cobaltstrike | 64b89897a706972e0ad43ad06d93d4edf5ac177b69db75ddbb6e778d309cd9e0

Analysis

max time kernel
92s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2025 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

802e31099d4b18febed2abc31de2097b
SHA1

cb497a70c94e6049309c84dc5ca6ee24b094c315
SHA256

64b89897a706972e0ad43ad06d93d4edf5ac177b69db75ddbb6e778d309cd9e0
SHA512

0f105d8769e14af40acfe89c13a205bf892b2fee35e9b2e01619da10f7711e08468c32fb8f68491e5cc83a334920affdbc0d99bd0a1d3d76aaa4b152b4f26480
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lU9:j+R56utgpPF8u/79

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b4e-6.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c43-11.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c46-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c48-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c49-30.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c44-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c4a-42.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c4b-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c4c-53.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c4d-59.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c4f-70.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c52-82.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c53-85.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c56-103.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c57-109.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c5a-127.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c5b-142.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c5e-151.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c61-178.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c65-193.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c63-190.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c64-187.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c62-184.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c60-172.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c5f-166.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c5d-154.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c5c-148.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c59-128.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c58-124.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c55-106.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c54-100.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c51-79.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c4e-65.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3408-0-0x00007FF6E11D0000-0x00007FF6E151D000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b4e-6.dat	xmrig
behavioral2/memory/2328-7-0x00007FF74A360000-0x00007FF74A6AD000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c43-11.dat	xmrig
behavioral2/files/0x0008000000023c46-10.dat	xmrig
behavioral2/memory/4788-13-0x00007FF6A9430000-0x00007FF6A977D000-memory.dmp	xmrig
behavioral2/memory/532-19-0x00007FF67BAF0000-0x00007FF67BE3D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c48-23.dat	xmrig
behavioral2/memory/628-25-0x00007FF69BA80000-0x00007FF69BDCD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c49-30.dat	xmrig
behavioral2/memory/1772-31-0x00007FF78A9F0000-0x00007FF78AD3D000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c44-35.dat	xmrig
behavioral2/memory/2936-37-0x00007FF772150000-0x00007FF77249D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c4a-42.dat	xmrig
behavioral2/memory/3624-43-0x00007FF673B90000-0x00007FF673EDD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c4b-47.dat	xmrig
behavioral2/files/0x0007000000023c4c-53.dat	xmrig
behavioral2/memory/2140-60-0x00007FF68C710000-0x00007FF68CA5D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c4d-59.dat	xmrig
behavioral2/memory/4636-66-0x00007FF6B1E00000-0x00007FF6B214D000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c4f-70.dat	xmrig
behavioral2/memory/3584-75-0x00007FF75F0E0000-0x00007FF75F42D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c52-82.dat	xmrig
behavioral2/files/0x0007000000023c53-85.dat	xmrig
behavioral2/files/0x0007000000023c56-103.dat	xmrig
behavioral2/files/0x0007000000023c57-109.dat	xmrig
behavioral2/files/0x0007000000023c5a-127.dat	xmrig
behavioral2/memory/1732-134-0x00007FF7125D0000-0x00007FF71291D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c5b-142.dat	xmrig
behavioral2/files/0x0007000000023c5e-151.dat	xmrig
behavioral2/files/0x0007000000023c61-178.dat	xmrig
behavioral2/memory/3320-196-0x00007FF680D00000-0x00007FF68104D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c65-193.dat	xmrig
behavioral2/memory/3132-191-0x00007FF6D9170000-0x00007FF6D94BD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c63-190.dat	xmrig
behavioral2/files/0x0007000000023c64-187.dat	xmrig
behavioral2/memory/1812-185-0x00007FF7B9A00000-0x00007FF7B9D4D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c62-184.dat	xmrig
behavioral2/memory/1008-179-0x00007FF7D08C0000-0x00007FF7D0C0D000-memory.dmp	xmrig
behavioral2/memory/1340-173-0x00007FF776FD0000-0x00007FF77731D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c60-172.dat	xmrig
behavioral2/memory/4476-167-0x00007FF674B10000-0x00007FF674E5D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c5f-166.dat	xmrig
behavioral2/memory/2732-161-0x00007FF750FB0000-0x00007FF7512FD000-memory.dmp	xmrig
behavioral2/memory/1852-155-0x00007FF6FCCD0000-0x00007FF6FD01D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c5d-154.dat	xmrig
behavioral2/memory/4516-149-0x00007FF7BCFC0000-0x00007FF7BD30D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c5c-148.dat	xmrig
behavioral2/memory/3676-143-0x00007FF771E50000-0x00007FF77219D000-memory.dmp	xmrig
behavioral2/memory/1136-129-0x00007FF797340000-0x00007FF79768D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c59-128.dat	xmrig
behavioral2/memory/3080-125-0x00007FF7C7EB0000-0x00007FF7C81FD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c58-124.dat	xmrig
behavioral2/memory/3424-119-0x00007FF6B8980000-0x00007FF6B8CCD000-memory.dmp	xmrig
behavioral2/memory/1248-113-0x00007FF6A1400000-0x00007FF6A174D000-memory.dmp	xmrig
behavioral2/memory/1484-107-0x00007FF670000000-0x00007FF67034D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c55-106.dat	xmrig
behavioral2/memory/2192-101-0x00007FF6612A0000-0x00007FF6615ED000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c54-100.dat	xmrig
behavioral2/memory/3940-95-0x00007FF6022E0000-0x00007FF60262D000-memory.dmp	xmrig
behavioral2/memory/5016-89-0x00007FF61B680000-0x00007FF61B9CD000-memory.dmp	xmrig
behavioral2/memory/1072-80-0x00007FF7530C0000-0x00007FF75340D000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c51-79.dat	xmrig
behavioral2/files/0x0007000000023c4e-65.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2328	QOABuOw.exe
4788	LDeqySk.exe
532	wZPvwQz.exe
628	UnvDghG.exe
1772	BgXblUy.exe
2936	BvQBfTf.exe
3624	mwYQiPA.exe
2044	oQhxDRg.exe
2076	nMkMyCz.exe
2140	SdlmSiG.exe
4636	CMRAIeE.exe
3584	qzMVTsT.exe
1072	ikWkfuH.exe
5016	eqiFRfe.exe
3940	mNfWrqf.exe
2192	lcyINkD.exe
1484	FBiGHQe.exe
1248	fvgefOC.exe
3424	aaxEZGV.exe
3080	UXiqJcf.exe
1136	lEITHRV.exe
1732	MmVNEuH.exe
3676	fvJabio.exe
4516	iXYeiTw.exe
1852	xxEOnFT.exe
2732	QHRoVex.exe
4476	fPsIdNW.exe
1340	hEFXTKt.exe
1008	WezpRnZ.exe
1812	vfgImrg.exe
3132	ZEeEjsj.exe
3320	fJCMISq.exe
4396	JgbpdKO.exe
1232	AkbXgqO.exe
4372	DJUQQwR.exe
3448	xJHMsaS.exe
4016	OKMmMFI.exe
1284	MQsOgnQ.exe
3452	AjzqMdO.exe
1568	twPlWVv.exe
4324	gwFyypX.exe
3844	yppKjcf.exe
4536	WlAkLvO.exe
4696	ggBIwhR.exe
3572	qHvrzgf.exe
4876	ZvrZyUV.exe
5108	CgnKACN.exe
100	haqcfwz.exe
4708	jSvSARs.exe
4376	pCdfaey.exe
4032	PYbuqwt.exe
896	jMKYjLQ.exe
3600	GdUUZMb.exe
4992	cewWyDP.exe
764	QTMyvkC.exe
2264	UoqWdeo.exe
3968	ShnnWuT.exe
3852	JEQREQJ.exe
4468	eKNxOCc.exe
3460	bpcRDth.exe
4668	TuUAREn.exe
4452	UiliInj.exe
2960	vCgwhAK.exe
1708	TyydWrj.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bWWVcBA.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwljMXw.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpiKfNd.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NaefJYe.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkwjbcl.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vxHDCqQ.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZgfNVI.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SryiswK.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DCoYCYk.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGjBWiV.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vKBhbuq.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHpaWMg.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gNAWrxD.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zikfRNZ.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vCgwhAK.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KfHQXJO.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybLzAtw.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HDIKeXz.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXcnbQC.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBDBYbt.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\svnqEvf.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mUtXYOf.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JEQREQJ.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BzeSmCI.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRCQkve.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRlGXoD.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adtkosY.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipelNmf.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSpATxF.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\upMOxhr.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmwsnMM.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RgMLuXX.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTImIBG.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HoFYZuE.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cODmOoX.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYyvSdt.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPnrFIf.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SARTHOA.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\luQphFs.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVurqRx.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aeSnLKB.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UzqzBOP.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oFFnRrv.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSvMylg.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SlbQYhu.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYVIKQi.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSxoTXQ.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLQncTI.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MwvNqmy.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTWNNxv.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PFKOniA.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwcqVQn.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtGqkzB.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysMtXGx.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HozbRbe.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RxChviD.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAAtTgU.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvMqMAY.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TyydWrj.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqKPqFc.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQIqrWI.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HSqbqiW.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pCdfaey.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZXTBiD.exe	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3408 wrote to memory of 2328	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3408 wrote to memory of 2328	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3408 wrote to memory of 4788	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3408 wrote to memory of 4788	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3408 wrote to memory of 532	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3408 wrote to memory of 532	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3408 wrote to memory of 628	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3408 wrote to memory of 628	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3408 wrote to memory of 1772	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3408 wrote to memory of 1772	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3408 wrote to memory of 2936	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3408 wrote to memory of 2936	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3408 wrote to memory of 3624	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3408 wrote to memory of 3624	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3408 wrote to memory of 2044	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3408 wrote to memory of 2044	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3408 wrote to memory of 2076	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3408 wrote to memory of 2076	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3408 wrote to memory of 2140	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3408 wrote to memory of 2140	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3408 wrote to memory of 4636	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3408 wrote to memory of 4636	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3408 wrote to memory of 3584	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3408 wrote to memory of 3584	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3408 wrote to memory of 1072	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3408 wrote to memory of 1072	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3408 wrote to memory of 5016	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3408 wrote to memory of 5016	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3408 wrote to memory of 3940	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3408 wrote to memory of 3940	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3408 wrote to memory of 2192	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3408 wrote to memory of 2192	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3408 wrote to memory of 1484	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3408 wrote to memory of 1484	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3408 wrote to memory of 1248	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3408 wrote to memory of 1248	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3408 wrote to memory of 3424	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3408 wrote to memory of 3424	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3408 wrote to memory of 3080	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3408 wrote to memory of 3080	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3408 wrote to memory of 1136	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3408 wrote to memory of 1136	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3408 wrote to memory of 1732	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3408 wrote to memory of 1732	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3408 wrote to memory of 3676	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3408 wrote to memory of 3676	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3408 wrote to memory of 4516	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3408 wrote to memory of 4516	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3408 wrote to memory of 1852	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3408 wrote to memory of 1852	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3408 wrote to memory of 2732	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3408 wrote to memory of 2732	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3408 wrote to memory of 4476	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3408 wrote to memory of 4476	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3408 wrote to memory of 1340	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3408 wrote to memory of 1340	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3408 wrote to memory of 1008	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3408 wrote to memory of 1008	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3408 wrote to memory of 1812	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3408 wrote to memory of 1812	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3408 wrote to memory of 3132	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3408 wrote to memory of 3132	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3408 wrote to memory of 3320	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 3408 wrote to memory of 3320	3408	2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_802e31099d4b18febed2abc31de2097b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Windows\System\QOABuOw.exe
  C:\Windows\System\QOABuOw.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\LDeqySk.exe
  C:\Windows\System\LDeqySk.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\wZPvwQz.exe
  C:\Windows\System\wZPvwQz.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\UnvDghG.exe
  C:\Windows\System\UnvDghG.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\BgXblUy.exe
  C:\Windows\System\BgXblUy.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\BvQBfTf.exe
  C:\Windows\System\BvQBfTf.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\mwYQiPA.exe
  C:\Windows\System\mwYQiPA.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\oQhxDRg.exe
  C:\Windows\System\oQhxDRg.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\nMkMyCz.exe
  C:\Windows\System\nMkMyCz.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\SdlmSiG.exe
  C:\Windows\System\SdlmSiG.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\CMRAIeE.exe
  C:\Windows\System\CMRAIeE.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\qzMVTsT.exe
  C:\Windows\System\qzMVTsT.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\ikWkfuH.exe
  C:\Windows\System\ikWkfuH.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\eqiFRfe.exe
  C:\Windows\System\eqiFRfe.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\mNfWrqf.exe
  C:\Windows\System\mNfWrqf.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\lcyINkD.exe
  C:\Windows\System\lcyINkD.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\FBiGHQe.exe
  C:\Windows\System\FBiGHQe.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\fvgefOC.exe
  C:\Windows\System\fvgefOC.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\aaxEZGV.exe
  C:\Windows\System\aaxEZGV.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\UXiqJcf.exe
  C:\Windows\System\UXiqJcf.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\lEITHRV.exe
  C:\Windows\System\lEITHRV.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\MmVNEuH.exe
  C:\Windows\System\MmVNEuH.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\fvJabio.exe
  C:\Windows\System\fvJabio.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\iXYeiTw.exe
  C:\Windows\System\iXYeiTw.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\xxEOnFT.exe
  C:\Windows\System\xxEOnFT.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\QHRoVex.exe
  C:\Windows\System\QHRoVex.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\fPsIdNW.exe
  C:\Windows\System\fPsIdNW.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\hEFXTKt.exe
  C:\Windows\System\hEFXTKt.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\WezpRnZ.exe
  C:\Windows\System\WezpRnZ.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\vfgImrg.exe
  C:\Windows\System\vfgImrg.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\ZEeEjsj.exe
  C:\Windows\System\ZEeEjsj.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\fJCMISq.exe
  C:\Windows\System\fJCMISq.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\JgbpdKO.exe
  C:\Windows\System\JgbpdKO.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\AkbXgqO.exe
  C:\Windows\System\AkbXgqO.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\DJUQQwR.exe
  C:\Windows\System\DJUQQwR.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\xJHMsaS.exe
  C:\Windows\System\xJHMsaS.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\OKMmMFI.exe
  C:\Windows\System\OKMmMFI.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\MQsOgnQ.exe
  C:\Windows\System\MQsOgnQ.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\AjzqMdO.exe
  C:\Windows\System\AjzqMdO.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\twPlWVv.exe
  C:\Windows\System\twPlWVv.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\gwFyypX.exe
  C:\Windows\System\gwFyypX.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\yppKjcf.exe
  C:\Windows\System\yppKjcf.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\WlAkLvO.exe
  C:\Windows\System\WlAkLvO.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\ggBIwhR.exe
  C:\Windows\System\ggBIwhR.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\qHvrzgf.exe
  C:\Windows\System\qHvrzgf.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\ZvrZyUV.exe
  C:\Windows\System\ZvrZyUV.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\CgnKACN.exe
  C:\Windows\System\CgnKACN.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\haqcfwz.exe
  C:\Windows\System\haqcfwz.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\jSvSARs.exe
  C:\Windows\System\jSvSARs.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\pCdfaey.exe
  C:\Windows\System\pCdfaey.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\PYbuqwt.exe
  C:\Windows\System\PYbuqwt.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\jMKYjLQ.exe
  C:\Windows\System\jMKYjLQ.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\GdUUZMb.exe
  C:\Windows\System\GdUUZMb.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\cewWyDP.exe
  C:\Windows\System\cewWyDP.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\QTMyvkC.exe
  C:\Windows\System\QTMyvkC.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\UoqWdeo.exe
  C:\Windows\System\UoqWdeo.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\ShnnWuT.exe
  C:\Windows\System\ShnnWuT.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\JEQREQJ.exe
  C:\Windows\System\JEQREQJ.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\eKNxOCc.exe
  C:\Windows\System\eKNxOCc.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\bpcRDth.exe
  C:\Windows\System\bpcRDth.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\TuUAREn.exe
  C:\Windows\System\TuUAREn.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\UiliInj.exe
  C:\Windows\System\UiliInj.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\vCgwhAK.exe
  C:\Windows\System\vCgwhAK.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\TyydWrj.exe
  C:\Windows\System\TyydWrj.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\xWEaMtB.exe
  C:\Windows\System\xWEaMtB.exe
  2⤵
  PID:5044
- C:\Windows\System\PYSywjt.exe
  C:\Windows\System\PYSywjt.exe
  2⤵
  PID:3588
- C:\Windows\System\lMmNetq.exe
  C:\Windows\System\lMmNetq.exe
  2⤵
  PID:408
- C:\Windows\System\KKXePuP.exe
  C:\Windows\System\KKXePuP.exe
  2⤵
  PID:3980
- C:\Windows\System\wmJREag.exe
  C:\Windows\System\wmJREag.exe
  2⤵
  PID:1408
- C:\Windows\System\rwasgDR.exe
  C:\Windows\System\rwasgDR.exe
  2⤵
  PID:4948
- C:\Windows\System\dwoaBCY.exe
  C:\Windows\System\dwoaBCY.exe
  2⤵
  PID:3808
- C:\Windows\System\IWAAYWn.exe
  C:\Windows\System\IWAAYWn.exe
  2⤵
  PID:5128
- C:\Windows\System\GtWpapK.exe
  C:\Windows\System\GtWpapK.exe
  2⤵
  PID:5156
- C:\Windows\System\XOrltEo.exe
  C:\Windows\System\XOrltEo.exe
  2⤵
  PID:5192
- C:\Windows\System\QMKYyve.exe
  C:\Windows\System\QMKYyve.exe
  2⤵
  PID:5224
- C:\Windows\System\igVFXpr.exe
  C:\Windows\System\igVFXpr.exe
  2⤵
  PID:5256
- C:\Windows\System\BqtypDT.exe
  C:\Windows\System\BqtypDT.exe
  2⤵
  PID:5284
- C:\Windows\System\SEsrWJu.exe
  C:\Windows\System\SEsrWJu.exe
  2⤵
  PID:5316
- C:\Windows\System\VMPtlun.exe
  C:\Windows\System\VMPtlun.exe
  2⤵
  PID:5352
- C:\Windows\System\ZYhXoWD.exe
  C:\Windows\System\ZYhXoWD.exe
  2⤵
  PID:5384
- C:\Windows\System\zhiEtUV.exe
  C:\Windows\System\zhiEtUV.exe
  2⤵
  PID:5416
- C:\Windows\System\nhRDDIc.exe
  C:\Windows\System\nhRDDIc.exe
  2⤵
  PID:5448
- C:\Windows\System\pYMvPPX.exe
  C:\Windows\System\pYMvPPX.exe
  2⤵
  PID:5480
- C:\Windows\System\BDfpagd.exe
  C:\Windows\System\BDfpagd.exe
  2⤵
  PID:5512
- C:\Windows\System\DWKCbcW.exe
  C:\Windows\System\DWKCbcW.exe
  2⤵
  PID:5544
- C:\Windows\System\PgnqsOP.exe
  C:\Windows\System\PgnqsOP.exe
  2⤵
  PID:5576
- C:\Windows\System\pcqDbaW.exe
  C:\Windows\System\pcqDbaW.exe
  2⤵
  PID:5608
- C:\Windows\System\tdZvthf.exe
  C:\Windows\System\tdZvthf.exe
  2⤵
  PID:5640
- C:\Windows\System\KfHQXJO.exe
  C:\Windows\System\KfHQXJO.exe
  2⤵
  PID:5668
- C:\Windows\System\PFKOniA.exe
  C:\Windows\System\PFKOniA.exe
  2⤵
  PID:5700
- C:\Windows\System\SlMPSoa.exe
  C:\Windows\System\SlMPSoa.exe
  2⤵
  PID:5732
- C:\Windows\System\bWWVcBA.exe
  C:\Windows\System\bWWVcBA.exe
  2⤵
  PID:5764
- C:\Windows\System\sAUxZgW.exe
  C:\Windows\System\sAUxZgW.exe
  2⤵
  PID:5796
- C:\Windows\System\tKLckmn.exe
  C:\Windows\System\tKLckmn.exe
  2⤵
  PID:5828
- C:\Windows\System\Wbdddku.exe
  C:\Windows\System\Wbdddku.exe
  2⤵
  PID:5860
- C:\Windows\System\pNqrQEq.exe
  C:\Windows\System\pNqrQEq.exe
  2⤵
  PID:5892
- C:\Windows\System\WbELpBp.exe
  C:\Windows\System\WbELpBp.exe
  2⤵
  PID:5924
- C:\Windows\System\BgphYXn.exe
  C:\Windows\System\BgphYXn.exe
  2⤵
  PID:5956
- C:\Windows\System\aDtkErz.exe
  C:\Windows\System\aDtkErz.exe
  2⤵
  PID:5988
- C:\Windows\System\oCYAduF.exe
  C:\Windows\System\oCYAduF.exe
  2⤵
  PID:6020
- C:\Windows\System\oBGIsSb.exe
  C:\Windows\System\oBGIsSb.exe
  2⤵
  PID:6052
- C:\Windows\System\ngDXyer.exe
  C:\Windows\System\ngDXyer.exe
  2⤵
  PID:6084
- C:\Windows\System\OrmbCZC.exe
  C:\Windows\System\OrmbCZC.exe
  2⤵
  PID:6116
- C:\Windows\System\fFEiyaF.exe
  C:\Windows\System\fFEiyaF.exe
  2⤵
  PID:208
- C:\Windows\System\GNCdyJH.exe
  C:\Windows\System\GNCdyJH.exe
  2⤵
  PID:2940
- C:\Windows\System\wbnFyld.exe
  C:\Windows\System\wbnFyld.exe
  2⤵
  PID:1872
- C:\Windows\System\UqZbdul.exe
  C:\Windows\System\UqZbdul.exe
  2⤵
  PID:3736
- C:\Windows\System\vSFmwIk.exe
  C:\Windows\System\vSFmwIk.exe
  2⤵
  PID:5140
- C:\Windows\System\bpkGola.exe
  C:\Windows\System\bpkGola.exe
  2⤵
  PID:5204
- C:\Windows\System\AVJKPbw.exe
  C:\Windows\System\AVJKPbw.exe
  2⤵
  PID:5248
- C:\Windows\System\LxYyPZE.exe
  C:\Windows\System\LxYyPZE.exe
  2⤵
  PID:5312
- C:\Windows\System\UribQtE.exe
  C:\Windows\System\UribQtE.exe
  2⤵
  PID:5376
- C:\Windows\System\SBIhjBp.exe
  C:\Windows\System\SBIhjBp.exe
  2⤵
  PID:5440
- C:\Windows\System\ajJGUon.exe
  C:\Windows\System\ajJGUon.exe
  2⤵
  PID:5504
- C:\Windows\System\LFkCfFq.exe
  C:\Windows\System\LFkCfFq.exe
  2⤵
  PID:5564
- C:\Windows\System\hQFHNqA.exe
  C:\Windows\System\hQFHNqA.exe
  2⤵
  PID:5628
- C:\Windows\System\rYyvSdt.exe
  C:\Windows\System\rYyvSdt.exe
  2⤵
  PID:5692
- C:\Windows\System\tieMoLJ.exe
  C:\Windows\System\tieMoLJ.exe
  2⤵
  PID:5756
- C:\Windows\System\UFDJyCp.exe
  C:\Windows\System\UFDJyCp.exe
  2⤵
  PID:5820
- C:\Windows\System\hhSlXFK.exe
  C:\Windows\System\hhSlXFK.exe
  2⤵
  PID:5888
- C:\Windows\System\uHNFmfe.exe
  C:\Windows\System\uHNFmfe.exe
  2⤵
  PID:5952
- C:\Windows\System\PMdfirZ.exe
  C:\Windows\System\PMdfirZ.exe
  2⤵
  PID:6016
- C:\Windows\System\VwljMXw.exe
  C:\Windows\System\VwljMXw.exe
  2⤵
  PID:6076
- C:\Windows\System\UkwawlE.exe
  C:\Windows\System\UkwawlE.exe
  2⤵
  PID:6136
- C:\Windows\System\voLSEiS.exe
  C:\Windows\System\voLSEiS.exe
  2⤵
  PID:5048
- C:\Windows\System\dFTOKza.exe
  C:\Windows\System\dFTOKza.exe
  2⤵
  PID:2144
- C:\Windows\System\FrUWxwn.exe
  C:\Windows\System\FrUWxwn.exe
  2⤵
  PID:5220
- C:\Windows\System\AjHZrMI.exe
  C:\Windows\System\AjHZrMI.exe
  2⤵
  PID:5344
- C:\Windows\System\nijIpgO.exe
  C:\Windows\System\nijIpgO.exe
  2⤵
  PID:5436
- C:\Windows\System\KYldCAI.exe
  C:\Windows\System\KYldCAI.exe
  2⤵
  PID:5560
- C:\Windows\System\VCVXMEn.exe
  C:\Windows\System\VCVXMEn.exe
  2⤵
  PID:5688
- C:\Windows\System\SlYStRg.exe
  C:\Windows\System\SlYStRg.exe
  2⤵
  PID:6068
- C:\Windows\System\ybLzAtw.exe
  C:\Windows\System\ybLzAtw.exe
  2⤵
  PID:5428
- C:\Windows\System\XvXZoJL.exe
  C:\Windows\System\XvXZoJL.exe
  2⤵
  PID:5624
- C:\Windows\System\ygmeOXk.exe
  C:\Windows\System\ygmeOXk.exe
  2⤵
  PID:4480
- C:\Windows\System\bmDjndg.exe
  C:\Windows\System\bmDjndg.exe
  2⤵
  PID:1660
- C:\Windows\System\rmGCpKO.exe
  C:\Windows\System\rmGCpKO.exe
  2⤵
  PID:5536
- C:\Windows\System\oFFnRrv.exe
  C:\Windows\System\oFFnRrv.exe
  2⤵
  PID:6008
- C:\Windows\System\NeXbJEH.exe
  C:\Windows\System\NeXbJEH.exe
  2⤵
  PID:2196
- C:\Windows\System\HJnfSZq.exe
  C:\Windows\System\HJnfSZq.exe
  2⤵
  PID:1552
- C:\Windows\System\LHIEMfR.exe
  C:\Windows\System\LHIEMfR.exe
  2⤵
  PID:1512
- C:\Windows\System\rqJjjRN.exe
  C:\Windows\System\rqJjjRN.exe
  2⤵
  PID:4664
- C:\Windows\System\CcJSqpc.exe
  C:\Windows\System\CcJSqpc.exe
  2⤵
  PID:4052
- C:\Windows\System\zbtJRpm.exe
  C:\Windows\System\zbtJRpm.exe
  2⤵
  PID:3416
- C:\Windows\System\DCoYCYk.exe
  C:\Windows\System\DCoYCYk.exe
  2⤵
  PID:3284
- C:\Windows\System\ieTkcyo.exe
  C:\Windows\System\ieTkcyo.exe
  2⤵
  PID:2712
- C:\Windows\System\nwjUSVq.exe
  C:\Windows\System\nwjUSVq.exe
  2⤵
  PID:436
- C:\Windows\System\cJadZKq.exe
  C:\Windows\System\cJadZKq.exe
  2⤵
  PID:3992
- C:\Windows\System\PHRpgnd.exe
  C:\Windows\System\PHRpgnd.exe
  2⤵
  PID:5308
- C:\Windows\System\IaWAEtb.exe
  C:\Windows\System\IaWAEtb.exe
  2⤵
  PID:2944
- C:\Windows\System\cSlVlmF.exe
  C:\Windows\System\cSlVlmF.exe
  2⤵
  PID:4336
- C:\Windows\System\gSvMylg.exe
  C:\Windows\System\gSvMylg.exe
  2⤵
  PID:4972
- C:\Windows\System\FpYkvwt.exe
  C:\Windows\System\FpYkvwt.exe
  2⤵
  PID:2920
- C:\Windows\System\kJwQSrd.exe
  C:\Windows\System\kJwQSrd.exe
  2⤵
  PID:5032
- C:\Windows\System\kJEpsLg.exe
  C:\Windows\System\kJEpsLg.exe
  2⤵
  PID:4048
- C:\Windows\System\XVmtLiC.exe
  C:\Windows\System\XVmtLiC.exe
  2⤵
  PID:1316
- C:\Windows\System\atBBTWU.exe
  C:\Windows\System\atBBTWU.exe
  2⤵
  PID:2024
- C:\Windows\System\sugGtfh.exe
  C:\Windows\System\sugGtfh.exe
  2⤵
  PID:4252
- C:\Windows\System\ISGjWHl.exe
  C:\Windows\System\ISGjWHl.exe
  2⤵
  PID:4620
- C:\Windows\System\KrnazDM.exe
  C:\Windows\System\KrnazDM.exe
  2⤵
  PID:1168
- C:\Windows\System\ttMmETU.exe
  C:\Windows\System\ttMmETU.exe
  2⤵
  PID:4448
- C:\Windows\System\iEitSJt.exe
  C:\Windows\System\iEitSJt.exe
  2⤵
  PID:2364
- C:\Windows\System\bRevWmD.exe
  C:\Windows\System\bRevWmD.exe
  2⤵
  PID:6152
- C:\Windows\System\gUbVcME.exe
  C:\Windows\System\gUbVcME.exe
  2⤵
  PID:6184
- C:\Windows\System\asoJYbv.exe
  C:\Windows\System\asoJYbv.exe
  2⤵
  PID:6216
- C:\Windows\System\nVwdQTj.exe
  C:\Windows\System\nVwdQTj.exe
  2⤵
  PID:6252
- C:\Windows\System\VkolUki.exe
  C:\Windows\System\VkolUki.exe
  2⤵
  PID:6284
- C:\Windows\System\okOTDdo.exe
  C:\Windows\System\okOTDdo.exe
  2⤵
  PID:6316
- C:\Windows\System\lbqNwsv.exe
  C:\Windows\System\lbqNwsv.exe
  2⤵
  PID:6348
- C:\Windows\System\gTNjOiW.exe
  C:\Windows\System\gTNjOiW.exe
  2⤵
  PID:6380
- C:\Windows\System\UKGOtKT.exe
  C:\Windows\System\UKGOtKT.exe
  2⤵
  PID:6412
- C:\Windows\System\DMPGrFg.exe
  C:\Windows\System\DMPGrFg.exe
  2⤵
  PID:6444
- C:\Windows\System\ywlmKKn.exe
  C:\Windows\System\ywlmKKn.exe
  2⤵
  PID:6476
- C:\Windows\System\zYMJXsE.exe
  C:\Windows\System\zYMJXsE.exe
  2⤵
  PID:6508
- C:\Windows\System\sTzAOLz.exe
  C:\Windows\System\sTzAOLz.exe
  2⤵
  PID:6540
- C:\Windows\System\KXClFGc.exe
  C:\Windows\System\KXClFGc.exe
  2⤵
  PID:6572
- C:\Windows\System\yUclSQa.exe
  C:\Windows\System\yUclSQa.exe
  2⤵
  PID:6600
- C:\Windows\System\LXcMofa.exe
  C:\Windows\System\LXcMofa.exe
  2⤵
  PID:6636
- C:\Windows\System\fBRCEzU.exe
  C:\Windows\System\fBRCEzU.exe
  2⤵
  PID:6660
- C:\Windows\System\hXZUqnj.exe
  C:\Windows\System\hXZUqnj.exe
  2⤵
  PID:6700
- C:\Windows\System\beJBIyd.exe
  C:\Windows\System\beJBIyd.exe
  2⤵
  PID:6736
- C:\Windows\System\OLHztEv.exe
  C:\Windows\System\OLHztEv.exe
  2⤵
  PID:6764
- C:\Windows\System\tThGMaA.exe
  C:\Windows\System\tThGMaA.exe
  2⤵
  PID:6788
- C:\Windows\System\ihhEuVK.exe
  C:\Windows\System\ihhEuVK.exe
  2⤵
  PID:6828
- C:\Windows\System\bWMsakl.exe
  C:\Windows\System\bWMsakl.exe
  2⤵
  PID:6864
- C:\Windows\System\UiXBxqf.exe
  C:\Windows\System\UiXBxqf.exe
  2⤵
  PID:6884
- C:\Windows\System\DqxFPtP.exe
  C:\Windows\System\DqxFPtP.exe
  2⤵
  PID:6916
- C:\Windows\System\uPvJzIe.exe
  C:\Windows\System\uPvJzIe.exe
  2⤵
  PID:6956
- C:\Windows\System\SMarwkw.exe
  C:\Windows\System\SMarwkw.exe
  2⤵
  PID:6980
- C:\Windows\System\vxHDCqQ.exe
  C:\Windows\System\vxHDCqQ.exe
  2⤵
  PID:7012
- C:\Windows\System\wBHhrDs.exe
  C:\Windows\System\wBHhrDs.exe
  2⤵
  PID:7044
- C:\Windows\System\JCTQuGe.exe
  C:\Windows\System\JCTQuGe.exe
  2⤵
  PID:7080
- C:\Windows\System\qkAkulr.exe
  C:\Windows\System\qkAkulr.exe
  2⤵
  PID:7112
- C:\Windows\System\BTZrOaa.exe
  C:\Windows\System\BTZrOaa.exe
  2⤵
  PID:7144
- C:\Windows\System\EzgZUzG.exe
  C:\Windows\System\EzgZUzG.exe
  2⤵
  PID:6172
- C:\Windows\System\etUAeHF.exe
  C:\Windows\System\etUAeHF.exe
  2⤵
  PID:6228
- C:\Windows\System\jLQsZIt.exe
  C:\Windows\System\jLQsZIt.exe
  2⤵
  PID:6300
- C:\Windows\System\YSpATxF.exe
  C:\Windows\System\YSpATxF.exe
  2⤵
  PID:6364
- C:\Windows\System\PKrDzXQ.exe
  C:\Windows\System\PKrDzXQ.exe
  2⤵
  PID:6420
- C:\Windows\System\VEneWIG.exe
  C:\Windows\System\VEneWIG.exe
  2⤵
  PID:6488
- C:\Windows\System\IsxuXrS.exe
  C:\Windows\System\IsxuXrS.exe
  2⤵
  PID:6548
- C:\Windows\System\srkKVWF.exe
  C:\Windows\System\srkKVWF.exe
  2⤵
  PID:6612
- C:\Windows\System\mroqhWV.exe
  C:\Windows\System\mroqhWV.exe
  2⤵
  PID:6672
- C:\Windows\System\pAcaRMG.exe
  C:\Windows\System\pAcaRMG.exe
  2⤵
  PID:6720
- C:\Windows\System\QCPBpVl.exe
  C:\Windows\System\QCPBpVl.exe
  2⤵
  PID:6784
- C:\Windows\System\FxAUavZ.exe
  C:\Windows\System\FxAUavZ.exe
  2⤵
  PID:6872
- C:\Windows\System\kcVBLOZ.exe
  C:\Windows\System\kcVBLOZ.exe
  2⤵
  PID:6928
- C:\Windows\System\YIFLLde.exe
  C:\Windows\System\YIFLLde.exe
  2⤵
  PID:6972
- C:\Windows\System\jbUhHVY.exe
  C:\Windows\System\jbUhHVY.exe
  2⤵
  PID:7056
- C:\Windows\System\sxBYOZO.exe
  C:\Windows\System\sxBYOZO.exe
  2⤵
  PID:7104
- C:\Windows\System\cPmGKDc.exe
  C:\Windows\System\cPmGKDc.exe
  2⤵
  PID:4764
- C:\Windows\System\UzAeQSz.exe
  C:\Windows\System\UzAeQSz.exe
  2⤵
  PID:216
- C:\Windows\System\LWMnKzG.exe
  C:\Windows\System\LWMnKzG.exe
  2⤵
  PID:6396
- C:\Windows\System\WCYszqa.exe
  C:\Windows\System\WCYszqa.exe
  2⤵
  PID:6516
- C:\Windows\System\EYORDfk.exe
  C:\Windows\System\EYORDfk.exe
  2⤵
  PID:6688
- C:\Windows\System\CRNooNf.exe
  C:\Windows\System\CRNooNf.exe
  2⤵
  PID:6812
- C:\Windows\System\FlDuGGU.exe
  C:\Windows\System\FlDuGGU.exe
  2⤵
  PID:6940
- C:\Windows\System\BdJNKMw.exe
  C:\Windows\System\BdJNKMw.exe
  2⤵
  PID:7024
- C:\Windows\System\VooTkTk.exe
  C:\Windows\System\VooTkTk.exe
  2⤵
  PID:7152
- C:\Windows\System\DgTmLzB.exe
  C:\Windows\System\DgTmLzB.exe
  2⤵
  PID:6388
- C:\Windows\System\DdSYFkN.exe
  C:\Windows\System\DdSYFkN.exe
  2⤵
  PID:6712
- C:\Windows\System\xWkChMU.exe
  C:\Windows\System\xWkChMU.exe
  2⤵
  PID:6876
- C:\Windows\System\QLebztL.exe
  C:\Windows\System\QLebztL.exe
  2⤵
  PID:7132
- C:\Windows\System\OcMJSvg.exe
  C:\Windows\System\OcMJSvg.exe
  2⤵
  PID:6496
- C:\Windows\System\UNCniLI.exe
  C:\Windows\System\UNCniLI.exe
  2⤵
  PID:7004
- C:\Windows\System\iNgOwHW.exe
  C:\Windows\System\iNgOwHW.exe
  2⤵
  PID:6844
- C:\Windows\System\gEnHsBt.exe
  C:\Windows\System\gEnHsBt.exe
  2⤵
  PID:7172
- C:\Windows\System\duEQzyo.exe
  C:\Windows\System\duEQzyo.exe
  2⤵
  PID:7200
- C:\Windows\System\KNJWWNa.exe
  C:\Windows\System\KNJWWNa.exe
  2⤵
  PID:7236
- C:\Windows\System\RWsEsHf.exe
  C:\Windows\System\RWsEsHf.exe
  2⤵
  PID:7264
- C:\Windows\System\tCXxMpy.exe
  C:\Windows\System\tCXxMpy.exe
  2⤵
  PID:7296
- C:\Windows\System\jKnvVca.exe
  C:\Windows\System\jKnvVca.exe
  2⤵
  PID:7336
- C:\Windows\System\VqHMqSP.exe
  C:\Windows\System\VqHMqSP.exe
  2⤵
  PID:7360
- C:\Windows\System\kyYyjrx.exe
  C:\Windows\System\kyYyjrx.exe
  2⤵
  PID:7392
- C:\Windows\System\MwvNqmy.exe
  C:\Windows\System\MwvNqmy.exe
  2⤵
  PID:7428
- C:\Windows\System\cyXcsFb.exe
  C:\Windows\System\cyXcsFb.exe
  2⤵
  PID:7456
- C:\Windows\System\VvyxpEz.exe
  C:\Windows\System\VvyxpEz.exe
  2⤵
  PID:7488
- C:\Windows\System\gHmlmYQ.exe
  C:\Windows\System\gHmlmYQ.exe
  2⤵
  PID:7528
- C:\Windows\System\vqsckDO.exe
  C:\Windows\System\vqsckDO.exe
  2⤵
  PID:7564
- C:\Windows\System\rpiKfNd.exe
  C:\Windows\System\rpiKfNd.exe
  2⤵
  PID:7592
- C:\Windows\System\fExTEhE.exe
  C:\Windows\System\fExTEhE.exe
  2⤵
  PID:7620
- C:\Windows\System\XRwzQGn.exe
  C:\Windows\System\XRwzQGn.exe
  2⤵
  PID:7660
- C:\Windows\System\FjGlvSF.exe
  C:\Windows\System\FjGlvSF.exe
  2⤵
  PID:7692
- C:\Windows\System\FwDTnLW.exe
  C:\Windows\System\FwDTnLW.exe
  2⤵
  PID:7716
- C:\Windows\System\LrwnPUE.exe
  C:\Windows\System\LrwnPUE.exe
  2⤵
  PID:7748
- C:\Windows\System\NVOolJZ.exe
  C:\Windows\System\NVOolJZ.exe
  2⤵
  PID:7784
- C:\Windows\System\MqVUxFH.exe
  C:\Windows\System\MqVUxFH.exe
  2⤵
  PID:7820
- C:\Windows\System\SwFKzlQ.exe
  C:\Windows\System\SwFKzlQ.exe
  2⤵
  PID:7844
- C:\Windows\System\xlKUcbc.exe
  C:\Windows\System\xlKUcbc.exe
  2⤵
  PID:7880
- C:\Windows\System\kSopqaD.exe
  C:\Windows\System\kSopqaD.exe
  2⤵
  PID:7916
- C:\Windows\System\TeZmXPw.exe
  C:\Windows\System\TeZmXPw.exe
  2⤵
  PID:7944
- C:\Windows\System\yGjBWiV.exe
  C:\Windows\System\yGjBWiV.exe
  2⤵
  PID:7984
- C:\Windows\System\trtMOHk.exe
  C:\Windows\System\trtMOHk.exe
  2⤵
  PID:8008
- C:\Windows\System\uViJekD.exe
  C:\Windows\System\uViJekD.exe
  2⤵
  PID:8048
- C:\Windows\System\sgTKlcI.exe
  C:\Windows\System\sgTKlcI.exe
  2⤵
  PID:8076
- C:\Windows\System\lMQCysT.exe
  C:\Windows\System\lMQCysT.exe
  2⤵
  PID:8120
- C:\Windows\System\fSTShdd.exe
  C:\Windows\System\fSTShdd.exe
  2⤵
  PID:8152
- C:\Windows\System\SYRRLZq.exe
  C:\Windows\System\SYRRLZq.exe
  2⤵
  PID:8176
- C:\Windows\System\vWrihbz.exe
  C:\Windows\System\vWrihbz.exe
  2⤵
  PID:7196
- C:\Windows\System\cqSwjgr.exe
  C:\Windows\System\cqSwjgr.exe
  2⤵
  PID:7260
- C:\Windows\System\jFGRfFJ.exe
  C:\Windows\System\jFGRfFJ.exe
  2⤵
  PID:7356
- C:\Windows\System\GehptsD.exe
  C:\Windows\System\GehptsD.exe
  2⤵
  PID:7408
- C:\Windows\System\qshSHSA.exe
  C:\Windows\System\qshSHSA.exe
  2⤵
  PID:7468
- C:\Windows\System\HWXofDv.exe
  C:\Windows\System\HWXofDv.exe
  2⤵
  PID:7536
- C:\Windows\System\DbxLdBS.exe
  C:\Windows\System\DbxLdBS.exe
  2⤵
  PID:7604
- C:\Windows\System\DLeDvGB.exe
  C:\Windows\System\DLeDvGB.exe
  2⤵
  PID:7676
- C:\Windows\System\lLSAuhe.exe
  C:\Windows\System\lLSAuhe.exe
  2⤵
  PID:7732
- C:\Windows\System\hrnCWhV.exe
  C:\Windows\System\hrnCWhV.exe
  2⤵
  PID:7796
- C:\Windows\System\AIyOSHU.exe
  C:\Windows\System\AIyOSHU.exe
  2⤵
  PID:7856
- C:\Windows\System\cZgfNVI.exe
  C:\Windows\System\cZgfNVI.exe
  2⤵
  PID:7888
- C:\Windows\System\YdvBWCC.exe
  C:\Windows\System\YdvBWCC.exe
  2⤵
  PID:7956
- C:\Windows\System\FMNAiJM.exe
  C:\Windows\System\FMNAiJM.exe
  2⤵
  PID:8036
- C:\Windows\System\xNPEGyT.exe
  C:\Windows\System\xNPEGyT.exe
  2⤵
  PID:8104
- C:\Windows\System\WrmsmZW.exe
  C:\Windows\System\WrmsmZW.exe
  2⤵
  PID:8172
- C:\Windows\System\sZlLDuv.exe
  C:\Windows\System\sZlLDuv.exe
  2⤵
  PID:7256
- C:\Windows\System\dCHtOap.exe
  C:\Windows\System\dCHtOap.exe
  2⤵
  PID:7384
- C:\Windows\System\SUfsxPm.exe
  C:\Windows\System\SUfsxPm.exe
  2⤵
  PID:7516
- C:\Windows\System\mtEiFKu.exe
  C:\Windows\System\mtEiFKu.exe
  2⤵
  PID:7700
- C:\Windows\System\NrteTkU.exe
  C:\Windows\System\NrteTkU.exe
  2⤵
  PID:7776
- C:\Windows\System\EPudLaZ.exe
  C:\Windows\System\EPudLaZ.exe
  2⤵
  PID:7836
- C:\Windows\System\xgcCUPI.exe
  C:\Windows\System\xgcCUPI.exe
  2⤵
  PID:6260
- C:\Windows\System\NTzWTSt.exe
  C:\Windows\System\NTzWTSt.exe
  2⤵
  PID:8136
- C:\Windows\System\FNIoUYi.exe
  C:\Windows\System\FNIoUYi.exe
  2⤵
  PID:7192
- C:\Windows\System\VsmxFWk.exe
  C:\Windows\System\VsmxFWk.exe
  2⤵
  PID:7584
- C:\Windows\System\zUrLxMc.exe
  C:\Windows\System\zUrLxMc.exe
  2⤵
  PID:8020
- C:\Windows\System\iSpzZfm.exe
  C:\Windows\System\iSpzZfm.exe
  2⤵
  PID:8100
- C:\Windows\System\gYPZGKu.exe
  C:\Windows\System\gYPZGKu.exe
  2⤵
  PID:7712
- C:\Windows\System\FrNTWwq.exe
  C:\Windows\System\FrNTWwq.exe
  2⤵
  PID:7940
- C:\Windows\System\RxChviD.exe
  C:\Windows\System\RxChviD.exe
  2⤵
  PID:8032
- C:\Windows\System\JWyOYyh.exe
  C:\Windows\System\JWyOYyh.exe
  2⤵
  PID:8224
- C:\Windows\System\ojwGgZh.exe
  C:\Windows\System\ojwGgZh.exe
  2⤵
  PID:8248
- C:\Windows\System\DdrMJOL.exe
  C:\Windows\System\DdrMJOL.exe
  2⤵
  PID:8288
- C:\Windows\System\KUvjMjr.exe
  C:\Windows\System\KUvjMjr.exe
  2⤵
  PID:8320
- C:\Windows\System\rcNCoRz.exe
  C:\Windows\System\rcNCoRz.exe
  2⤵
  PID:8352
- C:\Windows\System\XctfYSi.exe
  C:\Windows\System\XctfYSi.exe
  2⤵
  PID:8384
- C:\Windows\System\qPRTAAG.exe
  C:\Windows\System\qPRTAAG.exe
  2⤵
  PID:8416
- C:\Windows\System\WgXYbag.exe
  C:\Windows\System\WgXYbag.exe
  2⤵
  PID:8452
- C:\Windows\System\ywGDhlB.exe
  C:\Windows\System\ywGDhlB.exe
  2⤵
  PID:8488
- C:\Windows\System\MVBTHXE.exe
  C:\Windows\System\MVBTHXE.exe
  2⤵
  PID:8516
- C:\Windows\System\WNtAxoL.exe
  C:\Windows\System\WNtAxoL.exe
  2⤵
  PID:8532
- C:\Windows\System\HwPEtGE.exe
  C:\Windows\System\HwPEtGE.exe
  2⤵
  PID:8556
- C:\Windows\System\inmPoav.exe
  C:\Windows\System\inmPoav.exe
  2⤵
  PID:8572
- C:\Windows\System\DxzplmB.exe
  C:\Windows\System\DxzplmB.exe
  2⤵
  PID:8612
- C:\Windows\System\TPuMjXw.exe
  C:\Windows\System\TPuMjXw.exe
  2⤵
  PID:8644
- C:\Windows\System\ZcVvxot.exe
  C:\Windows\System\ZcVvxot.exe
  2⤵
  PID:8692
- C:\Windows\System\hrsUGyL.exe
  C:\Windows\System\hrsUGyL.exe
  2⤵
  PID:8732
- C:\Windows\System\HwXsmhL.exe
  C:\Windows\System\HwXsmhL.exe
  2⤵
  PID:8764
- C:\Windows\System\vdouGym.exe
  C:\Windows\System\vdouGym.exe
  2⤵
  PID:8804
- C:\Windows\System\Virwejk.exe
  C:\Windows\System\Virwejk.exe
  2⤵
  PID:8836
- C:\Windows\System\tPnrFIf.exe
  C:\Windows\System\tPnrFIf.exe
  2⤵
  PID:8860
- C:\Windows\System\UpvFxPK.exe
  C:\Windows\System\UpvFxPK.exe
  2⤵
  PID:8900
- C:\Windows\System\wJxoYON.exe
  C:\Windows\System\wJxoYON.exe
  2⤵
  PID:8948
- C:\Windows\System\VmKLSZn.exe
  C:\Windows\System\VmKLSZn.exe
  2⤵
  PID:8964
- C:\Windows\System\raeSsWC.exe
  C:\Windows\System\raeSsWC.exe
  2⤵
  PID:8992
- C:\Windows\System\HtCfMmI.exe
  C:\Windows\System\HtCfMmI.exe
  2⤵
  PID:9028
- C:\Windows\System\KLlHAaA.exe
  C:\Windows\System\KLlHAaA.exe
  2⤵
  PID:9060
- C:\Windows\System\SFJhkeq.exe
  C:\Windows\System\SFJhkeq.exe
  2⤵
  PID:9092
- C:\Windows\System\GKuZNcu.exe
  C:\Windows\System\GKuZNcu.exe
  2⤵
  PID:9140
- C:\Windows\System\FjixyQG.exe
  C:\Windows\System\FjixyQG.exe
  2⤵
  PID:9172
- C:\Windows\System\TFmQTLu.exe
  C:\Windows\System\TFmQTLu.exe
  2⤵
  PID:9204
- C:\Windows\System\swsBMze.exe
  C:\Windows\System\swsBMze.exe
  2⤵
  PID:8204
- C:\Windows\System\TooztMo.exe
  C:\Windows\System\TooztMo.exe
  2⤵
  PID:8268
- C:\Windows\System\cXqjbvG.exe
  C:\Windows\System\cXqjbvG.exe
  2⤵
  PID:7440
- C:\Windows\System\zjOJKjZ.exe
  C:\Windows\System\zjOJKjZ.exe
  2⤵
  PID:8400
- C:\Windows\System\aCctCNs.exe
  C:\Windows\System\aCctCNs.exe
  2⤵
  PID:8468
- C:\Windows\System\NGAfKGV.exe
  C:\Windows\System\NGAfKGV.exe
  2⤵
  PID:8528
- C:\Windows\System\iCeTCwJ.exe
  C:\Windows\System\iCeTCwJ.exe
  2⤵
  PID:8568
- C:\Windows\System\vKfihbW.exe
  C:\Windows\System\vKfihbW.exe
  2⤵
  PID:8600
- C:\Windows\System\qSsidzH.exe
  C:\Windows\System\qSsidzH.exe
  2⤵
  PID:8704
- C:\Windows\System\tWtFGWj.exe
  C:\Windows\System\tWtFGWj.exe
  2⤵
  PID:8784
- C:\Windows\System\ApXGdsN.exe
  C:\Windows\System\ApXGdsN.exe
  2⤵
  PID:8832
- C:\Windows\System\SWghXNR.exe
  C:\Windows\System\SWghXNR.exe
  2⤵
  PID:8868
- C:\Windows\System\oguXZVk.exe
  C:\Windows\System\oguXZVk.exe
  2⤵
  PID:8960
- C:\Windows\System\ttvgjJk.exe
  C:\Windows\System\ttvgjJk.exe
  2⤵
  PID:9008
- C:\Windows\System\AqfbttT.exe
  C:\Windows\System\AqfbttT.exe
  2⤵
  PID:9084
- C:\Windows\System\pyRBqSp.exe
  C:\Windows\System\pyRBqSp.exe
  2⤵
  PID:9116
- C:\Windows\System\DQbxtNz.exe
  C:\Windows\System\DQbxtNz.exe
  2⤵
  PID:9188
- C:\Windows\System\aYIEeeV.exe
  C:\Windows\System\aYIEeeV.exe
  2⤵
  PID:8300
- C:\Windows\System\fdswdSl.exe
  C:\Windows\System\fdswdSl.exe
  2⤵
  PID:8444
- C:\Windows\System\TBdibgq.exe
  C:\Windows\System\TBdibgq.exe
  2⤵
  PID:8548
- C:\Windows\System\gsOKKYb.exe
  C:\Windows\System\gsOKKYb.exe
  2⤵
  PID:8592
- C:\Windows\System\OaCOmAH.exe
  C:\Windows\System\OaCOmAH.exe
  2⤵
  PID:8724
- C:\Windows\System\vXixbrb.exe
  C:\Windows\System\vXixbrb.exe
  2⤵
  PID:8932
- C:\Windows\System\cTEMPvU.exe
  C:\Windows\System\cTEMPvU.exe
  2⤵
  PID:9040
- C:\Windows\System\rZXTBiD.exe
  C:\Windows\System\rZXTBiD.exe
  2⤵
  PID:9156
- C:\Windows\System\ofJuhhp.exe
  C:\Windows\System\ofJuhhp.exe
  2⤵
  PID:8260
- C:\Windows\System\hxVlKya.exe
  C:\Windows\System\hxVlKya.exe
  2⤵
  PID:8708
- C:\Windows\System\ABwCSfm.exe
  C:\Windows\System\ABwCSfm.exe
  2⤵
  PID:8844
- C:\Windows\System\iRZqmzy.exe
  C:\Windows\System\iRZqmzy.exe
  2⤵
  PID:9104
- C:\Windows\System\tAlOUQt.exe
  C:\Windows\System\tAlOUQt.exe
  2⤵
  PID:8632
- C:\Windows\System\SlbQYhu.exe
  C:\Windows\System\SlbQYhu.exe
  2⤵
  PID:3300
- C:\Windows\System\IFmpAZm.exe
  C:\Windows\System\IFmpAZm.exe
  2⤵
  PID:9196
- C:\Windows\System\fWkNfgv.exe
  C:\Windows\System\fWkNfgv.exe
  2⤵
  PID:8448
- C:\Windows\System\DZoFsSa.exe
  C:\Windows\System\DZoFsSa.exe
  2⤵
  PID:9248
- C:\Windows\System\TEFlkKX.exe
  C:\Windows\System\TEFlkKX.exe
  2⤵
  PID:9280
- C:\Windows\System\mAEjOYv.exe
  C:\Windows\System\mAEjOYv.exe
  2⤵
  PID:9312
- C:\Windows\System\FipPETm.exe
  C:\Windows\System\FipPETm.exe
  2⤵
  PID:9344
- C:\Windows\System\HbRUnjD.exe
  C:\Windows\System\HbRUnjD.exe
  2⤵
  PID:9376
- C:\Windows\System\BrRuyoj.exe
  C:\Windows\System\BrRuyoj.exe
  2⤵
  PID:9408
- C:\Windows\System\tCDXwts.exe
  C:\Windows\System\tCDXwts.exe
  2⤵
  PID:9440
- C:\Windows\System\IAAtTgU.exe
  C:\Windows\System\IAAtTgU.exe
  2⤵
  PID:9480
- C:\Windows\System\UUtVJYw.exe
  C:\Windows\System\UUtVJYw.exe
  2⤵
  PID:9504
- C:\Windows\System\ClKRiEM.exe
  C:\Windows\System\ClKRiEM.exe
  2⤵
  PID:9536
- C:\Windows\System\BVNRCpr.exe
  C:\Windows\System\BVNRCpr.exe
  2⤵
  PID:9568
- C:\Windows\System\EwFSiFM.exe
  C:\Windows\System\EwFSiFM.exe
  2⤵
  PID:9600
- C:\Windows\System\lbAaiYz.exe
  C:\Windows\System\lbAaiYz.exe
  2⤵
  PID:9632
- C:\Windows\System\sUskeoA.exe
  C:\Windows\System\sUskeoA.exe
  2⤵
  PID:9672
- C:\Windows\System\miOpoKe.exe
  C:\Windows\System\miOpoKe.exe
  2⤵
  PID:9696
- C:\Windows\System\ktSBBzb.exe
  C:\Windows\System\ktSBBzb.exe
  2⤵
  PID:9728
- C:\Windows\System\reYSpfQ.exe
  C:\Windows\System\reYSpfQ.exe
  2⤵
  PID:9760
- C:\Windows\System\gwprzBk.exe
  C:\Windows\System\gwprzBk.exe
  2⤵
  PID:9792
- C:\Windows\System\JaGElnK.exe
  C:\Windows\System\JaGElnK.exe
  2⤵
  PID:9824
- C:\Windows\System\rwSlAuP.exe
  C:\Windows\System\rwSlAuP.exe
  2⤵
  PID:9856
- C:\Windows\System\aeSnLKB.exe
  C:\Windows\System\aeSnLKB.exe
  2⤵
  PID:9888
- C:\Windows\System\Upcidne.exe
  C:\Windows\System\Upcidne.exe
  2⤵
  PID:9920
- C:\Windows\System\uRlGXoD.exe
  C:\Windows\System\uRlGXoD.exe
  2⤵
  PID:9952
- C:\Windows\System\deVXuVj.exe
  C:\Windows\System\deVXuVj.exe
  2⤵
  PID:9984
- C:\Windows\System\GwXWbjG.exe
  C:\Windows\System\GwXWbjG.exe
  2⤵
  PID:10016
- C:\Windows\System\OWKwOut.exe
  C:\Windows\System\OWKwOut.exe
  2⤵
  PID:10056
- C:\Windows\System\McGHAhf.exe
  C:\Windows\System\McGHAhf.exe
  2⤵
  PID:10084
- C:\Windows\System\baAdneC.exe
  C:\Windows\System\baAdneC.exe
  2⤵
  PID:10116
- C:\Windows\System\jUNrcbp.exe
  C:\Windows\System\jUNrcbp.exe
  2⤵
  PID:10148
- C:\Windows\System\vffBuKz.exe
  C:\Windows\System\vffBuKz.exe
  2⤵
  PID:10180
- C:\Windows\System\mBnKhiU.exe
  C:\Windows\System\mBnKhiU.exe
  2⤵
  PID:10212
- C:\Windows\System\mDXeaYI.exe
  C:\Windows\System\mDXeaYI.exe
  2⤵
  PID:9228
- C:\Windows\System\OOAIhgM.exe
  C:\Windows\System\OOAIhgM.exe
  2⤵
  PID:9292
- C:\Windows\System\xsqbOwU.exe
  C:\Windows\System\xsqbOwU.exe
  2⤵
  PID:9368
- C:\Windows\System\DNsENNq.exe
  C:\Windows\System\DNsENNq.exe
  2⤵
  PID:9424
- C:\Windows\System\RFupGrE.exe
  C:\Windows\System\RFupGrE.exe
  2⤵
  PID:9492
- C:\Windows\System\djsjmfH.exe
  C:\Windows\System\djsjmfH.exe
  2⤵
  PID:9552
- C:\Windows\System\PWlhYAV.exe
  C:\Windows\System\PWlhYAV.exe
  2⤵
  PID:9616
- C:\Windows\System\fEHLHAA.exe
  C:\Windows\System\fEHLHAA.exe
  2⤵
  PID:9684
- C:\Windows\System\nWUCEHX.exe
  C:\Windows\System\nWUCEHX.exe
  2⤵
  PID:9744
- C:\Windows\System\HDIKeXz.exe
  C:\Windows\System\HDIKeXz.exe
  2⤵
  PID:9808
- C:\Windows\System\mqRAgYR.exe
  C:\Windows\System\mqRAgYR.exe
  2⤵
  PID:9872
- C:\Windows\System\PSrVWQF.exe
  C:\Windows\System\PSrVWQF.exe
  2⤵
  PID:9936
- C:\Windows\System\OrtvFlL.exe
  C:\Windows\System\OrtvFlL.exe
  2⤵
  PID:10000
- C:\Windows\System\SyNeIjQ.exe
  C:\Windows\System\SyNeIjQ.exe
  2⤵
  PID:10068
- C:\Windows\System\SARTHOA.exe
  C:\Windows\System\SARTHOA.exe
  2⤵
  PID:10128
- C:\Windows\System\DrFSYIs.exe
  C:\Windows\System\DrFSYIs.exe
  2⤵
  PID:10172
- C:\Windows\System\jDePiWi.exe
  C:\Windows\System\jDePiWi.exe
  2⤵
  PID:10236
- C:\Windows\System\pfqXnLx.exe
  C:\Windows\System\pfqXnLx.exe
  2⤵
  PID:9328
- C:\Windows\System\WhMEdeB.exe
  C:\Windows\System\WhMEdeB.exe
  2⤵
  PID:9468
- C:\Windows\System\adtkosY.exe
  C:\Windows\System\adtkosY.exe
  2⤵
  PID:9596
- C:\Windows\System\VchfYRT.exe
  C:\Windows\System\VchfYRT.exe
  2⤵
  PID:9772
- C:\Windows\System\fzKbCtn.exe
  C:\Windows\System\fzKbCtn.exe
  2⤵
  PID:9852
- C:\Windows\System\bnZBqES.exe
  C:\Windows\System\bnZBqES.exe
  2⤵
  PID:9980
- C:\Windows\System\bWSYYZq.exe
  C:\Windows\System\bWSYYZq.exe
  2⤵
  PID:10108
- C:\Windows\System\LaEaljG.exe
  C:\Windows\System\LaEaljG.exe
  2⤵
  PID:10224
- C:\Windows\System\SryiswK.exe
  C:\Windows\System\SryiswK.exe
  2⤵
  PID:9452
- C:\Windows\System\woqhNoE.exe
  C:\Windows\System\woqhNoE.exe
  2⤵
  PID:9840
- C:\Windows\System\UiQNzvG.exe
  C:\Windows\System\UiQNzvG.exe
  2⤵
  PID:9968
- C:\Windows\System\MwewMkB.exe
  C:\Windows\System\MwewMkB.exe
  2⤵
  PID:9404
- C:\Windows\System\tuePdgI.exe
  C:\Windows\System\tuePdgI.exe
  2⤵
  PID:9712
- C:\Windows\System\BwVNOLF.exe
  C:\Windows\System\BwVNOLF.exe
  2⤵
  PID:9392
- C:\Windows\System\RGTXero.exe
  C:\Windows\System\RGTXero.exe
  2⤵
  PID:10164
- C:\Windows\System\KXcnbQC.exe
  C:\Windows\System\KXcnbQC.exe
  2⤵
  PID:10256
- C:\Windows\System\UbOZqet.exe
  C:\Windows\System\UbOZqet.exe
  2⤵
  PID:10288
- C:\Windows\System\CADzGvI.exe
  C:\Windows\System\CADzGvI.exe
  2⤵
  PID:10320
- C:\Windows\System\nILeqev.exe
  C:\Windows\System\nILeqev.exe
  2⤵
  PID:10352
- C:\Windows\System\mzwrtuo.exe
  C:\Windows\System\mzwrtuo.exe
  2⤵
  PID:10384
- C:\Windows\System\LmWtVuP.exe
  C:\Windows\System\LmWtVuP.exe
  2⤵
  PID:10416
- C:\Windows\System\ZGaXcCP.exe
  C:\Windows\System\ZGaXcCP.exe
  2⤵
  PID:10448
- C:\Windows\System\OoNOCGM.exe
  C:\Windows\System\OoNOCGM.exe
  2⤵
  PID:10480
- C:\Windows\System\sEwEySQ.exe
  C:\Windows\System\sEwEySQ.exe
  2⤵
  PID:10512
- C:\Windows\System\trEViMR.exe
  C:\Windows\System\trEViMR.exe
  2⤵
  PID:10544
- C:\Windows\System\fvkCCPu.exe
  C:\Windows\System\fvkCCPu.exe
  2⤵
  PID:10576
- C:\Windows\System\xlvgllH.exe
  C:\Windows\System\xlvgllH.exe
  2⤵
  PID:10612
- C:\Windows\System\cuSBAcK.exe
  C:\Windows\System\cuSBAcK.exe
  2⤵
  PID:10640
- C:\Windows\System\RgMLuXX.exe
  C:\Windows\System\RgMLuXX.exe
  2⤵
  PID:10672
- C:\Windows\System\eVHQZtb.exe
  C:\Windows\System\eVHQZtb.exe
  2⤵
  PID:10704
- C:\Windows\System\kNKtWCy.exe
  C:\Windows\System\kNKtWCy.exe
  2⤵
  PID:10736
- C:\Windows\System\seqownN.exe
  C:\Windows\System\seqownN.exe
  2⤵
  PID:10768
- C:\Windows\System\UZMXJgc.exe
  C:\Windows\System\UZMXJgc.exe
  2⤵
  PID:10784
- C:\Windows\System\MTWNNxv.exe
  C:\Windows\System\MTWNNxv.exe
  2⤵
  PID:10832
- C:\Windows\System\pFvvnHi.exe
  C:\Windows\System\pFvvnHi.exe
  2⤵
  PID:10864
- C:\Windows\System\jsFKSyI.exe
  C:\Windows\System\jsFKSyI.exe
  2⤵
  PID:10896
- C:\Windows\System\sJXZhiT.exe
  C:\Windows\System\sJXZhiT.exe
  2⤵
  PID:10928
- C:\Windows\System\ymmeDyl.exe
  C:\Windows\System\ymmeDyl.exe
  2⤵
  PID:10964
- C:\Windows\System\PjRjLKY.exe
  C:\Windows\System\PjRjLKY.exe
  2⤵
  PID:10992
- C:\Windows\System\TYVIKQi.exe
  C:\Windows\System\TYVIKQi.exe
  2⤵
  PID:11024
- C:\Windows\System\oIBWTRp.exe
  C:\Windows\System\oIBWTRp.exe
  2⤵
  PID:11056
- C:\Windows\System\RmXclOI.exe
  C:\Windows\System\RmXclOI.exe
  2⤵
  PID:11088
- C:\Windows\System\aJtAoeK.exe
  C:\Windows\System\aJtAoeK.exe
  2⤵
  PID:11120
- C:\Windows\System\HBDBYbt.exe
  C:\Windows\System\HBDBYbt.exe
  2⤵
  PID:11160
- C:\Windows\System\yihmZks.exe
  C:\Windows\System\yihmZks.exe
  2⤵
  PID:11184
- C:\Windows\System\GXKGpjw.exe
  C:\Windows\System\GXKGpjw.exe
  2⤵
  PID:11216
- C:\Windows\System\LfcggeD.exe
  C:\Windows\System\LfcggeD.exe
  2⤵
  PID:11248
- C:\Windows\System\uzwUHPW.exe
  C:\Windows\System\uzwUHPW.exe
  2⤵
  PID:10268
- C:\Windows\System\ljhSxoS.exe
  C:\Windows\System\ljhSxoS.exe
  2⤵
  PID:10336
- C:\Windows\System\dTRfDKP.exe
  C:\Windows\System\dTRfDKP.exe
  2⤵
  PID:10396
- C:\Windows\System\UfQReuM.exe
  C:\Windows\System\UfQReuM.exe
  2⤵
  PID:10460
- C:\Windows\System\KDhtsJm.exe
  C:\Windows\System\KDhtsJm.exe
  2⤵
  PID:10528
- C:\Windows\System\aZHYKSJ.exe
  C:\Windows\System\aZHYKSJ.exe
  2⤵
  PID:10588
- C:\Windows\System\JFSphKe.exe
  C:\Windows\System\JFSphKe.exe
  2⤵
  PID:10656
- C:\Windows\System\WRbhURD.exe
  C:\Windows\System\WRbhURD.exe
  2⤵
  PID:10720
- C:\Windows\System\tXXYfNs.exe
  C:\Windows\System\tXXYfNs.exe
  2⤵
  PID:10780
- C:\Windows\System\DAPDTFd.exe
  C:\Windows\System\DAPDTFd.exe
  2⤵
  PID:10848
- C:\Windows\System\vCDRhIE.exe
  C:\Windows\System\vCDRhIE.exe
  2⤵
  PID:10912
- C:\Windows\System\CPRCBpJ.exe
  C:\Windows\System\CPRCBpJ.exe
  2⤵
  PID:10976
- C:\Windows\System\AdQvVMQ.exe
  C:\Windows\System\AdQvVMQ.exe
  2⤵
  PID:11040
- C:\Windows\System\RvMqMAY.exe
  C:\Windows\System\RvMqMAY.exe
  2⤵
  PID:11100
- C:\Windows\System\wLicUVd.exe
  C:\Windows\System\wLicUVd.exe
  2⤵
  PID:11172
- C:\Windows\System\BzeSmCI.exe
  C:\Windows\System\BzeSmCI.exe
  2⤵
  PID:11228
- C:\Windows\System\svLLnWq.exe
  C:\Windows\System\svLLnWq.exe
  2⤵
  PID:10300
- C:\Windows\System\cJNSKsc.exe
  C:\Windows\System\cJNSKsc.exe
  2⤵
  PID:10432
- C:\Windows\System\jGjwNDT.exe
  C:\Windows\System\jGjwNDT.exe
  2⤵
  PID:10556
- C:\Windows\System\iNaJzjm.exe
  C:\Windows\System\iNaJzjm.exe
  2⤵
  PID:10652
- C:\Windows\System\BJwfuQV.exe
  C:\Windows\System\BJwfuQV.exe
  2⤵
  PID:10824
- C:\Windows\System\upMOxhr.exe
  C:\Windows\System\upMOxhr.exe
  2⤵
  PID:10944
- C:\Windows\System\rhfHARK.exe
  C:\Windows\System\rhfHARK.exe
  2⤵
  PID:11072
- C:\Windows\System\WEYzeHC.exe
  C:\Windows\System\WEYzeHC.exe
  2⤵
  PID:11200
- C:\Windows\System\DMHWhcy.exe
  C:\Windows\System\DMHWhcy.exe
  2⤵
  PID:10368
- C:\Windows\System\zkAiVUO.exe
  C:\Windows\System\zkAiVUO.exe
  2⤵
  PID:10624
- C:\Windows\System\llWylSt.exe
  C:\Windows\System\llWylSt.exe
  2⤵
  PID:10880
- C:\Windows\System\xgaRWet.exe
  C:\Windows\System\xgaRWet.exe
  2⤵
  PID:11136
- C:\Windows\System\ybAePNq.exe
  C:\Windows\System\ybAePNq.exe
  2⤵
  PID:10504
- C:\Windows\System\GAilyPT.exe
  C:\Windows\System\GAilyPT.exe
  2⤵
  PID:11008
- C:\Windows\System\gSxoTXQ.exe
  C:\Windows\System\gSxoTXQ.exe
  2⤵
  PID:10752
- C:\Windows\System\SSNwyxA.exe
  C:\Windows\System\SSNwyxA.exe
  2⤵
  PID:10372
- C:\Windows\System\eNvudvO.exe
  C:\Windows\System\eNvudvO.exe
  2⤵
  PID:11288
- C:\Windows\System\ZzYXtTK.exe
  C:\Windows\System\ZzYXtTK.exe
  2⤵
  PID:11320
- C:\Windows\System\vOERFFm.exe
  C:\Windows\System\vOERFFm.exe
  2⤵
  PID:11356
- C:\Windows\System\VVUkpRL.exe
  C:\Windows\System\VVUkpRL.exe
  2⤵
  PID:11388
- C:\Windows\System\niyWffH.exe
  C:\Windows\System\niyWffH.exe
  2⤵
  PID:11420
- C:\Windows\System\tqKPqFc.exe
  C:\Windows\System\tqKPqFc.exe
  2⤵
  PID:11452
- C:\Windows\System\RDKiVWM.exe
  C:\Windows\System\RDKiVWM.exe
  2⤵
  PID:11484
- C:\Windows\System\eQjBEfL.exe
  C:\Windows\System\eQjBEfL.exe
  2⤵
  PID:11516
- C:\Windows\System\shKFYep.exe
  C:\Windows\System\shKFYep.exe
  2⤵
  PID:11548
- C:\Windows\System\NNPCcsd.exe
  C:\Windows\System\NNPCcsd.exe
  2⤵
  PID:11580
- C:\Windows\System\UguMUZK.exe
  C:\Windows\System\UguMUZK.exe
  2⤵
  PID:11612
- C:\Windows\System\bWnYvjr.exe
  C:\Windows\System\bWnYvjr.exe
  2⤵
  PID:11644
- C:\Windows\System\zTImIBG.exe
  C:\Windows\System\zTImIBG.exe
  2⤵
  PID:11676
- C:\Windows\System\KqHeCyg.exe
  C:\Windows\System\KqHeCyg.exe
  2⤵
  PID:11708
- C:\Windows\System\tepOHwy.exe
  C:\Windows\System\tepOHwy.exe
  2⤵
  PID:11740
- C:\Windows\System\mmfVhLs.exe
  C:\Windows\System\mmfVhLs.exe
  2⤵
  PID:11772
- C:\Windows\System\uVEhfrT.exe
  C:\Windows\System\uVEhfrT.exe
  2⤵
  PID:11804
- C:\Windows\System\EaEMSKy.exe
  C:\Windows\System\EaEMSKy.exe
  2⤵
  PID:11836
- C:\Windows\System\jvYaMfc.exe
  C:\Windows\System\jvYaMfc.exe
  2⤵
  PID:11872
- C:\Windows\System\WLKUsxt.exe
  C:\Windows\System\WLKUsxt.exe
  2⤵
  PID:11900
- C:\Windows\System\jDFGNuH.exe
  C:\Windows\System\jDFGNuH.exe
  2⤵
  PID:11932
- C:\Windows\System\LhOpSVC.exe
  C:\Windows\System\LhOpSVC.exe
  2⤵
  PID:11964
- C:\Windows\System\FvTPVQx.exe
  C:\Windows\System\FvTPVQx.exe
  2⤵
  PID:11996
- C:\Windows\System\fptkbRL.exe
  C:\Windows\System\fptkbRL.exe
  2⤵
  PID:12028
- C:\Windows\System\CGDPpGC.exe
  C:\Windows\System\CGDPpGC.exe
  2⤵
  PID:12060
- C:\Windows\System\cvbiYPe.exe
  C:\Windows\System\cvbiYPe.exe
  2⤵
  PID:12092
- C:\Windows\System\iwAUGPu.exe
  C:\Windows\System\iwAUGPu.exe
  2⤵
  PID:12124
- C:\Windows\System\SnCzIml.exe
  C:\Windows\System\SnCzIml.exe
  2⤵
  PID:12156
- C:\Windows\System\mCbRKtN.exe
  C:\Windows\System\mCbRKtN.exe
  2⤵
  PID:12188
- C:\Windows\System\hZEvZpb.exe
  C:\Windows\System\hZEvZpb.exe
  2⤵
  PID:12220
- C:\Windows\System\DZzGffR.exe
  C:\Windows\System\DZzGffR.exe
  2⤵
  PID:12252
- C:\Windows\System\TbOVULs.exe
  C:\Windows\System\TbOVULs.exe
  2⤵
  PID:12284
- C:\Windows\System\PvINzuI.exe
  C:\Windows\System\PvINzuI.exe
  2⤵
  PID:11316
- C:\Windows\System\zjdmGVm.exe
  C:\Windows\System\zjdmGVm.exe
  2⤵
  PID:11352
- C:\Windows\System\MxdDsQZ.exe
  C:\Windows\System\MxdDsQZ.exe
  2⤵
  PID:11436
- C:\Windows\System\qOvzzVK.exe
  C:\Windows\System\qOvzzVK.exe
  2⤵
  PID:11532
- C:\Windows\System\PYvQLUD.exe
  C:\Windows\System\PYvQLUD.exe
  2⤵
  PID:11624
- C:\Windows\System\lLQncTI.exe
  C:\Windows\System\lLQncTI.exe
  2⤵
  PID:11640
- C:\Windows\System\dmJmyLS.exe
  C:\Windows\System\dmJmyLS.exe
  2⤵
  PID:11724
- C:\Windows\System\DVTRhDY.exe
  C:\Windows\System\DVTRhDY.exe
  2⤵
  PID:11788
- C:\Windows\System\YEIcFfg.exe
  C:\Windows\System\YEIcFfg.exe
  2⤵
  PID:11856
- C:\Windows\System\XbyHqQh.exe
  C:\Windows\System\XbyHqQh.exe
  2⤵
  PID:11896
- C:\Windows\System\XMRajRS.exe
  C:\Windows\System\XMRajRS.exe
  2⤵
  PID:11960
- C:\Windows\System\qUYxjBa.exe
  C:\Windows\System\qUYxjBa.exe
  2⤵
  PID:12024
- C:\Windows\System\BNgWvxL.exe
  C:\Windows\System\BNgWvxL.exe
  2⤵
  PID:12088
- C:\Windows\System\lVlHvQB.exe
  C:\Windows\System\lVlHvQB.exe
  2⤵
  PID:12148
- C:\Windows\System\UOIfsAL.exe
  C:\Windows\System\UOIfsAL.exe
  2⤵
  PID:12212
- C:\Windows\System\CRuuGtD.exe
  C:\Windows\System\CRuuGtD.exe
  2⤵
  PID:12276
- C:\Windows\System\CHmlPJa.exe
  C:\Windows\System\CHmlPJa.exe
  2⤵
  PID:11380
- C:\Windows\System\ChPhmiV.exe
  C:\Windows\System\ChPhmiV.exe
  2⤵
  PID:11480
- C:\Windows\System\gyLsPYf.exe
  C:\Windows\System\gyLsPYf.exe
  2⤵
  PID:11636
- C:\Windows\System\kDyWmJI.exe
  C:\Windows\System\kDyWmJI.exe
  2⤵
  PID:11764
- C:\Windows\System\lGckeGZ.exe
  C:\Windows\System\lGckeGZ.exe
  2⤵
  PID:11884
- C:\Windows\System\GzxCUfk.exe
  C:\Windows\System\GzxCUfk.exe
  2⤵
  PID:12008
- C:\Windows\System\NaefJYe.exe
  C:\Windows\System\NaefJYe.exe
  2⤵
  PID:12136
- C:\Windows\System\sxTCyzE.exe
  C:\Windows\System\sxTCyzE.exe
  2⤵
  PID:12268
- C:\Windows\System\USZcPHW.exe
  C:\Windows\System\USZcPHW.exe
  2⤵
  PID:11340
- C:\Windows\System\UxqlvlQ.exe
  C:\Windows\System\UxqlvlQ.exe
  2⤵
  PID:11752
- C:\Windows\System\uVbxiCg.exe
  C:\Windows\System\uVbxiCg.exe
  2⤵
  PID:11992
- C:\Windows\System\wDeGdfo.exe
  C:\Windows\System\wDeGdfo.exe
  2⤵
  PID:12244
- C:\Windows\System\qTdTTqe.exe
  C:\Windows\System\qTdTTqe.exe
  2⤵
  PID:11700
- C:\Windows\System\kXAFOVj.exe
  C:\Windows\System\kXAFOVj.exe
  2⤵
  PID:11284
- C:\Windows\System\hqvoXuk.exe
  C:\Windows\System\hqvoXuk.exe
  2⤵
  PID:11928
- C:\Windows\System\OQOtbsb.exe
  C:\Windows\System\OQOtbsb.exe
  2⤵
  PID:11508
- C:\Windows\System\ocrPLcq.exe
  C:\Windows\System\ocrPLcq.exe
  2⤵
  PID:12320
- C:\Windows\System\AqLmhUG.exe
  C:\Windows\System\AqLmhUG.exe
  2⤵
  PID:12352
- C:\Windows\System\UXmKpcr.exe
  C:\Windows\System\UXmKpcr.exe
  2⤵
  PID:12384
- C:\Windows\System\zGkXosf.exe
  C:\Windows\System\zGkXosf.exe
  2⤵
  PID:12416
- C:\Windows\System\UEAeKAV.exe
  C:\Windows\System\UEAeKAV.exe
  2⤵
  PID:12448
- C:\Windows\System\sjwTCmI.exe
  C:\Windows\System\sjwTCmI.exe
  2⤵
  PID:12480
- C:\Windows\System\LjIqVkd.exe
  C:\Windows\System\LjIqVkd.exe
  2⤵
  PID:12512
- C:\Windows\System\GvqoEOr.exe
  C:\Windows\System\GvqoEOr.exe
  2⤵
  PID:12544
- C:\Windows\System\qfuzRka.exe
  C:\Windows\System\qfuzRka.exe
  2⤵
  PID:12576
- C:\Windows\System\whiOGJC.exe
  C:\Windows\System\whiOGJC.exe
  2⤵
  PID:12608
- C:\Windows\System\EfYIOJE.exe
  C:\Windows\System\EfYIOJE.exe
  2⤵
  PID:12640
- C:\Windows\System\BoGWxAk.exe
  C:\Windows\System\BoGWxAk.exe
  2⤵
  PID:12672
- C:\Windows\System\NPCUgFI.exe
  C:\Windows\System\NPCUgFI.exe
  2⤵
  PID:12704
- C:\Windows\System\RozedTk.exe
  C:\Windows\System\RozedTk.exe
  2⤵
  PID:12736
- C:\Windows\System\hrUCthG.exe
  C:\Windows\System\hrUCthG.exe
  2⤵
  PID:12768
- C:\Windows\System\fBUBxIk.exe
  C:\Windows\System\fBUBxIk.exe
  2⤵
  PID:12800
- C:\Windows\System\MnkPYpF.exe
  C:\Windows\System\MnkPYpF.exe
  2⤵
  PID:12832
- C:\Windows\System\ECpYFpF.exe
  C:\Windows\System\ECpYFpF.exe
  2⤵
  PID:12864
- C:\Windows\System\ePpohof.exe
  C:\Windows\System\ePpohof.exe
  2⤵
  PID:12896
- C:\Windows\System\gPfnYLe.exe
  C:\Windows\System\gPfnYLe.exe
  2⤵
  PID:12928
- C:\Windows\System\WVoSOww.exe
  C:\Windows\System\WVoSOww.exe
  2⤵
  PID:12960
- C:\Windows\System\neYOqjM.exe
  C:\Windows\System\neYOqjM.exe
  2⤵
  PID:12992
- C:\Windows\System\OxZxywR.exe
  C:\Windows\System\OxZxywR.exe
  2⤵
  PID:13028
- C:\Windows\System\fkNUVYk.exe
  C:\Windows\System\fkNUVYk.exe
  2⤵
  PID:13084
- C:\Windows\System\SgIAjWt.exe
  C:\Windows\System\SgIAjWt.exe
  2⤵
  PID:13140
- C:\Windows\System\odpZOSs.exe
  C:\Windows\System\odpZOSs.exe
  2⤵
  PID:13176
- C:\Windows\System\mKFIUZm.exe
  C:\Windows\System\mKFIUZm.exe
  2⤵
  PID:13208
- C:\Windows\System\vyBrWdB.exe
  C:\Windows\System\vyBrWdB.exe
  2⤵
  PID:13240
- C:\Windows\System\gSvwxmU.exe
  C:\Windows\System\gSvwxmU.exe
  2⤵
  PID:13272
- C:\Windows\System\KkFeVji.exe
  C:\Windows\System\KkFeVji.exe
  2⤵
  PID:12312
- C:\Windows\System\AGebdNr.exe
  C:\Windows\System\AGebdNr.exe
  2⤵
  PID:12396
- C:\Windows\System\SbDmxkk.exe
  C:\Windows\System\SbDmxkk.exe
  2⤵
  PID:12508
- C:\Windows\System\FklWWPa.exe
  C:\Windows\System\FklWWPa.exe
  2⤵
  PID:12636
- C:\Windows\System\YFtqdDZ.exe
  C:\Windows\System\YFtqdDZ.exe
  2⤵
  PID:12720
- C:\Windows\System\CtoannM.exe
  C:\Windows\System\CtoannM.exe
  2⤵
  PID:12784
- C:\Windows\System\hqLbnHE.exe
  C:\Windows\System\hqLbnHE.exe
  2⤵
  PID:12848
- C:\Windows\System\SrCreXN.exe
  C:\Windows\System\SrCreXN.exe
  2⤵
  PID:12912
- C:\Windows\System\UiLzOIC.exe
  C:\Windows\System\UiLzOIC.exe
  2⤵
  PID:12980
- C:\Windows\System\hHONNLL.exe
  C:\Windows\System\hHONNLL.exe
  2⤵
  PID:13020
- C:\Windows\System\Qzrezac.exe
  C:\Windows\System\Qzrezac.exe
  2⤵
  PID:1944
- C:\Windows\System\VavNujJ.exe
  C:\Windows\System\VavNujJ.exe
  2⤵
  PID:13136
- C:\Windows\System\FgRzdzL.exe
  C:\Windows\System\FgRzdzL.exe
  2⤵
  PID:13204
- C:\Windows\System\qBzSeLF.exe
  C:\Windows\System\qBzSeLF.exe
  2⤵
  PID:13236
- C:\Windows\System\syueAnK.exe
  C:\Windows\System\syueAnK.exe
  2⤵
  PID:12300
- C:\Windows\System\ZQIqrWI.exe
  C:\Windows\System\ZQIqrWI.exe
  2⤵
  PID:12380
- C:\Windows\System\CQNeaKR.exe
  C:\Windows\System\CQNeaKR.exe
  2⤵
  PID:12724
- C:\Windows\System\xaBLftg.exe
  C:\Windows\System\xaBLftg.exe
  2⤵
  PID:12812
- C:\Windows\System\fyvqOsA.exe
  C:\Windows\System\fyvqOsA.exe
  2⤵
  PID:12944
- C:\Windows\System\BxnISLy.exe
  C:\Windows\System\BxnISLy.exe
  2⤵
  PID:13036
- C:\Windows\System\GodLXFU.exe
  C:\Windows\System\GodLXFU.exe
  2⤵
  PID:13200
- C:\Windows\System\sZPvqGl.exe
  C:\Windows\System\sZPvqGl.exe
  2⤵
  PID:12364
- C:\Windows\System\GQMFjeW.exe
  C:\Windows\System\GQMFjeW.exe
  2⤵
  PID:12540
- C:\Windows\System\nBbfTqH.exe
  C:\Windows\System\nBbfTqH.exe
  2⤵
  PID:12940
- C:\Windows\System\DOHUJQI.exe
  C:\Windows\System\DOHUJQI.exe
  2⤵
  PID:13192
- C:\Windows\System\AgYlmBu.exe
  C:\Windows\System\AgYlmBu.exe
  2⤵
  PID:12752
- C:\Windows\System\YsFIqio.exe
  C:\Windows\System\YsFIqio.exe
  2⤵
  PID:13080
- C:\Windows\System\TZQoVcx.exe
  C:\Windows\System\TZQoVcx.exe
  2⤵
  PID:12816
- C:\Windows\System\HoFYZuE.exe
  C:\Windows\System\HoFYZuE.exe
  2⤵
  PID:2968
- C:\Windows\System\qjYtcFc.exe
  C:\Windows\System\qjYtcFc.exe
  2⤵
  PID:13328
- C:\Windows\System\TmIBbPv.exe
  C:\Windows\System\TmIBbPv.exe
  2⤵
  PID:13344
- C:\Windows\System\evzwBFT.exe
  C:\Windows\System\evzwBFT.exe
  2⤵
  PID:13376
- C:\Windows\System\zDoqRNm.exe
  C:\Windows\System\zDoqRNm.exe
  2⤵
  PID:13408
- C:\Windows\System\cODmOoX.exe
  C:\Windows\System\cODmOoX.exe
  2⤵
  PID:13444
- C:\Windows\System\hwcqVQn.exe
  C:\Windows\System\hwcqVQn.exe
  2⤵
  PID:13476
- C:\Windows\System\uHiqEcG.exe
  C:\Windows\System\uHiqEcG.exe
  2⤵
  PID:13508
- C:\Windows\System\TQxweSH.exe
  C:\Windows\System\TQxweSH.exe
  2⤵
  PID:13540
- C:\Windows\System\TCUHKTC.exe
  C:\Windows\System\TCUHKTC.exe
  2⤵
  PID:13572
- C:\Windows\System\TYFIVhn.exe
  C:\Windows\System\TYFIVhn.exe
  2⤵
  PID:13588
- C:\Windows\System\LRzkDJY.exe
  C:\Windows\System\LRzkDJY.exe
  2⤵
  PID:13636
- C:\Windows\System\UwAQhlZ.exe
  C:\Windows\System\UwAQhlZ.exe
  2⤵
  PID:13672
- C:\Windows\System\WBxzUBm.exe
  C:\Windows\System\WBxzUBm.exe
  2⤵
  PID:13700
- C:\Windows\System\oRgWJdS.exe
  C:\Windows\System\oRgWJdS.exe
  2⤵
  PID:13732
- C:\Windows\System\pZkbWVT.exe
  C:\Windows\System\pZkbWVT.exe
  2⤵
  PID:13764
- C:\Windows\System\SsZCiCV.exe
  C:\Windows\System\SsZCiCV.exe
  2⤵
  PID:13800
- C:\Windows\System\uhmNehw.exe
  C:\Windows\System\uhmNehw.exe
  2⤵
  PID:13832
- C:\Windows\System\hOnuNww.exe
  C:\Windows\System\hOnuNww.exe
  2⤵
  PID:13864
- C:\Windows\System\zpDkKjQ.exe
  C:\Windows\System\zpDkKjQ.exe
  2⤵
  PID:13896
- C:\Windows\System\QPyEnHw.exe
  C:\Windows\System\QPyEnHw.exe
  2⤵
  PID:13928
- C:\Windows\System\HSqbqiW.exe
  C:\Windows\System\HSqbqiW.exe
  2⤵
  PID:13964
- C:\Windows\System\OgoNCui.exe
  C:\Windows\System\OgoNCui.exe
  2⤵
  PID:13992
- C:\Windows\System\UzqzBOP.exe
  C:\Windows\System\UzqzBOP.exe
  2⤵
  PID:14024
- C:\Windows\System\uYREMEj.exe
  C:\Windows\System\uYREMEj.exe
  2⤵
  PID:14056
- C:\Windows\System\LtXFuTV.exe
  C:\Windows\System\LtXFuTV.exe
  2⤵
  PID:14088
- C:\Windows\System\njKPLau.exe
  C:\Windows\System\njKPLau.exe
  2⤵
  PID:14120
- C:\Windows\System\gNAWrxD.exe
  C:\Windows\System\gNAWrxD.exe
  2⤵
  PID:14152
- C:\Windows\System\kTbFhPX.exe
  C:\Windows\System\kTbFhPX.exe
  2⤵
  PID:14184
- C:\Windows\System\DsClNnp.exe
  C:\Windows\System\DsClNnp.exe
  2⤵
  PID:14216
- C:\Windows\System\xnGghRb.exe
  C:\Windows\System\xnGghRb.exe
  2⤵
  PID:14248
- C:\Windows\System\TsDjMxJ.exe
  C:\Windows\System\TsDjMxJ.exe
  2⤵
  PID:14280
- C:\Windows\System\zikfRNZ.exe
  C:\Windows\System\zikfRNZ.exe
  2⤵
  PID:14312
- C:\Windows\System\mhmXivI.exe
  C:\Windows\System\mhmXivI.exe
  2⤵
  PID:2228
- C:\Windows\System\RiuVHCk.exe
  C:\Windows\System\RiuVHCk.exe
  2⤵
  PID:13392
- C:\Windows\System\RFDDQVU.exe
  C:\Windows\System\RFDDQVU.exe
  2⤵
  PID:13460
- C:\Windows\System\wQgGMpi.exe
  C:\Windows\System\wQgGMpi.exe
  2⤵
  PID:4172
- C:\Windows\System\DpXuBCV.exe
  C:\Windows\System\DpXuBCV.exe
  2⤵
  PID:3748
- C:\Windows\System\FshuouZ.exe
  C:\Windows\System\FshuouZ.exe
  2⤵
  PID:4648
- C:\Windows\System\IaBSsao.exe
  C:\Windows\System\IaBSsao.exe
  2⤵
  PID:13624
- C:\Windows\System\wKWStVp.exe
  C:\Windows\System\wKWStVp.exe
  2⤵
  PID:13712
- C:\Windows\System\fogFSrq.exe
  C:\Windows\System\fogFSrq.exe
  2⤵
  PID:13776
- C:\Windows\System\lqiwqbC.exe
  C:\Windows\System\lqiwqbC.exe
  2⤵
  PID:13812
- C:\Windows\System\VxANzTW.exe
  C:\Windows\System\VxANzTW.exe
  2⤵
  PID:13888
- C:\Windows\System\FZEiHLN.exe
  C:\Windows\System\FZEiHLN.exe
  2⤵
  PID:13952
- C:\Windows\System\fZFqsmQ.exe
  C:\Windows\System\fZFqsmQ.exe
  2⤵
  PID:14008
- C:\Windows\System\loUWWxq.exe
  C:\Windows\System\loUWWxq.exe
  2⤵
  PID:14072
- C:\Windows\System\SQAsGZq.exe
  C:\Windows\System\SQAsGZq.exe
  2⤵
  PID:14112
- C:\Windows\System\nkAvmeA.exe
  C:\Windows\System\nkAvmeA.exe
  2⤵
  PID:14176
- C:\Windows\System\sJpbSKi.exe
  C:\Windows\System\sJpbSKi.exe
  2⤵
  PID:14228
- C:\Windows\System\CNxpIoS.exe
  C:\Windows\System\CNxpIoS.exe
  2⤵
  PID:14296
- C:\Windows\System\YhkYHMn.exe
  C:\Windows\System\YhkYHMn.exe
  2⤵
  PID:13340
- C:\Windows\System\czWrnrl.exe
  C:\Windows\System\czWrnrl.exe
  2⤵
  PID:3024
- C:\Windows\System\HnwpREm.exe
  C:\Windows\System\HnwpREm.exe
  2⤵
  PID:13556
- C:\Windows\System\CeYtsZI.exe
  C:\Windows\System\CeYtsZI.exe
  2⤵
  PID:13696
- C:\Windows\System\xCyhgbq.exe
  C:\Windows\System\xCyhgbq.exe
  2⤵
  PID:13760
- C:\Windows\System\CucxFlR.exe
  C:\Windows\System\CucxFlR.exe
  2⤵
  PID:13856
- C:\Windows\System\DHjSCVi.exe
  C:\Windows\System\DHjSCVi.exe
  2⤵
  PID:14004
- C:\Windows\System\KDxiElY.exe
  C:\Windows\System\KDxiElY.exe
  2⤵
  PID:14116
- C:\Windows\System\xqrXJCD.exe
  C:\Windows\System\xqrXJCD.exe
  2⤵
  PID:14232
- C:\Windows\System\xmkkCER.exe
  C:\Windows\System\xmkkCER.exe
  2⤵
  PID:13320
- C:\Windows\System\MHYYZZW.exe
  C:\Windows\System\MHYYZZW.exe
  2⤵
  PID:13524
- C:\Windows\System\QdAKgnO.exe
  C:\Windows\System\QdAKgnO.exe
  2⤵
  PID:13756
- C:\Windows\System\SNiNaQx.exe
  C:\Windows\System\SNiNaQx.exe
  2⤵
  PID:13976
- C:\Windows\System\mePPlYi.exe
  C:\Windows\System\mePPlYi.exe
  2⤵
  PID:14200
- C:\Windows\System\xcVcTuD.exe
  C:\Windows\System\xcVcTuD.exe
  2⤵
  PID:13440
- C:\Windows\System\UWsysOP.exe
  C:\Windows\System\UWsysOP.exe
  2⤵
  PID:13924
- C:\Windows\System\xtxhbIP.exe
  C:\Windows\System\xtxhbIP.exe
  2⤵
  PID:13500
- C:\Windows\System\joaxofS.exe
  C:\Windows\System\joaxofS.exe
  2⤵
  PID:14172
- C:\Windows\System\jbGGIgb.exe
  C:\Windows\System\jbGGIgb.exe
  2⤵
  PID:3500
- C:\Windows\System\DziGAoq.exe
  C:\Windows\System\DziGAoq.exe
  2⤵
  PID:14364
- C:\Windows\System\hbziQHO.exe
  C:\Windows\System\hbziQHO.exe
  2⤵
  PID:14396
- C:\Windows\System\tEgeopb.exe
  C:\Windows\System\tEgeopb.exe
  2⤵
  PID:14428
- C:\Windows\System\CRCQkve.exe
  C:\Windows\System\CRCQkve.exe
  2⤵
  PID:14444
- C:\Windows\System\UndKGNX.exe
  C:\Windows\System\UndKGNX.exe
  2⤵
  PID:14476
- C:\Windows\System\RsGLEIm.exe
  C:\Windows\System\RsGLEIm.exe
  2⤵
  PID:14504
- C:\Windows\System\SKaboMq.exe
  C:\Windows\System\SKaboMq.exe
  2⤵
  PID:14536
- C:\Windows\System\THfbyBf.exe
  C:\Windows\System\THfbyBf.exe
  2⤵
  PID:14572
- C:\Windows\System\mNfkvsT.exe
  C:\Windows\System\mNfkvsT.exe
  2⤵
  PID:14608
- C:\Windows\System\VsMltBo.exe
  C:\Windows\System\VsMltBo.exe
  2⤵
  PID:14636
- C:\Windows\System\slVBwsD.exe
  C:\Windows\System\slVBwsD.exe
  2⤵
  PID:14668
- C:\Windows\System\ICYpamP.exe
  C:\Windows\System\ICYpamP.exe
  2⤵
  PID:14700
- C:\Windows\System\CNZPJSt.exe
  C:\Windows\System\CNZPJSt.exe
  2⤵
  PID:14748
- C:\Windows\System\buRZVFW.exe
  C:\Windows\System\buRZVFW.exe
  2⤵
  PID:14780
- C:\Windows\System\pnenkZR.exe
  C:\Windows\System\pnenkZR.exe
  2⤵
  PID:14828
- C:\Windows\System\BtGmCRF.exe
  C:\Windows\System\BtGmCRF.exe
  2⤵
  PID:14852
- C:\Windows\System\dBNgsou.exe
  C:\Windows\System\dBNgsou.exe
  2⤵
  PID:14876
- C:\Windows\System\xHjZUBt.exe
  C:\Windows\System\xHjZUBt.exe
  2⤵
  PID:14912
- C:\Windows\System\PZWkJUj.exe
  C:\Windows\System\PZWkJUj.exe
  2⤵
  PID:14944
- C:\Windows\System\QCNaJKs.exe
  C:\Windows\System\QCNaJKs.exe
  2⤵
  PID:14976
- C:\Windows\System\LUzseha.exe
  C:\Windows\System\LUzseha.exe
  2⤵
  PID:15008
- C:\Windows\System\lMoxKIU.exe
  C:\Windows\System\lMoxKIU.exe
  2⤵
  PID:15040
- C:\Windows\System\zBBtvua.exe
  C:\Windows\System\zBBtvua.exe
  2⤵
  PID:15072
- C:\Windows\System\dLtfQxZ.exe
  C:\Windows\System\dLtfQxZ.exe
  2⤵
  PID:15104
- C:\Windows\System\nEKUtxh.exe
  C:\Windows\System\nEKUtxh.exe
  2⤵
  PID:15136
- C:\Windows\System\lILDtKl.exe
  C:\Windows\System\lILDtKl.exe
  2⤵
  PID:15172
- C:\Windows\System\GNSWCZF.exe
  C:\Windows\System\GNSWCZF.exe
  2⤵
  PID:15204
- C:\Windows\System\tQvaiiw.exe
  C:\Windows\System\tQvaiiw.exe
  2⤵
  PID:15236
- C:\Windows\System\YiBNIWQ.exe
  C:\Windows\System\YiBNIWQ.exe
  2⤵
  PID:15268
- C:\Windows\System\tjbGagH.exe
  C:\Windows\System\tjbGagH.exe
  2⤵
  PID:15300
- C:\Windows\System\ntxoWlp.exe
  C:\Windows\System\ntxoWlp.exe
  2⤵
  PID:15332
- C:\Windows\System\PYrWBye.exe
  C:\Windows\System\PYrWBye.exe
  2⤵
  PID:14348
- C:\Windows\System\fBrisBl.exe
  C:\Windows\System\fBrisBl.exe
  2⤵
  PID:14412
- C:\Windows\System\Ywbvicy.exe
  C:\Windows\System\Ywbvicy.exe
  2⤵
  PID:14488
- C:\Windows\System\sKKSasc.exe
  C:\Windows\System\sKKSasc.exe
  2⤵
  PID:14548
- C:\Windows\System\gpQYjje.exe
  C:\Windows\System\gpQYjje.exe
  2⤵
  PID:14592
- C:\Windows\System\vXjQIiB.exe
  C:\Windows\System\vXjQIiB.exe
  2⤵
  PID:14648
- C:\Windows\System\vajEhnh.exe
  C:\Windows\System\vajEhnh.exe
  2⤵
  PID:14724
- C:\Windows\System\TJTtTIM.exe
  C:\Windows\System\TJTtTIM.exe
  2⤵
  PID:13284
- C:\Windows\System\WXjISvR.exe
  C:\Windows\System\WXjISvR.exe
  2⤵
  PID:14772
- C:\Windows\System\kwAlvpV.exe
  C:\Windows\System\kwAlvpV.exe
  2⤵
  PID:14808
- C:\Windows\System\JfkEZSX.exe
  C:\Windows\System\JfkEZSX.exe
  2⤵
  PID:14892
- C:\Windows\System\svnqEvf.exe
  C:\Windows\System\svnqEvf.exe
  2⤵
  PID:14960
- C:\Windows\System\irTqfRG.exe
  C:\Windows\System\irTqfRG.exe
  2⤵
  PID:15024
- C:\Windows\System\ZIzpXoT.exe
  C:\Windows\System\ZIzpXoT.exe
  2⤵
  PID:15092
- C:\Windows\System\qlgjEGF.exe
  C:\Windows\System\qlgjEGF.exe
  2⤵
  PID:15132
- C:\Windows\System\bHedwrS.exe
  C:\Windows\System\bHedwrS.exe
  2⤵
  PID:15200
- C:\Windows\System\iAZdDjs.exe
  C:\Windows\System\iAZdDjs.exe
  2⤵
  PID:15264
- C:\Windows\System\UsUsvtp.exe
  C:\Windows\System\UsUsvtp.exe
  2⤵
  PID:15328
- C:\Windows\System\HtIPJGH.exe
  C:\Windows\System\HtIPJGH.exe
  2⤵
  PID:14416
- C:\Windows\System\VGeWkpc.exe
  C:\Windows\System\VGeWkpc.exe
  2⤵
  PID:14496
- C:\Windows\System\pLngvQI.exe
  C:\Windows\System\pLngvQI.exe
  2⤵
  PID:14660
- C:\Windows\System\POPZYWH.exe
  C:\Windows\System\POPZYWH.exe
  2⤵
  PID:13072
- C:\Windows\System\WqLOtPi.exe
  C:\Windows\System\WqLOtPi.exe
  2⤵
  PID:14872
- C:\Windows\System\AmbJVGi.exe
  C:\Windows\System\AmbJVGi.exe
  2⤵
  PID:15004
- C:\Windows\System\NXKkoMu.exe
  C:\Windows\System\NXKkoMu.exe
  2⤵
  PID:15068
- C:\Windows\System\fmyfPsy.exe
  C:\Windows\System\fmyfPsy.exe
  2⤵
  PID:15196
- C:\Windows\System\TlGcqPl.exe
  C:\Windows\System\TlGcqPl.exe
  2⤵
  PID:15324
- C:\Windows\System\bWdZKqe.exe
  C:\Windows\System\bWdZKqe.exe
  2⤵
  PID:14528
- C:\Windows\System\YIrvcLA.exe
  C:\Windows\System\YIrvcLA.exe
  2⤵
  PID:13280
- C:\Windows\System\tiypMXy.exe
  C:\Windows\System\tiypMXy.exe
  2⤵
  PID:14820
- C:\Windows\System\bWzJHPx.exe
  C:\Windows\System\bWzJHPx.exe
  2⤵
  PID:15128
- C:\Windows\System\xNGetZx.exe
  C:\Windows\System\xNGetZx.exe
  2⤵
  PID:4428
- C:\Windows\System\XoWDhDv.exe
  C:\Windows\System\XoWDhDv.exe
  2⤵
  PID:14376
- C:\Windows\System\otcyQNH.exe
  C:\Windows\System\otcyQNH.exe
  2⤵
  PID:14992
- C:\Windows\System\CYqQTdP.exe
  C:\Windows\System\CYqQTdP.exe
  2⤵
  PID:1416
- C:\Windows\System\hHOHYwU.exe
  C:\Windows\System\hHOHYwU.exe
  2⤵
  PID:14652
- C:\Windows\System\EpsovXB.exe
  C:\Windows\System\EpsovXB.exe
  2⤵
  PID:15296
- C:\Windows\System\muXqxzv.exe
  C:\Windows\System\muXqxzv.exe
  2⤵
  PID:15188
- C:\Windows\System\vKBhbuq.exe
  C:\Windows\System\vKBhbuq.exe
  2⤵
  PID:15384
- C:\Windows\System\UoeMtIL.exe
  C:\Windows\System\UoeMtIL.exe
  2⤵
  PID:15416
- C:\Windows\System\EmwsnMM.exe
  C:\Windows\System\EmwsnMM.exe
  2⤵
  PID:15448
- C:\Windows\System\vEdOmca.exe
  C:\Windows\System\vEdOmca.exe
  2⤵
  PID:15480
- C:\Windows\System\WHDoUAR.exe
  C:\Windows\System\WHDoUAR.exe
  2⤵
  PID:15512
- C:\Windows\System\opotSOb.exe
  C:\Windows\System\opotSOb.exe
  2⤵
  PID:15544
- C:\Windows\System\tOOsAnH.exe
  C:\Windows\System\tOOsAnH.exe
  2⤵
  PID:15576
- C:\Windows\System\UtGqkzB.exe
  C:\Windows\System\UtGqkzB.exe
  2⤵
  PID:15608
- C:\Windows\System\LJnhlAT.exe
  C:\Windows\System\LJnhlAT.exe
  2⤵
  PID:15640
- C:\Windows\System\HnhAYml.exe
  C:\Windows\System\HnhAYml.exe
  2⤵
  PID:15676
- C:\Windows\System\hcwGpGd.exe
  C:\Windows\System\hcwGpGd.exe
  2⤵
  PID:15704
- C:\Windows\System\HgmWUPc.exe
  C:\Windows\System\HgmWUPc.exe
  2⤵
  PID:15720
- C:\Windows\System\nYFYDvb.exe
  C:\Windows\System\nYFYDvb.exe
  2⤵
  PID:15752
- C:\Windows\System\gBSLiUu.exe
  C:\Windows\System\gBSLiUu.exe
  2⤵
  PID:15784
- C:\Windows\System\XujmspK.exe
  C:\Windows\System\XujmspK.exe
  2⤵
  PID:15836
- C:\Windows\System\VBnAbyO.exe
  C:\Windows\System\VBnAbyO.exe
  2⤵
  PID:15864
- C:\Windows\System\qawEaDs.exe
  C:\Windows\System\qawEaDs.exe
  2⤵
  PID:15900
- C:\Windows\System\fEVXIAZ.exe
  C:\Windows\System\fEVXIAZ.exe
  2⤵
  PID:15932
- C:\Windows\System\RfKXfFx.exe
  C:\Windows\System\RfKXfFx.exe
  2⤵
  PID:15964
- C:\Windows\System\TXrImzo.exe
  C:\Windows\System\TXrImzo.exe
  2⤵
  PID:15996
- C:\Windows\System\AImgELJ.exe
  C:\Windows\System\AImgELJ.exe
  2⤵
  PID:16028
- C:\Windows\System\PWtYraG.exe
  C:\Windows\System\PWtYraG.exe
  2⤵
  PID:16060
- C:\Windows\System\utUxXpG.exe
  C:\Windows\System\utUxXpG.exe
  2⤵
  PID:16092
- C:\Windows\System\IefGHZP.exe
  C:\Windows\System\IefGHZP.exe
  2⤵
  PID:16124
- C:\Windows\System\JrbooUQ.exe
  C:\Windows\System\JrbooUQ.exe
  2⤵
  PID:16156
- C:\Windows\System\LLpgDbd.exe
  C:\Windows\System\LLpgDbd.exe
  2⤵
  PID:16188
- C:\Windows\System\kTwcAEI.exe
  C:\Windows\System\kTwcAEI.exe
  2⤵
  PID:16220
- C:\Windows\System\vMJNYUr.exe
  C:\Windows\System\vMJNYUr.exe
  2⤵
  PID:16252
- C:\Windows\System\dvfVCBN.exe
  C:\Windows\System\dvfVCBN.exe
  2⤵
  PID:16284
- C:\Windows\System\egjlAos.exe
  C:\Windows\System\egjlAos.exe
  2⤵
  PID:16316
- C:\Windows\System\fFMypgE.exe
  C:\Windows\System\fFMypgE.exe
  2⤵
  PID:16356
- C:\Windows\System\mwCUFwz.exe
  C:\Windows\System\mwCUFwz.exe
  2⤵
  PID:16380
- C:\Windows\System\cJmtMNa.exe
  C:\Windows\System\cJmtMNa.exe
  2⤵
  PID:15412
- C:\Windows\System\iyMHaMz.exe
  C:\Windows\System\iyMHaMz.exe
  2⤵
  PID:15476
- C:\Windows\System\lKCQbbC.exe
  C:\Windows\System\lKCQbbC.exe
  2⤵
  PID:15540
- C:\Windows\System\imdZFqf.exe
  C:\Windows\System\imdZFqf.exe
  2⤵
  PID:15604
- C:\Windows\System\MnhyruE.exe
  C:\Windows\System\MnhyruE.exe
  2⤵
  PID:15664
- C:\Windows\System\cgPJHDn.exe
  C:\Windows\System\cgPJHDn.exe
  2⤵
  PID:15736
- C:\Windows\System\yPpuxUT.exe
  C:\Windows\System\yPpuxUT.exe
  2⤵
  PID:15800
- C:\Windows\System\qcvSuOI.exe
  C:\Windows\System\qcvSuOI.exe
  2⤵
  PID:15844
- C:\Windows\System\XMchTBw.exe
  C:\Windows\System\XMchTBw.exe
  2⤵
  PID:15924
- C:\Windows\System\PswJMdX.exe
  C:\Windows\System\PswJMdX.exe
  2⤵
  PID:15988
- C:\Windows\System\qqIuTLa.exe
  C:\Windows\System\qqIuTLa.exe
  2⤵
  PID:16052
- C:\Windows\System\udFGnPg.exe
  C:\Windows\System\udFGnPg.exe
  2⤵
  PID:16120
- C:\Windows\System\tYbjGnb.exe
  C:\Windows\System\tYbjGnb.exe
  2⤵
  PID:16180
- C:\Windows\System\wxxDouh.exe
  C:\Windows\System\wxxDouh.exe
  2⤵
  PID:16248
- C:\Windows\System\SuvGdMp.exe
  C:\Windows\System\SuvGdMp.exe
  2⤵
  PID:16312
- C:\Windows\System\ZenhvbB.exe
  C:\Windows\System\ZenhvbB.exe
  2⤵
  PID:16376
- C:\Windows\System\htfVtIO.exe
  C:\Windows\System\htfVtIO.exe
  2⤵
  PID:15472
- C:\Windows\System\ELoogPH.exe
  C:\Windows\System\ELoogPH.exe
  2⤵
  PID:15632
- C:\Windows\System\bLiWteq.exe
  C:\Windows\System\bLiWteq.exe
  2⤵
  PID:15716
- C:\Windows\System\aRRtjOl.exe
  C:\Windows\System\aRRtjOl.exe
  2⤵
  PID:15860
- C:\Windows\System\pGcUlpS.exe
  C:\Windows\System\pGcUlpS.exe
  2⤵
  PID:15980
- C:\Windows\System\oVInURk.exe
  C:\Windows\System\oVInURk.exe
  2⤵
  PID:16108
- C:\Windows\System\luQphFs.exe
  C:\Windows\System\luQphFs.exe
  2⤵
  PID:16236
- C:\Windows\System\YzPJTLq.exe
  C:\Windows\System\YzPJTLq.exe
  2⤵
  PID:16368
- C:\Windows\System\sFJVsLN.exe
  C:\Windows\System\sFJVsLN.exe
  2⤵
  PID:14928
- C:\Windows\System\EGFxChN.exe
  C:\Windows\System\EGFxChN.exe
  2⤵
  PID:15892
- C:\Windows\System\dyZlxoH.exe
  C:\Windows\System\dyZlxoH.exe
  2⤵
  PID:16148
- C:\Windows\System\MyaZNiC.exe
  C:\Windows\System\MyaZNiC.exe
  2⤵
  PID:16364
- C:\Windows\System\gBfnFZv.exe
  C:\Windows\System\gBfnFZv.exe
  2⤵
  PID:15804
- C:\Windows\System\pppcgAw.exe
  C:\Windows\System\pppcgAw.exe
  2⤵
  PID:16212
- C:\Windows\System\NVekktb.exe
  C:\Windows\System\NVekktb.exe
  2⤵
  PID:15956
- C:\Windows\System\NqjzIYo.exe
  C:\Windows\System\NqjzIYo.exe
  2⤵
  PID:15444
- C:\Windows\System\kfYqqSY.exe
  C:\Windows\System\kfYqqSY.exe
  2⤵
  PID:16408
- C:\Windows\System\QHpaWMg.exe
  C:\Windows\System\QHpaWMg.exe
  2⤵
  PID:16440
- C:\Windows\System\WdmHANN.exe
  C:\Windows\System\WdmHANN.exe
  2⤵
  PID:16472
- C:\Windows\System\zWcfmFT.exe
  C:\Windows\System\zWcfmFT.exe
  2⤵
  PID:16504
- C:\Windows\System\QjfhqFW.exe
  C:\Windows\System\QjfhqFW.exe
  2⤵
  PID:16544
- C:\Windows\System\EgsvRep.exe
  C:\Windows\System\EgsvRep.exe
  2⤵
  PID:16568
- C:\Windows\System\VYsPvVy.exe
  C:\Windows\System\VYsPvVy.exe
  2⤵
  PID:16600
- C:\Windows\System\LJJaqjG.exe
  C:\Windows\System\LJJaqjG.exe
  2⤵
  PID:16632
- C:\Windows\System\OPOBKrp.exe
  C:\Windows\System\OPOBKrp.exe
  2⤵
  PID:16664
- C:\Windows\System\lUWbDZu.exe
  C:\Windows\System\lUWbDZu.exe
  2⤵
  PID:16700
- C:\Windows\System\ysMtXGx.exe
  C:\Windows\System\ysMtXGx.exe
  2⤵
  PID:16732
- C:\Windows\System\QmTtMXZ.exe
  C:\Windows\System\QmTtMXZ.exe
  2⤵
  PID:16764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BgXblUy.exe

Filesize
5.7MB

MD5
a86f55a2595e3cabd6555b4203ef340f

SHA1
499c660971fd833c243fdfdd1317f2e31db29149

SHA256
29a8525c4740cafaa8038072d0e9e6e4028e06594b28560fba7aaec7f6c928cc

SHA512
a47636d1a49b919f5c3ed6585c8233b8895eddeb113f10187c1e8c0d84bfb14cad00bcf7b22b58d516e9263bcf42ea4640164933bce701371bb4bda4f74ec732

Download Submit
C:\Windows\System\BvQBfTf.exe

Filesize
5.7MB

MD5
cd47ebb0c1c8e7ef2a5f02c6bf72de3c

SHA1
4cbdcae10c5ff305fc08d5361745eb75cd96b630

SHA256
e4dd2f7d5563b755339ae27554fbbc0ddba0f127107f4cf93dd1fe7b76ffb4bd

SHA512
3c317769a12370c676ca691e1bca563bf8c32a72f69ab1fc3e7b5732059b9dc9e4903f7f570cbb01d30a48f63bb2e932426a5acf37602b8a2ee61865a8b1b17b

Download Submit
C:\Windows\System\CMRAIeE.exe

Filesize
5.7MB

MD5
c685bef3806cbf1523578dc42b2f767f

SHA1
3bfd885004c2a74df6a57fc96f941dd203e63c7b

SHA256
00393a60e9fd2b7bdf55e81d3eae17a2f15aebfee2c3b8f98ed9009969a83ba5

SHA512
315c49b327a0e31ba9f16fef7c716a92f0a6bf2ad6a6db71c301e5b8d822e371c5c89642b1eabb6fc5931b97d5d35c78a92a707aeb792149ce1ad21589d52659

Download Submit
C:\Windows\System\FBiGHQe.exe

Filesize
5.7MB

MD5
ab881b5ff4c4b23b31ee8b266247d332

SHA1
4ad0e6e826290af2c0661b05b5e94627c275d60a

SHA256
40d54a82e7f9355dfaffa74c3113e5b96ff77cdd6c0e13d0ff5cf9474b6c9b33

SHA512
166d138f35e61d876d45b19891f6eafbaa1cd564058ffcde2fb1250252cb3e2da7c65e659132e299e5ae4b8976c2f7b90377f08210a476d49b765a02717686cb

Download Submit
C:\Windows\System\JgbpdKO.exe

Filesize
5.7MB

MD5
9ce3b26fb223888c64494ff60b5e6d31

SHA1
cb3901f5300cdfc429acce16323fd5d4fcd8103a

SHA256
2416a253dd312bf93bf85053edd4320552db92c479e06b68867171e7d67a0787

SHA512
51b653a8c131ff6f8c47de66ec45c13c088693d86a0ad4a07391040109692ee9b10400d75e64187ef488342f76f7ce48a26f84b18942bec50998c3503084dff6

Download Submit
C:\Windows\System\LDeqySk.exe

Filesize
5.7MB

MD5
a1fb4ac3d0d7eb95088ed4aaf3f8baa6

SHA1
498f56aeefb39b0b50f858ad9f342d1648ca566d

SHA256
8ea57b22f4549f320817631fe559984a523642cb6e8bdad11a60ed61471d0b5b

SHA512
51c0a5cc22097f20395c4cb3c26e8fc6921c53b561e754037c6bc7fad81f7998bec74ad7d41a8df8fa2cb36885d36a8a18971729764058dc5dcde17ee3ef6ebb

Download Submit
C:\Windows\System\MmVNEuH.exe

Filesize
5.7MB

MD5
c5709720e1cdcdb92aec60f5878a01db

SHA1
1a93c2337ac11ab6e70efa14e769afd81361135d

SHA256
9496f02c1a40de33175778aae4f0d8db97e3a1167b0a54428fd3839a897b9c3f

SHA512
a6e865fe40ea186b27b101a0b185784cf7dc006b126ac91435f3597ac063d679b1e7e9484501e3784f9fec2c65eed90d995ce146969fa522427a71e9ad2eb082

Download Submit
C:\Windows\System\QHRoVex.exe

Filesize
5.7MB

MD5
f0fbd98f695c3b686c88554f8a8dcda8

SHA1
0a7984e316590eaf72ced8a8e00dccd19d8ee377

SHA256
8baccc5f63e8e67de95c8f301270a0fa38834e90af25671b2d1e81b0ec10a34f

SHA512
a2fb7b23ea04736595f20f9111517ea905195394459573568de81b8d184840362e1170198f6ec1f4cef4e74b7d81ab68f36b1579a2dbf37b86df06d719a95120

Download Submit
C:\Windows\System\QOABuOw.exe

Filesize
5.7MB

MD5
b86751c1e9e9755e6771ed03b9f9ac8c

SHA1
a7a05d472bb413e460ead67de23a1c15c4202875

SHA256
e338115b3062b3fc8af1cb69a36422d729b2339c21c7632996a18ada504ad75e

SHA512
f7f0bfd0b449c21885f18daa2947189aa5d09b2eafbd506343953dcdb5bd400e216c3296ff55caa811c201d087f3dc44bf0bdddce8107bbd5d6040cfb5da730a

Download Submit
C:\Windows\System\SdlmSiG.exe

Filesize
5.7MB

MD5
ffc08ef74d5b0219fb889c6539125de6

SHA1
be7e314ed14e859e6d4203124881632f9de0d137

SHA256
6aae290f6bf8232db37406723a8c3aff8b0f11b0e9846ccc285644c5c97e9a65

SHA512
a9734bf319ccb0e28ce0189e0406ea2c98f3c3b388dd23793da0fcd2027dea7024f36760be3c6d2258fea8e83fd873e3608938cf05f63ed34363aad56bc9b8db

Download Submit
C:\Windows\System\UXiqJcf.exe

Filesize
5.7MB

MD5
4682175db21353f7f36a80b9562395ee

SHA1
00340ec379ce2c09119dcba94a6864f27d561a12

SHA256
2ff1d8bdf36f97b0cd140594b9c1b15db4077166ecb1d805987cbbe3c4b2a7b4

SHA512
c2bc2321dd0917cc5cd2b1f48b25031bf64733ebbab97dc74b7d76b5be5f9515fbdc9e07d2455de81a62fe0d5f2c968cdf86e91f5b1cd4a6a4422842b5981dcc

Download Submit
C:\Windows\System\UnvDghG.exe

Filesize
5.7MB

MD5
b94b1d4eb85d8dcedbe73cdea5bdfc36

SHA1
cd8a0a69905b017e74574999da1000250d86d51e

SHA256
c7f9c0c9bf2468c83d1dc3c856c6d146b9b2475a543b96fdbbc582c4ea6c64ff

SHA512
37cf0d7fc989fba39f82b8035b898ac740d0abeffce98a95d4ace41bc2c916da3833694ddbaff43d7a24b4045b80d223584327b073c6aedd4e74e12e37144539

Download Submit
C:\Windows\System\WezpRnZ.exe

Filesize
5.7MB

MD5
abd967be27a51c62e8b689c00013f2c1

SHA1
6a3a5ae0bd7d1359565a72e33d99884b2376efd8

SHA256
7e9ce9ff1a1726ab3ea4027b67a2924d94c39f768b430971b51df0116bb63874

SHA512
d874748659ed5bb0f037144b8eabef2cd62e611df5b2047b2718ca1122bcdf4a14445c511ed0b0822d1c5dbb51861f52cb4c262ab78ae01e1f4ca6030ce54ac1

Download Submit
C:\Windows\System\ZEeEjsj.exe

Filesize
5.7MB

MD5
d765894dd96abddc902489869e1ee9cd

SHA1
9da9cd17edbba1245512bfb39b1f50e140290637

SHA256
2393db3ec97a17d265d1dd8641e6fd7d60668a832a7b5d3695b3eb30f4195400

SHA512
1dd184327e42d7b024683d9538a5374dba0ff05d0bebe447ad351abcff190be2c5a7f639b4b8f3c7d6375bbc039946b382a3c01f95849db3b9f04fa388cd3b06

Download Submit
C:\Windows\System\aaxEZGV.exe

Filesize
5.7MB

MD5
75d7cf1e716510fcaf677026525a2f74

SHA1
0854d6ab4248ade97445895c7d0dd3668f8bf74b

SHA256
a95fef3016cd8d20718b4beaf6de960762444a2c7a9c2acb1d6d650fc4f02c65

SHA512
11a7991ede450668ceb587eab2963cae8846606184027f190fc4caed5cf864046bb6262452621c47a0404a861c1f3565a8cd684b1a7adef9159f65674a6eb3fb

Download Submit
C:\Windows\System\eqiFRfe.exe

Filesize
5.7MB

MD5
4a0e687fa1efda87ff1bf9207b1cf0ef

SHA1
61c0c078a4a97cb0d55b4db97a4c2f777be0a583

SHA256
57fb901f2589ee6c33915c5261dbc2b5b9af22fa965be27a5121b4dd07f4e774

SHA512
afde32fb001995bd31fb35a2239f97d879e706b07cb6ab132a94e0ffabd6544c20924c18a04685b76652116cfdb05b29f88d7e3c196123d7ee1e4840335f4035

Download Submit
C:\Windows\System\fJCMISq.exe

Filesize
5.7MB

MD5
8623da9bf2b8f70a05f2d8dfc44b7d06

SHA1
b5d6c126bb530ca1b42e128e2869ce0cbc442b73

SHA256
949610fb7605c309a504710d36478882f838e3da50928c6ed559bfc933e5f9c4

SHA512
6be4c5853221af41e66c41fac190fefe7e2d92bf8eb81fddca73e2a463987c49aee2a540366f4bad4fa3e8a79219b8b9a60ec4c6e8d04cf5013cf5090dc4e2d7

Download Submit
C:\Windows\System\fPsIdNW.exe

Filesize
5.7MB

MD5
ea8f25db88b7f2b88c71a8aecd47fe3d

SHA1
b7c99ce234ceae51beacc7f0ccee279fd087301b

SHA256
ea7c000b04bf7491fe327600e9a67d893dd94c2f88a757990327989a348c9052

SHA512
59a9c385e3d665398338a3a1937dd4ecf287fb5d8241dca369b413fc94ef6a85af08b20382ce5bf3fcc1e1bb75287ceda15f69e6322d3723f066850b98049477

Download Submit
C:\Windows\System\fvJabio.exe

Filesize
5.7MB

MD5
2ff27e77991d87fec02b5d417aa14c8b

SHA1
6ec4060a3852e4e89c3b2be4e2b6b694c1e554f6

SHA256
d20ea6ccab9db59dd17a39030cb7494c418f99e155755fb8ee8cfeccdcc95721

SHA512
d72eb82b97a2af4b6e19220e2178dbe1922a878d657dfd0befa0586f6ef8751d421db3c825a0732ea5208845ea581f698e713dd318cfe135ecb3a932d3cf1bb9

Download Submit
C:\Windows\System\fvgefOC.exe

Filesize
5.7MB

MD5
4cbc88ddb8e06e3769a09885839c20d3

SHA1
a8cf542a731b34825cc016d622d10b6e40fefcbd

SHA256
3d0d31d7f5a368a906c0a1fecde5f04912ff64c72e6cab4b4218e69829c7341b

SHA512
1cd8ba2be7a25d579eab503c20d38788ea28b5eb4c101c57302c0d87dccc7d3f0d6513ce03b3ea53a96cb9fe94d3ad14cbf6149968c265e4fef0c1a0686c0814

Download Submit
C:\Windows\System\hEFXTKt.exe

Filesize
5.7MB

MD5
8a1db87b5e5304c8b4cd0e8f042d4cbc

SHA1
3fb6b06736975345e0c13d111cb48b6e2b6e884a

SHA256
321f2fc8d68872a99b31cc795459eb1cdd761d199da9f74d83b169a43c07ca12

SHA512
b5664d91307d8a1a34a91200da07a67fb02e8b691896c431a2e1219b14a5893ec0d26602f8b178e4f662eb2e034249eafeafdbb954adf0fd89f294c7a970d1cb

Download Submit
C:\Windows\System\iXYeiTw.exe

Filesize
5.7MB

MD5
f5217277ac89122552fc0b127309d34c

SHA1
965bac9e635c151926d145674d786e2d43132fe1

SHA256
c7e8cb23b85f28b1ba4afcfc9f050502c3d4f8ef8048e39d37bacf2206c32c85

SHA512
4f507b1fd9487f56873c5d141f418b60d881b72e2468653c0d44b0dff05f6239e38610cd0a6d42937427dd86e5ae1daf5744905f4f351566a1e9ed57f768583a

Download Submit
C:\Windows\System\ikWkfuH.exe

Filesize
5.7MB

MD5
094b7ad71b1fd00ad31ff416ba685442

SHA1
81dcd7cdc286cf57e5747ddf1e1fda5ef24dabdb

SHA256
15b4205883a6cdd9177312035dad11a6fe899c5a6b260355c7bedf86a3e9ae7e

SHA512
46fa38a526250ad75a98b79f9ddfcb9a55204ab9675f61383ce41585b98bd7555d32b8e46c3b592dd96a7eb47ccaa36a49dca29622691b35a7ba9dfb127bc348

Download Submit
C:\Windows\System\lEITHRV.exe

Filesize
5.7MB

MD5
5397c7e3e85db47535c4da885e120f33

SHA1
0b87be8d51cf9e8b63d045c611e1e85f12bbb36e

SHA256
e8fd24bdd7588b399df07dd1d09ceb46aa6ad736f9404ded5cea250cf8e12c36

SHA512
7785ea1e36feb39bd491c3ffa71b52684ece582d1cdf2af6f61655333e1c33189ee501b0d9da58dd8e1e5f34e557298c275ee5faa7d237f8fc3ef80caac5ec8b

Download Submit
C:\Windows\System\lcyINkD.exe

Filesize
5.7MB

MD5
e6aeaa84237715cc9cfccb7eb4f0fe8c

SHA1
1e026910b07b305149d250500a5ed24f51493d5e

SHA256
8c0c231013be5f71078aa0dfe0f11dcb4a89073f7f818d64aafcc4067d1d5377

SHA512
de6006e2206bfedde9a008fdc8dc64240539178d0dcd40d8a44ef174d46adeed9fc187311973caf3cebe5e9c63da6c0abb95d68f651948c5bb4c2d15487dae16

Download Submit
C:\Windows\System\mNfWrqf.exe

Filesize
5.7MB

MD5
ab810b369922d30d5e176ced844e3373

SHA1
627c2e6408a2ee688f05221f21debe45a4c632f1

SHA256
16eca722a69011cf0d783a0346c927e078da0fb759c144b6b9e3c0eadbf9cf77

SHA512
4de5af1fe77a035529e916a8fa646dee6098622b01166b29f6eecef1944b0f540b29f988f6e72029cd99584156b51eab9cd4281985d8a5dec1811a0d3eb83b31

Download Submit
C:\Windows\System\mwYQiPA.exe

Filesize
5.7MB

MD5
e64b12b5054f70c2eb84973d4c4f0644

SHA1
a009fe7b0a95e7cc7cefb8f9c12d53ed5e5150ef

SHA256
ab39716b6cb09c1b8a4da1d057b387ef46dbc6900b90b9b1d3204500aae51ffe

SHA512
ce67bc32f6829d9d34574876891931cb6533c9c5769d748202f89ea64cef1449208ead390f1e08f92b3942bb5d56e5d5cfe5e168cbbfadd5ce9f983e31f09452

Download Submit
C:\Windows\System\nMkMyCz.exe

Filesize
5.7MB

MD5
61218ad2dce1982ac6fcc154cd02c70c

SHA1
6050808a7617223ec6bdd6a5607bcb55ef759999

SHA256
8d46097cc48b520bf76f53c51d46ccb5a24c1ef0d262b2287ca9cec8102e8003

SHA512
f699691b3b61e0f53966ff7070158032b2b3017ecd51622cd73e5c761c8597b4d037d90d570537c84b574b8f69d3bdf048fb18f4d1b7db9007194da74c818b31

Download Submit
C:\Windows\System\oQhxDRg.exe

Filesize
5.7MB

MD5
e41917042c56132fbacf88b0393bbd31

SHA1
f8055ba8e85eb516118ebcfa7240193c955df44d

SHA256
a7fa8c002dc899627ca50fca1bf0b66206678ee877cb74775c66843bed12358a

SHA512
31e0a73b80d64479b29c61856789224a33148cd7c883125ff070c49c62ef332d9d62bc742b491413e5612a2047a74c3d3266d0c2878ddfc08f3f68b3234fb05b

Download Submit
C:\Windows\System\qzMVTsT.exe

Filesize
5.7MB

MD5
b3ab8ae11381737efe00e8cde958ada6

SHA1
a699658afcdaa0b1fff7e605b3f3824edb4c4be3

SHA256
4011c95368d21db72f22847c2c917fa98c2ded2f031caae6456701bfe05f9406

SHA512
f8617a1af3a9e3c2fa3e6169d2d6649ff65b9a61070e50580e401d3f787ed44169f0c3deede66a0948884656f2652bf55964e039a0f3425422ddf91ddc5b70de

Download Submit
C:\Windows\System\vfgImrg.exe

Filesize
5.7MB

MD5
e685bb1121ecd4e029d51679a524e6a3

SHA1
1fa2aa8485a84f2405ae4b210e0b30953d54bad2

SHA256
193f624135a5c883abf8d11d60d0b5303c64faba6f7ec933efc468a931fb2281

SHA512
45e51173dc3547fe0e02f9aaeaf58895a473262c31c7f4f36d7157f15e89f2eed48488657764fab88e4d147c3d96a61bd8625e879b92e315b1075c8e8a6137fd

Download Submit
C:\Windows\System\wZPvwQz.exe

Filesize
5.7MB

MD5
15b447748e8048f3dba3d2bf008f52d7

SHA1
45a05825c4d2b9a36647651244083ca4c37932f6

SHA256
b47bff2ed20f9b684365c15caaca1f0966df5faedb9d0c1d011f100a6c19f293

SHA512
addbe8843fb6a6b68b298ffdde42d705e514d0605ffcc3f9b23bc79bd99795cd6e76a2e59f61d285072eb55a60dc89c0c3d700d3255673a8168caed781aaf935

Download Submit
C:\Windows\System\xxEOnFT.exe

Filesize
5.7MB

MD5
577536b7fb5958443e956658ced557cd

SHA1
ced9c2bd0f8766833b2971f5d3069cd476cea609

SHA256
e1bdf9c60ebc86dcfebda39749222dbf9a0b69cd1e39581853ef8c0e4d33cbbb

SHA512
933d1492b9c251d4d3faf68e022b14c5ae94cbe305a2eb4c555aa9a4b7d1ae28b039460b04464667ee39a7c848e9ae2e8f799fe30f8200a8f5613e3b6928993d

Download Submit
memory/532-19-0x00007FF67BAF0000-0x00007FF67BE3D000-memory.dmp

Filesize
3.3MB

Download
memory/628-25-0x00007FF69BA80000-0x00007FF69BDCD000-memory.dmp

Filesize
3.3MB

Download
memory/1008-179-0x00007FF7D08C0000-0x00007FF7D0C0D000-memory.dmp

Filesize
3.3MB

Download
memory/1072-80-0x00007FF7530C0000-0x00007FF75340D000-memory.dmp

Filesize
3.3MB

Download
memory/1136-129-0x00007FF797340000-0x00007FF79768D000-memory.dmp

Filesize
3.3MB

Download
memory/1248-113-0x00007FF6A1400000-0x00007FF6A174D000-memory.dmp

Filesize
3.3MB

Download
memory/1340-173-0x00007FF776FD0000-0x00007FF77731D000-memory.dmp

Filesize
3.3MB

Download
memory/1484-107-0x00007FF670000000-0x00007FF67034D000-memory.dmp

Filesize
3.3MB

Download
memory/1732-134-0x00007FF7125D0000-0x00007FF71291D000-memory.dmp

Filesize
3.3MB

Download
memory/1772-31-0x00007FF78A9F0000-0x00007FF78AD3D000-memory.dmp

Filesize
3.3MB

Download
memory/1812-185-0x00007FF7B9A00000-0x00007FF7B9D4D000-memory.dmp

Filesize
3.3MB

Download
memory/1852-155-0x00007FF6FCCD0000-0x00007FF6FD01D000-memory.dmp

Filesize
3.3MB

Download
memory/2044-49-0x00007FF6EA9B0000-0x00007FF6EACFD000-memory.dmp

Filesize
3.3MB

Download
memory/2140-60-0x00007FF68C710000-0x00007FF68CA5D000-memory.dmp

Filesize
3.3MB

Download
memory/2192-101-0x00007FF6612A0000-0x00007FF6615ED000-memory.dmp

Filesize
3.3MB

Download
memory/2328-7-0x00007FF74A360000-0x00007FF74A6AD000-memory.dmp

Filesize
3.3MB

Download
memory/2732-161-0x00007FF750FB0000-0x00007FF7512FD000-memory.dmp

Filesize
3.3MB

Download
memory/2936-37-0x00007FF772150000-0x00007FF77249D000-memory.dmp

Filesize
3.3MB

Download
memory/3080-125-0x00007FF7C7EB0000-0x00007FF7C81FD000-memory.dmp

Filesize
3.3MB

Download
memory/3132-191-0x00007FF6D9170000-0x00007FF6D94BD000-memory.dmp

Filesize
3.3MB

Download
memory/3320-196-0x00007FF680D00000-0x00007FF68104D000-memory.dmp

Filesize
3.3MB

Download
memory/3408-1-0x000001FE18FF0000-0x000001FE19000000-memory.dmp

Filesize
64KB

Download
memory/3408-0-0x00007FF6E11D0000-0x00007FF6E151D000-memory.dmp

Filesize
3.3MB

Download
memory/3424-119-0x00007FF6B8980000-0x00007FF6B8CCD000-memory.dmp

Filesize
3.3MB

Download
memory/3584-75-0x00007FF75F0E0000-0x00007FF75F42D000-memory.dmp

Filesize
3.3MB

Download
memory/3624-43-0x00007FF673B90000-0x00007FF673EDD000-memory.dmp

Filesize
3.3MB

Download
memory/3676-143-0x00007FF771E50000-0x00007FF77219D000-memory.dmp

Filesize
3.3MB

Download
memory/3940-95-0x00007FF6022E0000-0x00007FF60262D000-memory.dmp

Filesize
3.3MB

Download
memory/4476-167-0x00007FF674B10000-0x00007FF674E5D000-memory.dmp

Filesize
3.3MB

Download
memory/4516-149-0x00007FF7BCFC0000-0x00007FF7BD30D000-memory.dmp

Filesize
3.3MB

Download
memory/4636-66-0x00007FF6B1E00000-0x00007FF6B214D000-memory.dmp

Filesize
3.3MB

Download
memory/4788-13-0x00007FF6A9430000-0x00007FF6A977D000-memory.dmp

Filesize
3.3MB

Download
memory/5016-89-0x00007FF61B680000-0x00007FF61B9CD000-memory.dmp

Filesize
3.3MB

Download