cobaltstrike | bc0b09c8777db643809e551ab71a26a22c966ae9c540d18fd3f8096c5a693743

Analysis

max time kernel
101s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20250211-en
resource tags

arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
submitted
17/02/2025, 00:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

5a4796cc0fa22312482d74190db3877b
SHA1

cd443d03023d5b25c9df50b5290225e2a0c170d5
SHA256

bc0b09c8777db643809e551ab71a26a22c966ae9c540d18fd3f8096c5a693743
SHA512

3e9e20033e2938f3e4a0d083aa696268084a7e9159f9c76098e7e9d320fafa0517168a60875283c937cd39f4dd3b9b55b66a3deaf36d808a4fe168238b6cf36d
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUz:j+R56utgpPF8u/7z

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023c72-5.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000023cca-11.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023ccb-10.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cd0-23.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cd1-30.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023cc3-35.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cd2-41.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cd3-44.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cd4-57.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cd5-56.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cd6-69.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cd8-77.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cd9-83.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cda-87.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cd7-73.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cdb-94.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cdc-101.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cdd-107.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cde-117.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ce0-126.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ce1-132.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cdf-116.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ce6-161.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ce5-156.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ce7-167.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ce8-174.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ce9-179.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023cea-184.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ceb-191.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ce4-148.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ce3-147.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ce2-138.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3164-0-0x00007FF663130000-0x00007FF66347D000-memory.dmp	xmrig
behavioral2/files/0x000c000000023c72-5.dat	xmrig
behavioral2/memory/2864-7-0x00007FF66FCA0000-0x00007FF66FFED000-memory.dmp	xmrig
behavioral2/files/0x000d000000023cca-11.dat	xmrig
behavioral2/files/0x000b000000023ccb-10.dat	xmrig
behavioral2/memory/3984-13-0x00007FF613AE0000-0x00007FF613E2D000-memory.dmp	xmrig
behavioral2/memory/3360-19-0x00007FF6E6150000-0x00007FF6E649D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cd0-23.dat	xmrig
behavioral2/memory/1348-25-0x00007FF7FA240000-0x00007FF7FA58D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cd1-30.dat	xmrig
behavioral2/memory/3260-31-0x00007FF696E90000-0x00007FF6971DD000-memory.dmp	xmrig
behavioral2/memory/4312-37-0x00007FF713970000-0x00007FF713CBD000-memory.dmp	xmrig
behavioral2/files/0x000e000000023cc3-35.dat	xmrig
behavioral2/files/0x000a000000023cd2-41.dat	xmrig
behavioral2/files/0x000a000000023cd3-44.dat	xmrig
behavioral2/files/0x000a000000023cd4-57.dat	xmrig
behavioral2/memory/1192-58-0x00007FF729060000-0x00007FF7293AD000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cd5-56.dat	xmrig
behavioral2/files/0x000a000000023cd6-69.dat	xmrig
behavioral2/files/0x000a000000023cd8-77.dat	xmrig
behavioral2/files/0x000a000000023cd9-83.dat	xmrig
behavioral2/memory/4528-91-0x00007FF7087F0000-0x00007FF708B3D000-memory.dmp	xmrig
behavioral2/memory/3412-88-0x00007FF649D80000-0x00007FF64A0CD000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cda-87.dat	xmrig
behavioral2/memory/3520-81-0x00007FF6CB080000-0x00007FF6CB3CD000-memory.dmp	xmrig
behavioral2/memory/3684-74-0x00007FF67DAF0000-0x00007FF67DE3D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cd7-73.dat	xmrig
behavioral2/memory/4396-70-0x00007FF721270000-0x00007FF7215BD000-memory.dmp	xmrig
behavioral2/memory/1604-63-0x00007FF647D60000-0x00007FF6480AD000-memory.dmp	xmrig
behavioral2/memory/3376-46-0x00007FF7A06E0000-0x00007FF7A0A2D000-memory.dmp	xmrig
behavioral2/memory/1276-51-0x00007FF6418E0000-0x00007FF641C2D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cdb-94.dat	xmrig
behavioral2/memory/4484-97-0x00007FF7CD0B0000-0x00007FF7CD3FD000-memory.dmp	xmrig
behavioral2/memory/4904-103-0x00007FF6199E0000-0x00007FF619D2D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cdc-101.dat	xmrig
behavioral2/files/0x000a000000023cdd-107.dat	xmrig
behavioral2/files/0x000a000000023cde-117.dat	xmrig
behavioral2/files/0x000a000000023ce0-126.dat	xmrig
behavioral2/memory/3336-133-0x00007FF7F0080000-0x00007FF7F03CD000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ce1-132.dat	xmrig
behavioral2/memory/4968-127-0x00007FF67D320000-0x00007FF67D66D000-memory.dmp	xmrig
behavioral2/memory/3544-123-0x00007FF756590000-0x00007FF7568DD000-memory.dmp	xmrig
behavioral2/memory/3452-119-0x00007FF6B8B10000-0x00007FF6B8E5D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cdf-116.dat	xmrig
behavioral2/memory/3000-151-0x00007FF6CC020000-0x00007FF6CC36D000-memory.dmp	xmrig
behavioral2/memory/212-157-0x00007FF6DDBE0000-0x00007FF6DDF2D000-memory.dmp	xmrig
behavioral2/memory/2772-162-0x00007FF6C9B50000-0x00007FF6C9E9D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ce6-161.dat	xmrig
behavioral2/files/0x000a000000023ce5-156.dat	xmrig
behavioral2/files/0x000a000000023ce7-167.dat	xmrig
behavioral2/memory/4264-175-0x00007FF653310000-0x00007FF65365D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ce8-174.dat	xmrig
behavioral2/memory/3144-168-0x00007FF622A90000-0x00007FF622DDD000-memory.dmp	xmrig
behavioral2/memory/2400-149-0x00007FF763EB0000-0x00007FF7641FD000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ce9-179.dat	xmrig
behavioral2/memory/3956-180-0x00007FF74C010000-0x00007FF74C35D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023cea-184.dat	xmrig
behavioral2/memory/1704-187-0x00007FF6D97F0000-0x00007FF6D9B3D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ceb-191.dat	xmrig
behavioral2/files/0x000a000000023ce4-148.dat	xmrig
behavioral2/files/0x000a000000023ce3-147.dat	xmrig
behavioral2/memory/4672-139-0x00007FF6C3D10000-0x00007FF6C405D000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ce2-138.dat	xmrig
behavioral2/memory/2324-111-0x00007FF6665E0000-0x00007FF66692D000-memory.dmp	xmrig

Downloads MZ/PE file 1 IoCs

flow	pid	Process
38	6528	Process not Found

Executes dropped EXE 64 IoCs

pid	Process
2864	ZuOcnzz.exe
3984	gjFJkTZ.exe
3360	AxBMJAA.exe
1348	NdyTnIG.exe
3260	wbbxegm.exe
4312	GtmfWRT.exe
3376	DXzTvfm.exe
1276	Oybkkag.exe
1192	AMvJZTv.exe
1604	nsepZKT.exe
4396	dgQUtVh.exe
3684	cShxlVA.exe
3520	uGbKQYa.exe
4528	whMxusd.exe
3412	IkziMrL.exe
4484	EGYjDTc.exe
4904	zqwPMKD.exe
2324	OWuCzTs.exe
3544	TzjHACV.exe
3452	zijwKBt.exe
4968	DkNtiaa.exe
3336	qCLLrwg.exe
4672	MvUYBRN.exe
3000	FuJElKR.exe
2400	wCmPvyT.exe
212	SCfGmJI.exe
2772	VMbltif.exe
3144	mRiLZUt.exe
4264	rYIOCkQ.exe
3956	nekoMnG.exe
1704	twkyiyI.exe
4584	Twoydub.exe
1492	SSxCdkj.exe
1908	wDAJASk.exe
2120	oOFSwCS.exe
540	BOOCkjc.exe
4036	rNaOlBr.exe
392	ygNneTV.exe
3876	zjSJhSS.exe
5084	AsmCeha.exe
3036	QhwLnyd.exe
4256	qxDgGCn.exe
3908	JxYQZeW.exe
4068	QqZMiJP.exe
1876	wdmJYxt.exe
2992	zusEpCs.exe
3996	CgmZPea.exe
1872	bhcEvSa.exe
1116	InxixyJ.exe
116	lMvRZgi.exe
3832	OdtbVan.exe
4452	YdFfURW.exe
5064	oHVdmzq.exe
2476	qOrZmNs.exe
1976	JbBlydj.exe
2036	OUWcZOu.exe
208	XwCjKFy.exe
2200	WTYLYjd.exe
2740	KVUvKmt.exe
4132	diJRwAw.exe
1620	vSYjUDu.exe
2672	qTVubKb.exe
4600	aobvVti.exe
1164	pEKunIY.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ITGLtIa.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRpdEfh.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOulKEV.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DjcGYSr.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fqBMJrF.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MnTZMpC.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHXeUbv.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXZiqUn.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcxGZPY.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krMKKtl.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bNzUHOd.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylTZRkB.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMqSJdr.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YVNxvhd.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwCjKFy.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\inAsGsk.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpQrOpy.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RHZHxUM.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFUhMcB.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSBhqOd.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UpiQOiX.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmMCBDs.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uazefiQ.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkvvpMj.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnUxuBp.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\murmyUa.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVrykVN.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vCXdCIX.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzjWXBo.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lkPrPPV.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogquDNI.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKbzvbp.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DxMRuBJ.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjoyUns.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SOGYvxJ.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whMxusd.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgoBaHq.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JuIyzoE.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNKlNzN.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMFsjEX.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MdVRiHx.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bIlAGJV.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HhjFysY.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SOcfEsh.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gIPaSkg.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KcMnqli.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOEjTZA.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylgZeso.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\byvVsNB.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\giJoZne.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\twkyiyI.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZwOWuT.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbxJuDT.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTjEQPD.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWGCLLt.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aInAiMx.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqwYQmX.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUWcZOu.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIHjqUs.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\alKgJvU.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dtldVLI.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjtofeH.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oHVdmzq.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ehTeXqC.exe	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2268	MicrosoftEdgeUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3164 wrote to memory of 2864	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3164 wrote to memory of 2864	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3164 wrote to memory of 3984	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3164 wrote to memory of 3984	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3164 wrote to memory of 3360	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3164 wrote to memory of 3360	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3164 wrote to memory of 1348	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3164 wrote to memory of 1348	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3164 wrote to memory of 3260	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3164 wrote to memory of 3260	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3164 wrote to memory of 4312	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3164 wrote to memory of 4312	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3164 wrote to memory of 3376	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3164 wrote to memory of 3376	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3164 wrote to memory of 1276	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3164 wrote to memory of 1276	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3164 wrote to memory of 1192	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3164 wrote to memory of 1192	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3164 wrote to memory of 1604	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3164 wrote to memory of 1604	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3164 wrote to memory of 4396	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3164 wrote to memory of 4396	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3164 wrote to memory of 3684	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3164 wrote to memory of 3684	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3164 wrote to memory of 3520	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3164 wrote to memory of 3520	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3164 wrote to memory of 4528	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3164 wrote to memory of 4528	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3164 wrote to memory of 3412	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3164 wrote to memory of 3412	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3164 wrote to memory of 4484	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3164 wrote to memory of 4484	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3164 wrote to memory of 4904	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3164 wrote to memory of 4904	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3164 wrote to memory of 2324	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3164 wrote to memory of 2324	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3164 wrote to memory of 3544	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3164 wrote to memory of 3544	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3164 wrote to memory of 3452	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3164 wrote to memory of 3452	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3164 wrote to memory of 4968	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3164 wrote to memory of 4968	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3164 wrote to memory of 3336	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3164 wrote to memory of 3336	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3164 wrote to memory of 4672	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3164 wrote to memory of 4672	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3164 wrote to memory of 3000	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3164 wrote to memory of 3000	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3164 wrote to memory of 2400	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3164 wrote to memory of 2400	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3164 wrote to memory of 212	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3164 wrote to memory of 212	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3164 wrote to memory of 2772	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3164 wrote to memory of 2772	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3164 wrote to memory of 3144	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3164 wrote to memory of 3144	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3164 wrote to memory of 4264	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 3164 wrote to memory of 4264	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 3164 wrote to memory of 3956	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 3164 wrote to memory of 3956	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 3164 wrote to memory of 1704	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 3164 wrote to memory of 1704	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 3164 wrote to memory of 4584	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	121
PID 3164 wrote to memory of 4584	3164	2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe	121

C:\Users\Admin\AppData\Local\Temp\2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-16_5a4796cc0fa22312482d74190db3877b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3164
- C:\Windows\System\ZuOcnzz.exe
  C:\Windows\System\ZuOcnzz.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\gjFJkTZ.exe
  C:\Windows\System\gjFJkTZ.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\AxBMJAA.exe
  C:\Windows\System\AxBMJAA.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\NdyTnIG.exe
  C:\Windows\System\NdyTnIG.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\wbbxegm.exe
  C:\Windows\System\wbbxegm.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\GtmfWRT.exe
  C:\Windows\System\GtmfWRT.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\DXzTvfm.exe
  C:\Windows\System\DXzTvfm.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\Oybkkag.exe
  C:\Windows\System\Oybkkag.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\AMvJZTv.exe
  C:\Windows\System\AMvJZTv.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\nsepZKT.exe
  C:\Windows\System\nsepZKT.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\dgQUtVh.exe
  C:\Windows\System\dgQUtVh.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\cShxlVA.exe
  C:\Windows\System\cShxlVA.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\uGbKQYa.exe
  C:\Windows\System\uGbKQYa.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\whMxusd.exe
  C:\Windows\System\whMxusd.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\IkziMrL.exe
  C:\Windows\System\IkziMrL.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\EGYjDTc.exe
  C:\Windows\System\EGYjDTc.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\zqwPMKD.exe
  C:\Windows\System\zqwPMKD.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\OWuCzTs.exe
  C:\Windows\System\OWuCzTs.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\TzjHACV.exe
  C:\Windows\System\TzjHACV.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\zijwKBt.exe
  C:\Windows\System\zijwKBt.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\DkNtiaa.exe
  C:\Windows\System\DkNtiaa.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\qCLLrwg.exe
  C:\Windows\System\qCLLrwg.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\MvUYBRN.exe
  C:\Windows\System\MvUYBRN.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\FuJElKR.exe
  C:\Windows\System\FuJElKR.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\wCmPvyT.exe
  C:\Windows\System\wCmPvyT.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\SCfGmJI.exe
  C:\Windows\System\SCfGmJI.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\VMbltif.exe
  C:\Windows\System\VMbltif.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\mRiLZUt.exe
  C:\Windows\System\mRiLZUt.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\rYIOCkQ.exe
  C:\Windows\System\rYIOCkQ.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\nekoMnG.exe
  C:\Windows\System\nekoMnG.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\twkyiyI.exe
  C:\Windows\System\twkyiyI.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\Twoydub.exe
  C:\Windows\System\Twoydub.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\SSxCdkj.exe
  C:\Windows\System\SSxCdkj.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\wDAJASk.exe
  C:\Windows\System\wDAJASk.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\oOFSwCS.exe
  C:\Windows\System\oOFSwCS.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\BOOCkjc.exe
  C:\Windows\System\BOOCkjc.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\rNaOlBr.exe
  C:\Windows\System\rNaOlBr.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\ygNneTV.exe
  C:\Windows\System\ygNneTV.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\zjSJhSS.exe
  C:\Windows\System\zjSJhSS.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\AsmCeha.exe
  C:\Windows\System\AsmCeha.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\QhwLnyd.exe
  C:\Windows\System\QhwLnyd.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\qxDgGCn.exe
  C:\Windows\System\qxDgGCn.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\JxYQZeW.exe
  C:\Windows\System\JxYQZeW.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\QqZMiJP.exe
  C:\Windows\System\QqZMiJP.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\wdmJYxt.exe
  C:\Windows\System\wdmJYxt.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\zusEpCs.exe
  C:\Windows\System\zusEpCs.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\CgmZPea.exe
  C:\Windows\System\CgmZPea.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\bhcEvSa.exe
  C:\Windows\System\bhcEvSa.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\InxixyJ.exe
  C:\Windows\System\InxixyJ.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\lMvRZgi.exe
  C:\Windows\System\lMvRZgi.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\OdtbVan.exe
  C:\Windows\System\OdtbVan.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\YdFfURW.exe
  C:\Windows\System\YdFfURW.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\oHVdmzq.exe
  C:\Windows\System\oHVdmzq.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\qOrZmNs.exe
  C:\Windows\System\qOrZmNs.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\JbBlydj.exe
  C:\Windows\System\JbBlydj.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\OUWcZOu.exe
  C:\Windows\System\OUWcZOu.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\XwCjKFy.exe
  C:\Windows\System\XwCjKFy.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\WTYLYjd.exe
  C:\Windows\System\WTYLYjd.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\KVUvKmt.exe
  C:\Windows\System\KVUvKmt.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\diJRwAw.exe
  C:\Windows\System\diJRwAw.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\vSYjUDu.exe
  C:\Windows\System\vSYjUDu.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\qTVubKb.exe
  C:\Windows\System\qTVubKb.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\aobvVti.exe
  C:\Windows\System\aobvVti.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\pEKunIY.exe
  C:\Windows\System\pEKunIY.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\gVQZOUg.exe
  C:\Windows\System\gVQZOUg.exe
  2⤵
  PID:1176
- C:\Windows\System\LpoDJBD.exe
  C:\Windows\System\LpoDJBD.exe
  2⤵
  PID:2532
- C:\Windows\System\aMFsjEX.exe
  C:\Windows\System\aMFsjEX.exe
  2⤵
  PID:4064
- C:\Windows\System\uxkaxHu.exe
  C:\Windows\System\uxkaxHu.exe
  2⤵
  PID:1796
- C:\Windows\System\vqJCcSr.exe
  C:\Windows\System\vqJCcSr.exe
  2⤵
  PID:3400
- C:\Windows\System\TmSYhBY.exe
  C:\Windows\System\TmSYhBY.exe
  2⤵
  PID:1468
- C:\Windows\System\jmPNVDN.exe
  C:\Windows\System\jmPNVDN.exe
  2⤵
  PID:3456
- C:\Windows\System\fAEXomB.exe
  C:\Windows\System\fAEXomB.exe
  2⤵
  PID:5136
- C:\Windows\System\HlEygxp.exe
  C:\Windows\System\HlEygxp.exe
  2⤵
  PID:5156
- C:\Windows\System\JPlNpTL.exe
  C:\Windows\System\JPlNpTL.exe
  2⤵
  PID:5200
- C:\Windows\System\HNYHSGh.exe
  C:\Windows\System\HNYHSGh.exe
  2⤵
  PID:5232
- C:\Windows\System\gjijGPF.exe
  C:\Windows\System\gjijGPF.exe
  2⤵
  PID:5280
- C:\Windows\System\oXpRUOP.exe
  C:\Windows\System\oXpRUOP.exe
  2⤵
  PID:5312
- C:\Windows\System\XsbPgYR.exe
  C:\Windows\System\XsbPgYR.exe
  2⤵
  PID:5328
- C:\Windows\System\bkdbIPo.exe
  C:\Windows\System\bkdbIPo.exe
  2⤵
  PID:5368
- C:\Windows\System\SpHPmtl.exe
  C:\Windows\System\SpHPmtl.exe
  2⤵
  PID:5396
- C:\Windows\System\fFCYXQS.exe
  C:\Windows\System\fFCYXQS.exe
  2⤵
  PID:5432
- C:\Windows\System\Rsnumyi.exe
  C:\Windows\System\Rsnumyi.exe
  2⤵
  PID:5464
- C:\Windows\System\TZryClq.exe
  C:\Windows\System\TZryClq.exe
  2⤵
  PID:5496
- C:\Windows\System\DFDPWzx.exe
  C:\Windows\System\DFDPWzx.exe
  2⤵
  PID:5528
- C:\Windows\System\urgqdxX.exe
  C:\Windows\System\urgqdxX.exe
  2⤵
  PID:5556
- C:\Windows\System\TbnxCEn.exe
  C:\Windows\System\TbnxCEn.exe
  2⤵
  PID:5596
- C:\Windows\System\rjtwAbb.exe
  C:\Windows\System\rjtwAbb.exe
  2⤵
  PID:5620
- C:\Windows\System\eZIFzLP.exe
  C:\Windows\System\eZIFzLP.exe
  2⤵
  PID:5656
- C:\Windows\System\NoYTmuI.exe
  C:\Windows\System\NoYTmuI.exe
  2⤵
  PID:5700
- C:\Windows\System\ljONaJF.exe
  C:\Windows\System\ljONaJF.exe
  2⤵
  PID:5716
- C:\Windows\System\DnOWhmw.exe
  C:\Windows\System\DnOWhmw.exe
  2⤵
  PID:5756
- C:\Windows\System\BnHQjEN.exe
  C:\Windows\System\BnHQjEN.exe
  2⤵
  PID:5784
- C:\Windows\System\YCLfMgO.exe
  C:\Windows\System\YCLfMgO.exe
  2⤵
  PID:5812
- C:\Windows\System\cXDUjYx.exe
  C:\Windows\System\cXDUjYx.exe
  2⤵
  PID:5864
- C:\Windows\System\ATpJejA.exe
  C:\Windows\System\ATpJejA.exe
  2⤵
  PID:5880
- C:\Windows\System\gfcSmBD.exe
  C:\Windows\System\gfcSmBD.exe
  2⤵
  PID:5928
- C:\Windows\System\xaYYCcT.exe
  C:\Windows\System\xaYYCcT.exe
  2⤵
  PID:5948
- C:\Windows\System\UcYRQNh.exe
  C:\Windows\System\UcYRQNh.exe
  2⤵
  PID:5976
- C:\Windows\System\gNKTQzH.exe
  C:\Windows\System\gNKTQzH.exe
  2⤵
  PID:6008
- C:\Windows\System\KYNSouK.exe
  C:\Windows\System\KYNSouK.exe
  2⤵
  PID:6040
- C:\Windows\System\iCYaAKF.exe
  C:\Windows\System\iCYaAKF.exe
  2⤵
  PID:6072
- C:\Windows\System\TcSBDSP.exe
  C:\Windows\System\TcSBDSP.exe
  2⤵
  PID:6120
- C:\Windows\System\uvFmXDd.exe
  C:\Windows\System\uvFmXDd.exe
  2⤵
  PID:5124
- C:\Windows\System\TCFeQlK.exe
  C:\Windows\System\TCFeQlK.exe
  2⤵
  PID:5192
- C:\Windows\System\yipYFtP.exe
  C:\Windows\System\yipYFtP.exe
  2⤵
  PID:5212
- C:\Windows\System\UpiQOiX.exe
  C:\Windows\System\UpiQOiX.exe
  2⤵
  PID:5272
- C:\Windows\System\LAQKCKz.exe
  C:\Windows\System\LAQKCKz.exe
  2⤵
  PID:5356
- C:\Windows\System\HfptHgE.exe
  C:\Windows\System\HfptHgE.exe
  2⤵
  PID:5388
- C:\Windows\System\vFFuGcp.exe
  C:\Windows\System\vFFuGcp.exe
  2⤵
  PID:5440
- C:\Windows\System\NxJUOjd.exe
  C:\Windows\System\NxJUOjd.exe
  2⤵
  PID:5504
- C:\Windows\System\JhcsVpy.exe
  C:\Windows\System\JhcsVpy.exe
  2⤵
  PID:5580
- C:\Windows\System\tdgYQKw.exe
  C:\Windows\System\tdgYQKw.exe
  2⤵
  PID:5648
- C:\Windows\System\UgoBaHq.exe
  C:\Windows\System\UgoBaHq.exe
  2⤵
  PID:5692
- C:\Windows\System\dilvbHv.exe
  C:\Windows\System\dilvbHv.exe
  2⤵
  PID:5764
- C:\Windows\System\sejsquv.exe
  C:\Windows\System\sejsquv.exe
  2⤵
  PID:3192
- C:\Windows\System\MmWGFDQ.exe
  C:\Windows\System\MmWGFDQ.exe
  2⤵
  PID:2268
- C:\Windows\System\yrgevAQ.exe
  C:\Windows\System\yrgevAQ.exe
  2⤵
  PID:5856
- C:\Windows\System\IxPNPRJ.exe
  C:\Windows\System\IxPNPRJ.exe
  2⤵
  PID:2348
- C:\Windows\System\ebFNRNR.exe
  C:\Windows\System\ebFNRNR.exe
  2⤵
  PID:5956
- C:\Windows\System\QGnnRLz.exe
  C:\Windows\System\QGnnRLz.exe
  2⤵
  PID:6056
- C:\Windows\System\bWnWFur.exe
  C:\Windows\System\bWnWFur.exe
  2⤵
  PID:6116
- C:\Windows\System\ltvGgdT.exe
  C:\Windows\System\ltvGgdT.exe
  2⤵
  PID:4588
- C:\Windows\System\EWrQCzY.exe
  C:\Windows\System\EWrQCzY.exe
  2⤵
  PID:5164
- C:\Windows\System\CctgeBc.exe
  C:\Windows\System\CctgeBc.exe
  2⤵
  PID:5276
- C:\Windows\System\mvVeErz.exe
  C:\Windows\System\mvVeErz.exe
  2⤵
  PID:5352
- C:\Windows\System\uQTJFhj.exe
  C:\Windows\System\uQTJFhj.exe
  2⤵
  PID:5472
- C:\Windows\System\HChvOgf.exe
  C:\Windows\System\HChvOgf.exe
  2⤵
  PID:5552
- C:\Windows\System\aIOPRNB.exe
  C:\Windows\System\aIOPRNB.exe
  2⤵
  PID:5616
- C:\Windows\System\wbgPUIK.exe
  C:\Windows\System\wbgPUIK.exe
  2⤵
  PID:5728
- C:\Windows\System\UNaFsca.exe
  C:\Windows\System\UNaFsca.exe
  2⤵
  PID:5776
- C:\Windows\System\MllTmKI.exe
  C:\Windows\System\MllTmKI.exe
  2⤵
  PID:5892
- C:\Windows\System\DKcfiVX.exe
  C:\Windows\System\DKcfiVX.exe
  2⤵
  PID:6000
- C:\Windows\System\qUTuoVi.exe
  C:\Windows\System\qUTuoVi.exe
  2⤵
  PID:6100
- C:\Windows\System\oAcHEXc.exe
  C:\Windows\System\oAcHEXc.exe
  2⤵
  PID:5216
- C:\Windows\System\shxVeiw.exe
  C:\Windows\System\shxVeiw.exe
  2⤵
  PID:3048
- C:\Windows\System\fxZlAyU.exe
  C:\Windows\System\fxZlAyU.exe
  2⤵
  PID:5516
- C:\Windows\System\HnEuuyI.exe
  C:\Windows\System\HnEuuyI.exe
  2⤵
  PID:5688
- C:\Windows\System\zsVlidk.exe
  C:\Windows\System\zsVlidk.exe
  2⤵
  PID:3900
- C:\Windows\System\IlEVvEf.exe
  C:\Windows\System\IlEVvEf.exe
  2⤵
  PID:6032
- C:\Windows\System\NpprKQC.exe
  C:\Windows\System\NpprKQC.exe
  2⤵
  PID:5320
- C:\Windows\System\NLyLupT.exe
  C:\Windows\System\NLyLupT.exe
  2⤵
  PID:3548
- C:\Windows\System\YHzXNCu.exe
  C:\Windows\System\YHzXNCu.exe
  2⤵
  PID:5988
- C:\Windows\System\KcMnqli.exe
  C:\Windows\System\KcMnqli.exe
  2⤵
  PID:4240
- C:\Windows\System\AOqvvMw.exe
  C:\Windows\System\AOqvvMw.exe
  2⤵
  PID:5992
- C:\Windows\System\AAOABAK.exe
  C:\Windows\System\AAOABAK.exe
  2⤵
  PID:5176
- C:\Windows\System\ehTeXqC.exe
  C:\Windows\System\ehTeXqC.exe
  2⤵
  PID:3788
- C:\Windows\System\mZLhRqd.exe
  C:\Windows\System\mZLhRqd.exe
  2⤵
  PID:6168
- C:\Windows\System\rktzZwu.exe
  C:\Windows\System\rktzZwu.exe
  2⤵
  PID:6208
- C:\Windows\System\zZboDcl.exe
  C:\Windows\System\zZboDcl.exe
  2⤵
  PID:6240
- C:\Windows\System\CJcSRjp.exe
  C:\Windows\System\CJcSRjp.exe
  2⤵
  PID:6268
- C:\Windows\System\mcYrpgU.exe
  C:\Windows\System\mcYrpgU.exe
  2⤵
  PID:6304
- C:\Windows\System\uXrVygv.exe
  C:\Windows\System\uXrVygv.exe
  2⤵
  PID:6340
- C:\Windows\System\sOANdEW.exe
  C:\Windows\System\sOANdEW.exe
  2⤵
  PID:6364
- C:\Windows\System\zGozSVw.exe
  C:\Windows\System\zGozSVw.exe
  2⤵
  PID:6404
- C:\Windows\System\xNVAKKc.exe
  C:\Windows\System\xNVAKKc.exe
  2⤵
  PID:6428
- C:\Windows\System\QKzGMGN.exe
  C:\Windows\System\QKzGMGN.exe
  2⤵
  PID:6468
- C:\Windows\System\JeeTgIu.exe
  C:\Windows\System\JeeTgIu.exe
  2⤵
  PID:6500
- C:\Windows\System\jPQSNQt.exe
  C:\Windows\System\jPQSNQt.exe
  2⤵
  PID:6532
- C:\Windows\System\VEASAqz.exe
  C:\Windows\System\VEASAqz.exe
  2⤵
  PID:6564
- C:\Windows\System\polLIAG.exe
  C:\Windows\System\polLIAG.exe
  2⤵
  PID:6596
- C:\Windows\System\uvmfGjO.exe
  C:\Windows\System\uvmfGjO.exe
  2⤵
  PID:6628
- C:\Windows\System\MHVdFEE.exe
  C:\Windows\System\MHVdFEE.exe
  2⤵
  PID:6660
- C:\Windows\System\DKQUyEP.exe
  C:\Windows\System\DKQUyEP.exe
  2⤵
  PID:6692
- C:\Windows\System\oMaMmQJ.exe
  C:\Windows\System\oMaMmQJ.exe
  2⤵
  PID:6720
- C:\Windows\System\EVGawsR.exe
  C:\Windows\System\EVGawsR.exe
  2⤵
  PID:6756
- C:\Windows\System\dUZhvwu.exe
  C:\Windows\System\dUZhvwu.exe
  2⤵
  PID:6780
- C:\Windows\System\xiSIAgL.exe
  C:\Windows\System\xiSIAgL.exe
  2⤵
  PID:6820
- C:\Windows\System\ZOEjTZA.exe
  C:\Windows\System\ZOEjTZA.exe
  2⤵
  PID:6852
- C:\Windows\System\hkXWLXe.exe
  C:\Windows\System\hkXWLXe.exe
  2⤵
  PID:6876
- C:\Windows\System\VMZXASS.exe
  C:\Windows\System\VMZXASS.exe
  2⤵
  PID:6908
- C:\Windows\System\zRccQua.exe
  C:\Windows\System\zRccQua.exe
  2⤵
  PID:6956
- C:\Windows\System\bNzUHOd.exe
  C:\Windows\System\bNzUHOd.exe
  2⤵
  PID:6980
- C:\Windows\System\xgsyWTU.exe
  C:\Windows\System\xgsyWTU.exe
  2⤵
  PID:7012
- C:\Windows\System\QFpTfjJ.exe
  C:\Windows\System\QFpTfjJ.exe
  2⤵
  PID:7044
- C:\Windows\System\VIVAVup.exe
  C:\Windows\System\VIVAVup.exe
  2⤵
  PID:7076
- C:\Windows\System\yQHTZfM.exe
  C:\Windows\System\yQHTZfM.exe
  2⤵
  PID:7112
- C:\Windows\System\CdoVyLk.exe
  C:\Windows\System\CdoVyLk.exe
  2⤵
  PID:7144
- C:\Windows\System\sCkwyfv.exe
  C:\Windows\System\sCkwyfv.exe
  2⤵
  PID:6148
- C:\Windows\System\NRpdEfh.exe
  C:\Windows\System\NRpdEfh.exe
  2⤵
  PID:6184
- C:\Windows\System\trYHqDb.exe
  C:\Windows\System\trYHqDb.exe
  2⤵
  PID:6252
- C:\Windows\System\QuobZNE.exe
  C:\Windows\System\QuobZNE.exe
  2⤵
  PID:6316
- C:\Windows\System\TWGCLLt.exe
  C:\Windows\System\TWGCLLt.exe
  2⤵
  PID:6380
- C:\Windows\System\PwXGabO.exe
  C:\Windows\System\PwXGabO.exe
  2⤵
  PID:6444
- C:\Windows\System\CfURvhS.exe
  C:\Windows\System\CfURvhS.exe
  2⤵
  PID:6508
- C:\Windows\System\UVqnnVk.exe
  C:\Windows\System\UVqnnVk.exe
  2⤵
  PID:3748
- C:\Windows\System\ipFMNsr.exe
  C:\Windows\System\ipFMNsr.exe
  2⤵
  PID:6608
- C:\Windows\System\ZdiZjOd.exe
  C:\Windows\System\ZdiZjOd.exe
  2⤵
  PID:6668
- C:\Windows\System\EnUxuBp.exe
  C:\Windows\System\EnUxuBp.exe
  2⤵
  PID:6740
- C:\Windows\System\ATbInjP.exe
  C:\Windows\System\ATbInjP.exe
  2⤵
  PID:6796
- C:\Windows\System\IZzqGCv.exe
  C:\Windows\System\IZzqGCv.exe
  2⤵
  PID:3824
- C:\Windows\System\MdVRiHx.exe
  C:\Windows\System\MdVRiHx.exe
  2⤵
  PID:6888
- C:\Windows\System\pWHfcWo.exe
  C:\Windows\System\pWHfcWo.exe
  2⤵
  PID:6936
- C:\Windows\System\ZvCLWmg.exe
  C:\Windows\System\ZvCLWmg.exe
  2⤵
  PID:4016
- C:\Windows\System\VoVWTno.exe
  C:\Windows\System\VoVWTno.exe
  2⤵
  PID:7060
- C:\Windows\System\pdNWHXf.exe
  C:\Windows\System\pdNWHXf.exe
  2⤵
  PID:7124
- C:\Windows\System\eoXdGmQ.exe
  C:\Windows\System\eoXdGmQ.exe
  2⤵
  PID:5548
- C:\Windows\System\chFCxFP.exe
  C:\Windows\System\chFCxFP.exe
  2⤵
  PID:6224
- C:\Windows\System\SbxApYV.exe
  C:\Windows\System\SbxApYV.exe
  2⤵
  PID:6348
- C:\Windows\System\WJhDvYz.exe
  C:\Windows\System\WJhDvYz.exe
  2⤵
  PID:6520
- C:\Windows\System\nROjuSd.exe
  C:\Windows\System\nROjuSd.exe
  2⤵
  PID:6584
- C:\Windows\System\gdajTRG.exe
  C:\Windows\System\gdajTRG.exe
  2⤵
  PID:6712
- C:\Windows\System\XUwcocc.exe
  C:\Windows\System\XUwcocc.exe
  2⤵
  PID:6828
- C:\Windows\System\gQAnWDE.exe
  C:\Windows\System\gQAnWDE.exe
  2⤵
  PID:6924
- C:\Windows\System\sLqIljQ.exe
  C:\Windows\System\sLqIljQ.exe
  2⤵
  PID:7020
- C:\Windows\System\JpgRshZ.exe
  C:\Windows\System\JpgRshZ.exe
  2⤵
  PID:7096
- C:\Windows\System\NnWQJHL.exe
  C:\Windows\System\NnWQJHL.exe
  2⤵
  PID:6220
- C:\Windows\System\fJaQMuI.exe
  C:\Windows\System\fJaQMuI.exe
  2⤵
  PID:7100
- C:\Windows\System\seCKxEB.exe
  C:\Windows\System\seCKxEB.exe
  2⤵
  PID:4164
- C:\Windows\System\effJXfu.exe
  C:\Windows\System\effJXfu.exe
  2⤵
  PID:6872
- C:\Windows\System\fNctgCV.exe
  C:\Windows\System\fNctgCV.exe
  2⤵
  PID:7088
- C:\Windows\System\ZArYeTj.exe
  C:\Windows\System\ZArYeTj.exe
  2⤵
  PID:4948
- C:\Windows\System\hIVVTjz.exe
  C:\Windows\System\hIVVTjz.exe
  2⤵
  PID:1504
- C:\Windows\System\kJKQxAK.exe
  C:\Windows\System\kJKQxAK.exe
  2⤵
  PID:4976
- C:\Windows\System\inAsGsk.exe
  C:\Windows\System\inAsGsk.exe
  2⤵
  PID:6768
- C:\Windows\System\yRhCyfG.exe
  C:\Windows\System\yRhCyfG.exe
  2⤵
  PID:7184
- C:\Windows\System\FrSFdWs.exe
  C:\Windows\System\FrSFdWs.exe
  2⤵
  PID:7224
- C:\Windows\System\Xqaxzlz.exe
  C:\Windows\System\Xqaxzlz.exe
  2⤵
  PID:7256
- C:\Windows\System\onyFImd.exe
  C:\Windows\System\onyFImd.exe
  2⤵
  PID:7288
- C:\Windows\System\yNBAjnS.exe
  C:\Windows\System\yNBAjnS.exe
  2⤵
  PID:7320
- C:\Windows\System\BtFKYPm.exe
  C:\Windows\System\BtFKYPm.exe
  2⤵
  PID:7352
- C:\Windows\System\BJGTksp.exe
  C:\Windows\System\BJGTksp.exe
  2⤵
  PID:7376
- C:\Windows\System\HpchmbY.exe
  C:\Windows\System\HpchmbY.exe
  2⤵
  PID:7416
- C:\Windows\System\HRNkmnz.exe
  C:\Windows\System\HRNkmnz.exe
  2⤵
  PID:7444
- C:\Windows\System\EDVXzQq.exe
  C:\Windows\System\EDVXzQq.exe
  2⤵
  PID:7472
- C:\Windows\System\DpFLJpq.exe
  C:\Windows\System\DpFLJpq.exe
  2⤵
  PID:7512
- C:\Windows\System\aJGYLLw.exe
  C:\Windows\System\aJGYLLw.exe
  2⤵
  PID:7536
- C:\Windows\System\dJShNLF.exe
  C:\Windows\System\dJShNLF.exe
  2⤵
  PID:7568
- C:\Windows\System\bASHgow.exe
  C:\Windows\System\bASHgow.exe
  2⤵
  PID:7604
- C:\Windows\System\WXlKKuY.exe
  C:\Windows\System\WXlKKuY.exe
  2⤵
  PID:7632
- C:\Windows\System\cUHDmEt.exe
  C:\Windows\System\cUHDmEt.exe
  2⤵
  PID:7664
- C:\Windows\System\WfWkvHH.exe
  C:\Windows\System\WfWkvHH.exe
  2⤵
  PID:7700
- C:\Windows\System\GljKDiU.exe
  C:\Windows\System\GljKDiU.exe
  2⤵
  PID:7736
- C:\Windows\System\JuIyzoE.exe
  C:\Windows\System\JuIyzoE.exe
  2⤵
  PID:7768
- C:\Windows\System\RFlqbrT.exe
  C:\Windows\System\RFlqbrT.exe
  2⤵
  PID:7792
- C:\Windows\System\GisOkTg.exe
  C:\Windows\System\GisOkTg.exe
  2⤵
  PID:7832
- C:\Windows\System\EnfImbu.exe
  C:\Windows\System\EnfImbu.exe
  2⤵
  PID:7856
- C:\Windows\System\bewuzPR.exe
  C:\Windows\System\bewuzPR.exe
  2⤵
  PID:7892
- C:\Windows\System\suDmnVO.exe
  C:\Windows\System\suDmnVO.exe
  2⤵
  PID:7932
- C:\Windows\System\WnguUrh.exe
  C:\Windows\System\WnguUrh.exe
  2⤵
  PID:7960
- C:\Windows\System\atWmQpO.exe
  C:\Windows\System\atWmQpO.exe
  2⤵
  PID:7996
- C:\Windows\System\pzLHklW.exe
  C:\Windows\System\pzLHklW.exe
  2⤵
  PID:8020
- C:\Windows\System\HhjFysY.exe
  C:\Windows\System\HhjFysY.exe
  2⤵
  PID:8052
- C:\Windows\System\RvfVjRO.exe
  C:\Windows\System\RvfVjRO.exe
  2⤵
  PID:8084
- C:\Windows\System\UtxmdGy.exe
  C:\Windows\System\UtxmdGy.exe
  2⤵
  PID:8116
- C:\Windows\System\QkzMnrx.exe
  C:\Windows\System\QkzMnrx.exe
  2⤵
  PID:8152
- C:\Windows\System\fqbVasK.exe
  C:\Windows\System\fqbVasK.exe
  2⤵
  PID:8180
- C:\Windows\System\mKGwzwx.exe
  C:\Windows\System\mKGwzwx.exe
  2⤵
  PID:4404
- C:\Windows\System\rqhSZfX.exe
  C:\Windows\System\rqhSZfX.exe
  2⤵
  PID:3380
- C:\Windows\System\KhkFoIi.exe
  C:\Windows\System\KhkFoIi.exe
  2⤵
  PID:7300
- C:\Windows\System\jsEeLPh.exe
  C:\Windows\System\jsEeLPh.exe
  2⤵
  PID:7360
- C:\Windows\System\qaxmqRA.exe
  C:\Windows\System\qaxmqRA.exe
  2⤵
  PID:7432
- C:\Windows\System\HXhgCft.exe
  C:\Windows\System\HXhgCft.exe
  2⤵
  PID:7484
- C:\Windows\System\ylgZeso.exe
  C:\Windows\System\ylgZeso.exe
  2⤵
  PID:7580
- C:\Windows\System\yHGMbuK.exe
  C:\Windows\System\yHGMbuK.exe
  2⤵
  PID:7612
- C:\Windows\System\CsYstjH.exe
  C:\Windows\System\CsYstjH.exe
  2⤵
  PID:7660
- C:\Windows\System\QDHHkou.exe
  C:\Windows\System\QDHHkou.exe
  2⤵
  PID:2840
- C:\Windows\System\LnukyDW.exe
  C:\Windows\System\LnukyDW.exe
  2⤵
  PID:7780
- C:\Windows\System\RmQHUDU.exe
  C:\Windows\System\RmQHUDU.exe
  2⤵
  PID:7820
- C:\Windows\System\JoZUkeo.exe
  C:\Windows\System\JoZUkeo.exe
  2⤵
  PID:7880
- C:\Windows\System\lPTuFuV.exe
  C:\Windows\System\lPTuFuV.exe
  2⤵
  PID:7968
- C:\Windows\System\xIciDFr.exe
  C:\Windows\System\xIciDFr.exe
  2⤵
  PID:8032
- C:\Windows\System\murmyUa.exe
  C:\Windows\System\murmyUa.exe
  2⤵
  PID:8100
- C:\Windows\System\tWIWqBC.exe
  C:\Windows\System\tWIWqBC.exe
  2⤵
  PID:8140
- C:\Windows\System\xvfVwgZ.exe
  C:\Windows\System\xvfVwgZ.exe
  2⤵
  PID:7208
- C:\Windows\System\jkeyrbp.exe
  C:\Windows\System\jkeyrbp.exe
  2⤵
  PID:7332
- C:\Windows\System\jvwCMne.exe
  C:\Windows\System\jvwCMne.exe
  2⤵
  PID:7452
- C:\Windows\System\fKoZyyC.exe
  C:\Windows\System\fKoZyyC.exe
  2⤵
  PID:4332
- C:\Windows\System\DtmPoxd.exe
  C:\Windows\System\DtmPoxd.exe
  2⤵
  PID:3392
- C:\Windows\System\wehzXJB.exe
  C:\Windows\System\wehzXJB.exe
  2⤵
  PID:5012
- C:\Windows\System\YkLTEzr.exe
  C:\Windows\System\YkLTEzr.exe
  2⤵
  PID:7564
- C:\Windows\System\AniSFRq.exe
  C:\Windows\System\AniSFRq.exe
  2⤵
  PID:7628
- C:\Windows\System\sVtBUcs.exe
  C:\Windows\System\sVtBUcs.exe
  2⤵
  PID:7708
- C:\Windows\System\unjsHBF.exe
  C:\Windows\System\unjsHBF.exe
  2⤵
  PID:7816
- C:\Windows\System\nzdYfjl.exe
  C:\Windows\System\nzdYfjl.exe
  2⤵
  PID:7984
- C:\Windows\System\qBrSbEy.exe
  C:\Windows\System\qBrSbEy.exe
  2⤵
  PID:8096
- C:\Windows\System\AofJEeg.exe
  C:\Windows\System\AofJEeg.exe
  2⤵
  PID:7232
- C:\Windows\System\wAelIId.exe
  C:\Windows\System\wAelIId.exe
  2⤵
  PID:4580
- C:\Windows\System\KHeoaBX.exe
  C:\Windows\System\KHeoaBX.exe
  2⤵
  PID:4448
- C:\Windows\System\szEwHlF.exe
  C:\Windows\System\szEwHlF.exe
  2⤵
  PID:7532
- C:\Windows\System\nOulKEV.exe
  C:\Windows\System\nOulKEV.exe
  2⤵
  PID:7788
- C:\Windows\System\AKnSQVJ.exe
  C:\Windows\System\AKnSQVJ.exe
  2⤵
  PID:8064
- C:\Windows\System\UABGOjw.exe
  C:\Windows\System\UABGOjw.exe
  2⤵
  PID:2308
- C:\Windows\System\GQYRKMG.exe
  C:\Windows\System\GQYRKMG.exe
  2⤵
  PID:2404
- C:\Windows\System\rJtDzzG.exe
  C:\Windows\System\rJtDzzG.exe
  2⤵
  PID:7276
- C:\Windows\System\kvZjqyB.exe
  C:\Windows\System\kvZjqyB.exe
  2⤵
  PID:2320
- C:\Windows\System\BnRmSwg.exe
  C:\Windows\System\BnRmSwg.exe
  2⤵
  PID:436
- C:\Windows\System\CatsHbD.exe
  C:\Windows\System\CatsHbD.exe
  2⤵
  PID:8224
- C:\Windows\System\aCGzcEg.exe
  C:\Windows\System\aCGzcEg.exe
  2⤵
  PID:8256
- C:\Windows\System\OMOZXly.exe
  C:\Windows\System\OMOZXly.exe
  2⤵
  PID:8280
- C:\Windows\System\rOTnSLv.exe
  C:\Windows\System\rOTnSLv.exe
  2⤵
  PID:8312
- C:\Windows\System\bPsZxBR.exe
  C:\Windows\System\bPsZxBR.exe
  2⤵
  PID:8344
- C:\Windows\System\YkPUNvb.exe
  C:\Windows\System\YkPUNvb.exe
  2⤵
  PID:8376
- C:\Windows\System\mQPhFYc.exe
  C:\Windows\System\mQPhFYc.exe
  2⤵
  PID:8408
- C:\Windows\System\MeGepvI.exe
  C:\Windows\System\MeGepvI.exe
  2⤵
  PID:8448
- C:\Windows\System\sErOyBe.exe
  C:\Windows\System\sErOyBe.exe
  2⤵
  PID:8480
- C:\Windows\System\imGqRoj.exe
  C:\Windows\System\imGqRoj.exe
  2⤵
  PID:8504
- C:\Windows\System\GRHzTnn.exe
  C:\Windows\System\GRHzTnn.exe
  2⤵
  PID:8536
- C:\Windows\System\YVNxvhd.exe
  C:\Windows\System\YVNxvhd.exe
  2⤵
  PID:8572
- C:\Windows\System\ZMEvwJj.exe
  C:\Windows\System\ZMEvwJj.exe
  2⤵
  PID:8604
- C:\Windows\System\OuyOkCk.exe
  C:\Windows\System\OuyOkCk.exe
  2⤵
  PID:8636
- C:\Windows\System\ASbVJbo.exe
  C:\Windows\System\ASbVJbo.exe
  2⤵
  PID:8668
- C:\Windows\System\WDHYWSb.exe
  C:\Windows\System\WDHYWSb.exe
  2⤵
  PID:8708
- C:\Windows\System\UjtNPep.exe
  C:\Windows\System\UjtNPep.exe
  2⤵
  PID:8740
- C:\Windows\System\hRqZDcu.exe
  C:\Windows\System\hRqZDcu.exe
  2⤵
  PID:8772
- C:\Windows\System\lJcXyyQ.exe
  C:\Windows\System\lJcXyyQ.exe
  2⤵
  PID:8804
- C:\Windows\System\YyaOoBf.exe
  C:\Windows\System\YyaOoBf.exe
  2⤵
  PID:8828
- C:\Windows\System\sERqryo.exe
  C:\Windows\System\sERqryo.exe
  2⤵
  PID:8860
- C:\Windows\System\XYQSQfh.exe
  C:\Windows\System\XYQSQfh.exe
  2⤵
  PID:8892
- C:\Windows\System\XByQHeR.exe
  C:\Windows\System\XByQHeR.exe
  2⤵
  PID:8924
- C:\Windows\System\scalAnE.exe
  C:\Windows\System\scalAnE.exe
  2⤵
  PID:8956
- C:\Windows\System\XUhJKvv.exe
  C:\Windows\System\XUhJKvv.exe
  2⤵
  PID:8988
- C:\Windows\System\ykTcRmW.exe
  C:\Windows\System\ykTcRmW.exe
  2⤵
  PID:9020
- C:\Windows\System\RtnZZtc.exe
  C:\Windows\System\RtnZZtc.exe
  2⤵
  PID:9052
- C:\Windows\System\jyyDeaO.exe
  C:\Windows\System\jyyDeaO.exe
  2⤵
  PID:9084
- C:\Windows\System\xjlqphp.exe
  C:\Windows\System\xjlqphp.exe
  2⤵
  PID:9116
- C:\Windows\System\kbwYZQp.exe
  C:\Windows\System\kbwYZQp.exe
  2⤵
  PID:9148
- C:\Windows\System\CaGzGGY.exe
  C:\Windows\System\CaGzGGY.exe
  2⤵
  PID:9180
- C:\Windows\System\SVOYOdO.exe
  C:\Windows\System\SVOYOdO.exe
  2⤵
  PID:9212
- C:\Windows\System\OcxZDfJ.exe
  C:\Windows\System\OcxZDfJ.exe
  2⤵
  PID:8240
- C:\Windows\System\WvUusva.exe
  C:\Windows\System\WvUusva.exe
  2⤵
  PID:8304
- C:\Windows\System\uflnKCU.exe
  C:\Windows\System\uflnKCU.exe
  2⤵
  PID:8356
- C:\Windows\System\QaDMBsC.exe
  C:\Windows\System\QaDMBsC.exe
  2⤵
  PID:8404
- C:\Windows\System\wKdOGNv.exe
  C:\Windows\System\wKdOGNv.exe
  2⤵
  PID:8488
- C:\Windows\System\ypGDcsG.exe
  C:\Windows\System\ypGDcsG.exe
  2⤵
  PID:8552
- C:\Windows\System\hyiBCaY.exe
  C:\Windows\System\hyiBCaY.exe
  2⤵
  PID:8596
- C:\Windows\System\iZwOWuT.exe
  C:\Windows\System\iZwOWuT.exe
  2⤵
  PID:8664
- C:\Windows\System\qTFWkwF.exe
  C:\Windows\System\qTFWkwF.exe
  2⤵
  PID:8724
- C:\Windows\System\DjcGYSr.exe
  C:\Windows\System\DjcGYSr.exe
  2⤵
  PID:8788
- C:\Windows\System\vPIGaMf.exe
  C:\Windows\System\vPIGaMf.exe
  2⤵
  PID:8852
- C:\Windows\System\mwHRgze.exe
  C:\Windows\System\mwHRgze.exe
  2⤵
  PID:8920
- C:\Windows\System\BKBaGOj.exe
  C:\Windows\System\BKBaGOj.exe
  2⤵
  PID:8984
- C:\Windows\System\YpYwpGq.exe
  C:\Windows\System\YpYwpGq.exe
  2⤵
  PID:9048
- C:\Windows\System\CWPUoaf.exe
  C:\Windows\System\CWPUoaf.exe
  2⤵
  PID:9112
- C:\Windows\System\QCmTPxA.exe
  C:\Windows\System\QCmTPxA.exe
  2⤵
  PID:9176
- C:\Windows\System\fBEeZTM.exe
  C:\Windows\System\fBEeZTM.exe
  2⤵
  PID:8272
- C:\Windows\System\ialrZBx.exe
  C:\Windows\System\ialrZBx.exe
  2⤵
  PID:8372
- C:\Windows\System\ygBUGRB.exe
  C:\Windows\System\ygBUGRB.exe
  2⤵
  PID:8464
- C:\Windows\System\SYqPbdf.exe
  C:\Windows\System\SYqPbdf.exe
  2⤵
  PID:8584
- C:\Windows\System\bNzYanE.exe
  C:\Windows\System\bNzYanE.exe
  2⤵
  PID:8720
- C:\Windows\System\ERfOQKx.exe
  C:\Windows\System\ERfOQKx.exe
  2⤵
  PID:8820
- C:\Windows\System\bWdJdpC.exe
  C:\Windows\System\bWdJdpC.exe
  2⤵
  PID:8948
- C:\Windows\System\IuGVePn.exe
  C:\Windows\System\IuGVePn.exe
  2⤵
  PID:9080
- C:\Windows\System\HtRvmiX.exe
  C:\Windows\System\HtRvmiX.exe
  2⤵
  PID:9208
- C:\Windows\System\pndopDn.exe
  C:\Windows\System\pndopDn.exe
  2⤵
  PID:8400
- C:\Windows\System\qXtNIDD.exe
  C:\Windows\System\qXtNIDD.exe
  2⤵
  PID:8628
- C:\Windows\System\cDUMqxm.exe
  C:\Windows\System\cDUMqxm.exe
  2⤵
  PID:8876
- C:\Windows\System\wqfxzvV.exe
  C:\Windows\System\wqfxzvV.exe
  2⤵
  PID:9140
- C:\Windows\System\yxvKiWG.exe
  C:\Windows\System\yxvKiWG.exe
  2⤵
  PID:8516
- C:\Windows\System\inxyJgk.exe
  C:\Windows\System\inxyJgk.exe
  2⤵
  PID:8940
- C:\Windows\System\LFdpFok.exe
  C:\Windows\System\LFdpFok.exe
  2⤵
  PID:5100
- C:\Windows\System\yhreniH.exe
  C:\Windows\System\yhreniH.exe
  2⤵
  PID:8812
- C:\Windows\System\sLyShVN.exe
  C:\Windows\System\sLyShVN.exe
  2⤵
  PID:9228
- C:\Windows\System\WKCxQoq.exe
  C:\Windows\System\WKCxQoq.exe
  2⤵
  PID:9260
- C:\Windows\System\EWcdOYA.exe
  C:\Windows\System\EWcdOYA.exe
  2⤵
  PID:9292
- C:\Windows\System\PAituNw.exe
  C:\Windows\System\PAituNw.exe
  2⤵
  PID:9340
- C:\Windows\System\BmTDZIq.exe
  C:\Windows\System\BmTDZIq.exe
  2⤵
  PID:9356
- C:\Windows\System\SraMQYj.exe
  C:\Windows\System\SraMQYj.exe
  2⤵
  PID:9392
- C:\Windows\System\dskTOUE.exe
  C:\Windows\System\dskTOUE.exe
  2⤵
  PID:9424
- C:\Windows\System\vVrykVN.exe
  C:\Windows\System\vVrykVN.exe
  2⤵
  PID:9460
- C:\Windows\System\VGWBrGA.exe
  C:\Windows\System\VGWBrGA.exe
  2⤵
  PID:9488
- C:\Windows\System\QpQrOpy.exe
  C:\Windows\System\QpQrOpy.exe
  2⤵
  PID:9524
- C:\Windows\System\LUQnAXa.exe
  C:\Windows\System\LUQnAXa.exe
  2⤵
  PID:9552
- C:\Windows\System\fqBMJrF.exe
  C:\Windows\System\fqBMJrF.exe
  2⤵
  PID:9584
- C:\Windows\System\NOHZRIx.exe
  C:\Windows\System\NOHZRIx.exe
  2⤵
  PID:9616
- C:\Windows\System\sBXoosN.exe
  C:\Windows\System\sBXoosN.exe
  2⤵
  PID:9648
- C:\Windows\System\YlBroNU.exe
  C:\Windows\System\YlBroNU.exe
  2⤵
  PID:9684
- C:\Windows\System\EbMCMDp.exe
  C:\Windows\System\EbMCMDp.exe
  2⤵
  PID:9712
- C:\Windows\System\PYePIHg.exe
  C:\Windows\System\PYePIHg.exe
  2⤵
  PID:9744
- C:\Windows\System\KITcHNq.exe
  C:\Windows\System\KITcHNq.exe
  2⤵
  PID:9776
- C:\Windows\System\sPRiGrx.exe
  C:\Windows\System\sPRiGrx.exe
  2⤵
  PID:9808
- C:\Windows\System\fgztopx.exe
  C:\Windows\System\fgztopx.exe
  2⤵
  PID:9840
- C:\Windows\System\EcGkijB.exe
  C:\Windows\System\EcGkijB.exe
  2⤵
  PID:9872
- C:\Windows\System\qcmEoKY.exe
  C:\Windows\System\qcmEoKY.exe
  2⤵
  PID:9904
- C:\Windows\System\nefvRth.exe
  C:\Windows\System\nefvRth.exe
  2⤵
  PID:9936
- C:\Windows\System\UbpPxlR.exe
  C:\Windows\System\UbpPxlR.exe
  2⤵
  PID:9968
- C:\Windows\System\dRsBWJn.exe
  C:\Windows\System\dRsBWJn.exe
  2⤵
  PID:10000
- C:\Windows\System\SSJHJYx.exe
  C:\Windows\System\SSJHJYx.exe
  2⤵
  PID:10048
- C:\Windows\System\ySlczrQ.exe
  C:\Windows\System\ySlczrQ.exe
  2⤵
  PID:10064
- C:\Windows\System\EWoeypk.exe
  C:\Windows\System\EWoeypk.exe
  2⤵
  PID:10096
- C:\Windows\System\JouCLsa.exe
  C:\Windows\System\JouCLsa.exe
  2⤵
  PID:10128
- C:\Windows\System\KikYzYt.exe
  C:\Windows\System\KikYzYt.exe
  2⤵
  PID:10144
- C:\Windows\System\XkpapaK.exe
  C:\Windows\System\XkpapaK.exe
  2⤵
  PID:10192
- C:\Windows\System\KZLDRdX.exe
  C:\Windows\System\KZLDRdX.exe
  2⤵
  PID:10224
- C:\Windows\System\ntFaLqf.exe
  C:\Windows\System\ntFaLqf.exe
  2⤵
  PID:9272
- C:\Windows\System\WRinVNu.exe
  C:\Windows\System\WRinVNu.exe
  2⤵
  PID:9316
- C:\Windows\System\vRGYIZu.exe
  C:\Windows\System\vRGYIZu.exe
  2⤵
  PID:9372
- C:\Windows\System\iKlQCJM.exe
  C:\Windows\System\iKlQCJM.exe
  2⤵
  PID:9440
- C:\Windows\System\QtDTJBE.exe
  C:\Windows\System\QtDTJBE.exe
  2⤵
  PID:9512
- C:\Windows\System\Bftongs.exe
  C:\Windows\System\Bftongs.exe
  2⤵
  PID:9596
- C:\Windows\System\ciyIFOF.exe
  C:\Windows\System\ciyIFOF.exe
  2⤵
  PID:9660
- C:\Windows\System\XpzlyCV.exe
  C:\Windows\System\XpzlyCV.exe
  2⤵
  PID:9704
- C:\Windows\System\ITGLtIa.exe
  C:\Windows\System\ITGLtIa.exe
  2⤵
  PID:9788
- C:\Windows\System\nTQUBHC.exe
  C:\Windows\System\nTQUBHC.exe
  2⤵
  PID:9852
- C:\Windows\System\fIHjqUs.exe
  C:\Windows\System\fIHjqUs.exe
  2⤵
  PID:9916
- C:\Windows\System\mABHgXu.exe
  C:\Windows\System\mABHgXu.exe
  2⤵
  PID:9984
- C:\Windows\System\yxTOeRY.exe
  C:\Windows\System\yxTOeRY.exe
  2⤵
  PID:10044
- C:\Windows\System\gQJxZLr.exe
  C:\Windows\System\gQJxZLr.exe
  2⤵
  PID:10092
- C:\Windows\System\tYXFwit.exe
  C:\Windows\System\tYXFwit.exe
  2⤵
  PID:10160
- C:\Windows\System\PrNksUe.exe
  C:\Windows\System\PrNksUe.exe
  2⤵
  PID:10216
- C:\Windows\System\gSZNmWs.exe
  C:\Windows\System\gSZNmWs.exe
  2⤵
  PID:9304
- C:\Windows\System\UqGOlUu.exe
  C:\Windows\System\UqGOlUu.exe
  2⤵
  PID:9420
- C:\Windows\System\kbrlEbc.exe
  C:\Windows\System\kbrlEbc.exe
  2⤵
  PID:9568
- C:\Windows\System\nUTOKmw.exe
  C:\Windows\System\nUTOKmw.exe
  2⤵
  PID:9632
- C:\Windows\System\OnRUwST.exe
  C:\Windows\System\OnRUwST.exe
  2⤵
  PID:9800
- C:\Windows\System\FypkWvB.exe
  C:\Windows\System\FypkWvB.exe
  2⤵
  PID:9952
- C:\Windows\System\HnsoJpS.exe
  C:\Windows\System\HnsoJpS.exe
  2⤵
  PID:10076
- C:\Windows\System\CokYIJt.exe
  C:\Windows\System\CokYIJt.exe
  2⤵
  PID:10208
- C:\Windows\System\lbVukvH.exe
  C:\Windows\System\lbVukvH.exe
  2⤵
  PID:9500
- C:\Windows\System\psKZjoE.exe
  C:\Windows\System\psKZjoE.exe
  2⤵
  PID:9736
- C:\Windows\System\Hszxngp.exe
  C:\Windows\System\Hszxngp.exe
  2⤵
  PID:10016
- C:\Windows\System\byvVsNB.exe
  C:\Windows\System\byvVsNB.exe
  2⤵
  PID:10168
- C:\Windows\System\qSffffv.exe
  C:\Windows\System\qSffffv.exe
  2⤵
  PID:9612
- C:\Windows\System\fWtVpqE.exe
  C:\Windows\System\fWtVpqE.exe
  2⤵
  PID:10124
- C:\Windows\System\GFnprWQ.exe
  C:\Windows\System\GFnprWQ.exe
  2⤵
  PID:9996
- C:\Windows\System\LgupmsD.exe
  C:\Windows\System\LgupmsD.exe
  2⤵
  PID:9544
- C:\Windows\System\wCHVgDI.exe
  C:\Windows\System\wCHVgDI.exe
  2⤵
  PID:10276
- C:\Windows\System\HeMqAtK.exe
  C:\Windows\System\HeMqAtK.exe
  2⤵
  PID:10304
- C:\Windows\System\YoBPXKT.exe
  C:\Windows\System\YoBPXKT.exe
  2⤵
  PID:10336
- C:\Windows\System\TDpQwdc.exe
  C:\Windows\System\TDpQwdc.exe
  2⤵
  PID:10372
- C:\Windows\System\UgpLAgm.exe
  C:\Windows\System\UgpLAgm.exe
  2⤵
  PID:10400
- C:\Windows\System\BxEzBwX.exe
  C:\Windows\System\BxEzBwX.exe
  2⤵
  PID:10432
- C:\Windows\System\vCXdCIX.exe
  C:\Windows\System\vCXdCIX.exe
  2⤵
  PID:10464
- C:\Windows\System\LrlThEM.exe
  C:\Windows\System\LrlThEM.exe
  2⤵
  PID:10496
- C:\Windows\System\vBhrTtS.exe
  C:\Windows\System\vBhrTtS.exe
  2⤵
  PID:10528
- C:\Windows\System\QGvXQBB.exe
  C:\Windows\System\QGvXQBB.exe
  2⤵
  PID:10560
- C:\Windows\System\QtQgiSS.exe
  C:\Windows\System\QtQgiSS.exe
  2⤵
  PID:10584
- C:\Windows\System\MCNhAmd.exe
  C:\Windows\System\MCNhAmd.exe
  2⤵
  PID:10624
- C:\Windows\System\aeFSdBH.exe
  C:\Windows\System\aeFSdBH.exe
  2⤵
  PID:10656
- C:\Windows\System\HLfbkeo.exe
  C:\Windows\System\HLfbkeo.exe
  2⤵
  PID:10688
- C:\Windows\System\QXpYlXt.exe
  C:\Windows\System\QXpYlXt.exe
  2⤵
  PID:10720
- C:\Windows\System\MNKlNzN.exe
  C:\Windows\System\MNKlNzN.exe
  2⤵
  PID:10760
- C:\Windows\System\pFeJeHk.exe
  C:\Windows\System\pFeJeHk.exe
  2⤵
  PID:10784
- C:\Windows\System\QskfzUo.exe
  C:\Windows\System\QskfzUo.exe
  2⤵
  PID:10816
- C:\Windows\System\AZEWCGV.exe
  C:\Windows\System\AZEWCGV.exe
  2⤵
  PID:10848
- C:\Windows\System\EymJrks.exe
  C:\Windows\System\EymJrks.exe
  2⤵
  PID:10880
- C:\Windows\System\iARzbCg.exe
  C:\Windows\System\iARzbCg.exe
  2⤵
  PID:10916
- C:\Windows\System\zFqXees.exe
  C:\Windows\System\zFqXees.exe
  2⤵
  PID:10944
- C:\Windows\System\aJCTNWe.exe
  C:\Windows\System\aJCTNWe.exe
  2⤵
  PID:10976
- C:\Windows\System\uazefiQ.exe
  C:\Windows\System\uazefiQ.exe
  2⤵
  PID:11008
- C:\Windows\System\gUixTBG.exe
  C:\Windows\System\gUixTBG.exe
  2⤵
  PID:11040
- C:\Windows\System\woJaHaf.exe
  C:\Windows\System\woJaHaf.exe
  2⤵
  PID:11076
- C:\Windows\System\NFUhMcB.exe
  C:\Windows\System\NFUhMcB.exe
  2⤵
  PID:11108
- C:\Windows\System\tzgxQGi.exe
  C:\Windows\System\tzgxQGi.exe
  2⤵
  PID:11140
- C:\Windows\System\YtZpMCy.exe
  C:\Windows\System\YtZpMCy.exe
  2⤵
  PID:11172
- C:\Windows\System\NQOFmXl.exe
  C:\Windows\System\NQOFmXl.exe
  2⤵
  PID:11204
- C:\Windows\System\BsyZjpW.exe
  C:\Windows\System\BsyZjpW.exe
  2⤵
  PID:11236
- C:\Windows\System\QqErlCd.exe
  C:\Windows\System\QqErlCd.exe
  2⤵
  PID:11252
- C:\Windows\System\LGSQauL.exe
  C:\Windows\System\LGSQauL.exe
  2⤵
  PID:10316
- C:\Windows\System\ATwKXhM.exe
  C:\Windows\System\ATwKXhM.exe
  2⤵
  PID:10380
- C:\Windows\System\AGNcULM.exe
  C:\Windows\System\AGNcULM.exe
  2⤵
  PID:10444
- C:\Windows\System\bhKRflQ.exe
  C:\Windows\System\bhKRflQ.exe
  2⤵
  PID:10508
- C:\Windows\System\nRFDisR.exe
  C:\Windows\System\nRFDisR.exe
  2⤵
  PID:10576
- C:\Windows\System\jqIyEGu.exe
  C:\Windows\System\jqIyEGu.exe
  2⤵
  PID:10636
- C:\Windows\System\fmXzfaG.exe
  C:\Windows\System\fmXzfaG.exe
  2⤵
  PID:10700
- C:\Windows\System\KEEJXiA.exe
  C:\Windows\System\KEEJXiA.exe
  2⤵
  PID:10776
- C:\Windows\System\olMrHYY.exe
  C:\Windows\System\olMrHYY.exe
  2⤵
  PID:10828
- C:\Windows\System\lACEGxN.exe
  C:\Windows\System\lACEGxN.exe
  2⤵
  PID:10876
- C:\Windows\System\kzPstVw.exe
  C:\Windows\System\kzPstVw.exe
  2⤵
  PID:10956
- C:\Windows\System\XRCPsgf.exe
  C:\Windows\System\XRCPsgf.exe
  2⤵
  PID:11024
- C:\Windows\System\FxxqeTK.exe
  C:\Windows\System\FxxqeTK.exe
  2⤵
  PID:11072
- C:\Windows\System\ARDKcBZ.exe
  C:\Windows\System\ARDKcBZ.exe
  2⤵
  PID:11136
- C:\Windows\System\IvLcFhH.exe
  C:\Windows\System\IvLcFhH.exe
  2⤵
  PID:11200
- C:\Windows\System\AjfTfcU.exe
  C:\Windows\System\AjfTfcU.exe
  2⤵
  PID:10264
- C:\Windows\System\VYVrwwp.exe
  C:\Windows\System\VYVrwwp.exe
  2⤵
  PID:10364
- C:\Windows\System\nwQiDBi.exe
  C:\Windows\System\nwQiDBi.exe
  2⤵
  PID:10552
- C:\Windows\System\lRICeGf.exe
  C:\Windows\System\lRICeGf.exe
  2⤵
  PID:10620
- C:\Windows\System\CpcfjpW.exe
  C:\Windows\System\CpcfjpW.exe
  2⤵
  PID:10748
- C:\Windows\System\MeRBGUs.exe
  C:\Windows\System\MeRBGUs.exe
  2⤵
  PID:10872
- C:\Windows\System\ittQZSn.exe
  C:\Windows\System\ittQZSn.exe
  2⤵
  PID:11000
- C:\Windows\System\bIlAGJV.exe
  C:\Windows\System\bIlAGJV.exe
  2⤵
  PID:11068
- C:\Windows\System\HoCmiHY.exe
  C:\Windows\System\HoCmiHY.exe
  2⤵
  PID:11228
- C:\Windows\System\thENMjR.exe
  C:\Windows\System\thENMjR.exe
  2⤵
  PID:10480
- C:\Windows\System\FSdPtTK.exe
  C:\Windows\System\FSdPtTK.exe
  2⤵
  PID:10744
- C:\Windows\System\gQKVpLH.exe
  C:\Windows\System\gQKVpLH.exe
  2⤵
  PID:10928
- C:\Windows\System\Atrkilr.exe
  C:\Windows\System\Atrkilr.exe
  2⤵
  PID:10252
- C:\Windows\System\fIyhsqs.exe
  C:\Windows\System\fIyhsqs.exe
  2⤵
  PID:10732
- C:\Windows\System\jjhHeaz.exe
  C:\Windows\System\jjhHeaz.exe
  2⤵
  PID:10972
- C:\Windows\System\vRaPJjg.exe
  C:\Windows\System\vRaPJjg.exe
  2⤵
  PID:10616
- C:\Windows\System\lPsxMIE.exe
  C:\Windows\System\lPsxMIE.exe
  2⤵
  PID:11284
- C:\Windows\System\ckQQsBl.exe
  C:\Windows\System\ckQQsBl.exe
  2⤵
  PID:11316
- C:\Windows\System\lGIFIxC.exe
  C:\Windows\System\lGIFIxC.exe
  2⤵
  PID:11348
- C:\Windows\System\nZqFOQh.exe
  C:\Windows\System\nZqFOQh.exe
  2⤵
  PID:11388
- C:\Windows\System\WxrrjCn.exe
  C:\Windows\System\WxrrjCn.exe
  2⤵
  PID:11412
- C:\Windows\System\TSVBLrF.exe
  C:\Windows\System\TSVBLrF.exe
  2⤵
  PID:11444
- C:\Windows\System\nWbRXAa.exe
  C:\Windows\System\nWbRXAa.exe
  2⤵
  PID:11476
- C:\Windows\System\HqlBynS.exe
  C:\Windows\System\HqlBynS.exe
  2⤵
  PID:11512
- C:\Windows\System\EaROyCI.exe
  C:\Windows\System\EaROyCI.exe
  2⤵
  PID:11560
- C:\Windows\System\JGRGXUv.exe
  C:\Windows\System\JGRGXUv.exe
  2⤵
  PID:11576
- C:\Windows\System\IHFiNZQ.exe
  C:\Windows\System\IHFiNZQ.exe
  2⤵
  PID:11608
- C:\Windows\System\FFEmitT.exe
  C:\Windows\System\FFEmitT.exe
  2⤵
  PID:11640
- C:\Windows\System\UgCdYFb.exe
  C:\Windows\System\UgCdYFb.exe
  2⤵
  PID:11672
- C:\Windows\System\zLyFdcg.exe
  C:\Windows\System\zLyFdcg.exe
  2⤵
  PID:11688
- C:\Windows\System\JXnpWEe.exe
  C:\Windows\System\JXnpWEe.exe
  2⤵
  PID:11728
- C:\Windows\System\JKwiJcS.exe
  C:\Windows\System\JKwiJcS.exe
  2⤵
  PID:11768
- C:\Windows\System\OyVthqa.exe
  C:\Windows\System\OyVthqa.exe
  2⤵
  PID:11808
- C:\Windows\System\lpiOVPj.exe
  C:\Windows\System\lpiOVPj.exe
  2⤵
  PID:11832
- C:\Windows\System\AJgPnUS.exe
  C:\Windows\System\AJgPnUS.exe
  2⤵
  PID:11872
- C:\Windows\System\zjbCKNK.exe
  C:\Windows\System\zjbCKNK.exe
  2⤵
  PID:11896
- C:\Windows\System\deYcaot.exe
  C:\Windows\System\deYcaot.exe
  2⤵
  PID:11932
- C:\Windows\System\dsacDfM.exe
  C:\Windows\System\dsacDfM.exe
  2⤵
  PID:11964
- C:\Windows\System\gZtGeCW.exe
  C:\Windows\System\gZtGeCW.exe
  2⤵
  PID:11996
- C:\Windows\System\LsAkAtk.exe
  C:\Windows\System\LsAkAtk.exe
  2⤵
  PID:12028
- C:\Windows\System\uSsvkpu.exe
  C:\Windows\System\uSsvkpu.exe
  2⤵
  PID:12060
- C:\Windows\System\tewNSKk.exe
  C:\Windows\System\tewNSKk.exe
  2⤵
  PID:12092
- C:\Windows\System\WynfVrp.exe
  C:\Windows\System\WynfVrp.exe
  2⤵
  PID:12124
- C:\Windows\System\eiTJfxg.exe
  C:\Windows\System\eiTJfxg.exe
  2⤵
  PID:12160
- C:\Windows\System\OQIRDoB.exe
  C:\Windows\System\OQIRDoB.exe
  2⤵
  PID:12188
- C:\Windows\System\ATKCUbj.exe
  C:\Windows\System\ATKCUbj.exe
  2⤵
  PID:12220
- C:\Windows\System\zJERqqT.exe
  C:\Windows\System\zJERqqT.exe
  2⤵
  PID:12252
- C:\Windows\System\IoByMob.exe
  C:\Windows\System\IoByMob.exe
  2⤵
  PID:12284
- C:\Windows\System\bojhpNb.exe
  C:\Windows\System\bojhpNb.exe
  2⤵
  PID:11312
- C:\Windows\System\HRvXWvB.exe
  C:\Windows\System\HRvXWvB.exe
  2⤵
  PID:11376
- C:\Windows\System\bJNBQVa.exe
  C:\Windows\System\bJNBQVa.exe
  2⤵
  PID:11440
- C:\Windows\System\EykvRxB.exe
  C:\Windows\System\EykvRxB.exe
  2⤵
  PID:11508
- C:\Windows\System\LmiGZOF.exe
  C:\Windows\System\LmiGZOF.exe
  2⤵
  PID:11588
- C:\Windows\System\YSKSOyD.exe
  C:\Windows\System\YSKSOyD.exe
  2⤵
  PID:11652
- C:\Windows\System\sguAXNB.exe
  C:\Windows\System\sguAXNB.exe
  2⤵
  PID:11704
- C:\Windows\System\HourYsI.exe
  C:\Windows\System\HourYsI.exe
  2⤵
  PID:11748
- C:\Windows\System\uzjWXBo.exe
  C:\Windows\System\uzjWXBo.exe
  2⤵
  PID:11888
- C:\Windows\System\iBWHTXg.exe
  C:\Windows\System\iBWHTXg.exe
  2⤵
  PID:11976
- C:\Windows\System\MGzRHVs.exe
  C:\Windows\System\MGzRHVs.exe
  2⤵
  PID:12056
- C:\Windows\System\NgvddKS.exe
  C:\Windows\System\NgvddKS.exe
  2⤵
  PID:12152
- C:\Windows\System\ulXjMOK.exe
  C:\Windows\System\ulXjMOK.exe
  2⤵
  PID:12216
- C:\Windows\System\petLxIL.exe
  C:\Windows\System\petLxIL.exe
  2⤵
  PID:11276
- C:\Windows\System\sxleQIC.exe
  C:\Windows\System\sxleQIC.exe
  2⤵
  PID:11436
- C:\Windows\System\HmMCBDs.exe
  C:\Windows\System\HmMCBDs.exe
  2⤵
  PID:11632
- C:\Windows\System\WLcscum.exe
  C:\Windows\System\WLcscum.exe
  2⤵
  PID:11844
- C:\Windows\System\RGxgIDJ.exe
  C:\Windows\System\RGxgIDJ.exe
  2⤵
  PID:4296
- C:\Windows\System\PbwnjlO.exe
  C:\Windows\System\PbwnjlO.exe
  2⤵
  PID:12180
- C:\Windows\System\ZuWkiuQ.exe
  C:\Windows\System\ZuWkiuQ.exe
  2⤵
  PID:12280
- C:\Windows\System\IBIDNle.exe
  C:\Windows\System\IBIDNle.exe
  2⤵
  PID:11620
- C:\Windows\System\MhMnoIC.exe
  C:\Windows\System\MhMnoIC.exe
  2⤵
  PID:3804
- C:\Windows\System\SmUftBO.exe
  C:\Windows\System\SmUftBO.exe
  2⤵
  PID:828
- C:\Windows\System\tKbzvbp.exe
  C:\Windows\System\tKbzvbp.exe
  2⤵
  PID:4836
- C:\Windows\System\VIteCkq.exe
  C:\Windows\System\VIteCkq.exe
  2⤵
  PID:1748
- C:\Windows\System\frYvasO.exe
  C:\Windows\System\frYvasO.exe
  2⤵
  PID:12212
- C:\Windows\System\LIWPvtN.exe
  C:\Windows\System\LIWPvtN.exe
  2⤵
  PID:11924
- C:\Windows\System\dLlVsrr.exe
  C:\Windows\System\dLlVsrr.exe
  2⤵
  PID:3812
- C:\Windows\System\MfXvSRo.exe
  C:\Windows\System\MfXvSRo.exe
  2⤵
  PID:12304
- C:\Windows\System\GOKxEcx.exe
  C:\Windows\System\GOKxEcx.exe
  2⤵
  PID:12340
- C:\Windows\System\PzJpUNk.exe
  C:\Windows\System\PzJpUNk.exe
  2⤵
  PID:12380
- C:\Windows\System\UBsXlLB.exe
  C:\Windows\System\UBsXlLB.exe
  2⤵
  PID:12412
- C:\Windows\System\NXUUJGM.exe
  C:\Windows\System\NXUUJGM.exe
  2⤵
  PID:12460
- C:\Windows\System\LlZqZso.exe
  C:\Windows\System\LlZqZso.exe
  2⤵
  PID:12488
- C:\Windows\System\gXZiqUn.exe
  C:\Windows\System\gXZiqUn.exe
  2⤵
  PID:12520
- C:\Windows\System\xcUmpKI.exe
  C:\Windows\System\xcUmpKI.exe
  2⤵
  PID:12552
- C:\Windows\System\kqmGfDz.exe
  C:\Windows\System\kqmGfDz.exe
  2⤵
  PID:12584
- C:\Windows\System\AdzkgYV.exe
  C:\Windows\System\AdzkgYV.exe
  2⤵
  PID:12616
- C:\Windows\System\ApefmBf.exe
  C:\Windows\System\ApefmBf.exe
  2⤵
  PID:12648
- C:\Windows\System\LhVmpwG.exe
  C:\Windows\System\LhVmpwG.exe
  2⤵
  PID:12680
- C:\Windows\System\mKfGxCc.exe
  C:\Windows\System\mKfGxCc.exe
  2⤵
  PID:12712
- C:\Windows\System\FSVYVRS.exe
  C:\Windows\System\FSVYVRS.exe
  2⤵
  PID:12744
- C:\Windows\System\WAUKNur.exe
  C:\Windows\System\WAUKNur.exe
  2⤵
  PID:12776
- C:\Windows\System\wPwfWhK.exe
  C:\Windows\System\wPwfWhK.exe
  2⤵
  PID:12808
- C:\Windows\System\nxLNcCf.exe
  C:\Windows\System\nxLNcCf.exe
  2⤵
  PID:12840
- C:\Windows\System\mYdRfGm.exe
  C:\Windows\System\mYdRfGm.exe
  2⤵
  PID:12872
- C:\Windows\System\eyTfkHJ.exe
  C:\Windows\System\eyTfkHJ.exe
  2⤵
  PID:12908
- C:\Windows\System\PykWkTo.exe
  C:\Windows\System\PykWkTo.exe
  2⤵
  PID:12940
- C:\Windows\System\lhXrQLK.exe
  C:\Windows\System\lhXrQLK.exe
  2⤵
  PID:12972
- C:\Windows\System\FHqbhwf.exe
  C:\Windows\System\FHqbhwf.exe
  2⤵
  PID:13004
- C:\Windows\System\IiRtJAN.exe
  C:\Windows\System\IiRtJAN.exe
  2⤵
  PID:13036
- C:\Windows\System\MnTZMpC.exe
  C:\Windows\System\MnTZMpC.exe
  2⤵
  PID:13052
- C:\Windows\System\hyzKDZk.exe
  C:\Windows\System\hyzKDZk.exe
  2⤵
  PID:13100
- C:\Windows\System\RqSTmrv.exe
  C:\Windows\System\RqSTmrv.exe
  2⤵
  PID:13132
- C:\Windows\System\scJZaIP.exe
  C:\Windows\System\scJZaIP.exe
  2⤵
  PID:13164
- C:\Windows\System\lkPrPPV.exe
  C:\Windows\System\lkPrPPV.exe
  2⤵
  PID:13204
- C:\Windows\System\ObCeMHN.exe
  C:\Windows\System\ObCeMHN.exe
  2⤵
  PID:13228
- C:\Windows\System\JjCtqbz.exe
  C:\Windows\System\JjCtqbz.exe
  2⤵
  PID:13260
- C:\Windows\System\qdrqynM.exe
  C:\Windows\System\qdrqynM.exe
  2⤵
  PID:13292
- C:\Windows\System\OPbZiLF.exe
  C:\Windows\System\OPbZiLF.exe
  2⤵
  PID:4716
- C:\Windows\System\eXPHruT.exe
  C:\Windows\System\eXPHruT.exe
  2⤵
  PID:12336
- C:\Windows\System\heetTKI.exe
  C:\Windows\System\heetTKI.exe
  2⤵
  PID:12420
- C:\Windows\System\MASFWnb.exe
  C:\Windows\System\MASFWnb.exe
  2⤵
  PID:12480
- C:\Windows\System\EJugsJj.exe
  C:\Windows\System\EJugsJj.exe
  2⤵
  PID:12548
- C:\Windows\System\DikkcTC.exe
  C:\Windows\System\DikkcTC.exe
  2⤵
  PID:12608
- C:\Windows\System\NvUloAd.exe
  C:\Windows\System\NvUloAd.exe
  2⤵
  PID:12672
- C:\Windows\System\yAszkPJ.exe
  C:\Windows\System\yAszkPJ.exe
  2⤵
  PID:2164
- C:\Windows\System\AhsGTof.exe
  C:\Windows\System\AhsGTof.exe
  2⤵
  PID:12772
- C:\Windows\System\buXaYEF.exe
  C:\Windows\System\buXaYEF.exe
  2⤵
  PID:12832
- C:\Windows\System\NcxGZPY.exe
  C:\Windows\System\NcxGZPY.exe
  2⤵
  PID:12900
- C:\Windows\System\dlZBWZv.exe
  C:\Windows\System\dlZBWZv.exe
  2⤵
  PID:12956
- C:\Windows\System\QqbaMUV.exe
  C:\Windows\System\QqbaMUV.exe
  2⤵
  PID:13088
- C:\Windows\System\jvgpVOM.exe
  C:\Windows\System\jvgpVOM.exe
  2⤵
  PID:13112
- C:\Windows\System\xAXDLgu.exe
  C:\Windows\System\xAXDLgu.exe
  2⤵
  PID:13160
- C:\Windows\System\RMhEjQU.exe
  C:\Windows\System\RMhEjQU.exe
  2⤵
  PID:3308
- C:\Windows\System\MYYeuhr.exe
  C:\Windows\System\MYYeuhr.exe
  2⤵
  PID:13276
- C:\Windows\System\FkvvpMj.exe
  C:\Windows\System\FkvvpMj.exe
  2⤵
  PID:1160
- C:\Windows\System\qEzCzDF.exe
  C:\Windows\System\qEzCzDF.exe
  2⤵
  PID:12404
- C:\Windows\System\jrfWVDo.exe
  C:\Windows\System\jrfWVDo.exe
  2⤵
  PID:12536
- C:\Windows\System\YWIBMIh.exe
  C:\Windows\System\YWIBMIh.exe
  2⤵
  PID:12664
- C:\Windows\System\VnyjdGx.exe
  C:\Windows\System\VnyjdGx.exe
  2⤵
  PID:4272
- C:\Windows\System\ZdJpJuD.exe
  C:\Windows\System\ZdJpJuD.exe
  2⤵
  PID:12932
- C:\Windows\System\gGnanEf.exe
  C:\Windows\System\gGnanEf.exe
  2⤵
  PID:13000
- C:\Windows\System\stDxaKT.exe
  C:\Windows\System\stDxaKT.exe
  2⤵
  PID:13116
- C:\Windows\System\WQdwoGE.exe
  C:\Windows\System\WQdwoGE.exe
  2⤵
  PID:13244
- C:\Windows\System\owlixkw.exe
  C:\Windows\System\owlixkw.exe
  2⤵
  PID:12372
- C:\Windows\System\eXcZyMc.exe
  C:\Windows\System\eXcZyMc.exe
  2⤵
  PID:12600
- C:\Windows\System\zYkKPVd.exe
  C:\Windows\System\zYkKPVd.exe
  2⤵
  PID:12820
- C:\Windows\System\BJrIibh.exe
  C:\Windows\System\BJrIibh.exe
  2⤵
  PID:13016
- C:\Windows\System\xmwMoGk.exe
  C:\Windows\System\xmwMoGk.exe
  2⤵
  PID:13240
- C:\Windows\System\xjtofeH.exe
  C:\Windows\System\xjtofeH.exe
  2⤵
  PID:1132
- C:\Windows\System\RJUxNLZ.exe
  C:\Windows\System\RJUxNLZ.exe
  2⤵
  PID:13192
- C:\Windows\System\zDyCuJX.exe
  C:\Windows\System\zDyCuJX.exe
  2⤵
  PID:12348
- C:\Windows\System\VxRrzBO.exe
  C:\Windows\System\VxRrzBO.exe
  2⤵
  PID:12728
- C:\Windows\System\dudnAGb.exe
  C:\Windows\System\dudnAGb.exe
  2⤵
  PID:13316
- C:\Windows\System\baYYtRV.exe
  C:\Windows\System\baYYtRV.exe
  2⤵
  PID:13348
- C:\Windows\System\ZgmcZcd.exe
  C:\Windows\System\ZgmcZcd.exe
  2⤵
  PID:13380
- C:\Windows\System\FcTsfHB.exe
  C:\Windows\System\FcTsfHB.exe
  2⤵
  PID:13412
- C:\Windows\System\RxWkoJD.exe
  C:\Windows\System\RxWkoJD.exe
  2⤵
  PID:13448
- C:\Windows\System\WSRTaSC.exe
  C:\Windows\System\WSRTaSC.exe
  2⤵
  PID:13480
- C:\Windows\System\pNlANBm.exe
  C:\Windows\System\pNlANBm.exe
  2⤵
  PID:13512
- C:\Windows\System\ylTZRkB.exe
  C:\Windows\System\ylTZRkB.exe
  2⤵
  PID:13544
- C:\Windows\System\ofNsinC.exe
  C:\Windows\System\ofNsinC.exe
  2⤵
  PID:13576
- C:\Windows\System\xCnOPom.exe
  C:\Windows\System\xCnOPom.exe
  2⤵
  PID:13608
- C:\Windows\System\euXUUhf.exe
  C:\Windows\System\euXUUhf.exe
  2⤵
  PID:13640
- C:\Windows\System\lAFpgpM.exe
  C:\Windows\System\lAFpgpM.exe
  2⤵
  PID:13672
- C:\Windows\System\BTaEELi.exe
  C:\Windows\System\BTaEELi.exe
  2⤵
  PID:13704
- C:\Windows\System\LcZDUCE.exe
  C:\Windows\System\LcZDUCE.exe
  2⤵
  PID:13736
- C:\Windows\System\FVYlOmd.exe
  C:\Windows\System\FVYlOmd.exe
  2⤵
  PID:13776
- C:\Windows\System\eiTLtPs.exe
  C:\Windows\System\eiTLtPs.exe
  2⤵
  PID:13800
- C:\Windows\System\aLwtkDr.exe
  C:\Windows\System\aLwtkDr.exe
  2⤵
  PID:13832
- C:\Windows\System\SqDEzdN.exe
  C:\Windows\System\SqDEzdN.exe
  2⤵
  PID:13864
- C:\Windows\System\sDeCaTX.exe
  C:\Windows\System\sDeCaTX.exe
  2⤵
  PID:13896
- C:\Windows\System\UQWAvmW.exe
  C:\Windows\System\UQWAvmW.exe
  2⤵
  PID:13928
- C:\Windows\System\eHhZuCX.exe
  C:\Windows\System\eHhZuCX.exe
  2⤵
  PID:13960
- C:\Windows\System\RROUXxw.exe
  C:\Windows\System\RROUXxw.exe
  2⤵
  PID:13976
- C:\Windows\System\IMakxmh.exe
  C:\Windows\System\IMakxmh.exe
  2⤵
  PID:13992
- C:\Windows\System\CYEcsWr.exe
  C:\Windows\System\CYEcsWr.exe
  2⤵
  PID:14008
- C:\Windows\System\fONzDGR.exe
  C:\Windows\System\fONzDGR.exe
  2⤵
  PID:14072
- C:\Windows\System\QNtcxAX.exe
  C:\Windows\System\QNtcxAX.exe
  2⤵
  PID:14120
- C:\Windows\System\gcXOkQo.exe
  C:\Windows\System\gcXOkQo.exe
  2⤵
  PID:14152
- C:\Windows\System\IacZQdt.exe
  C:\Windows\System\IacZQdt.exe
  2⤵
  PID:14188
- C:\Windows\System\PAxCalm.exe
  C:\Windows\System\PAxCalm.exe
  2⤵
  PID:14216
- C:\Windows\System\SFGpfug.exe
  C:\Windows\System\SFGpfug.exe
  2⤵
  PID:14264
- C:\Windows\System\hIwqgRz.exe
  C:\Windows\System\hIwqgRz.exe
  2⤵
  PID:14296
- C:\Windows\System\DxMRuBJ.exe
  C:\Windows\System\DxMRuBJ.exe
  2⤵
  PID:14328
- C:\Windows\System\YesogvF.exe
  C:\Windows\System\YesogvF.exe
  2⤵
  PID:13328
- C:\Windows\System\qilIotT.exe
  C:\Windows\System\qilIotT.exe
  2⤵
  PID:13404
- C:\Windows\System\oVvFOgs.exe
  C:\Windows\System\oVvFOgs.exe
  2⤵
  PID:13492
- C:\Windows\System\fAdeudj.exe
  C:\Windows\System\fAdeudj.exe
  2⤵
  PID:13536
- C:\Windows\System\bMNaXLr.exe
  C:\Windows\System\bMNaXLr.exe
  2⤵
  PID:13600
- C:\Windows\System\bCbhuQc.exe
  C:\Windows\System\bCbhuQc.exe
  2⤵
  PID:13668
- C:\Windows\System\mIArAuD.exe
  C:\Windows\System\mIArAuD.exe
  2⤵
  PID:13732
- C:\Windows\System\biXIXSO.exe
  C:\Windows\System\biXIXSO.exe
  2⤵
  PID:13788
- C:\Windows\System\BAIvXhk.exe
  C:\Windows\System\BAIvXhk.exe
  2⤵
  PID:13848
- C:\Windows\System\udimEcb.exe
  C:\Windows\System\udimEcb.exe
  2⤵
  PID:13908
- C:\Windows\System\JrPeYjX.exe
  C:\Windows\System\JrPeYjX.exe
  2⤵
  PID:13944
- C:\Windows\System\SedaYZm.exe
  C:\Windows\System\SedaYZm.exe
  2⤵
  PID:13952
- C:\Windows\System\yCixumH.exe
  C:\Windows\System\yCixumH.exe
  2⤵
  PID:13968
- C:\Windows\System\SOcfEsh.exe
  C:\Windows\System\SOcfEsh.exe
  2⤵
  PID:14016
- C:\Windows\System\vJpiwbu.exe
  C:\Windows\System\vJpiwbu.exe
  2⤵
  PID:14088
- C:\Windows\System\NPkvkFn.exe
  C:\Windows\System\NPkvkFn.exe
  2⤵
  PID:14104
- C:\Windows\System\ZLBZLnB.exe
  C:\Windows\System\ZLBZLnB.exe
  2⤵
  PID:14140
- C:\Windows\System\BbxJuDT.exe
  C:\Windows\System\BbxJuDT.exe
  2⤵
  PID:14212
- C:\Windows\System\ydLvNKT.exe
  C:\Windows\System\ydLvNKT.exe
  2⤵
  PID:14288
- C:\Windows\System\zcVZDeS.exe
  C:\Windows\System\zcVZDeS.exe
  2⤵
  PID:13332
- C:\Windows\System\SuEuaJT.exe
  C:\Windows\System\SuEuaJT.exe
  2⤵
  PID:2116
- C:\Windows\System\TzBWMXM.exe
  C:\Windows\System\TzBWMXM.exe
  2⤵
  PID:13688
- C:\Windows\System\alKgJvU.exe
  C:\Windows\System\alKgJvU.exe
  2⤵
  PID:13764
- C:\Windows\System\qMnHkWx.exe
  C:\Windows\System\qMnHkWx.exe
  2⤵
  PID:3700
- C:\Windows\System\oBoLwkP.exe
  C:\Windows\System\oBoLwkP.exe
  2⤵
  PID:14116
- C:\Windows\System\LfGkbVs.exe
  C:\Windows\System\LfGkbVs.exe
  2⤵
  PID:14164
- C:\Windows\System\tjuPxpQ.exe
  C:\Windows\System\tjuPxpQ.exe
  2⤵
  PID:13344
- C:\Windows\System\GRAqsUN.exe
  C:\Windows\System\GRAqsUN.exe
  2⤵
  PID:3636
- C:\Windows\System\hDKrjOV.exe
  C:\Windows\System\hDKrjOV.exe
  2⤵
  PID:13816
- C:\Windows\System\EpkoqYh.exe
  C:\Windows\System\EpkoqYh.exe
  2⤵
  PID:14128
- C:\Windows\System\uuPcYCL.exe
  C:\Windows\System\uuPcYCL.exe
  2⤵
  PID:14208
- C:\Windows\System\GtyiFZr.exe
  C:\Windows\System\GtyiFZr.exe
  2⤵
  PID:13508
- C:\Windows\System\PgmMEHw.exe
  C:\Windows\System\PgmMEHw.exe
  2⤵
  PID:1724
- C:\Windows\System\LkzDIGi.exe
  C:\Windows\System\LkzDIGi.exe
  2⤵
  PID:14196
- C:\Windows\System\PNjWBod.exe
  C:\Windows\System\PNjWBod.exe
  2⤵
  PID:13988
- C:\Windows\System\mjQpCTs.exe
  C:\Windows\System\mjQpCTs.exe
  2⤵
  PID:14240
- C:\Windows\System\qHIcZRU.exe
  C:\Windows\System\qHIcZRU.exe
  2⤵
  PID:4772
- C:\Windows\System\yvngEiF.exe
  C:\Windows\System\yvngEiF.exe
  2⤵
  PID:3868
- C:\Windows\System\lHXeUbv.exe
  C:\Windows\System\lHXeUbv.exe
  2⤵
  PID:14368
- C:\Windows\System\pBBbkzc.exe
  C:\Windows\System\pBBbkzc.exe
  2⤵
  PID:14400
- C:\Windows\System\LHApEyz.exe
  C:\Windows\System\LHApEyz.exe
  2⤵
  PID:14432
- C:\Windows\System\EDgXsnd.exe
  C:\Windows\System\EDgXsnd.exe
  2⤵
  PID:14464
- C:\Windows\System\GLVMhPH.exe
  C:\Windows\System\GLVMhPH.exe
  2⤵
  PID:14496
- C:\Windows\System\oiJaMLT.exe
  C:\Windows\System\oiJaMLT.exe
  2⤵
  PID:14532
- C:\Windows\System\AeSLXqi.exe
  C:\Windows\System\AeSLXqi.exe
  2⤵
  PID:14564
- C:\Windows\System\pEpMmrU.exe
  C:\Windows\System\pEpMmrU.exe
  2⤵
  PID:14596
- C:\Windows\System\mMNIVsG.exe
  C:\Windows\System\mMNIVsG.exe
  2⤵
  PID:14632
- C:\Windows\System\LdKjSuy.exe
  C:\Windows\System\LdKjSuy.exe
  2⤵
  PID:14664
- C:\Windows\System\OLcaJbn.exe
  C:\Windows\System\OLcaJbn.exe
  2⤵
  PID:14696
- C:\Windows\System\SPnXIiL.exe
  C:\Windows\System\SPnXIiL.exe
  2⤵
  PID:14728
- C:\Windows\System\BvATwaT.exe
  C:\Windows\System\BvATwaT.exe
  2⤵
  PID:14760
- C:\Windows\System\ysDxBgL.exe
  C:\Windows\System\ysDxBgL.exe
  2⤵
  PID:14792
- C:\Windows\System\kpnGTyS.exe
  C:\Windows\System\kpnGTyS.exe
  2⤵
  PID:14824
- C:\Windows\System\ZDWyUHJ.exe
  C:\Windows\System\ZDWyUHJ.exe
  2⤵
  PID:14856
- C:\Windows\System\iUJqAjR.exe
  C:\Windows\System\iUJqAjR.exe
  2⤵
  PID:14896
- C:\Windows\System\oOMyWnL.exe
  C:\Windows\System\oOMyWnL.exe
  2⤵
  PID:14928
- C:\Windows\System\VOCpmMa.exe
  C:\Windows\System\VOCpmMa.exe
  2⤵
  PID:14968
- C:\Windows\System\IyZGVnl.exe
  C:\Windows\System\IyZGVnl.exe
  2⤵
  PID:14992
- C:\Windows\System\nuasqHT.exe
  C:\Windows\System\nuasqHT.exe
  2⤵
  PID:15024
- C:\Windows\System\TwioGMt.exe
  C:\Windows\System\TwioGMt.exe
  2⤵
  PID:15056
- C:\Windows\System\pcBImpc.exe
  C:\Windows\System\pcBImpc.exe
  2⤵
  PID:15104
- C:\Windows\System\lnpMhGh.exe
  C:\Windows\System\lnpMhGh.exe
  2⤵
  PID:15120
- C:\Windows\System\bEsYqFJ.exe
  C:\Windows\System\bEsYqFJ.exe
  2⤵
  PID:15152
- C:\Windows\System\yVUXHhi.exe
  C:\Windows\System\yVUXHhi.exe
  2⤵
  PID:15184
- C:\Windows\System\vPTvnVR.exe
  C:\Windows\System\vPTvnVR.exe
  2⤵
  PID:15216
- C:\Windows\System\YomqanY.exe
  C:\Windows\System\YomqanY.exe
  2⤵
  PID:15256
- C:\Windows\System\aBhLfjH.exe
  C:\Windows\System\aBhLfjH.exe
  2⤵
  PID:15280
- C:\Windows\System\ngvMOcQ.exe
  C:\Windows\System\ngvMOcQ.exe
  2⤵
  PID:15312
- C:\Windows\System\ZlxvGfS.exe
  C:\Windows\System\ZlxvGfS.exe
  2⤵
  PID:15344
- C:\Windows\System\VSTLDQq.exe
  C:\Windows\System\VSTLDQq.exe
  2⤵
  PID:14364
- C:\Windows\System\TqwmpFu.exe
  C:\Windows\System\TqwmpFu.exe
  2⤵
  PID:14424
- C:\Windows\System\zMaPIcc.exe
  C:\Windows\System\zMaPIcc.exe
  2⤵
  PID:14476
- C:\Windows\System\wiAUpFq.exe
  C:\Windows\System\wiAUpFq.exe
  2⤵
  PID:14520
- C:\Windows\System\GoQsOSJ.exe
  C:\Windows\System\GoQsOSJ.exe
  2⤵
  PID:14580
- C:\Windows\System\IIRNxlX.exe
  C:\Windows\System\IIRNxlX.exe
  2⤵
  PID:14628
- C:\Windows\System\iDcBzXh.exe
  C:\Windows\System\iDcBzXh.exe
  2⤵
  PID:14688
- C:\Windows\System\IBNvwKi.exe
  C:\Windows\System\IBNvwKi.exe
  2⤵
  PID:14740
- C:\Windows\System\kPcnDbe.exe
  C:\Windows\System\kPcnDbe.exe
  2⤵
  PID:14788
- C:\Windows\System\EtSNbzo.exe
  C:\Windows\System\EtSNbzo.exe
  2⤵
  PID:14844
- C:\Windows\System\UCyiFFW.exe
  C:\Windows\System\UCyiFFW.exe
  2⤵
  PID:14908
- C:\Windows\System\ivQQDYg.exe
  C:\Windows\System\ivQQDYg.exe
  2⤵
  PID:14952
- C:\Windows\System\wAtTzlx.exe
  C:\Windows\System\wAtTzlx.exe
  2⤵
  PID:15016
- C:\Windows\System\HfihEgW.exe
  C:\Windows\System\HfihEgW.exe
  2⤵
  PID:15052
- C:\Windows\System\hdGaqHA.exe
  C:\Windows\System\hdGaqHA.exe
  2⤵
  PID:15084
- C:\Windows\System\NqaQhlA.exe
  C:\Windows\System\NqaQhlA.exe
  2⤵
  PID:15148
- C:\Windows\System\hoiWzcT.exe
  C:\Windows\System\hoiWzcT.exe
  2⤵
  PID:15200
- C:\Windows\System\KRHESFH.exe
  C:\Windows\System\KRHESFH.exe
  2⤵
  PID:2336
- C:\Windows\System\NRwKXGr.exe
  C:\Windows\System\NRwKXGr.exe
  2⤵
  PID:15308
- C:\Windows\System\CXFhbhZ.exe
  C:\Windows\System\CXFhbhZ.exe
  2⤵
  PID:14352
- C:\Windows\System\PuzbFnc.exe
  C:\Windows\System\PuzbFnc.exe
  2⤵
  PID:2472
- C:\Windows\System\mVgUzmP.exe
  C:\Windows\System\mVgUzmP.exe
  2⤵
  PID:14552
- C:\Windows\System\zmwndfU.exe
  C:\Windows\System\zmwndfU.exe
  2⤵
  PID:1832
- C:\Windows\System\xYZciIk.exe
  C:\Windows\System\xYZciIk.exe
  2⤵
  PID:14720
- C:\Windows\System\zbbfRSz.exe
  C:\Windows\System\zbbfRSz.exe
  2⤵
  PID:14836
- C:\Windows\System\grbWrsi.exe
  C:\Windows\System\grbWrsi.exe
  2⤵
  PID:2768
- C:\Windows\System\ARFTyfE.exe
  C:\Windows\System\ARFTyfE.exe
  2⤵
  PID:15004
- C:\Windows\System\YYGNqFg.exe
  C:\Windows\System\YYGNqFg.exe
  2⤵
  PID:1180
- C:\Windows\System\kWjYWCm.exe
  C:\Windows\System\kWjYWCm.exe
  2⤵
  PID:15144
- C:\Windows\System\qntJPGK.exe
  C:\Windows\System\qntJPGK.exe
  2⤵
  PID:15232
- C:\Windows\System\PPlKuwi.exe
  C:\Windows\System\PPlKuwi.exe
  2⤵
  PID:5000
- C:\Windows\System\xBcKdgl.exe
  C:\Windows\System\xBcKdgl.exe
  2⤵
  PID:15304
- C:\Windows\System\meJInmr.exe
  C:\Windows\System\meJInmr.exe
  2⤵
  PID:14416
- C:\Windows\System\kYGknjm.exe
  C:\Windows\System\kYGknjm.exe
  2⤵
  PID:14560
- C:\Windows\System\BCaUjcE.exe
  C:\Windows\System\BCaUjcE.exe
  2⤵
  PID:3088
- C:\Windows\System\mejyuZv.exe
  C:\Windows\System\mejyuZv.exe
  2⤵
  PID:536
- C:\Windows\System\sJaZsEx.exe
  C:\Windows\System\sJaZsEx.exe
  2⤵
  PID:15036
- C:\Windows\System\ssuxGbr.exe
  C:\Windows\System\ssuxGbr.exe
  2⤵
  PID:5424
- C:\Windows\System\qhVzRZA.exe
  C:\Windows\System\qhVzRZA.exe
  2⤵
  PID:5188
- C:\Windows\System\Rdvcpbd.exe
  C:\Windows\System\Rdvcpbd.exe
  2⤵
  PID:2720
- C:\Windows\System\iaGwyZx.exe
  C:\Windows\System\iaGwyZx.exe
  2⤵
  PID:14512
- C:\Windows\System\LZKHVOo.exe
  C:\Windows\System\LZKHVOo.exe
  2⤵
  PID:5300
- C:\Windows\System\ZULouLJ.exe
  C:\Windows\System\ZULouLJ.exe
  2⤵
  PID:5364
- C:\Windows\System\sSlviYs.exe
  C:\Windows\System\sSlviYs.exe
  2⤵
  PID:5652
- C:\Windows\System\nRGUtpc.exe
  C:\Windows\System\nRGUtpc.exe
  2⤵
  PID:15296
- C:\Windows\System\AjoyUns.exe
  C:\Windows\System\AjoyUns.exe
  2⤵
  PID:14676
- C:\Windows\System\fiTJZLe.exe
  C:\Windows\System\fiTJZLe.exe
  2⤵
  PID:14924
- C:\Windows\System\IMHBTNh.exe
  C:\Windows\System\IMHBTNh.exe
  2⤵
  PID:5492
- C:\Windows\System\RbOsNMj.exe
  C:\Windows\System\RbOsNMj.exe
  2⤵
  PID:14708
- C:\Windows\System\fPsUYyS.exe
  C:\Windows\System\fPsUYyS.exe
  2⤵
  PID:5428
- C:\Windows\System\ghlZerv.exe
  C:\Windows\System\ghlZerv.exe
  2⤵
  PID:5944
- C:\Windows\System\mJezCMF.exe
  C:\Windows\System\mJezCMF.exe
  2⤵
  PID:5584
- C:\Windows\System\ZMqSJdr.exe
  C:\Windows\System\ZMqSJdr.exe
  2⤵
  PID:15384
- C:\Windows\System\zoTssNS.exe
  C:\Windows\System\zoTssNS.exe
  2⤵
  PID:15416
- C:\Windows\System\xswKpbT.exe
  C:\Windows\System\xswKpbT.exe
  2⤵
  PID:15448
- C:\Windows\System\NlXjINr.exe
  C:\Windows\System\NlXjINr.exe
  2⤵
  PID:15480
- C:\Windows\System\HjRLleM.exe
  C:\Windows\System\HjRLleM.exe
  2⤵
  PID:15512
- C:\Windows\System\krMKKtl.exe
  C:\Windows\System\krMKKtl.exe
  2⤵
  PID:15544
- C:\Windows\System\CJtvsFv.exe
  C:\Windows\System\CJtvsFv.exe
  2⤵
  PID:15592
- C:\Windows\System\KahiLLQ.exe
  C:\Windows\System\KahiLLQ.exe
  2⤵
  PID:15608
- C:\Windows\System\cjRFkER.exe
  C:\Windows\System\cjRFkER.exe
  2⤵
  PID:15648
- C:\Windows\System\eNkjnhW.exe
  C:\Windows\System\eNkjnhW.exe
  2⤵
  PID:15676
- C:\Windows\System\fqklzDG.exe
  C:\Windows\System\fqklzDG.exe
  2⤵
  PID:15708
- C:\Windows\System\kWmdvFh.exe
  C:\Windows\System\kWmdvFh.exe
  2⤵
  PID:15740
- C:\Windows\System\SRjRANn.exe
  C:\Windows\System\SRjRANn.exe
  2⤵
  PID:15772
- C:\Windows\System\klienQY.exe
  C:\Windows\System\klienQY.exe
  2⤵
  PID:15796
- C:\Windows\System\IAMEpQi.exe
  C:\Windows\System\IAMEpQi.exe
  2⤵
  PID:15836
- C:\Windows\System\SSLUcTO.exe
  C:\Windows\System\SSLUcTO.exe
  2⤵
  PID:15868
- C:\Windows\System\KIbPoKD.exe
  C:\Windows\System\KIbPoKD.exe
  2⤵
  PID:15900
- C:\Windows\System\QmUhdbE.exe
  C:\Windows\System\QmUhdbE.exe
  2⤵
  PID:15932
- C:\Windows\System\SOGYvxJ.exe
  C:\Windows\System\SOGYvxJ.exe
  2⤵
  PID:15964
- C:\Windows\System\wZmLplG.exe
  C:\Windows\System\wZmLplG.exe
  2⤵
  PID:15996
- C:\Windows\System\czBWsLl.exe
  C:\Windows\System\czBWsLl.exe
  2⤵
  PID:16028
- C:\Windows\System\wTjEQPD.exe
  C:\Windows\System\wTjEQPD.exe
  2⤵
  PID:16060
- C:\Windows\System\BhWqAsk.exe
  C:\Windows\System\BhWqAsk.exe
  2⤵
  PID:16096
- C:\Windows\System\ClePjxl.exe
  C:\Windows\System\ClePjxl.exe
  2⤵
  PID:16128
- C:\Windows\System\sGzffiO.exe
  C:\Windows\System\sGzffiO.exe
  2⤵
  PID:16160
- C:\Windows\System\exjpeIV.exe
  C:\Windows\System\exjpeIV.exe
  2⤵
  PID:16192
- C:\Windows\System\doudaYo.exe
  C:\Windows\System\doudaYo.exe
  2⤵
  PID:16224
- C:\Windows\System\aInAiMx.exe
  C:\Windows\System\aInAiMx.exe
  2⤵
  PID:16256
- C:\Windows\System\Fnseemk.exe
  C:\Windows\System\Fnseemk.exe
  2⤵
  PID:16288
- C:\Windows\System\EDYXtIj.exe
  C:\Windows\System\EDYXtIj.exe
  2⤵
  PID:16320
- C:\Windows\System\RXLjqBt.exe
  C:\Windows\System\RXLjqBt.exe
  2⤵
  PID:16352
- C:\Windows\System\LTZefTV.exe
  C:\Windows\System\LTZefTV.exe
  2⤵
  PID:5996
- C:\Windows\System\RzqMmwk.exe
  C:\Windows\System\RzqMmwk.exe
  2⤵
  PID:15400
- C:\Windows\System\JUoOABW.exe
  C:\Windows\System\JUoOABW.exe
  2⤵
  PID:15464
- C:\Windows\System\WaFbjPN.exe
  C:\Windows\System\WaFbjPN.exe
  2⤵
  PID:6108
- C:\Windows\System\vpnCEwK.exe
  C:\Windows\System\vpnCEwK.exe
  2⤵
  PID:15568
- C:\Windows\System\MVHukQs.exe
  C:\Windows\System\MVHukQs.exe
  2⤵
  PID:15600
- C:\Windows\System\NTHrXLE.exe
  C:\Windows\System\NTHrXLE.exe
  2⤵
  PID:5256
- C:\Windows\System\bqKFibt.exe
  C:\Windows\System\bqKFibt.exe
  2⤵
  PID:5304
- C:\Windows\System\kObGkzl.exe
  C:\Windows\System\kObGkzl.exe
  2⤵
  PID:15736
- C:\Windows\System\qpNuHsP.exe
  C:\Windows\System\qpNuHsP.exe
  2⤵
  PID:15804
- C:\Windows\System\iOCahHn.exe
  C:\Windows\System\iOCahHn.exe
  2⤵
  PID:5476
- C:\Windows\System\iiHTblZ.exe
  C:\Windows\System\iiHTblZ.exe
  2⤵
  PID:15892
- C:\Windows\System\sxzdIpe.exe
  C:\Windows\System\sxzdIpe.exe
  2⤵
  PID:5636
- C:\Windows\System\UoWQrvb.exe
  C:\Windows\System\UoWQrvb.exe
  2⤵
  PID:5668
- C:\Windows\System\bLCFoSD.exe
  C:\Windows\System\bLCFoSD.exe
  2⤵
  PID:16020
- C:\Windows\System\KoEOJQp.exe
  C:\Windows\System\KoEOJQp.exe
  2⤵
  PID:16072
- C:\Windows\System\gIPaSkg.exe
  C:\Windows\System\gIPaSkg.exe
  2⤵
  PID:16120
- C:\Windows\System\xPahPYC.exe
  C:\Windows\System\xPahPYC.exe
  2⤵
  PID:16172
- C:\Windows\System\DyoUiKM.exe
  C:\Windows\System\DyoUiKM.exe
  2⤵
  PID:6024
- C:\Windows\System\fQebnvc.exe
  C:\Windows\System\fQebnvc.exe
  2⤵
  PID:3968
- C:\Windows\System\gZrvxUF.exe
  C:\Windows\System\gZrvxUF.exe
  2⤵
  PID:3112
- C:\Windows\System\ufODvvF.exe
  C:\Windows\System\ufODvvF.exe
  2⤵
  PID:16316
- C:\Windows\System\eMUdPgd.exe
  C:\Windows\System\eMUdPgd.exe
  2⤵
  PID:16364
- C:\Windows\System\YszbRUH.exe
  C:\Windows\System\YszbRUH.exe
  2⤵
  PID:6016
- C:\Windows\System\evNMpSE.exe
  C:\Windows\System\evNMpSE.exe
  2⤵
  PID:15460
- C:\Windows\System\aHLftbe.exe
  C:\Windows\System\aHLftbe.exe
  2⤵
  PID:15504
- C:\Windows\System\HsqiUDx.exe
  C:\Windows\System\HsqiUDx.exe
  2⤵
  PID:15584
- C:\Windows\System\DnQIhCX.exe
  C:\Windows\System\DnQIhCX.exe
  2⤵
  PID:5780
- C:\Windows\System\FUthuzM.exe
  C:\Windows\System\FUthuzM.exe
  2⤵
  PID:15688
- C:\Windows\System\bBCyDTT.exe
  C:\Windows\System\bBCyDTT.exe
  2⤵
  PID:5324
- C:\Windows\System\zFPlhdO.exe
  C:\Windows\System\zFPlhdO.exe
  2⤵
  PID:3776
- C:\Windows\System\QpqbKNj.exe
  C:\Windows\System\QpqbKNj.exe
  2⤵
  PID:5512
- C:\Windows\System\HSyozPm.exe
  C:\Windows\System\HSyozPm.exe
  2⤵
  PID:5576
- C:\Windows\System\TKyMgJZ.exe
  C:\Windows\System\TKyMgJZ.exe
  2⤵
  PID:16008
- C:\Windows\System\wcWhIBV.exe
  C:\Windows\System\wcWhIBV.exe
  2⤵
  PID:16052
- C:\Windows\System\OXWNCHf.exe
  C:\Windows\System\OXWNCHf.exe
  2⤵
  PID:1028
- C:\Windows\System\NSUcKmK.exe
  C:\Windows\System\NSUcKmK.exe
  2⤵
  PID:1628
- C:\Windows\System\XBNVxai.exe
  C:\Windows\System\XBNVxai.exe
  2⤵
  PID:5968
- C:\Windows\System\tAszuKz.exe
  C:\Windows\System\tAszuKz.exe
  2⤵
  PID:16252
- C:\Windows\System\sGGgMbB.exe
  C:\Windows\System\sGGgMbB.exe
  2⤵
  PID:16312
- C:\Windows\System\LUARNRo.exe
  C:\Windows\System\LUARNRo.exe
  2⤵
  PID:3204
- C:\Windows\System\EuTqQfW.exe
  C:\Windows\System\EuTqQfW.exe
  2⤵
  PID:15428
- C:\Windows\System\Caulyuh.exe
  C:\Windows\System\Caulyuh.exe
  2⤵
  PID:3404
- C:\Windows\System\OSOVRzD.exe
  C:\Windows\System\OSOVRzD.exe
  2⤵
  PID:6284
- C:\Windows\System\tzqlMBM.exe
  C:\Windows\System\tzqlMBM.exe
  2⤵
  PID:4480
- C:\Windows\System\mObnbmG.exe
  C:\Windows\System\mObnbmG.exe
  2⤵
  PID:800
- C:\Windows\System\AcjVbQZ.exe
  C:\Windows\System\AcjVbQZ.exe
  2⤵
  PID:15768

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDQyRkNBNjItNDM5QS00OTI4LUJBMzMtNTEzODQzRjM2OUM4fSIgdXNlcmlkPSJ7N0Y0MEQ1RDYtOUMyNy00RDcyLUE1NzEtMjM1RkJCMTREMDgxfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MEE5MzdEQzQtQjA1Mi00MjRELUIzNDQtQjJCRDdGRjE0QzE0fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODM0MTAiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NTUzNjg2NzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0NzI5ODkxMzA4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AMvJZTv.exe

Filesize
5.7MB

MD5
069c44c9a4a228ea2806911c5be30261

SHA1
df1c8cd55eaa981c28d8786bec195fb4246280cf

SHA256
c0530ff77f5376aeaa5cc6e3c0580a0632c5e9c42248ffdc8699e56305cc040d

SHA512
4fc8e9a8e06d0e59a757e8a3a9cb02cd82cc8c8ea456760ca3fb530d7cdd701a3d6b6a384358feed43bbeed9885e7258fdf44d23d768dbe8e540384709a660fa

Download Submit
C:\Windows\System\AxBMJAA.exe

Filesize
5.7MB

MD5
74bba1953ecf65ebd30a72d513af9263

SHA1
bd97c8e8a15f87510c8d110f8981432984b6abfa

SHA256
504940c1507133c0bc339c0e3bc0439251d5d1fbbbb9936242581e90f64fe246

SHA512
d6eaf575761db46acc7b4634c769ddb8ae599a6089914c79b5f1797baf88bf7352b1de9dd23f096d9768d4e39ea0d0ee8866cf23e449b479c2336909ace3ef2e

Download Submit
C:\Windows\System\DXzTvfm.exe

Filesize
5.7MB

MD5
c5c1a0de2a0a3565486c1c38482784f7

SHA1
a321ece33d2d72cc1be0f161156f489a4859a470

SHA256
ad92ba61d537a473c706729f291403ce3f50675351b82abcbcc19addced4a6d6

SHA512
e3a90277a297bcc735e5abdbfbbcfdca38c9977e0828b5d04e5b293601e508876902a12b09894d7a9e754d4394ec75cb3f760b6d1e1eec9254a51cb3134e78a8

Download Submit
C:\Windows\System\DkNtiaa.exe

Filesize
5.7MB

MD5
b124c6112c805308d824f518d01f733c

SHA1
6d8955781ae526630f831beea9348eeb92132885

SHA256
42b6600317ad9fff9849c42ae31d5df5d953d57c0277047ba996cf9a4bcdce30

SHA512
8e30ee67143a515899b39cce98bf48c9cb1de4aceb6ddf0fe2c0412c91fe68ac58443a996f09bff1a6154866fe71a642b770925632ee5f9147ebd7d9f398520c

Download Submit
C:\Windows\System\EGYjDTc.exe

Filesize
5.7MB

MD5
b25e2e58fcb2cdf4e8d85cca5107c81f

SHA1
706def799b6950cf37eb867c33604f12b321ae02

SHA256
19730080ef622319b998bbb88b9e93545b9c50454f8e92500cb4dc7d0545e410

SHA512
c99e6ebd6854a9f97543aa6aa9aa750683d42592a1d966b8a8b256769d4ebfe010494b3b8b49efa4a386cf6a7ddda8528047ab37001bf9d683765eaca13a52b4

Download Submit
C:\Windows\System\FuJElKR.exe

Filesize
5.7MB

MD5
ab415a95b1fd993664c21be24b523c65

SHA1
317505a1f8fc7472dd1307b828df0a83a9ee9c21

SHA256
1e8ed1740b407d941e3acef334514b5f65d665d054301d6df56640b6f9532e49

SHA512
ef0c84aed592ce56d9f1c7d1ea614e6c1266e29f357a9c93b52d86e175b2591fca08a1c33aa27aac0d2a9d4f8444b82b1f4c4771aa874a344cfbd719df69ef02

Download Submit
C:\Windows\System\GtmfWRT.exe

Filesize
5.7MB

MD5
0f6825a9c1ac47f4eea24e5e254be856

SHA1
3d4f0f6fd75b7b431fe8c7c3c7b897f6b60acc87

SHA256
870af48a31399f8adc1a9b68ca9044d8a9dcea59618b989cc4195de61f23190d

SHA512
f7746c0206ca298c17630bd59255bf14a215eb9e63dcf95faa59368221817634abdbfc8cb8e1b69491cd1acf020c5ac4e1de6c2e5b7299aec5eedf4149f1cb0d

Download Submit
C:\Windows\System\IkziMrL.exe

Filesize
5.7MB

MD5
9f1c4578f9d82744c5e78f32e8c2dcb9

SHA1
d263b4b51842492190dc0f777bbc5ac499715759

SHA256
e2cc4d55636d68575a20f1bcf76461abb14f41e2427da11a674928de14e73c76

SHA512
ea51c6947be441ea6bc857aad92a86dda809a4ab38290788b624885bf6d0998c9805a6f60be1a6d2023fc75767b58763edee6fb0e07149dccaab8d9b6dc8efa2

Download Submit
C:\Windows\System\MvUYBRN.exe

Filesize
5.7MB

MD5
80db3ce051585e94a58c442e8408b856

SHA1
82064a6cddea3bee5d9f8a96f2d7ef2287c58a54

SHA256
8d7a6aa1b4b7b0d1eb21bdf4ecd9a8410c188bb2a29d607469e4c2ddbb965d16

SHA512
be8ce8a17e68333d7cf7d13b902fe3fef90c12361c636be23f45e9acc7b31fa419d062b59f63f237919e13ee8e9ac338f79bedd34dc7739378ac9bda2e1018c6

Download Submit
C:\Windows\System\NdyTnIG.exe

Filesize
5.7MB

MD5
8ccaf339dca52bca99c601d25588a247

SHA1
a8a42da29d417ca3ba894fb5d8b8669c6f80510c

SHA256
cd8e801205dd1ed640b84245c2c9712cb9ccee4e104f89f292d03d37b608fac5

SHA512
3ccb43ee15b47ffc6f3aa8839622ee187f2f95daf1be305a5397276cc058ae96ff98843e954bb99f45d56aa709f12a5106ff4dbcd0357573fd232438bb37b610

Download Submit
C:\Windows\System\OWuCzTs.exe

Filesize
5.7MB

MD5
2f4c1d99f01de65ed90ff994faeef0df

SHA1
64ff8c8fedaa4dc9cb1d18ddcec0af9aab57925b

SHA256
4c71e4e1cdf625c5dc0906fda5473fe2ab069764e6f60baa8523687a6652e372

SHA512
cc3f113dd7b897dc03cba7bde271c232cfd47f1fd8359b987c5403cd3ba80e2a1972e613b1f50bae8f81c6d063d181cdbe8afc727ea9ef3fa5f7b8921d4bd801

Download Submit
C:\Windows\System\Oybkkag.exe

Filesize
5.7MB

MD5
af80a454389de5e6b4a3b1dd503ab0ac

SHA1
47c3cc99153f7fe5817ef2dd7248227b531069c0

SHA256
d0f2d4b2ad7a11b95c496c464811aa62ee7a4e677875373733d6db924c0a454d

SHA512
ea98fbaa340471a92d4a28191f5656696afabc4ac3f9d90190f260fda10aa0017ae6d462006e5b9cf789dbaa8ff1e49a49a9482894066d9dc9f6de8c74bb9632

Download Submit
C:\Windows\System\SCfGmJI.exe

Filesize
5.7MB

MD5
9ed300e63a455de1d0bf83f12c9b9504

SHA1
b4b115ab967cd55db3189d363bba3484a80fc1c7

SHA256
2b6dc964a72f1b41b1a08cd640824ad9f8203cca398f3b67ba8da56c9d5af47c

SHA512
e407f0d7f3fd9343dff1a408d79d45ac767bd4c5b5ee3dc21f9812a2819604700d2c7b6e60a14f8cf4548d1696fe5d40b92a5f8555c17d24a5326e5b66f29955

Download Submit
C:\Windows\System\Twoydub.exe

Filesize
5.7MB

MD5
a3ec18596f48abc114b1cc2cbac1cda7

SHA1
1a665f79b19d39f4fed669ecb7a46210f53d8507

SHA256
2a778a4365ecb404584604e4042b32650e2e6e82c2a53c6da4f9f0263e3448e2

SHA512
8ed594a5a268d0e58ccbe9b169b807d80d3373ca550505f00ad800a065bf81fadbfda50ff2afca7fb417176e29a6c4910e81db40280a32757fa2f0eb1778ca1a

Download Submit
C:\Windows\System\TzjHACV.exe

Filesize
5.7MB

MD5
e4d3aa9061839d7e1fbbb79d2287f38f

SHA1
adbe1ea76ab386c6c2d068e7c705a9aab069c447

SHA256
bfc20827bac87e644a2a3315b7dbd9d1a01c5b847ae297612e5e8bf3cd6e45f5

SHA512
fc242d3c37265598dd6c935559899d26560955255558754d9b461a8389be8e388567ae71f3a44bd8bb06637073abdf46171199124228c61e9980ef57106e5af7

Download Submit
C:\Windows\System\VMbltif.exe

Filesize
5.7MB

MD5
f3c033df25e6408fcbad3db1d8e754b1

SHA1
512eb7512feffae105dca9c19f7742033015a6c9

SHA256
a8ff8d713f3103b9a6abfb0d9fea9a6ad3c89474c11a4816e67ad9e2988ac5b6

SHA512
fcaf96bcaa9dd8cd0d1da22a1cb339f937ca3973eaadbf6f3fbf8d95f8afcb60137943299616ed6a1bdc2fec5ea4eed86fb152637c60bd1d2e76d91c0f74233b

Download Submit
C:\Windows\System\ZuOcnzz.exe

Filesize
5.7MB

MD5
fed385e58264f21b059a52c910970d60

SHA1
1dbfe27d520711fa43d53c6aa5654671f21da41b

SHA256
90f64202f3b0053614ea9e66659043caffb1f358e290a196216803993abb95b2

SHA512
72d936a3e131a119828fca186620d9a68e21be6362e3a8deccd06992a3e47d09a21c997d76b8bc23f137c0c5d2a711fc3cd98eb05176d0b0da52334904f5d25c

Download Submit
C:\Windows\System\cShxlVA.exe

Filesize
5.7MB

MD5
a629d44feebf62c4449b9cde27c1e537

SHA1
803c18f09d7bde3cb04376db9de110f040603954

SHA256
9ea9ee9e2ceafca40f2f069a2cf981b6304a35d9846a2a890c238aa6d933debb

SHA512
548e816da0492ebad48646dfc7aee6334fe6209b35b3eb687cd4ff03f83f7bafa83e9f77f0836cc19395dff39e6fb18cfee9b68eda9e46cd7366382d35c05a00

Download Submit
C:\Windows\System\dgQUtVh.exe

Filesize
5.7MB

MD5
07d80d03dc9014e38f061e04e20235b4

SHA1
7c1da76b93e9edaf442524871b385625e326c91b

SHA256
268ab962ba73deb46cbc4e897d2615296196d836a6798c9da7d9a15e07a3ac25

SHA512
0c4ee9b52feb49e15f68419f49a71fdb9b0dfcc96df5121c4d934a298bf131fff8ea73c4bded7898052ad42561640fa1dc8eaeee97465a2e77ba05fb3c50a001

Download Submit
C:\Windows\System\gjFJkTZ.exe

Filesize
5.7MB

MD5
c8228be5de89815a607cf72e277cb27e

SHA1
5ab4d08ebb0d60ea2364d2a8f8b6307aca70800c

SHA256
ab6def6034e37cd40c4a743356cef282d38bd23f4642ed900e24f499f9543ad7

SHA512
3c0c1eacb14796be7407c56669b600ec37eb98f2859fe2f3cb2368825fd69b18c4e1673d75f08fd53c56f0cc59aa8d5a66476d392b8350a6a11e54ce46c8cd60

Download Submit
C:\Windows\System\mRiLZUt.exe

Filesize
5.7MB

MD5
f9d9b1a2f4fed60b62f10b45625a6a6e

SHA1
41732b772c929b2c72573876ce6a3607c108ad6f

SHA256
e45e7ca0e3ed014dbf51e8fea42dccb0c23addc058f4668aed4fd698f5d61833

SHA512
57823c6174671496c946065edba6e261c5131901c4ec3098f3795b8285f548797c546e86864fc51dc44293729f03589cc6203a001c3b9480937411b8594dc464

Download Submit
C:\Windows\System\nekoMnG.exe

Filesize
5.7MB

MD5
4f6ad60ebe9aacb03de4c76ae96de4cc

SHA1
6000f0f3da71f92de5414fd850fe64f5f001dc26

SHA256
6d55d44d69bd316a6f26781b4b3bd38c65e7f4721bc56768f776130d917197db

SHA512
40abbd49ed3e5239606b01124212f25d803779651980b0bc5beba1b0e5b69d306b687d446d79a20986c9c96a46c1d83d311cad3ea3a6375697496d11f98f7c60

Download Submit
C:\Windows\System\nsepZKT.exe

Filesize
5.7MB

MD5
b5df114f3fa693cdbd30b0149cc8a6fc

SHA1
6123e40c2da0aa119efb17f26cd23ea89cae2fa3

SHA256
e2d2fb78161bfbbdcc2d888448c72dbd344f38136e7fccc4ec77bcf873e35045

SHA512
15a7406c2df2e00e90a76530dc44bfea4ddc9ab0c09a4669c18f5e32fc9aab9163575026171a59d388948e439a6f2adab26e8f6913d3a89b516072b52f169e0c

Download Submit
C:\Windows\System\qCLLrwg.exe

Filesize
5.7MB

MD5
70e796ca6d83e5bc1ee9a4542e4f7c64

SHA1
ae35cddc1bc5e0b7b99d70ee7f295e367910008d

SHA256
fab2ddc7f4ec43ebb19bd98c72a1c2eeaea869f824026b566c614ea18364b4b6

SHA512
03c8f21e60ecb5aa37029d543f7150b2b8660317c064bc9482f089571b213fe4bba18056196fd6018813457b6771e9e008b7076738d0dd4c1e53c1a007dc688c

Download Submit
C:\Windows\System\rYIOCkQ.exe

Filesize
5.7MB

MD5
654297c0fe0ee78443443c6dcf9cfe89

SHA1
611f848cd58f9f608ee89c1cbc5de4bbb721acd0

SHA256
069c7913e74fbfd44906ab3d4a6d40ec43bac48d70cb1c10ffa0f2717e91f969

SHA512
7ff57731836e8fb7d2acfea88905444fecd5ff44beee0fcbeeed0b22c464e143fbc11599aff5a5257f92a293de50cbfa8544bb6e0d4eb29adf9d2d128cd43f5c

Download Submit
C:\Windows\System\twkyiyI.exe

Filesize
5.7MB

MD5
07d3c081fa72cfb4bee6ab2138574b08

SHA1
0996c775a496120d4e295e5818519b4c04dcb36c

SHA256
4ce89598e2dc3b929fea9f37ec7c3954beae0bc11a8597a00b4c1ae97fbcf701

SHA512
f8347019a1e8a27de4643fa06b1872e1f0b2aa75a0994f63655dee0f0bddcb85acc3700c6242479fbe766baa1696da660674187f9b17d201a11b3c0dfeff5d23

Download Submit
C:\Windows\System\uGbKQYa.exe

Filesize
5.7MB

MD5
57b770a1addc7d8bce62e6df37fd080c

SHA1
c24abbe5a49b0d91d64108bb901681f57f4278ef

SHA256
bd3ef7a49ef232f00b6975fc0e50eaf6ba3ffca7eb84801b22433463f12c979c

SHA512
b5a90926ef3d8e676cef3039822281196bcdd4d0fe65cb09aedc8464ed3522f9610442a7f3eb57881eb226e8c33a85844e5eb0a34beacedaf3ec602f09c540a9

Download Submit
C:\Windows\System\wCmPvyT.exe

Filesize
5.7MB

MD5
46e713166246405b8302d06d18606dc5

SHA1
7d9343bc07100bbd5b2a5e1671ed66c2b7ea4c73

SHA256
69909db4632a98d8a2ec3db6d4315a1dcf45242326d8db8693007f18798df29e

SHA512
e07580d2099d028e2f56325f1bd300f7101c69cb6cd1a3d331a047eb403b73c619570a14f8960c079fd572af6f42cfcd59453b201ef797851f78e2d43fb5ff5e

Download Submit
C:\Windows\System\wbbxegm.exe

Filesize
5.7MB

MD5
7f2c719d00e7c8c145d3a3b5783f437b

SHA1
3fddde9d58626dae1777ae5cdf020d8606486b63

SHA256
1993391a3a23015657fa7d74ea80ec87bae8319d866d0d8f16e41e7d61619c2b

SHA512
24f3c10b9e3cc05f8c2c352e3c86d0f813fd8ba2fd8e1051d9be48e7668b05bf8bfb9ce61b3bd249211d0e6aa4451ef272e646614dd3e883c921cbb089837060

Download Submit
C:\Windows\System\whMxusd.exe

Filesize
5.7MB

MD5
6789d8211138a31e493cc10934825a07

SHA1
195ef83863143dcc21377086c43b78de571b0e90

SHA256
5cb5905ab37003ab04a65f3bb8b5109d3a79ab26498170b76911efe8fda06b7d

SHA512
ea91e8c91646bcbc1ca6278cb9a2f8dce5adb8be74b066f7437dda4f8c06ddb74448cea1e19b5099972ffe5dc766fcc8d1f3704038903b7e1ab46b13be07720a

Download Submit
C:\Windows\System\zijwKBt.exe

Filesize
5.7MB

MD5
ee120feb4d8b7beb7a622b8cb05cbe7f

SHA1
2da0aa59153c097a3d47f10e3e7e909004da40b9

SHA256
ebe58496ecc1d47e9222dea16b099599f6dda0567d491787d57987fe7875d0ab

SHA512
bdd67e59b34fea64096fbad134795054b5bb0d1e8ddf40ad0e6d0f36f3086be74ba90168ff3d50b839f5d563b3e3970a3e75144aee073e35e67197944463f678

Download Submit
C:\Windows\System\zqwPMKD.exe

Filesize
5.7MB

MD5
73ec028ac812ef61fdde61e03d9e1437

SHA1
c1caa7937daf08e9dee9d63ae6d038bcaa90c206

SHA256
62a0420547ed82a5f784be32af7bd03578220ab419374844e5f9e3ffd21d220e

SHA512
517a9779ff38c1b965205dde88fa778d278a416ab0f8e699d41105df805e79878249e23ac35b0ceccedc4a0526a5a8f18e0cd6cc3f12f6aa6d8265ddba32cc79

Download Submit
memory/212-157-0x00007FF6DDBE0000-0x00007FF6DDF2D000-memory.dmp

Filesize
3.3MB

Download
memory/1192-58-0x00007FF729060000-0x00007FF7293AD000-memory.dmp

Filesize
3.3MB

Download
memory/1276-51-0x00007FF6418E0000-0x00007FF641C2D000-memory.dmp

Filesize
3.3MB

Download
memory/1348-25-0x00007FF7FA240000-0x00007FF7FA58D000-memory.dmp

Filesize
3.3MB

Download
memory/1604-63-0x00007FF647D60000-0x00007FF6480AD000-memory.dmp

Filesize
3.3MB

Download
memory/1704-187-0x00007FF6D97F0000-0x00007FF6D9B3D000-memory.dmp

Filesize
3.3MB

Download
memory/2324-111-0x00007FF6665E0000-0x00007FF66692D000-memory.dmp

Filesize
3.3MB

Download
memory/2400-149-0x00007FF763EB0000-0x00007FF7641FD000-memory.dmp

Filesize
3.3MB

Download
memory/2772-162-0x00007FF6C9B50000-0x00007FF6C9E9D000-memory.dmp

Filesize
3.3MB

Download
memory/2864-7-0x00007FF66FCA0000-0x00007FF66FFED000-memory.dmp

Filesize
3.3MB

Download
memory/3000-151-0x00007FF6CC020000-0x00007FF6CC36D000-memory.dmp

Filesize
3.3MB

Download
memory/3144-168-0x00007FF622A90000-0x00007FF622DDD000-memory.dmp

Filesize
3.3MB

Download
memory/3164-1-0x000001B34C9E0000-0x000001B34C9F0000-memory.dmp

Filesize
64KB

Download
memory/3164-0-0x00007FF663130000-0x00007FF66347D000-memory.dmp

Filesize
3.3MB

Download
memory/3260-31-0x00007FF696E90000-0x00007FF6971DD000-memory.dmp

Filesize
3.3MB

Download
memory/3336-133-0x00007FF7F0080000-0x00007FF7F03CD000-memory.dmp

Filesize
3.3MB

Download
memory/3360-19-0x00007FF6E6150000-0x00007FF6E649D000-memory.dmp

Filesize
3.3MB

Download
memory/3376-46-0x00007FF7A06E0000-0x00007FF7A0A2D000-memory.dmp

Filesize
3.3MB

Download
memory/3412-88-0x00007FF649D80000-0x00007FF64A0CD000-memory.dmp

Filesize
3.3MB

Download
memory/3452-119-0x00007FF6B8B10000-0x00007FF6B8E5D000-memory.dmp

Filesize
3.3MB

Download
memory/3520-81-0x00007FF6CB080000-0x00007FF6CB3CD000-memory.dmp

Filesize
3.3MB

Download
memory/3544-123-0x00007FF756590000-0x00007FF7568DD000-memory.dmp

Filesize
3.3MB

Download
memory/3684-74-0x00007FF67DAF0000-0x00007FF67DE3D000-memory.dmp

Filesize
3.3MB

Download
memory/3956-180-0x00007FF74C010000-0x00007FF74C35D000-memory.dmp

Filesize
3.3MB

Download
memory/3984-13-0x00007FF613AE0000-0x00007FF613E2D000-memory.dmp

Filesize
3.3MB

Download
memory/4264-175-0x00007FF653310000-0x00007FF65365D000-memory.dmp

Filesize
3.3MB

Download
memory/4312-37-0x00007FF713970000-0x00007FF713CBD000-memory.dmp

Filesize
3.3MB

Download
memory/4396-70-0x00007FF721270000-0x00007FF7215BD000-memory.dmp

Filesize
3.3MB

Download
memory/4484-97-0x00007FF7CD0B0000-0x00007FF7CD3FD000-memory.dmp

Filesize
3.3MB

Download
memory/4528-91-0x00007FF7087F0000-0x00007FF708B3D000-memory.dmp

Filesize
3.3MB

Download
memory/4672-139-0x00007FF6C3D10000-0x00007FF6C405D000-memory.dmp

Filesize
3.3MB

Download
memory/4904-103-0x00007FF6199E0000-0x00007FF619D2D000-memory.dmp

Filesize
3.3MB

Download
memory/4968-127-0x00007FF67D320000-0x00007FF67D66D000-memory.dmp

Filesize
3.3MB

Download