows\System\nnPUFWg.exe
  C:\Windows\System\nnPUFWg.exe
  2⤵
  PID:13088
- C:\Windows\System\sVwcMMh.exe
  C:\Windows\System\sVwcMMh.exe
  2⤵
  PID:13152
- C:\Windows\System\dCBkezf.exe
  C:\Windows\System\dCBkezf.exe
  2⤵
  PID:13264
- C:\Windows\System\wlturCl.exe
  C:\Windows\System\wlturCl.exe
  2⤵
  PID:12320
- C:\Windows\System\QxFDlQQ.exe
  C:\Windows\System\QxFDlQQ.exe
  2⤵
  PID:12472
- C:\Windows\System\OTRDcZA.exe
  C:\Windows\System\OTRDcZA.exe
  2⤵
  PID:12408
- C:\Windows\System\pWmPdUo.exe
  C:\Windows\System\pWmPdUo.exe
  2⤵
  PID:12664
- C:\Windows\System\YxdvTYR.exe
  C:\Windows\System\YxdvTYR.exe
  2⤵
  PID:12796
- C:\Windows\System\KuyyNYh.exe
  C:\Windows\System\KuyyNYh.exe
  2⤵
  PID:12908
- C:\Windows\System\OcJJVNC.exe
  C:\Windows\System\OcJJVNC.exe
  2⤵
  PID:13216
- C:\Windows\System\bLmMoys.exe
  C:\Windows\System\bLmMoys.exe
  2⤵
  PID:13184
- C:\Windows\System\JAoFHeA.exe
  C:\Windows\System\JAoFHeA.exe
  2⤵
  PID:13268
- C:\Windows\System\EMlXTMY.exe
  C:\Windows\System\EMlXTMY.exe
  2⤵
  PID:13292
- C:\Windows\System\NiVylvf.exe
  C:\Windows\System\NiVylvf.exe
  2⤵
  PID:13252
- C:\Windows\System\DlwcbIB.exe
  C:\Windows\System\DlwcbIB.exe
  2⤵
  PID:12532
- C:\Windows\System\pMoqFzP.exe
  C:\Windows\System\pMoqFzP.exe
  2⤵
  PID:12764
- C:\Windows\System\ZJshlQM.exe
  C:\Windows\System\ZJshlQM.exe
  2⤵
  PID:13056
- C:\Windows\System\cfKPTAv.exe
  C:\Windows\System\cfKPTAv.exe
  2⤵
  PID:12964
- C:\Windows\System\zpbZyqw.exe
  C:\Windows\System\zpbZyqw.exe
  2⤵
  PID:12344
- C:\Windows\System\RhhTJeM.exe
  C:\Windows\System\RhhTJeM.exe
  2⤵
  PID:13332
- C:\Windows\System\pvnVKGS.exe
  C:\Windows\System\pvnVKGS.exe
  2⤵
  PID:13356
- C:\Windows\System\KaJqZmT.exe
  C:\Windows\System\KaJqZmT.exe
  2⤵
  PID:13408
- C:\Windows\System\PpZrxno.exe
  C:\Windows\System\PpZrxno.exe
  2⤵
  PID:13440
- C:\Windows\System\FznxCQP.exe
  C:\Windows\System\FznxCQP.exe
  2⤵
  PID:13464
- C:\Windows\System\KFntMCF.exe
  C:\Windows\System\KFntMCF.exe
  2⤵
  PID:13504
- C:\Windows\System\MEuPsog.exe
  C:\Windows\System\MEuPsog.exe
  2⤵
  PID:13524
- C:\Windows\System\AophPuZ.exe
  C:\Windows\System\AophPuZ.exe
  2⤵
  PID:13560
- C:\Windows\System\eVcIYQh.exe
  C:\Windows\System\eVcIYQh.exe
  2⤵
  PID:13592
- C:\Windows\System\EkgxUwW.exe
  C:\Windows\System\EkgxUwW.exe
  2⤵
  PID:13620
- C:\Windows\System\SavwZhL.exe
  C:\Windows\System\SavwZhL.exe
  2⤵
  PID:13640
- C:\Windows\System\kehoKyQ.exe
  C:\Windows\System\kehoKyQ.exe
  2⤵
  PID:13664
- C:\Windows\System\WBolBhe.exe
  C:\Windows\System\WBolBhe.exe
  2⤵
  PID:13680
- C:\Windows\System\jrcAuwQ.exe
  C:\Windows\System\jrcAuwQ.exe
  2⤵
  PID:13700
- C:\Windows\System\gkAcMYQ.exe
  C:\Windows\System\gkAcMYQ.exe
  2⤵
  PID:13720
- C:\Windows\System\cpmOTJv.exe
  C:\Windows\System\cpmOTJv.exe
  2⤵
  PID:13736
- C:\Windows\System\ksddRjW.exe
  C:\Windows\System\ksddRjW.exe
  2⤵
  PID:13756
- C:\Windows\System\yCnoytC.exe
  C:\Windows\System\yCnoytC.exe
  2⤵
  PID:13772
- C:\Windows\System\HgQkZPV.exe
  C:\Windows\System\HgQkZPV.exe
  2⤵
  PID:13792
- C:\Windows\System\tJeWvOx.exe
  C:\Windows\System\tJeWvOx.exe
  2⤵
  PID:13836
- C:\Windows\System\pgTaAPT.exe
  C:\Windows\System\pgTaAPT.exe
  2⤵
  PID:13852
- C:\Windows\System\exxNUEb.exe
  C:\Windows\System\exxNUEb.exe
  2⤵
  PID:13880
- C:\Windows\System\cPaYgqJ.exe
  C:\Windows\System\cPaYgqJ.exe
  2⤵
  PID:13908
- C:\Windows\System\NYoCBIP.exe
  C:\Windows\System\NYoCBIP.exe
  2⤵
  PID:13948
- C:\Windows\System\ZyTXwdm.exe
  C:\Windows\System\ZyTXwdm.exe
  2⤵
  PID:13996
- C:\Windows\System\WXmXimr.exe
  C:\Windows\System\WXmXimr.exe
  2⤵
  PID:14040
- C:\Windows\System\aKglhcj.exe
  C:\Windows\System\aKglhcj.exe
  2⤵
  PID:14076
- C:\Windows\System\FeRZCof.exe
  C:\Windows\System\FeRZCof.exe
  2⤵
  PID:14100
- C:\Windows\System\sIasFBf.exe
  C:\Windows\System\sIasFBf.exe
  2⤵
  PID:14156
- C:\Windows\System\SMZBkFD.exe
  C:\Windows\System\SMZBkFD.exe
  2⤵
  PID:14200
- C:\Windows\System\JrGdZwo.exe
  C:\Windows\System\JrGdZwo.exe
  2⤵
  PID:14228
- C:\Windows\System\iLKIpXn.exe
  C:\Windows\System\iLKIpXn.exe
  2⤵
  PID:14260
- C:\Windows\System\oEFQXWw.exe
  C:\Windows\System\oEFQXWw.exe
  2⤵
  PID:14288
- C:\Windows\System\HeosVqX.exe
  C:\Windows\System\HeosVqX.exe
  2⤵
  PID:14332
- C:\Windows\System\kPQiEcj.exe
  C:\Windows\System\kPQiEcj.exe
  2⤵
  PID:13128
- C:\Windows\System\SRQWCao.exe
  C:\Windows\System\SRQWCao.exe
  2⤵
  PID:13400
- C:\Windows\System\NkSIAZm.exe
  C:\Windows\System\NkSIAZm.exe
  2⤵
  PID:13452
- C:\Windows\System\Xxogucs.exe
  C:\Windows\System\Xxogucs.exe
  2⤵
  PID:13544
- C:\Windows\System\efOkQyI.exe
  C:\Windows\System\efOkQyI.exe
  2⤵
  PID:13660
- C:\Windows\System\UsHzcPI.exe
  C:\Windows\System\UsHzcPI.exe
  2⤵
  PID:13648
- C:\Windows\System\KlLXiOj.exe
  C:\Windows\System\KlLXiOj.exe
  2⤵
  PID:13708
- C:\Windows\System\PntqxmY.exe
  C:\Windows\System\PntqxmY.exe
  2⤵
  PID:13784
- C:\Windows\System\cxGpzkL.exe
  C:\Windows\System\cxGpzkL.exe
  2⤵
  PID:13944
- C:\Windows\System\XltGMsM.exe
  C:\Windows\System\XltGMsM.exe
  2⤵
  PID:13984
- C:\Windows\System\oFLtJrL.exe
  C:\Windows\System\oFLtJrL.exe
  2⤵
  PID:14124
- C:\Windows\System\hrOBjrz.exe
  C:\Windows\System\hrOBjrz.exe
  2⤵
  PID:14188
- C:\Windows\System\EFLUHdV.exe
  C:\Windows\System\EFLUHdV.exe
  2⤵
  PID:14248
- C:\Windows\System\eVHtDBO.exe
  C:\Windows\System\eVHtDBO.exe
  2⤵
  PID:14196
- C:\Windows\System\ZpfjOBG.exe
  C:\Windows\System\ZpfjOBG.exe
  2⤵
  PID:14240
- C:\Windows\System\eToUwgG.exe
  C:\Windows\System\eToUwgG.exe
  2⤵
  PID:13320
- C:\Windows\System\adIRpau.exe
  C:\Windows\System\adIRpau.exe
  2⤵
  PID:13604
- C:\Windows\System\JILxoYR.exe
  C:\Windows\System\JILxoYR.exe
  2⤵
  PID:13676
- C:\Windows\System\rjfwVKS.exe
  C:\Windows\System\rjfwVKS.exe
  2⤵
  PID:13988
- C:\Windows\System\vmuVbQl.exe
  C:\Windows\System\vmuVbQl.exe
  2⤵
  PID:13744
- C:\Windows\System\rwkhFmi.exe
  C:\Windows\System\rwkhFmi.exe
  2⤵
  PID:13960
- C:\Windows\System\VCecMzo.exe
  C:\Windows\System\VCecMzo.exe
  2⤵
  PID:14176
- C:\Windows\System\JAVzHlT.exe
  C:\Windows\System\JAVzHlT.exe
  2⤵
  PID:14184
- C:\Windows\System\oSLPyuQ.exe
  C:\Windows\System\oSLPyuQ.exe
  2⤵
  PID:13536
- C:\Windows\System\CDtcOjI.exe
  C:\Windows\System\CDtcOjI.exe
  2⤵
  PID:13924
- C:\Windows\System\qfiERcL.exe
  C:\Windows\System\qfiERcL.exe
  2⤵
  PID:14012
- C:\Windows\System\obxHgTn.exe
  C:\Windows\System\obxHgTn.exe
  2⤵
  PID:14272
- C:\Windows\System\pryrwqZ.exe
  C:\Windows\System\pryrwqZ.exe
  2⤵
  PID:13848
- C:\Windows\System\RaadAYW.exe
  C:\Windows\System\RaadAYW.exe
  2⤵
  PID:14328
- C:\Windows\System\mdMOVgh.exe
  C:\Windows\System\mdMOVgh.exe
  2⤵
  PID:14320
- C:\Windows\System\SFwjmCw.exe
  C:\Windows\System\SFwjmCw.exe
  2⤵
  PID:14352
- C:\Windows\System\yaGWvpv.exe
  C:\Windows\System\yaGWvpv.exe
  2⤵
  PID:14384
- C:\Windows\System\YLTdsBB.exe
  C:\Windows\System\YLTdsBB.exe
  2⤵
  PID:14408
- C:\Windows\System\CvuHZqc.exe
  C:\Windows\System\CvuHZqc.exe
  2⤵
  PID:14440
- C:\Windows\System\VHOkodX.exe
  C:\Windows\System\VHOkodX.exe
  2⤵
  PID:14456
- C:\Windows\System\dgiqHmf.exe
  C:\Windows\System\dgiqHmf.exe
  2⤵
  PID:14512
- C:\Windows\System\yHrhtpU.exe
  C:\Windows\System\yHrhtpU.exe
  2⤵
  PID:14532
- C:\Windows\System\QvisoTG.exe
  C:\Windows\System\QvisoTG.exe
  2⤵
  PID:14576
- C:\Windows\System\lLVcqTu.exe
  C:\Windows\System\lLVcqTu.exe
  2⤵
  PID:14596
- C:\Windows\System\cVbDKAy.exe
  C:\Windows\System\cVbDKAy.exe
  2⤵
  PID:14628
- C:\Windows\System\yXKEfMe.exe
  C:\Windows\System\yXKEfMe.exe
  2⤵
  PID:14676
- C:\Windows\System\ASSVdwv.exe
  C:\Windows\System\ASSVdwv.exe
  2⤵
  PID:14692
- C:\Windows\System\FmJkmHo.exe
  C:\Windows\System\FmJkmHo.exe
  2⤵
  PID:14736
- C:\Windows\System\AFlhXDD.exe
  C:\Windows\System\AFlhXDD.exe
  2⤵
  PID:14784
- C:\Windows\System\gzPpjQh.exe
  C:\Windows\System\gzPpjQh.exe
  2⤵
  PID:14804
- C:\Windows\System\UbsAdyb.exe
  C:\Windows\System\UbsAdyb.exe
  2⤵
  PID:14836
- C:\Windows\System\quTqTJa.exe
  C:\Windows\System\quTqTJa.exe
  2⤵
  PID:14868
- C:\Windows\System\JYkvUEX.exe
  C:\Windows\System\JYkvUEX.exe
  2⤵
  PID:14900
- C:\Windows\System\lwWGpSH.exe
  C:\Windows\System\lwWGpSH.exe
  2⤵
  PID:14936
- C:\Windows\System\dXcbfKM.exe
  C:\Windows\System\dXcbfKM.exe
  2⤵
  PID:14968
- C:\Windows\System\spkoChZ.exe
  C:\Windows\System\spkoChZ.exe
  2⤵
  PID:15004
- C:\Windows\System\vhFVvxI.exe
  C:\Windows\System\vhFVvxI.exe
  2⤵
  PID:15036
- C:\Windows\System\WQHPKVD.exe
  C:\Windows\System\WQHPKVD.exe
  2⤵
  PID:15080
- C:\Windows\System\loFZwLa.exe
  C:\Windows\System\loFZwLa.exe
  2⤵
  PID:15112
- C:\Windows\System\OxEvSRz.exe
  C:\Windows\System\OxEvSRz.exe
  2⤵
  PID:15148
- C:\Windows\System\CAIdZXQ.exe
  C:\Windows\System\CAIdZXQ.exe
  2⤵
  PID:15168
- C:\Windows\System\YjwpLYS.exe
  C:\Windows\System\YjwpLYS.exe
  2⤵
  PID:15200
- C:\Windows\System\aqClbrB.exe
  C:\Windows\System\aqClbrB.exe
  2⤵
  PID:15240
- C:\Windows\System\gEJZOvR.exe
  C:\Windows\System\gEJZOvR.exe
  2⤵
  PID:15260
- C:\Windows\System\UYZnpLY.exe
  C:\Windows\System\UYZnpLY.exe
  2⤵
  PID:15276
- C:\Windows\System\FQFEXsR.exe
  C:\Windows\System\FQFEXsR.exe
  2⤵
  PID:15300
- C:\Windows\System\hOrOMRw.exe
  C:\Windows\System\hOrOMRw.exe
  2⤵
  PID:15344
- C:\Windows\System\aumxEZX.exe
  C:\Windows\System\aumxEZX.exe
  2⤵
  PID:14376
- C:\Windows\System\tmFZMGu.exe
  C:\Windows\System\tmFZMGu.exe
  2⤵
  PID:14392
- C:\Windows\System\DRZitWZ.exe
  C:\Windows\System\DRZitWZ.exe
  2⤵
  PID:5764
- C:\Windows\System\JiBFjmt.exe
  C:\Windows\System\JiBFjmt.exe
  2⤵
  PID:14492
- C:\Windows\System\dAJnuKz.exe
  C:\Windows\System\dAJnuKz.exe
  2⤵
  PID:14572
- C:\Windows\System\HwYWHMg.exe
  C:\Windows\System\HwYWHMg.exe
  2⤵
  PID:14640
- C:\Windows\System\lAUqeJO.exe
  C:\Windows\System\lAUqeJO.exe
  2⤵
  PID:14684
- C:\Windows\System\VESJLWn.exe
  C:\Windows\System\VESJLWn.exe
  2⤵
  PID:14760
- C:\Windows\System\OngeCpd.exe
  C:\Windows\System\OngeCpd.exe
  2⤵
  PID:11548
- C:\Windows\System\DGvazuU.exe
  C:\Windows\System\DGvazuU.exe
  2⤵
  PID:14796
- C:\Windows\System\dNuvagP.exe
  C:\Windows\System\dNuvagP.exe
  2⤵
  PID:11748
- C:\Windows\System\mXYbpVG.exe
  C:\Windows\System\mXYbpVG.exe
  2⤵
  PID:12268
- C:\Windows\System\svOGQrX.exe
  C:\Windows\System\svOGQrX.exe
  2⤵
  PID:11536
- C:\Windows\System\zcGaToW.exe
  C:\Windows\System\zcGaToW.exe
  2⤵
  PID:14848
- C:\Windows\System\zTunKOr.exe
  C:\Windows\System\zTunKOr.exe
  2⤵
  PID:14932
- C:\Windows\System\lnsERij.exe
  C:\Windows\System\lnsERij.exe
  2⤵
  PID:15228
- C:\Windows\System\dBrJMaK.exe
  C:\Windows\System\dBrJMaK.exe
  2⤵
  PID:14344
- C:\Windows\System\KWfrIEm.exe
  C:\Windows\System\KWfrIEm.exe
  2⤵
  PID:14432
- C:\Windows\System\JwBwdQb.exe
  C:\Windows\System\JwBwdQb.exe
  2⤵
  PID:14588
- C:\Windows\System\tiCoYZO.exe
  C:\Windows\System\tiCoYZO.exe
  2⤵
  PID:14624
- C:\Windows\System\ZPIGHAg.exe
  C:\Windows\System\ZPIGHAg.exe
  2⤵
  PID:12168
- C:\Windows\System\IqXvrqI.exe
  C:\Windows\System\IqXvrqI.exe
  2⤵
  PID:11556
- C:\Windows\System\ternubX.exe
  C:\Windows\System\ternubX.exe
  2⤵
  PID:11512
- C:\Windows\System\inQSAQe.exe
  C:\Windows\System\inQSAQe.exe
  2⤵
  PID:2372
- C:\Windows\System\SDIeemp.exe
  C:\Windows\System\SDIeemp.exe
  2⤵
  PID:15188
- C:\Windows\System\yiAjGaO.exe
  C:\Windows\System\yiAjGaO.exe
  2⤵
  PID:15320
- C:\Windows\System\kYqHkUk.exe
  C:\Windows\System\kYqHkUk.exe
  2⤵
  PID:13608
- C:\Windows\System\oEmseJQ.exe
  C:\Windows\System\oEmseJQ.exe
  2⤵
  PID:13864
- C:\Windows\System\ZUGjXKT.exe
  C:\Windows\System\ZUGjXKT.exe
  2⤵
  PID:14688
- C:\Windows\System\mBENorI.exe
  C:\Windows\System\mBENorI.exe
  2⤵
  PID:14960
- C:\Windows\System\wiBJOYL.exe
  C:\Windows\System\wiBJOYL.exe
  2⤵
  PID:1572
- C:\Windows\System\EarBnCj.exe
  C:\Windows\System\EarBnCj.exe
  2⤵
  PID:15316
- C:\Windows\System\qVgJOfP.exe
  C:\Windows\System\qVgJOfP.exe
  2⤵
  PID:14480
- C:\Windows\System\FjItNHp.exe
  C:\Windows\System\FjItNHp.exe
  2⤵
  PID:14724
- C:\Windows\System\WPSpEKf.exe
  C:\Windows\System\WPSpEKf.exe
  2⤵
  PID:15340
- C:\Windows\System\yDLMznr.exe
  C:\Windows\System\yDLMznr.exe
  2⤵
  PID:15364
- C:\Windows\System\IJHgdKk.exe
  C:\Windows\System\IJHgdKk.exe
  2⤵
  PID:15384
- C:\Windows\System\xLTSBPz.exe
  C:\Windows\System\xLTSBPz.exe
  2⤵
  PID:15416
- C:\Windows\System\OgoCRSi.exe
  C:\Windows\System\OgoCRSi.exe
  2⤵
  PID:15452
- C:\Windows\System\HXXpEIM.exe
  C:\Windows\System\HXXpEIM.exe
  2⤵
  PID:15476
- C:\Windows\System\lxOhiPx.exe
  C:\Windows\System\lxOhiPx.exe
  2⤵
  PID:15496
- C:\Windows\System\TfpPkov.exe
  C:\Windows\System\TfpPkov.exe
  2⤵
  PID:15544
- C:\Windows\System\HiuBUIA.exe
  C:\Windows\System\HiuBUIA.exe
  2⤵
  PID:15580
- C:\Windows\System\VFAKeDt.exe
  C:\Windows\System\VFAKeDt.exe
  2⤵
  PID:15608
- C:\Windows\System\CkyIzAL.exe
  C:\Windows\System\CkyIzAL.exe
  2⤵
  PID:15628
- C:\Windows\System\cnsjGbO.exe
  C:\Windows\System\cnsjGbO.exe
  2⤵
  PID:15660
- C:\Windows\System\NgAeyNz.exe
  C:\Windows\System\NgAeyNz.exe
  2⤵
  PID:15692
- C:\Windows\System\Gjwlrsl.exe
  C:\Windows\System\Gjwlrsl.exe
  2⤵
  PID:15720
- C:\Windows\System\JsNJkti.exe
  C:\Windows\System\JsNJkti.exe
  2⤵
  PID:15764
- C:\Windows\System\ttwqJua.exe
  C:\Windows\System\ttwqJua.exe
  2⤵
  PID:15788
- C:\Windows\System\vUitsDf.exe
  C:\Windows\System\vUitsDf.exe
  2⤵
  PID:15808
- C:\Windows\System\JVUwUAL.exe
  C:\Windows\System\JVUwUAL.exe
  2⤵
  PID:15856
- C:\Windows\System\hLJwdXL.exe
  C:\Windows\System\hLJwdXL.exe
  2⤵
  PID:15888
- C:\Windows\System\cVXmIAB.exe
  C:\Windows\System\cVXmIAB.exe
  2⤵
  PID:15932
- C:\Windows\System\luzlUMD.exe
  C:\Windows\System\luzlUMD.exe
  2⤵
  PID:15964
- C:\Windows\System\WqmraiO.exe
  C:\Windows\System\WqmraiO.exe
  2⤵
  PID:15996
- C:\Windows\System\fMHIiyu.exe
  C:\Windows\System\fMHIiyu.exe
  2⤵
  PID:16032
- C:\Windows\System\rmEBEMK.exe
  C:\Windows\System\rmEBEMK.exe
  2⤵
  PID:16068
- C:\Windows\System\BrSmvCY.exe
  C:\Windows\System\BrSmvCY.exe
  2⤵
  PID:16096
- C:\Windows\System\fBkFmrZ.exe
  C:\Windows\System\fBkFmrZ.exe
  2⤵
  PID:16132
- C:\Windows\System\PKjQbIp.exe
  C:\Windows\System\PKjQbIp.exe
  2⤵
  PID:16160
- C:\Windows\System\qYTOZOD.exe
  C:\Windows\System\qYTOZOD.exe
  2⤵
  PID:16200
- C:\Windows\System\czEmZvK.exe
  C:\Windows\System\czEmZvK.exe
  2⤵
  PID:16228
- C:\Windows\System\dqyfbfD.exe
  C:\Windows\System\dqyfbfD.exe
  2⤵
  PID:16268
- C:\Windows\System\VLxerdB.exe
  C:\Windows\System\VLxerdB.exe
  2⤵
  PID:16292
- C:\Windows\System\BPVcQaX.exe
  C:\Windows\System\BPVcQaX.exe
  2⤵
  PID:16324
- C:\Windows\System\XnXOQpf.exe
  C:\Windows\System\XnXOQpf.exe
  2⤵
  PID:16356
- C:\Windows\System\wrowmvB.exe
  C:\Windows\System\wrowmvB.exe
  2⤵
  PID:14800
- C:\Windows\System\esiFLTI.exe
  C:\Windows\System\esiFLTI.exe
  2⤵
  PID:15400
- C:\Windows\System\jGliOSO.exe
  C:\Windows\System\jGliOSO.exe
  2⤵
  PID:15460
- C:\Windows\System\qOuOAge.exe
  C:\Windows\System\qOuOAge.exe
  2⤵
  PID:15532
- C:\Windows\System\UwcaRNM.exe
  C:\Windows\System\UwcaRNM.exe
  2⤵
  PID:3736
- C:\Windows\System\qBupTGy.exe
  C:\Windows\System\qBupTGy.exe
  2⤵
  PID:15676
- C:\Windows\System\xvJUhWW.exe
  C:\Windows\System\xvJUhWW.exe
  2⤵
  PID:4908
- C:\Windows\System\xkzHkpD.exe
  C:\Windows\System\xkzHkpD.exe
  2⤵
  PID:15716
- C:\Windows\System\hwFNWbb.exe
  C:\Windows\System\hwFNWbb.exe
  2⤵
  PID:15800
- C:\Windows\System\mmgigWZ.exe
  C:\Windows\System\mmgigWZ.exe
  2⤵
  PID:15836
- C:\Windows\System\lTMAxcB.exe
  C:\Windows\System\lTMAxcB.exe
  2⤵
  PID:4432
- C:\Windows\System\fSnpVKJ.exe
  C:\Windows\System\fSnpVKJ.exe
  2⤵
  PID:15944
- C:\Windows\System\etgrPrB.exe
  C:\Windows\System\etgrPrB.exe
  2⤵
  PID:16048
- C:\Windows\System\SMcEXJB.exe
  C:\Windows\System\SMcEXJB.exe
  2⤵
  PID:16116
- C:\Windows\System\PXMErQT.exe
  C:\Windows\System\PXMErQT.exe
  2⤵
  PID:16176
- C:\Windows\System\xZHfrgz.exe
  C:\Windows\System\xZHfrgz.exe
  2⤵
  PID:16220
- C:\Windows\System\pMuLXQK.exe
  C:\Windows\System\pMuLXQK.exe
  2⤵
  PID:16284
- C:\Windows\System\xAgAqiP.exe
  C:\Windows\System\xAgAqiP.exe
  2⤵
  PID:16312
- C:\Windows\System\lpBHCdr.exe
  C:\Windows\System\lpBHCdr.exe
  2⤵
  PID:1460
- C:\Windows\System\qJMomnV.exe
  C:\Windows\System\qJMomnV.exe
  2⤵
  PID:208
- C:\Windows\System\dRGYlxU.exe
  C:\Windows\System\dRGYlxU.exe
  2⤵
  PID:15428
- C:\Windows\System\rVzWXMO.exe
  C:\Windows\System\rVzWXMO.exe
  2⤵
  PID:15560
- C:\Windows\System\XshkZTV.exe
  C:\Windows\System\XshkZTV.exe
  2⤵
  PID:3036
- C:\Windows\System\BZkjhDE.exe
  C:\Windows\System\BZkjhDE.exe
  2⤵
  PID:15712
- C:\Windows\System\gGiNxcY.exe
  C:\Windows\System\gGiNxcY.exe
  2⤵
  PID:15820
- C:\Windows\System\JrVWeFd.exe
  C:\Windows\System\JrVWeFd.exe
  2⤵
  PID:15960
- C:\Windows\System\iewkbYb.exe
  C:\Windows\System\iewkbYb.exe
  2⤵
  PID:16012
- C:\Windows\System\dgLFMfd.exe
  C:\Windows\System\dgLFMfd.exe
  2⤵
  PID:4812
- C:\Windows\System\EiavGku.exe
  C:\Windows\System\EiavGku.exe
  2⤵
  PID:16196
- C:\Windows\System\nRlaxeZ.exe
  C:\Windows\System\nRlaxeZ.exe
  2⤵
  PID:16308
- C:\Windows\System\CuGomdk.exe
  C:\Windows\System\CuGomdk.exe
  2⤵
  PID:16352
- C:\Windows\System\EDXJasE.exe
  C:\Windows\System\EDXJasE.exe
  2⤵
  PID:15376
- C:\Windows\System\ZMSNHhg.exe
  C:\Windows\System\ZMSNHhg.exe
  2⤵
  PID:15468
- C:\Windows\System\gBEXzWT.exe
  C:\Windows\System\gBEXzWT.exe
  2⤵
  PID:15760
- C:\Windows\System\VpwYFOb.exe
  C:\Windows\System\VpwYFOb.exe
  2⤵
  PID:15744
- C:\Windows\System\lnHGxic.exe
  C:\Windows\System\lnHGxic.exe
  2⤵
  PID:2332
- C:\Windows\System\DxmJVQP.exe
  C:\Windows\System\DxmJVQP.exe
  2⤵
  PID:4276
- C:\Windows\System\lLRzNIM.exe
  C:\Windows\System\lLRzNIM.exe
  2⤵
  PID:2536
- C:\Windows\System\MnWbmEZ.exe
  C:\Windows\System\MnWbmEZ.exe
  2⤵
  PID:4864
- C:\Windows\System\UaXbKHl.exe
  C:\Windows\System\UaXbKHl.exe
  2⤵
  PID:15472
- C:\Windows\System\yAbENgG.exe
  C:\Windows\System\yAbENgG.exe
  2⤵
  PID:15876
- C:\Windows\System\JgZoVVL.exe
  C:\Windows\System\JgZoVVL.exe
  2⤵
  PID:2716
- C:\Windows\System\coYtcqn.exe
  C:\Windows\System\coYtcqn.exe
  2⤵
  PID:16088
- C:\Windows\System\FilgZdW.exe
  C:\Windows\System\FilgZdW.exe
  2⤵
  PID:4500
- C:\Windows\System\iZIhJsX.exe
  C:\Windows\System\iZIhJsX.exe
  2⤵
  PID:4216
- C:\Windows\System\wZwXCOt.exe
  C:\Windows\System\wZwXCOt.exe
  2⤵
  PID:15872
- C:\Windows\System\cijjDsl.exe
  C:\Windows\System\cijjDsl.exe
  2⤵
  PID:3664
- C:\Windows\System\NwKFBeP.exe
  C:\Windows\System\NwKFBeP.exe
  2⤵
  PID:2648
- C:\Windows\System\ZfIVcUx.exe
  C:\Windows\System\ZfIVcUx.exe
  2⤵
  PID:15492
- C:\Windows\System\ojQfQYy.exe
  C:\Windows\System\ojQfQYy.exe
  2⤵
  PID:4100
- C:\Windows\System\FgqEgox.exe
  C:\Windows\System\FgqEgox.exe
  2⤵
  PID:4896
- C:\Windows\System\DuKVTar.exe
  C:\Windows\System\DuKVTar.exe
  2⤵
  PID:1232
- C:\Windows\System\GtNUVtP.exe
  C:\Windows\System\GtNUVtP.exe
  2⤵
  PID:2552
- C:\Windows\System\sXnqstJ.exe
  C:\Windows\System\sXnqstJ.exe
  2⤵
  PID:2944
- C:\Windows\System\aWEgQIh.exe
  C:\Windows\System\aWEgQIh.exe
  2⤵
  PID:16388
- C:\Windows\System\PEwEFGA.exe
  C:\Windows\System\PEwEFGA.exe
  2⤵
  PID:16420
- C:\Windows\System\oJHWMIl.exe
  C:\Windows\System\oJHWMIl.exe
  2⤵
  PID:16452
- C:\Windows\System\MaMCZpF.exe
  C:\Windows\System\MaMCZpF.exe
  2⤵
  PID:16484
- C:\Windows\System\RMpRLeB.exe
  C:\Windows\System\RMpRLeB.exe
  2⤵
  PID:16516
- C:\Windows\System\cYBSUSI.exe
  C:\Windows\System\cYBSUSI.exe
  2⤵
  PID:16548
- C:\Windows\System\IEQSiZm.exe
  C:\Windows\System\IEQSiZm.exe
  2⤵
  PID:16584
- C:\Windows\System\whxpUDf.exe
  C:\Windows\System\whxpUDf.exe
  2⤵
  PID:16616
- C:\Windows\System\geQBweF.exe
  C:\Windows\System\geQBweF.exe
  2⤵
  PID:16648
- C:\Windows\System\PBWeeKv.exe
  C:\Windows\System\PBWeeKv.exe
  2⤵
  PID:16680
- C:\Windows\System\wLfkrOk.exe
  C:\Windows\System\wLfkrOk.exe
  2⤵
  PID:16696
- C:\Windows\System\mHGOdTr.exe
  C:\Windows\System\mHGOdTr.exe
  2⤵
  PID:16732
- C:\Windows\System\TAcOHKM.exe
  C:\Windows\System\TAcOHKM.exe
  2⤵
  PID:16760
- C:\Windows\System\qFHtXCf.exe
  C:\Windows\System\qFHtXCf.exe
  2⤵
  PID:16792
- C:\Windows\System\SfNpUDd.exe
  C:\Windows\System\SfNpUDd.exe
  2⤵
  PID:16808
- C:\Windows\System\qqxtbNP.exe
  C:\Windows\System\qqxtbNP.exe
  2⤵
  PID:16840
- C:\Windows\System\dGFVvhQ.exe
  C:\Windows\System\dGFVvhQ.exe
  2⤵
  PID:16892
- C:\Windows\System\irwjjoB.exe
  C:\Windows\System\irwjjoB.exe
  2⤵
  PID:16920
- C:\Windows\System\tRiPYbw.exe
  C:\Windows\System\tRiPYbw.exe
  2⤵
  PID:16936
- C:\Windows\System\CXdpflD.exe
  C:\Windows\System\CXdpflD.exe
  2⤵
  PID:16968
- C:\Windows\System\cOifmNq.exe
  C:\Windows\System\cOifmNq.exe
  2⤵
  PID:17008
- C:\Windows\System\ijTRMGR.exe
  C:\Windows\System\ijTRMGR.exe
  2⤵
  PID:17036
- C:\Windows\System\NOXDZLg.exe
  C:\Windows\System\NOXDZLg.exe
  2⤵
  PID:17072
- C:\Windows\System\nzebhpk.exe
  C:\Windows\System\nzebhpk.exe
  2⤵
  PID:17116
- C:\Windows\System\bixdXwd.exe
  C:\Windows\System\bixdXwd.exe
  2⤵
  PID:17144
- C:\Windows\System\dvvvHxK.exe
  C:\Windows\System\dvvvHxK.exe
  2⤵
  PID:17164
- C:\Windows\System\mpKbbYa.exe
  C:\Windows\System\mpKbbYa.exe
  2⤵
  PID:17192
- C:\Windows\System\YzHEJLf.exe
  C:\Windows\System\YzHEJLf.exe
  2⤵
  PID:17232
- C:\Windows\System\OodfemM.exe
  C:\Windows\System\OodfemM.exe
  2⤵
  PID:17264
- C:\Windows\System\hCdwyUY.exe
  C:\Windows\System\hCdwyUY.exe
  2⤵
  PID:17304
- C:\Windows\System\SdLzeho.exe
  C:\Windows\System\SdLzeho.exe
  2⤵
  PID:17328
- C:\Windows\System\scTKDEi.exe
  C:\Windows\System\scTKDEi.exe
  2⤵
  PID:17344
- C:\Windows\System\FnwpgjM.exe
  C:\Windows\System\FnwpgjM.exe
  2⤵
  PID:17384
- C:\Windows\System\PVzHUbe.exe
  C:\Windows\System\PVzHUbe.exe
  2⤵
  PID:16404
- C:\Windows\System\rOYmpUQ.exe
  C:\Windows\System\rOYmpUQ.exe
  2⤵
  PID:16464
- C:\Windows\System\LPgvOYw.exe
  C:\Windows\System\LPgvOYw.exe
  2⤵
  PID:16532
- C:\Windows\System\KAJcYQZ.exe
  C:\Windows\System\KAJcYQZ.exe
  2⤵
  PID:16572
- C:\Windows\System\YTpCXWA.exe
  C:\Windows\System\YTpCXWA.exe
  2⤵
  PID:5052
- C:\Windows\System\WDYLBOS.exe
  C:\Windows\System\WDYLBOS.exe
  2⤵
  PID:3288
- C:\Windows\System\YIQNhLT.exe
  C:\Windows\System\YIQNhLT.exe
  2⤵
  PID:320
- C:\Windows\System\qeGpouE.exe
  C:\Windows\System\qeGpouE.exe
  2⤵
  PID:16824
- C:\Windows\System\iiIqPoo.exe
  C:\Windows\System\iiIqPoo.exe
  2⤵
  PID:16828
- C:\Windows\System\YkfPltB.exe
  C:\Windows\System\YkfPltB.exe
  2⤵
  PID:16868
- C:\Windows\System\HWABlGi.exe
  C:\Windows\System\HWABlGi.exe
  2⤵
  PID:2108
- C:\Windows\System\yrHSreX.exe
  C:\Windows\System\yrHSreX.exe
  2⤵
  PID:17016
- C:\Windows\System\VjhgemP.exe
  C:\Windows\System\VjhgemP.exe
  2⤵
  PID:17004
- C:\Windows\System\RQlzatH.exe
  C:\Windows\System\RQlzatH.exe
  2⤵
  PID:4332
- C:\Windows\System\FscNCLO.exe
  C:\Windows\System\FscNCLO.exe
  2⤵
  PID:17052
- C:\Windows\System\rMSxZnk.exe
  C:\Windows\System\rMSxZnk.exe
  2⤵
  PID:2104
- C:\Windows\System\tdiVHal.exe
  C:\Windows\System\tdiVHal.exe
  2⤵
  PID:17184
- C:\Windows\System\YbXWOHi.exe
  C:\Windows\System\YbXWOHi.exe
  2⤵
  PID:17280
- C:\Windows\System\ySfCnSB.exe
  C:\Windows\System\ySfCnSB.exe
  2⤵
  PID:4256
- C:\Windows\System\RBKsDCk.exe
  C:\Windows\System\RBKsDCk.exe
  2⤵
  PID:17324
- C:\Windows\System\ruhmpZm.exe
  C:\Windows\System\ruhmpZm.exe
  2⤵
  PID:17364
- C:\Windows\System\MELHThi.exe
  C:\Windows\System\MELHThi.exe
  2⤵
  PID:16472
- C:\Windows\System\XidzDKz.exe
  C:\Windows\System\XidzDKz.exe
  2⤵
  PID:540
- C:\Windows\System\JWWeMFW.exe
  C:\Windows\System\JWWeMFW.exe
  2⤵
  PID:5000
- C:\Windows\System\HPwlkqa.exe
  C:\Windows\System\HPwlkqa.exe
  2⤵
  PID:4108
- C:\Windows\System\asVsNtZ.exe
  C:\Windows\System\asVsNtZ.exe
  2⤵
  PID:16644
- C:\Windows\System\JjcUELE.exe
  C:\Windows\System\JjcUELE.exe
  2⤵
  PID:4624
- C:\Windows\System\aWihmts.exe
  C:\Windows\System\aWihmts.exe
  2⤵
  PID:16960
- C:\Windows\System\Ncqwdiz.exe
  C:\Windows\System\Ncqwdiz.exe
  2⤵
  PID:16980
- C:\Windows\System\zBOLnCE.exe
  C:\Windows\System\zBOLnCE.exe
  2⤵
  PID:17080
- C:\Windows\System\ITaKTVn.exe
  C:\Windows\System\ITaKTVn.exe
  2⤵
  PID:17156
- C:\Windows\System\bjUgTfr.exe
  C:\Windows\System\bjUgTfr.exe
  2⤵
  PID:3428
- C:\Windows\System\guneiPc.exe
  C:\Windows\System\guneiPc.exe
  2⤵
  PID:5292
- C:\Windows\System\dHFnzdg.exe
  C:\Windows\System\dHFnzdg.exe
  2⤵
  PID:5352
- C:\Windows\System\CzuudBC.exe
  C:\Windows\System\CzuudBC.exe
  2⤵
  PID:3588
- C:\Windows\System\bmNMiMQ.exe
  C:\Windows\System\bmNMiMQ.exe
  2⤵
  PID:16468
- C:\Windows\System\rCnjBhb.exe
  C:\Windows\System\rCnjBhb.exe
  2⤵
  PID:1088
- C:\Windows\System\wiJmYJM.exe
  C:\Windows\System\wiJmYJM.exe
  2⤵
  PID:5448
- C:\Windows\System\VJxCzMv.exe
  C:\Windows\System\VJxCzMv.exe
  2⤵
  PID:3852
- C:\Windows\System\KULvbxn.exe
  C:\Windows\System\KULvbxn.exe
  2⤵
  PID:4516
- C:\Windows\System\MdapBza.exe
  C:\Windows\System\MdapBza.exe
  2⤵
  PID:1888
- C:\Windows\System\PvhBAjw.exe
  C:\Windows\System\PvhBAjw.exe
  2⤵
  PID:5580
- C:\Windows\System\MSavfdk.exe
  C:\Windows\System\MSavfdk.exe
  2⤵
  PID:17356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CKnomoF.exe

Filesize
5.7MB

MD5
bc0c13471afd99e05fa8d7da8ba290a2

SHA1
0d84d200342743dacf0ed987197635a44704b617

SHA256
e24d83a279513efb700a363ddd38c278a444a9fd83d0497e970d2de1678d3f27

SHA512
a86087cc2992fc8b828bca7e6916079c85dd6277187a71f07c3eb0f6908e228f1a08ac5aaf5425fa8f16434b826364a23fe9428f01e1279b142c5d64fcaf3b9b

Download Submit
C:\Windows\System\DSYNNre.exe

Filesize
5.7MB

MD5
0e618f0515124fabecce65cfb15e0b19

SHA1
a719aa0f6ce872c6ad3afd2e38c137f7a48aa69b

SHA256
92235a597b580c85bc40703f03405d4d4208e64ce5064ea3f46e4140675a9b50

SHA512
868a9e30a76549be68ec64bbdfe6fcfbeb9d46000878803c8efdc71a2e47f46768bcd0253edc57b843a6017d260d39de54b822176a373fefba9b051e36bc2dd4

Download Submit
C:\Windows\System\FQDfOzW.exe

Filesize
5.7MB

MD5
f3294cbfb25c633c0f70a0b1adcf9dcc

SHA1
4693866859b76404466821f20dbf484570a8eddc

SHA256
b2fbe4ec3323f49b0e4b6e23ba2d25012220b2f8c77c34a191403b867066ca6a

SHA512
88ee9a56b2c803fd141c82686e83b0c4b7329e98d1a38332ca12789184093dfe2c294d208e338783135c5a8d6804d01a0c85a004831a3fc0ef427681b50bfd2b

Download Submit
C:\Windows\System\GHNzVtH.exe

Filesize
5.7MB

MD5
fb13fbb8c0ece10421addcb36d1d0e9e

SHA1
75e084a3eb98ddd27cc6cb72ac4f3378fa22798c

SHA256
125d544d1f33db94ff0312cbe5592851a6642c68af36af0b31ca11b850d06e5d

SHA512
42a8a140586bf9f3477a1e73ffb2642ccff2f19887f91279e8cdad724661bda215111a1bf860ed8062192c5edf918d01f4cdd4a93335f4974f8d42cdbbf32044

Download Submit
C:\Windows\System\GWYXKWB.exe

Filesize
5.7MB

MD5
3f5fd9f3c6091d5f750205ed1f43728f

SHA1
6c1084a82fefae6c66a9a083bf424af9440a0cbe

SHA256
a4f71c598deb88c207a6906b834c74ff8e371706539e0b6cd2f38a45dd16ca18

SHA512
a825c104858f015eb3cb2a0336cdb37054605fea1737eb9d5ba13aea8b8bea3832200f876531f1646beb4a4e07eb0c6f96ecdb14958837d90775c381ffb98897

Download Submit
C:\Windows\System\IpeSSzN.exe

Filesize
5.7MB

MD5
62ad48f2027d50978096870f8928d001

SHA1
9e0527f82d108077bd257426d2eef27a09b94729

SHA256
1f5300cbf24121fdc023bf5078383df821b7b1d5de6b348f979916bef2455798

SHA512
cfdba803886fe07a0d6c37b68a350be51fb91f04117c9245fe1b93f061032023cd0788fe707f7edf3cc960a326ebc423b8756cf4b77375c6c869172750fa626d

Download Submit
C:\Windows\System\IshBCxR.exe

Filesize
5.7MB

MD5
ba591539bb367dd0a89bb68481f39bc8

SHA1
689fa1e0c994fd8355e731c9678b503ac80e891e

SHA256
01a20e815661cbde5716a9bcba1d4f5ebb46f1209bb9aa16170573a785661f96

SHA512
0a4039cf96384b9047f54360107e34f9cc29e73e07ef37b1f2f17ce5855818baa67aa67ee2fc8423ce086b9e82ce2ecdc43a35eaaaabeaa749b493eab85d6202

Download Submit
C:\Windows\System\LKPwEUN.exe

Filesize
5.7MB

MD5
f219694f891812bbc2d702f8f49483db

SHA1
4e51c4941e5c1a88ab73d35ad6517db321494eb9

SHA256
4236253db208e45d5ca85e0f9725146c19918c68801f32ac713ded96e84389e6

SHA512
2911453399e122b4210bc22b1127afc4227c2903f3ad5ff2da045a5a7004b737a5a69c32ac9f4cf28ef886b3137bd05408bfb7007cec1d96243245793f812247

Download Submit
C:\Windows\System\LhBaWuU.exe

Filesize
5.7MB

MD5
b1337de28e506a2c94a695e8de56a4f5

SHA1
3c6f80b6040f17c0f9c8cd1b82578c69e5fbe5ad

SHA256
546b0c74924ad8760d879cd86692ff91dab1478af4e4dbe6e11e16f41183bca7

SHA512
a62215d8db02665b184165c72b06e59e8f380b2fc6a8c92c91a54f9f911672d15380a93fc564e95076b45bb2eb9a701e94eef16d6382b594d44468eff346ff7d

Download Submit
C:\Windows\System\NrPgRil.exe

Filesize
5.7MB

MD5
5f16b828b2e75a19cefff1403d1e5f48

SHA1
d3b7279c0094e13dbe8032f10c6b76e45036fa7e

SHA256
c199eaef318cb34dc205a9cfd318dc63bd9fdefffa599e21fbe4b27c84bdb818

SHA512
2c96abafc42b2fe4060e799490ab88d050742a4fee4854188e6e7c47422c1ef1078d5a411f91c761a80e72838f01a486e600bca392fea118787dab57e5d68537

Download Submit
C:\Windows\System\OvrtpCw.exe

Filesize
5.7MB

MD5
964b882974c38b2297ce8bee6e8aff4c

SHA1
82881b370232217b345729859eef606f1856e3ca

SHA256
8a7a7cbc9816f9f1ee04d0b1509369fa488a9f6bae9ca724d788778816ac5e9d

SHA512
7bd10edbfb20b5148052dada47fb25493c064ea76d1de8ded72ffab1bbc183fa722e7ebf514e0d9f3238f3155a02df06e62f1f6bfea517b5d38ea2075b57d2b7

Download Submit
C:\Windows\System\SmUNVmB.exe

Filesize
5.7MB

MD5
0450ac82fed7c74e6b1c505c261c4007

SHA1
43fcafb7ee666a71fd3eee7b52b74d510f27ce1f

SHA256
d541672d9f85f5a8d8ed461f2d218d7dd8430c3f8054676020a830edfee30a22

SHA512
b408bc11dbae40541bbc1f08bcc8dc1d2e58c4c6483d8cff68577372f59271255fff393dfc44659fed14e692d36e8e132aaec3e303de79e6f117ef4bb447ac4f

Download Submit
C:\Windows\System\TbEiMhF.exe

Filesize
5.7MB

MD5
1a612c7262cca6461c43aeb89b805fcd

SHA1
e8c0a75a34f4837bf47c42776325f61432971cba

SHA256
7e0267a0e872e4e38a8a13da9078f39d49302ead0447373e304d863dc96541ba

SHA512
c8fc4647ecb6cc5aea2a69c2d1324e16db661afb7a2a3f121e32588236e3d8f4bdf1df1ff3693b9b4c1787b540ead45a09c91fcad6ab3d7ad93ea9df873fd520

Download Submit
C:\Windows\System\WLnmNhb.exe

Filesize
5.7MB

MD5
e6e6c4211fe38f5be60739d191b070ab

SHA1
2d3db29f1bbf2350f21e867b08e10db3bfb998bc

SHA256
fd4f5f0a7a9a11bdfee073691e8441ac6f8522170ab152650232b2feb5b9c3dc

SHA512
38399e1a3f23a7a14add1f1268c3ed846ea6a44b6aed47384d2bb23ee3c865ec2c555bdc6257dd003de161cb838f10cf398224f500f20101a673a3541b7c268e

Download Submit
C:\Windows\System\YJXROZq.exe

Filesize
5.7MB

MD5
502508106dd2a44cc7ca49e854d74189

SHA1
46d48bde3aaa881e791e0e19bec95120ebd60250

SHA256
28169bb20d4799074aa6a06313374f90680c20155e8c6a775eab2525d99fc78d

SHA512
87cddcbeb387178cc181541eac1f614a9a655c2f16e608099a9ab3136e10de3f3cdcf3c5e4dc3e8a1694f6494c8d2673d1ec14c6c84786ceb2d29682cb9b52fe

Download Submit
C:\Windows\System\ZonqMvW.exe

Filesize
5.7MB

MD5
c0ca068bcae033ed56952ff04e945015

SHA1
e90f5b61a7b745dc6ed02c5003e94dd5685386b2

SHA256
8c2cc3ed1f396ed9b56996d108cda85c3d3f0039620eb4a536283777ed0496ba

SHA512
99f6eb84ce2f9759395871a4d0d72429a3720430b0edfde66ff08864c3e27678729c1c6d782c735ba7cfee3a52cd12640efa34cdb19bffbb42da928f925ae7af

Download Submit
C:\Windows\System\aQphSuK.exe

Filesize
5.7MB

MD5
15e5d1c1bac0b702b544c3a9fd3e1b50

SHA1
5bb12e8e226a688929615cf420b54e1bd7701e6e

SHA256
685f47f11fa3a3ccaf517f041844707dae09f7f55e3fabd6566166e6218f2da5

SHA512
00ee934e7a8ff8d55311ccc4f054cee2a18d91d9352d54b19717c0c3e84ff708cd249c7ea3944f8934538a54250a1dfaaad0ea7feebf59c32994307c3395531f

Download Submit
C:\Windows\System\cGgvNEq.exe

Filesize
5.7MB

MD5
6f8005693f94aef4ff00eec0c74ee0a4

SHA1
de93fbf86806ea50eb742ba28cc95a219ee630b0

SHA256
42578a2e97194f0c5adaa01f199bbe12c9422e4fa505eceaae48501d62624875

SHA512
934a2666193e3f0e58f9bfcee610414050979f91fc2ce9cff8b0086aa86a3f08987d4d0c99b82ea953dd05df5b57929f7e51c784d562f28673b867dbd6c6ca91

Download Submit
C:\Windows\System\epTScDU.exe

Filesize
5.7MB

MD5
0d1e07b9472e2083156620185b46ee6e

SHA1
d9691733848053b64c60550214fbda9b63cca67f

SHA256
63f45a35d40b58dffd700b7a4e25a10a3b67386045baf0e843441578a03bf655

SHA512
d0dda7b68b886616340296c1b15bae033f076870fdae313950634e402db181c53e022a3f46ad8b98266b5f4fe10e075ef4952b1bbef1070a73f568f61e4e965c

Download Submit
C:\Windows\System\fVpssCQ.exe

Filesize
5.7MB

MD5
627a64529642e560017b6edf10588682

SHA1
bfdae6ed7eeb04b3894be7af9e6f71944e0996a6

SHA256
b92c7b98c6a3a1dcae4e3ce5ef8cc2458cd6aa4f95ab6a517f9129acda25cae1

SHA512
7d774136df795feab985b067a68c242f695835404d33c830a4ab04f5e99593be81202dad151abe203402592d6a9dab4f1e7e4454b82133c520a117f2f75b0165

Download Submit
C:\Windows\System\hQJluRX.exe

Filesize
5.7MB

MD5
611db860123970396820c2da6db1dfe0

SHA1
a8443f1b7d2d63afde3e5cf4abc05490b6c56ca3

SHA256
4007880771f1192c0bd31e5d816980fab0134be41f6b707743c7831ccdca33ce

SHA512
6590b8cd4b8039ccdc7192d1fd7d4fdcf4784020c4ade84ed2a79ba005d1075deb72b3353c850ab1ec8cc59eff573585d04d5119d5182814ca23408dc783785f

Download Submit
C:\Windows\System\hrwjPaU.exe

Filesize
5.7MB

MD5
6283d6a44e6c9fa0d580547873b7ac8b

SHA1
3938f3ab12e33e1ff2cbde9a96526a8050cc9e9b

SHA256
72178252d58e93f6497ac4fef2d1fa531e00ac2d294cd255ede8cb7ada9fcf6d

SHA512
6e1ded30ca7752ae10927cfe1c04db40314fae0273be3a9bf3d9ba4d80eedf39144a31f2fe95d9df1ee318542b0a185c26082d4169cd6aa3cddd7087650c1f54

Download Submit
C:\Windows\System\hyNreVk.exe

Filesize
5.7MB

MD5
12de02501a32017ab466c48a9d911037

SHA1
564bf2a3f046cce00b2d4678f9c130d8654e0e00

SHA256
17993f733266dfa320863fc54dfcf4b2b43a0460bbee1dc3122e5726b9b59ef7

SHA512
28e81936f0dacf543e4458485638a4a577078f038f545eaa083304d993d93f7ce4753a6b277cc463b86691536861aa9041c5a2cbc9689eab95f2a2289fafb1a0

Download Submit
C:\Windows\System\iAfhQxs.exe

Filesize
5.7MB

MD5
7e31a15d520b6da50d73fa2f8fdb3b87

SHA1
18d74a6372a6a26ee4c18d274448011c6ef6491a

SHA256
58d6a57eab65b4bdd6337363adff3cfc78d1003c1b274761333a5a3f2d33c13b

SHA512
abada54048e9efdf174865bbeedcce0b34b2e0690eee6a731eb6f1cadab5e6823d225dfdf80cddc3e49c3eea5c8560d17dbf1e62f394deacadce9d7166494293

Download Submit
C:\Windows\System\jaOHAfD.exe

Filesize
5.7MB

MD5
3dfb7ca6af44cb3664e44ca46008d308

SHA1
8f35cb50a308877e054465359c42c79ad7dd64b7

SHA256
b3b460d03122309b5379aed2dcac3a166d3491d9c0c2ca000e9a30453050601a

SHA512
0e5636d85bdc4726cda0a23ae5480afe29b0cdc74ce6e57d9401855206b7fb83bbaf5ea359b50e0fb7074dfb62cc993a96c142a79e11bc20169774a2a1ac8365

Download Submit
C:\Windows\System\kygvBEL.exe

Filesize
5.7MB

MD5
773e28124f18613db0dce4b0f71dcbf7

SHA1
a0610e1256bc2517089ce85dff77690526a08606

SHA256
d7afd28bfcb0ceea54307fdaf0ec761cd64bcfd86644ac18dbbdebe0c156a81d

SHA512
ec469a3abc4405b05513b04e6629f1949d64919523dc2a252df99965af08fe9c0beb83cac419616cafc226968109613330dd0b083e1304cc207c7d8c2e4ba39c

Download Submit
C:\Windows\System\mDfKGsB.exe

Filesize
5.7MB

MD5
b19b2f9df42914629124a8e7c1afad72

SHA1
f4e6902d4c57b23d2e551c957d148e791f5315d2

SHA256
ef2375125a0f767f8c9a395c90949c6b398eba9699f42f5938bb9df0f9d8f0ea

SHA512
d79a9fbbdd602dccb4b284e6ad796152145a88724324cf1d0d5defcf911b768e9e7e6d344f101090d45d77add69be5db2553d0691eaaf92661e45ff6bfde534f

Download Submit
C:\Windows\System\mQoTHYI.exe

Filesize
5.7MB

MD5
21e23efc421b0a9579172c0d12cf9b23

SHA1
549fce55f9d3a7b85505020a4f43f59fa6a2afae

SHA256
535f2da49ec3e6a1a7ccd4095a3359205c6ba54961ade4944827b7cb47abfde4

SHA512
a5af8f66265308a480c64dfeeb6c160e88981558ae91c2bae5f87d2d99725bdd6a3eb9c92932fa34f1ed7ff8df09f22bbd02448dc0e3d4766a1b8c46dc409216

Download Submit
C:\Windows\System\rbJEuVi.exe

Filesize
5.7MB

MD5
bb1fa3d81e46f057fe924c528fafd030

SHA1
6db1cd1790a96b5d9f1b8f09da10a406fa8f3219

SHA256
b3309cc245d311301e4a09c325c499151ec30cb51009e3b33dc7794fdcea86c8

SHA512
d3028e8aa533ca35a593e0f4632f1f1de5efcaa5d21d11fa9f75e6ef361229a39c21c30666113279b663f2c40f24ec50107bb49a6752f03bd0e905ab2c4cd021

Download Submit
C:\Windows\System\rkuwwSL.exe

Filesize
5.7MB

MD5
d067b54c3f286d4349167fea43845bee

SHA1
56dc3de59d20e4072438ed57559e6c81e8670d23

SHA256
f8c1fb48996ee1fa900634cb1538faef7ba366b4242538efd41473face4ec8a6

SHA512
fa64fc6cd4705b16030fdd88000507244abca55f5686a090c232bd6af991f8ab56e037435b235c9b70b563225ccb55c5ab0f86105ae2e7f40951a3de3eb194bc

Download Submit
C:\Windows\System\wbNNRPF.exe

Filesize
5.7MB

MD5
f1a120e8fee73c5e051476ea5a0d3939

SHA1
e116a32f9e13856e93bc73c37c4319a1129fd748

SHA256
2ad422dac422f7f5433a233ea3326131417356bcda73afe9fbd3f7b77fda183d

SHA512
09fd721b343fa31799f17e2ebb87a7f902eedab464a3802b110449384cfb01e23c58da2ac80650ed8317ba125fd9cffaf6727465df92050a45a986d17f7fab30

Download Submit
C:\Windows\System\xxsBBnX.exe

Filesize
5.7MB

MD5
30be5e04db310e72413223479f9238fb

SHA1
aac6060db29fd73a095d225f23e896453f4a3d6f

SHA256
6422ae2aed245af71bef30962752f8166af8d19db5f463f6f9dc865ed091a977

SHA512
3d6c3bc99735bd30732d46869bb179d019cbcd315b5e23e09c3c2c3fb74a9a709966cad47ab0d7ce85e7415c34348557d63b79c85cc7448380fe62fa35fb0b62

Download Submit
C:\Windows\System\yCGWzZw.exe

Filesize
5.7MB

MD5
682ca47e374dfc78e0658fd4d7c62fb0

SHA1
6c06f28d7a6726ccb8e02c73e63a272a97b41959

SHA256
31a114fb6bd62ea6aeee4a2a90fb3f533d256a6899119ce483a1942cb8c62579

SHA512
659f41b5279e7366520480f61fae2a0181d8409af1fe171512c2b3930dbb4edf8d8cc061b6cf3ef6e1f30d652d04513c0fcaad366bddb2ede030975edcf3276e

Download Submit
memory/708-150-0x00007FF624240000-0x00007FF62458D000-memory.dmp

Filesize
3.3MB

Download
memory/840-112-0x00007FF666630000-0x00007FF66697D000-memory.dmp

Filesize
3.3MB

Download
memory/1412-1-0x000002A7E2500000-0x000002A7E2510000-memory.dmp

Filesize
64KB

Download
memory/1412-0-0x00007FF700170000-0x00007FF7004BD000-memory.dmp

Filesize
3.3MB

Download
memory/1416-90-0x00007FF6276C0000-0x00007FF627A0D000-memory.dmp

Filesize
3.3MB

Download
memory/1628-64-0x00007FF605AB0000-0x00007FF605DFD000-memory.dmp

Filesize
3.3MB

Download
memory/1696-118-0x00007FF610210000-0x00007FF61055D000-memory.dmp

Filesize
3.3MB

Download
memory/1868-135-0x00007FF7DE100000-0x00007FF7DE44D000-memory.dmp

Filesize
3.3MB

Download
memory/1876-186-0x00007FF6EB670000-0x00007FF6EB9BD000-memory.dmp

Filesize
3.3MB

Download
memory/2140-13-0x00007FF651FA0000-0x00007FF6522ED000-memory.dmp

Filesize
3.3MB

Download
memory/2456-174-0x00007FF675130000-0x00007FF67547D000-memory.dmp

Filesize
3.3MB

Download
memory/2548-155-0x00007FF6D0CC0000-0x00007FF6D100D000-memory.dmp

Filesize
3.3MB

Download
memory/2844-192-0x00007FF7612C0000-0x00007FF76160D000-memory.dmp

Filesize
3.3MB

Download
memory/2856-97-0x00007FF6B0B10000-0x00007FF6B0E5D000-memory.dmp

Filesize
3.3MB

Download
memory/2976-165-0x00007FF71FCA0000-0x00007FF71FFED000-memory.dmp

Filesize
3.3MB

Download
memory/3132-160-0x00007FF7FBC30000-0x00007FF7FBF7D000-memory.dmp

Filesize
3.3MB

Download
memory/3272-106-0x00007FF6FF8A0000-0x00007FF6FFBED000-memory.dmp

Filesize
3.3MB

Download
memory/3324-180-0x00007FF7B7AE0000-0x00007FF7B7E2D000-memory.dmp

Filesize
3.3MB

Download
memory/3380-124-0x00007FF6782A0000-0x00007FF6785ED000-memory.dmp

Filesize
3.3MB

Download
memory/3528-70-0x00007FF768810000-0x00007FF768B5D000-memory.dmp

Filesize
3.3MB

Download
memory/3668-84-0x00007FF795180000-0x00007FF7954CD000-memory.dmp

Filesize
3.3MB

Download
memory/3676-51-0x00007FF734D40000-0x00007FF73508D000-memory.dmp

Filesize
3.3MB

Download
memory/3732-19-0x00007FF6B8150000-0x00007FF6B849D000-memory.dmp

Filesize
3.3MB

Download
memory/3744-46-0x00007FF66E870000-0x00007FF66EBBD000-memory.dmp

Filesize
3.3MB

Download
memory/3844-7-0x00007FF62ED60000-0x00007FF62F0AD000-memory.dmp

Filesize
3.3MB

Download
memory/3876-58-0x00007FF7F1710000-0x00007FF7F1A5D000-memory.dmp

Filesize
3.3MB

Download
memory/4012-37-0x00007FF72C710000-0x00007FF72CA5D000-memory.dmp

Filesize
3.3MB

Download
memory/4080-31-0x00007FF7318E0000-0x00007FF731C2D000-memory.dmp

Filesize
3.3MB

Download
memory/4336-130-0x00007FF628500000-0x00007FF62884D000-memory.dmp

Filesize
3.3MB

Download
memory/4504-75-0x00007FF70D8B0000-0x00007FF70DBFD000-memory.dmp

Filesize
3.3MB

Download
memory/4804-141-0x00007FF78A010000-0x00007FF78A35D000-memory.dmp

Filesize
3.3MB

Download
memory/4880-25-0x00007FF7CC6D0000-0x00007FF7CCA1D000-memory.dmp

Filesize
3.3MB

Download
memory/5004-94-0x00007FF70E1E0000-0x00007FF70E52D000-memory.dmp

Filesize
3.3MB

Download